Bugzilla – Bug 1007035
POSIX ACL support broken by kernel-desktop-3.16.7-45
Last modified: 2016-11-29 19:12:16 UTC
It seems that kernel-desktop-3.16.7-45 breaks POSIX ACL support: Logind cannot set access rights for relevant device files and writes the error message "Invalid argument" to the log. setfacl gives me the same error message when I try to set ACLs for a regular file. Therefore audio output does not work (only dummy output device is used) unless the user is a member of the "audio" group. Video playback fails with an "Access denied" error, too. These problems do not show up when booting the previous kernel-desktop-3.16.7-42.
*** Bug 1006983 has been marked as a duplicate of this bug. ***
Through a quick glance, the easy suspect is the patch patches.fixes/0001-posix_acl-Add-set_posix_acl.patch I'm building a test kernel with the revert of the patch (and the nfs one) in OBS home:tiwai:bnc1006938 repo. It'll take some time until the build finishes, and appear at http://download.opensuse.org/repositories/home:/tiwai:/bnc1006983/standard/ Once when the package is published, please try it to see whether this recovers the problem.
*** Bug 1006969 has been marked as a duplicate of this bug. ***
*** Bug 1007056 has been marked as a duplicate of this bug. ***
The openSUSE 13.2 or rpm-3.16.7-45 version of that patch is missing the check of the second posix_acl_xattr_set argument if (strcmp(name, "") != 0 before the EINVAL return, so there's just an empty line: http://kernel.suse.com/cgit/kernel/tree/fs/posix_acl.c?h=rpm-3.16.7-45#n819 This makes posix_acl_xattr_set always return -EINVAL.
(In reply to Takashi Iwai from comment #2) > Through a quick glance, the easy suspect is the patch > patches.fixes/0001-posix_acl-Add-set_posix_acl.patch > > I'm building a test kernel with the revert of the patch (and the nfs one) in > OBS home:tiwai:bnc1006938 repo. It'll take some time until the build > finishes, and appear at > http://download.opensuse.org/repositories/home:/tiwai:/bnc1006983/standard/ > > Once when the package is published, please try it to see whether this > recovers the problem. Works for me, at the very least it solves (boo#1006969) and (boo#1006983) for me.
I can confirm it breaks my internal NTFS mounted HDDs as well. Please can we yank this update kernel-desktop-3.16.7-45 for it breaks other folks systems ?
As far as I can tell, this kernel update also patched the "dirtycow" bug, so it's fairly important that it be applied to people's systems. On my system, I can no longer mount external media without using the command line, since udisks2 tries to set an ACL and fails. Might there be justification for increasing the priority of this bug report?
(In reply to Stefan Backens from comment #5) > The openSUSE 13.2 or rpm-3.16.7-45 version of that patch is missing the > check of the second posix_acl_xattr_set argument > if (strcmp(name, "") != 0 > before the EINVAL return, so there's just an empty line: > http://kernel.suse.com/cgit/kernel/tree/fs/posix_acl.c?h=rpm-3.16.7-45#n819 > > This makes posix_acl_xattr_set always return -EINVAL. Indeed the patch must be buggy! I'm building another kernel package with just removing that bogus line in OBS home:tiwai:bnc1007035 repo. It'll appear at http://download.opensuse.org/repositories/home:/tiwai:/bnc1007035/standard/ Once after the build finishes, please test it, everyone. Once when confirmed, we can submit as a quick fix update.
Uprated to critical as breaks so much stuff.
once a fix is found we can start a new kernel update with it.
(In reply to Takashi Iwai from comment #9) > > Indeed the patch must be buggy! > > I'm building another kernel package with just removing that bogus line in > OBS home:tiwai:bnc1007035 repo. It'll appear at > > http://download.opensuse.org/repositories/home:/tiwai:/bnc1007035/standard/ > > Once after the build finishes, please test it, everyone. Once when > confirmed, we can submit as a quick fix update. Built it locally and it works for me.
Confirming the problem, I have now the same problem on my five computers, all running opensuse 13.2; 3 with 32 bits and 2 with 64 bits architecture. After kernel update to version 3.16.7.45, no sound at all to "users" members. Logging in with root, the sound works, but it seems to be working via "alsa" instead "pulseaudio" as I could infer from kmix showed controls. I could "solve" the problem, as indicated by a opensuse community member, putting the user I wish sound working into "audio" group [Yast - Users and group Management, editing user properties]. Reboot is necessary. Also confirming, the update process to problematic kernel was extremely slow. Zypper was unable to make it. I used yast online update. Here my new "uname -a", showing the problematic kernel. Linux harpia 3.16.7-45-desktop #1 SMP PREEMPT Fri Oct 21 12:20:02 UTC 2016 (f3e3fc4) x86_64 x86_64 x86_64 GNU/Linux Waiting for solution.... Thanks! Anonimoculto - BH - MG - Brazil - October 26, 2016.
Not only sound, all peripherals without access permissions for "users". Confirming too, not only sound has stopped working. Access to "radio0", "video0" (tv card) and "video1" (camera) devices also denied... The problem is "systemic". Anonimoculto - BH - MG - Brazil - October 26, 2016.
Can anyone test the kernel in comment 9?
(In reply to Takashi Iwai from comment #18) > Can anyone test the kernel in comment 9? The kernel from home:tiwai:bnc1007035 resolves the issue for me.
I don't see an update - what did you test? I tried to install kernel-desktop-3.16.7-1.1.g8c027f6.x86_64 and I get: package kernel-desktop-3.16.7-35.1.x86_64 (which is newer than kernel-desktop-3.16.7-1.1.g8c027f6.x86_64) is already installed package kernel-desktop-3.16.7-45.1.x86_64 (which is newer than kernel-desktop-3.16.7-1.1.g8c027f6.x86_64) is already installed Shouldn't the new kernel be name 7-45.2? I apologize in advance as I have 4-servers now not mounting USB HDD in a remote location overseas. This is a real surprise to me that an update broken something so useful.
(In reply to David Kane from comment #20) > I don't see an update - what did you test? > > I tried to install kernel-desktop-3.16.7-1.1.g8c027f6.x86_64 and I get: > > package kernel-desktop-3.16.7-35.1.x86_64 (which is newer than > kernel-desktop-3.16.7-1.1.g8c027f6.x86_64) is already installed > > package kernel-desktop-3.16.7-45.1.x86_64 (which is newer than > kernel-desktop-3.16.7-1.1.g8c027f6.x86_64) is already installed > > Shouldn't the new kernel be name 7-45.2? This is merely a test kernel package in a different repository, so it has a smaller release-number. Install forcibly with --oldpackage option.
Now I submitted the update via SRID 437514. Jeff, please merge my branch to the main openSUSE-13.2 branch later. Thanks.
This is an autogenerated message for OBS integration: This bug (1007035) was mentioned in https://build.opensuse.org/request/show/437514 13.2 / kernel-source
*** Bug 1007341 has been marked as a duplicate of this bug. ***
*** Bug 1007382 has been marked as a duplicate of this bug. ***
*** Bug 1007436 has been marked as a duplicate of this bug. ***
openSUSE-RU-2016:2666-1: An update that has one recommended fix can now be installed. Category: recommended (important) Bug References: 1007035 CVE References: Sources used: openSUSE 13.2 (src): bbswitch-0.8-3.24.1, cloop-2.639-14.24.1, crash-7.0.8-24.1, hdjmod-1.28-18.25.1, ipset-6.23-24.1, kernel-debug-3.16.7-48.1, kernel-default-3.16.7-48.1, kernel-desktop-3.16.7-48.1, kernel-docs-3.16.7-48.2, kernel-ec2-3.16.7-48.1, kernel-obs-build-3.16.7-48.3, kernel-obs-qa-3.16.7-48.1, kernel-obs-qa-xen-3.16.7-48.1, kernel-pae-3.16.7-48.1, kernel-source-3.16.7-48.1, kernel-syms-3.16.7-48.1, kernel-vanilla-3.16.7-48.1, kernel-xen-3.16.7-48.1, pcfclock-0.44-260.24.1, vhba-kmp-20140629-2.24.1, virtualbox-5.0.28-59.1, xen-4.4.4_05-53.1, xtables-addons-2.6-26.1
*** Bug 1007135 has been marked as a duplicate of this bug. ***
Update was released today, please re-open if required
The updated version is still not visible in Yast or apper, even after repositories refresh. Something wrong in the release process or normal delay ?
This is an abnormal delay, problem in the build service.
3.16.7-48.1 is in the update repo now.
*** Bug 1007658 has been marked as a duplicate of this bug. ***
with (the new kernel) # uname -a Linux linux01 3.16.7-45-desktop #1 SMP PREEMPT Fri Oct 21 12:20:02 UTC 2016 (f3e3fc4) x86_64 x86_64 x86_64 GNU/Linux →the sound is STILL not working…
(In reply to Andreas Otto from comment #34) > with (the new kernel) > > # uname -a > Linux linux01 3.16.7-45-desktop #1 SMP PREEMPT Fri Oct 21 12:20:02 UTC 2016 > (f3e3fc4) x86_64 x86_64 x86_64 GNU/Linux > > →the sound is STILL not working… error→forget this info !!
jon@minnow:~> uname -a Linux minnow 3.16.7-48-desktop #1 SMP PREEMPT Wed Oct 26 18:09:22 UTC 2016 (8c027f6) x86_64 x86_64 x86_64 GNU/Linux Works a treat--everything seems back to normal now. My colleagues and I thank you for the speedy resolution.
3.16.7-48.1 fixes all issues and no regressions currently experienced.
Linux harpia 3.16.7-48-desktop #1 SMP PREEMPT Wed Oct 26 18:09:22 UTC 2016 (8c027f6) x86_64 x86_64 x86_64 GNU/Linux and everything seems to work fine... Thanks.