Bug #1915552 “Fix oops in skb_segment for Bionic series” : Bugs : linux package : Ubuntu

Guilherme G. Piccoli (gpiccoli) on 2021-02-12

Changed in linux-azure (Ubuntu Bionic):
status:	New → In Progress
assignee:	nobody → Guilherme G. Piccoli (gpiccoli)
importance:	Undecided → Medium

Revision history for this message

Stefan Bader (smb) wrote on 2021-02-15:

#1

The patches were submitted to Bionic main.

affects:	linux-azure (Ubuntu) → linux (Ubuntu)
Changed in linux (Ubuntu):
status:	In Progress → Invalid

Stefan Bader (smb) on 2021-02-15

Changed in linux (Ubuntu Bionic):
status:	In Progress → Fix Committed

Revision history for this message

Ubuntu Kernel Bot (ubuntu-kernel-bot) wrote on 2021-02-24:

#2

This bug is awaiting verification that the kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-bionic' to 'verification-done-bionic'. If the problem still exists, change the tag 'verification-needed-bionic' to 'verification-failed-bionic'.

If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you!

tags:

added: verification-needed-bionic

Revision history for this message

Guilherme G. Piccoli (gpiccoli) wrote on 2021-03-01:

#3

An user who reported the issue confirmed the kernel with the patches hereby proposed is not reproducing anymore; also, I checked in the Bionic git tree, patches are indeed there.
Cheers,

Guilherme

tags:

added: verification-done-bionic
removed: verification-needed-bionic

Revision history for this message

Launchpad Janitor (janitor) wrote on 2021-03-15:

#4

Download full text (11.7 KiB)

This bug was fixed in the package linux - 4.15.0-137.141

---------------
linux (4.15.0-137.141) bionic; urgency=medium

* bionic/linux: 4.15.0-137.141 -proposed tracker (LP: #1916199)

  * Fix oops in skb_segment for Bionic series (LP: #1915552)
    - net: permit skb_segment on head_frag frag_list skb
    - net: bpf: add a test for skb_segment in test_bpf module
    - test_bpf: Fix NULL vs IS_ERR() check in test_skb_segment()

  * Bionic update: upstream stable patchset 2021-02-10 (LP: #1915328)
    - net: cdc_ncm: correct overhead in delayed_ndp_size
    - net: vlan: avoid leaks on register_vlan_dev() failures
    - net: ip: always refragment ip defragmented packets
    - net: fix pmtu check in nopmtudisc mode
    - x86/resctrl: Use an IPI instead of task_work_add() to update PQR_ASSOC MSR
    - x86/resctrl: Don't move a task to the same resource group
    - vmlinux.lds.h: Add PGO and AutoFDO input sections
    - drm/i915: Fix mismatch between misplaced vma check and vma insert
    - spi: pxa2xx: Fix use-after-free on unbind
    - iio: imu: st_lsm6dsx: flip irq return logic
    - iio: imu: st_lsm6dsx: fix edge-trigger interrupts
    - ARM: OMAP2+: omap_device: fix idling of devices during probe
    - i2c: sprd: use a specific timeout to avoid system hang up issue
    - cpufreq: powernow-k8: pass policy rather than use cpufreq_cpu_get()
    - spi: stm32: FIFO threshold level - fix align packet size
    - dmaengine: xilinx_dma: check dma_async_device_register return value
    - dmaengine: xilinx_dma: fix mixed_enum_type coverity warning
    - wil6210: select CONFIG_CRC32
    - block: rsxx: select CONFIG_CRC32
    - iommu/intel: Fix memleak in intel_irq_remapping_alloc
    - net/mlx5e: Fix memleak in mlx5e_create_l2_table_groups
    - net/mlx5e: Fix two double free cases
    - wan: ds26522: select CONFIG_BITREVERSE
    - KVM: arm64: Don't access PMCR_EL0 when no PMU is available
    - block: fix use-after-free in disk_part_iter_next
    - net: drop bogus skb with CHECKSUM_PARTIAL and offset beyond end of trimmed
      packet
    - net: hns3: fix the number of queues actually used by ARQ
    - net: stmmac: dwmac-sun8i: Balance internal PHY resource references
    - net: stmmac: dwmac-sun8i: Balance internal PHY power
    - net/sonic: Fix some resource leaks in error handling paths
    - net: ipv6: fib: flush exceptions when purging route
    - dmaengine: xilinx_dma: fix incompatible param warning in _child_probe()
    - lightnvm: select CONFIG_CRC32
    - ASoC: dapm: remove widget from dirty list on free
    - MIPS: boot: Fix unaligned access with CONFIG_MIPS_RAW_APPENDED_DTB
    - MIPS: relocatable: fix possible boot hangup with KASLR enabled
    - ACPI: scan: Harden acpi_device_add() against device ID overflows
    - mm/hugetlb: fix potential missing huge page size info
    - dm snapshot: flush merged data before committing metadata
    - r8152: Add Lenovo Powered USB-C Travel Hub
    - ext4: fix bug for rename with RENAME_WHITEOUT
    - ARC: build: remove non-existing bootpImage from KBUILD_IMAGE
    - ARC: build: add uImage.lzma to the top-level target
    - ARC: build: add boot_targets to PHONY
    - btrfs: fix transaction leak and crash...

This bug was fixed in the package linux - 4.15.0-137.141

---------------
linux (4.15.0-137.141) bionic; urgency=medium

* bionic/linux: 4.15.0-137.141 -proposed tracker (LP: #1916199)

* Fix oops in skb_segment for Bionic series (LP: #1915552)
    - net: permit skb_segment on head_frag frag_list skb
    - net: bpf: add a test for skb_segment in test_bpf module
    - test_bpf: Fix NULL vs IS_ERR() check in test_skb_segment()

* Bionic update: upstream stable patchset 2021-02-10 (LP: #1915328)
    - net: cdc_ncm: correct overhead in delayed_ndp_size
    - net: vlan: avoid leaks on register_vlan_dev() failures
    - net: ip: always refragment ip defragmented packets
    - net: fix pmtu check in nopmtudisc mode
    - x86/resctrl: Use an IPI instead of task_work_add() to update PQR_ASSOC MSR
    - x86/resctrl: Don't move a task to the same resource group
    - vmlinux.lds.h: Add PGO and AutoFDO input sections
    - drm/i915: Fix mismatch between misplaced vma check and vma insert
    - spi: pxa2xx: Fix use-after-free on unbind
    - iio: imu: st_lsm6dsx: flip irq return logic
    - iio: imu: st_lsm6dsx: fix edge-trigger interrupts
    - ARM: OMAP2+: omap_device: fix idling of devices during probe
    - i2c: sprd: use a specific timeout to avoid system hang up issue
    - cpufreq: powernow-k8: pass policy rather than use cpufreq_cpu_get()
    - spi: stm32: FIFO threshold level - fix align packet size
    - dmaengine: xilinx_dma: check dma_async_device_register return value
    - dmaengine: xilinx_dma: fix mixed_enum_type coverity warning
    - wil6210: select CONFIG_CRC32
    - block: rsxx: select CONFIG_CRC32
    - iommu/intel: Fix memleak in intel_irq_remapping_alloc
    - net/mlx5e: Fix memleak in mlx5e_create_l2_table_groups
    - net/mlx5e: Fix two double free cases
    - wan: ds26522: select CONFIG_BITREVERSE
    - KVM: arm64: Don't access PMCR_EL0 when no PMU is available
    - block: fix use-after-free in disk_part_iter_next
    - net: drop bogus skb with CHECKSUM_PARTIAL and offset beyond end of trimmed
      packet
    - net: hns3: fix the number of queues actually used by ARQ
    - net: stmmac: dwmac-sun8i: Balance internal PHY resource references
    - net: stmmac: dwmac-sun8i: Balance internal PHY power
    - net/sonic: Fix some resource leaks in error handling paths
    - net: ipv6: fib: flush exceptions when purging route
    - dmaengine: xilinx_dma: fix incompatible param warning in _child_probe()
    - lightnvm: select CONFIG_CRC32
    - ASoC: dapm: remove widget from dirty list on free
    - MIPS: boot: Fix unaligned access with CONFIG_MIPS_RAW_APPENDED_DTB
    - MIPS: relocatable: fix possible boot hangup with KASLR enabled
    - ACPI: scan: Harden acpi_device_add() against device ID overflows
    - mm/hugetlb: fix potential missing huge page size info
    - dm snapshot: flush merged data before committing metadata
    - r8152: Add Lenovo Powered USB-C Travel Hub
    - ext4: fix bug for rename with RENAME_WHITEOUT
    - ARC: build: remove non-existing bootpImage from KBUILD_IMAGE
    - ARC: build: add uImage.lzma to the top-level target
    - ARC: build: add boot_targets to PHONY
    - btrfs: fix transaction leak and crash after RO remount caused by qgroup
      rescan
    - ethernet: ucc_geth: fix definition and size of ucc_geth_tx_global_pram
    - arch/arc: add copy_user_page() to <asm/page.h> to fix build error on ARC
    - misdn: dsp: select CONFIG_BITREVERSE
    - net: ethernet: fs_enet: Add missing MODULE_LICENSE
    - ACPI: scan: add stub acpi_create_platform_device() for !CONFIG_ACPI
    - ARM: picoxcell: fix missing interrupt-parent properties
    - dump_common_audit_data(): fix racy accesses to ->d_name
    - ASoC: Intel: fix error code cnl_set_dsp_D0()
    - NFS4: Fix use-after-free in trace_event_raw_event_nfs4_set_lock
    - pNFS: Mark layout for return if return-on-close was not sent
    - NFS: nfs_igrab_and_active must first reference the superblock
    - ext4: fix superblock checksum failure when setting password salt
    - RDMA/usnic: Fix memleak in find_free_vf_and_create_qp_grp
    - mm, slub: consider rest of partial list if acquire_slab() fails
    - net: sunrpc: interpret the return value of kstrtou32 correctly
    - dm: eliminate potential source of excessive kernel log noise
    - ALSA: firewire-tascam: Fix integer overflow in midi_port_work()
    - ALSA: fireface: Fix integer overflow in transmit_midi_msg()
    - netfilter: conntrack: fix reading nf_conntrack_buckets
    - usb: ohci: Make distrust_firmware param default to false
    - nfsd4: readdirplus shouldn't return parent of export
    - netxen_nic: fix MSI/MSI-x interrupts
    - rndis_host: set proper input size for OID_GEN_PHYSICAL_MEDIUM request
    - esp: avoid unneeded kmap_atomic call
    - net: dcb: Validate netlink message in DCB handler
    - net: dcb: Accept RTM_GETDCB messages carrying set-like DCB commands
    - net: stmmac: Fixed mtu channged by cache aligned
    - net: sit: unregister_netdevice on newlink's error path
    - net: avoid 32 x truesize under-estimation for tiny skbs
    - rxrpc: Fix handling of an unsupported token type in rxrpc_read()
    - tipc: fix NULL deref in tipc_link_xmit()
    - spi: cadence: cache reference clock rate during probe
    - x86/hyperv: check cpu mask after interrupt has been disabled
    - mtd: rawnand: fsl_ifc: check result of SRAM initialization fixup
    - kbuild: enforce -Werror=return-type
    - crypto: x86/crc32c - fix building with clang ias
    - rxrpc: Call state should be read with READ_ONCE() under some circumstances

* [ssbs-0118] backport SSBS bug (arm64: cpufeature: Detect SSBS and advertise
    to userspace) (LP: #1911376)
    - SAUCE: Move SSBS snippet from arm64_elf_hwcaps to arm64_features

* Bionic update: upstream stable patchset 2021-01-25 (LP: #1913214)
    - x86/entry/64: Add instruction suffix
    - md/raid10: initialize r10_bio->read_slot before use.
    - ALSA: usb-audio: simplify set_sync_ep_implicit_fb_quirk
    - ALSA: usb-audio: fix sync-ep altsetting sanity check
    - mm: memcontrol: eliminate raw access to stat and event counters
    - mm: memcontrol: implement lruvec stat functions on top of each other
    - mm: memcontrol: fix excessive complexity in memory.stat reporting
    - vfio/pci: Move dummy_resources_list init in vfio_pci_probe()
    - powerpc/bitops: Fix possible undefined behaviour with fls() and fls64()
    - uapi: move constants from <linux/kernel.h> to <linux/const.h>
    - of: fix linker-section match-table corruption
    - reiserfs: add check for an invalid ih_entry_count
    - misc: vmw_vmci: fix kernel info-leak by initializing dbells in
      vmci_ctx_get_chkpt_doorbells()
    - media: gp8psk: initialize stats at power control logic
    - ALSA: seq: Use bool for snd_seq_queue internal flags
    - rtc: sun6i: Fix memleak in sun6i_rtc_clk_init
    - module: set MODULE_STATE_GOING state when a module fails to load
    - quota: Don't overflow quota file offsets
    - powerpc: sysdev: add missing iounmap() on error in mpic_msgr_probe()
    - module: delay kobject uevent until after module init call
    - ALSA: pcm: Clear the full allocated memory at hw_params
    - dm verity: skip verity work if I/O error when system is shutting down
    - kdev_t: always inline major/minor helper functions
    - iio:imu:bmi160: Fix alignment and data leak issues
    - iio:magnetometer:mag3110: Fix alignment and data leak issues.
    - mwifiex: Fix possible buffer overflows in mwifiex_cmd_802_11_ad_hoc_start
    - ext4: don't remount read-only with errors=continue on reboot
    - KVM: SVM: relax conditions for allowing MSR_IA32_SPEC_CTRL accesses
    - KVM: x86: reinstate vendor-agnostic check on SPEC_CTRL cpuid bits
    - xen/gntdev.c: Mark pages as dirty
    - ALSA: rawmidi: Access runtime->avail always in spinlock
    - fcntl: Fix potential deadlock in send_sig{io, urg}()
    - dmaengine: at_hdmac: Substitute kzalloc with kmalloc
    - dmaengine: at_hdmac: add missing put_device() call in at_dma_xlate()
    - dmaengine: at_hdmac: add missing kfree() call in at_dma_xlate()
    - kbuild: don't hardcode depmod path
    - workqueue: Kick a worker based on the actual activation of delayed works
    - scsi: ufs-pci: Ensure UFS device is in PowerDown mode for suspend-to-disk
      ->poweroff()
    - scsi: ide: Do not set the RQF_PREEMPT flag for sense requests
    - lib/genalloc: fix the overflow when size is too big
    - depmod: handle the case of /sbin/depmod without /sbin in PATH
    - ethernet: ucc_geth: fix use-after-free in ucc_geth_remove()
    - ethernet: ucc_geth: set dev->max_mtu to 1518
    - atm: idt77252: call pci_disable_device() on error path
    - qede: fix offload for IPIP tunnel packets
    - virtio_net: Fix recursive call to cpus_read_lock()
    - net/ncsi: Use real net-device for response handler
    - net: ethernet: Fix memleak in ethoc_probe
    - net-sysfs: take the rtnl lock when storing xps_cpus
    - net: ethernet: ti: cpts: fix ethtool output when no ptp_clock registered
    - ipv4: Ignore ECN bits for fib lookups in fib_compute_spec_dst()
    - net: hns: fix return value check in __lb_other_process()
    - net: hdlc_ppp: Fix issues when mod_timer is called while timer is running
    - CDC-NCM: remove "connected" log message
    - net: usb: qmi_wwan: add Quectel EM160R-GL
    - vhost_net: fix ubuf refcount incorrectly when sendmsg fails
    - net: sched: prevent invalid Scell_log shift count
    - net-sysfs: take the rtnl lock when accessing xps_cpus_map and num_tc
    - net: mvpp2: Fix GoP port 3 Networking Complex Control configurations
    - net: systemport: set dev->max_mtu to UMAC_MAX_MTU_SIZE
    - video: hyperv_fb: Fix the mmap() regression for v5.4.y and older
    - crypto: ecdh - avoid buffer overflow in ecdh_set_secret()
    - usb: gadget: enable super speed plus
    - USB: cdc-acm: blacklist another IR Droid device
    - usb: dwc3: ulpi: Use VStsDone to detect PHY regs access completion
    - usb: chipidea: ci_hdrc_imx: add missing put_device() call in
      usbmisc_get_init_data()
    - USB: xhci: fix U1/U2 handling for hardware with XHCI_INTEL_HOST quirk set
    - usb: usbip: vhci_hcd: protect shift size
    - usb: uas: Add PNY USB Portable SSD to unusual_uas
    - USB: serial: iuu_phoenix: fix DMA from stack
    - USB: serial: option: add LongSung M5710 module support
    - USB: serial: option: add Quectel EM160R-GL
    - USB: yurex: fix control-URB timeout handling
    - USB: usblp: fix DMA to stack
    - ALSA: usb-audio: Fix UBSAN warnings for MIDI jacks
    - usb: gadget: select CONFIG_CRC32
    - usb: gadget: f_uac2: reset wMaxPacketSize
    - usb: gadget: function: printer: Fix a memory leak for interface descriptor
    - USB: gadget: legacy: fix return error code in acm_ms_bind()
    - usb: gadget: Fix spinlock lockup on usb_function_deactivate
    - usb: gadget: configfs: Preserve function ordering after bind failure
    - usb: gadget: configfs: Fix use-after-free issue with udc_name
    - USB: serial: keyspan_pda: remove unused variable
    - x86/mm: Fix leak of pmd ptlock
    - ALSA: hda/conexant: add a new hda codec CX11970
    - ALSA: hda/realtek - Fix speaker volume control on Lenovo C940
    - Revert "device property: Keep secondary firmware node secondary by type"
    - netfilter: ipset: fix shift-out-of-bounds in htable_bits()
    - netfilter: xt_RATEEST: reject non-null terminated string from userspace
    - x86/mtrr: Correct the range check before performing MTRR type lookups
    - KVM: x86: fix shift out of bounds reported by UBSAN
    - i40e: Fix Error I40E_AQ_RC_EINVAL when removing VFs
    - tun: fix return value when the number of iovs exceeds MAX_SKB_FRAGS
    - USB: cdc-wdm: Fix use after free in service_outstanding_interrupt().
    - USB: Gadget Ethernet: Re-enable Jumbo frames.
    - usb: gadget: u_ether: Fix MTU size mismatch with RX packet size

-- Stefan Bader <stefan.bader@canonical.com>  Fri, 19 Feb 2021 11:28:35 +0100

Changed in linux (Ubuntu Bionic):
status:	Fix Committed → Fix Released

Ubuntu
linux package

Fix oops in skb_segment for Bionic series

Bug Description

Other bug subscribers

Remote bug watches

Affects		Status	Importance	Assigned to	Milestone
	linux (Ubuntu)	Invalid	Medium	Guilherme G. Piccoli
	Bionic	Fix Released	Medium	Guilherme G. Piccoli

Ubuntulinux package

Fix oops in skb_segment for Bionic series

Bug Description

Other bug subscribers

Remote bug watches

Ubuntu
linux package