overlayfs regression - internal getxattr operations without sepolicy checking

Bug #1864669 reported by Joseph Salisbury
18
This bug affects 2 people
Affects Status Importance Assigned to Milestone
linux-aws (Ubuntu)
Undecided
Unassigned
Xenial
Undecided
Unassigned
Bionic
Undecided
Unassigned
Eoan
Undecided
Unassigned
Focal
Undecided
Unassigned
linux-azure (Ubuntu)
Undecided
Unassigned
Xenial
Undecided
Unassigned
Bionic
Undecided
Unassigned
Eoan
Undecided
Unassigned
Focal
Undecided
Unassigned
linux-azure-4.15 (Ubuntu)
Undecided
Unassigned
Xenial
Undecided
Unassigned
Bionic
Undecided
Unassigned
Eoan
Undecided
Unassigned
Focal
Undecided
Unassigned

Bug Description

Bug description and repro:

Run the following commands on host instances:

Prepare the overlayfs directories:
$ cd /tmp
$ mkdir -p base/dir1/dir2 upper olwork merged
$ touch base/dir1/dir2/file
$ chown -R 100000:100000 base upper olwork merged

Verify that the directory is owned by user 100000:
$ ls -al merged/
total 8
drwxr-xr-x 2 100000 100000 4096 Nov 1 07:08 .
drwxrwxrwt 16 root root 4096 Nov 1 07:08 ..

We use lxc-usernsexec to start a new shell as user 100000.
$ lxc-usernsexec -m b:0:100000:1 -- /bin/bash
$$ ls -al merged/
total 8
drwxr-xr-x 2 root root 4096 Nov 1 07:08 .
drwxrwxrwt 16 nobody nogroup 4096 Nov 1 07:08 ..

Notice that the ownership of . and .. has changed because the new shell is running as the remapped user.
Now, mount the overlayfs as an unprivileged user in the new shell. This is the key to trigger the bug.
$$ mount -t overlay -o lowerdir=base,upperdir=upper,workdir=olwork none merged
$$ ls -al merged/dir1/dir2/file
-rw-r--r-- 1 root root 0 Nov 1 07:09 merged/dir1/dir2/file

We can see the file in the base layer from the mount directory. Now trigger the bug:
$$ rm -rf merged/dir1/dir2/
$$ mkdir merged/dir1/dir2
$$ ls -al merged/dir1/dir2
total 12
drwxr-xr-x 2 root root 4096 Nov 1 07:10 .
drwxr-xr-x 1 root root 4096 Nov 1 07:10 ..

File does not show up in the newly created dir2 as expected. But it will reappear after we remount the filesystem (or any other means that might evict the cached dentry, such as attempt to delete the parent directory):
$$ umount merged
$$ mount -t overlay -o lowerdir=base,upperdir=upper,workdir=olwork none merged
$$ ls -al merged/dir1/dir2
total 12
drwxr-xr-x 1 root root 4096 Nov 1 07:10 .
drwxr-xr-x 1 root root 4096 Nov 1 07:10 ..
-rw-r--r-- 1 root root 0 Nov 1 07:09 file
$$ exit
$

This is a recent kernel regression. I tried the above step on an old kernel (4.4.0-1072-aws) but cannot reproduce.

I looked up linux source code and figured out where the "regression" is coming from. The issue lies in how overlayfs checks the "opaque" flag from the underlying upper-level filesystem. It checks the "trusted.overlay.opaque" extended attribute to decide whether to hide the directory content from the lower level. The logic are different in 4.4 and 4.15 kernel.
In 4.4: https://elixir.bootlin.com/linux/v4.4/source/fs/overlayfs/super.c#L255
static bool ovl_is_opaquedir(struct dentry *dentry)
{
 int res;
 char val;
 struct inode *inode = dentry->d_inode;

 if (!S_ISDIR(inode->i_mode) || !inode->i_op->getxattr)
  return false;

 res = inode->i_op->getxattr(dentry, OVL_XATTR_OPAQUE, &val, 1);
 if (res == 1 && val == 'y')
  return true;

 return false;
}

In 4.15: https://elixir.bootlin.com/linux/v4.15/source/fs/overlayfs/util.c#L349
static bool ovl_is_opaquedir(struct dentry *dentry)
{
 return ovl_check_dir_xattr(dentry, OVL_XATTR_OPAQUE);
}

bool ovl_check_dir_xattr(struct dentry *dentry, const char *name)
{
 int res;
 char val;

 if (!d_is_dir(dentry))
  return false;

 res = vfs_getxattr(dentry, name, &val, 1);
 if (res == 1 && val == 'y')
  return true;

 return false;
}

The 4.4 version simply uses the internal i_node callback inode->i_op->getxattr from the host filesystem, which doesn't perform any permission check. While the 4.15 version calls the VFS interface vfs_getxattr that performs bunch of permission checks before the calling the internal insecure callback __vfs_getxattr:
See https://elixir.bootlin.com/linux/v4.15/source/fs/xattr.c#L317
ssize_t
vfs_getxattr(struct dentry *dentry, const char *name, void *value, size_t size)
{
 struct inode *inode = dentry->d_inode;
 int error;

 error = xattr_permission(inode, name, MAY_READ);
 if (error)
  return error;

 error = security_inode_getxattr(dentry, name);
 if (error)
  return error;

 if (!strncmp(name, XATTR_SECURITY_PREFIX,
    XATTR_SECURITY_PREFIX_LEN)) {
  const char *suffix = name + XATTR_SECURITY_PREFIX_LEN;
  int ret = xattr_getsecurity(inode, suffix, value, size);
  /*
   * Only overwrite the return value if a security module
   * is actually active.
   */
  if (ret == -EOPNOTSUPP)
   goto nolsm;
  return ret;
 }
nolsm:
 return __vfs_getxattr(dentry, inode, name, value, size);
}

In 4.15, ovl_is_opaquedir is called by the following caller:
ovl_is_opaquedir <-
ovl_lookup_single() <-
ovl_lookup_layer <-
ovl_lookup,
ovl_lookup is the entry point for directory listing in overlayfs. Importantly, it assumes the filesystem mounter's credential to perform all internal lookup operations:
struct dentry *ovl_lookup(struct inode *dir, struct dentry *dentry,
     unsigned int flags)
{
   old_cred = ovl_override_creds(dentry->d_sb);
   // perform lookups
   // ....
   revert_creds(old_cred);
}

The "credential switching" logic also does not exist in the 4.4 kernel: https://elixir.bootlin.com/linux/v4.4/source/fs/overlayfs/super.c#L397
That means, on 4.15, overlayfs uses the file system mounter's credential to fetch the "trusted.overlay.opaque" xattr from the underlying filesystem. This can fail the permission check if the overlayfs is mounted by a remapped user, who doesn't have CAP_SYS_ADMIN capability
See https://elixir.bootlin.com/linux/v4.15/source/fs/xattr.c#L115:
static int xattr_permission(struct inode *inode, const char *name, int mask)
{
 ....
   /*
  * The trusted.* namespace can only be accessed by privileged users.
  */
 if (!strncmp(name, XATTR_TRUSTED_PREFIX, XATTR_TRUSTED_PREFIX_LEN)) {
  if (!capable(CAP_SYS_ADMIN))
   return (mask & MAY_WRITE) ? -EPERM : -ENODATA;
  return 0;
 }
....
}

When this call fails, overlayfs assumes the upper directory is not "opaque" and combines the content from the lower directory in the result.

There's a proposed patch to fix this issue: https://lkml.org/lkml/2019/7/30/787
The patch calls the insecure __vfs_getxattr to fetch the opaque flag so that it can bypass the permission check even if the other lookup operation is done under the mounter's credential.
However, the patch hasn't been merged to the upstream linux kernel as of today (see https://elixir.bootlin.com/linux/v5.4-rc5/source/fs/overlayfs/util.c#L551).

Revision history for this message
Marcelo Cerri (mhcerri) wrote :

Hi, Joe.

Are you aware of any real user case being affected by that? Do you think that can wait until the patchset is merged upstream?

Revision history for this message
Marcelo Cerri (mhcerri) wrote :
Revision history for this message
Launchpad Janitor (janitor) wrote :
Download full text (22.4 KiB)

This bug was fixed in the package linux-azure - 5.4.0-1009.9

---------------
linux-azure (5.4.0-1009.9) focal; urgency=medium

  * focal/linux-azure: 5.4.0-1009.9 -proposed tracker (LP: #1870498)

  * Focal update: v5.4.29 upstream stable release (LP: #1870142)
    - [Config] azure: Update config for NET_REDIRECT

  * Packaging resync (LP: #1786013)
    - [Packaging] update helper scripts

  * [linux-azure] overlayfs regression - internal getxattr operations without
    sepolicy checking (LP: #1864669)
    - SAUCE: overlayfs: internal getxattr operations without sepolicy checking

  [ Ubuntu: 5.4.0-22.26 ]

  * focal/linux: 5.4.0-22.26 -proposed tracker (LP: #1870502)
  * Packaging resync (LP: #1786013)
    - [Packaging] update variants
    - [Packaging] update helper scripts
    - update dkms package versions
  * [SFC-0316]sync mainline kernel 5.7rc1 SFC patchset into ubuntu HWE kernel
    branch (LP: #1867588)
    - spi: Allow SPI controller override device buswidth
    - spi: HiSilicon v3xx: Properly set CMD_CONFIG for Dual/Quad modes
    - spi: HiSilicon v3xx: Use DMI quirk to set controller buswidth override bits
  * [hns3-0316]sync mainline kernel 5.6rc4 hns3 patchset into ubuntu HWE kernel
    branch (LP: #1867586)
    - net: hns3: fix VF VLAN table entries inconsistent issue
    - net: hns3: fix RMW issue for VLAN filter switch
    - net: hns3: clear port base VLAN when unload PF
  * [sas-0316]sync mainline kernel 5.6rc1 roce patchset into ubuntu HWE kernel
    branch (LP: #1867587)
    - scsi: hisi_sas: use threaded irq to process CQ interrupts
    - scsi: hisi_sas: replace spin_lock_irqsave/spin_unlock_restore with
      spin_lock/spin_unlock
    - scsi: hisi_sas: Replace magic number when handle channel interrupt
    - scsi: hisi_sas: Modify the file permissions of trigger_dump to write only
    - scsi: hisi_sas: Add prints for v3 hw interrupt converge and automatic
      affinity
    - scsi: hisi_sas: Rename hisi_sas_cq.pci_irq_mask
  * Revert "nvme_fc: add module to ops template to allow module references"
    (LP: #1869947)
    - SAUCE: Revert "nvme_fc: add module to ops template to allow module
      references"
  * suspend only works once on ThinkPad X1 Carbon gen 7 (LP: #1865570)
    - Revert "UBUNTU: SAUCE: e1000e: Disable s0ix flow for X1 Carbon 7th"
    - SAUCE: e1000e: bump up timeout to wait when ME un-configure ULP mode
  * Focal update: v5.4.29 upstream stable release (LP: #1870142)
    - mmc: core: Allow host controllers to require R1B for CMD6
    - mmc: core: Respect MMC_CAP_NEED_RSP_BUSY for erase/trim/discard
    - mmc: core: Respect MMC_CAP_NEED_RSP_BUSY for eMMC sleep command
    - mmc: sdhci-omap: Fix busy detection by enabling MMC_CAP_NEED_RSP_BUSY
    - mmc: sdhci-tegra: Fix busy detection by enabling MMC_CAP_NEED_RSP_BUSY
    - ACPI: PM: s2idle: Rework ACPI events synchronization
    - cxgb4: fix throughput drop during Tx backpressure
    - cxgb4: fix Txq restart check during backpressure
    - geneve: move debug check after netdev unregister
    - hsr: fix general protection fault in hsr_addr_is_self()
    - ipv4: fix a RCU-list lock in inet_dump_fib()
    - macsec: restrict to ethernet devices
    - mlxs...

Changed in linux-azure (Ubuntu):
status: New → Fix Released
Marcelo Cerri (mhcerri)
Changed in linux-azure-4.15 (Ubuntu Xenial):
status: New → Invalid
Changed in linux-azure-4.15 (Ubuntu Bionic):
status: New → Fix Committed
Changed in linux-azure-4.15 (Ubuntu Eoan):
status: New → Invalid
Changed in linux-azure-4.15 (Ubuntu Focal):
status: New → Invalid
Changed in linux-azure (Ubuntu Eoan):
status: New → Fix Committed
Changed in linux-azure (Ubuntu Bionic):
status: New → Fix Committed
Changed in linux-azure (Ubuntu Xenial):
status: New → Fix Committed
Revision history for this message
Launchpad Janitor (janitor) wrote :
Download full text (65.1 KiB)

This bug was fixed in the package linux-azure - 5.3.0-1020.21

---------------
linux-azure (5.3.0-1020.21) eoan; urgency=medium

  * eoan/linux-azure: 5.3.0-1020.21 -proposed tracker (LP: #1870711)

  * [linux-azure] overlayfs regression - internal getxattr operations without
    sepolicy checking (LP: #1864669)
    - SAUCE: overlayfs: internal getxattr operations without sepolicy checking

  [ Ubuntu: 5.3.0-47.39 ]

  * eoan/linux: 5.3.0-47.39 -proposed tracker (LP: #1870720)
  * Packaging resync (LP: #1786013)
    - update dkms package versions
  * All PS/2 ports on PS/2 Serial add-in bracket are not working after S3
    (LP: #1866734)
    - SAUCE: Input: i8042 - fix the selftest retry logic
  * Eoan update: upstream stable patchset 2020-03-31 (LP: #1869908)
    - ACPI: watchdog: Allow disabling WDAT at boot
    - HID: apple: Add support for recent firmware on Magic Keyboards
    - cfg80211: check reg_rule for NULL in handle_channel_custom()
    - scsi: libfc: free response frame from GPN_ID
    - net: usb: qmi_wwan: restore mtu min/max values after raw_ip switch
    - net: ks8851-ml: Fix IRQ handling and locking
    - mac80211: rx: avoid RCU list traversal under mutex
    - signal: avoid double atomic counter increments for user accounting
    - slip: not call free_netdev before rtnl_unlock in slip_open
    - hinic: fix a irq affinity bug
    - hinic: fix a bug of setting hw_ioctxt
    - net: rmnet: fix NULL pointer dereference in rmnet_newlink()
    - net: rmnet: fix NULL pointer dereference in rmnet_changelink()
    - net: rmnet: fix suspicious RCU usage
    - net: rmnet: remove rcu_read_lock in rmnet_force_unassociate_device()
    - net: rmnet: do not allow to change mux id if mux id is duplicated
    - net: rmnet: use upper/lower device infrastructure
    - net: rmnet: fix bridge mode bugs
    - net: rmnet: fix packet forwarding in rmnet bridge mode
    - sfc: fix timestamp reconstruction at 16-bit rollover points
    - jbd2: fix data races at struct journal_head
    - driver core: Remove device link creation limitation
    - driver core: Fix creation of device links with PM-runtime flags
    - net: qrtr: fix len of skb_put_padto in qrtr_node_enqueue
    - ARM: 8957/1: VDSO: Match ARMv8 timer in cntvct_functional()
    - ARM: 8958/1: rename missed uaccess .fixup section
    - mm: slub: add missing TID bump in kmem_cache_alloc_bulk()
    - HID: google: add moonball USB id
    - ipv4: ensure rcu_read_lock() in cipso_v4_error()
    - netfilter: hashlimit: do not use indirect calls during gc
    - netfilter: xt_hashlimit: unregister proc file before releasing mutex
    - ACPI: watchdog: Set default timeout in probe
    - HID: hid-bigbenff: fix general protection fault caused by double kfree
    - HID: hid-bigbenff: call hid_hw_stop() in case of error
    - HID: hid-bigbenff: fix race condition for scheduled work during removal
    - selftests/rseq: Fix out-of-tree compilation
    - net: ll_temac: Fix race condition causing TX hang
    - net: ll_temac: Add more error handling of dma_map_single() calls
    - net: ll_temac: Fix RX buffer descriptor handling on GFP_ATOMIC pressure
    - net: ll_temac: Handle DMA halt condition caused by buffer...

Changed in linux-azure (Ubuntu Eoan):
status: Fix Committed → Fix Released
Revision history for this message
Launchpad Janitor (janitor) wrote :
Download full text (41.4 KiB)

This bug was fixed in the package linux-azure-4.15 - 4.15.0-1082.92

---------------
linux-azure-4.15 (4.15.0-1082.92) bionic; urgency=medium

  * bionic/linux-azure-4.15: 4.15.0-1082.92 -proposed tracker (LP: #1870673)

  * Commits to resolve high network latency (LP: #1864233)
    - hv_netvsc: Fix tx_table init in rndis_set_subchannel()
    - hv_netvsc: simplify function args in receive status path
    - hv_netvsc: simplify receive side calling arguments
    - hv_netvsc: Fix offset usage in netvsc_send_table()
    - hv_netvsc: Add NetVSP v6 and v6.1 into version negotiation
    - hv_netvsc: Fix send_table offset in case of a host bug

  * [linux-azure] overlayfs regression - internal getxattr operations without
    sepolicy checking (LP: #1864669)
    - SAUCE: overlayfs: internal getxattr operations without sepolicy checking

  [ Ubuntu: 4.15.0-97.98 ]

  * bionic/linux: 4.15.0-97.98 -proposed tracker (LP: #1871312)
  * All PS/2 ports on PS/2 Serial add-in bracket are not working after S3
    (LP: #1866734)
    - SAUCE: Input: i8042 - fix the selftest retry logic
  * Bionic update: upstream stable patchset 2020-04-03 (LP: #1870604)
    - spi: qup: call spi_qup_pm_resume_runtime before suspending
    - powerpc: Include .BTF section
    - ARM: dts: dra7: Add "dma-ranges" property to PCIe RC DT nodes
    - spi: pxa2xx: Add CS control clock quirk
    - spi/zynqmp: remove entry that causes a cs glitch
    - drm/exynos: dsi: propagate error value and silence meaningless warning
    - drm/exynos: dsi: fix workaround for the legacy clock name
    - drivers/perf: arm_pmu_acpi: Fix incorrect checking of gicc pointer
    - altera-stapl: altera_get_note: prevent write beyond end of 'key'
    - dm bio record: save/restore bi_end_io and bi_integrity
    - xenbus: req->body should be updated before req->state
    - xenbus: req->err should be updated before req->state
    - block, bfq: fix overwrite of bfq_group pointer in bfq_find_set_group()
    - parse-maintainers: Mark as executable
    - USB: Disable LPM on WD19's Realtek Hub
    - usb: quirks: add NO_LPM quirk for RTL8153 based ethernet adapters
    - USB: serial: option: add ME910G1 ECM composition 0x110b
    - usb: host: xhci-plat: add a shutdown
    - USB: serial: pl2303: add device-id for HP LD381
    - usb: xhci: apply XHCI_SUSPEND_DELAY to AMD XHCI controller 1022:145c
    - ALSA: line6: Fix endless MIDI read loop
    - ALSA: seq: virmidi: Fix running status after receiving sysex
    - ALSA: seq: oss: Fix running status after receiving sysex
    - ALSA: pcm: oss: Avoid plugin buffer overflow
    - ALSA: pcm: oss: Remove WARNING from snd_pcm_plug_alloc() checks
    - iio: trigger: stm32-timer: disable master mode when stopping
    - iio: magnetometer: ak8974: Fix negative raw values in sysfs
    - mmc: sdhci-of-at91: fix cd-gpios for SAMA5D2
    - staging: rtl8188eu: Add device id for MERCUSYS MW150US v2
    - staging/speakup: fix get_word non-space look-ahead
    - intel_th: Fix user-visible error codes
    - intel_th: pci: Add Elkhart Lake CPU support
    - rtc: max8907: add missing select REGMAP_IRQ
    - xhci: Do not open code __print_symbolic() in xhci trace events
    - memcg: fix NULL poi...

Changed in linux-azure-4.15 (Ubuntu Bionic):
status: Fix Committed → Fix Released
Revision history for this message
Launchpad Janitor (janitor) wrote :
Download full text (41.6 KiB)

This bug was fixed in the package linux-azure - 4.15.0-1082.92~16.04.1

---------------
linux-azure (4.15.0-1082.92~16.04.1) xenial; urgency=medium

  * xenial/linux-azure: 4.15.0-1082.92~16.04.1 -proposed tracker (LP: #1870683)

  * Strip specific changes from update-from-*master (LP: #1817734)
    - Packaging: Introduce copy-files and local-mangle

  * Packaging resync (LP: #1786013)
    - [Packaging] update update.conf

  [ Ubuntu: 4.15.0-1082.92 ]

  * bionic/linux-azure-4.15: 4.15.0-1082.92 -proposed tracker (LP: #1870673)
  * Commits to resolve high network latency (LP: #1864233)
    - hv_netvsc: Fix tx_table init in rndis_set_subchannel()
    - hv_netvsc: simplify function args in receive status path
    - hv_netvsc: simplify receive side calling arguments
    - hv_netvsc: Fix offset usage in netvsc_send_table()
    - hv_netvsc: Add NetVSP v6 and v6.1 into version negotiation
    - hv_netvsc: Fix send_table offset in case of a host bug
  * [linux-azure] overlayfs regression - internal getxattr operations without
    sepolicy checking (LP: #1864669)
    - SAUCE: overlayfs: internal getxattr operations without sepolicy checking
  * bionic/linux: 4.15.0-97.98 -proposed tracker (LP: #1871312)
  * All PS/2 ports on PS/2 Serial add-in bracket are not working after S3
    (LP: #1866734)
    - SAUCE: Input: i8042 - fix the selftest retry logic
  * Bionic update: upstream stable patchset 2020-04-03 (LP: #1870604)
    - spi: qup: call spi_qup_pm_resume_runtime before suspending
    - powerpc: Include .BTF section
    - ARM: dts: dra7: Add "dma-ranges" property to PCIe RC DT nodes
    - spi: pxa2xx: Add CS control clock quirk
    - spi/zynqmp: remove entry that causes a cs glitch
    - drm/exynos: dsi: propagate error value and silence meaningless warning
    - drm/exynos: dsi: fix workaround for the legacy clock name
    - drivers/perf: arm_pmu_acpi: Fix incorrect checking of gicc pointer
    - altera-stapl: altera_get_note: prevent write beyond end of 'key'
    - dm bio record: save/restore bi_end_io and bi_integrity
    - xenbus: req->body should be updated before req->state
    - xenbus: req->err should be updated before req->state
    - block, bfq: fix overwrite of bfq_group pointer in bfq_find_set_group()
    - parse-maintainers: Mark as executable
    - USB: Disable LPM on WD19's Realtek Hub
    - usb: quirks: add NO_LPM quirk for RTL8153 based ethernet adapters
    - USB: serial: option: add ME910G1 ECM composition 0x110b
    - usb: host: xhci-plat: add a shutdown
    - USB: serial: pl2303: add device-id for HP LD381
    - usb: xhci: apply XHCI_SUSPEND_DELAY to AMD XHCI controller 1022:145c
    - ALSA: line6: Fix endless MIDI read loop
    - ALSA: seq: virmidi: Fix running status after receiving sysex
    - ALSA: seq: oss: Fix running status after receiving sysex
    - ALSA: pcm: oss: Avoid plugin buffer overflow
    - ALSA: pcm: oss: Remove WARNING from snd_pcm_plug_alloc() checks
    - iio: trigger: stm32-timer: disable master mode when stopping
    - iio: magnetometer: ak8974: Fix negative raw values in sysfs
    - mmc: sdhci-of-at91: fix cd-gpios for SAMA5D2
    - staging: rtl8188eu: Add device id for MERCUSYS MW150US v2
    - staging...

Changed in linux-azure (Ubuntu Xenial):
status: Fix Committed → Fix Released
Marcelo Cerri (mhcerri)
Changed in linux-aws (Ubuntu Xenial):
status: New → Invalid
Changed in linux-aws (Ubuntu Bionic):
status: New → In Progress
Changed in linux-aws (Ubuntu Eoan):
status: New → In Progress
Changed in linux-aws (Ubuntu Focal):
status: New → In Progress
Marcelo Cerri (mhcerri)
summary: - [linux-azure] overlayfs regression - internal getxattr operations
- without sepolicy checking
+ overlayfs regression - internal getxattr operations without sepolicy
+ checking
Revision history for this message
Launchpad Janitor (janitor) wrote :

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in linux-aws (Ubuntu):
status: New → Confirmed
Changed in linux-aws (Ubuntu Eoan):
status: In Progress → Fix Committed
Changed in linux-aws (Ubuntu Bionic):
status: In Progress → Fix Committed
Changed in linux-aws (Ubuntu Focal):
status: In Progress → Fix Committed
Revision history for this message
Launchpad Janitor (janitor) wrote :
Download full text (99.2 KiB)

This bug was fixed in the package linux-aws - 5.4.0-1022.22

---------------
linux-aws (5.4.0-1022.22) focal; urgency=medium

  * focal/linux-aws: 5.4.0-1022.22 -proposed tracker (LP: #1890734)

  * Focal update: v5.4.51 upstream stable release (LP: #1886995)
    - [Config] aws: updateconfigs for EFI_CUSTOM_SSDT_OVERLAYS

  * Focal update: v5.4.53 upstream stable release (LP: #1888560)
    - [Config] aws: updateconfigs for BLK_DEV_SR_VENDOR

  * Focal update: v5.4.52 upstream stable release (LP: #1887853)
    - [Packaging] aws: module intel-rapl-perf rename

  * Packaging resync (LP: #1786013)
    - [Packaging] update variants
    - [Packaging] update update.conf

  * add pvtime support for arm64 guests (LP: #1889282)
    - arm/arm64: smccc/psci: add arm_smccc_1_1_get_conduit()
    - arm64: errata: use arm_smccc_1_1_get_conduit()
    - arm: spectre-v2: use arm_smccc_1_1_get_conduit()
    - firmware/psci: use common SMCCC_CONDUIT_*
    - firmware: arm_sdei: use common SMCCC_CONDUIT_*
    - KVM: arm64: Document PV-time interface
    - KVM: arm/arm64: Factor out hypercall handling from PSCI code
    - KVM: arm64: Implement PV_TIME_FEATURES call
    - KVM: Implement kvm_put_guest()
    - KVM: arm64: Support stolen time reporting via shared structure
    - KVM: Allow kvm_device_ops to be const
    - KVM: arm64: Provide VCPU attributes for stolen time
    - arm/arm64: Provide a wrapper for SMCCC 1.1 calls
    - arm/arm64: Make use of the SMCCC 1.1 wrapper
    - arm64: Retrieve stolen time as paravirtualized guest

  * overlayfs regression - internal getxattr operations without sepolicy
    checking (LP: #1864669)
    - SAUCE: overlayfs: internal getxattr operations without sepolicy checking

  [ Ubuntu: 5.4.0-44.48 ]

  * focal/linux: 5.4.0-44.48 -proposed tracker (LP: #1891049)
  * Packaging resync (LP: #1786013)
    - [Packaging] update helper scripts
  * ipsec: policy priority management is broken (LP: #1890796)
    - xfrm: policy: match with both mark and mask on user interfaces

  [ Ubuntu: 5.4.0-43.47 ]

  * focal/linux: 5.4.0-43.47 -proposed tracker (LP: #1890746)
  * Packaging resync (LP: #1786013)
    - update dkms package versions
  * Devlink - add RoCE disable kernel support (LP: #1877270)
    - devlink: Add new "enable_roce" generic device param
    - net/mlx5: Document flow_steering_mode devlink param
    - net/mlx5: Handle "enable_roce" devlink param
    - IB/mlx5: Rename profile and init methods
    - IB/mlx5: Load profile according to RoCE enablement state
    - net/mlx5: Remove unneeded variable in mlx5_unload_one
    - net/mlx5: Add devlink reload
    - IB/mlx5: Do reverse sequence during device removal
  * msg_zerocopy.sh in net from ubuntu_kernel_selftests failed (LP: #1812620)
    - selftests/net: relax cpu affinity requirement in msg_zerocopy test
  * Enlarge hisi_sec2 capability (LP: #1890222)
    - Revert "UBUNTU: [Config] Disable hisi_sec2 temporarily"
    - crypto: hisilicon - update SEC driver module parameter
  * Fix missing HDMI/DP Audio on an HP Desktop (LP: #1890441)
    - ALSA: hda/hdmi: Add quirk to force connectivity
  * Fix IOMMU error on AMD Radeon Pro W5700 (LP: #1890306)
    - PCI: Mark AMD Navi10 GPU rev 0x0...

Changed in linux-aws (Ubuntu Focal):
status: Fix Committed → Fix Released
Revision history for this message
Launchpad Janitor (janitor) wrote :
Download full text (55.3 KiB)

This bug was fixed in the package linux-aws - 4.15.0-1080.84

---------------
linux-aws (4.15.0-1080.84) bionic; urgency=medium

  * bionic/linux-aws: 4.15.0-1080.84 -proposed tracker (LP: #1890686)

  * Bionic update: upstream stable patchset 2020-07-17 (LP: #1887990)
    - [Config] aws: updateconfigs for EFI_CUSTOM_SSDT_OVERLAYS

  * Bionic update: upstream stable patchset 2020-07-24 (LP: #1888907)
    - [Config] aws: updateconfigs for BLK_DEV_SR_VENDOR

  * Packaging resync (LP: #1786013)
    - [Packaging] update helper scripts
    - [Packaging] update update.conf

  * overlayfs regression - internal getxattr operations without sepolicy
    checking (LP: #1864669)
    - SAUCE: overlayfs: internal getxattr operations without sepolicy checking

  [ Ubuntu: 4.15.0-114.115 ]

  * bionic/linux: 4.15.0-114.115 -proposed tracker (LP: #1891052)
  * ipsec: policy priority management is broken (LP: #1890796)
    - xfrm: policy: match with both mark and mask on user interfaces

  [ Ubuntu: 4.15.0-113.114 ]

  * bionic/linux: 4.15.0-113.114 -proposed tracker (LP: #1890705)
  * Packaging resync (LP: #1786013)
    - update dkms package versions
  * Reapply "usb: handle warm-reset port requests on hub resume" (LP: #1859873)
    - usb: handle warm-reset port requests on hub resume
  * Bionic update: upstream stable patchset 2020-07-29 (LP: #1889474)
    - gpio: arizona: handle pm_runtime_get_sync failure case
    - gpio: arizona: put pm_runtime in case of failure
    - pinctrl: amd: fix npins for uart0 in kerncz_groups
    - mac80211: allow rx of mesh eapol frames with default rx key
    - scsi: scsi_transport_spi: Fix function pointer check
    - xtensa: fix __sync_fetch_and_{and,or}_4 declarations
    - xtensa: update *pos in cpuinfo_op.next
    - drivers/net/wan/lapbether: Fixed the value of hard_header_len
    - net: sky2: initialize return of gm_phy_read
    - drm/nouveau/i2c/g94-: increase NV_PMGR_DP_AUXCTL_TRANSACTREQ timeout
    - irqdomain/treewide: Keep firmware node unconditionally allocated
    - SUNRPC reverting d03727b248d0 ("NFSv4 fix CLOSE not waiting for direct IO
      compeletion")
    - spi: spi-fsl-dspi: Exit the ISR with IRQ_NONE when it's not ours
    - IB/umem: fix reference count leak in ib_umem_odp_get()
    - uprobes: Change handle_swbp() to send SIGTRAP with si_code=SI_KERNEL, to fix
      GDB regression
    - ALSA: info: Drop WARN_ON() from buffer NULL sanity check
    - ASoC: rt5670: Correct RT5670_LDO_SEL_MASK
    - btrfs: fix double free on ulist after backref resolution failure
    - btrfs: fix mount failure caused by race with umount
    - btrfs: fix page leaks after failure to lock page for delalloc
    - bnxt_en: Fix race when modifying pause settings.
    - hippi: Fix a size used in a 'pci_free_consistent()' in an error handling
      path
    - ax88172a: fix ax88172a_unbind() failures
    - net: dp83640: fix SIOCSHWTSTAMP to update the struct with actual
      configuration
    - drm: sun4i: hdmi: Fix inverted HPD result
    - net: smc91x: Fix possible memory leak in smc_drv_probe()
    - bonding: check error value of register_netdevice() immediately
    - mlxsw: destroy workqueue when trap_register in mlxsw_emad_init...

Changed in linux-aws (Ubuntu Bionic):
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers