when a device veriexec monitors is opened for raw access, if the action
is not denied then all fingerprints on the device are (for now, this is
ugly) invalidated.

the chain of spec_open -> kauth_authorize_action -> veriexec_raw_cb
shows that in the trace. the latter calls fileassoc_table_run with
veriexec_purge as the callback. what the former does is call the
provided callback for each entry in the table, for the given fileassoc
(veriexec in our case). the argument passed to the callback is the
entry itself (struct veriexec_file_entry).

without the patch, veriexec_purge assumes the argument is a vnode
pointer because it's an external interface. with the patch, a
different function is passed that treats the argument like it should.
so the fault should not happen.

I have successfully reproduced the fault & the patch posted by blymn@
solves the issue. so I'm either completely off with the above analysis
as the cause of the problem or you did not apply it correctly, built
with the patch, or booted the right kernel.

so please verify your process & report back to hq. :)

-e.

Scott Ellis wrote:
> Brett Lymn wrote:
>  > Which helped a lot, thanks.  Can you try the attached patch and see if
>> it fixes your problem?
> 
> Doesn't seem to change anything...
> 
> [snip]
> Starting ntpd.
> Starting powerd.
> Starting sshd.
> Restoring mixer settings: mixer0kernel: protection fault trap, code=0
> Stopped in pid 1525.1 (raidctl) at
> netbsd:specificdata_getspecific+0x12:   c
> mpq     0(%rax),%rdx
> db> bt
> specificdata_getspecific() at netbsd:specificdata_getspecific+0x12
> fileassoc_file_lookup() at netbsd:fileassoc_file_lookup+0x1c
> fileassoc_lookup() at netbsd:fileassoc_lookup+0x13
> veriexec_purge() at netbsd:veriexec_purge+0x9
> fileassoc_table_run() at netbsd:fileassoc_table_run+0x66
> veriexec_raw_cb() at netbsd:veriexec_raw_cb+0x155
> kauth_authorize_action() at netbsd:kauth_authorize_action+0xa0
> kauth_authorize_device_spec() at netbsd:kauth_authorize_device_spec+0x2f
> spec_open() at netbsd:spec_open+0x16f
> VOP_OPEN() at netbsd:VOP_OPEN+0x2a
> vn_open() at netbsd:vn_open+0x264
> sys_open() at netbsd:sys_open+0xeb
> syscall_plain() at netbsd:syscall_plain+0x112
> --- syscall (number 0) ---
> 0:
> db>
> db> sync
> syncing disks... ex0: uplistptr was 0
> 10 3 done
> unmounting file systems...
> unmounting /dev/pts (ptyfs)...
> unmounting /nbu/data (/dev/raid1h)...
> unmounting /nbu (/dev/raid1g)...
> unmounting /data (/dev/raid1f)...
> unmounting /var (/dev/raid1e)...
> unmounting /tmp (tmpfs)...
> unmounting / (/dev/raid1a)...panic: lockmgr: draining against myself
> Stopped in pid 1525.1 (raidctl) at      netbsd:cpu_Debugger+0x5: leave
> db> sync
> 
> dumping to dev 18,17 offset 1051015
> dump device bad
> 
> 
> rebooting...
> 
>