This bug was fixed in the package linux-azure - 5.13.0-1026.30
---------------
linux-azure (5.13.0-1026.30) impish; urgency=medium
* impish/linux-azure: 5.13.0-1026.30 -proposed tracker (LP: #1974334)
* [Azure] WARNING: CPU: 0 PID: 499 at include/linux/dma-mapping.h:555
netvsc_probe+0x3c9/0x3e0 (LP: #1975717)
- Drivers: hv: vmbus: Rework use of DMA_BIT_MASK(64)
- Drivers: hv: vmbus: Fix initialization of device object in
vmbus_device_register()
* [Azure] hv_netvsc: Add support for XDP_REDIRECT (LP: #1972832)
- hv_netvsc: Add comment of netvsc_xdp_xmit()
- hv_netvsc: Add support for XDP_REDIRECT
* linux-azure: Patch Set for ARM64 Images 20.04 and 18.04 (LP: #1970468)
- Drivers: hv: vmbus: Replace smp_store_mb() with virt_store_mb()
- Drivers: hv: balloon: Support status report for larger page sizes
- Drivers: hv: balloon: Disable balloon and hot-add accordingly
* [Azure] PCI: hv: Do not set PCI_COMMAND_MEMORY to reduce VM boot time
(LP: #1972662)
- PCI: hv: Do not set PCI_COMMAND_MEMORY to reduce VM boot time
* config CONFIG_HISI_PMU for kunpeng920 (LP: #1956086)
- [Config] azure: CONFIG_HISI_PMU=m
[ Ubuntu: 5.13.0-46.51 ]
* CVE-2022-21499
- SAUCE: debug: Lock down kgdb
[ Ubuntu: 5.13.0-45.50 ]
* impish/linux: 5.13.0-45.50 -proposed tracker (LP: #1974347)
* CVE-2022-1158
- KVM: x86/mmu: do compare-and-exchange of gPTE via the user address
* config CONFIG_HISI_PMU for kunpeng920 (LP: #1956086)
- [Config] CONFIG_HISI_PMU=m
* re-apply missing overlayfs SAUCE patch (LP: #1967924)
- SAUCE: overlayfs: fix incorrect mnt_id of files opened from map_files
* Impish update: upstream stable patchset 2022-04-20 (LP: #1969666)
- mac80211_hwsim: report NOACK frames in tx_status
- mac80211_hwsim: initialize ieee80211_tx_info at hw_scan_work
- i2c: bcm2835: Avoid clock stretching timeouts
- ASoC: rt5668: do not block workqueue if card is unbound
- ASoC: rt5682: do not block workqueue if card is unbound
- regulator: core: fix false positive in regulator_late_cleanup()
- KVM: arm64: vgic: Read HW interrupt pending state from the HW
- tipc: fix a bit overflow in tipc_crypto_key_rcv()
- cifs: fix double free race when mount fails in cifs_get_root()
- selftests/seccomp: Fix seccomp failure by adding missing headers
- i2c: cadence: allow COMPILE_TEST
- i2c: qup: allow COMPILE_TEST
- net: usb: cdc_mbim: avoid altsetting toggling for Telit FN990
- usb: gadget: don't release an existing dev->buf
- usb: gadget: clear related members when goto fail
- exfat: reuse exfat_inode_info variable instead of calling EXFAT_I()
- exfat: fix i_blocks for files truncated over 4 GiB
- tracing: Add test for user space strings when filtering on string pointers
- serial: stm32: prevent TDR register overwrite when sending x_char
- ata: pata_hpt37x: fix PCI clock detection
- drm/amdgpu: check vm ready by amdgpu_vm->evicting flag
- tracing: Add ustring operation to filtering string pointers
- ALSA: intel_hdmi: Fix reference to PCM buffer address
- riscv/efi_stub: Fix get_boot_hartid_from_fdt() return value
- riscv: Fix config KASAN && SPARSEMEM && !SPARSE_VMEMMAP
- riscv: Fix config KASAN && DEBUG_VIRTUAL
- ASoC: ops: Shift tested values in snd_soc_put_volsw() by +min
- iommu/amd: Recover from event log overflow
- drm/i915: s/JSP2/ICP2/ PCH
- xen/netfront: destroy queues before real_num_tx_queues is zeroed
- thermal: core: Fix TZ_GET_TRIP NULL pointer dereference
- ntb: intel: fix port config status offset for SPR
- mm: Consider __GFP_NOWARN flag for oversized kvmalloc() calls
- xfrm: fix MTU regression
- netfilter: fix use-after-free in __nf_register_net_hook()
- bpf, sockmap: Do not ignore orig_len parameter
- xfrm: enforce validity of offload input flags
- e1000e: Correct NVM checksum verification flow
- net: fix up skbs delta_truesize in UDP GRO frag_list
- netfilter: nf_queue: don't assume sk is full socket
- netfilter: nf_queue: fix possible use-after-free
- netfilter: nf_queue: handle socket prefetch
- batman-adv: Request iflink once in batadv-on-batadv check
- batman-adv: Request iflink once in batadv_get_real_netdevice
- batman-adv: Don't expect inter-netns unique iflink indices
- net: ipv6: ensure we call ipv6_mc_down() at most once
- net: dcb: flush lingering app table entries for unregistered devices
- net/smc: fix connection leak
- net/smc: fix unexpected SMC_CLC_DECL_ERR_REGRMB error generated by client
- net/smc: fix unexpected SMC_CLC_DECL_ERR_REGRMB error cause by server
- mac80211: fix forwarded mesh frames AC & queue selection
- net: stmmac: fix return value of __setup handler
- mac80211: treat some SAE auth steps as final
- iavf: Fix missing check for running netdev
- net: sxgbe: fix return value of __setup handler
- ibmvnic: register netdev after init of adapter
- net: arcnet: com20020: Fix null-ptr-deref in com20020pci_probe()
- ixgbe: xsk: change !netif_carrier_ok() handling in ixgbe_xmit_zc()
- efivars: Respect "block" flag in efivar_entry_set_safe()
- firmware: arm_scmi: Remove space in MODULE_ALIAS name
- ASoC: cs4265: Fix the duplicated control name
- can: gs_usb: change active_channels's type from atomic_t to u8
- arm64: dts: rockchip: Switch RK3399-Gru DP to SPDIF output
- igc: igc_read_phy_reg_gpy: drop premature return
- ARM: Fix kgdb breakpoint for Thumb2
- ARM: 9182/1: mmu: fix returns from early_param() and __setup() functions
- selftests: mlxsw: tc_police_scale: Make test more robust
- pinctrl: sunxi: Use unique lockdep classes for IRQs
- igc: igc_write_phy_reg_gpy: drop premature return
- ibmvnic: free reset-work-item when flushing
- memfd: fix F_SEAL_WRITE after shmem huge page allocated
- s390/extable: fix exception table sorting
- ARM: dts: switch timer config to common devkit8000 devicetree
- ARM: dts: Use 32KiHz oscillator on devkit8000
- soc: fsl: guts: Revert commit 3c0d64e867ed
- soc: fsl: guts: Add a missing memory allocation failure check
- soc: fsl: qe: Check of ioremap return value
- ARM: tegra: Move panels to AUX bus
- ibmvnic: complete init_done on transport events
- net: chelsio: cxgb3: check the return value of pci_find_capability()
- iavf: Refactor iavf state machine tracking
- nl80211: Handle nla_memdup failures in handle_nan_filter
- drm/amdgpu: fix suspend/resume hang regression
- net: dcb: disable softirqs in dcbnl_flush_dev()
- Input: elan_i2c - move regulator_[en|dis]able() out of
elan_[en|dis]able_power()
- Input: elan_i2c - fix regulator enable count imbalance after
suspend/resume
- Input: samsung-keypad - properly state IOMEM dependency
- HID: add mapping for KEY_DICTATE
- HID: add mapping for KEY_ALL_APPLICATIONS
- tracing/histogram: Fix sorting on old "cpu" value
- tracing: Fix return value of __setup handlers
- btrfs: fix lost prealloc extents beyond eof after full fsync
- btrfs: qgroup: fix deadlock between rescan worker and remove qgroup
- btrfs: add missing run of delayed items after unlink during log replay
- Revert "xfrm: xfrm_state_mtu should return at least 1280 for ipv6"
- hamradio: fix macro redefine warning
- arm64: Mark start_backtrace() notrace and NOKPROBE_SYMBOL
- sched/fair: Fix fault in reweight_entity
- tools/resolve_btf_ids: Close ELF file on error
- mtd: spi-nor: Fix mtd size for s3an flashes
- MIPS: fix local_{add,sub}_return on MIPS64
- signal: In get_signal test for signal_group_exit every time through the
loop
- PCI: mediatek-gen3: Disable DVFSRC voltage request
- PCI: dwc: Do not remap invalid res
- PCI: aardvark: Fix checking for MEM resource type
- KVM: VMX: Don't unblock vCPU w/ Posted IRQ if IRQs are disabled in guest
- KVM: s390: Ensure kvm_arch_no_poll() is read once when blocking vCPU
- KVM: VMX: Read Posted Interrupt "control" exactly once per loop iteration
- KVM: x86: Handle 32-bit wrap of EIP for EMULTYPE_SKIP with flat code seg
- KVM: x86: Exit to userspace if emulation prepared a completion callback
- i3c: fix incorrect address slot lookup on 64-bit
- i3c/master/mipi-i3c-hci: Fix a potentially infinite loop in
'hci_dat_v1_get_index()'
- tracing: Do not let synth_events block other dyn_event systems during
create
- Input: ti_am335x_tsc - set ADCREFM for X configuration
- Input: ti_am335x_tsc - fix STEPCONFIG setup for Z2
- NFSD: Fix verifier returned in stable WRITEs
- Revert "nfsd: skip some unnecessary stats in the v4 case"
- nfsd: fix crash on COPY_NOTIFY with special stateid
- x86/hyperv: Properly deal with empty cpumasks in hyperv_flush_tlb_multi()
- SUNRPC: Fix sockaddr handling in the svc_xprt_create_error trace point
- SUNRPC: Fix sockaddr handling in svcsock_accept_class trace points
- drm/sun4i: dw-hdmi: Fix missing put_device() call in sun8i_hdmi_phy_get
- drm/atomic: Check new_crtc_state->active to determine if CRTC needs
disable
in self refresh mode
- ntb_hw_switchtec: Fix pff ioread to read into mmio_part_cfg_all
- ntb_hw_switchtec: Fix bug with more than 32 partitions
- drm/amdkfd: Check for null pointer after calling kmemdup
- i3c: master: dw: check return of dw_i3c_master_get_free_pos()
- dma-buf: cma_heap: Fix mutex locking section
- tracing/uprobes: Check the return value of kstrdup() for tu->filename
- tracing/probes: check the return value of kstrndup() for pbuf
- mm: defer kmemleak object creation of module_alloc()
- kasan: fix quarantine conflicting with init_on_free
- selftests/vm: make charge_reserved_hugetlb.sh work with existing cgroup
setting
- hugetlbfs: fix off-by-one error in hugetlb_vmdelete_list()
- ethtool: Fix link extended state for big endian
- bpf: Fix possible race in inc_misses_counter
- gve: Recording rx queue before sending to napi
- ibmvnic: don't release napi in __ibmvnic_open()
- bnxt_en: Fix occasional ethtool -t loopback test failures
- iwlwifi: mvm: check debugfs_dir ptr before use
- iommu/vt-d: Fix double list_add when enabling VMD in scalable mode
- mac80211: fix EAPoL rekey fail in 802.3 rx path
- blktrace: fix use after free for struct blk_trace
- net: ipa: add an interconnect dependency
- iavf: Fix deadlock in iavf_reset_task
- auxdisplay: lcd2s: Fix lcd2s_redefine_char() feature
- auxdisplay: lcd2s: Fix memory leak in ->remove()
- auxdisplay: lcd2s: Use proper API to free the instance of charlcd object
- iommu/tegra-smmu: Fix missing put_device() call in tegra_smmu_find
- mips: setup: fix setnocoherentio() boolean setting
- mptcp: Correctly set DATA_FIN timeout when number of retransmits is large
- sched: Fix yet more sched_fork() races
- arm64: dts: juno: Remove GICv2m dma-range
- iommu/amd: Fix I/O page table memory leak
- netfilter: nf_tables: prefer kfree_rcu(ptr, rcu) variant
- can: etas_es58x: change opened_channel_cnt's type from atomic_t to u8
- e1000e: Fix possible HW unit hang after an s0ix exit
- selftests: mlxsw: resource_scale: Fix return value
- iavf: do not override the adapter state in the watchdog task (again)
- btrfs: fix relocation crash due to premature return from
btrfs_commit_transaction()
- KVM: x86/mmu: Passing up the error state of mmu_alloc_shadow_roots()
* CVE-2022-28390
- can: ems_usb: ems_usb_start_xmit(): fix double dev_kfree_skb() in error
path
linux-azure (5.13.0-1025.29) impish; urgency=medium
* impish/linux-azure: 5.13.0-1025.29 -proposed tracker (LP: #1973931)
[ Ubuntu: 5.13.0-44.49 ]
* impish/linux: 5.13.0-44.49 -proposed tracker (LP: #1973941)
* CVE-2022-29581
- net/sched: cls_u32: fix netns refcount changes in u32_change()
* Unprivileged users may use PTRACE_SEIZE to set PTRACE_O_SUSPEND_SECCOMP
option (LP: #1972740)
- ptrace: Check PTRACE_O_SUSPEND_SECCOMP permission on PTRACE_SEIZE
* ext4: limit length to bitmap_maxbytes (LP: #1972281)
- ext4: limit length to bitmap_maxbytes - blocksize in punch_hole
-- Tim Gardner <tim.gard...@canonical.com> Thu, 26 May 2022 10:46:59
-0600
** Changed in: linux-azure (Ubuntu Impish)
Status: Fix Committed => Fix Released
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2022-1158
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2022-21499
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2022-28390
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2022-29581
** Changed in: linux-azure (Ubuntu Jammy)
Status: Fix Committed => Fix Released
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux-azure in Ubuntu.
https://bugs.launchpad.net/bugs/1975717
Title:
[Azure] WARNING: CPU: 0 PID: 499 at include/linux/dma-mapping.h:555
netvsc_probe+0x3c9/0x3e0
Status in linux-azure package in Ubuntu:
Fix Released
Status in linux-azure source package in Impish:
Fix Released
Status in linux-azure source package in Jammy:
Fix Released
Bug description:
SRU Justification
[Impact]
When I hot-add a NIC to a Ubuntu 20.04 VM (“5.13.0-1023-azure
#27~20.04.1-Ubuntu”), I get the the below call-trace.
Please include the March-2022 fix: “Drivers: hv: vmbus: Fix initialization of
device object in vmbus_device_register()”
(https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=3a5469582c241abca22500f36a9cb8e9331969cf)
BTW, this call-trace should be harmless to a non-CVM VM.
[ 364.275105] hv_utils: Heartbeat IC version 3.0
[ 364.275137] hv_utils: KVP IC version 4.0
[ 364.275146] hv_utils: Shutdown IC version 3.2
[ 364.275153] hv_utils: TimeSync IC version 4.0
[ 365.281376] ------------[ cut here ]------------
[ 365.281380] WARNING: CPU: 0 PID: 499 at include/linux/dma-mapping.h:555
netvsc_probe+0x3c9/0x3e0 [hv_netvsc]
[ 365.281392] Modules linked in: udf crc_itu_t iptable_mangle iptable_filter
iptable_raw xt_LOG nf_log_syslog bpfilter nls_iso8859_1 dm_multipath
scsi_dh_rdac scsi_dh_emc scsi_dh_alua kvm_intel kvm joydev hid_generic
crct10dif_pclmul crc32_pclmul ghash_clmulni_intel aesni_intel crypto_simd
cryptd serio_raw hv_netvsc pata_acpi hyperv_keyboard hid_hyperv hv_utils
hv_balloon hyperv_fb hid sch_fq_codel ipmi_devintf drm ipmi_msghandler msr
i2c_core ip_tables x_tables autofs4
[ 365.281422] CPU: 0 PID: 499 Comm: kworker/0:3 Not tainted 5.13.0-1023-azure
#27~20.04.1-Ubuntu
[ 365.281424] Hardware name: Microsoft Corporation Virtual Machine/Virtual
Machine, BIOS 090008 12/07/2018
[ 365.281427] Workqueue: hv_pri_chan vmbus_add_channel_work
[ 365.281434] RIP: 0010:netvsc_probe+0x3c9/0x3e0 [hv_netvsc]
[ 365.281440] Code: 37 c0 4c 89 e6 48 c7 c7 98 f2 37 c0 e8 70 b1 c4 da e9 e9
fc ff ff 49 c7 84 24 88 0b 00 00 00 00 00 00 41 bf f4 ff ff ff eb b0 <0f> 0b e9
19 fe ff ff 41 bf f4 ff ff ff e9 51 ff ff ff 0f 1f 44 00
[ 365.281442] RSP: 0018:ffff99270075bbd0 EFLAGS: 00010246
[ 365.281444] RAX: 0000000000000000 RBX: ffff890840b21000 RCX:
0000000000000002
[ 365.281446] RDX: 0000000000000002 RSI: 0000000000000000 RDI:
0000000000000002
[ 365.281447] RBP: ffff99270075bbf8 R08: 0000000000000000 R09:
0000000000000000
[ 365.281448] R10: ffffffff9c74e820 R11: 0000000000000394 R12:
ffff890844dc6000
[ 365.281449] R13: 0000000000000002 R14: 0000301d0800ae28 R15:
000000000000000f
[ 365.281451] FS: 0000000000000000(0000) GS:ffff8909f7c00000(0000)
knlGS:0000000000000000
[ 365.281453] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 365.281454] CR2: 00005619b3504d38 CR3: 00000001091f8005 CR4:
00000000003706f0
[ 365.281459] Call Trace:
[ 365.281461] <TASK>
[ 365.281465] vmbus_probe+0x67/0x80
[ 365.281468] really_probe+0x1dc/0x440
[ 365.281472] driver_probe_device+0xf0/0x160
[ 365.281476] __device_attach_driver+0x79/0xe0
[ 365.281479] ? driver_allows_async_probing+0x50/0x50
[ 365.281482] bus_for_each_drv+0x84/0xd0
[ 365.281485] __device_attach+0xed/0x170
[ 365.281488] device_initial_probe+0x13/0x20
[ 365.281491] bus_probe_device+0x8f/0xa0
[ 365.281494] device_add+0x3f4/0x8e0
[ 365.281496] ? hrtimer_init+0x2b/0x70
[ 365.281501] device_register+0x1b/0x20
[ 365.281503] vmbus_device_register+0x5e/0xe0
[ 365.281505] vmbus_add_channel_work+0x12d/0x190
[ 365.281507] process_one_work+0x21a/0x3b0
[ 365.281511] worker_thread+0x4d/0x3e0
[ 365.281515] ? process_one_work+0x3b0/0x3b0
[ 365.281517] kthread+0x12b/0x150
[ 365.281521] ? set_kthread_struct+0x40/0x40
[ 365.281523] ret_from_fork+0x22/0x30
[ 365.281528] </TASK>
[ 365.281529] ---[ end trace 80a393e06f0ee58d ]---
[ 365.514764] hv_balloon: Max. dynamic memory size: 8192 MB
[ 367.937000] IPv6: ADDRCONF(NETDEV_CHANGE): eth0: link becomes ready
[Test Case]
Microsoft tested
[Where things could go wrong]
CVM VNIC instances may not initialize correctly.
[Other Info]
SF: #00337569
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux-azure/+bug/1975717/+subscriptions
--
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help : https://help.launchpad.net/ListHelp
