search cancel

NFS related kernel stack dump after installing Endpoint Protection for Linux

book

Article ID: 174631

calendar_today

Updated On:

Products

Endpoint Protection

Issue/Introduction

After installing Symantec Endpoint Protection for Linux 14.2 MP1 on a Linux server running the Network File System (NFS) version 4.0 daemon and rebooting, the server crashes and/or you see a NFS daemon related kernel stack dump in /var/log/messages or the dmesg output.   

Oct 23 09:40:11 twbtmdll01 kernel: CPU: 3 PID: 1679 Comm: nfsd Tainted: P           OE  ------------   3.10.0-862.14.4.el7.x86_64 #1
Oct 23 09:40:11 twbtmdll01 kernel: Hardware name: VMware, Inc. VMware Virtual Platform/440BX Desktop Reference Platform, BIOS 6.00 04/05/2016
Oct 23 09:40:11 twbtmdll01 kernel: Call Trace:
Oct 23 09:40:11 twbtmdll01 kernel: [] dump_stack+0x19/0x1b
Oct 23 09:40:11 twbtmdll01 kernel: [] __warn+0xd8/0x100
Oct 23 09:40:11 twbtmdll01 kernel: [] warn_slowpath_null+0x1d/0x20
Oct 23 09:40:11 twbtmdll01 kernel: [] lookup_one_len+0x11b/0x150
Oct 23 09:40:11 twbtmdll01 kernel: [] reconnect_path+0x1d7/0x300
Oct 23 09:40:11 twbtmdll01 kernel: [] ? security_d_instantiate+0x21/0x40
Oct 23 09:40:11 twbtmdll01 kernel: libata crc32c_intel serio_raw i2c_core vmxnet3 vmw_pvscsi floppy dm_mirror dm_region_hash dm_log dm_mod
Oct 23 09:40:11 twbtmdll01 kernel: [] ? nfsd_proc_getattr+0xa0/0xa0 [nfsd]
Oct 23 09:40:11 twbtmdll01 kernel: CPU: 1 PID: 1678 Comm: nfsd Tainted: P           OE  ------------   3.10.0-862.14.4.el7.x86_64 #1
Oct 23 09:40:11 twbtmdll01 kernel: [] exportfs_decode_fh+0x101/0x2f0
Oct 23 09:40:11 twbtmdll01 kernel: [] ? exp_find+0x100/0x1d0 [nfsd]
Oct 23 09:40:11 twbtmdll01 kernel: [] ? sock_recvmsg+0xc5/0x100
Oct 23 09:40:11 twbtmdll01 kernel: Hardware name: VMware, Inc. VMware Virtual Platform/440BX Desktop Reference Platform, BIOS 6.00 04/05/2016
Oct 23 09:40:11 twbtmdll01 kernel: Call Trace:
Oct 23 09:40:11 twbtmdll01 kernel: [] ? __kmalloc_track_caller+0x55/0x240
Oct 23 09:40:11 twbtmdll01 kernel: [] ? selinux_cred_prepare+0x1b/0x30
Oct 23 09:40:11 twbtmdll01 kernel: [] ? kmemdup+0x36/0x50
Oct 23 09:40:11 twbtmdll01 kernel: [] ? selinux_cred_prepare+0x1b/0x30
Oct 23 09:40:11 twbtmdll01 kernel: [] dump_stack+0x19/0x1b
Oct 23 09:40:11 twbtmdll01 kernel: [] __warn+0xd8/0x100
Oct 23 09:40:11 twbtmdll01 kernel: [] fh_verify+0x338/0x600 [nfsd]
Oct 23 09:40:11 twbtmdll01 kernel: [] warn_slowpath_null+0x1d/0x20
Oct 23 09:40:11 twbtmdll01 kernel: [] nfsd4_putfh+0x49/0x50 [nfsd]
Oct 23 09:40:11 twbtmdll01 kernel: [] nfsd4_proc_compound+0x3dd/0x780 [nfsd]
Oct 23 09:40:11 twbtmdll01 kernel: [] lookup_one_len+0x11b/0x150
Oct 23 09:40:11 twbtmdll01 kernel: [] symev_nfsd4_proc_compound+0x195/0xa90 [symev_custom_3_10_0_862_14_4_el7_x86_64]
Oct 23 09:40:11 twbtmdll01 kernel: [] reconnect_path+0x1d7/0x300
Oct 23 09:40:11 twbtmdll01 kernel: [] nfsd_dispatch+0xe0/0x290 [nfsd]
Oct 23 09:40:11 twbtmdll01 kernel: [] ? nfsd_proc_getattr+0xa0/0xa0 [nfsd]
Oct 23 09:40:11 twbtmdll01 kernel: [] svc_process_common+0x466/0x710 [sunrpc]
Oct 23 09:40:11 twbtmdll01 kernel: [] svc_process+0x103/0x190 [sunrpc]
Oct 23 09:40:11 twbtmdll01 kernel: [] exportfs_decode_fh+0x101/0x2f0
Oct 23 09:40:11 twbtmdll01 kernel: [] nfsd+0xdf/0x150 [nfsd]
Oct 23 09:40:11 twbtmdll01 kernel: [] ? prepare_creds+0x26/0x1c0
Oct 23 09:40:11 twbtmdll01 kernel: [] ? exp_find+0x100/0x1d0 [nfsd]
Oct 23 09:40:11 twbtmdll01 kernel: [] ? __kmalloc_track_caller+0x55/0x240
Oct 23 09:40:11 twbtmdll01 kernel: [] ? nfsd_destroy+0x80/0x80 [nfsd]
Oct 23 09:40:11 twbtmdll01 kernel: [] ? selinux_cred_prepare+0x1b/0x30
Oct 23 09:40:11 twbtmdll01 kernel: [] ? kmemdup+0x36/0x50
Oct 23 09:40:11 twbtmdll01 kernel: [] ? selinux_cred_prepare+0x1b/0x30
Oct 23 09:40:11 twbtmdll01 kernel: [] kthread+0xd1/0xe0
Oct 23 09:40:11 twbtmdll01 kernel: [] fh_verify+0x338/0x600 [nfsd]
Oct 23 09:40:11 twbtmdll01 kernel: [] nfsd4_putfh+0x49/0x50 [nfsd]
Oct 23 09:40:11 twbtmdll01 kernel: [] ? insert_kthread_work+0x40/0x40
Oct 23 09:40:11 twbtmdll01 kernel: [] ret_from_fork_nospec_begin+0x21/0x21
Oct 23 09:40:11 twbtmdll01 kernel: [] nfsd4_proc_compound+0x3dd/0x780 [nfsd]
Oct 23 09:40:11 twbtmdll01 kernel: [] ? insert_kthread_work+0x40/0x40
Oct 23 09:40:11 twbtmdll01 kernel: [] symev_nfsd4_proc_compound+0x195/0xa90 [symev_custom_3_10_0_862_14_4_el7_x86_64]
Oct 23 09:40:11 twbtmdll01 kernel: [] nfsd_dispatch+0xe0/0x290 [nfsd]
Oct 23 09:40:11 twbtmdll01 kernel: ---[ end trace 986fc7baf809a32f ]---
Oct 23 09:40:11 twbtmdll01 kernel: [] svc_process_common+0x466/0x710 [sunrpc]
Oct 23 09:40:11 twbtmdll01 kernel: [] svc_process+0x103/0x190 [sunrpc]
Oct 23 09:40:11 twbtmdll01 kernel: [] nfsd+0xdf/0x150 [nfsd]
Oct 23 09:40:11 twbtmdll01 kernel: [] ? nfsd_destroy+0x80/0x80 [nfsd]
Oct 23 09:40:11 twbtmdll01 kernel: [] kthread+0xd1/0xe0
Oct 23 09:40:11 twbtmdll01 kernel: [] ? insert_kthread_work+0x40/0x40
Oct 23 09:40:11 twbtmdll01 kernel: [] ret_from_fork_nospec_begin+0x21/0x21
Oct 23 09:40:11 twbtmdll01 kernel: [] ? insert_kthread_work+0x40/0x40
Oct 23 09:40:11 twbtmdll01 kernel: ---[ end trace 986fc7baf809a330 ]---

Cause

After a rdentry (NFS file handle) node is received in symev_nfsd4_proc_compound(), it is attempted to release it without proper validation ahead of the release call. That is, it is only checked whether or not it is NULL. If rdentry is negative, a nfsd related crash will occur and the system log will reflect that the kernel was tainted by non-GPL module (the meaning of Tainted: P) symev.

Environment

  • SEP for Linux 14.2 MP1
  • Network File System (NFS) version 4.0

Resolution

This issue was resolved in SEP for Linux 14.2 RU1, by skipping the release operation if a negative rdentry is received.