Public bug reported:
Ubuntu 18.04.2 LTS
Linux SRV013 4.15.0-47-generic #50-Ubuntu SMP Wed Mar 13 10:44:52 UTC 2019
x86_64 x86_64 x86_64 GNU/Linux
DELL R740, 2 CPU (40 Cores, 80 Threads), 384 GiB RAM
top - 12:39:53 up 3:41, 4 users, load average: 66.19, 64.06, 76.90
Tasks: 1076 total, 1 run
System is firewalled so apport-collect wouldn't work. Relevant details
should already be included in the bug report.
** Changed in: linux (Ubuntu)
Status: Incomplete => Confirmed
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linu
** Summary changed:
- cifs related buffer overflow in strcat
+ cifs set_oplock overflow in strcat
** Summary changed:
- cifs set_oplock overflow in strcat
+ cifs set_oplock buffer overflow in strcat
--
You received this bug notification because you are a member of Kernel
Packages, which is sub
I tried Ubuntu kernel "4.18.0-17-generic #18~18.04.1-Ubuntu". Crashed
the same way on high load as the 4.15.0-47 does.
Now testing 4.15.0-48 from Kai-Heng.
Still haven't found the trigger for that bug. Seems to be load related - we're
having five servers each running many threads reading/writin
Here are some details from proc what is happening on our servers. Both
running 4.15.0-47-generic.
server13 / uptime 2 days
# cat /proc/fs/cifs/Stats
Resources in use
CIFS Session: 1
Share (unique mount targets): 2
SMB Request/Response Buffer: 1 Pool size: 5
SMB Small Req/Resp Buffer: 1 Pool size:
New variant of kernel bug appeard in both 4.18.0-17 (package manager)
and in 4.15.0-48 (provided by @kaihengfeng). System didn't crash
(compared to "buffer overflow in strcat" where cifs can't recover). Have
seen this one twice, both within 3-7 hours after reboot.
Apr 22 17:28:23 Linux version 4
Yes, it happend once with 4.18.0-17 (see kernel.log below) and once with
4.15.0-48. Haven't seen this one on 4.15.0-46-generic or
4.15.0-47-generic before.
Apr 17 18:51:53 Linux version 4.18.0-17-generic (buildd@lgw01-amd64-021) (gcc
version 7.3.0 (Ubuntu 7.3.0-16ubuntu3)) #18~18.04.1-Ubuntu SM
The "NULL pointer dereference" bug create state D pocesses waiting in
call_rwsem_down_write_failed.
[ +0.000341] genesplicer D0 53349 52579 0x8000
[ +0.000362] Call Trace:
[ +0.000346] __schedule+0x291/0x8a0
[ +0.000348] ? mempool_free+0x2f/0x90
[ +0.000347] schedule+0x2c/0x80
Actually there is one waiting in state flush_work, one in
call_rwsem_down_read_failed and 12 in call_rwsem_down_write_failed.
The "flush_work" task call trace
genesplicer D0 53332 52566 0x
Call Trace:
__schedule+0x291/0x8a0
? __switch_to_asm+0x40/0x70
? get_work_pool+0x40
4.15.0.47-generic
kernel BUG at /build/linux-6ZmFRN/linux-4.15.0/lib/string.c:1052!
Crashes system (requires hard reboot or SysRQ+b)
4.18.0-17-generic
kernel BUG at /build/linux-hwe-4PejID/linux-hwe-4.18.0/lib/string.c:1052!
Crashes system (requires hard reboot or SysRQ+b)
4.15.0-48-generic #51~l
Oh no. Had a strcat buffer overflow with 4.15.0-48-generic. Issue is NOT
solved.
Apr 29 19:29:00 kernel: [78713.491646] detected buffer overflow in strcat
Apr 29 19:29:00 kernel: [78713.491685] [ cut here ]
Apr 29 19:29:00 kernel: [78713.491686] kernel BUG at
/build/linux
And now a crash with the special 4.15.0-48-generic #51~lp1824981 kernel.
So the buffer overflow is NOT fixed with any 4.15 or 4.18 kernel
currently available with Ubuntu.
We started some IO-intense tasks lately that didn't run the last 2
weeks. That seems to be the trigger for the bug buffer overf
We installed the latest upstream kernel 5.1.0-050100rc7-generic (Ubuntu
version from https://kernel.ubuntu.com/~kernel-ppa/mainline/v5.1-rc7/)
with still triggers a NULL pointer dereference from cifsoplockd.
I was hoping "CIFS: keep FileInfo handle live during oplock break"[1]
might fix our issue,
There is now a kernel patch for cifs that is supposed to fix the buffer
overflow in strcat.
Details see https://patchwork.kernel.org/patch/10931327/
An alternative workaround is to downgrade the connection to SMB2 (mount
option vers=2.0) as the bug only affects SMB2.1 and SMB3 code.
Regarding t
From: Steve French
Date: Tue, 7 May 2019 11:13:34 -0500
merged into cifs-2.6.git for-next
** Changed in: linux (Ubuntu)
Status: Fix Committed => Fix Released
** Changed in: linux (Ubuntu)
Assignee: (unassigned) => Christoph Probst (christophprobst)
--
You received th
Yes, there are two issues that got mixed up in this single bug report.
1) strcat
Imho there are not many ways strcat could overflow in that single
function. My patch (especially the strncpy()) should fix the buffer
overflow and thereby my inititial issue.
Your solution still had that strcat over
Hi Guilherme,
I haven't been able to verify the patch as we modified our computing
pipeline to remove load from the cifs share. I might be able to create a
test setup but this will take some time.
Thank you for your support to get the patch into the Ubuntu kernels. I
subscribed to #1795659 as you
17 matches
Mail list logo
