group.of.nepali.translators team mailing list archive
-
group.of.nepali.translators team
-
Mailing list archive
-
Message #07161
[Bug 1607374] Re: Cannot mount proc in unprivileged containers if /proc/xen is mounted
This bug was fixed in the package linux - 4.4.0-36.55
---------------
linux (4.4.0-36.55) xenial; urgency=low
[ Stefan Bader ]
* Release Tracking Bug
- LP: #1612305
* I2C touchpad does not work on AMD platform (LP: #1612006)
- SAUCE: pinctrl/amd: Remove the default de-bounce time
* CVE-2016-5696
- tcp: make challenge acks less predictable
linux (4.4.0-35.54) xenial; urgency=low
[ Stefan Bader ]
* Release Tracking Bug
- LP: #1611215
* [i915_bpo] Sync with v4.7 (LP: #1609742)
- SAUCE: i915_bpo: Sync with v4.7
* s390/cio: fix reset of channel measurement block (LP: #1609415)
- s390/cio: allow to reset channel measurement block
* in Ubuntu16.10: Hit on Call traces and system goes down when transactional
memory tests are running in 32TB Brazos system (LP: #1606786)
- powerpc/tm: Avoid SLB faults in treclaim/trecheckpoint when RI=0
- powerpc/tm: Fix stack pointer corruption in __tm_recheckpoint()
* Power Menu does not display after press the Power Button (LP: #1609204)
- intel-vbtn: new driver for Intel Virtual Button
- [config] enable CONFIG_INTEL_VBTN=m
* OptiPlex 7450 AIO hangs when rebooting (LP: #1608762)
- x86/reboot: Add Dell Optiplex 7450 AIO reboot quirk
* virtualbox+usb 3.0 breaks boot, -28 kernel works (LP: #1604058)
- SAUCE: xhci: Fix soft lockup in xhci_pci_probe path when XHCI_STATE_HALTED
* linux-kernel: Freeing IRQ from IRQ context (LP: #1597908)
- block: defer timeouts to a workqueue
* Tunnel offload indications not stripped from encapsulated packets, causing
performance overhead (LP: #1602755)
- tunnels: Remove encapsulation offloads on decap.
* lm-sensors is throwing "ERROR: Can't get value of subfeature temp1_input:
I/O error" for be2net driver (LP: #1607387)
- be2net: perform temperature query in adapter regardless of its interface
state
* Dell dock MAC Address pass through doesn't work in Ubuntu (LP: #1579984)
- r8152: Add support for setting pass through MAC address on RTL8153-AD
* vmxnet3 LRO IPv6 performance issues (stalling TCP) (LP: #1605494)
- Driver: Vmxnet3: set CHECKSUM_UNNECESSARY for IPv6 packets
* ISST-LTE:pVM:monklp5:Ubuntu16.04.1:system crashed at
lpfc_sli4_scmd_to_wqidx_distr (LP: #1597974)
- SAUCE: lpfc: fix oops in lpfc_sli4_scmd_to_wqidx_distr() from
lpfc_send_taskmgmt()
* Backport cxlflash shutdown patch to Xenial SRU (LP: #1605405)
- SAUCE: cxlflash: Verify problem state area is mapped before notifying
shutdown
* Xenial update to v4.4.16 stable release (LP: #1607404)
- mac80211: fix fast_tx header alignment
- mac80211: mesh: flush mesh paths unconditionally
- mac80211_hwsim: Add missing check for HWSIM_ATTR_SIGNAL
- mac80211: Fix mesh estab_plinks counting in STA removal case
- EDAC, sb_edac: Fix rank lookup on Broadwell
- IB/cm: Fix a recently introduced locking bug
- IB/mlx4: Properly initialize GRH TClass and FlowLabel in AHs
- powerpc/pseries: Fix IBM_ARCH_VEC_NRCORES_OFFSET since POWER8NVL was added
- powerpc/tm: Always reclaim in start_thread() for exec() class syscalls
- usb: dwc2: fix regression on big-endian PowerPC/ARM systems
- USB: EHCI: declare hostpc register as zero-length array
- usb: common: otg-fsm: add license to usb-otg-fsm
- mnt: fs_fully_visible test the proper mount for MNT_LOCKED
- mnt: Account for MS_RDONLY in fs_fully_visible
- mnt: If fs_fully_visible fails call put_filesystem.
- of: fix autoloading due to broken modalias with no 'compatible'
- of: irq: fix of_irq_get[_byname]() kernel-doc
- locking/ww_mutex: Report recursive ww_mutex locking early
- locking/qspinlock: Fix spin_unlock_wait() some more
- locking/static_key: Fix concurrent static_key_slow_inc()
- x86, build: copy ldlinux.c32 to image.iso
- kprobes/x86: Clear TF bit in fault on single-stepping
- x86/amd_nb: Fix boot crash on non-AMD systems
- Revert "gpiolib: Split GPIO flags parsing and GPIO configuration"
- uvc: Forward compat ioctls to their handlers directly
- thermal: cpu_cooling: fix improper order during initialization
- writeback: use higher precision calculation in domain_dirty_limits()
- nfsd4/rpc: move backchannel create logic into rpc code
- nfsd: Always lock state exclusively.
- nfsd: Extend the mutex holding region around in nfsd4_process_open2()
- posix_acl: Add set_posix_acl
- nfsd: check permissions when setting ACLs
- make nfs_atomic_open() call d_drop() on all ->open_context() errors.
- NFS: Fix another OPEN_DOWNGRADE bug
- ARM: imx6ul: Fix Micrel PHY mask
- ARM: 8578/1: mm: ensure pmd_present only checks the valid bit
- ARM: 8579/1: mm: Fix definition of pmd_mknotpresent
- MIPS: KVM: Fix modular KVM under QEMU
- mm: Export migrate_page_move_mapping and migrate_page_copy
- UBIFS: Implement ->migratepage()
- sched/fair: Fix cfs_rq avg tracking underflow
- packet: Use symmetric hash for PACKET_FANOUT_HASH.
- net_sched: fix mirrored packets checksum
- cdc_ncm: workaround for EM7455 "silent" data interface
- ipv6: Fix mem leak in rt6i_pcpu
- ARCv2: Check for LL-SC livelock only if LLSC is enabled
- ARCv2: LLSC: software backoff is NOT needed starting HS2.1c
- kvm: Fix irq route entries exceeding KVM_MAX_IRQ_ROUTES
- KVM: nVMX: VMX instructions: fix segment checks when L1 is in long mode.
- HID: elo: kill not flush the work
- HID: hiddev: validate num_values for HIDIOCGUSAGES, HIDIOCSUSAGES commands
- tracing: Handle NULL formats in hold_module_trace_bprintk_format()
- base: make module_create_drivers_dir race-free
- iommu/arm-smmu: Wire up map_sg for arm-smmu-v3
- iommu/vt-d: Enable QI on all IOMMUs before setting root entry
- iommu/amd: Fix unity mapping initialization race
- drm/mgag200: Black screen fix for G200e rev 4
- ipmi: Remove smi_msg from waiting_rcv_msgs list before handle_one_recv_msg()
- arm64: Rework valid_user_regs
- vfs: add d_real_inode() helper
- af_unix: fix hard linked sockets on overlay
- btrfs: account for non-CoW'd blocks in btrfs_abort_transaction
- drm/radeon: fix asic initialization for virtualized environments
- drm/amdgpu/gfx7: fix broken condition check
- ubi: Make recover_peb power cut aware
- drm/amdkfd: unbind only existing processes
- drm/amdkfd: destroy dbgmgr in notifier release
- drm/dp/mst: Always clear proposed vcpi table for port.
- drm/nouveau/disp/sor/gf119: both links use the same training register
- drm/nouveau/gr/gf100-: update sm error decoding from gk20a nvgpu headers
- drm/nouveau/fbcon: fix out-of-bounds memory accesses
- drm/nouveau: fix for disabled fbdev emulation
- drm/nouveau/disp/sor/gf119: select correct sor when poking training pattern
- drm/i915/ilk: Don't disable SSC source if it's in use
- drm/i915: Refresh cached DP port register value on resume
- drm/i915: Update ifdeffery for mutex->owner
- drm/i915: Update CDCLK_FREQ register on BDW after changing cdclk frequency
- drm: add missing drm_mode_set_crtcinfo call
- drm: make drm_atomic_set_mode_prop_for_crtc() more reliable
- drm: atmel-hlcdc: actually disable scaling when no scaling is required
- drm/ttm: Make ttm_bo_mem_compat available
- drm/vmwgfx: Add an option to change assumed FB bpp
- drm/vmwgfx: Work around mode set failure in 2D VMs
- drm/vmwgfx: Check pin count before attempting to move a buffer
- drm/vmwgfx: Delay pinning fbdev framebuffer until after mode set
- drm/vmwgfx: Fix error paths when mapping framebuffer
- memory: omap-gpmc: Fix omap gpmc EXTRADELAY timing
- perf/x86: Fix undefined shift on 32-bit kernels
- xen/balloon: Fix declared-but-not-defined warning
- iio: Fix error handling in iio_trigger_attach_poll_func
- iio:st_pressure: fix sampling gains (bring inline with ABI)
- iio: light apds9960: Add the missing dev.parent
- iio: proximity: as3935: correct IIO_CHAN_INFO_RAW output
- iio: proximity: as3935: remove triggered buffer processing
- iio: proximity: as3935: fix buffer stack trashing
- iio: humidity: hdc100x: correct humidity integration time mask
- iio: humidity: hdc100x: fix IIO_TEMP channel reporting
- iio: hudmidity: hdc100x: fix incorrect shifting and scaling
- staging: iio: accel: fix error check
- iio: accel: kxsd9: fix the usage of spi_w8r8()
- iio:ad7266: Fix broken regulator error handling
- iio:ad7266: Fix support for optional regulators
- iio:ad7266: Fix probe deferral for vref
- tty/vt/keyboard: fix OOB access in do_compute_shiftstate()
- hwmon: (dell-smm) Restrict fan control and serial number to CAP_SYS_ADMIN by
default
- hwmon: (dell-smm) Disallow fan_type() calls on broken machines
- hwmon: (dell-smm) Cache fan_type() calls and change fan detection
- ALSA: dummy: Fix a use-after-free at closing
- ALSA: hda - Fix the headset mic jack detection on Dell machine
- ALSA: hda / realtek - add two more Thinkpad IDs (5050,5053) for tpt460 fixup
- ALSA: au88x0: Fix calculation in vortex_wtdma_bufshift()
- ALSA: echoaudio: Fix memory allocation
- ALSA: timer: Fix negative queue usage by racy accesses
- ALSA: hda/realtek: Add Lenovo L460 to docking unit fixup
- ALSA: hda - Add PCI ID for Kabylake-H
- ALSA: hda - fix read before array start
- ALSA: hda/realtek - add new pin definition in alc225 pin quirk table
- ALSA: pcm: Free chmap at PCM free callback, too
- ALSA: ctl: Stop notification after disconnection
- ALSA: hda - fix use-after-free after module unload
- ALSA: hda: add AMD Stoney PCI ID with proper driver caps
- ARM: sunxi/dt: make the CHIP inherit from allwinner,sun5i-a13
- ARM: dts: armada-38x: fix MBUS_ID for crypto SRAM on Armada 385 Linksys
- ARM: mvebu: fix HW I/O coherency related deadlocks
- ovl: Copy up underlying inode's ->i_mode to overlay inode
- ovl: verify upper dentry in ovl_remove_and_whiteout()
- scsi: fix race between simultaneous decrements of ->host_failed
- 53c700: fix BUG on untagged commands
- Fix reconnect to not defer smb3 session reconnect long after socket
reconnect
- cifs: dynamic allocation of ntlmssp blob
- File names with trailing period or space need special case conversion
- xen/acpi: allow xen-acpi-processor driver to load on Xen 4.7
- crypto: qat - make qat_asym_algs.o depend on asn1 headers
- tmpfs: don't undo fallocate past its last page
- tmpfs: fix regression hang in fallocate undo
- drm/i915: Revert DisplayPort fast link training feature
- ovl: verify upper dentry before unlink and rename
- Linux 4.4.16
* Regression caused by `fuse: Add support for pid namespaces` in 4.4.0-6.21
(LP: #1605344)
- SAUCE: (namespace) fuse: Permit requests from other pid namespaces
* CVE-2016-5400
- media: fix airspy usb probe error path
* Cannot mount proc in unprivileged containers if /proc/xen is mounted
(LP: #1607374)
- SAUCE: xenbus: Use proc_create_mount_point() to create /proc/xen
* Mic mute key does not work for Ideapad laptops (LP: #1607153)
- ideapad_laptop: Add an event for mic mute hotkey
* NVMe stress test fails after 12 hours on Ubuntu 16.04 (LP: #1604995)
- block: atari: Return early for unsupported sector size
* Console extremely slow with 4.4 kernels for servers with Matrox G200er2 or
similar (LP: #1605662)
- SAUCE: vesafb: Set mtrr:3 (write-combining) as default
* Ubuntu 16.04 - Full EEH Recovery Support for NVMe devices (LP: #1602724)
- nvme: use a work item to submit async event requests
- nvme: don't poll the CQ from the kthread
- nvme: replace the kthread with a per-device watchdog timer
- NVMe: Fix reset/remove race
- nvme: Avoid reset work on watchdog timer function during error recovery
- NVMe: Always use MSI/MSI-x interrupts
* [LTC-Test] - NMI watchdog Bug and call traces when trinity is executed.
(LP: #1602524)
- ext4: factor out determining of hole size
- ext4: return hole from ext4_map_blocks()
- ext4: more efficient SEEK_DATA implementation
* changelog: add CVEs as first class citizens (LP: #1604344)
- avoid duplicate CVE numbers in changelog
* [LTCTest][Opal][OP820] Machine crashed with Oops: Kernel access of bad area,
sig: 11 [#1] while executing Froze PE Error injection (LP: #1603449)
- powerpc/eeh: Fix invalid cached PE primary bus
* Hotplug remove and re-add adds PCI adapter to next PCI domain (PCI)
(LP: #1603574)
- powerpc/pci: Assign fixed PHB number based on device-tree properties
* nvme - reset_controller is not working after adapter's firmware upgrade
(adapter quirk is needed) (LP: #1602726)
- NVMe: Create discard zero quirk white list
- nvme/quirk: Add a delay before checking for adapter readiness
* ovs nat: conntrack netlink event are missing (LP: #1603468)
- openvswitch: fix conntrack netlink event delivery
* FlashGT - In Tuleta 8284-22A with card in card slot P1-C9, system Fails to
boot operating system (LP: #1602785)
- cxl: Ignore CAPI adapters misplaced in switched slots
* CVE-2016-5728
- misc: mic: Fix for double fetch security bug in VOP driver
* CVE-2016-5244 (LP: #1589041)
- rds: fix an infoleak in rds_inc_info_copy
* Miscellaneous Ubuntu changes
- Added Snapcraft files
- SAUCE: snapcraft: cleanup and remove unnecessary elements
-- Stefan Bader <stefan.bader@xxxxxxxxxxxxx> Thu, 11 Aug 2016 17:34:14
+0200
** Changed in: linux (Ubuntu Xenial)
Status: Fix Committed => Fix Released
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2016-5244
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2016-5400
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2016-5696
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2016-5728
--
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1607374
Title:
Cannot mount proc in unprivileged containers if /proc/xen is mounted
Status in linux package in Ubuntu:
Fix Committed
Status in linux source package in Xenial:
Fix Released
Bug description:
SRU Justification
Impact: The xenfs filesystem is traditionally mounted at /proc/xen in
xen guests. This directory doesn't use the special "create proc
mountpoint" interface and thus fails the permanently empty test in
fs_fully_visible(). This causes mounting of proc to fail in user
namespace containers.
Fix: Use the special proc interface to make this a "permanently empty"
directory.
Regression potential: This change will make it impossible to create
files within /proc/xen, but since the directory is only ever used as a
mount point this should not cause any problems.
Original bug report and testing results can be found at
https://github.com/lxc/lxd/issues/2238.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1607374/+subscriptions
References