This bug was fixed in the package linux - 4.15.0-177.186
---------------
linux (4.15.0-177.186) bionic; urgency=medium
* bionic/linux: 4.15.0-177.186 -proposed tracker (LP: #1969083)
* Bionic update: upstream stable patchset 2022-04-13 (LP: #1968932)
- cgroup/cpuset: Fix a race between cpuset_attach() and cpu hotplug
- vhost/vsock: don't check owner in vhost_vsock_stop() while releasing
- parisc/unaligned: Fix fldd and fstd unaligned handlers on 32-bit kernel
- parisc/unaligned: Fix ldw() and stw() unalignment handlers
- sr9700: sanity check for packet length
- USB: zaurus: support another broken Zaurus
- ping: remove pr_err from ping_lookup
- net: __pskb_pull_tail() & pskb_carve_frag_list() drop_monitor friends
- gso: do not skip outer ip header in case of ipip and net_failover
- openvswitch: Fix setting ipv6 fields causing hw csum failure
- drm/edid: Always set RGB444
- net/mlx5e: Fix wrong return value on ioctl EEPROM query failure
- configfs: fix a race in configfs_{,un}register_subsystem()
- RDMA/ib_srp: Fix a deadlock
- iio: adc: men_z188_adc: Fix a resource leak in an error handling path
- ata: pata_hpt37x: disable primary channel on HPT371
- Revert "USB: serial: ch341: add new Product ID for CH341A"
- usb: gadget: rndis: add spinlock for rndis response list
- tracefs: Set the group ownership in apply_options() not parse_options()
- USB: serial: option: add support for DW5829e
- USB: serial: option: add Telit LE910R1 compositions
- usb: dwc3: gadget: Let the interrupt handler disable bottom halves.
- xhci: re-initialize the HC during resume if HCE was set
- xhci: Prevent futile URB re-submissions due to incorrect return value.
- tty: n_gsm: fix encoding of control signal octet bit DV
- tty: n_gsm: fix proper link termination after failed open
- Revert "drm/nouveau/pmu/gm200-: avoid touching PMU outside of
DEVINIT/PREOS/ACR"
- memblock: use kfree() to release kmalloced memblock regions
- fget: clarify and improve __fget_files() implementation
- gpio: tegra186: Fix chip_data type confusion
- tracing: Have traceon and traceoff trigger honor the instance
- mac80211_hwsim: report NOACK frames in tx_status
- mac80211_hwsim: initialize ieee80211_tx_info at hw_scan_work
- i2c: bcm2835: Avoid clock stretching timeouts
- Input: clear BTN_RIGHT/MIDDLE on buttonpads
- cifs: fix double free race when mount fails in cifs_get_root()
- dmaengine: shdma: Fix runtime PM imbalance on error
- i2c: cadence: allow COMPILE_TEST
- i2c: qup: allow COMPILE_TEST
- net: usb: cdc_mbim: avoid altsetting toggling for Telit FN990
- usb: gadget: don't release an existing dev->buf
- usb: gadget: clear related members when goto fail
- ata: pata_hpt37x: fix PCI clock detection
- ALSA: intel_hdmi: Fix reference to PCM buffer address
- ASoC: ops: Shift tested values in snd_soc_put_volsw() by +min
- xfrm: fix MTU regression
- netfilter: fix use-after-free in __nf_register_net_hook()
- xfrm: enforce validity of offload input flags
- netfilter: nf_queue: don't assume sk is full socket
- netfilter: nf_queue: fix possible use-after-free
- batman-adv: Request iflink once in batadv-on-batadv check
- batman-adv: Request iflink once in batadv_get_real_netdevice
- batman-adv: Don't expect inter-netns unique iflink indices
- net: dcb: flush lingering app table entries for unregistered devices
- net/smc: fix unexpected SMC_CLC_DECL_ERR_REGRMB error generated by client
- net/smc: fix unexpected SMC_CLC_DECL_ERR_REGRMB error cause by server
- mac80211: fix forwarded mesh frames AC & queue selection
- net: stmmac: fix return value of __setup handler
- net: sxgbe: fix return value of __setup handler
- net: arcnet: com20020: Fix null-ptr-deref in com20020pci_probe()
- efivars: Respect "block" flag in efivar_entry_set_safe()
- can: gs_usb: change active_channels's type from atomic_t to u8
- ARM: 9182/1: mmu: fix returns from early_param() and __setup() functions
- soc: fsl: qe: Check of ioremap return value
- net: chelsio: cxgb3: check the return value of pci_find_capability()
- nl80211: Handle nla_memdup failures in handle_nan_filter
- Input: elan_i2c - move regulator_[en|dis]able() out of
elan_[en|dis]able_power()
- Input: elan_i2c - fix regulator enable count imbalance after
suspend/resume
- HID: add mapping for KEY_ALL_APPLICATIONS
- memfd: fix F_SEAL_WRITE after shmem huge page allocated
- net: dcb: disable softirqs in dcbnl_flush_dev()
- hamradio: fix macro redefine warning
- arm/arm64: Provide a wrapper for SMCCC 1.1 calls
- arm/arm64: smccc/psci: add arm_smccc_1_1_get_conduit()
- ARM: report Spectre v2 status through sysfs
- ARM: early traps initialisation
- ARM: use LOADADDR() to get load address of sections
- [Config] updateconfigs for HARDEN_BRANCH_HISTORY
- ARM: Spectre-BHB workaround
- ARM: include unprivileged BPF status in Spectre V2 reporting
- ARM: fix build error when BPF_SYSCALL is disabled
- ARM: fix co-processor register typo
- ARM: Do not use NOCROSSREFS directive with ld.lld
- ARM: fix build warning in proc-v7-bugs.c
- xen/xenbus: don't let xenbus_grant_ring() remove grants in error case
- xen/grant-table: add gnttab_try_end_foreign_access()
- xen/blkfront: don't use gnttab_query_foreign_access() for mapped status
- xen/netfront: don't use gnttab_query_foreign_access() for mapped status
- xen/scsifront: don't use gnttab_query_foreign_access() for mapped status
- xen/gntalloc: don't use gnttab_query_foreign_access()
- xen: remove gnttab_query_foreign_access()
- xen/9p: use alloc/free_pages_exact()
- xen/gnttab: fix gnttab_end_foreign_access() without page specified
- xen/netfront: react properly to failing gnttab_end_foreign_access_ref()
* ip6gre driver does not hold device reference (LP: #1968340)
- ip6_gre: proper dev_{hold|put} in ndo_[un]init methods
* LRMv6: add multi-architecture support (LP: #1968774)
- [Packaging] resync dkms-build{,--nvidia-N}
* Use kernel-testing repo from launchpad for ADT tests (LP: #1968016)
- [Debian] Use kernel-testing repo from launchpad
* vmx_ldtr_test in ubuntu_kvm_unit_tests failed (FAIL: Expected 0 for L1 LDTR
selector (got 50)) (LP: #1956315)
- KVM: nVMX: Set LDTR to its architecturally defined value on nested VM-Exit
* Bionic update: upstream stable patchset 2022-03-29 (LP: #1967013)
- moxart: fix potential use-after-free on remove path
- x86/mm, mm/hwpoison: Fix the unmap kernel 1:1 pages check condition
- integrity: check the return value of audit_log_start()
- ima: Remove ima_policy file before directory
- ima: Allow template selection with ima_template[_fmt]= after ima_hash=
- mmc: sdhci-of-esdhc: Check for error num after setting mask
- net: phy: marvell: Fix MDI-x polarity setting in 88e1118-compatible PHYs
- NFS: Fix initialisation of nfs_client cl_flags field
- NFSD: Clamp WRITE offsets
- NFSv4 only print the label when its queried
- nfs: nfs4clinet: check the return value of kstrdup()
- NFSv4.1: Fix uninitialised variable in devicenotify
- NFSv4 remove zero number of fs_locations entries error check
- NFSv4 expose nfs_parse_server_name function
- scsi: target: iscsi: Make sure the np under each tpg is unique
- usb: dwc2: gadget: don't try to disable ep0 in dwc2_hsotg_suspend
- net: stmmac: dwmac-sun8i: use return val of readl_poll_timeout()
- Revert "net: axienet: Wait for PhyRstCmplt after core reset"
- ARM: dts: imx23-evk: Remove MX23_PAD_SSP1_DETECT from hog group
- ARM: dts: meson: Fix the UART compatible strings
- staging: fbtft: Fix error path in fbtft_driver_module_init()
- ARM: dts: imx6qdl-udoo: Properly describe the SD card detect
- usb: f_fs: Fix use-after-free for epfile
- bonding: pair enable_port with slave_arr_updates
- ipmr,ip6mr: acquire RTNL before calling ip[6]mr_free_table() on failure
path
- net: do not keep the dst cache when uncloning an skb dst and its metadata
- net: fix a memleak when uncloning an skb dst and its metadata
- tipc: rate limit warning for received illegal binding update
- net: amd-xgbe: disable interrupts during pci removal
- vt_ioctl: fix array_index_nospec in vt_setactivate
- vt_ioctl: add array_index_nospec to VT_ACTIVATE
- n_tty: wake up poll(POLLRDNORM) on receiving data
- usb: ulpi: Move of_node_put to ulpi_dev_release
- usb: ulpi: Call of_node_put correctly
- usb: dwc3: gadget: Prevent core from processing stale TRBs
- USB: gadget: validate interface OS descriptor requests
- usb: gadget: rndis: check size of RNDIS_MSG_SET command
- USB: serial: ftdi_sio: add support for Brainboxes US-159/235/320
- USB: serial: option: add ZTE MF286D modem
- USB: serial: ch341: add support for GW Instek USB2.0-Serial devices
- USB: serial: cp210x: add NCR Retail IO box id
- USB: serial: cp210x: add CPI Bulk Coin Recycler id
- seccomp: Invalidate seccomp mode to catch death failures
- hwmon: (dell-smm) Speed up setting of fan speed
- perf: Fix list corruption in perf_cgroup_switch()
- net: bridge: fix stale eth hdr pointer in br_dev_xmit
- Makefile.extrawarn: Move -Wunaligned-access to W=1
- net: usb: ax88179_178a: Fix out-of-bounds accesses in RX fixup
- serial: parisc: GSC: fix build when IOSAPIC is not set
- parisc: Fix data TLB miss in sba_unmap_sg
- parisc: Fix sglist access in ccio-dma.c
- btrfs: send: in case of IO error log it
- net: ieee802154: at86rf230: Stop leaking skb's
- selftests/zram: Skip max_comp_streams interface on newer kernel
- selftests/zram01.sh: Fix compression ratio calculation
- selftests/zram: Adapt the situation that /dev/zram0 is being used
- ax25: improve the incomplete fix to avoid UAF and NPD bugs
- vfs: make freeze_super abort when sync_filesystem returns error
- quota: make dquot_quota_sync return errors from ->sync_fs
- Revert "module, async: async_synchronize_full() on module init iff async
is
used"
- iwlwifi: fix use-after-free
- drm/radeon: Fix backlight control on iMac 12,1
- xfrm: Don't accidentally set RTO_ONLINK in decode_session4()
- taskstats: Cleanup the use of task->exit_code
- vsock: remove vsock from connected table when connect is interrupted by a
signal
- iwlwifi: pcie: fix locking when "HW not ready"
- iwlwifi: pcie: gen2: fix locking when "HW not ready"
- net: ieee802154: ca8210: Fix lifs/sifs periods
- ping: fix the dif and sdif check in ping_lookup
- drop_monitor: fix data-race in dropmon_net_event / trace_napi_poll_hit
- bonding: fix data-races around agg_select_timer
- libsubcmd: Fix use-after-free for realloc(..., 0)
- ALSA: hda: Fix regression on forced probe mask option
- ALSA: hda: Fix missing codec probe on Shenker Dock 15
- ASoC: ops: Fix stereo change notifications in snd_soc_put_volsw()
- ASoC: ops: Fix stereo change notifications in snd_soc_put_volsw_range()
- powerpc/lib/sstep: fix 'ptesync' build error
- NFS: LOOKUP_DIRECTORY is also ok with symlinks
- EDAC: Fix calculation of returned address and next offset in
edac_align_ptr()
- net: sched: limit TC_ACT_REPEAT loops
- dmaengine: sh: rcar-dmac: Check for error num after setting mask
- i2c: brcmstb: fix support for DSL and CM variants
- mtd: rawnand: brcmnand: Refactored code to introduce helper functions
- mtd: rawnand: brcmnand: Fixed incorrect sub-page ECC status
- KVM: x86/pmu: Use AMD64_RAW_EVENT_MASK for PERF_TYPE_RAW
- NFS: Do not report writeback errors in nfs_getattr()
- ARM: OMAP2+: hwmod: Add of_node_put() before break
- ata: libata-core: Disable TRIM on M88V29
- tracing: Fix tp_printk option related with tp_printk_stop_on_boot
- net: usb: qmi_wwan: Add support for Dell DW5829e
- net: macb: Align the dma and coherent dma masks
- net: dsa: lan9303: fix reset on probe
* CVE-2022-27223
- USB: gadget: validate endpoint index for xilinx udc
* CVE-2022-26490
- nfc: st21nfca: Fix potential buffer overflows in EVT_TRANSACTION
* CVE-2021-26401
- x86/speculation: Use generic retpoline by default on AMD
- x86/speculation: Update link to AMD speculation whitepaper
- x86/speculation: Warn about Spectre v2 LFENCE mitigation
- x86/speculation: Warn about eIBRS + LFENCE + Unprivileged eBPF + SMT
* CVE-2022-0001
- x86/speculation: Include unprivileged eBPF status in Spectre v2 mitigation
reporting
-- Luke Nowakowski-Krijger <luke.nowakowskikrij...@canonical.com> Thu,
14 Apr 2022 12:09:07 -0700
** Changed in: linux (Ubuntu Bionic)
Status: Fix Committed => Fix Released
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux-oem-5.14 in Ubuntu.
https://bugs.launchpad.net/bugs/1956315
Title:
vmx_ldtr_test in ubuntu_kvm_unit_tests failed (FAIL: Expected 0 for L1
LDTR selector (got 50))
Status in ubuntu-kernel-tests:
In Progress
Status in linux package in Ubuntu:
Fix Released
Status in linux-oem-5.14 package in Ubuntu:
Invalid
Status in linux source package in Bionic:
Fix Released
Status in linux-oem-5.14 source package in Bionic:
Invalid
Status in linux source package in Focal:
Fix Released
Status in linux-oem-5.14 source package in Focal:
Fix Released
Status in linux source package in Impish:
Fix Released
Status in linux-oem-5.14 source package in Impish:
Invalid
Status in linux source package in Jammy:
Fix Released
Status in linux-oem-5.14 source package in Jammy:
Invalid
Bug description:
[Impact]
vmx_ldtr_test in ubuntu_kvm_unit_tests will fail with:
FAIL: Expected 0 for L1 LDTR selector (got 50)
It's a test for commit afc8de01 "KVM: nVMX: Set LDTR to its
architecturally defined value on nested VM-Exit"
According to Intel 64 and IA-32 Architectures Software Developer’s
Manual, L1's LDTR should be 0 after an emulated VM-exit from L2.
[Fix]
* afc8de01 "KVM: nVMX: Set LDTR to its architecturally defined value
on nested VM-Exit"
We already have this patch in Jammy.
This patch can be cherry-picked into F/F-OEM-5.14/I. But some
straightforward backport work is required for Bionic, as the code
snippet for nested KVM haven't been split out to vmx/nested.c
(55d2375e KVM: nVMX: Move nested code to dedicated files).
[Test]
Test kernels can be found here:
https://people.canonical.com/~phlin/kernel/lp-1956315-vmx-ldtr/
Tested with:
* B (bare-metal / KVM instance)
* F (KVM instance)
* I (bare-metal / KVM instance)
With this patched kernel, this test will pass:
PASS: Expected 0 for L1 LDTR selector (got 0)
Also tested with ubuntu_kvm_unit_tests and ubuntu_kvm_smoke_test to
make sure this is not causing any other regressions.
[Where problem could occur]
If the patch is incorrect it might affect the nested KVM functionality
while existing from L2 to L1.
[Original bug description]
Issue found on Bionic 4.15.0-166.174 with node rizzo
Running 'kvm-ok'
INFO: /dev/kvm exists
KVM acceleration can be used
'/home/ubuntu/autotest/client/tmp/ubuntu_kvm_unit_tests/src/kvm-unit-tests/tests/vmx_ldtr_test'
BUILD_HEAD=8a30588c
timeout -k 1s --foreground 90s /usr/bin/qemu-system-x86_64 --no-reboot
-nodefaults -device pc-testdev -device isa-debug-exit,iobase=0xf4,iosize=0x4
-vnc none -serial stdio -device pci-testdev -machine accel=kvm -kernel
/tmp/tmp.Lnfifekq7r -smp 1 -cpu max,+vmx -append vmx_ldtr_test # -initrd
/tmp/tmp.i9y5hdMh49
enabling apic
paging enabled
cr0 = 80010011
cr3 = 1007000
cr4 = 20
filter = vmx_ldtr_test, test = test_vmx_feature_control
filter = vmx_ldtr_test, test = test_vmxon
filter = vmx_ldtr_test, test = test_vmptrld
filter = vmx_ldtr_test, test = test_vmclear
filter = vmx_ldtr_test, test = test_vmptrst
filter = vmx_ldtr_test, test = test_vmwrite_vmread
filter = vmx_ldtr_test, test = test_vmcs_high
filter = vmx_ldtr_test, test = test_vmcs_lifecycle
filter = vmx_ldtr_test, test = test_vmx_caps
filter = vmx_ldtr_test, test = test_vmread_flags_touch
filter = vmx_ldtr_test, test = test_vmwrite_flags_touch
filter = vmx_ldtr_test, test = null
filter = vmx_ldtr_test, test = vmenter
filter = vmx_ldtr_test, test = preemption timer
filter = vmx_ldtr_test, test = control field PAT
filter = vmx_ldtr_test, test = control field EFER
filter = vmx_ldtr_test, test = CR shadowing
filter = vmx_ldtr_test, test = I/O bitmap
filter = vmx_ldtr_test, test = instruction intercept
filter = vmx_ldtr_test, test = EPT A/D disabled
filter = vmx_ldtr_test, test = EPT A/D enabled
filter = vmx_ldtr_test, test = PML
filter = vmx_ldtr_test, test = interrupt
filter = vmx_ldtr_test, test = nmi_hlt
filter = vmx_ldtr_test, test = debug controls
filter = vmx_ldtr_test, test = MSR switch
filter = vmx_ldtr_test, test = vmmcall
filter = vmx_ldtr_test, test = disable RDTSCP
filter = vmx_ldtr_test, test = int3
filter = vmx_ldtr_test, test = into
filter = vmx_ldtr_test, test = exit_monitor_from_l2_test
filter = vmx_ldtr_test, test = invalid_msr
filter = vmx_ldtr_test, test = v2_null_test
filter = vmx_ldtr_test, test = v2_multiple_entries_test
filter = vmx_ldtr_test, test = fixture_test_case1
filter = vmx_ldtr_test, test = fixture_test_case2
filter = vmx_ldtr_test, test = invvpid_test
filter = vmx_ldtr_test, test = vmx_controls_test
filter = vmx_ldtr_test, test = vmx_host_state_area_test
filter = vmx_ldtr_test, test = vmx_guest_state_area_test
filter = vmx_ldtr_test, test = vmentry_movss_shadow_test
filter = vmx_ldtr_test, test = vmentry_unrestricted_guest_test
filter = vmx_ldtr_test, test = vmx_eoi_bitmap_ioapic_scan_test
filter = vmx_ldtr_test, test = vmx_hlt_with_rvi_test
filter = vmx_ldtr_test, test = apic_reg_virt_test
filter = vmx_ldtr_test, test = virt_x2apic_mode_test
filter = vmx_ldtr_test, test = vmx_apic_passthrough_test
filter = vmx_ldtr_test, test = vmx_apic_passthrough_thread_test
filter = vmx_ldtr_test, test = vmx_apic_passthrough_tpr_threshold_test
filter = vmx_ldtr_test, test = vmx_init_signal_test
filter = vmx_ldtr_test, test = vmx_sipi_signal_test
filter = vmx_ldtr_test, test = vmx_vmcs_shadow_test
filter = vmx_ldtr_test, test = vmx_ldtr_test
Test suite: vmx_ldtr_test
PASS: Expected 18 for L2 LDTR selector (got 18)
FAIL: Expected 0 for L1 LDTR selector (got 50)
filter = vmx_ldtr_test, test = vmx_cr_load_test
filter = vmx_ldtr_test, test = vmx_cr4_osxsave_test
filter = vmx_ldtr_test, test = vmx_nm_test
filter = vmx_ldtr_test, test = vmx_db_test
filter = vmx_ldtr_test, test = vmx_nmi_window_test
filter = vmx_ldtr_test, test = vmx_intr_window_test
filter = vmx_ldtr_test, test = vmx_pending_event_test
filter = vmx_ldtr_test, test = vmx_pending_event_hlt_test
filter = vmx_ldtr_test, test = vmx_store_tsc_test
filter = vmx_ldtr_test, test = vmx_preemption_timer_zero_test
filter = vmx_ldtr_test, test = vmx_preemption_timer_tf_test
filter = vmx_ldtr_test, test = vmx_preemption_timer_expiry_test
filter = vmx_ldtr_test, test = ept_access_test_not_present
filter = vmx_ldtr_test, test = ept_access_test_read_only
filter = vmx_ldtr_test, test = ept_access_test_write_only
filter = vmx_ldtr_test, test = ept_access_test_read_write
filter = vmx_ldtr_test, test = ept_access_test_execute_only
filter = vmx_ldtr_test, test = ept_access_test_read_execute
filter = vmx_ldtr_test, test = ept_access_test_write_execute
filter = vmx_ldtr_test, test = ept_access_test_read_write_execute
filter = vmx_ldtr_test, test = ept_access_test_reserved_bits
filter = vmx_ldtr_test, test = ept_access_test_ignored_bits
filter = vmx_ldtr_test, test = ept_access_test_paddr_not_present_ad_disabled
filter = vmx_ldtr_test, test = ept_access_test_paddr_not_present_ad_enabled
filter = vmx_ldtr_test, test = ept_access_test_paddr_read_only_ad_disabled
filter = vmx_ldtr_test, test = ept_access_test_paddr_read_only_ad_enabled
filter = vmx_ldtr_test, test = ept_access_test_paddr_read_write
filter = vmx_ldtr_test, test = ept_access_test_paddr_read_write_execute
filter = vmx_ldtr_test, test = ept_access_test_paddr_read_execute_ad_disabled
filter = vmx_ldtr_test, test = ept_access_test_paddr_read_execute_ad_enabled
filter = vmx_ldtr_test, test = ept_access_test_paddr_not_present_page_fault
filter = vmx_ldtr_test, test = ept_access_test_force_2m_page
filter = vmx_ldtr_test, test = atomic_switch_max_msrs_test
filter = vmx_ldtr_test, test = atomic_switch_overflow_msrs_test
filter = vmx_ldtr_test, test = rdtsc_vmexit_diff_test
filter = vmx_ldtr_test, test = vmx_mtf_test
filter = vmx_ldtr_test, test = vmx_mtf_pdpte_test
filter = vmx_ldtr_test, test = vmx_pf_exception_test
filter = vmx_ldtr_test, test = vmx_pf_no_vpid_test
filter = vmx_ldtr_test, test = vmx_pf_invvpid_test
filter = vmx_ldtr_test, test = vmx_pf_vpid_test
SUMMARY: 5 tests, 1 unexpected failures
FAIL vmx_ldtr_test (5 tests, 1 unexpected failures)
This is a new test added into vmx (and split out for debug purpose),
so it's not a regression.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu-kernel-tests/+bug/1956315/+subscriptions
--
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help : https://help.launchpad.net/ListHelp
