Xenial update to 4.4.154 stable release

Bug #1792392 reported by Stefan Bader on 2018-09-13
This bug affects 1 person
Affects Status Importance Assigned to Milestone
linux (Ubuntu)
Stefan Bader

Bug Description

SRU Justification

       The upstream process for stable tree updates is quite similar
       in scope to the Ubuntu SRU process, e.g., each patch has to
       demonstrably fix a bug, and each patch is vetted by upstream
       by originating either directly from a mainline/stable Linux tree or
       a minimally backported form of that patch. The 4.4.154 upstream stable
       patch set is now available. It should be included in the Ubuntu
       kernel as well.



The following patches from the 4.4.154 stable release shall be applied:
* sched/sysctl: Check user input value of sysctl_sched_time_avg
* Cipso: cipso_v4_optptr enter infinite loop
* vti6: fix PMTU caching and reporting on xmit
* xfrm: fix missing dst_release() after policy blocking lbcast and multicast
* xfrm: free skb if nlsk pointer is NULL
* mac80211: add stations tied to AP_VLANs during hw reconfig
* nl80211: Add a missing break in parse_station_flags
* drm/bridge: adv7511: Reset registers on hotplug
* scsi: libiscsi: fix possible NULL pointer dereference in case of TMF
* drm/imx: imx-ldb: disable LDB on driver bind
* drm/imx: imx-ldb: check if channel is enabled before printing warning
* usb: gadget: r8a66597: Fix two possible sleep-in-atomic-context bugs in
* usb: gadget: r8a66597: Fix a possible sleep-in-atomic-context bugs in
* usb/phy: fix PPC64 build errors in phy-fsl-usb.c
* tools: usb: ffs-test: Fix build on big endian systems
* usb: gadget: f_uac2: fix endianness of 'struct cntrl_*_lay3'
* tools/power turbostat: fix -S on UP systems
* net: caif: Add a missing rcu_read_unlock() in caif_flow_cb
* qed: Fix possible race for the link state value.
* atl1c: reserve min skb headroom
* net: prevent ISA drivers from building on PPC32
* can: mpc5xxx_can: check of_iomap return before use
* i2c: davinci: Avoid zero value of CLKH
* media: staging: omap4iss: Include asm/cacheflush.h after generic includes
* bnx2x: Fix invalid memory access in rss hash config path.
* net: axienet: Fix double deregister of mdio
* selftests/ftrace: Add snapshot and tracing_on test case
* zswap: re-check zswap_is_full() after do zswap_shrink()
* tools/power turbostat: Read extended processor family from CPUID
* Revert "MIPS: BCM47XX: Enable 74K Core ExternalSync for PCIe erratum"
* enic: handle mtu change for vf properly
* arc: fix build errors in arc/include/asm/delay.h
* arc: fix type warnings in arc/mm/cache.c
* drivers: net: lmc: fix case value for target abort error
* scsi: fcoe: drop frames in ELS LOGO error path
* scsi: vmw_pvscsi: Return DID_RESET for status SAM_STAT_COMMAND_TERMINATED
* mm/memory.c: check return value of ioremap_prot
* cifs: add missing debug entries for kconfig options
* cifs: check kmalloc before use
* smb3: Do not send SMB3 SET_INFO if nothing changed
* smb3: don't request leases in symlink creation and query
* btrfs: don't leak ret from do_chunk_alloc
* s390/kvm: fix deadlock when killed by oom
* ext4: check for NUL characters in extended attribute's name
* ext4: sysfs: print ext4_super_block fields as little-endian
* ext4: reset error code in ext4_find_entry in fallback
* arm64: mm: check for upper PAGE_SHIFT bits in pfn_valid()
* KVM: arm/arm64: Skip updating PTE entry if no change
* KVM: arm/arm64: Skip updating PMD entry if no change
* x86/speculation/l1tf: Fix overflow in l1tf_pfn_limit() on 32bit
* x86/speculation/l1tf: Fix off-by-one error when warning that system has too much
* x86/speculation/l1tf: Suggest what to do on systems with too much RAM
* x86/process: Re-export start_thread()
* fuse: Don't access pipe->buffers without pipe_lock()
* fuse: fix double request_end()
* fuse: fix unlocked access to processing queue
* fuse: umount should wait for all requests
* fuse: Fix oops at process_init_reply()
* fuse: Add missed unlock_page() to fuse_readpages_fill()
* udl-kms: change down_interruptible to down
* udl-kms: handle allocation failure
* udl-kms: fix crash due to uninitialized memory
* ASoC: dpcm: don't merge format from invalid codec dai
* ASoC: sirf: Fix potential NULL pointer dereference
* pinctrl: freescale: off by one in imx1_pinconf_group_dbg_show()
* x86/irqflags: Mark native_restore_fl extern inline
* s390: fix br_r1_trampoline for machines without exrl
* s390/qdio: reset old sbal_state flags
* kprobes: Make list and blacklist root user read only
* MIPS: Correct the 64-bit DSP accumulator register size
* MIPS: lib: Provide MIPS64r6 __multi3() for GCC < 7
* scsi: sysfs: Introduce sysfs_{un,}break_active_protection()
* scsi: core: Avoid that SCSI device removal through sysfs triggers a deadlock
* iscsi target: fix session creation failure handling
* cdrom: Fix info leak/OOB read in cdrom_ioctl_drive_status
* Linux 4.4.154

CVE References

Stefan Bader (smb) on 2018-09-13
tags: added: kernel-stable-tracking-bug
Changed in linux (Ubuntu Xenial):
assignee: nobody → Stefan Bader (smb)
importance: Undecided → Medium
status: New → In Progress
Changed in linux (Ubuntu):
status: New → Invalid
Stefan Bader (smb) wrote :

Modified "usb/phy: fix PPC64 build errors in phy-fsl-usb.c". It looks like we already got some protection but using CONFIG_PPC instead of CONFIG_PPC32 which seems pointless as CONFIG_PPC sounds like being set in both 32/64bit cases.

Skipped "fscache: Allow cancelled operations to be enqueued" and "cachefiles: Fix refcounting bug in backing-file read monitoring" as they are already applied for bug #1774336.

Skipped "cachefiles: Wait rather than BUG'ing on "Unexpected object collision"" as it is already applied for bug #1776254.

Skipped "x86/spectre: Add missing family 6 check to microcode check" because this changes the bad microcode check which we have dropped.

Skipped "s390/pci: fix out of bounds access during irq setup" because it is already applied for bug #1790480.

description: updated
Changed in linux (Ubuntu Xenial):
status: In Progress → Fix Committed
Launchpad Janitor (janitor) wrote :
Download full text (28.0 KiB)

This bug was fixed in the package linux - 4.4.0-138.164

linux (4.4.0-138.164) xenial; urgency=medium

  * linux: 4.4.0-138.164 -proposed tracker (LP: #1795582)

  * Linux 4.4.155 stable release build is broken on ppc64 (LP: #1795662)
    - powerpc/fadump: Return error when fadump registration fails

  * Kernel hang on drive pull caused by regression introduced by commit
    287922eb0b18 (LP: #1791790)
    - block: Fix a race between blk_cleanup_queue() and timeout handling

  * qeth: use vzalloc for QUERY OAT buffer (LP: #1793086)
    - s390/qeth: use vzalloc for QUERY OAT buffer

  * Page leaking in cachefiles_read_backing_file while vmscan is active
    (LP: #1793430)
    - SAUCE: cachefiles: Page leaking in cachefiles_read_backing_file while vmscan
      is active

  * Bugfix for handling of shadow doorbell buffer (LP: #1788222)
    - nvme-pci: add a memory barrier to nvme_dbbuf_update_and_check_event

  * Xenial update to 4.4.155 stable release (LP: #1792419)
    - net: 6lowpan: fix reserved space for single frames
    - net: mac802154: tx: expand tailroom if necessary
    - 9p/net: Fix zero-copy path in the 9p virtio transport
    - net: lan78xx: Fix misplaced tasklet_schedule() call
    - spi: davinci: fix a NULL pointer dereference
    - drm/i915/userptr: reject zero user_size
    - powerpc/fadump: handle crash memory ranges array index overflow
    - powerpc/pseries: Fix endianness while restoring of r3 in MCE handler.
    - fs/9p/xattr.c: catch the error of p9_client_clunk when setting xattr failed
    - 9p/virtio: fix off-by-one error in sg list bounds check
    - net/9p/client.c: version pointer uninitialized
    - net/9p/trans_fd.c: fix race-condition by flushing workqueue before the
    - dm cache metadata: save in-core policy_hint_size to on-disk superblock
    - iio: ad9523: Fix displayed phase
    - iio: ad9523: Fix return value for ad952x_store()
    - vmw_balloon: fix inflation of 64-bit GFNs
    - vmw_balloon: do not use 2MB without batching
    - vmw_balloon: VMCI_DOORBELL_SET does not check status
    - vmw_balloon: fix VMCI use when balloon built into kernel
    - tracing: Do not call start/stop() functions when tracing_on does not change
    - tracing/blktrace: Fix to allow setting same value
    - kthread, tracing: Don't expose half-written comm when creating kthreads
    - uprobes: Use synchronize_rcu() not synchronize_sched()
    - 9p: fix multiple NULL-pointer-dereferences
    - PM / sleep: wakeup: Fix build error caused by missing SRCU support
    - pnfs/blocklayout: off by one in bl_map_stripe()
    - ARM: tegra: Fix Tegra30 Cardhu PCA954x reset
    - mm/tlb: Remove tlb_remove_table() non-concurrent condition
    - iommu/vt-d: Add definitions for PFSID
    - iommu/vt-d: Fix dev iotlb pfsid use
    - osf_getdomainname(): use copy_to_user()
    - sys: don't hold uts_sem while accessing userspace memory
    - userns: move user access out of the mutex
    - ubifs: Fix memory leak in lprobs self-check
    - Revert "UBIFS: Fix potential integer overflow in allocation"
    - ubifs: Check data node size before truncate
    - ubifs: Fix synced_i_size calculation for xattr inodes
    - pwm: ti...

Changed in linux (Ubuntu Xenial):
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers