Xenial update: 4.4.156 upstream stable release

Bug #1797563 reported by Stefan Bader on 2018-10-12
This bug affects 1 person
Affects Status Importance Assigned to Milestone
linux (Ubuntu)
Stefan Bader

Bug Description

SRU Justification

       The upstream process for stable tree updates is quite similar
       in scope to the Ubuntu SRU process, e.g., each patch has to
       demonstrably fix a bug, and each patch is vetted by upstream
       by originating either directly from a mainline/stable Linux tree or
       a minimally backported form of that patch. The following upstream
       stable patches should be included in the Ubuntu kernel:

       4.4.156 upstream stable release
       from git://git.kernel.org/

The following patches will be applied:
* staging: android: ion: fix ION_IOC_{MAP,SHARE} use-after-free
* net: bcmgenet: use MAC link status for fixed phy
* qlge: Fix netdev features configuration.
* tcp: do not restart timewait timer on rst reception
* vti6: remove !skb->ignore_df check from vti6_xmit()
* cifs: check if SMB2 PDU size has been padded and suppress the warning
* hfsplus: don't return 0 when fill_super() failed
* hfs: prevent crash on exit from failed search
* fork: don't copy inconsistent signal handler state to child
* reiserfs: change j_timestamp type to time64_t
* hfsplus: fix NULL dereference in hfsplus_lookup()
* fat: validate ->i_start before using
* scripts: modpost: check memory allocation results
* mm/fadvise.c: fix signed overflow UBSAN complaint
* fs/dcache.c: fix kmemcheck splat at take_dentry_name_snapshot()
* ipvs: fix race between ip_vs_conn_new() and ip_vs_del_dest()
* mfd: sm501: Set coherent_dma_mask when creating subdevices
* platform/x86: asus-nb-wmi: Add keymap entry for lid flip action on UX360
* irqchip/bcm7038-l1: Hide cpu offline callback when building for !SMP
* net/9p: fix error path of p9_virtio_probe
* powerpc: Fix size calculation using resource_size()
* s390/dasd: fix hanging offline processing due to canceled worker
* scsi: aic94xx: fix an error code in aic94xx_init()
* PCI: mvebu: Fix I/O space end address calculation
* dm kcopyd: avoid softlockup in run_complete_job
* staging: comedi: ni_mio_common: fix subdevice flags for PFI subdevice
* selftests/powerpc: Kill child processes on SIGINT
* smb3: fix reset of bytes read and written stats
* SMB3: Number of requests sent should be displayed for SMB3 not just CIFS
* powerpc/pseries: Avoid using the size greater than RTAS_ERROR_LOG_MAX.
* btrfs: replace: Reset on-disk dev stats value after replace
* btrfs: relocation: Only remove reloc rb_trees if reloc control has been
* btrfs: Don't remove block group that still has pinned down bytes
* debugobjects: Make stack check warning more informative
* x86/pae: use 64 bit atomic xchg function in native_ptep_get_and_clear
* kbuild: make missing $DEPMOD a Warning instead of an Error
* Revert "ARM: imx_v6_v7_defconfig: Select ULPI support"
* enic: do not call enic_change_mtu in enic_probe
* Fixes: Commit cdbf92675fad ("mm: numa: avoid waiting on freed migrated pages")
* genirq: Delay incrementing interrupt count if it's disabled/pending
* irqchip/gic-v3-its: Recompute the number of pages on page size change
* irqchip/gicv3-its: Fix memory leak in its_free_tables()
* irqchip/gicv3-its: Avoid cache flush beyond ITS_BASERn memory size
* irqchip/gic-v3: Add missing barrier to 32bit version of gic_read_iar()
* irqchip/gic: Make interrupt ID 1020 invalid
* ovl: rename is_merge to is_lowest
* ovl: override creds with the ones from the superblock mounter
* ovl: proper cleanup of workdir
* sch_htb: fix crash on init failure
* sch_multiq: fix double free on init failure
* sch_hhf: fix null pointer dereference on init failure
* sch_netem: avoid null pointer deref on init failure
* sch_tbf: fix two null pointer dereferences on init failure
* mei: me: allow runtime pm for platform with D0i3
* ASoC: wm8994: Fix missing break in switch
* btrfs: use correct compare function of dirty_metadata_bytes
* Linux 4.4.156

Stefan Bader (smb) on 2018-10-12
tags: added: kernel-stable-tracking-bug
Changed in linux (Ubuntu Xenial):
assignee: nobody → Stefan Bader (smb)
importance: Undecided → Medium
status: New → In Progress
Changed in linux (Ubuntu):
status: New → Invalid
Stefan Bader (smb) wrote :

Skipped "x86/speculation/l1tf: Fix up pte->pfn conversion for PAE" because we already use the proper conversion.

Skipped because we already applied it for CVE-2018-6554
* "irda: Fix memory leak caused by repeated binds of irda socket"

Skipped because we already applied it for CVE-2018-6555
* "irda: Only insert new objects into the global database via

Adjusted context for "ovl: rename is_merge to is_lowest".

Major rewrite of "ovl: override creds with the ones from the superblock mounter" because we did apply in the past "SAUCE: overlayfs: Replace ovl_prepare_creds() with ovl_override_creds()" for bug #1659417. Both are nearly identical but use different internal names. So the upstream patch got modified to convert things to the upstream layout.

Skipped "s390/lib: use expoline for all bcr instructions" because we already applied it for CVE-2017-5715.

description: updated
Changed in linux (Ubuntu Xenial):
status: In Progress → Fix Committed
Launchpad Janitor (janitor) wrote :
Download full text (21.0 KiB)

This bug was fixed in the package linux - 4.4.0-139.165

linux (4.4.0-139.165) xenial; urgency=medium

  * linux: 4.4.0-139.165 -proposed tracker (LP: #1799401)

  * Kernel panic after the ubuntu_nbd_smoke_test on Xenial kernel (LP: #1793464)
    - nbd: Remove signal usage
    - nbd: Timeouts are not user requested disconnects
    - nbd: Cleanup reset of nbd and bdev after a disconnect
    - nbd: don't shutdown sock with irq's disabled
    - nbd: fix race in ioctl

  * fscache: bad refcounting in fscache_op_complete leads to OOPS (LP: #1797314)
    - SAUCE: fscache: Fix race in decrementing refcount of op->npages

  * xenial: virtio-scsi: CPU soft lockup due to loop in
    virtscsi_target_destroy() (LP: #1798110)
    - SAUCE: (no-up) virtio-scsi: Decrement reqs counter before SCSI command

  * Error reported when creating ZFS pool with "-t" option, despite successful
    pool creation (LP: #1769937)
    - SAUCE: (noup) Update zfs to

  * Xenial update: 4.4.160 upstream stable release (LP: #1798770)
    - crypto: skcipher - Fix -Wstringop-truncation warnings
    - tsl2550: fix lux1_input error in low light
    - vmci: type promotion bug in qp_host_get_user_memory()
    - x86/numa_emulation: Fix emulated-to-physical node mapping
    - staging: rts5208: fix missing error check on call to rtsx_write_register
    - uwb: hwa-rc: fix memory leak at probe
    - power: vexpress: fix corruption in notifier registration
    - Bluetooth: Add a new Realtek 8723DE ID 0bda:b009
    - USB: serial: kobil_sct: fix modem-status error handling
    - 6lowpan: iphc: reset mac_header after decompress to fix panic
    - md-cluster: clear another node's suspend_area after the copy is finished
    - media: exynos4-is: Prevent NULL pointer dereference in __isp_video_try_fmt()
    - powerpc/kdump: Handle crashkernel memory reservation failure
    - media: fsl-viu: fix error handling in viu_of_probe()
    - x86/tsc: Add missing header to tsc_msr.c
    - x86/entry/64: Add two more instruction suffixes
    - scsi: target/iscsi: Make iscsit_ta_authentication() respect the output
      buffer size
    - scsi: klist: Make it safe to use klists in atomic context
    - scsi: ibmvscsi: Improve strings handling
    - usb: wusbcore: security: cast sizeof to int for comparison
    - powerpc/powernv/ioda2: Reduce upper limit for DMA window size
    - alarmtimer: Prevent overflow for relative nanosleep
    - s390/extmem: fix gcc 8 stringop-overflow warning
    - ALSA: snd-aoa: add of_node_put() in error path
    - media: s3c-camif: ignore -ENOIOCTLCMD from v4l2_subdev_call for s_power
    - media: soc_camera: ov772x: correct setting of banding filter
    - media: omap3isp: zero-initialize the isp cam_xclk{a,b} initial data
    - staging: android: ashmem: Fix mmap size validation
    - drivers/tty: add error handling for pcmcia_loop_config
    - media: tm6000: add error handling for dvb_register_adapter
    - ALSA: hda: Add AZX_DCAPS_PM_RUNTIME for AMD Raven Ridge
    - ath10k: protect ath10k_htt_rx_ring_free with rx_ring.lock
    - rndis_wlan: potential buffer overflow in rndis_wlan_auth_indication()
    - wlcore: Add missing PM call fo...

Changed in linux (Ubuntu Xenial):
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers