722257 – NFS readdirs losing their cookies

Bug 722257 - NFS readdirs losing their cookies

Summary: NFS readdirs losing their cookies

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Red Hat Enterprise Linux 6
Classification:	Red Hat
Component:	kernel
Sub Component:
Version:	6.2
Hardware:	Unspecified
OS:	Unspecified
Priority:	unspecified
Severity:	unspecified
Target Milestone:	rc
Target Release:	---
Assignee:	Red Hat Kernel Manager
QA Contact:	Jian Li
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2011-07-14 18:45 UTC by Steve Dickson
Modified:	2014-03-04 00:07 UTC (History)
CC List:	5 users (show)
Fixed In Version:	kernel-2.6.32-182.el6
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2011-12-06 13:52:08 UTC
Target Upstream Version:

Attachments	(Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHSA-2011:1530	0	normal	SHIPPED_LIVE	Moderate: Red Hat Enterprise Linux 6 kernel security, bug fix and enhancement update	2011-12-06 01:45:35 UTC

Description Steve Dickson 2011-07-14 18:45:01 UTC

Description of problem:

It turns out there has been a fairly long standing bug
in the v3 and v2 readdir paths that causes a readdir loop
because the xdr decoding routines would lose a cookie.

The readdir loop was detached and recovered by the
patches in bz720712. The loop was cause when a 
file name length did not end up on a 4-byte alignment 
it would cause the xdr routines blow by the next cookie.


Version-Release number of selected component (if applicable):
The problme was first seen on a -157 kernel.

How reproducible:
Somewhat... 



Steps to Reproduce:
1. mount -o v3 homedirs.bos.redhat.com:/vol/data/home/boston /home/tmp/
2. ls /home/tmp/jmoyer/News/drafts/drafts
3.

Comment 1 RHEL Program Management 2011-07-14 19:00:50 UTC

This request was evaluated by Red Hat Product Management for inclusion
in a Red Hat Enterprise Linux maintenance release. Product Management has 
requested further review of this request by Red Hat Engineering, for potential
inclusion in a Red Hat Enterprise Linux Update release for currently deployed 
products. This request is not yet committed for inclusion in an Update release.

Comment 2 Jian Li 2011-07-28 09:58:38 UTC

qa_ack+ , according to Steve's explanation.

Comment 3 Aristeu Rozanski 2011-08-07 16:34:27 UTC

Patch(es) available on kernel-2.6.32-182.el6

Comment 6 Jian Li 2011-09-15 11:23:16 UTC

The bug can't be reproduced, using such test command:

for ((;;)) ; do
  namelen=$(( $RANDOM % 10)); 
  name="a" ; 
  for ((j=0;j<$namelen;j++)) ; do
    name=a$name; 
  done; 
  mkdir $name ; cd $name ;  find /home/tmp/jmoyer; 
done

Take nfsv3 as an example, I haven't find the flaw of the code:

 	p = xdr_decode_hyper(p, &entry->ino);
-	entry->len  = ntohl(*p++);
-	p = xdr_inline_decode(xdr, entry->len + 8);
 	if (unlikely(!p))
 		goto out_overflow;
 	entry->name = (const char *) p;
-	p += XDR_QUADLEN(entry->len);
 	entry->prev_cookie = entry->cookie;
 	p = xdr_decode_hyper(p, &entry->cookie);

because when encoding string, xdr will take space of 4-align-size, even the string's length is not 4-align.

Sanityonly test.

Comment 7 errata-xmlrpc 2011-12-06 13:52:08 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHSA-2011-1530.html

Note You need to log in before you can comment on or make changes to this bug.