Bug 735477

Summary: nfs4_getfacl decoding causes kernel oops
Product: Red Hat Enterprise Linux 5 Reporter: Steve Dickson <steved>
Component: kernelAssignee: Steve Dickson <steved>
Status: CLOSED ERRATA QA Contact: Jian Li <jiali>
Severity: high Docs Contact:
Priority: unspecified    
Version: 5.8CC: androsadamson, ccui, eguan, jiali, jlayton, kmcmartin, kzhang, nmurray, ricardo.labiaga, rwheeler, steved
Target Milestone: rcKeywords: Regression
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: kernel-2.6.18-289.el5 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: 723650 Environment:
Last Closed: 2012-02-21 03:55:06 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 723650    
Bug Blocks:    

Description Steve Dickson 2011-09-02 18:23:24 UTC 
+++ This bug was initially created as a clone of Bug #723650 +++

Description of problem:  nfs4_getfacl decoding causes a kernel Oops when a server, for instance OnTap C-Mode, returns more than 2 GETATTR bitmap words in response to the FATTR4_ACL attribute request.

NOTE: While the NFS client only asks for one attribute (FATTR4_ACL) in the first bitmap word, the NFSv4 protocol allows for the server to return unbounded bitmaps, so the server returning more than two bitmap words (C-Mode OnTap returns 3, the last two being zero) is not a server bug.

Version-Release number of selected component (if applicable): All active NFS clients are affected. (RHEL5 RHEL6...)


How reproducible: 100% with OnTap C-Mode, or other server that returns more than 2 GETATTR FATTR4_ACL bitmap words.


Steps to Reproduce:
1. Mount C-Mode OnTap
2. run nfs4_getfacl on an exported file
3.
  
Actual results:

Either Kernel Oops in xdr_shrink_bufhead() BUG_ON, or a segmentation fault in libc. The ACL is not displayed.


Expected results:

The ACL should be displayed.


Additional info:

There is a fix for RHEL6:

commit e5012d1f3861d18c7f3814e757c1c3ab3741dbcd
Author: Andy Adamson <andros>
Date:   Mon Jul 11 17:17:42 2011 -0400

--- Additional comment from pm-rhel on 2011-07-20 14:39:45 EDT ---

This request was evaluated by Red Hat Product Management for inclusion
in a Red Hat Enterprise Linux maintenance release. Product Management has 
requested further review of this request by Red Hat Engineering, for potential
inclusion in a Red Hat Enterprise Linux Update release for currently deployed 
products. This request is not yet committed for inclusion in an Update release.

--- Additional comment from pm-rhel on 2011-07-20 15:31:31 EDT ---

This bugzilla has Keywords: Regression or TestBlocker.

Since no regressions or test blockers are allowed between releases,
it is also being [proposed|marked] as a blocker for this release.

Please resolve ASAP.

--- Additional comment from kmcmartin on 2011-07-20 15:51:32 EDT ---

Shuffling to POST.

--- Additional comment from kmcmartin on 2011-07-27 09:16:07 EDT ---

Patch(es) available on kernel-2.6.32-172.el6

--- Additional comment from kmcmartin on 2011-07-27 09:17:15 EDT ---

List of patches present on kernel-2.6.32-172.el6:
Related patch: http://patchwork.usersys.redhat.com/patch/37799
Related patch: http://patchwork.usersys.redhat.com/patch/37803
Related patch: http://patchwork.usersys.redhat.com/patch/37800
Related patch: http://patchwork.usersys.redhat.com/patch/37801

--- Additional comment from jiali on 2011-07-31 22:43:31 EDT ---

set qa_ack+, according to Andy's Description.

--- Additional comment from errata-xmlrpc on 2011-08-11 15:31:36 EDT ---

Bug report changed to ON_QA status by Errata System.
A QE request has been submitted for advisory RHBA-2011:11485-02
http://errata.devel.redhat.com/errata/show/11485

--- Additional comment from errata-xmlrpc on 2011-08-11 15:31:38 EDT ---

Bug report changed to ON_QA status by Errata System.
A QE request has been submitted for advisory RHBA-2011:11485-02
http://errata.devel.redhat.com/errata/show/11485

--- Additional comment from jiali on 2011-08-22 23:08:23 EDT ---

Hi Steve,
Could u pls tell how to setup an envir to test this bug? I don't understand "server that returns more than 2 GETATTR FATTR4_ACL bitmap words" without NETAPP's support?
Can we add xattr manually to create a second ATTR4_ACL data?

Thanks

--- Additional comment from androsadamson on 2011-09-02 13:44:58 EDT ---

You could test using pynfs4.1 by ensuring that the pynfs4.1 server returns a 3 word bitmap to the GETATTR FATTR4_ACL return with the second two bitmap words set to zero. This will trigger the bug.

-->Andy
Comment 2 RHEL Program Management 2011-09-02 18:39:36 UTC 
This request was evaluated by Red Hat Product Management for inclusion in a Red
Hat Enterprise Linux maintenance release.  Product Management has requested
further review of this request by Red Hat Engineering, for potential
inclusion in a Red Hat Enterprise Linux Update release for currently deployed
products.  This request is not yet committed for inclusion in an Update
release.
Comment 3 Jeff Layton 2011-10-10 15:50:15 UTC 
Note that I did not officially NAK this patch, but I have a hard time understanding how this is a real fix for anything. I asked a question in the rhel6 version of this BZ:

https://bugzilla.redhat.com/show_bug.cgi?id=723650#c13

...until that's answered, I can't ack this patch.
Comment 5 Jarod Wilson 2011-10-14 18:30:07 UTC 
Patch(es) available in kernel-2.6.18-289.el5
You can download this test kernel (or newer) from http://people.redhat.com/jwilson/el5
Detailed testing feedback is always welcomed.
Comment 7 errata-xmlrpc 2012-02-21 03:55:06 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHSA-2012-0150.html