Bug#1072611: nfs-utils: nfs-blkmap.service should be in nfs-common, not nfs-kernel-server

[kenyon]

Source: nfs-utils
Severity: normal

Dear Maintainer,

nfs-blkmap.service is a client service, but the systemd unit file is
installed by the nfs-kernel-server package. It should be installed by
nfs-common, which is also where the executable that the service runs,
/usr/sbin/blkmapd, is packaged.

-- System Information:
Debian Release: 11.9
  APT prefers oldstable-updates
  APT policy: (500, 'oldstable-updates'), (500, 'oldstable-security'), (500, 
'oldstable')
Architecture: amd64 (x86_64)

Kernel: Linux 6.1.0-0.deb11.21-amd64 (SMP w/1 CPU thread; PREEMPT)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) (ignored: LC_ALL 
set to en_US.UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Processed: Re: Bug#890601: firmware-free: Source Package Doesn't Contain Source

[Debian Bug Tracking System]

Processing control commands:

> severity -1 serious
Bug #890601 [firmware-linux-free] firmware-linux-free uses prebuilt blobs 
instead of building from source
Severity set to 'serious' from 'wishlist'

-- 
890601: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=890601
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#890601: firmware-free: Source Package Doesn't Contain Source

[Bastian Germann]

Control: severity -1 serious

On Fri, 1 Mar 2024 12:48:42 +0100 Salvatore Bonaccorso wrote:

Would you be fine with those changes s proposed by Bastian, or want to
have it handled differently?

https://salsa.debian.org/kernel-team/firmware-free/-/merge_requests/4/diffs?commit_id=487a3891528cdf363f97c5ff20f9c6dcb6f49c33


As this is a Policy violation and the issue seems to be ignored I am raising 
the severity.

Bug#1072573: rpc.idmapd runs out of file descriptors

[Sergio Gelato]

Package: nfs-common
Version: 2.6.2-4
Severity: important
Tags: patch upstream

On some of our bookworm systems I've seen what looked like a file descriptor 
leak. Sample lsof output:

[...]
rpc.idmap 675 root  126r  DIR   0,400  10813 
/run/rpc_pipefs/nfs/clnt11e6 (deleted)
rpc.idmap 675 root  127u FIFO   0,40  0t0  10817 
/run/rpc_pipefs/nfs/clnt11e6/idmap (deleted)
rpc.idmap 675 root  128r  DIR   0,400  10834 
/run/rpc_pipefs/nfs/clnt11ef (deleted)
rpc.idmap 675 root  129u FIFO   0,40  0t0  10838 
/run/rpc_pipefs/nfs/clnt11ef/idmap (deleted)
rpc.idmap 675 root  130r  DIR   0,400  10855 
/run/rpc_pipefs/nfs/clnt11f8 (deleted)
rpc.idmap 675 root  131u FIFO   0,40  0t0  10859 
/run/rpc_pipefs/nfs/clnt11f8/idmap (deleted)

Cranking up the verbosity level to 3 showed that dirscancb never reaps stale 
entries in its queue (no "Stale client" lines). The reason turns out to be that 
the scan terminates on the first directory entry that doesn't contain an 
"idmap" file. Applying the attached patch seems to have solved the problem for 
me.

As far as I can tell the bug is still present upstream, and has been for many 
years (that "goto out" is from 2007 and replaced a "return" so the bug is even 
older than that).

Marking "important" since this has actually caused observable problems in our 
environment.From: Sergio Gelato 
Date: Tue, 4 Jun 2024 16:02:59 +0200
Subject: rpc.idmapd: nfsopen() failures should not be fatal

dirscancb() loops over all clnt* subdirectories of /run/rpc_pipefs/nfs/.
Some of these directories contain /idmap files, others don't. nfsopen()
returns -1 for the latter; we then want to skip the directory, not abort
the entire scan.
---
 utils/idmapd/idmapd.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/utils/idmapd/idmapd.c b/utils/idmapd/idmapd.c
index e79c124..f3c540d 100644
--- a/utils/idmapd/idmapd.c
+++ b/utils/idmapd/idmapd.c
@@ -556,7 +556,7 @@ dirscancb(int fd, short UNUSED(which), void *data)
 			if (nfsopen(ic) == -1) {
 close(ic->ic_dirfd);
 free(ic);
-goto out;
+continue;
 			}
 
 			if (verbose > 2)