Something in the Kernel crashes when I try to mount via NFS

Bug #1508510 reported by Paul Weber on 2015-10-21
64
This bug affects 10 people
Affects Status Importance Assigned to Milestone
linux (Ubuntu)
High
Unassigned
Precise
Undecided
Luis Henriques
Trusty
Undecided
Luis Henriques
linux-lts-utopic (Ubuntu)
Undecided
Unassigned
Precise
Undecided
Unassigned
Trusty
Undecided
Luis Henriques

Bug Description

I have a vagrant virtual machine that mounts a directory on my computer via NFS, this does not work and the reason seems to be this. My System is using SMP, reverting to the kernel before solves the problem.

Broken: Linux paul-ThinkPad-T430s 3.13.0-66-generic
Working: Broken: Linux paul-ThinkPad-T430s 3.13.0-65-generic

BUG: unable to handle kernel NULL pointer dereference at 0000000000000008
[ 84.360198] IP: [<ffffffff8161d84d>] skb_copy_and_csum_datagram_iovec+0x2d/0x110
[ 84.360224] PGD 0
[ 84.360232] Oops: 0000 [#1] SMP
[ 84.360246] Modules linked in: ctr ccm pci_stub vboxpci(OX) vboxnetadp(OX) vboxnetflt(OX) vboxdrv(OX) vmw_vsock_vmci_transport vsock vmw_vmci rfcomm bnep arc4 iwldvm mac80211 hid_generic usbhid hid snd_hda_codec_hdmi snd_hda_codec_realtek iwlwifi cfg80211 binfmt_misc nfsd auth_rpcgss nfs_acl nfs lockd sunrpc fscache nls_iso8859_1 uvcvideo videobuf2_vmalloc videobuf2_memops videobuf2_core videodev cdc_mbim cdc_ncm usbnet mii cdc_wdm cdc_acm btusb bluetooth intel_rapl x86_pkg_temp_thermal intel_powerclamp coretemp kvm_intel kvm crct10dif_pclmul crc32_pclmul ghash_clmulni_intel aesni_intel aes_x86_64 lrw gf128mul glue_helper ablk_helper cryptd joydev serio_raw snd_hda_intel snd_hda_codec snd_hwdep thinkpad_acpi nvram snd_pcm snd_seq_midi lpc_ich snd_seq_midi_event snd_rawmidi shpchp snd_page_alloc mei_me mei i915 snd_seq drm_kms_helper drm i2c_algo_bit parport_pc wmi snd_seq_device snd_timer ppdev snd soundcore lp mac_hid parport video mmc_block psmouse e1000e ahci sdhci_pci libahci ptp sdhci pps_core
[ 84.360613] CPU: 2 PID: 1507 Comm: nfsd Tainted: G OX 3.13.0-66-generic #108-Ubuntu
[ 84.360643] Hardware name: LENOVO 2355CTO/2355CTO, BIOS G7ET95WW (2.55 ) 07/10/2013
[ 84.360673] task: ffff880036929800 ti: ffff880036b7a000 task.ti: ffff880036b7a000
[ 84.360696] RIP: 0010:[<ffffffff8161d84d>] [<ffffffff8161d84d>] skb_copy_and_csum_datagram_iovec+0x2d/0x110
[ 84.360728] RSP: 0018:ffff880036b7bbc0 EFLAGS: 00010216
[ 84.360743] RAX: 0000000000000000 RBX: ffff880035910700 RCX: 0000000000000000
[ 84.360762] RDX: 0000000000000000 RSI: 0000000000000030 RDI: ffff88038e23ab00
[ 84.360781] RBP: ffff880036b7bbf8 R08: 0000000000000000 R09: 0000000062e59d1a
[ 84.360800] R10: 0000000000000000 R11: 0000000000000004 R12: 0000000000000008
[ 84.360819] R13: ffff88038e23ab00 R14: 0000000000000028 R15: ffff88038e23ab00
[ 84.360838] FS: 0000000000000000(0000) GS:ffff88043e280000(0000) knlGS:0000000000000000
[ 84.360859] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 84.360874] CR2: 0000000000000008 CR3: 0000000425ea0000 CR4: 00000000001427e0
[ 84.360893] Stack:
[ 84.360900] ffffffff81616f66 ffffffff81616fb0 ffff880035910700 ffff880036b7bdf8
[ 84.360924] 0000000000000000 0000000000000028 ffff88038e23ab00 ffff880036b7bc60
[ 84.360948] ffffffff8168b2ec ffff880426f8c028 ffff880035910770 0000000200000000
[ 84.360972] Call Trace:
[ 84.360984] [<ffffffff81616f66>] ? skb_checksum+0x26/0x30
[ 84.361005] [<ffffffff81616fb0>] ? skb_push+0x40/0x40
[ 84.361025] [<ffffffff8168b2ec>] udp_recvmsg+0x1dc/0x380
[ 84.361046] [<ffffffff8169650c>] inet_recvmsg+0x6c/0x80
[ 84.361065] [<ffffffff8160f0aa>] sock_recvmsg+0x9a/0xd0
[ 84.361087] [<ffffffff8107576a>] ? del_timer_sync+0x4a/0x60
[ 84.361106] [<ffffffff8172762d>] ? schedule_timeout+0x17d/0x2d0
[ 84.361126] [<ffffffff8160f11a>] kernel_recvmsg+0x3a/0x50
[ 84.361164] [<ffffffffa05b5d29>] svc_udp_recvfrom+0x89/0x440 [sunrpc]
[ 84.361185] [<ffffffff8172c01b>] ? _raw_spin_unlock_bh+0x1b/0x40
[ 84.361211] [<ffffffffa05c2cc8>] ? svc_get_next_xprt+0xd8/0x310 [sunrpc]
[ 84.361237] [<ffffffffa05c3450>] svc_recv+0x4a0/0x5c0 [sunrpc]
[ 84.361255] [<ffffffff810777ab>] ? recalc_sigpending+0x1b/0x50
[ 84.361276] [<ffffffffa063e70d>] nfsd+0xad/0x130 [nfsd]
[ 84.361295] [<ffffffffa063e660>] ? nfsd_destroy+0x80/0x80 [nfsd]
[ 84.361313] [<ffffffff8108b7d2>] kthread+0xd2/0xf0
[ 84.361328] [<ffffffff8108b700>] ? kthread_create_on_node+0x1c0/0x1c0
[ 84.361346] [<ffffffff81734ba8>] ret_from_fork+0x58/0x90
[ 84.361362] [<ffffffff8108b700>] ? kthread_create_on_node+0x1c0/0x1c0
[ 84.361383] Code: 44 00 00 55 31 c0 48 89 e5 41 57 41 56 41 55 49 89 fd 41 54 41 89 f4 53 48 83 ec 10 8b 77 68 41 89 f6 45 29 e6 0f 84 89 00 00 00 <48> 8b 42 08 48 89 d3 48 85 c0 75 14 0f 1f 80 00 00 00 00 48 83
[ 84.361514] RIP [<ffffffff8161d84d>] skb_copy_and_csum_datagram_iovec+0x2d/0x110
[ 84.361546] RSP <ffff880036b7bbc0>
[ 84.361557] CR2: 0000000000000008
[ 84.366322] ---[ end trace f8aceef52c8aecd1 ]---

ProblemType: Bug
DistroRelease: Ubuntu 14.04
Package: linux-image-3.13.0-66-generic 3.13.0-66.108
ProcVersionSignature: Ubuntu 3.13.0-66.108-generic 3.13.11-ckt27
Uname: Linux 3.13.0-66-generic x86_64
ApportVersion: 2.14.1-0ubuntu3.16
Architecture: amd64
AudioDevicesInUse:
 USER PID ACCESS COMMAND
 /dev/snd/controlC0: paul 2717 F.... pulseaudio
CurrentDesktop: GNOME
Date: Wed Oct 21 17:05:35 2015
HibernationDevice: RESUME=UUID=d00bf67f-487f-437c-9069-db3ff456958f
InstallationDate: Installed on 2013-10-05 (745 days ago)
InstallationMedia: Ubuntu 13.04 "Raring Ringtail" - Release amd64 (20130424)
MachineType: LENOVO 2355CTO
ProcFB: 0 inteldrmfb
ProcKernelCmdLine: BOOT_IMAGE=/boot/vmlinuz-3.13.0-66-generic.efi.signed root=UUID=67ae3efa-eae6-4b17-92a5-88c203446404 ro quiet splash vt.handoff=7
RelatedPackageVersions:
 linux-restricted-modules-3.13.0-66-generic N/A
 linux-backports-modules-3.13.0-66-generic N/A
 linux-firmware 1.127.15
SourcePackage: linux
UpgradeStatus: Upgraded to trusty on 2014-04-24 (544 days ago)
dmi.bios.date: 07/10/2013
dmi.bios.vendor: LENOVO
dmi.bios.version: G7ET95WW (2.55 )
dmi.board.asset.tag: Not Available
dmi.board.name: 2355CTO
dmi.board.vendor: LENOVO
dmi.board.version: 0B98401 Pro
dmi.chassis.asset.tag: No Asset Information
dmi.chassis.type: 10
dmi.chassis.vendor: LENOVO
dmi.chassis.version: Not Available
dmi.modalias: dmi:bvnLENOVO:bvrG7ET95WW(2.55):bd07/10/2013:svnLENOVO:pn2355CTO:pvrThinkPadT430s:rvnLENOVO:rn2355CTO:rvr0B98401Pro:cvnLENOVO:ct10:cvrNotAvailable:
dmi.product.name: 2355CTO
dmi.product.version: ThinkPad T430s
dmi.sys.vendor: LENOVO

CVE References

This change was made by a bot.

Changed in linux (Ubuntu):
status: New → Confirmed
Joseph Salisbury (jsalisbury) wrote :

Would it be possible for you to test the latest upstream stable kernel? Refer to https://wiki.ubuntu.com/KernelMainlineBuilds . Please test the latest v3.13 stable kernel[0].

If this bug is fixed in the mainline kernel, please add the following tag 'kernel-fixed-upstream'.

If the mainline kernel does not fix this bug, please add the tag: 'kernel-bug-exists-upstream'.

If you are unable to test the mainline kernel, for example it will not boot, please add the tag: 'kernel-unable-to-test-upstream'.
Once testing of the upstream kernel is complete, please mark this bug as "Confirmed".

Thanks in advance.

[0] http://kernel.ubuntu.com/~kernel-ppa/mainline/v3.13.11-ckt27-trusty/

Changed in linux (Ubuntu):
importance: Undecided → High
tags: added: kernel-da-key regression-update
Changed in linux (Ubuntu):
status: Confirmed → Incomplete

Will try.

Download full text (4.4 KiB)

Nope ... did not work

uname -a
Linux paul-ThinkPad-T430s 3.13.11-031311ckt27-generic #201509251131 SMP Fri Sep 25 15:34:16 UTC 2015 x86_64 x86_64 x86_64 GNU/Linux

[ 133.141688] BUG: unable to handle kernel NULL pointer dereference at 0000000000000008
[ 133.141734] IP: [<ffffffff8160f10d>] skb_copy_and_csum_datagram_iovec+0x2d/0x110
[ 133.141773] PGD 0
[ 133.141785] Oops: 0000 [#1] SMP
[ 133.141804] Modules linked in: ctr ccm pci_stub vboxpci(OF) vboxnetadp(OF) vboxnetflt(OF) vboxdrv(OF) vmw_vsock_vmci_transport vsock vmw_vmci rfcomm bnep snd_hda_codec_hdmi snd_hda_codec_realtek binfmt_misc nfsd auth_rpcgss nfs_acl nfs lockd sunrpc fscache nls_iso8859_1 arc4 iwldvm mac80211 hid_generic intel_rapl x86_pkg_temp_thermal intel_powerclamp coretemp kvm_intel kvm crct10dif_pclmul crc32_pclmul usbhid ghash_clmulni_intel aesni_intel hid cdc_mbim cdc_ncm btusb snd_hda_intel aes_x86_64 usbnet snd_hda_codec bluetooth lrw mii gf128mul uvcvideo videobuf2_vmalloc videobuf2_memops videobuf2_core videodev snd_hwdep glue_helper cdc_acm iwlwifi cdc_wdm ablk_helper thinkpad_acpi cryptd snd_pcm snd_page_alloc nvram cfg80211 snd_seq_midi snd_seq_midi_event snd_rawmidi snd_seq joydev i915 serio_raw shpchp snd_seq_device mei_me wmi snd_timer mei drm_kms_helper drm snd lpc_ich soundcore parport_pc ppdev i2c_algo_bit mac_hid video lp parport mmc_block psmouse ahci e1000e sdhci_pci libahci sdhci ptp pps_core
[ 133.142227] CPU: 3 PID: 1503 Comm: nfsd Tainted: GF O 3.13.11-031311ckt27-generic #201509251131
[ 133.142251] Hardware name: LENOVO 2355CTO/2355CTO, BIOS G7ET95WW (2.55 ) 07/10/2013
[ 133.142271] task: ffff8803f588c800 ti: ffff8803f4c4a000 task.ti: ffff8803f4c4a000
[ 133.142291] RIP: 0010:[<ffffffff8160f10d>] [<ffffffff8160f10d>] skb_copy_and_csum_datagram_iovec+0x2d/0x110
[ 133.142318] RSP: 0018:ffff8803f4c4bbc0 EFLAGS: 00010216
[ 133.142332] RAX: 0000000000000000 RBX: ffff880425cf0380 RCX: 0000000000000000
[ 133.142350] RDX: 0000000000000000 RSI: 0000000000000030 RDI: ffff8803756e7100
[ 133.142369] RBP: ffff8803f4c4bbf8 R08: 0000000000000000 R09: 000000005fe5a01a
[ 133.142388] R10: 0000000000000000 R11: 0000000000000005 R12: 0000000000000008
[ 133.142406] R13: ffff8803756e7100 R14: 0000000000000028 R15: ffff8803756e7100
[ 133.142425] FS: 0000000000000000(0000) GS:ffff88043e2c0000(0000) knlGS:0000000000000000
[ 133.142445] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 133.142460] CR2: 0000000000000008 CR3: 0000000002c0e000 CR4: 00000000001427e0
[ 133.142479] Stack:
[ 133.142486] ffffffff81608836 ffffffff81608880 ffff880425cf0380 ffff8803f4c4bdf8
[ 133.142509] 0000000000000000 0000000000000028 ffff8803756e7100 ffff8803f4c4bc60
[ 133.142532] ffffffff8167c6dc ffff880426ff8028 ffff880425cf03f0 0000000200000000
[ 133.142555] Call Trace:
[ 133.142564] [<ffffffff81608836>] ? skb_checksum+0x26/0x30
[ 133.142580] [<ffffffff81608880>] ? skb_push+0x40/0x40
[ 133.142596] [<ffffffff8167c6dc>] udp_recvmsg+0x1dc/0x380
[ 133.142612] [<ffffffff816875cc>] inet_recvmsg+0x6c/0x80
[ 133.142628] [<ffffffff8160096a>] sock_recvmsg+0x9a/0xd0
[ 133.142644] [<ffffffff8107414a>] ? del_timer_sync+0x4a/0x60
[ 133.142661] [<fffffff...

Read more...

tags: added: kernel-bug-exists-upstream
Changed in linux (Ubuntu):
status: Incomplete → Confirmed
Andreas Bouché (a-bouche) wrote :

I can confirm this. The same behaviour occurs with the latest utopic-kernel (3.16.0-51). Going back to 3.16.0-50 solves the problem.
This happens only when using nfs v3 over UDP like so:

mount -o 'vers=3,udp' 192.168.56.1:'/home/andreas/somefolder' /mnt/nfs-somefolder

Using NFS v4 and/or TCP works without problem. For vagrant, you can use nfs_udp: false as a workaround, as I described here:
https://github.com/mitchellh/vagrant/issues/6423

Luis Henriques (henrix) wrote :

We do suspect of a backport of upstream commit 89c22d8c3b27 ("net: Fix skb csum races when peeking") (which is 2dde51aa5339 in the trusty git tree). I've built a test kernel with this commit reverted on top of 3.13.0-66.108 and uploaded it here:

http://people.canonical.com/~henrix/LP1508510/v1/amd64/

Could you please verify if this solves the issue? Thanks.

Andreas Bouché (a-bouche) wrote :

Yes, this patch solves the issue for me. Mount command works as expected and kernel-log stays quiet.

Thanks a lot for testing, Andreas. Regarding the utopic kernel
(3.16.0-51) issue you also refer, are you absolutely sure it's the
same problem? Can you please share the kernel log?

I'm assuming you're running trusty lts-utopic for this, so in the
morning I will try to reproduce it (I was able to reproduce it with
the 3.13).

marius888 (madawi) wrote :

I have kernel 3.16.0-51 and the issue is the same. Going back to 3.16.0-50 solves the problem.

Andreas Bouché (a-bouche) wrote :

Thanks @marius888.

Yes, behaviour and the log-messages were exactly the same under 3.16.0-51, as you can see in marius' stacktrace.
We were both facing this using vagrant-built virtualbox-machines with NFS-shares on Lenovo Thinkpads W520/30.

I will try to reproduce it also on lts-vivid shortly.

Luis Henriques (henrix) wrote :

Thank you. Andreas, I believe vivid is not impacted by this bug. Looks like the issue has been reported to the stable mailing-list:

http://thread.gmane.org/gmane.linux.kernel.stable/153526

Thank you all for reporting and testing.

Changed in linux (Ubuntu Trusty):
status: New → Triaged
Changed in linux (Ubuntu Precise):
status: New → Triaged
assignee: nobody → Luis Henriques (henrix)
Changed in linux (Ubuntu Trusty):
assignee: nobody → Luis Henriques (henrix)
Changed in linux-lts-utopic (Ubuntu Precise):
status: New → Invalid
Changed in linux-lts-utopic (Ubuntu Trusty):
status: New → Triaged
assignee: nobody → Luis Henriques (henrix)
Changed in linux-lts-utopic (Ubuntu):
status: New → Invalid
Changed in linux (Ubuntu):
status: Confirmed → Invalid
Andreas Bouché (a-bouche) wrote :

You are right, no problems, neither with 3.19.0-31 nor with 3.19.0-30.

Luis Henriques (henrix) on 2015-10-23
Changed in linux (Ubuntu Trusty):
status: Triaged → Fix Committed
Luis Henriques (henrix) on 2015-10-23
Changed in linux (Ubuntu Precise):
status: Triaged → Fix Committed
Luis Henriques (henrix) on 2015-10-23
Changed in linux-lts-utopic (Ubuntu Trusty):
status: Triaged → Fix Committed
Brad Figg (brad-figg) wrote :

This bug is awaiting verification that the kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-precise' to 'verification-done-precise'.

If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you!

tags: added: verification-needed-precise
tags: added: verification-needed-trusty
Brad Figg (brad-figg) wrote :

This bug is awaiting verification that the kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-trusty' to 'verification-done-trusty'.

If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you!

Nick Sillito (nick-sillitos) wrote :

Based on the duplicate bug that I raised, 1509666, I can confirm that with kernel 3.13.0-67-generic loaded, the bug I saw (relating to mounting in OSX) is solved.
I have added the verification-done-trusty tag.

tags: added: verification-done-trusty
removed: verification-needed-trusty
Andreas Bouché (a-bouche) wrote :

I can confirm that, too. No issue with kernel 3.13.0-67 from trusty-proposed.

Luis Henriques (henrix) wrote :

I can also confirm that all the kernels have this bug fixed (precise 3.2.0-93.133, trusty 3.13.0-67.110 and lts-utopic 3.16.0-52.71~14.04.1).

tags: added: verification-done-precise verification-done-utopic
removed: verification-needed-precise
Launchpad Janitor (janitor) wrote :
Download full text (8.3 KiB)

This bug was fixed in the package linux - 3.2.0-93.133

---------------
linux (3.2.0-93.133) precise; urgency=low

  [ Luis Henriques ]

  * Release Tracking Bug
    - LP: #1509350

  [ Upstream Kernel Changes ]

  * Revert "net: Fix skb csum races when peeking"
    - LP: #1508510

linux (3.2.0-93.132) precise; urgency=low

  [ Brad Figg ]

  * Release Tracking Bug
    - LP: #1508939

  [ Upstream Kernel Changes ]

  * Revert "sctp: Fix race between OOTB responce and route removal"
    - LP: #1507665
  * USB: whiteheat: fix potential null-deref at probe
    - LP: #1478826
    - CVE-2015-5257
  * dcache: Handle escaped paths in prepend_path
    - LP: #1441108
    - CVE-2015-2925
  * vfs: Test for and handle paths that are unreachable from their mnt_root
    - LP: #1441108
    - CVE-2015-2925
  * ipv6: Fix build failure when CONFIG_INET disabled
    - LP: #1507665
  * pktgen: Require CONFIG_INET due to use of IPv4 checksum function
    - LP: #1507665
  * xen/gntdev: convert priv->lock to a mutex
    - LP: #1507665
  * xen/gntdevt: Fix race condition in gntdev_release()
    - LP: #1507665
  * crypto: ixp4xx - Remove bogus BUG_ON on scattered dst buffer
    - LP: #1507665
  * USB: sierra: add 1199:68AB device ID
    - LP: #1507665
  * target/iscsi: Fix double free of a TUR followed by a solicited NOPOUT
    - LP: #1507665
  * md/raid1: extend spinlock to protect raid1_end_read_request against
    inconsistencies
    - LP: #1507665
  * target: REPORT LUNS should return LUN 0 even for dynamic ACLs
    - LP: #1507665
  * MIPS: Fix sched_getaffinity with MT FPAFF enabled
    - LP: #1507665
  * xhci: fix off by one error in TRB DMA address boundary check
    - LP: #1507665
  * rds: fix an integer overflow test in rds_info_getsockopt()
    - LP: #1507665
  * perf: Fix fasync handling on inherited events
    - LP: #1507665
  * MIPS: Make set_pte() SMP safe.
    - LP: #1507665
  * ocfs2: fix BUG in ocfs2_downconvert_thread_do_work()
    - LP: #1507665
  * net: Clone skb before setting peeked flag
    - LP: #1507665
  * net: Fix skb_set_peeked use-after-free bug
    - LP: #1507665
  * x86/ldt: Make modify_ldt synchronous
    - LP: #1507665
  * x86/ldt: Correct LDT access in single stepping logic
    - LP: #1507665
  * x86/ldt: Correct FPU emulation access to LDT
    - LP: #1507665
  * localmodconfig: Use Kbuild files too
    - LP: #1507665
  * dm btree: add ref counting ops for the leaves of top level btrees
    - LP: #1507665
  * libiscsi: Fix host busy blocking during connection teardown
    - LP: #1507665
  * libfc: Fix fc_fcp_cleanup_each_cmd()
    - LP: #1507665
  * ipc,sem: fix use after free on IPC_RMID after a task using same
    semaphore set exits
    - LP: #1507665
  * x86/ldt: Further fix FPU emulation
    - LP: #1507665
  * net: Fix RCU splat in af_key
    - LP: #1507665
  * sctp: donot reset the overall_error_count in SHUTDOWN_RECEIVE state
    - LP: #1507665
  * sparc64: Fix userspace FPU register corruptions.
    - LP: #1507665
  * rc-core: fix remove uevent generation
    - LP: #1507665
  * PCI: Fix TI816X class code quirk
    - LP: #1507665
  * mac80211: enable assoc check for mesh interfaces
    - LP: #1507665
  * PCI: Add dev_flags bit...

Read more...

Changed in linux (Ubuntu Precise):
status: Fix Committed → Fix Released
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package linux - 3.13.0-67.110

---------------
linux (3.13.0-67.110) trusty; urgency=low

  [ Luis Henriques ]

  * Release Tracking Bug
    - LP: #1509341

  [ Upstream Kernel Changes ]

  * Revert "net: Fix skb csum races when peeking"
    - LP: #1508510

linux (3.13.0-67.109) trusty; urgency=low

  [ Luis Henriques ]

  * Release Tracking Bug
    - LP: #1507963

  [ Tim Gardner ]

  * [Config] Add MMC modules sufficient for net booting
    - LP: #1502772

  [ Upstream Kernel Changes ]

  * USB: whiteheat: fix potential null-deref at probe
    - LP: #1478826
    - CVE-2015-5257
  * dcache: Handle escaped paths in prepend_path
    - LP: #1441108
    - CVE-2015-2925
  * vfs: Test for and handle paths that are unreachable from their mnt_root
    - LP: #1441108
    - CVE-2015-2925

 -- Luis Henriques <email address hidden> Fri, 23 Oct 2015 11:53:53 +0100

Changed in linux (Ubuntu Trusty):
status: Fix Committed → Fix Released
Launchpad Janitor (janitor) wrote :
Download full text (11.0 KiB)

This bug was fixed in the package linux-lts-utopic - 3.16.0-52.71~14.04.1

---------------
linux-lts-utopic (3.16.0-52.71~14.04.1) trusty; urgency=low

  [ Luis Henriques ]

  * Release Tracking Bug
    - LP: #1509362

  [ Upstream Kernel Changes ]

  * Revert "net: Fix skb csum races when peeking"
    - LP: #1508510

linux-lts-utopic (3.16.0-52.70~14.04.1) trusty; urgency=low

  [ Luis Henriques ]

  * Release Tracking Bug
    - LP: #1508145
  * [Config] updateconfigs after 3.16.7-ckt18 stable update

  [ Tim Gardner ]

  * [Config] Add MMC modules sufficient for net booting
    - LP: #1502772

  [ Upstream Kernel Changes ]

  * USB: whiteheat: fix potential null-deref at probe
    - LP: #1478826
    - CVE-2015-5257
  * dcache: Handle escaped paths in prepend_path
    - LP: #1441108
    - CVE-2015-2925
  * vfs: Test for and handle paths that are unreachable from their mnt_root
    - LP: #1441108
    - CVE-2015-2925
  * hyperv: Add processing of MTU reduced by the host
    - LP: #1494431
  * hv_netvsc: Add support to set MTU reservation from guest side
    - LP: #1494431
  * hv_netvsc: Add close of RNDIS filter into change mtu call
    - LP: #1494431
  * ipv6: addrconf: validate new MTU before applying it
    - LP: #1508133
  * v4l: omap3isp: Fix sub-device power management code
    - LP: #1508133
  * rc-core: fix remove uevent generation
    - LP: #1508133
  * HID: cp2112: fix I2C_SMBUS_BYTE write
    - LP: #1508133
  * HID: cp2112: fix byte order in SMBUS operations
    - LP: #1508133
  * xtensa: fix threadptr reload on return to userspace
    - LP: #1508133
  * ARM: OMAP2+: DRA7: clockdomain: change l4per2_7xx_clkdm to SW_WKUP
    - LP: #1508133
  * mac80211: enable assoc check for mesh interfaces
    - LP: #1508133
  * PCI: Add dev_flags bit to access VPD through function 0
    - LP: #1508133
  * PCI: Add VPD function 0 quirk for Intel Ethernet devices
    - LP: #1508133
  * staging: comedi: usbduxsigma: don't clobber ai_timer in command test
    - LP: #1508133
  * staging: comedi: usbduxsigma: don't clobber ao_timer in command test
    - LP: #1508133
  * clk: exynos4: Fix wrong clock for Exynos4x12 ADC
    - LP: #1508133
  * usb: dwc3: ep0: Fix mem corruption on OUT transfers of more than 512
    bytes
    - LP: #1508133
  * Doc: ABI: testing: configfs-usb-gadget-loopback
    - LP: #1508133
  * Doc: ABI: testing: configfs-usb-gadget-sourcesink
    - LP: #1508133
  * serial: 8250_pci: Add support for Pericom PI7C9X795[1248]
    - LP: #1508133
  * KVM: MMU: fix validation of mmio page fault
    - LP: #1508133
  * auxdisplay: ks0108: fix refcount
    - LP: #1508133
  * devres: fix devres_get()
    - LP: #1508133
  * iio: adis16400: Fix adis16448 gyroscope scale
    - LP: #1508133
  * iio: Add inverse unit conversion macros
    - LP: #1508133
  * iio: adis16480: Fix scale factors
    - LP: #1508133
  * ideapad-laptop: Add Lenovo Yoga 3 14 to no_hw_rfkill dmi list
    - LP: #1508133
  * ASoC: rt5640: fix line out no sound issue
    - LP: #1508133
  * iio: industrialio-buffer: Fix iio_buffer_poll return value
    - LP: #1508133
  * iio: event: Remove negative error code from iio_event_poll
    - LP: #1508133
  * NFSv4: don't set SETATTR for O_...

Changed in linux-lts-utopic (Ubuntu Trusty):
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers