Fix bugs under virtual scsi server driver for Power

Bug #1621088 reported by bugproxy on 2016-09-07
8
This bug affects 1 person
Affects Status Importance Assigned to Milestone
linux (Ubuntu)
High
Unassigned
Xenial
Undecided
Unassigned
Yakkety
High
Unassigned

Bug Description

== Comment: #0 - BRYANT G. LY <email address hidden> - 2016-09-06 12:16:14 ==
All three of these have been accepted into the 4.9/scsi-queue and scsi tree under misc

ibmvscsis: Properly deregister target sessions -
http://git.kernel.org/cgit/linux/kernel/git/jejb/scsi.git/commit/?id=712db3eb2c35e79986268bcd694ba8075445737d

ibmvscsis: Code cleanup of print statements -
http://git.kernel.org/cgit/linux/kernel/git/jejb/scsi.git/commit/?id=812902159d4174df9a82948c0445becb865dabec

ibmvscsis: Fixed a bug reported by Dan Carpenter -
http://git.kernel.org/cgit/linux/kernel/git/jejb/scsi.git/commit/?id=f6dbe38edf1ef4929847c90e244204ef4c6b3ce7

Still pending Review in target-devel mailing list:

target/user: Return TCMU-generated sense data to fabric module -
Is still under review under scsi and target-devel mailing list.
http://www.spinics.net/lists/target-devel/msg13449.html

TCM-User fixes and cleanups -
http://www.spinics.net/lists/target-devel/msg13444.html

CVE References

Default Comment by Bridge

tags: added: architecture-ppc64le bugnameltc-145913 severity-critical targetmilestone-inin1610
Changed in ubuntu:
assignee: nobody → Taco Screen team (taco-screen-team)
affects: ubuntu → linux (Ubuntu)
Changed in linux (Ubuntu):
assignee: Taco Screen team (taco-screen-team) → Canonical Kernel Team (canonical-kernel-team)
importance: Undecided → High
status: New → Triaged
Tim Gardner (timg-tpi) wrote :

These patches have already been released:

UBUNTU: SAUCE: Ibmvscsis: Fixed a bug reported by Dan Carpenter
UBUNTU: SAUCE: Ibmvscsis: Code cleanup of print statements
UBUNTU: SAUCE: Return TCMU-generated sense data to fabric module
UBUNTU: SAUCE: Ibmvscsis: Properly deregister target sessions

Changed in linux (Ubuntu Xenial):
status: New → Fix Released
Changed in linux (Ubuntu Yakkety):
assignee: Canonical Kernel Team (canonical-kernel-team) → nobody
status: Triaged → Fix Released

------- Comment From <email address hidden> 2016-10-13 10:53 EDT-------
I went ahead and added the attachments and the sign-offs/reviewed by for the remaining dependency.

Attachments included:
target/user: Use sense_reason_t in tcmu_queue_cmd_ring
target/user: Return an error if cmd data size is too large
target/user: Fix comments to not refer to data ring

TCM-User fixes and cleanups -
http://www.spinics.net/lists/target-devel/msg13444.html

------- Comment (attachment only) From <email address hidden> 2016-10-13 10:51 EDT-------

------- Comment (attachment only) From <email address hidden> 2016-10-13 10:51 EDT-------

------- Comment (attachment only) From <email address hidden> 2016-10-13 10:51 EDT-------

------- Comment From <email address hidden> 2016-10-13 11:34 EDT-------
Can all of these patches also be included in 4.8 kernel?

Tim Gardner (timg-tpi) wrote :

892b73dd23e0b5e4cc76c2dcd13ea5ae5caf6bec ('UBUNTU: SAUCE: Return TCMU-generated sense data to fabric module') was released in Ubuntu-4.8.0-7.8

The other 3 TCM patches are proposed on the list: https://lists.ubuntu.com/archives/kernel-team/2016-October/080358.html

Changed in linux (Ubuntu Yakkety):
status: Fix Released → In Progress
bugproxy (bugproxy) wrote :

------- Comment From <email address hidden> 2016-10-20 10:08 EDT-------
Update:

target/user: Use sense_reason_t in tcmu_queue_cmd_ring
target/user: Return an error if cmd data size is too large
target/user: Fix comments to not refer to data ring

All of theses have been accepted into target subsystem and applied into target-pending/master

https://kernel.googlesource.com/pub/scm/linux/kernel/git/nab/target-pending/

Tim Gardner (timg-tpi) on 2016-10-26
Changed in linux (Ubuntu Yakkety):
status: In Progress → Fix Committed
Luis Henriques (henrix) wrote :

This bug is awaiting verification that the kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-yakkety' to 'verification-done-yakkety'.

If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you!

tags: added: verification-needed-yakkety
bugproxy (bugproxy) wrote :

------- Comment From <email address hidden> 2016-11-29 14:40 EDT-------
I have updated to verification-done-yakkety

tags: added: verification-done-xenial verification-done-yakkety
removed: verification-needed-yakkety
bugproxy (bugproxy) wrote :

------- Comment From <email address hidden> 2016-11-29 16:31 EDT-------
Are these three patches also in Xenial?

[PATCH 1/3] UBUNTU: SAUCE: (noup) target/user: Use sense_reason_t in tcmu_queue_cmd_ring
[PATCH 2/3] UBUNTU: SAUCE: (noup) target/user: Return an error if cmd data size is too large
[PATCH 3/3] UBUNTU: SAUCE: (noup) target/user: Fix comments to not refer to data ring

Launchpad Janitor (janitor) wrote :
Download full text (26.6 KiB)

This bug was fixed in the package linux - 4.8.0-28.30

---------------
linux (4.8.0-28.30) yakkety; urgency=low

  [ Luis Henriques ]

  * Release Tracking Bug
    - LP: #1641083

  * lxc-attach to malicious container allows access to host (LP: #1639345)
    - Revert "UBUNTU: SAUCE: (noup) ptrace: being capable wrt a process requires
      mapped uids/gids"
    - (upstream) mm: Add a user_ns owner to mm_struct and fix ptrace permission
      checks

  * [Feature] AVX-512 new instruction sets (avx512_4vnniw, avx512_4fmaps)
    (LP: #1637526)
    - x86/cpufeature: Add AVX512_4VNNIW and AVX512_4FMAPS features

  * zfs: importing zpool with vdev on zvol hangs kernel (LP: #1636517)
    - SAUCE: (noup) Update zfs to 0.6.5.8-0ubuntu4.1

  * Move some device drivers build from kernel built-in to modules
    (LP: #1637303)
    - [Config] CONFIG_TIGON3=m for all arches
    - [Config] CONFIG_VIRTIO_BLK=m, CONFIG_VIRTIO_NET=m

  * I2C touchpad does not work on AMD platform (LP: #1612006)
    - pinctrl/amd: Configure GPIO register using BIOS settings

  * guest experiencing Transmit Timeouts on CX4 (LP: #1636330)
    - powerpc/64: Re-fix race condition between going idle and entering guest
    - powerpc/64: Fix race condition in setting lock bit in idle/wakeup code

  * QEMU throws failure msg while booting guest with SRIOV VF (LP: #1630554)
    - KVM: PPC: Always select KVM_VFIO, plus Makefile cleanup

  * [Feature] KBL - New device ID for Kabypoint(KbP) (LP: #1591618)
    - SAUCE: mfd: lpss: Fix Intel Kaby Lake PCH-H properties

  * hio: SSD data corruption under stress test (LP: #1638700)
    - SAUCE: hio: set bi_error field to signal an I/O error on a BIO
    - SAUCE: hio: splitting bio in the entry of .make_request_fn

  * cleanup primary tree for linux-hwe layering issues (LP: #1637473)
    - [Config] switch Vcs-Git: to yakkety repository
    - [Packaging] handle both linux-lts* and linux-hwe* as backports
    - [Config] linux-tools-common and linux-cloud-tools-common are one per series
    - [Config] linux-source-* is in the primary linux namespace
    - [Config] linux-tools -- always suggest the base package

  * SRU: sync zfsutils-linux and spl-linux changes to linux (LP: #1635656)
    - SAUCE: (noup) Update spl to 0.6.5.8-2, zfs to 0.6.5.8-0ubuntu4 (LP:
      #1635656)

  * [Feature] SKX: perf uncore PMU support (LP: #1591810)
    - perf/x86/intel/uncore: Add Skylake server uncore support
    - perf/x86/intel/uncore: Remove hard-coded implementation for Node ID mapping
      location
    - perf/x86/intel/uncore: Handle non-standard counter offset

  * [Feature] Purley: Memory Protection Keys (LP: #1591804)
    - x86/pkeys: Add fault handling for PF_PK page fault bit
    - mm: Implement new pkey_mprotect() system call
    - x86/pkeys: Make mprotect_key() mask off additional vm_flags
    - x86/pkeys: Allocation/free syscalls
    - x86: Wire up protection keys system calls
    - generic syscalls: Wire up memory protection keys syscalls
    - pkeys: Add details of system call use to Documentation/
    - x86/pkeys: Default to a restrictive init PKRU
    - x86/pkeys: Allow configuration of init_pkru
    - x86/pkeys: Add self-tests

  * kernel invalid ...

Changed in linux (Ubuntu Yakkety):
status: Fix Committed → Fix Released

The verification of the Stable Release Update for linux has completed successfully and the package has now been released to -updates. Subsequently, the Ubuntu Stable Release Updates Team is being unsubscribed and will not receive messages about this bug report. In the event that you encounter a regression using the package from -updates please report a new bug using ubuntu-bug and tag the bug report regression-update so we can easily find any regressions.

------- Comment From <email address hidden> 2016-11-30 10:06 EDT-------
Is it possible to add these into 4.4 kernel?

[PATCH 1/3] UBUNTU: SAUCE: (noup) target/user: Use sense_reason_t in tcmu_queue_cmd_ring
[PATCH 2/3] UBUNTU: SAUCE: (noup) target/user: Return an error if cmd data size is too large
[PATCH 3/3] UBUNTU: SAUCE: (noup) target/user: Fix comments to not refer to data ring

Tim Gardner (timg-tpi) wrote :

<email address hidden> - regarding comment #12. Those patches have not been applied. You should start a new bug to track that. Also, 'target/user: Return an error if cmd data size is too large' is going to need a backport, or at least a prerequisite patch.

Launchpad Janitor (janitor) wrote :

This bug was fixed in the package linux - 4.8.0-30.32

---------------
linux (4.8.0-30.32) yakkety; urgency=low

  * CVE-2016-8655 (LP: #1646318)
    - packet: fix race condition in packet_set_ring

 -- Brad Figg <email address hidden> Thu, 01 Dec 2016 08:02:53 -0800

Changed in linux (Ubuntu):
status: In Progress → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers