group.of.nepali.translators team mailing list archive
-
group.of.nepali.translators team
-
Mailing list archive
-
Message #28346
[Bug 1791758] Re: ldisc crash on reopened tty
This bug was fixed in the package linux - 4.19.0-12.13
---------------
linux (4.19.0-12.13) disco; urgency=medium
* linux: 4.19.0-12.13 -proposed tracker (LP: #1813664)
* kernel oops in bcache module (LP: #1793901)
- SAUCE: bcache: never writeback a discard operation
* Disco update: 4.19.18 upstream stable release (LP: #1813611)
- ipv6: Consider sk_bound_dev_if when binding a socket to a v4 mapped address
- mlxsw: spectrum: Disable lag port TX before removing it
- mlxsw: spectrum_switchdev: Set PVID correctly during VLAN deletion
- net: dsa: mv88x6xxx: mv88e6390 errata
- net, skbuff: do not prefer skb allocation fails early
- qmi_wwan: add MTU default to qmap network interface
- ipv6: Take rcu_read_lock in __inet6_bind for mapped addresses
- net: clear skb->tstamp in bridge forwarding path
- netfilter: ipset: Allow matching on destination MAC address for mac and
ipmac sets
- gpio: pl061: Move irq_chip definition inside struct pl061
- drm/amd/display: Guard against null stream_state in set_crc_source
- drm/amdkfd: fix interrupt spin lock
- ixgbe: allow IPsec Tx offload in VEPA mode
- platform/x86: asus-wmi: Tell the EC the OS will handle the display off
hotkey
- e1000e: allow non-monotonic SYSTIM readings
- usb: typec: tcpm: Do not disconnect link for self powered devices
- selftests/bpf: enable (uncomment) all tests in test_libbpf.sh
- of: overlay: add missing of_node_put() after add new node to changeset
- writeback: don't decrement wb->refcnt if !wb->bdi
- serial: set suppress_bind_attrs flag only if builtin
- bpf: Allow narrow loads with offset > 0
- ALSA: oxfw: add support for APOGEE duet FireWire
- x86/mce: Fix -Wmissing-prototypes warnings
- MIPS: SiByte: Enable swiotlb for SWARM, LittleSur and BigSur
- crypto: ecc - regularize scalar for scalar multiplication
- arm64: perf: set suppress_bind_attrs flag to true
- drm/atomic-helper: Complete fake_commit->flip_done potentially earlier
- clk: meson: meson8b: fix incorrect divider mapping in cpu_scale_table
- samples: bpf: fix: error handling regarding kprobe_events
- usb: gadget: udc: renesas_usb3: add a safety connection way for
forced_b_device
- fpga: altera-cvp: fix probing for multiple FPGAs on the bus
- selinux: always allow mounting submounts
- ASoC: pcm3168a: Don't disable pcm3168a when CONFIG_PM defined
- scsi: qedi: Check for session online before getting iSCSI TLV data.
- drm/amdgpu: Reorder uvd ring init before uvd resume
- rxe: IB_WR_REG_MR does not capture MR's iova field
- efi/libstub: Disable some warnings for x86{,_64}
- jffs2: Fix use of uninitialized delayed_work, lockdep breakage
- clk: imx: make mux parent strings const
- pstore/ram: Do not treat empty buffers as valid
- media: uvcvideo: Refactor teardown of uvc on USB disconnect
- powerpc/xmon: Fix invocation inside lock region
- powerpc/pseries/cpuidle: Fix preempt warning
- media: firewire: Fix app_info parameter type in avc_ca{,_app}_info
- ASoC: use dma_ops of parent device for acp_audio_dma
- media: venus: core: Set dma maximum segment size
- staging: erofs: fix use-after-free of on-stack `z_erofs_vle_unzip_io'
- net: call sk_dst_reset when set SO_DONTROUTE
- scsi: target: use consistent left-aligned ASCII INQUIRY data
- scsi: target/core: Make sure that target_wait_for_sess_cmds() waits long
enough
- selftests: do not macro-expand failed assertion expressions
- arm64: kasan: Increase stack size for KASAN_EXTRA
- clk: imx6q: reset exclusive gates on init
- arm64: Fix minor issues with the dcache_by_line_op macro
- bpf: relax verifier restriction on BPF_MOV | BPF_ALU
- kconfig: fix file name and line number of warn_ignored_character()
- kconfig: fix memory leak when EOF is encountered in quotation
- mmc: atmel-mci: do not assume idle after atmci_request_end
- btrfs: volumes: Make sure there is no overlap of dev extents at mount time
- btrfs: alloc_chunk: fix more DUP stripe size handling
- btrfs: fix use-after-free due to race between replace start and cancel
- btrfs: improve error handling of btrfs_add_link
- tty/serial: do not free trasnmit buffer page under port lock
- perf intel-pt: Fix error with config term "pt=0"
- perf tests ARM: Disable breakpoint tests 32-bit
- perf svghelper: Fix unchecked usage of strncpy()
- perf parse-events: Fix unchecked usage of strncpy()
- perf vendor events intel: Fix Load_Miss_Real_Latency on SKL/SKX
- netfilter: ipt_CLUSTERIP: check MAC address when duplicate config is set
- netfilter: ipt_CLUSTERIP: remove wrong WARN_ON_ONCE in netns exit routine
- netfilter: ipt_CLUSTERIP: fix deadlock in netns exit routine
- x86/topology: Use total_cpus for max logical packages calculation
- dm crypt: use u64 instead of sector_t to store iv_offset
- dm kcopyd: Fix bug causing workqueue stalls
- perf stat: Avoid segfaults caused by negated options
- tools lib subcmd: Don't add the kernel sources to the include path
- dm snapshot: Fix excessive memory usage and workqueue stalls
- perf cs-etm: Correct packets swapping in cs_etm__flush()
- perf tools: Add missing sigqueue() prototype for systems lacking it
- perf tools: Add missing open_memstream() prototype for systems lacking it
- quota: Lock s_umount in exclusive mode for Q_XQUOTA{ON,OFF} quotactls.
- clocksource/drivers/integrator-ap: Add missing of_node_put()
- dm: Check for device sector overflow if CONFIG_LBDAF is not set
- Bluetooth: btusb: Add support for Intel bluetooth device 8087:0029
- ALSA: bebob: fix model-id of unit for Apogee Ensemble
- sysfs: Disable lockdep for driver bind/unbind files
- IB/usnic: Fix potential deadlock
- scsi: mpt3sas: fix memory ordering on 64bit writes
- scsi: smartpqi: correct lun reset issues
- ath10k: fix peer stats null pointer dereference
- scsi: smartpqi: call pqi_free_interrupts() in pqi_shutdown()
- scsi: megaraid: fix out-of-bound array accesses
- iomap: don't search past page end in iomap_is_partially_uptodate
- ocfs2: fix panic due to unrecovered local alloc
- mm/page-writeback.c: don't break integrity writeback on ->writepage() error
- mm/swap: use nr_node_ids for avail_lists in swap_info_struct
- userfaultfd: clear flag if remap event not enabled
- mm, proc: be more verbose about unstable VMA flags in /proc/<pid>/smaps
- iwlwifi: mvm: Send LQ command as async when necessary
- Bluetooth: Fix unnecessary error message for HCI request completion
- ipmi: fix use-after-free of user->release_barrier.rda
- ipmi: msghandler: Fix potential Spectre v1 vulnerabilities
- ipmi: Prevent use-after-free in deliver_response
- ipmi:ssif: Fix handling of multi-part return messages
- ipmi: Don't initialize anything in the core until something uses it
- Linux 4.19.18
* tls selftest failures/hangs on i386 (LP: #1813607)
- [Config] CONFIG_TLS=n for i386
* Intel XL710 - i40e driver does not work with kernel 4.15 (Ubuntu 18.04)
(LP: #1779756)
- i40e: prevent overlapping tx_timeout recover
* Disco update: 4.19.17 upstream stable release (LP: #1813016)
- tty/ldsem: Wake up readers after timed out down_write()
- tty: Don't hold ldisc lock in tty_reopen() if ldisc present
- can: gw: ensure DLC boundaries after CAN frame modification
- netfilter: nf_conncount: replace CONNCOUNT_LOCK_SLOTS with CONNCOUNT_SLOTS
- netfilter: nf_conncount: split gc in two phases
- netfilter: nf_conncount: restart search when nodes have been erased
- netfilter: nf_conncount: merge lookup and add functions
- netfilter: nf_conncount: move all list iterations under spinlock
- netfilter: nf_conncount: speculative garbage collection on empty lists
- netfilter: nf_conncount: fix argument order to find_next_bit
- mmc: sdhci-msm: Disable CDR function on TX
- Revert "scsi: target: iscsi: cxgbit: fix csk leak"
- scsi: target: iscsi: cxgbit: fix csk leak
- scsi: target: iscsi: cxgbit: fix csk leak
- arm64/kvm: consistently handle host HCR_EL2 flags
- arm64: Don't trap host pointer auth use to EL2
- ipv6: fix kernel-infoleak in ipv6_local_error()
- net: bridge: fix a bug on using a neighbour cache entry without checking its
state
- packet: Do not leak dev refcounts on error exit
- tcp: change txhash on SYN-data timeout
- tun: publish tfile after it's fully initialized
- lan743x: Remove phy_read from link status change function
- smc: move unhash as early as possible in smc_release()
- r8169: don't try to read counters if chip is in a PCI power-save state
- bonding: update nest level on unlink
- ip: on queued skb use skb_header_pointer instead of pskb_may_pull
- r8169: load Realtek PHY driver module before r8169
- crypto: sm3 - fix undefined shift by >= width of value
- crypto: caam - fix zero-length buffer DMA mapping
- crypto: authencesn - Avoid twice completion call in decrypt path
- crypto: ccree - convert to use crypto_authenc_extractkeys()
- crypto: bcm - convert to use crypto_authenc_extractkeys()
- crypto: authenc - fix parsing key with misaligned rta_len
- crypto: talitos - reorder code in talitos_edesc_alloc()
- crypto: talitos - fix ablkcipher for CONFIG_VMAP_STACK
- xen: Fix x86 sched_clock() interface for xen
- Revert "btrfs: balance dirty metadata pages in btrfs_finish_ordered_io"
- btrfs: wait on ordered extents on abort cleanup
- Yama: Check for pid death before checking ancestry
- scsi: core: Synchronize request queue PM status only on successful resume
- scsi: sd: Fix cache_type_store()
- mips: fix n32 compat_ipc_parse_version
- MIPS: BCM47XX: Setup struct device for the SoC
- MIPS: lantiq: Fix IPI interrupt handling
- drm/i915/gvt: Fix mmap range check
- OF: properties: add missing of_node_put
- mfd: tps6586x: Handle interrupts on suspend
- media: v4l: ioctl: Validate num_planes for debug messages
- RDMA/nldev: Don't expose unsafe global rkey to regular user
- RDMA/vmw_pvrdma: Return the correct opcode when creating WR
- kbuild: Disable LD_DEAD_CODE_DATA_ELIMINATION with ftrace & GCC <= 4.7
- net: dsa: realtek-smi: fix OF child-node lookup
- pstore/ram: Avoid allocation and leak of platform data
- arm64: kaslr: ensure randomized quantities are clean to the PoC
- arm64: dts: marvell: armada-ap806: reserve PSCI area
- Disable MSI also when pcie-octeon.pcie_disable on
- fix int_sqrt64() for very large numbers
- omap2fb: Fix stack memory disclosure
- media: vivid: fix error handling of kthread_run
- media: vivid: set min width/height to a value > 0
- bpf: in __bpf_redirect_no_mac pull mac only if present
- ipv6: make icmp6_send() robust against null skb->dev
- LSM: Check for NULL cred-security on free
- media: vb2: vb2_mmap: move lock up
- sunrpc: handle ENOMEM in rpcb_getport_async
- netfilter: ebtables: account ebt_table_info to kmemcg
- block: use rcu_work instead of call_rcu to avoid sleep in softirq
- selinux: fix GPF on invalid policy
- blockdev: Fix livelocks on loop device
- sctp: allocate sctp_sockaddr_entry with kzalloc
- tipc: fix uninit-value in in tipc_conn_rcv_sub
- tipc: fix uninit-value in tipc_nl_compat_link_reset_stats
- tipc: fix uninit-value in tipc_nl_compat_bearer_enable
- tipc: fix uninit-value in tipc_nl_compat_link_set
- tipc: fix uninit-value in tipc_nl_compat_name_table_dump
- tipc: fix uninit-value in tipc_nl_compat_doit
- block/loop: Don't grab "struct file" for vfs_getattr() operation.
- block/loop: Use global lock for ioctl() operation.
- loop: Fold __loop_release into loop_release
- loop: Get rid of loop_index_mutex
- loop: Push lo_ctl_mutex down into individual ioctls
- loop: Split setting of lo_state from loop_clr_fd
- loop: Push loop_ctl_mutex down into loop_clr_fd()
- loop: Push loop_ctl_mutex down to loop_get_status()
- loop: Push loop_ctl_mutex down to loop_set_status()
- loop: Push loop_ctl_mutex down to loop_set_fd()
- loop: Push loop_ctl_mutex down to loop_change_fd()
- loop: Move special partition reread handling in loop_clr_fd()
- loop: Move loop_reread_partitions() out of loop_ctl_mutex
- loop: Fix deadlock when calling blkdev_reread_part()
- loop: Avoid circular locking dependency between loop_ctl_mutex and bd_mutex
- loop: Get rid of 'nested' acquisition of loop_ctl_mutex
- loop: Fix double mutex_unlock(&loop_ctl_mutex) in loop_control_ioctl()
- loop: drop caches if offset or block_size are changed
- drm/fb-helper: Ignore the value of fb_var_screeninfo.pixclock
- selftests: Fix test errors related to lib.mk khdr target
- media: vb2: be sure to unlock mutex on errors
- nbd: Use set_blocksize() to set device blocksize
- Linux 4.19.17
* Enable sound card power saving by default (LP: #1804265)
- [Config] CONFIG_SND_HDA_POWER_SAVE_DEFAULT=1
* Fix non-working QCA Rome Bluetooth after S3 (LP: #1812812)
- USB: Add new USB LPM helpers
- USB: Consolidate LPM checks to avoid enabling LPM twice
* [SRU] Fix Xorg crash with nomodeset when BIOS enable 64-bit fb addr
(LP: #1812797)
- vgaarb: Add support for 64-bit frame buffer address
- vgaarb: Keep adding VGA device in queue
* bluetooth controller not detected with 4.15 kernel (LP: #1810797)
- SAUCE: btqcomsmd: introduce BT_QCOMSMD_HACK
- [Config] arm64: snapdragon: BT_QCOMSMD_HACK=y
* [19.04 FEAT| Enable virtio-gpu for s390x (LP: #1799467)
- [Config] enable virtio-gpu for s390x
* Miscellaneous Ubuntu changes
- Revert "UBUNTU: SAUCE: selftests: disable some failing networking tests"
- SAUCE: selftests: net: replace AF_MAX with INT_MAX in socket.c
- SAUCE: selftests/ftrace: Fix tab expansion in trace_marker snapshot trigger
test
- update dkms package versions
* Miscellaneous upstream changes
- selftests/ftrace: Fix checkbashisms errors
- selftests/powerpc/pmu: Link ebb tests with -no-pie
-- Seth Forshee <seth.forshee@xxxxxxxxxxxxx> Mon, 28 Jan 2019 15:38:30
-0600
** Changed in: linux (Ubuntu)
Status: Fix Committed => Fix Released
--
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1791758
Title:
ldisc crash on reopened tty
Status in linux package in Ubuntu:
Fix Released
Status in linux source package in Trusty:
Won't Fix
Status in linux source package in Xenial:
Fix Released
Status in linux source package in Bionic:
Fix Released
Status in linux source package in Cosmic:
Fix Released
Bug description:
[Impact]
* Line discipline code is racy when we have buffer being flush while
the tty is being initialized or reinitialized. For the first problem,
we have an upstream patch since January 2018: b027e2298bd5 ("tty: fix
data race between tty_init_dev and flush of buf") - although it is not
in Ubuntu kernel 4.4, only in kernels 4.15 and subsequent ones.
* For the race between the buffer flush while tty is being reopened,
we have a patch that addresses this issue recently merged for 5.0-rc1:
83d817f41070 ("tty: Hold tty_ldisc_lock() during tty_reopen()"). No
Ubuntu kernel currently contains this patch, hence we're hereby
submitting the SRU request. The upstream complete patch series for
this is in [0].
* The approach of both patches are similar - they rely in locking/semaphore to prevent race conditions. Some additional patches are
necessary to prevent correlated issues, like preventing a potential deadlock due to bad prioritization in servicing I/O over releasing
tty_ldisc_lock() - refer to c96cf923a98d ("tty: Don't block on IO when ldisc change is pending"). All the necessary fixes are grouped here in this SRU request.
* The symptom of the race condition between the buffer flush and the
tty reopen routine is a kernel crash with the following trace:
BUG: unable to handle kernel paging request at 0000000000002268
IP: [<addr>] n_tty_receive_buf_common+0x6a/0xae0
[...]
Call Trace:
[<addr>] ? kvm_sched_clock_read+0x1e/0x30
[<addr>] n_tty_receive_buf2+0x14/0x20
[<addr>] flush_to_ldisc+0xd5/0x120
[<addr>] process_one_work+0x156/0x400
[<addr>] worker_thread+0x11a/0x480
[...]
* A kernel crash was collected from an user, analysis is present in
comment #4 in this LP.
[Test Case]
* It is not trivial to trigger this fault, but the usual recipe is to
keep accessing a machine through SSH (or keep killing getty when in
IPMI serial console) and in some way run commands before the terminal
is ready in that machine (like hacking some echo into ttySx or pts in
an infinite loop).
* We have reports of users that could reproduce this issue in their
production environment, and with the patches present in this SRU
request the problem was fixed.
[Regression Potential]
* tty subsystem is highly central and patches in that area are always
delicate. For example, the upstream series [0] is a re-spin (V6) due
to a hard to reproduce issue reported in the PA-RISC architecture,
which was found in the V5 iteration [1] but was fixed by the patch
c96cf923a98d, present in this SRU request.
* The patchset [0] is present in tty-next tree since mid-November, and
the patch b027e2298bd5 is available upstream since January/2018 (it's
available in both Ubuntu kernels 4.15 and 4.18), so the overall
likelihood of regressions is low.
* These patches were sniff-tested for the 3 versions (4.4, 4.15 and
4.18) and didn't show any issues.
[0] https://marc.info/?l=linux-kernel&m=154103190111795
[1] https://marc.info/?l=linux-kernel&m=153737852618183
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1791758/+subscriptions