Ubuntu
lttng-modules package

Ubuntu version macros overflow with high ABI numbers

Bug #1953522 reported by Stefan Bader
18
This bug affects 2 people
Affects Status Importance Assigned to Milestone
linux (Ubuntu)
Invalid
Undecided
Unassigned
Bionic
Fix Released
Medium
Unassigned
lttng-modules (Ubuntu)
Confirmed
Undecided
Unassigned
Bionic
Triaged
Medium
Stefan Bader

Bug Description

[SRU Justification]

== Impact ==

The kernel change (which may or may not be taken back) revealed a build issue we already have with lltng-modules and our high ABI numbers for derivative/custom kernels. It should be fixed regardless of what the kernel will do.

== Fix ==

The proposed fix changes macros which are used to do run-time adaptions of code based on the kernel version for which the DKMS modules are built for. The number keys which the macros are using are not included in the code and the way those are used will either cause build failures or produce the same code as before.

== Test case ==

Producing DKMS modules is the test case here. I did tests with the previous bionic:linux-snapdragon (which uses the old sub-level in the kernel) and the same kernel in proposed which has the sub-level set to 255 fix). Both worked.

== Regression Potential ==

Building DKMS modules for lttng could start to fail.

---

An upstream kernel change which was introduced to avoid high sub-level numbers in 4.14.y to overflow into the minor number has uncovered a similar issue with LTTNG's macros which allow versioned code adaptions.

To allow that the ABI number of the kernel is inserted as a new sub-sub-level number. Which is done by shifting the existing LINUX_VERSION_CODE by another 8 bits. But this only allows for ABI numbers up to 255. After that they overflow into the sub-level part of the kernel. This went unnoticed until the kernel side changed this number to be 255 fix. Now the overflow reaches the minor number and this breaks assumptions in the code.

For example bionic:linux-snapdragon (-1117) fails to produce lttng-modules (DKMS) but the previous version would succeed. When changing the LINUX_VERSION_CODE back, this works in both cases.

Since the macros are only used to make compile time decisions the proposed fix would be to extend the ABI number size to 16bit. That will work in all cases.

See original description

CVE References

Stefan Bader (smb)
Changed in lttng-modules (Ubuntu Bionic):
assignee: nobody → Stefan Bader (smb)
importance: Undecided → Medium
status: New → Triaged
Revision history for this message
Stefan Bader (smb) wrote :
Ubuntu Foundations Team Bug Bot (crichton)
tags: added: patch
Revision history for this message
Stefan Bader (smb) wrote :

To avoid ambiguity what storage size the macros expand to it is probably better to force a 64bit number like some of the other distro macros do.

Revision history for this message
Launchpad Janitor (janitor) wrote :

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in lttng-modules (Ubuntu):
status: New → Confirmed
Stefan Bader (smb)
description: updated
Stefan Bader (smb)
Changed in linux (Ubuntu Bionic):
importance: Undecided → Medium
status: New → Triaged
Revision history for this message
Ubuntu Kernel Bot (ubuntu-kernel-bot) wrote : Missing required logs.

This bug is missing log files that will aid in diagnosing the problem. While running an Ubuntu kernel (not a mainline or third-party kernel) please enter the following command in a terminal window:

apport-collect 1953522

and then change the status of the bug to 'Confirmed'.

If, due to the nature of the issue you have encountered, you are unable to run this command, please add a comment stating that fact and change the bug status to 'Confirmed'.

This change has been made by an automated script, maintained by the Ubuntu Kernel Team.

Changed in linux (Ubuntu):
status: New → Incomplete
Stefan Bader (smb)
Changed in linux (Ubuntu):
status: Incomplete → Invalid
Stefan Bader (smb)
Changed in linux (Ubuntu Bionic):
status: Triaged → Fix Committed
Revision history for this message
Ubuntu Kernel Bot (ubuntu-kernel-bot) wrote :

This bug is awaiting verification that the linux/4.15.0-166.174 kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-bionic' to 'verification-done-bionic'. If the problem still exists, change the tag 'verification-needed-bionic' to 'verification-failed-bionic'.

If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you!

tags: added: verification-needed-bionic
Revision history for this message
Stefan Bader (smb) wrote :

Looking at lttng-modules upstream I saw that this got fixed by them for Xenial in some middle way (that and there was a later patch to cast things to uint_64):

commit af59031181f353ba1b46d2a085fcb9b74c69c170
Author: Michael Jeanson <email address hidden>
Date: Fri Feb 5 15:21:55 2021 -0500

    fix: UTS_UBUNTU_RELEASE_ABI is close to overflow

Revision history for this message
Kleber Sacilotto de Souza (kleber-souza) wrote :

Confirmed that lttng-modules can now be built with the derivative kernels based on linux/4.15.0-166.174 which have high ABI numbers and were causing lttng-modules build to fail previously.

Examples:
* bionic/linux-dell300:
 - before: https://autopkgtest.ubuntu.com/results/autopkgtest-bionic/bionic/amd64/l/lttng-modules/20211207_144636_9f61b@/log.gz
 - now: https://autopkgtest.ubuntu.com/results/autopkgtest-bionic/bionic/amd64/l/lttng-modules/20211210_125952_e1eee@/log.gz

* bionic/linux-snapdragon:
 - before: https://autopkgtest.ubuntu.com/results/autopkgtest-bionic/bionic/arm64/l/lttng-modules/20211203_103656_c120a@/log.gz
 - now: https://autopkgtest.ubuntu.com/results/autopkgtest-bionic/bionic/arm64/l/lttng-modules/20211210_122507_acaa6@/log.gz

tags: added: verification-done-bionic
removed: verification-needed-bionic
Revision history for this message
Stefan Bader (smb) wrote :

Based on the updated bionic:linux kernel (4.15.0-166.174) we have spun the bionic:linux-snapdragon derivative which was failing to build lttng-modules with the previous base. This now works as well as the base kernel (still) passing that test:

base: https://people.canonical.com/~kernel/status/adt-matrix/bionic-linux-meta.html
snapdragon: https://people.canonical.com/~kernel/status/adt-matrix/bionic-linux-meta-snapdragon.html

Revision history for this message
Launchpad Janitor (janitor) wrote :
Download full text (10.4 KiB)

This bug was fixed in the package linux - 4.15.0-166.174

---------------
linux (4.15.0-166.174) bionic; urgency=medium

  * bionic/linux: 4.15.0-166.174 -proposed tracker (LP: #1953667)

  * Ubuntu version macros overflow with high ABI numbers (LP: #1953522)
    - SAUCE: Revert "stable: clamp SUBLEVEL in 4.14"

  * test_bpf.sh test in net of ubuntu_kernel_selftests failed on B-4.15 and
    variants (LP: #1953287)
    - SAUCE: Revert "bpf: add also cbpf long jump test cases with heavy expansion"

  * test_bpf.sh test in net of ubuntu_kernel_selftests failed on B-4.15 and
    variants (LP: #1953287) // CVE-2018-25020
    - bpf: fix truncated jump targets on heavy expansions

linux (4.15.0-165.173) bionic; urgency=medium

  * bionic/linux: 4.15.0-165.173 -proposed tracker (LP: #1952780)

  * Support builtin revoked certificates (LP: #1932029)
    - certs: Add EFI_CERT_X509_GUID support for dbx entries
    - certs: Move load_system_certificate_list to a common function
    - integrity: Move import of MokListRT certs to a separate routine
    - integrity: Load certs from the EFI MOK config table
    - certs: Add ability to preload revocation certs
    - certs: add 'x509_revocation_list' to gitignore
    - SAUCE: Dump stack when X.509 certificates cannot be loaded
    - [Packaging] build canonical-revoked-certs.pem from branch/arch certs
    - [Packaging] Revoke 2012 UEFI signing certificate as built-in
    - [Config] Configure CONFIG_SYSTEM_REVOCATION_KEYS with revoked keys

  * Support importing mokx keys into revocation list from the mok table
    (LP: #1928679)
    - efi: Support for MOK variable config table
    - efi: mokvar-table: fix some issues in new code
    - efi: mokvar: add missing include of asm/early_ioremap.h
    - efi/mokvar: Reserve the table only if it is in boot services data
    - SAUCE: integrity: Load mokx certs from the EFI MOK config table
    - SAUCE: integrity: add informational messages when revoking certs

  * CVE-2021-4002
    - arm64: tlb: Provide forward declaration of tlb_flush() before including
      tlb.h
    - mm: mmu_notifier fix for tlb_end_vma
    - hugetlbfs: flush TLBs correctly after huge_pmd_unshare

linux (4.15.0-164.172) bionic; urgency=medium

  * bionic/linux: 4.15.0-164.172 -proposed tracker (LP: #1952348)

  * Packaging resync (LP: #1786013)
    - [Packaging] resync update-dkms-versions helper
    - debian/dkms-versions -- update from kernel-versions (main/2021.11.29)

  * Bionic update: upstream stable patchset 2021-11-23 (LP: #1951997)
    - btrfs: always wait on ordered extents at fsync time
    - ARM: dts: at91: sama5d2_som1_ek: disable ISC node by default
    - xtensa: xtfpga: use CONFIG_USE_OF instead of CONFIG_OF
    - xtensa: xtfpga: Try software restart before simulating CPU reset
    - NFSD: Keep existing listeners on portlist error
    - netfilter: ipvs: make global sysctl readonly in non-init netns
    - NIOS2: irqflags: rename a redefined register name
    - can: rcar_can: fix suspend/resume
    - can: peak_usb: pcan_usb_fd_decode_status(): fix back to ERROR_ACTIVE state
      notification
    - can: peak_pci: peak_pci_remove(): fix UAF
    - ocfs2: fix data corruption after conversio...

Changed in linux (Ubuntu Bionic):
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Duplicates of this bug

Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.