Xenial update: 4.4.203 upstream stable release

Bug #1853881 reported by Connor Kuehl on 2019-11-25
10
This bug affects 1 person
Affects Status Importance Assigned to Milestone
linux (Ubuntu)
Undecided
Unassigned
Xenial
Medium
Connor Kuehl

Bug Description

SRU Justification

    Impact:
       The upstream process for stable tree updates is quite similar
       in scope to the Ubuntu SRU process, e.g., each patch has to
       demonstrably fix a bug, and each patch is vetted by upstream
       by originating either directly from a mainline/stable Linux tree or
       a minimally backported form of that patch. The following upstream
       stable patches should be included in the Ubuntu kernel:

* slip: Fix memory leak in slip_open error path
* ax88172a: fix information leak on short answers
* ALSA: usb-audio: Fix missing error check at mixer resolution test
* ALSA: usb-audio: not submit urb for stopped endpoint
* Input: ff-memless - kill timer in destroy()
* ecryptfs_lookup_interpose(): lower_dentry->d_inode is not stable
* ecryptfs_lookup_interpose(): lower_dentry->d_parent is not stable either
* iommu/vt-d: Fix QI_DEV_IOTLB_PFSID and QI_DEV_EIOTLB_PFSID macros
* mm: memcg: switch to css_tryget() in get_mem_cgroup_from_mm()
* mm: hugetlb: switch to css_tryget() in hugetlb_cgroup_charge_cgroup()
* mmc: sdhci-of-at91: fix quirk2 overwrite
* iio: dac: mcp4922: fix error handling in mcp4922_write_raw
* ALSA: pcm: signedness bug in snd_pcm_plug_alloc()
* ARM: dts: at91/trivial: Fix USART1 definition for at91sam9g45
* ALSA: seq: Do error checks at creating system ports
* gfs2: Don't set GFS2_RDF_UPTODATE when the lvb is updated
* ASoC: dpcm: Properly initialise hw->rate_max
* MIPS: BCM47XX: Enable USB power on Netgear WNDR3400v3
* ARM: dts: exynos: Fix sound in Snow-rev5 Chromebook
* i40e: use correct length for strncpy
* i40e: hold the rtnl lock on clearing interrupt scheme
* i40e: Prevent deleting MAC address from VF when set by PF
* ARM: dts: pxa: fix power i2c base address
* rtl8187: Fix warning generated when strncpy() destination length matches the sixe argument
* net: lan78xx: Bail out if lan78xx_get_endpoints fails
* ASoC: sgtl5000: avoid division by zero if lo_vag is zero
* ath10k: wmi: disable softirq's while calling ieee80211_rx
* mips: txx9: fix iounmap related issue
* of: make PowerMac cache node search conditional on CONFIG_PPC_PMAC
* ARM: dts: omap3-gta04: give spi_lcd node a label so that we can overwrite in other DTS files
* ARM: dts: omap3-gta04: tvout: enable as display1 alias
* ARM: dts: omap3-gta04: make NAND partitions compatible with recent U-Boot
* ARM: dts: omap3-gta04: keep vpll2 always on
* dmaengine: dma-jz4780: Further residue status fix
* signal: Always ignore SIGKILL and SIGSTOP sent to the global init
* signal: Properly deliver SIGILL from uprobes
* signal: Properly deliver SIGSEGV from x86 uprobes
* scsi: sym53c8xx: fix NULL pointer dereference panic in sym_int_sir()
* ARM: imx6: register pm_power_off handler if "fsl,pmic-stby-poweroff" is set
* scsi: pm80xx: Corrected dma_unmap_sg() parameter
* scsi: pm80xx: Fixed system hang issue during kexec boot
* kprobes: Don't call BUG_ON() if there is a kprobe in use on free list
* nvmem: core: return error code instead of NULL from nvmem_device_get
* media: fix: media: pci: meye: validate offset to avoid arbitrary access
* ALSA: intel8x0m: Register irq handler after register initializations
* pinctrl: at91-pio4: fix has_config check in atmel_pctl_dt_subnode_to_map()
* llc: avoid blocking in llc_sap_close()
* powerpc/vdso: Correct call frame information
* ARM: dts: socfpga: Fix I2C bus unit-address error
* pinctrl: at91: don't use the same irqchip with multiple gpiochips
* cxgb4: Fix endianness issue in t4_fwcache()
* power: supply: ab8500_fg: silence uninitialized variable warnings
* power: supply: max8998-charger: Fix platform data retrieval
* kernfs: Fix range checks in kernfs_get_target_path
* s390/qeth: invoke softirqs after napi_schedule()
* PCI/ACPI: Correct error message for ASPM disabling
* serial: mxs-auart: Fix potential infinite loop
* powerpc/iommu: Avoid derefence before pointer check
* powerpc/64s/hash: Fix stab_rr off by one initialization
* powerpc/pseries: Disable CPU hotplug across migrations
* libfdt: Ensure INT_MAX is defined in libfdt_env.h
* power: supply: twl4030_charger: fix charging current out-of-bounds
* power: supply: twl4030_charger: disable eoc interrupt on linear charge
* net: toshiba: fix return type of ndo_start_xmit function
* net: xilinx: fix return type of ndo_start_xmit function
* net: broadcom: fix return type of ndo_start_xmit function
* net: amd: fix return type of ndo_start_xmit function
* usb: chipidea: Fix otg event handler
* ARM: dts: am335x-evm: fix number of cpsw
* ARM: dts: ux500: Correct SCU unit address
* ARM: dts: ux500: Fix LCDA clock line muxing
* ARM: dts: ste: Fix SPI controller node names
* cpufeature: avoid warning when compiling with clang
* bnx2x: Ignore bandwidth attention in single function mode
* net: micrel: fix return type of ndo_start_xmit function
* x86/CPU: Use correct macros for Cyrix calls
* MIPS: kexec: Relax memory restriction
* media: pci: ivtv: Fix a sleep-in-atomic-context bug in ivtv_yuv_init()
* media: davinci: Fix implicit enum conversion warning
* usb: gadget: uvc: configfs: Drop leaked references to config items
* usb: gadget: uvc: configfs: Prevent format changes after linking header
* usb: gadget: uvc: Factor out video USB request queueing
* usb: gadget: uvc: Only halt video streaming endpoint in bulk mode
* misc: kgdbts: Fix restrict error
* misc: genwqe: should return proper error value.
* vfio/pci: Fix potential memory leak in vfio_msi_cap_len
* scsi: libsas: always unregister the old device if going to discover new
* ARM: dts: tegra30: fix xcvr-setup-use-fuses
* ARM: tegra: apalis_t30: fix mmc1 cmd pull-up
* net: smsc: fix return type of ndo_start_xmit function
* EDAC: Raise the maximum number of memory controllers
* Bluetooth: L2CAP: Detect if remote is not able to use the whole MPS
* arm64: dts: amd: Fix SPI bus warnings
* fuse: use READ_ONCE on congestion_threshold and max_background
* Bluetooth: hci_ldisc: Fix null pointer derefence in case of early data
* Bluetooth: hci_ldisc: Postpone HCI_UART_PROTO_READY bit set in hci_uart_set_proto()
* memfd: Use radix_tree_deref_slot_protected to avoid the warning.
* slcan: Fix memory leak in error path
* net: cdc_ncm: Signedness bug in cdc_ncm_set_dgram_size()
* x86/atomic: Fix smp_mb__{before,after}_atomic()
* kprobes/x86: Prohibit probing on exception masking instructions
* uprobes/x86: Prohibit probing on MOV SS instruction
* fbdev: Remove unused SH-Mobile HDMI driver
* fbdev: Ditch fb_edid_add_monspecs
* block: introduce blk_rq_is_passthrough
* libata: have ata_scsi_rw_xlat() fail invalid passthrough requests
* net: ovs: fix return type of ndo_start_xmit function
* f2fs: return correct errno in f2fs_gc
* SUNRPC: Fix priority queue fairness
* ath10k: fix vdev-start timeout on error
* ath9k: fix reporting calculated new FFT upper max
* usb: gadget: udc: fotg210-udc: Fix a sleep-in-atomic-context bug in fotg210_get_status()
* nl80211: Fix a GET_KEY reply attribute
* dmaengine: ep93xx: Return proper enum in ep93xx_dma_chan_direction
* dmaengine: timb_dma: Use proper enum in td_prep_slave_sg
* mei: samples: fix a signedness bug in amt_host_if_call()
* cxgb4: Use proper enum in cxgb4_dcb_handle_fw_update
* cxgb4: Use proper enum in IEEE_FAUX_SYNC
* powerpc/pseries: Fix DTL buffer registration
* powerpc/pseries: Fix how we iterate over the DTL entries
* mtd: rawnand: sh_flctl: Use proper enum for flctl_dma_fifo0_transfer
* ixgbe: Fix crash with VFs and flow director on interface flap
* IB/mthca: Fix error return code in __mthca_init_one()
* ata: ep93xx: Use proper enums for directions
* ALSA: hda/sigmatel - Disable automute for Elo VuPoint
* KVM: PPC: Book3S PR: Exiting split hack mode needs to fixup both PC and LR
* USB: serial: cypress_m8: fix interrupt-out transfer length
* mtd: physmap_of: Release resources on error
* brcmfmac: fix full timeout waiting for action frame on-channel tx
* NFSv4.x: fix lock recovery during delegation recall
* dmaengine: ioat: fix prototype of ioat_enumerate_channels
* Input: st1232 - set INPUT_PROP_DIRECT property
* x86/olpc: Fix build error with CONFIG_MFD_CS5535=m
* crypto: mxs-dcp - Fix SHA null hashes and output length
* crypto: mxs-dcp - Fix AES issues
* ACPI / SBS: Fix rare oops when removing modules
* fbdev: sbuslib: use checked version of put_user()
* fbdev: sbuslib: integer overflow in sbusfb_ioctl_helper()
* bcache: recal cached_dev_sectors on detach
* proc/vmcore: Fix i386 build error of missing copy_oldmem_page_encrypted()
* backlight: lm3639: Unconditionally call led_classdev_unregister
* printk: Give error on attempt to set log buffer length to over 2G
* media: isif: fix a NULL pointer dereference bug
* GFS2: Flush the GFS2 delete workqueue before stopping the kernel threads
* media: cx231xx: fix potential sign-extension overflow on large shift
* x86/kexec: Correct KEXEC_BACKUP_SRC_END off-by-one error
* gpio: syscon: Fix possible NULL ptr usage
* spi: spidev: Fix OF tree warning logic
* ARM: 8802/1: Call syscall_trace_exit even when system call skipped
* hwmon: (pwm-fan) Silence error on probe deferral
* mac80211: minstrel: fix CCK rate group streams value
* spi: rockchip: initialize dma_slave_config properly
* arm64: uaccess: Ensure PAN is re-enabled after unhandled uaccess fault
* Linux 4.4.203
* UBUNTU: [Config] Remove unused SH-Mobile HDMI driver
* UBUNTU: upstream stable to v4.4.203

       4.4.203 upstream stable release
       from git://git.kernel.org/

Connor Kuehl (connork) on 2019-11-25
Changed in linux (Ubuntu):
status: New → Confirmed
tags: added: kernel-stable-tracking-bug
Changed in linux (Ubuntu):
status: Confirmed → Invalid
Changed in linux (Ubuntu Xenial):
status: New → In Progress
importance: Undecided → Medium
assignee: nobody → Connor Kuehl (connork)
Connor Kuehl (connork) wrote :

The following patch required offset adjustments:

x86/atomic: Fix smp_mb__{before,after}_atomic()
- the changes to smp_mb__before_atomic and smp_mb__after_atomic had to be manually placed

The following patches were skipped since they have already been applied:

apparmor: fix uninitialized lsm_audit member
- Skipped as an equivalent patch has already been applied and it looks invasive to shape it into the stable version

apparmor: fix update the mtime of the profile file on replacement
- Skipped as an equivalent patch has already been applied and it would be quite invasive to revert

apparmor: fix module parameters can be changed after policy is locked
- Skipped as an equivalent patch has already been applied and it would be too invasive to revert and apply this.

description: updated
Changed in linux (Ubuntu Xenial):
status: In Progress → Fix Committed
Launchpad Janitor (janitor) wrote :
Download full text (15.0 KiB)

This bug was fixed in the package linux - 4.4.0-171.200

---------------
linux (4.4.0-171.200) xenial; urgency=medium

  * xenial/linux: 4.4.0-171.200 -proposed tracker (LP: #1854835)

  * CVE-2019-14901
    - SAUCE: mwifiex: Fix heap overflow in mmwifiex_process_tdls_action_frame()

  * CVE-2019-14896 // CVE-2019-14897
    - SAUCE: libertas: Fix two buffer overflows at parsing bss descriptor

  * CVE-2019-14895
    - SAUCE: mwifiex: fix possible heap overflow in mwifiex_process_country_ie()

  * CVE-2019-18660: patches for Ubuntu (LP: #1853142) // CVE-2019-18660
    - powerpc/64s: support nospectre_v2 cmdline option
    - powerpc/book3s64: Fix link stack flush on context switch
    - KVM: PPC: Book3S HV: Flush link stack on guest exit to host kernel

  * cloudimg: no iavf/i40evf module so no network available with SR-IOV enabled
    cloud (LP: #1848481)
    - [Packaging]: include i40evf in generic

  * update ENA driver for DIMLIB dynamic interrupt moderation (LP: #1853180)
    - net: ena: fix bug that might cause hang after consecutive open/close
      interface.
    - net: ena: add intr_moder_rx_interval to struct ena_com_dev and use it
    - net: ena: switch to dim algorithm for rx adaptive interrupt moderation
    - net: ena: reimplement set/get_coalesce()
    - net: ena: enable the interrupt_moderation in driver_supported_features
    - net: ena: remove code duplication in
      ena_com_update_nonadaptive_moderation_interval _*()
    - net: ena: remove old adaptive interrupt moderation code from ena_netdev
    - net: ena: remove ena_restore_ethtool_params() and relevant fields
    - net: ena: remove all old adaptive rx interrupt moderation code from ena_com
    - net: ena: fix update of interrupt moderation register
    - net: ena: fix retrieval of nonadaptive interrupt moderation intervals
    - net: ena: fix incorrect update of intr_delay_resolution
    - net: ena: Select DIMLIB for ENA_ETHERNET
    - SAUCE: net: ena: fix issues in setting interrupt moderation params in
      ethtool
    - SAUCE: net: ena: fix too long default tx interrupt moderation interval

  * backport DIMLIB (lib/dim/) to pre-5.2 kernels (LP: #1852637)
    - include/linux/bitops.h: introduce BITS_PER_TYPE
    - linux/kernel.h: move DIV_ROUND_DOWN_ULL() macro
    - [Config] enable DIMLIB
    - linux/dim: import DIMLIB (lib/dim/)
    - SAUCE: linux/dim: avoid library object filename clash

  * Enable framebuffer fonts auto selection for HighDPI screen (LP: #1851623)
    - fonts: Fix coding style
    - fonts: Prefer a bigger font for high resolution screens

  * Xenial update: 4.4.203 upstream stable release (LP: #1853881)
    - slip: Fix memory leak in slip_open error path
    - ax88172a: fix information leak on short answers
    - ALSA: usb-audio: Fix missing error check at mixer resolution test
    - ALSA: usb-audio: not submit urb for stopped endpoint
    - Input: ff-memless - kill timer in destroy()
    - ecryptfs_lookup_interpose(): lower_dentry->d_inode is not stable
    - ecryptfs_lookup_interpose(): lower_dentry->d_parent is not stable either
    - iommu/vt-d: Fix QI_DEV_IOTLB_PFSID and QI_DEV_EIOTLB_PFSID macros
    - mm: memcg: switch to css_tryget() in g...

Changed in linux (Ubuntu Xenial):
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers