Ubuntu
linux package

Bug #1832828
Activity log

Activity log for bug #1832828

Date	Who	What changed	Old value	New value	Message
2019-06-14 09:23:18	Olivier Matz	bug			added bug
2019-06-14 09:24:26	Olivier Matz	bug			added subscriber 6WIND
2019-06-14 09:30:05	Ubuntu Kernel Bot	linux (Ubuntu): status	New	Incomplete
2019-06-17 22:00:01	Terry Rudd	bug			added subscriber Terry Rudd
2019-07-01 08:59:01	Olivier Matz	tags		apport-collected bionic
2019-07-01 08:59:03	Olivier Matz	description	== SRU Justification == The following code returns EFAULT (Bad address): s = socket(AF_INET6, SOCK_RAW, IPPROTO_ICMPV6); setsockopt(s, SOL_IPV6, IPV6_HDRINCL, 1); sendto(ipv6_icmp6_packet, addr); /* returns -1, errno = EFAULT */ The IPv4 equivalent code works. The failure happens because 2 bytes are eaten from the msghdr by rawv6_probe_proto_opt() starting from commit 19e3c66b52ca ("ipv6 equivalent of "ipv4: Avoid reading user iov twice after raw_probe_proto_opt""), but at that time it was not a problem because IPV6_HDRINCL was not yet introduced. Only eat these 2 bytes if hdrincl == 0. == Fix == Upstream commits: 59e3e4b52663 ("ipv6: use READ_ONCE() for inet->hdrincl as in ipv4") b9aa52c4cb45 ("ipv6: fix EFAULT on sendto with icmpv6 and hdrincl") == Regression Potential == Low. Only impacts IPv6 raw sockets with IPV6_HDRINCL. == Test Case == Copy/paste this code in a python3 interpreter: IPPROTO_ICMPV6 = socket.getprotobyname('ipv6-icmp') SOL_IPV6 = 41 IPV6_HDRINCL = 36 import socket send_s = socket.socket(socket.AF_INET6, socket.SOCK_RAW, IPPROTO_ICMPV6) send_s.setsockopt(SOL_IPV6, IPV6_HDRINCL, 1) # this is an IPv6 + ICMPv6 echo packet req = b'`\x00\x00\x00\x00":@?\xfe\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01?\xfe\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x80\x00\xe0\xda9\xa0V\x8dabcdefghijklmnopqrstuvwxyz' send_s.sendto(req, ('3ffe::2', 0, 0, 0)) On error, it raises: OSError: [Errno 14] Bad address After the fix, no exception is raised.	== SRU Justification == The following code returns EFAULT (Bad address): s = socket(AF_INET6, SOCK_RAW, IPPROTO_ICMPV6); setsockopt(s, SOL_IPV6, IPV6_HDRINCL, 1); sendto(ipv6_icmp6_packet, addr); /* returns -1, errno = EFAULT */ The IPv4 equivalent code works. The failure happens because 2 bytes are eaten from the msghdr by rawv6_probe_proto_opt() starting from commit 19e3c66b52ca ("ipv6 equivalent of "ipv4: Avoid reading user iov twice after raw_probe_proto_opt""), but at that time it was not a problem because IPV6_HDRINCL was not yet introduced. Only eat these 2 bytes if hdrincl == 0. == Fix == Upstream commits: 59e3e4b52663 ("ipv6: use READ_ONCE() for inet->hdrincl as in ipv4") b9aa52c4cb45 ("ipv6: fix EFAULT on sendto with icmpv6 and hdrincl") == Regression Potential == Low. Only impacts IPv6 raw sockets with IPV6_HDRINCL. == Test Case == Copy/paste this code in a python3 interpreter: IPPROTO_ICMPV6 = socket.getprotobyname('ipv6-icmp') SOL_IPV6 = 41 IPV6_HDRINCL = 36 import socket send_s = socket.socket(socket.AF_INET6, socket.SOCK_RAW, IPPROTO_ICMPV6) send_s.setsockopt(SOL_IPV6, IPV6_HDRINCL, 1) # this is an IPv6 + ICMPv6 echo packet req = b'`\x00\x00\x00\x00":@?\xfe\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01?