Re: [Bug 1789131] Re: Probable regression with EXT3 file systems and CVE-2018-1093 patches
On 08/28/2018 09:49 AM, Joseph Salisbury wrote: > This is probably the fix: > 22be37acce25 ext4: fix bitmap position validation > > I built a test kernel with commit 22be37acce25. The test kernel can be > downloaded from: > http://kernel.ubuntu.com/~jsalisbury/lp1789131 > > Can you test this kernel and see if it resolves this bug? Yes, it does. Out of curiosity, how do you think this was missed originally? It's in the 3.16 LTS tree. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1789131 Title: Probable regression with EXT3 file systems and CVE-2018-1093 patches To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1789131/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
Re: [Bug 1789131] Re: Probable regression with EXT3 file systems and CVE-2018-1093 patches
On 08/27/2018 01:21 PM, Joseph Salisbury wrote: > Does 3.13.0-157.207 exhibit the bug and 3.13.0-156.206 does not? If > that is the case, we can perform a bisect to identify the offending > commit. That is correct. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1789131 Title: Probable regression with EXT3 file systems and CVE-2018-1093 patches To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1789131/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
Re: [Bug 1789131] Re: Probable regression with EXT3 file systems and CVE-2018-1093 patches
On 08/27/2018 11:16 AM, Joseph Salisbury wrote: > The specific version to test is 3.13.0-158. > No, that doesn't fix it. root@scratch2:~# uname -a Linux scratch2 3.13.0-158-generic #208-Ubuntu SMP Fri Aug 24 17:07:38 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux root@scratch2:~# dmesg | grep mount [2.353820] EXT4-fs (xvda1): mounting ext3 file system using the ext4 subsystem [2.386459] EXT4-fs (xvda1): mounted filesystem with ordered data mode. Opts: barrier=0 [5.922761] EXT4-fs (xvda1): re-mounted. Opts: errors=remount-ro,barrier=0 [6.049433] EXT4-fs error (device xvda1): ext4_validate_block_bitmap:376: comm mountall: bg 72: block 2369024: invalid block bitmap [6.051556] EXT4-fs (xvda1): Remounting filesystem read-only -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1789131 Title: Probable regression with EXT3 file systems and CVE-2018-1093 patches To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1789131/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1789131] Re: Probable regression with EXT3 file systems and CVE-2018-1093 patches
This problem doesn't show up in 4.4.0-134-generic. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1789131 Title: Probable regression with EXT3 file systems and CVE-2018-1093 patches To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1789131/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1789131] Re: Probable regression with EXT3 file systems and CVE-2018-1093 patches
As for running apport-collect 1789131 This doesn't appear to work well in a headless system with a minimal install. I believe I've given all the necessary details for reproducing the issue. ** Changed in: linux (Ubuntu) Status: Incomplete => Confirmed -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1789131 Title: Probable regression with EXT3 file systems and CVE-2018-1093 patches To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1789131/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1789131] Re: Probable regression with EXT3 file systems and CVE-2018-1093 patches
I believe a command sequence like this can be used to reliably reproduce the issue: umount /mnt truncate -s128m /tmp/test.img cmd="/sbin/mkfs.ext3 -E stride=128,stripe_width=512 -F /tmp/test.img" echo $cmd > /dev/kmsg $cmd mount -o loop /tmp/test.img /mnt/ while dd if=/dev/zero of=/mnt/$RANDOM bs=1M count=1; do true; done I do not see any failures when ext4 is replaced for ext3 above. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1789131 Title: Probable regression with EXT3 file systems and CVE-2018-1093 patches To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1789131/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1789131] Re: Probable regression with EXT3 file systems and CVE-2018-1093 patches
I confirmed that adding "-E stride=128,stripe_width=512" to the call to mkfs results gets the following errors almost immediately at boot with 3.13.0-157.207: [5.680480] EXT4-fs error (device xvda1): ext4_validate_block_bitmap:376: comm mountall: bg 213: block 7007360: invalid block bitmap [5.681182] Aborting journal on device xvda1-8. [5.681827] EXT4-fs (xvda1): Remounting filesystem read-only [5.681850] EXT4-fs error (device xvda1) in ext4_free_blocks:4876: IO failure [5.682538] EXT4-fs error (device xvda1) in ext4_reserve_inode_write:4967: Journal has aborted [5.683254] EXT4-fs error (device xvda1) in ext4_orphan_del:2682: Journal has aborted [5.683883] EXT4-fs error (device xvda1) in ext4_reserve_inode_write:4967: Journal has aborted And that this does not happen without stride=128,stripe_width=512 and that is not present in 3.13.0-156.206. It does *not* happen with ext4 and "-E stride=128,stripe_width=512" being set. This file system mounted without errors: Last mounted on: / Filesystem UUID: 12df937e-795c-4d98-a90b-dca002109a34 Filesystem magic number: 0xEF53 Filesystem revision #:1 (dynamic) Filesystem features: has_journal ext_attr resize_inode dir_index filetype needs_recovery extent flex_bg sparse_super large_file huge_file uninit_bg dir_nlink extra_isize Filesystem flags: signed_directory_hash Default mount options:(none) Filesystem state: clean Errors behavior: Continue Filesystem OS type: Linux Inode count: 1966080 Block count: 7863296 Reserved block count: 393164 Free blocks: 7358461 Free inodes: 1885947 First block: 0 Block size: 4096 Fragment size:4096 Reserved GDT blocks: 1022 Blocks per group: 32768 Fragments per group: 32768 Inodes per group: 8192 Inode blocks per group: 512 RAID stride: 128 RAID stripe width:512 Flex block group size:16 Filesystem created: Sun Aug 26 21:06:58 2018 Last mount time: Sun Aug 26 21:14:39 2018 Last write time: Sun Aug 26 21:14:39 2018 Mount count: 3 Maximum mount count: 20 Last checked: Sun Aug 26 21:06:58 2018 Check interval: 15552000 (6 months) Next check after: Fri Feb 22 21:06:58 2019 Lifetime writes: 2504 MB Reserved blocks uid: 0 (user root) Reserved blocks gid: 0 (group root) First inode: 11 Inode size: 256 Required extra isize: 28 Desired extra isize: 28 Journal inode:8 Default directory hash: half_md4 Directory Hash Seed: 8d081584-5ec6-4446-a213-97f2012d8755 Journal backup: inode blocks -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1789131 Title: Probable regression with EXT3 file systems and CVE-2018-1093 patches To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1789131/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1789131] Re: Probable regression with EXT3 file systems and CVE-2018-1093 patches
I noticed the unusual thing here is: RAID stride: 128 RAID stripe width: 512 I'm going to do some testing around this to see if it's related. It could be this is the issue and not anything EXT3 vs. EXT4. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1789131 Title: Probable regression with EXT3 file systems and CVE-2018-1093 patches To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1789131/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1789131] [NEW] Probable regression with EXT3 file systems and CVE-2018-1093 patches
Public bug reported: A customer reported on all of their ext3 and none of their ext4 systems that the file system was in read-only mode, I believe after rebooting into 3.13.0-157.207 from 3.13.0-156.206. Here is the output of tune2fs -l for one of the file systems: tune2fs 1.42.12 (29-Aug-2014) Last mounted on: / Filesystem UUID: 748f503a-443d-4769-8dd2-45ff46b48555 Filesystem magic number: 0xEF53 Filesystem revision #:1 (dynamic) Filesystem features: has_journal ext_attr resize_inode dir_index filetype needs_recovery sparse_super large_file Filesystem flags: signed_directory_hash Default mount options:(none) Filesystem state: clean with errors Errors behavior: Continue Filesystem OS type: Linux Inode count: 1966080 Block count: 7863296 Reserved block count: 393164 Free blocks: 4568472 Free inodes: 1440187 First block: 0 Block size: 4096 Fragment size:4096 Reserved GDT blocks: 1022 Blocks per group: 32768 Fragments per group: 32768 Inodes per group: 8192 Inode blocks per group: 512 RAID stride: 128 RAID stripe width:512 Filesystem created: Thu Feb 25 21:54:24 2016 Last mount time: Fri Aug 24 07:40:51 2018 Last write time: Fri Aug 24 07:40:51 2018 Mount count: 1 Maximum mount count: 25 Last checked: Fri Aug 24 07:38:54 2018 Check interval: 15552000 (6 months) Next check after: Wed Feb 20 07:38:54 2019 Lifetime writes: 7381 GB Reserved blocks uid: 0 (user root) Reserved blocks gid: 0 (group root) First inode: 11 Inode size: 256 Required extra isize: 28 Desired extra isize: 28 Journal inode:8 Default directory hash: half_md4 Directory Hash Seed: d6564a54-cd2a-4804-ad94-1e4e0e47933a Journal backup: inode blocks FS Error count: 210 First error time: Fri Aug 24 07:40:51 2018 First error function: ext4_validate_block_bitmap First error line #: 376 First error inode #: 0 First error block #: 0 Last error time: Sun Aug 26 19:35:16 2018 Last error function: ext4_remount Last error line #:4833 Last error inode #: 0 Last error block #: 0 ** Affects: linux (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1789131 Title: Probable regression with EXT3 file systems and CVE-2018-1093 patches To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1789131/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1711995] [NEW] X crash on loading libglamoregl.so
Public bug reported: With 2:1.18.4-ubuntu0.3, it was necessary to use dpkg-divert --rename to move the libglamoregl.so library so it wasn't loaded automatically or X would crash with an empty backtrace. This is in Virtualbox 5 on an I7-4712MQ CPU with 3D acceleration enabled. 2:1.18.3-1ubuntu2 apparently did not have the same issue as I was able to boot the VM after first install. I would be willing to try gathering more data if someone can tell me what would be useful debug output. ** Affects: xorg-server (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1711995 Title: X crash on loading libglamoregl.so To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/xorg-server/+bug/1711995/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1668093] Re: ssh-keygen -H corrupts already hashed entries
Yes, I will report the bug upstream within the next few days if nobody else reports it first. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1668093 Title: ssh-keygen -H corrupts already hashed entries To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/1668093/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1668093] [NEW] ssh-keygen -H corrupts already hashed entries
Public bug reported: xenial @ 1:7.2p2-4ubuntu2.1 on amd64 has this bug. trusty @ 1:6.6p1-2ubuntu2.8 on amd64 does not have this bug. I have not tested any other ssh versions. The following should reproduce the issue: #ssh-keyscan > ~/.ssh/known_hosts # ssh root@X Permission denied (publickey). # ssh-keygen -H /root/.ssh/known_hosts updated. Original contents retained as /root/.ssh/known_hosts.old WARNING: /root/.ssh/known_hosts.old contains unhashed entries Delete this file to ensure privacy of hostnames # ssh root@XX Permission denied (publickey). # ssh-keygen -H /root/.ssh/known_hosts updated. Original contents retained as /root/.ssh/known_hosts.old WARNING: /root/.ssh/known_hosts.old contains unhashed entries Delete this file to ensure privacy of hostnames # ssh root@X The authenticity of host 'XX' can't be established. RSA key fingerprint is XX. Are you sure you want to continue connecting (yes/no)? # diff known_hosts.old known_hosts 1c1 < |1|BoAbRpUE3F5AzyprJcbjdepeDh8=|x/1AcaLxh45FlShmVQnlgx2qjxY= X --- > |1|nTPsoLxCugQyZi3pqOa2pc/cX64=|bUH5qwZlZPp8msMGHdLtslf3Huk= X ** Affects: openssh (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1668093 Title: ssh-keygen -H corrupts already hashed entries To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/1668093/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1626564] Re: 4.8 regression: SLAB is being used instead of SLUB
Also: the 524 threads was with Xen PVM and two VCPUS. With one VCPU the problem goes away. The run on 4.8.0-22-generic also had two VCPUs. There is no problem with Xen HVM and 4.8.0-26-generic with either one or two VCPUS. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1626564 Title: 4.8 regression: SLAB is being used instead of SLUB To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1626564/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1626564] Re: 4.8 regression: SLAB is being used instead of SLUB
Are you sure SLAB vs. SLUB fixed this? I have images built from October 13 and today (October 22) with 4.8.0-22-generic and 4.8.0-26-generic respectively. On a 4.8.0-22-generic boot there are 37 kworker threads, on 4.8.0-26-generic there are 524 kworker threads. It could be that with enough reboots the older version would spawn as many threads, I'm not sure. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1626564 Title: 4.8 regression: SLAB is being used instead of SLUB To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1626564/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1595759] [NEW] service command does not start legacy SysV scripts if systemd is enabled
Public bug reported: Version: 1.29ubuntu1 on Xenial 16.04 We have a legacy sysv init script. The command 'service' doesn't operate on it without the following patch applied: $ diff -uNr /usr/sbin/service /usr/local/sbin/service --- /usr/sbin/service 2016-02-29 12:24:38.0 + +++ /usr/local/sbin/service 2016-06-24 00:08:56.651503942 + @@ -179,6 +179,11 @@ fi } +if [ -f "$SERVICEDIR/$SERVICE" ] && systemctl list-unit-files ${SERVICE} | grep -q '0 unit files listed.' ; then +update_openrc_started_symlinks +run_via_sysvinit +fi + # When this machine is running systemd, standard service calls are turned into # systemctl calls. if [ -n "$is_systemd" ] ** Affects: init-system-helpers (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1595759 Title: service command does not start legacy SysV scripts if systemd is enabled To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/init-system-helpers/+bug/1595759/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 894272] Re: ipv6 broken for bridge
Hi, I am using 12.04 and that particular sequence appears to be expected behavior due to duplicate address detection in ipv6 leading to the ipv6 address being tentative. I see similar behavior on an ethernet port which has never physically been connected to anything. Before attaching anything to the bridge, it has NO-CARRIER and tentative ipv6 address, ping does not work: $ ip addr show br0 26: br0: NO-CARRIER,BROADCAST,MULTICAST,UP mtu 1500 qdisc noqueue state DOWN link/ether 00:16:3e:ff:00:01 brd ff:ff:ff:ff:ff:ff inet6 2605:2700:0:18::1/64 scope global tentative valid_lft forever preferred_lft forever After attaching something which is itself up: $ ip addr show br0 26: br0: BROADCAST,MULTICAST,UP,LOWER_UP mtu 1500 qdisc noqueue state UP link/ether 00:16:3e:ff:00:01 brd ff:ff:ff:ff:ff:ff inet6 2605:2700:0:18::1/64 scope global valid_lft forever preferred_lft forever inet6 fe80::216:3eff:feff:1/64 scope link valid_lft forever preferred_lft forever ping works at this point. Furthermore, after removing the interface, NO-CARRIER is back but the address is still no longer tentative and is still pingable: $ ip addr show br0 26: br0: NO-CARRIER,BROADCAST,MULTICAST,UP mtu 1500 qdisc noqueue state DOWN link/ether 00:16:3e:ff:00:01 brd ff:ff:ff:ff:ff:ff inet6 2605:2700:0:18::1/64 scope global valid_lft forever preferred_lft forever inet6 fe80::216:3eff:feff:1/64 scope link valid_lft forever preferred_lft forever $ ping6 -c1 2605:2700:0:18::1 PING 2605:2700:0:18::1(2605:2700:0:18::1) 56 data bytes 64 bytes from 2605:2700:0:18::1: icmp_seq=1 ttl=64 time=0.047 ms With 3.5.0-43-generic, I set net.ipv6.conf.all.dad_transmits and net.ipv6.conf.all.accept_dad to 0 and that doesn't cause the addresses to no longer be tentative. It seems like redhat may have had a similar bug https://bugzilla.redhat.com/show_bug.cgi?id=709271 but it is not clear what they did to fix it. I have not yet tried more recent kernels to see if the problem is fixed there. ** Bug watch added: Red Hat Bugzilla #709271 https://bugzilla.redhat.com/show_bug.cgi?id=709271 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/894272 Title: ipv6 broken for bridge To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/894272/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs