This bug was fixed in the package linux - 4.10.0-26.30 --------------- linux (4.10.0-26.30) zesty; urgency=low * linux: 4.10.0-26.30 -proposed tracker (LP: #1700528) * CVE-2017-1000364 - Revert "UBUNTU: SAUCE: mm: Only expand stack if guard area is hit" - Revert "mm: do not collapse stack gap into THP" - Revert "mm: enlarge stack guard gap" - mm: larger stack guard gap, between vmas - mm: fix new crash in unmapped_area_topdown() - Allow stack to grow up to address space limit linux (4.10.0-25.29) zesty; urgency=low * linux: 4.10.0-25.29 -proposed tracker (LP: #1699028) * CVE-2017-1000364 - SAUCE: mm: Only expand stack if guard area is hit * CVE-2017-9074 - ipv6: Prevent overrun when parsing v6 header options - ipv6: Check ip6_find_1stfragopt() return value properly. * [Zesty] QDF2400 ARM64 server - NMI watchdog: BUG: soft lockup - CPU#8 stuck for 22s! (LP: #1680549) - iommu/dma: Stop getting dma_32bit_pfn wrong - iommu/dma: Implement PCI allocation optimisation - iommu/dma: Convert to address-based allocation - iommu/dma: Clean up MSI IOVA allocation - iommu/dma: Plumb in the per-CPU IOVA caches - iommu/iova: Fix underflow bug in __alloc_and_insert_iova_range * Zesty update to 4.10.17 stable release (LP: #1692898) - xen: adjust early dom0 p2m handling to xen hypervisor behavior - target: Fix compare_and_write_callback handling for non GOOD status - target/fileio: Fix zero-length READ and WRITE handling - iscsi-target: Set session_fall_back_to_erl0 when forcing reinstatement - usb: xhci: bInterval quirk for TI TUSB73x0 - usb: host: xhci: print correct command ring address - USB: serial: ftdi_sio: add device ID for Microsemi/Arrow SF2PLUS Dev Kit - USB: Proper handling of Race Condition when two USB class drivers try to call init_usb_class simultaneously - USB: Revert "cdc-wdm: fix "out-of-sync" due to missing notifications" - staging: vt6656: use off stack for in buffer USB transfers. - staging: vt6656: use off stack for out buffer USB transfers. - staging: gdm724x: gdm_mux: fix use-after-free on module unload - staging: wilc1000: Fix problem with wrong vif index - staging: comedi: jr3_pci: fix possible null pointer dereference - staging: comedi: jr3_pci: cope with jiffies wraparound - usb: misc: add missing continue in switch - usb: gadget: legacy gadgets are optional - usb: Make sure usb/phy/of gets built-in - usb: hub: Fix error loop seen after hub communication errors - usb: hub: Do not attempt to autosuspend disconnected devices - x86/boot: Fix BSS corruption/overwrite bug in early x86 kernel startup - selftests/x86/ldt_gdt_32: Work around a glibc sigaction() bug - x86, pmem: Fix cache flushing for iovec write < 8 bytes - um: Fix PTRACE_POKEUSER on x86_64 - perf/x86: Fix Broadwell-EP DRAM RAPL events - KVM: x86: fix user triggerable warning in kvm_apic_accept_events() - KVM: arm/arm64: fix races in kvm_psci_vcpu_on - arm64: KVM: Fix decoding of Rt/Rt2 when trapping AArch32 CP accesses - block: fix blk_integrity_register to use template's interval_exp if not 0 - crypto: s5p-sss - Close possible race for completed requests - crypto: algif_aead - Require setkey before accept(2) - crypto: ccp - Use only the relevant interrupt bits - crypto: ccp - Disable interrupts early on unload - crypto: ccp - Change ISR handler method for a v3 CCP - crypto: ccp - Change ISR handler method for a v5 CCP - dm crypt: rewrite (wipe) key in crypto layer using random data - dm era: save spacemap metadata root after the pre-commit - dm rq: check blk_mq_register_dev() return value in dm_mq_init_request_queue() - dm thin: fix a memory leak when passing discard bio down - vfio/type1: Remove locked page accounting workqueue - iov_iter: don't revert iov buffer if csum error - IB/core: Fix sysfs registration error flow - IB/core: For multicast functions, verify that LIDs are multicast LIDs - IB/IPoIB: ibX: failed to create mcg debug file - IB/mlx4: Fix ib device initialization error flow - IB/mlx4: Reduce SRIOV multicast cleanup warning message to debug level - IB/hfi1: Prevent kernel QP post send hard lockups - perf auxtrace: Fix no_size logic in addr_filter__resolve_kernel_syms() - perf annotate s390: Fix perf annotate error -95 (4.10 regression) - perf annotate s390: Implement jump types for perf annotate - jbd2: fix dbench4 performance regression for 'nobarrier' mounts - ext4: evict inline data when writing to memory map - orangefs: fix bounds check for listxattr - orangefs: clean up oversize xattr validation - orangefs: do not set getattr_time on orangefs_lookup - orangefs: do not check possibly stale size on truncate - fs/xattr.c: zero out memory copied to userspace in getxattr - ceph: fix memory leak in __ceph_setxattr() - fs/block_dev: always invalidate cleancache in invalidate_bdev() - mm: prevent potential recursive reclaim due to clearing PF_MEMALLOC - Fix match_prepath() - Set unicode flag on cifs echo request to avoid Mac error - SMB3: Work around mount failure when using SMB3 dialect to Macs - CIFS: fix mapping of SFM_SPACE and SFM_PERIOD - cifs: fix leak in FSCTL_ENUM_SNAPS response handling - cifs: fix CIFS_ENUMERATE_SNAPSHOTS oops - CIFS: fix oplock break deadlocks - cifs: fix CIFS_IOC_GET_MNT_INFO oops - CIFS: add misssing SFM mapping for doublequote - ovl: do not set overlay.opaque on non-dir create - padata: free correct variable - md/raid1: avoid reusing a resync bio after error handling. - device-dax: fix cdev leak - device-dax: fix sysfs attribute deadlock - dax: prevent invalidation of mapped DAX entries - mm: fix data corruption due to stale mmap reads - f2fs: fix fs corruption due to zero inode page - fscrypt: fix context consistency check when key(s) unavailable - serial: samsung: Use right device for DMA-mapping calls - serial: omap: fix runtime-pm handling on unbind - serial: omap: suspend device on probe errors - tty: pty: Fix ldisc flush after userspace become aware of the data already - Bluetooth: Fix user channel for 32bit userspace on 64bit kernel - Bluetooth: hci_bcm: add missing tty-device sanity check - Bluetooth: hci_intel: add missing tty-device sanity check - libnvdimm, region: fix flush hint detection crash - libnvdimm, pmem: fix a NULL pointer BUG in nd_pmem_notify - libnvdimm: fix nvdimm_bus_lock() vs device_lock() ordering - libnvdimm, pfn: fix 'npfns' vs section alignment - pstore: Shut down worker when unregistering - Linux 4.10.17 * [SRU][Zesty] Support SMMU passthrough using the default domain (LP: #1688158) - iommu/arm-smmu: Restrict domain attributes to UNMANAGED domains - iommu/arm-smmu: Install bypass S2CRs for IOMMU_DOMAIN_IDENTITY domains - iommu/arm-smmu-v3: Make arm_smmu_install_ste_for_dev return void - iommu: Rename iommu_get_instance() - iommu: Rename struct iommu_device - iommu: Introduce new 'struct iommu_device' - iommu: Add sysfs bindings for struct iommu_device - iommu: Make iommu_device_link/unlink take a struct iommu_device - iommu: Add iommu_device_set_fwnode() interface - iommu/arm-smmu: Make use of the iommu_register interface - iommu/arm-smmu-v3: Install bypass STEs for IOMMU_DOMAIN_IDENTITY domains - iommu: Allow default domain type to be set on the kernel command line - arm64: dma-mapping: Only swizzle DMA ops for IOMMU_DOMAIN_DMA - iommu/vt-d: Fix crash on boot when DMAR is disabled * Enable Matrox driver for Ubuntu 16.04.3 (LP: #1693337) - [Config] Enable CONFIG_DRM_MGAG200 as module - drm/mgag200: Added support for the new device G200eH3 * Ubuntu16.04.03: POWER9 XIVE: msgsnd/doorbell IPI support (backport) (LP: #1691973) - powerpc/64s: Add msgp facility unavailable log string - powerpc/64s: Add SCV FSCR bit for ISA v3.0 - powerpc/xmon: Dump memory in CPU endian format - powerpc/xive: Native exploitation of the XIVE interrupt controller - powerpc: Change the doorbell IPI calling convention - powerpc: Introduce msgsnd/doorbell barrier primitives - powerpc/64s: Avoid a branch for ppc_msgsnd - powerpc/powernv: POWER9 support for msgsnd/doorbell IPI - powerpc: Add optional smp_ops->prepare_cpu SMP callback - powerpc: Add more PPC bit conversion macros - powerpc/powernv: Add XIVE related definitions to opal-api.h - powerpc/smp: Remove migrate_irq() custom implementation - powerpc/powernv: Fix oops on P9 DD1 in cause_ipi() - (config) Update configs with PPC_XIVE options * CVE-2017-100363 - char: lp: fix possible integer overflow in lp_setup() * CVE-2017-9242 - ipv6: fix out of bound writes in __ip6_append_data() * CVE-2017-9075 - sctp: do not inherit ipv6_{mc|ac|fl}_list from parent * CVE-2017-9076 - ipv6/dccp: do not inherit ipv6_mc_list from parent * CVE-2017-9077 - ipv6/dccp: do not inherit ipv6_mc_list from parent * CVE-2017-8890 - dccp/tcp: do not inherit mc_list from parent * Module signing exclusion for staging drivers does not work properly (LP: #1690908) - SAUCE: Fix module signing exclusion in package builds * extend-diff-ignore should use exact matches (LP: #1693504) - [Packaging] exact extend-diff-ignore matches * Marvell MacchiatoBin crashes in fintek_8250_probe() (LP: #1692548) - drivers/tty: 8250: only call fintek_8250_probe when doing port I/O * arm-smmu arm-smmu.2.auto: Unhandled context fault (LP: #1694506) - net: thunderx: Fix IOMMU translation faults * arm64: mbigen updates (LP: #1692783) - Revert "UBUNTU: SAUCE: irqchip: mbigen: Add ACPI support" - irqchip/mbigen: Add ACPI support - irqchip/mbigen: Fix return value check in mbigen_device_probe() - irqchip/mbigen: Fix memory mapping code - irqchip/mbigen: Fix potential NULL dereferencing - irqchip/mbigen: Fix the clear register offset calculation * System doesn't boot properly on Gigabyte AM4 motherboards (AMD Ryzen) (LP: #1671360) - pinctrl: amd: make use of raw_spinlock variants - pinctrl/amd: Use regular interrupt instead of chained * PowerPC: Pstore dump for powerpc is broken (LP: #1691045) - pstore: Fix flags to enable dumps on powerpc * Dell Inspiron on kernel 4.10 : battery detected only after AC power adapter event (LP: #1678590) - ACPI / blacklist: add _REV quirk for Dell Inspiron 7537 * APST quirk needed for Intel NVMe (LP: #1686592) - nvme: Quirk APST on Intel 600P/P3100 devices * Merlin SGMII fail on Ubuntu Xenial HWE kernel (LP: #1686305) - drivers: net: phy: xgene: Fix mdio write * Zesty update to 4.10.16 stable release (LP: #1691369) - 9p: fix a potential acl leak - drm/sti: fix GDP size to support up to UHD resolution - hwmon: (it87) Fix pwm4 detection for IT8620 and IT8628 - mtd: nand: Add OX820 NAND hardware dependency - tpm: fix RC value check in tpm2_seal_trusted - tmp: use pdev for parent device in tpm_chip_alloc - crypto: caam - fix error path for ctx_dma mapping failure - crypto: caam - don't dma_map key for hash algorithms - power: supply: lp8788: prevent out of bounds array access - cpupower: Fix turbo frequency reporting for pre-Sandy Bridge cores - powerpc/perf: Fix perf_get_data_addr() for power9 DD1 - powerpc/perf: Handle sdar_mode for marked event in power9 - powerpc/mm: Fixup wrong LPCR_VRMASD value - powerpc/powernv: Fix opal_exit tracepoint opcode - powerpc/mm: Fix build break when CMA=n && SPAPR_TCE_IOMMU=y - powerpc/ftrace: Fix confusing help text for DISABLE_MPROFILE_KERNEL - powerpc: Correctly disable latent entropy GCC plugin on prom_init.o - power: supply: bq24190_charger: Fix irq trigger to IRQF_TRIGGER_FALLING - power: supply: bq24190_charger: Call set_mode_host() on pm_resume() - power: supply: bq24190_charger: Install irq_handler_thread() at end of probe() - power: supply: bq24190_charger: Call power_supply_changed() for relevant component - power: supply: bq24190_charger: Don't read fault register outside irq_handle_thread() - power: supply: bq24190_charger: Handle fault before status on interrupt - arm64: dts: r8a7795: Mark EthernetAVB device node disabled - arm: dts: qcom: Fix ipq board clock rates - arm64: remove wrong CONFIG_PROC_SYSCTL ifdef - arm64: Improve detection of user/non-user mappings in set_pte(_at) - spi: armada-3700: Remove spi_master_put in a3700_spi_remove() - leds: ktd2692: avoid harmless maybe-uninitialized warning - ARM: pxa: ezx: fix a910 camera data - ARM: dts: NSP: GPIO reboot open-source - ARM: dts: imx6sx-udoo-neo: Fix reboot hang - ARM: OMAP5 / DRA7: Fix HYP mode boot for thumb2 build - ARM: OMAP3: Fix smartreflex platform data regression - ARM: dts: am57xx-idk: tpic2810 is on I2C bus, not SPI - ARM: dts: sun7i: lamobo-r1: Fix CPU port RGMII settings - mwifiex: debugfs: Fix (sometimes) off-by-1 SSID print - mwifiex: remove redundant dma padding in AMSDU - mwifiex: Avoid skipping WEP key deletion for AP - mwifiex: don't enable/disable IRQ 0 during suspend/resume - mwifiex: set adapter->dev before starting to use mwifiex_dbg() - iwlwifi: mvm: properly check for transport data in dump - iwlwifi: mvm: don't restart HW if suspend fails with unified image - iwlwifi: mvm: overwrite skb info later - iwlwifi: pcie: don't increment / decrement a bool - iwlwifi: pcie: trans: Remove unused 'shift_param' - iwlwifi: pcie: fix the set of DMA memory mask - iwlwifi: mvm: fix reorder timer re-arming - iwlwifi: mvm: Use aux queue for offchannel frames in dqa - iwlwifi: mvm/pcie: adjust A-MSDU tx_cmd length in PCIe - iwlwifi: mvm: fix pending frame counter calculation - iwlwifi: mvm: fix references to first_agg_queue in DQA mode - iwlwifi: mvm: synchronize firmware DMA paging memory - iwlwifi: mvm: writing zero bytes to debugfs causes a crash - iwlwifi: mvm: fix accessing fw_id_to_mac_id - x86/ioapic: Restore IO-APIC irq_chip retrigger callback - x86/pci-calgary: Fix iommu_free() comparison of unsigned expression >= 0 - x86/mpx: Re-add MPX to selftests Makefile - clk: Make x86/ conditional on CONFIG_COMMON_CLK - platform/x86: intel_pmc_core: fix out-of-bounds accesses on stack - kprobes/x86: Fix kernel panic when certain exception-handling addresses are probed - x86/platform/intel-mid: Correct MSI IRQ line for watchdog device - Revert "KVM: nested VMX: disable perf cpuid reporting" - KVM: nVMX: initialize PML fields in vmcs02 - KVM: nVMX: do not leak PML full vmexit to L1 - usb: dwc2: host: use msleep() for long delay - usb: host: ehci-exynos: Decrese node refcount on exynos_ehci_get_phy() error paths - usb: host: ohci-exynos: Decrese node refcount on exynos_ehci_get_phy() error paths - usb: chipidea: Only read/write OTGSC from one place - usb: chipidea: Handle extcon events properly - USB: serial: keyspan_pda: fix receive sanity checks - USB: serial: digi_acceleport: fix incomplete rx sanity check - USB: serial: ssu100: fix control-message error handling - USB: serial: io_edgeport: fix epic-descriptor handling - USB: serial: ti_usb_3410_5052: fix control-message error handling - USB: serial: ark3116: fix open error handling - USB: serial: ftdi_sio: fix latency-timer error handling - USB: serial: quatech2: fix control-message error handling - USB: serial: mct_u232: fix modem-status error handling - USB: serial: ch341: fix modem-status handling - USB: serial: io_edgeport: fix descriptor error handling - clk: rockchip: add "," to mux_pll_src_apll_dpll_gpll_usb480m_p on rk3036 - phy: qcom-usb-hs: Add depends on EXTCON - serial: 8250_omap: Fix probe and remove for PM runtime - scsi: qedi: Fix possible memory leak in qedi_iscsi_update_conn() - scsi: qedi: fix build error without DEBUG_FS - scsi: qla2xxx: Fix crash in qla2xxx_eh_abort on bad ptr - scsi: mac_scsi: Fix MAC_SCSI=m option when SCSI=m - scsi: smartpqi: fix time handling - MIPS: R2-on-R6 MULTU/MADDU/MSUBU emulation bugfix - brcmfmac: Ensure pointer correctly set if skb data location changes - brcmfmac: Make skb header writable before use - staging/lustre/llite: move root_squash from sysfs to debugfs - staging: wlan-ng: add missing byte order conversion - staging: emxx_udc: remove incorrect __init annotations - staging: lustre: ptlrpc: avoid warning on missing return - ALSA: hda - Fix deadlock of controller device lock at unbinding - sparc64: fix fault handling in NGbzero.S and GENbzero.S - tcp: do not underestimate skb->truesize in tcp_trim_head() - net: adjust skb->truesize in ___pskb_trim() - net: macb: fix phy interrupt parsing - geneve: fix incorrect setting of UDP checksum flag - bpf: enhance verifier to understand stack pointer arithmetic - bpf, arm64: fix jit branch offset related to ldimm64 - tcp: fix wraparound issue in tcp_lp - net: ipv6: Do not duplicate DAD on link up - net: usb: qmi_wwan: add Telit ME910 support - tcp: do not inherit fastopen_req from parent - ipv4, ipv6: ensure raw socket message is big enough to hold an IP header - rtnetlink: NUL-terminate IFLA_PHYS_PORT_NAME string - ipv6: initialize route null entry in addrconf_init() - ipv6: reorder ip6_route_dev_notifier after ipv6_dev_notf - bnxt_en: allocate enough space for ->ntp_fltr_bmap - bpf: don't let ldimm64 leak map addresses on unprivileged - net: mdio-mux: bcm-iproc: call mdiobus_free() in error path - openvswitch: Set internal device max mtu to ETH_MAX_MTU. - f2fs: sanity check segment count - xen: Revert commits da72ff5bfcb0 and 72a9b186292d - drm/hisilicon/hibmc: Fix wrong pointer passed to PTR_ERR() - drm: mxsfb: drm_dev_alloc() returns error pointers - drm/ttm: fix use-after-free races in vm fault handling - block: get rid of blk_integrity_revalidate() - Linux 4.10.16 - [Config] Remove CONFIG_MTD_NAND_OXNAS=m - Ignore missing oxnas_nand * Keyboard backlight control does not work on some dell laptops. (LP: #1693126) - platform/x86: dell-laptop: Add Latitude 7480 and others to the DMI whitelist - platform/x86: dell-laptop: Add keyboard backlight timeout AC settings * Hardware transaction memory corruption (LP: #1691477) - powerpc/tm: Fix FP and VMX register corruption * Offlined CPUs of a core fail to come up online on POWER9 DD1 (Ubuntu 17.04) (LP: #1685792) - powerpc/powernv: Move CPU-Offline idle state invocation from smp.c to idle.c - powerpc/powernv/smp: Add busy-wait loop as fall back for CPU-Hotplug - powerpc/powernv/idle: Don't override default/deepest directly in kernel - powerpc/powernv: Recover correct PACA on wakeup from a stop on P9 DD1 * [Regression] NUMA_BALANCING disabled on arm64 (LP: #1690914) - [Config] CONFIG_NUMA_BALANCING{,_DEFAULT_ENABLED}=y on arm64 * ATS fix: Fix opal_npu_destroy_context call (LP: #1692580) - powerpc/powernv/npu-dma.c: Fix opal_npu_destroy_context() call * powerpc/powernv: Introduce address translation services for Nvlink2 (LP: #1690412) - powerpc/powernv: Require MMU_NOTIFIER to fix NPU build - drivers/of/base.c: Add of_property_read_u64_index - powerpc/powernv: Add sanity checks to pnv_pci_get_{gpu|npu}_dev - powerpc/powernv: Introduce address translation services for Nvlink2 * exec'ing a setuid binary from a threaded program sometimes fails to setuid (LP: #1672819) - SAUCE: exec: ensure file system accounting in check_unsafe_exec is correct -- Juerg Haefliger