[patch] fix improper merge with overlayfs.
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
linux (Ubuntu) |
Fix Released
|
Medium
|
Andy Whitcroft |
Bug Description
It seems that during merge of this commit:
http://
into quantal kernel:
http://
there was a poor conflict resolution.
The point is that in vanilla 3.5 kernel the call to '__dentry_open' inside 'nameidata_to_filp' was expanded into separate call to 'do_dentry_open' and result post-processing. In the merged patch 'vfs_open' substitutes 'do_dentry_open' (instead of '__dentry_open') call resulting into post-processing done twice (in '__dentry_open' and 'nameidata_to_filp' itself). It leads to situation where filp is freed (after 'put_filp' in '__dentry_open') but further code assumes it's still alive even if error occurs.
Under heavy loads my system resulting effect is race condition where assumed to be alive filp has been already put and alloc'ed by other thread. Finally that leads to various kernel panics.
Attached patch expand 'vfs_open' call inside 'nameidata_to_filp' to fit behavior in vanilla kernel if 'i_op->open' is not provided.
tags: | added: patch |
Changed in linux (Ubuntu): | |
assignee: | nobody → Andy Whitcroft (apw) |
status: | Confirmed → In Progress |
tags: |
added: verification-done-quantal removed: verification-needed-quantal |
This bug is missing log files that will aid in diagnosing the problem. From a terminal window please run:
apport-collect 1122094
and then change the status of the bug to 'Confirmed'.
If, due to the nature of the issue you have encountered, you are unable to run this command, please add a comment stating that fact and change the bug status to 'Confirmed'.
This change has been made by an automated script, maintained by the Ubuntu Kernel Team.