Regression caused by `fuse: Add support for pid namespaces` in 4.4.0-6.21

Bug #1605344 reported by Sheng Yang
This bug affects 1 person
Affects Status Importance Assigned to Milestone
linux (Ubuntu)
Seth Forshee

Bug Description

SRU Justification

Impact: The pid namespace support in fuse refuses requests from any process whose pid does not map into the pid namespace of the fuse userspace process. This has caused a regression for at least one user.

Fix: Permit requests from processes whose pid does not map. Fill in the pid value in the fuse request with 0.

Regression potential: A fuse filesystem not prepared to handle a pid of 0 in fuse requests might have problems. However such a filesystem would also receive pid values which aren't valid for its namespace when used across pid namespaces in this manner with upstream kernels, so this isn't a major concern.


The discussion starts at

Commit in the tree is:

commit a166e6726c6e12e28ac8489ff4e2faff7065a856
Author: Seth Forshee <email address hidden>
Date: Wed Jul 2 16:29:19 2014 -0500

    UBUNTU: SAUCE: fuse: Add support for pid namespaces

Description of the issue(copied from my report of lkml):

This patch caused a regression in our major container use case with
FUSE in Ubuntu 16.04, as patch was checked in as Ubuntu Sauce in
Ubuntu 4.4.0-6.21 kernel.

The use case is:
1. Create a Docker container.
2. Inside the container, start the FUSE backend, and mounted fs.
3. Following step 2 in the container, create a loopback device to map
a file in the mounted fuse to create a block device, which will be
available to the whole system.

It works well before this commit.

The use case is broken because no matter which namespace losetup runs,
the real request from loopback device seems always come from init ns,
thus it will be in different ns running fuse backend. So the request
will got denied, because the ns running fuse won't able to see the
things from higher level(level 0 in fact) pid namespace.
ApportVersion: 2.14.1-0ubuntu3.21
Architecture: amd64
DistroRelease: Ubuntu 14.04
Package: linux (not installed)
 PATH=(custom, no user)

Tags: trusty
Uname: Linux 4.4.6 x86_64
UnreportableReason: The running kernel is not an Ubuntu kernel
UpgradeStatus: No upgrade log present (probably fresh install)

_MarkForUpload: True

Revision history for this message
Brad Figg (brad-figg) wrote : Missing required logs.

This bug is missing log files that will aid in diagnosing the problem. From a terminal window please run:

apport-collect 1605344

and then change the status of the bug to 'Confirmed'.

If, due to the nature of the issue you have encountered, you are unable to run this command, please add a comment stating that fact and change the bug status to 'Confirmed'.

This change has been made by an automated script, maintained by the Ubuntu Kernel Team.

Changed in linux (Ubuntu):
status: New → Incomplete
Sheng Yang (yasker)
tags: added: apport-collected trusty
description: updated
tags: added: xenial
removed: apport-collected trusty
Revision history for this message
Sheng Yang (yasker) wrote :

Hi Brad,

I am running self-compiled Ubuntu 16.04 kernel in 14.04 because I need to bisect the problematic commit. And I opened this bug per Seth's request. He also said he want bug assigned to him.

Do I need to get a new Ubuntu 16.04 environment for reporting this bug?

Changed in linux (Ubuntu):
importance: Undecided → Medium
status: Incomplete → Triaged
Seth Forshee (sforshee)
Changed in linux (Ubuntu Xenial):
status: New → In Progress
importance: Undecided → High
assignee: nobody → Seth Forshee (sforshee)
Revision history for this message
Seth Forshee (sforshee) wrote :

Please test the build at the link below and let me know if it fixes the issue. Thanks!

Revision history for this message
Sheng Yang (yasker) wrote :

Works great for me, thank you Seth!

Revision history for this message
Seth Forshee (sforshee) wrote :
Seth Forshee (sforshee)
description: updated
tags: added: patch
Changed in linux (Ubuntu Xenial):
status: In Progress → Fix Committed
Andy Whitcroft (apw)
Changed in linux (Ubuntu):
status: Triaged → Fix Committed
Revision history for this message
Stefan Bader (smb) wrote :

This bug is awaiting verification that the kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-xenial' to 'verification-done-xenial'.

If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.

See for documentation how to enable and use -proposed. Thank you!

tags: added: verification-needed-xenial
Revision history for this message
Sheng Yang (yasker) wrote :

Verified the fix for me on linux version 4.4.0-36-generic.

tags: added: verification-done-xenial
removed: verification-needed-xenial
Revision history for this message
Launchpad Janitor (janitor) wrote :
Download full text (13.4 KiB)

This bug was fixed in the package linux - 4.4.0-36.55

linux (4.4.0-36.55) xenial; urgency=low

  [ Stefan Bader ]

  * Release Tracking Bug
    - LP: #1612305

  * I2C touchpad does not work on AMD platform (LP: #1612006)
    - SAUCE: pinctrl/amd: Remove the default de-bounce time

  * CVE-2016-5696
    - tcp: make challenge acks less predictable

linux (4.4.0-35.54) xenial; urgency=low

  [ Stefan Bader ]

  * Release Tracking Bug
    - LP: #1611215

  * [i915_bpo] Sync with v4.7 (LP: #1609742)
    - SAUCE: i915_bpo: Sync with v4.7

  * s390/cio: fix reset of channel measurement block (LP: #1609415)
    - s390/cio: allow to reset channel measurement block

  * in Ubuntu16.10: Hit on Call traces and system goes down when transactional
    memory tests are running in 32TB Brazos system (LP: #1606786)
    - powerpc/tm: Avoid SLB faults in treclaim/trecheckpoint when RI=0
    - powerpc/tm: Fix stack pointer corruption in __tm_recheckpoint()

  * Power Menu does not display after press the Power Button (LP: #1609204)
    - intel-vbtn: new driver for Intel Virtual Button
    - [config] enable CONFIG_INTEL_VBTN=m

  * OptiPlex 7450 AIO hangs when rebooting (LP: #1608762)
    - x86/reboot: Add Dell Optiplex 7450 AIO reboot quirk

  * virtualbox+usb 3.0 breaks boot, -28 kernel works (LP: #1604058)
    - SAUCE: xhci: Fix soft lockup in xhci_pci_probe path when XHCI_STATE_HALTED

  * linux-kernel: Freeing IRQ from IRQ context (LP: #1597908)
    - block: defer timeouts to a workqueue

  * Tunnel offload indications not stripped from encapsulated packets, causing
    performance overhead (LP: #1602755)
    - tunnels: Remove encapsulation offloads on decap.

  * lm-sensors is throwing "ERROR: Can't get value of subfeature temp1_input:
    I/O error" for be2net driver (LP: #1607387)
    - be2net: perform temperature query in adapter regardless of its interface

  * Dell dock MAC Address pass through doesn't work in Ubuntu (LP: #1579984)
    - r8152: Add support for setting pass through MAC address on RTL8153-AD

  * vmxnet3 LRO IPv6 performance issues (stalling TCP) (LP: #1605494)
    - Driver: Vmxnet3: set CHECKSUM_UNNECESSARY for IPv6 packets

  * ISST-LTE:pVM:monklp5:Ubuntu16.04.1:system crashed at
    lpfc_sli4_scmd_to_wqidx_distr (LP: #1597974)
    - SAUCE: lpfc: fix oops in lpfc_sli4_scmd_to_wqidx_distr() from

  * Backport cxlflash shutdown patch to Xenial SRU (LP: #1605405)
    - SAUCE: cxlflash: Verify problem state area is mapped before notifying

  * Xenial update to v4.4.16 stable release (LP: #1607404)
    - mac80211: fix fast_tx header alignment
    - mac80211: mesh: flush mesh paths unconditionally
    - mac80211_hwsim: Add missing check for HWSIM_ATTR_SIGNAL
    - mac80211: Fix mesh estab_plinks counting in STA removal case
    - EDAC, sb_edac: Fix rank lookup on Broadwell
    - IB/cm: Fix a recently introduced locking bug
    - IB/mlx4: Properly initialize GRH TClass and FlowLabel in AHs
    - powerpc/pseries: Fix IBM_ARCH_VEC_NRCORES_OFFSET since POWER8NVL was added
    - powerpc/tm: Always reclaim in start_thread() for exec() class syscalls
    - usb: dwc2: fix reg...

Changed in linux (Ubuntu Xenial):
status: Fix Committed → Fix Released
Po-Hsu Lin (cypressyew)
Changed in linux (Ubuntu):
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers