* [PATCH 0/2] Two small fixes for nfs-utils
@ 2011-05-17 4:52 Neil Brown
2011-05-17 4:52 ` [PATCH 2/2] supress socket error when address family is not supported Neil Brown
2011-05-17 4:52 ` [PATCH 1/2] Remove risk of nfs_addmntent corrupting mtab Neil Brown
0 siblings, 2 replies; 8+ messages in thread
From: Neil Brown @ 2011-05-17 4:52 UTC (permalink / raw)
To: Steve Dickson; +Cc: linux-nfs
I've been sorting through nfs-utils patches in suse and have two that
should go upstream.
Please consider for next release.
Thanks,
NeilBrown
---
Neil Brown (1):
Remove risk of nfs_addmntent corrupting mtab
Suresh Jayaraman (1):
supress socket error when address family is not supported
support/nfs/nfs_mntent.c | 9 +++++++++
utils/nfsd/nfssvc.c | 9 +++++++--
2 files changed, 16 insertions(+), 2 deletions(-)
--
Signature
^ permalink raw reply [flat|nested] 8+ messages in thread
* [PATCH 1/2] Remove risk of nfs_addmntent corrupting mtab
2011-05-17 4:52 [PATCH 0/2] Two small fixes for nfs-utils Neil Brown
2011-05-17 4:52 ` [PATCH 2/2] supress socket error when address family is not supported Neil Brown
@ 2011-05-17 4:52 ` Neil Brown
2011-05-17 13:45 ` Chuck Lever
[not found] ` <20110517045217.29020.16140.stgit-wvvUuzkyo1EYVZTmpyfIwg@public.gmane.org>
1 sibling, 2 replies; 8+ messages in thread
From: Neil Brown @ 2011-05-17 4:52 UTC (permalink / raw)
To: Steve Dickson; +Cc: linux-nfs, NeilBrown
nfs_addmntent is used to append directly to /etc/mtab.
If the write partially fail, e.g. due to RLIMIT_FSIZE,
truncate back to original size and return an error.
See also https://bugzilla.redhat.com/show_bug.cgi?id=697975
(CVE-2011-1749) CVE-2011-1749 nfs-utils: mount.nfs fails to anticipate RLIMIT_FSIZE
Signed-off-by: NeilBrown <neilb@suse.de>
---
support/nfs/nfs_mntent.c | 9 +++++++++
1 files changed, 9 insertions(+), 0 deletions(-)
diff --git a/support/nfs/nfs_mntent.c b/support/nfs/nfs_mntent.c
index a5216fc..a2118a2 100644
--- a/support/nfs/nfs_mntent.c
+++ b/support/nfs/nfs_mntent.c
@@ -12,6 +12,7 @@
#include <string.h> /* for index */
#include <ctype.h> /* for isdigit */
#include <sys/stat.h> /* for umask */
+#include <unistd.h> /* for ftruncate */
#include "nfs_mntent.h"
#include "nls.h"
@@ -127,9 +128,11 @@ int
nfs_addmntent (mntFILE *mfp, struct mntent *mnt) {
char *m1, *m2, *m3, *m4;
int res;
+ off_t length;
if (fseek (mfp->mntent_fp, 0, SEEK_END))
return 1; /* failure */
+ length = ftell(mfp->mntent_fp);
m1 = mangle(mnt->mnt_fsname);
m2 = mangle(mnt->mnt_dir);
@@ -143,6 +146,12 @@ nfs_addmntent (mntFILE *mfp, struct mntent *mnt) {
free(m2);
free(m3);
free(m4);
+ if (res >= 0) {
+ res = fflush(mfp->mntent_fp);
+ if (res < 0)
+ /* Avoid leaving a corrupt mtab file */
+ ftruncate(fileno(mfp->mntent_fp), length);
+ }
return (res < 0) ? 1 : 0;
}
^ permalink raw reply related [flat|nested] 8+ messages in thread
* [PATCH 2/2] supress socket error when address family is not supported
2011-05-17 4:52 [PATCH 0/2] Two small fixes for nfs-utils Neil Brown
@ 2011-05-17 4:52 ` Neil Brown
[not found] ` <20110517045217.29020.46681.stgit-wvvUuzkyo1EYVZTmpyfIwg@public.gmane.org>
2011-05-23 12:26 ` [PATCH 2/2] supress socket error when address family is not supported Steve Dickson
2011-05-17 4:52 ` [PATCH 1/2] Remove risk of nfs_addmntent corrupting mtab Neil Brown
1 sibling, 2 replies; 8+ messages in thread
From: Neil Brown @ 2011-05-17 4:52 UTC (permalink / raw)
To: Steve Dickson; +Cc: linux-nfs, Suresh Jayaraman, Neil Brown
From: Suresh Jayaraman <sjayaraman@suse.de>
It was observed that when ipv6 module was not loaded and cannot be auto-loaded,
when starting NFS server, the following error occurs:
"rpc.nfsd: unable to create inet6 TCP socket: errno 97 (Address
family not supported by protocol)"
This is obviously a true message, but does not represent an "error" when ipv6
is not enabled. Rather, it is an expected condition. As such, it can be
confusing / misleading / distracting to display it in this scenario.
This patch instead of throwing error when a socket call fails with
EAFNOSUPPORT, makes it as a NOTICE.
Signed-off-by: Suresh Jayaraman <sjayaraman@suse.de>
Signed-off-by: Neil Brown <neilb@suse.de>
---
utils/nfsd/nfssvc.c | 9 +++++++--
1 files changed, 7 insertions(+), 2 deletions(-)
diff --git a/utils/nfsd/nfssvc.c b/utils/nfsd/nfssvc.c
index ea36399..f607214 100644
--- a/utils/nfsd/nfssvc.c
+++ b/utils/nfsd/nfssvc.c
@@ -174,8 +174,13 @@ nfssvc_setfds(const struct addrinfo *hints, const char *node, const char *port)
sockfd = socket(addr->ai_family, addr->ai_socktype,
addr->ai_protocol);
if (sockfd < 0) {
- xlog(L_ERROR, "unable to create %s %s socket: "
- "errno %d (%m)", family, proto, errno);
+ if (errno == EAFNOSUPPORT)
+ xlog(L_NOTICE, "address family %s not "
+ "supported by protocol %s",
+ family, proto);
+ else
+ xlog(L_ERROR, "unable to create %s %s socket: "
+ "errno %d (%m)", family, proto, errno);
rc = errno;
goto error;
}
^ permalink raw reply related [flat|nested] 8+ messages in thread
* mount.nfs4: Mounting failed, reason given by server: No such file or directory
[not found] ` <20110517045217.29020.46681.stgit-wvvUuzkyo1EYVZTmpyfIwg@public.gmane.org>
@ 2011-05-17 6:29 ` Taousif_Ansari-G5Y5guI6XLZWk0Htik3J/w
2011-05-17 6:38 ` Mi Jinlong
0 siblings, 1 reply; 8+ messages in thread
From: Taousif_Ansari-G5Y5guI6XLZWk0Htik3J/w @ 2011-05-17 6:29 UTC (permalink / raw)
To: linux-nfs
SGksDQoNCkkgaGF2ZSBleHBvcnRlZCBvbmUgZGlyZWN0b3J5IGZyb20gbXkgc2VydmVyIGl0IGlz
IC9leHBvcnQgYW5kIG15IC9ldGMvZXhwb3J0IGZpbGUgbG9va3MgbGlrZQ0KDQovZXhwb3J0ICoo
cncsZnNpZD0wLHN5bmMscG5mcyxpbnNlY3VyZSxub19yb290X3NxdWFzaCxub19zdWJ0cmVlX2No
ZWNrKQ0KDQpBdCBjbGllbnQNCnRzZkBjbGllbnRdIyBtb3VudCAtdCBuZnM0IC1vIG1pbm9ydmVy
c2lvbj0xIDxzZXJ2ZXItaXA+Oi9leHBvcnQgL21udA0KTW91bnQubmZzNDogbW91bnRpbmcgPHNl
cnZlci1pcD46L2V4cG9ydCBmaWxlZCwgcmVhc29uIGdpdmVuIGJ5IHNlcnZlcjogTm8gc3VjaCBm
aWxlIG9yIGRpcmVjdG9yeS4NCg0KSW5zdGVhZCwgaWYgSSB1c2Ugc2ltcGxlIG1vdW50IHRoZW4g
aXQgaXMgc3VjY2VlZGluZw0KdHNmQGNsaWVudF0jIG1vdW50IDxzZXJ2ZXItaXA+Oi9leHBvcnQg
L21udA0KU3VjY2Vzc2Z1bGx5IG1vdW50ZWQuDQoNCg0KQ2FuIHNvbWVib2R5IHBsZWFzZSB0ZWxs
IG1lIHdoYXQgaXMgdGhlIHByb2JsZW0uLi4/DQo=
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: mount.nfs4: Mounting failed, reason given by server: No such file or directory
2011-05-17 6:29 ` mount.nfs4: Mounting failed, reason given by server: No such file or directory Taousif_Ansari-G5Y5guI6XLZWk0Htik3J/w
@ 2011-05-17 6:38 ` Mi Jinlong
0 siblings, 0 replies; 8+ messages in thread
From: Mi Jinlong @ 2011-05-17 6:38 UTC (permalink / raw)
To: Taousif_Ansari; +Cc: linux-nfs
Taousif_Ansari@DELLTEAM.com 写道:
> Hi,
>
> I have exported one directory from my server it is /export and my /etc/export file looks like
>
> /export *(rw,fsid=0,sync,pnfs,insecure,no_root_squash,no_subtree_check)
>
> At client
> tsf@client]# mount -t nfs4 -o minorversion=1 <server-ip>:/export /mnt
> Mount.nfs4: mounting <server-ip>:/export filed, reason given by server: No such file or directory.
You should mount NFS4 as:
# mount -t nfs4 -o minorversion=1 <server-ip>:/ /mnt
Don't add the export dir after server-ip.
>
> Instead, if I use simple mount then it is succeeding
> tsf@client]# mount <server-ip>:/export /mnt
As this, you mount nfs success through NFSv3.
--
----
thanks
Mi Jinlong
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [PATCH 1/2] Remove risk of nfs_addmntent corrupting mtab
2011-05-17 4:52 ` [PATCH 1/2] Remove risk of nfs_addmntent corrupting mtab Neil Brown
@ 2011-05-17 13:45 ` Chuck Lever
[not found] ` <20110517045217.29020.16140.stgit-wvvUuzkyo1EYVZTmpyfIwg@public.gmane.org>
1 sibling, 0 replies; 8+ messages in thread
From: Chuck Lever @ 2011-05-17 13:45 UTC (permalink / raw)
To: Neil Brown; +Cc: Steve Dickson, linux-nfs
On May 17, 2011, at 12:52 AM, Neil Brown wrote:
> nfs_addmntent is used to append directly to /etc/mtab.
> If the write partially fail, e.g. due to RLIMIT_FSIZE,
> truncate back to original size and return an error.
>
> See also https://bugzilla.redhat.com/show_bug.cgi?id=697975
> (CVE-2011-1749) CVE-2011-1749 nfs-utils: mount.nfs fails to anticipate RLIMIT_FSIZE
Seems reasonable. Is there a similar fix needed for libmount?
