IBM Domino 'bindsock' cannot bind to ports <1024 since recent kernel 3.5.0-45.68

Bug #1269053 reported by MRATT on 2014-01-14
42
This bug affects 7 people
Affects Status Importance Assigned to Milestone
linux (Ubuntu)
Undecided
Unassigned
Lucid
Undecided
Unassigned
Precise
Medium
Andy Whitcroft
Quantal
Medium
Andy Whitcroft
Saucy
Medium
Andy Whitcroft
Trusty
Undecided
Unassigned
linux-armadaxp (Ubuntu)
Undecided
Unassigned
Lucid
Undecided
Unassigned
Precise
Undecided
Unassigned
Quantal
Undecided
Unassigned
Saucy
Undecided
Unassigned
Trusty
Undecided
Unassigned
linux-ec2 (Ubuntu)
Undecided
Unassigned
Lucid
Undecided
Unassigned
Precise
Undecided
Unassigned
Quantal
Undecided
Unassigned
Saucy
Undecided
Unassigned
Trusty
Undecided
Unassigned
linux-lts-quantal (Ubuntu)
Undecided
Unassigned
Lucid
Undecided
Unassigned
Precise
Medium
Andy Whitcroft
Quantal
Undecided
Unassigned
Saucy
Undecided
Unassigned
Trusty
Undecided
Unassigned
linux-lts-raring (Ubuntu)
Undecided
Unassigned
Lucid
Undecided
Unassigned
Precise
Medium
Andy Whitcroft
Quantal
Undecided
Unassigned
Saucy
Undecided
Unassigned
Trusty
Undecided
Unassigned
linux-lts-saucy (Ubuntu)
Undecided
Unassigned
Lucid
Undecided
Unassigned
Precise
Medium
Andy Whitcroft
Quantal
Undecided
Unassigned
Saucy
Undecided
Unassigned
Trusty
Undecided
Unassigned
linux-ti-omap4 (Ubuntu)
Undecided
Unassigned
Lucid
Undecided
Unassigned
Precise
Undecided
Unassigned
Quantal
Undecided
Unassigned
Saucy
Undecided
Unassigned
Trusty
Undecided
Unassigned

Bug Description

Something has changed in Ubuntu's Kernel 3.5.0-45 32 & 64-bit Intel, has prevented IBM Domino's "/opt/ibm/domino/notes/latest/linux/bindsock" binary that runs as root (setuid) to get ports lower than 1024 for it's LDAP, SMTP, IMAP, POP3, and HTTP processes. The IBM Domino Application Server's parent process "/opt/ibm/domino/notes/latest/linux/server" runs as a Service Account or a normal non-admin user, that launches "bindsock"and others like "http", "ldap"....

In the Live Domino Console we're seeing the Application Server report:
  "Listener failure: 'bindsock' is missing, not executable, not owned by root, not setuid root or user needs net_privaddr privilege."

Another thing in the Live Domino Console, which is unusual is:
  "Error_CmdToDo_INVAL"... might be an IBM thang.

A number of us have to hold back the kernel now and there's lots of scratching going on.
  http://www-10.lotus.com/ldd/ndseforum.nsf/xpTopicThread.xsp?documentId=485F5F092833BCBE85257C33006AC7A3

It does seem to be limited to IBM Domino's "bindsock" binary and other things are just fine, such as Nginx.

I have attached some files within the zip "ibm-domino-bindsock_strace.zip"
>>bindsock_binary_strace.txt
This is just running strace against the binary that isn't running in any process.

>> domino-server-pid1052_strace-f.txt
The IBM Domino Application Server ("/opt/ibm/domino/notes/latest/linux/server") is running as PID 1052 so this is what I applied "strace -f" to and towards the end, I told "server" to start the "http" process ("l http") which would then try launch "bindsock" (I hope).

Hopeully this first attempt at strace provides some good info for you kind folks :-)

Many thanks
MR

ProblemType: Bug
DistroRelease: Ubuntu 12.04
Package: linux-image-3.5.0-45-generic 3.5.0-45.68~precise1
ProcVersionSignature: Ubuntu 3.5.0-45.68~precise1-generic 3.5.7.26
Uname: Linux 3.5.0-45-generic x86_64
AlsaVersion: Advanced Linux Sound Architecture Driver Version 1.0.25.
AplayDevices: Error: [Errno 2] No such file or directory
ApportVersion: 2.0.1-0ubuntu17.6
Architecture: amd64
ArecordDevices: Error: [Errno 2] No such file or directory
AudioDevicesInUse: Error: [Errno 2] No such file or directory
CRDA: Error: [Errno 2] No such file or directory
Card0.Amixer.info: Error: [Errno 2] No such file or directory
Card0.Amixer.values: Error: [Errno 2] No such file or directory
Date: Tue Jan 14 15:33:47 2014
HibernationDevice: RESUME=UUID=474adefd-59c4-4582-8d03-3c570137809d
InstallationMedia: Ubuntu-Server 12.04.2 LTS "Precise Pangolin" - Release amd64 (20130214)
IwConfig: Error: [Errno 2] No such file or directory
Lsusb:
 Bus 002 Device 002: ID 80ee:0021 VirtualBox USB Tablet
 Bus 001 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub
 Bus 002 Device 001: ID 1d6b:0001 Linux Foundation 1.1 root hub
MachineType: innotek GmbH VirtualBox
MarkForUpload: True
ProcEnviron:
 SHELL=/bin/bash
 TERM=xterm
 PATH=(custom, no user)
 LANG=en_GB.UTF-8
 LANGUAGE=en_GB:en
ProcFB: 0 VESA VGA
ProcKernelCmdLine: BOOT_IMAGE=/boot/vmlinuz-3.5.0-45-generic root=UUID=a2842a37-9023-4e21-8460-a565465b7f67 ro
RelatedPackageVersions:
 linux-restricted-modules-3.5.0-45-generic N/A
 linux-backports-modules-3.5.0-45-generic N/A
 linux-firmware 1.79.9
RfKill: Error: [Errno 2] No such file or directory
SourcePackage: linux-lts-quantal
UpgradeStatus: No upgrade log present (probably fresh install)
dmi.bios.date: 12/01/2006
dmi.bios.vendor: innotek GmbH
dmi.bios.version: VirtualBox
dmi.board.name: VirtualBox
dmi.board.vendor: Oracle Corporation
dmi.board.version: 1.2
dmi.chassis.type: 1
dmi.chassis.vendor: Oracle Corporation
dmi.modalias: dmi:bvninnotekGmbH:bvrVirtualBox:bd12/01/2006:svninnotekGmbH:pnVirtualBox:pvr1.2:rvnOracleCorporation:rnVirtualBox:rvr1.2:cvnOracleCorporation:ct1:cvr:
dmi.product.name: VirtualBox
dmi.product.version: 1.2
dmi.sys.vendor: innotek GmbH

break-fix: 1661bf364ae9c506bc8795fef70d1532931be1e8 db31c55a6fb245fdbb752a2ca4aefec89afabb06

MRATT (mrmail) wrote :
Andy Whitcroft (apw) wrote :

On Tue, Jan 14, 2014 at 01:07:24AM +0000, MR Mail wrote:

> Just a query about what might have changed in Ubuntu's Kernel 3.5.0-45
> that would kill IBM Domino's /opt/ibm/domino/notes/latest/linux/bindsock
> binary that runs as root (setuid) to get ports lower than 1024 (SMTP IMAP
> POP3 and HTTP) for the service account that runs the main application
> server?
>
> A number of us have to hold back the kernel now and there's lots of
> scratching going on.
> http://www-10.lotus.com/ldd/ndseforum.nsf/xpTopicThread.xsp?documentId=485F5F092833BCBE85257C33006AC7A3
>
> Another thing in the server console spits out which is unusual is
> "Error_CmdToDo_INVAL"... might be an IBM thang.
>
> Don't know if this is something that's been deprecated or a bug in the
> latest kernel versions. It does seem limited to IBM Domino.

To precee the thread above. Various people on various releases are
reporting that a kernel update is preventing domino server starting.
Specifically they are all reporting that the setuid bindsock helper is
failing to bind port 25:

    SMTP Server: Listener failure: 'bindsock' is missing, not executable,
    not owned by root, not setuid root or user needs net_privaddr privilege

As an aside, the above thread suggest that setuid is not working.
I cannot see any commits which could cause such a behavioural change,
and if there was such an issue sudo et al would also stop working,
I think this would have been noticed.

Various reporters note kernel version on various releases:

    GOOD BAD
    3.5.0-43-generic 3.5.0-44-generic
    3.11.0-13 3.11.0-14
    3.2.0-56 3.2.0-58

I have briefly reviewed the changes in these pairs which all include the
application of an upstream stable update, looking for those relating to
sockets in general of which there are a couple in common on all three of
these updates:

    net: unix: inherit SOCK_PASS{CRED, SEC} flags from socket to fix race
    net: heap overflow in __audit_sockaddr()

The latter of these I do see a further upstream fix for which will
appear in the next 3.2.0 kernel, which _might_ be relevant.

As for the next steps:

1) lets get a bug filed against the linux package containing the data
   above, by someone who is able to run some test kernels to debug
   the issue (run 'ubuntu-bug linux' to get such a bug filed),
2) could someone who has this issue attempt to get an strace from this
   helper as it tries to make these sockets so we can try and identify
   what is failing.

Once we have a bug filed we can try and bisect between say
3.5.0-43-generic and 3.5.0-44-generic to find the patch which triggers
the behaviour.

Please reply to this email with the bug number once it is filed.

-apw

Andy Whitcroft (apw) wrote :

I suspect that this recvmsg is triggering the error that is emitted:

    2775 recvmsg(9, 0x7fffbff554f0, 0) = -1 EINVAL (Invalid argument)

This might well indicate that this subprocess is using msg ipc to communicate the connected socket back to the unpriviledged master process. This could well occur if the bindsock process is passing an overly large message buffer, which is technically erroneous. This became fatal in the commit below in mainline:

  1661bf364ae9c506bc8795fef70d1532931be1e8
  Author: Dan Carpenter <email address hidden>
  Date: Thu Oct 3 00:27:20 2013 +0300

    net: heap overflow in __audit_sockaddr

This commit was applied to the various versions listed above as part of various stable updates.

There has subsequently been a fix for this commit which softens the effect for badly behaving callers:

  1661bf364ae9c506bc8795fef70d1532931be1e8
  Author: Dan Carpenter <email address hidden>
  Date: Thu Oct 3 00:27:20 2013 +0300

    net: heap overflow in __audit_sockaddr

This commit has recently hit v3.2.x stable but is not yet in any released kernel.

Changed in linux-lts-quantal (Ubuntu):
status: New → In Progress
assignee: nobody → Andy Whitcroft (apw)
importance: Undecided → Medium
summary: IBM Domino 'bindsock' cannot bind to ports <1024 since recent kernel
- 3.5.0-45
+ 3.5.0-45,68
summary: IBM Domino 'bindsock' cannot bind to ports <1024 since recent kernel
- 3.5.0-45,68
+ 3.5.0-45.68
Andy Whitcroft (apw) wrote :

I have built a test kernel with the above fix applied. Could you test this kernel and let us know if this fixes the issue. The kernel is at the URL below:

    http://people.canonical.com/~apw/lp1269053-quantal/

Please report any testing back here.

MRATT (mrmail) wrote :

Hi Andy

Wow, quick and accurate Andy ! Well done that works.

Installed
 linux-headers-3.5.0-45_3.5.0-45.68lp1269053v201401141702_all.deb
 linux-headers-3.5.0-45-generic_3.5.0-45.68lp1269053v201401141702_amd64.deb
 linux-image-3.5.0-45-generic_3.5.0-45.68lp1269053v201401141702_amd64.deb
Reboot, selecting 3.5.0-45 from GRUB list
Check running 3.5.0-45.68lp1269053v201401141702 by `uname -a`
Launched Domino as normal service and services are able to bind to all ports SMTP HTTP IMAP POP3 LDAP.

You are a star !!! Thanks for this !!!

Anything else I need to check/do and what happens now with this ?

Many thanks
MR

Andy Whitcroft (apw) on 2014-01-14
Changed in linux (Ubuntu Trusty):
status: New → Fix Released
assignee: nobody → Andy Whitcroft (apw)
Changed in linux-lts-quantal (Ubuntu Trusty):
assignee: Andy Whitcroft (apw) → nobody
importance: Medium → Undecided
status: In Progress → Invalid
Changed in linux-lts-saucy (Ubuntu Trusty):
status: New → Invalid
Changed in linux-lts-saucy (Ubuntu Saucy):
status: New → Invalid
Changed in linux-lts-saucy (Ubuntu Quantal):
status: New → Invalid
Changed in linux-lts-saucy (Ubuntu Precise):
assignee: nobody → Andy Whitcroft (apw)
importance: Undecided → Medium
status: New → In Progress
Changed in linux-lts-quantal (Ubuntu Saucy):
status: New → Invalid
Changed in linux-lts-quantal (Ubuntu Quantal):
status: New → Invalid
Changed in linux-lts-quantal (Ubuntu Precise):
importance: Undecided → Medium
status: New → In Progress
Changed in linux-lts-raring (Ubuntu Trusty):
status: New → Invalid
Changed in linux-lts-raring (Ubuntu Saucy):
status: New → Invalid
Changed in linux-lts-raring (Ubuntu Quantal):
status: New → Invalid
Changed in linux-lts-raring (Ubuntu Precise):
assignee: nobody → Andy Whitcroft (apw)
importance: Undecided → Medium
status: New → In Progress
Changed in linux-lts-quantal (Ubuntu Precise):
assignee: nobody → Andy Whitcroft (apw)
Andy Whitcroft (apw) on 2014-01-14
Changed in linux (Ubuntu Saucy):
assignee: nobody → Andy Whitcroft (apw)
importance: Undecided → Medium
status: New → In Progress
Changed in linux (Ubuntu Quantal):
assignee: nobody → Andy Whitcroft (apw)
importance: Undecided → Medium
status: New → In Progress
Changed in linux (Ubuntu Precise):
assignee: nobody → Andy Whitcroft (apw)
importance: Undecided → Medium
status: New → Fix Committed
Changed in linux (Ubuntu Trusty):
assignee: Andy Whitcroft (apw) → nobody
Andy Whitcroft (apw) wrote :

I have submitted the patch for this issue to kernel-team@ for review and application.

Andy Whitcroft (apw) wrote :

Ok this patch has hit all of our upstream stable trees and will hit the various kernels in the next SRU cycle. Note that this is not the next kernel which will hit the archive for all releases, for precise it is included in that very next kernel, other releases it will be the following kernel.

Andy Whitcroft (apw) on 2014-01-15
Changed in linux-lts-saucy (Ubuntu Saucy):
status: Invalid → In Progress
Andy Whitcroft (apw) on 2014-01-15
Changed in linux-lts-saucy (Ubuntu Saucy):
status: In Progress → Invalid
Andy Whitcroft (apw) on 2014-01-15
Changed in linux (Ubuntu Quantal):
status: In Progress → Fix Committed
Changed in linux (Ubuntu Saucy):
status: In Progress → Fix Committed
Changed in linux-lts-raring (Ubuntu Precise):
status: In Progress → Fix Committed
Changed in linux-lts-quantal (Ubuntu Precise):
status: In Progress → Fix Committed
Changed in linux-lts-saucy (Ubuntu Precise):
status: In Progress → Fix Committed
Andy Whitcroft (apw) on 2014-01-22
description: updated
tags: added: linux-break-fix
Andy Whitcroft (apw) on 2014-01-22
Changed in linux-lts-quantal (Ubuntu Precise):
status: Fix Committed → Confirmed
Andy Whitcroft (apw) on 2014-01-23
tags: added: kernel-bug-break-fix
removed: linux-break-fix
Andy Whitcroft (apw) on 2014-01-23
tags: added: test-apw
tags: removed: test-apw
Andy Whitcroft (apw) on 2014-01-23
description: updated
Brad Figg (brad-figg) wrote :

This bug is awaiting verification that the kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-saucy' to 'verification-done-saucy'.

If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you!

tags: added: verification-needed-saucy
Andy Whitcroft (apw) on 2014-02-07
Changed in linux-armadaxp (Ubuntu):
status: New → Invalid
Changed in linux-lts-saucy (Ubuntu Lucid):
status: New → Invalid
Changed in linux-ec2 (Ubuntu Trusty):
status: New → Invalid
Changed in linux-lts-quantal (Ubuntu Lucid):
status: New → Invalid
Changed in linux-ti-omap4 (Ubuntu Lucid):
status: New → Invalid
Changed in linux-lts-raring (Ubuntu Lucid):
status: New → Invalid
Changed in linux-ec2 (Ubuntu Quantal):
status: New → Invalid
Changed in linux-ti-omap4 (Ubuntu Trusty):
status: New → Invalid
Changed in linux-armadaxp (Ubuntu Lucid):
status: New → Invalid
Changed in linux-ec2 (Ubuntu Saucy):
status: New → Invalid
Changed in linux-ec2 (Ubuntu Precise):
status: New → Invalid
Changed in linux-armadaxp (Ubuntu Saucy):
status: New → Invalid
Andy Whitcroft (apw) on 2014-02-07
Changed in linux (Ubuntu Lucid):
status: New → Invalid
Changed in linux-ec2 (Ubuntu Lucid):
status: New → Invalid
Changed in linux-ti-omap4 (Ubuntu Precise):
status: New → Fix Committed
Changed in linux-armadaxp (Ubuntu Precise):
status: New → Fix Committed
Changed in linux-ti-omap4 (Ubuntu Quantal):
status: New → Confirmed
Changed in linux-ti-omap4 (Ubuntu Saucy):
status: New → Confirmed
Changed in linux-armadaxp (Ubuntu Quantal):
status: New → Confirmed
MRATT (mrmail) wrote :

IBM Domino is able to bind to ports lower than 1024. This is fixed in "saucy-proposed"

Enabled "saucy-proposed"

Installed linux-image-server/saucy-proposed linux-headers-server/saucy-proposed linux-headers-generic/saucy-proposed linux-image-generic/saucy-proposed

Rebooted with new kernel: Linux mru64dom64-1 3.11.0-17-generic #31-Ubuntu SMP Mon Feb 3 21:52:43 UTC 2014 x86_64 x86_64 x86_64 GNU/Linux

Thanks folks !!!
MR

tags: added: verification-done-saucy
removed: verification-needed-saucy
Download full text (6.8 KiB)

I had to revert to Ubuntu server 13.04 that did not have the bug in order
to keep my business running on IBM Domino. Will this kernel fix work on
13.04? If not, I will not be able to test the fix.

73 & Cheers,
Ken Behrens
IBM Certified Advanced Application Developer Lotus Notes & Domino 7
MicroBlue Software, LLC
KB0YLN
E-mail: <email address hidden>
Web site: http://www.MicroBlueSoftware.com

From: Brad Figg <email address hidden>
To: <email address hidden>
Date: 02/06/2014 11:50 AM
Subject: [Bug 1269053] Re: IBM Domino 'bindsock' cannot bind to
ports <1024 since recent kernel 3.5.0-45.68
Sent by: <email address hidden>

This bug is awaiting verification that the kernel in -proposed solves
the problem. Please test the kernel and update this bug with the
results. If the problem is solved, change the tag 'verification-needed-
saucy' to 'verification-done-saucy'.

If verification is not done by 5 working days from today, this fix will
be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how
to enable and use -proposed. Thank you!

** Tags added: verification-needed-saucy

--
You received this bug notification because you are subscribed to the bug
report.
https://bugs.launchpad.net/bugs/1269053

Title:
  IBM Domino 'bindsock' cannot bind to ports <1024 since recent kernel
  3.5.0-45.68

Status in ?linux? package in Ubuntu:
  Fix Released
Status in ?linux-lts-quantal? package in Ubuntu:
  Invalid
Status in ?linux-lts-raring? package in Ubuntu:
  Invalid
Status in ?linux-lts-saucy? package in Ubuntu:
  Invalid
Status in ?linux? source package in Precise:
  Fix Committed
Status in ?linux-lts-quantal? source package in Precise:
  Confirmed
Status in ?linux-lts-raring? source package in Precise:
  Fix Committed
Status in ?linux-lts-saucy? source package in Precise:
  Fix Committed
Status in ?linux? source package in Quantal:
  Fix Committed
Status in ?linux-lts-quantal? source package in Quantal:
  Invalid
Status in ?linux-lts-raring? source package in Quantal:
  Invalid
Status in ?linux-lts-saucy? source package in Quantal:
  Invalid
Status in ?linux? source package in Saucy:
  Fix Committed
Status in ?linux-lts-quantal? source package in Saucy:
  Invalid
Status in ?linux-lts-raring? source package in Saucy:
  Invalid
Status in ?linux-lts-saucy? source package in Saucy:
  Invalid
Status in ?linux? source package in Trusty:
  Fix Released
Status in ?linux-lts-quantal? source package in Trusty:
  Invalid
Status in ?linux-lts-raring? source package in Trusty:
  Invalid
Status in ?linux-lts-saucy? source package in Trusty:
  Invalid

Bug description:
  Something has changed in Ubuntu's Kernel 3.5.0-45 32 & 64-bit Intel,
  has prevented IBM Domino's
  "/opt/ibm/domino/notes/latest/linux/bindsock" binary that runs as root
  (setuid) to get ports lower than 1024 for it's LDAP, SMTP, IMAP, POP3,
  and HTTP processes. The IBM Domino Application Server's parent process
  "/opt/ibm/domino/notes/latest/linux/server" runs as a Service Account
  or a normal non-admin user, that launches "bindsock"and others like
  "http", "ldap"....
...

Read more...

Launchpad Janitor (janitor) wrote :
Download full text (55.2 KiB)

This bug was fixed in the package linux - 3.11.0-17.31

---------------
linux (3.11.0-17.31) saucy; urgency=low

  [ Brad Figg ]

  * Release Tracking Bug
    - LP: #1275899
  * Revert "UBUNTU: SAUCE: Fix compat_sys_recvmsg on x32 archs"

  [ John Johansen ]

  * [Upstream] x86, x32: Correct invalid use of user timespec in the kernel
    - LP: #1274754

linux (3.11.0-17.30) saucy; urgency=low

  [ Brad Figg ]

  * Release Tracking Bug
    - LP: #1270292

  [ Brad Figg ]

  * Start new release

  [ Upstream Kernel Changes ]

  * Revert "ACPI: Add BayTrail SoC GPIO and LPSS ACPI IDs"

linux (3.11.0-17.29) saucy; urgency=low

  [ Brad Figg ]

  * Start new release

  [ Upstream Kernel Changes ]

  * GFS2: Fix ref count bug relating to atomic_open
    - LP: #1269863
  * aio: restore locking of ioctx list on removal
    - LP: #1269863
  * mmc: block: fix a bug of error handling in MMC driver
    - LP: #1269863
  * net/mlx4_en: Fixed crash when port type is changed
    - LP: #1269863
  * net: Fix "ip rule delete table 256"
    - LP: #1269863
  * ipv6: use rt6_get_dflt_router to get default router in rt6_route_rcv
    - LP: #1269863
  * ipv6: protect for_each_sk_fl_rcu in mem_check with rcu_read_lock_bh
    - LP: #1269863

linux (3.11.0-17.28) saucy; urgency=low

  [ Brad Figg ]

  * Release Tracking Bug
    - LP: #1269875

  [ Brad Figg ]

  * Start new release

  [ Upstream Kernel Changes ]

  * igb: Update link modes display in ethtool
  * Revert "mac80211: allow disable power save in mesh"
    - LP: #1269863
  * Revert "of/address: Handle #address-cells > 2 specially"
    - LP: #1269863
  * net: clamp ->msg_namelen instead of returning an error
    - LP: #1269053
  * random32: fix off-by-one in seeding requirement
    - LP: #1269863
  * bonding: don't permit to use ARP monitoring in 802.3ad mode
    - LP: #1269863
  * usbnet: fix status interrupt urb handling
    - LP: #1269863
  * 6lowpan: Uncompression of traffic class field was incorrect
    - LP: #1269863
  * tuntap: limit head length of skb allocated
    - LP: #1269863
  * macvtap: limit head length of skb allocated
    - LP: #1269863
  * tcp: tsq: restore minimal amount of queueing
    - LP: #1269863
  * bonding: fix two race conditions in bond_store_updelay/downdelay
    - LP: #1269863
  * net-tcp: fix panic in tcp_fastopen_cache_set()
    - LP: #1269863
  * isdnloop: use strlcpy() instead of strcpy()
    - LP: #1269863
  * connector: improved unaligned access error fix
    - LP: #1269863
  * ipv4: fix possible seqlock deadlock
    - LP: #1269863
  * inet: prevent leakage of uninitialized memory to user in recv syscalls
    - LP: #1269863
  * net: rework recvmsg handler msg_name and msg_namelen logic
    - LP: #1269863
  * net: add BUG_ON if kernel advertises msg_namelen > sizeof(struct
    sockaddr_storage)
    - LP: #1269863
  * inet: fix addr_len/msg->msg_namelen assignment in recv_error and rxpmtu
    functions
    - LP: #1269863
  * ipv6: fix leaking uninitialized port number of offender sockaddr
    - LP: #1269863
  * ip6_output: fragment outgoing reassembled skb properly
    - LP: #1269863
  * netfilter: push reasm skb through instead of original frag skbs
    - LP: #1269863
  * xf...

Changed in linux (Ubuntu Saucy):
status: Fix Committed → Fix Released
Andy Whitcroft (apw) on 2014-02-18
Changed in linux (Ubuntu Precise):
status: Fix Committed → Fix Released
Changed in linux-ti-omap4 (Ubuntu Precise):
status: Fix Committed → Fix Released
Launchpad Janitor (janitor) wrote :
Download full text (55.2 KiB)

This bug was fixed in the package linux-lts-saucy - 3.11.0-17.31~precise1

---------------
linux-lts-saucy (3.11.0-17.31~precise1) precise; urgency=low

  [ Brad Figg ]

  * Release Tracking Bug
    - LP: #1270372
  * Revert "UBUNTU: SAUCE: Fix compat_sys_recvmsg on x32 archs"

  [ John Johansen ]

  * [Upstream] x86, x32: Correct invalid use of user timespec in the kernel
    - LP: #1274754

linux (3.11.0-17.30) saucy; urgency=low

  [ Brad Figg ]

  * Release Tracking Bug
    - LP: #1270292

  [ Brad Figg ]

  * Start new release

  [ Upstream Kernel Changes ]

  * Revert "ACPI: Add BayTrail SoC GPIO and LPSS ACPI IDs"

linux (3.11.0-17.29) saucy; urgency=low

  [ Brad Figg ]

  * Start new release

  [ Upstream Kernel Changes ]

  * GFS2: Fix ref count bug relating to atomic_open
    - LP: #1269863
  * aio: restore locking of ioctx list on removal
    - LP: #1269863
  * mmc: block: fix a bug of error handling in MMC driver
    - LP: #1269863
  * net/mlx4_en: Fixed crash when port type is changed
    - LP: #1269863
  * net: Fix "ip rule delete table 256"
    - LP: #1269863
  * ipv6: use rt6_get_dflt_router to get default router in rt6_route_rcv
    - LP: #1269863
  * ipv6: protect for_each_sk_fl_rcu in mem_check with rcu_read_lock_bh
    - LP: #1269863

linux (3.11.0-17.28) saucy; urgency=low

  [ Brad Figg ]

  * Release Tracking Bug
    - LP: #1269875

  [ Brad Figg ]

  * Start new release

  [ Upstream Kernel Changes ]

  * igb: Update link modes display in ethtool
  * Revert "mac80211: allow disable power save in mesh"
    - LP: #1269863
  * Revert "of/address: Handle #address-cells > 2 specially"
    - LP: #1269863
  * net: clamp ->msg_namelen instead of returning an error
    - LP: #1269053
  * random32: fix off-by-one in seeding requirement
    - LP: #1269863
  * bonding: don't permit to use ARP monitoring in 802.3ad mode
    - LP: #1269863
  * usbnet: fix status interrupt urb handling
    - LP: #1269863
  * 6lowpan: Uncompression of traffic class field was incorrect
    - LP: #1269863
  * tuntap: limit head length of skb allocated
    - LP: #1269863
  * macvtap: limit head length of skb allocated
    - LP: #1269863
  * tcp: tsq: restore minimal amount of queueing
    - LP: #1269863
  * bonding: fix two race conditions in bond_store_updelay/downdelay
    - LP: #1269863
  * net-tcp: fix panic in tcp_fastopen_cache_set()
    - LP: #1269863
  * isdnloop: use strlcpy() instead of strcpy()
    - LP: #1269863
  * connector: improved unaligned access error fix
    - LP: #1269863
  * ipv4: fix possible seqlock deadlock
    - LP: #1269863
  * inet: prevent leakage of uninitialized memory to user in recv syscalls
    - LP: #1269863
  * net: rework recvmsg handler msg_name and msg_namelen logic
    - LP: #1269863
  * net: add BUG_ON if kernel advertises msg_namelen > sizeof(struct
    sockaddr_storage)
    - LP: #1269863
  * inet: fix addr_len/msg->msg_namelen assignment in recv_error and rxpmtu
    functions
    - LP: #1269863
  * ipv6: fix leaking uninitialized port number of offender sockaddr
    - LP: #1269863
  * ip6_output: fragment outgoing reassembled skb properly
    - LP: #1269863
  * netfilter: push reasm skb through instead of orig...

Changed in linux-lts-saucy (Ubuntu Precise):
status: Fix Committed → Fix Released
status: Fix Committed → Fix Released
Andy Whitcroft (apw) on 2014-02-19
Changed in linux-armadaxp (Ubuntu Precise):
status: Fix Committed → Fix Released
Andy Whitcroft (apw) on 2014-02-19
Changed in linux-lts-quantal (Ubuntu Precise):
status: Confirmed → Fix Committed
Andy Whitcroft (apw) on 2014-02-20
Changed in linux-armadaxp (Ubuntu Quantal):
status: Confirmed → Fix Committed
Brad Figg (brad-figg) wrote :

This bug is awaiting verification that the kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-quantal' to 'verification-done-quantal'.

If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you!

tags: added: verification-needed-quantal
Andy Whitcroft (apw) on 2014-02-24
Changed in linux-ti-omap4 (Ubuntu Quantal):
status: Confirmed → Fix Committed
Changed in linux-ti-omap4 (Ubuntu Saucy):
status: Confirmed → Fix Committed
MRATT (mrmail) wrote :

Confirm fix resolves issue in Quantal. Tested 3.5.0-47-generic #71~precise1-Ubuntu SMP Wed Feb 19 22:02:52 UTC 2014 x86_64 x86_64 x86_64

Many thanks !

tags: added: verification-done-quantal
removed: verification-needed-quantal

I still see this problem in 3.8.0-35. Should I see the fix in this release too or was it fixed in 3.5.0 codestream only?

Launchpad Janitor (janitor) wrote :
Download full text (22.4 KiB)

This bug was fixed in the package linux-lts-quantal - 3.5.0-47.71~precise1

---------------
linux-lts-quantal (3.5.0-47.71~precise1) precise; urgency=low

  [ Brad Figg ]

  * Release Tracking Bug
    - LP: #1281900

  [ Upstream Kernel Changes ]

  * Revert "mm: ensure get_unmapped_area() returns higher address than
    mmap_min_addr"
    - LP: #1277722
  * net: clamp ->msg_namelen instead of returning an error
    - LP: #1269053
  * netfilter: nf_conntrack: avoid large timeout for mid-stream pickup
    - LP: #1270237
  * SELinux: Fix kernel BUG on empty security contexts.
    - CVE-2014-1874
  * lirc_zilog: Don't use dynamic static allocation
    - LP: #1277722
  * net: Fix "ip rule delete table 256"
    - LP: #1277722
  * ipv6: use rt6_get_dflt_router to get default router in rt6_route_rcv
    - LP: #1277722
  * random32: fix off-by-one in seeding requirement
    - LP: #1277722
  * bonding: don't permit to use ARP monitoring in 802.3ad mode
    - LP: #1277722
  * 6lowpan: Uncompression of traffic class field was incorrect
    - LP: #1277722
  * bonding: fix two race conditions in bond_store_updelay/downdelay
    - LP: #1277722
  * isdnloop: use strlcpy() instead of strcpy()
    - LP: #1277722
  * connector: improved unaligned access error fix
    - LP: #1277722
  * ipv4: fix possible seqlock deadlock
    - LP: #1277722
  * inet: prevent leakage of uninitialized memory to user in recv syscalls
    - LP: #1277722
  * atm: idt77252: fix dev refcnt leak
    - LP: #1277722
  * net: core: Always propagate flag changes to interfaces
    - LP: #1277722
  * net: rework recvmsg handler msg_name and msg_namelen logic
    - LP: #1277722
  * net: add BUG_ON if kernel advertises msg_namelen > sizeof(struct
    sockaddr_storage)
    - LP: #1277722
  * packet: fix use after free race in send path when dev is released
    - LP: #1277722
  * inet: fix addr_len/msg->msg_namelen assignment in recv_error and rxpmtu
    functions
    - LP: #1277722
  * ipv6: fix leaking uninitialized port number of offender sockaddr
    - LP: #1277722
  * net: update consumers of MSG_MORE to recognize MSG_SENDPAGE_NOTLAST
    - LP: #1277722
  * inet: fix possible seqlock deadlocks
    - LP: #1277722
  * ipv6: fix possible seqlock deadlock in ip6_finish_output2
    - LP: #1277722
  * af_packet: block BH in prb_shutdown_retire_blk_timer()
    - LP: #1277722
  * {pktgen, xfrm} Update IPv4 header total len and checksum after
    tranformation
    - LP: #1277722
  * bridge: flush br's address entry in fdb when remove the
    - LP: #1277722
  * mmc: block: fix a bug of error handling in MMC driver
    - LP: #1277722
  * NFSv4: Update list of irrecoverable errors on DELEGRETURN
    - LP: #1277722
  * Update of blkg_stat and blkg_rwstat may happen in bh context. While
    u64_stats_fetch_retry is only preempt_disable on 32bit UP system. This
    is not enough to avoid preemption by bh and may read strange 64 bit
    value.
    - LP: #1277722
  * ASoC: wm8990: Mark the register map as dirty when powering down
    - LP: #1277722
  * irq: Enable all irqs unconditionally in irq_resume
    - LP: #1277722
  * xen/gnttab: leave lazy MMU mode in the case of a m2p override failure
    - LP: #12...

Changed in linux-lts-quantal (Ubuntu Precise):
status: Fix Committed → Fix Released
status: Fix Committed → Fix Released
Launchpad Janitor (janitor) wrote :
Download full text (30.5 KiB)

This bug was fixed in the package linux-lts-raring - 3.8.0-37.53~precise1

---------------
linux-lts-raring (3.8.0-37.53~precise1) precise; urgency=low

  [ Joseph Salisbury ]

  * Release Tracking Bug
    - LP: #1282210

  [ Upstream Kernel Changes ]

  * Revert "of/address: Handle #address-cells > 2 specially"
    - LP: #1278969
  * ath9k_htc: properly set MAC address and BSSID mask
    - LP: #1252422
    - CVE-2013-4579
  * aacraid: prevent invalid pointer dereference
    - LP: #1256083
    - CVE-2013-6380
  * net: clamp ->msg_namelen instead of returning an error
    - LP: #1269053
  * mmc: sdhci-pci: break out definitions to header file
    - LP: #1239938
  * mmc: sdhci-pci: add support of O2Micro/BayHubTech SD hosts
    - LP: #1239938
  * SELinux: Fix kernel BUG on empty security contexts.
    - CVE-2014-1874
  * xfs: add capability check to free eofblocks ioctl
    - LP: #1278969
  * staging: vt6656: [BUG] Fix for TX USB resets from vendors driver.
    - LP: #1278969
  * net: Fix "ip rule delete table 256"
    - LP: #1278969
  * ipv6: use rt6_get_dflt_router to get default router in rt6_route_rcv
    - LP: #1278969
  * random32: fix off-by-one in seeding requirement
    - LP: #1278969
  * bonding: don't permit to use ARP monitoring in 802.3ad mode
    - LP: #1278969
  * usbnet: fix status interrupt urb handling
    - LP: #1278969
  * 6lowpan: Uncompression of traffic class field was incorrect
    - LP: #1278969
  * tuntap: limit head length of skb allocated
    - LP: #1278969
  * macvtap: limit head length of skb allocated
    - LP: #1278969
  * tcp: tsq: restore minimal amount of queueing
    - LP: #1278969
  * bonding: fix two race conditions in bond_store_updelay/downdelay
    - LP: #1278969
  * net-tcp: fix panic in tcp_fastopen_cache_set()
    - LP: #1278969
  * isdnloop: use strlcpy() instead of strcpy()
    - LP: #1278969
  * connector: improved unaligned access error fix
    - LP: #1278969
  * ipv4: fix possible seqlock deadlock
    - LP: #1278969
  * inet: prevent leakage of uninitialized memory to user in recv syscalls
    - LP: #1278969
  * net: rework recvmsg handler msg_name and msg_namelen logic
    - LP: #1278969
  * net: add BUG_ON if kernel advertises msg_namelen > sizeof(struct
    sockaddr_storage)
    - LP: #1278969
  * inet: fix addr_len/msg->msg_namelen assignment in recv_error and rxpmtu
    functions
    - LP: #1278969
  * ipv6: fix leaking uninitialized port number of offender sockaddr
    - LP: #1278969
  * ip6_output: fragment outgoing reassembled skb properly
    - LP: #1278969
  * xfrm: Release dst if this dst is improper for vti tunnel
    - LP: #1278969
  * atm: idt77252: fix dev refcnt leak
    - LP: #1278969
  * tcp: don't update snd_nxt, when a socket is switched from repair mode
    - LP: #1278969
  * ipv4: fix race in concurrent ip_route_input_slow()
    - LP: #1278969
  * net: core: Always propagate flag changes to interfaces
    - LP: #1278969
  * bridge: flush br's address entry in fdb when remove the bridge dev
    - LP: #1278969
  * packet: fix use after free race in send path when dev is released
    - LP: #1278969
  * af_packet: block BH in prb_shutdown_retire_blk_timer()
    - LP: #1278969
  ...

Changed in linux-lts-raring (Ubuntu Precise):
status: Fix Committed → Fix Released
Launchpad Janitor (janitor) wrote :
Download full text (22.3 KiB)

This bug was fixed in the package linux - 3.5.0-47.71

---------------
linux (3.5.0-47.71) quantal; urgency=low

  [ Brad Figg ]

  * Release Tracking Bug
    - LP: #1281828

  [ Upstream Kernel Changes ]

  * Revert "mm: ensure get_unmapped_area() returns higher address than
    mmap_min_addr"
    - LP: #1277722
  * net: clamp ->msg_namelen instead of returning an error
    - LP: #1269053
  * netfilter: nf_conntrack: avoid large timeout for mid-stream pickup
    - LP: #1270237
  * SELinux: Fix kernel BUG on empty security contexts.
    - CVE-2014-1874
  * lirc_zilog: Don't use dynamic static allocation
    - LP: #1277722
  * net: Fix "ip rule delete table 256"
    - LP: #1277722
  * ipv6: use rt6_get_dflt_router to get default router in rt6_route_rcv
    - LP: #1277722
  * random32: fix off-by-one in seeding requirement
    - LP: #1277722
  * bonding: don't permit to use ARP monitoring in 802.3ad mode
    - LP: #1277722
  * 6lowpan: Uncompression of traffic class field was incorrect
    - LP: #1277722
  * bonding: fix two race conditions in bond_store_updelay/downdelay
    - LP: #1277722
  * isdnloop: use strlcpy() instead of strcpy()
    - LP: #1277722
  * connector: improved unaligned access error fix
    - LP: #1277722
  * ipv4: fix possible seqlock deadlock
    - LP: #1277722
  * inet: prevent leakage of uninitialized memory to user in recv syscalls
    - LP: #1277722
  * atm: idt77252: fix dev refcnt leak
    - LP: #1277722
  * net: core: Always propagate flag changes to interfaces
    - LP: #1277722
  * net: rework recvmsg handler msg_name and msg_namelen logic
    - LP: #1277722
  * net: add BUG_ON if kernel advertises msg_namelen > sizeof(struct
    sockaddr_storage)
    - LP: #1277722
  * packet: fix use after free race in send path when dev is released
    - LP: #1277722
  * inet: fix addr_len/msg->msg_namelen assignment in recv_error and rxpmtu
    functions
    - LP: #1277722
  * ipv6: fix leaking uninitialized port number of offender sockaddr
    - LP: #1277722
  * net: update consumers of MSG_MORE to recognize MSG_SENDPAGE_NOTLAST
    - LP: #1277722
  * inet: fix possible seqlock deadlocks
    - LP: #1277722
  * ipv6: fix possible seqlock deadlock in ip6_finish_output2
    - LP: #1277722
  * af_packet: block BH in prb_shutdown_retire_blk_timer()
    - LP: #1277722
  * {pktgen, xfrm} Update IPv4 header total len and checksum after
    tranformation
    - LP: #1277722
  * bridge: flush br's address entry in fdb when remove the
    - LP: #1277722
  * mmc: block: fix a bug of error handling in MMC driver
    - LP: #1277722
  * NFSv4: Update list of irrecoverable errors on DELEGRETURN
    - LP: #1277722
  * Update of blkg_stat and blkg_rwstat may happen in bh context. While
    u64_stats_fetch_retry is only preempt_disable on 32bit UP system. This
    is not enough to avoid preemption by bh and may read strange 64 bit
    value.
    - LP: #1277722
  * ASoC: wm8990: Mark the register map as dirty when powering down
    - LP: #1277722
  * irq: Enable all irqs unconditionally in irq_resume
    - LP: #1277722
  * xen/gnttab: leave lazy MMU mode in the case of a m2p override failure
    - LP: #1277722
  * libsas: fix usage of ata_tf_to_f...

Changed in linux (Ubuntu Quantal):
status: Fix Committed → Fix Released
status: Fix Committed → Fix Released
Changed in linux-ti-omap4 (Ubuntu Quantal):
status: Fix Committed → Fix Released
Launchpad Janitor (janitor) wrote :
Download full text (22.4 KiB)

This bug was fixed in the package linux-ti-omap4 - 3.5.0-239.55

---------------
linux-ti-omap4 (3.5.0-239.55) quantal; urgency=low

  * Release Tracking Bug
    - LP: #1281895

  [ Paolo Pisati ]

  * rebased on Ubuntu-3.5.0-47.71

  [ Ubuntu: 3.5.0-47.71 ]

  * Release Tracking Bug
    - LP: #1281828
  * Revert "mm: ensure get_unmapped_area() returns higher address than
    mmap_min_addr"
    - LP: #1277722
  * net: clamp ->msg_namelen instead of returning an error
    - LP: #1269053
  * netfilter: nf_conntrack: avoid large timeout for mid-stream pickup
    - LP: #1270237
  * SELinux: Fix kernel BUG on empty security contexts.
    - CVE-2014-1874
  * lirc_zilog: Don't use dynamic static allocation
    - LP: #1277722
  * net: Fix "ip rule delete table 256"
    - LP: #1277722
  * ipv6: use rt6_get_dflt_router to get default router in rt6_route_rcv
    - LP: #1277722
  * random32: fix off-by-one in seeding requirement
    - LP: #1277722
  * bonding: don't permit to use ARP monitoring in 802.3ad mode
    - LP: #1277722
  * 6lowpan: Uncompression of traffic class field was incorrect
    - LP: #1277722
  * bonding: fix two race conditions in bond_store_updelay/downdelay
    - LP: #1277722
  * isdnloop: use strlcpy() instead of strcpy()
    - LP: #1277722
  * connector: improved unaligned access error fix
    - LP: #1277722
  * ipv4: fix possible seqlock deadlock
    - LP: #1277722
  * inet: prevent leakage of uninitialized memory to user in recv syscalls
    - LP: #1277722
  * atm: idt77252: fix dev refcnt leak
    - LP: #1277722
  * net: core: Always propagate flag changes to interfaces
    - LP: #1277722
  * net: rework recvmsg handler msg_name and msg_namelen logic
    - LP: #1277722
  * net: add BUG_ON if kernel advertises msg_namelen > sizeof(struct
    sockaddr_storage)
    - LP: #1277722
  * packet: fix use after free race in send path when dev is released
    - LP: #1277722
  * inet: fix addr_len/msg->msg_namelen assignment in recv_error and rxpmtu
    functions
    - LP: #1277722
  * ipv6: fix leaking uninitialized port number of offender sockaddr
    - LP: #1277722
  * net: update consumers of MSG_MORE to recognize MSG_SENDPAGE_NOTLAST
    - LP: #1277722
  * inet: fix possible seqlock deadlocks
    - LP: #1277722
  * ipv6: fix possible seqlock deadlock in ip6_finish_output2
    - LP: #1277722
  * af_packet: block BH in prb_shutdown_retire_blk_timer()
    - LP: #1277722
  * {pktgen, xfrm} Update IPv4 header total len and checksum after
    tranformation
    - LP: #1277722
  * bridge: flush br's address entry in fdb when remove the
    - LP: #1277722
  * mmc: block: fix a bug of error handling in MMC driver
    - LP: #1277722
  * NFSv4: Update list of irrecoverable errors on DELEGRETURN
    - LP: #1277722
  * Update of blkg_stat and blkg_rwstat may happen in bh context. While
    u64_stats_fetch_retry is only preempt_disable on 32bit UP system. This
    is not enough to avoid preemption by bh and may read strange 64 bit
    value.
    - LP: #1277722
  * ASoC: wm8990: Mark the register map as dirty when powering down
    - LP: #1277722
  * irq: Enable all irqs unconditionally in irq_resume
    - LP: #1277722
  * xen/gnttab: leave lazy MMU ...

Changed in linux-ti-omap4 (Ubuntu Quantal):
status: Fix Committed → Fix Released
Launchpad Janitor (janitor) wrote :
Download full text (22.4 KiB)

This bug was fixed in the package linux-armadaxp - 3.5.0-1628.37

---------------
linux-armadaxp (3.5.0-1628.37) quantal-proposed; urgency=low

  [ Ike Panhc ]

  * Release Tracking Bug
    - LP: #1281897
  * Rebase onto Ubuntu-3.5.0-47.71

  [ Ubuntu: 3.5.0-47.71 ]

  * Release Tracking Bug
    - LP: #1281828
  * Revert "mm: ensure get_unmapped_area() returns higher address than
    mmap_min_addr"
    - LP: #1277722
  * net: clamp ->msg_namelen instead of returning an error
    - LP: #1269053
  * netfilter: nf_conntrack: avoid large timeout for mid-stream pickup
    - LP: #1270237
  * SELinux: Fix kernel BUG on empty security contexts.
    - CVE-2014-1874
  * lirc_zilog: Don't use dynamic static allocation
    - LP: #1277722
  * net: Fix "ip rule delete table 256"
    - LP: #1277722
  * ipv6: use rt6_get_dflt_router to get default router in rt6_route_rcv
    - LP: #1277722
  * random32: fix off-by-one in seeding requirement
    - LP: #1277722
  * bonding: don't permit to use ARP monitoring in 802.3ad mode
    - LP: #1277722
  * 6lowpan: Uncompression of traffic class field was incorrect
    - LP: #1277722
  * bonding: fix two race conditions in bond_store_updelay/downdelay
    - LP: #1277722
  * isdnloop: use strlcpy() instead of strcpy()
    - LP: #1277722
  * connector: improved unaligned access error fix
    - LP: #1277722
  * ipv4: fix possible seqlock deadlock
    - LP: #1277722
  * inet: prevent leakage of uninitialized memory to user in recv syscalls
    - LP: #1277722
  * atm: idt77252: fix dev refcnt leak
    - LP: #1277722
  * net: core: Always propagate flag changes to interfaces
    - LP: #1277722
  * net: rework recvmsg handler msg_name and msg_namelen logic
    - LP: #1277722
  * net: add BUG_ON if kernel advertises msg_namelen > sizeof(struct
    sockaddr_storage)
    - LP: #1277722
  * packet: fix use after free race in send path when dev is released
    - LP: #1277722
  * inet: fix addr_len/msg->msg_namelen assignment in recv_error and rxpmtu
    functions
    - LP: #1277722
  * ipv6: fix leaking uninitialized port number of offender sockaddr
    - LP: #1277722
  * net: update consumers of MSG_MORE to recognize MSG_SENDPAGE_NOTLAST
    - LP: #1277722
  * inet: fix possible seqlock deadlocks
    - LP: #1277722
  * ipv6: fix possible seqlock deadlock in ip6_finish_output2
    - LP: #1277722
  * af_packet: block BH in prb_shutdown_retire_blk_timer()
    - LP: #1277722
  * {pktgen, xfrm} Update IPv4 header total len and checksum after
    tranformation
    - LP: #1277722
  * bridge: flush br's address entry in fdb when remove the
    - LP: #1277722
  * mmc: block: fix a bug of error handling in MMC driver
    - LP: #1277722
  * NFSv4: Update list of irrecoverable errors on DELEGRETURN
    - LP: #1277722
  * Update of blkg_stat and blkg_rwstat may happen in bh context. While
    u64_stats_fetch_retry is only preempt_disable on 32bit UP system. This
    is not enough to avoid preemption by bh and may read strange 64 bit
    value.
    - LP: #1277722
  * ASoC: wm8990: Mark the register map as dirty when powering down
    - LP: #1277722
  * irq: Enable all irqs unconditionally in irq_resume
    - LP: #1277722
  * xen/gnttab: leave l...

Changed in linux-armadaxp (Ubuntu Quantal):
status: Fix Committed → Fix Released
Launchpad Janitor (janitor) wrote :
Download full text (22.4 KiB)

This bug was fixed in the package linux-ti-omap4 - 3.5.0-239.55

---------------
linux-ti-omap4 (3.5.0-239.55) quantal; urgency=low

  * Release Tracking Bug
    - LP: #1281895

  [ Paolo Pisati ]

  * rebased on Ubuntu-3.5.0-47.71

  [ Ubuntu: 3.5.0-47.71 ]

  * Release Tracking Bug
    - LP: #1281828
  * Revert "mm: ensure get_unmapped_area() returns higher address than
    mmap_min_addr"
    - LP: #1277722
  * net: clamp ->msg_namelen instead of returning an error
    - LP: #1269053
  * netfilter: nf_conntrack: avoid large timeout for mid-stream pickup
    - LP: #1270237
  * SELinux: Fix kernel BUG on empty security contexts.
    - CVE-2014-1874
  * lirc_zilog: Don't use dynamic static allocation
    - LP: #1277722
  * net: Fix "ip rule delete table 256"
    - LP: #1277722
  * ipv6: use rt6_get_dflt_router to get default router in rt6_route_rcv
    - LP: #1277722
  * random32: fix off-by-one in seeding requirement
    - LP: #1277722
  * bonding: don't permit to use ARP monitoring in 802.3ad mode
    - LP: #1277722
  * 6lowpan: Uncompression of traffic class field was incorrect
    - LP: #1277722
  * bonding: fix two race conditions in bond_store_updelay/downdelay
    - LP: #1277722
  * isdnloop: use strlcpy() instead of strcpy()
    - LP: #1277722
  * connector: improved unaligned access error fix
    - LP: #1277722
  * ipv4: fix possible seqlock deadlock
    - LP: #1277722
  * inet: prevent leakage of uninitialized memory to user in recv syscalls
    - LP: #1277722
  * atm: idt77252: fix dev refcnt leak
    - LP: #1277722
  * net: core: Always propagate flag changes to interfaces
    - LP: #1277722
  * net: rework recvmsg handler msg_name and msg_namelen logic
    - LP: #1277722
  * net: add BUG_ON if kernel advertises msg_namelen > sizeof(struct
    sockaddr_storage)
    - LP: #1277722
  * packet: fix use after free race in send path when dev is released
    - LP: #1277722
  * inet: fix addr_len/msg->msg_namelen assignment in recv_error and rxpmtu
    functions
    - LP: #1277722
  * ipv6: fix leaking uninitialized port number of offender sockaddr
    - LP: #1277722
  * net: update consumers of MSG_MORE to recognize MSG_SENDPAGE_NOTLAST
    - LP: #1277722
  * inet: fix possible seqlock deadlocks
    - LP: #1277722
  * ipv6: fix possible seqlock deadlock in ip6_finish_output2
    - LP: #1277722
  * af_packet: block BH in prb_shutdown_retire_blk_timer()
    - LP: #1277722
  * {pktgen, xfrm} Update IPv4 header total len and checksum after
    tranformation
    - LP: #1277722
  * bridge: flush br's address entry in fdb when remove the
    - LP: #1277722
  * mmc: block: fix a bug of error handling in MMC driver
    - LP: #1277722
  * NFSv4: Update list of irrecoverable errors on DELEGRETURN
    - LP: #1277722
  * Update of blkg_stat and blkg_rwstat may happen in bh context. While
    u64_stats_fetch_retry is only preempt_disable on 32bit UP system. This
    is not enough to avoid preemption by bh and may read strange 64 bit
    value.
    - LP: #1277722
  * ASoC: wm8990: Mark the register map as dirty when powering down
    - LP: #1277722
  * irq: Enable all irqs unconditionally in irq_resume
    - LP: #1277722
  * xen/gnttab: leave lazy MMU ...

Changed in linux-ti-omap4 (Ubuntu Saucy):
status: Fix Committed → Fix Released
Andy Whitcroft (apw) on 2014-03-06
tags: removed: kernel-bug-break-fix
tags: added: kernel-bug-break-fix-complete
Sebastian (sbrandt-n) wrote :

Seems the bug reappeared in precise with 3.2.0-64-generic-pae.
3.2.0-61-generic-pae works.
I do not know which of the kernels in between work.

Kit Davis (kdavis-j) wrote :

The bug now shows up in Trusty as of 3.13.0-30 I know it was working in 3.13.0-24

Kit Davis (kdavis-j) wrote :

The bug is also present in 3.13.0-29 as well.

Andy Whitcroft (apw) wrote :

@Kit / @Sebastian -- ok the fix for the original bug appears to be correctly applied. I believe this is a new form of this bug triggered by the commit below:

  commit dbb490b96584d4e958533fb637f08b557f505657
  Author: Matthew Leach <email address hidden>
  Date: Tue Mar 11 11:58:27 2014 +0000

    net: socket: error on a negative msg_namelen

As this is essentially a new bug, could one of you file a new bug against the 'linux' package for me, and reference it here. I'll see about some debugging to confirm this on that bug.

Kit Davis (kdavis-j) wrote :

Reported as bug #1335478

Thanks

Kit Davis (kdavis-j) wrote :

I reported this as a new bug back almost a month ago - but to date, while the status has been changed to confirmed, the bug remains unassigned. I have tested 3.13.0-32 and the bug remains in this new version as well.

Ben Erickson (bugs-r) wrote :

I have also commented on the new bug #1335478. Thanks to this bug being fixed, I have a workaround- which is to install one of these FIXED kernels.

To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers