← Back to team overview

group.of.nepali.translators team mailing list archive

[Bug 1549601] Re: [Hyper-V] x86, pageattr: prevent overflow in slow_virt_to_phys() for X86_PAE

 

This bug was fixed in the package linux - 3.13.0-85.129

---------------
linux (3.13.0-85.129) trusty; urgency=low

  [ Brad Figg ]

  * Release Tracking Bug
    - LP: #1558727

  [ Upstream Kernel Changes ]

  * Revert "Revert "af_unix: Revert 'lock_interruptible' in stream receive
    code""

linux (3.13.0-84.128) trusty; urgency=low

  [ Brad Figg ]

  * Release Tracking Bug
    - LP: #1557596

  [ Upstream Kernel Changes ]

  * Revert "af_unix: Revert 'lock_interruptible' in stream receive code"
    - LP: #1540731
  * seccomp: cap SECCOMP_RET_ERRNO data to MAX_ERRNO
    - LP: #1496073
  * net/mlx4_en: Remove dependency between timestamping capability and
    service_task
    - LP: #1537859
  * net/mlx4_en: Fix HW timestamp init issue upon system startup
    - LP: #1537859
  * x86/mm: Fix slow_virt_to_phys() for X86_PAE again
    - LP: #1549601
  * iw_cxgb3: Fix incorrectly returning error on success
    - LP: #1557191
  * EVM: Use crypto_memneq() for digest comparisons
    - LP: #1557191
  * x86/entry/compat: Add missing CLAC to entry_INT80_32
    - LP: #1557191
  * iio: dac: mcp4725: set iio name property in sysfs
    - LP: #1557191
  * iommu/vt-d: Fix 64-bit accesses to 32-bit DMAR_GSTS_REG
    - LP: #1557191
  * PCI/AER: Flush workqueue on device remove to avoid use-after-free
    - LP: #1557191
  * libata: disable forced PORTS_IMPL for >= AHCI 1.3
    - LP: #1557191
  * mac80211: start_next_roc only if scan was actually running
    - LP: #1557191
  * mac80211: Requeue work after scan complete for all VIF types.
    - LP: #1557191
  * rfkill: fix rfkill_fop_read wait_event usage
    - LP: #1557191
  * crypto: shash - Fix has_key setting
    - LP: #1557191
  * drm/i915/dp: fall back to 18 bpp when sink capability is unknown
    - LP: #1557191
  * target: Fix WRITE_SAME/DISCARD conversion to linux 512b sectors
    - LP: #1557191
  * crypto: algif_hash - wait for crypto_ahash_init() to complete
    - LP: #1557191
  * iio: inkern: fix a NULL dereference on error
    - LP: #1557191
  * intel_scu_ipcutil: underflow in scu_reg_access()
    - LP: #1557191
  * ALSA: seq: Fix race at closing in virmidi driver
    - LP: #1557191
  * ALSA: rawmidi: Remove kernel WARNING for NULL user-space buffer check
    - LP: #1557191
  * ALSA: pcm: Fix potential deadlock in OSS emulation
    - LP: #1557191
  * ALSA: seq: Fix yet another races among ALSA timer accesses
    - LP: #1557191
  * ALSA: timer: Fix link corruption due to double start or stop
    - LP: #1557191
  * libata: fix sff host state machine locking while polling
    - LP: #1557191
  * cputime: Prevent 32bit overflow in time[val|spec]_to_cputime()
    - LP: #1557191
  * ASoC: dpcm: fix the BE state on hw_free
    - LP: #1557191
  * module: wrapper for symbol name.
    - LP: #1557191
  * ALSA: hda - Add fixup for Mac Mini 7,1 model
    - LP: #1557191
  * ALSA: Move EXPORT_SYMBOL() in appropriate places
    - LP: #1557191
  * ALSA: rawmidi: Make snd_rawmidi_transmit() race-free
    - LP: #1557191
  * ALSA: rawmidi: Fix race at copying & updating the position
    - LP: #1557191
  * ALSA: seq: Fix lockdep warnings due to double mutex locks
    - LP: #1557191
  * drivers/scsi/sg.c: mark VMA as VM_IO to prevent migration
    - LP: #1557191
  * radix-tree: fix race in gang lookup
    - LP: #1557191
  * usb: xhci: apply XHCI_PME_STUCK_QUIRK to Intel Broxton-M platforms
    - LP: #1557191
  * xhci: Fix list corruption in urb dequeue at host removal
    - LP: #1557191
  * target: Fix Task Aborted Status (TAS) handling
    - LP: #1557191
  * target: Add TFO->abort_task for aborted task resources release
    - LP: #1557191
  * target: Fix LUN_RESET active TMR descriptor handling
    - LP: #1557191
  * target: Fix LUN_RESET active I/O handling for ACK_KREF
    - LP: #1557191
  * target: Fix TAS handling for multi-session se_node_acls
    - LP: #1557191
  * target: Fix remote-port TMR ABORT + se_cmd fabric stop
    - LP: #1557191
  * target: Fix race with SCF_SEND_DELAYED_TAS handling
    - LP: #1557191
  * [media] tda1004x: only update the frontend properties if locked
    - LP: #1557191
  * ALSA: timer: Fix leftover link at closing
    - LP: #1557191
  * [media] saa7134-alsa: Only frees registered sound cards
    - LP: #1557191
  * Btrfs: fix hang on extent buffer lock caused by the inode_paths ioctl
    - LP: #1557191
  * scsi_dh_rdac: always retry MODE SELECT on command lock violation
    - LP: #1557191
  * SCSI: Add Marvell Console to VPD blacklist
    - LP: #1557191
  * drm: Add drm_fixp_from_fraction and drm_fixp2int_ceil
    - LP: #1557191
  * ALSA: hda - Fix static checker warning in patch_hdmi.c
    - LP: #1557191
  * dump_stack: avoid potential deadlocks
    - LP: #1557191
  * mm, vmstat: fix wrong WQ sleep when memory reclaim doesn't make any
    progress
    - LP: #1557191
  * ocfs2/dlm: clear refmap bit of recovery lock while doing local recovery
    cleanup
    - LP: #1557191
  * mm: replace vma_lock_anon_vma with anon_vma_lock_read/write
    - LP: #1557191
  * radix-tree: fix oops after radix_tree_iter_retry
    - LP: #1557191
  * crypto: user - lock crypto_alg_list on alg dump
    - LP: #1557191
  * serial: omap: Prevent DoS using unprivileged ioctl(TIOCSRS485)
    - LP: #1557191
  * pty: fix possible use after free of tty->driver_data
    - LP: #1557191
  * pty: make sure super_block is still valid in final /dev/tty close
    - LP: #1557191
  * ALSA: hda - Fix speaker output from VAIO AiO machines
    - LP: #1557191
  * klist: fix starting point removed bug in klist iterators
    - LP: #1557191
  * ALSA: dummy: Implement timer backend switching more safely
    - LP: #1557191
  * powerpc: Fix dedotify for binutils >= 2.26
    - LP: #1557191
  * ALSA: timer: Fix wrong instance passed to slave callbacks
    - LP: #1557191
  * ARM: 8517/1: ICST: avoid arithmetic overflow in icst_hz()
    - LP: #1557191
  * nfs: fix nfs_size_to_loff_t
    - LP: #1557191
  * ALSA: timer: Fix race between stop and interrupt
    - LP: #1557191
  * ALSA: timer: Fix race at concurrent reads
    - LP: #1557191
  * phy: twl4030-usb: Relase usb phy on unload
    - LP: #1557191
  * drm/i915: fix error path in intel_setup_gmbus()
    - LP: #1557191
  * ahci: Intel DNV device IDs SATA
    - LP: #1557191
  * workqueue: handle NUMA_NO_NODE for unbound pool_workqueue lookup
    - LP: #1557191
  * cifs: fix erroneous return value
    - LP: #1557191
  * s390/dasd: prevent incorrect length error under z/VM after PAV changes
    - LP: #1557191
  * s390/dasd: fix refcount for PAV reassignment
    - LP: #1557191
  * ARM: 8519/1: ICST: try other dividends than 1
    - LP: #1557191
  * btrfs: properly set the termination value of ctx->pos in readdir
    - LP: #1557191
  * ext4: fix potential integer overflow
    - LP: #1557191
  * ext4: don't read blocks from disk after extents being swapped
    - LP: #1557191
  * bio: return EINTR if copying to user space got interrupted
    - LP: #1557191
  * xen/pciback: Check PF instead of VF for PCI_COMMAND_MEMORY
    - LP: #1557191
  * xen/pciback: Save the number of MSI-X entries to be copied later.
    - LP: #1557191
  * xen/pcifront: Fix mysterious crashes when NUMA locality information was
    extracted.
    - LP: #1557191
  * ALSA: seq: Drop superfluous error/debug messages after malloc failures
    - LP: #1557191
  * ALSA: seq: Fix leak of pool buffer at concurrent writes
    - LP: #1557191
  * dmaengine: dw: disable BLOCK IRQs for non-cyclic xfer
    - LP: #1557191
  * tracepoints: Do not trace when cpu is offline
    - LP: #1557191
  * tracing: Fix freak link error caused by branch tracer
    - LP: #1557191
  * ALSA: seq: Fix double port list deletion
    - LP: #1557191
  * drm/radeon: use post-decrement in error handling
    - LP: #1557191
  * drm/qxl: use kmalloc_array to alloc reloc_info in
    qxl_process_single_command
    - LP: #1557191
  * NFSv4: Fix a dentry leak on alias use
    - LP: #1557191
  * USB: option: add support for SIM7100E
    - LP: #1557191
  * USB: cp210x: add IDs for GE B650V3 and B850V3 boards
    - LP: #1557191
  * USB: option: add "4G LTE usb-modem U901"
    - LP: #1557191
  * hwmon: (ads1015) Handle negative conversion values correctly
    - LP: #1557191
  * ext4: fix bh->b_state corruption
    - LP: #1557191
  * ext4: fix crashes in dioread_nolock mode
    - LP: #1557191
  * kernel/resource.c: fix muxed resource handling in __request_region()
    - LP: #1557191
  * drivers: android: correct the size of struct binder_uintptr_t for
    BC_DEAD_BINDER_DONE
    - LP: #1557191
  * can: ems_usb: Fix possible tx overflow
    - LP: #1557191
  * sunrpc/cache: fix off-by-one in qword_get()
    - LP: #1557191
  * KVM: async_pf: do not warn on page allocation failures
    - LP: #1557191
  * tracing: Fix showing function event in available_events
    - LP: #1557191
  * libceph: don't bail early from try_read() when skipping a message
    - LP: #1557191
  * KVM: x86: MMU: fix ubsan index-out-of-range warning
    - LP: #1557191
  * hpfs: don't truncate the file when delete fails
    - LP: #1557191
  * do_last(): don't let a bogus return value from ->open() et.al. to
    confuse us
    - LP: #1557191
  * af_iucv: Validate socket address length in iucv_sock_bind()
    - LP: #1557191
  * net: dp83640: Fix tx timestamp overflow handling.
    - LP: #1557191
  * tcp: fix NULL deref in tcp_v4_send_ack()
    - LP: #1557191
  * af_unix: fix struct pid memory leak
    - LP: #1557191
  * pptp: fix illegal memory access caused by multiple bind()s
    - LP: #1557191
  * sctp: allow setting SCTP_SACK_IMMEDIATELY by the application
    - LP: #1557191
  * ipv6/udp: use sticky pktinfo egress ifindex on connect()
    - LP: #1557191
  * net/ipv6: add sysctl option accept_ra_min_hop_limit
    - LP: #1557191
  * ipv6: fix a lockdep splat
    - LP: #1557191
  * unix: correctly track in-flight fds in sending process user_struct
    - LP: #1557191
  * net:Add sysctl_max_skb_frags
    - LP: #1557191
  * sctp: translate network order to host order when users get a hmacid
    - LP: #1557191
  * af_unix: Guard against other == sk in unix_dgram_sendmsg
    - LP: #1543980, #1557191
  * qmi_wwan: add "4G LTE usb-modem U901"
    - LP: #1557191
  * net/mlx4_en: Count HW buffer overrun only once
    - LP: #1557191
  * pppoe: fix reference counting in PPPoE proxy
    - LP: #1557191
  * rtnl: RTM_GETNETCONF: fix wrong return value
    - LP: #1557191
  * unix_diag: fix incorrect sign extension in unix_lookup_by_ino
    - LP: #1557191
  * sctp: Fix port hash table size computation
    - LP: #1557191
  * bonding: Fix ARP monitor validation
    - LP: #1557191
  * ipv4: fix memory leaks in ip_cmsg_send() callers
    - LP: #1557191
  * net/mlx4_en: Choose time-stamping shift value according to HW frequency
    - LP: #1557191
  * af_unix: Don't set err in unix_stream_read_generic unless there was an
    error
    - LP: #1557191
  * pipe: limit the per-user amount of pages allocated in pipes
    - LP: #1557191
  * Linux 3.13.11-ckt36
    - LP: #1557191
  * sched/numa: Move task_numa_free() to __put_task_struct()
    - LP: #1527643
  * sched/numa: Fix unsafe get_task_struct() in task_numa_assign()
    - LP: #1527643
  * sched/numa: Fix use-after-free bug in the task_numa_compare
    - LP: #1527643

 -- Brad Figg <brad.figg@xxxxxxxxxxxxx>  Thu, 17 Mar 2016 11:42:09 -0700

** Changed in: linux (Ubuntu Trusty)
       Status: Fix Committed => Fix Released

** Changed in: linux (Ubuntu Wily)
       Status: Fix Committed => Fix Released

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1549601

Title:
  [Hyper-V] x86,pageattr: prevent overflow in slow_virt_to_phys() for
  X86_PAE

Status in linux package in Ubuntu:
  Fix Committed
Status in linux source package in Trusty:
  Fix Released
Status in linux source package in Wily:
  Fix Released
Status in linux source package in Xenial:
  Fix Committed

Bug description:
  https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=d1cd1210834649ce1ca6bafe5ac25d2f40331343

  x86, pageattr: Prevent overflow in slow_virt_to_phys() for X86_PAE
  pte_pfn() returns a PFN of long (32 bits in 32-PAE), so "long <<
  PAGE_SHIFT" will overflow for PFNs above 4GB.

  Due to this issue, some Linux 32-PAE distros, running as guests on Hyper-V,
  with 5GB memory assigned, can't load the netvsc driver successfully and
  hence the synthetic network device can't work (we can use the kernel parameter
  mem=3000M to work around the issue).

  Cast pte_pfn() to phys_addr_t before shifting.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1549601/+subscriptions