Bug#255931: marked as done (kernel: NFS fh_verify causes lost output)

To: Sven Luther <luther@debian.org>
Cc: Debian Kernel Team <debian-kernel@lists.debian.org>
Subject: Bug#255931: marked as done (kernel: NFS fh_verify causes lost output)
From: owner@bugs.debian.org (Debian Bug Tracking System)
Date: Wed, 25 Aug 2004 13:03:09 -0700
Message-id: <[🔎] handler.255931.D255931.109346360321288.ackdone@bugs.debian.org>
In-reply-to: <E1C03kw-0006wx-00@newraff.debian.org>
References: <E1C03kw-0006wx-00@newraff.debian.org> <200406232050.i5NKoCGP022332@pisa.maths.usyd.edu.au>
Your message dated Wed, 25 Aug 2004 15:48:26 -0400
with message-id <E1C03kw-0006wx-00@newraff.debian.org>
and subject line Bug#255931: fixed in kernel-source-2.6.8 2.6.8-3
has caused the attached Bug report to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere.  Please contact me immediately.)

Debian bug tracking system administrator
(administrator, Debian Bugs database)

--------------------------------------
Received: (at submit) by bugs.debian.org; 23 Jun 2004 20:51:05 +0000
>From psz@maths.usyd.edu.au Wed Jun 23 13:51:05 2004
Return-path: <psz@maths.usyd.edu.au>
Received: from talus.maths.usyd.edu.au [129.78.68.1] 
	by spohr.debian.org with esmtp (Exim 3.35 1 (Debian))
	id 1BdEi1-0005lm-00; Wed, 23 Jun 2004 13:51:05 -0700
Received: from pisa.maths.usyd.edu.au (psz@pisa.maths.usyd.edu.au) [129.78.69.136]
	by siv.maths.usyd.edu.au via smtpdoor V18.1
	id 288412 for submit@bugs.debian.org; Thu, 24 Jun 2004 06:50:12 +1000
Message-Id: <200406232050.i5NKoCGP022332@pisa.maths.usyd.edu.au>
Received: from psz@localhost by pisa.maths.usyd.edu.au (8.12.3/7.6/Submit)
	id i5NKoCGP022332; Thu, 24 Jun 2004 06:50:12 +1000
From: Paul Szabo <psz@maths.usyd.edu.au>
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: kernel: NFS fh_verify causes lost output
X-Mailer: reportbug 1.50
Date: Thu, 24 Jun 2004 06:50:12 +1000
Delivered-To: submit@bugs.debian.org
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2004_03_25 
	(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-4.9 required=4.0 tests=BAYES_01,HAS_PACKAGE,
	MSGID_FROM_MTA_HEADER,WEIRD_PORT autolearn=no 
	version=2.60-bugs.debian.org_2004_03_25
X-Spam-Level: 

Package: kernel
Version: N/A; reported 2004-06-24
Severity: important
Tags: patch

With default root_squash and subtree_check options, there is a problem with
NFS exports. The bug may appear also with no_root_squash; can always be
avoided with no_subtree_check. The bug causes open filehandles to become
stale, and further read/write access to fail.

References to what I think are the same issue:
http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=110421
http://groups.google.com.au/groups?hl=en&lr=&ie=UTF-8&threadm=fa.jnukgbv.3i82ba%40ifi.uio.no&rnum=3&prev=/groups%3Fq%3Dfh_verify%253A%2Bno%2Broot_squashed%26ie%3DISO-8859-1%26hl%3Den
showing that the problem is not specific to Debian, and is present on a
wide range of kernel versions.

Can reproduce the problem with lsof. Seems that if the "owner" runs lsof,
then root does lsof quite soon, there is no problem; root needs to wait a
while to produce the problem; there seems to be a 10-second cache period.
Demo (see output files vanish if user has NFS-mounted home):

su - psz -c 'sleep 1000 >sleep.out 2>&1 <&- &'            ## Start process
sleep 20; su - psz -c 'lsof -c sl'; sleep 1; lsof -u psz  ## OK (may repeat)
sleep 20; su - psz -c 'lsof -c sl'; sleep 20; lsof -u psz ## Fail

The server will log something like
  kernel: fh_verify: no root_squashed access at psz/sleep.out.

The problem causes loss of output, some or all may be lost e.g. for

sh -c 'echo hello; sleep 200; echo bye' >sh.out &
perl -e 'echo "hello\n"; sleep 200; echo "bye\n"' >pl.out &

The following patch (against kernel-source-2.4.22) seems to fix the
problem:

--- fs/nfsd/nfsfh.c.orig	Sat Aug 30 16:01:44 2003
+++ fs/nfsd/nfsfh.c	Wed Jun 23 12:57:52 2004
@@ -705,11 +705,23 @@
 			/* make sure parents give x permission to user */
 			error = permission(parent->d_inode, MAY_EXEC);
 			if (error)
+/*			{
+				printk("fh_verify: no UID=%d,GID=%d (userset=%d) access to %s at %s/%s\n",
+					current->fsuid, current->fsgid, rqstp->rq_userset,
+				       parent->d_name.name,
+				       dentry->d_parent->d_name.name,
+				       dentry->d_name.name); */
 				break;
+/*			} */
 			tdentry = parent;
 		}
 		if (exp->ex_dentry != tdentry) {
-			error = nfserr_stale;
+			error = nfserr_acces;
+/* PSz 23 Jun 04  Not STALE but ACCES: so NFS client code (RPC really)
+ *                net/sunrpc/clnt.c will handle and re-try as real user,
+ *                do not want fs/nfs/inode.c to remove the inode. */
+/* Should not say root_squashed without checking ROOTSQUASH or ALLSQUASH
+ * and UID/GID. (Probably should be dprintk: lucky it was not.) */
 			printk("fh_verify: no root_squashed access at %s/%s.\n",
 			       dentry->d_parent->d_name.name,
 			       dentry->d_name.name);

Cheers,

Paul Szabo - psz@maths.usyd.edu.au  http://www.maths.usyd.edu.au:8000/u/psz/
School of Mathematics and Statistics  University of Sydney   2006  Australia


-- System Information
Debian Release: 3.0
Architecture: i386
Kernel: Linux pisa.maths.usyd.edu.au 2.4.22-smssvr1.5 #1 SMP Fri Apr 16 13:55:30 EST 2004 i686
Locale: LANG=C, LC_CTYPE=C


---------------------------------------
Received: (at 255931-close) by bugs.debian.org; 25 Aug 2004 19:53:23 +0000
>From katie@ftp-master.debian.org Wed Aug 25 12:53:23 2004
Return-path: <katie@ftp-master.debian.org>
Received: from newraff.debian.org [208.185.25.31] (mail)
	by spohr.debian.org with esmtp (Exim 3.35 1 (Debian))
	id 1C03pj-0005X9-00; Wed, 25 Aug 2004 12:53:23 -0700
Received: from katie by newraff.debian.org with local (Exim 3.35 1 (Debian))
	id 1C03kw-0006wx-00; Wed, 25 Aug 2004 15:48:26 -0400
From: Sven Luther <luther@debian.org>
To: 255931-close@bugs.debian.org
X-Katie: $Revision: 1.51 $
Subject: Bug#255931: fixed in kernel-source-2.6.8 2.6.8-3
Message-Id: <E1C03kw-0006wx-00@newraff.debian.org>
Sender: Archive Administrator <katie@ftp-master.debian.org>
Date: Wed, 25 Aug 2004 15:48:26 -0400
Delivered-To: 255931-close@bugs.debian.org
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2004_03_25 
	(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-6.0 required=4.0 tests=BAYES_00,HAS_BUG_NUMBER 
	autolearn=no version=2.60-bugs.debian.org_2004_03_25
X-Spam-Level: 

Source: kernel-source-2.6.8
Source-Version: 2.6.8-3

We believe that the bug you reported is fixed in the latest version of
kernel-source-2.6.8, which is due to be installed in the Debian FTP archive:

kernel-doc-2.6.8_2.6.8-3_all.deb
  to pool/main/k/kernel-source-2.6.8/kernel-doc-2.6.8_2.6.8-3_all.deb
kernel-patch-debian-2.6.8_2.6.8-3_all.deb
  to pool/main/k/kernel-source-2.6.8/kernel-patch-debian-2.6.8_2.6.8-3_all.deb
kernel-source-2.6.8_2.6.8-3.diff.gz
  to pool/main/k/kernel-source-2.6.8/kernel-source-2.6.8_2.6.8-3.diff.gz
kernel-source-2.6.8_2.6.8-3.dsc
  to pool/main/k/kernel-source-2.6.8/kernel-source-2.6.8_2.6.8-3.dsc
kernel-source-2.6.8_2.6.8-3_all.deb
  to pool/main/k/kernel-source-2.6.8/kernel-source-2.6.8_2.6.8-3_all.deb
kernel-tree-2.6.8_2.6.8-3_all.deb
  to pool/main/k/kernel-source-2.6.8/kernel-tree-2.6.8_2.6.8-3_all.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 255931@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Sven Luther <luther@debian.org> (supplier of updated kernel-source-2.6.8 package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.7
Date: Wed, 25 Aug 2004 17:40:07 +0200
Source: kernel-source-2.6.8
Binary: kernel-source-2.6.8 kernel-doc-2.6.8 kernel-tree-2.6.8 kernel-patch-debian-2.6.8
Architecture: source all
Version: 2.6.8-3
Distribution: unstable
Urgency: high
Maintainer: Debian kernel team <debian-kernel@lists.debian.org>
Changed-By: Sven Luther <luther@debian.org>
Description: 
 kernel-doc-2.6.8 - Linux kernel specific documentation for version 2.6.8
 kernel-patch-debian-2.6.8 - Debian patches to Linux 2.6.8
 kernel-source-2.6.8 - Linux kernel source for version 2.6.8 with Debian patches
 kernel-tree-2.6.8 - Linux kernel tree for building prepackaged Debian kernel images
Closes: 255931 256757 256871 257763 258061 261784 266731 266892 267338 267464
Changes: 
 kernel-source-2.6.8 (2.6.8-3) unstable; urgency=high
 .
   * Suggest libqt3-dev for xconfig (closes: #261784) (Andres Salomon).
 .
   * Update documentation (Christoph Hellwig).
 .
   * Add bio_uncopy_user leak fix from Kurt Garloff (closes: #256871)
     (Christoph Hellwig).
 .
   * Update scsi blacklist for USB multi card readers (Christoph Hellwig).
 .
   * Claim we're Windows (TM) to ACPI to work around broken BIOSes
     (Christoph Hellwig).
 .
   * Fix early boot crash on some oldworld Power Macs. (closes: #266731)
     (Christoph Hellwig).
 .
   * Add qdisc crash fix (closes: #266892) (Christoph Hellwig).
 .
   * Replace the drivers-scsi-sym53c8xx_revert workaround with
     drivers-scsi-sym_2-dv-hang, which is a proper fix for the hang
     (dann frazier).
 .
   * Enter ACPI mode earlier (closes: #258061) (Christoph Hellwig).
 .
   * Add a comment about the Adaptec firmware rebuild situation to
     README.Debian (closes: #256757) (Christoph Hellwig).
 .
   * Update bio_uncopy_user-memleak to really fix the problem
     (closes: #267464, #267338) (Christoph Hellwig).
 .
   * Update list of safe SCSI commands for SG_IO to match 2.6.9-rc1
     (Christoph Hellwig).
 .
   * Update CCISS driver (Christoph Hellwig).
 .
   * Add minix block accounting fix (Christoph Hellwig).
 .
   * Fix nfsd to not errornously return ESTALE on failed permission check
     (closes: #255931) (Christoph Hellwig).
 .
   * Fix SHM segment count limit off by one (Christoph Hellwig).
 .
   * Modularize xfrm_tunnel (Christoph Hellwig).
 .
   * Add small ACPI fix that makes speedstep work on some Centrino Laptops
     (closes: #257763) (Christoph Hellwig).
Files: 
 e11d871c94e4c2b80ea109ec281dc0a5 911 devel optional kernel-source-2.6.8_2.6.8-3.dsc
 d192fad5d8c8534399539270da0f57c0 546373 devel optional kernel-source-2.6.8_2.6.8-3.diff.gz
 04d63a08fbf900ef2fa305cc02ffd281 200988 devel optional kernel-patch-debian-2.6.8_2.6.8-3_all.deb
 046d99bea7140fabb523d919ea9d5a9e 302996 devel optional kernel-tree-2.6.8_2.6.8-3_all.deb
 d6c04d060fc960b8d1508d2591e7047d 34904884 devel optional kernel-source-2.6.8_2.6.8-3_all.deb
 39fe9e5c1746d42f3c8fe78f27745fe9 6144040 doc optional kernel-doc-2.6.8_2.6.8-3_all.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.5 (GNU/Linux)

iD8DBQFBLNnk2WTeT3CRQaQRAhlmAJ0WVH/vM3Md/zYovrmGmS1z528+rgCgooH8
i3y541uLYfJJCuEIR8fBMTs=
=gd5r
-----END PGP SIGNATURE-----
Reply to:
Prev by Date: Bug#257763: marked as done (segmentation fault on loading speedstep_centrino)
Next by Date: Bug#267464: marked as done (cdrecord: eats all the machine ressources then the oom-killer trashes everything)
Previous by thread: Bug#257763: marked as done (segmentation fault on loading speedstep_centrino)
Next by thread: Bug#267464: marked as done (cdrecord: eats all the machine ressources then the oom-killer trashes everything)
Index(es):
- Date
- Thread