[Xenial] Kernels OOPS when mwifiex is in AP mode

Bug #1769671 reported by Jesse Sung
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
linux (Ubuntu)
Undecided
Jesse Sung
Xenial
Undecided
Unassigned

Bug Description

There's quite a chance to find kernel oops when mwifiex is in AP mode. Previously two workaround commits were added in the Xenial kernel, 8a034f97a28dba62026343eef7992766c91273a7 and f21d12781c88413aec7ee44983f05b1cdf90662f, to mitigate this issue. The original report can be found at https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1712746 .

Now that a fix has been merged in mainline, it's time to revert the workaround and apply the fix:

commit c61cfe49f0f0f0d1f8b56d0b045838d597e8c3a3
Author: Limin Zhu <email address hidden>
Date: Thu Nov 30 14:22:34 2017 +0800

    mwifiex: cfg80211: do not change virtual interface during scan processing

    (1) Change virtual interface operation in cfg80211 process reset and
    reinitilize private data structure.
    (2) Scan result event processed in main process will dereference private
    data structure concurrently, ocassionly crash the kernel.

    The cornel case could be trigger by below steps:
    (1) wpa_cli mlan0 scan
    (2) ./hostapd mlan0.conf

    Cfg80211 asynchronous scan procedure is not all the time operated
    under rtnl lock, here we add the protect to serialize the cfg80211
    scan and change_virtual interface operation.

    Signed-off-by: Limin Zhu <email address hidden>
    Signed-off-by: Xinming Hu <email address hidden>
    Signed-off-by: Kalle Valo <email address hidden>

Revision history for this message
Jesse Sung (wenchien) wrote :

This fix has been merged in bionic/master via the stable update 4.15.11 so only Xenial is affected.

summary: - [Xenial/Bionic] Kernels OOPS when mwifiex is in AP mode
+ [Xenial] Kernels OOPS when mwifiex is in AP mode
no longer affects: linux (Ubuntu Bionic)
Changed in linux (Ubuntu Xenial):
status: New → Fix Committed
Revision history for this message
Brad Figg (brad-figg) wrote :

This bug is awaiting verification that the kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-xenial' to 'verification-done-xenial'. If the problem still exists, change the tag 'verification-needed-xenial' to 'verification-failed-xenial'.

If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you!

tags: added: verification-needed-xenial
Jesse Sung (wenchien)
tags: added: verification-done-xenial
removed: verification-needed-xenial
Revision history for this message
Launchpad Janitor (janitor) wrote :
Download full text (15.1 KiB)

This bug was fixed in the package linux - 4.4.0-128.154

---------------
linux (4.4.0-128.154) xenial; urgency=medium

  * linux: 4.4.0-128.154 -proposed tracker (LP: #1772960)

  * CVE-2018-3639 (x86)
    - x86/cpu: Make alternative_msr_write work for 32-bit code
    - x86/bugs: Fix the parameters alignment and missing void
    - KVM: SVM: Move spec control call after restore of GS
    - x86/speculation: Use synthetic bits for IBRS/IBPB/STIBP
    - x86/cpufeatures: Disentangle MSR_SPEC_CTRL enumeration from IBRS
    - x86/cpufeatures: Disentangle SSBD enumeration
    - x86/cpu/AMD: Fix erratum 1076 (CPB bit)
    - x86/cpufeatures: Add FEATURE_ZEN
    - x86/speculation: Handle HT correctly on AMD
    - x86/bugs, KVM: Extend speculation control for VIRT_SPEC_CTRL
    - x86/speculation: Add virtualized speculative store bypass disable support
    - x86/speculation: Rework speculative_store_bypass_update()
    - x86/bugs: Unify x86_spec_ctrl_{set_guest,restore_host}
    - x86/bugs: Expose x86_spec_ctrl_base directly
    - x86/bugs: Remove x86_spec_ctrl_set()
    - x86/bugs: Rework spec_ctrl base and mask logic
    - x86/speculation, KVM: Implement support for VIRT_SPEC_CTRL/LS_CFG
    - KVM: SVM: Implement VIRT_SPEC_CTRL support for SSBD
    - x86/bugs: Rename SSBD_NO to SSB_NO
    - KVM: VMX: Expose SSBD properly to guests.

  * [i915_bpo] Fix flickering issue after panel change (LP: #1770565)
    - drm/i915: Fix iboost setting for DDI with 4 lanes on SKL
    - drm/i915: Name the "iboost bit"
    - drm/i915: Program iboost settings for HDMI/DVI on SKL
    - drm/i915: Move bxt_ddi_vswing_sequence() call into intel_ddi_pre_enable()
      for HDMI
    - drm/i915: Explicitly use ddi buf trans entry 9 for hdmi
    - drm/i915: Split DP/eDP/FDI and HDMI/DVI DDI buffer programming apart
    - drm/i915: Get the iboost setting based on the port type
    - drm/i915: Simplify intel_ddi_get_encoder_port()
    - drm/i915: Fix iboost setting for SKL Y/U DP DDI buffer translation entry 2
    - drm/i915: KBL - Recommended buffer translation programming for DisplayPort
    - drm/i915: Ignore OpRegion panel type except on select machines

  * [SRU][Bionic/Artful] fix false positives in W+X checking (LP: #1769696)
    - init: fix false positives in W+X checking

  * [Ubuntu 16.04] kernel: fix rwlock implementation (LP: #1761674)
    - SAUCE: (no-up) s390: fix rwlock implementation

  * linux < 4.11: unable to use netfilter logging from non-init namespaces
    (LP: #1766573)
    - netfilter: allow logging from non-init namespaces

  * [LTC Test] Ubuntu 18.04: tm_sigreturn failed on P8 compat mode 16.04.04
    guest (LP: #1771439)
    - powerpc: signals: Discard transaction state from signal frames

  * QCA9377 requires more IRAM banks for its new firmware (LP: #1748345)
    - ath10k: update the IRAM bank number for QCA9377

  * i915/kbl_dmc_ver1.bin failed with error -2 package 1.157.17 kernel
    4.4.0-116-generic (LP: #1752536)
    - ubuntu: i915_bpo - Add MODULE_FIRMWARE for Geminilake's DMC

  * Xenial update to 4.4.131 stable release (LP: #1768825)
    - ext4: prevent right-shifting extents beyond EXT_MAX_BLOCKS
    - ext4: set h_journal if there is a failure...

Changed in linux (Ubuntu Xenial):
status: Fix Committed → Fix Released
Jesse Sung (wenchien)
Changed in linux (Ubuntu):
status: In Progress → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers