Bug 669065

Summary: Segfault in nfs-utils 1.2.3 - remote rpc.mountd crash possible
Product: [Fedora] Fedora Reporter: sdrb
Component: nfs-utilsAssignee: Steve Dickson <steved>
Status: CLOSED ERRATA QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: medium Docs Contact:
Priority: low    
Version: 14CC: jlayton, steved, syang
Target Milestone: ---Keywords: Reopened
Target Release: ---   
Hardware: Unspecified   
OS: Linux   
Fixed In Version: nfs-utils-1.2.3-5.fc14 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2011-02-03 15:24:41 EST Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---
Description Flags
Patch for nfs-utils 1.2.3 for fixing segfault. none

Description sdrb 2011-01-12 10:43:21 EST
Created attachment 473061 [details]
Patch for nfs-utils 1.2.3 for fixing segfault.

Description of problem:
It is possible to crash rpc.mountd remotely.

Version-Release number of selected component (if applicable):

How reproducible:
Always while mounting nfs share using nfs v2 or v3.

Steps to Reproduce:

1. server# rpc.mountd -F -d all
2. host# showmount -a server
3. host# mount -t nfs server:/tmp/nfs /mnt/nfs2 -o nfsvers=3,nolock
4. host# umount /mnt/nfs2 
5. host# mount -t nfs server:/tmp/nfs /mnt/nfs2 -o nfsvers=3,nolock
6. host# showmount -a server

Actual results:

After spawning showmount for the second time (at step 6) - rpc.mountd crashes with segfault (on the nfs-server side).

Expected results:

Showmount should return list of mounted shares and rpc.mountd shouldn't crash.

Additional info:

After analyses of nfs-utils source - I think the problem lies in mountlist_list() procedure where "mlist" variable should be NULL-ed after invocation of mountlist_freeall(mlist);
I attached patch for fix it.

Can anyone confirm that this patch fixes it correctly?
Comment 1 Steve Dickson 2011-01-14 17:36:47 EST
Fixed in nfs-utils-1.2.3-2.fc14
Comment 2 sdrb 2011-01-15 07:04:59 EST
I've checked nfs-utils-1.2.3-2.fc14 and I'm afraid the problem still exist for me - I mean it is still possible to crash rpc.mountd remotely.

I've tested both: nfs-utils-1.2.3-2.fc14 binary package and recompiled src package several times and the reaction is the same - segfault.
Comment 3 sdrb 2011-01-25 09:37:03 EST
I upgraded nfs-utils to the newest nfs-utils-1.2.3-4.fc14 and still buggy...
Comment 4 Steve Dickson 2011-01-25 11:16:40 EST
Could you please try the nfs-utils in the following scratch build:

If it does fix the problem, I'll push it out asap... tia...
Comment 5 sdrb 2011-01-26 02:38:08 EST
Yes - it fixes the bug - there is no segfault now.

I tested both: your binary nfs-utils-1.2.3-5 i686 package and recompiled on my own from your src.rpm.
Both of them work.
Thank you.
Comment 6 Fedora Update System 2011-01-26 07:47:40 EST
nfs-utils-1.2.3-5.fc14 has been submitted as an update for Fedora 14.
Comment 7 Fedora Update System 2011-01-26 15:54:01 EST
nfs-utils-1.2.3-5.fc14 has been pushed to the Fedora 14 testing repository.  If problems still persist, please make note of it in this bug report.
 If you want to test the update, you can install it with 
 su -c 'yum --enablerepo=updates-testing update nfs-utils'.  You can provide feedback for this update here: https://admin.fedoraproject.org/updates/nfs-utils-1.2.3-5.fc14
Comment 8 Fedora Update System 2011-02-03 15:24:36 EST
nfs-utils-1.2.3-5.fc14 has been pushed to the Fedora 14 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 9 syang 2011-04-14 14:00:38 EDT
I've a similar problem with nfs-utils-1.2.3-5.fc14 (x86_64). After a remote
nfs mount request from a client, the nfs-server will not even see
ssh requests let alone satisfying any mount request. There is no message
in /var/log/messages. I've tried this on 3 servers now, same result.
On one occasion, one of the server was in the middle of a yum update
and the remote client mount request actually stopped net access for the yum.
Re-installed one of the server to f13, and no more problem. Tried the
f13 nfs-utils on the f14 servers, no luck after a reboot. I even tried
the nfs-utils from f15, still no luck. Disabled "Defaultvers=3" in
etc/nfsmount.conf, still no luck. I do admit nfs-utils-1.2.3-5.fc14 used
to work with "Defaultvers=4" at the beginning with remote client nfs mount.
Now nfs requests are not successful with no error message. Before,
it may "timeout" from the "stuck" in an hour or so. Any suggestion besides
re-install to f13 ? Thanks in advance.