Hi,
On Wed, Jul 24, 2024 at 12:42:44PM +0200, Joachim Ring wrote:
> Package: linux-image
> Version: 5.10.0-31
>
> Hi,
>
> yesterday I was patching some box still on bullseye 32 bit which is serving a
> large NFSv2 share for some very ancient AIX workstations needed to sift
> though a huge library of old CAD files before deciding which one needs to be
> converted to sth current and adapted as needed.
> Converting the library is not an option, unfortunately. Neither is a more
> current version of NFS afaik - the AIX workstations are not mine and the last
> time I used AIX was in the early 2000s...
> All of the above lives behind a firewall, of course...
>
> After the bullseye box came back up and one CAD user tested the mount, it
> didn't work. I tried a few things in /etc/defaults/nfs-kernel-server but
> whenever NFSv2 was asked for, I got an error message in syslog and "rpcinfo
> -p hostname | fgrep nfs" showed only v3 and v4. Since my maintenance window
> came to to an end, I had to go back to the snapshot and everybody except me
> was happy again.
>
> I set up the same scenario on a bullseye testbox today (64 bit unfortunately)
> with roughly the same patchlevel as the nfs server and recreated the scenario:
>
> before upgrading from 11.9 to 11.10 all is fine
>
> # rpcinfo -p hisws0028 | fgrep nfs
> 100003 2 tcp 2049 nfs
> 100003 3 tcp 2049 nfs
> 100003 4 tcp 2049 nfs
> 100003 2 udp 2049 nfs
> 100003 3 udp 2049 nfs
> # uname -a
> Linux hisws0028 5.10.0-30-amd64 #1 SMP Debian 5.10.218-1 (2024-06-01) x86_64
> GNU/Linux
> # cat /etc/debian_version
> 11.9
>
> an apt upgrade and reboot later no more NFSv2
>
> # rpcinfo -p hisws0028 | fgrep nfs
> 100003 3 tcp 2049 nfs
> 100003 4 tcp 2049 nfs
> 100003 3 udp 2049 nfs
> # uname -a
> Linux hisws0028 5.10.0-31-amd64 #1 SMP Debian 5.10.221-1 (2024-07-14) x86_64
> GNU/Linux
> # cat /etc/debian_version
> 11.10
>
> And the well known error message in syslog:
> Jul 24 11:55:11 hisws0028 rpc.nfsd[1570]: Writing version string to kernel:
> +2 +3 +4
> Jul 24 11:55:11 hisws0028 rpc.nfsd[1570]: Setting version failed: errno 22
> (Invalid argument)
>
> I then tried to diff the kernel configs and got the following:
>
> # diff /boot/config-5.10.0-30-amd64 /boot/config-5.10.0-31-amd64
> 3c3
> < # Linux/x86 5.10.218 Kernel Configuration
> ---
> > # Linux/x86 5.10.221 Kernel Configuration
> 28c28
> < CONFIG_BUILD_SALT="5.10.0-30-amd64"
> ---
> > CONFIG_BUILD_SALT="5.10.0-31-amd64"
> 8879,8880c8879
> < CONFIG_NFSD_V2_ACL=y
> < CONFIG_NFSD_V3=y
> ---
> > # CONFIG_NFSD_V2 is not set
> 8893a8893
> > CONFIG_NFS_V4_2_SSC_HELPER=y
>
> So it seems that the 5.10.0-31 kernel was built with NFSv2 support disabled,
> unlike earlier ones. I could not find anything regarding NFS in the debian
> 11.10 release notes.
>
> Can we please get NFSv2 support back in the kernel for those who still have
> to use it? Disabling it in userland by default should be fine from a security
> point of view.
This is a consequence of the upstream backporting in the 5.10.y series
with the NFS stack, and caused by the commit 4ab1211c28f1 ("nfsd:
allow disabling NFSv2 at compile time").
Right, we might enable this for the time beeing in bullseye again (in
the next upload).
Regards,
Salvatore
