This bug was fixed in the package linux-bluefield - 5.4.0-1060.66
---------------
linux-bluefield (5.4.0-1060.66) focal; urgency=medium
* focal/linux-bluefield: 5.4.0-1060.66 -proposed tracker (LP:
#2008364)
* gpio: Restrict usage of GPIO chip irq members before initialization
(LP: #2007581)
- gpio: Restrict usage of GPIO chip irq members before initialization
- gpio: Request interrupts after IRQ is initialized
* netfilter: flowtable: add counter support in HW offload (LP: #2008136)
- netfilter: conntrack: add nf_ct_acct_add()
- netfilter: flowtable: add counter support in HW offload
[ Ubuntu: 5.4.0-145.162 ]
* focal/linux: 5.4.0-145.162 -proposed tracker (LP: #2008389)
* [SRU]Update ice driver to support E823 devices (LP: #1986717)
- ice: Add device ids for E822 devices
- ice: add support for E823 devices
* btrfs/154: rename fails with EOVERFLOW when calculating item size during
item key collision (LP: #2004132)
- btrfs: correctly calculate item size used when item key collision happens
* rtcpie in timers from ubuntu_kernel_selftests randomly failing
(LP: #1814234)
- SAUCE: selftest: rtcpie: Force passing unreliable subtest
* [UBUNTU 20.04] KVM: s390: pv: don't allow userspace to set the clock under
PV - kernel part (LP: #1999882)
- KVM: s390x: fix SCK locking
- KVM: s390: pv: don't allow userspace to set the clock under PV
* CVE-2021-3669
- ipc: replace costly bailout check in sysvipc_find_ipc()
* net:fcnal-test.sh 'nettest' command not found on F/K (LP: #2006391)
- selftests/net: Find nettest in current directory
* xfs: Preallocated ioend transactions cause deadlock due to log buffer
exhaustion (LP: #2007219)
- xfs: drop submit side trans alloc for append ioends
* CVE-2022-4382
- USB: gadgetfs: Fix race between mounting and unmounting
* CVE-2022-2196
- KVM: VMX: Execute IBPB on emulated VM-exit when guest has IBRS
* ubuntu_kernel_selftests: net:udpgso_bench.sh failed (LP: #1951447)
- selftests: net: udpgso_bench: Fix racing bug between the rx/tx programs
* net:fcnal-test.sh didn't return a non-zero value even with some sub-tests
failed (LP: #2006692)
- selftests: net/fcnal-test.sh: add exit code
* Fix selftests/ftracetests/Meta-selftests in Focal (LP: #2006453)
- SAUCE: Fix ftrace/Meta-selftests bashism check
* CVE-2023-23559
- wifi: rndis_wlan: Prevent buffer overflow in rndis_query_oid
-- Bartlomiej Zolnierkiewicz <[email protected]>
Fri, 10 Mar 2023 18:15:33 +0100
** Changed in: linux-bluefield (Ubuntu Focal)
Status: Fix Committed => Fix Released
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2021-3669
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2022-2196
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2022-4382
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2023-23559
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux-bluefield in Ubuntu.
https://bugs.launchpad.net/bugs/2007581
Title:
gpio: Restrict usage of GPIO chip irq members before initialization
Status in linux-bluefield package in Ubuntu:
Invalid
Status in linux-bluefield source package in Focal:
Fix Released
Bug description:
SRU Justification:
[Impact]
GPIO chip irq members are exposed before they could be completely
initialized and this leads to race conditions.
One such issue was observed for the gc->irq.domain variable which
was accessed through the pwr-mlxbf.c driver in gpiochip_to_irq() before
it could be initialized by gpiochip_add_irqchip(). This resulted in
Kernel NULL pointer dereference. This is a well known issue in the linux
community
and was fixed via 2 commits:
5467801f1fcbdc46bc7298a84dbf3ca1ff2a7320
and
06fb4ecfeac7e00d6704fa5ed19299f2fefb3cc9 (since the previous commit caused a
regression)
This race condition is intermittent and hard to reproduce.
[Fix]
* Cherry pick: 5467801f1fcbdc46bc7298a84dbf3ca1ff2a7320 to fix the bug at
stake
* cherry-pick: 06fb4ecfeac7e00d6704fa5ed19299f2fefb3cc9 to fix a regression
introduced by the previous commit
[Test Case]
* Check that the gpio-mlxbf2.c driver is loaded with no kernel panic
* check that all drivers dependent on gpio-mlxbf2.c driver are loaded
(mlxbf-gige and pwr-mlxbf)
* do 5000 reboots to make sure this race condition no longer happens
[Regression Potential]
This could cause some regression with the use of gpio interrupts so it is
important to test the dependent
drivers mlxbf-gige and pwr-mlxbf. Trigger power reset interrupt to test
pwr-mlxbf and bring down/up the
oob_net0 interface to test mlxbf-gige.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux-bluefield/+bug/2007581/+subscriptions
--
Mailing list: https://launchpad.net/~kernel-packages
Post to : [email protected]
Unsubscribe : https://launchpad.net/~kernel-packages
More help : https://help.launchpad.net/ListHelp
