← Back to team overview

group.of.nepali.translators team mailing list archive

[Bug 1787281] Re: errors when scanning partition table of corrupted AIX disk

 

This bug was fixed in the package linux - 4.4.0-137.163

---------------
linux (4.4.0-137.163) xenial; urgency=medium

  * CVE-2018-14633
    - iscsi target: Use hex2bin instead of a re-implementation

  * CVE-2018-17182
    - mm: get rid of vmacache_flush_all() entirely

linux (4.4.0-136.162) xenial; urgency=medium

  * linux: 4.4.0-136.162 -proposed tracker (LP: #1791745)

  * CVE-2017-5753
    - bpf: properly enforce index mask to prevent out-of-bounds speculation
    - Revert "UBUNTU: SAUCE: bpf: Use barrier_nospec() instead of osb()"
    - Revert "bpf: prevent speculative execution in eBPF interpreter"

  * L1TF mitigation not effective in some CPU and RAM combinations
    (LP: #1788563) // CVE-2018-3620 // CVE-2018-3646
    - x86/speculation/l1tf: Fix overflow in l1tf_pfn_limit() on 32bit
    - x86/speculation/l1tf: Fix off-by-one error when warning that system has too
      much RAM
    - x86/speculation/l1tf: Increase l1tf memory limit for Nehalem+

  * CVE-2018-15594
    - x86/paravirt: Fix spectre-v2 mitigations for paravirt guests

  * Xenial update to 4.4.144 stable release (LP: #1791080)
    - KVM/Eventfd: Avoid crash when assign and deassign specific eventfd in
      parallel.
    - x86/MCE: Remove min interval polling limitation
    - fat: fix memory allocation failure handling of match_strdup()
    - ALSA: rawmidi: Change resized buffers atomically
    - ARC: Fix CONFIG_SWAP
    - ARC: mm: allow mprotect to make stack mappings executable
    - mm: memcg: fix use after free in mem_cgroup_iter()
    - ipv4: Return EINVAL when ping_group_range sysctl doesn't map to user ns
    - ipv6: fix useless rol32 call on hash
    - lib/rhashtable: consider param->min_size when setting initial table size
    - net/ipv4: Set oif in fib_compute_spec_dst
    - net: phy: fix flag masking in __set_phy_supported
    - ptp: fix missing break in switch
    - tg3: Add higher cpu clock for 5762.
    - net: Don't copy pfmemalloc flag in __copy_skb_header()
    - skbuff: Unconditionally copy pfmemalloc in __skb_clone()
    - xhci: Fix perceived dead host due to runtime suspend race with event handler
    - x86/paravirt: Make native_save_fl() extern inline
    - SAUCE: Add missing CPUID_7_EDX defines
    - SAUCE: x86/speculation: Expose indirect_branch_prediction_barrier()
    - x86/pti: Mark constant arrays as __initconst
    - x86/asm/entry/32: Simplify pushes of zeroed pt_regs->REGs
    - x86/entry/64/compat: Clear registers for compat syscalls, to reduce
      speculation attack surface
    - x86/speculation: Clean up various Spectre related details
    - x86/speculation: Fix up array_index_nospec_mask() asm constraint
    - x86/xen: Zero MSR_IA32_SPEC_CTRL before suspend
    - x86/mm: Factor out LDT init from context init
    - x86/mm: Give each mm TLB flush generation a unique ID
    - SAUCE: x86/speculation: Use Indirect Branch Prediction Barrier in context
      switch
    - x86/speculation: Use IBRS if available before calling into firmware
    - x86/speculation: Move firmware_restrict_branch_speculation_*() from C to CPP
    - selftest/seccomp: Fix the seccomp(2) signature
    - xen: set cpu capabilities from xen_start_kernel()
    - x86/amd: don't set X86_BUG_SYSRET_SS_ATTRS when running under Xen
    - SAUCE: Preserve SPEC_CTRL MSR in new inlines
    - SAUCE: Add Knights Mill to NO SSB list
    - x86/process: Correct and optimize TIF_BLOCKSTEP switch
    - x86/process: Optimize TIF_NOTSC switch
    - Revert "x86/cpufeatures: Add FEATURE_ZEN"
    - Revert "x86/cpu/AMD: Fix erratum 1076 (CPB bit)"
    - x86/cpu/AMD: Fix erratum 1076 (CPB bit)
    - x86/cpufeatures: Add FEATURE_ZEN
    - x86/xen: Add call of speculative_store_bypass_ht_init() to PV paths
    - x86/cpu: Re-apply forced caps every time CPU caps are re-read
    - block: do not use interruptible wait anywhere
    - clk: tegra: Fix PLL_U post divider and initial rate on Tegra30
    - ubi: Introduce vol_ignored()
    - ubi: Rework Fastmap attach base code
    - ubi: Be more paranoid while seaching for the most recent Fastmap
    - ubi: Fix races around ubi_refill_pools()
    - ubi: Fix Fastmap's update_vol()
    - ubi: fastmap: Erase outdated anchor PEBs during attach
    - Linux 4.4.144

  * CVE-2017-5715 (Spectre v2 s390x)
    - s390: detect etoken facility
    - s390/lib: use expoline for all bcr instructions
    - SAUCE: s390: use expoline thunks for all branches generated by the BPF JIT

  * Xenial update to 4.4.143 stable release (LP: #1790884)
    - compiler, clang: suppress warning for unused static inline functions
    - compiler, clang: properly override 'inline' for clang
    - compiler, clang: always inline when CONFIG_OPTIMIZE_INLINING is disabled
    - compiler-gcc.h: Add __attribute__((gnu_inline)) to all inline declarations
    - x86/asm: Add _ASM_ARG* constants for argument registers to <asm/asm.h>
    - ocfs2: subsystem.su_mutex is required while accessing the item->ci_parent
    - bcm63xx_enet: correct clock usage
    - bcm63xx_enet: do not write to random DMA channel on BCM6345
    - crypto: crypto4xx - remove bad list_del
    - crypto: crypto4xx - fix crypto4xx_build_pdr, crypto4xx_build_sdr leak
    - atm: zatm: Fix potential Spectre v1
    - net: dccp: avoid crash in ccid3_hc_rx_send_feedback()
    - net: dccp: switch rx_tstamp_last_feedback to monotonic clock
    - net/mlx5: Fix incorrect raw command length parsing
    - net: sungem: fix rx checksum support
    - qed: Limit msix vectors in kdump kernel to the minimum required count.
    - r8152: napi hangup fix after disconnect
    - tcp: fix Fast Open key endianness
    - tcp: prevent bogus FRTO undos with non-SACK flows
    - vhost_net: validate sock before trying to put its fd
    - net_sched: blackhole: tell upper qdisc about dropped packets
    - net/mlx5: Fix command interface race in polling mode
    - net: cxgb3_main: fix potential Spectre v1
    - rtlwifi: rtl8821ae: fix firmware is not ready to run
    - MIPS: Call dump_stack() from show_regs()
    - MIPS: Use async IPIs for arch_trigger_cpumask_backtrace()
    - netfilter: ebtables: reject non-bridge targets
    - KEYS: DNS: fix parsing multiple options
    - rds: avoid unenecessary cong_update in loop transport
    - net/nfc: Avoid stalls when nfc_alloc_send_skb() returned NULL.
    - Linux 4.4.143

  * Xenial update to 4.4.142 stable release (LP: #1790883)
    - Kbuild: fix # escaping in .cmd files for future Make
    - perf tools: Move syscall number fallbacks from perf-sys.h to
      tools/arch/x86/include/asm/
    - Linux 4.4.142

  * Xenial update to 4.4.141 stable release (LP: #1790620)
    - MIPS: Fix ioremap() RAM check
    - ibmasm: don't write out of bounds in read handler
    - vmw_balloon: fix inflation with batching
    - ahci: Disable LPM on Lenovo 50 series laptops with a too old BIOS
    - USB: serial: ch341: fix type promotion bug in ch341_control_in()
    - USB: serial: cp210x: add another USB ID for Qivicon ZigBee stick
    - USB: serial: keyspan_pda: fix modem-status error handling
    - USB: yurex: fix out-of-bounds uaccess in read handler
    - USB: serial: mos7840: fix status-register error handling
    - usb: quirks: add delay quirks for Corsair Strafe
    - xhci: xhci-mem: off by one in xhci_stream_id_to_ring()
    - HID: usbhid: add quirk for innomedia INNEX GENESIS/ATARI adapter
    - tools build: fix # escaping in .cmd files for future Make
    - iw_cxgb4: correctly enforce the max reg_mr depth
    - x86/cpufeature: Move some of the scattered feature bits to x86_capability
    - x86/cpu: Provide a config option to disable static_cpu_has
    - x86/fpu: Add an XSTATE_OP() macro
    - x86/fpu: Get rid of xstate_fault()
    - x86/headers: Don't include asm/processor.h in asm/atomic.h
    - x86/cpufeature: Replace the old static_cpu_has() with safe variant
    - x86/cpufeature: Get rid of the non-asm goto variant
    - x86/alternatives: Add an auxilary section
    - x86/alternatives: Discard dynamic check after init
    - x86/vdso: Use static_cpu_has()
    - x86/boot: Simplify kernel load address alignment check
    - x86/cpufeature: Speed up cpu_feature_enabled()
    - x86/cpufeature, x86/mm/pkeys: Add protection keys related CPUID definitions
    - x86/mm/pkeys: Fix mismerge of protection keys CPUID bits
    - x86/cpu: Add detection of AMD RAS Capabilities
    - x86/cpufeature, x86/mm/pkeys: Fix broken compile-time disabling of pkeys
    - x86/cpufeature: Make sure DISABLED/REQUIRED macros are updated
    - x86/cpufeature: Add helper macro for mask check macros
    - uprobes/x86: Remove incorrect WARN_ON() in uprobe_init_insn()
    - netfilter: nf_queue: augment nfqa_cfg_policy
    - netfilter: x_tables: initialise match/target check parameter struct
    - loop: add recursion validation to LOOP_CHANGE_FD
    - PM / hibernate: Fix oops at snapshot_write()
    - SAUCE: RDMA/ucm: Blacklist UCM module
    - loop: remember whether sysfs_create_group() was done
    - Linux 4.4.141
    - [Config] Refresh configs for 4.4.141

  * regression with EXT4 file systems and meta_bg flag (LP: #1789653)
    - ext4: fix false negatives *and* false positives in ext4_check_descriptors()

  * CVE-2018-15572
    - x86/speculation: Protect against userspace-userspace spectreRSB

  * random oopses on s390 systems using NVMe devices (LP: #1790480)
    - s390/pci: fix out of bounds access during irq setup

  * CVE-2018-6555
    - SAUCE: irda: Only insert new objects into the global database via setsockopt

  * CVE-2018-6554
    - SAUCE: irda: Fix memory leak caused by repeated binds of irda socket

  * errors when scanning partition table of corrupted AIX disk (LP: #1787281)
    - partitions/aix: fix usage of uninitialized lv_info and lvname structures
    - partitions/aix: append null character to print data from disk

 -- Stefan Bader <stefan.bader@xxxxxxxxxxxxx>  Mon, 24 Sep 2018 13:39:05
+0200

** Changed in: linux (Ubuntu Trusty)
       Status: Fix Committed => Fix Released

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-1093

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-14634

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1787281

Title:
  errors when scanning partition table of corrupted AIX disk

Status in linux package in Ubuntu:
  Fix Released
Status in linux source package in Trusty:
  Fix Released
Status in linux source package in Xenial:
  Fix Released
Status in linux source package in Bionic:
  Fix Committed

Bug description:
  [Impact]

   * Users with disks/LUNs used for AIX operating system installations
     previously, which possibly undergone overwrites/corruption on the
     partition table, might hit kernel failures during partition scan
     of such disk/LUN, and possibly hang the system (seen with retries).

   * The Linux kernel should be robust to corrupted disk data, performing
     a better sanitization/checks and not failing.

   * The fix are a couple of simple logic changes to make the code
     of the AIX partition table parser more robust.

  [Test Case]

   * Run the partition scan on the (trimmed) disk image of the AIX lun.
     (It's not provided here since it contains customer data), with this
     command:

     $ sudo losetup --find --show --partscan rlv_grkgld.1mb

   * On failure, the command hangs, and messages like these are printed
     to the console, depending on the kernel version (see tests below)

     [  270.506420] partition (null) (3 pp's found) is not contiguous

     [  270.597428] BUG: unable to handle kernel paging request at 0000000000001000
     [  270.599525] IP: [<ffffffff81379d4d>] strnlen+0xd/0x40

   * On success, the command prints a loop device name, for example:

     /dev/loop0
   
  [Regression Potential] 

   * Low. Both changes are simple improvements in logic.

   * This affects users which mount disks/LUNs from the AIX OS;
     it should only change behavior for users which relied on a
     uninitialized variables to work correctly during partition
     scan of those disks/LUNs which should be rare as the code
     is likely to fail as we observe in this scenario.
     
   * This has been tested on Cosmic, Bionic, Xenial, and Trusty.

  
  [Other Info]

   * Patches will be sent to the kernel-team mailing list.

  Bug Description:
  ---------------

  We've recently received a disk image from an AIX LUN that when
  attached on Linux displayed errors on console, then eventually
  hung the system (specially if the SCSI bus was re-scanned, and
  leading to another partition scan).

  Apparently the LUN was originally installed with AIX and later
  exercised with some I/O stress/overwrites which caused certain
  bits to be wrong in just the right way for Linux to get a NULL
  pointer and invalid data.

  This is the test-case used ('--partscan' is the important bit).
    $ sudo losetup --show --find --partscan aix-lun.img

  Since the original code is old, it affects several releases.
  It's interesting to fix this on 14.04 and up, on which IBM
  Power servers were initially supported (since they can run
  AIX too, and possibly hit this due to an already used disk/LUN).

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1787281/+subscriptions