[OpenAFS] A seemingly 1.8.8 issue solved with 1.8.9
Michael Meffie
mmeffie@sinenomine.net
Tue, 25 Apr 2023 17:04:06 -0400
On Tue, 25 Apr 2023 16:42:44 +0100 (BST)
Neil Brown <neilb+afs@inf.ed.ac.uk> wrote:
> This was going to be a "help" email, but it seems that 1.8.9 has fixed our
> problem, but FYI ...
>
> Today we spotted that running "cmdebug localhost" on an Ubuntu Focal AFS
> client, running 5.15.0-69-generic kernel and OpenAFS 1.8.8, caused a
> kernel BUG:
>
> [377108.332077] detected buffer overflow in strcpy
> [377108.334393] ------------[ cut here ]------------
> [377108.336586] kernel BUG at lib/string.c:1165!
> [377108.338662] invalid opcode: 0000 [#1] SMP PTI
> [377108.340754] CPU: 0 PID: 5192 Comm: afs_callback Tainted: P
> OE 5.15.0-69-generic #76~20.04.1-Ubuntu
> [377108.342605] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011
> [377108.342605] RIP: 0010:fortify_panic+0x13/0x15
> ...
> [377108.342605] Call Trace:
> [377108.342605] <TASK>
> [377108.342605] SRXAFSCB_GetLock.cold+0xc/0x37 [openafs]
> [377108.342605] RXAFSCB_ExecuteRequest+0x200/0xb60 [openafs]
> ...
>
> which left the machine unusable. Worse than that, it could be triggered
> remotely by "cmdebug <vulnerable machine>".
>
> However, upgrading to 1.8.9 seems to have fixed things.
Thanks Neil. The 1.8.9 fix for this issue was gerrit 15151.
(All of the strcpy() calls have been replaced with safer string copy
functions on the master branch.)
> Thanks,
>
> Neil
>
> FFYI, these were our version numbers before and after. I'm not responsible
> for the rebuilding, but I believe we just take the Ubuntu shipped Source
> packages, and rebuild them as is in our environment.
>
> 1.8.8
>
> libafsauthent2/focal,now 1.8.8.1-3.inf amd64
> libafsrpc2/focal,now 1.8.8.1-3.inf amd64
> libkopenafs2/focal,now 1.8.8.1-3.inf amd64
> openafs-client/focal,now 1.8.8.1-3.inf amd64
> openafs-doc/focal,focal,now 1.8.8.1-3.inf all
> openafs-krb5/focal,now 1.8.8.1-3.inf amd64
> openafs-modules-5.15.0-69-generic/focal,now 1.8.8.1 amd64
>
> 1.8.9
>
> libafsauthent2/focal,now 1.8.9-0.inf amd64
> libafsrpc2/focal,now 1.8.9-0.inf amd64
> libkopenafs2/focal,now 1.8.9-0.inf amd64
> openafs-client/focal,now 1.8.9-0.inf amd64
> openafs-doc/focal,now 1.8.9-0.inf all
> openafs-krb5/focal,now 1.8.9-0.inf amd64
> openafs-modules-5.15.0-69-generic/focal,now 1.8.9 amd64
>
> Our SL7 machines running the same 1.8.8 on a 3.10.0-1160.83.1 kernel were
> unaffected.