[PATCH 0/2] Two small fixes for nfs-utils

linux-nfs.vger.kernel.org archive mirror
 help / color / mirror / Atom feed

* [PATCH 0/2] Two small fixes for nfs-utils
@ 2011-05-17  4:52 Neil Brown
  2011-05-17  4:52 ` [PATCH 1/2] Remove risk of nfs_addmntent corrupting mtab Neil Brown
  2011-05-17  4:52 ` [PATCH 2/2] supress socket error when address family is not supported Neil Brown
  0 siblings, 2 replies; 8+ messages in thread
From: Neil Brown @ 2011-05-17  4:52 UTC (permalink / raw)
  To: Steve Dickson; +Cc: linux-nfs

I've been sorting through nfs-utils patches in suse and have two that
should go upstream.

Please consider for next release.

Thanks,
NeilBrown



---

Neil Brown (1):
      Remove risk of nfs_addmntent corrupting mtab

Suresh Jayaraman (1):
      supress socket error when address family is not supported


 support/nfs/nfs_mntent.c |    9 +++++++++
 utils/nfsd/nfssvc.c      |    9 +++++++--
 2 files changed, 16 insertions(+), 2 deletions(-)

-- 
Signature


^ permalink raw reply	[flat|nested] 8+ messages in thread

* [PATCH 1/2] Remove risk of nfs_addmntent corrupting mtab
  2011-05-17  4:52 [PATCH 0/2] Two small fixes for nfs-utils Neil Brown
@ 2011-05-17  4:52 ` Neil Brown
  2011-05-17 13:45   ` Chuck Lever
       [not found]   ` <20110517045217.29020.16140.stgit-wvvUuzkyo1EYVZTmpyfIwg@public.gmane.org>
  2011-05-17  4:52 ` [PATCH 2/2] supress socket error when address family is not supported Neil Brown
  1 sibling, 2 replies; 8+ messages in thread
From: Neil Brown @ 2011-05-17  4:52 UTC (permalink / raw)
  To: Steve Dickson; +Cc: linux-nfs, NeilBrown

nfs_addmntent is used to append directly to /etc/mtab.
If the write partially fail, e.g. due to RLIMIT_FSIZE,
truncate back to original size and return an error.

See also https://bugzilla.redhat.com/show_bug.cgi?id=697975
 (CVE-2011-1749) CVE-2011-1749 nfs-utils: mount.nfs fails to anticipate RLIMIT_FSIZE

Signed-off-by: NeilBrown <neilb@suse.de>
---

 support/nfs/nfs_mntent.c |    9 +++++++++
 1 files changed, 9 insertions(+), 0 deletions(-)

diff --git a/support/nfs/nfs_mntent.c b/support/nfs/nfs_mntent.c
index a5216fc..a2118a2 100644
--- a/support/nfs/nfs_mntent.c
+++ b/support/nfs/nfs_mntent.c
@@ -12,6 +12,7 @@
 #include <string.h>		/* for index */
 #include <ctype.h>		/* for isdigit */
 #include <sys/stat.h>		/* for umask */
+#include <unistd.h>		/* for ftruncate */
 
 #include "nfs_mntent.h"
 #include "nls.h"
@@ -127,9 +128,11 @@ int
 nfs_addmntent (mntFILE *mfp, struct mntent *mnt) {
 	char *m1, *m2, *m3, *m4;
 	int res;
+	off_t length;
 
 	if (fseek (mfp->mntent_fp, 0, SEEK_END))
 		return 1;			/* failure */
+	length = ftell(mfp->mntent_fp);
 
 	m1 = mangle(mnt->mnt_fsname);
 	m2 = mangle(mnt->mnt_dir);
@@ -143,6 +146,12 @@ nfs_addmntent (mntFILE *mfp, struct mntent *mnt) {
 	free(m2);
 	free(m3);
 	free(m4);
+	if (res >= 0) {
+		res = fflush(mfp->mntent_fp);
+		if (res < 0)
+			/* Avoid leaving a corrupt mtab file */
+			ftruncate(fileno(mfp->mntent_fp), length);
+	}
 	return (res < 0) ? 1 : 0;
 }
 



^ permalink raw reply related	[flat|nested] 8+ messages in thread

* Re: [PATCH 1/2] Remove risk of nfs_addmntent corrupting mtab
  2011-05-17  4:52 ` [PATCH 1/2] Remove risk of nfs_addmntent corrupting mtab Neil Brown
@ 2011-05-17 13:45   ` Chuck Lever
       [not found]   ` <20110517045217.29020.16140.stgit-wvvUuzkyo1EYVZTmpyfIwg@public.gmane.org>
  1 sibling, 0 replies; 8+ messages in thread
From: Chuck Lever @ 2011-05-17 13:45 UTC (permalink / raw)
  To: Neil Brown; +Cc: Steve Dickson, linux-nfs


On May 17, 2011, at 12:52 AM, Neil Brown wrote:

> nfs_addmntent is used to append directly to /etc/mtab.
> If the write partially fail, e.g. due to RLIMIT_FSIZE,
> truncate back to original size and return an error.
> 
> See also https://bugzilla.redhat.com/show_bug.cgi?id=697975
> (CVE-2011-1749) CVE-2011-1749 nfs-utils: mount.nfs fails to anticipate RLIMIT_FSIZE

Seems reasonable.  Is there a similar fix needed for libmount?

> Signed-off-by: NeilBrown <neilb@suse.de>
> ---
> 
> support/nfs/nfs_mntent.c |    9 +++++++++
> 1 files changed, 9 insertions(+), 0 deletions(-)
> 
> diff --git a/support/nfs/nfs_mntent.c b/support/nfs/nfs_mntent.c
> index a5216fc..a2118a2 100644
> --- a/support/nfs/nfs_mntent.c
> +++ b/support/nfs/nfs_mntent.c
> @@ -12,6 +12,7 @@
> #include <string.h>		/* for index */
> #include <ctype.h>		/* for isdigit */
> #include <sys/stat.h>		/* for umask */
> +#include <unistd.h>		/* for ftruncate */
> 
> #include "nfs_mntent.h"
> #include "nls.h"
> @@ -127,9 +128,11 @@ int
> nfs_addmntent (mntFILE *mfp, struct mntent *mnt) {
> 	char *m1, *m2, *m3, *m4;
> 	int res;
> +	off_t length;
> 
> 	if (fseek (mfp->mntent_fp, 0, SEEK_END))
> 		return 1;			/* failure */
> +	length = ftell(mfp->mntent_fp);
> 
> 	m1 = mangle(mnt->mnt_fsname);
> 	m2 = mangle(mnt->mnt_dir);
> @@ -143,6 +146,12 @@ nfs_addmntent (mntFILE *mfp, struct mntent *mnt) {
> 	free(m2);
> 	free(m3);
> 	free(m4);
> +	if (res >= 0) {
> +		res = fflush(mfp->mntent_fp);
> +		if (res < 0)
> +			/* Avoid leaving a corrupt mtab file */
> +			ftruncate(fileno(mfp->mntent_fp), length);
> +	}
> 	return (res < 0) ? 1 : 0;
> }
> 
> 
> 
> --
> To unsubscribe from this list: send the line "unsubscribe linux-nfs" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at  http://vger.kernel.org/majordomo-info.html

-- 
Chuck Lever
chuck[dot]lever[at]oracle[dot]com





^ permalink raw reply	[flat|nested] 8+ messages in thread

[parent not found: <20110517045217.29020.16140.stgit-wvvUuzkyo1EYVZTmpyfIwg@public.gmane.org>]

* Re: [PATCH 1/2] Remove risk of nfs_addmntent corrupting mtab
       [not found]   ` <20110517045217.29020.16140.stgit-wvvUuzkyo1EYVZTmpyfIwg@public.gmane.org>
@ 2011-05-23 12:26     ` Steve Dickson
  0 siblings, 0 replies; 8+ messages in thread
From: Steve Dickson @ 2011-05-23 12:26 UTC (permalink / raw)
  To: Neil Brown; +Cc: linux-nfs



On 05/17/2011 12:52 AM, Neil Brown wrote:
> nfs_addmntent is used to append directly to /etc/mtab.
> If the write partially fail, e.g. due to RLIMIT_FSIZE,
> truncate back to original size and return an error.
> 
> See also https://bugzilla.redhat.com/show_bug.cgi?id=697975
>  (CVE-2011-1749) CVE-2011-1749 nfs-utils: mount.nfs fails to anticipate RLIMIT_FSIZE
> 
> Signed-off-by: NeilBrown <neilb@suse.de>
> ---
> 
>  support/nfs/nfs_mntent.c |    9 +++++++++
>  1 files changed, 9 insertions(+), 0 deletions(-)
> 
> diff --git a/support/nfs/nfs_mntent.c b/support/nfs/nfs_mntent.c
> index a5216fc..a2118a2 100644
> --- a/support/nfs/nfs_mntent.c
> +++ b/support/nfs/nfs_mntent.c
> @@ -12,6 +12,7 @@
>  #include <string.h>		/* for index */
>  #include <ctype.h>		/* for isdigit */
>  #include <sys/stat.h>		/* for umask */
> +#include <unistd.h>		/* for ftruncate */
>  
>  #include "nfs_mntent.h"
>  #include "nls.h"
> @@ -127,9 +128,11 @@ int
>  nfs_addmntent (mntFILE *mfp, struct mntent *mnt) {
>  	char *m1, *m2, *m3, *m4;
>  	int res;
> +	off_t length;
>  
>  	if (fseek (mfp->mntent_fp, 0, SEEK_END))
>  		return 1;			/* failure */
> +	length = ftell(mfp->mntent_fp);
>  
>  	m1 = mangle(mnt->mnt_fsname);
>  	m2 = mangle(mnt->mnt_dir);
> @@ -143,6 +146,12 @@ nfs_addmntent (mntFILE *mfp, struct mntent *mnt) {
>  	free(m2);
>  	free(m3);
>  	free(m4);
> +	if (res >= 0) {
> +		res = fflush(mfp->mntent_fp);
> +		if (res < 0)
> +			/* Avoid leaving a corrupt mtab file */
> +			ftruncate(fileno(mfp->mntent_fp), length);
> +	}
>  	return (res < 0) ? 1 : 0;
>  }
>  
> 
> 
Committed...

steved.

^ permalink raw reply	[flat|nested] 8+ messages in thread

* [PATCH 2/2] supress socket error when address family is not supported
  2011-05-17  4:52 [PATCH 0/2] Two small fixes for nfs-utils Neil Brown
  2011-05-17  4:52 ` [PATCH 1/2] Remove risk of nfs_addmntent corrupting mtab Neil Brown
@ 2011-05-17  4:52 ` Neil Brown
       [not found]   ` <20110517045217.29020.46681.stgit-wvvUuzkyo1EYVZTmpyfIwg@public.gmane.org>
  2011-05-23 12:26   ` [PATCH 2/2] supress socket error when address family is not supported Steve Dickson
  1 sibling, 2 replies; 8+ messages in thread
From: Neil Brown @ 2011-05-17  4:52 UTC (permalink / raw)
  To: Steve Dickson; +Cc: linux-nfs, Suresh Jayaraman, Neil Brown

From: Suresh Jayaraman <sjayaraman@suse.de>

It was observed that when ipv6 module was not loaded and cannot be auto-loaded,
when starting NFS server, the following error occurs:
	"rpc.nfsd: unable to create inet6 TCP socket: errno 97 (Address
	family not supported by protocol)"

This is obviously a true message, but does not represent an "error" when ipv6
is not enabled.  Rather, it is an expected condition.  As such, it can be
confusing / misleading / distracting to display it in this scenario.

This patch instead of throwing error when a socket call fails with
EAFNOSUPPORT, makes it as a NOTICE.

Signed-off-by: Suresh Jayaraman <sjayaraman@suse.de>
Signed-off-by: Neil Brown <neilb@suse.de>
---

 utils/nfsd/nfssvc.c |    9 +++++++--
 1 files changed, 7 insertions(+), 2 deletions(-)

diff --git a/utils/nfsd/nfssvc.c b/utils/nfsd/nfssvc.c
index ea36399..f607214 100644
--- a/utils/nfsd/nfssvc.c
+++ b/utils/nfsd/nfssvc.c
@@ -174,8 +174,13 @@ nfssvc_setfds(const struct addrinfo *hints, const char *node, const char *port)
 		sockfd = socket(addr->ai_family, addr->ai_socktype,
 				addr->ai_protocol);
 		if (sockfd < 0) {
-			xlog(L_ERROR, "unable to create %s %s socket: "
-				"errno %d (%m)", family, proto, errno);
+			if (errno == EAFNOSUPPORT)
+				xlog(L_NOTICE, "address family %s not "
+						"supported by protocol %s",
+						family, proto);
+			else
+				xlog(L_ERROR, "unable to create %s %s socket: "
+				     "errno %d (%m)", family, proto, errno);
 			rc = errno;
 			goto error;
 		}



^ permalink raw reply related	[flat|nested] 8+ messages in thread

[parent not found: <20110517045217.29020.46681.stgit-wvvUuzkyo1EYVZTmpyfIwg@public.gmane.org>]

* mount.nfs4: Mounting failed, reason given by server: No such file or directory
       [not found]   ` <20110517045217.29020.46681.stgit-wvvUuzkyo1EYVZTmpyfIwg@public.gmane.org>
@ 2011-05-17  6:29     ` Taousif_Ansari-G5Y5guI6XLZWk0Htik3J/w
  2011-05-17  6:38       ` Mi Jinlong
  0 siblings, 1 reply; 8+ messages in thread
From: Taousif_Ansari-G5Y5guI6XLZWk0Htik3J/w @ 2011-05-17  6:29 UTC (permalink / raw)
  To: linux-nfs

SGksDQoNCkkgaGF2ZSBleHBvcnRlZCBvbmUgZGlyZWN0b3J5IGZyb20gbXkgc2VydmVyIGl0IGlz
IC9leHBvcnQgYW5kIG15IC9ldGMvZXhwb3J0IGZpbGUgbG9va3MgbGlrZQ0KDQovZXhwb3J0ICoo
cncsZnNpZD0wLHN5bmMscG5mcyxpbnNlY3VyZSxub19yb290X3NxdWFzaCxub19zdWJ0cmVlX2No
ZWNrKQ0KDQpBdCBjbGllbnQNCnRzZkBjbGllbnRdIyBtb3VudCAtdCBuZnM0IC1vIG1pbm9ydmVy
c2lvbj0xIDxzZXJ2ZXItaXA+Oi9leHBvcnQgL21udA0KTW91bnQubmZzNDogbW91bnRpbmcgPHNl
cnZlci1pcD46L2V4cG9ydCBmaWxlZCwgcmVhc29uIGdpdmVuIGJ5IHNlcnZlcjogTm8gc3VjaCBm
aWxlIG9yIGRpcmVjdG9yeS4NCg0KSW5zdGVhZCwgaWYgSSB1c2Ugc2ltcGxlIG1vdW50IHRoZW4g
aXQgaXMgc3VjY2VlZGluZw0KdHNmQGNsaWVudF0jIG1vdW50IDxzZXJ2ZXItaXA+Oi9leHBvcnQg
L21udA0KU3VjY2Vzc2Z1bGx5IG1vdW50ZWQuDQoNCg0KQ2FuIHNvbWVib2R5IHBsZWFzZSB0ZWxs
IG1lIHdoYXQgaXMgdGhlIHByb2JsZW0uLi4/DQo=

^ permalink raw reply	[flat|nested] 8+ messages in thread

* Re: mount.nfs4: Mounting failed, reason given by server: No such file or directory
  2011-05-17  6:29     ` mount.nfs4: Mounting failed, reason given by server: No such file or directory Taousif_Ansari-G5Y5guI6XLZWk0Htik3J/w
@ 2011-05-17  6:38       ` Mi Jinlong
  0 siblings, 0 replies; 8+ messages in thread
From: Mi Jinlong @ 2011-05-17  6:38 UTC (permalink / raw)
  To: Taousif_Ansari; +Cc: linux-nfs



Taousif_Ansari@DELLTEAM.com 写道:
> Hi,
> 
> I have exported one directory from my server it is /export and my /etc/export file looks like
> 
> /export *(rw,fsid=0,sync,pnfs,insecure,no_root_squash,no_subtree_check)
> 
> At client
> tsf@client]# mount -t nfs4 -o minorversion=1 <server-ip>:/export /mnt
> Mount.nfs4: mounting <server-ip>:/export filed, reason given by server: No such file or directory.

 You should mount NFS4 as:
  # mount -t nfs4 -o minorversion=1 <server-ip>:/ /mnt

 Don't add the export dir after server-ip.

> 
> Instead, if I use simple mount then it is succeeding
> tsf@client]# mount <server-ip>:/export /mnt

 As this, you mount nfs success through NFSv3.

-- 
----
thanks
Mi Jinlong


^ permalink raw reply	[flat|nested] 8+ messages in thread

* Re: [PATCH 2/2] supress socket error when address family is not supported
  2011-05-17  4:52 ` [PATCH 2/2] supress socket error when address family is not supported Neil Brown
       [not found]   ` <20110517045217.29020.46681.stgit-wvvUuzkyo1EYVZTmpyfIwg@public.gmane.org>
@ 2011-05-23 12:26   ` Steve Dickson
  1 sibling, 0 replies; 8+ messages in thread
From: Steve Dickson @ 2011-05-23 12:26 UTC (permalink / raw)
  To: Neil Brown; +Cc: linux-nfs, Suresh Jayaraman



On 05/17/2011 12:52 AM, Neil Brown wrote:
> From: Suresh Jayaraman <sjayaraman@suse.de>
> 
> It was observed that when ipv6 module was not loaded and cannot be auto-loaded,
> when starting NFS server, the following error occurs:
> 	"rpc.nfsd: unable to create inet6 TCP socket: errno 97 (Address
> 	family not supported by protocol)"
> 
> This is obviously a true message, but does not represent an "error" when ipv6
> is not enabled.  Rather, it is an expected condition.  As such, it can be
> confusing / misleading / distracting to display it in this scenario.
> 
> This patch instead of throwing error when a socket call fails with
> EAFNOSUPPORT, makes it as a NOTICE.
> 
> Signed-off-by: Suresh Jayaraman <sjayaraman@suse.de>
> Signed-off-by: Neil Brown <neilb@suse.de>
> ---
> 
>  utils/nfsd/nfssvc.c |    9 +++++++--
>  1 files changed, 7 insertions(+), 2 deletions(-)
> 
> diff --git a/utils/nfsd/nfssvc.c b/utils/nfsd/nfssvc.c
> index ea36399..f607214 100644
> --- a/utils/nfsd/nfssvc.c
> +++ b/utils/nfsd/nfssvc.c
> @@ -174,8 +174,13 @@ nfssvc_setfds(const struct addrinfo *hints, const char *node, const char *port)
>  		sockfd = socket(addr->ai_family, addr->ai_socktype,
>  				addr->ai_protocol);
>  		if (sockfd < 0) {
> -			xlog(L_ERROR, "unable to create %s %s socket: "
> -				"errno %d (%m)", family, proto, errno);
> +			if (errno == EAFNOSUPPORT)
> +				xlog(L_NOTICE, "address family %s not "
> +						"supported by protocol %s",
> +						family, proto);
> +			else
> +				xlog(L_ERROR, "unable to create %s %s socket: "
> +				     "errno %d (%m)", family, proto, errno);
>  			rc = errno;
>  			goto error;
>  		}
> 
> 
Committed...

steved.

^ permalink raw reply	[flat|nested] 8+ messages in thread

end of thread, other threads:[~2011-05-23 12:26 UTC | newest]

Thread overview: 8+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2011-05-17  4:52 [PATCH 0/2] Two small fixes for nfs-utils Neil Brown
2011-05-17  4:52 ` [PATCH 1/2] Remove risk of nfs_addmntent corrupting mtab Neil Brown
2011-05-17 13:45   ` Chuck Lever
     [not found]   ` <20110517045217.29020.16140.stgit-wvvUuzkyo1EYVZTmpyfIwg@public.gmane.org>
2011-05-23 12:26     ` Steve Dickson
2011-05-17  4:52 ` [PATCH 2/2] supress socket error when address family is not supported Neil Brown
     [not found]   ` <20110517045217.29020.46681.stgit-wvvUuzkyo1EYVZTmpyfIwg@public.gmane.org>
2011-05-17  6:29     ` mount.nfs4: Mounting failed, reason given by server: No such file or directory Taousif_Ansari-G5Y5guI6XLZWk0Htik3J/w
2011-05-17  6:38       ` Mi Jinlong
2011-05-23 12:26   ` [PATCH 2/2] supress socket error when address family is not supported Steve Dickson

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).