glk
commented
8 years ago pefs has been broken since sendfile merge in December. I've been busy lately at work so fix is getting delayed. Could post a backtrace, it has never paniced for me.
Closed nakal closed 8 years ago
glk
commented
8 years ago pefs has been broken since sendfile merge in December. I've been busy lately at work so fix is getting delayed. Could post a backtrace, it has never paniced for me.
nakal
commented
8 years ago I said "it seems" not sure. It happens when I start a script from pefs-mounted fs:
db_trace_self_wrapper() at db_trace_self_wrapper+0x2b/frame 0xfffffe
0466d7a410
vpanic() at vpanic+0x182/frame 0xfffffe0466d7a490
kassert_panic() at kassert_panic+0x126/frame 0xfffffe0466d7a500
exec_map_first_page() at exec_map_first_page+0x4b1/frame 0xfffffe046
6d7a5d0
kern_execve() at kern_execve+0x39e/frame 0xfffffe0466d7a920
sys_execve() at sys_execve+0x4c/frame 0xfffffe0466d7a9a0
amd64_syscall() at amd64_syscall+0x2db/frame 0xfffffe0466d7aab0
Xfast_syscall() at Xfast_syscall+0xfb/frame 0xfffffe0466d7aab0
--- syscall (59, FreeBSD ELF64, sys_execve), rip = 0x800de847a, rsp
= 0x7fffffffbd18, rbp = 0x7fffffffbdc0 ---
KDB: enter: panicThe module also does not kldload unless you link with the old sha512.c.
glk
commented
8 years ago That is the same problem I observe. I'm intentionally not fixing sha512.c until the actual problem is resolved. I'd rather have it fail to compile instead of randomly panicing for user. sha512 part is trivial.
glk
commented
8 years ago I've committed a workaround for the panic in bf43969dd1e3bb15dcc8cba10d54244f996ad19d. The actual bug is in FreeBSD. Could you please verify that 0c5d5c962c08d1fbbb3d252c8e6ec4e84c70c397 fixes both sha512 compilation and panic issues for you.
Thanks.
nakal
commented
8 years ago I tried to install according to README and got this:
===> lib/libpam/modules/pam_pefs (all)
building shared library pam_pefs.so.5
cc -Wl,--version-script=Version.map -fstack-protector-strong shared -Wl,-x -Wl,--fatal-warnings -Wl,--warn-shared-textrel -o pam_pefs.so.5.full -Wl,-soname,pam_pefs.so.5 `NM='nm' NMFLAGS='' lorder pam_pefs.So pefs_key.So pefs_keychain.So pefs_subr.So rijndael-api.So rijndael-api-fst.So rijndael-alg-fst.So sha512c.So hmac_sha512.So pbkdf2_hmac_sha512.So crypto_verify_bytes.So | tsort -q` -lutil
/usr/bin/ld: cannot open linker script file Version.map: No such file or directory
cc: error: linker command failed with exit code 1 (use -v to see invocation)
*** Error code 1
Stop.
make[1]: stopped in /root/pefs/lib/libpam/modules/pam_pefs
*** Error code 1
Stop.
make: stopped in /root/pefs3da5d11f71f2ec7467b1ed7a44cf686728fde9ba should fix the build.
nakal
commented
8 years ago The patch works. Now I can start my script correctly without a panic. Also no problems with accessing the pefs encrypted fs so far. Thank you.
Btw, there is still a LOR against ZFS reported when WITNESS is enabled, but it is probably a different issue.
It seems that pefs-kmod does not compile on FreeBSD 11-CURRENT. After applying a small fix, it also seems to panic while executing shell scripts on a pefs mount.
Are you going to fix it or is this project abandoned?