| 2009-01-18 21:53:34 |
Bernhard Schmidt |
bug |
|
|
added bug |
| 2009-01-19 18:41:38 |
Leann Ogasawara |
linux: status |
New |
Triaged |
|
| 2009-01-19 18:41:38 |
Leann Ogasawara |
linux: importance |
Undecided |
High |
|
| 2009-01-19 18:41:38 |
Leann Ogasawara |
linux: statusexplanation |
|
|
|
| 2009-01-20 13:09:13 |
Stefan Bader |
linux: assignee |
|
stefan-bader-canonical |
|
| 2009-01-20 13:09:29 |
Stefan Bader |
linux: status |
Triaged |
In Progress |
|
| 2009-01-21 10:45:31 |
Martin Pitt |
bug |
|
|
added subscriber Ubuntu Stable Release Updates Team |
| 2009-01-22 16:11:07 |
Stefan Bader |
description |
Upgrading from linux-image-2.6.27-9-generic (in intrepid-updates) to linux-image-2.6.27-11-generic (in intrepid-proposed) creates the following BUG when mounting a cifs share using IPv6
# mount -t cifs -o user=berni,ip=2001:xxxxxx::69 //fileserv/pub /pub
Password:
<a few seconds>
# (/pub is not mounted)
The following appears in dmesg:
[28816.788084] CIFS VFS: Error connecting to socket. Aborting operation
[28816.788094] CIFS VFS: cifs_mount failed w/return code = -113
[28816.788121] BUG: unable to handle kernel paging request at 69000030
[28816.788125] IP: [<f9bfde00>] :cifs:cifs_read_super+0xa0/0x1e0
[28816.788140] *pde = 00000000
[28816.788144] Oops: 0000 [#1] SMP
[28816.788148] Modules linked in: nls_utf8 ufs qnx4 hfsplus hfs minix ntfs vfat msdos fat jfs xfs reiserfs ext2 nls_cp437 cifs af_packet binfmt_misc rfcomm bridge stp bnep sco l2cap bluetooth kvm_amd kvm ppdev tun ipv6 pci_slot container sbs sbshc video output battery iptable_filter ip_tables x_tables ac parport_pc lp parport serio_raw psmouse snd_hda_intel snd_pcm_oss snd_mixer_oss snd_pcm pcspkr snd_seq_dummy k8temp snd_seq_oss snd_seq_midi snd_rawmidi snd_seq_midi_event snd_seq snd_timer snd_seq_device snd soundcore i2c_piix4 snd_page_alloc i2c_core evdev dm_multipath scsi_dh pl2303 usbserial fglrx(P) agpgart wmi button shpchp pci_hotplug ext3 jbd mbcache sr_mod cdrom pata_acpi sd_mod crc_t10dif pata_atiixp sg usbhid hid usb_storage libusual ata_generic ahci ohci_hcd ehci_hcd libata usbcore scsi_mod dock r8169 mii dm_mirror dm_log dm_snapshot dm_mod thermal processor fan fbcon tileblit font bitblit softcursor fuse
[28816.788215]
[28816.788219] Pid: 20540, comm: mount.cifs Tainted: P (2.6.27-11-generic #1)
[28816.788222] EIP: 0060:[<f9bfde00>] EFLAGS: 00010286 CPU: 0
[28816.788232] EIP is at cifs_read_super+0xa0/0x1e0 [cifs]
[28816.788234] EAX: 00000044 EBX: 69000000 ECX: ffffffff EDX: 00000046
[28816.788237] ESI: d43b5000 EDI: ffffff8f EBP: d42a1e8c ESP: d42a1e6c
[28816.788239] DS: 007b ES: 007b FS: 00d8 GS: 0033 SS: 0068
[28816.788242] Process mount.cifs (pid: 20540, ti=d42a0000 task=d1b48c90 task.ti=d42a0000)
[28816.788245] Stack: f9c24428 ffffff8f d31aa000 d8951e00 0000004e d8951e00 d8951e00 00000000
[28816.788252] d42a1eb0 f9bfdfa9 00000000 f6603e80 fffffff4 d31aa000 f6603e80 00000000
[28816.788258] f9c38520 d42a1ed8 c01b468e d43b5000 f6603e80 d31aa000 00000040 d4086000
[28816.788264] Call Trace:
[28816.788270] [<f9bfdfa9>] ? cifs_get_sb+0x69/0xc0 [cifs]
[28816.788282] [<c01b468e>] ? vfs_kern_mount+0x5e/0x130
[28816.788292] [<c01b47be>] ? do_kern_mount+0x3e/0xe0
[28816.788296] [<c01cccff>] ? do_new_mount+0x6f/0x90
[28816.788301] [<c01cd242>] ? do_mount+0x1d2/0x1f0
[28816.788306] [<c01ca95d>] ? exact_copy_from_user+0x4d/0xa0
[28816.788310] [<c01caf6e>] ? copy_mount_options+0x6e/0xd0
[28816.788314] [<c01cd2f1>] ? sys_mount+0x91/0xc0
[28816.788318] [<c0103f7b>] ? sysenter_do_call+0x12/0x2f
[28816.788323] =======================
[28816.788324] Code: 65 c6 8b 43 30 8b 55 f0 c6 04 10 00 8b 45 e8 89 f1 89 da 89 04 24 8b 45 ec e8 fd dc 00 00 85 c0 89 c7 74 57 8b 45 08 85 c0 74 30 <8b> 43 30 85 c0 74 0c e8 a4 f0 5a c6 c7 43 30 00 00 00 00 8b 43
[28816.788354] EIP: [<f9bfde00>] cifs_read_super+0xa0/0x1e0 [cifs] SS:ESP 0068:d42a1e6c
[28816.788365] ---[ end trace 9d71176ecad6924f ]---
This is probably related to a few upstream cifs changes in 2.6.27-11-generic, I'll report to lkml as well |
SRU justification:
Impact: The latest stable updates[1] to Intrepid introduced a regression in cifs when used with ipv6 addresses. The socket address was stored in a container on the stack but this was not big enough for ipv6 addresses. Failure was only observed on 32bit systems. Code is from upstream, so Jaunty currently is affected, too.
Fix: The following patch by Jeff Layton replaces sockaddr by sockaddr_storage which is large enough to contain ipv4 and ipv6 socket structures.
Test: Without this patch on a 32bit system the following command will result in an oops: mount -t cifs -o user=test,ip=2001:a60:f001:1::69 //fileserv/pub /pub
After applying the patch this works ok. Patch will go upstream soon.
[1] commit e1a30a33db03c2a87f49d0c164c5ade0a0a6eb97
Author: Steve French <sfrench@us.ibm.com>
Date: Fri Nov 21 14:23:07 2008 +0530
cifs: clean up server protocol handling
commit 3ec332ef7a38c2327e18d087d4120a8e3bd3dc6e upstream.
Upgrading from linux-image-2.6.27-9-generic (in intrepid-updates) to linux-image-2.6.27-11-generic (in intrepid-proposed) creates the following BUG when mounting a cifs share using IPv6
# mount -t cifs -o user=berni,ip=2001:xxxxxx::69 //fileserv/pub /pub
Password:
<a few seconds>
# (/pub is not mounted)
The following appears in dmesg:
[28816.788084] CIFS VFS: Error connecting to socket. Aborting operation
[28816.788094] CIFS VFS: cifs_mount failed w/return code = -113
[28816.788121] BUG: unable to handle kernel paging request at 69000030
[28816.788125] IP: [<f9bfde00>] :cifs:cifs_read_super+0xa0/0x1e0
[28816.788140] *pde = 00000000
[28816.788144] Oops: 0000 [#1] SMP
[28816.788148] Modules linked in: nls_utf8 ufs qnx4 hfsplus hfs minix ntfs vfat msdos fat jfs xfs reiserfs ext2 nls_cp437 cifs af_packet binfmt_misc rfcomm bridge stp bnep sco l2cap bluetooth kvm_amd kvm ppdev tun ipv6 pci_slot container sbs sbshc video output battery iptable_filter ip_tables x_tables ac parport_pc lp parport serio_raw psmouse snd_hda_intel snd_pcm_oss snd_mixer_oss snd_pcm pcspkr snd_seq_dummy k8temp snd_seq_oss snd_seq_midi snd_rawmidi snd_seq_midi_event snd_seq snd_timer snd_seq_device snd soundcore i2c_piix4 snd_page_alloc i2c_core evdev dm_multipath scsi_dh pl2303 usbserial fglrx(P) agpgart wmi button shpchp pci_hotplug ext3 jbd mbcache sr_mod cdrom pata_acpi sd_mod crc_t10dif pata_atiixp sg usbhid hid usb_storage libusual ata_generic ahci ohci_hcd ehci_hcd libata usbcore scsi_mod dock r8169 mii dm_mirror dm_log dm_snapshot dm_mod thermal processor fan fbcon tileblit font bitblit softcursor fuse
[28816.788215]
[28816.788219] Pid: 20540, comm: mount.cifs Tainted: P (2.6.27-11-generic #1)
[28816.788222] EIP: 0060:[<f9bfde00>] EFLAGS: 00010286 CPU: 0
[28816.788232] EIP is at cifs_read_super+0xa0/0x1e0 [cifs]
[28816.788234] EAX: 00000044 EBX: 69000000 ECX: ffffffff EDX: 00000046
[28816.788237] ESI: d43b5000 EDI: ffffff8f EBP: d42a1e8c ESP: d42a1e6c
[28816.788239] DS: 007b ES: 007b FS: 00d8 GS: 0033 SS: 0068
[28816.788242] Process mount.cifs (pid: 20540, ti=d42a0000 task=d1b48c90 task.ti=d42a0000)
[28816.788245] Stack: f9c24428 ffffff8f d31aa000 d8951e00 0000004e d8951e00 d8951e00 00000000
[28816.788252] d42a1eb0 f9bfdfa9 00000000 f6603e80 fffffff4 d31aa000 f6603e80 00000000
[28816.788258] f9c38520 d42a1ed8 c01b468e d43b5000 f6603e80 d31aa000 00000040 d4086000
[28816.788264] Call Trace:
[28816.788270] [<f9bfdfa9>] ? cifs_get_sb+0x69/0xc0 [cifs]
[28816.788282] [<c01b468e>] ? vfs_kern_mount+0x5e/0x130
[28816.788292] [<c01b47be>] ? do_kern_mount+0x3e/0xe0
[28816.788296] [<c01cccff>] ? do_new_mount+0x6f/0x90
[28816.788301] [<c01cd242>] ? do_mount+0x1d2/0x1f0
[28816.788306] [<c01ca95d>] ? exact_copy_from_user+0x4d/0xa0
[28816.788310] [<c01caf6e>] ? copy_mount_options+0x6e/0xd0
[28816.788314] [<c01cd2f1>] ? sys_mount+0x91/0xc0
[28816.788318] [<c0103f7b>] ? sysenter_do_call+0x12/0x2f
[28816.788323] =======================
[28816.788324] Code: 65 c6 8b 43 30 8b 55 f0 c6 04 10 00 8b 45 e8 89 f1 89 da 89 04 24 8b 45 ec e8 fd dc 00 00 85 c0 89 c7 74 57 8b 45 08 85 c0 74 30 <8b> 43 30 85 c0 74 0c e8 a4 f0 5a c6 c7 43 30 00 00 00 00 8b 43
[28816.788354] EIP: [<f9bfde00>] cifs_read_super+0xa0/0x1e0 [cifs] SS:ESP 0068:d42a1e6c
[28816.788365] ---[ end trace 9d71176ecad6924f ]---
This is probably related to a few upstream cifs changes in 2.6.27-11-generic, I'll report to lkml as well |
|
| 2009-01-22 16:16:11 |
Stefan Bader |
linux: status |
New |
Fix Committed |
|
| 2009-01-22 16:16:11 |
Stefan Bader |
linux: assignee |
|
stefan-bader-canonical |
|
| 2009-01-22 16:16:11 |
Stefan Bader |
linux: importance |
Undecided |
High |
|
| 2009-01-22 16:16:11 |
Stefan Bader |
linux: statusexplanation |
|
http://kernel.ubuntu.com/git?p=ubuntu/ubuntu-intrepid.git;a=commitdiff;h=d0ee5af6a042dc57862b2b2bc9ee647a11d37497 |
|
| 2009-01-22 16:16:11 |
Stefan Bader |
linux: milestone |
|
intrepid-updates |
|
| 2009-01-22 16:16:37 |
Stefan Bader |
bug |
|
|
added subscriber Ubuntu Stable Release Updates Team |
| 2009-01-22 16:17:32 |
Stefan Bader |
linux: status |
In Progress |
Fix Committed |
|
| 2009-01-22 16:17:32 |
Stefan Bader |
linux: statusexplanation |
|
http://kernel.ubuntu.com/git?p=ubuntu/ubuntu-jaunty.git;a=commitdiff;h=5115950317a6981e371bad65267ca357aeee53d6 |
|
| 2009-01-22 17:13:12 |
Martin Pitt |
linux: status |
Fix Committed |
Fix Released |
|
| 2009-01-22 17:13:12 |
Martin Pitt |
linux: statusexplanation |
http://kernel.ubuntu.com/git?p=ubuntu/ubuntu-intrepid.git;a=commitdiff;h=d0ee5af6a042dc57862b2b2bc9ee647a11d37497 |
linux (2.6.27-11.25) intrepid-proposed; urgency=low
.
[ Jeff Layton ]
.
* SAUCE: cifs: make sure we allocate enough storage for socket address
- LP: #318565
Closing, since this affected only intrepid-proposed. Thank you, Stefan! |
|
| 2009-01-22 17:13:12 |
Martin Pitt |
linux: milestone |
intrepid-updates |
|
|
| 2009-01-22 20:15:06 |
Launchpad Janitor |
linux: status |
Fix Committed |
Fix Released |
|
| 2009-07-18 07:51:07 |
Launchpad Janitor |
branch linked |
|
lp:ubuntu/karmic/linux-lpia |
|
| 2012-02-23 22:36:29 |
Kai Kasurinen |
removed subscriber Kai Kasurinen |
|
|
|
