Bug #1683505 “enable CONFIG_CPU_SW_DOMAIN_PAN for raspi2/raspi3” : Bugs : linux-raspi2 package : Ubuntu

Leann Ogasawara (leannogasawara) on 2017-04-18

description:	updated
description:	updated

Revision history for this message

Paolo Pisati (p-pisati) wrote on 2017-05-05:

#1

Xenial doesn't have CONFIG_HARDENED_USERCOPY and CONFIG_SLAB_FREELIST_RANDOM, while CONFIG_DEBUG_LIST and CONFIG_DEBUG_CREDENTIALS are off in -generic (so i'm not taking these into consideration) - the only eligible options there is CPU_SW_DOMAIN_PAN.

In Yakkety, CONFIG_DEBUG_CREDENTIALS and CONFIG_DEBUG_LIST are off in -generic (except for DEBUG_LIST being =y for s390x) so i'm not taking these in consideration, HARDENED_USERCOPY was already =y, while the rest should be synced with -generic.

In Zeisty CONFIG_DEBUG_CREDENTIALS and CONFIG_DEBUG_LIST are off in -generic, so i'm not taking these in consideration, while the rest should be synced.

Kleber Sacilotto de Souza (kleber-souza) on 2017-05-17

Changed in linux-raspi2 (Ubuntu Xenial):
status:	New → Fix Committed

Kleber Sacilotto de Souza (kleber-souza) on 2017-06-06

tags:

added: verification-done-xenial

Revision history for this message

Launchpad Janitor (janitor) wrote on 2017-06-06:

#2

Download full text (10.2 KiB)

This bug was fixed in the package linux-raspi2 - 4.4.0-1057.64

---------------
linux-raspi2 (4.4.0-1057.64) xenial; urgency=low

* linux-raspi2: 4.4.0-1057.64 -proposed tracker (LP: #1692040)

  * linux xenial derivatives fail to build (LP: #1691814)
    - [Packaging] Set do_tools_common in common vars
    - [Packaging] Do not build tools-common

linux-raspi2 (4.4.0-1056.63) xenial; urgency=low

* linux-raspi2: 4.4.0-1056.63 -proposed tracker (LP: #1691182)

* enable CONFIG_CPU_SW_DOMAIN_PAN for raspi2/raspi3 (LP: #1683505)
- [Config] CPU_SW_DOMAIN_PAN=y

[ Ubuntu: 4.4.0-79.100 ]

  * linux: 4.4.0-79.100 -proposed tracker (LP: #1691180)
  * linux-aws/linux-gke incorrectly producing and using linux-*-tools-
    common/linux-*-cloud-tools-common (LP: #1688579)
    - [Config] make linux-tools-common and linux-cloud-tools-common provide linux-
      gke versions
    - [Config] make linux-tools-common and linux-cloud-tools-common provide linux-
      aws versions
    - [Packaging] prevent linux-*-tools-common from being produced from non linux
      packages
  * CVE-2017-0605
    - tracing: Use strlcpy() instead of strcpy() in __trace_find_cmdline()
  * i915-bpo crashes on external hdmi input (LP: #1580272)
    - SAUCE: i915_bpo: Silence the warning about watermark entries not changing
  * Kernel panics on Xenial when using cgroups and strict CFS limits
    (LP: #1687512)
    - sched/fair: Initialize throttle_count for new task-groups lazily
    - sched/fair: Do not announce throttled next buddy in dequeue_task_fair()
  * bonding - mlx5 - speed changed to 0 after changing ring size (LP: #1687877)
    - bonding: allow notifications for bond_set_slave_link_state
  * Xenial update to 4.4.67 stable release (LP: #1689296)
    - timerfd: Protect the might cancel mechanism proper
    - Handle mismatched open calls
    - ASoC: intel: Fix PM and non-atomic crash in bytcr drivers
    - ALSA: ppc/awacs: shut up maybe-uninitialized warning
    - drbd: avoid redefinition of BITS_PER_PAGE
    - mtd: avoid stack overflow in MTD CFI code
    - net: tg3: avoid uninitialized variable warning
    - netlink: Allow direct reclaim for fallback allocation
    - IB/qib: rename BITS_PER_PAGE to RVT_BITS_PER_PAGE
    - IB/ehca: fix maybe-uninitialized warnings
    - ext4: require encryption feature for EXT4_IOC_SET_ENCRYPTION_POLICY
    - ext4 crypto: revalidate dentry after adding or removing the key
    - ext4 crypto: use dget_parent() in ext4_d_revalidate()
    - ext4/fscrypto: avoid RCU lookup in d_revalidate
    - nfsd4: minor NFSv2/v3 write decoding cleanup
    - nfsd: stricter decoding of write-like NFSv2/v3 ops
    - dm ioctl: prevent stack leak in dm ioctl call
    - Linux 4.4.67
  * Precision Rack failed to resume from S4 (LP: #1686061)
    - x86 / hibernate: Use hlt_play_dead() when resuming from hibernation
    - x86/boot: Split out kernel_ident_mapping_init()
    - x86/power/64: Always create temporary identity mapping correctly
  * Xenial update to 4.4.66 stable release (LP: #1688505)
    - f2fs: do more integrity verification for superblock
    - xc2028: unlock on error in xc2028_set_config()
    - ARM: OMAP2+: timer: add probe for clocksources...

This bug was fixed in the package linux-raspi2 - 4.4.0-1057.64

---------------
linux-raspi2 (4.4.0-1057.64) xenial; urgency=low

* linux-raspi2: 4.4.0-1057.64 -proposed tracker (LP: #1692040)

* linux xenial derivatives fail to build (LP: #1691814)
    - [Packaging] Set do_tools_common in common vars
    - [Packaging] Do not build tools-common

linux-raspi2 (4.4.0-1056.63) xenial; urgency=low

* linux-raspi2: 4.4.0-1056.63 -proposed tracker (LP: #1691182)

* enable CONFIG_CPU_SW_DOMAIN_PAN for raspi2/raspi3 (LP: #1683505)
    - [Config] CPU_SW_DOMAIN_PAN=y

[ Ubuntu: 4.4.0-79.100 ]

* linux: 4.4.0-79.100 -proposed tracker (LP: #1691180)
  * linux-aws/linux-gke incorrectly producing and using linux-*-tools-
    common/linux-*-cloud-tools-common (LP: #1688579)
    - [Config] make linux-tools-common and linux-cloud-tools-common provide linux-
      gke versions
    - [Config] make linux-tools-common and linux-cloud-tools-common provide linux-
      aws versions
    - [Packaging] prevent linux-*-tools-common from being produced from non linux
      packages
  * CVE-2017-0605
    - tracing: Use strlcpy() instead of strcpy() in __trace_find_cmdline()
  * i915-bpo crashes on external hdmi input (LP: #1580272)
    - SAUCE: i915_bpo: Silence the warning about watermark entries not changing
  * Kernel panics on Xenial when using cgroups and strict CFS limits
    (LP: #1687512)
    - sched/fair: Initialize throttle_count for new task-groups lazily
    - sched/fair: Do not announce throttled next buddy in dequeue_task_fair()
  * bonding - mlx5 - speed changed to 0 after changing ring size  (LP: #1687877)
    - bonding: allow notifications for bond_set_slave_link_state
  * Xenial update to 4.4.67 stable release (LP: #1689296)
    - timerfd: Protect the might cancel mechanism proper
    - Handle mismatched open calls
    - ASoC: intel: Fix PM and non-atomic crash in bytcr drivers
    - ALSA: ppc/awacs: shut up maybe-uninitialized warning
    - drbd: avoid redefinition of BITS_PER_PAGE
    - mtd: avoid stack overflow in MTD CFI code
    - net: tg3: avoid uninitialized variable warning
    - netlink: Allow direct reclaim for fallback allocation
    - IB/qib: rename BITS_PER_PAGE to RVT_BITS_PER_PAGE
    - IB/ehca: fix maybe-uninitialized warnings
    - ext4: require encryption feature for EXT4_IOC_SET_ENCRYPTION_POLICY
    - ext4 crypto: revalidate dentry after adding or removing the key
    - ext4 crypto: use dget_parent() in ext4_d_revalidate()
    - ext4/fscrypto: avoid RCU lookup in d_revalidate
    - nfsd4: minor NFSv2/v3 write decoding cleanup
    - nfsd: stricter decoding of write-like NFSv2/v3 ops
    - dm ioctl: prevent stack leak in dm ioctl call
    - Linux 4.4.67
  * Precision Rack failed to resume from S4 (LP: #1686061)
    - x86 / hibernate: Use hlt_play_dead() when resuming from hibernation
    - x86/boot: Split out kernel_ident_mapping_init()
    - x86/power/64: Always create temporary identity mapping correctly
  * Xenial update to 4.4.66 stable release (LP: #1688505)
    - f2fs: do more integrity verification for superblock
    - xc2028: unlock on error in xc2028_set_config()
    - ARM: OMAP2+: timer: add probe for clocksources
    - clk: sunxi: Add apb0 gates for H3
    - crypto: testmgr - fix out of bound read in __test_aead()
    - drm/amdgpu: fix array out of bounds
    - ext4: check if in-inode xattr is corrupted in ext4_expand_extra_isize_ea()
    - md:raid1: fix a dead loop when read from a WriteMostly disk
    - MIPS: Fix crash registers on non-crashing CPUs
    - net: cavium: liquidio: Avoid dma_unmap_single on uninitialized ndata
    - net_sched: close another race condition in tcf_mirred_release()
    - RDS: Fix the atomicity for congestion map update
    - regulator: core: Clear the supply pointer if enabling fails
    - usb: gadget: f_midi: Fixed a bug when buflen was smaller than wMaxPacketSize
    - xen/x86: don't lose event interrupts
    - sparc64: kern_addr_valid regression
    - sparc64: Fix kernel panic due to erroneous #ifdef surrounding pmd_write()
    - net: neigh: guard against NULL solicit() method
    - net: phy: handle state correctly in phy_stop_machine
    - l2tp: purge socket queues in the .destruct() callback
    - l2tp: take reference on sessions being dumped
    - l2tp: fix PPP pseudo-wire auto-loading
    - net: ipv4: fix multipath RTM_GETROUTE behavior when iif is given
    - sctp: listen on the sock only when it's state is listening or closed
    - tcp: clear saved_syn in tcp_disconnect()
    - dp83640: don't recieve time stamps twice
    - net: ipv6: RTF_PCPU should not be settable from userspace
    - netpoll: Check for skb->queue_mapping
    - ip6mr: fix notification device destruction
    - macvlan: Fix device ref leak when purging bc_queue
    - ipv6: check skb->protocol before lookup for nexthop
    - ipv6: check raw payload size correctly in ioctl
    - ALSA: firewire-lib: fix inappropriate assignment between signed/unsigned
      type
    - ALSA: seq: Don't break snd_use_lock_sync() loop by timeout
    - MIPS: KGDB: Use kernel context for sleeping threads
    - MIPS: Avoid BUG warning in arch_check_elf
    - p9_client_readdir() fix
    - Input: i8042 - add Clevo P650RS to the i8042 reset list
    - nfsd: check for oversized NFSv2/v3 arguments
    - ARCv2: save r30 on kernel entry as gcc uses it for code-gen
    - ftrace/x86: Fix triple fault with graph tracing and suspend-to-ram
    - Linux 4.4.66
  * Xenial update to 4.4.65 stable release (LP: #1688483)
    - tipc: make sure IPv6 header fits in skb headroom
    - tipc: make dist queue pernet
    - tipc: re-enable compensation for socket receive buffer double counting
    - tipc: correct error in node fsm
    - tty: nozomi: avoid a harmless gcc warning
    - hostap: avoid uninitialized variable use in hfa384x_get_rid
    - gfs2: avoid uninitialized variable warning
    - tipc: fix random link resets while adding a second bearer
    - tipc: fix socket timer deadlock
    - xc2028: avoid use after free
    - netfilter: nfnetlink: correctly validate length of batch messages
    - tipc: check minimum bearer MTU
    - vfio/pci: Fix integer overflows, bitmask check
    - staging/android/ion : fix a race condition in the ion driver
    - ping: implement proper locking
    - perf/core: Fix concurrent sys_perf_event_open() vs. 'move_group' race
    - Linux 4.4.65
  * Xenial update to 4.4.64 stable release (LP: #1687638)
    - KEYS: Disallow keyrings beginning with '.' to be joined as session keyrings
    - KEYS: Change the name of the dead type to ".dead" to prevent user access
    - KEYS: fix keyctl_set_reqkey_keyring() to not leak thread keyrings
    - tracing: Allocate the snapshot buffer before enabling probe
    - ring-buffer: Have ring_buffer_iter_empty() return true when empty
    - cifs: Do not send echoes before Negotiate is complete
    - CIFS: remove bad_network_name flag
    - s390/mm: fix CMMA vs KSM vs others
    - VSOCK: Detach QP check should filter out non matching QPs.
    - Input: elantech - add Fujitsu Lifebook E547 to force crc_enabled
    - ACPI / power: Avoid maybe-uninitialized warning
    - mmc: sdhci-esdhc-imx: increase the pad I/O drive strength for DDR50 card
    - mac80211: reject ToDS broadcast data frames
    - ubi/upd: Always flush after prepared for an update
    - powerpc/kprobe: Fix oops when kprobed on 'stdu' instruction
    - x86/mce/AMD: Give a name to MCA bank 3 when accessed with legacy MSRs
    - kvm: arm/arm64: Fix locking for kvm_free_stage2_pgd
    - x86, pmem: fix broken __copy_user_nocache cache-bypass assumptions
    - block: fix del_gendisk() vs blkdev_ioctl crash
    - tipc: fix crash during node removal
    - Linux 4.4.64
  * Xenial update to 4.4.63 stable release (LP: #1687629)
    - cgroup, kthread: close race window where new kthreads can be migrated to
      non-root cgroups
    - thp: fix MADV_DONTNEED vs clear soft dirty race
    - drm/nouveau/mpeg: mthd returns true on success now
    - drm/nouveau/mmu/nv4a: use nv04 mmu rather than the nv44 one
    - CIFS: store results of cifs_reopen_file to avoid infinite wait
    - Input: xpad - add support for Razer Wildcat gamepad
    - perf/x86: Avoid exposing wrong/stale data in intel_pmu_lbr_read_32()
    - x86/vdso: Ensure vdso32_enabled gets set to valid values only
    - x86/vdso: Plug race between mapping and ELF header setup
    - acpi, nfit, libnvdimm: fix interleave set cookie calculation (64-bit
      comparison)
    - iscsi-target: Fix TMR reference leak during session shutdown
    - iscsi-target: Drop work-around for legacy GlobalSAN initiator
    - scsi: sr: Sanity check returned mode data
    - scsi: sd: Consider max_xfer_blocks if opt_xfer_blocks is unusable
    - scsi: sd: Fix capacity calculation with 32-bit sector_t
    - xen, fbfront: fix connecting to backend
    - libnvdimm: fix reconfig_mutex, mmap_sem, and jbd2_handle lockdep splat
    - irqchip/irq-imx-gpcv2: Fix spinlock initialization
    - ftrace: Fix removing of second function probe
    - char: Drop bogus dependency of DEVPORT on !M68K
    - char: lack of bool string made CONFIG_DEVPORT always on
    - Revert "MIPS: Lantiq: Fix cascaded IRQ setup"
    - kvm: fix page struct leak in handle_vmon
    - zram: do not use copy_page with non-page aligned address
    - powerpc: Disable HFSCR[TM] if TM is not supported
    - crypto: ahash - Fix EINPROGRESS notification callback
    - ath9k: fix NULL pointer dereference
    - dvb-usb-v2: avoid use-after-free
    - ext4: fix inode checksum calculation problem if i_extra_size is small
    - platform/x86: acer-wmi: setup accelerometer when machine has appropriate
      notify event
    - rtc: tegra: Implement clock handling
    - mm: Tighten x86 /dev/mem with zeroing reads
    - dvb-usb: don't use stack for firmware load
    - dvb-usb-firmware: don't do DMA on stack
    - virtio-console: avoid DMA from stack
    - pegasus: Use heap buffers for all register access
    - rtl8150: Use heap buffers for all register access
    - catc: Combine failure cleanup code in catc_probe()
    - catc: Use heap buffer for memory size test
    - tty/serial: atmel: RS485 half duplex w/DMA: enable RX after TX is done
    - net: ipv6: check route protocol when deleting routes
    - MIPS: fix Select HAVE_IRQ_EXIT_ON_IRQ_STACK patch.
    - Linux 4.4.63

-- Thadeu Lima de Souza Cascardo <cascardo@canonical.com>  Fri, 19 May 2017 11:52:40 -0300

Changed in linux-raspi2 (Ubuntu Xenial):
status:	Fix Committed → Fix Released

Juerg Haefliger (juergh) on 2017-06-30

Changed in linux-raspi2 (Ubuntu Yakkety):
status:	New → Fix Committed
Changed in linux-raspi2 (Ubuntu Zesty):
status:	New → Fix Committed

	Status	Importance	Assigned to
linux-raspi2 (Ubuntu)	New	Undecided	Unassigned
Xenial	Fix Released	Undecided	Unassigned
Yakkety	Fix Committed	Undecided	Unassigned
Zesty	Fix Committed	Undecided	Unassigned

Ubuntu
linux-raspi2 package

enable CONFIG_CPU_SW_DOMAIN_PAN for raspi2/raspi3

Bug Description

CVE References

Other bug subscribers

Remote bug watches

Ubuntulinux-raspi2 package