Xenial update to 4.4.146 stable release

Bug #1791953 reported by Stefan Bader on 2018-09-11
10
This bug affects 1 person
Affects Status Importance Assigned to Milestone
linux (Ubuntu)
Undecided
Unassigned
Xenial
Medium
Stefan Bader

Bug Description

SRU Justification

    Impact:
       The upstream process for stable tree updates is quite similar
       in scope to the Ubuntu SRU process, e.g., each patch has to
       demonstrably fix a bug, and each patch is vetted by upstream
       by originating either directly from a mainline/stable Linux tree or
       a minimally backported form of that patch. The 4.4.146 upstream stable
       patch set is now available. It should be included in the Ubuntu
       kernel as well.

       git://git.kernel.org/

    TEST CASE: TBD

The following patches from the 4.4.146 stable release shall be applied:
* MIPS: Fix off-by-one in pci_resource_to_user()
* Input: elan_i2c - add ACPI ID for lenovo ideapad 330
* Input: i8042 - add Lenovo LaVie Z to the i8042 reset list
* Input: elan_i2c - add another ACPI ID for Lenovo Ideapad 330-15AST
* tracing: Fix double free of event_trigger_data
* tracing: Fix possible double free in event_enable_trigger_func()
* tracing/kprobes: Fix trace_probe flags on enable_trace_kprobe() failure
* tracing: Quiet gcc warning about maybe unused link variable
* xen/netfront: raise max number of slots in xennet_get_responses()
* ALSA: emu10k1: add error handling for snd_ctl_add
* ALSA: fm801: add error handling for snd_ctl_add
* nfsd: fix potential use-after-free in nfsd4_decode_getdeviceinfo
* mm: vmalloc: avoid racy handling of debugobjects in vunmap
* mm/slub.c: add __printf verification to slab_err()
* rtc: ensure rtc_set_alarm fails when alarms are not supported
* netfilter: ipset: List timing out entries with "timeout 1" instead of zero
* infiniband: fix a possible use-after-free bug
* hvc_opal: don't set tb_ticks_per_usec in udbg_init_opal_common()
* powerpc/64s: Fix compiler store ordering to SLB shadow area
* RDMA/mad: Convert BUG_ONs to error flows
* disable loading f2fs module on PAGE_SIZE > 4KB
* f2fs: fix to don't trigger writeback during recovery
* usbip: usbip_detach: Fix memory, udev context and udev leak
* perf/x86/intel/uncore: Correct fixed counter index check in generic code
* perf/x86/intel/uncore: Correct fixed counter index check for NHM
* iwlwifi: pcie: fix race in Rx buffer allocator
* Bluetooth: hci_qca: Fix "Sleep inside atomic section" warning
* Bluetooth: btusb: Add a new Realtek 8723DE ID 2ff8:b011
* ASoC: dpcm: fix BE dai not hw_free and shutdown
* mfd: cros_ec: Fail early if we cannot identify the EC
* mwifiex: handle race during mwifiex_usb_disconnect
* wlcore: sdio: check for valid platform device data before suspend
* media: videobuf2-core: don't call memop 'finish' when queueing
* btrfs: add barriers to btrfs_sync_log before log_commit_wait wakeups
* btrfs: qgroup: Finish rescan when hit the last leaf of extent tree
* PCI: Prevent sysfs disable of device while driver is attached
* ath: Add regulatory mapping for FCC3_ETSIC
* ath: Add regulatory mapping for ETSI8_WORLD
* ath: Add regulatory mapping for APL13_WORLD
* ath: Add regulatory mapping for APL2_FCCA
* ath: Add regulatory mapping for Uganda
* ath: Add regulatory mapping for Tanzania
* ath: Add regulatory mapping for Serbia
* ath: Add regulatory mapping for Bermuda
* ath: Add regulatory mapping for Bahamas
* powerpc/32: Add a missing include header
* powerpc/chrp/time: Make some functions static, add missing header include
* powerpc/powermac: Add missing prototype for note_bootable_part()
* powerpc/powermac: Mark variable x as unused
* powerpc/8xx: fix invalid register expression in head_8xx.S
* pinctrl: at91-pio4: add missing of_node_put
* PCI: pciehp: Request control of native hotplug only if supported
* mwifiex: correct histogram data with appropriate index
* scsi: ufs: fix exception event handling
* ALSA: emu10k1: Rate-limit error messages about page errors
* regulator: pfuze100: add .is_enable() for pfuze100_swb_regulator_ops
* md: fix NULL dereference of mddev->pers in remove_and_add_spares()
* media: smiapp: fix timeout checking in smiapp_read_nvm
* ALSA: usb-audio: Apply rate limit to warning messages in URB complete callback
* HID: hid-plantronics: Re-resend Update to map button for PTT products
* drm/radeon: fix mode_valid's return type
* powerpc/embedded6xx/hlwd-pic: Prevent interrupts from being handled by Starlet
* HID: i2c-hid: check if device is there before really probing
* tty: Fix data race in tty_insert_flip_string_fixed_flag
* dma-iommu: Fix compilation when !CONFIG_IOMMU_DMA
* media: rcar_jpu: Add missing clk_disable_unprepare() on error in jpu_open()
* libata: Fix command retry decision
* media: saa7164: Fix driver name in debug output
* mtd: rawnand: fsl_ifc: fix FSL NAND driver to read all ONFI parameter pages
* brcmfmac: Add support for bcm43364 wireless chipset
* s390/cpum_sf: Add data entry sizes to sampling trailer entry
* perf: fix invalid bit in diagnostic entry
* scsi: 3w-9xxx: fix a missing-check bug
* scsi: 3w-xxxx: fix a missing-check bug
* scsi: megaraid: silence a static checker bug
* thermal: exynos: fix setting rising_threshold for Exynos5433
* bpf: fix references to free_bpf_prog_info() in comments
* media: siano: get rid of __le32/__le16 cast warnings
* drm/atomic: Handling the case when setting old crtc for plane
* ALSA: hda/ca0132: fix build failure when a local macro is defined
* memory: tegra: Do not handle spurious interrupts
* memory: tegra: Apply interrupts mask per SoC
* drm/gma500: fix psb_intel_lvds_mode_valid()'s return type
* ipconfig: Correctly initialise ic_nameservers
* rsi: Fix 'invalid vdd' warning in mmc
* audit: allow not equal op for audit by executable
* microblaze: Fix simpleImage format generation
* usb: hub: Don't wait for connect state at resume for powered-off ports
* crypto: authencesn - don't leak pointers to authenc keys
* crypto: authenc - don't leak pointers to authenc keys
* media: omap3isp: fix unbalanced dma_iommu_mapping
* scsi: scsi_dh: replace too broad "TP9" string with the exact models
* scsi: megaraid_sas: Increase timeout by 1 sec for non-RAID fastpath IOs
* media: si470x: fix __be16 annotations
* drm: Add DP PSR2 sink enable bit
* random: mix rdrand with entropy sent in from userspace
* squashfs: be more careful about metadata corruption
* ext4: fix inline data updates with checksums enabled
* ext4: check for allocation block validity with block group locked
* dmaengine: pxa_dma: remove duplicate const qualifier
* ASoC: pxa: Fix module autoload for platform drivers
* ipv4: remove BUG_ON() from fib_compute_spec_dst
* net: fix amd-xgbe flow-control issue
* net: lan78xx: fix rx handling before first packet is send
* xen-netfront: wait xenbus state change when load module manually
* NET: stmmac: align DMA stuff to largest cache line length
* tcp: do not force quickack when receiving out-of-order packets
* tcp: add max_quickacks param to tcp_incr_quickack and tcp_enter_quickack_mode
* tcp: do not aggressively quick ack after ECN events
* tcp: refactor tcp_ecn_check_ce to remove sk type cast
* tcp: add one more quick ack after after ECN events
* inet: frag: enforce memory limits earlier
* net: dsa: Do not suspend/resume closed slave_dev
* netlink: Fix spectre v1 gadget in netlink_create()
* squashfs: more metadata hardening
* squashfs: more metadata hardenings
* can: ems_usb: Fix memory leak on ems_usb_disconnect()
* net: socket: fix potential spectre v1 gadget in socketcall
* virtio_balloon: fix another race between migration and ballooning
* kvm: x86: vmx: fix vpid leak
* crypto: padlock-aes - Fix Nano workaround data corruption
* scsi: sg: fix minor memory leak in error path
* Linux 4.4.146

CVE References

Stefan Bader (smb) on 2018-09-11
tags: added: kernel-stable-tracking-bug
Stefan Bader (smb) wrote :

Modified:
* "perf/x86/intel/uncore: Correct fixed counter
  index check in generic code"
  -> needed path adjusted -> arch/x86/events/intel
* "perf/x86/intel/uncore: Correct fixed counter index
  check for NHM"
  -> same path adjustment

Stefan Bader (smb) on 2018-09-11
Changed in linux (Ubuntu Xenial):
assignee: nobody → Stefan Bader (smb)
importance: Undecided → Medium
status: New → In Progress
Changed in linux (Ubuntu):
status: New → Invalid
description: updated
Changed in linux (Ubuntu Xenial):
status: In Progress → Fix Committed
Launchpad Janitor (janitor) wrote :
Download full text (28.0 KiB)

This bug was fixed in the package linux - 4.4.0-138.164

---------------
linux (4.4.0-138.164) xenial; urgency=medium

  * linux: 4.4.0-138.164 -proposed tracker (LP: #1795582)

  * Linux 4.4.155 stable release build is broken on ppc64 (LP: #1795662)
    - powerpc/fadump: Return error when fadump registration fails

  * Kernel hang on drive pull caused by regression introduced by commit
    287922eb0b18 (LP: #1791790)
    - block: Fix a race between blk_cleanup_queue() and timeout handling

  * qeth: use vzalloc for QUERY OAT buffer (LP: #1793086)
    - s390/qeth: use vzalloc for QUERY OAT buffer

  * Page leaking in cachefiles_read_backing_file while vmscan is active
    (LP: #1793430)
    - SAUCE: cachefiles: Page leaking in cachefiles_read_backing_file while vmscan
      is active

  * Bugfix for handling of shadow doorbell buffer (LP: #1788222)
    - nvme-pci: add a memory barrier to nvme_dbbuf_update_and_check_event

  * Xenial update to 4.4.155 stable release (LP: #1792419)
    - net: 6lowpan: fix reserved space for single frames
    - net: mac802154: tx: expand tailroom if necessary
    - 9p/net: Fix zero-copy path in the 9p virtio transport
    - net: lan78xx: Fix misplaced tasklet_schedule() call
    - spi: davinci: fix a NULL pointer dereference
    - drm/i915/userptr: reject zero user_size
    - powerpc/fadump: handle crash memory ranges array index overflow
    - powerpc/pseries: Fix endianness while restoring of r3 in MCE handler.
    - fs/9p/xattr.c: catch the error of p9_client_clunk when setting xattr failed
    - 9p/virtio: fix off-by-one error in sg list bounds check
    - net/9p/client.c: version pointer uninitialized
    - net/9p/trans_fd.c: fix race-condition by flushing workqueue before the
      kfree()
    - dm cache metadata: save in-core policy_hint_size to on-disk superblock
    - iio: ad9523: Fix displayed phase
    - iio: ad9523: Fix return value for ad952x_store()
    - vmw_balloon: fix inflation of 64-bit GFNs
    - vmw_balloon: do not use 2MB without batching
    - vmw_balloon: VMCI_DOORBELL_SET does not check status
    - vmw_balloon: fix VMCI use when balloon built into kernel
    - tracing: Do not call start/stop() functions when tracing_on does not change
    - tracing/blktrace: Fix to allow setting same value
    - kthread, tracing: Don't expose half-written comm when creating kthreads
    - uprobes: Use synchronize_rcu() not synchronize_sched()
    - 9p: fix multiple NULL-pointer-dereferences
    - PM / sleep: wakeup: Fix build error caused by missing SRCU support
    - pnfs/blocklayout: off by one in bl_map_stripe()
    - ARM: tegra: Fix Tegra30 Cardhu PCA954x reset
    - mm/tlb: Remove tlb_remove_table() non-concurrent condition
    - iommu/vt-d: Add definitions for PFSID
    - iommu/vt-d: Fix dev iotlb pfsid use
    - osf_getdomainname(): use copy_to_user()
    - sys: don't hold uts_sem while accessing userspace memory
    - userns: move user access out of the mutex
    - ubifs: Fix memory leak in lprobs self-check
    - Revert "UBIFS: Fix potential integer overflow in allocation"
    - ubifs: Check data node size before truncate
    - ubifs: Fix synced_i_size calculation for xattr inodes
    - pwm: ti...

Changed in linux (Ubuntu Xenial):
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers