** Description changed: + SRU justification: + + Impact: When trying to mount an export where server and client have no + common authentication method, the client will abort the mount by sending + an advisory unmount message to the server. A bug in the RPC client setup + causes the sunrpc code to access memory outside an allocated array, + which will sooner or later cause the kernel to crash. + + Fix: Patch from upstream (about to be submitted and targeted for stable + too) changes the setup to use the actual array size instead of a + manually entered number. + + Testcase: + + Server exports a mount with an authentication method the client does not support, eg.: + [/etc/exports] /srv/foo *(rw,sec=krb5) + + Client tries to mount this directory with no special authentication method: + while true; do mount <server>:/srv/foo /mnt; sync; sleep 1; done + + --- + Create an automount indirect map entry to a nfs server that will deny the mount with a permission denied error. Create a symlink on some mounted NFS partition pointing at the name of that automount indirect map entry. Chase the symlink with ls, etc. Notice that the automounter tries and fails to mount the partition. (visible with automount -d -f, say) In a few minutes, depending on system activity, the kernel will crash with the symptoms of a memory corruption error.
-- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/683938 Title: kernel crash on symlink chased from NFS to failing automount -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs