Ubuntu
ecryptfs-utils package

ecryptfs does not work on top of NFS

Bug #289747 reported by Kees Cook
12
This bug affects 1 person
Affects Status Importance Assigned to Milestone
ecryptfs-utils (Ubuntu)
Confirmed
High
Unassigned

Bug Description

Binary package hint: ecryptfs-utils

Smells a little like 277578, but the crash is different. My home directory is mounted from an NFS server, and I seem to get a NULL pointer deref when I do anything in the filesystem:

$ ls -la
total 64
dr-x------ 2 kees kees 113 2008-10-26 21:22 ./
drwx------ 392 kees users 36864 2008-10-26 21:23 ../
lrwxrwxrwx 1 kees kees 28 2008-10-26 21:22 THIS DIRECTORY HAS BEEN UNMOUNTED TO PROTECT YOUR DATA -- Run mount.ecryptfs_private to mount again -> /sbin/mount.ecryptfs_private*
$ cd
$ mount.ecryptfs_private
$ cd -
/home/kees/Private
$ ls -la
total 0
$ mount | grep Private
/home/kees/.Private on /home/kees/Private type ecryptfs (rw,ecryptfs_sig=37acd31f5921f08a,ecryptfs_cipher=aes,ecryptfs_key_bytes=16,user=kees)
$ touch cow
Killed
$ dmesg
[467533.047859] ecryptfs_parse_options: eCryptfs: unrecognized option 'rw'
[467533.047871] ecryptfs_parse_options: eCryptfs: unrecognized option 'user=kees'
[467533.246779] ecryptfs_parse_options: eCryptfs: unrecognized option 'rw'
[467533.246794] ecryptfs_parse_options: eCryptfs: unrecognized option 'user=kees'
[467603.620965] ecryptfs_parse_options: eCryptfs: unrecognized option 'rw'
[467603.620980] ecryptfs_parse_options: eCryptfs: unrecognized option 'user=kees'
[467643.421891] BUG: unable to handle kernel paging request at 0000000000001038
[467643.421898] IP: [<ffffffffa0508e9d>] rpcauth_bindcred+0x1d/0x110 [sunrpc]
[467643.421922] PGD 81d38067 PUD 5d49e067 PMD 0
[467643.421926] Oops: 0000 [1] SMP
[467643.421930] CPU 0
[467643.421932] Modules linked in: cbc aes_x86_64 aes_generic ecb ecryptfs ipt_LOG tun i915 drm binfmt_misc rfcomm sco bnep l2cap bluetooth ipt_MASQUERADE iptable_nat nf_nat nf_conntrack_ipv4 xt_state nf_conntrack ipt_REJECT nfsd exportfs xt_tcpudp kvm_intel kvm ppdev autofs4 acpi_cpufreq cpufreq_conservative cpufreq_powersave cpufreq_ondemand cpufreq_userspace cpufreq_stats freq_table wmi pci_slot sbs container video output sbshc battery rpcsec_gss_krb5 auth_rpcgss nfs lockd nfs_acl sunrpc bridge 8021q garp stp ipv6 iptable_filter ip_tables x_tables dm_crypt crypto_blkcipher ac parport_pc lp parport dm_multipath gspca_pac207 psmouse scsi_dh gspca_main snd_hda_intel serio_raw pcspkr compat_ioctl32 snd_pcm_oss snd_mixer_oss joydev videodev v4l1_compat snd_pcm evdev snd_seq_dummy snd_seq_oss snd_seq_midi snd_rawmidi snd_seq_midi_event snd_seq iTCO_wdt iTCO_vendor_support snd_timer snd_seq_device snd intel_agp soundcore button heci shpchp pci_hotplug snd_page_alloc ext3 jbd mbcache sr_mod cdrom sd_mod crc_t10dif usbhid hid sg pata_acpi pata_marvell ahci ohci1394 ieee1394 ehci_hcd uhci_hcd ata_generic usbcore libata scsi_mod e1000e dock raid10 raid456 async_xor async_memcpy async_tx xor raid1 raid0 multipath linear md_mod dm_mirror dm_log dm_snapshot dm_mod thermal processor fan fbcon tileblit font bitblit softcursor fuse
[467643.422048] Pid: 1004, comm: touch Not tainted 2.6.27-7-generic #1
[467643.422050] RIP: 0010:[<ffffffffa0508e9d>] [<ffffffffa0508e9d>] rpcauth_bindcred+0x1d/0x110 [sunrpc]
[467643.422070] RSP: 0018:ffff8800184f9a38 EFLAGS: 00010206
[467643.422072] RAX: ffff8800184f9ba8 RBX: ffff88000d92ba40 RCX: 0000000000000000
[467643.422075] RDX: 0000000000000000 RSI: 0000000000001000 RDI: ffff88000d92ba40
[467643.422078] RBP: ffff8800184f9a68 R08: ffff88022808a200 R09: ffff8800184f9af8
[467643.422080] R10: 0000000000000000 R11: 0000000000000001 R12: ffff8800184f9ae8
[467643.422083] R13: ffff8800184f9ae8 R14: ffff8800184f9bf8 R15: ffff8800c0c28410
[467643.422086] FS: 00007fb74c55a6e0(0000) GS:ffffffff806e1a80(0000) knlGS:0000000000000000
[467643.422089] CS: 0010 DS: 0000 ES: 0000 CR0: 000000008005003b
[467643.422092] CR2: 0000000000001038 CR3: 00000000865c2000 CR4: 00000000000026e0
[467643.422095] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[467643.422098] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400
[467643.422101] Process touch (pid: 1004, threadinfo ffff8800184f8000, task ffff8802071e2ce0)
[467643.422103] Stack: 00000000184f9a58 0000000000000000 ffff8800184f9af8 0000000000000000
[467643.422109] ffff88000d92ba40 ffff8800184f9ae8 ffff8800184f9a88 ffffffffa05072be
[467643.422114] ffff88000d92ba40 0000000000000080 ffff8800184f9ab8 ffffffffa0507362
[467643.422119] Call Trace:
[467643.422137] [<ffffffffa05072be>] rpc_init_task+0xfe/0x170 [sunrpc]
[467643.422155] [<ffffffffa0507362>] rpc_new_task+0x32/0x90 [sunrpc]
[467643.422172] [<ffffffffa050085e>] rpc_run_task+0x1e/0x80 [sunrpc]
[467643.422189] [<ffffffffa05009d2>] rpc_call_sync+0x42/0x70 [sunrpc]
[467643.422210] [<ffffffffa0569bad>] nfs3_rpc_wrapper+0x2d/0x70 [nfs]
[467643.422227] [<ffffffffa056b030>] nfs3_proc_setattr+0xc0/0x120 [nfs]
[467643.422246] [<ffffffffa055bc49>] nfs_setattr+0xe9/0x170 [nfs]
[467643.422252] [<ffffffff802ac567>] ? find_lock_page+0x37/0x80
[467643.422256] [<ffffffff802b786e>] ? mark_page_accessed+0xe/0x70
[467643.422259] [<ffffffff802adba3>] ? filemap_fault+0x1a3/0x430
[467643.422263] [<ffffffff80266fdd>] ? __wake_up_bit+0xd/0x40
[467643.422267] [<ffffffff802ab1da>] ? page_waitqueue+0xa/0x90
[467643.422271] [<ffffffff80253d7d>] ? timespec_trunc+0xd/0x40
[467643.422275] [<ffffffff8026e6cd>] ? current_kernel_time+0xd/0x50
[467643.422279] [<ffffffff802c2244>] ? __do_fault+0x134/0x440
[467643.422283] [<ffffffff803870f1>] ? apparmor_inode_setattr+0x21/0xc0
[467643.422288] [<ffffffff80302f1b>] fnotify_change+0x32b/0x420
[467643.422292] [<ffffffff80303020>] notify_change+0x10/0x20
[467643.422300] [<ffffffffa074bbc0>] ecryptfs_setattr+0xd0/0x230 [ecryptfs]
[467643.422304] [<ffffffff80302f1b>] fnotify_change+0x32b/0x420
[467643.422308] [<ffffffff80312ebf>] utimes_common+0xdf/0x1d0
[467643.422311] [<ffffffff803130af>] do_utimes+0xff/0x120
[467643.422315] [<ffffffff802eb099>] ? fput+0x9/0x30
[467643.422318] [<ffffffff803131fc>] sys_utimensat+0x3c/0xb0
[467643.422323] [<ffffffff8050299a>] ? error_exit+0x0/0x70
[467643.422327] [<ffffffff8021285a>] system_call_fastpath+0x16/0x1b
[467643.422329]
[467643.422331]
[467643.422332] Code: df eb a8 66 66 2e 0f 1f 84 00 00 00 00 00 55 48 89 e5 48 83 ec 30 48 89 5d f0 4c 89 65 f8 e8 eb 97 d0 df 48 85 f6 48 89 fb 74 13 <48> 8b 46 38 ff 50 20 48 8b 5d f0 4c 8b 65 f8 c9 c3 66 90 83 e2
[467643.422374] RIP [<ffffffffa0508e9d>] rpcauth_bindcred+0x1d/0x110 [sunrpc]
[467643.422392] RSP <ffff8800184f9a38>
[467643.422394] CR2: 0000000000001038
[467643.422397] ---[ end trace ff97cd5bc2f81a3f ]---

Revision history for this message
Dustin Kirkland  (kirkland) wrote :

I'm pretty sure this is a duplicate of bug #277578.

Layered filesystems (such as ecryptfs) in general don't work well on top of NFS due to some architectural problems with NFS in the kernel.

Mike, would you care to comment a bit on the kernel side of this problem?

:-Dustin

Changed in ecryptfs-utils:
importance: Undecided → High
status: New → Confirmed
Revision history for this message
mhalcrow (mhalcrow) wrote :

Dustin Kirkland wrote:
> Layered filesystems (such as ecryptfs) in general don't work well on
> top of NFS due to some architectural problems with NFS in the
> kernel.
>
> Mike, would you care to comment a bit on the kernel side of this
> problem?

eCryptfs stacked on networked filesystems is currently not a supported
configuration. Another layered filesystem, Unionfs, has had to work
through several issues when stacking on NFS. For instance:

https://bugs.launchpad.net/ubuntu/+source/linux-source-2.6.22/+bug/137765

Until we get the bugs resolved, eCryptfs can only be expected to work
well on local filesystems.

Revision history for this message
Dustin Kirkland  (kirkland) wrote : Re: [Bug 289747] Re: ecryptfs does not work on top of NFS

On Mon, Oct 27, 2008 at 10:03 AM, mhalcrow <email address hidden> wrote:
> Until we get the bugs resolved, eCryptfs can only be expected to work
> well on local filesystems.

By "we", do you mean ecryptfs in the kernel, or nfs in the kernel?

--
:-Dustin

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.