[Group.of.nepali.translators] [Bug 1856949] Re: cifs: kernel NULL pointer dereference, address: 0000000000000038
** Changed in: linux (Ubuntu Bionic)
Status: Fix Committed => Fix Released
** Changed in: linux (Ubuntu Eoan)
Status: Fix Committed => Fix Released
--
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1856949
Title:
cifs: kernel NULL pointer dereference, address: 0038
Status in linux package in Ubuntu:
Fix Committed
Status in linux source package in Xenial:
Fix Released
Status in linux source package in Bionic:
Fix Released
Status in linux source package in Disco:
Won't Fix
Status in linux source package in Eoan:
Fix Released
Bug description:
[Impact]
Currently when the client creates a cifsFileInfo structure for
a newly opened file, it allocates a list of byte-range locks
with a pointer to the new cfile and attaches this list to the
inode's lock list. The latter happens before initializing all
other fields, e.g. cfile->tlink. Thus a partially initialized
cifsFileInfo structure becomes available to other threads that
walk through the inode's lock list. One example of such a thread
may be an oplock break worker thread that tries to push all
cached byte-range locks. This causes NULL-pointer dereference
in smb2_push_mandatory_locks() when accessing cfile->tlink:
[598428.945633] BUG: kernel NULL pointer dereference, address:
0038
...
[598428.945749] Workqueue: cifsoplockd cifs_oplock_break [cifs]
[598428.945793] RIP: 0010:smb2_push_mandatory_locks+0xd6/0x5a0 [cifs]
...
[598428.945834] Call Trace:
[598428.945870] ? cifs_revalidate_mapping+0x45/0x90 [cifs]
[598428.945901] cifs_oplock_break+0x13d/0x450 [cifs]
[598428.945909] process_one_work+0x1db/0x380
[598428.945914] worker_thread+0x4d/0x400
[598428.945921] kthread+0x104/0x140
[598428.945925] ? process_one_work+0x380/0x380
[598428.945931] ? kthread_park+0x80/0x80
[598428.945937] ret_from_fork+0x35/0x40
[Test Case]
TBD.
[Fix]
Backport commit 6f582b273ec23332074d970a7fb25bef835df71f ("CIFS: Fix
NULL-pointer dereference in smb2_push_mandatory_locks")
[Regression Potential]
Low. The patch is fairly simple and it's tagged for stable kernels. In
fact it is already in some of the released upstream stable kernels.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1856949/+subscriptions
___
Mailing list: https://launchpad.net/~group.of.nepali.translators
Post to : group.of.nepali.translators@lists.launchpad.net
Unsubscribe : https://launchpad.net/~group.of.nepali.translators
More help : https://help.launchpad.net/ListHelp
[Group.of.nepali.translators] [Bug 1856949] Re: cifs: kernel NULL pointer dereference, address: 0000000000000038
** Changed in: linux (Ubuntu Disco)
Status: Fix Committed => Won't Fix
--
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1856949
Title:
cifs: kernel NULL pointer dereference, address: 0038
Status in linux package in Ubuntu:
Fix Committed
Status in linux source package in Xenial:
Fix Released
Status in linux source package in Bionic:
Fix Committed
Status in linux source package in Disco:
Won't Fix
Status in linux source package in Eoan:
Fix Committed
Bug description:
[Impact]
Currently when the client creates a cifsFileInfo structure for
a newly opened file, it allocates a list of byte-range locks
with a pointer to the new cfile and attaches this list to the
inode's lock list. The latter happens before initializing all
other fields, e.g. cfile->tlink. Thus a partially initialized
cifsFileInfo structure becomes available to other threads that
walk through the inode's lock list. One example of such a thread
may be an oplock break worker thread that tries to push all
cached byte-range locks. This causes NULL-pointer dereference
in smb2_push_mandatory_locks() when accessing cfile->tlink:
[598428.945633] BUG: kernel NULL pointer dereference, address:
0038
...
[598428.945749] Workqueue: cifsoplockd cifs_oplock_break [cifs]
[598428.945793] RIP: 0010:smb2_push_mandatory_locks+0xd6/0x5a0 [cifs]
...
[598428.945834] Call Trace:
[598428.945870] ? cifs_revalidate_mapping+0x45/0x90 [cifs]
[598428.945901] cifs_oplock_break+0x13d/0x450 [cifs]
[598428.945909] process_one_work+0x1db/0x380
[598428.945914] worker_thread+0x4d/0x400
[598428.945921] kthread+0x104/0x140
[598428.945925] ? process_one_work+0x380/0x380
[598428.945931] ? kthread_park+0x80/0x80
[598428.945937] ret_from_fork+0x35/0x40
[Test Case]
TBD.
[Fix]
Backport commit 6f582b273ec23332074d970a7fb25bef835df71f ("CIFS: Fix
NULL-pointer dereference in smb2_push_mandatory_locks")
[Regression Potential]
Low. The patch is fairly simple and it's tagged for stable kernels. In
fact it is already in some of the released upstream stable kernels.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1856949/+subscriptions
___
Mailing list: https://launchpad.net/~group.of.nepali.translators
Post to : group.of.nepali.translators@lists.launchpad.net
Unsubscribe : https://launchpad.net/~group.of.nepali.translators
More help : https://help.launchpad.net/ListHelp
[Group.of.nepali.translators] [Bug 1856949] Re: cifs: kernel NULL pointer dereference, address: 0000000000000038
This bug was fixed in the package linux - 4.4.0-173.203 --- linux (4.4.0-173.203) xenial; urgency=medium * xenial/linux: 4.4.0-173.203 -proposed tracker (LP: #1859718) * CVE-2019-14615 - drm/i915/gen9: Clear residual context state on context switch linux (4.4.0-172.202) xenial; urgency=medium * xenial/linux: 4.4.0-172.202 -proposed tracker (LP: #1858594) * tools/perf fails to build after Xenial update to 4.4.208 upstream stable release (LP: #1858798) - Revert "perf report: Add warning when libunwind not compiled in" * CVE-2019-18885 - btrfs: refactor btrfs_find_device() take fs_devices as argument - btrfs: merge btrfs_find_device and find_device * Integrate Intel SGX driver into linux-azure (LP: #1844245) - [Packaging] Add systemd service to load intel_sgx * Xenial update: 4.4.208 upstream stable release (LP: #1858462) - btrfs: do not leak reloc root if we fail to read the fs root - btrfs: handle ENOENT in btrfs_uuid_tree_iterate - ALSA: hda/ca0132 - Keep power on during processing DSP response - ALSA: hda/ca0132 - Avoid endless loop - drm: mst: Fix query_payload ack reply struct - iio: light: bh1750: Resolve compiler warning and make code more readable - spi: Add call to spi_slave_abort() function when spidev driver is released - staging: rtl8188eu: fix possible null dereference - rtlwifi: prevent memory leak in rtl_usb_probe - IB/iser: bound protection_sg size by data_sg size - media: am437x-vpfe: Setting STD to current value is not an error - media: i2c: ov2659: fix s_stream return value - media: i2c: ov2659: Fix missing 720p register config - media: ov6650: Fix stored frame format not in sync with hardware - tools/power/cpupower: Fix initializer override in hsw_ext_cstates - usb: renesas_usbhs: add suspend event support in gadget mode - hwrng: omap3-rom - Call clk_disable_unprepare() on exit only if not idled - regulator: max8907: Fix the usage of uninitialized variable in max8907_regulator_probe() - media: flexcop-usb: fix NULL-ptr deref in flexcop_usb_transfer_init() - samples: pktgen: fix proc_cmd command result check logic - mwifiex: pcie: Fix memory leak in mwifiex_pcie_init_evt_ring - media: ti-vpe: vpe: fix a v4l2-compliance warning about invalid pixel format - media: ti-vpe: vpe: fix a v4l2-compliance failure about frame sequence number - media: ti-vpe: vpe: Make sure YUYV is set as default format - extcon: sm5502: Reset registers during initialization - x86/mm: Use the correct function type for native_set_fixmap() - perf report: Add warning when libunwind not compiled in - iio: adc: max1027: Reset the device at probe time - Bluetooth: hci_core: fix init for HCI_USER_CHANNEL - drm/gma500: fix memory disclosures due to uninitialized bytes - x86/ioapic: Prevent inconsistent state when moving an interrupt - arm64: psci: Reduce the waiting time for cpu_psci_cpu_kill() - libata: Ensure ata_port probe has completed before detach - pinctrl: sh-pfc: sh7734: Fix duplicate TCLK1_B - bnx2x: Fix PF-VF communication over multi-cos queues. - spi: img-spfi: fix potential double release - rtlwifi: fix memory leak in rtl92c_set_fw_rsvdpagepkt() - perf probe: Fix to find range-only function instance - perf probe: Fix to list probe event with correct line number - perf probe: Walk function lines in lexical blocks - perf probe: Fix to probe an inline function which has no entry pc - perf probe: Fix to show ranges of variables in functions without entry_pc - perf probe: Fix to show inlined function callsite without entry_pc - perf probe: Skip overlapped location on searching variables - perf probe: Return a better scope DIE if there is no best scope - perf probe: Fix to show calling lines of inlined functions - perf probe: Skip end-of-sequence and non statement lines - perf probe: Filter out instances except for inlined subroutine and subprogram - ath10k: fix get invalid tx rate for Mesh metric - media: pvrusb2: Fix oops on tear-down when radio support is not present - media: si470x-i2c: add missed operations in remove - EDAC/ghes: Fix grain calculation - spi: pxa2xx: Add missed security checks - ASoC: rt5677: Mark reg RT5677_PWR_ANLG2 as volatile - parport: load lowlevel driver if ports not found - cpufreq: Register drivers only after CPU devices have been registered - x86/crash: Add a forward declaration of struct kimage - spi: tegra20-slink: add missed clk_unprepare - btrfs: don't prematurely free work in end_workqueue_fn() - iwlwifi: check kasprintf() return value - fbtft: Make sure string is NULL terminated - crypto: sun4i-ss - Fix 64-bit size_t warnings on sun4i-ss-hash.c - crypto: vmx - Avoid weird build failures - libtraceevent: Fix memory leakage in copy_filter_type - net:
[Group.of.nepali.translators] [Bug 1856949] Re: cifs: kernel NULL pointer dereference, address: 0000000000000038
** Description changed:
- [598428.945633] BUG: kernel NULL pointer dereference, address:
0038
- ...
- [598428.945749] Workqueue: cifsoplockd cifs_oplock_break [cifs]
- [598428.945793] RIP: 0010:smb2_push_mandatory_locks+0xd6/0x5a0 [cifs]
- ...
- [598428.945834] Call Trace:
- [598428.945870] ? cifs_revalidate_mapping+0x45/0x90 [cifs]
- [598428.945901] cifs_oplock_break+0x13d/0x450 [cifs]
- [598428.945909] process_one_work+0x1db/0x380
- [598428.945914] worker_thread+0x4d/0x400
- [598428.945921] kthread+0x104/0x140
- [598428.945925] ? process_one_work+0x380/0x380
- [598428.945931] ? kthread_park+0x80/0x80
- [598428.945937] ret_from_fork+0x35/0x40
+ [Impact]
+
+ Currently when the client creates a cifsFileInfo structure for
+ a newly opened file, it allocates a list of byte-range locks
+ with a pointer to the new cfile and attaches this list to the
+ inode's lock list. The latter happens before initializing all
+ other fields, e.g. cfile->tlink. Thus a partially initialized
+ cifsFileInfo structure becomes available to other threads that
+ walk through the inode's lock list. One example of such a thread
+ may be an oplock break worker thread that tries to push all
+ cached byte-range locks. This causes NULL-pointer dereference
+ in smb2_push_mandatory_locks() when accessing cfile->tlink:
+
+ [598428.945633] BUG: kernel NULL pointer dereference, address:
0038
+ ...
+ [598428.945749] Workqueue: cifsoplockd cifs_oplock_break [cifs]
+ [598428.945793] RIP: 0010:smb2_push_mandatory_locks+0xd6/0x5a0 [cifs]
+ ...
+ [598428.945834] Call Trace:
+ [598428.945870] ? cifs_revalidate_mapping+0x45/0x90 [cifs]
+ [598428.945901] cifs_oplock_break+0x13d/0x450 [cifs]
+ [598428.945909] process_one_work+0x1db/0x380
+ [598428.945914] worker_thread+0x4d/0x400
+ [598428.945921] kthread+0x104/0x140
+ [598428.945925] ? process_one_work+0x380/0x380
+ [598428.945931] ? kthread_park+0x80/0x80
+ [598428.945937] ret_from_fork+0x35/0x40
+
+
+ [Test Case]
+
+ TBD.
+
+
+ [Fix]
+
+ Backport commit 6f582b273ec23332074d970a7fb25bef835df71f ("CIFS: Fix
+ NULL-pointer dereference in smb2_push_mandatory_locks")
+
+ [Regression Potential]
+
+ Low. The patch is fairly simple and it's tagged for stable kernels. In
+ fact it is already in some of the released upstream stable kernels.
** No longer affects: linux (Ubuntu Focal)
--
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1856949
Title:
cifs: kernel NULL pointer dereference, address: 0038
Status in linux package in Ubuntu:
Incomplete
Status in linux source package in Xenial:
Incomplete
Status in linux source package in Bionic:
Incomplete
Status in linux source package in Disco:
Incomplete
Status in linux source package in Eoan:
Incomplete
Bug description:
[Impact]
Currently when the client creates a cifsFileInfo structure for
a newly opened file, it allocates a list of byte-range locks
with a pointer to the new cfile and attaches this list to the
inode's lock list. The latter happens before initializing all
other fields, e.g. cfile->tlink. Thus a partially initialized
cifsFileInfo structure becomes available to other threads that
walk through the inode's lock list. One example of such a thread
may be an oplock break worker thread that tries to push all
cached byte-range locks. This causes NULL-pointer dereference
in smb2_push_mandatory_locks() when accessing cfile->tlink:
[598428.945633] BUG: kernel NULL pointer dereference, address:
0038
...
[598428.945749] Workqueue: cifsoplockd cifs_oplock_break [cifs]
[598428.945793] RIP: 0010:smb2_push_mandatory_locks+0xd6/0x5a0 [cifs]
...
[598428.945834] Call Trace:
[598428.945870] ? cifs_revalidate_mapping+0x45/0x90 [cifs]
[598428.945901] cifs_oplock_break+0x13d/0x450 [cifs]
[598428.945909] process_one_work+0x1db/0x380
[598428.945914] worker_thread+0x4d/0x400
[598428.945921] kthread+0x104/0x140
[598428.945925] ? process_one_work+0x380/0x380
[598428.945931] ? kthread_park+0x80/0x80
[598428.945937] ret_from_fork+0x35/0x40
[Test Case]
TBD.
[Fix]
Backport commit 6f582b273ec23332074d970a7fb25bef835df71f ("CIFS: Fix
NULL-pointer dereference in smb2_push_mandatory_locks")
[Regression Potential]
Low. The patch is fairly simple and it's tagged for stable kernels. In
fact it is already in some of the released upstream stable kernels.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1856949/+subscriptions
___
Mailing list: https://launchpad.net/~group.of.nepali.translators
Post to : group.of.nepali.translators@lists.launchpad.net
Unsubscribe :
