linux 4.15.0-109-generic network DoS regression vs -108

Bug #1886668 reported by Steve Beattie
304
This bug affects 8 people
Affects Status Importance Assigned to Milestone
linux (Ubuntu)
Fix Released
Undecided
Thadeu Lima de Souza Cascardo
Bionic
Fix Released
Critical
Thadeu Lima de Souza Cascardo
Eoan
Fix Released
Undecided
Unassigned
Focal
Fix Released
Undecided
Unassigned
Groovy
Fix Released
Undecided
Thadeu Lima de Souza Cascardo

Bug Description

[Impact]
On systems using cgroups and sockets extensively, like docker, kubernetes, lxd, libvirt, a crash might happen when using linux 4.15.0-109-generic.

[Fix]
Revert the patch that disables sk_alloc cgroup refcounting when tasks are added to net_prio cgroup.

[Test case]
Test that such environments where the issue is reproduced survive some hours of uptime. A different bug was reproduced with a work-in-progress code and was not reproduced with the culprit reverted.

[Regression potential]
The reverted commit fix a memory leak on similar scenarios. But a leak is better than a crash. Two other bugs have been opened to track a real fix for this issue and the leak.

----------------------------------------------------------

Reported from a user:

Several of our infrastructure VMs recently started crashing (oops
attached), after they upgraded to -109.  -108 appears to be stable.

Analysing the crash, it appears to be a wild pointer access in a BPF
filter, which makes this (probably) a network-traffic triggered crash.

[ 696.396831] general protection fault: 0000 [#1] SMP PTI
[ 696.396843] Modules linked in: iscsi_target_mod target_core_mod ipt_MASQUERADE nf_nat_masquerade_ipv4 nf_conntrack_netlink nfnetlink xfrm_user xfrm_algo iptable_nat nf_conntrack_ipv4 nf_defrag_ipv4 nf_nat_ipv4 xt_addrtype iptable_filter xt_conntrack nf_nat nf_conntrack br_netfilter bridge nfsv3 cmac arc4 md4 rpcsec_gss_krb5 nfsv4 nls_utf8 cifs nfs aufs ccm fscache binfmt_misc overlay xfs libcrc32c intel_rapl crct10dif_pclmul crc32_pclmul ghash_clmulni_intel ppdev pcbc aesni_intel aes_x86_64 crypto_simd glue_helper cryptd input_leds joydev intel_rapl_perf serio_raw parport_pc parport mac_hid sch_fq_codel nfsd 8021q auth_rpcgss garp nfs_acl mrp lockd stp llc grace xenfs sunrpc xen_privcmd ip_tables x_tables autofs4 hid_generic usbhid hid psmouse i2c_piix4 pata_acpi floppy
[ 696.396966] CPU: 6 PID: 0 Comm: swapper/6 Not tainted 4.15.0-109-generic #110-Ubuntu
[ 696.396979] Hardware name: Xen HVM domU, BIOS 4.7.6-1.26 12/03/2018
[ 696.396993] RIP: 0010:__cgroup_bpf_run_filter_skb+0xbb/0x1e0
[ 696.397005] RSP: 0018:ffff893fdcb83a70 EFLAGS: 00010292
[ 696.397015] RAX: 6d69546e6f697469 RBX: 0000000000000000 RCX: 0000000000000014
[ 696.397028] RDX: 0000000000000000 RSI: ffff893fd0360000 RDI: ffff893fb5154800
[ 696.397041] RBP: ffff893fdcb83ad0 R08: 0000000000000001 R09: 0000000000000000
[ 696.397058] R10: 0000000000000000 R11: 0000000000000003 R12: 0000000000000014
[ 696.397075] R13: ffff893fb5154800 R14: 0000000000000020 R15: ffff893fc6ba4d00
[ 696.397091] FS: 0000000000000000(0000) GS:ffff893fdcb80000(0000) knlGS:0000000000000000
[ 696.397107] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 696.397119] CR2: 000000c0001b4000 CR3: 00000006dce0a004 CR4: 00000000003606e0
[ 696.397135] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 696.397152] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 696.397169] Call Trace:
[ 696.397175] <IRQ>
[ 696.397183] sk_filter_trim_cap+0xd0/0x1b0
[ 696.397191] tcp_v4_rcv+0x8b7/0xa80
[ 696.397199] ip_local_deliver_finish+0x66/0x210
[ 696.397208] ip_local_deliver+0x7e/0xe0
[ 696.397215] ? ip_rcv_finish+0x430/0x430
[ 696.397223] ip_rcv_finish+0x129/0x430
[ 696.397230] ip_rcv+0x296/0x360
[ 696.397238] ? inet_del_offload+0x40/0x40
[ 696.397249] __netif_receive_skb_core+0x432/0xb80
[ 696.397261] ? skb_send_sock+0x50/0x50
[ 696.397271] ? tcp4_gro_receive+0x137/0x1a0
[ 696.397280] __netif_receive_skb+0x18/0x60
[ 696.397290] ? __netif_receive_skb+0x18/0x60
[ 696.397300] netif_receive_skb_internal+0x45/0xe0
[ 696.397309] napi_gro_receive+0xc5/0xf0
[ 696.397317] xennet_poll+0x9ca/0xbc0
[ 696.397325] net_rx_action+0x140/0x3a0
[ 696.397334] __do_softirq+0xe4/0x2d4
[ 696.397344] irq_exit+0xc5/0xd0
[ 696.397352] xen_evtchn_do_upcall+0x30/0x50
[ 696.397361] xen_hvm_callback_vector+0x90/0xa0
[ 696.397371] </IRQ>
[ 696.397378] RIP: 0010:native_safe_halt+0x12/0x20
[ 696.397390] RSP: 0018:ffff94c4862cbe80 EFLAGS: 00000246 ORIG_RAX: ffffffffffffff0c
[ 696.397405] RAX: ffffffff8efc1800 RBX: 0000000000000006 RCX: 0000000000000000
[ 696.397419] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[ 696.397435] RBP: ffff94c4862cbe80 R08: 0000000000000002 R09: 0000000000000001
[ 696.397449] R10: 0000000000100000 R11: 0000000000000397 R12: 0000000000000006
[ 696.397462] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 696.397479] ? __sched_text_end+0x1/0x1
[ 696.397489] default_idle+0x20/0x100
[ 696.397499] arch_cpu_idle+0x15/0x20
[ 696.397507] default_idle_call+0x23/0x30
[ 696.397515] do_idle+0x172/0x1f0
[ 696.397522] cpu_startup_entry+0x73/0x80
[ 696.397530] start_secondary+0x1ab/0x200
[ 696.397538] secondary_startup_64+0xa5/0xb0
[ 696.397545] Code: 89 5d b0 49 29 cc 45 01 a7 80 00 00 00 44 89 e1 48 29 c8 48 89 4d a8 49 89 87 d8 00 00 00 89 d2 48 8d 84 d6 38 03 00 00 48 8b 00 <4c> 8b 70 10 4c 8d 68 10 4d 85 f6 0f 84 f6 00 00 00 49 8d 47 30
[ 696.397584] RIP: __cgroup_bpf_run_filter_skb+0xbb/0x1e0 RSP: ffff893fdcb83a70
[ 696.397607] ---[ end trace ec5c84424d511a6f ]---
[ 696.397616] Kernel panic - not syncing: Fatal exception in interrupt
[ 696.397876] Kernel Offset: 0xd600000 from 0xffffffff81000000 (relocation range: 0xffffffff80000000-0xffffffffbfffffff)

We've correlated some of the other crashes, and the ASCII was a bit of a
red herring.  All the others are a NULL pointer deference in the same
place, so the problem is likely OoB memory read (possibly
use-after-free) of a piece of memory which is usually zero, but not always.

It is actually the control VM's for our test farms which were impacted,
one of which was reliably crashing every 5 minutes or so, and others on
more sporadic intervals up to about a day.  In all cases, reverting to
the -108 kernel has resolved the crashes.

Unfortunately, attempts to repro this off our production environment
with a packet trace aren't going quite so well.  We're still experimenting.

Steve Beattie (sbeattie)
summary: - placeholder
+ linux 4.15.0-109-generic network DoS regression vs -108
description: updated
Changed in linux (Ubuntu):
assignee: nobody → Thadeu Lima de Souza Cascardo (cascardo)
Revision history for this message
Thadeu Lima de Souza Cascardo (cascardo) wrote :

So, sock_cgroup_data is overloaded with net_prio prioidx and net_cls classid. There are two small patches for those two subsystems in 4.15.0-109 compared with 4.15.0-108. At first look, they appear harmless, but we have little information on the workload that generates this crash.

I tried manipulating net_prio and net_cls while running a socket with a cgroup bpf program attached on ingress, but with little luck reproducint. It seems the workload is more complicated than that.

It might be worth asking the reporter to try with a test kernel with those two commits reverted. On bionic tree, they are:

5eebba2159d707ae9533a52839e1ba71754c4426
a3e9313430937c4ce9ac4c1036403b0a6d391f7c

Cascardo.

Revision history for this message
Thadeu Lima de Souza Cascardo (cascardo) wrote :

Crash report:
https://<email address hidden>/

Potential fix discussion:
https://<email address hidden>/

Bugzilla:
https://bugzilla.kernel.org/show_bug.cgi?id=208003

So, my hunch about net_prio was right, and the issue has a lot of public visibility too. We might consider lifting the private bit here.

Cascardo.

Steve Beattie (sbeattie)
information type: Private Security → Public Security
Revision history for this message
Ubuntu Kernel Bot (ubuntu-kernel-bot) wrote : Missing required logs.

This bug is missing log files that will aid in diagnosing the problem. While running an Ubuntu kernel (not a mainline or third-party kernel) please enter the following command in a terminal window:

apport-collect 1886668

and then change the status of the bug to 'Confirmed'.

If, due to the nature of the issue you have encountered, you are unable to run this command, please add a comment stating that fact and change the bug status to 'Confirmed'.

This change has been made by an automated script, maintained by the Ubuntu Kernel Team.

Changed in linux (Ubuntu):
status: New → Incomplete
tags: added: bionic
Revision history for this message
Thadeu Lima de Souza Cascardo (cascardo) wrote :

This is caused by net_cls and net_prio cgroups disabling cgroup BPF and
causing it to stop refcounting when allocating new sockets. Releasing those
sockets will cause the refcount to go negative, leading to the potential
use-after-free.

Though this revert won't prevent the issue from happening as it could still
theoretically be caused by setting net_cls.classid or net_prio.ifpriomap,
this will prevent it from happening on default system configurations. A
combination of systemd use of cgroup BPF and extensive cgroup use including
net_prio will cause this. Reports usually involve using lxd, libvirt,
docker or kubernetes and some systemd service with IPAddressDeny or
IPAddressAllow.

And though this patch has been introduced to avoid some potential memory
leaks, the cure is worse than the disease. We will need to revisit both
issues later on and reapply this patch when we have a real fix for the
crash.

Cascardo.

Changed in linux (Ubuntu):
status: Incomplete → Invalid
Changed in linux (Ubuntu Bionic):
status: New → In Progress
assignee: nobody → Thadeu Lima de Souza Cascardo (cascardo)
importance: Undecided → Critical
description: updated
Revision history for this message
Thadeu Lima de Souza Cascardo (cascardo) wrote :

Bugs are LP#1886860 and LP#1886859.

description: updated
Revision history for this message
Thadeu Lima de Souza Cascardo (cascardo) wrote :
Changed in linux (Ubuntu Bionic):
status: In Progress → Fix Committed
Changed in linux (Ubuntu Groovy):
status: Invalid → In Progress
Changed in linux (Ubuntu Focal):
status: New → In Progress
Changed in linux (Ubuntu Eoan):
status: New → In Progress
tags: added: patch
Revision history for this message
Thadeu Lima de Souza Cascardo (cascardo) wrote :

https://launchpad.net/~cascardo/+archive/ubuntu/ppa/+sourcepub/11419106/+listing-archive-extra

So, this package on my ppa is built for bionic, but should work on other series too.

It has a service that will call a wrapper that will start the reproducer and reboot. The reason for the reboot is because once we add a task to net_prio cgroup, it will disable cgroup bpf and we can't call the reproducer again. And the reproducer, though it can cause the refcount to go below 0 every time, it won't always cause the exact crash from this bug.

Once you want to disable the reproducer, you should add to the kernel cmdline the parameter "systemd.mask=cgroup-bpf-net-prio-crash.service". Then, you need to remove the package and can get your system back.

You may be running some service that will add a task to net_prio or net_cls cgroup, thus preventing the reproducer to run at all (but not stop it from rebooting your system over and over again). lxd comes to mind here.

You may check that it's the case (before installing the reproducer) by looking at dmesg and searching for:
cgroup: cgroup: disabling cgroup2 socket matching due to net_prio or net_cls activation

The following WARN is the demonstration that the refcount underflow has happened (though not the crash):
[ 12.581125] ------------[ cut here ]------------
[ 12.585021] percpu ref (cgroup_bpf_release_fn) <= 0 (-357) after switching to atomic
[ 12.585092] WARNING: CPU: 2 PID: 665 at lib/percpu-refcount.c:160 percpu_ref_switch_to_atomic_rcu+0x12e/0x140

The crash will cause a panic and likely prevent the system from rebooting, showing you have reproduced the issue.

If you never see the WARN, the bug has been mitigated, though it can still happen if we modify the reproducer slightly to also change net_cls.classid.

Cascardo.

Changed in linux (Ubuntu Eoan):
status: In Progress → Fix Committed
Changed in linux (Ubuntu Focal):
status: In Progress → Fix Committed
Revision history for this message
Ubuntu Kernel Bot (ubuntu-kernel-bot) wrote :

This bug is awaiting verification that the kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-bionic' to 'verification-done-bionic'. If the problem still exists, change the tag 'verification-needed-bionic' to 'verification-failed-bionic'.

If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you!

tags: added: verification-needed-bionic
Revision history for this message
Ubuntu Kernel Bot (ubuntu-kernel-bot) wrote :

This bug is awaiting verification that the kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-focal' to 'verification-done-focal'. If the problem still exists, change the tag 'verification-needed-focal' to 'verification-failed-focal'.

If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you!

tags: added: verification-needed-focal
Revision history for this message
Ubuntu Kernel Bot (ubuntu-kernel-bot) wrote :

This bug is awaiting verification that the kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-eoan' to 'verification-done-eoan'. If the problem still exists, change the tag 'verification-needed-eoan' to 'verification-failed-eoan'.

If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you!

tags: added: verification-needed-eoan
Revision history for this message
Kleber Sacilotto de Souza (kleber-souza) wrote :

I confirm that I can't reproduce the bug with the reproducer from comment #7 with bionic/linux 4.15.0-111.

tags: added: verification-done-bionic
removed: verification-needed-bionic
Revision history for this message
Sean Groarke (sgroarke) wrote :

Concur. Previously in bionic 4.15.0-109 I would get this within 5 or 6 hours *max* (often much less) with 4.15.0-111 I'm at about 24 hours so far and no sign. Looks good.

Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package linux - 4.15.0-111.112

---------------
linux (4.15.0-111.112) bionic; urgency=medium

  * bionic/linux: 4.15.0-111.112 -proposed tracker (LP: #1886999)

  * Bionic update: upstream stable patchset 2020-05-07 (LP: #1877461)
    - SAUCE: mlxsw: Add missmerged ERR_PTR hunk

  * linux 4.15.0-109-generic network DoS regression vs -108 (LP: #1886668)
    - SAUCE: Revert "netprio_cgroup: Fix unlimited memory leak of v2 cgroups"

 -- Khalid Elmously <email address hidden> Thu, 09 Jul 2020 16:03:14 -0400

Changed in linux (Ubuntu Bionic):
status: Fix Committed → Fix Released
Revision history for this message
Ubuntu SRU Bot (ubuntu-sru-bot) wrote : Autopkgtest regression report (linux-gcp-5.4/5.4.0-1021.21~18.04.1)

All autopkgtests for the newly accepted linux-gcp-5.4 (5.4.0-1021.21~18.04.1) for bionic have finished running.
The following regressions have been reported in tests triggered by the package:

zfs-linux/0.7.5-1ubuntu16.9 (armhf)

Please visit the excuses page listed below and investigate the failures, proceeding afterwards as per the StableReleaseUpdates policy regarding autopkgtest regressions [1].

https://people.canonical.com/~ubuntu-archive/proposed-migration/bionic/update_excuses.html#linux-gcp-5.4

[1] https://wiki.ubuntu.com/StableReleaseUpdates#Autopkgtest_Regressions

Thank you!

Revision history for this message
Ubuntu SRU Bot (ubuntu-sru-bot) wrote : Autopkgtest regression report (linux-azure-5.3/5.3.0-1034.35~18.04.1)

All autopkgtests for the newly accepted linux-azure-5.3 (5.3.0-1034.35~18.04.1) for bionic have finished running.
The following regressions have been reported in tests triggered by the package:

zfs-linux/0.7.5-1ubuntu16.9 (armhf)

Please visit the excuses page listed below and investigate the failures, proceeding afterwards as per the StableReleaseUpdates policy regarding autopkgtest regressions [1].

https://people.canonical.com/~ubuntu-archive/proposed-migration/bionic/update_excuses.html#linux-azure-5.3

[1] https://wiki.ubuntu.com/StableReleaseUpdates#Autopkgtest_Regressions

Thank you!

Revision history for this message
Ubuntu SRU Bot (ubuntu-sru-bot) wrote : Autopkgtest regression report (linux-aws-5.3/5.3.0-1032.34~18.04.1)

All autopkgtests for the newly accepted linux-aws-5.3 (5.3.0-1032.34~18.04.1) for bionic have finished running.
The following regressions have been reported in tests triggered by the package:

zfs-linux/0.7.5-1ubuntu16.9 (arm64, amd64)

Please visit the excuses page listed below and investigate the failures, proceeding afterwards as per the StableReleaseUpdates policy regarding autopkgtest regressions [1].

https://people.canonical.com/~ubuntu-archive/proposed-migration/bionic/update_excuses.html#linux-aws-5.3

[1] https://wiki.ubuntu.com/StableReleaseUpdates#Autopkgtest_Regressions

Thank you!

Revision history for this message
Ubuntu SRU Bot (ubuntu-sru-bot) wrote : Autopkgtest regression report (linux-aws-5.4/5.4.0-1020.20~18.04.2)

All autopkgtests for the newly accepted linux-aws-5.4 (5.4.0-1020.20~18.04.2) for bionic have finished running.
The following regressions have been reported in tests triggered by the package:

zfs-linux/0.7.5-1ubuntu16.9 (armhf)

Please visit the excuses page listed below and investigate the failures, proceeding afterwards as per the StableReleaseUpdates policy regarding autopkgtest regressions [1].

https://people.canonical.com/~ubuntu-archive/proposed-migration/bionic/update_excuses.html#linux-aws-5.4

[1] https://wiki.ubuntu.com/StableReleaseUpdates#Autopkgtest_Regressions

Thank you!

Revision history for this message
Ubuntu SRU Bot (ubuntu-sru-bot) wrote : Autopkgtest regression report (linux-gcp-5.3/5.3.0-1032.34~18.04.1)

All autopkgtests for the newly accepted linux-gcp-5.3 (5.3.0-1032.34~18.04.1) for bionic have finished running.
The following regressions have been reported in tests triggered by the package:

zfs-linux/0.7.5-1ubuntu16.9 (armhf)

Please visit the excuses page listed below and investigate the failures, proceeding afterwards as per the StableReleaseUpdates policy regarding autopkgtest regressions [1].

https://people.canonical.com/~ubuntu-archive/proposed-migration/bionic/update_excuses.html#linux-gcp-5.3

[1] https://wiki.ubuntu.com/StableReleaseUpdates#Autopkgtest_Regressions

Thank you!

Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package linux - 5.4.0-42.46

---------------
linux (5.4.0-42.46) focal; urgency=medium

  * focal/linux: 5.4.0-42.46 -proposed tracker (LP: #1887069)

  * linux 4.15.0-109-generic network DoS regression vs -108 (LP: #1886668)
    - SAUCE: Revert "netprio_cgroup: Fix unlimited memory leak of v2 cgroups"

linux (5.4.0-41.45) focal; urgency=medium

  * focal/linux: 5.4.0-41.45 -proposed tracker (LP: #1885855)

  * Packaging resync (LP: #1786013)
    - update dkms package versions

  * CVE-2019-19642
    - kernel/relay.c: handle alloc_percpu returning NULL in relay_open

  * CVE-2019-16089
    - SAUCE: nbd_genl_status: null check for nla_nest_start

  * CVE-2020-11935
    - aufs: do not call i_readcount_inc()

  * ip_defrag.sh in net from ubuntu_kernel_selftests failed with 5.0 / 5.3 / 5.4
    kernel (LP: #1826848)
    - selftests: net: ip_defrag: ignore EPERM

  * Update lockdown patches (LP: #1884159)
    - SAUCE: acpi: disallow loading configfs acpi tables when locked down

  * seccomp_bpf fails on powerpc (LP: #1885757)
    - SAUCE: selftests/seccomp: fix ptrace tests on powerpc

  * Introduce the new NVIDIA 418-server and 440-server series, and update the
    current NVIDIA drivers (LP: #1881137)
    - [packaging] add signed modules for the 418-server and the 440-server
      flavours

 -- Khalid Elmously <email address hidden> Thu, 09 Jul 2020 19:50:26 -0400

Changed in linux (Ubuntu Focal):
status: Fix Committed → Fix Released
Revision history for this message
Janåke Rönnblom (jan-ake) wrote :

I think this is needed in linux-generic-hwe-18.04.

We get similar crashes with 5.3.0.62

Revision history for this message
Matthias Köhne (mattone) wrote :

I was also affected in bionic (linux-image-5.3.0-62-generic), but (since today?) there is an update available: linux-image-5.4.0-42-generic (5.4.0-42.46~18.04.1)

Revision history for this message
Launchpad Janitor (janitor) wrote :
Download full text (30.5 KiB)

This bug was fixed in the package linux - 5.3.0-64.58

---------------
linux (5.3.0-64.58) eoan; urgency=medium

  * eoan/linux: 5.3.0-64.58 -proposed tracker (LP: #1887088)

  * linux 4.15.0-109-generic network DoS regression vs -108 (LP: #1886668)
    - SAUCE: Revert "netprio_cgroup: Fix unlimited memory leak of v2 cgroups"

linux (5.3.0-63.57) eoan; urgency=medium

  * eoan/linux: 5.3.0-63.57 -proposed tracker (LP: #1885495)

  * seccomp_bpf fails on powerpc (LP: #1885757)
    - SAUCE: selftests/seccomp: fix ptrace tests on powerpc

  * The thread level parallelism would be a bottleneck when searching for the
    shared pmd by using hugetlbfs (LP: #1882039)
    - hugetlbfs: take read_lock on i_mmap for PMD sharing

  * Eoan update: upstream stable patchset 2020-06-30 (LP: #1885775)
    - ipv6: fix IPV6_ADDRFORM operation logic
    - net_failover: fixed rollback in net_failover_open()
    - bridge: Avoid infinite loop when suppressing NS messages with invalid
      options
    - vxlan: Avoid infinite loop when suppressing NS messages with invalid options
    - tun: correct header offsets in napi frags mode
    - Input: mms114 - fix handling of mms345l
    - ARM: 8977/1: ptrace: Fix mask for thumb breakpoint hook
    - sched/fair: Don't NUMA balance for kthreads
    - Input: synaptics - add a second working PNP_ID for Lenovo T470s
    - drivers/net/ibmvnic: Update VNIC protocol version reporting
    - powerpc/xive: Clear the page tables for the ESB IO mapping
    - ath9k_htc: Silence undersized packet warnings
    - RDMA/uverbs: Make the event_queue fds return POLLERR when disassociated
    - x86/cpu/amd: Make erratum #1054 a legacy erratum
    - perf probe: Accept the instance number of kretprobe event
    - mm: add kvfree_sensitive() for freeing sensitive data objects
    - aio: fix async fsync creds
    - x86_64: Fix jiffies ODR violation
    - x86/PCI: Mark Intel C620 MROMs as having non-compliant BARs
    - x86/speculation: Prevent rogue cross-process SSBD shutdown
    - x86/reboot/quirks: Add MacBook6,1 reboot quirk
    - efi/efivars: Add missing kobject_put() in sysfs entry creation error path
    - ALSA: es1688: Add the missed snd_card_free()
    - ALSA: hda/realtek - add a pintbl quirk for several Lenovo machines
    - ALSA: usb-audio: Fix inconsistent card PM state after resume
    - ALSA: usb-audio: Add vendor, product and profile name for HP Thunderbolt
      Dock
    - ACPI: sysfs: Fix reference count leak in acpi_sysfs_add_hotplug_profile()
    - ACPI: CPPC: Fix reference count leak in acpi_cppc_processor_probe()
    - ACPI: GED: add support for _Exx / _Lxx handler methods
    - ACPI: PM: Avoid using power resources if there are none for D0
    - nilfs2: fix null pointer dereference at nilfs_segctor_do_construct()
    - spi: dw: Fix controller unregister order
    - spi: bcm2835aux: Fix controller unregister order
    - spi: bcm-qspi: when tx/rx buffer is NULL set to 0
    - PM: runtime: clk: Fix clk_pm_runtime_get() error path
    - crypto: cavium/nitrox - Fix 'nitrox_get_first_device()' when ndevlist is
      fully iterated
    - ALSA: pcm: disallow linking stream to itself
    - x86/{mce,mm}: Unmap the entire page if the who...

Changed in linux (Ubuntu Eoan):
status: Fix Committed → Fix Released
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package linux - 5.4.0-42.46

---------------
linux (5.4.0-42.46) focal; urgency=medium

  * focal/linux: 5.4.0-42.46 -proposed tracker (LP: #1887069)

  * linux 4.15.0-109-generic network DoS regression vs -108 (LP: #1886668)
    - SAUCE: Revert "netprio_cgroup: Fix unlimited memory leak of v2 cgroups"

linux (5.4.0-41.45) focal; urgency=medium

  * focal/linux: 5.4.0-41.45 -proposed tracker (LP: #1885855)

  * Packaging resync (LP: #1786013)
    - update dkms package versions

  * CVE-2019-19642
    - kernel/relay.c: handle alloc_percpu returning NULL in relay_open

  * CVE-2019-16089
    - SAUCE: nbd_genl_status: null check for nla_nest_start

  * CVE-2020-11935
    - aufs: do not call i_readcount_inc()

  * ip_defrag.sh in net from ubuntu_kernel_selftests failed with 5.0 / 5.3 / 5.4
    kernel (LP: #1826848)
    - selftests: net: ip_defrag: ignore EPERM

  * Update lockdown patches (LP: #1884159)
    - SAUCE: acpi: disallow loading configfs acpi tables when locked down

  * seccomp_bpf fails on powerpc (LP: #1885757)
    - SAUCE: selftests/seccomp: fix ptrace tests on powerpc

  * Introduce the new NVIDIA 418-server and 440-server series, and update the
    current NVIDIA drivers (LP: #1881137)
    - [packaging] add signed modules for the 418-server and the 440-server
      flavours

 -- Khalid Elmously <email address hidden> Thu, 09 Jul 2020 19:50:26 -0400

Changed in linux (Ubuntu Groovy):
status: In Progress → Fix Released
To post a comment you must log in.
This report contains Public Security information  
Everyone can see this security related information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.