Bug 722257 - NFS readdirs losing their cookies
Summary: NFS readdirs losing their cookies
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 6
Classification: Red Hat
Component: kernel
Version: 6.2
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: rc
: ---
Assignee: Red Hat Kernel Manager
QA Contact: Jian Li
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2011-07-14 18:45 UTC by Steve Dickson
Modified: 2014-03-04 00:07 UTC (History)
5 users (show)

Fixed In Version: kernel-2.6.32-182.el6
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2011-12-06 13:52:08 UTC
Target Upstream Version:


Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2011:1530 0 normal SHIPPED_LIVE Moderate: Red Hat Enterprise Linux 6 kernel security, bug fix and enhancement update 2011-12-06 01:45:35 UTC

Description Steve Dickson 2011-07-14 18:45:01 UTC
Description of problem:

It turns out there has been a fairly long standing bug
in the v3 and v2 readdir paths that causes a readdir loop
because the xdr decoding routines would lose a cookie.

The readdir loop was detached and recovered by the
patches in bz720712. The loop was cause when a 
file name length did not end up on a 4-byte alignment 
it would cause the xdr routines blow by the next cookie.


Version-Release number of selected component (if applicable):
The problme was first seen on a -157 kernel.

How reproducible:
Somewhat... 



Steps to Reproduce:
1. mount -o v3 homedirs.bos.redhat.com:/vol/data/home/boston /home/tmp/
2. ls /home/tmp/jmoyer/News/drafts/drafts
3.

Comment 1 RHEL Program Management 2011-07-14 19:00:50 UTC
This request was evaluated by Red Hat Product Management for inclusion
in a Red Hat Enterprise Linux maintenance release. Product Management has 
requested further review of this request by Red Hat Engineering, for potential
inclusion in a Red Hat Enterprise Linux Update release for currently deployed 
products. This request is not yet committed for inclusion in an Update release.

Comment 2 Jian Li 2011-07-28 09:58:38 UTC
qa_ack+ , according to Steve's explanation.

Comment 3 Aristeu Rozanski 2011-08-07 16:34:27 UTC
Patch(es) available on kernel-2.6.32-182.el6

Comment 6 Jian Li 2011-09-15 11:23:16 UTC
The bug can't be reproduced, using such test command:

for ((;;)) ; do
  namelen=$(( $RANDOM % 10)); 
  name="a" ; 
  for ((j=0;j<$namelen;j++)) ; do
    name=a$name; 
  done; 
  mkdir $name ; cd $name ;  find /home/tmp/jmoyer; 
done

Take nfsv3 as an example, I haven't find the flaw of the code:

 	p = xdr_decode_hyper(p, &entry->ino);
-	entry->len  = ntohl(*p++);
-	p = xdr_inline_decode(xdr, entry->len + 8);
 	if (unlikely(!p))
 		goto out_overflow;
 	entry->name = (const char *) p;
-	p += XDR_QUADLEN(entry->len);
 	entry->prev_cookie = entry->cookie;
 	p = xdr_decode_hyper(p, &entry->cookie);

because when encoding string, xdr will take space of 4-align-size, even the string's length is not 4-align.

Sanityonly test.

Comment 7 errata-xmlrpc 2011-12-06 13:52:08 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHSA-2011-1530.html


Note You need to log in before you can comment on or make changes to this bug.