Xenial update to 4.4.70 stable release

Bug #1694621 reported by Stefan Bader on 2017-05-31
10
This bug affects 1 person
Affects Status Importance Assigned to Milestone
linux (Ubuntu)
Undecided
Unassigned
Xenial
Medium
Stefan Bader

Bug Description

SRU Justification

    Impact:
       The upstream process for stable tree updates is quite similar
       in scope to the Ubuntu SRU process, e.g., each patch has to
       demonstrably fix a bug, and each patch is vetted by upstream
       by originating either directly from a mainline/stable Linux tree or
       a minimally backported form of that patch. The 4.4.70 upstream stable
       patch set is now available. It should be included in the Ubuntu
       kernel as well.

       git://git.kernel.org/

    TEST CASE: TBD

The following patches from the 4.4.70 stable release shall be applied:
* usb: misc: legousbtower: Fix buffers on stack
* usb: misc: legousbtower: Fix memory leak
* USB: ene_usb6250: fix DMA to the stack
* watchdog: pcwd_usb: fix NULL-deref at probe
* char: lp: fix possible integer overflow in lp_setup()
* USB: core: replace %p with %pK
* ARM: tegra: paz00: Mark panel regulator as enabled on boot
* tpm_crb: check for bad response size
* infiniband: call ipv6 route lookup via the stub interface
* dm btree: fix for dm_btree_find_lowest_key()
* dm raid: select the Kconfig option CONFIG_MD_RAID0
* dm bufio: avoid a possible ABBA deadlock
* dm bufio: check new buffer allocation watermark every 30 seconds
* dm cache metadata: fail operations if fail_io mode has been established
* dm bufio: make the parameter "retain_bytes" unsigned long
* dm thin metadata: call precommit before saving the roots
* dm space map disk: fix some book keeping in the disk space map
* md: update slab_cache before releasing new stripes when stripes resizing
* rtlwifi: rtl8821ae: setup 8812ae RFE according to device type
* mwifiex: pcie: fix cmd_buf use-after-free in remove/reset
* ima: accept previously set IMA_NEW_FILE
* KVM: x86: Fix load damaged SSEx MXCSR register
* KVM: X86: Fix read out-of-bounds vulnerability in kvm pio emulation
* regulator: tps65023: Fix inverted core enable logic.
* s390/kdump: Add final note
* s390/cputime: fix incorrect system time
* ath9k_htc: Add support of AirTies 1eda:2315 AR9271 device
* ath9k_htc: fix NULL-deref at probe
* drm/amdgpu: Avoid overflows/divide-by-zero in latency_watermark
  calculations.
* drm/amdgpu: Make display watermark calculations more accurate
* drm/nouveau/therm: remove ineffective workarounds for alarm bugs
* drm/nouveau/tmr: ack interrupt before processing alarms
* drm/nouveau/tmr: fix corruption of the pending list when rescheduling an
  alarm
* drm/nouveau/tmr: avoid processing completed alarms when adding a new one
* drm/nouveau/tmr: handle races with hw when updating the next alarm time
* cdc-acm: fix possible invalid access when processing notification
* proc: Fix unbalanced hard link numbers
* of: fix sparse warning in of_pci_range_parser_one
* iio: dac: ad7303: fix channel description
* pid_ns: Sleep in TASK_INTERRUPTIBLE in zap_pid_ns_processes
* pid_ns: Fix race between setns'ed fork() and zap_pid_ns_processes()
* USB: serial: ftdi_sio: fix setting latency for unprivileged users
* USB: serial: ftdi_sio: add Olimex ARM-USB-TINY(H) PIDs
* ext4 crypto: don't let data integrity writebacks fail with ENOMEM
* ext4 crypto: fix some error handling
* net: qmi_wwan: Add SIMCom 7230E
* fscrypt: fix context consistency check when key(s) unavailable
* f2fs: check entire encrypted bigname when finding a dentry
