Avoid address overwrite in kernel_connect

Bug #2035163 reported by Khaled El Mously
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
linux (Ubuntu)
Fix Released
Undecided
Unassigned
Focal
Fix Released
Medium
Unassigned
Jammy
Fix Released
Medium
Unassigned
Lunar
Fix Released
Medium
Unassigned
linux-gcp (Ubuntu)
Fix Released
Undecided
Unassigned
Focal
Fix Released
Undecided
John Cabaj
Jammy
Fix Released
Undecided
John Cabaj
Lunar
Fix Released
Undecided
John Cabaj
Mantic
Fix Released
Undecided
Unassigned
linux-gke (Ubuntu)
Invalid
Undecided
Unassigned
Jammy
Fix Released
Undecided
John Cabaj
linux-gkeop (Ubuntu)
Fix Released
Undecided
Unassigned
Jammy
Fix Released
Undecided
Unassigned

Bug Description

This fix is requested to resolve an issue with NFS-backed mounts when used with BPF-load-balancing:

https://git.kernel.org/pub/scm/linux/kernel/git/netdev/net-next.git/commit/?id=0bdf399342c5

Testing:
 - GCP has confirmed the fix works before proposing it upstream. I have verified basic network sanity with fix applied.

Regression potenial:
 - The fix modifies kernel_connect() which can have an effect on all kinds of network connections. The change itself is very minor though and simply converts a pass-by-reference to a pass-by-value - so the risk is considered minimal.

More information at: https://canonical.lightning.force.com/lightning/r/Case/5008e00000HNldDAAT/view

Tags: kernel-spammed-focal-linux-gcp-tcpx-v2 kernel-spammed-focal-linux-iot-v2 kernel-spammed-focal-linux-nvidia-tegra-5.15-v2 kernel-spammed-focal-linux-v2 kernel-spammed-jammy-linux-aws-6.5-v2 kernel-spammed-jammy-linux-azure-6.5-v2 kernel-spammed-jammy-linux-azure-fips-v2 kernel-spammed-jammy-linux-bluefield-v2 kernel-spammed-jammy-linux-gkeop-v2 kernel-spammed-jammy-linux-intel-iot-realtime-v2 kernel-spammed-jammy-linux-intel-iotg-v2 kernel-spammed-jammy-linux-mtk-v2 kernel-spammed-jammy-linux-nvidia-tegra-igx-v2 kernel-spammed-jammy-linux-nvidia-tegra-v2 kernel-spammed-jammy-linux-oracle-6.2-v2 kernel-spammed-jammy-linux-raspi-v2 kernel-spammed-jammy-linux-starfive-6.2-v2 kernel-spammed-jammy-linux-v2 kernel-spammed-jammy-linux-xilinx-zynqmp-v2 kernel-spammed-lunar-linux-oracle-v2 kernel-spammed-lunar-linux-riscv-v2 kernel-spammed-lunar-linux-v2 verification-done-focal-linux verification-done-jammy-linux verification-done-lunar-linux verification-needed-focal-linux-gcp-tcpx verification-needed-focal-linux-iot verification-needed-focal-linux-nvidia-tegra-5.15 verification-needed-jammy-linux-aws-6.5 verification-needed-jammy-linux-azure-6.5 verification-needed-jammy-linux-azure-fips verification-needed-jammy-linux-bluefield verification-needed-jammy-linux-gkeop verification-needed-jammy-linux-intel-iot-realtime verification-needed-jammy-linux-intel-iotg verification-needed-jammy-linux-mtk verification-needed-jammy-linux-nvidia-tegra verification-needed-jammy-linux-nvidia-tegra-igx verification-needed-jammy-linux-oracle-6.2 verification-needed-jammy-linux-raspi verification-needed-jammy-linux-starfive-6.2 verification-needed-jammy-linux-xilinx-zynqmp verification-needed-lunar-linux-oracle verification-needed-lunar-linux-riscv
no longer affects: linux (Ubuntu)
description: updated
Changed in linux-gcp (Ubuntu Focal):
assignee: nobody → Khaled El Mously (kmously)
Changed in linux-gcp (Ubuntu Jammy):
assignee: nobody → Khaled El Mously (kmously)
Changed in linux-gcp (Ubuntu Lunar):
assignee: nobody → Khaled El Mously (kmously)
Changed in linux-gcp (Ubuntu Mantic):
assignee: nobody → Khaled El Mously (kmously)
Stefan Bader (smb)
Changed in linux-gke (Ubuntu Lunar):
status: New → Invalid
Changed in linux-gke (Ubuntu Mantic):
status: New → Invalid
no longer affects: linux-gke (Ubuntu Focal)
no longer affects: linux-gke (Ubuntu Mantic)
no longer affects: linux-gke (Ubuntu Lunar)
John Cabaj (john-cabaj)
Changed in linux-gcp (Ubuntu Focal):
status: New → Fix Committed
Changed in linux-gcp (Ubuntu Jammy):
status: New → Fix Committed
Changed in linux-gcp (Ubuntu Lunar):
status: New → Fix Committed
Changed in linux-gke (Ubuntu Jammy):
status: New → Fix Committed
Changed in linux (Ubuntu):
status: New → Invalid
no longer affects: linux-gcp (Ubuntu Focal)
no longer affects: linux-gcp (Ubuntu Lunar)
Changed in linux (Ubuntu Focal):
status: New → Fix Committed
Changed in linux (Ubuntu Jammy):
status: New → Fix Committed
Changed in linux (Ubuntu Lunar):
status: New → Fix Committed
Changed in linux-gcp (Ubuntu Focal):
status: New → Fix Committed
Changed in linux-gcp (Ubuntu Lunar):
status: New → Fix Committed
no longer affects: linux-gke (Ubuntu Focal)
no longer affects: linux-gke (Ubuntu Lunar)
Changed in linux-gcp (Ubuntu Mantic):
status: New → Fix Committed
status: Fix Committed → New
Changed in linux-gcp (Ubuntu Jammy):
assignee: Khaled El Mously (kmously) → nobody
Changed in linux-gcp (Ubuntu Mantic):
assignee: Khaled El Mously (kmously) → nobody
Changed in linux-gcp (Ubuntu Focal):
assignee: nobody → John Cabaj (john-cabaj)
Changed in linux-gcp (Ubuntu Jammy):
assignee: nobody → John Cabaj (john-cabaj)
Changed in linux-gcp (Ubuntu Lunar):
assignee: nobody → John Cabaj (john-cabaj)
Changed in linux-gke (Ubuntu Jammy):
assignee: nobody → John Cabaj (john-cabaj)
Stefan Bader (smb)
Changed in linux (Ubuntu Focal):
importance: Undecided → Medium
Changed in linux (Ubuntu Jammy):
importance: Undecided → Medium
Changed in linux (Ubuntu Lunar):
importance: Undecided → Medium
Revision history for this message
John Cabaj (john-cabaj) wrote :

Fix was tested by Google, and the relevant patch is in all releases of linux-gcp and linux-gke affected.

Changed in linux-gcp (Ubuntu Focal):
status: Fix Committed → Fix Released
Changed in linux-gcp (Ubuntu Jammy):
status: Fix Committed → Fix Released
Changed in linux-gcp (Ubuntu Lunar):
status: Fix Committed → Fix Released
Changed in linux-gcp (Ubuntu Mantic):
status: New → Fix Released
Changed in linux-gke (Ubuntu Jammy):
status: Fix Committed → Fix Released
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package linux - 6.5.0-7.7

---------------
linux (6.5.0-7.7) mantic; urgency=medium

  * mantic/linux: 6.5.0-7.7 -proposed tracker (LP: #2037611)

  * kexec enable to load/kdump zstd compressed zimg (LP: #2037398)
    - [Packaging] Revert arm64 image format to Image.gz

  * Mantic minimized/minimal cloud images do not receive IP address during
    provisioning (LP: #2036968)
    - [Config] Enable virtio-net as built-in to avoid race

  * Miscellaneous Ubuntu changes
    - SAUCE: Add mdev_set_iommu_device() kABI
    - [Config] update gcc version in annotations

 -- Andrea Righi <email address hidden> Thu, 28 Sep 2023 10:19:24 +0200

Changed in linux (Ubuntu):
status: Invalid → Fix Released
Revision history for this message
Ubuntu Kernel Bot (ubuntu-kernel-bot) wrote :

This bug is awaiting verification that the linux/5.15.0-88.98 kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-jammy-linux' to 'verification-done-jammy-linux'. If the problem still exists, change the tag 'verification-needed-jammy-linux' to 'verification-failed-jammy-linux'.

If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you!

tags: added: kernel-spammed-jammy-linux-v2 verification-needed-jammy-linux
Revision history for this message
Ubuntu Kernel Bot (ubuntu-kernel-bot) wrote :

This bug is awaiting verification that the linux/5.4.0-166.183 kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-focal-linux' to 'verification-done-focal-linux'. If the problem still exists, change the tag 'verification-needed-focal-linux' to 'verification-failed-focal-linux'.

If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you!

tags: added: kernel-spammed-focal-linux-v2 verification-needed-focal-linux
Revision history for this message
Ubuntu Kernel Bot (ubuntu-kernel-bot) wrote :

This bug is awaiting verification that the linux/6.2.0-36.37 kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-lunar-linux' to 'verification-done-lunar-linux'. If the problem still exists, change the tag 'verification-needed-lunar-linux' to 'verification-failed-lunar-linux'.

If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you!

tags: added: kernel-spammed-lunar-linux-v2 verification-needed-lunar-linux
Revision history for this message
Ubuntu Kernel Bot (ubuntu-kernel-bot) wrote :

This bug is awaiting verification that the linux-azure-6.5/6.5.0-1007.7~22.04.1 kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-jammy-linux-azure-6.5' to 'verification-done-jammy-linux-azure-6.5'. If the problem still exists, change the tag 'verification-needed-jammy-linux-azure-6.5' to 'verification-failed-jammy-linux-azure-6.5'.

If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you!

tags: added: kernel-spammed-jammy-linux-azure-6.5-v2 verification-needed-jammy-linux-azure-6.5
Revision history for this message
Ubuntu Kernel Bot (ubuntu-kernel-bot) wrote :

This bug is awaiting verification that the linux-aws-6.5/6.5.0-1008.8~22.04.1 kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-jammy-linux-aws-6.5' to 'verification-done-jammy-linux-aws-6.5'. If the problem still exists, change the tag 'verification-needed-jammy-linux-aws-6.5' to 'verification-failed-jammy-linux-aws-6.5'.

If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you!

tags: added: kernel-spammed-jammy-linux-aws-6.5-v2 verification-needed-jammy-linux-aws-6.5
Revision history for this message
Roxana Nicolescu (roxanan) wrote :

It seems the fix was tested by Google with linux-gpc. I don't think we need to do anything for linux main, so I'll mark this as verified.

tags: added: verification-done-focal-linux verification-done-jammy-linux verification-done-lunar-linux
removed: verification-needed-focal-linux verification-needed-jammy-linux verification-needed-lunar-linux
Revision history for this message
Launchpad Janitor (janitor) wrote :
Download full text (26.1 KiB)

This bug was fixed in the package linux - 5.4.0-166.183

---------------
linux (5.4.0-166.183) focal; urgency=medium

  * focal/linux: 5.4.0-166.183 -proposed tracker (LP: #2038010)

  * Use new annotations model (LP: #2019000)
    - [Packaging] new annotations model infrastructure
    - [Packaging] config-check: Handle new annotations format 4
    - [Packaging] rules: Use old-kernelconfig for old configs
    - [Config] sanitize annotations
    - [Config] import generated configs into annotation file
    - [Packaging] kernelconfig: add i386 as supported arch
    - [Config] Remove all old configs files

  * Packaging resync (LP: #1786013)
    - [Packaging] update helper scripts
    - [Packaging] update annotations scripts

  * fix typo in config-checks invocation (LP: #2020413)
    - [Packaging] fix typo when calling the old config-check
    - [Packaging] fix typo in 4-checks.mk

  * support python < 3.9 with annotations (LP: #2020531)
    - [Packaging] kconfig/annotations.py: support older way of merging dicts

  * CVE-2023-42756
    - netfilter: ipset: Fix race between IPSET_CMD_CREATE and IPSET_CMD_SWAP

  * CVE-2023-4623
    - net/sched: sch_hfsc: Ensure inner classes have fsc curve

  * Focal update: v5.4.252 upstream stable release (LP: #2036240)
    - ia64/cpu: Switch to arch_cpu_finalize_init()
    - m68k/cpu: Switch to arch_cpu_finalize_init()
    - mips/cpu: Switch to arch_cpu_finalize_init()
    - sh/cpu: Switch to arch_cpu_finalize_init()
    - x86/cpufeatures: Add SEV-ES CPU feature
    - x86/cpu: Add VM page flush MSR availablility as a CPUID feature
    - x86/cpufeatures: Assign dedicated feature word for CPUID_0x8000001F[EAX]
    - tools headers cpufeatures: Sync with the kernel sources
    - x86/cpu, kvm: Add support for CPUID_80000021_EAX
    - Linux 5.4.252
    - Upstream stable to v5.4.252

  * CVE-2023-42755
    - net/sched: Retire rsvp classifier
    - [Config] remove NET_CLS_RSVP and NET_CLS_RSVP6

  * CVE-2023-42753
    - netfilter: ipset: add the missing IP_SET_HASH_WITH_NET0 macro for
      ip_set_hash_netportnet.c

  * CVE-2023-34319
    - xen/netback: Fix buffer overrun triggered by unusual packet

  * CVE-2023-4921
    - net: sched: sch_qfq: Fix UAF in qfq_dequeue()

  * CVE-2023-42752
    - igmp: limit igmpv3_newpack() packet size to IP_MAX_MTU

  * Avoid address overwrite in kernel_connect (LP: #2035163)
    - net: Avoid address overwrite in kernel_connect

  * [regression] Unable to initialize SGX enclaves with XFRM other than 3
    (LP: #2034745)
    - x86/fpu: Set X86_FEATURE_OSXSAVE feature after enabling OSXSAVE in CR4

  * CVE-2023-4881
    - netfilter: nftables: exthdr: fix 4-byte stack OOB write

  * CVE-2023-4622
    - af_unix: Fix null-ptr-deref in unix_stream_sendpage().

  * Focal update: v5.4.251 upstream stable release (LP: #2034918)
    - x86/smp: Use dedicated cache-line for mwait_play_dead()
    - video: imsttfb: check for ioremap() failures
    - fbdev: imsttfb: Fix use after free bug in imsttfb_probe
    - HID: wacom: Use ktime_t rather than int when dealing with timestamps
    - drm/i915: Initialise outparam for error return from wait_for_register
    - scripts/tags.sh: Resolve gtags empty ind...

Changed in linux (Ubuntu Focal):
status: Fix Committed → Fix Released
Revision history for this message
Launchpad Janitor (janitor) wrote :
Download full text (26.5 KiB)

This bug was fixed in the package linux-gkeop - 5.4.0-1080.84

---------------
linux-gkeop (5.4.0-1080.84) focal; urgency=medium

  * focal/linux-gkeop: 5.4.0-1080.84 -proposed tracker (LP: #2037989)

  * Use new annotations model (LP: #2019000)
    - [Config] sanitize annotations
    - [Config] import generated configs into annotation file
    - [Config] Remove all old configs files
    - [Config] Drop comment about using one flavour

  * Packaging resync (LP: #1786013)
    - [Packaging] update helper scripts

  [ Ubuntu: 5.4.0-166.183 ]

  * focal/linux: 5.4.0-166.183 -proposed tracker (LP: #2038010)
  * Use new annotations model (LP: #2019000)
    - [Packaging] new annotations model infrastructure
    - [Packaging] config-check: Handle new annotations format 4
    - [Packaging] rules: Use old-kernelconfig for old configs
    - [Config] sanitize annotations
    - [Config] import generated configs into annotation file
    - [Packaging] kernelconfig: add i386 as supported arch
    - [Config] Remove all old configs files
  * Packaging resync (LP: #1786013)
    - [Packaging] update helper scripts
    - [Packaging] update annotations scripts
  * fix typo in config-checks invocation (LP: #2020413)
    - [Packaging] fix typo when calling the old config-check
    - [Packaging] fix typo in 4-checks.mk
  * support python < 3.9 with annotations (LP: #2020531)
    - [Packaging] kconfig/annotations.py: support older way of merging dicts
  * CVE-2023-42756
    - netfilter: ipset: Fix race between IPSET_CMD_CREATE and IPSET_CMD_SWAP
  * CVE-2023-4623
    - net/sched: sch_hfsc: Ensure inner classes have fsc curve
  * Focal update: v5.4.252 upstream stable release (LP: #2036240)
    - ia64/cpu: Switch to arch_cpu_finalize_init()
    - m68k/cpu: Switch to arch_cpu_finalize_init()
    - mips/cpu: Switch to arch_cpu_finalize_init()
    - sh/cpu: Switch to arch_cpu_finalize_init()
    - x86/cpufeatures: Add SEV-ES CPU feature
    - x86/cpu: Add VM page flush MSR availablility as a CPUID feature
    - x86/cpufeatures: Assign dedicated feature word for CPUID_0x8000001F[EAX]
    - tools headers cpufeatures: Sync with the kernel sources
    - x86/cpu, kvm: Add support for CPUID_80000021_EAX
    - Linux 5.4.252
    - Upstream stable to v5.4.252
  * CVE-2023-42755
    - net/sched: Retire rsvp classifier
    - [Config] remove NET_CLS_RSVP and NET_CLS_RSVP6
  * CVE-2023-42753
    - netfilter: ipset: add the missing IP_SET_HASH_WITH_NET0 macro for
      ip_set_hash_netportnet.c
  * CVE-2023-34319
    - xen/netback: Fix buffer overrun triggered by unusual packet
  * CVE-2023-4921
    - net: sched: sch_qfq: Fix UAF in qfq_dequeue()
  * CVE-2023-42752
    - igmp: limit igmpv3_newpack() packet size to IP_MAX_MTU
  * Avoid address overwrite in kernel_connect (LP: #2035163)
    - net: Avoid address overwrite in kernel_connect
  * [regression] Unable to initialize SGX enclaves with XFRM other than 3
    (LP: #2034745)
    - x86/fpu: Set X86_FEATURE_OSXSAVE feature after enabling OSXSAVE in CR4
  * CVE-2023-4881
    - netfilter: nftables: exthdr: fix 4-byte stack OOB write
  * CVE-2023-4622
    - af_unix: Fix null-ptr-deref in unix_stream_sendpage().
  * Focal update: v5.4.251 ...

Changed in linux-gkeop (Ubuntu):
status: New → Fix Released
Revision history for this message
Launchpad Janitor (janitor) wrote :
Download full text (22.7 KiB)

This bug was fixed in the package linux - 5.15.0-88.98

---------------
linux (5.15.0-88.98) jammy; urgency=medium

  * jammy/linux: 5.15.0-88.98 -proposed tracker (LP: #2038055)

  * CVE-2023-4244
    - netfilter: nf_tables: don't skip expired elements during walk
    - netfilter: nf_tables: adapt set backend to use GC transaction API
    - netfilter: nft_set_hash: mark set element as dead when deleting from packet
      path
    - netfilter: nf_tables: GC transaction API to avoid race with control plane
    - netfilter: nf_tables: remove busy mark and gc batch API
    - netfilter: nf_tables: don't fail inserts if duplicate has expired
    - netfilter: nf_tables: fix kdoc warnings after gc rework
    - netfilter: nf_tables: fix GC transaction races with netns and netlink event
      exit path
    - netfilter: nf_tables: GC transaction race with netns dismantle
    - netfilter: nf_tables: GC transaction race with abort path
    - netfilter: nf_tables: use correct lock to protect gc_list
    - netfilter: nf_tables: defer gc run if previous batch is still pending
    - netfilter: nft_dynset: disallow object maps
    - netfilter: nft_set_rbtree: skip sync GC for new elements in this transaction

  * CVE-2023-42756
    - netfilter: ipset: Fix race between IPSET_CMD_CREATE and IPSET_CMD_SWAP

  * CVE-2023-4623
    - net/sched: sch_hfsc: Ensure inner classes have fsc curve

  * PCI BARs larger than 128GB are disabled (LP: #2037403)
    - PCI: Support BAR sizes up to 8TB

  * Fix unstable audio at low levels on Thinkpad P1G4 (LP: #2037077)
    - ALSA: hda/realtek - ALC287 I2S speaker platform support

  * Check for changes relevant for security certifications (LP: #1945989)
    - [Packaging] Add a new fips-checks script

  * Jammy update: v5.15.126 upstream stable release (LP: #2037593)
    - io_uring: gate iowait schedule on having pending requests
    - perf: Fix function pointer case
    - net/mlx5: Free irqs only on shutdown callback
    - arm64: errata: Add workaround for TSB flush failures
    - arm64: errata: Add detection for TRBE write to out-of-range
    - [Config] updateconfigs for ARM64_ERRATUM_ and
      ARM64_WORKAROUND_TSB_FLUSH_FAILURE
    - iommu/arm-smmu-v3: Work around MMU-600 erratum 1076982
    - iommu/arm-smmu-v3: Document MMU-700 erratum 2812531
    - iommu/arm-smmu-v3: Add explicit feature for nesting
    - iommu/arm-smmu-v3: Document nesting-related errata
    - arm64: dts: imx8mn-var-som: add missing pull-up for onboard PHY reset pinmux
    - word-at-a-time: use the same return type for has_zero regardless of
      endianness
    - KVM: s390: fix sthyi error handling
    - wifi: cfg80211: Fix return value in scan logic
    - net/mlx5: DR, fix memory leak in mlx5dr_cmd_create_reformat_ctx
    - net/mlx5e: fix return value check in mlx5e_ipsec_remove_trailer()
    - bpf: Add length check for SK_DIAG_BPF_STORAGE_REQ_MAP_FD parsing
    - rtnetlink: let rtnl_bridge_setlink checks IFLA_BRIDGE_MODE length
    - net: dsa: fix value check in bcm_sf2_sw_probe()
    - perf test uprobe_from_different_cu: Skip if there is no gcc
    - net: sched: cls_u32: Fix match key mis-addressing
    - mISDN: hfcpci: Fix potential deadlock on &hc->l...

Changed in linux (Ubuntu Jammy):
status: Fix Committed → Fix Released
Revision history for this message
Launchpad Janitor (janitor) wrote :
Download full text (22.8 KiB)

This bug was fixed in the package linux-gkeop - 5.15.0-1032.38

---------------
linux-gkeop (5.15.0-1032.38) jammy; urgency=medium

  * jammy/linux-gkeop: 5.15.0-1032.38 -proposed tracker (LP: #2038026)

  [ Ubuntu: 5.15.0-88.98 ]

  * jammy/linux: 5.15.0-88.98 -proposed tracker (LP: #2038055)
  * CVE-2023-4244
    - netfilter: nf_tables: don't skip expired elements during walk
    - netfilter: nf_tables: adapt set backend to use GC transaction API
    - netfilter: nft_set_hash: mark set element as dead when deleting from packet
      path
    - netfilter: nf_tables: GC transaction API to avoid race with control plane
    - netfilter: nf_tables: remove busy mark and gc batch API
    - netfilter: nf_tables: don't fail inserts if duplicate has expired
    - netfilter: nf_tables: fix kdoc warnings after gc rework
    - netfilter: nf_tables: fix GC transaction races with netns and netlink event
      exit path
    - netfilter: nf_tables: GC transaction race with netns dismantle
    - netfilter: nf_tables: GC transaction race with abort path
    - netfilter: nf_tables: use correct lock to protect gc_list
    - netfilter: nf_tables: defer gc run if previous batch is still pending
    - netfilter: nft_dynset: disallow object maps
    - netfilter: nft_set_rbtree: skip sync GC for new elements in this transaction
  * CVE-2023-42756
    - netfilter: ipset: Fix race between IPSET_CMD_CREATE and IPSET_CMD_SWAP
  * CVE-2023-4623
    - net/sched: sch_hfsc: Ensure inner classes have fsc curve
  * PCI BARs larger than 128GB are disabled (LP: #2037403)
    - PCI: Support BAR sizes up to 8TB
  * Fix unstable audio at low levels on Thinkpad P1G4 (LP: #2037077)
    - ALSA: hda/realtek - ALC287 I2S speaker platform support
  * Check for changes relevant for security certifications (LP: #1945989)
    - [Packaging] Add a new fips-checks script
  * Jammy update: v5.15.126 upstream stable release (LP: #2037593)
    - io_uring: gate iowait schedule on having pending requests
    - perf: Fix function pointer case
    - net/mlx5: Free irqs only on shutdown callback
    - arm64: errata: Add workaround for TSB flush failures
    - arm64: errata: Add detection for TRBE write to out-of-range
    - [Config] updateconfigs for ARM64_ERRATUM_ and
      ARM64_WORKAROUND_TSB_FLUSH_FAILURE
    - iommu/arm-smmu-v3: Work around MMU-600 erratum 1076982
    - iommu/arm-smmu-v3: Document MMU-700 erratum 2812531
    - iommu/arm-smmu-v3: Add explicit feature for nesting
    - iommu/arm-smmu-v3: Document nesting-related errata
    - arm64: dts: imx8mn-var-som: add missing pull-up for onboard PHY reset pinmux
    - word-at-a-time: use the same return type for has_zero regardless of
      endianness
    - KVM: s390: fix sthyi error handling
    - wifi: cfg80211: Fix return value in scan logic
    - net/mlx5: DR, fix memory leak in mlx5dr_cmd_create_reformat_ctx
    - net/mlx5e: fix return value check in mlx5e_ipsec_remove_trailer()
    - bpf: Add length check for SK_DIAG_BPF_STORAGE_REQ_MAP_FD parsing
    - rtnetlink: let rtnl_bridge_setlink checks IFLA_BRIDGE_MODE length
    - net: dsa: fix value check in bcm_sf2_sw_probe()
    - perf test uprobe_from_different_cu: Skip if there is no gcc
...

Changed in linux-gkeop (Ubuntu Jammy):
status: New → Fix Released
Revision history for this message
Ubuntu Kernel Bot (ubuntu-kernel-bot) wrote :

This bug is awaiting verification that the linux-gkeop/5.15.0-1032.38 kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-jammy-linux-gkeop' to 'verification-done-jammy-linux-gkeop'. If the problem still exists, change the tag 'verification-needed-jammy-linux-gkeop' to 'verification-failed-jammy-linux-gkeop'.

If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you!

tags: added: kernel-spammed-jammy-linux-gkeop-v2 verification-needed-jammy-linux-gkeop
Revision history for this message
Launchpad Janitor (janitor) wrote :
Download full text (104.2 KiB)

This bug was fixed in the package linux - 6.2.0-36.37

---------------
linux (6.2.0-36.37) lunar; urgency=medium

  * lunar/linux: 6.2.0-36.37 -proposed tracker (LP: #2038076)

  * Regression for ubuntu_bpf test build caused by upstream bdeeed3498c7
    (LP: #2035181)
    - selftests/bpf: fix static assert compilation issue for test_cls_*.c

  * CVE-2023-4244
    - netfilter: nf_tables: don't skip expired elements during walk
    - netfilter: nf_tables: adapt set backend to use GC transaction API
    - netfilter: nft_set_hash: mark set element as dead when deleting from packet
      path
    - netfilter: nf_tables: GC transaction API to avoid race with control plane
    - netfilter: nf_tables: don't fail inserts if duplicate has expired
    - netfilter: nf_tables: fix kdoc warnings after gc rework
    - netfilter: nf_tables: fix GC transaction races with netns and netlink event
      exit path
    - netfilter: nf_tables: GC transaction race with netns dismantle
    - netfilter: nf_tables: GC transaction race with abort path
    - netfilter: nf_tables: use correct lock to protect gc_list
    - netfilter: nf_tables: defer gc run if previous batch is still pending
    - netfilter: nft_dynset: disallow object maps
    - netfilter: nft_set_rbtree: skip sync GC for new elements in this transaction

  * CVE-2023-4563
    - netfilter: nf_tables: remove busy mark and gc batch API

  * CVE-2023-42756
    - netfilter: ipset: Fix race between IPSET_CMD_CREATE and IPSET_CMD_SWAP

  * CVE-2023-4623
    - net/sched: sch_hfsc: Ensure inner classes have fsc curve

  * Fix unstable audio at low levels on Thinkpad P1G4 (LP: #2037077)
    - ALSA: hda/realtek - ALC287 I2S speaker platform support

  * Lunar update: upstream stable patchset 2023-09-21 (LP: #2037005)
    - Upstream stable to v6.1.41, v6.4.6
    - io_uring: treat -EAGAIN for REQ_F_NOWAIT as final for io-wq
    - ALSA: hda/realtek - remove 3k pull low procedure
    - ALSA: hda/realtek: Add quirk for Clevo NS70AU
    - ALSA: hda/realtek: Enable Mute LED on HP Laptop 15s-eq2xxx
    - maple_tree: set the node limit when creating a new root node
    - maple_tree: fix node allocation testing on 32 bit
    - keys: Fix linking a duplicate key to a keyring's assoc_array
    - perf probe: Add test for regression introduced by switch to
      die_get_decl_file()
    - btrfs: fix warning when putting transaction with qgroups enabled after abort
    - fuse: revalidate: don't invalidate if interrupted
    - fuse: Apply flags2 only when userspace set the FUSE_INIT_EXT
    - btrfs: set_page_extent_mapped after read_folio in btrfs_cont_expand
    - btrfs: zoned: fix memory leak after finding block group with super blocks
    - fuse: ioctl: translate ENOSYS in outarg
    - btrfs: fix race between balance and cancel/pause
    - selftests: tc: set timeout to 15 minutes
    - selftests: tc: add 'ct' action kconfig dep
    - regmap: Drop initial version of maximum transfer length fixes
    - of: Preserve "of-display" device name for compatibility
    - regmap: Account for register length in SMBus I/O limits
    - arm64/fpsimd: Ensure SME storage is allocated after SVE VL changes
    - can: mcp251xfd: __mcp251xfd_chip_set...

Changed in linux (Ubuntu Lunar):
status: Fix Committed → Fix Released
Revision history for this message
Ubuntu Kernel Bot (ubuntu-kernel-bot) wrote :

This bug is awaiting verification that the linux-riscv/6.2.0-36.37.1 kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-lunar-linux-riscv' to 'verification-done-lunar-linux-riscv'. If the problem still exists, change the tag 'verification-needed-lunar-linux-riscv' to 'verification-failed-lunar-linux-riscv'.

If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you!

tags: added: kernel-spammed-lunar-linux-riscv-v2 verification-needed-lunar-linux-riscv
Revision history for this message
Ubuntu Kernel Bot (ubuntu-kernel-bot) wrote :

This bug is awaiting verification that the linux-starfive-6.2/6.2.0-1008.9~22.04.1 kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-jammy-linux-starfive-6.2' to 'verification-done-jammy-linux-starfive-6.2'. If the problem still exists, change the tag 'verification-needed-jammy-linux-starfive-6.2' to 'verification-failed-jammy-linux-starfive-6.2'.

If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you!

tags: added: kernel-spammed-jammy-linux-starfive-6.2-v2 verification-needed-jammy-linux-starfive-6.2
Revision history for this message
Ubuntu Kernel Bot (ubuntu-kernel-bot) wrote :

This bug is awaiting verification that the linux-iot/5.4.0-1025.26 kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-focal-linux-iot' to 'verification-done-focal-linux-iot'. If the problem still exists, change the tag 'verification-needed-focal-linux-iot' to 'verification-failed-focal-linux-iot'.

If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you!

tags: added: kernel-spammed-focal-linux-iot-v2 verification-needed-focal-linux-iot
Revision history for this message
Ubuntu Kernel Bot (ubuntu-kernel-bot) wrote :

This bug is awaiting verification that the linux-bluefield/5.15.0-1029.31 kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-jammy-linux-bluefield' to 'verification-done-jammy-linux-bluefield'. If the problem still exists, change the tag 'verification-needed-jammy-linux-bluefield' to 'verification-failed-jammy-linux-bluefield'.

If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you!

tags: added: kernel-spammed-jammy-linux-bluefield-v2 verification-needed-jammy-linux-bluefield
Revision history for this message
Ubuntu Kernel Bot (ubuntu-kernel-bot) wrote :

This bug is awaiting verification that the linux-intel-iotg/5.15.0-1044.50 kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-jammy-linux-intel-iotg' to 'verification-done-jammy-linux-intel-iotg'. If the problem still exists, change the tag 'verification-needed-jammy-linux-intel-iotg' to 'verification-failed-jammy-linux-intel-iotg'.

If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you!

tags: added: kernel-spammed-jammy-linux-intel-iotg-v2 verification-needed-jammy-linux-intel-iotg
Revision history for this message
Ubuntu Kernel Bot (ubuntu-kernel-bot) wrote :

This bug is awaiting verification that the linux-oracle/6.2.0-1015.15 kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-lunar-linux-oracle' to 'verification-done-lunar-linux-oracle'. If the problem still exists, change the tag 'verification-needed-lunar-linux-oracle' to 'verification-failed-lunar-linux-oracle'.

If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you!

Revision history for this message
Ubuntu Kernel Bot (ubuntu-kernel-bot) wrote :

This bug is awaiting verification that the linux-raspi/5.15.0-1042.45 kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-jammy-linux-raspi' to 'verification-done-jammy-linux-raspi'. If the problem still exists, change the tag 'verification-needed-jammy-linux-raspi' to 'verification-failed-jammy-linux-raspi'.

If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you!

tags: added: kernel-spammed-lunar-linux-oracle-v2 verification-needed-lunar-linux-oracle
tags: added: kernel-spammed-jammy-linux-raspi-v2 verification-needed-jammy-linux-raspi
Revision history for this message
Ubuntu Kernel Bot (ubuntu-kernel-bot) wrote :

This bug is awaiting verification that the linux-intel-iot-realtime/5.15.0-1042.44 kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-jammy-linux-intel-iot-realtime' to 'verification-done-jammy-linux-intel-iot-realtime'. If the problem still exists, change the tag 'verification-needed-jammy-linux-intel-iot-realtime' to 'verification-failed-jammy-linux-intel-iot-realtime'.

If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you!

tags: added: kernel-spammed-jammy-linux-intel-iot-realtime-v2 verification-needed-jammy-linux-intel-iot-realtime
Revision history for this message
Ubuntu Kernel Bot (ubuntu-kernel-bot) wrote :

This bug is awaiting verification that the linux-oracle-6.2/6.2.0-1015.15~22.04.1 kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-jammy-linux-oracle-6.2' to 'verification-done-jammy-linux-oracle-6.2'. If the problem still exists, change the tag 'verification-needed-jammy-linux-oracle-6.2' to 'verification-failed-jammy-linux-oracle-6.2'.

If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you!

tags: added: kernel-spammed-jammy-linux-oracle-6.2-v2 verification-needed-jammy-linux-oracle-6.2
Revision history for this message
Ubuntu Kernel Bot (ubuntu-kernel-bot) wrote :

This bug is awaiting verification that the linux-nvidia-tegra/5.15.0-1019.19 kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-jammy-linux-nvidia-tegra' to 'verification-done-jammy-linux-nvidia-tegra'. If the problem still exists, change the tag 'verification-needed-jammy-linux-nvidia-tegra' to 'verification-failed-jammy-linux-nvidia-tegra'.

If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you!

tags: added: kernel-spammed-jammy-linux-nvidia-tegra-v2 verification-needed-jammy-linux-nvidia-tegra
Revision history for this message
Ubuntu Kernel Bot (ubuntu-kernel-bot) wrote :

This bug is awaiting verification that the linux-gcp-tcpx/5.15.0-1002.2 kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-focal-linux-gcp-tcpx' to 'verification-done-focal-linux-gcp-tcpx'. If the problem still exists, change the tag 'verification-needed-focal-linux-gcp-tcpx' to 'verification-failed-focal-linux-gcp-tcpx'.

If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you!

tags: added: kernel-spammed-focal-linux-gcp-tcpx-v2 verification-needed-focal-linux-gcp-tcpx
Revision history for this message
Ubuntu Kernel Bot (ubuntu-kernel-bot) wrote :

This bug is awaiting verification that the linux-xilinx-zynqmp/5.15.0-1025.29 kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-jammy-linux-xilinx-zynqmp' to 'verification-done-jammy-linux-xilinx-zynqmp'. If the problem still exists, change the tag 'verification-needed-jammy-linux-xilinx-zynqmp' to 'verification-failed-jammy-linux-xilinx-zynqmp'.

If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you!

tags: added: kernel-spammed-jammy-linux-xilinx-zynqmp-v2 verification-needed-jammy-linux-xilinx-zynqmp
Revision history for this message
Ubuntu Kernel Bot (ubuntu-kernel-bot) wrote :

This bug is awaiting verification that the linux-nvidia-tegra-igx/5.15.0-1006.6 kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-jammy-linux-nvidia-tegra-igx' to 'verification-done-jammy-linux-nvidia-tegra-igx'. If the problem still exists, change the tag 'verification-needed-jammy-linux-nvidia-tegra-igx' to 'verification-failed-jammy-linux-nvidia-tegra-igx'.

If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you!

tags: added: kernel-spammed-jammy-linux-nvidia-tegra-igx-v2 verification-needed-jammy-linux-nvidia-tegra-igx
Revision history for this message
Ubuntu Kernel Bot (ubuntu-kernel-bot) wrote :

This bug is awaiting verification that the linux-nvidia-tegra-5.15/5.15.0-1019.19~20.04.1 kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-focal-linux-nvidia-tegra-5.15' to 'verification-done-focal-linux-nvidia-tegra-5.15'. If the problem still exists, change the tag 'verification-needed-focal-linux-nvidia-tegra-5.15' to 'verification-failed-focal-linux-nvidia-tegra-5.15'.

If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you!

tags: added: kernel-spammed-focal-linux-nvidia-tegra-5.15-v2 verification-needed-focal-linux-nvidia-tegra-5.15
Revision history for this message
Ubuntu Kernel Bot (ubuntu-kernel-bot) wrote :

This bug is awaiting verification that the linux-azure-fips/5.15.0-1053.61+fips1 kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-jammy-linux-azure-fips' to 'verification-done-jammy-linux-azure-fips'. If the problem still exists, change the tag 'verification-needed-jammy-linux-azure-fips' to 'verification-failed-jammy-linux-azure-fips'.

If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you!

tags: added: kernel-spammed-jammy-linux-azure-fips-v2 verification-needed-jammy-linux-azure-fips
Revision history for this message
Ubuntu Kernel Bot (ubuntu-kernel-bot) wrote :

This bug is awaiting verification that the linux-mtk/5.15.0-1030.34 kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-jammy-linux-mtk' to 'verification-done-jammy-linux-mtk'. If the problem still exists, change the tag 'verification-needed-jammy-linux-mtk' to 'verification-failed-jammy-linux-mtk'.

If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you!

tags: added: kernel-spammed-jammy-linux-mtk-v2 verification-needed-jammy-linux-mtk
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.