Bug 213927

Summary: CIFS: can't create file or directory when mount with modefromsid
Product: File System Reporter: Xiaoli Feng (fengxiaoli0714)
Component: CIFSAssignee: fs_cifs (fs_cifs)
Status: NEW ---    
Severity: high CC: nspmangalore, smfrench
Priority: P1    
Hardware: All   
OS: Linux   
Kernel Version: 5.14.0-rc2 Subsystem:
Regression: No Bisected commit-id:
Attachments: network trace
dmesg log

Description Xiaoli Feng 2021-07-30 07:45:57 UTC
Created attachment 298125 [details]
network trace

Mount windows server 2012 file server on linux 5.14.0 with modefromsid. I can't  create file or directory in this mountpoint. Can do these operations without modefromsid. This is a regression issue after switch to new mount API.

# mount //$WIN_SERVER/cifs cifs -o modefromsid,user=administrator,password=$WINPASSWD
# touch cifs/file
touch: setting times of 'cifs/file': No such file or directory
# mkdir cifs/dira
mkdir: cannot create directory ‘cifs/dira’: Invalid argument
# uname -r
Comment 1 Xiaoli Feng 2021-07-30 07:46:27 UTC
Created attachment 298127 [details]
dmesg log
Comment 2 Xiaoli Feng 2021-07-30 09:11:15 UTC
samba server also has this issue.

# mount //localhost/cifs cifs -o modefromsid,user=root,password=redhat
# touch cifs/file
touch: setting times of 'cifs/file': No such file or directory
# mkdir cifs/dir
mkdir: cannot create directory ‘cifs/dir’: Invalid argument
# cat /etc/samba/smb.conf
Comment 3 Shyam Prasad N 2021-08-03 04:40:13 UTC
Can you try using idsfromsid in combination with modefromsid?
(This should probably be set implicitly. I'll submit that change soon)

sprasad@lindev-local:/mnt/windows$ mount -t cifs
// on /mnt/windows type cifs (rw,relatime,vers=3.1.1,cache=strict,username=sprasad,uid=1000,noforceuid,gid=1000,noforcegid,addr=,file_mode=0777,dir_mode=0777,soft,nounix,idsfromsid,serverino,mapposix,modefromsid,rsize=4194304,wsize=4194304,bsize=1048576,echo_interval=60,actimeo=1)
sprasad@lindev-local:/mnt/windows$ mkdir cifstest
Comment 4 Steve French 2021-08-04 14:30:15 UTC
This is not related to the mount API change (the regression also happens in 5.10 kernel e.g.) and is due instead to the server not accepting using the "default" user and group (when the user and group SID is not specified) on create with SecurityDescriptor - this change to allow the mode to be specified on create was made earlier than 5.10 kernel.
Comment 5 Steve French 2021-08-04 14:48:30 UTC
It works in 5.9 but fails in 5.10.  The main difference I see is the length of the security descriptor context is smaller in 5.10 and later (180 bytes SD context blob length worked vs. 76 bytes in SD fails with invalid parameter)