This bug was fixed in the package linux - 4.18.0-18.19
---------------
linux (4.18.0-18.19) cosmic; urgency=medium
* linux: 4.18.0-18.19 -proposed tracker (LP: #1822796)
* Packaging resync (LP: #1786013)
- [Packaging] update helper scripts
- [Packaging] resync retpoline extraction
* 3b080b2564287be91605bfd1d5ee985696e61d3c in ubuntu_btrfs_kernel_fixes
triggers system hang on i386 (LP: #1812845)
- btrfs: raid56: properly unmap parity page in finish_parity_scrub()
* [SRU][B/C/OEM]IOMMU: add kernel dma protection (LP: #1820153)
- ACPI / property: Allow multiple property compatible _DSD entries
- PCI / ACPI: Identify untrusted PCI devices
- iommu/vt-d: Force IOMMU on for platform opt in hint
- iommu/vt-d: Do not enable ATS for untrusted devices
- thunderbolt: Export IOMMU based DMA protection support to userspace
- iommu/vt-d: Disable ATS support on untrusted devices
* Huawei Hi1822 NIC has poor performance (LP: #1820187)
- net-next: hinic: fix a problem in free_tx_poll()
- hinic: remove ndo_poll_controller
- net-next/hinic: add checksum offload and TSO support
- hinic: Fix l4_type parameter in hinic_task_set_tunnel_l4
- net-next/hinic:replace multiply and division operators
- net-next/hinic:add rx checksum offload for HiNIC
- net-next/hinic:fix a bug in set mac address
- net-next/hinic: fix a bug in rx data flow
- net: hinic: fix null pointer dereference on pointer hwdev
- hinic: optmize rx refill buffer mechanism
- net-next/hinic:add shutdown callback
- net-next/hinic: replace disable_irq_nosync/enable_irq
* [CONFIG] please enable highdpi font FONT_TER16x32 (LP: #1819881)
- Fonts: New Terminus large console font
- [Config]: enable highdpi Terminus 16x32 font support
* [19.04 FEAT] qeth: Enhanced link speed - kernel part (LP: #1814892)
- s390/qeth: report 25Gbit link speed
* Avoid potential memory corruption on HiSilicon SoCs (LP: #1819546)
- iommu/arm-smmu-v3: Avoid memory corruption from Hisilicon MSI payloads
* CVE-2017-5715
- x86/speculation: Apply IBPB more strictly to avoid cross-process data leak
- x86/speculation: Propagate information about RSB filling mitigation to
sysfs
- x86/speculation: Add RETPOLINE_AMD support to the inline asm CALL_NOSPEC
variant
- x86/retpoline: Make CONFIG_RETPOLINE depend on compiler support
- x86/retpoline: Remove minimal retpoline support
- x86/speculation: Update the TIF_SSBD comment
- x86/speculation: Clean up spectre_v2_parse_cmdline()
- x86/speculation: Remove unnecessary ret variable in cpu_show_common()
- x86/speculation: Move STIPB/IBPB string conditionals out of
cpu_show_common()
- x86/speculation: Disable STIBP when enhanced IBRS is in use
- x86/speculation: Rename SSBD update functions
- x86/speculation: Reorganize speculation control MSRs update
- sched/smt: Make sched_smt_present track topology
- x86/Kconfig: Select SCHED_SMT if SMP enabled
- sched/smt: Expose sched_smt_present static key
- x86/speculation: Rework SMT state change
- x86/l1tf: Show actual SMT state
- x86/speculation: Reorder the spec_v2 code
- x86/speculation: Mark string arrays const correctly
- x86/speculataion: Mark command line parser data __initdata
- x86/speculation: Unify conditional spectre v2 print functions
- x86/speculation: Add command line control for indirect branch speculation
- x86/speculation: Prepare for per task indirect branch speculation control
- x86/process: Consolidate and simplify switch_to_xtra() code
- x86/speculation: Avoid __switch_to_xtra() calls
- x86/speculation: Prepare for conditional IBPB in switch_mm()
- ptrace: Remove unused ptrace_may_access_sched() and MODE_IBRS
- x86/speculation: Split out TIF update
- x86/speculation: Prevent stale SPEC_CTRL msr content
- x86/speculation: Prepare arch_smt_update() for PRCTL mode
- x86/speculation: Add prctl() control for indirect branch speculation
- x86/speculation: Enable prctl mode for spectre_v2_user
- x86/speculation: Add seccomp Spectre v2 user space protection mode
- x86/speculation: Provide IBPB always command line options
- kvm: svm: Ensure an IBPB on all affected CPUs when freeing a vmcb
- x86/speculation: Change misspelled STIPB to STIBP
- x86/speculation: Add support for STIBP always-on preferred mode
- x86, modpost: Replace last remnants of RETPOLINE with CONFIG_RETPOLINE
* [Ubuntu] vfio-ap: add subsystem to matrix device to avoid libudev failures
(LP: #1818854)
- s390: vfio_ap: link the vfio_ap devices to the vfio_ap bus subsystem
* Kernel regularly logs: Bluetooth: hci0: last event is not cmd complete
(0x0f) (LP: #1748565)
- Bluetooth: Fix unnecessary error message for HCI request completion
* HiSilicon HNS ethernet broken in 4.15.0-45 (LP: #1818294)
- net: hns: Fix WARNING when hns modules installed
* Lenovo ideapad 330-15ICH Wifi rfkill hard blocked (LP: #1811815)
- platform/x86: ideapad: Add ideapad 330-15ICH to no_hw_rfkill
* Qualcomm Atheros QCA9377 wireless does not work (LP: #1818204)
- platform/x86: ideapad-laptop: Add Ideapad 530S-14ARR to no_hw_rfkill list
* fscache: jobs might hang when fscache disk is full (LP: #1821395)
- fscache: fix race between enablement and dropping of object
* hns3: fix oops in hns3_clean_rx_ring() (LP: #1821064)
- net: hns3: add dma_rmb() for rx description
* tcm_loop.ko: move from modules-extra into main modules package
(LP: #1817786)
- [Packaging] move tcm_loop.lo to main linux-modules package
* tcmu user space crash results in kernel module hang. (LP: #1819504)
- scsi: tcmu: delete unused __wait
- scsi: tcmu: track nl commands
- scsi: tcmu: simplify nl interface
- scsi: tcmu: add module wide block/reset_netlink support
* Intel XL710 - i40e driver does not work with kernel 4.15 (Ubuntu 18.04)
(LP: #1779756)
- i40e: prevent overlapping tx_timeout recover
* some codecs stop working after S3 (LP: #1820930)
- ALSA: hda - Enforces runtime_resume after S3 and S4 for each codec
* 4.15 s390x kernel BUG at /build/linux-
Gycr4Z/linux-4.15.0/drivers/block/virtio_blk.c:565! (LP: #1788432)
- virtio/s390: avoid race on vcdev->config
- virtio/s390: fix race in ccw_io_helper()
* [SRU][B/B-OEM/C/D] Fix AMD IOMMU NULL dereference (LP: #1820990)
- iommu/amd: Fix NULL dereference bug in match_hid_uid
* New Intel Wireless-AC 9260 [8086:2526] card not correctly probed in Ubuntu
system (LP: #1821271)
- iwlwifi: add new card for 9260 series
* Add support for MAC address pass through on RTL8153-BD (LP: #1821276)
- r8152: Add support for MAC address pass through on RTL8153-BD
- r8152: Fix an error on RTL8153-BD MAC Address Passthrough support
-- Kleber Sacilotto de Souza <[email protected]> Tue, 02 Apr
2019 18:06:12 +0200
** Changed in: linux (Ubuntu Cosmic)
Status: Fix Committed => Fix Released
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2017-5715
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1788432
Title:
4.15 s390x kernel BUG at /build/linux-
Gycr4Z/linux-4.15.0/drivers/block/virtio_blk.c:565!
Status in Ubuntu on IBM z Systems:
Fix Committed
Status in linux package in Ubuntu:
Fix Released
Status in linux source package in Bionic:
Fix Committed
Status in linux source package in Cosmic:
Fix Released
Bug description:
[SRU Justification]
== Impact ==
Several helper functions in the s390x code which handle accessing sysfs
attributes were missing protection against races. Concurrent access would be
able to trigger kernel bugs.
== Fix ==
The following two upstream commits (from v5.0 upstream) will fix the issue:
78b1a52e05c9 virtio/s390: fix race in ccw_io_helper()
2448a299ec41 virtio/s390: avoid race on vcdev->config
== Testcase ==
see below
== Risk of Regression ==
Changes are isolated to architecture code and are verified by running the
stress testing, so overall should be low.
uname -a
Linux ckingvm1 4.15.0-33-generic #36-Ubuntu SMP Wed Aug 15 13:42:17 UTC 2018
s390x s390x s390x GNU/Linux
and same for 4.15.0-29-generic and 4.17.0-8-generic
Steps to reproduce this bug:
git clone git://kernel.ubuntu.com/cking/stress-ng
cd stress-ng
make clean
make
And run with:
./stress-ng --sysfs 0 -t 60
.. wait a few seconds and then:
[ 119.445891] ------------[ cut here ]------------
[ 119.445898] kernel BUG at
/build/linux-Gycr4Z/linux-4.15.0/drivers/block/virtio_blk.c:565!
[ 119.446093] illegal operation: 0001 ilc:1 [#3] SMP
[ 119.446100] Modules linked in: binfmt_misc zfs(PO) zunicode(PO) zavl(PO)
icp(PO) isofs zcommon(PO) znvpair(PO) spl(O) ghash_s390 prng aes_s390 des_s390
des_generic vfio_ccw sha512_s390 sha256_s390 vfio_mdev sha1_s390 sha_common
mdev vfio_iommu_type1 vfio sch_fq_codel ib_iser rdma_cm iw_cm ib_cm ib_core
iscsi_tcp libiscsi_tcp libiscsi scsi_transport_iscsi nfsd auth_rpcgss nfs_acl
lockd grace sunrpc ip_tables x_tables btrfs zstd_compress zlib_deflate raid10
raid456 async_raid6_recov async_memcpy async_pq async_xor async_tx xor raid6_pq
libcrc32c raid1 raid0 linear virtio_net crc32_vx_s390 virtio_blk
[ 119.446166] CPU: 1 PID: 5420 Comm: stress-ng-sysfs Tainted: P D O
4.15.0-33-generic #36-Ubuntu
[ 119.446168] Hardware name: IBM 2964 N63 400 (KVM/Linux)
[ 119.446170] Krnl PSW : 0000000012d313d3 00000000405835bc
(virtblk_cache_type_show+0x82/0x88 [virtio_blk])
[ 119.446177] R:0 T:1 IO:1 EX:1 Key:0 M:1 W:0 P:0 AS:3 CC:2 PM:0
RI:0 EA:3
[ 119.446194] Krnl GPRS: de6dc5c2779af7d7 000000007ffaba20 0000000000000040
0000000000006545
[ 119.446196] 000003ff800058da 0000000000006546 000000006bf537c0
000000006b60a100
[ 119.446198] 0000000000000000 0000000000690648 000000007cc3de40
000000007a74b000
[ 119.446202] 000003ff80008210 0000000000000000 000003ff800058da
000000007ac1bce8
[ 119.446210] Krnl Code: 000003ff80005912: ebbff0a80004 lmg
%r11,%r15,168(%r15)
[ 119.446210] 000003ff80005918: c0f400000560 brcl
15,3ff800063d8
[ 119.446210] #000003ff8000591e: a7f40001 brc
15,3ff80005920
[ 119.446210] >000003ff80005922: 0707 bcr 0,%r7
[ 119.446210] 000003ff80005924: 0707 bcr 0,%r7
[ 119.446210] 000003ff80005926: 0707 bcr 0,%r7
[ 119.446210] 000003ff80005928: c00400000000 brcl
0,3ff80005928
[ 119.446210] 000003ff8000592e: eb6ff0480024 stmg
%r6,%r15,72(%r15)
[ 119.446226] Call Trace:
[ 119.446229] ([<000003ff800058da>] virtblk_cache_type_show+0x3a/0x88
[virtio_blk])
[ 119.446234] [<0000000000690684>] dev_attr_show+0x3c/0x80
[ 119.446240] [<0000000000424ab4>] sysfs_kf_seq_show+0xbc/0x1a8
[ 119.446259] [<00000000003b048c>] seq_read+0xec/0x4c8
[ 119.446262] [<00000000003821ea>] vfs_read+0x8a/0x150
[ 119.446274] [<0000000000382786>] SyS_read+0x66/0xe0
[ 119.446278] [<00000000008e3028>] system_call+0xdc/0x2c8
[ 119.446279] Last Breaking-Event-Address:
[ 119.446281] [<000003ff8000591e>] virtblk_cache_type_show+0x7e/0x88
[virtio_blk]
[ 119.446283]
[ 119.446284] ---[ end trace 2c2403d726047e4a ]---
For 4.17.0-8-generic:
[ 25.170715] kernel BUG at drivers/block/virtio_blk.c:574!
[ 25.170795] illegal operation: 0001 ilc:1 [#1] SMP
[ 25.170797] Modules linked in: lttng_statedump(OE) lttng_clock(OE)
lttng_lib_ring_buffer(OE) binfmt_misc zfs(PO) zunicode(PO) zavl(PO) icp(PO)
isofs zcommon(PO) znvpair(PO) spl(O) ghash_s390 prng aes_s390 des_s390
des_generic sha512_s390 sha256_s390 sha1_s390 sha_common vfio_ccw vfio_mdev
mdev vfio_iommu_type1 vfio sch_fq_codel ib_iser rdma_cm iw_cm ib_cm nfsd
ib_core auth_rpcgss iscsi_tcp nfs_acl lockd grace libiscsi_tcp libiscsi
scsi_transport_iscsi sunrpc ip_tables x_tables btrfs zstd_compress zlib_deflate
raid10 raid456 async_raid6_recov async_memcpy async_pq async_xor async_tx xor
raid6_pq libcrc32c raid1 raid0 linear virtio_net virtio_blk crc32_vx_s390
[ 25.170835] CPU: 0 PID: 5590 Comm: stress-ng-sysfs Tainted: P OE
4.17.0-8-generic #9-Ubuntu
[ 25.170837] Hardware name: IBM 2964 N63 400 (KVM/Linux)
[ 25.170839] Krnl PSW : 0000000005f0c968 0000000026542d57
(virtblk_cache_type_show+0x7c/0x80 [virtio_blk])
[ 25.170846] R:0 T:1 IO:1 EX:1 Key:0 M:1 W:0 P:0 AS:3 CC:2 PM:0
RI:0 EA:3
[ 25.170849] Krnl GPRS: de6dc5c209bf9e6f 000000007ff91320 0000000000000040
0000000000000891
[ 25.170850] 0000000000000000 0000000000000892 0000000000000000
000000007176e800
[ 25.170852] 000000006f447f00 0000000000684300 000000006f492b40
000000006ca7a000
[ 25.170853] 000003ff80018218 000000007b5e6e40 000003ff8001561a
000000006f447ce8
[ 25.170861] Krnl Code: 000003ff8001564c: ebbff0a80004 lmg
%r11,%r15,168(%r15)
[ 25.170861] 000003ff80015652: c0f40000065b brcl
15,3ff80016308
[ 25.170861] #000003ff80015658: a7f40001 brc
15,3ff8001565a
[ 25.170861] >000003ff8001565c: 0707 bcr 0,%r7
[ 25.170861] 000003ff8001565e: 0707 bcr 0,%r7
[ 25.170861] 000003ff80015660: c00400000000 brcl
0,3ff80015660
[ 25.170861] 000003ff80015666: eb6ff0480024 stmg
%r6,%r15,72(%r15)
[ 25.170861] 000003ff8001566c: a7f13f80 tmll
%r15,16256
[ 25.170878] Call Trace:
[ 25.170881] ([<000003ff8001561a>] virtblk_cache_type_show+0x3a/0x80
[virtio_blk])
[ 25.170888] [<000000000068433c>] dev_attr_show+0x3c/0x78
[ 25.170895] [<000000000042539c>] sysfs_kf_seq_show+0xbc/0x1a0
[ 25.170899] [<00000000003b16b8>] seq_read+0x180/0x4f8
[ 25.170903] [<000000000038433a>] vfs_read+0x8a/0x148
[ 25.170905] [<0000000000384882>] ksys_read+0x62/0xd0
[ 25.170909] [<00000000008db738>] system_call+0xdc/0x2c8
[ 25.170910] Last Breaking-Event-Address:
[ 25.170912] [<000003ff80015658>] virtblk_cache_type_show+0x78/0x80
[virtio_blk]
[ 25.170913]
[ 25.170914] ---[ end trace 14f89544f0f55795 ]---
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu-z-systems/+bug/1788432/+subscriptions
--
Mailing list: https://launchpad.net/~kernel-packages
Post to : [email protected]
Unsubscribe : https://launchpad.net/~kernel-packages
More help : https://help.launchpad.net/ListHelp
