Bug#809834: linux: jessie-security regression: aufs/docker hang caused by "mm: make sendfile(2) killable"

[Dominic Hargreaves <dom@earth.li>]

On Mon, Jan 04, 2016 at 03:12:08PM +0000, Dominic Hargreaves wrote:
> Package: linux-image-3.16.0-4-amd64
> Version: 3.16.7-ckt20-1+deb8u1
> Severity: important
> 
> As described in [1] a commit from 3.16.7-ckt20 [2] included in
> 3.16.7-ckt20-1+deb8u1 in Debian causes a regression meaning java
> processes hang whilst exiting. Most commonly this is observed in docker
> setups.
> 
> Although the change wasn't in the AUFS code, the AUFS developers have
> said that it should be fixed in AUFS[3]. Such a change would be a strong
> candidate for inclusion in a future update.
> 
> It appears that the change in Linux is potentially security-relevant, so
> reverting it doesn't seem to be an option.
> 
> Meanwhile the most obvious workaroud is to revert to 3.16.7-ckt11-1+deb8u3.

aufs upstream released[1] a patch for aufs4 - I *think* this[2] is the
one (for Linux 4.1.13+).

As far as I can see there is no aufs3 update (and in any case aufs3
upstream doesn't seem to be think that 3.16.x is supported[3]), but
this might be enough to allow you to look at a fix for this regression
in jessie?

Thanks,
Dominic.

[1] <http://thread.gmane.org/gmane.linux.file-systems.aufs.user/5345>
[2] <https://github.com/sfjro/aufs4-linux/commit/f60d586b7b8cae42bacc603d192810db85278d3c>
[3] <http://aufs.sourceforge.net/>