shiftfs: O_TMPFILE reports ESTALE
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
linux (Ubuntu) |
Fix Released
|
Undecided
|
Christian Brauner | ||
Eoan |
Fix Released
|
Undecided
|
Unassigned | ||
Focal |
Fix Released
|
Undecided
|
Unassigned |
Bug Description
SRU Justification
Impact: Christian Kellner reported that creating temporary files via O_TMPFILE shiftfs reports ESTALE. This can be reproduced via:
import tempfile
import os
def test():
with tempfile.
# re-open the file to get a read-only file descriptor
return open(f"
def main():
fd = test()
fd.close()
if __name__ == "__main__":
main()
a similar issue was reported here:
https:/
Fix: Our revalidate methods were very opinionated about whether or not a dentry was valid when we really should've just let the underlay tell us what's what. This has led to bugs where a ESTALE was returned for e.g. temporary files that were created and directly re-opened afterwards through /proc/<
I had also foolishly provided a .tmpfile method which so far only has caused us trouble. If we really need this then we can reimplement it properly but I doubt it. Remove it for now.
Regression Potential: Limited to shiftfs.
Test Case: Build a kernel with fix applied and run above reproducer.
CVE References
Changed in linux (Ubuntu): | |
assignee: | nobody → Christian Brauner (cbrauner) |
status: | New → Confirmed |
status: | Confirmed → In Progress |
description: | updated |
Changed in linux (Ubuntu Xenial): | |
status: | New → In Progress |
Changed in linux (Ubuntu Bionic): | |
status: | New → In Progress |
no longer affects: | linux (Ubuntu Bionic) |
no longer affects: | linux (Ubuntu Xenial) |
Changed in linux (Ubuntu Eoan): | |
status: | New → Fix Committed |
Changed in linux (Ubuntu Focal): | |
status: | New → Fix Committed |
tags: |
added: verification-done-eoan removed: verification-needed-eoan |
tags: |
added: verification-done-focal removed: verification-needed-focal |
Changed in linux (Ubuntu): | |
status: | In Progress → Fix Committed |
This bug is awaiting verification that the kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification- needed- eoan' to 'verification- done-eoan' . If the problem still exists, change the tag 'verification- needed- eoan' to 'verification- failed- eoan'.
If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.
See https:/ /wiki.ubuntu. com/Testing/ EnableProposed for documentation how to enable and use -proposed. Thank you!