← Back to team overview

group.of.nepali.translators team mailing list archive

[Bug 1812845] Re: 3b080b2564287be91605bfd1d5ee985696e61d3c in ubuntu_btrfs_kernel_fixes triggers system hang on i386

 

This bug was fixed in the package linux - 4.18.0-18.19

---------------
linux (4.18.0-18.19) cosmic; urgency=medium

  * linux: 4.18.0-18.19 -proposed tracker (LP: #1822796)

  * Packaging resync (LP: #1786013)
    - [Packaging] update helper scripts
    - [Packaging] resync retpoline extraction

  * 3b080b2564287be91605bfd1d5ee985696e61d3c in ubuntu_btrfs_kernel_fixes
    triggers system hang on i386 (LP: #1812845)
    - btrfs: raid56: properly unmap parity page in finish_parity_scrub()

  * [SRU][B/C/OEM]IOMMU: add kernel dma protection (LP: #1820153)
    - ACPI / property: Allow multiple property compatible _DSD entries
    - PCI / ACPI: Identify untrusted PCI devices
    - iommu/vt-d: Force IOMMU on for platform opt in hint
    - iommu/vt-d: Do not enable ATS for untrusted devices
    - thunderbolt: Export IOMMU based DMA protection support to userspace
    - iommu/vt-d: Disable ATS support on untrusted devices

  * Huawei Hi1822 NIC has poor performance (LP: #1820187)
    - net-next: hinic: fix a problem in free_tx_poll()
    - hinic: remove ndo_poll_controller
    - net-next/hinic: add checksum offload and TSO support
    - hinic: Fix l4_type parameter in hinic_task_set_tunnel_l4
    - net-next/hinic:replace multiply and division operators
    - net-next/hinic:add rx checksum offload for HiNIC
    - net-next/hinic:fix a bug in set mac address
    - net-next/hinic: fix a bug in rx data flow
    - net: hinic: fix null pointer dereference on pointer hwdev
    - hinic: optmize rx refill buffer mechanism
    - net-next/hinic:add shutdown callback
    - net-next/hinic: replace disable_irq_nosync/enable_irq

  * [CONFIG] please enable highdpi font FONT_TER16x32 (LP: #1819881)
    - Fonts: New Terminus large console font
    - [Config]: enable highdpi Terminus 16x32 font support

  * [19.04 FEAT] qeth: Enhanced link speed - kernel part (LP: #1814892)
    - s390/qeth: report 25Gbit link speed

  * Avoid potential memory corruption on HiSilicon SoCs (LP: #1819546)
    - iommu/arm-smmu-v3: Avoid memory corruption from Hisilicon MSI payloads

  * CVE-2017-5715
    - x86/speculation: Apply IBPB more strictly to avoid cross-process data leak
    - x86/speculation: Propagate information about RSB filling mitigation to sysfs
    - x86/speculation: Add RETPOLINE_AMD support to the inline asm CALL_NOSPEC
      variant
    - x86/retpoline: Make CONFIG_RETPOLINE depend on compiler support
    - x86/retpoline: Remove minimal retpoline support
    - x86/speculation: Update the TIF_SSBD comment
    - x86/speculation: Clean up spectre_v2_parse_cmdline()
    - x86/speculation: Remove unnecessary ret variable in cpu_show_common()
    - x86/speculation: Move STIPB/IBPB string conditionals out of
      cpu_show_common()
    - x86/speculation: Disable STIBP when enhanced IBRS is in use
    - x86/speculation: Rename SSBD update functions
    - x86/speculation: Reorganize speculation control MSRs update
    - sched/smt: Make sched_smt_present track topology
    - x86/Kconfig: Select SCHED_SMT if SMP enabled
    - sched/smt: Expose sched_smt_present static key
    - x86/speculation: Rework SMT state change
    - x86/l1tf: Show actual SMT state
    - x86/speculation: Reorder the spec_v2 code
    - x86/speculation: Mark string arrays const correctly
    - x86/speculataion: Mark command line parser data __initdata
    - x86/speculation: Unify conditional spectre v2 print functions
    - x86/speculation: Add command line control for indirect branch speculation
    - x86/speculation: Prepare for per task indirect branch speculation control
    - x86/process: Consolidate and simplify switch_to_xtra() code
    - x86/speculation: Avoid __switch_to_xtra() calls
    - x86/speculation: Prepare for conditional IBPB in switch_mm()
    - ptrace: Remove unused ptrace_may_access_sched() and MODE_IBRS
    - x86/speculation: Split out TIF update
    - x86/speculation: Prevent stale SPEC_CTRL msr content
    - x86/speculation: Prepare arch_smt_update() for PRCTL mode
    - x86/speculation: Add prctl() control for indirect branch speculation
    - x86/speculation: Enable prctl mode for spectre_v2_user
    - x86/speculation: Add seccomp Spectre v2 user space protection mode
    - x86/speculation: Provide IBPB always command line options
    - kvm: svm: Ensure an IBPB on all affected CPUs when freeing a vmcb
    - x86/speculation: Change misspelled STIPB to STIBP
    - x86/speculation: Add support for STIBP always-on preferred mode
    - x86, modpost: Replace last remnants of RETPOLINE with CONFIG_RETPOLINE

  * [Ubuntu] vfio-ap: add subsystem to matrix device to avoid libudev failures
    (LP: #1818854)
    - s390: vfio_ap: link the vfio_ap devices to the vfio_ap bus subsystem

  * Kernel regularly logs: Bluetooth: hci0: last event is not cmd complete
    (0x0f) (LP: #1748565)
    - Bluetooth: Fix unnecessary error message for HCI request completion

  * HiSilicon HNS ethernet broken in 4.15.0-45 (LP: #1818294)
    - net: hns: Fix WARNING when hns modules installed

  * Lenovo ideapad 330-15ICH Wifi rfkill hard blocked (LP: #1811815)
    - platform/x86: ideapad: Add ideapad 330-15ICH to no_hw_rfkill

  * Qualcomm Atheros QCA9377 wireless does not work (LP: #1818204)
    - platform/x86: ideapad-laptop: Add Ideapad 530S-14ARR to no_hw_rfkill list

  * fscache: jobs might hang when fscache disk is full (LP: #1821395)
    - fscache: fix race between enablement and dropping of object

  * hns3: fix oops in hns3_clean_rx_ring() (LP: #1821064)
    - net: hns3: add dma_rmb() for rx description

  * tcm_loop.ko: move from modules-extra into main modules package
    (LP: #1817786)
    - [Packaging] move tcm_loop.lo to main linux-modules package

  * tcmu user space crash results in kernel module hang. (LP: #1819504)
    - scsi: tcmu: delete unused __wait
    - scsi: tcmu: track nl commands
    - scsi: tcmu: simplify nl interface
    - scsi: tcmu: add module wide block/reset_netlink support

  * Intel XL710 - i40e driver does not work with kernel 4.15 (Ubuntu 18.04)
    (LP: #1779756)
    - i40e: prevent overlapping tx_timeout recover

  * some codecs stop working after S3 (LP: #1820930)
    - ALSA: hda - Enforces runtime_resume after S3 and S4 for each codec

  * 4.15 s390x kernel BUG at /build/linux-
    Gycr4Z/linux-4.15.0/drivers/block/virtio_blk.c:565! (LP: #1788432)
    - virtio/s390: avoid race on vcdev->config
    - virtio/s390: fix race in ccw_io_helper()

  * [SRU][B/B-OEM/C/D] Fix AMD IOMMU NULL dereference (LP: #1820990)
    - iommu/amd: Fix NULL dereference bug in match_hid_uid

  * New Intel Wireless-AC 9260 [8086:2526] card not correctly probed in Ubuntu
    system (LP: #1821271)
    - iwlwifi: add new card for 9260 series

  * Add support for MAC address pass through on RTL8153-BD (LP: #1821276)
    - r8152: Add support for MAC address pass through on RTL8153-BD
    - r8152: Fix an error on RTL8153-BD MAC Address Passthrough support

 -- Kleber Sacilotto de Souza <kleber.souza@xxxxxxxxxxxxx>  Tue, 02 Apr
2019 18:06:12 +0200

** Changed in: linux (Ubuntu Cosmic)
       Status: Fix Committed => Fix Released

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2017-5715

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1812845

Title:
  3b080b2564287be91605bfd1d5ee985696e61d3c in ubuntu_btrfs_kernel_fixes
  triggers system hang on i386

Status in ubuntu-kernel-tests:
  In Progress
Status in linux package in Ubuntu:
  Fix Released
Status in linux source package in Xenial:
  Fix Released
Status in linux source package in Bionic:
  Fix Committed
Status in linux source package in Cosmic:
  Fix Released
Status in linux source package in Disco:
  Fix Released

Bug description:
  SRU Justification:

  [Impact]

   * Parity page in btrfs raid56 is incorrectly unmapped, allowing to
  easily trigger a reference counter bug on i386 causing a kernel panic

   * The fix unmaps the right rbio pages and adds the proper kunmap()
  call for the parity page

  [Test Case]

   * create a raid5 btrfs filesystem:
     # mkfs.btrfs -m raid5 -d raid5 /dev/sdb /dev/sdc /dev/sdd /dev/sde

   * mount it:
     # mount /dev/sdb /mnt

   * run btrfs scrub in a loop:
     # while :; do btrfs scrub start -BR /mnt; done

  [Fix]

   *
  https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=3897b6f0a859288c22fb793fad11ec2327e60fcd

  kunmap(p_page) was completely left out, so we never
  did an unmap for the p_page and the loop unmapping the rbio page was
  iterating over the wrong number of stripes: unmapping should be done
  with nr_data instead of rbio->real_stripes.

  [Regression Potential]

   * This is an upstream fix, tested on the affected platform. The bug
  is affecting only btrfs raid5/6 users on architectures where kunamp()
  is not a no-op (like i386). It is also a very small patch, so backport
  changes are minimal.

  [Original bug report]

  This issue was not spotted on AMD64

  Reproduce rate: 100%

  The following command is the key to trigger this:
      btrfs scrub start -BR $MNT

  Steps:
  # (Install necessary packages)
  # git clone --depth=1 git://kernel.ubuntu.com/ubuntu/autotest-client-tests
  # TMP=/tmp/tmp MNT=/tmp/mnt
  # mkdir -p $TMP; mkdir -p $MNT
  # cd autotest-client-tests/ubuntu_btrfs_kernel_fixes
  # TMP=/tmp/tmp MNT=/tmp/mnt ./3b080b2564287be91605bfd1d5ee985696e61d3c.sh

  Trace:
   [  494.357824] ------------[ cut here ]------------
   [  494.357828] kernel BUG at /build/linux-bnzN1b/linux-4.15.0/mm/highmem.c:350!
   [  494.365079] invalid opcode: 0000 [#1] SMP
   [  494.369205] Modules linked in: cfg80211 intel_powerclamp ipmi_ssif gpio_ich coretemp kvm_intel kvm ipmi_si irqbypass input_leds joydev dcdbas intel_cstate ipmi_devintf sch_fq_codel shpchp i7core_edac lpc_ich ipmi_msghandler acpi_power_meter mac_hid ib_iser rdma_cm iw_cm ib_cm ib_core iscsi_tcp libiscsi_tcp libiscsi scsi_transport_iscsi ip_tables x_tables autofs4 btrfs zstd_compress raid10 raid456 async_raid6_recov async_memcpy async_pq async_xor async_tx xor raid6_pq libcrc32c raid1 raid0 multipath linear mgag200 i2c_algo_bit ttm drm_kms_helper hid_generic syscopyarea sysfillrect usbhid sysimgblt mpt3sas fb_sys_fops drm hid raid_class bnx2 scsi_transport_sas pata_acpi wmi
   [  494.430188] CPU: 2 PID: 2093 Comm: kworker/u16:1 Not tainted 4.15.0-43-generic #46-Ubuntu
   [  494.438618] Hardware name: Dell Inc. PowerEdge R310/05XKKK, BIOS 1.11.0 09/18/2012
   [  494.446494] Workqueue: btrfs-endio-raid56 btrfs_endio_raid56_helper [btrfs]
   [  494.453657] EIP: kunmap_high+0xaa/0xb0
   [  494.457571] EFLAGS: 00010246 CPU: 2
   [  494.461229] EAX: 00000115 EBX: fffff000 ECX: 00000001 EDX: 00000000
   [  494.467840] ESI: 00000004 EDI: 00000004 EBP: f4883e44 ESP: f4883e40
   [  494.474264]  DS: 007b ES: 007b FS: 00d8 GS: 00e0 SS: 0068
   [  494.479931] CR0: 80050033 CR2: 005885e0 CR3: 0fe16000 CR4: 000006f0
   [  494.486353] Call Trace:
   [  494.488967]  kunmap+0x3e/0x50
   [  494.492140]  finish_parity_scrub+0x24d/0x570 [btrfs]
   [  494.497226]  ? update_load_avg+0x64f/0x830
   [  494.501528]  validate_rbio_for_parity_scrub+0xc2/0xd0 [btrfs]
   [  494.507527]  raid56_parity_scrub_end_io+0x53/0x70 [btrfs]
   [  494.513058]  bio_endio+0xb9/0x110
   [  494.516574]  ? end_workqueue_fn+0x2c/0x40 [btrfs]
   [  494.521435]  end_workqueue_fn+0x33/0x40 [btrfs]
   [  494.526139]  normal_work_helper+0x7d/0x2f0 [btrfs]
   [  494.531087]  btrfs_endio_raid56_helper+0x10/0x20 [btrfs]
   [  494.536621]  process_one_work+0x1b9/0x3d0
   [  494.540799]  worker_thread+0x37/0x420
   [  494.544628]  kthread+0xf0/0x110
   [  494.547931]  ? process_one_work+0x3d0/0x3d0
   [  494.552282]  ? kthread_create_worker_on_cpu+0x20/0x20
   [  494.557488]  ? kthread_create_worker_on_cpu+0x20/0x20
   [  494.562701]  ret_from_fork+0x2e/0x38
   [  494.566441] Code: 2d ee ff 58 8b 5d fc c9 c3 90 8d b4 26 00 00 00 00 a1 80 d1 c4 cf 31 c9 3d 80 d1 c4 cf 0f 95 c1 eb bc 8d b4 26 00 00 00 00 0f 0b <0f> 0b 8d 74 26 00 66 66 66 66 90 55 89 e5 56 53 31 db e8 1f ef
   [  494.585751] EIP: kunmap_high+0xaa/0xb0 SS:ESP: 0068:f4883e40
   [  494.591688] ---[ end trace 5e6d708abb85eeba ]---

  Follow up with CPU soft lockup.

  Please find the attachment for the complete log.

  ProblemType: Bug
  DistroRelease: Ubuntu 18.04
  Package: linux-image-4.15.0-43-generic 4.15.0-43.46
  ProcVersionSignature: User Name 4.15.0-43.46-generic 4.15.18
  Uname: Linux 4.15.0-43-generic i686
  AlsaDevices:
   total 0
   crw-rw---- 1 root audio 116,  1 Jan 22 11:54 seq
   crw-rw---- 1 root audio 116, 33 Jan 22 11:54 timer
  AplayDevices: Error: [Errno 2] No such file or directory: 'aplay': 'aplay'
  ApportVersion: 2.20.9-0ubuntu7.5
  Architecture: i386
  ArecordDevices: Error: [Errno 2] No such file or directory: 'arecord': 'arecord'
  AudioDevicesInUse: Error: command ['fuser', '-v', '/dev/snd/seq', '/dev/snd/timer'] failed with exit code 1:
  Date: Tue Jan 22 11:54:49 2019
  IwConfig: Error: [Errno 2] No such file or directory: 'iwconfig': 'iwconfig'
  MachineType: Dell Inc. PowerEdge R310
  PciMultimedia:

  ProcFB: 0 mgadrmfb
  ProcKernelCmdLine: BOOT_IMAGE=/boot/vmlinuz-4.15.0-43-generic root=UUID=6aaa11f6-d386-4c0c-b4b8-38e6c408980a ro console=ttyS0,115200n8
  RelatedPackageVersions:
   linux-restricted-modules-4.15.0-43-generic N/A
   linux-backports-modules-4.15.0-43-generic  N/A
   linux-firmware                             1.173.3
  RfKill: Error: [Errno 2] No such file or directory: 'rfkill': 'rfkill'
  SourcePackage: linux
  UpgradeStatus: No upgrade log present (probably fresh install)
  dmi.bios.date: 09/18/2012
  dmi.bios.vendor: Dell Inc.
  dmi.bios.version: 1.11.0
  dmi.board.name: 05XKKK
  dmi.board.vendor: Dell Inc.
  dmi.board.version: A05
  dmi.chassis.type: 23
  dmi.chassis.vendor: Dell Inc.
  dmi.modalias: dmi:bvnDellInc.:bvr1.11.0:bd09/18/2012:svnDellInc.:pnPowerEdgeR310:pvr:rvnDellInc.:rn05XKKK:rvrA05:cvnDellInc.:ct23:cvr:
  dmi.product.name: PowerEdge R310
  dmi.sys.vendor: Dell Inc.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu-kernel-tests/+bug/1812845/+subscriptions