← Back to team overview

kernel-packages team mailing list archive

[Bug 1566505] Re: User namespace mount updates


This bug was fixed in the package linux - 4.4.0-18.34

linux (4.4.0-18.34) xenial; urgency=low

  [ Tim Gardner ]

  * Release Tracking Bug
    - LP: #1566868

  * [i915_bpo] Fix RC6 on SKL GT3 & GT4 (LP: #1564759)
    - SAUCE: i915_bpo: drm/i915/skl: Fix rc6 based gpu/system hang
    - SAUCE: i915_bpo: drm/i915/skl: Fix spurious gpu hang with gt3/gt4 revs

  * CONFIG_ARCH_ROCKCHIP not enabled in armhf generic kernel (LP: #1566283)

  * [Feature] Memory Bandwidth Monitoring (LP: #1397880)
    - perf/x86/cqm: Fix CQM handling of grouping events into a cache_group
    - perf/x86/cqm: Fix CQM memory leak and notifier leak
    - x86/cpufeature: Carve out X86_FEATURE_*
    - Merge branch 'timers-core-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip
    - x86/topology: Create logical package id
    - perf/x86/mbm: Add Intel Memory B/W Monitoring enumeration and init
    - perf/x86/mbm: Add memory bandwidth monitoring event management
    - perf/x86/mbm: Implement RMID recycling
    - perf/x86/mbm: Add support for MBM counter overflow handling

  * User namespace mount updates (LP: #1566505)
    - SAUCE: quota: Require that qids passed to dqget() be valid and map into s_user_ns
    - SAUCE: fs: Allow superblock owner to change ownership of inodes with unmappable ids
    - SAUCE: fuse: Don't initialize user_id or group_id in mount options
    - SAUCE: cgroup: Use a new super block when mounting in a cgroup namespace
    - SAUCE: fs: fix a posible leak of allocated superblock

  * [arm64] kernel BUG at /build/linux-StrpB2/linux-4.4.0/fs/ext4/inode.c:2394!
    (LP: #1566518)
    - arm64: Honour !PTE_WRITE in set_pte_at() for kernel mappings
    - arm64: Update PTE_RDONLY in set_pte_at() for PROT_NONE permission

  * [Feature]USB core and xHCI tasks for USB 3.1 SuperSpeedPlus (SSP) support
    for Alpine Ridge on SKL (LP: #1519623)
    - usb: define USB_SPEED_SUPER_PLUS speed for SuperSpeedPlus USB3.1 devices
    - usb: set USB 3.1 roothub device speed to USB_SPEED_SUPER_PLUS
    - usb: show speed "10000" in sysfs for USB 3.1 SuperSpeedPlus devices
    - usb: add device descriptor for usb 3.1 root hub
    - usb: Support USB 3.1 extended port status request
    - xhci: Make sure xhci handles USB_SPEED_SUPER_PLUS devices.
    - xhci: set roothub speed to USB_SPEED_SUPER_PLUS for USB3.1 capable controllers
    - xhci: USB 3.1 add default Speed Attributes to SuperSpeedPlus device capability
    - xhci: set slot context speed field to SuperSpeedPlus for USB 3.1 SSP devices
    - usb: Add USB3.1 SuperSpeedPlus Isoc Endpoint Companion descriptor
    - usb: Parse the new USB 3.1 SuperSpeedPlus Isoc endpoint companion descriptor
    - usb: Add USB 3.1 Precision time measurement capability descriptor support
    - xhci: refactor and cleanup endpoint initialization.
    - xhci: Add SuperSpeedPlus high bandwidth isoc support to xhci endpoints
    - xhci: cleanup isoc tranfers queuing code
    - xhci: Support extended burst isoc TRB structure used by xhci 1.1 for USB 3.1
    - SAUCE: (noup) usb: fix regression in SuperSpeed endpoint descriptor parsing

  * wrong/missing permissions for device file /dev/prandom (prng.ko)
    (LP: #1558275)
    - s390/crypto: provide correct file mode at device register.

  * The Front MIC jack can't work on a HP desktop machine (LP: #1564712)
    - ALSA: hda - fix front mic problem for a HP desktop

  * HP Notebook Probook 440 G3  HDA Intel PCH horrible sounds while booting
    (LP: #1556228)
    - ALSA: hda - Apply reboot D3 fix for CX20724 codec, too

  * please provide mmc-modules udeb (LP: #1565765)
    - [Config] Add mmc block drivers to d-i

  * linux: Enforce signed module loading when UEFI secure boot (LP: #1566221)
    - Add secure_modules() call
    - PCI: Lock down BAR access when module security is enabled
    - x86: Lock down IO port access when module security is enabled
    - ACPI: Limit access to custom_method
    - asus-wmi: Restrict debugfs interface when module loading is restricted
    - Restrict /dev/mem and /dev/kmem when module loading is restricted
    - acpi: Ignore acpi_rsdp kernel parameter when module loading is restricted
    - kexec: Disable at runtime if the kernel enforces module loading restrictions
    - x86: Restrict MSR access when module loading is restricted
    - Add option to automatically enforce module signatures when in Secure Boot mode
    - efi: Make EFI_SECURE_BOOT_SIG_ENFORCE depend on EFI
    - efi: Add EFI_SECURE_BOOT bit
    - hibernate: Disable in a signed modules environment

  * [Hyper-V] Additional PCI passthrough commits (LP: #1565967)
    - PCI: Add fwnode_handle to x86 pci_sysdata
    - PCI: Look up IRQ domain by fwnode_handle
    - [Config] CONFIG_PCI_HYPERV=m
    - PCI: hv: Add paravirtual PCI front-end for Microsoft Hyper-V VMs

  * [Bug]Lenovo Yoga 260 and Carbon X1 4th gen freeze on HWP enable
    (LP: #1559923)
    - ACPI / processor: Request native thermal interrupt handling via _OSC

  * Sync kernel zfs - align with zfsutils-linux and spl packages
    (LP: #1564591)
    - SAUCE: (noup) Update spl to, zfs to

  * [Ubuntu 16.04.1] RELEASE and ACQUIRE atomics on Power (LP: #1556096)
    - atomics: Allow architectures to define their own __atomic_op_* helpers
    - powerpc: atomic: Implement atomic{, 64}_*_return_* variants
    - powerpc: atomic: Implement acquire/release/relaxed variants for xchg
    - powerpc: atomic: Implement acquire/release/relaxed variants for cmpxchg

  * fix for do_tools_cpupower when cross-compiling (LP: #1564206)
    - [Debian] cpupower uses non-standard CROSS

  * ISST:LTE: Regression: roselp2 Oops in kernel during setup io (LP: #1546439)
    - SAUCE: block: partition: initialize percpuref before sending out KOBJ_ADD

  * Unable to migrate container (LP: #1563921)
    - SAUCE: cgroup mount: ignore nsroot=

  * [Hyper-V] patch inclusion in 16.04 for NIC hot add/remove (LP: #1563688)
    - hv_netvsc: Move subchannel waiting to rndis_filter_device_remove()

  * /proc/$pid/maps performance regression (LP: #1547231)
    - proc: revert /proc/<pid>/maps [stack:TID] annotation

  * TPM2.0 trusted keys fixes (LP: #1398274)
    - tpm: remove unneeded include of actbl2.h
    - tpm: fix checks for policy digest existence in tpm2_seal_trusted()
    - tpm_crb: Use the common ACPI definition of struct acpi_tpm2
    - tpm_tis: Disable interrupt auto probing on a per-device basis
    - tpm_tis: Do not fall back to a hardcoded address for TPM2
    - tpm_tis: Use devm_ioremap_resource
    - tpm_tis: Clean up the force=1 module parameter
    - tpm_crb: Drop le32_to_cpu(ioread32(..))
    - tpm_crb: Use devm_ioremap_resource
    - tpm: fix the rollback in tpm_chip_register()
    - tpm: fix the cleanup of struct tpm_chip
    - tpm: fix: set continueSession attribute for the unseal operation
    - tpm: fix: return rc when devm_add_action() fails
    - tpm_eventlog.c: fix binary_bios_measurements
    - tpm_crb/tis: fix: use dev_name() for /proc/iomem
    - tpm_crb: tpm2_shutdown() must be called before tpm_chip_unregister()
    - tpm_tis: fix build warning with tpm_tis_resume

  * [Feature]intel_idle driver support for Knights Landing (LP: #1461365)
    - intel_idle: Support for Intel Xeon Phi Processor x200 Product Family

  * cxlflash: Backport upstream cxlflash commits and submitting a noup patch to
    Xenial (LP: #1563485)
    - cxlflash: Fix to avoid unnecessary scan with internal LUNs
    - cxlflash: Increase cmd_per_lun for better throughput
    - SAUCE: (noup) cxlflash: Move to exponential back-off when cmd_room is not available

  * Miscellaneous Ubuntu changes
    - [Config] do_zfs_powerpc64-smp  = true
    - [Debian] fix linux_tools when cross-compiling
    - [Config] do_zfs_powerpc64-smp use default value
    - SAUCE: apparmor: Fix FTBFS due to bad include path
    - SAUCE: i915_bpo: Disable preliminary hw support

 -- Tim Gardner <tim.gardner@xxxxxxxxxxxxx>  Tue, 29 Mar 2016 15:31:33

** Changed in: linux (Ubuntu Xenial)
       Status: Fix Committed => Fix Released

You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.

  User namespace mount updates

Status in linux package in Ubuntu:
  Fix Released
Status in linux source package in Xenial:
  Fix Released

Bug description:
  These commits bring xenial up to date wrt my branch for upstream. Most
  of the changes here are in response to upstream feedback. At a high
  level the changes are:

   - A small improvement to the quota code, then disallow enabling quota
     for mounts from non-init user namespaces. Since quota in non-init
     namespaces isn't a requirement in 16.04 we're better off disabling it
     until we know for sure how it will be handled upstream. However ext4
     might temporarily enable quota during mount if recovering from an
     unclean unmount, so the kernel needs to be able to handle it.

   - Revert the way capabilities are determined for inodes in userns
     mounts back to how it is upstream, i.e. based on both capabilities
     and inode ownership, but allow a privileged user in s_user_ns to
     chown if the id being changed is invalid and the other id is either
     invalid or an id mapped into s_user_ns. This gives the mounter
     control over inodes with unmappable ids while making it safe to have
     s_user_ns != &init_user_ns for proc and kernfs-based mounts.

   - Fix an incompatibility between cgroup namespaces and user namespace
     mounts. Previously this was fixed as a side effect of another patch,
     but that patch is being reverted.

   - Remove a needless mount option initialization in fuse.

   - Fix a resource leak for an error path in sget_userns().

To manage notifications about this bug go to: