Modify

Opened 5 years ago

Closed 5 years ago

Last modified 4 years ago

#12711 closed defect (fixed)

mount.cifs broken with kernel 3.7.1

Reported by: John Thomas <openwrt-devel-2012@…> Owned by: developers
Priority: normal Milestone: Chaos Calmer 15.05
Component: kernel Version: Trunk
Keywords: Cc:

Description

Just updated my build to kernel 3.7.1. Everything seems fine, except I can no longer mount my samba share. The following commands work fine on the 3.6 kernel. A bit of searching suggests a possible dependency issue, but I am not sure how to debug that, but am happy to help.

root@wifi02:~# mount -v -t cifs 192.168.2.128/shared /mnt/win -o credentials=/etc/smb-mount-cred
mount error(2): No such file or directory
Refer to the mount.cifs(8) manual page (e.g. man mount.cifs)
mount: mounting
192.168.2.128/shared on /mnt/win failed: Invalid argument
root@wifi02:~# mount.cifs -o credentials=/etc/smb-mount-cred 192.168.2.128/shared /mnt/win
mount error(2): No such file or directory
Refer to the mount.cifs(8) manual page (e.g. man mount.cifs)

Attachments (0)

Change History (19)

comment:1 Changed 5 years ago by John Thomas <openwrt-devel-2012@…>

root@wifi02:~# opkg list | grep -i cifs
cifsmount - 5.4-1
kmod-fs-cifs - 3.7.1-1

comment:2 Changed 5 years ago by John Thomas <openwrt-devel-2012@…>

root@wifi02:~# opkg list | grep kmod-cry
kmod-crypto-aes - 3.7.1-1
kmod-crypto-arc4 - 3.7.1-1
kmod-crypto-des - 3.7.1-1
kmod-crypto-ecb - 3.7.1-1
kmod-crypto-hash - 3.7.1-1
kmod-crypto-hmac - 3.7.1-1
kmod-crypto-md4 - 3.7.1-1
kmod-crypto-md5 - 3.7.1-1
kmod-crypto-misc - 3.7.1-1
kmod-crypto-sha1 - 3.7.1-1

comment:3 Changed 5 years ago by John Thomas <openwrt-devel-2012@…>

root@wifi02:~# ls -la /mnt
drwxr-xr-x 1 root root 0 Dec 30 10:23 .
drwxr-xr-x 1 root root 0 Dec 31 1969 ..
drwxr-xr-x 2 root root 0 Dec 30 10:23 win
root@wifi02:~# ls -la /mnt/win
drwxr-xr-x 2 root root 0 Dec 30 10:23 .
drwxr-xr-x 1 root root 0 Dec 30 10:23 ..

comment:4 Changed 5 years ago by John Thomas <openwrt-devel-2012@…>

Sorry, I am a noob. Someone closed this or closed another similar thread. I copying this from another the other thread, /ticket/10365.html
[ 292.190000] CIFS VFS: could not allocate crypto hmacsha256
[ 292.190000]
[ 292.200000] CIFS VFS: could not setup hash structures rc -2
[ 292.200000] CIFS VFS: cifs_mount failed w/return code = -2
[ 1251.360000] CIFS VFS: could not allocate crypto hmacsha256
[ 1251.360000]
[ 1251.370000] CIFS VFS: could not setup hash structures rc -2
[ 1251.380000] CIFS VFS: cifs_mount failed w/return code = -2
[ 1357.320000] CIFS VFS: could not allocate crypto hmacsha256
[ 1357.320000]
[ 1357.320000] CIFS VFS: could not setup hash structures rc -2
[ 1357.330000] CIFS VFS: cifs_mount failed w/return code = -2
[ 1371.270000] CIFS VFS: could not allocate crypto hmacsha256
[ 1371.270000]
[ 1371.280000] CIFS VFS: could not setup hash structures rc -2
[ 1371.280000] CIFS VFS: cifs_mount failed w/return code = -2
[ 1590.490000] CIFS VFS: No username specified
[ 1590.500000] CIFS VFS: could not allocate crypto hmacsha256
[ 1590.500000]
[ 1590.500000] CIFS VFS: could not setup hash structures rc -2
[ 1590.510000] CIFS VFS: cifs_mount failed w/return code = -2
[ 1956.210000] CIFS VFS: No username specified
[ 1956.220000] CIFS VFS: could not allocate crypto hmacsha256
[ 1956.220000]
[ 1956.220000] CIFS VFS: could not setup hash structures rc -2
[ 1956.230000] CIFS VFS: cifs_mount failed w/return code = -2
[ 2290.120000] CIFS VFS: No username specified
[ 2290.130000] CIFS VFS: could not allocate crypto hmacsha256
[ 2290.130000]
[ 2290.140000] CIFS VFS: could not setup hash structures rc -2
[ 2290.150000] CIFS VFS: cifs_mount failed w/return code = -2
[ 2298.970000] CIFS VFS: could not allocate crypto hmacsha256
[ 2298.970000]
[ 2298.980000] CIFS VFS: could not setup hash structures rc -2
[ 2298.990000] CIFS VFS: cifs_mount failed w/return code = -2

kmod-crypto-md4 is already installed, see below. Could the kernel update be the issue as mount.cifs works fine on 3.6.
http://kernelnewbies.org/LinuxChanges notes the following about 3.7.1:
The CIFS networking filesystem has added support for the version 2 of the SMB protocol. The SMB2 protocol is the successor to the popular CIFS and SMB network file sharing protocols, and is the native file sharing mechanism for Windows operating systems since it was introduced in Windows Vista in 2006. SMB2 enablement will eventually allow users better performance, security and features, than would not be possible with previous protocols.
root@wifi01:~# opkg list | grep kmod-cry
kmod-crypto-aes - 3.7.1-1
kmod-crypto-arc4 - 3.7.1-1
kmod-crypto-des - 3.7.1-1
kmod-crypto-ecb - 3.7.1-1
kmod-crypto-hash - 3.7.1-1
kmod-crypto-hmac - 3.7.1-1
kmod-crypto-md4 - 3.7.1-1
kmod-crypto-md5 - 3.7.1-1
kmod-crypto-misc - 3.7.1-1
kmod-crypto-sha1 - 3.7.1-1

comment:5 Changed 5 years ago by hnyman <hannu.nyman@…>

Same here. ar71xx/WNDR3700 build r34938 with kernel 3.7.1. Mounting a Buffalo Linkstation NAS fails.

The same command that worked a few weeks ago (end of November) with earlier kernel does not work any more.

mount -t cifs 192.168.1.199/ftp-nas /mnt -o username=xxxx,password=yyyy,uid=root,file_mode=0644,dmode=0755

I don't have mount.cifs installed, instead just the kmod-fs-cifs and I used the plain mount command.

Error message in console is:

mount: mounting 192.168.1.199/ftp-nas on /mnt failed: Invalid argument

Kernel log shows:

[ 375.800000] CIFS VFS: cifs_parse_mount_options: Invalid uid value

If I remove the UID parameter, the error changes to:

[ 1648.250000] CIFS: Unknown mount option "dmode=0755"

And removing als that dmode gives:

[ 1668.740000] CIFS VFS: Connecting to DFS root not implemented yet

Something has definitely changed with 3.7.1, probably related to the introduction of SMB2 support in 3.7.1.

comment:6 Changed 5 years ago by hnyman <hannu.nyman@…>

There is actually discussion about changes in kernel 3.4+ regarding CIFS mountswith busybox mount. As I use the busybox mount, my error is partially related to it. Apparently the UNC options is now mandatory(?), and there is already a patch for busybox. See thread there:
http://lists.busybox.net/pipermail/busybox/2012-November/078655.html

Providing that option manually (and removing uid and dmode) gives me now the same error message as you get:

[ 2796.930000] CIFS VFS: could not allocate crypto hmacsha256
[ 2796.930000] 
[ 2796.940000] CIFS VFS: could not setup hash structures rc -2

comment:7 follow-up: Changed 5 years ago by John Thomas <openwrt-devel-2012@…>

comment:8 in reply to: ↑ 7 Changed 5 years ago by hnyman <hannu.nyman@…>

Replying to John Thomas <openwrt-devel-2012@…>:

I think we need kmod-crypto-sha256
see here: http://www.mail-archive.com/linux-cifs@vger.kernel.org/msg05235.html

I am not so sure.
Based on https://dev.openwrt.org/browser/trunk/package/kernel/modules/crypto.mk#L342 that kernel config option gets set by kmod-crypto-misc, which you already had (and which I just installed). But it didn't help.

And the file is shown properly:
root@OpenWrt:~# ls -l /lib/modules/3.7.1/sha*
-rw-r--r-- 1 root root 3392 Dec 30 23:24 /lib/modules/3.7.1/sha1_generic.ko
-rw-r--r-- 1 root root 10860 Dec 31 15:38 /lib/modules/3.7.1/sha256_generic.ko
-rw-r--r-- 1 root root 8428 Dec 31 15:38 /lib/modules/3.7.1/sha512_generic.ko

comment:9 Changed 5 years ago by hnyman <hannu.nyman@…>

I tested and found our that the busybox mount with my previous command failed already with 3.6.11. The triggering change for that has probably been the bump from 3.3.8 to 3.4+, which happened only a month ago for ar71xx with the move to 3.6.x.

I searched for kernel 3.4 cifs related stuff and stumbled upon these:
https://patchwork.kernel.org/patch/1606071/
http://forum.xda-developers.com/showthread.php?t=2003836
http://lists.busybox.net/pipermail/busybox/2012-November/078662.html

That gave me the hint about the mandatory unc option with Windows style backslashes, which possibly need to be escaped (=doubled in practice), meaning four backslashes at the start of the unc option.

I tested and this command works for me with 3.6.11, but gives me the same hmacsha256 error with 3.7.1:

mount -t cifs 192.168.1.199/ftp-nas /mnt -o username=xxxxx,password=yyyy,file_mode=0644,unc=\\\\192.168.1.199\\ftp-nas

So, I have been able to eliminate the pre-3.7.1 problem, but I am left with the kernel 3.7.1 problem :-(

I have compiled a new 3.7.1 firmware with the crypto-misc included, causing sha256_generic.ko to be included, but that does not help.

comment:10 Changed 5 years ago by John Thomas <openwrt-devel-2012@…>

Thank you for looking at this with me.

I just built two, the only difference is kernel 3.6.11 vs. 3.7.1. All have same crypo's and helpers as indicated above.

Both mounts are attempted with the following command:
mount.cifs 192.168.2.128/shared /mnt/win -o credentials=/etc/smb-mount-cred

3.6.11 works, but produces these messages:
Dec 31 10:31:09 wifi02 kern.notice kernel: [ 292.220000] CIFS: no cache= option specified, using "cache=loose". This default will change to "cache=strict" in 3.7.
Dec 31 10:31:09 wifi02 kern.err kernel: [ 292.240000] CIFS VFS: default security mechanism requested. The default security mechanism will be upgraded from ntlm to ntlmv2 in kernel release 3.3

3.7.1 fails as indicated above.

comment:11 follow-up: Changed 5 years ago by hnyman <hannu.nyman@…>

I was able to complete the mount in 3.7.1 after modifying package/kernel/modules/fs.mk by adding the kernel config symbol CONFIG_CRYPTO_SHA256 to the CIFS definition:

Index: package/kernel/modules/fs.mk
===================================================================
--- package/kernel/modules/fs.mk	(revision 34940)
+++ package/kernel/modules/fs.mk	(working copy)
@@ -47,6 +47,7 @@
   TITLE:=CIFS support
   KCONFIG:= \
 	CONFIG_CIFS \
+	CONFIG_CRYPTO_SHA256 \
 	CONFIG_CIFS_DFS_UPCALL=n \
 	CONFIG_CIFS_UPCALL=n
   FILES:=$(LINUX_DIR)/fs/cifs/cifs.ko

I am not sure if that is the most elegant way to solve that, but it seems to work.

root@OpenWrt:~# mount -t cifs //192.168.1.199/ftp-nas /mnt -o username=xxx,password=yyyy,file_mode=0644,dir_mode=0755,unc=\ \ \ \192.168.1.199\ \ftp-nas
root@OpenWrt:~# ls /mnt/
FTP       trashbox
root@OpenWrt:~# uname -r
3.7.1

comment:12 follow-up: Changed 5 years ago by hnyman <hannu.nyman@…>

A bit more explanation:
I noticed that the Linux kernel Kconfig definition changed between 3.6.11 and 3.7 regarding the modules selected by CIFS, as CRYPTO_SHA256 gets added in 3.7:
http://lxr.linux.no/#linux+v3.6.11/fs/cifs/Kconfig
http://lxr.linux.no/#linux+v3.7/fs/cifs/Kconfig

Currently Openwrt does not define kmod-crypto-sha256 as a separate module, as it is part of kmod-crypto-misc, but for some reason it did not work when I included that earlier.

I am no expert kernel options, so I am not sure what is the best way to included that. Writing a separate definition to https://dev.openwrt.org/browser/trunk/package/kernel/modules/crypto.mk and then adding a dependency to it? Or just modifying https://dev.openwrt.org/browser/trunk/package/kernel/modules/fs.mk like I did now.

Ps. I will try to rebuild the whole thing after a "make dirclean", so that I can re-verify the fix.

comment:13 in reply to: ↑ 11 Changed 5 years ago by hnyman <hannu.nyman@…>

Replying to hnyman <hannu.nyman@…>:

I was able to complete the mount in 3.7.1 after modifying package/kernel/modules/fs.mk by adding the kernel config symbol CONFIG_CRYPTO_SHA256 to the CIFS definition:

Index: package/kernel/modules/fs.mk
===================================================================
--- package/kernel/modules/fs.mk	(revision 34940)
+++ package/kernel/modules/fs.mk	(working copy)
@@ -47,6 +47,7 @@
   TITLE:=CIFS support
   KCONFIG:= \
 	CONFIG_CIFS \
+	CONFIG_CRYPTO_SHA256 \
 	CONFIG_CIFS_DFS_UPCALL=n \
 	CONFIG_CIFS_UPCALL=n
   FILES:=$(LINUX_DIR)/fs/cifs/cifs.ko

That report was incomplete, as that change by itself is not enough. I had also used "make kernel_menuconfig" to select the SHA256.
(Cryptographic API -> SHA224 and SHA256 digest algorithm)
In practice that selection changed target/linux/ar71xx/config-3.7, which change is needed for the mount to work.

Index: target/linux/ar71xx/config-3.7
===================================================================
--- target/linux/ar71xx/config-3.7	(revision 34940)
+++ target/linux/ar71xx/config-3.7	(working copy)
@@ -113,6 +113,9 @@
 CONFIG_CRYPTO_AES=y
 CONFIG_CRYPTO_ALGAPI=y
 CONFIG_CRYPTO_ALGAPI2=y
+CONFIG_CRYPTO_HASH=y
+CONFIG_CRYPTO_HASH2=y
+CONFIG_CRYPTO_SHA256=y
 CONFIG_CSRC_R4K=y
 CONFIG_CSRC_R4K_LIB=y
 CONFIG_DECOMPRESS_LZMA=y

comment:14 Changed 5 years ago by John Thomas <openwrt-devel-2012@…>

Confiredm, your two changes (to fs.mk and config-3.7) solved for me. The following is still in the logs, just FYI
[ 292.240000] CIFS VFS: default security mechanism requested. The default security mechanism will be upgraded from ntlm to ntlmv2 in kernel release 3.3

comment:15 Changed 5 years ago by hnyman <hannu.nyman@…>

I removed those two hacks and packaged the SHA256 as a kmod (in crypto.mk) and added a dependency for that to the cifs module definition (in fs.mk).

The patch is more elegant than the previous hack and is platform-independent.

--- trunk/package/kernel/modules/crypto.mk	(revision 34940)
+++ trunk/package/kernel/modules/crypto.mk	(working copy)
@@ -332,6 +332,17 @@
 
 $(eval $(call KernelPackage,crypto-sha1))
 
+define KernelPackage/crypto-sha256
+  TITLE:=SHA224 SHA256 digest CryptoAPI module
+  DEPENDS:=+kmod-crypto-hash
+  KCONFIG:=CONFIG_CRYPTO_SHA256
+  FILES:=$(LINUX_DIR)/crypto/sha256_generic.ko
+  AUTOLOAD:=$(call AutoLoad,09,sha256_generic)
+  $(call AddDepends/crypto)
+endef
+
+$(eval $(call KernelPackage,crypto-sha256))
+
 ifeq ($(strip $(call CompareKernelPatchVer,$(KERNEL_PATCHVER),ge,3.6.0)),1)
 camellia_mod_suffix=_generic
 endif
--- trunk/package/kernel/modules/fs.mk	(revision 34940)
+++ trunk/package/kernel/modules/fs.mk	(working copy)
@@ -57,6 +57,7 @@
     +kmod-crypto-hmac \
     +kmod-crypto-md5 \
     +kmod-crypto-md4 \
+    +kmod-crypto-sha256 \
     +kmod-crypto-des \
     +kmod-crypto-ecb
 endef

comment:16 in reply to: ↑ 12 Changed 5 years ago by hnyman <hannu.nyman@…>

Replying to hnyman <hannu.nyman@…>:

I noticed that the Linux kernel Kconfig definition changed between 3.6.11 and 3.7 regarding the modules selected by CIFS, as CRYPTO_SHA256 gets added in 3.7:
http://lxr.linux.no/#linux+v3.6.11/fs/cifs/Kconfig
http://lxr.linux.no/#linux+v3.7/fs/cifs/Kconfig

Final note: The requirement for sha256 for cifs in 3.7.1 originates here:
http://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=commit;h=3c1bf7e48e9e463b65b1b90da4500a93dd2b27a7

That change was not yet included in 3.6.x series (see http://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=history;f=fs/cifs;hb=refs/heads/linux-3.6.y )

comment:17 Changed 5 years ago by hnyman <hannu.nyman@…>

Patch has been implemented by r34955 and r34956 in a slightly modified format.

comment:18 Changed 5 years ago by John Thomas <openwrt-devel-2012@…>

This is fixed as indicated by hnyman above, how do I close it?

comment:19 Changed 5 years ago by juhosg

  • Resolution set to fixed
  • Status changed from new to closed

Fixed in r34955,r34956. Thanks!

Add Comment

Modify Ticket

Action
as closed .
The resolution will be deleted. Next status will be 'reopened'.
Author


E-mail address and user name can be saved in the Preferences.

 
Note: See TracTickets for help on using tickets.