kernel-packages team mailing list archive
-
kernel-packages team
-
Mailing list archive
-
Message #177445
[Bug 1556562] Re: VIA C7-D machine "kernel NULL pointer dereference" in skcipher_recvmsg_async
This bug was fixed in the package linux - 4.2.0-36.41
---------------
linux (4.2.0-36.41) wily; urgency=low
[ Kamal Mostafa ]
* Release Tracking Bug
- LP: #1571667
[ Benjamin Tissoires ]
* SAUCE: Input: synaptics - handle spurious release of trackstick
buttons, again
- LP: #1553811
[ dann frazier ]
* Revert "SAUCE: arm64, numa, dt: adding dt based numa support using dt
node property arm, associativity"
- LP: #1558828
* Revert "SAUCE: Documentation: arm64/arm: dt bindings for numa."
- LP: #1558828
* Revert "SAUCE: arm64, numa: adding numa support for arm64 platforms."
- LP: #1558828
* Revert "[Config] Enable NUMA on ARM64"
- LP: #1558828
[ K. Y. Srinivasan ]
* SAUCE: (noup): Drivers: hv: vmbus: Fix a bug in
hv_need_to_signal_on_read()
- LP: #1556264
[ Kamal Mostafa ]
* [debian] BugLink: close LP: bugs only for Launchpad urls
* [Config] updateconfigs after v4.2.8-ckt7
[ Upstream Kernel Changes ]
* Revert "jffs2: Fix lock acquisition order bug in jffs2_write_begin"
- LP: #1561677
* tipc: fix connection abort during subscription cancel
- LP: #1561677
* tipc: fix nullptr crash during subscription cancel
- LP: #1561677
* s390/mm: four page table levels vs. fork
- LP: #1561677
* Input: aiptek - fix crash on detecting device without endpoints
- LP: #1561677
* wext: fix message delay/ordering
- LP: #1561677
* cfg80211/wext: fix message ordering
- LP: #1561677
* mac80211: fix use of uninitialised values in RX aggregation
- LP: #1561677
* mac80211: minstrel: Change expected throughput unit back to Kbps
- LP: #1561677
* libata: fix HDIO_GET_32BIT ioctl
- LP: #1561677
* iwlwifi: mvm: inc pending frames counter also when txing non-sta
- LP: #1561677
* [media] adv7604: fix tx 5v detect regression
- LP: #1561677
* ahci: add new Intel device IDs
- LP: #1561677
* ahci: Order SATA device IDs for codename Lewisburg
- LP: #1561677
* Adding Intel Lewisburg device IDs for SATA
- LP: #1561677
* ASoC: samsung: Use IRQ safe spin lock calls
- LP: #1561677
* mac80211: minstrel_ht: set default tx aggregation timeout to 0
- LP: #1561677
* usb: chipidea: otg: change workqueue ci_otg as freezable
- LP: #1561677
* jffs2: Fix page lock / f->sem deadlock
- LP: #1561677
* Fix directory hardlinks from deleted directories
- LP: #1561677
* iommu/amd: Fix boot warning when device 00:00.0 is not iommu covered
- LP: #1561677
* iommu/amd: Apply workaround for ATS write permission check
- LP: #1561677
* libata: Align ata_device's id on a cacheline
- LP: #1561677
* can: gs_usb: fixed disconnect bug by removing erroneous use of kfree()
- LP: #1561677
* fbcon: set a default value to blink interval
- LP: #1561677
* KVM: x86: fix root cause for missed hardware breakpoints
- LP: #1561677
* arm64: vmemmap: use virtual projection of linear region
- LP: #1561677
* vfio: fix ioctl error handling
- LP: #1561677
* ALSA: ctl: Fix ioctls for X32 ABI
- LP: #1561677
* ALSA: pcm: Fix ioctls for X32 ABI
- LP: #1561677
* ALSA: rawmidi: Fix ioctls X32 ABI
- LP: #1561677
* ALSA: timer: Fix broken compat timer user status ioctl
- LP: #1561677
* ALSA: timer: Fix ioctls for X32 ABI
- LP: #1561677
* cifs: fix out-of-bounds access in lease parsing
- LP: #1561677
* CIFS: Fix SMB2+ interim response processing for read requests
- LP: #1561677
* Fix cifs_uniqueid_to_ino_t() function for s390x
- LP: #1561677
* arm/arm64: KVM: Fix ioctl error handling
- LP: #1561677
* MIPS: kvm: Fix ioctl error handling.
- LP: #1561677
* ALSA: hdspm: Fix wrong boolean ctl value accesses
- LP: #1561677
* ALSA: hdspm: Fix zero-division
- LP: #1561677
* ALSA: hdsp: Fix wrong boolean ctl value accesses
- LP: #1561677
* use ->d_seq to get coherency between ->d_inode and ->d_flags
- LP: #1561677
* USB: qcserial: add Dell Wireless 5809e Gobi 4G HSPA+ (rev3)
- LP: #1561677
* USB: cp210x: Add ID for Parrot NMEA GPS Flight Recorder
- LP: #1561677
* ASoC: dapm: Fix ctl value accesses in a wrong type
- LP: #1561677
* ASoC: wm8958: Fix enum ctl accesses in a wrong type
- LP: #1561677
* ASoC: wm8994: Fix enum ctl accesses in a wrong type
- LP: #1561677
* ASoC: wm_adsp: Fix enum ctl accesses in a wrong type
- LP: #1561677
* USB: serial: option: add support for Telit LE922 PID 0x1045
- LP: #1561677
* USB: serial: option: add support for Quectel UC20
- LP: #1561677
* ALSA: usb-audio: Add a quirk for Plantronics DA45
- LP: #1561677
* mac80211: check PN correctly for GCMP-encrypted fragmented MPDUs
- LP: #1561677
* mac80211: Fix Public Action frame RX in AP mode
- LP: #1561677
* i2c: brcmstb: allocate correct amount of memory for regmap
- LP: #1561677
* ALSA: seq: oss: Don't drain at closing a client
- LP: #1561677
* parisc: Fix ptrace syscall number and return value modification
- LP: #1561677
* drm/ast: Fix incorrect register check for DRAM width
- LP: #1561677
* USB: qcserial: add Sierra Wireless EM74xx device ID
- LP: #1561677
* drm/amdgpu/pm: update current crtc info after setting the powerstate
- LP: #1561677
* drm/radeon/pm: update current crtc info after setting the powerstate
- LP: #1561677
* drm/amdgpu: return from atombios_dp_get_dpcd only when error
- LP: #1561677
* PM / sleep / x86: Fix crash on graph trace through x86 suspend
- LP: #1561677
* ALSA: hda - Fix mic issues on Acer Aspire E1-472
- LP: #1561677
* ovl: fix working on distributed fs as lower layer
- LP: #1561677
* ovl: fix getcwd() failure after unsuccessful rmdir
- LP: #1561677
* ovl: ignore lower entries when checking purity of non-directory entries
- LP: #1561677
* MIPS: traps: Fix SIGFPE information leak from `do_ov' and
`do_trap_or_bp'
- LP: #1561677
* ubi: Fix out of bounds write in volume update code
- LP: #1561677
* target: Drop incorrect ABORT_TASK put for completed commands
- LP: #1561677
* ARM: OMAP2+: hwmod: Introduce ti,no-idle dt property
- LP: #1561677
* ARM: dts: dra7: do not gate cpsw clock due to errata i877
- LP: #1561677
* PCI: Allow a NULL "parent" pointer in pci_bus_assign_domain_nr()
- LP: #1561677
* KVM: PPC: Book3S HV: Sanitize special-purpose register values on guest
exit
- LP: #1561677
* ncpfs: fix a braino in OOM handling in ncp_fill_cache()
- LP: #1561677
* jffs2: reduce the breakage on recovery from halfway failed rename()
- LP: #1561677
* KVM: VMX: disable PEBS before a guest entry
- LP: #1561677
* arm64: account for sparsemem section alignment when choosing vmemmap
offset
- LP: #1561677
* tracing: Fix check for cpu online when event is disabled
- LP: #1561677
* KVM: MMU: fix ept=0/pte.u=1/pte.w=0/CR0.WP=0/CR4.SMEP=1/EFER.NX=0 combo
- LP: #1561677
* dmaengine: at_xdmac: fix residue computation
- LP: #1561677
* MIPS: Fix build error when SMP is used without GIC
- LP: #1561677
* IB/core: Use GRH when the path hop-limit > 0
- LP: #1561677
* dmaengine: pxa_dma: fix cyclic transfers
- LP: #1561677
* MIPS: smp.c: Fix uninitialised temp_foreign_map
- LP: #1561677
* tcp: fix tcpi_segs_in after connection establishment
- LP: #1561677
* be2net: Don't leak iomapped memory on removal.
- LP: #1561677
* tcp: convert cached rtt from usec to jiffies when feeding initial rto
- LP: #1561677
* ext4: iterate over buffer heads correctly in move_extent_per_page()
- LP: #1561677
* ppp: release rtnl mutex when interface creation fails
- LP: #1561677
* net/mlx4_core: Allow resetting VF admin mac to zero
- LP: #1561677
* ipv6: re-enable fragment header matching in ipv6_find_hdr
- LP: #1561677
* net/mlx5e: Remove wrong poll CQ optimization
- LP: #1561677
* cdc_ncm: do not call usbnet_link_change from cdc_ncm_bind
- LP: #1561677
* net: qca_spi: Don't clear IFF_BROADCAST
- LP: #1561677
* net: moxa: fix an error code
- LP: #1561677
* mld, igmp: Fix reserved tailroom calculation
- LP: #1561677
* Linux 4.2.8-ckt6
- LP: #1561677
* (upstream) net/mlx5e: Avoid NULL pointer access in case of
configuration failure
- LP: #1528466
* PCI: Disable IO/MEM decoding for devices with non-compliant BARs
- LP: #1559929
* x86/PCI: Mark Broadwell-EP Home Agent & PCU as having non-compliant
BARs
- LP: #1559929
* fuse: do not use iocb after it may have been freed
- LP: #1505948
* fuse: Add reference counting for fuse_io_priv
- LP: #1505948
* intel_idle: prevent SKL-H boot failure when C8+C9+C10 enabled
- LP: #1559918
* crypto: skcipher - Add crypto_skcipher_has_setkey
- LP: #1556562
* crypto: algif_skcipher - Add key check exception for cipher_null
- LP: #1556562
* crypto: algif_skcipher - Do not assume that req is unchanged
- LP: #1556562
* crypto: algif_skcipher - Do not dereference ctx without socket lock
- LP: #1556562
* proc: revert /proc/<pid>/maps [stack:TID] annotation
- LP: #1547231
* ACPI / processor: Request native thermal interrupt handling via _OSC
- LP: #1559923
* gpiolib: do not allow to insert an empty gpiochip
- LP: #1566544
* gpio: add a data pointer to gpio_chip
- LP: #1566544
* gpio: rcar: Add Runtime PM handling for interrupts
- LP: #1566544
* ipv4: Don't do expensive useless work during inetdev destroy.
- LP: #1566544
* Input: powermate - fix oops with malicious USB descriptors
- LP: #1566544
* USB: iowarrior: fix oops with malicious USB descriptors
- LP: #1566544
* ALSA: usb-audio: Fix NULL dereference in create_fixed_stream_quirk()
- LP: #1566544
* ALSA: usb-audio: Add sanity checks for endpoint accesses
- LP: #1566544
* include/linux/poison.h: fix LIST_POISON{1,2} offset
- LP: #1566544
* Input: ati_remote2 - fix crashes on detecting device with invalid
descriptor
- LP: #1566544
* USB: cdc-acm: more sanity checking
- LP: #1566544
* drm/i915: Workaround CHV pipe C cursor fail
- LP: #1566544
* EDAC, amd64_edac: Shift wrapping issue in f1x_get_norm_dct_addr()
- LP: #1566544
* crypto: ccp - Add hash state import and export support
- LP: #1566544
* clk: rockchip: add pclk_cpu to the list of rk3188 critical clocks
- LP: #1566544
* clk: rockchip: Add pclk_peri to critical clocks on RK3066/RK3188
- LP: #1566544
* clk: rockchip: add hclk_cpubus to the list of rk3188 critical clocks
- LP: #1566544
* tty: Fix GPF in flush_to_ldisc(), part 2
- LP: #1566544
* media: v4l2-compat-ioctl32: fix missing length copy in
put_v4l2_buffer32
- LP: #1566544
* pwc: Add USB id for Philips Spc880nc webcam
- LP: #1566544
* crypto: ccp - Limit the amount of information exported
- LP: #1566544
* crypto: ccp - Don't assume export/import areas are aligned
- LP: #1566544
* 8250: use callbacks to access UART_DLL/UART_DLM
- LP: #1566544
* net: irda: Fix use-after-free in irtty_open()
- LP: #1566544
* mei: bus: check if the device is enabled before data transfer
- LP: #1566544
* staging: comedi: ni_tiocmd: change mistaken use of start_src for
start_arg
- LP: #1566544
* tools/hv: Use include/uapi with __EXPORTED_HEADERS__
- LP: #1566544
* tpm: fix the rollback in tpm_chip_register()
- LP: #1566544
* tpm: fix the cleanup of struct tpm_chip
- LP: #1566544
* ARM: dts: armada-375: use armada-370-sata for SATA
- LP: #1566544
* usb: retry reset if a device times out
- LP: #1566544
* HID: fix hid_ignore_special_drivers module parameter
- LP: #1566544
* scripts/coccinelle: modernize &
- LP: #1566544
* adv7511: TX_EDID_PRESENT is still 1 after a disconnect
- LP: #1566544
* saa7134: Fix bytesperline not being set correctly for planar formats
- LP: #1566544
* tpm_crb: tpm2_shutdown() must be called before tpm_chip_unregister()
- LP: #1566544
* perf tools: Dont stop PMU parsing on alias parse error
- LP: #1566544
* Bluetooth: btusb: Add new AR3012 ID 13d3:3395
- LP: #1542564, #1566544
* Bluetooth: Add new AR3012 ID 0489:e095
- LP: #1542944, #1566544
* aacraid: Fix RRQ overload
- LP: #1566544
* aacraid: Fix memory leak in aac_fib_map_free
- LP: #1566544
* aic7xxx: Fix queue depth handling
- LP: #1566544
* mtd: onenand: fix deadlock in onenand_block_markbad
- LP: #1566544
* md/raid5: Compare apples to apples (or sectors to sectors)
- LP: #1566544
* RAID5: check_reshape() shouldn't call mddev_suspend
- LP: #1566544
* RAID5: revert e9e4c377e2f563 to fix a livelock
- LP: #1566544
* crypto: ccp - memset request context to zero during import
- LP: #1566544
* Bluetooth: btusb: Add a new AR3012 ID 04ca:3014
- LP: #1546694, #1566544
* mmc: sdhci: fix data timeout (part 1)
- LP: #1566544
* mmc: sdhci: fix data timeout (part 2)
- LP: #1566544
* perf tools: Fix python extension build
- LP: #1566544
* IB/srpt: Simplify srpt_handle_tsk_mgmt()
- LP: #1566544
* bttv: Width must be a multiple of 16 when capturing planar formats
- LP: #1566544
* watchdog: rc32434_wdt: fix ioctl error handling
- LP: #1566544
* nfsd4: fix bad bounds checking
- LP: #1566544
* xfs: fix two memory leaks in xfs_attr_list.c error paths
- LP: #1566544
* quota: Fix possible GPF due to uninitialised pointers
- LP: #1566544
* mtip32xx: Fix broken service thread handling
- LP: #1566544
* mtip32xx: Remove unwanted code from taskfile error handler
- LP: #1566544
* mtip32xx: Print exact time when an internal command is interrupted
- LP: #1566544
* mtip32xx: Avoid issuing standby immediate cmd during FTL rebuild
- LP: #1566544
* mtip32xx: Fix for rmmod crash when drive is in FTL rebuild
- LP: #1566544
* mtip32xx: Handle safe removal during IO
- LP: #1566544
* mtip32xx: Handle FTL rebuild failure state during device initialization
- LP: #1566544
* of: alloc anywhere from memblock if range not specified
- LP: #1566544
* usb: hub: fix a typo in hub_port_init() leading to wrong logic
- LP: #1566544
* KVM: i8254: change PIT discard tick policy
- LP: #1566544
* sched/cputime: Fix steal time accounting vs. CPU hotplug
- LP: #1566544
* libnvdimm: Fix security issue with DSM IOCTL.
- LP: #1566544
* rt2x00: add new rt2800usb device Buffalo WLI-UC-G450
- LP: #1566544
* pinctrl-bcm2835: Fix cut-and-paste error in "pull" parsing
- LP: #1566544
* perf/core: Fix perf_sched_count derailment
- LP: #1566544
* perf/x86/intel: Use PAGE_SIZE for PEBS buffer size on Core2
- LP: #1566544
* perf/x86/intel: Fix PEBS warning by only restoring active PMU in pmi
- LP: #1566544
* sched/cputime: Fix steal_account_process_tick() to always return
jiffies
- LP: #1566544
* bcache: fix race of writeback thread starting before complete
initialization
- LP: #1566544
* bcache: cleaned up error handling around register_cache()
- LP: #1566544
* bcache: fix cache_set_flush() NULL pointer dereference on OOM
- LP: #1566544
* be2iscsi: set the boot_kset pointer to NULL in case of failure
- LP: #1566544
* md/raid5: preserve STRIPE_PREREAD_ACTIVE in break_stripe_batch_list
- LP: #1566544
* drm/radeon: Don't drop DP 2.7 Ghz link setup on some cards.
- LP: #1566544
* sg: fix dxferp in from_to case
- LP: #1566544
* jbd2: fix FS corruption possibility in jbd2_journal_destroy() on umount
path
- LP: #1566544
* ALSA: hda - Apply reboot D3 fix for CX20724 codec, too
- LP: #1566544
* EDAC/sb_edac: Fix computation of channel address
- LP: #1566544
* Bluetooth: btusb: Add a new AR3012 ID 13d3:3472
- LP: #1552925, #1566544
* ALSA: pcm: Avoid "BUG:" string for warnings again
- LP: #1566544
* dm snapshot: disallow the COW and origin devices from being identical
- LP: #1566544
* dm thin metadata: don't issue prefetches if a transaction abort has
failed
- LP: #1566544
* dm cache: make sure every metadata function checks fail_io
- LP: #1566544
* iser-target: Fix identification of login rx descriptor type
- LP: #1566544
* iser-target: Add new state ISER_CONN_BOUND to isert_conn
- LP: #1566544
* iser-target: Separate flows for np listeners and connections cma events
- LP: #1566544
* ALSA: hda - fix the mic mute button and led problem for a Lenovo AIO
- LP: #1555912, #1566544
* xtensa: ISS: don't hang if stdin EOF is reached
- LP: #1566544
* xtensa: fix preemption in {clear,copy}_user_highpage
- LP: #1566544
* xtensa: clear all DBREAKC registers on start
- LP: #1566544
* Bluetooth: Fix potential buffer overflow with Add Advertising
- LP: #1566544
* ARC: [BE] readl()/writel() to work in Big Endian CPU configuration
- LP: #1566544
* bus: imx-weim: Take the 'status' property value into account
- LP: #1566544
* ALSA: intel8x0: Add clock quirk entry for AD1981B on IBM ThinkPad X41.
- LP: #1566544
* s390/pci: enforce fmb page boundary rule
- LP: #1566544
* drm/radeon: rework fbdev handling on chips with no connectors
- LP: #1566544
* md: multipath: don't hardcopy bio in .make_request path
- LP: #1566544
* net: mvneta: enable change MAC address when interface is up
- LP: #1566544
* dm: fix rq_end_stats() NULL pointer in dm_requeue_original_request()
- LP: #1566544
* HID: i2c-hid: fix OOB write in i2c_hid_set_or_send_report()
- LP: #1566544
* ALSA: hda - Fix unconditional GPIO toggle via automute
- LP: #1566544
* mmc: mmc_spi: Add Card Detect comments and fix CD GPIO case
- LP: #1566544
* nfsd: fix deadlock secinfo+readdir compound
- LP: #1566544
* vfs: show_vfsstat: do not ignore errors from show_devname method
- LP: #1566544
* x86/iopl: Fix iopl capability check on Xen PV
- LP: #1566544
* crypto: marvell/cesa - forward devm_ioremap_resource() error code
- LP: #1566544
* mmc: sdhci: Fix override of timeout clk wrt max_busy_timeout
- LP: #1566544
* drm/amdgpu: include the right version of gmc header files for iceland
- LP: #1566544
* Input: ims-pcu - sanity check against missing interfaces
- LP: #1566544
* watchdog: don't run proc_watchdog_update if new value is same as old
- LP: #1566544
* mm: memcontrol: reclaim when shrinking memory.high below usage
- LP: #1566544
* mm: memcontrol: reclaim and OOM kill when shrinking memory.max below
usage
- LP: #1566544
* x86/apic: Fix suspicious RCU usage in
smp_trace_call_function_interrupt()
- LP: #1566544
* USB: usb_driver_claim_interface: add sanity checking
- LP: #1566544
* USB: uas: Reduce can_queue to MAX_CMNDS
- LP: #1566544
* tracing: Have preempt(irqs)off trace preempt disabled functions
- LP: #1566544
* tracing: Fix crash from reading trace_pipe with sendfile
- LP: #1566544
* splice: handle zero nr_pages in splice_to_pipe()
- LP: #1566544
* ALSA: usb-audio: add Microsoft HD-5001 to quirks
- LP: #1566544
* writeback, cgroup: fix premature wb_put() in
locked_inode_to_wb_and_lock_list()
- LP: #1566544
* fs-writeback: unplug before cond_resched in writeback_sb_inodes
- LP: #1566544
* writeback, cgroup: fix use of the wrong bdi_writeback which mismatches
the inode
- LP: #1566544
* bitops: Do not default to __clear_bit() for __clear_bit_unlock()
- LP: #1566544
* target: Fix target_release_cmd_kref shutdown comp leak
- LP: #1566544
* KVM: VMX: avoid guest hang on invalid invept instruction
- LP: #1566544
* KVM: fix spin_lock_init order on x86
- LP: #1566544
* tracing: Fix trace_printk() to print when not using bprintk()
- LP: #1566544
* fs/coredump: prevent fsuid=0 dumps into user-controlled directories
- LP: #1566544
* rapidio/rionet: fix deadlock on SMP
- LP: #1566544
* staging: comedi: ni_mio_common: fix the ni_write[blw]() functions
- LP: #1566544
* staging: android: ion_test: fix check of
platform_device_register_simple() error code
- LP: #1566544
* ideapad-laptop: Add ideapad Y700 (15) to the no_hw_rfkill DMI list
- LP: #1566544
* MAINTAINERS: Update mailing list and web page for hwmon subsystem
- LP: #1566544
* ocfs2/dlm: fix race between convert and recovery
- LP: #1566544
* ocfs2/dlm: fix BUG in dlm_move_lockres_to_recovery_list
- LP: #1566544
* mm/page_alloc: prevent merging between isolated and other pageblocks
- LP: #1566544
* mac80211: avoid excessive stack usage in sta_info
- LP: #1566544
* clk: xgene: Add missing parenthesis when clearing divider value
- LP: #1566544
* clk: qcom: msm8960: Fix ce3_src register offset
- LP: #1566544
* xen kconfig: don't "select INPUT_XEN_KBDDEV_FRONTEND"
- LP: #1566544
* ppp: take reference on channels netns
- LP: #1566544
* mdio-sun4i: oops in error handling in probe
- LP: #1566544
* clk: rockchip: free memory in error cases when registering clock
branches
- LP: #1566544
* ARC: bitops: Remove non relevant comments
- LP: #1566544
* mac80211: fix txq queue related crashes
- LP: #1566544
* net: Fix use after free in the recvmmsg exit path
- LP: #1566544
* ath9k: fix misleading indentation
- LP: #1566544
* sctp: fix the transports round robin issue when init is retransmitted
- LP: #1566544
* ethernet: micrel: fix some error codes
- LP: #1566544
* megaraid_sas: add missing curly braces in ioctl handler
- LP: #1566544
* clk-divider: make sure read-only dividers do not write to their
register
- LP: #1566544
* misc/bmp085: Enable building as a module
- LP: #1566544
* HID: logitech: fix Dual Action gamepad support
- LP: #1566544
* net/mlx5: Make command timeout way shorter
- LP: #1566544
* ASoC: ssm4567: Reset device before regcache_sync()
- LP: #1566544
* fbdev: da8xx-fb: fix videomodes of lcd panels
- LP: #1566544
* clk: qcom: msm8960: fix ce3_core clk enable register
- LP: #1566544
* ipvs: correct initial offset of Call-ID header search in SIP
persistence engine
- LP: #1566544
* drm/i915: Cleanup phys status page too
- LP: #1566544
* ata: ahci_xgene: dereferencing uninitialized pointer in probe
- LP: #1566544
* ath9k: fix buffer overrun for ar9287
- LP: #1566544
* perf tools: handle spaces in file names obtained from /proc/pid/maps
- LP: #1566544
* rtc: ds1685: passing bogus values to irq_restore
- LP: #1566544
* ARM: davinci: make I2C support optional
- LP: #1566544
* drm/amdkfd: uninitialized variable in
dbgdev_wave_control_set_registers()
- LP: #1566544
* mtd: map: fix .set_vpp() documentation
- LP: #1566544
* ARM: OMAP3: Add cpuidle parameters table for omap3430
- LP: #1566544
* efi: Expose non-blocking set_variable() wrapper to efivars
- LP: #1566544
* rtc: vr41xx: Wire up alarm_irq_enable
- LP: #1566544
* sunrpc/cache: drop reference when sunrpc_cache_pipe_upcall() detects a
race
- LP: #1566544
* ipv4: fix broadcast packets reception
- LP: #1566544
* lpfc: fix misleading indentation
- LP: #1566544
* sched/preempt, sh: kmap_coherent relies on disabled preemption
- LP: #1566544
* ipip: Properly mark ipip GRO packets as encapsulated.
- LP: #1566544
* spi/rockchip: Make sure spi clk is on in rockchip_spi_set_cs
- LP: #1566544
* ASoC: s3c24xx: use const snd_soc_component_driver pointer
- LP: #1566544
* mlx4: add missing braces in verify_qp_parameters
- LP: #1566544
* clk: meson: Fix meson_clk_register_clks() signature type mismatch
- LP: #1566544
* coda: fix error path in case of missing pdata on non-DT platform
- LP: #1566544
* kbuild/mkspec: fix grub2 installkernel issue
- LP: #1566544
* bpf: avoid copying junk bytes in bpf_get_current_comm()
- LP: #1566544
* mac80211: fix unnecessary frame drops in mesh fwding
- LP: #1566544
* mtd: brcmnand: Fix v7.1 register offsets
- LP: #1566544
* mac80211: fix ibss scan parameters
- LP: #1566544
* at803x: fix reset handling
- LP: #1566544
* rtc: hym8563: fix invalid year calculation
- LP: #1566544
* perf pmu: Fix misleadingly indented assignment (whitespace)
- LP: #1566544
* paride: make 'verbose' parameter an 'int' again
- LP: #1566544
* regulator: s5m8767: fix get_register() error handling
- LP: #1566544
* ppp: ensure file->private_data can't be overridden
- LP: #1566544
* clk: versatile: sp810: support reentrance
- LP: #1566544
* net: add description for len argument of dev_get_phys_port_name
- LP: #1566544
* net: bcmgenet: fix dma api length mismatch
- LP: #1566544
* ARM: prima2: always enable reset controller
- LP: #1566544
* drivers/misc/ad525x_dpot: AD5274 fix RDAC read back errors
- LP: #1566544
* perf stat: Document --detailed option
- LP: #1566544
* v4l: vsp1: Set the SRU CTRL0 register when starting the stream
- LP: #1566544
* ipvs: drop first packet to redirect conntrack
- LP: #1566544
* rtc: max77686: Properly handle regmap_irq_get_virq() error code
- LP: #1566544
* x86/iopl/64: Properly context-switch IOPL on Xen PV
- LP: #1566544
* Linux 4.2.8-ckt7
- LP: #1566544
* PKCS#7: pkcs7_validate_trust(): initialize the _trusted output argument
- LP: #1571027
* ALSA: hda - Asus N750JV external subwoofer fixup
- LP: #1571027
* ALSA: hda - Fix white noise on Asus N750JV headphone
- LP: #1571027
* ALSA: hda - Apply fix for white noise on Asus N550JV, too
- LP: #1571027
* drm/radeon: add a dpm quirk for sapphire Dual-X R7 370 2G D5
- LP: #1571027
* fs: add file_dentry()
- LP: #1571027
* nfs: use file_dentry()
- LP: #1571027
* hwmon: (max1111) Return -ENODEV from max1111_read_channel if not
instantiated
- LP: #1571027
* drm/radeon: add another R7 370 quirk
- LP: #1571027
* drm/radeon: add a dpm quirk for all R7 370 parts
- LP: #1571027
* powerpc/mm: Fixup preempt underflow with huge pages
- LP: #1571027
* pinctrl: pistachio: fix mfio84-89 function description and pinmux.
- LP: #1571027
* pinctrl: sunxi: Fix A33 external interrupts not working
- LP: #1571027
* usb: renesas_usbhs: avoid NULL pointer derefernce in
usbhsf_pkt_handler()
- LP: #1571027
* usb: renesas_usbhs: disable TX IRQ before starting TX DMAC transfer
- LP: #1571027
* btrfs: fix crash/invalid memory access on fsync when using overlayfs
- LP: #1571027
* ALSA: usb-audio: Minor code cleanup in create_fixed_stream_quirk()
- LP: #1571027
* ALSA: usb-audio: Fix double-free in error paths after
snd_usb_add_audio_stream() call
- LP: #1571027
* USB: mct_u232: add sanity checking in probe
- LP: #1571027
- CVE-2016-3136
* USB: cypress_m8: add endpoint sanity check
- LP: #1571027
- CVE-2016-3137
* USB: digi_acceleport: do sanity checking for the number of ports
- LP: #1571027
* [media] au0828: fix au0828_v4l2_close() dev_state race condition
- LP: #1571027
* [media] au0828: Fix dev_state handling
- LP: #1571027
* sd: Fix excessive capacity printing on devices with blocks bigger than
512 bytes
- LP: #1571027
* drm/dp: move hw_mutex up the call stack
- LP: #1571027
* drm/udl: Use unlocked gem unreferencing
- LP: #1571027
* ext4: add lockdep annotations for i_data_sem
- LP: #1571027
* ALSA: hda - fix front mic problem for a HP desktop
- LP: #1564712, #1571027
* KVM: x86: Inject pending interrupt even if pending nmi exist
- LP: #1571027
* ALSA: timer: Use mod_timer() for rearming the system timer
- LP: #1571027
* mm: fix invalid node in alloc_migrate_target()
- LP: #1571027
* iio: st_magn: always define ST_MAGN_TRIGGER_SET_STATE
- LP: #1571027
* ext4: ignore quota mount options if the quota feature is enabled
- LP: #1571027
* xen/events: Mask a moving irq
- LP: #1571027
* usb: renesas_usbhs: fix to avoid using a disabled ep in
usbhsg_queue_done()
- LP: #1571027
* mac80211: properly deal with station hashtable insert errors
- LP: #1571027
* compiler-gcc: disable -ftracer for __noclone functions
- LP: #1571027
* rbd: use GFP_NOIO consistently for request allocations
- LP: #1571027
* Btrfs: fix file/data loss caused by fsync after rename and new inode
- LP: #1571027
* USB: serial: ftdi_sio: Add support for ICP DAS I-756xU devices
- LP: #1571027
* USB: serial: cp210x: Adding GE Healthcare Device ID
- LP: #1571027
* USB: option: add "D-Link DWM-221 B1" device id
- LP: #1571027
* virtio: virtio 1.0 cs04 spec compliance for reset
- LP: #1571027
* libnvdimm: fix smart data retrieval
- LP: #1571027
* gpio: pca953x: Use correct u16 value for register word write
- LP: #1571027
* parisc: Avoid function pointers for kernel exception routines
- LP: #1571027
* parisc: Fix kernel crash with reversed copy_from_user()
- LP: #1571027
* parisc: Unbreak handling exceptions from kernel modules
- LP: #1571027
* net: macb: replace macb_writel() call by queue_writel() to update queue
ISR
- LP: #1571027
* net: bcmgenet: fix dev->stats.tx_bytes accounting
- LP: #1571027
* net: bcmgenet: fix skb_len in bcmgenet_xmit_single()
- LP: #1571027
* ipv6: udp: fix UDP_MIB_IGNOREDMULTI updates
- LP: #1571027
* pinctrl: nomadik: fix pull debug print inversion
- LP: #1571027
* ip6_tunnel: set rtnl_link_ops before calling register_netdevice
- LP: #1571027
* KVM: x86: move steal time initialization to vcpu entry time
- LP: #1571027
* lib/ucs2_string: Add ucs2 -> utf8 helper functions
- LP: #1571027
* efi: Use ucs2_as_utf8 in efivarfs instead of open coding a bad version
- LP: #1571027
* efi: Do variable name validation tests in utf8
- LP: #1571027
* efi: Make our variable validation list include the guid
- LP: #1571027
* efi: Make efivarfs entries immutable by default
- LP: #1571027
* efi: Add pstore variables to the deletion whitelist
- LP: #1571027
* lib/ucs2_string: Correct ucs2 -> utf8 conversion
- LP: #1571027
* ipr: Fix out-of-bounds null overwrite
- LP: #1571027
* ipr: Fix regression when loading firmware
- LP: #1571027
* perf/x86/intel: Fix PEBS data source interpretation on Nehalem/Westmere
- LP: #1571027
* ALSA: hda - Add new GPU codec ID 0x10de0082 to snd-hda
- LP: #1571027
* mwifiex: fix corner case association failure
- LP: #1571027
* net: phy: at803x: Request 'reset' GPIO only for AT8030 PHY
- LP: #1571027
* Linux 4.2.8-ckt8
- LP: #1571027
-- Kamal Mostafa <kamal@xxxxxxxxxxxxx> Mon, 18 Apr 2016 06:54:19 -0700
** Changed in: linux (Ubuntu Wily)
Status: Fix Committed => Fix Released
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2016-3136
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2016-3137
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1556562
Title:
VIA C7-D machine "kernel NULL pointer dereference" in
skcipher_recvmsg_async
Status in linux package in Ubuntu:
Fix Committed
Status in linux source package in Wily:
Fix Released
Bug description:
I'm working on an Lubuntu 15 machine. It was chosen because it
supports VIA C7-D processor and the VIA PM400 chipset without crashing
(also see ). Lubuntu 15 uses the 4.2 kernel:
$ lsb_release -a
No LSB modules are available.
Distributor ID: Ubuntu
Description: Ubuntu 15.10
Release: 15.10
Codename: wily
And:
$ uname -a
Linux via 4.2.0-30-generic #36-Ubuntu SMP Fri Feb 26 00:57:19 UTC 2016 i686 i686 i686 GNU/Linux
When running a particular program (details below), it hangs in syscall
248 and results in the following dmesg/syslog output. The process
cannot be killed, the machine does not respond to a 'shutdown -r now',
and the machine requires a hard reset.
...
[ 4505.429577] BUG: unable to handle kernel NULL pointer dereference at 00000008
[ 4505.429593] IP: [<f8a6ccf2>] skcipher_recvmsg_async.isra.13+0x4b2/0x500 [algif_skcipher]
[ 4505.429607] *pdpt = 0000000034ee3001 *pde = 0000000000000000
[ 4505.429614] Oops: 0000 [#3] SMP
[ 4505.429621] Modules linked in: jitterentropy_rng drbg ansi_cprng algif_skcipher af_alg snd_hda_codec_realtek snd_hda_codec_generic snd_hda_intel snd_hda_codec snd_hda_core snd_hwdep snd_pcm snd_seq_midi snd_seq_midi_event snd_rawmidi padlock_sha snd_seq padlock_aes snd_seq_device via_cputemp snd_timer hwmon_vid via_rng snd input_leds serio_raw soundcore i2c_viapro shpchp 8250_fintek mac_hid parport_pc ppdev lp parport autofs4 pata_acpi hid_generic usbhid hid psmouse r8169 pata_via sata_via mii
[ 4505.429689] CPU: 0 PID: 1532 Comm: afalgtest Tainted: G D 4.2.0-30-generic #36-Ubuntu
[ 4505.429695] Hardware name: To Be Filled By O.E.M. To Be Filled By O.E.M./Weibu, BIOS 080014 11/17/2011
[ 4505.429700] task: f4e0e040 ti: f4e3c000 task.ti: f4e3c000
[ 4505.429705] EIP: 0060:[<f8a6ccf2>] EFLAGS: 00010202 CPU: 0
[ 4505.429712] EIP is at skcipher_recvmsg_async.isra.13+0x4b2/0x500 [algif_skcipher]
[ 4505.429717] EAX: f3f97c00 EBX: f3f3ee00 ECX: f3f97c00 EDX: 00000000
[ 4505.429722] ESI: f3f3ee00 EDI: 00000ff0 EBP: f4e3ddc8 ESP: f4e3dd70
[ 4505.429726] DS: 007b ES: 007b FS: 00d8 GS: 00e0 SS: 0068
[ 4505.429731] CR0: 80050033 CR2: 00000008 CR3: 3247a520 CR4: 000006b0
[ 4505.429735] Stack:
[ 4505.429738] f3f97df4 f3f97c00 f3f97de0 00000000 f3f97c04 00000020 f4e3dd00 00000018
[ 4505.429750] 00001ff0 f3fb4400 f3f97c04 00000ff0 f4e3de40 f3f97de8 f4e3de38 f3fa0000
[ 4505.429761] 00000002 00000002 f3f97c00 f1f58180 c1210510 f4e3de38 f4e3ddf4 f8a6cd6b
[ 4505.429772] Call Trace:
[ 4505.429788] [<c1210510>] ? free_ioctx_users+0xa0/0xa0
[ 4505.429795] [<f8a6cd6b>] skcipher_recvmsg+0x2b/0x1f0 [algif_skcipher]
[ 4505.429803] [<f8a6c71a>] ? skcipher_check_key.isra.8+0x2a/0xb0 [algif_skcipher]
[ 4505.429810] [<f8a6cf61>] skcipher_recvmsg_nokey+0x31/0x40 [algif_skcipher]
[ 4505.429820] [<c164e1fd>] sock_recvmsg+0x3d/0x50
[ 4505.429826] [<c164e294>] sock_read_iter+0x84/0xd0
[ 4505.429833] [<c164e210>] ? sock_recvmsg+0x50/0x50
[ 4505.429839] [<c12108b0>] aio_run_iocb+0x110/0x2c0
[ 4505.429846] [<c164e210>] ? sock_recvmsg+0x50/0x50
[ 4505.429854] [<c1767b8f>] ? error_code+0x67/0x6c
[ 4505.429865] [<c11b25e4>] ? kmem_cache_alloc+0x1b4/0x1e0
[ 4505.429875] [<c11e5112>] ? __fdget+0x12/0x20
[ 4505.429881] [<c121168f>] do_io_submit+0x1ef/0x4a0
[ 4505.429893] [<c12ddd2f>] ? security_file_alloc+0x2f/0x50
[ 4505.429900] [<c1211960>] SyS_io_submit+0x20/0x30
[ 4505.429911] [<c176695f>] sysenter_do_call+0x12/0x12
[ 4505.429915] Code: 00 00 00 75 24 8b 45 ac ff 52 0c 89 c7 83 ff 8d 75 8f 8b 45 e4 3e ff 80 fc 01 00 00 bf ef fd ff ff e9 62 fc ff ff 8d 76 00 89 c8 <ff> 52 08 89 c7 eb db 8b 45 e4 31 d2 8b 80 20 02 00 00 8b 58 1c
[ 4505.429982] EIP: [<f8a6ccf2>] skcipher_recvmsg_async.isra.13+0x4b2/0x500 [algif_skcipher] SS:ESP 0068:f4e3dd70
[ 4505.429991] CR2: 0000000000000008
[ 4505.429997] ---[ end trace 3cce7cc6be0ad960 ]---
**********
The process details is this is a failed self test for the upcoming
OpenSSL 1.1.0. The OpenSSL RT bug report for this issue is at
http://rt.openssl.org/Ticket/Display.html?id=4411. Two attempts to
debug it resulted in two hung processes:
$ ps -A | grep afalgtest
1030 pts/0 00:00:00 afalgtest
1196 pts/0 00:00:00 afalgtest
And:
via:test$ sudo cat /proc/1030/syscall
248 0xb7fd6000 0x1 0xbfff98d4 0xb7fb9270 0xbfff98e0 0xb7ec45f7 0xbfff986c 0xb7fdbbe8
via:test$ sudo cat /proc/1196/syscall
248 0xb7fd6000 0x1 0xbfff98d4 0xb7fb9270 0xbfff98e0 0xb7ec45f7 0xbfff986c 0xb7fdbbe8
Its not clear to me what that particular syscall is:
$ cat /usr/include/asm-generic/unistd.h
...
/*
* Architectures may provide up to 16 syscalls of their own
* starting with this value.
*/
#define __NR_arch_specific_syscall 244
#define __NR_wait4 260
__SC_COMP(__NR_wait4, sys_wait4, compat_sys_wait4)
#define __NR_prlimit64 261
__SYSCALL(__NR_prlimit64, sys_prlimit64)
#define __NR_fanotify_init 262
__SYSCALL(__NR_fanotify_init, sys_fanotify_init)
#define __NR_fanotify_mark 263
...
**********
If interested, you should be able to duplicate it with the following.
That's resuming you have the hardware.
$ git clone git://git.openssl.org/openssl.git
$ cd openssl
$ ./config -d
$ make
$ make test/afalgtest
$ cd test
$ OPENSSL_ENGINES=../engines/afalg gdb ./afalgtest
**********
In this case, the hardware was selected for the VIA C7-D processor and the Padlock engine. Its relatively low-end, and can be found at http://www.amazon.com/gp/product/B01AXR2KBQ.
---
ApportVersion: 2.19.1-0ubuntu5
Architecture: i386
AudioDevicesInUse:
USER PID ACCESS COMMAND
/dev/snd/controlC0: jwalton 16458 F.... lxpanel
DistroRelease: Ubuntu 15.10
HibernationDevice: RESUME=UUID=e056d1a4-73ea-4667-a51f-604158d1b9fb
InstallationDate: Installed on 2016-03-22 (1 days ago)
InstallationMedia: Lubuntu 15.10 "Wily Werewolf" - Release i386 (20151021)
IwConfig:
lo no wireless extensions.
enp3s0 no wireless extensions.
MachineType: To Be Filled By O.E.M. To Be Filled By O.E.M.
Package: linux (not installed)
ProcEnviron:
TERM=xterm-256color
PATH=(custom, no user)
LANG=en_US.UTF-8
SHELL=/bin/bash
ProcFB: 0 VESA VGA
ProcKernelCmdLine: BOOT_IMAGE=/boot/vmlinuz-4.2.0-35-generic root=UUID=ed37a08c-3f91-4903-b20a-ba9829326044 ro ipv6.disable=1 biosdevname=0 audit=0 quiet splash vt.handoff=7
ProcVersionSignature: Ubuntu 4.2.0-35.40-generic 4.2.8-ckt5
RelatedPackageVersions:
linux-restricted-modules-4.2.0-35-generic N/A
linux-backports-modules-4.2.0-35-generic N/A
linux-firmware 1.149.3
RfKill:
Tags: wily wily
UdevLog: Error: [Errno 2] No such file or directory: '/var/log/udev'
Uname: Linux 4.2.0-35-generic i686
UpgradeStatus: No upgrade log present (probably fresh install)
UserGroups:
_MarkForUpload: True
dmi.bios.date: 11/17/2011
dmi.bios.vendor: American Megatrends Inc.
dmi.bios.version: 080014
dmi.board.asset.tag: To Be Filled By O.E.M.
dmi.board.name: Weibu
dmi.board.vendor: WB
dmi.board.version: 1.0
dmi.chassis.asset.tag: To Be Filled By O.E.M.
dmi.chassis.type: 3
dmi.chassis.vendor: To Be Filled By O.E.M.
dmi.chassis.version: To Be Filled By O.E.M.
dmi.modalias: dmi:bvnAmericanMegatrendsInc.:bvr080014:bd11/17/2011:svnToBeFilledByO.E.M.:pnToBeFilledByO.E.M.:pvrToBeFilledByO.E.M.:rvnWB:rnWeibu:rvr1.0:cvnToBeFilledByO.E.M.:ct3:cvrToBeFilledByO.E.M.:
dmi.product.name: To Be Filled By O.E.M.
dmi.product.version: To Be Filled By O.E.M.
dmi.sys.vendor: To Be Filled By O.E.M.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1556562/+subscriptions