ubuntu_ltp_syscalls / finit_module02 fails on v4.15 and other kernels

Bug #1950644 reported by Krzysztof Kozlowski
254
This bug affects 1 person
Affects Status Importance Assigned to Milestone
ubuntu-kernel-tests
New
Undecided
Unassigned
linux (Ubuntu)
Fix Released
Undecided
Unassigned
Trusty
Confirmed
Undecided
Unassigned
Bionic
Fix Released
Medium
Thadeu Lima de Souza Cascardo
Focal
Fix Released
Medium
Thadeu Lima de Souza Cascardo
Hirsute
Fix Released
Medium
Thadeu Lima de Souza Cascardo
Impish
Fix Released
Medium
Thadeu Lima de Souza Cascardo
Jammy
Fix Released
Undecided
Unassigned
linux-azure (Ubuntu)
New
Undecided
Unassigned
Trusty
New
Undecided
Unassigned
Bionic
New
Undecided
Unassigned
Focal
Fix Released
Undecided
Unassigned
Hirsute
Fix Released
Undecided
Unassigned
Impish
Fix Released
Undecided
Unassigned
Jammy
New
Undecided
Unassigned
linux-oem-5.10 (Ubuntu)
Invalid
Undecided
Unassigned
Trusty
Invalid
Undecided
Unassigned
Bionic
Invalid
Undecided
Unassigned
Focal
Fix Released
Undecided
Unassigned
Hirsute
Invalid
Undecided
Unassigned
Impish
Invalid
Undecided
Unassigned
Jammy
Invalid
Undecided
Unassigned
linux-oem-5.13 (Ubuntu)
Invalid
Undecided
Unassigned
Trusty
Invalid
Undecided
Unassigned
Bionic
Invalid
Undecided
Unassigned
Focal
Fix Released
Undecided
Unassigned
Hirsute
Invalid
Undecided
Unassigned
Impish
Invalid
Undecided
Unassigned
Jammy
Invalid
Undecided
Unassigned
linux-oem-5.14 (Ubuntu)
Invalid
Undecided
Unassigned
Trusty
Invalid
Undecided
Unassigned
Bionic
Invalid
Undecided
Unassigned
Focal
Fix Released
Undecided
Unassigned
Hirsute
Invalid
Undecided
Unassigned
Impish
Invalid
Undecided
Unassigned
Jammy
Invalid
Undecided
Unassigned

Bug Description

[Impact]
Some uses of kernel_read_file_from_fd may lead to a WARN when the file is
not opened for reading.

The WARNING, however, is not present on earlier kernels, which will return
a different error code. The fix, however, has been applied to upstream stable
and may be worth so tests can PASS without much change.

[Fix/Backport]
The fix is trivial, but the backport for Focal and Bionic was picked up
from 5.4.y upstream stable tree, because the function was moved to a
different file.

[Test case]
The finit_module02 test case from LTP covers this.

[Potential regression]
kernel_read_file_from_fd is used for module loading and kexec, so there is
where regressions might show up.

=================================================================

ubuntu_ltp / finit_module02 fails on Bionic Azure FIPS (4.15.0-2039.43), Bionic Azure (4.15.0-1127.140), Focal Azure (5.4.0-1064.67):

----
tst_test.c:1363: TINFO: Timeout per run is 0h 05m 00s
finit_module02.c:119: TPASS: TestName: invalid-fd : EBADF (9)
finit_module02.c:119: TPASS: TestName: zero-fd : EINVAL (22)
finit_module02.c:119: TPASS: TestName: null-param : EFAULT (14)
finit_module02.c:119: TPASS: TestName: invalid-param : EINVAL (22)
finit_module02.c:119: TPASS: TestName: invalid-flags : EINVAL (22)
tst_capability.c:29: TINFO: Dropping CAP_SYS_MODULE(16)
finit_module02.c:119: TPASS: TestName: no-perm : EPERM (1)
tst_capability.c:41: TINFO: Permitting CAP_SYS_MODULE(16)
finit_module02.c:119: TPASS: TestName: module-exists : EEXIST (17)
finit_module02.c:119: TFAIL: TestName: file-not-readable expected EBADF: ETXTBSY (26)
finit_module02.c:119: TPASS: TestName: directory : EINVAL (22)

HINT: You _MAY_ be missing kernel fixes, see:

https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=032146cda855

----

tags: added: 4.15 5.4 azure bionic focal sru-20211108 ubuntu-ltp-syscalls
tags: added: hinted
Revision history for this message
Ubuntu Kernel Bot (ubuntu-kernel-bot) wrote : Missing required logs.

This bug is missing log files that will aid in diagnosing the problem. While running an Ubuntu kernel (not a mainline or third-party kernel) please enter the following command in a terminal window:

apport-collect 1950644

and then change the status of the bug to 'Confirmed'.

If, due to the nature of the issue you have encountered, you are unable to run this command, please add a comment stating that fact and change the bug status to 'Confirmed'.

This change has been made by an automated script, maintained by the Ubuntu Kernel Team.

Changed in linux (Ubuntu):
status: New → Incomplete
Changed in linux (Ubuntu Jammy):
status: Incomplete → Fix Released
Changed in linux (Ubuntu Impish):
status: New → Confirmed
Changed in linux (Ubuntu Hirsute):
status: New → Confirmed
Changed in linux-oem-5.14 (Ubuntu Jammy):
status: New → Invalid
Changed in linux-oem-5.14 (Ubuntu Impish):
status: New → Invalid
Changed in linux-oem-5.14 (Ubuntu Hirsute):
status: New → Invalid
Changed in linux-oem-5.14 (Ubuntu Bionic):
status: New → Invalid
Changed in linux-oem-5.14 (Ubuntu Focal):
status: New → Fix Released
Changed in linux-oem-5.10 (Ubuntu Jammy):
status: New → Invalid
Changed in linux-oem-5.10 (Ubuntu Impish):
status: New → Invalid
Changed in linux-oem-5.10 (Ubuntu Bionic):
status: New → Invalid
Changed in linux-oem-5.10 (Ubuntu Hirsute):
status: New → Invalid
Changed in linux-oem-5.10 (Ubuntu Focal):
status: New → Fix Released
Changed in linux (Ubuntu Impish):
assignee: nobody → Thadeu Lima de Souza Cascardo (cascardo)
Changed in linux (Ubuntu Hirsute):
assignee: nobody → Thadeu Lima de Souza Cascardo (cascardo)
status: Confirmed → In Progress
Changed in linux (Ubuntu Impish):
status: Confirmed → In Progress
Revision history for this message
Thadeu Lima de Souza Cascardo (cascardo) wrote : Re: ubuntu_ltp / finit_module02 fails on v4.15 and other kernels

The fix has landed on 5.4.156 and 4.14.253. They will likely land on our kernels coming from upstream stable. I will make sure to have them on the mailing list anyway, in case we want to carry those fixes for an easier test verification and don't end up applying those corresponding fixes.

Cascardo.

Changed in linux (Ubuntu Focal):
assignee: nobody → Thadeu Lima de Souza Cascardo (cascardo)
status: New → In Progress
Changed in linux (Ubuntu Bionic):
assignee: nobody → Thadeu Lima de Souza Cascardo (cascardo)
status: New → In Progress
Revision history for this message
Po-Hsu Lin (cypressyew) wrote :

Spotted on Focal OEM 5.13.0-1020.24

Running tests.......
tst_test.c:1363: TINFO: Timeout per run is 0h 05m 00s
finit_module02.c:119: TPASS: TestName: invalid-fd : EBADF (9)
finit_module02.c:119: TPASS: TestName: zero-fd : EINVAL (22)
finit_module02.c:119: TPASS: TestName: null-param : EFAULT (14)
finit_module02.c:119: TPASS: TestName: invalid-param : EINVAL (22)
finit_module02.c:119: TPASS: TestName: invalid-flags : EINVAL (22)
tst_capability.c:29: TINFO: Dropping CAP_SYS_MODULE(16)
finit_module02.c:119: TPASS: TestName: no-perm : EPERM (1)
tst_capability.c:41: TINFO: Permitting CAP_SYS_MODULE(16)
finit_module02.c:119: TPASS: TestName: module-exists : EEXIST (17)
finit_module02.c:119: TFAIL: TestName: file-not-readable expected EBADF: ETXTBSY (26)
finit_module02.c:119: TPASS: TestName: directory : EINVAL (22)

HINT: You _MAY_ be missing kernel fixes, see:

https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=032146cda855

Summary:
passed 8
failed 1
broken 0
skipped 0
warnings 0

tags: added: 5.13 oen
Changed in linux-oem-5.13 (Ubuntu Bionic):
status: New → Invalid
Changed in linux-oem-5.13 (Ubuntu Hirsute):
status: New → Invalid
Changed in linux-oem-5.13 (Ubuntu Impish):
status: New → Invalid
Changed in linux-oem-5.13 (Ubuntu Jammy):
status: New → Invalid
Revision history for this message
Krzysztof Kozlowski (krzk) wrote :

Also 2021.11.08/impish/linux-oracle/5.13.0-1010.12

tags: added: impish oracle
Tim Gardner (timg-tpi)
tags: added: 5.11 aws hirsute oem
removed: oen
description: updated
information type: Public → Public Security
Stefan Bader (smb)
Changed in linux (Ubuntu Impish):
importance: Undecided → Medium
Changed in linux (Ubuntu Hirsute):
importance: Undecided → Medium
Changed in linux (Ubuntu Focal):
importance: Undecided → Medium
Changed in linux (Ubuntu Bionic):
importance: Undecided → Medium
status: In Progress → Fix Committed
Stefan Bader (smb)
Changed in linux (Ubuntu Focal):
status: In Progress → Fix Committed
Stefan Bader (smb)
Changed in linux (Ubuntu Hirsute):
status: In Progress → Fix Committed
Changed in linux (Ubuntu Impish):
status: In Progress → Fix Committed
Revision history for this message
Ubuntu Kernel Bot (ubuntu-kernel-bot) wrote :

This bug is awaiting verification that the linux/5.13.0-23.23 kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-impish' to 'verification-done-impish'. If the problem still exists, change the tag 'verification-needed-impish' to 'verification-failed-impish'.

If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you!

tags: added: verification-needed-impish
tags: added: verification-needed-hirsute
Revision history for this message
Ubuntu Kernel Bot (ubuntu-kernel-bot) wrote :

This bug is awaiting verification that the linux/5.11.0-42.46 kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-hirsute' to 'verification-done-hirsute'. If the problem still exists, change the tag 'verification-needed-hirsute' to 'verification-failed-hirsute'.

If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you!

tags: added: verification-needed-focal
Revision history for this message
Ubuntu Kernel Bot (ubuntu-kernel-bot) wrote :

This bug is awaiting verification that the linux/5.4.0-92.103 kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-focal' to 'verification-done-focal'. If the problem still exists, change the tag 'verification-needed-focal' to 'verification-failed-focal'.

If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you!

Po-Hsu Lin (cypressyew)
summary: - ubuntu_ltp / finit_module02 fails on v4.15 and other kernels
+ ubuntu_ltp_syscalls / finit_module02 fails on v4.15 and other kernels
Revision history for this message
Ubuntu Kernel Bot (ubuntu-kernel-bot) wrote :

This bug is awaiting verification that the linux/4.15.0-165.173 kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-bionic' to 'verification-done-bionic'. If the problem still exists, change the tag 'verification-needed-bionic' to 'verification-failed-bionic'.

If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you!

tags: added: verification-needed-bionic
Revision history for this message
Po-Hsu Lin (cypressyew) wrote :

Verified with Bionic AWS 4.15.0-1117.124

 Running tests.......
 tst_test.c:1365: TINFO: Timeout per run is 0h 05m 00s
 tst_kconfig.c:64: TINFO: Parsing kernel config '/boot/config-4.15.0-1117-aws'
 tst_lockdown.c:60: TINFO: Unable to determine system lockdown state
 finit_module02.c:120: TPASS: TestName: invalid-fd : EBADF (9)
 finit_module02.c:120: TPASS: TestName: zero-fd : EINVAL (22)
 finit_module02.c:120: TPASS: TestName: null-param : EFAULT (14)
 finit_module02.c:120: TPASS: TestName: invalid-param : EINVAL (22)
 finit_module02.c:120: TPASS: TestName: invalid-flags : EINVAL (22)
 tst_capability.c:29: TINFO: Dropping CAP_SYS_MODULE(16)
 finit_module02.c:120: TPASS: TestName: no-perm : EPERM (1)
 tst_capability.c:41: TINFO: Permitting CAP_SYS_MODULE(16)
 finit_module02.c:120: TPASS: TestName: module-exists : EEXIST (17)
 finit_module02.c:120: TPASS: TestName: file-not-readable : EBADF (9)
 finit_module02.c:120: TPASS: TestName: directory : EINVAL (22)

 Summary:
 passed 9
 failed 0
 broken 0
 skipped 0
 warnings 0

tags: added: verification-done-bionic
removed: verification-needed-bionic
Revision history for this message
Po-Hsu Lin (cypressyew) wrote :

Verified with Focal Azure 5.4.0-1065.68

 Running tests.......
 tst_test.c:1363: TINFO: Timeout per run is 0h 05m 00s
 finit_module02.c:119: TPASS: TestName: invalid-fd : EBADF (9)
 finit_module02.c:119: TPASS: TestName: zero-fd : EINVAL (22)
 finit_module02.c:119: TPASS: TestName: null-param : EFAULT (14)
 finit_module02.c:119: TPASS: TestName: invalid-param : EINVAL (22)
 finit_module02.c:119: TPASS: TestName: invalid-flags : EINVAL (22)
 tst_capability.c:29: TINFO: Dropping CAP_SYS_MODULE(16)
 finit_module02.c:119: TPASS: TestName: no-perm : EPERM (1)
 tst_capability.c:41: TINFO: Permitting CAP_SYS_MODULE(16)
 finit_module02.c:119: TPASS: TestName: module-exists : EEXIST (17)
 finit_module02.c:119: TPASS: TestName: file-not-readable : EBADF (9)
 finit_module02.c:119: TPASS: TestName: directory : EINVAL (22)

 Summary:
 passed 9
 failed 0
 broken 0
 skipped 0
 warnings 0

tags: added: verification-done-focal
removed: verification-needed-focal
Revision history for this message
Po-Hsu Lin (cypressyew) wrote :

Verified with Hirsute GCP 5.11.0-1024.26

 Running tests.......
 tst_test.c:1363: TINFO: Timeout per run is 0h 05m 00s
 finit_module02.c:119: TPASS: TestName: invalid-fd : EBADF (9)
 finit_module02.c:119: TPASS: TestName: zero-fd : EINVAL (22)
 finit_module02.c:119: TPASS: TestName: null-param : EFAULT (14)
 finit_module02.c:119: TPASS: TestName: invalid-param : EINVAL (22)
 finit_module02.c:119: TPASS: TestName: invalid-flags : EINVAL (22)
 tst_capability.c:29: TINFO: Dropping CAP_SYS_MODULE(16)
 finit_module02.c:119: TPASS: TestName: no-perm : EPERM (1)
 tst_capability.c:41: TINFO: Permitting CAP_SYS_MODULE(16)
 finit_module02.c:119: TPASS: TestName: module-exists : EEXIST (17)
 finit_module02.c:119: TPASS: TestName: file-not-readable : EBADF (9)
 finit_module02.c:119: TPASS: TestName: directory : EINVAL (22)

 Summary:
 passed 9
 failed 0
 broken 0
 skipped 0
 warnings 0

tags: added: verification-done-hirsute
removed: verification-needed-hirsute
Revision history for this message
Po-Hsu Lin (cypressyew) wrote :

Verified with Impish Oracle 5.13.0-1011.13

 Running tests.......
 tst_test.c:1363: TINFO: Timeout per run is 0h 05m 00s
 finit_module02.c:119: TPASS: TestName: invalid-fd : EBADF (9)
 finit_module02.c:119: TPASS: TestName: zero-fd : EINVAL (22)
 finit_module02.c:119: TPASS: TestName: null-param : EFAULT (14)
 finit_module02.c:119: TPASS: TestName: invalid-param : EINVAL (22)
 finit_module02.c:119: TPASS: TestName: invalid-flags : EINVAL (22)
 tst_capability.c:29: TINFO: Dropping CAP_SYS_MODULE(16)
 finit_module02.c:119: TPASS: TestName: no-perm : EPERM (1)
 tst_capability.c:41: TINFO: Permitting CAP_SYS_MODULE(16)
 finit_module02.c:119: TPASS: TestName: module-exists : EEXIST (17)
 finit_module02.c:119: TPASS: TestName: file-not-readable : EBADF (9)
 finit_module02.c:119: TPASS: TestName: directory : EINVAL (22)

 Summary:
 passed 9
 failed 0
 broken 0
 skipped 0
 warnings 0

tags: added: verification-done-impish
removed: verification-needed-impish
Revision history for this message
Po-Hsu Lin (cypressyew) wrote (last edit ):

Issue spotted on T-azure-4.15 4.15.0-1129.142~14.04.1

Running tests.......
tst_test.c:1313: TINFO: Timeout per run is 0h 05m 00s
finit_module02.c:115: TPASS: TestName: invalid-fd: EBADF (9)
finit_module02.c:115: TPASS: TestName: zero-fd: EINVAL (22)
finit_module02.c:115: TPASS: TestName: null-param: EFAULT (14)
finit_module02.c:115: TPASS: TestName: invalid-param: EINVAL (22)
finit_module02.c:115: TPASS: TestName: invalid-flags: EINVAL (22)
tst_capability.c:29: TINFO: Dropping CAP_SYS_MODULE(16)
finit_module02.c:115: TPASS: TestName: no-perm: EPERM (1)
tst_capability.c:41: TINFO: Permitting CAP_SYS_MODULE(16)
finit_module02.c:115: TPASS: TestName: module-exists: EEXIST (17)
finit_module02.c:115: TFAIL: TestName: file-not-readable expected ETXTBSY: EBADF (9)
finit_module02.c:115: TPASS: TestName: directory: EINVAL (22)

Summary:
passed 8
failed 1
broken 0
skipped 0
warnings 0

Revision history for this message
Krzysztof Kozlowski (krzk) wrote :

Trusty Azure 4.15 has this fix but still fails, so the verification fails.

Revision history for this message
Krzysztof Kozlowski (krzk) wrote :

Verified on:
 - 2021.11.29/bionic/linux-azure-fips/4.15.0-2041.45
 - 2021.11.29/bionic/linux-azure-4.15/4.15.0-1129.142

Changed in linux (Ubuntu Trusty):
status: New → Confirmed
Revision history for this message
Launchpad Janitor (janitor) wrote :
Download full text (10.4 KiB)

This bug was fixed in the package linux - 4.15.0-166.174

---------------
linux (4.15.0-166.174) bionic; urgency=medium

  * bionic/linux: 4.15.0-166.174 -proposed tracker (LP: #1953667)

  * Ubuntu version macros overflow with high ABI numbers (LP: #1953522)
    - SAUCE: Revert "stable: clamp SUBLEVEL in 4.14"

  * test_bpf.sh test in net of ubuntu_kernel_selftests failed on B-4.15 and
    variants (LP: #1953287)
    - SAUCE: Revert "bpf: add also cbpf long jump test cases with heavy expansion"

  * test_bpf.sh test in net of ubuntu_kernel_selftests failed on B-4.15 and
    variants (LP: #1953287) // CVE-2018-25020
    - bpf: fix truncated jump targets on heavy expansions

linux (4.15.0-165.173) bionic; urgency=medium

  * bionic/linux: 4.15.0-165.173 -proposed tracker (LP: #1952780)

  * Support builtin revoked certificates (LP: #1932029)
    - certs: Add EFI_CERT_X509_GUID support for dbx entries
    - certs: Move load_system_certificate_list to a common function
    - integrity: Move import of MokListRT certs to a separate routine
    - integrity: Load certs from the EFI MOK config table
    - certs: Add ability to preload revocation certs
    - certs: add 'x509_revocation_list' to gitignore
    - SAUCE: Dump stack when X.509 certificates cannot be loaded
    - [Packaging] build canonical-revoked-certs.pem from branch/arch certs
    - [Packaging] Revoke 2012 UEFI signing certificate as built-in
    - [Config] Configure CONFIG_SYSTEM_REVOCATION_KEYS with revoked keys

  * Support importing mokx keys into revocation list from the mok table
    (LP: #1928679)
    - efi: Support for MOK variable config table
    - efi: mokvar-table: fix some issues in new code
    - efi: mokvar: add missing include of asm/early_ioremap.h
    - efi/mokvar: Reserve the table only if it is in boot services data
    - SAUCE: integrity: Load mokx certs from the EFI MOK config table
    - SAUCE: integrity: add informational messages when revoking certs

  * CVE-2021-4002
    - arm64: tlb: Provide forward declaration of tlb_flush() before including
      tlb.h
    - mm: mmu_notifier fix for tlb_end_vma
    - hugetlbfs: flush TLBs correctly after huge_pmd_unshare

linux (4.15.0-164.172) bionic; urgency=medium

  * bionic/linux: 4.15.0-164.172 -proposed tracker (LP: #1952348)

  * Packaging resync (LP: #1786013)
    - [Packaging] resync update-dkms-versions helper
    - debian/dkms-versions -- update from kernel-versions (main/2021.11.29)

  * Bionic update: upstream stable patchset 2021-11-23 (LP: #1951997)
    - btrfs: always wait on ordered extents at fsync time
    - ARM: dts: at91: sama5d2_som1_ek: disable ISC node by default
    - xtensa: xtfpga: use CONFIG_USE_OF instead of CONFIG_OF
    - xtensa: xtfpga: Try software restart before simulating CPU reset
    - NFSD: Keep existing listeners on portlist error
    - netfilter: ipvs: make global sysctl readonly in non-init netns
    - NIOS2: irqflags: rename a redefined register name
    - can: rcar_can: fix suspend/resume
    - can: peak_usb: pcan_usb_fd_decode_status(): fix back to ERROR_ACTIVE state
      notification
    - can: peak_pci: peak_pci_remove(): fix UAF
    - ocfs2: fix data corruption after conversio...

Changed in linux (Ubuntu Bionic):
status: Fix Committed → Fix Released
Revision history for this message
Launchpad Janitor (janitor) wrote :
Download full text (19.0 KiB)

This bug was fixed in the package linux - 5.4.0-92.103

---------------
linux (5.4.0-92.103) focal; urgency=medium

  * focal/linux: 5.4.0-92.103 -proposed tracker (LP: #1952316)

  * Packaging resync (LP: #1786013)
    - [Packaging] resync update-dkms-versions helper
    - debian/dkms-versions -- update from kernel-versions (main/2021.11.29)

  * CVE-2021-4002
    - tlb: mmu_gather: add tlb_flush_*_range APIs
    - hugetlbfs: flush TLBs correctly after huge_pmd_unshare

  * Re-enable DEBUG_INFO_BTF where it was disabled (LP: #1945632)
    - [Config] Enable CONFIG_DEBUG_INFO_BTF on all arches

  * Focal linux-azure: Vm crash on Dv5/Ev5 (LP: #1950462)
    - KVM: VMX: eVMCS: make evmcs_sanitize_exec_ctrls() work again
    - jump_label: Fix usage in module __init

  * Support builtin revoked certificates (LP: #1932029)
    - Revert "UBUNTU: SAUCE: (lockdown) Make get_cert_list() not complain about
      cert lists that aren't present."
    - integrity: Move import of MokListRT certs to a separate routine
    - integrity: Load certs from the EFI MOK config table
    - certs: Add ability to preload revocation certs
    - integrity: Load mokx variables into the blacklist keyring
    - certs: add 'x509_revocation_list' to gitignore
    - SAUCE: Dump stack when X.509 certificates cannot be loaded
    - [Packaging] build canonical-revoked-certs.pem from branch/arch certs
    - [Packaging] Revoke 2012 UEFI signing certificate as built-in
    - [Config] Configure CONFIG_SYSTEM_REVOCATION_KEYS with revoked keys

  * Support importing mokx keys into revocation list from the mok table
    (LP: #1928679)
    - efi: Support for MOK variable config table
    - efi: mokvar-table: fix some issues in new code
    - efi: mokvar: add missing include of asm/early_ioremap.h
    - efi/mokvar: Reserve the table only if it is in boot services data
    - SAUCE: integrity: add informational messages when revoking certs

  * Support importing mokx keys into revocation list from the mok table
    (LP: #1928679) // CVE-2020-26541 when certificates are revoked via
    MokListXRT.
    - SAUCE: integrity: Load mokx certs from the EFI MOK config table

  * Focal update: v5.4.157 upstream stable release (LP: #1951883)
    - ARM: 9133/1: mm: proc-macros: ensure *_tlb_fns are 4B aligned
    - ARM: 9134/1: remove duplicate memcpy() definition
    - ARM: 9139/1: kprobes: fix arch_init_kprobes() prototype
    - ARM: 9141/1: only warn about XIP address when not compile testing
    - ipv6: use siphash in rt6_exception_hash()
    - ipv4: use siphash instead of Jenkins in fnhe_hashfun()
    - usbnet: sanity check for maxpacket
    - usbnet: fix error return code in usbnet_probe()
    - Revert "pinctrl: bcm: ns: support updated DT binding as syscon subnode"
    - ata: sata_mv: Fix the error handling of mv_chip_id()
    - nfc: port100: fix using -ERRNO as command type mask
    - net/tls: Fix flipped sign in tls_err_abort() calls
    - mmc: vub300: fix control-message timeouts
    - mmc: cqhci: clear HALT state after CQE enable
    - mmc: dw_mmc: exynos: fix the finding clock sample value
    - mmc: sdhci: Map more voltage level to SDHCI_POWER_330
    - mmc: sdhci-esdhc-imx: clear the buffe...

Changed in linux (Ubuntu Focal):
status: Fix Committed → Fix Released
Revision history for this message
Launchpad Janitor (janitor) wrote :
Download full text (32.7 KiB)

This bug was fixed in the package linux - 5.11.0-44.48

---------------
linux (5.11.0-44.48) hirsute; urgency=medium

  * hirsute/linux: 5.11.0-44.48 -proposed tracker (LP: #1954388)

  * Add F81966 watchdog support (LP: #1949063)
    - SAUCE: watchdog: f71808e_wdt: Add F81966 support

linux (5.11.0-42.46) hirsute; urgency=medium

  * hirsute/linux: 5.11.0-42.46 -proposed tracker (LP: #1952278)

  * Packaging resync (LP: #1786013)
    - [Packaging] resync update-dkms-versions helper
    - debian/dkms-versions -- update from kernel-versions (main/2021.11.29)

  * CVE-2021-4002
    - hugetlbfs: flush TLBs correctly after huge_pmd_unshare

  * CVE-2021-43267
    - tipc: fix size validations for the MSG_CRYPTO type

  * Hirsute update: upstream stable patchset 2021-11-24 (LP: #1952136)
    - ext4: check and update i_disksize properly
    - ext4: correct the error path of ext4_write_inline_data_end()
    - ASoC: Intel: sof_sdw: tag SoundWire BEs as non-atomic
    - HID: apple: Fix logical maximum and usage maximum of Magic Keyboard JIS
    - netfilter: ip6_tables: zero-initialize fragment offset
    - HID: wacom: Add new Intuos BT (CTL-4100WL/CTL-6100WL) device IDs
    - ASoC: SOF: loader: release_firmware() on load failure to avoid batching
    - netfilter: nf_nat_masquerade: make async masq_inet6_event handling generic
    - netfilter: nf_nat_masquerade: defer conntrack walk to work queue
    - mac80211: Drop frames from invalid MAC address in ad-hoc mode
    - m68k: Handle arrivals of multiple signals correctly
    - hwmon: (ltc2947) Properly handle errors when looking for the external clock
    - net: prevent user from passing illegal stab size
    - mac80211: check return value of rhashtable_init
    - vboxfs: fix broken legacy mount signature checking
    - net: sun: SUNVNET_COMMON should depend on INET
    - drm/amdgpu: fix gart.bo pin_count leak
    - scsi: ses: Fix unsigned comparison with less than zero
    - scsi: virtio_scsi: Fix spelling mistake "Unsupport" -> "Unsupported"
    - perf/core: fix userpage->time_enabled of inactive events
    - sched: Always inline is_percpu_thread()
    - hwmon: (pmbus/ibm-cffps) max_power_out swap changes
    - ALSA: usb-audio: Unify mixer resume and reset_resume procedure
    - pinctrl: qcom: sc7280: Add PM suspend callbacks
    - io_uring: kill fasync
    - ALSA: usb-audio: Add quirk for VF0770
    - ALSA: pcm: Workaround for a wrong offset in SYNC_PTR compat ioctl
    - ALSA: seq: Fix a potential UAF by wrong private_free call order
    - ALSA: hda/realtek: Enable 4-speaker output for Dell Precision 5560 laptop
    - ALSA: hda - Enable headphone mic on Dell Latitude laptops with ALC3254
    - ALSA: hda/realtek: Complete partial device name to avoid ambiguity
    - ALSA: hda/realtek: Add quirk for Clevo X170KM-G
    - ALSA: hda/realtek - ALC236 headset MIC recording issue
    - ALSA: hda/realtek: Add quirk for TongFang PHxTxX1
    - ALSA: hda/realtek: Fix the mic type detection issue for ASUS G551JW
    - nds32/ftrace: Fix Error: invalid operands (*UND* and *UND* sections) for `^'
    - s390: fix strrchr() implementation
    - clk: socfpga: agilex: fix duplicate s2f_user0_clk
    - csky: don't let si...

Changed in linux (Ubuntu Hirsute):
status: Fix Committed → Fix Released
Revision history for this message
Launchpad Janitor (janitor) wrote :
Download full text (39.5 KiB)

This bug was fixed in the package linux - 5.13.0-23.23

---------------
linux (5.13.0-23.23) impish; urgency=medium

  * impish/linux: 5.13.0-23.23 -proposed tracker (LP: #1952263)

  * Packaging resync (LP: #1786013)
    - [Packaging] resync update-dkms-versions helper
    - debian/dkms-versions -- update from kernel-versions (main/2021.11.29)

  * CVE-2021-4002
    - hugetlbfs: flush TLBs correctly after huge_pmd_unshare

  * [SRU][I/OEM-5.13/OEM-5.14] Add MAC passthrough support for more Lenovo docks
    (LP: #1951767)
    - net: usb: r8152: Add MAC passthrough support for more Lenovo Docks

  * Fix non-working e1000e device after resume (LP: #1951861)
    - SAUCE: Revert "e1000e: Additional PHY power saving in S0ix"
    - SAUCE: Revert "e1000e: Add polling mechanism to indicate CSME DPG exit"
    - SAUCE: Revert "e1000e: Add handshake with the CSME to support S0ix"

  * CVE-2021-43267
    - tipc: fix size validations for the MSG_CRYPTO type

  * Impish update: upstream stable patchset 2021-11-22 (LP: #1951880)
    - ext4: check and update i_disksize properly
    - ext4: correct the error path of ext4_write_inline_data_end()
    - ASoC: Intel: sof_sdw: tag SoundWire BEs as non-atomic
    - HID: apple: Fix logical maximum and usage maximum of Magic Keyboard JIS
    - netfilter: ip6_tables: zero-initialize fragment offset
    - HID: wacom: Add new Intuos BT (CTL-4100WL/CTL-6100WL) device IDs
    - ASoC: SOF: loader: release_firmware() on load failure to avoid batching
    - netfilter: nf_nat_masquerade: make async masq_inet6_event handling generic
    - netfilter: nf_nat_masquerade: defer conntrack walk to work queue
    - mac80211: Drop frames from invalid MAC address in ad-hoc mode
    - m68k: Handle arrivals of multiple signals correctly
    - hwmon: (ltc2947) Properly handle errors when looking for the external clock
    - net: prevent user from passing illegal stab size
    - mac80211: check return value of rhashtable_init
    - vboxfs: fix broken legacy mount signature checking
    - net: sun: SUNVNET_COMMON should depend on INET
    - drm/amdgpu: fix gart.bo pin_count leak
    - scsi: ses: Fix unsigned comparison with less than zero
    - scsi: virtio_scsi: Fix spelling mistake "Unsupport" -> "Unsupported"
    - perf/core: fix userpage->time_enabled of inactive events
    - sched: Always inline is_percpu_thread()
    - hwmon: (pmbus/ibm-cffps) max_power_out swap changes
    - ALSA: usb-audio: Unify mixer resume and reset_resume procedure
    - KVM: arm64: nvhe: Fix missing FORCE for hyp-reloc.S build rule
    - pinctrl: qcom: sc7280: Add PM suspend callbacks
    - net: bgmac-platform: handle mac-address deferral
    - scsi: qla2xxx: Fix excessive messages during device logout
    - io_uring: kill fasync
    - upstream stable to v5.10.74, v5.14.13
    - ALSA: usb-audio: Add quirk for VF0770
    - ALSA: pcm: Workaround for a wrong offset in SYNC_PTR compat ioctl
    - ALSA: seq: Fix a potential UAF by wrong private_free call order
    - ALSA: hda/realtek: Enable 4-speaker output for Dell Precision 5560 laptop
    - ALSA: hda - Enable headphone mic on Dell Latitude laptops with ALC3254
    - ALSA: hda/realtek: Complete partial device nam...

Changed in linux (Ubuntu Impish):
status: Fix Committed → Fix Released
Revision history for this message
Launchpad Janitor (janitor) wrote :
Download full text (36.0 KiB)

This bug was fixed in the package linux-azure - 5.11.0-1023.24

---------------
linux-azure (5.11.0-1023.24) hirsute; urgency=medium

  * hirsute/linux-azure: 5.11.0-1023.24 -proposed tracker (LP: #1952268)

  * Enable arm64 for Hyper-V guests (LP: #1949770)
    - Drivers: hv: vmbus: Move Hyper-V page allocator to arch neutral code
    - x86/hyper-v: Move hv_message_type to architecture neutral module
    - Drivers: hv: Redo Hyper-V synthetic MSR get/set functions
    - Drivers: hv: vmbus: Move hyperv_report_panic_msg to arch neutral code
    - Drivers: hv: vmbus: Handle auto EOI quirk inline
    - Drivers: hv: vmbus: Move handling of VMbus interrupts
    - clocksource/drivers/hyper-v: Handle vDSO differences inline
    - clocksource/drivers/hyper-v: Handle sched_clock differences inline
    - asm-generic/hyperv: change HV_CPU_POWER_MANAGEMENT to HV_CPU_MANAGEMENT
    - x86/hyperv: detect if Linux is the root partition
    - clocksource/hyperv: use MSR-based access if running as root
    - clocksource/drivers/hyper-v: Set clocksource rating based on Hyper-V feature
    - clocksource/drivers/hyper-v: Move handling of STIMER0 interrupts
    - drivers: hv: Fix whitespace errors
    - x86/Hyper-V: Support for free page reporting
    - x86/hyperv: Move hv_do_rep_hypercall to asm-generic
    - drivers: hv: Create a consistent pattern for checking Hyper-V hypercall
      status
    - arm64: smccc: Add support for SMCCCv1.2 extended input/output registers
    - Drivers: hv: Move Hyper-V extended capability check to arch neutral code
    - asm-generic/hyperv: Add missing #include of nmi.h
    - arm64: hyperv: Add Hyper-V hypercall and register access utilities
    - arm64: hyperv: Add panic handler
    - arm64: hyperv: Initialize hypervisor on boot
    - arm64: efi: Export screen_info
    - Drivers: hv: Enable Hyper-V code to be built on ARM64
    - [Packaging] linux-azure: Add basic packaging support for arm64
    - [Config] linux-azure: Extending existing annotations to arm64
    - [Config] linux-azure: Generate initial config for arm64
    - [Packaging] linux-azure: Ignore initial arm64 ABI
    - Drivers: hv: Make portions of Hyper-V init code be arch neutral
    - Drivers: hv: Add arch independent default functions for some Hyper-V
      handlers
    - Drivers: hv: Move Hyper-V misc functionality to arch-neutral code
    - drivers: hv: Decouple Hyper-V clock/timer code from VMbus drivers
    - PCI: Introduce domain_nr in pci_host_bridge
    - PCI: Support populating MSI domains of root buses via bridges
    - arm64: PCI: Restructure pcibios_root_bridge_prepare()
    - arm64: PCI: Support root bridge preparation for Hyper-V
    - PCI: hv: Generify PCI probing
    - PCI: hv: Set ->domain_nr of pci_host_bridge at probing time
    - PCI: hv: Turn on the host bridge probing on ARM64
    - PCI: hv: Set up MSI domain at bridge probing time
    - [Config] azure: COMMON_CLK_XLNX_CLKWZRD=m
    - PCI: hv: Support for create interrupt v3
    - SAUCE: PCI: hv: Make the code arch neutral by adding arch specific
      interfaces
    - SAUCE: arm64: PCI: hv: Add support for Hyper-V vPCI
    - [Packaging] Update CONFIG_PCI_HYPERV policy for arm64
    - PCI: hv: Dr...

Changed in linux-azure (Ubuntu Hirsute):
status: New → Fix Released
Revision history for this message
Launchpad Janitor (janitor) wrote :
Download full text (19.7 KiB)

This bug was fixed in the package linux-azure - 5.4.0-1065.68

---------------
linux-azure (5.4.0-1065.68) focal; urgency=medium

  * focal/linux-azure: 5.4.0-1065.68 -proposed tracker (LP: #1952290)

  * Re-enable DEBUG_INFO_BTF where it was disabled (LP: #1945632)
    - [Config] azure: enable CONFIG_DEBUG_INFO_BTF

  * Support builtin revoked certificates (LP: #1932029)
    - [Config] azure: set CONFIG_SYSTEM_REVOCATION_KEYS

  * Bionic/linux-azure: Call trace on Ubuntu 18.04 VM with Standard NV24
    (LP: #1952621)
    - PCI/sysfs: Convert "config" to static attribute

  * linux-azure: add Icelake servers support in no-HWP mode to
    cpufreq/intel_pstate driver (LP: #1952234)
    - cpufreq: intel_pstate: Add Icelake servers support in no-HWP mode

  [ Ubuntu: 5.4.0-92.103 ]

  * focal/linux: 5.4.0-92.103 -proposed tracker (LP: #1952316)
  * Packaging resync (LP: #1786013)
    - [Packaging] resync update-dkms-versions helper
    - debian/dkms-versions -- update from kernel-versions (main/2021.11.29)
  * CVE-2021-4002
    - tlb: mmu_gather: add tlb_flush_*_range APIs
    - hugetlbfs: flush TLBs correctly after huge_pmd_unshare
  * Re-enable DEBUG_INFO_BTF where it was disabled (LP: #1945632)
    - [Config] Enable CONFIG_DEBUG_INFO_BTF on all arches
  * Focal linux-azure: Vm crash on Dv5/Ev5 (LP: #1950462)
    - KVM: VMX: eVMCS: make evmcs_sanitize_exec_ctrls() work again
    - jump_label: Fix usage in module __init
  * Support builtin revoked certificates (LP: #1932029)
    - Revert "UBUNTU: SAUCE: (lockdown) Make get_cert_list() not complain about
      cert lists that aren't present."
    - integrity: Move import of MokListRT certs to a separate routine
    - integrity: Load certs from the EFI MOK config table
    - certs: Add ability to preload revocation certs
    - integrity: Load mokx variables into the blacklist keyring
    - certs: add 'x509_revocation_list' to gitignore
    - SAUCE: Dump stack when X.509 certificates cannot be loaded
    - [Packaging] build canonical-revoked-certs.pem from branch/arch certs
    - [Packaging] Revoke 2012 UEFI signing certificate as built-in
    - [Config] Configure CONFIG_SYSTEM_REVOCATION_KEYS with revoked keys
  * Support importing mokx keys into revocation list from the mok table
    (LP: #1928679)
    - efi: Support for MOK variable config table
    - efi: mokvar-table: fix some issues in new code
    - efi: mokvar: add missing include of asm/early_ioremap.h
    - efi/mokvar: Reserve the table only if it is in boot services data
    - SAUCE: integrity: add informational messages when revoking certs
  * Support importing mokx keys into revocation list from the mok table
    (LP: #1928679) // CVE-2020-26541 when certificates are revoked via
    MokListXRT.
    - SAUCE: integrity: Load mokx certs from the EFI MOK config table
  * Focal update: v5.4.157 upstream stable release (LP: #1951883)
    - ARM: 9133/1: mm: proc-macros: ensure *_tlb_fns are 4B aligned
    - ARM: 9134/1: remove duplicate memcpy() definition
    - ARM: 9139/1: kprobes: fix arch_init_kprobes() prototype
    - ARM: 9141/1: only warn about XIP address when not compile testing
    - ipv6: use siphash in rt6_exception_hash()
    - i...

Changed in linux-azure (Ubuntu Focal):
status: New → Fix Released
Revision history for this message
Launchpad Janitor (janitor) wrote :
Download full text (39.8 KiB)

This bug was fixed in the package linux-azure - 5.13.0-1009.10

---------------
linux-azure (5.13.0-1009.10) impish; urgency=medium

  * impish/linux-azure: 5.13.0-1009.10 -proposed tracker (LP: #1952257)

  * linux-azure: add Icelake servers support in no-HWP mode to
    cpufreq/intel_pstate driver (LP: #1952234)
    - cpufreq: intel_pstate: Add Icelake servers support in no-HWP mode

  [ Ubuntu: 5.13.0-23.23 ]

  * impish/linux: 5.13.0-23.23 -proposed tracker (LP: #1952263)
  * Packaging resync (LP: #1786013)
    - [Packaging] resync update-dkms-versions helper
    - debian/dkms-versions -- update from kernel-versions (main/2021.11.29)
  * CVE-2021-4002
    - hugetlbfs: flush TLBs correctly after huge_pmd_unshare
  * [SRU][I/OEM-5.13/OEM-5.14] Add MAC passthrough support for more Lenovo docks
    (LP: #1951767)
    - net: usb: r8152: Add MAC passthrough support for more Lenovo Docks
  * Fix non-working e1000e device after resume (LP: #1951861)
    - SAUCE: Revert "e1000e: Additional PHY power saving in S0ix"
    - SAUCE: Revert "e1000e: Add polling mechanism to indicate CSME DPG exit"
    - SAUCE: Revert "e1000e: Add handshake with the CSME to support S0ix"
  * CVE-2021-43267
    - tipc: fix size validations for the MSG_CRYPTO type
  * Impish update: upstream stable patchset 2021-11-22 (LP: #1951880)
    - ext4: check and update i_disksize properly
    - ext4: correct the error path of ext4_write_inline_data_end()
    - ASoC: Intel: sof_sdw: tag SoundWire BEs as non-atomic
    - HID: apple: Fix logical maximum and usage maximum of Magic Keyboard JIS
    - netfilter: ip6_tables: zero-initialize fragment offset
    - HID: wacom: Add new Intuos BT (CTL-4100WL/CTL-6100WL) device IDs
    - ASoC: SOF: loader: release_firmware() on load failure to avoid batching
    - netfilter: nf_nat_masquerade: make async masq_inet6_event handling generic
    - netfilter: nf_nat_masquerade: defer conntrack walk to work queue
    - mac80211: Drop frames from invalid MAC address in ad-hoc mode
    - m68k: Handle arrivals of multiple signals correctly
    - hwmon: (ltc2947) Properly handle errors when looking for the external clock
    - net: prevent user from passing illegal stab size
    - mac80211: check return value of rhashtable_init
    - vboxfs: fix broken legacy mount signature checking
    - net: sun: SUNVNET_COMMON should depend on INET
    - drm/amdgpu: fix gart.bo pin_count leak
    - scsi: ses: Fix unsigned comparison with less than zero
    - scsi: virtio_scsi: Fix spelling mistake "Unsupport" -> "Unsupported"
    - perf/core: fix userpage->time_enabled of inactive events
    - sched: Always inline is_percpu_thread()
    - hwmon: (pmbus/ibm-cffps) max_power_out swap changes
    - ALSA: usb-audio: Unify mixer resume and reset_resume procedure
    - KVM: arm64: nvhe: Fix missing FORCE for hyp-reloc.S build rule
    - pinctrl: qcom: sc7280: Add PM suspend callbacks
    - net: bgmac-platform: handle mac-address deferral
    - scsi: qla2xxx: Fix excessive messages during device logout
    - io_uring: kill fasync
    - upstream stable to v5.10.74, v5.14.13
    - ALSA: usb-audio: Add quirk for VF0770
    - ALSA: pcm: Workaround for a wrong offset in SYNC_PT...

Changed in linux-azure (Ubuntu Impish):
status: New → Fix Released
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package linux-oem-5.13 - 5.13.0-1026.32

---------------
linux-oem-5.13 (5.13.0-1026.32) focal; urgency=medium

  [ Ubuntu: 5.13.0-25.26 ]

  * amdgpu hangs for 90 seconds at a time in 5.13.0-23, but 5.13.0-22 works
    (LP: #1956401)
    - drm/amdkfd: fix boot failure when iommu is disabled in Picasso.
  * OOB write on BPF_RINGBUF (LP: #1956585)
    - SAUCE: bpf: prevent helper argument PTR_TO_ALLOC_MEM to have offset other
      than 0

 -- Thadeu Lima de Souza Cascardo <email address hidden> Fri, 07 Jan 2022 14:03:28 -0300

Changed in linux-oem-5.13 (Ubuntu Focal):
status: New → Fix Released
Revision history for this message
Steve Beattie (sbeattie) wrote :

Hi, is this still on the kernel team's radar to address in trusty and in the various linux-azure kernels?

Thanks!

Changed in linux-oem-5.14 (Ubuntu Trusty):
status: New → Invalid
Changed in linux-oem-5.13 (Ubuntu Trusty):
status: New → Invalid
Changed in linux-oem-5.10 (Ubuntu Trusty):
status: New → Invalid
To post a comment you must log in.
This report contains Public Security information  
Everyone can see this security related information.

Other bug subscribers