Xenial update: 4.4.157 upstream stable release

Bug #1798539 reported by Stefan Bader on 2018-10-18
10
This bug affects 1 person
Affects Status Importance Assigned to Milestone
linux (Ubuntu)
Undecided
Unassigned
Xenial
Medium
Stefan Bader

Bug Description

SRU Justification

    Impact:
       The upstream process for stable tree updates is quite similar
       in scope to the Ubuntu SRU process, e.g., each patch has to
       demonstrably fix a bug, and each patch is vetted by upstream
       by originating either directly from a mainline/stable Linux tree or
       a minimally backported form of that patch. The following upstream
       stable patches should be included in the Ubuntu kernel:

       4.4.157 upstream stable release
       from git://git.kernel.org/

The following patches will be applied:
* i2c: xiic: Make the start and the byte count write atomic
* i2c: i801: fix DNV's SMBCTRL register offset
* ALSA: hda - Fix cancel_work_sync() stall from jackpoll work
* cfq: Give a chance for arming slice idle timer in case of group_idle
* kthread: Fix use-after-free if kthread fork fails
* kthread: fix boot hang (regression) on MIPS/OpenRISC
* staging: rt5208: Fix a sleep-in-atomic bug in xd_copy_page
* staging/rts5208: Fix read overflow in memcpy
* block,blkcg: use __GFP_NOWARN for best-effort allocations in blkcg
* locking/rwsem-xadd: Fix missed wakeup due to reordering of load
* selinux: use GFP_NOWAIT in the AVC kmem_caches
* locking/osq_lock: Fix osq_lock queue corruption
* ARC: [plat-axs*]: Enable SWAP
* misc: mic: SCIF Fix scif_get_new_port() error handling
* ethtool: Remove trailing semicolon for static inline
* gpio: tegra: Move driver registration to subsys_init level
* scsi: target: fix __transport_register_session locking
* md/raid5: fix data corruption of replacements after originals dropped
* misc: ti-st: Fix memory leak in the error path of probe()
* uio: potential double frees if __uio_register_device() fails
* tty: rocket: Fix possible buffer overwrite on register_PCI
* f2fs: do not set free of current section
* perf tools: Allow overriding MAX_NR_CPUS at compile time
* NFSv4.0 fix client reference leak in callback
* macintosh/via-pmu: Add missing mmio accessors
* ath10k: prevent active scans on potential unusable channels
* MIPS: Fix ISA virt/bus conversion for non-zero PHYS_OFFSET
* ata: libahci: Correct setting of DEVSLP register
* scsi: 3ware: fix return 0 on the error path of probe
* ath10k: disable bundle mgmt tx completion event support
* Bluetooth: hidp: Fix handling of strncpy for hid->name information
* x86/mm: Remove in_nmi() warning from vmalloc_fault()
* gpio: ml-ioh: Fix buffer underwrite on probe error path
* net: mvneta: fix mtu change on port without link
* MIPS: Octeon: add missing of_node_put()
* net: dcb: For wild-card lookups, use priority -1, not 0
* Input: atmel_mxt_ts - only use first T9 instance
* iommu/ipmmu-vmsa: Fix allocation in atomic context
* mfd: ti_am335x_tscadc: Fix struct clk memory leak
* f2fs: fix to do sanity check with {sit,nat}_ver_bitmap_bytesize
* MIPS: WARN_ON invalid DMA cache maintenance, not BUG_ON
* RDMA/cma: Do not ignore net namespace for unbound cm_id
* xhci: Fix use-after-free in xhci_free_virt_device
* vmw_balloon: include asm/io.h
* netfilter: x_tables: avoid stack-out-of-bounds read in xt_copy_counters_from_user
* drivers: net: cpsw: fix parsing of phy-handle DT property in dual_emac config
* net: ethernet: ti: cpsw: fix mdio device reference leak
* ethernet: ti: davinci_emac: add missing of_node_put after calling of_parse_phandle
* crypto: vmx - Fix sleep-in-atomic bugs
* mtd: ubi: wl: Fix error return code in ubi_wl_init()
* autofs: fix autofs_sbi() does not check super block type
* Linux 4.4.157

CVE References

Stefan Bader (smb) on 2018-10-18
tags: added: kernel-stable-tracking-bug
Changed in linux (Ubuntu):
status: New → Invalid
Changed in linux (Ubuntu Xenial):
assignee: nobody → Stefan Bader (smb)
importance: Undecided → Medium
status: New → In Progress
Stefan Bader (smb) wrote :

Minor context adjustments for "block,blkcg: use __GFP_NOWARN for best-effort allocations in blkcg" (block/blk-cgroup.c@hunk #1).

Skipped because they are already applied for bug #1787281.
* "partitions/aix: append null character to print data from disk"
* "partitions/aix: fix usage of uninitialized lv_info and lvname structures"

Applied the upstream version of "crypto: vmx - Fix sleep-in-atomic bugs" instead of the 4.4.y backport (due to changes we pulled back this applied with some fuzz which appeared to be ok).

Skipped "x86/speculation/l1tf: Increase l1tf memory limit for Nehalem+" because it already was applied for bug #1788563.

Skipped "mm: get rid of vmacache_flush_all() entirely" because it was already applied for CVE-2018-17182.

description: updated
Stefan Bader (smb) wrote :

After verifying the config updates caused by this update, I decided to also drop "Bluetooth: h5: Fix missing dependency on BT_HCIUART_SERDEV". I cannot see the conversion described in 4.4. Not even the option that is added as dependency.

description: updated
Changed in linux (Ubuntu Xenial):
status: In Progress → Fix Committed
Launchpad Janitor (janitor) wrote :
Download full text (21.0 KiB)

This bug was fixed in the package linux - 4.4.0-139.165

---------------
linux (4.4.0-139.165) xenial; urgency=medium

  * linux: 4.4.0-139.165 -proposed tracker (LP: #1799401)

  * Kernel panic after the ubuntu_nbd_smoke_test on Xenial kernel (LP: #1793464)
    - nbd: Remove signal usage
    - nbd: Timeouts are not user requested disconnects
    - nbd: Cleanup reset of nbd and bdev after a disconnect
    - nbd: don't shutdown sock with irq's disabled
    - nbd: fix race in ioctl

  * fscache: bad refcounting in fscache_op_complete leads to OOPS (LP: #1797314)
    - SAUCE: fscache: Fix race in decrementing refcount of op->npages

  * xenial: virtio-scsi: CPU soft lockup due to loop in
    virtscsi_target_destroy() (LP: #1798110)
    - SAUCE: (no-up) virtio-scsi: Decrement reqs counter before SCSI command
      requeue

  * Error reported when creating ZFS pool with "-t" option, despite successful
    pool creation (LP: #1769937)
    - SAUCE: (noup) Update zfs to 0.6.5.6-0ubuntu26

  * Xenial update: 4.4.160 upstream stable release (LP: #1798770)
    - crypto: skcipher - Fix -Wstringop-truncation warnings
    - tsl2550: fix lux1_input error in low light
    - vmci: type promotion bug in qp_host_get_user_memory()
    - x86/numa_emulation: Fix emulated-to-physical node mapping
    - staging: rts5208: fix missing error check on call to rtsx_write_register
    - uwb: hwa-rc: fix memory leak at probe
    - power: vexpress: fix corruption in notifier registration
    - Bluetooth: Add a new Realtek 8723DE ID 0bda:b009
    - USB: serial: kobil_sct: fix modem-status error handling
    - 6lowpan: iphc: reset mac_header after decompress to fix panic
    - md-cluster: clear another node's suspend_area after the copy is finished
    - media: exynos4-is: Prevent NULL pointer dereference in __isp_video_try_fmt()
    - powerpc/kdump: Handle crashkernel memory reservation failure
    - media: fsl-viu: fix error handling in viu_of_probe()
    - x86/tsc: Add missing header to tsc_msr.c
    - x86/entry/64: Add two more instruction suffixes
    - scsi: target/iscsi: Make iscsit_ta_authentication() respect the output
      buffer size
    - scsi: klist: Make it safe to use klists in atomic context
    - scsi: ibmvscsi: Improve strings handling
    - usb: wusbcore: security: cast sizeof to int for comparison
    - powerpc/powernv/ioda2: Reduce upper limit for DMA window size
    - alarmtimer: Prevent overflow for relative nanosleep
    - s390/extmem: fix gcc 8 stringop-overflow warning
    - ALSA: snd-aoa: add of_node_put() in error path
    - media: s3c-camif: ignore -ENOIOCTLCMD from v4l2_subdev_call for s_power
    - media: soc_camera: ov772x: correct setting of banding filter
    - media: omap3isp: zero-initialize the isp cam_xclk{a,b} initial data
    - staging: android: ashmem: Fix mmap size validation
    - drivers/tty: add error handling for pcmcia_loop_config
    - media: tm6000: add error handling for dvb_register_adapter
    - ALSA: hda: Add AZX_DCAPS_PM_RUNTIME for AMD Raven Ridge
    - ath10k: protect ath10k_htt_rx_ring_free with rx_ring.lock
    - rndis_wlan: potential buffer overflow in rndis_wlan_auth_indication()
    - wlcore: Add missing PM call fo...

Changed in linux (Ubuntu Xenial):
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers