kernel-packages team mailing list archive
-
kernel-packages team
-
Mailing list archive
-
Message #181440
[Bug 1572316] Re: oops when propagating mounts into containers - RIP: 0010:[<ffffffff8123cb3e>] [<ffffffff8123cb3e>] propagate_one+0xbe/0x1c0
This bug was fixed in the package linux - 3.13.0-87.133
---------------
linux (3.13.0-87.133) trusty; urgency=low
[ Kamal Mostafa ]
* Release Tracking Bug
- LP: #1585315
[ Upstream Kernel Changes ]
* Revert "usb: hub: do not clear BOS field during reset device"
- LP: #1582864
linux (3.13.0-87.132) trusty; urgency=low
[ Kamal Mostafa ]
* Release Tracking Bug
- LP: #1582398
[ Kamal Mostafa ]
* [Config] Drop ozwpan from the ABI
[ Luis Henriques ]
* [Config] CONFIG_USB_WPAN_HCD=n
- LP: #1463740
- CVE-2015-4004
[ Prarit Bhargava ]
* SAUCE: (no-up) ACPICA: Dispatcher: Update thread ID for recursive
method calls
- LP: #1577898
[ Upstream Kernel Changes ]
* usbnet: cleanup after bind() in probe()
- LP: #1567191
- CVE-2016-3951
* KVM: x86: bit-ops emulation ignores offset on 64-bit
- LP: #1423672
* USB: usbip: fix potential out-of-bounds write
- LP: #1572666
- CVE-2016-3955
* x86/mm/32: Enable full randomization on i386 and X86_32
- LP: #1568523
- CVE-2016-3672
* Input: gtco - fix crash on detecting device without endpoints
- LP: #1575706
- CVE-2016-2187
* atl2: Disable unimplemented scatter/gather feature
- LP: #1561403
- CVE-2016-2117
* ALSA: usb-audio: Skip volume controls triggers hangup on Dell USB Dock
- LP: #1577905
* fs/pnode.c: treat zero mnt_group_id-s as unequal
- LP: #1572316
* propogate_mnt: Handle the first propogated copy being a slave
- LP: #1572316
* drm: Balance error path for GEM handle allocation
- LP: #1579610
* x86/mm: Add barriers and document switch_mm()-vs-flush synchronization
- LP: #1538429
- CVE-2016-2069
* x86/mm: Improve switch_mm() barrier comments
- LP: #1538429
- CVE-2016-2069
* net: fix infoleak in llc
- LP: #1578496
- CVE-2016-4485
* net: fix infoleak in rtnetlink
- LP: #1578497
- CVE-2016-4486
-- Kamal Mostafa <kamal@xxxxxxxxxxxxx> Tue, 24 May 2016 11:04:30 -0700
** Changed in: linux (Ubuntu Trusty)
Status: Fix Committed => Fix Released
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2015-4004
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2016-2069
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2016-3672
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2016-3951
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2016-3955
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux-lts-utopic in Ubuntu.
https://bugs.launchpad.net/bugs/1572316
Title:
oops when propagating mounts into containers - RIP:
0010:[<ffffffff8123cb3e>] [<ffffffff8123cb3e>]
propagate_one+0xbe/0x1c0
Status in linux package in Ubuntu:
Fix Released
Status in linux-lts-utopic package in Ubuntu:
Invalid
Status in linux source package in Trusty:
Fix Released
Status in linux-lts-utopic source package in Trusty:
Fix Committed
Status in linux source package in Vivid:
Fix Committed
Status in linux-lts-utopic source package in Vivid:
Invalid
Status in linux source package in Wily:
Fix Committed
Status in linux-lts-utopic source package in Wily:
Invalid
Status in linux source package in Xenial:
Fix Committed
Status in linux-lts-utopic source package in Xenial:
Invalid
Status in linux source package in Yakkety:
Fix Released
Status in linux-lts-utopic source package in Yakkety:
Invalid
Bug description:
SRU Justification:
Impact: Propagation to some mount tree configurations can cause the
kernel to oops. This is trivially reproducible using lxd.
Fix: Upstream cherry pick.
Regression Potential: Both Eric and I have tested the fix and believe
that the post-fix code will handle all cases the same as before except
for the ones which weren't being handled correctly. I believe the
regression potential is small.
---
If I use LXD on xenial with a configuration that does something like:
(/nfs in my case is an nfs mount, but based on the kernel code in
question anything is probably okay):
devices:
bind:
type: disk
source: /nfs
path: /nfs
recursive: "true"
and then start the container and on the host, do a new mount:
sudo mount $ipaddr:/some/nfs/path /nfs/newpath
You get the following kernel oops:
Apr 11 21:59:36 stock2 kernel: [ 1648.993034] Oops: 0000 [#1] SMP
Apr 11 21:59:36 stock2 kernel: [ 1648.993415] Modules linked in: binfmt_misc veth rpcsec_gss_krb5 auth_rpcgss nfsv4 nfs lockd grace fscache xt_CHECKSUM iptable_mangle xt_tcpudp ipt_MASQUERADE nf_nat_masquerade_ipv4 iptable_nat nf_conntrack_ipv4 nf_defrag_ipv4 nf_nat_ipv4 nf_nat nf_conntrack bridge stp llc iptable_filter ip_tables x_tables zfs(PO) zunicode(PO) zcommon(PO) znvpair(PO) spl(O) zavl(PO) ppdev kvm_intel parport_pc joydev kvm input_leds mac_hid irqbypass parport i2c_piix4 8250_fintek serio_raw ib_iser rdma_cm iw_cm ib_cm ib_sa ib_mad ib_core ib_addr sunrpc iscsi_tcp libiscsi_tcp libiscsi scsi_transport_iscsi autofs4 btrfs raid10 raid456 async_raid6_recov async_memcpy async_pq async_xor async_tx xor raid6_pq libcrc32c raid1 raid0 multipath linear cirrus ttm drm_kms_helper syscopyarea sysfillrect sysimgblt psmouse fb_sys_fops floppy drm pata_acpi
Apr 11 21:59:36 stock2 kernel: [ 1649.002015] CPU: 2 PID: 9449 Comm: mount.nfs Tainted: P O 4.4.0-18-generic #34+tych0201604111025
Apr 11 21:59:36 stock2 kernel: [ 1649.003037] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Ubuntu-1.8.2-1ubuntu1 04/01/2014
Apr 11 21:59:36 stock2 kernel: [ 1649.004042] task: ffff880074c1a580 ti: ffff880067d30000 task.ti: ffff880067d30000
Apr 11 21:59:36 stock2 kernel: [ 1649.004810] RIP: 0010:[<ffffffff8123cb3e>] [<ffffffff8123cb3e>] propagate_one+0xbe/0x1c0
Apr 11 21:59:36 stock2 kernel: [ 1649.005654] RSP: 0018:ffff880067d33d68 EFLAGS: 00010297
Apr 11 21:59:36 stock2 kernel: [ 1649.006211] RAX: ffff88003bb4ca80 RBX: ffff880074ad8300 RCX: ffff880074503500
Apr 11 21:59:36 stock2 kernel: [ 1649.006934] RDX: 0000000000000000 RSI: 000000000000019c RDI: 0000000000000000
Apr 11 21:59:36 stock2 kernel: [ 1649.007656] RBP: ffff880067d33d78 R08: ffff8800363bad80 R09: ffffffff813eac5c
Apr 11 21:59:36 stock2 kernel: [ 1649.008390] R10: ffffea00002b5800 R11: 0000000000018711 R12: ffff8800363ba600
Apr 11 21:59:36 stock2 kernel: [ 1649.009111] R13: ffff880067d33dc0 R14: ffff880074ad8300 R15: 0000000000000000
Apr 11 21:59:36 stock2 kernel: [ 1649.009835] FS: 00007f653eac4880(0000) GS:ffff88007cd00000(0000) knlGS:0000000000000000
Apr 11 21:59:36 stock2 kernel: [ 1649.010642] CS: 0010 DS: 0000 ES: 0000 CR0: 000000008005003b
Apr 11 21:59:36 stock2 kernel: [ 1649.011237] CR2: 0000000000000010 CR3: 0000000077a4e000 CR4: 00000000000006e0
Apr 11 21:59:36 stock2 kernel: [ 1649.011984] Stack:
Apr 11 21:59:36 stock2 kernel: [ 1649.012255] ffff880074ad8300 ffff8800363ba600 ffff880067d33db0 ffffffff8123d060
Apr 11 21:59:36 stock2 kernel: [ 1649.013070] ffff88003bb4ca80 ffff8800363ba600 ffff88000c211980 0000000000000000
Apr 11 21:59:36 stock2 kernel: [ 1649.013892] ffff880067d33e98 ffff880067d33df8 ffffffff8122dd97 ffff88003bb4c900
Apr 11 21:59:36 stock2 kernel: [ 1649.014751] Call Trace:
Apr 11 21:59:36 stock2 kernel: [ 1649.015053] [<ffffffff8123d060>] propagate_mnt+0x120/0x150
Apr 11 21:59:36 stock2 kernel: [ 1649.015643] [<ffffffff8122dd97>] attach_recursive_mnt+0x147/0x230
Apr 11 21:59:36 stock2 kernel: [ 1649.016286] [<ffffffff8122ded8>] graft_tree+0x58/0x90
Apr 11 21:59:36 stock2 kernel: [ 1649.016809] [<ffffffff8122df9e>] do_add_mount+0x8e/0xd0
Apr 11 21:59:36 stock2 kernel: [ 1649.017342] [<ffffffff8122ed70>] do_mount+0x2c0/0xe00
Apr 11 21:59:36 stock2 kernel: [ 1649.017863] [<ffffffff8122e924>] ? copy_mount_options+0xb4/0x220
Apr 11 21:59:36 stock2 kernel: [ 1649.018466] [<ffffffff8122fbdf>] SyS_mount+0x9f/0x100
Apr 11 21:59:36 stock2 kernel: [ 1649.018996] [<ffffffff818243b2>] entry_SYSCALL_64_fastpath+0x16/0x71
Apr 11 21:59:36 stock2 kernel: [ 1649.019631] Code: 39 90 d8 00 00 00 75 ec 8b b0 10 01 00 00 48 89 3d 80 e1 f8 00 48 89 05 81 e1 f8 00 39 b1 10 01 00 00 74 19 48 8b bf d8 00 00 00 <48> 8b 47 10 48 89 3d 5f e1 f8 00 48 89 05 60 e1 f8 00 8b 43 30
Apr 11 21:59:36 stock2 kernel: [ 1649.022395] RIP [<ffffffff8123cb3e>] propagate_one+0xbe/0x1c0
Apr 11 21:59:36 stock2 kernel: [ 1649.022990] RSP <ffff880067d33d68>
Apr 11 21:59:36 stock2 kernel: [ 1649.023362] CR2: 0000000000000010
Apr 11 21:59:36 stock2 kernel: [ 1649.027053] ---[ end trace 46ce79a38cba28a5 ]---
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1572316/+subscriptions
References