Xenial update: 4.4.191 upstream stable release

Bug #1845036 reported by Connor Kuehl on 2019-09-23
12
This bug affects 1 person
Affects Status Importance Assigned to Milestone
linux (Ubuntu)
Undecided
Unassigned
Xenial
Medium
Connor Kuehl

Bug Description

SRU Justification

    Impact:
       The upstream process for stable tree updates is quite similar
       in scope to the Ubuntu SRU process, e.g., each patch has to
       demonstrably fix a bug, and each patch is vetted by upstream
       by originating either directly from a mainline/stable Linux tree or
       a minimally backported form of that patch. The following upstream
       stable patches should be included in the Ubuntu kernel:

* HID: Add 044f:b320 ThrustMaster, Inc. 2 in 1 DT
* MIPS: kernel: only use i8253 clocksource with periodic clockevent
* netfilter: ebtables: fix a memory leak bug in compat
* bonding: Force slave speed check after link state recovery for 802.3ad
* can: dev: call netif_carrier_off() in register_candev()
* st21nfca_connectivity_event_received: null check the allocation
* st_nci_hci_connectivity_event_received: null check the allocation
* ASoC: ti: davinci-mcasp: Correct slot_width posed constraint
* net: usb: qmi_wwan: Add the BroadMobi BM818 card
* isdn: mISDN: hfcsusb: Fix possible null-pointer dereferences in start_isoc_chain()
* isdn: hfcsusb: Fix mISDN driver crash caused by transfer buffer on the stack
* perf bench numa: Fix cpu0 binding
* can: sja1000: force the string buffer NULL-terminated
* can: peak_usb: force the string buffer NULL-terminated
* NFSv4: Fix a potential sleep while atomic in nfs4_do_reclaim()
* net: cxgb3_main: Fix a resource leak in a error path in 'init_one()'
* net: hisilicon: make hip04_tx_reclaim non-reentrant
* net: hisilicon: fix hip04-xmit never return TX_BUSY
* net: hisilicon: Fix dma_map_single failed on arm64
* libata: add SG safety checks in SFF pio transfers
* selftests: kvm: Adding config fragments
* HID: wacom: correct misreported EKR ring values
* Revert "dm bufio: fix deadlock with loop device"
* userfaultfd_release: always remove uffd flags and clear vm_userfaultfd_ctx
* x86/retpoline: Don't clobber RFLAGS during CALL_NOSPEC on i386
* x86/apic: Handle missing global clockevent gracefully
* x86/boot: Save fields explicitly, zero out everything else
* x86/boot: Fix boot regression caused by bootparam sanitizing
* dm btree: fix order of block initialization in btree_split_beneath
* dm space map metadata: fix missing store of apply_bops() return value
* dm table: fix invalid memory accesses with too high sector number
* cgroup: Disable IRQs while holding css_set_lock
* net: arc_emac: fix koops caused by sk_buff free
* siphash: implement HalfSipHash1-3 for hash tables
* netfilter: ctnetlink: don't use conntrack/expect object addresses as id
* netfilter: conntrack: Use consistent ct id hash calculation
* Revert "perf test 6: Fix missing kvm module load for s390"
* x86/pm: Introduce quirk framework to save/restore extra MSR registers around suspend/resume
* x86/CPU/AMD: Clear RDRAND CPUID bit on AMD family 15h/16h
* scsi: ufs: Fix NULL pointer dereference in ufshcd_config_vreg_hpm()
* dmaengine: ste_dma40: fix unneeded variable warning
* usb: gadget: composite: Clear "suspended" on reset/disconnect
* usb: host: fotg2: restart hcd after port reset
* tools: hv: fix KVP and VSS daemons exit code
* watchdog: bcm2835_wdt: Fix module autoload
* tcp: fix tcp_rtx_queue_tail in case of empty retransmit queue
* ALSA: usb-audio: Fix a stack buffer overflow bug in check_input_term
* ALSA: usb-audio: Fix an OOB bug in parse_audio_mixer_unit
* tcp: make sure EPOLLOUT wont be missed
* ALSA: seq: Fix potential concurrent access to the deleted pool
* KVM: x86: Don't update RIP or do single-step on faulting emulation
* x86/apic: Do not initialize LDR and DFR for bigsmp
* x86/apic: Include the LDR when clearing out APIC registers
* usb-storage: Add new JMS567 revision to unusual_devs
* USB: cdc-wdm: fix race between write and disconnect due to flag abuse
* usb: host: ohci: fix a race condition between shutdown and irq
* USB: storage: ums-realtek: Update module parameter description for auto_delink_en
* USB: storage: ums-realtek: Whitelist auto-delink support
* ptrace,x86: Make user_64bit_mode() available to 32-bit builds
* uprobes/x86: Fix detection of 32-bit user mode
* mmc: sdhci-of-at91: add quirk for broken HS200
* mmc: core: Fix init of SD cards reporting an invalid VDD range
* stm class: Fix a double free of stm_source_device
* VMCI: Release resource if the work is already queued
* Revert "cfg80211: fix processing world regdomain when non modular"
* mac80211: fix possible sta leak
* x86/ptrace: fix up botched merge of spectrev1 fix
* Linux 4.4.191

       4.4.191 upstream stable release
       from git://git.kernel.org/

Connor Kuehl (connork) on 2019-09-23
Changed in linux (Ubuntu):
status: New → Confirmed
tags: added: kernel-stable-tracking-bug
Connor Kuehl (connork) on 2019-09-23
Changed in linux (Ubuntu Xenial):
status: New → In Progress
importance: Undecided → Medium
assignee: nobody → Connor Kuehl (connork)
Changed in linux (Ubuntu):
status: Confirmed → Invalid
Connor Kuehl (connork) wrote :

Already applied:

* GFS2: don't set rgrp gl_object until it's inserted into rgrp tree
* vhost-net: set packet weight of tx polling to 2 * vq size
* vhost_net: use packet weight for rx handler, too
* vhost_net: introduce vhost_exceeds_weight()
* vhost: introduce vhost_exceeds_weight()
* vhost_net: fix possible infinite loop
* vhost: scsi: add weight support
* siphash: add cryptographically secure PRF
* inet: switch IP ID generator to siphash

Connor Kuehl (connork) on 2019-09-24
description: updated
Changed in linux (Ubuntu Xenial):
status: In Progress → Fix Committed

I have removed the following commit from the Xenial tree given that it was causing a build failure on s390x.

* Revert "perf test 6: Fix missing kvm module load for s390"

This issue had already been resolved by "UBUNTU: SAUCE: Fix perf test 6: Fix missing kvm module load for s390", so the upstream fix was not needed.

Stefan Bader (smb) wrote :

commit dd20ee8f5a91cd67ee34aec07b446a3a20b82d01
Author: Sasha Levin <email address hidden>
Date: Tue Aug 27 22:58:51 2019 -0400

    Revert "perf test 6: Fix missing kvm module load for s390"

Above patch should not have applied cleanly from linux-4.4.y because we fixed it up already. It is not mentioned above that there was anything specially done. However the committed result is not what the upstream stable did. Instead of removing a function, it gets added (a second time as the fixed up version we did is still present). Not sure how this did happen.

Connor Kuehl (connork) wrote :

I have been using the stable updates toolchain that was used for the Bionic stable updates project. Generally, if a patch doesn't apply one of the tools checks to see if it was already applied. If it doesn't believe the patch is applied, and it doesn't apply cleanly, we use "patch" because it tries a little bit harder than "git am" for fitting the hunks in at different offsets.

In this case, it didn't see this patch was effectively applied under an "UBUNTU: SAUCE:" prefix. This is something that it should do, so I'll work on trying to get a patch sent for that toolchain.

Stefan Bader (smb) wrote :

Ok, but in this case the patch from upstream did a bigger hunk of removals. That would not have worked even with patch because to fix the build, we have replaced two function calls within that hunk. The change applied under the title of the revert was actually a re-do of the initial addition of that hunk. Not the revert.

Launchpad Janitor (janitor) wrote :
Download full text (15.0 KiB)

This bug was fixed in the package linux - 4.4.0-166.195

---------------
linux (4.4.0-166.195) xenial; urgency=medium

  * xenial/linux: 4.4.0-166.195 -proposed tracker (LP: #1846069)

  * Packaging resync (LP: #1786013)
    - [Packaging] update helper scripts

  * CVE-2017-18232
    - scsi: libsas: direct call probe and destruct

  * CVE-2018-21008
    - rsi: add fix for crash during assertions

  * Xenial update: 4.4.194 upstream stable release (LP: #1845405)
    - bridge/mdb: remove wrong use of NLM_F_MULTI
    - cdc_ether: fix rndis support for Mediatek based smartphones
    - ipv6: Fix the link time qualifier of 'ping_v6_proc_exit_net()'
    - isdn/capi: check message length in capi_write()
    - net: Fix null de-reference of device refcount
    - sch_hhf: ensure quantum and hhf_non_hh_weight are non-zero
    - sctp: Fix the link time qualifier of 'sctp_ctrlsock_exit()'
    - sctp: use transport pf_retrans in sctp_do_8_2_transport_strike
    - tcp: fix tcp_ecn_withdraw_cwr() to clear TCP_ECN_QUEUE_CWR
    - tipc: add NULL pointer check before calling kfree_rcu
    - tun: fix use-after-free when register netdev failed
    - Revert "MIPS: SiByte: Enable swiotlb for SWARM, LittleSur and BigSur"
    - Btrfs: fix assertion failure during fsync and use of stale transaction
    - genirq: Prevent NULL pointer dereference in resend_irqs()
    - KVM: s390: Do not leak kernel stack data in the KVM_S390_INTERRUPT ioctl
    - KVM: x86: work around leak of uninitialized stack contents
    - KVM: nVMX: handle page fault in vmread
    - MIPS: VDSO: Prevent use of smp_processor_id()
    - MIPS: VDSO: Use same -m%-float cflag as the kernel proper
    - clk: rockchip: Don't yell about bad mmc phases when getting
    - driver core: Fix use-after-free and double free on glue directory
    - crypto: talitos - check AES key size
    - crypto: talitos - check data blocksize in ablkcipher.
    - x86/build: Add -Wnoaddress-of-packed-member to REALMODE_CFLAGS, to silence
      GCC9 build warning
    - MIPS: netlogic: xlr: Remove erroneous check in nlm_fmn_send()
    - ARC: configs: Remove CONFIG_INITRAMFS_SOURCE from defconfigs
    - USB: usbcore: Fix slab-out-of-bounds bug during device reset
    - media: tm6000: double free if usb disconnect while streaming
    - x86/boot: Add missing bootparam that breaks boot on some platforms
    - xen-netfront: do not assume sk_buff_head list is empty in error handling
    - serial: sprd: correct the wrong sequence of arguments
    - tty/serial: atmel: reschedule TX after RX was started
    - mwifiex: Fix three heap overflow at parsing element in cfg80211_ap_settings
    - s390/bpf: fix lcgr instruction encoding
    - ARM: OMAP2+: Fix omap4 errata warning on other SoCs
    - s390/bpf: use 32-bit index for tail calls
    - NFSv4: Fix return values for nfs4_file_open()
    - NFS: Fix initialisation of I/O result struct in nfs_pgio_rpcsetup
    - Kconfig: Fix the reference to the IDT77105 Phy driver in the description of
      ATM_NICSTAR_USE_IDT77105
    - ARM: 8874/1: mm: only adjust sections of valid mm structures
    - r8152: Set memory to all 0xFFs on failed reg reads
    - x86/apic: Fix arch_dynirq_lower_bound() bug for D...

Changed in linux (Ubuntu Xenial):
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers