3b080b2564287be91605bfd1d5ee985696e61d3c in ubuntu_btrfs_kernel_fixes triggers system hang on i386

Bug #1812845 reported by Po-Hsu Lin on 2019-01-22
18
This bug affects 2 people
Affects Status Importance Assigned to Milestone
ubuntu-kernel-tests
Undecided
Andrea Righi
linux (Ubuntu)
Undecided
Unassigned
Xenial
Undecided
Unassigned
Bionic
Undecided
Unassigned
Cosmic
Undecided
Unassigned
Disco
Undecided
Unassigned

Bug Description

SRU Justification:

[Impact]

 * Parity page in btrfs raid56 is incorrectly unmapped, allowing to easily trigger a reference counter bug on i386 causing a kernel panic

 * The fix unmaps the right rbio pages and adds the proper kunmap() call for the parity page

[Test Case]

 * create a raid5 btrfs filesystem:
   # mkfs.btrfs -m raid5 -d raid5 /dev/sdb /dev/sdc /dev/sdd /dev/sde

 * mount it:
   # mount /dev/sdb /mnt

 * run btrfs scrub in a loop:
   # while :; do btrfs scrub start -BR /mnt; done

[Fix]

 * https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=3897b6f0a859288c22fb793fad11ec2327e60fcd

kunmap(p_page) was completely left out, so we never
did an unmap for the p_page and the loop unmapping the rbio page was
iterating over the wrong number of stripes: unmapping should be done
with nr_data instead of rbio->real_stripes.

[Regression Potential]

 * This is an upstream fix, tested on the affected platform. The bug is affecting only btrfs raid5/6 users on architectures where kunamp() is not a no-op (like i386). It is also a very small patch, so backport changes are minimal.

[Original bug report]

This issue was not spotted on AMD64

Reproduce rate: 100%

The following command is the key to trigger this:
    btrfs scrub start -BR $MNT

Steps:
# (Install necessary packages)
# git clone --depth=1 git://kernel.ubuntu.com/ubuntu/autotest-client-tests
# TMP=/tmp/tmp MNT=/tmp/mnt
# mkdir -p $TMP; mkdir -p $MNT
# cd autotest-client-tests/ubuntu_btrfs_kernel_fixes
# TMP=/tmp/tmp MNT=/tmp/mnt ./3b080b2564287be91605bfd1d5ee985696e61d3c.sh

Trace:
 [ 494.357824] ------------[ cut here ]------------
 [ 494.357828] kernel BUG at /build/linux-bnzN1b/linux-4.15.0/mm/highmem.c:350!
 [ 494.365079] invalid opcode: 0000 [#1] SMP
 [ 494.369205] Modules linked in: cfg80211 intel_powerclamp ipmi_ssif gpio_ich coretemp kvm_intel kvm ipmi_si irqbypass input_leds joydev dcdbas intel_cstate ipmi_devintf sch_fq_codel shpchp i7core_edac lpc_ich ipmi_msghandler acpi_power_meter mac_hid ib_iser rdma_cm iw_cm ib_cm ib_core iscsi_tcp libiscsi_tcp libiscsi scsi_transport_iscsi ip_tables x_tables autofs4 btrfs zstd_compress raid10 raid456 async_raid6_recov async_memcpy async_pq async_xor async_tx xor raid6_pq libcrc32c raid1 raid0 multipath linear mgag200 i2c_algo_bit ttm drm_kms_helper hid_generic syscopyarea sysfillrect usbhid sysimgblt mpt3sas fb_sys_fops drm hid raid_class bnx2 scsi_transport_sas pata_acpi wmi
 [ 494.430188] CPU: 2 PID: 2093 Comm: kworker/u16:1 Not tainted 4.15.0-43-generic #46-Ubuntu
 [ 494.438618] Hardware name: Dell Inc. PowerEdge R310/05XKKK, BIOS 1.11.0 09/18/2012
 [ 494.446494] Workqueue: btrfs-endio-raid56 btrfs_endio_raid56_helper [btrfs]
 [ 494.453657] EIP: kunmap_high+0xaa/0xb0
 [ 494.457571] EFLAGS: 00010246 CPU: 2
 [ 494.461229] EAX: 00000115 EBX: fffff000 ECX: 00000001 EDX: 00000000
 [ 494.467840] ESI: 00000004 EDI: 00000004 EBP: f4883e44 ESP: f4883e40
 [ 494.474264] DS: 007b ES: 007b FS: 00d8 GS: 00e0 SS: 0068
 [ 494.479931] CR0: 80050033 CR2: 005885e0 CR3: 0fe16000 CR4: 000006f0
 [ 494.486353] Call Trace:
 [ 494.488967] kunmap+0x3e/0x50
 [ 494.492140] finish_parity_scrub+0x24d/0x570 [btrfs]
 [ 494.497226] ? update_load_avg+0x64f/0x830
 [ 494.501528] validate_rbio_for_parity_scrub+0xc2/0xd0 [btrfs]
 [ 494.507527] raid56_parity_scrub_end_io+0x53/0x70 [btrfs]
 [ 494.513058] bio_endio+0xb9/0x110
 [ 494.516574] ? end_workqueue_fn+0x2c/0x40 [btrfs]
 [ 494.521435] end_workqueue_fn+0x33/0x40 [btrfs]
 [ 494.526139] normal_work_helper+0x7d/0x2f0 [btrfs]
 [ 494.531087] btrfs_endio_raid56_helper+0x10/0x20 [btrfs]
 [ 494.536621] process_one_work+0x1b9/0x3d0
 [ 494.540799] worker_thread+0x37/0x420
 [ 494.544628] kthread+0xf0/0x110
 [ 494.547931] ? process_one_work+0x3d0/0x3d0
 [ 494.552282] ? kthread_create_worker_on_cpu+0x20/0x20
 [ 494.557488] ? kthread_create_worker_on_cpu+0x20/0x20
 [ 494.562701] ret_from_fork+0x2e/0x38
 [ 494.566441] Code: 2d ee ff 58 8b 5d fc c9 c3 90 8d b4 26 00 00 00 00 a1 80 d1 c4 cf 31 c9 3d 80 d1 c4 cf 0f 95 c1 eb bc 8d b4 26 00 00 00 00 0f 0b <0f> 0b 8d 74 26 00 66 66 66 66 90 55 89 e5 56 53 31 db e8 1f ef
 [ 494.585751] EIP: kunmap_high+0xaa/0xb0 SS:ESP: 0068:f4883e40
 [ 494.591688] ---[ end trace 5e6d708abb85eeba ]---

Follow up with CPU soft lockup.

Please find the attachment for the complete log.

ProblemType: Bug
DistroRelease: Ubuntu 18.04
Package: linux-image-4.15.0-43-generic 4.15.0-43.46
ProcVersionSignature: User Name 4.15.0-43.46-generic 4.15.18
Uname: Linux 4.15.0-43-generic i686
AlsaDevices:
 total 0
 crw-rw---- 1 root audio 116, 1 Jan 22 11:54 seq
 crw-rw---- 1 root audio 116, 33 Jan 22 11:54 timer
AplayDevices: Error: [Errno 2] No such file or directory: 'aplay': 'aplay'
ApportVersion: 2.20.9-0ubuntu7.5
Architecture: i386
ArecordDevices: Error: [Errno 2] No such file or directory: 'arecord': 'arecord'
AudioDevicesInUse: Error: command ['fuser', '-v', '/dev/snd/seq', '/dev/snd/timer'] failed with exit code 1:
Date: Tue Jan 22 11:54:49 2019
IwConfig: Error: [Errno 2] No such file or directory: 'iwconfig': 'iwconfig'
MachineType: Dell Inc. PowerEdge R310
PciMultimedia:

ProcFB: 0 mgadrmfb
ProcKernelCmdLine: BOOT_IMAGE=/boot/vmlinuz-4.15.0-43-generic root=UUID=6aaa11f6-d386-4c0c-b4b8-38e6c408980a ro console=ttyS0,115200n8
RelatedPackageVersions:
 linux-restricted-modules-4.15.0-43-generic N/A
 linux-backports-modules-4.15.0-43-generic N/A
 linux-firmware 1.173.3
RfKill: Error: [Errno 2] No such file or directory: 'rfkill': 'rfkill'
SourcePackage: linux
UpgradeStatus: No upgrade log present (probably fresh install)
dmi.bios.date: 09/18/2012
dmi.bios.vendor: Dell Inc.
dmi.bios.version: 1.11.0
dmi.board.name: 05XKKK
dmi.board.vendor: Dell Inc.
dmi.board.version: A05
dmi.chassis.type: 23
dmi.chassis.vendor: Dell Inc.
dmi.modalias: dmi:bvnDellInc.:bvr1.11.0:bd09/18/2012:svnDellInc.:pnPowerEdgeR310:pvr:rvnDellInc.:rn05XKKK:rvrA05:cvnDellInc.:ct23:cvr:
dmi.product.name: PowerEdge R310
dmi.sys.vendor: Dell Inc.

Po-Hsu Lin (cypressyew) wrote :

This change was made by a bot.

Changed in linux (Ubuntu):
status: New → Confirmed

This issue could be found on Cosmic.

tags: added: cosmic
no longer affects: ubuntu-kernel-tests
Po-Hsu Lin (cypressyew) wrote :

Spotted on X / D / mainline 5.0rc2 as well.

syslog for 5.0rc2:
[ 157.662397] ------------[ cut here ]------------
[ 157.662401] kernel BUG at mm/highmem.c:349!
[ 157.666725] invalid opcode: 0000 [#1] SMP PTI
[ 157.671086] CPU: 1 PID: 162 Comm: kworker/u16:4 Not tainted 5.0.0-050000rc2-generic #201901171452
[ 157.680017] Hardware name: Dell Inc. PowerEdge R310/05XKKK, BIOS 1.11.0 09/18/2012
[ 157.687684] Workqueue: btrfs-endio-raid56 btrfs_endio_raid56_helper [btrfs]
[ 157.694774] EIP: kunmap_high+0xb2/0xc0
[ 157.698661] Code: d4 8d b4 26 00 00 00 00 6a 00 b8 a0 d7 cf d9 b9 01 00 00 00 ba 03 00 00 00 e8 4a 79 ec ff 8b 5d fc 58 c9 c3 8d 74 26 00 0f 0b <0f> 0b 8d b4 26 00 00 00 00 8d 74 26 00 90 66 66 66 66 90 55 89 e5
[ 157.717962] EAX: 000001d5 EBX: fffff000 ECX: 00000001 EDX: 00000000
[ 157.724560] ESI: 00000004 EDI: 00000004 EBP: f45dfe5c ESP: f45dfe58
[ 157.730918] DS: 007b ES: 007b FS: 00d8 GS: 00e0 SS: 0068 EFLAGS: 00010246
[ 157.737962] CR0: 80050033 CR2: 0225610c CR3: 19eca000 CR4: 000006f0
[ 157.744384] Call Trace:
[ 157.747009] kunmap+0x3e/0x50
[ 157.750192] finish_parity_scrub+0x315/0x570 [btrfs]
[ 157.755316] validate_rbio_for_parity_scrub+0xca/0xd0 [btrfs]
[ 157.761318] raid56_parity_scrub_end_io+0x53/0x70 [btrfs]
[ 157.766833] bio_endio+0xee/0x150
[ 157.770333] ? end_workqueue_fn+0x2c/0x40 [btrfs]
[ 157.775211] end_workqueue_fn+0x33/0x40 [btrfs]
[ 157.779799] normal_work_helper+0xc5/0x2e0 [btrfs]
[ 157.784868] btrfs_endio_raid56_helper+0x10/0x20 [btrfs]
[ 157.790313] process_one_work+0x1d4/0x3a0
[ 157.794479] worker_thread+0x37/0x400
[ 157.798310] kthread+0xf0/0x110
[ 157.801620] ? pwq_unbound_release_workfn+0xb0/0xb0
[ 157.806656] ? kthread_park+0x90/0x90
[ 157.810478] ret_from_fork+0x2e/0x38
[ 157.814220] Modules linked in: intel_powerclamp coretemp kvm_intel dcdbas kvm ipmi_ssif irqbypass joydev input_leds ipmi_si intel_cstate acpi_power_meter mac_hid ipmi_devintf i7core_edac ipmi_msghandler sch_fq_codel ib_iser rdma_cm iw_cm ib_cm ib_core iscsi_tcp libiscsi_tcp libiscsi scsi_transport_iscsi ip_tables x_tables autofs4 btrfs zstd_compress raid10 raid456 async_raid6_recov async_memcpy async_pq async_xor async_tx xor raid6_pq libcrc32c raid1 raid0 multipath linear hid_generic gpio_ich mgag200 i2c_algo_bit ttm drm_kms_helper syscopyarea usbhid sysfillrect hid sysimgblt mpt3sas fb_sys_fops drm pata_acpi raid_class lpc_ich bnx2 scsi_transport_sas wmi
[ 157.873824] ---[ end trace f9b1fc7e1f35ab27 ]---
[ 157.887583] EIP: kunmap_high+0xb2/0xc0
[ 157.891437] Code: d4 8d b4 26 00 00 00 00 6a 00 b8 a0 d7 cf d9 b9 01 00 00 00 ba 03 00 00 00 e8 4a 79 ec ff 8b 5d fc 58 c9 c3 8d 74 26 00 0f 0b <0f> 0b 8d b4 26 00 00 00 00 8d 74 26 00 90 66 66 66 66 90 55 89 e5
[ 157.910746] EAX: 000001d5 EBX: fffff000 ECX: 00000001 EDX: 00000000
[ 157.917276] ESI: 00000004 EDI: 00000004 EBP: f45dfe5c ESP: d9ed1e5c
[ 157.923699] DS: 007b ES: 007b FS: 00d8 GS: 00e0 SS: 0068 EFLAGS: 00010246
[ 157.930744] CR0: 80050033 CR2: 0225610c CR3: 19eca000 CR4: 000006f0

tags: added: disco kernel-bug-exists-upstream xenial
summary: 3b080b2564287be91605bfd1d5ee985696e61d3c in ubuntu_btrfs_kernel_fixes
- triggers system hang on Bionic i386
+ triggers system hang on i386
Andrea Righi (arighi) on 2019-03-13
Changed in ubuntu-kernel-tests:
assignee: nobody → Andrea Righi (arighi)
Andrea Righi (arighi) wrote :

This patch seems to fix the problem for me.

See also:
https://lkml.org/lkml/2019/3/13/181

tags: added: patch
Launchpad Janitor (janitor) wrote :

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in linux (Ubuntu Bionic):
status: New → Confirmed
Changed in linux (Ubuntu Cosmic):
status: New → Confirmed
Changed in linux (Ubuntu Xenial):
status: New → Confirmed
Po-Hsu Lin (cypressyew) on 2019-03-14
Changed in ubuntu-kernel-tests:
status: New → In Progress
Changed in linux (Ubuntu Disco):
status: Confirmed → In Progress
status: In Progress → Confirmed
Po-Hsu Lin (cypressyew) wrote :

I have the test disabled on i386, so we can still run other tests without being interrupted.
https://kernel.ubuntu.com/git/ubuntu/autotest-client-tests.git/commit/?id=47c843d9a608f212b9b1138b410151ae1e8f5b24

Will need to add this back after we got the fix applied.

Po-Hsu Lin (cypressyew) wrote :

Just found that this issue for autotest-client-tests has already been addressed in 3c2347e74, so we're good, previous commit reverted. https://kernel.ubuntu.com/git/ubuntu/autotest-client-tests.git/commit/?id=e8225af0687c7cb804458fa6cd03956739f24d39

Andrea Righi (arighi) on 2019-03-28
description: updated
Andrea Righi (arighi) on 2019-03-28
description: updated
Changed in linux (Ubuntu Cosmic):
status: Confirmed → Fix Committed
Changed in linux (Ubuntu Bionic):
status: Confirmed → Fix Committed
Changed in linux (Ubuntu Disco):
status: Confirmed → Fix Committed
Changed in linux (Ubuntu Xenial):
status: Confirmed → Fix Committed

This bug is awaiting verification that the kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-cosmic' to 'verification-done-cosmic'. If the problem still exists, change the tag 'verification-needed-cosmic' to 'verification-failed-cosmic'.

If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you!

tags: added: verification-needed-cosmic
tags: added: verification-needed-bionic

This bug is awaiting verification that the kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-bionic' to 'verification-done-bionic'. If the problem still exists, change the tag 'verification-needed-bionic' to 'verification-failed-bionic'.

If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you!

tags: added: verification-needed-xenial

This bug is awaiting verification that the kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-xenial' to 'verification-done-xenial'. If the problem still exists, change the tag 'verification-needed-xenial' to 'verification-failed-xenial'.

If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you!

Po-Hsu Lin (cypressyew) wrote :

Test 3b080b2564287be91605bfd1d5ee985696e61d3c and 5fbc7c59fd22c5a6531b40b0759624b680a95e52 and have passed on X-i386 (node pepe)

tags: added: verification-done-xenial
removed: verification-needed-xenial
Launchpad Janitor (janitor) wrote :
Download full text (50.5 KiB)

This bug was fixed in the package linux - 5.0.0-11.12

---------------
linux (5.0.0-11.12) disco; urgency=medium

  * linux: 5.0.0-11.12 -proposed tracker (LP: #1824383)

  * hns3: PPU_PF_ABNORMAL_INT_ST over_8bd_no_fe found [error status=0x1]
    (LP: #1824194)
    - net: hns3: fix for not calculating tx bd num correctly

  * disco: unable to use iptables/enable ufw under -virtual kernel
    (LP: #1823862)
    - [Packaging] add bpfilter to linux-modules

  * Make shiftfs a module rather than built-in (LP: #1824354)
    - [Config] CONFIG_SHIFT_FS=m

  * shiftfs: chown sets untranslated ids in lower fs (LP: #1824350)
    - SAUCE: shiftfs: use translated ids when chaning lower fs attrs

  * [Hyper-V] KVP daemon fails to start on first boot of disco VM (LP: #1820063)
    - [Packaging] bind hv_kvp_daemon startup to hv_kvp device

linux (5.0.0-10.11) disco; urgency=medium

  * linux: 5.0.0-10.11 -proposed tracker (LP: #1823936)

  * Apparmor enforcement failure in lxc selftests (LP: #1823379)
    - SAUCE: apparmor: Restore Y/N in /sys for apparmor's "enabled"

  * systemd cause kernel trace "BUG: unable to handle kernel paging request at
    6db23a14" on Cosmic i386 (LP: #1813244)
    - openvswitch: fix flow actions reallocation

linux (5.0.0-9.10) disco; urgency=medium

  * linux: 5.0.0-9.10 -proposed tracker (LP: #1823228)

  * Packaging resync (LP: #1786013)
    - [Packaging] resync git-ubuntu-log
    - [Packaging] update helper scripts
    - [Packaging] resync retpoline extraction

  * Huawei Hi1822 NIC has poor performance (LP: #1820187)
    - net-next/hinic: replace disable_irq_nosync/enable_irq

  * Add uid shifting overlay filesystem (shiftfs) (LP: #1823186)
    - shiftfs: uid/gid shifting bind mount
    - shiftfs: rework and extend
    - shiftfs: support some btrfs ioctls
    - [Config] enable shiftfs

  * Cannot boot or install - have to use nomodeset (LP: #1821820)
    - Revert "drm/i915/fbdev: Actually configure untiled displays"

  * Disco update: v5.0.6 upstream stable release (LP: #1823060)
    - netfilter: nf_tables: fix set double-free in abort path
    - dccp: do not use ipv6 header for ipv4 flow
    - genetlink: Fix a memory leak on error path
    - gtp: change NET_UDP_TUNNEL dependency to select
    - ipv6: make ip6_create_rt_rcu return ip6_null_entry instead of NULL
    - mac8390: Fix mmio access size probe
    - mISDN: hfcpci: Test both vendor & device ID for Digium HFC4S
    - net: aquantia: fix rx checksum offload for UDP/TCP over IPv6
    - net: datagram: fix unbounded loop in __skb_try_recv_datagram()
    - net/packet: Set __GFP_NOWARN upon allocation in alloc_pg_vec
    - net: phy: meson-gxl: fix interrupt support
    - net: rose: fix a possible stack overflow
    - net: stmmac: fix memory corruption with large MTUs
    - net-sysfs: call dev_hold if kobject_init_and_add success
    - net: usb: aqc111: Extend HWID table by QNAP device
    - packets: Always register packet sk in the same order
    - rhashtable: Still do rehash when we get EEXIST
    - sctp: get sctphdr by offset in sctp_compute_cksum
    - sctp: use memdup_user instead of vmemdup_user
    - tcp: do not use ipv6 header for ipv4 flow
    - tipc: allow servic...

Changed in linux (Ubuntu Disco):
status: Fix Committed → Fix Released
Po-Hsu Lin (cypressyew) wrote :

Test 3b080b2564287be91605bfd1d5ee985696e61d3c and 5fbc7c59fd22c5a6531b40b0759624b680a95e52 and have passed on B-i386 (node pepe)

tags: added: verification-done-bionic
removed: verification-needed-bionic
Po-Hsu Lin (cypressyew) wrote :

Test 3b080b2564287be91605bfd1d5ee985696e61d3c and 5fbc7c59fd22c5a6531b40b0759624b680a95e52 and have passed on C-i386 (node pepe)

tags: added: verification-done-cosmic
removed: verification-needed-cosmic
Launchpad Janitor (janitor) wrote :
Download full text (15.4 KiB)

This bug was fixed in the package linux - 4.4.0-146.172

---------------
linux (4.4.0-146.172) xenial; urgency=medium

  * linux: 4.4.0-146.172 -proposed tracker (LP: #1822834)

  * Packaging resync (LP: #1786013)
    - [Packaging] update helper scripts
    - [Packaging] resync retpoline extraction

  * 3b080b2564287be91605bfd1d5ee985696e61d3c in ubuntu_btrfs_kernel_fixes
    triggers system hang on i386 (LP: #1812845)
    - btrfs: raid56: properly unmap parity page in finish_parity_scrub()

  * Xenial update: 4.4.177 upstream stable release (LP: #1822271)
    - ceph: avoid repeatedly adding inode to mdsc->snap_flush_list
    - numa: change get_mempolicy() to use nr_node_ids instead of MAX_NUMNODES
    - KEYS: allow reaching the keys quotas exactly
    - mfd: ti_am335x_tscadc: Use PLATFORM_DEVID_AUTO while registering mfd cells
    - mfd: twl-core: Fix section annotations on {,un}protect_pm_master
    - mfd: db8500-prcmu: Fix some section annotations
    - mfd: ab8500-core: Return zero in get_register_interruptible()
    - mfd: qcom_rpm: write fw_version to CTRL_REG
    - mfd: wm5110: Add missing ASRC rate register
    - mfd: mc13xxx: Fix a missing check of a register-read failure
    - net: hns: Fix use after free identified by SLUB debug
    - MIPS: ath79: Enable OF serial ports in the default config
    - scsi: qla4xxx: check return code of qla4xxx_copy_from_fwddb_param
    - scsi: isci: initialize shost fully before calling scsi_add_host()
    - MIPS: jazz: fix 64bit build
    - isdn: i4l: isdn_tty: Fix some concurrency double-free bugs
    - atm: he: fix sign-extension overflow on large shift
    - leds: lp5523: fix a missing check of return value of lp55xx_read
    - isdn: avm: Fix string plus integer warning from Clang
    - RDMA/srp: Rework SCSI device reset handling
    - KEYS: user: Align the payload buffer
    - KEYS: always initialize keyring_index_key::desc_len
    - batman-adv: fix uninit-value in batadv_interface_tx()
    - net/packet: fix 4gb buffer limit due to overflow check
    - team: avoid complex list operations in team_nl_cmd_options_set()
    - sit: check if IPv6 enabled before calling ip6_err_gen_icmpv6_unreach()
    - net/mlx4_en: Force CHECKSUM_NONE for short ethernet frames
    - ARCv2: Enable unaligned access in early ASM code
    - Revert "bridge: do not add port to router list when receives query with
      source 0.0.0.0"
    - libceph: handle an empty authorize reply
    - drm/msm: Unblock writer if reader closes file
    - ASoC: Intel: Haswell/Broadwell: fix setting for .dynamic field
    - ALSA: compress: prevent potential divide by zero bugs
    - thermal: int340x_thermal: Fix a NULL vs IS_ERR() check
    - usb: dwc3: gadget: Fix the uninitialized link_state when udc starts
    - usb: gadget: Potential NULL dereference on allocation error
    - ASoC: dapm: change snprintf to scnprintf for possible overflow
    - ASoC: imx-audmux: change snprintf to scnprintf for possible overflow
    - ARC: fix __ffs return value to avoid build warnings
    - mac80211: fix miscounting of ttl-dropped frames
    - serial: fsl_lpuart: fix maximum acceptable baud rate with over-sampling
    - scsi: csiostor: fix NULL pointer de...

Changed in linux (Ubuntu Xenial):
status: Fix Committed → Fix Released
Launchpad Janitor (janitor) wrote :
Download full text (6.9 KiB)

This bug was fixed in the package linux - 4.18.0-18.19

---------------
linux (4.18.0-18.19) cosmic; urgency=medium

  * linux: 4.18.0-18.19 -proposed tracker (LP: #1822796)

  * Packaging resync (LP: #1786013)
    - [Packaging] update helper scripts
    - [Packaging] resync retpoline extraction

  * 3b080b2564287be91605bfd1d5ee985696e61d3c in ubuntu_btrfs_kernel_fixes
    triggers system hang on i386 (LP: #1812845)
    - btrfs: raid56: properly unmap parity page in finish_parity_scrub()

  * [SRU][B/C/OEM]IOMMU: add kernel dma protection (LP: #1820153)
    - ACPI / property: Allow multiple property compatible _DSD entries
    - PCI / ACPI: Identify untrusted PCI devices
    - iommu/vt-d: Force IOMMU on for platform opt in hint
    - iommu/vt-d: Do not enable ATS for untrusted devices
    - thunderbolt: Export IOMMU based DMA protection support to userspace
    - iommu/vt-d: Disable ATS support on untrusted devices

  * Huawei Hi1822 NIC has poor performance (LP: #1820187)
    - net-next: hinic: fix a problem in free_tx_poll()
    - hinic: remove ndo_poll_controller
    - net-next/hinic: add checksum offload and TSO support
    - hinic: Fix l4_type parameter in hinic_task_set_tunnel_l4
    - net-next/hinic:replace multiply and division operators
    - net-next/hinic:add rx checksum offload for HiNIC
    - net-next/hinic:fix a bug in set mac address
    - net-next/hinic: fix a bug in rx data flow
    - net: hinic: fix null pointer dereference on pointer hwdev
    - hinic: optmize rx refill buffer mechanism
    - net-next/hinic:add shutdown callback
    - net-next/hinic: replace disable_irq_nosync/enable_irq

  * [CONFIG] please enable highdpi font FONT_TER16x32 (LP: #1819881)
    - Fonts: New Terminus large console font
    - [Config]: enable highdpi Terminus 16x32 font support

  * [19.04 FEAT] qeth: Enhanced link speed - kernel part (LP: #1814892)
    - s390/qeth: report 25Gbit link speed

  * Avoid potential memory corruption on HiSilicon SoCs (LP: #1819546)
    - iommu/arm-smmu-v3: Avoid memory corruption from Hisilicon MSI payloads

  * CVE-2017-5715
    - x86/speculation: Apply IBPB more strictly to avoid cross-process data leak
    - x86/speculation: Propagate information about RSB filling mitigation to sysfs
    - x86/speculation: Add RETPOLINE_AMD support to the inline asm CALL_NOSPEC
      variant
    - x86/retpoline: Make CONFIG_RETPOLINE depend on compiler support
    - x86/retpoline: Remove minimal retpoline support
    - x86/speculation: Update the TIF_SSBD comment
    - x86/speculation: Clean up spectre_v2_parse_cmdline()
    - x86/speculation: Remove unnecessary ret variable in cpu_show_common()
    - x86/speculation: Move STIPB/IBPB string conditionals out of
      cpu_show_common()
    - x86/speculation: Disable STIBP when enhanced IBRS is in use
    - x86/speculation: Rename SSBD update functions
    - x86/speculation: Reorganize speculation control MSRs update
    - sched/smt: Make sched_smt_present track topology
    - x86/Kconfig: Select SCHED_SMT if SMP enabled
    - sched/smt: Expose sched_smt_present static key
    - x86/speculation: Rework SMT state change
    - x86/l1tf: Show actual SMT state
    - x86/speculation: R...

Read more...

Changed in linux (Ubuntu Cosmic):
status: Fix Committed → Fix Released
Launchpad Janitor (janitor) wrote :
Download full text (14.6 KiB)

This bug was fixed in the package linux - 4.15.0-48.51

---------------
linux (4.15.0-48.51) bionic; urgency=medium

  * linux: 4.15.0-48.51 -proposed tracker (LP: #1822820)

  * Packaging resync (LP: #1786013)
    - [Packaging] update helper scripts
    - [Packaging] resync retpoline extraction

  * 3b080b2564287be91605bfd1d5ee985696e61d3c in ubuntu_btrfs_kernel_fixes
    triggers system hang on i386 (LP: #1812845)
    - btrfs: raid56: properly unmap parity page in finish_parity_scrub()

  * [P9][LTCTest][Opal][FW910] cpupower monitor shows multiple stop Idle_Stats
    (LP: #1719545)
    - cpupower : Fix header name to read idle state name

  * [amdgpu] screen corruption when using touchpad (LP: #1818617)
    - drm/amdgpu/gmc: steal the appropriate amount of vram for fw hand-over (v3)
    - drm/amdgpu: Free VGA stolen memory as soon as possible.

  * [SRU][B/C/OEM]IOMMU: add kernel dma protection (LP: #1820153)
    - ACPICA: AML parser: attempt to continue loading table after error
    - ACPI / property: Allow multiple property compatible _DSD entries
    - PCI / ACPI: Identify untrusted PCI devices
    - iommu/vt-d: Force IOMMU on for platform opt in hint
    - iommu/vt-d: Do not enable ATS for untrusted devices
    - thunderbolt: Export IOMMU based DMA protection support to userspace
    - iommu/vt-d: Disable ATS support on untrusted devices

  * Add basic support to NVLink2 passthrough (LP: #1819989)
    - powerpc/powernv/npu: Do not try invalidating 32bit table when 64bit table is
      enabled
    - powerpc/powernv: call OPAL_QUIESCE before OPAL_SIGNAL_SYSTEM_RESET
    - powerpc/powernv: Export opal_check_token symbol
    - powerpc/powernv: Make possible for user to force a full ipl cec reboot
    - powerpc/powernv/idoa: Remove unnecessary pcidev from pci_dn
    - powerpc/powernv: Move npu struct from pnv_phb to pci_controller
    - powerpc/powernv/npu: Move OPAL calls away from context manipulation
    - powerpc/pseries/iommu: Use memory@ nodes in max RAM address calculation
    - powerpc/pseries/npu: Enable platform support
    - powerpc/pseries: Remove IOMMU API support for non-LPAR systems
    - powerpc/powernv/npu: Check mmio_atsd array bounds when populating
    - powerpc/powernv/npu: Fault user page into the hypervisor's pagetable

  * Huawei Hi1822 NIC has poor performance (LP: #1820187)
    - net-next: hinic: fix a problem in free_tx_poll()
    - hinic: remove ndo_poll_controller
    - net-next/hinic: add checksum offload and TSO support
    - hinic: Fix l4_type parameter in hinic_task_set_tunnel_l4
    - net-next/hinic:replace multiply and division operators
    - net-next/hinic:add rx checksum offload for HiNIC
    - net-next/hinic:fix a bug in set mac address
    - net-next/hinic: fix a bug in rx data flow
    - net: hinic: fix null pointer dereference on pointer hwdev
    - hinic: optmize rx refill buffer mechanism
    - net-next/hinic:add shutdown callback
    - net-next/hinic: replace disable_irq_nosync/enable_irq

  * [CONFIG] please enable highdpi font FONT_TER16x32 (LP: #1819881)
    - Fonts: New Terminus large console font
    - [Config]: enable highdpi Terminus 16x32 font support

  * [19.04 FEAT] qeth: Enhanced link...

Changed in linux (Ubuntu Bionic):
status: Fix Committed → Fix Released

The verification of the Stable Release Update for linux-azure has completed successfully and the package has now been released to -updates. Subsequently, the Ubuntu Stable Release Updates Team is being unsubscribed and will not receive messages about this bug report. In the event that you encounter a regression using the package from -updates please report a new bug using ubuntu-bug and tag the bug report regression-update so we can easily find any regressions.

Po-Hsu Lin (cypressyew) on 2019-05-15
Changed in ubuntu-kernel-tests:
status: In Progress → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Duplicates of this bug

Other bug subscribers