/etc.nfs.conf fails for nfsv4 server / blkmapd dumps core
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
nfs-utils (Debian) |
Fix Released
|
Unknown
|
|||
nfs-utils (Ubuntu) |
Fix Released
|
Undecided
|
Andreas Hasenack | ||
Jammy |
Fix Released
|
Undecided
|
Andreas Hasenack | ||
Kinetic |
Fix Released
|
Undecided
|
Andreas Hasenack |
Bug Description
[ Impact ]
Under certain conditions, blkmapd can crash due to calling free() on a pointer that wasn't malloc()ed. The reproducer went as far as isolating it to having LVM Logical Volumes on SCSI disks, but the code flaw is clear.
The struct bl_serial *serial structure is allocated via bl_create_
This was first brought up by lixiaokeng via https:/
[ Test Plan ]
Create a VM for the ubuntu release under test. What's important is that this VM has a SCSI device, not VIRTIO. You can add one after the VM is created, as it must not be the root disk because we will use it as an LVM volume group, i.e., all data on it will be erased.
You may have to install the kernel extra modules package for the scsi device to appear:
sudo apt install linux-modules-
After a reboot, locate the scsi device. In this example, we will use /dev/sda.
Partition it:
sudo sgdisk -Z /dev/sda
Create an LVM group and volume:
sudo pvcreate /dev/sda
sudo vgcreate vg0 /dev/sda
sudo lvcreate -ntest -L100M vg0
Install nfs-kernel-server:
sudo apt install nfs-kernel-server
The status of the nfs-blkmap service should already show a failure:
systemctl status nfs-blkmap.service
...
Oct 20 18:12:12 j-blkmapd-crash systemd[1]: nfs-blkmap.service: Main process exited, code=dumped, status=6/ABRT
Oct 20 18:12:12 j-blkmapd-crash systemd[1]: nfs-blkmap.service: Failed with result 'core-dump'.
To confirm, run it interactively:
$ sudo blkmapd -f
blkmapd: open pipe file /run/rpc_
double free or corruption (out)
Aborted
With the fixed packages, it should be running after install. It can also be tried out interactively again just to be sure:
sudo systemctl stop nfs-blkmap
sudo blkmapd -f
blkmapd: open pipe file /run/rpc_
The failure to open the blocklayout file is not a problem in this case, and is unrelated to the bug this SRU is fixing.
[ Where problems could occur ]
Restarting an NFS server can be tricky: connected clients might experience a "blip" in the service, or even hang in the worst case. Also depending on the NFS version being served (3 or 4), multiple services are involved, and the restart can expose a bug in the ordering in which these services are stopped and come back online.
In terms of the patch and code, it's C code dealing with pointers and memory allocation. Things can easily go wrong here, and since this is a daemon, memory leaks can have bigger consequences.
[ Other Info ]
I didn't continue the investigation about other scenarios where this could be happening, or why it did not happen with a VIRTIO device, as the SCSI case was enough to reproduce the problem and show where the bug was.
The previous SRU for nfs-utils (https:/
[Original Description]
When using the 22.04 /etc/nfs.conf an nfsv4 server fails to operate
It kind of works but some clients fail and try nfsv3 ports
symptoms:
on boot:
× nfs-blkmap.service - pNFS block layout mapping daemon
Loaded: loaded (/lib/systemd/
Active: failed (Result: core-dump) since Sat 2022-06-25 07:14:34 PDT; 27min ago
journalctl --catalog --pager-end --unit=
Jun 25 07:14:34 c68z blkmapd[2386154]: open pipe file /run/rpc_
on systemctl restart nfs-server.service:
○ rpc-svcgssd.service - RPC security service for NFS server
Loaded: loaded (/lib/systemd/
Active: inactive (dead) since Fri 2022-06-24 19:07:31 PDT; 12h ago
after boot it was:
● rpc-svcgssd.service - RPC security service for NFS server
Loaded: loaded (/lib/systemd/
Active: active (running) since Sat 2022-06-25 08:27:27 PDT; 2min 7s ago
Some clients tries to access port 111 which is not used by nfs4 on the network
ProblemType: Bug
DistroRelease: Ubuntu 22.04
Package: linux-image-
ProcVersionSign
Uname: Linux 5.15.0-40-generic x86_64
NonfreeKernelMo
ApportVersion: 2.20.11-0ubuntu82.1
Architecture: amd64
AudioDevicesInUse: Error: command ['fuser', '-v', '/dev/snd/by-path', '/dev/snd/
CRDA: N/A
CasperMD5CheckR
Date: Sat Jun 25 08:37:48 2022
HibernationDevice: RESUME=none
MachineType: Apple Inc. Macmini8,1
ProcEnviron:
SHELL=/bin/bash
LANG=en_US.UTF-8
TERM=screen
PATH=(custom, no user)
ProcFB: 0 i915drmfb
ProcKernelCmdLine: root=ZFS=
PulseList: Error: command ['pacmd', 'list'] failed with exit code 1: No PulseAudio daemon running, or not running as session daemon.
RelatedPackageV
linux-
linux-
linux-firmware 20220329.
RfKill:
0: hci0: Bluetooth
Soft blocked: no
Hard blocked: no
SourcePackage: linux
UpgradeStatus: No upgrade log present (probably fresh install)
dmi.bios.date: 04/24/2022
dmi.bios.release: 0.1
dmi.bios.vendor: Apple Inc.
dmi.bios.version: 1731.120.10.0.0 (iBridge: 19.16.15071.0.0,0)
dmi.board.name: Mac-7BA5B2DFE22
dmi.board.vendor: Apple Inc.
dmi.board.version: Macmini8,1
dmi.chassis.type: 9
dmi.chassis.vendor: Apple Inc.
dmi.chassis.
dmi.modalias: dmi:bvnAppleInc
dmi.product.family: Mac mini
dmi.product.name: Macmini8,1
dmi.product.
dmi.sys.vendor: Apple Inc.
Related branches
- git-ubuntu bot: Approve
- Bryce Harrington (community): Approve
- Canonical Server Reporter: Pending requested
-
Diff: 69 lines (+47/-0)3 files modifieddebian/changelog (+7/-0)
debian/patches/blkmapd-fix-invalid-free.patch (+39/-0)
debian/patches/series (+1/-0)
- git-ubuntu bot: Approve
- Bryce Harrington (community): Approve
- Canonical Server Reporter: Pending requested
-
Diff: 69 lines (+47/-0)3 files modifieddebian/changelog (+7/-0)
debian/patches/blkmapd-fix-invalid-free.patch (+39/-0)
debian/patches/series (+1/-0)
Changed in nfs-utils (Ubuntu): | |
status: | Incomplete → Confirmed |
tags: | added: server-todo |
description: | updated |
description: | updated |
description: | updated |
description: | updated |
description: | updated |
description: | updated |
Changed in nfs-utils (Debian): | |
status: | Unknown → Confirmed |
Changed in nfs-utils (Debian): | |
status: | Confirmed → Fix Released |
/etc/nfs.conf:
[general]
pipefs-directory = /run/rpc_pipefs
[mountd]
manage-gids = y
[nfsd]
host = 1.2.3.4
threads = 8
udp = 0
vers2 = n
vers3 = n
vers4 = y