Bug #1968902 “ARM64_SW_TTBR0_PAN Should Be Enabled For Oracle Ke...” : Bugs : linux-oracle package : Ubuntu

Joseph Salisbury (jsalisbury) on 2022-04-13

Changed in linux (Ubuntu):
status:	New → In Progress
importance:	Undecided → Medium
assignee:	nobody → Joseph Salisbury (jsalisbury)

Joseph Salisbury (jsalisbury) on 2022-04-13

Changed in linux (Ubuntu Xenial):
status:	New → In Progress
Changed in linux (Ubuntu Bionic):
status:	New → In Progress
Changed in linux (Ubuntu Focal):
status:	New → In Progress
Changed in linux (Ubuntu Xenial):
importance:	Undecided → Medium
Changed in linux (Ubuntu Bionic):
importance:	Undecided → Medium
assignee:	nobody → Joseph Salisbury (jsalisbury)
Changed in linux (Ubuntu Impish):
importance:	Undecided → Medium
Changed in linux (Ubuntu Focal):
assignee:	nobody → Joseph Salisbury (jsalisbury)
Changed in linux (Ubuntu Impish):
assignee:	nobody → Joseph Salisbury (jsalisbury)
Changed in linux (Ubuntu Focal):
importance:	Undecided → Medium
Changed in linux (Ubuntu Xenial):
assignee:	nobody → Joseph Salisbury (jsalisbury)

Joseph Salisbury (jsalisbury) on 2022-04-13

no longer affects:	linux (Ubuntu Xenial)
no longer affects:	linux (Ubuntu Bionic)
Changed in linux (Ubuntu Impish):
status:	New → In Progress

Stefan Bader (smb) on 2022-04-14

affects:

linux (Ubuntu) → linux-oracle (Ubuntu)

Revision history for this message

Stefan Bader (smb) wrote on 2022-04-20:

#1

According to the v2 submission this change has already been made for Impish.

Changed in linux-oracle (Ubuntu Impish):
status:	In Progress → Invalid

Joseph Salisbury (jsalisbury) on 2022-04-25

description:

updated

Luke Nowakowski-Krijger (lukenow) on 2022-07-07

Changed in linux-oracle (Ubuntu Focal):
status:	In Progress → Fix Committed

Revision history for this message

Ubuntu Kernel Bot (ubuntu-kernel-bot) wrote on 2022-07-18:

#2

This bug is awaiting verification that the linux-oracle/5.4.0-1080.88 kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-focal' to 'verification-done-focal'. If the problem still exists, change the tag 'verification-needed-focal' to 'verification-failed-focal'.

If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you!

tags:

added: verification-needed-focal

Revision history for this message

Luke Nowakowski-Krijger (lukenow) wrote on 2022-08-04:

#3

This option is enabled now, switching to verification done

tags:

added: verification-done-focal
removed: verification-needed-focal

Revision history for this message

Po-Hsu Lin (cypressyew) wrote on 2022-08-05:

#4

Marking linux-oracle as fix-released since this issue does not exist on newer Oracle kernels.

Changed in linux-oracle (Ubuntu):
status:	In Progress → Fix Released
Changed in ubuntu-kernel-tests:
status:	New → Fix Released

Revision history for this message

Launchpad Janitor (janitor) wrote on 2022-08-09:

#5

Download full text (9.2 KiB)

This bug was fixed in the package linux-oracle - 5.4.0-1081.89

---------------
linux-oracle (5.4.0-1081.89) focal; urgency=medium

[ Ubuntu: 5.4.0-124.140 ]

  * CVE-2022-2586
    - SAUCE: netfilter: nf_tables: do not allow SET_ID to refer to another table
    - SAUCE: netfilter: nf_tables: do not allow RULE_ID to refer to another chain
  * CVE-2022-2588
    - SAUCE: net_sched: cls_route: remove from list when handle is 0
  * CVE-2022-34918
    - netfilter: nf_tables: stricter validation of element data

linux-oracle (5.4.0-1080.88) focal; urgency=medium

* focal/linux-oracle: 5.4.0-1080.88 -proposed tracker (LP: #1981274)

* ARM64_SW_TTBR0_PAN Should Be Enabled For Oracle Kernels (LP: #1968902)
- [config] oracle: Enable CONFIG_ARM64_SW_TTBR0_PAN

[ Ubuntu: 5.4.0-123.139 ]

  * focal/linux: 5.4.0-123.139 -proposed tracker (LP: #1981284)
  * Packaging resync (LP: #1786013)
    - debian/dkms-versions -- update from kernel-versions (main/2022.07.11)
  * Hairpin traffic does not work with centralized NAT gw (LP: #1967856)
    - net: openvswitch: fix misuse of the cached connection on tuple changes
  * [UBUNTU 20.04] Include patches to avoid self-detected stall with Secure
    Execution (LP: #1979296)
    - KVM: s390: pv: add macros for UVC CC values
    - KVM: s390: pv: avoid stalls when making pages secure
    - KVM: s390: pv: avoid stalls for kvm_s390_pv_init_vm
  * Focal update: v5.4.195 upstream stable release (LP: #1980407)
    - batman-adv: Don't skb_split skbuffs with frag_list
    - hwmon: (tmp401) Add OF device ID table
    - mac80211: Reset MBSSID parameters upon connection
    - net: Fix features skip in for_each_netdev_feature()
    - ipv4: drop dst in multicast routing path
    - drm/nouveau: Fix a potential theorical leak in nouveau_get_backlight_name()
    - netlink: do not reset transport header in netlink_recvmsg()
    - mac80211_hwsim: call ieee80211_tx_prepare_skb under RCU protection
    - dim: initialize all struct fields
    - hwmon: (ltq-cputemp) restrict it to SOC_XWAY
    - s390/ctcm: fix variable dereferenced before check
    - s390/ctcm: fix potential memory leak
    - s390/lcs: fix variable dereferenced before check
    - net/sched: act_pedit: really ensure the skb is writable
    - net/smc: non blocking recvmsg() return -EAGAIN when no data and
      signal_pending
    - net: sfc: ef10: fix memory leak in efx_ef10_mtd_probe()
    - gfs2: Fix filesystem block deallocation for short writes
    - hwmon: (f71882fg) Fix negative temperature
    - ASoC: max98090: Reject invalid values in custom control put()
    - ASoC: max98090: Generate notifications on changes for custom control
    - ASoC: ops: Validate input values in snd_soc_put_volsw_range()
    - s390: disable -Warray-bounds
    - net: emaclite: Don't advertise 1000BASE-T and do auto negotiation
    - tcp: resalt the secret every 10 seconds
    - tty: n_gsm: fix mux activation issues in gsm_config()
    - usb: cdc-wdm: fix reading stuck on device close
    - usb: typec: tcpci: Don't skip cleanup in .remove() on error
    - USB: serial: pl2303: add device id for HP LM930 Display
    - USB: serial: qcserial: add support for Sierra Wireless EM7590
    - US...

This bug was fixed in the package linux-oracle - 5.4.0-1081.89

---------------
linux-oracle (5.4.0-1081.89) focal; urgency=medium

[ Ubuntu: 5.4.0-124.140 ]

* CVE-2022-2586
    - SAUCE: netfilter: nf_tables: do not allow SET_ID to refer to another table
    - SAUCE: netfilter: nf_tables: do not allow RULE_ID to refer to another chain
  * CVE-2022-2588
    - SAUCE: net_sched: cls_route: remove from list when handle is 0
  * CVE-2022-34918
    - netfilter: nf_tables: stricter validation of element data

linux-oracle (5.4.0-1080.88) focal; urgency=medium

* focal/linux-oracle: 5.4.0-1080.88 -proposed tracker (LP: #1981274)

* ARM64_SW_TTBR0_PAN Should Be Enabled For Oracle Kernels (LP: #1968902)
    - [config] oracle: Enable CONFIG_ARM64_SW_TTBR0_PAN

[ Ubuntu: 5.4.0-123.139 ]

* focal/linux: 5.4.0-123.139 -proposed tracker (LP: #1981284)
  * Packaging resync (LP: #1786013)
    - debian/dkms-versions -- update from kernel-versions (main/2022.07.11)
  * Hairpin traffic does not work with centralized NAT gw (LP: #1967856)
    - net: openvswitch: fix misuse of the cached connection on tuple changes
  * [UBUNTU 20.04] Include patches to avoid self-detected stall with Secure
    Execution (LP: #1979296)
    - KVM: s390: pv: add macros for UVC CC values
    - KVM: s390: pv: avoid stalls when making pages secure
    - KVM: s390: pv: avoid stalls for kvm_s390_pv_init_vm
  * Focal update: v5.4.195 upstream stable release (LP: #1980407)
    - batman-adv: Don't skb_split skbuffs with frag_list
    - hwmon: (tmp401) Add OF device ID table
    - mac80211: Reset MBSSID parameters upon connection
    - net: Fix features skip in for_each_netdev_feature()
    - ipv4: drop dst in multicast routing path
    - drm/nouveau: Fix a potential theorical leak in nouveau_get_backlight_name()
    - netlink: do not reset transport header in netlink_recvmsg()
    - mac80211_hwsim: call ieee80211_tx_prepare_skb under RCU protection
    - dim: initialize all struct fields
    - hwmon: (ltq-cputemp) restrict it to SOC_XWAY
    - s390/ctcm: fix variable dereferenced before check
    - s390/ctcm: fix potential memory leak
    - s390/lcs: fix variable dereferenced before check
    - net/sched: act_pedit: really ensure the skb is writable
    - net/smc: non blocking recvmsg() return -EAGAIN when no data and
      signal_pending
    - net: sfc: ef10: fix memory leak in efx_ef10_mtd_probe()
    - gfs2: Fix filesystem block deallocation for short writes
    - hwmon: (f71882fg) Fix negative temperature
    - ASoC: max98090: Reject invalid values in custom control put()
    - ASoC: max98090: Generate notifications on changes for custom control
    - ASoC: ops: Validate input values in snd_soc_put_volsw_range()
    - s390: disable -Warray-bounds
    - net: emaclite: Don't advertise 1000BASE-T and do auto negotiation
    - tcp: resalt the secret every 10 seconds
    - tty: n_gsm: fix mux activation issues in gsm_config()
    - usb: cdc-wdm: fix reading stuck on device close
    - usb: typec: tcpci: Don't skip cleanup in .remove() on error
    - USB: serial: pl2303: add device id for HP LM930 Display
    - USB: serial: qcserial: add support for Sierra Wireless EM7590
    - USB: serial: option: add Fibocom L610 modem
    - USB: serial: option: add Fibocom MA510 modem
    - slimbus: qcom: Fix IRQ check in qcom_slim_probe
    - serial: 8250_mtk: Fix UART_EFR register address
    - serial: 8250_mtk: Fix register address for XON/XOFF character
    - drm/nouveau/tegra: Stop using iommu_present()
    - i40e: i40e_main: fix a missing check on list iterator
    - cgroup/cpuset: Remove cpus_allowed/mems_allowed setup in cpuset_init_smp()
    - drm/vmwgfx: Initialize drm_mode_fb_cmd2
    - MIPS: fix build with gcc-12
    - net: phy: Fix race condition on link status change
    - arm[64]/memremap: don't abuse pfn_valid() to ensure presence of linear map
    - ping: fix address binding wrt vrf
    - tty/serial: digicolor: fix possible null-ptr-deref in digicolor_uart_probe()
    - Linux 5.4.195
  * Focal update: v5.4.194 upstream stable release (LP: #1980399)
    - MIPS: Use address-of operator on section symbols
    - block: drbd: drbd_nl: Make conversion to 'enum drbd_ret_code' explicit
    - drm/amd/display/dc/gpio/gpio_service: Pass around correct dce_{version,
      environment} types
    - drm/i915: Cast remain to unsigned long in eb_relocate_vma
    - nfp: bpf: silence bitwise vs. logical OR warning
    - can: grcan: grcan_probe(): fix broken system id check for errata workaround
      needs
    - can: grcan: only use the NAPI poll budget for RX
    - arm: remove CONFIG_ARCH_HAS_HOLES_MEMORYMODEL
    - [Config] updateconfigs for ARCH_HAS_HOLES_MEMORYMODEL
    - KVM: x86/pmu: Refactoring find_arch_event() to pmc_perf_hw_id()
    - x86/asm: Allow to pass macros to __ASM_FORM()
    - x86: xen: kvm: Gather the definition of emulate prefixes
    - x86: xen: insn: Decode Xen and KVM emulate-prefix signature
    - x86: kprobes: Prohibit probing on instruction which has emulate prefix
    - KVM: x86/svm: Account for family 17h event renumberings in
      amd_pmc_perf_hw_id
    - Bluetooth: Fix the creation of hdev->name
    - mm: fix missing cache flush for all tail pages of compound page
    - mm: hugetlb: fix missing cache flush in copy_huge_page_from_user()
    - mm: userfaultfd: fix missing cache flush in mcopy_atomic_pte() and
      __mcopy_atomic()
    - Linux 5.4.194
  * Focal update: v5.4.193 upstream stable release (LP: #1979566)
    - MIPS: Fix CP0 counter erratum detection for R4k CPUs
    - parisc: Merge model and model name into one line in /proc/cpuinfo
    - ALSA: fireworks: fix wrong return count shorter than expected by 4 bytes
    - gpiolib: of: fix bounds check for 'gpio-reserved-ranges'
    - Revert "SUNRPC: attempt AF_LOCAL connect on setup"
    - firewire: fix potential uaf in outbound_phy_packet_callback()
    - firewire: remove check of list iterator against head past the loop body
    - firewire: core: extend card->lock in fw_core_handle_bus_reset
    - ACPICA: Always create namespace nodes using acpi_ns_create_node()
    - genirq: Synchronize interrupt thread startup
    - ASoC: da7219: Fix change notifications for tone generator frequency
    - ASoC: wm8958: Fix change notifications for DSP controls
    - ASoC: meson: Fix event generation for G12A tohdmi mux
    - s390/dasd: fix data corruption for ESE devices
    - s390/dasd: prevent double format of tracks for ESE devices
    - s390/dasd: Fix read for ESE with blksize < 4k
    - s390/dasd: Fix read inconsistency for ESE DASD devices
    - can: grcan: grcan_close(): fix deadlock
    - can: grcan: use ofdev->dev when allocating DMA memory
    - nfc: replace improper check device_is_registered() in netlink related
      functions
    - NFC: netlink: fix sleep in atomic bug when firmware download timeout
    - hwmon: (adt7470) Fix warning on module removal
    - ASoC: dmaengine: Restore NULL prepare_slave_config() callback
    - RDMA/siw: Fix a condition race issue in MPA request processing
    - net: ethernet: mediatek: add missing of_node_put() in mtk_sgmii_init()
    - net: stmmac: dwmac-sun8i: add missing of_node_put() in
      sun8i_dwmac_register_mdio_mux()
    - net: emaclite: Add error handling for of_address_to_resource()
    - selftests: mirror_gre_bridge_1q: Avoid changing PVID while interface is
      operational
    - bnxt_en: Fix possible bnxt_open() failure caused by wrong RFS flag
    - smsc911x: allow using IRQ0
    - btrfs: always log symlinks in full mode
    - net: igmp: respect RCU rules in ip_mc_source() and ip_mc_msfilter()
    - drm/amdkfd: Use drm_priv to pass VM from KFD to amdgpu
    - NFSv4: Don't invalidate inode attributes on delegation return
    - kvm: x86/cpuid: Only provide CPUID leaf 0xA if host has architectural PMU
    - x86/kvm: Preserve BSP MSR_KVM_POLL_CONTROL across suspend/resume
    - KVM: LAPIC: Enable timer posted-interrupt only when mwait/hlt is advertised
    - net: ipv6: ensure we call ipv6_mc_down() at most once
    - block-map: add __GFP_ZERO flag for alloc_page in function bio_copy_kern
    - mm: fix unexpected zeroed page mapping with zram swap
    - ALSA: pcm: Fix races among concurrent hw_params and hw_free calls
    - ALSA: pcm: Fix races among concurrent read/write and buffer changes
    - ALSA: pcm: Fix races among concurrent prepare and hw_params/hw_free calls
    - ALSA: pcm: Fix races among concurrent prealloc proc writes
    - ALSA: pcm: Fix potential AB/BA lock with buffer_mutex and mmap_lock
    - tcp: make sure treq->af_specific is initialized
    - dm: fix mempool NULL pointer race when completing IO
    - dm: interlock pending dm_io and dm_wait_for_bios_completion
    - PCI: aardvark: Clear all MSIs at setup
    - PCI: aardvark: Fix reading MSI interrupt number
    - mmc: rtsx: add 74 Clocks in power on flow
    - Linux 5.4.193
  * CVE-2022-1679
    - SAUCE: ath9k: fix use-after-free in ath9k_hif_usb_rx_cb
  * CVE-2022-28893
    - SUNRPC: Ensure we flush any closed sockets before xs_xprt_free()
    - SUNRPC: Don't leak sockets in xs_local_connect()
  * CVE-2022-1734
    - nfc: nfcmrvl: main: reorder destructive operations in
      nfcmrvl_nci_unregister_dev to avoid bugs
  * CVE-2022-1652
    - floppy: use a statically allocated error counter

-- Thadeu Lima de Souza Cascardo <cascardo@canonical.com>  Mon, 08 Aug 2022 03:41:31 -0300

Changed in linux-oracle (Ubuntu Focal):
status:	Fix Committed → Fix Released

Ubuntu
linux-oracle package

ARM64_SW_TTBR0_PAN Should Be Enabled For Oracle Kernels

Bug Description

CVE References

Duplicates of this bug

Other bug subscribers

Remote bug watches

	Status	Importance	Assigned to
ubuntu-kernel-tests	Fix Released	Undecided	Unassigned
linux-oracle (Ubuntu)	Fix Released	Medium	Joseph Salisbury
Focal	Fix Released	Medium	Joseph Salisbury
Impish	Invalid	Medium	Joseph Salisbury

Ubuntulinux-oracle package

ARM64_SW_TTBR0_PAN Should Be Enabled For Oracle Kernels

Bug Description

CVE References

Duplicates of this bug

Other bug subscribers

Remote bug watches

Ubuntu
linux-oracle package