[Kernel-packages] [Bug 1934110] Re: ubuntu-host driver lacks lseek ops
This is a Hirsute/5.11 change which already got released. The verification request seems to be triggered somehow by the hwe-5.11 kernel. This seems wrong. ** Tags removed: verification-needed-focal -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1934110 Title: ubuntu-host driver lacks lseek ops Status in linux package in Ubuntu: Fix Released Status in linux source package in Groovy: Won't Fix Status in linux source package in Hirsute: Fix Released Bug description: [ SRU Justification ][GROOVY][HIRSUTE][IMPISH] == Impact == The ubuntu-host driver lacks procfs lseek ops and lseeking on the procfs esm-token file will jump to a NULL address causing the following splat: 942.470568] BUG: kernel NULL pointer dereference, address: [ 942.471157] #PF: supervisor instruction fetch in kernel mode [ 942.471724] #PF: error_code(0x0010) - not-present page [ 942.472297] PGD 0 P4D 0 [ 942.472867] Oops: 0010 [#1] SMP PTI [ 942.473435] CPU: 2 PID: 5661 Comm: stress-ng Not tainted 5.13.0-9-generic #9 [ 942.474012] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 0.0.0 02/06/2015 [ 942.474599] RIP: 0010:0x0 [ 942.475194] Code: Unable to access opcode bytes at RIP 0xffd6. [ 942.475792] RSP: 0018:aacf80ff7eb8 EFLAGS: 00010246 [ 942.476383] RAX: RBX: 9eaa8a175240 RCX: 0001 [ 942.476986] RDX: RSI: RDI: 9eaa838d5800 [ 942.477600] RBP: aacf80ff7ed0 R08: 4000 R09: 0004 [ 942.478203] R10: 0002 R11: R12: [ 942.478800] R13: R14: ffea R15: 9eaa838d5800 [ 942.479399] FS: 7f998d487f00() GS:9eaaffc8() knlGS: [ 942.480006] CS: 0010 DS: ES: CR0: 80050033 [ 942.480607] CR2: ffd6 CR3: 00010a774002 CR4: 00370ee0 [ 942.481219] DR0: DR1: DR2: [ 942.481855] DR3: DR6: fffe0ff0 DR7: 0400 [ 942.482458] Call Trace: [ 942.483052] proc_reg_llseek+0x4e/0x80 [ 942.483646] ? __fdget_pos+0x43/0x50 [ 942.484234] ksys_lseek+0x84/0xc0 [ 942.484815] __x64_sys_lseek+0x1a/0x20 [ 942.485412] do_syscall_64+0x61/0xb0 [ 942.485966] ? asm_exc_page_fault+0x8/0x30 [ 942.486476] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 942.486994] RIP: 0033:0x7f998d5c1cdb [ 942.487512] Code: ff ff c3 0f 1f 40 00 48 8b 15 89 81 0d 00 f7 d8 64 89 02 48 c7 c0 ff ff ff ff eb ba 0f 1f 00 f3 0f 1e fa b8 08 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 05 c3 0f 1f 40 00 48 8b 15 59 81 0d 00 f7 d8 [ 942.488593] RSP: 002b:7ffdf61c5328 EFLAGS: 0246 ORIG_RAX: 0008 [ 942.489148] RAX: ffda RBX: RCX: 7f998d5c1cdb [ 942.489710] RDX: RSI: RDI: 0004 [ 942.490252] RBP: 0004 R08: 01785e4740dd R09: 562dbebb9e50 [ 942.490801] R10: 7ffdf61c5300 R11: 0246 R12: 7ffdf61c63f0 [ 942.491354] R13: 7ffdf61c53f0 R14: 0003 R15: 01e9 == Fix == Add the default_llseek ops: diff --git a/ubuntu/ubuntu-host/ubuntu-host.c b/ubuntu/ubuntu-host/ubuntu-host.c index 1abd402..a4c0636 100644 --- a/ubuntu/ubuntu-host/ubuntu-host.c +++ b/ubuntu/ubuntu-host/ubuntu-host.c @@ -38,6 +38,8 @@ static ssize_t esm_token_write(struct file *f, const char __user *buf, static const struct proc_ops esm_token_fops = { .proc_read = esm_token_read, .proc_write = esm_token_write, + .proc_lseek = default_llseek, + }; == Test plan == modrobe ubuntu-host stress-ng --procfs 0 -t 60 without the fix we hit the splat. With the fix it's OK. == Where problems could occur == This one liner adds the missing proc_lseek op. It is hard to see where it can cause a regression since it affects the driver no other way. I doubt any code is relying on the current semantics of lseek not working. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1934110/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1934110] Re: ubuntu-host driver lacks lseek ops
This bug is awaiting verification that the kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed- focal' to 'verification-done-focal'. If the problem still exists, change the tag 'verification-needed-focal' to 'verification-failed-focal'. If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you! ** Tags added: verification-needed-focal -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1934110 Title: ubuntu-host driver lacks lseek ops Status in linux package in Ubuntu: Fix Released Status in linux source package in Groovy: Won't Fix Status in linux source package in Hirsute: Fix Released Bug description: [ SRU Justification ][GROOVY][HIRSUTE][IMPISH] == Impact == The ubuntu-host driver lacks procfs lseek ops and lseeking on the procfs esm-token file will jump to a NULL address causing the following splat: 942.470568] BUG: kernel NULL pointer dereference, address: [ 942.471157] #PF: supervisor instruction fetch in kernel mode [ 942.471724] #PF: error_code(0x0010) - not-present page [ 942.472297] PGD 0 P4D 0 [ 942.472867] Oops: 0010 [#1] SMP PTI [ 942.473435] CPU: 2 PID: 5661 Comm: stress-ng Not tainted 5.13.0-9-generic #9 [ 942.474012] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 0.0.0 02/06/2015 [ 942.474599] RIP: 0010:0x0 [ 942.475194] Code: Unable to access opcode bytes at RIP 0xffd6. [ 942.475792] RSP: 0018:aacf80ff7eb8 EFLAGS: 00010246 [ 942.476383] RAX: RBX: 9eaa8a175240 RCX: 0001 [ 942.476986] RDX: RSI: RDI: 9eaa838d5800 [ 942.477600] RBP: aacf80ff7ed0 R08: 4000 R09: 0004 [ 942.478203] R10: 0002 R11: R12: [ 942.478800] R13: R14: ffea R15: 9eaa838d5800 [ 942.479399] FS: 7f998d487f00() GS:9eaaffc8() knlGS: [ 942.480006] CS: 0010 DS: ES: CR0: 80050033 [ 942.480607] CR2: ffd6 CR3: 00010a774002 CR4: 00370ee0 [ 942.481219] DR0: DR1: DR2: [ 942.481855] DR3: DR6: fffe0ff0 DR7: 0400 [ 942.482458] Call Trace: [ 942.483052] proc_reg_llseek+0x4e/0x80 [ 942.483646] ? __fdget_pos+0x43/0x50 [ 942.484234] ksys_lseek+0x84/0xc0 [ 942.484815] __x64_sys_lseek+0x1a/0x20 [ 942.485412] do_syscall_64+0x61/0xb0 [ 942.485966] ? asm_exc_page_fault+0x8/0x30 [ 942.486476] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 942.486994] RIP: 0033:0x7f998d5c1cdb [ 942.487512] Code: ff ff c3 0f 1f 40 00 48 8b 15 89 81 0d 00 f7 d8 64 89 02 48 c7 c0 ff ff ff ff eb ba 0f 1f 00 f3 0f 1e fa b8 08 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 05 c3 0f 1f 40 00 48 8b 15 59 81 0d 00 f7 d8 [ 942.488593] RSP: 002b:7ffdf61c5328 EFLAGS: 0246 ORIG_RAX: 0008 [ 942.489148] RAX: ffda RBX: RCX: 7f998d5c1cdb [ 942.489710] RDX: RSI: RDI: 0004 [ 942.490252] RBP: 0004 R08: 01785e4740dd R09: 562dbebb9e50 [ 942.490801] R10: 7ffdf61c5300 R11: 0246 R12: 7ffdf61c63f0 [ 942.491354] R13: 7ffdf61c53f0 R14: 0003 R15: 01e9 == Fix == Add the default_llseek ops: diff --git a/ubuntu/ubuntu-host/ubuntu-host.c b/ubuntu/ubuntu-host/ubuntu-host.c index 1abd402..a4c0636 100644 --- a/ubuntu/ubuntu-host/ubuntu-host.c +++ b/ubuntu/ubuntu-host/ubuntu-host.c @@ -38,6 +38,8 @@ static ssize_t esm_token_write(struct file *f, const char __user *buf, static const struct proc_ops esm_token_fops = { .proc_read = esm_token_read, .proc_write = esm_token_write, + .proc_lseek = default_llseek, + }; == Test plan == modrobe ubuntu-host stress-ng --procfs 0 -t 60 without the fix we hit the splat. With the fix it's OK. == Where problems could occur == This one liner adds the missing proc_lseek op. It is hard to see where it can cause a regression since it affects the driver no other way. I doubt any code is relying on the current semantics of lseek not working. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1934110/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe :
[Kernel-packages] [Bug 1934110] Re: ubuntu-host driver lacks lseek ops
This bug was fixed in the package linux - 5.13.0-14.14 --- linux (5.13.0-14.14) impish; urgency=medium * impish/linux: 5.13.0-14.14 -proposed tracker (LP: #1938565) * Miscellaneous Ubuntu changes - SAUCE: Revert "UBUNTU: SAUCE: random: Make getrandom() ready earlier" - SAUCE: random: properly make getrandom() ready earlier * Miscellaneous upstream changes - seq_buf: Fix overflow in seq_buf_putmem_hex() - bpf: Fix integer overflow in argument calculation for bpf_map_area_alloc - ext4: cleanup in-core orphan list if ext4_truncate() failed to get a transaction handle - ext4: fix kernel infoleak via ext4_extent_header - ext4: fix overflow in ext4_iomap_alloc() - ext4: return error code when ext4_fill_flex_info() fails - ext4: correct the cache_nr in tracepoint ext4_es_shrink_exit - ext4: remove check for zero nr_to_scan in ext4_es_scan() - ext4: fix avefreec in find_group_orlov - ext4: use ext4_grp_locked_error in mb_find_extent -- Andrea Righi Mon, 02 Aug 2021 14:23:08 +0200 ** Changed in: linux (Ubuntu) Status: In Progress => Fix Released -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1934110 Title: ubuntu-host driver lacks lseek ops Status in linux package in Ubuntu: Fix Released Status in linux source package in Groovy: Won't Fix Status in linux source package in Hirsute: Fix Released Bug description: [ SRU Justification ][GROOVY][HIRSUTE][IMPISH] == Impact == The ubuntu-host driver lacks procfs lseek ops and lseeking on the procfs esm-token file will jump to a NULL address causing the following splat: 942.470568] BUG: kernel NULL pointer dereference, address: [ 942.471157] #PF: supervisor instruction fetch in kernel mode [ 942.471724] #PF: error_code(0x0010) - not-present page [ 942.472297] PGD 0 P4D 0 [ 942.472867] Oops: 0010 [#1] SMP PTI [ 942.473435] CPU: 2 PID: 5661 Comm: stress-ng Not tainted 5.13.0-9-generic #9 [ 942.474012] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 0.0.0 02/06/2015 [ 942.474599] RIP: 0010:0x0 [ 942.475194] Code: Unable to access opcode bytes at RIP 0xffd6. [ 942.475792] RSP: 0018:aacf80ff7eb8 EFLAGS: 00010246 [ 942.476383] RAX: RBX: 9eaa8a175240 RCX: 0001 [ 942.476986] RDX: RSI: RDI: 9eaa838d5800 [ 942.477600] RBP: aacf80ff7ed0 R08: 4000 R09: 0004 [ 942.478203] R10: 0002 R11: R12: [ 942.478800] R13: R14: ffea R15: 9eaa838d5800 [ 942.479399] FS: 7f998d487f00() GS:9eaaffc8() knlGS: [ 942.480006] CS: 0010 DS: ES: CR0: 80050033 [ 942.480607] CR2: ffd6 CR3: 00010a774002 CR4: 00370ee0 [ 942.481219] DR0: DR1: DR2: [ 942.481855] DR3: DR6: fffe0ff0 DR7: 0400 [ 942.482458] Call Trace: [ 942.483052] proc_reg_llseek+0x4e/0x80 [ 942.483646] ? __fdget_pos+0x43/0x50 [ 942.484234] ksys_lseek+0x84/0xc0 [ 942.484815] __x64_sys_lseek+0x1a/0x20 [ 942.485412] do_syscall_64+0x61/0xb0 [ 942.485966] ? asm_exc_page_fault+0x8/0x30 [ 942.486476] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 942.486994] RIP: 0033:0x7f998d5c1cdb [ 942.487512] Code: ff ff c3 0f 1f 40 00 48 8b 15 89 81 0d 00 f7 d8 64 89 02 48 c7 c0 ff ff ff ff eb ba 0f 1f 00 f3 0f 1e fa b8 08 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 05 c3 0f 1f 40 00 48 8b 15 59 81 0d 00 f7 d8 [ 942.488593] RSP: 002b:7ffdf61c5328 EFLAGS: 0246 ORIG_RAX: 0008 [ 942.489148] RAX: ffda RBX: RCX: 7f998d5c1cdb [ 942.489710] RDX: RSI: RDI: 0004 [ 942.490252] RBP: 0004 R08: 01785e4740dd R09: 562dbebb9e50 [ 942.490801] R10: 7ffdf61c5300 R11: 0246 R12: 7ffdf61c63f0 [ 942.491354] R13: 7ffdf61c53f0 R14: 0003 R15: 01e9 == Fix == Add the default_llseek ops: diff --git a/ubuntu/ubuntu-host/ubuntu-host.c b/ubuntu/ubuntu-host/ubuntu-host.c index 1abd402..a4c0636 100644 --- a/ubuntu/ubuntu-host/ubuntu-host.c +++ b/ubuntu/ubuntu-host/ubuntu-host.c @@ -38,6 +38,8 @@ static ssize_t esm_token_write(struct file *f, const char __user *buf, static const struct proc_ops esm_token_fops = { .proc_read = esm_token_read, .proc_write = esm_token_write, + .proc_lseek = default_llseek, + }; == Test plan == modrobe ubuntu-host stress-ng --procfs 0 -t 60 without the fix we hit the splat. With the fix it's OK. == Where problems could
[Kernel-packages] [Bug 1934110] Re: ubuntu-host driver lacks lseek ops
This bug was fixed in the package linux - 5.11.0-31.33 --- linux (5.11.0-31.33) hirsute; urgency=medium * hirsute/linux: 5.11.0-31.33 -proposed tracker (LP: #1939553) * REGRESSION: shiftfs lets sendfile fail with EINVAL (LP: #1939301) - SAUCE: shiftfs: fix sendfile() invocations linux (5.11.0-26.28) hirsute; urgency=medium * Packaging resync (LP: #1786013) - update dkms package versions * large_dir in ext4 broken (LP: #1933074) - SAUCE: ext4: fix directory index node split corruption * Add l2tp.sh in net from ubuntu_kernel_selftests back (LP: #1934293) - Revert "UBUNTU: SAUCE: selftests/net -- disable l2tp.sh test" * icmp_redirect.sh in net from ubuntu_kernel_selftests failed on F-OEM-5.6 / F-OEM-5.10 / F-OEM-5.13 / F / G / H (LP: #1880645) - selftests: icmp_redirect: support expected failures * Mute/mic LEDs no function on some HP platfroms (LP: #1934878) - ALSA: hda/realtek: fix mute/micmute LEDs for HP ProBook 450 G8 - ALSA: hda/realtek: fix mute/micmute LEDs for HP ProBook 445 G8 - ALSA: hda/realtek: fix mute/micmute LEDs for HP ProBook 630 G8 * [SRU][OEM-5.10/H] Fix HDMI output issue on Intel TGL GPU (LP: #1934864) - drm/i915: Fix HAS_LSPCON macro for platforms between GEN9 and GEN10 * mute/micmute LEDs no function on HP EliteBook 830 G8 Notebook PC (LP: #1934239) - ALSA: hda/realtek: fix mute/micmute LEDs for HP EliteBook 830 G8 Notebook PC * ubuntu-host driver lacks lseek ops (LP: #1934110) - ubuntu-host: add generic lseek op * ubuntu_kernel_selftests ftrace fails on arm64 F / aws-5.8 / amd64 F azure-5.8 (LP: #1927749) - selftests/ftrace: fix event-no-pid on 1-core machine * Hirsute update: upstream stable patchset 2021-06-29 (LP: #1934012) - proc: Track /proc/$pid/attr/ opener mm_struct - ASoC: max98088: fix ni clock divider calculation - ASoC: amd: fix for pcm_read() error - spi: Fix spi device unregister flow - spi: spi-zynq-qspi: Fix stack violation bug - bpf: Forbid trampoline attach for functions with variable arguments - net/nfc/rawsock.c: fix a permission check bug - usb: cdns3: Fix runtime PM imbalance on error - ASoC: Intel: bytcr_rt5640: Add quirk for the Glavey TM800A550L tablet - ASoC: Intel: bytcr_rt5640: Add quirk for the Lenovo Miix 3-830 tablet - vfio-ccw: Reset FSM state to IDLE inside FSM - vfio-ccw: Serialize FSM IDLE state with I/O completion - ASoC: sti-sas: add missing MODULE_DEVICE_TABLE - spi: sprd: Add missing MODULE_DEVICE_TABLE - usb: chipidea: udc: assign interrupt number to USB gadget structure - isdn: mISDN: netjet: Fix crash in nj_probe: - bonding: init notify_work earlier to avoid uninitialized use - netlink: disable IRQs for netlink_lock_table() - net: mdiobus: get rid of a BUG_ON() - cgroup: disable controllers at parse time - wq: handle VM suspension in stall detection - net/qla3xxx: fix schedule while atomic in ql_sem_spinlock - RDS tcp loopback connection can hang - net:sfc: fix non-freed irq in legacy irq mode - scsi: bnx2fc: Return failure if io_req is already in ABTS processing - scsi: vmw_pvscsi: Set correct residual data length - scsi: hisi_sas: Drop free_irq() of devm_request_irq() allocated irq - scsi: target: qla2xxx: Wait for stop_phase1 at WWN removal - net: macb: ensure the device is available before accessing GEMGXL control registers - net: appletalk: cops: Fix data race in cops_probe1 - net: dsa: microchip: enable phy errata workaround on 9567 - nvme-fabrics: decode host pathing error for connect - MIPS: Fix kernel hang under FUNCTION_GRAPH_TRACER and PREEMPT_TRACER - dm verity: fix require_signatures module_param permissions - bnx2x: Fix missing error code in bnx2x_iov_init_one() - nvme-tcp: remove incorrect Kconfig dep in BLK_DEV_NVME - nvmet: fix false keep-alive timeout when a controller is torn down - powerpc/fsl: set fsl,i2c-erratum-a004447 flag for P2041 i2c controllers - powerpc/fsl: set fsl,i2c-erratum-a004447 flag for P1010 i2c controllers - spi: Don't have controller clean up spi device before driver unbind - spi: Cleanup on failure of initial setup - i2c: mpc: Make use of i2c_recover_bus() - i2c: mpc: implement erratum A-004447 workaround - ALSA: seq: Fix race of snd_seq_timer_open() - ALSA: firewire-lib: fix the context to call snd_pcm_stop_xrun() - spi: bcm2835: Fix out-of-bounds access with more than 4 slaves - Revert "ACPI: sleep: Put the FACS table after using it" - drm: Fix use-after-free read in drm_getunique() - drm: Lock pointer access in drm_master_release() - perf/x86/intel/uncore: Fix M2M event umask for Ice Lake server - KVM: X86: MMU: Use the correct inherited permissions to get shadow page - kvm: avoid speculation-based attacks from out-of-range memslot accesses - staging: rtl8723bs: Fix
[Kernel-packages] [Bug 1934110] Re: ubuntu-host driver lacks lseek ops
Removing focal tag as this SRU does not apply to focal, it does not have this driver. ** Tags removed: verification-needed-focal -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1934110 Title: ubuntu-host driver lacks lseek ops Status in linux package in Ubuntu: In Progress Status in linux source package in Groovy: Won't Fix Status in linux source package in Hirsute: Fix Committed Bug description: [ SRU Justification ][GROOVY][HIRSUTE][IMPISH] == Impact == The ubuntu-host driver lacks procfs lseek ops and lseeking on the procfs esm-token file will jump to a NULL address causing the following splat: 942.470568] BUG: kernel NULL pointer dereference, address: [ 942.471157] #PF: supervisor instruction fetch in kernel mode [ 942.471724] #PF: error_code(0x0010) - not-present page [ 942.472297] PGD 0 P4D 0 [ 942.472867] Oops: 0010 [#1] SMP PTI [ 942.473435] CPU: 2 PID: 5661 Comm: stress-ng Not tainted 5.13.0-9-generic #9 [ 942.474012] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 0.0.0 02/06/2015 [ 942.474599] RIP: 0010:0x0 [ 942.475194] Code: Unable to access opcode bytes at RIP 0xffd6. [ 942.475792] RSP: 0018:aacf80ff7eb8 EFLAGS: 00010246 [ 942.476383] RAX: RBX: 9eaa8a175240 RCX: 0001 [ 942.476986] RDX: RSI: RDI: 9eaa838d5800 [ 942.477600] RBP: aacf80ff7ed0 R08: 4000 R09: 0004 [ 942.478203] R10: 0002 R11: R12: [ 942.478800] R13: R14: ffea R15: 9eaa838d5800 [ 942.479399] FS: 7f998d487f00() GS:9eaaffc8() knlGS: [ 942.480006] CS: 0010 DS: ES: CR0: 80050033 [ 942.480607] CR2: ffd6 CR3: 00010a774002 CR4: 00370ee0 [ 942.481219] DR0: DR1: DR2: [ 942.481855] DR3: DR6: fffe0ff0 DR7: 0400 [ 942.482458] Call Trace: [ 942.483052] proc_reg_llseek+0x4e/0x80 [ 942.483646] ? __fdget_pos+0x43/0x50 [ 942.484234] ksys_lseek+0x84/0xc0 [ 942.484815] __x64_sys_lseek+0x1a/0x20 [ 942.485412] do_syscall_64+0x61/0xb0 [ 942.485966] ? asm_exc_page_fault+0x8/0x30 [ 942.486476] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 942.486994] RIP: 0033:0x7f998d5c1cdb [ 942.487512] Code: ff ff c3 0f 1f 40 00 48 8b 15 89 81 0d 00 f7 d8 64 89 02 48 c7 c0 ff ff ff ff eb ba 0f 1f 00 f3 0f 1e fa b8 08 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 05 c3 0f 1f 40 00 48 8b 15 59 81 0d 00 f7 d8 [ 942.488593] RSP: 002b:7ffdf61c5328 EFLAGS: 0246 ORIG_RAX: 0008 [ 942.489148] RAX: ffda RBX: RCX: 7f998d5c1cdb [ 942.489710] RDX: RSI: RDI: 0004 [ 942.490252] RBP: 0004 R08: 01785e4740dd R09: 562dbebb9e50 [ 942.490801] R10: 7ffdf61c5300 R11: 0246 R12: 7ffdf61c63f0 [ 942.491354] R13: 7ffdf61c53f0 R14: 0003 R15: 01e9 == Fix == Add the default_llseek ops: diff --git a/ubuntu/ubuntu-host/ubuntu-host.c b/ubuntu/ubuntu-host/ubuntu-host.c index 1abd402..a4c0636 100644 --- a/ubuntu/ubuntu-host/ubuntu-host.c +++ b/ubuntu/ubuntu-host/ubuntu-host.c @@ -38,6 +38,8 @@ static ssize_t esm_token_write(struct file *f, const char __user *buf, static const struct proc_ops esm_token_fops = { .proc_read = esm_token_read, .proc_write = esm_token_write, + .proc_lseek = default_llseek, + }; == Test plan == modrobe ubuntu-host stress-ng --procfs 0 -t 60 without the fix we hit the splat. With the fix it's OK. == Where problems could occur == This one liner adds the missing proc_lseek op. It is hard to see where it can cause a regression since it affects the driver no other way. I doubt any code is relying on the current semantics of lseek not working. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1934110/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1934110] Re: ubuntu-host driver lacks lseek ops
Tested on Hirsute 5.11.0-26-generic, no crash observed, marking as verified. ** Tags removed: verification-needed-hirsute ** Tags added: verification-done-hirsute -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1934110 Title: ubuntu-host driver lacks lseek ops Status in linux package in Ubuntu: In Progress Status in linux source package in Groovy: Won't Fix Status in linux source package in Hirsute: Fix Committed Bug description: [ SRU Justification ][GROOVY][HIRSUTE][IMPISH] == Impact == The ubuntu-host driver lacks procfs lseek ops and lseeking on the procfs esm-token file will jump to a NULL address causing the following splat: 942.470568] BUG: kernel NULL pointer dereference, address: [ 942.471157] #PF: supervisor instruction fetch in kernel mode [ 942.471724] #PF: error_code(0x0010) - not-present page [ 942.472297] PGD 0 P4D 0 [ 942.472867] Oops: 0010 [#1] SMP PTI [ 942.473435] CPU: 2 PID: 5661 Comm: stress-ng Not tainted 5.13.0-9-generic #9 [ 942.474012] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 0.0.0 02/06/2015 [ 942.474599] RIP: 0010:0x0 [ 942.475194] Code: Unable to access opcode bytes at RIP 0xffd6. [ 942.475792] RSP: 0018:aacf80ff7eb8 EFLAGS: 00010246 [ 942.476383] RAX: RBX: 9eaa8a175240 RCX: 0001 [ 942.476986] RDX: RSI: RDI: 9eaa838d5800 [ 942.477600] RBP: aacf80ff7ed0 R08: 4000 R09: 0004 [ 942.478203] R10: 0002 R11: R12: [ 942.478800] R13: R14: ffea R15: 9eaa838d5800 [ 942.479399] FS: 7f998d487f00() GS:9eaaffc8() knlGS: [ 942.480006] CS: 0010 DS: ES: CR0: 80050033 [ 942.480607] CR2: ffd6 CR3: 00010a774002 CR4: 00370ee0 [ 942.481219] DR0: DR1: DR2: [ 942.481855] DR3: DR6: fffe0ff0 DR7: 0400 [ 942.482458] Call Trace: [ 942.483052] proc_reg_llseek+0x4e/0x80 [ 942.483646] ? __fdget_pos+0x43/0x50 [ 942.484234] ksys_lseek+0x84/0xc0 [ 942.484815] __x64_sys_lseek+0x1a/0x20 [ 942.485412] do_syscall_64+0x61/0xb0 [ 942.485966] ? asm_exc_page_fault+0x8/0x30 [ 942.486476] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 942.486994] RIP: 0033:0x7f998d5c1cdb [ 942.487512] Code: ff ff c3 0f 1f 40 00 48 8b 15 89 81 0d 00 f7 d8 64 89 02 48 c7 c0 ff ff ff ff eb ba 0f 1f 00 f3 0f 1e fa b8 08 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 05 c3 0f 1f 40 00 48 8b 15 59 81 0d 00 f7 d8 [ 942.488593] RSP: 002b:7ffdf61c5328 EFLAGS: 0246 ORIG_RAX: 0008 [ 942.489148] RAX: ffda RBX: RCX: 7f998d5c1cdb [ 942.489710] RDX: RSI: RDI: 0004 [ 942.490252] RBP: 0004 R08: 01785e4740dd R09: 562dbebb9e50 [ 942.490801] R10: 7ffdf61c5300 R11: 0246 R12: 7ffdf61c63f0 [ 942.491354] R13: 7ffdf61c53f0 R14: 0003 R15: 01e9 == Fix == Add the default_llseek ops: diff --git a/ubuntu/ubuntu-host/ubuntu-host.c b/ubuntu/ubuntu-host/ubuntu-host.c index 1abd402..a4c0636 100644 --- a/ubuntu/ubuntu-host/ubuntu-host.c +++ b/ubuntu/ubuntu-host/ubuntu-host.c @@ -38,6 +38,8 @@ static ssize_t esm_token_write(struct file *f, const char __user *buf, static const struct proc_ops esm_token_fops = { .proc_read = esm_token_read, .proc_write = esm_token_write, + .proc_lseek = default_llseek, + }; == Test plan == modrobe ubuntu-host stress-ng --procfs 0 -t 60 without the fix we hit the splat. With the fix it's OK. == Where problems could occur == This one liner adds the missing proc_lseek op. It is hard to see where it can cause a regression since it affects the driver no other way. I doubt any code is relying on the current semantics of lseek not working. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1934110/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1934110] Re: ubuntu-host driver lacks lseek ops
The Groovy Gorilla has reached end of life, so this bug will not be fixed for that release ** Changed in: linux (Ubuntu Groovy) Status: Fix Committed => Won't Fix -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1934110 Title: ubuntu-host driver lacks lseek ops Status in linux package in Ubuntu: In Progress Status in linux source package in Groovy: Won't Fix Status in linux source package in Hirsute: Fix Committed Bug description: [ SRU Justification ][GROOVY][HIRSUTE][IMPISH] == Impact == The ubuntu-host driver lacks procfs lseek ops and lseeking on the procfs esm-token file will jump to a NULL address causing the following splat: 942.470568] BUG: kernel NULL pointer dereference, address: [ 942.471157] #PF: supervisor instruction fetch in kernel mode [ 942.471724] #PF: error_code(0x0010) - not-present page [ 942.472297] PGD 0 P4D 0 [ 942.472867] Oops: 0010 [#1] SMP PTI [ 942.473435] CPU: 2 PID: 5661 Comm: stress-ng Not tainted 5.13.0-9-generic #9 [ 942.474012] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 0.0.0 02/06/2015 [ 942.474599] RIP: 0010:0x0 [ 942.475194] Code: Unable to access opcode bytes at RIP 0xffd6. [ 942.475792] RSP: 0018:aacf80ff7eb8 EFLAGS: 00010246 [ 942.476383] RAX: RBX: 9eaa8a175240 RCX: 0001 [ 942.476986] RDX: RSI: RDI: 9eaa838d5800 [ 942.477600] RBP: aacf80ff7ed0 R08: 4000 R09: 0004 [ 942.478203] R10: 0002 R11: R12: [ 942.478800] R13: R14: ffea R15: 9eaa838d5800 [ 942.479399] FS: 7f998d487f00() GS:9eaaffc8() knlGS: [ 942.480006] CS: 0010 DS: ES: CR0: 80050033 [ 942.480607] CR2: ffd6 CR3: 00010a774002 CR4: 00370ee0 [ 942.481219] DR0: DR1: DR2: [ 942.481855] DR3: DR6: fffe0ff0 DR7: 0400 [ 942.482458] Call Trace: [ 942.483052] proc_reg_llseek+0x4e/0x80 [ 942.483646] ? __fdget_pos+0x43/0x50 [ 942.484234] ksys_lseek+0x84/0xc0 [ 942.484815] __x64_sys_lseek+0x1a/0x20 [ 942.485412] do_syscall_64+0x61/0xb0 [ 942.485966] ? asm_exc_page_fault+0x8/0x30 [ 942.486476] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 942.486994] RIP: 0033:0x7f998d5c1cdb [ 942.487512] Code: ff ff c3 0f 1f 40 00 48 8b 15 89 81 0d 00 f7 d8 64 89 02 48 c7 c0 ff ff ff ff eb ba 0f 1f 00 f3 0f 1e fa b8 08 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 05 c3 0f 1f 40 00 48 8b 15 59 81 0d 00 f7 d8 [ 942.488593] RSP: 002b:7ffdf61c5328 EFLAGS: 0246 ORIG_RAX: 0008 [ 942.489148] RAX: ffda RBX: RCX: 7f998d5c1cdb [ 942.489710] RDX: RSI: RDI: 0004 [ 942.490252] RBP: 0004 R08: 01785e4740dd R09: 562dbebb9e50 [ 942.490801] R10: 7ffdf61c5300 R11: 0246 R12: 7ffdf61c63f0 [ 942.491354] R13: 7ffdf61c53f0 R14: 0003 R15: 01e9 == Fix == Add the default_llseek ops: diff --git a/ubuntu/ubuntu-host/ubuntu-host.c b/ubuntu/ubuntu-host/ubuntu-host.c index 1abd402..a4c0636 100644 --- a/ubuntu/ubuntu-host/ubuntu-host.c +++ b/ubuntu/ubuntu-host/ubuntu-host.c @@ -38,6 +38,8 @@ static ssize_t esm_token_write(struct file *f, const char __user *buf, static const struct proc_ops esm_token_fops = { .proc_read = esm_token_read, .proc_write = esm_token_write, + .proc_lseek = default_llseek, + }; == Test plan == modrobe ubuntu-host stress-ng --procfs 0 -t 60 without the fix we hit the splat. With the fix it's OK. == Where problems could occur == This one liner adds the missing proc_lseek op. It is hard to see where it can cause a regression since it affects the driver no other way. I doubt any code is relying on the current semantics of lseek not working. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1934110/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1934110] Re: ubuntu-host driver lacks lseek ops
This bug is awaiting verification that the kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed- focal' to 'verification-done-focal'. If the problem still exists, change the tag 'verification-needed-focal' to 'verification-failed-focal'. If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you! ** Tags added: verification-needed-focal -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1934110 Title: ubuntu-host driver lacks lseek ops Status in linux package in Ubuntu: In Progress Status in linux source package in Groovy: Fix Committed Status in linux source package in Hirsute: Fix Committed Bug description: [ SRU Justification ][GROOVY][HIRSUTE][IMPISH] == Impact == The ubuntu-host driver lacks procfs lseek ops and lseeking on the procfs esm-token file will jump to a NULL address causing the following splat: 942.470568] BUG: kernel NULL pointer dereference, address: [ 942.471157] #PF: supervisor instruction fetch in kernel mode [ 942.471724] #PF: error_code(0x0010) - not-present page [ 942.472297] PGD 0 P4D 0 [ 942.472867] Oops: 0010 [#1] SMP PTI [ 942.473435] CPU: 2 PID: 5661 Comm: stress-ng Not tainted 5.13.0-9-generic #9 [ 942.474012] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 0.0.0 02/06/2015 [ 942.474599] RIP: 0010:0x0 [ 942.475194] Code: Unable to access opcode bytes at RIP 0xffd6. [ 942.475792] RSP: 0018:aacf80ff7eb8 EFLAGS: 00010246 [ 942.476383] RAX: RBX: 9eaa8a175240 RCX: 0001 [ 942.476986] RDX: RSI: RDI: 9eaa838d5800 [ 942.477600] RBP: aacf80ff7ed0 R08: 4000 R09: 0004 [ 942.478203] R10: 0002 R11: R12: [ 942.478800] R13: R14: ffea R15: 9eaa838d5800 [ 942.479399] FS: 7f998d487f00() GS:9eaaffc8() knlGS: [ 942.480006] CS: 0010 DS: ES: CR0: 80050033 [ 942.480607] CR2: ffd6 CR3: 00010a774002 CR4: 00370ee0 [ 942.481219] DR0: DR1: DR2: [ 942.481855] DR3: DR6: fffe0ff0 DR7: 0400 [ 942.482458] Call Trace: [ 942.483052] proc_reg_llseek+0x4e/0x80 [ 942.483646] ? __fdget_pos+0x43/0x50 [ 942.484234] ksys_lseek+0x84/0xc0 [ 942.484815] __x64_sys_lseek+0x1a/0x20 [ 942.485412] do_syscall_64+0x61/0xb0 [ 942.485966] ? asm_exc_page_fault+0x8/0x30 [ 942.486476] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 942.486994] RIP: 0033:0x7f998d5c1cdb [ 942.487512] Code: ff ff c3 0f 1f 40 00 48 8b 15 89 81 0d 00 f7 d8 64 89 02 48 c7 c0 ff ff ff ff eb ba 0f 1f 00 f3 0f 1e fa b8 08 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 05 c3 0f 1f 40 00 48 8b 15 59 81 0d 00 f7 d8 [ 942.488593] RSP: 002b:7ffdf61c5328 EFLAGS: 0246 ORIG_RAX: 0008 [ 942.489148] RAX: ffda RBX: RCX: 7f998d5c1cdb [ 942.489710] RDX: RSI: RDI: 0004 [ 942.490252] RBP: 0004 R08: 01785e4740dd R09: 562dbebb9e50 [ 942.490801] R10: 7ffdf61c5300 R11: 0246 R12: 7ffdf61c63f0 [ 942.491354] R13: 7ffdf61c53f0 R14: 0003 R15: 01e9 == Fix == Add the default_llseek ops: diff --git a/ubuntu/ubuntu-host/ubuntu-host.c b/ubuntu/ubuntu-host/ubuntu-host.c index 1abd402..a4c0636 100644 --- a/ubuntu/ubuntu-host/ubuntu-host.c +++ b/ubuntu/ubuntu-host/ubuntu-host.c @@ -38,6 +38,8 @@ static ssize_t esm_token_write(struct file *f, const char __user *buf, static const struct proc_ops esm_token_fops = { .proc_read = esm_token_read, .proc_write = esm_token_write, + .proc_lseek = default_llseek, + }; == Test plan == modrobe ubuntu-host stress-ng --procfs 0 -t 60 without the fix we hit the splat. With the fix it's OK. == Where problems could occur == This one liner adds the missing proc_lseek op. It is hard to see where it can cause a regression since it affects the driver no other way. I doubt any code is relying on the current semantics of lseek not working. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1934110/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe :
[Kernel-packages] [Bug 1934110] Re: ubuntu-host driver lacks lseek ops
This bug is awaiting verification that the kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed- hirsute' to 'verification-done-hirsute'. If the problem still exists, change the tag 'verification-needed-hirsute' to 'verification-failed- hirsute'. If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you! ** Tags added: verification-needed-hirsute -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1934110 Title: ubuntu-host driver lacks lseek ops Status in linux package in Ubuntu: In Progress Status in linux source package in Groovy: Fix Committed Status in linux source package in Hirsute: Fix Committed Bug description: [ SRU Justification ][GROOVY][HIRSUTE][IMPISH] == Impact == The ubuntu-host driver lacks procfs lseek ops and lseeking on the procfs esm-token file will jump to a NULL address causing the following splat: 942.470568] BUG: kernel NULL pointer dereference, address: [ 942.471157] #PF: supervisor instruction fetch in kernel mode [ 942.471724] #PF: error_code(0x0010) - not-present page [ 942.472297] PGD 0 P4D 0 [ 942.472867] Oops: 0010 [#1] SMP PTI [ 942.473435] CPU: 2 PID: 5661 Comm: stress-ng Not tainted 5.13.0-9-generic #9 [ 942.474012] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 0.0.0 02/06/2015 [ 942.474599] RIP: 0010:0x0 [ 942.475194] Code: Unable to access opcode bytes at RIP 0xffd6. [ 942.475792] RSP: 0018:aacf80ff7eb8 EFLAGS: 00010246 [ 942.476383] RAX: RBX: 9eaa8a175240 RCX: 0001 [ 942.476986] RDX: RSI: RDI: 9eaa838d5800 [ 942.477600] RBP: aacf80ff7ed0 R08: 4000 R09: 0004 [ 942.478203] R10: 0002 R11: R12: [ 942.478800] R13: R14: ffea R15: 9eaa838d5800 [ 942.479399] FS: 7f998d487f00() GS:9eaaffc8() knlGS: [ 942.480006] CS: 0010 DS: ES: CR0: 80050033 [ 942.480607] CR2: ffd6 CR3: 00010a774002 CR4: 00370ee0 [ 942.481219] DR0: DR1: DR2: [ 942.481855] DR3: DR6: fffe0ff0 DR7: 0400 [ 942.482458] Call Trace: [ 942.483052] proc_reg_llseek+0x4e/0x80 [ 942.483646] ? __fdget_pos+0x43/0x50 [ 942.484234] ksys_lseek+0x84/0xc0 [ 942.484815] __x64_sys_lseek+0x1a/0x20 [ 942.485412] do_syscall_64+0x61/0xb0 [ 942.485966] ? asm_exc_page_fault+0x8/0x30 [ 942.486476] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 942.486994] RIP: 0033:0x7f998d5c1cdb [ 942.487512] Code: ff ff c3 0f 1f 40 00 48 8b 15 89 81 0d 00 f7 d8 64 89 02 48 c7 c0 ff ff ff ff eb ba 0f 1f 00 f3 0f 1e fa b8 08 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 05 c3 0f 1f 40 00 48 8b 15 59 81 0d 00 f7 d8 [ 942.488593] RSP: 002b:7ffdf61c5328 EFLAGS: 0246 ORIG_RAX: 0008 [ 942.489148] RAX: ffda RBX: RCX: 7f998d5c1cdb [ 942.489710] RDX: RSI: RDI: 0004 [ 942.490252] RBP: 0004 R08: 01785e4740dd R09: 562dbebb9e50 [ 942.490801] R10: 7ffdf61c5300 R11: 0246 R12: 7ffdf61c63f0 [ 942.491354] R13: 7ffdf61c53f0 R14: 0003 R15: 01e9 == Fix == Add the default_llseek ops: diff --git a/ubuntu/ubuntu-host/ubuntu-host.c b/ubuntu/ubuntu-host/ubuntu-host.c index 1abd402..a4c0636 100644 --- a/ubuntu/ubuntu-host/ubuntu-host.c +++ b/ubuntu/ubuntu-host/ubuntu-host.c @@ -38,6 +38,8 @@ static ssize_t esm_token_write(struct file *f, const char __user *buf, static const struct proc_ops esm_token_fops = { .proc_read = esm_token_read, .proc_write = esm_token_write, + .proc_lseek = default_llseek, + }; == Test plan == modrobe ubuntu-host stress-ng --procfs 0 -t 60 without the fix we hit the splat. With the fix it's OK. == Where problems could occur == This one liner adds the missing proc_lseek op. It is hard to see where it can cause a regression since it affects the driver no other way. I doubt any code is relying on the current semantics of lseek not working. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1934110/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe :
[Kernel-packages] [Bug 1934110] Re: ubuntu-host driver lacks lseek ops
** Changed in: linux (Ubuntu Groovy) Status: In Progress => Fix Committed ** Changed in: linux (Ubuntu Hirsute) Status: In Progress => Fix Committed -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1934110 Title: ubuntu-host driver lacks lseek ops Status in linux package in Ubuntu: In Progress Status in linux source package in Groovy: Fix Committed Status in linux source package in Hirsute: Fix Committed Bug description: [ SRU Justification ][GROOVY][HIRSUTE][IMPISH] == Impact == The ubuntu-host driver lacks procfs lseek ops and lseeking on the procfs esm-token file will jump to a NULL address causing the following splat: 942.470568] BUG: kernel NULL pointer dereference, address: [ 942.471157] #PF: supervisor instruction fetch in kernel mode [ 942.471724] #PF: error_code(0x0010) - not-present page [ 942.472297] PGD 0 P4D 0 [ 942.472867] Oops: 0010 [#1] SMP PTI [ 942.473435] CPU: 2 PID: 5661 Comm: stress-ng Not tainted 5.13.0-9-generic #9 [ 942.474012] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 0.0.0 02/06/2015 [ 942.474599] RIP: 0010:0x0 [ 942.475194] Code: Unable to access opcode bytes at RIP 0xffd6. [ 942.475792] RSP: 0018:aacf80ff7eb8 EFLAGS: 00010246 [ 942.476383] RAX: RBX: 9eaa8a175240 RCX: 0001 [ 942.476986] RDX: RSI: RDI: 9eaa838d5800 [ 942.477600] RBP: aacf80ff7ed0 R08: 4000 R09: 0004 [ 942.478203] R10: 0002 R11: R12: [ 942.478800] R13: R14: ffea R15: 9eaa838d5800 [ 942.479399] FS: 7f998d487f00() GS:9eaaffc8() knlGS: [ 942.480006] CS: 0010 DS: ES: CR0: 80050033 [ 942.480607] CR2: ffd6 CR3: 00010a774002 CR4: 00370ee0 [ 942.481219] DR0: DR1: DR2: [ 942.481855] DR3: DR6: fffe0ff0 DR7: 0400 [ 942.482458] Call Trace: [ 942.483052] proc_reg_llseek+0x4e/0x80 [ 942.483646] ? __fdget_pos+0x43/0x50 [ 942.484234] ksys_lseek+0x84/0xc0 [ 942.484815] __x64_sys_lseek+0x1a/0x20 [ 942.485412] do_syscall_64+0x61/0xb0 [ 942.485966] ? asm_exc_page_fault+0x8/0x30 [ 942.486476] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 942.486994] RIP: 0033:0x7f998d5c1cdb [ 942.487512] Code: ff ff c3 0f 1f 40 00 48 8b 15 89 81 0d 00 f7 d8 64 89 02 48 c7 c0 ff ff ff ff eb ba 0f 1f 00 f3 0f 1e fa b8 08 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 05 c3 0f 1f 40 00 48 8b 15 59 81 0d 00 f7 d8 [ 942.488593] RSP: 002b:7ffdf61c5328 EFLAGS: 0246 ORIG_RAX: 0008 [ 942.489148] RAX: ffda RBX: RCX: 7f998d5c1cdb [ 942.489710] RDX: RSI: RDI: 0004 [ 942.490252] RBP: 0004 R08: 01785e4740dd R09: 562dbebb9e50 [ 942.490801] R10: 7ffdf61c5300 R11: 0246 R12: 7ffdf61c63f0 [ 942.491354] R13: 7ffdf61c53f0 R14: 0003 R15: 01e9 == Fix == Add the default_llseek ops: diff --git a/ubuntu/ubuntu-host/ubuntu-host.c b/ubuntu/ubuntu-host/ubuntu-host.c index 1abd402..a4c0636 100644 --- a/ubuntu/ubuntu-host/ubuntu-host.c +++ b/ubuntu/ubuntu-host/ubuntu-host.c @@ -38,6 +38,8 @@ static ssize_t esm_token_write(struct file *f, const char __user *buf, static const struct proc_ops esm_token_fops = { .proc_read = esm_token_read, .proc_write = esm_token_write, + .proc_lseek = default_llseek, + }; == Test plan == modrobe ubuntu-host stress-ng --procfs 0 -t 60 without the fix we hit the splat. With the fix it's OK. == Where problems could occur == This one liner adds the missing proc_lseek op. It is hard to see where it can cause a regression since it affects the driver no other way. I doubt any code is relying on the current semantics of lseek not working. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1934110/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1934110] Re: ubuntu-host driver lacks lseek ops
** Also affects: linux (Ubuntu Hirsute) Importance: Undecided Status: New ** Also affects: linux (Ubuntu Groovy) Importance: Undecided Status: New ** Changed in: linux (Ubuntu Groovy) Importance: Undecided => High ** Changed in: linux (Ubuntu Groovy) Status: New => In Progress ** Changed in: linux (Ubuntu Hirsute) Importance: Undecided => High ** Changed in: linux (Ubuntu Hirsute) Status: New => In Progress -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1934110 Title: ubuntu-host driver lacks lseek ops Status in linux package in Ubuntu: In Progress Status in linux source package in Groovy: In Progress Status in linux source package in Hirsute: In Progress Bug description: [ SRU Justification ][GROOVY][HIRSUTE][IMPISH] == Impact == The ubuntu-host driver lacks procfs lseek ops and lseeking on the procfs esm-token file will jump to a NULL address causing the following splat: 942.470568] BUG: kernel NULL pointer dereference, address: [ 942.471157] #PF: supervisor instruction fetch in kernel mode [ 942.471724] #PF: error_code(0x0010) - not-present page [ 942.472297] PGD 0 P4D 0 [ 942.472867] Oops: 0010 [#1] SMP PTI [ 942.473435] CPU: 2 PID: 5661 Comm: stress-ng Not tainted 5.13.0-9-generic #9 [ 942.474012] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 0.0.0 02/06/2015 [ 942.474599] RIP: 0010:0x0 [ 942.475194] Code: Unable to access opcode bytes at RIP 0xffd6. [ 942.475792] RSP: 0018:aacf80ff7eb8 EFLAGS: 00010246 [ 942.476383] RAX: RBX: 9eaa8a175240 RCX: 0001 [ 942.476986] RDX: RSI: RDI: 9eaa838d5800 [ 942.477600] RBP: aacf80ff7ed0 R08: 4000 R09: 0004 [ 942.478203] R10: 0002 R11: R12: [ 942.478800] R13: R14: ffea R15: 9eaa838d5800 [ 942.479399] FS: 7f998d487f00() GS:9eaaffc8() knlGS: [ 942.480006] CS: 0010 DS: ES: CR0: 80050033 [ 942.480607] CR2: ffd6 CR3: 00010a774002 CR4: 00370ee0 [ 942.481219] DR0: DR1: DR2: [ 942.481855] DR3: DR6: fffe0ff0 DR7: 0400 [ 942.482458] Call Trace: [ 942.483052] proc_reg_llseek+0x4e/0x80 [ 942.483646] ? __fdget_pos+0x43/0x50 [ 942.484234] ksys_lseek+0x84/0xc0 [ 942.484815] __x64_sys_lseek+0x1a/0x20 [ 942.485412] do_syscall_64+0x61/0xb0 [ 942.485966] ? asm_exc_page_fault+0x8/0x30 [ 942.486476] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 942.486994] RIP: 0033:0x7f998d5c1cdb [ 942.487512] Code: ff ff c3 0f 1f 40 00 48 8b 15 89 81 0d 00 f7 d8 64 89 02 48 c7 c0 ff ff ff ff eb ba 0f 1f 00 f3 0f 1e fa b8 08 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 05 c3 0f 1f 40 00 48 8b 15 59 81 0d 00 f7 d8 [ 942.488593] RSP: 002b:7ffdf61c5328 EFLAGS: 0246 ORIG_RAX: 0008 [ 942.489148] RAX: ffda RBX: RCX: 7f998d5c1cdb [ 942.489710] RDX: RSI: RDI: 0004 [ 942.490252] RBP: 0004 R08: 01785e4740dd R09: 562dbebb9e50 [ 942.490801] R10: 7ffdf61c5300 R11: 0246 R12: 7ffdf61c63f0 [ 942.491354] R13: 7ffdf61c53f0 R14: 0003 R15: 01e9 == Fix == Add the default_llseek ops: diff --git a/ubuntu/ubuntu-host/ubuntu-host.c b/ubuntu/ubuntu-host/ubuntu-host.c index 1abd402..a4c0636 100644 --- a/ubuntu/ubuntu-host/ubuntu-host.c +++ b/ubuntu/ubuntu-host/ubuntu-host.c @@ -38,6 +38,8 @@ static ssize_t esm_token_write(struct file *f, const char __user *buf, static const struct proc_ops esm_token_fops = { .proc_read = esm_token_read, .proc_write = esm_token_write, + .proc_lseek = default_llseek, + }; == Test plan == modrobe ubuntu-host stress-ng --procfs 0 -t 60 without the fix we hit the splat. With the fix it's OK. == Where problems could occur == This one liner adds the missing proc_lseek op. It is hard to see where it can cause a regression since it affects the driver no other way. I doubt any code is relying on the current semantics of lseek not working. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1934110/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp