This bug was fixed in the package linux-azure - 4.15.0-1035.36~14.04.2 --------------- linux-azure (4.15.0-1035.36~14.04.2) trusty; urgency=medium
* linux-azure: 4.15.0-1035.36~14.04.2 -proposed tracker (LP: #1806063) [ Ubuntu: 4.15.0-1035.36 ] * linux-azure: 4.15.0-1035.36 -proposed tracker (LP: #1806021) * [Hyper-V] Additional patches for Lv2 storage performance (LP: #1805304) - SAUCE: scsi: storvsc: Fix a race in sub-channel creation that can cause panic linux-azure (4.15.0-1034.35~14.04.2) trusty; urgency=medium * linux-azure: 4.15.0-1034.35~14.04.2 -proposed tracker (LP: #1805474) [ Ubuntu: 4.15.0-1034.35 ] * linux-azure: 4.15.0-1034.35 -proposed tracker (LP: #1805412) * [Hyper-V] Additional patches for Lv2 storage performance (LP: #1805304) - SAUCE: Drivers: hv: vmbus: Remove x86-isms from arch independent drivers - SAUCE: x86/hyperv: Add a function to read both TSC and TSC page value simulateneously - SAUCE: x86/hyperv: Reenlightenment notifications support - SAUCE: x86/hyperv: Redirect reenlightment notifications on CPU offlining - SAUCE: x86/hyper-v: move hyperv.h out of uapi - SAUCE: x86/hyper-v: move definitions from TLFS to hyperv-tlfs.h - SAUCE: x86/hyper-v: allocate and use Virtual Processor Assist Pages - SAUCE: x86/hyper-v: define struct hv_enlightened_vmcs and clean field bits - SAUCE: X86/Hyper-V: Enlighten APIC access - SAUCE: X86/Hyper-V: Enable IPI enlightenments - SAUCE: X86/Hyper-V: Enhanced IPI enlightenment - SAUCE: x86/hyper-v: Fix the circular dependency in IPI enlightenment linux-azure (4.15.0-1033.34~14.04.2) trusty; urgency=medium * linux-azure: 4.15.0-1033.34~14.04.2 -proposed tracker (LP: #1802564) [ Ubuntu: 4.15.0-1033.34 ] * linux-azure: 4.15.0-1033.34 -proposed tracker (LP: #1802559) * linux: 4.15.0-42.45 -proposed tracker (LP: #1803592) * [FEAT] Guest-dedicated Crypto Adapters (LP: #1787405) - KVM: s390: reset crypto attributes for all vcpus - KVM: s390: vsie: simulate VCPU SIE entry/exit - KVM: s390: introduce and use KVM_REQ_VSIE_RESTART - KVM: s390: refactor crypto initialization - s390: vfio-ap: base implementation of VFIO AP device driver - s390: vfio-ap: register matrix device with VFIO mdev framework - s390: vfio-ap: sysfs interfaces to configure adapters - s390: vfio-ap: sysfs interfaces to configure domains - s390: vfio-ap: sysfs interfaces to configure control domains - s390: vfio-ap: sysfs interface to view matrix mdev matrix - KVM: s390: interface to clear CRYCB masks - s390: vfio-ap: implement mediated device open callback - s390: vfio-ap: implement VFIO_DEVICE_GET_INFO ioctl - s390: vfio-ap: zeroize the AP queues - s390: vfio-ap: implement VFIO_DEVICE_RESET ioctl - KVM: s390: Clear Crypto Control Block when using vSIE - KVM: s390: vsie: Do the CRYCB validation first - KVM: s390: vsie: Make use of CRYCB FORMAT2 clear - KVM: s390: vsie: Allow CRYCB FORMAT-2 - KVM: s390: vsie: allow CRYCB FORMAT-1 - KVM: s390: vsie: allow CRYCB FORMAT-0 - KVM: s390: vsie: allow guest FORMAT-0 CRYCB on host FORMAT-1 - KVM: s390: vsie: allow guest FORMAT-1 CRYCB on host FORMAT-2 - KVM: s390: vsie: allow guest FORMAT-0 CRYCB on host FORMAT-2 - KVM: s390: device attrs to enable/disable AP interpretation - KVM: s390: CPU model support for AP virtualization - s390: doc: detailed specifications for AP virtualization - KVM: s390: fix locking for crypto setting error path - KVM: s390: Tracing APCB changes - s390: vfio-ap: setup APCB mask using KVM dedicated function - s390/zcrypt: Add ZAPQ inline function. - s390/zcrypt: Review inline assembler constraints. - s390/zcrypt: Integrate ap_asm.h into include/asm/ap.h. - s390/zcrypt: fix ap_instructions_available() returncodes - s390/zcrypt: remove VLA usage from the AP bus - s390/zcrypt: Remove deprecated ioctls. - s390/zcrypt: Remove deprecated zcrypt proc interface. - s390/zcrypt: Support up to 256 crypto adapters. - [Config:] Enable CONFIG_S390_AP_IOMMU and set CONFIG_VFIO_AP to module. * Bypass of mount visibility through userns + mount propagation (LP: #1789161) - mount: Retest MNT_LOCKED in do_umount - mount: Don't allow copying MNT_UNBINDABLE|MNT_LOCKED mounts * CVE-2018-18955: nested user namespaces with more than five extents incorrectly grant privileges over inode (LP: #1801924) // CVE-2018-18955 - userns: also map extents in the reverse map to kernel IDs * kdump fail due to an IRQ storm (LP: #1797990) - SAUCE: x86/PCI: Export find_cap() to be used in early PCI code - SAUCE: x86/quirks: Add parameter to clear MSIs early on boot - SAUCE: x86/quirks: Scan all busses for early PCI quirks * linux: 4.15.0-40.43 -proposed tracker (LP: #1802554) * crash in ENA driver on removing an interface (LP: #1802341) - SAUCE: net: ena: fix crash during ena_remove() * Ubuntu 18.04.1 - [s390x] Kernel panic while stressing network bonding (LP: #1797367) - s390/qeth: don't keep track of MAC address's cast type - s390/qeth: consolidate qeth MAC address helpers - s390/qeth: avoid using is_multicast_ether_addr_64bits on (u8 *)[6] - s390/qeth: remove outdated portname debug msg - s390/qeth: reduce hard-coded access to ccw channels - s390/qeth: sanitize strings in debug messages * [18.04 FEAT] zcrypt DD: introduce APQN tags to support deterministic driver binding (LP: #1799184) - s390/zcrypt: code beautify - s390/zcrypt: AP bus support for alternate driver(s) - s390/zcrypt: hex string mask improvements for apmask and aqmask. - s390/zcrypt: remove unused functions and declarations - s390/zcrypt: Show load of cards and queues in sysfs * [GLK/CLX] Enhanced IBRS (LP: #1786139) - x86/speculation: Remove SPECTRE_V2_IBRS in enum spectre_v2_mitigation - x86/speculation: Support Enhanced IBRS on future CPUs * Allow signed kernels to be kexec'ed under lockdown (LP: #1798441) - Fix kexec forbidding kernels signed with keys in the secondary keyring to boot * Overlayfs in user namespace leaks directory content of inaccessible directories (LP: #1793458) // CVE-2018-6559 - SAUCE: overlayfs: ensure mounter privileges when reading directories * Update ENA driver to version 2.0.1K (LP: #1798182) - net: ena: remove ndo_poll_controller - net: ena: fix warning in rmmod caused by double iounmap - net: ena: fix rare bug when failed restart/resume is followed by driver removal - net: ena: fix NULL dereference due to untimely napi initialization - net: ena: fix auto casting to boolean - net: ena: minor performance improvement - net: ena: complete host info to match latest ENA spec - net: ena: introduce Low Latency Queues data structures according to ENA spec - net: ena: add functions for handling Low Latency Queues in ena_com - net: ena: add functions for handling Low Latency Queues in ena_netdev - net: ena: use CSUM_CHECKED device indication to report skb's checksum status - net: ena: explicit casting and initialization, and clearer error handling - net: ena: limit refill Rx threshold to 256 to avoid latency issues - net: ena: change rx copybreak default to reduce kernel memory pressure - net: ena: remove redundant parameter in ena_com_admin_init() - net: ena: update driver version to 2.0.1 - net: ena: fix indentations in ena_defs for better readability - net: ena: Fix Kconfig dependency on X86 - net: ena: enable Low Latency Queues - net: ena: fix compilation error in xtensa architecture * Bionic update: upstream stable patchset 2018-10-29 (LP: #1800537) - bonding: re-evaluate force_primary when the primary slave name changes - cdc_ncm: avoid padding beyond end of skb - ipv6: allow PMTU exceptions to local routes - net: dsa: add error handling for pskb_trim_rcsum - net/sched: act_simple: fix parsing of TCA_DEF_DATA - tcp: verify the checksum of the first data segment in a new connection - udp: fix rx queue len reported by diag and proc interface - net: in virtio_net_hdr only add VLAN_HLEN to csum_start if payload holds vlan - tls: fix use-after-free in tls_push_record - ext4: fix hole length detection in ext4_ind_map_blocks() - ext4: update mtime in ext4_punch_hole even if no blocks are released - ext4: bubble errors from ext4_find_inline_data_nolock() up to ext4_iget() - ext4: fix fencepost error in check for inode count overflow during resize - driver core: Don't ignore class_dir_create_and_add() failure. - Btrfs: fix clone vs chattr NODATASUM race - Btrfs: fix memory and mount leak in btrfs_ioctl_rm_dev_v2() - btrfs: return error value if create_io_em failed in cow_file_range - btrfs: scrub: Don't use inode pages for device replace - ALSA: hda/conexant - Add fixup for HP Z2 G4 workstation - ALSA: hda - Handle kzalloc() failure in snd_hda_attach_pcm_stream() - ALSA: hda: add dock and led support for HP EliteBook 830 G5 - ALSA: hda: add dock and led support for HP ProBook 640 G4 - x86/MCE: Fix stack out-of-bounds write in mce-inject.c: Flags_read() - smb3: fix various xid leaks - CIFS: 511c54a2f69195b28afb9dd119f03787b1625bb4 adds a check for session expiry - cifs: For SMB2 security informaion query, check for minimum sized security descriptor instead of sizeof FileAllInformation class - nbd: fix nbd device deletion - nbd: update size when connected - nbd: use bd_set_size when updating disk size - blk-mq: reinit q->tag_set_list entry only after grace period - bdi: Move cgroup bdi_writeback to a dedicated low concurrency workqueue - cpufreq: Fix new policy initialization during limits updates via sysfs - cpufreq: governors: Fix long idle detection logic in load calculation - libata: zpodd: small read overflow in eject_tray() - libata: Drop SanDisk SD7UB3Q*G1001 NOLPM quirk - w1: mxc_w1: Enable clock before calling clk_get_rate() on it - x86/intel_rdt: Enable CMT and MBM on new Skylake stepping - iwlwifi: fw: harden page loading code - orangefs: set i_size on new symlink - orangefs: report attributes_mask and attributes for statx - HID: intel_ish-hid: ipc: register more pm callbacks to support hibernation - HID: wacom: Correct logical maximum Y for 2nd-gen Intuos Pro large - mm, page_alloc: do not break __GFP_THISNODE by zonelist reset - net: phy: dp83822: use BMCR_ANENABLE instead of BMSR_ANEGCAPABLE for DP83620 - cpufreq: ti-cpufreq: Fix an incorrect error return value - x86/vector: Fix the args of vector_alloc tracepoint - x86/apic/vector: Prevent hlist corruption and leaks - x86/apic: Provide apic_ack_irq() - x86/ioapic: Use apic_ack_irq() - x86/platform/uv: Use apic_ack_irq() - irq_remapping: Use apic_ack_irq() - genirq/generic_pending: Do not lose pending affinity update - genirq/affinity: Defer affinity setting if irq chip is busy - genirq/migration: Avoid out of line call if pending is not set * [bionic]mlx5: reading SW stats through ifstat cause kernel crash (LP: #1799049) - net/mlx5e: Don't attempt to dereference the ppriv struct if not being eswitch manager * [Bionic][Cosmic] ipmi: Fix timer race with module unload (LP: #1799281) - ipmi: Fix timer race with module unload * [Bionic] ipmi: Remove ACPI SPMI probing from the SSIF (I2C) driver (LP: #1799276) - ipmi: Remove ACPI SPMI probing from the SSIF (I2C) driver * execveat03 in ubuntu_ltp_syscalls failed on X/B (LP: #1786729) - cap_inode_getsecurity: use d_find_any_alias() instead of d_find_alias() * [Bionic][Cosmic] Fix to ipmi to support vendor specific messages greater than 255 bytes (LP: #1799794) - ipmi:ssif: Add support for multi-part transmit messages > 2 parts * libvirtd is unable to configure bridge devices inside of LXD containers (LP: #1784501) - kernfs: allow creating kernfs objects with arbitrary uid/gid - sysfs, kobject: allow creating kobject belonging to arbitrary users - kobject: kset_create_and_add() - fetch ownership info from parent - driver core: set up ownership of class devices in sysfs - net-sysfs: require net admin in the init ns for setting tx_maxrate - net-sysfs: make sure objects belong to container's owner - net: create reusable function for getting ownership info of sysfs inodes - bridge: make sure objects belong to container's owner - sysfs: Fix regression when adding a file to an existing group * [Ubuntu] kvm: fix deadlock when killed by oom (LP: #1800849) - s390/kvm: fix deadlock when killed by oom * [Ubuntu] net/af_iucv: fix skb leaks for HiperTransport (LP: #1800639) - net/af_iucv: drop inbound packets with invalid flags - net/af_iucv: fix skb handling on HiperTransport xmit error * Power consumption during s2idle is higher than long idle(sk hynix) (LP: #1801875) - SAUCE: pci: prevent sk hynix nvme from entering D3 - SAUCE: nvme: add quirk to not call disable function when suspending * Enable keyboard wakeup for S2Idle laptops (LP: #1798552) - Input: i8042 - enable keyboard wakeups by default when s2idle is used * NULL pointer dereference at 0000000000000020 when access dst_orig->ops->family in function xfrm_lookup_with_ifid() (LP: #1801878) - xfrm: Fix NULL pointer dereference when skb_dst_force clears the dst_entry. * [Ubuntu] qdio: reset old sbal_state flags (LP: #1801686) - s390/qdio: reset old sbal_state flags * hns3: map tx ring to tc (LP: #1802023) - net: hns3: Set tx ring' tc info when netdev is up * [Ubuntu] qeth: Fix potential array overrun in cmd/rc lookup (LP: #1800641) - s390: qeth_core_mpc: Use ARRAY_SIZE instead of reimplementing its function - s390: qeth: Fix potential array overrun in cmd/rc lookup * Vulkan applications cause permanent memory leak with Intel GPU (LP: #1798165) - drm/syncobj: Don't leak fences when WAIT_FOR_SUBMIT is set * Mounting SOFS SMB shares fails (LP: #1792580) - cifs: connect to servername instead of IP for IPC$ share * Packaging resync (LP: #1786013) - [Package] add support for specifying the primary makefile -- Marcelo Henrique Cerri <marcelo.ce...@canonical.com> Fri, 30 Nov 2018 14:09:52 -0200 ** Changed in: linux-azure (Ubuntu) Status: Confirmed => Fix Released ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-18955 ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-6559 ** Changed in: linux-azure (Ubuntu Bionic) Status: Fix Committed => Fix Released -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux-azure in Ubuntu. https://bugs.launchpad.net/bugs/1805304 Title: [Hyper-V] Additional patches for Lv2 storage performance Status in linux-azure package in Ubuntu: Fix Released Status in linux-azure source package in Bionic: Fix Released Bug description: After analysis of the first 4.15 kernel for Lv2 performance, and while we are delayed getting to 4.18, we have identified and backported the following patches for the 4.15 linux-azure kernel: commit 1268ed0c474a5c8f165ef386f3310521b5e00e27 Author: K. Y. Srinivasan <k...@microsoft.com> Date: Tue Jul 3 16:01:55 2018 -0700 x86/hyper-v: Fix the circular dependency in IPI enlightenment linux-next: https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git/commit/?h=next-20181126&id=1268ed0c474a5c8f165ef386f3310521b5e00e27 commit 366f03b0cf90ef55f063d4a54cf62b0ac9b6da9d Author: K. Y. Srinivasan <k...@microsoft.com> Date: Wed May 16 14:53:32 2018 -0700 X86/Hyper-V: Enhanced IPI enlightenment https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git/commit/?h=next-20181126&id=366f03b0cf90ef55f063d4a54cf62b0ac9b6da9d commit 68bb7bfb7985df2bd15c2dc975cb68b7a901488a Author: K. Y. Srinivasan <k...@microsoft.com> Date: Wed May 16 14:53:31 2018 -0700 X86/Hyper-V: Enable IPI enlightenments https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git/commit/?h=next-20181126&id=68bb7bfb7985df2bd15c2dc975cb68b7a901488a commit 6b48cb5f8347bc0153ff1d7b075db92e6723ffdb Author: K. Y. Srinivasan <k...@microsoft.com> Date: Wed May 16 14:53:30 2018 -0700 X86/Hyper-V: Enlighten APIC access https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git/commit/?h=next-20181126&id=6b48cb5f8347bc0153ff1d7b075db92e6723ffdb commit 68d1eb72ee99e26576913aa6824f7a703ca06b90 Author: Vitaly Kuznetsov <vkuzn...@redhat.com> Date: Tue Mar 20 15:02:09 2018 +0100 x86/hyper-v: define struct hv_enlightened_vmcs and clean field bits https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git/commit/?h=next-20181126&id=68d1eb72ee99e26576913aa6824f7a703ca06b90 commit a46d15cc1ae5af905afac2af4cc0c188c2eb59b0 Author: Vitaly Kuznetsov <vkuzn...@redhat.com> Date: Tue Mar 20 15:02:08 2018 +0100 x86/hyper-v: allocate and use Virtual Processor Assist Pages https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git/commit/?h=next-20181126&id=a46d15cc1ae5af905afac2af4cc0c188c2eb59b0 commit 415bd1cd3a42897f61a92cda0a9f9d7b04c28fb7 Author: Vitaly Kuznetsov <vkuzn...@redhat.com> Date: Tue Mar 20 15:02:06 2018 +0100 x86/hyper-v: move definitions from TLFS to hyperv-tlfs.h https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git/commit/?h=next-20181126&id=415bd1cd3a42897f61a92cda0a9f9d7b04c28fb7 commit 5a485803221777013944cbd1a7cd5c62efba3ffa Author: Vitaly Kuznetsov <vkuzn...@redhat.com> Date: Tue Mar 20 15:02:05 2018 +0100 x86/hyper-v: move hyperv.h out of uapi https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git/commit/?h=next-20181126&id=5a485803221777013944cbd1a7cd5c62efba3ffa commit e7c4e36c447daca2b7df49024f6bf230871cb155 Author: Vitaly Kuznetsov <vkuzn...@redhat.com> Date: Wed Jan 24 14:23:34 2018 +0100 x86/hyperv: Redirect reenlightment notifications on CPU offlining https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git/commit/?h=next-20181126&id=e7c4e36c447daca2b7df49024f6bf230871cb155 commit 93286261de1b46339aa27cd4c639b21778f6cade Author: Vitaly Kuznetsov <vkuzn...@redhat.com> Date: Wed Jan 24 14:23:33 2018 +0100 x86/hyperv: Reenlightenment notifications support https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git/commit/?h=next-20181126&id=93286261de1b46339aa27cd4c639b21778f6cade commit e2768eaa1ca4fbb7b778da5615cce3dd310352e6 Author: Vitaly Kuznetsov <vkuzn...@redhat.com> Date: Wed Jan 24 14:23:32 2018 +0100 x86/hyperv: Add a function to read both TSC and TSC page value simulateneously https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git/commit/?h=next-20181126&id=e2768eaa1ca4fbb7b778da5615cce3dd310352e6 commit 4a5f3cde4d51c7afce859aed9d74d197751896d5 Author: Michael Kelley <mikel...@microsoft.com> Date: Fri Dec 22 11:19:02 2017 -0700 Drivers: hv: vmbus: Remove x86-isms from arch independent drivers https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git/commit/drivers/hv?h=next-20181126&id=4a5f3cde4d51c7afce859aed9d74d197751896d5 From: Dexuan Cui <de...@microsoft.com> We can concurrently try to open the same sub-channel from 2 paths: path #1: vmbus_onoffer() -> vmbus_process_offer() -> handle_sc_creation(). path #2: storvsc_probe() -> storvsc_connect_to_vsp() -> -> storvsc_channel_init() -> handle_multichannel_storage() -> -> vmbus_are_subchannels_present() -> handle_sc_creation(). They conflict with each other, but it was not an issue before the recent commit ae6935ed7d42 ("vmbus: split ring buffer allocation from open"), because at the beginning of vmbus_open() we checked newchannel->state so only one path could succeed, and the other would return with -EINVAL. After ae6935ed7d42, the failing path frees the channel's ringbuffer by vmbus_free_ring(), and this causes a panic later. Commit ae6935ed7d42 itself is good, and it just reveals the longstanding race. We can resolve the issue by removing path #2, i.e. removing the second vmbus_are_subchannels_present() in handle_multichannel_storage(). BTW, the comment "Check to see if sub-channels have already been created" in handle_multichannel_storage() is incorrect: when we unload the driver, we first close the sub-channel(s) and then close the primary channel, next the host sends rescind-offer message(s) so primary->sc_list will become empty. This means the first vmbus_are_subchannels_present() in handle_multichannel_storage() is never useful. Fixes: ae6935ed7d42 ("vmbus: split ring buffer allocation from open") To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux-azure/+bug/1805304/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp