2023-02-23 02:48:48 |
Michael Reed |
bug |
|
|
added bug |
2023-02-23 03:20:40 |
Michael Reed |
description |
SRU Justification:
[Impact]
When booted into Ubuntu 22.04.1 OS after installation, observed "Array Index out of bounds" Call Trace multiple times in dmesg.
Call Trace is as follow:
[ 6.125704] UBSAN: array-index-out-of-bounds in /build/linux-JjvoxS/linux-5.15.0/drivers/scsi/megaraid/megaraid_sas_fp.c:103:32
[ 6.125705] index 1 is out of range for type 'MR_LD_SPAN_MAP [1]'
[ 6.125707] CPU: 0 PID: 18 Comm: kworker/0:1 Not tainted 5.15.0-53-generic #59-Ubuntu
[ 6.125709] Hardware name: Dell Inc. , BIOS 11/08/2022
[ 6.125710] Workqueue: events work_for_cpu_fn
[ 6.125716] Call Trace:
[ 6.125718] <TASK>
[ 6.125720] show_stack+0x52/0x5c
[ 6.125725] dump_stack_lvl+0x4a/0x63
[ 6.125731] dump_stack+0x10/0x16
[ 6.125732] ubsan_epilogue+0x9/0x49
[ 6.125734] __ubsan_handle_out_of_bounds.cold+0x44/0x49
[ 6.125736] ? MR_PopulateDrvRaidMap+0x194/0x580 [megaraid_sas]
[ 6.125747] mr_update_load_balance_params+0xb9/0xc0 [megaraid_sas]
[ 6.125753] MR_ValidateMapInfo+0x8d/0x290 [megaraid_sas]
[ 6.125757] megasas_init_adapter_fusion+0x3ce/0x420 [megaraid_sas]
[ 6.125762] ? megasas_setup_reply_map+0x49/0xac [megaraid_sas]
[ 6.125768] megasas_init_fw.cold+0x87c/0x10c8 [megaraid_sas]
[ 6.125774] megasas_probe_one+0x15c/0x4e0 [megaraid_sas]
[ 6.125779] local_pci_probe+0x48/0x90
[ 6.125783] work_for_cpu_fn+0x17/0x30
[ 6.125785] process_one_work+0x228/0x3d0
[ 6.125786] worker_thread+0x223/0x420
[ 6.125787] ? process_one_work+0x3d0/0x3d0
[ 6.125788] kthread+0x127/0x150
[ 6.125790] ? set_kthread_struct+0x50/0x50
[ 6.125791] ret_from_fork+0x1f/0x30
[ 6.125796] </TASK>
[ 6.125796] ================================================================================
Steps to reproduce:
1. Connect PERC H355 controller to the system
2. Create RAID1 using drives connected to PERC Controller
3. Install Ubuntu 22.04.1 on VD
4. Boot into OS after installation
5. Multiple Call Traces of "array-index-out-of-bounds" are seen
Expected Behavior:
OS should boot without this Call Trace
[Fix]
[PATCH v3 0/6] Replace one-element arrays with flexible-array members
https://lore.kernel.org/linux-hardening/cover.1660592640.git.gustavoars@kernel.org/
48658213 scsi: megaraid_sas: Use struct_size() in code related to struct MR_PD_CFG_SEQ_NUM_SYNC
41e83026 scsi: megaraid_sas: Use struct_size() in code related to struct MR_FW_RAID_MAP
ee92366a scsi: megaraid_sas: Replace one-element array with flexible-array member in MR_PD_CFG_SEQ_NUM_SYNC
eeb3bab7 scsi: megaraid_sas: Replace one-element array with flexible-array member in MR_DRV_RAID_MAP
204a29a1 scsi: megaraid_sas: Replace one-element array with flexible-array member in MR_FW_RAID_MAP_DYNAMIC
ac23b92b scsi: megaraid_sas: Replace one-element array with flexible-array member in MR_FW_RAID_MAP
[Test Plan]
1. Connect PERC H355 controller to the system
2. Create RAID1 using drives connected to PERC Controller
3. Install Ubuntu 22.04.1 on VD
4. Boot into OS after installation
OS should boot without the Call Trace listed in the Impact field
[Where problems could occur]
[Other Info]
https://code.launchpad.net/~mreed8855/ubuntu/+source/linux/+git/jammy/+ref/array_bounds_lp_1999503 |
SRU Justification:
[Impact]
When booted into Ubuntu 22.04.1 OS after installation, observed "Array Index out of bounds" Call Trace multiple times in dmesg.
Call Trace is as follow:
[ 6.125704] UBSAN: array-index-out-of-bounds in /build/linux-JjvoxS/linux-5.15.0/drivers/scsi/megaraid/megaraid_sas_fp.c:103:32
[ 6.125705] index 1 is out of range for type 'MR_LD_SPAN_MAP [1]'
[ 6.125707] CPU: 0 PID: 18 Comm: kworker/0:1 Not tainted 5.15.0-53-generic #59-Ubuntu
[ 6.125709] Hardware name: Dell Inc. , BIOS 11/08/2022
[ 6.125710] Workqueue: events work_for_cpu_fn
[ 6.125716] Call Trace:
[ 6.125718] <TASK>
[ 6.125720] show_stack+0x52/0x5c
[ 6.125725] dump_stack_lvl+0x4a/0x63
[ 6.125731] dump_stack+0x10/0x16
[ 6.125732] ubsan_epilogue+0x9/0x49
[ 6.125734] __ubsan_handle_out_of_bounds.cold+0x44/0x49
[ 6.125736] ? MR_PopulateDrvRaidMap+0x194/0x580 [megaraid_sas]
[ 6.125747] mr_update_load_balance_params+0xb9/0xc0 [megaraid_sas]
[ 6.125753] MR_ValidateMapInfo+0x8d/0x290 [megaraid_sas]
[ 6.125757] megasas_init_adapter_fusion+0x3ce/0x420 [megaraid_sas]
[ 6.125762] ? megasas_setup_reply_map+0x49/0xac [megaraid_sas]
[ 6.125768] megasas_init_fw.cold+0x87c/0x10c8 [megaraid_sas]
[ 6.125774] megasas_probe_one+0x15c/0x4e0 [megaraid_sas]
[ 6.125779] local_pci_probe+0x48/0x90
[ 6.125783] work_for_cpu_fn+0x17/0x30
[ 6.125785] process_one_work+0x228/0x3d0
[ 6.125786] worker_thread+0x223/0x420
[ 6.125787] ? process_one_work+0x3d0/0x3d0
[ 6.125788] kthread+0x127/0x150
[ 6.125790] ? set_kthread_struct+0x50/0x50
[ 6.125791] ret_from_fork+0x1f/0x30
[ 6.125796] </TASK>
[ 6.125796] ================================================================================
Steps to reproduce:
1. Connect PERC H355 controller to the system
2. Create RAID1 using drives connected to PERC Controller
3. Install Ubuntu 22.04.1 on VD
4. Boot into OS after installation
5. Multiple Call Traces of "array-index-out-of-bounds" are seen
Expected Behavior:
OS should boot without this Call Trace
[Fix]
[PATCH v3 0/6] Replace one-element arrays with flexible-array members
https://lore.kernel.org/linux-hardening/cover.1660592640.git.gustavoars@kernel.org/
48658213 scsi: megaraid_sas: Use struct_size() in code related to struct MR_PD_CFG_SEQ_NUM_SYNC
41e83026 scsi: megaraid_sas: Use struct_size() in code related to struct MR_FW_RAID_MAP
ee92366a scsi: megaraid_sas: Replace one-element array with flexible-array member in MR_PD_CFG_SEQ_NUM_SYNC
eeb3bab7 scsi: megaraid_sas: Replace one-element array with flexible-array member in MR_DRV_RAID_MAP
204a29a1 scsi: megaraid_sas: Replace one-element array with flexible-array member in MR_FW_RAID_MAP_DYNAMIC
ac23b92b scsi: megaraid_sas: Replace one-element array with flexible-array member in MR_FW_RAID_MAP
[Test Plan]
1. Connect PERC H355 controller to the system
2. Create RAID1 using drives connected to PERC Controller
3. Install Ubuntu 22.04.1 on VD
4. Boot into OS after installation
OS should boot without the Call Trace listed in the Impact field
[Where problems could occur]
[Other Info]
https://code.launchpad.net/~mreed8855/ubuntu/+source/linux/+git/jammy/+ref/array_bounds_lp_2008157 |
|
2023-02-23 04:24:51 |
Ubuntu Foundations Team Bug Bot |
tags |
|
bot-comment |
|
2023-02-23 15:52:41 |
Michael Reed |
nominated for series |
|
Ubuntu Jammy |
|
2023-02-23 15:52:41 |
Michael Reed |
bug task added |
|
Ubuntu Jammy |
|
2023-02-23 15:52:49 |
Michael Reed |
Ubuntu Jammy: assignee |
|
Michael Reed (mreed8855) |
|
2023-02-23 15:52:51 |
Michael Reed |
ubuntu: assignee |
|
Michael Reed (mreed8855) |
|
2023-02-23 15:52:56 |
Michael Reed |
ubuntu: importance |
Undecided |
Medium |
|
2023-02-23 15:52:59 |
Michael Reed |
Ubuntu Jammy: importance |
Undecided |
Medium |
|
2023-02-23 15:53:03 |
Michael Reed |
ubuntu: status |
New |
In Progress |
|
2023-02-23 15:53:06 |
Michael Reed |
Ubuntu Jammy: status |
New |
In Progress |
|
2023-02-23 17:13:59 |
Brian Murray |
affects |
ubuntu |
linux (Ubuntu) |
|
2023-03-22 09:39:15 |
Stefan Bader |
linux (Ubuntu Jammy): status |
In Progress |
Fix Committed |
|
2023-04-20 19:49:12 |
Ubuntu Kernel Bot |
tags |
bot-comment |
bot-comment kernel-spammed-jammy-linux verification-needed-jammy |
|
2023-05-11 06:03:47 |
AceLan Kao |
nominated for series |
|
Ubuntu Kinetic |
|
2023-05-11 06:03:47 |
AceLan Kao |
bug task added |
|
linux (Ubuntu Kinetic) |
|
2023-05-11 06:04:16 |
AceLan Kao |
linux (Ubuntu Kinetic): status |
New |
In Progress |
|
2023-05-11 06:04:19 |
AceLan Kao |
linux (Ubuntu Kinetic): assignee |
|
AceLan Kao (acelankao) |
|
2023-05-11 13:39:55 |
Olivier FAURAX |
bug |
|
|
added subscriber Olivier FAURAX |
2023-05-12 12:17:43 |
Stefan Bader |
linux (Ubuntu Kinetic): importance |
Undecided |
Medium |
|
2023-05-15 12:16:56 |
Launchpad Janitor |
linux (Ubuntu Jammy): status |
Fix Committed |
Fix Released |
|
2023-05-15 12:16:56 |
Launchpad Janitor |
cve linked |
|
2023-1075 |
|
2023-05-15 12:16:56 |
Launchpad Janitor |
cve linked |
|
2023-1118 |
|
2023-05-18 14:16:40 |
Vinay HM |
tags |
bot-comment kernel-spammed-jammy-linux verification-needed-jammy |
bot-comment kernel-spammed-jammy-linux verification-done-jammy |
|
2023-05-18 17:02:00 |
Ubuntu Kernel Bot |
tags |
bot-comment kernel-spammed-jammy-linux verification-done-jammy |
bot-comment kernel-spammed-focal-linux-riscv-5.15 kernel-spammed-jammy-linux verification-done-jammy verification-needed-focal |
|
2023-05-25 04:06:30 |
Ubuntu Kernel Bot |
tags |
bot-comment kernel-spammed-focal-linux-riscv-5.15 kernel-spammed-jammy-linux verification-done-jammy verification-needed-focal |
bot-comment kernel-spammed-focal-linux-riscv-5.15 kernel-spammed-jammy-linux kernel-spammed-jammy-linux-intel-iotg verification-needed-focal verification-needed-jammy |
|
2023-05-25 09:39:40 |
Jian Hui Lee |
tags |
bot-comment kernel-spammed-focal-linux-riscv-5.15 kernel-spammed-jammy-linux kernel-spammed-jammy-linux-intel-iotg verification-needed-focal verification-needed-jammy |
bot-comment kernel-spammed-focal-linux-riscv-5.15 kernel-spammed-jammy-linux kernel-spammed-jammy-linux-intel-iotg verification-done-jammy verification-needed-focal |
|
2023-06-02 01:07:28 |
Ubuntu Kernel Bot |
tags |
bot-comment kernel-spammed-focal-linux-riscv-5.15 kernel-spammed-jammy-linux kernel-spammed-jammy-linux-intel-iotg verification-done-jammy verification-needed-focal |
bot-comment kernel-spammed-focal-linux-riscv-5.15 kernel-spammed-jammy-linux kernel-spammed-jammy-linux-aws kernel-spammed-jammy-linux-intel-iotg verification-needed-focal verification-needed-jammy |
|
2023-06-03 17:22:15 |
Ubuntu Kernel Bot |
tags |
bot-comment kernel-spammed-focal-linux-riscv-5.15 kernel-spammed-jammy-linux kernel-spammed-jammy-linux-aws kernel-spammed-jammy-linux-intel-iotg verification-needed-focal verification-needed-jammy |
bot-comment kernel-spammed-focal-linux-riscv-5.15 kernel-spammed-jammy-linux kernel-spammed-jammy-linux-aws kernel-spammed-jammy-linux-azure kernel-spammed-jammy-linux-intel-iotg verification-needed-focal verification-needed-jammy |
|
2023-06-15 08:30:08 |
Stefan Bader |
linux (Ubuntu Kinetic): status |
In Progress |
Fix Committed |
|
2023-07-08 00:02:00 |
Ubuntu Kernel Bot |
tags |
bot-comment kernel-spammed-focal-linux-riscv-5.15 kernel-spammed-jammy-linux kernel-spammed-jammy-linux-aws kernel-spammed-jammy-linux-azure kernel-spammed-jammy-linux-intel-iotg verification-needed-focal verification-needed-jammy |
bot-comment kernel-spammed-focal-linux-riscv-5.15 kernel-spammed-jammy-linux kernel-spammed-jammy-linux-aws kernel-spammed-jammy-linux-azure kernel-spammed-jammy-linux-intel-iotg kernel-spammed-kinetic-linux verification-needed-focal verification-needed-jammy verification-needed-kinetic |
|
2023-09-09 14:17:47 |
Ubuntu Kernel Bot |
tags |
bot-comment kernel-spammed-focal-linux-riscv-5.15 kernel-spammed-jammy-linux kernel-spammed-jammy-linux-aws kernel-spammed-jammy-linux-azure kernel-spammed-jammy-linux-intel-iotg kernel-spammed-kinetic-linux verification-needed-focal verification-needed-jammy verification-needed-kinetic |
bot-comment kernel-spammed-focal-linux-aws-5.15-v2 kernel-spammed-focal-linux-riscv-5.15 kernel-spammed-jammy-linux kernel-spammed-jammy-linux-aws kernel-spammed-jammy-linux-azure kernel-spammed-jammy-linux-intel-iotg kernel-spammed-kinetic-linux verification-needed-focal verification-needed-focal-linux-aws-5.15 verification-needed-jammy verification-needed-kinetic |
|