| 2019-04-23 06:56:12 |
Viktor S. Wold Eide |
bug |
|
|
added bug |
| 2019-04-23 07:00:06 |
Ubuntu Kernel Bot |
linux (Ubuntu): status |
New |
Incomplete |
|
| 2019-04-23 07:19:22 |
Viktor S. Wold Eide |
linux (Ubuntu): status |
Incomplete |
New |
|
| 2019-04-23 07:30:06 |
Ubuntu Kernel Bot |
linux (Ubuntu): status |
New |
Incomplete |
|
| 2019-04-23 07:55:17 |
Viktor S. Wold Eide |
linux (Ubuntu): status |
Incomplete |
Confirmed |
|
| 2019-04-25 02:58:23 |
Terry Rudd |
bug |
|
|
added subscriber Terry Rudd |
| 2019-04-25 08:09:31 |
Viktor S. Wold Eide |
bug watch added |
|
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=921542 |
|
| 2019-05-14 16:26:39 |
Andrea Righi |
linux (Ubuntu): assignee |
|
Andrea Righi (arighi) |
|
| 2019-05-14 16:26:45 |
Andrea Righi |
linux (Ubuntu): importance |
Undecided |
Medium |
|
| 2019-05-14 16:37:11 |
Andrea Righi |
tags |
|
bionic cosmic |
|
| 2019-05-15 12:05:00 |
Andrea Righi |
description |
I am running into a kernel crash issue using latest Ubuntu 4.15 kernel.
It does not appear to have been fixed in Ubuntu-4.15.0-48.51.
This crash has also been reported for debian:
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=921542
The kernel crash issue was fixed in February in the Linux kernel:
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=056a17982adbd52b2a6c5ec6266cee4521cd931b
I did test one of the recent kernel-ppa/mainline kernels, more specifically:
linux-image-unsigned-4.19.34-041934-generic_4.19.34-041934.201904051741_amd64.deb
It seems to fix the problem, that is, no crashes experienced so far. |
[Impact]
It is possible to trigger a NULL pointer dereference in tcindex_delete() with a simple reproducer script, this is because in tcindex_set_parms() when old_r doesn't exist we set the new exts to cr.exts that can be uninitialized, triggering the NULL pointer dereference.
In addition to that we may also hit a race condition in tcindex_destroy() (as pointed out in the original bug report and also here: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=921542#10), that is also fixed upstream, but it requires 4b79817f7add "net_sched: switch to rcu_work".
However adding these changes introduces three memory leak problems in cls_tcindex (that can be easily verified using the same test case). These leaks are also fixed upstream by 711ff09f3330 "net_sched: fix a memory leak in cls_tcindex" and 000d2aeda70c "net_sched: fix two more memory leaks in cls_tcindex", so we need to backport also these two additional fixes.
After all these fixes are applied the test case doesn't seem to trigger any bug.
[Test Case]
#!/bin/sh -ex
modprobe ifb
while true; do
tc qdisc add dev ifb0 root handle 2:0 prio bands 5
tc qdisc add dev ifb0 parent 2:5 sfq
tc filter add dev ifb0 parent 2:0 protocol ip prio 5 handle 0 tcindex mask 0 classid 2:5 pass_on
tc qdisc del dev ifb0 root || true
done
[Fix]
* Fixes required to solve this problem:
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=2df8bee5654bb2b7312662ca6810d4dc16b0b67f
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=8015d93ebd27484418d4952284fd02172fa4b0b2
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=033b228e7f26b29ae37f8bfa1bc6b209a5365e9f
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=1db817e75f5b9387b8db11e37d5f0624eb9223e0
[Regression Potential]
* All upstream fixes, tested on the affected platform, backport changes are minimal.
[Original bug report]
I am running into a kernel crash issue using latest Ubuntu 4.15 kernel.
It does not appear to have been fixed in Ubuntu-4.15.0-48.51.
This crash has also been reported for debian:
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=921542
The kernel crash issue was fixed in February in the Linux kernel:
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=056a17982adbd52b2a6c5ec6266cee4521cd931b
I did test one of the recent kernel-ppa/mainline kernels, more specifically:
linux-image-unsigned-4.19.34-041934-generic_4.19.34-041934.201904051741_amd64.deb
It seems to fix the problem, that is, no crashes experienced so far. |
|
| 2019-06-13 11:26:52 |
Andrea Righi |
nominated for series |
|
Ubuntu Bionic |
|
| 2019-06-13 11:26:52 |
Andrea Righi |
bug task added |
|
linux (Ubuntu Bionic) |
|
| 2019-06-13 11:27:00 |
Andrea Righi |
linux (Ubuntu Bionic): status |
New |
Confirmed |
|
| 2019-06-13 11:27:03 |
Andrea Righi |
linux (Ubuntu Bionic): importance |
Undecided |
High |
|
| 2019-06-13 11:27:07 |
Andrea Righi |
linux (Ubuntu Bionic): assignee |
|
Andrea Righi (arighi) |
|
| 2019-06-13 11:27:10 |
Andrea Righi |
linux (Ubuntu): importance |
Medium |
High |
|
| 2019-06-28 12:06:28 |
Kleber Sacilotto de Souza |
linux (Ubuntu Bionic): status |
Confirmed |
Fix Committed |
|
| 2019-07-03 13:06:31 |
Ubuntu Kernel Bot |
tags |
bionic cosmic |
bionic cosmic verification-needed-bionic |
|
| 2019-07-05 08:16:35 |
Viktor S. Wold Eide |
tags |
bionic cosmic verification-needed-bionic |
bionic cosmic verification-done-bionic |
|
| 2019-07-22 10:53:34 |
Launchpad Janitor |
linux (Ubuntu Bionic): status |
Fix Committed |
Fix Released |
|
| 2019-07-22 10:53:34 |
Launchpad Janitor |
cve linked |
|
2018-12126 |
|
| 2019-07-22 10:53:34 |
Launchpad Janitor |
cve linked |
|
2018-12127 |
|
| 2019-07-22 10:53:34 |
Launchpad Janitor |
cve linked |
|
2018-12130 |
|
| 2019-07-22 10:53:34 |
Launchpad Janitor |
cve linked |
|
2019-11085 |
|
| 2019-07-22 10:53:34 |
Launchpad Janitor |
cve linked |
|
2019-11091 |
|
| 2019-07-22 10:53:34 |
Launchpad Janitor |
cve linked |
|
2019-11815 |
|
| 2019-07-22 10:53:34 |
Launchpad Janitor |
cve linked |
|
2019-11833 |
|
| 2019-07-22 10:53:34 |
Launchpad Janitor |
cve linked |
|
2019-11884 |
|
| 2019-07-24 20:59:25 |
Brad Figg |
tags |
bionic cosmic verification-done-bionic |
bionic cosmic cscc verification-done-bionic |
|
| 2019-08-22 16:17:19 |
Ubuntu Kernel Bot |
tags |
bionic cosmic cscc verification-done-bionic |
bionic cosmic cscc verification-done-bionic verification-needed-xenial |
|
