Bug 146703 - NLM (NFSv3) problems when mounting with "sec=krb5"
Summary: NLM (NFSv3) problems when mounting with "sec=krb5"
Status: CLOSED ERRATA
Alias: None
Product: Fedora
Classification: Fedora
Component: kernel
Version: 3
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Dave Jones
QA Contact: Brian Brock
URL:
Whiteboard:
Keywords:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2005-01-31 21:06 UTC by Chuck Lever
Modified: 2015-01-04 22:16 UTC (History)
3 users (show)

(edit)
Clone Of:
(edit)
Last Closed: 2005-02-02 21:45:33 UTC


Attachments (Terms of Use)
Allow NLM to work when mounting with sec=krb5 option (3.09 KB, patch)
2005-01-31 21:10 UTC, Chuck Lever
no flags Details | Diff


External Trackers
Tracker ID Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2005:420 normal SHIPPED_LIVE Important: Updated kernel packages available for Red Hat Enterprise Linux 4 Update 1 2005-06-08 04:00:00 UTC

Description Chuck Lever 2005-01-31 21:06:28 UTC
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.5)
Gecko/20041111 Firefox/1.0

Description of problem:
When mounting an NFS server with NFS version 3 and Kerberos security,
a variety of bad things happen when any application tries to lock or
unlock files on sec=krb5 mounts, such as application hangs and kernel
oopses.

The problem is that kernel NLM tries to use a GSS credential when it
should be using an AUTH_SYS credential.

Note this is also a problem for RHEL 4.0.

Version-Release number of selected component (if applicable):
2.6.10-1.741_FC3

How reproducible:
Always

Steps to Reproduce:
1. Mount a NetApp filer with the sec=krb5 option
2. kinit yourself
3. Run the Connectathon locking tests on that mount    

Actual Results:  Kernel oops or application hangs (sorry, i don't have
the oops output
any more, but you should be able to reproduce some misbehavior using
the steps listed above).



Expected Results:  Connectathon tests should pass with only one warning.

Additional info:

I'll attach a patch that Trond created for 2.6.11-rc2 that fixes this
problem.

Comment 1 Chuck Lever 2005-01-31 21:10:59 UTC
Created attachment 110459 [details]
Allow NLM to work when mounting with sec=krb5 option

This is an equivalent patch to Trond's linux-2.6.11-13-fixup_nlm_auth.dif.

Comment 2 Dave Jones 2005-02-02 05:00:18 UTC
fixed in cvs, will be in the next kernel

thanks Chuck.


Comment 3 Steve Dickson 2005-05-27 01:52:34 UTC
Kernels with the fix in them are in:
ftp://partners.redhat.com/8cd6de3e57442035516b60f12911e067/2.6.9-11.EL/

If possible be give them try to ensure the problem is fixed.




Note You need to log in before you can comment on or make changes to this bug.