Ubuntu
linux package

Vivid update to 3.19.7 stable release

Bug #1454699 reported by Luis Henriques
10
This bug affects 1 person
Affects Status Importance Assigned to Milestone
linux (Ubuntu)
Fix Released
Undecided
Unassigned
Vivid
Fix Released
Undecided
Luis Henriques

Bug Description

SRU Justification

    Impact:
       The upstream process for stable tree updates is quite similar
       in scope to the Ubuntu SRU process, e.g., each patch has to
       demonstrably fix a bug, and each patch is vetted by upstream
       by originating either directly from Linus' tree or in a minimally
       backported form of that patch. The 3.19.7 upstream stable
       patch set is now available. It should be included in the Ubuntu
       kernel as well.

       git://git.kernel.org/

    TEST CASE: TBD

       The following patches are in the 3.19.7 stable release:

ip_forward: Drop frames with attached skb->sk
net: add skb_checksum_complete_unset
ppp: call skb_checksum_complete_unset in ppp_receive_frame
tcp: fix possible deadlock in tcp_send_fin()
tcp: avoid looping in tcp_send_fin()
net: do not deplete pfmemalloc reserve
net: fix crash in build_skb()
pxa168: fix double deallocation of managed resources
net/mlx4_en: Prevent setting invalid RSS hash function
md: fix md io stats accounting broken
x86/asm/decoder: Fix and enforce max instruction size in the insn decoder
sched/idle/x86: Restore mwait_idle() to fix boot hangs, to improve power savings and to improve performance
sched/idle/x86: Optimize unnecessary mwait_idle() resched IPIs
perf/x86/intel: Fix Core2,Atom,NHM,WSM cycles:pp events
KVM: x86: Fix MSR_IA32_BNDCFGS in msrs_to_save
Btrfs: fix log tree corruption when fs mounted with -o discard
btrfs: don't accept bare namespace as a valid xattr
Btrfs: fix inode eviction infinite loop after cloning into it
Btrfs: fix inode eviction infinite loop after extent_same ioctl
usb: gadget: printer: enqueue printer's response for setup request
KVM: s390: fix handling of write errors in the tpi handler
KVM: s390: reinjection of irqs can fail in the tpi handler
KVM: s390: Zero out current VMDB of STSI before including level3 data.
KVM: s390: no need to hold the kvm->mutex for floating interrupts
KVM: s390: fix get_all_floating_irqs
s390/hibernate: fix save and restore of kernel text section
KVM: use slowpath for cross page cached accesses
KVM: arm/arm64: check IRQ number on userland injection
KVM: arm/arm64: vgic: vgic_init returns -ENODEV when no online vcpu
ARM: KVM: Fix size check in __coherent_cache_guest_page
arm64: KVM: Fix stage-2 PGD allocation to have per-page refcounting
arm64: KVM: Do not use pgd_index to index stage-2 pgd
arm/arm64: KVM: Keep elrsr/aisr in sync with software model
MIPS: KVM: Handle MSA Disabled exceptions from guest
MIPS: lose_fpu(): Disable FPU when MSA enabled
MIPS: Malta: Detect and fix bad memsize values
MIPS: asm: asm-eva: Introduce kernel load/store variants
MIPS: Loongson-3: Add IRQF_NO_SUSPEND to Cascade irqaction
MIPS: Hibernate: flush TLB entries earlier
staging: panel: fix lcd type
staging: android: sync: Fix memory corruption in sync_timeline_signal().
staging: vt6655: use ieee80211_tx_info to select packet type.
drivers/base: cacheinfo: validate device node for all the caches
cdc-wdm: fix endianness bug in debug statements
mmc: sunxi: Use devm_reset_control_get_optional() for reset control
spi: imx: read back the RX/TX watermark levels earlier
spi: spidev: fix possible arithmetic overflow for multi-transfer message
compal-laptop: Fix leaking hwmon device
compal-laptop: Check return value of power_supply_register
ring-buffer: Replace this_cpu_*() with __this_cpu_*()
power_supply: twl4030_madc: Check return value of power_supply_register
power_supply: lp8788-charger: Fix leaked power supply on probe fail
power_supply: ipaq_micro_battery: Fix leaking workqueue
power_supply: ipaq_micro_battery: Check return values in probe
NFS: fix BUG() crash in notify_change() with patch to chown_common()
ARM: fix broken hibernation
ARM: 8320/1: fix integer overflow in ELF_ET_DYN_BASE
ARM: mvebu: Disable CPU Idle on Armada 38x
ARM: S3C64XX: Use fixed IRQ bases to avoid conflicts on Cragganmore
ARM: at91/dt: sama5d3 xplained: add phy address for macb1
ARM: dts: dove: Fix uart[23] reg property
ARM: dts: fix mmc node updates for exynos5250-spring
usb: musb: core: fix TX/RX endpoint order
usb: phy: Find the right match in devm_usb_phy_match
usb: define a generic USB_RESUME_TIMEOUT macro
usb: musb: use new USB_RESUME_TIMEOUT
usb: host: oxu210hp: use new USB_RESUME_TIMEOUT
usb: host: fusbh200: use new USB_RESUME_TIMEOUT
usb: host: uhci: use new USB_RESUME_TIMEOUT
usb: host: fotg210: use new USB_RESUME_TIMEOUT
usb: host: r8a66597: use new USB_RESUME_TIMEOUT
usb: host: isp116x: use new USB_RESUME_TIMEOUT
usb: host: xhci: use new USB_RESUME_TIMEOUT
usb: host: ehci: use new USB_RESUME_TIMEOUT
usb: host: sl811: use new USB_RESUME_TIMEOUT
usb: core: hub: use new USB_RESUME_TIMEOUT
clk: at91: usb: propagate rate modification to the parent clk
ALSA: hda - Add dock support for ThinkPad X250 (17aa:2226)
ALSA: emu10k1: don't deadlock in proc-functions
ALSA: hda/realtek - Enable the ALC292 dock fixup on the Thinkpad T450
ALSA: hda - fix "num_steps = 0" error on ALC256
ALSA: hda/realtek - Fix Headphone Mic doesn't recording for ALC256
Input: elantech - fix absolute mode setting on some ASUS laptops
mfd: core: Fix platform-device name collisions
fs/binfmt_elf.c: fix bug in loading of PIE binaries
ptrace: fix race between ptrace_resume() and wait_task_stopped()
NFC: st21nfcb: Retry i2c_master_send if it returns a negative value
rtlwifi: rtl8192cu: Add new USB ID
rtlwifi: rtl8192cu: Add new device ID
ext4: make fsync to sync parent dir in no-journal for real this time
mnt: Improve the umount_tree flags
mnt: Don't propagate umounts in __detach_mounts
perf symbols: Define STT_GNU_IFUNC for glibc 2.9 and older.
perf tools: Fix perf-read-vdsox32 not building and lib64 install dir
perf tools: Work around lack of sched_getcpu in glibc < 2.6.
tools lib traceevent kbuffer: Remove extra update to data pointer in PADDING
tools/power turbostat: Use $(CURDIR) instead of $(PWD) and add support for O= option in Makefile
UBI: account for bitflips in both the VID header and data
UBI: fix out of bounds write
UBI: initialize LEB number variable
UBI: fix check for "too many bytes"
scsi: storvsc: Fix a bug in copy_from_bounce_buffer()
target: Fix COMPARE_AND_WRITE with SG_TO_MEM_NOALLOC handling
target/file: Fix BUG() when CONFIG_DEBUG_SG=y and DIF protection enabled
target/file: Fix UNMAP with DIF protection support
target/file: Fix SG table for prot_buf initialization
iser-target: Fix session hang in case of an rdma read DIF error
iser-target: Fix possible deadlock in RDMA_CM connection error
Bluetooth: ath3k: Add support Atheros AR5B195 combo Mini PCIe card
arm64: fix midr range for Cortex-A57 erratum 832075
arm64: head.S: ensure visibility of page tables
arm64: apply alternatives for !SMP kernels
arm64: errata: add workaround for cortex-a53 erratum #845719
powerpc/powernv: Don't map M64 segments using M32DT
powerpc: Fix missing L2 cache size in /sys/devices/system/cpu
powerpc/cell: Fix crash in iic_setup_cpu() after per_cpu changes
powerpc/cell: Fix cell iommu after it_page_shift changes
ASoC: cs4271: Increase delay time after reset
ASoC: wm8741: Fix rates constraints values
ASoC: davinci-evm: drop un-necessary remove function
ASoC: pcm512x: Add 'Analogue' prefix to analogue volume controls
ACPICA: Utilities: split IO address types from data type models.
ACPICA: Tables: Don't release ACPI_MTX_TABLES in acpi_tb_install_standard_table().
ACPI / scan: Annotate physical_node_lock in acpi_scan_is_offline()
xtensa: xtfpga: fix hardware lockup caused by LCD driver
xtensa: provide __NR_sync_file_range2 instead of __NR_sync_file_range
xtensa: ISS: fix locking in TAP network adapter
gpio: mvebu: Fix mask/unmask managment per irq chip type
clk: samsung: exynos4: Disable ARMCLK down feature on Exynos4210 SoC
clk: tegra: Register the proper number of resets
clk: qcom: Fix i2c frequency table
clk: qcom: fix RCG M/N counter configuration
dm crypt: fix deadlock when async crypto algorithm returns -EBUSY
sd: Unregister integrity profile
sd: Fix missing ATO tag check
Drivers: hv: vmbus: Fix a bug in the error path in vmbus_open()
mvsas: fix panic on expander attached SATA devices
rc: img-ir: fix error in parameters passed to irq_free()
stk1160: Make sure current buffer is released
IB/core: disallow registering 0-sized memory region
IB/core: don't disallow registering region starting at 0x0
IB/mlx4: Fix WQE LSO segment calculation
IB/iser: Fix wrong calculation of protection buffer length
tracing: Handle ftrace_dump() atomic context in graph_trace_open()
tracing: Fix incorrect enabling of trace events by boot cmdline
i2c: mux: use proper dev when removing "channel-X" symlinks
i2c: rk3x: report number of messages transmitted
i2c: core: Export bus recovery functions
drm/radeon: fix doublescan modes (v2)
drm/i915: Dont enable CS_PARSER_ERROR interrupts at all
drm: adv7511: Fix DDC error interrupt handling
drm: adv7511: Fix nested sleep when reading EDID
drm/i915: vlv: fix save/restore of GFX_MAX_REQ_COUNT reg
drm/i915: cope with large i2c transfers
RCU pathwalk breakage when running into a symlink overmounting something
Revert "nfs: replace nfs_add_stats with nfs_inc_stats when add one"
nfsd4: disallow ALLOCATE with special stateids
nfsd4: fix READ permission checking
nfsd4: disallow SEEK with special stateids
nfsd: eliminate NFSD_DEBUG
NFS: Add a stub for GETDEVICELIST
e1000: add dummy allocator to fix race condition between mtu change and netpoll
mac80211: send AP probe as unicast again
ebpf: verifier: check that call reg with ARG_ANYTHING is initialized
lib: memzero_explicit: use barrier instead of OPTIMIZER_HIDE_VAR
wl18xx: show rx_frames_per_rates as an array as it really is
crypto: omap-aes - Fix support for unequal lengths
C6x: time: Ensure consistency in __init
memstick: mspro_block: add missing curly braces
drivers: platform: parse IRQ flags from resources
driver core: bus: Goto appropriate labels on failure in bus_add_device
netfilter: bridge: really save frag_max_size between PRE and POST_ROUTING
Linux 3.19.7

The following patch from 3.19.7 was already applied in the Vivid kernel:

powerpc/perf: Cap 64bit userspace backtraces to PERF_MAX_STACK_DEPTH

The following patch from 3.19.7 was dropped as it introduces a regression (see comment #1 and #2):

md/raid0: fix bug with chunksize not a power of 2.

See original description

CVE References

Luis Henriques (henrix)
tags: added: kernel-stable-tracking-bug
Luis Henriques (henrix)
description: updated
Changed in linux (Ubuntu Vivid):
assignee: nobody → Luis Henriques (henrix)
Changed in linux (Ubuntu):
status: New → Invalid
Luis Henriques (henrix)
Changed in linux (Ubuntu Vivid):
status: New → Fix Committed
Revision history for this message
Florian W. (florian-will) wrote :

This kernel (3.19.7), as well as the SRU-proposed 3.19.8, is also affected by the ext+raid0+trim "chunksize not a power of 2 patch"-regression that causes severe data loss. So I certainly don't want this patch to land on my trusty system with -lts-vivid kernel. :)

https://lkml.org/lkml/2015/5/21/167

Revision history for this message
Luis Henriques (henrix) wrote :

Thank you for bringing this to our attention, Florian. I will follow up on this issue (both for vivid update to 3.19.7 and utopic update to 3.16.7-ckt11, bug #1454202). The commit that introduced the issue was upstream 47d68979cc96 ("md/raid0: fix bug with chunksize not a power of 2.").

Unfortunately, the fix (http://git.neil.brown.name/?p=md.git;a=commitdiff;h=a81157768a00e8cf8a7b43b5ea5cac931262374f) isn't currently in Linus' tree yet, so we will likely drop commit 47d68979cc96 from both vivid and utopic.

Again, thanks a lot!

Luis Henriques (henrix)
description: updated
Revision history for this message
Launchpad Janitor (janitor) wrote :
Download full text (16.0 KiB)

This bug was fixed in the package linux - 3.19.0-20.20

---------------
linux (3.19.0-20.20) vivid; urgency=low

  [ Luis Henriques ]

  * Release Tracking Bug
    - LP: #1459957
  * Revert "SAUCE: Call i915_bpo specific functions from the hda driver"
    - LP: #1457369

linux (3.19.0-19.19) vivid; urgency=low

  [ Brad Figg ]

  * Release Tracking Bug
    - LP: #1458964

  [ Duc Dang ]

  * SAUCE: (no-up) [PCIE] APM X-Gene: Remove debug messages in MSI
    interrupt handler path.
    - LP: #1451593

  [ Luis Henriques ]

  * [Config] updateconfigs for 3.19.7 stable update

  [ Paolo Pisati ]

  * [Config] armhf: CPUFREQ_DT=y
    - LP: #1457781
  * annotations: enforce CPUFREQ_DT
    - LP: #1457781

  [ Tanmay Inamdar ]

  * SAUCE: (no-up) Add MSI/MSI-X driver for APM PCI bus
    - LP: #1451593

  [ Timo Aaltonen ]

  * SAUCE: i915_bpo: Rebase to v4.1-rc4.
    - LP: #1456123
  * SAUCE: i915_bpo: Revert dma-buf: cleanup dma_buf_export() to make it
    easily extensible
    - LP: #1456123

  [ Tuan Phan ]

  * SAUCE: (no-up) pci-xgene-msi: fixed deadlock in irq_set_affinity
    - LP: #1451593

  [ Upstream Kernel Changes ]

  * Revert "nfs: replace nfs_add_stats with nfs_inc_stats when add one"
    - LP: #1454699
  * cpufreq: powernv: Report cpu frequency throttling
    - LP: #1452547
  * x86: kvm: Revert "remove sched notifier for cross-cpu migrations"
    - LP: #1450584
  * x86: vdso: fix pvclock races with task migration
    - LP: #1450584
  * ip_forward: Drop frames with attached skb->sk
    - LP: #1454699
  * net: add skb_checksum_complete_unset
    - LP: #1454699
  * ppp: call skb_checksum_complete_unset in ppp_receive_frame
    - LP: #1454699
  * tcp: fix possible deadlock in tcp_send_fin()
    - LP: #1454699
  * tcp: avoid looping in tcp_send_fin()
    - LP: #1454699
  * net: do not deplete pfmemalloc reserve
    - LP: #1454699
  * net: fix crash in build_skb()
    - LP: #1454699
  * pxa168: fix double deallocation of managed resources
    - LP: #1454699
  * net/mlx4_en: Prevent setting invalid RSS hash function
    - LP: #1454699
  * md: fix md io stats accounting broken
    - LP: #1454699
  * x86/asm/decoder: Fix and enforce max instruction size in the insn
    decoder
    - LP: #1454699
  * sched/idle/x86: Restore mwait_idle() to fix boot hangs, to improve
    power savings and to improve performance
    - LP: #1454699
  * sched/idle/x86: Optimize unnecessary mwait_idle() resched IPIs
    - LP: #1454699
  * perf/x86/intel: Fix Core2,Atom,NHM,WSM cycles:pp events
    - LP: #1454699
  * KVM: x86: Fix MSR_IA32_BNDCFGS in msrs_to_save
    - LP: #1454699
  * Btrfs: fix log tree corruption when fs mounted with -o discard
    - LP: #1454699
  * btrfs: don't accept bare namespace as a valid xattr
    - LP: #1454699
  * Btrfs: fix inode eviction infinite loop after cloning into it
    - LP: #1454699
  * Btrfs: fix inode eviction infinite loop after extent_same ioctl
    - LP: #1454699
  * usb: gadget: printer: enqueue printer's response for setup request
    - LP: #1454699
  * KVM: s390: fix handling of write errors in the tpi handler
    - LP: #1454699
  * KVM: s390: reinjection of irqs can fail in the tpi handler
    - LP: #1454699
  * KVM:...

Changed in linux (Ubuntu):
status: Invalid → Fix Released
Launchpad Janitor (janitor)
Changed in linux (Ubuntu Vivid):
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.