group.of.nepali.translators team mailing list archive
-
group.of.nepali.translators team
-
Mailing list archive
-
Message #04800
[Bug 1558120] Re: Kernel can be oopsed using remap_file_pages
This bug was fixed in the package linux - 4.2.0-38.45
---------------
linux (4.2.0-38.45) wily; urgency=low
[ Kamal Mostafa ]
* CVE-2016-1583 (LP: #1588871)
- ecryptfs: fix handling of directory opening
- SAUCE: proc: prevent stacking filesystems on top
- SAUCE: ecryptfs: forbid opening files without mmap handler
- SAUCE: sched: panic on corrupted stack end
-- Andy Whitcroft <apw@xxxxxxxxxxxxx> Wed, 08 Jun 2016 22:10:39 +0100
** Changed in: linux (Ubuntu Wily)
Status: Fix Committed => Fix Released
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2016-1583
** Changed in: linux (Ubuntu Xenial)
Status: Fix Committed => Fix Released
--
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1558120
Title:
Kernel can be oopsed using remap_file_pages
Status in linux package in Ubuntu:
Fix Released
Status in linux source package in Wily:
Fix Released
Status in linux source package in Xenial:
Fix Released
Bug description:
[SRU][WILY][XENIAL]
[JUSTIFICATION]
Running stress-ng --remap 4 will trip an oops on the remap.
The bug is introduced by the mm/mmap.c changes in patch
d15bd6cdbb1c2080fb1fca0035e5af1994f4d14f ("UBUNTU: SAUCE: AUFS").
AUFS introduced a subtle bug into remap_file_pages; calls to
do_mmap_pgoff can lead to a change of the vma->vm_file and so the
vma_fput(vma) on the file is incorrect; we should instead fput on the
original file.
[FIX]
fput the original file rather than the vma->vm_file. Without the fix, stress-ng --remap 4 will produce an oops in a few seconds, with the fix it is rock solid.
[REGRESSION POTENTIAL]
This only changes the deprecated system call remap_file_pages which is not used much and it is also deprecated, so it should be avoided by user space applications anyhow.
--------------------------------------------------------------------
While faffing around with the deprecated system call remap_file_pages
I was able to trigger an OOPs that can be reproduced every time.
uname -a
Linux lenovo 4.4.0-13-generic #29-Ubuntu SMP Fri Mar 11 19:31:18 UTC 2016 x86_64 x86_64 x86_64 GNU/Linux
[ 27.298469] mmap: stress-ng-remap (4061) uses deprecated remap_file_pages() syscall. See Documentation/vm/remap_file_pages.txt.
[ 28.956497] BUG: unable to handle kernel NULL pointer dereference at 0000000000000228
[ 28.956555] IP: [<ffffffff811a94f8>] shmem_fault+0x38/0x1e0
[ 28.956594] PGD aded1067 PUD add32067 PMD 0
[ 28.956625] Oops: 0000 [#1] SMP
[ 28.956649] Modules linked in: nls_iso8859_1 drbg ansi_cprng xt_CHECKSUM iptable_mangle ipt_MASQUERADE nf_nat_masquerade_ipv4 iptable_nat nf_nat_ipv4 nf_nat nf_conntrack_ipv4 nf_defrag_ipv4 xt_conntrack nf_conntrack ipt_REJECT nf_reject_ipv4 xt_tcpudp bridge stp llc ebtable_filter ebtables ip6table_filter ip6_tables iptable_filter ip_tables x_tables binfmt_misc zfs(PO) zunicode(PO) zcommon(PO) znvpair(PO) spl(O) zavl(PO) uvcvideo intel_rapl x86_pkg_temp_thermal intel_powerclamp videobuf2_vmalloc coretemp videobuf2_memops crct10dif_pclmul videobuf2_v4l2 crc32_pclmul videobuf2_core v4l2_common snd_hda_codec_hdmi videodev aesni_intel snd_hda_codec_realtek snd_hda_codec_generic media aes_x86_64 lrw snd_seq_midi gf128mul glue_helper ablk_helper snd_seq_midi_event cryptd snd_hda_intel snd_hda_codec snd_hda_core
[ 28.957162] snd_hwdep snd_rawmidi joydev input_leds arc4 serio_raw rtl8192ce rtl_pci rtl8192c_common snd_pcm rtlwifi snd_seq mac80211 thinkpad_acpi nvram cfg80211 snd_seq_device mei_me mei lpc_ich snd_timer shpchp snd soundcore mac_hid kvm_intel kvm irqbypass parport_pc ppdev lp parport autofs4 btrfs raid10 raid456 async_raid6_recov async_memcpy async_pq async_xor async_tx xor raid6_pq libcrc32c raid1 raid0 multipath linear mmc_block i915 psmouse i2c_algo_bit drm_kms_helper e1000e ahci syscopyarea libahci sdhci_pci sysfillrect sysimgblt sdhci ptp fb_sys_fops pps_core drm wmi fjes video
[ 28.957570] CPU: 2 PID: 4061 Comm: stress-ng-remap Tainted: P O 4.4.0-13-generic #29-Ubuntu
[ 28.957623] Hardware name: LENOVO 2320CTO/2320CTO, BIOS G2ET31WW (1.11 ) 05/24/2012
[ 28.957666] task: ffff8800add2ee00 ti: ffff8800adf7c000 task.ti: ffff8800adf7c000
[ 28.957707] RIP: 0010:[<ffffffff811a94f8>] [<ffffffff811a94f8>] shmem_fault+0x38/0x1e0
[ 28.957754] RSP: 0000:ffff8800adf7fd38 EFLAGS: 00010246
[ 28.957780] RAX: ffff880194f06900 RBX: 0000000000000000 RCX: 0000000000000054
[ 28.957820] RDX: 0000000000000000 RSI: ffff8800adf7fda8 RDI: ffff8800a990f0c8
[ 28.957860] RBP: ffff8800adf7fd98 R08: 0000000000000000 R09: ffff8800adf7fe68
[ 28.957899] R10: 0000000000000000 R11: 00003ffffffff000 R12: ffff8800a990f0c8
[ 28.957939] R13: ffff8800adf7fe68 R14: ffff8800adf0de90 R15: 00007f83ba57b000
[ 28.957979] FS: 00007f83bc46c740(0000) GS:ffff88019e280000(0000) knlGS:0000000000000000
[ 28.958024] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 28.958056] CR2: 0000000000000228 CR3: 00000000ade92000 CR4: 00000000001406e0
[ 28.958096] Stack:
[ 28.958109] ffff8800aafb3840 00000200adf7fd68 ffff8800adfaf108 ffff8800adfaf190
[ 28.958158] ffffffff81a25e80 ffff8800adfaf190 0000000000000000 00000000b7865150
[ 28.958206] 0000000000000000 ffff8800a990f0c8 ffff8800adf7fe68 ffff8800adf0de90
[ 28.958254] Call Trace:
[ 28.958273] [<ffffffff811ba900>] __do_fault+0x50/0xe0
[ 28.958305] [<ffffffff811be33b>] handle_mm_fault+0xf8b/0x1820
[ 28.958339] [<ffffffff81221e52>] ? __dentry_kill+0x162/0x1e0
[ 28.958374] [<ffffffff8122b6a4>] ? mntput+0x24/0x40
[ 28.958405] [<ffffffff8106a537>] __do_page_fault+0x197/0x400
[ 28.958439] [<ffffffff8106a7c2>] do_page_fault+0x22/0x30
[ 28.958472] [<ffffffff8181eef8>] page_fault+0x28/0x30
[ 28.958501] Code: 41 54 53 49 89 fc 48 83 ec 40 c7 45 ac 00 02 00 00 65 48 8b 04 25 28 00 00 00 48 89 45 d8 31 c0 48 8b 87 a0 00 00 00 48 8b 58 20 <48> 83 bb 28 02 00 00 00 0f 85 98 00 00 00 48 8b 43 30 48 8d 56
[ 28.958726] RIP [<ffffffff811a94f8>] shmem_fault+0x38/0x1e0
How to reproduce:
git clone git://kernel.ubuntu.com/cking/stress-ng
cd stress-ng
make clean; make
./stress-ng --remap 8 -t 20
---
ApportVersion: 2.20-0ubuntu3
Architecture: amd64
AudioDevicesInUse:
USER PID ACCESS COMMAND
/dev/snd/pcmC0D0p: king 2522 F...m pulseaudio
/dev/snd/controlC0: king 2522 F.... pulseaudio
CurrentDesktop: Unity
DistroRelease: Ubuntu 16.04
EcryptfsInUse: Yes
HibernationDevice: RESUME=UUID=bdef26b7-e88c-4196-97a3-b6d47447ce86
InstallationDate: Installed on 2015-11-04 (135 days ago)
InstallationMedia: Ubuntu 15.04 "Vivid Vervet" - Release amd64 (20150422)
MachineType: LENOVO 2320CTO
Package: linux (not installed)
ProcFB: 0 inteldrmfb
ProcKernelCmdLine: BOOT_IMAGE=/boot/vmlinuz-4.4.0-13-generic root=UUID=324e5943-0fda-445d-a814-d3a80ff92ab8 ro quiet splash nomdmonddf nomdmonisw vt.handoff=7
ProcVersionSignature: Ubuntu 4.4.0-13.29-generic 4.4.5
RelatedPackageVersions:
linux-restricted-modules-4.4.0-13-generic N/A
linux-backports-modules-4.4.0-13-generic N/A
linux-firmware 1.156
RfKill:
0: phy0: Wireless LAN
Soft blocked: no
Hard blocked: no
Tags: xenial
Uname: Linux 4.4.0-13-generic x86_64
UpgradeStatus: No upgrade log present (probably fresh install)
UserGroups: adm cdrom dip libvirtd lpadmin lxd plugdev sambashare sudo
_MarkForUpload: True
dmi.bios.date: 05/24/2012
dmi.bios.vendor: LENOVO
dmi.bios.version: G2ET31WW (1.11 )
dmi.board.asset.tag: Not Available
dmi.board.name: 2320CTO
dmi.board.vendor: LENOVO
dmi.board.version: Not Available
dmi.chassis.asset.tag: No Asset Information
dmi.chassis.type: 10
dmi.chassis.vendor: LENOVO
dmi.chassis.version: Not Available
dmi.modalias: dmi:bvnLENOVO:bvrG2ET31WW(1.11):bd05/24/2012:svnLENOVO:pn2320CTO:pvrThinkPadX230:rvnLENOVO:rn2320CTO:rvrNotAvailable:cvnLENOVO:ct10:cvrNotAvailable:
dmi.product.name: 2320CTO
dmi.product.version: ThinkPad X230
dmi.sys.vendor: LENOVO
---
ApportVersion: 2.20-0ubuntu3
Architecture: amd64
AudioDevicesInUse:
USER PID ACCESS COMMAND
/dev/snd/pcmC0D0p: king 2522 F...m pulseaudio
/dev/snd/controlC0: king 2522 F.... pulseaudio
CurrentDesktop: Unity
DistroRelease: Ubuntu 16.04
EcryptfsInUse: Yes
HibernationDevice: RESUME=UUID=bdef26b7-e88c-4196-97a3-b6d47447ce86
InstallationDate: Installed on 2015-11-04 (135 days ago)
InstallationMedia: Ubuntu 15.04 "Vivid Vervet" - Release amd64 (20150422)
MachineType: LENOVO 2320CTO
Package: linux (not installed)
ProcFB: 0 inteldrmfb
ProcKernelCmdLine: BOOT_IMAGE=/boot/vmlinuz-4.4.0-13-generic root=UUID=324e5943-0fda-445d-a814-d3a80ff92ab8 ro quiet splash nomdmonddf nomdmonisw vt.handoff=7
ProcVersionSignature: Ubuntu 4.4.0-13.29-generic 4.4.5
RelatedPackageVersions:
linux-restricted-modules-4.4.0-13-generic N/A
linux-backports-modules-4.4.0-13-generic N/A
linux-firmware 1.156
RfKill:
0: phy0: Wireless LAN
Soft blocked: no
Hard blocked: no
Tags: xenial
Uname: Linux 4.4.0-13-generic x86_64
UpgradeStatus: No upgrade log present (probably fresh install)
UserGroups: adm cdrom dip libvirtd lpadmin lxd plugdev sambashare sudo
_MarkForUpload: True
dmi.bios.date: 05/24/2012
dmi.bios.vendor: LENOVO
dmi.bios.version: G2ET31WW (1.11 )
dmi.board.asset.tag: Not Available
dmi.board.name: 2320CTO
dmi.board.vendor: LENOVO
dmi.board.version: Not Available
dmi.chassis.asset.tag: No Asset Information
dmi.chassis.type: 10
dmi.chassis.vendor: LENOVO
dmi.chassis.version: Not Available
dmi.modalias: dmi:bvnLENOVO:bvrG2ET31WW(1.11):bd05/24/2012:svnLENOVO:pn2320CTO:pvrThinkPadX230:rvnLENOVO:rn2320CTO:rvrNotAvailable:cvnLENOVO:ct10:cvrNotAvailable:
dmi.product.name: 2320CTO
dmi.product.version: ThinkPad X230
dmi.sys.vendor: LENOVO
---
ApportVersion: 2.20-0ubuntu3
Architecture: amd64
AudioDevicesInUse:
USER PID ACCESS COMMAND
/dev/snd/pcmC0D0p: king 2522 F...m pulseaudio
/dev/snd/controlC0: king 2522 F.... pulseaudio
CurrentDesktop: Unity
DistroRelease: Ubuntu 16.04
EcryptfsInUse: Yes
HibernationDevice: RESUME=UUID=bdef26b7-e88c-4196-97a3-b6d47447ce86
InstallationDate: Installed on 2015-11-04 (135 days ago)
InstallationMedia: Ubuntu 15.04 "Vivid Vervet" - Release amd64 (20150422)
MachineType: LENOVO 2320CTO
Package: linux (not installed)
ProcFB: 0 inteldrmfb
ProcKernelCmdLine: BOOT_IMAGE=/boot/vmlinuz-4.4.0-13-generic root=UUID=324e5943-0fda-445d-a814-d3a80ff92ab8 ro quiet splash nomdmonddf nomdmonisw vt.handoff=7
ProcVersionSignature: Ubuntu 4.4.0-13.29-generic 4.4.5
RelatedPackageVersions:
linux-restricted-modules-4.4.0-13-generic N/A
linux-backports-modules-4.4.0-13-generic N/A
linux-firmware 1.156
RfKill:
0: phy0: Wireless LAN
Soft blocked: no
Hard blocked: no
Tags: xenial
Uname: Linux 4.4.0-13-generic x86_64
UpgradeStatus: No upgrade log present (probably fresh install)
UserGroups: adm cdrom dip libvirtd lpadmin lxd plugdev sambashare sudo
_MarkForUpload: True
dmi.bios.date: 05/24/2012
dmi.bios.vendor: LENOVO
dmi.bios.version: G2ET31WW (1.11 )
dmi.board.asset.tag: Not Available
dmi.board.name: 2320CTO
dmi.board.vendor: LENOVO
dmi.board.version: Not Available
dmi.chassis.asset.tag: No Asset Information
dmi.chassis.type: 10
dmi.chassis.vendor: LENOVO
dmi.chassis.version: Not Available
dmi.modalias: dmi:bvnLENOVO:bvrG2ET31WW(1.11):bd05/24/2012:svnLENOVO:pn2320CTO:pvrThinkPadX230:rvnLENOVO:rn2320CTO:rvrNotAvailable:cvnLENOVO:ct10:cvrNotAvailable:
dmi.product.name: 2320CTO
dmi.product.version: ThinkPad X230
dmi.sys.vendor: LENOVO
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1558120/+subscriptions