[Kernel-packages] [Bug 1967924] Re: re-apply missing overlayfs SAUCE patch

Fri, 06 May 2022 14:11:34 -0700 

This patch seems to introduce this NULL pointer dereference, that can be
triggered systematically running lxc autopkgtest:

BUG: kernel NULL pointer dereference, address: 0000000000000008
[  447.039738] #PF: supervisor read access in kernel mode
[  447.040369] #PF: error_code(0x0000) - not-present page
[  447.041002] PGD 0 P4D 0 
[  447.041325] Oops: 0000 [#1] SMP NOPTI
[  447.041798] CPU: 0 PID: 73766 Comm: sudo Not tainted 5.15.0-28-generic 
#29~20.04.1-Ubuntu
[  447.042800] Hardware name: OpenStack Foundation OpenStack Nova, BIOS 
Ubuntu-1.8.2-1ubuntu1+esm1 04/01/2014
[  447.043979] RIP: 0010:aa_file_perm+0x3a/0x470
[  447.044565] Code: 54 53 48 83 ec 68 48 89 7d 80 89 4d 8c 65 48 8b 04 25 28 
00 00 00 48 89 45 d0 31 c0 48 63 05 01 0a 19 01 48 03 82 c0 00 00 00 <4c> 8b 68 
08 f6 46 40 02 0f 85 d0 00 00 00 41 f6 45 40 02 0f 85 c5
[  447.046837] RSP: 0018:ffffaefe80a4bca8 EFLAGS: 00010246
[  447.047481] RAX: 0000000000000000 RBX: ffff96e4038abd01 RCX: 0000000000000004
[  447.048351] RDX: ffff96e4038abd00 RSI: ffff96e401215eb8 RDI: ffffffff9c22a2ac
[  447.049241] RBP: ffffaefe80a4bd38 R08: 0000000000000000 R09: 0000000000000000
[  447.050121] R10: 0000000000000000 R11: 0000000000000000 R12: ffff96e401215eb8
[  447.051040] R13: ffff96e4038abd00 R14: ffffffff9c22a2ac R15: 0000000000000004
[  447.051942] FS:  00007eff3c0f8c80(0000) GS:ffff96e45e400000(0000) 
knlGS:0000000000000000
[  447.052981] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  447.053696] CR2: 0000000000000008 CR3: 0000000002be2000 CR4: 00000000003506f0
[  447.054571] Call Trace:
[  447.054883]  <TASK>
[  447.055154]  ? unlock_page_memcg+0x2f/0x40
[  447.055668]  ? page_remove_rmap+0x4b/0x320
[  447.056180]  common_file_perm+0x72/0x170
[  447.056669]  apparmor_file_permission+0x1c/0x20
[  447.057237]  security_file_permission+0x30/0x1a0
[  447.057898]  rw_verify_area+0x35/0x60
[  447.058392]  vfs_read+0x6d/0x1a0
[  447.058842]  ksys_read+0xb1/0xe0
[  447.059276]  __x64_sys_read+0x1a/0x20
[  447.059732]  do_syscall_64+0x5c/0xc0
[  447.060183]  ? __set_current_blocked+0x3b/0x60
[  447.060738]  ? exit_to_user_mode_prepare+0x3d/0x1c0
[  447.061434]  ? syscall_exit_to_user_mode+0x27/0x50
[  447.062099]  ? do_syscall_64+0x69/0xc0
[  447.062603]  ? irqentry_exit_to_user_mode+0x9/0x20
[  447.063210]  ? irqentry_exit+0x19/0x30
[  447.063678]  ? exc_page_fault+0x89/0x160
[  447.064165]  ? asm_exc_page_fault+0x8/0x30
[  447.064675]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  447.065298] RIP: 0033:0x7eff3c2cb002

This panic happens only when AUFS is enabled (so it can be seen only in
focal with 5.15 at the moment).

I'm going to revert the patch for now, until we figure out a better way
to re-apply this change.

** Changed in: linux (Ubuntu Jammy)
       Status: Fix Committed => In Progress

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1967924

Title:
  re-apply missing overlayfs SAUCE patch

Status in linux package in Ubuntu:
  Fix Committed
Status in linux source package in Impish:
  Fix Committed
Status in linux source package in Jammy:
  In Progress

Bug description:
  [Impact]

  Starting with 5.13 we've incorrectly dropped the following sauce
  patch:

      UBUNTU: SAUCE: overlayfs: fix incorrect mnt_id of files opened
  from map_files

  This patch seems to be required to use overlayfs on top of shiftfs and
  without this patch we may break containers that rely on shiftfs (using
  zfs/ceph as storage pool w/ shiftfs enabled).

  [Test case]

  No specific test case provided.

  [Fix]

  The original SAUCE patch relies on AUFS in order to use
  vma->vm_prfile, but we're not providing AUFS anymore in jammy,.

  The fix consists of re-apply this patch with a little refactoring to
  be dependent on CONFIG_AUFS_FS.

  [Regression potential]

  This patch is touching overlayfs, so we may see potential regressions
  in overlayfs.

  [Original bug report]

  The next patch has not been ported to the the 5.13 branch:

  $ git show Ubuntu-azure-5.8-5.8.0-1033.35_20.04.1~656
  commit 5f5716d1f7ece06c66d7d8145dd6b3a5886b3e56
  Author: Alexander Mikhalitsyn <alexan...@mihalicyn.com>
  Date:   Mon Apr 26 10:11:00 2021 +0200

      UBUNTU: SAUCE: overlayfs: fix incorrect mnt_id of files opened
  from map_files

      BugLink: https://bugs.launchpad.net/bugs/1857257

  ...

      Fixes: d24b8a5 ("UBUNTU: SAUCE: overlayfs: allow with shiftfs as
  underlay")

  But it isn't in the 5.13 branch:

  $ git log --pretty=oneline origin/azure-5.13-next fs/overlayfs/file.c
  1e6145d8708c831d2aa5c26aa15eb98e1a1683b9 ovl: fix use after free in struct 
ovl_aio_req
  7b5bda27d1fc4d7bde20cf6ed203fe88c458169a ovl: fix IOCB_DIRECT if underlying 
fs doesn't support direct IO
  1626e7f7ab7eb74e142fec7fe6b7c9614972a56b ovl: fix deadlock in splice write
  1443bc4a25ca84d60d39a8ae1dc6215abdd637a4 UBUNTU: SAUCE: overlayfs: allow with 
shiftfs as underlay

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1967924/+subscriptions


-- 
Mailing list: https://launchpad.net/~kernel-packages
Post to     : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help   : https://help.launchpad.net/ListHelp

Reply via email to