This bug was fixed in the package linux - 4.15.0-118.119
---------------
linux (4.15.0-118.119) bionic; urgency=medium
* bionic/linux: 4.15.0-118.119 -proposed tracker (LP: #1894697)
* Packaging resync (LP: #1786013)
- update dkms package versions
* Introduce the new NVIDIA 450-server and the 450 UDA series (LP: #1887674)
- [packaging] add signed modules for nvidia 450 and 450-server
* cgroup refcount is bogus when cgroup_sk_alloc is disabled (LP: #1886860)
- cgroup: add missing skcd->no_refcnt check in cgroup_sk_clone()
* CVE-2020-12888
- vfio/type1: Support faulting PFNMAP vmas
- vfio-pci: Fault mmaps to enable vma tracking
- vfio-pci: Invalidate mmaps and block MMIO access on disabled memory
* [Hyper-V] VSS and File Copy daemons intermittently fails to start
(LP: #1891224)
- [Packaging] Bind hv_vss_daemon startup to hv_vss device
- [Packaging] bind hv_fcopy_daemon startup to hv_fcopy device
* KVM: Fix zero_page reference counter overflow when using KSM on KVM compute
host (LP: #1837810)
- KVM: fix overflow of zero page refcount with ksm running
* Fix false-negative return value for rtnetlink.sh in kselftests/net
(LP: #1890136)
- selftests: rtnetlink: correct the final return value for the test
- selftests: rtnetlink: make kci_test_encap() return sub-test result
* Bionic update: upstream stable patchset 2020-08-18 (LP: #1892091)
- USB: serial: qcserial: add EM7305 QDL product ID
- USB: iowarrior: fix up report size handling for some devices
- usb: xhci: define IDs for various ASMedia host controllers
- usb: xhci: Fix ASMedia ASM1142 DMA addressing
- Revert "ALSA: hda: call runtime_allow() for all hda controllers"
- ALSA: seq: oss: Serialize ioctls
- staging: android: ashmem: Fix lockdep warning for write operation
- Bluetooth: Fix slab-out-of-bounds read in
hci_extended_inquiry_result_evt()
- Bluetooth: Prevent out-of-bounds read in hci_inquiry_result_evt()
- Bluetooth: Prevent out-of-bounds read in
hci_inquiry_result_with_rssi_evt()
- omapfb: dss: Fix max fclk divider for omap36xx
- binder: Prevent context manager from incrementing ref 0
- vgacon: Fix for missing check in scrollback handling
- mtd: properly check all write ioctls for permissions
- leds: wm831x-status: fix use-after-free on unbind
- leds: da903x: fix use-after-free on unbind
- leds: lm3533: fix use-after-free on unbind
- leds: 88pm860x: fix use-after-free on unbind
- net/9p: validate fds in p9_fd_open
- drm/nouveau/fbcon: fix module unload when fbcon init has failed for some
reason
- drm/nouveau/fbcon: zero-initialise the mode_cmd2 structure
- i2c: slave: improve sanity check when registering
- i2c: slave: add sanity check when unregistering
- usb: hso: check for return value in hso_serial_common_create()
- firmware: Fix a reference count leak.
- cfg80211: check vendor command doit pointer before use
- igb: reinit_locked() should be called with rtnl_lock
- atm: fix atm_dev refcnt leaks in atmtcp_remove_persistent
- tools lib traceevent: Fix memory leak in process_dynamic_array_len
- Drivers: hv: vmbus: Ignore CHANNELMSG_TL_CONNECT_RESULT(23)
- xattr: break delegations in {set,remove}xattr
- ipv4: Silence suspicious RCU usage warning
- ipv6: fix memory leaks on IPV6_ADDRFORM path
- net: ethernet: mtk_eth_soc: fix MTU warnings
- vxlan: Ensure FDB dump is performed under RCU
- net: lan78xx: replace bogus endpoint lookup
- hv_netvsc: do not use VF device if link is down
- net: gre: recompute gre csum for sctp over gre tunnels
- openvswitch: Prevent kernel-infoleak in ovs_ct_put_key()
- Revert "vxlan: fix tos value before xmit"
- selftests/net: relax cpu affinity requirement in msg_zerocopy test
- rxrpc: Fix race between recvmsg and sendmsg on immediate call failure
- i40e: add num_vectors checker in iwarp handler
- i40e: Wrong truncation from u16 to u8
- i40e: Memory leak in i40e_config_iwarp_qvlist
- Smack: fix use-after-free in smk_write_relabel_self()
* Bionic update: upstream stable patchset 2020-08-11 (LP: #1891228)
- AX.25: Fix out-of-bounds read in ax25_connect()
- AX.25: Prevent out-of-bounds read in ax25_sendmsg()
- dev: Defer free of skbs in flush_backlog
- drivers/net/wan/x25_asy: Fix to make it work
- net-sysfs: add a newline when printing 'tx_timeout' by sysfs
- net: udp: Fix wrong clean up for IS_UDPLITE macro
- rxrpc: Fix sendmsg() returning EPIPE due to recvmsg() returning ENODATA
- AX.25: Prevent integer overflows in connect and sendmsg
- ip6_gre: fix null-ptr-deref in ip6gre_init_net()
- rtnetlink: Fix memory(net_device) leak when ->newlink fails
- tcp: allow at most one TLP probe per flight
- regmap: debugfs: check count when read regmap file
- qrtr: orphan socket in qrtr_release()
- sctp: shrink stream outq only when new outcnt < old outcnt
- sctp: shrink stream outq when fails to do addstream reconf
- crypto: ccp - Release all allocated memory if sha type is invalid
- media: rc: prevent memory leak in cx23888_ir_probe
- iio: imu: adis16400: fix memory leak
- ath9k_htc: release allocated buffer if timed out
- ath9k: release allocated buffer if timed out
- PCI/ASPM: Disable ASPM on ASMedia ASM1083/1085 PCIe-to-PCI bridge
- wireless: Use offsetof instead of custom macro.
- ARM: 8986/1: hw_breakpoint: Don't invoke overflow handler on uaccess
watchpoints
- drm/amdgpu: Prevent kernel-infoleak in amdgpu_info_ioctl()
- drm: hold gem reference until object is no longer accessed
- f2fs: check memory boundary by insane namelen
- f2fs: check if file namelen exceeds max value
- 9p/trans_fd: abort p9_read_work if req status changed
- 9p/trans_fd: Fix concurrency del of req_list in
p9_fd_cancelled/p9_read_work
- x86/build/lto: Fix truncated .bss with -fdata-sections
- rds: Prevent kernel-infoleak in rds_notify_queue_get()
- xfs: fix missed wakeup on l_flush_wait
- net/x25: Fix x25_neigh refcnt leak when x25 disconnect
- net/x25: Fix null-ptr-deref in x25_disconnect
- selftests/net: rxtimestamp: fix clang issues for target arch PowerPC
- sh: Fix validation of system call number
- net: lan78xx: add missing endpoint sanity check
- net: lan78xx: fix transfer-buffer memory leak
- mlx4: disable device on shutdown
- mlxsw: core: Increase scope of RCU read-side critical section
- mlxsw: core: Free EMAD transactions using kfree_rcu()
- ibmvnic: Fix IRQ mapping disposal in error path
- bpf: Fix map leak in HASH_OF_MAPS map
- mac80211: mesh: Free ie data when leaving mesh
- mac80211: mesh: Free pending skb when destroying a mpath
- arm64/alternatives: move length validation inside the subsection
- arm64: csum: Fix handling of bad packets
- usb: hso: Fix debug compile warning on sparc32
- qed: Disable "MFW indication via attention" SPAM every 5 minutes
- nfc: s3fwrn5: add missing release on skb in s3fwrn5_recv_frame
- parisc: add support for cmpxchg on u8 pointers
- net: ethernet: ravb: exit if re-initialization fails in tx timeout
- Revert "i2c: cadence: Fix the hold bit setting"
- x86/unwind/orc: Fix ORC for newly forked tasks
- cxgb4: add missing release on skb in uld_send()
- xen-netfront: fix potential deadlock in xennet_remove()
- KVM: LAPIC: Prevent setting the tscdeadline timer if the lapic is hw
disabled
- x86/i8259: Use printk_deferred() to prevent deadlock
- drm/amdgpu: fix multiple memory leaks in acp_hw_init
- selftests/net: psock_fanout: fix clang issues for target arch PowerPC
- net/mlx5: Verify Hardware supports requested ptp function on a given pin
- random32: update the net random state on interrupt and activity
- ARM: percpu.h: fix build error
- random: fix circular include dependency on arm64 after addition of
percpu.h
- random32: remove net_rand_state from the latent entropy gcc plugin
- random32: move the pseudo-random 32-bit definitions to prandom.h
- ext4: fix direct I/O read error
-- Kleber Sacilotto de Souza <[email protected]> Tue, 08 Sep
2020 12:09:02 +0200
** Changed in: linux (Ubuntu Bionic)
Status: Fix Committed => Fix Released
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2020-12888
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1890136
Title:
Fix false-negative return value for rtnetlink.sh in kselftests/net
Status in ubuntu-kernel-tests:
In Progress
Status in linux package in Ubuntu:
Fix Released
Status in linux-hwe package in Ubuntu:
Fix Released
Status in linux source package in Bionic:
Fix Released
Status in linux-hwe source package in Bionic:
Fix Committed
Status in linux source package in Eoan:
Invalid
Status in linux source package in Focal:
Fix Released
Status in linux source package in Groovy:
Fix Released
Bug description:
== Justification ==
All the sub test cases in rtnetlink.sh from kselftests/net were using
the same variable "ret" to store the return value of their test result,
and it will be reset to 0 in the beginning of each test.
This will cause false-negative result if the last case has passed.
Also, the kci_test_encap() test in rtnetlink.sh is actually composed by
two different sub-tests, kci_test_encap_vxlan() and kci_test_encap_fou()
Therefore we should check the test result of these two to avoid
false-negative result for this test case.
== Fixes ==
* c2a4d2747996 ("selftests: rtnetlink: correct the final return value for the
test")
* 72f70c159b53 ("selftests: rtnetlink: make kci_test_encap() return sub-test
result")
This issue is affecting our kernels from B to G, there is no such test
in X thus it can be skipped.
The first patch can be cherry-picked for E/F/G, but needs to be
backported for B/D as they're missing some tests.
The second patch can be cherry-picked for all affected kernels.
== Test ==
Manually tested. The test will fail as expected:
$ sudo ./rtnetlink.sh
PASS: policy routing
PASS: route get
echo $?
PASS: preferred_lft addresses have expired
PASS: promote_secondaries complete
PASS: tc htb hierarchy
PASS: gre tunnel endpoint
PASS: gretap
PASS: ip6gretap
PASS: erspan
PASS: ip6erspan
PASS: bridge setup
PASS: ipv6 addrlabel
PASS: set ifalias a28e0b75-bcc7-4b62-8f5a-381215796229 for test-dummy0
PASS: vrf
PASS: vxlan
FAIL: can't add fou port 7777, skipping test
PASS: macsec
PASS: ipsec
PASS: ipsec_offload
PASS: bridge fdb get
PASS: neigh get
$ echo $?
1
== Regression Potential ==
Low, changes limited to testing tools. It's expected to see this test
failing after applying these patches, since it is reflecting the actual
test result.
== Original Bug Report ==
In this test, it uses ret to store the return value of each test.
However, this value will be reset to 0 in the beginning of each test.
In the end of this test, it will judge PASS/FAIL base on this value.
Thus this will cause false-negative in some cases.
Below is an example for the test on Bionic OEM-OSP1, test "ip6erspan",
"erspan", "ip6gretap" failed with return value 255, but the return value will
soon be overridden with 0 if following test passed without any issue (I made
the test to print === RET $ret === line for debugging purpose):
PASS: policy routing
=== RET 0 ===
PASS: route get
=== RET 0 ===
PASS: preferred_lft addresses have expired
=== RET 0 ===
PASS: tc htb hierarchy
=== RET 0 ===
PASS: gre tunnel endpoint
=== RET 0 ===
PASS: gretap
=== RET 0 ===
Usage: ... { ip6gre | ip6gretap | ip6erspan} [ remote ADDR ]
[ local ADDR ]
[ [i|o]seq ]
[ [i|o]key KEY ]
[ [i|o]csum ]
[ hoplimit TTL ]
[ encaplimit ELIM ]
[ tclass TCLASS ]
[ flowlabel FLOWLABEL ]
[ dscp inherit ]
[ fwmark MARK ]
[ dev PHYS_DEV ]
[ noencap ]
[ encap { fou | gue | none } ]
[ encap-sport PORT ]
[ encap-dport PORT ]
[ [no]encap-csum ]
[ [no]encap-csum6 ]
[ [no]encap-remcsum ]
[ erspan IDX ]
Where: ADDR := IPV6_ADDRESS
TTL := { 0..255 } (default=64)
KEY := { DOTTED_QUAD | NUMBER }
ELIM := { none | 0..255 }(default=4)
TCLASS := { 0x0..0xff | inherit }
FLOWLABEL := { 0x0..0xfffff | inherit }
MARK := { 0x0..0xffffffff | inherit }
Cannot find device "ip6gretap00"
FAIL: ip6gretap
=== RET 255 ===
Usage: ... { gre | gretap | erspan } [ remote ADDR ]
[ local ADDR ]
[ [i|o]seq ]
[ [i|o]key KEY ]
[ [i|o]csum ]
[ ttl TTL ]
[ tos TOS ]
[ [no]pmtudisc ]
[ [no]ignore-df ]
[ dev PHYS_DEV ]
[ noencap ]
[ encap { fou | gue | none } ]
[ encap-sport PORT ]
[ encap-dport PORT ]
[ [no]encap-csum ]
[ [no]encap-csum6 ]
[ [no]encap-remcsum ]
[ external ]
[ fwmark MARK ]
[ erspan IDX ]
Where: ADDR := { IP_ADDRESS | any }
TOS := { NUMBER | inherit }
TTL := { 1..255 | inherit }
KEY := { DOTTED_QUAD | NUMBER }
MARK := { 0x0..0xffffffff }
Cannot find device "erspan00"
Cannot find device "erspan00"
Cannot find device "erspan00"
Usage: ... { gre | gretap | erspan } [ remote ADDR ]
[ local ADDR ]
[ [i|o]seq ]
[ [i|o]key KEY ]
[ [i|o]csum ]
[ ttl TTL ]
[ tos TOS ]
[ [no]pmtudisc ]
[ [no]ignore-df ]
[ dev PHYS_DEV ]
[ noencap ]
[ encap { fou | gue | none } ]
[ encap-sport PORT ]
[ encap-dport PORT ]
[ [no]encap-csum ]
[ [no]encap-csum6 ]
[ [no]encap-remcsum ]
[ external ]
[ fwmark MARK ]
[ erspan IDX ]
Where: ADDR := { IP_ADDRESS | any }
TOS := { NUMBER | inherit }
TTL := { 1..255 | inherit }
KEY := { DOTTED_QUAD | NUMBER }
MARK := { 0x0..0xffffffff }
Cannot find device "erspan00"
Cannot find device "erspan00"
Cannot find device "erspan00"
FAIL: erspan
=== RET 255 ===
Usage: ... { ip6gre | ip6gretap | ip6erspan} [ remote ADDR ]
[ local ADDR ]
[ [i|o]seq ]
[ [i|o]key KEY ]
[ [i|o]csum ]
[ hoplimit TTL ]
[ encaplimit ELIM ]
[ tclass TCLASS ]
[ flowlabel FLOWLABEL ]
[ dscp inherit ]
[ fwmark MARK ]
[ dev PHYS_DEV ]
[ noencap ]
[ encap { fou | gue | none } ]
[ encap-sport PORT ]
[ encap-dport PORT ]
[ [no]encap-csum ]
[ [no]encap-csum6 ]
[ [no]encap-remcsum ]
[ erspan IDX ]
Where: ADDR := IPV6_ADDRESS
TTL := { 0..255 } (default=64)
KEY := { DOTTED_QUAD | NUMBER }
ELIM := { none | 0..255 }(default=4)
TCLASS := { 0x0..0xff | inherit }
FLOWLABEL := { 0x0..0xfffff | inherit }
MARK := { 0x0..0xffffffff | inherit }
Cannot find device "ip6erspan00"
Cannot find device "ip6erspan00"
Cannot find device "ip6erspan00"
Usage: ... { ip6gre | ip6gretap | ip6erspan} [ remote ADDR ]
[ local ADDR ]
[ [i|o]seq ]
[ [i|o]key KEY ]
[ [i|o]csum ]
[ hoplimit TTL ]
[ encaplimit ELIM ]
[ tclass TCLASS ]
[ flowlabel FLOWLABEL ]
[ dscp inherit ]
[ fwmark MARK ]
[ dev PHYS_DEV ]
[ noencap ]
[ encap { fou | gue | none } ]
[ encap-sport PORT ]
[ encap-dport PORT ]
[ [no]encap-csum ]
[ [no]encap-csum6 ]
[ [no]encap-remcsum ]
[ erspan IDX ]
Where: ADDR := IPV6_ADDRESS
TTL := { 0..255 } (default=64)
KEY := { DOTTED_QUAD | NUMBER }
ELIM := { none | 0..255 }(default=4)
TCLASS := { 0x0..0xff | inherit }
FLOWLABEL := { 0x0..0xfffff | inherit }
MARK := { 0x0..0xffffffff | inherit }
Cannot find device "ip6erspan00"
Cannot find device "ip6erspan00"
Cannot find device "ip6erspan00"
Usage: ... { ip6gre | ip6gretap | ip6erspan} [ remote ADDR ]
[ local ADDR ]
[ [i|o]seq ]
[ [i|o]key KEY ]
[ [i|o]csum ]
[ hoplimit TTL ]
[ encaplimit ELIM ]
[ tclass TCLASS ]
[ flowlabel FLOWLABEL ]
[ dscp inherit ]
[ fwmark MARK ]
[ dev PHYS_DEV ]
[ noencap ]
[ encap { fou | gue | none } ]
[ encap-sport PORT ]
[ encap-dport PORT ]
[ [no]encap-csum ]
[ [no]encap-csum6 ]
[ [no]encap-remcsum ]
[ erspan IDX ]
Where: ADDR := IPV6_ADDRESS
TTL := { 0..255 } (default=64)
KEY := { DOTTED_QUAD | NUMBER }
ELIM := { none | 0..255 }(default=4)
TCLASS := { 0x0..0xff | inherit }
FLOWLABEL := { 0x0..0xfffff | inherit }
MARK := { 0x0..0xffffffff | inherit }
Cannot find device "ip6erspan00"
FAIL: ip6erspan
=== RET 255 ===
PASS: bridge setup
=== RET 0 ===
PASS: ipv6 addrlabel
=== RET 0 ===
PASS: set ifalias a1214e60-3ac4-4fd4-8a98-aac4c0b4bfab for test-dummy0
=== RET 0 ===
PASS: vrf
=== RET 0 ===
PASS: vxlan
FAIL: can't add fou port 7777, skipping test
=== RET 0 ===
PASS: macsec
=== RET 0 ===
PASS: ipsec
=== RET 0 ===
PASS: ipsec_offload
=== RET 0 ===
SKIP: fdb get tests: iproute2 too old
=== RET 0 ===
SKIP: fdb get tests: iproute2 too old
=== RET 0 ===
=== RET 0 ===
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu-kernel-tests/+bug/1890136/+subscriptions
--
Mailing list: https://launchpad.net/~kernel-packages
Post to : [email protected]
Unsubscribe : https://launchpad.net/~kernel-packages
More help : https://help.launchpad.net/ListHelp
