Bug 765304 (GLUSTER-3572)

Summary: Nfs crashes if file name is 255 characters or more
Product: [Community] GlusterFS Reporter: Rajesh <rajesh>
Component: nfsAssignee: Rajesh <rajesh>
Status: CLOSED CURRENTRELEASE QA Contact:
Severity: medium Docs Contact:
Priority: high    
Version: 3.2.3CC: aavati, gluster-bugs, krishna, rabhat, rahulcs, saurabh, vagarwal
Target Milestone: ---   
Target Release: ---   
Hardware: x86_64   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: Type: ---
Regression: --- Mount Type: nfs
Documentation: --- CRM:
Verified Versions: 3.2.5qa4 Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Rajesh 2011-09-16 10:50:08 UTC 
When one mounts a volume via Nfs, and tries to work with a filename whose name is more than 254 characters, the gluster Nfs server crashes. Posix standard for NAME_MAX is 255, so gnfs needs to allow 255-char filenames and return an error when it is >= 256 (should'nt crash).

backtrace of the crash:

(gdb) bt
#0  0x00007f6e85de2d05 in raise (sig=6) at ../nptl/sysdeps/unix/sysv/linux/raise.c:64
#1  0x00007f6e85de6ab6 in abort () at abort.c:92
#2  0x00007f6e85e1bd7b in __libc_message (do_abort=2, fmt=0x7f6e85f02b23 "*** %s ***: %s terminated\n") at ../sysdeps/unix/sysv/linux/libc_fatal.c:189
#3  0x00007f6e85ead1d7 in __fortify_fail (msg=0x7f6e85f02aba "buffer overflow detected") at fortify_fail.c:32
#4  0x00007f6e85eac0f0 in __chk_fail () at chk_fail.c:29
#5  0x00007f6e830be3ea in strcpy (nfl=0x7f6e86dd202c, inode=<value optimized out>, parent=0x7f6e8229102c, newparent=0x0, name=0x1143221 'a' <repeats 200 times>..., 
    newname=0x0) at /usr/include/bits/string3.h:105
#6  nfl_inodes_init (nfl=0x7f6e86dd202c, inode=<value optimized out>, parent=0x7f6e8229102c, newparent=0x0, name=0x1143221 'a' <repeats 200 times>..., newname=0x0)
    at nfs-inodes.c:60
#7  0x00007f6e830be51d in nfs_inode_create (nfsx=0x1125190, xl=0x1123fa0, nfu=0x7fff213c2610, pathloc=0x7f6e8175b930, flags=2, mode=420, 
    cbk=0x7f6e830c96d0 <nfs3svc_create_cbk>, local=0x7f6e8175b500) at nfs-inodes.c:128
#8  0x00007f6e830c9acf in nfs3_create_common (cs=0x7f6e8175b500) at nfs3.c:2351
#9  0x00007f6e830c9cc4 in nfs3_create_resume (carg=0x7f6e8175b500) at nfs3.c:2468
#10 0x00007f6e830d300c in nfs3_fh_resolve_entry_lookup_cbk (frame=<value optimized out>, cookie=<value optimized out>, this=<value optimized out>, 
    op_ret=<value optimized out>, op_errno=<value optimized out>, inode=<value optimized out>, buf=0x7fff213c2b70, xattr=0x0, postparent=0x7fff213c2b00)
    at nfs3-helpers.c:2508
#11 0x00007f6e830b79c9 in nfs_fop_lookup_cbk (frame=0x7f6e8502432c, cookie=<value optimized out>, this=<value optimized out>, op_ret=<value optimized out>, 
    op_errno=<value optimized out>, inode=<value optimized out>, buf=0x7fff213c2b70, xattr=0x0, postparent=0x7fff213c2b00) at nfs-fops.c:314
#12 0x00007f6e832fa77b in io_stats_lookup_cbk (frame=0x7f6e8529d434, cookie=<value optimized out>, this=<value optimized out>, op_ret=-1, op_errno=2, inode=0x7f6e822912bc, 
    buf=0x7fff213c2b70, xattr=0x0, postparent=0x7fff213c2b00) at io-stats.c:1415
#13 0x00007f6e8351160e in qr_lookup_cbk (frame=0x7f6e8529d4e0, cookie=<value optimized out>, this=<value optimized out>, op_ret=-1, op_errno=2, inode=0x7f6e822912bc, 
    buf=0x7fff213c2b70, dict=0x0, postparent=0x7fff213c2b00) at quick-read.c:440
#14 0x00007f6e8371db04 in ioc_lookup_cbk (frame=0x7f6e8529d58c, cookie=<value optimized out>, this=<value optimized out>, op_ret=<value optimized out>, op_errno=2, 
    inode=0x7f6e822912bc, stbuf=0x7fff213c2b70, dict=0x0, postparent=0x7fff213c2b00) at io-cache.c:266
#15 0x00007f6e869b12eb in default_lookup_cbk (frame=0x7f6e8529d638, cookie=<value optimized out>, this=<value optimized out>, op_ret=-1, op_errno=<value optimized out>, 
    inode=<value optimized out>, buf=0x7fff213c2b70, dict=0x0, postparent=0x7fff213c2b00) at defaults.c:46
#16 0x00007f6e869b12eb in default_lookup_cbk (frame=0x7f6e8529d6e4, cookie=<value optimized out>, this=<value optimized out>, op_ret=-1, op_errno=<value optimized out>, 
    inode=<value optimized out>, buf=0x7fff213c2b70, dict=0x0, postparent=0x7fff213c2b00) at defaults.c:46
#17 0x00007f6e83d6290b in client3_1_lookup_cbk (req=<value optimized out>, iov=<value optimized out>, count=<value optimized out>, myframe=0x7f6e8529d790)
    at client3_1-fops.c:2235
#18 0x00007f6e86789d35 in rpc_clnt_handle_reply (clnt=0x112a080, pollin=0x112c6e0) at rpc-clnt.c:749
#19 0x00007f6e8678a71f in rpc_clnt_notify (trans=<value optimized out>, mydata=0x112a0b0, event=<value optimized out>, data=<value optimized out>) at rpc-clnt.c:862
#20 0x00007f6e86786cd8 in rpc_transport_notify (this=<value optimized out>, event=<value optimized out>, data=<value optimized out>) at rpc-transport.c:498
#21 0x00007f6e817aa874 in socket_event_poll_in (this=0x112a240) at socket.c:1675
#22 0x00007f6e817aabc7 in socket_event_handler (fd=<value optimized out>, idx=3, data=0x112a240, poll_in=1, poll_out=0, poll_err=<value optimized out>) at socket.c:1790
#23 0x00007f6e869cdc9e in event_dispatch_epoll_handler (event_pool=0x1118370) at event.c:794
#24 event_dispatch_epoll (event_pool=0x1118370) at event.c:856
#25 0x0000000000406678 in main (argc=<value optimized out>, argv=0x7fff213c2ed8) at glusterfsd.c:1592
Comment 1 Rajesh 2011-09-19 12:06:03 UTC 
This happens on the 3.2.3, not in 3.3(master). In master, it fails several posix tests
Comment 2 Anand Avati 2011-09-30 04:40:15 UTC 
CHANGE: http://review.gluster.com/531 (* Posix requires 255 character filenames(NAME_MAX), so) merged in master by Vijay Bellur (vijay)
Comment 3 Anand Avati 2011-10-01 09:55:45 UTC 
CHANGE: http://review.gluster.com/500 (* Posix requires 255 character filenames(NAME_MAX), so) merged in release-3.2 by Vijay Bellur (vijay)
Comment 4 Krishna Srinivas 2011-10-13 11:12:16 UTC 
*** Bug 3717 has been marked as a duplicate of this bug. ***
Comment 5 Krishna Srinivas 2011-10-17 04:29:52 UTC 
*** Bug 3726 has been marked as a duplicate of this bug. ***
Comment 6 Rahul C S 2011-10-18 04:22:38 UTC 
*** Bug 3728 has been marked as a duplicate of this bug. ***
Comment 7 Saurabh 2011-11-02 06:08:54 UTC 
[root@RHEL6 nfs-test]# echo numb-numb-numb-numb-numb-numb-numb-numb-numb-numb-numb-numb-numb-numb-numb-numb-numb-numb-numb-numb-numb-numb-numb-numb-numb-numb-numb-numb-numb-numb-numb-numb-numb-numb-numb-numb-numb-numb-numb-numb-numb-numb-numb-numb-numb-numb-numb-numb-numb-numb-numb- | wc 
      1       1     256