Bug#682709: NFS4 krb5 mounts hang under nfs-utils 1.2.6-3
Hello everyone,
I've been affected by this bug as well. After some further
investigations I found the root cause of this bug.
This bug is triggered when the client's IP address can't be mapped to an
hostname. The evil part is inside rpc.mountd, which is also the only
binary affected by this bug. Being unable to map the client's IP address
rpc.mountd enters an error path which silently leaves the Kernels
request unanswered. Waiting for an answer the Kernel does not send a
response back to the client, which then keeps waiting on the NFS server.
This bug was introduced between version 1.2.5 and version 1.2.6 of
nfs-utils and was later fixed upstream. After bisecting through the
upstream git repository I found cb3b81d6c4167ede8886115e271584a96ea55565
([1]) to fix this bug.
This very small patch can be directly applied to the Debian package
version 1.2.6-3. I've therefore build a NMU including only this small
change (debdiff patch attached to this Mail) and put the source and
binary packages (i386+amd64) here:
http://www.inf.fh-dortmund.de/~dh/debian-682709/
I would like to ask the maintainers to include this patch in Wheezy,
because it fixes a regression compared to Squeeze, where this bug was
not present and Kerberos enabled NFS exports worked. As the change is
very small and already included in upstream's git repository, it should
not cause side effects.
Cheers,
Daniel
Links:
[1]: http://git.linux-nfs.org/?p=steved/nfs-utils.git;a=commit;h=cb3b81d6c4167ede8886115e271584a96ea55565
--
Kind regards,
Daniel Heß
Fachhochschule Dortmund
University of Applied Sciences and Arts
Daniel Heß
FB Informatik,
Emil-Figge-Str. 42 - D-44227 Dortmund
Raum EFS 42 C.2.45
Tel +49 231 755-6761
Fax +49 231 755-6710
daniel.hess@fh-dortmund.de
http://www.fh-dortmund.de/
diff -Nru nfs-utils-1.2.6/debian/changelog nfs-utils-1.2.6/debian/changelog
--- nfs-utils-1.2.6/debian/changelog 2012-07-10 19:42:42.000000000 +0200
+++ nfs-utils-1.2.6/debian/changelog 2013-04-10 14:33:23.000000000 +0200
@@ -1,3 +1,11 @@
+nfs-utils (1:1.2.6-3.1) unstable; urgency=low
+
+ * Non-maintainer upload.
+ * Add 20-mountd-auth_unix_ip-should-downcall-on-error-to-prev.patch to
+ avoid hangs on Kerberos mounts (Closes: #682709).
+
+ -- Daniel Hess <danie.hess@fh-dortmund.de> Wed, 10 Apr 2013 14:30:21 +0200
+
nfs-utils (1:1.2.6-3) unstable; urgency=low
* Iterate through exports.d to look for expors (Closes: #676604).
diff -Nru nfs-utils-1.2.6/debian/patches/20-mountd-auth_unix_ip-should-downcall-on-error-to-prev.patch nfs-utils-1.2.6/debian/patches/20-mountd-auth_unix_ip-should-downcall-on-error-to-prev.patch
--- nfs-utils-1.2.6/debian/patches/20-mountd-auth_unix_ip-should-downcall-on-error-to-prev.patch 1970-01-01 01:00:00.000000000 +0100
+++ nfs-utils-1.2.6/debian/patches/20-mountd-auth_unix_ip-should-downcall-on-error-to-prev.patch 2013-04-10 16:02:57.000000000 +0200
@@ -0,0 +1,51 @@
+From cb3b81d6c4167ede8886115e271584a96ea55565 Mon Sep 17 00:00:00 2001
+From: "J. Bruce Fields" <bfields@redhat.com>
+Date: Wed, 28 Nov 2012 09:11:29 -0500
+Subject: [PATCH] mountd: auth_unix_ip should downcall on error to prevent
+ hangs
+
+Since bf6a4febaa78bf188896b7b5b02c46562dd08b70 "mountd: handle
+allocation failures in auth_unix_ip upcall", a failure to map the
+address of an incoming client to a name could result in a hang.
+
+We should be responding with an error in the case, not just skipping the
+downcall and leaving everybody hanging.
+
+Signed-off-by: J. Bruce Fields <bfields@redhat.com>
+Signed-off-by: Steve Dickson <steved@redhat.com>
+---
+ utils/mountd/cache.c | 11 ++++-------
+ 1 file changed, 4 insertions(+), 7 deletions(-)
+
+diff --git a/utils/mountd/cache.c b/utils/mountd/cache.c
+index e950ec6..c13f305 100644
+--- a/utils/mountd/cache.c
++++ b/utils/mountd/cache.c
+@@ -109,12 +109,10 @@ static void auth_unix_ip(FILE *f)
+ struct addrinfo *ai = NULL;
+
+ ai = client_resolve(tmp->ai_addr);
+- if (ai == NULL)
+- goto out;
+- client = client_compose(ai);
+- freeaddrinfo(ai);
+- if (!client)
+- goto out;
++ if (ai) {
++ client = client_compose(ai);
++ freeaddrinfo(ai);
++ }
+ }
+ qword_print(f, "nfsd");
+ qword_print(f, ipaddr);
+@@ -127,7 +125,6 @@ static void auth_unix_ip(FILE *f)
+ xlog(D_CALL, "auth_unix_ip: client %p '%s'", client, client?client: "DEFAULT");
+
+ free(client);
+-out:
+ freeaddrinfo(tmp);
+
+ }
+--
+1.7.10.4
+
diff -Nru nfs-utils-1.2.6/debian/patches/series nfs-utils-1.2.6/debian/patches/series
--- nfs-utils-1.2.6/debian/patches/series 2012-07-10 19:42:42.000000000 +0200
+++ nfs-utils-1.2.6/debian/patches/series 2013-04-10 14:30:08.000000000 +0200
@@ -6,3 +6,4 @@
17-multiarch-kerberos-paths.patch
18-osd_login-sbindir.patch
19-iscsiadm-path.patch
+20-mountd-auth_unix_ip-should-downcall-on-error-to-prev.patch
Reply to: