Kernel linux-image-4.4.0-67-generic prevent the boot on Microsoft Hyper-v 2012r2 Gen2 VM

Bug #1674635 reported by Cristiano Casella on 2017-03-21
56
This bug affects 8 people
Affects Status Importance Assigned to Milestone
linux (Ubuntu)
Critical
Joseph Salisbury
Xenial
Critical
Joseph Salisbury
Yakkety
Critical
Joseph Salisbury
Zesty
Critical
Joseph Salisbury

Bug Description

After updating the kernel inside the virtual machine to the version 4.4.0-67-generic, at the next boot the vm will stuck in a black screen at every try. An hard reset is required.
The only workaround is to set the default in grub to the previous version.
The virtual machine hardware is a Gen2.
We are experiencing this issue on all our vps with the same kernel (around 300-400 vms).
---
AlsaDevices:
 total 0
 crw-rw---- 1 root audio 116, 1 Mar 20 10:30 seq
 crw-rw---- 1 root audio 116, 33 Mar 20 10:30 timer
AplayDevices: Error: [Errno 2] No such file or directory
ApportVersion: 2.20.1-0ubuntu2.5
Architecture: amd64
ArecordDevices: Error: [Errno 2] No such file or directory
AudioDevicesInUse: Error: command ['fuser', '-v', '/dev/snd/seq', '/dev/snd/timer'] failed with exit code 1:
DistroRelease: Ubuntu 16.04
HibernationDevice: RESUME=/dev/mapper/vg01--vg-swap_1
InstallationDate: Installed on 2017-03-13 (7 days ago)
InstallationMedia:

IwConfig: Error: [Errno 2] No such file or directory
Lspci:

Lsusb: Error: command ['lsusb'] failed with exit code 1:
MachineType: Microsoft Corporation Virtual Machine
Package: linux (not installed)
PciMultimedia:

ProcFB: 0 hyperv_fb
ProcKernelCmdLine: BOOT_IMAGE=/vmlinuz-4.4.0-66-generic.efi.signed root=/dev/mapper/vg01--vg-root ro nomodeset
ProcVersionSignature: Ubuntu 4.4.0-66.87-generic 4.4.44
RelatedPackageVersions:
 linux-restricted-modules-4.4.0-66-generic N/A
 linux-backports-modules-4.4.0-66-generic N/A
 linux-firmware 1.157.8
RfKill: Error: [Errno 2] No such file or directory
Tags: xenial
Uname: Linux 4.4.0-66-generic x86_64
UpgradeStatus: No upgrade log present (probably fresh install)
UserGroups:

_MarkForUpload: True
dmi.bios.date: 11/26/2012
dmi.bios.vendor: Microsoft Corporation
dmi.bios.version: Hyper-V UEFI Release v1.0
dmi.board.asset.tag: None
dmi.board.name: Virtual Machine
dmi.board.vendor: Microsoft Corporation
dmi.board.version: Hyper-V UEFI Release v1.0
dmi.chassis.asset.tag: 4898-1213-1192-4801-7611-1594-99
dmi.chassis.type: 3
dmi.chassis.vendor: Microsoft Corporation
dmi.chassis.version: Hyper-V UEFI Release v1.0
dmi.modalias: dmi:bvnMicrosoftCorporation:bvrHyper-VUEFIReleasev1.0:bd11/26/2012:svnMicrosoftCorporation:pnVirtualMachine:pvrHyper-VUEFIReleasev1.0:rvnMicrosoftCorporation:rnVirtualMachine:rvrHyper-VUEFIReleasev1.0:cvnMicrosoftCorporation:ct3:cvrHyper-VUEFIReleasev1.0:
dmi.product.name: Virtual Machine
dmi.product.version: Hyper-V UEFI Release v1.0
dmi.sys.vendor: Microsoft Corporation

CVE References

This bug is missing log files that will aid in diagnosing the problem. From a terminal window please run:

apport-collect 1674635

and then change the status of the bug to 'Confirmed'.

If, due to the nature of the issue you have encountered, you are unable to run this command, please add a comment stating that fact and change the bug status to 'Confirmed'.

This change has been made by an automated script, maintained by the Ubuntu Kernel Team.

Changed in linux (Ubuntu):
status: New → Incomplete

apport information

tags: added: apport-collected xenial
description: updated

apport information

apport information

apport information

apport information

apport information

apport information

apport information

apport information

I added the logs, keep in mind that I collected the logs from the vm started with previous version of the kernel (can't boot the vm with the affected version).

Changed in linux (Ubuntu):
status: Incomplete → Confirmed
Changed in linux (Ubuntu):
importance: Undecided → High
Changed in linux (Ubuntu Xenial):
status: New → Confirmed
importance: Undecided → High
tags: added: kernel-da-key kernel-hyper-v
Changed in linux (Ubuntu):
importance: High → Critical
Changed in linux (Ubuntu Xenial):
importance: High → Critical
tags: added: kernel-key
removed: kernel-da-key
Changed in linux (Ubuntu):
status: Confirmed → Triaged
Changed in linux (Ubuntu Xenial):
status: Confirmed → Triaged
Changed in linux (Ubuntu):
assignee: nobody → Joseph Salisbury (jsalisbury)
Changed in linux (Ubuntu Xenial):
assignee: nobody → Joseph Salisbury (jsalisbury)
Joseph Salisbury (jsalisbury) wrote :

I'll setup a test vm and see if I can reproduce this. In the meantime, can you test the 4.4.0-69 kernel in proposed:

https://launchpad.net/~canonical-kernel-team/+archive/ubuntu/ppa/+build/12134676

Note, you need to install both the linux-image and linux-image-extra .deb packages.

installed both packages as requested and gone in the same troubles :(

Changed in linux (Ubuntu):
status: Triaged → In Progress
Changed in linux (Ubuntu Xenial):
status: Triaged → In Progress
Joseph Salisbury (jsalisbury) wrote :

I was unable to reproduce the bug in my environment and 4.4.0-67 boots fine for me. I can perform a bisect if you can test some kernels.

I started a kernel bisect between v4.4.0-66 and v4.4.0-67. The kernel bisect will require testing of about 7-10 test kernels.

I built the first test kernel, up to the following commit:
df0a1b9cce531e1718dbb966b1e0075b3667598f

The test kernel can be downloaded from:
http://kernel.ubuntu.com/~jsalisbury/lp1674635

Can you test that kernel and report back if it has the bug or not? I will build the next test kernel based on your test results.

Thanks in advance

ok, I made a lot of tests, here a report:

- made a fresh installation with hyper-v on windows 10 -> all works fine
- made a fresh installation with hyper-v on windows server 2012 r2 in our environment -> all works fine
- all test on existing vms can reproduce the issue as described

environment details:

- we have a customized build system that deploy our vps for our customers, if needed I can give you (in private) more specifics details about our environment or give you a full access to a test vps

About kernel versions:

- Tried with linux-image-4.8.0-43-generic -> same troubles
- Tried a fresh install on our environment with standard 4.4.0-67-generic -> same troubles
- Tried with the build your provided -> all works fine:
~# uname -a
Linux raziel 4.4.0-67-generic #88~lp1674635Commitdf0a1b9cce SMP Tue Mar 21 22:52:44 UTC 2017 x86_64 x86_64 x86_64 GNU/Linux

So the issue seems to be related to our base image or our build system.

sorry, to be more clear:

If I make a fresh install in my environment by hand it works.
If I make a fresh install in my environment with my build workflow it doesn't works.

I updated the base image where we make new installation from to the version 4.4.0-67-generic and it works.
Trying to make a new vps from that image and it stucks just after the hdd clone.

The problem seems to be related to the disk clone process.

Marcin Banaszek (banantaffer1) wrote :

I have the same problem in my homelab:
Host:
Windows 10 Pro

Hyper-V VMs:
Ubuntu Server 16.04.2 with latest updates, one vm is clean and rest have only one service installed (perforce server, plex server, etc.).

Test kernel df0a1b9cce531e1718dbb966b1e0075b3667598f booted up without errors.

Joseph Salisbury (jsalisbury) wrote :

During the bisect, some of the test kernels will be good and not exhibit the bug, while others will be bad.

I built the next test kernel, up to the following commit:
b06640ee040e347f122d0e885383da3efdb15ccd

The test kernel can be downloaded from:
http://kernel.ubuntu.com/~jsalisbury/lp1674635

Can you test that kernel and report back if it has the bug or not? I will build the next test kernel based on your test results.

Thanks in advance

Marcin Banaszek (banantaffer1) wrote :

b06640ee040e347f122d0e885383da3efdb15ccd works fine

Joseph Salisbury (jsalisbury) wrote :

I built the next test kernel, up to the following commit:
c7e300f2972c4d9a0dcd2d305556b14abb26be2b

The test kernel can be downloaded from:
http://kernel.ubuntu.com/~jsalisbury/lp1674635/c7e300f2972c4d9a0dcd2d305556b14abb26be2b

Can you test that kernel and report back if it has the bug or not? I will build the next test kernel based on your test results.

Thanks in advance

Marcin Banaszek (banantaffer1) wrote :

c7e300f2972c4d9a0dcd2d305556b14abb26be2b does not boot

same results for me:

b06640ee040e347f122d0e885383da3efdb15ccd works fine
c7e300f2972c4d9a0dcd2d305556b14abb26be2b does not boot

Joseph Salisbury (jsalisbury) wrote :

I built the next test kernel, up to the following commit:
4ddd2ccae5e00fc62ca72410d2fc8ea668747134

The test kernel can be downloaded from:
http://kernel.ubuntu.com/~jsalisbury/lp1674635/4ddd2ccae5e00fc62ca72410d2fc8ea668747134

Can you test that kernel and report back if it has the bug or not? I will build the next test kernel based on your test results.

Thanks in advance

Marcin Banaszek (banantaffer1) wrote :

4ddd2ccae5e00fc62ca72410d2fc8ea668747134 does not boot.

4ddd2ccae5e00fc62ca72410d2fc8ea668747134 does not boot

p.s. on our side we are still investigating and we are focusing on the boot configuration, do you have some details about the right device should be selected in the hypervisor?
just the hard drive?
the efi file in efi partition? (which name and path is expected)

thanks for your support

Joseph Salisbury (jsalisbury) wrote :

I built the next test kernel, up to the following commit:
6c71f5ccfa0545c2f397c0ce74f52c3470cc75b6

The test kernel can be downloaded from:
http://kernel.ubuntu.com/~jsalisbury/lp1674635/6c71f5ccfa0545c2f397c0ce74f52c3470cc75b6

Can you test that kernel and report back if it has the bug or not? I will build the next test kernel based on your test results.

Thanks in advance

Marcin Banaszek (banantaffer1) wrote :

6c71f5ccfa0545c2f397c0ce74f52c3470cc75b6 works fine.

6c71f5ccfa0545c2f397c0ce74f52c3470cc75b6 works fine

Joseph Salisbury (jsalisbury) wrote :

I built the next test kernel, up to the following commit:
8df3e3271ae0bd4d85aff701abc88d6b5526f7fe

The test kernel can be downloaded from:
http://kernel.ubuntu.com/~jsalisbury/lp1674635/8df3e3271ae0bd4d85aff701abc88d6b5526f7fe

Can you test that kernel and report back if it has the bug or not? I will build the next test kernel based on your test results.

Thanks in advance

8df3e3271ae0bd4d85aff701abc88d6b5526f7fe works fine

Marcin Banaszek (banantaffer1) wrote :

8df3e3271ae0bd4d85aff701abc88d6b5526f7fe does not boot in my VM, double checked because of Cristiano result. (before every kernel installation/test I revert VM to the same checkpoint)

I recheck in a few minutes...

oot@raziel:~# uname -a
Linux raziel.cristianocasella.com 4.4.0-67-generic #88~lp1674635Commit6c71f5ccfa SMP Thu Mar 23 21:07:48 UTC 2017 x86_64 x86_64 x86_64 GNU/Linux

It works

Marcin Banaszek (banantaffer1) wrote :

Cristiano, that is previous test kernel from post #30, latest is in #33.

Really sorry, I made a typo :(

8df3e3271ae0bd4d85aff701abc88d6b5526f7fe does not boot.

tags: added: kernel-da-key
removed: kernel-key
Joseph Salisbury (jsalisbury) wrote :

I built the next test kernel, up to the following commit:
b4e22b8a3d9d5746380e8d400cd9134567ffe675

The test kernel can be downloaded from:
http://kernel.ubuntu.com/~jsalisbury/lp1674635/b4e22b8a3d9d5746380e8d400cd9134567ffe675

Can you test that kernel and report back if it has the bug or not? I will build the next test kernel based on your test results.

Thanks in advance

Marcin Banaszek (banantaffer1) wrote :

b4e22b8a3d9d5746380e8d400cd9134567ffe675 works fine.

Joseph Salisbury (jsalisbury) wrote :

The bisect reported the following commit as the first bad commit:

commit 8df3e3271ae0bd4d85aff701abc88d6b5526f7fe
Author: Long Li <email address hidden>
Date: Mon Feb 13 06:05:20 2017 -0700

    scsi: storvsc: properly set residual data length on errors

I built a test kernel with that commit reverted.

The test kernel can be downloaded from:
http://kernel.ubuntu.com/~jsalisbury/lp1674635/revert

Can you test that kernel and report back if it has the bug or not?

Thanks in advance

Marcin Banaszek (banantaffer1) wrote :

4.4.0-71.92~lp1674635Revert works fine.

b4e22b8a3d9d5746380e8d400cd9134567ffe675 works fine.

Testing the reverted...

Reverted kernel works fine on 2 server:

root@ID11600:~# uname -a
Linux ID11600.example.com 4.4.0-71-generic #92~lp1674635Revert SMP Mon Mar 27 18:33:16 UTC 2017 x86_64 x86_64 x86_64 GNU/Linux

Joseph Salisbury (jsalisbury) wrote :

Thanks for all the help testing Cristiano and Marcin. I pinged the patch author and upstream to get some feedback. I'll post when we know the next steps.

thanks for your support

got same troubles also on version 4.4.0-70 (just released: https://launchpad.net/ubuntu/+source/linux/4.4.0-70.91)

Joseph Salisbury (jsalisbury) wrote :

@cristiano, yes you should have. The commit has not been reverted yet and a patch to fix the bug has not been added. The commit that introduced this bug was also cc'd to stable, so other releases will now have this bug as well, until it is fixed.

Changed in linux (Ubuntu Yakkety):
status: New → In Progress
Changed in linux (Ubuntu Vivid):
status: New → In Progress
importance: Undecided → Critical
Changed in linux (Ubuntu Yakkety):
importance: Undecided → Critical
Changed in linux (Ubuntu Vivid):
assignee: nobody → Joseph Salisbury (jsalisbury)
Changed in linux (Ubuntu Yakkety):
assignee: nobody → Joseph Salisbury (jsalisbury)
Joseph Salisbury (jsalisbury) wrote :

Upstream thinks the following commit may resolve this bug:

commit f1c635b439a5c01776fe3a25b1e2dc546ea82e6f
Author: Stephen Hemminger <email address hidden>
Date: Tue Mar 7 09:15:53 2017 -0800

    scsi: storvsc: Workaround for virtual DVD SCSI version

I built a test kernel with a pick of this commit. The test kernel can be downloaded from:
http://kernel.ubuntu.com/~jsalisbury/lp1674635/patched

Can you test that kernel and report back if it has the bug or not?

Thanks in advance

patched kernel works:

root@ID11600:~# uname -a
Linux ID11600.example.com 4.4.0-71-generic #92~lp1674635Patched SMP Mon Mar 27 22:33:57 UTC 2017 x86_64 x86_64 x86_64 GNU/Linux

no longer affects: linux (Ubuntu Vivid)
Marcin Banaszek (banantaffer1) wrote :

Patched kernel works here too, thanks for support :)

Tim Gardner (timg-tpi) on 2017-03-28
Changed in linux (Ubuntu Zesty):
status: In Progress → Fix Committed
Changed in linux (Ubuntu Yakkety):
status: In Progress → Fix Committed
Changed in linux (Ubuntu Xenial):
status: In Progress → Fix Committed
Daniel (d-maml-o) wrote :

Josep, I am not familiar with the bug fix workflows here. Can you estimate when your fix will be available through apt-get upgrade? Days? Weeks? Months?

Launchpad Janitor (janitor) wrote :
Download full text (21.0 KiB)

This bug was fixed in the package linux - 4.10.0-19.21

---------------
linux (4.10.0-19.21) zesty; urgency=low

  [ Tim Gardner ]

  * Release Tracking Bug
    - LP: #1680535

  * ADT regressions caused by "audit: fix auditd/kernel connection state
    tracking" (LP: #1680532)
    - SAUCE: Revert "audit: fix auditd/kernel connection state tracking"

  * Miscellaneous Ubuntu changes
    - [Config] updateconfigs to update CONFIG_GENERIC_CSUM for ppc64el
      This cleans up behind a Kconfig change that went undetected.

linux (4.10.0-18.20) zesty; urgency=low

  [ Tim Gardner ]

  * Release Tracking Bug
    - LP: #1680168

  * smartpqi driver needed in initram disk and installer (LP: #1680156)
    - UBUNU: [Config] Add smartpqi to d-i

linux (4.10.0-17.19) zesty; urgency=low

  [ Tim Gardner ]

  * Release Tracking Bug
    - LP: #1679718

  * Fix CVE-2017-7308 (LP: #1678009)
    - net/packet: fix overflow in check for priv area size
    - net/packet: fix overflow in check for tp_frame_nr
    - net/packet: fix overflow in check for tp_reserve

  * apparmor: oops on boot if parameters set on grub command line (LP: #1678048)
    - SAUCE: apparmor: fix parameters so that the permission test is bypassed at boot

  * apparmor: does not provide a way to detect policy updataes (LP: #1678032)
    - SAUCE: apparmor: add policy revision file interface

  * apparmor does not make support of query data visible (LP: #1678023)
    - SAUCE: apparmor: add label data availability to the feature set

  * apparmor query interface does not make supported query info available
    (LP: #1678030)
    - SAUCE: apparmor: add information about the query inteface to the feature set

  * change_profile incorrect when using namespaces with a compound stack
    (LP: #1677959)
    - SAUCE: apparmor: fix label parse for stacked labels

  * Zesty update to v4.10.8 stable release (LP: #1678930)
    - xfrm: policy: init locks early
    - xfrm_user: validate XFRM_MSG_NEWAE XFRMA_REPLAY_ESN_VAL replay_window
    - xfrm_user: validate XFRM_MSG_NEWAE incoming ESN size harder
    - KVM: nVMX: Fix nested VPID vmx exec control
    - KVM: x86: cleanup the page tracking SRCU instance
    - virtio_balloon: init 1st buffer in stats vq
    - pinctrl: qcom: Don't clear status bit on irq_unmask
    - c6x/ptrace: Remove useless PTRACE_SETREGSET implementation
    - h8300/ptrace: Fix incorrect register transfer count
    - mips/ptrace: Preserve previous registers for short regset write
    - sparc/ptrace: Preserve previous registers for short regset write
    - metag/ptrace: Preserve previous registers for short regset write
    - metag/ptrace: Provide default TXSTATUS for short NT_PRSTATUS
    - metag/ptrace: Reject partial NT_METAG_RPIPE writes
    - qla2xxx: Allow vref count to timeout on vport delete.
    - sched/rt: Add a missing rescheduling point
    - usb: musb: fix possible spinlock deadlock
    - Linux 4.10.8

  * [Hyper-V] pci-hyperv: Use device serial number as PCI domain (LP: #1667527)
    - net/mlx4_core: Use cq quota in SRIOV when creating completion EQs
    - PCI: hv: Use device serial number as PCI domain

  * Miscellaneous Ubuntu changes
    - [Config] flash-kernel should be a...

Changed in linux (Ubuntu Zesty):
status: Fix Committed → Fix Released
Olivier Febwin (febcrash) wrote :

Same issue on 15 servers :/
When kernel 4.4.0-73.94 will be push on updates repository?

This bug is awaiting verification that the kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-xenial' to 'verification-done-xenial'. If the problem still exists, change the tag 'verification-needed-xenial' to 'verification-failed-xenial'.

If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you!

tags: added: verification-needed-xenial
tags: added: verification-needed-yakkety

This bug is awaiting verification that the kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-yakkety' to 'verification-done-yakkety'. If the problem still exists, change the tag 'verification-needed-yakkety' to 'verification-failed-yakkety'.

If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you!

working with xenial and proposed:

root@raziel:~# uname -a
Linux raziel.cristianocasella.com 4.4.0-74-generic #95-Ubuntu SMP Wed Apr 12 09:50:34 UTC 2017 x86_64 x86_64 x86_64 GNU/Linux

tags: added: verification-done-xenial
removed: verification-needed-xenial

If noone else can test Yakkety I can do it tomorrow

working with yakkety and proposed:

root@ID11547:~# uname -a
Linux ID11547.example.com 4.8.0-48-generic #51-Ubuntu SMP Wed Apr 12 13:00:47 UTC 2017 x86_64 x86_64 x86_64 GNU/Linux

tags: added: verification-done-yakkety
removed: verification-needed-yakkety
Launchpad Janitor (janitor) wrote :
Download full text (29.1 KiB)

This bug was fixed in the package linux - 4.4.0-75.96

---------------
linux (4.4.0-75.96) xenial; urgency=low

  * linux: 4.4.0-75.96 -proposed tracker (LP: #1684441)

  * [Hyper-V] hv: util: move waiting for release to hv_utils_transport itself
    (LP: #1682561)
    - Drivers: hv: util: move waiting for release to hv_utils_transport itself

linux (4.4.0-74.95) xenial; urgency=low

  * linux: 4.4.0-74.95 -proposed tracker (LP: #1682041)

  * [Hyper-V] hv: vmbus: Raise retry/wait limits in vmbus_post_msg()
    (LP: #1681893)
    - Drivers: hv: vmbus: Raise retry/wait limits in vmbus_post_msg()

linux (4.4.0-73.94) xenial; urgency=low

  * linux: 4.4.0-73.94 -proposed tracker (LP: #1680416)

  * CVE-2017-6353
    - sctp: deny peeloff operation on asocs with threads sleeping on it

  * vfat: missing iso8859-1 charset (LP: #1677230)
    - [Config] NLS_ISO8859_1=y

  * Regression: KVM modules should be on main kernel package (LP: #1678099)
    - [Config] powerpc: Add kvm-hv and kvm-pr to the generic inclusion list

  * linux-lts-xenial 4.4.0-63.84~14.04.2 ADT test failure with linux-lts-xenial
    4.4.0-63.84~14.04.2 (LP: #1664912)
    - SAUCE: apparmor: fix link auditing failure due to, uninitialized var

  * regession tests failing after stackprofile test is run (LP: #1661030)
    - SAUCE: fix regression with domain change in complain mode

  * Permission denied and inconsistent behavior in complain mode with 'ip netns
    list' command (LP: #1648903)
    - SAUCE: fix regression with domain change in complain mode

  * unexpected errno=13 and disconnected path when trying to open /proc/1/ns/mnt
    from a unshared mount namespace (LP: #1656121)
    - SAUCE: apparmor: null profiles should inherit parent control flags

  * apparmor refcount leak of profile namespace when removing profiles
    (LP: #1660849)
    - SAUCE: apparmor: fix ns ref count link when removing profiles from policy

  * tor in lxd: apparmor="DENIED" operation="change_onexec"
    namespace="root//CONTAINERNAME_<var-lib-lxd>" profile="unconfined"
    name="system_tor" (LP: #1648143)
    - SAUCE: apparmor: Fix no_new_privs blocking change_onexec when using stacked
      namespaces

  * apparmor oops in bind_mnt when dev_path lookup fails (LP: #1660840)
    - SAUCE: apparmor: fix oops in bind_mnt when dev_path lookup fails

  * apparmor auditing denied access of special apparmor .null fi\ le
    (LP: #1660836)
    - SAUCE: apparmor: Don't audit denied access of special apparmor .null file

  * apparmor label leak when new label is unused (LP: #1660834)
    - SAUCE: apparmor: fix label leak when new label is unused

  * apparmor reference count bug in label_merge_insert() (LP: #1660833)
    - SAUCE: apparmor: fix reference count bug in label_merge_insert()

  * apparmor's raw_data file in securityfs is sometimes truncated (LP: #1638996)
    - SAUCE: apparmor: fix replacement race in reading rawdata

  * unix domain socket cross permission check failing with nested namespaces
    (LP: #1660832)
    - SAUCE: apparmor: fix cross ns perm of unix domain sockets

  * Xenial update to v4.4.59 stable release (LP: #1678960)
    - xfrm: policy: init locks early
    - virtio_balloon: init ...

Changed in linux (Ubuntu Xenial):
status: Fix Committed → Fix Released
Launchpad Janitor (janitor) wrote :
Download full text (14.5 KiB)

This bug was fixed in the package linux - 4.8.0-49.52

---------------
linux (4.8.0-49.52) yakkety; urgency=low

  * linux: 4.8.0-49.52 -proposed tracker (LP: #1684427)

  * [Hyper-V] hv: util: move waiting for release to hv_utils_transport itself
    (LP: #1682561)
    - Drivers: hv: util: move waiting for release to hv_utils_transport itself

linux (4.8.0-48.51) yakkety; urgency=low

  * linux: 4.8.0-48.51 -proposed tracker (LP: #1682034)

  * [Hyper-V] hv: vmbus: Raise retry/wait limits in vmbus_post_msg()
    (LP: #1681893)
    - Drivers: hv: vmbus: Raise retry/wait limits in vmbus_post_msg()

linux (4.8.0-47.50) yakkety; urgency=low

  * linux: 4.8.0-47.50 -proposed tracker (LP: #1679678)

  * CVE-2017-6353
    - sctp: deny peeloff operation on asocs with threads sleeping on it

  * CVE-2017-5986
    - sctp: avoid BUG_ON on sctp_wait_for_sndbuf

  * vfat: missing iso8859-1 charset (LP: #1677230)
    - [Config] NLS_ISO8859_1=y

  * [Hyper-V] pci-hyperv: Use device serial number as PCI domain (LP: #1667527)
    - net/mlx4_core: Use cq quota in SRIOV when creating completion EQs

  * Regression: KVM modules should be on main kernel package (LP: #1678099)
    - [Config] powerpc: Add kvm-hv and kvm-pr to the generic inclusion list

  * linux-lts-xenial 4.4.0-63.84~14.04.2 ADT test failure with linux-lts-xenial
    4.4.0-63.84~14.04.2 (LP: #1664912)
    - SAUCE: apparmor: fix link auditing failure due to, uninitialized var

  * regession tests failing after stackprofile test is run (LP: #1661030)
    - SAUCE: fix regression with domain change in complain mode

  * Permission denied and inconsistent behavior in complain mode with 'ip netns
    list' command (LP: #1648903)
    - SAUCE: fix regression with domain change in complain mode

  * unexpected errno=13 and disconnected path when trying to open /proc/1/ns/mnt
    from a unshared mount namespace (LP: #1656121)
    - SAUCE: apparmor: null profiles should inherit parent control flags

  * apparmor refcount leak of profile namespace when removing profiles
    (LP: #1660849)
    - SAUCE: apparmor: fix ns ref count link when removing profiles from policy

  * tor in lxd: apparmor="DENIED" operation="change_onexec"
    namespace="root//CONTAINERNAME_<var-lib-lxd>" profile="unconfined"
    name="system_tor" (LP: #1648143)
    - SAUCE: apparmor: Fix no_new_privs blocking change_onexec when using stacked
      namespaces

  * apparmor oops in bind_mnt when dev_path lookup fails (LP: #1660840)
    - SAUCE: apparmor: fix oops in bind_mnt when dev_path lookup fails

  * apparmor auditing denied access of special apparmor .null fi\ le
    (LP: #1660836)
    - SAUCE: apparmor: Don't audit denied access of special apparmor .null file

  * apparmor label leak when new label is unused (LP: #1660834)
    - SAUCE: apparmor: fix label leak when new label is unused

  * apparmor reference count bug in label_merge_insert() (LP: #1660833)
    - SAUCE: apparmor: fix reference count bug in label_merge_insert()

  * apparmor's raw_data file in securityfs is sometimes truncated (LP: #1638996)
    - SAUCE: apparmor: fix replacement race in reading rawdata

  * unix domain socket cross permission check failing with n...

Changed in linux (Ubuntu Yakkety):
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Duplicates of this bug

Other bug subscribers