BugLink: http://bugs.launchpad.net/bugs/1732463
Starting with 4.14 our test for CVE-2015-7550 started oopsing the
kernel on i386 with the following stack trace:
EIP: __radix_tree_lookup+0x15/0xf0
EFLAGS:
00010292 CPU: 2
EAX:
00000004 EBX:
b7e77000 ECX:
00000000 EDX:
00000000
ESI:
00000000 EDI:
00000000 EBP:
dcfb1da4 ESP:
dcfb1d8c
DS: 007b ES: 007b FS: 00d8 GS: 00e0 SS: 0068
CR0:
80050033 CR2:
00000008 CR3:
1cd15dc0 CR4:
000006f0
Call Trace:
radix_tree_lookup_slot+0x1d/0x40
find_get_entry+0x22/0xe0
pagecache_get_page+0x24/0x220
lookup_swap_cache+0x3a/0xf0
swap_readahead_detect+0x55/0x280
do_swap_page+0x232/0x890
? keyring_search_aux+0x96/0xb0
? kmap_atomic_prot+0xe0/0x100
handle_mm_fault+0x6f8/0xe20
? lookup_user_key+0xef/0x450
__do_page_fault+0x22d/0x540
? kvm_async_pf_task_wake+0x100/0x100
do_page_fault+0x27/0xe0
? kvm_async_pf_task_wake+0x100/0x100
do_async_page_fault+0x55/0x90
common_exception+0x6f/0x76
I'm not able to reproduce this outside of ADT, but vma based swap
readahead is a new feature in 4.14 so it seems quite likely that
this is where the bug lies. However I'm not able to reproduce the
problem outside of ADT to confirm this.
So for now disable this feature by default so we can see if that
gets the test to pass. It can still be enabled by writing to
/sys/kernel/mm/swap/vma_ra_enabled if desired.
Signed-off-by: Seth Forshee <seth.forshee@canonical.com>
struct address_space *swapper_spaces[MAX_SWAPFILES] __read_mostly;
static unsigned int nr_swapper_spaces[MAX_SWAPFILES] __read_mostly;
-static bool enable_vma_readahead __read_mostly = true;
+static bool enable_vma_readahead __read_mostly = false;
#define SWAP_RA_WIN_SHIFT (PAGE_SHIFT / 2)
#define SWAP_RA_HITS_MASK ((1UL << SWAP_RA_WIN_SHIFT) - 1)
projects / mirror_ubuntu-disco-kernel.git / commitdiff