[Kernel-packages] [Bug 1862114] Re: pty03 from pty in ubuntu_ltp failed on Eoan

Launchpad Bug Tracker Mon, 16 Mar 2020 07:32:28 -0700

This bug was fixed in the package linux - 4.4.0-176.206

---------------
linux (4.4.0-176.206) xenial; urgency=medium


  * xenial/linux: 4.4.0-176.206 -proposed tracker (LP: #1865106)

  * CVE-2020-2732
    - x86/vdso: Use RDPID in preference to LSL when available
    - KVM: x86: emulate RDPID
    - KVM: nVMX: Don't emulate instructions in guest mode
    - KVM: nVMX: Refactor IO bitmap checks into helper function
    - KVM: nVMX: Check IO instruction VM-exit conditions

linux (4.4.0-175.205) xenial; urgency=medium

  * xenial/linux: 4.4.0-175.205 -proposed tracker (LP: #1863338)

  * run_afpackettests in ubuntu_kernel_selftests failed with "./in_netns.sh:
    Permission denied" (LP: #1861973)
    - [Debian] autoreconstruct - add resoration of execute permissions

  * pty03 from pty in ubuntu_ltp failed on Eoan (LP: #1862114)
    - can, slip: Protect tty->disc_data in write_wakeup and close with RCU

 -- Khalid Elmously <khalid.elmou...@canonical.com>  Thu, 27 Feb 2020
23:41:44 -0500

** Changed in: linux (Ubuntu Xenial)
       Status: Fix Committed => Fix Released

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1862114

Title:
  pty03 from pty in ubuntu_ltp failed on Eoan

Status in ubuntu-kernel-tests:
  Fix Released
Status in linux package in Ubuntu:
  In Progress
Status in linux source package in Xenial:
  Fix Released
Status in linux source package in Bionic:
  Fix Released
Status in linux source package in Disco:
  Fix Committed
Status in linux source package in Eoan:
  Fix Released

Bug description:
  == Justification ==
  The test case pty03 from pty in ubuntu_ltp is failing with kernel NULL
  pointer dereference:

  [ 951.306823] BUG: kernel NULL pointer dereference, address: 0000000000000020
  [ 951.309960] #PF: supervisor write access in kernel mode
  [ 951.312130] #PF: error_code(0x0002) - not-present page
  [ 951.314227] PGD 0 P4D 0
  [ 951.315278] Oops: 0002 [#1] SMP PTI
  [ 951.316705] CPU: 1 PID: 39102 Comm: pty03 Not tainted 5.4.0-12-generic 
#15-Ubuntu
  [ 951.319737] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 
1.10.2-1ubuntu1 04/01/2014
  [ 951.322713] RIP: 0010:queue_work_on+0x1b/0x50

  [ 951.352494] Call Trace:
  [ 951.353244] slip_write_wakeup+0x25/0x30 [slip]
  [ 951.354600] tty_wakeup+0x5b/0x70
  [ 951.355539] pty_unthrottle+0x19/0x30
  [ 951.356560] tty_unthrottle+0x42/0x60
  [ 951.357566] __tty_perform_flush+0x87/0x90
  [ 951.358768] n_tty_ioctl_helper+0xcc/0x150
  [ 951.359955] n_tty_ioctl+0x2d/0x100
  [ 951.360930] tty_ioctl+0x3c0/0x8e0
  [ 951.361882] ? __switch_to_asm+0x34/0x70
  [ 951.363049] ? __switch_to_asm+0x40/0x70
  [ 951.364191] ? __switch_to_asm+0x34/0x70
  [ 951.365261] ? __switch_to_asm+0x40/0x70
  [ 951.366382] ? __switch_to_asm+0x34/0x70
  [ 951.367452] ? __switch_to_asm+0x40/0x70
  [ 951.368523] ? __switch_to_asm+0x34/0x70
  [ 951.369693] ? __switch_to_asm+0x40/0x70
  [ 951.370829] ? __switch_to_asm+0x34/0x70
  [ 951.371923] ? __switch_to_asm+0x40/0x70
  [ 951.372998] ? __switch_to_asm+0x34/0x70
  [ 951.374097] ? __switch_to_asm+0x40/0x70
  [ 951.375183] ? __switch_to_asm+0x34/0x70
  [ 951.376288] ? __switch_to_asm+0x40/0x70
  [ 951.377390] ? __switch_to+0x110/0x470
  [ 951.378863] do_vfs_ioctl+0x407/0x670
  [ 951.380269] ? __schedule+0x2eb/0x740
  [ 951.381761] ksys_ioctl+0x67/0x90
  [ 951.383076] __x64_sys_ioctl+0x1a/0x20
  [ 951.384510] do_syscall_64+0x57/0x190
  [ 951.385896] entry_SYSCALL_64_after_hwframe+0x44/0xa9

  == Fixes ==
  Indicated by the test case, this issue can be fixed by:
  * 0ace17d5 (can, slip: Protect tty->disc_data in write_wakeup and
  close with RCU)

  This patch can be cherry-picked into all of our kernels.

  == Test ==
  Test kernels could be found here:
  https://people.canonical.com/~phlin/kernel/lp-1862114-pty03/

  Tested on KVM nodes and the patched kernels work as expected, there
  will be no more kernel null pointer dereference issue, and the test
  can finish properly.

  == Regression potential ==
  Low, changes limited to two specific drivers for serial line TTY. This
  issue can be reproduced quite easily and the patched kernels show
  positive results.


  == Original Bug Report ==
  startup='Thu Feb  6 02:45:23 2020'
   tst_test.c:1215: INFO: Timeout per run is 0h 05m 00s
   pty03.c:101: INFO: Creating PTY with SLIP line discipline
   Test timeouted, sending SIGKILL!
   Test timeouted, sending SIGKILL!
   Test timeouted, sending SIGKILL!
   Test timeouted, sending SIGKILL!
   Test timeouted, sending SIGKILL!
   Test timeouted, sending SIGKILL!
   Test timeouted, sending SIGKILL!
   Test timeouted, sending SIGKILL!
   Test timeouted, sending SIGKILL!
   Test timeouted, sending SIGKILL!
   Test timeouted, sending SIGKILL!
   Cannot kill test processes!
   Congratulation, likely test hit a kernel bug.
   Exitting uncleanly...
   tag=pty03 stime=1580957123 dur=350 exit=exited stat=1 core=no cu=0 cs=0

  This is a new test case, so it's not a regression.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu-kernel-tests/+bug/1862114/+subscriptions

-- 
Mailing list: https://launchpad.net/~kernel-packages
Post to     : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help   : https://help.launchpad.net/ListHelp

[Kernel-packages] [Bug 1862114] Re: pty03 from pty in ubuntu_ltp failed on Eoan

Reply via email to