x86: mm/fault: Fix semaphore imbalance

Bug #1431280 reported by Luis Henriques
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
linux (Ubuntu)
Undecided
Luis Henriques
Precise
Undecided
Unassigned

Bug Description

The qrt kernel_security are hanging with "task hung" errors/warnings on the console with Precise. This seems to be due to an issue in the backport to the 3.2.67 stable kernel of commit:

commit 33692f27597fcab536d7cbbcc8f52905133e4aa7
Author: Linus Torvalds <email address hidden>
Date: Thu Jan 29 10:51:32 2015 -0800

    vm: add VM_FAULT_SIGSEGV handling support

3.2.68 kernel fixes this issue with commit:

commit 6749fd110bf44164782df9bba86c0327474446b9
Author: Ben Hutchings <email address hidden>
Date: Wed Feb 25 00:02:28 2015 +0000

    x86: mm/fault: Fix semaphore imbalance

    When backporting commit 33692f27597f ('vm: add VM_FAULT_SIGSEGV
    handling support') I didn't notice that it depended on a recent change
    to the locking context of mm_fault_error() (commit 7fb08eca4527,
    'x86: mm: move mmap_sem unlock from mm_fault_error() to caller').
    That isn't easily applicable to 3.2, so instead make sure we drop
    mm->mmap_sem on the new branch of mm_fault_error().

The ubuntu-qrt-apparmor are also hanging, possibly for the same reason.

Including commit 6749fd110bf4 ("x86: mm/fault: Fix semaphore imbalance") in Precise seems to fix these issues.

CVE References

Luis Henriques (henrix)
Changed in linux (Ubuntu Precise):
status: New → Triaged
Luis Henriques (henrix)
Changed in linux (Ubuntu Precise):
status: Triaged → Fix Committed
Adam Conrad (adconrad)
Changed in linux (Ubuntu):
status: Triaged → Invalid
Revision history for this message
Brad Figg (brad-figg) wrote :

This bug is awaiting verification that the kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-precise' to 'verification-done-precise'.

If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you!

tags: added: verification-needed-precise
Brad Figg (brad-figg)
tags: added: verification-needed-done
removed: verification-needed-precise
Brad Figg (brad-figg)
tags: added: verification-done-precise
removed: verification-needed-done
Revision history for this message
Launchpad Janitor (janitor) wrote :
Download full text (11.1 KiB)

This bug was fixed in the package linux - 3.2.0-79.115

---------------
linux (3.2.0-79.115) precise; urgency=low

  [ Luis Henriques ]

  * Release Tracking Bug
    - LP: #1431359
  * Merged back all changes that were in Ubuntu-3.2.0-78.113

  [ Upstream Kernel Changes ]

  * x86: mm/fault: Fix semaphore imbalance
    - LP: #1431280

linux (3.2.0-78.113) precise; urgency=low

  [ Seth Forshee ]

  * Release Tracking Bug
    - LP: #1427736

  [ Upstream Kernel Changes ]

  * Revert "tcp: Apply device TSO segment limit earlier"
    - LP: #1427413
  * eCryptfs: Force RO mount when encrypted view is enabled
    - LP: #1427413
  * sound: simplify au0828 quirk table
    - LP: #1427413
  * sound: Update au0828 quirks table
    - LP: #1427413
  * af9005: fix kernel panic on init if compiled without IR
    - LP: #1427413
  * writeback: Move I_DIRTY_PAGES handling
    - LP: #1427413
  * writeback: fix a subtle race condition in I_DIRTY clearing
    - LP: #1427413
  * usb: renesas_usbhs: gadget: fix NULL pointer dereference in
    ep_disable()
    - LP: #1427413
  * ipv4: Remove all uses of LL_ALLOCATED_SPACE
    - LP: #1427413
  * ipv6: Remove all uses of LL_ALLOCATED_SPACE
    - LP: #1427413
  * ipv6: mld: fix add_grhead skb_over_panic for devs with large MTUs
    - LP: #1427413
  * KVM: s390: flush CPU on load control
    - LP: #1427413
  * UBI: Fix invalid vfree()
    - LP: #1427413
  * driver core: Fix unbalanced device reference in drivers_probe
    - LP: #1427413
  * drbd: merge_bvec_fn: properly remap bvm->bi_bdev
    - LP: #1427413
  * PCI: Restore detection of read-only BARs
    - LP: #1427413
  * scsi: correct return values for .eh_abort_handler implementations
    - LP: #1427413
  * bus: omap_l3_noc: Correct returning IRQ_HANDLED unconditionally in the
    irq handler
    - LP: #1427413
  * genhd: check for int overflow in disk_expand_part_tbl()
    - LP: #1427413
  * USB: cdc-acm: check for valid interfaces
    - LP: #1427413
  * uvcvideo: Fix destruction order in uvc_delete()
    - LP: #1427413
  * mfd: tc6393xb: Fail ohci suspend if full state restore is required
    - LP: #1427413
  * serial: samsung: wait for transfer completion before clock disable
    - LP: #1427413
  * Bluetooth: btusb: Add support for Belkin F8065bf
    - LP: #1427413
  * Bluetooth: ath3k: Add support for a new AR3012 device
    - LP: #1427413
  * Bluetooth: ath3k: Add support for another AR3012 card
    - LP: #1427413
  * Bluetooth: Add support for Toshiba Bluetooth device [0930:0220]
    - LP: #1427413
  * Bluetooth: Enable Atheros 0cf3:311e for firmware upload
    - LP: #1427413
  * Bluetooth: Add firmware update for Atheros 0cf3:311f
    - LP: #1427413
  * Bluetooth: btusb: Add IMC Networks (Broadcom based)
    - LP: #1427413
  * Bluetooth: sort the list of IDs in the source code
    - LP: #1427413
  * Bluetooth: append new supported device to the list [0b05:17d0]
    - LP: #1427413
  * Bluetooth: Add support for Intel bootloader devices
    - LP: #1427413
  * Bluetooth: Ignore isochronous endpoints for Intel USB bootloader
    - LP: #1427413
  * Bluetooth: Add support for Acer [13D3:3432]
    - LP: #1427413
  * Bluetooth: Add support for Broadcom device of Asu...

Changed in linux (Ubuntu Precise):
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers