ip6_gre: fix tunnel list corruption for x-netns

Bug #1812875 reported by Nicolas Dichtel on 2019-01-22
12
This bug affects 1 person
Affects Status Importance Assigned to Milestone
linux (Ubuntu)
Medium
Seth Forshee
Bionic
Medium
Seth Forshee
Cosmic
Medium
Seth Forshee

Bug Description

== SRU Justification ==

Impact: A kernel panic is seen when using some third-party software.

Fix: Upstream commit ab5098fa25b9 ("ip6_gre: fix tunnel list corruption for x-netns").

Test Case: Confirm that the panic no longer happens with the patch.

Regression Potential: This is a simple fix and suitable for upstream stable, regressions are unlikely.

---

The following upstream patch is missing in ubuntu-18.04: ab5098fa25b9 ("ip6_gre: fix tunnel list corruption for x-netns").

https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=ab5098fa25b9

CVE References

This bug is missing log files that will aid in diagnosing the problem. While running an Ubuntu kernel (not a mainline or third-party kernel) please enter the following command in a terminal window:

apport-collect 1812875

and then change the status of the bug to 'Confirmed'.

If, due to the nature of the issue you have encountered, you are unable to run this command, please add a comment stating that fact and change the bug status to 'Confirmed'.

This change has been made by an automated script, maintained by the Ubuntu Kernel Team.

Changed in linux (Ubuntu):
status: New → Incomplete
Seth Forshee (sforshee) wrote :

Thanks for the report. To consider the commit for SRU we require that it fixes a specific bug seen by users. Can you please describe the issue you are seeing which is fixed by that commit? If you can provide instructions to help us reproduce the issue, that would be especially helpful. Thanks!

This issue is a kernel panic ...
We reproduce it on ubuntu-18.04 with a third party software

Seth Forshee (sforshee) on 2019-01-30
Changed in linux (Ubuntu):
status: Incomplete → Fix Committed
Seth Forshee (sforshee) on 2019-01-30
description: updated
Seth Forshee (sforshee) wrote :
Changed in linux (Ubuntu):
assignee: nobody → Seth Forshee (sforshee)
importance: Undecided → Medium
Changed in linux (Ubuntu Bionic):
assignee: nobody → Seth Forshee (sforshee)
importance: Undecided → Medium
status: New → In Progress
Changed in linux (Ubuntu Cosmic):
assignee: nobody → Seth Forshee (sforshee)
importance: Undecided → Medium
status: New → In Progress
Changed in linux (Ubuntu Bionic):
status: In Progress → Fix Committed
Changed in linux (Ubuntu Cosmic):
status: In Progress → Fix Committed
Brad Figg (brad-figg) wrote :

This bug is awaiting verification that the kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-cosmic' to 'verification-done-cosmic'. If the problem still exists, change the tag 'verification-needed-cosmic' to 'verification-failed-cosmic'.

If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you!

tags: added: verification-needed-cosmic

I reported this bug on behalf of a colleague. He is off this week and will not be able to test this patch before next week.

Launchpad Janitor (janitor) wrote :
Download full text (12.4 KiB)

This bug was fixed in the package linux - 4.19.0-13.14

---------------
linux (4.19.0-13.14) disco; urgency=medium

  * linux: 4.19.0-13.14 -proposed tracker (LP: #1815103)

  * linux-buildinfo: pull out ABI information into its own package
    (LP: #1806380)
    - [Packaging] autoreconstruct -- base tag is always primary mainline version

  * [Packaging] Allow overlay of config annotations (LP: #1752072)
    - [Packaging] config-check: Add an include directive

  * Disco update: 4.19.20 upstream stable release (LP: #1815090)
    - Fix "net: ipv4: do not handle duplicate fragments as overlapping"
    - drm/msm/gpu: fix building without debugfs
    - ipv6: Consider sk_bound_dev_if when binding a socket to an address
    - ipv6: sr: clear IP6CB(skb) on SRH ip4ip6 encapsulation
    - ipvlan, l3mdev: fix broken l3s mode wrt local routes
    - l2tp: copy 4 more bytes to linear part if necessary
    - l2tp: fix reading optional fields of L2TPv3
    - net: ip_gre: always reports o_key to userspace
    - net: ip_gre: use erspan key field for tunnel lookup
    - net/mlx4_core: Add masking for a few queries on HCA caps
    - netrom: switch to sock timer API
    - net/rose: fix NULL ax25_cb kernel panic
    - net: set default network namespace in init_dummy_netdev()
    - ravb: expand rx descriptor data to accommodate hw checksum
    - sctp: improve the events for sctp stream reset
    - tun: move the call to tun_set_real_num_queues
    - ucc_geth: Reset BQL queue when stopping device
    - net: ip6_gre: always reports o_key to userspace
    - sctp: improve the events for sctp stream adding
    - net/mlx5e: Allow MAC invalidation while spoofchk is ON
    - ip6mr: Fix notifiers call on mroute_clean_tables()
    - Revert "net/mlx5e: E-Switch, Initialize eswitch only if eswitch manager"
    - sctp: set chunk transport correctly when it's a new asoc
    - sctp: set flow sport from saddr only when it's 0
    - virtio_net: Don't enable NAPI when interface is down
    - virtio_net: Don't call free_old_xmit_skbs for xdp_frames
    - virtio_net: Fix not restoring real_num_rx_queues
    - virtio_net: Fix out of bounds access of sq
    - virtio_net: Don't process redirected XDP frames when XDP is disabled
    - virtio_net: Use xdp_return_frame to free xdp_frames on destroying vqs
    - virtio_net: Differentiate sk_buff and xdp_frame on freeing
    - CIFS: Do not count -ENODATA as failure for query directory
    - CIFS: Fix trace command logging for SMB2 reads and writes
    - CIFS: Do not consider -ENODATA as stat failure for reads
    - fs/dcache: Fix incorrect nr_dentry_unused accounting in shrink_dcache_sb()
    - iommu/vt-d: Fix memory leak in intel_iommu_put_resv_regions()
    - selftests/seccomp: Enhance per-arch ptrace syscall skip tests
    - NFS: Fix up return value on fatal errors in nfs_page_async_flush()
    - ARM: cns3xxx: Fix writing to wrong PCI config registers after alignment
    - arm64: kaslr: ensure randomized quantities are clean also when kaslr is off
    - arm64: Do not issue IPIs for user executable ptes
    - arm64: hyp-stub: Forbid kprobing of the hyp-stub
    - arm64: hibernate: Clean the __hyp_text to PoC after resume
    - gpio: altera...

Changed in linux (Ubuntu):
status: Fix Committed → Fix Released
Brad Figg (brad-figg) wrote :

This bug is awaiting verification that the kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-bionic' to 'verification-done-bionic'. If the problem still exists, change the tag 'verification-needed-bionic' to 'verification-failed-bionic'.

If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you!

tags: added: verification-needed-bionic
Olivier Matz (oliviermatz) wrote :

Validated with kernels:
- linux-image-4.15.0-46-generic (bionic)
- linux-image-4.18.0-16-generic (cosmic)

tags: added: verification-done-bionic verification-done-cosmic
removed: verification-needed-bionic verification-needed-cosmic
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers