kernel: Fix memory leak on CCA and EP11 CPRB processing.

Bug #1775390 reported by bugproxy on 2018-06-06
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Ubuntu on IBM z Systems
High
Canonical Kernel Team
linux (Ubuntu)
High
Joseph Salisbury
Bionic
High
Joseph Salisbury

Bug Description

== SRU Justification ==
Description: kernel: Fix memory leak on CCA and EP11 CPRB processing.
Symptom: Kernel memory not freed when CCA or EP11 CPRB processing fails.
Problem: kfree() in code error path missing.
Solution: Slight rework of the malloc and free places.
Reproduction: Run application which sends CCA or EP11 crypto requests
              to the crypto card(s). Now switch the cards offline with
              the help of chzcrypt. Monitor top or free output.

Upstream commit(s): kernel 4.18
89a0c0ec0d2e3ce0ee9caa00f60c0c26ccf11c21

== Fix ==
89a0c0ec0d2e ("s390/zcrypt: Fix CCA and EP11 CPRB processing failure memory leak.")

== Regression Potential ==
Low. Limited to s390.

== Test Case ==
Verified upfront by IBM during upstream integration.

Default Comment by Bridge

tags: added: architecture-s39064 bugnameltc-168539 severity-high targetmilestone-inin1804
Changed in ubuntu:
assignee: nobody → Skipper Bug Screeners (skipper-screen-team)
affects: ubuntu → linux (Ubuntu)
Changed in ubuntu-z-systems:
status: New → Triaged
importance: Undecided → High
assignee: nobody → Canonical Kernel Team (canonical-kernel-team)
Changed in linux (Ubuntu):
status: New → In Progress
importance: Undecided → High
assignee: Skipper Bug Screeners (skipper-screen-team) → Joseph Salisbury (jsalisbury)
Changed in linux (Ubuntu Bionic):
status: New → In Progress
importance: Undecided → High
assignee: nobody → Joseph Salisbury (jsalisbury)
Changed in ubuntu-z-systems:
status: Triaged → In Progress
Joseph Salisbury (jsalisbury) wrote :

I built a test kernel with commit 89a0c0ec0d2e3ce0ee9caa00f60c0c26ccf11c21. The test kernel can be downloaded from:
http://kernel.ubuntu.com/~jsalisbury/lp1775390

Can you test this kernel and see if it resolves this bug?

Note about installing test kernels:
• If the test kernel is prior to 4.15(Bionic) you need to install the linux-image and linux-image-extra .deb packages.
• If the test kernel is 4.15(Bionic) or newer, you need to install the linux-modules, linux-modules-extra and linux-image-unsigned .deb packages.

Thanks in advance!

------- Comment From <email address hidden> 2018-06-13 03:53 EDT-------
Verified upfront by IBM during upstream integration

Joseph Salisbury (jsalisbury) wrote :
description: updated
Changed in linux (Ubuntu Bionic):
status: In Progress → Fix Committed
Changed in linux (Ubuntu):
status: In Progress → Fix Committed
Changed in ubuntu-z-systems:
status: In Progress → Fix Committed
Launchpad Janitor (janitor) wrote :
Download full text (14.9 KiB)

This bug was fixed in the package linux - 4.17.0-6.7

---------------
linux (4.17.0-6.7) cosmic; urgency=medium

  * linux: 4.17.0-6.7 -proposed tracker (LP: #1783396)

  * [Regression] EXT4-fs error (device sda2): ext4_validate_block_bitmap:383:
    comm stress-ng: bg 4705: bad block bitmap checksum (LP: #1781709)
    - SAUCE: Revert "UBUNTU: SAUCE: ext4: fix ext4_validate_inode_bitmap: comm
      stress-ng: Corrupt inode bitmap"
    - SAUCE: ext4: check for allocation block validity with block group locked

  * Cosmic update to 4.17.9 stable release (LP: #1783201)
    - userfaultfd: hugetlbfs: fix userfaultfd_huge_must_wait() pte access
    - mm: hugetlb: yield when prepping struct pages
    - mm: teach dump_page() to correctly output poisoned struct pages
    - PCI / ACPI / PM: Resume bridges w/o drivers on suspend-to-RAM
    - ACPICA: Drop leading newlines from error messages
    - ACPI / battery: Safe unregistering of hooks
    - drm/amdgpu: Make struct amdgpu_atif private to amdgpu_acpi.c
    - tracing: Avoid string overflow
    - tracing: Fix missing return symbol in function_graph output
    - scsi: sg: mitigate read/write abuse
    - scsi: aacraid: Fix PD performance regression over incorrect qd being set
    - scsi: target: Fix truncated PR-in ReadKeys response
    - s390: Correct register corruption in critical section cleanup
    - drbd: fix access after free
    - vfio: Use get_user_pages_longterm correctly
    - ARM: dts: imx51-zii-rdu1: fix touchscreen pinctrl
    - ARM: dts: omap3: Fix am3517 mdio and emac clock references
    - ARM: dts: dra7: Disable metastability workaround for USB2
    - cifs: Fix use after free of a mid_q_entry
    - cifs: Fix memory leak in smb2_set_ea()
    - cifs: Fix slab-out-of-bounds in send_set_info() on SMB2 ACE setting
    - cifs: Fix infinite loop when using hard mount option
    - drm: Use kvzalloc for allocating blob property memory
    - drm/udl: fix display corruption of the last line
    - drm/amdgpu: Add amdgpu_atpx_get_dhandle()
    - drm/amdgpu: Dynamically probe for ATIF handle (v2)
    - jbd2: don't mark block as modified if the handle is out of credits
    - ext4: add corruption check in ext4_xattr_set_entry()
    - ext4: always verify the magic number in xattr blocks
    - ext4: make sure bitmaps and the inode table don't overlap with bg
      descriptors
    - ext4: always check block group bounds in ext4_init_block_bitmap()
    - ext4: only look at the bg_flags field if it is valid
    - ext4: verify the depth of extent tree in ext4_find_extent()
    - ext4: include the illegal physical block in the bad map ext4_error msg
    - ext4: clear i_data in ext4_inode_info when removing inline data
    - ext4: never move the system.data xattr out of the inode body
    - ext4: avoid running out of journal credits when appending to an inline file
    - ext4: add more inode number paranoia checks
    - ext4: add more mount time checks of the superblock
    - ext4: check superblock mapped prior to committing
    - HID: i2c-hid: Fix "incomplete report" noise
    - HID: hiddev: fix potential Spectre v1
    - HID: debug: check length before copy_to_user()
    - HID: core: allow concurrent registr...

Changed in linux (Ubuntu):
status: Fix Committed → Fix Released
Brad Figg (brad-figg) wrote :

This bug is awaiting verification that the kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-bionic' to 'verification-done-bionic'. If the problem still exists, change the tag 'verification-needed-bionic' to 'verification-failed-bionic'.

If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you!

tags: added: verification-needed-bionic
bugproxy (bugproxy) wrote :

------- Comment From <email address hidden> 2018-08-08 08:16 EDT-------
Verified upfront by IBM during upstream integration.
No further test by IBM.

Joseph Salisbury (jsalisbury) wrote :

Confirmed patch is in Bionic Ubuntu-4.15.0-31.33~528 as commit:

a548d54749dd s390/zcrypt: Fix CCA and EP11 CPRB processing failure memory leak.

tags: added: verification-done-bionic
removed: verification-needed-bionic
Launchpad Janitor (janitor) wrote :
Download full text (35.6 KiB)

This bug was fixed in the package linux - 4.15.0-33.36

---------------
linux (4.15.0-33.36) bionic; urgency=medium

  * linux: 4.15.0-33.36 -proposed tracker (LP: #1787149)

  * RTNL assertion failure on ipvlan (LP: #1776927)
    - ipvlan: drop ipv6 dependency
    - ipvlan: use per device spinlock to protect addrs list updates
    - SAUCE: fix warning from "ipvlan: drop ipv6 dependency"

  * ubuntu_bpf_jit test failed on Bionic s390x systems (LP: #1753941)
    - test_bpf: flag tests that cannot be jited on s390

  * HDMI/DP audio can't work on the laptop of Dell Latitude 5495 (LP: #1782689)
    - drm/nouveau: fix nouveau_dsm_get_client_id()'s return type
    - drm/radeon: fix radeon_atpx_get_client_id()'s return type
    - drm/amdgpu: fix amdgpu_atpx_get_client_id()'s return type
    - platform/x86: apple-gmux: fix gmux_get_client_id()'s return type
    - ALSA: hda: use PCI_BASE_CLASS_DISPLAY to replace PCI_CLASS_DISPLAY_VGA
    - vga_switcheroo: set audio client id according to bound GPU id

  * locking sockets broken due to missing AppArmor socket mediation patches
    (LP: #1780227)
    - UBUNTU SAUCE: apparmor: fix apparmor mediating locking non-fs, unix sockets

  * Update2 for ocxl driver (LP: #1781436)
    - ocxl: Fix page fault handler in case of fault on dying process

  * netns: unable to follow an interface that moves to another netns
    (LP: #1774225)
    - net: core: Expose number of link up/down transitions
    - dev: always advertise the new nsid when the netns iface changes
    - dev: advertise the new ifindex when the netns iface changes

  * [Bionic] Disk IO hangs when using BFQ as io scheduler (LP: #1780066)
    - block, bfq: fix occurrences of request finish method's old name
    - block, bfq: remove batches of confusing ifdefs
    - block, bfq: add requeue-request hook

  * HP ProBook 455 G5 needs mute-led-gpio fixup (LP: #1781763)
    - ALSA: hda: add mute led support for HP ProBook 455 G5

  * [Bionic] bug fixes to improve stability of the ThunderX2 i2c driver
    (LP: #1781476)
    - i2c: xlp9xx: Fix issue seen when updating receive length
    - i2c: xlp9xx: Make sure the transfer size is not more than
      I2C_SMBUS_BLOCK_SIZE

  * x86/kvm: fix LAPIC timer drift when guest uses periodic mode (LP: #1778486)
    - x86/kvm: fix LAPIC timer drift when guest uses periodic mode

  * Please include ax88179_178a and r8152 modules in d-i udeb (LP: #1771823)
    - [Config:] d-i: Add ax88179_178a and r8152 to nic-modules

  * Nvidia fails after switching its mode (LP: #1778658)
    - PCI: Restore config space on runtime resume despite being unbound

  * Kernel error "task zfs:pid blocked for more than 120 seconds" (LP: #1781364)
    - SAUCE: (noup) zfs to 0.7.5-1ubuntu16.3

  * CVE-2018-12232
    - PATCH 1/1] socket: close race condition between sock_close() and
      sockfs_setattr()

  * CVE-2018-10323
    - xfs: set format back to extents if xfs_bmap_extents_to_btree

  * change front mic location for more lenovo m7/8/9xx machines (LP: #1781316)
    - ALSA: hda/realtek - Fix the problem of two front mics on more machines
    - ALSA: hda/realtek - two more lenovo models need fixup of MIC_LOCATION

  * Cephfs + fscache: unab...

Changed in linux (Ubuntu Bionic):
status: Fix Committed → Fix Released
Changed in ubuntu-z-systems:
status: Fix Committed → Fix Released
Brad Figg (brad-figg) on 2019-07-24
tags: added: cscc
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers

Bug attachments