Red Hat Bugzilla – Bug 669065
Segfault in nfs-utils 1.2.3 - remote rpc.mountd crash possible
Last modified: 2011-04-14 14:00:38 EDT
Created attachment 473061 [details]
Patch for nfs-utils 1.2.3 for fixing segfault.
Description of problem:
It is possible to crash rpc.mountd remotely.
Version-Release number of selected component (if applicable):
Always while mounting nfs share using nfs v2 or v3.
Steps to Reproduce:
1. server# rpc.mountd -F -d all
2. host# showmount -a server
3. host# mount -t nfs server:/tmp/nfs /mnt/nfs2 -o nfsvers=3,nolock
4. host# umount /mnt/nfs2
5. host# mount -t nfs server:/tmp/nfs /mnt/nfs2 -o nfsvers=3,nolock
6. host# showmount -a server
After spawning showmount for the second time (at step 6) - rpc.mountd crashes with segfault (on the nfs-server side).
Showmount should return list of mounted shares and rpc.mountd shouldn't crash.
After analyses of nfs-utils source - I think the problem lies in mountlist_list() procedure where "mlist" variable should be NULL-ed after invocation of mountlist_freeall(mlist);
I attached patch for fix it.
Can anyone confirm that this patch fixes it correctly?
Fixed in nfs-utils-1.2.3-2.fc14
I've checked nfs-utils-1.2.3-2.fc14 and I'm afraid the problem still exist for me - I mean it is still possible to crash rpc.mountd remotely.
I've tested both: nfs-utils-1.2.3-2.fc14 binary package and recompiled src package several times and the reaction is the same - segfault.
I upgraded nfs-utils to the newest nfs-utils-1.2.3-4.fc14 and still buggy...
Could you please try the nfs-utils in the following scratch build:
If it does fix the problem, I'll push it out asap... tia...
Yes - it fixes the bug - there is no segfault now.
I tested both: your binary nfs-utils-1.2.3-5 i686 package and recompiled on my own from your src.rpm.
Both of them work.
nfs-utils-1.2.3-5.fc14 has been submitted as an update for Fedora 14.
nfs-utils-1.2.3-5.fc14 has been pushed to the Fedora 14 testing repository. If problems still persist, please make note of it in this bug report.
If you want to test the update, you can install it with
su -c 'yum --enablerepo=updates-testing update nfs-utils'. You can provide feedback for this update here: https://admin.fedoraproject.org/updates/nfs-utils-1.2.3-5.fc14
nfs-utils-1.2.3-5.fc14 has been pushed to the Fedora 14 stable repository. If problems still persist, please make note of it in this bug report.
I've a similar problem with nfs-utils-1.2.3-5.fc14 (x86_64). After a remote
nfs mount request from a client, the nfs-server will not even see
ssh requests let alone satisfying any mount request. There is no message
in /var/log/messages. I've tried this on 3 servers now, same result.
On one occasion, one of the server was in the middle of a yum update
and the remote client mount request actually stopped net access for the yum.
Re-installed one of the server to f13, and no more problem. Tried the
f13 nfs-utils on the f14 servers, no luck after a reboot. I even tried
the nfs-utils from f15, still no luck. Disabled "Defaultvers=3" in
etc/nfsmount.conf, still no luck. I do admit nfs-utils-1.2.3-5.fc14 used
to work with "Defaultvers=4" at the beginning with remote client nfs mount.
Now nfs requests are not successful with no error message. Before,
it may "timeout" from the "stuck" in an hour or so. Any suggestion besides
re-install to f13 ? Thanks in advance.