Request cherry-pick of upstream kernel patch which caps SECCOMP_RET_ERRNO to MAX_ERRNO

Bug #1496073 reported by Brad Figg on 2015-09-15
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
linux (Ubuntu)
Undecided
Brad Figg
Trusty
Undecided
Unassigned
Vivid
Undecided
Unassigned
linux-lts-utopic (Ubuntu)
Undecided
Unassigned
Trusty
Undecided
Unassigned

Bug Description

The seccomp regression tests are failing due to SRU kernels not having the relevant commit:

Author: Kees Cook <email address hidden>
Date: Tue Feb 17 13:48:00 2015 -0800

    seccomp: cap SECCOMP_RET_ERRNO data to MAX_ERRNO

    The value resulting from the SECCOMP_RET_DATA mask could exceed MAX_ERRNO
    when setting errno during a SECCOMP_RET_ERRNO filter action. This makes
    sure we have a reliable value being set, so that an invalid errno will not
    be ignored by userspace.

    Signed-off-by: Kees Cook <email address hidden>
    Reported-by: Dmitry V. Levin <email address hidden>
    Cc: Andy Lutomirski <email address hidden>
    Cc: Will Drewry <email address hidden>
    Signed-off-by: Andrew Morton <email address hidden>
    Signed-off-by: Linus Torvalds <email address hidden>

SRU Justification

    Impact:
        Upstream regression tests are reporting errors.

    Test Case:
        Run the upstream regression tests and verify they are passing
        cleanly.

CVE References

Brad Figg (brad-figg) on 2015-09-15
Changed in linux (Ubuntu):
status: New → Triaged
status: Triaged → In Progress
assignee: nobody → Brad Figg (brad-figg)
description: updated
Brad Figg (brad-figg) on 2015-09-15
Changed in linux (Ubuntu):
status: In Progress → Fix Committed
Brad Figg (brad-figg) on 2015-10-05
Changed in linux (Ubuntu Vivid):
status: New → Fix Committed
Changed in linux (Ubuntu):
status: Fix Committed → Invalid
Luis Henriques (henrix) wrote :

This bug is awaiting verification that the kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-vivid' to 'verification-done-vivid'.

If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you!

tags: added: verification-needed-vivid
Brad Figg (brad-figg) on 2015-10-12
tags: added: verification-done-vivid
removed: verification-needed-vivid
Launchpad Janitor (janitor) wrote :
Download full text (10.5 KiB)

This bug was fixed in the package linux - 3.19.0-31.36

---------------
linux (3.19.0-31.36) vivid; urgency=low

  [ Luis Henriques ]

  * Release Tracking Bug
    - LP: #1503703

  [ Andy Whitcroft ]

  * Revert "SAUCE: aufs3: mmap: Fix races in madvise_remove() and
    sys_msync()"
    - LP: #1503655

  [ Ben Hutchings ]

  * SAUCE: aufs3: mmap: Fix races in madvise_remove() and sys_msync()
    - LP: #1503655
    - CVE-2015-7312

linux (3.19.0-31.35) vivid; urgency=low

  [ Brad Figg ]

  * Release Tracking Bug
    - LP: #1503005

  [ Ben Hutchings ]

  * SAUCE: aufs3: mmap: Fix races in madvise_remove() and sys_msync()
    - CVE-2015-7312

  [ Craig Magina ]

  * [Config] Add XGENE_EDAC, EDAC_SUPPORT and EDAC_ATOMIC_SCRUB
    - LP: #1494357

  [ John Johansen ]

  * SAUCE: (no-up) apparmor: fix mount not handling disconnected paths
    - LP: #1496430

  [ Laurent Dufour ]

  * SAUCE: powerpc/hvsi: Fix endianness issues in the HVSI driver
    - LP: #1499357

  [ Tim Gardner ]

  * [Config] CONFIG_RTC_DRV_XGENE=y for only arm64
    - LP: #1499869

  [ Upstream Kernel Changes ]

  * Revert "sit: Add gro callbacks to sit_offload"
    - LP: #1500493
  * ipmi/powernv: Fix minor locking bug
    - LP: #1493017
  * mmc: sdhci-pci: set the clear transfer mode register quirk for O2Micro
    - LP: #1472843
  * perf probe ppc: Fix symbol fixup issues due to ELF type
    - LP: #1485528
  * perf probe ppc: Use the right prefix when ignoring SyS symbols on ppc
    - LP: #1485528
  * perf probe ppc: Enable matching against dot symbols automatically
    - LP: #1485528
  * perf probe ppc64le: Fix ppc64 ABIv2 symbol decoding
    - LP: #1485528
  * perf probe ppc64le: Prefer symbol table lookup over DWARF
    - LP: #1485528
  * perf probe ppc64le: Fixup function entry if using kallsyms lookup
    - LP: #1485528
  * perf probe: Improve detection of file/function name in the probe
    pattern
    - LP: #1485528
  * perf probe: Ignore tail calls to probed functions
    - LP: #1485528
  * seccomp: cap SECCOMP_RET_ERRNO data to MAX_ERRNO
    - LP: #1496073
  * EDAC: Cleanup atomic_scrub mess
    - LP: #1494357
  * arm64: Enable EDAC on ARM64
    - LP: #1494357
  * MAINTAINERS: Add entry for APM X-Gene SoC EDAC driver
    - LP: #1494357
  * Documentation: Add documentation for the APM X-Gene SoC EDAC DTS
    binding
    - LP: #1494357
  * EDAC: Add APM X-Gene SoC EDAC driver
    - LP: #1494357
  * arm64: Add APM X-Gene SoC EDAC DTS entries
    - LP: #1494357
  * EDAC, edac_stub: Drop arch-specific include
    - LP: #1494357
  * NVMe: Fix blk-mq hot cpu notification
    - LP: #1498778
  * blk-mq: Shared tag enhancements
    - LP: #1498778
  * blk-mq: avoid access hctx->tags->cpumask before allocation
    - LP: #1498778
  * x86/ldt: Make modify_ldt synchronous
    - LP: #1500493
  * x86/ldt: Correct LDT access in single stepping logic
    - LP: #1500493
  * x86/ldt: Correct FPU emulation access to LDT
    - LP: #1500493
  * md: flush ->event_work before stopping array.
    - LP: #1500493
  * ipv6: addrconf: validate new MTU before applying it
    - LP: #1500493
  * virtio-net: drop NETIF_F_FRAGLIST
    - LP: #1500493
  * RDS: verify the underlying transport exists bef...

Changed in linux (Ubuntu Vivid):
status: Fix Committed → Fix Released
Brad Figg (brad-figg) on 2016-03-01
no longer affects: linux-lts-utopic (Ubuntu Vivid)
Changed in linux (Ubuntu Trusty):
status: New → Fix Committed
Changed in linux-lts-utopic (Ubuntu Trusty):
status: New → Fix Committed
Kamal Mostafa (kamalmostafa) wrote :

This bug is awaiting verification that the kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-trusty' to 'verification-done-trusty'.

If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you!

tags: added: verification-needed-trusty
Brad Figg (brad-figg) on 2016-03-28
tags: added: verification-done-trusty
removed: verification-needed-trusty
Launchpad Janitor (janitor) wrote :
Download full text (11.0 KiB)

This bug was fixed in the package linux - 3.13.0-85.129

---------------
linux (3.13.0-85.129) trusty; urgency=low

  [ Brad Figg ]

  * Release Tracking Bug
    - LP: #1558727

  [ Upstream Kernel Changes ]

  * Revert "Revert "af_unix: Revert 'lock_interruptible' in stream receive
    code""

linux (3.13.0-84.128) trusty; urgency=low

  [ Brad Figg ]

  * Release Tracking Bug
    - LP: #1557596

  [ Upstream Kernel Changes ]

  * Revert "af_unix: Revert 'lock_interruptible' in stream receive code"
    - LP: #1540731
  * seccomp: cap SECCOMP_RET_ERRNO data to MAX_ERRNO
    - LP: #1496073
  * net/mlx4_en: Remove dependency between timestamping capability and
    service_task
    - LP: #1537859
  * net/mlx4_en: Fix HW timestamp init issue upon system startup
    - LP: #1537859
  * x86/mm: Fix slow_virt_to_phys() for X86_PAE again
    - LP: #1549601
  * iw_cxgb3: Fix incorrectly returning error on success
    - LP: #1557191
  * EVM: Use crypto_memneq() for digest comparisons
    - LP: #1557191
  * x86/entry/compat: Add missing CLAC to entry_INT80_32
    - LP: #1557191
  * iio: dac: mcp4725: set iio name property in sysfs
    - LP: #1557191
  * iommu/vt-d: Fix 64-bit accesses to 32-bit DMAR_GSTS_REG
    - LP: #1557191
  * PCI/AER: Flush workqueue on device remove to avoid use-after-free
    - LP: #1557191
  * libata: disable forced PORTS_IMPL for >= AHCI 1.3
    - LP: #1557191
  * mac80211: start_next_roc only if scan was actually running
    - LP: #1557191
  * mac80211: Requeue work after scan complete for all VIF types.
    - LP: #1557191
  * rfkill: fix rfkill_fop_read wait_event usage
    - LP: #1557191
  * crypto: shash - Fix has_key setting
    - LP: #1557191
  * drm/i915/dp: fall back to 18 bpp when sink capability is unknown
    - LP: #1557191
  * target: Fix WRITE_SAME/DISCARD conversion to linux 512b sectors
    - LP: #1557191
  * crypto: algif_hash - wait for crypto_ahash_init() to complete
    - LP: #1557191
  * iio: inkern: fix a NULL dereference on error
    - LP: #1557191
  * intel_scu_ipcutil: underflow in scu_reg_access()
    - LP: #1557191
  * ALSA: seq: Fix race at closing in virmidi driver
    - LP: #1557191
  * ALSA: rawmidi: Remove kernel WARNING for NULL user-space buffer check
    - LP: #1557191
  * ALSA: pcm: Fix potential deadlock in OSS emulation
    - LP: #1557191
  * ALSA: seq: Fix yet another races among ALSA timer accesses
    - LP: #1557191
  * ALSA: timer: Fix link corruption due to double start or stop
    - LP: #1557191
  * libata: fix sff host state machine locking while polling
    - LP: #1557191
  * cputime: Prevent 32bit overflow in time[val|spec]_to_cputime()
    - LP: #1557191
  * ASoC: dpcm: fix the BE state on hw_free
    - LP: #1557191
  * module: wrapper for symbol name.
    - LP: #1557191
  * ALSA: hda - Add fixup for Mac Mini 7,1 model
    - LP: #1557191
  * ALSA: Move EXPORT_SYMBOL() in appropriate places
    - LP: #1557191
  * ALSA: rawmidi: Make snd_rawmidi_transmit() race-free
    - LP: #1557191
  * ALSA: rawmidi: Fix race at copying & updating the position
    - LP: #1557191
  * ALSA: seq: Fix lockdep warnings due to double mutex locks
    - LP: #1557191
  * drivers/scsi/sg.c: mark VMA as VM_IO...

Changed in linux (Ubuntu Trusty):
status: Fix Committed → Fix Released
status: Fix Committed → Fix Released
Launchpad Janitor (janitor) wrote :
Download full text (10.4 KiB)

This bug was fixed in the package linux-lts-utopic - 3.16.0-69.89~14.04.1

---------------
linux-lts-utopic (3.16.0-69.89~14.04.1) trusty; urgency=low

  [ Brad Figg ]

  * Release Tracking Bug
    - LP: #1558760

  [ Upstream Kernel Changes ]

  * Revert "Revert "af_unix: Revert 'lock_interruptible' in stream receive
    code""

linux-lts-utopic (3.16.0-68.88~14.04.1) trusty; urgency=low

  [ Brad Figg ]

  * Release Tracking Bug
    - LP: #1558092

  [ Upstream Kernel Changes ]

  * Revert "ALSA: hda - Fix noise on Gigabyte Z170X mobo"
    - LP: #1552180
  * Revert "af_unix: Revert 'lock_interruptible' in stream receive code"
    - LP: #1540731
  * [media] usbvision fix overflow of interfaces array
    - LP: #1552180
  * [media] usbvision: fix leak of usb_dev on failure paths in
    usbvision_probe()
    - LP: #1552180
  * [media] usbvision: fix crash on detecting device with invalid
    configuration
    - LP: #1552180
  * tty: Fix unsafe ldisc reference via ioctl(TIOCGETD)
    - LP: #1552180
  * USB: serial: visor: fix crash on detecting device without write_urbs
    - LP: #1552180
  * ASN.1: Fix non-match detection failure on data overrun
    - LP: #1552180
  * iw_cxgb3: Fix incorrectly returning error on success
    - LP: #1552180
  * EVM: Use crypto_memneq() for digest comparisons
    - LP: #1552180
  * iio: adis_buffer: Fix out-of-bounds memory access
    - LP: #1552180
  * KVM: PPC: Fix emulation of H_SET_DABR/X on POWER8
    - LP: #1552180
  * x86/irq: Call chip->irq_set_affinity in proper context
    - LP: #1552180
  * ACPI / PCI / hotplug: unlock in error path in acpiphp_enable_slot()
    - LP: #1552180
  * usb: cdc-acm: handle unlinked urb in acm read callback
    - LP: #1552180
  * usb: cdc-acm: send zero packet for intel 7260 modem
    - LP: #1552180
  * cdc-acm:exclude Samsung phone 04e8:685d
    - LP: #1552180
  * usb: hub: do not clear BOS field during reset device
    - LP: #1552180
  * USB: cp210x: add ID for IAI USB to RS485 adaptor
    - LP: #1552180
  * USB: visor: fix null-deref at probe
    - LP: #1552180
  * USB: serial: option: Adding support for Telit LE922
    - LP: #1552180
  * ALSA: seq: Fix incorrect sanity check at snd_seq_oss_synth_cleanup()
    - LP: #1552180
  * ALSA: seq: Degrade the error message for too many opens
    - LP: #1552180
  * USB: serial: ftdi_sio: add support for Yaesu SCU-18 cable
    - LP: #1552180
  * USB: option: fix Cinterion AHxx enumeration
    - LP: #1552180
  * ALSA: compress: Disable GET_CODEC_CAPS ioctl for some architectures
    - LP: #1552180
  * ALSA: usb-audio: Fix TEAC UD-501/UD-503/NT-503 usb delay
    - LP: #1552180
  * virtio_pci: fix use after free on release
    - LP: #1552180
  * ALSA: bebob: Use a signed return type for get_formation_index
    - LP: #1552180
  * arm64: errata: Add -mpc-relative-literal-loads to build flags
    - LP: #1533009, #1552180
  * powerpc/eeh: Fix PE location code
    - LP: #1552180
  * SCSI: fix crashes in sd and sr runtime PM
    - LP: #1552180
  * n_tty: Fix unsafe reference to "other" ldisc
    - LP: #1552180
  * staging/speakup: Use tty_ldisc_ref() for paste kworker
    - LP: #1552180
  * ALSA: dummy: Disable switching timer backend via sys...

Changed in linux-lts-utopic (Ubuntu Trusty):
status: Fix Committed → Fix Released
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers