Autofs parameter substitution broken in kernel 4.4.0-38 and 4.4.0-40

You can easily check this bug by:

1 setting logging in autofs.conf to 'debug'
2 create a simple autofs map:

   /etc/auto.master:
/mnt/test auto.test

   /etc/auto.test:
root -fstype=autofs,uid=$UID,gid=$GID :/dev/sda1

3 look at journalctl -xfe --unit autofs output while with a non-root user trying to navigate to /mnt/test/root. Especially the log lines with parse_mount: parse(sun).

apport information

apport information

apport information

apport information

apport information

apport information

apport information

apport information

apport information

apport information

This change was made by a bot.

Thanks Chris. I see what the problem is, so I'll look into a fix.

@Chris - please give the kernel below a try, I think it will fix your issue. Let me know your results. Thanks!

http://people.canonical.com/~sforshee/lp1629204/

@Seth - thanks for the quick build. Keep up the good work. Seems like a simple enough patch though =D.

After testing it I can confirm the patch works! Autofs parameters are once again correctly substituted in kernel version 4.4.0-40 (60).

Cheers,

Chris

This bug was fixed in the package linux - 4.8.0-21.23

---------------
linux (4.8.0-21.23) yakkety; urgency=low

  [ Tim Gardner ]

  * Release Tracking Bug
    - LP: #1630279

  * powerpc 4.8.0-17 fails to boot on PowerMac G5 (LP: #1628968)
    - Revert "Revert "powerpc: Simplify module TOC handling""

  * Regression tests can not detect binfmt_elf mmpa semantic change
    (LP: #1630069)
    - SAUCE: apparmor: add flag to detect semantic change, to binfmt_elf mmap

  * Autofs parameter substitution broken in kernel 4.4.0-38 and 4.4.0-40
    (LP: #1629204)
    - SAUCE: (namespace) autofs4: Use real_cred for requestor's ids

 -- Tim Gardner <email address hidden> Tue, 04 Oct 2016 08:01:21 -0600

I can confirm that the 0001-autofs4-Use-real_cred-for-uid-gid-in-packets.patch fixes the problem.

I have tried the kernel located here:
http://people.canonical.com/~sforshee/lp1629204/

And I have also applied the patch an top of the 4.4.0-38 kernel (commit be687e48ba9778ab2f28513bd50e1b274ba31f68) this fixes the problem there as well.

Please release a fixed kernel for xenial asap!

Thanks to everyone involved.

Regards
Robert.

Just a note: 4.4.0-41.61 from xenial-proposed is still broken.

I am very disappointed that another broken "stable" kernel (4.4.0-42.62) was just released for xenial, even though this problem and the fix have been known for about a week!

Why?

What can I do to speed up the progress?

I really need a working kernel on xenial! Or do I have to build it myself and roll it out to our systems?

Thanks,
Robert.

On Tue, Oct 11, 2016 at 01:14:53PM -0000, Robert Euhus wrote:
> I am very disappointed that another broken "stable" kernel (4.4.0-42.62)
> was just released for xenial, even though this problem and the fix have
> been known for about a week!
>
> Why?
>
> What can I do to speed up the progress?
>
> I really need a working kernel on xenial! Or do I have to build it
> myself and roll it out to our systems?

There will be a new kernel in -proposed in the next day or two which
will include the fix.

I really don't understand what's going on here. It's been another 6 days now. There has been another (broken) kernel update for xenial (4.4.0-43) which did not include this fix, and which also did not go through -proposed. Instead xenial-proposed is still at at 4.4.0-41, which is broken as well.

Two "stable" kernel updates with a known regression and a simple fix.

How is this possible?

And how does this fit with xenial being an LTS-Release?

This really ain't funny any more!

For now I have build the packages with the fix applied for amd64 and I'll try to keep up with new broken kernels. In case anybody else needs them:

sudo apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 89C9B5AE
sudo apt-add-repository -u 'http://ubuntu.repo.uni-hannover.de/ubuntu xenial pub'
Or get the key from here: http://ubuntu.repo.uni-hannover.de/ubuntu/luh-deb-repo.gpg.key

Regards, Robert

Unfortunately there was a delay getting new kernels out to -proposed, but 4.4.0-44.64 has been built in the canonical-kernel-team PPA and does have the fix. This kernel should be migrated to -proposed soon, but you can download it directly from the PPA too (I don't recommend subscribing to that PPA however).

https://launchpad.net/~canonical-kernel-team/+archive/ubuntu/ppa/+packages

This bug is awaiting verification that the kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-xenial' to 'verification-done-xenial'.

If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you!

The kernel in -proposed is working.

The -proposed kernel works for me and fixes the problem.

Thanks!
Robert

Are you serious? You release a new kernel 4.4.0-45 without the fixes in 4.4.0-44 sitting in -proposed? What do you think -proposed is meant for? Systems using -proposed to avoid this bug now happily boot the new kernel facing this bug again.

Could you please get your stuff together and stop breaking installations?! Why do you think people are using LTS releases?

This is unbelieveable:

- Ubuntu Xenial is shipping new broken kernels with a known REGRESSION !

- For more than two weeks a fix is known and "InProgress" (whatever this means). That does however not prevent new broken kernels from being released (4.4.0-42 and 4.4.0-43).

- Moreover all of these broken kernels have never gone through -proposed. Isn't this what -proposed is supposed to be for?!?

- For about a day a fixed and approved kernel (4.4.0-44) has finally made it to -proposed. But this again does not prevent another broken kernel (4.4.0-45) to be released directly, without going through -proposed.

- And to top it all, the git repo does not seem to be up to date.
git://kernel.ubuntu.com/ubuntu/ubuntu-xenial.git

I am really pissed!

Robert

The recent update was outside of the normal SRU release cycle to fix a serious security issue and contained only the security fix. There is a new -proposed kernel (4.4.0-46.67) which contains the fix for this bug, and barring any other unforeseen circumstances it will be released according to the original SRU schedule, on Oct 31.

An update on comment #30 - the security update has put testing/verification behind schdule, so the release date for the -proposed kernel has been pushed back a week to Nov 7. Apologies for the inconvenience.

This bug was fixed in the package linux - 4.4.0-47.68

---------------
linux (4.4.0-47.68) xenial; urgency=low

  [ Kamal Mostafa ]

  * Release Tracking Bug
    - LP: #1636941

  * Add a driver for Amazon Elastic Network Adapters (ENA) (LP: #1635721)
    - lib/bitmap.c: conversion routines to/from u32 array
    - net: ethtool: add new ETHTOOL_xLINKSETTINGS API
    - net: ena: Add a driver for Amazon Elastic Network Adapters (ENA)
    - [config] enable CONFIG_ENA_ETHERNET=m (Amazon ENA driver)

  * unexpectedly large memory usage of mounted snaps (LP: #1636847)
    - [Config] switch squashfs to single threaded decode

 -- Kamal Mostafa <email address hidden> Wed, 26 Oct 2016 10:47:55 -0700

I can confirm that using 4.4.0-47.68 version has resolved the autofs problem.

Cheers, Chris

Agreed.

Gerald
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Gerald Lovel | 901.276.1004
<email address hidden> | AAltSys.com
AAltSys Technology Center
<http://maps.google.com/maps?f=q&source=s_q&hl=en&geocode=&q=aaltsys&aq=&sll=37.0625,-95.677068&sspn=52.947994,100.898438&ie=UTF8&hq=aaltsys&hnear=&z=13&iwloc=A&cid=7533665924136652323>

On Mon, Nov 14, 2016 at 5:09 AM, Chris van Run <email address hidden>
wrote:

> I can confirm that using 4.4.0-47.68 version has resolved the autofs
> problem.
>
> Cheers, Chris
>
> --
> You received this bug notification because you are subscribed to a
> duplicate bug report (1628586).
> https://bugs.launchpad.net/bugs/1629204
>
> Title:
> Autofs parameter substitution broken in kernel 4.4.0-38 and 4.4.0-40
>
> Status in linux package in Ubuntu:
> Fix Released
> Status in linux source package in Xenial:
> Fix Released
> Status in linux source package in Yakkety:
> Fix Released
>
> Bug description:
> SRU Justification
>
> Impact: ca6fe3344554 "fs: Call d_automount with the filesystems creds"
> causes a regression in the requester uid and gid passed to userspace
> during automount, as the current credentials during automount are
> those of root and not the user who requested the mount.
>
> Fix: Use current->real_cred instead of current->cred for getting the
> requester's uid and gid.
>
> Regression Potential: Minimal. current->cred and current->real_cred
> are the same except when credentials are overridden, thus
> current->real_cred contains the same credentials that autofs had been
> using prior to the change which overrides the credentials during
> automount.
>
> ---
>
> Hello,
>
> I have run into a bug relating autofs's parameter substitution (e.g.
> UID, GID, etc) with kernel versions 4.4.0-38 and proposed 4.4.0-40.
> Kernel version 4.4.0-28 does things correctly but testing intermediate
> kernel versions is hard due to earlier bugs related with fs's.
> Incorrect parameter substitution makes CIFS mounting with variable
> credentials impossible.
>
> Wat was expected:
> $UID in autofs map are substituted by the uid of the user that starts
> the auto-mounting process.
>
> What actually happens:
> Root's uid (0) is substituted instead.
>
> This ill parameter substitution likely caused by recent fixes
> resolving permissions problems for nfs/cifs mounts and dfs referrals
> (#1626112 and #1612135). And possibly the fix 'fs: Call d_automount
> with the filesystems creds' but that is a wild guess.
>
> Furthermore; playing with the force_standard_program_map_env settings
> in autofs.conf and prefixing variables with 'AUTOFS_' does not solve
> anything.
>
> Yours kindly,
>
> Chris
>
> ---- Additional info ----
>
> lsb_release -rd
> Description: Ubuntu 16.04.1 LTS
> Release: 16.04
> ---
> ApportVersion: 2.20.1-0ubuntu2.1
> Architecture: amd64
> AudioDevicesInUse:
> USER PID ACCESS COMMAND
> /dev/snd/controlC0: run00001 3015 F.... pulseaudio
> DistroRelease: Ubuntu 16.04
> HibernationDevice: RESUME=UUID=f2a2c5c4-2f41-482a-80b4-968a87131214
> InstallationDate: Installed on 2016-09-19 (10 days ago)
> I...