This service will be undergoing maintenance at 00:00 UTC, 2016-08-01. It is expected to last about 1 hours
Bug 1002385 - NFS filehandle size change from 3.2 results in stack corruption
NFS filehandle size change from 3.2 results in stack corruption
Status: CLOSED CURRENTRELEASE
Product: GlusterFS
Classification: Community
Component: nfs (Show other bugs)
mainline
Unspecified Unspecified
unspecified Severity unspecified
: ---
: ---
Assigned To: santosh pradhan
:
: 893778 (view as bug list)
Depends On:
Blocks: 902857 998649
  Show dependency treegraph
 
Reported: 2013-08-29 01:19 EDT by Anand Avati
Modified: 2015-09-01 19:06 EDT (History)
5 users (show)

See Also:
Fixed In Version: glusterfs-3.5.0
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2014-04-17 07:46:28 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:


Attachments (Terms of Use)

  None (edit)
Description Anand Avati 2013-08-29 01:19:34 EDT
An NFS client presenting a large file handle (either fake or generated by 3.2.x NFS server) results in the corruption of stack, because the new smaller file handle structure is declared on the stack and we copy the large object overflowing the buffer.
Comment 1 Anand Avati 2013-08-29 01:22:08 EDT
REVIEW: http://review.gluster.org/5730 (nfs: prevent NFS server crash when upgrading from 3.2.x server) posted (#1) for review on master by Anand Avati (avati@redhat.com)
Comment 2 Anand Avati 2013-08-29 03:04:16 EDT
REVIEW: http://review.gluster.org/5730 (nfs: prevent NFS server crash when upgrading from 3.2.x server) posted (#2) for review on master by Anand Avati (avati@redhat.com)
Comment 3 Anand Avati 2013-08-29 03:17:36 EDT
REVIEW: http://review.gluster.org/5730 (nfs: prevent NFS server crash when upgrading from 3.2.x server) posted (#3) for review on master by Anand Avati (avati@redhat.com)
Comment 4 Anand Avati 2013-08-29 09:06:42 EDT
COMMIT: http://review.gluster.org/5730 committed in master by Vijay Bellur (vbellur@redhat.com) 
------
commit 3a3441ef7665b5f55a9e2de63ea07173bf0f0db0
Author: Anand Avati <avati@redhat.com>
Date:   Mon Aug 26 21:58:26 2013 -0700

    nfs: prevent NFS server crash when upgrading from 3.2.x server
    
    After an upgrade the NFS3 filehandle size changed (became smaller),
    but when doing a live ugprade the client would send the old handle
    (expect ESTALE and do fresh lookup). But when reading the old
    handle we were reading it into a structure which was limited to the
    size of the new handle, while we should have been reading into a
    buffer which is as big as the NFS3 spec permits the handle size to
    be. The actor functions declare the structure on the stack. So the
    overflow is resulting in a stack corruption.
    
    Change-Id: Ie930875ac9db46b43d1cb8ad1e6d89cdaeded7ca
    BUG: 1002385
    Signed-off-by: Anand Avati <avati@redhat.com>
    Reviewed-on: http://review.gluster.org/5730
    Reviewed-by: Rajesh Joseph <rjoseph@redhat.com>
    Reviewed-by: Niels de Vos <ndevos@redhat.com>
    Tested-by: Gluster Build System <jenkins@build.gluster.com>
Comment 5 santosh pradhan 2013-08-29 14:46:52 EDT
*** Bug 893778 has been marked as a duplicate of this bug. ***
Comment 6 Anand Avati 2013-09-05 06:35:58 EDT
REVIEW: http://review.gluster.org/5804 (nfs: prevent NFS server crash when upgrading from 3.2.x server) posted (#1) for review on release-3.4 by Vijay Bellur (vbellur@redhat.com)
Comment 7 Anand Avati 2013-09-05 11:10:05 EDT
REVIEW: http://review.gluster.org/5804 (nfs: prevent NFS server crash when upgrading from 3.2.x server) posted (#2) for review on release-3.4 by Vijay Bellur (vbellur@redhat.com)
Comment 8 Anand Avati 2013-09-06 00:24:15 EDT
REVIEW: http://review.gluster.org/5804 (nfs: prevent NFS server crash when upgrading from 3.2.x server) posted (#3) for review on release-3.4 by Vijay Bellur (vbellur@redhat.com)
Comment 9 Anand Avati 2013-09-06 03:40:15 EDT
REVIEW: http://review.gluster.org/5804 (nfs: prevent NFS server crash when upgrading from 3.2.x server) posted (#4) for review on release-3.4 by Vijay Bellur (vbellur@redhat.com)
Comment 10 Anand Avati 2013-09-07 10:58:20 EDT
REVIEW: http://review.gluster.org/5804 (nfs: prevent NFS server crash when upgrading from 3.2.x server) posted (#5) for review on release-3.4 by Vijay Bellur (vbellur@redhat.com)
Comment 11 Anand Avati 2013-09-09 20:17:24 EDT
COMMIT: http://review.gluster.org/5804 committed in release-3.4 by Anand Avati (avati@redhat.com) 
------
commit 6e9dbdd6e16cca1e32e7c7e00b2618a837f1c18a
Author: Anand Avati <avati@redhat.com>
Date:   Mon Aug 26 21:58:26 2013 -0700

    nfs: prevent NFS server crash when upgrading from 3.2.x server
    
    After an upgrade the NFS3 filehandle size changed (became smaller),
    but when doing a live ugprade the client would send the old handle
    (expect ESTALE and do fresh lookup). But when reading the old
    handle we were reading it into a structure which was limited to the
    size of the new handle, while we should have been reading into a
    buffer which is as big as the NFS3 spec permits the handle size to
    be. The actor functions declare the structure on the stack. So the
    overflow is resulting in a stack corruption.
    
    Change-Id: Ie930875ac9db46b43d1cb8ad1e6d89cdaeded7ca
    BUG: 1002385
    Signed-off-by: Anand Avati <avati@redhat.com>
    Reviewed-on: http://review.gluster.org/5730
    Reviewed-by: Rajesh Joseph <rjoseph@redhat.com>
    Reviewed-by: Niels de Vos <ndevos@redhat.com>
    Tested-by: Gluster Build System <jenkins@build.gluster.com>
    Reviewed-on: http://review.gluster.org/5804
    Reviewed-by: Kaleb KEITHLEY <kkeithle@redhat.com>
Comment 12 Niels de Vos 2014-04-17 07:46:28 EDT
This bug is getting closed because a release has been made available that should address the reported issue. In case the problem is still not fixed with glusterfs-3.5.0, please reopen this bug report.

glusterfs-3.5.0 has been announced on the Gluster Developers mailinglist [1], packages for several distributions should become available in the near future. Keep an eye on the Gluster Users mailinglist [2] and the update infrastructure for your distribution.

[1] http://thread.gmane.org/gmane.comp.file-systems.gluster.devel/6137
[2] http://thread.gmane.org/gmane.comp.file-systems.gluster.user

Note You need to log in before you can comment on or make changes to this bug.