This bug was fixed in the package linux - 4.8.0-58.63 --------------- linux (4.8.0-58.63) yakkety; urgency=low
* linux: 4.8.0-58.63 -proposed tracker (LP: #1700533) * CVE-2017-1000364 - Revert "UBUNTU: SAUCE: mm: Only expand stack if guard area is hit" - Revert "mm: do not collapse stack gap into THP" - Revert "mm: enlarge stack guard gap" - mm: vma_adjust: remove superfluous confusing update in remove_next == 1 case - mm: larger stack guard gap, between vmas - mm: fix new crash in unmapped_area_topdown() - Allow stack to grow up to address space limit linux (4.8.0-57.62) yakkety; urgency=low * linux: 4.8.0-57.62 -proposed tracker (LP: #1699035) * CVE-2017-1000364 - SAUCE: mm: Only expand stack if guard area is hit * CVE-2017-7374 - fscrypt: remove broken support for detecting keyring key revocation * CVE-2017-100363 - char: lp: fix possible integer overflow in lp_setup() * CVE-2017-9242 - ipv6: fix out of bound writes in __ip6_append_data() * CVE-2017-9075 - sctp: do not inherit ipv6_{mc|ac|fl}_list from parent * CVE-2017-9074 - ipv6: Prevent overrun when parsing v6 header options * CVE-2017-9076 - ipv6/dccp: do not inherit ipv6_mc_list from parent * CVE-2017-9077 - ipv6/dccp: do not inherit ipv6_mc_list from parent * CVE-2017-8890 - dccp/tcp: do not inherit mc_list from parent * extend-diff-ignore should use exact matches (LP: #1693504) - [Packaging] exact extend-diff-ignore matches * APST quirk needed for Intel NVMe (LP: #1686592) - nvme: Quirk APST on Intel 600P/P3100 devices * regression: the 4.8 hwe kernel does not create the /sys/block/*/device/enclosure_device:* symlinks (LP: #1691899) - scsi: ses: Fix SAS device detection in enclosure * datapath: Add missing case OVS_TUNNEL_KEY_ATTR_PAD (LP: #1676679) - openvswitch: Add missing case OVS_TUNNEL_KEY_ATTR_PAD * connection flood to port 445 on mounting cifs volume under kernel (LP: #1686099) - cifs: Do not send echoes before Negotiate is complete * Support IPMI system interface on Cavium ThunderX (LP: #1688132) - i2c: octeon: Rename driver to prepare for split - i2c: octeon: Split the driver into two parts - [Config] CONFIG_I2C_THUNDERX=m - i2c: thunderx: Add i2c driver for ThunderX SOC - i2c: thunderx: Add SMBUS alert support - i2c: octeon,thunderx: Move register offsets to struct - i2c: octeon: Sort include files alphabetically - i2c: octeon: Use booleon values for booleon variables - i2c: octeon: thunderx: Add MAINTAINERS entry - i2c: octeon: Fix set SCL recovery function - i2c: octeon: Avoid sending STOP during recovery - i2c: octeon: Fix high-level controller status check - i2c: octeon: thunderx: TWSI software reset in recovery - i2c: octeon: thunderx: Remove double-check after interrupt - i2c: octeon: thunderx: Limit register access retries - i2c: thunderx: Enable HWMON class probing * CVE-2017-5577 - drm/vc4: Return -EINVAL on the overflow checks failing. * Merlin SGMII fail on Ubuntu Xenial HWE kernel (LP: #1686305) - net: phy: marvell: fix Marvell 88E1512 used in SGMII mode - drivers: net: phy: xgene: Fix mdio write * Keyboard backlight control does not work on some dell laptops. (LP: #1693126) - platform/x86: dell-laptop: Add Latitude 7480 and others to the DMI whitelist - platform/x86: dell-laptop: Add keyboard backlight timeout AC settings * exec'ing a setuid binary from a threaded program sometimes fails to setuid (LP: #1672819) - SAUCE: exec: ensure file system accounting in check_unsafe_exec is correct * CVE-2017-7294 - drm/vmwgfx: fix integer overflow in vmw_surface_define_ioctl() -- Stefan Bader <stefan.ba...@canonical.com> Mon, 26 Jun 2017 17:31:13 +0200 ** Changed in: linux (Ubuntu Yakkety) Status: Fix Committed => Fix Released ** CVE added: https://cve.mitre.org/cgi- bin/cvename.cgi?name=2017-1000364 ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2017-100363 ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2017-5577 ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2017-7294 ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2017-7374 ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2017-8890 ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2017-9074 ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2017-9075 ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2017-9076 ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2017-9077 ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2017-9242 -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1676679 Title: datapath: Add missing case OVS_TUNNEL_KEY_ATTR_PAD Status in The Ubuntu-power-systems project: Fix Released Status in linux package in Ubuntu: Fix Released Status in openvswitch package in Ubuntu: Invalid Status in linux source package in Yakkety: Fix Released Status in openvswitch source package in Yakkety: Invalid Status in linux source package in Zesty: Fix Released Status in openvswitch source package in Zesty: Invalid Bug description: ---Problem Description--- Recreate and error info: Hit a new issue with OVS after updating to the Ubuntu 4.8 kernel from the Ubuntu 4.4 kernel. Iperf was used to send traffic between client VMs over VXLAN. The traffic did still flow, but every packet had to go to user space due to the flow creation failures, which drastically impacted performance and cpu utilization. When using VXLAN, the following error is showing up in dmesg openvswitch: netlink: Unknown IP tunnel attribute 14 Also there are tons of these errors in the openvswitch log 2017-03-01T15:50:47.860Z|00018|dpif(handler164)|WARN|system@ovs-system: failed to put[create] (Invalid argument) ufid:2d1a9aeb-7b24-4235-a208-a01f98237e60 recirc_id(0),dp_hash(0/0),skb_pri Debug showed that this attribute, OVS_TUNNEL_KEY_ATTR_PAD, was being seen in the switch statement in method, static int ip_tun_from_nlattr, in flow_netlink.c . Because there is no case for this attribute, the default is hit and returns an error. The issue was first seen using the packages in the Ubuntu 4.8 kernel, which is OVS 2.5. OVS 2.6 and 2.6.1 were also tried with the kernel packages and the same issue was seen. Tried building OVS 2.7 and loading the openvswitch-datapath-dkms_2.7.0-1_all.deb that got built but the issue persisted. The proposed patch seems to eliminate the error messages and also fixed the segmentation and performance issues that were seen. ---uname output--- stock 4.8 kernel Machine Type = p8 ---Debugger--- A debugger is not configured ---Steps to Reproduce--- Hit a new issue with OVS after updating to the Ubuntu 4.8 kernel from the Ubuntu 4.4 kernel. Iperf was used to send traffic between client VMs over VXLAN. The traffic did still flow, but every packet had to go to user space due to the flow creation failures, which drastically impacted performance and cpu utilization. When using VXLAN, the following error is showing up in dmesg openvswitch: netlink: Unknown IP tunnel attribute 14 Link to the patch is https://patchwork.ozlabs.org/patch/738856/ To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu-power-systems/+bug/1676679/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp