refactoring of overlayfs fix to properly support shiftfs

Bug #1983640 reported by Andrea Righi
12
This bug affects 2 people
Affects Status Importance Assigned to Milestone
linux (Ubuntu)
Fix Released
Undecided
Unassigned
Jammy
Fix Released
Medium
Unassigned
Kinetic
Fix Released
Undecided
Unassigned
linux-hwe-5.17 (Ubuntu)
Confirmed
Undecided
Unassigned
Jammy
Fix Committed
Medium
Unassigned
Kinetic
Confirmed
Undecided
Unassigned

Bug Description

[Impact]

Starting with 5.13 we've incorrectly dropped the following sauce patch:

    UBUNTU: SAUCE: overlayfs: fix incorrect mnt_id of files opened from map_files

This patch is required to use overlayfs on top of shiftfs and without this patch we may break containers that rely on shiftfs (using zfs/ceph as storage pool w/ shiftfs enabled).

However, we made this patch dependent on AUFS, starting with Jammy we're not enabling AUFS anymore, so this fix becomes a no-op.

So we need to re-introduce this fix with a bit of refactoring to not depend on AUFS.

[Test case]

The following script can be used to trigger the issue:

  #!/bin/bash

  cat > test.py << EOF
  import sys

  f = open("/proc/self/maps")

  for l in f.readlines():
    if "python" not in l:
      continue
    print(l)
    s = l.split()
    start, end = s[0].split("-")
    fname = s[-1]
    print(start, end, fname)
    break
  else:
    sys.exit(1)

  test_file1 = open(fname)
  test_file2 = open("/proc/self/map_files/%s-%s" % (start, end))

  fdinfo1 = open("/proc/self/fdinfo/%d" % test_file1.fileno()).read()
  fdinfo2 = open("/proc/self/fdinfo/%d" % test_file2.fileno()).read()

  if fdinfo1 != fdinfo2:
    print("FAIL")
    print(test_file1)
    print(fdinfo1)
    print(test_file2)
    print(fdinfo2)
    sys.exit(1)
  print("PASS")
  EOF
  sudo docker run -it --privileged --rm -v `pwd`:/mnt python python /mnt/test.py

[Fix]

Import the right pieces from AUFS to properly support the fix and get
rid of the AUFS dependency across all our kernels and re-apply the
overlayfs fix without the AUFS dependency.

[Regression potential]

This patch is touching overlayfs, so we may see potential regressions in overlayfs, especially when containers are used.

Andrea Righi (arighi)
no longer affects: linux (Ubuntu Focal)
Andrea Righi (arighi)
summary: - refactoring of overlayfs fix to report the right mnt_id of files opened
- from map_files
+ refactoring of overlayfs fix to properly support shiftfs
description: updated
Revision history for this message
Ubuntu Kernel Bot (ubuntu-kernel-bot) wrote : Missing required logs.

This bug is missing log files that will aid in diagnosing the problem. While running an Ubuntu kernel (not a mainline or third-party kernel) please enter the following command in a terminal window:

apport-collect 1983640

and then change the status of the bug to 'Confirmed'.

If, due to the nature of the issue you have encountered, you are unable to run this command, please add a comment stating that fact and change the bug status to 'Confirmed'.

This change has been made by an automated script, maintained by the Ubuntu Kernel Team.

Changed in linux (Ubuntu):
status: New → Incomplete
Changed in linux (Ubuntu Jammy):
status: New → Incomplete
Changed in linux (Ubuntu Jammy):
status: Incomplete → In Progress
Changed in linux (Ubuntu Kinetic):
status: Incomplete → In Progress
Changed in linux-hwe-5.17 (Ubuntu Kinetic):
status: New → Invalid
Changed in linux (Ubuntu Kinetic):
status: In Progress → Fix Committed
Changed in linux-hwe-5.17 (Ubuntu Jammy):
status: New → In Progress
status: In Progress → Fix Committed
Stefan Bader (smb)
Changed in linux-hwe-5.17 (Ubuntu Jammy):
importance: Undecided → Medium
Changed in linux (Ubuntu Jammy):
importance: Undecided → Medium
status: In Progress → Fix Committed
Revision history for this message
Ubuntu Kernel Bot (ubuntu-kernel-bot) wrote :

This bug is awaiting verification that the linux/5.15.0-48.54 kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-jammy' to 'verification-done-jammy'. If the problem still exists, change the tag 'verification-needed-jammy' to 'verification-failed-jammy'.

If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you!

Revision history for this message
Ubuntu Kernel Bot (ubuntu-kernel-bot) wrote :

This bug is awaiting verification that the linux-nvidia/5.15.0-1006.6 kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-jammy' to 'verification-done-jammy'. If the problem still exists, change the tag 'verification-needed-jammy' to 'verification-failed-jammy'.

If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you!

Revision history for this message
Launchpad Janitor (janitor) wrote :
Download full text (41.2 KiB)

This bug was fixed in the package linux - 5.15.0-48.54

---------------
linux (5.15.0-48.54) jammy; urgency=medium

  * jammy/linux: 5.15.0-48.54 -proposed tracker (LP: #1987775)

  * System freeze after resuming from suspend due to PCI ASPM settings
    (LP: #1980829)
    - SAUCE: PCI/ASPM: Save/restore L1SS Capability for suspend/resume
    - SAUCE: whitelist platforms that needs save/restore ASPM L1SS for
      suspend/resume

  * [SRU][J/OEM-5.17][PATCH 0/1] Fix oled brightness set above frame-average
    luminance (LP: #1978986)
    - SAUCE: drm: New function to get luminance range based on static hdr metadata
    - SAUCE: drm/amdgpu_dm: Rely on split out luminance calculation function
    - SAUCE: drm/i915: Use luminance range calculated during edid parsing

  * Jammy: Add OVS Internal Port HW Offload to mlx5 driver (LP: #1983498)
    - net/mlx5e: Refactor rx handler of represetor device
    - net/mlx5e: Use generic name for the forwarding dev pointer
    - net/mlx5: E-Switch, Add ovs internal port mapping to metadata support
    - net/mlx5e: Support accept action
    - net/mlx5e: Accept action skbedit in the tc actions list
    - net/mlx5e: Offload tc rules that redirect to ovs internal port
    - net/mlx5e: Offload internal port as encap route device
    - net/mlx5e: Enable TC offload for ingress MACVLAN
    - net/mlx5e: Add indirect tc offload of ovs internal port
    - net/mlx5e: Term table handling of internal port rules
    - net/mlx5: Support internal port as decap route device
    - net/mlx5: Fix some error handling paths in 'mlx5e_tc_add_fdb_flow()'
    - net/mlx5e: TC, Fix memory leak with rules with internal port
    - net/mlx5e: Fix skb memory leak when TC classifier action offloads are
      disabled
    - net/mlx5e: Fix nullptr on deleting mirroring rule
    - net/mlx5e: Avoid implicit modify hdr for decap drop rule
    - net/mlx5e: Fix wrong source vport matching on tunnel rule
    - net/mlx5e: TC, fix decap fallback to uplink when int port not supported

  * Remove unused variable from i915 psr (LP: #1986798)
    - SAUCE: drm/i915/display/psr: Remove unused variable

  * refactoring of overlayfs fix to properly support shiftfs (LP: #1983640)
    - SAUCE: overlayfs: remove CONFIG_AUFS_FS dependency

  * Jammy update: v5.15.53 upstream stable release (LP: #1986728)
    - Revert "drm/amdgpu/display: set vblank_disable_immediate for DC"
    - drm/amdgpu: To flush tlb for MMHUB of RAVEN series
    - ksmbd: set the range of bytes to zero without extending file size in
      FSCTL_ZERO_DATA
    - ksmbd: check invalid FileOffset and BeyondFinalZero in FSCTL_ZERO_DATA
    - ksmbd: use vfs_llseek instead of dereferencing NULL
    - ipv6: take care of disable_policy when restoring routes
    - net: phy: Don't trigger state machine while in suspend
    - nvme-pci: add NVME_QUIRK_BOGUS_NID for ADATA XPG SX6000LNP (AKA SPECTRIX
      S40G)
    - nvme-pci: add NVME_QUIRK_BOGUS_NID for ADATA IM2P33F8ABR1
    - nvdimm: Fix badblocks clear off-by-one error
    - powerpc/prom_init: Fix kernel config grep
    - powerpc/book3e: Fix PUD allocation size in map_kernel_page()
    - powerpc/bpf: Fix use of user_pt_regs in uapi
    - dm raid: fix ...

Changed in linux (Ubuntu Jammy):
status: Fix Committed → Fix Released
Revision history for this message
Ubuntu Kernel Bot (ubuntu-kernel-bot) wrote :

This bug is awaiting verification that the linux-oracle/5.15.0-1018.23 kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-jammy' to 'verification-done-jammy'. If the problem still exists, change the tag 'verification-needed-jammy' to 'verification-failed-jammy'.

If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you!

Revision history for this message
Ubuntu Kernel Bot (ubuntu-kernel-bot) wrote :

This bug is awaiting verification that the linux-ibm/5.15.0-1014.16 kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-jammy' to 'verification-done-jammy'. If the problem still exists, change the tag 'verification-needed-jammy' to 'verification-failed-jammy'.

If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you!

Revision history for this message
Ubuntu Kernel Bot (ubuntu-kernel-bot) wrote :

This bug is awaiting verification that the linux-nvidia/5.15.0-1007.7 kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-jammy' to 'verification-done-jammy'. If the problem still exists, change the tag 'verification-needed-jammy' to 'verification-failed-jammy'.

If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you!

Revision history for this message
Dimitri John Ledkov (xnox) wrote :

Appears to be a regression reported about this https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1990849

=((((

Revision history for this message
Ubuntu Kernel Bot (ubuntu-kernel-bot) wrote :

This bug is awaiting verification that the linux-gkeop-5.15/5.15.0-1003.5~20.04.2 kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-focal' to 'verification-done-focal'. If the problem still exists, change the tag 'verification-needed-focal' to 'verification-failed-focal'.

If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you!

Revision history for this message
Launchpad Janitor (janitor) wrote :
Download full text (18.6 KiB)

This bug was fixed in the package linux - 5.19.0-18.18

---------------
linux (5.19.0-18.18) kinetic; urgency=medium

  * kinetic/linux: 5.19.0-18.18 -proposed tracker (LP: #1990366)

  * 5.19.0-17.17: kernel NULL pointer dereference, address: 0000000000000084
    (LP: #1990236)
    - Revert "UBUNTU: SAUCE: apparmor: Fix regression in stacking due to label
      flags"
    - Revert "UBUNTU: [Config] disable SECURITY_APPARMOR_RESTRICT_USERNS"
    - Revert "UBUNTU: SAUCE: Revert "hwrng: virtio - add an internal buffer""
    - Revert "UBUNTU: SAUCE: Revert "hwrng: virtio - don't wait on cleanup""
    - Revert "UBUNTU: SAUCE: Revert "hwrng: virtio - don't waste entropy""
    - Revert "UBUNTU: SAUCE: Revert "hwrng: virtio - always add a pending
      request""
    - Revert "UBUNTU: SAUCE: Revert "hwrng: virtio - unregister device before
      reset""
    - Revert "UBUNTU: SAUCE: Revert "virtio-rng: make device ready before making
      request""
    - Revert "UBUNTU: [Config] update configs after apply new apparmor patch set"
    - Revert "UBUNTU: SAUCE: apparmor: add user namespace creation mediation"
    - Revert "UBUNTU: SAUCE: selinux: Implement userns_create hook"
    - Revert "UBUNTU: SAUCE: bpf-lsm: Make bpf_lsm_userns_create() sleepable"
    - Revert "UBUNTU: SAUCE: security, lsm: Introduce security_create_user_ns()"
    - Revert "UBUNTU: SAUCE: lsm stacking v37: AppArmor: Remove the exclusive
      flag"
    - Revert "UBUNTU: SAUCE: lsm stacking v37: LSM: Add /proc attr entry for full
      LSM context"
    - Revert "UBUNTU: SAUCE: lsm stacking v37: LSM: Removed scaffolding function
      lsmcontext_init"
    - Revert "UBUNTU: SAUCE: lsm stacking v37: netlabel: Use a struct lsmblob in
      audit data"
    - Revert "UBUNTU: SAUCE: lsm stacking v37: Audit: Add record for multiple
      object contexts"
    - Revert "UBUNTU: SAUCE: lsm stacking v37: audit: multiple subject lsm values
      for netlabel"
    - Revert "UBUNTU: SAUCE: lsm stacking v37: Audit: Add record for multiple task
      security contexts"
    - Revert "UBUNTU: SAUCE: lsm stacking v37: Audit: Allow multiple records in an
      audit_buffer"
    - Revert "UBUNTU: SAUCE: lsm stacking v37: LSM: Add a function to report
      multiple LSMs"
    - Revert "UBUNTU: SAUCE: lsm stacking v37: Audit: Create audit_stamp
      structure"
    - Revert "UBUNTU: SAUCE: lsm stacking v37: Audit: Keep multiple LSM data in
      audit_names"
    - Revert "UBUNTU: SAUCE: lsm stacking v37: LSM: security_secid_to_secctx
      module selection"
    - Revert "UBUNTU: SAUCE: lsm stacking v37: binder: Pass LSM identifier for
      confirmation"
    - Revert "UBUNTU: SAUCE: lsm stacking v37: NET: Store LSM netlabel data in a
      lsmblob"
    - Revert "UBUNTU: SAUCE: lsm stacking v37: LSM: security_secid_to_secctx in
      netlink netfilter"
    - Revert "UBUNTU: SAUCE: lsm stacking v37: LSM: Use lsmcontext in
      security_dentry_init_security"
    - Revert "UBUNTU: SAUCE: lsm stacking v37: LSM: Use lsmcontext in
      security_inode_getsecctx"
    - Revert "UBUNTU: SAUCE: lsm stacking v37: LSM: Use lsmcontext in
      security_secid_to_secctx"
    - Revert "UBUNTU: SAUCE: lsm stacking v37: LSM:...

Changed in linux (Ubuntu Kinetic):
status: Fix Committed → Fix Released
Revision history for this message
Ubuntu Kernel Bot (ubuntu-kernel-bot) wrote :

This bug is awaiting verification that the linux-bluefield/5.15.0-1008.10 kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-jammy' to 'verification-done-jammy'. If the problem still exists, change the tag 'verification-needed-jammy' to 'verification-failed-jammy'.

If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you!

Revision history for this message
Ubuntu Kernel Bot (ubuntu-kernel-bot) wrote :

This bug is awaiting verification that the linux-ibm/5.15.0-1015.17 kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-jammy' to 'verification-done-jammy'. If the problem still exists, change the tag 'verification-needed-jammy' to 'verification-failed-jammy'.

If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you!

Revision history for this message
Manuel Alejandro de Brito Fontes (aledbf) wrote :

Kernel 5.19 is also affected

Changed in linux-hwe-5.17 (Ubuntu Kinetic):
status: Invalid → Confirmed
Revision history for this message
Ubuntu Kernel Bot (ubuntu-kernel-bot) wrote :

This bug is awaiting verification that the linux-bluefield/5.15.0-1009.11 kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-jammy' to 'verification-done-jammy'. If the problem still exists, change the tag 'verification-needed-jammy' to 'verification-failed-jammy'.

If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you!

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers