Bug #1704435 “[Xenial] nvme: Quirks for PM1725 controllers” : Bugs : linux package : Ubuntu

Leann Ogasawara (leannogasawara) on 2017-07-14

Changed in linux (Ubuntu Xenial):
assignee:	nobody → Canonical Kernel Team (canonical-kernel-team)
status:	New → Triaged
Changed in linux (Ubuntu Yakkety):
status:	New → Triaged
Changed in linux (Ubuntu Zesty):
status:	New → Triaged
Changed in linux (Ubuntu Artful):
status:	New → Triaged
Changed in linux (Ubuntu Xenial):
importance:	Undecided → Critical
Changed in linux (Ubuntu Zesty):
importance:	Undecided → Critical
Changed in linux (Ubuntu Yakkety):
importance:	Undecided → Critical
Changed in linux (Ubuntu Artful):
importance:	Undecided → Critical
Changed in linux (Ubuntu Yakkety):
assignee:	nobody → Canonical Kernel Team (canonical-kernel-team)
Changed in linux (Ubuntu Zesty):
assignee:	nobody → Canonical Kernel Team (canonical-kernel-team)
Changed in linux (Ubuntu Artful):
assignee:	nobody → Canonical Kernel Team (canonical-kernel-team)

Joseph Salisbury (jsalisbury) on 2017-07-17

tags:	added: kernel-da-key
tags:	added: artful xenial yakkety zesty

Seth Forshee (sforshee) on 2017-07-17

Changed in linux (Ubuntu Artful):
status:	Triaged → Fix Committed

Kleber Sacilotto de Souza (kleber-souza) on 2017-07-17

Changed in linux (Ubuntu Xenial):
status:	Triaged → Fix Committed
Changed in linux (Ubuntu Yakkety):
status:	Triaged → Fix Committed
Changed in linux (Ubuntu Zesty):
status:	Triaged → Fix Committed

Revision history for this message

Kleber Sacilotto de Souza (kleber-souza) wrote on 2017-07-21:

#1

This bug is awaiting verification that the kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-zesty' to 'verification-done-zesty'. If the problem still exists, change the tag 'verification-needed-zesty' to 'verification-failed-zesty'.

If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you!

tags:

added: verification-needed-zesty

Revision history for this message

Kleber Sacilotto de Souza (kleber-souza) wrote on 2017-07-25:

#2

This bug is awaiting verification that the kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-xenial' to 'verification-done-xenial'. If the problem still exists, change the tag 'verification-needed-xenial' to 'verification-failed-xenial'.

If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you!

tags:

added: verification-needed-xenial

Revision history for this message

Andy Whitcroft (apw) wrote on 2017-07-26: Closing unsupported series nomination.

#3

This bug was nominated against a series that is no longer supported, ie yakkety. The bug task representing the yakkety nomination is being closed as Won't Fix.

This change has been made by an automated script, maintained by the Ubuntu Kernel Team.

Changed in linux (Ubuntu Yakkety):
status:	Fix Committed → Won't Fix

Revision history for this message

Launchpad Janitor (janitor) wrote on 2017-08-03:

#4

Download full text (6.6 KiB)

This bug was fixed in the package linux - 4.10.0-30.34

---------------
linux (4.10.0-30.34) zesty; urgency=low

* CVE-2017-7533
- dentry name snapshots

linux (4.10.0-29.33) zesty; urgency=low

* linux: 4.10.0-29.33 -proposed tracker (LP: #1704961)

  * Opal and POWER9 DD2 (LP: #1702159)
    - powerpc/powernv: Tell OPAL about our MMU mode on POWER9
    - powerpc/powernv: Fix boot on Power8 bare metal due to opal_configure_cores()

  * CVE-2017-1000364
    - mm/mmap.c: do not blow on PROT_NONE MAP_FIXED holes in the stack
    - mm/mmap.c: expand_downwards: don't require the gap if !vm_prev

* [Xenial] nvme: Quirks for PM1725 controllers (LP: #1704435)
- nvme: Quirks for PM1725 controllers

* hns: under heavy load, NIC may fail and require reboot (LP: #1704146)
- net: hns: Bugfix for Tx timeout handling in hns driver

* New ACPI identifiers for ThunderX SMMU (LP: #1703437)
- iommu/arm-smmu: Plumb in new ACPI identifiers

* CVE-2017-7482
- rxrpc: Fix several cases where a padded len isn't checked in ticket decode

* CVE-2017-1000365
- fs/exec.c: account for argv/envp pointers

* CVE-2017-10810
- drm/virtio: don't leak bo on drm_gem_object_init failure

* Data corruption with hio driver (LP: #1701316)
- SAUCE: hio: Fix incorrect use of enum req_opf values

  * arm64: fix crash reading /proc/kcore (LP: #1702749)
    - fs/proc: kcore: use kcore_list type to check for vmalloc/module address
    - arm64: mm: select CONFIG_ARCH_PROC_KCORE_TEXT

  * cxlflash update request in the Xenial SRU stream (LP: #1702521)
    - scsi: cxlflash: Refactor context reset to share reset logic
    - scsi: cxlflash: Support SQ Command Mode
    - scsi: cxlflash: Cleanup prints
    - scsi: cxlflash: Cancel scheduled workers before stopping AFU
    - scsi: cxlflash: Enable PCI device ID for future IBM CXL Flash AFU
    - scsi: cxlflash: Separate RRQ processing from the RRQ interrupt handler
    - scsi: cxlflash: Serialize RRQ access and support offlevel processing
    - scsi: cxlflash: Implement IRQ polling for RRQ processing
    - scsi: cxlflash: Update sysfs helper routines to pass config structure
    - scsi: cxlflash: Support dynamic number of FC ports
    - scsi: cxlflash: Remove port configuration assumptions
    - scsi: cxlflash: Hide FC internals behind common access routine
    - scsi: cxlflash: SISlite updates to support 4 ports
    - scsi: cxlflash: Support up to 4 ports
    - scsi: cxlflash: Fence EEH during probe
    - scsi: cxlflash: Remove unnecessary DMA mapping
    - scsi: cxlflash: Fix power-of-two validations
    - scsi: cxlflash: Fix warnings/errors
    - scsi: cxlflash: Improve asynchronous interrupt processing
    - scsi: cxlflash: Support multiple hardware queues
    - scsi: cxlflash: Add hardware queues attribute
    - scsi: cxlflash: Introduce hardware queue steering
    - cxl: Enable PCI device IDs for future IBM CXL adapters
    - scsi: cxlflash: Select IRQ_POLL
    - scsi: cxlflash: Combine the send queue locks
    - scsi: cxlflash: Update cxlflash_afu_sync() to return errno
    - scsi: cxlflash: Reset hardware queue context via specified register
    - scsi: cxlflash: Schedule asynchronous res...

This bug was fixed in the package linux - 4.10.0-30.34

---------------
linux (4.10.0-30.34) zesty; urgency=low

* CVE-2017-7533
    - dentry name snapshots

linux (4.10.0-29.33) zesty; urgency=low

* linux: 4.10.0-29.33 -proposed tracker (LP: #1704961)

* Opal and POWER9 DD2 (LP: #1702159)
    - powerpc/powernv: Tell OPAL about our MMU mode on POWER9
    - powerpc/powernv: Fix boot on Power8 bare metal due to opal_configure_cores()

* CVE-2017-1000364
    - mm/mmap.c: do not blow on PROT_NONE MAP_FIXED holes in the stack
    - mm/mmap.c: expand_downwards: don't require the gap if !vm_prev

* [Xenial] nvme: Quirks for PM1725 controllers (LP: #1704435)
    - nvme: Quirks for PM1725 controllers

* hns: under heavy load, NIC may fail and require reboot (LP: #1704146)
    - net: hns: Bugfix for Tx timeout handling in hns driver

* New ACPI identifiers for ThunderX SMMU (LP: #1703437)
    - iommu/arm-smmu: Plumb in new ACPI identifiers

* CVE-2017-7482
    - rxrpc: Fix several cases where a padded len isn't checked in ticket decode

* CVE-2017-1000365
    - fs/exec.c: account for argv/envp pointers

* CVE-2017-10810
    - drm/virtio: don't leak bo on drm_gem_object_init failure

* Data corruption with hio driver  (LP: #1701316)
    - SAUCE: hio: Fix incorrect use of enum req_opf values

* arm64: fix crash reading /proc/kcore (LP: #1702749)
    - fs/proc: kcore: use kcore_list type to check for vmalloc/module address
    - arm64: mm: select CONFIG_ARCH_PROC_KCORE_TEXT

* cxlflash update request in the Xenial SRU stream (LP: #1702521)
    - scsi: cxlflash: Refactor context reset to share reset logic
    - scsi: cxlflash: Support SQ Command Mode
    - scsi: cxlflash: Cleanup prints
    - scsi: cxlflash: Cancel scheduled workers before stopping AFU
    - scsi: cxlflash: Enable PCI device ID for future IBM CXL Flash AFU
    - scsi: cxlflash: Separate RRQ processing from the RRQ interrupt handler
    - scsi: cxlflash: Serialize RRQ access and support offlevel processing
    - scsi: cxlflash: Implement IRQ polling for RRQ processing
    - scsi: cxlflash: Update sysfs helper routines to pass config structure
    - scsi: cxlflash: Support dynamic number of FC ports
    - scsi: cxlflash: Remove port configuration assumptions
    - scsi: cxlflash: Hide FC internals behind common access routine
    - scsi: cxlflash: SISlite updates to support 4 ports
    - scsi: cxlflash: Support up to 4 ports
    - scsi: cxlflash: Fence EEH during probe
    - scsi: cxlflash: Remove unnecessary DMA mapping
    - scsi: cxlflash: Fix power-of-two validations
    - scsi: cxlflash: Fix warnings/errors
    - scsi: cxlflash: Improve asynchronous interrupt processing
    - scsi: cxlflash: Support multiple hardware queues
    - scsi: cxlflash: Add hardware queues attribute
    - scsi: cxlflash: Introduce hardware queue steering
    - cxl: Enable PCI device IDs for future IBM CXL adapters
    - scsi: cxlflash: Select IRQ_POLL
    - scsi: cxlflash: Combine the send queue locks
    - scsi: cxlflash: Update cxlflash_afu_sync() to return errno
    - scsi: cxlflash: Reset hardware queue context via specified register
    - scsi: cxlflash: Schedule asynchronous reset of the host
    - scsi: cxlflash: Handle AFU sync failures
    - scsi: cxlflash: Track pending scsi commands in each hardware queue
    - scsi: cxlflash: Flush pending commands in cleanup path
    - scsi: cxlflash: Add scsi command abort handler
    - scsi: cxlflash: Create character device to provide host management interface
    - scsi: cxlflash: Separate AFU internal command handling from AFU sync
      specifics
    - scsi: cxlflash: Introduce host ioctl support
    - scsi: cxlflash: Refactor AFU capability checking
    - scsi: cxlflash: Support LUN provisioning
    - scsi: cxlflash: Support AFU debug
    - scsi: cxlflash: Support WS16 unmap
    - scsi: cxlflash: Remove zeroing of private command data
    - scsi: cxlflash: Update TMF command processing
    - scsi: cxlflash: Avoid double free of character device
    - scsi: cxlflash: Update send_tmf() parameters
    - scsi: cxlflash: Update debug prints in reset handlers

* Ath10k to read different board data file if specify in SMBIOS (LP: #1666742)
    - ath10k: search SMBIOS for OEM board file extension

* APST gets enabled against explicit kernel option (LP: #1699004)
    - nvme: Display raw APST configuration via DYNAMIC_DEBUG
    - nvme: Add nvme_core.force_apst to ignore the NO_APST quirk
    - nvme: explicitly disable APST on quirked devices

* Quirk for non-compliant PCI bridge on HiSilicon D05 board (LP: #1698706)
    - SAUCE: PCI: Support hibmc VGA cards behind a misbehaving HiSilicon bridge

* New NVLINK2 patches (LP: #1701272)
    - powerpc/powernv/npu-dma: Add explicit flush when sending an ATSD
    - powerpc/npu-dma: Remove spurious WARN_ON when a PCI device has no of_node

* ERAT invalidate on context switch removal (LP: #1700819)
    - powerpc: Only do ERAT invalidate on radix context switch on P9 DD1

* powerpc: Invalidate ERAT on powersave wakeup for POWER9 (LP: #1700521)
    - powerpc/64s: Invalidate ERAT on powersave wakeup for POWER9

* update ENA driver to 1.2.0k from net-next (LP: #1701575)
    - net/ena: use napi_complete_done() return value
    - net: ena: remove superfluous check in ena_remove()
    - net/ena: switch to pci_alloc_irq_vectors
    - net: ena: fix rare uncompleted admin command false alarm
    - net: ena: fix bug that might cause hang after consecutive open/close
      interface.
    - net: ena: add missing return when ena_com_get_io_handlers() fails
    - net: ena: fix race condition between submit and completion admin command
    - net: ena: add missing unmap bars on device removal
    - net: ena: fix theoretical Rx hang on low memory systems
    - net: ena: disable admin msix while working in polling mode
    - net: ena: bug fix in lost tx packets detection mechanism
    - net: ena: update ena driver to version 1.1.7
    - net: ena: change return value for unsupported features unsupported return
      value
    - net: ena: add hardware hints capability to the driver
    - net: ena: change sizeof() argument to be the type pointer
    - net: ena: add reset reason for each device FLR
    - net: ena: add support for out of order rx buffers refill
    - net: ena: allow the driver to work with small number of msix vectors
    - net: ena: use napi_schedule_irqoff when possible
    - net: ena: separate skb allocation to dedicated function
    - net: ena: use lower_32_bits()/upper_32_bits() to split dma address
    - net: ena: update driver's rx drop statistics
    - net: ena: update ena driver to version 1.2.0

-- Thadeu Lima de Souza Cascardo <cascardo@canonical.com>  Mon, 31 Jul 2017 14:27:53 -0300

Changed in linux (Ubuntu Zesty):
status:	Fix Committed → Fix Released

Revision history for this message

Launchpad Janitor (janitor) wrote on 2017-08-03:

#5

Download full text (12.0 KiB)

This bug was fixed in the package linux - 4.4.0-89.112

---------------
linux (4.4.0-89.112) xenial; urgency=low

* CVE-2017-7533
- dentry name snapshots

linux (4.4.0-88.111) xenial; urgency=low

* linux: 4.4.0-88.111 -proposed tracker (LP: #1705270)

* [Xenial] nvme: Quirks for PM1725 controllers (LP: #1704435)
- nvme: Quirks for PM1725 controllers

  * Upgrade Redpine WLAN/BT driver to ver. 1.2 (production release)
    (LP: #1697829)
    - SAUCE: Redpine: Upgrade to ver. 1.2 production release

  * ubuntu/rsi driver has several issues as picked up by static analysis
    (LP: #1694733)
    - SAUCE: Redpine: Upgrade to ver. 1.2 production release

  * Redpine vendor driver - Switching to AP mode causes kernel panic
    (LP: #1700941)
    - SAUCE: Redpine: Upgrade to ver. 1.2 production release

* CVE-2017-10810
- drm/virtio: don't leak bo on drm_gem_object_init failure

* Ath10k to read different board data file if specify in SMBIOS (LP: #1666742)
- ath10k: search SMBIOS for OEM board file extension

* make snap-pkg support (LP: #1700747)
- SAUCE: make snap-pkg support

  * ISST-LTE: Briggs:Stratton:UbuntuKVM: ics_opal_set_affinity on host kernel
    log using Intel X710 (i40e driver) (LP: #1703663)
    - i40e: use valid online CPU on q_vector initialization

* Update snapcraft.yaml (LP: #1700480)
- snapcraft.yaml: various improvements

  * Xenial update to 4.4.76 stable release (LP: #1702863)
    - ipv6: release dst on error in ip6_dst_lookup_tail
    - net: don't call strlen on non-terminated string in dev_set_alias()
    - decnet: dn_rtmsg: Improve input length sanitization in
      dnrmg_receive_user_skb
    - net: Zero ifla_vf_info in rtnl_fill_vfinfo()
    - af_unix: Add sockaddr length checks before accessing sa_family in bind and
      connect handlers
    - Fix an intermittent pr_emerg warning about lo becoming free.
    - net: caif: Fix a sleep-in-atomic bug in cfpkt_create_pfx
    - igmp: acquire pmc lock for ip_mc_clear_src()
    - igmp: add a missing spin_lock_init()
    - ipv6: fix calling in6_ifa_hold incorrectly for dad work
    - net/mlx5: Wait for FW readiness before initializing command interface
    - decnet: always not take dst->__refcnt when inserting dst into hash table
    - net: 8021q: Fix one possible panic caused by BUG_ON in free_netdev
    - sfc: provide dummy definitions of vswitch functions
    - ipv6: Do not leak throw route references
    - rtnetlink: add IFLA_GROUP to ifla_policy
    - netfilter: xt_TCPMSS: add more sanity tests on tcph->doff
    - netfilter: synproxy: fix conntrackd interaction
    - NFSv4: fix a reference leak caused WARNING messages
    - drm/ast: Handle configuration without P2A bridge
    - mm, swap_cgroup: reschedule when neeed in swap_cgroup_swapoff()
    - MIPS: Avoid accidental raw backtrace
    - MIPS: pm-cps: Drop manual cache-line alignment of ready_count
    - MIPS: Fix IRQ tracing & lockdep when rescheduling
    - ALSA: hda - Fix endless loop of codec configure
    - ALSA: hda - set input_path bitmap to zero after moving it to new place
    - drm/vmwgfx: Free hash table allocated by cmdbuf managed res mgr
    - usb: gadget: f_fs: Fix possi...

This bug was fixed in the package linux - 4.4.0-89.112

---------------
linux (4.4.0-89.112) xenial; urgency=low

* CVE-2017-7533
    - dentry name snapshots

linux (4.4.0-88.111) xenial; urgency=low

* linux: 4.4.0-88.111 -proposed tracker (LP: #1705270)

* [Xenial] nvme: Quirks for PM1725 controllers (LP: #1704435)
    - nvme: Quirks for PM1725 controllers

* Upgrade Redpine WLAN/BT driver to ver. 1.2 (production release)
    (LP: #1697829)
    - SAUCE: Redpine: Upgrade to ver. 1.2 production release

* ubuntu/rsi driver has several issues as picked up by static analysis
    (LP: #1694733)
    - SAUCE: Redpine: Upgrade to ver. 1.2 production release

* Redpine vendor driver - Switching to AP mode causes kernel panic
    (LP: #1700941)
    - SAUCE: Redpine: Upgrade to ver. 1.2 production release

* CVE-2017-10810
    - drm/virtio: don't leak bo on drm_gem_object_init failure

* Ath10k to read different board data file if specify in SMBIOS (LP: #1666742)
    - ath10k: search SMBIOS for OEM board file extension

* make snap-pkg support (LP: #1700747)
    - SAUCE: make snap-pkg support

* ISST-LTE: Briggs:Stratton:UbuntuKVM:  ics_opal_set_affinity on host kernel
    log using Intel X710 (i40e driver) (LP: #1703663)
    - i40e: use valid online CPU on q_vector initialization

* Update snapcraft.yaml (LP: #1700480)
    - snapcraft.yaml: various improvements

* Xenial update to 4.4.76 stable release (LP: #1702863)
    - ipv6: release dst on error in ip6_dst_lookup_tail
    - net: don't call strlen on non-terminated string in dev_set_alias()
    - decnet: dn_rtmsg: Improve input length sanitization in
      dnrmg_receive_user_skb
    - net: Zero ifla_vf_info in rtnl_fill_vfinfo()
    - af_unix: Add sockaddr length checks before accessing sa_family in bind and
      connect handlers
    - Fix an intermittent pr_emerg warning about lo becoming free.
    - net: caif: Fix a sleep-in-atomic bug in cfpkt_create_pfx
    - igmp: acquire pmc lock for ip_mc_clear_src()
    - igmp: add a missing spin_lock_init()
    - ipv6: fix calling in6_ifa_hold incorrectly for dad work
    - net/mlx5: Wait for FW readiness before initializing command interface
    - decnet: always not take dst->__refcnt when inserting dst into hash table
    - net: 8021q: Fix one possible panic caused by BUG_ON in free_netdev
    - sfc: provide dummy definitions of vswitch functions
    - ipv6: Do not leak throw route references
    - rtnetlink: add IFLA_GROUP to ifla_policy
    - netfilter: xt_TCPMSS: add more sanity tests on tcph->doff
    - netfilter: synproxy: fix conntrackd interaction
    - NFSv4: fix a reference leak caused WARNING messages
    - drm/ast: Handle configuration without P2A bridge
    - mm, swap_cgroup: reschedule when neeed in swap_cgroup_swapoff()
    - MIPS: Avoid accidental raw backtrace
    - MIPS: pm-cps: Drop manual cache-line alignment of ready_count
    - MIPS: Fix IRQ tracing & lockdep when rescheduling
    - ALSA: hda - Fix endless loop of codec configure
    - ALSA: hda - set input_path bitmap to zero after moving it to new place
    - drm/vmwgfx: Free hash table allocated by cmdbuf managed res mgr
    - usb: gadget: f_fs: Fix possibe deadlock
    - sysctl: enable strict writes
    - mm: numa: avoid waiting on freed migrated pages
    - KVM: x86: fix fixing of hypercalls
    - scsi: sd: Fix wrong DPOFUA disable in sd_read_cache_type
    - scsi: lpfc: Set elsiocb contexts to NULL after freeing it
    - qla2xxx: Fix erroneous invalid handle message
    - ARM: dts: BCM5301X: Correct GIC_PPI interrupt flags
    - net: mvneta: Fix for_each_present_cpu usage
    - MIPS: ath79: fix regression in PCI window initialization
    - net: korina: Fix NAPI versus resources freeing
    - MIPS: ralink: MT7688 pinmux fixes
    - MIPS: ralink: fix USB frequency scaling
    - MIPS: ralink: Fix invalid assignment of SoC type
    - MIPS: ralink: fix MT7628 pinmux typos
    - MIPS: ralink: fix MT7628 wled_an pinmux gpio
    - mtd: bcm47xxpart: limit scanned flash area on BCM47XX (MIPS) only
    - bgmac: fix a missing check for build_skb
    - mtd: bcm47xxpart: don't fail because of bit-flips
    - bgmac: Fix reversed test of build_skb() return value.
    - net: bgmac: Fix SOF bit checking
    - net: bgmac: Start transmit queue in bgmac_open
    - net: bgmac: Remove superflous netif_carrier_on()
    - powerpc/eeh: Enable IO path on permanent error
    - gianfar: Do not reuse pages from emergency reserve
    - Btrfs: fix truncate down when no_holes feature is enabled
    - virtio_console: fix a crash in config_work_handler
    - swiotlb-xen: update dev_addr after swapping pages
    - xen-netfront: Fix Rx stall during network stress and OOM
    - scsi: virtio_scsi: Reject commands when virtqueue is broken
    - platform/x86: ideapad-laptop: handle ACPI event 1
    - amd-xgbe: Check xgbe_init() return code
    - net: dsa: Check return value of phy_connect_direct()
    - drm/amdgpu: check ring being ready before using
    - vfio/spapr: fail tce_iommu_attach_group() when iommu_data is null
    - virtio_net: fix PAGE_SIZE > 64k
    - vxlan: do not age static remote mac entries
    - ibmveth: Add a proper check for the availability of the checksum features
    - kernel/panic.c: add missing \n
    - HID: i2c-hid: Add sleep between POWER ON and RESET
    - scsi: lpfc: avoid double free of resource identifiers
    - spi: davinci: use dma_mapping_error()
    - mac80211: initialize SMPS field in HT capabilities
    - x86/mpx: Use compatible types in comparison to fix sparse error
    - coredump: Ensure proper size of sparse core files
    - swiotlb: ensure that page-sized mappings are page-aligned
    - s390/ctl_reg: make __ctl_load a full memory barrier
    - be2net: fix status check in be_cmd_pmac_add()
    - perf probe: Fix to show correct locations for events on modules
    - net/mlx4_core: Eliminate warning messages for SRQ_LIMIT under SRIOV
    - sctp: check af before verify address in sctp_addr_id2transport
    - ravb: Fix use-after-free on `ifconfig eth0 down`
    - jump label: fix passing kbuild_cflags when checking for asm goto support
    - xfrm: fix stack access out of bounds with CONFIG_XFRM_SUB_POLICY
    - xfrm: NULL dereference on allocation failure
    - xfrm: Oops on error in pfkey_msg2xfrm_state()
    - watchdog: bcm281xx: Fix use of uninitialized spinlock.
    - sched/loadavg: Avoid loadavg spikes caused by delayed NO_HZ accounting
    - ARM64/ACPI: Fix BAD_MADT_GICC_ENTRY() macro implementation
    - ARM: 8685/1: ensure memblock-limit is pmd-aligned
    - x86/mpx: Correctly report do_mpx_bt_fault() failures to user-space
    - x86/mm: Fix flush_tlb_page() on Xen
    - ocfs2: o2hb: revert hb threshold to keep compatible
    - iommu/vt-d: Don't over-free page table directories
    - iommu: Handle default domain attach failure
    - iommu/amd: Fix incorrect error handling in amd_iommu_bind_pasid()
    - cpufreq: s3c2416: double free on driver init error path
    - KVM: x86: fix emulation of RSM and IRET instructions
    - KVM: x86/vPMU: fix undefined shift in intel_pmu_refresh()
    - KVM: x86: zero base3 of unusable segments
    - KVM: nVMX: Fix exception injection
    - Linux 4.4.76

* Xenial update to 4.4.75 stable release (LP: #1702118)
    - fs/exec.c: account for argv/envp pointers
    - autofs: sanity check status reported with AUTOFS_DEV_IOCTL_FAIL
    - lib/cmdline.c: fix get_options() overflow while parsing ranges
    - KVM: PPC: Book3S HV: Preserve userspace HTM state properly
    - CIFS: Improve readdir verbosity
    - HID: Add quirk for Dell PIXART OEM mouse
    - signal: Only reschedule timers on signals timers have sent
    - powerpc/kprobes: Pause function_graph tracing during jprobes handling
    - Input: i8042 - add Fujitsu Lifebook AH544 to notimeout list
    - time: Fix clock->read(clock) race around clocksource changes
    - target: Fix kref->refcount underflow in transport_cmd_finish_abort
    - iscsi-target: Reject immediate data underflow larger than SCSI transfer
      length
    - drm/radeon: add a PX quirk for another K53TK variant
    - drm/radeon: add a quirk for Toshiba Satellite L20-183
    - drm/amdgpu/atom: fix ps allocation size for EnableDispPowerGating
    - drm/amdgpu: adjust default display clock
    - USB: usbip: fix nonconforming hub descriptor
    - rxrpc: Fix several cases where a padded len isn't checked in ticket decode
    - of: Add check to of_scan_flat_dt() before accessing initial_boot_params
    - mtd: spi-nor: fix spansion quad enable
    - powerpc/slb: Force a full SLB flush when we insert for a bad EA
    - usb: gadget: f_fs: avoid out of bounds access on comp_desc
    - net: phy: Initialize mdio clock at probe function
    - net: phy: fix marvell phy status reading
    - Linux 4.4.75

* Xenial update to 4.4.74 stable release (LP: #1702104)
    - configfs: Fix race between create_link and configfs_rmdir
    - can: gs_usb: fix memory leak in gs_cmd_reset()
    - cpufreq: conservative: Allow down_threshold to take values from 1 to 10
    - vb2: Fix an off by one error in 'vb2_plane_vaddr'
    - mac80211: don't look at the PM bit of BAR frames
    - mac80211/wpa: use constant time memory comparison for MACs
    - mac80211: fix CSA in IBSS mode
    - mac80211: fix IBSS presp allocation size
    - serial: efm32: Fix parity management in 'efm32_uart_console_get_options()'
    - x86/mm/32: Set the '__vmalloc_start_set' flag in initmem_init()
    - mfd: omap-usb-tll: Fix inverted bit use for USB TLL mode
    - staging: rtl8188eu: prevent an underflow in rtw_check_beacon_data()
    - iio: proximity: as3935: recalibrate RCO after resume
    - USB: hub: fix SS max number of ports
    - usb: core: fix potential memory leak in error path during hcd creation
    - pvrusb2: reduce stack usage pvr2_eeprom_analyze()
    - USB: gadget: dummy_hcd: fix hub-descriptor removable fields
    - usb: r8a66597-hcd: select a different endpoint on timeout
    - usb: r8a66597-hcd: decrease timeout
    - drivers/misc/c2port/c2port-duramar2150.c: checking for NULL instead of
      IS_ERR()
    - usb: xhci: ASMedia ASM1042A chipset need shorts TX quirk
    - USB: gadgetfs, dummy-hcd, net2280: fix locking for callbacks
    - mm/memory-failure.c: use compound_head() flags for huge pages
    - swap: cond_resched in swap_cgroup_prepare()
    - genirq: Release resources in __setup_irq() error path
    - alarmtimer: Prevent overflow of relative timers
    - usb: dwc3: exynos fix axius clock error path to do cleanup
    - MIPS: Fix bnezc/jialc return address calculation
    - alarmtimer: Rate limit periodic intervals
    - Linux 4.4.74

* Side Button (Display Toggle) fails on Dell AIO systems (LP: #1702541)
    - dell-wmi: Add a WMI event code for display on/off

* Intel i40e PF reset under load (LP: #1700834)
    - i40e/i40evf: Limit TSO to 7 descriptors for payload instead of 8 per packet

* update ENA driver to 1.2.0k from net-next (LP: #1701575)
    - net: ena: remove superfluous check in ena_remove()
    - net: ena: fix rare uncompleted admin command false alarm
    - net: ena: add missing return when ena_com_get_io_handlers() fails
    - net: ena: fix race condition between submit and completion admin command
    - net: ena: add missing unmap bars on device removal
    - net: ena: fix theoretical Rx hang on low memory systems
    - net: ena: disable admin msix while working in polling mode
    - net: ena: bug fix in lost tx packets detection mechanism
    - net: ena: update ena driver to version 1.1.7
    - net: ena: change return value for unsupported features unsupported return
      value
    - net: ena: add hardware hints capability to the driver
    - net: ena: change sizeof() argument to be the type pointer
    - net: ena: add reset reason for each device FLR
    - net: ena: add support for out of order rx buffers refill
    - net: ena: use napi_schedule_irqoff when possible
    - net: ena: separate skb allocation to dedicated function
    - net: ena: use lower_32_bits()/upper_32_bits() to split dma address
    - net: ena: update driver's rx drop statistics
    - net: ena: update ena driver to version 1.2.0

-- Thadeu Lima de Souza Cascardo <cascardo@canonical.com>  Mon, 31 Jul 2017 14:50:32 -0300

Changed in linux (Ubuntu Xenial):
status:	Fix Committed → Fix Released

Revision history for this message

Launchpad Janitor (janitor) wrote on 2017-08-10:

#6

Download full text (24.9 KiB)

This bug was fixed in the package linux - 4.11.0-13.19

---------------
linux (4.11.0-13.19) artful; urgency=low

* CVE-2017-7533
- dentry name snapshots

linux (4.11.0-12.18) artful; urgency=low

* linux: 4.11.0-12.18 -proposed tracker (LP: #1707635)
- no change rebuild to pick up the new binutils.

  * Adt tests of src:linux time out often on armhf lxc containers (LP: #1705495)
    - [Packaging] tests -- reduce rebuild test to one flavour
    - [Packaging] tests -- reduce rebuild test to one flavour -- use filter

* [ARM64] config EDAC_GHES=y depends on EDAC_MM_EDAC=y (LP: #1706141)
- [Config] set EDAC_MM_EDAC=y for ARM64

  * [Hyper-V] hv_netvsc: Exclude non-TCP port numbers from vRSS hashing
    (LP: #1690174)
    - hv_netvsc: Exclude non-TCP port numbers from vRSS hashing

* ath10k doesn't report full RSSI information (LP: #1706531)
- ath10k: add per chain RSSI reporting

* ideapad_laptop don't support v310-14isk (LP: #1705378)
- platform/x86: ideapad-laptop: Add several models to no_hw_rfkill

  * Ubuntu 16.04.3: Qemu fails on P9 (LP: #1686019)
    - KVM: PPC: Pass kvm* to kvmppc_find_table()
    - KVM: PPC: Use preregistered memory API to access TCE list
    - KVM: PPC: VFIO: Add in-kernel acceleration for VFIO
    - powerpc/powernv/iommu: Add real mode version of iommu_table_ops::exchange()
    - powerpc/iommu/vfio_spapr_tce: Cleanup iommu_table disposal
    - powerpc/vfio_spapr_tce: Add reference counting to iommu_table
    - powerpc/mmu: Add real mode support for IOMMU preregistered memory
    - KVM: PPC: Reserve KVM_CAP_SPAPR_TCE_VFIO capability number
    - KVM: PPC: Book3S HV: Add radix checks in real-mode hypercall handlers

* hns: ethtool selftest crashes system (LP: #1705712)
- net/hns:bugfix of ethtool -t phy self_test

  * ThunderX: soft lockup on 4.8+ kernels when running qemu-efi with vhost=on
    (LP: #1673564)
    - KVM: arm/arm64: vgic-v3: Use PREbits to infer the number of ICH_APxRn_EL2
      registers
    - KVM: arm/arm64: vgic-v3: Fix nr_pre_bits bitfield extraction
    - arm64: Add a facility to turn an ESR syndrome into a sysreg encoding
    - KVM: arm/arm64: vgic-v3: Add accessors for the ICH_APxRn_EL2 registers
    - KVM: arm64: Make kvm_condition_valid32() accessible from EL2
    - KVM: arm64: vgic-v3: Add hook to handle guest GICv3 sysreg accesses at EL2
    - KVM: arm64: vgic-v3: Add ICV_BPR1_EL1 handler
    - KVM: arm64: vgic-v3: Add ICV_IGRPEN1_EL1 handler
    - KVM: arm64: vgic-v3: Add ICV_IAR1_EL1 handler
    - KVM: arm64: vgic-v3: Add ICV_EOIR1_EL1 handler
    - KVM: arm64: vgic-v3: Add ICV_AP1Rn_EL1 handler
    - KVM: arm64: vgic-v3: Add ICV_HPPIR1_EL1 handler
    - KVM: arm64: vgic-v3: Enable trapping of Group-1 system registers
    - KVM: arm64: Enable GICv3 Group-1 sysreg trapping via command-line
    - KVM: arm64: vgic-v3: Add ICV_BPR0_EL1 handler
    - KVM: arm64: vgic-v3: Add ICV_IGNREN0_EL1 handler
    - KVM: arm64: vgic-v3: Add misc Group-0 handlers
    - KVM: arm64: vgic-v3: Enable trapping of Group-0 system registers
    - KVM: arm64: Enable GICv3 Group-0 sysreg trapping via command-line
    - arm64: Add MIDR values for Cavium cn83XX SoCs
    - arm64: Add wor...

This bug was fixed in the package linux - 4.11.0-13.19

---------------
linux (4.11.0-13.19) artful; urgency=low

* CVE-2017-7533
    - dentry name snapshots

linux (4.11.0-12.18) artful; urgency=low

* linux: 4.11.0-12.18 -proposed tracker (LP: #1707635)
    - no change rebuild to pick up the new binutils.

* Adt tests of src:linux time out often on armhf lxc containers (LP: #1705495)
    - [Packaging] tests -- reduce rebuild test to one flavour
    - [Packaging] tests -- reduce rebuild test to one flavour -- use filter

* [ARM64] config EDAC_GHES=y depends on EDAC_MM_EDAC=y (LP: #1706141)
    - [Config] set EDAC_MM_EDAC=y for ARM64

* [Hyper-V] hv_netvsc: Exclude non-TCP port numbers from vRSS hashing
    (LP: #1690174)
    - hv_netvsc: Exclude non-TCP port numbers from vRSS hashing

* ath10k doesn't report full RSSI information (LP: #1706531)
    - ath10k: add per chain RSSI reporting

* ideapad_laptop don't support v310-14isk (LP: #1705378)
    - platform/x86: ideapad-laptop: Add several models to no_hw_rfkill

* Ubuntu 16.04.3: Qemu fails on P9 (LP: #1686019)
    - KVM: PPC: Pass kvm* to kvmppc_find_table()
    - KVM: PPC: Use preregistered memory API to access TCE list
    - KVM: PPC: VFIO: Add in-kernel acceleration for VFIO
    - powerpc/powernv/iommu: Add real mode version of iommu_table_ops::exchange()
    - powerpc/iommu/vfio_spapr_tce: Cleanup iommu_table disposal
    - powerpc/vfio_spapr_tce: Add reference counting to iommu_table
    - powerpc/mmu: Add real mode support for IOMMU preregistered memory
    - KVM: PPC: Reserve KVM_CAP_SPAPR_TCE_VFIO capability number
    - KVM: PPC: Book3S HV: Add radix checks in real-mode hypercall handlers

* hns: ethtool selftest crashes system (LP: #1705712)
    - net/hns:bugfix of ethtool -t phy self_test

* ThunderX: soft lockup on 4.8+ kernels when running qemu-efi with vhost=on
    (LP: #1673564)
    - KVM: arm/arm64: vgic-v3: Use PREbits to infer the number of ICH_APxRn_EL2
      registers
    - KVM: arm/arm64: vgic-v3: Fix nr_pre_bits bitfield extraction
    - arm64: Add a facility to turn an ESR syndrome into a sysreg encoding
    - KVM: arm/arm64: vgic-v3: Add accessors for the ICH_APxRn_EL2 registers
    - KVM: arm64: Make kvm_condition_valid32() accessible from EL2
    - KVM: arm64: vgic-v3: Add hook to handle guest GICv3 sysreg accesses at EL2
    - KVM: arm64: vgic-v3: Add ICV_BPR1_EL1 handler
    - KVM: arm64: vgic-v3: Add ICV_IGRPEN1_EL1 handler
    - KVM: arm64: vgic-v3: Add ICV_IAR1_EL1 handler
    - KVM: arm64: vgic-v3: Add ICV_EOIR1_EL1 handler
    - KVM: arm64: vgic-v3: Add ICV_AP1Rn_EL1 handler
    - KVM: arm64: vgic-v3: Add ICV_HPPIR1_EL1 handler
    - KVM: arm64: vgic-v3: Enable trapping of Group-1 system registers
    - KVM: arm64: Enable GICv3 Group-1 sysreg trapping via command-line
    - KVM: arm64: vgic-v3: Add ICV_BPR0_EL1 handler
    - KVM: arm64: vgic-v3: Add ICV_IGNREN0_EL1 handler
    - KVM: arm64: vgic-v3: Add misc Group-0 handlers
    - KVM: arm64: vgic-v3: Enable trapping of Group-0 system registers
    - KVM: arm64: Enable GICv3 Group-0 sysreg trapping via command-line
    - arm64: Add MIDR values for Cavium cn83XX SoCs
    - arm64: Add workaround for Cavium Thunder erratum 30115
    - KVM: arm64: vgic-v3: Add ICV_DIR_EL1 handler
    - KVM: arm64: vgic-v3: Add ICV_RPR_EL1 handler
    - KVM: arm64: vgic-v3: Add ICV_CTLR_EL1 handler
    - KVM: arm64: vgic-v3: Add ICV_PMR_EL1 handler
    - KVM: arm64: Enable GICv3 common sysreg trapping via command-line
    - KVM: arm64: vgic-v3: Log which GICv3 system registers are trapped
    - arm64: KVM: Make unexpected reads from WO registers inject an undef
    - KVM: arm64: Log an error if trapping a read-from-write-only GICv3 access
    - KVM: arm64: Log an error if trapping a write-to-read-only GICv3 access

* ath9k freezes suspend resume Ubuntu 17.04 (LP: #1697027)
    - ath9k: fix an invalid pointer dereference in ath9k_rng_stop()

* xhci_hcd: ERROR Transfer event TRB DMA ptr not part of current TD ep_index 2
    comp_code 13 (LP: #1667750)
    - xhci: Bad Ethernet performance plugged in ASM1042A host

