← Back to team overview

kernel-packages team mailing list archive

  1. kernel-packages team
  2. Mailing list archive
  3. Message #103778

[Bug 683938] Re: kernel crash on symlink chased from NFS to failing automount

  Thread PreviousDate PreviousThread Next 
** CVE removed: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2010-4249

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/683938

Title:
  kernel crash on symlink chased from NFS to failing automount

Status in The Linux Kernel:
  Fix Released
Status in linux package in Ubuntu:
  Fix Released
Status in linux source package in Lucid:
  Fix Released
Status in linux source package in Maverick:
  Fix Released
Status in linux source package in Natty:
  Fix Released

Bug description:
  SRU justification:

  Impact: When trying to mount an export where server and client have no
  common authentication method, the client will abort the mount by
  sending an advisory unmount message to the server. A bug in the RPC
  client setup causes the sunrpc code to access memory outside an
  allocated array, which will sooner or later cause the kernel to crash.

  Fix: Patch from upstream (about to be submitted and targeted for
  stable too) changes the setup to use the actual array size instead of
  a manually entered number.

  Testcase:

  Server exports a mount with an authentication method the client does not support, eg.:
  [/etc/exports] /srv/foo *(rw,sec=krb5)

  Client tries to mount this directory with no special authentication method:
  while true; do mount <server>:/srv/foo /mnt; sync; sleep 1; done

  ---

  Create an automount indirect map entry to a nfs server that will deny the mount with a permission denied error.
  Create a symlink on some mounted NFS partition pointing at the name of that automount indirect map entry.
  Chase the symlink with ls, etc.
  Notice that the automounter tries and fails to mount the partition. (visible with automount -d -f, say)

  In a few minutes, depending on system activity, the kernel will crash
  with the symptoms of a memory corruption error.

To manage notifications about this bug go to:
https://bugs.launchpad.net/linux/+bug/683938/+subscriptions
  Thread PreviousDate PreviousThread Next