This bug was fixed in the package linux - 4.10.0-30.34
---------------
linux (4.10.0-30.34) zesty; urgency=low
* CVE-2017-7533
- dentry name snapshots
linux (4.10.0-29.33) zesty; urgency=low
* linux: 4.10.0-29.33 -proposed tracker (LP: #1704961)
* Opal and POWER9 DD2 (LP: #1702159)
- powerpc/powernv: Tell OPAL about our MMU mode on POWER9
- powerpc/powernv: Fix boot on Power8 bare metal due to
opal_configure_cores()
* CVE-2017-1000364
- mm/mmap.c: do not blow on PROT_NONE MAP_FIXED holes in the stack
- mm/mmap.c: expand_downwards: don't require the gap if !vm_prev
* [Xenial] nvme: Quirks for PM1725 controllers (LP: #1704435)
- nvme: Quirks for PM1725 controllers
* hns: under heavy load, NIC may fail and require reboot (LP: #1704146)
- net: hns: Bugfix for Tx timeout handling in hns driver
* New ACPI identifiers for ThunderX SMMU (LP: #1703437)
- iommu/arm-smmu: Plumb in new ACPI identifiers
* CVE-2017-7482
- rxrpc: Fix several cases where a padded len isn't checked in ticket decode
* CVE-2017-1000365
- fs/exec.c: account for argv/envp pointers
* CVE-2017-10810
- drm/virtio: don't leak bo on drm_gem_object_init failure
* Data corruption with hio driver (LP: #1701316)
- SAUCE: hio: Fix incorrect use of enum req_opf values
* arm64: fix crash reading /proc/kcore (LP: #1702749)
- fs/proc: kcore: use kcore_list type to check for vmalloc/module address
- arm64: mm: select CONFIG_ARCH_PROC_KCORE_TEXT
* cxlflash update request in the Xenial SRU stream (LP: #1702521)
- scsi: cxlflash: Refactor context reset to share reset logic
- scsi: cxlflash: Support SQ Command Mode
- scsi: cxlflash: Cleanup prints
- scsi: cxlflash: Cancel scheduled workers before stopping AFU
- scsi: cxlflash: Enable PCI device ID for future IBM CXL Flash AFU
- scsi: cxlflash: Separate RRQ processing from the RRQ interrupt handler
- scsi: cxlflash: Serialize RRQ access and support offlevel processing
- scsi: cxlflash: Implement IRQ polling for RRQ processing
- scsi: cxlflash: Update sysfs helper routines to pass config structure
- scsi: cxlflash: Support dynamic number of FC ports
- scsi: cxlflash: Remove port configuration assumptions
- scsi: cxlflash: Hide FC internals behind common access routine
- scsi: cxlflash: SISlite updates to support 4 ports
- scsi: cxlflash: Support up to 4 ports
- scsi: cxlflash: Fence EEH during probe
- scsi: cxlflash: Remove unnecessary DMA mapping
- scsi: cxlflash: Fix power-of-two validations
- scsi: cxlflash: Fix warnings/errors
- scsi: cxlflash: Improve asynchronous interrupt processing
- scsi: cxlflash: Support multiple hardware queues
- scsi: cxlflash: Add hardware queues attribute
- scsi: cxlflash: Introduce hardware queue steering
- cxl: Enable PCI device IDs for future IBM CXL adapters
- scsi: cxlflash: Select IRQ_POLL
- scsi: cxlflash: Combine the send queue locks
- scsi: cxlflash: Update cxlflash_afu_sync() to return errno
- scsi: cxlflash: Reset hardware queue context via specified register
- scsi: cxlflash: Schedule asynchronous reset of the host
- scsi: cxlflash: Handle AFU sync failures
- scsi: cxlflash: Track pending scsi commands in each hardware queue
- scsi: cxlflash: Flush pending commands in cleanup path
- scsi: cxlflash: Add scsi command abort handler
- scsi: cxlflash: Create character device to provide host management
interface
- scsi: cxlflash: Separate AFU internal command handling from AFU sync
specifics
- scsi: cxlflash: Introduce host ioctl support
- scsi: cxlflash: Refactor AFU capability checking
- scsi: cxlflash: Support LUN provisioning
- scsi: cxlflash: Support AFU debug
- scsi: cxlflash: Support WS16 unmap
- scsi: cxlflash: Remove zeroing of private command data
- scsi: cxlflash: Update TMF command processing
- scsi: cxlflash: Avoid double free of character device
- scsi: cxlflash: Update send_tmf() parameters
- scsi: cxlflash: Update debug prints in reset handlers
* Ath10k to read different board data file if specify in SMBIOS (LP: #1666742)
- ath10k: search SMBIOS for OEM board file extension
* APST gets enabled against explicit kernel option (LP: #1699004)
- nvme: Display raw APST configuration via DYNAMIC_DEBUG
- nvme: Add nvme_core.force_apst to ignore the NO_APST quirk
- nvme: explicitly disable APST on quirked devices
* Quirk for non-compliant PCI bridge on HiSilicon D05 board (LP: #1698706)
- SAUCE: PCI: Support hibmc VGA cards behind a misbehaving HiSilicon bridge
* New NVLINK2 patches (LP: #1701272)
- powerpc/powernv/npu-dma: Add explicit flush when sending an ATSD
- powerpc/npu-dma: Remove spurious WARN_ON when a PCI device has no of_node
* ERAT invalidate on context switch removal (LP: #1700819)
- powerpc: Only do ERAT invalidate on radix context switch on P9 DD1
* powerpc: Invalidate ERAT on powersave wakeup for POWER9 (LP: #1700521)
- powerpc/64s: Invalidate ERAT on powersave wakeup for POWER9
* update ENA driver to 1.2.0k from net-next (LP: #1701575)
- net/ena: use napi_complete_done() return value
- net: ena: remove superfluous check in ena_remove()
- net/ena: switch to pci_alloc_irq_vectors
- net: ena: fix rare uncompleted admin command false alarm
- net: ena: fix bug that might cause hang after consecutive open/close
interface.
- net: ena: add missing return when ena_com_get_io_handlers() fails
- net: ena: fix race condition between submit and completion admin command
- net: ena: add missing unmap bars on device removal
- net: ena: fix theoretical Rx hang on low memory systems
- net: ena: disable admin msix while working in polling mode
- net: ena: bug fix in lost tx packets detection mechanism
- net: ena: update ena driver to version 1.1.7
- net: ena: change return value for unsupported features unsupported return
value
- net: ena: add hardware hints capability to the driver
- net: ena: change sizeof() argument to be the type pointer
- net: ena: add reset reason for each device FLR
- net: ena: add support for out of order rx buffers refill
- net: ena: allow the driver to work with small number of msix vectors
- net: ena: use napi_schedule_irqoff when possible
- net: ena: separate skb allocation to dedicated function
- net: ena: use lower_32_bits()/upper_32_bits() to split dma address
- net: ena: update driver's rx drop statistics
- net: ena: update ena driver to version 1.2.0
-- Thadeu Lima de Souza Cascardo <[email protected]> Mon, 31 Jul
2017 14:27:53 -0300
** Changed in: linux (Ubuntu Zesty)
Status: Fix Committed => Fix Released
** CVE added: https://cve.mitre.org/cgi-
bin/cvename.cgi?name=2017-1000364
** CVE added: https://cve.mitre.org/cgi-
bin/cvename.cgi?name=2017-1000365
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2017-10810
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2017-7482
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2017-7533
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1699004
Title:
APST gets enabled against explicit kernel option
Status in linux package in Ubuntu:
Fix Committed
Status in linux source package in Yakkety:
Won't Fix
Status in linux source package in Zesty:
Fix Released
Bug description:
[Impact]
The NVMe driver doesn't set APSTE on APST quirked devices at initialization.
If the BIOS or NVMe enables APST before driver loading, APST will never be
disabled, it also ignores explicit kernel option as result.
So the faulty NVMe may not work as intended.
[Test Case]
$ sudo nvme get-feature -f 0x0c -H /dev/nvme0
...will show APST is "Disabled" instead of "Enabled"
[Regression Potential]
Very low.
This SRU didn't change anything really - it just explicitly set APSTE at
initialization.
---
I have a Lenovo ThinkPad X270 with a Toshiba nvme SSD
$ sudo nvme list
Node SN Model
Namespace Usage Format FW Rev
---------------- --------------------
---------------------------------------- --------- --------------------------
---------------- --------
/dev/nvme0n1 177S10WYTAMT THNSF5256GPUK TOSHIBA
1 256.06 GB / 256.06 GB 512 B + 0 B 51025KLA
I was affected by this bug
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1678184?comments=all
before. After disabling APST by adding
"nvme_core.default_ps_max_latency_us=0" in /etc/default/grub, the bug went away.
Since yesterday, however the bug has returned, with the system dying
with I/O errors after an hour or so.
I verified, that the kernel option is still being set
$ cat /proc/cmdline
BOOT_IMAGE=/boot/vmlinuz-4.10.0-22-generic.efi.signed
root=UUID=365f1a9c-9598-4ad5-a387-d02f771767a1 ro quiet splash
nvme_core.default_ps_max_latency_us=0 vt.handoff=7
however it turns out that it is being ignored for some reason, and
running
$ sudo nvme get-feature -f 0x0c -H /dev/nvme0
reports that APST is enabled. I can successfully disable it manually
using
$ sudo nvme set-feature -f 0x0c -v=0 /dev/nvme0
and the problem goes away. However, after any reboot and even after
waking the system from suspend, it is reenabled, causing the system to
crash after a short while.
ProblemType: Bug
DistroRelease: Ubuntu 17.04
Package: linux-image-4.10.0-22-generic 4.10.0-22.24
ProcVersionSignature: Ubuntu 4.10.0-22.24-generic 4.10.15
Uname: Linux 4.10.0-22-generic x86_64
ApportVersion: 2.20.4-0ubuntu4.1
Architecture: amd64
AudioDevicesInUse:
USER PID ACCESS COMMAND
/dev/snd/pcmC0D0p: maeher 1669 F...m pulseaudio
/dev/snd/controlC0: maeher 1669 F.... pulseaudio
CurrentDesktop: Unity:Unity7
Date: Mon Jun 19 23:29:31 2017
InstallationDate: Installed on 2017-04-17 (64 days ago)
InstallationMedia: Ubuntu 17.04 "Zesty Zapus" - Release amd64 (20170412)
MachineType: LENOVO 20HN001RUS
ProcFB: 0 inteldrmfb
ProcKernelCmdLine: BOOT_IMAGE=/boot/vmlinuz-4.10.0-22-generic.efi.signed
root=UUID=365f1a9c-9598-4ad5-a387-d02f771767a1 ro quiet splash
nvme_core.default_ps_max_latency_us=0 vt.handoff=7
RelatedPackageVersions:
linux-restricted-modules-4.10.0-22-generic N/A
linux-backports-modules-4.10.0-22-generic N/A
linux-firmware 1.164.1
SourcePackage: linux
UpgradeStatus: No upgrade log present (probably fresh install)
dmi.bios.date: 01/16/2017
dmi.bios.vendor: LENOVO
dmi.bios.version: R0IET30W (1.08 )
dmi.board.asset.tag: Not Available
dmi.board.name: 20HN001RUS
dmi.board.vendor: LENOVO
dmi.board.version: SDK0J40697 WIN
dmi.chassis.asset.tag: No Asset Information
dmi.chassis.type: 10
dmi.chassis.vendor: LENOVO
dmi.chassis.version: None
dmi.modalias:
dmi:bvnLENOVO:bvrR0IET30W(1.08):bd01/16/2017:svnLENOVO:pn20HN001RUS:pvrThinkPadX270:rvnLENOVO:rn20HN001RUS:rvrSDK0J40697WIN:cvnLENOVO:ct10:cvrNone:
dmi.product.name: 20HN001RUS
dmi.product.version: ThinkPad X270
dmi.sys.vendor: LENOVO
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1699004/+subscriptions
--
Mailing list: https://launchpad.net/~kernel-packages
Post to : [email protected]
Unsubscribe : https://launchpad.net/~kernel-packages
More help : https://help.launchpad.net/ListHelp
