FS#76939 - Kernels 6.1.x Failure to mount external Samba v.1.0 shares
Attached to Project:
Arch Linux
Opened by hotice (hotice) - Monday, 26 December 2022, 17:35 GMT
Last edited by Toolybird (Toolybird) - Thursday, 19 January 2023, 01:43 GMT
Opened by hotice (hotice) - Monday, 26 December 2022, 17:35 GMT
Last edited by Toolybird (Toolybird) - Thursday, 19 January 2023, 01:43 GMT
|
Details
Description: Kernels 6.1.x Failure to mount external Samba
v.1.0 shares
Failure to mount old external Windows smb shares v1 (either from fstab or manually). Affected arch kernels: linux-6.1-arch1-1 & linux-6.1.1-arch1-1 (64-bit) Latest working version of arch kernel is linux-6.0.12-arch1-1 (64-bit) that works in fstab even without smb.conf file. Relevant /etc/fstab line: //pc/share /media/share cifs vers=1.0,noauto,nofail,x-systemd.automount,x-systemd.idle-timeout=15min,cred=/etc/samba/.cred/share,uid=1000,gid=1000,dir_mode=0755,file_mode=0644,users 0 0 Adding /etc/samba/smb.conf config file with the lines below does not help: [global] server min protocol = NT1 Mount OK log: systemd[738]: Started Dolphin - File Manager. dolphin[11774]: QObject::disconnect: Unexpected nullptr parameter systemd[1]: media-share.automount: Got automount request for /media/share, triggered by 11793 (KIO::WorkerThre) systemd[1]: Mounting /media/share... kernel: Use of the less secure dialect vers=1.0 is not recommended unless required for access to very old servers kernel: CIFS: VFS: Use of the less secure dialect vers=1.0 is not recommended unless required for access to very old servers kernel: CIFS: Attempting to mount \\pc\share systemd[1]: Mounted /media/share. Mount Error log: systemd[1]: media-share.automount: Got automount request for /media/share, triggered by 3144 (dolphin) systemd[1]: Mounting /media/share... kernel: Use of the less secure dialect vers=1.0 is not recommended unless required for access to very old servers kernel: CIFS: VFS: Use of the less secure dialect vers=1.0 is not recommended unless required for access to very old servers kernel: CIFS: Attempting to mount \\pc\share kernel: CIFS: VFS: bogus file nlink value 0 mount[3212]: mount error(20): Not a directory mount[3212]: Refer to the mount.cifs(8) manual page (e.g. man mount.cifs) and kernel log messages (dmesg) systemd[1]: media-share.mount: Mount process exited, code=exited, status=32/n/a systemd[1]: media-share.mount: Failed with result 'exit-code'. systemd[1]: Failed to mount /media/share. Extra: the system is up-to-date: Operating System: Arch Linux KDE Plasma Version: 5.26.4 KDE Frameworks Version: 5.101.0 Qt Version: 5.15.7 Kernel Version: 6.0.12-arch1-1 (64-bit) Graphics Platform: X11 Processors: 8 × Intel® Core™ i7-4770K CPU @ 3.50GHz |
This task depends upon
Closed by Toolybird (Toolybird)
Thursday, 19 January 2023, 01:43 GMT
Reason for closing: Fixed
Additional comments about closing: linux 6.1.7.arch1-1
Thursday, 19 January 2023, 01:43 GMT
Reason for closing: Fixed
Additional comments about closing: linux 6.1.7.arch1-1
Lots of hits for that error when searching online, although no clear cause AFAICT. There have been quite a few commits to the CIFS code since linux-6.1.1 so it might be worthwhile trying latest -rc or mainline kernel to see if it's been fixed. If not, then usual kernel regression debugging applies [1]. i.e. find bad commit, report upstream, etc. Please let us know what you find out.
[1] https://wiki.archlinux.org/title/Kernel#Debugging_regressions
linux-6.1 uses CONFIG_CIFS_ALLOW_INSECURE_LEGACY=y
so that's OK.
Between working and nonworking builds there are quite a few changes:
https://github.com/archlinux/svntogit-packages/commit/75fec548851924534fe61439d0f879be8a7532cf
or
https://github.com/archlinux/svntogit-packages/commit/94647cd1eefbdb81665c9bc9b6a0fbcee39fed1c
Bisecting? No time to even build mainline or rc kernels from AUR/git, and no chaotic-aur repo yet exist for arch...
I'd guess anyone could easy replicate the issue with an WinXP (32-bit) share.
Update Jan 6, 2023: Kernel Version: 6.1.3-arch1-1 (64-bit) doesn't work either, downgrade back to 6.0.12.
Anyway, some (presumably outdated or not supported anymore) omissions may cause the old protocol malfunction.
I see the following switches were removed from kernel 6.1.0 config:
CONFIG_MEMCG_SWAP CONFIG_GPIO_ADP5588 CONFIG_SENSORS_ASPEED CONFIG_VIDEO_CPIA2 CONFIG_USB_ZR364XX CONFIG_VIDEO_MEYE ...
CONFIG_FIREWIRE_SERIAL CONFIG_FWTTY_MAX_TOTAL_PORTS=64 CONFIG_FWTTY_MAX_CARD_PORTS=32 ...
That BTQ hints that FireWire devices support is silently dropped as the last code changes were in 2007 :(
CONFIG_CRYPTO_CURVE25519_X86
CONFIG_LIB_MEMNEQ
That's all I found on Arch part.
Now looks like some folks already awaking:
https://bugzilla.kernel.org/buglist.cgi?component=CIFS&order=changeddate+DESC%2Cbug_status%2Cpriority%2Cassigned_to%2Cbug_id&product=File+System&query_format=advanced&resolution=---
Started from here: https://bugzilla.kernel.org/show_bug.cgi?id=215375
Continued there: https://bugzilla.kernel.org/show_bug.cgi?id=216682
For enabling SMB v1 LANMAN there is suggestion to turn weaker routines switch when building kernel: https://bugzilla.kernel.org/show_bug.cgi?id=215375#c63
So far no idea if/when WindowsXP NTLM v1 (possibly v2 too) will be dropped behind the non-default switch as they did for LANMAN sec.
Anyway, the regression is obvious as many folks use those old media boxes within LAN where potential attackers aren't expected or even interested.
At last this report from OP is very much describes my situation: https://bugzilla.kernel.org/show_bug.cgi?id=216881
and looks like they got working patches, so looking for the next kernel updates...
[1] https://lore.kernel.org/linux-cifs/20230107200134.4822-1-pc%40cjr.nz/
[2] https://lore.kernel.org/linux-cifs/20230107200134.4822-2-pc%40cjr.nz/
[3] https://drive.google.com/file/d/15RyNR7m6eYAbDmy2fnPJgUyMBxFbPKa-/view?usp=share_link linux-6.1.4.arch1-1.1-x86_64.pkg.tar.zst
[4] https://drive.google.com/file/d/1E5chFOSYPnb62D7bw2sN_3F5DmrzRdIR/view?usp=share_link linux-headers-6.1.4.arch1-1.1-x86_64.pkg.tar.zst
sudo mount -t cifs //pc/share /tmp/share -o vers=1.0,cred=/etc/samba/.cred/share
mount error(20): Not a directory
Refer to the mount.cifs(8) manual page (e.g. man mount.cifs) and kernel log messages (dmesg)
Log:
kernel Use of the less secure dialect vers=1.0 is not recommended unless required for access to very old servers
kernel CIFS: VFS: Use of the less secure dialect vers=1.0 is not recommended unless required for access to very old servers
kernel CIFS: Attempting to mount \\pc\share
kernel CIFS: VFS: bogus file nlink value 0
$ uname -a
Linux 6.1.4-arch1-1.1 #1 SMP PREEMPT_DYNAMIC Sat, 07 Jan 2023 22:44:39 +0000 x86_64 GNU/Linux
So what should we expect? To make an unofficial patches from now? Or archlinux will have them officially? Or in the upstream the regression will be fixed since v6.1.5?
[1] https://git.kernel.org/pub/scm/linux/kernel/git/stable/stable-queue.git/commit/queue-6.1/cifs-fix-file-info-setting-in-cifs_open_file.patch?id=b329f1373dcf9d93d96646057c4c1da53e3015a3
[2] https://git.kernel.org/pub/scm/linux/kernel/git/stable/stable-queue.git/commit/queue-6.1/cifs-fix-file-info-setting-in-cifs_query_path_info.patch?id=b329f1373dcf9d93d96646057c4c1da53e3015a3
Thanks!
Package (1) Old Version New Version Net Change Download Size
testing/linux 6.1.4.arch1-1.1 6.1.7.arch1-1 0.17 MiB 164.07 MiB