kernel-packages team mailing list archive
-
kernel-packages team
-
Mailing list archive
-
Message #177449
[Bug 1505948] Re: Memory arena corruption with FUSE (was Memory allocation failure crashes kernel hard, presumably related to FUSE)
This bug was fixed in the package linux - 4.2.0-36.41
---------------
linux (4.2.0-36.41) wily; urgency=low
[ Kamal Mostafa ]
* Release Tracking Bug
- LP: #1571667
[ Benjamin Tissoires ]
* SAUCE: Input: synaptics - handle spurious release of trackstick
buttons, again
- LP: #1553811
[ dann frazier ]
* Revert "SAUCE: arm64, numa, dt: adding dt based numa support using dt
node property arm, associativity"
- LP: #1558828
* Revert "SAUCE: Documentation: arm64/arm: dt bindings for numa."
- LP: #1558828
* Revert "SAUCE: arm64, numa: adding numa support for arm64 platforms."
- LP: #1558828
* Revert "[Config] Enable NUMA on ARM64"
- LP: #1558828
[ K. Y. Srinivasan ]
* SAUCE: (noup): Drivers: hv: vmbus: Fix a bug in
hv_need_to_signal_on_read()
- LP: #1556264
[ Kamal Mostafa ]
* [debian] BugLink: close LP: bugs only for Launchpad urls
* [Config] updateconfigs after v4.2.8-ckt7
[ Upstream Kernel Changes ]
* Revert "jffs2: Fix lock acquisition order bug in jffs2_write_begin"
- LP: #1561677
* tipc: fix connection abort during subscription cancel
- LP: #1561677
* tipc: fix nullptr crash during subscription cancel
- LP: #1561677
* s390/mm: four page table levels vs. fork
- LP: #1561677
* Input: aiptek - fix crash on detecting device without endpoints
- LP: #1561677
* wext: fix message delay/ordering
- LP: #1561677
* cfg80211/wext: fix message ordering
- LP: #1561677
* mac80211: fix use of uninitialised values in RX aggregation
- LP: #1561677
* mac80211: minstrel: Change expected throughput unit back to Kbps
- LP: #1561677
* libata: fix HDIO_GET_32BIT ioctl
- LP: #1561677
* iwlwifi: mvm: inc pending frames counter also when txing non-sta
- LP: #1561677
* [media] adv7604: fix tx 5v detect regression
- LP: #1561677
* ahci: add new Intel device IDs
- LP: #1561677
* ahci: Order SATA device IDs for codename Lewisburg
- LP: #1561677
* Adding Intel Lewisburg device IDs for SATA
- LP: #1561677
* ASoC: samsung: Use IRQ safe spin lock calls
- LP: #1561677
* mac80211: minstrel_ht: set default tx aggregation timeout to 0
- LP: #1561677
* usb: chipidea: otg: change workqueue ci_otg as freezable
- LP: #1561677
* jffs2: Fix page lock / f->sem deadlock
- LP: #1561677
* Fix directory hardlinks from deleted directories
- LP: #1561677
* iommu/amd: Fix boot warning when device 00:00.0 is not iommu covered
- LP: #1561677
* iommu/amd: Apply workaround for ATS write permission check
- LP: #1561677
* libata: Align ata_device's id on a cacheline
- LP: #1561677
* can: gs_usb: fixed disconnect bug by removing erroneous use of kfree()
- LP: #1561677
* fbcon: set a default value to blink interval
- LP: #1561677
* KVM: x86: fix root cause for missed hardware breakpoints
- LP: #1561677
* arm64: vmemmap: use virtual projection of linear region
- LP: #1561677
* vfio: fix ioctl error handling
- LP: #1561677
* ALSA: ctl: Fix ioctls for X32 ABI
- LP: #1561677
* ALSA: pcm: Fix ioctls for X32 ABI
- LP: #1561677
* ALSA: rawmidi: Fix ioctls X32 ABI
- LP: #1561677
* ALSA: timer: Fix broken compat timer user status ioctl
- LP: #1561677
* ALSA: timer: Fix ioctls for X32 ABI
- LP: #1561677
* cifs: fix out-of-bounds access in lease parsing
- LP: #1561677
* CIFS: Fix SMB2+ interim response processing for read requests
- LP: #1561677
* Fix cifs_uniqueid_to_ino_t() function for s390x
- LP: #1561677
* arm/arm64: KVM: Fix ioctl error handling
- LP: #1561677
* MIPS: kvm: Fix ioctl error handling.
- LP: #1561677
* ALSA: hdspm: Fix wrong boolean ctl value accesses
- LP: #1561677
* ALSA: hdspm: Fix zero-division
- LP: #1561677
* ALSA: hdsp: Fix wrong boolean ctl value accesses
- LP: #1561677
* use ->d_seq to get coherency between ->d_inode and ->d_flags
- LP: #1561677
* USB: qcserial: add Dell Wireless 5809e Gobi 4G HSPA+ (rev3)
- LP: #1561677
* USB: cp210x: Add ID for Parrot NMEA GPS Flight Recorder
- LP: #1561677
* ASoC: dapm: Fix ctl value accesses in a wrong type
- LP: #1561677
* ASoC: wm8958: Fix enum ctl accesses in a wrong type
- LP: #1561677
* ASoC: wm8994: Fix enum ctl accesses in a wrong type
- LP: #1561677
* ASoC: wm_adsp: Fix enum ctl accesses in a wrong type
- LP: #1561677
* USB: serial: option: add support for Telit LE922 PID 0x1045
- LP: #1561677
* USB: serial: option: add support for Quectel UC20
- LP: #1561677
* ALSA: usb-audio: Add a quirk for Plantronics DA45
- LP: #1561677
* mac80211: check PN correctly for GCMP-encrypted fragmented MPDUs
- LP: #1561677
* mac80211: Fix Public Action frame RX in AP mode
- LP: #1561677
* i2c: brcmstb: allocate correct amount of memory for regmap
- LP: #1561677
* ALSA: seq: oss: Don't drain at closing a client
- LP: #1561677
* parisc: Fix ptrace syscall number and return value modification
- LP: #1561677
* drm/ast: Fix incorrect register check for DRAM width
- LP: #1561677
* USB: qcserial: add Sierra Wireless EM74xx device ID
- LP: #1561677
* drm/amdgpu/pm: update current crtc info after setting the powerstate
- LP: #1561677
* drm/radeon/pm: update current crtc info after setting the powerstate
- LP: #1561677
* drm/amdgpu: return from atombios_dp_get_dpcd only when error
- LP: #1561677
* PM / sleep / x86: Fix crash on graph trace through x86 suspend
- LP: #1561677
* ALSA: hda - Fix mic issues on Acer Aspire E1-472
- LP: #1561677
* ovl: fix working on distributed fs as lower layer
- LP: #1561677
* ovl: fix getcwd() failure after unsuccessful rmdir
- LP: #1561677
* ovl: ignore lower entries when checking purity of non-directory entries
- LP: #1561677
* MIPS: traps: Fix SIGFPE information leak from `do_ov' and
`do_trap_or_bp'
- LP: #1561677
* ubi: Fix out of bounds write in volume update code
- LP: #1561677
* target: Drop incorrect ABORT_TASK put for completed commands
- LP: #1561677
* ARM: OMAP2+: hwmod: Introduce ti,no-idle dt property
- LP: #1561677
* ARM: dts: dra7: do not gate cpsw clock due to errata i877
- LP: #1561677
* PCI: Allow a NULL "parent" pointer in pci_bus_assign_domain_nr()
- LP: #1561677
* KVM: PPC: Book3S HV: Sanitize special-purpose register values on guest
exit
- LP: #1561677
* ncpfs: fix a braino in OOM handling in ncp_fill_cache()
- LP: #1561677
* jffs2: reduce the breakage on recovery from halfway failed rename()
- LP: #1561677
* KVM: VMX: disable PEBS before a guest entry
- LP: #1561677
* arm64: account for sparsemem section alignment when choosing vmemmap
offset
- LP: #1561677
* tracing: Fix check for cpu online when event is disabled
- LP: #1561677
* KVM: MMU: fix ept=0/pte.u=1/pte.w=0/CR0.WP=0/CR4.SMEP=1/EFER.NX=0 combo
- LP: #1561677
* dmaengine: at_xdmac: fix residue computation
- LP: #1561677
* MIPS: Fix build error when SMP is used without GIC
- LP: #1561677
* IB/core: Use GRH when the path hop-limit > 0
- LP: #1561677
* dmaengine: pxa_dma: fix cyclic transfers
- LP: #1561677
* MIPS: smp.c: Fix uninitialised temp_foreign_map
- LP: #1561677
* tcp: fix tcpi_segs_in after connection establishment
- LP: #1561677
* be2net: Don't leak iomapped memory on removal.
- LP: #1561677
* tcp: convert cached rtt from usec to jiffies when feeding initial rto
- LP: #1561677
* ext4: iterate over buffer heads correctly in move_extent_per_page()
- LP: #1561677
* ppp: release rtnl mutex when interface creation fails
- LP: #1561677
* net/mlx4_core: Allow resetting VF admin mac to zero
- LP: #1561677
* ipv6: re-enable fragment header matching in ipv6_find_hdr
- LP: #1561677
* net/mlx5e: Remove wrong poll CQ optimization
- LP: #1561677
* cdc_ncm: do not call usbnet_link_change from cdc_ncm_bind
- LP: #1561677
* net: qca_spi: Don't clear IFF_BROADCAST
- LP: #1561677
* net: moxa: fix an error code
- LP: #1561677
* mld, igmp: Fix reserved tailroom calculation
- LP: #1561677
* Linux 4.2.8-ckt6
- LP: #1561677
* (upstream) net/mlx5e: Avoid NULL pointer access in case of
configuration failure
- LP: #1528466
* PCI: Disable IO/MEM decoding for devices with non-compliant BARs
- LP: #1559929
* x86/PCI: Mark Broadwell-EP Home Agent & PCU as having non-compliant
BARs
- LP: #1559929
* fuse: do not use iocb after it may have been freed
- LP: #1505948
* fuse: Add reference counting for fuse_io_priv
- LP: #1505948
* intel_idle: prevent SKL-H boot failure when C8+C9+C10 enabled
- LP: #1559918
* crypto: skcipher - Add crypto_skcipher_has_setkey
- LP: #1556562
* crypto: algif_skcipher - Add key check exception for cipher_null
- LP: #1556562
* crypto: algif_skcipher - Do not assume that req is unchanged
- LP: #1556562
* crypto: algif_skcipher - Do not dereference ctx without socket lock
- LP: #1556562
* proc: revert /proc/<pid>/maps [stack:TID] annotation
- LP: #1547231
* ACPI / processor: Request native thermal interrupt handling via _OSC
- LP: #1559923
* gpiolib: do not allow to insert an empty gpiochip
- LP: #1566544
* gpio: add a data pointer to gpio_chip
- LP: #1566544
* gpio: rcar: Add Runtime PM handling for interrupts
- LP: #1566544
* ipv4: Don't do expensive useless work during inetdev destroy.
- LP: #1566544
* Input: powermate - fix oops with malicious USB descriptors
- LP: #1566544
* USB: iowarrior: fix oops with malicious USB descriptors
- LP: #1566544
* ALSA: usb-audio: Fix NULL dereference in create_fixed_stream_quirk()
- LP: #1566544
* ALSA: usb-audio: Add sanity checks for endpoint accesses
- LP: #1566544
* include/linux/poison.h: fix LIST_POISON{1,2} offset
- LP: #1566544
* Input: ati_remote2 - fix crashes on detecting device with invalid
descriptor
- LP: #1566544
* USB: cdc-acm: more sanity checking
- LP: #1566544
* drm/i915: Workaround CHV pipe C cursor fail
- LP: #1566544
* EDAC, amd64_edac: Shift wrapping issue in f1x_get_norm_dct_addr()
- LP: #1566544
* crypto: ccp - Add hash state import and export support
- LP: #1566544
* clk: rockchip: add pclk_cpu to the list of rk3188 critical clocks
- LP: #1566544
* clk: rockchip: Add pclk_peri to critical clocks on RK3066/RK3188
- LP: #1566544
* clk: rockchip: add hclk_cpubus to the list of rk3188 critical clocks
- LP: #1566544
* tty: Fix GPF in flush_to_ldisc(), part 2
- LP: #1566544
* media: v4l2-compat-ioctl32: fix missing length copy in
put_v4l2_buffer32
- LP: #1566544
* pwc: Add USB id for Philips Spc880nc webcam
- LP: #1566544
* crypto: ccp - Limit the amount of information exported
- LP: #1566544
* crypto: ccp - Don't assume export/import areas are aligned
- LP: #1566544
* 8250: use callbacks to access UART_DLL/UART_DLM
- LP: #1566544
* net: irda: Fix use-after-free in irtty_open()
- LP: #1566544
* mei: bus: check if the device is enabled before data transfer
- LP: #1566544
* staging: comedi: ni_tiocmd: change mistaken use of start_src for
start_arg
- LP: #1566544
* tools/hv: Use include/uapi with __EXPORTED_HEADERS__
- LP: #1566544
* tpm: fix the rollback in tpm_chip_register()
- LP: #1566544
* tpm: fix the cleanup of struct tpm_chip
- LP: #1566544
* ARM: dts: armada-375: use armada-370-sata for SATA
- LP: #1566544
* usb: retry reset if a device times out
- LP: #1566544
* HID: fix hid_ignore_special_drivers module parameter
- LP: #1566544
* scripts/coccinelle: modernize &
- LP: #1566544
* adv7511: TX_EDID_PRESENT is still 1 after a disconnect
- LP: #1566544
* saa7134: Fix bytesperline not being set correctly for planar formats
- LP: #1566544
* tpm_crb: tpm2_shutdown() must be called before tpm_chip_unregister()
- LP: #1566544
* perf tools: Dont stop PMU parsing on alias parse error
- LP: #1566544
* Bluetooth: btusb: Add new AR3012 ID 13d3:3395
- LP: #1542564, #1566544
* Bluetooth: Add new AR3012 ID 0489:e095
- LP: #1542944, #1566544
* aacraid: Fix RRQ overload
- LP: #1566544
* aacraid: Fix memory leak in aac_fib_map_free
- LP: #1566544
* aic7xxx: Fix queue depth handling
- LP: #1566544
* mtd: onenand: fix deadlock in onenand_block_markbad
- LP: #1566544
* md/raid5: Compare apples to apples (or sectors to sectors)
- LP: #1566544
* RAID5: check_reshape() shouldn't call mddev_suspend
- LP: #1566544
* RAID5: revert e9e4c377e2f563 to fix a livelock
- LP: #1566544
* crypto: ccp - memset request context to zero during import
- LP: #1566544
* Bluetooth: btusb: Add a new AR3012 ID 04ca:3014
- LP: #1546694, #1566544
* mmc: sdhci: fix data timeout (part 1)
- LP: #1566544
* mmc: sdhci: fix data timeout (part 2)
- LP: #1566544
* perf tools: Fix python extension build
- LP: #1566544
* IB/srpt: Simplify srpt_handle_tsk_mgmt()
- LP: #1566544
* bttv: Width must be a multiple of 16 when capturing planar formats
- LP: #1566544
* watchdog: rc32434_wdt: fix ioctl error handling
- LP: #1566544
* nfsd4: fix bad bounds checking
- LP: #1566544
* xfs: fix two memory leaks in xfs_attr_list.c error paths
- LP: #1566544
* quota: Fix possible GPF due to uninitialised pointers
- LP: #1566544
* mtip32xx: Fix broken service thread handling
- LP: #1566544
* mtip32xx: Remove unwanted code from taskfile error handler
- LP: #1566544
* mtip32xx: Print exact time when an internal command is interrupted
- LP: #1566544
* mtip32xx: Avoid issuing standby immediate cmd during FTL rebuild
- LP: #1566544
* mtip32xx: Fix for rmmod crash when drive is in FTL rebuild
- LP: #1566544
* mtip32xx: Handle safe removal during IO
- LP: #1566544
* mtip32xx: Handle FTL rebuild failure state during device initialization
- LP: #1566544
* of: alloc anywhere from memblock if range not specified
- LP: #1566544
* usb: hub: fix a typo in hub_port_init() leading to wrong logic
- LP: #1566544
* KVM: i8254: change PIT discard tick policy
- LP: #1566544
* sched/cputime: Fix steal time accounting vs. CPU hotplug
- LP: #1566544
* libnvdimm: Fix security issue with DSM IOCTL.
- LP: #1566544
* rt2x00: add new rt2800usb device Buffalo WLI-UC-G450
- LP: #1566544
* pinctrl-bcm2835: Fix cut-and-paste error in "pull" parsing
- LP: #1566544
* perf/core: Fix perf_sched_count derailment
- LP: #1566544
* perf/x86/intel: Use PAGE_SIZE for PEBS buffer size on Core2
- LP: #1566544
* perf/x86/intel: Fix PEBS warning by only restoring active PMU in pmi
- LP: #1566544
* sched/cputime: Fix steal_account_process_tick() to always return
jiffies
- LP: #1566544
* bcache: fix race of writeback thread starting before complete
initialization
- LP: #1566544
* bcache: cleaned up error handling around register_cache()
- LP: #1566544
* bcache: fix cache_set_flush() NULL pointer dereference on OOM
- LP: #1566544
* be2iscsi: set the boot_kset pointer to NULL in case of failure
- LP: #1566544
* md/raid5: preserve STRIPE_PREREAD_ACTIVE in break_stripe_batch_list
- LP: #1566544
* drm/radeon: Don't drop DP 2.7 Ghz link setup on some cards.
- LP: #1566544
* sg: fix dxferp in from_to case
- LP: #1566544
* jbd2: fix FS corruption possibility in jbd2_journal_destroy() on umount
path
- LP: #1566544
* ALSA: hda - Apply reboot D3 fix for CX20724 codec, too
- LP: #1566544
* EDAC/sb_edac: Fix computation of channel address
- LP: #1566544
* Bluetooth: btusb: Add a new AR3012 ID 13d3:3472
- LP: #1552925, #1566544
* ALSA: pcm: Avoid "BUG:" string for warnings again
- LP: #1566544
* dm snapshot: disallow the COW and origin devices from being identical
- LP: #1566544
* dm thin metadata: don't issue prefetches if a transaction abort has
failed
- LP: #1566544
* dm cache: make sure every metadata function checks fail_io
- LP: #1566544
* iser-target: Fix identification of login rx descriptor type
- LP: #1566544
* iser-target: Add new state ISER_CONN_BOUND to isert_conn
- LP: #1566544
* iser-target: Separate flows for np listeners and connections cma events
- LP: #1566544
* ALSA: hda - fix the mic mute button and led problem for a Lenovo AIO
- LP: #1555912, #1566544
* xtensa: ISS: don't hang if stdin EOF is reached
- LP: #1566544
* xtensa: fix preemption in {clear,copy}_user_highpage
- LP: #1566544
* xtensa: clear all DBREAKC registers on start
- LP: #1566544
* Bluetooth: Fix potential buffer overflow with Add Advertising
- LP: #1566544
* ARC: [BE] readl()/writel() to work in Big Endian CPU configuration
- LP: #1566544
* bus: imx-weim: Take the 'status' property value into account
- LP: #1566544
* ALSA: intel8x0: Add clock quirk entry for AD1981B on IBM ThinkPad X41.
- LP: #1566544
* s390/pci: enforce fmb page boundary rule
- LP: #1566544
* drm/radeon: rework fbdev handling on chips with no connectors
- LP: #1566544
* md: multipath: don't hardcopy bio in .make_request path
- LP: #1566544
* net: mvneta: enable change MAC address when interface is up
- LP: #1566544
* dm: fix rq_end_stats() NULL pointer in dm_requeue_original_request()
- LP: #1566544
* HID: i2c-hid: fix OOB write in i2c_hid_set_or_send_report()
- LP: #1566544
* ALSA: hda - Fix unconditional GPIO toggle via automute
- LP: #1566544
* mmc: mmc_spi: Add Card Detect comments and fix CD GPIO case
- LP: #1566544
* nfsd: fix deadlock secinfo+readdir compound
- LP: #1566544
* vfs: show_vfsstat: do not ignore errors from show_devname method
- LP: #1566544
* x86/iopl: Fix iopl capability check on Xen PV
- LP: #1566544
* crypto: marvell/cesa - forward devm_ioremap_resource() error code
- LP: #1566544
* mmc: sdhci: Fix override of timeout clk wrt max_busy_timeout
- LP: #1566544
* drm/amdgpu: include the right version of gmc header files for iceland
- LP: #1566544
* Input: ims-pcu - sanity check against missing interfaces
- LP: #1566544
* watchdog: don't run proc_watchdog_update if new value is same as old
- LP: #1566544
* mm: memcontrol: reclaim when shrinking memory.high below usage
- LP: #1566544
* mm: memcontrol: reclaim and OOM kill when shrinking memory.max below
usage
- LP: #1566544
* x86/apic: Fix suspicious RCU usage in
smp_trace_call_function_interrupt()
- LP: #1566544
* USB: usb_driver_claim_interface: add sanity checking
- LP: #1566544
* USB: uas: Reduce can_queue to MAX_CMNDS
- LP: #1566544
* tracing: Have preempt(irqs)off trace preempt disabled functions
- LP: #1566544
* tracing: Fix crash from reading trace_pipe with sendfile
- LP: #1566544
* splice: handle zero nr_pages in splice_to_pipe()
- LP: #1566544
* ALSA: usb-audio: add Microsoft HD-5001 to quirks
- LP: #1566544
* writeback, cgroup: fix premature wb_put() in
locked_inode_to_wb_and_lock_list()
- LP: #1566544
* fs-writeback: unplug before cond_resched in writeback_sb_inodes
- LP: #1566544
* writeback, cgroup: fix use of the wrong bdi_writeback which mismatches
the inode
- LP: #1566544
* bitops: Do not default to __clear_bit() for __clear_bit_unlock()
- LP: #1566544
* target: Fix target_release_cmd_kref shutdown comp leak
- LP: #1566544
* KVM: VMX: avoid guest hang on invalid invept instruction
- LP: #1566544
* KVM: fix spin_lock_init order on x86
- LP: #1566544
* tracing: Fix trace_printk() to print when not using bprintk()
- LP: #1566544
* fs/coredump: prevent fsuid=0 dumps into user-controlled directories
- LP: #1566544
* rapidio/rionet: fix deadlock on SMP
- LP: #1566544
* staging: comedi: ni_mio_common: fix the ni_write[blw]() functions
- LP: #1566544
* staging: android: ion_test: fix check of
platform_device_register_simple() error code
- LP: #1566544
* ideapad-laptop: Add ideapad Y700 (15) to the no_hw_rfkill DMI list
- LP: #1566544
* MAINTAINERS: Update mailing list and web page for hwmon subsystem
- LP: #1566544
* ocfs2/dlm: fix race between convert and recovery
- LP: #1566544
* ocfs2/dlm: fix BUG in dlm_move_lockres_to_recovery_list
- LP: #1566544
* mm/page_alloc: prevent merging between isolated and other pageblocks
- LP: #1566544
* mac80211: avoid excessive stack usage in sta_info
- LP: #1566544
* clk: xgene: Add missing parenthesis when clearing divider value
- LP: #1566544
* clk: qcom: msm8960: Fix ce3_src register offset
- LP: #1566544
* xen kconfig: don't "select INPUT_XEN_KBDDEV_FRONTEND"
- LP: #1566544
* ppp: take reference on channels netns
- LP: #1566544
* mdio-sun4i: oops in error handling in probe
- LP: #1566544
* clk: rockchip: free memory in error cases when registering clock
branches
- LP: #1566544
* ARC: bitops: Remove non relevant comments
- LP: #1566544
* mac80211: fix txq queue related crashes
- LP: #1566544
* net: Fix use after free in the recvmmsg exit path
- LP: #1566544
* ath9k: fix misleading indentation
- LP: #1566544
* sctp: fix the transports round robin issue when init is retransmitted
- LP: #1566544
* ethernet: micrel: fix some error codes
- LP: #1566544
* megaraid_sas: add missing curly braces in ioctl handler
- LP: #1566544
* clk-divider: make sure read-only dividers do not write to their
register
- LP: #1566544
* misc/bmp085: Enable building as a module
- LP: #1566544
* HID: logitech: fix Dual Action gamepad support
- LP: #1566544
* net/mlx5: Make command timeout way shorter
- LP: #1566544
* ASoC: ssm4567: Reset device before regcache_sync()
- LP: #1566544
* fbdev: da8xx-fb: fix videomodes of lcd panels
- LP: #1566544
* clk: qcom: msm8960: fix ce3_core clk enable register
- LP: #1566544
* ipvs: correct initial offset of Call-ID header search in SIP
persistence engine
- LP: #1566544
* drm/i915: Cleanup phys status page too
- LP: #1566544
* ata: ahci_xgene: dereferencing uninitialized pointer in probe
- LP: #1566544
* ath9k: fix buffer overrun for ar9287
- LP: #1566544
* perf tools: handle spaces in file names obtained from /proc/pid/maps
- LP: #1566544
* rtc: ds1685: passing bogus values to irq_restore
- LP: #1566544
* ARM: davinci: make I2C support optional
- LP: #1566544
* drm/amdkfd: uninitialized variable in
dbgdev_wave_control_set_registers()
- LP: #1566544
* mtd: map: fix .set_vpp() documentation
- LP: #1566544
* ARM: OMAP3: Add cpuidle parameters table for omap3430
- LP: #1566544
* efi: Expose non-blocking set_variable() wrapper to efivars
- LP: #1566544
* rtc: vr41xx: Wire up alarm_irq_enable
- LP: #1566544
* sunrpc/cache: drop reference when sunrpc_cache_pipe_upcall() detects a
race
- LP: #1566544
* ipv4: fix broadcast packets reception
- LP: #1566544
* lpfc: fix misleading indentation
- LP: #1566544
* sched/preempt, sh: kmap_coherent relies on disabled preemption
- LP: #1566544
* ipip: Properly mark ipip GRO packets as encapsulated.
- LP: #1566544
* spi/rockchip: Make sure spi clk is on in rockchip_spi_set_cs
- LP: #1566544
* ASoC: s3c24xx: use const snd_soc_component_driver pointer
- LP: #1566544
* mlx4: add missing braces in verify_qp_parameters
- LP: #1566544
* clk: meson: Fix meson_clk_register_clks() signature type mismatch
- LP: #1566544
* coda: fix error path in case of missing pdata on non-DT platform
- LP: #1566544
* kbuild/mkspec: fix grub2 installkernel issue
- LP: #1566544
* bpf: avoid copying junk bytes in bpf_get_current_comm()
- LP: #1566544
* mac80211: fix unnecessary frame drops in mesh fwding
- LP: #1566544
* mtd: brcmnand: Fix v7.1 register offsets
- LP: #1566544
* mac80211: fix ibss scan parameters
- LP: #1566544
* at803x: fix reset handling
- LP: #1566544
* rtc: hym8563: fix invalid year calculation
- LP: #1566544
* perf pmu: Fix misleadingly indented assignment (whitespace)
- LP: #1566544
* paride: make 'verbose' parameter an 'int' again
- LP: #1566544
* regulator: s5m8767: fix get_register() error handling
- LP: #1566544
* ppp: ensure file->private_data can't be overridden
- LP: #1566544
* clk: versatile: sp810: support reentrance
- LP: #1566544
* net: add description for len argument of dev_get_phys_port_name
- LP: #1566544
* net: bcmgenet: fix dma api length mismatch
- LP: #1566544
* ARM: prima2: always enable reset controller
- LP: #1566544
* drivers/misc/ad525x_dpot: AD5274 fix RDAC read back errors
- LP: #1566544
* perf stat: Document --detailed option
- LP: #1566544
* v4l: vsp1: Set the SRU CTRL0 register when starting the stream
- LP: #1566544
* ipvs: drop first packet to redirect conntrack
- LP: #1566544
* rtc: max77686: Properly handle regmap_irq_get_virq() error code
- LP: #1566544
* x86/iopl/64: Properly context-switch IOPL on Xen PV
- LP: #1566544
* Linux 4.2.8-ckt7
- LP: #1566544
* PKCS#7: pkcs7_validate_trust(): initialize the _trusted output argument
- LP: #1571027
* ALSA: hda - Asus N750JV external subwoofer fixup
- LP: #1571027
* ALSA: hda - Fix white noise on Asus N750JV headphone
- LP: #1571027
* ALSA: hda - Apply fix for white noise on Asus N550JV, too
- LP: #1571027
* drm/radeon: add a dpm quirk for sapphire Dual-X R7 370 2G D5
- LP: #1571027
* fs: add file_dentry()
- LP: #1571027
* nfs: use file_dentry()
- LP: #1571027
* hwmon: (max1111) Return -ENODEV from max1111_read_channel if not
instantiated
- LP: #1571027
* drm/radeon: add another R7 370 quirk
- LP: #1571027
* drm/radeon: add a dpm quirk for all R7 370 parts
- LP: #1571027
* powerpc/mm: Fixup preempt underflow with huge pages
- LP: #1571027
* pinctrl: pistachio: fix mfio84-89 function description and pinmux.
- LP: #1571027
* pinctrl: sunxi: Fix A33 external interrupts not working
- LP: #1571027
* usb: renesas_usbhs: avoid NULL pointer derefernce in
usbhsf_pkt_handler()
- LP: #1571027
* usb: renesas_usbhs: disable TX IRQ before starting TX DMAC transfer
- LP: #1571027
* btrfs: fix crash/invalid memory access on fsync when using overlayfs
- LP: #1571027
* ALSA: usb-audio: Minor code cleanup in create_fixed_stream_quirk()
- LP: #1571027
* ALSA: usb-audio: Fix double-free in error paths after
snd_usb_add_audio_stream() call
- LP: #1571027
* USB: mct_u232: add sanity checking in probe
- LP: #1571027
- CVE-2016-3136
* USB: cypress_m8: add endpoint sanity check
- LP: #1571027
- CVE-2016-3137
* USB: digi_acceleport: do sanity checking for the number of ports
- LP: #1571027
* [media] au0828: fix au0828_v4l2_close() dev_state race condition
- LP: #1571027
* [media] au0828: Fix dev_state handling
- LP: #1571027
* sd: Fix excessive capacity printing on devices with blocks bigger than
512 bytes
- LP: #1571027
* drm/dp: move hw_mutex up the call stack
- LP: #1571027
* drm/udl: Use unlocked gem unreferencing
- LP: #1571027
* ext4: add lockdep annotations for i_data_sem
- LP: #1571027
* ALSA: hda - fix front mic problem for a HP desktop
- LP: #1564712, #1571027
* KVM: x86: Inject pending interrupt even if pending nmi exist
- LP: #1571027
* ALSA: timer: Use mod_timer() for rearming the system timer
- LP: #1571027
* mm: fix invalid node in alloc_migrate_target()
- LP: #1571027
* iio: st_magn: always define ST_MAGN_TRIGGER_SET_STATE
- LP: #1571027
* ext4: ignore quota mount options if the quota feature is enabled
- LP: #1571027
* xen/events: Mask a moving irq
- LP: #1571027
* usb: renesas_usbhs: fix to avoid using a disabled ep in
usbhsg_queue_done()
- LP: #1571027
* mac80211: properly deal with station hashtable insert errors
- LP: #1571027
* compiler-gcc: disable -ftracer for __noclone functions
- LP: #1571027
* rbd: use GFP_NOIO consistently for request allocations
- LP: #1571027
* Btrfs: fix file/data loss caused by fsync after rename and new inode
- LP: #1571027
* USB: serial: ftdi_sio: Add support for ICP DAS I-756xU devices
- LP: #1571027
* USB: serial: cp210x: Adding GE Healthcare Device ID
- LP: #1571027
* USB: option: add "D-Link DWM-221 B1" device id
- LP: #1571027
* virtio: virtio 1.0 cs04 spec compliance for reset
- LP: #1571027
* libnvdimm: fix smart data retrieval
- LP: #1571027
* gpio: pca953x: Use correct u16 value for register word write
- LP: #1571027
* parisc: Avoid function pointers for kernel exception routines
- LP: #1571027
* parisc: Fix kernel crash with reversed copy_from_user()
- LP: #1571027
* parisc: Unbreak handling exceptions from kernel modules
- LP: #1571027
* net: macb: replace macb_writel() call by queue_writel() to update queue
ISR
- LP: #1571027
* net: bcmgenet: fix dev->stats.tx_bytes accounting
- LP: #1571027
* net: bcmgenet: fix skb_len in bcmgenet_xmit_single()
- LP: #1571027
* ipv6: udp: fix UDP_MIB_IGNOREDMULTI updates
- LP: #1571027
* pinctrl: nomadik: fix pull debug print inversion
- LP: #1571027
* ip6_tunnel: set rtnl_link_ops before calling register_netdevice
- LP: #1571027
* KVM: x86: move steal time initialization to vcpu entry time
- LP: #1571027
* lib/ucs2_string: Add ucs2 -> utf8 helper functions
- LP: #1571027
* efi: Use ucs2_as_utf8 in efivarfs instead of open coding a bad version
- LP: #1571027
* efi: Do variable name validation tests in utf8
- LP: #1571027
* efi: Make our variable validation list include the guid
- LP: #1571027
* efi: Make efivarfs entries immutable by default
- LP: #1571027
* efi: Add pstore variables to the deletion whitelist
- LP: #1571027
* lib/ucs2_string: Correct ucs2 -> utf8 conversion
- LP: #1571027
* ipr: Fix out-of-bounds null overwrite
- LP: #1571027
* ipr: Fix regression when loading firmware
- LP: #1571027
* perf/x86/intel: Fix PEBS data source interpretation on Nehalem/Westmere
- LP: #1571027
* ALSA: hda - Add new GPU codec ID 0x10de0082 to snd-hda
- LP: #1571027
* mwifiex: fix corner case association failure
- LP: #1571027
* net: phy: at803x: Request 'reset' GPIO only for AT8030 PHY
- LP: #1571027
* Linux 4.2.8-ckt8
- LP: #1571027
-- Kamal Mostafa <kamal@xxxxxxxxxxxxx> Mon, 18 Apr 2016 06:54:19 -0700
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1505948
Title:
Memory arena corruption with FUSE (was Memory allocation failure
crashes kernel hard, presumably related to FUSE)
Status in linux package in Ubuntu:
Fix Released
Status in linux source package in Wily:
Fix Released
Status in linux source package in Xenial:
Fix Released
Status in linux package in Fedora:
Unknown
Bug description:
== SRU Justification ==
Impact: Races in fuse's synchronous io handling can result in use-
after-free bugs which are causing kernel crashes.
Fix: Two commits from fuse-next, one which simply caches the result of
a test to avoid a use-after-free and another which adds reference
counting to the fuse_io_priv struct to get rid of some convoluted
rules for determining when this structure can be freed.
Test case: Tested on LP #1505948.
---
Hello everybody,
Linux 4.1, 4.2 or 4.3-rc leads to an immediate kernel panic in our
setup when trying to start a Qemu process on top of a fuse-based
mount. Here is an example stacktrace:
[ 739.807817] BUG: unable to handle kernel paging request at ffff8800a4104ea0
[ 739.840201] IP: [<ffffffff811cc95a>] kmem_cache_alloc_trace+0x7a/0x1f0
[ 739.870309] PGD 2fee067 PUD 2fbf4dd063 PMD 0
[ 739.890418] Oops: 0000 [#1] SMP
[ 739.905265] Modules linked in: nbd vport_vxlan vport_gre gre ebtable_filter ebtables openvswitch ib_iser rdma_cm iw_cm ib_cm ib_sa ib_mad ib_core ib_addr iscsi_tcp libiscsi_tcp libiscsi scsi_transport_iscsi ipt_REJECT nf_reject_ipv4 nf_conntrack_ipv4 nf_defrag_ipv4 iptable_filter xt_CT iptable_raw ip_tables xt_tcpudp ip6t_REJECT nf_reject_ipv6 xt_limit nf_conntrack_ipv6 nf_defrag_ipv6 xt_multiport xt_conntrack nf_conntrack ip6table_filter ip6_tables x_tables dm_crypt ipmi_ssif intel_rapl iosf_mbi x86_pkg_temp_thermal intel_powerclamp coretemp crct10dif_pclmul crc32_pclmul ghash_clmulni_intel aesni_intel aes_x86_64 lrw gf128mul glue_helper ablk_helper cryptd kvm_intel kvm ipmi_devintf vhost_net vhost macvtap macvlan joydev input_leds dm_multipath scsi_dh bonding sb_edac 8021q garp hpilo mrp stp ipmi_si llc edac_core lpc_ich ioatdma 8250_fintek ipmi_msghandler lp shpchp acpi_power_meter mac_hid parport nls_iso8859_1 sch_fq_codel xfs libcrc32c btrfs xor raid6_pq ixgbe ses enclosure hid_generic dca vxlan usbhid ip6_udp_tunnel tg3 udp_tunnel ptp hid pps_core hpsa mdio wmi
[ 740.345300] CPU: 8 PID: 10550 Comm: qemu-system-x86 Not tainted 4.2.0-040200-generic #201508301530
[ 740.386879] Hardware name: HP ProLiant DL380 Gen9, BIOS P89 05/06/2015
[ 740.416827] task: ffff882f8e958dc0 ti: ffff882f28c20000 task.ti: ffff882f28c20000
[ 740.451672] RIP: 0010:[<ffffffff811cc95a>] [<ffffffff811cc95a>] kmem_cache_alloc_trace+0x7a/0x1f0
[ 740.494047] RSP: 0018:ffff882f28c23c68 EFLAGS: 00010286
[ 740.518425] RAX: 0000000000000000 RBX: 00000000000000d0 RCX: 00000000000026b3
[ 740.551611] RDX: 00000000000026b2 RSI: 00000000000000d0 RDI: ffff882fbf407840
[ 740.584846] RBP: ffff882f28c23ca8 R08: 0000000000019920 R09: ffffe8d000200ab0
[ 740.618287] R10: ffffffff812e8dcd R11: ffffea00bca0ac00 R12: 00000000000000d0
[ 740.651320] R13: ffff882fbf407840 R14: ffff8800a4104ea0 R15: ffff882fbf407840
[ 740.684195] FS: 00007f2642ffd700(0000) GS:ffff882fbfa00000(0000) knlGS:0000000000000000
[ 740.722030] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 740.749469] CR2: ffff8800a4104ea0 CR3: 0000002f26f83000 CR4: 00000000001426e0
[ 740.783390] Stack:
[ 740.792577] ffffffff812e8dcd 0000000000000048 0000000000000002 ffff882f908c8468
[ 740.827003] 0000000001bef000 ffff882f928e4600 ffff882f28c23e48 ffff882f28c23d70
[ 740.860971] ffff882f28c23d38 ffffffff812e8dcd 0000000000000001 ffff882f908c8300
[ 740.894994] Call Trace:
[ 740.906211] [<ffffffff812e8dcd>] ? fuse_direct_IO+0xdd/0x280
[ 740.932940] [<ffffffff812e8dcd>] fuse_direct_IO+0xdd/0x280
[ 740.958866] [<ffffffff8117750e>] generic_file_direct_write+0x9e/0x150
[ 740.989318] [<ffffffff812e96bc>] fuse_file_write_iter+0x15c/0x2e0
[ 741.017725] [<ffffffff811e94a7>] __vfs_write+0xa7/0xf0
[ 741.041787] [<ffffffff811e9b09>] vfs_write+0xa9/0x190
[ 741.065307] [<ffffffff811ea9d9>] SyS_pwrite64+0x69/0xa0
[ 741.090141] [<ffffffff81085b57>] ? SyS_rt_sigprocmask+0x67/0xb0
[ 741.135924] [<ffffffff817a8e32>] entry_SYSCALL_64_fastpath+0x16/0x75
[ 741.183478] Code: 4c 03 05 32 d8 e3 7e 4d 8b 30 49 8b 40 10 4d 85 f6 0f 84 22 01 00 00 48 85 c0 0f 84 19 01 00 00 49 63 47 20 48 8d 4a 01 4d 8b 07 <49> 8b 1c 06 4c 89 f0 65 49 0f c7 08 0f 94 c0 84 c0 74 b9 49 63
[ 741.306817] RIP [<ffffffff811cc95a>] kmem_cache_alloc_trace+0x7a/0x1f0
The problem has also been documented by somebody else in the Fedora
bug tracker at https://bugzilla.redhat.com/show_bug.cgi?id=1254310
This behaviour is 100% reproducible. I have asked the fuse-devel
mailinglist for advice, but up to this point with no success:
http://sourceforge.net/p/fuse/mailman/message/34537139/
We are still investigating if this issue is also happening with 4.0
and will add the information to this bug report once we have it. Any
help on debugging will be greatly appreciated.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1505948/+subscriptions
References
