Bug #1642299 “Fix Kernel Crashing under IBM Virtual Scsi Driver” : Bugs : linux package : Ubuntu

Revision history for this message

bugproxy (bugproxy) wrote on 2016-11-16: ibmvscsis: Rearrange functions for future patches

#1

ibmvscsis: Rearrange functions for future patches Edit (25.7 KiB, text/plain)

Default Comment by Bridge

tags:

added: architecture-ppc64le bugnameltc-147639 severity-high targetmilestone-inin16041

Revision history for this message

bugproxy (bugproxy) wrote on 2016-11-16: ibmvscsis: Synchronize cmds at tpg_enable_store time

#2

ibmvscsis: Synchronize cmds at tpg_enable_store time Edit (13.9 KiB, text/plain)

Default Comment by Bridge

Revision history for this message

bugproxy (bugproxy) wrote on 2016-11-16: ibmvscsis: Synchronize cmds at remove time

#3

ibmvscsis: Synchronize cmds at remove time Edit (4.1 KiB, text/plain)

Default Comment by Bridge

Revision history for this message

bugproxy (bugproxy) wrote on 2016-11-16: ibmvscsis: Clean up properly if target_submit_cmd/tmr fails

#4

ibmvscsis: Clean up properly if target_submit_cmd/tmr fails Edit (1.3 KiB, text/plain)

Default Comment by Bridge

Revision history for this message

bugproxy (bugproxy) wrote on 2016-11-16: ibmvscsis: Return correct partition name/# to client

#5

ibmvscsis: Return correct partition name/# to client Edit (1.3 KiB, text/plain)

Default Comment by Bridge

Revision history for this message

bugproxy (bugproxy) wrote on 2016-11-16: ibmvscsis: Issues from Dan Carpenter/Smatch

#6

ibmvscsis: Issues from Dan Carpenter/Smatch Edit (1.8 KiB, text/plain)

Default Comment by Bridge

Changed in ubuntu:
assignee:	nobody → Taco Screen team (taco-screen-team)
affects:	ubuntu → linux (Ubuntu)

Leann Ogasawara (leannogasawara) on 2016-11-16

Changed in linux (Ubuntu):
assignee:	Taco Screen team (taco-screen-team) → Canonical Kernel Team (canonical-kernel-team)
importance:	Undecided → High
status:	New → Triaged

Tim Gardner (timg-tpi) on 2016-11-18

Changed in linux (Ubuntu Xenial):
assignee:	nobody → Tim Gardner (timg-tpi)
status:	New → In Progress
Changed in linux (Ubuntu Yakkety):
assignee:	nobody → Tim Gardner (timg-tpi)
status:	New → In Progress
Changed in linux (Ubuntu Zesty):
assignee:	Canonical Kernel Team (canonical-kernel-team) → Tim Gardner (timg-tpi)
status:	Triaged → In Progress

Tim Gardner (timg-tpi) on 2016-11-18

Changed in linux (Ubuntu Zesty):
status:	In Progress → Fix Committed

Revision history for this message

Tim Gardner (timg-tpi) wrote on 2016-11-18:

#7

https://lists.ubuntu.com/archives/kernel-team/2016-November/081044.html

Luis Henriques (henrix) on 2016-11-29

Changed in linux (Ubuntu Xenial):
status:	In Progress → Fix Committed

Luis Henriques (henrix) on 2016-11-29

Changed in linux (Ubuntu Yakkety):
status:	In Progress → Fix Committed

bugproxy (bugproxy) on 2016-11-29

tags:

added: verification-done-xenial verification-done-yakkety

Revision history for this message

Launchpad Janitor (janitor) wrote on 2016-12-18:

#8

This bug was fixed in the package linux - 4.9.0-11.12

---------------
linux (4.9.0-11.12) zesty; urgency=low

  * Miscellaneous Ubuntu changes
    - UBUNTU: SAUCE: Add '-fno-pie -no-pie' to cflags for x86 selftests
    - UBUNTU: SAUCE: (no-up) aufs: for v4.9-rc1, support setattr_prepare()

[ Upstream Kernel Changes ]

* rebase to v4.9

-- Tim Gardner <email address hidden> Mon, 12 Dec 2016 06:40:40 -0700

Changed in linux (Ubuntu Zesty):
status:	Fix Committed → Fix Released

Revision history for this message

Launchpad Janitor (janitor) wrote on 2016-12-20:

#9

Download full text (17.0 KiB)

This bug was fixed in the package linux - 4.4.0-57.78

---------------
linux (4.4.0-57.78) xenial; urgency=low

* Release Tracking Bug
- LP: #1648867

* Miscellaneous Ubuntu changes
- SAUCE: Do not build the xr-usb-serial driver for s390

linux (4.4.0-56.77) xenial; urgency=low

* Release Tracking Bug
- LP: #1648867

* Release Tracking Bug
- LP: #1648579

  * CONFIG_NR_CPUS=256 is too low (LP: #1579205)
    - [Config] Increase the NR_CPUS to 512 for amd64 to support systems with a
      large number of cores.

* NVMe drives in Amazon AWS instance fail to initialize (LP: #1648449)
- SAUCE: (no-up) NVMe: only setup MSIX once

linux (4.4.0-55.76) xenial; urgency=low

[ Luis Henriques ]

* Release Tracking Bug
- LP: #1648503

* NVMe driver accidentally reverted to use GSI instead of MSIX (LP: #1647887)
- (fix) NVMe: restore code to always use MSI/MSI-x interrupts

linux (4.4.0-54.75) xenial; urgency=low

[ Luis Henriques ]

* Release Tracking Bug
- LP: #1648017

* Update hio driver to 2.1.0.28 (LP: #1646643)
- SAUCE: hio: update to Huawei ES3000_V2 (2.1.0.28)

* linux: Enable live patching for all supported architectures (LP: #1633577)
- [Config] CONFIG_LIVEPATCH=y for s390x

  * Botched backport breaks level triggered EOIs in QEMU guests with --machine
    kernel_irqchip=split (LP: #1644394)
    - kvm/irqchip: kvm_arch_irq_routing_update renaming split

  * Xenial update to v4.4.35 stable release (LP: #1645453)
    - x86/cpu/AMD: Fix cpu_llc_id for AMD Fam17h systems
    - KVM: x86: fix missed SRCU usage in kvm_lapic_set_vapic_addr
    - KVM: Disable irq while unregistering user notifier
    - fuse: fix fuse_write_end() if zero bytes were copied
    - mfd: intel-lpss: Do not put device in reset state on suspend
    - can: bcm: fix warning in bcm_connect/proc_register
    - i2c: mux: fix up dependencies
    - kbuild: add -fno-PIE
    - scripts/has-stack-protector: add -fno-PIE
    - x86/kexec: add -fno-PIE
    - kbuild: Steal gcc's pie from the very beginning
    - ext4: sanity check the block and cluster size at mount time
    - crypto: caam - do not register AES-XTS mode on LP units
    - drm/amdgpu: Attach exclusive fence to prime exported bo's. (v5)
    - clk: mmp: pxa910: fix return value check in pxa910_clk_init()
    - clk: mmp: pxa168: fix return value check in pxa168_clk_init()
    - clk: mmp: mmp2: fix return value check in mmp2_clk_init()
    - rtc: omap: Fix selecting external osc
    - iwlwifi: pcie: fix SPLC structure parsing
    - mfd: core: Fix device reference leak in mfd_clone_cell
    - uwb: fix device reference leaks
    - PM / sleep: fix device reference leak in test_suspend
    - PM / sleep: don't suspend parent when async child suspend_{noirq, late}
      fails
    - IB/mlx4: Check gid_index return value
    - IB/mlx4: Fix create CQ error flow
    - IB/mlx5: Use cache line size to select CQE stride
    - IB/mlx5: Fix fatal error dispatching
    - IB/core: Avoid unsigned int overflow in sg_alloc_table
    - IB/uverbs: Fix leak of XRC target QPs
    - IB/cm: Mark stale CM id's whenever the mad agent was unregistered
    - netfilter: nft_dynset: fix element timeou...

This bug was fixed in the package linux - 4.4.0-57.78

---------------
linux (4.4.0-57.78) xenial; urgency=low

* Release Tracking Bug
    - LP: #1648867

* Miscellaneous Ubuntu changes
    - SAUCE: Do not build the xr-usb-serial driver for s390

linux (4.4.0-56.77) xenial; urgency=low

* Release Tracking Bug
    - LP: #1648867

* Release Tracking Bug
    - LP: #1648579

* CONFIG_NR_CPUS=256 is too low (LP: #1579205)
    - [Config] Increase the NR_CPUS to 512 for amd64 to support systems with a
      large number of cores.

* NVMe drives in Amazon AWS instance fail to initialize (LP: #1648449)
    - SAUCE: (no-up) NVMe: only setup MSIX once

linux (4.4.0-55.76) xenial; urgency=low

[ Luis Henriques ]

* Release Tracking Bug
    - LP: #1648503

* NVMe driver accidentally reverted to use GSI instead of MSIX (LP: #1647887)
    - (fix) NVMe: restore code to always use MSI/MSI-x interrupts

linux (4.4.0-54.75) xenial; urgency=low

[ Luis Henriques ]

* Release Tracking Bug
    - LP: #1648017

* Update hio driver to 2.1.0.28 (LP: #1646643)
    - SAUCE: hio: update to Huawei ES3000_V2 (2.1.0.28)

* linux: Enable live patching for all supported architectures (LP: #1633577)
    - [Config] CONFIG_LIVEPATCH=y for s390x

* Botched backport breaks level triggered EOIs in QEMU guests with --machine
    kernel_irqchip=split (LP: #1644394)
    - kvm/irqchip: kvm_arch_irq_routing_update renaming split

* Xenial update to v4.4.35 stable release (LP: #1645453)
    - x86/cpu/AMD: Fix cpu_llc_id for AMD Fam17h systems
    - KVM: x86: fix missed SRCU usage in kvm_lapic_set_vapic_addr
    - KVM: Disable irq while unregistering user notifier
    - fuse: fix fuse_write_end() if zero bytes were copied
    - mfd: intel-lpss: Do not put device in reset state on suspend
    - can: bcm: fix warning in bcm_connect/proc_register
    - i2c: mux: fix up dependencies
    - kbuild: add -fno-PIE
    - scripts/has-stack-protector: add -fno-PIE
    - x86/kexec: add -fno-PIE
    - kbuild: Steal gcc's pie from the very beginning
    - ext4: sanity check the block and cluster size at mount time
    - crypto: caam - do not register AES-XTS mode on LP units
    - drm/amdgpu: Attach exclusive fence to prime exported bo's. (v5)
    - clk: mmp: pxa910: fix return value check in pxa910_clk_init()
    - clk: mmp: pxa168: fix return value check in pxa168_clk_init()
    - clk: mmp: mmp2: fix return value check in mmp2_clk_init()
    - rtc: omap: Fix selecting external osc
    - iwlwifi: pcie: fix SPLC structure parsing
    - mfd: core: Fix device reference leak in mfd_clone_cell
    - uwb: fix device reference leaks
    - PM / sleep: fix device reference leak in test_suspend
    - PM / sleep: don't suspend parent when async child suspend_{noirq, late}
      fails
    - IB/mlx4: Check gid_index return value
    - IB/mlx4: Fix create CQ error flow
    - IB/mlx5: Use cache line size to select CQE stride
    - IB/mlx5: Fix fatal error dispatching
    - IB/core: Avoid unsigned int overflow in sg_alloc_table
    - IB/uverbs: Fix leak of XRC target QPs
    - IB/cm: Mark stale CM id's whenever the mad agent was unregistered
    - netfilter: nft_dynset: fix element timeout for HZ != 1000
    - Linux 4.4.35

* Upstream stable 4.4.34 and 4.8.10 regression (LP: #1645278)
    - flow_dissect: call init_default_flow_dissectors() earlier

* AD5593R configurable multi-channel converter support (LP: #1644726)
    - iio: dac: Add support for the AD5592R/AD5593R ADCs/DACs
    - iio: dac: ad5592r: Off by one bug in ad5592r_alloc_channels()
    - [Config] CONFIG_AD5592R/AD5593R=m

* ST Micro lps22hb pressure sensor support (LP: #1642258)
    - iio:st_pressure:initial lps22hb sensor support
    - iio:st_pressure: align storagebits on power of 2
    - iio:st_pressure: document sampling gains
    - iio:st_pressure:lps22hb: temperature support

* Fix Kernel Crashing under IBM Virtual Scsi Driver (LP: #1642299)
    - SAUCE: ibmvscsis: Rearrange functions for future patches
    - SAUCE: ibmvscsis: Synchronize cmds at tpg_enable_store time
    - SAUCE: ibmvscsis: Synchronize cmds at remove time
    - SAUCE: ibmvscsis: Clean up properly if target_submit_cmd/tmr fails
    - SAUCE: ibmvscsis: Return correct partition name/# to client
    - SAUCE: ibmvscsis: Issues from Dan Carpenter/Smatch

* System stalls when creating device node on booting (LP: #1643797)
    - sched/fair: Fix new task's load avg removed from source CPU in
      wake_up_new_task()

* nvme: improve performance for virtual Google NVMe devices (LP: #1637565)
    - blk-mq: add blk_mq_alloc_request_hctx
    - nvme.h: add NVMe over Fabrics definitions
    - [Config] CONFIG_NVME_VENDOR_EXT_GOOGLE=y
    - SAUCE: nvme: improve performance for virtual NVMe devices

* Move some kernel modules to the main kernel package (LP: #1642228)
    - [Config] Move some powerpc kernel modules to the main kernel package

* sched: Match-all classifier is missing in xenial (LP: #1642514)
    - [Config] CONFIG_NET_CLS_MATCHALL=m
    - net/sched: introduce Match-all classifier

* Xenial update to 4.4.34 stable release (LP: #1643637)
    - dctcp: avoid bogus doubling of cwnd after loss
    - net: clear sk_err_soft in sk_clone_lock()
    - net: mangle zero checksum in skb_checksum_help()
    - bgmac: stop clearing DMA receive control register right after it is set
    - ip6_tunnel: Clear IP6CB in ip6tunnel_xmit()
    - tcp: fix potential memory corruption
    - dccp: do not send reset to already closed sockets
    - dccp: fix out of bound access in dccp_v4_err()
    - ipv6: dccp: fix out of bound access in dccp_v6_err()
    - ipv6: dccp: add missing bind_conflict to dccp_ipv6_mapped
    - sctp: assign assoc_id earlier in __sctp_connect
    - fib_trie: Correct /proc/net/route off by one error
    - sock: fix sendmmsg for partial sendmsg
    - net: __skb_flow_dissect() must cap its return value
    - ipv4: use new_gw for redirect neigh lookup
    - tcp: take care of truncations done by sk_filter()
    - tty: Prevent ldisc drivers from re-using stale tty fields
    - sparc: Don't leak context bits into thread->fault_address
    - sparc: serial: sunhv: fix a double lock bug
    - sparc64 mm: Fix base TSB sizing when hugetlb pages are used
    - sparc: Handle negative offsets in arch_jump_label_transform
    - sparc64: Handle extremely large kernel TSB range flushes sanely.
    - sparc64: Fix illegal relative branches in hypervisor patched TLB code.
    - sparc64: Fix instruction count in comment for
      __hypervisor_flush_tlb_pending.
    - sparc64: Fix illegal relative branches in hypervisor patched TLB cross-call
      code.
    - sparc64: Handle extremely large kernel TLB range flushes more gracefully.
    - sparc64: Delete __ret_efault.
    - sparc64: Prepare to move to more saner user copy exception handling.
    - sparc64: Convert copy_in_user to accurate exception reporting.
    - sparc64: Convert GENcopy_{from,to}_user to accurate exception reporting.
    - sparc64: Convert U1copy_{from,to}_user to accurate exception reporting.
    - sparc64: Convert NG4copy_{from,to}_user to accurate exception reporting.
    - sparc64: Convert NGcopy_{from,to}_user to accurate exception reporting.
    - sparc64: Convert NG2copy_{from,to}_user to accurate exception reporting.
    - sparc64: Convert U3copy_{from,to}_user to accurate exception reporting.
    - sparc64: Delete now unused user copy assembler helpers.
    - sparc64: Delete now unused user copy fixup functions.
    - Linux 4.4.34

* Xenial update to v4.4.33 stable release (LP: #1642968)
    - ALSA: info: Return error for invalid read/write
    - ALSA: info: Limit the proc text input size
    - ASoC: cs4270: fix DAPM stream name mismatch
    - dib0700: fix nec repeat handling
    - swapfile: fix memory corruption via malformed swapfile
    - coredump: fix unfreezable coredumping task
    - s390/hypfs: Use get_free_page() instead of kmalloc to ensure page alignment
    - ARC: timer: rtc: implement read loop in "C" vs. inline asm
    - pinctrl: cherryview: Serialize register access in suspend/resume
    - pinctrl: cherryview: Prevent possible interrupt storm on resume
    - staging: iio: ad5933: avoid uninitialized variable in error case
    - drivers: staging: nvec: remove bogus reset command for PS/2 interface
    - Revert "staging: nvec: ps2: change serio type to passthrough"
    - staging: nvec: remove managed resource from PS2 driver
    - USB: cdc-acm: fix TIOCMIWAIT
    - usb: gadget: u_ether: remove interrupt throttling
    - drbd: Fix kernel_sendmsg() usage - potential NULL deref
    - toshiba-wmi: Fix loading the driver on non Toshiba laptops
    - clk: qoriq: Don't allow CPU clocks higher than starting value
    - iio: hid-sensors: Increase the precision of scale to fix wrong reading
      interpretation.
    - iio: orientation: hid-sensor-rotation: Add PM function (fix non working
      driver)
    - scsi: qla2xxx: Fix scsi scan hang triggered if adapter fails during init
    - scsi: mpt3sas: Fix for block device of raid exists even after deleting raid
      disk
    - KVM: MIPS: Precalculate MMIO load resume PC
    - drm/i915: Respect alternate_ddc_pin for all DDI ports
    - dmaengine: at_xdmac: fix spurious flag status for mem2mem transfers
    - tty/serial: at91: fix hardware handshake on Atmel platforms
    - iommu/amd: Free domain id when free a domain of struct dma_ops_domain
    - iommu/vt-d: Fix dead-locks in disable_dmar_iommu() path
    - mei: bus: fix received data size check in NFC fixup
    - lib/genalloc.c: start search from start of chunk
    - hwrng: core - Don't use a stack buffer in add_early_randomness()
    - i40e: fix call of ndo_dflt_bridge_getlink()
    - ACPI / APEI: Fix incorrect return value of ghes_proc()
    - ASoC: sun4i-codec: return error code instead of NULL when create_card fails
    - mmc: mxs: Initialize the spinlock prior to using it
    - btrfs: qgroup: Prevent qgroup->reserved from going subzero
    - netfilter: fix namespace handling in nf_log_proc_dostring
    - Linux 4.4.33

* Xenial update to 4.4.32 stable release (LP: #1642573)
    - tcp: fix overflow in __tcp_retransmit_skb()
    - net: avoid sk_forward_alloc overflows
    - tcp: fix wrong checksum calculation on MTU probing
    - tcp: fix a compile error in DBGUNDO()
    - ip6_gre: fix flowi6_proto value in ip6gre_xmit_other()
    - ipmr, ip6mr: fix scheduling while atomic and a deadlock with ipmr_get_route
    - tg3: Avoid NULL pointer dereference in tg3_io_error_detected()
    - net: fec: set mac address unconditionally
    - net: pktgen: fix pkt_size
    - net/sched: act_vlan: Push skb->data to mac_header prior calling skb_vlan_*()
      functions
    - net: Add netdev all_adj_list refcnt propagation to fix panic
    - packet: call fanout_release, while UNREGISTERING a netdev
    - netlink: do not enter direct reclaim from netlink_dump()
    - ipv6: tcp: restore IP6CB for pktoptions skbs
    - ip6_tunnel: fix ip6_tnl_lookup
    - net: pktgen: remove rcu locking in pktgen_change_name()
    - bridge: multicast: restore perm router ports on multicast enable
    - rtnetlink: Add rtnexthop offload flag to compare mask
    - net: add recursion limit to GRO
    - ipv4: disable BH in set_ping_group_range()
    - ipv4: use the right lock for ping_group_range
    - net: sctp, forbid negative length
    - udp: fix IP_CHECKSUM handling
    - net sched filters: fix notification of filter delete with proper handle
    - sctp: validate chunk len before actually using it
    - packet: on direct_xmit, limit tso and csum to supported devices
    - of: silence warnings due to max() usage
    - Revert KVM: MIPS: Drop other CPU ASIDs on guest MMU changes
    - KVM: MIPS: Drop other CPU ASIDs on guest MMU changes
    - drm/amdgpu/dp: add back special handling for NUTMEG
    - drm/amdgpu: fix DP mode validation
    - drm/radeon: fix DP mode validation
    - scsi: megaraid_sas: fix macro MEGASAS_IS_LOGICAL to avoid regression
    - Linux 4.4.32

* Xenial update to 4.4.31 stable release (LP: #1642572)
    - i2c: xgene: Avoid dma_buffer overrun
    - i2c: core: fix NULL pointer dereference under race condition
    - drm/dp/mst: Clear port->pdt when tearing down the i2c adapter
    - h8300: fix syscall restarting
    - libxfs: clean up _calc_dquots_per_chunk
    - mm/list_lru.c: avoid error-path NULL pointer deref
    - mm: memcontrol: do not recurse in direct reclaim
    - ALSA: usb-audio: Add quirk for Syntek STK1160
    - ALSA: hda - Merge RIRB_PRE_DELAY into CTX_WORKAROUND caps
    - ALSA: hda - Raise AZX_DCAPS_RIRB_DELAY handling into top drivers
    - ALSA: hda - allow 40 bit DMA mask for NVidia devices
    - ALSA: hda - Adding a new group of pin cfg into ALC295 pin quirk table
    - ALSA: hda - Fix headset mic detection problem for two Dell laptops
    - ANDROID: binder: Add strong ref checks
    - ANDROID: binder: Clear binder and cookie when setting handle in flat binder
      struct
    - btrfs: fix races on root_log_ctx lists
    - ubifs: Abort readdir upon error
    - ubifs: Fix regression in ubifs_readdir()
    - mei: txe: don't clean an unprocessed interrupt cause.
    - usb: gadget: function: u_ether: don't starve tx request queue
    - USB: serial: fix potential NULL-dereference at probe
    - USB: serial: ftdi_sio: add support for Infineon TriBoard TC2X7
    - xhci: use default USB_RESUME_TIMEOUT when resuming ports.
    - usb: increase ohci watchdog delay to 275 msec
    - Fix potential infoleak in older kernels
    - vt: clear selection before resizing
    - xhci: add restart quirk for Intel Wildcatpoint PCH
    - tty: limit terminal size to 4M chars
    - USB: serial: cp210x: fix tiocmget error handling
    - dm: free io_barrier after blk_cleanup_queue call
    - KVM: x86: fix wbinvd_dirty_mask use-after-free
    - KVM: MIPS: Make ERET handle ERL before EXL
    - ovl: fsync after copy-up
    - parisc: Ensure consistent state when switching to kernel stack at syscall
      entry
    - virtio_ring: Make interrupt suppression spec compliant
    - virtio: console: Unlock vqs while freeing buffers
    - dm mirror: fix read error on recovery after default leg failure
    - Input: i8042 - add XMG C504 to keyboard reset table
    - firewire: net: guard against rx buffer overflows
    - firewire: net: fix fragmented datagram_size off-by-one
    - mac80211: discard multicast and 4-addr A-MSDUs
    - scsi: megaraid_sas: Fix data integrity failure for JBOD (passthrough)
      devices
    - scsi: scsi_debug: Fix memory leak if LBP enabled and module is unloaded
    - scsi: arcmsr: Send SYNCHRONIZE_CACHE command to firmware
    - mmc: dw_mmc-pltfm: fix the potential NULL pointer dereference
    - Revert "drm/radeon: fix DP link training issue with second 4K monitor"
    - drm/radeon/si_dpm: Limit clocks on HD86xx part
    - drm/radeon/si_dpm: workaround for SI kickers
    - drm/radeon: drop register readback in cayman_cp_int_cntl_setup
    - drm/dp/mst: Check peer device type before attempting EDID read
    - perf build: Fix traceevent plugins build race
    - x86/xen: fix upper bound of pmd loop in xen_cleanhighmap()
    - powerpc/ptrace: Fix out of bounds array access warning
    - ARM: 8584/1: floppy: avoid gcc-6 warning
    - mm/cma: silence warnings due to max() usage
    - drm/exynos: fix error handling in exynos_drm_subdrv_open
    - cgroup: avoid false positive gcc-6 warning
    - smc91x: avoid self-comparison warning
    - Disable "frame-address" warning
    - UBI: fastmap: scrub PEB when bitflips are detected in a free PEB EC header
    - pwm: Unexport children before chip removal
    - usb: dwc3: Fix size used in dma_free_coherent()
    - tty: vt, fix bogus division in csi_J
    - kvm: x86: Check memopp before dereference (CVE-2016-8630)
    - ubi: fastmap: Fix add_vol() return value test in ubi_attach_fastmap()
    - HID: usbhid: add ATEN CS962 to list of quirky devices
    - Linux 4.4.31

* CVE-2016-6213
    - mnt: Add a per mount namespace limit on the number of mounts

* ThinkPad T460 hotkeys stop working in Ubuntu 16.04 (LP: #1642114)
    - thinkpad_acpi: Add support for HKEY version 0x200

* CVE-2016-4568
    - videobuf2-v4l2: Verify planes array in buffer dequeueing

* [SRU] Add 0cf3:e009 to btusb (LP: #1641562)
    - Bluetooth: btusb: Add support for 0cf3:e009

* Fix resource leak in btusb (LP: #1641569)
    - SAUCE: Bluetooth: decrease refcount after use

* WiFi LED doesn't work on some Edge Gateway units (LP: #1640418)
    - SAUCE: mwifiex: Use PCI ID instead of DMI ID to identify Edge Gateways

* [Hyper-V] do not lose pending heartbeat vmbus packets (LP: #1632786)
    - hv: do not lose pending heartbeat vmbus packets

* ipv6: connected routes are missing after a down/up cycle on the loopback
    (LP: #1634545)
    - ipv6: correctly add local routes when lo goes up

* audit: prevent a new auditd to stop an old auditd still alive (LP: #1633404)
    - audit: stop an old auditd being starved out by a new auditd

* hv_set_ifconfig script parsing fails for certain configuration
    (LP: #1640109)
    - hv_set_ifconfig -- handle DHCP interfaces correctly
    - hv_set_ifconfig -- ensure we include the last stanza

* CVE-2016-7039 and CVE-2016-8666 (LP: #1631287)
    - Revert "UBUNTU: SAUCE: net: add recursion limit to GRO"

-- Brad Figg <brad.figg@canonical.com>  Fri, 09 Dec 2016 10:51:16 -0800

Changed in linux (Ubuntu Xenial):
status:	Fix Committed → Fix Released

Revision history for this message

Launchpad Janitor (janitor) wrote on 2016-12-20:

#10

Download full text (25.5 KiB)

This bug was fixed in the package linux - 4.8.0-32.34

---------------
linux (4.8.0-32.34) yakkety; urgency=low

[ Thadeu Lima de Souza Cascardo ]

* Release Tracking Bug
- LP: #1649358

* Vulnerability picked up from 4.8.10 stable kernel (LP: #1648662)
- net: handle no dst on skb in icmp6_send

linux (4.8.0-31.33) yakkety; urgency=low

[ Luis Henriques ]

* Release Tracking Bug
- LP: #1648034

* Update hio driver to 2.1.0.28 (LP: #1646643)
- SAUCE: hio: update to Huawei ES3000_V2 (2.1.0.28)

  * Yakkety update to v4.8.11 stable release (LP: #1645421)
    - x86/cpu/AMD: Fix cpu_llc_id for AMD Fam17h systems
    - KVM: x86: fix missed SRCU usage in kvm_lapic_set_vapic_addr
    - KVM: Disable irq while unregistering user notifier
    - arm64: KVM: pmu: Fix AArch32 cycle counter access
    - KVM: arm64: Fix the issues when guest PMCCFILTR is configured
    - ftrace: Ignore FTRACE_FL_DISABLED while walking dyn_ftrace records
    - ftrace: Add more checks for FTRACE_FL_DISABLED in processing ip records
    - genirq: Use irq type from irqdata instead of irqdesc
    - fuse: fix fuse_write_end() if zero bytes were copied
    - IB/rdmavt: rdmavt can handle non aligned page maps
    - IB/hfi1: Fix rnr_timer addition
    - mfd: intel-lpss: Do not put device in reset state on suspend
    - mfd: stmpe: Fix RESET regression on STMPE2401
    - can: bcm: fix warning in bcm_connect/proc_register
    - gpio: do not double-check direction on sleeping chips
    - ALSA: usb-audio: Fix use-after-free of usb_device at disconnect
    - ALSA: hda - add a new condition to check if it is thinkpad
    - ALSA: hda - Fix mic regression by ASRock mobo fixup
    - i2c: mux: fix up dependencies
    - i2c: i2c-mux-pca954x: fix deselect enabling for device-tree
    - Disable the __builtin_return_address() warning globally after all
    - kbuild: add -fno-PIE
    - scripts/has-stack-protector: add -fno-PIE
    - x86/kexec: add -fno-PIE
    - kbuild: Steal gcc's pie from the very beginning
    - ext4: sanity check the block and cluster size at mount time
    - ARM: dts: imx53-qsb: Fix regulator constraints
    - crypto: caam - do not register AES-XTS mode on LP units
    - powerpc/64: Fix setting of AIL in hypervisor mode
    - drm/amdgpu: Attach exclusive fence to prime exported bo's. (v5)
    - drm/i915: Refresh that status of MST capable connectors in ->detect()
    - drm/i915: Assume non-DP++ port if dvo_port is HDMI and there's no AUX ch
      specified in the VBT
    - virtio-net: drop legacy features in virtio 1 mode
    - clk: mmp: pxa910: fix return value check in pxa910_clk_init()
    - clk: mmp: pxa168: fix return value check in pxa168_clk_init()
    - clk: mmp: mmp2: fix return value check in mmp2_clk_init()
    - clk: imx: fix integer overflow in AV PLL round rate
    - rtc: omap: Fix selecting external osc
    - iwlwifi: pcie: fix SPLC structure parsing
    - iwlwifi: pcie: mark command queue lock with separate lockdep class
    - iwlwifi: mvm: fix netdetect starting/stopping for unified images
    - iwlwifi: mvm: fix d3_test with unified D0/D3 images
    - iwlwifi: mvm: wake the wait queue when the RX sync counter is zero
    - mfd: cor...

This bug was fixed in the package linux - 4.8.0-32.34

---------------
linux (4.8.0-32.34) yakkety; urgency=low

[ Thadeu Lima de Souza Cascardo ]

* Release Tracking Bug
    - LP: #1649358

* Vulnerability picked up from 4.8.10 stable kernel (LP: #1648662)
    - net: handle no dst on skb in icmp6_send

linux (4.8.0-31.33) yakkety; urgency=low

[ Luis Henriques ]

* Release Tracking Bug
    - LP: #1648034

* Update hio driver to 2.1.0.28 (LP: #1646643)
    - SAUCE: hio: update to Huawei ES3000_V2 (2.1.0.28)

* Yakkety update to v4.8.11 stable release (LP: #1645421)
    - x86/cpu/AMD: Fix cpu_llc_id for AMD Fam17h systems
    - KVM: x86: fix missed SRCU usage in kvm_lapic_set_vapic_addr
    - KVM: Disable irq while unregistering user notifier
    - arm64: KVM: pmu: Fix AArch32 cycle counter access
    - KVM: arm64: Fix the issues when guest PMCCFILTR is configured
    - ftrace: Ignore FTRACE_FL_DISABLED while walking dyn_ftrace records
    - ftrace: Add more checks for FTRACE_FL_DISABLED in processing ip records
    - genirq: Use irq type from irqdata instead of irqdesc
    - fuse: fix fuse_write_end() if zero bytes were copied
    - IB/rdmavt: rdmavt can handle non aligned page maps
    - IB/hfi1: Fix rnr_timer addition
    - mfd: intel-lpss: Do not put device in reset state on suspend
    - mfd: stmpe: Fix RESET regression on STMPE2401
    - can: bcm: fix warning in bcm_connect/proc_register
    - gpio: do not double-check direction on sleeping chips
    - ALSA: usb-audio: Fix use-after-free of usb_device at disconnect
    - ALSA: hda - add a new condition to check if it is thinkpad
    - ALSA: hda - Fix mic regression by ASRock mobo fixup
    - i2c: mux: fix up dependencies
    - i2c: i2c-mux-pca954x: fix deselect enabling for device-tree
    - Disable the __builtin_return_address() warning globally after all
    - kbuild: add -fno-PIE
    - scripts/has-stack-protector: add -fno-PIE
    - x86/kexec: add -fno-PIE
    - kbuild: Steal gcc's pie from the very beginning
    - ext4: sanity check the block and cluster size at mount time
    - ARM: dts: imx53-qsb: Fix regulator constraints
    - crypto: caam - do not register AES-XTS mode on LP units
    - powerpc/64: Fix setting of AIL in hypervisor mode
    - drm/amdgpu: Attach exclusive fence to prime exported bo's. (v5)
    - drm/i915: Refresh that status of MST capable connectors in ->detect()
    - drm/i915: Assume non-DP++ port if dvo_port is HDMI and there's no AUX ch
      specified in the VBT
    - virtio-net: drop legacy features in virtio 1 mode
    - clk: mmp: pxa910: fix return value check in pxa910_clk_init()
    - clk: mmp: pxa168: fix return value check in pxa168_clk_init()
    - clk: mmp: mmp2: fix return value check in mmp2_clk_init()
    - clk: imx: fix integer overflow in AV PLL round rate
    - rtc: omap: Fix selecting external osc
    - iwlwifi: pcie: fix SPLC structure parsing
    - iwlwifi: pcie: mark command queue lock with separate lockdep class
    - iwlwifi: mvm: fix netdetect starting/stopping for unified images
    - iwlwifi: mvm: fix d3_test with unified D0/D3 images
    - iwlwifi: mvm: wake the wait queue when the RX sync counter is zero
    - mfd: core: Fix device reference leak in mfd_clone_cell
    - sunrpc: svc_age_temp_xprts_now should not call setsockopt non-tcp transports
    - uwb: fix device reference leaks
    - PM / sleep: fix device reference leak in test_suspend
    - PM / sleep: don't suspend parent when async child suspend_{noirq, late}
      fails
    - perf hists: Fix column length on --hierarchy
    - IB/rxe: Update qp state for user query
    - IB/rxe: Fix kernel panic in UDP tunnel with GRO and RX checksum
    - IB/rxe: Fix handling of erroneous WR
    - IB/rxe: Clear queue buffer when modifying QP to reset
    - IB/mlx4: Check gid_index return value
    - IB/mlx4: Fix create CQ error flow
    - IB/mlx5: Validate requested RQT size
    - IB/mlx5: Use cache line size to select CQE stride
    - IB/mlx5: Fix memory leak in query device
    - IB/mlx5: Fix fatal error dispatching
    - IB/mlx5: Fix NULL pointer dereference on debug print
    - IB/core: Avoid unsigned int overflow in sg_alloc_table
    - IB/hfi1: Remove incorrect IS_ERR check
    - IB/uverbs: Fix leak of XRC target QPs
    - IB/cm: Mark stale CM id's whenever the mad agent was unregistered
    - netfilter: nft_dynset: fix element timeout for HZ != 1000
    - gpio: pca953x: Move memcpy into mutex lock for set multiple
    - gpio: pca953x: Fix corruption of other gpios in set_multiple.
    - Linux 4.8.11

* Upstream stable 4.4.34 and 4.8.10 regression (LP: #1645278)
    - flow_dissect: call init_default_flow_dissectors() earlier

* Fix Kernel Crashing under IBM Virtual Scsi Driver (LP: #1642299)
    - SAUCE: ibmvscsis: Rearrange functions for future patches
    - SAUCE: ibmvscsis: Synchronize cmds at tpg_enable_store time
    - SAUCE: ibmvscsis: Synchronize cmds at remove time
    - SAUCE: ibmvscsis: Clean up properly if target_submit_cmd/tmr fails
    - SAUCE: ibmvscsis: Return correct partition name/# to client
    - SAUCE: ibmvscsis: Issues from Dan Carpenter/Smatch

* Add a driver for Amazon Elastic Network Adapters (ENA) (LP: #1635721)
    - net: ena: Add a driver for Amazon Elastic Network Adapters (ENA)
    - [config] enable CONFIG_ENA_ETHERNET=m (Amazon ENA driver)

* Move some kernel modules to the main kernel package (LP: #1642228)
    - [Config] Move some powerpc kernel modules to the main kernel package

* Yakkety update to 4.8.10 stable release (LP: #1643639)
    - dctcp: avoid bogus doubling of cwnd after loss
    - net: clear sk_err_soft in sk_clone_lock()
    - net: mangle zero checksum in skb_checksum_help()
    - bgmac: stop clearing DMA receive control register right after it is set
    - ip6_tunnel: Clear IP6CB in ip6tunnel_xmit()
    - tcp: fix potential memory corruption
    - ipv4: allow local fragmentation in ip_finish_output_gso()
    - tcp: fix return value for partial writes
    - dccp: do not release listeners too soon
    - dccp: do not send reset to already closed sockets
    - dccp: fix out of bound access in dccp_v4_err()
    - ipv6: dccp: fix out of bound access in dccp_v6_err()
    - ipv6: dccp: add missing bind_conflict to dccp_ipv6_mapped
    - sctp: assign assoc_id earlier in __sctp_connect
    - bpf: fix htab map destruction when extra reserve is in use
    - net: icmp6_send should use dst dev to determine L3 domain
    - fib_trie: Correct /proc/net/route off by one error
    - sock: fix sendmmsg for partial sendmsg
    - net: icmp_route_lookup should use rt dev to determine L3 domain
    - net: __skb_flow_dissect() must cap its return value
    - ipv4: use new_gw for redirect neigh lookup
    - tcp: take care of truncations done by sk_filter()
    - Revert "include/uapi/linux/atm_zatm.h: include linux/time.h"
    - mlxsw: spectrum: Fix refcount bug on span entries
    - mlxsw: spectrum_router: Correctly dump neighbour activity
    - Revert "bnx2: Reset device during driver initialization"
    - bnx2: Wait for in-flight DMA to complete at probe stage
    - sctp: change sk state only when it has assocs in sctp_shutdown
    - net: stmmac: Fix lack of link transition for fixed PHYs
    - spi: spidev_test: fix build with musl libc
    - sparc: Handle negative offsets in arch_jump_label_transform
    - sparc64: Handle extremely large kernel TSB range flushes sanely.
    - sparc64: Fix illegal relative branches in hypervisor patched TLB code.
    - sparc64: Fix instruction count in comment for
      __hypervisor_flush_tlb_pending.
    - sparc64: Fix illegal relative branches in hypervisor patched TLB cross-call
      code.
    - sparc64: Handle extremely large kernel TLB range flushes more gracefully.
    - sparc64: Delete __ret_efault.
    - sparc64: Prepare to move to more saner user copy exception handling.
    - sparc64: Convert copy_in_user to accurate exception reporting.
    - sparc64: Convert GENcopy_{from,to}_user to accurate exception reporting.
    - sparc64: Convert U1copy_{from,to}_user to accurate exception reporting.
    - sparc64: Convert NG4copy_{from,to}_user to accurate exception reporting.
    - sparc64: Convert NGcopy_{from,to}_user to accurate exception reporting.
    - sparc64: Convert NG2copy_{from,to}_user to accurate exception reporting.
    - sparc64: Convert U3copy_{from,to}_user to accurate exception reporting.
    - sparc64: Delete now unused user copy assembler helpers.
    - sparc64: Delete now unused user copy fixup functions.
    - usb: gadget: f_fs: edit epfile->ep under lock
    - usb: gadget: f_fs: stop sleeping in ffs_func_eps_disable
    - Linux 4.8.10

* Yakkety update to v4.8.9 stable release (LP: #1642972)
    - ALSA: info: Return error for invalid read/write
    - ALSA: info: Limit the proc text input size
    - ASoC: cs4270: fix DAPM stream name mismatch
    - dib0700: fix nec repeat handling
    - mm, frontswap: make sure allocated frontswap map is assigned
    - shmem: fix pageflags after swapping DMA32 object
    - swapfile: fix memory corruption via malformed swapfile
    - mm: hwpoison: fix thp split handling in memory_failure()
    - mm/hugetlb: fix huge page reservation leak in private mapping error paths
    - coredump: fix unfreezable coredumping task
    - s390/hypfs: Use get_free_page() instead of kmalloc to ensure page alignment
    - ARC: timer: rtc: implement read loop in "C" vs. inline asm
    - PCI: Don't attempt to claim shadow copies of ROM
    - arc: Implement arch-specific dma_map_ops.mmap
    - pinctrl: cherryview: Serialize register access in suspend/resume
    - pinctrl: cherryview: Prevent possible interrupt storm on resume
    - cpupower: Correct return type of cpu_power_is_cpu_online() in cpufreq-set
    - mmc: sdhci: Fix CMD line reset interfering with ongoing data transfer
    - mmc: sdhci: Fix unexpected data interrupt handling
    - mmc: mmc: Use 500ms as the default generic CMD6 timeout
    - staging: iio: ad5933: avoid uninitialized variable in error case
    - staging: sm750fb: Fix bugs introduced by early commits
    - staging: comedi: ni_tio: fix buggy ni_tio_clock_period_ps() return value
    - drivers: staging: nvec: remove bogus reset command for PS/2 interface
    - Revert "staging: nvec: ps2: change serio type to passthrough"
    - staging: nvec: remove managed resource from PS2 driver
    - usb: dwc3: Fix error handling for core init
    - USB: cdc-acm: fix TIOCMIWAIT
    - usb: gadget: u_ether: remove interrupt throttling
    - drbd: Fix kernel_sendmsg() usage - potential NULL deref
    - toshiba-wmi: Fix loading the driver on non Toshiba laptops
    - clk: qoriq: Don't allow CPU clocks higher than starting value
    - cdc-acm: fix uninitialized variable
    - iio: hid-sensors: Increase the precision of scale to fix wrong reading
      interpretation.
    - iio: orientation: hid-sensor-rotation: Add PM function (fix non working
      driver)
    - iio: st_sensors: fix scale configuration for h3lis331dl
    - scsi: qla2xxx: Fix scsi scan hang triggered if adapter fails during init
    - scsi: mpt3sas: Fix for block device of raid exists even after deleting raid
      disk
    - scsi: scsi_dh_alua: fix missing kref_put() in alua_rtpg_work()
    - scsi: scsi_dh_alua: Fix a reference counting bug
    - KVM: arm/arm64: vgic: Prevent access to invalid SPIs
    - drm/radeon: disable runtime pm in certain cases
    - drm/i915: Respect alternate_ddc_pin for all DDI ports
    - drm/i915/dp: BDW cdclk fix for DP audio
    - drm/i915/dp: Extend BDW DP audio workaround to GEN9 platforms
    - drm/amdgpu: disable runtime pm in certain cases
    - drm/amdgpu: fix crash in acp_hw_fini
    - tty/serial: at91: fix hardware handshake on Atmel platforms
    - drm/amdgpu: fix sched fence slab teardown
    - drm/amd: fix scheduler fence teardown order v2
    - xprtrdma: use complete() instead complete_all()
    - xprtrdma: Fix DMAR failure in frwr_op_map() after reconnect
    - iommu/io-pgtable-arm: Check for v7s-incapable systems
    - iommu/amd: Free domain id when free a domain of struct dma_ops_domain
    - iommu/vt-d: Fix dead-locks in disable_dmar_iommu() path
    - agp/intel: Flush chipset writes after updating a single PTE
    - watchdog: core: Fix devres_alloc() allocation size
    - Input: synaptics-rmi4 - fix error handling in SPI transport driver
    - Input: synaptics-rmi4 - fix error handling in I2C transport driver
    - perf top: Fix refreshing hierarchy entries on TUI
    - mei: bus: fix received data size check in NFC fixup
    - svcrdma: Skip put_page() when send_reply() fails
    - svcrdma: Tail iovec leaves an orphaned DMA mapping
    - nvme: Delete created IO queues on reset
    - Revert "clocksource/drivers/timer_sun5i: Replace code by
      clocksource_mmio_init"
    - x86/build: Fix build with older GCC versions
    - clk: samsung: clk-exynos-audss: Fix module autoload
    - rtc: pcf2123: Add missing error code assignment before test
    - s390/dumpstack: restore reliable indicator for call traces
    - lib/genalloc.c: start search from start of chunk
    - hwrng: core - Don't use a stack buffer in add_early_randomness()
    - i40e: fix call of ndo_dflt_bridge_getlink()
    - mmc: sdhci-msm: Fix error return code in sdhci_msm_probe()
    - ACPI / APEI: Fix incorrect return value of ghes_proc()
    - ACPI/PCI/IRQ: assign ISA IRQ directly during early boot stages
    - ACPI/PCI: pci_link: penalize SCI correctly
    - ACPI/PCI: pci_link: Include PIRQ_PENALTY_PCI_USING for ISA IRQs
    - batman-adv: Modify neigh_list only with rcu-list functions
    - gpio/mvebu: Use irq_domain_add_linear
    - gpio: of: fix GPIO drivers with multiple gpio_chip for a single node
    - ASoC: Intel: Skylake: Always acquire runtime pm ref on unload
    - ASoC: sun4i-codec: return error code instead of NULL when create_card fails
    - pinctrl: iproc: Fix iProc and NSP GPIO support
    - mmc: mxs: Initialize the spinlock prior to using it
    - memcg: prevent memcg caches to be both OFF_SLAB & OBJFREELIST_SLAB
    - libceph: fix legacy layout decode with pool 0
    - NFSv4.1: work around -Wmaybe-uninitialized warning
    - drm/amdgpu: fix fence slab teardown
    - drm/amdgpu: fix a vm_flush fence leak
    - drm/i915: Fix mismatched INIT power domain disabling during suspend
    - netfilter: fix namespace handling in nf_log_proc_dostring
    - Linux 4.8.9

* Yakkety update to 4.8.8 stable release (LP: #1642607)
    - net: fec: set mac address unconditionally
    - net: pktgen: fix pkt_size
    - net/sched: act_vlan: Push skb->data to mac_header prior calling skb_vlan_*()
      functions
    - net: Add netdev all_adj_list refcnt propagation to fix panic
    - packet: call fanout_release, while UNREGISTERING a netdev
    - netlink: do not enter direct reclaim from netlink_dump()
    - drivers/ptp: Fix kernel memory disclosure
    - net_sched: reorder pernet ops and act ops registrations
    - ipv6: tcp: restore IP6CB for pktoptions skbs
    - net: phy: Trigger state machine on state change and not polling.
    - ip6_tunnel: fix ip6_tnl_lookup
    - IB/ipoib: move back IB LL address into the hard header
    - net/mlx4_en: fixup xdp tx irq to match rx
    - net: pktgen: remove rcu locking in pktgen_change_name()
    - bridge: multicast: restore perm router ports on multicast enable
    - switchdev: Execute bridge ndos only for bridge ports
    - rtnetlink: Add rtnexthop offload flag to compare mask
    - net: core: Correctly iterate over lower adjacency list
    - net: add recursion limit to GRO
    - ipv4: disable BH in set_ping_group_range()
    - ipv4: use the right lock for ping_group_range
    - net: fec: Call swap_buffer() prior to IP header alignment
    - net: sctp, forbid negative length
    - sctp: fix the panic caused by route update
    - udp: fix IP_CHECKSUM handling
    - netvsc: fix incorrect receive checksum offloading
    - macsec: Fix header length if SCI is added if explicitly disabled
    - net: ipv6: Do not consider link state for nexthop validation
    - net sched filters: fix notification of filter delete with proper handle
    - sctp: validate chunk len before actually using it
    - ip6_tunnel: Update skb->protocol to ETH_P_IPV6 in ip6_tnl_xmit()
    - packet: on direct_xmit, limit tso and csum to supported devices
    - arch/powerpc: Update parameters for csum_tcpudp_magic & csum_tcpudp_nofold
    - usb: dwc3: gadget: properly account queued requests
    - scsi: megaraid_sas: Fix data integrity failure for JBOD (passthrough)
      devices
    - scsi: megaraid_sas: fix macro MEGASAS_IS_LOGICAL to avoid regression
    - Linux 4.8.8

* Yakkety update to 4.8.7 stable release (LP: #1642606)
    - i2c: rk3x: Give the tuning value 0 during rk3x_i2c_v0_calc_timings
    - i2c: xgene: Avoid dma_buffer overrun
    - i2c: core: fix NULL pointer dereference under race condition
    - drm/dp/mst: Clear port->pdt when tearing down the i2c adapter
    - spi: fsl-espi: avoid processing uninitalized data on error
    - spi: mark device nodes only in case of successful instantiation
    - h8300: fix syscall restarting
    - gpio / ACPI: fix returned error from acpi_dev_gpio_irq_get()
    - gpio: GPIO_GET_CHIPINFO_IOCTL: Fix line offset validation
    - gpio: GPIO_GET_CHIPINFO_IOCTL: Fix information leak
    - gpio: GPIO_GET_LINEHANDLE_IOCTL: Validate line offset
    - gpio: GPIOHANDLE_GET_LINE_VALUES_IOCTL: Fix information leak
    - gpio: GPIO_GET_LINEEVENT_IOCTL: Validate line offset
    - gpio: GPIO_GET_LINEHANDLE_IOCTL: Reject invalid line flags
    - gpio: GPIO_GET_LINEEVENT_IOCTL: Reject invalid line and event flags
    - gpio: GPIOHANDLE_GET_LINE_VALUES_IOCTL: Fix another information leak
    - gpio: GPIO_GET_LINE{HANDLE,EVENT}_IOCTL: Fix file descriptor leak
    - libxfs: clean up _calc_dquots_per_chunk
    - mm/list_lru.c: avoid error-path NULL pointer deref
    - mm/slab: fix kmemcg cache creation delayed issue
    - mm: memcontrol: do not recurse in direct reclaim
    - KEYS: Sort out big_key initialisation
    - security/keys: make BIG_KEYS dependent on stdrng.
    - device-dax: fix percpu_ref_exit ordering
    - ALSA: usb-audio: Add quirk for Syntek STK1160
    - ALSA: seq: Fix time account regression
    - ALSA: hda - allow 40 bit DMA mask for NVidia devices
    - ALSA: hda - Adding a new group of pin cfg into ALC295 pin quirk table
    - ALSA: hda - Fix surround output pins for ASRock B150M mobo
    - ALSA: hda - Fix headset mic detection problem for two Dell laptops
    - ANDROID: binder: Add strong ref checks
    - ANDROID: binder: Clear binder and cookie when setting handle in flat binder
      struct
    - cxl: Fix leaking pid refs in some error paths
    - btrfs: fix races on root_log_ctx lists
    - powerpc: Convert cmp to cmpd in idle enter sequence
    - powerpc/mm/radix: Use tlbiel only if we ever ran on the current cpu
    - x86/microcode/AMD: Fix more fallout from CONFIG_RANDOMIZE_MEMORY=y
    - timers: Prevent base clock rewind when forwarding clock
    - timers: Prevent base clock corruption when forwarding
    - timers: Plug locking race vs. timer migration
    - timers: Lock base for same bucket optimization
    - ubifs: Abort readdir upon error
    - ubifs: Fix regression in ubifs_readdir()
    - mei: txe: don't clean an unprocessed interrupt cause.
    - usb: gadget: udc: atmel: fix endpoint name
    - usb: gadget: function: u_ether: don't starve tx request queue
    - USB: serial: fix potential NULL-dereference at probe
    - USB: serial: cp210x: fix tiocmget error handling
    - USB: serial: ftdi_sio: add support for Infineon TriBoard TC2X7
    - xhci: use default USB_RESUME_TIMEOUT when resuming ports.
    - usb: renesas_usbhs: add wait after initialization for R-Car Gen3
    - usb: increase ohci watchdog delay to 275 msec
    - x86/smpboot: Init apic mapping before usage
    - vt: clear selection before resizing
    - xhci: add restart quirk for Intel Wildcatpoint PCH
    - xhci: workaround for hosts missing CAS bit
    - tty: limit terminal size to 4M chars
    - arm64: dts: marvell: fix clocksource for CP110 master SPI0
    - iio:chemical:atlas-ph-sensor: Fix use of 32 bit int to hold 16 bit big
      endian value
    - Staging: wilc1000: Fix kernel Oops on opening the device
    - dm: free io_barrier after blk_cleanup_queue call
    - KVM: x86: fix wbinvd_dirty_mask use-after-free
    - KVM: s390: Fix STHYI buffer alignment for diag224
    - KVM: MIPS: Make ERET handle ERL before EXL
    - KVM: MIPS: Precalculate MMIO load resume PC
    - ARM: mvebu: Select corediv clk for all mvebu v7 SoC
    - ARM: dts: fix the SD card on the Snowball
    - nfsd: Fix general protection fault in release_lock_stateid()
    - MIPS: KASLR: Fix handling of NULL FDT
    - ovl: fix get_acl() on tmpfs
    - ovl: update S_ISGID when setting posix ACLs
    - ovl: fsync after copy-up
    - parisc: Ensure consistent state when switching to kernel stack at syscall
      entry
    - virtio_ring: Make interrupt suppression spec compliant
    - virtio_pci: Limit DMA mask to 44 bits for legacy virtio devices
    - virtio: console: Unlock vqs while freeing buffers
    - dm mirror: fix read error on recovery after default leg failure
    - dm table: fix missing dm_put_target_type() in dm_table_add_target()
    - dm rq: clear kworker_task if kthread_run() returned an error
    - dm raid: fix activation of existing raid4/10 devices
    - rtl8xxxu: Fix memory leak in handling rxdesc16 packets
    - rtl8xxxu: Fix big-endian problem reporting mactime
    - rtl8xxxu: Fix rtl8723bu driver reload issue
    - Input: i8042 - add XMG C504 to keyboard reset table
    - firewire: net: guard against rx buffer overflows
    - firewire: net: fix fragmented datagram_size off-by-one
    - mac80211: discard multicast and 4-addr A-MSDUs
    - Revert "ath9k_hw: implement temperature compensation support for AR9003+"
    - ath10k: cache calibration data when the core is stopped
    - scsi: scsi_debug: Fix memory leak if LBP enabled and module is unloaded
    - scsi: arcmsr: Send SYNCHRONIZE_CACHE command to firmware
    - mmc: dw_mmc-pltfm: fix the potential NULL pointer dereference
    - RAID1: ignore discard error
    - RAID10: ignore discard error
    - md: be careful not lot leak internal curr_resync value into metadata. --
      (all)
    - Revert "drm/radeon: fix DP link training issue with second 4K monitor"
    - drm/imx: ipuv3-plane: Switch EBA buffer only when we don't need modeset
    - drm/imx: ipuv3-plane: Access old u/vbo properly in ->atomic_check for
      YU12/YV12
    - drm/radeon/si_dpm: Limit clocks on HD86xx part
    - drm/radeon/si_dpm: workaround for SI kickers
    - drm/radeon: drop register readback in cayman_cp_int_cntl_setup
    - drm/nouveau/acpi: fix check for power resources support
    - drm/fb-helper: Don't call dirty callback for untouched clips
    - drm/fb-helper: Fix connector ref leak on error
    - drm/fb-helper: Keep references for the current set of used connectors
    - drm/i915/gen9: fix DDB partitioning for multi-screen cases
    - drm/i915/gen9: fix watermarks when using the pipe scaler
    - drm/dp/mst: Check peer device type before attempting EDID read
    - drm: Release reference from blob lookup after replacing property
    - drm/i915: Respect alternate_aux_channel for all DDI ports
    - drm/i915: Clean up DDI DDC/AUX CH sanitation
    - drm/i915/fbc: fix CFB size calculation for gen8+
    - drm: i915: Wait for fences on new fb, not old
    - i2c: mark device nodes only in case of successful instantiation
    - netfilter: xt_NFLOG: fix unexpected truncated packet
    - UBI: fastmap: scrub PEB when bitflips are detected in a free PEB EC header
    - uapi: add missing install of sync_file.h
    - video: fbdev: pxafb: potential NULL dereference on error
    - omapfb: fix return value check in dsi_bind()
    - pwm: Unexport children before chip removal
    - usb: dwc3: Fix size used in dma_free_coherent()
    - usb: chipidea: host: fix NULL ptr dereference during shutdown
    - usb: musb: Fix hardirq-safe hardirq-unsafe lock order error
    - v4l: vsp1: Prevent pipelines from running when not streaming
    - tty: vt, fix bogus division in csi_J
    - ARM: fix oops when using older ARMv4T CPUs
    - kvm: x86: Check memopp before dereference (CVE-2016-8630)
    - btrfs: qgroup: Prevent qgroup->reserved from going subzero
    - ubi: fastmap: Fix add_vol() return value test in ubi_attach_fastmap()
    - cpufreq: intel_pstate: Set P-state upfront in performance mode
    - HID: usbhid: add ATEN CS962 to list of quirky devices
    - Linux 4.8.7
    - [Config] updateconfigs after 4.8.7 stable update

* CVE-2016-6213
    - mnt: Add a per mount namespace limit on the number of mounts

* Cursor doesn't move after multitouch on alps touchpad (LP: #1641874)
    - HID: alps: fix multitouch cursor issue

* [SRU] Add 0cf3:e009 to btusb (LP: #1641562)
    - Bluetooth: btusb: Add support for 0cf3:e009

* [Hyper-V] do not lose pending heartbeat vmbus packets (LP: #1632786)
    - hv: do not lose pending heartbeat vmbus packets

* ipv6: connected routes are missing after a down/up cycle on the loopback
    (LP: #1634545)
    - ipv6: correctly add local routes when lo goes up

* [Feature] Add Knights Mill to Intel processors family list (LP: #1637528)
    - x86/cpu/intel: Add Knights Mill to Intel family
    - perf/x86/intel: Add Knights Mill CPUID
    - perf/x86/intel/rapl: Add Knights Mill CPUID
    - perf/x86/intel/uncore: Add Knights Mill CPUID

* hv_set_ifconfig script parsing fails for certain configuration
    (LP: #1640109)
    - hv_set_ifconfig -- handle DHCP interfaces correctly
    - hv_set_ifconfig -- ensure we include the last stanza

* nvme: improve performance for virtual Google NVMe devices (LP: #1637565)
    - [Config] CONFIG_NVME_VENDOR_EXT_GOOGLE=y
    - SAUCE: nvme: improve performance for virtual NVMe devices

* CVE-2016-7039 and CVE-2016-8666 (LP: #1631287)
    - Revert "UBUNTU: SAUCE: net: add recursion limit to GRO"

-- Thadeu Lima de Souza Cascardo <cascardo@canonical.com>  Mon, 12 Dec 2016 15:33:04 -0200

Changed in linux (Ubuntu Yakkety):
status:	Fix Committed → Fix Released

Ubuntu
linux package

Fix Kernel Crashing under IBM Virtual Scsi Driver

Bug Description

CVE References

Other bug subscribers

Bug attachments

Remote bug watches

	Status	Importance	Assigned to
linux (Ubuntu)	Fix Released	High	Tim Gardner
Xenial	Fix Released	Undecided	Tim Gardner
Yakkety	Fix Released	Undecided	Tim Gardner
Zesty	Fix Released	High	Tim Gardner

Ubuntulinux package

Fix Kernel Crashing under IBM Virtual Scsi Driver

Bug Description

CVE References

Other bug subscribers

Bug attachments

Remote bug watches

Ubuntu
linux package