APPLIED/cmnt: [SRU][Xenial][PULL] Xenial update: 4.4.170 upstream stable release (LP: #1811647)
Stefan Bader
stefan.bader at canonical.com
Fri Feb 1 11:41:43 UTC 2019
On 15.01.19 08:20, Juerg Haefliger wrote:
> SRU Justification
>
> Impact:
> The upstream process for stable tree updates is quite similar
> in scope to the Ubuntu SRU process, e.g., each patch has to
> demonstrably fix a bug, and each patch is vetted by upstream
> by originating either directly from a mainline/stable Linux tree or
> a minimally backported form of that patch. The following upstream
> stable patches should be included in the Ubuntu kernel:
>
> 4.4.170 upstream stable release
> from git://git.kernel.org/
>
> Linux 4.4.170
> power: supply: olpc_battery: correct the temperature units
> intel_th: msu: Fix an off-by-one in attribute store
> genwqe: Fix size check
> ceph: don't update importing cap's mseq when handing cap export
> iommu/vt-d: Handle domain agaw being less than iommu agaw
> 9p/net: put a lower bound on msize
> b43: Fix error in cordic routine
> gfs2: Fix loop in gfs2_rbm_find
> dlm: memory leaks on error path in dlm_user_request()
> dlm: lost put_lkb on error path in receive_convert() and receive_unlock()
> dlm: possible memory leak on error path in create_lkb()
> dlm: fixed memory leaks after failed ls_remove_names allocation
> ALSA: usb-audio: Fix an out-of-bound read in create_composite_quirks
> ALSA: usb-audio: Avoid access before bLength check in build_audio_procunit()
> ALSA: cs46xx: Potential NULL dereference in probe
> crypto: x86/chacha20 - avoid sleeping with preemption disabled
> sunrpc: use SVC_NET() in svcauth_gss_* functions
> sunrpc: fix cache_head leak due to queued request
> mm, devm_memremap_pages: kill mapping "System RAM" support
> mm, devm_memremap_pages: mark devm_memremap_pages() EXPORT_SYMBOL_GPL
> hwpoison, memory_hotplug: allow hwpoisoned pages to be offlined
> fork: record start_time late
> scsi: zfcp: fix posting too many status read buffers leading to adapter shutdown
> Input: omap-keypad - fix idle configuration to not block SoC idle states
> scsi: bnx2fc: Fix NULL dereference in error handling
> xfrm: Fix bucket count reported to userspace
> checkstack.pl: fix for aarch64
> Input: restore EV_ABS ABS_RESERVED
> ARM: imx: update the cpu power up timing setting on i.mx6sx
> powerpc: Fix COFF zImage booting on old powermacs
> spi: bcm2835: Unbreak the build of esoteric configs
> x86/kvm/vmx: do not use vm-exit instruction length for fast MMIO when running nested
> CIFS: Fix error mapping for SMB2_LOCK command which caused OFD lock problem
> MIPS: Align kernel load address to 64KB
> MIPS: Ensure pmd_present() returns false after pmd_mknotpresent()
> media: vivid: free bitmap_cap when updating std/timings/etc.
> cdc-acm: fix abnormal DATA RX issue for Mediatek Preloader.
> spi: bcm2835: Avoid finishing transfer prematurely in IRQ mode
> spi: bcm2835: Fix book-keeping of DMA termination
> spi: bcm2835: Fix race on DMA termination
> ext4: force inode writes when nfsd calls commit_metadata()
> ext4: fix EXT4_IOC_GROUP_ADD ioctl
> ext4: missing unlock/put_page() in ext4_try_to_write_inline_data()
> ext4: fix possible use after free in ext4_quota_enable
> perf pmu: Suppress potential format-truncation warning
> KVM: x86: Use jmp to invoke kvm_spurious_fault() from .fixup
> Input: elan_i2c - add ACPI ID for touchpad in ASUS Aspire F5-573G
> usb: r8a66597: Fix a possible concurrency use-after-free bug in r8a66597_endpoint_disable()
> USB: serial: option: add Fibocom NL678 series
> USB: serial: pl2303: add ids for Hewlett-Packard HP POS pole displays
> ALSA: hda/tegra: clear pending irq handlers
> ALSA: hda: add mute LED support for HP EliteBook 840 G4
> ALSA: emux: Fix potential Spectre v1 vulnerabilities
> ALSA: pcm: Fix potential Spectre v1 vulnerability
> ALSA: emu10k1: Fix potential Spectre v1 vulnerabilities
> ALSA: rme9652: Fix potential Spectre v1 vulnerability
> sock: Make sock->sk_stamp thread-safe
> gro_cell: add napi_disable in gro_cells_destroy
> xen/netfront: tolerate frags with no data
> VSOCK: Send reset control packet when socket is partially bound
> vhost: make sure used idx is seen before log in vhost_add_used_n()
> sctp: initialize sin6_flowinfo for ipv6 addrs in sctp_inet6addr_event
> packet: validate address length if non-zero
> packet: validate address length
> netrom: fix locking in nr_find_socket()
> isdn: fix kernel-infoleak in capi_unlocked_ioctl
> ipv6: explicitly initialize udp6_addr in udp_sock_create6()
> ieee802154: lowpan_header_create check must check daddr
> ibmveth: fix DMA unmap error in ibmveth_xmit_start error path
> ax25: fix a use-after-free in ax25_fillin_cb()
> ipv4: Fix potential Spectre v1 vulnerability
> ip6mr: Fix potential Spectre v1 vulnerability
> drm/ioctl: Fix Spectre v1 vulnerabilities
> x86/mtrr: Don't copy uninitialized gentry fields back to userspace
> Drivers: hv: vmbus: Return -EINVAL for the sys files for unopened channels
> gpio: max7301: fix driver for use with CONFIG_VMAP_STACK
> mmc: omap_hsmmc: fix DMA API warning
> mmc: core: Reset HPI enabled state during re-init and in case of errors
> USB: serial: option: add Telit LN940 series
> USB: serial: option: add Fibocom NL668 series
> USB: serial: option: add Simcom SIM7500/SIM7600 (MBIM mode)
> USB: serial: option: add HP lt4132
> USB: serial: option: add GosunCn ZTE WeLink ME3630
> xhci: Don't prevent USB2 bus suspend in state check intended for USB3 only
> USB: hso: Fix OOB memory access in hso_probe/hso_get_config_data
>
> Compile-tested all architectures. Ran release regression tests (locally).
>
> Signed-off-by: Juerg Haefliger <juergh at canonical.com>
> ---
>
> The following changes since commit f4925924e869bd6d6fed0b68c274026da1b0169c:
>
> Linux 4.4.169 (2019-01-11 14:40:17 +0100)
>
> are available in the Git repository at:
>
> git://git.launchpad.net/~juergh/+git/xenial-linux update-4.4.170
>
> for you to fetch changes up to 6aea40b78942cf00d2c8a9e2e204e7950f988a10:
>
> Linux 4.4.170 (2019-01-14 09:43:46 +0100)
>
> ----------------------------------------------------------------
> Alexander Shishkin (1):
> intel_th: msu: Fix an off-by-one in attribute store
>
> Andreas Gruenbacher (1):
> gfs2: Fix loop in gfs2_rbm_find
>
> Anson Huang (1):
> ARM: imx: update the cpu power up timing setting on i.mx6sx
>
> Ben Hutchings (1):
> perf pmu: Suppress potential format-truncation warning
>
> Benjamin Poirier (1):
> xfrm: Fix bucket count reported to userspace
>
> Christian Borntraeger (1):
> genwqe: Fix size check
>
> Christophe Leroy (1):
> gpio: max7301: fix driver for use with CONFIG_VMAP_STACK
>
> Colin Ian King (1):
> x86/mtrr: Don't copy uninitialized gentry fields back to userspace
>
> Cong Wang (3):
> ax25: fix a use-after-free in ax25_fillin_cb()
> ipv6: explicitly initialize udp6_addr in udp_sock_create6()
> netrom: fix locking in nr_find_socket()
>
> Dan Carpenter (2):
> scsi: bnx2fc: Fix NULL dereference in error handling
> ALSA: cs46xx: Potential NULL dereference in probe
>
> Dan Williams (2):
> mm, devm_memremap_pages: mark devm_memremap_pages() EXPORT_SYMBOL_GPL
> mm, devm_memremap_pages: kill mapping "System RAM" support
>
> David Herrmann (1):
> fork: record start_time late
>
> Deepa Dinamani (1):
> sock: Make sock->sk_stamp thread-safe
>
> Dexuan Cui (1):
> Drivers: hv: vmbus: Return -EINVAL for the sys files for unopened channels
>
> Dominique Martinet (1):
> 9p/net: put a lower bound on msize
>
> Eric Biggers (1):
> crypto: x86/chacha20 - avoid sleeping with preemption disabled
>
> Eric Dumazet (1):
> isdn: fix kernel-infoleak in capi_unlocked_ioctl
>
> Georgy A Bystrenin (1):
> CIFS: Fix error mapping for SMB2_LOCK command which caused OFD lock problem
>
> Greg Kroah-Hartman (1):
> Linux 4.4.170
>
> Gustavo A. R. Silva (7):
> drm/ioctl: Fix Spectre v1 vulnerabilities
> ip6mr: Fix potential Spectre v1 vulnerability
> ipv4: Fix potential Spectre v1 vulnerability
> ALSA: rme9652: Fix potential Spectre v1 vulnerability
> ALSA: emu10k1: Fix potential Spectre v1 vulnerabilities
> ALSA: pcm: Fix potential Spectre v1 vulnerability
> ALSA: emux: Fix potential Spectre v1 vulnerabilities
>
> Hans Verkuil (1):
> media: vivid: free bitmap_cap when updating std/timings/etc.
>
> Huacai Chen (2):
> MIPS: Ensure pmd_present() returns false after pmd_mknotpresent()
> MIPS: Align kernel load address to 64KB
>
> Hui Peng (2):
> USB: hso: Fix OOB memory access in hso_probe/hso_get_config_data
> ALSA: usb-audio: Fix an out-of-bound read in create_composite_quirks
>
> Jason Wang (1):
> vhost: make sure used idx is seen before log in vhost_add_used_n()
>
> Jia-Ju Bai (1):
> usb: r8a66597: Fix a possible concurrency use-after-free bug in r8a66597_endpoint_disable()
>
> Jorgen Hansen (1):
> VSOCK: Send reset control packet when socket is partially bound
>
> Juergen Gross (1):
> xen/netfront: tolerate frags with no data
>
> Jörgen Storvist (5):
> USB: serial: option: add GosunCn ZTE WeLink ME3630
> USB: serial: option: add Simcom SIM7500/SIM7600 (MBIM mode)
> USB: serial: option: add Fibocom NL668 series
> USB: serial: option: add Telit LN940 series
> USB: serial: option: add Fibocom NL678 series
>
> Larry Finger (1):
> b43: Fix error in cordic routine
>
> Lorenzo Bianconi (1):
> gro_cell: add napi_disable in gro_cells_destroy
>
> Lubomir Rintel (1):
> power: supply: olpc_battery: correct the temperature units
>
> Lukas Wunner (4):
> spi: bcm2835: Fix race on DMA termination
> spi: bcm2835: Fix book-keeping of DMA termination
> spi: bcm2835: Avoid finishing transfer prematurely in IRQ mode
> spi: bcm2835: Unbreak the build of esoteric configs
>
> Macpaul Lin (1):
> cdc-acm: fix abnormal DATA RX issue for Mediatek Preloader.
>
> Mantas Mikulėnas (1):
> ALSA: hda: add mute LED support for HP EliteBook 840 G4
>
> Mathias Nyman (1):
> xhci: Don't prevent USB2 bus suspend in state check intended for USB3 only
>
> Maurizio Lombardi (1):
> ext4: missing unlock/put_page() in ext4_try_to_write_inline_data()
>
> Michal Hocko (1):
> hwpoison, memory_hotplug: allow hwpoisoned pages to be offlined
>
> Pan Bian (1):
> ext4: fix possible use after free in ext4_quota_enable
>
> Patrick Dreyer (1):
> Input: elan_i2c - add ACPI ID for touchpad in ASUS Aspire F5-573G
>
> Paul Mackerras (1):
> powerpc: Fix COFF zImage booting on old powermacs
>
> Peter Hutterer (1):
> Input: restore EV_ABS ABS_RESERVED
>
> Qian Cai (1):
> checkstack.pl: fix for aarch64
>
> Russell King (1):
> mmc: omap_hsmmc: fix DMA API warning
>
> Sameer Pujar (1):
> ALSA: hda/tegra: clear pending irq handlers
>
> Scott Chen (1):
> USB: serial: pl2303: add ids for Hewlett-Packard HP POS pole displays
>
> Sean Christopherson (1):
> KVM: x86: Use jmp to invoke kvm_spurious_fault() from .fixup
>
> Sohil Mehta (1):
> iommu/vt-d: Handle domain agaw being less than iommu agaw
>
> Steffen Maier (1):
> scsi: zfcp: fix posting too many status read buffers leading to adapter shutdown
>
> Takashi Iwai (1):
> ALSA: usb-audio: Avoid access before bLength check in build_audio_procunit()
>
> Theodore Ts'o (1):
> ext4: force inode writes when nfsd calls commit_metadata()
>
> Tony Lindgren (1):
> Input: omap-keypad - fix idle configuration to not block SoC idle states
>
> Tore Anderson (1):
> USB: serial: option: add HP lt4132
>
> Tyrel Datwyler (1):
> ibmveth: fix DMA unmap error in ibmveth_xmit_start error path
>
> Ulf Hansson (1):
> mmc: core: Reset HPI enabled state during re-init and in case of errors
>
> Vasily Averin (6):
> sunrpc: fix cache_head leak due to queued request
> sunrpc: use SVC_NET() in svcauth_gss_* functions
> dlm: fixed memory leaks after failed ls_remove_names allocation
> dlm: possible memory leak on error path in create_lkb()
> dlm: lost put_lkb on error path in receive_convert() and receive_unlock()
> dlm: memory leaks on error path in dlm_user_request()
>
> Vitaly Kuznetsov (1):
> x86/kvm/vmx: do not use vm-exit instruction length for fast MMIO when running nested
>
> Willem de Bruijn (3):
> ieee802154: lowpan_header_create check must check daddr
> packet: validate address length
> packet: validate address length if non-zero
>
> Xin Long (1):
> sctp: initialize sin6_flowinfo for ipv6 addrs in sctp_inet6addr_event
>
> Yan, Zheng (1):
> ceph: don't update importing cap's mseq when handing cap export
>
> ruippan (潘睿) (1):
> ext4: fix EXT4_IOC_GROUP_ADD ioctl
>
> Makefile | 2 +-
> arch/arm/mach-imx/cpuidle-imx6sx.c | 2 +-
> arch/mips/boot/compressed/calc_vmlinuz_load_addr.c | 7 ++-
> arch/mips/include/asm/pgtable-64.h | 5 ++
> arch/powerpc/boot/crt0.S | 4 +-
> arch/x86/crypto/chacha20_glue.c | 1 +
> arch/x86/include/asm/kvm_host.h | 2 +-
> arch/x86/kernel/cpu/mtrr/if.c | 2 +
> arch/x86/kvm/vmx.c | 19 +++++-
> arch/x86/kvm/x86.c | 3 +-
> drivers/gpio/gpio-max7301.c | 12 +---
> drivers/gpu/drm/drm_ioctl.c | 10 +++-
> drivers/hv/vmbus_drv.c | 20 +++++++
> drivers/hwtracing/intel_th/msu.c | 3 +-
> drivers/input/keyboard/omap4-keypad.c | 16 ++----
> drivers/input/mouse/elan_i2c_core.c | 1 +
> drivers/iommu/intel-iommu.c | 4 +-
> drivers/isdn/capi/kcapi.c | 4 +-
> drivers/media/platform/vivid/vivid-vid-cap.c | 2 +
> drivers/misc/genwqe/card_utils.c | 2 +-
> drivers/mmc/core/mmc.c | 4 +-
> drivers/mmc/host/omap_hsmmc.c | 12 +++-
> drivers/net/ethernet/ibm/ibmveth.c | 6 +-
> drivers/net/usb/hso.c | 18 +++++-
> drivers/net/wireless/b43/phy_common.c | 2 +-
> drivers/net/xen-netfront.c | 2 +-
> drivers/power/olpc_battery.c | 4 +-
> drivers/s390/scsi/zfcp_aux.c | 6 +-
> drivers/scsi/bnx2fc/bnx2fc_fcoe.c | 2 +-
> drivers/spi/spi-bcm2835.c | 16 +++---
> drivers/usb/class/cdc-acm.c | 10 ++++
> drivers/usb/class/cdc-acm.h | 1 +
> drivers/usb/host/r8a66597-hcd.c | 5 +-
> drivers/usb/host/xhci-hub.c | 3 +-
> drivers/usb/serial/option.c | 20 ++++++-
> drivers/usb/serial/pl2303.c | 5 ++
> drivers/usb/serial/pl2303.h | 5 ++
> drivers/vhost/vhost.c | 2 +
> fs/ceph/caps.c | 1 -
> fs/cifs/smb2maperror.c | 4 +-
> fs/dlm/lock.c | 17 +++---
> fs/dlm/lockspace.c | 2 +-
> fs/ext4/inline.c | 5 +-
> fs/ext4/resize.c | 2 +-
> fs/ext4/super.c | 13 ++++-
> fs/gfs2/rgrp.c | 2 +-
> include/net/gro_cells.h | 1 +
> include/net/sock.h | 36 +++++++++++-
> include/trace/events/ext4.h | 20 +++++++
> include/uapi/linux/input-event-codes.h | 9 +++
> kernel/fork.c | 13 ++++-
> kernel/memremap.c | 11 ++--
> mm/memory_hotplug.c | 16 ++++++
> net/9p/client.c | 21 +++++++
> net/ax25/af_ax25.c | 11 +++-
> net/ax25/ax25_dev.c | 2 +
> net/compat.c | 15 +++--
> net/core/sock.c | 3 +
> net/ieee802154/6lowpan/tx.c | 3 +
> net/ipv4/ipmr.c | 2 +
> net/ipv6/ip6_udp_tunnel.c | 3 +-
> net/ipv6/ip6mr.c | 4 ++
> net/netrom/af_netrom.c | 15 +++--
> net/packet/af_packet.c | 8 ++-
> net/sctp/ipv6.c | 1 +
> net/sunrpc/auth_gss/svcauth_gss.c | 8 +--
> net/sunrpc/cache.c | 10 +++-
> net/sunrpc/svcsock.c | 2 +-
> net/vmw_vsock/vmci_transport.c | 67 ++++++++++++++++------
> net/xfrm/xfrm_state.c | 2 +-
> scripts/checkstack.pl | 4 +-
> sound/core/pcm.c | 2 +
> sound/pci/cs46xx/dsp_spos.c | 3 +
> sound/pci/emu10k1/emufx.c | 5 ++
> sound/pci/hda/hda_tegra.c | 2 +
> sound/pci/hda/patch_conexant.c | 1 +
> sound/pci/rme9652/hdsp.c | 10 ++--
> sound/synth/emux/emux_hwdep.c | 7 ++-
> sound/usb/mixer.c | 10 +++-
> sound/usb/quirks-table.h | 3 +
> tools/perf/util/pmu.c | 8 +--
> 81 files changed, 484 insertions(+), 144 deletions(-)
>
When pulling, skipped "fork: record start_time late" since it was already
applied for CVE-2019-6133.
Applied to xenial/master-next. Thanks.
-Stefan
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <https://lists.ubuntu.com/archives/kernel-team/attachments/20190201/8431e08f/attachment-0001.sig>
More information about the kernel-team
mailing list