ghash-clmulni-intel module fails to load

Bug #1633058 reported by Marcelo Cerri on 2016-10-13
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
linux (Ubuntu)
Medium
Unassigned
Trusty
Medium
Marcelo Cerri
Xenial
Medium
Marcelo Cerri

Bug Description

The module ghash-clmulni-intel always fails to load with "Invalid argument":

$ sudo modprobe ghash-clmulni-intel
modprobe: ERROR: could not insert 'ghash_clmulni_intel': Invalid argument

That was caused by the commit 8996eafdc ("crypto: ahash - ensure statesize is non-zero"), that added a requirement that all ahash algorithms now need to implement import() and export() and define a non zero statesize.

The fix is composed by two commits:

3a020a7 crypto: ghash-clmulni - Fix load failure
1a07834 crypto: cryptd - Assign statesize properly

Xenial and Trusty are affected and Yakkety already included the solution above.

CVE References

Marcelo Cerri (mhcerri) on 2016-10-13
description: updated

This bug is missing log files that will aid in diagnosing the problem. From a terminal window please run:

apport-collect 1633058

and then change the status of the bug to 'Confirmed'.

If, due to the nature of the issue you have encountered, you are unable to run this command, please add a comment stating that fact and change the bug status to 'Confirmed'.

This change has been made by an automated script, maintained by the Ubuntu Kernel Team.

Changed in linux (Ubuntu):
status: New → Incomplete
Marcelo Cerri (mhcerri) on 2016-10-14
Changed in linux (Ubuntu):
status: Incomplete → Confirmed
Joseph Salisbury (jsalisbury) wrote :

Can you test the following two kernels? If 4.7 is good and 4.8-rc1 is bad, we can bisect between those two:

4.7 final: http://kernel.ubuntu.com/~kernel-ppa/mainline/v4.7/
4.8-rc1: http://kernel.ubuntu.com/~kernel-ppa/mainline/v4.8-rc1/

If both those kernels are good, we can test later 4.8 release candidates. If they are both bad, we can test some of the 4.7 release candidates.

Changed in linux (Ubuntu):
importance: Undecided → Medium
Changed in linux (Ubuntu Trusty):
importance: Undecided → Medium
Changed in linux (Ubuntu Xenial):
importance: Undecided → Medium
Changed in linux (Ubuntu Trusty):
status: New → Confirmed
Changed in linux (Ubuntu Xenial):
status: New → Confirmed
tags: added: kernel-da-key trusty xenial
Joseph Salisbury (jsalisbury) wrote :

Please ignore comment #2. Posted in the wrong bug report.

tags: added: performing-bisect
tags: removed: performing-bisect
Changed in linux (Ubuntu):
status: Confirmed → Triaged
Changed in linux (Ubuntu Trusty):
status: Confirmed → Triaged
Changed in linux (Ubuntu Xenial):
status: Confirmed → Triaged
Marcelo Cerri (mhcerri) on 2016-10-17
Changed in linux (Ubuntu):
status: Triaged → Confirmed
Tim Gardner (timg-tpi) wrote :
Changed in linux (Ubuntu Trusty):
assignee: nobody → Marcelo Cerri (mhcerri)
status: Triaged → In Progress
Changed in linux (Ubuntu Xenial):
assignee: nobody → Marcelo Cerri (mhcerri)
status: Triaged → In Progress
Luis Henriques (henrix) on 2016-11-09
Changed in linux (Ubuntu Trusty):
status: In Progress → Fix Committed
Luis Henriques (henrix) on 2016-11-10
Changed in linux (Ubuntu Xenial):
status: In Progress → Fix Committed
Luis Henriques (henrix) wrote :

This bug is awaiting verification that the kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-trusty' to 'verification-done-trusty'.

If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you!

tags: added: verification-needed-trusty
Luis Henriques (henrix) wrote :

This bug is awaiting verification that the kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-xenial' to 'verification-done-xenial'.

If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you!

tags: added: verification-needed-xenial
Marcelo Cerri (mhcerri) on 2016-11-21
tags: added: verification-done-xenial
removed: verification-needed-xenial
Marcelo Cerri (mhcerri) on 2016-11-21
tags: added: verification-done-trusty
removed: verification-needed-trusty

The verification of the Stable Release Update for linux-lts-trusty has completed successfully and the package has now been released to -updates. Subsequently, the Ubuntu Stable Release Updates Team is being unsubscribed and will not receive messages about this bug report. In the event that you encounter a regression using the package from -updates please report a new bug using ubuntu-bug and tag the bug report regression-update so we can easily find any regressions.

Launchpad Janitor (janitor) wrote :

This bug was fixed in the package linux - 3.13.0-103.150

---------------
linux (3.13.0-103.150) trusty; urgency=low

  [ Luis Henriques ]

  * Release Tracking Bug
    - LP: #1644489

  * Possible regression on 3.13.0-102.149~precise1 x86_64 (gce) (LP: #1644302)
    - SAUCE: apparmor: delete extra variable dev_path

linux (3.13.0-102.149) trusty; urgency=low

  [ Luis Henriques ]

  * Release Tracking Bug
    - LP: #1640581

  * lxc-attach to malicious container allows access to host (LP: #1639345)
    - Revert "UBUNTU: ptrace: being capable wrt a process requires mapped
      uids/gids"
    - (upstream) mm: Add a user_ns owner to mm_struct and fix ptrace permission
      checks

  * Syntax error extra parenthesis linux-headers-3.13.0-100/Makefile
    (LP: #1636625)
    - Makefile: fix extra parenthesis typo when CC_STACKPROTECTOR_REGULAR is
      enabled

  * Add a driver for Amazon Elastic Network Adapters (ENA) (LP: #1635721)
    - lib/bitmap.c: conversion routines to/from u32 array
    - kernel.h: define u8, s8, u32, etc. limits
    - net: ethtool: add new ETHTOOL_xLINKSETTINGS API
    - PCI/MSI: Add pci_msix_vec_count()
    - etherdevice: Use ether_addr_copy to copy an Ethernet address
    - net: ena: Add a driver for Amazon Elastic Network Adapters (ENA)
    - [config] enable CONFIG_ENA_ETHERNET=m (Amazon ENA driver)

  * CVE-2016-8658
    - brcmfmac: avoid potential stack overflow in brcmf_cfg80211_start_ap()

  * CVE-2016-7425
    - scsi: arcmsr: Buffer overflow in arcmsr_iop_message_xfer()

  * srcname from mount rule corrupted under load (LP: #1634753)
    - SAUCE: apparmor: fix sleep in critical section

  * ghash-clmulni-intel module fails to load (LP: #1633058)
    - crypto: ghash-clmulni - Fix load failure
    - crypto: cryptd - Assign statesize properly

 -- Luis Henriques <email address hidden> Thu, 24 Nov 2016 09:56:54 +0000

Changed in linux (Ubuntu Trusty):
status: Fix Committed → Fix Released
status: Fix Committed → Fix Released
Launchpad Janitor (janitor) wrote :
Download full text (22.5 KiB)

This bug was fixed in the package linux - 4.4.0-51.72

---------------
linux (4.4.0-51.72) xenial; urgency=low

  [ Luis Henriques ]

  * Release Tracking Bug
    - LP: #1644611

  * 4.4.0-1037-snapdragon #41: kernel panic on boot (LP: #1644596)
    - Revert "dma-mapping: introduce the DMA_ATTR_NO_WARN attribute"
    - Revert "powerpc: implement the DMA_ATTR_NO_WARN attribute"
    - Revert "nvme: use the DMA_ATTR_NO_WARN attribute"

linux (4.4.0-50.71) xenial; urgency=low

  [ Luis Henriques ]

  * Release Tracking Bug
    - LP: #1644169

  * xenial 4.4.0-49.70 kernel breaks LXD userspace (LP: #1644165)
    - Revert "UBUNTU: SAUCE: (namespace) fuse: Allow user namespace mounts by
      default"
    - Revert "UBUNTU: SAUCE: (namespace) fs: Don't remove suid for CAP_FSETID for
      userns root"
    - Revert "(namespace) Revert "UBUNTU: SAUCE: fs: Don't remove suid for
      CAP_FSETID in s_user_ns""
    - Revert "UBUNTU: SAUCE: (namespace) fs: Allow superblock owner to change
      ownership of inodes"
    - Revert "(namespace) Revert "UBUNTU: SAUCE: fs: Allow superblock owner to
      change ownership of inodes with unmappable ids""
    - Revert "UBUNTU: SAUCE: (namespace) security/integrity: Harden against
      malformed xattrs"
    - Revert "(namespace) Revert "UBUNTU: SAUCE: ima/evm: Allow root in s_user_ns
      to set xattrs""
    - Revert "(namespace) dquot: For now explicitly don't support filesystems
      outside of init_user_ns"
    - Revert "(namespace) quota: Handle quota data stored in s_user_ns in
      quota_setxquota"
    - Revert "(namespace) quota: Ensure qids map to the filesystem"
    - Revert "(namespace) Revert "UBUNTU: SAUCE: quota: Convert ids relative to
      s_user_ns""
    - Revert "(namespace) Revert "UBUNTU: SAUCE: quota: Require that qids passed
      to dqget() be valid and map into s_user_ns""
    - Revert "(namespace) vfs: Don't create inodes with a uid or gid unknown to
      the vfs"
    - Revert "(namespace) vfs: Don't modify inodes with a uid or gid unknown to
      the vfs"
    - Revert "UBUNTU: SAUCE: (namespace) fuse: Translate ids in posix acl xattrs"
    - Revert "UBUNTU: SAUCE: (namespace) posix_acl: Export
      posix_acl_fix_xattr_userns() to modules"
    - Revert "(namespace) vfs: Verify acls are valid within superblock's
      s_user_ns."
    - Revert "(namespace) Revert "UBUNTU: SAUCE: fs: Update posix_acl support to
      handle user namespace mounts""
    - Revert "(namespace) fs: Refuse uid/gid changes which don't map into
      s_user_ns"
    - Revert "(namespace) Revert "UBUNTU: SAUCE: fs: Refuse uid/gid changes which
      don't map into s_user_ns""
    - Revert "(namespace) mnt: Move the FS_USERNS_MOUNT check into sget_userns"

linux (4.4.0-49.70) xenial; urgency=low

  [ Luis Henriques ]

  * Release Tracking Bug
    - LP: #1640921

  * Infiniband driver (kernel module) needed for Azure (LP: #1641139)
    - SAUCE: RDMA Infiniband for Windows Azure
    - [Config] CONFIG_HYPERV_INFINIBAND_ND=m
    - SAUCE: Makefile RDMA infiniband driver for Windows Azure
    - [Config] Add hv_network_direct.ko to generic inclusion list
    - SAUCE: RDMA Infiniband for Windows Azure is dependent on amd64...

Changed in linux (Ubuntu Xenial):
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers