This bug was fixed in the package linux - 4.15.0-118.119 --------------- linux (4.15.0-118.119) bionic; urgency=medium
* bionic/linux: 4.15.0-118.119 -proposed tracker (LP: #1894697) * Packaging resync (LP: #1786013) - update dkms package versions * Introduce the new NVIDIA 450-server and the 450 UDA series (LP: #1887674) - [packaging] add signed modules for nvidia 450 and 450-server * cgroup refcount is bogus when cgroup_sk_alloc is disabled (LP: #1886860) - cgroup: add missing skcd->no_refcnt check in cgroup_sk_clone() * CVE-2020-12888 - vfio/type1: Support faulting PFNMAP vmas - vfio-pci: Fault mmaps to enable vma tracking - vfio-pci: Invalidate mmaps and block MMIO access on disabled memory * [Hyper-V] VSS and File Copy daemons intermittently fails to start (LP: #1891224) - [Packaging] Bind hv_vss_daemon startup to hv_vss device - [Packaging] bind hv_fcopy_daemon startup to hv_fcopy device * KVM: Fix zero_page reference counter overflow when using KSM on KVM compute host (LP: #1837810) - KVM: fix overflow of zero page refcount with ksm running * Fix false-negative return value for rtnetlink.sh in kselftests/net (LP: #1890136) - selftests: rtnetlink: correct the final return value for the test - selftests: rtnetlink: make kci_test_encap() return sub-test result * Bionic update: upstream stable patchset 2020-08-18 (LP: #1892091) - USB: serial: qcserial: add EM7305 QDL product ID - USB: iowarrior: fix up report size handling for some devices - usb: xhci: define IDs for various ASMedia host controllers - usb: xhci: Fix ASMedia ASM1142 DMA addressing - Revert "ALSA: hda: call runtime_allow() for all hda controllers" - ALSA: seq: oss: Serialize ioctls - staging: android: ashmem: Fix lockdep warning for write operation - Bluetooth: Fix slab-out-of-bounds read in hci_extended_inquiry_result_evt() - Bluetooth: Prevent out-of-bounds read in hci_inquiry_result_evt() - Bluetooth: Prevent out-of-bounds read in hci_inquiry_result_with_rssi_evt() - omapfb: dss: Fix max fclk divider for omap36xx - binder: Prevent context manager from incrementing ref 0 - vgacon: Fix for missing check in scrollback handling - mtd: properly check all write ioctls for permissions - leds: wm831x-status: fix use-after-free on unbind - leds: da903x: fix use-after-free on unbind - leds: lm3533: fix use-after-free on unbind - leds: 88pm860x: fix use-after-free on unbind - net/9p: validate fds in p9_fd_open - drm/nouveau/fbcon: fix module unload when fbcon init has failed for some reason - drm/nouveau/fbcon: zero-initialise the mode_cmd2 structure - i2c: slave: improve sanity check when registering - i2c: slave: add sanity check when unregistering - usb: hso: check for return value in hso_serial_common_create() - firmware: Fix a reference count leak. - cfg80211: check vendor command doit pointer before use - igb: reinit_locked() should be called with rtnl_lock - atm: fix atm_dev refcnt leaks in atmtcp_remove_persistent - tools lib traceevent: Fix memory leak in process_dynamic_array_len - Drivers: hv: vmbus: Ignore CHANNELMSG_TL_CONNECT_RESULT(23) - xattr: break delegations in {set,remove}xattr - ipv4: Silence suspicious RCU usage warning - ipv6: fix memory leaks on IPV6_ADDRFORM path - net: ethernet: mtk_eth_soc: fix MTU warnings - vxlan: Ensure FDB dump is performed under RCU - net: lan78xx: replace bogus endpoint lookup - hv_netvsc: do not use VF device if link is down - net: gre: recompute gre csum for sctp over gre tunnels - openvswitch: Prevent kernel-infoleak in ovs_ct_put_key() - Revert "vxlan: fix tos value before xmit" - selftests/net: relax cpu affinity requirement in msg_zerocopy test - rxrpc: Fix race between recvmsg and sendmsg on immediate call failure - i40e: add num_vectors checker in iwarp handler - i40e: Wrong truncation from u16 to u8 - i40e: Memory leak in i40e_config_iwarp_qvlist - Smack: fix use-after-free in smk_write_relabel_self() * Bionic update: upstream stable patchset 2020-08-11 (LP: #1891228) - AX.25: Fix out-of-bounds read in ax25_connect() - AX.25: Prevent out-of-bounds read in ax25_sendmsg() - dev: Defer free of skbs in flush_backlog - drivers/net/wan/x25_asy: Fix to make it work - net-sysfs: add a newline when printing 'tx_timeout' by sysfs - net: udp: Fix wrong clean up for IS_UDPLITE macro - rxrpc: Fix sendmsg() returning EPIPE due to recvmsg() returning ENODATA - AX.25: Prevent integer overflows in connect and sendmsg - ip6_gre: fix null-ptr-deref in ip6gre_init_net() - rtnetlink: Fix memory(net_device) leak when ->newlink fails - tcp: allow at most one TLP probe per flight - regmap: debugfs: check count when read regmap file - qrtr: orphan socket in qrtr_release() - sctp: shrink stream outq only when new outcnt < old outcnt - sctp: shrink stream outq when fails to do addstream reconf - crypto: ccp - Release all allocated memory if sha type is invalid - media: rc: prevent memory leak in cx23888_ir_probe - iio: imu: adis16400: fix memory leak - ath9k_htc: release allocated buffer if timed out - ath9k: release allocated buffer if timed out - PCI/ASPM: Disable ASPM on ASMedia ASM1083/1085 PCIe-to-PCI bridge - wireless: Use offsetof instead of custom macro. - ARM: 8986/1: hw_breakpoint: Don't invoke overflow handler on uaccess watchpoints - drm/amdgpu: Prevent kernel-infoleak in amdgpu_info_ioctl() - drm: hold gem reference until object is no longer accessed - f2fs: check memory boundary by insane namelen - f2fs: check if file namelen exceeds max value - 9p/trans_fd: abort p9_read_work if req status changed - 9p/trans_fd: Fix concurrency del of req_list in p9_fd_cancelled/p9_read_work - x86/build/lto: Fix truncated .bss with -fdata-sections - rds: Prevent kernel-infoleak in rds_notify_queue_get() - xfs: fix missed wakeup on l_flush_wait - net/x25: Fix x25_neigh refcnt leak when x25 disconnect - net/x25: Fix null-ptr-deref in x25_disconnect - selftests/net: rxtimestamp: fix clang issues for target arch PowerPC - sh: Fix validation of system call number - net: lan78xx: add missing endpoint sanity check - net: lan78xx: fix transfer-buffer memory leak - mlx4: disable device on shutdown - mlxsw: core: Increase scope of RCU read-side critical section - mlxsw: core: Free EMAD transactions using kfree_rcu() - ibmvnic: Fix IRQ mapping disposal in error path - bpf: Fix map leak in HASH_OF_MAPS map - mac80211: mesh: Free ie data when leaving mesh - mac80211: mesh: Free pending skb when destroying a mpath - arm64/alternatives: move length validation inside the subsection - arm64: csum: Fix handling of bad packets - usb: hso: Fix debug compile warning on sparc32 - qed: Disable "MFW indication via attention" SPAM every 5 minutes - nfc: s3fwrn5: add missing release on skb in s3fwrn5_recv_frame - parisc: add support for cmpxchg on u8 pointers - net: ethernet: ravb: exit if re-initialization fails in tx timeout - Revert "i2c: cadence: Fix the hold bit setting" - x86/unwind/orc: Fix ORC for newly forked tasks - cxgb4: add missing release on skb in uld_send() - xen-netfront: fix potential deadlock in xennet_remove() - KVM: LAPIC: Prevent setting the tscdeadline timer if the lapic is hw disabled - x86/i8259: Use printk_deferred() to prevent deadlock - drm/amdgpu: fix multiple memory leaks in acp_hw_init - selftests/net: psock_fanout: fix clang issues for target arch PowerPC - net/mlx5: Verify Hardware supports requested ptp function on a given pin - random32: update the net random state on interrupt and activity - ARM: percpu.h: fix build error - random: fix circular include dependency on arm64 after addition of percpu.h - random32: remove net_rand_state from the latent entropy gcc plugin - random32: move the pseudo-random 32-bit definitions to prandom.h - ext4: fix direct I/O read error -- Kleber Sacilotto de Souza <kleber.so...@canonical.com> Tue, 08 Sep 2020 12:09:02 +0200 ** Changed in: linux (Ubuntu Bionic) Status: Fix Committed => Fix Released ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2020-12888 -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1890136 Title: Fix false-negative return value for rtnetlink.sh in kselftests/net Status in ubuntu-kernel-tests: In Progress Status in linux package in Ubuntu: Fix Released Status in linux-hwe package in Ubuntu: Fix Released Status in linux source package in Bionic: Fix Released Status in linux-hwe source package in Bionic: Fix Committed Status in linux source package in Eoan: Invalid Status in linux source package in Focal: Fix Released Status in linux source package in Groovy: Fix Released Bug description: == Justification == All the sub test cases in rtnetlink.sh from kselftests/net were using the same variable "ret" to store the return value of their test result, and it will be reset to 0 in the beginning of each test. This will cause false-negative result if the last case has passed. Also, the kci_test_encap() test in rtnetlink.sh is actually composed by two different sub-tests, kci_test_encap_vxlan() and kci_test_encap_fou() Therefore we should check the test result of these two to avoid false-negative result for this test case. == Fixes == * c2a4d2747996 ("selftests: rtnetlink: correct the final return value for the test") * 72f70c159b53 ("selftests: rtnetlink: make kci_test_encap() return sub-test result") This issue is affecting our kernels from B to G, there is no such test in X thus it can be skipped. The first patch can be cherry-picked for E/F/G, but needs to be backported for B/D as they're missing some tests. The second patch can be cherry-picked for all affected kernels. == Test == Manually tested. The test will fail as expected: $ sudo ./rtnetlink.sh PASS: policy routing PASS: route get echo $? PASS: preferred_lft addresses have expired PASS: promote_secondaries complete PASS: tc htb hierarchy PASS: gre tunnel endpoint PASS: gretap PASS: ip6gretap PASS: erspan PASS: ip6erspan PASS: bridge setup PASS: ipv6 addrlabel PASS: set ifalias a28e0b75-bcc7-4b62-8f5a-381215796229 for test-dummy0 PASS: vrf PASS: vxlan FAIL: can't add fou port 7777, skipping test PASS: macsec PASS: ipsec PASS: ipsec_offload PASS: bridge fdb get PASS: neigh get $ echo $? 1 == Regression Potential == Low, changes limited to testing tools. It's expected to see this test failing after applying these patches, since it is reflecting the actual test result. == Original Bug Report == In this test, it uses ret to store the return value of each test. However, this value will be reset to 0 in the beginning of each test. In the end of this test, it will judge PASS/FAIL base on this value. Thus this will cause false-negative in some cases. Below is an example for the test on Bionic OEM-OSP1, test "ip6erspan", "erspan", "ip6gretap" failed with return value 255, but the return value will soon be overridden with 0 if following test passed without any issue (I made the test to print === RET $ret === line for debugging purpose): PASS: policy routing === RET 0 === PASS: route get === RET 0 === PASS: preferred_lft addresses have expired === RET 0 === PASS: tc htb hierarchy === RET 0 === PASS: gre tunnel endpoint === RET 0 === PASS: gretap === RET 0 === Usage: ... { ip6gre | ip6gretap | ip6erspan} [ remote ADDR ] [ local ADDR ] [ [i|o]seq ] [ [i|o]key KEY ] [ [i|o]csum ] [ hoplimit TTL ] [ encaplimit ELIM ] [ tclass TCLASS ] [ flowlabel FLOWLABEL ] [ dscp inherit ] [ fwmark MARK ] [ dev PHYS_DEV ] [ noencap ] [ encap { fou | gue | none } ] [ encap-sport PORT ] [ encap-dport PORT ] [ [no]encap-csum ] [ [no]encap-csum6 ] [ [no]encap-remcsum ] [ erspan IDX ] Where: ADDR := IPV6_ADDRESS TTL := { 0..255 } (default=64) KEY := { DOTTED_QUAD | NUMBER } ELIM := { none | 0..255 }(default=4) TCLASS := { 0x0..0xff | inherit } FLOWLABEL := { 0x0..0xfffff | inherit } MARK := { 0x0..0xffffffff | inherit } Cannot find device "ip6gretap00" FAIL: ip6gretap === RET 255 === Usage: ... { gre | gretap | erspan } [ remote ADDR ] [ local ADDR ] [ [i|o]seq ] [ [i|o]key KEY ] [ [i|o]csum ] [ ttl TTL ] [ tos TOS ] [ [no]pmtudisc ] [ [no]ignore-df ] [ dev PHYS_DEV ] [ noencap ] [ encap { fou | gue | none } ] [ encap-sport PORT ] [ encap-dport PORT ] [ [no]encap-csum ] [ [no]encap-csum6 ] [ [no]encap-remcsum ] [ external ] [ fwmark MARK ] [ erspan IDX ] Where: ADDR := { IP_ADDRESS | any } TOS := { NUMBER | inherit } TTL := { 1..255 | inherit } KEY := { DOTTED_QUAD | NUMBER } MARK := { 0x0..0xffffffff } Cannot find device "erspan00" Cannot find device "erspan00" Cannot find device "erspan00" Usage: ... { gre | gretap | erspan } [ remote ADDR ] [ local ADDR ] [ [i|o]seq ] [ [i|o]key KEY ] [ [i|o]csum ] [ ttl TTL ] [ tos TOS ] [ [no]pmtudisc ] [ [no]ignore-df ] [ dev PHYS_DEV ] [ noencap ] [ encap { fou | gue | none } ] [ encap-sport PORT ] [ encap-dport PORT ] [ [no]encap-csum ] [ [no]encap-csum6 ] [ [no]encap-remcsum ] [ external ] [ fwmark MARK ] [ erspan IDX ] Where: ADDR := { IP_ADDRESS | any } TOS := { NUMBER | inherit } TTL := { 1..255 | inherit } KEY := { DOTTED_QUAD | NUMBER } MARK := { 0x0..0xffffffff } Cannot find device "erspan00" Cannot find device "erspan00" Cannot find device "erspan00" FAIL: erspan === RET 255 === Usage: ... { ip6gre | ip6gretap | ip6erspan} [ remote ADDR ] [ local ADDR ] [ [i|o]seq ] [ [i|o]key KEY ] [ [i|o]csum ] [ hoplimit TTL ] [ encaplimit ELIM ] [ tclass TCLASS ] [ flowlabel FLOWLABEL ] [ dscp inherit ] [ fwmark MARK ] [ dev PHYS_DEV ] [ noencap ] [ encap { fou | gue | none } ] [ encap-sport PORT ] [ encap-dport PORT ] [ [no]encap-csum ] [ [no]encap-csum6 ] [ [no]encap-remcsum ] [ erspan IDX ] Where: ADDR := IPV6_ADDRESS TTL := { 0..255 } (default=64) KEY := { DOTTED_QUAD | NUMBER } ELIM := { none | 0..255 }(default=4) TCLASS := { 0x0..0xff | inherit } FLOWLABEL := { 0x0..0xfffff | inherit } MARK := { 0x0..0xffffffff | inherit } Cannot find device "ip6erspan00" Cannot find device "ip6erspan00" Cannot find device "ip6erspan00" Usage: ... { ip6gre | ip6gretap | ip6erspan} [ remote ADDR ] [ local ADDR ] [ [i|o]seq ] [ [i|o]key KEY ] [ [i|o]csum ] [ hoplimit TTL ] [ encaplimit ELIM ] [ tclass TCLASS ] [ flowlabel FLOWLABEL ] [ dscp inherit ] [ fwmark MARK ] [ dev PHYS_DEV ] [ noencap ] [ encap { fou | gue | none } ] [ encap-sport PORT ] [ encap-dport PORT ] [ [no]encap-csum ] [ [no]encap-csum6 ] [ [no]encap-remcsum ] [ erspan IDX ] Where: ADDR := IPV6_ADDRESS TTL := { 0..255 } (default=64) KEY := { DOTTED_QUAD | NUMBER } ELIM := { none | 0..255 }(default=4) TCLASS := { 0x0..0xff | inherit } FLOWLABEL := { 0x0..0xfffff | inherit } MARK := { 0x0..0xffffffff | inherit } Cannot find device "ip6erspan00" Cannot find device "ip6erspan00" Cannot find device "ip6erspan00" Usage: ... { ip6gre | ip6gretap | ip6erspan} [ remote ADDR ] [ local ADDR ] [ [i|o]seq ] [ [i|o]key KEY ] [ [i|o]csum ] [ hoplimit TTL ] [ encaplimit ELIM ] [ tclass TCLASS ] [ flowlabel FLOWLABEL ] [ dscp inherit ] [ fwmark MARK ] [ dev PHYS_DEV ] [ noencap ] [ encap { fou | gue | none } ] [ encap-sport PORT ] [ encap-dport PORT ] [ [no]encap-csum ] [ [no]encap-csum6 ] [ [no]encap-remcsum ] [ erspan IDX ] Where: ADDR := IPV6_ADDRESS TTL := { 0..255 } (default=64) KEY := { DOTTED_QUAD | NUMBER } ELIM := { none | 0..255 }(default=4) TCLASS := { 0x0..0xff | inherit } FLOWLABEL := { 0x0..0xfffff | inherit } MARK := { 0x0..0xffffffff | inherit } Cannot find device "ip6erspan00" FAIL: ip6erspan === RET 255 === PASS: bridge setup === RET 0 === PASS: ipv6 addrlabel === RET 0 === PASS: set ifalias a1214e60-3ac4-4fd4-8a98-aac4c0b4bfab for test-dummy0 === RET 0 === PASS: vrf === RET 0 === PASS: vxlan FAIL: can't add fou port 7777, skipping test === RET 0 === PASS: macsec === RET 0 === PASS: ipsec === RET 0 === PASS: ipsec_offload === RET 0 === SKIP: fdb get tests: iproute2 too old === RET 0 === SKIP: fdb get tests: iproute2 too old === RET 0 === === RET 0 === To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu-kernel-tests/+bug/1890136/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp