Kernel trace with xenial 4.4 (4.4.0-108.131, Candidate kernels for PTI fix)

Bug #1741934 reported by Taihsiang Ho on 2018-01-08
316
This bug affects 79 people
Affects Status Importance Assigned to Milestone
linux (Ubuntu)
Critical
Joseph Salisbury
Xenial
Critical
Joseph Salisbury

Bug Description

### HOW TO BOOT INTO PREVIOUS KERNEL IF UNABLE TO BOOT ###

If you hit this bug and are unable to boot, you can boot back into the last working kernel. To do that, select that version(Probably 4.4.0-104) from the GRUB menu.

The GRUB menu can be accessed by holding the 'Shift' key after powering on the system(Some systems require the 'ESC' key to be held instead of Shift). Detailed information about GRUB can be found here:
https://help.ubuntu.com/community/Grub2

[Description]

When using PPA https://launchpad.net/~canonical-kernel-team/+archive/ubuntu/pti/ to fetch the candidate kernels for CVE-2017-5754, CVE-2017-5715 and CVE-2017-5753. There is the same kernel trace shown in many different pre-installed Ubuntu images of different platform.

So far these platform are known to reproduce this issue:

CID 201606-22340 (Dell Vostro 5468)
CID 201606-22349 (Dell Inspiron 7560)
CID 201606-22365 (Dell Inspiron 5767)

[Steps to Reproduce]

1. Install the target pre-installed image (Xenial 4.4-based stack) for the platform.
2. Fetch the kernel 4.4.0-108.131 from this PPA https://launchpad.net/~canonical-kernel-team/+archive/ubuntu/pti/
3. Update the system by "sudo apt-get dist-upgrade"
4. After the system update, reboot it.
5. Check the syslog after the system is ready to use again.

[Expected Result]

No kernel trace message.

[Actual Result]

Kernel trace message as:

Jan 9 00:33:33 201606-22365 kernel: [ 37.701226] ------------[ cut here ]------------
Jan 9 00:33:33 201606-22365 kernel: [ 37.701243] kernel BUG at /build/linux-J4_1pC/linux-4.4.0/mm/slub.c:3627!
Jan 9 00:33:33 201606-22365 kernel: [ 37.701261] invalid opcode: 0000 [#1] SMP
Jan 9 00:33:33 201606-22365 kernel: [ 37.701273] Modules linked in: nvram msr bnep rtsx_usb_ms memstick hid_multitouch uvcvideo i2c_designware_platform i2c_designware_core ath3k videobuf2_vmalloc videobuf2_memops videobuf2_v4l2 videobuf2_core v4l2_common videodev media btusb dell_wmi sparse_keymap btrtl snd_hda_codec_hdmi(OE) dell_led snd_hda_codec_realtek(OE) snd_hda_codec_generic(OE) dell_laptop dcdbas snd_hda_intel(OE) snd_hda_codec(OE) snd_hwdep dell_smm_hwmon intel_rapl x86_pkg_temp_thermal intel_powerclamp coretemp snd_soc_skl_ipc snd_hda_ext_core(OE) snd_hda_core(OE) snd_soc_sst_ipc snd_soc_sst_dsp snd_soc_core kvm_intel snd_compress kvm irqbypass ac97_bus crct10dif_pclmul crc32_pclmul ghash_clmulni_intel snd_pcm_dmaengine aesni_intel snd_pcm aes_x86_64 snd_seq_midi snd_seq_midi_event snd_rawmidi snd_seq arc4 lrw ath9k ath9k_common snd_seq_device ath9k_hw gf128mul glue_helper snd_timer ath mac80211 cfg80211 hci_uart btbcm btqca btintel ablk_helper joydev input_leds cryptd serio_raw bluetooth snd mei_me soundcore mei tpm_crb shpchp idma64 dw_dmac_core virt_dma dell_rbtn int3403_thermal acpi_pad processor_thermal_device int3402_thermal int340x_thermal_zone int3400_thermal intel_soc_dts_iosf intel_lpss_acpi intel_lpss_pci acpi_thermal_rel intel_lpss mac_hid acpi_als kfifo_buf industrialio parport_pc ppdev lp parport autofs4 btrfs xor raid6_pq dm_mirror dm_region_hash dm_log mmc_block rtsx_usb_sdmmc rtsx_usb uas usb_storage i915_bpo intel_ips i2c_algo_bit drm_kms_helper psmouse syscopyarea sysfillrect sysimgblt fb_sys_fops r8169 drm ahci mii libahci wmi i2c_hid hid pinctrl_sunrisepoint video pinctrl_intel fjes
Jan 9 00:33:33 201606-22365 kernel: [ 37.701735] CPU: 3 PID: 21 Comm: watchdog/3 Tainted: G OE 4.4.0-108-generic #131-Ubuntu
Jan 9 00:33:33 201606-22365 kernel: [ 37.701756] Hardware name: Dell Inc. Inspiron 5767/ , BIOS 1.0.0 07/14/2016
Jan 9 00:33:33 201606-22365 kernel: [ 37.701774] task: ffff880169df6900 ti: ffff880169a1c000 task.ti: ffff880169a1c000
Jan 9 00:33:33 201606-22365 kernel: [ 37.701792] RIP: 0010:[<ffffffff811f00a7>] [<ffffffff811f00a7>] kfree+0x147/0x150
Jan 9 00:33:33 201606-22365 kernel: [ 37.701814] RSP: 0018:ffff880169a1fd58 EFLAGS: 00010246
Jan 9 00:33:33 201606-22365 kernel: [ 37.701827] RAX: ffffea0005bd0120 RBX: ffff88016f404840 RCX: ffff88016f7fa220
Jan 9 00:33:33 201606-22365 kernel: [ 37.701843] RDX: ffffea0005a64420 RSI: ffffea0005a64820 RDI: ffffea0005bd0100
Jan 9 00:33:33 201606-22365 kernel: [ 37.701860] RBP: ffff880169a1fd70 R08: 0000000000000009 R09: ff80003fffffffff
Jan 9 00:33:33 201606-22365 kernel: [ 37.701877] R10: ffffea0005bd0100 R11: 0000000000000001 R12: 0000000000000000
Jan 9 00:33:33 201606-22365 kernel: [ 37.701893] R13: ffffffff810104ff R14: ffffffff81f3c840 R15: 0000000000000000
Jan 9 00:33:33 201606-22365 kernel: [ 37.701910] FS: 0000000000000000(0000) GS:ffff88016f580000(0000) knlGS:0000000000000000
Jan 9 00:33:33 201606-22365 kernel: [ 37.701929] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
Jan 9 00:33:33 201606-22365 kernel: [ 37.701943] CR2: 0000557a57f940d0 CR3: 0000000002e0a000 CR4: 0000000000360670
Jan 9 00:33:33 201606-22365 kernel: [ 37.701961] Stack:
Jan 9 00:33:33 201606-22365 kernel: [ 37.701966] 0000000000000000 0000000000000000 000000000000d440 ffff880169a1fda0
Jan 9 00:33:33 201606-22365 kernel: [ 37.701987] ffffffff810104ff 0000000000000004 0000000000000186 0000000000000003
Jan 9 00:33:33 201606-22365 kernel: [ 37.702007] 0000000000000003 ffff880169a1fdc0 ffffffff8100608f ffff880169a40000
Jan 9 00:33:33 201606-22365 kernel: [ 37.702027] Call Trace:
Jan 9 00:33:33 201606-22365 kernel: [ 37.702036] [<ffffffff810104ff>] release_ds_buffers+0xbf/0xd0
Jan 9 00:33:33 201606-22365 kernel: [ 37.702052] [<ffffffff8100608f>] x86_release_hardware+0x8f/0xa0
Jan 9 00:33:33 201606-22365 kernel: [ 37.702067] [<ffffffff810060ae>] hw_perf_event_destroy+0xe/0x20
Jan 9 00:33:33 201606-22365 kernel: [ 37.702082] [<ffffffff81183746>] _free_event+0xb6/0x230
Jan 9 00:33:33 201606-22365 kernel: [ 37.702095] [<ffffffff81183983>] put_event+0xc3/0x100
Jan 9 00:33:33 201606-22365 kernel: [ 37.702108] [<ffffffff811839c9>] perf_event_release_kernel+0x9/0x10
Jan 9 00:33:33 201606-22365 kernel: [ 37.702125] [<ffffffff8113ccae>] watchdog_nmi_disable+0x4e/0x70
Jan 9 00:33:33 201606-22365 kernel: [ 37.702141] [<ffffffff810a4b00>] ? sort_range+0x30/0x30
Jan 9 00:33:33 201606-22365 kernel: [ 37.702154] [<ffffffff8113cd2c>] watchdog_disable+0x5c/0x80
Jan 9 00:33:33 201606-22365 kernel: [ 37.702169] [<ffffffff810a4be8>] smpboot_thread_fn+0xe8/0x160
Jan 9 00:33:33 201606-22365 kernel: [ 37.702184] [<ffffffff810a1845>] kthread+0xe5/0x100
Jan 9 00:33:33 201606-22365 kernel: [ 37.702196] [<ffffffff810a1760>] ? kthread_create_on_node+0x1e0/0x1e0
Jan 9 00:33:33 201606-22365 kernel: [ 37.702214] [<ffffffff81844a0f>] ret_from_fork+0x3f/0x70
Jan 9 00:33:33 201606-22365 kernel: [ 37.702228] [<ffffffff810a1760>] ? kthread_create_on_node+0x1e0/0x1e0
Jan 9 00:33:33 201606-22365 kernel: [ 37.702243] Code: 4c 89 d7 e8 9c 83 fa ff eb 8c 41 b8 01 00 00 00 48 89 d9 48 89 da 4c 89 d6 e8 06 fc ff ff e9 73 ff ff ff 49 8b 42 20 a8 01 75 c7 <0f> 0b 0f 1f 80 00 00 00 00 0f 1f 44 00 00 55 48 89 e5 41 57 41
Jan 9 00:33:33 201606-22365 kernel: [ 37.702339] RIP [<ffffffff811f00a7>] kfree+0x147/0x150
Jan 9 00:33:33 201606-22365 kernel: [ 37.702354] RSP <ffff880169a1fd58>
Jan 9 00:33:33 201606-22365 kernel: [ 37.706621] ---[ end trace ffe2cc0d7dbd1511 ]---

[More Information]

 - Similar kernel oops was found with 4.4.0-108.131~14.04.1

 - Package info:

ubuntu@201606-22365:~$ uname -a
Linux 201606-22365 4.4.0-108-generic #131-Ubuntu SMP Sun Jan 7 14:34:49 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux
ubuntu@201606-22365:~$ dpkg -l *4.4.0-108*
Desired=Unknown/Install/Remove/Purge/Hold
| Status=Not/Inst/Conf-files/Unpacked/halF-conf/Half-inst/trig-aWait/Trig-pend
|/ Err?=(none)/Reinst-required (Status,Err: uppercase=bad)
||/ Name Version Architecture Description
+++-=============================================-===========================-===========================-===============================================================================================
ii linux-headers-4.4.0-108 4.4.0-108.131 all Header files related to Linux kernel version 4.4.0
ii linux-headers-4.4.0-108-generic 4.4.0-108.131 amd64 Linux kernel headers for version 4.4.0 on 64 bit x86 SMP
ii linux-image-4.4.0-108-generic 4.4.0-108.131 amd64 Linux kernel image for version 4.4.0 on 64 bit x86 SMP
ii linux-image-extra-4.4.0-108-generic 4.4.0-108.131 amd64 Linux kernel extra modules for version 4.4.0 on 64 bit x86 SMP
ii linux-signed-image-4.4.0-108-generic 4.4.0-108.131 amd64 Signed kernel image generic
ii linux-tools-4.4.0-108 4.4.0-108.131 amd64 Linux kernel version specific tools for version 4.4.0-108
ii linux-tools-4.4.0-108-generic 4.4.0-108.131 amd64 Linux kernel version specific tools for version 4.4.0-108
ubuntu@201606-22365:~$
---
ApportVersion: 2.20.1-0ubuntu2.15
Architecture: amd64
AudioDevicesInUse:
 USER PID ACCESS COMMAND
 /dev/snd/controlC0: ubuntu 1829 F.... pulseaudio
DistributionChannelDescriptor:
 # This is a distribution channel descriptor
 # For more information see http://wiki.ubuntu.com/DistributionChannelDescriptor
 canonical-oem-somerville-xenial-amd64-20160624-2
DistroRelease: Ubuntu 16.04
HibernationDevice: RESUME=UUID=5fe63e33-b771-4a7d-a00e-e1d4d3c541dc
InstallationDate: Installed on 2018-01-08 (0 days ago)
InstallationMedia: Ubuntu 16.04 "Xenial" - Build amd64 LIVE Binary 20160624-10:47
MachineType: Dell Inc. Inspiron 7560
NonfreeKernelModules: nvidia_drm nvidia_modeset nvidia
Package: linux (not installed)
ProcFB: 0 inteldrmfb
ProcKernelCmdLine: BOOT_IMAGE=/boot/vmlinuz-4.4.0-108-generic.efi.signed root=UUID=4c76b3fe-0760-4b25-ae25-5fde1ea8f828 ro automatic-oem-config quiet splash
ProcVersionSignature: Ubuntu 4.4.0-108.131-generic 4.4.98
RelatedPackageVersions:
 linux-restricted-modules-4.4.0-108-generic N/A
 linux-backports-modules-4.4.0-108-generic N/A
 linux-firmware 1.157.15
Tags: xenial
Uname: Linux 4.4.0-108-generic x86_64
UpgradeStatus: No upgrade log present (probably fresh install)
UserGroups: adm cdrom dip lpadmin plugdev sambashare sudo
_MarkForUpload: True
dmi.bios.date: 07/18/2016
dmi.bios.vendor: Dell Inc.
dmi.bios.version: 1.0.1
dmi.board.vendor: Dell Inc.
dmi.chassis.type: 9
dmi.chassis.vendor: Dell Inc.
dmi.modalias: dmi:bvnDellInc.:bvr1.0.1:bd07/18/2016:svnDellInc.:pnInspiron7560:pvr:rvnDellInc.:rn:rvr:cvnDellInc.:ct9:cvr:
dmi.product.name: Inspiron 7560
dmi.sys.vendor: Dell Inc.

CVE References

apport information

description: updated
tags: added: apport-collected xenial
description: updated

apport information

apport information

apport information

apport information

apport information

apport information

apport information

apport information

apport information

apport information

apport information

apport information

apport information

apport information

apport information

Upstream 4.4.110 commit 20cbe9a3aa2e was back ported to Xenial as commit f8365429a3dc1. However, the backport failed to remove a kfree(), which the original patch did:

@@ -381,7 +415,6 @@ static void release_ds_buffer(int cpu)
                return;

        per_cpu(cpu_hw_events, cpu).ds = NULL;
- kfree(ds);
 }

I'm building a Xenial test kernel now with the kfree removed. I will post it shortly.

Changed in linux (Ubuntu):
importance: Undecided → Critical
assignee: nobody → Joseph Salisbury (jsalisbury)
status: New → In Progress
Changed in linux (Ubuntu Xenial):
status: New → In Progress
importance: Undecided → Critical
assignee: nobody → Joseph Salisbury (jsalisbury)
Taihsiang Ho (taihsiangho) wrote :
Download full text (6.6 KiB)

Trusty is affected.

Tested the kernel 4.4.0-108.131~14.04.1 with these platforms and their pre-installed images:
 - CID 201603-21231 (Dell Latitude E5414)
 - And many platforms

[Kernel Message]

Jan 8 23:00:15 201603-21231 kernel: [ 24.201794] ------------[ cut here ]------------
Jan 8 23:00:15 201603-21231 kernel: [ 24.201814] kernel BUG at /build/linux-lts-xenial-5Z_8Kc/linux-lts-xenial-4.4.0/mm/slub.c:3627!
Jan 8 23:00:15 201603-21231 kernel: [ 24.201840] invalid opcode: 0000 [#1] SMP
Jan 8 23:00:15 201603-21231 kernel: [ 24.201855] Modules linked in: nvram msr bnep rfcomm snd_soc_skl snd_hda_codec_hdmi snd_soc_skl_ipc intel_rapl snd_hda_ext_core snd_soc_sst_ipc dell_led x86_pkg_temp_thermal intel_powerclamp snd_soc_sst_dsp snd_soc_core coretemp snd_compress cdc_mbim cdc_wdm qcserial ac97_bus cdc_ncm usb_wwan snd_hda_codec_realtek snd_hda_codec_generic kvm_intel usbnet usbserial btusb snd_pcm_dmaengine mii dw_dmac_core btrtl kvm snd_hda_intel snd_hda_codec irqbypass snd_hda_core dell_laptop dcdbas snd_hwdep crct10dif_pclmul crc32_pclmul ghash_clmulni_intel aesni_intel aes_x86_64 snd_pcm lrw hci_uart gf128mul btbcm(OE) dell_smm_hwmon brcmfmac(OE) snd_seq_midi snd_seq_midi_event btqca btintel dell_wmi snd_rawmidi glue_helper bluetooth ablk_helper snd_seq cryptd brcmutil(OE) dm_multipath cfg80211(OE) acpi_als kfifo_buf i2c_hid snd_seq_device mei_me joydev input_leds snd_timer compat(OE) ppdev serio_raw parport_pc lp parport industrialio snd hid mei intel_vbtn dell_smo8800 shpchp 8250_fintek soc_button_array sparse_keymap acpi_pad tpm_crb pinctrl_sunrisepoint pinctrl_intel mac_hid intel_lpss_acpi intel_lpss soundcore dell_rbtn(OE) btrfs xor raid6_pq dm_mirror dm_region_hash dm_log uas usb_storage i915_bpo intel_ips i2c_algo_bit drm_kms_helper syscopyarea sysfillrect e1000e sysimgblt fb_sys_fops psmouse ptp drm pps_core ahci libahci wmi video fjes
Jan 8 23:00:15 201603-21231 kernel: [ 24.202296] CPU: 3 PID: 21 Comm: watchdog/3 Tainted: G OE 4.4.0-108-generic #131~14.04.1-Ubuntu
Jan 8 23:00:15 201603-21231 kernel: [ 24.202326] Hardware name: Dell Inc. Latitude 5414/0992HR, BIOS 1.0.0 05/04/2016
Jan 8 23:00:15 201603-21231 kernel: [ 24.202349] task: ffff8801485f6900 ti: ffff880148200000 task.ti: ffff880148200000
Jan 8 23:00:15 201603-21231 kernel: [ 24.202372] RIP: 0010:[<ffffffff811e217a>] [<ffffffff811e217a>] kfree+0x14a/0x150
Jan 8 23:00:15 201603-21231 kernel: [ 24.202398] RSP: 0018:ffff880148203d60 EFLAGS: 00010246
Jan 8 23:00:15 201603-21231 kernel: [ 24.202415] RAX: ffffea0005370120 RBX: ffff88014dc04840 RCX: ffffea0005204820
Jan 8 23:00:15 201603-21231 kernel: [ 24.202436] RDX: 000077ff80000000 RSI: ffffea0005204000 RDI: ffff88014dc04840
Jan 8 23:00:15 201603-21231 kernel: [ 24.202457] RBP: ffff880148203d78 R08: 0000160000000000 R09: ffffea0005204000
Jan 8 23:00:15 201603-21231 kernel: [ 24.202478] R10: 0000000000000001 R11: ffffea0005370100 R12: 0000000000000000
Jan 8 23:00:15 201603-21231 kernel: [ 24.202499] R13: ffffffff8100eb19 R14: 0000000000000003 R15: 0000000000000000
Jan 8 23:00:15 201603-21231 kernel: [ 24.202521] FS: 0000000000000000(0000) GS:ffff88014dd80000(0000) ...

Read more...

Joseph Salisbury (jsalisbury) wrote :

A test kernel with the fix I suggested in comment #17 us available. The test kernel can be downloaded from:

http://kernel.ubuntu.com/~jsalisbury/lp1741934/

Can you test this kernel and see if it resolves this bug?

Taihsiang Ho (taihsiangho) wrote :

A quick test for comment #19 looks good. The test result for Dell Vostro 5468 (CID 201606-22340) looks good https://certification.canonical.com/hardware/201606-22340/submission/126230/

description: updated
GDR! (gdr.name) wrote :

I can confirm that it boots now (hardware info in https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1741869 )

dmesg | grep isolation

returns no results, though.

➜ ~ dmesg | grep isolation
➜ ~ uname -a
Linux gdr-desktop 4.4.0-104-generic #127~lp1741934 SMP Mon Jan 8 18:37:25 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux

Ian Gordon (ian-gordon) wrote :

The kernel in #19 does not have the PTI patches.

Joseph Salisbury (jsalisbury) wrote :

@Ian Gordon is correct. I have another test kernel building now.

Joseph Salisbury (jsalisbury) wrote :

I copied the incorrect kernel up to people. The correct test kernel is now there:
http://kernel.ubuntu.com/~jsalisbury/lp1741934/

Can you test this kernel and see if it resolves this bug?

Launchpad Janitor (janitor) wrote :

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in linux (Ubuntu Trusty):
status: New → Confirmed
Changed in linux (Ubuntu Trusty):
status: Confirmed → In Progress
importance: Undecided → Critical
assignee: nobody → Joseph Salisbury (jsalisbury)
Ian Gordon (ian-gordon) wrote :

The kernel in #24 is working for me

Geoff Short (geoff-short) wrote :

Tested 4.4.0-108.131 on PCs with the following motherboards:

Asus CS-B - failed to boot
Intel DQ77MK - failed to boot
Asus Q170M-C - booted OK

I'll retry with the kernel from #24 now.

description: updated
Geoff Short (geoff-short) wrote :

Tested 4.4.0-108.131~lp1741934 in a Ubuntu Xenial install on the following:

Intel DQ77MK - booted OK

Taihsiang Ho (taihsiangho) wrote :

A very quick test for 4.4.0-108-generic #131~lp1741934 looks good. bootable and pass a regular desktop SRU cert test plan.

Tested on platform Dell Vostro 15-3568 (CID 201606-22528)

Test submissions:
https://certification.canonical.com/hardware/201606-22528/submission/126252/

Geoff Short (geoff-short) wrote :

Tested 4.4.0-108.131~lp1741934 in a Ubuntu Xenial install on the following:

Asus CS-B - booted OK
Asus Q170M-C - booted OK

Joseph Salisbury (jsalisbury) wrote :

@GDR!, are you not able to boot at all when you hit the bug, or do you only see the trace in the log?

summary: - Kernel panic with xenial 4.4 stack (4.4.0-108.131, Candidate kernels for
- PTI fix)
+ Kernel trace with xenial 4.4 (4.4.0-108.131, Candidate kernels for PTI
+ fix)
description: updated
GDR! (gdr.name) wrote :

@jsalisbury I could not boot at all, i could only take a photo of the stack trace https://launchpadlibrarian.net/352927044/IMG_20180108_104845.jpg

Also it happened in the first second of kernel init.

Marcelo Cerri (mhcerri) on 2018-01-09
Changed in linux (Ubuntu Xenial):
status: In Progress → Fix Committed
no longer affects: linux (Ubuntu Trusty)
Changed in linux (Ubuntu):
status: In Progress → Fix Committed
Leith Bade (ljbade) wrote :

What exact package version do I need for this fix?

My system auto-updated to the buggy kernel and crashed in the same location as the original reporter.

For reference the system:
Motherboard: Asus P9D-I
BIOS: Version 1801
CPU: Intel(R) Xeon(R) CPU E3-1220 v3 @ 3.10GHz

Leith Bade (ljbade) wrote :

The buggy version I have:
linux-image-4.4.0-108-generic/xenial-security,now 4.4.0-108.131 amd64 [installed,automatic]

Leith Bade (ljbade) wrote :

@jsalisbury are you sure the fixed version has been uploaded? Still not getting any new kernel to replace the currently installed buggy one via apt update

Joseph Salisbury (jsalisbury) wrote :

@Leith, it will not be available in -updates until the status changes to "Fix Released". This should happen soon.

In the mean time you can install the kernel I posted in comment #24. You would need to install the linux-image and linux-image-extra .deb packages.

Leith Bade (ljbade) wrote :

Thank you @jsalisbury. Sorry for my misunderstanding with the status label.

I will keep an eye out for when the update arrives and I will just avoid rebooting the server until then.

Launchpad Janitor (janitor) wrote :
Download full text (3.3 KiB)

This bug was fixed in the package linux - 4.4.0-109.132

---------------
linux (4.4.0-109.132) xenial; urgency=low

  * linux: 4.4.0-109.132 -proposed tracker (LP: #1742252)

  * Kernel trace with xenial 4.4 (4.4.0-108.131, Candidate kernels for PTI fix)
    (LP: #1741934)
    - SAUCE: kaiser: fix perf crashes - fix to original commit

linux (4.4.0-108.131) xenial; urgency=low

  * linux: 4.4.0-108.131 -proposed tracker (LP: #1741727)

  * CVE-2017-5754
    - x86/mm: Disable PCID on 32-bit kernels

linux (4.4.0-107.130) xenial; urgency=low

  * linux: 4.4.0-107.130 -proposed tracker (LP: #1741643)

  * CVE-2017-5754
    - Revert "UBUNTU: SAUCE: arch/x86/entry/vdso: temporarily disable vdso"
    - KPTI: Report when enabled
    - x86, vdso, pvclock: Simplify and speed up the vdso pvclock reader
    - x86/vdso: Get pvclock data from the vvar VMA instead of the fixmap
    - x86/kasan: Clear kasan_zero_page after TLB flush
    - kaiser: Set _PAGE_NX only if supported

linux (4.4.0-106.129) xenial; urgency=low

  * linux: 4.4.0-106.129 -proposed tracker (LP: #1741528)

  * CVE-2017-5754
    - KAISER: Kernel Address Isolation
    - kaiser: merged update
    - kaiser: do not set _PAGE_NX on pgd_none
    - kaiser: stack map PAGE_SIZE at THREAD_SIZE-PAGE_SIZE
    - kaiser: fix build and FIXME in alloc_ldt_struct()
    - kaiser: KAISER depends on SMP
    - kaiser: fix regs to do_nmi() ifndef CONFIG_KAISER
    - kaiser: fix perf crashes
    - kaiser: ENOMEM if kaiser_pagetable_walk() NULL
    - kaiser: tidied up asm/kaiser.h somewhat
    - kaiser: tidied up kaiser_add/remove_mapping slightly
    - kaiser: kaiser_remove_mapping() move along the pgd
    - kaiser: cleanups while trying for gold link
    - kaiser: name that 0x1000 KAISER_SHADOW_PGD_OFFSET
    - kaiser: delete KAISER_REAL_SWITCH option
    - kaiser: vmstat show NR_KAISERTABLE as nr_overhead
    - x86/mm: Enable CR4.PCIDE on supported systems
    - x86/mm: Build arch/x86/mm/tlb.c even on !SMP
    - x86/mm, sched/core: Uninline switch_mm()
    - x86/mm: Add INVPCID helpers
    - x86/mm: If INVPCID is available, use it to flush global mappings
    - kaiser: enhanced by kernel and user PCIDs
    - kaiser: load_new_mm_cr3() let SWITCH_USER_CR3 flush user
    - kaiser: PCID 0 for kernel and 128 for user
    - kaiser: x86_cr3_pcid_noflush and x86_cr3_pcid_user
    - kaiser: paranoid_entry pass cr3 need to paranoid_exit
    - kaiser: _pgd_alloc() without __GFP_REPEAT to avoid stalls
    - kaiser: fix unlikely error in alloc_ldt_struct()
    - kaiser: add "nokaiser" boot option, using ALTERNATIVE
    - x86/kaiser: Rename and simplify X86_FEATURE_KAISER handling
    - x86/boot: Add early cmdline parsing for options with arguments
    - x86/kaiser: Check boottime cmdline params
    - kaiser: use ALTERNATIVE instead of x86_cr3_pcid_noflush
    - kaiser: drop is_atomic arg to kaiser_pagetable_walk()
    - kaiser: asm/tlbflush.h handle noPGE at lower level
    - kaiser: kaiser_flush_tlb_on_return_to_user() check PCID
    - x86/paravirt: Dont patch flush_tlb_single
    - x86/kaiser: Reenable PARAVIRT
    - kaiser: disabled on Xen PV
    - x86/kaiser: Move feature detection up
    - kvm: x86: fix RSM when P...

Read more...

Changed in linux (Ubuntu Xenial):
status: Fix Committed → Fix Released
status: Fix Committed → Fix Released
P Gopal Krishnan (panthiyil) wrote :

Hi, I am not an expert and have basic functional operating knowledge of Ubuntu. I am using a Dell Latitude 5480 and Ubuntu 16.04 LTS. I did a software update this morning and since then I am unable to shut down and get the error starting with -

kernel BUG at /build/linux-J4_1pC/linux-4.4.0/mm/slub.c:3627!

Is there a fix that you can suggest which I can run? Thanks

Daniil Kirsanov (dankirsdot) wrote :

You should add this ppa
sudo add-apt-repository ppa:canonical-kernel-team/pti
and run:
sudo apt-get dist-upgrade
to install package linux - 4.4.0-109.132

Sven Ehret (sven-ehret) wrote :

when will this be in the main repositories?

Cima (andrea-cimatoribus) wrote :

It's already in the main repositories, and I can confirm it fixes the issue on my machine.

Norbert (nrbrtx) wrote :

With latest 4.4.0-108-generic

1. My laptop with i7-3537U CPU
  microcode : 0x1c;
  kaiser in CPU flags;
  dmesg "[ 0.000000] Kernel/User page tables isolation: enabled"

* does not shutdown with

  kernel BUG at /build/linux-J4_1pC/linux-4.4.0/mm/slub.c:3627!

* does not reboot
* does not suspend.

2. My i7-4790 machine
  microcode : 0x17;
  kaiser in CPU flags;
  dmesg "[ 0.000000] Kernel/User page tables isolation: enabled"

* does not shutdown (can't see any messages here).
* does not reboot
* does not suspend

3. My i7 Q740 laptop

  microcode : 0x7;
  kaiser in CPU flags;
  dmesg "[ 0.000000] Kernel/User page tables isolation: enabled"

* does not suspend

Norbert (nrbrtx) wrote :

With latest 4.4.0-109-generic
1. My laptop with i7-3537U CPU - works normally.
2. My i7-4790 machine - works normally.
3. My i7 Q740 laptop - works normally.

For those who affected:
1. Remove 108 kernel with
sudo apt-get purge linux-headers-4.4.0-108 linux-headers-4.4.0-108-generic linux-image-4.4.0-108-generic linux-image-extra-4.4.0-108-generic linux-tools-4.4.0-108 linux-tools-4.4.0-108-generic
sudo apt-get autoremove
2. Wait for 109 kernel to appear on your mirror or temporarily switch to "Main server" (http://archive.ubuntu.com/ubuntu) and get it from here.

Tomas Pospisek (tpo999) wrote :

Same here:

# lspci
00:00.0 Host bridge: Intel Corporation 4th Gen Core Processor DRAM Controller (rev 06)
00:01.0 PCI bridge: Intel Corporation Xeon E3-1200 v3/4th Gen Core Processor PCI Express x16 Controller (rev 06)
00:02.0 Display controller: Intel Corporation Xeon E3-1200 v3/4th Gen Core Processor Integrated Graphics Controller (rev 06)
00:03.0 Audio device: Intel Corporation Xeon E3-1200 v3/4th Gen Core Processor HD Audio Controller (rev 06)
00:14.0 USB controller: Intel Corporation 8 Series/C220 Series Chipset Family USB xHCI (rev 04)
00:19.0 Ethernet controller: Intel Corporation Ethernet Connection I217-LM (rev 04)
00:1a.0 USB controller: Intel Corporation 8 Series/C220 Series Chipset Family USB EHCI #2 (rev 04)
00:1b.0 Audio device: Intel Corporation 8 Series/C220 Series Chipset High Definition Audio Controller (rev 04)
00:1d.0 USB controller: Intel Corporation 8 Series/C220 Series Chipset Family USB EHCI #1 (rev 04)
00:1f.0 ISA bridge: Intel Corporation Q87 Express LPC Controller (rev 04)
00:1f.2 SATA controller: Intel Corporation 8 Series/C220 Series Chipset Family 6-port SATA Controller 1 [AHCI mode] (rev 04)
00:1f.3 SMBus: Intel Corporation 8 Series/C220 Series Chipset Family SMBus Controller (rev 04)
01:00.0 VGA compatible controller: NVIDIA Corporation GT218 [GeForce 210] (rev a2)
01:00.1 Audio device: NVIDIA Corporation High Definition Audio Controller (rev a1)

I had default the nouveau driver driving the nvidia card. Seems there were some problems with the Nvidia driver: https://www.reddit.com/r/linuxquestions/comments/7pbro7/ubuntu_meltdown_patch_breaks_system_wont_boot/

However 4.4.0-109-generic fixed this.

Thanks a lot to Ubuntu for their quick fix and to Norbert for letting us know here.

Changed in linux (Ubuntu):
status: Fix Committed → Fix Released
P Gopal Krishnan (panthiyil) wrote :

Thanks, Norbert. Seems to have worked for me.

Norbert (nrbrtx) wrote :

Installation of 4.4.0-109-generic fixes all problems:

sudo apt-get update
sudo apt-get install linux-headers-4.4.0-109 linux-headers-4.4.0-109-generic \
linux-headers-generic linux-image-4.4.0-109-generic \
linux-image-extra-4.4.0-109-generic linux-image-generic \
linux-tools-4.4.0-109 linux-tools-4.4.0-109-generic linux-tools-generic

Eduardo Eloy Irgang (irgangs) wrote :

Thanks, kernel 4.4.0-109-generic fixed this problem!

Simon Déziel (sdeziel) wrote :

I can confirm that 4.4.0-109.132 fix the problem for me (LP: #1742286) on Xenial. Thanks

David Glasser (glasser) wrote :

Does anyone know if this issue affects linux-aws, which was not mentioned in the USN?

Marc (marc-preuss) wrote :

Thanks, kernel 4.4.0-109 fixed the issue for me too.

Nazar (nazartsyhanyuk) wrote :

Sorry, can anyone provide some instructions how to upgrade if I can't load system?

You can try to boot the last working kernel and then pull the updates
and reboot.

peterzay (peterzay) wrote :

Good work team. kernel 4.4.0-109-generic fixed the problem on this Dell Inspiron 660 Intel 3rd gen Core i5-3330 3.0GHz 8 MB RAM. Did not notice any slowdown of the PC.

tags: added: pti
description: updated
Zaphod BIII (maheinmuc) wrote :

Kernel 4.4.0-109-generic fixed the problem on
Dell Inc. OptiPlex 990/06D7TR, BIOS A13 04/02/2012
Intel(R) Core(TM) i5-2400 CPU @ 3.10GHz
CPU0: Intel(R) Core(TM) i5-2400 CPU @ 3.10GHz (family: 0x6, model: 0x2a, stepping: 0x7)
Ubuntu 16.04.3 LTS

Guilherme Ferrari (gpferrari) wrote :

Kernel 4.4.0-10--generic fixed the problem also on Dell Inspiron i5-5000 Processor Intel i7-7500U 2.7Ghz 8 Mb RAM.

Thank you very much for the quick response.

Marat Khalili (mkh-t) wrote :

On 14.04 with LTS Enablement Stack I can confirm that 4.4.0-108 was broken in the described way (trap on kfree) and 4.4.0-109 works.

4.4.0-109 works.

Júlio (contato-julio) wrote :
Download full text (20.1 KiB)

Still affect me on 4.4.0-109 update

pc-ubuntu
    descrição: Computador desktop
    produto: OptiPlex 9010 (OptiPlex 9010)
    fabricante: Dell Inc.
    versão: 01
    serial: GMLV5W1
    largura: 64 bits
    capacidades: smbios-2.7 dmi-2.7 vsyscall32
    configuração: boot=normal chassis=desktop sku=OptiPlex 9010 uuid=44454C4C-4D00-104C-8056-C7C04F355731
  *-core
       descrição: Placa-mãe
       produto: 0KV62T
       fabricante: Dell Inc.
       ID físico: 0
       versão: A01
       serial: /GMLV5W1/BR108192BM00CS/
     *-firmware
          descrição: BIOS
          fabricante: Dell Inc.
          ID físico: 0
          versão: A21
          date: 09/21/2015
          tamanho: 64KiB
          capacidade: 11MiB
          capacidades: pci pnp upgrade shadowing cdboot bootselect edd int13floppy1200 int13floppy720 int13floppy2880 int5printscreen int9keyboard int14serial int17printer acpi usb biosbootspecification netboot uefi
     *-cpu
          descrição: CPU
          produto: Intel(R) Core(TM) i5-3570 CPU @ 3.40GHz
          fabricante: Intel Corp.
          ID físico: 5e
          informações do barramento: cpu@0
          versão: Intel(R) Core(TM) i5-3570 CPU @ 3.40GHz
          slot: CPU 1
          tamanho: 1883MHz
          capacidade: 3800MHz
          largura: 64 bits
          clock: 100MHz
          capacidades: x86-64 fpu fpu_exception wp vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush dts acpi mmx fxsr sse sse2 ss ht tm pbe syscall nx rdtscp constant_tsc arch_perfmon pebs bts rep_good nopl xtopology nonstop_tsc aperfmperf eagerfpu pni pclmulqdq dtes64 monitor ds_cpl vmx smx est tm2 ssse3 cx16 xtpr pdcm pcid sse4_1 sse4_2 x2apic popcnt tsc_deadline_timer aes xsave avx f16c rdrand lahf_lm epb tpr_shadow vnmi flexpriority ept vpid fsgsbase smep erms xsaveopt dtherm ida arat pln pts cpufreq
          configuração: cores=4 enabledcores=4 threads=4
        *-cache:0
             descrição: L1 cache
             ID físico: 3a
             slot: CPU Internal L1
             tamanho: 256KiB
             capacidade: 256KiB
             capacidades: internal write-through data
             configuração: level=1
        *-cache:1
             descrição: L2 cache
             ID físico: 3b
             slot: CPU Internal L2
             tamanho: 1MiB
             capacidade: 1MiB
             capacidades: internal write-through unified
             configuração: level=2
        *-cache:2
             descrição: L3 cache
             ID físico: 3c
             slot: CPU Internal L3
             tamanho: 6MiB
             capacidade: 6MiB
             capacidades: internal write-back unified
             configuração: level=3
     *-memory
          descrição: Memória do sistema
          ID físico: 3d
          slot: Placa do sistema ou placa-mãe
          tamanho: 8GiB
        *-bank:0
             descrição: DIMMProject-Id-Version: lshwReport-Msgid-Bugs-To: FULL NAME <EMAIL@ADDRESS>POT-Creation-Date: 2009-10-08 14:02+0200PO-Revision-Date: 2013-04-07 17:30+0000Last-Translator: Neliton Pereira Jr. <email address hidden>Language-Team: Brazilian Portuguese <email address hidden>MIME-Version: 1.0Content-Type: text/plain; c...

Joseph Salisbury (jsalisbury) wrote :

@Julio, Can you open a new bug report, so we can investigate your issue further?

Norbert (nrbrtx) wrote :

Please take care on bug 1742509 (it is about disabling security.ubuntu.com on switching mirror with software-properties-gtk). It is very actual in context of current bug.

To post a comment you must log in.