Xenial update to 4.4.146 stable release

Bug #1791953 reported by Stefan Bader on 2018-09-11
This bug affects 1 person
Affects Status Importance Assigned to Milestone
linux (Ubuntu)
Stefan Bader

Bug Description

SRU Justification

       The upstream process for stable tree updates is quite similar
       in scope to the Ubuntu SRU process, e.g., each patch has to
       demonstrably fix a bug, and each patch is vetted by upstream
       by originating either directly from a mainline/stable Linux tree or
       a minimally backported form of that patch. The 4.4.146 upstream stable
       patch set is now available. It should be included in the Ubuntu
       kernel as well.



The following patches from the 4.4.146 stable release shall be applied:
* MIPS: Fix off-by-one in pci_resource_to_user()
* Input: elan_i2c - add ACPI ID for lenovo ideapad 330
* Input: i8042 - add Lenovo LaVie Z to the i8042 reset list
* Input: elan_i2c - add another ACPI ID for Lenovo Ideapad 330-15AST
* tracing: Fix double free of event_trigger_data
* tracing: Fix possible double free in event_enable_trigger_func()
* tracing/kprobes: Fix trace_probe flags on enable_trace_kprobe() failure
* tracing: Quiet gcc warning about maybe unused link variable
* xen/netfront: raise max number of slots in xennet_get_responses()
* ALSA: emu10k1: add error handling for snd_ctl_add
* ALSA: fm801: add error handling for snd_ctl_add
* nfsd: fix potential use-after-free in nfsd4_decode_getdeviceinfo
* mm: vmalloc: avoid racy handling of debugobjects in vunmap
* mm/slub.c: add __printf verification to slab_err()
* rtc: ensure rtc_set_alarm fails when alarms are not supported
* netfilter: ipset: List timing out entries with "timeout 1" instead of zero
* infiniband: fix a possible use-after-free bug
* hvc_opal: don't set tb_ticks_per_usec in udbg_init_opal_common()
* powerpc/64s: Fix compiler store ordering to SLB shadow area
* RDMA/mad: Convert BUG_ONs to error flows
* disable loading f2fs module on PAGE_SIZE > 4KB
* f2fs: fix to don't trigger writeback during recovery
* usbip: usbip_detach: Fix memory, udev context and udev leak
* perf/x86/intel/uncore: Correct fixed counter index check in generic code
* perf/x86/intel/uncore: Correct fixed counter index check for NHM
* iwlwifi: pcie: fix race in Rx buffer allocator
* Bluetooth: hci_qca: Fix "Sleep inside atomic section" warning
* Bluetooth: btusb: Add a new Realtek 8723DE ID 2ff8:b011
* ASoC: dpcm: fix BE dai not hw_free and shutdown
* mfd: cros_ec: Fail early if we cannot identify the EC
* mwifiex: handle race during mwifiex_usb_disconnect
* wlcore: sdio: check for valid platform device data before suspend
* media: videobuf2-core: don't call memop 'finish' when queueing
* btrfs: add barriers to btrfs_sync_log before log_commit_wait wakeups
* btrfs: qgroup: Finish rescan when hit the last leaf of extent tree
* PCI: Prevent sysfs disable of device while driver is attached
* ath: Add regulatory mapping for FCC3_ETSIC
* ath: Add regulatory mapping for ETSI8_WORLD
* ath: Add regulatory mapping for APL13_WORLD
* ath: Add regulatory mapping for APL2_FCCA
* ath: Add regulatory mapping for Uganda
* ath: Add regulatory mapping for Tanzania
* ath: Add regulatory mapping for Serbia
* ath: Add regulatory mapping for Bermuda
* ath: Add regulatory mapping for Bahamas
* powerpc/32: Add a missing include header
* powerpc/chrp/time: Make some functions static, add missing header include
* powerpc/powermac: Add missing prototype for note_bootable_part()
* powerpc/powermac: Mark variable x as unused
* powerpc/8xx: fix invalid register expression in head_8xx.S
* pinctrl: at91-pio4: add missing of_node_put
* PCI: pciehp: Request control of native hotplug only if supported
* mwifiex: correct histogram data with appropriate index
* scsi: ufs: fix exception event handling
* ALSA: emu10k1: Rate-limit error messages about page errors
* regulator: pfuze100: add .is_enable() for pfuze100_swb_regulator_ops
* md: fix NULL dereference of mddev->pers in remove_and_add_spares()
* media: smiapp: fix timeout checking in smiapp_read_nvm
* ALSA: usb-audio: Apply rate limit to warning messages in URB complete callback
* HID: hid-plantronics: Re-resend Update to map button for PTT products
* drm/radeon: fix mode_valid's return type
* powerpc/embedded6xx/hlwd-pic: Prevent interrupts from being handled by Starlet
* HID: i2c-hid: check if device is there before really probing
* tty: Fix data race in tty_insert_flip_string_fixed_flag
* dma-iommu: Fix compilation when !CONFIG_IOMMU_DMA
* media: rcar_jpu: Add missing clk_disable_unprepare() on error in jpu_open()
* libata: Fix command retry decision
* media: saa7164: Fix driver name in debug output
* mtd: rawnand: fsl_ifc: fix FSL NAND driver to read all ONFI parameter pages
* brcmfmac: Add support for bcm43364 wireless chipset
* s390/cpum_sf: Add data entry sizes to sampling trailer entry
* perf: fix invalid bit in diagnostic entry
* scsi: 3w-9xxx: fix a missing-check bug
* scsi: 3w-xxxx: fix a missing-check bug
* scsi: megaraid: silence a static checker bug
* thermal: exynos: fix setting rising_threshold for Exynos5433
* bpf: fix references to free_bpf_prog_info() in comments
* media: siano: get rid of __le32/__le16 cast warnings
* drm/atomic: Handling the case when setting old crtc for plane
* ALSA: hda/ca0132: fix build failure when a local macro is defined
* memory: tegra: Do not handle spurious interrupts
* memory: tegra: Apply interrupts mask per SoC
* drm/gma500: fix psb_intel_lvds_mode_valid()'s return type
* ipconfig: Correctly initialise ic_nameservers
* rsi: Fix 'invalid vdd' warning in mmc
* audit: allow not equal op for audit by executable
* microblaze: Fix simpleImage format generation
* usb: hub: Don't wait for connect state at resume for powered-off ports
* crypto: authencesn - don't leak pointers to authenc keys
* crypto: authenc - don't leak pointers to authenc keys
* media: omap3isp: fix unbalanced dma_iommu_mapping
* scsi: scsi_dh: replace too broad "TP9" string with the exact models
* scsi: megaraid_sas: Increase timeout by 1 sec for non-RAID fastpath IOs
* media: si470x: fix __be16 annotations
* drm: Add DP PSR2 sink enable bit
* random: mix rdrand with entropy sent in from userspace
* squashfs: be more careful about metadata corruption
* ext4: fix inline data updates with checksums enabled
* ext4: check for allocation block validity with block group locked
* dmaengine: pxa_dma: remove duplicate const qualifier
* ASoC: pxa: Fix module autoload for platform drivers
* ipv4: remove BUG_ON() from fib_compute_spec_dst
* net: fix amd-xgbe flow-control issue
* net: lan78xx: fix rx handling before first packet is send
* xen-netfront: wait xenbus state change when load module manually
* NET: stmmac: align DMA stuff to largest cache line length
* tcp: do not force quickack when receiving out-of-order packets
* tcp: add max_quickacks param to tcp_incr_quickack and tcp_enter_quickack_mode
* tcp: do not aggressively quick ack after ECN events
* tcp: refactor tcp_ecn_check_ce to remove sk type cast
* tcp: add one more quick ack after after ECN events
* inet: frag: enforce memory limits earlier
* net: dsa: Do not suspend/resume closed slave_dev
* netlink: Fix spectre v1 gadget in netlink_create()
* squashfs: more metadata hardening
* squashfs: more metadata hardenings
* can: ems_usb: Fix memory leak on ems_usb_disconnect()
* net: socket: fix potential spectre v1 gadget in socketcall
* virtio_balloon: fix another race between migration and ballooning
* kvm: x86: vmx: fix vpid leak
* crypto: padlock-aes - Fix Nano workaround data corruption
* scsi: sg: fix minor memory leak in error path
* Linux 4.4.146

CVE References

Stefan Bader (smb) on 2018-09-11
tags: added: kernel-stable-tracking-bug
Stefan Bader (smb) wrote :

* "perf/x86/intel/uncore: Correct fixed counter
  index check in generic code"
  -> needed path adjusted -> arch/x86/events/intel
* "perf/x86/intel/uncore: Correct fixed counter index
  check for NHM"
  -> same path adjustment

Stefan Bader (smb) on 2018-09-11
Changed in linux (Ubuntu Xenial):
assignee: nobody → Stefan Bader (smb)
importance: Undecided → Medium
status: New → In Progress
Changed in linux (Ubuntu):
status: New → Invalid
description: updated
Changed in linux (Ubuntu Xenial):
status: In Progress → Fix Committed
Launchpad Janitor (janitor) wrote :
Download full text (28.0 KiB)

This bug was fixed in the package linux - 4.4.0-138.164

linux (4.4.0-138.164) xenial; urgency=medium

  * linux: 4.4.0-138.164 -proposed tracker (LP: #1795582)

  * Linux 4.4.155 stable release build is broken on ppc64 (LP: #1795662)
    - powerpc/fadump: Return error when fadump registration fails

  * Kernel hang on drive pull caused by regression introduced by commit
    287922eb0b18 (LP: #1791790)
    - block: Fix a race between blk_cleanup_queue() and timeout handling

  * qeth: use vzalloc for QUERY OAT buffer (LP: #1793086)
    - s390/qeth: use vzalloc for QUERY OAT buffer

  * Page leaking in cachefiles_read_backing_file while vmscan is active
    (LP: #1793430)
    - SAUCE: cachefiles: Page leaking in cachefiles_read_backing_file while vmscan
      is active

  * Bugfix for handling of shadow doorbell buffer (LP: #1788222)
    - nvme-pci: add a memory barrier to nvme_dbbuf_update_and_check_event

  * Xenial update to 4.4.155 stable release (LP: #1792419)
    - net: 6lowpan: fix reserved space for single frames
    - net: mac802154: tx: expand tailroom if necessary
    - 9p/net: Fix zero-copy path in the 9p virtio transport
    - net: lan78xx: Fix misplaced tasklet_schedule() call
    - spi: davinci: fix a NULL pointer dereference
    - drm/i915/userptr: reject zero user_size
    - powerpc/fadump: handle crash memory ranges array index overflow
    - powerpc/pseries: Fix endianness while restoring of r3 in MCE handler.
    - fs/9p/xattr.c: catch the error of p9_client_clunk when setting xattr failed
    - 9p/virtio: fix off-by-one error in sg list bounds check
    - net/9p/client.c: version pointer uninitialized
    - net/9p/trans_fd.c: fix race-condition by flushing workqueue before the
    - dm cache metadata: save in-core policy_hint_size to on-disk superblock
    - iio: ad9523: Fix displayed phase
    - iio: ad9523: Fix return value for ad952x_store()
    - vmw_balloon: fix inflation of 64-bit GFNs
    - vmw_balloon: do not use 2MB without batching
    - vmw_balloon: VMCI_DOORBELL_SET does not check status
    - vmw_balloon: fix VMCI use when balloon built into kernel
    - tracing: Do not call start/stop() functions when tracing_on does not change
    - tracing/blktrace: Fix to allow setting same value
    - kthread, tracing: Don't expose half-written comm when creating kthreads
    - uprobes: Use synchronize_rcu() not synchronize_sched()
    - 9p: fix multiple NULL-pointer-dereferences
    - PM / sleep: wakeup: Fix build error caused by missing SRCU support
    - pnfs/blocklayout: off by one in bl_map_stripe()
    - ARM: tegra: Fix Tegra30 Cardhu PCA954x reset
    - mm/tlb: Remove tlb_remove_table() non-concurrent condition
    - iommu/vt-d: Add definitions for PFSID
    - iommu/vt-d: Fix dev iotlb pfsid use
    - osf_getdomainname(): use copy_to_user()
    - sys: don't hold uts_sem while accessing userspace memory
    - userns: move user access out of the mutex
    - ubifs: Fix memory leak in lprobs self-check
    - Revert "UBIFS: Fix potential integer overflow in allocation"
    - ubifs: Check data node size before truncate
    - ubifs: Fix synced_i_size calculation for xattr inodes
    - pwm: ti...

Changed in linux (Ubuntu Xenial):
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers