[OpenAFS] A seemingly 1.8.8 issue solved with 1.8.9

Neil Brown neilb+afs@inf.ed.ac.uk
Tue, 25 Apr 2023 16:42:44 +0100 (BST) 

This was going to be a "help" email, but it seems that 1.8.9 has fixed our 
problem, but FYI ...

Today we spotted that running "cmdebug localhost" on an Ubuntu Focal AFS 
client, running 5.15.0-69-generic kernel and OpenAFS 1.8.8, caused a 
kernel BUG:

[377108.332077] detected buffer overflow in strcpy
[377108.334393] ------------[ cut here ]------------
[377108.336586] kernel BUG at lib/string.c:1165!
[377108.338662] invalid opcode: 0000 [#1] SMP PTI
[377108.340754] CPU: 0 PID: 5192 Comm: afs_callback Tainted: P 
OE     5.15.0-69-generic #76~20.04.1-Ubuntu
[377108.342605] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011
[377108.342605] RIP: 0010:fortify_panic+0x13/0x15
...
[377108.342605] Call Trace:
[377108.342605]  <TASK>
[377108.342605]  SRXAFSCB_GetLock.cold+0xc/0x37 [openafs]
[377108.342605]  RXAFSCB_ExecuteRequest+0x200/0xb60 [openafs]
...

which left the machine unusable. Worse than that, it could be triggered 
remotely by "cmdebug <vulnerable machine>".

However, upgrading to 1.8.9 seems to have fixed things.

Thanks,

Neil

FFYI, these were our version numbers before and after. I'm not responsible 
for the rebuilding, but I believe we just take the Ubuntu shipped Source 
packages, and rebuild them as is in our environment.

1.8.8

libafsauthent2/focal,now 1.8.8.1-3.inf amd64
libafsrpc2/focal,now 1.8.8.1-3.inf amd64
libkopenafs2/focal,now 1.8.8.1-3.inf amd64
openafs-client/focal,now 1.8.8.1-3.inf amd64
openafs-doc/focal,focal,now 1.8.8.1-3.inf all
openafs-krb5/focal,now 1.8.8.1-3.inf amd64
openafs-modules-5.15.0-69-generic/focal,now 1.8.8.1 amd64

1.8.9

libafsauthent2/focal,now 1.8.9-0.inf amd64
libafsrpc2/focal,now 1.8.9-0.inf amd64
libkopenafs2/focal,now 1.8.9-0.inf amd64
openafs-client/focal,now 1.8.9-0.inf amd64
openafs-doc/focal,now 1.8.9-0.inf all
openafs-krb5/focal,now 1.8.9-0.inf amd64
openafs-modules-5.15.0-69-generic/focal,now 1.8.9 amd64

Our SL7 machines running the same 1.8.8 on a 3.10.0-1160.83.1 kernel were 
unaffected.

-- 
  Neil Brown - Computing Officer - Appleton Tower 7.12a | Neil.Brown @ ed. ac.uk
  School of Informatics, University of Edinburgh        | Tel: +44 131 6504422