[Bug 683938] Re: kernel crash on symlink chased from NFS to failing automount
** CVE removed: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2010-4249 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/683938 Title: kernel crash on symlink chased from NFS to failing automount To manage notifications about this bug go to: https://bugs.launchpad.net/linux/+bug/683938/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 683938] Re: kernel crash on symlink chased from NFS to failing automount
** Changed in: linux Importance: Unknown = Medium -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/683938 Title: kernel crash on symlink chased from NFS to failing automount -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 683938] Re: kernel crash on symlink chased from NFS to failing automount
This bug was fixed in the package linux - 2.6.35-25.44 --- linux (2.6.35-25.44) maverick-proposed; urgency=low [ Upstream Kernel Changes ] * Revert drm/radeon/kms: properly compute group_size on 6xx/7xx - LP: #703553 linux (2.6.35-25.43) maverick-proposed; urgency=low [ Brad Figg ] - LP: #697948 [ Andy Whitcroft ] * [Config] add vmware-balloon driver to -virtual flavour - LP: #592039 [ Manoj Iyer ] * SAUCE: Enable jack sense for Thinkpad Edge 13 - LP: #685015 [ Robert Hooker ] * Revert (pre-stable): input: Support Clickpad devices in ClickZone mode - LP: #669399 [ Stefan Bader ] * Set virtual flavour maximum of domain visible memory to 70G - LP: #667796 [ Takashi Iwai ] * SAUCE: input: Support Clickpad devices in ClickZone mode - LP: #516329 [ Tim Gardner ] * [Config] Add nfsd modules to -virtual flavour - LP: #688070 * [Config] Added autofs4.ko to -virtual flavour - LP: #692917 [ Upstream Kernel Changes ] * intel_idle: delete substates DEBUG modparam - LP: #684888 * intel_idle: delete power_policy modparam, and choose substate functions - LP: #684888 * intel_idle: add support for Westmere-EX - LP: #684888 * intel_idle: recognize Lincroft Atom Processor - LP: #684888 * x86, mwait: Move mwait constants to a common header file - LP: #684888 * intel_idle: Change mode 755 = 644 - LP: #684888 * intel_idle: add missing __percpu markup - LP: #684888 * cpuidle: extend cpuidle and menu governor to handle dynamic states - LP: #684888 * intel_idle: Voluntary leave_mm before entering deeper - LP: #684888 * intel_idle: enable Atom C6 - LP: #684888 * intel_idle: simplify test for leave_mm() - LP: #684888 * intel_idle: delete bogus data from cpuidle_state.power_usage - LP: #684888 * intel_idle: add initial Sandy Bridge support - LP: #684888 * intel_idle: do not use the LAPIC timer for ATOM C2 - LP: #684888 * staging: usbip: Notify usb core of port status changes - LP: #686158 * staging: usbip: Process event flags without delay - LP: #686158 * Staging: phison: fix problem caused by libata change - LP: #686158 * perf_events: Fix bogus AMD64 generic TLB events - LP: #686158 * perf_events: Fix bogus context time tracking - LP: #686158 * powerpc/perf: Fix sampling enable for PPC970 - LP: #686158 * pcmcia: synclink_cs: fix information leak to userland - LP: #686158 * sched: Drop all load weight manipulation for RT tasks - LP: #686158 * sched: Fix string comparison in /proc/sched_features - LP: #686158 * bluetooth: Fix missing NULL check - LP: #686158 * futex: Fix errors in nested key ref-counting - LP: #686158 * cifs: fix broken oplock handling - LP: #686158 * libahci: fix result_tf handling after an ATA PIO data-in command - LP: #686158 * mm, x86: Saving vmcore with non-lazy freeing of vmas - LP: #686158 * x86, cpu: Fix renamed, not-yet-shipping AMD CPUID feature bit - LP: #686158 * x86, kexec: Make sure to stop all CPUs before exiting the kernel - LP: #686158 * x86, olpc: Don't retry EC commands forever - LP: #686158 * x86, mtrr: Assume SYS_CFG[Tom2ForceMemTypeWB] exists on all future AMD CPUs - LP: #686158 * x86, intr-remap: Set redirection hint in the IRTE - LP: #686158 * x86, kdump: Change copy_oldmem_page() to use cached addressing - LP: #686158 * x86, vm86: Fix preemption bug for int1 debug and int3 breakpoint handlers. - LP: #686158 * KVM: X86: Report SVM bit to userspace only when supported - LP: #686158 * KVM: SVM: Restore correct registers after sel_cr0 intercept emulation - LP: #686158 * USB: mct_u232: fix broken close - LP: #686158 * pipe: fix failure to return error code on -confirm() - LP: #686158 * p54usb: fix off-by-one on !CONFIG_PM - LP: #686158 * p54usb: add five more USBIDs - LP: #686158 * drivers/net/wireless/p54/eeprom.c: Return -ENOMEM on memory allocation failure - LP: #686158 * usb gadget: composite: prevent OOPS for non-standard control request - LP: #686158 * USB: gadget: g_ffs: fixed vendor and product ID - LP: #686158 * USB: gadget: g_multi: fixed vendor and product ID - LP: #686158 * USB: ftdi_sio: Add PID for accesio products - LP: #686158 * USB: ftdi_sio: revert USB: ftdi_sio: fix DTR/RTS line modes - LP: #686158, #690798 * USB: add PID for FTDI based OpenDCC hardware - LP: #686158 * USB: ftdi_sio: new VID/PIDs for various Papouch devices - LP: #686158 * USB: ftdi_sio: add device ids for ScienceScope - LP: #686158 * USB: MUSB: fix kernel WARNING/oops when unloading module in OTG mode - LP: #686158 * usb: musb: blackfin: call usb_nop_xceiv_unregister() in musb_platform_exit() - LP: #686158 * usb: musb: blackfin: call gpio_free() on error path in
[Bug 683938] Re: kernel crash on symlink chased from NFS to failing automount
This bug was fixed in the package linux - 2.6.32-28.55 --- linux (2.6.32-28.55) lucid-proposed; urgency=low * Another version bump because of abi check failure * Tracking Bug - LP: #699885 linux (2.6.32-28.54) lucid-proposed; urgency=low * Another version bump because of upload failure linux (2.6.32-28.53) lucid-proposed; urgency=low * Another version bump because of upload failure linux (2.6.32-28.52) lucid-proposed; urgency=low [ Steve Conklin ] * (removed old tracking bug link) linux (2.6.32-28.51) lucid-proposed; urgency=low [ Steve Conklin ] * bumped version due to build fail linux (2.6.32-28.50) lucid-proposed; urgency=low [ Tim Gardner ] * SAUCE: Change nodelayacct boot parameter polarity. - LP: #493156 * [Config] CONFIG_TASK_DELAY_ACCT=y - LP: #493156 [ Upstream Kernel Changes ] * ipc: initialize structure memory to zero for compat functions * tcp: Increase TCP_MAXSEG socket option minimum. - CVE-2010-4165 * perf_events: Fix perf_counter_mmap() hook in mprotect() - CVE-2010-4169 * af_unix: limit unix_tot_inflight - CVE-2010-4249 * AppArmor: fix the upper bound check for the next/check table - LP: #581525 * NFS: Fix panic after nfs_umount() - LP: #683938 * block: Ensure physical block size is unsigned int - LP: #688669 * block: limit vec count in bio_kmalloc() and bio_alloc_map_data() - LP: #688669 * block: take care not to overflow when calculating total iov length - LP: #688669 * block: check for proper length of iov entries in blk_rq_map_user_iov() - LP: #688669 * jme: Fix PHY power-off error - LP: #688669 * irda: Fix parameter extraction stack overflow - LP: #688669 * irda: Fix heap memory corruption in iriap.c - LP: #688669 * i2c-pca-platform: Change device name of request_irq - LP: #688669 * microblaze: Fix build with make 3.82 - LP: #688669 * Staging: asus_oled: fix up some sysfs attribute permissions - LP: #688669 * Staging: asus_oled: fix up my fixup for some sysfs attribute permissions - LP: #688669 * Staging: line6: fix up some sysfs attribute permissions - LP: #688669 * hpet: fix unwanted interrupt due to stale irq status bit - LP: #688669 * hpet: unmap unused I/O space - LP: #688669 * olpc_battery: Fix endian neutral breakage for s16 values - LP: #688669 * percpu: fix list_head init bug in __percpu_counter_init() - LP: #688669 * um: remove PAGE_SIZE alignment in linker script causing kernel segfault. - LP: #688669 * um: fix global timer issue when using CONFIG_NO_HZ - LP: #688669 * numa: fix slab_node(MPOL_BIND) - LP: #688669 * hwmon: (lm85) Fix ADT7468 frequency table - LP: #688669 * mm: fix return value of scan_lru_pages in memory unplug - LP: #688669 * mm: fix is_mem_section_removable() page_order BUG_ON check - LP: #688669 * ssb: b43-pci-bridge: Add new vendor for BCM4318 - LP: #688669 * sgi-xpc: XPC fails to discover partitions with all nasids above 128 - LP: #688669 * xen: ensure that all event channels start off bound to VCPU 0 - LP: #688669 * xen: don't bother to stop other cpus on shutdown/reboot - LP: #688669 * sys_semctl: fix kernel stack leakage - LP: #688669 * net: NETIF_F_HW_CSUM does not imply FCoE CRC offload - LP: #688669 * drivers/char/vt_ioctl.c: fix VT_OPENQRY error value - LP: #688669 * viafb: use proper register for colour when doing fill ops - LP: #688669 * eCryptfs: Clear LOOKUP_OPEN flag when creating lower file - LP: #688669 * md/raid1: really fix recovery looping when single good device fails. - LP: #688669 * md: fix return value of rdev_size_change() - LP: #688669 * x86: AMD Northbridge: Verify NB's node is online - LP: #688669 * tty: prevent DOS in the flush_to_ldisc - LP: #688669 * TTY: restore tty_ldisc_wait_idle - LP: #688669 * tty_ldisc: Fix BUG() on hangup - LP: #688669 * TTY: ldisc, fix open flag handling - LP: #688669 * KVM: VMX: fix vmx null pointer dereference on debug register access - LP: #688669 - CVE-2010-0435 * KVM: x86: fix information leak to userland - LP: #688669 * firewire: cdev: fix information leak - LP: #688669 * firewire: core: fix an information leak - LP: #688669 * firewire: ohci: fix buffer overflow in AR split packet handling - LP: #688669 * firewire: ohci: fix race in AR split packet handling - LP: #688669 * ALSA: ac97: Apply quirk for Dell Latitude D610 binding Master and Headphone controls - LP: #669279, #688669 * ALSA: HDA: Add an extra DAC for Realtek ALC887-VD - LP: #688669 * ALSA: hda: Use alienware model quirk for another SSID - LP: #683695, #688669 * netfilter: nf_conntrack: allow nf_ct_alloc_hashtable() to get highmem pages - LP: #688669 * latencytop: fix per task accumulator - LP: #688669 * mm/vfs: revalidate
[Bug 683938] Re: kernel crash on symlink chased from NFS to failing automount
** Changed in: linux Status: Confirmed = Fix Released -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/683938 Title: kernel crash on symlink chased from NFS to failing automount -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 683938] Re: kernel crash on symlink chased from NFS to failing automount
** Changed in: linux Status: Unknown = Confirmed -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/683938 Title: kernel crash on symlink chased from NFS to failing automount -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 683938] Re: kernel crash on symlink chased from NFS to failing automount
** Branch linked: lp:ubuntu/lucid-proposed/linux-ec2 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/683938 Title: kernel crash on symlink chased from NFS to failing automount -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 683938] Re: kernel crash on symlink chased from NFS to failing automount
** Tags added: verification-done ** Tags removed: verification-needed -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/683938 Title: kernel crash on symlink chased from NFS to failing automount -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 683938] Re: kernel crash on symlink chased from NFS to failing automount
Accepted linux into lucid-proposed, the package will build now and be available in a few hours. Please test and give feedback here. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you in advance! ** Tags added: verification-needed -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/683938 Title: kernel crash on symlink chased from NFS to failing automount -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 683938] Re: kernel crash on symlink chased from NFS to failing automount
** Tags added: kernel-server -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/683938 Title: kernel crash on symlink chased from NFS to failing automount -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 683938] Re: kernel crash on symlink chased from NFS to failing automount
This bug was fixed in the package linux - 2.6.37-9.22 --- linux (2.6.37-9.22) natty; urgency=low [ Andy Whitcroft ] * rebase to v2.6.35-rc5 * [Config] updateconfigs following rebase to v2.6.37-rc5 * (no-up) add support for installed header files to ubuntu directory - LP: #684666 * ubuntu: AUFS -- include the aufs_types.h file in linux-libc-headers - LP: #684666 * ubuntu: dm-raid4-5 -- follow changes to bio flags * ubuntu: dm-raid4-5 -- re-enable * ubuntu: omnibook -- update BOM * ubuntu: ndiswrapper -- update BOM to match actual version * ubuntu: ndiswrapper -- follow removal of the BKL and locked ioctl * ubuntu: ndiswrapper -- re-enable * ubuntu: iscsitarget -- re-instate copy_io_context * ubuntu: iscsitarget -- follow changes to semaphore initialisation * ubuntu: iscsitarget -- convert NIPQUAD to %pI4 * ubuntu: iscsitarget -- re-enable [ Kees Cook ] * [Config] update config for CONFIG_DEBUG_SET_MODULE_RONX [ Manoj Iyer ] * SAUCE: Enable jack sense for Thinkpad Edge 13 - LP: #685015 [ Tim Gardner ] * [Config] CONFIG_9P_FSCACHE=y,CONFIG_9P_FS_POSIX_ACL=y * [Config] CONFIG_CRYPTO_CRC32C=y - LP: #681819 * [Config] CONFIG_9P_FSCACHE=n * [Config] Add nfsd modules to -virtual flavour - LP: #688070 [ Upstream Kernel Changes ] * Revert Staging: zram: work around oops due to startup ordering snafu * NFS: Fix panic after nfs_umount() - LP: #683938 * x86: Add NX protection for kernel data * x86: Add RO/NX protection for loadable kernel modules * x86: Resume trampoline must be executable * x86: RO/NX protection for loadable kernel, jump_table fix [ Upstream Kernel Changes ] * rebase to v2.6.37-rc5 -- Andy Whitcroft a...@canonical.com Thu, 09 Dec 2010 18:15:35 + ** Changed in: linux (Ubuntu Natty) Status: Fix Committed = Fix Released -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/683938 Title: kernel crash on symlink chased from NFS to failing automount -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 683938] Re: kernel crash on symlink chased from NFS to failing automount
So thanks to upstream, we got a patch (I am duplicating this here). It was in a completely different corner. Instead of a race condition, the incorrect number of commands provided seems to have a hidden bad effect within the rpc code (I have not looked but from the patch description, some memory allocations are done for each command). The code put 2 as the number of commands, but the array had four entries and command index 0 and 2 being not used. The UMNT command has the index number 3, so when accessing internal arrays with that index the code accesses memory outside of the allocated range. I am currently compiling stock Lucid kernels with just this patch applied. I will upload them as soon as those are ready to the same location I put the other debug kernels. ** Patch added: Patch to pass the right number of client commands https://bugs.launchpad.net/ubuntu/+source/linux/+bug/683938/+attachment/1760614/+files/0001-NFS-Fix-panic-after-nfs_umount.patch ** Also affects: linux (Ubuntu Lucid) Importance: Undecided Status: New ** Also affects: linux (Ubuntu Maverick) Importance: Undecided Status: New ** Changed in: linux (Ubuntu Lucid) Importance: Undecided = High ** Changed in: linux (Ubuntu Lucid) Status: New = In Progress ** Changed in: linux (Ubuntu Lucid) Assignee: (unassigned) = Stefan Bader (stefan-bader-canonical) ** Changed in: linux (Ubuntu Maverick) Importance: Undecided = High ** Changed in: linux (Ubuntu Maverick) Status: New = Triaged ** Changed in: linux (Ubuntu Maverick) Assignee: (unassigned) = Stefan Bader (stefan-bader-canonical) ** Tags added: lucid maverick natty patch ** Tags removed: glucid kernel-series-unknown -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/683938 Title: kernel crash on symlink chased from NFS to failing automount -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 683938] Re: kernel crash on symlink chased from NFS to failing automount
** Description changed: + SRU justification: + + Impact: When trying to mount an export where server and client have no + common authentication method, the client will abort the mount by sending + an advisory unmount message to the server. A bug in the RPC client setup + causes the sunrpc code to access memory outside an allocated array, + which will sooner or later cause the kernel to crash. + + Fix: Patch from upstream (about to be submitted and targeted for stable + too) changes the setup to use the actual array size instead of a + manually entered number. + + Testcase: + + Server exports a mount with an authentication method the client does not support, eg.: + [/etc/exports] /srv/foo *(rw,sec=krb5) + + Client tries to mount this directory with no special authentication method: + while true; do mount server:/srv/foo /mnt; sync; sleep 1; done + + --- + Create an automount indirect map entry to a nfs server that will deny the mount with a permission denied error. Create a symlink on some mounted NFS partition pointing at the name of that automount indirect map entry. Chase the symlink with ls, etc. Notice that the automounter tries and fails to mount the partition. (visible with automount -d -f, say) In a few minutes, depending on system activity, the kernel will crash with the symptoms of a memory corruption error. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/683938 Title: kernel crash on symlink chased from NFS to failing automount -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 683938] Re: kernel crash on symlink chased from NFS to failing automount
Awesomeness! I'll give it a try today. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/683938 Title: kernel crash on symlink chased from NFS to failing automount -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 683938] Re: kernel crash on symlink chased from NFS to failing automount
This is not quite right. The second one should use ARRAY_SIZE(mnt3_procedures). The value happens to be the same, but still...let's not make a new bug if someone implements another part of the protocol someday. :) -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/683938 Title: kernel crash on symlink chased from NFS to failing automount -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 683938] Re: kernel crash on symlink chased from NFS to failing automount
Yes, I was told by someone else reviewing the patch when I submitted it to be included as SRU. :) But better mention it twice than have it missed. As Chuck noted it is in his version now and it should be the version to go upstream. I must admit that I did not look well enough when I saw how simple the change looked and when it actually and finally resolved the crashes, -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/683938 Title: kernel crash on symlink chased from NFS to failing automount -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 683938] Re: kernel crash on symlink chased from NFS to failing automount
** Changed in: linux (Ubuntu Lucid) Status: In Progress = Fix Committed ** Changed in: linux (Ubuntu Maverick) Status: Triaged = Fix Committed ** Also affects: linux (Ubuntu Natty) Importance: High Assignee: Stefan Bader (stefan-bader-canonical) Status: Triaged ** Changed in: linux (Ubuntu Natty) Status: Triaged = Fix Committed -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/683938 Title: kernel crash on symlink chased from NFS to failing automount -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 683938] Re: kernel crash on symlink chased from NFS to failing automount
** Tags added: kernel-series-unknown -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/683938 Title: kernel crash on symlink chased from NFS to failing automount -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 683938] Re: kernel crash on symlink chased from NFS to failing automount
** Visibility changed to: Public -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/683938 Title: kernel crash on symlink chased from NFS to failing automount -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 683938] Re: kernel crash on symlink chased from NFS to failing automount
Stefan says While in the case we test, the request is seen as success but then the authentication flavours do not match and the client does an explicit umount request (probably the same happens when the authentication methods are supported but the authentication fails). I spent a lot of time staring at this yesterday myself. The umount doesn't do much: it doesn't involve any local state manipulation. I also chased the aliases for the filehandle and such on the mount, and I didn't see any leaks of the pointer to something that might manipulate it after it gets freed (which happens in all the failing mount cases). However, if repeated mounts fail, it is odd that the original manifestation of this bug is that a *single* chase through the symlink is sufficient to produce an (eventual) crash. I wonder if a single failing mount is really sufficient to produce a crash. That would be odd, because you'd think that would happen a lot. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/683938 Title: kernel crash on symlink chased from NFS to failing automount -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 683938] Re: kernel crash on symlink chased from NFS to failing automount
So here is my current theory: what I see in the code is that there only seems to be one caller to nfs_umount (in mount_clnt.c) and this is done from super.c when nfs_try_mount checks the returned authentication modes and finds that server and client support not a common method. This reuses the same data structure that has been prepared for the mount call. Though it seems at this point everything is ok. And locally it seems that some of the failed mounts are not causing a crash while other cases do. And the calling sequence seems the same in all cases. One thing I saw was that this umount is claimed to be optional and is done as a UDP call which does not expect any data back. Now I checked the actual packets sent around with wireshark and to me it seems that there actually is a reply of some sort. After the RPC request is reported done successfully, there is an ICMP packet coming in to the same port, stating the destination port is unreachable. The umount call itself creates a RPC client, sends the message and immediately tears down the client. But now I am wondering what would happen if this ICMP packet arrives before the client is completely torn down. As one quick test, I compiled a kernel with the nfs_umount call commented out (as it is claimed to be optional anyway and we never have a nfs connection set up). This kernel seems to survive the mount loop for quite a while now. But I want to leave it running for a bit longer to be more confident of this result. If this turns out to be stable, I would update the upstream bug with that information. Currently I only got a 2.6.32-generic 64bit debug kernel, but if someone wants to try, I am currently uploading to http://people.canonical.com/~smb/lp683938. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/683938 Title: kernel crash on symlink chased from NFS to failing automount -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 683938] Re: kernel crash on symlink chased from NFS to failing automount
What lies behind the comment on the umount call is this: the NFS protocol requests that clients tell servers when they unmount partitions, so that servers can stop reporting it in tools like showmount. The client doesn't care at all if the server ever gets it, and even if you do an unmount RPC, the server is not allowed to stop handling the filehandles, which are (officially) permanent. So since the client doesn't care beans about the umount call, or even if it works or gets blackholed, the code in mount_clnt.c does minimal retransmits and short timeouts. When it says that it doesn't expect data back, that doesn't mean that the RPC has no return (the server does follow the usual sunrpc semantics and does send back a reply) but the client doesn't care what the return is in any way. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/683938 Title: kernel crash on symlink chased from NFS to failing automount -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 683938] Re: kernel crash on symlink chased from NFS to failing automount
I've been busy this morning with other responsibilities, but I can report now that I agree that no automount involvement is necessary; merely repeating the mount request eventually provokes the failure. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/683938 Title: kernel crash on symlink chased from NFS to failing automount -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 683938] Re: kernel crash on symlink chased from NFS to failing automount
Removing the umount attempt seems to make the problem go away. Not a fix, but it's nice to have a workaround. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/683938 Title: kernel crash on symlink chased from NFS to failing automount -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs