Xenial update to 4.4.78 stable release

Bug #1705707 reported by Stefan Bader on 2017-07-21
This bug affects 1 person
Affects Status Importance Assigned to Milestone
linux (Ubuntu)
Stefan Bader

Bug Description

SRU Justification

       The upstream process for stable tree updates is quite similar
       in scope to the Ubuntu SRU process, e.g., each patch has to
       demonstrably fix a bug, and each patch is vetted by upstream
       by originating either directly from a mainline/stable Linux tree or
       a minimally backported form of that patch. The 4.4.78 upstream stable
       patch set is now available. It should be included in the Ubuntu
       kernel as well.



The following patches from the 4.4.78 stable release shall be applied:
* net_sched: fix error recovery at qdisc creation
* net: sched: Fix one possible panic when no destroy callback
* net/phy: micrel: configure intterupts after autoneg workaround
* ipv6: avoid unregistering inet6_dev for loopback
* net: dp83640: Avoid NULL pointer dereference.
* tcp: reset sk_rx_dst in tcp_disconnect()
* net: prevent sign extension in dev_get_stats()
* bpf: prevent leaking pointer via xadd on unpriviledged
* net: handle NAPI_GRO_FREE_STOLEN_HEAD case also in napi_frags_finish()
* ipv6: dad: don't remove dynamic addresses if link is down
* net: ipv6: Compare lwstate in detecting duplicate nexthops
* vrf: fix bug_on triggered by rx when destroying a vrf
* rds: tcp: use sock_create_lite() to create the accept socket
* brcmfmac: fix possible buffer overflow in brcmf_cfg80211_mgmt_tx()
* cfg80211: Define nla_policy for NL80211_ATTR_LOCAL_MESH_POWER_MODE
* cfg80211: Validate frequencies nested in NL80211_ATTR_SCAN_FREQUENCIES
* cfg80211: Check if PMKID attribute is of expected size
* irqchip/gic-v3: Fix out-of-bound access in gic_set_affinity
* parisc: Report SIGSEGV instead of SIGBUS when running out of stack
* parisc: use compat_sys_keyctl()
* parisc: DMA API: return error instead of BUG_ON for dma ops on non dma devs
* parisc/mm: Ensure IRQs are off in switch_mm()
* tools/lib/lockdep: Reduce MAX_LOCK_DEPTH to avoid overflowing
  lock_chain/: Depth
* kernel/extable.c: mark core_kernel_text notrace
* mm/list_lru.c: fix list_lru_count_node() to be race free
* fs/dcache.c: fix spin lockup issue on nlru->lock
* checkpatch: silence perl 5.26.0 unescaped left brace warnings
* binfmt_elf: use ELF_ET_DYN_BASE only for PIE
* arm: move ELF_ET_DYN_BASE to 4MB
* arm64: move ELF_ET_DYN_BASE to 4GB / 4MB
* powerpc: move ELF_ET_DYN_BASE to 4GB / 4MB
* s390: reduce ELF_ET_DYN_BASE
* exec: Limit arg stack to at most 75% of _STK_LIM
* vt: fix unchecked __put_user() in tioclinux ioctls
* mnt: In umount propagation reparent in a separate pass
* mnt: In propgate_umount handle visiting mounts in any order
* mnt: Make propagate_umount less slow for overlapping mount propagation
* selftests/capabilities: Fix the test_execve test
* tpm: Get rid of chip->pdev
* tpm: Provide strong locking for device removal
* Add "shutdown" to "struct class".
* tpm: Issue a TPM2_Shutdown for TPM2 devices.
* mm: fix overflow check in expand_upwards()
* crypto: talitos - Extend max key length for SHA384/512-HMAC and AEAD
* crypto: atmel - only treat EBUSY as transient if backlog
* crypto: sha1-ssse3 - Disable avx2
* crypto: caam - fix signals handling
* sched/topology: Fix overlapping sched_group_mask
* sched/topology: Optimize build_group_mask()
* PM / wakeirq: Convert to SRCU
* PM / QoS: return -EINVAL for bogus strings
* tracing: Use SOFTIRQ_OFFSET for softirq dectection for more accurate
* KVM: x86: disable MPX if host did not enable MPX XSAVE features
* kvm: vmx: Do not disable intercepts for BNDCFGS
* kvm: x86: Guest BNDCFGS requires guest MPX support
* kvm: vmx: Check value written to IA32_BNDCFGS
* kvm: vmx: allow host to access guest MSR_IA32_BNDCFGS
* Linux 4.4.78

Stefan Bader (smb) on 2017-07-21
tags: added: kernel-stable-tracking-bug
Changed in linux (Ubuntu Xenial):
assignee: nobody → Stefan Bader (smb)
importance: Undecided → Medium
status: New → In Progress
Stefan Bader (smb) wrote :

"net_sched: fix error recovery at qdisc creation" applied with fuzz2 in net/sched/sch_mqprio.c hunk#2.

"tpm: Get rid of chip->pdev" required manual backport for drivers/char/tpm/tpm_tis.c as we carry deviations for bug #1398274 "[Feature] TPM2.0 kernel support".

"KVM: x86: disable MPX if host did not enable MPX XSAVE features" required fuzz 2 in arch/x86/kvm/vmx.c hunk #1.

description: updated
Changed in linux (Ubuntu Xenial):
status: In Progress → Fix Committed
Launchpad Janitor (janitor) wrote :
Download full text (16.2 KiB)

This bug was fixed in the package linux - 4.4.0-93.116

linux (4.4.0-93.116) xenial; urgency=low

  * linux: 4.4.0-93.116 -proposed tracker (LP: #1709296)

  * Creating conntrack entry failure with kernel 4.4.0-89 (LP: #1709032)
    - Revert "Revert "netfilter: synproxy: fix conntrackd interaction""
    - netfilter: nf_ct_ext: fix possible panic after nf_ct_extend_unregister

  * CVE-2017-1000112
    - Revert "udp: consistently apply ufo or fragmentation"
    - udp: consistently apply ufo or fragmentation

  * CVE-2017-1000111
    - Revert "net-packet: fix race in packet_set_ring on PACKET_RESERVE"
    - packet: fix tp_reserve race in packet_set_ring

  * kernel BUG at [tty_ldisc_reinit] mm/slub.c! (LP: #1709126)
    - tty: Simplify tty_set_ldisc() exit handling
    - tty: Reset c_line from driver's init_termios
    - tty: Handle NULL tty->ldisc
    - tty: Move tty_ldisc_kill()
    - tty: Use 'disc' for line discipline index name
    - tty: Refactor tty_ldisc_reinit() for reuse
    - tty: Destroy ldisc instance on hangup

  * atheros bt failed after S3 (LP: #1706833)
    - SAUCE: Bluetooth: Make request workqueue freezable

  * The Precision Touchpad(PTP) button sends incorrect event code (LP: #1708372)
    - HID: multitouch: handle external buttons for Precision Touchpads

  * Set CONFIG_SATA_HIGHBANK=y on armhf (LP: #1703430)

  * xfs slab objects (memory) leak when xfs shutdown is called (LP: #1706132)
    - xfs: fix xfs_log_ticket leak in xfs_end_io() after fs shutdown

  * Adt tests of src:linux time out often on armhf lxc containers (LP: #1705495)
    - [Packaging] tests -- reduce rebuild test to one flavour

  * CVE-2017-7495
    - ext4: fix data exposure after a crash

  * ubuntu/rsi driver downlink wifi throughput drops to 5-6 Mbps when BT
    keyboard is connected (LP: #1706991)
    - SAUCE: Redpine: enable power save by default for coex mode
    - SAUCE: Redpine: uapsd configuration changes

  * [Hyper-V] hv_netvsc: Exclude non-TCP port numbers from vRSS hashing
    (LP: #1690174)
    - hv_netvsc: Exclude non-TCP port numbers from vRSS hashing

  * ath10k doesn't report full RSSI information (LP: #1706531)
    - ath10k: add per chain RSSI reporting

  * ideapad_laptop don't support v310-14isk (LP: #1705378)
    - platform/x86: ideapad-laptop: Add several models to no_hw_rfkill

  * [8087:0a2b] Failed to load bluetooth firmware(might affect some other Intel
    bt devices) (LP: #1705633)
    - Bluetooth: btintel: Create common Intel Version Read function
    - Bluetooth: Use switch statement for Intel hardware variants
    - Bluetooth: Replace constant hw_variant from Intel Bluetooth firmware
    - Bluetooth: hci_intel: Fix firmware file name to use hw_variant
    - Bluetooth: btintel: Add MODULE_FIRMWARE entries for iBT 3.5 controllers

  * xhci_hcd: ERROR Transfer event TRB DMA ptr not part of current TD ep_index 2
    comp_code 13 (LP: #1667750)
    - xhci: Bad Ethernet performance plugged in ASM1042A host

  * OpenPower: Some multipaths temporarily have only a single path
    (LP: #1696445)
    - scsi: ses: don't get power status of SES device slot on probe


Changed in linux (Ubuntu Xenial):
status: Fix Committed → Fix Released
Justin King-Lacroix (justinkl) wrote :

Hi all,

The binfmt_elf change in https://github.com/torvalds/linux/commit/eab09532d40090698b05a07c1c87f39fdbc5fab5 broke Address Sanitizer. It was included in the Xenial (and Trusty-LTS-Xenial) kernel in this change. This broke us.

https://github.com/torvalds/linux/commit/c715b72c1ba406f133217b509044c38d8e714a37 reverts this change in order to unbreak Address Sanitizer. Any chance it can land soon? (Is there already a bug for this?)


I created another bug to track the Address Sanitizer issue: LP #1715636.

Hi @justinkl,

Could you please verify the fix for LP: #1715636?

Thank you.

Po-Hsu Lin (cypressyew) on 2019-10-03
Changed in linux (Ubuntu):
status: New → Won't Fix
status: Won't Fix → Invalid
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers