Ubuntu
linux package

Xenial update to 4.4.95 stable release

Bug #1729107 reported by Thadeu Lima de Souza Cascardo on 2017-11-01

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	linux (Ubuntu)	Fix Released	Undecided	Thadeu Lima de Souza Cascardo
	Xenial	Fix Released	Undecided	Thadeu Lima de Souza Cascardo

Bug Description

SRU Justification

    Impact:
       The upstream process for stable tree updates is quite similar
       in scope to the Ubuntu SRU process, e.g., each patch has to
       demonstrably fix a bug, and each patch is vetted by upstream
       by originating either directly from a mainline/stable Linux tree or
       a minimally backported form of that patch. The 4.4.95 upstream stable
       patch set is now available. It should be included in the Ubuntu
       kernel as well.

git://git.kernel.org/

TEST CASE: TBD

       The following patches from the 4.4.95 stable release shall be applied:
    - USB: devio: Revert "USB: devio: Don't corrupt user memory"
    - USB: core: fix out-of-bounds access bug in usb_get_bos_descriptor()
    - USB: serial: metro-usb: add MS7820 device id
    - usb: cdc_acm: Add quirk for Elatec TWN3
    - usb: quirks: add quirk for WORLDE MINI MIDI keyboard
    - usb: hub: Allow reset retry for USB2 devices on connect bounce
    - ALSA: usb-audio: Add native DSD support for Pro-Ject Pre Box S2 Digital
    - can: gs_usb: fix busy loop if no more TX context is available
    - usb: musb: sunxi: Explicitly release USB PHY on exit
    - usb: musb: Check for host-mode using is_host_active() on reset interrupt
    - can: esd_usb2: Fix can_dlc value for received RTR, frames
    - drm/nouveau/bsp/g92: disable by default
    - drm/nouveau/mmu: flush tlbs before deleting page tables
    - ALSA: seq: Enable 'use' locking in all configurations
    - ALSA: hda: Remove superfluous '-' added by printk conversion
    - i2c: ismt: Separate I2C block read from SMBus block read
    - brcmsmac: make some local variables 'static const' to reduce stack size
    - bus: mbus: fix window size calculation for 4GB windows
    - clockevents/drivers/cs5535: Improve resilience to spurious interrupts
    - rtlwifi: rtl8821ae: Fix connection lost problem
    - KEYS: encrypted: fix dereference of NULL user_key_payload
    - lib/digsig: fix dereference of NULL user_key_payload
    - KEYS: don't let add_key() update an uninstantiated key
    - pkcs7: Prevent NULL pointer dereference, since sinfo is not always set.
    - parisc: Avoid trashing sr2 and sr3 in LWS code
    - parisc: Fix double-word compare and exchange in LWS code on 32-bit kernels
    - sched/autogroup: Fix autogroup_move_group() to never skip sched_move_task()
    - f2fs crypto: replace some BUG_ON()'s with error checks
    - f2fs crypto: add missing locking for keyring_key access
    - fscrypt: fix dereference of NULL user_key_payload
    - KEYS: Fix race between updating and finding a negative key
    - fscrypto: require write access to mount to set encryption policy
    - FS-Cache: fix dereference of NULL user_key_payload
    - Linux 4.4.95

See original description

Tags:

Thadeu Lima de Souza Cascardo (cascardo) on 2017-11-01

tags:

added: kernel-stable-tracking-bug

Thadeu Lima de Souza Cascardo (cascardo) on 2017-11-01

Changed in linux (Ubuntu):
status:	New → In Progress
assignee:	nobody → Thadeu Lima de Souza Cascardo (cascardo)
description:	updated

Thadeu Lima de Souza Cascardo (cascardo) on 2017-11-01

Changed in linux (Ubuntu Xenial):
assignee:	nobody → Thadeu Lima de Souza Cascardo (cascardo)
status:	New → In Progress

Thadeu Lima de Souza Cascardo (cascardo) on 2017-11-01

Changed in linux (Ubuntu Xenial):
status:	In Progress → Fix Committed

Revision history for this message

Launchpad Janitor (janitor) wrote on 2017-11-20:

Download full text (14.3 KiB)

This bug was fixed in the package linux - 4.4.0-101.124

---------------
linux (4.4.0-101.124) xenial; urgency=low

* linux: 4.4.0-101.124 -proposed tracker (LP: #1731264)

* s390/mm: fix write access check in gup_huge_pmd() (LP: #1730596)
- s390/mm: fix write access check in gup_huge_pmd()

linux (4.4.0-100.123) xenial; urgency=low

* linux: 4.4.0-100.123 -proposed tracker (LP: #1729273)

  * Xenial update to 4.4.95 stable release (LP: #1729107)
    - USB: devio: Revert "USB: devio: Don't corrupt user memory"
    - USB: core: fix out-of-bounds access bug in usb_get_bos_descriptor()
    - USB: serial: metro-usb: add MS7820 device id
    - usb: cdc_acm: Add quirk for Elatec TWN3
    - usb: quirks: add quirk for WORLDE MINI MIDI keyboard
    - usb: hub: Allow reset retry for USB2 devices on connect bounce
    - ALSA: usb-audio: Add native DSD support for Pro-Ject Pre Box S2 Digital
    - can: gs_usb: fix busy loop if no more TX context is available
    - usb: musb: sunxi: Explicitly release USB PHY on exit
    - usb: musb: Check for host-mode using is_host_active() on reset interrupt
    - can: esd_usb2: Fix can_dlc value for received RTR, frames
    - drm/nouveau/bsp/g92: disable by default
    - drm/nouveau/mmu: flush tlbs before deleting page tables
    - ALSA: seq: Enable 'use' locking in all configurations
    - ALSA: hda: Remove superfluous '-' added by printk conversion
    - i2c: ismt: Separate I2C block read from SMBus block read
    - brcmsmac: make some local variables 'static const' to reduce stack size
    - bus: mbus: fix window size calculation for 4GB windows
    - clockevents/drivers/cs5535: Improve resilience to spurious interrupts
    - rtlwifi: rtl8821ae: Fix connection lost problem
    - KEYS: encrypted: fix dereference of NULL user_key_payload
    - lib/digsig: fix dereference of NULL user_key_payload
    - KEYS: don't let add_key() update an uninstantiated key
    - pkcs7: Prevent NULL pointer dereference, since sinfo is not always set.
    - parisc: Avoid trashing sr2 and sr3 in LWS code
    - parisc: Fix double-word compare and exchange in LWS code on 32-bit kernels
    - sched/autogroup: Fix autogroup_move_group() to never skip sched_move_task()
    - f2fs crypto: replace some BUG_ON()'s with error checks
    - f2fs crypto: add missing locking for keyring_key access
    - fscrypt: fix dereference of NULL user_key_payload
    - KEYS: Fix race between updating and finding a negative key
    - fscrypto: require write access to mount to set encryption policy
    - FS-Cache: fix dereference of NULL user_key_payload
    - Linux 4.4.95

This bug was fixed in the package linux - 4.4.0-101.124

---------------
linux (4.4.0-101.124) xenial; urgency=low

* linux: 4.4.0-101.124 -proposed tracker (LP: #1731264)

* s390/mm: fix write access check in gup_huge_pmd() (LP: #1730596)
    - s390/mm: fix write access check in gup_huge_pmd()

linux (4.4.0-100.123) xenial; urgency=low

* linux: 4.4.0-100.123 -proposed tracker (LP: #1729273)

* Xenial update to 4.4.94 stable release (LP: #1729105)
    - percpu: make this_cpu_generic_read() atomic w.r.t. interrupts
    - drm/dp/mst: save vcpi with payloads
    - MIPS: Fix minimum alignment requirement of IRQ stack
    - sctp: potential read out of bounds in sctp_ulpevent_type_enabled()
    - bpf/verifier: reject BPF_ALU64|BPF_END
    - udpv6: Fix the checksum computation when HW checksum does not apply
    - ip6_gre: skb_push ipv6hdr before packing the header in ip6gre_header
    - net: emac: Fix napi poll list corruption
    - packet: hold bind lock when rebinding to fanout hook
    - bpf: one perf event close won't free bpf program attached by another perf
      event
    - isdn/i4l: fetch the ppp_write buffer in one shot
    - vti: fix use after free in vti_tunnel_xmit/vti6_tnl_xmit
    - l2tp: Avoid schedule while atomic in exit_net
    - l2tp: fix race condition in l2tp_tunnel_delete
    - tun: bail out from tun_get_user() if the skb is empty
    - packet: in packet_do_bind, test fanout with bind_lock held
    - packet: only test po->has_vnet_hdr once in packet_snd
    - net: Set sk_prot_creator when cloning sockets to the right proto
    - tipc: use only positive error codes in messages
    - Revert "bsg-lib: don't free job in bsg_prepare_job"
    - locking/lockdep: Add nest_lock integrity test
    - watchdog: kempld: fix gcc-4.3 build
    - irqchip/crossbar: Fix incorrect type of local variables
    - mac80211_hwsim: check HWSIM_ATTR_RADIO_NAME length
    - mac80211: fix power saving clients handling in iwlwifi
    - net/mlx4_en: fix overflow in mlx4_en_init_timestamp()
    - netfilter: nf_ct_expect: Change __nf_ct_expect_check() return value.
    - iio: adc: xilinx: Fix error handling
    - Btrfs: send, fix failure to rename top level inode due to name collision
    - f2fs: do not wait for writeback in write_begin
    - md/linear: shutup lockdep warnning
    - sparc64: Migrate hvcons irq to panicked cpu
    - net/mlx4_core: Fix VF overwrite of module param which disables DMFS on new
      probed PFs
    - crypto: xts - Add ECB dependency
    - ocfs2/dlmglue: prepare tracking logic to avoid recursive cluster lock
    - slub: do not merge cache if slub_debug contains a never-merge flag
    - scsi: scsi_dh_emc: return success in clariion_std_inquiry()
    - net: mvpp2: release reference to txq_cpu[] entry after unmapping
    - i2c: at91: ensure state is restored after suspending
    - ceph: clean up unsafe d_parent accesses in build_dentry_path
    - uapi: fix linux/rds.h userspace compilation errors
    - uapi: fix linux/mroute6.h userspace compilation errors
    - target/iscsi: Fix unsolicited data seq_end_offset calculation
    - nfsd/callback: Cleanup callback cred on shutdown
    - cpufreq: CPPC: add ACPI_PROCESSOR dependency
    - Revert "tty: goldfish: Fix a parameter of a call to free_irq"
    - Linux 4.4.94

linux (4.4.0-99.122) xenial; urgency=low

* linux: 4.4.0-99.122 -proposed tracker (LP: #1728945)

* Remove vmbus-rdma driver from Xenial kernel (LP: #1721538)
    - SAUCE: remove hv_network_direct driver
    - [Config]: Remove hv_network_direct driver

* usb 3-1: 2:1: cannot get freq at ep 0x1 (LP: #1708499)
    - ALSA: usb-audio: Add sample rate quirk for Plantronics C310/C520-M

* Plantronics Blackwire C520-M - Cannot get freq at ep 0x1, 0x81
    (LP: #1709282)
    - ALSA: usb-audio: Add sample rate quirk for Plantronics C310/C520-M

* wait-for-root fails to detect nbd root (LP: #696435)
    - nbd: Create size change events for userspace

* Fix OpenNSL GPL bugs found by CoverityScan static analysis (LP: #1718388)
    - SAUCE: opennsl: bcm-knet: check for null sinfo to avoid a null pointer
      dereference
    - SAUCE: opennsl: bcm-knet: remove redundant null checks on dev->name
    - SAUCE: opennsl: bde: check for out-of-bounds index io.dev

* HID: multitouch: Correct ALPS PTP Stick and Touchpad devices ID
    (LP: #1722719)
    - Revert "HID: multitouch: Support ALPS PTP stick with pid 0x120A"

* Xenial update to 4.4.93 stable release (LP: #1724836)
    - brcmfmac: add length check in brcmf_cfg80211_escan_handler()
    - ext4: in ext4_seek_{hole,data}, return -ENXIO for negative offsets
    - CIFS: Reconnect expired SMB sessions
    - nl80211: Define policy for packet pattern attributes
    - iwlwifi: mvm: use IWL_HCMD_NOCOPY for MCAST_FILTER_CMD
    - rcu: Allow for page faults in NMI handlers
    - USB: dummy-hcd: Fix deadlock caused by disconnect detection
    - MIPS: math-emu: Remove pr_err() calls from fpu_emu()
    - dmaengine: edma: Align the memcpy acnt array size with the transfer
    - HID: usbhid: fix out-of-bounds bug
    - crypto: shash - Fix zero-length shash ahash digest crash
    - KVM: nVMX: fix guest CR4 loading when emulating L2 to L1 exit
    - usb: renesas_usbhs: Fix DMAC sequence for receiving zero-length packet
    - iommu/amd: Finish TLB flush in amd_iommu_unmap()
    - ALSA: usb-audio: Kill stray URB at exiting
    - ALSA: seq: Fix use-after-free at creating a port
    - ALSA: seq: Fix copy_from_user() call inside lock
    - ALSA: caiaq: Fix stray URB at probe error path
    - ALSA: line6: Fix leftover URB at error-path during probe
    - usb: gadget: composite: Fix use-after-free in
      usb_composite_overwrite_options
    - direct-io: Prevent NULL pointer access in submit_page_section
    - fix unbalanced page refcounting in bio_map_user_iov
    - USB: serial: ftdi_sio: add id for Cypress WICED dev board
    - USB: serial: cp210x: add support for ELV TFD500
    - USB: serial: option: add support for TP-Link LTE module
    - Revert "UBUNTU: SAUCE: USB: serial: qcserial: add Dell DW5818, DW5819"
    - USB: serial: qcserial: add Dell DW5818, DW5819
    - USB: serial: console: fix use-after-free after failed setup
    - x86/alternatives: Fix alt_max_short macro to really be a max()
    - Linux 4.4.93

* NULL pointer dereference in tty_write() in kernel 4.4.0-93.116+
    (LP: #1721065)
    - tty: Prepare for destroying line discipline on hangup

* Xenial update to 4.4.92 stable release (LP: #1724783)
    - usb: gadget: inode.c: fix unbalanced spin_lock in ep0_write
    - USB: gadgetfs: Fix crash caused by inadequate synchronization
    - USB: gadgetfs: fix copy_to_user while holding spinlock
    - usb: gadget: udc: atmel: set vbus irqflags explicitly
    - usb-storage: unusual_devs entry to fix write-access regression for Seagate
      external drives
    - usb: renesas_usbhs: fix the BCLR setting condition for non-DCP pipe
    - usb: renesas_usbhs: fix usbhsf_fifo_clear() for RX direction
    - ALSA: usb-audio: Check out-of-bounds access by corrupted buffer descriptor
    - usb: pci-quirks.c: Corrected timeout values used in handshake
    - USB: dummy-hcd: fix connection failures (wrong speed)
    - USB: dummy-hcd: fix infinite-loop resubmission bug
    - USB: dummy-hcd: Fix erroneous synchronization change
    - USB: devio: Don't corrupt user memory
    - usb: gadget: mass_storage: set msg_registered after msg registered
    - USB: g_mass_storage: Fix deadlock when driver is unbound
    - lsm: fix smack_inode_removexattr and xattr_getsecurity memleak
    - ALSA: compress: Remove unused variable
    - ALSA: usx2y: Suppress kernel warning at page allocation failures
    - driver core: platform: Don't read past the end of "driver_override" buffer
    - Drivers: hv: fcopy: restore correct transfer length
    - stm class: Fix a use-after-free
    - ftrace: Fix kmemleak in unregister_ftrace_graph
    - HID: i2c-hid: allocate hid buffers for real worst case
    - iwlwifi: add workaround to disable wide channels in 5GHz
    - scsi: sd: Do not override max_sectors_kb sysfs setting
    - USB: uas: fix bug in handling of alternate settings
    - USB: core: harden cdc_parse_cdc_header
    - usb: Increase quirk delay for USB devices
    - USB: fix out-of-bounds in usb_set_configuration
    - xhci: fix finding correct bus_state structure for USB 3.1 hosts
    - iio: adc: twl4030: Fix an error handling path in 'twl4030_madc_probe()'
    - iio: adc: twl4030: Disable the vusb3v1 rugulator in the error handling path
      of 'twl4030_madc_probe()'
    - iio: ad_sigma_delta: Implement a dedicated reset function
    - staging: iio: ad7192: Fix - use the dedicated reset function avoiding dma
      from stack.
    - iio: core: Return error for failed read_reg
    - iio: ad7793: Fix the serial interface reset
    - iio: adc: mcp320x: Fix readout of negative voltages
    - iio: adc: mcp320x: Fix oops on module unload
    - uwb: properly check kthread_run return value
    - uwb: ensure that endpoint is interrupt
    - brcmfmac: setup passive scan if requested by user-space
    - drm/i915/bios: ignore HDMI on port A
    - sched/cpuset/pm: Fix cpuset vs. suspend-resume bugs
    - ext4: fix data corruption for mmap writes
    - ext4: Don't clear SGID when inheriting ACLs
    - ext4: don't allow encrypted operations without keys
    - Linux 4.4.92

* Xenial update to 4.4.91 stable release (LP: #1724772)
    - drm_fourcc: Fix DRM_FORMAT_MOD_LINEAR #define
    - drm: bridge: add DT bindings for TI ths8135
    - GFS2: Fix reference to ERR_PTR in gfs2_glock_iter_next
    - RDS: RDMA: Fix the composite message user notification
    - ARM: dts: r8a7790: Use R-Car Gen 2 fallback binding for msiof nodes
    - MIPS: Ensure bss section ends on a long-aligned address
    - MIPS: ralink: Fix incorrect assignment on ralink_soc
    - igb: re-assign hw address pointer on reset after PCI error
    - extcon: axp288: Use vbus-valid instead of -present to determine cable
      presence
    - sh_eth: use correct name for ECMR_MPDE bit
    - hwmon: (gl520sm) Fix overflows and crash seen when writing into limit
      attributes
    - iio: adc: axp288: Drop bogus AXP288_ADC_TS_PIN_CTRL register modifications
    - iio: adc: hx711: Add DT binding for avia,hx711
    - ARM: 8635/1: nommu: allow enabling REMAP_VECTORS_TO_RAM
    - tty: goldfish: Fix a parameter of a call to free_irq
    - IB/ipoib: Fix deadlock over vlan_mutex
    - IB/ipoib: rtnl_unlock can not come after free_netdev
    - IB/ipoib: Replace list_del of the neigh->list with list_del_init
    - drm/amdkfd: fix improper return value on error
    - USB: serial: mos7720: fix control-message error handling
    - USB: serial: mos7840: fix control-message error handling
    - partitions/efi: Fix integer overflow in GPT size calculation
    - ASoC: dapm: handle probe deferrals
    - audit: log 32-bit socketcalls
    - usb: chipidea: vbus event may exist before starting gadget
    - ASoC: dapm: fix some pointer error handling
    - MIPS: Lantiq: Fix another request_mem_region() return code check
    - net: core: Prevent from dereferencing null pointer when releasing SKB
    - net/packet: check length in getsockopt() called with PACKET_HDRLEN
    - team: fix memory leaks
    - usb: plusb: Add support for PL-27A1
    - mmc: sdio: fix alignment issue in struct sdio_func
    - bridge: netlink: register netdevice before executing changelink
    - netfilter: invoke synchronize_rcu after set the _hook_ to NULL
    - MIPS: IRQ Stack: Unwind IRQ stack onto task stack
    - exynos-gsc: Do not swap cb/cr for semi planar formats
    - netfilter: nfnl_cthelper: fix incorrect helper->expect_class_max
    - parisc: perf: Fix potential NULL pointer dereference
    - iommu/io-pgtable-arm: Check for leaf entry before dereferencing it
    - rds: ib: add error handle
    - md/raid10: submit bio directly to replacement disk
    - i2c: meson: fix wrong variable usage in meson_i2c_put_data
    - xfs: remove kmem_zalloc_greedy
    - libata: transport: Remove circular dependency at free time
    - drivers: firmware: psci: drop duplicate const from psci_of_match
    - IB/qib: fix false-postive maybe-uninitialized warning
    - ARM: remove duplicate 'const' annotations'
    - ALSA: au88x0: avoid theoretical uninitialized access
    - ttpci: address stringop overflow warning
    - Linux 4.4.91

-- Thadeu Lima de Souza Cascardo <cascardo@canonical.com>  Fri, 10 Nov 2017 08:24:10 -0200

Changed in linux (Ubuntu Xenial):
status:	Fix Committed → Fix Released

Po-Hsu Lin (cypressyew) on 2019-10-03

Changed in linux (Ubuntu):
status:	In Progress → Fix Released

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.

Ubuntulinux package

Xenial update to 4.4.95 stable release

Bug Description

Other bug subscribers

Remote bug watches

Ubuntu
linux package