This bug was fixed in the package linux - 4.4.0-38.57 --------------- linux (4.4.0-38.57) xenial; urgency=low
[ Tim Gardner ] * Release Tracking Bug - LP: #1620658 * CIFS client: access problems after updating to kernel 4.4.0-29-generic (LP: #1612135) - Revert "UBUNTU: SAUCE: (namespace) Bypass sget() capability check for nfs" - fs: Call d_automount with the filesystems creds * apt-key add fails in overlayfs (LP: #1618572) - SAUCE: overlayfs: fix regression in whiteout detection linux (4.4.0-37.56) xenial; urgency=low [ Tim Gardner ] * Release Tracking Bug - LP: #1618040 * [Feature] Instruction decoder support for new SKX instructions- AVX512 (LP: #1591655) - x86/insn: perf tools: Fix vcvtph2ps instruction decoding - x86/insn: Add AVX-512 support to the instruction decoder - perf tools: Add AVX-512 support to the instruction decoder used by Intel PT - perf tools: Add AVX-512 instructions to the new instructions test * [Ubuntu 16.04] FCoE Lun not visible in OS with inbox driver - Issue with ioremap() call on 32bit kernel (LP: #1608652) - lpfc: Correct issue with ioremap() call on 32bit kernel * [Feature] turbostat support for Skylake-SP server (LP: #1591802) - tools/power turbostat: decode more CPUID fields - tools/power turbostat: CPUID(0x16) leaf shows base, max, and bus frequency - tools/power turbostat: decode HWP registers - tools/power turbostat: Decode MSR_MISC_PWR_MGMT - tools/power turbostat: allow sub-sec intervals - tools/power turbostat: Intel Xeon x200: fix erroneous bclk value - tools/power turbostat: Intel Xeon x200: fix turbo-ratio decoding - tools/power turbostat: re-name "%Busy" field to "Busy%" - tools/power turbostat: add --out option for saving output in a file - tools/power turbostat: fix compiler warnings - tools/power turbostat: make fewer systems calls - tools/power turbostat: show IRQs per CPU - tools/power turbostat: show GFXMHz - tools/power turbostat: show GFX%rc6 - tools/power turbostat: detect and work around syscall jitter - tools/power turbostat: indicate SMX and SGX support - tools/power turbostat: call __cpuid() instead of __get_cpuid() - tools/power turbostat: correct output for MSR_NHM_SNB_PKG_CST_CFG_CTL dump - tools/power turbostat: bugfix: TDP MSRs print bits fixing - tools/power turbostat: SGX state should print only if --debug - tools/power turbostat: print IRTL MSRs - tools/power turbostat: initial BXT support - tools/power turbostat: decode BXT TSC frequency via CPUID - tools/power turbostat: initial SKX support * [BYT] display hotplug doesn't work on console (LP: #1616894) - drm/i915/vlv: Make intel_crt_reset() per-encoder - drm/i915/vlv: Reset the ADPA in vlv_display_power_well_init() - drm/i915/vlv: Disable HPD in valleyview_crt_detect_hotplug() - drm/i915: Enable polling when we don't have hpd * [Feature]intel_idle enabling on Broxton-P (LP: #1520446) - intel_idle: add BXT support * [Feature] EDAC: Update driver for SKX-SP (LP: #1591815) - [Config] CONFIG_EDAC_SKX=m - EDAC, skx_edac: Add EDAC driver for Skylake * [Feature] KBL: Sandy Peak(3168) WiFi/BT support (LP: #1591648) - Bluetooth: Add support for Intel Bluetooth device 3168 [8087:0aa7] * MacBookPro11,4 fails to poweroff or suspend (LP: #1587714) - SAUCE: PCI: Workaround to enable poweroff on Mac Pro 11 * Support Edge Gateway's Bluetooth LED (LP: #1512999) - SAUCE: Bluetooth: Support for LED on Edge Gateways - SAUCE: Bluetooth: Use host bridge subsystem IDs to identify Edge Gateways * Please add support for alps touchpad. (LP: #1616813) - [Config] CONFIG_HID_ALPS=m - HID: add Alps I2C HID Touchpad-Stick support - HID: alps: struct u1_dev *priv is internal to the driver - HID: alps: pass correct sizes to hid_hw_raw_request() - HID: alps: match alps devices in core - HID: alps: a few cleanups * DINO2M - System hangs with a black screen during s4 stress test (LP: #1616781) - x86/power/64: Fix kernel text mapping corruption during image restoration * Xenial update to v4.4.17 stable release (LP: #1611833) - USB: OHCI: Don't mark EDs as ED_OPER if scheduling fails - x86/quirks: Apply nvidia_bugs quirk only on root bus - x86/quirks: Reintroduce scanning of secondary buses - x86/quirks: Add early quirk to reset Apple AirPort card - dmaengine: at_xdmac: align descriptors on 64 bits - dmaengine: at_xdmac: fix residue corruption - dmaengine: at_xdmac: double FIFO flush needed to compute residue - mm, sl[au]b: add __GFP_ATOMIC to the GFP reclaim mask - mm, compaction: abort free scanner if split fails - fs/nilfs2: fix potential underflow in call to crc32_le - mm, compaction: prevent VM_BUG_ON when terminating freeing scanner - mm, meminit: always return a valid node from early_pfn_to_nid - mm, meminit: ensure node is online before checking whether pages are uninitialised - vmlinux.lds: account for destructor sections - pps: do not crash when failed to register - kernel/sysrq, watchdog, sched/core: Reset watchdog on all CPUs while processing sysrq-w - arc: unwind: warn only once if DW2_UNWIND is disabled - ARC: unwind: ensure that .debug_frame is generated (vs. .eh_frame) - xen/pciback: Fix conf_space read/write overlap check. - xenbus: don't BUG() on user mode induced condition - xenbus: don't bail early from xenbus_dev_request_and_reply() - Input: vmmouse - remove port reservation - Input: elantech - add more IC body types to the list - Input: xpad - fix oops when attaching an unknown Xbox One gamepad - Input: wacom_w8001 - w8001_MAX_LENGTH should be 13 - Input: xpad - validate USB endpoint count during probe - Input: tsc200x - report proper input_dev name - pvclock: Add CPU barriers to get correct version value - pinctrl: single: Fix missing flush of posted write for a wakeirq - pinctrl: imx: Do not treat a PIN without MUX register as an error - cgroup: set css->id to -1 during init - power_supply: power_supply_read_temp only if use_cnt > 0 - locks: use file_inode() - Revert "ecryptfs: forbid opening files without mmap handler" - ecryptfs: don't allow mmap when the lower fs doesn't support it - ext4: verify extent header depth - 9p: use file_dentry() - namespace: update event counter when umounting a deleted dentry - spi: sunxi: fix transfer timeout - spi: sun4i: fix FIFO limit - clk: rockchip: initialize flags of clk_init_data in mmc-phase clock - platform/chrome: cros_ec_dev - double fetch bug in ioctl - block: fix use-after-free in sys_ioprio_get() - mmc: block: fix packed command header endianness - sched/fair: Fix effective_load() to consistently use smoothed load - ovl: handle ATTR_KILL* - perf/x86: fix PEBS issues on Intel Atom/Core2 - can: at91_can: RX queue could get stuck at high bus load - can: c_can: Update D_CAN TX and RX functions to 32 bit - fix Altera Cyclone access - can: fix handling of unmodifiable configuration options fix - can: fix oops caused by wrong rtnl dellink usage - RDS: fix rds_tcp_init() error path - SCSI: fix new bug in scsi_dev_info_list string matching - ipr: Clear interrupt on croc/crocodile when running with LSI - posix_cpu_timer: Exit early when process has been reaped - i2c: mux: reg: wrong condition checked for of_address_to_resource return value - libata: LITE-ON CX1-JB256-HP needs lower max_sectors - libceph: apply new_state before new_up_client on incrementals - net: mvneta: set real interrupt per packet for tx_done - intel_th: pci: Add Kaby Lake PCH-H support - intel_th: Fix a deadlock in modprobing - vfs: fix deadlock in file_remove_privs() on overlayfs - Linux 4.4.17 - xenbus: don't look up transaction IDs for ordinary writes * Enable virtual scsi server driver for Power (LP: #1615665) - [Config] CONFIG_SCSI_IBMVSCSIS=m - target: Add target_alloc_session() helper function - ibmvscsis: Initial commit of IBM VSCSI Tgt Driver * AES-XTS poor performance in Ubuntu 16.04 (LP: #1613295) - crypto: vmx: Only call enable_kernel_vsx() - powerpc: Create disable_kernel_{fp,altivec,vsx,spe}() - crypto: vmx - Adding asm subroutines for XTS - crypto: xts - consolidate sanity check for keys - crypto: vmx - Adding support for XTS - crypto: vmx - Fix aes_p8_xts_decrypt build failure - crypto: xts - fix compile errors * System hang when plug/pull USB 3.1 key via thunderbolt port over 5 times (LP: #1616318) - USB: don't free bandwidth_mutex too early * Ubuntu 16.04 - Full EEH Recovery Support for NVMe devices (LP: #1602724) - nvme: Suspend all queues before deletion * change_hat is logging failures during expected hat probing (LP: #1615893) - SAUCE: apparmor: Fix auditing behavior for change_hat probing * deleted files outside of the namespace are not being treated as disconnected (LP: #1615892) - SAUCE: apparmor: deleted dentries can be disconnected * stacking to unconfined in a child namespace confuses mediation (LP: #1615890) - SAUCE: apparmor: special case unconfined when determining the mode * apparmor module parameters can be changed after the policy is locked (LP: #1615895) - SAUCE: apparmor: fix: parameters can be changed after policy is locked * AppArmor profile reloading causes an intermittent kernel BUG (LP: #1579135) - SAUCE: apparmor: fix vec_unique for vectors larger than 8 * label vec reductions can result in reference labels instead of direct access to labels (LP: #1615889) - SAUCE: apparmor: reduction of vec to single entry is just that entry * profiles from different namespaces can block other namespaces from being able to load a profile (LP: #1615887) - SAUCE: apparmor: profiles in one ns can affect mediation in another ns * vmalloc failure leads to null ptr dereference in aa_dfa_next (LP: #1592547) - SAUCE: apparmor: oops in profile_unpack() when policy_db is not present * vmalloc_addr is being checked on the failed return address of kvzalloc() (LP: #1615885) - SAUCE: apparmor: fix: don't check for vmalloc_addr if kvzalloc() failed * dfa is missing a bounds check which can cause an oops (LP: #1615882) - SAUCE: apparmor: Add missing id bounds check on dfa verification * The label build for onexec when stacking is wrong (LP: #1615881) - SAUCE: apparmor: Fix label build for onexec stacking. * The inherit check for new to old label comparison for domain transitions is wrong (LP: #1615880) - SAUCE: apparmor: Fix new to old label comparison for domain transitions * warning stack trace while playing with apparmor namespaces (LP: #1593874) - SAUCE: apparmor: fix stack trace when removing namespace with profiles * __label_update proxy comparison test is wrong (LP: #1615878) - SAUCE: apparmor: Fix __label_update proxy comparison test * Xenial update to v4.4.19 stable release (LP: #1615620) - usb: gadget: avoid exposing kernel stack - usb: f_fs: off by one bug in _ffs_func_bind() - usb: renesas_usbhs: protect the CFIFOSEL setting in usbhsg_ep_enable() - usb: dwc3: fix for the isoc transfer EP_BUSY flag - USB: serial: option: add support for Telit LE910 PID 0x1206 - usb: renesas_usbhs: fix NULL pointer dereference in xfer_work() - arm64: kernel: Save and restore UAO and addr_limit on exception entry - arm64: debug: unmask PSTATE.D earlier - arm64: Fix incorrect per-cpu usage for boot CPU - tty: serial: msm: Don't read off end of tx fifo - serial: samsung: Fix ERR pointer dereference on deferred probe - tty/serial: atmel: fix RS485 half duplex with DMA - gpio: pca953x: Fix NBANK calculation for PCA9536 - gpio: intel-mid: Remove potentially harmful code - Bluetooth: hci_intel: Fix null gpio desc pointer dereference - pinctrl: cherryview: prevent concurrent access to GPIO controllers - arm64: dts: rockchip: fixes the gic400 2nd region size for rk3368 - arm64: mm: avoid fdt_check_header() before the FDT is fully mapped - KVM: PPC: Book3S HV: Pull out TM state save/restore into separate procedures - KVM: PPC: Book3S HV: Save/restore TM state in H_CEDE - KVM: MTRR: fix kvm_mtrr_check_gfn_range_consistency page fault - KVM: VMX: handle PML full VMEXIT that occurs during event delivery - KVM: nVMX: Fix memory corruption when using VMCS shadowing - intel_pstate: Fix MSR_CONFIG_TDP_x addressing in core_get_max_pstate() - mfd: qcom_rpm: Fix offset error for msm8660 - mfd: qcom_rpm: Parametrize also ack selector size - media: usbtv: prevent access to free'd resources - media: dvb_ringbuffer: Add memory barriers - vb2: core: Skip planes array verification if pb is NULL - Fix RC5 decoding with Fintek CIR chipset - sur40: lower poll interval to fix occasional FPS drops to ~56 FPS - sur40: fix occasional oopses on device close - dm: set DMF_SUSPENDED* _before_ clearing DMF_NOFLUSH_SUSPENDING - hp-wmi: Fix wifi cannot be hard-unblocked - s5p-mfc: Set device name for reserved memory region devs - s5p-mfc: Add release callback for memory region devs - i2c: efm32: fix a failure path in efm32_i2c_probe() - spi: pxa2xx: Clear all RFT bits in reset_sccr1() on Intel Quark - Bluetooth: Fix l2cap_sock_setsockopt() with optname BT_RCVMTU - EDAC: Correct channel count limit - HID: uhid: fix timeout when probe races with IO - ovl: disallow overlayfs as upperdir - remoteproc: Fix potential race condition in rproc_add - ARC: mm: don't loose PTE_SPECIAL in pte_modify() - jbd2: make journal y2038 safe - fs/cifs: make share unaccessible at root level mountable - cifs: Check for existing directory when opening file with O_CREAT - cifs: fix crash due to race in hmac(md5) handling - CIFS: Fix a possible invalid memory access in smb2_query_symlink() - random: initialize the non-blocking pool via add_hwgenerator_randomness() - random: print a warning for the first ten uninitialized random users - random: add interrupt callback to VMBus IRQ handler - MIPS: KVM: Fix mapped fault broken commpage handling - MIPS: KVM: Add missing gfn range check - MIPS: KVM: Fix gfn range check in kseg0 tlb faults - MIPS: KVM: Propagate kseg0/mapped tlb fault errors - nfs: don't create zero-length requests - nfsd: Fix race between FREE_STATEID and LOCK - nfsd: don't return an unhashed lock stateid after taking mutex - drm/i915: Don't complain about lack of ACPI video bios - iommu/exynos: Suppress unbinding to prevent system failure - iommu/vt-d: Return error code in domain_context_mapping_one() - iommu/amd: Handle IOMMU_DOMAIN_DMA in ops->domain_free call-back - iommu/amd: Init unity mappings only for dma_ops domains - iommu/amd: Update Alias-DTE in update_device_table() - audit: fix a double fetch in audit_log_single_execve_arg() - ARM: dts: sunxi: Add a startup delay for fixed regulator enabled phys - netlabel: add address family checks to netlbl_{sock,req}_delattr() - w1:omap_hdq: fix regression - drm/amdgpu: add a delay after ATPX dGPU power off - drm/amdgpu: Poll for both connect/disconnect on analog connectors - drm/amdgpu: support backlight control for UNIPHY3 - drm/amdgpu: Disable RPM helpers while reprobing connectors on resume - drm/amdgpu: fix firmware info version checks - drm/amdgpu/gmc7: add missing mullins case - drm/radeon: add a delay after ATPX dGPU power off - drm/radeon: Poll for both connect/disconnect on analog connectors - drm/radeon: fix firmware info version checks - drm/radeon: support backlight control for UNIPHY3 - drm/nouveau/gr/nv3x: fix instobj write offsets in gr setup - drm/nouveau/fbcon: fix font width not divisible by 8 - drm: Restore double clflush on the last partial cacheline - drm/edid: Add 6 bpc quirk for display AEO model 0. - drm/i915: Never fully mask the the EI up rps interrupt on SNB/IVB - drm/i915/dp: Revert "drm/i915/dp: fall back to 18 bpp when sink capability is unknown" - balloon: check the number of available pages in leak balloon - ftrace/recordmcount: Work around for addition of metag magic but not relocations - metag: Fix __cmpxchg_u32 asm constraint for CMP - block: add missing group association in bio-cloning functions - block: fix bdi vs gendisk lifetime mismatch - mtd: nand: fix bug writing 1 byte less than page size - mm/hugetlb: avoid soft lockup in set_max_huge_pages() - ALSA: hda: Fix krealloc() with __GFP_ZERO usage - ALSA: hda/realtek - Can't adjust speaker's volume on a Dell AIO - ALSA: hda: add AMD Bonaire AZ PCI ID with proper driver caps - ALSA: hda - Fix headset mic detection problem for two dell machines - IB/mlx5: Fix MODIFY_QP command input structure - IB/mlx5: Fix entries checks in mlx5_ib_create_cq - IB/mlx5: Fix returned values of query QP - IB/mlx5: Fix entries check in mlx5_ib_resize_cq - IB/mlx5: Fix post send fence logic - IB/mlx5: Return PORT_ERR in Active to Initializing tranisition - IB/SA: Use correct free function - IB/IPoIB: Don't update neigh validity for unresolved entries - IB/IWPM: Fix a potential skb leak - IB/mlx4: Fix the SQ size of an RC QP - IB/mlx4: Fix error flow when sending mads under SRIOV - IB/mlx4: Fix memory leak if QP creation failed - of: fix memory leak related to safe_name() - ubi: Make volume resize power cut aware - ubi: Fix early logging - ubi: Fix race condition between ubi device creation and udev - iscsi-target: Fix panic when adding second TCP connection to iSCSI session - target: Fix ordered task target_setup_cmd_from_cdb exception hang - target: Fix missing complete during ABORT_TASK + CMD_T_FABRIC_STOP - target: Fix race between iscsi-target connection shutdown + ABORT_TASK - target: Fix max_unmap_lba_count calc overflow - target: Fix ordered task CHECK_CONDITION early exception handling - Input: elan_i2c - properly wake up touchpad on ASUS laptops - SUNRPC: Don't allocate a full sockaddr_storage for tracing - MIPS: mm: Fix definition of R6 cache instruction - MIPS: Don't register r4k sched clock when CPUFREQ enabled - MIPS: hpet: Increase HPET_MIN_PROG_DELTA and decrease HPET_MIN_CYCLES - PCI: Mark Atheros AR9485 and QCA9882 to avoid bus reset - x86/platform/intel_mid_pci: Rework IRQ0 workaround - ACPI / EC: Work around method reentrancy limit in ACPICA for _Qxx - rtc: s3c: Add s3c_rtc_{enable/disable}_clk in s3c_rtc_setfreq() - dm flakey: error READ bios during the down_interval - module: Invalidate signatures on force-loaded modules - Documentation/module-signing.txt: Note need for version info if reusing a key - Linux 4.4.19 * xfrm: ipsec crash when updating spd thresholds (LP: #1613787) - xfrm: Ignore socket policies when rebuilding hash tables * ISST-LTE:pKVM311:lotg5:Ubutu16041:lotg5 crashed @ writeback_sb_inodes+0x30c/0x590 (LP: #1614565) - writeback: Write dirty times for WB_SYNC_ALL writeback * IBM Power 720 Ethernet Not Seen (LP: #1612725) - [Config] CONFIG_IBMEBUS=y for powerpc * CAPI: Update default setting for the psl_fir_cntl register (LP: #1612431) - cxl: Set psl_fir_cntl to production environment value * Xenial update to v4.4.18 stable release (LP: #1614560) - tcp: enable per-socket rate limiting of all 'challenge acks' - ipv4: reject RTNH_F_DEAD and RTNH_F_LINKDOWN from user space - bonding: set carrier off for devices created through netlink - net: bgmac: Fix infinite loop in bgmac_dma_tx_add() - net/irda: fix NULL pointer dereference on memory allocation failure - qed: Fix setting/clearing bit in completion bitmap - tcp: consider recv buf for the initial window scale - ipath: Restrict use of the write() interface - scsi: ignore errors from scsi_dh_add_device() - HID: sony: do not bail out when the sixaxis refuses the output report - i2c: i801: Allow ACPI SystemIO OpRegion to conflict with PCI BAR - arm: oabi compat: add missing access checks - KEYS: 64-bit MIPS needs to use compat_sys_keyctl for 32-bit userspace - Revert "s390/kdump: Clear subchannel ID to signal non-CCW/SCSI IPL" - random: strengthen input validation for RNDADDTOENTCNT - devpts: clean up interface to pty drivers - x86/mm/pat: Add support of non-default PAT MSR setting - x86/mm/pat: Add pat_disable() interface - x86/mm/pat: Replace cpu_has_pat with boot_cpu_has() - x86/mtrr: Fix Xorg crashes in Qemu sessions - x86/mtrr: Fix PAT init handling when MTRR is disabled - x86/xen, pat: Remove PAT table init code from Xen - x86/pat: Document the PAT initialization sequence - x86/mm/pat: Fix BUG_ON() in mmap_mem() on QEMU/i386 - drm/i915: Pretend cursor is always on for ILK-style WM calculations (v2) - x86/syscalls/64: Add compat_sys_keyctl for 32-bit userspace - block: fix use-after-free in seq file - sysv, ipc: fix security-layer leaking - fuse: fsync() did not return IO errors - fuse: fuse_flush must check mapping->flags for errors - fuse: fix wrong assignment of ->flags in fuse_send_init() - fs/dcache.c: avoid soft-lockup in dput() - crypto: gcm - Filter out async ghash if necessary - crypto: scatterwalk - Fix test in scatterwalk_done - ext4: check for extents that wrap around - ext4: fix deadlock during page writeback - ext4: don't call ext4_should_journal_data() on the journal inode - ext4: validate s_reserved_gdt_blocks on mount - ext4: short-cut orphan cleanup on error - ext4: fix reference counting bug on block allocation error - mm: memcontrol: fix cgroup creation failure after many small jobs - mm: memcontrol: fix swap counter leak on swapout from offline cgroup - mm: memcontrol: fix memcg id ref counter on swap charge move - Linux 4.4.18 * Ubuntu16.10:installation fails on Brazos system (31TB and 192 cores) No memory for flatten_device_tree (no room) (LP: #1614309) - SAUCE: powerpc/pseries: Increase RMA size to 512MB. * [SRU] xgene_enet: 10g performance only hits ~75% on multi-client tests (LP: #1613157) - drivers: net: xgene: Add support for Classifier engine - drivers: net: xgene: Add support for RSS - drivers: net: xgene: Add support for multiple queues * [SRU] xgene_enet: an extra interrupt may be pending for an interrupt controller that doesn't support irq_disable and hardware with level interrupt (LP: #1611399) - drivers: net: xgene: fix extra IRQ issue * Mic mute hotkey does not work on usb keyboard [03f0:2f4a] (LP: #1609606) - HID: input: add mic mute key on HP slim keyboard -- Tim Gardner <tim.gard...@canonical.com> Tue, 30 Aug 2016 12:24:30 -0600 ** Changed in: linux (Ubuntu Xenial) Status: Fix Committed => Fix Released -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1615895 Title: apparmor module parameters can be changed after the policy is locked Status in AppArmor: New Status in linux package in Ubuntu: Incomplete Status in linux source package in Xenial: Fix Released Status in linux source package in Yakkety: Incomplete Bug description: the policy_lock parameter is a one way switch that prevents policy from being further modified. Unfortunately some of the module parameters can effectively modify policy by turning off enforcement. split policy_admin_capable into a view check and a full admin check, and update the admin check to test the policy_lock parameter. To manage notifications about this bug go to: https://bugs.launchpad.net/apparmor/+bug/1615895/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp