Bug 486756 - nfs server rejecting large writes when sec=krb5i/p is specified
Summary: nfs server rejecting large writes when sec=krb5i/p is specified
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 5
Classification: Red Hat
Component: kernel
Version: 5.4
Hardware: All
OS: Linux
low
medium
Target Milestone: rc
: ---
Assignee: Peter Staubach
QA Contact: Red Hat Kernel QE team
URL:
Whiteboard: cthon09
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2009-02-21 20:28 UTC by Jeff Layton
Modified: 2011-12-13 10:46 UTC (History)
5 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2009-09-02 09:02:16 UTC
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)
binary wireshark capture (8.22 KB, application/octet-stream)
2009-02-21 20:31 UTC, Jeff Layton 		no flags Details
patch -- change conditional on length check (2.33 KB, patch)
2009-02-22 22:11 UTC, Jeff Layton 		no flags Details | Diff
Proposed patch (1.19 KB, patch)
2009-04-21 18:01 UTC, Peter Staubach 		no flags Details | Diff
Show Obsolete (1) View All


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2009:1243 0 normal SHIPPED_LIVE Important: Red Hat Enterprise Linux 5.4 kernel security and bug fix update 2009-09-01 08:53:34 UTC

Description Jeff Layton 2009-02-21 20:28:40 UTC 
This is a server side problem. Mount up an export with sec=krb5i:

    # mount -t nfs -o sec=krb5i server:/export /mnt/server

...now, do a large write. I used test5 from connectathon suite:

    # cd /mnt/server
    # env NFSTESTDIR=`pwd` strace /root/cthon04/basic/test5 -s

relevant strace info:

open("bigfile", O_WRONLY|O_CREAT|O_TRUNC|O_SYNC, 0666) = 3
stat("bigfile", {st_mode=S_IFREG|0666, st_size=0, ...}) = 0
write(3, "\0\0\0\0\1\0\0\0\2\0\0\0\3\0\0\0\4\0\0\0\5\0\0\0\6\0\0\0\7\0\0\0\10"..., 8192) = -1 EIO (Input/output error)

...the capture shows that the server had a problem decoding the args:

    Accept State: procedure can't decode params (4)

...this happens on all versions of nfs and when sec=krb5i or krb5p is used. sec=krb5 seems to be unaffected.
Comment 1 Jeff Layton 2009-02-21 20:31:12 UTC 
Created attachment 332830 [details]
binary wireshark capture

Binary capture of the problem. See frames 53 and 54.
Comment 2 RHEL Program Management 2009-02-21 20:49:54 UTC 
This request was evaluated by Red Hat Product Management for inclusion in a Red
Hat Enterprise Linux maintenance release.  Product Management has requested
further review of this request by Red Hat Engineering, for potential
inclusion in a Red Hat Enterprise Linux Update release for currently deployed
products.  This request is not yet committed for inclusion in an Update
release.
Comment 3 Jeff Layton 2009-02-21 23:33:35 UTC 
Reassigning to Peter...

I backed out the patch for bug 228854 and this problem went away. For reference, this is commit 7880f3a898df1feefd7f43458be3d18aedde7765 in dzickus' git tree.
Comment 4 Jeff Layton 2009-02-22 22:11:15 UTC 
Created attachment 332876 [details]
patch -- change conditional on length check

This patch is backported from upstream and seems to fix the problem.
Comment 5 Peter Staubach 2009-04-21 18:01:38 UTC 
Created attachment 340595 [details]
Proposed patch

Here is the patch as ported to RHEL-5.
Comment 6 Don Zickus 2009-04-27 15:59:38 UTC 
in kernel-2.6.18-141.el5
You can download this test kernel from http://people.redhat.com/dzickus/el5

Please do NOT transition this bugzilla state to VERIFIED until our QE team
has sent specific instructions indicating when to do so.  However feel free
to provide a comment indicating that this fix has been verified.
Comment 9 errata-xmlrpc 2009-09-02 09:02:16 UTC 
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on therefore solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHSA-2009-1243.html
Note You need to log in before you can comment on or make changes to this bug.