Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1758151Ab1FJWDr (ORCPT ); Fri, 10 Jun 2011 18:03:47 -0400 Received: from mx3.utsp.utwente.nl ([130.89.2.14]:21978 "EHLO mx.utwente.nl" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1753467Ab1FJWDo (ORCPT ); Fri, 10 Jun 2011 18:03:44 -0400 Date: Sat, 11 Jun 2011 00:03:31 +0200 (CEST) From: Martijn Uffing To: Jeff Layton cc: Connor Hansen , linux-cifs@vger.kernel.org, linux-kernel@vger.kernel.org, sean finney Subject: Re: [OOPS] 3.0-rc1 cifs In-Reply-To: <20110610073702.061bc014@corrin.poochiereds.net> Message-ID: References: <20110609183045.01f6f9fc@tlielax.poochiereds.net> <20110610073702.061bc014@corrin.poochiereds.net> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed X-UTwente-MailScanner-Information: Scanned by MailScanner. Contact icts.servicedesk@utwente.nl for more information. X-UTwente-MailScanner: Found to be clean X-UTwente-MailScanner-SpamScore: sss X-UTwente-MailScanner-From: mp3project@sarijopen.student.utwente.nl Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 3391 Lines: 98 On Fri, 10 Jun 2011, Jeff Layton wrote: > On Fri, 10 Jun 2011 02:57:21 +0200 (CEST) > Uffing wrote: > >> >> >>> call in get_dfs_path() >>> rc = CIFSTCon(xid, pSesInfo, temp_unc, NULL, nls_codepage); >>> >>> function header for CIFSTCon >>> int CIFSTCon(unsigned int xid, struct cifs_ses *ses, >>> const char *tree, struct cifs_tcon *tcon, >>> const struct nls_table *nls_codepage) >>> >>> get_dfs_path() is passing struct cifs_tcon *tcon as NULL >>> >>> from config: CONFIG_CIFS_WEAK_PW_HASH=y >>> >>> in CIFSTCon >>> >>> #ifdef CONFIG_CIFS_WEAK_PW_HASH >>> 3222 if ((global_secflags & CIFSSEC_MAY_LANMAN) && >>> 3223 (ses->server->secType == LANMAN)) >>> 3224 calc_lanman_hash(tcon->password, >>> ses->server->cryptkey, >>> >>> in calc_lanman_hash tcon is dereferenced(tcon->password) without being >>> checked if null >>> >>> 3225 ses->server->sec_mode & >>> 3226 SECMODE_PW_ENCRYPT ? >>> true : false, >>> 3227 bcc_ptr); >>> 3228 else >>> 3229 #endif /* CIFS_WEAK_PW_HASH */ >>> >>> Connor >> >> >> Ave all >> >> I recompiled kernel 3.0-rc1 (hadn't enabled CONFIG_DEBUG_INFO=y) and put >> the oops (with the new adresses) through gdb per instruction of Jeff. And >> Connor was spot on! >> >> >> BUG: unable to handle kernel NULL pointer dereference at 00000000000000a0 >> IP: [] CIFSTCon+0xf6/0x4d0 [cifs] >> >> >> >> This GDB was configured as "x86_64-linux-gnu". >> For bug reporting instructions, please see: >> ... >> Reading symbols from >> /lib/modules/3.0.0-rc1-debug/kernel/fs/cifs/cifs.ko...done. >> (gdb) list *(CIFSTCon+0xf6) >> 0xc2b6 is in CIFSTCon (fs/cifs/connect.c:3230). >> 3225 ses->server->sec_mode & >> 3226 SECMODE_PW_ENCRYPT ? >> true : false, >> 3227 bcc_ptr); >> 3228 else >> 3229 #endif /* CIFS_WEAK_PW_HASH */ >> 3230 rc = SMBNTencrypt(tcon->password, >> ses->server->cryptkey, >> 3231 bcc_ptr); >> 3232 >> 3233 bcc_ptr += CIFS_AUTH_RESP_SIZE; >> 3234 if (ses->capabilities & CAP_UNICODE) { >> (gdb) >> >> > > (cc'ing Sean F. since I suspect this regression is due to his changes) > > Thanks for the analysis, Martijn and Connor... > > What sort of server are you mounting here? It looks like it's using > share-level security, so it's either very old or is a samba server > configured that way. To be honest ... both :) a)server is Debian Etch (samba 3.0.24-6etch10) (yeah i know old, but no time at the moment to upgrade/reinstall the whole system) b)share security. (security=share) in smb.conf This is on purpose. (all access is shielded based on hostnames) Mu -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/