linux-azure: Update SGX version to version LD_1.33

Bug #1881338 reported by Marcelo Cerri on 2020-05-29
10
This bug affects 1 person
Affects Status Importance Assigned to Milestone
linux-azure (Ubuntu)
Undecided
Marcelo Cerri
Xenial
Undecided
Unassigned
Bionic
Undecided
Unassigned
Eoan
Undecided
Unassigned
Focal
Undecided
Unassigned
linux-azure-4.15 (Ubuntu)
Undecided
Unassigned
Xenial
Undecided
Unassigned
Bionic
Undecided
Unassigned
Eoan
Undecided
Unassigned
Focal
Undecided
Unassigned
linux-base (Ubuntu)
Undecided
Unassigned
Xenial
Undecided
Unassigned
Bionic
Undecided
Unassigned
Eoan
Undecided
Unassigned
Focal
Undecided
Unassigned

Bug Description

[Impact]

We have included the DCAP version of SGX into the linux-azure kernels in order to provide a signed version of this driver that can be used with secure boot in Azure instances.

Since a new version of this driver was released, we should update the embedded driver:

https://github.com/intel/SGXDataCenterAttestationPrimitives/tree/LD_1.33/driver/linux

[Test Case]

- Install the new kernel on an ACC azure instance.
- Ensure the module loads properly.
- Check if ECL (provided on the azure images) is working properly.

[Regression Potential]

The changes are extensive, but both Canonical and Microsoft perform validation tests on SGX. Besides that, the change is restricted to linux-azure running on specific instances.

Marcelo Cerri (mhcerri) on 2020-05-29
Changed in linux-azure-4.15 (Ubuntu Eoan):
status: New → Invalid
Changed in linux-azure-4.15 (Ubuntu Focal):
status: New → Invalid
Marcelo Cerri (mhcerri) wrote :
Marcelo Cerri (mhcerri) wrote :
tags: added: patch
Marcelo Cerri (mhcerri) on 2020-06-09
description: updated
Marcelo Cerri (mhcerri) on 2020-06-25
Changed in linux-azure-4.15 (Ubuntu Xenial):
status: New → Invalid
Changed in linux-azure (Ubuntu Xenial):
status: New → Invalid
Marcelo Cerri (mhcerri) wrote :
Marcelo Cerri (mhcerri) wrote :
Marcelo Cerri (mhcerri) wrote :
Marcelo Cerri (mhcerri) wrote :
Changed in linux-azure (Ubuntu Bionic):
status: New → Fix Committed
Changed in linux-azure (Ubuntu Eoan):
status: New → Fix Committed
Changed in linux-azure (Ubuntu Focal):
status: New → Fix Committed
Changed in linux-azure-4.15 (Ubuntu Bionic):
status: New → Fix Committed
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package linux-base - 4.5ubuntu4

---------------
linux-base (4.5ubuntu4) groovy; urgency=medium

  * Update SGX udev rules for version LD_1.33 (LP: #1881338).

 -- Marcelo Henrique Cerri <email address hidden> Thu, 25 Jun 2020 14:23:24 -0300

Changed in linux-base (Ubuntu):
status: New → Fix Released

Hello Marcelo, or anyone else affected,

Accepted linux-base into focal-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/linux-base/4.5ubuntu3.1 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, what testing has been performed on the package and change the tag from verification-needed-focal to verification-done-focal. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-focal. In either case, without details of your testing we will not be able to proceed.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping!

N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days.

Changed in linux-base (Ubuntu Focal):
status: New → Fix Committed
Changed in linux-base (Ubuntu Eoan):
status: New → Fix Committed
Andy Whitcroft (apw) wrote :

Hello Marcelo, or anyone else affected,

Accepted linux-base into eoan-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/linux-base/4.5ubuntu2.2 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, what testing has been performed on the package and change the tag from verification-needed-eoan to verification-done-eoan. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-eoan. In either case, without details of your testing we will not be able to proceed.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping!

N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days.

Changed in linux-base (Ubuntu Bionic):
status: New → Fix Committed
Andy Whitcroft (apw) wrote :

Hello Marcelo, or anyone else affected,

Accepted linux-base into bionic-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/linux-base/4.5ubuntu1.2 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, what testing has been performed on the package and change the tag from verification-needed-bionic to verification-done-bionic. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-bionic. In either case, without details of your testing we will not be able to proceed.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping!

N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days.

Changed in linux-base (Ubuntu Xenial):
status: New → Fix Committed
Andy Whitcroft (apw) wrote :

Hello Marcelo, or anyone else affected,

Accepted linux-base into xenial-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/linux-base/4.5ubuntu1.2~16.04.1 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, what testing has been performed on the package and change the tag from verification-needed-xenial to verification-done-xenial. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-xenial. In either case, without details of your testing we will not be able to proceed.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping!

N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days.

All autopkgtests for the newly accepted linux-base (4.5ubuntu2.2) for eoan have finished running.
The following regressions have been reported in tests triggered by the package:

makedumpfile/1:1.6.6-2ubuntu2.1 (ppc64el, i386)

Please visit the excuses page listed below and investigate the failures, proceeding afterwards as per the StableReleaseUpdates policy regarding autopkgtest regressions [1].

https://people.canonical.com/~ubuntu-archive/proposed-migration/eoan/update_excuses.html#linux-base

[1] https://wiki.ubuntu.com/StableReleaseUpdates#Autopkgtest_Regressions

Thank you!

All autopkgtests for the newly accepted linux-base (4.5ubuntu1.2) for bionic have finished running.
The following regressions have been reported in tests triggered by the package:

linux-hwe-5.0/5.0.0-53.57~18.04.1 (armhf)
makedumpfile/1:1.6.5-1ubuntu1~18.04.5 (ppc64el)
linux-hwe-5.4/5.4.0-40.44~18.04.1 (armhf)
linux-raspi2-5.3/5.3.0-1028.30~18.04.2 (armhf)

Please visit the excuses page listed below and investigate the failures, proceeding afterwards as per the StableReleaseUpdates policy regarding autopkgtest regressions [1].

https://people.canonical.com/~ubuntu-archive/proposed-migration/bionic/update_excuses.html#linux-base

[1] https://wiki.ubuntu.com/StableReleaseUpdates#Autopkgtest_Regressions

Thank you!

Marcelo Cerri (mhcerri) wrote :

I've tested linux-base-sgx (also updating linux-base) on focal, eoan, bionic and xenial and the udev rules are working as intended. I also got positive confirmation from our partners that tested this new version.

Marcelo Cerri (mhcerri) wrote :

I've tested linux-base-sgx (also updating linux-base) on focal, eoan, bionic and xenial and the udev rules are working as intended. I also got positive confirmation from our partners that tested this new version.

Versions tested:

bionic: 4.5ubuntu1.2
xenial: 4.5ubuntu1.2~16.04.1
eoan: 4.5ubuntu2.2
focal: 4.5ubuntu3.1

Marcelo Cerri (mhcerri) wrote :

The regressions reported by Ubuntu SRU Bot for Focal and Eoan are not related to the new version of linux-base and they seem to be timeouts. I re-triggered them for now.

Marcelo Cerri (mhcerri) on 2020-06-29
tags: added: verification-done-bionic verification-done-eoan verification-done-focal verification-done-xenial
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package linux-base - 4.5ubuntu3.1

---------------
linux-base (4.5ubuntu3.1) focal; urgency=medium

  * Update SGX udev rules for version LD_1.33 (LP: #1881338).

 -- Marcelo Henrique Cerri <email address hidden> Thu, 25 Jun 2020 14:23:24 -0300

Changed in linux-base (Ubuntu Focal):
status: Fix Committed → Fix Released

The verification of the Stable Release Update for linux-base has completed successfully and the package is now being released to -updates. Subsequently, the Ubuntu Stable Release Updates Team is being unsubscribed and will not receive messages about this bug report. In the event that you encounter a regression using the package from -updates please report a new bug using ubuntu-bug and tag the bug report regression-update so we can easily find any regressions.

Launchpad Janitor (janitor) wrote :

This bug was fixed in the package linux-base - 4.5ubuntu2.2

---------------
linux-base (4.5ubuntu2.2) eoan; urgency=medium

  * Update SGX udev rules for version LD_1.33 (LP: #1881338).

 -- Marcelo Henrique Cerri <email address hidden> Thu, 25 Jun 2020 14:34:46 -0300

Changed in linux-base (Ubuntu Eoan):
status: Fix Committed → Fix Released
status: Fix Committed → Fix Released
Changed in linux-base (Ubuntu Bionic):
status: Fix Committed → Fix Released
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package linux-base - 4.5ubuntu1.2

---------------
linux-base (4.5ubuntu1.2) bionic; urgency=medium

  * Update SGX udev rules for version LD_1.33 (LP: #1881338).

 -- Marcelo Henrique Cerri <email address hidden> Thu, 25 Jun 2020 14:39:07 -0300

Changed in linux-base (Ubuntu Bionic):
status: Fix Committed → Fix Released
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package linux-base - 4.5ubuntu1.2~16.04.1

---------------
linux-base (4.5ubuntu1.2~16.04.1) xenial; urgency=medium

  * Update SGX udev rules for version LD_1.33 (LP: #1881338).

 -- Marcelo Henrique Cerri <email address hidden> Thu, 25 Jun 2020 14:43:40 -0300

Changed in linux-base (Ubuntu Xenial):
status: Fix Committed → Fix Released
status: Fix Committed → Fix Released
Launchpad Janitor (janitor) wrote :
Download full text (18.2 KiB)

This bug was fixed in the package linux-azure-4.15 - 4.15.0-1091.101

---------------
linux-azure-4.15 (4.15.0-1091.101) bionic; urgency=medium

  * bionic/linux-azure-4.15: 4.15.0-1091.101 -proposed tracker (LP: #1885057)

  * linux-azure: Update SGX version to version LD_1.33 (LP: #1881338)
    - SAUCE: ubuntu/sgx: Add module alias for ACPI device INT0E0C

  [ Ubuntu: 4.15.0-109.110 ]

  * Packaging resync (LP: #1786013)
    - [Packaging] update helper scripts
    - update dkms package versions
  * Build and ship a signed wireguard.ko (LP: #1861284)
    - [Packaging] wireguard -- add support for building signed .ko
  * CVE-2019-16089
    - SAUCE: nbd_genl_status: null check for nla_nest_start
  * CVE-2019-19642
    - kernel/relay.c: handle alloc_percpu returning NULL in relay_open
  * CVE-2019-12380
    - efi/x86/Add missing error handling to old_memmap 1:1 mapping code
  * CVE-2019-19039 // CVE-2019-19377
    - btrfs: sink flush_fn to extent_write_cache_pages
    - btrfs: extent_io: Move the BUG_ON() in flush_write_bio() one level up
    - btrfs: Don't submit any btree write bio if the fs has errors
  * CVE-2019-19036
    - btrfs: volumes: Use more straightforward way to calculate map length
    - btrfs: tree-checker: Try to detect missing INODE_ITEM
    - Btrfs: tree-checker: detect file extent items with overlapping ranges
    - Btrfs: make tree checker detect checksum items with overlapping ranges
    - btrfs: harden agaist duplicate fsid on scanned devices
    - Btrfs: fix missing data checksums after replaying a log tree
    - btrfs: reloc: fix reloc root leak and NULL pointer dereference
    - btrfs: Validate child tree block's level and first key
    - btrfs: Detect unbalanced tree with empty leaf before crashing btree
      operations
  * CVE-2019-19318
    - btrfs: tree-checker: Replace root parameter with fs_info
    - btrfs: tree-checker: Check level for leaves and nodes
    - btrfs: tree-checker: get fs_info from eb in generic_err
    - btrfs: tree-checker: get fs_info from eb in file_extent_err
    - btrfs: tree-checker: get fs_info from eb in check_csum_item
    - btrfs: tree-checker: get fs_info from eb in dir_item_err
    - btrfs: tree-checker: get fs_info from eb in check_dir_item
    - btrfs: tree-checker: get fs_info from eb in block_group_err
    - btrfs: tree-checker: get fs_info from eb in check_block_group_item
    - btrfs: tree-checker: get fs_info from eb in check_extent_data_item
    - btrfs: tree-checker: get fs_info from eb in check_leaf_item
    - btrfs: tree-checker: get fs_info from eb in check_leaf
    - btrfs: tree-checker: get fs_info from eb in chunk_err
    - btrfs: tree-checker: get fs_info from eb in dev_item_err
    - btrfs: tree-checker: get fs_info from eb in check_dev_item
    - btrfs: tree-checker: get fs_info from eb in check_inode_item
    - btrfs: tree-checker: Add ROOT_ITEM check
    - btrfs: tree-checker: Add EXTENT_ITEM and METADATA_ITEM check
    - btrfs: tree-checker: Add simple keyed refs check
    - btrfs: tree-checker: Add EXTENT_DATA_REF check
    - btrfs: tree-checker: Fix wrong check on max devid
    - Btrfs: fix selftests failure due to uninitialized i_mode in test inodes
  * CVE-2...

Changed in linux-azure-4.15 (Ubuntu Bionic):
status: Fix Committed → Fix Released
Launchpad Janitor (janitor) wrote :
Download full text (32.9 KiB)

This bug was fixed in the package linux-azure - 5.3.0-1032.33

---------------
linux-azure (5.3.0-1032.33) eoan; urgency=medium

  * eoan/linux-azure: 5.3.0-1032.33 -proposed tracker (LP: #1885051)

  * linux-azure: Update SGX version to version LD_1.33 (LP: #1881338)
    - SAUCE: linux-azure: Update SGX to version LD_1.33
    - SAUCE: ubuntu/sgx: Add module alias for ACPI device INT0E0C

  [ Ubuntu: 5.3.0-62.56 ]

  * CVE-2020-0543
    - UBUNTU/SAUCE: x86/speculation/srbds: do not try to turn mitigation off when
      not supported
  * Packaging resync (LP: #1786013)
    - [Packaging] update helper scripts
  * Eoan update: upstream stable patchset 2020-06-05 (LP: #1882303)
    - i2c: dev: Fix the race between the release of i2c_dev and cdev
    - KVM: SVM: Fix potential memory leak in svm_cpu_init()
    - ima: Set file->f_mode instead of file->f_flags in ima_calc_file_hash()
    - evm: Check also if *tfm is an error pointer in init_desc()
    - ima: Fix return value of ima_write_policy()
    - mtd: spinand: Propagate ECC information to the MTD structure
    - fix multiplication overflow in copy_fdtable()
    - ubifs: remove broken lazytime support
    - iommu/amd: Fix over-read of ACPI UID from IVRS table
    - i2c: mux: demux-pinctrl: Fix an error handling path in
      'i2c_demux_pinctrl_probe()'
    - ubi: Fix seq_file usage in detailed_erase_block_info debugfs file
    - gcc-common.h: Update for GCC 10
    - HID: multitouch: add eGalaxTouch P80H84 support
    - HID: alps: Add AUI1657 device ID
    - HID: alps: ALPS_1657 is too specific; use U1_UNICORN_LEGACY instead
    - scsi: qla2xxx: Fix hang when issuing nvme disconnect-all in NPIV
    - scsi: qla2xxx: Delete all sessions before unregister local nvme port
    - configfs: fix config_item refcnt leak in configfs_rmdir()
    - vhost/vsock: fix packet delivery order to monitoring devices
    - aquantia: Fix the media type of AQC100 ethernet controller in the driver
    - component: Silence bind error on -EPROBE_DEFER
    - scsi: ibmvscsi: Fix WARN_ON during event pool release
    - HID: i2c-hid: reset Synaptics SYNA2393 on resume
    - x86/apic: Move TSC deadline timer debug printk
    - gtp: set NLM_F_MULTI flag in gtp_genl_dump_pdp()
    - HID: quirks: Add HID_QUIRK_NO_INIT_REPORTS quirk for Dell K12A keyboard-dock
    - ceph: fix double unlock in handle_cap_export()
    - stmmac: fix pointer check after utilization in stmmac_interrupt
    - USB: core: Fix misleading driver bug report
    - platform/x86: asus-nb-wmi: Do not load on Asus T100TA and T200TA
    - ARM: futex: Address build warning
    - padata: Replace delayed timer with immediate workqueue in padata_reorder
    - padata: initialize pd->cpu with effective cpumask
    - padata: purge get_cpu and reorder_via_wq from padata_do_serial
    - ALSA: iec1712: Initialize STDSP24 properly when using the model=staudio
      option
    - ALSA: pcm: fix incorrect hw_base increase
    - ALSA: hda/realtek - Fix silent output on Gigabyte X570 Aorus Xtreme
    - ALSA: hda/realtek - Add more fixup entries for Clevo machines
    - drm/etnaviv: fix perfmon domain interation
    - apparmor: fix potential label refcnt leak in aa_change_profile...

Changed in linux-azure (Ubuntu Eoan):
status: Fix Committed → Fix Released
Launchpad Janitor (janitor) wrote :
Download full text (31.5 KiB)

This bug was fixed in the package linux-azure - 5.4.0-1020.20

---------------
linux-azure (5.4.0-1020.20) focal; urgency=medium

  * focal/linux-azure: 5.4.0-1020.20 -proposed tracker (LP: #1885048)

  * linux-azure: Update SGX version to version LD_1.33 (LP: #1881338)
    - SAUCE: linux-azure: Update SGX to version LD_1.33
    - SAUCE: ubuntu/sgx: Add module alias for ACPI device INT0E0C

  * [linux-azure] Enable Hibernation on The 18.04 and 20.04 5.4 Kernels
    (LP: #1880032)
    - x86/hyperv: Initialize clockevents earlier in CPU onlining
    - scsi: storvsc: Add the support of hibernation
    - video: hyperv_fb: Add the support of hibernation
    - hv_sock: Add the support of hibernation
    - hv_netvsc: Add the support of hibernation
    - x86/hyperv: Implement hv_is_hibernation_supported()
    - hv_balloon: Add the support of hibernation
    - HID: hyperv: Add the support of hibernation
    - PCI: hv: Reorganize the code in preparation of hibernation
    - PCI: hv: Add hibernation support
    - clocksource/drivers/hyper-v: Suspend/resume Hyper-V clocksource for
      hibernation
    - Input: hyperv-keyboard: Add the support of hibernation
    - video: hyperv_fb: Fix hibernation for the deferred IO feature
    - Tools: hv: Reopen the devices if read() or write() returns errors
    - hv_utils: Support host-initiated restart request
    - hv_utils: Support host-initiated hibernation request
    - hv_utils: Add the support of hibernation
    - x86/hyperv: Suspend/resume the hypercall page for hibernation
    - PM: hibernate: Propagate the return value of hibernation_restore()
    - x86/hyperv: Suspend/resume the VP assist page for hibernation
    - net/mlx5: Fix crash upon suspend/resume

  [ Ubuntu: 5.4.0-40.44 ]

  * linux-oem-5.6-tools-common and -tools-host should be dropped (LP: #1881120)
    - [Packaging] Add Conflicts/Replaces to remove linux-oem-5.6-tools-common and
      -tools-host
  * Packaging resync (LP: #1786013)
    - [Packaging] update helper scripts
  * Slow send speed with Intel I219-V on Ubuntu 18.04.1 (LP: #1802691)
    - e1000e: Disable TSO for buffer overrun workaround
  * CVE-2020-0543
    - UBUNTU/SAUCE: x86/speculation/srbds: do not try to turn mitigation off when
      not supported
  * Realtek 8723DE [10ec:d723] subsystem [10ec:d738] disconnects unsolicitedly
    when Bluetooth is paired: Reason: 23=IEEE8021X_FAILED (LP: #1878147)
    - SAUCE: Revert "UBUNTU: SAUCE: rtw88: Move driver IQK to set channel before
      association for 11N chip"
    - SAUCE: Revert "UBUNTU: SAUCE: rtw88: fix rate for a while after being
      connected"
    - SAUCE: Revert "UBUNTU: SAUCE: rtw88: No retry and report for auth and assoc"
    - SAUCE: Revert "UBUNTU: SAUCE: rtw88: 8723d: Add coex support"
    - rtw88: add a debugfs entry to dump coex's info
    - rtw88: add a debugfs entry to enable/disable coex mechanism
    - rtw88: 8723d: Add coex support
    - SAUCE: rtw88: coex: 8723d: set antanna control owner
    - SAUCE: rtw88: coex: 8723d: handle BT inquiry cases
    - SAUCE: rtw88: fix EAPOL 4-way failure by finish IQK earlier
  * CPU stress test fails with focal kernel (LP: #1867900)
    - [Config] Disable hisi_sec2 tempora...

Changed in linux-azure (Ubuntu Focal):
status: Fix Committed → Fix Released
Launchpad Janitor (janitor) wrote :
Download full text (18.2 KiB)

This bug was fixed in the package linux-azure - 4.15.0-1091.101~16.04.1

---------------
linux-azure (4.15.0-1091.101~16.04.1) xenial; urgency=medium

  * xenial/linux-azure: 4.15.0-1091.101~16.04.1 -proposed tracker (LP: #1885055)

  [ Ubuntu: 4.15.0-1091.101 ]

  * bionic/linux-azure-4.15: 4.15.0-1091.101 -proposed tracker (LP: #1885057)
  * linux-azure: Update SGX version to version LD_1.33 (LP: #1881338)
    - SAUCE: ubuntu/sgx: Add module alias for ACPI device INT0E0C
  * Packaging resync (LP: #1786013)
    - [Packaging] update helper scripts
    - update dkms package versions
  * Build and ship a signed wireguard.ko (LP: #1861284)
    - [Packaging] wireguard -- add support for building signed .ko
  * CVE-2019-16089
    - SAUCE: nbd_genl_status: null check for nla_nest_start
  * CVE-2019-19642
    - kernel/relay.c: handle alloc_percpu returning NULL in relay_open
  * CVE-2019-12380
    - efi/x86/Add missing error handling to old_memmap 1:1 mapping code
  * CVE-2019-19039 // CVE-2019-19377
    - btrfs: sink flush_fn to extent_write_cache_pages
    - btrfs: extent_io: Move the BUG_ON() in flush_write_bio() one level up
    - btrfs: Don't submit any btree write bio if the fs has errors
  * CVE-2019-19036
    - btrfs: volumes: Use more straightforward way to calculate map length
    - btrfs: tree-checker: Try to detect missing INODE_ITEM
    - Btrfs: tree-checker: detect file extent items with overlapping ranges
    - Btrfs: make tree checker detect checksum items with overlapping ranges
    - btrfs: harden agaist duplicate fsid on scanned devices
    - Btrfs: fix missing data checksums after replaying a log tree
    - btrfs: reloc: fix reloc root leak and NULL pointer dereference
    - btrfs: Validate child tree block's level and first key
    - btrfs: Detect unbalanced tree with empty leaf before crashing btree
      operations
  * CVE-2019-19318
    - btrfs: tree-checker: Replace root parameter with fs_info
    - btrfs: tree-checker: Check level for leaves and nodes
    - btrfs: tree-checker: get fs_info from eb in generic_err
    - btrfs: tree-checker: get fs_info from eb in file_extent_err
    - btrfs: tree-checker: get fs_info from eb in check_csum_item
    - btrfs: tree-checker: get fs_info from eb in dir_item_err
    - btrfs: tree-checker: get fs_info from eb in check_dir_item
    - btrfs: tree-checker: get fs_info from eb in block_group_err
    - btrfs: tree-checker: get fs_info from eb in check_block_group_item
    - btrfs: tree-checker: get fs_info from eb in check_extent_data_item
    - btrfs: tree-checker: get fs_info from eb in check_leaf_item
    - btrfs: tree-checker: get fs_info from eb in check_leaf
    - btrfs: tree-checker: get fs_info from eb in chunk_err
    - btrfs: tree-checker: get fs_info from eb in dev_item_err
    - btrfs: tree-checker: get fs_info from eb in check_dev_item
    - btrfs: tree-checker: get fs_info from eb in check_inode_item
    - btrfs: tree-checker: Add ROOT_ITEM check
    - btrfs: tree-checker: Add EXTENT_ITEM and METADATA_ITEM check
    - btrfs: tree-checker: Add simple keyed refs check
    - btrfs: tree-checker: Add EXTENT_DATA_REF check
    - btrfs: tree-checker: Fix wrong check on max devid
...

Changed in linux-azure (Ubuntu Xenial):
status: Invalid → Fix Released

All autopkgtests for the newly accepted linux-base (4.5ubuntu2.2) for eoan have finished running.
The following regressions have been reported in tests triggered by the package:

makedumpfile/1:1.6.6-2ubuntu2.1 (ppc64el, i386)

Please visit the excuses page listed below and investigate the failures, proceeding afterwards as per the StableReleaseUpdates policy regarding autopkgtest regressions [1].

https://people.canonical.com/~ubuntu-archive/proposed-migration/eoan/update_excuses.html#linux-base

[1] https://wiki.ubuntu.com/StableReleaseUpdates#Autopkgtest_Regressions

Thank you!

Launchpad Janitor (janitor) wrote :

This bug was fixed in the package linux-azure - 5.4.0-1022.22

---------------
linux-azure (5.4.0-1022.22) focal; urgency=medium

  * focal/linux-azure: 5.4.0-1022.22 -proposed tracker (LP: #1887060)

  [ Ubuntu: 5.4.0-42.46 ]

  * focal/linux: 5.4.0-42.46 -proposed tracker (LP: #1887069)
  * linux 4.15.0-109-generic network DoS regression vs -108 (LP: #1886668)
    - SAUCE: Revert "netprio_cgroup: Fix unlimited memory leak of v2 cgroups"

linux-azure (5.4.0-1021.21) focal; urgency=medium

  * focal/linux-azure: 5.4.0-1021.21 -proposed tracker (LP: #1885845)

  * module intel_sgx appears to be blacklisted by the kernel. (LP: #1862201)
    - Revert "UBUNTU: [Packaging] linux-azure: Prevent intel_sgx from being
      automatically loaded"
    - [Packaging] linux-azure: Divert conf files blacklisting intel_sgx

  * Add XDP support to hv_netvsc driver (LP: #1877654)
    - hv_netvsc: Add XDP support
    - hv_netvsc: Update document for XDP support
    - hv_netvsc: Fix XDP refcnt for synthetic and VF NICs

  * Request to include two NUMA related commits in Azure kernels (LP: #1880975)
    - PCI: hv: Decouple the func definition in hv_dr_state from VSP message
    - PCI: hv: Add support for protocol 1.3 and support PCI_BUS_RELATIONS2

  [ Ubuntu: 5.4.0-41.45 ]

  * focal/linux: 5.4.0-41.45 -proposed tracker (LP: #1885855)
  * Packaging resync (LP: #1786013)
    - update dkms package versions
  * CVE-2019-19642
    - kernel/relay.c: handle alloc_percpu returning NULL in relay_open
  * CVE-2019-16089
    - SAUCE: nbd_genl_status: null check for nla_nest_start
  * CVE-2020-11935
    - aufs: do not call i_readcount_inc()
  * ip_defrag.sh in net from ubuntu_kernel_selftests failed with 5.0 / 5.3 / 5.4
    kernel (LP: #1826848)
    - selftests: net: ip_defrag: ignore EPERM
  * Update lockdown patches (LP: #1884159)
    - SAUCE: acpi: disallow loading configfs acpi tables when locked down
  * seccomp_bpf fails on powerpc (LP: #1885757)
    - SAUCE: selftests/seccomp: fix ptrace tests on powerpc
  * Introduce the new NVIDIA 418-server and 440-server series, and update the
    current NVIDIA drivers (LP: #1881137)
    - [packaging] add signed modules for the 418-server and the 440-server
      flavours

 -- Khalid Elmously <email address hidden> Fri, 10 Jul 2020 01:51:58 -0400

Changed in linux-azure (Ubuntu):
status: In Progress → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers