re-apply missing overlayfs SAUCE patch
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
linux (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned | ||
Impish |
Fix Released
|
Medium
|
Unassigned | ||
Jammy |
Fix Released
|
Undecided
|
Unassigned |
Bug Description
[Impact]
Starting with 5.13 we've incorrectly dropped the following sauce patch:
UBUNTU: SAUCE: overlayfs: fix incorrect mnt_id of files opened from map_files
This patch seems to be required to use overlayfs on top of shiftfs and without this patch we may break containers that rely on shiftfs (using zfs/ceph as storage pool w/ shiftfs enabled).
[Test case]
The following script can be used to trigger the issue:
#!/bin/bash
cat > test.py << EOF
import sys
f = open("/
for l in f.readlines():
if "python" not in l:
continue
print(l)
s = l.split()
start, end = s[0].split("-")
fname = s[-1]
print(start, end, fname)
break
else:
sys.exit(1)
test_file1 = open(fname)
test_file2 = open("/
fdinfo1 = open("/
fdinfo2 = open("/
if fdinfo1 != fdinfo2:
print("FAIL")
print(
print(fdinfo1)
print(
print(fdinfo2)
sys.exit(1)
print("PASS")
EOF
sudo docker run -it --privileged --rm -v `pwd`:/mnt python python /mnt/test.py
[Fix]
The original SAUCE patch relies on AUFS in order to use vma->vm_prfile, but we're not providing AUFS anymore in jammy,.
The fix consists of re-apply this patch with a little refactoring to be dependent on CONFIG_AUFS_FS.
[Regression potential]
This patch is touching overlayfs, so we may see potential regressions in overlayfs.
[Original bug report]
The next patch has not been ported to the the 5.13 branch:
$ git show Ubuntu-
commit 5f5716d1f7ece06
Author: Alexander Mikhalitsyn <email address hidden>
Date: Mon Apr 26 10:11:00 2021 +0200
UBUNTU: SAUCE: overlayfs: fix incorrect mnt_id of files opened from map_files
BugLink: https:/
...
Fixes: d24b8a5 ("UBUNTU: SAUCE: overlayfs: allow with shiftfs as underlay")
But it isn't in the 5.13 branch:
$ git log --pretty=oneline origin/
1e6145d8708c831
7b5bda27d1fc4d7
1626e7f7ab7eb74
1443bc4a25ca84d
CVE References
summary: |
- One overlayfs fix has not been backported to the 5.13 bracnh + One overlayfs fix has not been backported to the 5.13 branch |
description: | updated |
no longer affects: | linux-azure (Ubuntu Jammy) |
no longer affects: | linux-azure (Ubuntu Impish) |
no longer affects: | linux-azure (Ubuntu) |
Changed in linux (Ubuntu Jammy): | |
status: | New → Fix Committed |
summary: |
- One overlayfs fix has not been backported to the 5.13 branch + re-apply missing overlayfs SAUCE patch |
Changed in linux (Ubuntu Impish): | |
importance: | Undecided → Medium |
status: | New → In Progress |
Changed in linux (Ubuntu Impish): | |
status: | In Progress → Fix Committed |
tags: |
added: verification-failed-jammy removed: verification-needed-jammy |
tags: | added: patch |
description: | updated |
Status changed to 'Confirmed' because the bug affects multiple users.