kernel-packages team mailing list archive
-
kernel-packages team
-
Mailing list archive
-
Message #86949
[Bug 1371316] Re: Please cherry-pick an aufs patch to unbreak it in conjunction with IMA
This bug was fixed in the package linux - 3.13.0-39.66
---------------
linux (3.13.0-39.66) trusty; urgency=low
[ Luis Henriques ]
* Release Tracking Bug
- LP: #1386629
[ Upstream Kernel Changes ]
* KVM: x86: Check non-canonical addresses upon WRMSR
- LP: #1384539
- CVE-2014-3610
* KVM: x86: Prevent host from panicking on shared MSR writes.
- LP: #1384539
- CVE-2014-3610
* KVM: x86: Improve thread safety in pit
- LP: #1384540
- CVE-2014-3611
* KVM: x86: Fix wrong masking on relative jump/call
- LP: #1384545
- CVE-2014-3647
* KVM: x86: Warn if guest virtual address space is not 48-bits
- LP: #1384545
- CVE-2014-3647
* KVM: x86: Emulator fixes for eip canonical checks on near branches
- LP: #1384545
- CVE-2014-3647
* KVM: x86: emulating descriptor load misses long-mode case
- LP: #1384545
- CVE-2014-3647
* KVM: x86: Handle errors when RIP is set during far jumps
- LP: #1384545
- CVE-2014-3647
* kvm: vmx: handle invvpid vm exit gracefully
- LP: #1384544
- CVE-2014-3646
* Input: synaptics - gate forcepad support by DMI check
- LP: #1381815
linux (3.13.0-38.65) trusty; urgency=low
[ Luis Henriques ]
* Release Tracking Bug
- LP: #1379244
[ Andy Whitcroft ]
* Revert "SAUCE: scsi: hyper-v storsvc switch up to SPC-3"
- LP: #1354397
* [Config] linux-image-extra is additive to linux-image
- LP: #1375310
* [Config] linux-image-extra postrm is not needed on purge
- LP: #1375310
[ Upstream Kernel Changes ]
* Revert "KVM: x86: Increase the number of fixed MTRR regs to 10"
- LP: #1377564
* Revert "USB: option,zte_ev: move most ZTE CDMA devices to zte_ev"
- LP: #1377564
* aufs: bugfix, stop calling security_mmap_file() again
- LP: #1371316
* ipvs: fix ipv6 hook registration for local replies
- LP: #1349768
* Drivers: add blist flags
- LP: #1354397
* sd: fix a bug in deriving the FLUSH_TIMEOUT from the basic I/O timeout
- LP: #1354397
* drm/i915/bdw: Add 42ms delay for IPS disable
- LP: #1374389
* drm/i915: add null render states for gen6, gen7 and gen8
- LP: #1374389
* drm/i915/bdw: 3D_CHICKEN3 has write mask bits
- LP: #1374389
* drm/i915/bdw: Disable idle DOP clock gating
- LP: #1374389
* drm/i915: call lpt_init_clock_gating on BDW too
- LP: #1374389
* drm/i915: shuffle panel code
- LP: #1374389
* drm/i915: extract backlight minimum brightness from VBT
- LP: #1374389
* drm/i915: respect the VBT minimum backlight brightness
- LP: #1374389
* drm/i915/bdw: Apply workarounds in render ring init function
- LP: #1374389
* drm/i915/bdw: Cleanup pre prod workarounds
- LP: #1374389
* drm/i915: Replace hardcoded cacheline size with macro
- LP: #1374389
* drm/i915: Refactor Broadwell PIPE_CONTROL emission into a helper.
- LP: #1374389
* drm/i915: Add the WaCsStallBeforeStateCacheInvalidate:bdw workaround.
- LP: #1374389
* drm/i915/bdw: Remove BDW preproduction W/As until C stepping.
- LP: #1374389
* mptfusion: enable no_write_same for vmware scsi disks
- LP: #1371591
* iommu/amd: Fix cleanup_domain for mass device removal
- LP: #1375266
* cifs: mask off top byte in get_rfc1002_length()
- LP: #1372482
* Input: synaptics - add support for ForcePads
- LP: #1377564
* ASoC: pxa-ssp: drop SNDRV_PCM_FMTBIT_S24_LE
- LP: #1377564
* drm/radeon: add bapm module parameter
- LP: #1377564
* drm/radeon: Add missing lines to ci_set_thermal_temperature_range
- LP: #1377564
* drm/radeon: Add ability to get and change dpm state when radeon PX card
is turned off
- LP: #1377564
* ALSA: hda/realtek - Avoid setting wrong COEF on ALC269 & co
- LP: #1377564
* of/irq: Fix lookup to use 'interrupts-extended' property first
- LP: #1377564
* Possible null ptr deref in SMB2_tcon
- LP: #1377564
* CIFS: Fix SMB2 readdir error handling
- LP: #1377564
* CIFS: Fix wrong directory attributes after rename
- LP: #1377564
* md/raid6: avoid data corruption during recovery of double-degraded
RAID6
- LP: #1377564
* ARM: dts: i.MX53: fix apparent bug in VPU clks
- LP: #1377564
* pata_scc: propagate return value of scc_wait_after_reset
- LP: #1377564
* libata: widen Crucial M550 blacklist matching
- LP: #1377564
* ALSA: hda - restore the gpio led after resume
- LP: #1358116, #1377564
* md/raid10: fix memory leak when reshaping a RAID10.
- LP: #1377564
* md/raid10: Fix memory leak when raid10 reshape completes.
- LP: #1377564
* MIPS: OCTEON: make get_system_type() thread-safe
- LP: #1377564
* can: c_can: checking IS_ERR() instead of NULL
- LP: #1377564
* HID: logitech: perform bounds checking on device_id early enough
- LP: #1377564
* firmware: Do not use WARN_ON(!spin_is_locked())
- LP: #1377564
* drm/radeon: add new KV pci id
- LP: #1377564
* drm/radeon: add new bonaire pci ids
- LP: #1377564
* drm/radeon: add additional SI pci ids
- LP: #1377564
* ibmveth: Fix endian issues with rx_no_buffer statistic
- LP: #1377564
* spi/omap-mcspi: Fix the spi task hangs waiting dma_rx
- LP: #1377564
* xtensa: replace IOCTL code definitions with constants
- LP: #1377564
* xtensa: fix address checks in dma_{alloc,free}_coherent
- LP: #1377564
* xtensa: fix access to THREAD_RA/THREAD_SP/THREAD_DS
- LP: #1377564
* xtensa: fix TLBTEMP_BASE_2 region handling in fast_second_level_miss
- LP: #1377564
* xtensa: fix a6 and a7 handling in fast_syscall_xtensa
- LP: #1377564
* staging: lustre: Remove circular dependency on header
- LP: #1377564
* USB: option: reduce interrupt-urb logging verbosity
- LP: #1377564
* USB: option: add VIA Telecom CDS7 chipset device id
- LP: #1377564
* USB: zte_ev: remove duplicate Gobi PID
- LP: #1377564
* USB: zte_ev: remove duplicate Qualcom PID
- LP: #1377564
* USB: ftdi_sio: add Basic Micro ATOM Nano USB2Serial PID
- LP: #1377564
* USB: serial: pl2303: add device id for ztek device
- LP: #1377564
* USB: ftdi_sio: Added PID for new ekey device
- LP: #1377564
* xhci: Treat not finding the event_seg on COMP_STOP the same as
COMP_STOP_INVAL
- LP: #1377564
* usb: xhci: amd chipset also needs short TX quirk
- LP: #1377564
* xhci: rework cycle bit checking for new dequeue pointers
- LP: #1377564
* spi/pxa2xx: Add ACPI ID for Intel Braswell
- LP: #1377564
* ALSA: core: fix buffer overflow in snd_info_get_line()
- LP: #1377564
* HID: logitech-dj: prevent false errors to be shown
- LP: #1377564
* usb: ehci: using wIndex + 1 for hub port
- LP: #1377564
* staging/rtl8188eu: add 0df6:0076 Sitecom Europe B.V.
- LP: #1377564
* staging: r8188eu: Add new USB ID
- LP: #1377564
* mtd: nand: omap: Fix 1-bit Hamming code scheme, omap_calculate_ecc()
- LP: #1377564
* trace: Fix epoll hang when we race with new entries
- LP: #1377564
* cfq-iosched: Fix wrong children_weight calculation
- LP: #1377564
* USB: sisusb: add device id for Magic Control USB video
- LP: #1377564
* NFSv4: Fix problems with close in the presence of a delegation
- LP: #1377564
* usb: hub: Prevent hub autosuspend if usbcore.autosuspend is -1
- LP: #1377564
* ARM: 8128/1: abort: don't clear the exclusive monitors
- LP: #1377564
* ARM: 8129/1: errata: work around Cortex-A15 erratum 830321 using dummy
strex
- LP: #1377564
* USB: serial: fix potential stack buffer overflow
- LP: #1377564
* USB: serial: fix potential heap buffer overflow
- LP: #1377564
* ext4: update i_disksize coherently with block allocation on error path
- LP: #1377564
* jbd2: fix infinite loop when recovering corrupt journal blocks
- LP: #1377564
* jbd2: fix descriptor block size handling errors with journal_csum
- LP: #1377564
* memblock, memhotplug: fix wrong type in memblock_find_in_range_node().
- LP: #1377564
* xattr: fix check for simultaneous glibc header inclusion
- LP: #1377564
* KVM: s390: Fix user triggerable bug in dead code
- LP: #1377564
* KVM: s390/mm: try a cow on read only pages for key ops
- LP: #1377564
* regmap: Fix regcache debugfs initialization
- LP: #1377564
* regmap: Fix handling of volatile registers for format_write() chips
- LP: #1377564
* ASoC: rt5640: Do not allow regmap to use bulk read-write operations
- LP: #1377564
* drm/i915: Remove bogus __init annotation from DMI callbacks
- LP: #1377564
* hwmon: (ds1621) Update zbits after conversion rate change
- LP: #1377564
* arm64: ptrace: fix compat hardware watchpoint reporting
- LP: #1377564
* ARM/ARM64: KVM: Nuke Hyp-mode tlbs before enabling MMU
- LP: #1377564
* arm/arm64: KVM: Complete WFI/WFE instructions
- LP: #1377564
* get rid of propagate_umount() mistakenly treating slaves as busy.
- LP: #1377564
* fix EBUSY on umount() from MNT_SHRINKABLE
- LP: #1377564
* regmap: Don't attempt block writes when syncing cache on single_rw
devices
- LP: #1377564
* drm/vmwgfx: Fix a potential infinite spin waiting for fifo idle
- LP: #1377564
* ALSA: hda - Fix digital mic on Acer Aspire 3830TG
- LP: #1377564
* xfs: don't dirty buffers beyond EOF
- LP: #1377564
* xfs: don't zero partial page cache pages during O_DIRECT writes
- LP: #1377564
* xfs: don't zero partial page cache pages during O_DIRECT writes
- LP: #1377564
* ALSA: hda - Fix COEF setups for ALC1150 codec
- LP: #1377564
* i2c: rcar: fix MNR interrupt handling
- LP: #1377564
* i2c: mv64xxx: continue probe when clock-frequency is missing
- LP: #1377564
* i2c: at91: Fix a race condition during signal handling in
at91_do_twi_xfer.
- LP: #1377564
* i2c: at91: add bound checking on SMBus block length bytes
- LP: #1377564
* aio: add missing smp_rmb() in read_events_ring
- LP: #1377564
* KEYS: Fix use-after-free in assoc_array_gc()
- LP: #1377564
* ACPI / cpuidle: fix deadlock between cpuidle_lock and cpu_hotplug.lock
- LP: #1377564
* USB: fix build error with CONFIG_PM_RUNTIME disabled
- LP: #1377564
* Linux 3.13.11.8
- LP: #1377564
* powerpc: Fix kdump hang issue on p8 with relocation on exception
enabled.
- LP: #1352056
* net-gre-gro: Fix a bug that breaks the forwarding path
- LP: #1377851
-- Luis Henriques <luis.henriques@xxxxxxxxxxxxx> Tue, 28 Oct 2014 10:29:51 +0000
** Changed in: linux (Ubuntu Trusty)
Status: Fix Committed => Fix Released
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2014-3610
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2014-3611
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2014-3646
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2014-3647
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1371316
Title:
Please cherry-pick an aufs patch to unbreak it in conjunction with IMA
Status in “linux” package in Ubuntu:
Invalid
Status in “linux-lts-trusty” package in Ubuntu:
Invalid
Status in “linux” source package in Precise:
Invalid
Status in “linux-lts-trusty” source package in Precise:
In Progress
Status in “linux” source package in Trusty:
Fix Released
Status in “linux-lts-trusty” source package in Trusty:
Invalid
Bug description:
SRU justification
Impact: when using IMA with aufs in trusty potential exists for very
hard to diagnose lockups.
Testcase: enable IMA and use an aufs filesystem.
Regression Potential: the fix is an upstream cherry-pick from the version of
aufs in Utopic which is used widly for lxc there so regression potential is low. The fix removes code which also lessens the risk.
===
The trusty kernel misses the following patch that already landed in
utopic with the recent aufs update:
https://github.com/sfjro/aufs3-linux/commit/7aac34b421441b701cd0e6de4685b51e4c462d67
This unbreaks aufs with IMA (Integrity Measurement Architecture)
enabled. When IMA is enabled and mmaps are being tracked, the kernel
hits a lock ordering bug because a needed semaphore is already held.
This patch fixes this issue by not calling out to IMA for the access
to the underlying file. However IMA will still see the access to the
file in the merged aufs, which should be good enough.
Please cherry-pick above patch.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1371316/+subscriptions
References
