This bug was fixed in the package linux - 3.13.0-160.210
---------------
linux (3.13.0-160.210) trusty; urgency=medium
* CVE-2018-14633
- iscsi target: Use hex2bin instead of a re-implementation
* CVE-2018-14634
- exec: Limit arg stack to at most 75% of _STK_LIM
linux (3.13.0-159.209) trusty; urgency=medium
* linux: 3.13.0-159.209 -proposed tracker (LP: #1791754)
* L1TF mitigation not effective in some CPU and RAM combinations
(LP: #1788563) // CVE-2018-3620 // CVE-2018-3646
- x86/speculation/l1tf: Fix overflow in l1tf_pfn_limit() on 32bit
- x86/speculation/l1tf: Fix off-by-one error when warning that system has
too
much RAM
- x86/speculation/l1tf: Increase l1tf memory limit for Nehalem+
* CVE-2018-15594
- x86/paravirt: Fix spectre-v2 mitigations for paravirt guests
* i40e NIC not recognized (LP: #1789215)
- SAUCE: i40e_bpo: Import the i40e driver from Xenial 4.4
- SAUCE: i40e_bpo: Add a compatibility layer
- SAUCE: i40e_bpo: Don't probe for NICs supported by the in-tree driver
- SAUCE: i40e_bpo: Rename the driver to i40e_bpo
- SAUCE: i40e_bpo: Hook the driver into the kernel tree
- [Config] Add CONFIG_I40E_BPO=m
* Probable regression with EXT3 file systems and CVE-2018-1093 patches
(LP: #1789131)
- ext4: fix bitmap position validation
* CVE-2018-3620 // CVE-2018-3646
- mm: x86 pgtable: drop unneeded preprocessor ifdef
- x86/asm: Move PUD_PAGE macros to page_types.h
- x86/asm: Add pud/pmd mask interfaces to handle large PAT bit
- x86/asm: Fix pud/pmd interfaces to handle large PAT bit
- x86/mm: Fix regression with huge pages on PAE
- SAUCE: x86/speculation/l1tf: Protect NUMA hinting PTEs against speculation
- Revert "UBUNTU: [Config] disable NUMA_BALANCING"
* CVE-2018-15572
- x86/retpoline: Fill RSB on context switch for affected CPUs
- x86/speculation: Protect against userspace-userspace spectreRSB
* CVE-2018-6555
- SAUCE: irda: Only insert new objects into the global database via
setsockopt
* CVE-2018-6554
- SAUCE: irda: Fix memory leak caused by repeated binds of irda socket
* BUG: soft lockup - CPU#0 stuck for 23s! [kworker/0:1:1119] (LP: #1788817)
- drm/ast: Fixed system hanged if disable P2A
* errors when scanning partition table of corrupted AIX disk (LP: #1787281)
- partitions/aix: fix usage of uninitialized lv_info and lvname structures
- partitions/aix: append null character to print data from disk
-- Stefan Bader <stefan.ba...@canonical.com> Mon, 24 Sep 2018 19:38:31
+0200
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1787281
Title:
errors when scanning partition table of corrupted AIX disk
Status in linux package in Ubuntu:
Fix Released
Status in linux source package in Trusty:
Fix Released
Status in linux source package in Xenial:
Fix Released
Status in linux source package in Bionic:
Fix Committed
Bug description:
[Impact]
* Users with disks/LUNs used for AIX operating system installations
previously, which possibly undergone overwrites/corruption on the
partition table, might hit kernel failures during partition scan
of such disk/LUN, and possibly hang the system (seen with retries).
* The Linux kernel should be robust to corrupted disk data, performing
a better sanitization/checks and not failing.
* The fix are a couple of simple logic changes to make the code
of the AIX partition table parser more robust.
[Test Case]
* Run the partition scan on the (trimmed) disk image of the AIX lun.
(It's not provided here since it contains customer data), with this
command:
$ sudo losetup --find --show --partscan rlv_grkgld.1mb
* On failure, the command hangs, and messages like these are printed
to the console, depending on the kernel version (see tests below)
[ 270.506420] partition (null) (3 pp's found) is not contiguous
[ 270.597428] BUG: unable to handle kernel paging request at
0000000000001000
[ 270.599525] IP: [<ffffffff81379d4d>] strnlen+0xd/0x40
* On success, the command prints a loop device name, for example:
/dev/loop0
[Regression Potential]
* Low. Both changes are simple improvements in logic.
* This affects users which mount disks/LUNs from the AIX OS;
it should only change behavior for users which relied on a
uninitialized variables to work correctly during partition
scan of those disks/LUNs which should be rare as the code
is likely to fail as we observe in this scenario.
* This has been tested on Cosmic, Bionic, Xenial, and Trusty.
[Other Info]
* Patches will be sent to the kernel-team mailing list.
Bug Description:
---------------
We've recently received a disk image from an AIX LUN that when
attached on Linux displayed errors on console, then eventually
hung the system (specially if the SCSI bus was re-scanned, and
leading to another partition scan).
Apparently the LUN was originally installed with AIX and later
exercised with some I/O stress/overwrites which caused certain
bits to be wrong in just the right way for Linux to get a NULL
pointer and invalid data.
This is the test-case used ('--partscan' is the important bit).
$ sudo losetup --show --find --partscan aix-lun.img
Since the original code is old, it affects several releases.
It's interesting to fix this on 14.04 and up, on which IBM
Power servers were initially supported (since they can run
AIX too, and possibly hit this due to an already used disk/LUN).
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1787281/+subscriptions
--
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help : https://help.launchpad.net/ListHelp
