kernel-packages team mailing list archive
  
  - 
     kernel-packages team kernel-packages team
- 
    Mailing list archive
  
- 
    Message #115003
  
 [Bug 1124250] Re: Partially incorrect uid mapping with nfs4/idmapd/ldap-auth
  
This bug was fixed in the package linux - 3.13.0-51.84
---------------
linux (3.13.0-51.84) trusty; urgency=low
  [ Luis Henriques ]
  * Release Tracking Bug
    - LP: #1444141
  * Merged back Ubuntu-3.13.0-49.83 security release
linux (3.13.0-50.82) trusty; urgency=low
  [ Brad Figg ]
  * Release Tracking Bug
    - LP: #1442285
  [ Andy Whitcroft ]
  * [Config] CONFIG_DEFAULT_MMAP_MIN_ADDR needs to match on armhf and arm64
    - LP: #1418140
  [ Chris J Arges ]
  * [Config] CONFIG_PCIEASPM_DEBUG=y
    - LP: #1398544
  [ Upstream Kernel Changes ]
  * KEYS: request_key() should reget expired keys rather than give
    EKEYEXPIRED
    - LP: #1124250
  * audit: correctly record file names with different path name types
    - LP: #1439441
  * KVM: x86: Check for nested events if there is an injectable interrupt
    - LP: #1413540
  * be2iscsi: fix memory leak in error path
    - LP: #1440156
  * block: remove old blk_iopoll_enabled variable
    - LP: #1440156
  * be2iscsi: Fix handling timed out MBX completion from FW
    - LP: #1440156
  * be2iscsi: Fix doorbell format for EQ/CQ/RQ s per SLI spec.
    - LP: #1440156
  * be2iscsi: Fix the session cleanup when reboot/shutdown happens
    - LP: #1440156
  * be2iscsi: Fix scsi_cmnd leakage in driver.
    - LP: #1440156
  * be2iscsi : Fix DMA Out of SW-IOMMU space error
    - LP: #1440156
  * be2iscsi: Fix retrieving MCCQ_WRB in non-embedded Mbox path
    - LP: #1440156
  * be2iscsi: Fix exposing Host in sysfs after adapter initialization is
    complete
    - LP: #1440156
  * be2iscsi: Fix interrupt Coalescing mechanism.
    - LP: #1440156
  * be2iscsi: Fix TCP parameters while connection offloading.
    - LP: #1440156
  * be2iscsi: Fix memory corruption in MBX path
    - LP: #1440156
  * be2iscsi: Fix destroy MCC-CQ before MCC-EQ is destroyed
    - LP: #1440156
  * be2iscsi: add an missing goto in error path
    - LP: #1440156
  * be2iscsi: remove potential junk pointer free
    - LP: #1440156
  * be2iscsi: Fix memory leak in mgmt_set_ip()
    - LP: #1440156
  * be2iscsi: Fix the sparse warning introduced in previous submission
    - LP: #1440156
  * be2iscsi: Fix updating the boot enteries in sysfs
    - LP: #1440156
  * be2iscsi: Fix processing CQE before connection resources are freed
    - LP: #1440156
  * be2iscsi : Fix kernel panic during reboot/shutdown
    - LP: #1440156
  * fixed invalid assignment of 64bit mask to host dma_boundary for scatter
    gather segment boundary limit.
    - LP: #1440156
  * quota: Store maximum space limit in bytes
    - LP: #1441284
  * ip: zero sockaddr returned on error queue
    - LP: #1441284
  * net: rps: fix cpu unplug
    - LP: #1441284
  * ipv6: stop sending PTB packets for MTU < 1280
    - LP: #1441284
  * netxen: fix netxen_nic_poll() logic
    - LP: #1441284
  * udp_diag: Fix socket skipping within chain
    - LP: #1441284
  * ping: Fix race in free in receive path
    - LP: #1441284
  * bnx2x: fix napi poll return value for repoll
    - LP: #1441284
  * net: don't OOPS on socket aio
    - LP: #1441284
  * bridge: dont send notification when skb->len == 0 in rtnl_bridge_notify
    - LP: #1441284
  * ipv4: tcp: get rid of ugly unicast_sock
    - LP: #1441284
  * ppp: deflate: never return len larger than output buffer
    - LP: #1441284
  * net: sctp: fix passing wrong parameter header to param_type2af in
    sctp_process_param
    - LP: #1441284
  * ARM: pxa: add regulator_has_full_constraints to corgi board file
    - LP: #1441284
  * ARM: pxa: add regulator_has_full_constraints to poodle board file
    - LP: #1441284
  * ARM: pxa: add regulator_has_full_constraints to spitz board file
    - LP: #1441284
  * hx4700: regulator: declare full constraints
    - LP: #1441284
  * HID: input: fix confusion on conflicting mappings
    - LP: #1441284
  * HID: fixup the conflicting keyboard mappings quirk
    - LP: #1441284
  * megaraid_sas: disable interrupt_mask before enabling hardware
    interrupts
    - LP: #1441284
  * PCI: Generate uppercase hex for modalias var in uevent
    - LP: #1441284
  * usb: core: buffer: smallest buffer should start at ARCH_DMA_MINALIGN
    - LP: #1441284
  * tty/serial: at91: enable peripheral clock before accessing I/O
    registers
    - LP: #1441284
  * tty/serial: at91: fix error handling in atmel_serial_probe()
    - LP: #1441284
  * axonram: Fix bug in direct_access
    - LP: #1441284
  * ksoftirqd: Enable IRQs and call cond_resched() before poking RCU
    - LP: #1441284
  * TPM: Add new TPMs to the tail of the list to prevent inadvertent change
    of dev
    - LP: #1441284
  * char: tpm: Add missing error check for devm_kzalloc
    - LP: #1441284
  * tpm_tis: verify interrupt during init
    - LP: #1441284
  * tpm: Fix NULL return in tpm_ibmvtpm_get_desired_dma
    - LP: #1441284
  * tpm/tpm_i2c_stm_st33: Fix potential bug in tpm_stm_i2c_send
    - LP: #1441284
  * tpm/tpm_i2c_stm_st33: Add status check when reading data on the FIFO
    - LP: #1441284
  * mmc: sdhci-pxav3: fix unbalanced clock issues during probe
    - LP: #1441284
  * iwlwifi: mvm: validate tid and sta_id in ba_notif
    - LP: #1441284
  * power: bq24190: Fix ignored supplicants
    - LP: #1441284
  * ARM: DRA7: hwmod: Fix boot crash with DEBUG_LL enabled on UART3
    - LP: #1441284
  * Bluetooth: ath3k: Add support of AR3012 bluetooth 13d3:3423 device
    - LP: #1411193, #1441284
  * cfq-iosched: fix incorrect filing of rt async cfqq
    - LP: #1441284
  * smack: fix possible use after frees in task_security() callers
    - LP: #1441284
  * xfs: ensure buffer types are set correctly
    - LP: #1441284
  * xfs: inode unlink does not set AGI buffer type
    - LP: #1441284
  * xfs: set buf types when converting extent formats
    - LP: #1441284
  * xfs: set superblock buffer type correctly
    - LP: #1441284
  * btrfs: set proper message level for skinny metadata
    - LP: #1441284
  * KVM: s390: base hrtimer on a monotonic clock
    - LP: #1441284
  * PCI: Fix infinite loop with ROM image of size 0
    - LP: #1441284
  * USB: cp210x: add ID for RUGGEDCOM USB Serial Console
    - LP: #1441284
  * clk: zynq: Force CPU_2X clock to be ungated
    - LP: #1441284
  * mmc: sdhci-pxav3: Remove checks for mandatory host clock
    - LP: #1441284
  * mmc: sdhci-pxav3: fix race between runtime pm and irq
    - LP: #1441284
  * power_supply: 88pm860x: Fix leaked power supply on probe fail
    - LP: #1441284
  * staging: comedi: comedi_compat32.c: fix COMEDI_CMD copy back
    - LP: #1441284
  * mmc: sdhci-pxav3: fix setting of pdata->clk_delay_cycles
    - LP: #1441284
  * ARM: 8284/1: sa1100: clear RCSR_SMR on resume
    - LP: #1441284
  * usb: musb: omap2plus bus glue needs USB host support
    - LP: #1441284
  * USB: add flag for HCDs that can't receive wakeup requests (isp1760-hcd)
    - LP: #1441284
  * USB: fix use-after-free bug in usb_hcd_unlink_urb()
    - LP: #1441284
  * iwlwifi: mvm: always use mac color zero
    - LP: #1441284
  * iwlwifi: pcie: disable the SCD_BASE_ADDR when we resume from WoWLAN
    - LP: #1441284
  * vt: provide notifications on selection changes
    - LP: #1441284
  * tty: Prevent untrappable signals from malicious program
    - LP: #1441284
  * cpufreq: Set cpufreq_cpu_data to NULL before putting kobject
    - LP: #1441284
  * lmedm04: Fix usb_submit_urb BOGUS urb xfer, pipe 1 != type 3 in
    interrupt urb
    - LP: #1441284
  * mei: mask interrupt set bit on clean reset bit
    - LP: #1441284
  * mei: me: release hw from reset only during the reset flow
    - LP: #1441284
  * MIPS: KVM: Deliver guest interrupts after local_irq_disable()
    - LP: #1441284
  * KVM: MIPS: Don't leak FPU/DSP to guest
    - LP: #1441284
  * ALSA: hda - Add the pin fixup for HP Envy TS bass speaker
    - LP: #1441284
  * ALSA: hda - Set up GPIO for Toshiba Satellite S50D
    - LP: #1441284
  * xen/manage: Fix USB interaction issues when resuming
    - LP: #1441284
  * drm/i915: Correct the IOSF Dev_FN field for IOSF transfers
    - LP: #1441284
  * cfq-iosched: handle failure of cfq group allocation
    - LP: #1441284
  * tracing: Fix unmapping loop in tracing_mark_write
    - LP: #1441284
  * fsnotify: fix handling of renames in audit
    - LP: #1441284
  * drm/radeon: workaround for CP HW bug on CIK
    - LP: #1441284
  * drm/radeon: only enable kv/kb dpm interrupts once v3
    - LP: #1441284
  * NFSv4.1: Fix a kfree() of uninitialised pointers in
    decode_cb_sequence_args
    - LP: #1441284
  * cpufreq: speedstep-smi: enable interrupts when waiting
    - LP: #1441284
  * mm/hugetlb: pmd_huge() returns true for non-present hugepage
    - LP: #1441284
  * mm: cleanup follow_page_mask()
    - LP: #1441284
  * mm/hugetlb: take page table lock in follow_huge_pmd()
    - LP: #1441284
  * mm/hugetlb: fix getting refcount 0 page in hugetlb_fault()
    - LP: #1441284
  * mm/hugetlb: add migration/hwpoisoned entry check in
    hugetlb_change_protection
    - LP: #1441284
  * mm/hugetlb: add migration entry check in __unmap_hugepage_range
    - LP: #1441284
  * mm: softdirty: unmapped addresses between VMAs are clean
    - LP: #1441284
  * proc/pagemap: walk page tables under pte lock
    - LP: #1441284
  * mm: when stealing freepages, also take pages created by splitting buddy
    page
    - LP: #1441284
  * mm/mmap.c: fix arithmetic overflow in __vm_enough_memory()
    - LP: #1441284
  * mm/nommu.c: fix arithmetic overflow in __vm_enough_memory()
    - LP: #1441284
  * iscsi-target: Drop problematic active_ts_list usage
    - LP: #1441284
  * target: Fix PR_APTPL_BUF_LEN buffer size limitation
    - LP: #1441284
  * mm/compaction: fix wrong order check in compact_finished()
    - LP: #1441284
  * mm/memory.c: actually remap enough memory
    - LP: #1441284
  * mm: hwpoison: drop lru_add_drain_all() in __soft_offline_page()
    - LP: #1441284
  * ARC: fix page address calculation if PAGE_OFFSET != LINUX_LINK_BASE
    - LP: #1441284
  * drm/radeon/dp: Set EDP_CONFIGURATION_SET for bridge chips if necessary
    - LP: #1441284
  * drm/radeon: fix voltage setup on hawaii
    - LP: #1441284
  * ALSA: hdspm - Constrain periods to 2 on older cards
    - LP: #1441284
  * jffs2: fix handling of corrupted summary length
    - LP: #1441284
  * dm mirror: do not degrade the mirror on discard error
    - LP: #1441284
  * dm io: reject unsupported DISCARD requests with EOPNOTSUPP
    - LP: #1441284
  * target: Add missing WRITE_SAME end-of-device sanity check
    - LP: #1441284
  * target: Check for LBA + sectors wrap-around in sbc_parse_cdb
    - LP: #1441284
  * Btrfs: fix fsync data loss after adding hard link to inode
    - LP: #1441284
  * Added Little Endian support to vtpm module
    - LP: #1441284
  * sg: fix read() error reporting
    - LP: #1441284
  * IB/qib: Do not write EEPROM
    - LP: #1441284
  * md/raid5: Fix livelock when array is both resyncing and degraded.
    - LP: #1441284
  * dm: fix a race condition in dm_get_md
    - LP: #1441284
  * dm snapshot: fix a possible invalid memory access on unload
    - LP: #1441284
  * cpufreq: s3c: remove incorrect __init annotations
    - LP: #1441284
  * libceph: assert both regular and lingering lists in __remove_osd()
    - LP: #1441284
  * libceph: change from BUG to WARN for __remove_osd() asserts
    - LP: #1441284
  * libceph: fix double __remove_osd() problem
    - LP: #1441284
  * MIPS: Export FP functions used by lose_fpu(1) for KVM
    - LP: #1441284
  * kdb: fix incorrect counts in KDB summary command output
    - LP: #1441284
  * blk-throttle: check stats_cpu before reading it from sysfs
    - LP: #1441284
  * procfs: fix race between symlink removals and traversals
    - LP: #1441284
  * autofs4 copy_dev_ioctl(): keep the value of ->size we'd used for
    allocation
    - LP: #1441284
  * pktgen: fix UDP checksum computation
    - LP: #1441284
  * ipv6: fix ipv6_cow_metrics for non DST_HOST case
    - LP: #1441284
  * clk-gate: fix bit # check in clk_register_gate()
    - LP: #1441284
  * ALSA: off by one bug in snd_riptide_joystick_probe()
    - LP: #1441284
  * ath5k: fix spontaneus AR5312 freezes
    - LP: #1441284
  * pinctrl: pinctrl-imx: don't use invalid value of conf_reg
    - LP: #1441284
  * ALSA: hda - Add one more node in the EAPD supporting candidate list
    - LP: #1436745, #1441284
  * ALSA: hda - Add pin configs for ASUS mobo with IDT 92HD73XX codec
    - LP: #1441284
  * drm/i915/bdw: PCI IDs ending in 0xb are ULT.
    - LP: #1441284
  * xfs: Fix quota type in quota structures when reusing quota file
    - LP: #1441284
  * gpiolib: of: allow of_gpiochip_find_and_xlate to find more than one
    chip per node
    - LP: #1441284
  * gpio: tps65912: fix wrong container_of arguments
    - LP: #1441284
  * ALSA: pcm: Don't leave PREPARED state after draining
    - LP: #1441284
  * metag: Fix KSTK_EIP() and KSTK_ESP() macros
    - LP: #1441284
  * md/raid1: fix read balance when a drive is write-mostly.
    - LP: #1441284
  * drm/radeon: use drm_mode_vrefresh() rather than mode->vrefresh
    - LP: #1441284
  * drm/radeon: fix 1 RB harvest config setup for TN/RL
    - LP: #1441284
  * arm64: compat Fix siginfo_t -> compat_siginfo_t conversion on big
    endian
    - LP: #1441284
  * nilfs2: fix potential memory overrun on inode
    - LP: #1441284
  * HID: i2c-hid: Limit reads to wMaxInputLength bytes for input events
    - LP: #1441284
  * Linux 3.13.11-ckt18
    - LP: #1441284
  * ipv6: Don't reduce hop limit for an interface
    - LP: #1441103
    - CVE-2015-2922
  * x86/microcode/intel: Guard against stack overflow in the loader
    - LP: #1438504
    - CVE-2015-2666
 -- Luis Henriques <luis.henriques@xxxxxxxxxxxxx>   Tue, 14 Apr 2015 21:38:57 +0100
-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1124250
Title:
  Partially incorrect uid mapping with nfs4/idmapd/ldap-auth
Status in linux package in Ubuntu:
  Fix Released
Status in linux source package in Trusty:
  Fix Released
Status in linux source package in Utopic:
  Fix Released
Status in nfs-utils package in Debian:
  Fix Released
Status in Fedora:
  Unknown
Bug description:
  [Impact]
   * This bug is likely to cause an incorrect UID/GID mapping for NFS
  shares in case of large numbers of differend UIDs/GIDs or in case of
  expired UID/GID mappings (stored as keys in the kernel).
  [Test Case]
   1. Setup a nfs4 server exporting /home with a large number of different users and ldap-based authentication.
   2. Mount the share on a ldap-connected client machine.
   3. List the mounted /home directory.
   4. Wait more than 10 minutes (the default key expiration time) and list it again with ls -l.
  Expected result - all directories are listed with correct UIDs/GIDs.
  Actual result - some of the directories may be listed with incorrect UID/GID of 4294967294.
  [Regression Potential]
   * This issue has been merged upstream in the 3.18 kernel and is also
  present in Debian's 3.16 kernel.
  [Other Info]
  * Original bug description:
  I'm running a nfs4 server exporting a directory /home (ext4,usrquota). This server is running Ubuntu 12.04 amd64(up-to-date). This directory is handling 662 homedirs for ldap authenticated users.
  /etc/exports is :
  /exports  192.168.0.0/24(rw,fsid=0,no_subtree_check)
  Important lines in /etc/idmapd.conf :
  domain=my-domain.org
  [Translation]
  Method=nsswitch.
  In /etc/default/nfs-common :
  NEED_IDMAPD=yes
  In /etc/default/nfs-kernel-server :
  RPCNFSDCOUNT=75
  RPCMOUNTDOPTS=--manage-gids
  2 Clients (rhel6 x86 & Ubuntu 12.04.2 i686) are mounting this nfs4 exported directory with no problems :
  When doing ls -l /home on this clients, I have :
  ...
  drwx------   4 user100 oldusers     4096 sept. 21  2011 user100
  drwx------   4 user101 oldusers     4096 sept. 21  2011 user101
  drwx------  37 user102 oldusers     4096 oct.   1 19:06 user102
  drwx------  36 user103 users        4096 févr. 5 21:08 user103
  drwx------  36 user104 users        4096 févr. 8 14:03 user104
  drwx------  30 user105 users        4096 févr. 4 18:01 user105
  drwx------  28 user106 oldusers     4096 oct.   5  2011 user106
  drwx------  37 user107 oldusers     4096 janv.  8 14:52 user107
  drwx------  31 user108 users        4096 déc.  4 11:52 user108
  drwx------   4 user109 oldusers     4096 sept. 21  2011 user109
  drwx--x--x  45 user110 oldusers     4096 janv. 22 15:53 user109
  drwx------  31 user111 users        4096 janv. 29 12:03 user110
  ...
  uid/gid mapping works fine, authldap works fine, ...
  All Clients running Ubuntu 12.10 i686  or  Ubuntu 12.10 amd64 are experiencing the same problem :
  The config files are the same that used in ubuntu 12.04.
  Auth ldap is correctly configured, user can log in.
  This is the /etc/fstab entry for /home :
  192.168.0.1:/     /home     nfs      rw,nfsvers=4     0  0
  Important lines in /etc/idmapd.conf :
  domain=my-domain.org
  [Translation]
  Method=nsswitch
  In /etc/default/nfs-common :
  NEED_IDMAPD=yes
  /etc/nsswitch.conf is :
  passwd: files ldap
  group: files ldap
  shadow: files ldap
  When doing ls -l /home there is a strange problem :
  drwx------   4 4294967294 oldusers     4096 sept. 21  2011 user100
  drwx------   4 user101    oldusers     4096 sept. 21  2011 user101
  drwx------  37 user102    oldusers     4096 oct.   1 19:06 user102
  drwx------  36 4294967294 users        4096 févr. 5 21:08 user103
  drwx------  36 4294967294 users        4096 févr. 8 14:03 user104
  drwx------  30 4294967294 users        4096 févr. 4 18:01 user105
  drwx------  28 4294967294 oldusers     4096 oct.   5  2011 user106
  drwx------  37 4294967294 oldusers     4096 janv.  8 14:52 user107
  drwx------  31 4294967294 users        4096 déc.  4 11:52 user108
  drwx------   4 user109    oldusers     4096 sept. 21  2011 user109
  drwx--x--x  45 4294967294 oldusers     4096 janv. 22 15:53 user110
  drwx------  31 4294967294 users        4096 janv. 29 12:03 user111
  for  571 homedirs (this number varies at each reboot)/662, the owner is the value 4294967294. For the  91 remaining homedirs,
  the owner is correct. The gidnumber is correctly mapped for all (only  5 differents values used for gidNumber).
  In /var/log/syslog, I can see :
  For example : user110 is mapped as 4294967294.
  but the command "id user110" returns :
  uid=31124(user110) gid=666(oldusers) groupes=666(oldusers)
  user110 logs in (auth ldap) from tty1. He runs "ls -l /home/user110/"
  :
  drwxr-xr-x 8 4294967294 oldusers 4096 janv. 19  2012 Bureau
  drwxr-xr-x 3 4294967294 oldusers 4096 déc.   2  2011 Documents
  drwxr-xr-x 2 4294967294 oldusers 4096 déc.   2  2011 Images
  Then, he runs "touch /home/user110/test" :
  drwxr-xr-x 8 4294967294 oldusers 4096 janv. 19  2012 Bureau
  drwxr-xr-x 3 4294967294 oldusers 4096 déc.   2  2011 Documents
  drwxr-xr-x 2 4294967294 oldusers 4096 déc.   2  2011 Images
  drwxr-xr-x 2 4294967294 oldusers    0 févr. 13 16:01 test
  On the nfs server, If i do a ls -l in the same directory  :
  drwxr-xr-x 8 user110 oldusers 4096 janv.  19  2012 Bureau
  drwxr-xr-x 3 user110 oldusers 4096 déc.   2  2011 Documents
  drwxr-xr-x 2 user110 oldusers 4096 déc.   2  2011 Images
  drwxr-xr-x 2 user110 oldusers    0 févr. 13 16:01 test
  I can see that the "test" file is owned by the correct user.
  I've tried without & with nscd, same results.
  I've tried using sssd, libnss-sss & pam_sss for ldap auth and having exactly the same results :
  In /var/log/syslog, I have :
  ...
  rpc.idmapd[561]: nss_getpwnam: name 'user109@xxxxxxxxxxxxx' domain 'my-domain.org': resulting localname 'user109'
  rpc.idmapd[561]: nfs4_name_to_uid: nsswitch->name_to_uid returned 0
  rpc.idmapd[561]: nfs4_name_to_uid: final return value is 0
  rpc.idmapd[561]: Client 0: (user) name "user109@xxxxxxxxxxxxx" -> id "55101"
  rpc.idmapd[561]: nfs4_name_to_uid: calling nsswitch->name_to_uid
  rpc.idmapd[561]: nss_getpwnam: name 'user102@xxxxxxxxxxxxx' domain 'my-domain.org': resulting localname 'user102'
  rpc.idmapd[561]: nfs4_name_to_uid: nsswitch->name_to_uid returned 0
  rpc.idmapd[561]: nfs4_name_to_uid: final return value is 0
  rpc.idmapd[561]: Client 0: (user) name "user102@xxxxxxxxxxxxx" -> id "55199"
  ...
  only for the correctly mapped entries. No warnings or errors (rate limit disabled in rsyslog.conf) and verbosity set to 5 in idmapd.conf. It seems that rpc.idmapd never does mapping for other entries.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1124250/+subscriptions