Yakkety update to v4.8.5 stable release

Bug #1637520 reported by Tim Gardner on 2016-10-28
This bug affects 5 people
Affects Status Importance Assigned to Milestone
linux (Ubuntu)

Bug Description

SRU Justification

       The upstream process for stable tree updates is quite similar
       in scope to the Ubuntu SRU process, e.g., each patch has to
       demonstrably fix a bug, and each patch is vetted by upstream
       by originating either directly from a mainline/stable Linux tree or
       a minimally backported form of that patch. The v4.8.5 upstream stable
       patch set is now available. It should be included in the Ubuntu
       kernel as well.



       The following patches from the v4.8.5 stable release shall be applied:

gpio: mpc8xxx: Correct irq handler function
mei: fix return value on disconnection
mei: me: add kaby point device ids
regulator: tps65910: Work around silicon erratum SWCZ010
clk: imx6: initialize GPU clocks
clk: imx6: fix i.MX6DL clock tree to reflect reality
spi: spidev_test: Fix buffer overflow in unescape()
PM / devfreq: event: remove duplicate devfreq_event_get_drvdata()
ath10k: fix copy engine 5 destination ring stuck
rtlwifi: Fix missing country code for Great Britain
mmc: block: don't use CMD23 with very old MMC cards
mmc: sdhci: cast unsigned int to unsigned long long to avoid unexpeted error
PCI: Mark Atheros AR9580 to avoid bus reset
PCI: tegra: Fix argument order in tegra_pcie_phy_disable()
platform: don't return 0 from platform_get_irq[_byname]() on error
cpufreq: ti: Use generic platdev driver
cpufreq: conservative: Fix next frequency selection
cpufreq: skip invalid entries when searching the frequency
cpufreq: intel_pstate: Fix unsafe HWP MSR access
cpufreq: fix overflow in cpufreq_table_find_index_dl()
parisc: Increase KERNEL_INITIAL_SIZE for 32-bit SMP kernels
parisc: Fix self-detected CPU stall warnings on Mako machines
parisc: Fix kernel memory layout regarding position of __gp
parisc: Increase initial kernel mapping size
pstore/ramoops: fixup driver removal
pstore/core: drop cmpxchg based updates
pstore/ram: Use memcpy_toio instead of memcpy
pstore/ram: Use memcpy_fromio() to save old buffer
perf intel-pt: Fix snapshot overlap detection decoder errors
perf intel-pt: Fix estimated timestamps for cycle-accurate mode
perf intel-pt: Fix MTC timestamp calculation for large MTC periods
dm: mark request_queue dead before destroying the DM device
dm: return correct error code in dm_resume()'s retry loop
dm rq: take request_queue lock while clearing QUEUE_FLAG_STOPPED
dm mpath: check if path's request_queue is dying in activate_path()
dm crypt: fix crash on exit
powerpc/xmon: Don't use ld on 32-bit
powerpc/vdso64: Use double word compare on pointers
powerpc/powernv: Pass CPU-endian PE number to opal_pci_eeh_freeze_clear()
powerpc/eeh: Null check uses of eeh_pe_bus_get
powerpc/powernv: Use CPU-endian hub diag-data type in pnv_eeh_get_and_dump_hub_diag()
powerpc/powernv: Use CPU-endian PEST in pnv_pci_dump_p7ioc_diag_data()
powerpc/mm: Update FORCE_MAX_ZONEORDER range to allow hugetlb w/4K
powerpc/mm/hash64: Fix might_have_hea() check
IB/srp: Fix infinite loop when FMR sg[0].offset != 0
IB/core: correctly handle rdma_rw_init_mrs() failure
ubi: Deal with interrupted erasures in WL
zfcp: fix fc_host port_type with NPIV
zfcp: fix ELS/GS request&response length for hardware data router
zfcp: close window with unblocked rport during rport gone
zfcp: retain trace level for SCSI and HBA FSF response records
zfcp: restore: Dont use 0 to indicate invalid LUN in rec trace
zfcp: trace on request for open and close of WKA port
zfcp: restore tracing of handle for port and LUN with HBA records
zfcp: fix D_ID field with actual value on tracing SAN responses
zfcp: fix payload trace length for SAN request&response
zfcp: trace full payload of all SAN records (req,resp,iels)
scsi: zfcp: spin_lock_irqsave() is not nestable
fbdev/efifb: Fix 16 color palette entry calculation
ovl: Fix info leak in ovl_lookup_temp()
ovl: copy_up_xattr(): use strnlen
mb86a20s: fix the locking logic
mb86a20s: fix demod settings
cx231xx: don't return error on success
cx231xx: fix GPIOs for Pixelview SBTVD hybrid
cx231xx: can't proceed if I2C bus register fails
ALSA: hda - Fix a failure of micmute led when having multi adcs
MIPS: Fix -mabi=64 build of vdso.lds
MIPS: ptrace: Fix regs_return_value for kernel context
Input: i8042 - skip selftest on ASUS laptops
Input: elantech - force needed quirks on Fujitsu H760
Input: elantech - add Fujitsu Lifebook E556 to force crc_enabled
sunrpc: fix write space race causing stalls
NFSD: fix corruption in notifier registration
NFS: Fix inode corruption in nfs_prime_dcache()
NFSv4: Don't report revoked delegations as valid in nfs_have_delegation()
NFSv4: nfs4_copy_delegation_stateid() must fail if the delegation is invalid
NFSv4: Open state recovery must account for file permission changes
NFSv4.2: Fix a reference leak in nfs42_proc_layoutstats_generic
pnfs/blocklayout: fix last_write_offset incorrectly set to page boundary
scsi: Fix use-after-free
watchdog: rt2880_wdt: Remove assignment of dev pointer
watchdog: mt7621_wdt: Remove assignment of dev pointer
metag: Only define atomic_dec_if_positive conditionally
soc/fsl/qe: fix gpio save_regs functions
soc/fsl/qe: fix Oops on CPM1 (and likely CPM2)
arm64: KVM: VHE: reset PSTATE.PAN on entry to EL2
arc: don't leak bits of kernel stack into coredump
fs/super.c: fix race between freeze_super() and thaw_super()
cifs: Limit the overall credit acquired
fs/cifs: keep guid when assigning fid to fileinfo
Clarify locking of cifs file and tcon structures and make more granular
Display number of credits available
Set previous session id correctly on SMB3 reconnect
SMB3: GUIDs should be constructed as random but valid uuids
Do not send SMB3 SET_INFO request if nothing is changing
Cleanup missing frees on some ioctls
blkcg: Unlock blkcg_pol_mutex only once when cpd == NULL
x86/e820: Don't merge consecutive E820_PRAM ranges
kvm: x86: memset whole irq_eoi
x86/platform/UV: Fix support for EFI_OLD_MEMMAP after BIOS callback updates
x86/boot/smp: Don't try to poke disabled/non-existent APIC
pinctrl: intel: Only restore pins that are used by the driver
pinctrl: baytrail: Fix lockdep
sched/fair: Fix incorrect task group ->load_avg
sched/fair: Fix min_vruntime tracking
irqchip/gicv3: Handle loop timeout proper
irqchip/eznps: Acknowledge NPS_IPI before calling the handler
irqchip/gic-v3-its: Fix entry size mask for GITS_BASER
cxl: Prevent adapter reset if an active context exists
isofs: Do not return EACCES for unknown filesystems
memstick: rtsx_usb_ms: Runtime resume the device when polling for cards
memstick: rtsx_usb_ms: Manage runtime PM when accessing the device
arm64: swp emulation: bound LL/SC retries before rescheduling
arm64: kaslr: fix breakage with CONFIG_MODVERSIONS=y
arm64: percpu: rewrite ll/sc loops in assembly
arm64: kernel: Init MDCR_EL2 even in the absence of a PMU
arm64: Cortex-A53 errata workaround: check for kernel addresses
arm64: KVM: Take S1 walks into account when determining S2 write faults
ceph: fix error handling in ceph_read_iter
powerpc/mm: Prevent unlikely crash in copro_calculate_slb()
mmc: core: Annotate cmd_hdr as __le32
mmc: core: switch to 1V8 or 1V2 for hs400es mode
mmc: rtsx_usb_sdmmc: Avoid keeping the device runtime resumed when unused
mmc: rtsx_usb_sdmmc: Handle runtime PM while changing the led
KVM: s390: reject invalid modes for runtime instrumentation
fscrypto: make XTS tweak initialization endian-independent
fscrypto: lock inode while setting encryption policy
ext4: do not advertise encryption support when disabled
jbd2: fix incorrect unlock on j_list_lock
ubifs: Fix xattr_names length in exit paths
target/tcm_fc: use CPU affinity for responses
target: Re-add missing SCF_ACK_KREF assignment in v4.1.y
target: Don't override EXTENDED_COPY xcopy_pt_cmd SCSI status code
Revert "target: Fix residual overflow handling in target_complete_cmd_with_length"
Linux 4.8.5

CVE References

Tim Gardner (timg-tpi) on 2016-10-28
tags: added: kernel-stable-tracking-bug
description: updated
Launchpad Janitor (janitor) wrote :

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in linux (Ubuntu Yakkety):
status: New → Confirmed
Changed in linux (Ubuntu):
status: New → Confirmed
Luis Henriques (henrix) on 2016-11-11
Changed in linux (Ubuntu Yakkety):
status: Confirmed → Fix Committed
Launchpad Janitor (janitor) wrote :
Download full text (26.6 KiB)

This bug was fixed in the package linux - 4.8.0-28.30

linux (4.8.0-28.30) yakkety; urgency=low

  [ Luis Henriques ]

  * Release Tracking Bug
    - LP: #1641083

  * lxc-attach to malicious container allows access to host (LP: #1639345)
    - Revert "UBUNTU: SAUCE: (noup) ptrace: being capable wrt a process requires
      mapped uids/gids"
    - (upstream) mm: Add a user_ns owner to mm_struct and fix ptrace permission

  * [Feature] AVX-512 new instruction sets (avx512_4vnniw, avx512_4fmaps)
    (LP: #1637526)
    - x86/cpufeature: Add AVX512_4VNNIW and AVX512_4FMAPS features

  * zfs: importing zpool with vdev on zvol hangs kernel (LP: #1636517)
    - SAUCE: (noup) Update zfs to

  * Move some device drivers build from kernel built-in to modules
    (LP: #1637303)
    - [Config] CONFIG_TIGON3=m for all arches

  * I2C touchpad does not work on AMD platform (LP: #1612006)
    - pinctrl/amd: Configure GPIO register using BIOS settings

  * guest experiencing Transmit Timeouts on CX4 (LP: #1636330)
    - powerpc/64: Re-fix race condition between going idle and entering guest
    - powerpc/64: Fix race condition in setting lock bit in idle/wakeup code

  * QEMU throws failure msg while booting guest with SRIOV VF (LP: #1630554)
    - KVM: PPC: Always select KVM_VFIO, plus Makefile cleanup

  * [Feature] KBL - New device ID for Kabypoint(KbP) (LP: #1591618)
    - SAUCE: mfd: lpss: Fix Intel Kaby Lake PCH-H properties

  * hio: SSD data corruption under stress test (LP: #1638700)
    - SAUCE: hio: set bi_error field to signal an I/O error on a BIO
    - SAUCE: hio: splitting bio in the entry of .make_request_fn

  * cleanup primary tree for linux-hwe layering issues (LP: #1637473)
    - [Config] switch Vcs-Git: to yakkety repository
    - [Packaging] handle both linux-lts* and linux-hwe* as backports
    - [Config] linux-tools-common and linux-cloud-tools-common are one per series
    - [Config] linux-source-* is in the primary linux namespace
    - [Config] linux-tools -- always suggest the base package

  * SRU: sync zfsutils-linux and spl-linux changes to linux (LP: #1635656)
    - SAUCE: (noup) Update spl to, zfs to (LP:

  * [Feature] SKX: perf uncore PMU support (LP: #1591810)
    - perf/x86/intel/uncore: Add Skylake server uncore support
    - perf/x86/intel/uncore: Remove hard-coded implementation for Node ID mapping
    - perf/x86/intel/uncore: Handle non-standard counter offset

  * [Feature] Purley: Memory Protection Keys (LP: #1591804)
    - x86/pkeys: Add fault handling for PF_PK page fault bit
    - mm: Implement new pkey_mprotect() system call
    - x86/pkeys: Make mprotect_key() mask off additional vm_flags
    - x86/pkeys: Allocation/free syscalls
    - x86: Wire up protection keys system calls
    - generic syscalls: Wire up memory protection keys syscalls
    - pkeys: Add details of system call use to Documentation/
    - x86/pkeys: Default to a restrictive init PKRU
    - x86/pkeys: Allow configuration of init_pkru
    - x86/pkeys: Add self-tests

  * kernel invalid ...

Changed in linux (Ubuntu Yakkety):
status: Fix Committed → Fix Released

The verification of the Stable Release Update for linux has completed successfully and the package has now been released to -updates. Subsequently, the Ubuntu Stable Release Updates Team is being unsubscribed and will not receive messages about this bug report. In the event that you encounter a regression using the package from -updates please report a new bug using ubuntu-bug and tag the bug report regression-update so we can easily find any regressions.

Launchpad Janitor (janitor) wrote :

This bug was fixed in the package linux - 4.8.0-30.32

linux (4.8.0-30.32) yakkety; urgency=low

  * CVE-2016-8655 (LP: #1646318)
    - packet: fix race condition in packet_set_ring

 -- Brad Figg <email address hidden> Thu, 01 Dec 2016 08:02:53 -0800

Changed in linux (Ubuntu):
status: Confirmed → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Duplicates of this bug

Other bug subscribers