Xenial update: 4.4.224 upstream stable release

Bug #1881356 reported by Ian on 2020-05-29
12
This bug affects 1 person
Affects Status Importance Assigned to Milestone
linux (Ubuntu)
Undecided
Unassigned
Xenial
Undecided
Unassigned

Bug Description

SRU Justification

    Impact:
       The upstream process for stable tree updates is quite similar
       in scope to the Ubuntu SRU process, e.g., each patch has to
       demonstrably fix a bug, and each patch is vetted by upstream
       by originating either directly from a mainline/stable Linux tree or
       a minimally backported form of that patch. The following upstream
       stable patches should be included in the Ubuntu kernel:

       4.4.224 upstream stable release
       from git://git.kernel.org/

The following patches from the 4.4.224 stable release shall be applied:
* USB: serial: qcserial: Add DW5816e support
* Revert "net: phy: Avoid polling PHY with PHY_IGNORE_INTERRUPTS"
* dp83640: reverse arguments to list_add_tail
* net/mlx4_core: Fix use of ENOSPC around mlx4_counter_alloc()
* sch_sfq: validate silly quantum values
* sch_choke: avoid potential panic in choke_reset()
* Revert "ACPI / video: Add force_native quirk for HP Pavilion dv6"
* enic: do not overwrite error code
* ipv6: fix cleanup ordering for ip6_mr failure
* binfmt_elf: move brk out of mmap when doing direct loader exec
* x86/apm: Don't access __preempt_count with zeroed fs
* Revert "IB/ipoib: Update broadcast object if PKey value was changed in index 0"
* USB: uas: add quirk for LaCie 2Big Quadra
* USB: serial: garmin_gps: add sanity checking for data length
* batman-adv: fix batadv_nc_random_weight_tq
* scripts/decodecode: fix trapping instruction formatting
* phy: micrel: Ensure interrupts are reenabled on resume
* binfmt_elf: Do not move brk for INTERP-less ET_EXEC
* ext4: add cond_resched() to ext4_protect_reserved_inode
* net: ipv6: add net argument to ip6_dst_lookup_flow
* net: ipv6_stub: use ip6_dst_lookup_flow instead of ip6_dst_lookup
* blktrace: Fix potential deadlock between delete & sysfs ops
* blktrace: fix unlocked access to init/start-stop/teardown
* blktrace: fix trace mutex deadlock
* blktrace: Protect q->blk_trace with RCU
* blktrace: fix dereference after null check
* ptp: do not explicitly set drvdata in ptp_clock_register()
* ptp: use is_visible method to hide unused attributes
* ptp: create "pins" together with the rest of attributes
* chardev: add helper function to register char devs with a struct device
* ptp: Fix pass zero to ERR_PTR() in ptp_clock_register
* ptp: fix the race between the release of ptp_clock and cdev
* ptp: free ptp device pin descriptors properly
* net: handle no dst on skb in icmp6_send
* net/sonic: Fix a resource leak in an error handling path in 'jazz_sonic_probe()'
* net: moxa: Fix a potential double 'free_irq()'
* drop_monitor: work around gcc-10 stringop-overflow warning
* scsi: sg: add sg_remove_request in sg_write
* spi: spi-dw: Add lock protect dw_spi rx/tx to prevent concurrent calls
* cifs: Check for timeout on Negotiate stage
* cifs: Fix a race condition with cifs_echo_request
* dmaengine: pch_dma.c: Avoid data race between probe and irq handler
* dmaengine: mmp_tdma: Reset channel error on release
* drm/qxl: lost qxl_bo_kunmap_atomic_page in qxl_image_init_helper()
* ipc/util.c: sysvipc_find_ipc() incorrectly updates position index
* net: openvswitch: fix csum updates for MPLS actions
* gre: do not keep the GRE header around in collect medata mode
* mm/memory_hotplug.c: fix overflow in test_pages_in_a_zone()
* scsi: qla2xxx: Avoid double completion of abort command
* i40e: avoid NVM acquire deadlock during NVM update
* net/mlx5: Fix driver load error flow when firmware is stuck
* netfilter: conntrack: avoid gcc-10 zero-length-bounds warning
* IB/mlx4: Test return value of calls to ib_get_cached_pkey
* pnp: Use list_for_each_entry() instead of open coding
* gcc-10 warnings: fix low-hanging fruit
* kbuild: compute false-positive -Wmaybe-uninitialized cases in Kconfig
* Stop the ad-hoc games with -Wno-maybe-initialized
* gcc-10: disable 'zero-length-bounds' warning for now
* gcc-10: disable 'array-bounds' warning for now
* gcc-10: disable 'stringop-overflow' warning for now
* gcc-10: disable 'restrict' warning for now
* block: defer timeouts to a workqueue
* blk-mq: Allow timeouts to run while queue is freezing
* blk-mq: sync the update nr_hw_queues with blk_mq_queue_tag_busy_iter
* blk-mq: Allow blocking queue tag iter callbacks
* x86/paravirt: Remove the unused irq_enable_sysexit pv op
* gcc-10: avoid shadowing standard library 'free()' in crypto
* net: fix a potential recursive NETDEV_FEAT_CHANGE
* net: ipv4: really enforce backoff for redirects
* netlabel: cope with NULL catmap
* ALSA: hda/realtek - Limit int mic boost for Thinkpad T530
* ALSA: rawmidi: Fix racy buffer resize under concurrent accesses
* ALSA: rawmidi: Initialize allocated buffers
* USB: gadget: fix illegal array access in binding with UDC
* ARM: dts: imx27-phytec-phycard-s-rdk: Fix the I2C1 pinctrl entries
* x86: Fix early boot crash on gcc-10, third try
* exec: Move would_dump into flush_old_exec
* usb: gadget: net2272: Fix a memory leak in an error handling path in 'net2272_plat_probe()'
* usb: gadget: audio: Fix a missing error return value in audio_bind()
* usb: gadget: legacy: fix error return code in gncm_bind()
* usb: gadget: legacy: fix error return code in cdc_bind()
* Revert "ALSA: hda/realtek: Fix pop noise on ALC225"
* ARM: dts: r8a7740: Add missing extal2 to CPG node
* KVM: x86: Fix off-by-one error in kvm_vcpu_ioctl_x86_setup_mce
* Makefile: disallow data races on gcc-10 as well
* scsi: iscsi: Fix a potential deadlock in the timeout handler
* Linux 4.4.224

Ian (ian-may) on 2020-05-29
Changed in linux (Ubuntu):
status: New → Confirmed
tags: added: kernel-stable-tracking-bug
Ian (ian-may) on 2020-06-02
description: updated
Ian (ian-may) wrote :

Please note that the following patches have been skipped as they were already applied to xenial/linux:
  *Revert "ACPI / video: Add force_native quirk for HP Pavilion dv6"
  *net: ipv6: add net argument to ip6_dst_lookup_flow
  *net: ipv6_stub: use ip6_dst_lookup_flow instead of ip6_dst_lookup
  *blktrace: Protect q->blk_trace with RCU
  *blktrace: fix dereference after null check
  *spi: spi-dw: Add lock protect dw_spi rx/tx to prevent concurrent calls
  *block: defer timeouts to a workqueue
  *blk-mq: Allow timeouts to run while queue is freezing

The following patch needed some context adjustment:
  *blktrace: Fix potential deadlock between delete & sysfs ops
  *blktrace: fix unlocked access to init/start-stop/teardown
  *cifs: Check for timeout on Negotiate stage
  *cifs: Fix a race condition with cifs_echo_request
  *x86/paravirt: Remove the unused irq_enable_sysexit pv op
  *x86: Fix early boot crash on gcc-10, third try
  *scsi: iscsi: Fix a potential deadlock in the timeout handler

All the other patches applied cleanly.

Changed in linux (Ubuntu Xenial):
status: New → Fix Committed
Launchpad Janitor (janitor) wrote :
Download full text (5.6 KiB)

This bug was fixed in the package linux - 4.4.0-185.215

---------------
linux (4.4.0-185.215) xenial; urgency=medium

  * Packaging resync (LP: #1786013)
    - [Packaging] update helper scripts

  * CVE-2020-0543
    - UBUNTU/SAUCE: x86/speculation/srbds: do not try to turn mitigation off when
      not supported

  * Xenial update: 4.4.224 upstream stable release (LP: #1881356)
    - USB: serial: qcserial: Add DW5816e support
    - Revert "net: phy: Avoid polling PHY with PHY_IGNORE_INTERRUPTS"
    - dp83640: reverse arguments to list_add_tail
    - net/mlx4_core: Fix use of ENOSPC around mlx4_counter_alloc()
    - sch_sfq: validate silly quantum values
    - sch_choke: avoid potential panic in choke_reset()
    - enic: do not overwrite error code
    - ipv6: fix cleanup ordering for ip6_mr failure
    - binfmt_elf: move brk out of mmap when doing direct loader exec
    - x86/apm: Don't access __preempt_count with zeroed fs
    - Revert "IB/ipoib: Update broadcast object if PKey value was changed in index
      0"
    - USB: uas: add quirk for LaCie 2Big Quadra
    - USB: serial: garmin_gps: add sanity checking for data length
    - batman-adv: fix batadv_nc_random_weight_tq
    - scripts/decodecode: fix trapping instruction formatting
    - phy: micrel: Ensure interrupts are reenabled on resume
    - binfmt_elf: Do not move brk for INTERP-less ET_EXEC
    - ext4: add cond_resched() to ext4_protect_reserved_inode
    - blktrace: Fix potential deadlock between delete & sysfs ops
    - blktrace: fix unlocked access to init/start-stop/teardown
    - blktrace: fix trace mutex deadlock
    - ptp: do not explicitly set drvdata in ptp_clock_register()
    - ptp: use is_visible method to hide unused attributes
    - ptp: create "pins" together with the rest of attributes
    - chardev: add helper function to register char devs with a struct device
    - ptp: Fix pass zero to ERR_PTR() in ptp_clock_register
    - ptp: fix the race between the release of ptp_clock and cdev
    - ptp: free ptp device pin descriptors properly
    - net: handle no dst on skb in icmp6_send
    - net/sonic: Fix a resource leak in an error handling path in
      'jazz_sonic_probe()'
    - net: moxa: Fix a potential double 'free_irq()'
    - drop_monitor: work around gcc-10 stringop-overflow warning
    - scsi: sg: add sg_remove_request in sg_write
    - cifs: Check for timeout on Negotiate stage
    - cifs: Fix a race condition with cifs_echo_request
    - dmaengine: pch_dma.c: Avoid data race between probe and irq handler
    - dmaengine: mmp_tdma: Reset channel error on release
    - drm/qxl: lost qxl_bo_kunmap_atomic_page in qxl_image_init_helper()
    - ipc/util.c: sysvipc_find_ipc() incorrectly updates position index
    - net: openvswitch: fix csum updates for MPLS actions
    - gre: do not keep the GRE header around in collect medata mode
    - mm/memory_hotplug.c: fix overflow in test_pages_in_a_zone()
    - scsi: qla2xxx: Avoid double completion of abort command
    - i40e: avoid NVM acquire deadlock during NVM update
    - net/mlx5: Fix driver load error flow when firmware is stuck
    - netfilter: conntrack: avoid gcc-10 zero-length-bounds warning
    - IB/mlx4:...

Read more...

Changed in linux (Ubuntu Xenial):
status: Fix Committed → Fix Released
skvatboy (skvatboy) on 2020-07-07
information type: Public → Public Security
information type: Public Security → Private Security
information type: Private Security → Public
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers