Maverick update to 2.6.35.14 stable release

Bug #898139 reported by Herton R. Krzesinski on 2011-11-30
12
This bug affects 1 person
Affects Status Importance Assigned to Milestone
linux (Ubuntu)
Undecided
Unassigned
Maverick
Medium
Herton R. Krzesinski

Bug Description

    SRU Justification

    Impact:
       The upstream process for stable tree updates is quite similar
       in scope to the Ubuntu SRU process, e.g., each patch has to
       demonstrably fix a bug, and each patch is vetted by upstream
       by originating either directly from Linus' tree or in a minimally
       backported form of that patch. The 2.6.35.14 upstream stable
       patch set is now available. It should be included in the Ubuntu
       kernel as well.

       git://git.kernel.org/

    TEST CASE: TBD

       The following patches are in the 2.6.35.14 stable release:

* kbuild: Disable -Wunused-but-set-variable for gcc 4.6.0
* kbuild: Fix passing -Wno-* options to gcc 4.4+
* maintainer
* Remove the old V4L1 v4lgrab.c file
* agp: fix arbitrary kernel memory writes
* agp: fix OOM and buffer overflow
* i8k: Tell gcc that *regs gets clobbered
* Fix gcc 4.5.1 miscompiling drivers/char/i8k.c (again)
* USB: serial/usb_wwan, fix tty NULL dereference
* ipv6: add special mode accept_ra=2 to accept RA while configured as router
* mpt2sas: prevent heap overflows and unchecked reads
* set memory ranges in N_NORMAL_MEMORY when onlined
* FLEXCOP-PCI: fix __xlate_proc_name-warning for flexcop-pci
* m68k/mm: Set all online nodes in N_NORMAL_MEMORY
* nfs: don't lose MS_SYNCHRONOUS on remount of noac mount
* NFSv4.1: Ensure state manager thread dies on last umount
* Input: xen-kbdfront - fix mouse getting stuck after save/restore
* pmcraid: reject negative request size
* put stricter guards on queue dead checks
* mmc: sdhci-pci: Fix error case in sdhci_pci_probe_slot()
* mmc: sdhci: Check mrq->cmd in sdhci_tasklet_finish
* mmc: sdhci: Check mrq != NULL in sdhci_tasklet_finish
* USB: fix regression in usbip by setting has_tt flag
* ARM: 6891/1: prevent heap corruption in OABI semtimedop
* Open with O_CREAT flag set fails to open existing files on non writable directories
* can: Add missing socket check in can/bcm release.
* fs/partitions/ldm.c: fix oops caused by corrupted partition table
* Input: elantech - discard the first 2 positions on some firmwares
* Staging: rtl8192su: Clean up in case of an error in module initialisation
* Staging: rtl8192su: Fix procfs code for interfaces not named wlan0
* USB: teach "devices" file about Wireless and SuperSpeed USB
* SUNRPC: fix NFS client over TCP hangs due to packet loss (Bug 16494)
* nfs4: Ensure that ACL pages sent over NFS were not allocated from the slab (v3)
* nfs: fix compilation warning
* Fix corrupted OSF partition table parsing
* Increase OSF partition limit from 8 to 18
* hwmon: (applesmc) Add MacBookAir3,1(3,2) support
* ALSA: emux: Add trivial compat ioctl handler
* ALSA: hda - MacBookPro 5,3 line-in support
* ALSA: hda - Add model=mbp55 entry for MacBookPro 7,1
* ALSA: hda - MacBookAir3,1(3,2) alsa support
* virtio_net: Add schedule check to napi_enable call
* Bluetooth: Add support Bluetooth controller of MacbookPro 6,2
* Bluetooth: Add support Bluetooth controller of MacbookPro 7,1
* Bluetooth: Add MacBookAir3,1(2) support
* dell-laptop: Add another Dell laptop family to the DMI whitelist
* btrfs: Require CAP_SYS_ADMIN for filesystem rebalance
* backlight: MacBookAir3,1(3,2) mbp-nvidia-bl support
* bonding: Ensure that we unshare skbs prior to calling pskb_may_pull
* HID: add MacBookAir 3,1 and 3,2 support
* ipv6: Silence privacy extensions initialization
* MIPS: DMA: Fix computation of DMA flags from device's coherent_dma_mask.
* niu: Fix kernel buffer overflow for ETHTOOL_GRXCLSRLALL
* Phonet: device notifier only runs on initial namespace
* powerpc/boot/dts: Install dts from the right directory
* rt2500usb: fallback to SW encryption for TKIP+AES
* libata: set queue DMA alignment to sector size for ATAPI too
* usb: musb: core: set has_tt flag
* can: add missing socket check in can/raw release
* fix oops in scsi_run_queue()
* cifs: check for bytes_remaining going to zero in CIFS_SessSetup
* Validate size of EFI GUID partition entries.
* dccp: handle invalid feature options length
* CIFS: Fix memory over bound bug in cifs_parse_mount_options
* ehea: fix wrongly reported speed and port
* NET: slip, fix ldisc->open retval
* ne-h8300: Fix regression caused during net_device_ops conversion
* hydra: Fix regression caused during net_device_ops conversion
* libertas: fix cmdpendingq locking
* zorro8390: Fix regression caused during net_device_ops conversion
* cifs: add fallback in is_path_accessible for old servers
* x86, AMD: Fix ARAT feature setting again
* clocksource: Install completely before selecting
* tick: Clear broadcast active bit when switching to oneshot
* x86, apic: Fix spurious error interrupts triggering on all non-boot APs
* x86, mce, AMD: Fix leaving freed data in a list
* megaraid_sas: Sanity check user supplied length before passing it to dma_alloc_coherent()
* vmxnet3: Fix inconsistent LRO state after initialization
* netxen: Remove references to unified firmware file
* ftrace: Only update the function code on write to filter files
* kmemleak: Do not return a pointer to an object that kmemleak did not get
* CPU hotplug, re-create sysfs directory and symlinks
* Fix memory leak in cpufreq_stat
* powerpc/kexec: Fix memory corruption from unallocated slaves
* powerpc/oprofile: Handle events that raise an exception without overflowing
* block: add proper state guards to __elv_next_request
* mtd: mtdconcat: fix NAND OOB write
* x86, 64-bit: Fix copy_[to/from]_user() checks for the userspace address limit
* ext3: Fix fs corruption when make_indexed_dir() fails
* jbd: Fix forever sleeping process in do_get_write_access()
* jbd: fix fsync() tid wraparound bug
* ext4: release page cache in ext4_mb_load_buddy error path
* Fix Ultrastor asm snippet
* x86, amd: Do not enable ARAT feature on AMD processors below family 0x12
* x86, amd: Use _safe() msr access for GartTlbWlk disable code
* rcu: Fix unpaired rcu_irq_enter() from locking selftests
* staging: usbip: fix wrong endian conversion
* Fix for buffer overflow in ldm_frag_add not sufficient
* seqlock: Don't smp_rmb in seqlock reader spin loop
* ALSA: HDA: Use one dmic only for Dell Studio 1558
* ASoC: Ensure output PGA is enabled for line outputs in wm_hubs
* ASoC: Add some missing volume update bit sets for wm_hubs devices
* mm/page_alloc.c: prevent unending loop in __alloc_pages_slowpath()
* loop: limit 'max_part' module param to DISK_MAX_PARTS
* loop: handle on-demand devices correctly
* USB: CP210x Add 4 Device IDs for AC-Services Devices
* USB: moto_modem: Add USB identifier for the Motorola VE240.
* USB: serial: ftdi_sio: adding support for TavIR STK500
* USB: gamin_gps: Fix for data transfer problems in native mode
* usb/gadget: at91sam9g20 fix end point max packet size
* usb: gadget: rndis: don't test against req->length
* xhci: Fix full speed bInterval encoding.
* OHCI: work around for nVidia shutdown problem
* OHCI: fix regression caused by nVidia shutdown workaround
* p54usb: add zoom 4410 usbid
* eCryptfs: Allow 2 scatterlist entries for encrypted filenames
* UBIFS: fix a rare memory leak in ro to rw remounting path
* i8k: Avoid lahf in 64-bit code
* cpuidle: menu: fixed wrapping timers at 4.294 seconds
* dm table: reject devices without request fns
* atm: expose ATM device index in sysfs
* brd: limit 'max_part' module param to DISK_MAX_PARTS
* brd: handle on-demand devices correctly
* SUNRPC: Deal with the lack of a SYN_SENT sk->sk_state_change callback...
* PCI: Add quirk for setting valid class for TI816X Endpoint
* xen mmu: fix a race window causing leave_mm BUG()
* UBIFS: fix shrinker object count reports
* UBIFS: fix memory leak on error path
* nbd: limit module parameters to a sane value
* block: export blk_{get,put}_queue()
* Fix oops caused by queue refcounting failure
* mm: fix ENOSPC returned by handle_mm_fault()
* PCI: Set PCIE maxpayload for card during hotplug insertion
* nl80211: fix check for valid SSID size in scan operations
* lockdep: Fix lock_is_held() on recursion
* drm/i915: Add a no lvds quirk for the Asus EeeBox PC EB1007
* drm/radeon/kms: fix for radeon on systems >4GB without hardware iommu
* fat: Fix corrupt inode flags when remove ATTR_SYS flag
* xen: off by one errors in multicalls.c
* x86/amd-iommu: Fix 3 possible endless loops
* USB: cdc-acm: Adding second ACM channel support for Nokia E7 and C7
* USB: core: Tolerate protocol stall during hub and port status read
* USB: serial: add another 4N-GALAXY.DE PID to ftdi_sio driver
* USB: xhci - fix interval calculation for FS isoc endpoints
* ALSA: hda: Fix quirk for Dell Inspiron 910
* oprofile, dcookies: Fix possible circular locking dependency
* CPUFREQ: Remove cpufreq_stats sysfs entries on module unload.
* md: check ->hot_remove_disk when removing disk
* md/raid5: fix raid5_set_bi_hw_segments
* exec: delay address limit change until point of no return
* netfilter: IPv6: initialize TOS field in REJECT target module
* netfilter: IPv6: fix DSCP mangle code
* xen: events: do not unmask event channels on resume
* genirq: Add IRQF_FORCE_RESUME
* xen: Use IRQF_FORCE_RESUME
* time: Compensate for rounding on odd-frequency clocksources
* ksm: fix NULL pointer dereference in scan_get_next_rmap_item()
* migrate: don't account swapcache as shmem
* xen: partially revert "xen: set max_pfn_mapped to the last pfn mapped"
* clocksource: Make watchdog robust vs. interruption
* xhci: Reject double add of active endpoints.
* PM: Free memory bitmaps if opening /dev/snapshot fails
* ath5k: fix memory leak when fewer than N_PD_CURVES are in use
* mm: fix negative commitlimit when gigantic hugepages are allocated
* uvcvideo: Remove buffers from the queues when freeing
* watchdog: mtx1-wdt: request gpio before using it
* debugobjects: Fix boot crash when kmemleak and debugobjects enabled
* cfq-iosched: fix locking around ioc->ioc_data assignment
* cfq-iosched: fix a rcu warning
* i2c-taos-evm: Fix log messages
* md: avoid endless recovery loop when waiting for fail device to complete.
* SUNRPC: Ensure the RPC client only quits on fatal signals
* 6pack,mkiss: fix lock inconsistency
* taskstats: don't allow duplicate entries in listener mode
* USB: don't let errors prevent system sleep
* USB: don't let the hub driver prevent system sleep
* uml: fix CONFIG_STATIC_LINK=y build failure with newer glibc
* inet_diag: fix inet_diag_bc_audit()
* PM / Hibernate: Fix free_unnecessary_pages()
* bug.h: Add WARN_RATELIMIT
* net: filter: Use WARN_RATELIMIT
* af_packet: prevent information leak
* net/ipv4: Check for mistakenly passed in non-IPv4 address
* ipv6/udp: Use the correct variable to determine non-blocking condition
* udp/recvmsg: Clear MSG_TRUNC flag when starting over for a new packet
* mm: prevent concurrent unmap_mapping_range() on the same inode
* proc: restrict access to /proc/PID/io
* alpha: fix several security issues
* x86: Make Dell Latitude E5420 use reboot=pci
* x86: Make Dell Latitude E6420 use reboot=pci
* mm/futex: fix futex writes on archs with SW tracking of
* mm/backing-dev.c: reset bdi min_ratio in bdi_unregister()
* xtensa: prevent arbitrary read in ptrace
* ipc/sem.c: fix race with concurrent semtimedop() timeouts
* jme: Fix unmap error (Causing system freeze)
* fix crash in scsi_dispatch_cmd()
* mmc: Add PCI fixup quirks for Ricoh 1180:e823 reader
* mmc: Added quirks for Ricoh 1180:e823 lower base clock
* Drop -Werror in perf
* kexec, x86: Fix incorrect jump back address if not
* USB: serial: add IDs for WinChipHead USB->RS232 adapter
* davinci: DM365 EVM: fix video input mux bits
* powerpc/pseries/hvconsole: Fix dropped console output
* hvc_console: Improve tty/console put_chars handling
* powerpc/kdump: Fix timeout in crash_kexec_wait_realmode
* si4713-i2c: avoid potential buffer overflow on si4713
* hwmon: (max1111) Fix race condition causing NULL pointer
* hwmon: (asus_atk0110) Fix memory leak
* USB: OHCI: fix another regression for NVIDIA controllers
* firewire: cdev: prevent race between first get_info ioctl
* firewire: cdev: return -ENOTTY for unimplemented ioctls, not
* svcrpc: fix list-corrupting race on nfsd shutdown
* x86: Look for IA32_ENERGY_PERF_BIAS support
* x86, intel, power: Initialize MSR_IA32_ENERGY_PERF_BIAS
* SUNRPC: Fix use of static variable in rpcb_getport_async
* ARM: pxa/cm-x300: fix V3020 RTC functionality
* firewire: ohci: do not bind to Pinnacle cards, avert panic
* mm/nommu.c: fix remap_pfn_range()
* EHCI: only power off port if over-current is active
* mac80211: Restart STA timers only on associated state
* usb: musb: restore INDEX register in resume path
* SUNRPC: Fix a race between work-queue and rpc_killall_tasks
* bttv: fix s_tuner for radio
* pvrusb2: fix g/s_tuner support
* v4l2-ioctl.c: prefill tuner type for g_frequency and
* mac80211: fix TKIP replay vulnerability
* ASoC: ak4642: fixup snd_soc_update_bits mask for PW_MGMT2
* tracing: Fix bug when reading system filters on module
* tracing: Have "enable" file use refcounts like the "filter"
* ARM: pxa: fix PGSR register address calculation
* iommu/amd: Don't use MSI address range for DMA addresses
* staging: r8192e_pci: Handle duplicate PCI ID 0x10ec:0x8192
* staging: comedi: fix infoleak to userspace
* Staging: hv: netvsc: Fix a bug in accounting transmit slots
* ARM: 6989/1: perf: do not start the PMU when no events are
* ASoC: Ensure we delay long enough for WM8994 FLL to lock
* SERIAL: SC26xx: Fix link error.
* x86, mtrr: lock stop machine during MTRR rendezvous sequence
* ipv6: add special mode forwarding=2 to send RS while
* IGMP snooping: set mrouters_only flag for IPv4 traffic
* IGMP snooping: set mrouters_only flag for IPv6 traffic
* release 2.6.35.14

Not all patches above were applied. See below for details.

From the changes above, the following were already applied on Maverick tree, and were ignored:
* agp: fix arbitrary kernel memory writes
* agp: fix OOM and buffer overflow
* mpt2sas: prevent heap overflows and unchecked reads
* can: Add missing socket check in can/bcm release.
* fs/partitions/ldm.c: fix oops caused by corrupted partition table
* nfs4: Ensure that ACL pages sent over NFS were not allocated from the slab (v3)
* Fix corrupted OSF partition table parsing
* virtio_net: Add schedule check to napi_enable call
* dell-laptop: Add another Dell laptop family to the DMI whitelist
* can: add missing socket check in can/raw release
* Validate size of EFI GUID partition entries.
* dccp: handle invalid feature options length
* cifs: add fallback in is_path_accessible for old servers
* xen: events: do not unmask event channels on resume
* ksm: fix NULL pointer dereference in scan_get_next_rmap_item()
* taskstats: don't allow duplicate entries in listener mode
* inet_diag: fix inet_diag_bc_audit()
* proc: restrict access to /proc/PID/io
* si4713-i2c: avoid potential buffer overflow on si4713
* staging: comedi: fix infoleak to userspace

The following change was already cherry-picked and later reverted because of a regression in the maverick tree, so was not re-applied:
* xhci: Fix full speed bInterval encoding.

This patch was ignored because the backport in Maverick - 79f6796 "nl80211: fix overflow in ssid_len - CVE-2011-2517" - already fixed the same issue:
* nl80211: fix check for valid SSID size in scan operations

This patch was ignored because it fixes a problem in a patch which was reverted previously in the maverick tree:
* USB: xhci - fix interval calculation for FS isoc endpoints

An extra change was included to revert a previous revert, so that the right fix from this stable update ("xen: partially revert "xen: set max_pfn_mapped to the last pfn mapped"") could be applied:
* Revert "Revert "xen: set max_pfn_mapped to the last pfn mapped""

The following two changes had to be changed to fix minor issues or to apply cleanly on Maverick master-next tree:
* x86: Look for IA32_ENERGY_PERF_BIAS support
* x86, intel, power: Initialize MSR_IA32_ENERGY_PERF_BIAS

The following change had to be fixed, with it applied the corresponding code doesn't build (no linux/atomic.h in 2.6.35):
Staging: hv: netvsc: Fix a bug in accounting transmit slots

The change: * usb: musb: restore INDEX register in resume path
was ignored. It is uneeded on maverick 2.6.35, because the commit which introduced the issue it originally fixes upstream (ae9b2ad "usb: musb: Change to direct addr in context save/restore") wasn't present in 2.6.35.x. Also, because of this, git am when applying this patch was applying the addition to the wrong function, causing a build failure on armel.

After the needed 2.6.35.14 patches were applied, the following changes from it were subsequently reverted, since they already brought regressions on Natty/Lucid (bugs 793796 and 811745):
* put stricter guards on queue dead checks
* fix oops in scsi_run_queue()
* block: add proper state guards to __elv_next_request
* block: export blk_{get,put}_queue()
* Fix oops caused by queue refcounting failure
* fix crash in scsi_dispatch_cmd()

tags: added: kernel-stable-tracking-bug
Changed in linux (Ubuntu):
status: New → Invalid
description: updated
description: updated
description: updated
description: updated
description: updated
description: updated
Changed in linux (Ubuntu Maverick):
status: New → Fix Committed
assignee: nobody → Herton R. Krzesinski (herton)
importance: Undecided → Medium
Julian Wiedmann (jwiedmann) wrote :

* ALSA: hda: Fix quirk for Dell Inspiron 910
This one recently caused a regression on Lucid.

* x86: Look for IA32_ENERGY_PERF_BIAS support
* x86, intel, power: Initialize MSR_IA32_ENERGY_PERF_BIAS
These need a fixup, http://git.kernel.org/?p=linux/kernel/git/torvalds/linux.git;a=commit;h=17edf2d79f1ea6dfdb4c444801d928953b9f98d6

Herton R. Krzesinski (herton) wrote :

> * ALSA: hda: Fix quirk for Dell Inspiron 910
> This one recently caused a regression on Lucid.

This ALSA change shouldn't regress on Maverick, and we can just ignore/keep it, because the Maverick kernel contains the change "ALSA: hda - Use ALC_INIT_DEFAULT for really default initialization", which makes the auto model enable the EAPD on required pins for the Dell hardware that regressed with this change on Lucid (the regression happened because EAPD wasn't being enabled on Lucid).

> * x86: Look for IA32_ENERGY_PERF_BIAS support
> * x86, intel, power: Initialize MSR_IA32_ENERGY_PERF_BIAS
> These need a fixup, http://git.kernel.org/?p=linux/kernel/git/torvalds/linux.git;a=commit;h=17edf2d79f1ea6dfdb4c444801d928953b9f98d6

I'll take a look at SRU'ing this fixup.

Launchpad Janitor (janitor) wrote :
Download full text (16.6 KiB)

This bug was fixed in the package linux - 2.6.35-32.64

---------------
linux (2.6.35-32.64) maverick-proposed; urgency=low

  [Herton R. Krzesinski]

  * Release Tracking Bug
    - LP: #910919

  [ Seth Forshee ]

  * SAUCE: dell-wmi: Demote unknown WMI event message to pr_debug
    - LP: #581312

  [ Upstream Kernel Changes ]

  * Revert "Revert "xen: set max_pfn_mapped to the last pfn mapped""
    - LP: #898139
  * Revert "core: Fix memory leak/corruption on VLAN GRO_DROP,
    CVE-2011-1576"
    - LP: #844361
  * kbuild: Disable -Wunused-but-set-variable for gcc 4.6.0
    - LP: #898139
  * kbuild: Fix passing -Wno-* options to gcc 4.4+
    - LP: #898139
  * maintainer
    - LP: #898139
  * Remove the old V4L1 v4lgrab.c file
    - LP: #898139
  * i8k: Tell gcc that *regs gets clobbered
    - LP: #898139
  * Fix gcc 4.5.1 miscompiling drivers/char/i8k.c (again)
    - LP: #898139
  * USB: serial/usb_wwan, fix tty NULL dereference
    - LP: #898139
  * ipv6: add special mode accept_ra=2 to accept RA while configured as
    router
    - LP: #898139
  * set memory ranges in N_NORMAL_MEMORY when onlined
    - LP: #898139
  * FLEXCOP-PCI: fix __xlate_proc_name-warning for flexcop-pci
    - LP: #898139
  * m68k/mm: Set all online nodes in N_NORMAL_MEMORY
    - LP: #898139
  * nfs: don't lose MS_SYNCHRONOUS on remount of noac mount
    - LP: #898139
  * NFSv4.1: Ensure state manager thread dies on last umount
    - LP: #898139
  * Input: xen-kbdfront - fix mouse getting stuck after save/restore
    - LP: #898139
  * pmcraid: reject negative request size
    - LP: #898139
  * mmc: sdhci-pci: Fix error case in sdhci_pci_probe_slot()
    - LP: #898139
  * mmc: sdhci: Check mrq->cmd in sdhci_tasklet_finish
    - LP: #898139
  * mmc: sdhci: Check mrq != NULL in sdhci_tasklet_finish
    - LP: #898139
  * USB: fix regression in usbip by setting has_tt flag
    - LP: #898139
  * ARM: 6891/1: prevent heap corruption in OABI semtimedop
    - LP: #898139
  * Open with O_CREAT flag set fails to open existing files on non writable
    directories
    - LP: #898139
  * Input: elantech - discard the first 2 positions on some firmwares
    - LP: #898139
  * Staging: rtl8192su: Clean up in case of an error in module
    initialisation
    - LP: #898139
  * Staging: rtl8192su: Fix procfs code for interfaces not named wlan0
    - LP: #898139
  * USB: teach "devices" file about Wireless and SuperSpeed USB
    - LP: #898139
  * SUNRPC: fix NFS client over TCP hangs due to packet loss (Bug 16494)
    - LP: #898139
  * nfs: fix compilation warning
    - LP: #898139
  * Increase OSF partition limit from 8 to 18
    - LP: #898139
  * hwmon: (applesmc) Add MacBookAir3,1(3,2) support
    - LP: #898139
  * ALSA: emux: Add trivial compat ioctl handler
    - LP: #898139
  * ALSA: hda - MacBookPro 5,3 line-in support
    - LP: #898139
  * ALSA: hda - Add model=mbp55 entry for MacBookPro 7,1
    - LP: #898139
  * ALSA: hda - MacBookAir3,1(3,2) alsa support
    - LP: #898139
  * Bluetooth: Add support Bluetooth controller of MacbookPro 6,2
    - LP: #898139
  * Bluetooth: Add support Bluetooth controller of MacbookPro 7,1
    - LP: #898139
  * Bluetooth: Add MacBookAir3,1(2) suppor...

Changed in linux (Ubuntu Maverick):
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers