← Back to team overview

kernel-packages team mailing list archive

[Bug 1393355] Re: Issue with msgrcv in a 32-bit application and -ve argument

 

This bug was fixed in the package linux - 3.13.0-41.70

---------------
linux (3.13.0-41.70) trusty; urgency=low

  [ Luis Henriques ]

  * Release Tracking Bug
    - LP: #1396112

  [ Chris J Arges ]

  * [Config] CONFIG_SCOM_DEBUGFS=y for powerpc/powerpc64-smp
    ppc64el/generic
    - LP: #1395855

  [ Upstream Kernel Changes ]

  * Revert "KVM: x86: Handle errors when RIP is set during far jumps"
    - LP: #1393477
  * Revert "net/macb: add pinctrl consumer support"
    - LP: #1393477
  * Revert "iwlwifi: mvm: treat EAPOLs like mgmt frames wrt rate"
    - LP: #1393477
  * Revert "ipmi: simplify locking"
    - LP: #1383921
  * ACPI / blacklist: add Win8 OSI quirks for some Dell laptop models
    - LP: #1339456
  * ACPI / battery: Accelerate battery resume callback
    - LP: #838543
  * tools: cpu-hotplug fix unexpected operator error
  * netlink: reset network header before passing to taps
    - LP: #1393477
  * rtnetlink: fix VF info size
    - LP: #1393477
  * myri10ge: check for DMA mapping errors
    - LP: #1393477
  * tcp: don't use timestamp from repaired skb-s to calculate RTT (v2)
    - LP: #1393477
  * sit: Fix ipip6_tunnel_lookup device matching criteria
    - LP: #1393477
  * tcp: fix tcp_release_cb() to dispatch via address family for
    mtu_reduced()
    - LP: #1393477
  * tcp: fix ssthresh and undo for consecutive short FRTO episodes
    - LP: #1393477
  * packet: handle too big packets for PACKET_V3
    - LP: #1393477
  * openvswitch: fix panic with multiple vlan headers
    - LP: #1393477
  * vxlan: fix incorrect initializer in union vxlan_addr
    - LP: #1393477
  * l2tp: fix race while getting PMTU on PPP pseudo-wire
    - LP: #1393477
  * bonding: fix div by zero while enslaving and transmitting
    - LP: #1393477
  * bridge: Check if vlan filtering is enabled only once.
    - LP: #1393477
  * bridge: Fix br_should_learn to check vlan_enabled
    - LP: #1393477
  * net: allow macvlans to move to net namespace
    - LP: #1393477
  * tg3: Work around HW/FW limitations with vlan encapsulated frames
    - LP: #1393477
  * tg3: Allow for recieve of full-size 8021AD frames
    - LP: #1393477
  * xfrm: Generate blackhole routes only from route lookup functions
    - LP: #1393477
  * xfrm: Generate queueing routes only from route lookup functions
    - LP: #1393477
  * macvtap: Fix race between device delete and open.
    - LP: #1393477
  * gro: fix aggregation for skb using frag_list
    - LP: #1393477
  * hyperv: Fix a bug in netvsc_start_xmit()
    - LP: #1393477
  * ip6_gre: fix flowi6_proto value in xmit path
    - LP: #1393477
  * team: avoid race condition in scheduling delayed work
    - LP: #1393477
  * sctp: handle association restarts when the socket is closed.
    - LP: #1393477
  * tcp: fixing TLP's FIN recovery
    - LP: #1393477
  * sparc64: Do not disable interrupts in nmi_cpu_busy()
    - LP: #1393477
  * sparc64: Fix pcr_ops initialization and usage bugs.
    - LP: #1393477
  * sparc32: dma_alloc_coherent must honour gfp flags
    - LP: #1393477
  * sparc64: sun4v TLB error power off events
    - LP: #1393477
  * sparc64: Fix corrupted thread fault code.
    - LP: #1393477
  * sparc64: find_node adjustment
    - LP: #1393477
  * sparc64: Move request_irq() from ldc_bind() to ldc_alloc()
    - LP: #1393477
  * sparc: Let memset return the address argument
    - LP: #1393477
  * sparc64: Fix reversed start/end in flush_tlb_kernel_range()
    - LP: #1393477
  * sparc64: Fix lockdep warnings on reboot on Ultra-5
    - LP: #1393477
  * sparc64: Fix FPU register corruption with AES crypto offload.
    - LP: #1393477
  * sparc64: Do not define thread fpregs save area as zero-length array.
    - LP: #1393477
  * sparc64: Fix hibernation code refrence to PAGE_OFFSET.
    - LP: #1393477
  * sparc64: correctly recognise M6 and M7 cpu type
    - LP: #1393477
  * sparc64: support M6 and M7 for building CPU distribution map
    - LP: #1393477
  * sparc64: cpu hardware caps support for sparc M6 and M7
    - LP: #1393477
  * sparc64: T5 PMU
    - LP: #1393477
  * sparc64: Switch to 4-level page tables.
    - LP: #1393477
  * sparc64: Define VA hole at run time, rather than at compile time.
    - LP: #1393477
  * sparc64: Adjust KTSB assembler to support larger physical addresses.
    - LP: #1393477
  * sparc64: Fix physical memory management regressions with large
    max_phys_bits.
    - LP: #1393477
  * sparc64: Use kernel page tables for vmemmap.
    - LP: #1393477
  * sparc64: Increase MAX_PHYS_ADDRESS_BITS to 53.
    - LP: #1393477
  * sparc64: Adjust vmalloc region size based upon available virtual
    address bits.
    - LP: #1393477
  * sparc64: sparse irq
    - LP: #1393477
  * sparc64: Kill unnecessary tables and increase MAX_BANKS.
    - LP: #1393477
  * sparc64: Increase size of boot string to 1024 bytes
    - LP: #1393477
  * sparc64: Fix register corruption in top-most kernel stack frame during
    boot.
    - LP: #1393477
  * sparc64: Implement __get_user_pages_fast().
    - LP: #1393477
  * ext4: check EA value offset when loading
    - LP: #1393477
  * jbd2: free bh when descriptor block checksum fails
    - LP: #1393477
  * ext4: don't check quota format when there are no quota files
    - LP: #1393477
  * target: Fix queue full status NULL pointer for SCF_TRANSPORT_TASK_SENSE
    - LP: #1393477
  * vfs: fix data corruption when blocksize < pagesize for mmaped data
    - LP: #1393477
  * ext4: fix mmap data corruption when blocksize < pagesize
    - LP: #1393477
  * ext4: grab missed write_count for EXT4_IOC_SWAP_BOOT
    - LP: #1393477
  * qla_target: don't delete changed nacls
    - LP: #1393477
  * target: Fix APTPL metadata handling for dynamic MappedLUNs
    - LP: #1393477
  * iser-target: Disable TX completion interrupt coalescing
    - LP: #1393477
  * ext4: don't orphan or truncate the boot loader inode
    - LP: #1393477
  * ext4: add ext4_iget_normal() which is to be used for dir tree lookups
    - LP: #1393477
  * ext4: fix reservation overflow in ext4_da_write_begin
    - LP: #1393477
  * ext4: Replace open coded mdata csum feature to helper function
    - LP: #1393477
  * ext4: move error report out of atomic context in
    ext4_init_block_bitmap()
    - LP: #1393477
  * ARC: [nsimosci] Allow "headless" models to boot
    - LP: #1393477
  * ARC: Update order of registers in KGDB to match GDB 7.5
    - LP: #1393477
  * ext4: check s_chksum_driver when looking for bg csum presence
    - LP: #1393477
  * drm/radeon: fix speaker allocation setup
    - LP: #1393477
  * drm/radeon: use gart memory for DMA ring tests
    - LP: #1393477
  * compiler: define OPTIMIZER_HIDE_VAR() macro
    - LP: #1393477
  * random: add and use memzero_explicit() for clearing data
    - LP: #1393477
  * ALSA: pcm: use the same dma mmap codepath both for arm and arm64
    - LP: #1393477
  * ALSA: ALC283 codec - Avoid pop noise on headphones during
    suspend/resume
    - LP: #1393477
  * ALSA: usb-audio: Add support for Steinberg UR22 USB interface
    - LP: #1393477
  * ALSA: hda - hdmi: Fix missing ELD change event on plug/unplug
    - LP: #1393477
  * arm64: compat: fix compat types affecting struct compat_elf_prpsinfo
    - LP: #1393477
  * freezer: Do not freeze tasks killed by OOM killer
    - LP: #1393477
  * OOM, PM: OOM killed task shouldn't escape PM suspend
    - LP: #1393477
  * qxl: don't create too large primary surface
    - LP: #1393477
  * MIPS: tlbex: Properly fix HUGE TLB Refill exception handler
    - LP: #1393477
  * drm/cirrus: bind also to qemu-xen-traditional
    - LP: #1393477
  * cpufreq: intel_pstate: Fix setting max_perf_pct in performance policy
    - LP: #1393477
  * cpufreq: expose scaling_cur_freq sysfs file for set_policy() drivers
    - LP: #1393477
  * cpufreq: intel_pstate: Reflect current no_turbo state correctly
    - LP: #1393477
  * intel_pstate: Don't lose sysfs settings during cpu offline
    - LP: #1393477
  * intel_pstate: Fix BYT frequency reporting
    - LP: #1393477
  * intel_pstate: Correct BYT VID values.
    - LP: #1393477
  * MIPS: ftrace: Fix a microMIPS build problem
    - LP: #1393477
  * kvm: x86: don't kill guest on unknown exit reason
    - LP: #1393477
  * kvm: fix excessive pages un-pinning in kvm_iommu_map error path.
    - LP: #1393477
  * KVM: x86: use new CS.RPL as CPL during task switch
    - LP: #1393477
  * KVM: x86: Handle errors when RIP is set during far jumps
    - LP: #1393477
  * KVM: x86: Fix far-jump to non-canonical check
    - LP: #1393477
  * staging:iio:ad5933: Fix NULL pointer deref when enabling buffer
    - LP: #1393477
  * staging:iio:ad5933: Drop "raw" from channel names
    - LP: #1393477
  * iio: st_sensors: Fix buffer copy
    - LP: #1393477
  * iio: mxs-lradc: Propagate the real error code on platform_get_irq()
    failure
    - LP: #1393477
  * iio: adc: mxs-lradc: Disable the clock on probe failure
    - LP: #1393477
  * spi: pl022: Fix incorrect dma_unmap_sg
    - LP: #1393477
  * mac80211: fix typo in starting baserate for rts_cts_rate_idx
    - LP: #1393477
  * usb: dwc3: gadget: fix set_halt() bug with pending transfers
    - LP: #1393477
  * usb: gadget: function: acm: make f_acm pass USB20CV Chapter9
    - LP: #1393477
  * ext3: Don't check quota format when there are no quota files
    - LP: #1393477
  * quota: Properly return errors from dquot_writeback_dquots()
    - LP: #1393477
  * USB: serial: cp210x: add Silicon Labs 358x VID and PID
    - LP: #1393477
  * usb: serial: ftdi_sio: add Awinda Station and Dongle products
    - LP: #1393477
  * usb: option: add support for Telit LE910
    - LP: #1393477
  * USB: option: add Haier CE81B CDMA modem
    - LP: #1393477
  * x86, apic: Handle a bad TSC more gracefully
    - LP: #1393477
  * i3200_edac: Report CE events properly
    - LP: #1393477
  * i82860_edac: Report CE events properly
    - LP: #1393477
  * cpc925_edac: Report UE events properly
    - LP: #1393477
  * e7xxx_edac: Report CE events properly
    - LP: #1393477
  * scsi: Fix error handling in SCSI_IOCTL_SEND_COMMAND
    - LP: #1393477
  * usb: serial: ftdi_sio: add "bricked" FTDI device PID
    - LP: #1393477
  * usb: musb: cppi41: restart hrtimer only if not yet done
    - LP: #1393477
  * usb: gadget: udc: core: fix kernel oops with soft-connect
    - LP: #1393477
  * nfsd4: fix crash on unknown operation number
    - LP: #1393477
  * iwlwifi: configure the LTR
    - LP: #1393477
  * mac80211: add vif to flush call
    - LP: #1393477
  * iwlwifi: dvm: drop non VO frames when flushing
    - LP: #1393477
  * usb: dwc3: gadget: Properly initialize LINK TRB
    - LP: #1393477
  * Input: i8042 - quirks for Fujitsu Lifebook A544 and Lifebook AH544
    - LP: #1393477
  * posix-timers: Fix stack info leak in timer_create()
    - LP: #1393477
  * futex: Fix a race condition between REQUEUE_PI and task death
    - LP: #1393477
  * PM / Sleep: fix recovery during resuming from hibernation
    - LP: #1393477
  * ALSA: pcm: Zero-clear reserved fields of PCM status ioctl in compat
    mode
    - LP: #1393477
  * ima: check xattr value length and type in the ima_inode_setxattr()
    - LP: #1393477
  * evm: check xattr value length and type in evm_inode_setxattr()
    - LP: #1393477
  * drm/radeon/dpm: disable ulv support on SI
    - LP: #1393477
  * drm/radeon: dpm fixes for asrock systems
    - LP: #1393477
  * drm/radeon: remove invalid pci id
    - LP: #1393477
  * x86, pageattr: Prevent overflow in slow_virt_to_phys() for X86_PAE
    - LP: #1393477
  * cgroup/kmemleak: add kmemleak_free() for cgroup deallocations.
    - LP: #1393477
  * mm: free compound page with correct order
    - LP: #1393477
  * mm, thp: fix collapsing of hugepages on madvise
    - LP: #1393477
  * lib/bitmap.c: fix undefined shift in __bitmap_shift_{left|right}()
    - LP: #1393477
  * ext4: fix overflow when updating superblock backups after resize
    - LP: #1393477
  * ext4: fix oops when loading block bitmap failed
    - LP: #1393477
  * ext4: enable journal checksum when metadata checksum feature enabled
    - LP: #1393477
  * ext4: bail out from make_indexed_dir() on first error
    - LP: #1393477
  * PCI: Rename sysfs 'enabled' file back to 'enable'
    - LP: #1393477
  * wireless: rt2x00: add new rt2800usb device
    - LP: #1393477
  * fs: allow open(dir, O_TMPFILE|..., 0) with mode 0
    - LP: #1393477
  * tracing/syscalls: Ignore numbers outside NR_syscalls' range
    - LP: #1393477
  * x86_64, entry: Fix out of bounds read on sysenter
    - LP: #1393477
  * ACPI / EC: Add support to disallow QR_EC to be issued when SCI_EVT
    isn't set
    - LP: #1393477
  * ACPI / EC: Fix regression due to conflicting firmware behavior between
    Samsung and Acer.
    - LP: #1393477
  * net: sctp: fix skb_over_panic when receiving malformed ASCONF chunks
    - LP: #1393477
  * net: sctp: fix panic on duplicate ASCONF chunks
    - LP: #1393477
  * net: sctp: fix remote memory pressure from excessive queueing
    - LP: #1393477
  * Linux 3.13.11.11
    - LP: #1393477
  * MAINTAINERS: Update APM X-Gene section
    - LP: #1381084
  * Documentation: dts: Update section header for APM X-Gene
    - LP: #1381084
  * dtb: Add 10GbE node to APM X-Gene SoC device tree
    - LP: #1381084
  * drivers: net: xgene: Preparing for adding 10GbE support
    - LP: #1381084
  * drivers: net: xgene: Add 10GbE support
    - LP: #1381084
  * drivers: net: xgene: Add 10GbE ethtool support
    - LP: #1381084
  * dtb: Add SGMII based 1GbE node to APM X-Gene SoC device tree
    - LP: #1381216
  * drivers: net: xgene: Preparing for adding SGMII based 1GbE
    - LP: #1381216
  * drivers: net: xgene: Add SGMII based 1GbE support
    - LP: #1381216
  * drivers: net: xgene: Add SGMII based 1GbE ethtool support
    - LP: #1381216
  * drivers: net: xgene: Rewrite buggy loop in xgene_enet_ecc_init()
    - LP: #1381216
  * dtb: xgene: fix: Backward compatibility with older firmware
    - LP: #1381084, #1381216
  * drivers: net: xgene: Backward compatibility with older firmware
    - LP: #1381084, #1381216
  * drivers: net: xgene: fix: Use separate resources
    - LP: #1381216
  * HID: Add the transport-driver functions to the HIDP driver.
    - LP: #1393764
  * ipc: fix compat msgrcv with negative msgtyp
    - LP: #1393355
 -- Luis Henriques <luis.henriques@xxxxxxxxxxxxx>   Tue, 25 Nov 2014 12:07:01 +0000

** Changed in: linux (Ubuntu Trusty)
       Status: Fix Committed => Fix Released

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1393355

Title:
  Issue with msgrcv in a 32-bit application and -ve argument

Status in linux package in Ubuntu:
  Fix Released
Status in linux source package in Trusty:
  Fix Released
Status in linux source package in Utopic:
  Fix Released
Status in linux source package in Vivid:
  Fix Released

Bug description:
  == Comment: #0 - R. Wilson <wilsonrs@xxxxxxxxxx> - 2014-11-13 08:11:01 ==
  ---Problem Description---
  system call msgrcv() from 32-bit application shows error: msgrcv: No message of desired type
  The following upstream commit resolves the issue.

  commit e7ca2552369c1dfe0216c626baf82c3d83ec36bb
  Author: Mateusz Guzik <mguzik@xxxxxxxxxx>
  Date:   Mon Jan 27 17:07:11 2014 -0800

      ipc: fix compat msgrcv with negative msgtyp
      
      Compat function takes msgtyp argument as u32 and passes it down to
      do_msgrcv which results in casting to long, thus the sign is lost and we
      get a big positive number instead.
      
      Cast the argument to signed type before passing it down.

  We now hit the problem on Ubuntu 14_04 and need to know if a similar
  patch is forthcoming.

   
  ---uname output---
  Linux ctg-a-il-u1 3.13.0-39-generic #66-Ubuntu SMP Tue Oct 28 13:30:27 UTC 2014 x86_64 x86_64 x86_64 GNU/Linux
   
  Machine Type = VMware guest 
   
  ---Debugger---
  A debugger is not configured
   
  ---Steps to Reproduce---
   Compile test applications using gcc -m32 -o <name> <name.c>
  Run test application testmsgs to send a message to a queue
  Run test application testmsgr  that *should* retriieve message sent by testmsgs
  Observe that testmsgr does not retrieve message

  Repeat test, compilling with -m64 instead - applications work as expected
   
  Stack trace output:
   no
   
  Oops output:
   no
   
  Userspace tool common name: custom application designed to replicate problem 
   
  The userspace tool has the following bit modes: 32-bit 
   
  System Dump Info:
    The system is not configured to capture a system dump.

  == Comment: #2 - R. Wilson <wilsonrs@xxxxxxxxxx> - 2014-11-13 08:15:25 ==
  Back trace for testmsgr:

  (gdb) bt
  #0  0xf777c430 in __kernel_vsyscall ()
  #1  0xf76a4660 in msgrcv () from /lib32/libc.so.6
  #2  0x08048573 in main ()
  (gdb)

  The msgrcv *should* have returned immediately as the message was
  placed on the queue by testmsgs

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1393355/+subscriptions