This bug was fixed in the package linux - 5.4.0-9.12
---------------
linux (5.4.0-9.12) focal; urgency=medium
* alsa/hda/realtek: the line-out jack doens't work on a dell AIO
(LP: #1855999)
- SAUCE: ALSA: hda/realtek - Line-out jack doesn't work on a Dell AIO
* scsi: hisi_sas: Check sas_port before using it (LP: #1855952)
- scsi: hisi_sas: Check sas_port before using it
* CVE-2019-19078
- ath10k: fix memory leak
* cifs: DFS Caching feature causing problems traversing multi-tier DFS setups
(LP: #1854887)
- cifs: Fix retrieval of DFS referrals in cifs_mount()
* Support DPCD aux brightness control (LP: #1856134)
- SAUCE: drm/i915: Fix eDP DPCD aux max backlight calculations
- SAUCE: drm/i915: Assume 100% brightness when not in DPCD control mode
- SAUCE: drm/i915: Fix DPCD register order in
intel_dp_aux_enable_backlight()
- SAUCE: drm/i915: Auto detect DPCD backlight support by default
- SAUCE: drm/i915: Force DPCD backlight mode on X1 Extreme 2nd Gen 4K AMOLED
panel
- USUNTU: SAUCE: drm/i915: Force DPCD backlight mode on Dell Precision 4K
sku
* The system cannot resume from S3 if user unplugs the TB16 during suspend
state (LP: #1849269)
- PCI: pciehp: Do not disable interrupt twice on suspend
- PCI: pciehp: Prevent deadlock on disconnect
* change kconfig of the soundwire bus driver from y to m (LP: #1855685)
- [Config]: SOUNDWIRE=m
* alsa/sof: change to use hda hdmi codec driver to make hdmi audio on the
docking station work (LP: #1855666)
- ALSA: hda/hdmi - implement mst_no_extra_pcms flag
- ASoC: hdac_hda: add support for HDMI/DP as a HDA codec
- ASoC: Intel: skl-hda-dsp-generic: use snd-hda-codec-hdmi
- ASoC: Intel: skl-hda-dsp-generic: fix include guard name
- ASoC: SOF: Intel: add support for snd-hda-codec-hdmi
- ASoC: Intel: bxt-da7219-max98357a: common hdmi codec support
- ASoC: Intel: glk_rt5682_max98357a: common hdmi codec support
- ASoC: intel: sof_rt5682: common hdmi codec support
- ASoC: Intel: bxt_rt298: common hdmi codec support
- ASoC: SOF: enable sync_write in hdac_bus
- [config]: SND_SOC_SOF_HDA_COMMON_HDMI_CODEC=y
* Fix unusable USB hub on Dell TB16 after S3 (LP: #1855312)
- SAUCE: USB: core: Make port power cycle a seperate helper function
- SAUCE: USB: core: Attempt power cycle port when it's in eSS.Disabled state
* Focal update: v5.4.3 upstream stable release (LP: #1856583)
- rsi: release skb if rsi_prepare_beacon fails
- arm64: tegra: Fix 'active-low' warning for Jetson TX1 regulator
- arm64: tegra: Fix 'active-low' warning for Jetson Xavier regulator
- perf scripts python: exported-sql-viewer.py: Fix use of TRUE with SQLite
- sparc64: implement ioremap_uc
- lp: fix sparc64 LPSETTIMEOUT ioctl
- time: Zero the upper 32-bits in __kernel_timespec on 32-bit
- mailbox: tegra: Fix superfluous IRQ error message
- staging/octeon: Use stubs for MIPS && !CAVIUM_OCTEON_SOC
- usb: gadget: u_serial: add missing port entry locking
- serial: 8250-mtk: Use platform_get_irq_optional() for optional irq
- tty: serial: fsl_lpuart: use the sg count from dma_map_sg
- tty: serial: msm_serial: Fix flow control
- serial: pl011: Fix DMA ->flush_buffer()
- serial: serial_core: Perform NULL checks for break_ctl ops
- serial: stm32: fix clearing interrupt error flags
- serial: 8250_dw: Avoid double error messaging when IRQ absent
- serial: ifx6x60: add missed pm_runtime_disable
- mwifiex: Re-work support for SDIO HW reset
- io_uring: fix dead-hung for non-iter fixed rw
- io_uring: transform send/recvmsg() -ERESTARTSYS to -EINTR
- fuse: fix leak of fuse_io_priv
- fuse: verify nlink
- fuse: verify write return
- fuse: verify attributes
- io_uring: fix missing kmap() declaration on powerpc
- io_uring: ensure req->submit is copied when req is deferred
- SUNRPC: Avoid RPC delays when exiting suspend
- ALSA: hda/realtek - Enable internal speaker of ASUS UX431FLC
- ALSA: hda/realtek - Fix inverted bass GPIO pin on Acer 8951G
- ALSA: pcm: oss: Avoid potential buffer overflows
- ALSA: hda - Add mute led support for HP ProBook 645 G4
- ALSA: hda: Modify stream stripe mask only when needed
- soc: mediatek: cmdq: fixup wrong input order of write api
- Input: synaptics - switch another X1 Carbon 6 to RMI/SMbus
- Input: synaptics-rmi4 - re-enable IRQs in f34v7_do_reflash
- Input: synaptics-rmi4 - don't increment rmiaddr for SMBus transfers
- Input: goodix - add upside-down quirk for Teclast X89 tablet
- coresight: etm4x: Fix input validation for sysfs.
- Input: Fix memory leak in psxpad_spi_probe
- media: rc: mark input device as pointing stick
- x86/mm/32: Sync only to VMALLOC_END in vmalloc_sync_all()
- CIFS: Fix NULL-pointer dereference in smb2_push_mandatory_locks
- CIFS: Fix SMB2 oplock break processing
- tty: vt: keyboard: reject invalid keycodes
- can: slcan: Fix use-after-free Read in slcan_open
- nfsd: Ensure CLONE persists data and metadata changes to the target file
- nfsd: restore NFSv3 ACL support
- kernfs: fix ino wrap-around detection
- jbd2: Fix possible overflow in jbd2_log_space_left()
- drm/msm: fix memleak on release
- drm: damage_helper: Fix race checking plane->state->fb
- drm/i810: Prevent underflow in ioctl
- arm64: Validate tagged addresses in access_ok() called from kernel threads
- arm64: dts: exynos: Revert "Remove unneeded address space mapping for soc
node"
- KVM: PPC: Book3S HV: XIVE: Free previous EQ page when setting up a new one
- KVM: PPC: Book3S HV: XIVE: Fix potential page leak on error path
- KVM: PPC: Book3S HV: XIVE: Set kvm->arch.xive when VPs are allocated
- KVM: nVMX: Always write vmcs02.GUEST_CR3 during nested VM-Enter
- KVM: arm/arm64: vgic: Don't rely on the wrong pending table
- KVM: x86: do not modify masked bits of shared MSRs
- KVM: x86: fix presentation of TSX feature in ARCH_CAPABILITIES
- KVM: x86: Remove a spurious export of a static function
- KVM: x86: Grab KVM's srcu lock when setting nested state
- crypto: crypto4xx - fix double-free in crypto4xx_destroy_sdr
- crypto: atmel-aes - Fix IV handling when req->nbytes < ivsize
- crypto: af_alg - cast ki_complete ternary op to int
- crypto: geode-aes - switch to skcipher for cbc(aes) fallback
- crypto: ccp - fix uninitialized list head
- crypto: ecdh - fix big endian bug in ECC library
- crypto: user - fix memory leak in crypto_report
- spi: spi-fsl-qspi: Clear TDH bits in FLSHCR register
- spi: stm32-qspi: Fix kernel oops when unbinding driver
- spi: atmel: Fix CS high support
- spi: Fix SPI_CS_HIGH setting when using native and GPIO CS
- spi: Fix NULL pointer when setting SPI_CS_HIGH for GPIO CS
- can: ucan: fix non-atomic allocation in completion handler
- RDMA/qib: Validate ->show()/store() callbacks before calling them
- rfkill: allocate static minor
- bdev: Factor out bdev revalidation into a common helper
- bdev: Refresh bdev size for disks without partitioning
- iomap: Fix pipe page leakage during splicing
- thermal: Fix deadlock in thermal thermal_zone_device_check
- vcs: prevent write access to vcsu devices
- Revert "serial/8250: Add support for NI-Serial PXI/PXIe+485 devices"
- binder: Fix race between mmap() and binder_alloc_print_pages()
- binder: Prevent repeated use of ->mmap() via NULL mapping
- binder: Handle start==NULL in binder_update_page_range()
- KVM: x86: fix out-of-bounds write in KVM_GET_EMULATED_CPUID
(CVE-2019-19332)
- ALSA: hda - Fix pending unsol events at shutdown
- cpufreq: imx-cpufreq-dt: Correct i.MX8MN's default speed grade value
- md/raid0: Fix an error message in raid0_make_request()
- drm/mcde: Fix an error handling path in 'mcde_probe()'
- watchdog: aspeed: Fix clock behaviour for ast2600
- EDAC/ghes: Fix locking and memory barrier issues
- perf script: Fix invalid LBR/binary mismatch error
- kselftest: Fix NULL INSTALL_PATH for TARGETS runlist
- Linux 5.4.3
* Realtek ALC256M with DTS Audio Processing internal microphone doesn't work
on Redmi Book 14 2019 (LP: #1846148) // Focal update: v5.4.3 upstream stable
release (LP: #1856583)
- ALSA: hda/realtek - Enable the headset-mic on a Xiaomi's laptop
* Miscellaneous Ubuntu changes
- [Debian] add python depends to ubuntu-regression-suite
- SAUCE: selftests: net: tls: remove recv_rcvbuf test
- update dkms package versions
-- Seth Forshee <[email protected]> Mon, 16 Dec 2019 14:54:19
-0600
** Changed in: linux (Ubuntu Focal)
Status: In Progress => Fix Released
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2019-19078
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2019-19332
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1854887
Title:
cifs: DFS Caching feature causing problems traversing multi-tier DFS
setups
Status in linux package in Ubuntu:
Fix Released
Status in linux source package in Disco:
In Progress
Status in linux source package in Eoan:
In Progress
Status in linux source package in Focal:
Fix Released
Bug description:
BugLink: https://bugs.launchpad.net/bugs/1854887
[Impact]
There is a problem where kernels 5.0-rc1 and onwards cannot mount a
multi tier cifs DFS setup, while kernels 4.20 and below can mount the
share fine.
The DFS tiering structure looks like this:
Domain virtual DFS (i.e. \\company.com\folders\share)
|-- Domain controller DFS (i.e. \\regional-dc.company.com\folders\share)
|-- Regional DFS Server (i.e. \\regional-dfs.company.com\folders\share)
|-- Actual file server (i.e. \\regional-svr.company.com\share)
On the 5.x series kernels, after getting the DFS referrals list
through to the Regional DFS Server, which responds with the correct
server/share, instead of going to the Actual file server, the kernel
backtracks from the Regional DFS Server back to the Domain controller
and requests the share there. Of course, this share does not exist on
the Domain controller, as it only exists on the Actual file server,
and the connection dies.
We have collected a packet capture, and the flow looks like this:
Legend:
--------------------------------------------------
DC = Domain Controller / Domain DFS Root
RDC = Regional Domain Controller / Domain DFS Root
RDS = Regional DFS Server
AFS = Actual File Server
4.18.0-21-generic Ubuntu kernel - Good
Host: request/response
--------------------------------------------------------------------
DC: company.com\folders
DC: Referral List
RDC: start convo
RDC: <Regional Domain Controller>\Folders\Country\<Share> referral
RDC: <Regional Domain Controller>\Folders\Country\<Share> referral
RDS: start convo
RDS: <Regional DFS Server>\Root\Country\<Share>
RDS: STATUS_PATH_NOT_COVERED
RDS: request referrals
RDS: Referral List
AFS: convo started
AFS: <Actual File Server>\<Share>
AFS: Good response
5.0.0-26-generic Ubuntu kernel - Bad
Host: request/response
------------------------------------------------------------
DC: company.com\folders
RDC: start convo
RDC: <Regional Domain Controller>\Folders\Country\<Share>
RDC: STATUS_PATH_NOT_COVERED
RDS: start convo
RDS: <Regional DFS Server>\Root\Country\<Share>
RDS: STATUS_PATH_NOT_COVERED
RDC: <Regional DFS Server>\Root\Country\<Share>
RDC: STATUS_PATH_NOT_COVERED
From there the debugging output was more or less the same between the
two kernel versions, until the problematic area:
Linux 4.18:
Full log: https://paste.ubuntu.com/p/D9XwBbvTXc/
Status code returned 0xc0000257 STATUS_PATH_NOT_COVERED
fs/cifs/smb2maperror.c: Mapping SMB2 status code 0xc0000257 to POSIX err -66
fs/cifs/connect.c: build_unc_path_to_root: full_path=\\<Regional DFS
Server>\Root\Country\<Share>
fs/cifs/smb2ops.c: smb2_get_dfs_refer path <\<Regional DFS
Server>\Root\Country\<Share>>
fs/cifs/misc.c: num_referrals: 1 dfs flags: 0x2 ...
fs/cifs/dns_resolve.c: dns_resolve_server_name_to_ip: resolved: <Actual File
Server> to <IPV4 Address>
fs/cifs/connect.c: Username: XXX
// mounts the share successfully
Linux 5.0:
Full log: https://paste.ubuntu.com/p/9sXPj7WMQv/
Status code returned 0xc0000257 STATUS_PATH_NOT_COVERED
fs/cifs/smb2maperror.c: Mapping SMB2 status code 0xc0000257 to POSIX err -66
fs/cifs/connect.c: build_unc_path_to_root: full_path=\\<Regional DFS
Server>\Root\Country\<Share>
fs/cifs/connect.c: build_unc_path_to_root: full_path=\\<Regional DFS
Server>\Root\Country\<Share>
fs/cifs/dfs_cache.c: do_dfs_cache_find: search path: \<Regional DFS
Server>\Root\Country\<Share>
fs/cifs/dfs_cache.c: do_dfs_cache_find: cache miss
fs/cifs/dfs_cache.c: do_dfs_cache_find: DFS referral request for \<Regional
DFS Server>\Root\Country\<Share>
fs/cifs/smb2ops.c: smb2_get_dfs_refer path <\<Regional DFS
Server>\Root\Country\<Share>>
fs/cifs/smb2pdu.c: SMB2 IOCTL
Status code returned 0xc0000225 STATUS_NOT_FOUND
fs/cifs/smb2maperror.c: Mapping SMB2 status code 0xc0000225 to POSIX err -2
// mounting the share fails shortly after
This has quite a big impact to customers who need to mount their
multi-tier DFS mounts, as they have to remain on the 4.15 bionic
kernel and cannot use the HWE kernel for their machines.
[Fix]
After some debugging, I narrowed the cause down to a new DFS caching
feature introduced in 5.0-rc1. I started a discussion with the
upstream maintainer of cifs, which you can read here:
https://lore.kernel.org/linux-cifs/05aa2995-e85e-
[email protected]/T/#u
This discussion resulted in the below upstream commit, which was
merged in the 5.5 development window:
commit 5bb30a4dd60e2a10a4de9932daff23e503f1dd2b
Author: Paulo Alcantara (SUSE) <[email protected]>
Date: Fri Nov 22 12:30:56 2019 -0300
Subject: cifs: Fix retrieval of DFS referrals in cifs_mount()
You can read it here:
https://github.com/torvalds/linux/commit/5bb30a4dd60e2a10a4de9932daff23e503f1dd2b
This commit sets referrals to be passed to the newest resolved root
server, instead of older ones up the order. This ensures that we keep
descending down the tree instead of backtracking, which what was
happening.
This commit has been submitted for upstream -stable, and is still
being processed. The commit is needed on kernels 5.0 and up. I will
update this section if it is accepted for -stable.
[Testcase]
To test this commit you need a multi-tier cifs DFS with a similar
structure as the tree mentioned in the Impact section. From there, you
simply try and mount a cifs share.
On patched kernels, the mount will succeed. On broken kernels, the
mount will fail.
I have prepared a test kernel for Bionic HWE, based on
5.0.0-37.40~18.04 which you can find here:
https://launchpad.net/~mruffell/+archive/ubuntu/sf245466-test
This test kernel has been tested by the customer and mounts the cifs
DFS correctly.
[Regression Potential]
I believe the risk of regression for this commit is low. All changes
are limited to DFS within cifs, and only change the behaviour of what
server is the root server referrals are sent to.
The commit is a clean cherry pick for disco, eoan and focal. The
maintainer has submitted the commit for upstream -stable, and we have
tested the commit with the customer, and things are now working as
intended.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1854887/+subscriptions
--
Mailing list: https://launchpad.net/~kernel-packages
Post to : [email protected]
Unsubscribe : https://launchpad.net/~kernel-packages
More help : https://help.launchpad.net/ListHelp
