← Back to team overview

kernel-packages team mailing list archive

[Bug 1256988] Re: netns: crash during namespace destroy

 

This bug was fixed in the package linux - 3.2.0-59.90

---------------
linux (3.2.0-59.90) precise; urgency=low

  [ Brad Figg ]

  * UBUNTU: Disable modules checking for armel and armhf for this
upload; the staging/tidspbridge has been disabled

linux (3.2.0-59.89) precise; urgency=low

  [ Brad Figg ]

  * Release Tracking Bug
    - LP: #1266551

  [ Andy Whitcroft ]

  * [Debian] Improve tools version message
    - LP: #1257715

  [ Sergey Popovich ]

  * SAUCE: netfilter: xt_hashlimit: fix proc entry leak in netns destroy
    path
    - LP: #1256988

  [ Tim Gardner ]

  * [Config] Enable CONFIG_VT6656
    - LP: #162671

  [ Upstream Kernel Changes ]

  * netfilter: xt_recent: fix namespace destroy path
    - LP: #1256988
  * netfilter: xt_hashlimit: fix namespace destroy path
    - LP: #1256988
  * selinux: correct locking in selinux_netlbl_socket_connect)
    - LP: #1266546
  * NFSv4: Fix a use-after-free situation in _nfs4_proc_getlk()
    - LP: #1266546
  * USB: mos7840: fix tiocmget error handling
    - LP: #1266546
  * usb: Disable USB 2.0 Link PM before device reset.
    - LP: #1266546
  * usb: hub: Clear Port Reset Change during init/resume
    - LP: #1266546
  * rt2400pci: fix RSSI read
    - LP: #1266546
  * rt2x00: check if device is still available on rt2x00mac_flush()
    - LP: #1266546
  * alarmtimer: return EINVAL instead of ENOTSUPP if rtcdev doesn't exist
    - LP: #1266546
  * USB:add new zte 3g-dongle's pid to option.c
    - LP: #1266546
  * libata: Fix display of sata speed
    - LP: #1266546
  * ahci: disabled FBS prior to issuing software reset
    - LP: #1266546
  * drivers/libata: Set max sector to 65535 for Slimtype DVD A DS8A9SH
    drive
    - LP: #1266546
  * ALSA: 6fire: Fix probe of multiple cards
    - LP: #1266546
  * ARM: sa11x0/assabet: ensure CS2 is configured appropriately
    - LP: #1266546
  * usb: wusbcore: set the RPIPE wMaxPacketSize value correctly
    - LP: #1266546
  * usb: wusbcore: change WA_SEGS_MAX to a legal value
    - LP: #1266546
  * powerpc/vio: Fix modalias_show return values
    - LP: #1266546
  * powerpc/vio: use strcpy in modalias_show
    - LP: #1266546
  * dm: allocate buffer for messages with small number of arguments using
    GFP_NOIO
    - LP: #1266546
  * can: c_can: Fix RX message handling, handle lost message before EOB
    - LP: #1266546
  * dm mpath: fix race condition between multipath_dtr and pg_init_done
    - LP: #1266546
  * ext4: avoid bh leak in retry path of ext4_expand_extra_isize_ea()
    - LP: #1266546
  * ASoC: ak4642: prevent un-necessary changes to SG_SL1
    - LP: #1266546
  * ahci: Add Device IDs for Intel Wildcat Point-LP
    - LP: #1266546
  * KVM: IOMMU: hva align mapping page size
    - LP: #1266546
  * crypto: s390 - Fix aes-cbc IV corruption
    - LP: #1266546
  * audit: printk USER_AVC messages when audit isn't enabled
    - LP: #1266546
  * audit: fix info leak in AUDIT_GET requests
    - LP: #1266546
  * audit: use nlmsg_len() to get message payload length
    - LP: #1266546
  * drm/ttm: Fix memory type compatibility check
    - LP: #1266546
  * PM / hibernate: Avoid overflow in hibernate_preallocate_memory()
    - LP: #1266546
  * ALSA: hda - Add support for CX20952
    - LP: #1266546
  * mtd: nand: hack ONFI for non-power-of-2 dimensions
    - LP: #1266546
  * mtd: map: fixed bug in 64-bit systems
    - LP: #1266546
  * mtd: m25p80: fix allocation size
    - LP: #1266546
  * qeth: avoid buffer overflow in snmp ioctl
    - LP: #1266546
  * x86/apic: Disable I/O APIC before shutdown of the local APIC
    - LP: #1266546
  * block: fix race between request completion and timeout handling
    - LP: #1266546
  * blk-core: Fix memory corruption if blkcg_init_queue fails
    - LP: #1266546
  * loop: fix crash if blk_alloc_queue fails
    - LP: #1266546
  * block: fix a probe argument to blk_register_region
    - LP: #1266546
  * SUNRPC: Fix a data corruption issue when retransmitting RPC calls
    - LP: #1266546
  * IB/ipath: Convert ipath_user_sdma_pin_pages() to use
    get_user_pages_fast()
    - LP: #1266546
  * IB/qib: Convert qib_user_sdma_pin_pages() to use get_user_pages_fast()
    - LP: #1266546
  * rtlwifi: rtl8192se: Fix wrong assignment
    - LP: #1266546
  * rtlwifi: Fix endian error in extracting packet type
    - LP: #1266546
  * rtlwifi: rtl8192se: Fix incorrect signal strength for unassociated AP
    - LP: #1266546
  * rtlwifi: rtl8192cu: Fix incorrect signal strength for unassociated AP
    - LP: #1266546
  * rtlwifi: rtl8192de: Fix incorrect signal strength for unassociated AP
    - LP: #1266546
  * mwifiex: correct packet length for packets from SDIO interface
    - LP: #1266546
  * mtd: gpmi: fix kernel BUG due to racing DMA operations
    - LP: #1266546
  * prism54: set netdev type to "wlan"
    - LP: #1266546
  * ALSA: msnd: Avoid duplicated driver name
    - LP: #1266546
  * x86/microcode/amd: Tone down printk(), don't treat a missing firmware
    file as an error
    - LP: #1266546
  * cris: media platform drivers: fix build
    - LP: #1266546
  * vsprintf: check real user/group id for %pK
    - LP: #1266546
  * backlight: atmel-pwm-bl: fix reported brightness
    - LP: #1266546
  * backlight: atmel-pwm-bl: fix gpio polarity in remove
    - LP: #1266546
  * exec/ptrace: fix get_dumpable() incorrect tests
    - LP: #1266546
    - CVE-2013-2929
  * devpts: plug the memory leak in kill_sb
    - LP: #1266546
  * ipc, msg: fix message length check for negative values
    - LP: #1266546
  * drm/nouveau: when bailing out of a pushbuf ioctl, do not remove
    previous fence
    - LP: #1266546
  * ALSA: pcsp: Fix the order of input device unregistration
    - LP: #1266546
  * ARM: integrator_cp: Set LCD{0,1} enable lines when turning on CLCD
    - LP: #1266546
  * hwmon: (lm90) Fix max6696 alarm handling
    - LP: #1266546
  * drm/i915: flush cursors harder
    - LP: #1266546
  * rtlwifi: rtl8192cu: Fix more pointer arithmetic errors
    - LP: #1266546
  * radeon: workaround pinning failure on low ram gpu
    - LP: #1266546
  * setfacl removes part of ACL when setting POSIX ACLs to Samba
    - LP: #1266546
  * dm delay: fix a possible deadlock due to shared workqueue
    - LP: #1266546
  * nfsd: split up nfsd_setattr
    - LP: #1266546
  * nfsd: make sure to balance get/put_write_access
    - LP: #1266546
  * nfsd4: fix xdr decoding of large non-write compounds
    - LP: #1266546
  * avr32: setup crt for early panic()
    - LP: #1266546
  * avr32: fix out-of-range jump in large kernels
    - LP: #1266546
  * NFSv4 wait on recovery for async session errors
    - LP: #1266546
  * NFSv4: Update list of irrecoverable errors on DELEGRETURN
    - LP: #1266546
  * PCI: Remove duplicate pci_disable_device() from pcie_portdrv_remove()
    - LP: #1266546
  * powerpc/pseries: Duplicate dtl entries sometimes sent to userspace
    - LP: #1266546
  * powerpc/signals: Mark VSX not saved with small contexts
    - LP: #1266546
  * iscsi-target: fix extract_param to handle buffer length corner case
    - LP: #1266546
  * iscsi-target: chap auth shouldn't match username with trailing garbage
    - LP: #1266546
  * configfs: fix race between dentry put and lookup
    - LP: #1266546
  * ahci: add support for IBM Akebono platform device
    - LP: #1266546
  * ahci: add Marvell 9230 to the AHCI PCI device list
    - LP: #1266546
  * powerpc/signals: Improved mark VSX not saved with small contexts fix
    - LP: #1266546
  * ASoC: wm8990: Mark the register map as dirty when powering down
    - LP: #1266546
  * mac80211: don't attempt to reorder multicast frames
    - LP: #1266546
  * USB: serial: fix race in generic write
    - LP: #1266546
  * usb: gadget: composite: reset delayed_status on reset_config
    - LP: #1266546
  * usb: dwc3: fix implementation of endpoint wedge
    - LP: #1266546
  * Staging: zram: Fix access of NULL pointer
    - LP: #1266546
  * Staging: zram: Fix memory leak by refcount mismatch
    - LP: #1266546
  * can: sja1000: fix {pre,post}_irq() handling and IRQ handler return
    value
    - LP: #1266546
  * irq: Enable all irqs unconditionally in irq_resume
    - LP: #1266546
  * ALSA: hda/realtek - Add support of ALC231 codec
    - LP: #1266546
  * ALSA: hda/realtek - Set pcbeep amp for ALC668
    - LP: #1266546
  * tracing: Allow events to have NULL strings
    - LP: #1266546
  * libsas: fix usage of ata_tf_to_fis
    - LP: #1266546
  * Staging: tidspbridge: disable driver
    - LP: #1266546
  * cpuset: Fix memory allocator deadlock
    - LP: #1266546
  * crypto: authenc - Find proper IV address in ablkcipher callback
    - LP: #1266546
  * crypto: scatterwalk - Set the chain pointer indication bit
    - LP: #1266546
  * crypto: s390 - Fix aes-xts parameter corruption
    - LP: #1266546
  * crypto: ccm - Fix handling of zero plaintext when computing mac
    - LP: #1266546
  * saa7164: fix return value check in saa7164_initdev()
    - LP: #1266546
  * net: smc91: fix crash regression on the versatile
    - LP: #1266546
  * net: update consumers of MSG_MORE to recognize MSG_SENDPAGE_NOTLAST
    - LP: #1266546
  * ARM: footbridge: fix VGA initialisation
    - LP: #1266546
  * hpsa: do not discard scsi status on aborted commands
    - LP: #1266546
  * hpsa: return 0 from driver probe function on success, not 1
    - LP: #1266546
  * enclosure: fix WARN_ON in dual path device removing
    - LP: #1266546
  * USB: serial: option: blacklist interface 1 for Huawei E173s-6
    - LP: #1266546
  * USB: option: support new huawei devices
    - LP: #1266546
  * USB: spcp8x5: correct handling of CS5 setting
    - LP: #1266546
  * USB: mos7840: correct handling of CS5 setting
    - LP: #1266546
  * USB: ftdi_sio: fixed handling of unsupported CSIZE setting
    - LP: #1266546
  * USB: pl2303: fixed handling of CS5 setting
    - LP: #1266546
  * powerpc/gpio: Fix the wrong GPIO input data on MPC8572/MPC8536
    - LP: #1266546
  * ASoC: wm8731: fix dsp mode configuration
    - LP: #1266546
  * USB: cdc-acm: Added support for the Lenovo RD02-D400 USB Modem
    - LP: #1266546
  * usb: hub: Use correct reset for wedged USB3 devices that are
    NOTATTACHED
    - LP: #1266546
  * drivers/char/i8k.c: add Dell XPLS L421X
    - LP: #1266546
  * crypto: scatterwalk - Use sg_chain_ptr on chain entries
    - LP: #1266546
  * ARM: 7912/1: check stack pointer in get_wchan
    - LP: #1266546
  * ARM: 7913/1: fix framepointer check in unwind_frame
    - LP: #1266546
  * x86, build: Pass in additional -mno-mmx, -mno-sse options
    - LP: #1266546
  * ALSA: memalloc.h - fix wrong truncation of dma_addr_t
    - LP: #1266546
  * dm snapshot: avoid snapshot space leak on crash
    - LP: #1266546
  * dm table: fail dm_table_create on dm_round_up overflow
    - LP: #1266546
  * x86, build, icc: Remove uninitialized_var() from compiler-intel.h
    - LP: #1266546
  * x86, efi: Don't use (U)EFI time services on 32 bit
    - LP: #1266546
  * dm bufio: initialize read-only module parameters
    - LP: #1266546
  * ARM: pxa: tosa: fix keys mapping
    - LP: #1266546
  * ARM: pxa: prevent PXA270 occasional reboot freezes
    - LP: #1266546
  * hwmon: (w83l786ng) Fix fan speed control mode setting and reporting
    - LP: #1266546
  * hwmon: (w83l768ng) Fix fan speed control range
    - LP: #1266546
  * hwmon: Prevent some divide by zeros in FAN_TO_REG()
    - LP: #1266546
  * futex: fix handling of read-only-mapped hugepages
    - LP: #1266546
  * KVM: Improve create VCPU parameter (CVE-2013-4587)
    - LP: #1266546
  * KVM: x86: Fix potential divide by 0 in lapic (CVE-2013-6367)
    - LP: #1266546
  * selinux: handle TCP SYN-ACK packets correctly in selinux_ip_output()
    - LP: #1266546
  * selinux: handle TCP SYN-ACK packets correctly in selinux_ip_postroute()
    - LP: #1266546
  * drivers/rtc/rtc-at91rm9200.c: correct alarm over day/month wrap
    - LP: #1266546
  * sched: Avoid throttle_cfs_rq() racing with period_timer stopping
    - LP: #1266546
  * um: add missing declaration of 'getrlimit()' and friends
    - LP: #1266546
  * net: Fix "ip rule delete table 256"
    - LP: #1266546
  * ipv6: use rt6_get_dflt_router to get default router in rt6_route_rcv
    - LP: #1266546
  * random32: fix off-by-one in seeding requirement
    - LP: #1266546
  * bonding: don't permit to use ARP monitoring in 802.3ad mode
    - LP: #1266546
  * 6lowpan: Uncompression of traffic class field was incorrect
    - LP: #1266546
  * bonding: fix two race conditions in bond_store_updelay/downdelay
    - LP: #1266546
  * isdnloop: use strlcpy() instead of strcpy()
    - LP: #1266546
  * connector: improved unaligned access error fix
    - LP: #1266546
  * ipv4: fix possible seqlock deadlock
    - LP: #1266546
  * inet: prevent leakage of uninitialized memory to user in recv syscalls
    - LP: #1266546
  * net: rework recvmsg handler msg_name and msg_namelen logic
    - LP: #1266546
  * net: add BUG_ON if kernel advertises msg_namelen > sizeof(struct
    sockaddr_storage)
    - LP: #1266546
  * inet: fix addr_len/msg->msg_namelen assignment in recv_error and rxpmtu
    functions
    - LP: #1266546
  * net: clamp ->msg_namelen instead of returning an error
    - LP: #1266546
  * ipv6: fix leaking uninitialized port number of offender sockaddr
    - LP: #1266546
  * atm: idt77252: fix dev refcnt leak
    - LP: #1266546
  * net: core: Always propagate flag changes to interfaces
    - LP: #1266546
  * bridge: flush br's address entry in fdb when remove the bridge dev
    - LP: #1266546
  * packet: fix use after free race in send path when dev is released
    - LP: #1266546
  * af_packet: block BH in prb_shutdown_retire_blk_timer()
    - LP: #1266546
  * inet: fix possible seqlock deadlocks
    - LP: #1266546
  * ipv6: fix possible seqlock deadlock in ip6_finish_output2
    - LP: #1266546
  * {pktgen, xfrm} Update IPv4 header total len and checksum after
    tranformation
    - LP: #1266546
  * HID: multitouch: validate indexes details
    - LP: #1266546
    - CVE-2013-2897
  * crypto: ansi_cprng - Fix off by one error in non-block size request
    - LP: #1266546
  * aacraid: prevent invalid pointer dereference
    - LP: #1266546
  * xfs: underflow bug in xfs_attrlist_by_handle()
    - LP: #1266546
  * net: flow_dissector: fail on evil iph->ihl
    - LP: #1266546
  * ftrace: Fix ftrace hash record update with notrace
    - LP: #1266546
  * ftrace: Create ftrace_hash_empty() helper routine
    - LP: #1266546
  * ftrace: Check module functions being traced on reload
    - LP: #1266546
  * ftrace: Fix function graph with loading of modules
    - LP: #1266546
  * mmc: block: fix a bug of error handling in MMC driver
    - LP: #1266546
  * Linux 3.2.54
    - LP: #1266546
 -- Brad Figg <brad.figg@xxxxxxxxxxxxx>   Tue, 07 Jan 2014 12:36:47 -0800

** Changed in: linux (Ubuntu Precise)
       Status: Fix Committed => Fix Released

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2013-2897

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2013-2929

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2013-4587

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2013-6367

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1256988

Title:
  netns: crash during namespace destroy

Status in “linux” package in Ubuntu:
  Fix Released
Status in “linux” source package in Precise:
  Fix Released
Status in “linux” source package in Quantal:
  Fix Committed
Status in “linux” source package in Raring:
  Fix Released

Bug description:
  [Impact]
  * When restoring an iptable in a network namespace, if the network namespace is deleted the kernel crashes.

  [Test Case]
  $ sudo -s
  # ip netns add foobar
  # ip netns exec foobar iptables -A OUTPUT -m recent --rcheck --rsource
  # ip netns del foobar

  [Regression Potential]
  * The following patches fix the issue:
  665e205c1
  32263dd1b

  In addition this patch is required to fix a potential regression introduced by the original fix:
  https://git.kernel.org/cgit/linux/kernel/git/pablo/nf.git/commit/?id=b4ef4ce09308955d1aa54a289c0162607b3aa16c

  Two are upstream linux patches, the last it still in the netfilter
  upstream tree.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1256988/+subscriptions


References