* Migrating KSM page causes the VM lock up as the KSM page merging list is too
    large (LP: #1680513)
    - ksm: introduce ksm_max_page_sharing per page deduplication limit
    - ksm: fix use after free with merge_across_nodes = 0
    - ksm: cleanup stable_node chain collapse case
    - ksm: swap the two output parameters of chain/chain_prune
    - ksm: optimize refile of stable_node_dup at the head of the chain

* Artful update to v4.11.12 stable release (LP: #1706067)
    - net/phy: micrel: configure intterupts after autoneg workaround
    - ipv6: avoid unregistering inet6_dev for loopback
    - netvsc: don't access netdev->num_rx_queues directly
    - sfc: Fix MCDI command size for filter operations
    - net: account for current skb length when deciding about UFO
    - net: dp83640: Avoid NULL pointer dereference.
    - tcp: reset sk_rx_dst in tcp_disconnect()
    - net: prevent sign extension in dev_get_stats()
    - virtio-net: serialize tx routine during reset
    - net: sched: Fix one possible panic when no destroy callback
    - mlxsw: spectrum_router: Fix NULL pointer dereference
    - rocker: move dereference before free
    - bpf: prevent leaking pointer via xadd on unpriviledged
    - net: handle NAPI_GRO_FREE_STOLEN_HEAD case also in napi_frags_finish()
    - net/mlx5: Cancel delayed recovery work when unloading the driver
    - net/mlx5e: Fix TX carrier errors report in get stats ndo
    - ipv6: dad: don't remove dynamic addresses if link is down
    - vxlan: fix hlist corruption
    - geneve: fix hlist corruption
    - net: core: Fix slab-out-of-bounds in netdev_stats_to_stats64
    - liquidio: fix bug in soft reset failure detection
    - net: ipv6: Compare lwstate in detecting duplicate nexthops
    - vrf: fix bug_on triggered by rx when destroying a vrf
    - rds: tcp: use sock_create_lite() to create the accept socket
    - net/mlx5e: Initialize CEE's getpermhwaddr address buffer to 0xff
    - cxgb4: fix BUG() on interrupt deallocating path of ULD
    - tap: convert a mutex to a spinlock
    - bridge: mdb: fix leak on complete_info ptr on fail path
    - brcmfmac: fix possible buffer overflow in brcmf_cfg80211_mgmt_tx()
    - sfc: don't read beyond unicast address list
    - Adding asm-prototypes.h for genksyms to generate crc
    - sed regex in Makefile.build requires line break between exported symbols
    - Adding the type of exported symbols
    - sparc64: Fix gup_huge_pmd
    - block: Fix a blk_exit_rl() regression
    - brcmfmac: Fix a memory leak in error handling path in
      'brcmf_cfg80211_attach'
    - brcmfmac: Fix glom_skb leak in brcmf_sdiod_recv_chain
    - efi: Process the MEMATTR table only if EFI_MEMMAP is enabled
    - cfg80211: Define nla_policy for NL80211_ATTR_LOCAL_MESH_POWER_MODE
    - cfg80211: Validate frequencies nested in NL80211_ATTR_SCAN_FREQUENCIES
    - cfg80211: Check if PMKID attribute is of expected size
    - cfg80211: Check if NAN service ID is of expected size
    - drm/amdgpu/gfx6: properly cache mc_arb_ramcfg
    - irqchip/gic-v3: Fix out-of-bound access in gic_set_affinity
    - parisc: Report SIGSEGV instead of SIGBUS when running out of stack
    - parisc: use compat_sys_keyctl()
    - parisc: DMA API: return error instead of BUG_ON for dma ops on non dma devs
    - parisc/mm: Ensure IRQs are off in switch_mm()
    - tools/lib/lockdep: Reduce MAX_LOCK_DEPTH to avoid overflowing lock_chain/:
      Depth
    - thp, mm: fix crash due race in MADV_FREE handling
    - kernel/extable.c: mark core_kernel_text notrace
    - mm/list_lru.c: fix list_lru_count_node() to be race free
    - fs/dcache.c: fix spin lockup issue on nlru->lock
    - checkpatch: silence perl 5.26.0 unescaped left brace warnings
    - binfmt_elf: use ELF_ET_DYN_BASE only for PIE
    - arm: move ELF_ET_DYN_BASE to 4MB
    - arm64: move ELF_ET_DYN_BASE to 4GB / 4MB
    - powerpc: move ELF_ET_DYN_BASE to 4GB / 4MB
    - s390: reduce ELF_ET_DYN_BASE
    - exec: Limit arg stack to at most 75% of _STK_LIM
    - powerpc/kexec: Fix radix to hash kexec due to IAMR/AMOR
    - ARM64: dts: marvell: armada37xx: Fix timer interrupt specifiers
    - arm64: Preventing READ_IMPLIES_EXEC propagation
    - vt: fix unchecked __put_user() in tioclinux ioctls
    - rcu: Add memory barriers for NOCB leader wakeup
    - nvmem: core: fix leaks on registration errors
    - Drivers: hv: vmbus: Close timing hole that can corrupt per-cpu page
    - mnt: In umount propagation reparent in a separate pass
    - mnt: In propgate_umount handle visiting mounts in any order
    - mnt: Make propagate_umount less slow for overlapping mount propagation trees
    - selftests/capabilities: Fix the test_execve test
    - mm: fix overflow check in expand_upwards()
    - crypto: talitos - Extend max key length for SHA384/512-HMAC and AEAD
    - crypto: atmel - only treat EBUSY as transient if backlog
    - crypto: sha1-ssse3 - Disable avx2
    - crypto: caam - properly set IV after {en,de}crypt
    - crypto: caam - fix signals handling
    - sched/fair, cpumask: Export for_each_cpu_wrap()
    - sched/topology: Fix building of overlapping sched-groups
    - sched/topology: Optimize build_group_mask()
    - sched/topology: Fix overlapping sched_group_mask
    - PM / wakeirq: Convert to SRCU
    - ALSA: x86: Clear the pdata.notify_lpe_audio pointer before teardown
    - PM / QoS: return -EINVAL for bogus strings
    - kvm: vmx: Do not disable intercepts for BNDCFGS
    - kvm: x86: Guest BNDCFGS requires guest MPX support
    - kvm: vmx: Check value written to IA32_BNDCFGS
    - kvm: vmx: allow host to access guest MSR_IA32_BNDCFGS
    - Linux 4.11.12

* Artful update to v4.11.11 stable release (LP: #1706066)
    - mqueue: fix a use-after-free in sys_mq_notify()
    - proc: Fix proc_sys_prune_dcache to hold a sb reference
    - locking/rwsem-spinlock: Fix EINTR branch in __down_write_common()
    - staging: vt6556: vnt_start Fix missing call to vnt_key_init_table.
    - staging: comedi: fix clean-up of comedi_class in comedi_init()
    - crypto: caam - fix gfp allocation flags (part I)
    - crypto: rsa-pkcs1pad - use constant time memory comparison for MACs
    - ext4: check return value of kstrtoull correctly in reserved_clusters_store
    - x86/mm/pat: Don't report PAT on CPUs that don't support it
    - Linux 4.11.11

* Change CONFIG_IBMVETH to module (LP: #1704479)
    - [Config] CONFIG_IBMVETH=m

* hns: use after free in hns_nic_net_xmit_hw (LP: #1704885)
    - net: hns: Fix a skb used after free bug

* Opal and POWER9 DD2 (LP: #1702159)
    - powerpc/powernv: Fix boot on Power8 bare metal due to opal_configure_cores()

* CVE-2017-1000364
    - mm/mmap.c: do not blow on PROT_NONE MAP_FIXED holes in the stack
    - mm/mmap.c: expand_downwards: don't require the gap if !vm_prev

* [Xenial] nvme: Quirks for PM1725 controllers (LP: #1704435)
    - nvme: Quirks for PM1725 controllers

* bonding: stack dump when unregistering a netdev (LP: #1704102)
    - bonding: avoid NETDEV_CHANGEMTU event when unregistering slave

* Ubuntu 16.04 IOB Error when the Mustang board rebooted (LP: #1693673)
    - drivers: net: xgene: Fix redundant prefetch buffer cleanup

* Ubuntu16.04: NVMe 4K+T10 DIF/DIX format returns I/O error on dd with split
    op (LP: #1689946)
    - blk-mq: NVMe 512B/4K+T10 DIF/DIX format returns I/O error on dd with split
      op

* linux >= 4.2: bonding 802.3ad does not work with 5G, 25G and 50G link speeds
    (LP: #1697892)
    - bonding: add 802.3ad support for 25G speeds
    - bonding: fix 802.3ad support for 5G and 50G speeds

* hns: under heavy load, NIC may fail and require reboot (LP: #1704146)
    - net: hns: Bugfix for Tx timeout handling in hns driver

* New ACPI identifiers for ThunderX SMMU (LP: #1703437)
    - iommu/arm-smmu: Plumb in new ACPI identifiers

* Transparent hugepages should default to enabled=madvise (LP: #1703742)
    - [Config] use CONFIG_TRANSPARENT_HUGEPAGE_MADVISE=y as default

* Miscellaneous Ubuntu changes
    - [Config] CONFIG_CAVIUM_ERRATUM_30115=y

* Miscellaneous upstream changes
    - platform/x86: thinkpad_acpi: guard generic hotkey case
    - platform/x86: thinkpad_acpi: add mapping for new hotkeys
    - selftest/memfd/Makefile: Fix build error

linux (4.11.0-11.16) artful; urgency=low

* linux: 4.11.0-11.16 -proposed tracker (LP: #1703901)

* Artful update to v4.11.10 stable release (LP: #1703854)
    - fs: add a VALID_OPEN_FLAGS
    - fs: completely ignore unknown open flags
    - driver core: platform: fix race condition with driver_override
    - RDMA/uverbs: Check port number supplied by user verbs cmds
    - ceph: choose readdir frag based on previous readdir reply
    - tracing/kprobes: Allow to create probe with a module name starting with a
      digit
    - usb: dwc3: replace %p with %pK
    - USB: serial: cp210x: add ID for CEL EM3588 USB ZigBee stick
    - Add USB quirk for HVR-950q to avoid intermittent device resets
    - usb: usbip: set buffer pointers to NULL after free
    - usb: Fix typo in the definition of Endpoint[out]Request
    - USB: core: fix device node leak
    - arm: remove wrong CONFIG_PROC_SYSCTL ifdef
    - pinctrl: sh-pfc: r8a7794: Swap ATA signals
    - pinctrl: sh-pfc: r8a7791: Fix SCIF2 pinmux data
    - pinctrl: sh-pfc: r8a7791: Add missing DVC_MUTE signal
    - pinctrl: sh-pfc: r8a7795: Fix hscif2_clk_b and hscif4_ctrl
    - pinctrl: meson: meson8b: fix the NAND DQS pins
    - pinctrl: stm32: Fix bad function call
    - pinctrl: sunxi: Fix SPDIF function name for A83T
    - pinctrl: core: Fix warning by removing bogus code
    - pinctrl: mxs: atomically switch mux and drive strength config
    - pinctrl: sh-pfc: r8a7791: Add missing HSCIF1 pinmux data
    - pinctrl: sh-pfc: Update info pointer after SoC-specific init
    - USB: serial: option: add two Longcheer device ids
    - USB: serial: qcserial: new Sierra Wireless EM7305 device ID
    - xhci: Limit USB2 port wake support for AMD Promontory hosts
    - gfs2: Fix glock rhashtable rcu bug
    - Add "shutdown" to "struct class".
    - tpm: Issue a TPM2_Shutdown for TPM2 devices.
    - tpm: fix a kernel memory leak in tpm-sysfs.c
    - x86/uaccess: Optimize copy_user_enhanced_fast_string() for short strings
    - xen: avoid deadlock in xenbus driver
    - crypto: drbg - Fixes panic in wait_for_completion call
    - rt286: add Thinkpad Helix 2 to force_combo_jack_table
    - Linux 4.11.10

* CVE-2017-10810
    - drm/virtio: don't leak bo on drm_gem_object_init failure

* cxlflash update request in the Xenial SRU stream (LP: #1702521)
    - scsi: cxlflash: Separate RRQ processing from the RRQ interrupt handler
    - scsi: cxlflash: Serialize RRQ access and support offlevel processing
    - scsi: cxlflash: Implement IRQ polling for RRQ processing
    - scsi: cxlflash: Update sysfs helper routines to pass config structure
    - scsi: cxlflash: Support dynamic number of FC ports
    - scsi: cxlflash: Remove port configuration assumptions
    - scsi: cxlflash: Hide FC internals behind common access routine
    - scsi: cxlflash: SISlite updates to support 4 ports
    - scsi: cxlflash: Support up to 4 ports
    - scsi: cxlflash: Fence EEH during probe
    - scsi: cxlflash: Remove unnecessary DMA mapping
    - scsi: cxlflash: Fix power-of-two validations
    - scsi: cxlflash: Fix warnings/errors
    - scsi: cxlflash: Improve asynchronous interrupt processing
    - scsi: cxlflash: Support multiple hardware queues
    - scsi: cxlflash: Add hardware queues attribute
    - scsi: cxlflash: Introduce hardware queue steering
    - cxl: Enable PCI device IDs for future IBM CXL adapters
    - scsi: cxlflash: Select IRQ_POLL
    - scsi: cxlflash: Combine the send queue locks
    - scsi: cxlflash: Update cxlflash_afu_sync() to return errno
    - scsi: cxlflash: Reset hardware queue context via specified register
    - scsi: cxlflash: Schedule asynchronous reset of the host
    - scsi: cxlflash: Handle AFU sync failures
    - scsi: cxlflash: Track pending scsi commands in each hardware queue
    - scsi: cxlflash: Flush pending commands in cleanup path
    - scsi: cxlflash: Add scsi command abort handler
    - scsi: cxlflash: Create character device to provide host management interface
    - scsi: cxlflash: Separate AFU internal command handling from AFU sync
      specifics
    - scsi: cxlflash: Introduce host ioctl support
    - scsi: cxlflash: Refactor AFU capability checking
    - scsi: cxlflash: Support LUN provisioning
    - scsi: cxlflash: Support AFU debug
    - scsi: cxlflash: Support WS16 unmap
    - scsi: cxlflash: Remove zeroing of private command data
    - scsi: cxlflash: Update TMF command processing
    - scsi: cxlflash: Avoid double free of character device
    - scsi: cxlflash: Update send_tmf() parameters
    - scsi: cxlflash: Update debug prints in reset handlers

* make snap-pkg support (LP: #1700747)
    - make snap-pkg support

* Quirk for non-compliant PCI bridge on HiSilicon D05 board (LP: #1698706)
    - SAUCE: PCI: Support hibmc VGA cards behind a misbehaving HiSilicon bridge

* arm64: fix crash reading /proc/kcore (LP: #1702749)
    - fs/proc: kcore: use kcore_list type to check for vmalloc/module address
    - arm64: mm: select CONFIG_ARCH_PROC_KCORE_TEXT

* Opal and POWER9 DD2 (LP: #1702159)
    - SAUCE: powerpc/powernv: Tell OPAL about our MMU mode on POWER9

* Data corruption with hio driver  (LP: #1701316)
    - SAUCE: hio: Fix incorrect use of enum req_opf values

* Artful update to v4.11.9 stable release (LP: #1702515)
    - net: don't call strlen on non-terminated string in dev_set_alias()
    - net: Fix inconsistent teardown and release of private netdev state.
    - net: s390: fix up for "Fix inconsistent teardown and release of private
      netdev state"
    - mac80211: free netdev on dev_alloc_name() error
    - decnet: dn_rtmsg: Improve input length sanitization in
      dnrmg_receive_user_skb
    - net: Zero ifla_vf_info in rtnl_fill_vfinfo()
    - net: ipv6: Release route when device is unregistering
    - net: vrf: Make add_fib_rules per network namespace flag
    - af_unix: Add sockaddr length checks before accessing sa_family in bind and
      connect handlers
    - Fix an intermittent pr_emerg warning about lo becoming free.
    - sctp: disable BH in sctp_for_each_endpoint
    - net: caif: Fix a sleep-in-atomic bug in cfpkt_create_pfx
    - net: tipc: Fix a sleep-in-atomic bug in tipc_msg_reverse
    - net/mlx5: Remove several module events out of ethtool stats
    - net/mlx5e: Added BW check for DIM decision mechanism
    - net/mlx5e: Fix wrong indications in DIM due to counter wraparound
    - net/mlx5: Enable 4K UAR only when page size is bigger than 4K
    - proc: snmp6: Use correct type in memset
    - igmp: acquire pmc lock for ip_mc_clear_src()
    - igmp: add a missing spin_lock_init()
    - qmi_wwan: new Telewell and Sierra device IDs
    - net: don't global ICMP rate limit packets originating from loopback
    - ipv6: fix calling in6_ifa_hold incorrectly for dad work
    - sctp: return next obj by passing pos + 1 into sctp_transport_get_idx
    - net/mlx5e: Fix min inline value for VF rep SQs
    - net/mlx5e: Avoid doing a cleanup call if the profile doesn't have it
    - net/mlx5: Wait for FW readiness before initializing command interface
    - net/mlx5e: Fix timestamping capabilities reporting
    - decnet: always not take dst->__refcnt when inserting dst into hash table
    - net: 8021q: Fix one possible panic caused by BUG_ON in free_netdev
    - ipv6: Do not leak throw route references
    - rtnetlink: add IFLA_GROUP to ifla_policy
    - netfilter: synproxy: fix conntrackd interaction
    - NFSv4.x/callback: Create the callback service through svc_create_pooled
    - xen/blkback: don't use xen_blkif_get() in xen-blkback kthread
    - MIPS: head: Reorder instructions missing a delay slot
    - MIPS: Avoid accidental raw backtrace
    - MIPS: pm-cps: Drop manual cache-line alignment of ready_count
    - MIPS: Fix IRQ tracing & lockdep when rescheduling
    - ALSA: hda - Fix endless loop of codec configure
    - ALSA: hda - set input_path bitmap to zero after moving it to new place
    - NFSv4.2: Don't send mode again in post-EXCLUSIVE4_1 SETATTR with umask
    - NFSv4.1: Fix a race in nfs4_proc_layoutget
    - Revert "NFS: nfs_rename() handle -ERESTARTSYS dentry left behind"
    - ovl: copy-up: don't unlock between lookup and link
    - gpiolib: fix filtering out unwanted events
    - x86/intel_rdt: Fix memory leak on mount failure
    - perf/x86/intel/uncore: Fix wrong box pointer check
    - drm/vmwgfx: Free hash table allocated by cmdbuf managed res mgr
    - dm thin: do not queue freed thin mapping for next stage processing
    - x86/mm: Fix boot crash caused by incorrect loop count calculation in
      sync_global_pgds()
    - mm/vmalloc.c: huge-vmap: fail gracefully on unexpected huge vmap mappings
    - xen/blkback: don't free be structure too early
    - xfrm6: Fix IPv6 payload_len in xfrm6_transport_finish
    - xfrm: move xfrm_garbage_collect out of xfrm_policy_flush
    - xfrm: fix stack access out of bounds with CONFIG_XFRM_SUB_POLICY
    - xfrm: NULL dereference on allocation failure
    - xfrm: Oops on error in pfkey_msg2xfrm_state()
    - watchdog: bcm281xx: Fix use of uninitialized spinlock.
    - ARM64: PCI: Fix struct acpi_pci_root_ops allocation failure path
    - ARM64/ACPI: Fix BAD_MADT_GICC_ENTRY() macro implementation
    - ARM: 8685/1: ensure memblock-limit is pmd-aligned
    - ARM: davinci: PM: Free resources in error handling path in 'davinci_pm_init'
    - ARM: davinci: PM: Do not free useful resources in normal path in
      'davinci_pm_init'
    - tools arch: Sync arch/x86/lib/memcpy_64.S with the kernel
    - Revert "x86/entry: Fix the end of the stack for newly forked tasks"
    - x86/mshyperv: Remove excess #includes from mshyperv.h
    - x86/boot/KASLR: Fix kexec crash due to 'virt_addr' calculation bug
    - perf/x86: Fix spurious NMI with PEBS Load Latency event
    - x86/mpx: Correctly report do_mpx_bt_fault() failures to user-space
    - x86/mm: Fix flush_tlb_page() on Xen
    - ocfs2: o2hb: revert hb threshold to keep compatible
    - ocfs2: fix deadlock caused by recursive locking in xattr
    - iommu/dma: Don't reserve PCI I/O windows
    - iommu/amd: Fix incorrect error handling in amd_iommu_bind_pasid()
    - iommu/amd: Fix interrupt remapping when disable guest_mode
    - infiniband: hns: avoid gcc-7.0.1 warning for uninitialized data
    - mtd: nand: brcmnand: Check flash #WP pin status before nand erase/program
    - mtd: nand: fsmc: fix NAND width handling
    - KVM: x86: fix emulation of RSM and IRET instructions
    - KVM: x86/vPMU: fix undefined shift in intel_pmu_refresh()
    - KVM: x86: zero base3 of unusable segments
    - KVM: nVMX: Fix exception injection
    - esp4: Fix udpencap for local TCP packets.
    - hsi: Fix build regression due to netdev destructor fix.
    - Linux 4.11.9

* update ENA driver to 1.2.0k from net-next (LP: #1701575)
    - net/ena: switch to pci_alloc_irq_vectors
    - net: ena: fix rare uncompleted admin command false alarm
    - net: ena: fix bug that might cause hang after consecutive open/close
      interface.
    - net: ena: add missing return when ena_com_get_io_handlers() fails
    - net: ena: fix race condition between submit and completion admin command
    - net: ena: add missing unmap bars on device removal
    - net: ena: fix theoretical Rx hang on low memory systems
    - net: ena: disable admin msix while working in polling mode
    - net: ena: bug fix in lost tx packets detection mechanism
    - net: ena: update ena driver to version 1.1.7
    - net: ena: change return value for unsupported features unsupported return
      value
    - net: ena: add hardware hints capability to the driver
    - net: ena: change sizeof() argument to be the type pointer
    - net: ena: add reset reason for each device FLR
    - net: ena: add support for out of order rx buffers refill
    - net: ena: allow the driver to work with small number of msix vectors
    - net: ena: use napi_schedule_irqoff when possible
    - net: ena: separate skb allocation to dedicated function
    - net: ena: use lower_32_bits()/upper_32_bits() to split dma address
    - net: ena: update driver's rx drop statistics
    - net: ena: update ena driver to version 1.2.0

* APST gets enabled against explicit kernel option (LP: #1699004)
    - nvme: Display raw APST configuration via DYNAMIC_DEBUG
    - nvme: Add nvme_core.force_apst to ignore the NO_APST quirk
    - nvme: explicitly disable APST on quirked devices

* New NVLINK2 patches (LP: #1701272)
    - powerpc/powernv/npu-dma: Add explicit flush when sending an ATSD
    - powerpc/npu-dma: Remove spurious WARN_ON when a PCI device has no of_node

* ERAT invalidate on context switch removal (LP: #1700819)
    - powerpc: Only do ERAT invalidate on radix context switch on P9 DD1

* Miscellaneous Ubuntu changes
    - SAUCE: (noup) Update spl to 0.6.5.10-1, zfs to 0.6.5.10-1ubuntu2
    - snapcraft.yaml: Sync with xenial

* Miscellaneous upstream changes
    - Revert "UBUNTU: SAUCE: (efi-lockdown) efi: Add sysctls for secureboot and
      MokSBState"

-- Thadeu Lima de Souza Cascardo <cascardo@canonical.com>  Tue, 01 Aug 2017 19:35:17 -0300

Changed in linux (Ubuntu Artful):
status:	Fix Committed → Fix Released

Ubuntu
linux package

[Xenial] nvme: Quirks for PM1725 controllers

Bug Description

CVE References

Other bug subscribers

Remote bug watches

	Status	Importance	Assigned to
linux (Ubuntu)	Fix Released	Critical	Canonical Kernel Team
Xenial	Fix Released	Critical	Canonical Kernel Team
Yakkety	Won't Fix	Critical	Canonical Kernel Team
Zesty	Fix Released	Critical	Canonical Kernel Team
Artful	Fix Released	Critical	Canonical Kernel Team

Ubuntulinux package

[Xenial] nvme: Quirks for PM1725 controllers

Bug Description

CVE References

Other bug subscribers

Remote bug watches

Ubuntu
linux package