Vsock connect fails with ENODEV for large CID

Bug #1813934 reported by bugproxy on 2019-01-30
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Ubuntu on IBM z Systems
High
Canonical Kernel Team
linux (Ubuntu)
High
Skipper Bug Screeners
Bionic
High
Stefan Bader
Cosmic
High
Unassigned

Bug Description

- Problem Descripion:
Kernel 4.19 introduced a bug in the Vsock protocol when using a large Context ID.

E.g.
CID 0xfff000 works correctly but
CID 0xfff001 fails with ENODEV when trying to connect to the listener.

The issue now also shows up in Ubuntu 18.04 with
 -> kernel 4.15.0-44-generic #47-Ubuntu
on x86_64 and s390x.

It is already fixed upstream kernel by:
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=7fbe078c37aba3088359c9256c1a1d0c3e39ee81

bugproxy (bugproxy) on 2019-01-30
tags: added: architecture-s39064 bugnameltc-175098 severity-high targetmilestone-inin1804
Changed in ubuntu:
assignee: nobody → Skipper Bug Screeners (skipper-screen-team)
affects: ubuntu → linux (Ubuntu)
Changed in ubuntu-z-systems:
importance: Undecided → High
assignee: nobody → Canonical Kernel Team (canonical-kernel-team)
Stefan Bader (smb) on 2019-01-30
Changed in linux (Ubuntu Bionic):
assignee: nobody → Stefan Bader (smb)
importance: Undecided → Medium
status: New → In Progress
importance: Medium → High
Changed in linux (Ubuntu):
status: New → Triaged
importance: Undecided → High
Stefan Bader (smb) on 2019-01-30
Changed in linux (Ubuntu Cosmic):
importance: Undecided → High
status: New → In Progress
Changed in ubuntu-z-systems:
status: New → In Progress
Seth Forshee (sforshee) on 2019-01-31
Changed in linux (Ubuntu):
status: Triaged → Fix Committed
Changed in linux (Ubuntu Bionic):
status: In Progress → Fix Committed
Changed in linux (Ubuntu Cosmic):
status: In Progress → Fix Committed
Changed in ubuntu-z-systems:
status: In Progress → Fix Committed

------- Comment From <email address hidden> 2019-02-05 10:24 EDT-------
When will this kernel update delivered? within the current SRU?

Frank Heimes (frank-heimes) wrote :

This made it into the current kernel SRU cycle with the dates:

Kernel SRU cycle: 04-Feb through 24-Feb
    30-Jan Last day for kernel commits for this cycle
   04-Feb 08-Feb Kernel prep week
    11-Feb 22-Feb Bug verification & Regression testing
    25-Feb Release to -updates

Hence the plan is to have it available in the release pocket by Feb the 25th.
But it will already be earlier available via proposed.

Brad Figg (brad-figg) wrote :

This bug is awaiting verification that the kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-cosmic' to 'verification-done-cosmic'. If the problem still exists, change the tag 'verification-needed-cosmic' to 'verification-failed-cosmic'.

If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you!

tags: added: verification-needed-cosmic
bugproxy (bugproxy) wrote :

------- Comment From <email address hidden> 2019-02-12 07:57 EDT-------
I confirm the proposed kernel fixes the issue.

Kernel: 4.18.0-16-generic #17-Ubuntu
Architectures: s390x, x86_64
OS: Ubuntu 18.10 cosmic

Thanks.

Frank Heimes (frank-heimes) wrote :

Many thanks Peter!
Adjusting tags accordingly ...

tags: added: verification-done-cosmic
removed: verification-needed-cosmic
Launchpad Janitor (janitor) wrote :
Download full text (12.4 KiB)

This bug was fixed in the package linux - 4.19.0-13.14

---------------
linux (4.19.0-13.14) disco; urgency=medium

  * linux: 4.19.0-13.14 -proposed tracker (LP: #1815103)

  * linux-buildinfo: pull out ABI information into its own package
    (LP: #1806380)
    - [Packaging] autoreconstruct -- base tag is always primary mainline version

  * [Packaging] Allow overlay of config annotations (LP: #1752072)
    - [Packaging] config-check: Add an include directive

  * Disco update: 4.19.20 upstream stable release (LP: #1815090)
    - Fix "net: ipv4: do not handle duplicate fragments as overlapping"
    - drm/msm/gpu: fix building without debugfs
    - ipv6: Consider sk_bound_dev_if when binding a socket to an address
    - ipv6: sr: clear IP6CB(skb) on SRH ip4ip6 encapsulation
    - ipvlan, l3mdev: fix broken l3s mode wrt local routes
    - l2tp: copy 4 more bytes to linear part if necessary
    - l2tp: fix reading optional fields of L2TPv3
    - net: ip_gre: always reports o_key to userspace
    - net: ip_gre: use erspan key field for tunnel lookup
    - net/mlx4_core: Add masking for a few queries on HCA caps
    - netrom: switch to sock timer API
    - net/rose: fix NULL ax25_cb kernel panic
    - net: set default network namespace in init_dummy_netdev()
    - ravb: expand rx descriptor data to accommodate hw checksum
    - sctp: improve the events for sctp stream reset
    - tun: move the call to tun_set_real_num_queues
    - ucc_geth: Reset BQL queue when stopping device
    - net: ip6_gre: always reports o_key to userspace
    - sctp: improve the events for sctp stream adding
    - net/mlx5e: Allow MAC invalidation while spoofchk is ON
    - ip6mr: Fix notifiers call on mroute_clean_tables()
    - Revert "net/mlx5e: E-Switch, Initialize eswitch only if eswitch manager"
    - sctp: set chunk transport correctly when it's a new asoc
    - sctp: set flow sport from saddr only when it's 0
    - virtio_net: Don't enable NAPI when interface is down
    - virtio_net: Don't call free_old_xmit_skbs for xdp_frames
    - virtio_net: Fix not restoring real_num_rx_queues
    - virtio_net: Fix out of bounds access of sq
    - virtio_net: Don't process redirected XDP frames when XDP is disabled
    - virtio_net: Use xdp_return_frame to free xdp_frames on destroying vqs
    - virtio_net: Differentiate sk_buff and xdp_frame on freeing
    - CIFS: Do not count -ENODATA as failure for query directory
    - CIFS: Fix trace command logging for SMB2 reads and writes
    - CIFS: Do not consider -ENODATA as stat failure for reads
    - fs/dcache: Fix incorrect nr_dentry_unused accounting in shrink_dcache_sb()
    - iommu/vt-d: Fix memory leak in intel_iommu_put_resv_regions()
    - selftests/seccomp: Enhance per-arch ptrace syscall skip tests
    - NFS: Fix up return value on fatal errors in nfs_page_async_flush()
    - ARM: cns3xxx: Fix writing to wrong PCI config registers after alignment
    - arm64: kaslr: ensure randomized quantities are clean also when kaslr is off
    - arm64: Do not issue IPIs for user executable ptes
    - arm64: hyp-stub: Forbid kprobing of the hyp-stub
    - arm64: hibernate: Clean the __hyp_text to PoC after resume
    - gpio: altera...

Changed in linux (Ubuntu):
status: Fix Committed → Fix Released
Brad Figg (brad-figg) wrote :

This bug is awaiting verification that the kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-bionic' to 'verification-done-bionic'. If the problem still exists, change the tag 'verification-needed-bionic' to 'verification-failed-bionic'.

If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you!

tags: added: verification-needed-bionic
bugproxy (bugproxy) wrote :

------- Comment From <email address hidden> 2019-02-18 02:58 EDT-------
I confirm the proposed kernel fixes the issue.

Kernel: 4.15.0-46-generic #49-Ubuntu
Architectures: s390x, x86_64
OS: Ubuntu 18.04 bionic

Thanks.

Frank Heimes (frank-heimes) wrote :

Thanks again, Peter.
I'm adjusting the tags accordingly ...

tags: added: verification-done-bionic
removed: verification-needed-bionic
Launchpad Janitor (janitor) wrote :
Download full text (11.4 KiB)

This bug was fixed in the package linux - 4.15.0-46.49

---------------
linux (4.15.0-46.49) bionic; urgency=medium

  * linux: 4.15.0-46.49 -proposed tracker (LP: #1814726)

  * mprotect fails on ext4 with dax (LP: #1799237)
    - x86/speculation/l1tf: Exempt zeroed PTEs from inversion

  * kernel BUG at /build/linux-vxxS7y/linux-4.15.0/mm/slub.c:296! (LP: #1812086)
    - iscsi target: fix session creation failure handling
    - scsi: iscsi: target: Set conn->sess to NULL when iscsi_login_set_conn_values
      fails
    - scsi: iscsi: target: Fix conn_ops double free

  * user_copy in user from ubuntu_kernel_selftests failed on KVM kernel
    (LP: #1812198)
    - selftests: user: return Kselftest Skip code for skipped tests
    - selftests: kselftest: change KSFT_SKIP=4 instead of KSFT_PASS
    - selftests: kselftest: Remove outdated comment

  * RTL8822BE WiFi Disabled in Kernel 4.18.0-12 (LP: #1806472)
    - SAUCE: staging: rtlwifi: allow RTLWIFI_DEBUG_ST to be disabled
    - [Config] CONFIG_RTLWIFI_DEBUG_ST=n
    - SAUCE: Add r8822be to signature inclusion list

  * kernel oops in bcache module (LP: #1793901)
    - SAUCE: bcache: never writeback a discard operation

  * CVE-2018-18397
    - userfaultfd: use ENOENT instead of EFAULT if the atomic copy user fails
    - userfaultfd: shmem: allocate anonymous memory for MAP_PRIVATE shmem
    - userfaultfd: shmem/hugetlbfs: only allow to register VM_MAYWRITE vmas
    - userfaultfd: shmem: add i_size checks
    - userfaultfd: shmem: UFFDIO_COPY: set the page dirty if VM_WRITE is not set

  * Ignore "incomplete report" from Elan touchpanels (LP: #1813733)
    - HID: i2c-hid: Ignore input report if there's no data present on Elan
      touchpanels

  * Vsock connect fails with ENODEV for large CID (LP: #1813934)
    - vhost/vsock: fix vhost vsock cid hashing inconsistent

  * SRU: Fix thinkpad 11e 3rd boot hang (LP: #1804604)
    - ACPI / LPSS: Force LPSS quirks on boot

  * Bionic update: upstream stable patchset 2019-01-17 (LP: #1812229)
    - scsi: sd_zbc: Fix variable type and bogus comment
    - KVM/Eventfd: Avoid crash when assign and deassign specific eventfd in
      parallel.
    - x86/apm: Don't access __preempt_count with zeroed fs
    - x86/events/intel/ds: Fix bts_interrupt_threshold alignment
    - x86/MCE: Remove min interval polling limitation
    - fat: fix memory allocation failure handling of match_strdup()
    - ALSA: hda/realtek - Add Panasonic CF-SZ6 headset jack quirk
    - ARCv2: [plat-hsdk]: Save accl reg pair by default
    - ARC: Fix CONFIG_SWAP
    - ARC: configs: Remove CONFIG_INITRAMFS_SOURCE from defconfigs
    - ARC: mm: allow mprotect to make stack mappings executable
    - mm: memcg: fix use after free in mem_cgroup_iter()
    - mm/huge_memory.c: fix data loss when splitting a file pmd
    - cpufreq: intel_pstate: Register when ACPI PCCH is present
    - vfio/pci: Fix potential Spectre v1
    - stop_machine: Disable preemption when waking two stopper threads
    - drm/i915: Fix hotplug irq ack on i965/g4x
    - drm/nouveau: Use drm_connector_list_iter_* for iterating connectors
    - drm/nouveau: Avoid looping through fake MST connectors
    - gen_stats: Fix netl...

Changed in linux (Ubuntu Bionic):
status: Fix Committed → Fix Released
Launchpad Janitor (janitor) wrote :
Download full text (3.3 KiB)

This bug was fixed in the package linux - 4.18.0-16.17

---------------
linux (4.18.0-16.17) cosmic; urgency=medium

  * linux: 4.18.0-16.17 -proposed tracker (LP: #1814749)

  * Packaging resync (LP: #1786013)
    - [Packaging] update helper scripts

  * CVE-2018-16880
    - vhost: fix OOB in get_rx_bufs()

  * RTL8822BE WiFi Disabled in Kernel 4.18.0-12 (LP: #1806472)
    - SAUCE: staging: rtlwifi: allow RTLWIFI_DEBUG_ST to be disabled
    - [Config] CONFIG_RTLWIFI_DEBUG_ST=n
    - SAUCE: Add r8822be to signature inclusion list

  * kernel oops in bcache module (LP: #1793901)
    - SAUCE: bcache: never writeback a discard operation

  * CVE-2018-18397
    - userfaultfd: use ENOENT instead of EFAULT if the atomic copy user fails
    - userfaultfd: shmem: allocate anonymous memory for MAP_PRIVATE shmem
    - userfaultfd: shmem/hugetlbfs: only allow to register VM_MAYWRITE vmas
    - userfaultfd: shmem: add i_size checks
    - userfaultfd: shmem: UFFDIO_COPY: set the page dirty if VM_WRITE is not set

  * Ignore "incomplete report" from Elan touchpanels (LP: #1813733)
    - HID: i2c-hid: Ignore input report if there's no data present on Elan
      touchpanels

  * Vsock connect fails with ENODEV for large CID (LP: #1813934)
    - vhost/vsock: fix vhost vsock cid hashing inconsistent

  * Fix non-working pinctrl-intel (LP: #1811777)
    - pinctrl: intel: Do pin translation in other GPIO operations as well

  * ip6_gre: fix tunnel list corruption for x-netns (LP: #1812875)
    - ip6_gre: fix tunnel list corruption for x-netns

  * Backported commit breaks audio (fixed upstream) (LP: #1811566)
    - ASoC: intel: cht_bsw_max98090_ti: Add quirk for boards using pmc_plt_clk_0
    - ASoC: intel: cht_bsw_max98090_ti: Add pmc_plt_clk_0 quirk for Chromebook
      Clapper
    - ASoC: intel: cht_bsw_max98090_ti: Add pmc_plt_clk_0 quirk for Chromebook
      Gnawty

  * kvm_stat : missing python dependency (LP: #1798776)
    - tools/kvm_stat: switch to python3

  * [SRU] Fix Xorg crash with nomodeset when BIOS enable 64-bit fb addr
    (LP: #1812797)
    - vgaarb: Add support for 64-bit frame buffer address
    - vgaarb: Keep adding VGA device in queue

  * Fix non-working QCA Rome Bluetooth after S3 (LP: #1812812)
    - USB: Add new USB LPM helpers
    - USB: Consolidate LPM checks to avoid enabling LPM twice

  * [SRU] IO's are issued with incorrect Scatter Gather Buffer (LP: #1795453)
    - scsi: megaraid_sas: Use 63-bit DMA addressing

  * x86/mm: Found insecure W+X mapping at address (ptrval)/0xc00a0000
    (LP: #1813532)
    - x86/mm: Do not warn about PCI BIOS W+X mappings

  * CVE-2019-6133
    - fork: record start_time late

  * Fix not working Goodix touchpad (LP: #1811929)
    - HID: i2c-hid: Disable runtime PM on Goodix touchpad

  * bluetooth controller not detected with 4.15 kernel (LP: #1810797)
    - SAUCE: btqcomsmd: introduce BT_QCOMSMD_HACK
    - [Config] arm64: snapdragon: BT_QCOMSMD_HACK=y

  * X1 Extreme: only one of the two SSDs is loaded (LP: #1811755)
    - nvme-core: rework a NQN copying operation
    - nvme: pad fake subsys NQN vid and ssvid with zeros
    - nvme: introduce NVME_QUIRK_IGNORE_DEV_SUBNQN

  * Crash on "ip link add f...

Read more...

Changed in linux (Ubuntu Cosmic):
status: Fix Committed → Fix Released
Changed in ubuntu-z-systems:
status: Fix Committed → Fix Released
bugproxy (bugproxy) wrote :

------- Comment From <email address hidden> 2019-03-06 07:30 EDT-------
IBM bugzilla status-> closed, Fix released for all required distros

To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers