Xenial update: 4.4.199 upstream stable release

Bug #1851549 reported by Connor Kuehl on 2019-11-06
This bug affects 1 person
Affects Status Importance Assigned to Milestone
linux (Ubuntu)
Connor Kuehl

Bug Description

SRU Justification

       The upstream process for stable tree updates is quite similar
       in scope to the Ubuntu SRU process, e.g., each patch has to
       demonstrably fix a bug, and each patch is vetted by upstream
       by originating either directly from a mainline/stable Linux tree or
       a minimally backported form of that patch. The following upstream
       stable patches should be included in the Ubuntu kernel:

* scsi: ufs: skip shutdown if hba is not powered
* scsi: megaraid: disable device when probe failed after enabled device
* scsi: qla2xxx: Fix unbound sleep in fcport delete path.
* ARM: OMAP2+: Fix missing reset done flag for am3 and am43
* ARM: dts: am4372: Set memory bandwidth limit for DISPC
* nl80211: fix null pointer dereference
* mips: Loongson: Fix the link time qualifier of 'serial_exit()'
* net: hisilicon: Fix usage of uninitialized variable in function mdio_sc_cfg_reg_write()
* namespace: fix namespace.pl script to support relative paths
* loop: Add LOOP_SET_DIRECT_IO to compat ioctl
* net: bcmgenet: Fix RGMII_MODE_EN value for GENET v1/2/3
* net: bcmgenet: Set phydev->dev_flags only for internal PHYs
* sctp: change sctp_prot .no_autobind with true
* net: avoid potential infinite loop in tc_ctl_action()
* ipv4: Return -ENETUNREACH if we can't create route but saddr is valid
* memfd: Fix locking when tagging pins
* USB: legousbtower: fix memleak on disconnect
* usb: udc: lpc32xx: fix bad bit shift operation
* USB: serial: ti_usb_3410_5052: fix port-close races
* USB: ldusb: fix memleak on disconnect
* USB: usblp: fix use-after-free on disconnect
* USB: ldusb: fix read info leaks
* scsi: core: try to get module before removing device
* ASoC: rsnd: Reinitialize bit clock inversion flag for every format setting
* cfg80211: wext: avoid copying malformed SSIDs
* mac80211: Reject malformed SSID elements
* drm/edid: Add 6 bpc quirk for SDC panel in Lenovo G50
* scsi: zfcp: fix reaction on bit error threshold notification
* mm/slub: fix a deadlock in show_slab_objects()
* xtensa: drop EXPORT_SYMBOL for outs*/ins*
* parisc: Fix vmap memory leak in ioremap()/iounmap()
* CIFS: avoid using MID 0xFFFF
* btrfs: block-group: Fix a memory leak due to missing btrfs_put_block_group()
* memstick: jmb38x_ms: Fix an error handling path in 'jmb38x_ms_probe()'
* cpufreq: Avoid cpufreq_suspend() deadlock on system shutdown
* xen/netback: fix error path of xenvif_connect_data()
* PCI: PM: Fix pci_power_up()
* net: sched: Fix memory exposure from short TCA_U32_SEL
* RDMA/cxgb4: Do not dma memory off of the stack
* Linux 4.4.198
* UBUNTU: upstream stable to v4.4.198
* dm snapshot: use mutex instead of rw_semaphore
* dm snapshot: introduce account_start_copy() and account_end_copy()
* dm snapshot: rework COW throttling to fix deadlock
* dm: Use kzalloc for all structs with embedded biosets/mempools
* sc16is7xx: Fix for "Unexpected interrupt: 8"
* x86/cpu: Add Atom Tremont (Jacobsville)
* scripts/setlocalversion: Improve -dirty check with git-status --no-optional-locks
* usb: handle warm-reset port requests on hub resume
* exec: load_script: Do not exec truncated interpreter path
* iio: fix center temperature of bmc150-accel-core
* perf map: Fix overlapped map handling
* RDMA/iwcm: Fix a lock inversion issue
* fs: cifs: mute -Wunused-const-variable message
* serial: mctrl_gpio: Check for NULL pointer
* efi/cper: Fix endianness of PCIe class code
* efi/x86: Do not clean dummy variable in kexec path
* fs: ocfs2: fix possible null-pointer dereferences in ocfs2_xa_prepare_entry()
* fs: ocfs2: fix a possible null-pointer dereference in ocfs2_info_scan_inode_alloc()
* MIPS: fw: sni: Fix out of bounds init of o32 stack
* NFSv4: Fix leak of clp->cl_acceptor string
* tracing: Initialize iter->seq after zeroing in tracing_read_pipe()
* USB: legousbtower: fix a signedness bug in tower_probe()
* thunderbolt: Use 32-bit writes when writing ring producer/consumer
* fuse: flush dirty data/metadata before non-truncate setattr
* fuse: truncate pending writes on O_TRUNC
* ALSA: bebob: Fix prototype of helper function to return negative value
* UAS: Revert commit 3ae62a42090f ("UAS: fix alignment of scatter/gather segments")
* USB: gadget: Reject endpoints with 0 maxpacket value
* USB: ldusb: fix ring-buffer locking
* USB: ldusb: fix control-message timeout
* USB: serial: whiteheat: fix potential slab corruption
* USB: serial: whiteheat: fix line-speed endianness
* HID: Fix assumption that devices have inputs
* HID: fix error message in hid_open_report()
* nl80211: fix validation of mesh path nexthop
* s390/cmm: fix information leak in cmm_timeout_handler()
* llc: fix sk_buff leak in llc_sap_state_process()
* llc: fix sk_buff leak in llc_conn_service()
* bonding: fix potential NULL deref in bond_update_slave_arr
* net: usb: sr9800: fix uninitialized local variable
* sch_netem: fix rcu splat in netem_enqueue()
* sctp: fix the issue that flags are ignored when using kernel_connect
* sctp: not bind the socket in sctp_connect
* xfs: Correctly invert xfs_buftarg LRU isolation logic
* Revert "ALSA: hda: Flush interrupts on disabling"
* Linux 4.4.199
* UBUNTU: upstream stable to v4.4.199

       4.4.199 upstream stable release
       from git://git.kernel.org/

CVE References

Connor Kuehl (connork) on 2019-11-06
Changed in linux (Ubuntu):
status: New → Confirmed
tags: added: kernel-stable-tracking-bug
Changed in linux (Ubuntu):
status: Confirmed → Invalid
Changed in linux (Ubuntu Xenial):
status: New → In Progress
importance: Undecided → Critical
importance: Critical → Medium
assignee: nobody → Connor Kuehl (connork)
Connor Kuehl (connork) wrote :

These patches were skipped as they have already been applied:

* ath6kl: fix a NULL-ptr-deref bug in ath6kl_usb_alloc_urb_from_pipe()
* rtlwifi: Fix potential overflow on P2P code

Connor Kuehl (connork) on 2019-11-06
description: updated
Connor Kuehl (connork) on 2019-11-14
Changed in linux (Ubuntu Xenial):
status: In Progress → Fix Committed
Launchpad Janitor (janitor) wrote :
Download full text (12.8 KiB)

This bug was fixed in the package linux - 4.4.0-170.199

linux (4.4.0-170.199) xenial; urgency=medium

  * xenial/linux: 4.4.0-170.199 -proposed tracker (LP: #1852306)

  * update ENA driver to version 2.1.0 (LP: #1850175)
    - net: ena: fix: set freed objects to NULL to avoid failing future allocations
    - net: ena: fix swapped parameters when calling
    - net: ena: fix: Free napi resources when ena_up() fails
    - net: ena: fix incorrect test of supported hash function
    - net: ena: fix return value of ena_com_config_llq_info()
    - net: ena: improve latency by disabling adaptive interrupt moderation by
    - net: ena: fix ena_com_fill_hash_function() implementation
    - net: ena: add handling of llq max tx burst size
    - net: ena: ethtool: add extra properties retrieval via get_priv_flags
    - net: ena: replace free_tx/rx_ids union with single free_ids field in
    - net: ena: arrange ena_probe() function variables in reverse christmas tree
    - net: ena: add newline at the end of pr_err prints
    - net: ena: allow automatic fallback to polling mode
    - net: ena: add support for changing max_header_size in LLQ mode
    - net: ena: optimise calculations for CQ doorbell
    - net: ena: add good checksum counter
    - net: ena: use dev_info_once instead of static variable
    - net: ena: add MAX_QUEUES_EXT get feature admin command
    - net: ena: enable negotiating larger Rx ring size
    - net: ena: make ethtool show correct current and max queue sizes
    - net: ena: allow queue allocation backoff when low on memory
    - net: ena: add ethtool function for changing io queue sizes
    - net: ena: remove inline keyword from functions in *.c
    - net: ena: update driver version from 2.0.3 to 2.1.0
    - net: ena: Fix bug where ring allocation backoff stopped too late
    - Revert "net: ena: ethtool: add extra properties retrieval via
    - net: ena: don't wake up tx queue when down
    - net: ena: clean up indentation issue

  * Bionic update: upstream stable patchset 2019-08-01 (LP: #1838700) // update
    ENA driver to version 2.1.0 (LP: #1850175)
    - net: ena: gcc 8: fix compilation warning

  * Skip frame when buffer overflow on UVC camera (LP: #1849871)
    - media: uvcvideo: Mark buffer error where overflow

  * CVE-2018-20784
    - sched/fair: Fix infinite loop in update_blocked_averages() by reverting
    - sched/fair: Fix hierarchical order in rq->leaf_cfs_rq_list
    - sched/fair: Add tmp_alone_branch assertion
    - sched/fair: Fix insertion in rq->leaf_cfs_rq_list
    - sched/fair: Optimize update_blocked_averages()
    - sched/fair: Fix O(nr_cgroups) in the load balancing path

  * Xenial update: 4.4.200 upstream stable release (LP: #1852110)
    - kbuild: add -fcf-protection=none when using retpoline flags
    - regulator: ti-abb: Fix timeout in ti_abb_wait_txdone/ti_abb_clear_all_txdone
    - regulator: pfuze100-regulator: Variable "val" in pfuze100_regulator_probe()
      could be uninitialized
    - ASoc: rockchip: i2s: Fix RPM imbalance
    - ARM: dts: logicpd-torpedo-som: Remove tw...

Changed in linux (Ubuntu Xenial):
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers