Quantal update to v3.5.7.29 stable release

Bug #1277722 reported by Joseph Salisbury on 2014-02-07
14
This bug affects 2 people
Affects Status Importance Assigned to Milestone
linux (Ubuntu)
Undecided
Unassigned
Quantal
Medium
Unassigned

Bug Description

SRU Justification

    Impact:
       The upstream process for stable tree updates is quite similar
       in scope to the Ubuntu SRU process, e.g., each patch has to
       demonstrably fix a bug, and each patch is vetted by upstream
       by originating either directly from Linus' tree or in a minimally
       backported form of that patch. The v3.5.7.29 upstream stable
       patch set is now available. It should be included in the Ubuntu
       kernel as well.

       git://git.kernel.org/

    TEST CASE: TBD

       The following patches are in the v3.5.7.29 stable release:

Linux 3.5.7.29
SELinux: Fix possible NULL pointer dereference in selinux_inode_permission()
mac80211: move "bufferable MMPDU" check to fix AP mode scan
x86, fpu, amd: Clear exceptions in AMD FXSAVE workaround
bridge: use spin_lock_bh() in br_multicast_set_hash_max
net: llc: fix use after free in llc_ui_recvmsg
vlan: Fix header ops passthru when doing TX VLAN offload.
net: rose: restore old recvmsg behavior
rds: prevent dereference of a NULL device
hamradio/yam: fix info leak in ioctl
drivers/net/hamradio: Integer overflow in hdlcdrv_ioctl()
net: inet_diag: zero out uninitialized idiag_{src,dst} fields
net: unix: allow bind to fail on mutex lock
netvsc: don't flush peers notifying work during setting mtu
tg3: Initialize REG_BASE_ADDR at PCI config offset 120 to 0
net: unix: allow set_peek_off to fail
net: drop_monitor: fix the value of maxattr
ipv6: don't count addrconf generated routes against gc limit
macvtap: signal truncated packets
tun: update file current position
macvtap: update file current position
macvtap: Do not double-count received packets
rds: prevent BUG_ON triggered on congestion update to loopback
net: do not pretend FRAGLIST support
sched: Guarantee new group-entities always have weight
sched: Fix hrtimer_cancel()/rq->lock deadlock
sched: Fix cfs_bandwidth misuse of hrtimer_expires_remaining
sched: Fix race on toggling cfs_bandwidth_used
ftrace: Check module functions being traced on reload
mm: ensure get_unmapped_area() returns higher address than mmap_min_addr
Revert "mm: ensure get_unmapped_area() returns higher address than mmap_min_addr"
ceph: Avoid data inconsistency due to d-cache aliasing in readpage()
sh: always link in helper functions extracted from libgcc
jbd2: don't BUG but return ENOSPC if a handle runs out of space
GFS2: Fix incorrect invalidation for DIO/buffered I/O
GFS2: don't hold s_umount over blkdev_put
Input: allocate absinfo data when setting ABS capability
powerpc: Align p_end
ath9k_htc: properly set MAC address and BSSID mask
ARM: fix "bad mode in ... handler" message for undefined instructions
powerpc: Fix bad stack check in exception entry
selinux: selinux_setprocattr()->ptrace_parent() needs rcu_read_lock()
selinux: fix broken peer recv check
drm/radeon: 0x9649 is SUMO2 not SUMO
ext4: add explicit casts when masking cluster sizes
drm/radeon: fix asic gfx values for scrapper asics
libata, freezer: avoid block device removal while system is frozen
dm9601: work around tx fifo sync issue on dm962x
dm9601: fix reception of full size ethernet frames on dm9620/dm9621a
net_dma: mark broken
ASoC: wm8904: fix DSP mode B configuration
iio:adc:ad7887 Fix channel reported endianness from cpu to big endian
cpupower: Fix segfault due to incorrect getopt_long arugments
ath9k: Fix interrupt handling for the AR9002 family
rtlwifi: pci: Fix oops on driver unload
ALSA: Add SNDRV_PCM_STATE_PAUSED case in wait_for_avail function
sched/rt: Fix rq's cpupri leak while enqueue/dequeue child RT entities
drm/edid: add quirk for BPC in Samsung NP700G7A-S01PL notebook
libata: disable a disk via libata.force params
ftrace: Initialize the ftrace profiler for each possible cpu
radiotap: fix bitmap-end-finding buffer overrun
gpio: msm: Fix irq mask/unmask by writing bits instead of numbers
ALSA: hda - Add enable_msi=0 workaround for four HP machines
drm/radeon: Fix sideport problems on certain RS690 boards
iscsi-target: Fix-up all zero data-length CDBs with R/W_BIT set
drm/i915: don't update the dri1 breadcrumb with modesetting
xhci: Limit the spurious wakeup fix only to HP machines
scripts/link-vmlinux.sh: only filter kernel symbols for arm
usb: cdc-wdm: manage_power should always set needs_remote_wakeup
ext4: fix del_timer() misuse for ->s_err_report
ext2: Fix oops in ext2_get_block() called from ext2_quota_write()
ext4: check for overlapping extents in ext4_valid_extent_entries()
ext4: fix use-after-free in ext4_mb_new_blocks
libata: add ATA_HORKAGE_BROKEN_FPDMA_AA quirk for Seagate Momentus SpinPoint M8
powerpc: kvm: fix rare but potential deadlock scene
ceph: wake up 'safe' waiters when unregistering request
ceph: cleanup aborted requests when re-sending requests.
TTY: pmac_zilog, check existence of ports in pmz_console_init()
Staging: zram: Fix memory leak by refcount mismatch
ARM: pxa: prevent PXA270 occasional reboot freezes
Staging: zram: Fix access of NULL pointer
IB/qib: Convert qib_user_sdma_pin_pages() to use get_user_pages_fast()
KVM: IOMMU: hva align mapping page size
dm mpath: fix race condition between multipath_dtr and pg_init_done
mm/hugetlb: check for pte NULL pointer in __page_check_address()
intel_idle: enable IVB Xeon support
intel_idle: initial IVB support
selinux: process labeled IPsec TCP SYN-ACK packets properly in selinux_ip_postroute()
selinux: look for IPsec labels on both inbound and outbound packets
HID: Bump maximum global item tag report size to 128 bytes
staging: comedi: pcmuio: fix possible NULL deref on detach
staging: comedi: ssv_dnp: use comedi_dio_update_state()
[media] cxd2820r_core: fix sparse warnings
sc1200_wdt: Fix oops
Input: usbtouchscreen - separate report and transmit buffer size handling
ARM: OMAP2+: hwmod: Fix SOFTRESET logic
ARM: OMAP3: hwmod data: Don't prevent RESET of USB Host module
Linux 3.5.7.28
xfs: underflow bug in xfs_attrlist_by_handle()
MIPS: DMA: For BMIPS5000 cores flush region just like non-coherent R10000
drivers/rtc/rtc-at91rm9200.c: correct alarm over day/month wrap
selinux: handle TCP SYN-ACK packets correctly in selinux_ip_postroute()
selinux: handle TCP SYN-ACK packets correctly in selinux_ip_output()
KVM: x86: Convert vapic synchronization to _cached functions (CVE-2013-6368)
KVM: x86: Fix potential divide by 0 in lapic (CVE-2013-6367)
KVM: Improve create VCPU parameter (CVE-2013-4587)
futex: fix handling of read-only-mapped hugepages
hwmon: Prevent some divide by zeros in FAN_TO_REG()
hwmon: (w83l768ng) Fix fan speed control range
hwmon: (w83l786ng) Fix fan speed control mode setting and reporting
ARM: pxa: tosa: fix keys mapping
dm bufio: initialize read-only module parameters
x86, efi: Don't use (U)EFI time services on 32 bit
x86, build, icc: Remove uninitialized_var() from compiler-intel.h
dm table: fail dm_table_create on dm_round_up overflow
dm snapshot: avoid snapshot space leak on crash
ALSA: memalloc.h - fix wrong truncation of dma_addr_t
ARM: 7913/1: fix framepointer check in unwind_frame
ARM: 7912/1: check stack pointer in get_wchan
crypto: scatterwalk - Use sg_chain_ptr on chain entries
crypto: scatterwalk - Set the chain pointer indication bit
drivers/char/i8k.c: add Dell XPLS L421X
usb: hub: Use correct reset for wedged USB3 devices that are NOTATTACHED
drm/radeon: fixup bad vram size on SI
USB: cdc-acm: Added support for the Lenovo RD02-D400 USB Modem
USB: pl2303: fixed handling of CS5 setting
USB: ftdi_sio: fixed handling of unsupported CSIZE setting
USB: mos7840: correct handling of CS5 setting
USB: spcp8x5: correct handling of CS5 setting
USB: option: support new huawei devices
USB: serial: option: blacklist interface 1 for Huawei E173s-6
[media] saa7164: fix return value check in saa7164_initdev()
usb: dwc3: fix implementation of endpoint wedge
usb: gadget: composite: reset delayed_status on reset_config
USB: serial: fix race in generic write
mac80211: don't attempt to reorder multicast frames
dm delay: fix a possible deadlock due to shared workqueue
nfs: fix do_div() warning by instead using sector_div()
sched: Avoid throttle_cfs_rq() racing with period_timer stopping
NFSv4 wait on recovery for async session errors
9p: send uevent after adding/removing mount_tag attribute
HID: apple: option to swap the 'Option' ("Alt") and 'Command' ("Flag") keys.
HID: roccat: fix Coverity CID 141438
HID: hid-multitouch: add support for SiS panels
HID: add quirk for Freescale i.MX23 ROM recovery
i2c: i801: SMBus patch for Intel Avoton DeviceIDs
Input: mousedev - allow disabling even without CONFIG_EXPERT
Input: allow deselecting serio drivers even without CONFIG_EXPERT
video: kyro: fix incorrect sizes when copying to userspace
iommu/vt-d: Fixed interaction of VFIO_IOMMU_MAP_DMA with IOMMU address limits
elevator: acquire q->sysfs_lock in elevator_change()
dm: fix truncated status strings
um: add missing declaration of 'getrlimit()' and friends
iwlwifi: dvm: don't override mac80211's queue setting
cpuidle: Check for dev before deregistering it.
ASoC: wm8731: fix dsp mode configuration
powerpc/gpio: Fix the wrong GPIO input data on MPC8572/MPC8536
[SCSI] enclosure: fix WARN_ON in dual path device removing
ALSA: hda - Another fixup for ASUS laptop with ALC660 codec
[SCSI] hpsa: return 0 from driver probe function on success, not 1
[SCSI] hpsa: do not discard scsi status on aborted commands
ARM: footbridge: fix VGA initialisation
net: smc91: fix crash regression on the versatile
ALSA: hda - Fix silent output on ASUS W7J laptop
crypto: ccm - Fix handling of zero plaintext when computing mac
crypto: s390 - Fix aes-xts parameter corruption
s390/crypto: Don't panic after crypto instruction failures
crypto: authenc - Find proper IV address in ablkcipher callback
[SCSI] libsas: fix usage of ata_tf_to_fis
xen/gnttab: leave lazy MMU mode in the case of a m2p override failure
irq: Enable all irqs unconditionally in irq_resume
ASoC: wm8990: Mark the register map as dirty when powering down
Update of blkg_stat and blkg_rwstat may happen in bh context. While u64_stats_fetch_retry is only preempt_disable on 32bit UP system. This is not enough to avoid preemption by bh and may read strange 64 bit value.
NFSv4: Update list of irrecoverable errors on DELEGRETURN
mmc: block: fix a bug of error handling in MMC driver
bridge: flush br's address entry in fdb when remove the
{pktgen, xfrm} Update IPv4 header total len and checksum after tranformation
af_packet: block BH in prb_shutdown_retire_blk_timer()
ipv6: fix possible seqlock deadlock in ip6_finish_output2
inet: fix possible seqlock deadlocks
net: clamp ->msg_namelen instead of returning an error
net: update consumers of MSG_MORE to recognize MSG_SENDPAGE_NOTLAST
ipv6: fix leaking uninitialized port number of offender sockaddr
inet: fix addr_len/msg->msg_namelen assignment in recv_error and rxpmtu functions
packet: fix use after free race in send path when dev is released
net: add BUG_ON if kernel advertises msg_namelen > sizeof(struct sockaddr_storage)
net: rework recvmsg handler msg_name and msg_namelen logic
net: core: Always propagate flag changes to interfaces
atm: idt77252: fix dev refcnt leak
inet: prevent leakage of uninitialized memory to user in recv syscalls
ipv4: fix possible seqlock deadlock
connector: improved unaligned access error fix
isdnloop: use strlcpy() instead of strcpy()
bonding: fix two race conditions in bond_store_updelay/downdelay
6lowpan: Uncompression of traffic class field was incorrect
bonding: don't permit to use ARP monitoring in 802.3ad mode
random32: fix off-by-one in seeding requirement
ipv6: use rt6_get_dflt_router to get default router in rt6_route_rcv
net: Fix "ip rule delete table 256"
[media] lirc_zilog: Don't use dynamic static allocation

tags: added: kernel-stable-tracking-bug
description: updated
Changed in linux (Ubuntu Quantal):
importance: Undecided → Medium
Launchpad Janitor (janitor) wrote :

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in linux (Ubuntu Quantal):
status: New → Confirmed
Changed in linux (Ubuntu):
status: New → Confirmed
Launchpad Janitor (janitor) wrote :
Download full text (22.3 KiB)

This bug was fixed in the package linux - 3.5.0-47.71

---------------
linux (3.5.0-47.71) quantal; urgency=low

  [ Brad Figg ]

  * Release Tracking Bug
    - LP: #1281828

  [ Upstream Kernel Changes ]

  * Revert "mm: ensure get_unmapped_area() returns higher address than
    mmap_min_addr"
    - LP: #1277722
  * net: clamp ->msg_namelen instead of returning an error
    - LP: #1269053
  * netfilter: nf_conntrack: avoid large timeout for mid-stream pickup
    - LP: #1270237
  * SELinux: Fix kernel BUG on empty security contexts.
    - CVE-2014-1874
  * lirc_zilog: Don't use dynamic static allocation
    - LP: #1277722
  * net: Fix "ip rule delete table 256"
    - LP: #1277722
  * ipv6: use rt6_get_dflt_router to get default router in rt6_route_rcv
    - LP: #1277722
  * random32: fix off-by-one in seeding requirement
    - LP: #1277722
  * bonding: don't permit to use ARP monitoring in 802.3ad mode
    - LP: #1277722
  * 6lowpan: Uncompression of traffic class field was incorrect
    - LP: #1277722
  * bonding: fix two race conditions in bond_store_updelay/downdelay
    - LP: #1277722
  * isdnloop: use strlcpy() instead of strcpy()
    - LP: #1277722
  * connector: improved unaligned access error fix
    - LP: #1277722
  * ipv4: fix possible seqlock deadlock
    - LP: #1277722
  * inet: prevent leakage of uninitialized memory to user in recv syscalls
    - LP: #1277722
  * atm: idt77252: fix dev refcnt leak
    - LP: #1277722
  * net: core: Always propagate flag changes to interfaces
    - LP: #1277722
  * net: rework recvmsg handler msg_name and msg_namelen logic
    - LP: #1277722
  * net: add BUG_ON if kernel advertises msg_namelen > sizeof(struct
    sockaddr_storage)
    - LP: #1277722
  * packet: fix use after free race in send path when dev is released
    - LP: #1277722
  * inet: fix addr_len/msg->msg_namelen assignment in recv_error and rxpmtu
    functions
    - LP: #1277722
  * ipv6: fix leaking uninitialized port number of offender sockaddr
    - LP: #1277722
  * net: update consumers of MSG_MORE to recognize MSG_SENDPAGE_NOTLAST
    - LP: #1277722
  * inet: fix possible seqlock deadlocks
    - LP: #1277722
  * ipv6: fix possible seqlock deadlock in ip6_finish_output2
    - LP: #1277722
  * af_packet: block BH in prb_shutdown_retire_blk_timer()
    - LP: #1277722
  * {pktgen, xfrm} Update IPv4 header total len and checksum after
    tranformation
    - LP: #1277722
  * bridge: flush br's address entry in fdb when remove the
    - LP: #1277722
  * mmc: block: fix a bug of error handling in MMC driver
    - LP: #1277722
  * NFSv4: Update list of irrecoverable errors on DELEGRETURN
    - LP: #1277722
  * Update of blkg_stat and blkg_rwstat may happen in bh context. While
    u64_stats_fetch_retry is only preempt_disable on 32bit UP system. This
    is not enough to avoid preemption by bh and may read strange 64 bit
    value.
    - LP: #1277722
  * ASoC: wm8990: Mark the register map as dirty when powering down
    - LP: #1277722
  * irq: Enable all irqs unconditionally in irq_resume
    - LP: #1277722
  * xen/gnttab: leave lazy MMU mode in the case of a m2p override failure
    - LP: #1277722
  * libsas: fix usage of ata_tf_to_f...

Changed in linux (Ubuntu Quantal):
status: Confirmed → Fix Released
Changed in linux (Ubuntu):
status: Confirmed → Invalid
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers