That's excellent Gary, thank you.
Sponsored: 
https://launchpad.net/ubuntu/noble/+upload/38508866/+files/plymouth_24.004.60-1ubuntu7.2_source.changes

** Description changed:

+ [Impact]
+ 
+  * plymouthd SIGSEGVs during boot on systems that have a terminal-less
+    secondary DRM head while the boot splash is active. Effect for users:
+    the boot splash dies and a plymouthd coredump is logged every boot. On
+    an encrypted-disk install this is the LUKS passphrase splash.
+ 
+  * Root cause is a NULL dereference of backend->terminal in
+    ply_terminal_set_disabled_input(). Plymouth assigns a terminal only to
+    the primary console DRM card but still builds a backend and watches
+    input on secondary, terminal-less DRM heads. The public reports trigger
+    this with NVIDIA multi-GPU / vt-less kernels. A second trigger is a
+    DisplayLink evdi connector that reports connected+enabled with a 0-byte
+    EDID, which is also a terminal-less head.
+ 
+  * The upload fixes it by NULL-guarding the terminal pointer before the
+    terminal-input calls: in the set_disabled/_unbuffered/_buffered_input
+    functions in ply-terminal.c, and before the call in the drm and
+    frame-buffer renderers' close_input_source(). It cherry-picks the two
+    upstream commits listed in the comment onto noble's -1ubuntu7.1 as
+    -1ubuntu7.2.
+ 
+  * Justification for backporting: noble is 24.04 LTS in standard support.
+    Affected users get a crashing boot splash and a coredump on every boot,
+    and the noble task has had no fix for roughly 14 months while the fix
+    has shipped in plucky and Fedora. The change is small and defensive.
+ 
+ [Test Plan]
+ 
+  * Affected configuration: noble with plymouth 24.004.60-1ubuntu7.1 and a
+    terminal-less secondary DRM head present while the splash is up. Either
+    an NVIDIA multi-GPU / vt-less-kernel setup, or a DisplayLink/evdi device
+    whose connector reports connected+enabled with an empty EDID.
+ 
+  * Reproduce without the patch:
+    1. Ensure "splash" is on the kernel command line.
+    2. Boot with the affected head live during the splash.
+    3. After boot, check for a plymouthd crash:
+         coredumpctl list plymouthd
+         coredumpctl info plymouthd
+       The backtrace shows the crash in ply_terminal_set_disabled_input
+       (here at +0x27 with rdi=0), reached via the drm renderer
+       add_input_device -> watch_input_device path.
+ 
+  * Reproducer used by the reporter: HP ZBook Studio x360 G5, Intel i915 +
+    NVIDIA PRIME, StarTech USB32DP4K DisplayLink dongle (evdi) attached,
+    dracut initramfs that force-loads evdi early so the empty-EDID head is
+    live across switch_root. Booting with "splash" SIGSEGVs plymouthd as
+    above.
+ 
+  * Verify with the -proposed package: install plymouth 24.004.60-1ubuntu7.2
+    from noble-proposed, regenerate the initramfs, and boot the same way.
+    Expected: the splash completes and no new plymouthd coredump appears
+    (coredumpctl list plymouthd shows no new entry for the boot). The
+    reporter confirmed this with a local rebuild of the same two patches.
+ 
+ [Where problems could occur]
+ 
+  * The change adds NULL guards (~7 lines) in two places: the
+    set_disabled/_unbuffered/_buffered_input functions in
+    src/libply-splash-core/ply-terminal.c, and close_input_source() in the
+    drm and frame-buffer renderers (src/plugins/renderers/*/plugin.c).
+ 
+  * If the guards were wrong, the failure mode would be input not being
+    toggled on a backend that legitimately has a terminal, i.e. the
+    terminal-input enable/disable on the primary console head being skipped.
+    In practice that would show up as the splash keyboard path
+    misbehaving -- the encrypted-disk passphrase prompt not accepting input,
+    or echo/no-echo being wrong at the prompt. Regression testers should
+    confirm the LUKS passphrase entry at the splash still accepts input with
+    correct echoing, and that the splash hands off to the display manager
+    cleanly, on a normal single-GPU machine with no secondary head as well
+    as on the affected configuration.
+ 
+  * The change only gates the existing input-source open/close calls behind
+    a NULL check; it adds no new code paths. The same two commits are
+    shipping in plucky (24.004.60-2ubuntu6) and Fedora without reported
+    regressions, which lowers the risk but does not remove it, hence the
+    passphrase-input check above.
+ 
+ [Other Info]
+ 
+  * Upstream: commits 63597f92d108237a3ab7d2343a602a95edddd4e5 and
+    5c10072a978dd7566559f44a54c3e031bb4cb216, freedesktop issue 288, first
+    upstream tag containing them 26.134.222. Related: Red Hat bz 2350956,
+    apport duplicates LP #2104358 and LP #2104360, earlier LP #2060086.
+ 
+  * Development-release-first: the fix is Fix Released in plucky
+    (24.004.60-2ubuntu6) and in Fedora. I have not confirmed which plymouth
+    version the current development release ships or the state of its task,
+    so please confirm the development-release task is Fix Released (or get
+    it fixed there first) before this SRU is accepted.
+ 
+  * The evdi empty-EDID head is an additional reproducer beyond the
+    NVIDIA multi-GPU trigger framed in the public reports; it is the same
+    NULL-terminal bug reached from a terminal-less head.
+ 
+  * I have no upload rights. The debdiff is attached and ubuntu-sponsors is
+    subscribed for upload to noble-unapproved. I have not set the task to
+    In Progress; the sponsor uploads and sets status. I can run the Test
+    Plan against the -proposed build and mark verification-done-noble.
+ 
+ [ Original Message ]
+ 
  https://errors.ubuntu.com/problem/8d91218b809bc23879a6325c4eba1c9d4729cd0d
  https://errors.ubuntu.com/problem/6dd9b56f7dca6ce92e88daa30d67bef17aca57ab
  
  I got errors instead of the plymouth splash screen related to libply. 
Unfortunately I couldn't find the logs for the error on journalctl, but I could 
find something like this:
  mar 18 12:11:30 glados systemd[1]: Received SIGRTMIN+20 from PID 391 
(plymouthd).
  For some reason plymouth is crashing.
  Please, let me know where I can find the logs for plymouthd since it doesn't 
seem to have a service unit for it.
  
  ProblemType: Bug
  DistroRelease: Ubuntu 25.04
  Package: plymouth 24.004.60-2ubuntu5
  ProcVersionSignature: Ubuntu 6.14.0-11.11~lp1845820-generic 6.14.0-rc6
  Uname: Linux 6.14.0-11-generic x86_64
  NonfreeKernelModules: nvidia_modeset nvidia
  ApportVersion: 2.32.0-0ubuntu2
  Architecture: amd64
  CasperMD5CheckResult: pass
  CurrentDesktop: ubuntu:GNOME
  Date: Tue Mar 18 12:13:50 2025
  DefaultPlymouth: /usr/share/plymouth/themes/bgrt/bgrt.plymouth
  InstallationDate: Installed on 2021-11-26 (1208 days ago)
  InstallationMedia: Ubuntu 21.10 "Impish Indri" - Release amd64 (20211012)
  MachineType: Dell Inc. Dell G15 5511
  ProcCmdLine: BOOT_IMAGE=/boot/vmlinuz-6.14.0-11-generic 
root=UUID=a15c1e1a-d162-4e98-98e6-bbc6e85a39c3 ro intel_iommu=on iommu=pt quiet 
splash 
crashkernel=2G-4G:320M,4G-32G:512M,32G-64G:1024M,64G-128G:2048M,128G-:4096M 
vt.handoff=7
  ProcFB: 0 nvidia-drmdrmfb
  ProcKernelCmdLine: BOOT_IMAGE=/boot/vmlinuz-6.14.0-11-generic 
root=UUID=a15c1e1a-d162-4e98-98e6-bbc6e85a39c3 ro intel_iommu=on iommu=pt quiet 
splash 
crashkernel=2G-4G:320M,4G-32G:512M,32G-64G:1024M,64G-128G:2048M,128G-:4096M 
vt.handoff=7
  SourcePackage: plymouth
  TextPlymouth: /usr/share/plymouth/themes/ubuntu-text/ubuntu-text.plymouth
  UpgradeStatus: Upgraded to plucky on 2025-03-07 (11 days ago)
  dmi.bios.date: 12/16/2024
  dmi.bios.release: 1.34
  dmi.bios.vendor: Dell Inc.
  dmi.bios.version: 1.34.0
  dmi.board.name: 0836K6
  dmi.board.vendor: Dell Inc.
  dmi.board.version: A00
  dmi.chassis.type: 10
  dmi.chassis.vendor: Dell Inc.
  dmi.modalias: 
dmi:bvnDellInc.:bvr1.34.0:bd12/16/2024:br1.34:svnDellInc.:pnDellG155511:pvr:rvnDellInc.:rn0836K6:rvrA00:cvnDellInc.:ct10:cvr:sku0A70:
  dmi.product.family: GSeries
  dmi.product.name: Dell G15 5511
  dmi.product.sku: 0A70
  dmi.sys.vendor: Dell Inc.

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2103533

Title:
  plymouth crashes with SIGSEGV in ply_terminal_set_disabled_input()
  from open_input_source() [drm.so] from
  ply_renderer_open_input_source()

To manage notifications about this bug go to:
https://bugs.launchpad.net/plymouth/+bug/2103533/+subscriptions


-- 
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

Reply via email to