This bug was fixed in the package linux - 4.15.0-163.171
---------------
linux (4.15.0-163.171) bionic; urgency=medium
* bionic/linux: 4.15.0-163.171 -proposed tracker (LP: #1949874)
* Packaging resync (LP: #1786013)
- [Packaging] update Ubuntu.md
- debian/dkms-versions -- update from kernel-versions (main/2021.11.08)
* Unable to build net/reuseport_bpf and other tests in ubuntu_kernel_selftests
on Bionic with make command (LP: #1949889)
- selftests: Fix loss of test output in run_kselftests.sh
- selftests: Makefile set KSFT_TAP_LEVEL to prevent nested TAP headers
- selftests: fix headers_install circular dependency
- selftests: fix bpf build/test workflow regression when KBUILD_OUTPUT is
set
- selftests: vm: Fix test build failure when built by itself
* KVM emulation failure when booting into VM crash kernel with multiple CPUs
(LP: #1948862)
- KVM: x86: Properly reset MMU context at vCPU RESET/INIT
* aufs: kernel bug with apparmor and fuseblk (LP: #1948470)
- SAUCE: aufs: bugfix, stop omitting path->mnt
* ebpf: bpf_redirect fails with ip6 gre interfaces (LP: #1947164)
- net: handle ARPHRD_IP6GRE in dev_is_mac_header_xmit()
* require CAP_NET_ADMIN to attach N_HCI ldisc (LP: #1949516)
- Bluetooth: hci_ldisc: require CAP_NET_ADMIN to attach N_HCI ldisc
* ACL updates on OCFS2 are not revalidated (LP: #1947161)
- ocfs2: fix remounting needed after setfacl command
* ppc64 BPF JIT mod by 1 will not return 0 (LP: #1948351)
- powerpc/bpf: Fix BPF_MOD when imm == 1
* Drop "UBUNTU: SAUCE: cachefiles: Page leaking in
cachefiles_read_backing_file while vmscan is active" (LP: #1947709)
- Revert "UBUNTU: SAUCE: cachefiles: Page leaking in
cachefiles_read_backing_file while vmscan is active"
- cachefiles: Fix page leak in cachefiles_read_backing_file while vmscan is
active
* Some test in ubuntu_bpf test_verifier failed on i386 Bionic kernel
(LP: #1788578)
- bpf: fix context access in tracing progs on 32 bit archs
* test_bpf.sh from ubuntu_kernel_selftests.net from linux ADT test failure
with linux/4.15.0-149.153 i386 (Segmentation fault) (LP: #1934414)
- selftests/bpf: make test_verifier run most programs
- bpf: add couple of test cases for div/mod by zero
- bpf: add further test cases around div/mod and others
* Bionic update: upstream stable patchset 2021-11-02 (LP: #1949512)
- usb: gadget: r8a66597: fix a loop in set_feature()
- usb: musb: tusb6010: uninitialized data in tusb_fifo_write_unaligned()
- cifs: fix incorrect check for null pointer in header_assemble
- xen/x86: fix PV trap handling on secondary processors
- usb-storage: Add quirk for ScanLogic SL11R-IDE older than 2.6c
- USB: serial: cp210x: add ID for GW Instek GDM-834x Digital Multimeter
- staging: greybus: uart: fix tty use after free
- Re-enable UAS for LaCie Rugged USB3-FW with fk quirk
- USB: serial: mos7840: remove duplicated 0xac24 device ID
- USB: serial: option: add Telit LN920 compositions
- USB: serial: option: remove duplicate USB device ID
- USB: serial: option: add device id for Foxconn T99W265
- mcb: fix error handling in mcb_alloc_bus()
- serial: mvebu-uart: fix driver's tx_empty callback
- net: hso: fix muxed tty registration
- bnxt_en: Fix TX timeout when TX ring size is set to the smallest
- net/mlx4_en: Don't allow aRFS for encapsulated packets
- scsi: iscsi: Adjust iface sysfs attr detection
- thermal/core: Potential buffer overflow in
thermal_build_list_of_policies()
- irqchip/gic-v3-its: Fix potential VPE leak on error
- md: fix a lock order reversal in md_alloc
- blktrace: Fix uaf in blk_trace access after removing by sysfs
- net: macb: fix use after free on rmmod
- net: stmmac: allow CSR clock of 300MHz
- m68k: Double cast io functions to unsigned long
- xen/balloon: use a kernel thread instead a workqueue
- compiler.h: Introduce absolute_pointer macro
- net: i825xx: Use absolute_pointer for memcpy from fixed memory location
- sparc: avoid stringop-overread errors
- qnx4: avoid stringop-overread errors
- parisc: Use absolute_pointer() to define PAGE0
- arm64: Mark __stack_chk_guard as __ro_after_init
- alpha: Declare virt_to_phys and virt_to_bus parameter as pointer to
volatile
- net: 6pack: Fix tx timeout and slot time
- spi: Fix tegra20 build with CONFIG_PM=n
- arm64: dts: marvell: armada-37xx: Extend PCIe MEM space
- PCI: aardvark: Fix checking for PIO Non-posted Request
- PCI: aardvark: Fix checking for PIO status
- xen/balloon: fix balloon kthread freezing
- qnx4: work around gcc false positive warning bug
- tty: Fix out-of-bound vmalloc access in imageblit
- cpufreq: schedutil: Use kobject release() method to free sugov_tunables
- cpufreq: schedutil: Destroy mutex before kobject_put() frees the memory
- mac80211: fix use-after-free in CCMP/GCMP RX
- ipvs: check that ip_vs_conn_tab_bits is between 8 and 20
- mac80211: Fix ieee80211_amsdu_aggregate frag_tail bug
- mac80211: limit injected vht mcs/nss in ieee80211_parse_tx_radiotap
- sctp: break out if skb_header_pointer returns NULL in sctp_rcv_ootb
- hwmon: (tmp421) fix rounding for negative values
- e100: fix length calculation in e100_get_regs_len
- e100: fix buffer overrun in e100_get_regs
- scsi: csiostor: Add module softdep on cxgb4
- af_unix: fix races in sk_peer_pid and sk_peer_cred accesses
- ipack: ipoctal: fix stack information leak
- ipack: ipoctal: fix tty registration race
- ipack: ipoctal: fix tty-registration error handling
- ipack: ipoctal: fix missing allocation-failure check
- ipack: ipoctal: fix module reference leak
- ext4: fix potential infinite loop in ext4_dx_readdir()
- net: udp: annotate data race around udp_sk(sk)->corkflag
- EDAC/synopsys: Fix wrong value type assignment for edac_mode
- ARM: 9077/1: PLT: Move struct plt_entries definition to header
- ARM: 9078/1: Add warn suppress parameter to arm_gen_branch_link()
- ARM: 9079/1: ftrace: Add MODULE_PLTS support
- ARM: 9098/1: ftrace: MODULE_PLT: Fix build problem without DYNAMIC_FTRACE
- arm64: Extend workaround for erratum 1024718 to all versions of Cortex-A55
- hso: fix bailout in error case of probe
- usb: hso: fix error handling code of hso_create_net_device
- usb: hso: remove the bailout parameter
- crypto: ccp - fix resource leaks in ccp_run_aes_gcm_cmd()
- HID: betop: fix slab-out-of-bounds Write in betop_probe
- netfilter: ipset: Fix oversized kvmalloc() calls
- HID: usbhid: free raw_report buffers in usbhid_stop
- cred: allow get_cred() and put_cred() to be given NULL.
- gpio: uniphier: Fix void functions to remove return value
- tty: synclink_gt, drop unneeded forward declarations
- tty: synclink_gt: rename a conflicting function name
- drm/amd/display: Pass PCI deviceid into DC
- hwmon: (tmp421) Replace S_<PERMS> with octal values
- hwmon: (tmp421) report /PVLD condition as fault
* ACL updates on OCFS2 are not revalidated (LP: #1947161) // Bionic update:
upstream stable patchset 2021-11-02 (LP: #1949512)
- ocfs2: drop acl cache for directories too
-- Kleber Sacilotto de Souza <[email protected]> Fri, 05 Nov
2021 12:22:08 +0100
** Changed in: linux (Ubuntu Bionic)
Status: Fix Committed => Fix Released
** Changed in: linux (Ubuntu Focal)
Status: Fix Committed => Fix Released
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1948351
Title:
ppc64 BPF JIT mod by 1 will not return 0
Status in linux package in Ubuntu:
Incomplete
Status in linux source package in Bionic:
Fix Released
Status in linux source package in Focal:
Fix Released
Status in linux source package in Hirsute:
Fix Released
Status in linux source package in Impish:
Fix Released
Bug description:
[Impact]
When doing MOD by 1 with a immediate/constant divisor on PPC, the JIT will
produce code that returns the dividend, just like a division, instead of 0.
Both eBPF and cBPF will fail as well when doing such operations.
[Test case]
$ cat bpf-mod1.c
#include <linux/bpf.h>
#include <unistd.h>
#include <sys/syscall.h>
#include <sys/socket.h>
#include <stdio.h>
#include <sys/prctl.h>
#include <stdlib.h>
#include <errno.h>
#include <limits.h>
#include <err.h>
#include <string.h>
#include <linux/filter.h>
#define ARRAY_SIZE(array) (sizeof(array)/sizeof(array[0]))
static int pair[2];
static int attach()
{
int r;
struct sock_filter insn[] = {
{ BPF_LD | BPF_W | BPF_ABS, 0, 0, 0 },
{ BPF_ALU | BPF_MOD, 0, 0, 1 },
{ BPF_RET | BPF_A, 0, 0, 0 },
};
struct sock_fprog prog = {};
prog.filter = insn;
prog.len = ARRAY_SIZE(insn);
socketpair(AF_UNIX, SOCK_DGRAM, 0, pair);
setsockopt(pair[1], SOL_SOCKET, SO_ATTACH_FILTER, &prog,
sizeof(prog));
return 0;
}
int main(int argc, char **argv)
{
int buf[5];
int r;
r = attach();
if (r < 0) {
err(1, "function will error out already");
}
write(pair[0], "hello", 5);
r = recv(pair[1], buf, 5, MSG_DONTWAIT);
if (r != -1 || errno != EAGAIN) {
err(1, "program failed");
}
return 0;
}
$ gcc -o bpf-mod1 bpf-mod1.c
$ ./bpf-mod1
cbpf-mod1: program failed: Success
After fix:
$ ./bpf-mod1
$ echo $?
0
[Potential regression]
BPF programs might be misbehave on ppc64el.
========================================================
This is a scripted bug report about ADT failures while running linux
tests for linux/5.4.0-90.101 on focal. Whether this is caused by the
dep8 tests of the tested source or the kernel has yet to be
determined.
Consistently failing on Focal/linux 5.4.0-90.101
13:15:26 DEBUG| [stdout] # selftests: net: test_bpf.sh
13:15:27 DEBUG| [stdout] # test_bpf: [FAIL]
13:15:27 DEBUG| [stdout] not ok 9 selftests: net: test_bpf.sh # exit=1
Testing failed on:
ppc64el:
https://autopkgtest.ubuntu.com/results/autopkgtest-focal/focal/ppc64el/l/linux/20211021_141544_eda49@/log.gz
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1948351/+subscriptions
--
Mailing list: https://launchpad.net/~kernel-packages
Post to : [email protected]
Unsubscribe : https://launchpad.net/~kernel-packages
More help : https://help.launchpad.net/ListHelp
