Bionic ubuntu ethtool doesn't check ring parameters boundaries
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
linux (Ubuntu) |
Fix Released
|
High
|
Guilherme G. Piccoli | ||
Xenial |
Fix Released
|
High
|
Guilherme G. Piccoli | ||
Bionic |
Fix Released
|
High
|
Guilherme G. Piccoli |
Bug Description
[Impact]
* There's a bad behavior in the ena driver ringparam setting on kernels 4.4 and 4.15, if an invalid ringparam is provided to ethtool.
* Upstream Linux kernel implemented ring parameter boundaries check in commit: 37e2d99b59c4 ("ethtool: Ensure new ring parameters are within bounds during SRINGPARAM") [ git.kernel.
Due to this commit, the community doesn't usually allow ring parameter boundary checks in driver code.
* Xenial/Bionic kernels don't include this patch, and some network drivers (like ena) rely on this patch for boundary checking of ring params. So, we are hereby requesting the commit inclusion in these kernel versions.
[Test case]
1. In AWS, create a new c5.4xlarge instance with the Ubuntu 18.04 official ami (uses the ENA network driver) and update to latest kernel/reboot.
2. Run ethtool -g ens5
output:
Ring parameters for ens5:
Pre-set maximums:
RX: 16384
RX Mini: 0
RX Jumbo: 0
TX: 1024
Current hardware settings:
RX: 1024
RX Mini: 0
RX Jumbo: 0
TX: 1024
3. Change the TX/RX ring size to a legal number within boundaries - works!
4. Change the TX/RX ring size to an illegal number (such as 2048 for TX) with the command - "sudo ethtool -G ens5 tx 2048".
Expected behavior - "Cannot set device ring parameters: Invalid argument"
Actual behavior - causes a driver hang since boundaries are not checked by ethtool, effectively hanging the instance (given that AWS has no console to allow system manipulation).
[Regression Potential]
Since that the commit is present in kernels v4.16+ (including Ubuntu) and is quite small and self-contained, the regression risk is very reduced.
One potential "regression" would be if some driver has bugs and provide bad values on get_ringparams, then the validation would be broken (allowing illegal values or refusing legal ones), but this wouldn't be a regression in the hereby proposed patch itself, it'd be only exposed by the patch.
CVE References
affects: | ubuntu → ethtool (Ubuntu) |
description: | updated |
Changed in linux (Ubuntu Xenial): | |
status: | In Progress → Fix Committed |
Changed in linux (Ubuntu Bionic): | |
status: | In Progress → Fix Committed |
Changed in linux (Ubuntu): | |
status: | In Progress → Fix Released |
Thank you for taking the time to report this bug and helping to make Ubuntu better. It seems that your bug report is not filed about a specific source package though, rather it is just filed against Ubuntu in general. It is important that bug reports be filed about source packages so that people interested in the package can find the bugs about it. You can find some hints about determining what package your bug might be about at https:/ /wiki.ubuntu. com/Bugs/ FindRightPackag e. You might also ask for help in the #ubuntu-bugs irc channel on Freenode.
To change the source package that this bug is filed about visit https:/ /bugs.launchpad .net/ubuntu/ +bug/1874444/ +editstatus and add the package name in the text box next to the word Package.
[This is an automated message. I apologize if it reached you inappropriately; please just reply to this message indicating so.]