Hello everybody,
On Wed, Aug 30, 2000 at 04:00:19PM +0300, Leonid Mamtchenkov wrote:
> Hello,
>
> In the archives of the lkml I have found a message from Peter Gervai
> ([EMAIL PROTECTED]) dated Tue Apr 25 2000 available here:
> http://boudicca.tux.org/hypermail/linux-kernel/2000week18/0317.html
>
> Unfortunately, I was not able to find any reply to that message.
>
> Currently, one of our servers experiences the same problem, with only
> difference of the kernel being 2.2.16 (openwall patch applied aswell).
>
> Is there any solutions to this problem yet/still available?
There is an inode leak in lockd, caused by a reference counting bug.
It will appear when you use DOS/Windows clients to access a knfsd+lockd
based NFS server, and it will crash the server sooner or later (a DOS
attack, literally ;). The lockd bug is still alive in 2.4.0-test?,
so upgrading doesn't help either.
I'll attach my patch for 2.2.16. It should apply to 2.4.0-test? too,
with one or two lines of fuzz maybe.
Ciao,
--
Michael "Tired" Riepe <[EMAIL PROTECTED]>
"All I wanna do is have a little fun before I die"
diff -rux CVS linux-2.2.16-plain/fs/lockd/svcshare.c linux-2.2.16/fs/lockd/svcshare.c
--- linux-2.2.16-plain/fs/lockd/svcshare.c Mon Apr 7 20:35:30 1997
+++ linux-2.2.16/fs/lockd/svcshare.c Fri Aug 11 19:04:26 2000
@@ -61,6 +61,20 @@
return nlm_granted;
}
+static inline void
+put_file(struct nlm_file *file, int mincount)
+{
+ /*
+ * XXX there may be race conditions here!
+ */
+ if (file->f_count > mincount)
+ file->f_count--;
+ else
+ printk(KERN_WARNING
+ "lockd: f_count=%d when removing share\n",
+ (int)file->f_count);
+}
+
/*
* Delete a share.
*/
@@ -75,6 +89,7 @@
if (share->s_host == host && nlm_cmp_owner(share, oh)) {
*shpp = share->s_next;
kfree(share);
+ put_file(file, 1);
return nlm_granted;
}
}
@@ -101,6 +116,7 @@
if (host == NULL || host == share->s_host) {
*shpp = share->s_next;
kfree(share);
+ put_file(file, 0);
continue;
}
}
