4.15.0-100.101 breaks userspace builds due to a bug in the headers /usr/include/linux/swab.h of linux-libc-dev

Bug #1877123 reported by Christian Ehrhardt  on 2020-05-06
8
This bug affects 1 person
Affects Status Importance Assigned to Milestone
linux (Ubuntu)
Undecided
Unassigned
Bionic
Critical
Kleber Sacilotto de Souza

Bug Description

[Impact]
The build of qemu and other userspace broke because of the following patch applied to bionic as part of one of the upstream stable updates:

commit 2385a55f64a65baf6594f37bfa018e2797dcb8c7
Author: Yury Norov <email address hidden>
Date: Thu Jan 30 22:16:40 2020 -0800

    uapi: rename ext2_swab() to swab() and share globally in swab.h

    BugLink: https://bugs.launchpad.net/bugs/1874502

    [ Upstream commit d5767057c9a76a29f073dad66b7fa12a90e8c748 ]

The affected header file is shipped by the linux-libc-dev package.

[Fix]
The fix has already been applied on mainline and the stable trees and can be cherry-picked to bionic/linux.

commit 467d12f5c7842896d2de3ced74e4147ee29e97c8
Author: Christian Borntraeger <email address hidden>
Date: Thu Feb 20 20:04:03 2020 -0800

    include/uapi/linux/swab.h: fix userspace breakage, use __BITS_PER_LONG for swap

[Testcase]
Install linux-libc-dev and build qemu.

[Regression Potential]
Low. The fix is simple and has already landed on upstream stable, with no follow-up so far on mainline.

----

This started as a debug session why qemu no more builds in
https://bugs.launchpad.net/ubuntu/+source/qemu/+bug/1847361/comments/55

The summary of the kernel bug discovered is:
$ diff -Naur swab.h.4.15.0-99.100.good swab.h.4.15.0-100.101.bad
--- swab.h.4.15.0-99.100.good 2020-05-06 13:56:28.755885666 +0200
+++ swab.h.4.15.0-100.101.bad 2020-05-06 13:55:39.191681069 +0200
@@ -4,6 +4,7 @@

 #include <linux/types.h>

+#include <asm/bitsperlong.h>
 #include <asm/swab.h>

 /*
@@ -132,6 +133,15 @@
        __fswab64(x))
 #endif

+static __always_inline unsigned long __swab(const unsigned long y)
+{
+#if BITS_PER_LONG == 64
+ return __swab64(y);
+#else /* BITS_PER_LONG == 32 */
+ return __swab32(y);
+#endif
+}
+
 /**
  * __swahw32 - return a word-swapped 32-bit value
  * @x: value to wordswap

That means the linux-libc-dev package being part of the proposed new 4.15 kernel in Bionic will break at least qemu and maybe others.

The problem is that it includes <asm/bitsperlong.h> which defines:
 # define __BITS_PER_LONG 64

But then uses BITS_PER_LONG (missing the leading underscores).
Due to that it will in the qemu case use what qemu has defined and break.
But even worse in other cases maybe use the wrong swab function.

Broken by [1]
commit 2385a55f64a65baf6594f37bfa018e2797dcb8c7 (sha from ubuntu kernel, upstream d5767057c9a)
Author: Yury Norov <email address hidden>
Date: Thu Jan 30 22:16:40 2020 -0800

    uapi: rename ext2_swab() to swab() and share globally in swab.h

Fixed by [2] (but missing in our proposed kernel)
commit 467d12f5c7842896d2de3ced74e4147ee29e97c8
Author: Christian Borntraeger <email address hidden>
Date: Thu Feb 20 20:04:03 2020 -0800

    include/uapi/linux/swab.h: fix userspace breakage, use __BITS_PER_LONG for swap

This fix also is in 4.14 stable kernel as ffd115f2dca955ce0782e801d488ecfaccde421f.
That should be the closest for our kernel.

@Kernel - Please consider NOT to release 4.15.0-100.101 as-is, it needs this fix.
Getting this fixed effectively gates any qemu update in Bionic (and maybe other things as well).

CVE References

Assigned to klebers who seems to own it (per IRC discussion on this topic).

Please give me a ping here once a re-spin of this is in Bionic-proposed.

Changed in linux (Ubuntu):
status: New → Invalid
Changed in linux (Ubuntu Bionic):
assignee: nobody → Kleber Sacilotto de Souza (kleber-souza)

FYI: other (than qemu build) hit due to the same error https://lkml.org/lkml/2020/2/12/93

Changed in linux (Ubuntu Bionic):
status: New → In Progress
importance: Undecided → Critical
description: updated
description: updated
Changed in linux (Ubuntu Bionic):
status: In Progress → Fix Committed

For anyone else waiting - I just rechecked - so far 4.15.0-100.101 still is the one in -proposed - so we are still blocked on this atm.

This bug is awaiting verification that the kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-bionic' to 'verification-done-bionic'. If the problem still exists, change the tag 'verification-needed-bionic' to 'verification-failed-bionic'.

If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you!

tags: added: verification-needed-bionic

I rebuilt what was formerly broken due to the kernel in proposed.
It now used 4.15.0-101.102 and worked.

tags: added: verification-done-bionic
removed: verification-needed-bionic
Launchpad Janitor (janitor) wrote :
Download full text (12.7 KiB)

This bug was fixed in the package linux - 4.15.0-101.102

---------------
linux (4.15.0-101.102) bionic; urgency=medium

  * bionic/linux: 4.15.0-101.102 -proposed tracker (LP: #1877262)

  * 4.15.0-100.101 breaks userspace builds due to a bug in the headers
    /usr/include/linux/swab.h of linux-libc-dev (LP: #1877123)
    - include/uapi/linux/swab.h: fix userspace breakage, use __BITS_PER_LONG for
      swap

  * bionic snapdragon 4.15 snap failed Certification testing (LP: #1877657)
    - Revert "drm/msm: Use the correct dma_sync calls in msm_gem"
    - Revert "drm/msm: stop abusing dma_map/unmap for cache"

linux (4.15.0-100.101) bionic; urgency=medium

  * bionic/linux: 4.15.0-100.101 -proposed tracker (LP: #1875878)

  * built-using constraints preventing uploads (LP: #1875601)
    - temporarily drop Built-Using data

  * Add debian/rules targets to compile/run kernel selftests (LP: #1874286)
    - [Packaging] add support to compile/run selftests

  * getitimer returns it_value=0 erroneously (LP: #1349028)
    - [Config] CONTEXT_TRACKING_FORCE policy should be unset

  * QEMU/KVM display is garbled when booting from kernel EFI stub due to missing
    bochs-drm module (LP: #1872863)
    - [Config] Enable CONFIG_DRM_BOCHS as module for all archs

  * Backport MPLS patches from 5.3 to 4.15 (LP: #1851446)
    - net/mlx5e: Report netdevice MPLS features
    - net: vlan: Inherit MPLS features from parent device
    - net: bonding: Inherit MPLS features from slave devices
    - net/mlx5e: Move to HW checksumming advertising

  * LIO hanging in iscsit_free_session and iscsit_stop_session (LP: #1871688)
    - scsi: target: remove boilerplate code
    - scsi: target: fix hang when multiple threads try to destroy the same iscsi
      session
    - scsi: target: iscsi: calling iscsit_stop_session() inside
      iscsit_close_session() has no effect

  * Add hw timestamps to received skbs in peak_canfd (LP: #1874124)
    - can: peak_canfd: provide hw timestamps in rx skbs

  * Bionic update: upstream stable patchset 2020-04-23 (LP: #1874502)
    - ARM: dts: sun8i-a83t-tbs-a711: HM5065 doesn't like such a high voltage
    - bus: sunxi-rsb: Return correct data when mixing 16-bit and 8-bit reads
    - net: vxge: fix wrong __VA_ARGS__ usage
    - hinic: fix a bug of waitting for IO stopped
    - hinic: fix wrong para of wait_for_completion_timeout
    - cxgb4/ptp: pass the sign of offset delta in FW CMD
    - qlcnic: Fix bad kzalloc null test
    - i2c: st: fix missing struct parameter description
    - firmware: arm_sdei: fix double-lock on hibernate with shared events
    - null_blk: Fix the null_add_dev() error path
    - null_blk: Handle null_add_dev() failures properly
    - null_blk: fix spurious IO errors after failed past-wp access
    - xhci: bail out early if driver can't accress host in resume
    - x86: Don't let pgprot_modify() change the page encryption bit
    - block: keep bdi->io_pages in sync with max_sectors_kb for stacked devices
    - irqchip/versatile-fpga: Handle chained IRQs properly
    - sched: Avoid scale real weight down to zero
    - selftests/x86/ptrace_syscall_32: Fix no-vDSO segfault
    - PCI/switchtec: Fix init_completio...

Changed in linux (Ubuntu Bionic):
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers