[Nfs-ganesha-devel] Ganesha 2.3 and 2.5 - crash in free_nfs_request

Fri, 27 Oct 2017 04:58:29 -0700 

Hello,
Ganesha 2.3 got segfault with below :
















*Core was generated by `/usr/bin/ganesha.nfsd -L /var/log/ganesha.log -f
/etc/ganesha/ganesha.conf -N N'.Program terminated with signal 11,
Segmentation fault.#0  0x000000000044b4dd in free_nfs_request
(reqdata=0x7f19c5e48010)    at
/usr/src/debug/nfs-ganesha-2.3.2-ibm51-0.1.1-Source/MainNFSD/nfs_rpc_dispatcher_thread.c:14901490
SVCAUTH_RELEASE(reqdata->r_u.req.svc.rq_auth,Missing separate debuginfos,
use: debuginfo-install dbus-libs-1.6.12-13.el7.x86_64
glibc-2.17-105.el7.x86_64 gssproxy-0.4.1-7.el7.x86_64
keyutils-libs-1.5.8-3.el7.x86_64 krb5-libs-1.13.2-10.el7.x86_64
libattr-2.4.46-12.el7.x86_64 libblkid-2.23.2-26.el7.x86_64
libcap-2.22-8.el7.x86_64 libcom_err-1.42.9-7.el7.x86_64
libselinux-2.2.2-6.el7.x86_64 libuuid-2.23.2-26.el7.x86_64
pcre-8.32-15.el7.x86_64 xz-libs-5.1.2-12alpha.el7.x86_64(gdb) where#0
0x000000000044b4dd in free_nfs_request (reqdata=0x7f19c5e48010)    at
/usr/src/debug/nfs-ganesha-2.3.2-ibm51-0.1.1-Source/MainNFSD/nfs_rpc_dispatcher_thread.c:1490#1
0x000000000044c297 in thr_decode_rpc_request (context=0x0,
xprt=0x7f1932423830)    at
/usr/src/debug/nfs-ganesha-2.3.2-ibm51-0.1.1-Source/MainNFSD/nfs_rpc_dispatcher_thread.c:1836#2
0x000000000044c355 in thr_decode_rpc_requests (thr_ctx=0x7f17c00b6f10)
at
/usr/src/debug/nfs-ganesha-2.3.2-ibm51-0.1.1-Source/MainNFSD/nfs_rpc_dispatcher_thread.c:1858#3
0x0000000000520bc6 in fridgethr_start_routine (arg=0x7f17c00b6f10)    at
/usr/src/debug/nfs-ganesha-2.3.2-ibm51-0.1.1-Source/support/fridgethr.c:561#4
0x00007f19c462bdc5 in start_thread () from /lib64/libpthread.so.0#5
0x00007f19c3ceb1cd in clone () from /lib64/libc.so.6*

After analyzing the core and related code found that - In
"thr_decode_rpc_request" function, if call to SVC_RECV fails, then
free_nfs_request is invoked to free the resources. But so far one of the
field "reqdata->r_u.req.svc.rq_auth" is not initialized nor allocated,
which is leading to segfault.

The code in this area is same for Ganesha 2.3 and 2.5.
I have created below patch to overcome this issue. Please review and if
suitable merge with Ganesha 2.5 stable.
https://github.com/sachinpunadikar/nfs-ganesha/commit/91baffa8bd197c78eff106f42927a370155ae6b4

Ganesha 2.6 code in this area has lot of changes. Was not able to check
whether 2.6 is affected or not.
-- 
with regards,
Sachin Punadikar

------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Nfs-ganesha-devel mailing list
Nfs-ganesha-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nfs-ganesha-devel

Reply via email to