Bugzilla – Bug 977198
[request] Backport overlay and union filesystem fixes
Last modified: 2016-08-01 20:25:36 UTC
We currently support Docker setups with overlay + ext4, however since commit 4bacc9c9234c ("overlayfs: Make f_path always point to the overlay and f_inode to the underlay") [merged in 4.5], this has been broken. Any setup involving overlay has been broken since 4.5.0. There is a fix in the current 4.6-rc5 preview: * d101a125954e ("fs: add file_dentry()") * be62a1a8fd11 ("nfs: use file_dentry()") * c0a37d487884 ("ext4: use file_dentry()") * de17e793b104 ("btrfs: fix crash/invalid memory access on fsync when using overlayfs") * 33b1395124c6 ("f2fs: use dget_parent and file_dentry in f2fs_file_open") Currently Leap doesn't have kernel 4.5.x, but Leap 42.2 will so this is a heads up. These fixes are *not* in 4.5.2, and were all added during the 4.6 merge windows. We should probably wait until the end of the 4.6 release cycle (there may be other filesystems that need to be updated to use file_dentry()). Note that this *does* affect Tumbleweed. I'd prefer if we use the same bug for both distributions (makes it easier to track). There's been issues in Docker's bug tracker about Docker on Tumbleweed[1]. [1]: https://github.com/docker/docker/issues/22131
(In reply to Aleksa Sarai from comment #0) > We currently support Docker setups with overlay + ext4, however since commit > 4bacc9c9234c ("overlayfs: Make f_path always point to the overlay and > f_inode to the underlay") [merged in 4.5], this has been broken. OK, this is included in 4.1.11, so we need the fix for Leap, too. > Any setup > involving overlay has been broken since 4.5.0. There is a fix in the current > 4.6-rc5 preview: > > * d101a125954e ("fs: add file_dentry()") > * be62a1a8fd11 ("nfs: use file_dentry()") > * c0a37d487884 ("ext4: use file_dentry()") > * de17e793b104 ("btrfs: fix crash/invalid memory access on fsync when using > overlayfs") > * 33b1395124c6 ("f2fs: use dget_parent and file_dentry in f2fs_file_open") > > Currently Leap doesn't have kernel 4.5.x, but Leap 42.2 will so this is a > heads up. These fixes are *not* in 4.5.2, and were all added during the 4.6 > merge windows. These fixes are included in 4.5.2, except for the last one for f2fs. So, the next TW update kernel will be mostly fine. Still the fix for f2fs is needed, though. > We should probably wait until the end of the 4.6 release > cycle (there may be other filesystems that need to be updated to use > file_dentry()). Right, there has been already a similar bug in CIFS, and Goldwyn pushed the fix (bsc#974527) to master branch. This seems missing in stable branch, though... > Note that this *does* affect Tumbleweed. I'd prefer if we use the same bug > for both distributions (makes it easier to track). There's been issues in > Docker's bug tracker about Docker on Tumbleweed[1]. > > [1]: https://github.com/docker/docker/issues/22131 OK, it's fine to keep the same bug# for both TW and Leap. I'm going to backport these fixes for Leap. Goldwyn, care to push the missing ones for stable branch?
The patches aren't cleanly applicable to 4.1.x. I guess that's the reason why they weren't included in 4.1.x stable tree. Could you give a simple test case that is reproduced on Leap?
The leap version does not support remote filesystems such as NFS, CIFS (specifically which require dentry revalidation) and that is why the merge fails. However, this is still an important fix. I will try to backport this. This would still not support remote filesystems, so NFS/CIFS patches will not be backported. > > Note that this *does* affect Tumbleweed. I'd prefer if we use the same bug > for both distributions (makes it easier to track). There's been issues in > Docker's bug tracker about Docker on Tumbleweed[1]. > > [1]: https://github.com/docker/docker/issues/22131 The latest kernel (kotd based on 4.6-rc5) for tumbleweed has these fixes so that should be fine.
(In reply to Goldwyn Rodrigues from comment #3) > The leap version does not support remote filesystems such as NFS, CIFS > (specifically which require dentry revalidation) and that is why the merge > fails. However, this is still an important fix. I will try to backport this. OK, thanks! > This would still not support remote filesystems, so NFS/CIFS patches will > not be backported. I see.
The patches have been accepted in opensuse 42.1 branch so I am closing this.
openSUSE-SU-2016:1641-1: An update that solves 19 vulnerabilities and has 17 fixes is now available. Category: security (important) Bug References: 945345,955654,963762,966245,966849,970506,971126,971799,973570,974308,975945,977198,978073,978401,978821,978822,979018,979213,979278,979548,979728,979867,979879,979913,980348,980371,980657,981058,981267,981344,982238,982239,982712,983143,983213,984460 CVE References: CVE-2013-7446,CVE-2016-0758,CVE-2016-1583,CVE-2016-2053,CVE-2016-3134,CVE-2016-3672,CVE-2016-3955,CVE-2016-4482,CVE-2016-4485,CVE-2016-4486,CVE-2016-4557,CVE-2016-4565,CVE-2016-4569,CVE-2016-4578,CVE-2016-4580,CVE-2016-4581,CVE-2016-4805,CVE-2016-4951,CVE-2016-5244 Sources used: openSUSE Leap 42.1 (src): kernel-debug-4.1.26-21.1, kernel-default-4.1.26-21.1, kernel-docs-4.1.26-21.2, kernel-ec2-4.1.26-21.1, kernel-obs-build-4.1.26-21.1, kernel-obs-qa-4.1.26-21.1, kernel-obs-qa-xen-4.1.26-21.1, kernel-pae-4.1.26-21.1, kernel-pv-4.1.26-21.1, kernel-source-4.1.26-21.1, kernel-syms-4.1.26-21.1, kernel-vanilla-4.1.26-21.1, kernel-xen-4.1.26-21.1