** Changed in: nfs-utils (Debian)
Status: Confirmed => Fix Released
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1124250
Title:
Partially incorrect uid mapping with
Launchpad has imported 42 comments from the remote bug at
https://bugzilla.redhat.com/show_bug.cgi?id=876705.
If you reply to an imported comment from within Launchpad, your comment
will be sent to the remote bug automatically. Read more about
Launchpad's inter-bugtracker facilities at
Hi, I'm still seeing this error.
root@XX:~# uname -r
3.13.0-77-generic
root@XX~#
root@~# cat /etc/issue
Ubuntu 14.04.4 LTS \n \l
root@:~#
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
Hi, Am I still hitting this bug ?
root@XX:~# uname -r
3.13.0-77-generic
root@XX~#
root@~# cat /etc/issue
Ubuntu 14.04.4 LTS \n \l
root@:~#
root@prod-login-west01:~# ls -l /u4/ | head
total 9356
drwx--x--x 6 nobody staff4096 Jun 24 2013 aabdul
drwx--x--x 75 nobody staff
** Changed in: nfs-utils (Debian)
Status: Fix Released => Confirmed
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1124250
Title:
Partially incorrect uid mapping with
I did one more test on Trusty today, running 3.13.0-57-generic kernel.
Installing keyutils (no other hacks needed), makes the keys turn
permanent (which serves as a workaround but leads to problems because of
the cache getting full).
Without keyutils, the keys do NOT get renewed as they should.
To clarify the above comment:
Precise running 3.2 kernel: not affected
Precise running 3.13 lts kernel: affected
Trusty running 3.13 kernel: not affected
In the Precise + lts kernel case, it's possible to hack around the
userland tools to make the keys become permanent (keyutils +
libkeyutils1 +
This bug affects Precise, but it's not marked so. Back in June, I had
mentioned that it was possible to make the keys permanent by using the
trusty versions of keyutils + libkeyutils1 + libnfsidmap2. This is now
not possible anymore with the latest kernel versions available on
Precise.
I
Amending #71: still seeing this problem.
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1124250
Title:
Partially incorrect uid mapping with nfs4/idmapd/ldap-auth
Status in linux
I'm running into this problem (keys don't get automatically renewed and
are expired after 10 minutes) on a precise server running the trusty lts
kernel.
I've just rebooted into the latest version (3.13.0.53.46), and the
problem is still present.
#33 mentions that installing keyutils fixes this.
Still see this with 3.13.0-53-generic
Installing larger values as suggested above wasn't initially very
successful. As suggested a nfsidmap -c and that seemed to have worked
for now.
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux
Hi,
the prolem is still present with
dpkg -s linux-image-3.16.0-38-generic
Package: linux-image-3.16.0-38-generic
Status: install ok installed
Priority: optional
Section: kernel
Installed-Size: 43744
Maintainer: Ubuntu Kernel Team kernel-t...@lists.ubuntu.com
Architecture: amd64
Source:
Hi Dariusz,
the problem is still present with Linux version 3.13.0-52-generic.
dpkg -s linux-image-3.13.0-52-generic
Package: linux-image-3.13.0-52-generic
Status: install ok installed
Priority: optional
Section: kernel
Installed-Size: 41219
Maintainer: Ubuntu Kernel Team
If I understood correctly, historically there have been two
independently developed alternative user-space mechanisms that can
perform uid - user name lookups for the Linux NFSv4 implementation in
the kernel, one from the University of Michigan and one from NetApp:
A) /usr/sbin/rpc.idmapd runs
I can confirm that the problem persists (and possibly even has become
more common) here with the recent kernel update:
$ ls -ld /some-nfsv4-mounted-directory ; cat /proc/key-users ; uname -a
drwxrwsr-x 2 4294967294 4294967294 4096 Dec 20 2007 .
/proc/key-users: 0:60 59/59 53/2000
Dariusz:
Today the problem has occurred again:
sudo cat /proc/key-users
0:65 64/64 58/200 810/2
and the /var/mail folder was hit in this case.
After a while (about 1 hour) the problem diminishes with the following
key-users result:
0:21 20/20 14/200 194/2
As I donĀ“t
Stef, thanks for the update.
Can you please confirm that you have upgraded your kernel to version
3.13.0-51.84 or later? This is the first release that has this fix. The version
you mentioned earlier (3.13.0.51.44) is expected to be still affected by this
bug.
Thank you.
--
You received this
Hi Dariusz,
I think
Linux version 3.13.0-51-generic (buildd@tipua) (gcc version 4.6.3
(Ubuntu/Linaro 4.6.3-1ubuntu5) ) #84~precise1-Ubuntu SMP Wed Apr 15 21:45:46
is the latest kernel.
dpkg -s linux-image-3.13.0-51-generic
Package: linux-image-3.13.0-51-generic
Status: install ok installed
Thank you Stef. I have verified the fix on trusty with trusty kernel. I
will try to set up a precise environment with trusty kernel and
reproduce this issue.
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
** Tags removed: verification-needed-trusty verification-needed-utopic
** Tags added: verification-done-trusty verification-done-utopic
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
This bug was fixed in the package linux - 3.16.0-36.48
---
linux (3.16.0-36.48) utopic; urgency=low
[ Luis Henriques ]
* Release Tracking Bug
- LP: #1443946
* Merged back Ubuntu-3.16.0-34.47 security release
linux (3.16.0-35.46) utopic; urgency=low
[ Brad Figg ]
*
This bug was fixed in the package linux - 3.16.0-36.48
---
linux (3.16.0-36.48) utopic; urgency=low
[ Luis Henriques ]
* Release Tracking Bug
- LP: #1443946
* Merged back Ubuntu-3.16.0-34.47 security release
linux (3.16.0-35.46) utopic; urgency=low
[ Brad Figg ]
*
This bug was fixed in the package linux - 3.13.0-51.84
---
linux (3.13.0-51.84) trusty; urgency=low
[ Luis Henriques ]
* Release Tracking Bug
- LP: #1444141
* Merged back Ubuntu-3.13.0-49.83 security release
linux (3.13.0-50.82) trusty; urgency=low
[ Brad Figg ]
*
This bug was fixed in the package linux - 3.13.0-51.84
---
linux (3.13.0-51.84) trusty; urgency=low
[ Luis Henriques ]
* Release Tracking Bug
- LP: #1444141
* Merged back Ubuntu-3.13.0-49.83 security release
linux (3.13.0-50.82) trusty; urgency=low
[ Brad Figg ]
*
stef: can you please check after you observe the problem if your key quota is
not exceeded? You may do this with:
$ sudo cat /proc/key-users
This fix is known to solve the expired keys problem, but if the cause of
the issue you are experiencing is the capacity of the key quota you may
have to
I have tried yesterday the image linux-image-3.13.0-51-generic for Precise
(linux-signed-image-generic-lts-trusty 3.13.0.51.44).
With no luck. I have again after some time the userid 4294967294 in shown for a
lot of files and users.
So the problem seams unfixed for me.
Stef
--
You received
This bug is awaiting verification that the kernel in -proposed solves
the problem. Please test the kernel and update this bug with the
results. If the problem is solved, change the tag 'verification-needed-
utopic' to 'verification-done-utopic'.
If verification is not done by 5 working days from
This bug is awaiting verification that the kernel in -proposed solves
the problem. Please test the kernel and update this bug with the
results. If the problem is solved, change the tag 'verification-needed-
trusty' to 'verification-done-trusty'.
If verification is not done by 5 working days from
Thanks for the fix.
Is there also a linux-image-generic-lts-trusty (for 12.04LTS )test kernel
available?
Stef
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1124250
Title:
Partially
The fix has been tagged as:
- Ubuntu-3.13.0-50.82 for Trusty
- Ubuntu-3.16.0-35.46 for Utopic
I don't see those version available in -updates yet, so please give it
some more time to be release.
Thanks!
--
You received this bug notification because you are a member of Kernel
Packages, which is
Ah, excellent. That release is in the kernel-team PPA - that'll do for
the moment!
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1124250
Title:
Partially incorrect uid mapping with
Is there an ETA on including this in the main repos? I notice there's
been a kernel update since Dariusz's patched kernel but it looks like
this fix wasn't included.
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
** Changed in: linux (Ubuntu Utopic)
Status: In Progress = Fix Committed
** Changed in: linux (Ubuntu Trusty)
Status: In Progress = Fix Committed
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
** Changed in: linux (Ubuntu Utopic)
Status: Won't Fix = In Progress
** Changed in: linux (Ubuntu Trusty)
Status: Won't Fix = In Progress
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
Moving linux tracks back to In Progress due different solution.
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1124250
Title:
Partially incorrect uid mapping with nfs4/idmapd/ldap-auth
** Description changed:
+ [Impact]
+
+ * This bug is likely to cause an incorrect UID/GID mapping for NFS
+ shares in case of large numbers of differend UIDs/GIDs or in case of
+ expired UID/GID mappings (stored as keys in the kernel).
+
+ [Test Case]
+
+ 1. Setup a nfs4 server exporting
** No longer affects: nfs-utils (Ubuntu)
** No longer affects: nfs-utils (Ubuntu Trusty)
** No longer affects: nfs-utils (Ubuntu Utopic)
** Changed in: linux (Ubuntu Trusty)
Assignee: (unassigned) = Dariusz Gadomski (dgadomski)
** Changed in: linux (Ubuntu Utopic)
Assignee:
@Dariusz: As I have similar problems with the HWE-Kernel of trusty for my
precise installation, is it possible for ayou to build the fixed kernel also
for trusty?
Or is there a plan to include the patch in the official trusty kernel?
I have tried your trusty-kernel, but I was not able to load
** Changed in: nfs-utils (Debian)
Status: Confirmed = Fix Released
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1124250
Title:
Partially incorrect uid mapping with
** Changed in: nfs-utils (Debian)
Status: Incomplete = Confirmed
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1124250
Title:
Partially incorrect uid mapping with
Carl, I have backported the fixes to trusty kernel. Could you please
give them a try in your environment?
The build is available in my PPA (ppa:dgadomski/kernel-nfs).
Thanks!
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in
The fixes for the problem I was seeing related to this bug are in Linux
3.18:
https://lkml.org/lkml/2014/12/7/202
(by David Howells).
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
I believe this is the commit in question:
https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=0b0a84154eff56913e91df29de5c3a03a0029e38
Looks like a good canditate for considering a cherry-pick.
--
You received this bug notification because you are a member of Kernel
Hello Bryan,
The commit that has fixed this was
https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=738c5d190f6540539a04baf36ce21d46b5da04bd
I think we can make use of it.
--
You received this bug notification because you are a member of Kernel
Packages, which is
@Dariusz
My understanding is that we can't backport a config change (say to
trusty). Since that was done upstream won't it just hit vivid in it's
own time? In the mean time, this is configurable so a user can change
their config in trusty.
--
You received this bug notification because you are
@Bryan
Yes, you're right. It should hit vivid and since it is already
configurable by sysctl there is no point in backporting.
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1124250
It turns out in 3.17rc4 the root_maxkeys/bytes were greatly increased
which is actually what solved my issue.. Sorry for the noise.
Raw notes:
with key utils - 3.17.rc7 - main issue gone, nogroup is now 4294967294
without key utils - 3.17-rc7 - main issue gone, nogroup is fine too
all rest
Works for original case, except nogroup now returns 4294967294, will
ping list with results..
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1124250
Title:
Partially incorrect uid
Or not.. it seems my issue was fixed somewhere between 3.13 and
3.17rc7...
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1124250
Title:
Partially incorrect uid mapping with
I think this patch:
http://article.gmane.org/gmane.linux.nfs/67156
is another fix for this bug. I'm sure it is more elegant than mine. @Bryan:
perhaps you could test it?
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
Status changed to 'Confirmed' because the bug affects multiple users.
** Changed in: nfs-utils (Ubuntu Trusty)
Status: New = Confirmed
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
@carlh
Ah, your kernel patch also fixes the case where the key cache get's filled.
(Which is my issue)
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1124250
Title:
Partially
Bryan: AFAICS the thing is that keyutils changes things so that the
id_resolv uid:user@fqdn keys never expire. Without it, they expire
after 10 minutes, and that triggers the bug which my kernel patch
fixes.
--
You received this bug notification because you are a member of Kernel
Packages,
Interesting.. keyutils doesn't seem to help in my case.I'm running
ls on the ~27000 user accounts home directory..
I don't understand why this would help... all nfsidmap would do is clear
it once, and then it can fill up again/expire again.
--
You received this bug notification because you
Hi Michael,
Thanks... installing keyutils seems to work for me too (without the
kernel patch). I haven't investigated too closely, but it looks like
the two fixes are sort-of equivalent. The userspace fix is far more
appealing, though!
--
You received this bug notification because you are a
I am not entirely sure if this is 100%ly related to this bug, but let me
tell you my story here (contains another workaround):
I was also experiencing the problem of frequently having my files owned by
4294967294.
Setup is Ubuntu 14.04 with automounted nfs4/kerberos homes, the NFS server is
For anyone following at home:
http://www.spinics.net/lists/linux-nfs/msg47185.html
@Carl, For the future, it's probably better to use
https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/ at
least when you're pushing upstream. It does help a lot for possibly
SRUing to know that it
Hi Bryan, I'm glad it's working, thanks for the report. No response on
LKML yet; here's the message:
https://lkml.org/lkml/2014/9/30/435
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
nfs_patch2.patch works for me w/ ~27000 home directory setup. Thanks!
Please do link to the lkml if you can (might take a few days to appear).
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
Actually, I think this patch is a bit less invasive. I'll submit to the
mainline kernel list and pick up my fire extinguisher ;)
** Patch added: nfs_patch2.patch
https://bugs.launchpad.net/ubuntu/+source/nfs-utils/+bug/1124250/+attachment/4220337/+files/nfs_patch2.patch
--
You received
I have poked at this a bit. On my system, running this:
#!/bin/bash
while [ 1 ]; do
touch foo
test=`ls -lh foo | grep -v c.hetherington`
if [ $test == ]; then
echo OOPS
echo $test
fi
sleep 1s
rm foo
done
prints OOPS exactly 10 minutes after the first resolution of my
The attached patch is a hack (to Ubuntu's 3.13.0 as shipped with 14.04)
which seems to help here. I am no kernel developer, but maybe it will
help to describe the problem and suggest a proper solution.
** Patch added:
0001-Invalidate-expired-keys-when-they-are-requested-in-o.patch
The attachment 0001-Invalidate-expired-keys-when-they-are-requested-
in-o.patch seems to be a patch. If it isn't, please remove the patch
flag from the attachment, remove the patch tag, and if you are a
member of the ~ubuntu-reviewers, unsubscribe the team.
[This is an automated message
** Also affects: nfs-utils (Ubuntu Trusty)
Importance: Undecided
Status: New
** Also affects: linux (Ubuntu Trusty)
Importance: Undecided
Status: New
** Also affects: nfs-utils (Ubuntu Utopic)
Importance: Undecided
Assignee: Dariusz Gadomski (dgadomski)
Status:
** Changed in: linux (Ubuntu Utopic)
Status: Confirmed = Won't Fix
** Changed in: linux (Ubuntu Trusty)
Status: New = Won't Fix
** Changed in: linux (Ubuntu Trusty)
Importance: Undecided = Low
--
You received this bug notification because you are a member of Kernel
Packages,
The ubuntu kernel uses the same values as the upstream kernel in regards
to these values. They are tunable for exactly this kind of case.
I brought this case up with the Ubuntu Kernel team, and unfortunately
due to the fact that this could potentially be used in a memory-
exhaustion, denial of
@Carl Hetherington
Your patch is interesting. Please submit it to the mainline kernel, and
to stable if you feel it deserves to go into stable. Once it hits
stable it will then likely get picked up by the Ubuntu 3.13 kernel.
--
You received this bug notification because you are a member of
** Also affects: linux (Ubuntu)
Importance: Undecided
Status: New
** Changed in: linux (Ubuntu)
Status: New = Confirmed
** Changed in: linux (Ubuntu)
Importance: Undecided = Low
--
You received this bug notification because you are a member of Kernel
Packages, which is
68 matches
Mail list logo