PM / hibernate: fix potential memory corruption
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
linux (Ubuntu) |
Fix Released
|
Undecided
|
Andrea Righi | ||
Xenial |
Fix Released
|
Undecided
|
Andrea Righi | ||
Bionic |
Fix Released
|
Undecided
|
Andrea Righi | ||
Disco |
Fix Released
|
Undecided
|
Andrea Righi | ||
Eoan |
Fix Released
|
Undecided
|
Andrea Righi |
Bug Description
[Impact]
A caching bug in the hibernation code can lead to potential memory corruptions on resume.
The hibernation code is representing all the allocated pages in memory (pfn) using a list of extents, inside each extent it uses a radix tree and each node in the tree contains a bitmap. This structure is used to save the memory image to disk.
To speed up lookups in this structure the kernel is caching the position of the previous lookup in the form (current_extent, current_node). However, if two consecutive lookups are distant enough from each other, the extent can change, but the kernel can still use the cached node (current_node), accessing the wrong bitmap and ending up saving to disk the wrong pfn's.
[Test Case]
Bug has been reproduced in Xenial and Bionic trying to hibernate a large instance with a lot of RAM (100GB+).
But we also wrote a custom kernel module to better isolate the code that triggers the problem: https:/
This module has exactly the same code as the hibernation code, but it can be used as a fast test case to reproduce the problem without actually triggering a real hibernation/resume cycle.
[Fix]
This bug can be fixed by properly invalidating the cached pair (extent, node) when the next lookup falls in a different extent or a different node.
[Regression Potential]
The fix has been sent to the LKML for review/feedback (https:/
summary: |
- PM / hibernate: fix potential memory corruption on hibernate + PM / hibernate: fix potential memory corruption |
Changed in linux (Ubuntu Xenial): | |
status: | Incomplete → In Progress |
Changed in linux (Ubuntu Bionic): | |
status: | Incomplete → In Progress |
Changed in linux (Ubuntu Disco): | |
status: | Incomplete → In Progress |
Changed in linux (Ubuntu Eoan): | |
status: | Incomplete → In Progress |
Changed in linux (Ubuntu Xenial): | |
assignee: | nobody → Andrea Righi (arighi) |
Changed in linux (Ubuntu Bionic): | |
assignee: | nobody → Andrea Righi (arighi) |
Changed in linux (Ubuntu Disco): | |
assignee: | nobody → Andrea Righi (arighi) |
Changed in linux (Ubuntu Eoan): | |
assignee: | nobody → Andrea Righi (arighi) |
Changed in linux (Ubuntu Xenial): | |
status: | In Progress → Fix Committed |
Changed in linux (Ubuntu Bionic): | |
status: | In Progress → Fix Committed |
Changed in linux (Ubuntu Disco): | |
status: | In Progress → Fix Committed |
Changed in linux (Ubuntu Eoan): | |
status: | In Progress → Fix Committed |
tags: |
added: verification-done-bionic removed: verification-needed-bionic |
tags: |
added: verification-done-disco removed: verification-needed-disco |
tags: |
added: verification-done-eoan verification-done-xenial removed: verification-needed-eoan verification-needed-xenial |
This bug is missing log files that will aid in diagnosing the problem. While running an Ubuntu kernel (not a mainline or third-party kernel) please enter the following command in a terminal window:
apport-collect 1847118
and then change the status of the bug to 'Confirmed'.
If, due to the nature of the issue you have encountered, you are unable to run this command, please add a comment stating that fact and change the bug status to 'Confirmed'.
This change has been made by an automated script, maintained by the Ubuntu Kernel Team.