Bug#969223: Can't rm directory on overlayfs in userns
On Wed, Mar 03, 2021 at 11:30:20AM +0100, Nicolas Schier wrote: > On Wed 03 Mar 2021 17:33:16 GMT Shengjing Zhu write: > > > > On Wed, Mar 3, 2021 at 3:40 PM Nicolas Schier wrote: > > > > [2]: > > > > https://lore.kernel.org/linux-unionfs/CAJfpegsiuf8ib5cvVrr=zhz+xu7bmmtt2eyapseudmpcrbu...@mail.gmail.com/T/#t > > > > > > The overlay fs patchset [2] has been merged and with v5.10.13 (tested > > > on linux-image-5.10.0-3-arm64) the issue is no more reproducible for > > > me. Might you want to re-check on your site? > > > > > > > If I understand correctly, the upstream patch is merged into the v5.11 tree. > > Sorry. Yes, you're right. > > > And I still can reproduce the error on the Debian v5.10 kernel. > > That confuses me quite a bit. I did it once again on an ext4 mount > (still the 5.10.0-3-arm64 kernel): > > nsc@lillesand:/tmp$ cat > /sys/module/overlay/parameters/permit_mounts_in_userns > Y > nsc@lillesand:/tmp$ mkdir -p test/lower/a test/merged test/upper test/work > nsc@lillesand:/tmp$ uname -a | tee test/lower/a/a > Linux lillesand 5.10.0-3-arm64 #1 SMP Debian 5.10.13-1 (2021-02-06) aarch64 > GNU/Linux > nsc@lillesand:/tmp$ unshare -m -U -r > root@lillesand:/tmp# mount -t overlay -o > rw,lowerdir=/tmp/test/lower,upperdir=/tmp/test/upper,workdir=/tmp/test/work > overlay /tmp/test/merged > root@lillesand:/tmp# rm -rf test/merged/a > root@lillesand:/tmp# find test -ls > 1597776 4 drwxr-xr-x 6 root root 4096 mars 3 08:24 > test > 1973978 4 drwxr-xr-x 2 root root 4096 mars 3 08:27 > test/upper > 2099881 0 c- 1 root root 0, 0 mars 3 08:27 > test/upper/a > 1973978 4 drwxr-xr-x 1 root root 4096 mars 3 08:27 > test/merged > 1714388 4 drwxr-xr-x 3 root root 4096 mars 3 08:24 > test/lower > 1714389 4 drwxr-xr-x 2 root root 4096 mars 3 08:27 > test/lower/a > 1714393 4 -rw-r--r-- 1 root root 86 mars 3 10:48 > test/lower/a/a > 1973979 4 drwxr-xr-x 3 root root 4096 mars 3 10:48 > test/work > 2099880 4 d- 2 root root 4096 mars 3 10:48 > test/work/work > root@lillesand:/tmp# > zsj@debian:~$ cat /sys/module/overlay/parameters/permit_mounts_in_userns Y zsj@debian:~/t$ mkdir -p test/lower/a test/merged test/upper test/work zsj@debian:~/t$ uname -a | tee test/lower/a/a Linux debian 5.10.0-3-amd64 #1 SMP Debian 5.10.13-1 (2021-02-06) x86_64 GNU/Linux zsj@debian:~/t$ unshare -m -U -r root@debian:~/t# mount -t overlay -o rw,lowerdir=./test/lower,upperdir=./test/upper,workdir=./test/work overlay ./test/merged/ root@debian:~/t# rm -rf ./test/merged/a rm: cannot remove './test/merged/a': Input/output error root@debian:~/t# find test -ls 7350352 4 drwxr-xr-x 6 root root 4096 Mar 3 22:44 test 7351341 4 drwxr-xr-x 3 root root 4096 Mar 3 22:44 test/lower 7353492 4 drwxr-xr-x 2 root root 4096 Mar 3 22:44 test/lower/a 7356441 4 -rw-r--r-- 1 root root 82 Mar 3 22:44 test/lower/a/a 7356069 4 drwxr-xr-x 3 root root 4096 Mar 3 22:45 test/work 7358324 4 d- 2 root root 4096 Mar 3 22:45 test/work/work 7358564 0 c- 2 root root 0, 0 Mar 3 22:45 test/work/work/#4 7354400 4 drwxr-xr-x 3 root root 4096 Mar 3 22:44 test/upper 7358563 4 drwxr-xr-x 2 root root 4096 Mar 3 22:45 test/upper/a 7358564 0 c- 2 root root 0, 0 Mar 3 22:45 test/upper/a/a 7354400 4 drwxr-xr-x 1 root root 4096 Mar 3 22:44 test/merged 7353492 4 drwxr-xr-x 1 root root 4096 Mar 3 22:45 test/merged/a > Do you see any kernel log message from overlay fs? Might it depend on > the underlying filesystem? Can you create a white-out char dev node > manually? > [1215353.859717] Setting dangerous option permit_mounts_in_userns - tainting kernel [1215353.859841] overlayfs: overlayfs: Allowing overlay mounts in user namespaces bears security risks [1215425.416543] overlayfs: upper fs does not support xattr, falling back to index=off and metacopy=off. The underlying fs is ext4. zsj@debian:~/t$ mount|grep nvme /dev/nvme0n1p2 on / type ext4 (rw,relatime,errors=remount-ro) /dev/nvme0n1p4 on /home type ext4 (rw,relatime) /dev/nvme0n1p1 on /boot/efi type vfat (rw,relatime,fmask=0077,dmask=0077,codepage=437,iocharset=ascii,shortname=mixed,utf8,errors=remount-ro) I don't know how to test "create a white-out char dev node manually". Thanks
Bug#969223: Can't rm directory on overlayfs in userns
On Wed, Mar 3, 2021 at 3:40 PM Nicolas Schier wrote: > > [2]: > > https://lore.kernel.org/linux-unionfs/CAJfpegsiuf8ib5cvVrr=zhz+xu7bmmtt2eyapseudmpcrbu...@mail.gmail.com/T/#t > > The overlay fs patchset [2] has been merged and with v5.10.13 (tested > on linux-image-5.10.0-3-arm64) the issue is no more reproducible for > me. Might you want to re-check on your site? > If I understand correctly, the upstream patch is merged into the v5.11 tree. And I still can reproduce the error on the Debian v5.10 kernel. And another thing is that the upstream patch introduces a new mount option, userxattr, instead of module parameter. -- Shengjing Zhu
Bug#969223: Can't rm directory on overlayfs in userns
On Thu, Sep 17, 2020 at 2:52 AM Nicolas Schier wrote: > > > I think I just mess up when debugging. It seems it never works. > > > > Maybe we should revert permit_mounts_in_userns? as it doesn't seem to > > work. Buster is also affected. > > Please, don't be too fast when thinking about a revert. Several of my > colleagues (Debian users) cling to the feature since they need it for > using the company's LXC containers; if permit_mounts_in_userns is > removed again, they might be forced to switch to non-Debian kernels or > to live-patch the kernel with fragile stuff like [1], cp. #913880. I mean if you can't even remove a directory with files, it's too broken to use. So your colleagues find the userns overlay works? Or you mean we should take Ubuntu's patch to fix the issue? -- Shengjing Zhu
Bug#969223: Can't rm directory on overlayfs in userns
On Wed, Sep 16, 2020 at 3:58 PM Nicolas Schier wrote: > > If I upgrade a debian10 VM to testing, it seems to work. > > However if I boot a new debian testing VM, it seems not to work. > > Both VMs are downloaded from http://cdimage.debian.org/cdimage/cloud/ > > What can be the difference here? I'm lost on debugging this.. > > This confuses me. Are you sure, you used the same kernel version on > both VMs when mounting overlayfs in userns? > I think I just mess up when debugging. It seems it never works. Maybe we should revert permit_mounts_in_userns? as it doesn't seem to work. Buster is also affected. -- Shengjing Zhu
Bug#969223: Can't rm directory on overlayfs in userns
On Sat, Aug 29, 2020 at 10:13 PM Shengjing Zhu wrote: > > Source: linux > Version: 5.7.10-1 > Severity: normal > > Hi, > > After enabling overlayfs for userns, I find it doesn't work as expected. > > $ cat /sys/module/overlay/parameters/permit_mounts_in_userns > Y > > zsj@debian:~/test$ pwd > /home/zsj/test > zsj@debian:~/test$ tree > . > ├── lower > │ └── a > │ └── a > ├── merged > ├── upper > └── work > > zsj@debian:~/test$ unshare -m -U -r > root@debian:~/test# mount -t overlay -o > rw,lowerdir=/home/zsj/test/lower,upperdir=/home/zsj/test/upper,workdir=/home/zsj/test/work > overlay /home/zsj/test/merged > root@debian:~/test# rm -rf merged/a > rm: cannot remove 'merged/a': Input/output error > > -- System Information: > Debian Release: bullseye/sid > APT prefers testing > APT policy: (500, 'testing') > Architecture: amd64 (x86_64) > > Kernel: Linux 5.7.0-2-amd64 (SMP w/4 CPU threads) > Kernel taint flags: TAINT_USER, TAINT_FIRMWARE_WORKAROUND > Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE not > set > Shell: /bin/sh linked to /usr/bin/dash > Init: systemd (via /run/systemd/system) If I upgrade a debian10 VM to testing, it seems to work. However if I boot a new debian testing VM, it seems not to work. Both VMs are downloaded from http://cdimage.debian.org/cdimage/cloud/ What can be the difference here? I'm lost on debugging this.. -- Shengjing Zhu
Bug#969223: Can't rm directory on overlayfs in userns
Source: linux Version: 5.7.10-1 Severity: normal Hi, After enabling overlayfs for userns, I find it doesn't work as expected. $ cat /sys/module/overlay/parameters/permit_mounts_in_userns Y zsj@debian:~/test$ pwd /home/zsj/test zsj@debian:~/test$ tree . ├── lower │ └── a │ └── a ├── merged ├── upper └── work zsj@debian:~/test$ unshare -m -U -r root@debian:~/test# mount -t overlay -o rw,lowerdir=/home/zsj/test/lower,upperdir=/home/zsj/test/upper,workdir=/home/zsj/test/work overlay /home/zsj/test/merged root@debian:~/test# rm -rf merged/a rm: cannot remove 'merged/a': Input/output error -- System Information: Debian Release: bullseye/sid APT prefers testing APT policy: (500, 'testing') Architecture: amd64 (x86_64) Kernel: Linux 5.7.0-2-amd64 (SMP w/4 CPU threads) Kernel taint flags: TAINT_USER, TAINT_FIRMWARE_WORKAROUND Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE not set Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system)
Bug#902966: pstore: crypto_comp_decompress failed
Package: src:linux Version: 4.17.3-1 Severity: normal Dear Maintainer, Updating to 4.17, dmesg shows pstore: crypto_comp_decompress failed I didn't know what's pstore used for, maybe efi? Looking at config, maybe some pstore_*_compress should be set? grep -i pstore /boot/config-4.17.0-1-amd64 CONFIG_CHROMEOS_PSTORE=m CONFIG_EFI_VARS_PSTORE=m # CONFIG_EFI_VARS_PSTORE_DEFAULT_DISABLE is not set CONFIG_PSTORE=y CONFIG_PSTORE_DEFLATE_COMPRESS=y # CONFIG_PSTORE_LZO_COMPRESS is not set # CONFIG_PSTORE_LZ4_COMPRESS is not set # CONFIG_PSTORE_LZ4HC_COMPRESS is not set # CONFIG_PSTORE_842_COMPRESS is not set CONFIG_PSTORE_COMPRESS=y CONFIG_PSTORE_DEFLATE_COMPRESS_DEFAULT=y CONFIG_PSTORE_COMPRESS_DEFAULT="deflate" # CONFIG_PSTORE_CONSOLE is not set # CONFIG_PSTORE_PMSG is not set # CONFIG_PSTORE_FTRACE is not set CONFIG_PSTORE_RAM=m -- Package-specific info: ** Version: Linux version 4.17.0-1-amd64 (debian-kernel@lists.debian.org) (gcc version 7.3.0 (Debian 7.3.0-24)) #1 SMP Debian 4.17.3-1 (2018-07-02) ** Command line: initrd=\EFI\debian\initrd.img root=PARTUUID=71249354-e7c1-4e69-bd05-608837ff5c42 rootfstype=ext4 ** Tainted: C (1024) * Module from drivers/staging has been loaded. ** Kernel log: [3.979407] pstore: decompression failed: -22 [3.979479] pstore: crypto_comp_decompress failed, ret = -22! [3.979479] pstore: decompression failed: -22 [3.979551] pstore: crypto_comp_decompress failed, ret = -22! [3.979552] pstore: decompression failed: -22 [3.979624] pstore: crypto_comp_decompress failed, ret = -22! [3.993509] intel_rapl: Found RAPL domain package [3.994563] pstore: decompression failed: -22 [3.995407] intel_rapl: Found RAPL domain core [3.996682] pstore: crypto_comp_decompress failed, ret = -22! [3.997418] intel_rapl: Found RAPL domain uncore [3.998554] pstore: decompression failed: -22 [3.998645] pstore: crypto_comp_decompress failed, ret = -22! [3.999333] intel_rapl: Found RAPL domain dram [4.000469] pstore: decompression failed: -22 [4.117259] brcmfmac: brcmf_fw_alloc_request: using brcm/brcmfmac4350-pcie for chip BCM4350/8 [4.117743] pstore: Registered efi as persistent store backend [4.118512] brcmfmac :3a:00.0: firmware: failed to load brcm/brcmfmac4350-pcie.clm_blob (-2) [4.319451] brcmfmac :3a:00.0: Direct firmware load for brcm/brcmfmac4350-pcie.clm_blob failed with error -2 [4.319453] brcmfmac: brcmf_c_process_clm_blob: no clm_blob available (err=-2), device may have limited channels available [4.319926] input: Dell WMI hotkeys as /devices/platform/PNP0C14:01/wmi_bus/wmi_bus-PNP0C14:01/9DBB5994-A997-11DA-B012-B622A1EF5492/input/input13 [4.320113] brcmfmac: brcmf_c_preinit_dcmds: Firmware: BCM4350/8 wl0: Oct 22 2015 06:16:26 version 7.35.180.119 (r594535) FWID 01-e791c176 [4.342410] Adding 3906556k swap on /dev/nvme0n1p4. Priority:-2 extents:1 across:3906556k SSFS [4.376820] EXT4-fs (nvme0n1p5): mounted filesystem with ordered data mode. Opts: (null) [4.378394] input: HDA Digital PCBeep as /devices/pci:00/:00:1f.3/sound/card0/input12 [4.381003] input: HDA Intel PCH Headphone Mic as /devices/pci:00/:00:1f.3/sound/card0/input14 [4.381050] input: HDA Intel PCH HDMI/DP,pcm=3 as /devices/pci:00/:00:1f.3/sound/card0/input15 [4.381093] input: HDA Intel PCH HDMI/DP,pcm=7 as /devices/pci:00/:00:1f.3/sound/card0/input16 [4.381135] input: HDA Intel PCH HDMI/DP,pcm=8 as /devices/pci:00/:00:1f.3/sound/card0/input17 [4.381177] input: HDA Intel PCH HDMI/DP,pcm=9 as /devices/pci:00/:00:1f.3/sound/card0/input18 [4.381220] input: HDA Intel PCH HDMI/DP,pcm=10 as /devices/pci:00/:00:1f.3/sound/card0/input19 [4.523423] brcmfmac :3a:00.0 wlp58s0: renamed from wlan0 [4.552166] input: DLL0704:01 06CB:76AE Touchpad as /devices/pci:00/:00:15.1/i2c_designware.1/i2c-8/i2c-DLL0704:01/0018:06CB:76AE.0002/input/input21 [4.553357] hid-multitouch 0018:06CB:76AE.0002: input,hidraw1: I2C HID v1.00 Mouse [DLL0704:01 06CB:76AE] on i2c-DLL0704:01 [4.662333] media: Linux media interface: v0.10 [4.672019] Linux video capture interface: v2.00 [4.725124] tun: Universal TUN/TAP device driver, 1.6 [4.725831] Bluetooth: Core ver 2.22 [4.727165] NET: Registered protocol family 31 [4.728338] Bluetooth: HCI device and connection manager initialized [4.729884] Bluetooth: HCI socket layer initialized [4.731053] Bluetooth: L2CAP socket layer initialized [4.731804] Bluetooth: SCO socket layer initialized [4.735967] uvcvideo: Found UVC 1.00 device Integrated_Webcam_HD (0c45:670c) [4.769924] usbcore: registered new interface driver btusb [4.787516] uvcvideo 1-5:1.0: Entity type for entity Extension 4 was not initialized! [4.788399] uvcvideo 1-5:1.0: Entity type for entity Extension 3 was not initialized! [4.789657] uvcvideo 1-5:1.0: Entity type for entity
Bug#901492: Bug#901134: RFS: anbox-modules/0.0~git20180608-1 [ITP]
On Sat, Jun 23, 2018 at 1:04 AM Ben Hutchings wrote: > I needed to make some small changes to build them as modules. The next > upload using Linux 4.17 should include ashmem_linux and binder_linux > modules for amd64, arm64 and armhf. > Thanks for your time! -- Best regards, Shengjing Zhu
Bug#901492: linux: Please enable Android ashmem and binder module
Source: linux Severity: wishlist Dear Maintainer, Could you add Android ashmem and binder modules to config? These modules are needed to run Android inside a container. To run Android inside container, you can use something like Anbox[1]. Related bug is #884797 ITP: anbox -- Run Android applications on any GNU/Linux operating system #901130 ITP: anbox-modules -- Android kernel driver (binder, ashmem) in DKMS format This will obsolete #901130. [1] https://github.com/anbox/anbox Thanks Shengjing Zhu signature.asc Description: PGP signature
Bug#867358: mips/mipsel: mips-linux-gnu-gccgo-7: waitid: bad address
On Sat, 12 Aug 2017 23:01:00 +0100 Ben Hutchings <b...@decadent.org.uk> wrote: > > Hmm, I may have made a typo with that link. Here's the real one: > > https://www.linux-mips.org/archives/linux-mips/2017-03/msg00575.html > > > > > James - assuming I guessed correctly above, why is it that the second > > > patch "MIPS: Remove pt_regs adjustments in indirect syscall handler" > > > hasn't been applied? Was this fixed some other way upstream? > > > > I've just tried with v4.13-rc1 and the bug is still not fixed there. My > > guess is that the first patch is more obviously correct than the second > > one so was applied first. I have never received any feedback on these > > patches so I don't actually know why only one of them was applied. > > I'm certainly not able to review this patch, so I won't apply it until > it's either accepted upstream or reviewed by Aurelien or another MIPS > porter. > Ben, James' two patches are included in 4.13. Forget to close this bug in latest upload to unstable? Best regards, Shengjing Zhu
Bug#844416: firmware-misc-nonfree: Missing some kbl, bxt, skl firmware for i915
Package: firmware-misc-nonfree Version: 20160824-1 Severity: normal Dear Maintainer, After upgrade to linux kernel 4.8, the update-initramfs program reports missing the following firmwares: W: Possible missing firmware /lib/firmware/i915/kbl_dmc_ver1_01.bin for module i915 W: Possible missing firmware /lib/firmware/i915/kbl_guc_ver9_14.bin for module i915 W: Possible missing firmware /lib/firmware/i915/bxt_guc_ver8_7.bin for module i915 W: Possible missing firmware /lib/firmware/i915/skl_guc_ver6_1.bin for module i915 I find these files are in the source package, but not installed. Please install them. signature.asc Description: PGP signature
Bug#829529: linux-image-4.6.0-1-amd64: Please enable intel hid module
Package: src:linux Version: 4.6.2-2 Severity: wishlist Dear Maintainer, intel-hid module supports various hid events including hotkeys. Dell XPS 13 9350 requires it for wireless hotkey. http://permalink.gmane.org/gmane.linux.drivers.platform.x86.devel/8161 I wish you could enable this module. This module is available in kernel 4.6 -- System Information: Debian Release: stretch/sid APT prefers testing APT policy: (500, 'testing') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 4.6.0-1-amd64 (SMP w/4 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=zh_CN.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) Versions of packages linux-image-4.6.0-1-amd64 depends on: ii initramfs-tools [linux-initramfs-tool] 0.125 ii kmod22-1.1 ii linux-base 4.3 Versions of packages linux-image-4.6.0-1-amd64 recommends: ii firmware-linux-free 3.4 ii irqbalance 1.1.0-2 Versions of packages linux-image-4.6.0-1-amd64 suggests: pn debian-kernel-handbook ii grub-efi2.02~beta2-36 pn linux-doc-4.6 Versions of packages linux-image-4.6.0-1-amd64 is related to: pn firmware-amd-graphics pn firmware-atheros pn firmware-bnx2 pn firmware-bnx2x ii firmware-brcm8021120160110-1 pn firmware-cavium pn firmware-intel-sound pn firmware-intelwimax pn firmware-ipw2x00 pn firmware-ivtv pn firmware-iwlwifi pn firmware-libertas pn firmware-linux-nonfree ii firmware-misc-nonfree 20160110-1 pn firmware-myricom pn firmware-netxen pn firmware-qlogic pn firmware-realtek pn firmware-samsung pn firmware-siano pn firmware-ti-connectivity pn xen-hypervisor -- no debconf information
