kernel panic when umouting rootfs
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
linux (Ubuntu) |
Fix Released
|
High
|
Joseph Salisbury | ||
Trusty |
Fix Released
|
High
|
Joseph Salisbury |
Bug Description
This upstream commit is missing:
da362b09e42e umount: Do not allow unmounting rootfs.
http://
The commit log of this patch explains how to reproduce the kernel panic (see below).
Note that this patch depends on
5ff9d8a65ce8 vfs: Lock in place mounts from more privileged users
http://
root@ubuntu1404:~# uname -a
Linux ubuntu1404 3.13.0-71-generic #114-Ubuntu SMP Tue Dec 1 02:34:22 UTC 2015 x86_64 x86_64 x86_64 GNU/Linux
root@ubuntu1404:~# ./a.out
[ 199.274374] ------------[ cut here ]------------
[ 199.274865] kernel BUG at /build/
[ 199.275473] invalid opcode: 0000 [#1] SMP
[ 199.275850] Modules linked in: nfsv3 rpcsec_gss_krb5 nfsv4 crct10dif_pclmul crc32_pclmul ghash_clmulni_intel ppdev aesni_intel aes_x86_64 lrw gf128mul glue_helper ablk_helper cryptd serio_raw nfsd auth_rpcgss parport_pc nfs_acl nfs i2c_piix4 mac_hid lockd sunrpc fscache lp parport psmouse pata_acpi floppy
[ 199.276005] CPU: 0 PID: 893 Comm: a.out Not tainted 3.13.0-71-generic #114-Ubuntu
[ 199.276005] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.8.
[ 199.276005] task: ffff88003ba6b000 ti: ffff88003ad8e000 task.ti: ffff88003ad8e000
[ 199.276005] RIP: 0010:[<
[ 199.276005] RSP: 0018:ffff88003a
[ 199.276005] RAX: ffff88003d9b41a0 RBX: 0000000000000002 RCX: ffff88003d9b41a0
[ 199.276005] RDX: 0000000000000000 RSI: 0000000000000002 RDI: ffff88003ad8fec0
[ 199.276005] RBP: ffff88003ad8fea8 R08: ffff88003d9b4190 R09: ffff88003ad8fec0
[ 199.276005] R10: ffffffff811ce392 R11: ffffea0000e72e00 R12: ffff88003d9b4140
[ 199.276005] R13: ffff88003d9b4140 R14: ffff88003d9b4140 R15: 0000000000000000
[ 199.276005] FS: 00007f72c3f0c74
[ 199.276005] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 199.276005] CR2: 00007f72c3a2d110 CR3: 000000003d3fd000 CR4: 00000000001407f0
[ 199.276005] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 199.276005] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 199.276005] Stack:
[ 199.276005] 0000000000000002 ffff88003d9b4160 ffff88003e035000 ffff88003ad8fed8
[ 199.276005] ffffffff811ddfcc 00000002ffffff9c ffff88003d9b4140 0000000000000002
[ 199.276005] ffff88003d9b4160 ffff88003ad8ff38 ffffffff811de9cf ffffffff811ce392
[ 199.276005] Call Trace:
[ 199.276005] [<ffffffff811dd
[ 199.276005] [<ffffffff811de
[ 199.276005] [<ffffffff811ce
[ 199.276005] [<ffffffff811ce
[ 199.276005] [<ffffffff811df
[ 199.276005] [<ffffffff81735
[ 199.276005] Code: 50 08 48 89 02 49 89 45 08 e9 57 ff ff ff 66 2e 0f 1f 84 00 00 00 00 00 4c 89 e6 4c 89 e7 e8 d5 f6 ff ff 48 89 c3 e9 19 ff ff ff <0f> 0b 66 2e 0f 1f 84 00 00 00 00 00 90 0f 1f 44 00 00 55 b8 01
[ 199.276005] RIP [<ffffffff811eb
[ 199.276005] RSP <ffff88003ad8fe90>
[ 199.297648] ---[ end trace 6262a5eb9740f9d0 ]---
CVE References
Changed in linux (Ubuntu): | |
importance: | Undecided → High |
tags: | added: kernel-da-key |
Changed in linux (Ubuntu Trusty): | |
status: | New → Confirmed |
importance: | Undecided → High |
status: | Confirmed → Triaged |
Changed in linux (Ubuntu): | |
status: | Confirmed → Triaged |
Changed in linux (Ubuntu): | |
status: | Triaged → In Progress |
Changed in linux (Ubuntu Trusty): | |
status: | Triaged → In Progress |
assignee: | nobody → Joseph Salisbury (jsalisbury) |
Changed in linux (Ubuntu): | |
assignee: | nobody → Joseph Salisbury (jsalisbury) |
Changed in linux (Ubuntu Trusty): | |
status: | In Progress → Fix Committed |
Changed in linux (Ubuntu): | |
status: | In Progress → Fix Committed |
Changed in linux (Ubuntu): | |
status: | Fix Committed → Fix Released |
This bug is missing log files that will aid in diagnosing the problem. From a terminal window please run:
apport-collect 1541313
and then change the status of the bug to 'Confirmed'.
If, due to the nature of the issue you have encountered, you are unable to run this command, please add a comment stating that fact and change the bug status to 'Confirmed'.
This change has been made by an automated script, maintained by the Ubuntu Kernel Team.