+++ This bug was initially created as a clone of Bug #804218 +++ Hopefully cloning this is useful. On EL6 you cannot disable just version 1, but you can disable version 2 (which also disables version 1). If you do, you get the same problem as before with EL5 and version 1. +++ This bug was initially created as a clone of Bug #595675 +++ Reproducer: On server: edit /etc/sysconfig/nfs and set MOUNTD_NFS_V2=no restart nfs On client: Mount a share from the server. This should be successful. Now try to unmount it. This fails with an error. # umount /mnt umount.nfs: vm22:/exports: not found / mounted or server not reachable umount.nfs: vm22:/exports: not found / mounted or server not reachable The cause appears to be the fact that the client when mounting uses MOUNT version 3 protocol. However when unmounting, it appears to use version 1 of the MOUNT protocol. Since version 1 is disabled, the client cannot unmount. --- Additional comment from steved on 2011-01-21 13:47:14 EST --- Created attachment 474657 [details] The patch that fixes the problem --- Additional comment from orion.com on 2012-03-16 17:44:03 EDT --- nfs-utils-1.0.9-60.el5
This request was evaluated by Red Hat Product Management for inclusion in a Red Hat Enterprise Linux release. Product Management has requested further review of this request by Red Hat Engineering, for potential inclusion in a Red Hat Enterprise Linux release for currently deployed products. This request is not yet committed for inclusion in a release.
Reproduced on nfs-utils-1.0.9-60.el5: edit /etc/sysconfig/nfs and set MOUNTD_NFS_V2=no restart nfs # umount /mnt umount.nfs: localhost:/tmp: not found / mounted or server not reachable umount.nfs: localhost:/tmp: not found / mounted or server not reachable Verifed on nfs-utils-1.0.9-64.el5, umount is OK now. But, seem it introduces regression and let bug FAIL again. When setting MOUNTD_NFS_V3="no", buffer overflow detected in mount.nfs again: # mount -t nfs localhost:/tmp /mnt *** buffer overflow detected ***: /sbin/mount.nfs terminated ======= Backtrace: ========= /lib64/libc.so.6(__chk_fail+0x2f)[0x2b7b65fe499f] /sbin/mount.nfs[0x2b7b65acdd3b] /sbin/mount.nfs[0x2b7b65acadc6] /sbin/mount.nfs(main+0x5b8)[0x2b7b65acb468] /lib64/libc.so.6(__libc_start_main+0xf4)[0x2b7b65f199c4] /sbin/mount.nfs[0x2b7b65aca729] ======= Memory map: ======== 2b7b65ac7000-2b7b65ad8000 r-xp 00000000 08:03 3111015 /sbin/mount.nfs 2b7b65cd8000-2b7b65cd9000 rw-p 00011000 08:03 3111015 /sbin/mount.nfs 2b7b65cd9000-2b7b65cde000 rw-p 2b7b65cd9000 00:00 0 2b7b65cde000-2b7b65cfa000 r-xp 00000000 08:03 2128158 /lib64/ld-2.5.so 2b7b65cfa000-2b7b65cfc000 rw-p 2b7b65cfa000 00:00 0 2b7b65efa000-2b7b65efb000 r--p 0001c000 08:03 2128158 /lib64/ld-2.5.so 2b7b65efb000-2b7b65efc000 rw-p 0001d000 08:03 2128158 /lib64/ld-2.5.so 2b7b65efc000-2b7b6604b000 r-xp 00000000 08:03 2128159 /lib64/libc-2.5.so 2b7b6604b000-2b7b6624a000 ---p 0014f000 08:03 2128159 /lib64/libc-2.5.so 2b7b6624a000-2b7b6624e000 r--p 0014e000 08:03 2128159 /lib64/libc-2.5.so 2b7b6624e000-2b7b6624f000 rw-p 00152000 08:03 2128159 /lib64/libc-2.5.so 2b7b6624f000-2b7b66255000 rw-p 2b7b6624f000 00:00 0 2b7b66255000-2b7b6625f000 r-xp 00000000 08:03 2127867 /lib64/libnss_files-2.5.so 2b7b6625f000-2b7b6645e000 ---p 0000a000 08:03 2127867 /lib64/libnss_files-2.5.so 2b7b6645e000-2b7b6645f000 r--p 00009000 08:03 2127867 /lib64/libnss_files-2.5.so 2b7b6645f000-2b7b66460000 rw-p 0000a000 08:03 2127867 /lib64/libnss_files-2.5.so 2b7b66460000-2b7b6646d000 r-xp 00000000 08:03 2128170 /lib64/libgcc_s-4.1.2-20080825.so.1 2b7b6646d000-2b7b6666d000 ---p 0000d000 08:03 2128170 /lib64/libgcc_s-4.1.2-20080825.so.1 2b7b6666d000-2b7b6666e000 rw-p 0000d000 08:03 2128170 /lib64/libgcc_s-4.1.2-20080825.so.1 2b7b674f4000-2b7b67515000 rw-p 2b7b674f4000 00:00 0 [heap] 7fff6a185000-7fff6a19a000 rw-p 7ffffffe9000 00:00 0 [stack] 7fff6a1fd000-7fff6a200000 r-xp 7fff6a1fd000 00:00 0 [vdso] ffffffffff600000-ffffffffffe00000 ---p 00000000 00:00 0 [vsyscall] [root@nec-em15 ~]# echo $? 2 So I will re-assign these two bugs and let them fixed again.
I'm not seeing the buffer overflow with nfs-utils-1.0.9-65, but I am seeing the following error: mount.nfs: Unknown error 52 It seems the following patch fixes the problem: diff -up ./utils/mount/nfsmount.c.orig ./utils/mount/nfsmount.c --- ./utils/mount/nfsmount.c.orig 2012-09-19 09:49:46.000000000 -0400 +++ ./utils/mount/nfsmount.c 2012-09-20 10:12:22.000000000 -0400 @@ -202,7 +202,7 @@ static const u_long * mnt_probelist(const int vers) { static const u_long mnt1_probe[] = { 1, 2, 0 }; - static const u_long mnt3_probe[] = { 3, 1, 2, 0 }; + static const u_long mnt3_probe[] = { 3, 0, 2, 0 }; switch (vers) { case 3: return mnt3_probe; But this is a different problem so we should open up a separate bz.
(In reply to comment #10) > I'm not seeing the buffer overflow with nfs-utils-1.0.9-65, but I am seeing > the following error: > mount.nfs: Unknown error 52 > > It seems the following patch fixes the problem: > > diff -up ./utils/mount/nfsmount.c.orig ./utils/mount/nfsmount.c > --- ./utils/mount/nfsmount.c.orig 2012-09-19 09:49:46.000000000 -0400 > +++ ./utils/mount/nfsmount.c 2012-09-20 10:12:22.000000000 -0400 > @@ -202,7 +202,7 @@ static const u_long * > mnt_probelist(const int vers) > { > static const u_long mnt1_probe[] = { 1, 2, 0 }; > - static const u_long mnt3_probe[] = { 3, 1, 2, 0 }; > + static const u_long mnt3_probe[] = { 3, 0, 2, 0 }; > switch (vers) { > case 3: > return mnt3_probe; > > But this is a different problem so we should open up a separate bz. What's your configuration and steps to reproduce the above error? I think the reason you couldn't seeing the buffer overflow maybe related to system arch. I could reproduce on x86_64 arch with below test steps: [root@nec-em15 ~]# rpm -qa|grep nfs-utils nfs-utils-lib-1.0.8-7.9.el5 nfs-utils-1.0.9-65.el5 [root@nec-em15 ~]# uname -a Linux nec-em15.rhts.eng.bos.redhat.com 2.6.18-339.el5 #1 SMP Mon Aug 27 15:42:17 EDT 2012 x86_64 x86_64 x86_64 GNU/Linux [root@nec-em15 ~]# cat /etc/exports /tmp *(rw) Set MOUNTD_NFS_V3=no: [root@nec-em15 ~]# grep -v "^#" /etc/sysconfig/nfs MOUNTD_NFS_V3="no" [root@nec-em15 ~]# service nfs restart [root@nec-em15 ~]# mount -t nfs localhost:/tmp /mnt *** buffer overflow detected ***: /sbin/mount.nfs terminated ======= Backtrace: ========= /lib64/libc.so.6(__chk_fail+0x2f)[0x2b170e08d99f] /sbin/mount.nfs[0x2b170db76d3b] /sbin/mount.nfs[0x2b170db73dc6] /sbin/mount.nfs(main+0x5b8)[0x2b170db74468] /lib64/libc.so.6(__libc_start_main+0xf4)[0x2b170dfc29c4] /sbin/mount.nfs[0x2b170db73729] ======= Memory map: ======== 2b170db70000-2b170db81000 r-xp 00000000 08:03 3110987 /sbin/mount.nfs 2b170dd81000-2b170dd82000 rw-p 00011000 08:03 3110987 /sbin/mount.nfs 2b170dd82000-2b170dd87000 rw-p 2b170dd82000 00:00 0 2b170dd87000-2b170dda3000 r-xp 00000000 08:03 2128158 /lib64/ld-2.5.so 2b170dda3000-2b170dda5000 rw-p 2b170dda3000 00:00 0 2b170dfa3000-2b170dfa4000 r--p 0001c000 08:03 2128158 /lib64/ld-2.5.so 2b170dfa4000-2b170dfa5000 rw-p 0001d000 08:03 2128158 /lib64/ld-2.5.so 2b170dfa5000-2b170e0f4000 r-xp 00000000 08:03 2128159 /lib64/libc-2.5.so 2b170e0f4000-2b170e2f3000 ---p 0014f000 08:03 2128159 /lib64/libc-2.5.so 2b170e2f3000-2b170e2f7000 r--p 0014e000 08:03 2128159 /lib64/libc-2.5.so 2b170e2f7000-2b170e2f8000 rw-p 00152000 08:03 2128159 /lib64/libc-2.5.so 2b170e2f8000-2b170e2fe000 rw-p 2b170e2f8000 00:00 0 2b170e2fe000-2b170e308000 r-xp 00000000 08:03 2127867 /lib64/libnss_files-2.5.so 2b170e308000-2b170e507000 ---p 0000a000 08:03 2127867 /lib64/libnss_files-2.5.so 2b170e507000-2b170e508000 r--p 00009000 08:03 2127867 /lib64/libnss_files-2.5.so 2b170e508000-2b170e509000 rw-p 0000a000 08:03 2127867 /lib64/libnss_files-2.5.so 2b170e509000-2b170e516000 r-xp 00000000 08:03 2128170 /lib64/libgcc_s-4.1.2-20080825.so.1 2b170e516000-2b170e716000 ---p 0000d000 08:03 2128170 /lib64/libgcc_s-4.1.2-20080825.so.1 2b170e716000-2b170e717000 rw-p 0000d000 08:03 2128170 /lib64/libgcc_s-4.1.2-20080825.so.1 2b1714632000-2b1714653000 rw-p 2b1714632000 00:00 0 [heap] 7fffb7172000-7fffb7187000 rw-p 7ffffffe9000 00:00 0 [stack] 7fffb71fd000-7fffb7200000 r-xp 7fffb71fd000 00:00 0 [vdso] ffffffffff600000-ffffffffffe00000 ---p 00000000 00:00 0 [vsyscall] [root@nec-em15 ~]# echo $? 2 If on i386 arch, I would not get buffer overflow, but mount failed too: # mount -t nfs localhost:/tmp /mnt # echo $? 2 Could you reserve a x86_64 machine to check again? or you could use the machine I reserved for you: nec-em15.rhts.eng.bos.redhat.com username/passwd is root/redhat
Reproduced in version nfs-utils-1.0.9-57.el5 Verified in version nfs-utils-1.0.9-66.el5 used testcase: nfs-utils/nfs-config-args Also created regression test: nfs-utils/Regression/bz804681-cannot-unmount-NFS-share-if-mount-version-2-is-disabled
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. http://rhn.redhat.com/errata/RHBA-2013-0068.html
Was this fix removed? I'm seeing problems with umount.nfs failing, but not sure if it's this bug or a different one. In the spec file you've listed: * Wed Sep 26 2012 Steve Dickson <steved> 1.0.9-66 - Removed patch for bz 804681 due to a regression (bz 745730) however, the patch is still applied: # 804681 - Cannot unmount NFS share if Mount version 2 is disabled. %patch87 -p1 but, Patch87 is nothing to do with MOUNT version: Patch87: nfs-utils-1.0.9-mount-idmapd.patch -char *IDMAPLCK = DEFAULT_DIR "/rpcidmapd"; +char *IDMAPLCK = DEFAULT_DIR "/rpc.idmapd";