[Xenial SRU] Xenial update to 4.4.82 stable release

Stefan Bader stefan.bader at canonical.com
Fri Aug 18 10:03:37 UTC 2017

Patch "packet: fix tp_reserve race in packet_set_ring" was skipped
because it is already applied for CVE-2017-1000111.

Skipped a whole bunch of changes, namely:

* revert "net: account for current skb length when
  deciding about UFO"
* revert "ipv4: Should use consistent conditional judgement for ip
  fragment in __ip_append_data and ip_finish_output"
* udp: consistently apply ufo or fragmentation
* ipv4: Should use consistent conditional judgement for ip fragment
  in __ip_append_data and ip_finish_output
* net: account for current skb length when deciding about UFO

I checked the resulting files net/ipv4/udp.c, net/ipv4/ip_output.c,
and net/ipv6/ip6_output.c from the 4.4.y tree and our Xenial tree. And
overall there is only one difference in the ip*_ouput.c files which come
from applying
* "udp: avoid ufo handling on IP payload compression packets" and
* "ipv6: Don't use ufo handling on later transformed packets" which
I picked as additional patches to be part of CVE-2017-1000112. And those
still look like fixes to valid issues (though probably not directly related
to the CVE). So I would suggest we stay at what we got right now.



The following changes since commit a9d84b28c011a15fa8d435c05e96b86ff6eb5422:

  Linux 4.4.81 (2017-08-18 09:16:10 +0200)

are available in the git repository at:

  git://git.launchpad.net/~smb/+git/linux-xenial stable-4.4

for you to fetch changes up to 885ccceffa6c3b54cbf32c9024eb30b1bff2c80c:

  Linux 4.4.82 (2017-08-18 10:17:00 +0200)

Daniel Borkmann (1):
      bpf, s390: fix jit branch offset related to ldimm64

Eric Dumazet (2):
      net: fix keepalive code vs TCP_FASTOPEN_CONNECT
      tcp: fastopen: tcp_connect() must refresh the route

Greg Kroah-Hartman (1):
      Linux 4.4.82

Matthew Dawson (1):
      mm/mempool: avoid KASAN marking mempool poison checks as use-after-free

Rob Gardner (1):
      sparc64: Prevent perf from running during super critical sections

Suzuki K Poulose (1):
      KVM: arm/arm64: Handle hva aging while destroying the vm

Willem de Bruijn (1):
      net: avoid skb_warn_bad_offload false positives on UFO

Xin Long (1):
      net: sched: set xt_tgchk_param par.nft_compat as 0 in ipt_init_target

Yuchung Cheng (1):
      tcp: avoid setting cwnd to invalid ssthresh after cwnd reduction states

 Makefile                                |  2 +-
 arch/arm/kvm/mmu.c                      |  4 ++++
 arch/s390/net/bpf_jit_comp.c            |  3 ++-
 arch/sparc/include/asm/mmu_context_64.h | 14 +++++++++-----
 arch/sparc/kernel/tsb.S                 | 12 ++++++++++++
 arch/sparc/power/hibernate.c            |  3 +--
 mm/mempool.c                            |  2 +-
 net/core/dev.c                          |  2 +-
 net/ipv4/tcp_input.c                    |  4 ++--
 net/ipv4/tcp_output.c                   |  3 +++
 net/ipv4/tcp_timer.c                    |  3 ++-
 net/ipv4/udp_offload.c                  |  2 +-
 net/ipv6/udp_offload.c                  |  2 +-
 net/sched/act_ipt.c                     |  2 +-
 14 files changed, 41 insertions(+), 17 deletions(-)

More information about the kernel-team mailing list