ksmbd: update to 3.1.3, ksmbd-tools: update to 3.2.1, add smb1 support

[Andy2244]

Maintainer: me
Compile tested: arm/mips (master)
Run tested: arm/mvebu (master)

Description:

• ksmbd: update to 3.1.3
• ksmbd-tools: update to 3.2.1
• add new package build option "KSMBD_SMB_INSECURE_SERVER"
• enable smb1 support to kmod by default
• add new UCI option "allow_legacy_protocols" to section [globals]

* ksmbd: release 3.1.3 version
* ksmbd: lock SMB2_QUERY_INFO_HE request with read lock
* ksmbd: fix potential racy between query_dir and ksmbd_vfs_empty_dir
* ksmbd: fix racy issue between deleting file and checking empty directory
* ksmbd: don't register interface which are member of bridge
* ksmbd: SO_REUSEADDR is no property of tcp_setsockopt
* ksmbd: release 3.1.2 version
* ksmbd: fix read caching buffer size as max_read_size
* ksmbd: fix the infinite loop of handling FSCTL_QUERY_ALLOCATED_RANGES
* ksmbd: use compounding for smb2 flush
* ksmbd: downgrade error message to debug in get_file_all_info
* ksmbd: rename usmbd to ksmbd.mountd in trvis-ci
* ksmbd: release 3.1.1 version
* ksmbd: does not work if ipv6 module is not loaded or compiled in
* ksmbd: capsule ifdef CONFIG_SMB_INSECURE_SERVER with smb1 codes
* ksmbd: capsule ifdef CONFIG_SMB_INSECURE_SERVER with smb1 codes
* ksmbd: update README file

* ksmbd-tools: release 3.2.1 version
* ksmbd-tools: revert "remove glib2.0 dependancy" patch
* ksmbd-tools: release 3.2.0 version
* ksmbd-tools: update how to restart ksmbd in README file
* Revert "ksmbd-tools: disable tbuf and rbuf caching by default"
* ksmbd-tools: disable tbuf and rbuf caching by default
* ksmbd-tools: replace usmbd prefix with ksmbd prefix
* ksmbd-tools: update README file
* ksmbd-tools: fix warning ignoring return value of 'fread'
* ksmbd-tools: downgrade unsupported command print to debug
* ksmbd-tools: remove GLIB_LIBS in Makefiles
* ksmbd-tools: rename usmbd, smbuseradd, smbshareadd to ksmbd.mountd, ksmbd.adduser and ksmbd.addshare
* ksmbd-tools: fix null pointer dereference in _list_remove
* ksmbd-tools: fix the sanity check fails depending on the password length
* ksmbd-tools: fix build error(not found glib.h)
* ksmbd-tools: remove glib-2.0 dependancy
* ksmbd-tools: update README to add libglib2.0-dev for Ubuntu preprequisite packages

Related PR:
openwrt/luci#3620

NOTE: Allows using smbv1 for older devices or Android tools that only support smb1.

[luizluca]

I backported this to 19.07 and I'm getting this error:

root@router:~# dmesg
(...)
[ 1044.470056] ksmbd: iface_exists:546: Device br-lan is down
[ 1044.475881] ksmbd: ksmbd_tcp_set_interfaces:596: Unknown interface: br-lan

root@router:~# ip link show dev br-lan
10: br-lan: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP mode DEFAULT group default qlen 1000
    link/ether aa:aa:aa:aa:aa:aa brd ff:ff:ff:ff:ff:ff

Network br-lan is up. Once I commented 'interface =' and 'bind only' from templates, it did start to listen. However, it always crash as soon as I first mounted a share. /sys/kernel/debug/crashlog gave me:

