Xenial update to 4.4.85 stable release

Bug #1714298 reported by Stefan Bader on 2017-08-31
10
This bug affects 1 person
Affects Status Importance Assigned to Milestone
linux (Ubuntu)
Undecided
Unassigned
Xenial
Medium
Stefan Bader

Bug Description

SRU Justification

    Impact:
       The upstream process for stable tree updates is quite similar
       in scope to the Ubuntu SRU process, e.g., each patch has to
       demonstrably fix a bug, and each patch is vetted by upstream
       by originating either directly from a mainline/stable Linux tree or
       a minimally backported form of that patch. The 4.4.85 upstream stable
       patch set is now available. It should be included in the Ubuntu
       kernel as well.

       git://git.kernel.org/

    TEST CASE: TBD

The following patches from the 4.4.85 stable release shall be applied:
* af_key: do not use GFP_KERNEL in atomic contexts
* dccp: purge write queue in dccp_destroy_sock()
* dccp: defer ccid_hc_tx_delete() at dismantle time
* ipv4: fix NULL dereference in free_fib_info_rcu()
* net_sched/sfq: update hierarchical backlog when drop packet
* ipv4: better IP_MAX_MTU enforcement
* sctp: fully initialize the IPv6 address in sctp_v6_to_addr()
* tipc: fix use-after-free
* ipv6: reset fn->rr_ptr when replacing route
* ipv6: repair fib6 tree in failure case
* tcp: when rearming RTO, if RTO time is in past then fire RTO ASAP
* irda: do not leak initialized list.dev to userspace
* net: sched: fix NULL pointer dereference when action calls some targets
* net_sched: fix order of queue length updates in qdisc_replace()
* mei: me: add broxton pci device ids
* mei: me: add lewisburg device ids
* Input: trackpoint - add new trackpoint firmware ID
* Input: elan_i2c - add ELAN0602 ACPI ID to support Lenovo Yoga310
* ALSA: core: Fix unexpected error at replacing user TLV
* ALSA: hda - Add stereo mic quirk for Lenovo G50-70 (17aa:3978)
* ARCv2: PAE40: Explicitly set MSB counterpart of SLC region ops addresses
* i2c: designware: Fix system suspend
* drm: Release driver tracking before making the object available again
* drm/atomic: If the atomic check fails, return its value first
* drm: rcar-du: lvds: Fix PLL frequency-related configuration
* drm: rcar-du: lvds: Rename PLLEN bit to PLLON
* drm: rcar-du: Fix crash in encoder failure error path
* drm: rcar-du: Fix display timing controller parameter
* drm: rcar-du: Fix H/V sync signal polarity configuration
* tracing: Fix freeing of filter in create_filter() when set_str is false
* cifs: Fix df output for users with quota limits
* cifs: return ENAMETOOLONG for overlong names in cifs_open()/cifs_lookup()
* nfsd: Limit end of page list when decoding NFSv4 WRITE
* perf/core: Fix group {cpu,task} validation
* Bluetooth: hidp: fix possible might sleep error in hidp_session_thread
* Bluetooth: cmtp: fix possible might sleep error in cmtp_session
* Bluetooth: bnep: fix possible might sleep error in bnep_session
* binder: use group leader instead of open thread
* binder: Use wake up hint for synchronous transactions.
* ANDROID: binder: fix proc->tsk check.
* iio: imu: adis16480: Fix acceleration scale factor for adis16480
* iio: hid-sensor-trigger: Fix the race with user space powering up sensors
* staging: rtl8188eu: add RNX-N150NUB support
* ASoC: simple-card: don't fail if sysclk setting is not supported
* ASoC: rsnd: disable SRC.out only when stop timing
* ASoC: rsnd: avoid pointless loop in rsnd_mod_interrupt()
* ASoC: rsnd: Add missing initialization of ADG req_rate
* ASoC: rsnd: ssi: 24bit data needs right-aligned settings
* ASoC: rsnd: don't call update callback if it was NULL
* ntb_transport: fix qp count bug
* ntb_transport: fix bug calculating num_qps_mw
* ACPI: ioapic: Clear on-stack resource before using it
* ACPI / APEI: Add missing synchronize_rcu() on NOTIFY_SCI removal
* Linux 4.4.85

CVE References

Stefan Bader (smb) on 2017-08-31
tags: added: kernel-stable-tracking-bug
Stefan Bader (smb) on 2017-08-31
Changed in linux (Ubuntu Xenial):
assignee: nobody → Stefan Bader (smb)
importance: Undecided → Medium
status: New → In Progress
Changed in linux (Ubuntu):
status: New → Invalid
description: updated
Changed in linux (Ubuntu Xenial):
status: In Progress → Fix Committed
Launchpad Janitor (janitor) wrote :
Download full text (7.8 KiB)

This bug was fixed in the package linux - 4.4.0-97.120

---------------
linux (4.4.0-97.120) xenial; urgency=low

  * linux: 4.4.0-97.120 -proposed tracker (LP: #1718149)

  * blk-mq: possible deadlock on CPU hot(un)plug (LP: #1670634)
    - [Config] s390x -- disable CONFIG_{DM, SCSI}_MQ_DEFAULT

  * Xenial update to 4.4.87 stable release (LP: #1715678)
    - irqchip: mips-gic: SYNC after enabling GIC region
    - i2c: ismt: Don't duplicate the receive length for block reads
    - i2c: ismt: Return EMSGSIZE for block reads with bogus length
    - ceph: fix readpage from fscache
    - cpumask: fix spurious cpumask_of_node() on non-NUMA multi-node configs
    - cpuset: Fix incorrect memory_pressure control file mapping
    - alpha: uapi: Add support for __SANE_USERSPACE_TYPES__
    - CIFS: remove endian related sparse warning
    - wl1251: add a missing spin_lock_init()
    - xfrm: policy: check policy direction value
    - drm/ttm: Fix accounting error when fail to get pages for pool
    - kvm: arm/arm64: Fix race in resetting stage2 PGD
    - kvm: arm/arm64: Force reading uncached stage2 PGD
    - epoll: fix race between ep_poll_callback(POLLFREE) and ep_free()/ep_remove()
    - crypto: algif_skcipher - only call put_page on referenced and used pages
    - Linux 4.4.87

  * Xenial update to 4.4.86 stable release (LP: #1715430)
    - scsi: isci: avoid array subscript warning
    - ALSA: au88x0: Fix zero clear of stream->resources
    - btrfs: remove duplicate const specifier
    - i2c: jz4780: drop superfluous init
    - gcov: add support for gcc version >= 6
    - gcov: support GCC 7.1
    - lightnvm: initialize ppa_addr in dev_to_generic_addr()
    - p54: memset(0) whole array
    - lpfc: Fix Device discovery failures during switch reboot test.
    - arm64: mm: abort uaccess retries upon fatal signal
    - x86/io: Add "memory" clobber to insb/insw/insl/outsb/outsw/outsl
    - arm64: fpsimd: Prevent registers leaking across exec
    - scsi: sg: protect accesses to 'reserved' page array
    - scsi: sg: reset 'res_in_use' after unlinking reserved array
    - drm/i915: fix compiler warning in drivers/gpu/drm/i915/intel_uncore.c
    - Linux 4.4.86

  * Xenial update to 4.4.85 stable release (LP: #1714298)
    - af_key: do not use GFP_KERNEL in atomic contexts
    - dccp: purge write queue in dccp_destroy_sock()
    - dccp: defer ccid_hc_tx_delete() at dismantle time
    - ipv4: fix NULL dereference in free_fib_info_rcu()
    - net_sched/sfq: update hierarchical backlog when drop packet
    - ipv4: better IP_MAX_MTU enforcement
    - sctp: fully initialize the IPv6 address in sctp_v6_to_addr()
    - tipc: fix use-after-free
    - ipv6: reset fn->rr_ptr when replacing route
    - ipv6: repair fib6 tree in failure case
    - tcp: when rearming RTO, if RTO time is in past then fire RTO ASAP
    - irda: do not leak initialized list.dev to userspace
    - net: sched: fix NULL pointer dereference when action calls some targets
    - net_sched: fix order of queue length updates in qdisc_replace()
    - mei: me: add broxton pci device ids
    - mei: me: add lewisburg device ids
    - Input: trackpoint - add new trackpoint firmware ID
    - Input: elan_i2c...

Read more...

Changed in linux (Ubuntu Xenial):
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers