← Back to team overview

kernel-packages team mailing list archive

[Bug 1496073] Re: Request cherry-pick of upstream kernel patch which caps SECCOMP_RET_ERRNO to MAX_ERRNO

 

This bug was fixed in the package linux-lts-utopic -
3.16.0-69.89~14.04.1

---------------
linux-lts-utopic (3.16.0-69.89~14.04.1) trusty; urgency=low

  [ Brad Figg ]

  * Release Tracking Bug
    - LP: #1558760

  [ Upstream Kernel Changes ]

  * Revert "Revert "af_unix: Revert 'lock_interruptible' in stream receive
    code""

linux-lts-utopic (3.16.0-68.88~14.04.1) trusty; urgency=low

  [ Brad Figg ]

  * Release Tracking Bug
    - LP: #1558092

  [ Upstream Kernel Changes ]

  * Revert "ALSA: hda - Fix noise on Gigabyte Z170X mobo"
    - LP: #1552180
  * Revert "af_unix: Revert 'lock_interruptible' in stream receive code"
    - LP: #1540731
  * [media] usbvision fix overflow of interfaces array
    - LP: #1552180
  * [media] usbvision: fix leak of usb_dev on failure paths in
    usbvision_probe()
    - LP: #1552180
  * [media] usbvision: fix crash on detecting device with invalid
    configuration
    - LP: #1552180
  * tty: Fix unsafe ldisc reference via ioctl(TIOCGETD)
    - LP: #1552180
  * USB: serial: visor: fix crash on detecting device without write_urbs
    - LP: #1552180
  * ASN.1: Fix non-match detection failure on data overrun
    - LP: #1552180
  * iw_cxgb3: Fix incorrectly returning error on success
    - LP: #1552180
  * EVM: Use crypto_memneq() for digest comparisons
    - LP: #1552180
  * iio: adis_buffer: Fix out-of-bounds memory access
    - LP: #1552180
  * KVM: PPC: Fix emulation of H_SET_DABR/X on POWER8
    - LP: #1552180
  * x86/irq: Call chip->irq_set_affinity in proper context
    - LP: #1552180
  * ACPI / PCI / hotplug: unlock in error path in acpiphp_enable_slot()
    - LP: #1552180
  * usb: cdc-acm: handle unlinked urb in acm read callback
    - LP: #1552180
  * usb: cdc-acm: send zero packet for intel 7260 modem
    - LP: #1552180
  * cdc-acm:exclude Samsung phone 04e8:685d
    - LP: #1552180
  * usb: hub: do not clear BOS field during reset device
    - LP: #1552180
  * USB: cp210x: add ID for IAI USB to RS485 adaptor
    - LP: #1552180
  * USB: visor: fix null-deref at probe
    - LP: #1552180
  * USB: serial: option: Adding support for Telit LE922
    - LP: #1552180
  * ALSA: seq: Fix incorrect sanity check at snd_seq_oss_synth_cleanup()
    - LP: #1552180
  * ALSA: seq: Degrade the error message for too many opens
    - LP: #1552180
  * USB: serial: ftdi_sio: add support for Yaesu SCU-18 cable
    - LP: #1552180
  * USB: option: fix Cinterion AHxx enumeration
    - LP: #1552180
  * ALSA: compress: Disable GET_CODEC_CAPS ioctl for some architectures
    - LP: #1552180
  * ALSA: usb-audio: Fix TEAC UD-501/UD-503/NT-503 usb delay
    - LP: #1552180
  * virtio_pci: fix use after free on release
    - LP: #1552180
  * ALSA: bebob: Use a signed return type for get_formation_index
    - LP: #1552180
  * arm64: errata: Add -mpc-relative-literal-loads to build flags
    - LP: #1533009, #1552180
  * powerpc/eeh: Fix PE location code
    - LP: #1552180
  * SCSI: fix crashes in sd and sr runtime PM
    - LP: #1552180
  * n_tty: Fix unsafe reference to "other" ldisc
    - LP: #1552180
  * staging/speakup: Use tty_ldisc_ref() for paste kworker
    - LP: #1552180
  * ALSA: dummy: Disable switching timer backend via sysfs
    - LP: #1552180
  * drm/vmwgfx: respect 'nomodeset'
    - LP: #1552180
  * x86/mm/pat: Avoid truncation when converting cpa->numpages to address
    - LP: #1552180
  * perf annotate browser: Fix behaviour of Shift-Tab with nothing focussed
    - LP: #1552180
  * perf hists: Fix HISTC_MEM_DCACHELINE width setting
    - LP: #1552180
  * powerpc/perf: Remove PPMU_HAS_SSLOT flag for Power8
    - LP: #1552180
  * umount: Do not allow unmounting rootfs.
    - LP: #1552180
  * crypto: algif_skcipher - Require setkey before accept(2)
    - LP: #1552180
  * crypto: algif_skcipher - Add nokey compatibility path
    - LP: #1552180
  * crypto: algif_hash - Require setkey before accept(2)
    - LP: #1552180
  * crypto: skcipher - Add crypto_skcipher_has_setkey
    - LP: #1552180
  * crypto: algif_skcipher - Add key check exception for cipher_null
    - LP: #1552180
  * crypto: algif_hash - Remove custom release parent function
    - LP: #1552180
  * crypto: algif_skcipher - Remove custom release parent function
    - LP: #1552180
  * crypto: algif_hash - Fix race condition in hash_check_key
    - LP: #1552180
  * crypto: algif_skcipher - Fix race condition in skcipher_check_key
    - LP: #1552180
  * iio: add HAS_IOMEM dependency to VF610_ADC
    - LP: #1552180
  * iio: dac: mcp4725: set iio name property in sysfs
    - LP: #1552180
  * ASoC: rt5645: fix the shift bit of IN1 boost
    - LP: #1552180
  * cgroup: make sure a parent css isn't offlined before its children
    - LP: #1552180
  * PCI/AER: Flush workqueue on device remove to avoid use-after-free
    - LP: #1552180
  * libata: disable forced PORTS_IMPL for >= AHCI 1.3
    - LP: #1552180
  * mac80211: Requeue work after scan complete for all VIF types.
    - LP: #1552180
  * rfkill: fix rfkill_fop_read wait_event usage
    - LP: #1552180
  * crypto: shash - Fix has_key setting
    - LP: #1552180
  * drm/i915/dp: fall back to 18 bpp when sink capability is unknown
    - LP: #1552180
  * target: Fix WRITE_SAME/DISCARD conversion to linux 512b sectors
    - LP: #1552180
  * crypto: algif_hash - wait for crypto_ahash_init() to complete
    - LP: #1552180
  * iio: inkern: fix a NULL dereference on error
    - LP: #1552180
  * iio: pressure: mpl115: fix temperature offset sign
    - LP: #1552180
  * intel_scu_ipcutil: underflow in scu_reg_access()
    - LP: #1552180
  * ALSA: seq: Fix race at closing in virmidi driver
    - LP: #1552180
  * ALSA: rawmidi: Remove kernel WARNING for NULL user-space buffer check
    - LP: #1552180
  * ALSA: pcm: Fix potential deadlock in OSS emulation
    - LP: #1552180
  * ALSA: seq: Fix yet another races among ALSA timer accesses
    - LP: #1552180
  * ALSA: timer: Code cleanup
    - LP: #1552180
  * ALSA: timer: Fix link corruption due to double start or stop
    - LP: #1552180
  * libata: fix sff host state machine locking while polling
    - LP: #1552180
  * MIPS: Fix buffer overflow in syscall_get_arguments()
    - LP: #1552180
  * cputime: Prevent 32bit overflow in time[val|spec]_to_cputime()
    - LP: #1552180
  * ASoC: dpcm: fix the BE state on hw_free
    - LP: #1552180
  * module: wrapper for symbol name.
    - LP: #1552180
  * ALSA: hda - Add fixup for Mac Mini 7,1 model
    - LP: #1552180
  * ALSA: rawmidi: Make snd_rawmidi_transmit() race-free
    - LP: #1552180
  * ALSA: rawmidi: Fix race at copying & updating the position
    - LP: #1552180
  * ALSA: seq: Fix lockdep warnings due to double mutex locks
    - LP: #1552180
  * drivers/scsi/sg.c: mark VMA as VM_IO to prevent migration
    - LP: #1552180
  * radix-tree: fix race in gang lookup
    - LP: #1552180
  * usb: xhci: apply XHCI_PME_STUCK_QUIRK to Intel Broxton-M platforms
    - LP: #1552180
  * xhci: Fix list corruption in urb dequeue at host removal
    - LP: #1552180
  * [media] tda1004x: only update the frontend properties if locked
    - LP: #1552180
  * ALSA: timer: Fix leftover link at closing
    - LP: #1552180
  * [media] saa7134-alsa: Only frees registered sound cards
    - LP: #1552180
  * Btrfs: fix hang on extent buffer lock caused by the inode_paths ioctl
    - LP: #1552180
  * scsi_dh_rdac: always retry MODE SELECT on command lock violation
    - LP: #1552180
  * SCSI: Add Marvell Console to VPD blacklist
    - LP: #1552180
  * drm: Add drm_fixp_from_fraction and drm_fixp2int_ceil
    - LP: #1552180
  * ALSA: hda - Fix static checker warning in patch_hdmi.c
    - LP: #1552180
  * dump_stack: avoid potential deadlocks
    - LP: #1552180
  * mm, vmstat: fix wrong WQ sleep when memory reclaim doesn't make any
    progress
    - LP: #1552180
  * ocfs2/dlm: clear refmap bit of recovery lock while doing local recovery
    cleanup
    - LP: #1552180
  * mm: replace vma_lock_anon_vma with anon_vma_lock_read/write
    - LP: #1552180
  * radix-tree: fix oops after radix_tree_iter_retry
    - LP: #1552180
  * crypto: user - lock crypto_alg_list on alg dump
    - LP: #1552180
  * serial: omap: Prevent DoS using unprivileged ioctl(TIOCSRS485)
    - LP: #1552180
  * pty: fix possible use after free of tty->driver_data
    - LP: #1552180
  * pty: make sure super_block is still valid in final /dev/tty close
    - LP: #1552180
  * ALSA: hda - Fix speaker output from VAIO AiO machines
    - LP: #1552180
  * klist: fix starting point removed bug in klist iterators
    - LP: #1552180
  * ALSA: dummy: Implement timer backend switching more safely
    - LP: #1552180
  * ALSA: timer: Fix wrong instance passed to slave callbacks
    - LP: #1552180
  * ARM: 8517/1: ICST: avoid arithmetic overflow in icst_hz()
    - LP: #1552180
  * ALSA: timer: Fix race between stop and interrupt
    - LP: #1552180
  * ALSA: timer: Fix race at concurrent reads
    - LP: #1552180
  * phy: twl4030-usb: Relase usb phy on unload
    - LP: #1552180
  * ahci: Intel DNV device IDs SATA
    - LP: #1552180
  * workqueue: handle NUMA_NO_NODE for unbound pool_workqueue lookup
    - LP: #1552180
  * drm/radeon: hold reference to fences in radeon_sa_bo_new
    - LP: #1552180
  * ARM: 8519/1: ICST: try other dividends than 1
    - LP: #1552180
  * btrfs: properly set the termination value of ctx->pos in readdir
    - LP: #1552180
  * net: phy: Fix phy_mac_interrupt()
    - LP: #1552180
  * af_unix: fix struct pid memory leak
    - LP: #1552180
  * pptp: fix illegal memory access caused by multiple bind()s
    - LP: #1552180
  * sctp: allow setting SCTP_SACK_IMMEDIATELY by the application
    - LP: #1552180
  * netlink: not trim skb for mmaped socket when dump
    - LP: #1552180
  * unix: correctly track in-flight fds in sending process user_struct
    - LP: #1552180
  * ipv6: fix a lockdep splat
    - LP: #1552180
  * sctp: translate network order to host order when users get a hmacid
    - LP: #1552180
  * IB/mlx5: Fix RC transport send queue overhead computation
    - LP: #1552180
  * pipe: limit the per-user amount of pages allocated in pipes
    - LP: #1552180
  * net: phy: fix PHY_RUNNING in phy_state_machine
    - LP: #1552180
  * net: phy: Avoid polling PHY with PHY_IGNORE_INTERRUPTS
    - LP: #1552180
  * Linux 3.16.7-ckt25
    - LP: #1552180
  * net: generic dev_disable_lro() stacked device handling
    - LP: #1547680
  * seccomp: cap SECCOMP_RET_ERRNO data to MAX_ERRNO
    - LP: #1496073
  * sched/numa: Fix unsafe get_task_struct() in task_numa_assign()
    - LP: #1527643
  * sched/numa: Fix use-after-free bug in the task_numa_compare
    - LP: #1527643

 -- Brad Figg <brad.figg@xxxxxxxxxxxxx>  Thu, 17 Mar 2016 12:44:45 -0700

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1496073

Title:
  Request cherry-pick of upstream kernel patch which caps
  SECCOMP_RET_ERRNO to MAX_ERRNO

Status in linux package in Ubuntu:
  Invalid
Status in linux-lts-utopic package in Ubuntu:
  New
Status in linux source package in Trusty:
  Fix Released
Status in linux-lts-utopic source package in Trusty:
  Fix Released
Status in linux source package in Vivid:
  Fix Released

Bug description:
  The seccomp regression tests are failing due to SRU kernels not having
  the relevant commit:

  Author: Kees Cook <keescook@xxxxxxxxxxxx>
  Date:   Tue Feb 17 13:48:00 2015 -0800

      seccomp: cap SECCOMP_RET_ERRNO data to MAX_ERRNO

      The value resulting from the SECCOMP_RET_DATA mask could exceed MAX_ERRNO
      when setting errno during a SECCOMP_RET_ERRNO filter action.  This makes
      sure we have a reliable value being set, so that an invalid errno will not
      be ignored by userspace.

      Signed-off-by: Kees Cook <keescook@xxxxxxxxxxxx>
      Reported-by: Dmitry V. Levin <ldv@xxxxxxxxxxxx>
      Cc: Andy Lutomirski <luto@xxxxxxxxxxxxxx>
      Cc: Will Drewry <wad@xxxxxxxxxxxx>
      Signed-off-by: Andrew Morton <akpm@xxxxxxxxxxxxxxxxxxxx>
      Signed-off-by: Linus Torvalds <torvalds@xxxxxxxxxxxxxxxxxxxx>

  SRU Justification

      Impact:
          Upstream regression tests are reporting errors.

      Test Case:
          Run the upstream regression tests and verify they are passing
          cleanly.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1496073/+subscriptions


References