← Back to team overview

kernel-packages team mailing list archive

[Bug 1371316] Re: Please cherry-pick an aufs patch to unbreak it in conjunction with IMA

 

This bug is awaiting verification that the kernel in -proposed solves
the problem. Please test the kernel and update this bug with the
results. If the problem is solved, change the tag 'verification-needed-
trusty' to 'verification-done-trusty'.

If verification is not done by 5 working days from today, this fix will
be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how
to enable and use -proposed. Thank you!


** Tags added: verification-needed-trusty

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1371316

Title:
  Please cherry-pick an aufs patch to unbreak it in conjunction with IMA

Status in “linux” package in Ubuntu:
  Invalid
Status in “linux-lts-trusty” package in Ubuntu:
  Invalid
Status in “linux” source package in Precise:
  Invalid
Status in “linux-lts-trusty” source package in Precise:
  In Progress
Status in “linux” source package in Trusty:
  Fix Committed
Status in “linux-lts-trusty” source package in Trusty:
  Invalid

Bug description:
  SRU justification

  Impact: when using IMA with aufs in trusty potential exists for very
  hard to diagnose lockups.

  Testcase: enable IMA and use an aufs filesystem.

  Regression Potential: the fix is an upstream cherry-pick from the version of
  aufs in Utopic which is used widly for lxc there so regression potential is low.  The fix removes code which also lessens the risk.

  ===

  The trusty kernel misses the following patch that already landed in
  utopic with the recent aufs update:

  https://github.com/sfjro/aufs3-linux/commit/7aac34b421441b701cd0e6de4685b51e4c462d67

  This unbreaks aufs with IMA (Integrity Measurement Architecture)
  enabled. When IMA is enabled and mmaps are being tracked, the kernel
  hits a lock ordering bug because a needed semaphore is already held.
  This patch fixes this issue by not calling out to IMA for the access
  to the underlying file. However IMA will still see the access to the
  file in the merged aufs, which should be good enough.

  Please cherry-pick above patch.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1371316/+subscriptions


References