Bug 201869 - CIFS: block on llistxattr for SMB1
Summary: CIFS: block on llistxattr for SMB1
Status: NEW
Alias: None
Product: File System
Classification: Unclassified
Component: CIFS (show other bugs)
Hardware: All Linux
: P1 high
Assignee: fs_cifs
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2018-12-04 03:36 UTC by Xiaoli Feng
Modified: 2018-12-05 02:33 UTC (History)
1 user (show)

See Also:
Kernel Version: 4.20.0-rc4+
Subsystem:
Regression: No
Bisected commit-id:

Attachments
samba server hang on smb1 query unix info basic (level 512) (18.09 KB, application/x-pcapng)
2018-12-04 20:18 UTC, Steve French 		Details
Add an attachment (proposed patch, testcase, etc.)

Description Xiaoli Feng 2018-12-04 03:36:08 UTC 
Mount cifs share with vers=1.0,sfu,actimeo=0. And can't return when execute getfattr a symbol link file.

[root@hp-dl360g9-13 ~]# mount |grep cifs1
//localhost/cifs on /root/cifs type cifs (rw,relatime,vers=1.0,cache=strict,username=root,uid=0,noforceuid,gid=0,noforcegid,addr=0000:0000:0000:0000:0000:0000:0000:0001,soft,unix,posixpaths,serverino,mapposix,sfu,acl,rsize=1048576,wsize=65536,echo_interval=60,actimeo=0,user=root)
[root@hp-dl360g9-13 ~]# mkdir ~/cifs/dir
[root@hp-dl360g9-13 ~]# ln -s ~/cifs/dir ~/cifs/dir2
[root@hp-dl360g9-13 ~]# setfattr -h -n user.name ~/cifs/dir2
setfattr: /root/cifs1/dir2: Operation not permitted
[root@hp-dl360g9-13 ~]# getfattr --absolute-names -dh -m user /root/cifs1/dir2

Here can't return.
Comment 1 Steve French 2018-12-04 20:17:11 UTC 
I was able to reproduce it with your steps. This looks a server bug - see attached wireshark trace, frames 17 and (after the client gave up and reconnected and retried) 107 - the server is hung and not responding.
Comment 2 Steve French 2018-12-04 20:18:42 UTC 
Created attachment 279849 [details]
samba server hang on smb1 query unix info basic (level 512)
Comment 3 Steve French 2018-12-04 22:35:49 UTC 
I tried it with Ubuntu 4.15 kernel and it hung Samba (server) the same way.

The repro steps (in my example /test was exported as //localhost/test by Samba). The only non-default thing needed in mount is "vers=1.0"

root@smf-Thinkpad-P51:~# mount -t cifs //localhost/test /mnt2  -ousername=testuser,vers=1.0
root@smf-Thinkpad-P51:~# mkdir -m 0777 /test/cifs
root@smf-Thinkpad-P51:~# mkdir /mnt2/cifs/target-dir
root@smf-Thinkpad-P51:~# ln -s /mnt2/cifs/target-dir /mnt2/cifs/src-dir
root@smf-Thinkpad-P51:~# setfattr -h -n user.name /mnt2/cifs/src-dir
setfattr: /mnt2/cifs/src-dir: Operation not permitted
root@smf-Thinkpad-P51:~# getfattr --absolute-names -dh -m user /mnt2/cifs/src-dir
<hangs on server in smb1 querypathinfo processing>
Comment 4 Steve French 2018-12-05 02:33:09 UTC 
This is probably a user error as well - even if it were fixable on the client the concept is wrong - the client is querying the server for information on a file which the server then sees is a symlink to a file on a cifs mount for which is querying the local machines VFS which then calls out to cifs.ko which sends a request to the same local Samba server which is now blocked on itself.
Note You need to log in before you can comment on or make changes to this bug.