Bug#934160: Bug#962254: NFS(v4) broken at 4.19.118-2

To: Salvatore Bonaccorso <carnil@debian.org>
Cc: 962254@bugs.debian.org, 934160@bugs.debian.org
Subject: Bug#934160: Bug#962254: NFS(v4) broken at 4.19.118-2
From: Elliott Mitchell <ehem+debian@m5p.com>
Date: Mon, 8 Jun 2020 18:53:27 -0700
Message-id: <[🔎] 20200609015327.GA5957@mattapan.m5p.com>
Reply-to: Elliott Mitchell <ehem+debian@m5p.com>, 934160@bugs.debian.org
In-reply-to: <[🔎] 20200605183631.GA1720057@eldamar.local>
References: <[🔎] 20200605051607.GA34405@mattapan.m5p.com> <[🔎] 20200605064426.GA1538868@eldamar.local> <[🔎] 20200605051607.GA34405@mattapan.m5p.com> <[🔎] 20200605174349.GA40135@mattapan.m5p.com> <[🔎] 20200605183631.GA1720057@eldamar.local> <156519294326.28496.4108570355391245679.reportbug@hephaestus.lan.complete.org>

Control: tags 962254 +security -unreproducible
Control: severity 962254 grave

On Fri, Jun 05, 2020 at 08:36:31PM +0200, Salvatore Bonaccorso wrote:
> This now let some rings bell, the described scenario is very similar
> to what was reported in https://bugs.debian.org/934160
> 
> Respectively
> https://bugs.launchpad.net/ubuntu/+source/nfs-utils/+bug/1779736 and
> https://bugzilla.redhat.com/show_bug.cgi?id=1667761 .

Upon more experimentation I continue to favor this being a kernel bug
(src:linux, bug #962254) and not a bug with nfs-common.

Setting vers=4.1 works around the issue, so this is *strictly* NFSv4.2.

I was able to reproduce this issue on a system with nfs-common
1:1.3.4-2.1 and a 4.19.118-2 kernel.

Based upon what I've observed I believe this requires a recent kernel on
*both* NFS client and NFS server.  A NFS client with 4.9 connecting to a
NFS server with 4.19 does NOT experience this issue.

I suspect my earlier assessment of this appearing between 4.19.98-1 and
4.19.118-2 was erroneous.  I think I was mislead by the order of
computers being updated, and a NFS client with 4.19 connecting to a NFS
server with 4.9 also does not experience this issue.

>From https://bugs.launchpad.net/ubuntu/+source/nfs-utils/+bug/1779736
this bug appeared somewhere between Linux kernels 4.9 and 4.15.

I concur with John Goerzen's assessment of this qualifying as grave due
to its security implications.

-- 
(\___(\___(\______          --=> 8-) EHM <=--          ______/)___/)___/)
 \BS (    |         ehem+sigmsg@m5p.com  PGP 87145445         |    )   /
  \_CS\   |  _____  -O #include <stddisclaimer.h> O-   _____  |   /  _/
8A19\___\_|_/58D2 7E3D DDF4 7BA6 <-PGP-> 41D1 B375 37D0 8714\_|_/___/5445

Reply to:

References:
- Bug#962254: NFS(v4) broken at 4.19.118-2
  - From: Elliott Mitchell <ehem+debian@m5p.com>
- Bug#962254: NFS(v4) broken at 4.19.118-2
  - From: Salvatore Bonaccorso <carnil@debian.org>
- Bug#962254: NFS(v4) broken at 4.19.118-2
  - From: Elliott Mitchell <ehem+debian@m5p.com>
- Bug#962254: NFS(v4) broken at 4.19.118-2
  - From: Salvatore Bonaccorso <carnil@debian.org>

Prev by Date: Bug#962509: Not always boot arguments must include a root= parameter
Next by Date: Processed: Re: Bug#962254: NFS(v4) broken at 4.19.118-2
Previous by thread: Bug#962254: NFS(v4) broken at 4.19.118-2
Next by thread: Processed: Re: Bug#962254: NFS(v4) broken at 4.19.118-2
Index(es):
- Date
- Thread