Bug 2149394

Summary: umount outputs inaccurate error message when umount() fails with EACCES
Product: Red Hat Enterprise Linux 8 Reporter: Frank Sorenson <fsorenso>
Component: util-linuxAssignee: Karel Zak <kzak>
Status: CLOSED ERRATA QA Contact: Radka Brychtova <rskvaril>
Severity: low Docs Contact:
Priority: unspecified    
Version: 8.6CC: dwysocha
Target Milestone: rcKeywords: Triaged
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: util-linux-2.32.1-40.el8 Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2023-05-16 09:12:29 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Frank Sorenson 2022-11-29 19:37:04 UTC 
Description of problem:

When umount() fails with EACCES, libmount returns the error string "block devices are not permitted on filesystem", regardless of the reason for the EACCES (i.e. the filesystem to be unmounted may have nothing to do with block devices).

This is misleading in cases where umount() returns EACCES for a different reason.

In this particular case, unmounting an nfs mount which is no longer exported to the client system may return a permission error from the server, resulting in umount() returning EACCES.



Version-Release number of selected component (if applicable):

util-linux-2.32.1-39.el8_7
(really, all versions of util-linux, including upstream)


How reproducible:

with certain nfs servers, easy
RHEL nfs server does not return the error which leads to the EACCES


Steps to Reproduce:

using a particular nfs server (customer reported the issue with a NetApp nfs server; RHEL will not reproduce the error):

on nfs server:
    /etc/exports:
	/exports *(rw,no_root_squash)

on nfs client:
    # mount server:/exports /mnt -overs=4.2,sec=sys

on nfs server, change /etc/exports and re-export:
    /etc/exports:
	#/exports *(rw,no_root_squash)
	/exports some_other_hostname(rw,no_root_squash)

    (filesystem is still exported, but not to this nfs client)

on nfs client:
    # umount /mnt
    /mnt: block devices are not permitted on filesystem.



Actual results:

error message is "block devices are not permitted on filesystem."



Expected results:

the error message is more accurate with respect to the actual problem being experienced



Additional info:

an strace indicates that umount() failed with EACCES:

	15:40:18.941193 umount2("/mnt", 0) = -1 EACCES (Permission denied) <0.000656>

and the error message is determined here:

libmount/src/context_umount.c
int mnt_context_get_umount_excode(
                        struct libmnt_context *cxt,
                        int rc,
                        char *buf,
                        size_t bufsz)
{
...
        /*
         * umount(2) errors
         */
        if (buf) {
                int syserr = mnt_context_get_syscall_errno(cxt);

                switch (syserr) {
...
                case EACCES:
                        snprintf(buf, bufsz, _("block devices are not permitted on filesystem"));
                        break;


a packet capture indicates that during the umount(), the nfs client performs a GETATTR call to the server with the filehandle of the directory/filesystem to be unmounted, and the server responds with NFS4ERR_PERM:

16:46:00.846472 IP client.949 > server.nfs: Flags [P.], seq 408:628, ack 365, win 9798, options [nop,nop,TS val 296853323 ecr 1813851030], length 220: NFS request xid 2973536849 216 getattr fh 0,1/53
16:46:00.847151 IP server.nfs > client.949: Flags [P.], seq 365:465, ack 628, win 257, options [nop,nop,TS val 1813851032 ecr 296853323], length 100: NFS reply xid 2973536849 reply ok 96 getattr ERROR: Permission denied

(the RHEL nfs server responds to the request without error)



Note: this BZ is regarding the inaccurate error message.  I will address the issue of the inability to unmount in this condition in a separate BZ against the kernel.
Comment 1 Karel Zak 2023-01-31 07:55:29 UTC 
It would be possible to detect that the problem is related to the network filesystem and, in this case, avoid "block device" in the message. Do you have suggestions for the error message? 

Or maybe we can replace the message with something more human-readable, for example, "filesystem not accessible".
Comment 10 errata-xmlrpc 2023-05-16 09:12:29 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (util-linux bug fix and enhancement update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2023:3054