group.of.nepali.translators team mailing list archive

Thread
Date

[Bug 1902588] Re: zfs mount -a: double free / memory corruption / segfault when mountpoint of dataset is not empty

To: group.of.nepali.translators@xxxxxxxxxxxxxxxxxxx
From: Launchpad Bug Tracker <1902588@xxxxxxxxxxxxxxxxxx>
Date: Mon, 30 Nov 2020 20:37:12 -0000
Reply-to: Bug 1902588 <1902588@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

This bug was fixed in the package zfs-linux - 0.8.4-1ubuntu16

---------------
zfs-linux (0.8.4-1ubuntu16) hirsute; urgency=medium

  * fix potential user-space double free when running "zfs mount -a"
    (LP: #1902588)
   - 4702-Revert-Let-zfs-mount-all-tolerate-in-progress-mounts.patch

 -- Andrea Righi <andrea.righi@xxxxxxxxxxxxx>  Fri, 27 Nov 2020 18:40:01
+0000

** Changed in: zfs-linux (Ubuntu Hirsute)
       Status: In Progress => Fix Released

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1902588

Title:
  zfs mount -a: double free / memory corruption / segfault when
  mountpoint of dataset is not empty

Status in zfs-linux package in Ubuntu:
  Fix Released
Status in zfs-linux source package in Xenial:
  Invalid
Status in zfs-linux source package in Bionic:
  Invalid
Status in zfs-linux source package in Focal:
  Fix Committed
Status in zfs-linux source package in Groovy:
  Fix Committed
Status in zfs-linux source package in Hirsute:
  Fix Released

Bug description:
  == SRU Justification Focal ==

  zfs mount -a when run on a nonempty mountpoint causes a double free,
  memory corruption, and a segfault.

  == Impact ==

  Double free and memory corruption in ZFS when run as root and
  attempting to mount all. While running this I observed other ZFS
  volumes randomly unmounting, and mount points owner being spuriously
  zeroed (set to root).

  == Fix ==

  https://github.com/openzfs/zfs/commit/d1b84da8c1a69c084f04b504beefe804591bca07

  == Test ==

  Steps are laid out in the ZFS issue:
  https://github.com/openzfs/zfs/issues/9560

  == Regression Potential ==

  Limited to the behavior of zfs mount when a previous attempt to mount
  has failed, or is still in progress. Changes the behavior in that case
  to failure, instead of double-free.


  Example case of running into this bug, with dmesg:
  https://pastebin.com/YRXW8WgM

  $ lsb_release -a
  No LSB modules are available.
  Distributor ID:	Ubuntu
  Description:	Ubuntu 20.04.1 LTS
  Release:	20.04
  Codename:	focal

  
  $ apt-cache policy zfsutils-linux
  zfsutils-linux:
    Installed: 0.8.3-1ubuntu12.4
    Candidate: 0.8.3-1ubuntu12.4
    Version table:
   *** 0.8.3-1ubuntu12.4 500
          500 http://us.archive.ubuntu.com/ubuntu focal-updates/main amd64 Packages
          100 /var/lib/dpkg/status
       0.8.3-1ubuntu12 500
          500 http://us.archive.ubuntu.com/ubuntu focal/main amd64 Packages

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/zfs-linux/+bug/1902588/+subscriptions