"mm/huge_memory.c: respect FOLL_FORCE/FOLL_COW for thp" needs to be ported to Xenial Kernel
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
linux (Ubuntu) |
Confirmed
|
High
|
Unassigned |
Bug Description
The following changes was pulled into atleast the Ubuntu Xenail Kernel release.
http://
From b56d2a75e1daae6
From: Linus Torvalds <email address hidden>
Date: Mon, 17 Oct 2016 17:29:48 -0500
Subject: UBUNTU: SAUCE: mm: remove gup_flags FOLL_WRITE games from
__get_user_pages()
This is an ancient bug that was actually attrempted to be fixed once
(badly) by me eleven years ago in commit 4ceb5db9757a ("Fix
get_user_pages() race for write access") but that was then undone due to
problems on s390 by commit f33ea7f404e5 ("fix get_user_pages bug").
In the meantime, the s390 situation has long been fixed, and we can once
more try to fix it by checking the pte_dirty() bit properly (and do it
better). Also, the VM has become more scalable, and what was a purely
theoretical race back then has become easier to trigger.
To fix it, we introduce a new internal FOLL_COW flag to mark the "yes,
we already did a COW" rather than play racy games with FOLL_WRITE that
is very fundamental, and then use the pte dirty flag to validate that
the FOLL_COW flag is still valid.
Reported-
Cc: Michal Hocko <email address hidden>
Cc: Andy Lutomirski <email address hidden>
Cc: Kees Cook <email address hidden>
Cc: Oleg Nesterov <email address hidden>
Cc: Willy Tarreau <w@1wt.eu>
Acked-by: Hugh Dickins <email address hidden>
Cc: Nick Piggin <email address hidden>
Cc: Greg Thelen <email address hidden>
Cc: <email address hidden>
Signed-off-by: Linus Torvalds <email address hidden>
CVE-2016-5195
However this change introduced a bug in the kernel memory manager, in which syscalls can end up in an infinite loop when transparent huge pages are enabled. See the following Commit:
https:/
This fix has not been ported to the Xenial kernel, and thus the infinite loop issue is hitting certain machines quite often. Example of bug hitting: http://<email address hidden>
Kernel Info: Linux Ubuntu 16.04.1 LTS (GNU/Linux 4.4.0-51-generic x86_64)
summary: |
"mm/huge_memory.c: respect FOLL_FORCE/FOLL_COW for thp" needs to be - ported to Xenail Kernel + ported to Xenial Kernel |
tags: | added: kernel-bug xenial |
Changed in linux (Ubuntu): | |
status: | Incomplete → Confirmed |
importance: | Undecided → High |
This bug is missing log files that will aid in diagnosing the problem. From a terminal window please run:
apport-collect 1660518
and then change the status of the bug to 'Confirmed'.
If, due to the nature of the issue you have encountered, you are unable to run this command, please add a comment stating that fact and change the bug status to 'Confirmed'.
This change has been made by an automated script, maintained by the Ubuntu Kernel Team.