| 2020-04-23 13:27:19 |
Arthur Kiyanovski |
bug |
|
|
added bug |
| 2020-04-23 16:29:57 |
Ubuntu Foundations Team Bug Bot |
tags |
|
bot-comment |
|
| 2020-04-23 17:15:44 |
Brian Murray |
affects |
ubuntu |
ethtool (Ubuntu) |
|
| 2020-04-23 19:11:28 |
Ben Hutchings |
affects |
ethtool (Ubuntu) |
linux (Ubuntu) |
|
| 2020-04-23 19:30:07 |
Ubuntu Kernel Bot |
linux (Ubuntu): status |
New |
Incomplete |
|
| 2020-04-23 19:30:10 |
Ubuntu Kernel Bot |
tags |
bot-comment |
bionic bot-comment |
|
| 2020-04-24 12:31:52 |
Arthur Kiyanovski |
linux (Ubuntu): status |
Incomplete |
Opinion |
|
| 2020-04-24 12:31:56 |
Arthur Kiyanovski |
linux (Ubuntu): status |
Opinion |
Confirmed |
|
| 2020-05-09 12:47:06 |
Dominique Poulain |
bug |
|
|
added subscriber Dominique Poulain |
| 2020-05-10 12:08:15 |
Guilherme G. Piccoli |
tags |
bionic bot-comment |
bionic bot-comment sts xenial |
|
| 2020-05-10 12:08:23 |
Guilherme G. Piccoli |
nominated for series |
|
Ubuntu Bionic |
|
| 2020-05-10 12:08:23 |
Guilherme G. Piccoli |
bug task added |
|
linux (Ubuntu Bionic) |
|
| 2020-05-10 12:08:23 |
Guilherme G. Piccoli |
nominated for series |
|
Ubuntu Xenial |
|
| 2020-05-10 12:08:23 |
Guilherme G. Piccoli |
bug task added |
|
linux (Ubuntu Xenial) |
|
| 2020-05-10 12:08:40 |
Guilherme G. Piccoli |
linux (Ubuntu): status |
Confirmed |
In Progress |
|
| 2020-05-10 12:08:45 |
Guilherme G. Piccoli |
linux (Ubuntu Xenial): status |
New |
In Progress |
|
| 2020-05-10 12:08:49 |
Guilherme G. Piccoli |
linux (Ubuntu Bionic): status |
New |
In Progress |
|
| 2020-05-10 12:08:52 |
Guilherme G. Piccoli |
linux (Ubuntu Xenial): importance |
Undecided |
High |
|
| 2020-05-10 12:08:54 |
Guilherme G. Piccoli |
linux (Ubuntu Bionic): importance |
Undecided |
High |
|
| 2020-05-10 12:08:56 |
Guilherme G. Piccoli |
linux (Ubuntu): assignee |
|
Guilherme G. Piccoli (gpiccoli) |
|
| 2020-05-10 12:09:00 |
Guilherme G. Piccoli |
linux (Ubuntu Xenial): assignee |
|
Guilherme G. Piccoli (gpiccoli) |
|
| 2020-05-10 12:09:03 |
Guilherme G. Piccoli |
linux (Ubuntu Bionic): assignee |
|
Guilherme G. Piccoli (gpiccoli) |
|
| 2020-05-10 12:09:11 |
Guilherme G. Piccoli |
linux (Ubuntu): importance |
Undecided |
High |
|
| 2020-05-10 12:21:27 |
Guilherme G. Piccoli |
description |
Upstream linux kernel implemented ring parameter boundaries check in commit:
37e2d99b59c4 ("ethtool: Ensure new ring parameters are within bounds during SRINGPARAM")
(see link https://patchwork.ozlabs.org/project/netdev/patch/1515420026-11970-2-git-send-email-tariqt@mellanox.com/)
Due to this commit, the community doesn't allow ring parameter boundary checks in driver code.
The Bionic ubuntu kernel does not include this patch. And some network drivers rely on this patch for
boundary checking of ring params.
This causes bugs in case a ringparam was given an illegal value.
Reproduction steps in AWS:
1. Create new c5.4xlarge instance with the ubuntu 18.04 official ami (uses the ENA network driver) and update to latest kernel using apt-get dist-upgrade and reboot for the new kernel to load.
2. Run ethtool -g ens5
output:
Ring parameters for ens5:
Pre-set maximums:
RX: 16384
RX Mini: 0
RX Jumbo: 0
TX: 1024
Current hardware settings:
RX: 1024
RX Mini: 0
RX Jumbo: 0
TX: 1024
3. Change the tx ring size to a legal number within boundaries - works!
4. Change the tx ring size to an illegal number such as 2048 with the command - sudo ethtool -G ens5 tx 2048.
Expected behavior - operation not allowed
Actual behavior - causes a crash of the driver since boundaries are not checked by ethtool.
Proposed fix - include the above commit 37e2d99b59c4 ("ethtool: Ensure new ring parameters are within bounds during SRINGPARAM") in bionic (and probably other ubuntu releases as well)
More data about the machine where the bug occured:
ubuntu@ip-172-31-80-28:~/bionic$ lsb_release -rd
Description: Ubuntu 18.04.4 LTS
Release: 18.04
ubuntu@ip-172-31-80-28:~/bionic$ uname -r
4.15.0-1065-aws |
[Impact]
* There's a bad behavior in the ena driver ringparam setting on kernels 4.4 and 4.15, if an invalid ringparam is provided to ethtool.
* Upstream Linux kernel implemented ring parameter boundaries check in commit: 37e2d99b59c4 ("ethtool: Ensure new ring parameters are within bounds during SRINGPARAM") [ git.kernel.org/linus/37e2d99b59c4 ].
Due to this commit, the community doesn't usually allow ring parameter boundary checks in driver code.
* Xenial/Bionic kernels don't include this patch, and some network drivers (like ena) rely on this patch for boundary checking of ring params. So, we are hereby requesting the commit inclusion in these kernel versions.
[Test case]
1. In AWS, create a new c5.4xlarge instance with the Ubuntu 18.04 official ami (uses the ENA network driver) and update to latest kernel/reboot.
2. Run ethtool -g ens5
output:
Ring parameters for ens5:
Pre-set maximums:
RX: 16384
RX Mini: 0
RX Jumbo: 0
TX: 1024
Current hardware settings:
RX: 1024
RX Mini: 0
RX Jumbo: 0
TX: 1024
3. Change the TX/RX ring size to a legal number within boundaries - works!
4. Change the TX/RX ring size to an illegal number (such as 2048 for TX) with the command - "sudo ethtool -G ens5 tx 2048".
Expected behavior - "Cannot set device ring parameters: Invalid argument"
Actual behavior - causes a driver hang since boundaries are not checked by ethtool, effectively hanging the instance (given that AWS has no console to allow system manipulation).
[Regression Potential]
Since that the commit is present in kernels v4.16+ (including Ubuntu) and is quite small and self-contained, the regression risk is very reduced.
One potential "regression" would be if some driver has bugs and provide bad values on get_ringparams, then the validation would be broken (allowing illegal values or refusing legal ones), but this wouldn't be a regression in the hereby proposed patch itself, it'd be only exposed by the patch. |
|
| 2020-05-10 12:29:50 |
Guilherme G. Piccoli |
bug |
|
|
added subscriber Guilherme G. Piccoli |
| 2020-05-14 04:03:40 |
Khaled El Mously |
linux (Ubuntu Xenial): status |
In Progress |
Fix Committed |
|
| 2020-05-14 04:03:41 |
Khaled El Mously |
linux (Ubuntu Bionic): status |
In Progress |
Fix Committed |
|
| 2020-05-19 18:06:03 |
Ubuntu Kernel Bot |
tags |
bionic bot-comment sts xenial |
bionic bot-comment sts verification-needed-bionic xenial |
|
| 2020-05-19 18:08:16 |
Ubuntu Kernel Bot |
tags |
bionic bot-comment sts verification-needed-bionic xenial |
bionic bot-comment sts verification-needed-bionic verification-needed-xenial xenial |
|
| 2020-05-27 20:47:59 |
Guilherme G. Piccoli |
tags |
bionic bot-comment sts verification-needed-bionic verification-needed-xenial xenial |
bionic bot-comment sts verification-done-bionic verification-done-xenial xenial |
|
| 2020-06-09 21:09:10 |
Launchpad Janitor |
linux (Ubuntu Bionic): status |
Fix Committed |
Fix Released |
|
| 2020-06-09 21:09:10 |
Launchpad Janitor |
cve linked |
|
2020-0543 |
|
| 2020-06-09 21:16:45 |
Launchpad Janitor |
linux (Ubuntu Xenial): status |
Fix Committed |
Fix Released |
|
| 2020-06-09 21:16:45 |
Launchpad Janitor |
cve linked |
|
2020-12769 |
|
| 2020-06-09 21:16:45 |
Launchpad Janitor |
cve linked |
|
2020-1749 |
|
| 2020-06-10 12:34:27 |
Guilherme G. Piccoli |
linux (Ubuntu): status |
In Progress |
Fix Released |
|
