SMB + SMB2: Accessing shares return an error after prolonged idle period

SMB + SMB2: Accessing shares return an error after prolonged idle period

EnvironmentRed Hat Enterprise Linux678SMBSMB2IssueAfter a period of inactivity, accessing a SMB v1 share returns Permission denied for a user, but not othersAfter a period of inactivity, accessing a SMB v2+ share returns Input/output error for a user, but not others.The following error may be returned in the logs: CIFS VFS: Unexpected lookup error -5Periodically accessing a share avoids the errors.Shares have to be unmounted and then remounted to regain access.ResolutionSMB v1RHEL 6The ability for the client to recover from this issue will not be improved in Red Hat Enterprise Linux 6. The maximum version supported by the client in Red Hat Enterprise Linux 6 is SMBv1. Please see Workaround section for options.RHEL7This issue has been resolved with the errata RHSA-2021:0336 for the package(s) kernel-3.10.0-1160.15.2.el7 or later.RHEL8This issue has been resolved with the errata RHSA-2021:1578 for the package(s) kernel-4.18.0-305.el8 or later.WorkaroundPeriodically access the SMB share to prevent the session from being closed.Extend the session length timer on the SMB server.Use SMB v2+SMB v2+RHEL 7.5This issue has been resolved with the errata RHSA-2018:3459 for the package(s) kernel-3.10.0-862.20.2.el7 or later.RHEL7This issue has been resolved with the errata RHSA-2018:3083 for the package(s) kernel-3.10.0-957.el7 or later.RHEL8RHEL8 is not impacted by this issueRoot CauseHistorically, RHEL SMB clients did not attempt to reconnect to a SMB server after receiving STATUS_USER_SESSION_DELETED.The below commit changes RHEL SMB client behavior for SMB v2+ and will force users to reconnect to a SMB server after receiving STATUS_USER_SESSION_DELETED instead of returning Input/output error when the share is accessed.Raw

From 5ed415cf8a380136312352b9073d71e49548f819 Mon Sep 17 00:00:00 2001From: Mark Syms Date: Thu, 24 May 2018 09:47:31 +0100Subject: [PATCH] CIFS: 511c54a2f69195b28afb9dd119f03787b1625bb4 adds a check for session expiry, status STATUS_NETWORK_SESSION_EXPIRED, however the server can also respond with STATUS_USER_SESSION_DELETED in cases where the session has been idle for some time and the server reaps the session to recover resources.Handle this additional status in the same way as SESSION_EXPIRED.Signed-off-by: Mark Syms --- fs/cifs/smb2ops.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-)diff --git a/fs/cifs/smb2ops.c b/fs/cifs/smb2ops.cindex 7c0edd2..33fa7fc 100644--- a/fs/cifs/smb2ops.c+++ b/fs/cifs/smb2ops.c@@ -1323,10 +1323,11 @@ static bool smb2_set_sparse(const unsigned int xid, struct cifs_tcon *tcon, { struct smb2_sync_hdr *shdr = get_sync_hdr(buf);- if (shdr->Status != STATUS_NETWORK_SESSION_EXPIRED)+ if (shdr->Status != STATUS_NETWORK_SESSION_EXPIRED &&+ shdr->Status != STATUS_USER_SESSION_DELETED) return false;- cifs_dbg(FYI, "Session expired/n");+ cifs_dbg(FYI, "Session expired or deleted/n"); return true; }

However, there is currently no transparent recovery for RHEL7 or RHEL8 as noted here. This means that the session will recover, but EAGAIN may be leaked to an application when requesting up-to-date inode information.Diagnostic StepsRecord client side network traffic when it is accessing the SMB share.

On an unpatched system, the client is unable to establish a new connection for SMB2.​

Raw

48 2019-06-14 10:00:31.798107 192.0.2.20 → 192.0.2.10 SMB2 174 Negotiate Protocol Request49 2019-06-14 10:00:31.798278 192.0.2.10 → 192.0.2.20 SMB2 291 Negotiate Protocol Response50 2019-06-14 10:00:31.798292 192.0.2.20 → 192.0.2.10 TCP 68 55455 → 445 [ACK] Seq=107 Ack=224 Win=30336 Len=0 TSval=676258257 TSecr=45696350051 2019-06-14 10:00:31.798319 192.0.2.20 → 192.0.2.10 SMB2 192 Session Setup Request, NTLMSSP_NEGOTIATE52 2019-06-14 10:00:31.798476 192.0.2.10 → 192.0.2.20 SMB2 386 Session Setup Response, Error: STATUS_MORE_PROCESSING_REQUIRED, NTLMSSP_CHALLENGE53 2019-06-14 10:00:31.798527 192.0.2.20 → 192.0.2.10 SMB2 484 Session Setup Request, NTLMSSP_AUTH, User: admin54 2019-06-14 10:00:31.798698 192.0.2.10 → 192.0.2.20 SMB2 144 Session Setup Response55 2019-06-14 10:00:31.798726 192.0.2.20 → 192.0.2.10 SMB2 232 Tree Connect Request Tree: //cifs_server/shared_data56 2019-06-14 10:00:31.798835 192.0.2.10 → 192.0.2.20 SMB2 145 Tree Connect Response, Error: STATUS_USER_SESSION_DELETED57 2019-06-14 10:00:31.798859 192.0.2.20 → 192.0.2.10 SMB2 140 Session Logoff Request58 2019-06-14 10:00:31.798980 192.0.2.10 → 192.0.2.20 SMB2 145 Session Logoff Response, Error: STATUS_USER_SESSION_DELETEDThe communication finishes with the error STATUS_USER_SESSION_DELETED``` which is described in the protocol as:RawSTATUS_USER_SESSION_DELETED - The user session specified by the client has been deleted on the server.A patched system shows that the SMB client creates a new session after receiving STATUS_USER_SESSION_DELETEDRaw```shell$ tshark -tad -n -r deleted_session.pcap -Y 'smb2 && frame.number in {836..898}' 836 2021-02-03 14:40:52.146720 192.0.2.159 → 192.0.2.132 SMB2 168 Find Request File: SMB2_FIND_ID_FULL_DIRECTORY_INFO Pattern: * 837 2021-02-03 14:40:52.147087 192.0.2.132 → 192.0.2.159 SMB2 143 Find Response, Error: STATUS_NO_MORE_FILES SMB2_FIND_ID_FULL_DIRECTORY_INFO Pattern: * 838 2021-02-03 14:40:52.149082 192.0.2.159 → 192.0.2.132 SMB2 158 Close Request File: 839 2021-02-03 14:40:52.149443 192.0.2.132 → 192.0.2.159 SMB2 194 Close Response 857 2021-02-03 14:41:08.910419 192.0.2.159 → 192.0.2.132 SMB2 198 Create Request File: 858 2021-02-03 14:41:08.911356 192.0.2.132 → 192.0.2.159 SMB2 143 Create Response, Error: STATUS_USER_SESSION_DELETED 865 2021-02-03 14:41:08.920313 192.0.2.159 → 192.0.2.132 SMB2 172 Negotiate Protocol Request 867 2021-02-03 14:41:08.923798 192.0.2.132 → 192.0.2.159 SMB2 318 Negotiate Protocol Response 872 2021-02-03 14:41:08.934015 192.0.2.159 → 192.0.2.132 SMB2 80 Session Setup Request 874 2021-02-03 14:41:08.936261 192.0.2.132 → 192.0.2.159 SMB2 164 Session Setup Response 875 2021-02-03 14:41:08.936333 192.0.2.159 → 192.0.2.132 SMB2 216 Tree Connect Request Tree: //win2k16-dfs1.example-/greendale 876 2021-02-03 14:41:08.936776 192.0.2.132 → 192.0.2.159 SMB2 150 Tree Connect Response 877 2021-02-03 14:41:08.938886 192.0.2.159 → 192.0.2.132 SMB2 206 Tree Connect Request Tree: //win2k16-dfs1.example-/IPC$ 878 2021-02-03 14:41:08.939305 192.0.2.132 → 192.0.2.159 SMB2 150 Tree Connect Response 880 2021-02-03 14:41:08.947958 192.0.2.159 → 192.0.2.132 SMB2 80 Session Setup Request 882 2021-02-03 14:41:08.949369 192.0.2.132 → 192.0.2.159 SMB2 164 Session Setup Response 883 2021-02-03 14:41:08.949424 192.0.2.159 → 192.0.2.132 SMB2 216 Tree Connect Request Tree: //win2k16-dfs1.example-/greendale 884 2021-02-03 14:41:08.949803 192.0.2.132 → 192.0.2.159 SMB2 150 Tree Connect Response 885 2021-02-03 14:41:08.950196 192.0.2.159 → 192.0.2.132 SMB2 206 Tree Connect Request Tree: //win2k16-dfs1.example-/IPC$ 886 2021-02-03 14:41:08.950651 192.0.2.132 → 192.0.2.159 SMB2 150 Tree Connect Response 895 2021-02-03 14:41:10.040311 192.0.2.159 → 192.0.2.132 SMB2 198 Create Request File: 896 2021-02-03 14:41:10.040949 192.0.2.132 → 192.0.2.159 SMB2 222 Create Response File: 898 2021-02-03 14:41:10.048646 192.0.2.159 → 192.0.2.132 SMB2 174 GetInfo Request FILE_INFO/SMB2_FILE_ALL_INFO File:

Linux

版权声明：本文内容由网络用户投稿，版权归原作者所有，本站不拥有其著作权，亦不承担相应法律责任。如果您发现本站中有涉嫌抄袭或描述失实的内容，请联系我们jiasou666@gmail.com 处理，核实后本网站将在24小时内删除侵权内容。