← Back to team overview

group.of.nepali.translators team mailing list archive

[Bug 1866149] Re: CONFIG_BASE_SMALL=1 restricts pid space, which conflicts with systemd default sysctl

 

This bug was fixed in the package linux-kvm - 4.15.0-1084.86

---------------
linux-kvm (4.15.0-1084.86) bionic; urgency=medium

  * bionic/linux-kvm: 4.15.0-1084.86 -proposed tracker (LP: #1911288)

  * CONFIG_BASE_SMALL=1 restricts pid space, which conflicts with systemd
    default sysctl (LP: #1866149)
    - [Config]: set CONFIG_BASE_FULL

  [ Ubuntu: 4.15.0-133.137 ]

  * bionic/linux: 4.15.0-133.137 -proposed tracker (LP: #1911295)
  * [drm:qxl_enc_commit [qxl]] *ERROR* head number too large or missing monitors
    config: (LP: #1908219)
    - qxl: remove qxl_io_log()
    - qxl: move qxl_send_monitors_config()
    - qxl: hook monitors_config updates into crtc, not encoder.
  * Touchpad not detected on ByteSpeed C15B laptop (LP: #1906128)
    - Input: i8042 - add ByteSpeed touchpad to noloop table
  * vmx_nm_test in ubuntu_kvm_unit_tests interrupted on X-oracle-4.15 /
    B-oracle-4.15 / X-KVM / B-KVM (LP: #1872401)
    - KVM: nVMX: Always reflect #NM VM-exits to L1
  * stack trace in kernel (LP: #1903596)
    - net: napi: remove useless stack trace
  * CVE-2020-27777
    - [Config]: Set CONFIG_PPC_RTAS_FILTER
  * Bionic update: upstream stable patchset 2020-12-04 (LP: #1906875)
    - regulator: defer probe when trying to get voltage from unresolved supply
    - ring-buffer: Fix recursion protection transitions between interrupt context
    - time: Prevent undefined behaviour in timespec64_to_ns()
    - nbd: don't update block size after device is started
    - btrfs: sysfs: init devices outside of the chunk_mutex
    - btrfs: reschedule when cloning lots of extents
    - genirq: Let GENERIC_IRQ_IPI select IRQ_DOMAIN_HIERARCHY
    - hv_balloon: disable warning when floor reached
    - net: xfrm: fix a race condition during allocing spi
    - perf tools: Add missing swap for ino_generation
    - ALSA: hda: prevent undefined shift in snd_hdac_ext_bus_get_link()
    - can: rx-offload: don't call kfree_skb() from IRQ context
    - can: dev: can_get_echo_skb(): prevent call to kfree_skb() in hard IRQ
      context
    - can: dev: __can_get_echo_skb(): fix real payload length return value for RTR
      frames
    - can: can_create_echo_skb(): fix echo skb generation: always use skb_clone()
    - can: peak_usb: add range checking in decode operations
    - can: peak_usb: peak_usb_get_ts_time(): fix timestamp wrapping
    - can: peak_canfd: pucan_handle_can_rx(): fix echo management when loopback is
      on
    - xfs: flush new eof page on truncate to avoid post-eof corruption
    - Btrfs: fix missing error return if writeback for extent buffer never started
    - ath9k_htc: Use appropriate rs_datalen type
    - usb: gadget: goku_udc: fix potential crashes in probe
    - gfs2: Free rd_bits later in gfs2_clear_rgrpd to fix use-after-free
    - gfs2: Add missing truncate_inode_pages_final for sd_aspace
    - gfs2: check for live vs. read-only file system in gfs2_fitrim
    - scsi: hpsa: Fix memory leak in hpsa_init_one()
    - drm/amdgpu: perform srbm soft reset always on SDMA resume
    - mac80211: fix use of skb payload instead of header
    - cfg80211: regulatory: Fix inconsistent format argument
    - scsi: scsi_dh_alua: Avoid crash during alua_bus_detach()
    - iommu/amd: Increase interrupt remapping table limit to 512 entries
    - pinctrl: intel: Set default bias in case no particular value given
    - ARM: 9019/1: kprobes: Avoid fortify_panic() when copying optprobe template
    - pinctrl: aspeed: Fix GPI only function problem.
    - nbd: fix a block_device refcount leak in nbd_release
    - xfs: fix flags argument to rmap lookup when converting shared file rmaps
    - xfs: fix rmap key and record comparison functions
    - xfs: fix a missing unlock on error in xfs_fs_map_blocks
    - of/address: Fix of_node memory leak in of_dma_is_coherent
    - cosa: Add missing kfree in error path of cosa_write
    - perf: Fix get_recursion_context()
    - ext4: correctly report "not supported" for {usr,grp}jquota when
      !CONFIG_QUOTA
    - ext4: unlock xattr_sem properly in ext4_inline_data_truncate()
    - thunderbolt: Add the missed ida_simple_remove() in ring_request_msix()
    - uio: Fix use-after-free in uio_unregister_device()
    - usb: cdc-acm: Add DISABLE_ECHO for Renesas USB Download mode
    - mei: protect mei_cl_mtu from null dereference
    - futex: Don't enable IRQs unconditionally in put_pi_state()
    - ocfs2: initialize ip_next_orphan
    - selinux: Fix error return code in sel_ib_pkey_sid_slow()
    - don't dump the threads that had been already exiting when zapped.
    - drm/gma500: Fix out-of-bounds access to struct drm_device.vblank[]
    - pinctrl: amd: use higher precision for 512 RtcClk
    - pinctrl: amd: fix incorrect way to disable debounce filter
    - swiotlb: fix "x86: Don't panic if can not alloc buffer for swiotlb"
    - IPv6: Set SIT tunnel hard_header_len to zero
    - net/af_iucv: fix null pointer dereference on shutdown
    - net/x25: Fix null-ptr-deref in x25_connect
    - vrf: Fix fast path output packet handling with async Netfilter rules
    - r8169: fix potential skb double free in an error path
    - net: Update window_clamp if SOCK_RCVBUF is set
    - random32: make prandom_u32() output unpredictable
    - x86/speculation: Allow IBPB to be conditionally enabled on CPUs with always-
      on STIBP
    - perf/core: Fix bad use of igrab()
    - perf/core: Fix crash when using HW tracing kernel filters
    - perf/core: Fix a memory leak in perf_event_parse_addr_filter()
    - Revert "kernel/reboot.c: convert simple_strtoul to kstrtoint"
    - reboot: fix overflow parsing reboot cpu number
    - Convert trailing spaces and periods in path components
    - xfs: fix scrub flagging rtinherit even if there is no rt device
    - drm/amd/pm: perform SMC reset on suspend/hibernation
    - drm/amd/pm: do not use ixFEATURE_STATUS for checking smc running
    - s390/smp: move rcu_cpu_starting() earlier
    - tpm_tis: Disable interrupts on ThinkPad T490s
    - tick/common: Touch watchdog in tick_unfreeze() on all CPUs
    - mfd: sprd: Add wakeup capability for PMIC IRQ
    - btrfs: ref-verify: fix memory leak in btrfs_ref_tree_mod
    - thunderbolt: Fix memory leak if ida_simple_get() fails in
      enumerate_services()
    - btrfs: fix potential overflow in cluster_pages_for_defrag on 32bit arch
    - mmc: renesas_sdhi_core: Add missing tmio_mmc_host_free() at remove

  [ Ubuntu: 4.15.0-132.136 ]

  * bionic/linux: 4.15.0-132.136 -proposed tracker (LP: #1911147)
  * Packaging resync (LP: #1786013)
    - update dkms package versions
  * CVE-2020-28374
    - SAUCE: target: fix XCOPY NAA identifier lookup

  [ Ubuntu: 4.15.0-130.134 ]

  * Packaging resync (LP: #1786013)
    - update dkms package versions
  * CVE-2021-1052 // CVE-2021-1053
    - [Packaging] NVIDIA -- Add the NVIDIA 460 driver

 -- Kelsey Skunberg <kelsey.skunberg@xxxxxxxxxxxxx>  Thu, 14 Jan 2021
16:21:24 -0700

** Changed in: linux-kvm (Ubuntu Bionic)
       Status: Fix Committed => Fix Released

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2020-27777

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2020-28374

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2021-1052

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2021-1053

** Changed in: linux-kvm (Ubuntu Focal)
       Status: Fix Committed => Fix Released

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2020-16120

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1866149

Title:
  CONFIG_BASE_SMALL=1 restricts pid space, which conflicts with systemd
  default sysctl

Status in linux package in Ubuntu:
  Invalid
Status in linux-kvm package in Ubuntu:
  Incomplete
Status in linux source package in Xenial:
  Invalid
Status in linux-kvm source package in Xenial:
  Fix Released
Status in linux source package in Bionic:
  Invalid
Status in linux-kvm source package in Bionic:
  Fix Released
Status in linux source package in Focal:
  Invalid
Status in linux-kvm source package in Focal:
  Fix Released
Status in linux source package in Groovy:
  Invalid
Status in linux-kvm source package in Groovy:
  Fix Released

Bug description:
  [Impact]
  systemd-systemctl will fail to set kernel.pid_max, leading to a degraded boot.

  [Fix]
  Set CONFIG_BASE_FULL=y, CONFIG_BASE_SMALL=0.

  [Test case]
  Write 419304 to /proc/sys/kernel/pid_max.

  [Potential regression]
  Boot time may be affected.

  
  ====================================================================

  I'm not completely sure which package to log this against.

  I'm running the kvm focal minimal cloud image from 20200302. I noticed
  on boot that there was an error complaining that systemd-systemctl
  couldn't update pid_max to the value it wanted:

  systemd-sysctl[117]: Couldn't write '4194304' to 'kernel/pid_max':
  Invalid argument

  Digging into it a bit more, this comes from /usr/lib/sysctl.d/50-pid-max.conf:
  # Bump the numeric PID range to its maximum of 2^22 (from the in-kernel default
  # of 2^16), to make PID collisions less likely.
  kernel.pid_max = 4194304

  However, the linux-image-kvm kernel is compiled with
  CONFIG_BASE_SMALL=1

  and this triggers the following code in include/linux/threads.h

  #define PID_MAX_LIMIT (CONFIG_BASE_SMALL ? PAGE_SIZE * 8 : \
   (sizeof(long) > 4 ? 4 * 1024 * 1024 : PID_MAX_DEFAULT))

  which means that if CONFIG_BASE_SMALL is set we get a maximum limit of
  PAGE_SIZE * 8, which on x86 would be 32768.

  As a workaround I can override it with a file in /etc/sysctl.d/ but
  this shouldn't be needed.

  I really don't know if CONFIG_BASE_SMALL makes any sense on x86 cloud
  images, they really aren't small machines in the scheme of things!

  Cheers

  David

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1866149/+subscriptions