Bug #1348670 “BUG: unable to handle kernel NULL pointer derefere...” : Bugs : linux package : Ubuntu

Revision history for this message

Sergio Gelato (sergio-gelato) wrote on 2014-07-25:

#1

version.log Edit (35 bytes, text/plain)

Revision history for this message

Sergio Gelato (sergio-gelato) wrote on 2014-07-25:

#2

lspci-vnvn.log Edit (83.6 KiB, text/plain)

Revision history for this message

Brad Figg (brad-figg) wrote on 2014-07-25: Missing required logs.

#3

This bug is missing log files that will aid in diagnosing the problem. From a terminal window please run:

apport-collect 1348670

and then change the status of the bug to 'Confirmed'.

If, due to the nature of the issue you have encountered, you are unable to run this command, please add a comment stating that fact and change the bug status to 'Confirmed'.

This change has been made by an automated script, maintained by the Ubuntu Kernel Team.

Changed in linux (Ubuntu):
status:	New → Incomplete
tags:	added: precise

Revision history for this message

Sergio Gelato (sergio-gelato) wrote on 2014-07-25:

#4

Can't run apport-collect on this server.

Changed in linux (Ubuntu):
status:	Incomplete → Confirmed

Revision history for this message

Sergio Gelato (sergio-gelato) wrote on 2014-07-25: Re: [Bug 1348670] BUG: unable to handle kernel NULL pointer dereference at 0000000000000010, set_nfsv4_acl_one+0x21/0xb0 [nfsd]

#5

* Sergio Gelato [2014-07-25 14:23:03 -0000]:
> Could this be related to the following entry in the changelog
> for 3.2.0-65.98?
>
> * NFSD: Call ->set_acl with a NULL ACL structure if no entries
> - LP: #1328154

Yes, I think that's it. That change allows posix_state_to_acl() to return
NULL in some cases, and the pre-3.14 set_nfsv4_acl() code doesn't guard
against being passed a NULL for the pacl argument. From a brief perusal
of the sources I think this affects kernels 3.13 (trusty) and older.

A quick fix might be to add
if (!pacl)
return vfs_setxattr(dentry, key, NULL, 0, 0);
at the beginning of set_nfsv4_acl_one(). Note I haven't tested this yet.

Bug Watch Updater (bug-watch-updater) on 2014-07-26

Changed in linux (Debian):
status:	Unknown → New

penalvch (penalvch) on 2014-07-27

tags:

added: regression-update

Joseph Salisbury (jsalisbury) on 2014-07-29

Changed in linux (Ubuntu):
importance:	Undecided → Medium

Revision history for this message

Harald Nordgård-Hansen (hhansen) wrote on 2014-08-04:

#6

It would be nice if this bug could be given some priority, it is making it hard to run precise as an nfs server. I've just spent some hours chasing down this on our systems, and can confirm that it also affects kernels 3.8.0-44 and 3.13.0-32.

It is quite easy to trigger, a 'cp -a ...' on any nfs client will kill one nfsd thread on the server. Once all threads are gone, the server is dead and must be rebooted. Restarting the nfs-kernel-server service has no effect.

Revision history for this message

SergeiFranco (sergei-franco) wrote on 2014-08-07:

#7

I can confirm this bug as well. The cp -a consistently kills nfsd threads on Ubuntu Server 14.04LTS running 3.13.0-32-generic.
This is a very critical bug: "Improtance: Medium" is an understatement.

Revision history for this message

Michiel (m-konstapel) wrote on 2014-08-07:

#8

Any hints at a workaround in the meantime? It's especially nasty since a dead NFS server locks up the clients completely.

Revision history for this message

Sergio Gelato (sergio-gelato) wrote on 2014-08-11: Re: [Bug 1348670] Re: BUG: unable to handle kernel NULL pointer dereference at 0000000000000010, set_nfsv4_acl_one+0x21/0xb0 [nfsd]

#9

* Michiel [2014-08-07 10:58:29 -0000]:
> Any hints at a workaround in the meantime? It's especially nasty since a
> dead NFS server locks up the clients completely.

I'd say either test my suggested patch (I'm on holiday and haven't gotten
around to testing, but since it only modifies the code path that triggers
the bug you should be pretty safe from side effects) or try nfsd.ko from an
older kernel.

Revision history for this message

fs-physik-bielefeld (ubuntu-fachschaft) wrote on 2014-08-15:

#10

Had the same problem and at the moment I worked around it by downgrading to linux-image-3.2.0-60-generic. Of course this is not a permanent solution, especially since I probably can not do the long expected upgrade from 12.04 to 14.04 until this is fixed.

Revision history for this message

Sergio Gelato (sergio-gelato) wrote on 2014-08-22:

#11

I'm now testing my one-line patch from comment #5 on top of 3.2.0-67.101
(amd64, generic kernel flavour). So far it doesn't seem to make things
worse, but since I don't have a sure-fire way of triggering the bug it
may take a while to get experimental confirmation that it cures the issue.
(I'm reasonably confident about it based on my reading of the source code,
however. The various set_acl methods in 3.14 seem to be doing the
same thing as that patch.)

Revision history for this message

Sergio Gelato (sergio-gelato) wrote on 2014-09-01:

#12

nfsd-fix-acl-null-pointer-deref.patch Edit (453 bytes, text/x-diff; charset=us-ascii)

* Sergio Gelato [2014-08-22 07:29:32 -0000]:
> I'm now testing my one-line patch from comment #5 on top of 3.2.0-67.101
> (amd64, generic kernel flavour). So far it doesn't seem to make things
> worse, but since I don't have a sure-fire way of triggering the bug it
> may take a while to get experimental confirmation that it cures the issue.

I've now got >9 days of uptime on two NFS servers with that patch (both servers
had been previously affected by the bug) without any trouble; not a single
nfsd thread has been lost.

Unfortunately the fix didn't make it into 3.2.0-68.102 so I'm having to
build my own kernels once more. What are the chances of this fix (or an
equivalent/better one, of course) being included in 3.2.63? I'm attaching
the patch again in diff form for clarity and convenience.

Ubuntu Foundations Team Bug Bot (crichton) on 2014-09-01

tags:

added: patch

Revision history for this message

Joseph Salisbury (jsalisbury) wrote on 2014-09-03:

#13

Would it be possible for you to test the latest upstream kernel? Refer to https://wiki.ubuntu.com/KernelMainlineBuilds . Please test the latest v3.17 kernel[0].

If this bug is fixed in the mainline kernel, please add the following tag 'kernel-fixed-upstream'.

If the mainline kernel does not fix this bug, please add the tag: 'kernel-bug-exists-upstream'.

If you are unable to test the mainline kernel, for example it will not boot, please add the tag: 'kernel-unable-to-test-upstream'.
Once testing of the upstream kernel is complete, please mark this bug as "Confirmed".

Thanks in advance.

[0] http://kernel.ubuntu.com/~kernel-ppa/mainline/v3.17-rc3-utopic/

Revision history for this message

Joseph Salisbury (jsalisbury) wrote on 2014-09-03:

#14

Also, has the patch in comment #12 been sent upstream for inclusion in the mainline/stable kernel?

tags:

added: kernel-da-key

Revision history for this message

Tim Gardner (timg-tpi) wrote on 2014-09-04:

#15

https://lists.ubuntu.com/archives/kernel-team/2014-September/048156.html

Revision history for this message

Tim Gardner (timg-tpi) wrote on 2014-09-04:

#16

Patch submitted to the k-team list

Changed in linux (Ubuntu Lucid):
assignee:	nobody → Tim Gardner (timg-tpi)
status:	New → In Progress
Changed in linux (Ubuntu):
status:	Confirmed → Invalid

Revision history for this message

Sergio Gelato (sergio-gelato) wrote on 2014-09-04:

#17

* Joseph Salisbury [2014-09-03 19:46:04 +0000]:
> Also, has the patch in comment #12 been sent upstream for inclusion in
> the mainline/stable kernel?

The affected code was refactored out of existence in kernel 3.14. As such,
my patch is inapplicable to 3.14 and later. The replacement set_acl methods
in the various filesystem drivers generally are coded to cope with a NULL
argument; I didn't conduct an exhaustive search but I looked at a few and
didn't notice anything problematic.

Given the above, I see no need to actually test kernel 3.17. Will tag.

Revision history for this message

Sergio Gelato (sergio-gelato) wrote on 2014-09-04:

#18

I'm a bit confused by Tim's changes in #16. The bug affects kernels up to and including 3.13 (trusty). I'll take his word that it also affects lucid, but what does a status of Invalid mean?

tags:	added: regression-updatekernel-fixed-upstream removed: regression-update
tags:	added: kernel-fixed-upstream regression-update removed: regression-updatekernel-fixed-upstream

Revision history for this message

Andy Whitcroft (apw) wrote on 2014-09-04:

#19

Invalid for the development release is appropriate as this code was removed in v3.14 (you indicate). This looks applicable to P and T indeed.

Changed in linux (Ubuntu):
assignee:	nobody → Tim Gardner (timg-tpi)
assignee:	Tim Gardner (timg-tpi) → nobody
Changed in linux (Ubuntu Precise):
assignee:	nobody → Tim Gardner (timg-tpi)
status:	New → In Progress

Andy Whitcroft (apw) on 2014-09-04

Changed in linux (Ubuntu Precise):
status:	In Progress → Fix Committed

Tim Gardner (timg-tpi) on 2014-09-04

Changed in linux (Ubuntu Trusty):
status:	New → Fix Committed
assignee:	nobody → Tim Gardner (timg-tpi)
Changed in linux (Ubuntu Lucid):
status:	In Progress → Invalid
assignee:	Tim Gardner (timg-tpi) → nobody

Revision history for this message

Brad Figg (brad-figg) wrote on 2014-09-27:

#20

This bug is awaiting verification that the kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-trusty' to 'verification-done-trusty'.

If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you!

tags:

added: verification-needed-trusty

Sergio Gelato (sergio-gelato) on 2014-09-28

tags:

added: verification-done-trusty
removed: verification-needed-trusty

Bug Watch Updater (bug-watch-updater) on 2014-09-28

Changed in linux (Debian):
status:	New → Fix Released

Revision history for this message

ScHRiLL (gorjan) wrote on 2014-10-02:

#21

Download full text (5.6 KiB)

Same error with new kernel. It was fine and working without a hick up and today the same issue reverted. 16:01:16 up 6 days

Using
3.2.0-69-generic #103-Ubuntu SMP Tue Sep 2 05:02:14 UTC 2014 x86_64 x86_64 x86_64 GNU/Linux
ii linux-image-3.2.0-69-generic 3.2.0-69.103 Linux kernel image for version 3.2.0 on 64 bit x86 SMP
ii linux-image-server 3.2.0.69.82 Linux kernel image on Server Equipment.

Oct 2 15:54:29 barbarela kernel: [528230.139053] BUG: unable to handle kernel NULL pointer dereference at 0000000000000010
Oct 2 15:54:29 barbarela kernel: [528230.139091] IP: [<ffffffffa03fb451>] set_nfsv4_acl_one+0x21/0xb0 [nfsd]
Oct 2 15:54:29 barbarela kernel: [528230.139129] PGD 415158067 PUD 415159067 PMD 0
Oct 2 15:54:29 barbarela kernel: [528230.139157] Oops: 0000 [#19] SMP
Oct 2 15:54:29 barbarela kernel: [528230.139176] CPU 1
Oct 2 15:54:29 barbarela kernel: [528230.139185] Modules linked in: it87(O) vboxpci(O) vboxnetadp(O) vboxnetflt(O) vboxdrv(O) pci_stub nfsd nfs lockd fscache auth_rpcgss nfs_acl sunrpc dm_crypt snd_hda_codec_hdmi snd_hda_intel snd_hda_codec psmouse edac_core lp edac_mce_amd parport sp5100_tco i2c_piix4 mac_hid k10temp serio_raw snd_hwdep snd_pcm snd_timer snd soundcore snd_page_alloc bonding hwmon_vid fam15h_power raid456 async_pq async_xor xor async_memcpy async_raid6_recov raid6_pq async_tx raid1 raid0 multipath linear raid10 nouveau ttm drm_kms_helper drm i2c_algo_bit mxm_wmi pata_atiixp r8169 video wmi [last unloaded: vboxdrv]
Oct 2 15:54:29 barbarela kernel: [528230.139546]
Oct 2 15:54:29 barbarela kernel: [528230.139557] Pid: 4409, comm: nfsd Tainted: G D O 3.2.0-69-generic #103-Ubuntu Gigabyte Technology Co., Ltd. GA-970A-DS3/GA-970A-DS3
Oct 2 15:54:29 barbarela kernel: [528230.139596] RIP: 0010:[<ffffffffa03fb451>] [<ffffffffa03fb451>] set_nfsv4_acl_one+0x21/0xb0 [nfsd]
Oct 2 15:54:29 barbarela kernel: [528230.139629] RSP: 0018:ffff8801bdc29ce0 EFLAGS: 00010282
Oct 2 15:54:29 barbarela kernel: [528230.139644] RAX: 0000000000004000 RBX: ffff88000381f480 RCX: 0000000002ae378f
Oct 2 15:54:29 barbarela kernel: [528230.139661] RDX: ffffffffa0422374 RSI: 0000000000000000 RDI: ffff88000381f480
Oct 2 15:54:29 barbarela kernel: [528230.139678] RBP: ffff8801bdc29d10 R08: ffffea000a1463c0 R09: ffffffffa03fb4af
Oct 2 15:54:29 barbarela kernel: [528230.139695] R10: ffff88028518f500 R11: 0000000040000004 R12: 0000000000000000
Oct 2 15:54:29 barbarela kernel: [528230.139711] R13: ffff88001555bb20 R14: 0000000000000000 R15: ffff8800a86b2180
Oct 2 15:54:29 barbarela kernel: [528230.139730] FS: 00007fc55e013700(0000) GS:ffff88043ec40000(0000) knlGS:0000000000000000
Oct 2 15:54:29 barbarela kernel: [528230.140874] CS: 0010 DS: 0000 ES: 0000 CR0: 000000008005003b
Oct 2 15:54:29 barbarela kernel: [528230.142016] CR2: 0000000000000010 CR3: 000000038bac3000 CR4: 00000000000406e0
Oct 2 15:54:29 barbarela kernel: [528230.142956] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
Oct 2 15:54:29 barbarela kernel: [528230.142956] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 00000000...

Same error with new kernel. It was fine and working without a hick up and today the same issue reverted. 16:01:16 up 6 days

Using 
3.2.0-69-generic #103-Ubuntu SMP Tue Sep 2 05:02:14 UTC 2014 x86_64 x86_64 x86_64 GNU/Linux
ii  linux-image-3.2.0-69-generic        3.2.0-69.103                                        Linux kernel image for version 3.2.0 on 64 bit x86 SMP
ii  linux-image-server                  3.2.0.69.82                                         Linux kernel image on Server Equipment.

Oct  2 15:54:29 barbarela kernel: [528230.139053] BUG: unable to handle kernel NULL pointer dereference at 0000000000000010
Oct  2 15:54:29 barbarela kernel: [528230.139091] IP: [<ffffffffa03fb451>] set_nfsv4_acl_one+0x21/0xb0 [nfsd]
Oct  2 15:54:29 barbarela kernel: [528230.139129] PGD 415158067 PUD 415159067 PMD 0 
Oct  2 15:54:29 barbarela kernel: [528230.139157] Oops: 0000 [#19] SMP 
Oct  2 15:54:29 barbarela kernel: [528230.139176] CPU 1 
Oct  2 15:54:29 barbarela kernel: [528230.139185] Modules linked in: it87(O) vboxpci(O) vboxnetadp(O) vboxnetflt(O) vboxdrv(O) pci_stub nfsd nfs lockd fscache auth_rpcgss nfs_acl sunrpc dm_crypt snd_hda_codec_hdmi snd_hda_intel snd_hda_codec psmouse edac_core lp edac_mce_amd parport sp5100_tco i2c_piix4 mac_hid k10temp serio_raw snd_hwdep snd_pcm snd_timer snd soundcore snd_page_alloc bonding hwmon_vid fam15h_power raid456 async_pq async_xor xor async_memcpy async_raid6_recov raid6_pq async_tx raid1 raid0 multipath linear raid10 nouveau ttm drm_kms_helper drm i2c_algo_bit mxm_wmi pata_atiixp r8169 video wmi [last unloaded: vboxdrv]
Oct  2 15:54:29 barbarela kernel: [528230.139546] 
Oct  2 15:54:29 barbarela kernel: [528230.139557] Pid: 4409, comm: nfsd Tainted: G      D    O 3.2.0-69-generic #103-Ubuntu Gigabyte Technology Co., Ltd. GA-970A-DS3/GA-970A-DS3
Oct  2 15:54:29 barbarela kernel: [528230.139596] RIP: 0010:[<ffffffffa03fb451>]  [<ffffffffa03fb451>] set_nfsv4_acl_one+0x21/0xb0 [nfsd]
Oct  2 15:54:29 barbarela kernel: [528230.139629] RSP: 0018:ffff8801bdc29ce0  EFLAGS: 00010282
Oct  2 15:54:29 barbarela kernel: [528230.139644] RAX: 0000000000004000 RBX: ffff88000381f480 RCX: 0000000002ae378f
Oct  2 15:54:29 barbarela kernel: [528230.139661] RDX: ffffffffa0422374 RSI: 0000000000000000 RDI: ffff88000381f480
Oct  2 15:54:29 barbarela kernel: [528230.139678] RBP: ffff8801bdc29d10 R08: ffffea000a1463c0 R09: ffffffffa03fb4af
Oct  2 15:54:29 barbarela kernel: [528230.139695] R10: ffff88028518f500 R11: 0000000040000004 R12: 0000000000000000
Oct  2 15:54:29 barbarela kernel: [528230.139711] R13: ffff88001555bb20 R14: 0000000000000000 R15: ffff8800a86b2180
Oct  2 15:54:29 barbarela kernel: [528230.139730] FS:  00007fc55e013700(0000) GS:ffff88043ec40000(0000) knlGS:0000000000000000
Oct  2 15:54:29 barbarela kernel: [528230.140874] CS:  0010 DS: 0000 ES: 0000 CR0: 000000008005003b
Oct  2 15:54:29 barbarela kernel: [528230.142016] CR2: 0000000000000010 CR3: 000000038bac3000 CR4: 00000000000406e0
Oct  2 15:54:29 barbarela kernel: [528230.142956] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
Oct  2 15:54:29 barbarela kernel: [528230.142956] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400
Oct  2 15:54:29 barbarela kernel: [528230.142956] Process nfsd (pid: 4409, threadinfo ffff8801bdc28000, task ffff88007aa2ae00)
Oct  2 15:54:29 barbarela kernel: [528230.142956] Stack:
Oct  2 15:54:29 barbarela kernel: [528230.142956]  ffff8800a86b2040 ffff88000381f480 0000000000000000 ffff88001555bb20
Oct  2 15:54:29 barbarela kernel: [528230.142956]  0000000000000000 ffff8800a86b2180 ffff8801bdc29d50 ffffffffa03fc5e3
Oct  2 15:54:29 barbarela kernel: [528230.142956]  ffff88028518f300 0000000000000000 ffff88001d0aa000 ffff8800a86b2040
Oct  2 15:54:29 barbarela kernel: [528230.142956] Call Trace:
Oct  2 15:54:29 barbarela kernel: [528230.142956]  [<ffffffffa03fc5e3>] nfsd4_set_nfs4_acl+0x143/0x150 [nfsd]
Oct  2 15:54:29 barbarela kernel: [528230.142956]  [<ffffffffa0409b74>] nfsd4_setattr+0xd4/0x130 [nfsd]
Oct  2 15:54:29 barbarela kernel: [528230.142956]  [<ffffffffa0408be8>] nfsd4_proc_compound+0x518/0x6e0 [nfsd]
Oct  2 15:54:29 barbarela kernel: [528230.142956]  [<ffffffffa03f7a4b>] nfsd_dispatch+0xeb/0x230 [nfsd]
Oct  2 15:54:29 barbarela kernel: [528230.142956]  [<ffffffffa02ef475>] svc_process_common+0x345/0x690 [sunrpc]
Oct  2 15:54:29 barbarela kernel: [528230.142956]  [<ffffffff81060ad0>] ? try_to_wake_up+0x200/0x200
Oct  2 15:54:29 barbarela kernel: [528230.142956]  [<ffffffffa02efb12>] svc_process+0x102/0x150 [sunrpc]
Oct  2 15:54:29 barbarela kernel: [528230.142956]  [<ffffffffa03f71ad>] nfsd+0xbd/0x160 [nfsd]
Oct  2 15:54:29 barbarela kernel: [528230.142956]  [<ffffffffa03f70f0>] ? nfsd_startup+0xf0/0xf0 [nfsd]
Oct  2 15:54:29 barbarela kernel: [528230.142956]  [<ffffffff8108b96c>] kthread+0x8c/0xa0
Oct  2 15:54:29 barbarela kernel: [528230.142956]  [<ffffffff8166e3b4>] kernel_thread_helper+0x4/0x10
Oct  2 15:54:29 barbarela kernel: [528230.142956]  [<ffffffff8108b8e0>] ? flush_kthread_worker+0xa0/0xa0
Oct  2 15:54:29 barbarela kernel: [528230.142956]  [<ffffffff8166e3b0>] ? gs_change+0x13/0x13
Oct  2 15:54:29 barbarela kernel: [528230.142956] Code: 19 c0 f7 d0 83 e0 02 c3 90 90 55 48 89 e5 48 83 ec 30 48 89 5d d8 4c 89 65 e0 4c 89 6d e8 4c 89 75 f0 4c 89 7d f8 66 66 66 66 90 <48> 63 46 10 49 89 fd 49 89 f6 be d0 00 00 00 49 89 d4 4c 8d 3c 
Oct  2 15:54:29 barbarela kernel: [528230.142956] RIP  [<ffffffffa03fb451>] set_nfsv4_acl_one+0x21/0xb0 [nfsd]
Oct  2 15:54:29 barbarela kernel: [528230.142956]  RSP <ffff8801bdc29ce0>
Oct  2 15:54:29 barbarela kernel: [528230.142956] CR2: 0000000000000010
Oct  2 15:54:29 barbarela kernel: [528230.170576] ---[ end trace e2fe32bc8beee7db ]---

Revision history for this message

Sergio Gelato (sergio-gelato) wrote on 2014-10-02:

#22

* ScHRiLL [2014-10-02 14:01:59 +0000]:
> Same error with new kernel. It was fine and working without a hick up
> and today the same issue reverted. 16:01:16 up 6 days

Please check changelog.Debian.gz before jumping to conclusions. The fix is
not in #103 because it was committed too late in the cycle. Enable
precise-proposed, install 70.105 and try again.

> Using
> 3.2.0-69-generic #103-Ubuntu SMP Tue Sep 2 05:02:14 UTC 2014 x86_64 x86_64 x86_64 GNU/Linux

Revision history for this message

ScHRiLL (gorjan) wrote on 2014-10-02:

#23

I'm sorry, I've read that it didn't got into 68 and concluded it would be in 69. Will check now, tnx a bunch...

Revision history for this message

Brad Figg (brad-figg) wrote on 2014-10-02:

#24

This bug is awaiting verification that the kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-precise' to 'verification-done-precise'.

If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you!

tags:

added: verification-needed-precise

Sergio Gelato (sergio-gelato) on 2014-10-03

tags:

added: verification-done-precise
removed: verification-needed-precise

Revision history for this message

Launchpad Janitor (janitor) wrote on 2014-10-08:

#25

Download full text (22.1 KiB)

This bug was fixed in the package linux - 3.13.0-37.64

---------------
linux (3.13.0-37.64) trusty; urgency=low

[ Joseph Salisbury ]

* Release Tracking Bug
- LP: #1372576

[ dann frazier ]

* [Config] CONFIG_HW_RANDOM_XGENE=m on arm64

[ Edward Lin ]

* SAUCE: Add use_native_backlight quirk for Dell Inspiron 5721/3521
- LP: #1354253, #1354313

[ Tim Gardner ]

  * SAUCE: Fix nfs oops stable regression
    - LP: #1348670
  * [Config] Add mpt3sas to d-i
    - LP: #1368907
  * [Config] CONFIG_X86_16BIT=y
    - LP: #1371601

[ Timo Aaltonen ]

* SAUCE: i915_bdw: Rebase to v3.15.8
- LP: #1359213

[ Upstream Kernel Changes ]

  * Revert "x86-64, modify_ldt: Make support for 16-bit segments a runtime
    option"
    - LP: #1371601
  * mmc: rtsx: add R1-no-CRC mmc command type handle
    - LP: #1365378
  * rpc_pipe: remove the clntXX dir if creating the pipe fails
    - LP: #1365869
  * sunrpc: add an "info" file for the dummy gssd pipe
    - LP: #1365869
  * rpc_pipe: fix cleanup of dummy gssd directory when notification fails
    - LP: #1365869
  * hwrng: xgene - add support for APM X-Gene SoC RNG support
    - LP: #1365593
  * Documentation: rng: Add X-Gene SoC RNG driver documentation
    - LP: #1365593
  * arm64: dts: add random number generator dts node to APM X-Gene
    platform.
    - LP: #1365593
  * xen/balloon: cancel ballooning if adding new memory failed
    - LP: #1304001
  * x86/xen: resume timer irqs early
    - LP: #1368724
  * xen/manage: Always freeze/thaw processes when suspend/resuming
    - LP: #1368724
  * scsi_transport_sas: move bsg destructor into sas_rphy_remove
    - LP: #1368991
  * drm/i915: Enable 5.4Ghz (HBR2) link rate for Displayport 1.2-capable
    devices
    - LP: #1369633
  * bnx2x: Fix link for KR with swapped polarity lane
    - LP: #1370716
  * drm: add DRM_CAPs for cursor size
    - LP: #1359213
  * drm/dp: Add AUX channel infrastructure
    - LP: #1359213
  * drm/dp: Add drm_dp_dpcd_read_link_status()
    - LP: #1359213
  * drm/dp: Add DisplayPort link helpers
    - LP: #1359213
  * drm/dp: Allow registering AUX channels as I2C busses
    - LP: #1359213
  * drm/dp: let drivers specify the name of the I2C-over-AUX adapter
    - LP: #1359213
  * drm/dp: make aux retries less chatty
    - LP: #1359213
  * Bluetooth: Enable Atheros 0cf3:311e for firmware upload
    - LP: #1371477
  * bnx2x: fix crash during TSO tunneling
    - LP: #1371601
  * inetpeer: get rid of ip_id_count
    - LP: #1371601
  * ip: make IP identifiers less predictable
    - LP: #1371601
  * tcp: Fix integer-overflows in TCP veno
    - LP: #1371601
  * tcp: Fix integer-overflow in TCP vegas
    - LP: #1371601
  * macvlan: Initialize vlan_features to turn on offload support.
    - LP: #1371601
  * net: Correctly set segment mac_len in skb_segment().
    - LP: #1371601
  * iovec: make sure the caller actually wants anything in
    memcpy_fromiovecend
    - LP: #1371601
  * batman-adv: Fix out-of-order fragmentation support
    - LP: #1371601
  * sctp: fix possible seqlock seadlock in sctp_packet_transmit()
    - LP: #1371601
  * sparc64: Fix argument sign extension for compat_sys_futex().
    - LP: #1371601
  ...

This bug was fixed in the package linux - 3.13.0-37.64

---------------
linux (3.13.0-37.64) trusty; urgency=low

[ Joseph Salisbury ]

* Release Tracking Bug
    - LP: #1372576

[ dann frazier ]

* [Config] CONFIG_HW_RANDOM_XGENE=m on arm64

[ Edward Lin ]

* SAUCE: Add use_native_backlight quirk for Dell Inspiron 5721/3521
    - LP: #1354253, #1354313

[ Tim Gardner ]

* SAUCE: Fix nfs oops stable regression
    - LP: #1348670
  * [Config] Add mpt3sas to d-i
    - LP: #1368907
  * [Config] CONFIG_X86_16BIT=y
    - LP: #1371601

[ Timo Aaltonen ]

* SAUCE: i915_bdw: Rebase to v3.15.8
    - LP: #1359213

[ Upstream Kernel Changes ]

* Revert "x86-64, modify_ldt: Make support for 16-bit segments a runtime
    option"
    - LP: #1371601
  * mmc: rtsx: add R1-no-CRC mmc command type handle
    - LP: #1365378
  * rpc_pipe: remove the clntXX dir if creating the pipe fails
    - LP: #1365869
  * sunrpc: add an "info" file for the dummy gssd pipe
    - LP: #1365869
  * rpc_pipe: fix cleanup of dummy gssd directory when notification fails
    - LP: #1365869
  * hwrng: xgene - add support for APM X-Gene SoC RNG support
    - LP: #1365593
  * Documentation: rng: Add X-Gene SoC RNG driver documentation
    - LP: #1365593
  * arm64: dts: add random number generator dts node to APM X-Gene
    platform.
    - LP: #1365593
  * xen/balloon: cancel ballooning if adding new memory failed
    - LP: #1304001
  * x86/xen: resume timer irqs early
    - LP: #1368724
  * xen/manage: Always freeze/thaw processes when suspend/resuming
    - LP: #1368724
  * scsi_transport_sas: move bsg destructor into sas_rphy_remove
    - LP: #1368991
  * drm/i915: Enable 5.4Ghz (HBR2) link rate for Displayport 1.2-capable
    devices
    - LP: #1369633
  * bnx2x: Fix link for KR with swapped polarity lane
    - LP: #1370716
  * drm: add DRM_CAPs for cursor size
    - LP: #1359213
  * drm/dp: Add AUX channel infrastructure
    - LP: #1359213
  * drm/dp: Add drm_dp_dpcd_read_link_status()
    - LP: #1359213
  * drm/dp: Add DisplayPort link helpers
    - LP: #1359213
  * drm/dp: Allow registering AUX channels as I2C busses
    - LP: #1359213
  * drm/dp: let drivers specify the name of the I2C-over-AUX adapter
    - LP: #1359213
  * drm/dp: make aux retries less chatty
    - LP: #1359213
  * Bluetooth: Enable Atheros 0cf3:311e for firmware upload
    - LP: #1371477
  * bnx2x: fix crash during TSO tunneling
    - LP: #1371601
  * inetpeer: get rid of ip_id_count
    - LP: #1371601
  * ip: make IP identifiers less predictable
    - LP: #1371601
  * tcp: Fix integer-overflows in TCP veno
    - LP: #1371601
  * tcp: Fix integer-overflow in TCP vegas
    - LP: #1371601
  * macvlan: Initialize vlan_features to turn on offload support.
    - LP: #1371601
  * net: Correctly set segment mac_len in skb_segment().
    - LP: #1371601
  * iovec: make sure the caller actually wants anything in
    memcpy_fromiovecend
    - LP: #1371601
  * batman-adv: Fix out-of-order fragmentation support
    - LP: #1371601
  * sctp: fix possible seqlock seadlock in sctp_packet_transmit()
    - LP: #1371601
  * sparc64: Fix argument sign extension for compat_sys_futex().
    - LP: #1371601
  * sparc64: Make itc_sync_lock raw
    - LP: #1371601
  * sparc64: Fix executable bit testing in set_pmd_at() paths.
    - LP: #1371601
  * sparc64: Fix huge PMD invalidation.
    - LP: #1371601
  * sparc64: Fix bugs in get_user_pages_fast() wrt. THP.
    - LP: #1371601
  * sparc64: Fix hex values in comment above pte_modify().
    - LP: #1371601
  * sparc64: Don't use _PAGE_PRESENT in pte_modify() mask.
    - LP: #1371601
  * sparc64: Handle 32-bit tasks properly in compute_effective_address().
    - LP: #1371601
  * sparc64: Fix top-level fault handling bugs.
    - LP: #1371601
  * sparc64: Fix range check in kern_addr_valid().
    - LP: #1371601
  * sparc64: Use 'ILOG2_4MB' instead of constant '22'.
    - LP: #1371601
  * sparc64: Add basic validations to {pud,pmd}_bad().
    - LP: #1371601
  * sparc64: Give more detailed information in {pgd,pmd}_ERROR() and kill
    pte_ERROR().
    - LP: #1371601
  * sparc64: Don't bark so loudly about 32-bit tasks generating 64-bit
    fault addresses.
    - LP: #1371601
  * sparc64: Fix huge TSB mapping on pre-UltraSPARC-III cpus.
    - LP: #1371601
  * sparc64: Add membar to Niagara2 memcpy code.
    - LP: #1371601
  * sparc64: Do not insert non-valid PTEs into the TSB hash table.
    - LP: #1371601
  * sparc64: Guard against flushing openfirmware mappings.
    - LP: #1371601
  * bbc-i2c: Fix BBC I2C envctrl on SunBlade 2000
    - LP: #1371601
  * sunsab: Fix detection of BREAK on sunsab serial console
    - LP: #1371601
  * sparc64: ldc_connect() should not return EINVAL when handshake is in
    progress.
    - LP: #1371601
  * arch/sparc/math-emu/math_32.c: drop stray break operator
    - LP: #1371601
  * x86-64, espfix: Don't leak bits 31:16 of %esp returning to 16-bit stack
    - LP: #1371601
  * x86, espfix: Move espfix definitions into a separate header file
    - LP: #1371601
  * x86, espfix: Fix broken header guard
    - LP: #1371601
  * x86, espfix: Make espfix64 a Kconfig option, fix UML
    - LP: #1371601
  * x86, espfix: Make it possible to disable 16-bit support
    - LP: #1371601
  * x86_64/entry/xen: Do not invoke espfix64 on Xen
    - LP: #1371601
  * ALSA: usb-audio: fix BOSS ME-25 MIDI regression
    - LP: #1371601
  * ASoC: wm8994: Prevent double lock of accdet_lock mutex on wm1811
    - LP: #1371601
  * v4l: vsp1: Remove the unneeded vsp1_video_buffer video field
    - LP: #1371601
  * ASoC: max98090: Fix missing free_irq
    - LP: #1371601
  * KVM: x86: Inter-privilege level ret emulation is not implemeneted
    - LP: #1371601
  * au0828: Only alt setting logic when needed
    - LP: #1371601
  * ASoC: pcm: fix dpcm_path_put in dpcm runtime update
    - LP: #1371601
  * crypto: ux500 - make interrupt mode plausible
    - LP: #1371601
  * Bluetooth: btmrvl: wait for HOST_SLEEP_ENABLE event in suspend
    - LP: #1371601
  * ASoC: adau1701: fix adau1701_reg_read()
    - LP: #1371601
  * ASoC: wm_adsp: Add missing MODULE_LICENSE
    - LP: #1371601
  * regulator: arizona-ldo1: remove bypass functionality
    - LP: #1371601
  * ASoC: samsung: Correct I2S DAI suspend/resume ops
    - LP: #1371601
  * drm/tilcdc: panel: fix dangling sysfs connector node
    - LP: #1371601
  * drm/tilcdc: slave: fix dangling sysfs connector node
    - LP: #1371601
  * drm/tilcdc: tfp410: fix dangling sysfs connector node
    - LP: #1371601
  * drm/tilcdc: panel: fix leak when unloading the module
    - LP: #1371601
  * drm/tilcdc: fix release order on exit
    - LP: #1371601
  * drm/tilcdc: fix double kfree
    - LP: #1371601
  * ACPICA: Utilities: Fix memory leak in acpi_ut_copy_iobject_to_iobject
    - LP: #1371601
  * stable_kernel_rules: Add pointer to netdev-FAQ for network patches
    - LP: #1371601
  * USB: ehci-pci: USB host controller support for Intel Quark X1000
    - LP: #1371601
  * debugfs: Fix corrupted loop in debugfs_remove_recursive
    - LP: #1371601
  * serial: core: Preserve termios c_cflag for console resume
    - LP: #1371601
  * mtd/ftl: fix the double free of the buffers allocated in build_maps()
    - LP: #1371601
  * ext4: Fix block zeroing when punching holes in indirect block files
    - LP: #1371601
  * ext4: fix punch hole on files with indirect mapping
    - LP: #1371601
  * x86: don't exclude low BIOS area when allocating address space for
    non-PCI cards
    - LP: #1371601
  * PCI: Configure ASPM when enabling device
    - LP: #1371601
  * Bluetooth: never linger on process exit
    - LP: #1371601
  * ASoC: blackfin: use samples to set silence
    - LP: #1371601
  * USB: OHCI: fix bugs in debug routines
    - LP: #1371601
  * USB: OHCI: don't lose track of EDs when a controller dies
    - LP: #1371601
  * mei: start disconnect request timer consistently
    - LP: #1371601
  * mei: fix return value on disconnect timeout
    - LP: #1371601
  * USB: Fix persist resume of some SS USB devices
    - LP: #1371601
  * media-device: Remove duplicated memset() in media_enum_entities()
    - LP: #1371601
  * Bluetooth: Avoid use of session socket after the session gets freed
    - LP: #1371601
  * xc5000: Fix get_frequency()
    - LP: #1371601
  * xc4000: Fix get_frequency()
    - LP: #1371601
  * CAPABILITIES: remove undefined caps from all processes
    - LP: #1371601
  * scsi: add a blacklist flag which enables VPD page inquiries
    - LP: #1371601
  * bfa: Fix undefined bit shift on big-endian architectures with 32-bit
    DMA address
    - LP: #1371601
  * hpsa: fix bad -ENOMEM return value in hpsa_big_passthru_ioctl
    - LP: #1371601
  * Drivers: scsi: storvsc: Change the limits to reflect the values on the
    host
    - LP: #1371601
  * Drivers: scsi: storvsc: Set cmd_per_lun to reflect value supported by
    the Host
    - LP: #1371601
  * Drivers: scsi: storvsc: Filter commands based on the storage protocol
    version
    - LP: #1371601
  * Drivers: scsi: storvsc: Fix a bug in handling VMBUS protocol version
    - LP: #1371601
  * Drivers: scsi: storvsc: Implement a eh_timed_out handler
    - LP: #1371601
  * drivers: scsi: storvsc: Set srb_flags in all cases
    - LP: #1371601
  * drivers: scsi: storvsc: Correctly handle TEST_UNIT_READY failure
    - LP: #1371601
  * x86_64/vsyscall: Fix warn_bad_vsyscall log output
    - LP: #1371601
  * KVM: PPC: Book3S PR: Take SRCU read lock around RTAS kvm_read_guest()
    call
    - LP: #1371601
  * spi: orion: fix incorrect handling of cell-index DT property
    - LP: #1371601
  * mfd: omap-usb-host: Fix improper mask use.
    - LP: #1371601
  * tpm: Add missing tpm_do_selftest to ST33 I2C driver
    - LP: #1371601
  * tpm: missing tpm_chip_put in tpm_get_random()
    - LP: #1371601
  * scsi: do not issue SCSI RSOC command to Promise Vtrak E610f
    - LP: #1371601
  * hwmon: (ads1015) Fix off-by-one for valid channel index checking
    - LP: #1371601
  * ALSA: hda - fix an external mic jack problem on a HP machine
    - LP: #1350148, #1371601
  * MIPS: tlbex: Fix a missing statement for HUGETLB
    - LP: #1371601
  * MIPS: Prevent user from setting FCSR cause bits
    - LP: #1371601
  * KVM: x86: always exit on EOIs for interrupts listed in the IOAPIC redir
    table
    - LP: #1371601
  * MIPS: Remove BUG_ON(!is_fpu_owner()) in do_ade()
    - LP: #1371601
  * MIPS: ptrace: Test correct task's flags in task_user_regset_view()
    - LP: #1371601
  * MIPS: asm/reg.h: Make 32- and 64-bit definitions available at the same
    time
    - LP: #1371601
  * MIPS: ptrace: Change GP regset to use correct core dump register layout
    - LP: #1371601
  * md/raid1,raid10: always abort recover on write error.
    - LP: #1371601
  * ext4: fix ext4_discard_allocated_blocks() if we can't allocate the pa
    struct
    - LP: #1371601
  * hwmon: (lm85) Fix various errors on attribute writes
    - LP: #1371601
  * hwmon: (lm78) Fix overflow problems seen when writing large temperature
    limits
    - LP: #1371601
  * hwmon: (amc6821) Fix possible race condition bug
    - LP: #1371601
  * MIPS: GIC: Prevent array overrun
    - LP: #1371601
  * mnt: Add tests for unprivileged remount cases that have found to be
    faulty
    - LP: #1371601
  * ARM: OMAP3: Fix choice of omap3_restore_es function in OMAP34XX
    rev3.1.2 case.
    - LP: #1371601
  * netlabel: fix a problem when setting bits below the previously lowest
    bit
    - LP: #1371601
  * netlabel: fix the horribly broken catmap functions
    - LP: #1371601
  * netlabel: fix the catmap walking functions
    - LP: #1371601
  * drivers/i2c/busses: use correct type for dma_map/unmap
    - LP: #1371601
  * NFSD: Decrease nfsd_users in nfsd_startup_generic fail
    - LP: #1371601
  * MIPS: O32/32-bit: Fix bug which can cause incorrect system call
    restarts
    - LP: #1371601
  * IB/srp: Fix deadlock between host removal and multipathd
    - LP: #1371601
  * USB: serial: ftdi_sio: Annotate the current Xsens PID assignments
    - LP: #1371601
  * USB: serial: ftdi_sio: Add support for new Xsens devices
    - LP: #1371601
  * USB: devio: fix issue with log flooding
    - LP: #1371601
  * CIFS: Fix async reading on reconnects
    - LP: #1371601
  * CIFS: Fix STATUS_CANNOT_DELETE error mapping for SMB2
    - LP: #1371601
  * xfs: ensure verifiers are attached to recovered buffers
    - LP: #1371601
  * drm/tegra: add MODULE_DEVICE_TABLEs
    - LP: #1371601
  * ALSA: virtuoso: add Xonar Essence STX II support
    - LP: #1371601
  * hwmon: (gpio-fan) Prevent overflow problem when writing large limits
    - LP: #1371601
  * hwmon: (sis5595) Prevent overflow problem when writing large limits
    - LP: #1371601
  * NFS: Fix /proc/fs/nfsfs/servers and /proc/fs/nfsfs/volumes
    - LP: #1371601
  * drm/ttm: Fix possible division by 0 in ttm_dma_pool_shrink_scan().
    - LP: #1371601
  * drm/ttm: Choose a pool to shrink correctly in
    ttm_dma_pool_shrink_scan().
    - LP: #1371601
  * drm/ttm: Use mutex_trylock() to avoid deadlock inside shrinker
    functions.
    - LP: #1371601
  * drm/ttm: Fix possible stack overflow by recursive shrinker calls.
    - LP: #1371601
  * drm/ttm: Pass GFP flags in order to avoid deadlock.
    - LP: #1371601
  * powerpc/mm/numa: Fix break placement
    - LP: #1371601
  * powerpc/pci: Reorder pci bus/bridge unregistration during PHB removal
    - LP: #1371601
  * drm/radeon: load the lm63 driver for an lm64 thermal chip.
    - LP: #1371601
  * drm/radeon: set VM base addr using the PFP v2
    - LP: #1371601
  * drm/radeon/atom: add new voltage fetch function for hawaii
    - LP: #1371601
  * drm/radeon/dpm: handle voltage info fetching on hawaii
    - LP: #1371601
  * drm/radeon: re-enable dpm by default on cayman
    - LP: #1371601
  * drm/radeon: re-enable dpm by default on BTC
    - LP: #1371601
  * drm/radeon: use packet2 for nop on hawaii with old firmware
    - LP: #1371601
  * drm/radeon: tweak ACCEL_WORKING2 query for hawaii
    - LP: #1371601
  * KVM: nVMX: fix "acknowledge interrupt on exit" when APICv is in use
    - LP: #1371601
  * RDMA/iwcm: Use a default listen backlog if needed
    - LP: #1371601
  * x86/efi: Enforce CONFIG_RELOCATABLE for EFI boot stub
    - LP: #1371601
  * net: sun4i-emac: fix memory leak on bad packet
    - LP: #1371601
  * hwmon: (ads1015) Fix out-of-bounds array access
    - LP: #1371601
  * hwmon: (dme1737) Prevent overflow problem when writing large limits
    - LP: #1371601
  * s390/locking: Reenable optimistic spinning
    - LP: #1371601
  * ring-buffer: Up rb_iter_peek() loop count to 3
    - LP: #1371601
  * ring-buffer: Always reset iterator to reader page
    - LP: #1371601
  * kernel/smp.c:on_each_cpu_cond(): fix warning in fallback path
    - LP: #1371601
  * drm/i915: read HEAD register back in init_ring_common() to enforce
    ordering
    - LP: #1371601
  * vm_is_stack: use for_each_thread() rather then buggy
    while_each_thread()
    - LP: #1371601
  * libceph: set last_piece in ceph_msg_data_pages_cursor_init() correctly
    - LP: #1371601
  * drm/nouveau: Bump version from 1.1.1 to 1.1.2
    - LP: #1371601
  * ALSA: usb-audio: fix BOSS ME-25 MIDI regression
    - LP: #1371601
  * ALSA: hda/ca0132 - Don't try loading firmware at resume when already
    failed
    - LP: #1371601
  * carl9170: fix sending URBs with wrong type when using full-speed
    - LP: #1371601
  * powerpc/pseries: Failure on removing device node
    - LP: #1371601
  * Btrfs: Fix memory corruption by ulist_add_merge() on 32bit arch
    - LP: #1371601
  * Btrfs: fix csum tree corruption, duplicate and outdated checksums
    - LP: #1371601
  * ext4: fix BUG_ON in mb_free_blocks()
    - LP: #1371601
  * x86/espfix/xen: Fix allocation of pages for paravirt page tables
    - LP: #1371601
  * Linux 3.13.11.7
    - LP: #1371601
  * HID: magicmouse: sanity check report size in raw_event() callback
    - LP: #1370025
    - CVE-2014-3181
  * HID: fix a couple of off-by-ones
    - LP: #1370035
    - CVE-2014-3184
  * USB: whiteheat: Added bounds checking for bulk command response
    - LP: #1370036
    - CVE-2014-3185
  * HID: picolcd: sanity check report size in raw_event() callback
    - LP: #1370038
    - CVE-2014-3186
  * KEYS: Fix termination condition in assoc array garbage collection
    - LP: #1370041
    - CVE-2014-3631
  * udf: Fold udf_fill_inode() into __udf_read_inode()
    - LP: #1370042
    - CVE-2014-6410
  * udf: Avoid infinite loop when processing indirect ICBs
    - LP: #1370042
    - CVE-2014-6410
  * libceph: add process_one_ticket() helper
    - LP: #1370044, #1370046, #1370047
    - CVE-2014-6418
  * libceph: do not hard code max auth ticket len
    - LP: #1370044, #1370046, #1370047
    - CVE-2014-6418

linux (3.13.0-36.63) trusty; urgency=low

[ Joseph Salisbury ]

* Release Tracking Bug
    - LP: #1365052

[ Feng Kan ]

* SAUCE: (no-up) irqchip:gic: change access of gicc_ctrl register to read
    modify write.
    - LP: #1357527
  * SAUCE: (no-up) arm64: optimized copy_to_user and copy_from_user
    assembly code
    - LP: #1358949

[ Ming Lei ]

* SAUCE: (no-up) Drop APM X-Gene SoC Ethernet driver
    - LP: #1360140
  * [Config] Drop XGENE entries
    - LP: #1360140
  * [Config] CONFIG_NET_XGENE=m for arm64
    - LP: #1360140

[ Stefan Bader ]

* SAUCE: Add compat macro for skb_get_hash
    - LP: #1358162
  * SAUCE: bcache: prevent crash on changing writeback_running
    - LP: #1357295

[ Suman Tripathi ]

* SAUCE: (no-up) arm64: Fix the csr-mask for APM X-Gene SoC AHCI SATA PHY
    clock DTS node.
    - LP: #1359489
  * SAUCE: (no-up) ahci_xgene: Skip the PHY and clock initialization if
    already configured by the firmware.
    - LP: #1359501
  * SAUCE: (no-up) ahci_xgene: Fix the link down in first attempt for the
    APM X-Gene SoC AHCI SATA host controller driver.
    - LP: #1359507

[ Tuan Phan ]

* SAUCE: (no-up) pci-xgene-msi: fixed deadlock in irq_set_affinity
    - LP: #1359514

[ Upstream Kernel Changes ]

* iwlwifi: mvm: Add a missed beacons threshold
    - LP: #1349572
  * mac80211: reset probe_send_count also in HW_CONNECTION_MONITOR case
    - LP: #1349572
  * genirq: Add an accessor for IRQ_PER_CPU flag
    - LP: #1357527
  * arm64: perf: add support for percpu pmu interrupt
    - LP: #1357527
  * cifs: sanity check length of data to send before sending
    - LP: #1283101
  * KVM: nVMX: Pass vmexit parameters to nested_vmx_vmexit
    - LP: #1329434
  * KVM: nVMX: Rework interception of IRQs and NMIs
    - LP: #1329434
  * KVM: vmx: disable APIC virtualization in nested guests
    - LP: #1329434
  * HID: Add transport-driver functions to the USB HID interface.
    - LP: #1353021
  * ahci_xgene: Removing NCQ support from the APM X-Gene SoC AHCI SATA Host
    Controller driver.
    - LP: #1358498
  * fold d_kill() and d_free()
    - LP: #1354234
  * fold try_prune_one_dentry()
    - LP: #1354234
  * new helper: dentry_free()
    - LP: #1354234
  * expand the call of dentry_lru_del() in dentry_kill()
    - LP: #1354234
  * dentry_kill(): don't try to remove from shrink list
    - LP: #1354234
  * don't remove from shrink list in select_collect()
    - LP: #1354234
  * more graceful recovery in umount_collect()
    - LP: #1354234
  * dcache: don't need rcu in shrink_dentry_list()
    - LP: #1354234
  * lift the "already marked killed" case into shrink_dentry_list()
  * split dentry_kill()
    - LP: #1354234
  * expand dentry_kill(dentry, 0) in shrink_dentry_list()
    - LP: #1354234
  * shrink_dentry_list(): take parent's ->d_lock earlier
    - LP: #1354234
  * dealing with the rest of shrink_dentry_list() livelock
    - LP: #1354234
  * dentry_kill() doesn't need the second argument now
    - LP: #1354234
  * dcache: add missing lockdep annotation
    - LP: #1354234
  * fs: convert use of typedef ctl_table to struct ctl_table
    - LP: #1354234
  * lock_parent: don't step on stale ->d_parent of all-but-freed one
    - LP: #1354234
  * tools/testing/selftests/ptrace/peeksiginfo.c: add PAGE_SIZE definition
    - LP: #1358855
  * x86, irq, pic: Probe for legacy PIC and set legacy_pic appropriately
    - LP: #1317697
  * bnx2x: Fix kernel crash and data miscompare after EEH recovery
    - LP: #1353105
  * bnx2x: Adapter not recovery from EEH error injection
    - LP: #1353105
  * Fix: module signature vs tracepoints: add new TAINT_UNSIGNED_MODULE
    - LP: #1359670
  * bcache: fix crash on shutdown in passthrough mode
    - LP: #1357295
  * bcache: fix uninterruptible sleep in writeback thread
    - LP: #1357295
  * namespaces: Use task_lock and not rcu to protect nsproxy
    - LP: #1328088
  * MAINTAINERS: Add entry for APM X-Gene SoC ethernet driver
    - LP: #1360140
  * Documentation: dts: Add bindings for APM X-Gene SoC ethernet driver
    - LP: #1360140
  * dts: Add bindings for APM X-Gene SoC ethernet driver
    - LP: #1360140
  * drivers: net: Add APM X-Gene SoC ethernet driver support.
    - LP: #1360140
  * powerpc/mm: Add new "set" flag argument to pte/pmd update function
    - LP: #1357014
  * powerpc/thp: Add write barrier after updating the valid bit
    - LP: #1357014
  * powerpc/thp: Don't recompute vsid and ssize in loop on invalidate
    - LP: #1357014
  * powerpc/thp: Invalidate old 64K based hash page mapping before insert
    of 4k pte
    - LP: #1357014
  * powerpc/thp: Handle combo pages in invalidate
    - LP: #1357014
  * powerpc/thp: Invalidate with vpn in loop
    - LP: #1357014
  * powerpc/thp: Use ACCESS_ONCE when loading pmdp
    - LP: #1357014
  * powerpc/mm: Use read barrier when creating real_pte
    - LP: #1357014
  * powerpc/thp: Add tracepoints to track hugepage invalidate
    - LP: #1357014
  * powerpc: subpage_protect: Increase the array size to take care of 64TB
    - LP: #1357014
  * mfd: rtsx: Add set pull control macro and simplify rtl8411
    - LP: #1361086
  * mfd: rtsx: Add support for card reader rtl8402
    - LP: #1361086
  * kvm: iommu: fix the third parameter of kvm_iommu_put_pages
    (CVE-2014-3601)
    - LP: #1362443
    - CVE-2014-3601
  * isofs: Fix unbounded recursion when processing relocated directories
    - LP: #1362447, #1362448
    - CVE-2014-5472
  * net: sctp: inherit auth_capable on INIT collisions
    - LP: #1349804
    - CVE-2014-5077
  * blk-mq: fix initializing request's start time
    - LP: #1297522

[ Vinayak Kale ]

* SAUCE: (no-up) dt-bindings: Add Potenza PMU binding
    - LP: #1357527
  * SAUCE: (no-up) arm64: dts: Add PMU node for APM X-Gene Storm SOC
    - LP: #1357527
 -- Joseph Salisbury <joseph.salisbury@canonical.com>   Mon, 22 Sep 2014 15:51:07 -0400

Changed in linux (Ubuntu Trusty):
status:	Fix Committed → Fix Released
Changed in linux (Ubuntu Precise):
status:	Fix Committed → Fix Released

Revision history for this message

Launchpad Janitor (janitor) wrote on 2014-10-08:

#26

Download full text (10.8 KiB)

This bug was fixed in the package linux - 3.2.0-70.105

---------------
linux (3.2.0-70.105) precise; urgency=low

[ Kamal Mostafa ]

* Release Tracking Bug
- re-used previous tracking bug

[ Upstream Kernel Changes ]

  * udf: Avoid infinite loop when processing indirect ICBs
    - LP: #1370042
    - CVE-2014-6410

linux (3.2.0-70.104) precise; urgency=low

[ Joseph Salisbury ]

* Release Tracking Bug
- LP: #1372522

[ Tim Gardner ]

  * SAUCE: Fix nfs oops stable regression
    - LP: #1348670
  * [Config] updateconfigs
    - LP: #1369711

[ Upstream Kernel Changes ]

  * Revert "x86-64, modify_ldt: Make support for 16-bit segments a runtime
    option"
    - LP: #1369711
  * KVM: x86: Inter-privilege level ret emulation is not implemeneted
    - LP: #1369711
  * ASoC: samsung: Correct I2S DAI suspend/resume ops
    - LP: #1369711
  * block: don't assume last put of shared tags is for the host
    - LP: #1369711
  * stable_kernel_rules: Add pointer to netdev-FAQ for network patches
    - LP: #1369711
  * debugfs: Fix corrupted loop in debugfs_remove_recursive
    - LP: #1369711
  * serial: core: Preserve termios c_cflag for console resume
    - LP: #1369711
  * tda10071: force modulation to QPSK on DVB-S
    - LP: #1369711
  * gspca_pac7302: Add new usb-id for Genius i-Look 317
    - LP: #1369711
  * mtd/ftl: fix the double free of the buffers allocated in build_maps()
    - LP: #1369711
  * x86: don't exclude low BIOS area when allocating address space for
    non-PCI cards
    - LP: #1369711
  * Bluetooth: never linger on process exit
    - LP: #1369711
  * scsi: handle flush errors properly
    - LP: #1369711
  * USB: OHCI: don't lose track of EDs when a controller dies
    - LP: #1369711
  * ahci: add support for the Promise FastTrak TX8660 SATA HBA (ahci mode)
    - LP: #1369711
  * usbcore: don't log on consecutive debounce failures of the same port
    - LP: #1369711
  * USB: Fix persist resume of some SS USB devices
    - LP: #1369711
  * drm/radeon: fix irq ring buffer overflow handling
    - LP: #1369711
  * hwmon: (smsc47m192) Fix temperature limit and vrm write operations
    - LP: #1369711
  * staging: vt6655: Fix Warning on boot handle_irq_event_percpu.
    - LP: #1369711
  * staging: vt6655: Fix disassociated messages every 10 seconds
    - LP: #1369711
  * bfa: Fix undefined bit shift on big-endian architectures with 32-bit
    DMA address
    - LP: #1369711
  * hpsa: fix bad -ENOMEM return value in hpsa_big_passthru_ioctl
    - LP: #1369711
  * Drivers: scsi: storvsc: Implement a eh_timed_out handler
    - LP: #1369711
  * Fix gcc-4.9.0 miscompilation of load_balance() in scheduler
    - LP: #1369711
  * iommu/vt-d: Exclude devices using RMRRs from IOMMU API domains
    - LP: #1369711
  * net: sendmsg: fix NULL pointer dereference
    - LP: #1369711
  * tpm: Provide a generic means to override the chip returned timeouts
    - LP: #1369711
  * hwmon: (ads1015) Fix off-by-one for valid channel index checking
    - LP: #1369711
  * MIPS: tlbex: Fix a missing statement for HUGETLB
    - LP: #1369711
  * MIPS: Prevent user from setting FCSR cause bits
    - LP: #1369711
  * mm, thp: do not allow thp faults t...

This bug was fixed in the package linux - 3.2.0-70.105

---------------
linux (3.2.0-70.105) precise; urgency=low

[ Kamal Mostafa ]

* Release Tracking Bug
    - re-used previous tracking bug

[ Upstream Kernel Changes ]

* udf: Avoid infinite loop when processing indirect ICBs
    - LP: #1370042
    - CVE-2014-6410

linux (3.2.0-70.104) precise; urgency=low

[ Joseph Salisbury ]

* Release Tracking Bug
    - LP: #1372522

[ Tim Gardner ]

* SAUCE: Fix nfs oops stable regression
    - LP: #1348670
  * [Config] updateconfigs
    - LP: #1369711

[ Upstream Kernel Changes ]

* Revert "x86-64, modify_ldt: Make support for 16-bit segments a runtime
    option"
    - LP: #1369711
  * KVM: x86: Inter-privilege level ret emulation is not implemeneted
    - LP: #1369711
  * ASoC: samsung: Correct I2S DAI suspend/resume ops
    - LP: #1369711
  * block: don't assume last put of shared tags is for the host
    - LP: #1369711
  * stable_kernel_rules: Add pointer to netdev-FAQ for network patches
    - LP: #1369711
  * debugfs: Fix corrupted loop in debugfs_remove_recursive
    - LP: #1369711
  * serial: core: Preserve termios c_cflag for console resume
    - LP: #1369711
  * tda10071: force modulation to QPSK on DVB-S
    - LP: #1369711
  * gspca_pac7302: Add new usb-id for Genius i-Look 317
    - LP: #1369711
  * mtd/ftl: fix the double free of the buffers allocated in build_maps()
    - LP: #1369711
  * x86: don't exclude low BIOS area when allocating address space for
    non-PCI cards
    - LP: #1369711
  * Bluetooth: never linger on process exit
    - LP: #1369711
  * scsi: handle flush errors properly
    - LP: #1369711
  * USB: OHCI: don't lose track of EDs when a controller dies
    - LP: #1369711
  * ahci: add support for the Promise FastTrak TX8660 SATA HBA (ahci mode)
    - LP: #1369711
  * usbcore: don't log on consecutive debounce failures of the same port
    - LP: #1369711
  * USB: Fix persist resume of some SS USB devices
    - LP: #1369711
  * drm/radeon: fix irq ring buffer overflow handling
    - LP: #1369711
  * hwmon: (smsc47m192) Fix temperature limit and vrm write operations
    - LP: #1369711
  * staging: vt6655: Fix Warning on boot handle_irq_event_percpu.
    - LP: #1369711
  * staging: vt6655: Fix disassociated messages every 10 seconds
    - LP: #1369711
  * bfa: Fix undefined bit shift on big-endian architectures with 32-bit
    DMA address
    - LP: #1369711
  * hpsa: fix bad -ENOMEM return value in hpsa_big_passthru_ioctl
    - LP: #1369711
  * Drivers: scsi: storvsc: Implement a eh_timed_out handler
    - LP: #1369711
  * Fix gcc-4.9.0 miscompilation of load_balance() in scheduler
    - LP: #1369711
  * iommu/vt-d: Exclude devices using RMRRs from IOMMU API domains
    - LP: #1369711
  * net: sendmsg: fix NULL pointer dereference
    - LP: #1369711
  * tpm: Provide a generic means to override the chip returned timeouts
    - LP: #1369711
  * hwmon: (ads1015) Fix off-by-one for valid channel index checking
    - LP: #1369711
  * MIPS: tlbex: Fix a missing statement for HUGETLB
    - LP: #1369711
  * MIPS: Prevent user from setting FCSR cause bits
    - LP: #1369711
  * mm, thp: do not allow thp faults to avoid cpuset restrictions
    - LP: #1369711
  * md/raid1,raid10: always abort recover on write error.
    - LP: #1369711
  * ext4: cleanup in ext4_discard_allocated_blocks()
    - LP: #1369711
  * ext4: fix ext4_discard_allocated_blocks() if we can't allocate the pa
    struct
    - LP: #1369711
  * hwmon: (lm85) Fix various errors on attribute writes
    - LP: #1369711
  * hwmon: (lm78) Fix overflow problems seen when writing large temperature
    limits
    - LP: #1369711
  * hwmon: (amc6821) Fix return value
    - LP: #1369711
  * hwmon: (amc6821) Fix possible race condition bug
    - LP: #1369711
  * MIPS: GIC: Prevent array overrun
    - LP: #1369711
  * crypto: af_alg - properly label AF_ALG socket
    - LP: #1369711
  * mnt: Change the default remount atime from relatime to the existing
    value
    - LP: #1369711
  * ARM: OMAP3: Fix choice of omap3_restore_es function in OMAP34XX
    rev3.1.2 case.
    - LP: #1369711
  * netlabel: use GFP flags from caller instead of GFP_ATOMIC
    - LP: #1369711
  * netlabel: fix a problem when setting bits below the previously lowest
    bit
    - LP: #1369711
  * USB: serial: ftdi_sio: Annotate the current Xsens PID assignments
    - LP: #1369711
  * USB: serial: ftdi_sio: Add support for new Xsens devices
    - LP: #1369711
  * ALSA: virtuoso: Xonar DSX support
    - LP: #1369711
  * ALSA: virtuoso: add Xonar Essence STX II support
    - LP: #1369711
  * hwmon: (gpio-fan) Prevent overflow problem when writing large limits
    - LP: #1369711
  * hwmon: (sis5595) Prevent overflow problem when writing large limits
    - LP: #1369711
  * drm/ttm: Fix possible stack overflow by recursive shrinker calls.
    - LP: #1369711
  * powerpc/mm/numa: Fix break placement
    - LP: #1369711
  * drm/radeon: load the lm63 driver for an lm64 thermal chip.
    - LP: #1369711
  * RDMA/iwcm: Use a default listen backlog if needed
    - LP: #1369711
  * hwmon: (lm92) Prevent overflow problem when writing large limits
    - LP: #1369711
  * hwmon: (ads1015) Fix out-of-bounds array access
    - LP: #1369711
  * s390/locking: Reenable optimistic spinning
    - LP: #1369711
  * ring-buffer: Up rb_iter_peek() loop count to 3
    - LP: #1369711
  * ring-buffer: Always reset iterator to reader page
    - LP: #1369711
  * x86/xen: resume timer irqs early
    - LP: #1369711
  * carl9170: fix sending URBs with wrong type when using full-speed
    - LP: #1369711
  * reiserfs: Fix use after free in journal teardown
    - LP: #1369711
  * powerpc: Fix build errors STRICT_MM_TYPECHECKS
    - LP: #1369711
  * powerpc/mm: Use read barrier when creating real_pte
    - LP: #1369711
  * ASoC: pxa-ssp: drop SNDRV_PCM_FMTBIT_S24_LE
    - LP: #1369711
  * Btrfs: fix csum tree corruption, duplicate and outdated checksums
    - LP: #1369711
  * ALSA: hda/realtek - Avoid setting wrong COEF on ALC269 & co
    - LP: #1369711
  * CIFS: Fix wrong directory attributes after rename
    - LP: #1369711
  * md/raid6: avoid data corruption during recovery of double-degraded
    RAID6
    - LP: #1369711
  * USB: option: add VIA Telecom CDS7 chipset device id
    - LP: #1369711
  * USB: ftdi_sio: add Basic Micro ATOM Nano USB2Serial PID
    - LP: #1369711
  * USB: serial: pl2303: add device id for ztek device
    - LP: #1369711
  * USB: ftdi_sio: Added PID for new ekey device
    - LP: #1369711
  * iommu/amd: Fix cleanup_domain for mass device removal
    - LP: #1369711
  * pata_scc: propagate return value of scc_wait_after_reset
    - LP: #1369711
  * xhci: Treat not finding the event_seg on COMP_STOP the same as
    COMP_STOP_INVAL
    - LP: #1369711
  * usb: xhci: amd chipset also needs short TX quirk
    - LP: #1369711
  * MIPS: OCTEON: make get_system_type() thread-safe
    - LP: #1369711
  * xhci: rework cycle bit checking for new dequeue pointers
    - LP: #1369711
  * HID: logitech: perform bounds checking on device_id early enough
    - LP: #1369711
  * HID: fix a couple of off-by-ones
    - LP: #1369711
  * USB: whiteheat: Added bounds checking for bulk command response
    - LP: #1369711
  * HID: logitech-dj: prevent false errors to be shown
    - LP: #1369711
  * ACPI / EC: Add support to disallow QR_EC to be issued when SCI_EVT
    isn't set
    - LP: #1369711
  * USB: sisusb: add device id for Magic Control USB video
    - LP: #1369711
  * NFSv4: Fix problems with close in the presence of a delegation
    - LP: #1369711
  * HID: magicmouse: sanity check report size in raw_event() callback
    - LP: #1369711
  * HID: picolcd: sanity check report size in raw_event() callback
    - LP: #1369711
  * ARM: 8128/1: abort: don't clear the exclusive monitors
    - LP: #1369711
  * ARM: 8129/1: errata: work around Cortex-A15 erratum 830321 using dummy
    strex
    - LP: #1369711
  * USB: serial: fix potential stack buffer overflow
    - LP: #1369711
  * USB: serial: fix potential heap buffer overflow
    - LP: #1369711
  * openrisc: add missing header inclusion
    - LP: #1369711
  * MIPS: perf: Fix build error caused by unused
    counters_per_cpu_to_total()
    - LP: #1369711
  * MIPS: Fix accessing to per-cpu data when flushing the cache
    - LP: #1369711
  * openrisc: include export.h for EXPORT_SYMBOL
    - LP: #1369711
  * inetpeer: get rid of ip_id_count
    - LP: #1369711
  * ip: make IP identifiers less predictable
    - LP: #1369711
  * tcp: Fix integer-overflows in TCP veno
    - LP: #1369711
  * tcp: Fix integer-overflow in TCP vegas
    - LP: #1369711
  * macvlan: Initialize vlan_features to turn on offload support.
    - LP: #1369711
  * iovec: make sure the caller actually wants anything in
    memcpy_fromiovecend
    - LP: #1369711
  * sctp: fix possible seqlock seadlock in sctp_packet_transmit()
    - LP: #1369711
  * sparc64: Fix argument sign extension for compat_sys_futex().
    - LP: #1369711
  * sparc64: Make itc_sync_lock raw
    - LP: #1369711
  * sparc64: Handle 32-bit tasks properly in compute_effective_address().
    - LP: #1369711
  * sparc64: Fix top-level fault handling bugs.
    - LP: #1369711
  * sparc64: Don't bark so loudly about 32-bit tasks generating 64-bit
    fault addresses.
    - LP: #1369711
  * sparc64: Fix huge TSB mapping on pre-UltraSPARC-III cpus.
    - LP: #1369711
  * sparc64: Add membar to Niagara2 memcpy code.
    - LP: #1369711
  * sparc64: Do not insert non-valid PTEs into the TSB hash table.
    - LP: #1369711
  * sparc64: Guard against flushing openfirmware mappings.
    - LP: #1369711
  * bbc-i2c: Fix BBC I2C envctrl on SunBlade 2000
    - LP: #1369711
  * sunsab: Fix detection of BREAK on sunsab serial console
    - LP: #1369711
  * sparc64: ldc_connect() should not return EINVAL when handshake is in
    progress.
    - LP: #1369711
  * arch/sparc/math-emu/math_32.c: drop stray break operator
    - LP: #1369711
  * slab/mempolicy: always use local policy from interrupt context
    - LP: #1369711
  * sparc: use asm-generic version of types.h
    - LP: #1369711
  * x86-64, espfix: Don't leak bits 31:16 of %esp returning to 16-bit stack
    - LP: #1369711
  * x86, espfix: Move espfix definitions into a separate header file
    - LP: #1369711
  * x86, espfix: Fix broken header guard
    - LP: #1369711
  * x86, espfix: Make espfix64 a Kconfig option, fix UML
    - LP: #1369711
  * x86, espfix: Make it possible to disable 16-bit support
    - LP: #1369711
  * x86_64/entry/xen: Do not invoke espfix64 on Xen
    - LP: #1369711
  * x86/espfix/xen: Fix allocation of pages for paravirt page tables
    - LP: #1369711
  * microblaze: Fix makefile to work with latest toolchain
    - LP: #1369711
  * Linux 3.2.63
    - LP: #1369711
  * libceph: add process_one_ticket() helper
    - LP: #1370044, #1370046, #1370047
    - CVE-2014-6418
  * libceph: do not hard code max auth ticket len
    - LP: #1370044, #1370046, #1370047
    - CVE-2014-6418
 -- Kamal Mostafa <kamal@canonical.com>   Wed, 24 Sep 2014 12:16:42 -0700

Changed in linux (Ubuntu Precise):
status:	Fix Committed → Fix Released

Revision history for this message

Frank (frank-scriptzone) wrote on 2015-10-30:

#28

Issue seems to be reintroduced.

Mounts in 3.13.0-66-generic fail again with the same error messages as reported in this issue.
In 3.13.0-62-generic everything seems well.

Revision history for this message

Sergio Gelato (sergio-gelato) wrote on 2015-10-30: SV: [Bug 1348670] Re: BUG: unable to handle kernel NULL pointer dereference at 0000000000000010, set_nfsv4_acl_one+0x21/0xb0 [nfsd]

#29

Frank: I think it's better to file a new bug about this. Do include the actual log message. I'm looking at the source code for 3.13.0-66.108 and the fix is still in place, so it can't be *exactly* the same problem as before.

Ubuntu
linux package

BUG: unable to handle kernel NULL pointer dereference at 0000000000000010, set_nfsv4_acl_one+0x21/0xb0 [nfsd]

Bug Description

Related branches

CVE References

Duplicates of this bug

Other bug subscribers

Patches

Bug attachments

Remote bug watches

	Status	Importance	Assigned to
linux (Debian)	Fix Released	Unknown	debbugs #754420
linux (Ubuntu)	Invalid	Medium	Unassigned
Lucid	Invalid	Undecided	Unassigned
Precise	Fix Released	Undecided	Tim Gardner
Trusty	Fix Released	Undecided	Tim Gardner
Utopic	Invalid	Medium	Unassigned

Ubuntulinux package

BUG: unable to handle kernel NULL pointer dereference at 0000000000000010, set_nfsv4_acl_one+0x21/0xb0 [nfsd]

Bug Description

Related branches

CVE References

Duplicates of this bug

Other bug subscribers

Patches

Bug attachments

Remote bug watches

Ubuntu
linux package