group.of.nepali.translators team mailing list archive

Thread
Date
[Bug 1797314] Re: fscache: bad refcounting in fscache_op_complete leads to OOPS

To: group.of.nepali.translators@xxxxxxxxxxxxxxxxxxx
From: Launchpad Bug Tracker <1797314@xxxxxxxxxxxxxxxxxx>
Date: Sat, 17 Nov 2018 03:22:23 -0000
Reply-to: Bug 1797314 <1797314@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx
This bug was fixed in the package linux - 4.18.0-11.12

---------------
linux (4.18.0-11.12) cosmic; urgency=medium

  * linux: 4.18.0-11.12 -proposed tracker (LP: #1799445)

  * arm64: snapdragon: WARNING: CPU: 0 PID: 1 arch/arm64/kernel/setup.c:271
    reserve_memblock_reserved_regions (LP: #1797139)
    - SAUCE: arm64: Fix /proc/iomem for reserved but not memory regions

  * arm64: snapdragon: WARNING: CPU: 0 PID: 1 at drivers/irqchip/irq-gic.c:1016
    gic_irq_domain_translate (LP: #1797143)
    - SAUCE: arm64: dts: msm8916: camms: fix gic_irq_domain_translate warnings

  * The front MIC can't work on the Lenovo M715 (LP: #1797292)
    - ALSA: hda/realtek - Fix the problem of the front MIC on the Lenovo M715

  * Provide mode where all vCPUs on a core must be the same VM (LP: #1792957)
    - KVM: PPC: Book3S HV: Provide mode where all vCPUs on a core must be the same
      VM

  * fscache: bad refcounting in fscache_op_complete leads to OOPS (LP: #1797314)
    - SAUCE: fscache: Fix race in decrementing refcount of op->npages

  * hns3: autoneg settings get lost on down/up (LP: #1797654)
    - net: hns3: Fix for information of phydev lost problem when down/up

  * not able to unwind the stack from within __kernel_clock_gettime in the Linux
    vDSO (LP: #1797963)
    - powerpc/vdso: Correct call frame information

  * Signal 7 error when running GPFS tracing in cluster (LP: #1792195)
    - powerpc/mm/books3s: Add new pte bit to mark pte temporarily invalid.
    - powerpc/mm/radix: Only need the Nest MMU workaround for R -> RW transition

  * Support Edge Gateway's WIFI LED (LP: #1798330)
    - SAUCE: mwifiex: Switch WiFi LED state according to the device status

  * Support Edge Gateway's Bluetooth LED (LP: #1798332)
    - SAUCE: Bluetooth: Support for LED on Edge Gateways

  * kvm doesn't work on 36 physical bits systems (LP: #1798427)
    - KVM: x86: fix L1TF's MMIO GFN calculation

  * CVE-2018-15471
    - xen-netback: fix input validation in xenvif_set_hash_mapping()

  * regression in 'ip --family bridge neigh' since linux v4.12 (LP: #1796748)
    - rtnetlink: fix rtnl_fdb_dump() for ndmsg header

 -- Stefan Bader <stefan.bader@xxxxxxxxxxxxx>  Tue, 23 Oct 2018 18:59:15
+0200

** Changed in: linux (Ubuntu)
       Status: In Progress => Fix Released

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1797314

Title:
  fscache: bad refcounting in fscache_op_complete leads to OOPS

Status in linux package in Ubuntu:
  Fix Released
Status in linux source package in Xenial:
  Fix Released
Status in linux source package in Bionic:
  Fix Released
Status in linux source package in Cosmic:
  Fix Released

Bug description:
  SRU Justification
  -----------------

  [Impact]

  A kernel BUG is sometimes observed when using fscache:
      [4740718.880898] FS-Cache:
      [4740718.880920] FS-Cache: Assertion failed
      [4740718.880934] FS-Cache: 0 > 0 is false
      [4740718.881001] ------------[ cut here ]------------
      [4740718.881017] kernel BUG at /usr/src/linux-4.4.0/fs/fscache/operation.c:449!
      [4740718.881040] invalid opcode: 0000 [#1] SMP

      [4740718.892659] Call Trace:
      [4740718.893506]  [<ffffffffc1464cf9>] cachefiles_read_copier+0x3a9/0x410 [cachefiles]
      [4740718.894374]  [<ffffffffc037e272>] fscache_op_work_func+0x22/0x50 [fscache]
      [4740718.895180]  [<ffffffff81096da0>] process_one_work+0x150/0x3f0
      [4740718.895966]  [<ffffffff8109751a>] worker_thread+0x11a/0x470
      [4740718.896753]  [<ffffffff81808e59>] ? __schedule+0x359/0x980
      [4740718.897783]  [<ffffffff81097400>] ? rescuer_thread+0x310/0x310
      [4740718.898581]  [<ffffffff8109cdd6>] kthread+0xd6/0xf0
      [4740718.899469]  [<ffffffff8109cd00>] ? kthread_park+0x60/0x60
      [4740718.900477]  [<ffffffff8180d0cf>] ret_from_fork+0x3f/0x70
      [4740718.901514]  [<ffffffff8109cd00>] ? kthread_park+0x60/0x60

  [Problem]

  In include/linux/fscache-cache.h, fscache_retrieval_complete reads, in
  part:

              atomic_sub(n_pages, &op->n_pages);
              if (atomic_read(&op->n_pages) <= 0)
                      fscache_op_complete(&op->op, true);

  The code is using atomic_sub followed by an atomic_read. This causes
  two threads doing a decrement of pages to race with each other seeing
  the op->refcount <= 0 at same time, and end up calling
  fscache_op_complete in both the threads leading to the OOPS.

  [Fix]
  The fix is trivial to use atomic_sub_return instead of two calls.

  [Testcase]
  I believe the user has tested the patch successfully on their fscache/cachefiles setup.

  [Regression Potential]
  Limited to fscache. Small, comprehensible change.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1797314/+subscriptions