pmartin Posted June 26, 2017 Posted June 26, 2017 I use 5.32 dev on NanoPi NEO: $ uname -a Linux watchdev 4.11.5-sun8i #11 SMP Fri Jun 23 20:03:23 CEST 2017 armv7l GNU/Linux I use NFSv4 and autofs. The number of "[NFSv4 callback]" processes increase each time a volume is mounted, and does not decrease when un-mounting: # ps axwww |grep -i nfsv4 | grep -v grep 1478 ? S 0:00 [NFSv4 callback] 1501 ? S 0:00 [NFSv4 callback] 1515 ? S 0:00 [NFSv4 callback] # umount /storage/motion # ps axwww |grep -i nfsv4 | grep -v grep 1478 ? S 0:00 [NFSv4 callback] 1501 ? S 0:00 [NFSv4 callback] 1515 ? S 0:00 [NFSv4 callback] # ls /storage/motion backup config firmware public scripts videos # ps axwww |grep -i nfsv4 | grep -v grep 1478 ? S 0:00 [NFSv4 callback] 1501 ? S 0:00 [NFSv4 callback] 1515 ? S 0:00 [NFSv4 callback] 1550 ? S 0:00 [NFSv4 callback] # umount /storage/motion # ps axwww |grep -i nfsv4 | grep -v grep 1478 ? S 0:00 [NFSv4 callback] 1501 ? S 0:00 [NFSv4 callback] 1515 ? S 0:00 [NFSv4 callback] 1550 ? S 0:00 [NFSv4 callback] # ls /storage/motion backup config firmware public scripts videos # ps axwww |grep -i nfsv4 | grep -v grep 1478 ? S 0:00 [NFSv4 callback] 1501 ? S 0:00 [NFSv4 callback] 1515 ? S 0:00 [NFSv4 callback] 1550 ? S 0:00 [NFSv4 callback] 1566 ? S 0:00 [NFSv4 callback] This causes me problems because I use my NanoPi NEO boards as home-made IP cameras (motion software) and motion events are stored on a PS server running Debian. This causes autofs to un-mount and re-mount the file server's volume many times a day. After searching a bit, I found several references to this issue, and it seems that the problem was introduced in 4.9 and that a fix is available in 4.11.6: https://security-tracker.debian.org/tracker/CVE-2017-9059 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=863550 Is there any plan to upgrade the Armbian kernel to 4.11.6? Thanks. Pascal.
zador.blood.stained Posted June 26, 2017 Posted June 26, 2017 6 minutes ago, pmartin said: Is there any plan to upgrade the Armbian kernel to 4.11.6? No. We are using a 3rd party personal kernel branch for sun8i-dev kernel, which is updated rarely. You can compile 4.11.6 or 4.11.7 by yourself using incremental patches from here: https://cdn.kernel.org/pub/linux/kernel/v4.x/incr/
pmartin Posted June 26, 2017 Author Posted June 26, 2017 For now, I have decided to play with the autofs timeout option (making it really long). Since my server is always on, and there is only one NFS share, I have no issue if it remains mounted for a long time.. (I use autofs because it nicely handles the power outage cases, i.e. the system automatically recovers from a power outage and resumes operations with no manual intervention.) Hopefully a long timeout will workaround the leakage by avoiding umount operations (best case), or at least reducing them to a handful per day (worst case). Then I can wait for the kernel upgrade. Lazy me.. Thanks for the quick answer.
Recommended Posts