← Back to team overview

group.of.nepali.translators team mailing list archive

[Bug 1776277] Re: fscache cookie refcount updated incorrectly during fscache object allocation

 

This bug was fixed in the package linux - 3.13.0-158.208

---------------
linux (3.13.0-158.208) trusty; urgency=medium

  * linux: 3.13.0-158.208 -proposed tracker (LP: #1788764)

  * CVE-2018-3620 // CVE-2018-3646
    - SAUCE: x86/fremap: Invert the offset when converting to/from a PTE

  * BUG: scheduling while atomic (Kernel : Ubuntu-3.13 + VMware: 6.0 and late)
    (LP: #1780470)
    - VSOCK: sock_put wasn't safe to call in interrupt context
    - VSOCK: Fix lockdep issue.
    - VSOCK: Detach QP check should filter out non matching QPs.

  * CacheFiles: Error: Overlong wait for old active object to go away.
    (LP: #1776254)
    - cachefiles: Fix missing clear of the CACHEFILES_OBJECT_ACTIVE flag
    - cachefiles: Wait rather than BUG'ing on "Unexpected object collision"

  * fscache cookie refcount updated incorrectly during fscache object allocation
    (LP: #1776277)
    - fscache: Fix reference overput in fscache_attach_object() error handling

  * FS-Cache: Assertion failed: FS-Cache: 6 == 5 is false (LP: #1774336)
    - Revert "UBUNTU: SAUCE: CacheFiles: fix a read_waiter/read_copier race"
    - fscache: Allow cancelled operations to be enqueued
    - cachefiles: Fix refcounting bug in backing-file read monitoring

 -- Kleber Sacilotto de Souza <kleber.souza@xxxxxxxxxxxxx>  Fri, 24 Aug
2018 15:08:23 +0000

** Changed in: linux (Ubuntu Xenial)
       Status: Fix Committed => Fix Released

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1776277

Title:
  fscache cookie refcount updated incorrectly during fscache object
  allocation

Status in linux package in Ubuntu:
  Fix Released
Status in linux source package in Trusty:
  Fix Released
Status in linux source package in Xenial:
  Fix Released
Status in linux source package in Bionic:
  Fix Released

Bug description:
  == SRU Justification ==

  [Impact]
  Oops during heavy NFS + FSCache + Cachefiles use:

   kernel BUG at /build/linux-Y09MKI/linux-4.4.0/fs/fscache/internal.h:321!
   kernel BUG at /build/linux-Y09MKI/linux-4.4.0/fs/fscache/cookie.c:639!

  [Cause]
   1)Two threads are trying to do operate on a cookie and two objects.
   2a)One thread tries to unmount the filesystem and in process goes over
     a huge list of objects marking them dead and deleting the objects.
     cookie->usage is also decremented in following path
        nfs_fscache_release_super_cookie
         -> __fscache_relinquish_cookie
          ->__fscache_cookie_put
          ->BUG_ON(atomic_read(&cookie->usage) <= 0);

   2b)second thread tries to lookup an object for reading data in
      following path
   
       fscache_alloc_object
        1) cachefiles_alloc_object
            -> fscache_object_init 
              -> assign cookie, but usage not bumped.
       2) fscache_attach_object -> fails in cant_attach_object because the 
          cookie's backing object or cookie's->parent object are going away
       3)fscache_put_object
             -> cachefiles_put_object
              ->fscache_object_destroy
                ->fscache_cookie_put
                 ->BUG_ON(atomic_read(&cookie->usage) <= 0);
  [Fix]
   Bump up the cookie usage in fscache_object_init,
   when it is first being assigned a cookie atomically such that the cookie
   is added and bumped up if its refcount is not zero.
   remove the assignment in the attach_object.

  [Testcase]
  A user has run ~100 hours of NFS stress tests and not seen this bug recur.

  [Regression Potential]
   - Limited to fscache/cachefiles.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1776277/+subscriptions