kernel-packages team mailing list archive
-
kernel-packages team
-
Mailing list archive
-
Message #170481
[Bug 1549601] Re: [Hyper-V] x86, pageattr: prevent overflow in slow_virt_to_phys() for X86_PAE
This bug was fixed in the package linux - 3.13.0-85.129
---------------
linux (3.13.0-85.129) trusty; urgency=low
[ Brad Figg ]
* Release Tracking Bug
- LP: #1558727
[ Upstream Kernel Changes ]
* Revert "Revert "af_unix: Revert 'lock_interruptible' in stream receive
code""
linux (3.13.0-84.128) trusty; urgency=low
[ Brad Figg ]
* Release Tracking Bug
- LP: #1557596
[ Upstream Kernel Changes ]
* Revert "af_unix: Revert 'lock_interruptible' in stream receive code"
- LP: #1540731
* seccomp: cap SECCOMP_RET_ERRNO data to MAX_ERRNO
- LP: #1496073
* net/mlx4_en: Remove dependency between timestamping capability and
service_task
- LP: #1537859
* net/mlx4_en: Fix HW timestamp init issue upon system startup
- LP: #1537859
* x86/mm: Fix slow_virt_to_phys() for X86_PAE again
- LP: #1549601
* iw_cxgb3: Fix incorrectly returning error on success
- LP: #1557191
* EVM: Use crypto_memneq() for digest comparisons
- LP: #1557191
* x86/entry/compat: Add missing CLAC to entry_INT80_32
- LP: #1557191
* iio: dac: mcp4725: set iio name property in sysfs
- LP: #1557191
* iommu/vt-d: Fix 64-bit accesses to 32-bit DMAR_GSTS_REG
- LP: #1557191
* PCI/AER: Flush workqueue on device remove to avoid use-after-free
- LP: #1557191
* libata: disable forced PORTS_IMPL for >= AHCI 1.3
- LP: #1557191
* mac80211: start_next_roc only if scan was actually running
- LP: #1557191
* mac80211: Requeue work after scan complete for all VIF types.
- LP: #1557191
* rfkill: fix rfkill_fop_read wait_event usage
- LP: #1557191
* crypto: shash - Fix has_key setting
- LP: #1557191
* drm/i915/dp: fall back to 18 bpp when sink capability is unknown
- LP: #1557191
* target: Fix WRITE_SAME/DISCARD conversion to linux 512b sectors
- LP: #1557191
* crypto: algif_hash - wait for crypto_ahash_init() to complete
- LP: #1557191
* iio: inkern: fix a NULL dereference on error
- LP: #1557191
* intel_scu_ipcutil: underflow in scu_reg_access()
- LP: #1557191
* ALSA: seq: Fix race at closing in virmidi driver
- LP: #1557191
* ALSA: rawmidi: Remove kernel WARNING for NULL user-space buffer check
- LP: #1557191
* ALSA: pcm: Fix potential deadlock in OSS emulation
- LP: #1557191
* ALSA: seq: Fix yet another races among ALSA timer accesses
- LP: #1557191
* ALSA: timer: Fix link corruption due to double start or stop
- LP: #1557191
* libata: fix sff host state machine locking while polling
- LP: #1557191
* cputime: Prevent 32bit overflow in time[val|spec]_to_cputime()
- LP: #1557191
* ASoC: dpcm: fix the BE state on hw_free
- LP: #1557191
* module: wrapper for symbol name.
- LP: #1557191
* ALSA: hda - Add fixup for Mac Mini 7,1 model
- LP: #1557191
* ALSA: Move EXPORT_SYMBOL() in appropriate places
- LP: #1557191
* ALSA: rawmidi: Make snd_rawmidi_transmit() race-free
- LP: #1557191
* ALSA: rawmidi: Fix race at copying & updating the position
- LP: #1557191
* ALSA: seq: Fix lockdep warnings due to double mutex locks
- LP: #1557191
* drivers/scsi/sg.c: mark VMA as VM_IO to prevent migration
- LP: #1557191
* radix-tree: fix race in gang lookup
- LP: #1557191
* usb: xhci: apply XHCI_PME_STUCK_QUIRK to Intel Broxton-M platforms
- LP: #1557191
* xhci: Fix list corruption in urb dequeue at host removal
- LP: #1557191
* target: Fix Task Aborted Status (TAS) handling
- LP: #1557191
* target: Add TFO->abort_task for aborted task resources release
- LP: #1557191
* target: Fix LUN_RESET active TMR descriptor handling
- LP: #1557191
* target: Fix LUN_RESET active I/O handling for ACK_KREF
- LP: #1557191
* target: Fix TAS handling for multi-session se_node_acls
- LP: #1557191
* target: Fix remote-port TMR ABORT + se_cmd fabric stop
- LP: #1557191
* target: Fix race with SCF_SEND_DELAYED_TAS handling
- LP: #1557191
* [media] tda1004x: only update the frontend properties if locked
- LP: #1557191
* ALSA: timer: Fix leftover link at closing
- LP: #1557191
* [media] saa7134-alsa: Only frees registered sound cards
- LP: #1557191
* Btrfs: fix hang on extent buffer lock caused by the inode_paths ioctl
- LP: #1557191
* scsi_dh_rdac: always retry MODE SELECT on command lock violation
- LP: #1557191
* SCSI: Add Marvell Console to VPD blacklist
- LP: #1557191
* drm: Add drm_fixp_from_fraction and drm_fixp2int_ceil
- LP: #1557191
* ALSA: hda - Fix static checker warning in patch_hdmi.c
- LP: #1557191
* dump_stack: avoid potential deadlocks
- LP: #1557191
* mm, vmstat: fix wrong WQ sleep when memory reclaim doesn't make any
progress
- LP: #1557191
* ocfs2/dlm: clear refmap bit of recovery lock while doing local recovery
cleanup
- LP: #1557191
* mm: replace vma_lock_anon_vma with anon_vma_lock_read/write
- LP: #1557191
* radix-tree: fix oops after radix_tree_iter_retry
- LP: #1557191
* crypto: user - lock crypto_alg_list on alg dump
- LP: #1557191
* serial: omap: Prevent DoS using unprivileged ioctl(TIOCSRS485)
- LP: #1557191
* pty: fix possible use after free of tty->driver_data
- LP: #1557191
* pty: make sure super_block is still valid in final /dev/tty close
- LP: #1557191
* ALSA: hda - Fix speaker output from VAIO AiO machines
- LP: #1557191
* klist: fix starting point removed bug in klist iterators
- LP: #1557191
* ALSA: dummy: Implement timer backend switching more safely
- LP: #1557191
* powerpc: Fix dedotify for binutils >= 2.26
- LP: #1557191
* ALSA: timer: Fix wrong instance passed to slave callbacks
- LP: #1557191
* ARM: 8517/1: ICST: avoid arithmetic overflow in icst_hz()
- LP: #1557191
* nfs: fix nfs_size_to_loff_t
- LP: #1557191
* ALSA: timer: Fix race between stop and interrupt
- LP: #1557191
* ALSA: timer: Fix race at concurrent reads
- LP: #1557191
* phy: twl4030-usb: Relase usb phy on unload
- LP: #1557191
* drm/i915: fix error path in intel_setup_gmbus()
- LP: #1557191
* ahci: Intel DNV device IDs SATA
- LP: #1557191
* workqueue: handle NUMA_NO_NODE for unbound pool_workqueue lookup
- LP: #1557191
* cifs: fix erroneous return value
- LP: #1557191
* s390/dasd: prevent incorrect length error under z/VM after PAV changes
- LP: #1557191
* s390/dasd: fix refcount for PAV reassignment
- LP: #1557191
* ARM: 8519/1: ICST: try other dividends than 1
- LP: #1557191
* btrfs: properly set the termination value of ctx->pos in readdir
- LP: #1557191
* ext4: fix potential integer overflow
- LP: #1557191
* ext4: don't read blocks from disk after extents being swapped
- LP: #1557191
* bio: return EINTR if copying to user space got interrupted
- LP: #1557191
* xen/pciback: Check PF instead of VF for PCI_COMMAND_MEMORY
- LP: #1557191
* xen/pciback: Save the number of MSI-X entries to be copied later.
- LP: #1557191
* xen/pcifront: Fix mysterious crashes when NUMA locality information was
extracted.
- LP: #1557191
* ALSA: seq: Drop superfluous error/debug messages after malloc failures
- LP: #1557191
* ALSA: seq: Fix leak of pool buffer at concurrent writes
- LP: #1557191
* dmaengine: dw: disable BLOCK IRQs for non-cyclic xfer
- LP: #1557191
* tracepoints: Do not trace when cpu is offline
- LP: #1557191
* tracing: Fix freak link error caused by branch tracer
- LP: #1557191
* ALSA: seq: Fix double port list deletion
- LP: #1557191
* drm/radeon: use post-decrement in error handling
- LP: #1557191
* drm/qxl: use kmalloc_array to alloc reloc_info in
qxl_process_single_command
- LP: #1557191
* NFSv4: Fix a dentry leak on alias use
- LP: #1557191
* USB: option: add support for SIM7100E
- LP: #1557191
* USB: cp210x: add IDs for GE B650V3 and B850V3 boards
- LP: #1557191
* USB: option: add "4G LTE usb-modem U901"
- LP: #1557191
* hwmon: (ads1015) Handle negative conversion values correctly
- LP: #1557191
* ext4: fix bh->b_state corruption
- LP: #1557191
* ext4: fix crashes in dioread_nolock mode
- LP: #1557191
* kernel/resource.c: fix muxed resource handling in __request_region()
- LP: #1557191
* drivers: android: correct the size of struct binder_uintptr_t for
BC_DEAD_BINDER_DONE
- LP: #1557191
* can: ems_usb: Fix possible tx overflow
- LP: #1557191
* sunrpc/cache: fix off-by-one in qword_get()
- LP: #1557191
* KVM: async_pf: do not warn on page allocation failures
- LP: #1557191
* tracing: Fix showing function event in available_events
- LP: #1557191
* libceph: don't bail early from try_read() when skipping a message
- LP: #1557191
* KVM: x86: MMU: fix ubsan index-out-of-range warning
- LP: #1557191
* hpfs: don't truncate the file when delete fails
- LP: #1557191
* do_last(): don't let a bogus return value from ->open() et.al. to
confuse us
- LP: #1557191
* af_iucv: Validate socket address length in iucv_sock_bind()
- LP: #1557191
* net: dp83640: Fix tx timestamp overflow handling.
- LP: #1557191
* tcp: fix NULL deref in tcp_v4_send_ack()
- LP: #1557191
* af_unix: fix struct pid memory leak
- LP: #1557191
* pptp: fix illegal memory access caused by multiple bind()s
- LP: #1557191
* sctp: allow setting SCTP_SACK_IMMEDIATELY by the application
- LP: #1557191
* ipv6/udp: use sticky pktinfo egress ifindex on connect()
- LP: #1557191
* net/ipv6: add sysctl option accept_ra_min_hop_limit
- LP: #1557191
* ipv6: fix a lockdep splat
- LP: #1557191
* unix: correctly track in-flight fds in sending process user_struct
- LP: #1557191
* net:Add sysctl_max_skb_frags
- LP: #1557191
* sctp: translate network order to host order when users get a hmacid
- LP: #1557191
* af_unix: Guard against other == sk in unix_dgram_sendmsg
- LP: #1543980, #1557191
* qmi_wwan: add "4G LTE usb-modem U901"
- LP: #1557191
* net/mlx4_en: Count HW buffer overrun only once
- LP: #1557191
* pppoe: fix reference counting in PPPoE proxy
- LP: #1557191
* rtnl: RTM_GETNETCONF: fix wrong return value
- LP: #1557191
* unix_diag: fix incorrect sign extension in unix_lookup_by_ino
- LP: #1557191
* sctp: Fix port hash table size computation
- LP: #1557191
* bonding: Fix ARP monitor validation
- LP: #1557191
* ipv4: fix memory leaks in ip_cmsg_send() callers
- LP: #1557191
* net/mlx4_en: Choose time-stamping shift value according to HW frequency
- LP: #1557191
* af_unix: Don't set err in unix_stream_read_generic unless there was an
error
- LP: #1557191
* pipe: limit the per-user amount of pages allocated in pipes
- LP: #1557191
* Linux 3.13.11-ckt36
- LP: #1557191
* sched/numa: Move task_numa_free() to __put_task_struct()
- LP: #1527643
* sched/numa: Fix unsafe get_task_struct() in task_numa_assign()
- LP: #1527643
* sched/numa: Fix use-after-free bug in the task_numa_compare
- LP: #1527643
-- Brad Figg <brad.figg@xxxxxxxxxxxxx> Thu, 17 Mar 2016 11:42:09 -0700
** Changed in: linux (Ubuntu Trusty)
Status: Fix Committed => Fix Released
** Changed in: linux (Ubuntu Wily)
Status: Fix Committed => Fix Released
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1549601
Title:
[Hyper-V] x86,pageattr: prevent overflow in slow_virt_to_phys() for
X86_PAE
Status in linux package in Ubuntu:
Fix Committed
Status in linux source package in Trusty:
Fix Released
Status in linux source package in Wily:
Fix Released
Status in linux source package in Xenial:
Fix Committed
Bug description:
https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=d1cd1210834649ce1ca6bafe5ac25d2f40331343
x86, pageattr: Prevent overflow in slow_virt_to_phys() for X86_PAE
pte_pfn() returns a PFN of long (32 bits in 32-PAE), so "long <<
PAGE_SHIFT" will overflow for PFNs above 4GB.
Due to this issue, some Linux 32-PAE distros, running as guests on Hyper-V,
with 5GB memory assigned, can't load the netvsc driver successfully and
hence the synthetic network device can't work (we can use the kernel parameter
mem=3000M to work around the issue).
Cast pte_pfn() to phys_addr_t before shifting.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1549601/+subscriptions
References