Steps used to verify the fix (both in focal and groovy):
$ fallocate -l 8G /home/ubuntu/disk.img
$ sudo zpool create pool /home/ubuntu/disk.img
$ for i in {1..20}; do sudo zfs create pool/ds$i; done
$ sudo zfs unmount pool/ds20
$ sudo zfs mount -a & sudo zfs mount -a &
[1] 1964
[2] 1965
ubuntu@groovy:~$ filesystem 'pool/ds20' is already mounted
cannot mount 'pool/ds20': mountpoint or dataset is busy
[1]- Done sudo zfs mount -a
[2]+ Exit 1 sudo zfs mount -a
With the fix applied we should be able to see the error "mountpoint or
dataset is busy", due to the concurrent "zfs mount -a" running. That
means the old behavior has been restored, since it's not a problem
anymore for systemd (and the applied workaround could cause the
segfault).
** Tags removed: verification-needed-focal
** Tags added: verification-done-focal
** Tags removed: verification-needed-groovy
** Tags added: verification-done-groovy
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to zfs-linux in Ubuntu.
https://bugs.launchpad.net/bugs/1902588
Title:
zfs mount -a: double free / memory corruption / segfault when
mountpoint of dataset is not empty
Status in zfs-linux package in Ubuntu:
Fix Released
Status in zfs-linux source package in Xenial:
Invalid
Status in zfs-linux source package in Bionic:
Invalid
Status in zfs-linux source package in Focal:
Fix Committed
Status in zfs-linux source package in Groovy:
Fix Committed
Status in zfs-linux source package in Hirsute:
Fix Released
Bug description:
== SRU Justification Focal ==
zfs mount -a when run on a nonempty mountpoint causes a double free,
memory corruption, and a segfault.
== Impact ==
Double free and memory corruption in ZFS when run as root and
attempting to mount all. While running this I observed other ZFS
volumes randomly unmounting, and mount points owner being spuriously
zeroed (set to root).
== Fix ==
https://github.com/openzfs/zfs/commit/d1b84da8c1a69c084f04b504beefe804591bca07
== Test ==
Steps are laid out in the ZFS issue:
https://github.com/openzfs/zfs/issues/9560
== Regression Potential ==
Limited to the behavior of zfs mount when a previous attempt to mount
has failed, or is still in progress. Changes the behavior in that case
to failure, instead of double-free.
Example case of running into this bug, with dmesg:
https://pastebin.com/YRXW8WgM
$ lsb_release -a
No LSB modules are available.
Distributor ID: Ubuntu
Description: Ubuntu 20.04.1 LTS
Release: 20.04
Codename: focal
$ apt-cache policy zfsutils-linux
zfsutils-linux:
Installed: 0.8.3-1ubuntu12.4
Candidate: 0.8.3-1ubuntu12.4
Version table:
*** 0.8.3-1ubuntu12.4 500
500 http://us.archive.ubuntu.com/ubuntu focal-updates/main amd64
Packages
100 /var/lib/dpkg/status
0.8.3-1ubuntu12 500
500 http://us.archive.ubuntu.com/ubuntu focal/main amd64 Packages
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/zfs-linux/+bug/1902588/+subscriptions
--
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help : https://help.launchpad.net/ListHelp
