group.of.nepali.translators team mailing list archive

Thread
Date

[Bug 1902588] Re: zfs mount -a: double free / memory corruption / segfault when mountpoint of dataset is not empty

To: group.of.nepali.translators@xxxxxxxxxxxxxxxxxxx
From: Mathew Hodson <1902588@xxxxxxxxxxxxxxxxxx>
Date: Sun, 17 Jan 2021 01:47:39 -0000
Reply-to: Bug 1902588 <1902588@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

This commit that introduced the segfault was applied o the 0.8-release
branch with
https://github.com/openzfs/zfs/commit/95fcb04215015950b3388ba0a6edad8e1b463415
so Focal and Groovy are affected.

That change was never applied to the 0.6.5-release or 0.7-release
branches, so Bionic and Xenial aren't affected.

** No longer affects: zfs-linux (Ubuntu Xenial)

** No longer affects: zfs-linux (Ubuntu Bionic)

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1902588

Title:
  zfs mount -a: double free / memory corruption / segfault when
  mountpoint of dataset is not empty

Status in zfs-linux package in Ubuntu:
  Fix Released
Status in zfs-linux source package in Focal:
  Fix Committed
Status in zfs-linux source package in Groovy:
  Fix Committed
Status in zfs-linux source package in Hirsute:
  Fix Released

Bug description:
  == SRU Justification Focal ==

  zfs mount -a when run on a nonempty mountpoint causes a double free,
  memory corruption, and a segfault.

  == Impact ==

  Double free and memory corruption in ZFS when run as root and
  attempting to mount all. While running this I observed other ZFS
  volumes randomly unmounting, and mount points owner being spuriously
  zeroed (set to root).

  == Fix ==

  https://github.com/openzfs/zfs/commit/d1b84da8c1a69c084f04b504beefe804591bca07

  == Test ==

  Steps are laid out in the ZFS issue:
  https://github.com/openzfs/zfs/issues/9560

  == Regression Potential ==

  Limited to the behavior of zfs mount when a previous attempt to mount
  has failed, or is still in progress. Changes the behavior in that case
  to failure, instead of double-free.


  Example case of running into this bug, with dmesg:
  https://pastebin.com/YRXW8WgM

  $ lsb_release -a
  No LSB modules are available.
  Distributor ID:	Ubuntu
  Description:	Ubuntu 20.04.1 LTS
  Release:	20.04
  Codename:	focal

  
  $ apt-cache policy zfsutils-linux
  zfsutils-linux:
    Installed: 0.8.3-1ubuntu12.4
    Candidate: 0.8.3-1ubuntu12.4
    Version table:
   *** 0.8.3-1ubuntu12.4 500
          500 http://us.archive.ubuntu.com/ubuntu focal-updates/main amd64 Packages
          100 /var/lib/dpkg/status
       0.8.3-1ubuntu12 500
          500 http://us.archive.ubuntu.com/ubuntu focal/main amd64 Packages

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/zfs-linux/+bug/1902588/+subscriptions