← Back to team overview

kernel-packages team mailing list archive

[Bug 1183616] Re: seccomp-bpf missing on ARM in precise

 

This bug was fixed in the package linux - 3.2.0-57.87

---------------
linux (3.2.0-57.87) precise; urgency=low

  [Steve Conklin]

  * Release Tracking Bug
    - LP: #1250622

  [ Andy Whitcroft ]

  * tools -- upgrade to common generic helper
    - LP: #1205284

  [ Kees Cook ]

  * SAUCE: backport ARM seccomp-bpf support
    - LP: #1183616

  [ Luis Henriques ]

  * SAUCE: ACPI battery: fix compiler warning
    - LP: #1247154

  [ Tim Gardner ]

  * [Config] updateconfigs: CONFIG_HAVE_AOUT=n for arm

  [ Upstream Kernel Changes ]

  * Revert "sctp: fix call to SCTP_CMD_PROCESS_SACK in
    sctp_cmd_interpreter()"
    - LP: #1249089
  * xen/blkback: Check device permissions before allowing OP_DISCARD
    - LP: #1091187
    - CVE-2013-2140
  * zram: allow request end to coincide with disksize
    - LP: #1246664
  * ARM: 7373/1: add support for the generic syscall.h interface
    - LP: #1183616
  * ARM: 7577/1: arch/add syscall_get_arch
    - LP: #1183616
  * htb: fix sign extension bug
    - LP: #1249089
  * net: check net.core.somaxconn sysctl values
    - LP: #1249089
  * fib_trie: remove potential out of bound access
    - LP: #1249089
  * tcp: cubic: fix overflow error in bictcp_update()
    - LP: #1249089
  * tcp: cubic: fix bug in bictcp_acked()
    - LP: #1249089
  * ipv6: don't stop backtracking in fib6_lookup_1 if subtree does not
    match
    - LP: #1249089
  * 8139cp: Add dma_mapping_error checking
    - LP: #1249089
  * tun: signedness bug in tun_get_user()
    - LP: #1249089
  * ipv6: remove max_addresses check from ipv6_create_tempaddr
    - LP: #1249089
  * ipv6: drop packets with multiple fragmentation headers
    - LP: #1249089
  * ipv6: Don't depend on per socket memory for neighbour discovery
    messages
    - LP: #1249089
  * net: bridge: convert MLDv2 Query MRC into msecs_to_jiffies for
    max_delay
    - LP: #1249089
  * ICMPv6: treat dest unreachable codes 5 and 6 as EACCES, not EPROTO
    - LP: #1249089
  * tipc: fix lockdep warning during bearer initialization
    - LP: #1249089
  * HID: hidraw: put old deallocation mechanism in place
    - LP: #1249089
  * HID: hidraw: correctly deallocate memory on device disconnect
    - LP: #1249089
  * xen-gnt: prevent adding duplicate gnt callbacks
    - LP: #1249089
  * ath9k: always clear ps filter bit on new assoc
    - LP: #1249089
  * libceph: unregister request in __map_request failed and nofail == false
    - LP: #1249089
  * usb: config->desc.bLength may not exceed amount of data returned by the
    device
    - LP: #1249089
  * USB: cdc-wdm: fix race between interrupt handler and tasklet
    - LP: #1249089
  * powerpc: Handle unaligned ldbrx/stdbrx
    - LP: #1249089
  * intel-iommu: Fix leaks in pagetable freeing
    - LP: #1249089
  * ath9k: fix rx descriptor related race condition
    - LP: #1249089
  * ath9k: avoid accessing MRC registers on single-chain devices
    - LP: #1249089
  * ASoC: wm8960: Fix PLL register writes
    - LP: #1249089
  * rculist: list_first_or_null_rcu() should use list_entry_rcu()
    - LP: #1249089
  * USB: mos7720: use GFP_ATOMIC under spinlock
    - LP: #1249089
  * USB: mos7720: fix big-endian control requests
    - LP: #1249089
  * staging: comedi: dt282x: dt282x_ai_insn_read() always fails
    - LP: #1249089
  * usb: ehci-mxc: check for pdata before dereferencing
    - LP: #1249089
  * mmc: tmio_mmc_dma: fix PIO fallback on SDHI
    - LP: #1249089
  * rt2800: fix wrong TX power compensation
    - LP: #1249089
  * usb: xhci: Disable runtime PM suspend for quirky controllers
    - LP: #1249089
  * USB: OHCI: Allow runtime PM without system sleep
    - LP: #1249089
  * ACPI / EC: Add ASUSTEK L4R to quirk list in order to validate ECDT
    - LP: #1249089
  * HID: validate HID report id size
    - LP: #1249089
    - CVE-2013-2888
  * of: Fix missing memory initialization on FDT unflattening
    - LP: #1249089
  * USB: fix build error when CONFIG_PM_SLEEP isn't enabled
    - LP: #1249089
  * drm/edid: add quirk for Medion MD30217PG
    - LP: #1249089
  * drm/radeon: update line buffer allocation for dce4.1/5
    - LP: #1249089
  * drm/radeon: fix LCD record parsing
    - LP: #1249089
  * drm/radeon: fix resume on some rs4xx boards (v2)
    - LP: #1249089
  * drm/radeon: fix handling of variable sized arrays for router objects
    - LP: #1249089
  * ALSA: hda - hdmi: Fallback to ALSA allocation when selecting CA
    - LP: #1249089
  * fuse: postpone end_page_writeback() in fuse_writepage_locked()
    - LP: #1249089
  * fuse: invalidate inode attributes on xattr modification
    - LP: #1249089
  * fuse: hotfix truncate_pagecache() issue
    - LP: #1249089
  * hdpvr: register the video node at the end of probe
    - LP: #1249089
  * hdpvr: fix iteration over uninitialized lists in hdpvr_probe()
    - LP: #1249089
  * fuse: readdir: check for slash in names
    - LP: #1249089
  * HID: pantherlord: validate output report details
    - LP: #1249089
    - CVE-2013-2892
  * HID: ntrig: validate feature report details
    - LP: #1249089
    - CVE-2013-2896
  * HID: picolcd_core: validate output report details
    - LP: #1249089
    - CVE-2013-2899
  * HID: check for NULL field when setting values
    - LP: #1249089
  * ARM: PCI: versatile: Fix SMAP register offsets
    - LP: #1249089
  * drm/i915: try not to lose backlight CBLV precision
    - LP: #1249089
  * crypto: api - Fix race condition in larval lookup
    - LP: #1249089
  * ALSA: hda - Add Toshiba Satellite C870 to MSI blacklist
    - LP: #1249089
  * drm/radeon/atom: workaround vbios bug in transmitter table on rs880
    (v2)
    - LP: #1249089
  * sd: Fix potential out-of-bounds access
    - LP: #1249089
  * ocfs2: fix the end cluster offset of FIEMAP
    - LP: #1249089
  * mm/huge_memory.c: fix potential NULL pointer dereference
    - LP: #1249089
  * memcg: fix multiple large threshold notifications
    - LP: #1249089
  * sched/fair: Fix small race where child->se.parent,cfs_rq might point to
    invalid ones
    - LP: #1249089
  * HID: provide a helper for validating hid reports
    - LP: #1249089
  * HID: zeroplus: validate output report details
    - LP: #1249089
    - CVE-2013-2889
  * HID: LG: validate HID output report details
    - LP: #1249089
    - CVE-2013-2893
  * HID: validate feature and input report details
    - LP: #1249089
    - CVE-2013-2897
  * HID: logitech-dj: validate output report details
    - LP: #1249089
    - CVE-2013-2895
  * ASoC: max98095: a couple array underflows
    - LP: #1249089
  * ASoC: 88pm860x: array overflow in snd_soc_put_volsw_2r_st()
    - LP: #1249089
  * drm/radeon: fix panel scaling with eDP and LVDS bridges
    - LP: #1249089
  * Bluetooth: Add a new PID/VID 0cf3/e005 for AR3012.
    - LP: #1249089
  * net: usb: cdc_ether: Use wwan interface for Telit modules
    - LP: #1249089
  * serial: pch_uart: fix tty-kref leak in rx-error path
    - LP: #1249089
  * serial: pch_uart: fix tty-kref leak in dma-rx path
    - LP: #1249089
  * x86, efi: Don't map Boot Services on i386
    - LP: #1249089
  * dm-snapshot: fix performance degradation due to small hash size
    - LP: #1249089
  * x86/reboot: Add quirk to make Dell C6100 use reboot=pci automatically
    - LP: #1249089
  * drm/radeon: disable tests/benchmarks if accel is disabled
    - LP: #1249089
  * drm/i915/dp: increase i2c-over-aux retry interval on AUX DEFER
    - LP: #1249089
  * staging: vt6656: [BUG] main_usb.c oops on device_close move flag
    earlier.
    - LP: #1249089
  * USB: fix PM config symbol in uhci-hcd, ehci-hcd, and xhci-hcd
    - LP: #1249089
  * usb/core/devio.c: Don't reject control message to endpoint with wrong
    direction bit
    - LP: #1249089
  * hwmon: (applesmc) Check key count before proceeding
    - LP: #1249089
  * rtlwifi: Align private space in rtl_priv struct
    - LP: #1249089
  * p54usb: add USB ID for Corega WLUSB2GTST USB adapter
    - LP: #1249089
  * usb: dwc3: pci: add support for BayTrail
    - LP: #1249089
  * usb: dwc3: add support for Merrifield
    - LP: #1249089
  * can: flexcan: fix flexcan_chip_start() on imx6
    - LP: #1249089
  * nilfs2: fix issue with race condition of competition between segments
    for dirty blocks
    - LP: #1249089
  * USB: serial: option: Ignore card reader interface on Huawei E1750
    - LP: #1249089
  * powerpc: Fix parameter clobber in csum_partial_copy_generic()
    - LP: #1249089
  * powerpc: Restore registers on error exit from
    csum_partial_copy_generic()
    - LP: #1249089
  * powerpc/sysfs: Disable writing to PURR in guest mode
    - LP: #1249089
  * powerpc/iommu: Use GFP_KERNEL instead of GFP_ATOMIC in
    iommu_init_table()
    - LP: #1249089
  * caif: Add missing braces to multiline if in cfctrl_linkup_request
    - LP: #1249089
  * net: sctp: fix smatch warning in sctp_send_asconf_del_ip
    - LP: #1249089
  * netpoll: fix NULL pointer dereference in netpoll_cleanup
    - LP: #1249089
  * net: sctp: fix ipv6 ipsec encryption bug in sctp_v6_xmit
    - LP: #1249089
  * resubmit bridge: fix message_age_timer calculation
    - LP: #1249089
  * ip: generate unique IP identificator if local fragmentation is allowed
    - LP: #1249089
  * ipv6: udp packets following an UFO enqueued packet need also be handled
    by UFO
    - LP: #1249089
  * via-rhine: fix VLAN priority field (PCP, IEEE 802.1p)
    - LP: #1249089
  * dm9601: fix IFF_ALLMULTI handling
    - LP: #1249089
  * bonding: Fix broken promiscuity reference counting issue
    - LP: #1249089
  * ipv4 igmp: use in_dev_put in timer handlers instead of __in_dev_put
    - LP: #1249089
  * ipv6 mcast: use in6_dev_put in timer handlers instead of __in6_dev_put
    - LP: #1249089
  * ll_temac: Reset dma descriptors indexes on ndo_open
    - LP: #1249089
  * esp_scsi: Fix tag state corruption when autosensing.
    - LP: #1249089
  * sparc64: Fix ITLB handler of null page
    - LP: #1249089
  * sparc64: Remove RWSEM export leftovers
    - LP: #1249089
  * sparc64: Fix off by one in trampoline TLB mapping installation loop.
    - LP: #1249089
  * sparc64: Fix not SRA'ed %o5 in 32-bit traced syscall
    - LP: #1249089
  * sparc32: Fix exit flag passed from traced sys_sigreturn
    - LP: #1249089
  * perf: Use css_tryget() to avoid propping up css refcount
    - LP: #1249089
  * debugfs: debugfs_remove_recursive() must not rely on
    list_empty(d_subdirs)
    - LP: #1249089
  * usb: core: don't try to reset_device() a port that got just
    disconnected
    - LP: #1249089
  * m68k: consolidate the vmlinux.lds linker scripts
    - LP: #1249089
  * m68k: use non-MMU linker script for ColdFire MMU builds
    - LP: #1249089
  * m68knommu: clean up linker script
    - LP: #1249089
  * powerpc/pseries/lparcfg: Fix possible overflow are more than 1026
    - LP: #1249089
  * macvtap: do not zerocopy if iov needs more pages than MAX_SKB_FRAGS
    - LP: #1249089
  * sfc: Fix efx_rx_buf_offset() for recycled pages
    - LP: #1249089
  * cgroup: fail if monitored file and event_control are in different
    cgroup
    - LP: #1249089
  * perf: Clarify perf_cpu_context::active_pmu usage by renaming it to
    ::unique_pmu
    - LP: #1249089
  * perf: Fix perf_cgroup_switch for sw-events
    - LP: #1249089
  * perf tools: Handle JITed code in shared memory
    - LP: #1249089
  * fanotify: dont merge permission events
    - LP: #1249089
  * HID: Fix Speedlink VAD Cezanne support for some devices
    - LP: #1249089
  * HID: usbhid: quirk for N-Trig DuoSense Touch Screen
    - LP: #1249089
  * isofs: Refuse RW mount of the filesystem instead of making it RO
    - LP: #1249089
  * iscsi: don't hang in endless loop if no targets present
    - LP: #1249089
  * xhci: Fix race between ep halt and URB cancellation
    - LP: #1249089
  * hwmon: (applesmc) Silence uninitialized warnings
    - LP: #1249089
  * ext4: avoid hang when mounting non-journal filesystems with orphan list
    - LP: #1249089
  * staging: comedi: ni_65xx: (bug fix) confine insn_bits to one subdevice
    - LP: #1249089
  * ACPI / IPMI: Fix atomic context requirement of ipmi_msg_handler()
    - LP: #1249089
  * mm, show_mem: suppress page counts in non-blockable contexts
    - LP: #1249089
  * gianfar: Change default HW Tx queue scheduling mode
    - LP: #1249089
  * can: flexcan: flexcan_chip_start: fix regression, mark one MB for TX
    and abort pending TX
    - LP: #1249089
  * Linux 3.2.52
    - LP: #1249089
 -- Steve Conklin <sconklin@xxxxxxxxxxxxx>   Tue, 12 Nov 2013 14:39:53 -0600

** Changed in: linux (Ubuntu Precise)
       Status: Triaged => Fix Released

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2013-2140

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2013-2888

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2013-2889

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2013-2892

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2013-2893

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2013-2895

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2013-2896

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2013-2897

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2013-2899

** Changed in: linux (Ubuntu Precise)
       Status: Triaged => Fix Released

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1183616

Title:
  seccomp-bpf missing on ARM in precise

Status in “linux” package in Ubuntu:
  Triaged
Status in “linux” source package in Precise:
  Fix Released

Bug description:
  While seccomp-bpf was backported into precise, it was only for x86.
  Now that the ARM support is upstream too, it would be great to have
  the same level of support on ARM in the LTS kernel.

  I'll prepare patches.

  [Impact]
  ARM devices lack seccomp-bpf protections when running seccomp-aware applications (e.g. Chrome)

  [Test Case]
  git clone https://github.com/redpig/seccomp.git
  cd seccomp/tests
  make
  ./seccomp_bpf_tests
  All tests should pass

  [Regression Potential]
  Low: ARM currently has no seccomp-bpf support, so this is very unlikely to cause regressions. The changes that are common between x86 and ARM bring Precise closer to upstream seccomp-bpf, so this is similarly unlike to cause regressions (as this code is more correct than what is currently in Precise). Changes have been minimized, and tested.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1183616/+subscriptions