> Signed-off-by: NeilBrown <neilb@suse.de>
> ---
>
> support/nfs/nfs_mntent.c | 9 +++++++++
> 1 files changed, 9 insertions(+), 0 deletions(-)
>
> diff --git a/support/nfs/nfs_mntent.c b/support/nfs/nfs_mntent.c
> index a5216fc..a2118a2 100644
> --- a/support/nfs/nfs_mntent.c
> +++ b/support/nfs/nfs_mntent.c
> @@ -12,6 +12,7 @@
> #include <string.h> /* for index */
> #include <ctype.h> /* for isdigit */
> #include <sys/stat.h> /* for umask */
> +#include <unistd.h> /* for ftruncate */
>
> #include "nfs_mntent.h"
> #include "nls.h"
> @@ -127,9 +128,11 @@ int
> nfs_addmntent (mntFILE *mfp, struct mntent *mnt) {
> char *m1, *m2, *m3, *m4;
> int res;
> + off_t length;
>
> if (fseek (mfp->mntent_fp, 0, SEEK_END))
> return 1; /* failure */
> + length = ftell(mfp->mntent_fp);
>
> m1 = mangle(mnt->mnt_fsname);
> m2 = mangle(mnt->mnt_dir);
> @@ -143,6 +146,12 @@ nfs_addmntent (mntFILE *mfp, struct mntent *mnt) {
> free(m2);
> free(m3);
> free(m4);
> + if (res >= 0) {
> + res = fflush(mfp->mntent_fp);
> + if (res < 0)
> + /* Avoid leaving a corrupt mtab file */
> + ftruncate(fileno(mfp->mntent_fp), length);
> + }
> return (res < 0) ? 1 : 0;
> }
>
>
>
> --
> To unsubscribe from this list: send the line "unsubscribe linux-nfs" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at http://vger.kernel.org/majordomo-info.html
--
Chuck Lever
chuck[dot]lever[at]oracle[dot]com
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [PATCH 1/2] Remove risk of nfs_addmntent corrupting mtab
[not found] ` <20110517045217.29020.16140.stgit-wvvUuzkyo1EYVZTmpyfIwg@public.gmane.org>
@ 2011-05-23 12:26 ` Steve Dickson
0 siblings, 0 replies; 8+ messages in thread
From: Steve Dickson @ 2011-05-23 12:26 UTC (permalink / raw)
To: Neil Brown; +Cc: linux-nfs
On 05/17/2011 12:52 AM, Neil Brown wrote:
> nfs_addmntent is used to append directly to /etc/mtab.
> If the write partially fail, e.g. due to RLIMIT_FSIZE,
> truncate back to original size and return an error.
>
> See also https://bugzilla.redhat.com/show_bug.cgi?id=697975
> (CVE-2011-1749) CVE-2011-1749 nfs-utils: mount.nfs fails to anticipate RLIMIT_FSIZE
>
> Signed-off-by: NeilBrown <neilb@suse.de>
> ---
>
> support/nfs/nfs_mntent.c | 9 +++++++++
> 1 files changed, 9 insertions(+), 0 deletions(-)
>
> diff --git a/support/nfs/nfs_mntent.c b/support/nfs/nfs_mntent.c
> index a5216fc..a2118a2 100644
> --- a/support/nfs/nfs_mntent.c
> +++ b/support/nfs/nfs_mntent.c
> @@ -12,6 +12,7 @@
> #include <string.h> /* for index */
> #include <ctype.h> /* for isdigit */
> #include <sys/stat.h> /* for umask */
> +#include <unistd.h> /* for ftruncate */
>
> #include "nfs_mntent.h"
> #include "nls.h"
> @@ -127,9 +128,11 @@ int
> nfs_addmntent (mntFILE *mfp, struct mntent *mnt) {
> char *m1, *m2, *m3, *m4;
> int res;
> + off_t length;
>
> if (fseek (mfp->mntent_fp, 0, SEEK_END))
> return 1; /* failure */
> + length = ftell(mfp->mntent_fp);
>
> m1 = mangle(mnt->mnt_fsname);
> m2 = mangle(mnt->mnt_dir);
> @@ -143,6 +146,12 @@ nfs_addmntent (mntFILE *mfp, struct mntent *mnt) {
> free(m2);
> free(m3);
> free(m4);
> + if (res >= 0) {
> + res = fflush(mfp->mntent_fp);
> + if (res < 0)
> + /* Avoid leaving a corrupt mtab file */
> + ftruncate(fileno(mfp->mntent_fp), length);
> + }
> return (res < 0) ? 1 : 0;
> }
>
>
>
Committed...
steved.
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [PATCH 2/2] supress socket error when address family is not supported
2011-05-17 4:52 ` [PATCH 2/2] supress socket error when address family is not supported Neil Brown
[not found] ` <20110517045217.29020.46681.stgit-wvvUuzkyo1EYVZTmpyfIwg@public.gmane.org>
@ 2011-05-23 12:26 ` Steve Dickson
1 sibling, 0 replies; 8+ messages in thread
From: Steve Dickson @ 2011-05-23 12:26 UTC (permalink / raw)
To: Neil Brown; +Cc: linux-nfs, Suresh Jayaraman
On 05/17/2011 12:52 AM, Neil Brown wrote:
> From: Suresh Jayaraman <sjayaraman@suse.de>
>
> It was observed that when ipv6 module was not loaded and cannot be auto-loaded,
> when starting NFS server, the following error occurs:
> "rpc.nfsd: unable to create inet6 TCP socket: errno 97 (Address
> family not supported by protocol)"
>
> This is obviously a true message, but does not represent an "error" when ipv6
> is not enabled. Rather, it is an expected condition. As such, it can be
> confusing / misleading / distracting to display it in this scenario.
>
> This patch instead of throwing error when a socket call fails with
> EAFNOSUPPORT, makes it as a NOTICE.
>
> Signed-off-by: Suresh Jayaraman <sjayaraman@suse.de>
> Signed-off-by: Neil Brown <neilb@suse.de>
> ---
>
> utils/nfsd/nfssvc.c | 9 +++++++--
> 1 files changed, 7 insertions(+), 2 deletions(-)
>
> diff --git a/utils/nfsd/nfssvc.c b/utils/nfsd/nfssvc.c
> index ea36399..f607214 100644
> --- a/utils/nfsd/nfssvc.c
> +++ b/utils/nfsd/nfssvc.c
> @@ -174,8 +174,13 @@ nfssvc_setfds(const struct addrinfo *hints, const char *node, const char *port)
> sockfd = socket(addr->ai_family, addr->ai_socktype,
> addr->ai_protocol);
> if (sockfd < 0) {
> - xlog(L_ERROR, "unable to create %s %s socket: "
> - "errno %d (%m)", family, proto, errno);
> + if (errno == EAFNOSUPPORT)
> + xlog(L_NOTICE, "address family %s not "
> + "supported by protocol %s",
> + family, proto);
> + else
> + xlog(L_ERROR, "unable to create %s %s socket: "
> + "errno %d (%m)", family, proto, errno);
> rc = errno;
> goto error;
> }
>
>
Committed...
steved.
^ permalink raw reply [flat|nested] 8+ messages in thread
end of thread, other threads:[~2011-05-23 12:26 UTC | newest]
Thread overview: 8+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2011-05-17 4:52 [PATCH 0/2] Two small fixes for nfs-utils Neil Brown
2011-05-17 4:52 ` [PATCH 2/2] supress socket error when address family is not supported Neil Brown
[not found] ` <20110517045217.29020.46681.stgit-wvvUuzkyo1EYVZTmpyfIwg@public.gmane.org>
2011-05-17 6:29 ` mount.nfs4: Mounting failed, reason given by server: No such file or directory Taousif_Ansari-G5Y5guI6XLZWk0Htik3J/w
2011-05-17 6:38 ` Mi Jinlong
2011-05-23 12:26 ` [PATCH 2/2] supress socket error when address family is not supported Steve Dickson
2011-05-17 4:52 ` [PATCH 1/2] Remove risk of nfs_addmntent corrupting mtab Neil Brown
2011-05-17 13:45 ` Chuck Lever
[not found] ` <20110517045217.29020.16140.stgit-wvvUuzkyo1EYVZTmpyfIwg@public.gmane.org>
2011-05-23 12:26 ` Steve Dickson
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.