This bug was fixed in the package linux-hwe - 5.3.0-68.63
---------------
linux-hwe (5.3.0-68.63) bionic; urgency=medium
* CVE-2020-16119
- SAUCE: dccp: avoid double free of ccid on child socket
* CVE-2020-16120
- Revert "UBUNTU: SAUCE: overlayfs: ensure mounter privileges when reading
directories"
- ovl: pass correct flags for opening real directory
- ovl: switch to mounter creds in readdir
- ovl: verify permissions in ovl_path_open()
- ovl: call secutiry hook in ovl_real_ioctl()
- ovl: check permission to open real file
* Packaging resync (LP: #1786013)
- update dkms package versions
* Introduce the new NVIDIA 450-server and the 450 UDA series (LP: #1887674)
- [Packaging] hwe: Update nvidia driver versions
* Introduce the new NVIDIA 418-server and 440-server series, and update the
current NVIDIA drivers (LP: #1881137)
- [Packaging] hwe: Add build support for nvidia-server drivers
* msg_zerocopy.sh in net from ubuntu_kernel_selftests failed (LP: #1812620)
- selftests/net: relax cpu affinity requirement in msg_zerocopy test
* Fix false-negative return value for rtnetlink.sh in kselftests/net
(LP: #1890136)
- selftests: rtnetlink: correct the final return value for the test
- selftests: rtnetlink: make kci_test_encap() return sub-test result
-- Thadeu Lima de Souza Cascardo <casca...@canonical.com> Mon, 28 Sep
2020 08:30:12 -0300
** Changed in: linux-hwe (Ubuntu Bionic)
Status: Fix Committed => Fix Released
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2020-16119
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2020-16120
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1890136
Title:
Fix false-negative return value for rtnetlink.sh in kselftests/net
Status in ubuntu-kernel-tests:
In Progress
Status in linux package in Ubuntu:
Fix Released
Status in linux-hwe package in Ubuntu:
Fix Released
Status in linux source package in Bionic:
Fix Released
Status in linux-hwe source package in Bionic:
Fix Released
Status in linux source package in Eoan:
Invalid
Status in linux source package in Focal:
Fix Released
Status in linux source package in Groovy:
Fix Released
Bug description:
== Justification ==
All the sub test cases in rtnetlink.sh from kselftests/net were using
the same variable "ret" to store the return value of their test result,
and it will be reset to 0 in the beginning of each test.
This will cause false-negative result if the last case has passed.
Also, the kci_test_encap() test in rtnetlink.sh is actually composed by
two different sub-tests, kci_test_encap_vxlan() and kci_test_encap_fou()
Therefore we should check the test result of these two to avoid
false-negative result for this test case.
== Fixes ==
* c2a4d2747996 ("selftests: rtnetlink: correct the final return value for the
test")
* 72f70c159b53 ("selftests: rtnetlink: make kci_test_encap() return sub-test
result")
This issue is affecting our kernels from B to G, there is no such test
in X thus it can be skipped.
The first patch can be cherry-picked for E/F/G, but needs to be
backported for B/D as they're missing some tests.
The second patch can be cherry-picked for all affected kernels.
== Test ==
Manually tested. The test will fail as expected:
$ sudo ./rtnetlink.sh
PASS: policy routing
PASS: route get
echo $?
PASS: preferred_lft addresses have expired
PASS: promote_secondaries complete
PASS: tc htb hierarchy
PASS: gre tunnel endpoint
PASS: gretap
PASS: ip6gretap
PASS: erspan
PASS: ip6erspan
PASS: bridge setup
PASS: ipv6 addrlabel
PASS: set ifalias a28e0b75-bcc7-4b62-8f5a-381215796229 for test-dummy0
PASS: vrf
PASS: vxlan
FAIL: can't add fou port 7777, skipping test
PASS: macsec
PASS: ipsec
PASS: ipsec_offload
PASS: bridge fdb get
PASS: neigh get
$ echo $?
1
== Regression Potential ==
Low, changes limited to testing tools. It's expected to see this test
failing after applying these patches, since it is reflecting the actual
test result.
== Original Bug Report ==
In this test, it uses ret to store the return value of each test.
However, this value will be reset to 0 in the beginning of each test.
In the end of this test, it will judge PASS/FAIL base on this value.
Thus this will cause false-negative in some cases.
Below is an example for the test on Bionic OEM-OSP1, test "ip6erspan",
"erspan", "ip6gretap" failed with return value 255, but the return value will
soon be overridden with 0 if following test passed without any issue (I made
the test to print === RET $ret === line for debugging purpose):
PASS: policy routing
=== RET 0 ===
PASS: route get
=== RET 0 ===
PASS: preferred_lft addresses have expired
=== RET 0 ===
PASS: tc htb hierarchy
=== RET 0 ===
PASS: gre tunnel endpoint
=== RET 0 ===
PASS: gretap
=== RET 0 ===
Usage: ... { ip6gre | ip6gretap | ip6erspan} [ remote ADDR ]
[ local ADDR ]
[ [i|o]seq ]
[ [i|o]key KEY ]
[ [i|o]csum ]
[ hoplimit TTL ]
[ encaplimit ELIM ]
[ tclass TCLASS ]
[ flowlabel FLOWLABEL ]
[ dscp inherit ]
[ fwmark MARK ]
[ dev PHYS_DEV ]
[ noencap ]
[ encap { fou | gue | none } ]
[ encap-sport PORT ]
[ encap-dport PORT ]
[ [no]encap-csum ]
[ [no]encap-csum6 ]
[ [no]encap-remcsum ]
[ erspan IDX ]
Where: ADDR := IPV6_ADDRESS
TTL := { 0..255 } (default=64)
KEY := { DOTTED_QUAD | NUMBER }
ELIM := { none | 0..255 }(default=4)
TCLASS := { 0x0..0xff | inherit }
FLOWLABEL := { 0x0..0xfffff | inherit }
MARK := { 0x0..0xffffffff | inherit }
Cannot find device "ip6gretap00"
FAIL: ip6gretap
=== RET 255 ===
Usage: ... { gre | gretap | erspan } [ remote ADDR ]
[ local ADDR ]
[ [i|o]seq ]
[ [i|o]key KEY ]
[ [i|o]csum ]
[ ttl TTL ]
[ tos TOS ]
[ [no]pmtudisc ]
[ [no]ignore-df ]
[ dev PHYS_DEV ]
[ noencap ]
[ encap { fou | gue | none } ]
[ encap-sport PORT ]
[ encap-dport PORT ]
[ [no]encap-csum ]
[ [no]encap-csum6 ]
[ [no]encap-remcsum ]
[ external ]
[ fwmark MARK ]
[ erspan IDX ]
Where: ADDR := { IP_ADDRESS | any }
TOS := { NUMBER | inherit }
TTL := { 1..255 | inherit }
KEY := { DOTTED_QUAD | NUMBER }
MARK := { 0x0..0xffffffff }
Cannot find device "erspan00"
Cannot find device "erspan00"
Cannot find device "erspan00"
Usage: ... { gre | gretap | erspan } [ remote ADDR ]
[ local ADDR ]
[ [i|o]seq ]
[ [i|o]key KEY ]
[ [i|o]csum ]
[ ttl TTL ]
[ tos TOS ]
[ [no]pmtudisc ]
[ [no]ignore-df ]
[ dev PHYS_DEV ]
[ noencap ]
[ encap { fou | gue | none } ]
[ encap-sport PORT ]
[ encap-dport PORT ]
[ [no]encap-csum ]
[ [no]encap-csum6 ]
[ [no]encap-remcsum ]
[ external ]
[ fwmark MARK ]
[ erspan IDX ]
Where: ADDR := { IP_ADDRESS | any }
TOS := { NUMBER | inherit }
TTL := { 1..255 | inherit }
KEY := { DOTTED_QUAD | NUMBER }
MARK := { 0x0..0xffffffff }
Cannot find device "erspan00"
Cannot find device "erspan00"
Cannot find device "erspan00"
FAIL: erspan
=== RET 255 ===
Usage: ... { ip6gre | ip6gretap | ip6erspan} [ remote ADDR ]
[ local ADDR ]
[ [i|o]seq ]
[ [i|o]key KEY ]
[ [i|o]csum ]
[ hoplimit TTL ]
[ encaplimit ELIM ]
[ tclass TCLASS ]
[ flowlabel FLOWLABEL ]
[ dscp inherit ]
[ fwmark MARK ]
[ dev PHYS_DEV ]
[ noencap ]
[ encap { fou | gue | none } ]
[ encap-sport PORT ]
[ encap-dport PORT ]
[ [no]encap-csum ]
[ [no]encap-csum6 ]
[ [no]encap-remcsum ]
[ erspan IDX ]
Where: ADDR := IPV6_ADDRESS
TTL := { 0..255 } (default=64)
KEY := { DOTTED_QUAD | NUMBER }
ELIM := { none | 0..255 }(default=4)
TCLASS := { 0x0..0xff | inherit }
FLOWLABEL := { 0x0..0xfffff | inherit }
MARK := { 0x0..0xffffffff | inherit }
Cannot find device "ip6erspan00"
Cannot find device "ip6erspan00"
Cannot find device "ip6erspan00"
Usage: ... { ip6gre | ip6gretap | ip6erspan} [ remote ADDR ]
[ local ADDR ]
[ [i|o]seq ]
[ [i|o]key KEY ]
[ [i|o]csum ]
[ hoplimit TTL ]
[ encaplimit ELIM ]
[ tclass TCLASS ]
[ flowlabel FLOWLABEL ]
[ dscp inherit ]
[ fwmark MARK ]
[ dev PHYS_DEV ]
[ noencap ]
[ encap { fou | gue | none } ]
[ encap-sport PORT ]
[ encap-dport PORT ]
[ [no]encap-csum ]
[ [no]encap-csum6 ]
[ [no]encap-remcsum ]
[ erspan IDX ]
Where: ADDR := IPV6_ADDRESS
TTL := { 0..255 } (default=64)
KEY := { DOTTED_QUAD | NUMBER }
ELIM := { none | 0..255 }(default=4)
TCLASS := { 0x0..0xff | inherit }
FLOWLABEL := { 0x0..0xfffff | inherit }
MARK := { 0x0..0xffffffff | inherit }
Cannot find device "ip6erspan00"
Cannot find device "ip6erspan00"
Cannot find device "ip6erspan00"
Usage: ... { ip6gre | ip6gretap | ip6erspan} [ remote ADDR ]
[ local ADDR ]
[ [i|o]seq ]
[ [i|o]key KEY ]
[ [i|o]csum ]
[ hoplimit TTL ]
[ encaplimit ELIM ]
[ tclass TCLASS ]
[ flowlabel FLOWLABEL ]
[ dscp inherit ]
[ fwmark MARK ]
[ dev PHYS_DEV ]
[ noencap ]
[ encap { fou | gue | none } ]
[ encap-sport PORT ]
[ encap-dport PORT ]
[ [no]encap-csum ]
[ [no]encap-csum6 ]
[ [no]encap-remcsum ]
[ erspan IDX ]
Where: ADDR := IPV6_ADDRESS
TTL := { 0..255 } (default=64)
KEY := { DOTTED_QUAD | NUMBER }
ELIM := { none | 0..255 }(default=4)
TCLASS := { 0x0..0xff | inherit }
FLOWLABEL := { 0x0..0xfffff | inherit }
MARK := { 0x0..0xffffffff | inherit }
Cannot find device "ip6erspan00"
FAIL: ip6erspan
=== RET 255 ===
PASS: bridge setup
=== RET 0 ===
PASS: ipv6 addrlabel
=== RET 0 ===
PASS: set ifalias a1214e60-3ac4-4fd4-8a98-aac4c0b4bfab for test-dummy0
=== RET 0 ===
PASS: vrf
=== RET 0 ===
PASS: vxlan
FAIL: can't add fou port 7777, skipping test
=== RET 0 ===
PASS: macsec
=== RET 0 ===
PASS: ipsec
=== RET 0 ===
PASS: ipsec_offload
=== RET 0 ===
SKIP: fdb get tests: iproute2 too old
=== RET 0 ===
SKIP: fdb get tests: iproute2 too old
=== RET 0 ===
=== RET 0 ===
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu-kernel-tests/+bug/1890136/+subscriptions
--
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help : https://help.launchpad.net/ListHelp
