Bug#809834: linux: jessie-security regression: aufs/docker hang caused by "mm: make sendfile(2) killable"
Package: linux-image-3.16.0-4-amd64
Version: 3.16.7-ckt20-1+deb8u1
Severity: important
As described in [1] a commit from 3.16.7-ckt20 [2] included in
3.16.7-ckt20-1+deb8u1 in Debian causes a regression meaning java
processes hang whilst exiting. Most commonly this is observed in docker
setups.
Although the change wasn't in the AUFS code, the AUFS developers have
said that it should be fixed in AUFS[3]. Such a change would be a strong
candidate for inclusion in a future update.
It appears that the change in Linux is potentially security-relevant, so
reverting it doesn't seem to be an option.
Meanwhile the most obvious workaroud is to revert to 3.16.7-ckt11-1+deb8u3.
A side note: I was unable to browse bugs reported against src:linux in
the BTS today (HTTP 500 error, reported to owner@) so apologies if this
is a duplicate - but I couldn't see anything relevant in the debian-kernel
archives.
Thanks,
Dominic.
[1] <https://github.com/docker/docker/issues/18180>
[2] <http://kernel.ubuntu.com/git/ubuntu/linux.git/commit/?h=linux-3.16.y&id=475a23000dd8d2f264bab9d6eb71a2a6b9d4de72>
[3] <http://article.gmane.org/gmane.linux.file-systems.aufs.user/5343>
Reply to: