2018-10-11 06:24:43 |
Daniel Axtens |
bug |
|
|
added bug |
2018-10-11 06:26:07 |
Daniel Axtens |
description |
SRU Justification
-----------------
[Impact]
A kernel BUG is sometimes observed when using fscache:
Jun 25 11:32:08 kernel: [4740718.880898] FS-Cache:
Jun 25 11:32:08 kernel: [4740718.880920] FS-Cache: Assertion failed
Jun 25 11:32:08 kernel: [4740718.880934] FS-Cache: 0 > 0 is false
Jun 25 11:32:08 kernel: [4740718.881001] ------------[ cut here ]------------
Jun 25 11:32:08 kernel: [4740718.881017] kernel BUG at /usr/src/linux-4.4.0/fs/fscache/operation.c:449!
Jun 25 11:32:08 kernel: [4740718.881040] invalid opcode: 0000 [#1] SMP
...
Jun 25 11:32:08 kernel: [4740718.892659] Call Trace:
Jun 25 11:32:08 kernel: [4740718.893506] [<ffffffffc1464cf9>] cachefiles_read_copier+0x3a9/0x410 [cachefiles]
Jun 25 11:32:08 kernel: [4740718.894374] [<ffffffffc037e272>] fscache_op_work_func+0x22/0x50 [fscache]
Jun 25 11:32:08 kernel: [4740718.895180] [<ffffffff81096da0>] process_one_work+0x150/0x3f0
Jun 25 11:32:08 kernel: [4740718.895966] [<ffffffff8109751a>] worker_thread+0x11a/0x470
Jun 25 11:32:08 kernel: [4740718.896753] [<ffffffff81808e59>] ? __schedule+0x359/0x980
Jun 25 11:32:08 kernel: [4740718.897783] [<ffffffff81097400>] ? rescuer_thread+0x310/0x310
Jun 25 11:32:08 kernel: [4740718.898581] [<ffffffff8109cdd6>] kthread+0xd6/0xf0
Jun 25 11:32:08 kernel: [4740718.899469] [<ffffffff8109cd00>] ? kthread_park+0x60/0x60
Jun 25 11:32:08 kernel: [4740718.900477] [<ffffffff8180d0cf>] ret_from_fork+0x3f/0x70
Jun 25 11:32:08 kernel: [4740718.901514] [<ffffffff8109cd00>] ? kthread_park+0x60/0x60
[Problem]
In include/fscache-cache.h, fscache_retrieval_complete reads, in part:
atomic_sub(n_pages, &op->n_pages);
if (atomic_read(&op->n_pages) <= 0)
fscache_op_complete(&op->op, true);
The code is using atomic_sub followed by an atomic_read. This causes two threads doing a decrement of pages to race with each other seeing the op->refcount <= 0 at same time,
and end up calling fscache_op_complete in both the threads leading to the OOPS.
[Fix]
The fix is trivial to use atomic_sub_return instead of two calls.
[Testcase]
The user has tested the patch successfully on their fscache/cachefiles setup.
[Regression Potential]
Limited to fscache. Small, comprehensible change. |
SRU Justification
-----------------
[Impact]
A kernel BUG is sometimes observed when using fscache:
[4740718.880898] FS-Cache:
[4740718.880920] FS-Cache: Assertion failed
[4740718.880934] FS-Cache: 0 > 0 is false
[4740718.881001] ------------[ cut here ]------------
[4740718.881017] kernel BUG at /usr/src/linux-4.4.0/fs/fscache/operation.c:449!
[4740718.881040] invalid opcode: 0000 [#1] SMP
[4740718.892659] Call Trace:
[4740718.893506] [<ffffffffc1464cf9>] cachefiles_read_copier+0x3a9/0x410 [cachefiles]
[4740718.894374] [<ffffffffc037e272>] fscache_op_work_func+0x22/0x50 [fscache]
[4740718.895180] [<ffffffff81096da0>] process_one_work+0x150/0x3f0
[4740718.895966] [<ffffffff8109751a>] worker_thread+0x11a/0x470
[4740718.896753] [<ffffffff81808e59>] ? __schedule+0x359/0x980
[4740718.897783] [<ffffffff81097400>] ? rescuer_thread+0x310/0x310
[4740718.898581] [<ffffffff8109cdd6>] kthread+0xd6/0xf0
[4740718.899469] [<ffffffff8109cd00>] ? kthread_park+0x60/0x60
[4740718.900477] [<ffffffff8180d0cf>] ret_from_fork+0x3f/0x70
[4740718.901514] [<ffffffff8109cd00>] ? kthread_park+0x60/0x60
[Problem]
In include/fscache-cache.h, fscache_retrieval_complete reads, in part:
atomic_sub(n_pages, &op->n_pages);
if (atomic_read(&op->n_pages) <= 0)
fscache_op_complete(&op->op, true);
The code is using atomic_sub followed by an atomic_read. This causes two threads doing a decrement of pages to race with each other seeing the op->refcount <= 0 at same time, and end up calling fscache_op_complete in both the threads leading to the OOPS.
[Fix]
The fix is trivial to use atomic_sub_return instead of two calls.
[Testcase]
The user has tested the patch successfully on their fscache/cachefiles setup.
[Regression Potential]
Limited to fscache. Small, comprehensible change. |
|
2018-10-11 06:30:05 |
Ubuntu Kernel Bot |
linux (Ubuntu): status |
New |
Incomplete |
|
2018-10-12 01:09:15 |
Daniel Axtens |
description |
SRU Justification
-----------------
[Impact]
A kernel BUG is sometimes observed when using fscache:
[4740718.880898] FS-Cache:
[4740718.880920] FS-Cache: Assertion failed
[4740718.880934] FS-Cache: 0 > 0 is false
[4740718.881001] ------------[ cut here ]------------
[4740718.881017] kernel BUG at /usr/src/linux-4.4.0/fs/fscache/operation.c:449!
[4740718.881040] invalid opcode: 0000 [#1] SMP
[4740718.892659] Call Trace:
[4740718.893506] [<ffffffffc1464cf9>] cachefiles_read_copier+0x3a9/0x410 [cachefiles]
[4740718.894374] [<ffffffffc037e272>] fscache_op_work_func+0x22/0x50 [fscache]
[4740718.895180] [<ffffffff81096da0>] process_one_work+0x150/0x3f0
[4740718.895966] [<ffffffff8109751a>] worker_thread+0x11a/0x470
[4740718.896753] [<ffffffff81808e59>] ? __schedule+0x359/0x980
[4740718.897783] [<ffffffff81097400>] ? rescuer_thread+0x310/0x310
[4740718.898581] [<ffffffff8109cdd6>] kthread+0xd6/0xf0
[4740718.899469] [<ffffffff8109cd00>] ? kthread_park+0x60/0x60
[4740718.900477] [<ffffffff8180d0cf>] ret_from_fork+0x3f/0x70
[4740718.901514] [<ffffffff8109cd00>] ? kthread_park+0x60/0x60
[Problem]
In include/fscache-cache.h, fscache_retrieval_complete reads, in part:
atomic_sub(n_pages, &op->n_pages);
if (atomic_read(&op->n_pages) <= 0)
fscache_op_complete(&op->op, true);
The code is using atomic_sub followed by an atomic_read. This causes two threads doing a decrement of pages to race with each other seeing the op->refcount <= 0 at same time, and end up calling fscache_op_complete in both the threads leading to the OOPS.
[Fix]
The fix is trivial to use atomic_sub_return instead of two calls.
[Testcase]
The user has tested the patch successfully on their fscache/cachefiles setup.
[Regression Potential]
Limited to fscache. Small, comprehensible change. |
SRU Justification
-----------------
[Impact]
A kernel BUG is sometimes observed when using fscache:
[4740718.880898] FS-Cache:
[4740718.880920] FS-Cache: Assertion failed
[4740718.880934] FS-Cache: 0 > 0 is false
[4740718.881001] ------------[ cut here ]------------
[4740718.881017] kernel BUG at /usr/src/linux-4.4.0/fs/fscache/operation.c:449!
[4740718.881040] invalid opcode: 0000 [#1] SMP
[4740718.892659] Call Trace:
[4740718.893506] [<ffffffffc1464cf9>] cachefiles_read_copier+0x3a9/0x410 [cachefiles]
[4740718.894374] [<ffffffffc037e272>] fscache_op_work_func+0x22/0x50 [fscache]
[4740718.895180] [<ffffffff81096da0>] process_one_work+0x150/0x3f0
[4740718.895966] [<ffffffff8109751a>] worker_thread+0x11a/0x470
[4740718.896753] [<ffffffff81808e59>] ? __schedule+0x359/0x980
[4740718.897783] [<ffffffff81097400>] ? rescuer_thread+0x310/0x310
[4740718.898581] [<ffffffff8109cdd6>] kthread+0xd6/0xf0
[4740718.899469] [<ffffffff8109cd00>] ? kthread_park+0x60/0x60
[4740718.900477] [<ffffffff8180d0cf>] ret_from_fork+0x3f/0x70
[4740718.901514] [<ffffffff8109cd00>] ? kthread_park+0x60/0x60
[Problem]
In include/linux/fscache-cache.h, fscache_retrieval_complete reads, in part:
atomic_sub(n_pages, &op->n_pages);
if (atomic_read(&op->n_pages) <= 0)
fscache_op_complete(&op->op, true);
The code is using atomic_sub followed by an atomic_read. This causes two threads doing a decrement of pages to race with each other seeing the op->refcount <= 0 at same time, and end up calling fscache_op_complete in both the threads leading to the OOPS.
[Fix]
The fix is trivial to use atomic_sub_return instead of two calls.
[Testcase]
I believe the user has tested the patch successfully on their fscache/cachefiles setup.
[Regression Potential]
Limited to fscache. Small, comprehensible change. |
|
2018-10-12 07:59:07 |
Stefan Bader |
nominated for series |
|
Ubuntu Xenial |
|
2018-10-12 07:59:07 |
Stefan Bader |
bug task added |
|
linux (Ubuntu Xenial) |
|
2018-10-12 07:59:07 |
Stefan Bader |
nominated for series |
|
Ubuntu Cosmic |
|
2018-10-12 07:59:07 |
Stefan Bader |
bug task added |
|
linux (Ubuntu Cosmic) |
|
2018-10-12 07:59:07 |
Stefan Bader |
nominated for series |
|
Ubuntu Bionic |
|
2018-10-12 07:59:07 |
Stefan Bader |
bug task added |
|
linux (Ubuntu Bionic) |
|
2018-10-12 08:00:54 |
Stefan Bader |
linux (Ubuntu Xenial): status |
New |
In Progress |
|
2018-10-12 08:00:59 |
Stefan Bader |
linux (Ubuntu Bionic): status |
New |
In Progress |
|
2018-10-12 08:01:05 |
Stefan Bader |
linux (Ubuntu Xenial): importance |
Undecided |
Medium |
|
2018-10-12 08:01:08 |
Stefan Bader |
linux (Ubuntu Bionic): importance |
Undecided |
Medium |
|
2018-10-12 08:01:11 |
Stefan Bader |
linux (Ubuntu Cosmic): importance |
Undecided |
Medium |
|
2018-10-12 08:01:20 |
Stefan Bader |
linux (Ubuntu Cosmic): status |
Incomplete |
In Progress |
|
2018-10-12 08:01:59 |
Stefan Bader |
linux (Ubuntu Cosmic): assignee |
|
Daniel Axtens (daxtens) |
|
2018-10-23 14:47:23 |
Kleber Sacilotto de Souza |
linux (Ubuntu Bionic): status |
In Progress |
Fix Committed |
|
2018-10-24 09:58:53 |
Kleber Sacilotto de Souza |
linux (Ubuntu Xenial): status |
In Progress |
Fix Committed |
|
2018-10-24 13:35:05 |
Brad Figg |
tags |
|
verification-needed-bionic |
|
2018-10-24 14:50:07 |
Brad Figg |
tags |
verification-needed-bionic |
verification-needed-bionic verification-needed-cosmic |
|
2018-10-25 08:04:38 |
Brad Figg |
tags |
verification-needed-bionic verification-needed-cosmic |
verification-needed-bionic verification-needed-cosmic verification-needed-xenial |
|
2018-10-25 14:41:04 |
David Coronel |
bug |
|
|
added subscriber David Coronel |
2018-10-31 01:18:20 |
David Coronel |
tags |
verification-needed-bionic verification-needed-cosmic verification-needed-xenial |
verification-done-bionic verification-needed-cosmic verification-needed-xenial |
|
2018-11-07 16:54:26 |
Kleber Sacilotto de Souza |
linux (Ubuntu Cosmic): status |
In Progress |
Fix Committed |
|
2018-11-09 10:01:50 |
Mauricio Faria de Oliveira |
bug |
|
|
added subscriber Mauricio Faria de Oliveira |
2018-11-13 17:53:26 |
Launchpad Janitor |
linux (Ubuntu Xenial): status |
Fix Committed |
Fix Released |
|
2018-11-13 17:53:26 |
Launchpad Janitor |
cve linked |
|
2018-7755 |
|
2018-11-13 18:51:26 |
Launchpad Janitor |
linux (Ubuntu Bionic): status |
Fix Committed |
Fix Released |
|
2018-11-13 18:51:26 |
Launchpad Janitor |
cve linked |
|
2017-13168 |
|
2018-11-13 18:51:26 |
Launchpad Janitor |
cve linked |
|
2018-15471 |
|
2018-11-13 18:51:26 |
Launchpad Janitor |
cve linked |
|
2018-16658 |
|
2018-11-13 18:51:26 |
Launchpad Janitor |
cve linked |
|
2018-9363 |
|
2018-11-13 19:09:36 |
Launchpad Janitor |
linux (Ubuntu Cosmic): status |
Fix Committed |
Fix Released |
|
2018-11-17 03:22:23 |
Launchpad Janitor |
linux (Ubuntu): status |
In Progress |
Fix Released |
|