[ubuntu/zesty-security] linux 4.10.0-26.30 (Accepted)
Andy Whitcroft
apw at canonical.com
Thu Jun 29 07:18:50 UTC 2017
linux (4.10.0-26.30) zesty; urgency=low
* linux: 4.10.0-26.30 -proposed tracker (LP: #1700528)
* CVE-2017-1000364
- Revert "UBUNTU: SAUCE: mm: Only expand stack if guard area is hit"
- Revert "mm: do not collapse stack gap into THP"
- Revert "mm: enlarge stack guard gap"
- mm: larger stack guard gap, between vmas
- mm: fix new crash in unmapped_area_topdown()
- Allow stack to grow up to address space limit
linux (4.10.0-25.29) zesty; urgency=low
* linux: 4.10.0-25.29 -proposed tracker (LP: #1699028)
* CVE-2017-1000364
- SAUCE: mm: Only expand stack if guard area is hit
* CVE-2017-9074
- ipv6: Prevent overrun when parsing v6 header options
- ipv6: Check ip6_find_1stfragopt() return value properly.
* [Zesty] QDF2400 ARM64 server - NMI watchdog: BUG: soft lockup - CPU#8 stuck
for 22s! (LP: #1680549)
- iommu/dma: Stop getting dma_32bit_pfn wrong
- iommu/dma: Implement PCI allocation optimisation
- iommu/dma: Convert to address-based allocation
- iommu/dma: Clean up MSI IOVA allocation
- iommu/dma: Plumb in the per-CPU IOVA caches
- iommu/iova: Fix underflow bug in __alloc_and_insert_iova_range
* Zesty update to 4.10.17 stable release (LP: #1692898)
- xen: adjust early dom0 p2m handling to xen hypervisor behavior
- target: Fix compare_and_write_callback handling for non GOOD status
- target/fileio: Fix zero-length READ and WRITE handling
- iscsi-target: Set session_fall_back_to_erl0 when forcing reinstatement
- usb: xhci: bInterval quirk for TI TUSB73x0
- usb: host: xhci: print correct command ring address
- USB: serial: ftdi_sio: add device ID for Microsemi/Arrow SF2PLUS Dev Kit
- USB: Proper handling of Race Condition when two USB class drivers try to
call init_usb_class simultaneously
- USB: Revert "cdc-wdm: fix "out-of-sync" due to missing notifications"
- staging: vt6656: use off stack for in buffer USB transfers.
- staging: vt6656: use off stack for out buffer USB transfers.
- staging: gdm724x: gdm_mux: fix use-after-free on module unload
- staging: wilc1000: Fix problem with wrong vif index
- staging: comedi: jr3_pci: fix possible null pointer dereference
- staging: comedi: jr3_pci: cope with jiffies wraparound
- usb: misc: add missing continue in switch
- usb: gadget: legacy gadgets are optional
- usb: Make sure usb/phy/of gets built-in
- usb: hub: Fix error loop seen after hub communication errors
- usb: hub: Do not attempt to autosuspend disconnected devices
- x86/boot: Fix BSS corruption/overwrite bug in early x86 kernel startup
- selftests/x86/ldt_gdt_32: Work around a glibc sigaction() bug
- x86, pmem: Fix cache flushing for iovec write < 8 bytes
- um: Fix PTRACE_POKEUSER on x86_64
- perf/x86: Fix Broadwell-EP DRAM RAPL events
- KVM: x86: fix user triggerable warning in kvm_apic_accept_events()
- KVM: arm/arm64: fix races in kvm_psci_vcpu_on
- arm64: KVM: Fix decoding of Rt/Rt2 when trapping AArch32 CP accesses
- block: fix blk_integrity_register to use template's interval_exp if not 0
- crypto: s5p-sss - Close possible race for completed requests
- crypto: algif_aead - Require setkey before accept(2)
- crypto: ccp - Use only the relevant interrupt bits
- crypto: ccp - Disable interrupts early on unload
- crypto: ccp - Change ISR handler method for a v3 CCP
- crypto: ccp - Change ISR handler method for a v5 CCP
- dm crypt: rewrite (wipe) key in crypto layer using random data
- dm era: save spacemap metadata root after the pre-commit
- dm rq: check blk_mq_register_dev() return value in
dm_mq_init_request_queue()
- dm thin: fix a memory leak when passing discard bio down
- vfio/type1: Remove locked page accounting workqueue
- iov_iter: don't revert iov buffer if csum error
- IB/core: Fix sysfs registration error flow
- IB/core: For multicast functions, verify that LIDs are multicast LIDs
- IB/IPoIB: ibX: failed to create mcg debug file
- IB/mlx4: Fix ib device initialization error flow
- IB/mlx4: Reduce SRIOV multicast cleanup warning message to debug level
- IB/hfi1: Prevent kernel QP post send hard lockups
- perf auxtrace: Fix no_size logic in addr_filter__resolve_kernel_syms()
- perf annotate s390: Fix perf annotate error -95 (4.10 regression)
- perf annotate s390: Implement jump types for perf annotate
- jbd2: fix dbench4 performance regression for 'nobarrier' mounts
- ext4: evict inline data when writing to memory map
- orangefs: fix bounds check for listxattr
- orangefs: clean up oversize xattr validation
- orangefs: do not set getattr_time on orangefs_lookup
- orangefs: do not check possibly stale size on truncate
- fs/xattr.c: zero out memory copied to userspace in getxattr
- ceph: fix memory leak in __ceph_setxattr()
- fs/block_dev: always invalidate cleancache in invalidate_bdev()
- mm: prevent potential recursive reclaim due to clearing PF_MEMALLOC
- Fix match_prepath()
- Set unicode flag on cifs echo request to avoid Mac error
- SMB3: Work around mount failure when using SMB3 dialect to Macs
- CIFS: fix mapping of SFM_SPACE and SFM_PERIOD
- cifs: fix leak in FSCTL_ENUM_SNAPS response handling
- cifs: fix CIFS_ENUMERATE_SNAPSHOTS oops
- CIFS: fix oplock break deadlocks
- cifs: fix CIFS_IOC_GET_MNT_INFO oops
- CIFS: add misssing SFM mapping for doublequote
- ovl: do not set overlay.opaque on non-dir create
- padata: free correct variable
- md/raid1: avoid reusing a resync bio after error handling.
- device-dax: fix cdev leak
- device-dax: fix sysfs attribute deadlock
- dax: prevent invalidation of mapped DAX entries
- mm: fix data corruption due to stale mmap reads
- f2fs: fix fs corruption due to zero inode page
- fscrypt: fix context consistency check when key(s) unavailable
- serial: samsung: Use right device for DMA-mapping calls
- serial: omap: fix runtime-pm handling on unbind
- serial: omap: suspend device on probe errors
- tty: pty: Fix ldisc flush after userspace become aware of the data already
- Bluetooth: Fix user channel for 32bit userspace on 64bit kernel
- Bluetooth: hci_bcm: add missing tty-device sanity check
- Bluetooth: hci_intel: add missing tty-device sanity check
- libnvdimm, region: fix flush hint detection crash
- libnvdimm, pmem: fix a NULL pointer BUG in nd_pmem_notify
- libnvdimm: fix nvdimm_bus_lock() vs device_lock() ordering
- libnvdimm, pfn: fix 'npfns' vs section alignment
- pstore: Shut down worker when unregistering
- Linux 4.10.17
* [SRU][Zesty] Support SMMU passthrough using the default domain
(LP: #1688158)
- iommu/arm-smmu: Restrict domain attributes to UNMANAGED domains
- iommu/arm-smmu: Install bypass S2CRs for IOMMU_DOMAIN_IDENTITY domains
- iommu/arm-smmu-v3: Make arm_smmu_install_ste_for_dev return void
- iommu: Rename iommu_get_instance()
- iommu: Rename struct iommu_device
- iommu: Introduce new 'struct iommu_device'
- iommu: Add sysfs bindings for struct iommu_device
- iommu: Make iommu_device_link/unlink take a struct iommu_device
- iommu: Add iommu_device_set_fwnode() interface
- iommu/arm-smmu: Make use of the iommu_register interface
- iommu/arm-smmu-v3: Install bypass STEs for IOMMU_DOMAIN_IDENTITY domains
- iommu: Allow default domain type to be set on the kernel command line
- arm64: dma-mapping: Only swizzle DMA ops for IOMMU_DOMAIN_DMA
- iommu/vt-d: Fix crash on boot when DMAR is disabled
* Enable Matrox driver for Ubuntu 16.04.3 (LP: #1693337)
- [Config] Enable CONFIG_DRM_MGAG200 as module
- drm/mgag200: Added support for the new device G200eH3
* Ubuntu16.04.03: POWER9 XIVE: msgsnd/doorbell IPI support (backport)
(LP: #1691973)
- powerpc/64s: Add msgp facility unavailable log string
- powerpc/64s: Add SCV FSCR bit for ISA v3.0
- powerpc/xmon: Dump memory in CPU endian format
- powerpc/xive: Native exploitation of the XIVE interrupt controller
- powerpc: Change the doorbell IPI calling convention
- powerpc: Introduce msgsnd/doorbell barrier primitives
- powerpc/64s: Avoid a branch for ppc_msgsnd
- powerpc/powernv: POWER9 support for msgsnd/doorbell IPI
- powerpc: Add optional smp_ops->prepare_cpu SMP callback
- powerpc: Add more PPC bit conversion macros
- powerpc/powernv: Add XIVE related definitions to opal-api.h
- powerpc/smp: Remove migrate_irq() custom implementation
- powerpc/powernv: Fix oops on P9 DD1 in cause_ipi()
- (config) Update configs with PPC_XIVE options
* CVE-2017-100363
- char: lp: fix possible integer overflow in lp_setup()
* CVE-2017-9242
- ipv6: fix out of bound writes in __ip6_append_data()
* CVE-2017-9075
- sctp: do not inherit ipv6_{mc|ac|fl}_list from parent
* CVE-2017-9076
- ipv6/dccp: do not inherit ipv6_mc_list from parent
* CVE-2017-9077
- ipv6/dccp: do not inherit ipv6_mc_list from parent
* CVE-2017-8890
- dccp/tcp: do not inherit mc_list from parent
* Module signing exclusion for staging drivers does not work properly
(LP: #1690908)
- SAUCE: Fix module signing exclusion in package builds
* extend-diff-ignore should use exact matches (LP: #1693504)
- [Packaging] exact extend-diff-ignore matches
* Marvell MacchiatoBin crashes in fintek_8250_probe() (LP: #1692548)
- drivers/tty: 8250: only call fintek_8250_probe when doing port I/O
* arm-smmu arm-smmu.2.auto: Unhandled context fault (LP: #1694506)
- net: thunderx: Fix IOMMU translation faults
* arm64: mbigen updates (LP: #1692783)
- Revert "UBUNTU: SAUCE: irqchip: mbigen: Add ACPI support"
- irqchip/mbigen: Add ACPI support
- irqchip/mbigen: Fix return value check in mbigen_device_probe()
- irqchip/mbigen: Fix memory mapping code
- irqchip/mbigen: Fix potential NULL dereferencing
- irqchip/mbigen: Fix the clear register offset calculation
* System doesn't boot properly on Gigabyte AM4 motherboards (AMD Ryzen)
(LP: #1671360)
- pinctrl: amd: make use of raw_spinlock variants
- pinctrl/amd: Use regular interrupt instead of chained
* PowerPC: Pstore dump for powerpc is broken (LP: #1691045)
- pstore: Fix flags to enable dumps on powerpc
* Dell Inspiron on kernel 4.10 : battery detected only after AC power adapter
event (LP: #1678590)
- ACPI / blacklist: add _REV quirk for Dell Inspiron 7537
* APST quirk needed for Intel NVMe (LP: #1686592)
- nvme: Quirk APST on Intel 600P/P3100 devices
* Merlin SGMII fail on Ubuntu Xenial HWE kernel (LP: #1686305)
- drivers: net: phy: xgene: Fix mdio write
* Zesty update to 4.10.16 stable release (LP: #1691369)
- 9p: fix a potential acl leak
- drm/sti: fix GDP size to support up to UHD resolution
- hwmon: (it87) Fix pwm4 detection for IT8620 and IT8628
- mtd: nand: Add OX820 NAND hardware dependency
- tpm: fix RC value check in tpm2_seal_trusted
- tmp: use pdev for parent device in tpm_chip_alloc
- crypto: caam - fix error path for ctx_dma mapping failure
- crypto: caam - don't dma_map key for hash algorithms
- power: supply: lp8788: prevent out of bounds array access
- cpupower: Fix turbo frequency reporting for pre-Sandy Bridge cores
- powerpc/perf: Fix perf_get_data_addr() for power9 DD1
- powerpc/perf: Handle sdar_mode for marked event in power9
- powerpc/mm: Fixup wrong LPCR_VRMASD value
- powerpc/powernv: Fix opal_exit tracepoint opcode
- powerpc/mm: Fix build break when CMA=n && SPAPR_TCE_IOMMU=y
- powerpc/ftrace: Fix confusing help text for DISABLE_MPROFILE_KERNEL
- powerpc: Correctly disable latent entropy GCC plugin on prom_init.o
- power: supply: bq24190_charger: Fix irq trigger to IRQF_TRIGGER_FALLING
- power: supply: bq24190_charger: Call set_mode_host() on pm_resume()
- power: supply: bq24190_charger: Install irq_handler_thread() at end of
probe()
- power: supply: bq24190_charger: Call power_supply_changed() for relevant
component
- power: supply: bq24190_charger: Don't read fault register outside
irq_handle_thread()
- power: supply: bq24190_charger: Handle fault before status on interrupt
- arm64: dts: r8a7795: Mark EthernetAVB device node disabled
- arm: dts: qcom: Fix ipq board clock rates
- arm64: remove wrong CONFIG_PROC_SYSCTL ifdef
- arm64: Improve detection of user/non-user mappings in set_pte(_at)
- spi: armada-3700: Remove spi_master_put in a3700_spi_remove()
- leds: ktd2692: avoid harmless maybe-uninitialized warning
- ARM: pxa: ezx: fix a910 camera data
- ARM: dts: NSP: GPIO reboot open-source
- ARM: dts: imx6sx-udoo-neo: Fix reboot hang
- ARM: OMAP5 / DRA7: Fix HYP mode boot for thumb2 build
- ARM: OMAP3: Fix smartreflex platform data regression
- ARM: dts: am57xx-idk: tpic2810 is on I2C bus, not SPI
- ARM: dts: sun7i: lamobo-r1: Fix CPU port RGMII settings
- mwifiex: debugfs: Fix (sometimes) off-by-1 SSID print
- mwifiex: remove redundant dma padding in AMSDU
- mwifiex: Avoid skipping WEP key deletion for AP
- mwifiex: don't enable/disable IRQ 0 during suspend/resume
- mwifiex: set adapter->dev before starting to use mwifiex_dbg()
- iwlwifi: mvm: properly check for transport data in dump
- iwlwifi: mvm: don't restart HW if suspend fails with unified image
- iwlwifi: mvm: overwrite skb info later
- iwlwifi: pcie: don't increment / decrement a bool
- iwlwifi: pcie: trans: Remove unused 'shift_param'
- iwlwifi: pcie: fix the set of DMA memory mask
- iwlwifi: mvm: fix reorder timer re-arming
- iwlwifi: mvm: Use aux queue for offchannel frames in dqa
- iwlwifi: mvm/pcie: adjust A-MSDU tx_cmd length in PCIe
- iwlwifi: mvm: fix pending frame counter calculation
- iwlwifi: mvm: fix references to first_agg_queue in DQA mode
- iwlwifi: mvm: synchronize firmware DMA paging memory
- iwlwifi: mvm: writing zero bytes to debugfs causes a crash
- iwlwifi: mvm: fix accessing fw_id_to_mac_id
- x86/ioapic: Restore IO-APIC irq_chip retrigger callback
- x86/pci-calgary: Fix iommu_free() comparison of unsigned expression >= 0
- x86/mpx: Re-add MPX to selftests Makefile
- clk: Make x86/ conditional on CONFIG_COMMON_CLK
- platform/x86: intel_pmc_core: fix out-of-bounds accesses on stack
- kprobes/x86: Fix kernel panic when certain exception-handling addresses are
probed
- x86/platform/intel-mid: Correct MSI IRQ line for watchdog device
- Revert "KVM: nested VMX: disable perf cpuid reporting"
- KVM: nVMX: initialize PML fields in vmcs02
- KVM: nVMX: do not leak PML full vmexit to L1
- usb: dwc2: host: use msleep() for long delay
- usb: host: ehci-exynos: Decrese node refcount on exynos_ehci_get_phy() error
paths
- usb: host: ohci-exynos: Decrese node refcount on exynos_ehci_get_phy() error
paths
- usb: chipidea: Only read/write OTGSC from one place
- usb: chipidea: Handle extcon events properly
- USB: serial: keyspan_pda: fix receive sanity checks
- USB: serial: digi_acceleport: fix incomplete rx sanity check
- USB: serial: ssu100: fix control-message error handling
- USB: serial: io_edgeport: fix epic-descriptor handling
- USB: serial: ti_usb_3410_5052: fix control-message error handling
- USB: serial: ark3116: fix open error handling
- USB: serial: ftdi_sio: fix latency-timer error handling
- USB: serial: quatech2: fix control-message error handling
- USB: serial: mct_u232: fix modem-status error handling
- USB: serial: ch341: fix modem-status handling
- USB: serial: io_edgeport: fix descriptor error handling
- clk: rockchip: add "," to mux_pll_src_apll_dpll_gpll_usb480m_p on rk3036
- phy: qcom-usb-hs: Add depends on EXTCON
- serial: 8250_omap: Fix probe and remove for PM runtime
- scsi: qedi: Fix possible memory leak in qedi_iscsi_update_conn()
- scsi: qedi: fix build error without DEBUG_FS
- scsi: qla2xxx: Fix crash in qla2xxx_eh_abort on bad ptr
- scsi: mac_scsi: Fix MAC_SCSI=m option when SCSI=m
- scsi: smartpqi: fix time handling
- MIPS: R2-on-R6 MULTU/MADDU/MSUBU emulation bugfix
- brcmfmac: Ensure pointer correctly set if skb data location changes
- brcmfmac: Make skb header writable before use
- staging/lustre/llite: move root_squash from sysfs to debugfs
- staging: wlan-ng: add missing byte order conversion
- staging: emxx_udc: remove incorrect __init annotations
- staging: lustre: ptlrpc: avoid warning on missing return
- ALSA: hda - Fix deadlock of controller device lock at unbinding
- sparc64: fix fault handling in NGbzero.S and GENbzero.S
- tcp: do not underestimate skb->truesize in tcp_trim_head()
- net: adjust skb->truesize in ___pskb_trim()
- net: macb: fix phy interrupt parsing
- geneve: fix incorrect setting of UDP checksum flag
- bpf: enhance verifier to understand stack pointer arithmetic
- bpf, arm64: fix jit branch offset related to ldimm64
- tcp: fix wraparound issue in tcp_lp
- net: ipv6: Do not duplicate DAD on link up
- net: usb: qmi_wwan: add Telit ME910 support
- tcp: do not inherit fastopen_req from parent
- ipv4, ipv6: ensure raw socket message is big enough to hold an IP header
- rtnetlink: NUL-terminate IFLA_PHYS_PORT_NAME string
- ipv6: initialize route null entry in addrconf_init()
- ipv6: reorder ip6_route_dev_notifier after ipv6_dev_notf
- bnxt_en: allocate enough space for ->ntp_fltr_bmap
- bpf: don't let ldimm64 leak map addresses on unprivileged
- net: mdio-mux: bcm-iproc: call mdiobus_free() in error path
- openvswitch: Set internal device max mtu to ETH_MAX_MTU.
- f2fs: sanity check segment count
- xen: Revert commits da72ff5bfcb0 and 72a9b186292d
- drm/hisilicon/hibmc: Fix wrong pointer passed to PTR_ERR()
- drm: mxsfb: drm_dev_alloc() returns error pointers
- drm/ttm: fix use-after-free races in vm fault handling
- block: get rid of blk_integrity_revalidate()
- Linux 4.10.16
- [Config] Remove CONFIG_MTD_NAND_OXNAS=m
- Ignore missing oxnas_nand
* Keyboard backlight control does not work on some dell laptops.
(LP: #1693126)
- platform/x86: dell-laptop: Add Latitude 7480 and others to the DMI whitelist
- platform/x86: dell-laptop: Add keyboard backlight timeout AC settings
* Hardware transaction memory corruption (LP: #1691477)
- powerpc/tm: Fix FP and VMX register corruption
* Offlined CPUs of a core fail to come up online on POWER9 DD1 (Ubuntu 17.04)
(LP: #1685792)
- powerpc/powernv: Move CPU-Offline idle state invocation from smp.c to idle.c
- powerpc/powernv/smp: Add busy-wait loop as fall back for CPU-Hotplug
- powerpc/powernv/idle: Don't override default/deepest directly in kernel
- powerpc/powernv: Recover correct PACA on wakeup from a stop on P9 DD1
* [Regression] NUMA_BALANCING disabled on arm64 (LP: #1690914)
- [Config] CONFIG_NUMA_BALANCING{,_DEFAULT_ENABLED}=y on arm64
* ATS fix: Fix opal_npu_destroy_context call (LP: #1692580)
- powerpc/powernv/npu-dma.c: Fix opal_npu_destroy_context() call
* powerpc/powernv: Introduce address translation services for Nvlink2
(LP: #1690412)
- powerpc/powernv: Require MMU_NOTIFIER to fix NPU build
- drivers/of/base.c: Add of_property_read_u64_index
- powerpc/powernv: Add sanity checks to pnv_pci_get_{gpu|npu}_dev
- powerpc/powernv: Introduce address translation services for Nvlink2
* exec'ing a setuid binary from a threaded program sometimes fails to setuid
(LP: #1672819)
- SAUCE: exec: ensure file system accounting in check_unsafe_exec is correct
Date: 2017-06-27 09:27:22.398002+00:00
Changed-By: Juerg Haefliger <juerg.haefliger at canonical.com>
Signed-By: Andy Whitcroft <apw at canonical.com>
https://launchpad.net/ubuntu/+source/linux/4.10.0-26.30
-------------- next part --------------
Sorry, changesfile not available.
More information about the Zesty-changes
mailing list