kern/140853: NFSv2 remove calls fail to send error replies (memory
leak!)
Ted Faber
faber at isi.edu
Wed Nov 25 02:30:03 UTC 2009
>Number: 140853
>Category: kern
>Synopsis: NFSv2 remove calls fail to send error replies (memory leak!)
>Confidential: no
>Severity: serious
>Priority: medium
>Responsible: freebsd-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: sw-bug
>Submitter-Id: current-users
>Arrival-Date: Wed Nov 25 02:30:02 UTC 2009
>Closed-Date:
>Last-Modified:
>Originator: Ted Faber
>Release: FreeBSD 7.2-STABLE i386
>Organization:
USC/ISI
>Environment:
System: FreeBSD zod.isi.edu 7.2-STABLE FreeBSD 7.2-STABLE #9: Fri Oct 16 13:39:11 PDT 2009 root at zod.isi.edu:/usr/obj/usr/src/sys/GENERIC i386
As far as I can see this code (/sys/nfsserver/nfs_serv.c) is unchanged through
current (CVS 1.195.2.3.2.1), so it should be patched accross FreeBSD 7 through
9.
>Description:
NFS remove operations that encounter errors do not generate replies.
The replies remain in memory and gradually run the machine out of
kernel memory. The because no error reply is sent failing requests
continue to be resent, making memory exhaustion more likely.
The low level problem is that the error variable is not cleared in
nfsrv_remove as it is in other routines. It's one line to fix.
>How-To-Repeat:
Starting a directory delete and rebooting the server should exhibit the
problem. We sent captured NFS packets to the server, and these are
available on request. An incorrectly handled remove operation will
increment both the Server Ret-Failed and Server Faults lines in
nfsstats on the server. umastats can directly show the leak.
>Fix:
patch against nfs_serv.c follows:
--- nfs_serv.c.orig 2009-07-27 08:39:10.000000000 -0700
+++ nfs_serv.c 2009-11-24 17:45:28.000000000 -0800
@@ -2221,8 +2221,8 @@
nfsm_reply(NFSX_WCCDATA(v3));
if (v3) {
nfsm_srvwcc_data(dirfor_ret, &dirfor, diraft_ret, &diraft);
- error = 0;
}
+ error = 0;
nfsmout:
NDFREE(&nd, NDF_ONLY_PNBUF);
if (nd.ni_dvp) {
>Release-Note:
>Audit-Trail:
>Unformatted:
More information about the freebsd-bugs
mailing list