group.of.nepali.translators team mailing list archive
-
group.of.nepali.translators team
-
Mailing list archive
-
Message #29051
[Bug 1813869] Re: Redpine: Driver crash with network-manager 1.10 and above
This bug was fixed in the package linux - 4.4.0-143.169
---------------
linux (4.4.0-143.169) xenial; urgency=medium
* linux: 4.4.0-143.169 -proposed tracker (LP: #1814647)
* x86/kvm: Backport fixup and missing commits (LP: #1811646)
- KVM: x86: avoid vmalloc(0) in the KVM_SET_CPUID
- kvm: nVMX: VMCLEAR an active shadow VMCS after last use
- X86/nVMX: Properly set spec_ctrl and pred_cmd before merging MSRs
- KVM/VMX: Optimize vmx_vcpu_run() and svm_vcpu_run() by marking the RDMSR
path as unlikely()
- kvm: x86: IA32_ARCH_CAPABILITIES is always supported
- KVM: SVM: Add MSR-based feature support for serializing LFENCE
- KVM: X86: Allow userspace to define the microcode version
- KVM: x86: SVM: Call x86_spec_ctrl_set_guest/host() with interrupts disabled
- KVM: VMX: fixes for vmentry_l1d_flush module parameter
- kvm: svm: Ensure an IBPB on all affected CPUs when freeing a vmcb
- kvm: vmx: Scrub hardware GPRs at VM-exit
- SAUCE: [Fix] x86/KVM/VMX: Add L1D flush logic
- SAUCE: KVM: Move code fragments, cleanup and re-indent
* linux-buildinfo: pull out ABI information into its own package
(LP: #1806380)
- [Packaging] limit preparation to linux-libc-dev in headers
- [Packaging] commonise debhelper invocation
- [Packaging] ABI -- accumulate abi information at the end of the build
- [Packaging] buildinfo -- add basic build information
- [Packaging] buildinfo -- add firmware information to the flavour ABI
- [Packaging] buildinfo -- add compiler information to the flavour ABI
- [Packaging] buildinfo -- add buildinfo support to getabis
- [Config] buildinfo -- add retpoline version markers
- [Packaging] getabis -- handle all known package combinations
- [Packaging] getabis -- support parsing a simple version
* signing: only install a signed kernel (LP: #1764794)
- [Packaging] update to Debian like control scripts
- [Packaging] switch to triggers for postinst.d postrm.d handling
- [Packaging] signing -- switch to raw-signing tarballs
- [Packaging] signing -- switch to linux-image as signed when available
- [Packaging] printenv -- add signing options
- [Packaging] fix invocation of header postinst hooks
- [Packaging] signing -- add support for signing Opal kernel binaries
- [Debian] Use src_pkg_name when constructing udeb control files
- [Debian] Dynamically determine linux udebs package name
- [Packaging] handle both linux-lts* and linux-hwe* as backports
- [Config] linux-source-* is in the primary linux namespace
- [Packaging] lookup the upstream tag
- [Packaging] zfs/spl -- enhance provides information
- [Packaging] switch up to debhelper 9
- [Packaging] autopkgtest -- disable d-i when dropping flavours
- [debian] support for ship_extras_package=false
- [Debian] do_common_tools should always be on
- [debian] do not force do_tools_common
- [Packaging] Add linux-tools-host package for VM host tools
- [Packaging] signing should be conditional
- [Packaging] skip cloud tools packaging when not building package
- [Packaging] add acpidbg
- [debian] prep linux-libc-dev only if do_libc_dev_package=true
- [Packaging] Only install cloud init files when do_tools_common=true
* Redpine: Driver crash with network-manager 1.10 and above (LP: #1813869)
- SAUCE: Redpine: enhancement for MAC spoofing to avoid kernel crash
* Guests using IBRS incur a large performance penalty (LP: #1764956)
- SAUCE: Restore the IBRS host state on VMEXIT
* Xenial update: 4.4.170 upstream stable release (LP: #1811647)
- USB: hso: Fix OOB memory access in hso_probe/hso_get_config_data
- xhci: Don't prevent USB2 bus suspend in state check intended for USB3 only
- USB: serial: option: add GosunCn ZTE WeLink ME3630
- USB: serial: option: add HP lt4132
- USB: serial: option: add Simcom SIM7500/SIM7600 (MBIM mode)
- USB: serial: option: add Fibocom NL668 series
- USB: serial: option: add Telit LN940 series
- mmc: core: Reset HPI enabled state during re-init and in case of errors
- mmc: omap_hsmmc: fix DMA API warning
- gpio: max7301: fix driver for use with CONFIG_VMAP_STACK
- Drivers: hv: vmbus: Return -EINVAL for the sys files for unopened channels
- x86/mtrr: Don't copy uninitialized gentry fields back to userspace
- drm/ioctl: Fix Spectre v1 vulnerabilities
- ip6mr: Fix potential Spectre v1 vulnerability
- ipv4: Fix potential Spectre v1 vulnerability
- ax25: fix a use-after-free in ax25_fillin_cb()
- ibmveth: fix DMA unmap error in ibmveth_xmit_start error path
- ieee802154: lowpan_header_create check must check daddr
- ipv6: explicitly initialize udp6_addr in udp_sock_create6()
- isdn: fix kernel-infoleak in capi_unlocked_ioctl
- netrom: fix locking in nr_find_socket()
- packet: validate address length
- packet: validate address length if non-zero
- sctp: initialize sin6_flowinfo for ipv6 addrs in sctp_inet6addr_event
- vhost: make sure used idx is seen before log in vhost_add_used_n()
- VSOCK: Send reset control packet when socket is partially bound
- xen/netfront: tolerate frags with no data
- gro_cell: add napi_disable in gro_cells_destroy
- sock: Make sock->sk_stamp thread-safe
- ALSA: rme9652: Fix potential Spectre v1 vulnerability
- ALSA: emu10k1: Fix potential Spectre v1 vulnerabilities
- ALSA: pcm: Fix potential Spectre v1 vulnerability
- ALSA: emux: Fix potential Spectre v1 vulnerabilities
- ALSA: hda: add mute LED support for HP EliteBook 840 G4
- ALSA: hda/tegra: clear pending irq handlers
- USB: serial: pl2303: add ids for Hewlett-Packard HP POS pole displays
- USB: serial: option: add Fibocom NL678 series
- usb: r8a66597: Fix a possible concurrency use-after-free bug in
r8a66597_endpoint_disable()
- Input: elan_i2c - add ACPI ID for touchpad in ASUS Aspire F5-573G
- KVM: x86: Use jmp to invoke kvm_spurious_fault() from .fixup
- perf pmu: Suppress potential format-truncation warning
- ext4: fix possible use after free in ext4_quota_enable
- ext4: missing unlock/put_page() in ext4_try_to_write_inline_data()
- ext4: fix EXT4_IOC_GROUP_ADD ioctl
- ext4: force inode writes when nfsd calls commit_metadata()
- spi: bcm2835: Fix race on DMA termination
- spi: bcm2835: Fix book-keeping of DMA termination
- spi: bcm2835: Avoid finishing transfer prematurely in IRQ mode
- cdc-acm: fix abnormal DATA RX issue for Mediatek Preloader.
- media: vivid: free bitmap_cap when updating std/timings/etc.
- MIPS: Ensure pmd_present() returns false after pmd_mknotpresent()
- MIPS: Align kernel load address to 64KB
- CIFS: Fix error mapping for SMB2_LOCK command which caused OFD lock problem
- x86/kvm/vmx: do not use vm-exit instruction length for fast MMIO when
running nested
- spi: bcm2835: Unbreak the build of esoteric configs
- powerpc: Fix COFF zImage booting on old powermacs
- ARM: imx: update the cpu power up timing setting on i.mx6sx
- Input: restore EV_ABS ABS_RESERVED
- checkstack.pl: fix for aarch64
- xfrm: Fix bucket count reported to userspace
- scsi: bnx2fc: Fix NULL dereference in error handling
- Input: omap-keypad - fix idle configuration to not block SoC idle states
- scsi: zfcp: fix posting too many status read buffers leading to adapter
shutdown
- hwpoison, memory_hotplug: allow hwpoisoned pages to be offlined
- mm, devm_memremap_pages: mark devm_memremap_pages() EXPORT_SYMBOL_GPL
- mm, devm_memremap_pages: kill mapping "System RAM" support
- sunrpc: fix cache_head leak due to queued request
- sunrpc: use SVC_NET() in svcauth_gss_* functions
- crypto: x86/chacha20 - avoid sleeping with preemption disabled
- ALSA: cs46xx: Potential NULL dereference in probe
- ALSA: usb-audio: Avoid access before bLength check in build_audio_procunit()
- ALSA: usb-audio: Fix an out-of-bound read in create_composite_quirks
- dlm: fixed memory leaks after failed ls_remove_names allocation
- dlm: possible memory leak on error path in create_lkb()
- dlm: lost put_lkb on error path in receive_convert() and receive_unlock()
- dlm: memory leaks on error path in dlm_user_request()
- gfs2: Fix loop in gfs2_rbm_find
- b43: Fix error in cordic routine
- 9p/net: put a lower bound on msize
- iommu/vt-d: Handle domain agaw being less than iommu agaw
- ceph: don't update importing cap's mseq when handing cap export
- genwqe: Fix size check
- intel_th: msu: Fix an off-by-one in attribute store
- power: supply: olpc_battery: correct the temperature units
- Linux 4.4.170
* Xenial update: 4.4.169 upstream stable release (LP: #1811252)
- lib/interval_tree_test.c: make test options module parameters
- lib/interval_tree_test.c: allow full tree search
- lib/rbtree_test.c: make input module parameters
- lib/rbtree-test: lower default params
- lib/interval_tree_test.c: allow users to limit scope of endpoint
- timer/debug: Change /proc/timer_list from 0444 to 0400
- powerpc/boot: Fix random libfdt related build errors
- pinctrl: sunxi: a83t: Fix IRQ offset typo for PH11
- aio: fix spectre gadget in lookup_ioctx
- MMC: OMAP: fix broken MMC on OMAP15XX/OMAP5910/OMAP310
- tracing: Fix memory leak in set_trigger_filter()
- tracing: Fix memory leak of instance function hash filters
- powerpc/msi: Fix NULL pointer access in teardown code
- Revert "drm/rockchip: Allow driver to be shutdown on reboot/kexec"
- f2fs: fix a panic caused by NULL flush_cmd_control
- mac80211: don't WARN on bad WMM parameters from buggy APs
- mac80211: Fix condition validating WMM IE
- mac80211_hwsim: fix module init error paths for netlink
- scsi: libiscsi: Fix NULL pointer dereference in iscsi_eh_session_reset
- scsi: vmw_pscsi: Rearrange code to avoid multiple calls to free_irq during
unload
- x86/earlyprintk/efi: Fix infinite loop on some screen widths
- drm/msm: Grab a vblank reference when waiting for commit_done
- ARC: io.h: Implement reads{x}()/writes{x}()
- bonding: fix 802.3ad state sent to partner when unbinding slave
- SUNRPC: Fix a potential race in xprt_connect()
- sbus: char: add of_node_put()
- drivers/sbus/char: add of_node_put()
- drivers/tty: add missing of_node_put()
- ide: pmac: add of_node_put()
- clk: mmp: Off by one in mmp_clk_add()
- Input: omap-keypad - fix keyboard debounce configuration
- libata: whitelist all SAMSUNG MZ7KM* solid-state disks
- mv88e6060: disable hardware level MAC learning
- ARM: 8814/1: mm: improve/fix ARM v7_dma_inv_range() unaligned address
handling
- cifs: In Kconfig CONFIG_CIFS_POSIX needs depends on legacy (insecure cifs)
- [Config] Remove CONFIG_CIFS_POSIX=y
- i2c: axxia: properly handle master timeout
- i2c: scmi: Fix probe error on devices with an empty SMB0001 ACPI device node
- rtc: snvs: add a missing write sync
- rtc: snvs: Add timeouts to avoid kernel lockups
- ALSA: isa/wavefront: prevent some out of bound writes
- Linux 4.4.169
* Xenial update: 4.4.168 upstream stable release (LP: #1811080)
- ipv6: Check available headroom in ip6_xmit() even without options
- net: 8139cp: fix a BUG triggered by changing mtu with network traffic
- net: phy: don't allow __set_phy_supported to add unsupported modes
- net: Prevent invalid access to skb->prev in __qdisc_drop_all
- rtnetlink: ndo_dflt_fdb_dump() only work for ARPHRD_ETHER devices
- tcp: fix NULL ref in tail loss probe
- tun: forbid iface creation with rtnl ops
- neighbour: Avoid writing before skb->head in neigh_hh_output()
- ARM: OMAP2+: prm44xx: Fix section annotation on
omap44xx_prm_enable_io_wakeup
- ARM: OMAP1: ams-delta: Fix possible use of uninitialized field
- sysv: return 'err' instead of 0 in __sysv_write_inode
- s390/cpum_cf: Reject request for sampling in event initialization
- hwmon: (ina2xx) Fix current value calculation
- ASoC: dapm: Recalculate audio map forcely when card instantiated
- hwmon: (w83795) temp4_type has writable permission
- Btrfs: send, fix infinite loop due to directory rename dependencies
- ASoC: omap-mcpdm: Add pm_qos handling to avoid under/overruns with CPU_IDLE
- ASoC: omap-dmic: Add pm_qos handling to avoid overruns with CPU_IDLE
- exportfs: do not read dentry after free
- bpf: fix check of allowed specifiers in bpf_trace_printk
- USB: omap_udc: use devm_request_irq()
- USB: omap_udc: fix crashes on probe error and module removal
- USB: omap_udc: fix omap_udc_start() on 15xx machines
- USB: omap_udc: fix USB gadget functionality on Palm Tungsten E
- KVM: x86: fix empty-body warnings
- net: thunderx: fix NULL pointer dereference in nic_remove
- ixgbe: recognize 1000BaseLX SFP modules as 1Gbps
- net: hisilicon: remove unexpected free_netdev
- drm/ast: fixed reading monitor EDID not stable issue
- xen: xlate_mmu: add missing header to fix 'W=1' warning
- fscache: fix race between enablement and dropping of object
- fscache, cachefiles: remove redundant variable 'cache'
- ocfs2: fix deadlock caused by ocfs2_defrag_extent()
- hfs: do not free node before using
- hfsplus: do not free node before using
- debugobjects: avoid recursive calls with kmemleak
- ocfs2: fix potential use after free
- pstore: Convert console write to use ->write_buf
- ALSA: pcm: remove SNDRV_PCM_IOCTL1_INFO internal command
- KVM: nVMX: fix msr bitmaps to prevent L2 from accessing L0 x2APIC
- KVM: nVMX: mark vmcs12 pages dirty on L2 exit
- KVM: nVMX: Eliminate vmcs02 pool
- KVM: VMX: introduce alloc_loaded_vmcs
- KVM: VMX: make MSR bitmaps per-VCPU
- KVM/x86: Add IBPB support
- KVM/VMX: Allow direct access to MSR_IA32_SPEC_CTRL
- KVM/SVM: Allow direct access to MSR_IA32_SPEC_CTRL
- KVM/x86: Remove indirect MSR op calls from SPEC_CTRL
- x86/uaccess: Use __uaccess_begin_nospec() and uaccess_try_nospec
- KVM: SVM: Implement VIRT_SPEC_CTRL support for SSBD
- bpf: support 8-byte metafield access
- bpf/verifier: Add spi variable to check_stack_write()
- bpf/verifier: Pass instruction index to check_mem_access() and check_xadd()
- bpf: Prevent memory disambiguation attack
- wil6210: missing length check in wmi_set_ie
- mm/hugetlb.c: don't call region_abort if region_chg fails
- hugetlbfs: fix offset overflow in hugetlbfs mmap
- hugetlbfs: check for pgoff value overflow
- hugetlbfs: fix bug in pgoff overflow checking
- swiotlb: clean up reporting
- sr: pass down correctly sized SCSI sense buffer
- mm: remove write/force parameters from __get_user_pages_locked()
- mm: remove write/force parameters from __get_user_pages_unlocked()
- mm/nommu.c: Switch __get_user_pages_unlocked() to use __get_user_pages()
- mm: replace get_user_pages_unlocked() write/force parameters with gup_flags
- mm: replace get_user_pages_locked() write/force parameters with gup_flags
- mm: replace get_vaddr_frames() write/force parameters with gup_flags
- mm: replace get_user_pages() write/force parameters with gup_flags
- mm: replace __access_remote_vm() write parameter with gup_flags
- mm: replace access_remote_vm() write parameter with gup_flags
- proc: don't use FOLL_FORCE for reading cmdline and environment
- proc: do not access cmdline nor environ from file-backed areas
- media: dvb-frontends: fix i2c access helpers for KASAN
- matroxfb: fix size of memcpy
- staging: speakup: Replace strncpy with memcpy
- rocker: fix rocker_tlv_put_* functions for KASAN
- selftests: Move networking/timestamping from Documentation
- Linux 4.4.168
* kernel oops in bcache module (LP: #1793901)
- SAUCE: bcache: never writeback a discard operation
* Userspace break as a result of missing patch backport (LP: #1813873)
- tty: Don't hold ldisc lock in tty_reopen() if ldisc present
* CVE-2019-6133
- fork: record start_time late
* Crash on "ip link add foo type ipip" (LP: #1811803)
- SAUCE: fan: Fix NULL pointer dereference
-- Juerg Haefliger <juergh@xxxxxxxxxxxxx> Wed, 06 Feb 2019 10:39:59
+0000
** Changed in: linux (Ubuntu Xenial)
Status: Fix Committed => Fix Released
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2019-6133
--
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1813869
Title:
Redpine: Driver crash with network-manager 1.10 and above
Status in linux package in Ubuntu:
Incomplete
Status in linux source package in Xenial:
Fix Released
Bug description:
SRU Justification:
------------------
Impact:
-------
Kernel crash upon inserting Redpine driver
Test case:
----------
1) Install network-manager v(1.10) snap.
2) Insert Redpine modules.
3) Observe the behavior.
Result:
-------
Redpine driver crashes the entire kernel and below is the crash log.
... skipping ...
[ 49.130185] BUG: unable to handle kernel NULL pointer dereference at 0000000000000134
[ 49.138969] IP: [<ffffffffc0517c03>] rsi_prepare_mgmt_desc+0xd3/0x2d0 [ven_rsi_91x]
[ 49.244030] CPU: 0 PID: 31 Comm: kworker/u4:1 Not tainted 4.4.0-139-generic #165-Ubuntu
[ 49.252988] Hardware name: Dell Inc. Edge Gateway 3001/, BIOS 01.00.00 04/17/2017
[ 49.261374] Workqueue: rsi_scan_worker rsi_scan_start [ven_rsi_91x]
[ 49.268385] task: ffff880078538cc0 ti: ffff8800785e4000 task.ti: ffff8800785e4000
[ 49.276765] rsi_prepare_mgmt_desc+0xd3/0x2d0 [ven_rsi_91x]
[ 49.387307] [<ffffffffc0516457>] rsi_send_probe_request+0x2c7/0x350 [ven_rsi_91x]
[ 49.395784] [<ffffffffc0516702>] rsi_scan_start+0x222/0x380 [ven_rsi_91x]
[ 49.403486] [<ffffffff818530c1>] ? __schedule+0x301/0x7f0
[ 49.409633] [<ffffffff8109ee4b>] process_one_work+0x16b/0x490
[ 49.416164] [<ffffffff8109f1bb>] worker_thread+0x4b/0x4d0
[ 49.422306] [<ffffffff8109f170>] ? process_one_work+0x490/0x490
[ 49.429032] [<ffffffff810a5587>] kthread+0xe7/0x100
[ 49.434589] [<ffffffff818530c1>] ? __schedule+0x301/0x7f0
[ 49.440731] [<ffffffff810a54a0>] ? kthread_create_on_node+0x1e0/0x1e0
[ 49.448042] [<ffffffff81857bf5>] ret_from_fork+0x55/0x80
[ 49.454086] [<ffffffff810a54a0>] ? kthread_create_on_node+0x1e0/0x1e0
Root cause analysis:
--------------------
In nm-1.10 and above versions, MAC spoof is enabled by default. In Redpine
driver, this handling is missed. Hence, Added the fix for the same.
Fix:
----
Copied the Custom MAC address into driver global structure.
Regression Petential:
---------------------
This is a very direct issue Since the driver is crashing upon inserting the
modules. we ran the multiple times insertion and deletion of modules and connected
to third-party AP, did data transfer.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1813869/+subscriptions