\xfe\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x80\x00\xe0\xda9\xa0V\x8dabcdefghijklmnopqrstuvwxyz' send_s.sendto(req, ('3ffe::2', 0, 0, 0)) On error, it raises: OSError: [Errno 14] Bad address After the fix, no exception is raised. --- ProblemType: Bug AlsaDevices: total 0 crw-rw---- 1 root audio 116, 1 Jun 28 08:58 seq crw-rw---- 1 root audio 116, 33 Jun 28 08:58 timer AplayDevices: Error: [Errno 2] No such file or directory: 'aplay': 'aplay' ApportVersion: 2.20.9-0ubuntu7.6 Architecture: amd64 ArecordDevices: Error: [Errno 2] No such file or directory: 'arecord': 'arecord' AudioDevicesInUse: Error: command ['fuser', '-v', '/dev/snd/seq', '/dev/snd/timer'] failed with exit code 1: DistroRelease: Ubuntu 18.04 IwConfig: Error: [Errno 2] No such file or directory: 'iwconfig': 'iwconfig' Lsusb: Error: [Errno 2] No such file or directory: 'lsusb': 'lsusb' MachineType: QEMU Standard PC (i440FX + PIIX, 1996) Package: linux (not installed) PciMultimedia: ProcEnviron: TERM=screen PATH=(custom, no user) XDG_RUNTIME_DIR=<set> LANG=en_US.UTF-8 SHELL=/bin/bash ProcFB: ProcKernelCmdLine: BOOT_IMAGE=/boot/vmlinuz-4.15.0-50-generic root=/dev/mapper/6WIND-hostname ro console=ttyS0,115200n8 quiet splash vt.handoff=1 ProcVersionSignature: Ubuntu 4.15.0-50.54-generic 4.15.18 RelatedPackageVersions: linux-restricted-modules-4.15.0-50-generic N/A linux-backports-modules-4.15.0-50-generic N/A linux-firmware 1.173.6 RfKill: Error: [Errno 2] No such file or directory: 'rfkill': 'rfkill' Tags: bionic Uname: Linux 4.15.0-50-generic x86_64 UnreportableReason: This report is about a package that is not installed. UpgradeStatus: No upgrade log present (probably fresh install) UserGroups: _MarkForUpload: False dmi.bios.date: 04/01/2014 dmi.bios.vendor: SeaBIOS dmi.bios.version: rel-1.11.1-0-g0551a4be2c-prebuilt.qemu-project.org dmi.chassis.type: 1 dmi.chassis.vendor: QEMU dmi.chassis.version: pc-i440fx-2.12 dmi.modalias: dmi:bvnSeaBIOS:bvrrel-1.11.1-0-g0551a4be2c-prebuilt.qemu-project.org:bd04/01/2014:svnQEMU:pnStandardPC(i440FX+PIIX,1996):pvrpc-i440fx-2.12:cvnQEMU:ct1:cvrpc-i440fx-2.12: dmi.product.name: Standard PC (i440FX + PIIX, 1996) dmi.product.version: pc-i440fx-2.12 dmi.sys.vendor: QEMU
2019-07-01 08:59:04	Olivier Matz	attachment added		CRDA.txt https://bugs.launchpad.net/bugs/1832828/+attachment/5274437/+files/CRDA.txt
2019-07-01 08:59:06	Olivier Matz	attachment added		CurrentDmesg.txt https://bugs.launchpad.net/bugs/1832828/+attachment/5274438/+files/CurrentDmesg.txt
2019-07-01 08:59:09	Olivier Matz	attachment added		Lspci.txt https://bugs.launchpad.net/bugs/1832828/+attachment/5274439/+files/Lspci.txt
2019-07-01 08:59:10	Olivier Matz	attachment added		ProcCpuinfoMinimal.txt https://bugs.launchpad.net/bugs/1832828/+attachment/5274440/+files/ProcCpuinfoMinimal.txt
2019-07-01 08:59:11	Olivier Matz	attachment added		ProcInterrupts.txt https://bugs.launchpad.net/bugs/1832828/+attachment/5274441/+files/ProcInterrupts.txt
2019-07-01 08:59:12	Olivier Matz	attachment added		ProcModules.txt https://bugs.launchpad.net/bugs/1832828/+attachment/5274442/+files/ProcModules.txt
2019-07-01 08:59:14	Olivier Matz	attachment added		UdevDb.txt https://bugs.launchpad.net/bugs/1832828/+attachment/5274443/+files/UdevDb.txt
2019-07-01 08:59:16	Olivier Matz	attachment added		WifiSyslog.txt https://bugs.launchpad.net/bugs/1832828/+attachment/5274444/+files/WifiSyslog.txt
2019-07-01 09:00:33	Olivier Matz	linux (Ubuntu): status	Incomplete	Confirmed
2019-08-26 16:26:48	Kamal Mostafa	nominated for series		Ubuntu Disco
2019-08-26 16:26:48	Kamal Mostafa	bug task added		linux (Ubuntu Disco)
2019-08-26 16:26:48	Kamal Mostafa	nominated for series		Ubuntu Bionic
2019-08-26 16:26:48	Kamal Mostafa	bug task added		linux (Ubuntu Bionic)
2019-08-26 16:26:57	Kamal Mostafa	linux (Ubuntu Bionic): status	New	Fix Committed
2019-08-26 16:27:00	Kamal Mostafa	linux (Ubuntu Bionic): assignee		Kamal Mostafa (kamalmostafa)
2019-08-26 16:27:04	Kamal Mostafa	linux (Ubuntu Disco): status	New	Fix Committed
2019-08-26 16:27:06	Kamal Mostafa	linux (Ubuntu Disco): assignee		Kamal Mostafa (kamalmostafa)
2019-08-26 16:27:33	Kamal Mostafa	linux (Ubuntu): assignee		Kamal Mostafa (kamalmostafa)
2020-07-02 20:02:01	Steve Langasek	linux (Ubuntu Disco): status	Fix Committed	Won't Fix

Ubuntulinux package

Activity log for bug #1832828

Ubuntu
linux package