group.of.nepali.translators team mailing list archive
-
group.of.nepali.translators team
-
Mailing list archive
-
Message #31311
[Bug 1833935] Re: Handle overflow in proc_get_long of sysctl
This bug was fixed in the package linux - 4.15.0-55.60
---------------
linux (4.15.0-55.60) bionic; urgency=medium
* linux: 4.15.0-55.60 -proposed tracker (LP: #1834954)
* Request backport of ceph commits into bionic (LP: #1834235)
- ceph: use atomic_t for ceph_inode_info::i_shared_gen
- ceph: define argument structure for handle_cap_grant
- ceph: flush pending works before shutdown super
- ceph: send cap releases more aggressively
- ceph: single workqueue for inode related works
- ceph: avoid dereferencing invalid pointer during cached readdir
- ceph: quota: add initial infrastructure to support cephfs quotas
- ceph: quota: support for ceph.quota.max_files
- ceph: quota: don't allow cross-quota renames
- ceph: fix root quota realm check
- ceph: quota: support for ceph.quota.max_bytes
- ceph: quota: update MDS when max_bytes is approaching
- ceph: quota: add counter for snaprealms with quota
- ceph: avoid iput_final() while holding mutex or in dispatch thread
* QCA9377 isn't being recognized sometimes (LP: #1757218)
- SAUCE: USB: Disable USB2 LPM at shutdown
* hns: fix ICMP6 neighbor solicitation messages discard problem (LP: #1833140)
- net: hns: fix ICMP6 neighbor solicitation messages discard problem
- net: hns: fix unsigned comparison to less than zero
* Fix occasional boot time crash in hns driver (LP: #1833138)
- net: hns: Fix probabilistic memory overwrite when HNS driver initialized
* use-after-free in hns_nic_net_xmit_hw (LP: #1833136)
- net: hns: fix KASAN: use-after-free in hns_nic_net_xmit_hw()
* hns: attempt to restart autoneg when disabled should report error
(LP: #1833147)
- net: hns: Restart autoneg need return failed when autoneg off
* systemd 237-3ubuntu10.14 ADT test failure on Bionic ppc64el (test-seccomp)
(LP: #1821625)
- powerpc: sys_pkey_alloc() and sys_pkey_free() system calls
- powerpc: sys_pkey_mprotect() system call
* [UBUNTU] pkey: Indicate old mkvp only if old and curr. mkvp are different
(LP: #1832625)
- pkey: Indicate old mkvp only if old and current mkvp are different
* [UBUNTU] kernel: Fix gcm-aes-s390 wrong scatter-gather list processing
(LP: #1832623)
- s390/crypto: fix gcm-aes-s390 selftest failures
* System crashes on hot adding a core with drmgr command (4.15.0-48-generic)
(LP: #1833716)
- powerpc/numa: improve control of topology updates
- powerpc/numa: document topology_updates_enabled, disable by default
* Kernel modules generated incorrectly when system is localized to a non-
English language (LP: #1828084)
- scripts: override locale from environment when running recordmcount.pl
* [UBUNTU] kernel: Fix wrong dispatching for control domain CPRBs
(LP: #1832624)
- s390/zcrypt: Fix wrong dispatching for control domain CPRBs
* CVE-2019-11815
- net: rds: force to destroy connection if t_sock is NULL in
rds_tcp_kill_sock().
* Sound device not detected after resume from hibernate (LP: #1826868)
- drm/i915: Force 2*96 MHz cdclk on glk/cnl when audio power is enabled
- drm/i915: Save the old CDCLK atomic state
- drm/i915: Remove redundant store of logical CDCLK state
- drm/i915: Skip modeset for cdclk changes if possible
* Handle overflow in proc_get_long of sysctl (LP: #1833935)
- sysctl: handle overflow in proc_get_long
* Dell XPS 13 (9370) defaults to s2idle sleep/suspend instead of deep, NVMe
drains lots of power under s2idle (LP: #1808957)
- Revert "UBUNTU: SAUCE: pci/nvme: prevent WDC PC SN720 NVMe from entering D3
and being disabled"
- Revert "UBUNTU: SAUCE: nvme: add quirk to not call disable function when
suspending"
- Revert "UBUNTU: SAUCE: pci: prevent Intel NVMe SSDPEKKF from entering D3"
- Revert "SAUCE: nvme: add quirk to not call disable function when suspending"
- Revert "SAUCE: pci: prevent sk hynix nvme from entering D3"
- PCI: PM: Avoid possible suspend-to-idle issue
- PCI: PM: Skip devices in D0 for suspend-to-idle
- nvme-pci: Sync queues on reset
- nvme: Export get and set features
- nvme-pci: Use host managed power state for suspend
* linux v4.15 ftbfs on a newer host kernel (e.g. hwe) (LP: #1823429)
- selinux: use kernel linux/socket.h for genheaders and mdp
* 32-bit x86 kernel 4.15.0-50 crash in vmalloc_sync_all (LP: #1830433)
- x86/mm/pat: Disable preemption around __flush_tlb_all()
- x86/mm: Drop usage of __flush_tlb_all() in kernel_physical_mapping_init()
- x86/mm: Disable ioremap free page handling on x86-PAE
- ioremap: Update pgtable free interfaces with addr
- x86/mm: Add TLB purge to free pmd/pte page interfaces
- x86/init: fix build with CONFIG_SWAP=n
- x86/mm: provide pmdp_establish() helper
- x86/mm: Use WRITE_ONCE() when setting PTEs
* hinic: fix oops due to race in set_rx_mode (LP: #1832048)
- hinic: fix a bug in set rx mode
* ubuntu 18.04 flickering screen with Radeon X1600 (LP: #1791312)
- drm/radeon: prefer lower reference dividers
* Login screen never appears on vmwgfx using bionic kernel 4.15 (LP: #1832138)
- drm/vmwgfx: use monotonic event timestamps
* [linux-azure] Block Layer Commits Requested in Azure Kernels (LP: #1834499)
- block: Clear kernel memory before copying to user
- block/bio: Do not zero user pages
* CONFIG_LOG_BUF_SHIFT set to 14 is too low on arm64 (LP: #1824864)
- [Config] CONFIG_LOG_BUF_SHIFT=18 on all 64bit arches
* Handle overflow for file-max (LP: #1834310)
- sysctl: handle overflow for file-max
- kernel/sysctl.c: fix out-of-bounds access when setting file-max
* [ALSA] [PATCH] Headset fixup for System76 Gazelle (gaze14) (LP: #1827555)
- ALSA: hda/realtek - Headset fixup for System76 Gazelle (gaze14)
- ALSA: hda/realtek - Corrected fixup for System76 Gazelle (gaze14)
* crashdump fails on HiSilicon D06 (LP: #1828868)
- iommu/arm-smmu-v3: Abort all transactions if SMMU is enabled in kdump kernel
- iommu/arm-smmu-v3: Don't disable SMMU in kdump kernel
* CVE-2019-11833
- ext4: zero out the unused memory region in the extent tree block
* zfs 0.7.9 fixes a bug (https://github.com/zfsonlinux/zfs/pull/7343) that
hangs the system completely (LP: #1772412)
- SAUCE: (noup) Update zfs to 0.7.5-1ubuntu16.6
* does not detect headphone when there is no other output devices
(LP: #1831065)
- ALSA: hda/realtek - Fixed hp_pin no value
- ALSA: hda/realtek - Use a common helper for hp pin reference
* kernel crash : net_sched race condition in tcindex_destroy() (LP: #1825942)
- net_sched: fix NULL pointer dereference when delete tcindex filter
- RCU, workqueue: Implement rcu_work
- net_sched: switch to rcu_work
- net_sched: fix a race condition in tcindex_destroy()
- net_sched: fix a memory leak in cls_tcindex
- net_sched: initialize net pointer inside tcf_exts_init()
- net_sched: fix two more memory leaks in cls_tcindex
* Support new ums-realtek device (LP: #1831840)
- USB: usb-storage: Add new ID to ums-realtek
* amd_iommu possible data corruption (LP: #1823037)
- iommu/amd: Reserve exclusion range in iova-domain
- iommu/amd: Set exclusion range correctly
* Add new sound card PCIID into the alsa driver (LP: #1832299)
- ALSA: hda: Add Icelake PCI ID
- ALSA: hda/intel: add CometLake PCI IDs
* sky2 ethernet card doesn't work after returning from suspend
(LP: #1807259) // sky2 ethernet card link not up after suspend
(LP: #1809843)
- sky2: Disable MSI on Dell Inspiron 1545 and Gateway P-79
* idle-page oopses when accessing page frames that are out of range
(LP: #1833410)
- mm/page_idle.c: fix oops because end_pfn is larger than max_pfn
* Add pointstick support on HP ZBook 17 G5 (LP: #1833387)
- Revert "HID: multitouch: Support ALPS PTP stick with pid 0x120A"
- SAUCE: HID: multitouch: Add pointstick support for ALPS Touchpad
* [SRU][B/B-OEM/B-OEM-OSP-1/C/D/E] Add trackpoint middle button support of 2
new thinpads (LP: #1833637)
- Input: elantech - enable middle button support on 2 ThinkPads
* CVE-2019-11085
- drm/i915/gvt: Fix mmap range check
- drm/i915: make mappable struct resource centric
- drm/i915/gvt: Fix aperture read/write emulation when enable x-no-mmap=on
* CVE-2019-11884
- Bluetooth: hidp: fix buffer overflow
* af_alg06 test from crypto test suite in LTP failed with kernel oops on B/C
(LP: #1829725)
- crypto: authenc - fix parsing key with misaligned rta_len
* CVE-2018-12126 // CVE-2018-12127 // CVE-2018-12130 // CVE-2019-11091
- SAUCE: Synchronize MDS mitigations with upstream
- Documentation: Correct the possible MDS sysfs values
- x86/speculation/mds: Fix documentation typo
* CVE-2019-11091
- x86/mds: Add MDSUM variant to the MDS documentation
* alignment test in powerpc from ubuntu_kernel_selftests failed on B/C Power9
(LP: #1813118)
- selftests/powerpc: Remove Power9 copy_unaligned test
* TRACE_syscall.ptrace_syscall_dropped in seccomp from ubuntu_kernel_selftests
failed on B/C PowerPC (LP: #1812796)
- selftests/seccomp: Enhance per-arch ptrace syscall skip tests
* Add powerpc/alignment_handler test for selftests (LP: #1828935)
- selftests/powerpc: Add alignment handler selftest
- selftests/powerpc: Fix to use ucontext_t instead of struct ucontext
* Cannot build kernel 4.15.0-48.51 due to an in-source-tree ZFS module.
(LP: #1828763)
- SAUCE: (noup) Update zfs to 0.7.5-1ubuntu16.5
* Eletrical noise occurred when external headset enter powersaving mode on a
DEll machine (LP: #1828798)
- ALSA: hda/realtek - Reduce click noise on Dell Precision 5820 headphone
- ALSA: hda/realtek - Fixup headphone noise via runtime suspend
* [18.04/18.10] File libperf-jvmti.so is missing in linux-tools-common deb on
Ubuntu (LP: #1761379)
- [Packaging] Support building libperf-jvmti.so
* TCP : race condition on socket ownership in tcp_close() (LP: #1830813)
- tcp: do not release socket ownership in tcp_close()
* bionic: netlink: potential shift overflow in netlink_bind() (LP: #1831103)
- netlink: Don't shift on 64 for ngroups
* Add support to Comet Lake LPSS (LP: #1830175)
- mfd: intel-lpss: Add Intel Comet Lake PCI IDs
* Reduce NAPI weight in hns driver from 256 to 64 (LP: #1830587)
- net: hns: Use NAPI_POLL_WEIGHT for hns driver
* x86: add support for AMD Rome (LP: #1819485)
- x86: irq_remapping: Move irq remapping mode enum
- iommu/amd: Add support for higher 64-bit IOMMU Control Register
- iommu/amd: Add support for IOMMU XT mode
- hwmon/k10temp, x86/amd_nb: Consolidate shared device IDs
- hwmon/k10temp: Add support for AMD family 17h, model 30h CPUs
- x86/amd_nb: Add PCI device IDs for family 17h, model 30h
- x86/MCE/AMD: Fix the thresholding machinery initialization order
- x86/amd_nb: Add support for newer PCI topologies
* nx842 - CRB request time out (-110) when uninstall NX modules and initiate
NX request (LP: #1827755)
- crypto/nx: Initialize 842 high and normal RxFIFO control registers
* Require improved hypervisor detection patch in Ubuntu 18.04 (LP: #1829972)
- s390/early: improve machine detection
-- Kleber Sacilotto de Souza <kleber.souza@xxxxxxxxxxxxx> Tue, 02 Jul
2019 18:41:49 +0200
** Changed in: linux (Ubuntu Bionic)
Status: Fix Committed => Fix Released
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-12126
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-12127
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-12130
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2019-11085
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2019-11091
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2019-11815
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2019-11833
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2019-11884
--
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1833935
Title:
Handle overflow in proc_get_long of sysctl
Status in ubuntu-kernel-tests:
Fix Released
Status in linux package in Ubuntu:
Fix Released
Status in linux source package in Xenial:
Fix Committed
Status in linux source package in Bionic:
Fix Released
Status in linux source package in Cosmic:
Fix Committed
Status in linux source package in Disco:
Fix Committed
Status in linux source package in Eoan:
Fix Released
Bug description:
== SRU Justification ==
With the upper / lower boundary confined in bug 1834310, the file-max
is still suffering with overflow issue.
This is because the simple_strtoul() used in proc_get_long() to parse
user input explicitly ignores overflows. So when you tried to put 2^64
into file-max, it will:
# echo 18446744073709551616 > /proc/sys/fs/file-max
# cat /proc/sys/fs/file-max
0
Which will cause your system to silently die behind your back.
This issue was reported by the case 1 of the sysctl02 test in LTP:
sysctl02 1 TFAIL: /proc/sys/fs/file-max overflows and set to 0
== Fix ==
* 7f2923c4 (sysctl: handle overflow in proc_get_long)
A new strtoul_lenient() was introduced here to solve this issue, with
extra check to notify userspace with -EINVAL.
This patch can be cherry-picked into B/C/D/E, it needs some content
adjustment for X.
== Test ==
Test kernels could be found here:
https://people.canonical.com/~phlin/kernel/lp-1833935-proc_get_long/
The attempt to set file-max to 2^64 will be rejected:
$ sudo sysctl -w -q fs.file-max=18446744073709551616
sysctl: setting key "fs.file-max": Invalid argument
Tested and passed with these kernels on AMD64 KVM nodes.
== Regression Potential ==
Low, the newly introduced function strtoul_lenient() is just for
proc_get_long here.
== Original bug report ==
Test complains about apparmor enabled.
As it's enabled by default, I think we might need to disable this test.
Furthermore, this test will need kallsyms to be enabled, which is not
for KVM kernels.
<<<test_start>>>
tag=sysctl02_sh stime=1561360893
cmdline="sysctl02.sh"
contacts=""
analysis=exit
<<<test_output>>>
incrementing stop
sysctl02 1 TINFO: timeout per run is 0h 5m 0s
sysctl02 1 TFAIL: /proc/sys/fs/file-max overflows and set to 0
sysctl02 2 TFAIL: /proc/sys/fs/file-max overflows and set to 18446744073709551615
sysctl02 3 TFAIL: /proc/sys/fs/file-max overflows and set to 9223372036854775808
sysctl02 4 TCONF: /proc/kallsyms not enabled
sysctl02 4 TINFO: AppArmor enabled, this may affect test results
sysctl02 4 TINFO: You can try to disable it with TST_DISABLE_APPARMOR=1 (requires super/root)
sysctl02 4 TINFO: loaded AppArmor profiles: none
Summary:
passed 0
failed 3
skipped 1
warnings 0
<<<execution_status>>>
initiation_status="ok"
duration=0 termination_type=exited termination_id=33 corefile=no
cutime=2 cstime=1
<<<test_end>>>
ProblemType: Bug
DistroRelease: Ubuntu 18.10
Package: linux-image-4.18.0-1015-kvm 4.18.0-1015.15
ProcVersionSignature: User Name 4.18.0-1015.15-kvm 4.18.20
Uname: Linux 4.18.0-1015-kvm x86_64
ApportVersion: 2.20.10-0ubuntu13.3
Architecture: amd64
Date: Mon Jun 24 07:21:41 2019
SourcePackage: linux-kvm
UpgradeStatus: No upgrade log present (probably fresh install)
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu-kernel-tests/+bug/1833935/+subscriptions
