Vsock connect fails with ENODEV for large CID

Bug #1813934 reported by bugproxy on 2019-01-30
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Ubuntu on IBM z Systems
High
Canonical Kernel Team
linux (Ubuntu)
High
Skipper Bug Screeners
Bionic
High
Stefan Bader
Cosmic
High
Unassigned

Bug Description

- Problem Descripion:
Kernel 4.19 introduced a bug in the Vsock protocol when using a large Context ID.

E.g.
CID 0xfff000 works correctly but
CID 0xfff001 fails with ENODEV when trying to connect to the listener.

The issue now also shows up in Ubuntu 18.04 with
 -> kernel 4.15.0-44-generic #47-Ubuntu
on x86_64 and s390x.

It is already fixed upstream kernel by:
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=7fbe078c37aba3088359c9256c1a1d0c3e39ee81

CVE References

bugproxy (bugproxy) on 2019-01-30
tags: added: architecture-s39064 bugnameltc-175098 severity-high targetmilestone-inin1804
Changed in ubuntu:
assignee: nobody → Skipper Bug Screeners (skipper-screen-team)
affects: ubuntu → linux (Ubuntu)
Changed in ubuntu-z-systems:
importance: Undecided → High
assignee: nobody → Canonical Kernel Team (canonical-kernel-team)
Stefan Bader (smb) on 2019-01-30
Changed in linux (Ubuntu Bionic):
assignee: nobody → Stefan Bader (smb)
importance: Undecided → Medium
status: New → In Progress
importance: Medium → High
Changed in linux (Ubuntu):
status: New → Triaged
importance: Undecided → High
Stefan Bader (smb) on 2019-01-30
Changed in linux (Ubuntu Cosmic):
importance: Undecided → High
status: New → In Progress
Changed in ubuntu-z-systems:
status: New → In Progress
Seth Forshee (sforshee) on 2019-01-31
Changed in linux (Ubuntu):
status: Triaged → Fix Committed
Changed in linux (Ubuntu Bionic):
status: In Progress → Fix Committed
Changed in linux (Ubuntu Cosmic):
status: In Progress → Fix Committed
Changed in ubuntu-z-systems:
status: In Progress → Fix Committed

------- Comment From <email address hidden> 2019-02-05 10:24 EDT-------
When will this kernel update delivered? within the current SRU?

Frank Heimes (frank-heimes) wrote :

This made it into the current kernel SRU cycle with the dates:

Kernel SRU cycle: 04-Feb through 24-Feb
    30-Jan Last day for kernel commits for this cycle
   04-Feb 08-Feb Kernel prep week
    11-Feb 22-Feb Bug verification & Regression testing
    25-Feb Release to -updates

Hence the plan is to have it available in the release pocket by Feb the 25th.
But it will already be earlier available via proposed.

Brad Figg (brad-figg) wrote :

This bug is awaiting verification that the kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-cosmic' to 'verification-done-cosmic'. If the problem still exists, change the tag 'verification-needed-cosmic' to 'verification-failed-cosmic'.

If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you!

tags: added: verification-needed-cosmic
bugproxy (bugproxy) wrote :

------- Comment From <email address hidden> 2019-02-12 07:57 EDT-------
I confirm the proposed kernel fixes the issue.

Kernel: 4.18.0-16-generic #17-Ubuntu
Architectures: s390x, x86_64
OS: Ubuntu 18.10 cosmic

Thanks.

Frank Heimes (frank-heimes) wrote :

Many thanks Peter!
Adjusting tags accordingly ...

tags: added: verification-done-cosmic
removed: verification-needed-cosmic
Launchpad Janitor (janitor) wrote :
Download full text (12.4 KiB)

This bug was fixed in the package linux - 4.19.0-13.14

---------------
linux (4.19.0-13.14) disco; urgency=medium

  * linux: 4.19.0-13.14 -proposed tracker (LP: #1815103)

  * linux-buildinfo: pull out ABI information into its own package
    (LP: #1806380)
    - [Packaging] autoreconstruct -- base tag is always primary mainline version

  * [Packaging] Allow overlay of config annotations (LP: #1752072)
    - [Packaging] config-check: Add an include directive

  * Disco update: 4.19.20 upstream stable release (LP: #1815090)
    - Fix "net: ipv4: do not handle duplicate fragments as overlapping"
    - drm/msm/gpu: fix building without debugfs
    - ipv6: Consider sk_bound_dev_if when binding a socket to an address
    - ipv6: sr: clear IP6CB(skb) on SRH ip4ip6 encapsulation
    - ipvlan, l3mdev: fix broken l3s mode wrt local routes
    - l2tp: copy 4 more bytes to linear part if necessary
    - l2tp: fix reading optional fields of L2TPv3
    - net: ip_gre: always reports o_key to userspace
    - net: ip_gre: use erspan key field for tunnel lookup
    - net/mlx4_core: Add masking for a few queries on HCA caps
    - netrom: switch to sock timer API
    - net/rose: fix NULL ax25_cb kernel panic
    - net: set default network namespace in init_dummy_netdev()
    - ravb: expand rx descriptor data to accommodate hw checksum
    - sctp: improve the events for sctp stream reset
    - tun: move the call to tun_set_real_num_queues
    - ucc_geth: Reset BQL queue when stopping device
    - net: ip6_gre: always reports o_key to userspace
    - sctp: improve the events for sctp stream adding
    - net/mlx5e: Allow MAC invalidation while spoofchk is ON
    - ip6mr: Fix notifiers call on mroute_clean_tables()
    - Revert "net/mlx5e: E-Switch, Initialize eswitch only if eswitch manager"
    - sctp: set chunk transport correctly when it's a new asoc
    - sctp: set flow sport from saddr only when it's 0
    - virtio_net: Don't enable NAPI when interface is down
    - virtio_net: Don't call free_old_xmit_skbs for xdp_frames
    - virtio_net: Fix not restoring real_num_rx_queues
    - virtio_net: Fix out of bounds access of sq
    - virtio_net: Don't process redirected XDP frames when XDP is disabled
    - virtio_net: Use xdp_return_frame to free xdp_frames on destroying vqs
    - virtio_net: Differentiate sk_buff and xdp_frame on freeing
    - CIFS: Do not count -ENODATA as failure for query directory
    - CIFS: Fix trace command logging for SMB2 reads and writes
    - CIFS: Do not consider -ENODATA as stat failure for reads
    - fs/dcache: Fix incorrect nr_dentry_unused accounting in shrink_dcache_sb()
    - iommu/vt-d: Fix memory leak in intel_iommu_put_resv_regions()
    - selftests/seccomp: Enhance per-arch ptrace syscall skip tests
    - NFS: Fix up return value on fatal errors in nfs_page_async_flush()
    - ARM: cns3xxx: Fix writing to wrong PCI config registers after alignment
    - arm64: kaslr: ensure randomized quantities are clean also when kaslr is off
    - arm64: Do not issue IPIs for user executable ptes
    - arm64: hyp-stub: Forbid kprobing of the hyp-stub
    - arm64: hibernate: Clean the __hyp_text to PoC after resume
    - gpio: altera...

Changed in linux (Ubuntu):
status: Fix Committed → Fix Released
Brad Figg (brad-figg) wrote :

This bug is awaiting verification that the kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-bionic' to 'verification-done-bionic'. If the problem still exists, change the tag 'verification-needed-bionic' to 'verification-failed-bionic'.

If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you!

tags: added: verification-needed-bionic
bugproxy (bugproxy) wrote :

------- Comment From <email address hidden> 2019-02-18 02:58 EDT-------
I confirm the proposed kernel fixes the issue.

Kernel: 4.15.0-46-generic #49-Ubuntu
Architectures: s390x, x86_64
OS: Ubuntu 18.04 bionic

Thanks.

Frank Heimes (frank-heimes) wrote :

Thanks again, Peter.
I'm adjusting the tags accordingly ...

tags: added: verification-done-bionic
removed: verification-needed-bionic
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers