lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <7592d67c-3311-afd0-6ea9-64bd4d2769b6@canonical.com>
Date:   Mon, 29 Nov 2021 11:56:38 -0700
From:   Tim Gardner <tim.gardner@...onical.com>
To:     Jeff Layton <jlayton@...nel.org>, len.baker@....com
Cc:     pc@....nz, stfrench@...rosoft.com,
        Kamal Mostafa <Kamal.Mostafa@...onical.com>,
        linux-cifs@...r.kernel.org,
        samba-technical <samba-technical@...ts.samba.org>,
        LKML <linux-kernel@...r.kernel.org>, stable@...r.kernel.org
Subject: Re: Commit f980d055a0f858d73d9467bb0b570721bbfcdfb8 causes a
 regression



On 11/29/21 9:01 AM, Jeff Layton wrote:
> On Mon, 2021-11-29 at 08:35 -0700, Tim Gardner wrote:
>> Hi Len,
>>
>> I have a report (https://bugs.launchpad.net/bugs/1952094) that commit
>> f980d055a0f858d73d9467bb0b570721bbfcdfb8 ("CIFS: Fix a potencially
>> linear read overflow") causes a regression as a stable backport in a 5.4
>> based kernel. I don't know if this regression exists in tip as well, or
>> if it is unique to the backported environment. I suspect, given the
>> content of the patch, that it is generic. As such, it has been
>> backported to a number of stable releases:
>>
>> linux-4.4.y.txt:0955df2d9bf4857e3e2287e3028903e6cec06c30
>> linux-4.9.y.txt:8878af780747f498551b7d360cae61b415798f18
>> linux-4.14.y.txt:20967547ffc6039f17c63a1c24eb779ee166b245
>> linux-4.19.y.txt:bea655491daf39f1934a71bf576bf3499092d3a4
>> linux-5.4.y.txt:b444064a0e0ef64491b8739a9ae05a952b5f8974
>> linux-5.10.y.txt:6c4857203ffa36918136756a889b12c5864bc4ad
>> linux-5.13.y.txt:9bffe470e9b537075345406512df01ca2188b725
>> linux-5.14.y.txt:c41dd61c86482ab34f6f039b13296308018fd99b
>>
>> Could this be an off-by-one issue if the source string is full length ?
>>
>> rtg
> 
> Maybe? But it doesn't seem to be that long. The error message evidently
> says:
> 
>      "CIFS VFS: CIFS mount error: iocharset utf8 not found"
> 
> The iocharset string ("utf8" here) usually gets set in the mount string
> and then we just pass that string to load_nls().
> 
> The patch you're pointing out though doesn't seem to be involved in any
> of that. It sounds like something else is wrong. I'd validate that that
> patch was applied correctly, and get more details about what this guy is
> doing.
> 
> g/l!
> 

You may be correct. I made the rash assumption the reporter had done a 
normal full upgrade. However, it appears he may have only done targeted 
package updates and neglected the linux-modules-extra package that 
contains the nls_utf8 module. My test kernel installation instructions 
_did_ include linux-modules-extra which is likely why it worked for him.

I've requested more info from the reporter to verify that the missing 
package is the root of his problem.

Thanks for responding.

rtg
-----------
Tim Gardner
Canonical, Inc

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