Bug #1615895 “apparmor module parameters can be changed after th...” : Bugs : AppArmor

John Johansen (jjohansen) on 2016-08-23

Changed in linux (Ubuntu Xenial):
status:	New → Fix Committed

Revision history for this message

Brad Figg (brad-figg) wrote on 2016-08-23: Missing required logs.

#1

This bug is missing log files that will aid in diagnosing the problem. From a terminal window please run:

apport-collect 1615895

and then change the status of the bug to 'Confirmed'.

If, due to the nature of the issue you have encountered, you are unable to run this command, please add a comment stating that fact and change the bug status to 'Confirmed'.

This change has been made by an automated script, maintained by the Ubuntu Kernel Team.

Changed in linux (Ubuntu):
status:	New → Incomplete

Revision history for this message

Tim Gardner (timg-tpi) wrote on 2016-09-06:

#2

This bug is awaiting verification that the kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-xenial' to 'verification-done-xenial'.

If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you!

tags:

added: verification-needed-xenial

John Johansen (jjohansen) on 2016-09-09

tags:

added: verification-done-xenial
removed: verification-needed-xenial

Revision history for this message

Launchpad Janitor (janitor) wrote on 2016-09-19:

#3

Download full text (22.8 KiB)

This bug was fixed in the package linux - 4.4.0-38.57

---------------
linux (4.4.0-38.57) xenial; urgency=low

[ Tim Gardner ]

* Release Tracking Bug
- LP: #1620658

  * CIFS client: access problems after updating to kernel 4.4.0-29-generic
    (LP: #1612135)
    - Revert "UBUNTU: SAUCE: (namespace) Bypass sget() capability check for nfs"
    - fs: Call d_automount with the filesystems creds

* apt-key add fails in overlayfs (LP: #1618572)
- SAUCE: overlayfs: fix regression in whiteout detection

linux (4.4.0-37.56) xenial; urgency=low

[ Tim Gardner ]

* Release Tracking Bug
- LP: #1618040

  * [Feature] Instruction decoder support for new SKX instructions- AVX512
    (LP: #1591655)
    - x86/insn: perf tools: Fix vcvtph2ps instruction decoding
    - x86/insn: Add AVX-512 support to the instruction decoder
    - perf tools: Add AVX-512 support to the instruction decoder used by Intel PT
    - perf tools: Add AVX-512 instructions to the new instructions test

  * [Ubuntu 16.04] FCoE Lun not visible in OS with inbox driver - Issue with
    ioremap() call on 32bit kernel (LP: #1608652)
    - lpfc: Correct issue with ioremap() call on 32bit kernel

  * [Feature] turbostat support for Skylake-SP server (LP: #1591802)
    - tools/power turbostat: decode more CPUID fields
    - tools/power turbostat: CPUID(0x16) leaf shows base, max, and bus frequency
    - tools/power turbostat: decode HWP registers
    - tools/power turbostat: Decode MSR_MISC_PWR_MGMT
    - tools/power turbostat: allow sub-sec intervals
    - tools/power turbostat: Intel Xeon x200: fix erroneous bclk value
    - tools/power turbostat: Intel Xeon x200: fix turbo-ratio decoding
    - tools/power turbostat: re-name "%Busy" field to "Busy%"
    - tools/power turbostat: add --out option for saving output in a file
    - tools/power turbostat: fix compiler warnings
    - tools/power turbostat: make fewer systems calls
    - tools/power turbostat: show IRQs per CPU
    - tools/power turbostat: show GFXMHz
    - tools/power turbostat: show GFX%rc6
    - tools/power turbostat: detect and work around syscall jitter
    - tools/power turbostat: indicate SMX and SGX support
    - tools/power turbostat: call __cpuid() instead of __get_cpuid()
    - tools/power turbostat: correct output for MSR_NHM_SNB_PKG_CST_CFG_CTL dump
    - tools/power turbostat: bugfix: TDP MSRs print bits fixing
    - tools/power turbostat: SGX state should print only if --debug
    - tools/power turbostat: print IRTL MSRs
    - tools/power turbostat: initial BXT support
    - tools/power turbostat: decode BXT TSC frequency via CPUID
    - tools/power turbostat: initial SKX support

  * [BYT] display hotplug doesn't work on console (LP: #1616894)
    - drm/i915/vlv: Make intel_crt_reset() per-encoder
    - drm/i915/vlv: Reset the ADPA in vlv_display_power_well_init()
    - drm/i915/vlv: Disable HPD in valleyview_crt_detect_hotplug()
    - drm/i915: Enable polling when we don't have hpd

* [Feature]intel_idle enabling on Broxton-P (LP: #1520446)
- intel_idle: add BXT support

  * [Feature] EDAC: Update driver for SKX-SP (LP: #1591815)
    - [Config] CONFIG_EDAC_SKX=m
    - EDAC, skx_edac: Ad...

This bug was fixed in the package linux - 4.4.0-38.57

---------------
linux (4.4.0-38.57) xenial; urgency=low

[ Tim Gardner ]

* Release Tracking Bug
    - LP: #1620658

* CIFS client: access problems after updating to kernel 4.4.0-29-generic
    (LP: #1612135)
    - Revert "UBUNTU: SAUCE: (namespace) Bypass sget() capability check for nfs"
    - fs: Call d_automount with the filesystems creds

* apt-key add fails in overlayfs (LP: #1618572)
    - SAUCE: overlayfs: fix regression in whiteout detection

linux (4.4.0-37.56) xenial; urgency=low

[ Tim Gardner ]

* Release Tracking Bug
    - LP: #1618040

* [Feature] Instruction decoder support for new SKX instructions- AVX512
    (LP: #1591655)
    - x86/insn: perf tools: Fix vcvtph2ps instruction decoding
    - x86/insn: Add AVX-512 support to the instruction decoder
    - perf tools: Add AVX-512 support to the instruction decoder used by Intel PT
    - perf tools: Add AVX-512 instructions to the new instructions test

* [Ubuntu 16.04] FCoE Lun not visible in OS with inbox driver - Issue with
    ioremap() call on 32bit kernel (LP: #1608652)
    - lpfc: Correct issue with ioremap() call on 32bit kernel

* [Feature] turbostat support for Skylake-SP server (LP: #1591802)
    - tools/power turbostat: decode more CPUID fields
    - tools/power turbostat: CPUID(0x16) leaf shows base, max, and bus frequency
    - tools/power turbostat: decode HWP registers
    - tools/power turbostat: Decode MSR_MISC_PWR_MGMT
    - tools/power turbostat: allow sub-sec intervals
    - tools/power turbostat: Intel Xeon x200: fix erroneous bclk value
    - tools/power turbostat: Intel Xeon x200: fix turbo-ratio decoding
    - tools/power turbostat: re-name "%Busy" field to "Busy%"
    - tools/power turbostat: add --out option for saving output in a file
    - tools/power turbostat: fix compiler warnings
    - tools/power turbostat: make fewer systems calls
    - tools/power turbostat: show IRQs per CPU
    - tools/power turbostat: show GFXMHz
    - tools/power turbostat: show GFX%rc6
    - tools/power turbostat: detect and work around syscall jitter
    - tools/power turbostat: indicate SMX and SGX support
    - tools/power turbostat: call __cpuid() instead of __get_cpuid()
    - tools/power turbostat: correct output for MSR_NHM_SNB_PKG_CST_CFG_CTL dump
    - tools/power turbostat: bugfix: TDP MSRs print bits fixing
    - tools/power turbostat: SGX state should print only if --debug
    - tools/power turbostat: print IRTL MSRs
    - tools/power turbostat: initial BXT support
    - tools/power turbostat: decode BXT TSC frequency via CPUID
    - tools/power turbostat: initial SKX support

* [BYT] display hotplug doesn't work on console (LP: #1616894)
    - drm/i915/vlv: Make intel_crt_reset() per-encoder
    - drm/i915/vlv: Reset the ADPA in vlv_display_power_well_init()
    - drm/i915/vlv: Disable HPD in valleyview_crt_detect_hotplug()
    - drm/i915: Enable polling when we don't have hpd

* [Feature]intel_idle enabling on Broxton-P (LP: #1520446)
    - intel_idle: add BXT support

* [Feature] EDAC: Update driver for SKX-SP (LP: #1591815)
    - [Config] CONFIG_EDAC_SKX=m
    - EDAC, skx_edac: Add EDAC driver for Skylake

* [Feature] KBL: Sandy Peak(3168) WiFi/BT support (LP: #1591648)
    - Bluetooth: Add support for Intel Bluetooth device 3168 [8087:0aa7]

* MacBookPro11,4 fails to poweroff or suspend (LP: #1587714)
    - SAUCE: PCI: Workaround to enable poweroff on Mac Pro 11

* Support Edge Gateway's Bluetooth LED (LP: #1512999)
    - SAUCE: Bluetooth: Support for LED on Edge Gateways
    - SAUCE: Bluetooth: Use host bridge subsystem IDs to identify Edge Gateways

* Please add support for alps touchpad. (LP: #1616813)
    - [Config] CONFIG_HID_ALPS=m
    - HID: add Alps I2C HID Touchpad-Stick support
    - HID: alps: struct u1_dev *priv is internal to the driver
    - HID: alps: pass correct sizes to hid_hw_raw_request()
    - HID: alps: match alps devices in core
    - HID: alps: a few cleanups

* DINO2M - System hangs with a black screen during s4 stress test
    (LP: #1616781)
    - x86/power/64: Fix kernel text mapping corruption during image restoration

* Xenial update to v4.4.17 stable release (LP: #1611833)
    - USB: OHCI: Don't mark EDs as ED_OPER if scheduling fails
    - x86/quirks: Apply nvidia_bugs quirk only on root bus
    - x86/quirks: Reintroduce scanning of secondary buses
    - x86/quirks: Add early quirk to reset Apple AirPort card
    - dmaengine: at_xdmac: align descriptors on 64 bits
    - dmaengine: at_xdmac: fix residue corruption
    - dmaengine: at_xdmac: double FIFO flush needed to compute residue
    - mm, sl[au]b: add __GFP_ATOMIC to the GFP reclaim mask
    - mm, compaction: abort free scanner if split fails
    - fs/nilfs2: fix potential underflow in call to crc32_le
    - mm, compaction: prevent VM_BUG_ON when terminating freeing scanner
    - mm, meminit: always return a valid node from early_pfn_to_nid
    - mm, meminit: ensure node is online before checking whether pages are
      uninitialised
    - vmlinux.lds: account for destructor sections
    - pps: do not crash when failed to register
    - kernel/sysrq, watchdog, sched/core: Reset watchdog on all CPUs while
      processing sysrq-w
    - arc: unwind: warn only once if DW2_UNWIND is disabled
    - ARC: unwind: ensure that .debug_frame is generated (vs. .eh_frame)
    - xen/pciback: Fix conf_space read/write overlap check.
    - xenbus: don't BUG() on user mode induced condition
    - xenbus: don't bail early from xenbus_dev_request_and_reply()
    - Input: vmmouse - remove port reservation
    - Input: elantech - add more IC body types to the list
    - Input: xpad - fix oops when attaching an unknown Xbox One gamepad
    - Input: wacom_w8001 - w8001_MAX_LENGTH should be 13
    - Input: xpad - validate USB endpoint count during probe
    - Input: tsc200x - report proper input_dev name
    - pvclock: Add CPU barriers to get correct version value
    - pinctrl: single: Fix missing flush of posted write for a wakeirq
    - pinctrl: imx: Do not treat a PIN without MUX register as an error
    - cgroup: set css->id to -1 during init
    - power_supply: power_supply_read_temp only if use_cnt > 0
    - locks: use file_inode()
    - Revert "ecryptfs: forbid opening files without mmap handler"
    - ecryptfs: don't allow mmap when the lower fs doesn't support it
    - ext4: verify extent header depth
    - 9p: use file_dentry()
    - namespace: update event counter when umounting a deleted dentry
    - spi: sunxi: fix transfer timeout
    - spi: sun4i: fix FIFO limit
    - clk: rockchip: initialize flags of clk_init_data in mmc-phase clock
    - platform/chrome: cros_ec_dev - double fetch bug in ioctl
    - block: fix use-after-free in sys_ioprio_get()
    - mmc: block: fix packed command header endianness
    - sched/fair: Fix effective_load() to consistently use smoothed load
    - ovl: handle ATTR_KILL*
    - perf/x86: fix PEBS issues on Intel Atom/Core2
    - can: at91_can: RX queue could get stuck at high bus load
    - can: c_can: Update D_CAN TX and RX functions to 32 bit - fix Altera Cyclone
      access
    - can: fix handling of unmodifiable configuration options fix
    - can: fix oops caused by wrong rtnl dellink usage
    - RDS: fix rds_tcp_init() error path
    - SCSI: fix new bug in scsi_dev_info_list string matching
    - ipr: Clear interrupt on croc/crocodile when running with LSI
    - posix_cpu_timer: Exit early when process has been reaped
    - i2c: mux: reg: wrong condition checked for of_address_to_resource return
      value
    - libata: LITE-ON CX1-JB256-HP needs lower max_sectors
    - libceph: apply new_state before new_up_client on incrementals
    - net: mvneta: set real interrupt per packet for tx_done
    - intel_th: pci: Add Kaby Lake PCH-H support
    - intel_th: Fix a deadlock in modprobing
    - vfs: fix deadlock in file_remove_privs() on overlayfs
    - Linux 4.4.17
    - xenbus: don't look up transaction IDs for ordinary writes

* Enable virtual scsi server driver for Power (LP: #1615665)
    - [Config] CONFIG_SCSI_IBMVSCSIS=m
    - target: Add target_alloc_session() helper function
    - ibmvscsis: Initial commit of IBM VSCSI Tgt Driver

* AES-XTS poor performance in Ubuntu 16.04 (LP: #1613295)
    - crypto: vmx: Only call enable_kernel_vsx()
    - powerpc: Create disable_kernel_{fp,altivec,vsx,spe}()
    - crypto: vmx - Adding asm subroutines for XTS
    - crypto: xts - consolidate sanity check for keys
    - crypto: vmx - Adding support for XTS
    - crypto: vmx - Fix aes_p8_xts_decrypt build failure
    - crypto: xts - fix compile errors

*  System hang when plug/pull USB 3.1 key via thunderbolt port over 5 times
    (LP: #1616318)
    - USB: don't free bandwidth_mutex too early

* Ubuntu 16.04 - Full EEH Recovery Support for NVMe devices (LP: #1602724)
    - nvme: Suspend all queues before deletion

* change_hat is logging failures during expected hat probing (LP: #1615893)
    - SAUCE: apparmor: Fix auditing behavior for change_hat probing

* deleted files outside of the namespace are not being treated as disconnected
    (LP: #1615892)
    - SAUCE: apparmor: deleted dentries can be disconnected

* stacking to unconfined in a child namespace confuses mediation
    (LP: #1615890)
    - SAUCE: apparmor: special case unconfined when determining the mode

* apparmor module parameters can be changed after the policy is locked
    (LP: #1615895)
    - SAUCE: apparmor: fix: parameters can be changed after policy is locked

* AppArmor profile reloading causes an intermittent kernel BUG (LP: #1579135)
    - SAUCE: apparmor: fix vec_unique for vectors larger than 8

* label vec reductions can result in reference labels instead of direct access
    to labels (LP: #1615889)
    - SAUCE: apparmor: reduction of vec to single entry is just that entry

* profiles from different namespaces can block other namespaces from being
    able to load a profile (LP: #1615887)
    - SAUCE: apparmor: profiles in one ns can affect mediation in another ns

* vmalloc failure leads to null ptr dereference in aa_dfa_next (LP: #1592547)
    - SAUCE: apparmor: oops in profile_unpack() when policy_db is not present

* vmalloc_addr is being checked on the failed return address of kvzalloc()
    (LP: #1615885)
    - SAUCE: apparmor: fix: don't check for vmalloc_addr if kvzalloc() failed

* dfa is missing a bounds check which can cause an oops (LP: #1615882)
    - SAUCE: apparmor: Add missing id bounds check on dfa verification

* The label build for onexec when stacking is wrong (LP: #1615881)
    - SAUCE: apparmor: Fix label build for onexec stacking.

* The inherit check for new to old label comparison for domain transitions is
    wrong (LP: #1615880)
    - SAUCE: apparmor: Fix new to old label comparison for domain transitions

* warning stack trace while playing with apparmor namespaces (LP: #1593874)
    - SAUCE: apparmor: fix stack trace when removing namespace with profiles

* __label_update proxy comparison test is wrong (LP: #1615878)
    - SAUCE: apparmor: Fix __label_update proxy comparison test

* Xenial update to v4.4.19 stable release (LP: #1615620)
    - usb: gadget: avoid exposing kernel stack
    - usb: f_fs: off by one bug in _ffs_func_bind()
    - usb: renesas_usbhs: protect the CFIFOSEL setting in usbhsg_ep_enable()
    - usb: dwc3: fix for the isoc transfer EP_BUSY flag
    - USB: serial: option: add support for Telit LE910 PID 0x1206
    - usb: renesas_usbhs: fix NULL pointer dereference in xfer_work()
    - arm64: kernel: Save and restore UAO and addr_limit on exception entry
    - arm64: debug: unmask PSTATE.D earlier
    - arm64: Fix incorrect per-cpu usage for boot CPU
    - tty: serial: msm: Don't read off end of tx fifo
    - serial: samsung: Fix ERR pointer dereference on deferred probe
    - tty/serial: atmel: fix RS485 half duplex with DMA
    - gpio: pca953x: Fix NBANK calculation for PCA9536
    - gpio: intel-mid: Remove potentially harmful code
    - Bluetooth: hci_intel: Fix null gpio desc pointer dereference
    - pinctrl: cherryview: prevent concurrent access to GPIO controllers
    - arm64: dts: rockchip: fixes the gic400 2nd region size for rk3368
    - arm64: mm: avoid fdt_check_header() before the FDT is fully mapped
    - KVM: PPC: Book3S HV: Pull out TM state save/restore into separate procedures
    - KVM: PPC: Book3S HV: Save/restore TM state in H_CEDE
    - KVM: MTRR: fix kvm_mtrr_check_gfn_range_consistency page fault
    - KVM: VMX: handle PML full VMEXIT that occurs during event delivery
    - KVM: nVMX: Fix memory corruption when using VMCS shadowing
    - intel_pstate: Fix MSR_CONFIG_TDP_x addressing in core_get_max_pstate()
    - mfd: qcom_rpm: Fix offset error for msm8660
    - mfd: qcom_rpm: Parametrize also ack selector size
    - media: usbtv: prevent access to free'd resources
    - media: dvb_ringbuffer: Add memory barriers
    - vb2: core: Skip planes array verification if pb is NULL
    - Fix RC5 decoding with Fintek CIR chipset
    - sur40: lower poll interval to fix occasional FPS drops to ~56 FPS
    - sur40: fix occasional oopses on device close
    - dm: set DMF_SUSPENDED* _before_ clearing DMF_NOFLUSH_SUSPENDING
    - hp-wmi: Fix wifi cannot be hard-unblocked
    - s5p-mfc: Set device name for reserved memory region devs
    - s5p-mfc: Add release callback for memory region devs
    - i2c: efm32: fix a failure path in efm32_i2c_probe()
    - spi: pxa2xx: Clear all RFT bits in reset_sccr1() on Intel Quark
    - Bluetooth: Fix l2cap_sock_setsockopt() with optname BT_RCVMTU
    - EDAC: Correct channel count limit
    - HID: uhid: fix timeout when probe races with IO
    - ovl: disallow overlayfs as upperdir
    - remoteproc: Fix potential race condition in rproc_add
    - ARC: mm: don't loose PTE_SPECIAL in pte_modify()
    - jbd2: make journal y2038 safe
    - fs/cifs: make share unaccessible at root level mountable
    - cifs: Check for existing directory when opening file with O_CREAT
    - cifs: fix crash due to race in hmac(md5) handling
    - CIFS: Fix a possible invalid memory access in smb2_query_symlink()
    - random: initialize the non-blocking pool via add_hwgenerator_randomness()
    - random: print a warning for the first ten uninitialized random users
    - random: add interrupt callback to VMBus IRQ handler
    - MIPS: KVM: Fix mapped fault broken commpage handling
    - MIPS: KVM: Add missing gfn range check
    - MIPS: KVM: Fix gfn range check in kseg0 tlb faults
    - MIPS: KVM: Propagate kseg0/mapped tlb fault errors
    - nfs: don't create zero-length requests
    - nfsd: Fix race between FREE_STATEID and LOCK
    - nfsd: don't return an unhashed lock stateid after taking mutex
    - drm/i915: Don't complain about lack of ACPI video bios
    - iommu/exynos: Suppress unbinding to prevent system failure
    - iommu/vt-d: Return error code in domain_context_mapping_one()
    - iommu/amd: Handle IOMMU_DOMAIN_DMA in ops->domain_free call-back
    - iommu/amd: Init unity mappings only for dma_ops domains
    - iommu/amd: Update Alias-DTE in update_device_table()
    - audit: fix a double fetch in audit_log_single_execve_arg()
    - ARM: dts: sunxi: Add a startup delay for fixed regulator enabled phys
    - netlabel: add address family checks to netlbl_{sock,req}_delattr()
    - w1:omap_hdq: fix regression
    - drm/amdgpu: add a delay after ATPX dGPU power off
    - drm/amdgpu: Poll for both connect/disconnect on analog connectors
    - drm/amdgpu: support backlight control for UNIPHY3
    - drm/amdgpu: Disable RPM helpers while reprobing connectors on resume
    - drm/amdgpu: fix firmware info version checks
    - drm/amdgpu/gmc7: add missing mullins case
    - drm/radeon: add a delay after ATPX dGPU power off
    - drm/radeon: Poll for both connect/disconnect on analog connectors
    - drm/radeon: fix firmware info version checks
    - drm/radeon: support backlight control for UNIPHY3
    - drm/nouveau/gr/nv3x: fix instobj write offsets in gr setup
    - drm/nouveau/fbcon: fix font width not divisible by 8
    - drm: Restore double clflush on the last partial cacheline
    - drm/edid: Add 6 bpc quirk for display AEO model 0.
    - drm/i915: Never fully mask the the EI up rps interrupt on SNB/IVB
    - drm/i915/dp: Revert "drm/i915/dp: fall back to 18 bpp when sink capability
      is unknown"
    - balloon: check the number of available pages in leak balloon
    - ftrace/recordmcount: Work around for addition of metag magic but not
      relocations
    - metag: Fix __cmpxchg_u32 asm constraint for CMP
    - block: add missing group association in bio-cloning functions
    - block: fix bdi vs gendisk lifetime mismatch
    - mtd: nand: fix bug writing 1 byte less than page size
    - mm/hugetlb: avoid soft lockup in set_max_huge_pages()
    - ALSA: hda: Fix krealloc() with __GFP_ZERO usage
    - ALSA: hda/realtek - Can't adjust speaker's volume on a Dell AIO
    - ALSA: hda: add AMD Bonaire AZ PCI ID with proper driver caps
    - ALSA: hda - Fix headset mic detection problem for two dell machines
    - IB/mlx5: Fix MODIFY_QP command input structure
    - IB/mlx5: Fix entries checks in mlx5_ib_create_cq
    - IB/mlx5: Fix returned values of query QP
    - IB/mlx5: Fix entries check in mlx5_ib_resize_cq
    - IB/mlx5: Fix post send fence logic
    - IB/mlx5: Return PORT_ERR in Active to Initializing tranisition
    - IB/SA: Use correct free function
    - IB/IPoIB: Don't update neigh validity for unresolved entries
    - IB/IWPM: Fix a potential skb leak
    - IB/mlx4: Fix the SQ size of an RC QP
    - IB/mlx4: Fix error flow when sending mads under SRIOV
    - IB/mlx4: Fix memory leak if QP creation failed
    - of: fix memory leak related to safe_name()
    - ubi: Make volume resize power cut aware
    - ubi: Fix early logging
    - ubi: Fix race condition between ubi device creation and udev
    - iscsi-target: Fix panic when adding second TCP connection to iSCSI session
    - target: Fix ordered task target_setup_cmd_from_cdb exception hang
    - target: Fix missing complete during ABORT_TASK + CMD_T_FABRIC_STOP
    - target: Fix race between iscsi-target connection shutdown + ABORT_TASK
    - target: Fix max_unmap_lba_count calc overflow
    - target: Fix ordered task CHECK_CONDITION early exception handling
    - Input: elan_i2c - properly wake up touchpad on ASUS laptops
    - SUNRPC: Don't allocate a full sockaddr_storage for tracing
    - MIPS: mm: Fix definition of R6 cache instruction
    - MIPS: Don't register r4k sched clock when CPUFREQ enabled
    - MIPS: hpet: Increase HPET_MIN_PROG_DELTA and decrease HPET_MIN_CYCLES
    - PCI: Mark Atheros AR9485 and QCA9882 to avoid bus reset
    - x86/platform/intel_mid_pci: Rework IRQ0 workaround
    - ACPI / EC: Work around method reentrancy limit in ACPICA for _Qxx
    - rtc: s3c: Add s3c_rtc_{enable/disable}_clk in s3c_rtc_setfreq()
    - dm flakey: error READ bios during the down_interval
    - module: Invalidate signatures on force-loaded modules
    - Documentation/module-signing.txt: Note need for version info if reusing a
      key
    - Linux 4.4.19

* xfrm: ipsec crash when updating spd thresholds (LP: #1613787)
    - xfrm: Ignore socket policies when rebuilding hash tables

* ISST-LTE:pKVM311:lotg5:Ubutu16041:lotg5 crashed @
    writeback_sb_inodes+0x30c/0x590 (LP: #1614565)
    - writeback: Write dirty times for WB_SYNC_ALL writeback

* IBM Power 720 Ethernet Not Seen (LP: #1612725)
    - [Config] CONFIG_IBMEBUS=y for powerpc

* CAPI: Update default setting for the psl_fir_cntl register (LP: #1612431)
    - cxl: Set psl_fir_cntl to production environment value

* Xenial update to v4.4.18 stable release (LP: #1614560)
    - tcp: enable per-socket rate limiting of all 'challenge acks'
    - ipv4: reject RTNH_F_DEAD and RTNH_F_LINKDOWN from user space
    - bonding: set carrier off for devices created through netlink
    - net: bgmac: Fix infinite loop in bgmac_dma_tx_add()
    - net/irda: fix NULL pointer dereference on memory allocation failure
    - qed: Fix setting/clearing bit in completion bitmap
    - tcp: consider recv buf for the initial window scale
    - ipath: Restrict use of the write() interface
    - scsi: ignore errors from scsi_dh_add_device()
    - HID: sony: do not bail out when the sixaxis refuses the output report
    - i2c: i801: Allow ACPI SystemIO OpRegion to conflict with PCI BAR
    - arm: oabi compat: add missing access checks
    - KEYS: 64-bit MIPS needs to use compat_sys_keyctl for 32-bit userspace
    - Revert "s390/kdump: Clear subchannel ID to signal non-CCW/SCSI IPL"
    - random: strengthen input validation for RNDADDTOENTCNT
    - devpts: clean up interface to pty drivers
    - x86/mm/pat: Add support of non-default PAT MSR setting
    - x86/mm/pat: Add pat_disable() interface
    - x86/mm/pat: Replace cpu_has_pat with boot_cpu_has()
    - x86/mtrr: Fix Xorg crashes in Qemu sessions
    - x86/mtrr: Fix PAT init handling when MTRR is disabled
    - x86/xen, pat: Remove PAT table init code from Xen
    - x86/pat: Document the PAT initialization sequence
    - x86/mm/pat: Fix BUG_ON() in mmap_mem() on QEMU/i386
    - drm/i915: Pretend cursor is always on for ILK-style WM calculations (v2)
    - x86/syscalls/64: Add compat_sys_keyctl for 32-bit userspace
    - block: fix use-after-free in seq file
    - sysv, ipc: fix security-layer leaking
    - fuse: fsync() did not return IO errors
    - fuse: fuse_flush must check mapping->flags for errors
    - fuse: fix wrong assignment of ->flags in fuse_send_init()
    - fs/dcache.c: avoid soft-lockup in dput()
    - crypto: gcm - Filter out async ghash if necessary
    - crypto: scatterwalk - Fix test in scatterwalk_done
    - ext4: check for extents that wrap around
    - ext4: fix deadlock during page writeback
    - ext4: don't call ext4_should_journal_data() on the journal inode
    - ext4: validate s_reserved_gdt_blocks on mount
    - ext4: short-cut orphan cleanup on error
    - ext4: fix reference counting bug on block allocation error
    - mm: memcontrol: fix cgroup creation failure after many small jobs
    - mm: memcontrol: fix swap counter leak on swapout from offline cgroup
    - mm: memcontrol: fix memcg id ref counter on swap charge move
    - Linux 4.4.18

* Ubuntu16.10:installation fails on Brazos system (31TB and 192 cores) No
    memory for flatten_device_tree (no room) (LP: #1614309)
    - SAUCE: powerpc/pseries: Increase RMA size to 512MB.

* [SRU] xgene_enet: 10g performance only hits ~75% on multi-client tests
    (LP: #1613157)
    - drivers: net: xgene: Add support for Classifier engine
    - drivers: net: xgene: Add support for RSS
    - drivers: net: xgene: Add support for multiple queues

* [SRU] xgene_enet: an extra interrupt may be pending for an interrupt
    controller that doesn't support irq_disable and hardware with level
    interrupt (LP: #1611399)
    - drivers: net: xgene: fix extra IRQ issue

* Mic mute hotkey does not work on usb keyboard [03f0:2f4a] (LP: #1609606)
    - HID: input: add mic mute key on HP slim keyboard

-- Tim Gardner <tim.gardner@canonical.com>  Tue, 30 Aug 2016 12:24:30 -0600

Changed in linux (Ubuntu Xenial):
status:	Fix Committed → Fix Released

Revision history for this message

Launchpad Janitor (janitor) wrote on 2016-09-21:

#4

Download full text (3.4 KiB)

This bug was fixed in the package linux - 4.8.0-11.12

---------------
linux (4.8.0-11.12) yakkety; urgency=low

* change_hat is logging failures during expected hat probing (LP: #1615893)
- SAUCE: apparmor: Fix auditing behavior for change_hat probing

  * deleted files outside of the namespace are not being treated as
    disconnected
    (LP: #1615892)
    - SAUCE: apparmor: deleted dentries can be disconnected

  * stacking to unconfined in a child namespace confuses mediation
    (LP: #1615890)
    - SAUCE: apparmor: special case unconfined when determining the mode

  * apparmor module parameters can be changed after the policy is locked
    (LP: #1615895)
    - SAUCE: apparmor: fix: parameters can be changed after policy is locked

  * AppArmor profile reloading causes an intermittent kernel BUG (LP:
    #1579135)
    - SAUCE: apparmor: fix vec_unique for vectors larger than 8

  * label vec reductions can result in reference labels instead of direct
    access
    to labels (LP: #1615889)
    - SAUCE: apparmor: reduction of vec to single entry is just that entry

  * profiles from different namespaces can block other namespaces from being
    able to load a profile (LP: #1615887)
    - SAUCE: apparmor: profiles in one ns can affect mediation in another ns

* The label build for onexec when stacking is wrong (LP: #1615881)
- SAUCE: apparmor: Fix label build for onexec stacking.

  * The inherit check for new to old label comparison for domain transitions
    is
    wrong (LP: #1615880)
    - SAUCE: apparmor: Fix new to old label comparison for domain transitions

* warning stack trace while playing with apparmor namespaces (LP: #1593874)
- SAUCE: apparmor: fix stack trace when removing namespace with profiles

* __label_update proxy comparison test is wrong (LP: #1615878)
- SAUCE: apparmor: Fix __label_update proxy comparison test

  * reading /sys/kernel/security/apparmor/profiles requires CAP_MAC_ADMIN
    (LP: #1560583)
    - SAUCE: apparmor: Allow ns_root processes to open profiles file
    - SAUCE: apparmor: Consult sysctl when reading profiles in a user ns

  * policy namespace stacking (LP: #1379535)
    - SAUCE: (no-up) apparmor: rebase of apparmor3.5-beta1 snapshot for 4.8
    - SAUCE: add a sysctl to enable unprivileged user ns AppArmor policy loading

  * Miscellaneous Ubuntu changes
    - [Debian] Dynamically determine linux udebs package name
    - [Debian] d-i -- fix dtb handling in new kernel-wedge form
    - SAUCE: apparmor: Fix FTBFS due to bad include path
    - SAUCE: apparmor: add data query support
    - [Config] Set CONFIG_SECURITY_APPARMOR_UNCONFINED_INIT=y

  * Miscellaneous upstream changes
    - fixup backout policy view capable for forward port
    - apparmor: fix: Rework the iter loop for label_update
    - apparmor: add more assertions for updates/merges to help catch errors
    - apparmor: Make pivot root transitions work with stacking
    - apparmor: convert delegating deleted files to mediate deleted files
    - apparmor: add missing parens. not a bug fix but highly recommended
    - apparmor: add a stack_version file to allow detection of bug fixes
    - apparmor: push path looku...

	Status	Importance	Assigned to
AppArmor	New	Undecided	Unassigned
linux (Ubuntu)	Fix Released	Undecided	Unassigned
Xenial	Fix Released	Undecided	Unassigned
Yakkety	Fix Released	Undecided	Unassigned

AppArmor

apparmor module parameters can be changed after the policy is locked

Bug Description

Other bug subscribers

Remote bug watches

Changed in linux (Ubuntu Yakkety):
status:	Incomplete → Fix Released