- Issued:
- 2017-03-23
- Updated:
- 2017-03-23
RHEA-2017:0493 - Product Enhancement Advisory
Synopsis
Red Hat Gluster Storage 3.2.0 nfs-ganesha bug fix and enhancement update
Type/Severity
Product Enhancement Advisory
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory.
Topic
Updated nfs-ganesha packages that fix several bugs and add various enhancements are now available.
Description
NFS-Ganesha is a user space file server for the NFS protocol
with support for NFSv3, v4, v4.1, pNFS.
Red Hat Gluster Storage is supported with the community’s V2.4.1 stable release of NFS-Ganesha.
This rebase includes the following enhancements:
- cache_inode replaced with stackable FSAL_MDCACHE.
- support_ex FSAL API extensions to allow associating file descriptors or other FSAL specific information with state_t objects.
- abort() on ENOMEM rather than attempt to continue.
- Proper handling of NFS v3 (NLM) blocked locks.
- netgroup cache.
- Cache open owners.
- Various bug fixes, memory leaks and refcount issue resolution.
It also includes several bug fixes.The most significant ones are:
- Previously, SElinux denied binding to socket listener. This caused the ganesha.nfsd fail to start. With this fix the SElinux rules are updated and the issue is resolved.
- Previously, NFS-ganesha mapped all anonymous users to uid 4294967294. This value is different from the nfsnobody value of 65534. With this fix all the anonymous uid and gid are mapped to nfsnobody by default.
- On reboot, the NFS-ganesha export configuration for the volume were not copied from the online nodes. Due to this, the configuration for a volume in the NFS-ganesha cluster was out of sync. With this release this issue is fixed.
- Previously, SELinux blocked the gluster brick processes to create non-regular socket files. Due to this, users were unable to create socket type files on gluster volume. With this fix, SELinux rules have been added to provide relevant permissions to gluster brick process and files of type socket can be created on nfs mount of gluster volumes.
- Previously, there were few memory leaks while creating and removing files on a volume exported via NFS-Ganesha server. Due to this, NFS-Ganesha server might have gotten OOM killed, depending on the system memory limits. With this fix, the memory leaks issue has been addressed and the server shall no longer become unavailable while creating/removing large number of files.
- Previously, there was an fd-leak on the file on which lock operations have been performed from a nfs-mount of the volume that is exported via NFS-Ganesha server. When that file is deleted, it was not removed from .glusterfs/unlink folder at the backend consuming memory. With this fix, all the files that are removed from the mount point shall be removed completely from the backend as well.
Solution
Before applying this update, make sure all previously released errata
relevant to your system have been applied.
For details on how to apply this update, refer to:
Affected Products
- Red Hat Gluster Storage Server for On-premise 3 for RHEL 7 x86_64
Fixes
- BZ - 1240258 - The uid and gid of a file created when rootsquash is enabled on a ganesha volume, is not nfsnobody
- BZ - 1321781 - [SELinux]: user_avc seen in audit logs while nfs-ganesha configuration in RHEL7
- BZ - 1327195 - ganesha exported volumes doesn't get synced up on shutdown node when it comes up.
- BZ - 1331559 - [SELinux]: Cases in pynfs test suite fails because of selinux errors on RHEL 7 based RHGS.
- BZ - 1338068 - OOM kill of ganesha process while creation and removal of files.
- BZ - 1349796 - [SELinux]: Denial AVC's related to dbus daemon is seen in audit.logs
- BZ - 1354661 - [SELinux]: NFS Ganesha not starting up due to 'Cannot bind RQUOTA udp6 socket' error
- BZ - 1357844 - Rebase of nfs-ganesha for RHGS 3.2 on RHEL-7
- BZ - 1357847 - Rebase of libntirpc for nfs-ganesha in RHGS 3.2 on RHEL-7
- BZ - 1379329 - Some of the files goes into .glusterfs/unlink folder after execution of pynfs test suite.
- BZ - 1379662 - IO hang on ganesha mount during remove brick operation.
- BZ - 1379665 - Ganesha crashes while removing files from clients.
- BZ - 1379673 - Creation of file hangs while doing ls from another mount.
- BZ - 1379962 - Ganesha crashes with segfault while accessing files from Windows client.
- BZ - 1381445 - Posix_compliance test suite fails with latest 3.2 builds.
- BZ - 1381940 - Ganesha crashes on one node during volume restart when performance.client-io-threads is off.
- BZ - 1382267 - rpc test suite fails with "mknod for block device: failed".
- BZ - 1382912 - [Ganesha] : mount fails when find hangs.
- BZ - 1386236 - Contents of subdir v3 mount can't be listed after failover.
- BZ - 1386635 - removal of file from nfs mount crashs ganesha server
- BZ - 1386669 - FSAL_GLUSTER : nfs4_acl functions is not working on latest ganesha rpms
- BZ - 1386699 - cthon general and special test fails when acl is enabled on the volume.
- BZ - 1389468 - rebase nfs-ganesha and libntirpc for RHEL7
- BZ - 1394717 - [Tracker] : Ganesha crashes during I/O from multiple clients.
- BZ - 1395534 - posix_compliance test suite fails with latest RHGS and ganesha builds with ACLs enabled
- BZ - 1396968 - NFS-Ganesha: Possible ref leak in case of volume export failure
- BZ - 1398846 - [Ganesha+SSL] : Ganesha crashes during random writes
- BZ - 1399138 - NFS-ganesha: NULL pointer dereference in COMMIT operation
- BZ - 1400780 - [Tracker] [Ganesha + Multi-Volume/Single-Mount] : Ganesha crashes on all nodes during I/O ; I/O comes to a halt.
- BZ - 1401160 - [Tracker][Ganesha + Multi-Volume/Multi-Mount] : Ganesha crashes during I/O ; I/Os stopped
- BZ - 1401182 - [Tracker] : Ganesha crashes on writes from heterogeneous clients ; Pacemaker quorum lost ; I/O halted on application
- BZ - 1403665 - [Perf] : Crash in fd_destroy while doing IO from multiple clients
- BZ - 1403666 - [Perf] : Ganesha crash in afr_inodelk_init while running IO from multiple clients
- BZ - 1403670 - Ganesha crash in glusterfs_open_my_fd while running IO from multiple clients
- BZ - 1403698 - Possible WB corruption while pumping IO from multiple Ganesha mounts
- BZ - 1403706 - Possible write behind corruption while pumping IO from heterogeneous Ganesha mounts
- BZ - 1403714 - Ganesha + Multi-Volume/Single-Mount] - Ganesha crashes during inode_destroy
- BZ - 1403719 - [Ganesha + Multi-Volume/Single-Mount] : Crash reported during unlink while pumping IO .
- BZ - 1403722 - [Ganesha + Multi-Volume/Single-Mount] : Ganesha crashes on fsal_close while IO was running.
- BZ - 1403723 - [Ganesha + Multi-Volume/Single-Mount] : Ganesha crashes (possibly in the write-behind layer) while pumping IO.
- BZ - 1403727 - [Ganesha + Multi-Volume/Multi-Mount] : Ganesha crashes during I/O ; Possible memory corruption.
- BZ - 1410389 - [NFS-Ganesha] Acquiring locks in the same data range of the file should fail
- BZ - 1410741 - [Ganesha + EC] Segfault occured and nfs-ganesha process got killed while compiling glusterfs code in mount point.
- BZ - 1413350 - [Ganesha] : Subsequent mounts fail and Ganesha crashes (during an attempt to mount) post volume restarts.
- BZ - 1413502 - [Ganesha] : Ganesha crashes on all nodes when Ganesha service is stopped
- BZ - 1413846 - [Ganesha + MultiVolume/MultiMount] : Ganesha crashes during writes , complains about double free/corruption ; pacemaker quorum lost ; IO halted,
- BZ - 1428798 - [GANESHA] I/O error while performing renaming and lookups from 4 clients
- BZ - 1428808 - [GANESHA] Ganesha process aborted on the node having VIP from which volume is mounted while performing renaming and lookups from 4 clients
- BZ - 1429377 - [GANESHA] Files getting disappeared from V4 mount point while performing rm -rf from user not having permission to delete those files
CVEs
(none)
References
(none)
Red Hat Gluster Storage Server for On-premise 3 for RHEL 7
SRPM | |
---|---|
libntirpc-1.4.3-1.el7rhgs.src.rpm | SHA-256: 194ca0845cb05a2a472519bfbc0895c3915ee2d9f97b655a67a6187d8b3c78cd |
nfs-ganesha-2.4.1-9.el7rhgs.src.rpm | SHA-256: 54ae79d5430aa4550ea5b78d27ffd5a8cfc3e21fe45b35b8e16cdb71df0bc8c2 |
x86_64 | |
libntirpc-1.4.3-1.el7rhgs.x86_64.rpm | SHA-256: 4a255924a30bce06b9be4c27a01ee38b84f77bccc861796f46d4616829b3730f |
libntirpc-debuginfo-1.4.3-1.el7rhgs.x86_64.rpm | SHA-256: 1b4a16d9448da86178c8c8e92f1866e0e47396058fbb131f2a466109cf349144 |
libntirpc-devel-1.4.3-1.el7rhgs.x86_64.rpm | SHA-256: 3f63c65249d79b4d476d98fdd67f0148de20f710859f15519623c77b171ea757 |
nfs-ganesha-2.4.1-9.el7rhgs.x86_64.rpm | SHA-256: 873be8fbce9470414f301ee1262f31345e3e17e42d9b1ad19d1834659bbdb631 |
nfs-ganesha-debuginfo-2.4.1-9.el7rhgs.x86_64.rpm | SHA-256: 68298314804a9a8116451a730e98a88795374b44271f12649d8b0c682992faa2 |
nfs-ganesha-gluster-2.4.1-9.el7rhgs.x86_64.rpm | SHA-256: b152e2f1014bbedb8145d411f605fc2d0031da37e770abdf0a82333acf438f5e |
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.