Bug 30783 - Failure in mounting cifs vers=1.0 since kernel 5.16
Summary: Failure in mounting cifs vers=1.0 since kernel 5.16
Status: RESOLVED WONTFIX
Alias: None
Product: Mageia
Classification: Unclassified
Component: Backports (show other bugs)
Version: 8
Hardware: x86_64 Linux
Priority: Normal normal
Target Milestone: ---
Assignee: Mageia Bug Squad
QA Contact:
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2022-08-29 16:53 CEST by Marcel Pol
Modified: 2022-08-29 20:41 CEST (History)
0 users

See Also:
Source RPM: kernel-5.18.15-1.mga8.src.rpm
CVE:
Status comment:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description Marcel Pol 2022-08-29 16:53:17 CEST 
Description of problem:
Mounting a cifs share with `vers=1.0` through fstab as root doesn't work since kernel 5.16. With kernel 5.17 and 5.18 it doesn't work either. Booting with kernel 5.10 up to 5.15 does work.
mount.cifs returns error -6.

Version-Release number of selected component (if applicable):
Broken:
- kernel-desktop-5.16.18-1.mga8-1-1.mga8
- kernel-desktop-5.17.4-2.mga8-1-1.mga8
- kernel-desktop-5.18.15-1.mga8-1-1.mga8
Working:
- kernel-desktop-5.10.78-1.mga8-1-1.mga8
- kernel-desktop-5.12.15-1.mga8-1-1.mga8
- kernel-desktop-5.13.14-1.mga8-1-1.mga8
- kernel-desktop-5.14.17-1.mga8-1-1.mga8
- kernel-desktop-5.15.58-2.mga8-1-1.mga8

How reproducible:
Always.

Steps to Reproduce:
1. Make sure to have a Samba server which only supports CIFS version 1.0 (yes, very old :) ). 
2. Add a line to /etc/fstab like:
   //192.168.0.11/volume_1 /mnt/worlddomination cifs noauto,vers=1.0 0 0
3. As root run the command: 
   mount /mnt/worlddomination

Changing the smb.conf to a min protocol doesn't help, since cifs is a kernel module that doesn't use smb.conf.
I checked if there is anything done with the `disable_legacy_dialects` in the cifs module, but that defaults to No. There are no patches that change this in the kernel config afaik. There is no option added to the module at load time. Loading cifs with this option explicitly to No doesn't fix the issue.
Comment 1 sturmvogel 2022-08-29 19:03:33 CEST 
Support for unsecure SMB1 got removed in all upstream kernels from 5.15 ongoing. This is an upstream decision:
https://bugzilla.kernel.org/show_bug.cgi?id=215375
Comment 2 sturmvogel 2022-08-29 19:07:57 CEST 
See also the notes at samba page which clearly states:

5.15 kernel:
Support for weaker authentication algorithms (NTLMv1 and LANMAN) removed.

https://wiki.samba.org/index.php/LinuxCIFSKernel
Comment 3 Marcel Pol 2022-08-29 19:44:56 CEST 
Ah, too bad.

It does work on 5.15 though, not on 5.16 :)
Comment 4 Thomas Backlund 2022-08-29 20:41:30 CEST 
(In reply to Marcel Pol from comment #3)
> Ah, too bad.
> 
> It does work on 5.15 though, not on 5.16 :)

That's because I reverted the removal in our 5.15 series kernels as I dont like regressions in a stable release.

but for the backport kernels I dont revert it as that comes with a maintenance overhead I'm not interested in ...

And anyway it will be gone in mga9 anyway, so people need to start coping with it anyway...

so you need to choose... 
stay with 5.15 to have the support or use 5.16+ for new features...

Resolution: (none) => WONTFIX
Status: NEW => RESOLVED
Note You need to log in before you can comment on or make changes to this bug.