<1>[ 1341.513783] CPU 0 Unable to handle kernel paging request at virtual address 000002c0, epc == 8009d284, ra == 802fb71c
<4>[ 1341.524800] Oops[#1]:
<4>[ 1341.527149] CPU: 0 PID: 0 Comm: swapper Not tainted 4.14.167 #0
<4>[ 1341.533256] task: 804dbad0 task.stack: 804d6000
<4>[ 1341.537928] $ 0   : 00000000 00000001 00000000 00000000
<4>[ 1341.543331] $ 4   : 000002bc 000002bc 00000001 8110b7e8
<4>[ 1341.548734] $ 8   : 0010f73b 871f6780 0010f73c 00000004
<4>[ 1341.554137] $12   : 00000002 00000000 05b09856 00000000
<4>[ 1341.559540] $16   : 8418c950 8418c780 8418c780 86914f68
<4>[ 1341.564942] $20   : 804f3638 80662a50 8418c780 00000001
<4>[ 1341.570345] $24   : 00000000 00000000                  
<4>[ 1341.575748] $28   : 804d6000 87c07b70 804e0000 802fb71c
<4>[ 1341.581152] Hi    : 00000003
<4>[ 1341.584118] Lo    : f1344000
<4>[ 1341.587086] epc   : 8009d284 0x8009d284
<4>[ 1341.591045] ra    : 802fb71c 0x802fb71c
<4>[ 1341.595003] Status: 1100dc03      KERNEL EXL IE 
<4>[ 1341.599324] Cause : 00800008 (ExcCode 02)
<4>[ 1341.603462] BadVA : 000002c0
<4>[ 1341.606428] PrId  : 00019750 (MIPS 74Kc)
<4>[ 1341.610469] Modules linked in: ksmbd ath9k ath9k_common pppoe ppp_async ath9k_hw ath10k_pci ath10k_core ath pppox ppp_generic nf_nat_pptp nf_conntrack_pptp mac80211 lzo lz4 iptable_nat ipt_REJECT ipt_MASQUERADE cfg80211 zlib_inflate xt_time xt_tcpudp xt_tcpmss xt_statistic xt_state xt_recent xt_nat xt_multiport xt_mark xt_mac xt_limit xt_length xt_hl xt_helper xt_ecn xt_dscp xt_conntrack xt_connmark xt_connlimit xt_connbytes xt_comment xt_TRACE xt_TCPMSS xt_REDIRECT xt_NETMAP xt_LOG xt_HL xt_FLOWOFFLOAD xt_DSCP xt_CT xt_CLASSIFY wireguard usblp ts_fsm ts_bm slhc nf_reject_ipv4 nf_nat_tftp nf_nat_snmp_basic nf_nat_sip nf_nat_redirect nf_nat_proto_gre nf_nat_masquerade_ipv4 nf_nat_irc nf_conntrack_ipv4 nf_nat_ipv4 nf_nat_h323 nf_nat_amanda nf_log_ipv4 nf_flow_table_hw nf_flow_table nf_defrag_ipv4 nf_conntrack_tftp
<4>[ 1341.684855]  nf_conntrack_snmp nf_conntrack_sip nf_conntrack_rtcache nf_conntrack_proto_gre nf_conntrack_irc nf_conntrack_h323 nf_conntrack_broadcast ts_kmp nf_conntrack_amanda lzo_decompress lzo_compress lz4_decompress lz4_compress iptable_raw iptable_mangle iptable_filter ipt_ECN ip6table_raw ip_tables crc_ccitt compat sch_cake act_connmark sch_tbf sch_ingress sch_htb sch_hfsc em_u32 cls_u32 cls_tcindex cls_route cls_matchall cls_fw cls_flow cls_basic act_skbedit act_mirred ledtrig_usbport ip6table_nat nf_conntrack_ipv6 nf_defrag_ipv6 nf_nat_ipv6 ip6t_NPT ip6t_MASQUERADE nf_nat_masquerade_ipv6 nf_nat nf_conntrack nf_log_ipv6 nf_log_common ip6table_mangle ip6table_filter ip6_tables ip6t_REJECT x_tables nf_reject_ipv6 ifb ip6_udp_tunnel udp_tunnel tun snd_rawmidi snd_seq_device snd_pcm_oss snd_pcm
<4>[ 1341.757870]  snd_timer snd_mixer_oss snd_hwdep snd_compress snd soundcore input_core loop vfat fat udf crc_itu_t isofs exfat nls_utf8 nls_iso8859_1 nls_cp437 zram zsmalloc sha512_generic sha256_generic seqiv jitterentropy_rng drbg md5 md4 hmac ghash_generic gf128mul gcm ecb des_generic ctr cmac ccm crypto_acompress uas usb_storage sd_mod scsi_mod ext4 mbcache jbd2 crc16 cryptomgr aead crypto_null crc32c_generic crypto_hash ehci_platform ehci_hcd gpio_button_hotplug usbcore nls_base usb_common
<4>[ 1341.803006] Process swapper (pid: 0, threadinfo=804d6000, task=804dbad0, tls=00000000)
<4>[ 1341.811173] Stack : 83060040 214d683d 871f6b40 86914f54 871f6b40 871f6b40 00000000 803824b8
<4>[ 1341.819809]         804f3638 86964800 00000000 00000000 00000002 00000000 87330020 83060508
<4>[ 1341.828447]         87c07c3c 00000000 871f6b40 82451b60 00000004 87216248 804f6144 871f6b40
<4>[ 1341.837083]         804da51c 804f3638 00000001 fffffff8 fffffffe 00000000 804e0000 80359cf0
<4>[ 1341.845712]         87142c00 86863000 fffffffe 00000800 8686305c 871f6b40 871f6b40 804f0000
<4>[ 1341.854341]         ...
<4>[ 1341.856868] Call Trace:
<4>[ 1341.857089] [<803824b8>] 0x803824b8
<4>[ 1341.863405] [<87216248>] 0x87216248 [nf_conntrack_ipv4@87216000+0x13c0]
<4>[ 1341.870261] [<80359cf0>] 0x80359cf0
<4>[ 1341.874102] [<80359fc8>] 0x80359fc8
<4>[ 1341.877776] [<803598b0>] 0x803598b0
<4>[ 1341.881416] [<80359b74>] 0x80359b74
<4>[ 1341.885087] [<8035a298>] 0x8035a298
<4>[ 1341.888687] [<80357658>] 0x80357658
<4>[ 1341.892329] [<80359810>] 0x80359810
<4>[ 1341.896001] [<80315d04>] 0x80315d04
<4>[ 1341.899779] [<8031814c>] 0x8031814c
<4>[ 1341.903560] [<8041a3d4>] 0x8041a3d4
<4>[ 1341.907304] [<80391f28>] 0x80391f28
<4>[ 1341.911110] [<8041a924>] 0x8041a924
<4>[ 1341.914708] [<800c181c>] 0x800c181c
<4>[ 1341.918383] [<800c4b54>] 0x800c4b54
<4>[ 1341.922054] [<80359b64>] 0x80359b64
<4>[ 1341.925766] [<8041ad74>] 0x8041ad74
<4>[ 1341.929366] [<80392224>] 0x80392224
<4>[ 1341.933251] [<8041a994>] 0x8041a994
<4>[ 1341.936847] [<803159f8>] 0x803159f8
<4>[ 1341.940450] [<800d018c>] 0x800d018c
<4>[ 1341.944125] [<80071104>] 0x80071104
<4>[ 1341.947725] [<8030282c>] 0x8030282c
<4>[ 1341.951473] [<8031814c>] 0x8031814c
<4>[ 1341.955180] [<802da0b4>] 0x802da0b4
<4>[ 1341.958782] [<800bff48>] 0x800bff48
<4>[ 1341.962459] [<802ff598>] 0x802ff598
<4>[ 1341.966308] [<80500000>] 0x80500000
<4>[ 1341.969910] [<803185e0>] 0x803185e0
<4>[ 1341.973551] [<800b42d0>] 0x800b42d0
<4>[ 1341.977297] [<8044dce8>] 0x8044dce8
<4>[ 1341.980894] [<800b8d74>] 0x800b8d74
<4>[ 1341.984574] [<8022f0c0>] 0x8022f0c0
<4>[ 1341.988172] [<800657d8>] 0x800657d8
<4>[ 1341.991770] 
<4>[ 1341.993302] Code: 00000000  10800012  00802825 <8c820004> 8c840000  00021100  00a21021  24030001  14830003 
<4>[ 1342.003382] 
<4>[ 1342.004991] ---[ end trace 6760fc63a2978d2d ]---

I tested both with and without allow_legacy_protocols. I did need to force deps in order to install kernel modules (and it target 4.14.169 instead of 4.14.167). But I don't think that this is the cause.

It crashed while swapper process was running. However, when I disabled swap, it crashed with transmission-daemon. So, something went broke inside kernel space.

And I guess 'allow_legacy_protocols' should be in default config, respecting default behavior.

[Andy2244]

Worked find for me on 19.07 (mips), but i did a fresh build + flash.

[luizluca]

I'm using #11297, downloading the new userland progs from official repo and rebuilt kmod using SDK (to match my running kernel). Is it a sin?

I can mount/umount from a linux machine with no issues when using new protocols. However, when I use my crappy android apps, it crashes (they are good to test implementation tolerance).

<1>[216659.639170] CPU 0 Unable to handle kernel paging request at virtual address 54b2f840, epc == 809001ec, ra == 80924d50
<4>[216659.650592] Oops[#1]:
<4>[216659.653042] CPU: 0 PID: 4565 Comm: kworker/0:2 Not tainted 4.14.167 #0
<4>[216659.659875] Workqueue: ksmbd-io 0x8090f19c [ksmbd@80900000+0x33240]
<4>[216659.666431] task: 87dd21c0 task.stack: 87fdc000
<4>[216659.671196] $ 0   : 00000000 80630000 00000001 87703054
<4>[216659.676688] $ 4   : 54b2f83f 87fdddc8 00000006 877030c0
<4>[216659.682180] $ 8   : 86b2f841 00000000 00000001 00013172
<4>[216659.687673] $12   : 000d7b4e 143a16e2 5e44ef10 00000000
<4>[216659.693165] $16   : 00000000 54b2f83f 54b2f83f 00000000
<4>[216659.698657] $20   : 00000500 877030c0 86b2f83f 8092db00
<4>[216659.704151] $24   : 804d9040 3d895f54                  
<4>[216659.709643] $28   : 87fdc000 87fdddb0 804e0000 80924d50
<4>[216659.715136] Hi    : 000d7b4e
<4>[216659.718192] Lo    : 143a16e2
<4>[216659.721251] epc   : 809001ec 0x809001ec [ksmbd@80900000+0x33240]
<4>[216659.727542] ra    : 80924d50 0x80924d50 [ksmbd@80900000+0x33240]
<4>[216659.733827] Status: 1100dc03	KERNEL EXL IE 
<4>[216659.738236] Cause : 00800008 (ExcCode 02)
<4>[216659.742465] BadVA : 54b2f840
<4>[216659.745520] PrId  : 00019750 (MIPS 74Kc)
<4>[216659.749649] Modules linked in: ksmbd ath9k ath9k_common pppoe ppp_async ath9k_hw ath10k_pci ath10k_core ath pppox ppp_generic nf_nat_pptp nf_conntrack_pptp mac80211 lzo lz4 iptable_nat ipt_REJECT ipt_MASQUERADE cfg80211 zlib_inflate xt_time xt_tcpudp xt_tcpmss xt_statistic xt_state xt_recent xt_nat xt_multiport xt_mark xt_mac xt_limit xt_length xt_hl xt_helper xt_ecn xt_dscp xt_conntrack xt_connmark xt_connlimit xt_connbytes xt_comment xt_TRACE xt_TCPMSS xt_REDIRECT xt_NETMAP xt_LOG xt_HL xt_FLOWOFFLOAD xt_DSCP xt_CT xt_CLASSIFY wireguard usblp ts_fsm ts_bm slhc nf_reject_ipv4 nf_nat_tftp nf_nat_snmp_basic nf_nat_sip nf_nat_redirect nf_nat_proto_gre nf_nat_masquerade_ipv4 nf_nat_irc nf_conntrack_ipv4 nf_nat_ipv4 nf_nat_h323 nf_nat_amanda nf_log_ipv4 nf_flow_table_hw nf_flow_table nf_defrag_ipv4 nf_conntrack_tftp
<4>[216659.824125]  nf_conntrack_snmp nf_conntrack_sip nf_conntrack_rtcache nf_conntrack_proto_gre nf_conntrack_irc nf_conntrack_h323 nf_conntrack_broadcast ts_kmp nf_conntrack_amanda lzo_decompress lzo_compress lz4_decompress lz4_compress iptable_raw iptable_mangle iptable_filter ipt_ECN ip6table_raw ip_tables crc_ccitt compat sch_cake act_connmark sch_tbf sch_ingress sch_htb sch_hfsc em_u32 cls_u32 cls_tcindex cls_route cls_matchall cls_fw cls_flow cls_basic act_skbedit act_mirred ledtrig_usbport ip6table_nat nf_conntrack_ipv6 nf_defrag_ipv6 nf_nat_ipv6 ip6t_NPT ip6t_MASQUERADE nf_nat_masquerade_ipv6 nf_nat nf_conntrack nf_log_ipv6 nf_log_common ip6table_mangle ip6table_filter ip6_tables ip6t_REJECT x_tables nf_reject_ipv6 ifb ip6_udp_tunnel udp_tunnel tun snd_rawmidi snd_seq_device snd_pcm_oss snd_pcm
<4>[216659.897229]  snd_timer snd_mixer_oss snd_hwdep snd_compress snd soundcore input_core loop vfat fat udf crc_itu_t isofs exfat nls_utf8 nls_iso8859_1 nls_cp437 zram zsmalloc sha512_generic sha256_generic seqiv jitterentropy_rng drbg md5 md4 hmac ghash_generic gf128mul gcm ecb des_generic ctr cmac ccm crypto_acompress uas usb_storage sd_mod scsi_mod ext4 mbcache jbd2 crc16 cryptomgr aead crypto_null crc32c_generic crypto_hash ehci_platform ehci_hcd gpio_button_hotplug usbcore nls_base usb_common [last unloaded: ksmbd]
<4>[216659.944517] Process kworker/0:2 (pid: 4565, threadinfo=87fdc000, task=87dd21c0, tls=00000000)
<4>[216659.953400] Stack : 000d7b4e 00000000 00000001 00000000 87fdddd4 8648d000 86b2f895 00000001
<4>[216659.962126]         856b4000 86b2f800 86ab8000 8648d000 00000000 855c5e00 86b2f83f 8092db00
<4>[216659.970853]         804e0000 80924d50 804e0000 8090f3b4 1100dc03 000d7b4e 143a16e2 86b2f83d
<4>[216659.979580]         855c5e00 8648d000 8648d050 80932cdc 00000073 0c020000 80930104 8092db00
<4>[216659.988307]         804e0000 8090f4e4 804dbad0 804e0738 00000000 8044a10c 8110b100 8648d050
<4>[216659.997026]         ...
<4>[216659.999642] Call Trace:
<4>[216659.999969] [<80924d50>] 0x80924d50 [ksmbd@80900000+0x33240]
<4>[216660.008509] [<8090f3b4>] 0x8090f3b4 [ksmbd@80900000+0x33240]
<4>[216660.014565] [<8090f4e4>] 0x8090f4e4 [ksmbd@80900000+0x33240]
<4>[216660.020494] [<8044a10c>] 0x8044a10c
<4>[216660.024310] [<8009a018>] 0x8009a018
<4>[216660.028058] [<8009a4e4>] 0x8009a4e4
<4>[216660.031962] [<8009a1c4>] 0x8009a1c4
<4>[216660.035678] [<8009f8b4>] 0x8009f8b4
<4>[216660.039364] [<8009f78c>] 0x8009f78c
<4>[216660.043117] [<8009f78c>] 0x8009f78c
<4>[216660.046834] [<80065458>] 0x80065458
<4>[216660.050524] 
<4>[216660.052148] Code: 00008025  10000010  00009825 <92220001> 92240000  00021200  00441025  1040000f  00402025 
<4>[216660.062316] 
<4>[216660.067131] ---[ end trace 8859a3d4b14ac795 ]---

And when I added '-g -DDEBUG -Og ' to gcc:

<1>[ 2076.792354] CPU 0 Unable to handle kernel paging request at virtual address 4abfa200, epc == 86600040, ra == 8660049c
<4>[ 2076.803557] Oops[#1]:
<4>[ 2076.805911] CPU: 0 PID: 5314 Comm: kworker/0:1 Not tainted 4.14.167 #0
<4>[ 2076.812654] Workqueue: ksmbd-io 0x866109e4 [ksmbd@86600000+0x36fa0]
<4>[ 2076.819121] task: 84549680 task.stack: 87418000
<4>[ 2076.823796] $ 0   : 00000000 80630000 4abfa200 82bfa200
<4>[ 2076.829199] $ 4   : 4abfa200 00000a00 877fd0c0 877fd0c0
<4>[ 2076.834601] $ 8   : 00000015 14284422 1bd38aba 04fecc9c
<4>[ 2076.840005] $12   : 001ea1d4 d28e0d4d 00000000 ffffffff
<4>[ 2076.845408] $16   : 00000000 00000000 00000500 4abfa200
<4>[ 2076.850811] $20   : 877fd0c0 00000000 804e0000 fffffffe
<4>[ 2076.856214] $24   : 00000002 edb6bc89                  
<4>[ 2076.861617] $28   : 87418000 87419d28 804e0000 8660049c
<4>[ 2076.867019] Hi    : 001ea1d4
<4>[ 2076.869985] Lo    : d28e0d4d
<4>[ 2076.872956] epc   : 86600040 0x86600040 [ksmbd@86600000+0x36fa0]
<4>[ 2076.879156] ra    : 8660049c 0x8660049c [ksmbd@86600000+0x36fa0]
<4>[ 2076.885351] Status: 1100dc03	KERNEL EXL IE 
<4>[ 2076.889671] Cause : 00800008 (ExcCode 02)
<4>[ 2076.893800] BadVA : 4abfa200
<4>[ 2076.896768] PrId  : 00019750 (MIPS 74Kc)
<4>[ 2076.900816] Modules linked in: ksmbd ath9k ath9k_common pppoe ppp_async ath9k_hw ath10k_pci ath10k_core ath pppox ppp_generic nf_nat_pptp nf_conntrack_pptp mac80211 lzo lz4 iptable_nat ipt_REJECT ipt_MASQUERADE cfg80211 zlib_inflate xt_time xt_tcpudp xt_tcpmss xt_statistic xt_state xt_recent xt_nat xt_multiport xt_mark xt_mac xt_limit xt_length xt_hl xt_helper xt_ecn xt_dscp xt_conntrack xt_connmark xt_connlimit xt_connbytes xt_comment xt_TRACE xt_TCPMSS xt_REDIRECT xt_NETMAP xt_LOG xt_HL xt_FLOWOFFLOAD xt_DSCP xt_CT xt_CLASSIFY wireguard usblp ts_fsm ts_bm slhc nf_reject_ipv4 nf_nat_tftp nf_nat_snmp_basic nf_nat_sip nf_nat_redirect nf_nat_proto_gre nf_nat_masquerade_ipv4 nf_nat_irc nf_conntrack_ipv4 nf_nat_ipv4 nf_nat_h323 nf_nat_amanda nf_log_ipv4 nf_flow_table_hw nf_flow_table nf_defrag_ipv4 nf_conntrack_tftp
<4>[ 2076.975202]  nf_conntrack_snmp nf_conntrack_sip nf_conntrack_rtcache nf_conntrack_proto_gre nf_conntrack_irc nf_conntrack_h323 nf_conntrack_broadcast ts_kmp nf_conntrack_amanda lzo_decompress lzo_compress lz4_decompress lz4_compress iptable_raw iptable_mangle iptable_filter ipt_ECN ip6table_raw ip_tables crc_ccitt compat sch_cake act_connmark sch_tbf sch_ingress sch_htb sch_hfsc em_u32 cls_u32 cls_tcindex cls_route cls_matchall cls_fw cls_flow cls_basic act_skbedit act_mirred ledtrig_usbport ip6table_nat nf_conntrack_ipv6 nf_defrag_ipv6 nf_nat_ipv6 ip6t_NPT ip6t_MASQUERADE nf_nat_masquerade_ipv6 nf_nat nf_conntrack nf_log_ipv6 nf_log_common ip6table_mangle ip6table_filter ip6_tables ip6t_REJECT x_tables nf_reject_ipv6 ifb ip6_udp_tunnel udp_tunnel tun snd_rawmidi snd_seq_device snd_pcm_oss snd_pcm
<4>[ 2077.048217]  snd_timer snd_mixer_oss snd_hwdep snd_compress snd soundcore input_core loop vfat fat udf crc_itu_t isofs exfat nls_utf8 nls_iso8859_1 nls_cp437 zram zsmalloc sha512_generic sha256_generic seqiv jitterentropy_rng drbg md5 md4 hmac ghash_generic gf128mul gcm ecb des_generic ctr cmac ccm crypto_acompress uas usb_storage sd_mod scsi_mod ext4 mbcache jbd2 crc16 cryptomgr aead crypto_null crc32c_generic crypto_hash ehci_platform ehci_hcd gpio_button_hotplug usbcore nls_base usb_common [last unloaded: ksmbd]
<4>[ 2077.095414] Process kworker/0:1 (pid: 5314, threadinfo=87418000, task=84549680, tls=00000000)
<4>[ 2077.104208] Stack : 82406600 82406a3f 00000001 000000e2 82406600 000000e2 82406000 4abfa200
<4>[ 2077.112844]         00000a00 82406a00 877fd0c0 8660049c 87419d6c 00000000 82406b2d 00000000
<4>[ 2077.121473]         00000000 00000004 00000000 82406a4b 82406000 82bfa200 82406600 82406a00
<4>[ 2077.130102]         82bfa900 86629d60 00800010 8662fe88 82406a00 82406600 00009f2f 800ac80c
<4>[ 2077.138739]         82406a00 8080c3dc 82406000 82bfe400 82406600 82bfa900 804e0000 8662b870
<4>[ 2077.147367]         ...
<4>[ 2077.149895] Call Trace:
<4>[ 2077.149967] [<8660049c>] 0x8660049c [ksmbd@86600000+0x36fa0]
<4>[ 2077.158362] [<86629d60>] 0x86629d60 [ksmbd@86600000+0x36fa0]
<4>[ 2077.164200] [<8662fe88>] 0x8662fe88 [ksmbd@86600000+0x36fa0]
<4>[ 2077.170040] [<800ac80c>] 0x800ac80c
<4>[ 2077.173645] [<8662b870>] 0x8662b870 [ksmbd@86600000+0x36fa0]
<4>[ 2077.179556] [<866106ac>] 0x866106ac [ksmbd@86600000+0x36fa0]
<4>[ 2077.185401] [<866108e4>] 0x866108e4 [ksmbd@86600000+0x36fa0]
<4>[ 2077.191239] [<8009b798>] 0x8009b798
<4>[ 2077.194880] [<86610a18>] 0x86610a18 [ksmbd@86600000+0x36fa0]
<4>[ 2077.200718] [<8009964c>] 0x8009964c
<4>[ 2077.204321] [<8009a018>] 0x8009a018
<4>[ 2077.207924] [<8009a4e4>] 0x8009a4e4
<4>[ 2077.211594] [<8009a1c4>] 0x8009a1c4
<4>[ 2077.215223] [<8009f8b4>] 0x8009f8b4
<4>[ 2077.218818] [<8009f78c>] 0x8009f78c
<4>[ 2077.222454] [<8009f78c>] 0x8009f78c
<4>[ 2077.226058] [<80065458>] 0x80065458
<4>[ 2077.229664] 
<4>[ 2077.231198] Code: 10000011  00008025  02621021 <90440000> 90420001  00021200  00822025  1080000d  24060006 
<4>[ 2077.241278] 
<4>[ 2077.244993] ---[ end trace 85313d15d6e2dd83 ]---

$ eu-addr2line -s -S -a -i -f -e build_dir/target-mips_24kc_musl/linux-ath79_generic/ksmbd-3.1.3/.pkgdir/kmod-fs-ksmbd/lib/modules/4.14.167/ksmbd.ko 2fe88 29d60 0049c
0x0002fe88
smb1_get_data_len
smb1_get_data_len+0xd4
smb1misc.c:232
0x00029d60
build_sess_rsp_extsec
build_sess_rsp_extsec+0x25c
smb1pdu.c:1107
0x0000049c
smb_strndup_from_utf16
smb_strndup_from_utf16+0x4
unicode.c:296

PS: I'm not sure this command makes sense with non-debug build and cross-compiling

Linux mount: it used SMB2 to offer dialects 0x0210, 0x0300,0x0302, 0x0311 (by default). Server selected 0x0311 and everything worked as expected. It worked from vers=2.0 (where the client offer only 0x0202) and on, both using FQDN and IP address, both IPv4 and IPv6. With vers=1.0 (and legacy protocols enabled), I get in my linux box these two errors when using ip address or FQDN (which might try IPv6)

[ 7979.467707] CIFS: Attempting to mount //192.168.3.1/dados
[ 7979.467765] CIFS VFS: Error connecting to socket. Aborting operation.
[ 7979.467774] CIFS VFS: cifs_mount failed w/return code = -2

[ 7993.797567] CIFS: Attempting to mount //router.lan3/dados
[ 7993.804430] CIFS VFS: RFC1001 size 171 smaller than SMB for mid=2
[ 7993.804438] 00000000: ab000000 424d53ff 00001673 c80180c0  .....SMBs.......
[ 7993.804440] 00000010: 00000000 00000000 00000000 1e830000  ................
[ 7993.804442] 00000020: 00020001 ab00ff04 00000000 4e800080  ...............N
[ 7993.804459] CIFS VFS: Send error in SessSetup = -5
[ 7993.804484] CIFS VFS: cifs_mount failed w/return code = -2

And wireshark tells me the SMB is corrupted (while doing NTLMSSP_NEGO).

AndSMB (android) using SMB1 (and legacy protocols enabled): it sends SMB trying dialect "NT LM 0.12". Server ACKs the dialect. AndSMB starts a NTLMSSP_NEGO, server answer is marked as malformed by wireshark. It authenticates as anonymous but get STATUS_USER_SESSION_DELETED when client connects to IPC$.

AndSMB (android) using SMB2/3 mode: it used SMB2 to offer dialects 0x0202, 0x0210. Server selected 0x0210. It seems server authenticate the user as guest. When it connects to a share, it uses my router FQDN (although I never mentioned it in my settings, Reverse DNS?). When it tries to open the share, I get STATUS_DATA_ERROR.

Other apps normally crashes my router before I can capture data (even VLC that worked before).
Normally, they try to use SMB 2.002 or 2.??? (according to wireshark) or SMB2 offering dialects 0x0202 or 0x0210. When they fail (normally after a STATUS_DATA_ERROR), they fall back to SMB trying dialect "NT LM 0.12" and the router is gone.

I'll attach my module built with debug options for ath79:
ksmbd.ko.gz

[Andy2244]

@luizluca as noted i did test like 5 explorer Android apps on my 7.0 Phone and all worked fine and i could access my shares. I noticed some error's in the logs, but nothing crashed my router. I only noticed that Astro-Explorer sometimes crashed and i had to "force close" and reopen the app.

I appreciate all the debug stuff, but this is out of my league and generally such problems belong in a upstream Issue cifsd-team/ksmbd#334.

PS: What we have to keep in mind, is that we (openwrt snapshots) never really tested the smb1 codepath, since i never enabled/included it. So its possible there are still serious bugs, since upstream never got error reports on it and upstream generally only validates via smbtorture against x86 targets, So we are the testers for mips/arm and little/big endian stuff.

[namjaejeon]

[ 7993.804430] CIFS VFS: RFC1001 size 171 smaller than SMB for mid=2

@luizluca Could you tell me what mount option you use for smb1 mount ?

[luizluca]

Nothing especial:

mount -o guest,vers=1.0 //192.168.3.1/dados /mnt/a

[namjaejeon]

Because I could not reproduce it on my test. and

mount -o guest,vers=1.0 //192.168.3.1/dados /mnt/a

It can not be reproduced either... What is the difference ?
I will try reproduce your issue with AndSMB, The best thing is you suggest a patch if you only reproduce it . because this is open source.

[namjaejeon]

I only noticed that Astro-Explorer sometimes crashed and i had to "force close" and reopen the app.

@Andy2244 I will check this as well as AndSMB.

[luizluca]

The best thing is you suggest a patch if you only reproduce it . because this is open source

Sure. I'll try again now with a Malta qemu instead of a real device.

[luizluca]

Sure. I'll try again now with a Malta qemu instead of a real device.

Exactly the same issue usuing a virtual machine. I'm using malta bigendian 32-bit (the closer I can get to my ath79 and the only one with oficial images).

Instead of some random patch contribution, I guess I could help more providing a reproducible test env.

I tested using three variations:

1. Booting openwrt-19.07.1-malta-be-vmlinux-initramfs.elf and building only kmod-fs-ksmbd (from openwrt-19.04 HEAD) with released SDK
2. Building openwrt-19.07.1-malta-be-vmlinux-initramfs.elf from git (openwrt-19.07 branch), with ksmbd builtin
3. Using snapshot openwrt-malta-be-vmlinux-initramfs.elf and installing everything from repo

Every single one got me the same result: kernel oops.

Let me share a script I created to run OpenWrt using qemu. It support multiple archs (malta be/le, arm, x86, x86_64): owrt.gz. It will ask sudo in order to create owrt-br0 where VM LAN is connected. I connected it with my machine ethernet (to allow android clients to use it) with sudo ip link set dev enp3s0 master owrt-br0 (flush enp3s0 addresses before use). VM WAN uses a software interface (no ping but tcp/udp works).

$ owrt -k https://downloads.openwrt.org/snapshots/targets/malta/be/openwrt-malta-be-vmlinux-initramfs.elf
(...)
root@OpenWrt:~# opkg update
root@OpenWrt:~# opkg install ksmbd-server
root@OpenWrt:~# cp /etc/ksmbd/ksmbd.config.example /etc/config/ksmbd 
root@OpenWrt:~# ip a add 192.168.x.4/24 dev br-lan #I use a different address range
root@OpenWrt:~# /etc/init.d/ksmbd restart

That is really every single command I typed since it booted. I really use an oneliner after wan is up:

root@OpenWrt:~# opkg update ; opkg install ksmbd-server ; cp /etc/ksmbd/ksmbd.config.example /etc/config/ksmbd ; ip a add 192.168.3.4/24 dev br-lan ; /etc/init.d/ksmbd restart

Now you can test using android clients. Linux mount never crashed ksmbd, only android apps. Most android apps crashes the router as soon as it connects generating:

root@OpenWrt:~# [  469.004142] CPU 0 Unable to handle kernel paging request at virtual address 5e957001, epc == 8ea401e8, ra == 8ea65b58
[  469.006118] Oops[#1]:
[  469.006496] CPU: 0 PID: 529 Comm: kworker/0:2 Not tainted 4.19.101 #0
[  469.007697] Workqueue: ksmbd-io ksmbd_ipc_init [ksmbd]
[  469.008239] $ 0   : 00000000 00000001 00000001 8e95004c
[  469.008581] $ 4   : 5e957000 8f931dc8 00000006 8e952000
[  469.008878] $ 8   : ffffffd4 65007300 74004d34 eb5f178b
[  469.009116] $12   : 7f7f7f7f fefefeff 8f8d2000 6e006900
[  469.009453] $16   : 00000000 5e957000 5e957000 00000000
[  469.009850] $20   : 00000500 8e952000 8e957000 8ea73cfc
[  469.010216] $24   : 00000002 80160f90                  
[  469.010668] $28   : 8f930000 8f931da8 807e0000 8ea65b58
[  469.010988] Hi    : 00000000
[  469.011173] Lo    : 01758c00
[  469.011480] epc   : 8ea401e8 smb_strndup_from_utf16+0x54/0x270 [ksmbd]
[  469.011833] ra    : 8ea65b58 smb_session_setup_andx+0x374/0x934 [ksmbd]
[  469.012142] Status: 1000a403	KERNEL EXL IE 
[  469.012433] Cause : 00800008 (ExcCode 02)
[  469.012645] BadVA : 5e957001
[  469.012889] PrId  : 00019300 (MIPS 24Kc)
[  469.013152] Modules linked in: ksmbd nls_utf8 nls_base sha512_generic sha256_generic seqiv jitterentropy_rng drbg md5 md4 hmac ghash_generic gf128mul gcm ecb des_generic ctr cmac ccm arc4 pppoe ppp_async iptable_nat ipt_MASQUERADE xt_state xt_nat xt_conntrack xt_REDIRECT xt_FLOWOFFLOAD xt_CT pppox ppp_generic nf_nat_ipv4 nf_nat nf_flow_table_hw nf_flow_table nf_conntrack_rtcache nf_conntrack mac80211_hwsim mac80211 ipt_REJECT cfg80211 xt_time xt_tcpudp xt_multiport xt_mark xt_mac xt_limit xt_comment xt_TCPMSS xt_LOG slhc pcnet32 nf_reject_ipv4 nf_log_ipv4 nf_defrag_ipv6 nf_defrag_ipv4 iptable_mangle iptable_filter ip_tables crc_ccitt compat nf_log_ipv6 nf_log_common ip6table_mangle ip6table_filter ip6_tables ip6t_REJECT x_tables nf_reject_ipv6 mii [last unloaded: ksmbd]
[  469.018302] Process kworker/0:2 (pid: 529, threadinfo=df9b2b6a, task=252f2b7d, tls=00000000)
[  469.018926] Stack : 00000000 8ea5f080 7f7f7f7f 00000000 00000002 00000001 8f931dd4 8f3c8600
[  469.019522]         8e98e135 00000000 8e98e000 8e98e200 8e8a0b00 00000000 8fb84a80 8f3c8600
[  469.020019]         8e957000 8ea73cfc 807e0000 8ea65b58 807e0000 8ea4fa34 1000a403 00000000
[  469.020538]         01758c00 8e98e03d 8fb84a80 8f3c8600 8fb84ad0 00000073 0c020000 8ea70c48
[  469.021078]         8ea6e710 8ea73cfc 807e0000 8ea4fb68 807de140 8069bdfc 8124d880 8f9c46c0
[  469.021608]         ...
[  469.022044] Call Trace:
[  469.022246] [<8ea401e8>] smb_strndup_from_utf16+0x54/0x270 [ksmbd]
[  469.022952] [<8ea65b58>] smb_session_setup_andx+0x374/0x934 [ksmbd]
[  469.023280] [<8ea4fb68>] ksmbd_ipc_init+0x810/0xa78 [ksmbd]
[  469.023790] Code: 00008025  10000010  00009825 <92420001> 92440000  00021200  00441025  1040000f  00402025 
[  469.024491] 
[  469.024928] ---[ end trace 94c32b947d7b48fa ]---
[  469.027254] Kernel panic - not syncing: Fatal exception
[  469.028549] Rebooting in 3 seconds..
[    0.000000] Linux version 4.19.101 (builder@buildhost) (gcc version 8.3.0 (OpenWrt GCC 8.3.0 r12222-35ab804ea7)) #0 SMP Wed Feb 12 21:15:14 2020
[    0.000000] earlycon: uart8250 at I/O port 0x3f8 (options '38400n8')

As it uses initram, I have to start all over again after every crash.

• AndSMB smb2/3 mode: does not connect (but router does not crash)
• VLC: crashes
• X-plore: crashes on SMBv1 and SMBv2 modes
• GMT Subtitles: crashes

It cannot be "more reproducible" than this.

It's a shame they removed the other 3 malta variation (le32, le64, be64) from snapshot builds (although they are in source). It could help uncover a simple endianness issue.

However, other targets simply work as expected like arm (little endian). Test this for example:

• owrt -k https://downloads.openwrt.org/snapshots/targets/armvirt/32/openwrt-armvirt-32-zImage-initramfs

It never crashes and opens the shares.

I'm building malta-le (sorry, very slow machine) and I'll update here if it is an endianness or mips issue.

[luizluca]

I'm building malta-le (sorry, very slow machine) and I'll update here if it is an endianness or mips issue.

It is probably endianness problem, with big endian machines. malta-le does not have the same issue as malta-be.

[namjaejeon]

@luizluca Thanks for your detail!!
Could you please test the below patch ?

diff --git a/smb1pdu.c b/smb1pdu.c
index 2d07a60..9ac7ff3 100644
--- a/smb1pdu.c
+++ b/smb1pdu.c
@@ -1089,7 +1089,7 @@ static int build_sess_rsp_extsec(struct ksmbd_session *sess,
                                goto out_err;
                        }
 
-                       rsp->SecurityBlobLength = neg_blob_len;
+                       rsp->SecurityBlobLength = cpu_to_le16(neg_blob_len);
                }
 
                rsp->hdr.Status.CifsError = STATUS_MORE_PROCESSING_REQUIRED;
@@ -1133,7 +1133,7 @@ static int build_sess_rsp_extsec(struct ksmbd_session *sess,
                }
 
                if (user_guest(sess->user)) {
-                       rsp->Action = GUEST_LOGIN;
+                       rsp->Action = cpu_to_le16(GUEST_LOGIN);
                        goto no_password_check;
                }
 
@@ -1159,7 +1159,7 @@ no_password_check:
                        rsp->SecurityBlobLength =
                                cpu_to_le16(spnego_blob_len);
                        kfree(spnego_blob);
-                       inc_rfc1001_len(rsp, rsp->SecurityBlobLength);
+                       inc_rfc1001_len(rsp, spnego_blob_len);
                        rsp->ByteCount = rsp->SecurityBlobLength;
                }
        } else {

[luizluca]

Could you please test the below patch ?

Still crashing at the same place.

Did you noticed that the last kernel oops (using snapshot image) does provide a nice call stack with symbols?

[ 469.022246] [<8ea401e8>] smb_strndup_from_utf16+0x54/0x270 [ksmbd]
[ 469.022952] [<8ea65b58>] smb_session_setup_andx+0x374/0x934 [ksmbd]
[ 469.023280] [<8ea4fb68>] ksmbd_ipc_init+0x810/0xa78 [ksmbd]

Maybe the fix is somewhere around it.

[namjaejeon]

rechecked.

Could you check this patch ?

diff --git a/smb1pdu.c b/smb1pdu.c
index 2d07a60..fdb66cd 100644
--- a/smb1pdu.c
+++ b/smb1pdu.c
@@ -1089,7 +1089,7 @@ static int build_sess_rsp_extsec(struct ksmbd_session *sess,
                                goto out_err;
                        }

-                       rsp->SecurityBlobLength = neg_blob_len;
+                       rsp->SecurityBlobLength = cpu_to_le16(neg_blob_len);
                }

                rsp->hdr.Status.CifsError = STATUS_MORE_PROCESSING_REQUIRED;
@@ -1112,8 +1112,8 @@ static int build_sess_rsp_extsec(struct ksmbd_session *sess,
                                                req->SecurityBlob;

                username = smb_strndup_from_utf16((const char *)authblob +
-                               authblob->UserName.BufferOffset,
-                               authblob->UserName.Length, true,
+                               le32_to_cpu(authblob->UserName.BufferOffset),
+                               le16_to_cpu(authblob->UserName.Length), true,
                                conn->local_nls);

                if (IS_ERR(username)) {
@@ -1133,7 +1133,7 @@ static int build_sess_rsp_extsec(struct ksmbd_session *sess,
                }

                if (user_guest(sess->user)) {
-                       rsp->Action = GUEST_LOGIN;
+                       rsp->Action = cpu_to_le16(GUEST_LOGIN);
                        goto no_password_check;
                }

@@ -1159,7 +1159,7 @@ no_password_check:
                        rsp->SecurityBlobLength =
                                cpu_to_le16(spnego_blob_len);
                        kfree(spnego_blob);
-                       inc_rfc1001_len(rsp, rsp->SecurityBlobLength);
+                       inc_rfc1001_len(rsp, spnego_blob_len);
                        rsp->ByteCount = rsp->SecurityBlobLength;
                }
        } else {
-- 
2.17.1

[luizluca]

It's getting better.

VLC access was restored and nothing could crash the system now. However, no apps could read the files (but VLC).

I get this strange errors on dmesg:

Fri Feb 14 20:02:50 2020 kern.err kernel: [34652.212462] ksmbd: ksmbd_smb1_check_message:258: Invalid word count, 13 not -22. cmd 73
Fri Feb 14 20:03:20 2020 kern.err kernel: [34682.676579] ksmbd: smb2_query_dir:3468: no right to enumerate directory (/)
Fri Feb 14 20:03:20 2020 kern.err kernel: [34682.708943] ksmbd: smb2_query_dir:3468: no right to enumerate directory (tftpboot)

I'm using this config (generated by init script):

[global]
	netbios name = router
	server string = OpenWrt
	workgroup = deluca
	interfaces = br-lan 
	bind interfaces only = yes
	ipc timeout = 20
	deadtime = 15
	map to guest = Bad User
	smb2 max read = 64K
	smb2 max write = 64K
	smb2 max trans = 64K
	cache read buffers = no
	cache trans buffers = no

######### Dynamic written config options #########

[dados]
	path = /mnt/usb-dados
	create mask = 666
	directory mask = 777
	read only = no
	guest ok = yes

[tftpboot]
	path = /mnt/usb-dados/tftpboot
	read only = yes
	guest ok = yes

It does not mention share dados (maybe '/' means it). Both paths are readable:

drwxr-xr-x   15 root     root          4096 Jan 12 18:15 /mnt/usb-dados
drwxr-xr-x    6 root     root          4096 Nov 23 03:08 /mnt/usb-dados/tftpboot/

[namjaejeon]

I sent a patch to you and list to fix this print([34652.212462] ksmbd: ksmbd_smb1_check_message:258: Invalid word count, 13 not -22. cmd 73)
I guess that your app fallback to smb2 connection from smb1 sess setup failure
.
And getting this error (ksmbd: smb2_query_dir:3468: no right to enumerate directory (/))
maybe, your app didn't set FILE_LIST_DIRECTORY_LE flags when opening directory.

As I remember, smb app in andorid didn't implement reliably smb2 yet. but not sure that it is improved now.
if still getting "no right to enumerate directory" message after patching, Could you please send tcpdump(or wireshark) to me about two case(ksmbd <=> your app, windows(or samba) <=> your app)
I guess that smb2 implementaion in your app violate specification. So want to compare other smb server behavior.

[luizluca]

I sent a patch to you and list to fix this print([34652.212462] ksmbd: ksmbd_smb1_check_message:258: Invalid word count, 13 not -22. cmd 73)
I guess that your app fallback to smb2 connection from smb1 sess setup failure

I applied the patch. No more "Invalid word count".

And getting this error (ksmbd: smb2_query_dir:3468: no right to enumerate directory (/))
maybe, your app didn't set FILE_LIST_DIRECTORY_LE flags when opening directory.

As I remember, smb app in andorid didn't implement reliably smb2 yet. but not sure that it is improved now.

I still get it.

if still getting "no right to enumerate directory" message after patching, Could you please send tcpdump(or wireshark) to me about two case(ksmbd <=> your app, windows(or samba) <=> your app)
I guess that smb2 implementaion in your app violate specification. So want to compare other smb server behavior.

android-apps.pcapng.gz

• 1-89: Filemanager (flashlight + Clock): list shares but fail to list share contents
• 90-214: AndSMB 1: fails both setting smb1 or smb2/3
• 215-354: X-plore: fails both setting smb1 or smb2/3
• 355-EOF: VLC: no issues :slight_smile:

linux.pcapng.gz

• 1-90: mount cifs without vers (it selected vers=3.1.1): it works
• 91-198: mount cifs with vers=2.0: it works
• 199-240: mount cifs with vers=1.0, using FQDN that translate to IPv6: cannot mount. Client dmesg:

[ 6083.155709] CIFS: Attempting to mount //router.lan3/dados
[ 6083.198361] CIFS VFS: SMB response too long (32811 bytes)
[ 6083.198432] CIFS VFS: Send error in SessSetup = -11
[ 6083.198461] CIFS VFS: cifs_mount failed w/return code = -2

• 241-EOF: mount cifs with vers=1.0, using IPv4 address: cannot mount. Client dmesg:

[ 6105.089815] CIFS: Attempting to mount //192.168.3.1/dados
[ 6105.197129] CIFS VFS: SMB response too long (32811 bytes)
[ 6105.197231] CIFS VFS: Send error in SessSetup = -11
[ 6105.197255] CIFS VFS: cifs_mount failed w/return code = -2

Nothing at server side dmesg, except for 'no right to enumerate directory' for some android apps.

Did you use smbtorture?

smbtorture --workgroup '' --user '' --no-pass //192.168.3.1/dados base raw smb2

Most of base and raw I get NT_STATUS_USER_SESSION_DELETED. Most of smb2 pass.

[namjaejeon]

Checking.

linux.pcapng.gz

It seems corrupted compression file ?

Most of base and raw I get NT_STATUS_USER_SESSION_DELETED. Most of smb2 pass.

Yep, I know, I don't have time to fix smb1 smbtorture failures. SMB1 is deprecated at windows 10. anyone don't recommend to use smb1 anymore. I don't want to invest my time for it which was already die. Although, I will maintain smb1 support as the current Because very few people want it. If there is a detail report like you, I will fix it. and If someone will fix smbtorture issues, welcome!

[namjaejeon]

1-89: Filemanager (flashlight + Clock): list shares but fail to list share contents

Is it related with endian issue ? or This app can browse contents list with samba or window10 ?
Could you send tcpdump while connecting between this app and samba(or windows 10) ?

90-214: AndSMB 1: fails both setting smb1 or smb2/3
215-354: X-plore: fails both setting smb1 or smb2/3

Two apps send invalid signed message to ksmbd. This app work fine with le machine ? or be samba or windows...

[luizluca]

Is it related with endian issue ? or This app can browse contents list with samba or window10 ?
Could you send tcpdump while connecting between this app and samba(or windows 10) ?

I installed samba36 and I'm using a quite similar config:

[global]
        netbios name = router 
        display charset = UTF-8
        interfaces = lo br-lan 
        server string = OpenWrt
        unix charset = UTF-8
        workgroup = deluca
        bind interfaces only = yes
        deadtime = 30
        enable core files = no
        invalid users = root
        local master = no
        map to guest = Bad User
        max protocol = SMB2
        min receivefile size = 16384
        null passwords = yes
        passdb backend = smbpasswd
        security = user
        smb passwd file = /etc/samba/smbpasswd
        use sendfile = yes

[dados]
        path = /mnt/usb-dados
        read only = no
        guest ok = yes
        create mask = 666
        directory mask = 777

[tftpboot]
        path = /mnt/usb-dados/tftpboot
        read only = yes
        guest ok = yes

android-samba.pcapng.gz

• 1-208: Filemanager (flashlight + Clock): no issues
• 208-303: AndSMB: no issues with smb1 (208-260) but permission denied for smb2/3 (261-303)
• 304-624: X-plore: no issues with smb1 (304-510) or smb2 (511-624)
• 624-EOF: VLC: still no issues :slight_smile:

Two apps send invalid signed message to ksmbd. This app work fine with le machine ? or be samba or windows...

Now with ksmbd with mips little endian:

android-ksmbd-le.pcapng.gz

• 1-65: Filemanager (flashlight + Clock): no issues
• 66-161: AndSMB: no issues with smb1 but permission denied for smb2/3
• 162-303: X-plore: no issues with smb1 or smb2
• VLC: not tested. It always worked.

Yes, it is still an endian issue. If you do not have a big endian machine to test, you can run a VM. My owrt script makes it quite simple.

[namjaejeon]

1-89: Filemanager (flashlight + Clock): list shares but fail to list share contents

Still checking, don't know where is difference yet.

90-214: AndSMB 1: fails both setting smb1 or smb2/3
215-354: X-plore: fails both setting smb1 or smb2/3

I sent 3 patches to you and list. As I pointed out, smb2 in Android apps could not connected with samba and le ksmbd. You shoud not think it is connect with smb2/3. when I see patcket, smb2.1 connection failed and fallback to smb1. So it is not smb2 connection.

[luizluca]

I sent 3 patches to you and list. As I pointed out, smb2 in Android apps could not connected with samba and le ksmbd. You shoud not think it is connect with smb2/3. when I see patcket, smb2.1 connection failed and fallback to smb1. So it is not smb2 connection.

I applied those three patches but I did not see an improvement. All apps still fails (and now VLC is also broken). There is now some kernel logs:

[168213.607946] ksmbd: ksmbd_smb1_check_message:279: cli req too short, len 146 not 88. cmd:75
[168285.818909] ksmbd: smb_trans2:7159: sub command 0x100 not implemented yet
[168287.243545] ksmbd: smb_trans2:7159: sub command 0x100 not implemented yet
[168294.302439] ksmbd: smb_trans2:7159: sub command 0x100 not implemented yet
[168296.178850] ksmbd: smb_trans2:7159: sub command 0x100 not implemented yet
[168296.840723] ksmbd: smb_trans2:7159: sub command 0x100 not implemented yet
[168297.136835] ksmbd: smb_trans2:7159: sub command 0x100 not implemented yet
[168319.603556] ksmbd: smb_trans2:7159: sub command 0x100 not implemented yet
[168340.574095] ksmbd: smb_trans2:7159: sub command 0x100 not implemented yet
[168349.194313] ksmbd: smb_trans2:7159: sub command 0x100 not implemented yet

VLC broke after applying this one:

• [PATCH 1/3] ksmbd: fix endian issue in smb_check_user_session

Filemanager and AndSMB fails with:

• Server Service, NetShareEnumAll

ksmbd answered with a very large response. It included the answer (I can see share names inside the payload) but after that there is a large chunk of zero data. The client closed after receiving about 27 kbytes (It didn't look like the server would stop). I would check the answer size for wrong endian.

Update: in fact, most ksmbd answer includes a large chunck of zeros at the end.

AndSMB SMBv2 looks simply broken (client bug).

All other apps seems to fail here (including VLC):

Trans2 Request, FIND_FIRST2, Pattern: \*
Trans2 Response, FIND_FIRST2, Error: STATUS_NOT_SUPPORTED

[luizluca]

[168294.302439] ksmbd: smb_trans2:7159: sub command 0x100 not implemented yet

I checked that FIND_FIRST2 is actually subcommand 0x1. So 0x100 is another endiness problem.

This might fix the issue:

diff -u cifsd-3.1.3.orig/smb1pdu.c cifsd-3.1.3/smb1pdu.c
--- cifsd-3.1.3.orig/smb1pdu.c  2020-02-01 00:33:11.000000000 -0300
+++ cifsd-3.1.3/smb1pdu.c       2020-02-16 10:53:48.481368005 -0300
@@ -7111,7 +7111,7 @@
        struct smb_com_trans2_req *req = REQUEST_BUF(work);
        struct smb_hdr *rsp_hdr = RESPONSE_BUF(work);
        int err = 0;
-       u16 sub_command = req->SubCommand;
+       u16 sub_command = le16_to_cpu(req->SubCommand);
 
        /* at least one setup word for TRANS2 command
         *              MS-CIFS, SMB COM TRANSACTION

However, now I get either:

• Trans2 Response, FIND_FIRST2, Error: STATUS_NO_MEMORY
• Trans2 Response, FIND_FIRST2, Error: STATUS_NO_SUCH_FILE (although no share is empty)

It might be related to the fact I was getting chunks of zeros at the end of ksmbd answers.

[luizluca]

BTW, I'm still using this patch (not sent to ML):

diff --git a/smb1pdu.c b/smb1pdu.c
index 2d07a60..fdb66cd 100644
--- a/smb1pdu.c
+++ b/smb1pdu.c
@@ -1089,7 +1089,7 @@ static int build_sess_rsp_extsec(struct ksmbd_session *sess,
                                goto out_err;
                        }

-                       rsp->SecurityBlobLength = neg_blob_len;
+                       rsp->SecurityBlobLength = cpu_to_le16(neg_blob_len);
                }

                rsp->hdr.Status.CifsError = STATUS_MORE_PROCESSING_REQUIRED;
@@ -1112,8 +1112,8 @@ static int build_sess_rsp_extsec(struct ksmbd_session *sess,
                                                req->SecurityBlob;

                username = smb_strndup_from_utf16((const char *)authblob +
-                               authblob->UserName.BufferOffset,
-                               authblob->UserName.Length, true,
+                               le32_to_cpu(authblob->UserName.BufferOffset),
+                               le16_to_cpu(authblob->UserName.Length), true,
                                conn->local_nls);

                if (IS_ERR(username)) {
@@ -1133,7 +1133,7 @@ static int build_sess_rsp_extsec(struct ksmbd_session *sess,
                }

                if (user_guest(sess->user)) {
-                       rsp->Action = GUEST_LOGIN;
+                       rsp->Action = cpu_to_le16(GUEST_LOGIN);
                        goto no_password_check;
                }

@@ -1159,7 +1159,7 @@ no_password_check:
                        rsp->SecurityBlobLength =
                                cpu_to_le16(spnego_blob_len);
                        kfree(spnego_blob);
-                       inc_rfc1001_len(rsp, rsp->SecurityBlobLength);
+                       inc_rfc1001_len(rsp, spnego_blob_len);
                        rsp->ByteCount = rsp->SecurityBlobLength;
                }
        } else {
-- 
2.17.1

[namjaejeon]

BTW, I'm still using this patch (not sent to ML):

This patch is in ksmbd-next branch.

[namjaejeon]

VLC broke after applying this one:
[PATCH 1/3] ksmbd: fix endian issue in smb_check_user_session

Hm... this patch is correct. So other apps doesn't face USER_SESSION_DELETE error anymore.
If you provide wireshark dump, I will check it.

Filemanager and AndSMB fails with:
Server Service, NetShareEnumAll

I did totally fix endian issues in smb1 protocol. not sure if there are any missing points..
Please check ksmbd-next branch => https://github.com/cifsd-team/cifsd/commits/ksmbd-next

Thanks!

[namjaejeon]

Add one more patch in ksmbd-next now!

[luizluca]

@nakarotori , I guess it is better to deal with this issue cifsd-team/ksmbd#334

[Neustradamus]

@Andy2244, @neheb, @namjaejeon: I am lost.
Time to rename a new time in OpenWrt?

• ksmbd to cifsd?

= cifsd -> smbd -> ksmbd -> cifsd

[namjaejeon]

ksmbd == cifsd. cifsd is directory name and project name. and ksmbd is thread(task) and ko's name.
https://git.samba.org/?p=sfrench/cifsd.git;a=commit;h=57a9c34a861a6defd7c7b06ccbcc6ec7a28f38ac

[Neustradamus]

@namjaejeon: You have not changed the name of the project and the soft recently?
Like you know, I follow the project since a long time: cifsd -> smbd -> ksmbd -> cifsd.

And any news to move the repositories:

• cifsd-team/cifsd -> cifsd-team/cifsd-old
• namjaejeon/cifsd -> cifsd-team/cifsd
• ...

The goal is to have the perfect code in cifsd-team.

For example, Microsoft has not main projects in user accounts.