All autopkgtests for the newly accepted linux-bluefield (5.0.0-1010.20) for bionic have finished running. The following regressions have been reported in tests triggered by the package:
fsprotect/unknown (armhf) Please visit the excuses page listed below and investigate the failures, proceeding afterwards as per the StableReleaseUpdates policy regarding autopkgtest regressions [1]. https://people.canonical.com/~ubuntu-archive/proposed- migration/bionic/update_excuses.html#linux-bluefield [1] https://wiki.ubuntu.com/StableReleaseUpdates#Autopkgtest_Regressions Thank you! -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1860041 Title: shiftfs: prevent lower dentries from going negative during unlink Status in linux package in Ubuntu: Fix Committed Status in linux source package in Disco: Fix Committed Status in linux source package in Eoan: Fix Committed Bug description: SRU Justification Impact: All non-special files (For shiftfs this only includes fifos and - for this case - unix sockets - since we don't allow character and block devices to be created.) go through shiftfs_open() and have their dentry pinned through this codepath preventing it from going negative. But fifos don't use the shiftfs fops but rather use the pipefifo_fops which means they do not go through shiftfs_open() and thus don't have their dentry pinned that way. Thus, the lower dentries for such files can go negative on unlink causing segfaults. The following C program can be used to reproduce the crash: #include <stdio.h> #include <fcntl.h> #include <unistd.h> #include <sys/types.h> #include <sys/stat.h> #include <unistd.h> #include <stdlib.h> int main(int argc, char *argv[]) { struct stat stat; unlink("./bbb"); int ret = mknod("./bbb", S_IFIFO|0666, 0); if (ret < 0) exit(1); int fd = open("./bbb", O_RDWR); if (fd < 0) exit(2); if (unlink("./bbb")) exit(4); fstat(fd, &stat); return 0; } Fix: Similar to ecryptfs we need to dget() the lower dentry before calling vfs_unlink() on it and dput() it afterwards. Regression Potential: Limited to shiftfs. Test Case: Compiled a kernel with the fix and used the reproducer above to verify that the kernel cannot be crashed anymore. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1860041/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
