Actions
Bug #37580
closedUnable to mount cephfs with latest 4.9.144 kernel
% Done:
0%
Source:
Tags:
Backport:
Regression:
No
Severity:
2 - major
Reviewed:
Affected Versions:
ceph-qa-suite:
Crash signature (v1):
Crash signature (v2):
Description
I'm unable to mount to cephfs with 4.9.144 kernel (with Ubuntu xenial) which has many cephfs changes.
2018-12-08 19:21:12.795433 7f5fceb58700 0 -- 192.168.30.74:6800/1079025176 >> 192.168.31.5:0/3428529279 pipe(0x56117867e800 sd=72 :6800 s=0 pgs=0 cs=0 l=0 c=0x56117b415800).accept: challenging authorizer 32 bytes 2018-12-08 19:21:12.795775 7f5fceb58700 0 -- 192.168.30.74:6800/1079025176 >> 192.168.31.5:0/3428529279 pipe(0x56117867e800 sd=72 :6800 s=0 pgs=0 cs=0 l=0 c=0x56117b415800).accept connect_seq 1 vs existing 1 state standby 2018-12-08 19:21:12.796083 7f5fceb58700 0 -- 192.168.30.74:6800/1079025176 >> 192.168.31.5:0/3428529279 pipe(0x56117867e800 sd=72 :6800 s=0 pgs=0 cs=0 l=0 c=0x56117b415800).accept connect_seq 2 vs existing 1 state standby 2018-12-08 19:21:12.796373 7f5fceb58700 0 SIGN: MSG 1 Message signature does not match contents. 2018-12-08 19:21:12.796384 7f5fceb58700 0 SIGN: MSG 1Signature on message: 2018-12-08 19:21:12.796386 7f5fceb58700 0 SIGN: MSG 1 sig: 9073574334872509312 2018-12-08 19:21:12.796390 7f5fceb58700 0 SIGN: MSG 1Locally calculated signature: 2018-12-08 19:21:12.796392 7f5fceb58700 0 SIGN: MSG 1 sig_check:1734905162982101464 2018-12-08 19:21:12.796394 7f5fceb58700 0 Signature failed. 2018-12-08 19:21:12.796396 7f5fceb58700 0 -- 192.168.30.74:6800/1079025176 >> 192.168.31.5:0/3428529279 pipe(0x56117867e800 sd=72 :6800 s=2 pgs=89 cs=3 l=0 c=0x56117b417300).Signature check failed 2018-12-08 19:21:12.796444 7f5fceb58700 0 -- 192.168.30.74:6800/1079025176 >> 192.168.31.5:0/3428529279 pipe(0x56117867e800 sd=72 :6800 s=2 pgs=89 cs=3 l=0 c=0x56117b417300).fault with nothing to send, going to standby
Running v10.2.11-1trusty
Updated by Evgeny Bolshedvorsky over 5 years ago
elder one wrote:
I'm unable to mount to cephfs with 4.9.144 kernel (with Ubuntu xenial) which has many cephfs changes.
I have this problem with cephfs with 4.9.144 kernel on altlinux.
Updated by Zheng Yan over 5 years ago
- Assignee set to Ilya Dryomov
caused by bad backport
commit 18a23fb2632030888fc56a7df73a80f57445718f
Author: Ilya Dryomov <idryomov@gmail.com>
Date: Fri Jul 27 19:25:32 2018 +0200
libceph: implement CEPHX_V2 calculation mode
commit cc255c76c70f7a87d97939621eae04b600d9f4a1 upstream.
Derive the signature from the entire buffer (both AES cipher blocks)
instead of using just the first half of the first block, leaving out
data_crc entirely.
This addresses CVE-2018-1129.
Link: http://tracker.ceph.com/issues/24837
Signed-off-by: Ilya Dryomov <idryomov@gmail.com>
Reviewed-by: Sage Weil <sage@redhat.com>
[bwh: Backported to 4.9:
- Define and test the feature bit in the old way
- Don't change any other feature bits in ceph_features.h]
Signed-off-by: Ben Hutchings <ben.hutchings@codethink.co.uk>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
test for cephx_v2 is wrong
diff --git a/net/ceph/auth_x.c b/net/ceph/auth_x.c
index 29e23b5cb2ed..a4896e4a1c9a 100644
--- a/net/ceph/auth_x.c
+++ b/net/ceph/auth_x.c
@@ -804,7 +804,7 @@ static int calc_signature(struct ceph_x_authorizer *au, struct ceph_msg *msg,
void *enc_buf = au->enc_buf;
int ret;
- if (msg->con->peer_features & CEPH_FEATURE_CEPHX_V2) {
+ if (!(msg->con->peer_features & CEPH_FEATURE_CEPHX_V2)) {
struct {
__le32 len;
__le32 header_crc;
zhyan-alpha:~/linux zhyan$
Updated by Ilya Dryomov over 5 years ago
- Category changed from fs/ceph to libceph
- Status changed from New to In Progress
Yup, the original commit has the ! -- "if (!CEPH_HAVE_FEATURE(msg->con->peer_features, CEPHX_V2)) {". I didn't mark that series for backporting though.
I'll work with Ben and the stable team to get this fixed.
Updated by Ilya Dryomov over 5 years ago
- Status changed from In Progress to Resolved
Actions