segfault when mountpoint of dataset is not empty

Launchpad Bug Tracker Mon, 18 Jan 2021 02:11:13 -0800

This bug was fixed in the package zfs-linux - 0.8.4-1ubuntu11.1

---------------
zfs-linux (0.8.4-1ubuntu11.1) groovy; urgency=medium


  [ Didier Roche ]
  [ Jean-Baptiste Lallement ]
  * Generate clone uuid without dd which is flagged as having an executable
    stack. Thanks Usarin Heininga for the patch (LP: #1894329)

  [ Andrea Righi ]
  * fix potential user-space double free when running "zfs mount -a"
    (LP: #1902588)
    - 4702-Revert-Let-zfs-mount-all-tolerate-in-progress-mounts.patch

 -- Colin Ian King <colin.k...@canonical.com>  Mon, 30 Nov 2020 19:00:00
+0000

** Changed in: zfs-linux (Ubuntu Groovy)
       Status: Fix Committed => Fix Released

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to zfs-linux in Ubuntu.
https://bugs.launchpad.net/bugs/1902588

Title:
  zfs mount -a: double free / memory corruption / segfault when
  mountpoint of dataset is not empty

Status in zfs-linux package in Ubuntu:
  Fix Released
Status in zfs-linux source package in Focal:
  Fix Committed
Status in zfs-linux source package in Groovy:
  Fix Released
Status in zfs-linux source package in Hirsute:
  Fix Released

Bug description:
  == SRU Justification Focal ==

  zfs mount -a when run on a nonempty mountpoint causes a double free,
  memory corruption, and a segfault.

  == Impact ==

  Double free and memory corruption in ZFS when run as root and
  attempting to mount all. While running this I observed other ZFS
  volumes randomly unmounting, and mount points owner being spuriously
  zeroed (set to root).

  == Fix ==

  https://github.com/openzfs/zfs/commit/d1b84da8c1a69c084f04b504beefe804591bca07

  == Test ==

  Steps are laid out in the ZFS issue:
  https://github.com/openzfs/zfs/issues/9560

  == Regression Potential ==

  Limited to the behavior of zfs mount when a previous attempt to mount
  has failed, or is still in progress. Changes the behavior in that case
  to failure, instead of double-free.


  Example case of running into this bug, with dmesg:
  https://pastebin.com/YRXW8WgM

  $ lsb_release -a
  No LSB modules are available.
  Distributor ID:       Ubuntu
  Description:  Ubuntu 20.04.1 LTS
  Release:      20.04
  Codename:     focal

  
  $ apt-cache policy zfsutils-linux
  zfsutils-linux:
    Installed: 0.8.3-1ubuntu12.4
    Candidate: 0.8.3-1ubuntu12.4
    Version table:
   *** 0.8.3-1ubuntu12.4 500
          500 http://us.archive.ubuntu.com/ubuntu focal-updates/main amd64 
Packages
          100 /var/lib/dpkg/status
       0.8.3-1ubuntu12 500
          500 http://us.archive.ubuntu.com/ubuntu focal/main amd64 Packages

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/zfs-linux/+bug/1902588/+subscriptions

-- 
Mailing list: https://launchpad.net/~kernel-packages
Post to     : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help   : https://help.launchpad.net/ListHelp

[Kernel-packages] [Bug 1902588] Re: zfs mount -a: double free / memory corruption / segfault when mountpoint of dataset is not empty

Reply via email to