FS#76939 - Kernels 6.1.x Failure to mount external Samba v.1.0 shares

Attached to Project: Arch Linux
Opened by hotice (hotice) - Monday, 26 December 2022, 17:35 GMT
Last edited by Toolybird (Toolybird) - Thursday, 19 January 2023, 01:43 GMT
Task Type Bug Report
Category Kernel
Status Closed
Assigned To No-one
Architecture x86_64
Severity High
Priority Normal
Reported Version
Due in Version Undecided
Due Date Undecided
Percent Complete 100%
Votes 2
Private No

Details

Description: Kernels 6.1.x Failure to mount external Samba v.1.0 shares

Failure to mount old external Windows smb shares v1 (either from fstab or manually).

Affected arch kernels: linux-6.1-arch1-1 & linux-6.1.1-arch1-1 (64-bit)

Latest working version of arch kernel is linux-6.0.12-arch1-1 (64-bit) that works in fstab even without smb.conf file.

Relevant /etc/fstab line:
//pc/share /media/share cifs vers=1.0,noauto,nofail,x-systemd.automount,x-systemd.idle-timeout=15min,cred=/etc/samba/.cred/share,uid=1000,gid=1000,dir_mode=0755,file_mode=0644,users 0 0


Adding /etc/samba/smb.conf config file with the lines below does not help:

[global]
server min protocol = NT1


Mount OK log:

systemd[738]: Started Dolphin - File Manager.
dolphin[11774]: QObject::disconnect: Unexpected nullptr parameter
systemd[1]: media-share.automount: Got automount request for /media/share, triggered by 11793 (KIO::WorkerThre)
systemd[1]: Mounting /media/share...
kernel: Use of the less secure dialect vers=1.0 is not recommended unless required for access to very old servers
kernel: CIFS: VFS: Use of the less secure dialect vers=1.0 is not recommended unless required for access to very old servers
kernel: CIFS: Attempting to mount \\pc\share
systemd[1]: Mounted /media/share.



Mount Error log:

systemd[1]: media-share.automount: Got automount request for /media/share, triggered by 3144 (dolphin)
systemd[1]: Mounting /media/share...
kernel: Use of the less secure dialect vers=1.0 is not recommended unless required for access to very old servers
kernel: CIFS: VFS: Use of the less secure dialect vers=1.0 is not recommended unless required for access to very old servers
kernel: CIFS: Attempting to mount \\pc\share
kernel: CIFS: VFS: bogus file nlink value 0
mount[3212]: mount error(20): Not a directory
mount[3212]: Refer to the mount.cifs(8) manual page (e.g. man mount.cifs) and kernel log messages (dmesg)
systemd[1]: media-share.mount: Mount process exited, code=exited, status=32/n/a
systemd[1]: media-share.mount: Failed with result 'exit-code'.
systemd[1]: Failed to mount /media/share.


Extra: the system is up-to-date:

Operating System: Arch Linux
KDE Plasma Version: 5.26.4
KDE Frameworks Version: 5.101.0
Qt Version: 5.15.7
Kernel Version: 6.0.12-arch1-1 (64-bit)
Graphics Platform: X11
Processors: 8 × Intel® Core™ i7-4770K CPU @ 3.50GHz
This task depends upon

Closed by  Toolybird (Toolybird)
Thursday, 19 January 2023, 01:43 GMT
Reason for closing:  Fixed
Additional comments about closing:  linux 6.1.7.arch1-1
Comment by Toolybird (Toolybird) - Tuesday, 27 December 2022, 01:35 GMT
> kernel: CIFS: VFS: bogus file nlink value 0

Lots of hits for that error when searching online, although no clear cause AFAICT. There have been quite a few commits to the CIFS code since linux-6.1.1 so it might be worthwhile trying latest -rc or mainline kernel to see if it's been fixed. If not, then usual kernel regression debugging applies [1]. i.e. find bad commit, report upstream, etc. Please let us know what you find out.

[1] https://wiki.archlinux.org/title/Kernel#Debugging_regressions
Comment by hotice (hotice) - Tuesday, 27 December 2022, 02:09 GMT
From https://github.com/archlinux/svntogit-packages/blob/8bcefabdb39ba2ad956a350ceb6fc543b92f2d49/trunk/config#L9816
linux-6.1 uses CONFIG_CIFS_ALLOW_INSECURE_LEGACY=y
so that's OK.

Between working and nonworking builds there are quite a few changes:
https://github.com/archlinux/svntogit-packages/commit/75fec548851924534fe61439d0f879be8a7532cf
or
https://github.com/archlinux/svntogit-packages/commit/94647cd1eefbdb81665c9bc9b6a0fbcee39fed1c

Bisecting? No time to even build mainline or rc kernels from AUR/git, and no chaotic-aur repo yet exist for arch...
I'd guess anyone could easy replicate the issue with an WinXP (32-bit) share.


Update Jan 6, 2023: Kernel Version: 6.1.3-arch1-1 (64-bit) doesn't work either, downgrade back to 6.0.12.
Comment by hotice (hotice) - Saturday, 07 January 2023, 22:08 GMT
As I stated before I've no time to build kernels just to check all the switches...
Anyway, some (presumably outdated or not supported anymore) omissions may cause the old protocol malfunction.
I see the following switches were removed from kernel 6.1.0 config:

CONFIG_MEMCG_SWAP CONFIG_GPIO_ADP5588 CONFIG_SENSORS_ASPEED CONFIG_VIDEO_CPIA2 CONFIG_USB_ZR364XX CONFIG_VIDEO_MEYE ...
CONFIG_FIREWIRE_SERIAL CONFIG_FWTTY_MAX_TOTAL_PORTS=64 CONFIG_FWTTY_MAX_CARD_PORTS=32 ...
That BTQ hints that FireWire devices support is silently dropped as the last code changes were in 2007 :(

CONFIG_CRYPTO_CURVE25519_X86
CONFIG_LIB_MEMNEQ

That's all I found on Arch part.


Now looks like some folks already awaking:
https://bugzilla.kernel.org/buglist.cgi?component=CIFS&order=changeddate+DESC%2Cbug_status%2Cpriority%2Cassigned_to%2Cbug_id&product=File+System&query_format=advanced&resolution=---

Started from here: https://bugzilla.kernel.org/show_bug.cgi?id=215375
Continued there: https://bugzilla.kernel.org/show_bug.cgi?id=216682

For enabling SMB v1 LANMAN there is suggestion to turn weaker routines switch when building kernel: https://bugzilla.kernel.org/show_bug.cgi?id=215375#c63
So far no idea if/when WindowsXP NTLM v1 (possibly v2 too) will be dropped behind the non-default switch as they did for LANMAN sec.
Anyway, the regression is obvious as many folks use those old media boxes within LAN where potential attackers aren't expected or even interested.

At last this report from OP is very much describes my situation: https://bugzilla.kernel.org/show_bug.cgi?id=216881
and looks like they got working patches, so looking for the next kernel updates...
Comment by Kim Scarborough (chowbok) - Saturday, 07 January 2023, 22:43 GMT
That patch worked with the default Arch kernel config, so presumably this bug will be fixed with the 6.1.4 release.
Comment by loqs (loqs) - Saturday, 07 January 2023, 23:03 GMT
You mean [1] and [2] as applied in [3][4], or some other patch?

[1] https://lore.kernel.org/linux-cifs/20230107200134.4822-1-pc%40cjr.nz/
[2] https://lore.kernel.org/linux-cifs/20230107200134.4822-2-pc%40cjr.nz/
[3] https://drive.google.com/file/d/15RyNR7m6eYAbDmy2fnPJgUyMBxFbPKa-/view?usp=share_link linux-6.1.4.arch1-1.1-x86_64.pkg.tar.zst
[4] https://drive.google.com/file/d/1E5chFOSYPnb62D7bw2sN_3F5DmrzRdIR/view?usp=share_link linux-headers-6.1.4.arch1-1.1-x86_64.pkg.tar.zst
Comment by hotice (hotice) - Monday, 09 January 2023, 12:19 GMT
No dice with 6.1.4 either. Manual attempt:

sudo mount -t cifs //pc/share /tmp/share -o vers=1.0,cred=/etc/samba/.cred/share
mount error(20): Not a directory
Refer to the mount.cifs(8) manual page (e.g. man mount.cifs) and kernel log messages (dmesg)

Log:
kernel Use of the less secure dialect vers=1.0 is not recommended unless required for access to very old servers

kernel CIFS: VFS: Use of the less secure dialect vers=1.0 is not recommended unless required for access to very old servers
kernel CIFS: Attempting to mount \\pc\share
kernel CIFS: VFS: bogus file nlink value 0


Comment by loqs (loqs) - Monday, 09 January 2023, 13:35 GMT
@hotice was that 6.1.4 that from the repositories or linux-6.1.4.arch1-1.1-x86_64.pkg.tar.zst from my link above that was patched that still has the issue?
Comment by hotice (hotice) - Monday, 09 January 2023, 15:17 GMT
@loqs that was from the official repos.
Comment by loqs (loqs) - Monday, 09 January 2023, 15:28 GMT
Please consider testing the patched packages as you do not have time to build them.
Comment by hotice (hotice) - Monday, 09 January 2023, 15:49 GMT
YES, THAT ONE WORKS!
$ uname -a
Linux 6.1.4-arch1-1.1 #1 SMP PREEMPT_DYNAMIC Sat, 07 Jan 2023 22:44:39 +0000 x86_64 GNU/Linux

So what should we expect? To make an unofficial patches from now? Or archlinux will have them officially? Or in the upstream the regression will be fixed since v6.1.5?
Comment by Kim Scarborough (chowbok) - Monday, 09 January 2023, 16:17 GMT
I'm sure the upstream will be fixed at some point soon.
Comment by hotice (hotice) - Friday, 13 January 2023, 21:01 GMT
6.1.5.arch2-1 is still the same as 6.1.4 :(
Comment by loqs (loqs) - Sunday, 15 January 2023, 23:03 GMT
Fixes are queued for 6.1.7 [1][2]

[1] https://git.kernel.org/pub/scm/linux/kernel/git/stable/stable-queue.git/commit/queue-6.1/cifs-fix-file-info-setting-in-cifs_open_file.patch?id=b329f1373dcf9d93d96646057c4c1da53e3015a3
[2] https://git.kernel.org/pub/scm/linux/kernel/git/stable/stable-queue.git/commit/queue-6.1/cifs-fix-file-info-setting-in-cifs_query_path_info.patch?id=b329f1373dcf9d93d96646057c4c1da53e3015a3
Comment by loqs (loqs) - Wednesday, 18 January 2023, 22:15 GMT
Can you confirm the issue is resolved in linux 6.1.7.arch1-1, currently in testing?
Comment by hotice (hotice) - Wednesday, 18 January 2023, 23:10 GMT
@loqs Yep, works as expected, may close down the issue for now)
Thanks!


Package (1) Old Version New Version Net Change Download Size

testing/linux 6.1.4.arch1-1.1 6.1.7.arch1-1 0.17 MiB 164.07 MiB

Loading...