Ubuntu
linux package

Request cherry-pick of upstream kernel patch which caps SECCOMP_RET_ERRNO to MAX_ERRNO

Bug #1496073 reported by Brad Figg
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
linux (Ubuntu)
Invalid
Undecided
Brad Figg
Trusty
Fix Released
Undecided
Unassigned
Vivid
Fix Released
Undecided
Unassigned
linux-lts-utopic (Ubuntu)
New
Undecided
Unassigned
Trusty
Fix Released
Undecided
Unassigned

Bug Description

The seccomp regression tests are failing due to SRU kernels not having the relevant commit:

Author: Kees Cook <email address hidden>
Date: Tue Feb 17 13:48:00 2015 -0800

    seccomp: cap SECCOMP_RET_ERRNO data to MAX_ERRNO

    The value resulting from the SECCOMP_RET_DATA mask could exceed MAX_ERRNO
    when setting errno during a SECCOMP_RET_ERRNO filter action. This makes
    sure we have a reliable value being set, so that an invalid errno will not
    be ignored by userspace.

    Signed-off-by: Kees Cook <email address hidden>
    Reported-by: Dmitry V. Levin <email address hidden>
    Cc: Andy Lutomirski <email address hidden>
    Cc: Will Drewry <email address hidden>
    Signed-off-by: Andrew Morton <email address hidden>
    Signed-off-by: Linus Torvalds <email address hidden>

SRU Justification

    Impact:
        Upstream regression tests are reporting errors.

    Test Case:
        Run the upstream regression tests and verify they are passing
        cleanly.

See original description

CVE References

Brad Figg (brad-figg)
Changed in linux (Ubuntu):
status: New → Triaged
status: Triaged → In Progress
assignee: nobody → Brad Figg (brad-figg)
description: updated
Brad Figg (brad-figg)
Changed in linux (Ubuntu):
status: In Progress → Fix Committed
Brad Figg (brad-figg)
Changed in linux (Ubuntu Vivid):
status: New → Fix Committed
Changed in linux (Ubuntu):
status: Fix Committed → Invalid
Revision history for this message
Luis Henriques (henrix) wrote :

This bug is awaiting verification that the kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-vivid' to 'verification-done-vivid'.

If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you!

tags: added: verification-needed-vivid
Brad Figg (brad-figg)
tags: added: verification-done-vivid
removed: verification-needed-vivid
Revision history for this message
Launchpad Janitor (janitor) wrote :
Download full text (10.5 KiB)

This bug was fixed in the package linux - 3.19.0-31.36

---------------
linux (3.19.0-31.36) vivid; urgency=low

  [ Luis Henriques ]

  * Release Tracking Bug
    - LP: #1503703

  [ Andy Whitcroft ]

  * Revert "SAUCE: aufs3: mmap: Fix races in madvise_remove() and
    sys_msync()"
    - LP: #1503655

  [ Ben Hutchings ]

  * SAUCE: aufs3: mmap: Fix races in madvise_remove() and sys_msync()
    - LP: #1503655
    - CVE-2015-7312

linux (3.19.0-31.35) vivid; urgency=low

  [ Brad Figg ]

  * Release Tracking Bug
    - LP: #1503005

  [ Ben Hutchings ]

  * SAUCE: aufs3: mmap: Fix races in madvise_remove() and sys_msync()
    - CVE-2015-7312

  [ Craig Magina ]

  * [Config] Add XGENE_EDAC, EDAC_SUPPORT and EDAC_ATOMIC_SCRUB
    - LP: #1494357

  [ John Johansen ]

  * SAUCE: (no-up) apparmor: fix mount not handling disconnected paths
    - LP: #1496430

  [ Laurent Dufour ]

  * SAUCE: powerpc/hvsi: Fix endianness issues in the HVSI driver
    - LP: #1499357

  [ Tim Gardner ]

  * [Config] CONFIG_RTC_DRV_XGENE=y for only arm64
    - LP: #1499869

  [ Upstream Kernel Changes ]

  * Revert "sit: Add gro callbacks to sit_offload"
    - LP: #1500493
  * ipmi/powernv: Fix minor locking bug
    - LP: #1493017
  * mmc: sdhci-pci: set the clear transfer mode register quirk for O2Micro
    - LP: #1472843
  * perf probe ppc: Fix symbol fixup issues due to ELF type
    - LP: #1485528
  * perf probe ppc: Use the right prefix when ignoring SyS symbols on ppc
    - LP: #1485528
  * perf probe ppc: Enable matching against dot symbols automatically
    - LP: #1485528
  * perf probe ppc64le: Fix ppc64 ABIv2 symbol decoding
    - LP: #1485528
  * perf probe ppc64le: Prefer symbol table lookup over DWARF
    - LP: #1485528
  * perf probe ppc64le: Fixup function entry if using kallsyms lookup
    - LP: #1485528
  * perf probe: Improve detection of file/function name in the probe
    pattern
    - LP: #1485528
  * perf probe: Ignore tail calls to probed functions
    - LP: #1485528
  * seccomp: cap SECCOMP_RET_ERRNO data to MAX_ERRNO
    - LP: #1496073
  * EDAC: Cleanup atomic_scrub mess
    - LP: #1494357
  * arm64: Enable EDAC on ARM64
    - LP: #1494357
  * MAINTAINERS: Add entry for APM X-Gene SoC EDAC driver
    - LP: #1494357
  * Documentation: Add documentation for the APM X-Gene SoC EDAC DTS
    binding
    - LP: #1494357
  * EDAC: Add APM X-Gene SoC EDAC driver
    - LP: #1494357
  * arm64: Add APM X-Gene SoC EDAC DTS entries
    - LP: #1494357
  * EDAC, edac_stub: Drop arch-specific include
    - LP: #1494357
  * NVMe: Fix blk-mq hot cpu notification
    - LP: #1498778
  * blk-mq: Shared tag enhancements
    - LP: #1498778
  * blk-mq: avoid access hctx->tags->cpumask before allocation
    - LP: #1498778
  * x86/ldt: Make modify_ldt synchronous
    - LP: #1500493
  * x86/ldt: Correct LDT access in single stepping logic
    - LP: #1500493
  * x86/ldt: Correct FPU emulation access to LDT
    - LP: #1500493
  * md: flush ->event_work before stopping array.
    - LP: #1500493
  * ipv6: addrconf: validate new MTU before applying it
    - LP: #1500493
  * virtio-net: drop NETIF_F_FRAGLIST
    - LP: #1500493
  * RDS: verify the underlying transport exists bef...

Changed in linux (Ubuntu Vivid):
status: Fix Committed → Fix Released
Brad Figg (brad-figg)
no longer affects: linux-lts-utopic (Ubuntu Vivid)
Kamal Mostafa (kamalmostafa)
Changed in linux (Ubuntu Trusty):
status: New → Fix Committed
Kamal Mostafa (kamalmostafa)
Changed in linux-lts-utopic (Ubuntu Trusty):
status: New → Fix Committed
Revision history for this message
Kamal Mostafa (kamalmostafa) wrote :

This bug is awaiting verification that the kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-trusty' to 'verification-done-trusty'.

If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you!

tags: added: verification-needed-trusty
Brad Figg (brad-figg)
tags: added: verification-done-trusty
removed: verification-needed-trusty
Revision history for this message
Launchpad Janitor (janitor) wrote :
Download full text (11.0 KiB)

This bug was fixed in the package linux - 3.13.0-85.129

---------------
linux (3.13.0-85.129) trusty; urgency=low

  [ Brad Figg ]

  * Release Tracking Bug
    - LP: #1558727

  [ Upstream Kernel Changes ]

  * Revert "Revert "af_unix: Revert 'lock_interruptible' in stream receive
    code""

linux (3.13.0-84.128) trusty; urgency=low

  [ Brad Figg ]

  * Release Tracking Bug
    - LP: #1557596

  [ Upstream Kernel Changes ]

  * Revert "af_unix: Revert 'lock_interruptible' in stream receive code"
    - LP: #1540731
  * seccomp: cap SECCOMP_RET_ERRNO data to MAX_ERRNO
    - LP: #1496073
  * net/mlx4_en: Remove dependency between timestamping capability and
    service_task
    - LP: #1537859
  * net/mlx4_en: Fix HW timestamp init issue upon system startup
    - LP: #1537859
  * x86/mm: Fix slow_virt_to_phys() for X86_PAE again
    - LP: #1549601
  * iw_cxgb3: Fix incorrectly returning error on success
    - LP: #1557191
  * EVM: Use crypto_memneq() for digest comparisons
    - LP: #1557191
  * x86/entry/compat: Add missing CLAC to entry_INT80_32
    - LP: #1557191
  * iio: dac: mcp4725: set iio name property in sysfs
    - LP: #1557191
  * iommu/vt-d: Fix 64-bit accesses to 32-bit DMAR_GSTS_REG
    - LP: #1557191
  * PCI/AER: Flush workqueue on device remove to avoid use-after-free
    - LP: #1557191
  * libata: disable forced PORTS_IMPL for >= AHCI 1.3
    - LP: #1557191
  * mac80211: start_next_roc only if scan was actually running
    - LP: #1557191
  * mac80211: Requeue work after scan complete for all VIF types.
    - LP: #1557191
  * rfkill: fix rfkill_fop_read wait_event usage
    - LP: #1557191
  * crypto: shash - Fix has_key setting
    - LP: #1557191
  * drm/i915/dp: fall back to 18 bpp when sink capability is unknown
    - LP: #1557191
  * target: Fix WRITE_SAME/DISCARD conversion to linux 512b sectors
    - LP: #1557191
  * crypto: algif_hash - wait for crypto_ahash_init() to complete
    - LP: #1557191
  * iio: inkern: fix a NULL dereference on error
    - LP: #1557191
  * intel_scu_ipcutil: underflow in scu_reg_access()
    - LP: #1557191
  * ALSA: seq: Fix race at closing in virmidi driver
    - LP: #1557191
  * ALSA: rawmidi: Remove kernel WARNING for NULL user-space buffer check
    - LP: #1557191
  * ALSA: pcm: Fix potential deadlock in OSS emulation
    - LP: #1557191
  * ALSA: seq: Fix yet another races among ALSA timer accesses
    - LP: #1557191
  * ALSA: timer: Fix link corruption due to double start or stop
    - LP: #1557191
  * libata: fix sff host state machine locking while polling
    - LP: #1557191
  * cputime: Prevent 32bit overflow in time[val|spec]_to_cputime()
    - LP: #1557191
  * ASoC: dpcm: fix the BE state on hw_free
    - LP: #1557191
  * module: wrapper for symbol name.
    - LP: #1557191
  * ALSA: hda - Add fixup for Mac Mini 7,1 model
    - LP: #1557191
  * ALSA: Move EXPORT_SYMBOL() in appropriate places
    - LP: #1557191
  * ALSA: rawmidi: Make snd_rawmidi_transmit() race-free
    - LP: #1557191
  * ALSA: rawmidi: Fix race at copying & updating the position
    - LP: #1557191
  * ALSA: seq: Fix lockdep warnings due to double mutex locks
    - LP: #1557191
  * drivers/scsi/sg.c: mark VMA as VM_IO...

Changed in linux (Ubuntu Trusty):
status: Fix Committed → Fix Released
status: Fix Committed → Fix Released
Revision history for this message
Launchpad Janitor (janitor) wrote :
Download full text (10.4 KiB)

This bug was fixed in the package linux-lts-utopic - 3.16.0-69.89~14.04.1

---------------
linux-lts-utopic (3.16.0-69.89~14.04.1) trusty; urgency=low

  [ Brad Figg ]

  * Release Tracking Bug
    - LP: #1558760

  [ Upstream Kernel Changes ]

  * Revert "Revert "af_unix: Revert 'lock_interruptible' in stream receive
    code""

linux-lts-utopic (3.16.0-68.88~14.04.1) trusty; urgency=low

  [ Brad Figg ]

  * Release Tracking Bug
    - LP: #1558092

  [ Upstream Kernel Changes ]

  * Revert "ALSA: hda - Fix noise on Gigabyte Z170X mobo"
    - LP: #1552180
  * Revert "af_unix: Revert 'lock_interruptible' in stream receive code"
    - LP: #1540731
  * [media] usbvision fix overflow of interfaces array
    - LP: #1552180
  * [media] usbvision: fix leak of usb_dev on failure paths in
    usbvision_probe()
    - LP: #1552180
  * [media] usbvision: fix crash on detecting device with invalid
    configuration
    - LP: #1552180
  * tty: Fix unsafe ldisc reference via ioctl(TIOCGETD)
    - LP: #1552180
  * USB: serial: visor: fix crash on detecting device without write_urbs
    - LP: #1552180
  * ASN.1: Fix non-match detection failure on data overrun
    - LP: #1552180
  * iw_cxgb3: Fix incorrectly returning error on success
    - LP: #1552180
  * EVM: Use crypto_memneq() for digest comparisons
    - LP: #1552180
  * iio: adis_buffer: Fix out-of-bounds memory access
    - LP: #1552180
  * KVM: PPC: Fix emulation of H_SET_DABR/X on POWER8
    - LP: #1552180
  * x86/irq: Call chip->irq_set_affinity in proper context
    - LP: #1552180
  * ACPI / PCI / hotplug: unlock in error path in acpiphp_enable_slot()
    - LP: #1552180
  * usb: cdc-acm: handle unlinked urb in acm read callback
    - LP: #1552180
  * usb: cdc-acm: send zero packet for intel 7260 modem
    - LP: #1552180
  * cdc-acm:exclude Samsung phone 04e8:685d
    - LP: #1552180
  * usb: hub: do not clear BOS field during reset device
    - LP: #1552180
  * USB: cp210x: add ID for IAI USB to RS485 adaptor
    - LP: #1552180
  * USB: visor: fix null-deref at probe
    - LP: #1552180
  * USB: serial: option: Adding support for Telit LE922
    - LP: #1552180
  * ALSA: seq: Fix incorrect sanity check at snd_seq_oss_synth_cleanup()
    - LP: #1552180
  * ALSA: seq: Degrade the error message for too many opens
    - LP: #1552180
  * USB: serial: ftdi_sio: add support for Yaesu SCU-18 cable
    - LP: #1552180
  * USB: option: fix Cinterion AHxx enumeration
    - LP: #1552180
  * ALSA: compress: Disable GET_CODEC_CAPS ioctl for some architectures
    - LP: #1552180
  * ALSA: usb-audio: Fix TEAC UD-501/UD-503/NT-503 usb delay
    - LP: #1552180
  * virtio_pci: fix use after free on release
    - LP: #1552180
  * ALSA: bebob: Use a signed return type for get_formation_index
    - LP: #1552180
  * arm64: errata: Add -mpc-relative-literal-loads to build flags
    - LP: #1533009, #1552180
  * powerpc/eeh: Fix PE location code
    - LP: #1552180
  * SCSI: fix crashes in sd and sr runtime PM
    - LP: #1552180
  * n_tty: Fix unsafe reference to "other" ldisc
    - LP: #1552180
  * staging/speakup: Use tty_ldisc_ref() for paste kworker
    - LP: #1552180
  * ALSA: dummy: Disable switching timer backend via sys...

Changed in linux-lts-utopic (Ubuntu Trusty):
status: Fix Committed → Fix Released
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.