Xenial update to 4.4.154 stable release

Bug #1792392 reported by Stefan Bader on 2018-09-13
10
This bug affects 1 person
Affects Status Importance Assigned to Milestone
linux (Ubuntu)
Undecided
Unassigned
Xenial
Medium
Stefan Bader

Bug Description

SRU Justification

    Impact:
       The upstream process for stable tree updates is quite similar
       in scope to the Ubuntu SRU process, e.g., each patch has to
       demonstrably fix a bug, and each patch is vetted by upstream
       by originating either directly from a mainline/stable Linux tree or
       a minimally backported form of that patch. The 4.4.154 upstream stable
       patch set is now available. It should be included in the Ubuntu
       kernel as well.

       git://git.kernel.org/

    TEST CASE: TBD

The following patches from the 4.4.154 stable release shall be applied:
* sched/sysctl: Check user input value of sysctl_sched_time_avg
* Cipso: cipso_v4_optptr enter infinite loop
* vti6: fix PMTU caching and reporting on xmit
* xfrm: fix missing dst_release() after policy blocking lbcast and multicast
* xfrm: free skb if nlsk pointer is NULL
* mac80211: add stations tied to AP_VLANs during hw reconfig
* nl80211: Add a missing break in parse_station_flags
* drm/bridge: adv7511: Reset registers on hotplug
* scsi: libiscsi: fix possible NULL pointer dereference in case of TMF
* drm/imx: imx-ldb: disable LDB on driver bind
* drm/imx: imx-ldb: check if channel is enabled before printing warning
* usb: gadget: r8a66597: Fix two possible sleep-in-atomic-context bugs in
  init_controller()
* usb: gadget: r8a66597: Fix a possible sleep-in-atomic-context bugs in
  r8a66597_queue()
* usb/phy: fix PPC64 build errors in phy-fsl-usb.c
* tools: usb: ffs-test: Fix build on big endian systems
* usb: gadget: f_uac2: fix endianness of 'struct cntrl_*_lay3'
* tools/power turbostat: fix -S on UP systems
* net: caif: Add a missing rcu_read_unlock() in caif_flow_cb
* qed: Fix possible race for the link state value.
* atl1c: reserve min skb headroom
* net: prevent ISA drivers from building on PPC32
* can: mpc5xxx_can: check of_iomap return before use
* i2c: davinci: Avoid zero value of CLKH
* media: staging: omap4iss: Include asm/cacheflush.h after generic includes
* bnx2x: Fix invalid memory access in rss hash config path.
* net: axienet: Fix double deregister of mdio
* selftests/ftrace: Add snapshot and tracing_on test case
* zswap: re-check zswap_is_full() after do zswap_shrink()
* tools/power turbostat: Read extended processor family from CPUID
* Revert "MIPS: BCM47XX: Enable 74K Core ExternalSync for PCIe erratum"
* enic: handle mtu change for vf properly
* arc: fix build errors in arc/include/asm/delay.h
* arc: fix type warnings in arc/mm/cache.c
* drivers: net: lmc: fix case value for target abort error
* scsi: fcoe: drop frames in ELS LOGO error path
* scsi: vmw_pvscsi: Return DID_RESET for status SAM_STAT_COMMAND_TERMINATED
* mm/memory.c: check return value of ioremap_prot
* cifs: add missing debug entries for kconfig options
* cifs: check kmalloc before use
* smb3: Do not send SMB3 SET_INFO if nothing changed
* smb3: don't request leases in symlink creation and query
* btrfs: don't leak ret from do_chunk_alloc
* s390/kvm: fix deadlock when killed by oom
* ext4: check for NUL characters in extended attribute's name
* ext4: sysfs: print ext4_super_block fields as little-endian
* ext4: reset error code in ext4_find_entry in fallback
* arm64: mm: check for upper PAGE_SHIFT bits in pfn_valid()
* KVM: arm/arm64: Skip updating PTE entry if no change
* KVM: arm/arm64: Skip updating PMD entry if no change
* x86/speculation/l1tf: Fix overflow in l1tf_pfn_limit() on 32bit
* x86/speculation/l1tf: Fix off-by-one error when warning that system has too much
  RAM
* x86/speculation/l1tf: Suggest what to do on systems with too much RAM
* x86/process: Re-export start_thread()
* fuse: Don't access pipe->buffers without pipe_lock()
* fuse: fix double request_end()
* fuse: fix unlocked access to processing queue
* fuse: umount should wait for all requests
* fuse: Fix oops at process_init_reply()
* fuse: Add missed unlock_page() to fuse_readpages_fill()
* udl-kms: change down_interruptible to down
* udl-kms: handle allocation failure
* udl-kms: fix crash due to uninitialized memory
* ASoC: dpcm: don't merge format from invalid codec dai
* ASoC: sirf: Fix potential NULL pointer dereference
* pinctrl: freescale: off by one in imx1_pinconf_group_dbg_show()
* x86/irqflags: Mark native_restore_fl extern inline
* s390: fix br_r1_trampoline for machines without exrl
* s390/qdio: reset old sbal_state flags
* kprobes: Make list and blacklist root user read only
* MIPS: Correct the 64-bit DSP accumulator register size
* MIPS: lib: Provide MIPS64r6 __multi3() for GCC < 7
* scsi: sysfs: Introduce sysfs_{un,}break_active_protection()
* scsi: core: Avoid that SCSI device removal through sysfs triggers a deadlock
* iscsi target: fix session creation failure handling
* cdrom: Fix info leak/OOB read in cdrom_ioctl_drive_status
* Linux 4.4.154

CVE References

Stefan Bader (smb) on 2018-09-13
tags: added: kernel-stable-tracking-bug
Changed in linux (Ubuntu Xenial):
assignee: nobody → Stefan Bader (smb)
importance: Undecided → Medium
status: New → In Progress
Changed in linux (Ubuntu):
status: New → Invalid
Stefan Bader (smb) wrote :

Modified "usb/phy: fix PPC64 build errors in phy-fsl-usb.c". It looks like we already got some protection but using CONFIG_PPC instead of CONFIG_PPC32 which seems pointless as CONFIG_PPC sounds like being set in both 32/64bit cases.

Skipped "fscache: Allow cancelled operations to be enqueued" and "cachefiles: Fix refcounting bug in backing-file read monitoring" as they are already applied for bug #1774336.

Skipped "cachefiles: Wait rather than BUG'ing on "Unexpected object collision"" as it is already applied for bug #1776254.

Skipped "x86/spectre: Add missing family 6 check to microcode check" because this changes the bad microcode check which we have dropped.

Skipped "s390/pci: fix out of bounds access during irq setup" because it is already applied for bug #1790480.

description: updated
Changed in linux (Ubuntu Xenial):
status: In Progress → Fix Committed
Launchpad Janitor (janitor) wrote :
Download full text (28.0 KiB)

This bug was fixed in the package linux - 4.4.0-138.164

---------------
linux (4.4.0-138.164) xenial; urgency=medium

  * linux: 4.4.0-138.164 -proposed tracker (LP: #1795582)

  * Linux 4.4.155 stable release build is broken on ppc64 (LP: #1795662)
    - powerpc/fadump: Return error when fadump registration fails

  * Kernel hang on drive pull caused by regression introduced by commit
    287922eb0b18 (LP: #1791790)
    - block: Fix a race between blk_cleanup_queue() and timeout handling

  * qeth: use vzalloc for QUERY OAT buffer (LP: #1793086)
    - s390/qeth: use vzalloc for QUERY OAT buffer

  * Page leaking in cachefiles_read_backing_file while vmscan is active
    (LP: #1793430)
    - SAUCE: cachefiles: Page leaking in cachefiles_read_backing_file while vmscan
      is active

  * Bugfix for handling of shadow doorbell buffer (LP: #1788222)
    - nvme-pci: add a memory barrier to nvme_dbbuf_update_and_check_event

  * Xenial update to 4.4.155 stable release (LP: #1792419)
    - net: 6lowpan: fix reserved space for single frames
    - net: mac802154: tx: expand tailroom if necessary
    - 9p/net: Fix zero-copy path in the 9p virtio transport
    - net: lan78xx: Fix misplaced tasklet_schedule() call
    - spi: davinci: fix a NULL pointer dereference
    - drm/i915/userptr: reject zero user_size
    - powerpc/fadump: handle crash memory ranges array index overflow
    - powerpc/pseries: Fix endianness while restoring of r3 in MCE handler.
    - fs/9p/xattr.c: catch the error of p9_client_clunk when setting xattr failed
    - 9p/virtio: fix off-by-one error in sg list bounds check
    - net/9p/client.c: version pointer uninitialized
    - net/9p/trans_fd.c: fix race-condition by flushing workqueue before the
      kfree()
    - dm cache metadata: save in-core policy_hint_size to on-disk superblock
    - iio: ad9523: Fix displayed phase
    - iio: ad9523: Fix return value for ad952x_store()
    - vmw_balloon: fix inflation of 64-bit GFNs
    - vmw_balloon: do not use 2MB without batching
    - vmw_balloon: VMCI_DOORBELL_SET does not check status
    - vmw_balloon: fix VMCI use when balloon built into kernel
    - tracing: Do not call start/stop() functions when tracing_on does not change
    - tracing/blktrace: Fix to allow setting same value
    - kthread, tracing: Don't expose half-written comm when creating kthreads
    - uprobes: Use synchronize_rcu() not synchronize_sched()
    - 9p: fix multiple NULL-pointer-dereferences
    - PM / sleep: wakeup: Fix build error caused by missing SRCU support
    - pnfs/blocklayout: off by one in bl_map_stripe()
    - ARM: tegra: Fix Tegra30 Cardhu PCA954x reset
    - mm/tlb: Remove tlb_remove_table() non-concurrent condition
    - iommu/vt-d: Add definitions for PFSID
    - iommu/vt-d: Fix dev iotlb pfsid use
    - osf_getdomainname(): use copy_to_user()
    - sys: don't hold uts_sem while accessing userspace memory
    - userns: move user access out of the mutex
    - ubifs: Fix memory leak in lprobs self-check
    - Revert "UBIFS: Fix potential integer overflow in allocation"
    - ubifs: Check data node size before truncate
    - ubifs: Fix synced_i_size calculation for xattr inodes
    - pwm: ti...

Changed in linux (Ubuntu Xenial):
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers