| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sun, 10 Jul 2022 12:43:44 +0200
From: Igor Mammedov <imammedo@...hat.com>
To: Chuck Lever III <chuck.lever@...cle.com>
Cc: ondrej.valousek.xm@...esas.com,
Linux NFS Mailing List <linux-nfs@...r.kernel.org>,
Linux Kernel Mailing List <linux-kernel@...r.kernel.org>,
bfields@...ldses.org,
Linus Torvalds <torvalds@...ux-foundation.org>
Subject: Re: [GIT PULL] nfsd changes for 5.18
On Mon, 21 Mar 2022 14:12:31 +0000
Chuck Lever III <chuck.lever@...cle.com> wrote:
couldn't find offender patch on ML so replying here
> Hi Linus-
>
> The following changes since commit 7e57714cd0ad2d5bb90e50b5096a0e671dec1ef3:
>
> Linux 5.17-rc6 (2022-02-27 14:36:33 -0800)
>
> are available in the Git repository at:
>
> git://git.kernel.org/pub/scm/linux/kernel/git/cel/linux.git tags/nfsd-5.18
>
> for you to fetch changes up to 4fc5f5346592cdc91689455d83885b0af65d71b8:
>
> nfsd: fix using the correct variable for sizeof() (2022-03-20 12:49:38 -0400)
>
> ----------------------------------------------------------------
> New features:
> - NFSv3 support in NFSD is now always built
> - Added NFSD support for the NFSv4 birth-time file attribute
[...]
> Ondrej Valousek (1):
> nfsd: Add support for the birth time attribute
This patch regressed clients that support TIME_CREATE attribute.
Starting with this patch client might think that server supports
TIME_CREATE and start sending this attribute in its requests.
However kernel on server side (since this patch and to
current master) upon getting such request will return EINVAL.
(my guess is that TIME_CREATE not being decoded properly and
that messes up request parsing).
End result is unusable mount (unless it's treated as readonly).
Reproduces with current master (HEAD at e5524c2a1fc40) and MacOS
client (Big Sur or newest Monterey).
server is typical setup exporting files from XFS (Fedora36)
# rpcdebug -m nfsd -s all
on client:
% mount -t nfs -o vers=4,rw,nfc,sec=sys testnas:/mnt ~/test
% touch ~/test/fff
touch: test/fff: Invalid argument
server logs:
nfsd: fh_compose(exp fd:00/128 fff, ino=0)
NFSD: nfsd4_open filename op_openowner 0000000000000000
Here is a request the touch generates:
Network File System, Ops(6): PUTFH, SAVEFH, OPEN, GETATTR, RESTOREFH, GETATTR
[Program Version: 4]
[V4 Procedure: COMPOUND (1)]
Tag: create
minorversion: 0
Operations (count: 6): PUTFH, SAVEFH, OPEN, GETATTR, RESTOREFH, GETATTR
Opcode: PUTFH (22)
Opcode: SAVEFH (32)
Opcode: OPEN (18)
seqid: 0x00000004
share_access: OPEN4_SHARE_ACCESS_BOTH (3)
share_deny: OPEN4_SHARE_DENY_NONE (0)
clientid: 0xba93c9620aec46ea
owner: <DATA>
Open Type: OPEN4_CREATE (1)
Create Mode: UNCHECKED4 (0)
Attr mask: 0x00040002 (Mode, Time_Create)
reco_attr: Mode (33)
reco_attr: Time_Create (50)
Claim Type: CLAIM_NULL (0)
Name: fff
[...]
when trying to copy file via GUI (Finder) it goes a different route
but ends up with error anyway and with leftover 0-length file on server
with messed up permissions, i.e.
open/create without Time_Create succeeds but followup
setattr with Time_Create fails EINVAL.
Network File System, Ops(3): PUTFH, SETATTR, GETATTR
[Program Version: 4]
[V4 Procedure: COMPOUND (1)]
Tag: setattr
minorversion: 0
Operations (count: 3): PUTFH, SETATTR, GETATTR
Opcode: PUTFH (22)
Opcode: SETATTR (34)
StateID
Attr mask: 0x00450002 (Mode, Time_Access_Set, Time_Create, Time_Modify_Set)
reco_attr: Mode (33)
reco_attr: Time_Access_Set (48)
reco_attr: Time_Create (50)
reco_attr: Time_Modify_Set (54)
Opcode: GETATTR (9)
[Main Opcode: SETATTR (34)]
[...]
> --
> Chuck Lever
>
>
>
Powered by blists - more mailing lists