errors when scanning partition table of corrupted AIX disk

Bug #1787281 reported by Mauricio Faria de Oliveira on 2018-08-15
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
linux (Ubuntu)
Medium
Unassigned
Trusty
Undecided
Unassigned
Xenial
Undecided
Unassigned
Bionic
Undecided
Unassigned

Bug Description

[Impact]

 * Users with disks/LUNs used for AIX operating system installations
   previously, which possibly undergone overwrites/corruption on the
   partition table, might hit kernel failures during partition scan
   of such disk/LUN, and possibly hang the system (seen with retries).

 * The Linux kernel should be robust to corrupted disk data, performing
   a better sanitization/checks and not failing.

 * The fix are a couple of simple logic changes to make the code
   of the AIX partition table parser more robust.

[Test Case]

 * Run the partition scan on the (trimmed) disk image of the AIX lun.
   (It's not provided here since it contains customer data), with this
   command:

   $ sudo losetup --find --show --partscan rlv_grkgld.1mb

 * On failure, the command hangs, and messages like these are printed
   to the console, depending on the kernel version (see tests below)

   [ 270.506420] partition (null) (3 pp's found) is not contiguous

   [ 270.597428] BUG: unable to handle kernel paging request at 0000000000001000
   [ 270.599525] IP: [<ffffffff81379d4d>] strnlen+0xd/0x40

 * On success, the command prints a loop device name, for example:

   /dev/loop0

[Regression Potential]

 * Low. Both changes are simple improvements in logic.

 * This affects users which mount disks/LUNs from the AIX OS;
   it should only change behavior for users which relied on a
   uninitialized variables to work correctly during partition
   scan of those disks/LUNs which should be rare as the code
   is likely to fail as we observe in this scenario.

 * This has been tested on Cosmic, Bionic, Xenial, and Trusty.

[Other Info]

 * Patches will be sent to the kernel-team mailing list.

Bug Description:
---------------

We've recently received a disk image from an AIX LUN that when
attached on Linux displayed errors on console, then eventually
hung the system (specially if the SCSI bus was re-scanned, and
leading to another partition scan).

Apparently the LUN was originally installed with AIX and later
exercised with some I/O stress/overwrites which caused certain
bits to be wrong in just the right way for Linux to get a NULL
pointer and invalid data.

This is the test-case used ('--partscan' is the important bit).
  $ sudo losetup --show --find --partscan aix-lun.img

Since the original code is old, it affects several releases.
It's interesting to fix this on 14.04 and up, on which IBM
Power servers were initially supported (since they can run
AIX too, and possibly hit this due to an already used disk/LUN).

Test on Cosmic:

Before:

$ uname -a
Linux bionic 4.17.0-7-generic #8-Ubuntu SMP Fri Aug 3 15:55:36 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux
$ echo 9 | sudo tee /proc/sys/kernel/printk
9
$ sudo losetup --find --show --partscan rlv_grkgld.1mb
<hung>
[ 37.274451] partition (null) (20 pp's found) is not contiguous
[ 37.278839] partition (null) (8 pp's found) is not contiguous
[ 37.281066] partition (null) (8 pp's found) is not contiguous
...
[ 37.330987] partition (null) (1 pp's found) is not contiguous
[ 37.334092] partition (null) (63 pp's found) is not contiguous
[ 37.336130] partition (null) (1 pp's found) is not contiguous

After:

$ uname -a
Linux bionic 4.17.0-7-generic #8+sf181954.1 SMP Wed Aug 15 13:40:48 -03 2018 x86_64 x86_64 x86_64 GNU/Linux
$ echo 9 | sudo tee /proc/sys/kernel/printk
9
$ sudo losetup --find --show --partscan rlv_grkgld.1mb
/dev/loop0

Test on Bionic

Before:

$ uname -a
Linux bionic 4.15.0-32-generic #35-Ubuntu SMP Fri Aug 10 17:58:07 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux
$ echo 9 | sudo tee /proc/sys/kernel/printk
9
$ sudo losetup --find --show --partscan rlv_grkgld.1mb
<hung>
[ 48.192538] partition (null) (5 pp's found) is not contiguous
[ 48.195061] partition (null) (3 pp's found) is not contiguous
[ 48.198784] partition (null) (2 pp's found) is not contiguous
..
[ 48.368026] partition (null) (2 pp's found) is not contiguous
[ 48.370136] partition (null) (2 pp's found) is not contiguous
[ 48.373262] partition (null) (3 pp's found) is not contiguous

After:

$ uname -a
Linux bionic 4.15.0-32-generic #35+sf181954.1 SMP Wed Aug 15 12:52:37 -03 2018 x86_64 x86_64 x86_64 GNU/Linux
$ echo 9 | sudo tee /proc/sys/kernel/printk
9
$ sudo losetup --find --show --partscan rlv_grkgld.1mb
/dev/loop0

Download full text (6.0 KiB)

Test on Xenial

Before:

Last login: Wed Aug 15 19:29:38 2018 from 192.168.122.1
$ uname -a
Linux bionic 4.4.0-133-generic #159-Ubuntu SMP Fri Aug 10 07:31:43 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux
$ echo 9 | sudo tee /proc/sys/kernel/printk
9
$ sudo losetup --find --show --partscan rlv_grkgld.1mb
<hung>
[ 309.251832] partition (null) (21 pp's found) is not contiguous
[ 309.254557] partition (null) (2 pp's found) is not contiguous
[ 309.256893] partition (null) (1 pp's found) is not contiguous
...
[ 309.335870] partition (null) (2 pp's found) is not contiguous
[ 309.338133] partition (null) (64 pp's found) is not contiguous
[ 309.339719] partition (null) (1 pp's found) is not contiguous
[ 309.345218] BUG: unable to handle kernel paging request at 0000000000001040
[ 309.347776] IP: [<ffffffff8140bb29>] strnlen+0x9/0x40
[ 309.349813] PGD 0
[ 309.350719] Oops: 0000 [#1] SMP
[ 309.351987] Modules linked in: isofs kvm_intel kvm irqbypass input_leds joydev serio_raw sch_fq_codel
ib_iser rdma_cm iw_cm ib_cm ib_sa ib_mad ib_core ib_addr iscsi_tcp libiscsi_tcp libiscsi scsi_transport_i
scsi ip_tables x_tables autofs4 btrfs raid10 raid456 async_raid6_recov async_memcpy async_pq async_xor as
ync_tx xor raid6_pq libcrc32c raid1 raid0 multipath linear psmouse floppy
[ 309.367248] CPU: 1 PID: 979 Comm: losetup Not tainted 4.4.0-133-generic #159-Ubuntu
[ 309.369461] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.10.2-1ubuntu1 04/01/2014
[ 309.372403] task: ffff880039a78000 ti: ffff88003b2f0000 task.ti: ffff88003b2f0000
[ 309.375267] RIP: 0010:[<ffffffff8140bb29>] [<ffffffff8140bb29>] strnlen+0x9/0x40
[ 309.377806] RSP: 0018:ffff88003b2f3830 EFLAGS: 00010086
[ 309.379278] RAX: ffffffff81cd2b01 RBX: ffffffff8211eb6c RCX: 0000000000000000
[ 309.381360] RDX: 0000000000001040 RSI: ffffffffffffffff RDI: 0000000000001040
[ 309.384074] RBP: ffff88003b2f3830 R08: 000000000000ffff R09: 000000000000ffff
[ 309.385894] R10: ffff88003b2f39e8 R11: 0000000000000251 R12: 0000000000001040
[ 309.387906] R13: ffffffff8211ef40 R14: 00000000ffffffff R15: 0000000000000000
[ 309.389937] FS: 00007f7e0163c740(0000) GS:ffff88003fc80000(0000) knlGS:0000000000000000
[ 309.392496] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 309.394040] CR2: 0000000000001040 CR3: 0000000039a48000 CR4: 0000000000000670
[ 309.396505] Stack:
[ 309.397306] ffff88003b2f3868 ffffffff8140d8cb ffffffff8211eb6c ffffffff8211ef40
[ 309.400370] ffff88003b2f3980 ffffffff81d00816 ffffffff81d00816 ffff88003b2f38d8
[ 309.403210] ffffffff8140f385 0000000000000092 0000000000000092 000000000000000c
[ 309.406231] Call Trace:
[ 309.407114] [<ffffffff8140d8cb>] string.isra.4+0x3b/0xd0
[ 309.408818] [<ffffffff8140f385>] vsnprintf+0x135/0x530
[ ...

Read more...

Download full text (5.4 KiB)

Test on Trusty

Before:

$ uname -a
Linux bionic 3.13.0-155-generic #205-Ubuntu SMP Fri Aug 10 15:53:26 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux
$ echo 9 | sudo tee /proc/sys/kernel/printk
9
$ sudo losetup --find --show --partscan rlv_grkgld.1mb
<hung>
[ 270.506420] partition (null) (3 pp's found) is not contiguous
[ 270.510221] partition (null) (1 pp's found) is not contiguous
[ 270.513952] partition (null) (68 pp's found) is not contiguous
...
[ 270.593589] partition (null) (3 pp's found) is not contiguous
[ 270.595603] partition (null) (2 pp's found) is not contiguous
[ 270.597428] BUG: unable to handle kernel paging request at 0000000000001000
[ 270.599525] IP: [<ffffffff81379d4d>] strnlen+0xd/0x40
[ 270.601404] PGD 0
[ 270.601404] Oops: 0000 [#1] SMP
[ 270.601404] Modules linked in: squashfs isofs nls_iso8859_1 kvm_intel kvm serio_raw sch_fq_codel iscsi
_tcp libiscsi_tcp libiscsi scsi_transport_iscsi ip_tables x_tables autofs4 btrfs libcrc32c raid10 raid456
 async_memcpy async_raid6_recov async_pq async_xor async_tx xor raid6_pq raid1 raid0 multipath linear psm
ouse floppy
[ 270.601404] CPU: 1 PID: 972 Comm: losetup Not tainted 3.13.0-155-generic #205-Ubuntu
[ 270.601404] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.10.2-1ubuntu1 04/01/2014
[ 270.601404] task: ffff88003998e000 ti: ffff88003b1b6000 task.ti: ffff88003b1b6000
[ 270.601404] RIP: 0010:[<ffffffff81379d4d>] [<ffffffff81379d4d>] strnlen+0xd/0x40
[ 270.601404] RSP: 0018:ffff88003b1b7888 EFLAGS: 00010086
[ 270.601404] RAX: ffffffff81a674a1 RBX: ffffffff81ecbdec RCX: fffffffffffffffe
[ 270.601404] RDX: 0000000000001000 RSI: ffffffffffffffff RDI: 0000000000001000
[ 270.601404] RBP: ffff88003b1b7888 R08: 000000000000ffff R09: 000000000000ffff
[ 270.601404] R10: ffffffff813e27f0 R11: ffff88003b1b773e R12: 0000000000001000
[ 270.601404] R13: ffffffff81ecc1c0 R14: 00000000ffffffff R15: 0000000000000000
[ 270.601404] FS: 00007fbcbba18740(0000) GS:ffff88003ee80000(0000) knlGS:0000000000000000
[ 270.601404] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 270.601404] CR2: 0000000000001000 CR3: 000000003a9fe000 CR4: 0000000000000670
[ 270.601404] Stack:
[ 270.601404] ffff88003b1b78c0 ffffffff8137c0ab ffffffff81ecbdec ffffffff81ecc1c0
[ 270.601404] ffff88003b1b79c0 ffffffff81a939c6 ffffffff81a939c6 ffff88003b1b7928
[ 270.601404] ffffffff8137d521 0000000000000086 ffff88003b1b773e 000000000000000c
[ 270.601404] Call Trace:
[ 270.601404] [<ffffffff8137c0ab>] string.isra.5+0x3b/0xf0
[ 270.601404] [<ffffffff8137d521>] vsnprintf+0x1c1/0x610
[ 270.601404] [<ffffffff8137d97d>] vscnprintf+0xd/0x30
[ 270.601404] [<ffffffff810c4b91>] vprintk_emit+0x111/0x530
[ 270.601404] [<ffffffff8173313a>] printk+0x67/0x69
[ 270.601404] [<ffffffff8135a683>] aix_partition+0x613/0x620
[ 270.601404] [<ffffffff813768de>] ? radix_tree_lookup_slot+0xe/0x10
[ 270.601404] [<ffffffff8135e0a0>] msdos_partition+0x870/0x890
[ 270.601404] [<ffffffff81158581>] ? read_cache_page+0x21/0x30
[ 270.601404] [<ffffffff8135826d>] ? read_dev_sector+0x2d/0x90
[ 270.601404] [<ffffffff8137da39>] ? snprintf+0x39/0x40
[ 2...

Read more...

This bug is missing log files that will aid in diagnosing the problem. While running an Ubuntu kernel (not a mainline or third-party kernel) please enter the following command in a terminal window:

apport-collect 1787281

and then change the status of the bug to 'Confirmed'.

If, due to the nature of the issue you have encountered, you are unable to run this command, please add a comment stating that fact and change the bug status to 'Confirmed'.

This change has been made by an automated script, maintained by the Ubuntu Kernel Team.

Changed in linux (Ubuntu):
status: New → Incomplete

The logs and kernel version provided in the test comments should be sufficient to understand/confirm the problem and affected versions.
Changing the status of the bug to Confirmed.

Changed in linux (Ubuntu):
status: Incomplete → Confirmed
Changed in linux (Ubuntu):
importance: Undecided → Medium
status: Confirmed → Triaged
Seth Forshee (sforshee) on 2018-08-23
Changed in linux (Ubuntu):
status: Triaged → Fix Committed
Rohit (mprohit) wrote :

Hey,

I am so sorry, I accidentally changed the status of this bug. I apologize for the inconvenience. please rollback my status change.

Changed in linux (Ubuntu):
status: Fix Committed → Fix Released
Stefan Bader (smb) wrote :

Replaced nomination for Precise by one for Trusty which appears to be the intended series.

no longer affects: linux (Ubuntu Precise)
Changed in linux (Ubuntu Bionic):
status: New → Fix Committed
Changed in linux (Ubuntu Xenial):
status: New → Fix Committed
Changed in linux (Ubuntu Trusty):
status: New → Fix Committed
Brad Figg (brad-figg) wrote :

This bug is awaiting verification that the kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-xenial' to 'verification-done-xenial'. If the problem still exists, change the tag 'verification-needed-xenial' to 'verification-failed-xenial'.

If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you!

tags: added: verification-needed-xenial
Brad Figg (brad-figg) wrote :

This bug is awaiting verification that the kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-trusty' to 'verification-done-trusty'. If the problem still exists, change the tag 'verification-needed-trusty' to 'verification-failed-trusty'.

If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you!

tags: added: verification-needed-trusty
Brad Figg (brad-figg) wrote :

This bug is awaiting verification that the kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-bionic' to 'verification-done-bionic'. If the problem still exists, change the tag 'verification-needed-bionic' to 'verification-failed-bionic'.

If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you!

tags: added: verification-needed-bionic

SRU Verification: all 3 stable releases successfully survive the disk probe/partition scan of the disk image with corrupted AIX partition table.

Updating verification tags. Thanks!

Trusty:
---

$ uname -a
Linux trusty 3.13.0-159-generic #209-Ubuntu SMP Wed Sep 12 10:01:59 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux

$ sudo losetup --find --show --partscan disk.img
[ 691.319981] loop0: unsupported AIX LVM version 30 found
[ 691.319981] unknown partition table
/dev/loop0

Xenial:
---

$ uname -a
Linux trusty 4.4.0-136-generic #162-Ubuntu SMP Tue Sep 11 15:12:40 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux

$ sudo losetup --find --show --partscan disk.img
/dev/loop0

Bionic:
---

$ uname -a
Linux trusty 4.15.0-35-generic #38-Ubuntu SMP Wed Sep 12 10:38:24 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux

$ sudo losetup --find --show --partscan disk.img
/dev/loop0

tags: added: verification-done-bionic verification-done-trusty verification-done-xenial
removed: verification-needed-bionic verification-needed-trusty verification-needed-xenial
Launchpad Janitor (janitor) wrote :
Download full text (9.6 KiB)

This bug was fixed in the package linux - 4.4.0-137.163

---------------
linux (4.4.0-137.163) xenial; urgency=medium

  * CVE-2018-14633
    - iscsi target: Use hex2bin instead of a re-implementation

  * CVE-2018-17182
    - mm: get rid of vmacache_flush_all() entirely

linux (4.4.0-136.162) xenial; urgency=medium

  * linux: 4.4.0-136.162 -proposed tracker (LP: #1791745)

  * CVE-2017-5753
    - bpf: properly enforce index mask to prevent out-of-bounds speculation
    - Revert "UBUNTU: SAUCE: bpf: Use barrier_nospec() instead of osb()"
    - Revert "bpf: prevent speculative execution in eBPF interpreter"

  * L1TF mitigation not effective in some CPU and RAM combinations
    (LP: #1788563) // CVE-2018-3620 // CVE-2018-3646
    - x86/speculation/l1tf: Fix overflow in l1tf_pfn_limit() on 32bit
    - x86/speculation/l1tf: Fix off-by-one error when warning that system has too
      much RAM
    - x86/speculation/l1tf: Increase l1tf memory limit for Nehalem+

  * CVE-2018-15594
    - x86/paravirt: Fix spectre-v2 mitigations for paravirt guests

  * Xenial update to 4.4.144 stable release (LP: #1791080)
    - KVM/Eventfd: Avoid crash when assign and deassign specific eventfd in
      parallel.
    - x86/MCE: Remove min interval polling limitation
    - fat: fix memory allocation failure handling of match_strdup()
    - ALSA: rawmidi: Change resized buffers atomically
    - ARC: Fix CONFIG_SWAP
    - ARC: mm: allow mprotect to make stack mappings executable
    - mm: memcg: fix use after free in mem_cgroup_iter()
    - ipv4: Return EINVAL when ping_group_range sysctl doesn't map to user ns
    - ipv6: fix useless rol32 call on hash
    - lib/rhashtable: consider param->min_size when setting initial table size
    - net/ipv4: Set oif in fib_compute_spec_dst
    - net: phy: fix flag masking in __set_phy_supported
    - ptp: fix missing break in switch
    - tg3: Add higher cpu clock for 5762.
    - net: Don't copy pfmemalloc flag in __copy_skb_header()
    - skbuff: Unconditionally copy pfmemalloc in __skb_clone()
    - xhci: Fix perceived dead host due to runtime suspend race with event handler
    - x86/paravirt: Make native_save_fl() extern inline
    - SAUCE: Add missing CPUID_7_EDX defines
    - SAUCE: x86/speculation: Expose indirect_branch_prediction_barrier()
    - x86/pti: Mark constant arrays as __initconst
    - x86/asm/entry/32: Simplify pushes of zeroed pt_regs->REGs
    - x86/entry/64/compat: Clear registers for compat syscalls, to reduce
      speculation attack surface
    - x86/speculation: Clean up various Spectre related details
    - x86/speculation: Fix up array_index_nospec_mask() asm constraint
    - x86/xen: Zero MSR_IA32_SPEC_CTRL before suspend
    - x86/mm: Factor out LDT init from context init
    - x86/mm: Give each mm TLB flush generation a unique ID
    - SAUCE: x86/speculation: Use Indirect Branch Prediction Barrier in context
      switch
    - x86/speculation: Use IBRS if available before calling into firmware
    - x86/speculation: Move firmware_restrict_branch_speculation_*() from C to CPP
    - selftest/seccomp: Fix the seccomp(2) signature
    - xen: set cpu capabilities from xen_start_kernel()
    - x86/amd: d...

Read more...

Changed in linux (Ubuntu Xenial):
status: Fix Committed → Fix Released
status: Fix Committed → Fix Released
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package linux - 3.13.0-160.210

---------------
linux (3.13.0-160.210) trusty; urgency=medium

  * CVE-2018-14633
    - iscsi target: Use hex2bin instead of a re-implementation

  * CVE-2018-14634
    - exec: Limit arg stack to at most 75% of _STK_LIM

linux (3.13.0-159.209) trusty; urgency=medium

  * linux: 3.13.0-159.209 -proposed tracker (LP: #1791754)

  * L1TF mitigation not effective in some CPU and RAM combinations
    (LP: #1788563) // CVE-2018-3620 // CVE-2018-3646
    - x86/speculation/l1tf: Fix overflow in l1tf_pfn_limit() on 32bit
    - x86/speculation/l1tf: Fix off-by-one error when warning that system has too
      much RAM
    - x86/speculation/l1tf: Increase l1tf memory limit for Nehalem+

  * CVE-2018-15594
    - x86/paravirt: Fix spectre-v2 mitigations for paravirt guests

  * i40e NIC not recognized (LP: #1789215)
    - SAUCE: i40e_bpo: Import the i40e driver from Xenial 4.4
    - SAUCE: i40e_bpo: Add a compatibility layer
    - SAUCE: i40e_bpo: Don't probe for NICs supported by the in-tree driver
    - SAUCE: i40e_bpo: Rename the driver to i40e_bpo
    - SAUCE: i40e_bpo: Hook the driver into the kernel tree
    - [Config] Add CONFIG_I40E_BPO=m

  * Probable regression with EXT3 file systems and CVE-2018-1093 patches
    (LP: #1789131)
    - ext4: fix bitmap position validation

  * CVE-2018-3620 // CVE-2018-3646
    - mm: x86 pgtable: drop unneeded preprocessor ifdef
    - x86/asm: Move PUD_PAGE macros to page_types.h
    - x86/asm: Add pud/pmd mask interfaces to handle large PAT bit
    - x86/asm: Fix pud/pmd interfaces to handle large PAT bit
    - x86/mm: Fix regression with huge pages on PAE
    - SAUCE: x86/speculation/l1tf: Protect NUMA hinting PTEs against speculation
    - Revert "UBUNTU: [Config] disable NUMA_BALANCING"

  * CVE-2018-15572
    - x86/retpoline: Fill RSB on context switch for affected CPUs
    - x86/speculation: Protect against userspace-userspace spectreRSB

  * CVE-2018-6555
    - SAUCE: irda: Only insert new objects into the global database via setsockopt

  * CVE-2018-6554
    - SAUCE: irda: Fix memory leak caused by repeated binds of irda socket

  * BUG: soft lockup - CPU#0 stuck for 23s! [kworker/0:1:1119] (LP: #1788817)
    - drm/ast: Fixed system hanged if disable P2A

  * errors when scanning partition table of corrupted AIX disk (LP: #1787281)
    - partitions/aix: fix usage of uninitialized lv_info and lvname structures
    - partitions/aix: append null character to print data from disk

 -- Stefan Bader <email address hidden> Mon, 24 Sep 2018 19:38:31 +0200

Changed in linux (Ubuntu Trusty):
status: Fix Committed → Fix Released
status: Fix Committed → Fix Released
Launchpad Janitor (janitor) wrote :
Download full text (23.5 KiB)

This bug was fixed in the package linux - 4.15.0-36.39

---------------
linux (4.15.0-36.39) bionic; urgency=medium

  * CVE-2018-14633
    - iscsi target: Use hex2bin instead of a re-implementation

  * CVE-2018-17182
    - mm: get rid of vmacache_flush_all() entirely

linux (4.15.0-35.38) bionic; urgency=medium

  * linux: 4.15.0-35.38 -proposed tracker (LP: #1791719)

  * device hotplug of vfio devices can lead to deadlock in vfio_pci_release
    (LP: #1792099)
    - SAUCE: vfio -- release device lock before userspace requests

  * L1TF mitigation not effective in some CPU and RAM combinations
    (LP: #1788563)
    - x86/speculation/l1tf: Fix overflow in l1tf_pfn_limit() on 32bit
    - x86/speculation/l1tf: Fix off-by-one error when warning that system has too
      much RAM
    - x86/speculation/l1tf: Increase l1tf memory limit for Nehalem+

  * CVE-2018-15594
    - x86/paravirt: Fix spectre-v2 mitigations for paravirt guests

  * CVE-2017-5715 (Spectre v2 s390x)
    - KVM: s390: implement CPU model only facilities
    - s390: detect etoken facility
    - KVM: s390: add etoken support for guests
    - s390/lib: use expoline for all bcr instructions
    - s390: fix br_r1_trampoline for machines without exrl
    - SAUCE: s390: use expoline thunks for all branches generated by the BPF JIT

  * Ubuntu18.04.1: cpuidle: powernv: Fix promotion from snooze if next state
    disabled (performance) (LP: #1790602)
    - cpuidle: powernv: Fix promotion from snooze if next state disabled

  * Watchdog CPU:19 Hard LOCKUP when kernel crash was triggered (LP: #1790636)
    - powerpc: hard disable irqs in smp_send_stop loop
    - powerpc: Fix deadlock with multiple calls to smp_send_stop
    - powerpc: smp_send_stop do not offline stopped CPUs
    - powerpc/powernv: Fix opal_event_shutdown() called with interrupts disabled

  * Security fix: check if IOMMU page is contained in the pinned physical page
    (LP: #1785675)
    - vfio/spapr: Use IOMMU pageshift rather than pagesize
    - KVM: PPC: Check if IOMMU page is contained in the pinned physical page

  * Missing Intel GPU pci-id's (LP: #1789924)
    - drm/i915/kbl: Add KBL GT2 sku
    - drm/i915/whl: Introducing Whiskey Lake platform
    - drm/i915/aml: Introducing Amber Lake platform
    - drm/i915/cfl: Add a new CFL PCI ID.

  * CVE-2018-15572
    - x86/speculation: Protect against userspace-userspace spectreRSB

  * Support Power Management for Thunderbolt Controller (LP: #1789358)
    - thunderbolt: Handle NULL boot ACL entries properly
    - thunderbolt: Notify userspace when boot_acl is changed
    - thunderbolt: Use 64-bit DMA mask if supported by the platform
    - thunderbolt: Do not unnecessarily call ICM get route
    - thunderbolt: No need to take tb->lock in domain suspend/complete
    - thunderbolt: Use correct ICM commands in system suspend
    - thunderbolt: Add support for runtime PM

  * random oopses on s390 systems using NVMe devices (LP: #1790480)
    - s390/pci: fix out of bounds access during irq setup

  * [Bionic] Spectre v4 mitigation (Speculative Store Bypass Disable) support
    for arm64 using SMC firmware call to set a hardware chicken bit
    (LP: #1787993) // CVE-2018...

Changed in linux (Ubuntu Bionic):
status: Fix Committed → Fix Released
Brad Figg (brad-figg) on 2019-07-24
tags: added: cscc
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers