Ubuntu
linux package

getxattr: always handle namespaced attributes

Bug #1789746 reported by Christian Brauner on 2018-08-29

This bug affects 1 person

	Status	Importance	Assigned to
linux (Ubuntu)	Fix Released	High	Joseph Salisbury
Xenial	Fix Released	High	Joseph Salisbury
Bionic	Fix Released	High	Joseph Salisbury
Cosmic	Fix Released	High	Joseph Salisbury

Bug Description

== SRU Justification ==
When running in a container with a user namespace, if you call getxattr
with name = "system.posix_acl_access" and size % 8 != 4, then getxattr
silently skips the user namespace fixup that it normally does resulting in
un-fixed-up data being returned.
This is caused by posix_acl_fix_xattr_to_user() being passed the total
buffer size and not the actual size of the xattr as returned by
vfs_getxattr().

I have pushed a commit upstream that fixes this bug:

https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=82c9a927bc5df6e06b72d206d24a9d10cced4eb5

This commit passes the actual length of the xattr as returned by
vfs_getxattr() down.

A reproducer for the issue is:

touch acl_posix

setfacl -m user:0:rwx acl_posix

and the compile:

  #define _GNU_SOURCE
  #include <errno.h>
  #include <stdio.h>
  #include <stdlib.h>
  #include <string.h>
  #include <sys/types.h>
  #include <unistd.h>
  #include <attr/xattr.h>

  /* Run in user namespace with nsuid 0 mapped to uid != 0 on the host. */
  int main(int argc, void **argv)
  {
          ssize_t ret1, ret2;
          char buf1[128], buf2[132];
          int fret = EXIT_SUCCESS;
          char *file;

          if (argc < 2) {
                  fprintf(stderr,
                          "Please specify a file with "
                          "\"system.posix_acl_access\" permissions set\n");
                  _exit(EXIT_FAILURE);
          }
          file = argv[1];

          ret1 = getxattr(file, "system.posix_acl_access",
                          buf1, sizeof(buf1));
          if (ret1 < 0) {
                  fprintf(stderr, "%s - Failed to retrieve "
                                  "\"system.posix_acl_access\" "
                                  "from \"%s\"\n", strerror(errno), file);
                  _exit(EXIT_FAILURE);
          }

          ret2 = getxattr(file, "system.posix_acl_access",
                          buf2, sizeof(buf2));
          if (ret2 < 0) {
                  fprintf(stderr, "%s - Failed to retrieve "
                                  "\"system.posix_acl_access\" "
                                  "from \"%s\"\n", strerror(errno), file);
                  _exit(EXIT_FAILURE);
          }

          if (ret1 != ret2) {
                  fprintf(stderr, "The value of \"system.posix_acl_"
                                  "access\" for file \"%s\" changed "
                                  "between two successive calls\n", file);
                  _exit(EXIT_FAILURE);
          }

          for (ssize_t i = 0; i < ret2; i++) {
                  if (buf1[i] == buf2[i])
                          continue;

                  fprintf(stderr,
                          "Unexpected different in byte %zd: "
                          "%02x != %02x\n", i, buf1[i], buf2[i]);
                  fret = EXIT_FAILURE;
          }

          if (fret == EXIT_SUCCESS)
                  fprintf(stderr, "Test passed\n");
          else
                  fprintf(stderr, "Test failed\n");

_exit(fret);
}
and run:

./tester acl_posix

On a non-fixed up kernel this should return something like:

  root@c1:/# ./t
  Unexpected different in byte 16: ffffffa0 != 00
  Unexpected different in byte 17: ffffff86 != 00
  Unexpected different in byte 18: 01 != 00

and on a fixed kernel:

root@c1:~# ./t
Test passed

== Fix ==
82c9a927bc5d ("getxattr: use correct xattr length")

== Regression Potential ==
Low. One liner that passes the actual length of the xattr as returned by
vfs_getxattr() down.

== Test Case ==
A test kernel was built with this patch and tested by the original bug reporter.
The bug reporter states the test kernel resolved the bug.

See original description

Tags:

Christian Brauner (cbrauner) on 2018-08-29

Changed in linux (Ubuntu):
status:	New → Confirmed
importance:	Undecided → High

Stéphane Graber (stgraber) on 2018-08-29

Changed in linux (Ubuntu):
status:	Confirmed → Triaged
Changed in linux (Ubuntu Bionic):
status:	New → Triaged
Changed in linux (Ubuntu Xenial):
status:	New → Triaged
importance:	Undecided → High
Changed in linux (Ubuntu Bionic):
importance:	Undecided → High

Joseph Salisbury (jsalisbury) on 2018-09-05

tags:	added: kernel-da-key
tags:	added: bionic xenial

Joseph Salisbury (jsalisbury) on 2018-09-07

Changed in linux (Ubuntu Xenial):
status:	Triaged → In Progress
Changed in linux (Ubuntu Bionic):
status:	Triaged → In Progress
Changed in linux (Ubuntu Cosmic):
status:	Triaged → In Progress
Changed in linux (Ubuntu Xenial):
assignee:	nobody → Joseph Salisbury (jsalisbury)
Changed in linux (Ubuntu Bionic):
assignee:	nobody → Joseph Salisbury (jsalisbury)
Changed in linux (Ubuntu Cosmic):
assignee:	nobody → Joseph Salisbury (jsalisbury)

Revision history for this message

Joseph Salisbury (jsalisbury) wrote on 2018-09-07:

I built Xenial, Bionic and Cosmic test kernels with commit 82c9a927bc5df6e06b72d206d24a9d10cced4eb5.

The test kernel can be downloaded from:
http://kernel.ubuntu.com/~jsalisbury/lp1789746

Can you test this kernel and see if it resolves this bug?

Note about installing test kernels:
• If the test kernel is prior to 4.15(Bionic) you need to install the linux-image and linux-image-extra .deb packages.
• If the test kernel is 4.15(Bionic) or newer, you need to install the linux-modules, linux-modules-extra and linux-image-unsigned .deb packages.

Thanks in advance!

Revision history for this message

Christian Brauner (cbrauner) wrote on 2018-09-20:

Thanks Joseph, the kernel resolves the issue!

Revision history for this message

Joseph Salisbury (jsalisbury) wrote on 2018-09-21:

SRU request submitted:
https://lists.ubuntu.com/archives/kernel-team/2018-September/095580.html

Changed in linux (Ubuntu Cosmic):
status:	In Progress → Fix Committed
description:	updated
description:	updated

Stefan Bader (smb) on 2018-10-01

Changed in linux (Ubuntu Bionic):
status:	In Progress → Fix Committed

Revision history for this message

Kleber Sacilotto de Souza (kleber-souza) wrote on 2018-10-02:

Note: he patch has already been applied to xenial/master-next as part of bug 1792419 (Xenial update to 4.4.155 stable release).

Changed in linux (Ubuntu Xenial):
status:	In Progress → Fix Committed

Stéphane Graber (stgraber) on 2018-10-02

Changed in linux (Ubuntu Cosmic):
status:	Fix Committed → Fix Released

Revision history for this message

Brad Figg (brad-figg) wrote on 2018-10-03:

This bug is awaiting verification that the kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-bionic' to 'verification-done-bionic'. If the problem still exists, change the tag 'verification-needed-bionic' to 'verification-failed-bionic'.

If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you!

tags:

added: verification-needed-bionic

Revision history for this message

Kleber Sacilotto de Souza (kleber-souza) wrote on 2018-10-12:

Hi @cbrauner,

Could you please verify if the kernel available on bionic-proposed fixed the issue?

Thank you.

Revision history for this message

Christian Brauner (cbrauner) wrote on 2018-10-12:

Hi @kleber-souza,

The kernel fixes the issue. I changed the tag to
verification-done. Thanks!

Christian

tags:

added: verification-done-bionic
removed: verification-needed-bionic

Revision history for this message

Launchpad Janitor (janitor) wrote on 2018-10-22:

Download full text (20.0 KiB)

This bug was fixed in the package linux - 4.15.0-38.41

---------------
linux (4.15.0-38.41) bionic; urgency=medium

* linux: 4.15.0-38.41 -proposed tracker (LP: #1797061)

  * Silent data corruption in Linux kernel 4.15 (LP: #1796542)
    - block: add a lower-level bio_add_page interface
    - block: bio_iov_iter_get_pages: fix size of last iovec
    - blkdev: __blkdev_direct_IO_simple: fix leak in error case
    - block: bio_iov_iter_get_pages: pin more pages for multi-segment IOs

linux (4.15.0-37.40) bionic; urgency=medium

* linux: 4.15.0-37.40 -proposed tracker (LP: #1795564)

* hns3: enable ethtool rx-vlan-filter on supported hw (LP: #1793394)
- net: hns3: Add vlan filter setting by ethtool command -K

  * hns3: Modifying channel parameters will reset ring parameters back to
    defaults (LP: #1793404)
    - net: hns3: Fix desc num set to default when setting channel

* hisi_sas: Add SATA FIX check for v3 hw (LP: #1794151)
- scsi: hisi_sas: Add SATA FIS check for v3 hw

  * Fix potential corruption using SAS controller on HiSilicon arm64 boards
    (LP: #1794156)
    - scsi: hisi_sas: add memory barrier in task delivery function

* hisi_sas: Reduce unnecessary spin lock contention (LP: #1794165)
- scsi: hisi_sas: Tidy hisi_sas_task_prep()

  * Add functional level reset support for the SAS controller on HiSilicon D06
    systems (LP: #1794166)
    - scsi: hisi_sas: tidy host controller reset function a bit
    - scsi: hisi_sas: relocate some common code for v3 hw
    - scsi: hisi_sas: Implement handlers of PCIe FLR for v3 hw

  * HiSilicon SAS controller doesn't recover from PHY STP link timeout
    (LP: #1794172)
    - scsi: hisi_sas: tidy channel interrupt handler for v3 hw
    - scsi: hisi_sas: Fix the failure of recovering PHY from STP link timeout

* getxattr: always handle namespaced attributes (LP: #1789746)
- getxattr: use correct xattr length

* Fix unusable NVIDIA GPU after S3 (LP: #1793338)
- PCI: Reprogram bridge prefetch registers on resume

  * Fails to boot under Xen PV: BUG: unable to handle kernel paging request at
    edc21fd9 (LP: #1789118)
    - x86/EISA: Don't probe EISA bus for Xen PV guests

* qeth: use vzalloc for QUERY OAT buffer (LP: #1793086)
- s390/qeth: use vzalloc for QUERY OAT buffer

* SRU: Enable middle button of touchpad on ThinkPad P72 (LP: #1793463)
- Input: elantech - enable middle button of touchpad on ThinkPad P72

  * Dell new AIO requires a new uart backlight driver (LP: #1727235)
    - SAUCE: platform/x86: dell-uart-backlight: new backlight driver for DELL AIO
    - updateconfigs for Dell UART backlight driver

  * [Ubuntu] s390/crypto: Fix return code checking in cbc_paes_crypt.
    (LP: #1794294)
    - s390/crypto: Fix return code checking in cbc_paes_crypt()

  * hns3: Retrieve RoCE MSI-X config from firmware (LP: #1793221)
    - net: hns3: Fix MSIX allocation issue for VF
    - net: hns3: Refine the MSIX allocation for PF

  * net: hns: Avoid hang when link is changed while handling packets
    (LP: #1792209)
    - net: hns: add the code for cleaning pkt in chip
    - net: hns: add netif_carrier_off before change speed and duplex

* Page leaki...

This bug was fixed in the package linux - 4.15.0-38.41

---------------
linux (4.15.0-38.41) bionic; urgency=medium

* linux: 4.15.0-38.41 -proposed tracker (LP: #1797061)

linux (4.15.0-37.40) bionic; urgency=medium

* linux: 4.15.0-37.40 -proposed tracker (LP: #1795564)

* hns3: enable ethtool rx-vlan-filter on supported hw (LP: #1793394)
    - net: hns3: Add vlan filter setting by ethtool command -K

* hns3: Modifying channel parameters will reset ring parameters back to
    defaults (LP: #1793404)
    - net: hns3: Fix desc num set to default when setting channel

* hisi_sas: Add SATA FIX check for v3 hw (LP: #1794151)
    - scsi: hisi_sas: Add SATA FIS check for v3 hw

* Fix potential corruption using SAS controller on HiSilicon arm64 boards
    (LP: #1794156)
    - scsi: hisi_sas: add memory barrier in task delivery function

* hisi_sas: Reduce unnecessary spin lock contention (LP: #1794165)
    - scsi: hisi_sas: Tidy hisi_sas_task_prep()

* getxattr: always handle namespaced attributes (LP: #1789746)
    - getxattr: use correct xattr length

* Fix unusable NVIDIA GPU after S3 (LP: #1793338)
    - PCI: Reprogram bridge prefetch registers on resume

* Fails to boot under Xen PV: BUG: unable to handle kernel paging request at
    edc21fd9 (LP: #1789118)
    - x86/EISA: Don't probe EISA bus for Xen PV guests

* qeth: use vzalloc for QUERY OAT buffer (LP: #1793086)
    - s390/qeth: use vzalloc for QUERY OAT buffer

* SRU: Enable middle button of touchpad on ThinkPad P72 (LP: #1793463)
    - Input: elantech - enable middle button of touchpad on ThinkPad P72

* Dell new AIO requires a new uart backlight driver (LP: #1727235)
    - SAUCE: platform/x86: dell-uart-backlight: new backlight driver for DELL AIO
    - updateconfigs for Dell UART backlight driver

* [Ubuntu] s390/crypto: Fix return code checking in cbc_paes_crypt.
    (LP: #1794294)
    - s390/crypto: Fix return code checking in cbc_paes_crypt()

* hns3: Retrieve RoCE MSI-X config from firmware (LP: #1793221)
    - net: hns3: Fix MSIX allocation issue for VF
    - net: hns3: Refine the MSIX allocation for PF

* Page leaking in cachefiles_read_backing_file while vmscan is active
    (LP: #1793430)
    - SAUCE: cachefiles: Page leaking in cachefiles_read_backing_file while vmscan
      is active

* some nvidia p1000 graphic cards hang during the boot (LP: #1791569)
    - drm/nouveau/gr/gf100-: virtualise tpc_mask + apply fixes from traces

* Error reported when creating ZFS pool with "-t" option, despite successful
    pool creation (LP: #1769937)
    - SAUCE: (noup) Update zfs to 0.7.5-1ubuntu16.4

* Fix I2C touchpanels' interrupt storms after system suspend (LP: #1792309)
    - HID: i2c-hid: Fix flooded incomplete report after S3 on Rayd touchscreen
    - HID: i2c-hid: Don't reset device upon system resume

* ipmmu is always registered (LP: #1783746)
    - iommu/ipmmu-vmsa: Don't register as BUS IOMMU if machine doesn't have IPMMU-
      VMSA

* Bionic update: upstream stable patchset 2018-09-27 (LP: #1794889)
    - clocksource/drivers/imx-tpm: Correct some registers operation flow
    - Input: synaptics-rmi4 - fix an unchecked out of memory error path
    - KVM: X86: fix incorrect reference of trace_kvm_pi_irte_update
    - x86: Add check for APIC access address for vmentry of L2 guests
    - MIPS: io: Prevent compiler reordering writeX()
    - nfp: ignore signals when communicating with management FW
    - perf report: Fix switching to another perf.data file
    - fsnotify: fix ignore mask logic in send_to_group()
    - MIPS: io: Add barrier after register read in readX()
    - s390/smsgiucv: disable SMSG on module unload
    - isofs: fix potential memory leak in mount option parsing
    - MIPS: dts: Boston: Fix PCI bus dtc warnings:
    - spi: sh-msiof: Fix bit field overflow writes to TSCR/RSCR
    - doc: Add vendor prefix for Kieback & Peter GmbH
    - dt-bindings: pinctrl: sunxi: Fix reference to driver
    - dt-bindings: serial: sh-sci: Add support for r8a77965 (H)SCIF
    - dt-bindings: dmaengine: rcar-dmac: document R8A77965 support
    - clk: honor CLK_MUX_ROUND_CLOSEST in generic clk mux
    - ASoC: rt5514: Add the missing register in the readable table
    - eCryptfs: don't pass up plaintext names when using filename encryption
    - soc: bcm: raspberrypi-power: Fix use of __packed
    - soc: bcm2835: Make !RASPBERRYPI_FIRMWARE dummies return failure
    - PCI: kirin: Fix reset gpio name
    - ASoC: topology: Fix bugs of freeing soc topology
    - xen: xenbus_dev_frontend: Really return response string
    - ASoC: topology: Check widget kcontrols before deref.
    - spi: cadence: Add usleep_range() for cdns_spi_fill_tx_fifo()
    - blkcg: don't hold blkcg lock when deactivating policy
    - tipc: fix infinite loop when dumping link monitor summary
    - scsi: iscsi: respond to netlink with unicast when appropriate
    - scsi: megaraid_sas: Do not log an error if FW successfully initializes.
    - scsi: target: fix crash with iscsi target and dvd
    - netfilter: nf_tables: NAT chain and extensions require NF_TABLES
    - netfilter: nf_tables: fix out-of-bounds in nft_chain_commit_update
    - ASoC: msm8916-wcd-analog: use threaded context for mbhc events
    - drm/msm: Fix possible null dereference on failure of get_pages()
    - drm/msm/dsi: use correct enum in dsi_get_cmd_fmt
    - drm/msm: don't deref error pointer in the msm_fbdev_create error path
    - blkcg: init root blkcg_gq under lock
    - vfs: Undo an overly zealous MS_RDONLY -> SB_RDONLY conversion
    - parisc: time: Convert read_persistent_clock() to read_persistent_clock64()
    - scsi: storvsc: Set up correct queue depth values for IDE devices
    - scsi: isci: Fix infinite loop in while loop
    - mm, pagemap: fix swap offset value for PMD migration entry
    - proc: revalidate kernel thread inodes to root:root
    - kexec_file: do not add extra alignment to efi memmap
    - mm: memcg: add __GFP_NOWARN in __memcg_schedule_kmem_cache_create()
    - usb: typec: ucsi: fix tracepoint related build error
    - ACPI / PM: Blacklist Low Power S0 Idle _DSM for ThinkPad X1 Tablet(2016)
    - dt-bindings: meson-uart: DT fix s/clocks-names/clock-names/
    - net: phy: marvell: clear wol event before setting it
    - ARM: dts: da850: fix W=1 warnings with pinmux node
    - ACPI / watchdog: Prefer iTCO_wdt on Lenovo Z50-70
    - drm/amdkfd: fix clock counter retrieval for node without GPU
    - thermal: int3403_thermal: Fix NULL pointer deref on module load / probe
    - net: ethtool: Add missing kernel doc for FEC parameters
    - arm64: ptrace: remove addr_limit manipulation
    - HID: lenovo: Add support for IBM/Lenovo Scrollpoint mice
    - HID: wacom: Release device resource data obtained by devres_alloc()
    - selftests: ftrace: Add a testcase for multiple actions on trigger
    - rds: ib: Fix missing call to rds_ib_dev_put in rds_ib_setup_qp
    - perf/x86/intel: Don't enable freeze-on-smi for PerfMon V1
    - remoteproc: qcom: Fix potential device node leaks
    - rpmsg: added MODULE_ALIAS for rpmsg_char
    - HID: intel-ish-hid: use put_device() instead of kfree()
    - blk-mq: fix sysfs inflight counter
    - arm64: fix possible spectre-v1 in ptrace_hbp_get_event()
    - KVM: arm/arm64: vgic: fix possible spectre-v1 in vgic_mmio_read_apr()
    - libahci: Allow drivers to override stop_engine
    - ata: ahci: mvebu: override ahci_stop_engine for mvebu AHCI
    - x86/cpu/intel: Add missing TLB cpuid values
    - bpf: fix uninitialized variable in bpf tools
    - i2c: sprd: Prevent i2c accesses after suspend is called
    - i2c: sprd: Fix the i2c count issue
    - tipc: fix bug in function tipc_nl_node_dump_monitor
    - nvme: depend on INFINIBAND_ADDR_TRANS
    - nvmet-rdma: depend on INFINIBAND_ADDR_TRANS
    - ib_srpt: depend on INFINIBAND_ADDR_TRANS
    - ib_srp: depend on INFINIBAND_ADDR_TRANS
    - IB: make INFINIBAND_ADDR_TRANS configurable
    - IB/uverbs: Fix validating mandatory attributes
    - RDMA/cma: Fix use after destroy access to net namespace for IPoIB
    - RDMA/iwpm: fix memory leak on map_info
    - IB/rxe: add RXE_START_MASK for rxe_opcode IB_OPCODE_RC_SEND_ONLY_INV
    - IB/rxe: avoid double kfree_skb
    - <linux/stringhash.h>: fix end_name_hash() for 64bit long
    - IB/core: Make ib_mad_client_id atomic
    - ARM: davinci: board-da830-evm: fix GPIO lookup for MMC/SD
    - ARM: davinci: board-da850-evm: fix GPIO lookup for MMC/SD
    - ARM: davinci: board-omapl138-hawk: fix GPIO numbers for MMC/SD lookup
    - ARM: davinci: board-dm355-evm: fix broken networking
    - dt-bindings: panel: lvds: Fix path to display timing bindings
    - ARM: OMAP2+: powerdomain: use raw_smp_processor_id() for trace
    - ARM: dts: logicpd-som-lv: Fix WL127x Startup Issues
    - ARM: dts: logicpd-som-lv: Fix Audio Mute
    - Input: atmel_mxt_ts - fix the firmware update
    - hexagon: add memset_io() helper
    - hexagon: export csum_partial_copy_nocheck
    - scsi: vmw-pvscsi: return DID_BUS_BUSY for adapter-initated aborts
    - bpf, x64: fix memleak when not converging after image
    - parisc: drivers.c: Fix section mismatches
    - stop_machine, sched: Fix migrate_swap() vs. active_balance() deadlock
    - kthread, sched/wait: Fix kthread_parkme() wait-loop
    - arm64: tegra: Make BCM89610 PHY interrupt as active low
    - iommu/vt-d: fix shift-out-of-bounds in bug checking
    - nvme: fix potential memory leak in option parsing
    - nvme: Set integrity flag for user passthrough commands
    - ARM: OMAP1: ams-delta: fix deferred_fiq handler
    - smc: fix sendpage() call
    - IB/hfi1 Use correct type for num_user_context
    - IB/hfi1: Fix memory leak in exception path in get_irq_affinity()
    - RDMA/cma: Do not query GID during QP state transition to RTR
    - spi: bcm2835aux: ensure interrupts are enabled for shared handler
    - sched/core: Introduce set_special_state()
    - sh: fix build failure for J2 cpu with SMP disabled
    - tee: check shm references are consistent in offset/size
    - mac80211: Adjust SAE authentication timeout
    - drm/omap: silence unititialized variable warning
    - drm/omap: fix uninitialized ret variable
    - drm/omap: fix possible NULL ref issue in tiler_reserve_2d
    - drm/omap: check return value from soc_device_match
    - drm/omap: handle alloc failures in omap_connector
    - driver core: add __printf verification to __ata_ehi_pushv_desc
    - ARM: dts: cygnus: fix irq type for arm global timer
    - mac80211: use timeout from the AddBA response instead of the request
    - net: aquantia: driver should correctly declare vlan_features bits
    - can: dev: increase bus-off message severity
    - arm64: Add MIDR encoding for NVIDIA CPUs
    - cifs: smb2ops: Fix listxattr() when there are no EAs
    - agp: uninorth: make two functions static
    - tipc: eliminate KMSAN uninit-value in strcmp complaint
    - qed: Fix l2 initializations over iWARP personality
    - qede: Fix gfp flags sent to rdma event node allocation
    - rxrpc: Fix error reception on AF_INET6 sockets
    - rxrpc: Fix the min security level for kernel calls
    - KVM: Extend MAX_IRQ_ROUTES to 4096 for all archs
    - x86: Delay skip of emulated hypercall instruction
    - ixgbe: return error on unsupported SFP module when resetting
    - net sched actions: fix invalid pointer dereferencing if skbedit flags
      missing
    - proc/kcore: don't bounds check against address 0
    - ocfs2: take inode cluster lock before moving reflinked inode from orphan dir
    - kprobes/x86: Prohibit probing on exception masking instructions
    - uprobes/x86: Prohibit probing on MOV SS instruction
    - objtool, kprobes/x86: Sync the latest <asm/insn.h> header with
      tools/objtool/arch/x86/include/asm/insn.h
    - x86/pkeys/selftests: Adjust the self-test to fresh distros that export the
      pkeys ABI
    - x86/mpx/selftests: Adjust the self-test to fresh distros that export the MPX
      ABI
    - x86/selftests: Add mov_to_ss test
    - x86/pkeys/selftests: Give better unexpected fault error messages
    - x86/pkeys/selftests: Stop using assert()
    - x86/pkeys/selftests: Remove dead debugging code, fix dprint_in_signal
    - x86/pkeys/selftests: Allow faults on unknown keys
    - x86/pkeys/selftests: Factor out "instruction page"
    - x86/pkeys/selftests: Add PROT_EXEC test
    - x86/pkeys/selftests: Fix pkey exhaustion test off-by-one
    - x86/pkeys/selftests: Fix pointer math
    - x86/pkeys/selftests: Save off 'prot' for allocations
    - x86/pkeys/selftests: Add a test for pkey 0
    - mtd: Fix comparison in map_word_andequal()
    - afs: Fix the non-encryption of calls
    - usb: musb: fix remote wakeup racing with suspend
    - ARM: keystone: fix platform_domain_notifier array overrun
    - i2c: pmcmsp: return message count on master_xfer success
    - i2c: pmcmsp: fix error return from master_xfer
    - i2c: viperboard: return message count on master_xfer success
    - ARM: davinci: dm646x: fix timer interrupt generation
    - ARM: davinci: board-dm646x-evm: pass correct I2C adapter id for VPIF
    - ARM: davinci: board-dm646x-evm: set VPIF capture card name
    - clk: imx6ull: use OSC clock during AXI rate change
    - locking/rwsem: Add a new RWSEM_ANONYMOUSLY_OWNED flag
    - locking/percpu-rwsem: Annotate rwsem ownership transfer by setting
      RWSEM_OWNER_UNKNOWN
    - drm/dumb-buffers: Integer overflow in drm_mode_create_ioctl()
    - sched/debug: Move the print_rt_rq() and print_dl_rq() declarations to
      kernel/sched/sched.h
    - sched/deadline: Make the grub_reclaim() function static
    - parisc: Move setup_profiling_timer() out of init section
    - efi/libstub/arm64: Handle randomized TEXT_OFFSET
    - ARM: 8753/1: decompressor: add a missing parameter to the addruart macro
    - ARM: 8758/1: decompressor: restore r1 and r2 just before jumping to the
      kernel
    - ARM: kexec: fix kdump register saving on panic()
    - Revert "Btrfs: fix scrub to repair raid6 corruption"
    - Btrfs: fix scrub to repair raid6 corruption
    - Btrfs: make raid6 rebuild retry more
    - tcp: do not overshoot window_clamp in tcp_rcv_space_adjust()
    - ibmvnic: Do not notify peers on parameter change resets
    - dt-bindings: net: ravb: Add support for r8a77965 SoC
    - X86/KVM: Properly update 'tsc_offset' to represent the running guest
    - kvm: x86: move MSR_IA32_TSC handling to x86.c
    - ARM: dts: Fix cm2 and prm sizes for omap4
    - powerpc/64s: Default l1d_size to 64K in RFI fallback flush
    - KVM: arm/arm64: vgic: Kick new VCPU on interrupt migration
    - arm64: kasan: avoid pfn_to_nid() before page array is initialized
    - ARM64: dts: meson-gxl: add USB host support
    - ARM64: dts: meson-gxm: add GXM specific USB host configuration
    - ARM64: dts: meson-gxl-s905x-p212: enable the USB controller
    - ARM64: dts: meson-gx-p23x-q20x: enable the USB controller
    - ARM64: dts: meson-gxl-s905x-libretech-cc: enable the USB controller
    - ARM64: dts: meson-gxl-nexbox-a95x: enable the USB controller
    - ARM64: dts: meson-gxm-khadas-vim2: enable the USB controller
    - arm64: dts: correct SATA addresses for Stingray
    - afs: Fix server record deletion
    - proc: fix /proc/loadavg regression
    - s390/qeth: fix request-side race during cmd IO timeout
    - ACPI / scan: Initialize watchdog before PNP
    - CIFS: set *resp_buf_type to NO_BUFFER on error
    - arm64: dts: uniphier: fix input delay value for legacy mode of eMMC
    - igb: Fix the transmission mode of queue 0 for Qav mode
    - RISC-V: build vdso-dummy.o with -no-pie
    - arm64: only advance singlestep for user instruction traps
    - perf pmu: Fix core PMU alias list for X86 platform
    - bpf, x64: fix JIT emission for dead code
    - powerpc/kvm/booke: Fix altivec related build break
    - reset: uniphier: fix USB clock line for LD20
    - nfp: don't depend on eth_tbl being available
    - net: mvpp2: Fix clk error path in mvpp2_probe
    - kvm: apic: Flush TLB after APIC mode/address change if VPIDs are in use
    - IB/uverbs: Fix validating mandatory attributes
    - RDMA/hns: Intercept illegal RDMA operation when use inline data
    - pinctrl: cherryview: Associate IRQ descriptors to irqdomain
    - kthread, sched/wait: Fix kthread_parkme() completion issue
    - iommu/vt-d: Fix usage of force parameter in intel_ir_reconfigure_irte()
    - nvme/multipath: Disable runtime writable enabling parameter
    - ARM: dts: correct missing "compatible" entry for ti81xx SoCs
    - usb: typec: tps6598x: handle block reads separately with plain-I2C adapters
    - IB/mlx4: Fix integer overflow when calculating optimal MTT size
    - bpf: add map_alloc_check callback
    - bpf: fix possible spectre-v1 in find_and_alloc_map()
    - drm/exynos/mixer: fix synchronization check in interlaced mode
    - drm/exynos: mixer: avoid Oops in vp_video_buffer()
    - bpf: use array_index_nospec in find_prog_type
    - gcc-plugins: fix build condition of SANCOV plugin
    - drm/vc4: Fix oops dereferencing DPI's connector since panel_bridge.
    - nvme: fix use-after-free in nvme_free_ns_head
    - powerpc/pseries: Fix CONFIG_NUMA=n build
    - HID: i2c-hid: Add RESEND_REPORT_DESCR quirk for Toshiba Click Mini L9W-B
    - cifs: Allocate validate negotiation request through kmalloc
    - drm/amdgpu: Switch to interruptable wait to recover from ring hang.
    - rxrpc: Fix missing start of call timeout
    - ARM: dts: imx51-zii-rdu1: fix touchscreen bindings
    - sh: switch to NO_BOOTMEM
    - lib/find_bit_benchmark.c: avoid soft lockup in test_find_first_bit()
    - x86/pkeys/selftests: Avoid printf-in-signal deadlocks
    - afs: Fix address list parsing
    - afs: Fix refcounting in callback registration
    - afs: Fix server rotation's handling of fileserver probe failure
    - afs: Fix VNOVOL handling in address rotation
    - afs: Fix the handling of CB.InitCallBackState3 to find the server by UUID
    - afs: Fix afs_find_server search loop
    - KVM: X86: Lower the default timer frequency limit to 200us
    - platform/x86: DELL_WMI use depends on instead of select for DELL_SMBIOS
    - ARM: replace unnecessary perl with sed and the shell $(( )) operator

* Improvements to the kernel source package preparation (LP: #1793461)
    - [Packaging] startnewrelease: add support for backport kernels

* Kernel 4.15.0-35.38 fails to build with CONFIG_XFS_ONLINE_SCRUB enabled
    (LP: #1792393)
    - SAUCE: xfs: fix build error with CONFIG_XFS_ONLINE_SCRUB enabled

* update ENA driver to latest mainline version (LP: #1792044)
    - net: ena: add detection and recovery mechanism for handling missed/misrouted
      MSI-X
    - net: ena: increase ena driver version to 1.5.0
    - net: ena: Eliminate duplicate barriers on weakly-ordered archs
    - SAUCE: ena: devm_kzalloc() -> devm_kcalloc()
    - net: ena: Fix use of uninitialized DMA address bits field
    - net: ena: fix surprise unplug NULL dereference kernel crash
    - net: ena: fix driver when PAGE_SIZE == 64kB
    - net: ena: fix device destruction to gracefully free resources
    - net: ena: fix potential double ena_destroy_device()
    - net: ena: fix missing lock during device destruction
    - net: ena: fix missing calls to READ_ONCE
    - net: ena: fix incorrect usage of memory barriers

-- Stefan Bader <stefan.bader@canonical.com>  Wed, 10 Oct 2018 11:20:35 +0200

Changed in linux (Ubuntu Bionic):
status:	Fix Committed → Fix Released

Stéphane Graber (stgraber) on 2018-11-09

Changed in linux (Ubuntu Xenial):
status:	Fix Committed → Fix Released

Brad Figg (brad-figg) on 2019-07-24

tags:

added: cscc

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.

Ubuntulinux package

getxattr: always handle namespaced attributes

Bug Description

Other bug subscribers

Remote bug watches

Ubuntu
linux package