[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[linux-security] NFS mount options for sphinx.sfu.ca



Dear linux-security subscribers,

this is urgent matter, so please read carefully.

This is not a security advisory, but equally important for all of you
that NFS mount SFU's patched RedHat distributions from sphinx.sfu.ca.

We are currently experiencing severe NFS problems with our campus
files server sphinx.sfu.ca that are most likely caused by a bug in the
Linux 2.4.x kernel.

Therefore, we ask you to change the mount options for the redhat distributions
to either a)

sphinx.sfu.ca:/vol/vol0/distrib/redhat/<RHversion> /mnt/redhat  nfs  noauto,ro,hard,intr,bg,rsize=8192 0 0

or b)

sphinx.sfu.ca:/vol/vol0/distrib/redhat/<RHversion> /mnt/redhat  nfs  noauto,ro,hard,intr,bg,nfsvers=3,tcp 0 0

where <RHversion> should be replaced with your version of RedHat (6.2, 7.1,
7.2, and 7.3 are currently supported). You should place either of the two
lines into your /etc/fstab file and then type:

# umount /mnt/redhat
# mount /mnt/redhat

(if you mount the distributions somewhere other than /mnt/redhat please
replace /mnt/redhat with that directory name everywhere in the above).

Background information: the bug is triggered in all versions of the
Linux 2.4.x kernel when NFS over udp with block sizes larger than 8192 bytes
are used. The default for, e.g., RedHat Linux 7.3 is to use udp and
rsize=32768 and wsize=32768, thus the RH7.3 defaults trigger the bug!
Hence even if you mount the distributions "by hand" (without entries in
/etc/fstab) by typing (don't do this!)

# mount -t nfs sphinx.sfu.ca:/vol/vol0/distrib/redhat/7.3 /mnt/redhat

you trigger the bug. To avoid the bug use either NFS over tcp (option a)
or NFS over udp with a rsize <= 8192 (for NFS mount on parts of the
campus with particularly bad network connections I still recommend to
use NFS over udp with rsize=1024).

Please, make those changes immediately and remount the distributions!

Thanks for your cooperation!

Cheers,
Martin

P.S.: a fix for this is expected to be in the 2.4.20 kernel. I'll keep
      you posted.

========================================================================
Martin Siegert
Academic Computing Services                        phone: (604) 291-4691
Simon Fraser University                            fax:   (604) 291-4242
Burnaby, British Columbia                          email: siegert@sfu.ca
Canada  V5A 1S6
========================================================================