This bug was fixed in the package linux - 5.4.0-9.12
---------------
linux (5.4.0-9.12) focal; urgency=medium
* alsa/hda/realtek: the line-out jack doens't work on a dell AIO
(LP: #1855999)
- SAUCE: ALSA: hda/realtek - Line-out jack doesn't work on a Dell AIO
* scsi: hisi_sas: Check sas_port before using it (LP: #1855952)
- scsi: hisi_sas: Check sas_port before using it
* CVE-2019-19078
- ath10k: fix memory leak
* cifs: DFS Caching feature causing problems traversing multi-tier DFS setups
(LP: #1854887)
- cifs: Fix retrieval of DFS referrals in cifs_mount()
* Support DPCD aux brightness control (LP: #1856134)
- SAUCE: drm/i915: Fix eDP DPCD aux max backlight calculations
- SAUCE: drm/i915: Assume 100% brightness when not in DPCD control mode
- SAUCE: drm/i915: Fix DPCD register order in
intel_dp_aux_enable_backlight()
- SAUCE: drm/i915: Auto detect DPCD backlight support by default
- SAUCE: drm/i915: Force DPCD backlight mode on X1 Extreme 2nd Gen 4K AMOLED
panel
- USUNTU: SAUCE: drm/i915: Force DPCD backlight mode on Dell Precision 4K
sku
* The system cannot resume from S3 if user unplugs the TB16 during suspend
state (LP: #1849269)
- PCI: pciehp: Do not disable interrupt twice on suspend
- PCI: pciehp: Prevent deadlock on disconnect
* change kconfig of the soundwire bus driver from y to m (LP: #1855685)
- [Config]: SOUNDWIRE=m
* alsa/sof: change to use hda hdmi codec driver to make hdmi audio on the
docking station work (LP: #1855666)
- ALSA: hda/hdmi - implement mst_no_extra_pcms flag
- ASoC: hdac_hda: add support for HDMI/DP as a HDA codec
- ASoC: Intel: skl-hda-dsp-generic: use snd-hda-codec-hdmi
- ASoC: Intel: skl-hda-dsp-generic: fix include guard name
- ASoC: SOF: Intel: add support for snd-hda-codec-hdmi
- ASoC: Intel: bxt-da7219-max98357a: common hdmi codec support
- ASoC: Intel: glk_rt5682_max98357a: common hdmi codec support
- ASoC: intel: sof_rt5682: common hdmi codec support
- ASoC: Intel: bxt_rt298: common hdmi codec support
- ASoC: SOF: enable sync_write in hdac_bus
- [config]: SND_SOC_SOF_HDA_COMMON_HDMI_CODEC=y
* Fix unusable USB hub on Dell TB16 after S3 (LP: #1855312)
- SAUCE: USB: core: Make port power cycle a seperate helper function
- SAUCE: USB: core: Attempt power cycle port when it's in eSS.Disabled state
* Focal update: v5.4.3 upstream stable release (LP: #1856583)
- rsi: release skb if rsi_prepare_beacon fails
- arm64: tegra: Fix 'active-low' warning for Jetson TX1 regulator
- arm64: tegra: Fix 'active-low' warning for Jetson Xavier regulator
- perf scripts python: exported-sql-viewer.py: Fix use of TRUE with SQLite
- sparc64: implement ioremap_uc
- lp: fix sparc64 LPSETTIMEOUT ioctl
- time: Zero the upper 32-bits in __kernel_timespec on 32-bit
- mailbox: tegra: Fix superfluous IRQ error message
- staging/octeon: Use stubs for MIPS && !CAVIUM_OCTEON_SOC
- usb: gadget: u_serial: add missing port entry locking
- serial: 8250-mtk: Use platform_get_irq_optional() for optional irq
- tty: serial: fsl_lpuart: use the sg count from dma_map_sg
- tty: serial: msm_serial: Fix flow control
- serial: pl011: Fix DMA ->flush_buffer()
- serial: serial_core: Perform NULL checks for break_ctl ops
- serial: stm32: fix clearing interrupt error flags
- serial: 8250_dw: Avoid double error messaging when IRQ absent
- serial: ifx6x60: add missed pm_runtime_disable
- mwifiex: Re-work support for SDIO HW reset
- io_uring: fix dead-hung for non-iter fixed rw
- io_uring: transform send/recvmsg() -ERESTARTSYS to -EINTR
- fuse: fix leak of fuse_io_priv
- fuse: verify nlink
- fuse: verify write return
- fuse: verify attributes
- io_uring: fix missing kmap() declaration on powerpc
- io_uring: ensure req->submit is copied when req is deferred
- SUNRPC: Avoid RPC delays when exiting suspend
- ALSA: hda/realtek - Enable internal speaker of ASUS UX431FLC
- ALSA: hda/realtek - Fix inverted bass GPIO pin on Acer 8951G
- ALSA: pcm: oss: Avoid potential buffer overflows
- ALSA: hda - Add mute led support for HP ProBook 645 G4
- ALSA: hda: Modify stream stripe mask only when needed
- soc: mediatek: cmdq: fixup wrong input order of write api
- Input: synaptics - switch another X1 Carbon 6 to RMI/SMbus
- Input: synaptics-rmi4 - re-enable IRQs in f34v7_do_reflash
- Input: synaptics-rmi4 - don't increment rmiaddr for SMBus transfers
- Input: goodix - add upside-down quirk for Teclast X89 tablet
- coresight: etm4x: Fix input validation for sysfs.
- Input: Fix memory leak in psxpad_spi_probe
- media: rc: mark input device as pointing stick
- x86/mm/32: Sync only to VMALLOC_END in vmalloc_sync_all()
- CIFS: Fix NULL-pointer dereference in smb2_push_mandatory_locks
- CIFS: Fix SMB2 oplock break processing
- tty: vt: keyboard: reject invalid keycodes
- can: slcan: Fix use-after-free Read in slcan_open
- nfsd: Ensure CLONE persists data and metadata changes to the target file
- nfsd: restore NFSv3 ACL support
- kernfs: fix ino wrap-around detection
- jbd2: Fix possible overflow in jbd2_log_space_left()
- drm/msm: fix memleak on release
- drm: damage_helper: Fix race checking plane->state->fb
- drm/i810: Prevent underflow in ioctl
- arm64: Validate tagged addresses in access_ok() called from kernel threads
- arm64: dts: exynos: Revert "Remove unneeded address space mapping for soc
node"
- KVM: PPC: Book3S HV: XIVE: Free previous EQ page when setting up a new one
- KVM: PPC: Book3S HV: XIVE: Fix potential page leak on error path
- KVM: PPC: Book3S HV: XIVE: Set kvm->arch.xive when VPs are allocated
- KVM: nVMX: Always write vmcs02.GUEST_CR3 during nested VM-Enter
- KVM: arm/arm64: vgic: Don't rely on the wrong pending table
- KVM: x86: do not modify masked bits of shared MSRs
- KVM: x86: fix presentation of TSX feature in ARCH_CAPABILITIES
- KVM: x86: Remove a spurious export of a static function
- KVM: x86: Grab KVM's srcu lock when setting nested state
- crypto: crypto4xx - fix double-free in crypto4xx_destroy_sdr
- crypto: atmel-aes - Fix IV handling when req->nbytes < ivsize
- crypto: af_alg - cast ki_complete ternary op to int
- crypto: geode-aes - switch to skcipher for cbc(aes) fallback
- crypto: ccp - fix uninitialized list head
- crypto: ecdh - fix big endian bug in ECC library
- crypto: user - fix memory leak in crypto_report
- spi: spi-fsl-qspi: Clear TDH bits in FLSHCR register
- spi: stm32-qspi: Fix kernel oops when unbinding driver
- spi: atmel: Fix CS high support
- spi: Fix SPI_CS_HIGH setting when using native and GPIO CS
- spi: Fix NULL pointer when setting SPI_CS_HIGH for GPIO CS
- can: ucan: fix non-atomic allocation in completion handler
- RDMA/qib: Validate ->show()/store() callbacks before calling them
- rfkill: allocate static minor
- bdev: Factor out bdev revalidation into a common helper
- bdev: Refresh bdev size for disks without partitioning
- iomap: Fix pipe page leakage during splicing
- thermal: Fix deadlock in thermal thermal_zone_device_check
- vcs: prevent write access to vcsu devices
- Revert "serial/8250: Add support for NI-Serial PXI/PXIe+485 devices"
- binder: Fix race between mmap() and binder_alloc_print_pages()
- binder: Prevent repeated use of ->mmap() via NULL mapping
- binder: Handle start==NULL in binder_update_page_range()
- KVM: x86: fix out-of-bounds write in KVM_GET_EMULATED_CPUID
(CVE-2019-19332)
- ALSA: hda - Fix pending unsol events at shutdown
- cpufreq: imx-cpufreq-dt: Correct i.MX8MN's default speed grade value
- md/raid0: Fix an error message in raid0_make_request()
- drm/mcde: Fix an error handling path in 'mcde_probe()'
- watchdog: aspeed: Fix clock behaviour for ast2600
- EDAC/ghes: Fix locking and memory barrier issues
- perf script: Fix invalid LBR/binary mismatch error
- kselftest: Fix NULL INSTALL_PATH for TARGETS runlist
- Linux 5.4.3
* Realtek ALC256M with DTS Audio Processing internal microphone doesn't work
on Redmi Book 14 2019 (LP: #1846148) // Focal update: v5.4.3 upstream stable
release (LP: #1856583)
- ALSA: hda/realtek - Enable the headset-mic on a Xiaomi's laptop
* Miscellaneous Ubuntu changes
- [Debian] add python depends to ubuntu-regression-suite
- SAUCE: selftests: net: tls: remove recv_rcvbuf test
- update dkms package versions
-- Seth Forshee <seth.fors...@canonical.com> Mon, 16 Dec 2019 14:54:19
-0600
** Changed in: linux (Ubuntu Focal)
Status: Fix Committed => Fix Released
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2019-19078
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2019-19332
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1824407
Title:
remount of multilower moved pivoted-root overlayfs root, results in
I/O errors on some modified files
Status in linux package in Ubuntu:
Fix Released
Status in linux-hwe package in Ubuntu:
Invalid
Status in linux-hwe source package in Bionic:
In Progress
Status in linux source package in Disco:
Fix Released
Status in linux source package in Eoan:
Fix Released
Status in linux source package in Focal:
Fix Released
Bug description:
== SRU Justification Disco, Eoan, Focal ==
Multiple squashfs filesystems with overlayfs cause file corruption issues
when modifying zero sized files
== Fix ==
The current fix is pending in
https://github.com/amir73il/linux/commit/b2d4f0ea5af42e16e154254de99da064f3ac551a
== Test case ==
With an Ubuntu ISO on the cdrom drive, use:
#!/bin/bash -x
mkdir -p /cdrom
mount -t iso9660 -o ro,noatime /dev/sr0 /cdrom
sleep 1
mkdir -p /cow
mount -t tmpfs -o 'rw,noatime,mode=755' tmpfs /cow
sleep 1
mkdir -p /cow/upper
mkdir -p /cow/work
modprobe -q -b overlay
sleep 1
modprobe -q -b loop
sleep 1
dev=$(losetup -f)
mkdir -p /filesystem.squashfs
losetup $dev /cdrom/casper/filesystem.squashfs
mount -t squashfs -o ro,noatime $dev /filesystem.squashfs
sleep 1
dev=$(losetup -f)
mkdir -p /installer.squashfs
losetup $dev /cdrom/casper/installer.squashfs
mount -t squashfs -o ro,noatime $dev /installer.squashfs
sleep 1
mkdir -p /root-tmp
mount -t overlay -o
'upperdir=/cow/upper,lowerdir=/installer.squashfs:/filesystem.squashfs,workdir=/cow/work'
/cow /root-tmp
FILE=/root-tmp/etc/.pwd.lock
echo foo > $FILE
cat $FILE
sync
#
# dropping caches or remounting causes the bug
#
echo 3 > /proc/sys/vm/drop_caches
cat $FILE
Without the fix the cat of the file will produce an error. With the
the cat will work correctly.
== Regression Potential ==
There is an unhandled corner case:
- two filesystems, A and B, both have null uuid
- upper layer is on A
- lower layer 1 is also on A
- lower layer 2 is on B
However, since this is an issue without the fix and will be addressed
later with subsequent fixes once they are OK with upstream I think the
risk is minimal considering nobody is complaining about these corner
cases with the current broken overlayfs squashfs layering.
-----------------------
1) Download focal subiquity pending image, or eoan release image
2) boot, and press ESC and edit boot command line (F6 in bios, e in UEFI)
3) After --- insert the following options
break=top debug init=/bin/bash
4) Continue boot (Enter in BIOS, ctrl+x in UEFI)
5) in the initramfs execute:
rm /scripts/casper-bottom/25adduser
exit
6) you will be dropped into pivoted root filesystem, before systemd is execed
as pid one
7) /run/initramfs/ will contain a debug log, showing how everything was
mounted. Ie. cdrom mounted, squashfs losetup from there, then multilower
overlay setup from them, moved to /root, and then pivot-root to /root done to
finally end up as /. Underlying layers are moved into /cow for your convenience.
8) At this point modifying zero-byte length files, that exist in the
lowest layer, but not the middle one, in certain ways, will results in
them to be corrupted, after / is remounted.
9) Corruption examples
(On both focal & eoan)
cat /etc/.pwd.lock
systemd-sysusers
cat /etc/.pwd.lock
mount -o remount /
cat /etc/.pwd.lock
overlayfs: invalid origin (etc/.pwd.lock, ftype=8000, origin ftype=4000)
cat: /etc/.pwd.lock: Input/output error
(Only on eoan)
cat /etc/machine-id
systemd-machine-id-setup
cat /etc/machine-id
mount -o remount /
cat /etc/machine-id
overlayfs: invalid origin (etc/machine-id, ftype=8000, origin ftype=4000)
cat: /etc/machine-id: Input/output error
Lots of things break once machine-id and .pwd.lock are corrupted. I.e.
unable to dhcp, connect to dbus, add/remove/change users or groups,
etc.
We were unable to recreate the issue outside of booting things with
casper. Ie. statically on a regular host machine without pivot-root.
But hopefully booting to a quite state with nothing running is
sufficient to reproduce this.
Instead of booting with `bebroken init=/bin/bash` you can boot with
`bebroken systemd.mask=systemd-remount-fs.service` this will complete
the boot, with /etc/machine-id & .pwd.lock modified, meaning that
remount of / will cause IO errors on those files.
Currently, we are shipping two hacks in casper's 25adduser script to
"rm" the offending files, and create them again on the upper rw layer.
They then survive remount without i/o errors. However, we'd rather not
ship those hacks, and have kernel overlay fixed to work correctly with
multi-lower-dir and not corrupt files upon remounting /.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1824407/+subscriptions
--
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help : https://help.launchpad.net/ListHelp
