Bug #1702118 “Xenial update to 4.4.75 stable release” : Bugs : linux package : Ubuntu

Stefan Bader (smb) on 2017-07-03

tags:	added: kernel-stable-tracking-bug
Changed in linux (Ubuntu Xenial):
assignee:	nobody → Stefan Bader (smb)
importance:	Undecided → Medium
status:	New → In Progress

Revision history for this message

Stefan Bader (smb) wrote on 2017-07-03:

#1

Patch "time: Fix clock->read(clock) race around clocksource changes" applied but with fuzz 1.

The following patches were skipped because they were already applied:
* bug #1602726 nvme - reset_controller is not working after adapter's
  firmware upgrade (adapter quirk is needed)
  - nvme/quirk: Add a delay before checking for adapter readiness
* bug #1656913 NVMe: adapter is missing after abnormal shutdown
  followed by quick reboot, quirk needed
  - nvme: apply DELAY_BEFORE_CHK_RDY quirk at probe time too

description:

updated

Revision history for this message

Stefan Bader (smb) wrote on 2017-07-03:

#2

Patch "time: Fix clock->read(clock) race around clocksource changes" had to be fixed up because we backported the following patches for bug #1519625 "Always Running Timer (ART) to System Time translation":
* time: Add timekeeping snapshot code capturing system time and counter
* time: Add history to cross timestamp interface supporting slower devices

The original upstream patch did have those fixes, so the fixup has been melded into the patch.

Thadeu Lima de Souza Cascardo (cascardo) on 2017-07-11

Changed in linux (Ubuntu Xenial):
status:	In Progress → Fix Committed

Revision history for this message

Launchpad Janitor (janitor) wrote on 2017-08-03:

#3

Download full text (12.0 KiB)

This bug was fixed in the package linux - 4.4.0-89.112

---------------
linux (4.4.0-89.112) xenial; urgency=low

* CVE-2017-7533
- dentry name snapshots

linux (4.4.0-88.111) xenial; urgency=low

* linux: 4.4.0-88.111 -proposed tracker (LP: #1705270)

* [Xenial] nvme: Quirks for PM1725 controllers (LP: #1704435)
- nvme: Quirks for PM1725 controllers

  * Upgrade Redpine WLAN/BT driver to ver. 1.2 (production release)
    (LP: #1697829)
    - SAUCE: Redpine: Upgrade to ver. 1.2 production release

  * ubuntu/rsi driver has several issues as picked up by static analysis
    (LP: #1694733)
    - SAUCE: Redpine: Upgrade to ver. 1.2 production release

  * Redpine vendor driver - Switching to AP mode causes kernel panic
    (LP: #1700941)
    - SAUCE: Redpine: Upgrade to ver. 1.2 production release

* CVE-2017-10810
- drm/virtio: don't leak bo on drm_gem_object_init failure

* Ath10k to read different board data file if specify in SMBIOS (LP: #1666742)
- ath10k: search SMBIOS for OEM board file extension

* make snap-pkg support (LP: #1700747)
- SAUCE: make snap-pkg support

  * ISST-LTE: Briggs:Stratton:UbuntuKVM: ics_opal_set_affinity on host kernel
    log using Intel X710 (i40e driver) (LP: #1703663)
    - i40e: use valid online CPU on q_vector initialization

* Update snapcraft.yaml (LP: #1700480)
- snapcraft.yaml: various improvements

  * Xenial update to 4.4.76 stable release (LP: #1702863)
    - ipv6: release dst on error in ip6_dst_lookup_tail
    - net: don't call strlen on non-terminated string in dev_set_alias()
    - decnet: dn_rtmsg: Improve input length sanitization in
      dnrmg_receive_user_skb
    - net: Zero ifla_vf_info in rtnl_fill_vfinfo()
    - af_unix: Add sockaddr length checks before accessing sa_family in bind and
      connect handlers
    - Fix an intermittent pr_emerg warning about lo becoming free.
    - net: caif: Fix a sleep-in-atomic bug in cfpkt_create_pfx
    - igmp: acquire pmc lock for ip_mc_clear_src()
    - igmp: add a missing spin_lock_init()
    - ipv6: fix calling in6_ifa_hold incorrectly for dad work
    - net/mlx5: Wait for FW readiness before initializing command interface
    - decnet: always not take dst->__refcnt when inserting dst into hash table
    - net: 8021q: Fix one possible panic caused by BUG_ON in free_netdev
    - sfc: provide dummy definitions of vswitch functions
    - ipv6: Do not leak throw route references
    - rtnetlink: add IFLA_GROUP to ifla_policy
    - netfilter: xt_TCPMSS: add more sanity tests on tcph->doff
    - netfilter: synproxy: fix conntrackd interaction
    - NFSv4: fix a reference leak caused WARNING messages
    - drm/ast: Handle configuration without P2A bridge
    - mm, swap_cgroup: reschedule when neeed in swap_cgroup_swapoff()
    - MIPS: Avoid accidental raw backtrace
    - MIPS: pm-cps: Drop manual cache-line alignment of ready_count
    - MIPS: Fix IRQ tracing & lockdep when rescheduling
    - ALSA: hda - Fix endless loop of codec configure
    - ALSA: hda - set input_path bitmap to zero after moving it to new place
    - drm/vmwgfx: Free hash table allocated by cmdbuf managed res mgr
    - usb: gadget: f_fs: Fix possi...

This bug was fixed in the package linux - 4.4.0-89.112

---------------
linux (4.4.0-89.112) xenial; urgency=low

* CVE-2017-7533
    - dentry name snapshots

linux (4.4.0-88.111) xenial; urgency=low

* linux: 4.4.0-88.111 -proposed tracker (LP: #1705270)

* [Xenial] nvme: Quirks for PM1725 controllers (LP: #1704435)
    - nvme: Quirks for PM1725 controllers

* Upgrade Redpine WLAN/BT driver to ver. 1.2 (production release)
    (LP: #1697829)
    - SAUCE: Redpine: Upgrade to ver. 1.2 production release

* ubuntu/rsi driver has several issues as picked up by static analysis
    (LP: #1694733)
    - SAUCE: Redpine: Upgrade to ver. 1.2 production release

* Redpine vendor driver - Switching to AP mode causes kernel panic
    (LP: #1700941)
    - SAUCE: Redpine: Upgrade to ver. 1.2 production release

* CVE-2017-10810
    - drm/virtio: don't leak bo on drm_gem_object_init failure

* Ath10k to read different board data file if specify in SMBIOS (LP: #1666742)
    - ath10k: search SMBIOS for OEM board file extension

* make snap-pkg support (LP: #1700747)
    - SAUCE: make snap-pkg support

* ISST-LTE: Briggs:Stratton:UbuntuKVM:  ics_opal_set_affinity on host kernel
    log using Intel X710 (i40e driver) (LP: #1703663)
    - i40e: use valid online CPU on q_vector initialization

* Update snapcraft.yaml (LP: #1700480)
    - snapcraft.yaml: various improvements

* Xenial update to 4.4.76 stable release (LP: #1702863)
    - ipv6: release dst on error in ip6_dst_lookup_tail
    - net: don't call strlen on non-terminated string in dev_set_alias()
    - decnet: dn_rtmsg: Improve input length sanitization in
      dnrmg_receive_user_skb
    - net: Zero ifla_vf_info in rtnl_fill_vfinfo()
    - af_unix: Add sockaddr length checks before accessing sa_family in bind and
      connect handlers
    - Fix an intermittent pr_emerg warning about lo becoming free.
    - net: caif: Fix a sleep-in-atomic bug in cfpkt_create_pfx
    - igmp: acquire pmc lock for ip_mc_clear_src()
    - igmp: add a missing spin_lock_init()
    - ipv6: fix calling in6_ifa_hold incorrectly for dad work
    - net/mlx5: Wait for FW readiness before initializing command interface
    - decnet: always not take dst->__refcnt when inserting dst into hash table
    - net: 8021q: Fix one possible panic caused by BUG_ON in free_netdev
    - sfc: provide dummy definitions of vswitch functions
    - ipv6: Do not leak throw route references
    - rtnetlink: add IFLA_GROUP to ifla_policy
    - netfilter: xt_TCPMSS: add more sanity tests on tcph->doff
    - netfilter: synproxy: fix conntrackd interaction
    - NFSv4: fix a reference leak caused WARNING messages
    - drm/ast: Handle configuration without P2A bridge
    - mm, swap_cgroup: reschedule when neeed in swap_cgroup_swapoff()
    - MIPS: Avoid accidental raw backtrace
    - MIPS: pm-cps: Drop manual cache-line alignment of ready_count
    - MIPS: Fix IRQ tracing & lockdep when rescheduling
    - ALSA: hda - Fix endless loop of codec configure
    - ALSA: hda - set input_path bitmap to zero after moving it to new place
    - drm/vmwgfx: Free hash table allocated by cmdbuf managed res mgr
    - usb: gadget: f_fs: Fix possibe deadlock
    - sysctl: enable strict writes
    - mm: numa: avoid waiting on freed migrated pages
    - KVM: x86: fix fixing of hypercalls
    - scsi: sd: Fix wrong DPOFUA disable in sd_read_cache_type
    - scsi: lpfc: Set elsiocb contexts to NULL after freeing it
    - qla2xxx: Fix erroneous invalid handle message
    - ARM: dts: BCM5301X: Correct GIC_PPI interrupt flags
    - net: mvneta: Fix for_each_present_cpu usage
    - MIPS: ath79: fix regression in PCI window initialization
    - net: korina: Fix NAPI versus resources freeing
    - MIPS: ralink: MT7688 pinmux fixes
    - MIPS: ralink: fix USB frequency scaling
    - MIPS: ralink: Fix invalid assignment of SoC type
    - MIPS: ralink: fix MT7628 pinmux typos
    - MIPS: ralink: fix MT7628 wled_an pinmux gpio
    - mtd: bcm47xxpart: limit scanned flash area on BCM47XX (MIPS) only
    - bgmac: fix a missing check for build_skb
    - mtd: bcm47xxpart: don't fail because of bit-flips
    - bgmac: Fix reversed test of build_skb() return value.
    - net: bgmac: Fix SOF bit checking
    - net: bgmac: Start transmit queue in bgmac_open
    - net: bgmac: Remove superflous netif_carrier_on()
    - powerpc/eeh: Enable IO path on permanent error
    - gianfar: Do not reuse pages from emergency reserve
    - Btrfs: fix truncate down when no_holes feature is enabled
    - virtio_console: fix a crash in config_work_handler
    - swiotlb-xen: update dev_addr after swapping pages
    - xen-netfront: Fix Rx stall during network stress and OOM
    - scsi: virtio_scsi: Reject commands when virtqueue is broken
    - platform/x86: ideapad-laptop: handle ACPI event 1
    - amd-xgbe: Check xgbe_init() return code
    - net: dsa: Check return value of phy_connect_direct()
    - drm/amdgpu: check ring being ready before using
    - vfio/spapr: fail tce_iommu_attach_group() when iommu_data is null
    - virtio_net: fix PAGE_SIZE > 64k
    - vxlan: do not age static remote mac entries
    - ibmveth: Add a proper check for the availability of the checksum features
    - kernel/panic.c: add missing \n
    - HID: i2c-hid: Add sleep between POWER ON and RESET
    - scsi: lpfc: avoid double free of resource identifiers
    - spi: davinci: use dma_mapping_error()
    - mac80211: initialize SMPS field in HT capabilities
    - x86/mpx: Use compatible types in comparison to fix sparse error
    - coredump: Ensure proper size of sparse core files
    - swiotlb: ensure that page-sized mappings are page-aligned
    - s390/ctl_reg: make __ctl_load a full memory barrier
    - be2net: fix status check in be_cmd_pmac_add()
    - perf probe: Fix to show correct locations for events on modules
    - net/mlx4_core: Eliminate warning messages for SRQ_LIMIT under SRIOV
    - sctp: check af before verify address in sctp_addr_id2transport
    - ravb: Fix use-after-free on `ifconfig eth0 down`
    - jump label: fix passing kbuild_cflags when checking for asm goto support
    - xfrm: fix stack access out of bounds with CONFIG_XFRM_SUB_POLICY
    - xfrm: NULL dereference on allocation failure
    - xfrm: Oops on error in pfkey_msg2xfrm_state()
    - watchdog: bcm281xx: Fix use of uninitialized spinlock.
    - sched/loadavg: Avoid loadavg spikes caused by delayed NO_HZ accounting
    - ARM64/ACPI: Fix BAD_MADT_GICC_ENTRY() macro implementation
    - ARM: 8685/1: ensure memblock-limit is pmd-aligned
    - x86/mpx: Correctly report do_mpx_bt_fault() failures to user-space
    - x86/mm: Fix flush_tlb_page() on Xen
    - ocfs2: o2hb: revert hb threshold to keep compatible
    - iommu/vt-d: Don't over-free page table directories
    - iommu: Handle default domain attach failure
    - iommu/amd: Fix incorrect error handling in amd_iommu_bind_pasid()
    - cpufreq: s3c2416: double free on driver init error path
    - KVM: x86: fix emulation of RSM and IRET instructions
    - KVM: x86/vPMU: fix undefined shift in intel_pmu_refresh()
    - KVM: x86: zero base3 of unusable segments
    - KVM: nVMX: Fix exception injection
    - Linux 4.4.76

* Xenial update to 4.4.75 stable release (LP: #1702118)
    - fs/exec.c: account for argv/envp pointers
    - autofs: sanity check status reported with AUTOFS_DEV_IOCTL_FAIL
    - lib/cmdline.c: fix get_options() overflow while parsing ranges
    - KVM: PPC: Book3S HV: Preserve userspace HTM state properly
    - CIFS: Improve readdir verbosity
    - HID: Add quirk for Dell PIXART OEM mouse
    - signal: Only reschedule timers on signals timers have sent
    - powerpc/kprobes: Pause function_graph tracing during jprobes handling
    - Input: i8042 - add Fujitsu Lifebook AH544 to notimeout list
    - time: Fix clock->read(clock) race around clocksource changes
    - target: Fix kref->refcount underflow in transport_cmd_finish_abort
    - iscsi-target: Reject immediate data underflow larger than SCSI transfer
      length
    - drm/radeon: add a PX quirk for another K53TK variant
    - drm/radeon: add a quirk for Toshiba Satellite L20-183
    - drm/amdgpu/atom: fix ps allocation size for EnableDispPowerGating
    - drm/amdgpu: adjust default display clock
    - USB: usbip: fix nonconforming hub descriptor
    - rxrpc: Fix several cases where a padded len isn't checked in ticket decode
    - of: Add check to of_scan_flat_dt() before accessing initial_boot_params
    - mtd: spi-nor: fix spansion quad enable
    - powerpc/slb: Force a full SLB flush when we insert for a bad EA
    - usb: gadget: f_fs: avoid out of bounds access on comp_desc
    - net: phy: Initialize mdio clock at probe function
    - net: phy: fix marvell phy status reading
    - Linux 4.4.75

* Xenial update to 4.4.74 stable release (LP: #1702104)
    - configfs: Fix race between create_link and configfs_rmdir
    - can: gs_usb: fix memory leak in gs_cmd_reset()
    - cpufreq: conservative: Allow down_threshold to take values from 1 to 10
    - vb2: Fix an off by one error in 'vb2_plane_vaddr'
    - mac80211: don't look at the PM bit of BAR frames
    - mac80211/wpa: use constant time memory comparison for MACs
    - mac80211: fix CSA in IBSS mode
    - mac80211: fix IBSS presp allocation size
    - serial: efm32: Fix parity management in 'efm32_uart_console_get_options()'
    - x86/mm/32: Set the '__vmalloc_start_set' flag in initmem_init()
    - mfd: omap-usb-tll: Fix inverted bit use for USB TLL mode
    - staging: rtl8188eu: prevent an underflow in rtw_check_beacon_data()
    - iio: proximity: as3935: recalibrate RCO after resume
    - USB: hub: fix SS max number of ports
    - usb: core: fix potential memory leak in error path during hcd creation
    - pvrusb2: reduce stack usage pvr2_eeprom_analyze()
    - USB: gadget: dummy_hcd: fix hub-descriptor removable fields
    - usb: r8a66597-hcd: select a different endpoint on timeout
    - usb: r8a66597-hcd: decrease timeout
    - drivers/misc/c2port/c2port-duramar2150.c: checking for NULL instead of
      IS_ERR()
    - usb: xhci: ASMedia ASM1042A chipset need shorts TX quirk
    - USB: gadgetfs, dummy-hcd, net2280: fix locking for callbacks
    - mm/memory-failure.c: use compound_head() flags for huge pages
    - swap: cond_resched in swap_cgroup_prepare()
    - genirq: Release resources in __setup_irq() error path
    - alarmtimer: Prevent overflow of relative timers
    - usb: dwc3: exynos fix axius clock error path to do cleanup
    - MIPS: Fix bnezc/jialc return address calculation
    - alarmtimer: Rate limit periodic intervals
    - Linux 4.4.74

* Side Button (Display Toggle) fails on Dell AIO systems (LP: #1702541)
    - dell-wmi: Add a WMI event code for display on/off

* Intel i40e PF reset under load (LP: #1700834)
    - i40e/i40evf: Limit TSO to 7 descriptors for payload instead of 8 per packet

* update ENA driver to 1.2.0k from net-next (LP: #1701575)
    - net: ena: remove superfluous check in ena_remove()
    - net: ena: fix rare uncompleted admin command false alarm
    - net: ena: add missing return when ena_com_get_io_handlers() fails
    - net: ena: fix race condition between submit and completion admin command
    - net: ena: add missing unmap bars on device removal
    - net: ena: fix theoretical Rx hang on low memory systems
    - net: ena: disable admin msix while working in polling mode
    - net: ena: bug fix in lost tx packets detection mechanism
    - net: ena: update ena driver to version 1.1.7
    - net: ena: change return value for unsupported features unsupported return
      value
    - net: ena: add hardware hints capability to the driver
    - net: ena: change sizeof() argument to be the type pointer
    - net: ena: add reset reason for each device FLR
    - net: ena: add support for out of order rx buffers refill
    - net: ena: use napi_schedule_irqoff when possible
    - net: ena: separate skb allocation to dedicated function
    - net: ena: use lower_32_bits()/upper_32_bits() to split dma address
    - net: ena: update driver's rx drop statistics
    - net: ena: update ena driver to version 1.2.0

-- Thadeu Lima de Souza Cascardo <cascardo@canonical.com>  Mon, 31 Jul 2017 14:50:32 -0300

Changed in linux (Ubuntu Xenial):
status:	Fix Committed → Fix Released

Po-Hsu Lin (cypressyew) on 2019-10-03

Changed in linux (Ubuntu):
status:	New → Invalid

Ubuntu
linux package

Xenial update to 4.4.75 stable release

Bug Description

CVE References

Other bug subscribers

Remote bug watches

Affects		Status	Importance	Assigned to	Milestone
	linux (Ubuntu)	Invalid	Undecided	Unassigned
	Xenial	Fix Released	Medium	Stefan Bader

Ubuntulinux package

Xenial update to 4.4.75 stable release

Bug Description

CVE References

Other bug subscribers

Remote bug watches

Ubuntu
linux package