Ubuntu
linux package

Cosmic update to 4.17.16 stable release

Bug #1787972 reported by Thadeu Lima de Souza Cascardo on 2018-08-20

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	linux (Ubuntu)	Fix Released	Undecided	Unassigned

Bug Description

SRU Justification

    Impact:
       The upstream process for stable tree updates is quite similar
       in scope to the Ubuntu SRU process, e.g., each patch has to
       demonstrably fix a bug, and each patch is vetted by upstream
       by originating either directly from a mainline/stable Linux tree or
       a minimally backported form of that patch. The 4.17.16 upstream stable
       patch set is now available. It should be included in the Ubuntu
       kernel as well.

git://git.kernel.org/

TEST CASE: TBD

The following patches from the 4.17.16 stable release shall be applied:

085c22bb54b8 Linux 4.17.16
c812c53e814d x86/mm: Add TLB purge to free pmd/pte page interfaces
a033b10861c7 ioremap: Update pgtable free interfaces with addr
0c37356f695f Bluetooth: hidp: buffer overflow in hidp_process_report
82ca3d13d852 crypto: skcipher - fix crash flushing dcache in error path
f21a81f5b952 crypto: skcipher - fix aligning block size in skcipher_copy_iv()
483efa679b61 crypto: ablkcipher - fix crash flushing dcache in error path
a404181a65f9 crypto: blkcipher - fix crash flushing dcache in error path
55c689bd3d1c crypto: vmac - separate tfm and request context
b26243c535d3 crypto: vmac - require a block cipher with 128-bit block size
7aaaad0da8a5 crypto: x86/sha256-mb - fix digest copy in sha256_mb_mgr_get_comp_job_avx2()
3dcf89469076 crypto: ccp - Fix command completion detection race
80a5eb6b3745 crypto: ccp - Check for NULL PSP pointer at module unload
a2a9b8b34cc8 crypto: ccree - fix iv handling
4e2befa3feeb crypto: ccree - fix finup
6b773162355a kbuild: verify that $DEPMOD is installed
9c018f562dd9 x86/mm: Disable ioremap free page handling on x86-PAE
dc891b7ba381 xen/pv: Call get_cpu_address_sizes to set x86_virt/phys_bits
63687997fd18 x86/mm/pti: Clear Global bit more aggressively
af1cd0e89651 x86/platform/UV: Mark memblock related init code and data correctly
921eb6977ca8 x86: i8259: Add missing include file
0fee79788745 x86/l1tf: Fix build error seen if CONFIG_KVM_INTEL is disabled

Tags:

CVE References

2018-9363

Thadeu Lima de Souza Cascardo (cascardo) on 2018-08-20

tags:

added: kernel-stable-tracking-bug

Revision history for this message

Launchpad Janitor (janitor) wrote on 2018-08-28:

Download full text (12.2 KiB)

This bug was fixed in the package linux - 4.17.0-9.10

---------------
linux (4.17.0-9.10) cosmic; urgency=medium

* linux: 4.17.0-9.10 -proposed tracker (LP: #1787988)

  * Cosmic update to 4.17.17 stable release (LP: #1787973)
    - x86/speculation/l1tf: Exempt zeroed PTEs from inversion
    - Linux 4.17.17

  * Cosmic update to 4.17.16 stable release (LP: #1787972)
    - x86/l1tf: Fix build error seen if CONFIG_KVM_INTEL is disabled
    - x86: i8259: Add missing include file
    - x86/platform/UV: Mark memblock related init code and data correctly
    - x86/mm/pti: Clear Global bit more aggressively
    - xen/pv: Call get_cpu_address_sizes to set x86_virt/phys_bits
    - x86/mm: Disable ioremap free page handling on x86-PAE
    - kbuild: verify that $DEPMOD is installed
    - crypto: ccree - fix finup
    - crypto: ccree - fix iv handling
    - crypto: ccp - Check for NULL PSP pointer at module unload
    - crypto: ccp - Fix command completion detection race
    - crypto: x86/sha256-mb - fix digest copy in sha256_mb_mgr_get_comp_job_avx2()
    - crypto: vmac - require a block cipher with 128-bit block size
    - crypto: vmac - separate tfm and request context
    - crypto: blkcipher - fix crash flushing dcache in error path
    - crypto: ablkcipher - fix crash flushing dcache in error path
    - crypto: skcipher - fix aligning block size in skcipher_copy_iv()
    - crypto: skcipher - fix crash flushing dcache in error path
    - ioremap: Update pgtable free interfaces with addr
    - x86/mm: Add TLB purge to free pmd/pte page interfaces
    - Linux 4.17.16

* Cosmic update to 4.17.16 stable release (LP: #1787972) // CVE-2018-9363
- Bluetooth: hidp: buffer overflow in hidp_process_report

  * linux-cloud-tools-common: Ensure hv-kvp-daemon.service starts before
    walinuxagent.service (LP: #1739107)
    - [Debian] hyper-v -- Ensure that hv-kvp-daemon.service starts before
      walinuxagent.service

* Miscellaneous Ubuntu changes
- [Packaging] retpoline -- fix temporary filenaming

linux (4.17.0-8.9) cosmic; urgency=medium

* linux: 4.17.0-8.9 -proposed tracker (LP: #1787259)

This bug was fixed in the package linux - 4.17.0-9.10

---------------
linux (4.17.0-9.10) cosmic; urgency=medium

* linux: 4.17.0-9.10 -proposed tracker (LP: #1787988)

* Cosmic update to 4.17.17 stable release (LP: #1787973)
    - x86/speculation/l1tf: Exempt zeroed PTEs from inversion
    - Linux 4.17.17

* Cosmic update to 4.17.16 stable release (LP: #1787972) // CVE-2018-9363
    - Bluetooth: hidp: buffer overflow in hidp_process_report

* Miscellaneous Ubuntu changes
    - [Packaging] retpoline -- fix temporary filenaming

linux (4.17.0-8.9) cosmic; urgency=medium

* linux: 4.17.0-8.9 -proposed tracker (LP: #1787259)

* Cosmic update to v4.17.15 stable release (LP: #1787257)
    - parisc: Enable CONFIG_MLONGCALLS by default
    - parisc: Define mb() and add memory barriers to assembler unlock sequences
    - Mark HI and TASKLET softirq synchronous
    - stop_machine: Disable preemption after queueing stopper threads
    - sched/deadline: Update rq_clock of later_rq when pushing a task
    - zram: remove BD_CAP_SYNCHRONOUS_IO with writeback feature
    - xen/netfront: don't cache skb_shinfo()
    - bpf, sockmap: fix leak in bpf_tcp_sendmsg wait for mem path
    - bpf, sockmap: fix bpf_tcp_sendmsg sock error handling
    - scsi: sr: Avoid that opening a CD-ROM hangs with runtime power management
      enabled
    - scsi: qla2xxx: Fix memory leak for allocating abort IOCB
    - init: rename and re-order boot_cpu_state_init()
    - root dentries need RCU-delayed freeing
    - make sure that __dentry_kill() always invalidates d_seq, unhashed or not
    - fix mntput/mntput race
    - fix __legitimize_mnt()/mntput() race
    - ARM: dts: imx6sx: fix irq for pcie bridge
    - x86/paravirt: Fix spectre-v2 mitigations for paravirt guests
    - x86/speculation: Protect against userspace-userspace spectreRSB
    - kprobes/x86: Fix %p uses in error messages
    - x86/irqflags: Provide a declaration for native_save_fl
    - x86/speculation/l1tf: Increase 32bit PAE __PHYSICAL_PAGE_SHIFT
    - x86/speculation/l1tf: Change order of offset/type in swap entry
    - x86/speculation/l1tf: Protect swap entries against L1TF
    - x86/speculation/l1tf: Protect PROT_NONE PTEs against speculation
    - x86/speculation/l1tf: Make sure the first page is always reserved
    - x86/speculation/l1tf: Add sysfs reporting for l1tf
    - x86/speculation/l1tf: Disallow non privileged high MMIO PROT_NONE mappings
    - x86/speculation/l1tf: Limit swap file size to MAX_PA/2
    - x86/bugs: Move the l1tf function and define pr_fmt properly
    - sched/smt: Update sched_smt_present at runtime
    - x86/smp: Provide topology_is_primary_thread()
    - x86/topology: Provide topology_smt_supported()
    - cpu/hotplug: Make bringup/teardown of smp threads symmetric
    - cpu/hotplug: Split do_cpu_down()
    - cpu/hotplug: Provide knobs to control SMT
    - x86/cpu: Remove the pointless CPU printout
    - x86/cpu/AMD: Remove the pointless detect_ht() call
    - x86/cpu/common: Provide detect_ht_early()
    - x86/cpu/topology: Provide detect_extended_topology_early()
    - x86/cpu/intel: Evaluate smp_num_siblings early
    - x86/CPU/AMD: Do not check CPUID max ext level before parsing SMP info
    - x86/cpu/AMD: Evaluate smp_num_siblings early
    - x86/apic: Ignore secondary threads if nosmt=force
    - x86/speculation/l1tf: Extend 64bit swap file size limit
    - x86/cpufeatures: Add detection of L1D cache flush support.
    - x86/CPU/AMD: Move TOPOEXT reenablement before reading smp_num_siblings
    - x86/speculation/l1tf: Protect PAE swap entries against L1TF
    - x86/speculation/l1tf: Fix up pte->pfn conversion for PAE
    - Revert "x86/apic: Ignore secondary threads if nosmt=force"
    - cpu/hotplug: Boot HT siblings at least once
    - x86/KVM: Warn user if KVM is loaded SMT and L1TF CPU bug being present
    - x86/KVM/VMX: Add module argument for L1TF mitigation
    - x86/KVM/VMX: Add L1D flush algorithm
    - x86/KVM/VMX: Add L1D MSR based flush
    - x86/KVM/VMX: Add L1D flush logic
    - x86/KVM/VMX: Split the VMX MSR LOAD structures to have an host/guest numbers
    - x86/KVM/VMX: Add find_msr() helper function
    - x86/KVM/VMX: Separate the VMX AUTOLOAD guest/host number accounting
    - x86/KVM/VMX: Extend add_atomic_switch_msr() to allow VMENTER only MSRs
    - x86/KVM/VMX: Use MSR save list for IA32_FLUSH_CMD if required
    - cpu/hotplug: Online siblings when SMT control is turned on
    - x86/litf: Introduce vmx status variable
    - x86/kvm: Drop L1TF MSR list approach
    - x86/l1tf: Handle EPT disabled state proper
    - x86/kvm: Move l1tf setup function
    - x86/kvm: Add static key for flush always
    - x86/kvm: Serialize L1D flush parameter setter
    - x86/kvm: Allow runtime control of L1D flush
    - cpu/hotplug: Expose SMT control init function
    - cpu/hotplug: Set CPU_SMT_NOT_SUPPORTED early
    - x86/bugs, kvm: Introduce boot-time control of L1TF mitigations
    - Documentation: Add section about CPU vulnerabilities
    - x86/speculation/l1tf: Unbreak !__HAVE_ARCH_PFN_MODIFY_ALLOWED architectures
    - x86/KVM/VMX: Initialize the vmx_l1d_flush_pages' content
    - Documentation/l1tf: Fix typos
    - cpu/hotplug: detect SMT disabled by BIOS
    - x86/KVM/VMX: Don't set l1tf_flush_l1d to true from vmx_l1d_flush()
    - x86/KVM/VMX: Replace 'vmx_l1d_flush_always' with 'vmx_l1d_flush_cond'
    - x86/KVM/VMX: Move the l1tf_flush_l1d test to vmx_l1d_flush()
    - x86/irq: Demote irq_cpustat_t::__softirq_pending to u16
    - x86/KVM/VMX: Introduce per-host-cpu analogue of l1tf_flush_l1d
    - x86: Don't include linux/irq.h from asm/hardirq.h
    - x86/irq: Let interrupt handlers set kvm_cpu_l1tf_flush_l1d
    - x86/KVM/VMX: Don't set l1tf_flush_l1d from vmx_handle_external_intr()
    - Documentation/l1tf: Remove Yonah processors from not vulnerable list
    - x86/speculation: Simplify sysfs report of VMX L1TF vulnerability
    - x86/speculation: Use ARCH_CAPABILITIES to skip L1D flush on vmentry
    - KVM: VMX: Tell the nested hypervisor to skip L1D flush on vmentry
    - cpu/hotplug: Fix SMT supported evaluation
    - x86/speculation/l1tf: Invert all not present mappings
    - x86/speculation/l1tf: Make pmd/pud_mknotpresent() invert
    - x86/mm/pat: Make set_memory_np() L1TF safe
    - x86/mm/kmmio: Make the tracer robust against L1TF
    - tools headers: Synchronize prctl.h ABI header
    - tools headers: Synchronise x86 cpufeatures.h for L1TF additions
    - x86/microcode: Allow late microcode loading with SMT disabled
    - x86/smp: fix non-SMP broken build due to redefinition of
      apic_id_is_primary_thread
    - cpu/hotplug: Non-SMP machines do not make use of booted_once
    - x86/init: fix build with CONFIG_SWAP=n
    - x86/CPU/AMD: Have smp_num_siblings and cpu_llc_id always be present
    - Linux 4.17.15
    - [Config] updateconfigs after v4.17.15 stable update

* Cosmic update to v4.17.14 stable release (LP: #1787031)
    - scsi: qla2xxx: Fix unintialized List head crash
    - scsi: qla2xxx: Fix NPIV deletion by calling wait_for_sess_deletion
    - scsi: qla2xxx: Fix driver unload by shutting down chip
    - scsi: qla2xxx: Fix ISP recovery on unload
    - scsi: qla2xxx: Return error when TMF returns
    - jfs: Fix usercopy whitelist for inline inode data
    - genirq: Make force irq threading setup more robust
    - perf/x86/intel/uncore: Fix hardcoded index of Broadwell extra PCI devices
    - nohz: Fix local_timer_softirq_pending()
    - nohz: Fix missing tick reprogram when interrupting an inline softirq
    - netlink: Don't shift on 64 for ngroups
    - ring_buffer: tracing: Inherit the tracing setting to next ring buffer
    - i2c: imx: Fix reinit_completion() use
    - Btrfs: fix file data corruption after cloning a range and fsync
    - Partially revert "block: fail op_is_write() requests to read-only
      partitions"
    - xfs: validate cached inodes are free when allocated
    - Linux 4.17.14

* Consider enabling CONFIG_NETWORK_PHY_TIMESTAMPING (LP: #1785816)
    - [Config] Enable timestamping in network PHY devices

* Cosmic update to 4.17.13 stable release (LP: #1785710)
    - bonding: avoid lockdep confusion in bond_get_stats()
    - inet: frag: enforce memory limits earlier
    - ipv4: frags: handle possible skb truesize change
    - net: dsa: Do not suspend/resume closed slave_dev
    - netlink: Fix spectre v1 gadget in netlink_create()
    - net: stmmac: Fix WoL for PCI-based setups
    - rxrpc: Fix user call ID check in rxrpc_service_prealloc_one
    - net/mlx5e: E-Switch, Initialize eswitch only if eswitch manager
    - net/mlx5e: Set port trust mode to PCP as default
    - net/mlx5e: IPoIB, Set the netdevice sw mtu in ipoib enhanced flow
    - squashfs: more metadata hardening
    - squashfs: more metadata hardenings
    - can: ems_usb: Fix memory leak on ems_usb_disconnect()
    - net: socket: fix potential spectre v1 gadget in socketcall
    - net: socket: Fix potential spectre v1 gadget in sock_is_registered
    - virtio_balloon: fix another race between migration and ballooning
    - x86/efi: Access EFI MMIO data as unencrypted when SEV is active
    - x86/apic: Future-proof the TSC_DEADLINE quirk for SKX
    - x86/entry/64: Remove %ebx handling from error_entry/exit
    - kvm: x86: vmx: fix vpid leak
    - audit: fix potential null dereference 'context->module.name'
    - ipc/shm.c add ->pagesize function to shm_vm_ops
    - userfaultfd: remove uffd flags from vma->vm_flags if UFFD_EVENT_FORK fails
    - iwlwifi: add more card IDs for 9000 series
    - brcmfmac: fix regression in parsing NVRAM for multiple devices
    - RDMA/uverbs: Expand primary and alt AV port checks
    - crypto: padlock-aes - Fix Nano workaround data corruption
    - drm/vc4: Reset ->{x, y}_scaling[1] when dealing with uniplanar formats
    - drm/atomic: Check old_plane_state->crtc in drm_atomic_helper_async_check()
    - drm/atomic: Initialize variables in drm_atomic_helper_async_check() to make
      gcc happy
    - scsi: sg: fix minor memory leak in error path
    - Linux 4.17.13

* CacheFiles: Error: Overlong wait for old active object to go away.
    (LP: #1776254)
    - cachefiles: Fix missing clear of the CACHEFILES_OBJECT_ACTIVE flag
    - cachefiles: Wait rather than BUG'ing on "Unexpected object collision"

* fscache cookie refcount updated incorrectly during fscache object allocation
    (LP: #1776277) // fscache cookie refcount updated incorrectly during fscache
    object allocation (LP: #1776277)
    - fscache: Fix reference overput in fscache_attach_object() error handling

* FS-Cache: Assertion failed: FS-Cache: 6 == 5 is false (LP: #1774336)
    - Revert "UBUNTU: SAUCE: CacheFiles: fix a read_waiter/read_copier race"
    - fscache: Allow cancelled operations to be enqueued
    - cachefiles: Fix refcounting bug in backing-file read monitoring

* Miscellaneous Ubuntu changes
    - [Config] CONFIG_SYSCTL_SYSCALL=n

-- Thadeu Lima de Souza Cascardo <cascardo@canonical.com>  Mon, 20 Aug 2018 14:37:36 -0300

Changed in linux (Ubuntu):
status:	New → Fix Released

Brad Figg (brad-figg) on 2019-07-24

tags:

added: cscc

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.

Ubuntulinux package