Bug 10699 - Update request: kernel-rt-3.8.13.4-0.rt14.2.mga3
: Update request: kernel-rt-3.8.13.4-0.rt14.2.mga3
Status: RESOLVED FIXED
Product: Mageia
Classification: Unclassified
Component: Security
: 3
: All Linux
: Normal Severity: major
: ---
Assigned To: QA Team
: Sec team
:
: mga3-32-ok MGA3-64-OK
: validated_update
:
:
  Show dependency treegraph
 
Reported: 2013-07-04 21:14 CEST by Thomas Backlund
Modified: 2013-07-16 10:12 CEST (History)
2 users (show)

See Also:
Source RPM: kernel-rt-3.8.13.4-0.rt14.2.mga3
CVE:
Status comment:


Attachments
Output from urpmi --debug, while installing kernel updates on m3 x86_64. (9.32 KB, application/octet-stream)
2013-07-06 07:56 CEST, Dave Hodgins
Details

Description Thomas Backlund 2013-07-04 21:14:36 CEST
Advisory:
This kernel-rt update provides the extended stable 3.8.13.4 kernel and fixes
the follwing security issues:

The pciback_enable_msi function in the PCI backend driver 
(drivers/xen/pciback/conf_space_capability_msi.c) in Xen for the Linux
kernel 2.6.18 and 3.8 allows guest OS users with PCI device access to
cause a denial of service via a large number of kernel log messages.
(CVE-2013-0231 / XSA-43)

ipv6: ip6_sk_dst_check() must not assume ipv6 dst
It's possible to use AF_INET6 sockets and to connect to an IPv4
destination. After this, socket dst cache is a pointer to a rtable,
not rt6_info. This bug can be exploited by local non-root users
to trigger various corruptions/crashes (CVE-2013-2232)

af_key: fix info leaks in notify messages
key_notify_sa_flush() and key_notify_policy_flush() miss to
initialize the sadb_msg_reserved member of the broadcasted message
and thereby leak 2 bytes of heap memory to listeners (CVE-2013-2234)

af_key: initialize satype in key_notify_policy_flush()
key_notify_policy_flush() miss to nitialize the sadb_msg_satype member
of the broadcasted message and thereby leak heap memory to listeners
(CVE-2013-2237)

Heap-based buffer overflow in the iscsi_add_notunderstood_response function
in drivers/target/iscsi/iscsi_target_parameters.c in the iSCSI target
subsystem in the Linux kernel through 3.9.4 allows remote attackers to
cause a denial of service (memory corruption and OOPS) or possibly execute
arbitrary code via a long key that is not properly handled during
construction of an error-response packet.
A reproduction case requires patching open-iscsi to send overly large
keys. Performing discovery in a loop will Oops the remote server.
(CVE-2013-2850)

Format string vulnerability in the b43_request_firmware function in
drivers/net/wireless/b43/main.c in the Broadcom B43 wireless driver in
the Linux kernel through 3.9.4 allows local users to gain privileges by
leveraging root access and including format string specifiers in an
fwpostfix modprobe parameter, leading to improper construction of an
error message. (CVE-2013-2852)

Other fixes:
- Fix up alx AR8161 breakage (mga #10079)
- md/raid10: fix two bugs affecting RAID10 reshape
- perf: Disable monitoring on setuid processes for regular users
- netfilter: nf_conntrack_ipv6: Plug sk_buff leak in fragment handling
- enable X86_X2APIC, X86_REROUTE_FOR_BROKEN_BOOT_IRQS, FHANDLE
- disable COMPAT_VDSO (not needed since glibc-2.3.3)

The -rt patch has been updated to -rt13

For other fixes in the extended stable update, see the referenced shortlog


References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0231
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2232
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2234
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2237
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2850
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2852
http://kernel.ubuntu.com/git?p=ubuntu/linux.git;h=refs/heads/linux-3.8.y;a=shortlog


Reproducible: 

Steps to Reproduce:
Comment 1 Thomas Backlund 2013-07-04 21:24:22 CEST
SRPM:
kernel-rt-3.8.13.4-0.rt13.1.mga3.src.rpm

i586:
kernel-rt-3.8.13.4-0.rt13.1.mga3-1-1.mga3.i586.rpm
kernel-rt-devel-3.8.13.4-0.rt13.1.mga3-1-1.mga3.i586.rpm
kernel-rt-devel-latest-3.8.13.4-0.rt13.1.mga3.i586.rpm
kernel-rt-doc-3.8.13.4-0.rt13.1.mga3.noarch.rpm
kernel-rt-latest-3.8.13.4-0.rt13.1.mga3.i586.rpm
kernel-rt-source-3.8.13.4-0.rt13.1.mga3-1-1.mga3.noarch.rpm
kernel-rt-source-latest-3.8.13.4-0.rt13.1.mga3.noarch.rpm


x86_64:
kernel-rt-3.8.13.4-0.rt13.1.mga3-1-1.mga3.x86_64.rpm
kernel-rt-devel-3.8.13.4-0.rt13.1.mga3-1-1.mga3.x86_64.rpm
kernel-rt-devel-latest-3.8.13.4-0.rt13.1.mga3.x86_64.rpm
kernel-rt-doc-3.8.13.4-0.rt13.1.mga3.noarch.rpm
kernel-rt-latest-3.8.13.4-0.rt13.1.mga3.x86_64.rpm
kernel-rt-source-3.8.13.4-0.rt13.1.mga3-1-1.mga3.noarch.rpm
kernel-rt-source-latest-3.8.13.4-0.rt13.1.mga3.noarch.rpm
Comment 2 Dave Hodgins 2013-07-06 07:56:21 CEST
Created attachment 4193 [details]
Output from urpmi --debug, while installing kernel updates on m3 x86_64.

As noted in my message to the qa discuss mailing list, the rt kernel on
Mageia 3, x86-64 has a regression, in that it now also shows
ERROR: could not insert 'fglrx': Exec format error

Also, the tmb-*, and rt kernels did not get the dkms modules compiled
during the update. While they do get compiled during first boot, it
would be better if they also got installed during the update.
Comment 3 claire robinson 2013-07-11 11:58:46 CEST
dkms modules built fine here x86_64. Tested with common ones, dkms-virtualbox, dkms-broadcom-wl, dkms-fglrx and dmks-nvidia-current.

Dave can you check again please. I'll be testing 32bit shortly but don't want to set 64bit OK yet.
Comment 4 claire robinson 2013-07-11 14:02:12 CEST
Re-testing this 64bit as it had been using nouveau rather than dkms-nvidia-current

Switched to nvidia driver before rebooting. As it starts it errors and says that it is switching back to nouveau.

# uname -a
Linux mega 3.8.13.4-0.rt13.1.mga3 #1 SMP PREEMPT RT Thu Jul 4 18:20:37 UTC 2013 x86_64 x86_64 x86_64 GNU/Linux

# dkms status -k 3.8.13.4-0.rt13.1.mga3
broadcom-wl, 5.100.82.112-12.mga3.nonfree, 3.8.13.4-0.rt13.1.mga3, x86_64: installed  (WARNING! Diff between built and installed module!)
fglrx, 12.104-3.mga3.nonfree, 3.8.13.4-0.rt13.1.mga3, x86_64: installed  (WARNING! Diff between built and installed module!)
nvidia-current, 319.17-1.mga3.nonfree, 3.8.13.4-0.rt13.1.mga3, x86_64: installed  (WARNING! Diff between built and installed module!)
virtualbox, 4.2.12-2.mga3, 3.8.13.4-0.rt13.1.mga3, x86_64: installed  (WARNING! Diff between built and installed module!) (WARNING! Diff between built and installed module!) (WARNING! Diff between built and installed module!)

# lsmod | grep nv
# lsmod | grep nou
nouveau               942601  3 
mxm_wmi                13021  1 nouveau
wmi                    19070  2 mxm_wmi,nouveau
video                  19154  1 nouveau
ttm                    88073  1 nouveau
drm_kms_helper         44904  1 nouveau
drm                   281412  5 ttm,drm_kms_helper,nouveau
i2c_algo_bit           13413  1 nouveau
i2c_core               40397  9 drm,i2c_i801,saa7134,drm_kms_helper,i2c_algo_bit,v4l2_common,tveeprom,nouveau,videodev
button                 13871  1 nouveau

# modprobe nvidia
modprobe: FATAL: Module nvidia not found.

I'll retest 32bit also
Comment 5 claire robinson 2013-07-11 15:05:44 CEST
This too, as with kernel-linus, is fixed after removing/reinstalling the dkms packages. They are then rebuilt next boot and the diff warning is gone and module loads. I'm not sure what to think, is this a kernel bug or perhaps a dkms bug?

# dkms status
broadcom-wl, 5.100.82.112-12.mga3.nonfree, 3.8.13.4-desktop-1.mga3, x86_64: installed 
broadcom-wl, 5.100.82.112-12.mga3.nonfree, 3.8.13.4-0.rt13.1.mga3, x86_64: installed 
broadcom-wl, 5.100.82.112-12.mga3.nonfree, 3.8.13.4-2.mga3, x86_64: installed 
fglrx, 12.104-3.mga3.nonfree, 3.8.13.4-desktop-1.mga3, x86_64: installed 
fglrx, 12.104-3.mga3.nonfree, 3.8.13.4-0.rt13.1.mga3, x86_64: installed 
fglrx, 12.104-3.mga3.nonfree, 3.8.13.4-2.mga3, x86_64: installed 
nvidia-current, 319.17-1.mga3.nonfree, 3.8.13.4-desktop-1.mga3, x86_64: installed 
nvidia-current, 319.17-1.mga3.nonfree, 3.8.13.4-0.rt13.1.mga3, x86_64: installed 
nvidia-current, 319.17-1.mga3.nonfree, 3.8.13.4-2.mga3, x86_64: installed 
virtualbox, 4.2.16-1.mga3, 3.8.13.4-desktop-1.mga3, x86_64: installed 
virtualbox, 4.2.16-1.mga3, 3.8.13.4-0.rt13.1.mga3, x86_64: installed 
virtualbox, 4.2.16-1.mga3, 3.8.13.4-2.mga3, x86_64: installed 
nvidia-current, 319.17-1.mga3.nonfree, 3.8.13.4-desktop-1.mga3, x86_64: installed-binary from 3.8.13.4-desktop-1.mga3
virtualbox, 4.2.12-2.mga3, 3.8.13.4-desktop-1.mga3, x86_64: installed-binary from 3.8.13.4-desktop-1.mga3

# lsmod | grep nv
nvidia               9412422  38 
i2c_core               40397  6 i2c_i801,saa7134,nvidia,v4l2_common,tveeprom,videodev
Comment 6 claire robinson 2013-07-11 15:27:59 CEST
As with kernel-linus again, removing this kernel appears not to remove dkms modules. Rebooted to this normal kernel-desktop after using kernel-rt to remove kernel-linus. Used kernel-desktop to remove kernel-rt.

The result is the dkms modules for both removed kernels show diff warnings in dkms and when listed per kernel show as missing soem built modules.

# urpme kernel-rt -a
To satisfy dependencies, the following 4 packages will be removed (68MB):
  kernel-rt-3.8.13.4-0.rt13.1.mga3-1-1.mga3.x86_64
  kernel-rt-devel-3.8.13.4-0.rt13.1.mga3-1-1.mga3.x86_64
  kernel-rt-devel-latest-3.8.13.4-0.rt13.1.mga3.x86_64
   (due to missing kernel-rt-devel-3.8.13.4-0.rt13.1.mga3)
  kernel-rt-latest-3.8.13.4-0.rt13.1.mga3.x86_64
   (due to missing kernel-rt-3.8.13.4-0.rt13.1.mga3)
Remove 4 packages? (y/N) y


# dkms status
broadcom-wl, 5.100.82.112-12.mga3.nonfree, 3.8.13.4-desktop-1.mga3, x86_64: installed 
broadcom-wl, 5.100.82.112-12.mga3.nonfree, 3.8.13.4-0.rt13.1.mga3, x86_64: installed  (WARNING! Diff between built and installed module!)
broadcom-wl, 5.100.82.112-12.mga3.nonfree, 3.8.13.4-2.mga3, x86_64: installed  (WARNING! Diff between built and installed module!)
fglrx, 12.104-3.mga3.nonfree, 3.8.13.4-desktop-1.mga3, x86_64: installed 
fglrx, 12.104-3.mga3.nonfree, 3.8.13.4-0.rt13.1.mga3, x86_64: installed  (WARNING! Diff between built and installed module!)
fglrx, 12.104-3.mga3.nonfree, 3.8.13.4-2.mga3, x86_64: installed  (WARNING! Diff between built and installed module!)
nvidia-current, 319.17-1.mga3.nonfree, 3.8.13.4-desktop-1.mga3, x86_64: installed 
nvidia-current, 319.17-1.mga3.nonfree, 3.8.13.4-0.rt13.1.mga3, x86_64: installed  (WARNING! Diff between built and installed module!)
nvidia-current, 319.17-1.mga3.nonfree, 3.8.13.4-2.mga3, x86_64: installed  (WARNING! Diff between built and installed module!)
virtualbox, 4.2.16-1.mga3, 3.8.13.4-desktop-1.mga3, x86_64: installed 
virtualbox, 4.2.16-1.mga3, 3.8.13.4-0.rt13.1.mga3, x86_64: installed  (WARNING! Diff between built and installed module!) (WARNING! Diff between built and installed module!) (WARNING! Diff between built and installed module!)
virtualbox, 4.2.16-1.mga3, 3.8.13.4-2.mga3, x86_64: installed  (WARNING! Diff between built and installed module!) (WARNING! Diff between built and installed module!) (WARNING! Diff between built and installed module!)
nvidia-current, 319.17-1.mga3.nonfree, 3.8.13.4-desktop-1.mga3, x86_64: installed-binary from 3.8.13.4-desktop-1.mga3
virtualbox, 4.2.12-2.mga3, 3.8.13.4-desktop-1.mga3, x86_64: installed-binary from 3.8.13.4-desktop-1.mga3


# dkms status -k 3.8.13.4-0.rt13.1.mga3
broadcom-wl, 5.100.82.112-12.mga3.nonfree, 3.8.13.4-0.rt13.1.mga3, x86_64: installed  (WARNING! Missing some built modules!)
fglrx, 12.104-3.mga3.nonfree, 3.8.13.4-0.rt13.1.mga3, x86_64: installed  (WARNING! Missing some built modules!)
nvidia-current, 319.17-1.mga3.nonfree, 3.8.13.4-0.rt13.1.mga3, x86_64: installed  (WARNING! Missing some built modules!)
virtualbox, 4.2.16-1.mga3, 3.8.13.4-0.rt13.1.mga3, x86_64: installed  (WARNING! Missing some built modules!) (WARNING! Missing some built modules!) (WARNING! Missing some built modules!)
Comment 7 claire robinson 2013-07-11 15:43:14 CEST
Removing them manually does work, although it now exits badly, so they appear to be missing dkms uninstall and/or dkms remove.


# dkms remove -m broadcom-wl -v 5.100.82.112-12.mga3.nonfree -k 3.8.13.4-0.rt13.1.mga3 

-------- Uninstall Beginning --------
Module:  broadcom-wl
Version: 5.100.82.112-12.mga3.nonfree
Kernel:  3.8.13.4-0.rt13.1.mga3 (x86_64)
-------------------------------------

Status: Before uninstall, this module version was ACTIVE on this kernel.

wl.ko:
 - Uninstallation
   - Deleting from: /lib/modules/3.8.13.4-0.rt13.1.mga3/
 - Original module
   - No original module was found for this module on this kernel.
   - Use the dkms install command to reinstall any previous module version.
depmod....(bad exit status: 1)

DKMS: uninstall Completed.


# dkms status -k 3.8.13.4-0.rt13.1.mga3 
fglrx, 12.104-3.mga3.nonfree, 3.8.13.4-0.rt13.1.mga3, x86_64: installed  (WARNING! Missing some built modules!)
nvidia-current, 319.17-1.mga3.nonfree, 3.8.13.4-0.rt13.1.mga3, x86_64: installed  (WARNING! Missing some built modules!)
virtualbox, 4.2.16-1.mga3, 3.8.13.4-0.rt13.1.mga3, x86_64: installed  (WARNING! Missing some built modules!) (WARNING! Missing some built modules!) (WARNING! Missing some built modules!)
Comment 8 Dave Hodgins 2013-07-12 00:32:22 CEST
(In reply to claire robinson from comment #3)
> dkms modules built fine here x86_64. Tested with common ones,
> dkms-virtualbox, dkms-broadcom-wl, dkms-fglrx and dmks-nvidia-current.
> 
> Dave can you check again please. I'll be testing 32bit shortly but don't
> want to set 64bit OK yet.

The dkms modules build, but won't load.

[root@x3a ~]# modprobe fglrx
modprobe: ERROR: could not insert 'fglrx': Exec format error
[root@x3a ~]# uname -r
3.8.13.4-0.rt13.1.mga3
Comment 9 Thomas Backlund 2013-07-12 18:51:39 CEST
new kernels out for test

- fixed /boot symlinks
- updates to -rt14

SRPM:
kernel-rt-3.8.13.4-0.rt14.2.mga3.src.rpm

i586:
kernel-rt-3.8.13.4-0.rt14.2.mga3-1-1.mga3.i586.rpm
kernel-rt-devel-3.8.13.4-0.rt14.2.mga3-1-1.mga3.i586.rpm
kernel-rt-devel-latest-3.8.13.4-0.rt14.2.mga3.i586.rpm
kernel-rt-doc-3.8.13.4-0.rt14.2.mga3.noarch.rpm
kernel-rt-latest-3.8.13.4-0.rt14.2.mga3.i586.rpm
kernel-rt-source-3.8.13.4-0.rt14.2.mga3-1-1.mga3.noarch.rpm
kernel-rt-source-latest-3.8.13.4-0.rt14.2.mga3.noarch.rpm


x86_64:
kernel-rt-3.8.13.4-0.rt14.2.mga3-1-1.mga3.x86_64.rpm
kernel-rt-devel-3.8.13.4-0.rt14.2.mga3-1-1.mga3.x86_64.rpm
kernel-rt-devel-latest-3.8.13.4-0.rt14.2.mga3.x86_64.rpm
kernel-rt-doc-3.8.13.4-0.rt14.2.mga3.noarch.rpm
kernel-rt-latest-3.8.13.4-0.rt14.2.mga3.x86_64.rpm
kernel-rt-source-3.8.13.4-0.rt14.2.mga3-1-1.mga3.noarch.rpm
kernel-rt-source-latest-3.8.13.4-0.rt14.2.mga3.noarch.rpm


On theese fglrx builds and works on my HD5770...

It still spits some kernel traces in logs from time to time,
but that's not something I can fix at this point as fglrx
is not really designed to work on -rt kernels as such

And I hope fglrx 13.6 will be out soon so I can push it as an update, as current 13.4 has a lot of other problems too.


(In reply to claire robinson from comment #4)
> # modprobe nvidia
> modprobe: FATAL: Module nvidia not found.
> 

If you want to manually modprobe it, you need to modprobe nvidia-current


as for the dkms not cleaning up properly, thats not a new issue, it has been such pretty much always... It's just that core kernel has some %post scripts to
manually clean up, something I haven't done yet for other kernels...


regarding the issue with modules not being built on install, but instead of during boot is simple...

if -devel package has ended up in same transaction as the kernel the build will be done as every kernel calls for a dkms build in %posttrans

if -devel comes in later transaction, it will be built on boot

of course I could do a second try in %post of -devel rpms, but that will not be done now
Comment 10 claire robinson 2013-07-12 19:21:17 CEST
I did try modprobe nvidia-current too but neither loaded due to the dkms problems I suppose. I think that's why it was dropping back to nouveau on boot too.

I'll create a separate bug for the dkms issues then.
Comment 11 claire robinson 2013-07-15 17:02:21 CEST
Bug 10771 created for the dkms issues

Tested the new build mga3 32, nothing new to report.

I can't modprobe fglrx as it won't load it without the supported hardware.

Dave could you test please.

Thanks
Comment 12 Dave Hodgins 2013-07-15 21:13:21 CEST
Testing complete. Validating the update.

Could someone from the sysadmin team push 10699.adv
Comment 13 Thomas Backlund 2013-07-16 10:12:39 CEST
Update pushed:
http://advisories.mageia.org/MGASA-2013-0215.html

Note You need to log in before you can comment on or make changes to this bug.