Ubuntu
linux package

Xenial update to 4.4.63 stable release

Bug #1687629 reported by Stefan Bader on 2017-05-02

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	linux (Ubuntu)	Invalid	Undecided	Unassigned
	Xenial	Fix Released	Undecided	Stefan Bader

Bug Description

SRU Justification

    Impact:
       The upstream process for stable tree updates is quite similar
       in scope to the Ubuntu SRU process, e.g., each patch has to
       demonstrably fix a bug, and each patch is vetted by upstream
       by originating either directly from a mainline/stable Linux tree or
       a minimally backported form of that patch. The 4.4.63 upstream stable
       patch set is now available. It should be included in the Ubuntu
       kernel as well.

git://git.kernel.org/

TEST CASE: TBD

The following patches from the 4.4.63 stable release shall be applied:
* cgroup, kthread: close race window where new kthreads can be migrated to
  non-root cgroups
* thp: fix MADV_DONTNEED vs clear soft dirty race
* drm/nouveau/mpeg: mthd returns true on success now
* drm/nouveau/mmu/nv4a: use nv04 mmu rather than the nv44 one
* CIFS: store results of cifs_reopen_file to avoid infinite wait
* Input: xpad - add support for Razer Wildcat gamepad
* perf/x86: Avoid exposing wrong/stale data in intel_pmu_lbr_read_32()
* x86/vdso: Ensure vdso32_enabled gets set to valid values only
* x86/vdso: Plug race between mapping and ELF header setup
* acpi, nfit, libnvdimm: fix interleave set cookie calculation (64-bit
  comparison)
* iscsi-target: Fix TMR reference leak during session shutdown
* iscsi-target: Drop work-around for legacy GlobalSAN initiator
* scsi: sr: Sanity check returned mode data
* scsi: sd: Consider max_xfer_blocks if opt_xfer_blocks is unusable
* scsi: sd: Fix capacity calculation with 32-bit sector_t
* xen, fbfront: fix connecting to backend
* libnvdimm: fix reconfig_mutex, mmap_sem, and jbd2_handle lockdep splat
* irqchip/irq-imx-gpcv2: Fix spinlock initialization
* ftrace: Fix removing of second function probe
* char: Drop bogus dependency of DEVPORT on !M68K
* char: lack of bool string made CONFIG_DEVPORT always on
* Revert "MIPS: Lantiq: Fix cascaded IRQ setup"
* kvm: fix page struct leak in handle_vmon
* zram: do not use copy_page with non-page aligned address
* powerpc: Disable HFSCR[TM] if TM is not supported
* crypto: ahash - Fix EINPROGRESS notification callback
* ath9k: fix NULL pointer dereference
* dvb-usb-v2: avoid use-after-free
* ext4: fix inode checksum calculation problem if i_extra_size is small
* platform/x86: acer-wmi: setup accelerometer when machine has appropriate
  notify event
* rtc: tegra: Implement clock handling
* mm: Tighten x86 /dev/mem with zeroing reads
* dvb-usb: don't use stack for firmware load
* dvb-usb-firmware: don't do DMA on stack
* virtio-console: avoid DMA from stack
* pegasus: Use heap buffers for all register access
* rtl8150: Use heap buffers for all register access
* catc: Combine failure cleanup code in catc_probe()
* catc: Use heap buffer for memory size test
* tty/serial: atmel: RS485 half duplex w/DMA: enable RX after TX is done
* net: ipv6: check route protocol when deleting routes
* MIPS: fix Select HAVE_IRQ_EXIT_ON_IRQ_STACK patch.
* Linux 4.4.63

See original description

Tags:

CVE References

2017-0605

Stefan Bader (smb) on 2017-05-02

tags:

added: kernel-stable-tracking-bug

Stefan Bader (smb) on 2017-05-02

description:

updated

Revision history for this message

Stefan Bader (smb) wrote on 2017-05-02:

"perf/x86: Avoid exposing wrong/stale data in intel_pmu_lbr_read_32()" required adapting the target file from arch/x86/kernel/cpu/perf_event_intel_lbr.c to arch/x86/events/intel/lbr.c due to "perf/x86: Move perf_event_intel_lbr.c ........ => x86/events/intel/lbr.c" being backported for bug #1559914.

Stefan Bader (smb) on 2017-05-02

Changed in linux (Ubuntu Xenial):
assignee:	nobody → Stefan Bader (smb)
status:	New → In Progress

Thadeu Lima de Souza Cascardo (cascardo) on 2017-05-05

Changed in linux (Ubuntu Xenial):
status:	In Progress → Fix Committed

Revision history for this message

Launchpad Janitor (janitor) wrote on 2017-06-06:

Download full text (9.7 KiB)

This bug was fixed in the package linux - 4.4.0-79.100

---------------
linux (4.4.0-79.100) xenial; urgency=low

* linux: 4.4.0-79.100 -proposed tracker (LP: #1691180)

  * linux-aws/linux-gke incorrectly producing and using linux-*-tools-
    common/linux-*-cloud-tools-common (LP: #1688579)
    - [Config] make linux-tools-common and linux-cloud-tools-common provide linux-
      gke versions
    - [Config] make linux-tools-common and linux-cloud-tools-common provide linux-
      aws versions
    - [Packaging] prevent linux-*-tools-common from being produced from non linux
      packages

* CVE-2017-0605
- tracing: Use strlcpy() instead of strcpy() in __trace_find_cmdline()

* i915-bpo crashes on external hdmi input (LP: #1580272)
- SAUCE: i915_bpo: Silence the warning about watermark entries not changing

  * Kernel panics on Xenial when using cgroups and strict CFS limits
    (LP: #1687512)
    - sched/fair: Initialize throttle_count for new task-groups lazily
    - sched/fair: Do not announce throttled next buddy in dequeue_task_fair()

* bonding - mlx5 - speed changed to 0 after changing ring size (LP: #1687877)
- bonding: allow notifications for bond_set_slave_link_state

  * Xenial update to 4.4.67 stable release (LP: #1689296)
    - timerfd: Protect the might cancel mechanism proper
    - Handle mismatched open calls
    - ASoC: intel: Fix PM and non-atomic crash in bytcr drivers
    - ALSA: ppc/awacs: shut up maybe-uninitialized warning
    - drbd: avoid redefinition of BITS_PER_PAGE
    - mtd: avoid stack overflow in MTD CFI code
    - net: tg3: avoid uninitialized variable warning
    - netlink: Allow direct reclaim for fallback allocation
    - IB/qib: rename BITS_PER_PAGE to RVT_BITS_PER_PAGE
    - IB/ehca: fix maybe-uninitialized warnings
    - ext4: require encryption feature for EXT4_IOC_SET_ENCRYPTION_POLICY
    - ext4 crypto: revalidate dentry after adding or removing the key
    - ext4 crypto: use dget_parent() in ext4_d_revalidate()
    - ext4/fscrypto: avoid RCU lookup in d_revalidate
    - nfsd4: minor NFSv2/v3 write decoding cleanup
    - nfsd: stricter decoding of write-like NFSv2/v3 ops
    - dm ioctl: prevent stack leak in dm ioctl call
    - Linux 4.4.67

  * Precision Rack failed to resume from S4 (LP: #1686061)
    - x86 / hibernate: Use hlt_play_dead() when resuming from hibernation
    - x86/boot: Split out kernel_ident_mapping_init()
    - x86/power/64: Always create temporary identity mapping correctly

This bug was fixed in the package linux - 4.4.0-79.100

---------------
linux (4.4.0-79.100) xenial; urgency=low

* linux: 4.4.0-79.100 -proposed tracker (LP: #1691180)

* CVE-2017-0605
    - tracing: Use strlcpy() instead of strcpy() in __trace_find_cmdline()

* i915-bpo crashes on external hdmi input (LP: #1580272)
    - SAUCE: i915_bpo: Silence the warning about watermark entries not changing

* bonding - mlx5 - speed changed to 0 after changing ring size  (LP: #1687877)
    - bonding: allow notifications for bond_set_slave_link_state

* Xenial update to 4.4.66 stable release (LP: #1688505)
    - f2fs: do more integrity verification for superblock
    - xc2028: unlock on error in xc2028_set_config()
    - ARM: OMAP2+: timer: add probe for clocksources
    - clk: sunxi: Add apb0 gates for H3
    - crypto: testmgr - fix out of bound read in __test_aead()
    - drm/amdgpu: fix array out of bounds
    - ext4: check if in-inode xattr is corrupted in ext4_expand_extra_isize_ea()
    - md:raid1: fix a dead loop when read from a WriteMostly disk
    - MIPS: Fix crash registers on non-crashing CPUs
    - net: cavium: liquidio: Avoid dma_unmap_single on uninitialized ndata
    - net_sched: close another race condition in tcf_mirred_release()
    - RDS: Fix the atomicity for congestion map update
    - regulator: core: Clear the supply pointer if enabling fails
    - usb: gadget: f_midi: Fixed a bug when buflen was smaller than wMaxPacketSize
    - xen/x86: don't lose event interrupts
    - sparc64: kern_addr_valid regression
    - sparc64: Fix kernel panic due to erroneous #ifdef surrounding pmd_write()
    - net: neigh: guard against NULL solicit() method
    - net: phy: handle state correctly in phy_stop_machine
    - l2tp: purge socket queues in the .destruct() callback
    - l2tp: take reference on sessions being dumped
    - l2tp: fix PPP pseudo-wire auto-loading
    - net: ipv4: fix multipath RTM_GETROUTE behavior when iif is given
    - sctp: listen on the sock only when it's state is listening or closed
    - tcp: clear saved_syn in tcp_disconnect()
    - dp83640: don't recieve time stamps twice
    - net: ipv6: RTF_PCPU should not be settable from userspace
    - netpoll: Check for skb->queue_mapping
    - ip6mr: fix notification device destruction
    - macvlan: Fix device ref leak when purging bc_queue
    - ipv6: check skb->protocol before lookup for nexthop
    - ipv6: check raw payload size correctly in ioctl
    - ALSA: firewire-lib: fix inappropriate assignment between signed/unsigned
      type
    - ALSA: seq: Don't break snd_use_lock_sync() loop by timeout
    - MIPS: KGDB: Use kernel context for sleeping threads
    - MIPS: Avoid BUG warning in arch_check_elf
    - p9_client_readdir() fix
    - Input: i8042 - add Clevo P650RS to the i8042 reset list
    - nfsd: check for oversized NFSv2/v3 arguments
    - ARCv2: save r30 on kernel entry as gcc uses it for code-gen
    - ftrace/x86: Fix triple fault with graph tracing and suspend-to-ram
    - Linux 4.4.66

* Xenial update to 4.4.65 stable release (LP: #1688483)
    - tipc: make sure IPv6 header fits in skb headroom
    - tipc: make dist queue pernet
    - tipc: re-enable compensation for socket receive buffer double counting
    - tipc: correct error in node fsm
    - tty: nozomi: avoid a harmless gcc warning
    - hostap: avoid uninitialized variable use in hfa384x_get_rid
    - gfs2: avoid uninitialized variable warning
    - tipc: fix random link resets while adding a second bearer
    - tipc: fix socket timer deadlock
    - xc2028: avoid use after free
    - netfilter: nfnetlink: correctly validate length of batch messages
    - tipc: check minimum bearer MTU
    - vfio/pci: Fix integer overflows, bitmask check
    - staging/android/ion : fix a race condition in the ion driver
    - ping: implement proper locking
    - perf/core: Fix concurrent sys_perf_event_open() vs. 'move_group' race
    - Linux 4.4.65

* Xenial update to 4.4.64 stable release (LP: #1687638)
    - KEYS: Disallow keyrings beginning with '.' to be joined as session keyrings
    - KEYS: Change the name of the dead type to ".dead" to prevent user access
    - KEYS: fix keyctl_set_reqkey_keyring() to not leak thread keyrings
    - tracing: Allocate the snapshot buffer before enabling probe
    - ring-buffer: Have ring_buffer_iter_empty() return true when empty
    - cifs: Do not send echoes before Negotiate is complete
    - CIFS: remove bad_network_name flag
    - s390/mm: fix CMMA vs KSM vs others
    - VSOCK: Detach QP check should filter out non matching QPs.
    - Input: elantech - add Fujitsu Lifebook E547 to force crc_enabled
    - ACPI / power: Avoid maybe-uninitialized warning
    - mmc: sdhci-esdhc-imx: increase the pad I/O drive strength for DDR50 card
    - mac80211: reject ToDS broadcast data frames
    - ubi/upd: Always flush after prepared for an update
    - powerpc/kprobe: Fix oops when kprobed on 'stdu' instruction
    - x86/mce/AMD: Give a name to MCA bank 3 when accessed with legacy MSRs
    - kvm: arm/arm64: Fix locking for kvm_free_stage2_pgd
    - x86, pmem: fix broken __copy_user_nocache cache-bypass assumptions
    - block: fix del_gendisk() vs blkdev_ioctl crash
    - tipc: fix crash during node removal
    - Linux 4.4.64

* Xenial update to 4.4.63 stable release (LP: #1687629)
    - cgroup, kthread: close race window where new kthreads can be migrated to
      non-root cgroups
    - thp: fix MADV_DONTNEED vs clear soft dirty race
    - drm/nouveau/mpeg: mthd returns true on success now
    - drm/nouveau/mmu/nv4a: use nv04 mmu rather than the nv44 one
    - CIFS: store results of cifs_reopen_file to avoid infinite wait
    - Input: xpad - add support for Razer Wildcat gamepad
    - perf/x86: Avoid exposing wrong/stale data in intel_pmu_lbr_read_32()
    - x86/vdso: Ensure vdso32_enabled gets set to valid values only
    - x86/vdso: Plug race between mapping and ELF header setup
    - acpi, nfit, libnvdimm: fix interleave set cookie calculation (64-bit
      comparison)
    - iscsi-target: Fix TMR reference leak during session shutdown
    - iscsi-target: Drop work-around for legacy GlobalSAN initiator
    - scsi: sr: Sanity check returned mode data
    - scsi: sd: Consider max_xfer_blocks if opt_xfer_blocks is unusable
    - scsi: sd: Fix capacity calculation with 32-bit sector_t
    - xen, fbfront: fix connecting to backend
    - libnvdimm: fix reconfig_mutex, mmap_sem, and jbd2_handle lockdep splat
    - irqchip/irq-imx-gpcv2: Fix spinlock initialization
    - ftrace: Fix removing of second function probe
    - char: Drop bogus dependency of DEVPORT on !M68K
    - char: lack of bool string made CONFIG_DEVPORT always on
    - Revert "MIPS: Lantiq: Fix cascaded IRQ setup"
    - kvm: fix page struct leak in handle_vmon
    - zram: do not use copy_page with non-page aligned address
    - powerpc: Disable HFSCR[TM] if TM is not supported
    - crypto: ahash - Fix EINPROGRESS notification callback
    - ath9k: fix NULL pointer dereference
    - dvb-usb-v2: avoid use-after-free
    - ext4: fix inode checksum calculation problem if i_extra_size is small
    - platform/x86: acer-wmi: setup accelerometer when machine has appropriate
      notify event
    - rtc: tegra: Implement clock handling
    - mm: Tighten x86 /dev/mem with zeroing reads
    - dvb-usb: don't use stack for firmware load
    - dvb-usb-firmware: don't do DMA on stack
    - virtio-console: avoid DMA from stack
    - pegasus: Use heap buffers for all register access
    - rtl8150: Use heap buffers for all register access
    - catc: Combine failure cleanup code in catc_probe()
    - catc: Use heap buffer for memory size test
    - tty/serial: atmel: RS485 half duplex w/DMA: enable RX after TX is done
    - net: ipv6: check route protocol when deleting routes
    - MIPS: fix Select HAVE_IRQ_EXIT_ON_IRQ_STACK patch.
    - Linux 4.4.63

-- Kleber Sacilotto de Souza <kleber.souza@canonical.com>  Wed, 17 May 2017 16:44:58 +0200

Changed in linux (Ubuntu Xenial):
status:	Fix Committed → Fix Released

Po-Hsu Lin (cypressyew) on 2019-10-03

Changed in linux (Ubuntu):
status:	New → Invalid

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.

Ubuntulinux package

Xenial update to 4.4.63 stable release

Bug Description

CVE References

Other bug subscribers

Remote bug watches

Ubuntu
linux package