Public bug reported:
[Description]
Commit a97955844807 ("ipc,sem: remove uneeded sem_undo_list lock usage
in exit_sem()") removes a lock that is needed. This leads to a process
looping infinitely in exit_sem() and can also lead to a crash.
[Test case]
Using the reproducer found in [1] is fairly easy to reach a point where
one of the child processes is looping infinitely in exit_sem between
for(;;) and if (semid == -1) block, while it's trying to free its last
sem_undo structure which has already been freed by freeary().
Once commit a97955844807 ("ipc,sem: remove uneeded sem_undo_list lock
usage in exit_sem()") the issue is not reproducible any more.
[Other]
Patch submitted upstream :
https://lkml.org/lkml/2019/12/11/1718
[1] https://bugzilla.redhat.com/show_bug.cgi?id=1694779
** Affects: linux (Ubuntu)
Importance: Medium
Assignee: Ioanna Alifieraki (joalif)
Status: In Progress
** Affects: linux (Ubuntu Xenial)
Importance: Medium
Assignee: Ioanna Alifieraki (joalif)
Status: In Progress
** Affects: linux (Ubuntu Bionic)
Importance: Medium
Assignee: Ioanna Alifieraki (joalif)
Status: In Progress
** Affects: linux (Ubuntu Disco)
Importance: Medium
Assignee: Ioanna Alifieraki (joalif)
Status: In Progress
** Affects: linux (Ubuntu Eoan)
Importance: Medium
Assignee: Ioanna Alifieraki (joalif)
Status: In Progress
** Affects: linux (Ubuntu Focal)
Importance: Medium
Assignee: Ioanna Alifieraki (joalif)
Status: In Progress
** Also affects: linux (Ubuntu Focal)
Importance: Undecided
Status: New
** Also affects: linux (Ubuntu Bionic)
Importance: Undecided
Status: New
** Also affects: linux (Ubuntu Eoan)
Importance: Undecided
Status: New
** Also affects: linux (Ubuntu Xenial)
Importance: Undecided
Status: New
** Also affects: linux (Ubuntu Disco)
Importance: Undecided
Status: New
** Changed in: linux (Ubuntu Xenial)
Importance: Undecided => Medium
** Changed in: linux (Ubuntu Bionic)
Importance: Undecided => Medium
** Changed in: linux (Ubuntu Disco)
Importance: Undecided => Medium
** Changed in: linux (Ubuntu Eoan)
Importance: Undecided => Medium
** Changed in: linux (Ubuntu Focal)
Importance: Undecided => Medium
** Changed in: linux (Ubuntu Focal)
Assignee: (unassigned) => Ioanna Alifieraki (joalif)
** Changed in: linux (Ubuntu Eoan)
Assignee: (unassigned) => Ioanna Alifieraki (joalif)
** Changed in: linux (Ubuntu Disco)
Assignee: (unassigned) => Ioanna Alifieraki (joalif)
** Changed in: linux (Ubuntu Bionic)
Assignee: (unassigned) => Ioanna Alifieraki (joalif)
** Changed in: linux (Ubuntu Xenial)
Assignee: (unassigned) => Ioanna Alifieraki (joalif)
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1858834
Title:
ipc/sem.c : process loops infinitely in exit_sem()
Status in linux package in Ubuntu:
In Progress
Status in linux source package in Xenial:
In Progress
Status in linux source package in Bionic:
In Progress
Status in linux source package in Disco:
In Progress
Status in linux source package in Eoan:
In Progress
Status in linux source package in Focal:
In Progress
Bug description:
[Description]
Commit a97955844807 ("ipc,sem: remove uneeded sem_undo_list lock usage
in exit_sem()") removes a lock that is needed. This leads to a process
looping infinitely in exit_sem() and can also lead to a crash.
[Test case]
Using the reproducer found in [1] is fairly easy to reach a point where
one of the child processes is looping infinitely in exit_sem between
for(;;) and if (semid == -1) block, while it's trying to free its last
sem_undo structure which has already been freed by freeary().
Once commit a97955844807 ("ipc,sem: remove uneeded sem_undo_list lock
usage in exit_sem()") the issue is not reproducible any more.
[Other]
Patch submitted upstream :
https://lkml.org/lkml/2019/12/11/1718
[1] https://bugzilla.redhat.com/show_bug.cgi?id=1694779
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1858834/+subscriptions
--
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help : https://help.launchpad.net/ListHelp
