CentOS7系のkernelアップデートについて
ネットアシスト技術部 shと申します。
先日、CentOS7系のkernelアップデートを行い、反映の為、サーバ再起動を実施した所、バックアップの為に利用していたwindowsサーバへのmountが外れており、再mountも出来ない状況に陥りました。
調査を行っているとメッセージログに下記内容が出力されていました。
kernel: No dialect specified on mount. Default has changed to a more secure dialect, SMB2.1 or later (e.g. SMB3), from CIFS (SMB1). To use the less secure SMB1 dialect to access old servers which do not support SMB3 (or SMB2.1) specify vers=1.0 on mount.
アップデートを行ったkernelのchangelogを確認するとcifs関連の内容が記載されている。
271:- [fs] cifs: Fix stack out-of-bounds in smb(2, 3)_create_lease_buf() (Leif Sahlberg) [1598755]
272:- [fs] cifs: store the leaseKey in the fid on SMB2_open (Leif Sahlberg) [1598755]
469:- [fs] cifs: Fix slab-out-of-bounds in send_set_info() on SMB2 ACE setting (Leif Sahlberg) [1598765]
2687:- [acpi] nfit: Add function to look up nvdimm device and provide SMBIOS handle (Aristeu Rozanski) [1588177]
4659:- [fs] cifs: avoid a kmalloc in smb2_send_recv/SendReceive2 for the common case (Leif Sahlberg) [1582973]
4660:- [fs] cifs: remove small_smb2_init (Leif Sahlberg) [1582973]
4661:- [fs] cifs: remove rfc1002 header from smb2_lease_ack (Leif Sahlberg) [1582973]
4662:- [fs] cifs: remove unused variable from SMB2_read (Leif Sahlberg) [1582973]
4663:- [fs] cifs: remove rfc1002 header from smb2_oplock_break we get from server (Leif Sahlberg) [1582973]
4664:- [fs] cifs: remove rfc1002 header from smb2_query_info_req (Leif Sahlberg) [1582973]
4665:- [fs] cifs: remove rfc1002 header from smb2_query_directory_req (Leif Sahlberg) [1582973]
4666:- [fs] cifs: remove rfc1002 header from smb2_set_info_req (Leif Sahlberg) [1582973]
4667:- [fs] cifs: remove rfc1002 header from smb2 read/write requests (Leif Sahlberg) [1582973]
4668:- [fs] cifs: remove rfc1002 header from smb2_lock_req (Leif Sahlberg) [1582973]
4669:- [fs] cifs: remove rfc1002 header from smb2_flush_req (Leif Sahlberg) [1582973]
4670:- [fs] cifs: remove rfc1002 header from smb2_create_req (Leif Sahlberg) [1582973]
4671:- [fs] cifs: remove rfc1002 header from smb2_sess_setup_req (Leif Sahlberg) [1582973]
4672:- [fs] cifs: remove rfc1002 header from smb2_tree_connect_req (Leif Sahlberg) [1582973]
4673:- [fs] cifs: remove rfc1002 header from smb2_echo_req (Leif Sahlberg) [1582973]
4674:- [fs] cifs: remove rfc1002 header from smb2_ioctl_req (Leif Sahlberg) [1582973]
4675:- [fs] cifs: remove rfc1002 header from smb2_close_req (Leif Sahlberg) [1582973]
4676:- [fs] cifs: remove rfc1002 header from smb2_tree_disconnect_req (Leif Sahlberg) [1582973]
4677:- [fs] cifs: remove rfc1002 header from smb2_logoff_req (Leif Sahlberg) [1582973]
4678:- [fs] cifs: remove rfc1002 header from smb2_negotiate_req (Leif Sahlberg) [1582973]
4679:- [fs] cifs: Add smb2_send_recv (Leif Sahlberg) [1582973]
6956:- [fs] cifs: do not allow creating sockets except with SMB1 posix exensions (Leif Sahlberg) [1453123]
6971:- [fs] SMB3: Validate negotiate request must always be signed (Leif Sahlberg) [1578183]
6972:- [fs] SMB: fix validate negotiate info uninitialised memory use (Leif Sahlberg) [1578183]
6973:- [fs] SMB: fix leak of validate negotiate info response buffer (Leif Sahlberg) [1578183]
6974:- [fs] CIFS: Fix NULL pointer deref on SMB2_tcon() failure (Leif Sahlberg) [1578183]
6977:- [fs] CIFS: SMBD: Fix the definition for SMB2_CHANNEL_RDMA_V1_INVALIDATE (Leif Sahlberg) [1578183]
6978:- [fs] cifs: handle large EA requests more gracefully in smb2+ (Leif Sahlberg) [1578183]
6979:- [fs] SMB: Validate negotiate (to protect against downgrade) even if signing off (Leif Sahlberg) [1578183]
7098:- [watchdog] hpwdt: SMBIOS check (Joseph Szczypek) [1555073]
7903:- [nvme] nvme-pci: clean up SMBSZ bit definitions (David Milburn) [1515584]
8110:- [input] synaptics - add Lenovo 80 series ids to SMBus (Benjamin Tissoires) [1554926]
8131:- [input] synaptics - prevent top button pad from creating smbus device (Benjamin Tissoires) [1554926]
~略~
どうやらアップデート以降はSMB1を利用する場合は、「vers=1.0」を指定しないといけないと事。
マウントのオプションで指定する事で解決出来ましたが、いきなり使えなくなると戸惑いますね。
早くCPU関連の脆弱性が落ち着いて欲しいと切に願います。