Ubuntu
linux package

CONFIG_DEFAULT_MMAP_MIN_ADDR needs to match on armhf and arm64 otherwise arm64 cannot run armhf binaries

Bug #1418140 reported by Andy Whitcroft
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
linux (Ubuntu)
Fix Released
Medium
Andy Whitcroft
Trusty
Fix Released
Medium
Andy Whitcroft
Utopic
Fix Released
Medium
Andy Whitcroft
Vivid
Fix Released
Medium
Andy Whitcroft

Bug Description

Attempting to run 32bit binaries on arm64 triggers applications to be Killed, as the CONFIG_DEFAULT_MMAP_MIN_ADDR used on armhf is not valid on arm64. While this can be overriden via sysctl, the default should be sane.

See original description

CVE References

Andy Whitcroft (apw)
Changed in linux (Ubuntu):
status: New → Confirmed
importance: Undecided → High
importance: High → Medium
assignee: nobody → Andy Whitcroft (apw)
milestone: none → ubuntu-15.02
Changed in linux (Ubuntu Trusty):
status: New → Confirmed
Changed in linux (Ubuntu Utopic):
status: New → Confirmed
Changed in linux (Ubuntu Trusty):
importance: Undecided → Medium
Changed in linux (Ubuntu Utopic):
importance: Undecided → Medium
Changed in linux (Ubuntu Trusty):
assignee: nobody → Andy Whitcroft (apw)
Changed in linux (Ubuntu Utopic):
assignee: nobody → Andy Whitcroft (apw)
description: updated
Andy Whitcroft (apw)
Changed in linux (Ubuntu):
milestone: ubuntu-15.02 → ubuntu-15.03
Andy Whitcroft (apw)
description: updated
Andy Whitcroft (apw)
Changed in linux (Ubuntu):
status: Confirmed → In Progress
Changed in linux (Ubuntu Trusty):
status: Confirmed → In Progress
Changed in linux (Ubuntu Utopic):
status: Confirmed → In Progress
Brad Figg (brad-figg)
Changed in linux (Ubuntu Trusty):
status: In Progress → Fix Committed
Changed in linux (Ubuntu Utopic):
status: In Progress → Fix Committed
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package linux - 3.19.0-11.11

---------------
linux (3.19.0-11.11) vivid; urgency=low

  [ Andy Whitcroft ]

  * [Config] add nvme to linux-virtual as this is now used in GCE to expose
    disks
    - LP: #1415580
  * [Packaging] module-inclusion -- commonise copy code and simplify
  * [Packaging] module-inclusion -- add manual command entries
  * [Packaging] module blacklists -- add support for manual blacklists
  * [Config] re-enable OSS support and blacklist
    - LP: #1434842
  * [Config] exclude oss modules from linux-image
    - LP: #1434842
  * [Config] CONFIG_DEFAULT_MMAP_MIN_ADDR needs to match on armhf and arm64
    - LP: #1418140
  * rebase to v3.19.3

  [ Leann Ogasawara ]

  * Release Tracking Bug
    - LP: #1438852

  [ Paolo Pisati ]

  * [Config] armhf: JUMP_LABEL=y
  * [Config] armhf: ARM_KERNMEM_PERMS=y && DEBUG_RODATA=y

  [ Upstream Kernel Changes ]

  * powercap / RAPL: handle domains with different energy units
  * x86/platform, acpi: Bypass legacy PIC and PIT in ACPI hardware reduced
    mode
  * cpuidle: powernv: Read target_residency value of idle states from DT if
    available
    - LP: #1435951
  * cpuidle: powernv: Avoid endianness conversions while parsing DT
    - LP: #1435951
  * tick/broadcast-hrtimer : Fix suspicious RCU usage in idle loop
    - LP: #1435951
  * tick/hotplug: Handover time related duties before cpu offline
    - LP: #1435951
  * Input: synaptics - split synaptics_resolution(), query first
    - LP: #1414930
  * Input: synaptics - log queried and quirked dimension values
    - LP: #1414930
  * Input: synaptics - query min dimensions for fw v8.1
    - LP: #1414930
  * Input: synaptics - remove obsolete min/max quirk for X240
    - LP: #1414930
  * Input: synaptics - support min/max board id in min_max_pnpid_table
    - LP: #1414930
  * Input: synaptics - skip quirks when post-2013 dimensions
    - LP: #1414930
  * Input: synaptics - fix middle button on Lenovo 2015 products
    - LP: #1414930
  * Input: synaptics - handle spurious release of trackstick buttons
    - LP: #1414930
  * Input: synaptics - do not retrieve the board id on old firmwares
    - LP: #1414930
  * Input: synaptics - retrieve the extended capabilities in query $10
    - LP: #1414930
  * Input: synaptics - remove TOPBUTTONPAD property for Lenovos 2015
    - LP: #1414930
  * Input: synaptics - re-route tracksticks buttons on the Lenovo 2015
    series
    - LP: #1414930
  * Input: synaptics - remove X1 Carbon 3rd gen from the topbuttonpad list
    - LP: #1414930
  * Input: synaptics - remove X250 from the topbuttonpad list
    - LP: #1414930
  * ARM: 8311/1: Don't use is_module_addr in setting page attributes
  * kernel/module.c: Update debug alignment after symtable generation
  * arm64: Don't use is_module_addr in setting page attributes
  * rebase to v3.19.3
 -- Leann Ogasawara <email address hidden> Tue, 31 Mar 2015 11:48:41 -0700

Changed in linux (Ubuntu):
status: In Progress → Fix Released
Revision history for this message
Brad Figg (brad-figg) wrote :

This bug is awaiting verification that the kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-trusty' to 'verification-done-trusty'.

If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you!

tags: added: verification-needed-trusty
tags: added: verification-needed-utopic
Revision history for this message
Brad Figg (brad-figg) wrote :

This bug is awaiting verification that the kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-utopic' to 'verification-done-utopic'.

If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you!

Revision history for this message
Luis Henriques (henrix) wrote :

I've verified that the config files used to build the Utopic and Trusty kernels currently in proposed (3.16.0-36.48 and 3.13.0-51.84) contain CONFIG_DEFAULT_MMAP_MIN_ADDR set to 32768. I'm thus tagging this bug as verified.

tags: added: verification-done-trusty verification-done-utopic
removed: verification-needed-trusty verification-needed-utopic
Revision history for this message
Launchpad Janitor (janitor) wrote :
Download full text (15.5 KiB)

This bug was fixed in the package linux - 3.16.0-36.48

---------------
linux (3.16.0-36.48) utopic; urgency=low

  [ Luis Henriques ]

  * Release Tracking Bug
    - LP: #1443946
  * Merged back Ubuntu-3.16.0-34.47 security release

linux (3.16.0-35.46) utopic; urgency=low

  [ Brad Figg ]

  * Release Tracking Bug
    - LP: #1442324

  [ Andy Whitcroft ]

  * [Config] CONFIG_DEFAULT_MMAP_MIN_ADDR needs to match on armhf and arm64
    - LP: #1418140

  [ Chris J Arges ]

  * [Config] CONFIG_PCIEASPM_DEBUG=y
    - LP: #1398544

  [ dann frazier ]

  * [Config] CONFIG_RTC_DRV_EFI=y on arm64
    - LP: #1441291

  [ Upstream Kernel Changes ]

  * Revert "USB: serial: make bulk_out_size a lower limit"
    - LP: #1441317
  * Revert "i2c: core: Dispose OF IRQ mapping at client removal time"
    - LP: #1441317
  * Revert "net: cx82310_eth: use common match macro"
    - LP: #1441317
  * KEYS: request_key() should reget expired keys rather than give
    EKEYEXPIRED
    - LP: #1124250
  * drm/i915/bdw: 3D_CHICKEN3 has write mask bits
    - LP: #1374389
  * drm/i915: call lpt_init_clock_gating on BDW too
    - LP: #1374389
  * drm/i915/bdw: Apply workarounds in render ring init function
    - LP: #1374389
  * drm/i915/bdw: Cleanup pre prod workarounds
    - LP: #1374389
  * drm/i915: Refactor Broadwell PIPE_CONTROL emission into a helper.
    - LP: #1374389
  * drm/i915: Add the WaCsStallBeforeStateCacheInvalidate:bdw workaround.
    - LP: #1374389
  * drm/i915/bdw: Remove BDW preproduction W/As until C stepping.
    - LP: #1374389
  * drm/i915: Rework GPU reset sequence to match driver load & thaw
    - LP: #1384469
  * drm/ast: switch to using CACHED by default for sysram
    - LP: #1420627
  * drm/ast: Add missing entry to dclk_table[]
    - LP: #1420627
  * drm/ast: Add reduced blanking modes for wide screen mode
    - LP: #1420627
  * drm/ast: Try to use MMIO registers when PIO isn't supported
    - LP: #1420627
  * drm/ast: POST chip at probe time if VGA not enabled
    - LP: #1420627
  * drm/ast: Properly initialize P2A base before using it in
    ast_init_3rdtx()
    - LP: #1420627
  * drm/ast: Don't assume DVO enabled means SIL164 on uninitialized chips
    - LP: #1420627
  * drm/ast: Cleanup analog init code path
    - LP: #1420627
  * audit: correctly record file names with different path name types
    - LP: #1439441
  * of: Create of_console_check() for selecting a console specified in
    /chosen
    - LP: #1438585
  * of: Enable console on serial ports specified by /chosen/stdout-path
    - LP: #1438585
  * of: correct of_console_check()'s return value
    - LP: #1438585
  * of: Add bindings for chosen node, stdout-path
    - LP: #1438585
  * of: add optional options parameter to of_find_node_by_path()
    - LP: #1438585
  * of: support passing console options with stdout-path
    - LP: #1438585
  * netfilter: nf_tables: disable preemption when restoring chain counters
    - LP: #1441317
  * netfilter: nf_tables: fix leaks in error path of nf_tables_newchain()
    - LP: #1441317
  * ipvs: rerouting to local clients is not needed anymore
    - LP: #1441317
  * netfilter: nft_compat: fix module refcount underflow
    - LP: #1441317
  * netf...

Changed in linux (Ubuntu Utopic):
status: Fix Committed → Fix Released
Revision history for this message
Launchpad Janitor (janitor) wrote :
Download full text (13.4 KiB)

This bug was fixed in the package linux - 3.13.0-51.84

---------------
linux (3.13.0-51.84) trusty; urgency=low

  [ Luis Henriques ]

  * Release Tracking Bug
    - LP: #1444141
  * Merged back Ubuntu-3.13.0-49.83 security release

linux (3.13.0-50.82) trusty; urgency=low

  [ Brad Figg ]

  * Release Tracking Bug
    - LP: #1442285

  [ Andy Whitcroft ]

  * [Config] CONFIG_DEFAULT_MMAP_MIN_ADDR needs to match on armhf and arm64
    - LP: #1418140

  [ Chris J Arges ]

  * [Config] CONFIG_PCIEASPM_DEBUG=y
    - LP: #1398544

  [ Upstream Kernel Changes ]

  * KEYS: request_key() should reget expired keys rather than give
    EKEYEXPIRED
    - LP: #1124250
  * audit: correctly record file names with different path name types
    - LP: #1439441
  * KVM: x86: Check for nested events if there is an injectable interrupt
    - LP: #1413540
  * be2iscsi: fix memory leak in error path
    - LP: #1440156
  * block: remove old blk_iopoll_enabled variable
    - LP: #1440156
  * be2iscsi: Fix handling timed out MBX completion from FW
    - LP: #1440156
  * be2iscsi: Fix doorbell format for EQ/CQ/RQ s per SLI spec.
    - LP: #1440156
  * be2iscsi: Fix the session cleanup when reboot/shutdown happens
    - LP: #1440156
  * be2iscsi: Fix scsi_cmnd leakage in driver.
    - LP: #1440156
  * be2iscsi : Fix DMA Out of SW-IOMMU space error
    - LP: #1440156
  * be2iscsi: Fix retrieving MCCQ_WRB in non-embedded Mbox path
    - LP: #1440156
  * be2iscsi: Fix exposing Host in sysfs after adapter initialization is
    complete
    - LP: #1440156
  * be2iscsi: Fix interrupt Coalescing mechanism.
    - LP: #1440156
  * be2iscsi: Fix TCP parameters while connection offloading.
    - LP: #1440156
  * be2iscsi: Fix memory corruption in MBX path
    - LP: #1440156
  * be2iscsi: Fix destroy MCC-CQ before MCC-EQ is destroyed
    - LP: #1440156
  * be2iscsi: add an missing goto in error path
    - LP: #1440156
  * be2iscsi: remove potential junk pointer free
    - LP: #1440156
  * be2iscsi: Fix memory leak in mgmt_set_ip()
    - LP: #1440156
  * be2iscsi: Fix the sparse warning introduced in previous submission
    - LP: #1440156
  * be2iscsi: Fix updating the boot enteries in sysfs
    - LP: #1440156
  * be2iscsi: Fix processing CQE before connection resources are freed
    - LP: #1440156
  * be2iscsi : Fix kernel panic during reboot/shutdown
    - LP: #1440156
  * fixed invalid assignment of 64bit mask to host dma_boundary for scatter
    gather segment boundary limit.
    - LP: #1440156
  * quota: Store maximum space limit in bytes
    - LP: #1441284
  * ip: zero sockaddr returned on error queue
    - LP: #1441284
  * net: rps: fix cpu unplug
    - LP: #1441284
  * ipv6: stop sending PTB packets for MTU < 1280
    - LP: #1441284
  * netxen: fix netxen_nic_poll() logic
    - LP: #1441284
  * udp_diag: Fix socket skipping within chain
    - LP: #1441284
  * ping: Fix race in free in receive path
    - LP: #1441284
  * bnx2x: fix napi poll return value for repoll
    - LP: #1441284
  * net: don't OOPS on socket aio
    - LP: #1441284
  * bridge: dont send notification when skb->len == 0 in rtnl_bridge_notify
    - LP: #1441284
  * ipv4: tcp: get rid of ugly unicast_sock
...

Changed in linux (Ubuntu Trusty):
status: Fix Committed → Fix Released
Andy Whitcroft (apw)
Changed in linux (Ubuntu Vivid):
status: New → Fix Released
importance: Undecided → Medium
assignee: nobody → Andy Whitcroft (apw)
Changed in linux (Ubuntu):
status: Fix Released → Fix Committed
milestone: ubuntu-15.03 → none
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package linux - 4.0.0-4.6

---------------
linux (4.0.0-4.6) wily; urgency=low

  [ Andy Whitcroft ]

  * Release Tracking Bug
    - LP: #1470233
  * rebase to mainline v4.0.7

  [ Jay Vosburgh ]

  * SAUCE: fan: Proof of concept implementation (v2)
    - LP: #1439706
  * SAUCE: fan: tunnel multiple mapping mode (v3)
    - LP: #1470091

  [ Upstream Kernel Changes ]

  * rebase to v4.0.7
    - LP: #1427680
    - LP: #1462614

 -- Andy Whitcroft <email address hidden> Tue, 30 Jun 2015 16:55:32 +0100

Changed in linux (Ubuntu):
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.