Xenial update: 4.4.178 upstream stable release

Bug #1826212 reported by Stefan Bader on 2019-04-24
10
This bug affects 1 person
Affects Status Importance Assigned to Milestone
linux (Ubuntu)
Undecided
Unassigned
Xenial
Medium
Stefan Bader

Bug Description

SRU Justification

    Impact:
       The upstream process for stable tree updates is quite similar
       in scope to the Ubuntu SRU process, e.g., each patch has to
       demonstrably fix a bug, and each patch is vetted by upstream
       by originating either directly from a mainline/stable Linux tree or
       a minimally backported form of that patch. The following upstream
       stable patches should be included in the Ubuntu kernel:

       4.4.178 upstream stable release
       from git://git.kernel.org/

The following patches will be applied:
* mmc: pxamci: fix enum type confusion
* drm/vmwgfx: Don't double-free the mode stored in par->set_mode
* udf: Fix crash on IO error during truncate
* mips: loongson64: lemote-2f: Add IRQF_NO_SUSPEND to "cascade" irqaction.
* MIPS: Fix kernel crash for R6 in jump label branch function
* futex: Ensure that futex address is aligned in handle_futex_death()
* ext4: fix NULL pointer dereference while journal is aborted
* ext4: fix data corruption caused by unaligned direct AIO
* ext4: brelse all indirect buffer in ext4_ind_remove_space()
* mmc: tmio_mmc_core: don't claim spurious interrupts
* media: v4l2-ctrls.c/uvc: zero v4l2_event
* locking/lockdep: Add debug_locks check in __lock_downgrade()
* ALSA: hda - Record the current power state before suspend/resume calls
* ALSA: hda - Enforces runtime_resume after S3 and S4 for each codec
* mmc: pwrseq_simple: Make reset-gpios optional to match doc
* mmc: debugfs: Add a restriction to mmc debugfs clock setting
* mmc: make MAN_BKOPS_EN message a debug
* mmc: sanitize 'bus width' in debug output
* mmc: core: shut up "voltage-ranges unspecified" pr_info()
* usb: dwc3: gadget: Fix suspend/resume during device mode
* arm64: mm: Add trace_irqflags annotations to do_debug_exception()
* mmc: core: fix using wrong io voltage if mmc_select_hs200 fails
* mm/rmap: replace BUG_ON(anon_vma->degree) with VM_WARN_ON
* extcon: usb-gpio: Don't miss event during suspend/resume
* kbuild: setlocalversion: print error to STDERR
* usb: gadget: composite: fix dereference after null check coverify warning
* usb: gadget: Add the gserial port checking in gs_start_tx()
* tcp/dccp: drop SYN packets if accept queue is full
* serial: sprd: adjust TIMEOUT to a big value
* Hang/soft lockup in d_invalidate with simultaneous calls
* arm64: traps: disable irq in die()
* usb: renesas_usbhs: gadget: fix unused-but-set-variable warning
* serial: sprd: clear timeout interrupt only rather than all interrupts
* lib/int_sqrt: optimize small argument
* USB: core: only clean up what we allocated
* rtc: Fix overflow when converting time64_t to rtc_time
* ath10k: avoid possible string overflow
* mmc: block: Allow more than 8 partitions per card
* arm64: fix COMPAT_SHMLBA definition for large pages
* efi: stub: define DISABLE_BRANCH_PROFILING for all architectures
* ARM: 8458/1: bL_switcher: add GIC dependency
* ARM: 8494/1: mm: Enable PXN when running non-LPAE kernel on LPAE processor
* android: unconditionally remove callbacks in sync_fence_free()
* vmstat: make vmstat_updater deferrable again and shut down on idle
* hid-sensor-hub.c: fix wrong do_div() usage
* arm64: hide __efistub_ aliases from kallsyms
* perf: Synchronously free aux pages in case of allocation failure
* net: diag: support v4mapped sockets in inet_diag_find_one_icsk()
* Revert "mmc: block: don't use parameter prefix if built as module"
* writeback: initialize inode members that track writeback history
* coresight: fixing lockdep error
* coresight: coresight_unregister() function cleanup
* coresight: release reference taken by 'bus_find_device()'
* coresight: remove csdev's link from topology
* stm class: Fix locking in unbinding policy path
* stm class: Fix link list locking
* stm class: Prevent user-controllable allocations
* stm class: Support devices with multiple instances
* stm class: Fix unlocking braino in the error path
* stm class: Guard output assignment against concurrency
* stm class: Fix unbalanced module/device refcounting
* stm class: Fix a race in unlinking
* coresight: "DEVICE_ATTR_RO" should defined as static.
* coresight: etm4x: Check every parameter used by dma_xx_coherent.
* asm-generic: Fix local variable shadow in __set_fixmap_offset
* staging: ashmem: Avoid deadlock with mmap/shrink
* staging: ashmem: Add missing include
* staging: ion: Set minimum carveout heap allocation order to PAGE_SHIFT
* staging: goldfish: audio: fix compiliation on arm
* ARM: 8510/1: rework ARM_CPU_SUSPEND dependencies
* arm64/kernel: fix incorrect EL0 check in inv_entry macro
* mac80211: fix "warning: ‘target_metric’ may be used uninitialized"
* perf/ring_buffer: Refuse to begin AUX transaction after rb->aux_mmap_count drops
* arm64: kernel: Include _AC definition in page.h
* PM / Hibernate: Call flush_icache_range() on pages restored in-place
* stm class: Do not leak the chrdev in error path
* stm class: Fix stm device initialization order
* ipv6: fix endianness error in icmpv6_err
* usb: gadget: configfs: add mutex lock before unregister gadget
* usb: gadget: rndis: free response queue during REMOTE_NDIS_RESET_MSG
* cpu/hotplug: Handle unbalanced hotplug enable/disable
* video: fbdev: Set pixclock = 0 in goldfishfb
* arm64: kconfig: drop CONFIG_RTC_LIB dependency
* mmc: mmc: fix switch timeout issue caused by jiffies precision
* cfg80211: size various nl80211 messages correctly
* stmmac: copy unicast mac address to MAC registers
* dccp: do not use ipv6 header for ipv4 flow
* mISDN: hfcpci: Test both vendor & device ID for Digium HFC4S
* net/packet: Set __GFP_NOWARN upon allocation in alloc_pg_vec
* net: rose: fix a possible stack overflow
* Add hlist_add_tail_rcu() (Merge git://git.kernel.org/pub/scm/linux/kernel
  /git/davem/net)
* packets: Always register packet sk in the same order
* tcp: do not use ipv6 header for ipv4 flow
* vxlan: Don't call gro_cells_destroy() before device is unregistered
* sctp: get sctphdr by offset in sctp_compute_cksum
* mac8390: Fix mmio access size probe
* btrfs: remove WARN_ON in log_dir_items
* ARM: imx6q: cpuidle: fix bug that CPU might not wake up at expected time
* ALSA: compress: add support for 32bit calls in a 64bit kernel
* ALSA: pcm: Fix possible OOB access in PCM oss plugins
* ALSA: pcm: Don't suspend stream in unrecoverable PCM state
* scsi: sd: Fix a race between closing an sd device and sd I/O
* scsi: zfcp: fix rport unblock if deleted SCSI devices on Scsi_Host
* scsi: zfcp: fix scsi_eh host reset with port_forced ERP for non-NPIV FCP devices
* tty: atmel_serial: fix a potential NULL pointer dereference
* staging: vt6655: Remove vif check from vnt_interrupt
* staging: vt6655: Fix interrupt race condition on device start up.
* serial: max310x: Fix to avoid potential NULL pointer dereference
* serial: sh-sci: Fix setting SCSCR_TIE while transferring data
* USB: serial: cp210x: add new device id
* USB: serial: ftdi_sio: add additional NovaTech products
* USB: serial: mos7720: fix mos_parport refcount imbalance on error path
* USB: serial: option: set driver_info for SIM5218 and compatibles
* USB: serial: option: add Olicard 600
* Disable kgdboc failed by echo space to /sys/module/kgdboc/parameters/kgdboc
* fs/proc/proc_sysctl.c: fix NULL pointer dereference in put_links
* gpio: adnp: Fix testing wrong value in adnp_gpio_direction_input
* perf intel-pt: Fix TSC slip
* x86/smp: Enforce CONFIG_HOTPLUG_CPU when SMP=y
* KVM: Reject device ioctls from processes other than the VM's creator
* xhci: Fix port resume done detection for SS ports with LPM enabled
* Revert "USB: core: only clean up what we allocated"
* arm64: support keyctl() system call in 32-bit mode
* coresight: removing bind/unbind options from sysfs
* stm class: Hide STM-specific options if STM is disabled
* Linux 4.4.178

CVE References

Stefan Bader (smb) on 2019-04-24
Changed in linux (Ubuntu):
status: New → Confirmed
tags: added: kernel-stable-tracking-bug
Changed in linux (Ubuntu Xenial):
assignee: nobody → Stefan Bader (smb)
importance: Undecided → Medium
status: New → Confirmed
Changed in linux (Ubuntu):
status: Confirmed → Invalid
Stefan Bader (smb) wrote :

Skipped "Bluetooth: Check L2CAP option sizes returned from l2cap_get_conf_opt" since it is already applied for CVE-2019-3460.
Skipped "Bluetooth: Verify that l2cap_get_conf_opt provides large enough buffer" since it is already applied for CVE-2019-3459.
Skipped "sched/fair: Fix new task's load avg removed from source CPU in wake_up_new_task()" since it is already applied for bug #1643797.
Skipped "btrfs: raid56: properly unmap parity page in finish_parity_scrub()" since it is already applied for bug #1812845.

Skipped several patches for CVE-2017-5753 (already applied):
* "ALSA: rawmidi: Fix potential Spectre v1 vulnerability"
* "ALSA: seq: oss: Fix Spectre v1 vulnerability"

Stefan Bader (smb) on 2019-04-24
description: updated
Changed in linux (Ubuntu Xenial):
status: Confirmed → Fix Committed
Launchpad Janitor (janitor) wrote :
Download full text (19.2 KiB)

This bug was fixed in the package linux - 4.4.0-150.176

---------------
linux (4.4.0-150.176) xenial; urgency=medium

  * linux: 4.4.0-150.176 -proposed tracker (LP: #1830941)

  * glibc 2.23-0ubuntu11 ADT test failure with linux 4.4.0-149.175
    (LP: #1830890)
    - x86/vdso: Pass --eh-frame-hdr to the linker

linux (4.4.0-149.175) xenial; urgency=medium

  * linux: 4.4.0-149.175 -proposed tracker (LP: #1829209)

  * disable a.out support (LP: #1818552)
    - [Config] Disable a.out support

  * autopkgtests run too often, too much and don't skip enough (LP: #1823056)
    - [Debian] Set +x on rebuild testcase.
    - [Debian] Skip rebuild test, for regression-suite deps.
    - [Debian] Make ubuntu-regression-suite skippable on unbootable kernels.
    - [Debian] make rebuild use skippable error codes when skipping.
    - [Debian] Only run regression-suite, if requested to.

  * Xenial update: 4.4.179 upstream stable release (LP: #1828420)
    - arm64: debug: Don't propagate UNKNOWN FAR into si_code for debug signals
    - arm64: debug: Ensure debug handlers check triggering exception level
    - ext4: cleanup bh release code in ext4_ind_remove_space()
    - lib/int_sqrt: optimize initial value compute
    - tty/serial: atmel: Add is_half_duplex helper
    - mm: mempolicy: make mbind() return -EIO when MPOL_MF_STRICT is specified
    - i2c: core-smbus: prevent stack corruption on read I2C_BLOCK_DATA
    - Bluetooth: Fix decrementing reference count twice in releasing socket
    - tty/serial: atmel: RS485 HD w/DMA: enable RX after TX is stopped
    - CIFS: fix POSIX lock leak and invalid ptr deref
    - h8300: use cc-cross-prefix instead of hardcoding h8300-unknown-linux-
    - tracing: kdb: Fix ftdump to not sleep
    - gpio: gpio-omap: fix level interrupt idling
    - sysctl: handle overflow for file-max
    - enic: fix build warning without CONFIG_CPUMASK_OFFSTACK
    - mm/cma.c: cma_declare_contiguous: correct err handling
    - mm/page_ext.c: fix an imbalance with kmemleak
    - mm/vmalloc.c: fix kernel BUG at mm/vmalloc.c:512!
    - mm/slab.c: kmemleak no scan alien caches
    - ocfs2: fix a panic problem caused by o2cb_ctl
    - f2fs: do not use mutex lock in atomic context
    - fs/file.c: initialize init_files.resize_wait
    - cifs: use correct format characters
    - dm thin: add sanity checks to thin-pool and external snapshot creation
    - cifs: Fix NULL pointer dereference of devname
    - fs: fix guard_bio_eod to check for real EOD errors
    - tools lib traceevent: Fix buffer overflow in arg_eval
    - usb: chipidea: Grab the (legacy) USB PHY by phandle first
    - scsi: core: replace GFP_ATOMIC with GFP_KERNEL in scsi_scan.c
    - coresight: etm4x: Add support to enable ETMv4.2
    - ARM: 8840/1: use a raw_spinlock_t in unwind
    - mmc: omap: fix the maximum timeout setting
    - e1000e: Fix -Wformat-truncation warnings
    - IB/mlx4: Increase the timeout for CM cache
    - scsi: megaraid_sas: return error when create DMA pool failed
    - perf test: Fix failure of 'evsel-tp-sched' test on s390
    - SoC: imx-sgtl5000: add missing put_device()
    - media: sh_veu: Correct return type for mem2mem buffer helpers
    - media: s5...

Changed in linux (Ubuntu Xenial):
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers