linux-azure CIFS DFS oops

Bug #1935833 reported by Tim Gardner
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
linux (Ubuntu)
Fix Released
Undecided
Unassigned
Focal
Fix Released
Medium
Unassigned
linux-azure (Ubuntu)
Fix Released
Undecided
Unassigned
Focal
Fix Released
Medium
Tim Gardner

Bug Description

SRU Justification

[Impact]

A Microsoft customer is reporting a kernel oops when attempting a DFS connection.

[Fix]

a52930353eaf443489a350a135c5525a4acbbf56 cifs: handle empty list of targets in cifs_reconnect()
baf3f08ef4083b76ca67b143e135213a7f941879 cifs: get rid of unused parameter in reconn_setup_dfs_targets()

The addition of these 2 patches has been confirmed to prevent the oops.

[Test Case]

Mount a Windows DFS share

[Where problems could occur]

Mounts could continue to fail even though the kernel no longer crashes.

[Other Info]

SF: #00313885

CVE References

Tim Gardner (timg-tpi)
Changed in linux-azure (Ubuntu):
status: New → Fix Released
Changed in linux-azure (Ubuntu Focal):
status: New → In Progress
importance: Undecided → Medium
assignee: nobody → Tim Gardner (timg-tpi)
Changed in linux (Ubuntu):
status: New → Fix Released
Changed in linux (Ubuntu Focal):
status: New → In Progress
importance: Undecided → Medium
Revision history for this message
Tim Gardner (timg-tpi) wrote :
Tim Gardner (timg-tpi)
Changed in linux (Ubuntu Focal):
status: In Progress → Fix Committed
Changed in linux-azure (Ubuntu Focal):
status: In Progress → Fix Committed
Revision history for this message
Ubuntu Kernel Bot (ubuntu-kernel-bot) wrote :

This bug is awaiting verification that the kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-focal' to 'verification-done-focal'. If the problem still exists, change the tag 'verification-needed-focal' to 'verification-failed-focal'.

If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you!

tags: added: verification-needed-focal
Revision history for this message
Tim Gardner (timg-tpi) wrote :

Microsoft reports "Engineer confirms, test kernel certainly helps with the oops.". Marking verification done on the basis of MS testing.

tags: added: verification-done-focal
removed: verification-needed-focal
Revision history for this message
Launchpad Janitor (janitor) wrote :
Download full text (28.0 KiB)

This bug was fixed in the package linux-azure - 5.4.0-1055.57

---------------
linux-azure (5.4.0-1055.57) focal; urgency=medium

  [ Ubuntu: 5.4.0-80.90 ]

  * CVE-2021-33909
    - SAUCE: seq_file: Disallow extremely large seq buffer allocations

linux-azure (5.4.0-1054.56) focal; urgency=medium

  * focal/linux-azure: 5.4.0-1054.56 -proposed tracker (LP: #1935858)

  * linux-azure CIFS DFS oops (LP: #1935833)
    - cifs: get rid of unused parameter in reconn_setup_dfs_targets()
    - cifs: handle empty list of targets in cifs_reconnect()

linux-azure (5.4.0-1053.55) focal; urgency=medium

  * focal/linux-azure: 5.4.0-1053.55 -proposed tracker (LP: #1934321)

  [ Ubuntu: 5.4.0-79.88 ]

  * focal/linux: 5.4.0-79.88 -proposed tracker (LP: #1934343)
  * lxd exec fails (LP: #1934187)
    - SAUCE: Revert "proc: Check /proc/$pid/attr/ writes against file opener"

linux-azure (5.4.0-1052.54) focal; urgency=medium

  * focal/linux-azure: 5.4.0-1052.54 -proposed tracker (LP: #1932456)

  * Patch To Fix Bug in the Linux Block Layer Responsible For Merging BIOs
    (LP: #1931497)
    - block: return the correct bvec when checking for gaps

  [ Ubuntu: 5.4.0-78.87 ]

  * focal/linux: 5.4.0-78.87 -proposed tracker (LP: #1932478)
  * Packaging resync (LP: #1786013)
    - [Packaging] resync getabis
    - [Packaging] update helper scripts
    - update dkms package versions
  * Disable hv-kvp-daemon.service on certain instance types (LP: #1932081)
    - [Packaging]: Add kernel command line condition to hv-kvp-daemon service
  * QLogic Direct-Connect host can't discover SCSI-FC or NVMe/FC devices
    (LP: #1860724)
    - scsi: qla2xxx: Serialize fc_port alloc in N2N
    - scsi: qla2xxx: Set Nport ID for N2N
    - scsi: qla2xxx: Fix point-to-point (N2N) device discovery issue
    - scsi: qla2xxx: Fix N2N and NVMe connect retry failure
  * [SRU] Add support for E810 NIC to Ice Driver in Focal (LP: #1912511)
    - ice: add additional E810 device id
  * Focal update: v5.4.124 upstream stable release (LP: #1931166)
    - ALSA: hda/realtek: Headphone volume is controlled by Front mixer
    - ALSA: usb-audio: scarlett2: Fix device hang with ehci-pci
    - ALSA: usb-audio: scarlett2: Improve driver startup messages
    - cifs: set server->cipher_type to AES-128-CCM for SMB3.0
    - NFSv4: Fix a NULL pointer dereference in pnfs_mark_matching_lsegs_return()
    - iommu/vt-d: Fix sysfs leak in alloc_iommu()
    - perf intel-pt: Fix sample instruction bytes
    - perf intel-pt: Fix transaction abort handling
    - perf scripts python: exported-sql-viewer.py: Fix copy to clipboard from Top
      Calls by elapsed Time report
    - perf scripts python: exported-sql-viewer.py: Fix Array TypeError
    - perf scripts python: exported-sql-viewer.py: Fix warning display
    - proc: Check /proc/$pid/attr/ writes against file opener
    - net: hso: fix control-request directions
    - ath10k: Validate first subframe of A-MSDU before processing the list
    - dm snapshot: properly fix a crash when an origin has no snapshots
    - drm/amdgpu/vcn1: add cancel_delayed_work_sync before power gate
    - drm/amdgpu/vcn2.0: add cancel_delayed_work_sync before power gate
    - drm/amdgpu/...

Changed in linux-azure (Ubuntu Focal):
status: Fix Committed → Fix Released
Revision history for this message
Launchpad Janitor (janitor) wrote :
Download full text (18.2 KiB)

This bug was fixed in the package linux - 5.4.0-81.91

---------------
linux (5.4.0-81.91) focal; urgency=medium

  * Packaging resync (LP: #1786013)
    - update dkms package versions

  * large_dir in ext4 broken (LP: #1933074)
    - SAUCE: ext4: fix directory index node split corruption

  * Some test in kselftest/net on focal source tree were not tested at all
    (LP: #1934282)
    - selftests/net: add missing tests to Makefile

  * curtin: install flash-kernel in arm64 UEFI unexpected (LP: #1918427)
    - [Packaging] Allow grub-efi-arm* to satisfy recommends on ARM

  * Add l2tp.sh in net from ubuntu_kernel_selftests back (LP: #1934293)
    - Revert "UBUNTU: SAUCE: selftests/net -- disable l2tp.sh test"

  * icmp_redirect.sh in net from ubuntu_kernel_selftests failed on F-OEM-5.6 /
    F-OEM-5.10 / F-OEM-5.13 / F / G / H (LP: #1880645)
    - selftests: icmp_redirect: support expected failures

  * Focal update: v5.4.128 upstream stable release (LP: #1934179)
    - dmaengine: ALTERA_MSGDMA depends on HAS_IOMEM
    - dmaengine: QCOM_HIDMA_MGMT depends on HAS_IOMEM
    - dmaengine: stedma40: add missing iounmap() on error in d40_probe()
    - afs: Fix an IS_ERR() vs NULL check
    - mm/memory-failure: make sure wait for page writeback in memory_failure
    - kvm: LAPIC: Restore guard to prevent illegal APIC register access
    - batman-adv: Avoid WARN_ON timing related checks
    - net: ipv4: fix memory leak in netlbl_cipsov4_add_std
    - vrf: fix maximum MTU
    - net: rds: fix memory leak in rds_recvmsg
    - net: lantiq: disable interrupt before sheduling NAPI
    - udp: fix race between close() and udp_abort()
    - rtnetlink: Fix regression in bridge VLAN configuration
    - net/sched: act_ct: handle DNAT tuple collision
    - net/mlx5e: Remove dependency in IPsec initialization flows
    - net/mlx5e: Fix page reclaim for dead peer hairpin
    - net/mlx5: Consider RoCE cap before init RDMA resources
    - net/mlx5e: allow TSO on VXLAN over VLAN topologies
    - net/mlx5e: Block offload of outer header csum for UDP tunnels
    - netfilter: synproxy: Fix out of bounds when parsing TCP options
    - sch_cake: Fix out of bounds when parsing TCP options and header
    - alx: Fix an error handling path in 'alx_probe()'
    - net: stmmac: dwmac1000: Fix extended MAC address registers definition
    - net: make get_net_ns return error if NET_NS is disabled
    - qlcnic: Fix an error handling path in 'qlcnic_probe()'
    - netxen_nic: Fix an error handling path in 'netxen_nic_probe()'
    - net: qrtr: fix OOB Read in qrtr_endpoint_post
    - ptp: improve max_adj check against unreasonable values
    - net: cdc_ncm: switch to eth%d interface naming
    - lantiq: net: fix duplicated skb in rx descriptor ring
    - net: usb: fix possible use-after-free in smsc75xx_bind
    - net: fec_ptp: fix issue caused by refactor the fec_devtype
    - net: ipv4: fix memory leak in ip_mc_add1_src
    - net/af_unix: fix a data-race in unix_dgram_sendmsg / unix_release_sock
    - be2net: Fix an error handling path in 'be_probe()'
    - net: hamradio: fix memory leak in mkiss_close
    - net: cdc_eem: fix tx fixup skb leak
    - cxgb4: fix wrong shift.
    - bnx...

Changed in linux (Ubuntu Focal):
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers