Ubuntu
linux package

Xenial update to 4.4.154 stable release

Bug #1792392 reported by Stefan Bader on 2018-09-13

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	linux (Ubuntu)	Invalid	Undecided	Unassigned
	Xenial	Fix Released	Medium	Stefan Bader

Bug Description

SRU Justification

    Impact:
       The upstream process for stable tree updates is quite similar
       in scope to the Ubuntu SRU process, e.g., each patch has to
       demonstrably fix a bug, and each patch is vetted by upstream
       by originating either directly from a mainline/stable Linux tree or
       a minimally backported form of that patch. The 4.4.154 upstream stable
       patch set is now available. It should be included in the Ubuntu
       kernel as well.

git://git.kernel.org/

TEST CASE: TBD

The following patches from the 4.4.154 stable release shall be applied:
* sched/sysctl: Check user input value of sysctl_sched_time_avg
* Cipso: cipso_v4_optptr enter infinite loop
* vti6: fix PMTU caching and reporting on xmit
* xfrm: fix missing dst_release() after policy blocking lbcast and multicast
* xfrm: free skb if nlsk pointer is NULL
* mac80211: add stations tied to AP_VLANs during hw reconfig
* nl80211: Add a missing break in parse_station_flags
* drm/bridge: adv7511: Reset registers on hotplug
* scsi: libiscsi: fix possible NULL pointer dereference in case of TMF
* drm/imx: imx-ldb: disable LDB on driver bind
* drm/imx: imx-ldb: check if channel is enabled before printing warning
* usb: gadget: r8a66597: Fix two possible sleep-in-atomic-context bugs in
  init_controller()
* usb: gadget: r8a66597: Fix a possible sleep-in-atomic-context bugs in
  r8a66597_queue()
* usb/phy: fix PPC64 build errors in phy-fsl-usb.c
* tools: usb: ffs-test: Fix build on big endian systems
* usb: gadget: f_uac2: fix endianness of 'struct cntrl_*_lay3'
* tools/power turbostat: fix -S on UP systems
* net: caif: Add a missing rcu_read_unlock() in caif_flow_cb
* qed: Fix possible race for the link state value.
* atl1c: reserve min skb headroom
* net: prevent ISA drivers from building on PPC32
* can: mpc5xxx_can: check of_iomap return before use
* i2c: davinci: Avoid zero value of CLKH
* media: staging: omap4iss: Include asm/cacheflush.h after generic includes
* bnx2x: Fix invalid memory access in rss hash config path.
* net: axienet: Fix double deregister of mdio
* selftests/ftrace: Add snapshot and tracing_on test case
* zswap: re-check zswap_is_full() after do zswap_shrink()
* tools/power turbostat: Read extended processor family from CPUID
* Revert "MIPS: BCM47XX: Enable 74K Core ExternalSync for PCIe erratum"
* enic: handle mtu change for vf properly
* arc: fix build errors in arc/include/asm/delay.h
* arc: fix type warnings in arc/mm/cache.c
* drivers: net: lmc: fix case value for target abort error
* scsi: fcoe: drop frames in ELS LOGO error path
* scsi: vmw_pvscsi: Return DID_RESET for status SAM_STAT_COMMAND_TERMINATED
* mm/memory.c: check return value of ioremap_prot
* cifs: add missing debug entries for kconfig options
* cifs: check kmalloc before use
* smb3: Do not send SMB3 SET_INFO if nothing changed
* smb3: don't request leases in symlink creation and query
* btrfs: don't leak ret from do_chunk_alloc
* s390/kvm: fix deadlock when killed by oom
* ext4: check for NUL characters in extended attribute's name
* ext4: sysfs: print ext4_super_block fields as little-endian
* ext4: reset error code in ext4_find_entry in fallback
* arm64: mm: check for upper PAGE_SHIFT bits in pfn_valid()
* KVM: arm/arm64: Skip updating PTE entry if no change
* KVM: arm/arm64: Skip updating PMD entry if no change
* x86/speculation/l1tf: Fix overflow in l1tf_pfn_limit() on 32bit
* x86/speculation/l1tf: Fix off-by-one error when warning that system has too much
  RAM
* x86/speculation/l1tf: Suggest what to do on systems with too much RAM
* x86/process: Re-export start_thread()
* fuse: Don't access pipe->buffers without pipe_lock()
* fuse: fix double request_end()
* fuse: fix unlocked access to processing queue
* fuse: umount should wait for all requests
* fuse: Fix oops at process_init_reply()
* fuse: Add missed unlock_page() to fuse_readpages_fill()
* udl-kms: change down_interruptible to down
* udl-kms: handle allocation failure
* udl-kms: fix crash due to uninitialized memory
* ASoC: dpcm: don't merge format from invalid codec dai
* ASoC: sirf: Fix potential NULL pointer dereference
* pinctrl: freescale: off by one in imx1_pinconf_group_dbg_show()
* x86/irqflags: Mark native_restore_fl extern inline
* s390: fix br_r1_trampoline for machines without exrl
* s390/qdio: reset old sbal_state flags
* kprobes: Make list and blacklist root user read only
* MIPS: Correct the 64-bit DSP accumulator register size
* MIPS: lib: Provide MIPS64r6 __multi3() for GCC < 7
* scsi: sysfs: Introduce sysfs_{un,}break_active_protection()
* scsi: core: Avoid that SCSI device removal through sysfs triggers a deadlock
* iscsi target: fix session creation failure handling
* cdrom: Fix info leak/OOB read in cdrom_ioctl_drive_status
* Linux 4.4.154

See original description

Tags:

CVE References

2018-9363

Stefan Bader (smb) on 2018-09-13

tags:	added: kernel-stable-tracking-bug
Changed in linux (Ubuntu Xenial):
assignee:	nobody → Stefan Bader (smb)
importance:	Undecided → Medium
status:	New → In Progress
Changed in linux (Ubuntu):
status:	New → Invalid

Revision history for this message

Stefan Bader (smb) wrote on 2018-09-13:

Modified "usb/phy: fix PPC64 build errors in phy-fsl-usb.c". It looks like we already got some protection but using CONFIG_PPC instead of CONFIG_PPC32 which seems pointless as CONFIG_PPC sounds like being set in both 32/64bit cases.

Skipped "fscache: Allow cancelled operations to be enqueued" and "cachefiles: Fix refcounting bug in backing-file read monitoring" as they are already applied for bug #1774336.

Skipped "cachefiles: Wait rather than BUG'ing on "Unexpected object collision"" as it is already applied for bug #1776254.

Skipped "x86/spectre: Add missing family 6 check to microcode check" because this changes the bad microcode check which we have dropped.

Skipped "s390/pci: fix out of bounds access during irq setup" because it is already applied for bug #1790480.

description:

updated

Kleber Sacilotto de Souza (kleber-souza) on 2018-10-02

Changed in linux (Ubuntu Xenial):
status:	In Progress → Fix Committed

Revision history for this message

Launchpad Janitor (janitor) wrote on 2018-10-22:

Download full text (28.0 KiB)

This bug was fixed in the package linux - 4.4.0-138.164

---------------
linux (4.4.0-138.164) xenial; urgency=medium

* linux: 4.4.0-138.164 -proposed tracker (LP: #1795582)

* Linux 4.4.155 stable release build is broken on ppc64 (LP: #1795662)
- powerpc/fadump: Return error when fadump registration fails

  * Kernel hang on drive pull caused by regression introduced by commit
    287922eb0b18 (LP: #1791790)
    - block: Fix a race between blk_cleanup_queue() and timeout handling

* qeth: use vzalloc for QUERY OAT buffer (LP: #1793086)
- s390/qeth: use vzalloc for QUERY OAT buffer

  * Page leaking in cachefiles_read_backing_file while vmscan is active
    (LP: #1793430)
    - SAUCE: cachefiles: Page leaking in cachefiles_read_backing_file while vmscan
      is active

* Bugfix for handling of shadow doorbell buffer (LP: #1788222)
- nvme-pci: add a memory barrier to nvme_dbbuf_update_and_check_event

  * Xenial update to 4.4.155 stable release (LP: #1792419)
    - net: 6lowpan: fix reserved space for single frames
    - net: mac802154: tx: expand tailroom if necessary
    - 9p/net: Fix zero-copy path in the 9p virtio transport
    - net: lan78xx: Fix misplaced tasklet_schedule() call
    - spi: davinci: fix a NULL pointer dereference
    - drm/i915/userptr: reject zero user_size
    - powerpc/fadump: handle crash memory ranges array index overflow
    - powerpc/pseries: Fix endianness while restoring of r3 in MCE handler.
    - fs/9p/xattr.c: catch the error of p9_client_clunk when setting xattr failed
    - 9p/virtio: fix off-by-one error in sg list bounds check
    - net/9p/client.c: version pointer uninitialized
    - net/9p/trans_fd.c: fix race-condition by flushing workqueue before the
      kfree()
    - dm cache metadata: save in-core policy_hint_size to on-disk superblock
    - iio: ad9523: Fix displayed phase
    - iio: ad9523: Fix return value for ad952x_store()
    - vmw_balloon: fix inflation of 64-bit GFNs
    - vmw_balloon: do not use 2MB without batching
    - vmw_balloon: VMCI_DOORBELL_SET does not check status
    - vmw_balloon: fix VMCI use when balloon built into kernel
    - tracing: Do not call start/stop() functions when tracing_on does not change
    - tracing/blktrace: Fix to allow setting same value
    - kthread, tracing: Don't expose half-written comm when creating kthreads
    - uprobes: Use synchronize_rcu() not synchronize_sched()
    - 9p: fix multiple NULL-pointer-dereferences
    - PM / sleep: wakeup: Fix build error caused by missing SRCU support
    - pnfs/blocklayout: off by one in bl_map_stripe()
    - ARM: tegra: Fix Tegra30 Cardhu PCA954x reset
    - mm/tlb: Remove tlb_remove_table() non-concurrent condition
    - iommu/vt-d: Add definitions for PFSID
    - iommu/vt-d: Fix dev iotlb pfsid use
    - osf_getdomainname(): use copy_to_user()
    - sys: don't hold uts_sem while accessing userspace memory
    - userns: move user access out of the mutex
    - ubifs: Fix memory leak in lprobs self-check
    - Revert "UBIFS: Fix potential integer overflow in allocation"
    - ubifs: Check data node size before truncate
    - ubifs: Fix synced_i_size calculation for xattr inodes
    - pwm: ti...

This bug was fixed in the package linux - 4.4.0-138.164

---------------
linux (4.4.0-138.164) xenial; urgency=medium

* linux: 4.4.0-138.164 -proposed tracker (LP: #1795582)

* Linux 4.4.155 stable release build is broken on ppc64 (LP: #1795662)
    - powerpc/fadump: Return error when fadump registration fails

* Kernel hang on drive pull caused by regression introduced by commit
    287922eb0b18 (LP: #1791790)
    - block: Fix a race between blk_cleanup_queue() and timeout handling

* qeth: use vzalloc for QUERY OAT buffer (LP: #1793086)
    - s390/qeth: use vzalloc for QUERY OAT buffer

* Page leaking in cachefiles_read_backing_file while vmscan is active
    (LP: #1793430)
    - SAUCE: cachefiles: Page leaking in cachefiles_read_backing_file while vmscan
      is active

* Bugfix for handling of shadow doorbell buffer (LP: #1788222)
    - nvme-pci: add a memory barrier to nvme_dbbuf_update_and_check_event

* Xenial update to 4.4.154 stable release (LP: #1792392)
    - sched/sysctl: Check user input value of sysctl_sched_time_avg
    - Cipso: cipso_v4_optptr enter infinite loop
    - vti6: fix PMTU caching and reporting on xmit
    - xfrm: fix missing dst_release() after policy blocking lbcast and multicast
    - xfrm: free skb if nlsk pointer is NULL
    - mac80211: add stations tied to AP_VLANs during hw reconfig
    - nl80211: Add a missing break in parse_station_flags
    - drm/bridge: adv7511: Reset registers on hotplug
    - scsi: libiscsi: fix possible NULL pointer dereference in case of TMF
    - drm/imx: imx-ldb: disable LDB on driver bind
    - drm/imx: imx-ldb: check if channel is enabled before printing warning
    - usb: gadget: r8a66597: Fix two possible sleep-in-atomic-context bugs in
      init_controller()
    - usb: gadget: r8a66597: Fix a possible sleep-in-atomic-context bugs in
      r8a66597_queue()
    - usb/phy: fix PPC64 build errors in phy-fsl-usb.c
    - tools: usb: ffs-test: Fix build on big endian systems
    - usb: gadget: f_uac2: fix endianness of 'struct cntrl_*_lay3'
    - tools/power turbostat: fix -S on UP systems
    - net: caif: Add a missing rcu_read_unlock() in caif_flow_cb
    - qed: Fix possible race for the link state value.
    - atl1c: reserve min skb headroom
    - net: prevent ISA drivers from building on PPC32
    - can: mpc5xxx_can: check of_iomap return before use
    - i2c: davinci: Avoid zero value of CLKH
    - media: staging: omap4iss: Include asm/cacheflush.h after generic includes
    - bnx2x: Fix invalid memory access in rss hash config path.
    - net: axienet: Fix double deregister of mdio
    - selftests/ftrace: Add snapshot and tracing_on test case
    - zswap: re-check zswap_is_full() after do zswap_shrink()
    - tools/power turbostat: Read extended processor family from CPUID
    - Revert "MIPS: BCM47XX: Enable 74K Core ExternalSync for PCIe erratum"
    - enic: handle mtu change for vf properly
    - arc: fix build errors in arc/include/asm/delay.h
    - arc: fix type warnings in arc/mm/cache.c
    - drivers: net: lmc: fix case value for target abort error
    - scsi: fcoe: drop frames in ELS LOGO error path
    - scsi: vmw_pvscsi: Return DID_RESET for status SAM_STAT_COMMAND_TERMINATED
    - mm/memory.c: check return value of ioremap_prot
    - cifs: add missing debug entries for kconfig options
    - cifs: check kmalloc before use
    - smb3: Do not send SMB3 SET_INFO if nothing changed
    - smb3: don't request leases in symlink creation and query
    - btrfs: don't leak ret from do_chunk_alloc
    - s390/kvm: fix deadlock when killed by oom
    - ext4: check for NUL characters in extended attribute's name
    - ext4: sysfs: print ext4_super_block fields as little-endian
    - ext4: reset error code in ext4_find_entry in fallback
    - arm64: mm: check for upper PAGE_SHIFT bits in pfn_valid()
    - KVM: arm/arm64: Skip updating PTE entry if no change
    - KVM: arm/arm64: Skip updating PMD entry if no change
    - x86/speculation/l1tf: Suggest what to do on systems with too much RAM
    - x86/process: Re-export start_thread()
    - fuse: Don't access pipe->buffers without pipe_lock()
    - fuse: fix double request_end()
    - fuse: fix unlocked access to processing queue
    - fuse: umount should wait for all requests
    - fuse: Fix oops at process_init_reply()
    - fuse: Add missed unlock_page() to fuse_readpages_fill()
    - udl-kms: change down_interruptible to down
    - udl-kms: handle allocation failure
    - udl-kms: fix crash due to uninitialized memory
    - ASoC: dpcm: don't merge format from invalid codec dai
    - ASoC: sirf: Fix potential NULL pointer dereference
    - pinctrl: freescale: off by one in imx1_pinconf_group_dbg_show()
    - x86/irqflags: Mark native_restore_fl extern inline
    - s390: fix br_r1_trampoline for machines without exrl
    - s390/qdio: reset old sbal_state flags
    - kprobes: Make list and blacklist root user read only
    - MIPS: Correct the 64-bit DSP accumulator register size
    - MIPS: lib: Provide MIPS64r6 __multi3() for GCC < 7
    - scsi: sysfs: Introduce sysfs_{un,}break_active_protection()
    - scsi: core: Avoid that SCSI device removal through sysfs triggers a deadlock
    - iscsi target: fix session creation failure handling
    - cdrom: Fix info leak/OOB read in cdrom_ioctl_drive_status
    - Linux 4.4.154

* Xenial update to 4.4.153 stable release (LP: #1792383)
    - x86/mm: Fix use-after-free of ldt_struct
    - ovl: Ensure upper filesystem supports d_type
    - ovl: Do d_type check only if work dir creation was successful
    - ovl: warn instead of error if d_type is not supported
    - Linux 4.4.153

* Xenial update to 4.4.152 stable release (LP: #1792377)
    - ARC: Explicitly add -mmedium-calls to CFLAGS
    - netfilter: ipv6: nf_defrag: reduce struct net memory waste
    - selftests: pstore: return Kselftest Skip code for skipped tests
    - selftests: static_keys: return Kselftest Skip code for skipped tests
    - selftests: user: return Kselftest Skip code for skipped tests
    - selftests: zram: return Kselftest Skip code for skipped tests
    - selftests: sync: add config fragment for testing sync framework
    - ARM: dts: Cygnus: Fix I2C controller interrupt type
    - usb: dwc2: fix isoc split in transfer with no data
    - usb: gadget: composite: fix delayed_status race condition when set_interface
    - usb: gadget: dwc2: fix memory leak in gadget_init()
    - scsi: xen-scsifront: add error handling for xenbus_printf
    - arm64: make secondary_start_kernel() notrace
    - qed: Add sanity check for SIMD fastpath handler.
    - enic: initialize enic->rfs_h.lock in enic_probe
    - net: hamradio: use eth_broadcast_addr
    - net: propagate dev_get_valid_name return code
    - ARC: Enable machine_desc->init_per_cpu for !CONFIG_SMP
    - net: davinci_emac: match the mdio device against its compatible if possible
    - locking/lockdep: Do not record IRQ state within lockdep code
    - ipv6: mcast: fix unsolicited report interval after receiving querys
    - Smack: Mark inode instant in smack_task_to_inode
    - cxgb4: when disabling dcb set txq dcb priority to 0
    - brcmfmac: stop watchdog before detach and free everything
    - ARM: dts: am437x: make edt-ft5x06 a wakeup source
    - usb: xhci: increase CRS timeout value
    - perf test session topology: Fix test on s390
    - perf report powerpc: Fix crash if callchain is empty
    - selftests/x86/sigreturn/64: Fix spurious failures on AMD CPUs
    - ARM: dts: da850: Fix interrups property for gpio
    - dmaengine: k3dma: Off by one in k3_of_dma_simple_xlate()
    - md/raid10: fix that replacement cannot complete recovery after reassemble
    - drm/exynos: gsc: Fix support for NV16/61, YUV420/YVU420 and YUV422 modes
    - drm/exynos: decon5433: Fix per-plane global alpha for XRGB modes
    - drm/exynos: decon5433: Fix WINCONx reset value
    - bnx2x: Fix receiving tx-timeout in error or recovery state.
    - m68k: fix "bad page state" oops on ColdFire boot
    - HID: wacom: Correct touch maximum XY of 2nd-gen Intuos
    - ARM: imx_v6_v7_defconfig: Select ULPI support
    - ARM: imx_v4_v5_defconfig: Select ULPI support
    - tracing: Use __printf markup to silence compiler
    - kasan: fix shadow_size calculation error in kasan_module_alloc
    - smsc75xx: Add workaround for gigabit link up hardware errata.
    - netfilter: x_tables: set module owner for icmp(6) matches
    - ARM: pxa: irq: fix handling of ICMR registers in suspend/resume
    - ieee802154: at86rf230: switch from BUG_ON() to WARN_ON() on problem
    - ieee802154: at86rf230: use __func__ macro for debug messages
    - ieee802154: fakelb: switch from BUG_ON() to WARN_ON() on problem
    - drm/armada: fix colorkey mode property
    - bnxt_en: Fix for system hang if request_irq fails
    - perf llvm-utils: Remove bashism from kernel include fetch script
    - ARM: 8780/1: ftrace: Only set kernel memory back to read-only after boot
    - ARM: dts: am3517.dtsi: Disable reference to OMAP3 OTG controller
    - ixgbe: Be more careful when modifying MAC filters
    - packet: reset network header if packet shorter than ll reserved space
    - qlogic: check kstrtoul() for errors
    - tcp: remove DELAYED ACK events in DCTCP
    - drm/nouveau/gem: off by one bugs in nouveau_gem_pushbuf_reloc_apply()
    - net/ethernet/freescale/fman: fix cross-build error
    - net: usb: rtl8150: demote allmulti message to dev_dbg()
    - net: qca_spi: Avoid packet drop during initial sync
    - net: qca_spi: Make sure the QCA7000 reset is triggered
    - net: qca_spi: Fix log level if probe fails
    - tcp: identify cryptic messages as TCP seq # bugs
    - staging: android: ion: check for kref overflow
    - KVM: irqfd: fix race between EPOLLHUP and irq_bypass_register_consumer
    - ext4: fix spectre gadget in ext4_mb_regular_allocator()
    - parisc: Remove ordered stores from syscall.S
    - xfrm_user: prevent leaking 2 bytes of kernel memory
    - netfilter: conntrack: dccp: treat SYNC/SYNCACK as invalid if no prior state
    - packet: refine ring v3 block size test to hold one frame
    - bridge: Propagate vlan add failure to user
    - parisc: Remove unnecessary barriers from spinlock.h
    - PCI: hotplug: Don't leak pci_slot on registration failure
    - PCI: Skip MPS logic for Virtual Functions (VFs)
    - PCI: pciehp: Fix use-after-free on unplug
    - i2c: imx: Fix race condition in dma read
    - reiserfs: fix broken xattr handling (heap corruption, bad retval)
    - Linux 4.4.152

* Xenial update to 4.4.151 stable release (LP: #1792340)
    - dccp: fix undefined behavior with 'cwnd' shift in ccid2_cwnd_restart()
    - l2tp: use sk_dst_check() to avoid race on sk->sk_dst_cache
    - llc: use refcount_inc_not_zero() for llc_sap_find()
    - net_sched: Fix missing res info when create new tc_index filter
    - vsock: split dwork to avoid reinitializations
    - net_sched: fix NULL pointer dereference when delete tcindex filter
    - ALSA: hda - Sleep for 10ms after entering D3 on Conexant codecs
    - ALSA: hda - Turn CX8200 into D3 as well upon reboot
    - ALSA: vx222: Fix invalid endian conversions
    - ALSA: virmidi: Fix too long output trigger loop
    - ALSA: cs5535audio: Fix invalid endian conversion
    - ALSA: hda: Correct Asrock B85M-ITX power_save blacklist entry
    - ALSA: memalloc: Don't exceed over the requested size
    - ALSA: vxpocket: Fix invalid endian conversions
    - USB: serial: sierra: fix potential deadlock at close
    - USB: option: add support for DW5821e
    - ACPI: save NVS memory for Lenovo G50-45
    - ACPI / PM: save NVS memory for ASUS 1025C laptop
    - serial: 8250_dw: always set baud rate in dw8250_set_termios
    - Bluetooth: avoid killing an already killed socket
    - isdn: Disable IIOCDBGVAR
    - Linux 4.4.151

* Xenial update to 4.4.150 stable release (LP: #1792336)
    - x86/speculation/l1tf: Exempt zeroed PTEs from inversion
    - Linux 4.4.150

* Xenial update to 4.4.149 stable release (LP: #1792310)
    - x86/mm: Disable ioremap free page handling on x86-PAE
    - tcp: Fix missing range_truesize enlargement in the backport
    - kasan: don't emit builtin calls when sanitization is off
    - i2c: ismt: fix wrong device address when unmap the data buffer
    - kbuild: verify that $DEPMOD is installed
    - crypto: vmac - require a block cipher with 128-bit block size
    - crypto: vmac - separate tfm and request context
    - crypto: blkcipher - fix crash flushing dcache in error path
    - crypto: ablkcipher - fix crash flushing dcache in error path
    - ASoC: Intel: cht_bsw_max98090_ti: Fix jack initialization
    - ioremap: Update pgtable free interfaces with addr
    - x86/mm: Add TLB purge to free pmd/pte page interfaces
    - Linux 4.4.149

* Xenial update to 4.4.149 stable release (LP: #1792310) // CVE-2018-9363
    - Bluetooth: hidp: buffer overflow in hidp_process_report

* Xenial update to 4.4.148 stable release (LP: #1792174)
    - ext4: fix check to prevent initializing reserved inodes
    - tpm: fix race condition in tpm_common_write()
    - ipv4+ipv6: Make INET*_ESP select CRYPTO_ECHAINIV
    - fork: unconditionally clear stack on fork
    - parisc: Enable CONFIG_MLONGCALLS by default
    - parisc: Define mb() and add memory barriers to assembler unlock sequences
    - xen/netfront: don't cache skb_shinfo()
    - ACPI / LPSS: Add missing prv_offset setting for byt/cht PWM devices
    - scsi: sr: Avoid that opening a CD-ROM hangs with runtime power management
      enabled
    - root dentries need RCU-delayed freeing
    - fix mntput/mntput race
    - fix __legitimize_mnt()/mntput() race
    - IB/core: Make testing MR flags for writability a static inline function
    - IB/mlx4: Mark user MR as writable if actual virtual memory is writable
    - IB/ocrdma: fix out of bounds access to local buffer
    - ARM: dts: imx6sx: fix irq for pcie bridge
    - kprobes/x86: Fix %p uses in error messages
    - x86/irqflags: Provide a declaration for native_save_fl
    - SAUCE: Sync pgtable_64.h with upstream stable
    - mm: x86: move _PAGE_SWP_SOFT_DIRTY from bit 7 to bit 1
    - SAUCE: Sync pgtable-3level.h with upstream stable
    - SAUCE: Sync pgtable.h with upstream stable
    - mm: Add vm_insert_pfn_prot()
    - mm: fix cache mode tracking in vm_insert_mixed()
    - x86/mm/kmmio: Make the tracer robust against L1TF
    - x86/init: fix build with CONFIG_SWAP=n
    - Linux 4.4.148

* Xenial update to 4.4.147 stable release (LP: #1792109)
    - scsi: qla2xxx: Fix ISP recovery on unload
    - scsi: qla2xxx: Return error when TMF returns
    - genirq: Make force irq threading setup more robust
    - nohz: Fix local_timer_softirq_pending()
    - netlink: Do not subscribe to non-existent groups
    - netlink: Don't shift with UB on nlk->ngroups
    - netlink: Don't shift on 64 for ngroups
    - ACPI / PCI: Bail early in acpi_pci_add_bus() if there is no ACPI handle
    - ring_buffer: tracing: Inherit the tracing setting to next ring buffer
    - i2c: imx: Fix reinit_completion() use
    - Linux 4.4.147

* Xenial update to 4.4.146 stable release (LP: #1791953)
    - MIPS: Fix off-by-one in pci_resource_to_user()
    - Input: elan_i2c - add ACPI ID for lenovo ideapad 330
    - Input: i8042 - add Lenovo LaVie Z to the i8042 reset list
    - Input: elan_i2c - add another ACPI ID for Lenovo Ideapad 330-15AST
    - tracing: Fix double free of event_trigger_data
    - tracing: Fix possible double free in event_enable_trigger_func()
    - tracing/kprobes: Fix trace_probe flags on enable_trace_kprobe() failure
    - tracing: Quiet gcc warning about maybe unused link variable
    - xen/netfront: raise max number of slots in xennet_get_responses()
    - ALSA: emu10k1: add error handling for snd_ctl_add
    - ALSA: fm801: add error handling for snd_ctl_add
    - nfsd: fix potential use-after-free in nfsd4_decode_getdeviceinfo
    - mm: vmalloc: avoid racy handling of debugobjects in vunmap
    - mm/slub.c: add __printf verification to slab_err()
    - rtc: ensure rtc_set_alarm fails when alarms are not supported
    - netfilter: ipset: List timing out entries with "timeout 1" instead of zero
    - infiniband: fix a possible use-after-free bug
    - hvc_opal: don't set tb_ticks_per_usec in udbg_init_opal_common()
    - powerpc/64s: Fix compiler store ordering to SLB shadow area
    - RDMA/mad: Convert BUG_ONs to error flows
    - disable loading f2fs module on PAGE_SIZE > 4KB
    - f2fs: fix to don't trigger writeback during recovery
    - usbip: usbip_detach: Fix memory, udev context and udev leak
    - perf/x86/intel/uncore: Correct fixed counter index check in generic code
    - perf/x86/intel/uncore: Correct fixed counter index check for NHM
    - iwlwifi: pcie: fix race in Rx buffer allocator
    - Bluetooth: hci_qca: Fix "Sleep inside atomic section" warning
    - Bluetooth: btusb: Add a new Realtek 8723DE ID 2ff8:b011
    - ASoC: dpcm: fix BE dai not hw_free and shutdown
    - mfd: cros_ec: Fail early if we cannot identify the EC
    - mwifiex: handle race during mwifiex_usb_disconnect
    - wlcore: sdio: check for valid platform device data before suspend
    - media: videobuf2-core: don't call memop 'finish' when queueing
    - btrfs: add barriers to btrfs_sync_log before log_commit_wait wakeups
    - btrfs: qgroup: Finish rescan when hit the last leaf of extent tree
    - PCI: Prevent sysfs disable of device while driver is attached
    - ath: Add regulatory mapping for FCC3_ETSIC
    - ath: Add regulatory mapping for ETSI8_WORLD
    - ath: Add regulatory mapping for APL13_WORLD
    - ath: Add regulatory mapping for APL2_FCCA
    - ath: Add regulatory mapping for Uganda
    - ath: Add regulatory mapping for Tanzania
    - ath: Add regulatory mapping for Serbia
    - ath: Add regulatory mapping for Bermuda
    - ath: Add regulatory mapping for Bahamas
    - powerpc/32: Add a missing include header
    - powerpc/chrp/time: Make some functions static, add missing header include
    - powerpc/powermac: Add missing prototype for note_bootable_part()
    - powerpc/powermac: Mark variable x as unused
    - powerpc/8xx: fix invalid register expression in head_8xx.S
    - pinctrl: at91-pio4: add missing of_node_put
    - PCI: pciehp: Request control of native hotplug only if supported
    - mwifiex: correct histogram data with appropriate index
    - scsi: ufs: fix exception event handling
    - ALSA: emu10k1: Rate-limit error messages about page errors
    - regulator: pfuze100: add .is_enable() for pfuze100_swb_regulator_ops
    - md: fix NULL dereference of mddev->pers in remove_and_add_spares()
    - media: smiapp: fix timeout checking in smiapp_read_nvm
    - ALSA: usb-audio: Apply rate limit to warning messages in URB complete
      callback
    - HID: hid-plantronics: Re-resend Update to map button for PTT products
    - drm/radeon: fix mode_valid's return type
    - powerpc/embedded6xx/hlwd-pic: Prevent interrupts from being handled by
      Starlet
    - HID: i2c-hid: check if device is there before really probing
    - tty: Fix data race in tty_insert_flip_string_fixed_flag
    - dma-iommu: Fix compilation when !CONFIG_IOMMU_DMA
    - media: rcar_jpu: Add missing clk_disable_unprepare() on error in jpu_open()
    - libata: Fix command retry decision
    - media: saa7164: Fix driver name in debug output
    - mtd: rawnand: fsl_ifc: fix FSL NAND driver to read all ONFI parameter pages
    - brcmfmac: Add support for bcm43364 wireless chipset
    - s390/cpum_sf: Add data entry sizes to sampling trailer entry
    - perf: fix invalid bit in diagnostic entry
    - scsi: 3w-9xxx: fix a missing-check bug
    - scsi: 3w-xxxx: fix a missing-check bug
    - scsi: megaraid: silence a static checker bug
    - thermal: exynos: fix setting rising_threshold for Exynos5433
    - bpf: fix references to free_bpf_prog_info() in comments
    - media: siano: get rid of __le32/__le16 cast warnings
    - drm/atomic: Handling the case when setting old crtc for plane
    - ALSA: hda/ca0132: fix build failure when a local macro is defined
    - memory: tegra: Do not handle spurious interrupts
    - memory: tegra: Apply interrupts mask per SoC
    - drm/gma500: fix psb_intel_lvds_mode_valid()'s return type
    - ipconfig: Correctly initialise ic_nameservers
    - rsi: Fix 'invalid vdd' warning in mmc
    - audit: allow not equal op for audit by executable
    - microblaze: Fix simpleImage format generation
    - usb: hub: Don't wait for connect state at resume for powered-off ports
    - crypto: authencesn - don't leak pointers to authenc keys
    - crypto: authenc - don't leak pointers to authenc keys
    - media: omap3isp: fix unbalanced dma_iommu_mapping
    - scsi: scsi_dh: replace too broad "TP9" string with the exact models
    - scsi: megaraid_sas: Increase timeout by 1 sec for non-RAID fastpath IOs
    - media: si470x: fix __be16 annotations
    - drm: Add DP PSR2 sink enable bit
    - random: mix rdrand with entropy sent in from userspace
    - squashfs: be more careful about metadata corruption
    - ext4: fix inline data updates with checksums enabled
    - ext4: check for allocation block validity with block group locked
    - dmaengine: pxa_dma: remove duplicate const qualifier
    - ASoC: pxa: Fix module autoload for platform drivers
    - ipv4: remove BUG_ON() from fib_compute_spec_dst
    - net: fix amd-xgbe flow-control issue
    - net: lan78xx: fix rx handling before first packet is send
    - xen-netfront: wait xenbus state change when load module manually
    - NET: stmmac: align DMA stuff to largest cache line length
    - tcp: do not force quickack when receiving out-of-order packets
    - tcp: add max_quickacks param to tcp_incr_quickack and
      tcp_enter_quickack_mode
    - tcp: do not aggressively quick ack after ECN events
    - tcp: refactor tcp_ecn_check_ce to remove sk type cast
    - tcp: add one more quick ack after after ECN events
    - inet: frag: enforce memory limits earlier
    - net: dsa: Do not suspend/resume closed slave_dev
    - netlink: Fix spectre v1 gadget in netlink_create()
    - squashfs: more metadata hardening
    - squashfs: more metadata hardenings
    - can: ems_usb: Fix memory leak on ems_usb_disconnect()
    - net: socket: fix potential spectre v1 gadget in socketcall
    - virtio_balloon: fix another race between migration and ballooning
    - kvm: x86: vmx: fix vpid leak
    - crypto: padlock-aes - Fix Nano workaround data corruption
    - scsi: sg: fix minor memory leak in error path
    - Linux 4.4.146

* Xenial update to 4.4.145 stable release (LP: #1791942)
    - MIPS: ath79: fix register address in ath79_ddr_wb_flush()
    - ip: hash fragments consistently
    - net/mlx4_core: Save the qpn from the input modifier in RST2INIT wrapper
    - rtnetlink: add rtnl_link_state check in rtnl_configure_link
    - tcp: fix dctcp delayed ACK schedule
    - tcp: helpers to send special DCTCP ack
    - tcp: do not cancel delay-AcK on DCTCP special ACK
    - tcp: do not delay ACK in DCTCP upon CE status change
    - ip: in cmsg IP(V6)_ORIGDSTADDR call pskb_may_pull
    - usb: cdc_acm: Add quirk for Castles VEGA3000
    - usb: core: handle hub C_PORT_OVER_CURRENT condition
    - usb: gadget: f_fs: Only return delayed status when len is 0
    - driver core: Partially revert "driver core: correct device's shutdown order"
    - can: xilinx_can: fix RX loop if RXNEMP is asserted without RXOK
    - can: xilinx_can: fix recovery from error states not being propagated
    - can: xilinx_can: fix device dropping off bus on RX overrun
    - can: xilinx_can: keep only 1-2 frames in TX FIFO to fix TX accounting
    - can: xilinx_can: fix incorrect clear of non-processed interrupts
    - can: xilinx_can: fix RX overflow interrupt not being enabled
    - turn off -Wattribute-alias
    - ARM: fix put_user() for gcc-8
    - Linux 4.4.145

* kernel panic - null pointer dereference on ipset operations (LP: #1793753)
    - netfilter: ipset: fix race condition in ipset save, swap and delete
    - netfilter: ipset: Fix race between dump and swap

* Improvements to the kernel source package preparation (LP: #1793461)
    - [Packaging] startnewrelease: add support for backport kernels

* update ENA driver to latest mainline version (LP: #1792044)
    - net: ena: Remove redundant unlikely()
    - net: ena: reduce the severity of some printouts
    - net: ena: fix rare kernel crash when bar memory remap fails
    - net: ena: fix wrong max Tx/Rx queues on ethtool
    - net: ena: improve ENA driver boot time.
    - net: ena: remove legacy suspend suspend/resume support
    - net: ena: add power management ops to the ENA driver
    - net: ena: add statistics for missed tx packets
    - net: ena: add new admin define for future support of IPv6 RSS
    - net: ena: increase ena driver version to 1.3.0
    - net: ena: fix race condition between device reset and link up setup
    - net: ena: add detection and recovery mechanism for handling missed/misrouted
      MSI-X
    - net: ena: increase ena driver version to 1.5.0
    - net: ena: fix error handling in ena_down() sequence
    - net: ena: Eliminate duplicate barriers on weakly-ordered archs
    - SAUCE: ena: devm_kzalloc() -> devm_kcalloc()
    - net: ena: Fix use of uninitialized DMA address bits field
    - net: ena: fix surprise unplug NULL dereference kernel crash
    - net: ena: fix driver when PAGE_SIZE == 64kB
    - net: ena: fix device destruction to gracefully free resources
    - net: ena: fix potential double ena_destroy_device()
    - net: ena: fix missing lock during device destruction
    - net: ena: fix missing calls to READ_ONCE
    - net: ena: fix incorrect usage of memory barriers

-- Kleber Sacilotto de Souza <kleber.souza@canonical.com>  Tue, 02 Oct 2018 14:39:36 +0000

Changed in linux (Ubuntu Xenial):
status:	Fix Committed → Fix Released

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.

Ubuntulinux package