Activity log for bug #1800639

Date Who What changed Old value New value Message
2018-10-30 11:39:13 bugproxy bug added bug
2018-10-30 11:39:14 bugproxy tags architecture-s39064 bugnameltc-172698 severity-high targetmilestone-inin1810
2018-10-30 11:39:15 bugproxy ubuntu: assignee Skipper Bug Screeners (skipper-screen-team)
2018-10-30 11:39:18 bugproxy affects ubuntu linux (Ubuntu)
2018-10-30 11:45:18 Frank Heimes bug task added ubuntu-z-systems
2018-10-30 11:45:57 Frank Heimes ubuntu-z-systems: importance Undecided High
2018-10-30 11:46:03 Frank Heimes ubuntu-z-systems: status New Triaged
2018-10-30 11:46:23 Frank Heimes ubuntu-z-systems: assignee Canonical Kernel Team (canonical-kernel-team)
2018-10-30 14:16:10 Joseph Salisbury linux (Ubuntu): status New Triaged
2018-10-30 14:16:15 Joseph Salisbury linux (Ubuntu): importance Undecided High
2018-10-30 14:16:24 Joseph Salisbury nominated for series Ubuntu Cosmic
2018-10-30 14:16:24 Joseph Salisbury bug task added linux (Ubuntu Cosmic)
2018-10-30 14:16:24 Joseph Salisbury nominated for series Ubuntu Xenial
2018-10-30 14:16:24 Joseph Salisbury bug task added linux (Ubuntu Xenial)
2018-10-30 14:16:24 Joseph Salisbury nominated for series Ubuntu Bionic
2018-10-30 14:16:24 Joseph Salisbury bug task added linux (Ubuntu Bionic)
2018-10-30 14:20:30 Joseph Salisbury linux (Ubuntu Xenial): status New Triaged
2018-10-30 14:20:33 Joseph Salisbury linux (Ubuntu Bionic): status New Triaged
2018-10-30 14:20:36 Joseph Salisbury linux (Ubuntu Cosmic): status New Triaged
2018-10-30 14:20:39 Joseph Salisbury linux (Ubuntu Xenial): importance Undecided High
2018-10-30 14:20:41 Joseph Salisbury linux (Ubuntu Bionic): importance Undecided High
2018-10-30 14:20:43 Joseph Salisbury linux (Ubuntu Cosmic): importance Undecided High
2018-10-30 14:27:47 Joseph Salisbury linux (Ubuntu Xenial): assignee Joseph Salisbury (jsalisbury)
2018-10-30 14:27:50 Joseph Salisbury linux (Ubuntu Bionic): assignee Joseph Salisbury (jsalisbury)
2018-10-30 14:27:53 Joseph Salisbury linux (Ubuntu Cosmic): assignee Joseph Salisbury (jsalisbury)
2018-10-30 14:27:54 Joseph Salisbury linux (Ubuntu): assignee Skipper Bug Screeners (skipper-screen-team) Joseph Salisbury (jsalisbury)
2018-10-30 14:28:12 Joseph Salisbury linux (Ubuntu Xenial): status Triaged In Progress
2018-10-30 14:28:14 Joseph Salisbury linux (Ubuntu Cosmic): status Triaged In Progress
2018-10-30 15:53:47 Joseph Salisbury linux (Ubuntu Bionic): status Triaged In Progress
2018-10-30 15:53:51 Joseph Salisbury linux (Ubuntu): status Triaged In Progress
2018-10-30 16:25:43 Frank Heimes ubuntu-z-systems: status Triaged In Progress
2018-10-31 13:13:47 Frank Heimes description Description: qeth: Fix potential array overrun in cmd/rc lookup Symptom: Infinite loop when processing a received cmd. Problem: qeth_get_ipa_cmd_name() and qeth_get_ipa_msg() are used to build human-readable messages for received cmd data. They store the to-be translated value in the last entry of a global array, and then iterate over each entry until they found the queried value (and the corresponding message string). If there is no prior match, the lookup is intended to stop at the final entry (which was previously prepared). If two qeth devices are concurrently processing a received cmd, one lookup can over-write the last entry of the global array while a second lookup is in process. This second lookup will then never hit its stop-condition, and loop. Solution: Remove the modification of the global array, and limit the number of iterations to the size of the array. Upstream-ID: kernel 4.19 - 065a2cdcbdf8eb9aefb66e1a24b2d684b8b8852b - 048a7f8b4ec085d5c56ad4a3bf450389a4aed5f9 Should also be applied, to all other Ubuntu Releases in the field ! Description: net/af_iucv: fix skb leaks for HiperTransport Symptom: Memory leaks and/or double-freed network packets. Problem: Inbound packets may have any combination of flag bits set in their iucv header. Current code only handles certain combinations, and ignores (ie. leaks) all packets with other flags. On Transmit, current code is inconsistent about whether the error paths need to free the skb. Depending on which error path is taken, it may either get freed twice, or leak. Solution: On receive, drop any skb with an unexpected combination of iucv Header flags. On transmit, be consistent in all error paths about free'ing the skb. kerne 4.19 Upstream-ID: 222440996d6daf635bed6cb35041be22ede3e8a0 b2f543949acd1ba64313fdad9e672ef47550d773 Should also be applied, to all other Ubuntu Releases in the field !
2018-11-01 14:22:20 Frank Heimes description Description: net/af_iucv: fix skb leaks for HiperTransport Symptom: Memory leaks and/or double-freed network packets. Problem: Inbound packets may have any combination of flag bits set in their iucv header. Current code only handles certain combinations, and ignores (ie. leaks) all packets with other flags. On Transmit, current code is inconsistent about whether the error paths need to free the skb. Depending on which error path is taken, it may either get freed twice, or leak. Solution: On receive, drop any skb with an unexpected combination of iucv Header flags. On transmit, be consistent in all error paths about free'ing the skb. kerne 4.19 Upstream-ID: 222440996d6daf635bed6cb35041be22ede3e8a0 b2f543949acd1ba64313fdad9e672ef47550d773 Should also be applied, to all other Ubuntu Releases in the field ! == SRU Justification == Fix socket buffer (skb) leaks for HiperTransport Description: net/af_iucv: fix skb leaks for HiperTransport Symptom: Memory leaks and/or double-freed network packets. Problem: Inbound packets may have any combination of flag bits set in their iucv header. Current code only handles certain combinations, and ignores (ie. leaks) all packets with other flags. On Transmit, current code is inconsistent about whether the error paths need to free the skb. Depending on which error path is taken, it may either get freed twice, or leak. Solution: On receive, drop any skb with an unexpected combination of iucv Header flags. On transmit, be consistent in all error paths about free'ing the skb. == Fix == 222440996d6daf635bed6cb35041be22ede3e8a0 ("net/af_iucv: drop inbound packets with invalid flags") b2f543949acd1ba64313fdad9e672ef47550d773 ("net/af_iucv: fix skb handling on HiperTransport xmit error") == Patch == commit 222440996d6daf635bed6cb35041be22ede3e8a0 Author: Julian Wiedmann <jwi@linux.ibm.com> Date: Wed Sep 5 16:55:10 2018 +0200 net/af_iucv: drop inbound packets with invalid flags Inbound packets may have any combination of flag bits set in their iucv header. If we don't know how to handle a specific combination, drop the skb instead of leaking it. To clarify what error is returned in this case, replace the hard-coded 0 with the corresponding macro. Signed-off-by: Julian Wiedmann <jwi@linux.ibm.com> Signed-off-by: David S. Miller <davem@davemloft.net> == commit b2f543949acd1ba64313fdad9e672ef47550d773 Author: Julian Wiedmann <jwi@linux.ibm.com> Date: Wed Sep 5 16:55:11 2018 +0200 net/af_iucv: fix skb handling on HiperTransport xmit error When sending an skb, afiucv_hs_send() bails out on various error conditions. But currently the caller has no way of telling whether the skb was freed or not - resulting in potentially either a) leaked skbs from iucv_send_ctrl(), or b) double-free's from iucv_sock_sendmsg(). As dev_queue_xmit() will always consume the skb (even on error), be consistent and also free the skb from all other error paths. This way callers no longer need to care about managing the skb. Signed-off-by: Julian Wiedmann <jwi@linux.ibm.com> Reviewed-by: Ursula Braun <ubraun@linux.ibm.com> Signed-off-by: David S. Miller <davem@davemloft.net> == Regression Potential == Low, because: - IUCV functionality is very special to s390x and is only supported in z/VM environments (z/VM hypervisor to guest or guest to guest communications) - So everything is s390x specific. - Patch is limited to this single file: /net/iucv/af_iucv.c - Patch was tested by IBM, and fixes an identified problem situation. == Test Case == Set IUCV communication on an Ubuntu s390x system that runs as z/VM guest: https://www.ibm.com/support/knowledgecenter/en/linuxonibm/com.ibm.linux.z.ludd/ludd_r_afiucv_setup.html Provoke an error situation. This is btw. hard to do, because the 'Inter-User Communication Vehicle" (IUCV) is a virtual z/VM internal network that does not use any real media. To check for regressions one can use a shell over an ssh connection using an IUCV interface or use an application that utilises AF_IUCV sockets (like ICC). __________ Description: net/af_iucv: fix skb leaks for HiperTransport Symptom: Memory leaks and/or double-freed network packets. Problem: Inbound packets may have any combination of flag bits set in their iucv header. Current code only handles certain combinations, and ignores (ie. leaks) all packets with other flags. On Transmit, current code is inconsistent about whether the error paths need to free the skb. Depending on which error path is taken, it may either get freed twice, or leak. Solution: On receive, drop any skb with an unexpected combination of iucv Header flags. On transmit, be consistent in all error paths about free'ing the skb. kerne 4.19 Upstream-ID: 222440996d6daf635bed6cb35041be22ede3e8a0 b2f543949acd1ba64313fdad9e672ef47550d773 Should also be applied, to all other Ubuntu Releases in the field !
2018-11-08 05:27:50 Khaled El Mously linux (Ubuntu Xenial): status In Progress Fix Committed
2018-11-08 05:27:52 Khaled El Mously linux (Ubuntu Bionic): status In Progress Fix Committed
2018-11-08 05:27:54 Khaled El Mously linux (Ubuntu Cosmic): status In Progress Fix Committed
2018-11-08 06:13:38 Frank Heimes linux (Ubuntu): status In Progress Fix Committed
2018-11-08 06:13:42 Frank Heimes ubuntu-z-systems: status In Progress Fix Committed
2018-11-15 11:04:16 Brad Figg tags architecture-s39064 bugnameltc-172698 severity-high targetmilestone-inin1810 architecture-s39064 bugnameltc-172698 severity-high targetmilestone-inin1810 verification-needed-cosmic
2018-11-15 11:34:41 Brad Figg tags architecture-s39064 bugnameltc-172698 severity-high targetmilestone-inin1810 verification-needed-cosmic architecture-s39064 bugnameltc-172698 severity-high targetmilestone-inin1810 verification-needed-bionic verification-needed-cosmic
2018-11-16 16:36:28 Brad Figg tags architecture-s39064 bugnameltc-172698 severity-high targetmilestone-inin1810 verification-needed-bionic verification-needed-cosmic architecture-s39064 bugnameltc-172698 severity-high targetmilestone-inin1810 verification-needed-bionic verification-needed-cosmic verification-needed-xenial
2018-11-20 09:56:48 Frank Heimes tags architecture-s39064 bugnameltc-172698 severity-high targetmilestone-inin1810 verification-needed-bionic verification-needed-cosmic verification-needed-xenial architecture-s39064 bugnameltc-172698 severity-high targetmilestone-inin1810 verification-done-bionic verification-done-cosmic verification-done-xenial
2018-12-03 08:49:32 Launchpad Janitor linux (Ubuntu Cosmic): status Fix Committed Fix Released
2018-12-03 08:49:32 Launchpad Janitor cve linked 2018-18653
2018-12-03 08:49:32 Launchpad Janitor cve linked 2018-18955
2018-12-03 08:49:32 Launchpad Janitor cve linked 2018-6559
2018-12-03 14:01:15 Launchpad Janitor linux (Ubuntu Bionic): status Fix Committed Fix Released
2018-12-03 14:59:47 Launchpad Janitor linux (Ubuntu Xenial): status Fix Committed Fix Released
2018-12-04 13:19:43 Frank Heimes linux (Ubuntu): status Fix Committed Fix Released
2018-12-04 13:19:51 Frank Heimes ubuntu-z-systems: status Fix Committed Fix Released