[Kernel-packages] [Bug 1934110] Re: ubuntu-host driver lacks lseek ops
This is a Hirsute/5.11 change which already got released. The
verification request seems to be triggered somehow by the hwe-5.11
kernel. This seems wrong.
** Tags removed: verification-needed-focal
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1934110
Title:
ubuntu-host driver lacks lseek ops
Status in linux package in Ubuntu:
Fix Released
Status in linux source package in Groovy:
Won't Fix
Status in linux source package in Hirsute:
Fix Released
Bug description:
[ SRU Justification ][GROOVY][HIRSUTE][IMPISH]
== Impact ==
The ubuntu-host driver lacks procfs lseek ops and lseeking on the
procfs esm-token file will jump to a NULL address causing the
following splat:
942.470568] BUG: kernel NULL pointer dereference, address:
[ 942.471157] #PF: supervisor instruction fetch in kernel mode
[ 942.471724] #PF: error_code(0x0010) - not-present page
[ 942.472297] PGD 0 P4D 0
[ 942.472867] Oops: 0010 [#1] SMP PTI
[ 942.473435] CPU: 2 PID: 5661 Comm: stress-ng Not tainted 5.13.0-9-generic
#9
[ 942.474012] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 0.0.0
02/06/2015
[ 942.474599] RIP: 0010:0x0
[ 942.475194] Code: Unable to access opcode bytes at RIP 0xffd6.
[ 942.475792] RSP: 0018:aacf80ff7eb8 EFLAGS: 00010246
[ 942.476383] RAX: RBX: 9eaa8a175240 RCX:
0001
[ 942.476986] RDX: RSI: RDI:
9eaa838d5800
[ 942.477600] RBP: aacf80ff7ed0 R08: 4000 R09:
0004
[ 942.478203] R10: 0002 R11: R12:
[ 942.478800] R13: R14: ffea R15:
9eaa838d5800
[ 942.479399] FS: 7f998d487f00() GS:9eaaffc8()
knlGS:
[ 942.480006] CS: 0010 DS: ES: CR0: 80050033
[ 942.480607] CR2: ffd6 CR3: 00010a774002 CR4:
00370ee0
[ 942.481219] DR0: DR1: DR2:
[ 942.481855] DR3: DR6: fffe0ff0 DR7:
0400
[ 942.482458] Call Trace:
[ 942.483052] proc_reg_llseek+0x4e/0x80
[ 942.483646] ? __fdget_pos+0x43/0x50
[ 942.484234] ksys_lseek+0x84/0xc0
[ 942.484815] __x64_sys_lseek+0x1a/0x20
[ 942.485412] do_syscall_64+0x61/0xb0
[ 942.485966] ? asm_exc_page_fault+0x8/0x30
[ 942.486476] entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 942.486994] RIP: 0033:0x7f998d5c1cdb
[ 942.487512] Code: ff ff c3 0f 1f 40 00 48 8b 15 89 81 0d 00 f7 d8 64 89 02
48 c7 c0 ff ff ff ff eb ba 0f 1f 00 f3 0f 1e fa b8 08 00 00 00 0f 05 <48> 3d 00
f0 ff ff 77 05 c3 0f 1f 40 00 48 8b 15 59 81 0d 00 f7 d8
[ 942.488593] RSP: 002b:7ffdf61c5328 EFLAGS: 0246 ORIG_RAX:
0008
[ 942.489148] RAX: ffda RBX: RCX:
7f998d5c1cdb
[ 942.489710] RDX: RSI: RDI:
0004
[ 942.490252] RBP: 0004 R08: 01785e4740dd R09:
562dbebb9e50
[ 942.490801] R10: 7ffdf61c5300 R11: 0246 R12:
7ffdf61c63f0
[ 942.491354] R13: 7ffdf61c53f0 R14: 0003 R15:
01e9
== Fix ==
Add the default_llseek ops:
diff --git a/ubuntu/ubuntu-host/ubuntu-host.c
b/ubuntu/ubuntu-host/ubuntu-host.c
index 1abd402..a4c0636 100644
--- a/ubuntu/ubuntu-host/ubuntu-host.c
+++ b/ubuntu/ubuntu-host/ubuntu-host.c
@@ -38,6 +38,8 @@ static ssize_t esm_token_write(struct file *f, const char
__user *buf,
static const struct proc_ops esm_token_fops = {
.proc_read = esm_token_read,
.proc_write = esm_token_write,
+ .proc_lseek = default_llseek,
+
};
== Test plan ==
modrobe ubuntu-host
stress-ng --procfs 0 -t 60
without the fix we hit the splat. With the fix it's OK.
== Where problems could occur ==
This one liner adds the missing proc_lseek op. It is hard to see where
it can cause a regression since it affects the driver no other way. I
doubt any code is relying on the current semantics of lseek not
working.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1934110/+subscriptions
--
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1934110] Re: ubuntu-host driver lacks lseek ops
This bug is awaiting verification that the kernel in -proposed solves
the problem. Please test the kernel and update this bug with the
results. If the problem is solved, change the tag 'verification-needed-
focal' to 'verification-done-focal'. If the problem still exists, change
the tag 'verification-needed-focal' to 'verification-failed-focal'.
If verification is not done by 5 working days from today, this fix will
be dropped from the source code, and this bug will be closed.
See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how
to enable and use -proposed. Thank you!
** Tags added: verification-needed-focal
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1934110
Title:
ubuntu-host driver lacks lseek ops
Status in linux package in Ubuntu:
Fix Released
Status in linux source package in Groovy:
Won't Fix
Status in linux source package in Hirsute:
Fix Released
Bug description:
[ SRU Justification ][GROOVY][HIRSUTE][IMPISH]
== Impact ==
The ubuntu-host driver lacks procfs lseek ops and lseeking on the
procfs esm-token file will jump to a NULL address causing the
following splat:
942.470568] BUG: kernel NULL pointer dereference, address:
[ 942.471157] #PF: supervisor instruction fetch in kernel mode
[ 942.471724] #PF: error_code(0x0010) - not-present page
[ 942.472297] PGD 0 P4D 0
[ 942.472867] Oops: 0010 [#1] SMP PTI
[ 942.473435] CPU: 2 PID: 5661 Comm: stress-ng Not tainted 5.13.0-9-generic
#9
[ 942.474012] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 0.0.0
02/06/2015
[ 942.474599] RIP: 0010:0x0
[ 942.475194] Code: Unable to access opcode bytes at RIP 0xffd6.
[ 942.475792] RSP: 0018:aacf80ff7eb8 EFLAGS: 00010246
[ 942.476383] RAX: RBX: 9eaa8a175240 RCX:
0001
[ 942.476986] RDX: RSI: RDI:
9eaa838d5800
[ 942.477600] RBP: aacf80ff7ed0 R08: 4000 R09:
0004
[ 942.478203] R10: 0002 R11: R12:
[ 942.478800] R13: R14: ffea R15:
9eaa838d5800
[ 942.479399] FS: 7f998d487f00() GS:9eaaffc8()
knlGS:
[ 942.480006] CS: 0010 DS: ES: CR0: 80050033
[ 942.480607] CR2: ffd6 CR3: 00010a774002 CR4:
00370ee0
[ 942.481219] DR0: DR1: DR2:
[ 942.481855] DR3: DR6: fffe0ff0 DR7:
0400
[ 942.482458] Call Trace:
[ 942.483052] proc_reg_llseek+0x4e/0x80
[ 942.483646] ? __fdget_pos+0x43/0x50
[ 942.484234] ksys_lseek+0x84/0xc0
[ 942.484815] __x64_sys_lseek+0x1a/0x20
[ 942.485412] do_syscall_64+0x61/0xb0
[ 942.485966] ? asm_exc_page_fault+0x8/0x30
[ 942.486476] entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 942.486994] RIP: 0033:0x7f998d5c1cdb
[ 942.487512] Code: ff ff c3 0f 1f 40 00 48 8b 15 89 81 0d 00 f7 d8 64 89 02
48 c7 c0 ff ff ff ff eb ba 0f 1f 00 f3 0f 1e fa b8 08 00 00 00 0f 05 <48> 3d 00
f0 ff ff 77 05 c3 0f 1f 40 00 48 8b 15 59 81 0d 00 f7 d8
[ 942.488593] RSP: 002b:7ffdf61c5328 EFLAGS: 0246 ORIG_RAX:
0008
[ 942.489148] RAX: ffda RBX: RCX:
7f998d5c1cdb
[ 942.489710] RDX: RSI: RDI:
0004
[ 942.490252] RBP: 0004 R08: 01785e4740dd R09:
562dbebb9e50
[ 942.490801] R10: 7ffdf61c5300 R11: 0246 R12:
7ffdf61c63f0
[ 942.491354] R13: 7ffdf61c53f0 R14: 0003 R15:
01e9
== Fix ==
Add the default_llseek ops:
diff --git a/ubuntu/ubuntu-host/ubuntu-host.c
b/ubuntu/ubuntu-host/ubuntu-host.c
index 1abd402..a4c0636 100644
--- a/ubuntu/ubuntu-host/ubuntu-host.c
+++ b/ubuntu/ubuntu-host/ubuntu-host.c
@@ -38,6 +38,8 @@ static ssize_t esm_token_write(struct file *f, const char
__user *buf,
static const struct proc_ops esm_token_fops = {
.proc_read = esm_token_read,
.proc_write = esm_token_write,
+ .proc_lseek = default_llseek,
+
};
== Test plan ==
modrobe ubuntu-host
stress-ng --procfs 0 -t 60
without the fix we hit the splat. With the fix it's OK.
== Where problems could occur ==
This one liner adds the missing proc_lseek op. It is hard to see where
it can cause a regression since it affects the driver no other way. I
doubt any code is relying on the current semantics of lseek not
working.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1934110/+subscriptions
--
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe :
[Kernel-packages] [Bug 1934110] Re: ubuntu-host driver lacks lseek ops
This bug was fixed in the package linux - 5.13.0-14.14
---
linux (5.13.0-14.14) impish; urgency=medium
* impish/linux: 5.13.0-14.14 -proposed tracker (LP: #1938565)
* Miscellaneous Ubuntu changes
- SAUCE: Revert "UBUNTU: SAUCE: random: Make getrandom() ready earlier"
- SAUCE: random: properly make getrandom() ready earlier
* Miscellaneous upstream changes
- seq_buf: Fix overflow in seq_buf_putmem_hex()
- bpf: Fix integer overflow in argument calculation for bpf_map_area_alloc
- ext4: cleanup in-core orphan list if ext4_truncate() failed to get a
transaction handle
- ext4: fix kernel infoleak via ext4_extent_header
- ext4: fix overflow in ext4_iomap_alloc()
- ext4: return error code when ext4_fill_flex_info() fails
- ext4: correct the cache_nr in tracepoint ext4_es_shrink_exit
- ext4: remove check for zero nr_to_scan in ext4_es_scan()
- ext4: fix avefreec in find_group_orlov
- ext4: use ext4_grp_locked_error in mb_find_extent
-- Andrea Righi Mon, 02 Aug 2021 14:23:08
+0200
** Changed in: linux (Ubuntu)
Status: In Progress => Fix Released
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1934110
Title:
ubuntu-host driver lacks lseek ops
Status in linux package in Ubuntu:
Fix Released
Status in linux source package in Groovy:
Won't Fix
Status in linux source package in Hirsute:
Fix Released
Bug description:
[ SRU Justification ][GROOVY][HIRSUTE][IMPISH]
== Impact ==
The ubuntu-host driver lacks procfs lseek ops and lseeking on the
procfs esm-token file will jump to a NULL address causing the
following splat:
942.470568] BUG: kernel NULL pointer dereference, address:
[ 942.471157] #PF: supervisor instruction fetch in kernel mode
[ 942.471724] #PF: error_code(0x0010) - not-present page
[ 942.472297] PGD 0 P4D 0
[ 942.472867] Oops: 0010 [#1] SMP PTI
[ 942.473435] CPU: 2 PID: 5661 Comm: stress-ng Not tainted 5.13.0-9-generic
#9
[ 942.474012] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 0.0.0
02/06/2015
[ 942.474599] RIP: 0010:0x0
[ 942.475194] Code: Unable to access opcode bytes at RIP 0xffd6.
[ 942.475792] RSP: 0018:aacf80ff7eb8 EFLAGS: 00010246
[ 942.476383] RAX: RBX: 9eaa8a175240 RCX:
0001
[ 942.476986] RDX: RSI: RDI:
9eaa838d5800
[ 942.477600] RBP: aacf80ff7ed0 R08: 4000 R09:
0004
[ 942.478203] R10: 0002 R11: R12:
[ 942.478800] R13: R14: ffea R15:
9eaa838d5800
[ 942.479399] FS: 7f998d487f00() GS:9eaaffc8()
knlGS:
[ 942.480006] CS: 0010 DS: ES: CR0: 80050033
[ 942.480607] CR2: ffd6 CR3: 00010a774002 CR4:
00370ee0
[ 942.481219] DR0: DR1: DR2:
[ 942.481855] DR3: DR6: fffe0ff0 DR7:
0400
[ 942.482458] Call Trace:
[ 942.483052] proc_reg_llseek+0x4e/0x80
[ 942.483646] ? __fdget_pos+0x43/0x50
[ 942.484234] ksys_lseek+0x84/0xc0
[ 942.484815] __x64_sys_lseek+0x1a/0x20
[ 942.485412] do_syscall_64+0x61/0xb0
[ 942.485966] ? asm_exc_page_fault+0x8/0x30
[ 942.486476] entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 942.486994] RIP: 0033:0x7f998d5c1cdb
[ 942.487512] Code: ff ff c3 0f 1f 40 00 48 8b 15 89 81 0d 00 f7 d8 64 89 02
48 c7 c0 ff ff ff ff eb ba 0f 1f 00 f3 0f 1e fa b8 08 00 00 00 0f 05 <48> 3d 00
f0 ff ff 77 05 c3 0f 1f 40 00 48 8b 15 59 81 0d 00 f7 d8
[ 942.488593] RSP: 002b:7ffdf61c5328 EFLAGS: 0246 ORIG_RAX:
0008
[ 942.489148] RAX: ffda RBX: RCX:
7f998d5c1cdb
[ 942.489710] RDX: RSI: RDI:
0004
[ 942.490252] RBP: 0004 R08: 01785e4740dd R09:
562dbebb9e50
[ 942.490801] R10: 7ffdf61c5300 R11: 0246 R12:
7ffdf61c63f0
[ 942.491354] R13: 7ffdf61c53f0 R14: 0003 R15:
01e9
== Fix ==
Add the default_llseek ops:
diff --git a/ubuntu/ubuntu-host/ubuntu-host.c
b/ubuntu/ubuntu-host/ubuntu-host.c
index 1abd402..a4c0636 100644
--- a/ubuntu/ubuntu-host/ubuntu-host.c
+++ b/ubuntu/ubuntu-host/ubuntu-host.c
@@ -38,6 +38,8 @@ static ssize_t esm_token_write(struct file *f, const char
__user *buf,
static const struct proc_ops esm_token_fops = {
.proc_read = esm_token_read,
.proc_write = esm_token_write,
+ .proc_lseek = default_llseek,
+
};
== Test plan ==
modrobe ubuntu-host
stress-ng --procfs 0 -t 60
without the fix we hit the splat. With the fix it's OK.
== Where problems could
[Kernel-packages] [Bug 1934110] Re: ubuntu-host driver lacks lseek ops
This bug was fixed in the package linux - 5.11.0-31.33 --- linux (5.11.0-31.33) hirsute; urgency=medium * hirsute/linux: 5.11.0-31.33 -proposed tracker (LP: #1939553) * REGRESSION: shiftfs lets sendfile fail with EINVAL (LP: #1939301) - SAUCE: shiftfs: fix sendfile() invocations linux (5.11.0-26.28) hirsute; urgency=medium * Packaging resync (LP: #1786013) - update dkms package versions * large_dir in ext4 broken (LP: #1933074) - SAUCE: ext4: fix directory index node split corruption * Add l2tp.sh in net from ubuntu_kernel_selftests back (LP: #1934293) - Revert "UBUNTU: SAUCE: selftests/net -- disable l2tp.sh test" * icmp_redirect.sh in net from ubuntu_kernel_selftests failed on F-OEM-5.6 / F-OEM-5.10 / F-OEM-5.13 / F / G / H (LP: #1880645) - selftests: icmp_redirect: support expected failures * Mute/mic LEDs no function on some HP platfroms (LP: #1934878) - ALSA: hda/realtek: fix mute/micmute LEDs for HP ProBook 450 G8 - ALSA: hda/realtek: fix mute/micmute LEDs for HP ProBook 445 G8 - ALSA: hda/realtek: fix mute/micmute LEDs for HP ProBook 630 G8 * [SRU][OEM-5.10/H] Fix HDMI output issue on Intel TGL GPU (LP: #1934864) - drm/i915: Fix HAS_LSPCON macro for platforms between GEN9 and GEN10 * mute/micmute LEDs no function on HP EliteBook 830 G8 Notebook PC (LP: #1934239) - ALSA: hda/realtek: fix mute/micmute LEDs for HP EliteBook 830 G8 Notebook PC * ubuntu-host driver lacks lseek ops (LP: #1934110) - ubuntu-host: add generic lseek op * ubuntu_kernel_selftests ftrace fails on arm64 F / aws-5.8 / amd64 F azure-5.8 (LP: #1927749) - selftests/ftrace: fix event-no-pid on 1-core machine * Hirsute update: upstream stable patchset 2021-06-29 (LP: #1934012) - proc: Track /proc/$pid/attr/ opener mm_struct - ASoC: max98088: fix ni clock divider calculation - ASoC: amd: fix for pcm_read() error - spi: Fix spi device unregister flow - spi: spi-zynq-qspi: Fix stack violation bug - bpf: Forbid trampoline attach for functions with variable arguments - net/nfc/rawsock.c: fix a permission check bug - usb: cdns3: Fix runtime PM imbalance on error - ASoC: Intel: bytcr_rt5640: Add quirk for the Glavey TM800A550L tablet - ASoC: Intel: bytcr_rt5640: Add quirk for the Lenovo Miix 3-830 tablet - vfio-ccw: Reset FSM state to IDLE inside FSM - vfio-ccw: Serialize FSM IDLE state with I/O completion - ASoC: sti-sas: add missing MODULE_DEVICE_TABLE - spi: sprd: Add missing MODULE_DEVICE_TABLE - usb: chipidea: udc: assign interrupt number to USB gadget structure - isdn: mISDN: netjet: Fix crash in nj_probe: - bonding: init notify_work earlier to avoid uninitialized use - netlink: disable IRQs for netlink_lock_table() - net: mdiobus: get rid of a BUG_ON() - cgroup: disable controllers at parse time - wq: handle VM suspension in stall detection - net/qla3xxx: fix schedule while atomic in ql_sem_spinlock - RDS tcp loopback connection can hang - net:sfc: fix non-freed irq in legacy irq mode - scsi: bnx2fc: Return failure if io_req is already in ABTS processing - scsi: vmw_pvscsi: Set correct residual data length - scsi: hisi_sas: Drop free_irq() of devm_request_irq() allocated irq - scsi: target: qla2xxx: Wait for stop_phase1 at WWN removal - net: macb: ensure the device is available before accessing GEMGXL control registers - net: appletalk: cops: Fix data race in cops_probe1 - net: dsa: microchip: enable phy errata workaround on 9567 - nvme-fabrics: decode host pathing error for connect - MIPS: Fix kernel hang under FUNCTION_GRAPH_TRACER and PREEMPT_TRACER - dm verity: fix require_signatures module_param permissions - bnx2x: Fix missing error code in bnx2x_iov_init_one() - nvme-tcp: remove incorrect Kconfig dep in BLK_DEV_NVME - nvmet: fix false keep-alive timeout when a controller is torn down - powerpc/fsl: set fsl,i2c-erratum-a004447 flag for P2041 i2c controllers - powerpc/fsl: set fsl,i2c-erratum-a004447 flag for P1010 i2c controllers - spi: Don't have controller clean up spi device before driver unbind - spi: Cleanup on failure of initial setup - i2c: mpc: Make use of i2c_recover_bus() - i2c: mpc: implement erratum A-004447 workaround - ALSA: seq: Fix race of snd_seq_timer_open() - ALSA: firewire-lib: fix the context to call snd_pcm_stop_xrun() - spi: bcm2835: Fix out-of-bounds access with more than 4 slaves - Revert "ACPI: sleep: Put the FACS table after using it" - drm: Fix use-after-free read in drm_getunique() - drm: Lock pointer access in drm_master_release() - perf/x86/intel/uncore: Fix M2M event umask for Ice Lake server - KVM: X86: MMU: Use the correct inherited permissions to get shadow page - kvm: avoid speculation-based attacks from out-of-range memslot accesses - staging: rtl8723bs: Fix
[Kernel-packages] [Bug 1934110] Re: ubuntu-host driver lacks lseek ops
Removing focal tag as this SRU does not apply to focal, it does not have
this driver.
** Tags removed: verification-needed-focal
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1934110
Title:
ubuntu-host driver lacks lseek ops
Status in linux package in Ubuntu:
In Progress
Status in linux source package in Groovy:
Won't Fix
Status in linux source package in Hirsute:
Fix Committed
Bug description:
[ SRU Justification ][GROOVY][HIRSUTE][IMPISH]
== Impact ==
The ubuntu-host driver lacks procfs lseek ops and lseeking on the
procfs esm-token file will jump to a NULL address causing the
following splat:
942.470568] BUG: kernel NULL pointer dereference, address:
[ 942.471157] #PF: supervisor instruction fetch in kernel mode
[ 942.471724] #PF: error_code(0x0010) - not-present page
[ 942.472297] PGD 0 P4D 0
[ 942.472867] Oops: 0010 [#1] SMP PTI
[ 942.473435] CPU: 2 PID: 5661 Comm: stress-ng Not tainted 5.13.0-9-generic
#9
[ 942.474012] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 0.0.0
02/06/2015
[ 942.474599] RIP: 0010:0x0
[ 942.475194] Code: Unable to access opcode bytes at RIP 0xffd6.
[ 942.475792] RSP: 0018:aacf80ff7eb8 EFLAGS: 00010246
[ 942.476383] RAX: RBX: 9eaa8a175240 RCX:
0001
[ 942.476986] RDX: RSI: RDI:
9eaa838d5800
[ 942.477600] RBP: aacf80ff7ed0 R08: 4000 R09:
0004
[ 942.478203] R10: 0002 R11: R12:
[ 942.478800] R13: R14: ffea R15:
9eaa838d5800
[ 942.479399] FS: 7f998d487f00() GS:9eaaffc8()
knlGS:
[ 942.480006] CS: 0010 DS: ES: CR0: 80050033
[ 942.480607] CR2: ffd6 CR3: 00010a774002 CR4:
00370ee0
[ 942.481219] DR0: DR1: DR2:
[ 942.481855] DR3: DR6: fffe0ff0 DR7:
0400
[ 942.482458] Call Trace:
[ 942.483052] proc_reg_llseek+0x4e/0x80
[ 942.483646] ? __fdget_pos+0x43/0x50
[ 942.484234] ksys_lseek+0x84/0xc0
[ 942.484815] __x64_sys_lseek+0x1a/0x20
[ 942.485412] do_syscall_64+0x61/0xb0
[ 942.485966] ? asm_exc_page_fault+0x8/0x30
[ 942.486476] entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 942.486994] RIP: 0033:0x7f998d5c1cdb
[ 942.487512] Code: ff ff c3 0f 1f 40 00 48 8b 15 89 81 0d 00 f7 d8 64 89 02
48 c7 c0 ff ff ff ff eb ba 0f 1f 00 f3 0f 1e fa b8 08 00 00 00 0f 05 <48> 3d 00
f0 ff ff 77 05 c3 0f 1f 40 00 48 8b 15 59 81 0d 00 f7 d8
[ 942.488593] RSP: 002b:7ffdf61c5328 EFLAGS: 0246 ORIG_RAX:
0008
[ 942.489148] RAX: ffda RBX: RCX:
7f998d5c1cdb
[ 942.489710] RDX: RSI: RDI:
0004
[ 942.490252] RBP: 0004 R08: 01785e4740dd R09:
562dbebb9e50
[ 942.490801] R10: 7ffdf61c5300 R11: 0246 R12:
7ffdf61c63f0
[ 942.491354] R13: 7ffdf61c53f0 R14: 0003 R15:
01e9
== Fix ==
Add the default_llseek ops:
diff --git a/ubuntu/ubuntu-host/ubuntu-host.c
b/ubuntu/ubuntu-host/ubuntu-host.c
index 1abd402..a4c0636 100644
--- a/ubuntu/ubuntu-host/ubuntu-host.c
+++ b/ubuntu/ubuntu-host/ubuntu-host.c
@@ -38,6 +38,8 @@ static ssize_t esm_token_write(struct file *f, const char
__user *buf,
static const struct proc_ops esm_token_fops = {
.proc_read = esm_token_read,
.proc_write = esm_token_write,
+ .proc_lseek = default_llseek,
+
};
== Test plan ==
modrobe ubuntu-host
stress-ng --procfs 0 -t 60
without the fix we hit the splat. With the fix it's OK.
== Where problems could occur ==
This one liner adds the missing proc_lseek op. It is hard to see where
it can cause a regression since it affects the driver no other way. I
doubt any code is relying on the current semantics of lseek not
working.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1934110/+subscriptions
--
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1934110] Re: ubuntu-host driver lacks lseek ops
Tested on Hirsute 5.11.0-26-generic, no crash observed, marking as
verified.
** Tags removed: verification-needed-hirsute
** Tags added: verification-done-hirsute
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1934110
Title:
ubuntu-host driver lacks lseek ops
Status in linux package in Ubuntu:
In Progress
Status in linux source package in Groovy:
Won't Fix
Status in linux source package in Hirsute:
Fix Committed
Bug description:
[ SRU Justification ][GROOVY][HIRSUTE][IMPISH]
== Impact ==
The ubuntu-host driver lacks procfs lseek ops and lseeking on the
procfs esm-token file will jump to a NULL address causing the
following splat:
942.470568] BUG: kernel NULL pointer dereference, address:
[ 942.471157] #PF: supervisor instruction fetch in kernel mode
[ 942.471724] #PF: error_code(0x0010) - not-present page
[ 942.472297] PGD 0 P4D 0
[ 942.472867] Oops: 0010 [#1] SMP PTI
[ 942.473435] CPU: 2 PID: 5661 Comm: stress-ng Not tainted 5.13.0-9-generic
#9
[ 942.474012] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 0.0.0
02/06/2015
[ 942.474599] RIP: 0010:0x0
[ 942.475194] Code: Unable to access opcode bytes at RIP 0xffd6.
[ 942.475792] RSP: 0018:aacf80ff7eb8 EFLAGS: 00010246
[ 942.476383] RAX: RBX: 9eaa8a175240 RCX:
0001
[ 942.476986] RDX: RSI: RDI:
9eaa838d5800
[ 942.477600] RBP: aacf80ff7ed0 R08: 4000 R09:
0004
[ 942.478203] R10: 0002 R11: R12:
[ 942.478800] R13: R14: ffea R15:
9eaa838d5800
[ 942.479399] FS: 7f998d487f00() GS:9eaaffc8()
knlGS:
[ 942.480006] CS: 0010 DS: ES: CR0: 80050033
[ 942.480607] CR2: ffd6 CR3: 00010a774002 CR4:
00370ee0
[ 942.481219] DR0: DR1: DR2:
[ 942.481855] DR3: DR6: fffe0ff0 DR7:
0400
[ 942.482458] Call Trace:
[ 942.483052] proc_reg_llseek+0x4e/0x80
[ 942.483646] ? __fdget_pos+0x43/0x50
[ 942.484234] ksys_lseek+0x84/0xc0
[ 942.484815] __x64_sys_lseek+0x1a/0x20
[ 942.485412] do_syscall_64+0x61/0xb0
[ 942.485966] ? asm_exc_page_fault+0x8/0x30
[ 942.486476] entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 942.486994] RIP: 0033:0x7f998d5c1cdb
[ 942.487512] Code: ff ff c3 0f 1f 40 00 48 8b 15 89 81 0d 00 f7 d8 64 89 02
48 c7 c0 ff ff ff ff eb ba 0f 1f 00 f3 0f 1e fa b8 08 00 00 00 0f 05 <48> 3d 00
f0 ff ff 77 05 c3 0f 1f 40 00 48 8b 15 59 81 0d 00 f7 d8
[ 942.488593] RSP: 002b:7ffdf61c5328 EFLAGS: 0246 ORIG_RAX:
0008
[ 942.489148] RAX: ffda RBX: RCX:
7f998d5c1cdb
[ 942.489710] RDX: RSI: RDI:
0004
[ 942.490252] RBP: 0004 R08: 01785e4740dd R09:
562dbebb9e50
[ 942.490801] R10: 7ffdf61c5300 R11: 0246 R12:
7ffdf61c63f0
[ 942.491354] R13: 7ffdf61c53f0 R14: 0003 R15:
01e9
== Fix ==
Add the default_llseek ops:
diff --git a/ubuntu/ubuntu-host/ubuntu-host.c
b/ubuntu/ubuntu-host/ubuntu-host.c
index 1abd402..a4c0636 100644
--- a/ubuntu/ubuntu-host/ubuntu-host.c
+++ b/ubuntu/ubuntu-host/ubuntu-host.c
@@ -38,6 +38,8 @@ static ssize_t esm_token_write(struct file *f, const char
__user *buf,
static const struct proc_ops esm_token_fops = {
.proc_read = esm_token_read,
.proc_write = esm_token_write,
+ .proc_lseek = default_llseek,
+
};
== Test plan ==
modrobe ubuntu-host
stress-ng --procfs 0 -t 60
without the fix we hit the splat. With the fix it's OK.
== Where problems could occur ==
This one liner adds the missing proc_lseek op. It is hard to see where
it can cause a regression since it affects the driver no other way. I
doubt any code is relying on the current semantics of lseek not
working.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1934110/+subscriptions
--
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1934110] Re: ubuntu-host driver lacks lseek ops
The Groovy Gorilla has reached end of life, so this bug will not be
fixed for that release
** Changed in: linux (Ubuntu Groovy)
Status: Fix Committed => Won't Fix
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1934110
Title:
ubuntu-host driver lacks lseek ops
Status in linux package in Ubuntu:
In Progress
Status in linux source package in Groovy:
Won't Fix
Status in linux source package in Hirsute:
Fix Committed
Bug description:
[ SRU Justification ][GROOVY][HIRSUTE][IMPISH]
== Impact ==
The ubuntu-host driver lacks procfs lseek ops and lseeking on the
procfs esm-token file will jump to a NULL address causing the
following splat:
942.470568] BUG: kernel NULL pointer dereference, address:
[ 942.471157] #PF: supervisor instruction fetch in kernel mode
[ 942.471724] #PF: error_code(0x0010) - not-present page
[ 942.472297] PGD 0 P4D 0
[ 942.472867] Oops: 0010 [#1] SMP PTI
[ 942.473435] CPU: 2 PID: 5661 Comm: stress-ng Not tainted 5.13.0-9-generic
#9
[ 942.474012] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 0.0.0
02/06/2015
[ 942.474599] RIP: 0010:0x0
[ 942.475194] Code: Unable to access opcode bytes at RIP 0xffd6.
[ 942.475792] RSP: 0018:aacf80ff7eb8 EFLAGS: 00010246
[ 942.476383] RAX: RBX: 9eaa8a175240 RCX:
0001
[ 942.476986] RDX: RSI: RDI:
9eaa838d5800
[ 942.477600] RBP: aacf80ff7ed0 R08: 4000 R09:
0004
[ 942.478203] R10: 0002 R11: R12:
[ 942.478800] R13: R14: ffea R15:
9eaa838d5800
[ 942.479399] FS: 7f998d487f00() GS:9eaaffc8()
knlGS:
[ 942.480006] CS: 0010 DS: ES: CR0: 80050033
[ 942.480607] CR2: ffd6 CR3: 00010a774002 CR4:
00370ee0
[ 942.481219] DR0: DR1: DR2:
[ 942.481855] DR3: DR6: fffe0ff0 DR7:
0400
[ 942.482458] Call Trace:
[ 942.483052] proc_reg_llseek+0x4e/0x80
[ 942.483646] ? __fdget_pos+0x43/0x50
[ 942.484234] ksys_lseek+0x84/0xc0
[ 942.484815] __x64_sys_lseek+0x1a/0x20
[ 942.485412] do_syscall_64+0x61/0xb0
[ 942.485966] ? asm_exc_page_fault+0x8/0x30
[ 942.486476] entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 942.486994] RIP: 0033:0x7f998d5c1cdb
[ 942.487512] Code: ff ff c3 0f 1f 40 00 48 8b 15 89 81 0d 00 f7 d8 64 89 02
48 c7 c0 ff ff ff ff eb ba 0f 1f 00 f3 0f 1e fa b8 08 00 00 00 0f 05 <48> 3d 00
f0 ff ff 77 05 c3 0f 1f 40 00 48 8b 15 59 81 0d 00 f7 d8
[ 942.488593] RSP: 002b:7ffdf61c5328 EFLAGS: 0246 ORIG_RAX:
0008
[ 942.489148] RAX: ffda RBX: RCX:
7f998d5c1cdb
[ 942.489710] RDX: RSI: RDI:
0004
[ 942.490252] RBP: 0004 R08: 01785e4740dd R09:
562dbebb9e50
[ 942.490801] R10: 7ffdf61c5300 R11: 0246 R12:
7ffdf61c63f0
[ 942.491354] R13: 7ffdf61c53f0 R14: 0003 R15:
01e9
== Fix ==
Add the default_llseek ops:
diff --git a/ubuntu/ubuntu-host/ubuntu-host.c
b/ubuntu/ubuntu-host/ubuntu-host.c
index 1abd402..a4c0636 100644
--- a/ubuntu/ubuntu-host/ubuntu-host.c
+++ b/ubuntu/ubuntu-host/ubuntu-host.c
@@ -38,6 +38,8 @@ static ssize_t esm_token_write(struct file *f, const char
__user *buf,
static const struct proc_ops esm_token_fops = {
.proc_read = esm_token_read,
.proc_write = esm_token_write,
+ .proc_lseek = default_llseek,
+
};
== Test plan ==
modrobe ubuntu-host
stress-ng --procfs 0 -t 60
without the fix we hit the splat. With the fix it's OK.
== Where problems could occur ==
This one liner adds the missing proc_lseek op. It is hard to see where
it can cause a regression since it affects the driver no other way. I
doubt any code is relying on the current semantics of lseek not
working.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1934110/+subscriptions
--
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1934110] Re: ubuntu-host driver lacks lseek ops
This bug is awaiting verification that the kernel in -proposed solves
the problem. Please test the kernel and update this bug with the
results. If the problem is solved, change the tag 'verification-needed-
focal' to 'verification-done-focal'. If the problem still exists, change
the tag 'verification-needed-focal' to 'verification-failed-focal'.
If verification is not done by 5 working days from today, this fix will
be dropped from the source code, and this bug will be closed.
See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how
to enable and use -proposed. Thank you!
** Tags added: verification-needed-focal
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1934110
Title:
ubuntu-host driver lacks lseek ops
Status in linux package in Ubuntu:
In Progress
Status in linux source package in Groovy:
Fix Committed
Status in linux source package in Hirsute:
Fix Committed
Bug description:
[ SRU Justification ][GROOVY][HIRSUTE][IMPISH]
== Impact ==
The ubuntu-host driver lacks procfs lseek ops and lseeking on the
procfs esm-token file will jump to a NULL address causing the
following splat:
942.470568] BUG: kernel NULL pointer dereference, address:
[ 942.471157] #PF: supervisor instruction fetch in kernel mode
[ 942.471724] #PF: error_code(0x0010) - not-present page
[ 942.472297] PGD 0 P4D 0
[ 942.472867] Oops: 0010 [#1] SMP PTI
[ 942.473435] CPU: 2 PID: 5661 Comm: stress-ng Not tainted 5.13.0-9-generic
#9
[ 942.474012] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 0.0.0
02/06/2015
[ 942.474599] RIP: 0010:0x0
[ 942.475194] Code: Unable to access opcode bytes at RIP 0xffd6.
[ 942.475792] RSP: 0018:aacf80ff7eb8 EFLAGS: 00010246
[ 942.476383] RAX: RBX: 9eaa8a175240 RCX:
0001
[ 942.476986] RDX: RSI: RDI:
9eaa838d5800
[ 942.477600] RBP: aacf80ff7ed0 R08: 4000 R09:
0004
[ 942.478203] R10: 0002 R11: R12:
[ 942.478800] R13: R14: ffea R15:
9eaa838d5800
[ 942.479399] FS: 7f998d487f00() GS:9eaaffc8()
knlGS:
[ 942.480006] CS: 0010 DS: ES: CR0: 80050033
[ 942.480607] CR2: ffd6 CR3: 00010a774002 CR4:
00370ee0
[ 942.481219] DR0: DR1: DR2:
[ 942.481855] DR3: DR6: fffe0ff0 DR7:
0400
[ 942.482458] Call Trace:
[ 942.483052] proc_reg_llseek+0x4e/0x80
[ 942.483646] ? __fdget_pos+0x43/0x50
[ 942.484234] ksys_lseek+0x84/0xc0
[ 942.484815] __x64_sys_lseek+0x1a/0x20
[ 942.485412] do_syscall_64+0x61/0xb0
[ 942.485966] ? asm_exc_page_fault+0x8/0x30
[ 942.486476] entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 942.486994] RIP: 0033:0x7f998d5c1cdb
[ 942.487512] Code: ff ff c3 0f 1f 40 00 48 8b 15 89 81 0d 00 f7 d8 64 89 02
48 c7 c0 ff ff ff ff eb ba 0f 1f 00 f3 0f 1e fa b8 08 00 00 00 0f 05 <48> 3d 00
f0 ff ff 77 05 c3 0f 1f 40 00 48 8b 15 59 81 0d 00 f7 d8
[ 942.488593] RSP: 002b:7ffdf61c5328 EFLAGS: 0246 ORIG_RAX:
0008
[ 942.489148] RAX: ffda RBX: RCX:
7f998d5c1cdb
[ 942.489710] RDX: RSI: RDI:
0004
[ 942.490252] RBP: 0004 R08: 01785e4740dd R09:
562dbebb9e50
[ 942.490801] R10: 7ffdf61c5300 R11: 0246 R12:
7ffdf61c63f0
[ 942.491354] R13: 7ffdf61c53f0 R14: 0003 R15:
01e9
== Fix ==
Add the default_llseek ops:
diff --git a/ubuntu/ubuntu-host/ubuntu-host.c
b/ubuntu/ubuntu-host/ubuntu-host.c
index 1abd402..a4c0636 100644
--- a/ubuntu/ubuntu-host/ubuntu-host.c
+++ b/ubuntu/ubuntu-host/ubuntu-host.c
@@ -38,6 +38,8 @@ static ssize_t esm_token_write(struct file *f, const char
__user *buf,
static const struct proc_ops esm_token_fops = {
.proc_read = esm_token_read,
.proc_write = esm_token_write,
+ .proc_lseek = default_llseek,
+
};
== Test plan ==
modrobe ubuntu-host
stress-ng --procfs 0 -t 60
without the fix we hit the splat. With the fix it's OK.
== Where problems could occur ==
This one liner adds the missing proc_lseek op. It is hard to see where
it can cause a regression since it affects the driver no other way. I
doubt any code is relying on the current semantics of lseek not
working.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1934110/+subscriptions
--
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe :
[Kernel-packages] [Bug 1934110] Re: ubuntu-host driver lacks lseek ops
This bug is awaiting verification that the kernel in -proposed solves
the problem. Please test the kernel and update this bug with the
results. If the problem is solved, change the tag 'verification-needed-
hirsute' to 'verification-done-hirsute'. If the problem still exists,
change the tag 'verification-needed-hirsute' to 'verification-failed-
hirsute'.
If verification is not done by 5 working days from today, this fix will
be dropped from the source code, and this bug will be closed.
See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how
to enable and use -proposed. Thank you!
** Tags added: verification-needed-hirsute
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1934110
Title:
ubuntu-host driver lacks lseek ops
Status in linux package in Ubuntu:
In Progress
Status in linux source package in Groovy:
Fix Committed
Status in linux source package in Hirsute:
Fix Committed
Bug description:
[ SRU Justification ][GROOVY][HIRSUTE][IMPISH]
== Impact ==
The ubuntu-host driver lacks procfs lseek ops and lseeking on the
procfs esm-token file will jump to a NULL address causing the
following splat:
942.470568] BUG: kernel NULL pointer dereference, address:
[ 942.471157] #PF: supervisor instruction fetch in kernel mode
[ 942.471724] #PF: error_code(0x0010) - not-present page
[ 942.472297] PGD 0 P4D 0
[ 942.472867] Oops: 0010 [#1] SMP PTI
[ 942.473435] CPU: 2 PID: 5661 Comm: stress-ng Not tainted 5.13.0-9-generic
#9
[ 942.474012] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 0.0.0
02/06/2015
[ 942.474599] RIP: 0010:0x0
[ 942.475194] Code: Unable to access opcode bytes at RIP 0xffd6.
[ 942.475792] RSP: 0018:aacf80ff7eb8 EFLAGS: 00010246
[ 942.476383] RAX: RBX: 9eaa8a175240 RCX:
0001
[ 942.476986] RDX: RSI: RDI:
9eaa838d5800
[ 942.477600] RBP: aacf80ff7ed0 R08: 4000 R09:
0004
[ 942.478203] R10: 0002 R11: R12:
[ 942.478800] R13: R14: ffea R15:
9eaa838d5800
[ 942.479399] FS: 7f998d487f00() GS:9eaaffc8()
knlGS:
[ 942.480006] CS: 0010 DS: ES: CR0: 80050033
[ 942.480607] CR2: ffd6 CR3: 00010a774002 CR4:
00370ee0
[ 942.481219] DR0: DR1: DR2:
[ 942.481855] DR3: DR6: fffe0ff0 DR7:
0400
[ 942.482458] Call Trace:
[ 942.483052] proc_reg_llseek+0x4e/0x80
[ 942.483646] ? __fdget_pos+0x43/0x50
[ 942.484234] ksys_lseek+0x84/0xc0
[ 942.484815] __x64_sys_lseek+0x1a/0x20
[ 942.485412] do_syscall_64+0x61/0xb0
[ 942.485966] ? asm_exc_page_fault+0x8/0x30
[ 942.486476] entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 942.486994] RIP: 0033:0x7f998d5c1cdb
[ 942.487512] Code: ff ff c3 0f 1f 40 00 48 8b 15 89 81 0d 00 f7 d8 64 89 02
48 c7 c0 ff ff ff ff eb ba 0f 1f 00 f3 0f 1e fa b8 08 00 00 00 0f 05 <48> 3d 00
f0 ff ff 77 05 c3 0f 1f 40 00 48 8b 15 59 81 0d 00 f7 d8
[ 942.488593] RSP: 002b:7ffdf61c5328 EFLAGS: 0246 ORIG_RAX:
0008
[ 942.489148] RAX: ffda RBX: RCX:
7f998d5c1cdb
[ 942.489710] RDX: RSI: RDI:
0004
[ 942.490252] RBP: 0004 R08: 01785e4740dd R09:
562dbebb9e50
[ 942.490801] R10: 7ffdf61c5300 R11: 0246 R12:
7ffdf61c63f0
[ 942.491354] R13: 7ffdf61c53f0 R14: 0003 R15:
01e9
== Fix ==
Add the default_llseek ops:
diff --git a/ubuntu/ubuntu-host/ubuntu-host.c
b/ubuntu/ubuntu-host/ubuntu-host.c
index 1abd402..a4c0636 100644
--- a/ubuntu/ubuntu-host/ubuntu-host.c
+++ b/ubuntu/ubuntu-host/ubuntu-host.c
@@ -38,6 +38,8 @@ static ssize_t esm_token_write(struct file *f, const char
__user *buf,
static const struct proc_ops esm_token_fops = {
.proc_read = esm_token_read,
.proc_write = esm_token_write,
+ .proc_lseek = default_llseek,
+
};
== Test plan ==
modrobe ubuntu-host
stress-ng --procfs 0 -t 60
without the fix we hit the splat. With the fix it's OK.
== Where problems could occur ==
This one liner adds the missing proc_lseek op. It is hard to see where
it can cause a regression since it affects the driver no other way. I
doubt any code is relying on the current semantics of lseek not
working.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1934110/+subscriptions
--
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe :
[Kernel-packages] [Bug 1934110] Re: ubuntu-host driver lacks lseek ops
** Changed in: linux (Ubuntu Groovy)
Status: In Progress => Fix Committed
** Changed in: linux (Ubuntu Hirsute)
Status: In Progress => Fix Committed
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1934110
Title:
ubuntu-host driver lacks lseek ops
Status in linux package in Ubuntu:
In Progress
Status in linux source package in Groovy:
Fix Committed
Status in linux source package in Hirsute:
Fix Committed
Bug description:
[ SRU Justification ][GROOVY][HIRSUTE][IMPISH]
== Impact ==
The ubuntu-host driver lacks procfs lseek ops and lseeking on the
procfs esm-token file will jump to a NULL address causing the
following splat:
942.470568] BUG: kernel NULL pointer dereference, address:
[ 942.471157] #PF: supervisor instruction fetch in kernel mode
[ 942.471724] #PF: error_code(0x0010) - not-present page
[ 942.472297] PGD 0 P4D 0
[ 942.472867] Oops: 0010 [#1] SMP PTI
[ 942.473435] CPU: 2 PID: 5661 Comm: stress-ng Not tainted 5.13.0-9-generic
#9
[ 942.474012] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 0.0.0
02/06/2015
[ 942.474599] RIP: 0010:0x0
[ 942.475194] Code: Unable to access opcode bytes at RIP 0xffd6.
[ 942.475792] RSP: 0018:aacf80ff7eb8 EFLAGS: 00010246
[ 942.476383] RAX: RBX: 9eaa8a175240 RCX:
0001
[ 942.476986] RDX: RSI: RDI:
9eaa838d5800
[ 942.477600] RBP: aacf80ff7ed0 R08: 4000 R09:
0004
[ 942.478203] R10: 0002 R11: R12:
[ 942.478800] R13: R14: ffea R15:
9eaa838d5800
[ 942.479399] FS: 7f998d487f00() GS:9eaaffc8()
knlGS:
[ 942.480006] CS: 0010 DS: ES: CR0: 80050033
[ 942.480607] CR2: ffd6 CR3: 00010a774002 CR4:
00370ee0
[ 942.481219] DR0: DR1: DR2:
[ 942.481855] DR3: DR6: fffe0ff0 DR7:
0400
[ 942.482458] Call Trace:
[ 942.483052] proc_reg_llseek+0x4e/0x80
[ 942.483646] ? __fdget_pos+0x43/0x50
[ 942.484234] ksys_lseek+0x84/0xc0
[ 942.484815] __x64_sys_lseek+0x1a/0x20
[ 942.485412] do_syscall_64+0x61/0xb0
[ 942.485966] ? asm_exc_page_fault+0x8/0x30
[ 942.486476] entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 942.486994] RIP: 0033:0x7f998d5c1cdb
[ 942.487512] Code: ff ff c3 0f 1f 40 00 48 8b 15 89 81 0d 00 f7 d8 64 89 02
48 c7 c0 ff ff ff ff eb ba 0f 1f 00 f3 0f 1e fa b8 08 00 00 00 0f 05 <48> 3d 00
f0 ff ff 77 05 c3 0f 1f 40 00 48 8b 15 59 81 0d 00 f7 d8
[ 942.488593] RSP: 002b:7ffdf61c5328 EFLAGS: 0246 ORIG_RAX:
0008
[ 942.489148] RAX: ffda RBX: RCX:
7f998d5c1cdb
[ 942.489710] RDX: RSI: RDI:
0004
[ 942.490252] RBP: 0004 R08: 01785e4740dd R09:
562dbebb9e50
[ 942.490801] R10: 7ffdf61c5300 R11: 0246 R12:
7ffdf61c63f0
[ 942.491354] R13: 7ffdf61c53f0 R14: 0003 R15:
01e9
== Fix ==
Add the default_llseek ops:
diff --git a/ubuntu/ubuntu-host/ubuntu-host.c
b/ubuntu/ubuntu-host/ubuntu-host.c
index 1abd402..a4c0636 100644
--- a/ubuntu/ubuntu-host/ubuntu-host.c
+++ b/ubuntu/ubuntu-host/ubuntu-host.c
@@ -38,6 +38,8 @@ static ssize_t esm_token_write(struct file *f, const char
__user *buf,
static const struct proc_ops esm_token_fops = {
.proc_read = esm_token_read,
.proc_write = esm_token_write,
+ .proc_lseek = default_llseek,
+
};
== Test plan ==
modrobe ubuntu-host
stress-ng --procfs 0 -t 60
without the fix we hit the splat. With the fix it's OK.
== Where problems could occur ==
This one liner adds the missing proc_lseek op. It is hard to see where
it can cause a regression since it affects the driver no other way. I
doubt any code is relying on the current semantics of lseek not
working.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1934110/+subscriptions
--
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1934110] Re: ubuntu-host driver lacks lseek ops
** Also affects: linux (Ubuntu Hirsute)
Importance: Undecided
Status: New
** Also affects: linux (Ubuntu Groovy)
Importance: Undecided
Status: New
** Changed in: linux (Ubuntu Groovy)
Importance: Undecided => High
** Changed in: linux (Ubuntu Groovy)
Status: New => In Progress
** Changed in: linux (Ubuntu Hirsute)
Importance: Undecided => High
** Changed in: linux (Ubuntu Hirsute)
Status: New => In Progress
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1934110
Title:
ubuntu-host driver lacks lseek ops
Status in linux package in Ubuntu:
In Progress
Status in linux source package in Groovy:
In Progress
Status in linux source package in Hirsute:
In Progress
Bug description:
[ SRU Justification ][GROOVY][HIRSUTE][IMPISH]
== Impact ==
The ubuntu-host driver lacks procfs lseek ops and lseeking on the
procfs esm-token file will jump to a NULL address causing the
following splat:
942.470568] BUG: kernel NULL pointer dereference, address:
[ 942.471157] #PF: supervisor instruction fetch in kernel mode
[ 942.471724] #PF: error_code(0x0010) - not-present page
[ 942.472297] PGD 0 P4D 0
[ 942.472867] Oops: 0010 [#1] SMP PTI
[ 942.473435] CPU: 2 PID: 5661 Comm: stress-ng Not tainted 5.13.0-9-generic
#9
[ 942.474012] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 0.0.0
02/06/2015
[ 942.474599] RIP: 0010:0x0
[ 942.475194] Code: Unable to access opcode bytes at RIP 0xffd6.
[ 942.475792] RSP: 0018:aacf80ff7eb8 EFLAGS: 00010246
[ 942.476383] RAX: RBX: 9eaa8a175240 RCX:
0001
[ 942.476986] RDX: RSI: RDI:
9eaa838d5800
[ 942.477600] RBP: aacf80ff7ed0 R08: 4000 R09:
0004
[ 942.478203] R10: 0002 R11: R12:
[ 942.478800] R13: R14: ffea R15:
9eaa838d5800
[ 942.479399] FS: 7f998d487f00() GS:9eaaffc8()
knlGS:
[ 942.480006] CS: 0010 DS: ES: CR0: 80050033
[ 942.480607] CR2: ffd6 CR3: 00010a774002 CR4:
00370ee0
[ 942.481219] DR0: DR1: DR2:
[ 942.481855] DR3: DR6: fffe0ff0 DR7:
0400
[ 942.482458] Call Trace:
[ 942.483052] proc_reg_llseek+0x4e/0x80
[ 942.483646] ? __fdget_pos+0x43/0x50
[ 942.484234] ksys_lseek+0x84/0xc0
[ 942.484815] __x64_sys_lseek+0x1a/0x20
[ 942.485412] do_syscall_64+0x61/0xb0
[ 942.485966] ? asm_exc_page_fault+0x8/0x30
[ 942.486476] entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 942.486994] RIP: 0033:0x7f998d5c1cdb
[ 942.487512] Code: ff ff c3 0f 1f 40 00 48 8b 15 89 81 0d 00 f7 d8 64 89 02
48 c7 c0 ff ff ff ff eb ba 0f 1f 00 f3 0f 1e fa b8 08 00 00 00 0f 05 <48> 3d 00
f0 ff ff 77 05 c3 0f 1f 40 00 48 8b 15 59 81 0d 00 f7 d8
[ 942.488593] RSP: 002b:7ffdf61c5328 EFLAGS: 0246 ORIG_RAX:
0008
[ 942.489148] RAX: ffda RBX: RCX:
7f998d5c1cdb
[ 942.489710] RDX: RSI: RDI:
0004
[ 942.490252] RBP: 0004 R08: 01785e4740dd R09:
562dbebb9e50
[ 942.490801] R10: 7ffdf61c5300 R11: 0246 R12:
7ffdf61c63f0
[ 942.491354] R13: 7ffdf61c53f0 R14: 0003 R15:
01e9
== Fix ==
Add the default_llseek ops:
diff --git a/ubuntu/ubuntu-host/ubuntu-host.c
b/ubuntu/ubuntu-host/ubuntu-host.c
index 1abd402..a4c0636 100644
--- a/ubuntu/ubuntu-host/ubuntu-host.c
+++ b/ubuntu/ubuntu-host/ubuntu-host.c
@@ -38,6 +38,8 @@ static ssize_t esm_token_write(struct file *f, const char
__user *buf,
static const struct proc_ops esm_token_fops = {
.proc_read = esm_token_read,
.proc_write = esm_token_write,
+ .proc_lseek = default_llseek,
+
};
== Test plan ==
modrobe ubuntu-host
stress-ng --procfs 0 -t 60
without the fix we hit the splat. With the fix it's OK.
== Where problems could occur ==
This one liner adds the missing proc_lseek op. It is hard to see where
it can cause a regression since it affects the driver no other way. I
doubt any code is relying on the current semantics of lseek not
working.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1934110/+subscriptions
--
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help : https://help.launchpad.net/ListHelp
