Project

General

Profile

Bug #37580

Unable to mount cephfs with latest 4.9.144 kernel

Added by elder one about 3 years ago. Updated about 3 years ago.

Status:
Resolved
Priority:
Normal
Assignee:
Category:
libceph
Target version:
-
% Done:

0%

Source:
Tags:
Backport:
Regression:
No
Severity:
2 - major
Reviewed:
Affected Versions:
ceph-qa-suite:
Crash signature (v1):
Crash signature (v2):

Description

I'm unable to mount to cephfs with 4.9.144 kernel (with Ubuntu xenial) which has many cephfs changes.

2018-12-08 19:21:12.795433 7f5fceb58700  0 -- 192.168.30.74:6800/1079025176 >> 192.168.31.5:0/3428529279 pipe(0x56117867e800 sd=72 :6800 s=0 pgs=0 cs=0 l=0 c=0x56117b415800).accept: challenging authorizer 32 bytes
2018-12-08 19:21:12.795775 7f5fceb58700  0 -- 192.168.30.74:6800/1079025176 >> 192.168.31.5:0/3428529279 pipe(0x56117867e800 sd=72 :6800 s=0 pgs=0 cs=0 l=0 c=0x56117b415800).accept connect_seq 1 vs existing 1 state standby
2018-12-08 19:21:12.796083 7f5fceb58700  0 -- 192.168.30.74:6800/1079025176 >> 192.168.31.5:0/3428529279 pipe(0x56117867e800 sd=72 :6800 s=0 pgs=0 cs=0 l=0 c=0x56117b415800).accept connect_seq 2 vs existing 1 state standby
2018-12-08 19:21:12.796373 7f5fceb58700  0 SIGN: MSG 1 Message signature does not match contents.
2018-12-08 19:21:12.796384 7f5fceb58700  0 SIGN: MSG 1Signature on message:
2018-12-08 19:21:12.796386 7f5fceb58700  0 SIGN: MSG 1    sig: 9073574334872509312
2018-12-08 19:21:12.796390 7f5fceb58700  0 SIGN: MSG 1Locally calculated signature:
2018-12-08 19:21:12.796392 7f5fceb58700  0 SIGN: MSG 1    sig_check:1734905162982101464
2018-12-08 19:21:12.796394 7f5fceb58700  0 Signature failed.
2018-12-08 19:21:12.796396 7f5fceb58700  0 -- 192.168.30.74:6800/1079025176 >> 192.168.31.5:0/3428529279 pipe(0x56117867e800 sd=72 :6800 s=2 pgs=89 cs=3 l=0 c=0x56117b417300).Signature check failed
2018-12-08 19:21:12.796444 7f5fceb58700  0 -- 192.168.30.74:6800/1079025176 >> 192.168.31.5:0/3428529279 pipe(0x56117867e800 sd=72 :6800 s=2 pgs=89 cs=3 l=0 c=0x56117b417300).fault with nothing to send, going to standby

Running v10.2.11-1trusty

History

#1 Updated by Evgeny Bolshedvorsky about 3 years ago

elder one wrote:

I'm unable to mount to cephfs with 4.9.144 kernel (with Ubuntu xenial) which has many cephfs changes.

I have this problem with cephfs with 4.9.144 kernel on altlinux.

#2 Updated by Zheng Yan about 3 years ago

  • Assignee set to Ilya Dryomov

caused by bad backport

commit 18a23fb2632030888fc56a7df73a80f57445718f
Author: Ilya Dryomov <idryomov@gmail.com>
Date:   Fri Jul 27 19:25:32 2018 +0200

    libceph: implement CEPHX_V2 calculation mode

    commit cc255c76c70f7a87d97939621eae04b600d9f4a1 upstream.

    Derive the signature from the entire buffer (both AES cipher blocks)
    instead of using just the first half of the first block, leaving out
    data_crc entirely.

    This addresses CVE-2018-1129.

    Link: http://tracker.ceph.com/issues/24837
    Signed-off-by: Ilya Dryomov <idryomov@gmail.com>
    Reviewed-by: Sage Weil <sage@redhat.com>
    [bwh: Backported to 4.9:
     - Define and test the feature bit in the old way
     - Don't change any other feature bits in ceph_features.h]
    Signed-off-by: Ben Hutchings <ben.hutchings@codethink.co.uk>
    Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

test for cephx_v2 is wrong

diff --git a/net/ceph/auth_x.c b/net/ceph/auth_x.c
index 29e23b5cb2ed..a4896e4a1c9a 100644
--- a/net/ceph/auth_x.c
+++ b/net/ceph/auth_x.c
@@ -804,7 +804,7 @@ static int calc_signature(struct ceph_x_authorizer *au, struct ceph_msg *msg,
        void *enc_buf = au->enc_buf;
        int ret;

-       if (msg->con->peer_features & CEPH_FEATURE_CEPHX_V2) {
+       if (!(msg->con->peer_features & CEPH_FEATURE_CEPHX_V2)) {
                struct {
                        __le32 len;
                        __le32 header_crc;
zhyan-alpha:~/linux zhyan$ 

#3 Updated by Ilya Dryomov about 3 years ago

  • Category changed from fs/ceph to libceph
  • Status changed from New to In Progress

Yup, the original commit has the ! -- "if (!CEPH_HAVE_FEATURE(msg->con->peer_features, CEPHX_V2)) {". I didn't mark that series for backporting though.

I'll work with Ben and the stable team to get this fixed.

#4 Updated by Ilya Dryomov about 3 years ago

Fixed in 4.9.150.

#5 Updated by Ilya Dryomov about 3 years ago

  • Status changed from In Progress to Resolved

Also available in: Atom PDF