Use new annotations model

Bug #2019000 reported by Andrea Righi
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
linux (Ubuntu)
Invalid
Undecided
Unassigned
Focal
Fix Released
Medium
Roxana Nicolescu
Jammy
Fix Released
Low
Unassigned
Kinetic
Won't Fix
Low
Unassigned
linux-gcp (Ubuntu)
New
Undecided
Unassigned
Focal
Fix Released
Undecided
Unassigned
Jammy
Fix Released
Medium
Thadeu Lima de Souza Cascardo
Kinetic
Invalid
Undecided
Thadeu Lima de Souza Cascardo
linux-kvm (Ubuntu)
New
Undecided
Unassigned
Focal
Fix Released
Undecided
Thibf
Jammy
New
Undecided
Unassigned
Kinetic
Invalid
Undecided
Unassigned

Bug Description

[Impact]

Starting with lunar we have introduced a new way to manage kernel configs, unifying the duplicated information defined in the annotations file + config chunks into an annotations-only model.

[Test case]

A kernel build can be considered a valid test case, in particular the specific command that is used to update the .config's for all the supported architectures and flavours:

 $ fakeroot debian/rules updateconfigs

[Fix]

Import the required changes in debian/ from lunar (with the required adjustments) to support the annotations-only model also in all the previous releases.

[Regression potential]

We may experience regressions during the updateconfigs step, especially with derivatives. Moreover, derivatives that want to transition to the new annotations model require to adjust the header in the annotations file as following (make sure to define the corresponding architectures and flavours):

# FORMAT: 4
# ARCH: amd64 arm64 armhf ppc64el s390x
# FLAVOUR: amd64-generic amd64-lowlatency arm64-generic arm64-generic-64k arm64-lowlatency arm64-lowlatency-64k armhf-generic armhf-generic-lpae ppc64el-generic s390x-generic

After adjusting the header a special command is provided to transition to the new annotations-only model:

 $ fakeroot debian/rules migrateconfigs

This command should automatically import the old configs into the new annotations file.

A kernel with this change applied can still support the old annotations+configs model, the transition to the new model is not mandatory.

Basically without using `fakeroot debian/rules migrateconfigs` the updateconfigs step will continue to use the old model and the old scripts (that is the safest approach to avoid potential unexpected .config changes).

Revision history for this message
Ubuntu Kernel Bot (ubuntu-kernel-bot) wrote : Missing required logs.

This bug is missing log files that will aid in diagnosing the problem. While running an Ubuntu kernel (not a mainline or third-party kernel) please enter the following command in a terminal window:

apport-collect 2019000

and then change the status of the bug to 'Confirmed'.

If, due to the nature of the issue you have encountered, you are unable to run this command, please add a comment stating that fact and change the bug status to 'Confirmed'.

This change has been made by an automated script, maintained by the Ubuntu Kernel Team.

Changed in linux (Ubuntu):
status: New → Incomplete
Changed in linux (Ubuntu Focal):
status: New → Incomplete
Changed in linux (Ubuntu Jammy):
status: New → Incomplete
Changed in linux (Ubuntu Kinetic):
status: New → Incomplete
Andrea Righi (arighi)
description: updated
Stefan Bader (smb)
Changed in linux (Ubuntu):
status: Incomplete → Invalid
Changed in linux (Ubuntu Jammy):
importance: Undecided → Low
status: Incomplete → In Progress
Changed in linux (Ubuntu Focal):
importance: Undecided → Low
status: Incomplete → Confirmed
Changed in linux (Ubuntu Kinetic):
importance: Undecided → Low
status: Incomplete → Confirmed
Changed in linux (Ubuntu Focal):
status: Confirmed → Triaged
Stefan Bader (smb)
Changed in linux (Ubuntu Jammy):
status: In Progress → Fix Committed
Revision history for this message
Ubuntu Kernel Bot (ubuntu-kernel-bot) wrote :

This bug is awaiting verification that the linux/5.15.0-74.81 kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-jammy' to 'verification-done-jammy'. If the problem still exists, change the tag 'verification-needed-jammy' to 'verification-failed-jammy'.

If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you!

tags: added: kernel-spammed-jammy-linux verification-needed-jammy
Revision history for this message
Ubuntu Kernel Bot (ubuntu-kernel-bot) wrote :

This bug is awaiting verification that the linux-intel-iotg-5.15/5.15.0-1033.38~20.04.1 kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-focal' to 'verification-done-focal'. If the problem still exists, change the tag 'verification-needed-focal' to 'verification-failed-focal'.

If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you!

tags: added: kernel-spammed-focal-linux-intel-iotg-5.15 verification-needed-focal
Revision history for this message
Launchpad Janitor (janitor) wrote :
Download full text (40.5 KiB)

This bug was fixed in the package linux - 5.15.0-75.82

---------------
linux (5.15.0-75.82) jammy; urgency=medium

  * jammy/linux: 5.15.0-75.82 -proposed tracker (LP: #2023065)

  * Jammy update: v5.15.102 upstream stable release (LP: #2020393)
    - wifi: cfg80211: Partial revert "wifi: cfg80211: Fix use after free for wext"

  * Packaging resync (LP: #1786013)
    - [Packaging] resync git-ubuntu-log
    - [Packaging] resync getabis

  * fix typo in config-checks invocation (LP: #2020413)
    - [Packaging] fix typo when calling the old config-check
    - [Packaging] fix typo in 4-checks.mk

  * support python < 3.9 with annotations (LP: #2020531)
    - [Packaging] kconfig/annotations.py: support older way of merging dicts

linux (5.15.0-74.81) jammy; urgency=medium

  * jammy/linux: 5.15.0-74.81 -proposed tracker (LP: #2019420)

  * smartpqi: Update 22.04 driver to include recent bug fixes and support
    current generation devices (LP: #1998643)
    - scsi: smartpqi: Switch to attribute groups
    - scsi: smartpqi: Fix rmmod stack trace
    - scsi: smartpqi: Add PCI IDs
    - scsi: smartpqi: Enable SATA NCQ priority in sysfs
    - scsi: smartpqi: Eliminate drive spin down on warm boot
    - scsi: smartpqi: Quickly propagate path failures to SCSI midlayer
    - scsi: smartpqi: Fix a name typo and cleanup code
    - scsi: smartpqi: Fix a typo in func pqi_aio_submit_io()
    - scsi: smartpqi: Resolve delay issue with PQI_HZ value
    - scsi: smartpqi: Avoid drive spin-down during suspend
    - scsi: smartpqi: Update volume size after expansion
    - scsi: smartpqi: Speed up RAID 10 sequential reads
    - scsi: smartpqi: Expose SAS address for SATA drives
    - scsi: smartpqi: Fix NUMA node not updated during init
    - scsi: smartpqi: Fix BUILD_BUG_ON() statements
    - scsi: smartpqi: Fix hibernate and suspend
    - scsi: smartpqi: Fix lsscsi -t SAS addresses
    - scsi: smartpqi: Update version to 2.1.14-035
    - scsi: smartpqi: Fix unused variable pqi_pm_ops for clang
    - scsi: smartpqi: Stop using the SCSI pointer
    - scsi: smartpqi: Fix typo in comment
    - scsi: smartpqi: Shorten drive visibility after removal
    - scsi: smartpqi: Add controller fw version to console log
    - scsi: smartpqi: Add PCI IDs for ramaxel controllers
    - scsi: smartpqi: Close write read holes
    - scsi: smartpqi: Add driver support for multi-LUN devices
    - scsi: smartpqi: Fix PCI control linkdown system hang
    - scsi: smartpqi: Add PCI ID for Adaptec SmartHBA 2100-8i
    - scsi: smartpqi: Add PCI IDs for Lenovo controllers
    - scsi: smartpqi: Stop logging spurious PQI reset failures
    - scsi: smartpqi: Fix RAID map race condition
    - scsi: smartpqi: Add module param to disable managed ints
    - scsi: smartpqi: Update deleting a LUN via sysfs
    - scsi: smartpqi: Add ctrl ready timeout module parameter
    - scsi: smartpqi: Update copyright to current year
    - scsi: smartpqi: Update version to 2.1.18-045
    - scsi: smartpqi: Convert to host_tagset
    - scsi: smartpqi: Add new controller PCI IDs
    - scsi: smartpqi: Correct max LUN number
    - scsi: smartpqi: Change sysfs raid_level attribute to N/A for controllers
    - scsi: smar...

Changed in linux (Ubuntu Jammy):
status: Fix Committed → Fix Released
Revision history for this message
Ubuntu Kernel Bot (ubuntu-kernel-bot) wrote :

This bug is awaiting verification that the linux-nvidia-tegra/5.15.0-1015.15 kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-jammy' to 'verification-done-jammy'. If the problem still exists, change the tag 'verification-needed-jammy' to 'verification-failed-jammy'.

If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you!

tags: added: kernel-spammed-jammy-linux-nvidia-tegra
Revision history for this message
Ubuntu Kernel Bot (ubuntu-kernel-bot) wrote :

This bug is awaiting verification that the linux-nvidia-tegra-igx/5.15.0-1001.1 kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-jammy' to 'verification-done-jammy'. If the problem still exists, change the tag 'verification-needed-jammy' to 'verification-failed-jammy'.

If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you!

tags: added: kernel-spammed-jammy-linux-nvidia-tegra-igx
Changed in linux-gcp (Ubuntu Jammy):
status: New → Fix Committed
Changed in linux-gcp (Ubuntu Kinetic):
status: New → Invalid
Changed in linux-gcp (Ubuntu Jammy):
assignee: nobody → Thadeu Lima de Souza Cascardo (cascardo)
Changed in linux-gcp (Ubuntu Kinetic):
assignee: nobody → Thadeu Lima de Souza Cascardo (cascardo)
Changed in linux-gcp (Ubuntu Jammy):
importance: Undecided → Medium
Revision history for this message
Ubuntu Kernel Bot (ubuntu-kernel-bot) wrote :

This bug is awaiting verification that the linux-gcp/5.15.0-1039.47 kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-jammy' to 'verification-done-jammy'. If the problem still exists, change the tag 'verification-needed-jammy' to 'verification-failed-jammy'.

If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you!

tags: added: kernel-spammed-jammy-linux-gcp
Revision history for this message
Ubuntu Kernel Bot (ubuntu-kernel-bot) wrote :

This bug is awaiting verification that the linux-azure/5.15.0-1043.50 kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-jammy' to 'verification-done-jammy'. If the problem still exists, change the tag 'verification-needed-jammy' to 'verification-failed-jammy'.

If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you!

tags: added: kernel-spammed-jammy-linux-azure
Revision history for this message
Ubuntu Kernel Bot (ubuntu-kernel-bot) wrote :

This bug is awaiting verification that the linux-aws/5.15.0-1041.46 kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-jammy' to 'verification-done-jammy'. If the problem still exists, change the tag 'verification-needed-jammy' to 'verification-failed-jammy'.

If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you!

tags: added: kernel-spammed-jammy-linux-aws
tags: added: verification-done-jammy
removed: verification-needed-jammy
Revision history for this message
Launchpad Janitor (janitor) wrote :
Download full text (84.4 KiB)

This bug was fixed in the package linux-gcp - 5.15.0-1039.47

---------------
linux-gcp (5.15.0-1039.47) jammy; urgency=medium

  * jammy/linux-gcp: 5.15.0-1039.47 -proposed tracker (LP: #2026499)

  * Encountering an issue with memcpy_fromio causing failed boot of SEV-enabled
    guest (LP: #2020319)
    - Revert "x86/sev: Unroll string mmio with CC_ATTR_GUEST_UNROLL_STRING_IO"
    - x86/sev: Unroll string mmio with CC_ATTR_GUEST_UNROLL_STRING_IO

  * Jammy update: v5.15.107 upstream stable release (LP: #2023320)
    - [Config] updateconfigs for ns module merger
    - [Config] updateconfigs for Intel skl_int3472 driver split

  * Jammy update: v5.15.105 upstream stable release (LP: #2023230)
    - [Config] updateconfigs for SERIAL_8250_ASPEED_VUART

  * Use new annotations model (LP: #2019000)
    - [Config]: Derive config from primary kernel

  [ Ubuntu: 5.15.0-79.86 ]

  * jammy/linux: 5.15.0-79.86 -proposed tracker (LP: #2026531)
  * Jammy update: v5.15.111 upstream stable release (LP: #2025095)
    - ASOC: Intel: sof_sdw: add quirk for Intel 'Rooks County' NUC M15
    - ASoC: soc-pcm: fix hw->formats cleared by soc_pcm_hw_init() for dpcm
    - x86/hyperv: Block root partition functionality in a Confidential VM
    - iio: adc: palmas_gpadc: fix NULL dereference on rmmod
    - ASoC: Intel: bytcr_rt5640: Add quirk for the Acer Iconia One 7 B1-750
    - selftests mount: Fix mount_setattr_test builds failed
    - asm-generic/io.h: suppress endianness warnings for readq() and writeq()
    - x86/cpu: Add model number for Intel Arrow Lake processor
    - wireguard: timers: cast enum limits members to int in prints
    - wifi: mt76: mt7921e: Set memory space enable in PCI_COMMAND if unset
    - arm64: Always load shadow stack pointer directly from the task struct
    - arm64: Stash shadow stack pointer in the task struct on interrupt
    - PCI: pciehp: Fix AB-BA deadlock between reset_lock and device_lock
    - PCI: qcom: Fix the incorrect register usage in v2.7.0 config
    - IMA: allow/fix UML builds
    - USB: dwc3: fix runtime pm imbalance on probe errors
    - USB: dwc3: fix runtime pm imbalance on unbind
    - hwmon: (k10temp) Check range scale when CUR_TEMP register is read-write
    - hwmon: (adt7475) Use device_property APIs when configuring polarity
    - posix-cpu-timers: Implement the missing timer_wait_running callback
    - blk-mq: release crypto keyslot before reporting I/O complete
    - blk-crypto: make blk_crypto_evict_key() return void
    - blk-crypto: make blk_crypto_evict_key() more robust
    - ext4: use ext4_journal_start/stop for fast commit transactions
    - staging: iio: resolver: ads1210: fix config mode
    - tty: Prevent writing chars during tcsetattr TCSADRAIN/FLUSH
    - xhci: fix debugfs register accesses while suspended
    - tick/nohz: Fix cpu_is_hotpluggable() by checking with nohz subsystem
    - MIPS: fw: Allow firmware to pass a empty env
    - ipmi:ssif: Add send_retries increment
    - ipmi: fix SSIF not responding under certain cond.
    - kheaders: Use array declaration instead of char
    - wifi: mt76: add missing locking to protect against concurrent rx/status
      calls
    - pwm: meson: Fix axg ao ...

Changed in linux-gcp (Ubuntu Jammy):
status: Fix Committed → Fix Released
Revision history for this message
Ubuntu Kernel Bot (ubuntu-kernel-bot) wrote :

This bug is awaiting verification that the linux-lowlatency-hwe-5.15/5.15.0-83.92~20.04.1 kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-focal-linux-lowlatency-hwe-5.15' to 'verification-done-focal-linux-lowlatency-hwe-5.15'. If the problem still exists, change the tag 'verification-needed-focal-linux-lowlatency-hwe-5.15' to 'verification-failed-focal-linux-lowlatency-hwe-5.15'.

If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you!

tags: added: kernel-spammed-focal-linux-lowlatency-hwe-5.15-v2 verification-needed-focal-linux-lowlatency-hwe-5.15
Revision history for this message
Ubuntu Kernel Bot (ubuntu-kernel-bot) wrote :

This bug is awaiting verification that the linux-kvm/5.15.0-1041.46 kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-jammy-linux-kvm' to 'verification-done-jammy-linux-kvm'. If the problem still exists, change the tag 'verification-needed-jammy-linux-kvm' to 'verification-failed-jammy-linux-kvm'.

If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you!

tags: added: kernel-spammed-jammy-linux-kvm-v2 verification-needed-jammy-linux-kvm
Revision history for this message
Stefan Bader (smb) wrote (last edit ):

The conversion on focal:linux-lowlatency-hwe-5.15 was done and I had verified that generated configs before and after did match.

tags: added: verification-done-focal-linux-lowlatency-hwe-5.15
removed: verification-needed-focal-linux-lowlatency-hwe-5.15
Revision history for this message
Ubuntu Kernel Bot (ubuntu-kernel-bot) wrote :

This bug is awaiting verification that the linux-aws-5.15/5.15.0-1046.51~20.04.1 kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-focal-linux-aws-5.15' to 'verification-done-focal-linux-aws-5.15'. If the problem still exists, change the tag 'verification-needed-focal-linux-aws-5.15' to 'verification-failed-focal-linux-aws-5.15'.

If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you!

tags: added: kernel-spammed-focal-linux-aws-5.15-v2 verification-needed-focal-linux-aws-5.15
Changed in linux (Ubuntu Focal):
status: Triaged → In Progress
assignee: nobody → Roxana Nicolescu (roxanan)
importance: Low → Medium
Changed in linux (Ubuntu Focal):
status: In Progress → Fix Committed
Revision history for this message
Ubuntu Kernel Bot (ubuntu-kernel-bot) wrote :

This bug is awaiting verification that the linux/5.4.0-166.183 kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-focal-linux' to 'verification-done-focal-linux'. If the problem still exists, change the tag 'verification-needed-focal-linux' to 'verification-failed-focal-linux'.

If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you!

tags: added: kernel-spammed-focal-linux-v2 verification-needed-focal-linux
Thibf (thibf)
Changed in linux-kvm (Ubuntu Kinetic):
status: New → Invalid
Changed in linux-kvm (Ubuntu Focal):
status: New → Fix Committed
assignee: nobody → Thibf (thibf)
tags: added: verification-done-focal-linux
removed: verification-needed-focal-linux
Revision history for this message
Ubuntu Kernel Bot (ubuntu-kernel-bot) wrote :

This bug is awaiting verification that the linux-gke/5.15.0-1046.51 kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-jammy-linux-gke' to 'verification-done-jammy-linux-gke'. If the problem still exists, change the tag 'verification-needed-jammy-linux-gke' to 'verification-failed-jammy-linux-gke'.

If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you!

tags: added: kernel-spammed-jammy-linux-gke-v2 verification-needed-jammy-linux-gke
Revision history for this message
Launchpad Janitor (janitor) wrote :
Download full text (26.1 KiB)

This bug was fixed in the package linux - 5.4.0-166.183

---------------
linux (5.4.0-166.183) focal; urgency=medium

  * focal/linux: 5.4.0-166.183 -proposed tracker (LP: #2038010)

  * Use new annotations model (LP: #2019000)
    - [Packaging] new annotations model infrastructure
    - [Packaging] config-check: Handle new annotations format 4
    - [Packaging] rules: Use old-kernelconfig for old configs
    - [Config] sanitize annotations
    - [Config] import generated configs into annotation file
    - [Packaging] kernelconfig: add i386 as supported arch
    - [Config] Remove all old configs files

  * Packaging resync (LP: #1786013)
    - [Packaging] update helper scripts
    - [Packaging] update annotations scripts

  * fix typo in config-checks invocation (LP: #2020413)
    - [Packaging] fix typo when calling the old config-check
    - [Packaging] fix typo in 4-checks.mk

  * support python < 3.9 with annotations (LP: #2020531)
    - [Packaging] kconfig/annotations.py: support older way of merging dicts

  * CVE-2023-42756
    - netfilter: ipset: Fix race between IPSET_CMD_CREATE and IPSET_CMD_SWAP

  * CVE-2023-4623
    - net/sched: sch_hfsc: Ensure inner classes have fsc curve

  * Focal update: v5.4.252 upstream stable release (LP: #2036240)
    - ia64/cpu: Switch to arch_cpu_finalize_init()
    - m68k/cpu: Switch to arch_cpu_finalize_init()
    - mips/cpu: Switch to arch_cpu_finalize_init()
    - sh/cpu: Switch to arch_cpu_finalize_init()
    - x86/cpufeatures: Add SEV-ES CPU feature
    - x86/cpu: Add VM page flush MSR availablility as a CPUID feature
    - x86/cpufeatures: Assign dedicated feature word for CPUID_0x8000001F[EAX]
    - tools headers cpufeatures: Sync with the kernel sources
    - x86/cpu, kvm: Add support for CPUID_80000021_EAX
    - Linux 5.4.252
    - Upstream stable to v5.4.252

  * CVE-2023-42755
    - net/sched: Retire rsvp classifier
    - [Config] remove NET_CLS_RSVP and NET_CLS_RSVP6

  * CVE-2023-42753
    - netfilter: ipset: add the missing IP_SET_HASH_WITH_NET0 macro for
      ip_set_hash_netportnet.c

  * CVE-2023-34319
    - xen/netback: Fix buffer overrun triggered by unusual packet

  * CVE-2023-4921
    - net: sched: sch_qfq: Fix UAF in qfq_dequeue()

  * CVE-2023-42752
    - igmp: limit igmpv3_newpack() packet size to IP_MAX_MTU

  * Avoid address overwrite in kernel_connect (LP: #2035163)
    - net: Avoid address overwrite in kernel_connect

  * [regression] Unable to initialize SGX enclaves with XFRM other than 3
    (LP: #2034745)
    - x86/fpu: Set X86_FEATURE_OSXSAVE feature after enabling OSXSAVE in CR4

  * CVE-2023-4881
    - netfilter: nftables: exthdr: fix 4-byte stack OOB write

  * CVE-2023-4622
    - af_unix: Fix null-ptr-deref in unix_stream_sendpage().

  * Focal update: v5.4.251 upstream stable release (LP: #2034918)
    - x86/smp: Use dedicated cache-line for mwait_play_dead()
    - video: imsttfb: check for ioremap() failures
    - fbdev: imsttfb: Fix use after free bug in imsttfb_probe
    - HID: wacom: Use ktime_t rather than int when dealing with timestamps
    - drm/i915: Initialise outparam for error return from wait_for_register
    - scripts/tags.sh: Resolve gtags empty ind...

Changed in linux (Ubuntu Focal):
status: Fix Committed → Fix Released
Revision history for this message
Launchpad Janitor (janitor) wrote :
Download full text (26.3 KiB)

This bug was fixed in the package linux-gcp - 5.4.0-1117.126

---------------
linux-gcp (5.4.0-1117.126) focal; urgency=medium

  * focal/linux-gcp: 5.4.0-1117.126 -proposed tracker (LP: #2037988)

  * Use new annotations model (LP: #2019000)
    - [Config]: migrate to annotations-only configuration

  [ Ubuntu: 5.4.0-166.183 ]

  * focal/linux: 5.4.0-166.183 -proposed tracker (LP: #2038010)
  * Use new annotations model (LP: #2019000)
    - [Packaging] new annotations model infrastructure
    - [Packaging] config-check: Handle new annotations format 4
    - [Packaging] rules: Use old-kernelconfig for old configs
    - [Config] sanitize annotations
    - [Config] import generated configs into annotation file
    - [Packaging] kernelconfig: add i386 as supported arch
    - [Config] Remove all old configs files
  * Packaging resync (LP: #1786013)
    - [Packaging] update helper scripts
    - [Packaging] update annotations scripts
  * fix typo in config-checks invocation (LP: #2020413)
    - [Packaging] fix typo when calling the old config-check
    - [Packaging] fix typo in 4-checks.mk
  * support python < 3.9 with annotations (LP: #2020531)
    - [Packaging] kconfig/annotations.py: support older way of merging dicts
  * CVE-2023-42756
    - netfilter: ipset: Fix race between IPSET_CMD_CREATE and IPSET_CMD_SWAP
  * CVE-2023-4623
    - net/sched: sch_hfsc: Ensure inner classes have fsc curve
  * Focal update: v5.4.252 upstream stable release (LP: #2036240)
    - ia64/cpu: Switch to arch_cpu_finalize_init()
    - m68k/cpu: Switch to arch_cpu_finalize_init()
    - mips/cpu: Switch to arch_cpu_finalize_init()
    - sh/cpu: Switch to arch_cpu_finalize_init()
    - x86/cpufeatures: Add SEV-ES CPU feature
    - x86/cpu: Add VM page flush MSR availablility as a CPUID feature
    - x86/cpufeatures: Assign dedicated feature word for CPUID_0x8000001F[EAX]
    - tools headers cpufeatures: Sync with the kernel sources
    - x86/cpu, kvm: Add support for CPUID_80000021_EAX
    - Linux 5.4.252
    - Upstream stable to v5.4.252
  * CVE-2023-42755
    - net/sched: Retire rsvp classifier
    - [Config] remove NET_CLS_RSVP and NET_CLS_RSVP6
  * CVE-2023-42753
    - netfilter: ipset: add the missing IP_SET_HASH_WITH_NET0 macro for
      ip_set_hash_netportnet.c
  * CVE-2023-34319
    - xen/netback: Fix buffer overrun triggered by unusual packet
  * CVE-2023-4921
    - net: sched: sch_qfq: Fix UAF in qfq_dequeue()
  * CVE-2023-42752
    - igmp: limit igmpv3_newpack() packet size to IP_MAX_MTU
  * Avoid address overwrite in kernel_connect (LP: #2035163)
    - net: Avoid address overwrite in kernel_connect
  * [regression] Unable to initialize SGX enclaves with XFRM other than 3
    (LP: #2034745)
    - x86/fpu: Set X86_FEATURE_OSXSAVE feature after enabling OSXSAVE in CR4
  * CVE-2023-4881
    - netfilter: nftables: exthdr: fix 4-byte stack OOB write
  * CVE-2023-4622
    - af_unix: Fix null-ptr-deref in unix_stream_sendpage().
  * Focal update: v5.4.251 upstream stable release (LP: #2034918)
    - x86/smp: Use dedicated cache-line for mwait_play_dead()
    - video: imsttfb: check for ioremap() failures
    - fbdev: imsttfb: Fix use after free bug in imsttfb_probe
 ...

Changed in linux-gcp (Ubuntu Focal):
status: New → Fix Released
Revision history for this message
Launchpad Janitor (janitor) wrote :
Download full text (26.4 KiB)

This bug was fixed in the package linux-kvm - 5.4.0-1102.108

---------------
linux-kvm (5.4.0-1102.108) focal; urgency=medium

  * focal/linux-kvm: 5.4.0-1102.108 -proposed tracker (LP: #2038000)

  * Use new annotations model (LP: #2019000)
    - [Config] kvm: sanitize annotations
    - [Config] kvm: Remove all old configs files and migrate to new format

  [ Ubuntu: 5.4.0-166.183 ]

  * focal/linux: 5.4.0-166.183 -proposed tracker (LP: #2038010)
  * Use new annotations model (LP: #2019000)
    - [Packaging] new annotations model infrastructure
    - [Packaging] config-check: Handle new annotations format 4
    - [Packaging] rules: Use old-kernelconfig for old configs
    - [Config] sanitize annotations
    - [Config] import generated configs into annotation file
    - [Packaging] kernelconfig: add i386 as supported arch
    - [Config] Remove all old configs files
  * Packaging resync (LP: #1786013)
    - [Packaging] update helper scripts
    - [Packaging] update annotations scripts
  * fix typo in config-checks invocation (LP: #2020413)
    - [Packaging] fix typo when calling the old config-check
    - [Packaging] fix typo in 4-checks.mk
  * support python < 3.9 with annotations (LP: #2020531)
    - [Packaging] kconfig/annotations.py: support older way of merging dicts
  * CVE-2023-42756
    - netfilter: ipset: Fix race between IPSET_CMD_CREATE and IPSET_CMD_SWAP
  * CVE-2023-4623
    - net/sched: sch_hfsc: Ensure inner classes have fsc curve
  * Focal update: v5.4.252 upstream stable release (LP: #2036240)
    - ia64/cpu: Switch to arch_cpu_finalize_init()
    - m68k/cpu: Switch to arch_cpu_finalize_init()
    - mips/cpu: Switch to arch_cpu_finalize_init()
    - sh/cpu: Switch to arch_cpu_finalize_init()
    - x86/cpufeatures: Add SEV-ES CPU feature
    - x86/cpu: Add VM page flush MSR availablility as a CPUID feature
    - x86/cpufeatures: Assign dedicated feature word for CPUID_0x8000001F[EAX]
    - tools headers cpufeatures: Sync with the kernel sources
    - x86/cpu, kvm: Add support for CPUID_80000021_EAX
    - Linux 5.4.252
    - Upstream stable to v5.4.252
  * CVE-2023-42755
    - net/sched: Retire rsvp classifier
    - [Config] remove NET_CLS_RSVP and NET_CLS_RSVP6
  * CVE-2023-42753
    - netfilter: ipset: add the missing IP_SET_HASH_WITH_NET0 macro for
      ip_set_hash_netportnet.c
  * CVE-2023-34319
    - xen/netback: Fix buffer overrun triggered by unusual packet
  * CVE-2023-4921
    - net: sched: sch_qfq: Fix UAF in qfq_dequeue()
  * CVE-2023-42752
    - igmp: limit igmpv3_newpack() packet size to IP_MAX_MTU
  * Avoid address overwrite in kernel_connect (LP: #2035163)
    - net: Avoid address overwrite in kernel_connect
  * [regression] Unable to initialize SGX enclaves with XFRM other than 3
    (LP: #2034745)
    - x86/fpu: Set X86_FEATURE_OSXSAVE feature after enabling OSXSAVE in CR4
  * CVE-2023-4881
    - netfilter: nftables: exthdr: fix 4-byte stack OOB write
  * CVE-2023-4622
    - af_unix: Fix null-ptr-deref in unix_stream_sendpage().
  * Focal update: v5.4.251 upstream stable release (LP: #2034918)
    - x86/smp: Use dedicated cache-line for mwait_play_dead()
    - video: imsttfb: check for ioremap() failures
    -...

Changed in linux-kvm (Ubuntu Focal):
status: Fix Committed → Fix Released
Revision history for this message
Ubuntu Kernel Bot (ubuntu-kernel-bot) wrote :

This bug is awaiting verification that the linux-iot/5.4.0-1025.26 kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-focal-linux-iot' to 'verification-done-focal-linux-iot'. If the problem still exists, change the tag 'verification-needed-focal-linux-iot' to 'verification-failed-focal-linux-iot'.

If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you!

tags: added: kernel-spammed-focal-linux-iot-v2 verification-needed-focal-linux-iot
Revision history for this message
Ubuntu Kernel Bot (ubuntu-kernel-bot) wrote :

This bug is awaiting verification that the linux-raspi-5.4/5.4.0-1098.110~18.04.2 kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-bionic-linux-raspi-5.4' to 'verification-done-bionic-linux-raspi-5.4'. If the problem still exists, change the tag 'verification-needed-bionic-linux-raspi-5.4' to 'verification-failed-bionic-linux-raspi-5.4'.

If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you!

tags: added: kernel-spammed-bionic-linux-raspi-5.4-v2 verification-needed-bionic-linux-raspi-5.4
Revision history for this message
Ubuntu Kernel Bot (ubuntu-kernel-bot) wrote :

This bug is awaiting verification that the linux-aws/5.4.0-1115.125 kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-focal-linux-aws' to 'verification-done-focal-linux-aws'. If the problem still exists, change the tag 'verification-needed-focal-linux-aws' to 'verification-failed-focal-linux-aws'.

If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you!

tags: added: kernel-spammed-focal-linux-aws-v2 verification-needed-focal-linux-aws
Revision history for this message
Ubuntu Kernel Bot (ubuntu-kernel-bot) wrote :

This bug is awaiting verification that the linux-gkeop/5.15.0-1034.40 kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-jammy-linux-gkeop' to 'verification-done-jammy-linux-gkeop'. If the problem still exists, change the tag 'verification-needed-jammy-linux-gkeop' to 'verification-failed-jammy-linux-gkeop'.

If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you!

tags: added: kernel-spammed-jammy-linux-gkeop-v2 verification-needed-jammy-linux-gkeop
Revision history for this message
Ubuntu Kernel Bot (ubuntu-kernel-bot) wrote :

This bug is awaiting verification that the linux-aws-fips/5.4.0-1116.126+fips1 kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-focal-linux-aws-fips' to 'verification-done-focal-linux-aws-fips'. If the problem still exists, change the tag 'verification-needed-focal-linux-aws-fips' to 'verification-failed-focal-linux-aws-fips'.

If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you!

tags: added: kernel-spammed-focal-linux-aws-fips-v2 verification-needed-focal-linux-aws-fips
Revision history for this message
Ubuntu Kernel Bot (ubuntu-kernel-bot) wrote :

This bug is awaiting verification that the linux-mtk/5.15.0-1030.34 kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-jammy-linux-mtk' to 'verification-done-jammy-linux-mtk'. If the problem still exists, change the tag 'verification-needed-jammy-linux-mtk' to 'verification-failed-jammy-linux-mtk'.

If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you!

tags: added: kernel-spammed-jammy-linux-mtk-v2 verification-needed-jammy-linux-mtk
Revision history for this message
Brian Murray (brian-murray) wrote :

Ubuntu 22.10 (Kinetic Kudu) has reached end of life, so this bug will not be fixed for that specific release.

Changed in linux (Ubuntu Kinetic):
status: Confirmed → Won't Fix
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.