CIFS: Enable encryption for SMB3

Bug #1670508 reported by Stephen A. Zarkos on 2017-03-06
22
This bug affects 4 people
Affects Status Importance Assigned to Milestone
linux (Ubuntu)
Medium
Tim Gardner
Xenial
Medium
Joseph Salisbury
Yakkety
Medium
Joseph Salisbury
Zesty
Medium
Tim Gardner

Bug Description

There has been work upstream to enable encryption support for SMB3 connections. This is a particularly valuable (and commonly requested) feature with the Azure Files service as encryption is required to connect to an Azure Files storage share from on-prem or from a different Azure region.

The relevant commits are as follows:

CIFS: Fix possible use after free in demultiplex thread
Commit 61cfac6f267dabcf2740a7ec8a0295833b28b5f5

CIFS: Allow to switch on encryption with seal mount option
Commit ae6f8dd4d0c87bfb72da9d9b56342adf53e69c31

CIFS: Add capability to decrypt big read responses
Commit c42a6abe3012832a68a371dabe17c2ced97e62ad

CIFS: Decrypt and process small encrypted packets
Commit 4326ed2f6a16ae9d33e4209b540dc9a371aba840

CIFS: Add copy into pages callback for a read operation
Commit d70b9104b1ca586f73aaf59426756cec3325a40e

CIFS: Add mid handle callback
Commit 9b7c18a2d4b798963ea80f6769701dcc4c24b55e

CIFS: Add transform header handling callbacks
Commit 9bb17e0916a03ab901fb684e874d77a1e96b3d1e

CIFS: Encrypt SMB3 requests before sending
Commit 026e93dc0a3eefb0be060bcb9ecd8d7a7fd5c398

CIFS: Enable encryption during session setup phase
Commit cabfb3680f78981d26c078a26e5c748531257ebb

CIFS: Add capability to transform requests before sending
Commit 7fb8986e7449d0a5cebd84d059927afa423fbf85

CIFS: Separate RFC1001 length processing for SMB2 read
Commit b8f57ee8aad414a3122bff72d7968a94baacb9b6

CIFS: Separate SMB2 sync header processing
Commit cb200bd6264a80c04e09e8635fa4f3901cabdaef

CIFS: Send RFC1001 length in a separate iov
Commit 738f9de5cdb9175c19d24cfdf90b4543fc3b47bf

CIFS: Make send_cancel take rqst as argument
Commit fb2036d817584df42504910fe104f68517e8990e

CIFS: Make SendReceive2() takes resp iov
Commit da502f7df03d2d0b416775f92ae022f3f82bedd5

CIFS: Separate SMB2 header structure
Commit 31473fc4f9653b73750d3792ffce6a6e1bdf0da7

cifs: Add soft dependencies
Commit b9be76d585d48cb25af8db0d35e1ef9030fbe13a

cifs: Only select the required crypto modules
Commit 3692304bba6164be3810afd41b84ecb0e1e41db1

cifs: Simplify SMB2 and SMB311 dependencies
Commit c1ecea87471bbb614f8121e00e5787f363140365

This bug is missing log files that will aid in diagnosing the problem. From a terminal window please run:

apport-collect 1670508

and then change the status of the bug to 'Confirmed'.

If, due to the nature of the issue you have encountered, you are unable to run this command, please add a comment stating that fact and change the bug status to 'Confirmed'.

This change has been made by an automated script, maintained by the Ubuntu Kernel Team.

Changed in linux (Ubuntu):
status: New → Incomplete
Stephen A. Zarkos (stevez) wrote :

No logs needed. Thanks.

description: updated
Changed in linux (Ubuntu):
status: Incomplete → Confirmed
Tim Gardner (timg-tpi) on 2017-03-07
Changed in linux (Ubuntu Zesty):
assignee: nobody → Tim Gardner (timg-tpi)
status: Confirmed → Fix Committed
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package linux - 4.10.0-13.15

---------------
linux (4.10.0-13.15) zesty; urgency=low

  [ Tim Gardner ]

  * Release Tracking Bug
    - LP: #1671614

  * ehci-platform needed in usb-modules udeb (LP: #1671589)
    - d-i: add ehci-platform to usb-modules

  * irqchip/gic-v3-its: Enable cacheable attribute Read-allocate hints
    (LP: #1671598)
    - irqchip/gic-v3-its: Enable cacheable attribute Read-allocate hints

  * iommu: Fix static checker warning in iommu_insert_device_resv_regions
    (LP: #1671599)
    - iommu: Fix static checker warning in iommu_insert_device_resv_regions

  * QDF2400: Fix panic introduced by erratum 1003 (LP: #1671602)
    - arm64: Avoid clobbering mm in erratum workaround on QDF2400

  * QDF2400 PCI ports require ACS quirk (LP: #1671601)
    - PCI: Add ACS quirk for Qualcomm QDF2400 and QDF2432

  * tty: pl011: Work around QDF2400 E44 stuck BUSY bit (LP: #1671600)
    - tty: pl011: Work around QDF2400 E44 stuck BUSY bit

  * CVE-2017-2636
    - tty: n_hdlc: get rid of racy n_hdlc.tbuf

  * Sync virtualbox to 5.1.16-dfsg-1 in zesty (LP: #1671470)
    - ubuntu: vbox -- Update to 5.1.16-dfsg-1

 -- Tim Gardner <email address hidden> Thu, 09 Mar 2017 06:16:24 -0700

Changed in linux (Ubuntu Zesty):
status: Fix Committed → Fix Released
Launchpad Janitor (janitor) wrote :

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in linux (Ubuntu Xenial):
status: New → Confirmed
Joshua R. Poulson (jrp) on 2017-03-16
Changed in linux (Ubuntu Yakkety):
status: New → Confirmed
Changed in linux (Ubuntu Zesty):
importance: Undecided → Medium
Changed in linux (Ubuntu Yakkety):
importance: Undecided → Medium
Changed in linux (Ubuntu Xenial):
importance: Undecided → Medium
tags: added: kernel-da-key kernel-hyper-v
Changed in linux (Ubuntu Xenial):
assignee: nobody → Joseph Salisbury (jsalisbury)
Changed in linux (Ubuntu Yakkety):
assignee: nobody → Joseph Salisbury (jsalisbury)
status: Confirmed → In Progress
Changed in linux (Ubuntu Xenial):
status: Confirmed → In Progress
Joseph Salisbury (jsalisbury) wrote :

I built a Yakkety and a Xenial test kernel with the requested cifs commits.

The following prereq commits were required:
8b217fe7fcad Prereq for X and Y - v4.10-rc1~9^2~9
166cea4dc3a4 Prereq for X and Y - v4.9-rc1~6^2~4
3baf1a7b9215 Prereq for X and Y - v4.9-rc1~6^2~5
141891f4727c Prereq for X and Y - v4.9-rc1~6^2~10
4214ebf46547 Prereq for X - v4.8-rc7~9^2~2
a6137305a8c4 Prereq for X - v4.7-rc1~145^2~1
71335664c38f Prereq for X - v4.7-rc1~145^2
09aab880f7c5 Prereq for X - v4.7-rc1~145^2~2
16c568efff82 Prereq for X - v4.7-rc1~145^2~4
2da62906b1e2 Prereq for X - v4.7-rc1~145^2~5
373512ec5c10 Prereq for X - v4.5-rc1~6^2~2
adfeb3e00e8e Prereq for X - v4.5-rc1~6^2~4

The test kernels can be downloaded from:
Xenial: http://kernel.ubuntu.com/~jsalisbury/lp1670508/xenial
Yakkety: http://kernel.ubuntu.com/~jsalisbury/lp1670508/yakkety

Can these kernels be tested to see if they resolve this bug?

Christian Rank (c-rank) wrote :

I tested the Yakkety test kernel on Ubuntu 16.04 (with HWE):

root@u1604:/tmp/mnt# lsb_release -a
No LSB modules are available.
Distributor ID: Ubuntu
Description: Ubuntu 16.04.2 LTS
Release: 16.04
Codename: xenial

root@u1604:/tmp/mnt# uname -a
Linux u1604 4.8.0-44-generic #47~lp1670508 SMP Fri Mar 24 19:45:44 UTC 2017 x86_64 x86_64 x86_64 GNU/Linux

I was able to perform an encrypted SMB mount successfully => bug for this configuration resolved.

Christian Rank (c-rank) wrote :

Another test: Xenial test kernel on Ubuntu 14.04 (with HWE):

root@u1404:~# lsb_release -a
No LSB modules are available.
Distributor ID: Ubuntu
Description: Ubuntu 14.04.5 LTS
Release: 14.04
Codename: trusty

root@u1404:~# uname -a
Linux u1404 4.4.0-71-generic #92~lp1670508 SMP Fri Mar 24 19:02:19 UTC 2017 x86_64 x86_64 x86_64 GNU/Linux

Encrypted SMB mount is successful => bug for this configuration resolved.

Pavel Shilovsky (pshilovsky) wrote :

Successfully tested the patched kernel for Xenial with xfstests and cthon test suites.

$ lsb_release -a
No LSB modules are available.
Distributor ID: Ubuntu
Description: Ubuntu 16.04.2 LTS
Release: 16.04
Codename: xenial

$ uname -a
Linux ubuntu-vm 4.4.0-71-generic #92~lp1670508 SMP Fri Mar 24 19:02:19 UTC 2017 x86_64 x86_64 x86_64 GNU/Linux

Changed in linux (Ubuntu Yakkety):
status: In Progress → Fix Committed

This bug is awaiting verification that the kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-yakkety' to 'verification-done-yakkety'. If the problem still exists, change the tag 'verification-needed-yakkety' to 'verification-failed-yakkety'.

If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you!

tags: added: verification-needed-yakkety
Pavel Shilovsky (pshilovsky) wrote :

Successfully tested the patched kernel for Xenial with xfstests and cthon test suites.

$ uname -a
Linux ubuntu-vm 4.8.0-54-generic #57-Ubuntu SMP Wed May 24 10:21:44 UTC 2017 x86_64 x86_64 x86_64 GNU/Linux

Thank you, pshilovsky!

tags: added: verification-done-yakkety
removed: verification-needed-yakkety
Launchpad Janitor (janitor) wrote :
Download full text (4.3 KiB)

This bug was fixed in the package linux - 4.8.0-54.57

---------------
linux (4.8.0-54.57) yakkety; urgency=low

  * linux: 4.8.0-54.57 -proposed tracker (LP: #1692589)

  * CVE-2017-0605
    - tracing: Use strlcpy() instead of strcpy() in __trace_find_cmdline()

  * Populating Hyper-V MSR for Ubuntu 13.10 (LP: #1193172)
    - SAUCE: (no-up) hv: Supply vendor ID and package ABI

  * [Hyper-V] Implement Hyper-V PTP Source (LP: #1676635)
    - hv: allocate synic pages for all present CPUs
    - hv: init percpu_list in hv_synic_alloc()
    - Drivers: hv: vmbus: Prevent sending data on a rescinded channel
    - hv: switch to cpuhp state machine for synic init/cleanup
    - hv: make CPU offlining prevention fine-grained
    - Drivers: hv: vmbus: Fix a rescind handling bug
    - Drivers: hv: util: kvp: Fix a rescind processing issue
    - Drivers: hv: util: Fcopy: Fix a rescind processing issue
    - Drivers: hv: util: Backup: Fix a rescind processing issue
    - Drivers: hv: vmbus: Move the definition of hv_x64_msr_hypercall_contents
    - Drivers: hv: vmbus: Move the definition of generate_guest_id()
    - Revert "UBUNTU: SAUCE: (no-up) hv: Supply vendor ID and package ABI"
    - Drivers: hv vmbus: Move Hypercall page setup out of common code
    - Drivers: hv: vmbus: Move Hypercall invocation code out of common code
    - Drivers: hv: vmbus: Consolidate all Hyper-V specific clocksource code
    - Drivers: hv: vmbus: Move the extracting of Hypervisor version information
    - Drivers: hv: vmbus: Move the crash notification function
    - Drivers: hv: vmbus: Move the check for hypercall page setup
    - Drivers: hv: vmbus: Move the code to signal end of message
    - Drivers: hv: vmbus: Restructure the clockevents code
    - Drivers: hv: util: Use hv_get_current_tick() to get current tick
    - Drivers: hv: vmbus: Get rid of an unsused variable
    - Drivers: hv: vmbus: Define APIs to manipulate the message page
    - Drivers: hv: vmbus: Define APIs to manipulate the event page
    - Drivers: hv: vmbus: Define APIs to manipulate the synthetic interrupt
      controller
    - Drivers: hv: vmbus: Define an API to retrieve virtual processor index
    - Drivers: hv: vmbus: Define an APIs to manage interrupt state
    - Drivers: hv: vmbus: Cleanup hyperv_vmbus.h
    - hv_util: switch to using timespec64
    - Drivers: hv: restore hypervcall page cleanup before kexec
    - Drivers: hv: restore TSC page cleanup before kexec
    - Drivers: hv: balloon: add a fall through comment to hv_memory_notifier()
    - Drivers: hv: vmbus: Use all supported IC versions to negotiate
    - Drivers: hv: Log the negotiated IC versions.
    - Drivers: hv: Fix the bug in generating the guest ID
    - hv: export current Hyper-V clocksource
    - hv_utils: implement Hyper-V PTP source
    - SAUCE: (no-up) hv: Supply vendor ID and package ABI

  * CIFS: Enable encryption for SMB3 (LP: #1670508)
    - SMB3: Add mount parameter to allow user to override max credits
    - SMB2: Separate Kerberos authentication from SMB2_sess_setup
    - SMB2: Separate RawNTLMSSP authentication from SMB2_sess_setup
    - SMB3: parsing for new snapshot timestamp mount parm
    - cifs: Simplify SMB...

Read more...

Changed in linux (Ubuntu Yakkety):
status: Fix Committed → Fix Released
Joseph Salisbury (jsalisbury) wrote :

A new xenial test kernel has been built and uploaded to:

http://kernel.ubuntu.com/~jsalisbury/lp1670508/

Stephen A. Zarkos (stevez) wrote :

Hi Joseph,

We've tested your previous Xenial test kernel from comment #5. Have there been any changes that we need to test again, or can we test when the kernel moves to proposed?

Hi, Stephen.

There has been a rebase. We are going to include it in the -proposed kernel, but will not think twice before reverting them, in case any issue occurs, or that kernel is not verified. We have given this build to get this tested before applying it. It's unfortunate no test has been done. The need for this has been discussed in the mailing list as well.

Regards.
Cascardo.

Changed in linux (Ubuntu Xenial):
status: In Progress → Fix Committed
Pavel Shilovsky (pshilovsky) wrote :

Successfully tested the patched kernel for Xenial with xfstests and cthon test suites.

$ uname -a
Linux ubuntu-vm 4.4.0-53-generic #74~lp1670508 SMP Wed Jun 21 19:42:04 UTC 2017 x86_64 x86_64 x86_64 GNU/Linux

This bug is awaiting verification that the kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-xenial' to 'verification-done-xenial'. If the problem still exists, change the tag 'verification-needed-xenial' to 'verification-failed-xenial'.

If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you!

tags: added: verification-needed-xenial

Hi Stephen and Pavel,

Could you please run a test again with the xenial kernel currently on -proposed?

Thank you.

Pavel Shilovsky (pshilovsky) wrote :
Download full text (5.3 KiB)

Hi Kleber,

I tested the Xenial kernel from -proposed and got the following crash:

Jul 13 14:38:05 ubuntu-vm kernel: [ 770.262084] BUG: unable to handle kernel NULL pointer dereference at (null)
Jul 13 14:38:05 ubuntu-vm kernel: [ 770.262087] IP: [<ffffffffc034151c>] cifs_discard_remaining_data+0xc/0x70 [cifs]
Jul 13 14:38:05 ubuntu-vm kernel: [ 770.262098] PGD 7db4fb067 PUD 7d5e3a067 PMD 0
Jul 13 14:38:05 ubuntu-vm kernel: [ 770.262100] Oops: 0000 [#1] SMP
Jul 13 14:38:05 ubuntu-vm kernel: [ 770.262340] Modules linked in: cifs drbg ansi_cprng cmac arc4 md4 nls_utf8 ccm fscache crct10dif_pclmul crc32_pclmul ghash_clmulni_intel aesni_intel i2c_piix4 aes_x86_64 8250_fintek lrw hyperv_fb gf128mul hv_balloon glue_helper ablk_helper cryptd input_leds serio_raw joydev mac_hid nfsd auth_rpcgss nfs_acl lockd grace sunrpc parport_pc ppdev lp parport autofs4 hid_generic hv_netvsc hv_utils ptp hid_hyperv hv_storvsc pps_core hid scsi_transport_fc hyperv_keyboard psmouse pata_acpi hv_vmbus floppy fjes [last unloaded: cifs]
Jul 13 14:38:05 ubuntu-vm kernel: [ 770.262360] CPU: 2 PID: 18568 Comm: cifsd Not tainted 4.4.0-85-generic #108-Ubuntu
Jul 13 14:38:05 ubuntu-vm kernel: [ 770.262361] Hardware name: Microsoft Corporation Virtual Machine/Virtual Machine, BIOS 090006 01/06/2017
Jul 13 14:38:05 ubuntu-vm kernel: [ 770.262362] task: ffff8807e1440f00 ti: ffff8807da868000 task.ti: ffff8807da868000
Jul 13 14:38:05 ubuntu-vm kernel: [ 770.262363] RIP: 0010:[<ffffffffc034151c>] [<ffffffffc034151c>] cifs_discard_remaining_data+0xc/0x70 [cifs]
Jul 13 14:38:05 ubuntu-vm kernel: [ 770.262371] RSP: 0018:ffff8807da86bdc0 EFLAGS: 00010246
Jul 13 14:38:05 ubuntu-vm kernel: [ 770.262372] RAX: 00000000ffffffc3 RBX: ffff8807df0ae200 RCX: 0000000000000000
Jul 13 14:38:05 ubuntu-vm kernel: [ 770.262373] RDX: ffffffffc0390b80 RSI: 0000000000000000 RDI: ffff8807db71c000
Jul 13 14:38:05 ubuntu-vm kernel: [ 770.262373] RBP: ffff8807da86bdd0 R08: 000000000000004d R09: ffff8807da86bcfc
Jul 13 14:38:05 ubuntu-vm kernel: [ 770.262374] R10: 00000000000001fc R11: 0000000000000000 R12: 000000000000004d
Jul 13 14:38:05 ubuntu-vm kernel: [ 770.262375] R13: ffff8800f2fa1c00 R14: ffff8800f2fa1c00 R15: ffff8807df2ea680
Jul 13 14:38:05 ubuntu-vm kernel: [ 770.262376] FS: 0000000000000000(0000) GS:ffff8807e5680000(0000) knlGS:0000000000000000
Jul 13 14:38:05 ubuntu-vm kernel: [ 770.262377] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
Jul 13 14:38:05 ubuntu-vm kernel: [ 770.262377] CR2: 0000000000000000 CR3: 00000007de707000 CR4: 00000000003406e0
Jul 13 14:38:05 ubuntu-vm kernel: [ 770.262379] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
Jul 13 14:38:05 ubuntu-vm kernel: [ 770.262380] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Jul 13 14:38:05 ubuntu-vm kernel: [ 770.262380] Stack:
Jul 13 14:38:05 ubuntu-vm kernel: [ 770.262381] ffff8807df0ae200 000000000000004d ffff8807da86bdf8 ffffffffc034159e
Jul 13 14:38:05 ubuntu-vm kernel: [ 770.262382] ffff8807db71c000 000000000000004d ffff8807df0ae200 ffff8807da86be40
Jul 13 14:38:05 ubuntu-vm kernel: [ 770.262383] ffffffffc0341694 0000000000000000 000000000000000...

Read more...

tags: added: verification-failed-xenial
removed: verification-needed-xenial

The issue reported on comment #19 is being tracked on bug #1704857.

Pavel Shilovsky (pshilovsky) wrote :

It seems like the kernel in xenial-proposed (4.4.0-87.110) has two commits mentioned above and according to https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1704857/comments/8 the problem should go away. Do you want me to test the updated package?

Launchpad Janitor (janitor) wrote :

This bug was fixed in the package linux - 4.4.0-87.110

---------------
linux (4.4.0-87.110) xenial; urgency=low

  * linux: 4.4.0-87.110 -proposed tracker (LP: #1704982)

  * CVE-2017-1000364
    - mm/mmap.c: do not blow on PROT_NONE MAP_FIXED holes in the stack
    - mm/mmap.c: expand_downwards: don't require the gap if !vm_prev

  * CIFS causes oops (LP: #1704857)
    - CIFS: Fix null pointer deref during read resp processing
    - CIFS: Fix some return values in case of error in 'crypt_message'

 -- Kleber Sacilotto de Souza <email address hidden> Tue, 18 Jul 2017 13:58:43 +0200

Changed in linux (Ubuntu Xenial):
status: Fix Committed → Fix Released
status: Fix Committed → Fix Released
Pavel Shilovsky (pshilovsky) wrote :

Successfully tested the current Xenial kernel Xenial with xfstests and cthon test suites.

$ uname -a
Linux ubuntu-vm 4.4.0-87-generic #110-Ubuntu SMP Tue Jul 18 12:55:35 UTC 2017 x86_64 x86_64 x86_64 GNU/Linux

To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers