This bug is missing log files that will aid in diagnosing the problem.
While running an Ubuntu kernel (not a mainline or third-party kernel)
please enter the following command in a terminal window:
apport-collect 1877070
and then change the status of the bug to 'Confirmed'.
If, due to the nature of the issue you have encountered, you are unable
to run this command, please add a comment stating that fact and change
the bug status to 'Confirmed'.
This change has been made by an automated script, maintained by the
Ubuntu Kernel Team.
** Changed in: linux (Ubuntu)
Status: New => Incomplete
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1877070
Title:
kmalloc-192 slab corruption inside VM with QXL driver
Status in linux package in Ubuntu:
Incomplete
Bug description:
I would like to ask to backport following patch into ubuntu kernels:
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=933db73351d359f74b14f4af095808260aff11f9
This bug silently corrupts memory in kmalloc-192 objects.
we observed several such cases and have few crashes inside RHEL7/8 VMs with
QXL driver.
during investigation we have found that the problem exist in mainline.
Some details:
qxl driver inside guest submit command with reference to allocated struct
qxl_release.
Host handles it, moves related struct qxl_release to release_ring and trigger
interrupt
guest handles interrupt and forces gabage collector in qxl driver
which wolks through release_ring and removes qxl_release structures.
and then main thread calls qxl_release_fence_buffer_objects() it access
already freed qxl_release.
Solution is to swap the qxl_release_fence_buffer_objects() +
qxl_push_{cursor,command}_ring_release() calls.
I would note -- direct cherry-pick can be incomplete,
old kernels can have few other places where
qxl_release_fence_buffer_objects() is called after
qxl_push_{cursor,command}_ring_release().
All such places should be fixed, I did it for 4.4, 4.9 and few other stable
kernels.
We did not have confirmed cases for ubuntu inside VM,
however we believe your kernels should be affected too.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1877070/+subscriptions
--
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help : https://help.launchpad.net/ListHelp