* fscrypt: avoid collisions when presenting long encrypted filenames
* usb: host: xhci-plat: propagate return value of platform_get_irq()
* xhci: apply PME_STUCK_QUIRK and MISSING_CAS quirk for Denverton
* usb: host: xhci-mem: allocate zeroed Scratchpad Buffer
* net: irda: irda-usb: fix firmware name on big-endian hosts
* usbvision: fix NULL-deref at probe
* mceusb: fix NULL-deref at probe
* ttusb2: limit messages to buffer size
* usb: musb: tusb6010_omap: Do not reset the other direction's packet size
* USB: iowarrior: fix info ioctl on big-endian hosts
* usb: serial: option: add Telit ME910 support
* USB: serial: qcserial: add more Lenovo EM74xx device IDs
* USB: serial: mct_u232: fix big-endian baud-rate handling
* USB: serial: io_ti: fix div-by-zero in set_termios
* USB: hub: fix SS hub-descriptor handling
* USB: hub: fix non-SS hub-descriptor handling
* ipx: call ipxitf_put() in ioctl error path
* iio: proximity: as3935: fix as3935_write
* ceph: fix recursion between ceph_set_acl() and __ceph_setattr()
* gspca: konica: add missing endpoint sanity check
* s5p-mfc: Fix unbalanced call to clock management
* dib0700: fix NULL-deref at probe
* zr364xx: enforce minimum size when reading header
* dvb-frontends/cxd2841er: define symbol_rate_min/max in T/C fe-ops
* cx231xx-audio: fix init error path
* cx231xx-audio: fix NULL-deref at probe
* cx231xx-cards: fix NULL-deref at probe
* powerpc/book3s/mce: Move add_taint() later in virtual mode
* powerpc/pseries: Fix of_node_put() underflow during DLPAR remove
* powerpc/64e: Fix hang when debugging programs with relocated kernel
* ARM: dts: at91: sama5d3_xplained: fix ADC vref
* ARM: dts: at91: sama5d3_xplained: not all ADC channels are available
* arm64: xchg: hazard against entire exchange variable
* arm64: uaccess: ensure extension of access_ok() addr
* arm64: documentation: document tagged pointer stack constraints
* xc2028: Fix use-after-free bug properly
* Revert "UBUNTU: SAUCE: mm: Respect FOLL_FORCE/FOLL_COW for thp"
* mm/huge_memory.c: respect FOLL_FORCE/FOLL_COW for thp
* staging: rtl8192e: fix 2 byte alignment of register BSSIDR.
* staging: rtl8192e: rtl92e_get_eeprom_size Fix read size of EPROM_CMD.
* iommu/vt-d: Flush the IOTLB to get rid of the initial kdump mappings
* metag/uaccess: Fix access_ok()
* metag/uaccess: Check access_ok in strncpy_from_user
* uwb: fix device quirk on big-endian hosts
* genirq: Fix chained interrupt data ordering
* osf_wait4(): fix infoleak
* tracing/kprobes: Enforce kprobes teardown after testing
* PCI: Fix pci_mmap_fits() for HAVE_PCI_RESOURCE_TO_USER platforms
* PCI: Freeze PME scan before suspending devices
* drm/edid: Add 10 bpc quirk for LGD 764 panel in HP zBook 17 G2
* nfsd: encoders mustn't use unitialized values in error cases
* drivers: char: mem: Check for address space wraparound with mmap()
* Linux 4.4.70

Stefan Bader (smb) on 2017-05-31
tags: added: kernel-stable-tracking-bug
Stefan Bader (smb) on 2017-05-31
Changed in linux (Ubuntu Xenial):
assignee: nobody → Stefan Bader (smb)
importance: Undecided → Medium
status: New → In Progress
Stefan Bader (smb) on 2017-05-31
description: updated
Stefan Bader (smb) wrote :

The following patches were skipped because we already carry them for bug #1687512 "Kernel panics on Xenial when using cgroups and strict CFS limits":
- sched/fair: Do not announce throttled next buddy in dequeue_task_fair()
- sched/fair: Initialize throttle_count for new task-groups lazily

Also "mm/huge_memory.c: respect FOLL_FORCE/FOLL_COW for thp" was applied as a SAUCE patch and was reverted and re-applied from this stable update.

Changed in linux (Ubuntu Xenial):
status: In Progress → Fix Committed
Launchpad Janitor (janitor) wrote :
Download full text (18.8 KiB)

This bug was fixed in the package linux - 4.4.0-83.106

---------------
linux (4.4.0-83.106) xenial; urgency=low

  * linux: 4.4.0-83.106 -proposed tracker (LP: #1700541)

  * CVE-2017-1000364
    - Revert "UBUNTU: SAUCE: mm: Only expand stack if guard area is hit"
    - Revert "mm: do not collapse stack gap into THP"
    - Revert "mm: enlarge stack guard gap"
    - mm: vma_adjust: remove superfluous confusing update in remove_next == 1 case
    - mm: larger stack guard gap, between vmas
    - mm: fix new crash in unmapped_area_topdown()
    - Allow stack to grow up to address space limit

linux (4.4.0-82.105) xenial; urgency=low

  * linux: 4.4.0-82.105 -proposed tracker (LP: #1699064)

  * CVE-2017-1000364
    - SAUCE: mm: Only expand stack if guard area is hit

  * linux-aws/linux-gke incorrectly producing and using linux-*-tools-
    common/linux-*-cloud-tools-common (LP: #1688579)
    - [Config] make linux-tools-common and linux-cloud-tools-common protection
      consistent

  * CVE-2017-9242
    - ipv6: fix out of bound writes in __ip6_append_data()

  * CVE-2017-9075
    - sctp: do not inherit ipv6_{mc|ac|fl}_list from parent

  * CVE-2017-9074
    - ipv6: Prevent overrun when parsing v6 header options

  * CVE-2017-9076
    - ipv6/dccp: do not inherit ipv6_mc_list from parent

  * CVE-2017-9077
    - ipv6/dccp: do not inherit ipv6_mc_list from parent

  * CVE-2017-8890
    - dccp/tcp: do not inherit mc_list from parent

  * Module signing exclusion for staging drivers does not work properly
    (LP: #1690908)
    - SAUCE: Fix module signing exclusion in package builds

  * extend-diff-ignore should use exact matches (LP: #1693504)
    - [Packaging] exact extend-diff-ignore matches

  * Dell XPS 9360 wifi 5G performance is poor (LP: #1692836)
    - SAUCE: ath10k: fix the wifi speed issue for kill 1535

  * Upgrade Redpine WLAN/BT driver to ver. 1.2.RC12 (LP: #1694607)
    - SAUCE: Redpine: Upgrade to ver. 1.2.RC12

  * [DP MST] No audio output through HDMI/DP/mDP ports in Dell WD15 and TB15
    docking stations (LP: #1694665)
    - drm/i915: Store port enum in intel_encoder
    - drm/i915: Eliminate redundant local variable definition
    - drm/i915: Switch to using port stored in intel_encoder
    - drm/i915: Move audio_connector to intel_encoder
    - drm/i915/dp: DP audio API changes for MST
    - drm/i915: abstract ddi being audio enabled
    - drm/i915/audio: extend get_saved_enc() to support more scenarios
    - drm/i915: enable dp mst audio

  * Xenial update to 4.4.70 stable release (LP: #1694621)
    - usb: misc: legousbtower: Fix buffers on stack
    - usb: misc: legousbtower: Fix memory leak
    - USB: ene_usb6250: fix DMA to the stack
    - watchdog: pcwd_usb: fix NULL-deref at probe
    - char: lp: fix possible integer overflow in lp_setup()
    - USB: core: replace %p with %pK
    - ARM: tegra: paz00: Mark panel regulator as enabled on boot
    - tpm_crb: check for bad response size
    - infiniband: call ipv6 route lookup via the stub interface
    - dm btree: fix for dm_btree_find_lowest_key()
    - dm raid: select the Kconfig option CONFIG_MD_RAID0
    - dm bufio: avoid a possible ABBA deadlock
    - dm bufio: check ...

Changed in linux (Ubuntu Xenial):
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers