Xenial update to 4.4.152 stable release

Bug #1792377 reported by Stefan Bader on 2018-09-13
This bug affects 1 person
Affects Status Importance Assigned to Milestone
linux (Ubuntu)
Stefan Bader

Bug Description

SRU Justification

       The upstream process for stable tree updates is quite similar
       in scope to the Ubuntu SRU process, e.g., each patch has to
       demonstrably fix a bug, and each patch is vetted by upstream
       by originating either directly from a mainline/stable Linux tree or
       a minimally backported form of that patch. The 4.4.152 upstream stable
       patch set is now available. It should be included in the Ubuntu
       kernel as well.



The following patches from the 4.4.152 stable release shall be applied:
* ARC: Explicitly add -mmedium-calls to CFLAGS
* netfilter: ipv6: nf_defrag: reduce struct net memory waste
* selftests: pstore: return Kselftest Skip code for skipped tests
* selftests: static_keys: return Kselftest Skip code for skipped tests
* selftests: user: return Kselftest Skip code for skipped tests
* selftests: zram: return Kselftest Skip code for skipped tests
* selftests: sync: add config fragment for testing sync framework
* ARM: dts: Cygnus: Fix I2C controller interrupt type
* usb: dwc2: fix isoc split in transfer with no data
* usb: gadget: composite: fix delayed_status race condition when set_interface
* usb: gadget: dwc2: fix memory leak in gadget_init()
* scsi: xen-scsifront: add error handling for xenbus_printf
* arm64: make secondary_start_kernel() notrace
* qed: Add sanity check for SIMD fastpath handler.
* enic: initialize enic->rfs_h.lock in enic_probe
* net: hamradio: use eth_broadcast_addr
* net: propagate dev_get_valid_name return code
* ARC: Enable machine_desc->init_per_cpu for !CONFIG_SMP
* net: davinci_emac: match the mdio device against its compatible if possible
* locking/lockdep: Do not record IRQ state within lockdep code
* ipv6: mcast: fix unsolicited report interval after receiving querys
* Smack: Mark inode instant in smack_task_to_inode
* cxgb4: when disabling dcb set txq dcb priority to 0
* brcmfmac: stop watchdog before detach and free everything
* ARM: dts: am437x: make edt-ft5x06 a wakeup source
* usb: xhci: increase CRS timeout value
* perf test session topology: Fix test on s390
* perf report powerpc: Fix crash if callchain is empty
* selftests/x86/sigreturn/64: Fix spurious failures on AMD CPUs
* ARM: dts: da850: Fix interrups property for gpio
* dmaengine: k3dma: Off by one in k3_of_dma_simple_xlate()
* md/raid10: fix that replacement cannot complete recovery after reassemble
* drm/exynos: gsc: Fix support for NV16/61, YUV420/YVU420 and YUV422 modes
* drm/exynos: decon5433: Fix per-plane global alpha for XRGB modes
* drm/exynos: decon5433: Fix WINCONx reset value
* bnx2x: Fix receiving tx-timeout in error or recovery state.
* m68k: fix "bad page state" oops on ColdFire boot
* HID: wacom: Correct touch maximum XY of 2nd-gen Intuos
* ARM: imx_v6_v7_defconfig: Select ULPI support
* ARM: imx_v4_v5_defconfig: Select ULPI support
* tracing: Use __printf markup to silence compiler
* kasan: fix shadow_size calculation error in kasan_module_alloc
* smsc75xx: Add workaround for gigabit link up hardware errata.
* netfilter: x_tables: set module owner for icmp(6) matches
* ARM: pxa: irq: fix handling of ICMR registers in suspend/resume
* ieee802154: at86rf230: switch from BUG_ON() to WARN_ON() on problem
* ieee802154: at86rf230: use __func__ macro for debug messages
* ieee802154: fakelb: switch from BUG_ON() to WARN_ON() on problem
* drm/armada: fix colorkey mode property
* bnxt_en: Fix for system hang if request_irq fails
* perf llvm-utils: Remove bashism from kernel include fetch script
* ARM: 8780/1: ftrace: Only set kernel memory back to read-only after boot
* ARM: dts: am3517.dtsi: Disable reference to OMAP3 OTG controller
* ixgbe: Be more careful when modifying MAC filters
* packet: reset network header if packet shorter than ll reserved space
* qlogic: check kstrtoul() for errors
* tcp: remove DELAYED ACK events in DCTCP
* drm/nouveau/gem: off by one bugs in nouveau_gem_pushbuf_reloc_apply()
* net/ethernet/freescale/fman: fix cross-build error
* net: usb: rtl8150: demote allmulti message to dev_dbg()
* net: qca_spi: Avoid packet drop during initial sync
* net: qca_spi: Make sure the QCA7000 reset is triggered
* net: qca_spi: Fix log level if probe fails
* tcp: identify cryptic messages as TCP seq # bugs
* staging: android: ion: check for kref overflow
* KVM: irqfd: fix race between EPOLLHUP and irq_bypass_register_consumer
* ext4: fix spectre gadget in ext4_mb_regular_allocator()
* parisc: Remove ordered stores from syscall.S
* xfrm_user: prevent leaking 2 bytes of kernel memory
* netfilter: conntrack: dccp: treat SYNC/SYNCACK as invalid if no prior state
* packet: refine ring v3 block size test to hold one frame
* bridge: Propagate vlan add failure to user
* parisc: Remove unnecessary barriers from spinlock.h
* PCI: hotplug: Don't leak pci_slot on registration failure
* PCI: Skip MPS logic for Virtual Functions (VFs)
* PCI: pciehp: Fix use-after-free on unplug
* i2c: imx: Fix race condition in dma read
* reiserfs: fix broken xattr handling (heap corruption, bad retval)
* Linux 4.4.152

CVE References

Stefan Bader (smb) wrote :

Surprisingly, for a large update, all patches applied cleanly.

tags: added: kernel-stable-tracking-bug
Changed in linux (Ubuntu Xenial):
assignee: nobody → Stefan Bader (smb)
importance: Undecided → Medium
status: New → In Progress
Changed in linux (Ubuntu):
status: New → Invalid
description: updated
Changed in linux (Ubuntu Xenial):
status: In Progress → Fix Committed
Launchpad Janitor (janitor) wrote :
Download full text (28.0 KiB)

This bug was fixed in the package linux - 4.4.0-138.164

linux (4.4.0-138.164) xenial; urgency=medium

  * linux: 4.4.0-138.164 -proposed tracker (LP: #1795582)

  * Linux 4.4.155 stable release build is broken on ppc64 (LP: #1795662)
    - powerpc/fadump: Return error when fadump registration fails

  * Kernel hang on drive pull caused by regression introduced by commit
    287922eb0b18 (LP: #1791790)
    - block: Fix a race between blk_cleanup_queue() and timeout handling

  * qeth: use vzalloc for QUERY OAT buffer (LP: #1793086)
    - s390/qeth: use vzalloc for QUERY OAT buffer

  * Page leaking in cachefiles_read_backing_file while vmscan is active
    (LP: #1793430)
    - SAUCE: cachefiles: Page leaking in cachefiles_read_backing_file while vmscan
      is active

  * Bugfix for handling of shadow doorbell buffer (LP: #1788222)
    - nvme-pci: add a memory barrier to nvme_dbbuf_update_and_check_event

  * Xenial update to 4.4.155 stable release (LP: #1792419)
    - net: 6lowpan: fix reserved space for single frames
    - net: mac802154: tx: expand tailroom if necessary
    - 9p/net: Fix zero-copy path in the 9p virtio transport
    - net: lan78xx: Fix misplaced tasklet_schedule() call
    - spi: davinci: fix a NULL pointer dereference
    - drm/i915/userptr: reject zero user_size
    - powerpc/fadump: handle crash memory ranges array index overflow
    - powerpc/pseries: Fix endianness while restoring of r3 in MCE handler.
    - fs/9p/xattr.c: catch the error of p9_client_clunk when setting xattr failed
    - 9p/virtio: fix off-by-one error in sg list bounds check
    - net/9p/client.c: version pointer uninitialized
    - net/9p/trans_fd.c: fix race-condition by flushing workqueue before the
    - dm cache metadata: save in-core policy_hint_size to on-disk superblock
    - iio: ad9523: Fix displayed phase
    - iio: ad9523: Fix return value for ad952x_store()
    - vmw_balloon: fix inflation of 64-bit GFNs
    - vmw_balloon: do not use 2MB without batching
    - vmw_balloon: VMCI_DOORBELL_SET does not check status
    - vmw_balloon: fix VMCI use when balloon built into kernel
    - tracing: Do not call start/stop() functions when tracing_on does not change
    - tracing/blktrace: Fix to allow setting same value
    - kthread, tracing: Don't expose half-written comm when creating kthreads
    - uprobes: Use synchronize_rcu() not synchronize_sched()
    - 9p: fix multiple NULL-pointer-dereferences
    - PM / sleep: wakeup: Fix build error caused by missing SRCU support
    - pnfs/blocklayout: off by one in bl_map_stripe()
    - ARM: tegra: Fix Tegra30 Cardhu PCA954x reset
    - mm/tlb: Remove tlb_remove_table() non-concurrent condition
    - iommu/vt-d: Add definitions for PFSID
    - iommu/vt-d: Fix dev iotlb pfsid use
    - osf_getdomainname(): use copy_to_user()
    - sys: don't hold uts_sem while accessing userspace memory
    - userns: move user access out of the mutex
    - ubifs: Fix memory leak in lprobs self-check
    - Revert "UBIFS: Fix potential integer overflow in allocation"
    - ubifs: Check data node size before truncate
    - ubifs: Fix synced_i_size calculation for xattr inodes
    - pwm: ti...

Changed in linux (Ubuntu Xenial):
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers