Ubuntu
linux package

systemd cause kernel trace "BUG: unable to handle kernel paging request at 6db23a14" on Cosmic i386

Bug #1813244 reported by Po-Hsu Lin
38
This bug affects 5 people
Affects Status Importance Assigned to Milestone
linux (Ubuntu)
Fix Released
Undecided
Andrea Righi
Trusty
Fix Committed
Undecided
Unassigned
Xenial
Fix Released
Undecided
Unassigned
Bionic
Fix Released
Undecided
Unassigned
Cosmic
Fix Released
Undecided
Unassigned

Bug Description

SRU Justification:

[Impact]

 * Flow action buffer can be incorrectly resized to contain the newly added action entries: the buffer is always resized multiplying the previous size by 2, but this might be not enough if the requested size is bigger than previous_size*2, causing a buffer overflow

 * The fix correctly resizes the buffer to prevent the buffer overflow

 * Despite the subject this bug can be triggered potentially on any architecture, but it is very likely to happen on i386 running the following test case

[Test Case]

 * run this openvswitch test case: https://launchpadlibrarian.net/416589265/lp1262692

[Fix]

 * Instead of resizing the buffer by a factor of 2, use max(current_size * 2, current_size + requested_size)

[Regression Potential]

 * Fix has been tested on the affected platform and verified using slub_debug. The patch has been queued up for -stable by David Miller, it will be included upstream for the next merge window. It is also a very small patch (a one-liner basically), so backport changes are minimal.

[Original bug report]

This issue was found after leaving a SUT to run overnight (was testing the ubuntu_cts_kernel test 13 hours ago before this happens). Can't tell if this is a regression, as I haven't find a way to reproduce it. But I do see similar reports on the Internet [1]

After checking the systemd service timers, it looks like this is caused by the logrotate.service:

$ sudo systemctl list-timers --all
NEXT LEFT LAST PASSED UNIT ACTIVATES
Fri 2019-01-25 06:18:58 UTC 1h 40min left Thu 2019-01-24 06:34:15 UTC 22h ago apt-daily-upgrade.timer apt-daily-upgrade.service
Fri 2019-01-25 09:15:54 UTC 4h 37min left Fri 2019-01-25 03:43:24 UTC 55min ago apt-daily.timer apt-daily.service
Fri 2019-01-25 17:02:47 UTC 12h left Fri 2019-01-25 04:20:17 UTC 18min ago motd-news.timer motd-news.service
Sat 2019-01-26 00:00:00 UTC 19h left Fri 2019-01-25 00:00:37 UTC 4h 38min ago logrotate.timer logrotate.service
Sat 2019-01-26 04:02:38 UTC 23h left Fri 2019-01-25 04:02:38 UTC 36min ago systemd-tmpfiles-clean.timer systemd-tmpfiles-clean.serv
Mon 2019-01-28 00:00:00 UTC 2 days left Wed 2019-01-23 10:44:18 UTC 1 day 17h ago fstrim.timer fstrim.service
n/a n/a n/a n/a snapd.snap-repair.timer snapd.snap-repair.service

7 timers listed.

After this happens, you won't be able to reboot it with the command.
$ sudo reboot
sudo: unable to resolve host onza: Resource temporarily unavailable
Killed

Here is the error message, please refer to the attachment for a complete syslog:

Jan 25 00:00:37 onza systemd[1]: Starting Rotate log files...
Jan 25 00:00:37 onza kernel: [45282.956634] BUG: unable to handle kernel paging request at 6db23a14
Jan 25 00:00:37 onza kernel: [45282.962902] *pdpt = 0000000033fa1001 *pde = 0000000000000000
Jan 25 00:00:37 onza kernel: [45282.968650] Oops: 0000 [#1] SMP
Jan 25 00:00:37 onza kernel: [45282.971796] CPU: 0 PID: 407 Comm: systemd-journal Not tainted 4.18.0-14-generic #15-Ubuntu
Jan 25 00:00:37 onza kernel: [45282.980330] Hardware name: Dell Inc. PowerEdge R310/05XKKK, BIOS 1.11.0 09/18/2012
Jan 25 00:00:37 onza kernel: [45282.988127] EIP: __kmalloc+0xc9/0x240
Jan 25 00:00:37 onza kernel: [45282.991785] Code: 4d e0 8d 4a 01 31 c6 8b 45 f0 89 75 dc 31 f3 8b 37 64 0f c7 0e 0f 94 c0 84 c0 74 b9 8b 75 e4 8b 45 dc 39 45 e0 74 0e 03 5f 14 <33> 1b 33 9f b4 00 00 00 0f 18 03 f7 45 ec 00 80 00 00 0f 85 3f 01
Jan 25 00:00:37 onza kernel: [45283.011254] EAX: 9e20b374 EBX: 6db23a14 ECX: 0000350d EDX: 0000350c
Jan 25 00:00:37 onza kernel: [45283.017769] ESI: eac03a00 EDI: eac03a00 EBP: f461fd9c ESP: f461fd74
Jan 25 00:00:37 onza kernel: [45283.024304] DS: 007b ES: 007b FS: 00d8 GS: 00e0 SS: 0068 EFLAGS: 00010206
Jan 25 00:00:37 onza kernel: [45283.031245] CR0: 80050033 CR2: 6db23a14 CR3: 29d304a0 CR4: 000006f0
Jan 25 00:00:37 onza kernel: [45283.037770] Call Trace:
Jan 25 00:00:37 onza kernel: [45283.040395] ? ext4_htree_store_dirent+0x2e/0x120
Jan 25 00:00:37 onza kernel: [45283.045255] ext4_htree_store_dirent+0x2e/0x120
Jan 25 00:00:37 onza kernel: [45283.049951] htree_dirblock_to_tree+0xd2/0x230
Jan 25 00:00:37 onza kernel: [45283.054562] ext4_htree_fill_tree+0x7f/0x2c0
Jan 25 00:00:37 onza kernel: [45283.058991] ? kmem_cache_alloc_trace+0x167/0x1e0
Jan 25 00:00:37 onza kernel: [45283.063849] ? ext4_readdir+0x9d4/0xb10
Jan 25 00:00:37 onza kernel: [45283.067854] ext4_readdir+0x6aa/0xb10
Jan 25 00:00:37 onza kernel: [45283.071687] ? _copy_to_user+0x21/0x30
Jan 25 00:00:37 onza kernel: [45283.075597] ? do_statfs64+0x34/0x60
Jan 25 00:00:37 onza kernel: [45283.079334] ? security_file_permission+0x7c/0xb0
Jan 25 00:00:37 onza kernel: [45283.084306] iterate_dir+0x15c/0x1a0
Jan 25 00:00:37 onza kernel: [45283.087883] ksys_getdents64+0x6f/0x110
Jan 25 00:00:37 onza kernel: [45283.091853] ? iterate_dir+0x1a0/0x1a0
Jan 25 00:00:37 onza kernel: [45283.095771] sys_getdents64+0x16/0x20
Jan 25 00:00:37 onza kernel: [45283.099595] do_fast_syscall_32+0x7f/0x1e0
Jan 25 00:00:37 onza kernel: [45283.103858] entry_SYSENTER_32+0x4e/0x7c
Jan 25 00:00:37 onza kernel: [45283.107938] EIP: 0xb7ef4d41
Jan 25 00:00:37 onza kernel: [45283.110898] Code: f6 ff ff 55 89 e5 8b 55 08 8b 80 5c cd ff ff 85 d2 74 02 89 02 5d c3 8b 04 24 c3 8b 1c 24 c3 90 90 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d 76 00 58 b8 77 00 00 00 cd 80 90 8d 76
Jan 25 00:00:37 onza kernel: [45283.130298] EAX: ffffffda EBX: 00000021 ECX: 02219dec EDX: 00008000
Jan 25 00:00:37 onza kernel: [45283.136824] ESI: ffffffb4 EDI: 00000000 EBP: 02219dd0 ESP: bff8f5e8
Jan 25 00:00:37 onza kernel: [45283.143245] DS: 007b ES: 007b FS: 0000 GS: 0033 SS: 007b EFLAGS: 00000296
Jan 25 00:00:37 onza kernel: [45283.150299] Modules linked in: iptable_nat ip_gre gre ip_tunnel dummy iptable_filter xt_recent bpfilter openvswitch nsh nf_conntrack_ipv6 nf_nat_ipv6 nf_conntrack_ipv4 nf_defrag_ipv4 nf_nat_ipv4 nf_defrag_ipv6 nf_conncount nf_nat nf_conntrack intel_powerclamp coretemp ipmi_ssif kvm_intel kvm dcdbas ipmi_si joydev irqbypass intel_cstate input_leds ipmi_devintf i7core_edac ipmi_msghandler acpi_power_meter mac_hid sch_fq_codel ib_iser rdma_cm iw_cm ib_cm ib_core iscsi_tcp libiscsi_tcp libiscsi scsi_transport_iscsi ip_tables x_tables autofs4 btrfs zstd_compress raid10 raid456 async_raid6_recov async_memcpy async_pq async_xor async_tx xor raid6_pq libcrc32c raid1 raid0 multipath linear mgag200 i2c_algo_bit ttm hid_generic drm_kms_helper gpio_ich syscopyarea sysfillrect sysimgblt mpt3sas fb_sys_fops drm
Jan 25 00:00:37 onza kernel: [45283.222723] usbhid raid_class pata_acpi lpc_ich hid scsi_transport_sas bnx2 wmi
Jan 25 00:00:37 onza kernel: [45283.230378] CR2: 000000006db23a14
Jan 25 00:00:37 onza kernel: [45283.233894] ---[ end trace a12425d45f6ac772 ]---

[1] https://forum.manjaro.org/t/systemd-timer-crashing-my-system-at-midnight/19609
[2]

ProblemType: Bug
DistroRelease: Ubuntu 18.10
Package: linux-image-4.18.0-14-generic 4.18.0-14.15
ProcVersionSignature: User Name 4.18.0-14.15-generic 4.18.20
Uname: Linux 4.18.0-14-generic i686
AlsaDevices:
 total 0
 crw-rw---- 1 root audio 116, 1 Jan 25 03:48 seq
 crw-rw---- 1 root audio 116, 33 Jan 25 03:48 timer
AplayDevices: Error: [Errno 2] No such file or directory: 'aplay': 'aplay'
ApportVersion: 2.20.10-0ubuntu13.1
Architecture: i386
ArecordDevices: Error: [Errno 2] No such file or directory: 'arecord': 'arecord'
AudioDevicesInUse: Error: command ['fuser', '-v', '/dev/snd/seq', '/dev/snd/timer'] failed with exit code 1:
CurrentDmesg:

Date: Fri Jan 25 04:18:08 2019
IwConfig: Error: [Errno 2] No such file or directory: 'iwconfig': 'iwconfig'
MachineType: Dell Inc. PowerEdge R310
PciMultimedia:

ProcFB: 0 mgadrmfb
ProcKernelCmdLine: BOOT_IMAGE=/boot/vmlinuz-4.18.0-14-generic root=UUID=6aaa11f6-d386-4c0c-b4b8-38e6c408980a ro console=ttyS0,115200n8
RelatedPackageVersions:
 linux-restricted-modules-4.18.0-14-generic N/A
 linux-backports-modules-4.18.0-14-generic N/A
 linux-firmware 1.175.1
RfKill: Error: [Errno 2] No such file or directory: 'rfkill': 'rfkill'
SourcePackage: linux
UpgradeStatus: No upgrade log present (probably fresh install)
dmi.bios.date: 09/18/2012
dmi.bios.vendor: Dell Inc.
dmi.bios.version: 1.11.0
dmi.board.name: 05XKKK
dmi.board.vendor: Dell Inc.
dmi.board.version: A05
dmi.chassis.type: 23
dmi.chassis.vendor: Dell Inc.
dmi.modalias: dmi:bvnDellInc.:bvr1.11.0:bd09/18/2012:svnDellInc.:pnPowerEdgeR310:pvr:rvnDellInc.:rn05XKKK:rvrA05:cvnDellInc.:ct23:cvr:
dmi.product.name: PowerEdge R310
dmi.sys.vendor: Dell Inc.
---
ProblemType: Bug
AlsaDevices:
 total 0
 crw-rw---- 1 root audio 116, 1 Jan 25 03:48 seq
 crw-rw---- 1 root audio 116, 33 Jan 25 03:48 timer
AplayDevices: Error: [Errno 2] No such file or directory: 'aplay': 'aplay'
ApportVersion: 2.20.10-0ubuntu13.1
Architecture: i386
ArecordDevices: Error: [Errno 2] No such file or directory: 'arecord': 'arecord'
AudioDevicesInUse: Error: command ['fuser', '-v', '/dev/snd/seq', '/dev/snd/timer'] failed with exit code 1:
CurrentDmesg:
 [ 1844.906725] cfg80211: Loading compiled-in X.509 certificates for regulatory database
 [ 1844.913322] cfg80211: Loaded X.509 cert 'sforshee: 00b28ddf47aef9cea7'
DistroRelease: Ubuntu 18.10
IwConfig: Error: [Errno 2] No such file or directory: 'iwconfig': 'iwconfig'
MachineType: Dell Inc. PowerEdge R310
Package: linux (not installed)
PciMultimedia:

ProcFB: 0 mgadrmfb
ProcKernelCmdLine: BOOT_IMAGE=/boot/vmlinuz-4.18.0-14-generic root=UUID=6aaa11f6-d386-4c0c-b4b8-38e6c408980a ro console=ttyS0,115200n8
ProcVersionSignature: User Name 4.18.0-14.15-generic 4.18.20
RelatedPackageVersions:
 linux-restricted-modules-4.18.0-14-generic N/A
 linux-backports-modules-4.18.0-14-generic N/A
 linux-firmware 1.175.1
RfKill: Error: [Errno 2] No such file or directory: 'rfkill': 'rfkill'
Tags: cosmic uec-images
Uname: Linux 4.18.0-14-generic i686
UpgradeStatus: No upgrade log present (probably fresh install)
UserGroups: adm audio cdrom dialout dip floppy netdev plugdev sudo video
_MarkForUpload: True
dmi.bios.date: 09/18/2012
dmi.bios.vendor: Dell Inc.
dmi.bios.version: 1.11.0
dmi.board.name: 05XKKK
dmi.board.vendor: Dell Inc.
dmi.board.version: A05
dmi.chassis.type: 23
dmi.chassis.vendor: Dell Inc.
dmi.modalias: dmi:bvnDellInc.:bvr1.11.0:bd09/18/2012:svnDellInc.:pnPowerEdgeR310:pvr:rvnDellInc.:rn05XKKK:rvrA05:cvnDellInc.:ct23:cvr:
dmi.product.name: PowerEdge R310
dmi.sys.vendor: Dell Inc.

See original description
Revision history for this message
Po-Hsu Lin (cypressyew) wrote :
Revision history for this message
Ubuntu Kernel Bot (ubuntu-kernel-bot) wrote : Missing required logs.

This bug is missing log files that will aid in diagnosing the problem. While running an Ubuntu kernel (not a mainline or third-party kernel) please enter the following command in a terminal window:

apport-collect 1813244

and then change the status of the bug to 'Confirmed'.

If, due to the nature of the issue you have encountered, you are unable to run this command, please add a comment stating that fact and change the bug status to 'Confirmed'.

This change has been made by an automated script, maintained by the Ubuntu Kernel Team.

Changed in linux (Ubuntu):
status: New → Incomplete
Revision history for this message
Po-Hsu Lin (cypressyew) wrote : CRDA.txt

apport information

tags: added: apport-collected
description: updated
Revision history for this message
Po-Hsu Lin (cypressyew) wrote : Lspci.txt

apport information

Revision history for this message
Po-Hsu Lin (cypressyew) wrote : Lsusb.txt

apport information

Revision history for this message
Po-Hsu Lin (cypressyew) wrote : ProcCpuinfo.txt

apport information

Revision history for this message
Po-Hsu Lin (cypressyew) wrote : ProcCpuinfoMinimal.txt

apport information

Revision history for this message
Po-Hsu Lin (cypressyew) wrote : ProcEnviron.txt

apport information

Revision history for this message
Po-Hsu Lin (cypressyew) wrote : ProcInterrupts.txt

apport information

Revision history for this message
Po-Hsu Lin (cypressyew) wrote : ProcModules.txt

apport information

Revision history for this message
Po-Hsu Lin (cypressyew) wrote : UdevDb.txt

apport information

Revision history for this message
Po-Hsu Lin (cypressyew) wrote : WifiSyslog.txt

apport information

Revision history for this message
Po-Hsu Lin (cypressyew) wrote : Re: systemd logrotate cause kernel trace "BUG: unable to handle kernel paging request at 6db23a14" on Cosmic i386
Download full text (4.9 KiB)

Tried to reproduce this with:
  1. NTP time sync set to false
  2. Change the time to 23:57:00
  3. Run the ubuntu_cts_kernel test and wait for the logrotate to kick in

I can't reproduce this issue in this way.

However I got another i386 node running with B-hwe that failed with another systemd related task, after the ubuntu_cts_kernel test:

Jan 25 04:17:35 pepe kernel: [ 304.413908] audit: type=1400 audit(1548389855.757:26): apparmor="STATUS" operation="profile_replace" info="same as current profile, skipping" profile="unconfined" name="/home/ubuntu/autotest/client/results/default/ubuntu_cts_kernel.lp1026116/sleep1" pid=4158 comm="apparmor_parser"
Jan 25 04:17:36 pepe systemd-networkd[706]: gre_sys: Gained IPv6LL
Jan 25 04:17:36 pepe systemd-timesyncd[568]: Network configuration changed, trying to establish connection.
Jan 25 04:17:36 pepe systemd-timesyncd[568]: Synchronized to time server 10.246.72.3:123 (10.246.72.3).
Jan 25 04:19:04 pepe kernel: [ 393.227539] BUG: unable to handle kernel paging request at 1cab2fe3
Jan 25 04:19:04 pepe kernel: [ 393.233797] *pdpt = 0000000025377001 *pde = 0000000000000000
Jan 25 04:19:04 pepe kernel: [ 393.239571] Oops: 0000 [#1] SMP
Jan 25 04:19:04 pepe kernel: [ 393.242821] CPU: 3 PID: 7541 Comm: dpkg Not tainted 4.18.0-14-generic #15~18.04.1-Ubuntu
Jan 25 04:19:04 pepe kernel: [ 393.250983] Hardware name: Dell Inc. PowerEdge R310/05XKKK, BIOS 1.8.2 08/17/2011
Jan 25 04:19:04 pepe kernel: [ 393.258544] EIP: __kmalloc+0xc7/0x240
Jan 25 04:19:04 pepe kernel: [ 393.262234] Code: 00 89 cb 89 4d e0 8d 4a 01 89 45 dc 31 c3 8b 45 f0 64 0f c7 0e 0f 94 c0 84 c0 74 bb 8b 45 dc 39 45 e0 8b 75 e4 74 0e 03 5f 14 <33> 1b 33 9f b4 00 00 00 0f 18 03 f7 45 ec 00 80 00 00 0f 85 41 01
Jan 25 04:19:04 pepe kernel: [ 393.281135] EAX: ee5c5263 EBX: 1cab2fe3 ECX: 00002502 EDX: 00002501
Jan 25 04:19:04 pepe kernel: [ 393.287401] ESI: eac03a00 EDI: eac03a00 EBP: e4c59d9c ESP: e4c59d74
Jan 25 04:19:04 pepe kernel: [ 393.293666] DS: 007b ES: 007b FS: 00d8 GS: 00e0 SS: 0068 EFLAGS: 00010202
Jan 25 04:19:04 pepe kernel: [ 393.300531] CR0: 80050033 CR2: 1cab2fe3 CR3: 2a362f80 CR4: 000006f0
Jan 25 04:19:04 pepe kernel: [ 393.306900] Call Trace:
Jan 25 04:19:04 pepe kernel: [ 393.309346] ? ext4_htree_store_dirent+0x31/0x120
Jan 25 04:19:04 pepe kernel: [ 393.314105] ext4_htree_store_dirent+0x31/0x120
Jan 25 04:19:04 pepe kernel: [ 393.318680] htree_dirblock_to_tree+0xd2/0x240
Jan 25 04:19:04 pepe kernel: [ 393.323162] ? terminate_walk+0x95/0x100
Jan 25 04:19:04 pepe kernel: [ 393.327102] ext4_htree_fill_tree+0x93/0x2b0
Jan 25 04:19:04 pepe kernel: [ 393.331412] ? kmem_cache_alloc_trace+0x167/0x1e0
Jan 25 04:19:04 pepe kernel: [ 393.336149] ? ext4_readdir+0x9bd/0xb00
Jan 25 04:19:04 pepe kernel: [ 393.340033] ext4_readdir+0x718/0xb00
Jan 25 04:19:04 pepe kernel: [ 393.343711] ? security_file_permission+0x93/0xb0
Jan 25 04:19:04 pepe kernel: [ 393.348458] iterate_dir+0x8d/0x190
Jan 25 04:19:04 pepe kernel: [ 393.351977] ksys_getdents64+0x6f/0x100
Jan 25 04:19:04 pepe kernel: [ 393.355858] ? iterate_dir+0x190/0x190
Jan 25 04:19:04 pepe kernel: [ 393.359629] sys_getdents64+0x16/0x20
Jan 25 04:19:04...

Read more...

Po-Hsu Lin (cypressyew)
Changed in linux (Ubuntu):
status: Incomplete → Confirmed
Revision history for this message
Po-Hsu Lin (cypressyew) wrote :

This issue was successfully reproduced with the Cosmic kernel in -updates. Not 100% reproducible but this is what I did:

First successful attempt
  1. Watch the syslog on SUT, run the ubuntu_cts_kernel on the SUT
  2. Wait for a while, and this issue occurs (unfortunately I can't get the log, the initial error message got flushed away with the following destroy_worker+0x58/0x70 messages)

Second successful attempt:
  1. Watch the syslog on SUT, run the ubuntu_cts_kernel on the SUT
  2. Wait for a while
  3. SSH to SUT
It looks like when the systemd kicks in, this will happen. Please refer to the attachment for the syslog output in this attempt.

Po-Hsu Lin (cypressyew)
summary: - systemd logrotate cause kernel trace "BUG: unable to handle kernel
- paging request at 6db23a14" on Cosmic i386
+ systemd cause kernel trace "BUG: unable to handle kernel paging request
+ at 6db23a14" on Cosmic i386
Revision history for this message
Andrea Righi (arighi) wrote :

I have also been able to reproduce this bug with 4.18.0-10, 4.18.0-13, 4.18.0-14 and 4.18.0-16. So it doesn't seem to be a regression.

Revision history for this message
Launchpad Janitor (janitor) wrote :

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in linux (Ubuntu Cosmic):
status: New → Confirmed
Revision history for this message
Andrea Righi (arighi) wrote :

I did more tests with this, it looks like the problem is hidden somewhere in openvswitch. The specific test case that seems to trigger the bug 100% of the time is the one attached, but it requires to change the time immediately before running it (for example using date --set "23:57:00", as suggested before).

An interesting thing that I've tried is to always return an error from ovs_vport_alloc(), this obviously prevents openvswitch from working, but with this change applied I wasn't able to trigger the bug. This requires more investigation, but it looks like somewhere in the openvswitch is corrupting some allocated memory, triggering the kernel bug from other random places.

Revision history for this message
Andrea Righi (arighi) wrote :

With this patch applied I can't reproduce the problem anymore.
See also: https://lkml.org/lkml/2019/3/27/1762

Ubuntu Foundations Team Bug Bot (crichton)
tags: added: patch
Revision history for this message
Andrea Righi (arighi) wrote :

New patch after the review from the LKML.

Andrea Righi (arighi)
description: updated
Revision history for this message
Andrea Righi (arighi) wrote :

Fix has been merged upstream.

Revision history for this message
James Page (james-page) wrote :

@arighi - will this fix go into disco soon? I have an OVS upload for a high fix blocked on failing tests on i386 - just need to know whether to update the hinter or wait for the fix.

Revision history for this message
Juerg Haefliger (juergh) wrote :

@james-page, the fix has been sent to the Ubuntu kernel mailing list [1], so it's scheduled for the next SRU cycle (assuming it gets two ACKs).

[1] https://lists.ubuntu.com/archives/kernel-team/2019-April/099883.html

Revision history for this message
James Page (james-page) wrote :

@juergh ok I'll propose a hint for disco them!

Po-Hsu Lin (cypressyew)
Changed in linux (Ubuntu):
assignee: nobody → Andrea Righi (arighi)
status: Confirmed → In Progress
Changed in linux (Ubuntu Xenial):
status: New → In Progress
Changed in linux (Ubuntu Bionic):
status: New → In Progress
Changed in linux (Ubuntu Cosmic):
status: Confirmed → In Progress
Seth Forshee (sforshee)
Changed in linux (Ubuntu):
status: In Progress → Fix Committed
Juerg Haefliger (juergh)
Changed in linux (Ubuntu Xenial):
status: In Progress → Fix Committed
Changed in linux (Ubuntu Bionic):
status: In Progress → Fix Committed
Changed in linux (Ubuntu Cosmic):
status: In Progress → Fix Committed
Revision history for this message
Juerg Haefliger (juergh) wrote :

The referenced patch fixes an earlier commit [1] that was added in the 3.11 time frame so Trusty needs this too.

[1] 74f84a5726c7 ("openvswitch: Copy individual actions.")

Changed in linux (Ubuntu Trusty):
status: New → Confirmed
Revision history for this message
Launchpad Janitor (janitor) wrote :
Download full text (50.5 KiB)

This bug was fixed in the package linux - 5.0.0-11.12

---------------
linux (5.0.0-11.12) disco; urgency=medium

  * linux: 5.0.0-11.12 -proposed tracker (LP: #1824383)

  * hns3: PPU_PF_ABNORMAL_INT_ST over_8bd_no_fe found [error status=0x1]
    (LP: #1824194)
    - net: hns3: fix for not calculating tx bd num correctly

  * disco: unable to use iptables/enable ufw under -virtual kernel
    (LP: #1823862)
    - [Packaging] add bpfilter to linux-modules

  * Make shiftfs a module rather than built-in (LP: #1824354)
    - [Config] CONFIG_SHIFT_FS=m

  * shiftfs: chown sets untranslated ids in lower fs (LP: #1824350)
    - SAUCE: shiftfs: use translated ids when chaning lower fs attrs

  * [Hyper-V] KVP daemon fails to start on first boot of disco VM (LP: #1820063)
    - [Packaging] bind hv_kvp_daemon startup to hv_kvp device

linux (5.0.0-10.11) disco; urgency=medium

  * linux: 5.0.0-10.11 -proposed tracker (LP: #1823936)

  * Apparmor enforcement failure in lxc selftests (LP: #1823379)
    - SAUCE: apparmor: Restore Y/N in /sys for apparmor's "enabled"

  * systemd cause kernel trace "BUG: unable to handle kernel paging request at
    6db23a14" on Cosmic i386 (LP: #1813244)
    - openvswitch: fix flow actions reallocation

linux (5.0.0-9.10) disco; urgency=medium

  * linux: 5.0.0-9.10 -proposed tracker (LP: #1823228)

  * Packaging resync (LP: #1786013)
    - [Packaging] resync git-ubuntu-log
    - [Packaging] update helper scripts
    - [Packaging] resync retpoline extraction

  * Huawei Hi1822 NIC has poor performance (LP: #1820187)
    - net-next/hinic: replace disable_irq_nosync/enable_irq

  * Add uid shifting overlay filesystem (shiftfs) (LP: #1823186)
    - shiftfs: uid/gid shifting bind mount
    - shiftfs: rework and extend
    - shiftfs: support some btrfs ioctls
    - [Config] enable shiftfs

  * Cannot boot or install - have to use nomodeset (LP: #1821820)
    - Revert "drm/i915/fbdev: Actually configure untiled displays"

  * Disco update: v5.0.6 upstream stable release (LP: #1823060)
    - netfilter: nf_tables: fix set double-free in abort path
    - dccp: do not use ipv6 header for ipv4 flow
    - genetlink: Fix a memory leak on error path
    - gtp: change NET_UDP_TUNNEL dependency to select
    - ipv6: make ip6_create_rt_rcu return ip6_null_entry instead of NULL
    - mac8390: Fix mmio access size probe
    - mISDN: hfcpci: Test both vendor & device ID for Digium HFC4S
    - net: aquantia: fix rx checksum offload for UDP/TCP over IPv6
    - net: datagram: fix unbounded loop in __skb_try_recv_datagram()
    - net/packet: Set __GFP_NOWARN upon allocation in alloc_pg_vec
    - net: phy: meson-gxl: fix interrupt support
    - net: rose: fix a possible stack overflow
    - net: stmmac: fix memory corruption with large MTUs
    - net-sysfs: call dev_hold if kobject_init_and_add success
    - net: usb: aqc111: Extend HWID table by QNAP device
    - packets: Always register packet sk in the same order
    - rhashtable: Still do rehash when we get EEXIST
    - sctp: get sctphdr by offset in sctp_compute_cksum
    - sctp: use memdup_user instead of vmemdup_user
    - tcp: do not use ipv6 header for ipv4 flow
    - tipc: allow servic...

Changed in linux (Ubuntu):
status: Fix Committed → Fix Released
Khaled El Mously (kmously)
Changed in linux (Ubuntu Trusty):
status: Confirmed → Fix Committed
Revision history for this message
Ubuntu Kernel Bot (ubuntu-kernel-bot) wrote :

This bug is awaiting verification that the kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-cosmic' to 'verification-done-cosmic'. If the problem still exists, change the tag 'verification-needed-cosmic' to 'verification-failed-cosmic'.

If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you!

tags: added: verification-needed-cosmic
Andrea Righi (arighi)
tags: added: verification-done-cosmic
removed: verification-needed-cosmic
Revision history for this message
Ubuntu Kernel Bot (ubuntu-kernel-bot) wrote :

This bug is awaiting verification that the kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-xenial' to 'verification-done-xenial'. If the problem still exists, change the tag 'verification-needed-xenial' to 'verification-failed-xenial'.

If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you!

tags: added: verification-needed-xenial
Revision history for this message
Andrea Righi (arighi) wrote :

Verification done using the test case reported in the description (https://launchpadlibrarian.net/416589265/lp1262692)

tags: added: verification-done-xenial
removed: verification-needed-xenial
Revision history for this message
Ubuntu Kernel Bot (ubuntu-kernel-bot) wrote :

This bug is awaiting verification that the kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-bionic' to 'verification-done-bionic'. If the problem still exists, change the tag 'verification-needed-bionic' to 'verification-failed-bionic'.

If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you!

tags: added: verification-needed-bionic
Revision history for this message
Andrea Righi (arighi) wrote :

Verification done in bionic using the test case reported in the description (https://launchpadlibrarian.net/416589265/lp1262692)

tags: added: verification-done-bionic
removed: verification-needed-bionic
Revision history for this message
Launchpad Janitor (janitor) wrote :
Download full text (12.6 KiB)

This bug was fixed in the package linux - 4.15.0-50.54

---------------
linux (4.15.0-50.54) bionic; urgency=medium

  * CVE-2018-12126 // CVE-2018-12127 // CVE-2018-12130
    - Documentation/l1tf: Fix small spelling typo
    - x86/cpu: Sanitize FAM6_ATOM naming
    - kvm: x86: Report STIBP on GET_SUPPORTED_CPUID
    - locking/atomics, asm-generic: Move some macros from <linux/bitops.h> to a
      new <linux/bits.h> file
    - tools include: Adopt linux/bits.h
    - x86/msr-index: Cleanup bit defines
    - x86/speculation: Consolidate CPU whitelists
    - x86/speculation/mds: Add basic bug infrastructure for MDS
    - x86/speculation/mds: Add BUG_MSBDS_ONLY
    - x86/kvm: Expose X86_FEATURE_MD_CLEAR to guests
    - x86/speculation/mds: Add mds_clear_cpu_buffers()
    - x86/speculation/mds: Clear CPU buffers on exit to user
    - x86/kvm/vmx: Add MDS protection when L1D Flush is not active
    - x86/speculation/mds: Conditionally clear CPU buffers on idle entry
    - x86/speculation/mds: Add mitigation control for MDS
    - x86/speculation/mds: Add sysfs reporting for MDS
    - x86/speculation/mds: Add mitigation mode VMWERV
    - Documentation: Move L1TF to separate directory
    - Documentation: Add MDS vulnerability documentation
    - x86/speculation/mds: Add mds=full,nosmt cmdline option
    - x86/speculation: Move arch_smt_update() call to after mitigation decisions
    - x86/speculation/mds: Add SMT warning message
    - x86/speculation/mds: Fix comment
    - x86/speculation/mds: Print SMT vulnerable on MSBDS with mitigations off
    - x86/speculation/mds: Add 'mitigations=' support for MDS

  * CVE-2017-5715 // CVE-2017-5753
    - s390/speculation: Support 'mitigations=' cmdline option

  * CVE-2017-5715 // CVE-2017-5753 // CVE-2017-5754 // CVE-2018-3639
    - powerpc/speculation: Support 'mitigations=' cmdline option

  * CVE-2017-5715 // CVE-2017-5754 // CVE-2018-3620 // CVE-2018-3639 //
    CVE-2018-3646
    - cpu/speculation: Add 'mitigations=' cmdline option
    - x86/speculation: Support 'mitigations=' cmdline option

  * Packaging resync (LP: #1786013)
    - [Packaging] resync git-ubuntu-log

linux (4.15.0-49.53) bionic; urgency=medium

  * linux: 4.15.0-49.53 -proposed tracker (LP: #1826358)

  * Backport support for software count cache flush Spectre v2 mitigation. (CVE)
    (required for POWER9 DD2.3) (LP: #1822870)
    - powerpc/64s: Add support for ori barrier_nospec patching
    - powerpc/64s: Patch barrier_nospec in modules
    - powerpc/64s: Enable barrier_nospec based on firmware settings
    - powerpc: Use barrier_nospec in copy_from_user()
    - powerpc/64: Use barrier_nospec in syscall entry
    - powerpc/64s: Enhance the information in cpu_show_spectre_v1()
    - powerpc/64: Disable the speculation barrier from the command line
    - powerpc/64: Make stf barrier PPC_BOOK3S_64 specific.
    - powerpc/64: Add CONFIG_PPC_BARRIER_NOSPEC
    - powerpc/64: Call setup_barrier_nospec() from setup_arch()
    - powerpc/64: Make meltdown reporting Book3S 64 specific
    - powerpc/lib/code-patching: refactor patch_instruction()
    - powerpc/lib/feature-fixups: use raw_patch_instruction()
    - powerpc/asm: Add a patch_site mac...

Changed in linux (Ubuntu Bionic):
status: Fix Committed → Fix Released
Revision history for this message
Launchpad Janitor (janitor) wrote :
Download full text (7.0 KiB)

This bug was fixed in the package linux - 4.18.0-20.21

---------------
linux (4.18.0-20.21) cosmic; urgency=medium

  * CVE-2018-12126 // CVE-2018-12127 // CVE-2018-12130
    - Documentation/l1tf: Fix small spelling typo
    - x86/cpu: Sanitize FAM6_ATOM naming
    - kvm: x86: Report STIBP on GET_SUPPORTED_CPUID
    - locking/atomics, asm-generic: Move some macros from <linux/bitops.h> to a
      new <linux/bits.h> file
    - tools include: Adopt linux/bits.h
    - x86/msr-index: Cleanup bit defines
    - x86/speculation: Consolidate CPU whitelists
    - x86/speculation/mds: Add basic bug infrastructure for MDS
    - x86/speculation/mds: Add BUG_MSBDS_ONLY
    - x86/kvm: Expose X86_FEATURE_MD_CLEAR to guests
    - x86/speculation/mds: Add mds_clear_cpu_buffers()
    - x86/speculation/mds: Clear CPU buffers on exit to user
    - x86/kvm/vmx: Add MDS protection when L1D Flush is not active
    - x86/speculation/mds: Conditionally clear CPU buffers on idle entry
    - x86/speculation/mds: Add mitigation control for MDS
    - x86/speculation/mds: Add sysfs reporting for MDS
    - x86/speculation/mds: Add mitigation mode VMWERV
    - Documentation: Move L1TF to separate directory
    - Documentation: Add MDS vulnerability documentation
    - x86/speculation/mds: Add mds=full,nosmt cmdline option
    - x86/speculation: Move arch_smt_update() call to after mitigation decisions
    - x86/speculation/mds: Add SMT warning message
    - x86/speculation/mds: Fix comment
    - x86/speculation/mds: Print SMT vulnerable on MSBDS with mitigations off
    - x86/speculation/mds: Add 'mitigations=' support for MDS

  * CVE-2017-5715 // CVE-2017-5753
    - s390/speculation: Support 'mitigations=' cmdline option

  * CVE-2017-5715 // CVE-2017-5753 // CVE-2017-5754 // CVE-2018-3639
    - powerpc/speculation: Support 'mitigations=' cmdline option

  * CVE-2017-5715 // CVE-2017-5754 // CVE-2018-3620 // CVE-2018-3639 //
    CVE-2018-3646
    - cpu/speculation: Add 'mitigations=' cmdline option
    - x86/speculation: Support 'mitigations=' cmdline option

  * Packaging resync (LP: #1786013)
    - [Packaging] resync git-ubuntu-log

linux (4.18.0-19.20) cosmic; urgency=medium

  * linux: 4.18.0-19.20 -proposed tracker (LP: #1826171)

  * Packaging resync (LP: #1786013)
    - [Packaging] resync git-ubuntu-log

  * autopkgtests run too often, too much and don't skip enough (LP: #1823056)
    - [Debian] Set +x on rebuild testcase.
    - [Debian] Skip rebuild test, for regression-suite deps.
    - [Debian] Make ubuntu-regression-suite skippable on unbootable kernels.
    - [Debian] make rebuild use skippable error codes when skipping.
    - [Debian] Only run regression-suite, if requested to.

  * CVE-2017-5753
    - s390/keyboard: sanitize array index in do_kdsk_ioctl
    - drm/bufs: Fix Spectre v1 vulnerability
    - drivers/misc/sgi-gru: fix Spectre v1 vulnerability
    - ipv4: Fix potential Spectre v1 vulnerability
    - aio: fix spectre gadget in lookup_ioctx
    - ALSA: emux: Fix potential Spectre v1 vulnerabilities
    - ALSA: pcm: Fix potential Spectre v1 vulnerability
    - ip6mr: Fix potential Spectre v1 vulnerability
    - ALSA: rme9652: Fix potential Spectre v1...

Read more...

Changed in linux (Ubuntu Cosmic):
status: Fix Committed → Fix Released
Revision history for this message
Launchpad Janitor (janitor) wrote :
Download full text (5.9 KiB)

This bug was fixed in the package linux - 4.4.0-148.174

---------------
linux (4.4.0-148.174) xenial; urgency=medium

  * CVE-2018-12126 // CVE-2018-12127 // CVE-2018-12130
    - Documentation/l1tf: Fix small spelling typo
    - perf/x86/intel: Add model number for Skylake Server to perf
    - perf/x86: Add model numbers for Kabylake CPUs
    - perf/x86/intel: Use Intel family macros for core perf events
    - perf/x86/msr: Use Intel family macros for MSR events code
    - perf/x86/msr: Add missing Intel models
    - SAUCE: perf/x86/{cstate,rapl,uncore}: Use Intel Model name macros
    - perf/x86/msr: Add missing CPU IDs
    - x86/speculation: Simplify the CPU bug detection logic
    - x86/cpu: Sanitize FAM6_ATOM naming
    - kvm: x86: Report STIBP on GET_SUPPORTED_CPUID
    - bitops: avoid integer overflow in GENMASK(_ULL)
    - locking/atomics, asm-generic: Move some macros from <linux/bitops.h> to a
      new <linux/bits.h> file
    - tools include: Adopt linux/bits.h
    - x86/msr-index: Cleanup bit defines
    - x86/speculation: Consolidate CPU whitelists
    - x86/speculation/mds: Add basic bug infrastructure for MDS
    - x86/speculation/mds: Add BUG_MSBDS_ONLY
    - x86/kvm: Expose X86_FEATURE_MD_CLEAR to guests
    - x86/speculation/mds: Add mds_clear_cpu_buffers()
    - locking/static_keys: Provide DECLARE and well as DEFINE macros
    - x86/speculation/mds: Clear CPU buffers on exit to user
    - x86/kvm/vmx: Add MDS protection when L1D Flush is not active
    - x86/speculation/mds: Conditionally clear CPU buffers on idle entry
    - SAUCE: sched/smt: Introduce sched_smt_{active,present}
    - SAUCE: Rename the Ubuntu-only spec_ctrl_mutex mutex
    - SAUCE: x86/speculation: Introduce arch_smt_update()
    - x86/speculation: Rework SMT state change
    - x86/speculation: Reorder the spec_v2 code
    - x86/speculation: Unify conditional spectre v2 print functions
    - x86/speculation/mds: Add mitigation control for MDS
    - x86/speculation/mds: Add sysfs reporting for MDS
    - x86/speculation/mds: Add mitigation mode VMWERV
    - Documentation: Move L1TF to separate directory
    - Documentation: Add MDS vulnerability documentation
    - x86/speculation/mds: Add mds=full,nosmt cmdline option
    - x86/speculation: Move arch_smt_update() call to after mitigation decisions
    - x86/speculation/mds: Add SMT warning message
    - x86/speculation/mds: Fix comment
    - x86/speculation/mds: Print SMT vulnerable on MSBDS with mitigations off
    - x86/speculation/mds: Add 'mitigations=' support for MDS

  * CVE-2017-5715 // CVE-2017-5753
    - s390/speculation: Support 'mitigations=' cmdline option

  * CVE-2017-5715 // CVE-2017-5753 // CVE-2017-5754 // CVE-2018-3639
    - powerpc/speculation: Support 'mitigations=' cmdline option

  * CVE-2017-5715 // CVE-2017-5754 // CVE-2018-3620 // CVE-2018-3639 //
    CVE-2018-3646
    - cpu/speculation: Add 'mitigations=' cmdline option
    - x86/speculation: Support 'mitigations=' cmdline option

  * Packaging resync (LP: #1786013)
    - [Packaging] resync git-ubuntu-log

linux (4.4.0-147.173) xenial; urgency=medium

  * linux: 4.4.0-147.173 -proposed tracker (LP: #1826036)

  * Packaging resync...

Read more...

Changed in linux (Ubuntu Xenial):
status: Fix Committed → Fix Released
Revision history for this message
Steve Langasek (vorlon) wrote : Update Released

The verification of the Stable Release Update for linux-aws has completed successfully and the package has now been released to -updates. Subsequently, the Ubuntu Stable Release Updates Team is being unsubscribed and will not receive messages about this bug report. In the event that you encounter a regression using the package from -updates please report a new bug using ubuntu-bug and tag the bug report regression-update so we can easily find any regressions.

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.