Xenial update: 4.4.157 upstream stable release

Bug #1798539 reported by Stefan Bader
This bug affects 1 person
Affects Status Importance Assigned to Milestone
linux (Ubuntu)
Fix Released
Stefan Bader

Bug Description

SRU Justification

       The upstream process for stable tree updates is quite similar
       in scope to the Ubuntu SRU process, e.g., each patch has to
       demonstrably fix a bug, and each patch is vetted by upstream
       by originating either directly from a mainline/stable Linux tree or
       a minimally backported form of that patch. The following upstream
       stable patches should be included in the Ubuntu kernel:

       4.4.157 upstream stable release
       from git://git.kernel.org/

The following patches will be applied:
* i2c: xiic: Make the start and the byte count write atomic
* i2c: i801: fix DNV's SMBCTRL register offset
* ALSA: hda - Fix cancel_work_sync() stall from jackpoll work
* cfq: Give a chance for arming slice idle timer in case of group_idle
* kthread: Fix use-after-free if kthread fork fails
* kthread: fix boot hang (regression) on MIPS/OpenRISC
* staging: rt5208: Fix a sleep-in-atomic bug in xd_copy_page
* staging/rts5208: Fix read overflow in memcpy
* block,blkcg: use __GFP_NOWARN for best-effort allocations in blkcg
* locking/rwsem-xadd: Fix missed wakeup due to reordering of load
* selinux: use GFP_NOWAIT in the AVC kmem_caches
* locking/osq_lock: Fix osq_lock queue corruption
* ARC: [plat-axs*]: Enable SWAP
* misc: mic: SCIF Fix scif_get_new_port() error handling
* ethtool: Remove trailing semicolon for static inline
* gpio: tegra: Move driver registration to subsys_init level
* scsi: target: fix __transport_register_session locking
* md/raid5: fix data corruption of replacements after originals dropped
* misc: ti-st: Fix memory leak in the error path of probe()
* uio: potential double frees if __uio_register_device() fails
* tty: rocket: Fix possible buffer overwrite on register_PCI
* f2fs: do not set free of current section
* perf tools: Allow overriding MAX_NR_CPUS at compile time
* NFSv4.0 fix client reference leak in callback
* macintosh/via-pmu: Add missing mmio accessors
* ath10k: prevent active scans on potential unusable channels
* MIPS: Fix ISA virt/bus conversion for non-zero PHYS_OFFSET
* ata: libahci: Correct setting of DEVSLP register
* scsi: 3ware: fix return 0 on the error path of probe
* ath10k: disable bundle mgmt tx completion event support
* Bluetooth: hidp: Fix handling of strncpy for hid->name information
* x86/mm: Remove in_nmi() warning from vmalloc_fault()
* gpio: ml-ioh: Fix buffer underwrite on probe error path
* net: mvneta: fix mtu change on port without link
* MIPS: Octeon: add missing of_node_put()
* net: dcb: For wild-card lookups, use priority -1, not 0
* Input: atmel_mxt_ts - only use first T9 instance
* iommu/ipmmu-vmsa: Fix allocation in atomic context
* mfd: ti_am335x_tscadc: Fix struct clk memory leak
* f2fs: fix to do sanity check with {sit,nat}_ver_bitmap_bytesize
* MIPS: WARN_ON invalid DMA cache maintenance, not BUG_ON
* RDMA/cma: Do not ignore net namespace for unbound cm_id
* xhci: Fix use-after-free in xhci_free_virt_device
* vmw_balloon: include asm/io.h
* netfilter: x_tables: avoid stack-out-of-bounds read in xt_copy_counters_from_user
* drivers: net: cpsw: fix parsing of phy-handle DT property in dual_emac config
* net: ethernet: ti: cpsw: fix mdio device reference leak
* ethernet: ti: davinci_emac: add missing of_node_put after calling of_parse_phandle
* crypto: vmx - Fix sleep-in-atomic bugs
* mtd: ubi: wl: Fix error return code in ubi_wl_init()
* autofs: fix autofs_sbi() does not check super block type
* Linux 4.4.157

CVE References

Stefan Bader (smb)
tags: added: kernel-stable-tracking-bug
Changed in linux (Ubuntu):
status: New → Invalid
Changed in linux (Ubuntu Xenial):
assignee: nobody → Stefan Bader (smb)
importance: Undecided → Medium
status: New → In Progress
Revision history for this message
Stefan Bader (smb) wrote :

Minor context adjustments for "block,blkcg: use __GFP_NOWARN for best-effort allocations in blkcg" (block/blk-cgroup.c@hunk #1).

Skipped because they are already applied for bug #1787281.
* "partitions/aix: append null character to print data from disk"
* "partitions/aix: fix usage of uninitialized lv_info and lvname structures"

Applied the upstream version of "crypto: vmx - Fix sleep-in-atomic bugs" instead of the 4.4.y backport (due to changes we pulled back this applied with some fuzz which appeared to be ok).

Skipped "x86/speculation/l1tf: Increase l1tf memory limit for Nehalem+" because it already was applied for bug #1788563.

Skipped "mm: get rid of vmacache_flush_all() entirely" because it was already applied for CVE-2018-17182.

description: updated
Revision history for this message
Stefan Bader (smb) wrote :

After verifying the config updates caused by this update, I decided to also drop "Bluetooth: h5: Fix missing dependency on BT_HCIUART_SERDEV". I cannot see the conversion described in 4.4. Not even the option that is added as dependency.

description: updated
Changed in linux (Ubuntu Xenial):
status: In Progress → Fix Committed
Revision history for this message
Launchpad Janitor (janitor) wrote :
Download full text (21.0 KiB)

This bug was fixed in the package linux - 4.4.0-139.165

linux (4.4.0-139.165) xenial; urgency=medium

  * linux: 4.4.0-139.165 -proposed tracker (LP: #1799401)

  * Kernel panic after the ubuntu_nbd_smoke_test on Xenial kernel (LP: #1793464)
    - nbd: Remove signal usage
    - nbd: Timeouts are not user requested disconnects
    - nbd: Cleanup reset of nbd and bdev after a disconnect
    - nbd: don't shutdown sock with irq's disabled
    - nbd: fix race in ioctl

  * fscache: bad refcounting in fscache_op_complete leads to OOPS (LP: #1797314)
    - SAUCE: fscache: Fix race in decrementing refcount of op->npages

  * xenial: virtio-scsi: CPU soft lockup due to loop in
    virtscsi_target_destroy() (LP: #1798110)
    - SAUCE: (no-up) virtio-scsi: Decrement reqs counter before SCSI command

  * Error reported when creating ZFS pool with "-t" option, despite successful
    pool creation (LP: #1769937)
    - SAUCE: (noup) Update zfs to

  * Xenial update: 4.4.160 upstream stable release (LP: #1798770)
    - crypto: skcipher - Fix -Wstringop-truncation warnings
    - tsl2550: fix lux1_input error in low light
    - vmci: type promotion bug in qp_host_get_user_memory()
    - x86/numa_emulation: Fix emulated-to-physical node mapping
    - staging: rts5208: fix missing error check on call to rtsx_write_register
    - uwb: hwa-rc: fix memory leak at probe
    - power: vexpress: fix corruption in notifier registration
    - Bluetooth: Add a new Realtek 8723DE ID 0bda:b009
    - USB: serial: kobil_sct: fix modem-status error handling
    - 6lowpan: iphc: reset mac_header after decompress to fix panic
    - md-cluster: clear another node's suspend_area after the copy is finished
    - media: exynos4-is: Prevent NULL pointer dereference in __isp_video_try_fmt()
    - powerpc/kdump: Handle crashkernel memory reservation failure
    - media: fsl-viu: fix error handling in viu_of_probe()
    - x86/tsc: Add missing header to tsc_msr.c
    - x86/entry/64: Add two more instruction suffixes
    - scsi: target/iscsi: Make iscsit_ta_authentication() respect the output
      buffer size
    - scsi: klist: Make it safe to use klists in atomic context
    - scsi: ibmvscsi: Improve strings handling
    - usb: wusbcore: security: cast sizeof to int for comparison
    - powerpc/powernv/ioda2: Reduce upper limit for DMA window size
    - alarmtimer: Prevent overflow for relative nanosleep
    - s390/extmem: fix gcc 8 stringop-overflow warning
    - ALSA: snd-aoa: add of_node_put() in error path
    - media: s3c-camif: ignore -ENOIOCTLCMD from v4l2_subdev_call for s_power
    - media: soc_camera: ov772x: correct setting of banding filter
    - media: omap3isp: zero-initialize the isp cam_xclk{a,b} initial data
    - staging: android: ashmem: Fix mmap size validation
    - drivers/tty: add error handling for pcmcia_loop_config
    - media: tm6000: add error handling for dvb_register_adapter
    - ALSA: hda: Add AZX_DCAPS_PM_RUNTIME for AMD Raven Ridge
    - ath10k: protect ath10k_htt_rx_ring_free with rx_ring.lock
    - rndis_wlan: potential buffer overflow in rndis_wlan_auth_indication()
    - wlcore: Add missing PM call fo...

Changed in linux (Ubuntu Xenial):
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers