subject:"\[Kernel\-packages\] \[Bug 1800639\] Re\: \[Ubuntu\] net\/af

[Kernel-packages] [Bug 1800639] Re: [Ubuntu] net/af_iucv: fix skb leaks for HiperTransport

2019-07-24 Thread Brad Figg

** Tags added: cscc

--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1800639

Title:
[Ubuntu] net/af_iucv: fix skb leaks for HiperTransport

Status in Ubuntu on IBM z Systems:
Fix Released
Status in linux package in Ubuntu:
Fix Released
Status in linux source package in Xenial:
Fix Released
Status in linux source package in Bionic:
Fix Released
Status in linux source package in Cosmic:
Fix Released

Bug description:
== SRU Justification ==

Fix socket buffer (skb) leaks for HiperTransport

Description: net/af_iucv: fix skb leaks for HiperTransport
Symptom: Memory leaks and/or double-freed network packets.
Problem: Inbound packets may have any combination of flag bits set in
their iucv header. Current code only handles certain
combinations, and ignores (ie. leaks) all packets with other flags.

On Transmit, current code is inconsistent about whether the error
paths need to free the skb. Depending on which error path is
taken, it may either get freed twice, or leak.
Solution: On receive, drop any skb with an unexpected combination of iucv
Header flags.
On transmit, be consistent in all error paths about free'ing the skb.

== Fix ==

222440996d6daf635bed6cb35041be22ede3e8a0 ("net/af_iucv: drop inbound packets
with invalid flags")
b2f543949acd1ba64313fdad9e672ef47550d773 ("net/af_iucv: fix skb handling on
HiperTransport xmit error")

== Patch ==

commit 222440996d6daf635bed6cb35041be22ede3e8a0
Author: Julian Wiedmann
Date: Wed Sep 5 16:55:10 2018 +0200

net/af_iucv: drop inbound packets with invalid flags

Inbound packets may have any combination of flag bits set in their iucv
header. If we don't know how to handle a specific combination, drop the
skb instead of leaking it.

To clarify what error is returned in this case, replace the hard-coded
0 with the corresponding macro.

Signed-off-by: Julian Wiedmann
Signed-off-by: David S. Miller

commit b2f543949acd1ba64313fdad9e672ef47550d773
Author: Julian Wiedmann
Date: Wed Sep 5 16:55:11 2018 +0200

net/af_iucv: fix skb handling on HiperTransport xmit error

When sending an skb, afiucv_hs_send() bails out on various error
conditions. But currently the caller has no way of telling whether the
skb was freed or not - resulting in potentially either
a) leaked skbs from iucv_send_ctrl(), or
b) double-free's from iucv_sock_sendmsg().

As dev_queue_xmit() will always consume the skb (even on error), be
consistent and also free the skb from all other error paths. This way
callers no longer need to care about managing the skb.

Signed-off-by: Julian Wiedmann
Reviewed-by: Ursula Braun
Signed-off-by: David S. Miller

== Regression Potential ==

Low, because:

- IUCV functionality is very special to s390x and is only supported in z/VM
environments
(z/VM hypervisor to guest or guest to guest communications)
- So everything is s390x specific.
- Patch is limited to this single file: /net/iucv/af_iucv.c
- Patch was tested by IBM, and fixes an identified problem situation.

== Test Case ==

Set IUCV communication on an Ubuntu s390x system that runs as z/VM guest:

https://www.ibm.com/support/knowledgecenter/en/linuxonibm/com.ibm.linux.z.ludd/ludd_r_afiucv_setup.html
Provoke an error situation.
This is btw. hard to do, because the 'Inter-User Communication Vehicle"
(IUCV) is a virtual z/VM internal
network that does not use any real media.
To check for regressions one can use a shell over an ssh connection using an
IUCV interface
or use an application that utilises AF_IUCV sockets (like ICC).
__

kerne 4.19
Upstream-ID: 222440996d6daf635bed6cb35041be22ede3e8a0
b2f543949acd1ba64313fdad9e672ef47550d773

Should also be applied, to all other Ubuntu Releases in the field !

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu-z-systems/+bug/1800639/+subscriptions

--
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packa

[Kernel-packages] [Bug 1800639] Re: [Ubuntu] net/af_iucv: fix skb leaks for HiperTransport

2018-12-04 Thread Frank Heimes

** Changed in: linux (Ubuntu)
Status: Fix Committed => Fix Released

** Changed in: ubuntu-z-systems
Status: Fix Committed => Fix Released

--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1800639

Title:
[Ubuntu] net/af_iucv: fix skb leaks for HiperTransport

Bug description:
== SRU Justification ==

Fix socket buffer (skb) leaks for HiperTransport

== Fix ==

== Patch ==

commit 222440996d6daf635bed6cb35041be22ede3e8a0
Author: Julian Wiedmann
Date: Wed Sep 5 16:55:10 2018 +0200

net/af_iucv: drop inbound packets with invalid flags

Inbound packets may have any combination of flag bits set in their iucv
header. If we don't know how to handle a specific combination, drop the
skb instead of leaking it.

To clarify what error is returned in this case, replace the hard-coded
0 with the corresponding macro.

Signed-off-by: Julian Wiedmann
Signed-off-by: David S. Miller

commit b2f543949acd1ba64313fdad9e672ef47550d773
Author: Julian Wiedmann
Date: Wed Sep 5 16:55:11 2018 +0200

net/af_iucv: fix skb handling on HiperTransport xmit error

As dev_queue_xmit() will always consume the skb (even on error), be
consistent and also free the skb from all other error paths. This way
callers no longer need to care about managing the skb.

Signed-off-by: Julian Wiedmann
Reviewed-by: Ursula Braun
Signed-off-by: David S. Miller

== Regression Potential ==

Low, because:

== Test Case ==

Set IUCV communication on an Ubuntu s390x system that runs as z/VM guest:

kerne 4.19
Upstream-ID: 222440996d6daf635bed6cb35041be22ede3e8a0
b2f543949acd1ba64313fdad9e672ef47550d773

Should also be applied, to all other Ubuntu Releases in the field !

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu-z-systems/+bug/1800639/+subscriptions

--
Mailing list: https

[Kernel-packages] [Bug 1800639] Re: [Ubuntu] net/af_iucv: fix skb leaks for HiperTransport

2018-12-03 Thread Launchpad Bug Tracker

This bug was fixed in the package linux - 4.4.0-140.166

---
linux (4.4.0-140.166) xenial; urgency=medium

  * linux: 4.4.0-140.166 -proposed tracker (LP: #1802776)

  * Bypass of mount visibility through userns + mount propagation (LP: #1789161)
- mount: Retest MNT_LOCKED in do_umount
- mount: Don't allow copying MNT_UNBINDABLE|MNT_LOCKED mounts

  * kdump fail due to an IRQ storm (LP: #1797990)
- SAUCE: x86/PCI: Export find_cap() to be used in early PCI code
- SAUCE: x86/quirks: Add parameter to clear MSIs early on boot
- SAUCE: x86/quirks: Scan all busses for early PCI quirks

  * crash in ENA driver on removing an interface (LP: #1802341)
- SAUCE: net: ena: fix crash during ena_remove()

  * xenial guest on arm64 drops to busybox under openstack bionic-rocky
(LP: #1797092)
- [Config] CONFIG_PCI_ECAM=y
- PCI: Provide common functions for ECAM mapping
- PCI: generic, thunder: Use generic ECAM API
- PCI, of: Move PCI I/O space management to PCI core code
- PCI: Move ecam.h to linux/include/pci-ecam.h
- PCI: Add parent device field to ECAM struct pci_config_window
- PCI: Add pci_unmap_iospace() to unmap I/O resources
- PCI/ACPI: Support I/O resources when parsing host bridge resources
- [Config] CONFIG_ACPI_MCFG=y
- PCI/ACPI: Add generic MCFG table handling
- PCI: Refactor pci_bus_assign_domain_nr() for CONFIG_PCI_DOMAINS_GENERIC
- PCI: Factor DT-specific pci_bus_find_domain_nr() code out
- ARM64: PCI: Add acpi_pci_bus_find_domain_nr()
- ARM64: PCI: ACPI support for legacy IRQs parsing and consolidation with DT
  code
- ARM64: PCI: Support ACPI-based PCI host controller

  * [GLK/CLX] Enhanced IBRS (LP: #1786139)
- x86/speculation: Remove SPECTRE_V2_IBRS in enum spectre_v2_mitigation
- x86/speculation: Support Enhanced IBRS on future CPUs

  * Update ENA driver to version 2.0.1K (LP: #1798182)
- net: ena: remove ndo_poll_controller
- net: ena: fix warning in rmmod caused by double iounmap
- net: ena: fix rare bug when failed restart/resume is followed by driver
  removal
- net: ena: fix NULL dereference due to untimely napi initialization
- net: ena: fix auto casting to boolean
- net: ena: minor performance improvement
- net: ena: complete host info to match latest ENA spec
- net: ena: introduce Low Latency Queues data structures according to ENA 
spec
- net: ena: add functions for handling Low Latency Queues in ena_com
- net: ena: add functions for handling Low Latency Queues in ena_netdev
- net: ena: use CSUM_CHECKED device indication to report skb's checksum 
status
- net: ena: explicit casting and initialization, and clearer error handling
- net: ena: limit refill Rx threshold to 256 to avoid latency issues
- net: ena: change rx copybreak default to reduce kernel memory pressure
- net: ena: remove redundant parameter in ena_com_admin_init()
- net: ena: update driver version to 2.0.1
- net: ena: fix indentations in ena_defs for better readability
- net: ena: Fix Kconfig dependency on X86
- net: ena: enable Low Latency Queues
- net: ena: fix compilation error in xtensa architecture

  * Xenial update: 4.4.162 upstream stable release (LP: #1801900)
- ASoC: wm8804: Add ACPI support
- ASoC: sigmadsp: safeload should not have lower byte limit
- selftests/efivarfs: add required kernel configs
- mfd: omap-usb-host: Fix dts probe of children
- sound: enable interrupt after dma buffer initialization
- stmmac: fix valid numbers of unicast filter entries
- net: macb: disable scatter-gather for macb on sama5d3
- ARM: dts: at91: add new compatibility string for macb on sama5d3
- drm/amdgpu: Fix SDMA HQD destroy error on gfx_v7
- ext4: add corruption check in ext4_xattr_set_entry()
- mm/vmstat.c: fix outdated vmstat_text
- mach64: detect the dot clock divider correctly on sparc
- perf script python: Fix export-to-postgresql.py occasional failure
- i2c: i2c-scmi: fix for i2c_smbus_write_block_data
- xhci: Don't print a warning when setting link state for disabled ports
- jffs2: return -ERANGE when xattr buffer is too small
- bnxt_en: Fix TX timeout during netpoll.
- bonding: avoid possible dead-lock
- ip6_tunnel: be careful when accessing the inner header
- ip_tunnel: be careful when accessing the inner header
- ipv4: fix use-after-free in ip_cmsg_recv_dstaddr()
- net: ipv4: update fnhe_pmtu when first hop's MTU changes
- net/ipv6: Display all addresses in output of /proc/net/if_inet6
- netlabel: check for IPV4MASK in addrinfo_get
- net/usb: cancel pending work when unbinding smsc75xx
- qlcnic: fix Tx descriptor corruption on 82xx devices
- team: Forbid enslaving team device to itself
- net: mvpp2: Extract the correct ethtype from the skb for tx csum offload
- net: systemport: Fix wake-up interrupt race during r

[Kernel-packages] [Bug 1800639] Re: [Ubuntu] net/af_iucv: fix skb leaks for HiperTransport

2018-12-03 Thread Launchpad Bug Tracker

This bug was fixed in the package linux - 4.15.0-42.45

---
linux (4.15.0-42.45) bionic; urgency=medium

  * linux: 4.15.0-42.45 -proposed tracker (LP: #1803592)

  * [FEAT] Guest-dedicated Crypto Adapters (LP: #1787405)
- KVM: s390: reset crypto attributes for all vcpus
- KVM: s390: vsie: simulate VCPU SIE entry/exit
- KVM: s390: introduce and use KVM_REQ_VSIE_RESTART
- KVM: s390: refactor crypto initialization
- s390: vfio-ap: base implementation of VFIO AP device driver
- s390: vfio-ap: register matrix device with VFIO mdev framework
- s390: vfio-ap: sysfs interfaces to configure adapters
- s390: vfio-ap: sysfs interfaces to configure domains
- s390: vfio-ap: sysfs interfaces to configure control domains
- s390: vfio-ap: sysfs interface to view matrix mdev matrix
- KVM: s390: interface to clear CRYCB masks
- s390: vfio-ap: implement mediated device open callback
- s390: vfio-ap: implement VFIO_DEVICE_GET_INFO ioctl
- s390: vfio-ap: zeroize the AP queues
- s390: vfio-ap: implement VFIO_DEVICE_RESET ioctl
- KVM: s390: Clear Crypto Control Block when using vSIE
- KVM: s390: vsie: Do the CRYCB validation first
- KVM: s390: vsie: Make use of CRYCB FORMAT2 clear
- KVM: s390: vsie: Allow CRYCB FORMAT-2
- KVM: s390: vsie: allow CRYCB FORMAT-1
- KVM: s390: vsie: allow CRYCB FORMAT-0
- KVM: s390: vsie: allow guest FORMAT-0 CRYCB on host FORMAT-1
- KVM: s390: vsie: allow guest FORMAT-1 CRYCB on host FORMAT-2
- KVM: s390: vsie: allow guest FORMAT-0 CRYCB on host FORMAT-2
- KVM: s390: device attrs to enable/disable AP interpretation
- KVM: s390: CPU model support for AP virtualization
- s390: doc: detailed specifications for AP virtualization
- KVM: s390: fix locking for crypto setting error path
- KVM: s390: Tracing APCB changes
- s390: vfio-ap: setup APCB mask using KVM dedicated function
- s390/zcrypt: Add ZAPQ inline function.
- s390/zcrypt: Review inline assembler constraints.
- s390/zcrypt: Integrate ap_asm.h into include/asm/ap.h.
- s390/zcrypt: fix ap_instructions_available() returncodes
- s390/zcrypt: remove VLA usage from the AP bus
- s390/zcrypt: Remove deprecated ioctls.
- s390/zcrypt: Remove deprecated zcrypt proc interface.
- s390/zcrypt: Support up to 256 crypto adapters.
- [Config:] Enable CONFIG_S390_AP_IOMMU and set CONFIG_VFIO_AP to module.

  * Bypass of mount visibility through userns + mount propagation (LP: #1789161)
- mount: Retest MNT_LOCKED in do_umount
- mount: Don't allow copying MNT_UNBINDABLE|MNT_LOCKED mounts

  *  CVE-2018-18955: nested user namespaces with more than five extents
incorrectly grant privileges over inode (LP: #1801924) // CVE-2018-18955
- userns: also map extents in the reverse map to kernel IDs

  * kdump fail due to an IRQ storm (LP: #1797990)
- SAUCE: x86/PCI: Export find_cap() to be used in early PCI code
- SAUCE: x86/quirks: Add parameter to clear MSIs early on boot
- SAUCE: x86/quirks: Scan all busses for early PCI quirks

 -- Thadeu Lima de Souza Cascardo   Thu, 15 Nov
2018 17:01:46 -0200

** Changed in: linux (Ubuntu Bionic)
   Status: Fix Committed => Fix Released

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1800639

Title:
  [Ubuntu] net/af_iucv: fix skb leaks for HiperTransport

Status in Ubuntu on IBM z Systems:
  Fix Committed
Status in linux package in Ubuntu:
  Fix Committed
Status in linux source package in Xenial:
  Fix Committed
Status in linux source package in Bionic:
  Fix Released
Status in linux source package in Cosmic:
  Fix Released

Bug description:
  == SRU Justification ==

  Fix socket buffer (skb) leaks for HiperTransport

  Description: net/af_iucv: fix skb leaks for HiperTransport
  Symptom: Memory leaks and/or double-freed network packets.
  Problem: Inbound packets may have any combination of flag bits set in
  their iucv header. Current code only handles certain
  combinations, and ignores (ie. leaks) all packets with other flags.

  On Transmit, current code is inconsistent about whether the error
  paths need to free the skb. Depending on which error path is
  taken, it may either get freed twice, or leak.
  Solution: On receive, drop any skb with an unexpected combination of iucv
  Header flags.
  On transmit, be consistent in all error paths about free'ing the skb.

  == Fix ==

  222440996d6daf635bed6cb35041be22ede3e8a0 ("net/af_iucv: drop inbound packets 
with invalid flags")
  b2f543949acd1ba64313fdad9e672ef47550d773 ("net/af_iucv: fix skb handling on 
HiperTransport xmit error")

  == Patch ==

  commit 222440996d6daf635bed6cb35041be22ede3e8a0
  Author: Julian Wiedmann 
  Date:   Wed Sep 5 16:55:10 2018 +0200

  net/af_iucv: drop inbound packets with invalid flags
  
  Inbound packets may have any combination

[Kernel-packages] [Bug 1800639] Re: [Ubuntu] net/af_iucv: fix skb leaks for HiperTransport

2018-12-03 Thread Launchpad Bug Tracker

This bug was fixed in the package linux - 4.18.0-12.13

---
linux (4.18.0-12.13) cosmic; urgency=medium

  * linux: 4.18.0-12.13 -proposed tracker (LP: #1802743)

  * [FEAT] Guest-dedicated Crypto Adapters (LP: #1787405)
- s390/zcrypt: Add ZAPQ inline function.
- s390/zcrypt: Review inline assembler constraints.
- s390/zcrypt: Integrate ap_asm.h into include/asm/ap.h.
- s390/zcrypt: fix ap_instructions_available() returncodes
- KVM: s390: vsie: simulate VCPU SIE entry/exit
- KVM: s390: introduce and use KVM_REQ_VSIE_RESTART
- KVM: s390: refactor crypto initialization
- s390: vfio-ap: base implementation of VFIO AP device driver
- s390: vfio-ap: register matrix device with VFIO mdev framework
- s390: vfio-ap: sysfs interfaces to configure adapters
- s390: vfio-ap: sysfs interfaces to configure domains
- s390: vfio-ap: sysfs interfaces to configure control domains
- s390: vfio-ap: sysfs interface to view matrix mdev matrix
- KVM: s390: interface to clear CRYCB masks
- s390: vfio-ap: implement mediated device open callback
- s390: vfio-ap: implement VFIO_DEVICE_GET_INFO ioctl
- s390: vfio-ap: zeroize the AP queues
- s390: vfio-ap: implement VFIO_DEVICE_RESET ioctl
- KVM: s390: Clear Crypto Control Block when using vSIE
- KVM: s390: vsie: Do the CRYCB validation first
- KVM: s390: vsie: Make use of CRYCB FORMAT2 clear
- KVM: s390: vsie: Allow CRYCB FORMAT-2
- KVM: s390: vsie: allow CRYCB FORMAT-1
- KVM: s390: vsie: allow CRYCB FORMAT-0
- KVM: s390: vsie: allow guest FORMAT-0 CRYCB on host FORMAT-1
- KVM: s390: vsie: allow guest FORMAT-1 CRYCB on host FORMAT-2
- KVM: s390: vsie: allow guest FORMAT-0 CRYCB on host FORMAT-2
- KVM: s390: device attrs to enable/disable AP interpretation
- KVM: s390: CPU model support for AP virtualization
- s390: doc: detailed specifications for AP virtualization
- KVM: s390: fix locking for crypto setting error path
- KVM: s390: Tracing APCB changes
- s390: vfio-ap: setup APCB mask using KVM dedicated function
- [Config:] Enable CONFIG_S390_AP_IOMMU and set CONFIG_VFIO_AP to module.

  * Bypass of mount visibility through userns + mount propagation (LP: #1789161)
- mount: Retest MNT_LOCKED in do_umount
- mount: Don't allow copying MNT_UNBINDABLE|MNT_LOCKED mounts

  *  CVE-2018-18955: nested user namespaces with more than five extents
incorrectly grant privileges over inode (LP: #1801924) // CVE-2018-18955
- userns: also map extents in the reverse map to kernel IDs

  * kdump fail due to an IRQ storm (LP: #1797990)
- SAUCE: x86/PCI: Export find_cap() to be used in early PCI code
- SAUCE: x86/quirks: Add parameter to clear MSIs early on boot
- SAUCE: x86/quirks: Scan all busses for early PCI quirks

  * crash in ENA driver on removing an interface (LP: #1802341)
- SAUCE: net: ena: fix crash during ena_remove()

  * Ubuntu 18.04.1 - [s390x] Kernel panic while stressing network bonding
(LP: #1797367)
- s390/qeth: reduce hard-coded access to ccw channels
- s390/qeth: sanitize strings in debug messages

  * Add checksum offload and TSO support for HiNIC adapters (LP: #1800664)
- net-next/hinic: add checksum offload and TSO support

  * smartpqi updates for ubuntu 18.04.2 (LP: #1798208)
- scsi: smartpqi: improve handling for sync requests
- scsi: smartpqi: improve error checking for sync requests
- scsi: smartpqi: add inspur advantech ids
- scsi: smartpqi: fix critical ARM issue reading PQI index registers
- scsi: smartpqi: bump driver version to 1.1.4-130

  * [GLK/CLX] Enhanced IBRS (LP: #1786139)
- x86/speculation: Remove SPECTRE_V2_IBRS in enum spectre_v2_mitigation
- x86/speculation: Support Enhanced IBRS on future CPUs

  * Enable keyboard wakeup for S2Idle laptops (LP: #1798552)
- Input: i8042 - enable keyboard wakeups by default when s2idle is used

  * Overlayfs in user namespace leaks directory content of inaccessible
directories (LP: #1793458) // CVE-2018-6559
- SAUCE: overlayfs: ensure mounter privileges when reading directories

  * Update ENA driver to version 2.0.1K (LP: #1798182)
- net: ena: remove ndo_poll_controller
- net: ena: fix auto casting to boolean
- net: ena: minor performance improvement
- net: ena: complete host info to match latest ENA spec
- net: ena: introduce Low Latency Queues data structures according to ENA 
spec
- net: ena: add functions for handling Low Latency Queues in ena_com
- net: ena: add functions for handling Low Latency Queues in ena_netdev
- net: ena: use CSUM_CHECKED device indication to report skb's checksum 
status
- net: ena: explicit casting and initialization, and clearer error handling
- net: ena: limit refill Rx threshold to 256 to avoid latency issues
- net: ena: change rx copybreak default to reduce kernel memory pressure
- net: ena: remove redundant p

[Kernel-packages] [Bug 1800639] Re: [Ubuntu] net/af_iucv: fix skb leaks for HiperTransport

2018-11-20 Thread Frank Heimes

Adjusting tags based on feedback from IBM / comment #13.

** Tags removed: verification-needed-bionic verification-needed-cosmic
verification-needed-xenial
** Tags added: verification-done-bionic verification-done-cosmic
verification-done-xenial

--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1800639

Title:
[Ubuntu] net/af_iucv: fix skb leaks for HiperTransport

Status in Ubuntu on IBM z Systems:
Fix Committed
Status in linux package in Ubuntu:
Fix Committed
Status in linux source package in Xenial:
Fix Committed
Status in linux source package in Bionic:
Fix Committed
Status in linux source package in Cosmic:
Fix Committed

Bug description:
== SRU Justification ==

Fix socket buffer (skb) leaks for HiperTransport

== Fix ==

== Patch ==

commit 222440996d6daf635bed6cb35041be22ede3e8a0
Author: Julian Wiedmann
Date: Wed Sep 5 16:55:10 2018 +0200

net/af_iucv: drop inbound packets with invalid flags

Inbound packets may have any combination of flag bits set in their iucv
header. If we don't know how to handle a specific combination, drop the
skb instead of leaking it.

To clarify what error is returned in this case, replace the hard-coded
0 with the corresponding macro.

Signed-off-by: Julian Wiedmann
Signed-off-by: David S. Miller

commit b2f543949acd1ba64313fdad9e672ef47550d773
Author: Julian Wiedmann
Date: Wed Sep 5 16:55:11 2018 +0200

net/af_iucv: fix skb handling on HiperTransport xmit error

As dev_queue_xmit() will always consume the skb (even on error), be
consistent and also free the skb from all other error paths. This way
callers no longer need to care about managing the skb.

Signed-off-by: Julian Wiedmann
Reviewed-by: Ursula Braun
Signed-off-by: David S. Miller

== Regression Potential ==

Low, because:

== Test Case ==

Set IUCV communication on an Ubuntu s390x system that runs as z/VM guest:

kerne 4.19
Upstream-ID: 222440996d6daf635bed6cb35041be22ede3e8a0
b2f543949acd1ba64313fdad9e672ef47550d773

Should also be applied, to all other Ubuntu Releases in the field !

To manage notifications about this bug go

[Kernel-packages] [Bug 1800639] Re: [Ubuntu] net/af_iucv: fix skb leaks for HiperTransport

2018-11-16 Thread Brad Figg

This bug is awaiting verification that the kernel in -proposed solves
the problem. Please test the kernel and update this bug with the
results. If the problem is solved, change the tag 'verification-needed-
xenial' to 'verification-done-xenial'. If the problem still exists,
change the tag 'verification-needed-xenial' to 'verification-failed-
xenial'.

If verification is not done by 5 working days from today, this fix will
be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how
to enable and use -proposed. Thank you!

** Tags added: verification-needed-xenial

--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1800639

Title:
[Ubuntu] net/af_iucv: fix skb leaks for HiperTransport

Bug description:
== SRU Justification ==

Fix socket buffer (skb) leaks for HiperTransport

== Fix ==

== Patch ==

commit 222440996d6daf635bed6cb35041be22ede3e8a0
Author: Julian Wiedmann
Date: Wed Sep 5 16:55:10 2018 +0200

net/af_iucv: drop inbound packets with invalid flags

Inbound packets may have any combination of flag bits set in their iucv
header. If we don't know how to handle a specific combination, drop the
skb instead of leaking it.

To clarify what error is returned in this case, replace the hard-coded
0 with the corresponding macro.

Signed-off-by: Julian Wiedmann
Signed-off-by: David S. Miller

commit b2f543949acd1ba64313fdad9e672ef47550d773
Author: Julian Wiedmann
Date: Wed Sep 5 16:55:11 2018 +0200

net/af_iucv: fix skb handling on HiperTransport xmit error

As dev_queue_xmit() will always consume the skb (even on error), be
consistent and also free the skb from all other error paths. This way
callers no longer need to care about managing the skb.

Signed-off-by: Julian Wiedmann
Reviewed-by: Ursula Braun
Signed-off-by: David S. Miller

== Regression Potential ==

Low, because:

== Test Case ==

Set IUCV communication on an Ubuntu s390x system that runs as z/VM guest:

On Transmit, current code is inconsistent about whether the error
paths need to free the skb. Depending on which error path is
taken, it may either get freed twice, or l

[Kernel-packages] [Bug 1800639] Re: [Ubuntu] net/af_iucv: fix skb leaks for HiperTransport

2018-11-15 Thread Brad Figg

This bug is awaiting verification that the kernel in -proposed solves
the problem. Please test the kernel and update this bug with the
results. If the problem is solved, change the tag 'verification-needed-
bionic' to 'verification-done-bionic'. If the problem still exists,
change the tag 'verification-needed-bionic' to 'verification-failed-
bionic'.

If verification is not done by 5 working days from today, this fix will
be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how
to enable and use -proposed. Thank you!

** Tags added: verification-needed-bionic

--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1800639

Title:
[Ubuntu] net/af_iucv: fix skb leaks for HiperTransport

Bug description:
== SRU Justification ==

Fix socket buffer (skb) leaks for HiperTransport

== Fix ==

== Patch ==

commit 222440996d6daf635bed6cb35041be22ede3e8a0
Author: Julian Wiedmann
Date: Wed Sep 5 16:55:10 2018 +0200

net/af_iucv: drop inbound packets with invalid flags

Inbound packets may have any combination of flag bits set in their iucv
header. If we don't know how to handle a specific combination, drop the
skb instead of leaking it.

To clarify what error is returned in this case, replace the hard-coded
0 with the corresponding macro.

Signed-off-by: Julian Wiedmann
Signed-off-by: David S. Miller

commit b2f543949acd1ba64313fdad9e672ef47550d773
Author: Julian Wiedmann
Date: Wed Sep 5 16:55:11 2018 +0200

net/af_iucv: fix skb handling on HiperTransport xmit error

As dev_queue_xmit() will always consume the skb (even on error), be
consistent and also free the skb from all other error paths. This way
callers no longer need to care about managing the skb.

Signed-off-by: Julian Wiedmann
Reviewed-by: Ursula Braun
Signed-off-by: David S. Miller

== Regression Potential ==

Low, because:

== Test Case ==

Set IUCV communication on an Ubuntu s390x system that runs as z/VM guest:

On Transmit, current code is inconsistent about whether the error
paths need to free the skb. Depending on which error path is
taken, it may either get freed twice, or l

[Kernel-packages] [Bug 1800639] Re: [Ubuntu] net/af_iucv: fix skb leaks for HiperTransport

2018-11-15 Thread Brad Figg

This bug is awaiting verification that the kernel in -proposed solves
the problem. Please test the kernel and update this bug with the
results. If the problem is solved, change the tag 'verification-needed-
cosmic' to 'verification-done-cosmic'. If the problem still exists,
change the tag 'verification-needed-cosmic' to 'verification-failed-
cosmic'.

If verification is not done by 5 working days from today, this fix will
be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how
to enable and use -proposed. Thank you!

** Tags added: verification-needed-cosmic

--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1800639

Title:
[Ubuntu] net/af_iucv: fix skb leaks for HiperTransport

Bug description:
== SRU Justification ==

Fix socket buffer (skb) leaks for HiperTransport

== Fix ==

== Patch ==

commit 222440996d6daf635bed6cb35041be22ede3e8a0
Author: Julian Wiedmann
Date: Wed Sep 5 16:55:10 2018 +0200

net/af_iucv: drop inbound packets with invalid flags

Inbound packets may have any combination of flag bits set in their iucv
header. If we don't know how to handle a specific combination, drop the
skb instead of leaking it.

To clarify what error is returned in this case, replace the hard-coded
0 with the corresponding macro.

Signed-off-by: Julian Wiedmann
Signed-off-by: David S. Miller

commit b2f543949acd1ba64313fdad9e672ef47550d773
Author: Julian Wiedmann
Date: Wed Sep 5 16:55:11 2018 +0200

net/af_iucv: fix skb handling on HiperTransport xmit error

As dev_queue_xmit() will always consume the skb (even on error), be
consistent and also free the skb from all other error paths. This way
callers no longer need to care about managing the skb.

Signed-off-by: Julian Wiedmann
Reviewed-by: Ursula Braun
Signed-off-by: David S. Miller

== Regression Potential ==

Low, because:

== Test Case ==

Set IUCV communication on an Ubuntu s390x system that runs as z/VM guest:

On Transmit, current code is inconsistent about whether the error
paths need to free the skb. Depending on which error path is
taken, it may either get freed twice, or l

[Kernel-packages] [Bug 1800639] Re: [Ubuntu] net/af_iucv: fix skb leaks for HiperTransport

2018-11-09 Thread Frank Heimes

SRU request:
https://lists.ubuntu.com/archives/kernel-team/2018-November/096435.html

--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1800639

Title:
[Ubuntu] net/af_iucv: fix skb leaks for HiperTransport

Bug description:
== SRU Justification ==

Fix socket buffer (skb) leaks for HiperTransport

== Fix ==

== Patch ==

commit 222440996d6daf635bed6cb35041be22ede3e8a0
Author: Julian Wiedmann
Date: Wed Sep 5 16:55:10 2018 +0200

net/af_iucv: drop inbound packets with invalid flags

Inbound packets may have any combination of flag bits set in their iucv
header. If we don't know how to handle a specific combination, drop the
skb instead of leaking it.

To clarify what error is returned in this case, replace the hard-coded
0 with the corresponding macro.

Signed-off-by: Julian Wiedmann
Signed-off-by: David S. Miller

commit b2f543949acd1ba64313fdad9e672ef47550d773
Author: Julian Wiedmann
Date: Wed Sep 5 16:55:11 2018 +0200

net/af_iucv: fix skb handling on HiperTransport xmit error

As dev_queue_xmit() will always consume the skb (even on error), be
consistent and also free the skb from all other error paths. This way
callers no longer need to care about managing the skb.

Signed-off-by: Julian Wiedmann
Reviewed-by: Ursula Braun
Signed-off-by: David S. Miller

== Regression Potential ==

Low, because:

== Test Case ==

Set IUCV communication on an Ubuntu s390x system that runs as z/VM guest:

kerne 4.19
Upstream-ID: 222440996d6daf635bed6cb35041be22ede3e8a0
b2f543949acd1ba64313fdad9e672ef47550d773

Should also be applied, to all other Ubuntu Releases in the field !

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu-z-systems/+bug/1800639/+subscriptions

--
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages

[Kernel-packages] [Bug 1800639] Re: [Ubuntu] net/af_iucv: fix skb leaks for HiperTransport

2018-11-07 Thread Frank Heimes

** Changed in: linux (Ubuntu)
Status: In Progress => Fix Committed

** Changed in: ubuntu-z-systems
Status: In Progress => Fix Committed

--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1800639

Title:
[Ubuntu] net/af_iucv: fix skb leaks for HiperTransport

Bug description:
== SRU Justification ==

Fix socket buffer (skb) leaks for HiperTransport

== Fix ==

== Patch ==

commit 222440996d6daf635bed6cb35041be22ede3e8a0
Author: Julian Wiedmann
Date: Wed Sep 5 16:55:10 2018 +0200

net/af_iucv: drop inbound packets with invalid flags

Inbound packets may have any combination of flag bits set in their iucv
header. If we don't know how to handle a specific combination, drop the
skb instead of leaking it.

To clarify what error is returned in this case, replace the hard-coded
0 with the corresponding macro.

Signed-off-by: Julian Wiedmann
Signed-off-by: David S. Miller

commit b2f543949acd1ba64313fdad9e672ef47550d773
Author: Julian Wiedmann
Date: Wed Sep 5 16:55:11 2018 +0200

net/af_iucv: fix skb handling on HiperTransport xmit error

As dev_queue_xmit() will always consume the skb (even on error), be
consistent and also free the skb from all other error paths. This way
callers no longer need to care about managing the skb.

Signed-off-by: Julian Wiedmann
Reviewed-by: Ursula Braun
Signed-off-by: David S. Miller

== Regression Potential ==

Low, because:

== Test Case ==

Set IUCV communication on an Ubuntu s390x system that runs as z/VM guest:

kerne 4.19
Upstream-ID: 222440996d6daf635bed6cb35041be22ede3e8a0
b2f543949acd1ba64313fdad9e672ef47550d773

Should also be applied, to all other Ubuntu Releases in the field !

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu-z-systems/+bug/1800639/+subscriptions

--
Mailing list: ht

[Kernel-packages] [Bug 1800639] Re: [Ubuntu] net/af_iucv: fix skb leaks for HiperTransport

2018-11-07 Thread Khaled El Mously

** Changed in: linux (Ubuntu Xenial)
Status: In Progress => Fix Committed

** Changed in: linux (Ubuntu Bionic)
Status: In Progress => Fix Committed

** Changed in: linux (Ubuntu Cosmic)
Status: In Progress => Fix Committed

--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1800639

Title:
[Ubuntu] net/af_iucv: fix skb leaks for HiperTransport

Status in Ubuntu on IBM z Systems:
In Progress
Status in linux package in Ubuntu:
In Progress
Status in linux source package in Xenial:
Fix Committed
Status in linux source package in Bionic:
Fix Committed
Status in linux source package in Cosmic:
Fix Committed

Bug description:
== SRU Justification ==

Fix socket buffer (skb) leaks for HiperTransport

== Fix ==

== Patch ==

commit 222440996d6daf635bed6cb35041be22ede3e8a0
Author: Julian Wiedmann
Date: Wed Sep 5 16:55:10 2018 +0200

net/af_iucv: drop inbound packets with invalid flags

Inbound packets may have any combination of flag bits set in their iucv
header. If we don't know how to handle a specific combination, drop the
skb instead of leaking it.

To clarify what error is returned in this case, replace the hard-coded
0 with the corresponding macro.

Signed-off-by: Julian Wiedmann
Signed-off-by: David S. Miller

commit b2f543949acd1ba64313fdad9e672ef47550d773
Author: Julian Wiedmann
Date: Wed Sep 5 16:55:11 2018 +0200

net/af_iucv: fix skb handling on HiperTransport xmit error

As dev_queue_xmit() will always consume the skb (even on error), be
consistent and also free the skb from all other error paths. This way
callers no longer need to care about managing the skb.

Signed-off-by: Julian Wiedmann
Reviewed-by: Ursula Braun
Signed-off-by: David S. Miller

== Regression Potential ==

Low, because:

== Test Case ==

Set IUCV communication on an Ubuntu s390x system that runs as z/VM guest:

kerne 4.19
Upstream-ID: 222440996d6daf635bed6cb35041be22ede3e8a0
b2f543949acd1ba64313fdad9e672ef47550d773

Should also be applied, to all other Ubuntu Releases in the field !

To manage notifications about this bug go to:
htt

[Kernel-packages] [Bug 1800639] Re: [Ubuntu] net/af_iucv: fix skb leaks for HiperTransport

2018-11-06 Thread Frank Heimes

updated SRU link:
https://lists.ubuntu.com/archives/kernel-team/2018-November/096436.html

--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1800639

Title:
[Ubuntu] net/af_iucv: fix skb leaks for HiperTransport

Status in Ubuntu on IBM z Systems:
In Progress
Status in linux package in Ubuntu:
In Progress
Status in linux source package in Xenial:
In Progress
Status in linux source package in Bionic:
In Progress
Status in linux source package in Cosmic:
In Progress

Bug description:
== SRU Justification ==

Fix socket buffer (skb) leaks for HiperTransport

== Fix ==

== Patch ==

commit 222440996d6daf635bed6cb35041be22ede3e8a0
Author: Julian Wiedmann
Date: Wed Sep 5 16:55:10 2018 +0200

net/af_iucv: drop inbound packets with invalid flags

Inbound packets may have any combination of flag bits set in their iucv
header. If we don't know how to handle a specific combination, drop the
skb instead of leaking it.

To clarify what error is returned in this case, replace the hard-coded
0 with the corresponding macro.

Signed-off-by: Julian Wiedmann
Signed-off-by: David S. Miller

commit b2f543949acd1ba64313fdad9e672ef47550d773
Author: Julian Wiedmann
Date: Wed Sep 5 16:55:11 2018 +0200

net/af_iucv: fix skb handling on HiperTransport xmit error

As dev_queue_xmit() will always consume the skb (even on error), be
consistent and also free the skb from all other error paths. This way
callers no longer need to care about managing the skb.

Signed-off-by: Julian Wiedmann
Reviewed-by: Ursula Braun
Signed-off-by: David S. Miller

== Regression Potential ==

Low, because:

== Test Case ==

Set IUCV communication on an Ubuntu s390x system that runs as z/VM guest:

kerne 4.19
Upstream-ID: 222440996d6daf635bed6cb35041be22ede3e8a0
b2f543949acd1ba64313fdad9e672ef47550d773

Should also be applied, to all other Ubuntu Releases in the field !

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu-z-systems/+bug/1800639/+subscriptions

--
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@list

[Kernel-packages] [Bug 1800639] Re: [Ubuntu] net/af_iucv: fix skb leaks for HiperTransport

2018-11-01 Thread Frank Heimes

SRU requested:
https://lists.ubuntu.com/archives/kernel-team/2018-November/096390.html

--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1800639

Title:
[Ubuntu] net/af_iucv: fix skb leaks for HiperTransport

Bug description:
== SRU Justification ==

Fix socket buffer (skb) leaks for HiperTransport

== Fix ==

== Patch ==

commit 222440996d6daf635bed6cb35041be22ede3e8a0
Author: Julian Wiedmann
Date: Wed Sep 5 16:55:10 2018 +0200

net/af_iucv: drop inbound packets with invalid flags

Inbound packets may have any combination of flag bits set in their iucv
header. If we don't know how to handle a specific combination, drop the
skb instead of leaking it.

To clarify what error is returned in this case, replace the hard-coded
0 with the corresponding macro.

Signed-off-by: Julian Wiedmann
Signed-off-by: David S. Miller

commit b2f543949acd1ba64313fdad9e672ef47550d773
Author: Julian Wiedmann
Date: Wed Sep 5 16:55:11 2018 +0200

net/af_iucv: fix skb handling on HiperTransport xmit error

As dev_queue_xmit() will always consume the skb (even on error), be
consistent and also free the skb from all other error paths. This way
callers no longer need to care about managing the skb.

Signed-off-by: Julian Wiedmann
Reviewed-by: Ursula Braun
Signed-off-by: David S. Miller

== Regression Potential ==

Low, because:

== Test Case ==

Set IUCV communication on an Ubuntu s390x system that runs as z/VM guest:

kerne 4.19
Upstream-ID: 222440996d6daf635bed6cb35041be22ede3e8a0
b2f543949acd1ba64313fdad9e672ef47550d773

Should also be applied, to all other Ubuntu Releases in the field !

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu-z-systems/+bug/1800639/+subscriptions

--
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.l

[Kernel-packages] [Bug 1800639] Re: [Ubuntu] net/af_iucv: fix skb leaks for HiperTransport

2018-11-01 Thread Frank Heimes

** Description changed:

+ == SRU Justification ==
+
+ Fix socket buffer (skb) leaks for HiperTransport
+
+ Description: net/af_iucv: fix skb leaks for HiperTransport
+ Symptom: Memory leaks and/or double-freed network packets.
+ Problem: Inbound packets may have any combination of flag bits set in
+ their iucv header. Current code only handles certain
+ combinations, and ignores (ie. leaks) all packets with other flags.
+
+ On Transmit, current code is inconsistent about whether the error
+ paths need to free the skb. Depending on which error path is
+ taken, it may either get freed twice, or leak.
+ Solution: On receive, drop any skb with an unexpected combination of iucv
+ Header flags.
+ On transmit, be consistent in all error paths about free'ing the skb.
+
+ == Fix ==
+
+ 222440996d6daf635bed6cb35041be22ede3e8a0 ("net/af_iucv: drop inbound packets
with invalid flags")
+ b2f543949acd1ba64313fdad9e672ef47550d773 ("net/af_iucv: fix skb handling on
HiperTransport xmit error")
+
+ == Patch ==
+
+ commit 222440996d6daf635bed6cb35041be22ede3e8a0
+ Author: Julian Wiedmann
+ Date: Wed Sep 5 16:55:10 2018 +0200
+
+ net/af_iucv: drop inbound packets with invalid flags
+
+ Inbound packets may have any combination of flag bits set in their iucv
+ header. If we don't know how to handle a specific combination, drop the
+ skb instead of leaking it.
+
+ To clarify what error is returned in this case, replace the hard-coded
+ 0 with the corresponding macro.
+
+ Signed-off-by: Julian Wiedmann
+ Signed-off-by: David S. Miller
+
+ ==
+
+ commit b2f543949acd1ba64313fdad9e672ef47550d773
+ Author: Julian Wiedmann
+ Date: Wed Sep 5 16:55:11 2018 +0200
+
+ net/af_iucv: fix skb handling on HiperTransport xmit error
+
+ When sending an skb, afiucv_hs_send() bails out on various error
+ conditions. But currently the caller has no way of telling whether the
+ skb was freed or not - resulting in potentially either
+ a) leaked skbs from iucv_send_ctrl(), or
+ b) double-free's from iucv_sock_sendmsg().
+
+ As dev_queue_xmit() will always consume the skb (even on error), be
+ consistent and also free the skb from all other error paths. This way
+ callers no longer need to care about managing the skb.
+
+ Signed-off-by: Julian Wiedmann
+ Reviewed-by: Ursula Braun
+ Signed-off-by: David S. Miller
+
+ == Regression Potential ==
+
+ Low, because:
+
+ - IUCV functionality is very special to s390x and is only supported in z/VM
environments
+ (z/VM hypervisor to guest or guest to guest communications)
+ - So everything is s390x specific.
+ - Patch is limited to this single file: /net/iucv/af_iucv.c
+ - Patch was tested by IBM, and fixes an identified problem situation.
+
+ == Test Case ==
+
+ Set IUCV communication on an Ubuntu s390x system that runs as z/VM guest:
+
https://www.ibm.com/support/knowledgecenter/en/linuxonibm/com.ibm.linux.z.ludd/ludd_r_afiucv_setup.html
+ Provoke an error situation.
+ This is btw. hard to do, because the 'Inter-User Communication Vehicle"
(IUCV) is a virtual z/VM internal
+ network that does not use any real media.
+ To check for regressions one can use a shell over an ssh connection using an
IUCV interface
+ or use an application that utilises AF_IUCV sockets (like ICC).
+ __
+
Description: net/af_iucv: fix skb leaks for HiperTransport
Symptom: Memory leaks and/or double-freed network packets.
Problem: Inbound packets may have any combination of flag bits set in
their iucv header. Current code only handles certain
combinations, and ignores (ie. leaks) all packets with other
flags.

kerne 4.19
Upstream-ID: 222440996d6daf635bed6cb35041be22ede3e8a0
b2f543949acd1ba64313fdad9e672ef47550d773

-
Should also be applied, to all other Ubuntu Releases in the field !

--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1800639

Title:
[Ubuntu] net/af_iucv: fix skb leaks for HiperTransport

Bug description:
== SRU Justification ==

Fix socket buffer (skb) leaks for HiperTransport

Description: net/af_iucv: fix skb leaks for HiperTransport
Symptom: Memory leaks and/or double-freed network packets.
Problem: Inbound packets may h

[Kernel-packages] [Bug 1800639] Re: [Ubuntu] net/af_iucv: fix skb leaks for HiperTransport

2018-10-31 Thread Joseph Salisbury

I built a test kernel with the two commits posted in comment #3.  The test 
kernel can be downloaded from:
http://kernel.ubuntu.com/~jsalisbury/lp1800639

Can you test this kernel and see if it resolves this bug?

Note about installing test kernels:
• If the test kernel is prior to 4.15(Bionic) you need to install the 
linux-image and linux-image-extra .deb packages.
• If the test kernel is 4.15(Bionic) or newer, you need to install the 
linux-modules, linux-modules-extra and linux-image-unsigned .deb packages.

Thanks in advance!

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1800639

Title:
  [Ubuntu] net/af_iucv: fix skb leaks for HiperTransport

Status in Ubuntu on IBM z Systems:
  In Progress
Status in linux package in Ubuntu:
  In Progress
Status in linux source package in Xenial:
  In Progress
Status in linux source package in Bionic:
  In Progress
Status in linux source package in Cosmic:
  In Progress

Bug description:
  Description: net/af_iucv: fix skb leaks for HiperTransport
  Symptom: Memory leaks and/or double-freed network packets.
  Problem: Inbound packets may have any combination of flag bits set in
  their iucv header. Current code only handles certain
  combinations, and ignores (ie. leaks) all packets with other
  flags.

  On Transmit, current code is inconsistent about whether the error
  paths need to free the skb. Depending on which error path is
  taken, it may either get freed twice, or leak.
  Solution: On receive, drop any skb with an unexpected combination of iucv
  Header flags.
  On transmit, be consistent in all error paths about free'ing the
  skb.

  kerne 4.19
  Upstream-ID: 222440996d6daf635bed6cb35041be22ede3e8a0
  b2f543949acd1ba64313fdad9e672ef47550d773

  
  Should also be applied, to all other Ubuntu Releases in the field !

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu-z-systems/+bug/1800639/+subscriptions

-- 
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help   : https://help.launchpad.net/ListHelp

[Kernel-packages] [Bug 1800639] Re: [Ubuntu] net/af_iucv: fix skb leaks for HiperTransport

2018-10-31 Thread Frank Heimes

Updated bug description with comment #3

** Description changed:

- Description:  qeth: Fix potential array overrun in cmd/rc lookup
- Symptom:  Infinite loop when processing a received cmd.
- Problem:  qeth_get_ipa_cmd_name() and qeth_get_ipa_msg() are used
-   to build human-readable messages for received cmd data.
+ Description: net/af_iucv: fix skb leaks for HiperTransport
+ Symptom: Memory leaks and/or double-freed network packets.
+ Problem: Inbound packets may have any combination of flag bits set in
+ their iucv header. Current code only handles certain
+ combinations, and ignores (ie. leaks) all packets with other
+ flags.
  
-   They store the to-be translated value in the last entry of a
-   global array, and then iterate over each entry until they found
-   the queried value (and the corresponding message string).
-   If there is no prior match, the lookup is intended to stop at
-   the final entry (which was previously prepared).
+ On Transmit, current code is inconsistent about whether the error
+ paths need to free the skb. Depending on which error path is
+ taken, it may either get freed twice, or leak.
+ Solution: On receive, drop any skb with an unexpected combination of iucv
+ Header flags.
+ On transmit, be consistent in all error paths about free'ing the
+ skb.
  
-   If two qeth devices are concurrently processing a received cmd,
-   one lookup can over-write the last entry of the global array
-   while a second lookup is in process. This second lookup will 
then
-   never hit its stop-condition, and loop.
+ kerne 4.19
+ Upstream-ID: 222440996d6daf635bed6cb35041be22ede3e8a0
+ b2f543949acd1ba64313fdad9e672ef47550d773
  
- Solution: Remove the modification of the global array, and limit the 
number
-   of iterations to the size of the array.
- 
- Upstream-ID: kernel 4.19
- - 065a2cdcbdf8eb9aefb66e1a24b2d684b8b8852b
- - 048a7f8b4ec085d5c56ad4a3bf450389a4aed5f9
  
  Should also be applied, to all other Ubuntu Releases in the field !

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1800639

Title:
  [Ubuntu] net/af_iucv: fix skb leaks for HiperTransport

Status in Ubuntu on IBM z Systems:
  In Progress
Status in linux package in Ubuntu:
  In Progress
Status in linux source package in Xenial:
  In Progress
Status in linux source package in Bionic:
  In Progress
Status in linux source package in Cosmic:
  In Progress

Bug description:
  Description: net/af_iucv: fix skb leaks for HiperTransport
  Symptom: Memory leaks and/or double-freed network packets.
  Problem: Inbound packets may have any combination of flag bits set in
  their iucv header. Current code only handles certain
  combinations, and ignores (ie. leaks) all packets with other
  flags.

  On Transmit, current code is inconsistent about whether the error
  paths need to free the skb. Depending on which error path is
  taken, it may either get freed twice, or leak.
  Solution: On receive, drop any skb with an unexpected combination of iucv
  Header flags.
  On transmit, be consistent in all error paths about free'ing the
  skb.

  kerne 4.19
  Upstream-ID: 222440996d6daf635bed6cb35041be22ede3e8a0
  b2f543949acd1ba64313fdad9e672ef47550d773

  
  Should also be applied, to all other Ubuntu Releases in the field !

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu-z-systems/+bug/1800639/+subscriptions

-- 
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help   : https://help.launchpad.net/ListHelp

[Kernel-packages] [Bug 1800639] Re: [Ubuntu] net/af_iucv: fix skb leaks for HiperTransport

2018-10-30 Thread Joseph Salisbury

I built a test kernel with commits 065a2cdcbd and 048a7f8b4.  The test kernel 
can be downloaded from:
http://kernel.ubuntu.com/~jsalisbury/lp1800639

Can you test this kernel and see if it resolves this bug?

Note about installing test kernels:
• If the test kernel is prior to 4.15(Bionic) you need to install the 
linux-image and linux-image-extra .deb packages.
• If the test kernel is 4.15(Bionic) or newer, you need to install the 
linux-modules, linux-modules-extra and linux-image-unsigned .deb packages.

Thanks in advance!

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1800639

Title:
  [Ubuntu] net/af_iucv: fix skb leaks for HiperTransport

Status in Ubuntu on IBM z Systems:
  In Progress
Status in linux package in Ubuntu:
  In Progress
Status in linux source package in Xenial:
  In Progress
Status in linux source package in Bionic:
  In Progress
Status in linux source package in Cosmic:
  In Progress

Bug description:
  Description:  qeth: Fix potential array overrun in cmd/rc lookup
  Symptom:  Infinite loop when processing a received cmd.
  Problem:  qeth_get_ipa_cmd_name() and qeth_get_ipa_msg() are used
to build human-readable messages for received cmd data.

They store the to-be translated value in the last entry of a
global array, and then iterate over each entry until they found
the queried value (and the corresponding message string).
If there is no prior match, the lookup is intended to stop at
the final entry (which was previously prepared).

If two qeth devices are concurrently processing a received cmd,
one lookup can over-write the last entry of the global array
while a second lookup is in process. This second lookup will 
then
never hit its stop-condition, and loop.

  Solution: Remove the modification of the global array, and limit the 
number
of iterations to the size of the array.

  Upstream-ID: kernel 4.19
  - 065a2cdcbdf8eb9aefb66e1a24b2d684b8b8852b
  - 048a7f8b4ec085d5c56ad4a3bf450389a4aed5f9

  Should also be applied, to all other Ubuntu Releases in the field !

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu-z-systems/+bug/1800639/+subscriptions

-- 
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help   : https://help.launchpad.net/ListHelp

[Kernel-packages] [Bug 1800639] Re: [Ubuntu] net/af_iucv: fix skb leaks for HiperTransport

2018-10-30 Thread Frank Heimes

** Changed in: ubuntu-z-systems
   Status: Triaged => In Progress

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1800639

Title:
  [Ubuntu] net/af_iucv: fix skb leaks for HiperTransport

Status in Ubuntu on IBM z Systems:
  In Progress
Status in linux package in Ubuntu:
  In Progress
Status in linux source package in Xenial:
  In Progress
Status in linux source package in Bionic:
  In Progress
Status in linux source package in Cosmic:
  In Progress

Bug description:
  Description:  qeth: Fix potential array overrun in cmd/rc lookup
  Symptom:  Infinite loop when processing a received cmd.
  Problem:  qeth_get_ipa_cmd_name() and qeth_get_ipa_msg() are used
to build human-readable messages for received cmd data.

They store the to-be translated value in the last entry of a
global array, and then iterate over each entry until they found
the queried value (and the corresponding message string).
If there is no prior match, the lookup is intended to stop at
the final entry (which was previously prepared).

If two qeth devices are concurrently processing a received cmd,
one lookup can over-write the last entry of the global array
while a second lookup is in process. This second lookup will 
then
never hit its stop-condition, and loop.

  Solution: Remove the modification of the global array, and limit the 
number
of iterations to the size of the array.

  Upstream-ID: kernel 4.19
  - 065a2cdcbdf8eb9aefb66e1a24b2d684b8b8852b
  - 048a7f8b4ec085d5c56ad4a3bf450389a4aed5f9

  Should also be applied, to all other Ubuntu Releases in the field !

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu-z-systems/+bug/1800639/+subscriptions

-- 
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help   : https://help.launchpad.net/ListHelp

[Kernel-packages] [Bug 1800639] Re: [Ubuntu] net/af_iucv: fix skb leaks for HiperTransport

2018-10-30 Thread Joseph Salisbury

** Changed in: linux (Ubuntu Bionic)
   Status: Triaged => In Progress

** Changed in: linux (Ubuntu)
   Status: Triaged => In Progress

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1800639

Title:
  [Ubuntu] net/af_iucv: fix skb leaks for HiperTransport

Status in Ubuntu on IBM z Systems:
  Triaged
Status in linux package in Ubuntu:
  In Progress
Status in linux source package in Xenial:
  In Progress
Status in linux source package in Bionic:
  In Progress
Status in linux source package in Cosmic:
  In Progress

Bug description:
  Description:  qeth: Fix potential array overrun in cmd/rc lookup
  Symptom:  Infinite loop when processing a received cmd.
  Problem:  qeth_get_ipa_cmd_name() and qeth_get_ipa_msg() are used
to build human-readable messages for received cmd data.

They store the to-be translated value in the last entry of a
global array, and then iterate over each entry until they found
the queried value (and the corresponding message string).
If there is no prior match, the lookup is intended to stop at
the final entry (which was previously prepared).

If two qeth devices are concurrently processing a received cmd,
one lookup can over-write the last entry of the global array
while a second lookup is in process. This second lookup will 
then
never hit its stop-condition, and loop.

  Solution: Remove the modification of the global array, and limit the 
number
of iterations to the size of the array.

  Upstream-ID: kernel 4.19
  - 065a2cdcbdf8eb9aefb66e1a24b2d684b8b8852b
  - 048a7f8b4ec085d5c56ad4a3bf450389a4aed5f9

  Should also be applied, to all other Ubuntu Releases in the field !

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu-z-systems/+bug/1800639/+subscriptions

-- 
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help   : https://help.launchpad.net/ListHelp

[Kernel-packages] [Bug 1800639] Re: [Ubuntu] net/af_iucv: fix skb leaks for HiperTransport

2018-10-30 Thread Joseph Salisbury

** Changed in: linux (Ubuntu Xenial)
 Assignee: (unassigned) => Joseph Salisbury (jsalisbury)

** Changed in: linux (Ubuntu Bionic)
 Assignee: (unassigned) => Joseph Salisbury (jsalisbury)

** Changed in: linux (Ubuntu Cosmic)
 Assignee: (unassigned) => Joseph Salisbury (jsalisbury)

** Changed in: linux (Ubuntu)
 Assignee: Skipper Bug Screeners (skipper-screen-team) => Joseph Salisbury 
(jsalisbury)

** Changed in: linux (Ubuntu Xenial)
   Status: Triaged => In Progress

** Changed in: linux (Ubuntu Cosmic)
   Status: Triaged => In Progress

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1800639

Title:
  [Ubuntu] net/af_iucv: fix skb leaks for HiperTransport

Status in Ubuntu on IBM z Systems:
  Triaged
Status in linux package in Ubuntu:
  Triaged
Status in linux source package in Xenial:
  In Progress
Status in linux source package in Bionic:
  Triaged
Status in linux source package in Cosmic:
  In Progress

Bug description:
  Description:  qeth: Fix potential array overrun in cmd/rc lookup
  Symptom:  Infinite loop when processing a received cmd.
  Problem:  qeth_get_ipa_cmd_name() and qeth_get_ipa_msg() are used
to build human-readable messages for received cmd data.

They store the to-be translated value in the last entry of a
global array, and then iterate over each entry until they found
the queried value (and the corresponding message string).
If there is no prior match, the lookup is intended to stop at
the final entry (which was previously prepared).

If two qeth devices are concurrently processing a received cmd,
one lookup can over-write the last entry of the global array
while a second lookup is in process. This second lookup will 
then
never hit its stop-condition, and loop.

  Solution: Remove the modification of the global array, and limit the 
number
of iterations to the size of the array.

  Upstream-ID: kernel 4.19
  - 065a2cdcbdf8eb9aefb66e1a24b2d684b8b8852b
  - 048a7f8b4ec085d5c56ad4a3bf450389a4aed5f9

  Should also be applied, to all other Ubuntu Releases in the field !

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu-z-systems/+bug/1800639/+subscriptions

-- 
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help   : https://help.launchpad.net/ListHelp

[Kernel-packages] [Bug 1800639] Re: [Ubuntu] net/af_iucv: fix skb leaks for HiperTransport

2018-10-30 Thread Joseph Salisbury

** Changed in: linux (Ubuntu)
   Status: New => Triaged

** Changed in: linux (Ubuntu)
   Importance: Undecided => High

** Also affects: linux (Ubuntu Cosmic)
   Importance: Undecided
   Status: New

** Also affects: linux (Ubuntu Xenial)
   Importance: Undecided
   Status: New

** Also affects: linux (Ubuntu Bionic)
   Importance: Undecided
   Status: New

** Changed in: linux (Ubuntu Xenial)
   Status: New => Triaged

** Changed in: linux (Ubuntu Bionic)
   Status: New => Triaged

** Changed in: linux (Ubuntu Cosmic)
   Status: New => Triaged

** Changed in: linux (Ubuntu Xenial)
   Importance: Undecided => High

** Changed in: linux (Ubuntu Bionic)
   Importance: Undecided => High

** Changed in: linux (Ubuntu Cosmic)
   Importance: Undecided => High

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1800639

Title:
  [Ubuntu] net/af_iucv: fix skb leaks for HiperTransport

Status in Ubuntu on IBM z Systems:
  Triaged
Status in linux package in Ubuntu:
  Triaged
Status in linux source package in Xenial:
  In Progress
Status in linux source package in Bionic:
  Triaged
Status in linux source package in Cosmic:
  In Progress

Bug description:
  Description:  qeth: Fix potential array overrun in cmd/rc lookup
  Symptom:  Infinite loop when processing a received cmd.
  Problem:  qeth_get_ipa_cmd_name() and qeth_get_ipa_msg() are used
to build human-readable messages for received cmd data.

They store the to-be translated value in the last entry of a
global array, and then iterate over each entry until they found
the queried value (and the corresponding message string).
If there is no prior match, the lookup is intended to stop at
the final entry (which was previously prepared).

If two qeth devices are concurrently processing a received cmd,
one lookup can over-write the last entry of the global array
while a second lookup is in process. This second lookup will 
then
never hit its stop-condition, and loop.

  Solution: Remove the modification of the global array, and limit the 
number
of iterations to the size of the array.

  Upstream-ID: kernel 4.19
  - 065a2cdcbdf8eb9aefb66e1a24b2d684b8b8852b
  - 048a7f8b4ec085d5c56ad4a3bf450389a4aed5f9

  Should also be applied, to all other Ubuntu Releases in the field !

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu-z-systems/+bug/1800639/+subscriptions

-- 
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help   : https://help.launchpad.net/ListHelp

[Kernel-packages] [Bug 1800639] Re: [Ubuntu] net/af_iucv: fix skb leaks for HiperTransport

2018-10-30 Thread Frank Heimes

** Also affects: ubuntu-z-systems
   Importance: Undecided
   Status: New

** Changed in: ubuntu-z-systems
   Importance: Undecided => High

** Changed in: ubuntu-z-systems
   Status: New => Triaged

** Changed in: ubuntu-z-systems
 Assignee: (unassigned) => Canonical Kernel Team (canonical-kernel-team)

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1800639

Title:
  [Ubuntu] net/af_iucv: fix skb leaks for HiperTransport

Status in Ubuntu on IBM z Systems:
  Triaged
Status in linux package in Ubuntu:
  New

Bug description:
  Description:  qeth: Fix potential array overrun in cmd/rc lookup
  Symptom:  Infinite loop when processing a received cmd.
  Problem:  qeth_get_ipa_cmd_name() and qeth_get_ipa_msg() are used
to build human-readable messages for received cmd data.

They store the to-be translated value in the last entry of a
global array, and then iterate over each entry until they found
the queried value (and the corresponding message string).
If there is no prior match, the lookup is intended to stop at
the final entry (which was previously prepared).

If two qeth devices are concurrently processing a received cmd,
one lookup can over-write the last entry of the global array
while a second lookup is in process. This second lookup will 
then
never hit its stop-condition, and loop.

  Solution: Remove the modification of the global array, and limit the 
number
of iterations to the size of the array.

  Upstream-ID: kernel 4.19
  - 065a2cdcbdf8eb9aefb66e1a24b2d684b8b8852b
  - 048a7f8b4ec085d5c56ad4a3bf450389a4aed5f9

  Should also be applied, to all other Ubuntu Releases in the field !

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu-z-systems/+bug/1800639/+subscriptions

-- 
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help   : https://help.launchpad.net/ListHelp

[Kernel-packages] [Bug 1800639] Re: [Ubuntu] net/af_iucv: fix skb leaks for HiperTransport

[Kernel-packages] [Bug 1800639] Re: [Ubuntu] net/af_iucv: fix skb leaks for HiperTransport

[Kernel-packages] [Bug 1800639] Re: [Ubuntu] net/af_iucv: fix skb leaks for HiperTransport

[Kernel-packages] [Bug 1800639] Re: [Ubuntu] net/af_iucv: fix skb leaks for HiperTransport

[Kernel-packages] [Bug 1800639] Re: [Ubuntu] net/af_iucv: fix skb leaks for HiperTransport

[Kernel-packages] [Bug 1800639] Re: [Ubuntu] net/af_iucv: fix skb leaks for HiperTransport

[Kernel-packages] [Bug 1800639] Re: [Ubuntu] net/af_iucv: fix skb leaks for HiperTransport

[Kernel-packages] [Bug 1800639] Re: [Ubuntu] net/af_iucv: fix skb leaks for HiperTransport

[Kernel-packages] [Bug 1800639] Re: [Ubuntu] net/af_iucv: fix skb leaks for HiperTransport

[Kernel-packages] [Bug 1800639] Re: [Ubuntu] net/af_iucv: fix skb leaks for HiperTransport

[Kernel-packages] [Bug 1800639] Re: [Ubuntu] net/af_iucv: fix skb leaks for HiperTransport

[Kernel-packages] [Bug 1800639] Re: [Ubuntu] net/af_iucv: fix skb leaks for HiperTransport

[Kernel-packages] [Bug 1800639] Re: [Ubuntu] net/af_iucv: fix skb leaks for HiperTransport

[Kernel-packages] [Bug 1800639] Re: [Ubuntu] net/af_iucv: fix skb leaks for HiperTransport

[Kernel-packages] [Bug 1800639] Re: [Ubuntu] net/af_iucv: fix skb leaks for HiperTransport

[Kernel-packages] [Bug 1800639] Re: [Ubuntu] net/af_iucv: fix skb leaks for HiperTransport

[Kernel-packages] [Bug 1800639] Re: [Ubuntu] net/af_iucv: fix skb leaks for HiperTransport

[Kernel-packages] [Bug 1800639] Re: [Ubuntu] net/af_iucv: fix skb leaks for HiperTransport

[Kernel-packages] [Bug 1800639] Re: [Ubuntu] net/af_iucv: fix skb leaks for HiperTransport

[Kernel-packages] [Bug 1800639] Re: [Ubuntu] net/af_iucv: fix skb leaks for HiperTransport

[Kernel-packages] [Bug 1800639] Re: [Ubuntu] net/af_iucv: fix skb leaks for HiperTransport

[Kernel-packages] [Bug 1800639] Re: [Ubuntu] net/af_iucv: fix skb leaks for HiperTransport

[Kernel-packages] [Bug 1800639] Re: [Ubuntu] net/af_iucv: fix skb leaks for HiperTransport

23 matches

Site Navigation

Mail list logo

Footer information