Xenial update: 4.4.156 upstream stable release

Bug #1797563 reported by Stefan Bader on 2018-10-12
10
This bug affects 1 person
Affects Status Importance Assigned to Milestone
linux (Ubuntu)
Undecided
Unassigned
Xenial
Medium
Stefan Bader

Bug Description

SRU Justification

    Impact:
       The upstream process for stable tree updates is quite similar
       in scope to the Ubuntu SRU process, e.g., each patch has to
       demonstrably fix a bug, and each patch is vetted by upstream
       by originating either directly from a mainline/stable Linux tree or
       a minimally backported form of that patch. The following upstream
       stable patches should be included in the Ubuntu kernel:

       4.4.156 upstream stable release
       from git://git.kernel.org/

The following patches will be applied:
* staging: android: ion: fix ION_IOC_{MAP,SHARE} use-after-free
* net: bcmgenet: use MAC link status for fixed phy
* qlge: Fix netdev features configuration.
* tcp: do not restart timewait timer on rst reception
* vti6: remove !skb->ignore_df check from vti6_xmit()
* cifs: check if SMB2 PDU size has been padded and suppress the warning
* hfsplus: don't return 0 when fill_super() failed
* hfs: prevent crash on exit from failed search
* fork: don't copy inconsistent signal handler state to child
* reiserfs: change j_timestamp type to time64_t
* hfsplus: fix NULL dereference in hfsplus_lookup()
* fat: validate ->i_start before using
* scripts: modpost: check memory allocation results
* mm/fadvise.c: fix signed overflow UBSAN complaint
* fs/dcache.c: fix kmemcheck splat at take_dentry_name_snapshot()
* ipvs: fix race between ip_vs_conn_new() and ip_vs_del_dest()
* mfd: sm501: Set coherent_dma_mask when creating subdevices
* platform/x86: asus-nb-wmi: Add keymap entry for lid flip action on UX360
* irqchip/bcm7038-l1: Hide cpu offline callback when building for !SMP
* net/9p: fix error path of p9_virtio_probe
* powerpc: Fix size calculation using resource_size()
* s390/dasd: fix hanging offline processing due to canceled worker
* scsi: aic94xx: fix an error code in aic94xx_init()
* PCI: mvebu: Fix I/O space end address calculation
* dm kcopyd: avoid softlockup in run_complete_job
* staging: comedi: ni_mio_common: fix subdevice flags for PFI subdevice
* selftests/powerpc: Kill child processes on SIGINT
* smb3: fix reset of bytes read and written stats
* SMB3: Number of requests sent should be displayed for SMB3 not just CIFS
* powerpc/pseries: Avoid using the size greater than RTAS_ERROR_LOG_MAX.
* btrfs: replace: Reset on-disk dev stats value after replace
* btrfs: relocation: Only remove reloc rb_trees if reloc control has been
  initialized
* btrfs: Don't remove block group that still has pinned down bytes
* debugobjects: Make stack check warning more informative
* x86/pae: use 64 bit atomic xchg function in native_ptep_get_and_clear
* kbuild: make missing $DEPMOD a Warning instead of an Error
* Revert "ARM: imx_v6_v7_defconfig: Select ULPI support"
* enic: do not call enic_change_mtu in enic_probe
* Fixes: Commit cdbf92675fad ("mm: numa: avoid waiting on freed migrated pages")
* genirq: Delay incrementing interrupt count if it's disabled/pending
* irqchip/gic-v3-its: Recompute the number of pages on page size change
* irqchip/gicv3-its: Fix memory leak in its_free_tables()
* irqchip/gicv3-its: Avoid cache flush beyond ITS_BASERn memory size
* irqchip/gic-v3: Add missing barrier to 32bit version of gic_read_iar()
* irqchip/gic: Make interrupt ID 1020 invalid
* ovl: rename is_merge to is_lowest
* ovl: override creds with the ones from the superblock mounter
* ovl: proper cleanup of workdir
* sch_htb: fix crash on init failure
* sch_multiq: fix double free on init failure
* sch_hhf: fix null pointer dereference on init failure
* sch_netem: avoid null pointer deref on init failure
* sch_tbf: fix two null pointer dereferences on init failure
* mei: me: allow runtime pm for platform with D0i3
* ASoC: wm8994: Fix missing break in switch
* btrfs: use correct compare function of dirty_metadata_bytes
* Linux 4.4.156

Stefan Bader (smb) on 2018-10-12
tags: added: kernel-stable-tracking-bug
Changed in linux (Ubuntu Xenial):
assignee: nobody → Stefan Bader (smb)
importance: Undecided → Medium
status: New → In Progress
Changed in linux (Ubuntu):
status: New → Invalid
Stefan Bader (smb) wrote :

Skipped "x86/speculation/l1tf: Fix up pte->pfn conversion for PAE" because we already use the proper conversion.

Skipped because we already applied it for CVE-2018-6554
* "irda: Fix memory leak caused by repeated binds of irda socket"

Skipped because we already applied it for CVE-2018-6555
* "irda: Only insert new objects into the global database via
   setsockopt"

Adjusted context for "ovl: rename is_merge to is_lowest".

Major rewrite of "ovl: override creds with the ones from the superblock mounter" because we did apply in the past "SAUCE: overlayfs: Replace ovl_prepare_creds() with ovl_override_creds()" for bug #1659417. Both are nearly identical but use different internal names. So the upstream patch got modified to convert things to the upstream layout.

Skipped "s390/lib: use expoline for all bcr instructions" because we already applied it for CVE-2017-5715.

description: updated
Changed in linux (Ubuntu Xenial):
status: In Progress → Fix Committed
Launchpad Janitor (janitor) wrote :
Download full text (21.0 KiB)

This bug was fixed in the package linux - 4.4.0-139.165

---------------
linux (4.4.0-139.165) xenial; urgency=medium

  * linux: 4.4.0-139.165 -proposed tracker (LP: #1799401)

  * Kernel panic after the ubuntu_nbd_smoke_test on Xenial kernel (LP: #1793464)
    - nbd: Remove signal usage
    - nbd: Timeouts are not user requested disconnects
    - nbd: Cleanup reset of nbd and bdev after a disconnect
    - nbd: don't shutdown sock with irq's disabled
    - nbd: fix race in ioctl

  * fscache: bad refcounting in fscache_op_complete leads to OOPS (LP: #1797314)
    - SAUCE: fscache: Fix race in decrementing refcount of op->npages

  * xenial: virtio-scsi: CPU soft lockup due to loop in
    virtscsi_target_destroy() (LP: #1798110)
    - SAUCE: (no-up) virtio-scsi: Decrement reqs counter before SCSI command
      requeue

  * Error reported when creating ZFS pool with "-t" option, despite successful
    pool creation (LP: #1769937)
    - SAUCE: (noup) Update zfs to 0.6.5.6-0ubuntu26

  * Xenial update: 4.4.160 upstream stable release (LP: #1798770)
    - crypto: skcipher - Fix -Wstringop-truncation warnings
    - tsl2550: fix lux1_input error in low light
    - vmci: type promotion bug in qp_host_get_user_memory()
    - x86/numa_emulation: Fix emulated-to-physical node mapping
    - staging: rts5208: fix missing error check on call to rtsx_write_register
    - uwb: hwa-rc: fix memory leak at probe
    - power: vexpress: fix corruption in notifier registration
    - Bluetooth: Add a new Realtek 8723DE ID 0bda:b009
    - USB: serial: kobil_sct: fix modem-status error handling
    - 6lowpan: iphc: reset mac_header after decompress to fix panic
    - md-cluster: clear another node's suspend_area after the copy is finished
    - media: exynos4-is: Prevent NULL pointer dereference in __isp_video_try_fmt()
    - powerpc/kdump: Handle crashkernel memory reservation failure
    - media: fsl-viu: fix error handling in viu_of_probe()
    - x86/tsc: Add missing header to tsc_msr.c
    - x86/entry/64: Add two more instruction suffixes
    - scsi: target/iscsi: Make iscsit_ta_authentication() respect the output
      buffer size
    - scsi: klist: Make it safe to use klists in atomic context
    - scsi: ibmvscsi: Improve strings handling
    - usb: wusbcore: security: cast sizeof to int for comparison
    - powerpc/powernv/ioda2: Reduce upper limit for DMA window size
    - alarmtimer: Prevent overflow for relative nanosleep
    - s390/extmem: fix gcc 8 stringop-overflow warning
    - ALSA: snd-aoa: add of_node_put() in error path
    - media: s3c-camif: ignore -ENOIOCTLCMD from v4l2_subdev_call for s_power
    - media: soc_camera: ov772x: correct setting of banding filter
    - media: omap3isp: zero-initialize the isp cam_xclk{a,b} initial data
    - staging: android: ashmem: Fix mmap size validation
    - drivers/tty: add error handling for pcmcia_loop_config
    - media: tm6000: add error handling for dvb_register_adapter
    - ALSA: hda: Add AZX_DCAPS_PM_RUNTIME for AMD Raven Ridge
    - ath10k: protect ath10k_htt_rx_ring_free with rx_ring.lock
    - rndis_wlan: potential buffer overflow in rndis_wlan_auth_indication()
    - wlcore: Add missing PM call fo...

Changed in linux (Ubuntu Xenial):
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers