Bug 722257

Summary: NFS readdirs losing their cookies
Product: Red Hat Enterprise Linux 6 Reporter: Steve Dickson <steved>
Component: kernelAssignee: Red Hat Kernel Manager <kernel-mgr>
Status: CLOSED ERRATA QA Contact: Jian Li <jiali>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 6.2CC: eguan, jiali, kzhang, nmurray, rwheeler
Target Milestone: rcKeywords: Regression
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: kernel-2.6.32-182.el6 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2011-12-06 13:52:08 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:

Description Steve Dickson 2011-07-14 18:45:01 UTC 
Description of problem:

It turns out there has been a fairly long standing bug
in the v3 and v2 readdir paths that causes a readdir loop
because the xdr decoding routines would lose a cookie.

The readdir loop was detached and recovered by the
patches in bz720712. The loop was cause when a 
file name length did not end up on a 4-byte alignment 
it would cause the xdr routines blow by the next cookie.


Version-Release number of selected component (if applicable):
The problme was first seen on a -157 kernel.

How reproducible:
Somewhat... 



Steps to Reproduce:
1. mount -o v3 homedirs.bos.redhat.com:/vol/data/home/boston /home/tmp/
2. ls /home/tmp/jmoyer/News/drafts/drafts
3.
Comment 1 RHEL Program Management 2011-07-14 19:00:50 UTC 
This request was evaluated by Red Hat Product Management for inclusion
in a Red Hat Enterprise Linux maintenance release. Product Management has 
requested further review of this request by Red Hat Engineering, for potential
inclusion in a Red Hat Enterprise Linux Update release for currently deployed 
products. This request is not yet committed for inclusion in an Update release.
Comment 2 Jian Li 2011-07-28 09:58:38 UTC 
qa_ack+ , according to Steve's explanation.
Comment 3 Aristeu Rozanski 2011-08-07 16:34:27 UTC 
Patch(es) available on kernel-2.6.32-182.el6
Comment 6 Jian Li 2011-09-15 11:23:16 UTC 
The bug can't be reproduced, using such test command:

for ((;;)) ; do
  namelen=$(( $RANDOM % 10)); 
  name="a" ; 
  for ((j=0;j<$namelen;j++)) ; do
    name=a$name; 
  done; 
  mkdir $name ; cd $name ;  find /home/tmp/jmoyer; 
done

Take nfsv3 as an example, I haven't find the flaw of the code:

 	p = xdr_decode_hyper(p, &entry->ino);
-	entry->len  = ntohl(*p++);
-	p = xdr_inline_decode(xdr, entry->len + 8);
 	if (unlikely(!p))
 		goto out_overflow;
 	entry->name = (const char *) p;
-	p += XDR_QUADLEN(entry->len);
 	entry->prev_cookie = entry->cookie;
 	p = xdr_decode_hyper(p, &entry->cookie);

because when encoding string, xdr will take space of 4-align-size, even the string's length is not 4-align.

Sanityonly test.
Comment 7 errata-xmlrpc 2011-12-06 13:52:08 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHSA-2011-1530.html