Bug #1704885 “hns: use after free in hns_nic_net_xmit_hw” : Bugs : linux package : Ubuntu

dann frazier (dannf) on 2017-07-18

Changed in linux (Ubuntu Zesty):
status:	New → In Progress
Changed in linux (Ubuntu):
importance:	Undecided → High
Changed in linux (Ubuntu Zesty):
importance:	Undecided → High
assignee:	nobody → dann frazier (dannf)

Seth Forshee (sforshee) on 2017-07-18

Changed in linux (Ubuntu):
status:	In Progress → Fix Committed

Kleber Sacilotto de Souza (kleber-souza) on 2017-08-07

Changed in linux (Ubuntu Zesty):
status:	In Progress → Fix Committed

Revision history for this message

Launchpad Janitor (janitor) wrote on 2017-08-10:

#1

Download full text (24.9 KiB)

This bug was fixed in the package linux - 4.11.0-13.19

---------------
linux (4.11.0-13.19) artful; urgency=low

* CVE-2017-7533
- dentry name snapshots

linux (4.11.0-12.18) artful; urgency=low

* linux: 4.11.0-12.18 -proposed tracker (LP: #1707635)
- no change rebuild to pick up the new binutils.

  * Adt tests of src:linux time out often on armhf lxc containers (LP: #1705495)
    - [Packaging] tests -- reduce rebuild test to one flavour
    - [Packaging] tests -- reduce rebuild test to one flavour -- use filter

* [ARM64] config EDAC_GHES=y depends on EDAC_MM_EDAC=y (LP: #1706141)
- [Config] set EDAC_MM_EDAC=y for ARM64

  * [Hyper-V] hv_netvsc: Exclude non-TCP port numbers from vRSS hashing
    (LP: #1690174)
    - hv_netvsc: Exclude non-TCP port numbers from vRSS hashing

* ath10k doesn't report full RSSI information (LP: #1706531)
- ath10k: add per chain RSSI reporting

* ideapad_laptop don't support v310-14isk (LP: #1705378)
- platform/x86: ideapad-laptop: Add several models to no_hw_rfkill

  * Ubuntu 16.04.3: Qemu fails on P9 (LP: #1686019)
    - KVM: PPC: Pass kvm* to kvmppc_find_table()
    - KVM: PPC: Use preregistered memory API to access TCE list
    - KVM: PPC: VFIO: Add in-kernel acceleration for VFIO
    - powerpc/powernv/iommu: Add real mode version of iommu_table_ops::exchange()
    - powerpc/iommu/vfio_spapr_tce: Cleanup iommu_table disposal
    - powerpc/vfio_spapr_tce: Add reference counting to iommu_table
    - powerpc/mmu: Add real mode support for IOMMU preregistered memory
    - KVM: PPC: Reserve KVM_CAP_SPAPR_TCE_VFIO capability number
    - KVM: PPC: Book3S HV: Add radix checks in real-mode hypercall handlers

* hns: ethtool selftest crashes system (LP: #1705712)
- net/hns:bugfix of ethtool -t phy self_test

  * ThunderX: soft lockup on 4.8+ kernels when running qemu-efi with vhost=on
    (LP: #1673564)
    - KVM: arm/arm64: vgic-v3: Use PREbits to infer the number of ICH_APxRn_EL2
      registers
    - KVM: arm/arm64: vgic-v3: Fix nr_pre_bits bitfield extraction
    - arm64: Add a facility to turn an ESR syndrome into a sysreg encoding
    - KVM: arm/arm64: vgic-v3: Add accessors for the ICH_APxRn_EL2 registers
    - KVM: arm64: Make kvm_condition_valid32() accessible from EL2
    - KVM: arm64: vgic-v3: Add hook to handle guest GICv3 sysreg accesses at EL2
    - KVM: arm64: vgic-v3: Add ICV_BPR1_EL1 handler
    - KVM: arm64: vgic-v3: Add ICV_IGRPEN1_EL1 handler
    - KVM: arm64: vgic-v3: Add ICV_IAR1_EL1 handler
    - KVM: arm64: vgic-v3: Add ICV_EOIR1_EL1 handler
    - KVM: arm64: vgic-v3: Add ICV_AP1Rn_EL1 handler
    - KVM: arm64: vgic-v3: Add ICV_HPPIR1_EL1 handler
    - KVM: arm64: vgic-v3: Enable trapping of Group-1 system registers
    - KVM: arm64: Enable GICv3 Group-1 sysreg trapping via command-line
    - KVM: arm64: vgic-v3: Add ICV_BPR0_EL1 handler
    - KVM: arm64: vgic-v3: Add ICV_IGNREN0_EL1 handler
    - KVM: arm64: vgic-v3: Add misc Group-0 handlers
    - KVM: arm64: vgic-v3: Enable trapping of Group-0 system registers
    - KVM: arm64: Enable GICv3 Group-0 sysreg trapping via command-line
    - arm64: Add MIDR values for Cavium cn83XX SoCs
    - arm64: Add wor...

This bug was fixed in the package linux - 4.11.0-13.19

---------------
linux (4.11.0-13.19) artful; urgency=low

* CVE-2017-7533
    - dentry name snapshots

linux (4.11.0-12.18) artful; urgency=low

* linux: 4.11.0-12.18 -proposed tracker (LP: #1707635)
    - no change rebuild to pick up the new binutils.

* Adt tests of src:linux time out often on armhf lxc containers (LP: #1705495)
    - [Packaging] tests -- reduce rebuild test to one flavour
    - [Packaging] tests -- reduce rebuild test to one flavour -- use filter

* [ARM64] config EDAC_GHES=y depends on EDAC_MM_EDAC=y (LP: #1706141)
    - [Config] set EDAC_MM_EDAC=y for ARM64

* [Hyper-V] hv_netvsc: Exclude non-TCP port numbers from vRSS hashing
    (LP: #1690174)
    - hv_netvsc: Exclude non-TCP port numbers from vRSS hashing

* ath10k doesn't report full RSSI information (LP: #1706531)
    - ath10k: add per chain RSSI reporting

* ideapad_laptop don't support v310-14isk (LP: #1705378)
    - platform/x86: ideapad-laptop: Add several models to no_hw_rfkill

* Ubuntu 16.04.3: Qemu fails on P9 (LP: #1686019)
    - KVM: PPC: Pass kvm* to kvmppc_find_table()
    - KVM: PPC: Use preregistered memory API to access TCE list
    - KVM: PPC: VFIO: Add in-kernel acceleration for VFIO
    - powerpc/powernv/iommu: Add real mode version of iommu_table_ops::exchange()
    - powerpc/iommu/vfio_spapr_tce: Cleanup iommu_table disposal
    - powerpc/vfio_spapr_tce: Add reference counting to iommu_table
    - powerpc/mmu: Add real mode support for IOMMU preregistered memory
    - KVM: PPC: Reserve KVM_CAP_SPAPR_TCE_VFIO capability number
    - KVM: PPC: Book3S HV: Add radix checks in real-mode hypercall handlers

* hns: ethtool selftest crashes system (LP: #1705712)
    - net/hns:bugfix of ethtool -t phy self_test

* ThunderX: soft lockup on 4.8+ kernels when running qemu-efi with vhost=on
    (LP: #1673564)
    - KVM: arm/arm64: vgic-v3: Use PREbits to infer the number of ICH_APxRn_EL2
      registers
    - KVM: arm/arm64: vgic-v3: Fix nr_pre_bits bitfield extraction
    - arm64: Add a facility to turn an ESR syndrome into a sysreg encoding
    - KVM: arm/arm64: vgic-v3: Add accessors for the ICH_APxRn_EL2 registers
    - KVM: arm64: Make kvm_condition_valid32() accessible from EL2
    - KVM: arm64: vgic-v3: Add hook to handle guest GICv3 sysreg accesses at EL2
    - KVM: arm64: vgic-v3: Add ICV_BPR1_EL1 handler
    - KVM: arm64: vgic-v3: Add ICV_IGRPEN1_EL1 handler
    - KVM: arm64: vgic-v3: Add ICV_IAR1_EL1 handler
    - KVM: arm64: vgic-v3: Add ICV_EOIR1_EL1 handler
    - KVM: arm64: vgic-v3: Add ICV_AP1Rn_EL1 handler
    - KVM: arm64: vgic-v3: Add ICV_HPPIR1_EL1 handler
    - KVM: arm64: vgic-v3: Enable trapping of Group-1 system registers
    - KVM: arm64: Enable GICv3 Group-1 sysreg trapping via command-line
    - KVM: arm64: vgic-v3: Add ICV_BPR0_EL1 handler
    - KVM: arm64: vgic-v3: Add ICV_IGNREN0_EL1 handler
    - KVM: arm64: vgic-v3: Add misc Group-0 handlers
    - KVM: arm64: vgic-v3: Enable trapping of Group-0 system registers
    - KVM: arm64: Enable GICv3 Group-0 sysreg trapping via command-line
    - arm64: Add MIDR values for Cavium cn83XX SoCs
    - arm64: Add workaround for Cavium Thunder erratum 30115
    - KVM: arm64: vgic-v3: Add ICV_DIR_EL1 handler
    - KVM: arm64: vgic-v3: Add ICV_RPR_EL1 handler
    - KVM: arm64: vgic-v3: Add ICV_CTLR_EL1 handler
    - KVM: arm64: vgic-v3: Add ICV_PMR_EL1 handler
    - KVM: arm64: Enable GICv3 common sysreg trapping via command-line
    - KVM: arm64: vgic-v3: Log which GICv3 system registers are trapped
    - arm64: KVM: Make unexpected reads from WO registers inject an undef
    - KVM: arm64: Log an error if trapping a read-from-write-only GICv3 access
    - KVM: arm64: Log an error if trapping a write-to-read-only GICv3 access

* ath9k freezes suspend resume Ubuntu 17.04 (LP: #1697027)
    - ath9k: fix an invalid pointer dereference in ath9k_rng_stop()

* xhci_hcd: ERROR Transfer event TRB DMA ptr not part of current TD ep_index 2
    comp_code 13 (LP: #1667750)
    - xhci: Bad Ethernet performance plugged in ASM1042A host

* Migrating KSM page causes the VM lock up as the KSM page merging list is too
    large (LP: #1680513)
    - ksm: introduce ksm_max_page_sharing per page deduplication limit
    - ksm: fix use after free with merge_across_nodes = 0
    - ksm: cleanup stable_node chain collapse case
    - ksm: swap the two output parameters of chain/chain_prune
    - ksm: optimize refile of stable_node_dup at the head of the chain

* Artful update to v4.11.12 stable release (LP: #1706067)
    - net/phy: micrel: configure intterupts after autoneg workaround
    - ipv6: avoid unregistering inet6_dev for loopback
    - netvsc: don't access netdev->num_rx_queues directly
    - sfc: Fix MCDI command size for filter operations
    - net: account for current skb length when deciding about UFO
    - net: dp83640: Avoid NULL pointer dereference.
    - tcp: reset sk_rx_dst in tcp_disconnect()
    - net: prevent sign extension in dev_get_stats()
    - virtio-net: serialize tx routine during reset
    - net: sched: Fix one possible panic when no destroy callback
    - mlxsw: spectrum_router: Fix NULL pointer dereference
    - rocker: move dereference before free
    - bpf: prevent leaking pointer via xadd on unpriviledged
    - net: handle NAPI_GRO_FREE_STOLEN_HEAD case also in napi_frags_finish()
    - net/mlx5: Cancel delayed recovery work when unloading the driver
    - net/mlx5e: Fix TX carrier errors report in get stats ndo
    - ipv6: dad: don't remove dynamic addresses if link is down
    - vxlan: fix hlist corruption
    - geneve: fix hlist corruption
    - net: core: Fix slab-out-of-bounds in netdev_stats_to_stats64
    - liquidio: fix bug in soft reset failure detection
    - net: ipv6: Compare lwstate in detecting duplicate nexthops
    - vrf: fix bug_on triggered by rx when destroying a vrf
    - rds: tcp: use sock_create_lite() to create the accept socket
    - net/mlx5e: Initialize CEE's getpermhwaddr address buffer to 0xff
    - cxgb4: fix BUG() on interrupt deallocating path of ULD
    - tap: convert a mutex to a spinlock
    - bridge: mdb: fix leak on complete_info ptr on fail path
    - brcmfmac: fix possible buffer overflow in brcmf_cfg80211_mgmt_tx()
    - sfc: don't read beyond unicast address list
    - Adding asm-prototypes.h for genksyms to generate crc
    - sed regex in Makefile.build requires line break between exported symbols
    - Adding the type of exported symbols
    - sparc64: Fix gup_huge_pmd
    - block: Fix a blk_exit_rl() regression
    - brcmfmac: Fix a memory leak in error handling path in
      'brcmf_cfg80211_attach'
    - brcmfmac: Fix glom_skb leak in brcmf_sdiod_recv_chain
    - efi: Process the MEMATTR table only if EFI_MEMMAP is enabled
    - cfg80211: Define nla_policy for NL80211_ATTR_LOCAL_MESH_POWER_MODE
    - cfg80211: Validate frequencies nested in NL80211_ATTR_SCAN_FREQUENCIES
    - cfg80211: Check if PMKID attribute is of expected size
    - cfg80211: Check if NAN service ID is of expected size
    - drm/amdgpu/gfx6: properly cache mc_arb_ramcfg
    - irqchip/gic-v3: Fix out-of-bound access in gic_set_affinity
    - parisc: Report SIGSEGV instead of SIGBUS when running out of stack
    - parisc: use compat_sys_keyctl()
    - parisc: DMA API: return error instead of BUG_ON for dma ops on non dma devs
    - parisc/mm: Ensure IRQs are off in switch_mm()
    - tools/lib/lockdep: Reduce MAX_LOCK_DEPTH to avoid overflowing lock_chain/:
      Depth
    - thp, mm: fix crash due race in MADV_FREE handling
    - kernel/extable.c: mark core_kernel_text notrace
    - mm/list_lru.c: fix list_lru_count_node() to be race free
    - fs/dcache.c: fix spin lockup issue on nlru->lock
    - checkpatch: silence perl 5.26.0 unescaped left brace warnings
    - binfmt_elf: use ELF_ET_DYN_BASE only for PIE
    - arm: move ELF_ET_DYN_BASE to 4MB
    - arm64: move ELF_ET_DYN_BASE to 4GB / 4MB
    - powerpc: move ELF_ET_DYN_BASE to 4GB / 4MB
    - s390: reduce ELF_ET_DYN_BASE
    - exec: Limit arg stack to at most 75% of _STK_LIM
    - powerpc/kexec: Fix radix to hash kexec due to IAMR/AMOR
    - ARM64: dts: marvell: armada37xx: Fix timer interrupt specifiers
    - arm64: Preventing READ_IMPLIES_EXEC propagation
    - vt: fix unchecked __put_user() in tioclinux ioctls
    - rcu: Add memory barriers for NOCB leader wakeup
    - nvmem: core: fix leaks on registration errors
    - Drivers: hv: vmbus: Close timing hole that can corrupt per-cpu page
    - mnt: In umount propagation reparent in a separate pass
    - mnt: In propgate_umount handle visiting mounts in any order
    - mnt: Make propagate_umount less slow for overlapping mount propagation trees
    - selftests/capabilities: Fix the test_execve test
    - mm: fix overflow check in expand_upwards()
    - crypto: talitos - Extend max key length for SHA384/512-HMAC and AEAD
    - crypto: atmel - only treat EBUSY as transient if backlog
    - crypto: sha1-ssse3 - Disable avx2
    - crypto: caam - properly set IV after {en,de}crypt
    - crypto: caam - fix signals handling
    - sched/fair, cpumask: Export for_each_cpu_wrap()
    - sched/topology: Fix building of overlapping sched-groups
    - sched/topology: Optimize build_group_mask()
    - sched/topology: Fix overlapping sched_group_mask
    - PM / wakeirq: Convert to SRCU
    - ALSA: x86: Clear the pdata.notify_lpe_audio pointer before teardown
    - PM / QoS: return -EINVAL for bogus strings
    - kvm: vmx: Do not disable intercepts for BNDCFGS
    - kvm: x86: Guest BNDCFGS requires guest MPX support
    - kvm: vmx: Check value written to IA32_BNDCFGS
    - kvm: vmx: allow host to access guest MSR_IA32_BNDCFGS
    - Linux 4.11.12

* Artful update to v4.11.11 stable release (LP: #1706066)
    - mqueue: fix a use-after-free in sys_mq_notify()
    - proc: Fix proc_sys_prune_dcache to hold a sb reference
    - locking/rwsem-spinlock: Fix EINTR branch in __down_write_common()
    - staging: vt6556: vnt_start Fix missing call to vnt_key_init_table.
    - staging: comedi: fix clean-up of comedi_class in comedi_init()
    - crypto: caam - fix gfp allocation flags (part I)
    - crypto: rsa-pkcs1pad - use constant time memory comparison for MACs
    - ext4: check return value of kstrtoull correctly in reserved_clusters_store
    - x86/mm/pat: Don't report PAT on CPUs that don't support it
    - Linux 4.11.11

* Change CONFIG_IBMVETH to module (LP: #1704479)
    - [Config] CONFIG_IBMVETH=m

* hns: use after free in hns_nic_net_xmit_hw (LP: #1704885)
    - net: hns: Fix a skb used after free bug

* Opal and POWER9 DD2 (LP: #1702159)
    - powerpc/powernv: Fix boot on Power8 bare metal due to opal_configure_cores()

* CVE-2017-1000364
    - mm/mmap.c: do not blow on PROT_NONE MAP_FIXED holes in the stack
    - mm/mmap.c: expand_downwards: don't require the gap if !vm_prev

* [Xenial] nvme: Quirks for PM1725 controllers (LP: #1704435)
    - nvme: Quirks for PM1725 controllers

* bonding: stack dump when unregistering a netdev (LP: #1704102)
    - bonding: avoid NETDEV_CHANGEMTU event when unregistering slave

* Ubuntu 16.04 IOB Error when the Mustang board rebooted (LP: #1693673)
    - drivers: net: xgene: Fix redundant prefetch buffer cleanup

* Ubuntu16.04: NVMe 4K+T10 DIF/DIX format returns I/O error on dd with split
    op (LP: #1689946)
    - blk-mq: NVMe 512B/4K+T10 DIF/DIX format returns I/O error on dd with split
      op

* linux >= 4.2: bonding 802.3ad does not work with 5G, 25G and 50G link speeds
    (LP: #1697892)
    - bonding: add 802.3ad support for 25G speeds
    - bonding: fix 802.3ad support for 5G and 50G speeds

* hns: under heavy load, NIC may fail and require reboot (LP: #1704146)
    - net: hns: Bugfix for Tx timeout handling in hns driver

* New ACPI identifiers for ThunderX SMMU (LP: #1703437)
    - iommu/arm-smmu: Plumb in new ACPI identifiers

* Transparent hugepages should default to enabled=madvise (LP: #1703742)
    - [Config] use CONFIG_TRANSPARENT_HUGEPAGE_MADVISE=y as default

* Miscellaneous Ubuntu changes
    - [Config] CONFIG_CAVIUM_ERRATUM_30115=y

* Miscellaneous upstream changes
    - platform/x86: thinkpad_acpi: guard generic hotkey case
    - platform/x86: thinkpad_acpi: add mapping for new hotkeys
    - selftest/memfd/Makefile: Fix build error

linux (4.11.0-11.16) artful; urgency=low

* linux: 4.11.0-11.16 -proposed tracker (LP: #1703901)

* Artful update to v4.11.10 stable release (LP: #1703854)
    - fs: add a VALID_OPEN_FLAGS
    - fs: completely ignore unknown open flags
    - driver core: platform: fix race condition with driver_override
    - RDMA/uverbs: Check port number supplied by user verbs cmds
    - ceph: choose readdir frag based on previous readdir reply
    - tracing/kprobes: Allow to create probe with a module name starting with a
      digit
    - usb: dwc3: replace %p with %pK
    - USB: serial: cp210x: add ID for CEL EM3588 USB ZigBee stick
    - Add USB quirk for HVR-950q to avoid intermittent device resets
    - usb: usbip: set buffer pointers to NULL after free
    - usb: Fix typo in the definition of Endpoint[out]Request
    - USB: core: fix device node leak
    - arm: remove wrong CONFIG_PROC_SYSCTL ifdef
    - pinctrl: sh-pfc: r8a7794: Swap ATA signals
    - pinctrl: sh-pfc: r8a7791: Fix SCIF2 pinmux data
    - pinctrl: sh-pfc: r8a7791: Add missing DVC_MUTE signal
    - pinctrl: sh-pfc: r8a7795: Fix hscif2_clk_b and hscif4_ctrl
    - pinctrl: meson: meson8b: fix the NAND DQS pins
    - pinctrl: stm32: Fix bad function call
    - pinctrl: sunxi: Fix SPDIF function name for A83T
    - pinctrl: core: Fix warning by removing bogus code
    - pinctrl: mxs: atomically switch mux and drive strength config
    - pinctrl: sh-pfc: r8a7791: Add missing HSCIF1 pinmux data
    - pinctrl: sh-pfc: Update info pointer after SoC-specific init
    - USB: serial: option: add two Longcheer device ids
    - USB: serial: qcserial: new Sierra Wireless EM7305 device ID
    - xhci: Limit USB2 port wake support for AMD Promontory hosts
    - gfs2: Fix glock rhashtable rcu bug
    - Add "shutdown" to "struct class".
    - tpm: Issue a TPM2_Shutdown for TPM2 devices.
    - tpm: fix a kernel memory leak in tpm-sysfs.c
    - x86/uaccess: Optimize copy_user_enhanced_fast_string() for short strings
    - xen: avoid deadlock in xenbus driver
    - crypto: drbg - Fixes panic in wait_for_completion call
    - rt286: add Thinkpad Helix 2 to force_combo_jack_table
    - Linux 4.11.10

* CVE-2017-10810
    - drm/virtio: don't leak bo on drm_gem_object_init failure

* cxlflash update request in the Xenial SRU stream (LP: #1702521)
    - scsi: cxlflash: Separate RRQ processing from the RRQ interrupt handler
    - scsi: cxlflash: Serialize RRQ access and support offlevel processing
    - scsi: cxlflash: Implement IRQ polling for RRQ processing
    - scsi: cxlflash: Update sysfs helper routines to pass config structure
    - scsi: cxlflash: Support dynamic number of FC ports
    - scsi: cxlflash: Remove port configuration assumptions
    - scsi: cxlflash: Hide FC internals behind common access routine
    - scsi: cxlflash: SISlite updates to support 4 ports
    - scsi: cxlflash: Support up to 4 ports
    - scsi: cxlflash: Fence EEH during probe
    - scsi: cxlflash: Remove unnecessary DMA mapping
    - scsi: cxlflash: Fix power-of-two validations
    - scsi: cxlflash: Fix warnings/errors
    - scsi: cxlflash: Improve asynchronous interrupt processing
    - scsi: cxlflash: Support multiple hardware queues
    - scsi: cxlflash: Add hardware queues attribute
    - scsi: cxlflash: Introduce hardware queue steering
    - cxl: Enable PCI device IDs for future IBM CXL adapters
    - scsi: cxlflash: Select IRQ_POLL
    - scsi: cxlflash: Combine the send queue locks
    - scsi: cxlflash: Update cxlflash_afu_sync() to return errno
    - scsi: cxlflash: Reset hardware queue context via specified register
    - scsi: cxlflash: Schedule asynchronous reset of the host
    - scsi: cxlflash: Handle AFU sync failures
    - scsi: cxlflash: Track pending scsi commands in each hardware queue
    - scsi: cxlflash: Flush pending commands in cleanup path
    - scsi: cxlflash: Add scsi command abort handler
    - scsi: cxlflash: Create character device to provide host management interface
    - scsi: cxlflash: Separate AFU internal command handling from AFU sync
      specifics
    - scsi: cxlflash: Introduce host ioctl support
    - scsi: cxlflash: Refactor AFU capability checking
    - scsi: cxlflash: Support LUN provisioning
    - scsi: cxlflash: Support AFU debug
    - scsi: cxlflash: Support WS16 unmap
    - scsi: cxlflash: Remove zeroing of private command data
    - scsi: cxlflash: Update TMF command processing
    - scsi: cxlflash: Avoid double free of character device
    - scsi: cxlflash: Update send_tmf() parameters
    - scsi: cxlflash: Update debug prints in reset handlers

* make snap-pkg support (LP: #1700747)
    - make snap-pkg support

* Quirk for non-compliant PCI bridge on HiSilicon D05 board (LP: #1698706)
    - SAUCE: PCI: Support hibmc VGA cards behind a misbehaving HiSilicon bridge

* arm64: fix crash reading /proc/kcore (LP: #1702749)
    - fs/proc: kcore: use kcore_list type to check for vmalloc/module address
    - arm64: mm: select CONFIG_ARCH_PROC_KCORE_TEXT

* Opal and POWER9 DD2 (LP: #1702159)
    - SAUCE: powerpc/powernv: Tell OPAL about our MMU mode on POWER9

* Data corruption with hio driver  (LP: #1701316)
    - SAUCE: hio: Fix incorrect use of enum req_opf values

* Artful update to v4.11.9 stable release (LP: #1702515)
    - net: don't call strlen on non-terminated string in dev_set_alias()
    - net: Fix inconsistent teardown and release of private netdev state.
    - net: s390: fix up for "Fix inconsistent teardown and release of private
      netdev state"
    - mac80211: free netdev on dev_alloc_name() error
    - decnet: dn_rtmsg: Improve input length sanitization in
      dnrmg_receive_user_skb
    - net: Zero ifla_vf_info in rtnl_fill_vfinfo()
    - net: ipv6: Release route when device is unregistering
    - net: vrf: Make add_fib_rules per network namespace flag
    - af_unix: Add sockaddr length checks before accessing sa_family in bind and
      connect handlers
    - Fix an intermittent pr_emerg warning about lo becoming free.
    - sctp: disable BH in sctp_for_each_endpoint
    - net: caif: Fix a sleep-in-atomic bug in cfpkt_create_pfx
    - net: tipc: Fix a sleep-in-atomic bug in tipc_msg_reverse
    - net/mlx5: Remove several module events out of ethtool stats
    - net/mlx5e: Added BW check for DIM decision mechanism
    - net/mlx5e: Fix wrong indications in DIM due to counter wraparound
    - net/mlx5: Enable 4K UAR only when page size is bigger than 4K
    - proc: snmp6: Use correct type in memset
    - igmp: acquire pmc lock for ip_mc_clear_src()
    - igmp: add a missing spin_lock_init()
    - qmi_wwan: new Telewell and Sierra device IDs
    - net: don't global ICMP rate limit packets originating from loopback
    - ipv6: fix calling in6_ifa_hold incorrectly for dad work
    - sctp: return next obj by passing pos + 1 into sctp_transport_get_idx
    - net/mlx5e: Fix min inline value for VF rep SQs
    - net/mlx5e: Avoid doing a cleanup call if the profile doesn't have it
    - net/mlx5: Wait for FW readiness before initializing command interface
    - net/mlx5e: Fix timestamping capabilities reporting
    - decnet: always not take dst->__refcnt when inserting dst into hash table
    - net: 8021q: Fix one possible panic caused by BUG_ON in free_netdev
    - ipv6: Do not leak throw route references
    - rtnetlink: add IFLA_GROUP to ifla_policy
    - netfilter: synproxy: fix conntrackd interaction
    - NFSv4.x/callback: Create the callback service through svc_create_pooled
    - xen/blkback: don't use xen_blkif_get() in xen-blkback kthread
    - MIPS: head: Reorder instructions missing a delay slot
    - MIPS: Avoid accidental raw backtrace
    - MIPS: pm-cps: Drop manual cache-line alignment of ready_count
    - MIPS: Fix IRQ tracing & lockdep when rescheduling
    - ALSA: hda - Fix endless loop of codec configure
    - ALSA: hda - set input_path bitmap to zero after moving it to new place
    - NFSv4.2: Don't send mode again in post-EXCLUSIVE4_1 SETATTR with umask
    - NFSv4.1: Fix a race in nfs4_proc_layoutget
    - Revert "NFS: nfs_rename() handle -ERESTARTSYS dentry left behind"
    - ovl: copy-up: don't unlock between lookup and link
    - gpiolib: fix filtering out unwanted events
    - x86/intel_rdt: Fix memory leak on mount failure
    - perf/x86/intel/uncore: Fix wrong box pointer check
    - drm/vmwgfx: Free hash table allocated by cmdbuf managed res mgr
    - dm thin: do not queue freed thin mapping for next stage processing
    - x86/mm: Fix boot crash caused by incorrect loop count calculation in
      sync_global_pgds()
    - mm/vmalloc.c: huge-vmap: fail gracefully on unexpected huge vmap mappings
    - xen/blkback: don't free be structure too early
    - xfrm6: Fix IPv6 payload_len in xfrm6_transport_finish
    - xfrm: move xfrm_garbage_collect out of xfrm_policy_flush
    - xfrm: fix stack access out of bounds with CONFIG_XFRM_SUB_POLICY
    - xfrm: NULL dereference on allocation failure
    - xfrm: Oops on error in pfkey_msg2xfrm_state()
    - watchdog: bcm281xx: Fix use of uninitialized spinlock.
    - ARM64: PCI: Fix struct acpi_pci_root_ops allocation failure path
    - ARM64/ACPI: Fix BAD_MADT_GICC_ENTRY() macro implementation
    - ARM: 8685/1: ensure memblock-limit is pmd-aligned
    - ARM: davinci: PM: Free resources in error handling path in 'davinci_pm_init'
    - ARM: davinci: PM: Do not free useful resources in normal path in
      'davinci_pm_init'
    - tools arch: Sync arch/x86/lib/memcpy_64.S with the kernel
    - Revert "x86/entry: Fix the end of the stack for newly forked tasks"
    - x86/mshyperv: Remove excess #includes from mshyperv.h
    - x86/boot/KASLR: Fix kexec crash due to 'virt_addr' calculation bug
    - perf/x86: Fix spurious NMI with PEBS Load Latency event
    - x86/mpx: Correctly report do_mpx_bt_fault() failures to user-space
    - x86/mm: Fix flush_tlb_page() on Xen
    - ocfs2: o2hb: revert hb threshold to keep compatible
    - ocfs2: fix deadlock caused by recursive locking in xattr
    - iommu/dma: Don't reserve PCI I/O windows
    - iommu/amd: Fix incorrect error handling in amd_iommu_bind_pasid()
    - iommu/amd: Fix interrupt remapping when disable guest_mode
    - infiniband: hns: avoid gcc-7.0.1 warning for uninitialized data
    - mtd: nand: brcmnand: Check flash #WP pin status before nand erase/program
    - mtd: nand: fsmc: fix NAND width handling
    - KVM: x86: fix emulation of RSM and IRET instructions
    - KVM: x86/vPMU: fix undefined shift in intel_pmu_refresh()
    - KVM: x86: zero base3 of unusable segments
    - KVM: nVMX: Fix exception injection
    - esp4: Fix udpencap for local TCP packets.
    - hsi: Fix build regression due to netdev destructor fix.
    - Linux 4.11.9

* update ENA driver to 1.2.0k from net-next (LP: #1701575)
    - net/ena: switch to pci_alloc_irq_vectors
    - net: ena: fix rare uncompleted admin command false alarm
    - net: ena: fix bug that might cause hang after consecutive open/close
      interface.
    - net: ena: add missing return when ena_com_get_io_handlers() fails
    - net: ena: fix race condition between submit and completion admin command
    - net: ena: add missing unmap bars on device removal
    - net: ena: fix theoretical Rx hang on low memory systems
    - net: ena: disable admin msix while working in polling mode
    - net: ena: bug fix in lost tx packets detection mechanism
    - net: ena: update ena driver to version 1.1.7
    - net: ena: change return value for unsupported features unsupported return
      value
    - net: ena: add hardware hints capability to the driver
    - net: ena: change sizeof() argument to be the type pointer
    - net: ena: add reset reason for each device FLR
    - net: ena: add support for out of order rx buffers refill
    - net: ena: allow the driver to work with small number of msix vectors
    - net: ena: use napi_schedule_irqoff when possible
    - net: ena: separate skb allocation to dedicated function
    - net: ena: use lower_32_bits()/upper_32_bits() to split dma address
    - net: ena: update driver's rx drop statistics
    - net: ena: update ena driver to version 1.2.0

* APST gets enabled against explicit kernel option (LP: #1699004)
    - nvme: Display raw APST configuration via DYNAMIC_DEBUG
    - nvme: Add nvme_core.force_apst to ignore the NO_APST quirk
    - nvme: explicitly disable APST on quirked devices

* New NVLINK2 patches (LP: #1701272)
    - powerpc/powernv/npu-dma: Add explicit flush when sending an ATSD
    - powerpc/npu-dma: Remove spurious WARN_ON when a PCI device has no of_node

* ERAT invalidate on context switch removal (LP: #1700819)
    - powerpc: Only do ERAT invalidate on radix context switch on P9 DD1

* Miscellaneous Ubuntu changes
    - SAUCE: (noup) Update spl to 0.6.5.10-1, zfs to 0.6.5.10-1ubuntu2
    - snapcraft.yaml: Sync with xenial

* Miscellaneous upstream changes
    - Revert "UBUNTU: SAUCE: (efi-lockdown) efi: Add sysctls for secureboot and
      MokSBState"

-- Thadeu Lima de Souza Cascardo <cascardo@canonical.com>  Tue, 01 Aug 2017 19:35:17 -0300

Changed in linux (Ubuntu):
status:	Fix Committed → Fix Released

Revision history for this message

Kleber Sacilotto de Souza (kleber-souza) wrote on 2017-08-16:

#2

This bug is awaiting verification that the kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-zesty' to 'verification-done-zesty'. If the problem still exists, change the tag 'verification-needed-zesty' to 'verification-failed-zesty'.

If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you!

tags:

added: verification-needed-zesty

Revision history for this message

dann frazier (dannf) wrote on 2017-08-16:

#3

dmesg output of proposed kernel collected via ssh over hns NIC Edit (116.0 KiB, text/html)

tags:

added: verification-done-zesty
removed: verification-needed-zesty

Revision history for this message

Launchpad Janitor (janitor) wrote on 2017-08-28:

#4

Download full text (8.5 KiB)

This bug was fixed in the package linux - 4.10.0-33.37

---------------
linux (4.10.0-33.37) zesty; urgency=low

* linux: 4.10.0-33.37 -proposed tracker (LP: #1709303)

  * CVE-2017-1000112
    - Revert "udp: consistently apply ufo or fragmentation"
    - udp: consistently apply ufo or fragmentation

  * CVE-2017-1000111
    - Revert "net-packet: fix race in packet_set_ring on PACKET_RESERVE"
    - packet: fix tp_reserve race in packet_set_ring

  * ThunderX: soft lockup on 4.8+ kernels when running qemu-efi with vhost=on
    (LP: #1673564)
    - irqchip/gic-v3: Add missing system register definitions
    - arm64: KVM: Do not use stack-protector to compile EL2 code
    - KVM: arm/arm64: vgic-v3: Use PREbits to infer the number of ICH_APxRn_EL2
      registers
    - KVM: arm/arm64: vgic-v3: Fix nr_pre_bits bitfield extraction
    - arm64: Add a facility to turn an ESR syndrome into a sysreg encoding
    - KVM: arm/arm64: vgic-v3: Add accessors for the ICH_APxRn_EL2 registers
    - KVM: arm64: Make kvm_condition_valid32() accessible from EL2
    - KVM: arm64: vgic-v3: Add hook to handle guest GICv3 sysreg accesses at EL2
    - KVM: arm64: vgic-v3: Add ICV_BPR1_EL1 handler
    - KVM: arm64: vgic-v3: Add ICV_IGRPEN1_EL1 handler
    - KVM: arm64: vgic-v3: Add ICV_IAR1_EL1 handler
    - KVM: arm64: vgic-v3: Add ICV_EOIR1_EL1 handler
    - KVM: arm64: vgic-v3: Add ICV_AP1Rn_EL1 handler
    - KVM: arm64: vgic-v3: Add ICV_HPPIR1_EL1 handler
    - KVM: arm64: vgic-v3: Enable trapping of Group-1 system registers
    - KVM: arm64: Enable GICv3 Group-1 sysreg trapping via command-line
    - KVM: arm64: vgic-v3: Add ICV_BPR0_EL1 handler
    - KVM: arm64: vgic-v3: Add ICV_IGNREN0_EL1 handler
    - KVM: arm64: vgic-v3: Add misc Group-0 handlers
    - KVM: arm64: vgic-v3: Enable trapping of Group-0 system registers
    - KVM: arm64: Enable GICv3 Group-0 sysreg trapping via command-line
    - arm64: Add MIDR values for Cavium cn83XX SoCs
    - [Config] CONFIG_CAVIUM_ERRATUM_30115=y
    - arm64: Add workaround for Cavium Thunder erratum 30115
    - KVM: arm64: vgic-v3: Add ICV_DIR_EL1 handler
    - KVM: arm64: vgic-v3: Add ICV_RPR_EL1 handler
    - KVM: arm64: vgic-v3: Add ICV_CTLR_EL1 handler
    - KVM: arm64: vgic-v3: Add ICV_PMR_EL1 handler
    - KVM: arm64: Enable GICv3 common sysreg trapping via command-line
    - KVM: arm64: vgic-v3: Log which GICv3 system registers are trapped
    - arm64: KVM: Make unexpected reads from WO registers inject an undef
    - KVM: arm64: Log an error if trapping a read-from-write-only GICv3 access
    - KVM: arm64: Log an error if trapping a write-to-read-only GICv3 access

  * ibmvscsis: Do not send aborted task response (LP: #1689365)
    - target: Fix unknown fabric callback queue-full errors
    - ibmvscsis: Do not send aborted task response
    - ibmvscsis: Clear left-over abort_cmd pointers
    - ibmvscsis: Fix the incorrect req_lim_delta

  * hisi_sas performance improvements (LP: #1708734)
    - scsi: hisi_sas: define hisi_sas_device.device_id as int
    - scsi: hisi_sas: optimise the usage of hisi_hba.lock
    - scsi: hisi_sas: relocate sata_done_v2_hw()
    - scsi: hisi_sas: optimise DMA slot memory

* hisi_sas...

This bug was fixed in the package linux - 4.10.0-33.37

---------------
linux (4.10.0-33.37) zesty; urgency=low

* linux: 4.10.0-33.37 -proposed tracker (LP: #1709303)

* CVE-2017-1000112
    - Revert "udp: consistently apply ufo or fragmentation"
    - udp: consistently apply ufo or fragmentation

* CVE-2017-1000111
    - Revert "net-packet: fix race in packet_set_ring on PACKET_RESERVE"
    - packet: fix tp_reserve race in packet_set_ring

* ThunderX: soft lockup on 4.8+ kernels when running qemu-efi with vhost=on
    (LP: #1673564)
    - irqchip/gic-v3: Add missing system register definitions
    - arm64: KVM: Do not use stack-protector to compile EL2 code
    - KVM: arm/arm64: vgic-v3: Use PREbits to infer the number of ICH_APxRn_EL2
      registers
    - KVM: arm/arm64: vgic-v3: Fix nr_pre_bits bitfield extraction
    - arm64: Add a facility to turn an ESR syndrome into a sysreg encoding
    - KVM: arm/arm64: vgic-v3: Add accessors for the ICH_APxRn_EL2 registers
    - KVM: arm64: Make kvm_condition_valid32() accessible from EL2
    - KVM: arm64: vgic-v3: Add hook to handle guest GICv3 sysreg accesses at EL2
    - KVM: arm64: vgic-v3: Add ICV_BPR1_EL1 handler
    - KVM: arm64: vgic-v3: Add ICV_IGRPEN1_EL1 handler
    - KVM: arm64: vgic-v3: Add ICV_IAR1_EL1 handler
    - KVM: arm64: vgic-v3: Add ICV_EOIR1_EL1 handler
    - KVM: arm64: vgic-v3: Add ICV_AP1Rn_EL1 handler
    - KVM: arm64: vgic-v3: Add ICV_HPPIR1_EL1 handler
    - KVM: arm64: vgic-v3: Enable trapping of Group-1 system registers
    - KVM: arm64: Enable GICv3 Group-1 sysreg trapping via command-line
    - KVM: arm64: vgic-v3: Add ICV_BPR0_EL1 handler
    - KVM: arm64: vgic-v3: Add ICV_IGNREN0_EL1 handler
    - KVM: arm64: vgic-v3: Add misc Group-0 handlers
    - KVM: arm64: vgic-v3: Enable trapping of Group-0 system registers
    - KVM: arm64: Enable GICv3 Group-0 sysreg trapping via command-line
    - arm64: Add MIDR values for Cavium cn83XX SoCs
    - [Config] CONFIG_CAVIUM_ERRATUM_30115=y
    - arm64: Add workaround for Cavium Thunder erratum 30115
    - KVM: arm64: vgic-v3: Add ICV_DIR_EL1 handler
    - KVM: arm64: vgic-v3: Add ICV_RPR_EL1 handler
    - KVM: arm64: vgic-v3: Add ICV_CTLR_EL1 handler
    - KVM: arm64: vgic-v3: Add ICV_PMR_EL1 handler
    - KVM: arm64: Enable GICv3 common sysreg trapping via command-line
    - KVM: arm64: vgic-v3: Log which GICv3 system registers are trapped
    - arm64: KVM: Make unexpected reads from WO registers inject an undef
    - KVM: arm64: Log an error if trapping a read-from-write-only GICv3 access
    - KVM: arm64: Log an error if trapping a write-to-read-only GICv3 access

* ibmvscsis: Do not send aborted task response (LP: #1689365)
    - target: Fix unknown fabric callback queue-full errors
    - ibmvscsis: Do not send aborted task response
    - ibmvscsis: Clear left-over abort_cmd pointers
    - ibmvscsis: Fix the incorrect req_lim_delta

* hisi_sas performance improvements (LP: #1708734)
    - scsi: hisi_sas: define hisi_sas_device.device_id as int
    - scsi: hisi_sas: optimise the usage of hisi_hba.lock
    - scsi: hisi_sas: relocate sata_done_v2_hw()
    - scsi: hisi_sas: optimise DMA slot memory

* hisi_sas driver reports mistakes timed out task for internal abort
    (LP: #1708730)
    - scsi: hisi_sas: fix timeout check in hisi_sas_internal_task_abort()

* scsi: hisi_sas: add null check before indirect pointer dereference
    (LP: #1708714)
    - scsi: hisi_sas: add null check before indirect pointer dereference

* [LTCTest][Opal][FW860.20] HMI recoverable errors failed to recover and
    system goes to dump state. (LP: #1684054)
    - powerpc/64: Fix HMI exception on LE with CONFIG_RELOCATABLE=y

* Set CONFIG_SATA_HIGHBANK=y on armhf (LP: #1703430)
    - [Config] CONFIG_SATA_HIGHBANK=y

* Adt tests of src:linux time out often on armhf lxc containers (LP: #1705495)
    - [Packaging] tests -- reduce rebuild test to one flavour

* support Hip07/08 I2C controller (LP: #1708293)
    - ACPI / APD: Add clock frequency for Hisilicon Hip07/08 I2C controller
    - i2c: designware: Add ACPI HID for Hisilicon Hip07/08 I2C controller

* Mute key LED does not work on HP ProBook 440 (LP: #1705586)
    - ALSA: hda - Add HP ZBook 15u G3 Conexant CX20724 GPIO mute leds
    - ALSA: hda - Add mute led support for HP ProBook 440 G4

* Hisilicon D05 onboard fibre NIC link indicator LEDs don't work
    (LP: #1704903)
    - net: hns: add acpi function of xge led control

* zesty unable to handle kernel NULL pointer dereference (LP: #1680904)
    - drm/i915: Do not drop pagetables when empty