Bug #1634964 “Allow fuse user namespace mounts by default in xen...” : Bugs : linux package : Ubuntu

Seth Forshee (sforshee) on 2016-10-19

Changed in linux (Ubuntu Xenial):
assignee:	nobody → Seth Forshee (sforshee)
importance:	Undecided → High
status:	New → In Progress
Changed in linux (Ubuntu):
status:	In Progress → Fix Released
description:	updated

Luis Henriques (henrix) on 2016-11-08

Changed in linux (Ubuntu Xenial):
status:	In Progress → Fix Committed

Revision history for this message

Luis Henriques (henrix) wrote on 2016-11-16:

#1

This bug is awaiting verification that the kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-xenial' to 'verification-done-xenial'.

If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you!

tags:

added: verification-needed-xenial

Revision history for this message

Seth Forshee (sforshee) wrote on 2016-11-23:

#2

Verified in the proposed xenial kernel.

tags:

added: verification-done-xenial
removed: verification-needed-xenial

Luis Henriques (henrix) on 2016-11-23

Changed in linux (Ubuntu Xenial):
status:	Fix Committed → Triaged

Revision history for this message

Steve Langasek (vorlon) wrote on 2016-11-30: Update Released

#3

The verification of the Stable Release Update for linux-lts-xenial has completed successfully and the package has now been released to -updates. Subsequently, the Ubuntu Stable Release Updates Team is being unsubscribed and will not receive messages about this bug report. In the event that you encounter a regression using the package from -updates please report a new bug using ubuntu-bug and tag the bug report regression-update so we can easily find any regressions.

Revision history for this message

Launchpad Janitor (janitor) wrote on 2016-11-30:

#4

Download full text (22.5 KiB)

This bug was fixed in the package linux - 4.4.0-51.72

---------------
linux (4.4.0-51.72) xenial; urgency=low

[ Luis Henriques ]

* Release Tracking Bug
- LP: #1644611

  * 4.4.0-1037-snapdragon #41: kernel panic on boot (LP: #1644596)
    - Revert "dma-mapping: introduce the DMA_ATTR_NO_WARN attribute"
    - Revert "powerpc: implement the DMA_ATTR_NO_WARN attribute"
    - Revert "nvme: use the DMA_ATTR_NO_WARN attribute"

linux (4.4.0-50.71) xenial; urgency=low

[ Luis Henriques ]

* Release Tracking Bug
- LP: #1644169

  * xenial 4.4.0-49.70 kernel breaks LXD userspace (LP: #1644165)
    - Revert "UBUNTU: SAUCE: (namespace) fuse: Allow user namespace mounts by
      default"
    - Revert "UBUNTU: SAUCE: (namespace) fs: Don't remove suid for CAP_FSETID for
      userns root"
    - Revert "(namespace) Revert "UBUNTU: SAUCE: fs: Don't remove suid for
      CAP_FSETID in s_user_ns""
    - Revert "UBUNTU: SAUCE: (namespace) fs: Allow superblock owner to change
      ownership of inodes"
    - Revert "(namespace) Revert "UBUNTU: SAUCE: fs: Allow superblock owner to
      change ownership of inodes with unmappable ids""
    - Revert "UBUNTU: SAUCE: (namespace) security/integrity: Harden against
      malformed xattrs"
    - Revert "(namespace) Revert "UBUNTU: SAUCE: ima/evm: Allow root in s_user_ns
      to set xattrs""
    - Revert "(namespace) dquot: For now explicitly don't support filesystems
      outside of init_user_ns"
    - Revert "(namespace) quota: Handle quota data stored in s_user_ns in
      quota_setxquota"
    - Revert "(namespace) quota: Ensure qids map to the filesystem"
    - Revert "(namespace) Revert "UBUNTU: SAUCE: quota: Convert ids relative to
      s_user_ns""
    - Revert "(namespace) Revert "UBUNTU: SAUCE: quota: Require that qids passed
      to dqget() be valid and map into s_user_ns""
    - Revert "(namespace) vfs: Don't create inodes with a uid or gid unknown to
      the vfs"
    - Revert "(namespace) vfs: Don't modify inodes with a uid or gid unknown to
      the vfs"
    - Revert "UBUNTU: SAUCE: (namespace) fuse: Translate ids in posix acl xattrs"
    - Revert "UBUNTU: SAUCE: (namespace) posix_acl: Export
      posix_acl_fix_xattr_userns() to modules"
    - Revert "(namespace) vfs: Verify acls are valid within superblock's
      s_user_ns."
    - Revert "(namespace) Revert "UBUNTU: SAUCE: fs: Update posix_acl support to
      handle user namespace mounts""
    - Revert "(namespace) fs: Refuse uid/gid changes which don't map into
      s_user_ns"
    - Revert "(namespace) Revert "UBUNTU: SAUCE: fs: Refuse uid/gid changes which
      don't map into s_user_ns""
    - Revert "(namespace) mnt: Move the FS_USERNS_MOUNT check into sget_userns"

linux (4.4.0-49.70) xenial; urgency=low

[ Luis Henriques ]

* Release Tracking Bug
- LP: #1640921

  * Infiniband driver (kernel module) needed for Azure (LP: #1641139)
    - SAUCE: RDMA Infiniband for Windows Azure
    - [Config] CONFIG_HYPERV_INFINIBAND_ND=m
    - SAUCE: Makefile RDMA infiniband driver for Windows Azure
    - [Config] Add hv_network_direct.ko to generic inclusion list
    - SAUCE: RDMA Infiniband for Windows Azure is dependent on amd64...

This bug was fixed in the package linux - 4.4.0-51.72

---------------
linux (4.4.0-51.72) xenial; urgency=low

[ Luis Henriques ]

* Release Tracking Bug
    - LP: #1644611

* 4.4.0-1037-snapdragon #41: kernel panic on boot (LP: #1644596)
    - Revert "dma-mapping: introduce the DMA_ATTR_NO_WARN attribute"
    - Revert "powerpc: implement the DMA_ATTR_NO_WARN attribute"
    - Revert "nvme: use the DMA_ATTR_NO_WARN attribute"

linux (4.4.0-50.71) xenial; urgency=low

[ Luis Henriques ]

* Release Tracking Bug
    - LP: #1644169

* xenial 4.4.0-49.70 kernel breaks LXD userspace (LP: #1644165)
    - Revert "UBUNTU: SAUCE: (namespace) fuse: Allow user namespace mounts by
      default"
    - Revert "UBUNTU: SAUCE: (namespace) fs: Don't remove suid for CAP_FSETID for
      userns root"
    - Revert "(namespace) Revert "UBUNTU: SAUCE: fs: Don't remove suid for
      CAP_FSETID in s_user_ns""
    - Revert "UBUNTU: SAUCE: (namespace) fs: Allow superblock owner to change
      ownership of inodes"
    - Revert "(namespace) Revert "UBUNTU: SAUCE: fs: Allow superblock owner to
      change ownership of inodes with unmappable ids""
    - Revert "UBUNTU: SAUCE: (namespace) security/integrity: Harden against
      malformed xattrs"
    - Revert "(namespace) Revert "UBUNTU: SAUCE: ima/evm: Allow root in s_user_ns
      to set xattrs""
    - Revert "(namespace) dquot: For now explicitly don't support filesystems
      outside of init_user_ns"
    - Revert "(namespace) quota: Handle quota data stored in s_user_ns in
      quota_setxquota"
    - Revert "(namespace) quota: Ensure qids map to the filesystem"
    - Revert "(namespace) Revert "UBUNTU: SAUCE: quota: Convert ids relative to
      s_user_ns""
    - Revert "(namespace) Revert "UBUNTU: SAUCE: quota: Require that qids passed
      to dqget() be valid and map into s_user_ns""
    - Revert "(namespace) vfs: Don't create inodes with a uid or gid unknown to
      the vfs"
    - Revert "(namespace) vfs: Don't modify inodes with a uid or gid unknown to
      the vfs"
    - Revert "UBUNTU: SAUCE: (namespace) fuse: Translate ids in posix acl xattrs"
    - Revert "UBUNTU: SAUCE: (namespace) posix_acl: Export
      posix_acl_fix_xattr_userns() to modules"
    - Revert "(namespace) vfs: Verify acls are valid within superblock's
      s_user_ns."
    - Revert "(namespace) Revert "UBUNTU: SAUCE: fs: Update posix_acl support to
      handle user namespace mounts""
    - Revert "(namespace) fs: Refuse uid/gid changes which don't map into
      s_user_ns"
    - Revert "(namespace) Revert "UBUNTU: SAUCE: fs: Refuse uid/gid changes which
      don't map into s_user_ns""
    - Revert "(namespace) mnt: Move the FS_USERNS_MOUNT check into sget_userns"

linux (4.4.0-49.70) xenial; urgency=low

[ Luis Henriques ]

* Release Tracking Bug
    - LP: #1640921

* Infiniband driver (kernel module) needed for Azure (LP: #1641139)
    - SAUCE: RDMA Infiniband for Windows Azure
    - [Config] CONFIG_HYPERV_INFINIBAND_ND=m
    - SAUCE: Makefile RDMA infiniband driver for Windows Azure
    - [Config] Add hv_network_direct.ko to generic inclusion list
    - SAUCE: RDMA Infiniband for Windows Azure is dependent on amd64

linux (4.4.0-48.69) xenial; urgency=low

[ Luis Henriques ]

* Release Tracking Bug
    - LP: #1640758

* lxc-attach to malicious container allows access to host (LP: #1639345)
    - Revert "UBUNTU: SAUCE: (noup) ptrace: being capable wrt a process requires
      mapped uids/gids"
    - (upstream) mm: Add a user_ns owner to mm_struct and fix ptrace permission
      checks

* take 'P' command from upstream xmon (LP: #1637978)
    - powerpc/xmon: Add xmon command to dump process/task similar to ps(1)

* zfs: importing zpool with vdev on zvol hangs kernel (LP: #1636517)
    - SAUCE: (noup) Update zfs to 0.6.5.6-0ubuntu15

* I2C touchpad does not work on AMD platform (LP: #1612006)
    - pinctrl/amd: Configure GPIO register using BIOS settings
    - pinctrl/amd: switch to using a bool for level

* [LTCTest] vfio_pci not loaded on Ubuntu 16.10 by default (LP: #1636733)
    - [Config] CONFIG_VFIO_PCI=y for ppc64el

* QEMU throws failure msg while booting guest with SRIOV VF (LP: #1630554)
    - KVM: PPC: Always select KVM_VFIO, plus Makefile cleanup

* Allow fuse user namespace mounts by default in xenial (LP: #1634964)
    - (namespace) mnt: Move the FS_USERNS_MOUNT check into sget_userns
    - (namespace) Revert "UBUNTU: SAUCE: fs: Refuse uid/gid changes which don't
      map into s_user_ns"
    - (namespace) fs: Refuse uid/gid changes which don't map into s_user_ns
    - (namespace) Revert "UBUNTU: SAUCE: fs: Update posix_acl support to handle
      user namespace mounts"
    - (namespace) vfs: Verify acls are valid within superblock's s_user_ns.
    - SAUCE: (namespace) posix_acl: Export posix_acl_fix_xattr_userns() to modules
    - SAUCE: (namespace) fuse: Translate ids in posix acl xattrs
    - (namespace) vfs: Don't modify inodes with a uid or gid unknown to the vfs
    - (namespace) vfs: Don't create inodes with a uid or gid unknown to the vfs
    - (namespace) Revert "UBUNTU: SAUCE: quota: Require that qids passed to
      dqget() be valid and map into s_user_ns"
    - (namespace) Revert "UBUNTU: SAUCE: quota: Convert ids relative to s_user_ns"
    - (namespace) quota: Ensure qids map to the filesystem
    - (namespace) quota: Handle quota data stored in s_user_ns in quota_setxquota
    - (namespace) dquot: For now explicitly don't support filesystems outside of
      init_user_ns
    - (namespace) Revert "UBUNTU: SAUCE: ima/evm: Allow root in s_user_ns to set
      xattrs"
    - SAUCE: (namespace) security/integrity: Harden against malformed xattrs
    - (namespace) Revert "UBUNTU: SAUCE: fs: Allow superblock owner to change
      ownership of inodes with unmappable ids"
    - SAUCE: (namespace) fs: Allow superblock owner to change ownership of inodes
    - (namespace) Revert "UBUNTU: SAUCE: fs: Don't remove suid for CAP_FSETID in
      s_user_ns"
    - SAUCE: (namespace) fs: Don't remove suid for CAP_FSETID for userns root
    - SAUCE: (namespace) fuse: Allow user namespace mounts by default

* [Feature] KBL - New device ID for Kabypoint(KbP) (LP: #1591618)
    - SAUCE: mfd: lpss: Fix Intel Kaby Lake PCH-H properties

* hio: SSD data corruption under stress test (LP: #1638700)
    - SAUCE: hio: set bi_error field to signal an I/O error on a BIO
    - SAUCE: hio: splitting bio in the entry of .make_request_fn

* Module sha1-mb fails to load (LP: #1637165)
    - crypto: sha-mb - Fix load failure
    - crypto: mcryptd - Fix load failure

* please include mlx5_core modules in linux-image-generic package
    (LP: #1635223)
    - [Config] Include mlx5 in main package

* xgene i2c slimpro driver fails to load (LP: #1625232)
    - mailbox: Add support for APM X-Gene platform mailbox driver
    - mailbox/xgene-slimpro: Checking for IS_ERR instead of NULL
    - mailbox: xgene-slimpro: Fix wrong test for devm_kzalloc
    - [Config] Enabled XGENE_SLIMPRO_MBOX as a module

* [Dell][XPS]Touchscreen fails to function after resume from s3 by Lid
    close/open (LP: #1632527)
    - gpio/pinctrl: sunxi: stop poking around in private vars
    - pinctrl: intel: Only restore pins that are used by the driver

* Xenial update to v4.4.30 stable release (LP: #1638272)
    - Revert "x86/mm: Expand the exception table logic to allow new handling
      options"
    - Revert "fix minor infoleak in get_user_ex()"
    - Linux 4.4.30

* Xenial update to v4.4.29 stable release (LP: #1638267)
    - drm/prime: Pass the right module owner through to dma_buf_export()
    - drm/amdgpu: fix IB alignment for UVD
    - drm/amdgpu/dce10: disable hpd on local panels
    - drm/amdgpu/dce8: disable hpd on local panels
    - drm/amdgpu/dce11: disable hpd on local panels
    - drm/amdgpu/dce11: add missing drm_mode_config_cleanup call
    - drm/amdgpu: change vblank_time's calculation method to reduce computational
      error.
    - drm/radeon: narrow asic_init for virtualization
    - drm/radeon/si/dpm: fix phase shedding setup
    - drm/radeon: change vblank_time's calculation method to reduce computational
      error.
    - drm/vmwgfx: Limit the user-space command buffer size
    - drm/i915/gen9: fix the WaWmMemoryReadLatency implementation
    - Revert "drm/i915: Check live status before reading edid"
    - drm/i915: Account for TSEG size when determining 865G stolen base
    - drm/i915: Unalias obj->phys_handle and obj->userptr
    - mm/hugetlb: fix memory offline with hugepage size > memory block size
    - posix_acl: Clear SGID bit when setting file permissions
    - ipip: Properly mark ipip GRO packets as encapsulated.
    - powerpc/eeh: Null check uses of eeh_pe_bus_get
    - perf stat: Fix interval output values
    - genirq/generic_chip: Add irq_unmap callback
    - uio: fix dmem_region_start computation
    - ARM: clk-imx35: fix name for ckil clk
    - spi: spi-fsl-dspi: Drop extra spi_master_put in device remove function
    - mwifiex: correct aid value during tdls setup
    - crypto: gcm - Fix IV buffer size in crypto_gcm_setkey
    - crypto: arm/ghash-ce - add missing async import/export
    - hwrng: omap - Only fail if pm_runtime_get_sync returns < 0
    - ASoC: topology: Fix error return code in soc_tplg_dapm_widget_create()
    - ASoC: dapm: Fix possible uninitialized variable in snd_soc_dapm_get_volsw()
    - ASoC: dapm: Fix value setting for _ENUM_DOUBLE MUX's second channel
    - ASoC: dapm: Fix kcontrol creation for output driver widget
    - staging: r8188eu: Fix scheduling while atomic splat
    - power: bq24257: Fix use of uninitialized pointer bq->charger
    - dmaengine: ipu: remove bogus NO_IRQ reference
    - x86/mm: Expand the exception table logic to allow new handling options
    - s390/cio: fix accidental interrupt enabling during resume
    - s390/con3270: fix use of uninitialised data
    - s390/con3270: fix insufficient space padding
    - clk: qoriq: fix a register offset error
    - clk: divider: Fix clk_divider_round_rate() to use clk_readl()
    - perf hists browser: Fix event group display
    - perf symbols: Check symbol_conf.allow_aliases for kallsyms loading too
    - perf symbols: Fixup symbol sizes before picking best ones
    - mpt3sas: Don't spam logs if logging level is 0
    - powerpc/nvram: Fix an incorrect partition merge
    - ARM: pxa: pxa_cplds: fix interrupt handling
    - Linux 4.4.29

* KVM: PPC: Book3S HV: Migrate pinned pages out of CMA (LP: #1632045)
    - KVM: PPC: Book3S HV: Migrate pinned pages out of CMA

* Xenial update to v4.4.28 stable release (LP: #1637510)
    - gpio: mpc8xxx: Correct irq handler function
    - mei: me: add kaby point device ids
    - regulator: tps65910: Work around silicon erratum SWCZ010
    - clk: imx6: initialize GPU clocks
    - PM / devfreq: event: remove duplicate devfreq_event_get_drvdata()
    - rtlwifi: Fix missing country code for Great Britain
    - mmc: block: don't use CMD23 with very old MMC cards
    - mmc: sdhci: cast unsigned int to unsigned long long to avoid unexpeted error
    - PCI: Mark Atheros AR9580 to avoid bus reset
    - platform: don't return 0 from platform_get_irq[_byname]() on error
    - cpufreq: intel_pstate: Fix unsafe HWP MSR access
    - parisc: Increase KERNEL_INITIAL_SIZE for 32-bit SMP kernels
    - parisc: Fix kernel memory layout regarding position of __gp
    - parisc: Increase initial kernel mapping size
    - pstore/ramoops: fixup driver removal
    - pstore/core: drop cmpxchg based updates
    - pstore/ram: Use memcpy_toio instead of memcpy
    - pstore/ram: Use memcpy_fromio() to save old buffer
    - perf intel-pt: Fix snapshot overlap detection decoder errors
    - perf intel-pt: Fix estimated timestamps for cycle-accurate mode
    - perf intel-pt: Fix MTC timestamp calculation for large MTC periods
    - dm: mark request_queue dead before destroying the DM device
    - dm: return correct error code in dm_resume()'s retry loop
    - dm mpath: check if path's request_queue is dying in activate_path()
    - dm crypt: fix crash on exit
    - powerpc/vdso64: Use double word compare on pointers
    - powerpc/powernv: Pass CPU-endian PE number to opal_pci_eeh_freeze_clear()
    - powerpc/powernv: Use CPU-endian hub diag-data type in
      pnv_eeh_get_and_dump_hub_diag()
    - powerpc/powernv: Use CPU-endian PEST in pnv_pci_dump_p7ioc_diag_data()
    - ubi: Deal with interrupted erasures in WL
    - zfcp: fix fc_host port_type with NPIV
    - zfcp: fix ELS/GS request&response length for hardware data router
    - zfcp: close window with unblocked rport during rport gone
    - zfcp: retain trace level for SCSI and HBA FSF response records
    - zfcp: restore: Dont use 0 to indicate invalid LUN in rec trace
    - zfcp: trace on request for open and close of WKA port
    - zfcp: restore tracing of handle for port and LUN with HBA records
    - zfcp: fix D_ID field with actual value on tracing SAN responses
    - zfcp: fix payload trace length for SAN request&response
    - zfcp: trace full payload of all SAN records (req,resp,iels)
    - scsi: zfcp: spin_lock_irqsave() is not nestable
    - fbdev/efifb: Fix 16 color palette entry calculation
    - ovl: Fix info leak in ovl_lookup_temp()
    - ovl: copy_up_xattr(): use strnlen
    - mb86a20s: fix the locking logic
    - mb86a20s: fix demod settings
    - cx231xx: don't return error on success
    - cx231xx: fix GPIOs for Pixelview SBTVD hybrid
    - ALSA: hda - Fix a failure of micmute led when having multi adcs
    - MIPS: Fix -mabi=64 build of vdso.lds
    - MIPS: ptrace: Fix regs_return_value for kernel context
    - lib: move strtobool() to kstrtobool()
    - lib: update single-char callers of strtobool()
    - lib: add "on"/"off" support to kstrtobool
    - Input: i8042 - skip selftest on ASUS laptops
    - Input: elantech - force needed quirks on Fujitsu H760
    - Input: elantech - add Fujitsu Lifebook E556 to force crc_enabled
    - sunrpc: fix write space race causing stalls
    - NFSv4: Don't report revoked delegations as valid in nfs_have_delegation()
    - NFSv4: nfs4_copy_delegation_stateid() must fail if the delegation is invalid
    - NFSv4: Open state recovery must account for file permission changes
    - NFSv4.2: Fix a reference leak in nfs42_proc_layoutstats_generic
    - scsi: Fix use-after-free
    - metag: Only define atomic_dec_if_positive conditionally
    - mm: filemap: don't plant shadow entries without radix tree node
    - ipc/sem.c: fix complex_count vs. simple op race
    - arc: don't leak bits of kernel stack into coredump
    - fs/super.c: fix race between freeze_super() and thaw_super()
    - cifs: Limit the overall credit acquired
    - fs/cifs: keep guid when assigning fid to fileinfo
    - Clarify locking of cifs file and tcon structures and make more granular
    - Display number of credits available
    - Set previous session id correctly on SMB3 reconnect
    - SMB3: GUIDs should be constructed as random but valid uuids
    - Do not send SMB3 SET_INFO request if nothing is changing
    - Cleanup missing frees on some ioctls
    - blkcg: Unlock blkcg_pol_mutex only once when cpd == NULL
    - x86/e820: Don't merge consecutive E820_PRAM ranges
    - kvm: x86: memset whole irq_eoi
    - irqchip/gicv3: Handle loop timeout proper
    - sd: Fix rw_max for devices that report an optimal xfer size
    - hpsa: correct skipping masked peripherals
    - PKCS#7: Don't require SpcSpOpusInfo in Authenticode pkcs7 signatures
    - bnx2x: Prevent false warning for lack of FC NPIV
    - net/mlx4_core: Allow resetting VF admin mac to zero
    - acpi, nfit: check for the correct event code in notifications
    - mm: workingset: fix crash in shadow node shrinker caused by
      replace_page_cache_page()
    - mm: filemap: fix mapping->nrpages double accounting in fuse
    - Using BUG_ON() as an assert() is _never_ acceptable
    - s390/mm: fix gmap tlb flush issues
    - irqchip/gic-v3-its: Fix entry size mask for GITS_BASER
    - isofs: Do not return EACCES for unknown filesystems
    - memstick: rtsx_usb_ms: Runtime resume the device when polling for cards
    - memstick: rtsx_usb_ms: Manage runtime PM when accessing the device
    - arm64: percpu: rewrite ll/sc loops in assembly
    - arm64: kernel: Init MDCR_EL2 even in the absence of a PMU
    - ceph: fix error handling in ceph_read_iter
    - powerpc/mm: Prevent unlikely crash in copro_calculate_slb()
    - mmc: core: Annotate cmd_hdr as __le32
    - mmc: rtsx_usb_sdmmc: Avoid keeping the device runtime resumed when unused
    - mmc: rtsx_usb_sdmmc: Handle runtime PM while changing the led
    - ext4: do not advertise encryption support when disabled
    - jbd2: fix incorrect unlock on j_list_lock
    - ubifs: Fix xattr_names length in exit paths
    - target: Re-add missing SCF_ACK_KREF assignment in v4.1.y
    - target: Make EXTENDED_COPY 0xe4 failure return COPY TARGET DEVICE NOT
      REACHABLE
    - target: Don't override EXTENDED_COPY xcopy_pt_cmd SCSI status code
    - Linux 4.4.28

* Xenial update to v4.4.27 stable release (LP: #1637501)
    - serial: 8250_dw: Check the data->pclk when get apb_pclk
    - btrfs: assign error values to the correct bio structs
    - drivers: base: dma-mapping: page align the size when unmap_kernel_range
    - fuse: listxattr: verify xattr list
    - fuse: invalidate dir dentry after chmod
    - fuse: fix killing s[ug]id in setattr
    - i40e: avoid NULL pointer dereference and recursive errors on early PCI error
    - brcmfmac: fix memory leak in brcmf_fill_bss_param
    - ASoC: Intel: Atom: add a missing star in a memcpy call
    - reiserfs: Unlock superblock before calling reiserfs_quota_on_mount()
    - reiserfs: switch to generic_{get,set,remove}xattr()
    - async_pq_val: fix DMA memory leak
    - scsi: arcmsr: Simplify user_len checking
    - ext4: enforce online defrag restriction for encrypted files
    - ext4: reinforce check of i_dtime when clearing high fields of uid and gid
    - ext4: fix memory leak in ext4_insert_range()
    - ext4: allow DAX writeback for hole punch
    - ext4: release bh in make_indexed_dir
    - dlm: free workqueues after the connections
    - vfs: move permission checking into notify_change() for utimes(NULL)
    - cfq: fix starvation of asynchronous writes
    - Linux 4.4.27

* Xenial update to v4.4.26 stable release (LP: #1637500)
    - x86/build: Build compressed x86 kernels as PIE
    - Linux 4.4.26

* ISST-LTE:pVM nvme 0000:a0:00.0: iommu_alloc failed on NVMe card
    (LP: #1633128)
    - dma-mapping: introduce the DMA_ATTR_NO_WARN attribute
    - powerpc: implement the DMA_ATTR_NO_WARN attribute
    - nvme: use the DMA_ATTR_NO_WARN attribute

* CVE-2016-8658
    - brcmfmac: avoid potential stack overflow in brcmf_cfg80211_start_ap()

* Hotkey doesn't work on HP x360 (LP: #1620979)
    - gpiolib: Make it possible to exclude GPIOs from IRQ domain
    - pinctrl: cherryview: Do not mask all interrupts in probe
    - pinctrl: cherryview: Do not add all southwest and north GPIOs to IRQ domain

* Bad page state in process genwqe_gunzip pfn:3c275 in the genwqe device
    driver (LP: #1559194)
    - SAUCE: (noup) Bad page state in process genwqe_gunzip pfn:3c275 in the
      genwqe device driver

* CVE-2016-7425
    - scsi: arcmsr: Buffer overflow in arcmsr_iop_message_xfer()

* Add ipvlan module to 16.04 kernel (LP: #1634705)
    - [Config] Add ipvlan to the generic inclusion list

* kernel generates ACPI Exception: AE_NOT_FOUND, Evaluating _DOD incorrectly
    (LP: #1634607)
    - ACPI / video: skip evaluating _DOD when it does not exist

* BT still shows off after resume by wireless hotkey (LP: #1634380)
    - Bluetooth: btusb: Fix atheros firmware download error

* ghash-clmulni-intel module fails to load (LP: #1633058)
    - crypto: ghash-clmulni - Fix load failure
    - crypto: cryptd - Assign statesize properly

* Xenial update to v4.4.25 stable release (LP: #1634153)
    - timekeeping: Fix __ktime_get_fast_ns() regression
    - ALSA: ali5451: Fix out-of-bound position reporting
    - ALSA: usb-audio: Extend DragonFly dB scale quirk to cover other variants
    - ALSA: usb-line6: use the same declaration as definition in header for MIDI
      manufacturer ID
    - mfd: rtsx_usb: Avoid setting ucr->current_sg.status
    - mfd: atmel-hlcdc: Do not sleep in atomic context
    - mfd: 88pm80x: Double shifting bug in suspend/resume
    - mfd: wm8350-i2c: Make sure the i2c regmap functions are compiled
    - KVM: PPC: Book3s PR: Allow access to unprivileged MMCR2 register
    - KVM: MIPS: Drop other CPU ASIDs on guest MMU changes
    - KVM: PPC: BookE: Fix a sanity check
    - x86/boot: Fix kdump, cleanup aborted E820_PRAM max_pfn manipulation
    - x86/irq: Prevent force migration of irqs which are not in the vector domain
    - x86/dumpstack: Fix x86_32 kernel_stack_pointer() previous stack access
    - ARM: dts: mvebu: armada-390: add missing compatibility string and bracket
    - ARM: dts: MSM8064 remove flags from SPMI/MPP IRQs
    - ARM: cpuidle: Fix error return code
    - ima: use file_dentry()
    - tpm: fix a race condition in tpm2_unseal_trusted()
    - tpm_crb: fix crb_req_canceled behavior
    - Linux 4.4.25

* backport fwts UEFI test driver to Xenial (LP: #1633506)
    - efi: Add efi_test driver for exporting UEFI runtime service interfaces
    - [Config] CONFIG_EFI_TEST=m

* Fix alps driver for multitouch function. (LP: #1633321)
    - HID: alps: fix multitouch cursor issue

* xgene merlin crashes when running as iperf server (LP: #1632739)
    - drivers: net: xgene: optimizing the code
    - xgene: get_phy_device() doesn't return NULL anymore
    - drivers: net: xgene: Get channel number from device binding
    - drivers: net: xgene: constify xgene_cle_ops structure
    - drivers: net: xgene: Fix error handling
    - drivers: net: xgene: fix IPv4 forward crash
    - drivers: net: xgene: fix sharing of irqs
    - drivers: net: xgene: fix ununiform latency across queues
    - drivers: net: xgene: fix statistics counters race condition
    - drivers: net: xgene: fix register offset
    - drivers: net: xgene: Separate set_speed from mac_init
    - drivers: net: xgene: Fix module unload crash - hw resource cleanup
    - drivers: net: xgene: Fix module unload crash - change sw sequence
    - drivers: net: xgene: Fix module unload crash - clkrst sequence
    - drivers: net: phy: xgene: Add MDIO driver
    - drivers: net: xgene: Add backward compatibility
    - drivers: net: xgene: Enable MDIO driver
    - drivers: net: xgene: Use exported functions
    - drivers: net: xgene: ethtool: Use phy_ethtool_gset and sset
    - dtb: xgene: Add MDIO node
    - MAINTAINERS: xgene: Add driver and documentation path
    - [Config] Enable MDIO_XGENE as a modules

* Add support for KabeLake i219-LOM chips (LP: #1632578)
    - e1000e: Initial support for KabeLake

-- Luis Henriques <luis.henriques@canonical.com>  Thu, 24 Nov 2016 17:56:21 +0000

Changed in linux (Ubuntu Xenial):
status:	Triaged → Fix Released

Revision history for this message

Seth Forshee (sforshee) wrote on 2016-11-30:

#5

Not actually released yet since the patches were reverted.

Changed in linux (Ubuntu Xenial):
status:	Fix Released → Confirmed

Luis Henriques (henrix) on 2016-12-15

Changed in linux (Ubuntu Xenial):
status:	Confirmed → Fix Committed

Revision history for this message

Luis Henriques (henrix) wrote on 2016-12-22:

#6

This bug is awaiting verification that the kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-xenial' to 'verification-done-xenial'. If the problem still exists, change the tag 'verification-needed-xenial' to 'verification-failed-xenial'.

If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you!

tags:

added: verification-needed-xenial
removed: verification-done-xenial

Revision history for this message

Seth Forshee (sforshee) wrote on 2017-01-03:

#7

Verified in linux 4.4.0-58.79.

tags:

added: verification-done-xenial
removed: verification-needed-xenial

Revision history for this message

Launchpad Janitor (janitor) wrote on 2017-01-10:

#8

Download full text (5.9 KiB)

This bug was fixed in the package linux - 4.4.0-59.80

---------------
linux (4.4.0-59.80) xenial; urgency=low

[ John Donnelly ]

* Release Tracking Bug
- LP: #1654282

* [2.1.1] MAAS has nvme0n1 set as boot disk, curtin fails (LP: #1651602)
- (fix) nvme: only require 1 interrupt vector, not 2+

linux (4.4.0-58.79) xenial; urgency=low

[ Luis Henriques ]

* Release Tracking Bug
- LP: #1651402

  * Support ACPI probe for IIO sensor drivers from ST Micro (LP: #1650123)
    - SAUCE: iio: st_sensors: match sensors using ACPI handle
    - SAUCE: iio: st_accel: Support sensor i2c probe using acpi
    - SAUCE: iio: st_pressure: Support i2c probe using acpi
    - [Config] CONFIG_HTS221=m, CONFIG_HTS221_I2C=m, CONFIG_HTS221_SPI=m

* Fix channel data parsing in ST Micro sensor IIO drivers (LP: #1650189)
- SAUCE: iio: common: st_sensors: fix channel data parsing

  * ST Micro lng2dm 3-axis "femto" accelerometer support (LP: #1650112)
    - SAUCE: iio: st-accel: add support for lis2dh12
    - SAUCE: iio: st_sensors: support active-low interrupts
    - SAUCE: iio: accel: Add support for the h3lis331dl accelerometer
    - SAUCE: iio: st_sensors: verify interrupt event to status
    - SAUCE: iio: st_sensors: support open drain mode
    - SAUCE: iio:st_sensors: fix power regulator usage
    - SAUCE: iio: st_sensors: switch to a threaded interrupt
    - SAUCE: iio: accel: st_accel: Add lis3l02dq support
    - SAUCE: iio: st_sensors: fix scale configuration for h3lis331dl
    - SAUCE: iio: accel: st_accel: add support to lng2dm
    - SAUCE: iio: accel: st_accel: inline per-sensor data
    - SAUCE: Documentation: dt: iio: accel: add lng2dm sensor device binding

  * ST Micro hts221 relative humidity sensor support (LP: #1650116)
    - SAUCE: iio: humidity: add support to hts221 rh/temp combo device
    - SAUCE: Documentation: dt: iio: humidity: add hts221 sensor device binding
    - SAUCE: iio: humidity: remove
    - SAUCE: iio: humidity: Support acpi probe for hts211

* crypto : tolerate new crypto hardware for z Systems (LP: #1644557)
- s390/zcrypt: Introduce CEX6 toleration

* Acer, Inc ID 5986:055a is useless after 14.04.2 installed. (LP: #1433906)
- uvcvideo: uvc_scan_fallback() for webcams with broken chain

  * vmxnet3 driver could causes kernel panic with v4.4 if LRO enabled.
    (LP: #1650635)
    - vmxnet3: segCnt can be 1 for LRO packets

  * system freeze when swapping to encrypted swap partition (LP: #1647400)
    - mm, oom: rework oom detection
    - mm: throttle on IO only when there are too many dirty and writeback pages

  * Kernel Fixes to get TCMU File Backed Optical to work (LP: #1646204)
    - target/user: Use sense_reason_t in tcmu_queue_cmd_ring
    - target/user: Return an error if cmd data size is too large
    - target/user: Fix comments to not refer to data ring
    - SAUCE: (no-up) target/user: Fix use-after-free of tcmu_cmds if they are
      expired

* CVE-2016-9756
- KVM: x86: drop error recovery in em_jmp_far and em_ret_far

* Dell Precision 5520 & 3520 freezes at login screent (LP: #1650054)
- ACPI / blacklist: add _REV quirks for Dell Precision 5520 and 3520

* CVE-2016-979...

Ubuntu
linux package

Allow fuse user namespace mounts by default in xenial

Bug Description

CVE References

Other bug subscribers

Remote bug watches

Affects		Status	Importance	Assigned to	Milestone
	linux (Ubuntu)	Fix Released	High	Seth Forshee
	Xenial	Fix Released	High	Seth Forshee

Changed in linux (Ubuntu Xenial):
status:	Fix Committed → Fix Released

Ubuntulinux package

Allow fuse user namespace mounts by default in xenial

Bug Description

CVE References

Other bug subscribers

Remote bug watches

Ubuntu
linux package