[Cover Letter] Out of order reads can fetch a NULL pointer causing a kernel crash
Guilherme G. Piccoli
gpiccoli at canonical.com
Mon Apr 26 21:41:10 UTC 2021
BugLink: https://bugs.launchpad.net/bugs/1926184
[NOTE]
* We have reports of this issue happening in AWS instances, so we sent this
with a priority "flag" for linux-aws - the tests (see below) were performed
with -aws kernels. This will/should reach all Ubuntu kernels organically
via the regular upstream stable process, but nothing prevent us to merge
it now, from this submission.
[Impact]
* Out of order reads can fetch a NULL pointer causing a kernel crash. Affects
kernels from v4.15 to v5.11.
[Fix]
* commit 84a24bf8c52e ("locking/qrwlock: Fix ordering in queued_write_lock_slowpath()")
* For Bionic, we also require an additional patch:
commit fcfdfe30e324 ("locking/barriers: Introduce smp_cond_load_relaxed() and atomic_cond_read_relaxed()")
[Where problems could occur]
* This is quite a subtle bug. It is more prevalent on arm64. Regression
possibility seems quite low. The worst impact could be a minor performance
degradation.
* Kernels 4.15 / 5.4 / 5.8 / 5.11 were successfully built and booted with this
patch. Also, by using ftrace we could see that the changed function was executed
with success multiple times.
--
2.29.0
More information about the kernel-team
mailing list