linux-image-4.13.0-26-generic / linux-image-extra-4.13.0-26-generic fail to boot

Bug #1742721 reported by Konstantin Pavlov on 2018-01-11
54
This bug affects 9 people
Affects Status Importance Assigned to Milestone
Linux Mint
New
Undecided
Unassigned
linux (Ubuntu)
Critical
Joseph Salisbury
Artful
Critical
Joseph Salisbury

Bug Description

== SRU Justification ==
The following mainline commit introduced a regression in v4.11-rc1:
c075b6f2d357ea9 ("staging: sm750fb: Replace POKE32 and PEEK32 by inline functions")

This regression caused the bug reporters system to crash and exhibited no display
output.

A "Reverse" bisect was performed and it was found that this regression is
fixed by commit 16808dcf605e6, which was added to mainline in v4.15-rc1.

== Fix ==
commit 16808dcf605e6302319a8c3266789b76d4c0983b
Author: Huacai Chen <email address hidden>
Date: Mon Nov 6 08:43:03 2017 +0800

    staging: sm750fb: Fix parameter mistake in poke32

== Regression Potential ==
Low. This patch fixes a current regression. It was cc'd to upstream stable
so had additional upstream review.

## Original Bug Description#
I've updated the machine to the linux-hwe kernels, and experienced an almost instant crash when booting. Nothing is shown on the VGA output, so no stack traces are available.

I've tried booting a few kernels with the following results:

- linux-image-4.8.0-56-generic + linux-image-extra-4.8.0-56-generic: boots up fine
- linux-image-4.13.0-26-generic + linux-image-extra-4.13.0-26-generic: fails to boot
- linux-image-4.13.0-21-generic: boots up, but since no r8169, no networking
- linux-image-4.13.0-21-generic + linux-image-extra-4.13.0-21-generic: fails to boot
- linux-image-4.10.0-42-generic + linux-image-extra-4.10.0-42-generic: boots up fine

After that I've tried some mainline kernels from http://kernel.ubuntu.com/~kernel-ppa/mainline to check if the problem is the upstream or ubuntu patches:

- linux-image-4.14.13-041413-generic_4.14.13-041413.201801101001_amd64.deb: boots up fine
- linux-image-4.13.13-041313-generic_4.13.13-041313.201711150531_amd64.deb: fails to boot
- linux-image-4.13.16-041316-generic_4.13.16-041316.201711240901_amd64.deb: boots up fine
- linux-image-4.13.14-041314-generic_4.13.14-041314.201711180632_amd64.deb: fails to boot
- linux-image-4.13.15-041315-generic_4.13.15-041315.201711211030_amd64.deb: boots up fine

So, it seems, the problem is fixed either in patches between 4.13.14 and 4.13.15 upstream, or ubuntu configs/patches applied to mainline kernels.

CVE References

Konstantin Pavlov (thresh) wrote :
Konstantin Pavlov (thresh) wrote :
Konstantin Pavlov (thresh) wrote :
Changed in linux (Ubuntu):
importance: Undecided → High
tags: added: kernel-key
Changed in linux (Ubuntu Artful):
importance: Undecided → High
Changed in linux (Ubuntu):
importance: High → Critical
Changed in linux (Ubuntu Artful):
importance: High → Critical

This change was made by a bot.

Changed in linux (Ubuntu):
status: New → Confirmed
Changed in linux (Ubuntu Artful):
status: New → Confirmed
tags: added: yakkety
Joseph Salisbury (jsalisbury) wrote :

I started a "Reverse" kernel bisect between v4.13.14 and v4.14.15. The kernel bisect will require testing of about 4-6 test kernels.

I built the first test kernel, up to the following commit:
031bd81488143bfdc51d38b88ee85898dfd4c2e6

The test kernel can be downloaded from:
http://kernel.ubuntu.com/~jsalisbury/lp1742721

Can you test that kernel and report back if it has the bug or not? I will build the next test kernel based on your test results.

Thanks in advance

Changed in linux (Ubuntu):
assignee: nobody → Joseph Salisbury (jsalisbury)
Changed in linux (Ubuntu Artful):
assignee: nobody → Joseph Salisbury (jsalisbury)
Changed in linux (Ubuntu):
status: Confirmed → In Progress
Changed in linux (Ubuntu Artful):
status: Confirmed → In Progress
Konstantin Pavlov (thresh) wrote :

linux-image-4.13.14-041314-generic_4.13.14-041314.201801111630_amd64.deb fails to boot.

Joseph Salisbury (jsalisbury) wrote :

I built the next test kernel, up to the following commit:
8604c6181edd1a62a6bf1f07261b547e6a74afe1

The test kernel can be downloaded from:
http://kernel.ubuntu.com/~jsalisbury/lp1742721

Can you test that kernel and report back if it has the bug or not? I will build the next test kernel based on your test results.

Thanks in advance!

Konstantin Pavlov (thresh) wrote :

linux-image-4.13.14-041314-generic_4.13.14-041314.201801111932_amd64.deb also fails to boot.

Joseph Salisbury (jsalisbury) wrote :

I built the next test kernel, up to the following commit:
0f003bb5010fd9a2dc71809183370656c94eca34

The test kernel can be downloaded from:
http://kernel.ubuntu.com/~jsalisbury/lp1742721

Can you test that kernel and report back if it has the bug or not? I will build the next test kernel based on your test results.

Thanks in advance!

Tarim (tarim) wrote :

Latest update of Lubuntu 16.04.3 LTS 32-bit to kernel 4.13.0-26-generic on old Acer Aspire One corrupts the initial login screen. Some of the screen appears properly on the right hand side - the remaining screen is random/changing black and white pixels. The machine still boots kernel 4.10.0-42-generic with no problem.

I got similar issue, the kernel encountered NULL dereference to null error.

My kernel version is linux-image-4.13.0-26-generic, reboot to old kernel linux-headers-4.10.0-42-generic works.

Konstantin Pavlov (thresh) wrote :

linux-image-4.13.14-041314-generic_4.13.14-041314.201801112308_amd64.deb boots up without issues.

I should also add that my machine seems to use sm750fb module, which has a fix in https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git/commit/?h=v4.13.15&id=c52278a636018cb8fa39b2538c6da5d35e6515f7.

Joseph Salisbury (jsalisbury) wrote :

I built the next test kernel, up to the following commit:
c52278a636018cb8fa39b2538c6da5d35e6515f7

The test kernel can be downloaded from:
http://kernel.ubuntu.com/~jsalisbury/lp1742721

Can you test that kernel and report back if it has the bug or not? I will build the next test kernel based on your test results.

Thanks in advance!

Konstantin Pavlov (thresh) wrote :

linux-image-4.13.14-041314-generic_4.13.14-041314.201801151947_amd64.deb boots up without issues.

Joseph Salisbury (jsalisbury) wrote :

I built the next test kernel, up to the following commit:
274f1097b2041506a6a3ab21c1d3a01897b34b65

The test kernel can be downloaded from:
http://kernel.ubuntu.com/~jsalisbury/lp1742721

Can you test that kernel and report back if it has the bug or not? I will build the next test kernel based on your test results.

Thanks in advance!

Konstantin Pavlov (thresh) wrote :

linux-image-4.13.14-041314-generic_4.13.14-041314.201801152042_amd64.deb fails to boot.

Joseph Salisbury (jsalisbury) wrote :

The reverse bisect reported commit 16808dcf605e6302319a8c3266789b76d4c0983b as the fix.

I built a test kernel with a pick of commit 16808dcf605e6302319a8c3266789b76d4c0983b. The test kernel can be downloaded from:

http://kernel.ubuntu.com/~jsalisbury/lp1742721

Can you test this kernel and see if it resolves this bug?

Konstantin Pavlov (thresh) wrote :

I can confirm that linux-image-4.13.0-25-generic_4.13.0-25.29~lp1742721_amd64.deb and linux-image-extra-4.13.0-25-generic_4.13.0-25.29~lp1742721_amd64.deb boot up fine.

Many thanks!

Joseph Salisbury (jsalisbury) wrote :

Thanks for testing. I'll submit an SRU request to have this commit included in the next release.

Joseph Salisbury (jsalisbury) wrote :
description: updated
Seth Forshee (sforshee) on 2018-01-19
Changed in linux (Ubuntu):
status: In Progress → Fix Committed
tags: added: kernel-da-key
removed: kernel-key
Changed in linux (Ubuntu Artful):
status: In Progress → Fix Committed
Konstantin Pavlov (thresh) wrote :

When can I expect this change to come to 16.04?

This bug is awaiting verification that the kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-artful' to 'verification-done-artful'. If the problem still exists, change the tag 'verification-needed-artful' to 'verification-failed-artful'.

If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you!

tags: added: verification-needed-artful
tags: added: verification-done-artful
removed: verification-needed-artful
Launchpad Janitor (janitor) wrote :
Download full text (8.4 KiB)

This bug was fixed in the package linux - 4.13.0-37.42

---------------
linux (4.13.0-37.42) artful; urgency=medium

  * linux: 4.13.0-37.42 -proposed tracker (LP: #1751798)

  * CVE-2017-5715 // CVE-2017-5753 // CVE-2017-5754
    - arm64: Add ASM_BUG()
    - arm64: consistently use bl for C exception entry
    - arm64: move non-entry code out of .entry.text
    - arm64: unwind: avoid percpu indirection for irq stack
    - arm64: unwind: disregard frame.sp when validating frame pointer
    - arm64: mm: Fix set_memory_valid() declaration
    - arm64: Convert __inval_cache_range() to area-based
    - arm64: Expose DC CVAP to userspace
    - arm64: Handle trapped DC CVAP
    - arm64: Implement pmem API support
    - arm64: uaccess: Implement *_flushcache variants
    - arm64/vdso: Support mremap() for vDSO
    - arm64: unwind: reference pt_regs via embedded stack frame
    - arm64: unwind: remove sp from struct stackframe
    - arm64: uaccess: Add the uaccess_flushcache.c file
    - arm64: fix pmem interface definition
    - arm64: compat: Remove leftover variable declaration
    - fork: allow arch-override of VMAP stack alignment
    - arm64: kernel: remove {THREAD,IRQ_STACK}_START_SP
    - arm64: factor out PAGE_* and CONT_* definitions
    - arm64: clean up THREAD_* definitions
    - arm64: clean up irq stack definitions
    - arm64: move SEGMENT_ALIGN to <asm/memory.h>
    - efi/arm64: add EFI_KIMG_ALIGN
    - arm64: factor out entry stack manipulation
    - arm64: assembler: allow adr_this_cpu to use the stack pointer
    - arm64: use an irq stack pointer
    - arm64: add basic VMAP_STACK support
    - arm64: add on_accessible_stack()
    - arm64: add VMAP_STACK overflow detection
    - arm64: Convert pte handling from inline asm to using (cmp)xchg
    - kvm: arm64: Convert kvm_set_s2pte_readonly() from inline asm to cmpxchg()
    - arm64: Move PTE_RDONLY bit handling out of set_pte_at()
    - arm64: Ignore hardware dirty bit updates in ptep_set_wrprotect()
    - arm64: Remove the !CONFIG_ARM64_HW_AFDBM alternative code paths
    - arm64: introduce separated bits for mm_context_t flags
    - arm64: cleanup {COMPAT_,}SET_PERSONALITY() macro
    - KVM: arm/arm64: Fix guest external abort matching
    - KVM: arm/arm64: vgic: constify seq_operations and file_operations
    - KVM: arm/arm64: vITS: Drop its_ite->lpi field
    - KVM: arm/arm64: Extract GICv3 max APRn index calculation
    - KVM: arm/arm64: Support uaccess of GICC_APRn
    - arm64: Use larger stacks when KASAN is selected
    - arm64: Define cputype macros for Falkor CPU
    - arm64: SW PAN: Point saved ttbr0 at the zero page when switching to init_mm
    - arm64: SW PAN: Update saved ttbr0 value on enter_lazy_tlb
    - x86/syscalls: Check address limit on user-mode return
    - arm/syscalls: Check address limit on user-mode return
    - arm64/syscalls: Check address limit on user-mode return
    - Revert "arm/syscalls: Check address limit on user-mode return"
    - syscalls: Use CHECK_DATA_CORRUPTION for addr_limit_user_check
    - arm/syscalls: Optimize address limit check
    - arm64/syscalls: Move address limit check in loop
    - futex: Remove duplicated code and fix undefined...

Read more...

Changed in linux (Ubuntu Artful):
status: Fix Committed → Fix Released
status: Fix Committed → Fix Released
Changed in linux (Ubuntu):
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Duplicates of this bug

Other bug subscribers