[Kernel-packages] [Bug 1978967] Re: Fix XFRM flags validity check

Launchpad Bug Tracker Mon, 11 Jul 2022 13:16:52 -0700

This bug was fixed in the package linux-bluefield - 5.4.0-1040.44

---------------
linux-bluefield (5.4.0-1040.44) focal; urgency=medium


  * focal/linux-bluefield: 5.4.0-1040.44 -proposed tracker (LP:
#1978639)

  * fix ref leak when switching zones (LP: #1979009)
    - net/sched: act_ct: fix ref leak when switching zones

  * Fix XFRM flags validity check (LP: #1978967)
    - SAUCE: net/xfrm: Fix XFRM flags validity check

  [ Ubuntu: 5.4.0-121.137 ]

  * focal/linux: 5.4.0-121.137 -proposed tracker (LP: #1978666)
  * Packaging resync (LP: #1786013)
    - debian/dkms-versions -- update from kernel-versions (main/2022.05.30)
  * CVE-2022-28388
    - can: usb_8dev: usb_8dev_start_xmit(): fix double dev_kfree_skb() in error
      path
  * test_vxlan_under_vrf.sh in net from ubuntu_kernel_selftests failed (Check VM
    connectivity through VXLAN (underlay in the default VRF) [FAIL])
    (LP: #1871015)
    - selftests: net: test_vxlan_under_vrf: fix HV connectivity test
  * [UBUNTU 20.04] CPU-MF: add extended counter set definitions for new IBM z16
    (LP: #1974433)
    - s390/cpumf: add new extended counter set for IBM z16
  * [UBUNTU 20.04] KVM nesting support leaks too much memory, might result in
    stalls during cleanup (LP: #1974017)
    - KVM: s390: vsie/gmap: reduce gmap_rmap overhead
  * [UBUNTU 20.04] Null Pointer issue in nfs code running Ubuntu on IBM Z
    (LP: #1968096)
    - NFS: Fix up nfs_ctx_key_to_expire()

  [ Ubuntu: 5.4.0-120.136 ]

  * CVE-2022-21123 // CVE-2022-21125 // CVE-2022-21166
    - cpu/speculation: Add prototype for cpu_show_srbds()
    - x86/cpu: Add Jasper Lake to Intel family
    - x86/cpu: Add Lakefield, Alder Lake and Rocket Lake models to the to Intel
      CPU family
    - x86/cpu: Add another Alder Lake CPU to the Intel family
    - Documentation: Add documentation for Processor MMIO Stale Data
    - x86/speculation/mmio: Enumerate Processor MMIO Stale Data bug
    - x86/speculation: Add a common function for MD_CLEAR mitigation update
    - x86/speculation/mmio: Add mitigation for Processor MMIO Stale Data
    - x86/bugs: Group MDS, TAA & Processor MMIO Stale Data mitigations
    - x86/speculation/mmio: Enable CPU Fill buffer clearing on idle
    - x86/speculation/mmio: Add sysfs reporting for Processor MMIO Stale Data
    - x86/speculation/srbds: Update SRBDS mitigation selection
    - x86/speculation/mmio: Reuse SRBDS mitigation for SBDS
    - KVM: x86/speculation: Disable Fill buffer clear within guests
    - x86/speculation/mmio: Print SMT warning

 -- Zachary Tahenakos <zachary.tahena...@canonical.com>  Tue, 21 Jun
2022 13:59:23 -0400

** Changed in: linux-bluefield (Ubuntu Focal)
       Status: Fix Committed => Fix Released

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2022-21123

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2022-21125

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2022-21166

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2022-28388

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux-bluefield in Ubuntu.
https://bugs.launchpad.net/bugs/1978967

Title:
  Fix XFRM flags validity check

Status in linux-bluefield package in Ubuntu:
  Invalid
Status in linux-bluefield source package in Focal:
  Fix Released

Bug description:
  
  * Explain the bug(s)
  commit a3ca11eec78 introduced a flags validity check for XFRM , the check 
excluded flag XFRM_OFFLOAD_FULL from the check hence the flag is being blocked 
from getting to the kernel space. 
  The above is preventing IPsec states from being added with the full_offload 
option.

  * Brief explanation of fixes
  The commit restricted unknown flags from being configured from user space by 
adding a validity check, 
  since the Bluefield feature added such a flag , the fix expands the validity 
check to include this flag which is added
  only in Bluefield kernel .
   
  * How to test
  Need to make sure that configuring IPsec with full_offload option using 
IProute2 can be done successfully with no issues.
  (Not getting the RTNETLINK answers: Invalid argument error anymore)

  * What it could break.
  NA, this patch allows a specific flag to get passed to the kernel space, the 
kernel was using this flag already however after validity check got introduced 
the flag just got blocked from getting to the kernel.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux-bluefield/+bug/1978967/+subscriptions


-- 
Mailing list: https://launchpad.net/~kernel-packages
Post to     : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help   : https://help.launchpad.net/ListHelp

[Kernel-packages] [Bug 1978967] Re: Fix XFRM flags validity check

Reply via email to