← Back to team overview

kernel-packages team mailing list archive

[Bug 1431280] Re: x86: mm/fault: Fix semaphore imbalance

 

This bug was fixed in the package linux - 3.2.0-79.115

---------------
linux (3.2.0-79.115) precise; urgency=low

  [ Luis Henriques ]

  * Release Tracking Bug
    - LP: #1431359
  * Merged back all changes that were in Ubuntu-3.2.0-78.113

  [ Upstream Kernel Changes ]

  * x86: mm/fault: Fix semaphore imbalance
    - LP: #1431280

linux (3.2.0-78.113) precise; urgency=low

  [ Seth Forshee ]

  * Release Tracking Bug
    - LP: #1427736

  [ Upstream Kernel Changes ]

  * Revert "tcp: Apply device TSO segment limit earlier"
    - LP: #1427413
  * eCryptfs: Force RO mount when encrypted view is enabled
    - LP: #1427413
  * sound: simplify au0828 quirk table
    - LP: #1427413
  * sound: Update au0828 quirks table
    - LP: #1427413
  * af9005: fix kernel panic on init if compiled without IR
    - LP: #1427413
  * writeback: Move I_DIRTY_PAGES handling
    - LP: #1427413
  * writeback: fix a subtle race condition in I_DIRTY clearing
    - LP: #1427413
  * usb: renesas_usbhs: gadget: fix NULL pointer dereference in
    ep_disable()
    - LP: #1427413
  * ipv4: Remove all uses of LL_ALLOCATED_SPACE
    - LP: #1427413
  * ipv6: Remove all uses of LL_ALLOCATED_SPACE
    - LP: #1427413
  * ipv6: mld: fix add_grhead skb_over_panic for devs with large MTUs
    - LP: #1427413
  * KVM: s390: flush CPU on load control
    - LP: #1427413
  * UBI: Fix invalid vfree()
    - LP: #1427413
  * driver core: Fix unbalanced device reference in drivers_probe
    - LP: #1427413
  * drbd: merge_bvec_fn: properly remap bvm->bi_bdev
    - LP: #1427413
  * PCI: Restore detection of read-only BARs
    - LP: #1427413
  * scsi: correct return values for .eh_abort_handler implementations
    - LP: #1427413
  * bus: omap_l3_noc: Correct returning IRQ_HANDLED unconditionally in the
    irq handler
    - LP: #1427413
  * genhd: check for int overflow in disk_expand_part_tbl()
    - LP: #1427413
  * USB: cdc-acm: check for valid interfaces
    - LP: #1427413
  * uvcvideo: Fix destruction order in uvc_delete()
    - LP: #1427413
  * mfd: tc6393xb: Fail ohci suspend if full state restore is required
    - LP: #1427413
  * serial: samsung: wait for transfer completion before clock disable
    - LP: #1427413
  * Bluetooth: btusb: Add support for Belkin F8065bf
    - LP: #1427413
  * Bluetooth: ath3k: Add support for a new AR3012 device
    - LP: #1427413
  * Bluetooth: ath3k: Add support for another AR3012 card
    - LP: #1427413
  * Bluetooth: Add support for Toshiba Bluetooth device [0930:0220]
    - LP: #1427413
  * Bluetooth: Enable Atheros 0cf3:311e for firmware upload
    - LP: #1427413
  * Bluetooth: Add firmware update for Atheros 0cf3:311f
    - LP: #1427413
  * Bluetooth: btusb: Add IMC Networks (Broadcom based)
    - LP: #1427413
  * Bluetooth: sort the list of IDs in the source code
    - LP: #1427413
  * Bluetooth: append new supported device to the list [0b05:17d0]
    - LP: #1427413
  * Bluetooth: Add support for Intel bootloader devices
    - LP: #1427413
  * Bluetooth: Ignore isochronous endpoints for Intel USB bootloader
    - LP: #1427413
  * Bluetooth: Add support for Acer [13D3:3432]
    - LP: #1427413
  * Bluetooth: Add support for Broadcom device of Asus Z97-DELUXE
    motherboard
    - LP: #1427413
  * Add a new PID/VID 0227/0930 for AR3012.
    - LP: #1427413
  * Bluetooth: Add support for Acer [0489:e078]
    - LP: #1427413
  * Bluetooth: ath3k: Add support of MCI 13d3:3408 bt device
    - LP: #1427413
  * Bluetooth: Add USB device 04ca:3010 as Atheros AR3012
    - LP: #1427413
  * eCryptfs: Remove buggy and unnecessary write in file name decode
    routine
    - LP: #1427413
  * USB: adutux: NULL dereferences on disconnect
    - LP: #1427413
  * ALSA: hda - using uninitialized data
    - LP: #1427413
  * dm space map metadata: fix sm_bootstrap_get_nr_blocks()
    - LP: #1427413
  * ath9k_hw: fix hardware queue allocation
    - LP: #1427413
  * ath9k: fix BE/BK queue order
    - LP: #1427413
  * ath5k: fix hardware queue index assignment
    - LP: #1427413
  * iommu/vt-d: Fix an off-by-one bug in __domain_mapping()
    - LP: #1427413
  * drm/vmwgfx: Don't use memory accounting for kernel-side fence objects
    - LP: #1427413
  * hp_accel: Add support for HP ZBook 15
    - LP: #1427413
  * ALSA: usb-audio: Don't resubmit pending URBs at MIDI error recovery
    - LP: #1427413
  * KEYS: Fix stale key registration at error path
    - LP: #1427413
  * fib_trie: Fix /proc/net/fib_trie when CONFIG_IP_MULTIPLE_TABLES is not
    defined
    - LP: #1427413
  * Btrfs: fix fs corruption on transaction abort if device supports
    discard
    - LP: #1427413
  * ncpfs: return proper error from NCP_IOC_SETROOT ioctl
    - LP: #1427413
  * x86_64, switch_to(): Load TLS descriptors before switching DS and ES
    - LP: #1427413
  * mac80211: fix multicast LED blinking and counter
    - LP: #1427413
  * genirq: Prevent proc race against freeing of irq descriptors
    - LP: #1427413
  * decompress_bunzip2: off by one in get_next_block()
    - LP: #1427413
  * x86/tls: Disallow unusual TLS segments
    - LP: #1427413
  * iscsi-target: Fail connection on short sendmsg writes
    - LP: #1427413
  * ceph: introduce global empty snap context
    - LP: #1427413
  * x86/tls: Don't validate lm in set_thread_area() after all
    - LP: #1427413
  * ALSA: usb-audio: extend KEF X300A FU 10 tweak to Arcam rPAC
    - LP: #1427413
  * ocfs2: fix journal commit deadlock
    - LP: #1427413
  * udf: Verify i_size when loading inode
    - LP: #1427413
  * udf: Verify symlink size before loading it
    - LP: #1427413
  * udf: Treat symlink component of type 2 as /
    - LP: #1427413
  * udf: Check path length when reading symlink
    - LP: #1427413
  * udf: Check component length before reading it
    - LP: #1427413
  * crypto: af_alg - fix backlog handling
    - LP: #1427413
  * net: Fix stacked vlan offload features computation
    - LP: #1427413
  * video/logo: prevent use of logos after they have been freed
    - LP: #1427413
  * video/fbdev: fix defio's fsync
    - LP: #1427413
  * USB: cp210x: fix ID for production CEL MeshConnect USB Stick
    - LP: #1427413
  * ALSA: hda - Fix wrong gpio_dir & gpio_mask hint setups for IDT/STAC
    codecs
    - LP: #1427413
  * spi: dw: Fix detecting FIFO depth
    - LP: #1427413
  * spi: dw-mid: fix FIFO size
    - LP: #1427413
  * virtio: use dev_to_virtio wrapper in virtio
    - LP: #1427413
  * virtio_pci: defer kfree until release callback
    - LP: #1427413
  * virtio_pci: document why we defer kfree
    - LP: #1427413
  * USB: cp210x: add IDs for CEL USB sticks and MeshWorks devices
    - LP: #1427413
  * ASoC: wm8960: Fix capture sample rate from 11250 to 11025
    - LP: #1427413
  * mm: propagate error from stack expansion even for guard page
    - LP: #1427413
  * sata_dwc_460ex: fix resource leak on error path
    - LP: #1427413
  * time: settimeofday: Validate the values of tv from user
    - LP: #1427413
  * Input: i8042 - reset keyboard to fix Elantech touchpad detection
    - LP: #1427413
  * regulator: core: fix race condition in regulator_put()
    - LP: #1427413
  * Input: I8042 - add Acer Aspire 7738 to the nomux list
    - LP: #1427413
  * mm: prevent endless growth of anon_vma hierarchy
    - LP: #1427413
  * mm: remove unused arg of set_page_dirty_balance()
    - LP: #1427413
  * mm: protect set_page_dirty() from ongoing truncation
    - LP: #1427413
  * HID: roccat: potential out of bounds in pyra_sysfs_write_settings()
    - LP: #1427413
  * OHCI: add a quirk for ULi M5237 blocking on reset
    - LP: #1427413
  * usb: gadget: udc: atmel: change setting for DMA
    - LP: #1427413
  * usb: gadget: udc: atmel: fix possible IN hang issue
    - LP: #1427413
  * usb: gadget: udc: atmel: fix possible oops when unloading module
    - LP: #1427413
  * USB: console: fix potential use after free
    - LP: #1427413
  * mm: Don't count the stack guard page towards RLIMIT_STACK
    - LP: #1427413
  * mm: fix corner case in anon_vma endless growing prevention
    - LP: #1427413
  * gpio: fix memory and reference leaks in gpiochip_add error path
    - LP: #1427413
  * ftrace/jprobes/x86: Fix conflict between jprobes and function graph
    tracing
    - LP: #1427413
  * can: dev: fix crtlmode_supported check
    - LP: #1427413
  * sysfs.h: add ATTRIBUTE_GROUPS() macro
    - LP: #1427413
  * driver core: Introduce device_create_groups
    - LP: #1427413
  * gpio: sysfs: fix gpio-chip device-attribute leak
    - LP: #1427413
  * gpiolib: Refactor gpio_export
    - LP: #1427413
  * Fix circular locking dependency (3.3-rc2)
    - LP: #1427413
  * gpio: sysfs: fix gpio device-attribute leak
    - LP: #1427413
  * gpio: sysfs: fix gpio attribute-creation race
    - LP: #1427413
  * net: sctp: fix race for one-to-many sockets in sendmsg's auto associate
    - LP: #1427413
  * ALSA: usb-audio: Add mic volume fix quirk for Logitech Webcam C210
    - LP: #1427413
  * libata: allow sata_sil24 to opt-out of tag ordered submission
    - LP: #1427413
  * scripts/recordmcount.pl: There is no -m32 gcc option on Super-H anymore
    - LP: #1427413
  * libata: prevent HSM state change race between ISR and PIO
    - LP: #1427413
  * x86, hyperv: Mark the Hyper-V clocksource as being continuous
    - LP: #1427413
  * x86, tls, ldt: Stop checking lm in LDT_empty
    - LP: #1427413
  * Input: i8042 - add noloop quirk for Medion Akoya E7225 (MD98857)
    - LP: #1427413
  * x86, tls: Interpret an all-zero struct user_desc as "no segment"
    - LP: #1427413
  * nl80211: fix per-station group key get/del and memory leak
    - LP: #1427413
  * usb-storage/SCSI: blacklist FUA on JMicron 152d:2566 USB-SATA
    controller
    - LP: #1427413
  * usb-core bInterval quirk
    - LP: #1427413
  * USB: Add OTG PET device to TPL
    - LP: #1427413
  * drm/i915: Only fence tiled region of object.
    - LP: #1427413
  * ALSA: seq-dummy: remove deadlock-causing events on close
    - LP: #1427413
  * net: sctp: fix slab corruption from use after free on INIT collisions
    - LP: #1427413
  * vm: add VM_FAULT_SIGSEGV handling support
    - LP: #1427413
  * vm: make stack guard page errors return VM_FAULT_SIGSEGV rather than
    SIGBUS
    - LP: #1427413
  * ACPI / EC: Fix regression due to conflicting firmware behavior between
    Samsung and Acer.
    - LP: #1427413
  * s390/3215: fix tty output containing tabs
    - LP: #1427413
  * x86, cpu, amd: Add workaround for family 16h, erratum 793
    - LP: #1427413
  * fsnotify: next_i is freed during fsnotify_unmount_inodes.
    - LP: #1427413
  * netfilter: ipset: small potential read beyond the end of buffer
    - LP: #1427413
  * dcache: Fix locking bugs in backported "deal with deadlock in d_walk()"
    - LP: #1427413
  * tg3: tg3_disable_ints using uninitialized mailbox value to disable
    interrupts
    - LP: #1427413
  * enic: fix rx skb checksum
    - LP: #1427413
  * net/core: Handle csum for CHECKSUM_COMPLETE VXLAN forwarding
    - LP: #1427413
  * vfs: Fix vfsmount_lock imbalance in path_init()
    - LP: #1427413
  * splice: Apply generic position and size checks to each write
    - LP: #1427413
    - CVE-2014-7822
  * PCI: Handle read-only BARs on AMD CS553x devices
    - LP: #1427413
  * Linux 3.2.67
    - LP: #1427413
 -- Luis Henriques <luis.henriques@xxxxxxxxxxxxx>   Thu, 12 Mar 2015 11:20:15 +0000

** Changed in: linux (Ubuntu Precise)
       Status: Fix Committed => Fix Released

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2014-7822

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1431280

Title:
  x86: mm/fault: Fix semaphore imbalance

Status in linux package in Ubuntu:
  Invalid
Status in linux source package in Precise:
  Fix Released

Bug description:
  The qrt kernel_security are hanging with "task hung" errors/warnings
  on the console with Precise.  This seems to be due to an issue in the
  backport to the 3.2.67 stable kernel of commit:

  commit 33692f27597fcab536d7cbbcc8f52905133e4aa7
  Author: Linus Torvalds <torvalds@xxxxxxxxxxxxxxxxxxxx>
  Date:   Thu Jan 29 10:51:32 2015 -0800

      vm: add VM_FAULT_SIGSEGV handling support

  3.2.68 kernel fixes this issue with commit:

  commit 6749fd110bf44164782df9bba86c0327474446b9
  Author: Ben Hutchings <ben@xxxxxxxxxxxxxxx>
  Date:   Wed Feb 25 00:02:28 2015 +0000

      x86: mm/fault: Fix semaphore imbalance
      
      When backporting commit 33692f27597f ('vm: add VM_FAULT_SIGSEGV
      handling support') I didn't notice that it depended on a recent change
      to the locking context of mm_fault_error() (commit 7fb08eca4527,
      'x86: mm: move mmap_sem unlock from mm_fault_error() to caller').
      That isn't easily applicable to 3.2, so instead make sure we drop
      mm->mmap_sem on the new branch of mm_fault_error().

  The ubuntu-qrt-apparmor are also hanging, possibly for the same
  reason.

  Including commit 6749fd110bf4 ("x86: mm/fault: Fix semaphore
  imbalance") in Precise seems to fix these issues.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1431280/+subscriptions


References