Bug#367125: marked as done (nfs + ext3 = possible DoS)

[owner@bugs.debian.org (Debian Bug Tracking System)]

Your message dated Tue, 26 Sep 2006 09:48:10 -0600
with message-id <[🔎] 20060926154810.GC12302@colo>
and subject line Bug#367125: ext2_get_inode: bad inode number
has caused the attached Bug report to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere.  Please contact me immediately.)

Debian bug tracking system administrator
(administrator, Debian Bugs database)

--- Begin Message ---

• To: submit@bugs.debian.org
• Subject: nfs + ext3 = possible DoS
• From: "Peter Kruse" <pjodrr@gmail.com>
• Date: Thu, 11 May 2006 10:09:28 +0200
• Message-id: <732df3000605110109m6c8f2bbfibb24737144ec049a@mail.gmail.com>

Package: kernel-image-2.6.8-2-686-smp
Version: 2.6.8-16

Hello,

Our central nfs-server is running Debian/Sarge and there are ~300 nfs Clients running under Debian
or Solaris.  At one point we had to recreate the exported (ext3) filesystems on the server and
copy the data back from backup.  Although we rebooted most of the clients as  well, some kept running
and unforunately obviously had cached the nfs filehandles and requested the no longer
existing inodes.  This resulted in messages like this on the server:

ext3_get_inode_loc: bad inode number: 30130240

After some of these messages (cannot say the exact number) the filesystem
was mounted read-only which made it quite unusable, along with  this message:

Remounting filesystem read-only

This suprises me somewhat as with "tune2fs -e continue" the filesystem
was supposed to ignore errors.  Is that not valid for ext3 but only for ext2?
We also think that this could be used as a denial of service attack: just
request non-existing inodes and eventually the server will remount read-only.
We also observed this behaviour with linux-image-2.6.12-1-686-smp, version
2.6.12-10.  I will install linux-kernel latest version of 2.6.16 in the near future.
I'm not sure if this really is a bug but it would be great if there was a workaround.
I think it's a bug since there actually is no error in the filesystem,
there are only requests for non-existing inodes.
So how can one prevent the filesystem being remounted read-only in this
situation?

Thanks,

    Peter

--- End Message ---

--- Begin Message ---

• To: Peter Kruse <pjodrr@gmail.com>, 367125@bugs.debian.org, 367125-done@bugs.debian.org
• Cc: Goswin von Brederlow <brederlo@informatik.uni-tuebingen.de>
• Subject: Re: Bug#367125: ext2_get_inode: bad inode number
• From: dann frazier <dannf@debian.org>
• Date: Tue, 26 Sep 2006 09:48:10 -0600
• Message-id: <[🔎] 20060926154810.GC12302@colo>
• In-reply-to: <[🔎] 732df3000609260308l59988fdco9d684d0c6f14251e@mail.gmail.com>
• References: <732df3000606160437x401a46d8m57beca7d13a2bd28@mail.gmail.com> <87zmgdkt8z.fsf@informatik.uni-tuebingen.de> <732df3000606190342u2e42bdb0o23c7046f82cdd98@mail.gmail.com> <87bqspapwn.fsf@informatik.uni-tuebingen.de> <[🔎] 732df3000609260308l59988fdco9d684d0c6f14251e@mail.gmail.com>

Version: 2.6.8-16sarge5

On Tue, Sep 26, 2006 at 12:08:14PM +0200, Peter Kruse wrote:
> Hello,
> 
> it looks like that the latest security update to the kernel fixes this
> problem:

Thanks, closing therefore.

-- 
dann frazier

--- End Message ---