2019-08-01 19:40:07 |
Seth Forshee |
description |
I have found and reported a critical bug in aufs (as shipped with the latest Ubuntu kernels, both on Bionic and Xenial), which potentially affects anyone running Docker on Ubuntu using aufs graph driver. The fix has been developed, tested at least by me to fix the issue, and committed into upstream aufs git repos
The nature of the bug is, in case of multiple parallels aufs mounts and unmounts, the kernel can screw up krefs, and once that happens, the only remedy is to reboot it (as commands like mount/umount or cat /proc/mounts are all stuck in syscalls).
I would appreciate syncing aufs with the latest upstream release from git, as it was done a few times already, or at least taking the below fix (whatever suits maintainers better).
The fixed versions are the ones marked with 20190610, and from what I see they are available for all kernel versions since 4.14 (for example, 4.15 tree is here: https://github.com/sfjro/aufs4-standalone/commits/aufs4.15). For 4.4, a backport might be needed, but it should be trivial.
Original bug report: https://sourceforge.net/p/aufs/mailman/message/36680389/
Fix: https://github.com/sfjro/aufs4-linux/commit/b633d7b2635b9615fe294b85257d05008e3747a3 |
SRU Justification
Impact: A race in aufs can result in use of a DYNOP object which is being freed after its reference count reaches 0, leading to an oops.
Fix: Upstream fix to aufs to ignore objects whose reference count is 0.
Regression Potential: Low, limited to aufs and confirmed in testing to fix the issue.
---
I have found and reported a critical bug in aufs (as shipped with the latest Ubuntu kernels, both on Bionic and Xenial), which potentially affects anyone running Docker on Ubuntu using aufs graph driver. The fix has been developed, tested at least by me to fix the issue, and committed into upstream aufs git repos
The nature of the bug is, in case of multiple parallels aufs mounts and unmounts, the kernel can screw up krefs, and once that happens, the only remedy is to reboot it (as commands like mount/umount or cat /proc/mounts are all stuck in syscalls).
I would appreciate syncing aufs with the latest upstream release from git, as it was done a few times already, or at least taking the below fix (whatever suits maintainers better).
The fixed versions are the ones marked with 20190610, and from what I see they are available for all kernel versions since 4.14 (for example, 4.15 tree is here: https://github.com/sfjro/aufs4-standalone/commits/aufs4.15). For 4.4, a backport might be needed, but it should be trivial.
Original bug report: https://sourceforge.net/p/aufs/mailman/message/36680389/
Fix: https://github.com/sfjro/aufs4-linux/commit/b633d7b2635b9615fe294b85257d05008e3747a3 |
|