** Description changed: + SRU justification: + + Impact: The latest stable updates[1] to Intrepid introduced a regression + in cifs when used with ipv6 addresses. The socket address was stored in + a container on the stack but this was not big enough for ipv6 addresses. + Failure was only observed on 32bit systems. Code is from upstream, so + Jaunty currently is affected, too. + + Fix: The following patch by Jeff Layton replaces sockaddr by + sockaddr_storage which is large enough to contain ipv4 and ipv6 socket + structures. + + Test: Without this patch on a 32bit system the following command will result in an oops: mount -t cifs -o user=test,ip=2001:a60:f001:1::69 //fileserv/pub /pub + After applying the patch this works ok. Patch will go upstream soon. + + [1] commit e1a30a33db03c2a87f49d0c164c5ade0a0a6eb97 + Author: Steve French <sfre...@us.ibm.com> + Date: Fri Nov 21 14:23:07 2008 +0530 + cifs: clean up server protocol handling + commit 3ec332ef7a38c2327e18d087d4120a8e3bd3dc6e upstream. + Upgrading from linux-image-2.6.27-9-generic (in intrepid-updates) to linux-image-2.6.27-11-generic (in intrepid-proposed) creates the following BUG when mounting a cifs share using IPv6 # mount -t cifs -o user=berni,ip=2001:xxxxxx::69 //fileserv/pub /pub Password: <a few seconds> # (/pub is not mounted) The following appears in dmesg: [28816.788084] CIFS VFS: Error connecting to socket. Aborting operation [28816.788094] CIFS VFS: cifs_mount failed w/return code = -113 [28816.788121] BUG: unable to handle kernel paging request at 69000030 [28816.788125] IP: [<f9bfde00>] :cifs:cifs_read_super+0xa0/0x1e0 [28816.788140] *pde = 00000000 [28816.788144] Oops: 0000 [#1] SMP [28816.788148] Modules linked in: nls_utf8 ufs qnx4 hfsplus hfs minix ntfs vfat msdos fat jfs xfs reiserfs ext2 nls_cp437 cifs af_packet binfmt_misc rfcomm bridge stp bnep sco l2cap bluetooth kvm_amd kvm ppdev tun ipv6 pci_slot container sbs sbshc video output battery iptable_filter ip_tables x_tables ac parport_pc lp parport serio_raw psmouse snd_hda_intel snd_pcm_oss snd_mixer_oss snd_pcm pcspkr snd_seq_dummy k8temp snd_seq_oss snd_seq_midi snd_rawmidi snd_seq_midi_event snd_seq snd_timer snd_seq_device snd soundcore i2c_piix4 snd_page_alloc i2c_core evdev dm_multipath scsi_dh pl2303 usbserial fglrx(P) agpgart wmi button shpchp pci_hotplug ext3 jbd mbcache sr_mod cdrom pata_acpi sd_mod crc_t10dif pata_atiixp sg usbhid hid usb_storage libusual ata_generic ahci ohci_hcd ehci_hcd libata usbcore scsi_mod dock r8169 mii dm_mirror dm_log dm_snapshot dm_mod thermal processor fan fbcon tileblit font bitblit softcursor fuse [28816.788215] [28816.788219] Pid: 20540, comm: mount.cifs Tainted: P (2.6.27-11-generic #1) [28816.788222] EIP: 0060:[<f9bfde00>] EFLAGS: 00010286 CPU: 0 [28816.788232] EIP is at cifs_read_super+0xa0/0x1e0 [cifs] [28816.788234] EAX: 00000044 EBX: 69000000 ECX: ffffffff EDX: 00000046 [28816.788237] ESI: d43b5000 EDI: ffffff8f EBP: d42a1e8c ESP: d42a1e6c [28816.788239] DS: 007b ES: 007b FS: 00d8 GS: 0033 SS: 0068 [28816.788242] Process mount.cifs (pid: 20540, ti=d42a0000 task=d1b48c90 task.ti=d42a0000) [28816.788245] Stack: f9c24428 ffffff8f d31aa000 d8951e00 0000004e d8951e00 d8951e00 00000000 [28816.788252] d42a1eb0 f9bfdfa9 00000000 f6603e80 fffffff4 d31aa000 f6603e80 00000000 [28816.788258] f9c38520 d42a1ed8 c01b468e d43b5000 f6603e80 d31aa000 00000040 d4086000 [28816.788264] Call Trace: [28816.788270] [<f9bfdfa9>] ? cifs_get_sb+0x69/0xc0 [cifs] [28816.788282] [<c01b468e>] ? vfs_kern_mount+0x5e/0x130 [28816.788292] [<c01b47be>] ? do_kern_mount+0x3e/0xe0 [28816.788296] [<c01cccff>] ? do_new_mount+0x6f/0x90 [28816.788301] [<c01cd242>] ? do_mount+0x1d2/0x1f0 [28816.788306] [<c01ca95d>] ? exact_copy_from_user+0x4d/0xa0 [28816.788310] [<c01caf6e>] ? copy_mount_options+0x6e/0xd0 [28816.788314] [<c01cd2f1>] ? sys_mount+0x91/0xc0 [28816.788318] [<c0103f7b>] ? sysenter_do_call+0x12/0x2f [28816.788323] ======================= [28816.788324] Code: 65 c6 8b 43 30 8b 55 f0 c6 04 10 00 8b 45 e8 89 f1 89 da 89 04 24 8b 45 ec e8 fd dc 00 00 85 c0 89 c7 74 57 8b 45 08 85 c0 74 30 <8b> 43 30 85 c0 74 0c e8 a4 f0 5a c6 c7 43 30 00 00 00 00 8b 43 [28816.788354] EIP: [<f9bfde00>] cifs_read_super+0xa0/0x1e0 [cifs] SS:ESP 0068:d42a1e6c [28816.788365] ---[ end trace 9d71176ecad6924f ]--- This is probably related to a few upstream cifs changes in 2.6.27-11-generic, I'll report to lkml as well
-- cifs+IPv6 regression 2.6.27-9 -> 2.6.27-11 https://bugs.launchpad.net/bugs/318565 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
