Changelog
linux (3.16.7-ckt20-1) jessie; urgency=medium
* New upstream stable update:
http://kernel.ubuntu.com/stable/ChangeLog-3.16.7-ckt18
- mac80211: enable assoc check for mesh interfaces
- PCI: Add VPD function 0 quirk for Intel Ethernet devices
- staging: comedi: usbduxsigma: don't clobber ai_timer in command test
- staging: comedi: usbduxsigma: don't clobber ao_timer in command test
- [armhf] usb: dwc3: ep0: Fix mem corruption on OUT transfers of more than
512 bytes
- [x86] KVM: MMU: fix validation of mmio page fault (regression in 3.11)
- iio: industrialio-buffer: Fix iio_buffer_poll return value
(regression in 3.13)
- iio: event: Remove negative error code from iio_event_poll
(regression in 3.13)
- NFSv4: don't set SETATTR for O_RDONLY|O_EXCL
- fs: Set the size of empty dirs to 0. (regression in 3.16.7-ckt15)
- [x86] staging: comedi: adl_pci7x3x: fix digital output on PCI-7230
- blk-mq: fix buffer overflow when reading sysfs file of 'pending'
- NFS: nfs_set_pgio_error sometimes misses errors
- NFS: Fix a NULL pointer dereference of migration recovery ops for v4.2
client
- usb: host: ehci-sys: delete useless bus_to_hcd conversion
- USB: symbolserial: Use usb_get_serial_port_data (regression in 3.10)
- igb: Fix oops caused by missing queue pairing (regression in 3.14)
- eCryptfs: Invalidate dcache entries when lower i_nlink is zero
- libxfs: readahead of dir3 data blocks should use the read verifier
- xfs: Fix xfs_attr_leafblock definition
- [arm64] kconfig: Move LIST_POISON to a safe value
- Btrfs: check if previous transaction aborted to avoid fs corruption
- xfs: Fix file type directory corruption for btree directories
- [arm64] flush FP/SIMD state correctly after execve()
- xfs: return errors from partial I/O failures to files
- drm/radeon/atom: Send out the full AUX address
- [x86] drm/i915: Always mark the object as dirty when used by the GPU
- IB/uverbs: reject invalid or unknown opcodes
- [x86] crypto: ghash-clmulni: specify context size for ghash async
algorithm
- fs: create and use seq_show_option for escaping
- scsi: fix scsi_error_handler vs. scsi_host_dev_release race
- [x86] drm/i915: Limit the number of loops for reading a split 64bit
register (regression in 3.16.7-ckt16)
- hfs,hfsplus: cache pages correctly between bnode_create and bnode_free
- hfs: fix B-tree corruption after insertion at position 0
- [armel/versatile,armhf] Input: ambakmi - fix system PM by converting to
modern callbacks (regression in 3.14)
- svcrdma: Fix send_reply() scatter/gather set-up
- [x86] mm: Initialize pmd_idx in page_table_range_init_count()
- batman-adv: fix multicast counter when purging originators
- batman-adv: fix counter for multicast supporting nodes
- batman-adv: Fix potential synchronization issues in mcast tvlv handler
- batman-adv: Fix potentially broken skb network header access
- [powerpc/powerpc64] mm: Fix pte_pagesize_index() crash on 4K w/64K hash
- ath10k: fix dma_mapping_error() handling
- mmc: sdhci: also get preset value and driver type for MMC_DDR52
(regression in 3.16)
- IB/mlx4: Fix potential deadlock when sending mad to wire
- IB/mlx4: Forbid using sysfs to change RoCE pkeys
- IB/uverbs: Fix race between ib_uverbs_open and remove_one
- mmc: core: fix race condition in mmc_wait_data_done
- task_work: remove fifo ordering guarantee
- netlink, mmap: fix edge-case leakages in nf queue zero-copy
- md: flush ->event_work before stopping array.
- md/raid10: always set reshape_safe when initializing reshape_position.
- ext4: fix loss of delalloc extent info in ext4_zero_range()
- [powerpc,ppc64el] MSI: Fix race condition in tearing down MSI interrupts
- UBI: block: Add missing cache flushes
- net/ipv6: Correct PIM6 mrt_lock handling
- netlink, mmap: transform mmap skb into full skb on taps
- openvswitch: Zero flows on allocation.
- fib_rules: fix fib rule dumps across multiple skbs
http://kernel.ubuntu.com/stable/ChangeLog-3.16.7-ckt19
- CIFS: fix type confusion in copy offload ioctl
- [x86] apic: Serialize LVTT and TSC_DEADLINE writes
- [arm64] head.S: initialise mdcr_el2 in el2_setup
- kvm: don't try to register to KVM_FAST_MMIO_BUS for non mmio eventfd
- kvm: fix double free for fast mmio eventfd
- [powerpc*] mm: Recompute hash value after a failed update
(regression in 3.11)
- [i386] platform: Fix Geode LX timekeeping in the generic x86 build
- [arm64,armhf] KVM: Disable virtual timer even if the guest is not
using it
- [x86] hp-wmi: limit hotkey enable
- zram: fix possible use after free in zcomp_create() (regression in 3.15)
- [x86] drm/vmwgfx: Fix up user_dmabuf refcounting
- [armhf] dts: omap3-beagle: make i2c3, ddc and tfp410 gpio work again
(regression in 3.15)
- Btrfs: fix read corruption of compressed and shared extents
- btrfs: skip waiting on ordered range for special files
- [armhf] usb: chipidea: udc: using the correct stall implementation
- [armhf] net: mvneta: fix DMA buffer unmapping in mvneta_rx()
(regression in 3.16.7-ckt16)
- iser-target: remove command with state ISTATE_REMOVE
- [x86] KVM: trap AMD MSRs for the TSeg base and mask
- usb: Use the USB_SS_MULT() macro to get the burst multiplier.
- xhci: give command abortion one more chance before killing xhci
- usb: xhci: Clear XHCI_STATE_DYING on start
- xhci: change xhci 1.0 only restrictions to support xhci 1.1
- xhci: init command timeout timer earlier to avoid deleting it
uninitialized
- cifs: use server timestamp for ntlmv2 authentication
- [x86] paravirt: Replace the paravirt nop with a bona fide empty function
- [amd64] nmi: Fix a paravirt stack-clobbering bug in the NMI code
(regression in 3.16.7-ckt16)
- ocfs2/dlm: fix deadlock when dispatch assert master
- [x86] drm/i915/bios: handle MIPI Sequence Block v3+ gracefully
- drm/qxl: only report first monitor as connected if we have no state
- PCI: Fix devfn for VPD access through function 0
(regression in 3.16.7-ckt18)
- PCI: Use function 0 VPD for identical functions, regular VPD for others
- netfilter: nft_compat: skip family comparison in case of NFPROTO_UNSPEC
- vxlan: set needed headroom correctly
- jbd2: avoid infinite loop when destroying aborted journal
- asix: Don't reset PHY on if_up for ASIX 88772
- asix: Do full reset during ax88772_bind
- fib_rules: Fix dump_rules() not to exit early
- net/xen-netfront: only napi_synchronize() if running
- [x86] intel_pstate: Fix overflow in busy_scaled due to long delay
- UBI: Validate data_size
- UBI: return ENOSPC if no enough space available
- [mips*/4kc-malta] dma-default: Fix 32-bit fall back to GFP_DMA
- [x86] efi: Fix boot crash by mapping EFI memmap entries bottom-up at
runtime, instead of top-down
- [x86] Use WARN_ON_ONCE for missing X86_FEATURE_NRIPS
- mm: hugetlbfs: skip shared VMAs when unmapping private pages to satisfy a
fault
- [x86] mm: Set NX on gap between __ex_table and rodata
- clocksource: Fix abs() usage w/ 64bit values
- [x86] drm/vmwgfx: Fix kernel NULL pointer dereference on older hardware
- fs: if a coredump already exists, unlink and recreate with O_EXCL
- sctp: donot reset the overall_error_count in SHUTDOWN_RECEIVE state
- l2tp: protect tunnel->del_work by ref_count
- af_unix: return data from multiple SKBs on recv() with MSG_PEEK flag
- net/unix: fix logic about sk_peek_offset
- skbuff: Fix skb checksum flag on skb pull
- skbuff: Fix skb checksum partial check.
- net: add pfmemalloc check in sk_add_backlog()
- ppp: don't override sk->sk_state in pppoe_flush_dev()
- ethtool: Use kcalloc instead of kmalloc for ethtool_get_strings
- ovs: do not allocate memory from offline numa node
- netlink: Trim skb to alloc size to avoid MSG_TRUNC
- net: add length argument to skb_copy_and_csum_datagram_iovec
(regression in 3.16.7-ckt17) (CVE-2015-8019)
- Btrfs: update fix for read corruption of compressed and shared extents
http://kernel.ubuntu.com/stable/ChangeLog-3.16.7-ckt20
- regmap: debugfs: Ensure we don't underflow when printing access masks
- regmap: debugfs: Don't bother actually printing when calculating max
length
- [x86] xen: Support kexec/kdump in HVM guests by doing a soft reset
- svcrdma: handle rdma read with a non-zero initial page offset
(regression in 3.16)
- dm: fix AB-BA deadlock in __dm_destroy() (regression in 3.16.7-ckt10)
- cifs: [SMB3] Do not fall back to SMBWriteX in set_file_size error cases
- dm raid: fix round up of default region size
- staging: speakup: fix speakup-r regression
- [arm64] readahead: fault retry breaks mmap file read random detection
- sched/core: Fix TASK_DEAD race in finish_task_switch()
- dm cache: fix NULL pointer when switching from cleaner policy
- 3w-9xxx: don't unmap bounce buffered commands
(regression in 3.16.7-ckt17)
- workqueue: make sure delayed work run in local cpu
- drm/radeon: add pm sysfs files late
- drm/nouveau/fbcon: take runpm reference when userspace has an open fd
- crypto: ahash - ensure statesize is non-zero
- btrfs: check unsupported filters in balance arguments
- btrfs: fix use after free iterating extrefs
- btrfs: fix possible leak in btrfs_ioctl_balance()
- drm: Reject DRI1 hw lock ioctl functions for kms drivers
- usb: xhci: Add support for URB_ZERO_PACKET to bulk/sg transfers
- rbd: fix double free on rbd_dev->header_name
- ath9k: declare required extra tx headroom
- iio: accel: sca3000: memory corruption in sca3000_read_first_n_hw_rb()
- xen-blkfront: check for null drvdata in blkback_changed
(XenbusStateClosing)
- iio: mxs-lradc: Fix temperature offset
- [x86] drm/i915: Deny wrapping an userptr into a framebuffer
- xhci: don't finish a TD if we get a short transfer event mid TD
- xhci: handle no ping response error properly
- drm/nouveau/gem: return only valid domain when there's only one
- [powerpc*] rtas: Validate rtas.entry before calling enter_rtas()
- mm: make sendfile(2) killable
- rbd: don't leak parent_spec in rbd_dev_probe_parent()
- rbd: prevent kernel stack blow up on rbd map
- dm btree remove: fix a bug when rebalancing nodes after removal
- dm btree: fix leak of bufio-backed block in btree_split_beneath error path
- IB/cm: Fix rb-tree duplicate free and use-after-free
- iwlwifi: mvm: init card correctly on ctkill exit check
(regression in 3.16.7-ckt2)
- module: Fix locking in symbol_put_addr()
- crypto: api - Only abort operations on fatal signal
- md/raid1: submit_bio_wait() returns 0 on success
- md/raid10: submit_bio_wait() returns 0 on success
- [x86] iommu/amd: Don't clear DTE flags when modifying it
- [armel,armhf] i2c: mv64xxx: really allow I2C offloading
- drm/radeon: don't try to recreate sysfs entries on resume
- mvsas: Fix NULL pointer dereference in mvs_slot_task_free
- [arm64] Revert "ARM64: unwind: Fix PC calculation"
- rbd: require stable pages if message data CRCs are enabled
- md/raid5: fix locking in handle_stripe_clean_event()
- Revert "md: allow a partially recovered device to be hot-added to an
array." (regression in 3.14)
- ipv6: Fix IPsec pre-encap fragmentation check
- ppp: fix pppoe_dev deletion condition in pppoe_release()
- ipv6: gre: support SIT encapsulation (regression in 3.13)
- isdn_ppp: Add checks for allocation failure in isdn_ppp_open()
- ppp, slip: Validate VJ compression slot parameters completely
(CVE-2015-7799)
- staging/dgnc: fix info leak in ioctl
- sched/preempt: Fix cond_resched_lock() and cond_resched_softirq()
(regression in 3.13)
[ Aurelien Jarno ]
* [mips*/octeon] Enable CAVIUM_CN63XXP1 (Closes: #800595)
[ Ben Hutchings ]
* nbd: Restore request timeout detection (Closes: #770479)
* netlink: Fix ABI change in 3.16.7-ckt18
* [x86] Enable PINCTRL_BAYTRAIL (Closes: #797949)
* firmware_class: Fix condition in directory search loop (Closes: #804862)
* ehci: Fix ABI change in 3.16.7-ckt19
* [arm64] Defer workaround for erratum #843419
* [x86] KVM: svm: unconditionally intercept #DB (CVE-2015-8104)
-- Ben Hutchings <email address hidden> Thu, 19 Nov 2015 15:14:30 +0000