This bug is missing log files that will aid in diagnosing the problem.
>From a terminal window please run:
apport-collect 1660518
and then change the status of the bug to 'Confirmed'.
If, due to the nature of the issue you have encountered, you are unable
to run this command, please add a comment stating that fact and change
the bug status to 'Confirmed'.
This change has been made by an automated script, maintained by the
Ubuntu Kernel Team.
** Changed in: linux (Ubuntu)
Status: New => Incomplete
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1660518
Title:
"mm/huge_memory.c: respect FOLL_FORCE/FOLL_COW for thp" needs to be
ported to Xenial Kernel
Status in linux package in Ubuntu:
Incomplete
Bug description:
The following changes was pulled into atleast the Ubuntu Xenail Kernel
release.
http://kernel.ubuntu.com/git/kernel-ppa/mirror/ubuntu-xenial.git/commit/mm?id=b56d2a75e1daae6ff6eedfb732eadf3c13df6090
From b56d2a75e1daae6ff6eedfb732eadf3c13df6090 Mon Sep 17 00:00:00 2001
From: Linus Torvalds <[email protected]>
Date: Mon, 17 Oct 2016 17:29:48 -0500
Subject: UBUNTU: SAUCE: mm: remove gup_flags FOLL_WRITE games from
__get_user_pages()
This is an ancient bug that was actually attrempted to be fixed once
(badly) by me eleven years ago in commit 4ceb5db9757a ("Fix
get_user_pages() race for write access") but that was then undone due to
problems on s390 by commit f33ea7f404e5 ("fix get_user_pages bug").
In the meantime, the s390 situation has long been fixed, and we can once
more try to fix it by checking the pte_dirty() bit properly (and do it
better). Also, the VM has become more scalable, and what was a purely
theoretical race back then has become easier to trigger.
To fix it, we introduce a new internal FOLL_COW flag to mark the "yes,
we already did a COW" rather than play racy games with FOLL_WRITE that
is very fundamental, and then use the pte dirty flag to validate that
the FOLL_COW flag is still valid.
Reported-and-tested-by: Phil "not Paul" Oester <[email protected]>
Cc: Michal Hocko <[email protected]>
Cc: Andy Lutomirski <[email protected]>
Cc: Kees Cook <[email protected]>
Cc: Oleg Nesterov <[email protected]>
Cc: Willy Tarreau <[email protected]>
Acked-by: Hugh Dickins <[email protected]>
Cc: Nick Piggin <[email protected]>
Cc: Greg Thelen <[email protected]>
Cc: [email protected]
Signed-off-by: Linus Torvalds <[email protected]>
CVE-2016-5195
However this change introduced a bug in the kernel memory manager, in which
syscalls can end up in an infinite loop when transparent huge pages are
enabled. See the following Commit:
https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/mm/huge_memory.c?id=8310d48b125d19fcd9521d83b8293e63eb1646aa
This fix has not been ported to the Xenial kernel, and thus the infinite loop
issue is hitting certain machines quite often. Example of bug hitting:
http://www.mail-archive.com/[email protected]/msg03851.html
Kernel Info: Linux Ubuntu 16.04.1 LTS (GNU/Linux 4.4.0-51-generic x86_64)
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1660518/+subscriptions
--
Mailing list: https://launchpad.net/~kernel-packages
Post to : [email protected]
Unsubscribe : https://launchpad.net/~kernel-packages
More help : https://help.launchpad.net/ListHelp
