aufs shipped with Ubuntu does not properly handle aufs does not properly support dlopen() + unlink()

Bug #1243591 reported by Wojciech Kocjan
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
linux (Ubuntu)
Medium
Unassigned
Saucy
Undecided
Unassigned
Trusty
Medium
Unassigned

Bug Description

I have found aufs not supporting application performing the following steps in order to download a .so embedded in the binary. The code does:

1/ open() a temp file, write() contents of .so to the file and close() it
2/ perform dlopen() on the file and dlsym() to find one or more symbols
3/ perform unlink() to remove it, while keeping handle from dlopen() open - NOT calling dlclose() - since the code calls APIs from the temp .so
4/ this library works, but subsequent calls fail

The issue applies to Ubuntu 12.04, 13.04 and 13.10 from the ones that I have checked. I can provide the additional Linux kernel details, however, as it is not specific to Linux version, but issue is not applying one of the patches from aufs and quite a long investigation has already been made, I hope it is not needed.

After checking with aufs author, it seems the problem is caused by Ubuntu build process not applying aufs3-proc_map.patch:

"Ubuntu doesn't apply aufs3-proc_map.patch, but I always apply it (and
enable CONFIG_AUFS_PROC_MAP).
I have to confess that I didn't test aufs _without_
aufs3-proc_map.patch. With the patch, aufs works correctly. That is the
reason I could not reproduce the problem on my test machine.
Now your test program succeeds on my ubuntu machine with appllying
aufs3-proc_map.patch.

The purpose of aufs3-proc_map.patch is to change only the shown path in
/proc/PID/maps. So this is a problem of aufs definitly. I will try
fixing this bug as soon as possible, but I am going to be busy and it
may take some time. So the first and simplest solution for you is to ask
ubuntu people to apply aufs3-proc_map.patch, if they don't have any
objection."

Would it be possible to apply the patch in Ubuntu? Since this is the most common way to build it and this is what the aufs author does, it should be safest to also apply it. Without it it seems that lifetime of file object is not correct and it causes inode numbers to be reused, like in this case.

Original bug report against aufs:
http://sourceforge.net/p/aufs/bugs/19/

Discussion related to the bug report:
http://sourceforge.net/mailarchive/forum.php?thread_name=11413.1382101611%40jrobl&forum_name=aufs-users

The bug report also includes sample code to reproduce the problem - the /tmp has to be mounted as aufs to reproduce it.
---
Architecture: i386
DistroRelease: Ubuntu 13.04
MarkForUpload: True
Package: linux (not installed)
ProcEnviron:
 TERM=linux
 PATH=(custom, no user)
 LANG=en_US.UTF-8
 SHELL=/bin/bash
Uname: Linux 3.8.0-31-generic i686
UserGroups:

Revision history for this message
Brad Figg (brad-figg) wrote : Missing required logs.

This bug is missing log files that will aid in diagnosing the problem. From a terminal window please run:

apport-collect 1243591

and then change the status of the bug to 'Confirmed'.

If, due to the nature of the issue you have encountered, you are unable to run this command, please add a comment stating that fact and change the bug status to 'Confirmed'.

This change has been made by an automated script, maintained by the Ubuntu Kernel Team.

Changed in linux (Ubuntu):
status: New → Incomplete
Revision history for this message
Wojciech Kocjan (wojciech-kocjan) wrote : HookError_cloud_archive.txt

apport information

tags: added: apport-collected
description: updated
Revision history for this message
Wojciech Kocjan (wojciech-kocjan) wrote : HookError_generic.txt

apport information

Revision history for this message
Wojciech Kocjan (wojciech-kocjan) wrote : HookError_source_linux.txt

apport information

Revision history for this message
Wojciech Kocjan (wojciech-kocjan) wrote : HookError_ubuntu.txt

apport information

Changed in linux (Ubuntu):
status: Incomplete → Confirmed
Revision history for this message
Joseph Salisbury (jsalisbury) wrote :

It might be best to send the aufs3-proc_map.patch to the Ubuntu kernel team mailing list, so it can be reviewed. In the mail, reference this bug report.

The mainline list can be reached at the address:
<email address hidden>

tags: added: kernel-da-key precise raring saucy
Changed in linux (Ubuntu):
importance: Undecided → Medium
Revision history for this message
Andy Whitcroft (apw) wrote :

For v3.13 aufs3-proc_map.patch has been merged into aufs3-mmap.patch which is applied there. Closing for trusty.

Changed in linux (Ubuntu Saucy):
status: New → Confirmed
Changed in linux (Ubuntu Trusty):
status: Confirmed → Fix Released
Revision history for this message
Joseph Salisbury (jsalisbury) wrote : Closing unsupported series nomination.

This bug was nominated against a series that is no longer supported, ie saucy. The bug task representing the saucy nomination is being closed as Won't Fix.

This change has been made by an automated script, maintained by the Ubuntu Kernel Team.

Changed in linux (Ubuntu Saucy):
status: Confirmed → Won't Fix
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers