This bug was fixed in the package linux-azure - 4.15.0-1035.36~14.04.2

---------------
linux-azure (4.15.0-1035.36~14.04.2) trusty; urgency=medium

  * linux-azure: 4.15.0-1035.36~14.04.2 -proposed tracker (LP: #1806063)

  [ Ubuntu: 4.15.0-1035.36 ]

  * linux-azure: 4.15.0-1035.36 -proposed tracker (LP: #1806021)
  * [Hyper-V] Additional patches for Lv2 storage performance (LP: #1805304)
    - SAUCE: scsi: storvsc: Fix a race in sub-channel creation that can cause
      panic

linux-azure (4.15.0-1034.35~14.04.2) trusty; urgency=medium

  * linux-azure: 4.15.0-1034.35~14.04.2 -proposed tracker (LP: #1805474)

  [ Ubuntu: 4.15.0-1034.35 ]

  * linux-azure: 4.15.0-1034.35 -proposed tracker (LP: #1805412)
  * [Hyper-V] Additional patches for Lv2 storage performance (LP: #1805304)
    - SAUCE: Drivers: hv: vmbus: Remove x86-isms from arch independent drivers
    - SAUCE: x86/hyperv: Add a function to read both TSC and TSC page value
      simulateneously
    - SAUCE: x86/hyperv: Reenlightenment notifications support
    - SAUCE: x86/hyperv: Redirect reenlightment notifications on CPU offlining
    - SAUCE: x86/hyper-v: move hyperv.h out of uapi
    - SAUCE: x86/hyper-v: move definitions from TLFS to hyperv-tlfs.h
    - SAUCE: x86/hyper-v: allocate and use Virtual Processor Assist Pages
    - SAUCE: x86/hyper-v: define struct hv_enlightened_vmcs and clean field bits
    - SAUCE: X86/Hyper-V: Enlighten APIC access
    - SAUCE: X86/Hyper-V: Enable IPI enlightenments
    - SAUCE: X86/Hyper-V: Enhanced IPI enlightenment
    - SAUCE: x86/hyper-v: Fix the circular dependency in IPI enlightenment

linux-azure (4.15.0-1033.34~14.04.2) trusty; urgency=medium

  * linux-azure: 4.15.0-1033.34~14.04.2 -proposed tracker (LP: #1802564)

  [ Ubuntu: 4.15.0-1033.34 ]

  * linux-azure: 4.15.0-1033.34 -proposed tracker (LP: #1802559)
  * linux: 4.15.0-42.45 -proposed tracker (LP: #1803592)
  * [FEAT] Guest-dedicated Crypto Adapters (LP: #1787405)
    - KVM: s390: reset crypto attributes for all vcpus
    - KVM: s390: vsie: simulate VCPU SIE entry/exit
    - KVM: s390: introduce and use KVM_REQ_VSIE_RESTART
    - KVM: s390: refactor crypto initialization
    - s390: vfio-ap: base implementation of VFIO AP device driver
    - s390: vfio-ap: register matrix device with VFIO mdev framework
    - s390: vfio-ap: sysfs interfaces to configure adapters
    - s390: vfio-ap: sysfs interfaces to configure domains
    - s390: vfio-ap: sysfs interfaces to configure control domains
    - s390: vfio-ap: sysfs interface to view matrix mdev matrix
    - KVM: s390: interface to clear CRYCB masks
    - s390: vfio-ap: implement mediated device open callback
    - s390: vfio-ap: implement VFIO_DEVICE_GET_INFO ioctl
    - s390: vfio-ap: zeroize the AP queues
    - s390: vfio-ap: implement VFIO_DEVICE_RESET ioctl
    - KVM: s390: Clear Crypto Control Block when using vSIE
    - KVM: s390: vsie: Do the CRYCB validation first
    - KVM: s390: vsie: Make use of CRYCB FORMAT2 clear
    - KVM: s390: vsie: Allow CRYCB FORMAT-2
    - KVM: s390: vsie: allow CRYCB FORMAT-1
    - KVM: s390: vsie: allow CRYCB FORMAT-0
    - KVM: s390: vsie: allow guest FORMAT-0 CRYCB on host FORMAT-1
    - KVM: s390: vsie: allow guest FORMAT-1 CRYCB on host FORMAT-2
    - KVM: s390: vsie: allow guest FORMAT-0 CRYCB on host FORMAT-2
    - KVM: s390: device attrs to enable/disable AP interpretation
    - KVM: s390: CPU model support for AP virtualization
    - s390: doc: detailed specifications for AP virtualization
    - KVM: s390: fix locking for crypto setting error path
    - KVM: s390: Tracing APCB changes
    - s390: vfio-ap: setup APCB mask using KVM dedicated function
    - s390/zcrypt: Add ZAPQ inline function.
    - s390/zcrypt: Review inline assembler constraints.
    - s390/zcrypt: Integrate ap_asm.h into include/asm/ap.h.
    - s390/zcrypt: fix ap_instructions_available() returncodes
    - s390/zcrypt: remove VLA usage from the AP bus
    - s390/zcrypt: Remove deprecated ioctls.
    - s390/zcrypt: Remove deprecated zcrypt proc interface.
    - s390/zcrypt: Support up to 256 crypto adapters.
    - [Config:] Enable CONFIG_S390_AP_IOMMU and set CONFIG_VFIO_AP to module.
  * Bypass of mount visibility through userns + mount propagation (LP: #1789161)
    - mount: Retest MNT_LOCKED in do_umount
    - mount: Don't allow copying MNT_UNBINDABLE|MNT_LOCKED mounts
  *  CVE-2018-18955: nested user namespaces with more than five extents
    incorrectly grant privileges over inode (LP: #1801924) // CVE-2018-18955
    - userns: also map extents in the reverse map to kernel IDs
  * kdump fail due to an IRQ storm (LP: #1797990)
    - SAUCE: x86/PCI: Export find_cap() to be used in early PCI code
    - SAUCE: x86/quirks: Add parameter to clear MSIs early on boot
    - SAUCE: x86/quirks: Scan all busses for early PCI quirks
  * linux: 4.15.0-40.43 -proposed tracker (LP: #1802554)
  * crash in ENA driver on removing an interface (LP: #1802341)
    - SAUCE: net: ena: fix crash during ena_remove()
  * Ubuntu 18.04.1 - [s390x] Kernel panic while stressing network bonding
    (LP: #1797367)
    - s390/qeth: don't keep track of MAC address's cast type
    - s390/qeth: consolidate qeth MAC address helpers
    - s390/qeth: avoid using is_multicast_ether_addr_64bits on (u8 *)[6]
    - s390/qeth: remove outdated portname debug msg
    - s390/qeth: reduce hard-coded access to ccw channels
    - s390/qeth: sanitize strings in debug messages
  * [18.04 FEAT] zcrypt DD: introduce APQN tags to support deterministic driver
    binding (LP: #1799184)
    - s390/zcrypt: code beautify
    - s390/zcrypt: AP bus support for alternate driver(s)
    - s390/zcrypt: hex string mask improvements for apmask and aqmask.
    - s390/zcrypt: remove unused functions and declarations
    - s390/zcrypt: Show load of cards and queues in sysfs
  * [GLK/CLX] Enhanced IBRS (LP: #1786139)
    - x86/speculation: Remove SPECTRE_V2_IBRS in enum spectre_v2_mitigation
    - x86/speculation: Support Enhanced IBRS on future CPUs
  * Allow signed kernels to be kexec'ed under lockdown (LP: #1798441)
    - Fix kexec forbidding kernels signed with keys in the secondary keyring to
      boot
  * Overlayfs in user namespace leaks directory content of inaccessible
    directories (LP: #1793458) // CVE-2018-6559
    - SAUCE: overlayfs: ensure mounter privileges when reading directories
  * Update ENA driver to version 2.0.1K (LP: #1798182)
    - net: ena: remove ndo_poll_controller
    - net: ena: fix warning in rmmod caused by double iounmap
    - net: ena: fix rare bug when failed restart/resume is followed by driver
      removal
    - net: ena: fix NULL dereference due to untimely napi initialization
    - net: ena: fix auto casting to boolean
    - net: ena: minor performance improvement
    - net: ena: complete host info to match latest ENA spec
    - net: ena: introduce Low Latency Queues data structures according to ENA 
spec
    - net: ena: add functions for handling Low Latency Queues in ena_com
    - net: ena: add functions for handling Low Latency Queues in ena_netdev
    - net: ena: use CSUM_CHECKED device indication to report skb's checksum 
status
    - net: ena: explicit casting and initialization, and clearer error handling
    - net: ena: limit refill Rx threshold to 256 to avoid latency issues
    - net: ena: change rx copybreak default to reduce kernel memory pressure
    - net: ena: remove redundant parameter in ena_com_admin_init()
    - net: ena: update driver version to 2.0.1
    - net: ena: fix indentations in ena_defs for better readability
    - net: ena: Fix Kconfig dependency on X86
    - net: ena: enable Low Latency Queues
    - net: ena: fix compilation error in xtensa architecture
  * Bionic update: upstream stable patchset 2018-10-29 (LP: #1800537)
    - bonding: re-evaluate force_primary when the primary slave name changes
    - cdc_ncm: avoid padding beyond end of skb
    - ipv6: allow PMTU exceptions to local routes
    - net: dsa: add error handling for pskb_trim_rcsum
    - net/sched: act_simple: fix parsing of TCA_DEF_DATA
    - tcp: verify the checksum of the first data segment in a new connection
    - udp: fix rx queue len reported by diag and proc interface
    - net: in virtio_net_hdr only add VLAN_HLEN to csum_start if payload holds
      vlan
    - tls: fix use-after-free in tls_push_record
    - ext4: fix hole length detection in ext4_ind_map_blocks()
    - ext4: update mtime in ext4_punch_hole even if no blocks are released
    - ext4: bubble errors from ext4_find_inline_data_nolock() up to ext4_iget()
    - ext4: fix fencepost error in check for inode count overflow during resize
    - driver core: Don't ignore class_dir_create_and_add() failure.
    - Btrfs: fix clone vs chattr NODATASUM race
    - Btrfs: fix memory and mount leak in btrfs_ioctl_rm_dev_v2()
    - btrfs: return error value if create_io_em failed in cow_file_range
    - btrfs: scrub: Don't use inode pages for device replace
    - ALSA: hda/conexant - Add fixup for HP Z2 G4 workstation
    - ALSA: hda - Handle kzalloc() failure in snd_hda_attach_pcm_stream()
    - ALSA: hda: add dock and led support for HP EliteBook 830 G5
    - ALSA: hda: add dock and led support for HP ProBook 640 G4
    - x86/MCE: Fix stack out-of-bounds write in mce-inject.c: Flags_read()
    - smb3: fix various xid leaks
    - CIFS: 511c54a2f69195b28afb9dd119f03787b1625bb4 adds a check for session
      expiry
    - cifs: For SMB2 security informaion query, check for minimum sized security
      descriptor instead of sizeof FileAllInformation class
    - nbd: fix nbd device deletion
    - nbd: update size when connected
    - nbd: use bd_set_size when updating disk size
    - blk-mq: reinit q->tag_set_list entry only after grace period
    - bdi: Move cgroup bdi_writeback to a dedicated low concurrency workqueue
    - cpufreq: Fix new policy initialization during limits updates via sysfs
    - cpufreq: governors: Fix long idle detection logic in load calculation
    - libata: zpodd: small read overflow in eject_tray()
    - libata: Drop SanDisk SD7UB3Q*G1001 NOLPM quirk
    - w1: mxc_w1: Enable clock before calling clk_get_rate() on it
    - x86/intel_rdt: Enable CMT and MBM on new Skylake stepping
    - iwlwifi: fw: harden page loading code
    - orangefs: set i_size on new symlink
    - orangefs: report attributes_mask and attributes for statx
    - HID: intel_ish-hid: ipc: register more pm callbacks to support hibernation
    - HID: wacom: Correct logical maximum Y for 2nd-gen Intuos Pro large
    - mm, page_alloc: do not break __GFP_THISNODE by zonelist reset
    - net: phy: dp83822: use BMCR_ANENABLE instead of BMSR_ANEGCAPABLE for 
DP83620
    - cpufreq: ti-cpufreq: Fix an incorrect error return value
    - x86/vector: Fix the args of vector_alloc tracepoint
    - x86/apic/vector: Prevent hlist corruption and leaks
    - x86/apic: Provide apic_ack_irq()
    - x86/ioapic: Use apic_ack_irq()
    - x86/platform/uv: Use apic_ack_irq()
    - irq_remapping: Use apic_ack_irq()
    - genirq/generic_pending: Do not lose pending affinity update
    - genirq/affinity: Defer affinity setting if irq chip is busy
    - genirq/migration: Avoid out of line call if pending is not set
  * [bionic]mlx5: reading SW stats through ifstat cause kernel crash
    (LP: #1799049)
    - net/mlx5e: Don't attempt to dereference the ppriv struct if not being
      eswitch manager
  * [Bionic][Cosmic]  ipmi: Fix timer race with module unload (LP: #1799281)
    - ipmi: Fix timer race with module unload
  * [Bionic] ipmi: Remove ACPI SPMI probing from the SSIF (I2C) driver
    (LP: #1799276)
    - ipmi: Remove ACPI SPMI probing from the SSIF (I2C) driver
  * execveat03 in ubuntu_ltp_syscalls failed on X/B (LP: #1786729)
    - cap_inode_getsecurity: use d_find_any_alias() instead of d_find_alias()
  * [Bionic][Cosmic] Fix to ipmi to support vendor specific messages greater
    than 255 bytes (LP: #1799794)
    - ipmi:ssif: Add support for multi-part transmit messages > 2 parts
  * libvirtd is unable to configure bridge devices inside of LXD containers
    (LP: #1784501)
    - kernfs: allow creating kernfs objects with arbitrary uid/gid
    - sysfs, kobject: allow creating kobject belonging to arbitrary users
    - kobject: kset_create_and_add() - fetch ownership info from parent
    - driver core: set up ownership of class devices in sysfs
    - net-sysfs: require net admin in the init ns for setting tx_maxrate
    - net-sysfs: make sure objects belong to container's owner
    - net: create reusable function for getting ownership info of sysfs inodes
    - bridge: make sure objects belong to container's owner
    - sysfs: Fix regression when adding a file to an existing group
  * [Ubuntu] kvm: fix deadlock when killed by oom (LP: #1800849)
    - s390/kvm: fix deadlock when killed by oom
  * [Ubuntu] net/af_iucv: fix skb leaks for HiperTransport (LP: #1800639)
    - net/af_iucv: drop inbound packets with invalid flags
    - net/af_iucv: fix skb handling on HiperTransport xmit error
  * Power consumption during s2idle is higher than long idle(sk hynix)
    (LP: #1801875)
    - SAUCE: pci: prevent sk hynix nvme from entering D3
    - SAUCE: nvme: add quirk to not call disable function when suspending
  * Enable keyboard wakeup for S2Idle laptops (LP: #1798552)
    - Input: i8042 - enable keyboard wakeups by default when s2idle is used
  * NULL pointer dereference at 0000000000000020 when access
    dst_orig->ops->family in function  xfrm_lookup_with_ifid() (LP: #1801878)
    - xfrm: Fix NULL pointer dereference when skb_dst_force clears the 
dst_entry.
  * [Ubuntu] qdio: reset old sbal_state flags (LP: #1801686)
    - s390/qdio: reset old sbal_state flags
  * hns3: map tx ring to tc (LP: #1802023)
    - net: hns3: Set tx ring' tc info when netdev is up
  * [Ubuntu] qeth: Fix potential array overrun in cmd/rc lookup (LP: #1800641)
    - s390: qeth_core_mpc: Use ARRAY_SIZE instead of reimplementing its function
    - s390: qeth: Fix potential array overrun in cmd/rc lookup
  * Vulkan applications cause permanent memory leak with Intel GPU
    (LP: #1798165)
    - drm/syncobj: Don't leak fences when WAIT_FOR_SUBMIT is set
  * Mounting SOFS SMB shares fails (LP: #1792580)
    - cifs: connect to servername instead of IP for IPC$ share
  * Packaging resync (LP: #1786013)
    - [Package] add support for specifying the primary makefile

 -- Marcelo Henrique Cerri <marcelo.ce...@canonical.com>  Fri, 30 Nov
2018 14:09:52 -0200

** Changed in: linux-azure (Ubuntu)
       Status: Confirmed => Fix Released

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-18955

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-6559

** Changed in: linux-azure (Ubuntu Bionic)
       Status: Fix Committed => Fix Released

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux-azure in Ubuntu.
https://bugs.launchpad.net/bugs/1805304

Title:
  [Hyper-V] Additional patches for Lv2 storage performance

Status in linux-azure package in Ubuntu:
  Fix Released
Status in linux-azure source package in Bionic:
  Fix Released

Bug description:
  After analysis of the first 4.15 kernel for Lv2 performance, and while
  we are delayed getting to 4.18, we have identified and backported the
  following patches for the 4.15 linux-azure kernel:

  commit 1268ed0c474a5c8f165ef386f3310521b5e00e27
  Author: K. Y. Srinivasan <k...@microsoft.com>
  Date:   Tue Jul 3 16:01:55 2018 -0700
      x86/hyper-v: Fix the circular dependency in IPI enlightenment
  linux-next: 
https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git/commit/?h=next-20181126&id=1268ed0c474a5c8f165ef386f3310521b5e00e27

  commit 366f03b0cf90ef55f063d4a54cf62b0ac9b6da9d
  Author: K. Y. Srinivasan <k...@microsoft.com>
  Date:   Wed May 16 14:53:32 2018 -0700
      X86/Hyper-V: Enhanced IPI enlightenment
  
https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git/commit/?h=next-20181126&id=366f03b0cf90ef55f063d4a54cf62b0ac9b6da9d

  commit 68bb7bfb7985df2bd15c2dc975cb68b7a901488a
  Author: K. Y. Srinivasan <k...@microsoft.com>
  Date:   Wed May 16 14:53:31 2018 -0700
      X86/Hyper-V: Enable IPI enlightenments
  
https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git/commit/?h=next-20181126&id=68bb7bfb7985df2bd15c2dc975cb68b7a901488a

  commit 6b48cb5f8347bc0153ff1d7b075db92e6723ffdb
  Author: K. Y. Srinivasan <k...@microsoft.com>
  Date:   Wed May 16 14:53:30 2018 -0700
      X86/Hyper-V: Enlighten APIC access
  
https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git/commit/?h=next-20181126&id=6b48cb5f8347bc0153ff1d7b075db92e6723ffdb

  commit 68d1eb72ee99e26576913aa6824f7a703ca06b90
  Author: Vitaly Kuznetsov <vkuzn...@redhat.com>
  Date:   Tue Mar 20 15:02:09 2018 +0100
      x86/hyper-v: define struct hv_enlightened_vmcs and clean field bits
  
https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git/commit/?h=next-20181126&id=68d1eb72ee99e26576913aa6824f7a703ca06b90

  commit a46d15cc1ae5af905afac2af4cc0c188c2eb59b0
  Author: Vitaly Kuznetsov <vkuzn...@redhat.com>
  Date:   Tue Mar 20 15:02:08 2018 +0100
      x86/hyper-v: allocate and use Virtual Processor Assist Pages
  
https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git/commit/?h=next-20181126&id=a46d15cc1ae5af905afac2af4cc0c188c2eb59b0

  commit 415bd1cd3a42897f61a92cda0a9f9d7b04c28fb7
  Author: Vitaly Kuznetsov <vkuzn...@redhat.com>
  Date:   Tue Mar 20 15:02:06 2018 +0100
      x86/hyper-v: move definitions from TLFS to hyperv-tlfs.h
  
https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git/commit/?h=next-20181126&id=415bd1cd3a42897f61a92cda0a9f9d7b04c28fb7

  commit 5a485803221777013944cbd1a7cd5c62efba3ffa
  Author: Vitaly Kuznetsov <vkuzn...@redhat.com>
  Date:   Tue Mar 20 15:02:05 2018 +0100
      x86/hyper-v: move hyperv.h out of uapi
  
https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git/commit/?h=next-20181126&id=5a485803221777013944cbd1a7cd5c62efba3ffa

  commit e7c4e36c447daca2b7df49024f6bf230871cb155
  Author: Vitaly Kuznetsov <vkuzn...@redhat.com>
  Date:   Wed Jan 24 14:23:34 2018 +0100
      x86/hyperv: Redirect reenlightment notifications on CPU offlining
  
https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git/commit/?h=next-20181126&id=e7c4e36c447daca2b7df49024f6bf230871cb155

  commit 93286261de1b46339aa27cd4c639b21778f6cade
  Author: Vitaly Kuznetsov <vkuzn...@redhat.com>
  Date:   Wed Jan 24 14:23:33 2018 +0100
      x86/hyperv: Reenlightenment notifications support
  
https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git/commit/?h=next-20181126&id=93286261de1b46339aa27cd4c639b21778f6cade

  commit e2768eaa1ca4fbb7b778da5615cce3dd310352e6
  Author: Vitaly Kuznetsov <vkuzn...@redhat.com>
  Date:   Wed Jan 24 14:23:32 2018 +0100
      x86/hyperv: Add a function to read both TSC and TSC page value 
simulateneously
  
https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git/commit/?h=next-20181126&id=e2768eaa1ca4fbb7b778da5615cce3dd310352e6

  commit 4a5f3cde4d51c7afce859aed9d74d197751896d5
  Author: Michael Kelley <mikel...@microsoft.com>
  Date:   Fri Dec 22 11:19:02 2017 -0700
      Drivers: hv: vmbus: Remove x86-isms from arch independent drivers
  
https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git/commit/drivers/hv?h=next-20181126&id=4a5f3cde4d51c7afce859aed9d74d197751896d5

  From: Dexuan Cui <de...@microsoft.com>

  We can concurrently try to open the same sub-channel from 2 paths:

  path #1: vmbus_onoffer() -> vmbus_process_offer() -> handle_sc_creation().
  path #2: storvsc_probe() -> storvsc_connect_to_vsp() ->
         -> storvsc_channel_init() -> handle_multichannel_storage() ->
         -> vmbus_are_subchannels_present() -> handle_sc_creation().

  They conflict with each other, but it was not an issue before the recent
  commit ae6935ed7d42 ("vmbus: split ring buffer allocation from open"),
  because at the beginning of vmbus_open() we checked newchannel->state so
  only one path could succeed, and the other would return with -EINVAL.

  After ae6935ed7d42, the failing path frees the channel's ringbuffer by
  vmbus_free_ring(), and this causes a panic later.

  Commit ae6935ed7d42 itself is good, and it just reveals the longstanding
  race. We can resolve the issue by removing path #2, i.e. removing the
  second vmbus_are_subchannels_present() in handle_multichannel_storage().

  BTW, the comment "Check to see if sub-channels have already been created"
  in handle_multichannel_storage() is incorrect: when we unload the driver,
  we first close the sub-channel(s) and then close the primary channel, next
  the host sends rescind-offer message(s) so primary->sc_list will become
  empty. This means the first vmbus_are_subchannels_present() in
  handle_multichannel_storage() is never useful.

  Fixes: ae6935ed7d42 ("vmbus: split ring buffer allocation from open")

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux-azure/+bug/1805304/+subscriptions

-- 
Mailing list: https://launchpad.net/~kernel-packages
Post to     : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help   : https://help.launchpad.net/ListHelp

Reply via email to