This bug was fixed in the package linux - 4.4.0-121.145

---------------
linux (4.4.0-121.145) xenial; urgency=medium

  * linux: 4.4.0-121.145 -proposed tracker (LP: #1763687)

  * Ubuntu-4.4.0-120.144 fails to boot on arm64* hardware (LP: #1763644)
    - [Config] arm64: disable BPF_JIT_ALWAYS_ON

linux (4.4.0-120.144) xenial; urgency=medium

  * linux: 4.4.0-120.144 -proposed tracker (LP: #1761438)

  * intel-microcode 3.20180312.0 causes lockup at login screen(w/ linux-
    image-4.13.0-37-generic) (LP: #1759920) // CVE-2017-5715 (Spectre v2 Intel)
    - Revert "x86/mm: Only set IBPB when the new thread cannot ptrace current
      thread"
    - x86/speculation: Use Indirect Branch Prediction Barrier in context switch

  * DKMS driver builds fail with: Cannot use CONFIG_STACK_VALIDATION=y, please
    install libelf-dev, libelf-devel or elfutils-libelf-devel (LP: #1760876)
    - [Packaging] include the retpoline extractor in the headers

  * retpoline hints: primary infrastructure and initial hints (LP: #1758856)
    - [Packaging] retpoline-extract: flag *0xNNN(%reg) branches
    - x86/speculation, objtool: Annotate indirect calls/jumps for objtool
    - x86/speculation, objtool: Annotate indirect calls/jumps for objtool on 
32bit
    - x86/paravirt, objtool: Annotate indirect calls
    - x86/asm: Stop depending on ptrace.h in alternative.h
    - [Packaging] retpoline -- add safe usage hint support
    - [Packaging] retpoline-check -- only report additions
    - [Packaging] retpoline -- widen indirect call/jmp detection
    - [Packaging] retpoline -- elide %rip relative indirections
    - [Packaging] retpoline -- clear hint information from packages
    - SAUCE: modpost: add discard to non-allocatable whitelist
    - KVM: x86: Make indirect calls in emulator speculation safe
    - KVM: VMX: Make indirect call speculation safe
    - x86/boot, objtool: Annotate indirect jump in secondary_startup_64()
    - SAUCE: early/late -- annotate indirect calls in early/late initialisation
      code
    - SAUCE: vga_set_mode -- avoid jump tables
    - [Config] retpoline -- switch to new format
    - [Packaging] final-checks -- remove check for empty retpoline files

  * Xenial update to 4.4.117 stable release (LP: #1756860)
    - IB/mlx4: Fix incorrectly releasing steerable UD QPs when have only ETH 
ports
    - PM / devfreq: Propagate error from devfreq_add_device()
    - s390: fix handling of -1 in set{,fs}[gu]id16 syscalls
    - ARM: dts: STi: Add gpio polarity for "hdmi,hpd-gpio" property
    - arm: spear600: Add missing interrupt-parent of rtc
    - arm: spear13xx: Fix dmas cells
    - arm: spear13xx: Fix spics gpio controller's warning
    - ALSA: seq: Fix regression by incorrect ioctl_mutex usages
    - KVM/x86: Reduce retpoline performance impact in slot_handle_level_range(),
      by always inlining iterator helper methods
    - x86/cpu: Change type of x86_cache_size variable to unsigned int
    - drm/radeon: adjust tested variable
    - rtc-opal: Fix handling of firmware error codes, prevent busy loops
    - ext4: save error to disk in __ext4_grp_locked_error()
    - ext4: correct documentation for grpid mount option
    - mm: hide a #warning for COMPILE_TEST
    - video: fbdev: atmel_lcdfb: fix display-timings lookup
    - console/dummy: leave .con_font_get set to NULL
    - rtlwifi: rtl8821ae: Fix connection lost problem correctly
    - Btrfs: fix deadlock in run_delalloc_nocow
    - Btrfs: fix crash due to not cleaning up tree log block's dirty bits
    - Btrfs: fix unexpected -EEXIST when creating new inode
    - ALSA: hda - Fix headset mic detection problem for two Dell machines
    - ALSA: usb-audio: Fix UAC2 get_ctl request with a RANGE attribute
    - ALSA: hda/realtek: PCI quirk for Fujitsu U7x7
    - ALSA: usb-audio: add implicit fb quirk for Behringer UFX1204
    - ALSA: seq: Fix racy pool initializations
    - mvpp2: fix multicast address filter
    - dm: correctly handle chained bios in dec_pending()
    - x86: fix build warnign with 32-bit PAE
    - vfs: don't do RCU lookup of empty pathnames
    - ARM: pxa/tosa-bt: add MODULE_LICENSE tag
    - ARM: dts: s5pv210: add interrupt-parent for ohci
    - media: r820t: fix r820t_write_reg for KASAN
    - Linux 4.4.117

  * zfs system process hung on container stop/delete (LP: #1754584)
    - SAUCE: (noup) zfs to 0.6.5.6-0ubuntu19
    - SAUCE: Fix non-prefaulted page deadlock (LP: #1754584)

  * apparmor: fix bad __initdata tagging on, apparmor_initialized (LP: #1758471)
    - SAUCE: apparmor: fix bad __initdata tagging on, apparmor_initialized

  * Xenial update to 4.4.116 stable release (LP: #1756121)
    - powerpc/bpf/jit: Disable classic BPF JIT on ppc64le
    - powerpc/64: Fix flush_(d|i)cache_range() called from modules
    - powerpc: Fix VSX enabling/flushing to also test MSR_FP and MSR_VEC
    - powerpc: Simplify module TOC handling
    - ASoC: pcm512x: add missing MODULE_DESCRIPTION/AUTHOR/LICENSE
    - usbip: vhci_hcd: clear just the USB_PORT_STAT_POWER bit
    - usbip: fix 3eee23c3ec14 tcp_socket address still in the status file
    - net: cdc_ncm: initialize drvflags before usage
    - ASoC: simple-card: Fix misleading error message
    - ASoC: rsnd: don't call free_irq() on Parent SSI
    - ASoC: rsnd: avoid duplicate free_irq()
    - drm: rcar-du: Use the VBK interrupt for vblank events
    - drm: rcar-du: Fix race condition when disabling planes at CRTC stop
    - x86/asm: Fix inline asm call constraints for GCC 4.4
    - ip6mr: fix stale iterator
    - net: igmp: add a missing rcu locking section
    - qlcnic: fix deadlock bug
    - r8169: fix RTL8168EP take too long to complete driver initialization.
    - tcp: release sk_frag.page in tcp_disconnect
    - vhost_net: stop device during reset owner
    - media: soc_camera: soc_scale_crop: add missing
      MODULE_DESCRIPTION/AUTHOR/LICENSE
    - KEYS: encrypted: fix buffer overread in valid_master_desc()
    - don't put symlink bodies in pagecache into highmem
    - crypto: tcrypt - fix S/G table for test_aead_speed()
    - x86/microcode: Do the family check first
    - powerpc/pseries: include linux/types.h in asm/hvcall.h
    - cifs: Fix missing put_xid in cifs_file_strict_mmap
    - cifs: Fix autonegotiate security settings mismatch
    - CIFS: zero sensitive data when freeing
    - dmaengine: dmatest: fix container_of member in dmatest_callback
    - x86/kaiser: fix build error with KASAN && !FUNCTION_GRAPH_TRACER
    - kaiser: fix compile error without vsyscall
    - netfilter: nf_queue: Make the queue_handler pernet
    - posix-timer: Properly check sigevent->sigev_notify
    - usb: gadget: uvc: Missing files for configfs interface
    - sched/rt: Use container_of() to get root domain in 
rto_push_irq_work_func()
    - sched/rt: Up the root domain ref count when passing it around via IPIs
    - media: dvb-usb-v2: lmedm04: Improve logic checking of warm start
    - media: dvb-usb-v2: lmedm04: move ts2020 attach to dm04_lme2510_tuner
    - mtd: cfi: convert inline functions to macros
    - mtd: nand: brcmnand: Disable prefetch by default
    - mtd: nand: Fix nand_do_read_oob() return value
    - mtd: nand: sunxi: Fix ECC strength choice
    - ubi: block: Fix locking for idr_alloc/idr_remove
    - nfs/pnfs: fix nfs_direct_req ref leak when i/o falls back to the mds
    - NFS: Add a cond_resched() to nfs_commit_release_pages()
    - NFS: commit direct writes even if they fail partially
    - NFS: reject request for id_legacy key without auxdata
    - kernfs: fix regression in kernfs_fop_write caused by wrong type
    - ahci: Annotate PCI ids for mobile Intel chipsets as such
    - ahci: Add PCI ids for Intel Bay Trail, Cherry Trail and Apollo Lake AHCI
    - ahci: Add Intel Cannon Lake PCH-H PCI ID
    - crypto: hash - introduce crypto_hash_alg_has_setkey()
    - crypto: cryptd - pass through absence of ->setkey()
    - crypto: poly1305 - remove ->setkey() method
    - nsfs: mark dentry with DCACHE_RCUACCESS
    - media: v4l2-ioctl.c: don't copy back the result for -ENOTTY
    - vb2: V4L2_BUF_FLAG_DONE is set after DQBUF
    - media: v4l2-compat-ioctl32.c: add missing VIDIOC_PREPARE_BUF
    - media: v4l2-compat-ioctl32.c: fix the indentation
    - media: v4l2-compat-ioctl32.c: move 'helper' functions to
      __get/put_v4l2_format32
    - media: v4l2-compat-ioctl32.c: avoid sizeof(type)
    - media: v4l2-compat-ioctl32.c: copy m.userptr in put_v4l2_plane32
    - media: v4l2-compat-ioctl32.c: fix ctrl_is_pointer
    - media: v4l2-compat-ioctl32.c: make ctrl_is_pointer work for subdevs
    - media: v4l2-compat-ioctl32: Copy v4l2_window->global_alpha
    - media: v4l2-compat-ioctl32.c: copy clip list in put_v4l2_window32
    - media: v4l2-compat-ioctl32.c: drop pr_info for unknown buffer type
    - media: v4l2-compat-ioctl32.c: don't copy back the result for certain 
errors
    - media: v4l2-compat-ioctl32.c: refactor compat ioctl32 logic
    - crypto: caam - fix endless loop when DECO acquire fails
    - arm: KVM: Fix SMCCC handling of unimplemented SMC/HVC calls
    - KVM: nVMX: Fix races when sending nested PI while dest enters/leaves L2
    - watchdog: imx2_wdt: restore previous timeout after suspend+resume
    - media: ts2020: avoid integer overflows on 32 bit machines
    - media: cxusb, dib0700: ignore XC2028_I2C_FLUSH
    - kernel/async.c: revert "async: simplify lowest_in_progress()"
    - HID: quirks: Fix keyboard + touchpad on Toshiba Click Mini not working
    - Bluetooth: btsdio: Do not bind to non-removable BCM43341
    - Bluetooth: btusb: Restore QCA Rome suspend/resume fix with a "rewritten"
      version
    - signal/openrisc: Fix do_unaligned_access to send the proper signal
    - signal/sh: Ensure si_signo is initialized in do_divide_error
    - alpha: fix crash if pthread_create races with signal delivery
    - alpha: fix reboot on Avanti platform
    - xtensa: fix futex_atomic_cmpxchg_inatomic
    - EDAC, octeon: Fix an uninitialized variable warning
    - pktcdvd: Fix pkt_setup_dev() error path
    - btrfs: Handle btrfs_set_extent_delalloc failure in fixup worker
    - ACPI: sbshc: remove raw pointer from printk() message
    - ovl: fix failure to fsync lower dir
    - mn10300/misalignment: Use SIGSEGV SEGV_MAPERR to report a failed user copy
    - ftrace: Remove incorrect setting of glob search field
    - Linux 4.4.116

  * Xenial update to 4.4.116 stable release (LP: #1756121) // CVE-2017-5754
    - Revert "UBUNTU: SAUCE: UBUNTU: [Config] Disable CONFIG_PPC_DEBUG_RFI"
    - Revert "UBUNTU: SAUCE: rfi-flush: Fix some RFI conversions in the KVM 
code"
    - Revert "UBUNTU: SAUCE: rfi-flush: Fix the 32-bit KVM build"
    - Revert "UBUNTU: SAUCE: rfi-flush: Fallback flush add load dependency"
    - Revert "UBUNTU: SAUCE: rfi-flush: Use rfi-flush in printks"
    - Revert "UBUNTU: SAUCE: rfi-flush: Add no_rfi_flush and nopti comandline
      options"
    - Revert "UBUNTU: SAUCE: rfi-flush: Refactor the macros so the nops are
      defined once"
    - Revert "UBUNTU: SAUCE: rfi-flush: Fix HRFI_TO_UNKNOWN"
    - Revert "UBUNTU: SAUCE: rfi-flush: Fix the fallback flush to actually
      activate"
    - Revert "UBUNTU: SAUCE: rfi-flush: Rework pseries logic to be more 
cautious"
    - Revert "UBUNTU: SAUCE: rfi-flush: Rework powernv logic to be more 
cautious"
    - Revert "UBUNTU: SAUCE: rfi-flush: Add barriers to the fallback L1D 
flushing"
    - Revert "UBUNTU: SAUCE: Fix compilation errors for 
arch/powerpc/lib/feature-
      fixups.c"
    - Revert "UBUNTU: SAUCE: Remove setup.h include file otherwise compilation
      complains about missing header file."
    - Revert "UBUNTU: SAUCE: powerpc/asm: Allow including ppc_asm.h in asm 
files"
    - Revert "UBUNTU: SAUCE: rfi-flush: Add speculation barrier before ori 
30,30,0
      flush"
    - Revert "UBUNTU: SAUCE: rfi-flush: Allow HV to advertise multiple flush
      types"
    - Revert "UBUNTU: SAUCE: rfi-flush: Support more than one flush type at 
once"
    - Revert "UBUNTU: SAUCE: rfi-flush: Expand the RFI section to two nop slots"
    - Revert "UBUNTU: SAUCE: rfi-flush: Push the instruction selection down to 
the
      patching routine"
    - Revert "UBUNTU: SAUCE: rfi-flush: Make l1d_flush_type bit flags"
    - Revert "UBUNTU: SAUCE: rfi-flush: Implement congruence-first fallback 
flush"
    - Revert "UBUNTU: SAUCE: KVM: Revert the implementation of
      H_GET_CPU_CHARACTERISTICS"
    - Revert "UBUNTU: SAUCE: rfi-flush: kvmppc_skip_(H)interrupt returns to 
host"
    - Revert "UBUNTU: SAUCE: Fixup rfid in kvmppc_skip_Hinterrupt should be 
hrfid"
    - Revert "UBUNTU: SAUCE: rfi-flush: Add HRFI_TO_UNKNOWN and use it in 
denorm"
    - Revert "UBUNTU: SAUCE: rfi-flush: Make DEBUG_RFI a CONFIG option"
    - Revert "UBUNTU: SAUCE: powerpc: Secure memory rfi flush"
    - powerpc/pseries: Add H_GET_CPU_CHARACTERISTICS flags & wrapper
    - powerpc/64: Add macros for annotating the destination of rfid/hrfid
    - powerpc/64s: Simple RFI macro conversions
    - powerpc/64: Convert fast_exception_return to use RFI_TO_USER/KERNEL
    - powerpc/64: Convert the syscall exit path to use RFI_TO_USER/KERNEL
    - powerpc/64s: Convert slb_miss_common to use RFI_TO_USER/KERNEL
    - powerpc/64s: Add support for RFI flush of L1-D cache
    - powerpc/64s: Support disabling RFI flush with no_rfi_flush and nopti
    - powerpc/pseries: Query hypervisor for RFI flush settings
    - powerpc/powernv: Check device-tree for RFI flush settings
    - powerpc/64s: Wire up cpu_show_meltdown()
    - powerpc/64s: Allow control of RFI flush via debugfs

  * Intel i40e PF reset due to incorrect MDD detection (continues...)
    (LP: #1723127)
    - i40e/i40evf: Account for frags split over multiple descriptors in check
      linearize
    - i40e/i40evf: Allow up to 12K bytes of data per Tx descriptor instead of 8K

  * Xenial update to 4.4.115 stable release (LP: #1755509)
    - x86: bpf_jit: small optimization in emit_bpf_tail_call()
    - bpf: fix bpf_tail_call() x64 JIT
    - [Config] CONFIG_BPF_JIT_ALWAYS_ON=y
    - bpf: introduce BPF_JIT_ALWAYS_ON config
    - bpf: arsh is not supported in 32 bit alu thus reject it
    - bpf: avoid false sharing of map refcount with max_entries
    - bpf: fix divides by zero
    - bpf: fix 32-bit divide by zero
    - bpf: reject stores into ctx via st and xadd
    - x86/pti: Make unpoison of pgd for trusted boot work for real
    - kaiser: fix intel_bts perf crashes
    - ALSA: seq: Make ioctls race-free
    - crypto: aesni - handle zero length dst buffer
    - crypto: af_alg - whitelist mask and type
    - power: reset: zx-reboot: add missing MODULE_DESCRIPTION/AUTHOR/LICENSE
    - gpio: iop: add missing MODULE_DESCRIPTION/AUTHOR/LICENSE
    - gpio: ath79: add missing MODULE_DESCRIPTION/LICENSE
    - mtd: nand: denali_pci: add missing MODULE_DESCRIPTION/AUTHOR/LICENSE
    - igb: Free IRQs when device is hotplugged
    - KVM: x86: emulator: Return to user-mode on L1 CPL=0 emulation failure
    - KVM: x86: Don't re-execute instruction when not passing CR2 value
    - KVM: X86: Fix operand/address-size during instruction decoding
    - KVM: x86: ioapic: Fix level-triggered EOI and IOAPIC reconfigure race
    - KVM: x86: ioapic: Clear Remote IRR when entry is switched to 
edge-triggered
    - KVM: x86: ioapic: Preserve read-only values in the redirection table
    - ACPI / bus: Leave modalias empty for devices which are not present
    - cpufreq: Add Loongson machine dependencies
    - bcache: check return value of register_shrinker
    - drm/amdgpu: Fix SDMA load/unload sequence on HWS disabled mode
    - drm/amdkfd: Fix SDMA ring buffer size calculation
    - drm/amdkfd: Fix SDMA oversubsription handling
    - openvswitch: fix the incorrect flow action alloc size
    - mac80211: fix the update of path metric for RANN frame
    - btrfs: fix deadlock when writing out space cache
    - KVM: VMX: Fix rflags cache during vCPU reset
    - xen-netfront: remove warning when unloading module
    - nfsd: CLOSE SHOULD return the invalid special stateid for NFSv4.x (x>0)
    - nfsd: Ensure we check stateid validity in the seqid operation checks
    - grace: replace BUG_ON by WARN_ONCE in exit_net hook
    - nfsd: check for use of the closed special stateid
    - lockd: fix "list_add double add" caused by legacy signal interface
    - hwmon: (pmbus) Use 64bit math for DIRECT format values
    - powerpc/ppc64el -- Remove ll_temac module from 64-bit builds
    - net: ethernet: xilinx: Mark XILINX_LL_TEMAC broken on 64-bit
    - quota: Check for register_shrinker() failure.
    - SUNRPC: Allow connect to return EHOSTUNREACH
    - kmemleak: add scheduling point to kmemleak_scan()
    - drm/omap: Fix error handling path in 'omap_dmm_probe()'
    - xfs: ubsan fixes
    - scsi: aacraid: Prevent crash in case of free interrupt during scsi EH path
    - scsi: ufs: ufshcd: fix potential NULL pointer dereference in
      ufshcd_config_vreg
    - media: usbtv: add a new usbid
    - usb: gadget: don't dereference g until after it has been null checked
    - staging: rtl8188eu: Fix incorrect response to SIOCGIWESSID
    - usb: option: Add support for FS040U modem
    - USB: serial: pl2303: new device id for Chilitag
    - USB: cdc-acm: Do not log urb submission errors on disconnect
    - CDC-ACM: apply quirk for card reader
    - USB: serial: io_edgeport: fix possible sleep-in-atomic
    - usbip: prevent bind loops on devices attached to vhci_hcd
    - usbip: list: don't list devices attached to vhci_hcd
    - USB: serial: simple: add Motorola Tetra driver
    - usb: f_fs: Prevent gadget unbind if it is already unbound
    - usb: uas: unconditionally bring back host after reset
    - selinux: general protection fault in sock_has_perm
    - serial: imx: Only wakeup via RTSDEN bit if the system has RTS/CTS
    - spi: imx: do not access registers while clocks disabled
    - Linux 4.4.115

  * retpoline: ignore %cs:0xNNN constant indirections (LP: #1752655)
    - [Packaging] retpoline -- elide %cs:0xNNNN constants on i386

 -- Kleber Sacilotto de Souza <kleber.so...@canonical.com>  Fri, 13 Apr
2018 14:42:14 +0200

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1723127

Title:
  Intel i40e PF reset due to incorrect MDD detection (continues...)

Status in linux package in Ubuntu:
  Fix Released
Status in linux source package in Trusty:
  Won't Fix
Status in linux source package in Xenial:
  Fix Released
Status in linux source package in Artful:
  Fix Committed
Status in linux source package in Bionic:
  Fix Released

Bug description:
  [impact]

  The i40e driver sometimes causes a "malicious device" event that the
  firmware detects, which causes the firmware to reset the nic, causing
  an interruption in the network connection - which can cause further
  problems, e.g. if the interface is in a bond; the reset will at least
  cause a temporary interruption in network traffic.

  [fix]

  The upstream patch to fix this adjusts how the driver fragments TX
  data; the "malicious driver" detected by the firmware is a result of
  incorrectly crafted TX fragment descriptors (the firmware has specific
  complicated restrictions on this).  The patch is from Intel, and they
  suggested this specific patch to address the problem; additionally I
  have checked with someone who reported this to me and provided a test
  kernel with the patch to them, and they have been able to run ~6 weeks
  so far without reproducing the issue; previously they could reproduce
  it as quickly as a day, but usually within 2-3 weeks.

  [test case]

  the bug is unfortunately very difficult to reproduce, but as shown in
  this (and previous) bug comments, some users of the i40e have traffic
  that can consistently reproduce the problem (although usually on the
  order of days, or longer, to reproduce).  Reproducing is easily
  detected, as the nw traffic will be interrupted and the system logs
  will contain a message like:

  i40e 0000:02:00.1: TX driver issue detected, PF reset issued

  [regression potential]

  the patch for this alters how tx is fragmented by the driver, so a
  possible regression would likely cause problems in TX traffic and/or
  additional "malicious device detection" events.


  [original description]

  This is a continuation from bug 1713553; a patch was added in that bug
  to attempt to fix this, and it may have helped reduce the issue but
  appears not to have fixed it, based on more reports.

  The issue is the i40e driver, when TSO is enabled, sometimes sees the
  NIC firmware issue a "MDD event" where MDD is "Malicious Driver
  Detection".  This is vaguely defined in the i40e spec, but with no way
  to tell what the NIC actually saw that it didn't like.  So, the driver
  can do nothing but print an error message and reset the PF (or VF).
  Unfortunately, this resets the interface, which causes an interruption
  in network traffic flow while the PF is resetting.

  See bug 1713553 for more details.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1723127/+subscriptions

-- 
Mailing list: https://launchpad.net/~kernel-packages
Post to     : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help   : https://help.launchpad.net/ListHelp

Reply via email to