This bug is awaiting verification that the kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed- trusty' to 'verification-done-trusty'. If the problem still exists, change the tag 'verification-needed-trusty' to 'verification-failed- trusty'.
If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you! ** Tags added: verification-needed-trusty -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1800254 Title: packet socket panic in Trusty 3.13.0-157 and later Status in linux package in Ubuntu: Invalid Status in linux source package in Trusty: Fix Committed Bug description: SRU Justification: Due to changes added as part of c108ac876c02 ("packet: hold bind lock when rebinding to fanout hook"), it is possible for fanout_add to add a packet_type handler via dev_add_pack and then kfree the memory backing the packet_type. This corrupts the ptype_all list, causing the system to panic when network packet processing next traverses ptype_all. The erroneous path is taken when a PACKET_FANOUT setsockopt is performed on a packet socket that is bound to an interface that is administratively down. This is not due to any flaw of c108ac876c02, but rather than the packet socket code base differs subtly in 3.13 as compared to 4.4. This affects only the Trusty 3.13 kernel series, starting with 3.13.0-157. Fix: The remedy for this is to backport additional changes in the management of the dev_add_pack calls from 4.4. This moves the dev_add_pack and dev_remove_pack calls from fanout_add and _release into __fanout_link and _unlink. Testcase: The issue can be reproduced reliably by (a) creating an AF_PACKET socket, binding it to an interface that is administratively down, and then (c) attempting to set the PACKET_FANOUT sockopt. The setsockopt call will fail, but will corrupt ptype_all in the kernel. Subsequent network traffic will induce a panic when evaulating the corrupted ptype_all entry. A test program is attached. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1800254/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
