qeth: fix L3 next-hop im xmit qeth hdr

Bug #1750813 reported by bugproxy on 2018-02-21
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Ubuntu on IBM z Systems
High
Canonical Kernel Team
linux (Ubuntu)
High
Joseph Salisbury
Xenial
High
Joseph Salisbury

Bug Description

== SRU Justification ==
The current code accesses rtable->rt_gateway without checking that rtable
is a valid address. The accidental access to a lowcore area results in a
random next-hop address in the qeth_hdr. rtable (or more precisely,
skb_dst(skb)) can be NULL in rare cases (for instance together with AF_PACKET sockets).

The solution is to add the missing NULL-ptr checks, which is done by commit ec2c6726322f.

Commit ec2c6726322f is in mainline as of v4.13-rc5, so this fix is only needed in Xenial.

== Fix ==
ec2c6726322f ("s390/qeth: fix L3 next-hop in xmit qeth hdr")

== Regression Potential ==
Low. Limited to s390.

== Test Case ==
A test kernel was built with this patch and tested by the original bug reporter.
The bug reporter states the test kernel resolved the bug.

Upstream Commit:
ec2c6726322f0d270bab477e4904bf9496f70ee5
kernel 4.13

bugproxy (bugproxy) on 2018-02-21
tags: added: architecture-s39064 bugnameltc-164873 severity-high targetmilestone-inin1804
Changed in ubuntu:
assignee: nobody → Skipper Bug Screeners (skipper-screen-team)
affects: ubuntu → linux (Ubuntu)
Changed in ubuntu-z-systems:
status: New → Triaged
importance: Undecided → High
assignee: nobody → Canonical Kernel Team (canonical-kernel-team)
Dimitri John Ledkov (xnox) wrote :

This is already fix released, as the commit mentioned is in the v4.13+ kernels.

Is this a request to backport this to some previous release? Because this is an invalid request for 18.04.

Changed in ubuntu-z-systems:
status: Triaged → Invalid
Changed in linux (Ubuntu):
status: New → Invalid
Joseph Salisbury (jsalisbury) wrote :

Commit ec2c6726322f0d2 is in mainline as of v4.13-rc5, so Artful and Bionic already contain the fix. Are you requesting it in Xenial?

Changed in linux (Ubuntu):
importance: Undecided → High
status: Invalid → Triaged
assignee: Skipper Bug Screeners (skipper-screen-team) → Joseph Salisbury (jsalisbury)

------- Comment From <email address hidden> 2018-02-23 04:02 EDT-------
Yes, its recommended to incl. it into Xenial

Changed in linux (Ubuntu Xenial):
assignee: nobody → Joseph Salisbury (jsalisbury)
importance: Undecided → High
status: New → Triaged
Changed in linux (Ubuntu):
status: Triaged → Fix Released
Changed in ubuntu-z-systems:
status: Invalid → Triaged
Changed in linux (Ubuntu Xenial):
status: Triaged → In Progress
Changed in ubuntu-z-systems:
status: Triaged → In Progress
Joseph Salisbury (jsalisbury) wrote :

I built a test kernel with commit ec2c6726322f0d270bab477e4904bf9496f70ee5. The test kernel can be downloaded from:
http://kernel.ubuntu.com/~jsalisbury/lp1750813

Can you test this kernel and see if it resolves this bug?

Note, to test this kernel, you need to install both the linux-image and linux-image-extra .deb packages.

Thanks in advance!

bugproxy (bugproxy) wrote :

------- Comment From <email address hidden> 2018-02-27 11:50 EDT-------
I'm not able to test this kernel, but this patch was verified upfront, before posting..

Joseph Salisbury (jsalisbury) wrote :
description: updated
Changed in ubuntu-z-systems:
status: In Progress → Fix Committed
Changed in linux (Ubuntu Xenial):
status: In Progress → Fix Committed
Stefan Bader (smb) wrote :

This bug is awaiting verification that the kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-xenial' to 'verification-done-xenial'. If the problem still exists, change the tag 'verification-needed-xenial' to 'verification-failed-xenial'.

If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you!

tags: added: verification-needed-xenial
bugproxy (bugproxy) wrote :

------- Comment From <email address hidden> 2018-03-19 07:33 EDT-------
patch verified upfront - see LP comment #5 from 2018-02-27

tags: added: verification-done-xenial
removed: verification-needed-xenial
Launchpad Janitor (janitor) wrote :
Download full text (56.9 KiB)

This bug was fixed in the package linux - 4.4.0-119.143

---------------
linux (4.4.0-119.143) xenial; urgency=medium

  * linux: 4.4.0-119.143 -proposed tracker (LP: #1760327)

  * Dell XPS 13 9360 bluetooth scan can not detect any device (LP: #1759821)
    - Revert "Bluetooth: btusb: fix QCA Rome suspend/resume"

linux (4.4.0-118.142) xenial; urgency=medium

  * linux: 4.4.0-118.142 -proposed tracker (LP: #1759607)

  * Kernel panic with AWS 4.4.0-1053 / 4.4.0-1015 (Trusty) (LP: #1758869)
    - x86/microcode/AMD: Do not load when running on a hypervisor

  * CVE-2018-8043
    - net: phy: mdio-bcm-unimac: fix potential NULL dereference in
      unimac_mdio_probe()

linux (4.4.0-117.141) xenial; urgency=medium

  * linux: 4.4.0-117.141 -proposed tracker (LP: #1755208)

  * Xenial update to 4.4.114 stable release (LP: #1754592)
    - x86/asm/32: Make sync_core() handle missing CPUID on all 32-bit kernels
    - usbip: prevent vhci_hcd driver from leaking a socket pointer address
    - usbip: Fix implicit fallthrough warning
    - usbip: Fix potential format overflow in userspace tools
    - x86/microcode/intel: Fix BDW late-loading revision check
    - x86/retpoline: Fill RSB on context switch for affected CPUs
    - sched/deadline: Use the revised wakeup rule for suspending constrained dl
      tasks
    - can: af_can: can_rcv(): replace WARN_ONCE by pr_warn_once
    - can: af_can: canfd_rcv(): replace WARN_ONCE by pr_warn_once
    - PM / sleep: declare __tracedata symbols as char[] rather than char
    - time: Avoid undefined behaviour in ktime_add_safe()
    - timers: Plug locking race vs. timer migration
    - Prevent timer value 0 for MWAITX
    - drivers: base: cacheinfo: fix x86 with CONFIG_OF enabled
    - drivers: base: cacheinfo: fix boot error message when acpi is enabled
    - PCI: layerscape: Add "fsl,ls2085a-pcie" compatible ID
    - PCI: layerscape: Fix MSG TLP drop setting
    - mmc: sdhci-of-esdhc: add/remove some quirks according to vendor version
    - fs/select: add vmalloc fallback for select(2)
    - hwpoison, memcg: forcibly uncharge LRU pages
    - cma: fix calculation of aligned offset
    - mm, page_alloc: fix potential false positive in __zone_watermark_ok
    - ipc: msg, make msgrcv work with LONG_MIN
    - x86/ioapic: Fix incorrect pointers in ioapic_setup_resources()
    - ACPI / processor: Avoid reserving IO regions too early
    - ACPI / scan: Prefer devices without _HID/_CID for _ADR matching
    - ACPICA: Namespace: fix operand cache leak
    - netfilter: x_tables: speed up jump target validation
    - netfilter: arp_tables: fix invoking 32bit "iptable -P INPUT ACCEPT" failed
      in 64bit kernel
    - netfilter: nf_dup_ipv6: set again FLOWI_FLAG_KNOWN_NH at flowi6_flags
    - netfilter: nf_ct_expect: remove the redundant slash when policy name is
      empty
    - netfilter: nfnetlink_queue: reject verdict request from different portid
    - netfilter: restart search if moved to other chain
    - netfilter: nf_conntrack_sip: extend request line validation
    - netfilter: use fwmark_reflect in nf_send_reset
    - ext2: Don't clear SGID when inheriting ACLs
    - reiserfs: fix race in prealloc discard
    - re...

Changed in linux (Ubuntu Xenial):
status: Fix Committed → Fix Released
Changed in ubuntu-z-systems:
status: Fix Committed → Fix Released
bugproxy (bugproxy) wrote :

------- Comment From <email address hidden> 2018-04-04 07:00 EDT-------
IBM bugzilla status-> closed, Fix Released with Xenial

To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers