Bug #1750813 “qeth: fix L3 next-hop im xmit qeth hdr” : Xenial (16.04) : Bugs : linux package : Ubuntu

bugproxy (bugproxy) on 2018-02-21

tags:	added: architecture-s39064 bugnameltc-164873 severity-high targetmilestone-inin1804
Changed in ubuntu:
assignee:	nobody → Skipper Bug Screeners (skipper-screen-team)
affects:	ubuntu → linux (Ubuntu)

Frank Heimes (fheimes) on 2018-02-22

Changed in ubuntu-z-systems:
status:	New → Triaged
importance:	Undecided → High
assignee:	nobody → Canonical Kernel Team (canonical-kernel-team)

Revision history for this message

Dimitri John Ledkov (xnox) wrote on 2018-02-22:

#1

This is already fix released, as the commit mentioned is in the v4.13+ kernels.

Is this a request to backport this to some previous release? Because this is an invalid request for 18.04.

Changed in ubuntu-z-systems:
status:	Triaged → Invalid
Changed in linux (Ubuntu):
status:	New → Invalid

Revision history for this message

Joseph Salisbury (jsalisbury) wrote on 2018-02-22:

#2

Commit ec2c6726322f0d2 is in mainline as of v4.13-rc5, so Artful and Bionic already contain the fix. Are you requesting it in Xenial?

Changed in linux (Ubuntu):
importance:	Undecided → High
status:	Invalid → Triaged
assignee:	Skipper Bug Screeners (skipper-screen-team) → Joseph Salisbury (jsalisbury)

Revision history for this message

bugproxy (bugproxy) wrote on 2018-02-23: Comment bridged from LTC Bugzilla

#3

------- Comment From <email address hidden> 2018-02-23 04:02 EDT-------
Yes, its recommended to incl. it into Xenial

Dimitri John Ledkov (xnox) on 2018-02-24

Changed in linux (Ubuntu Xenial):
assignee:	nobody → Joseph Salisbury (jsalisbury)
importance:	Undecided → High
status:	New → Triaged
Changed in linux (Ubuntu):
status:	Triaged → Fix Released
Changed in ubuntu-z-systems:
status:	Invalid → Triaged

Joseph Salisbury (jsalisbury) on 2018-02-26

Changed in linux (Ubuntu Xenial):
status:	Triaged → In Progress

Frank Heimes (fheimes) on 2018-02-27

Changed in ubuntu-z-systems:
status:	Triaged → In Progress

Revision history for this message

Joseph Salisbury (jsalisbury) wrote on 2018-02-27:

#4

I built a test kernel with commit ec2c6726322f0d270bab477e4904bf9496f70ee5. The test kernel can be downloaded from:
http://kernel.ubuntu.com/~jsalisbury/lp1750813

Can you test this kernel and see if it resolves this bug?

Note, to test this kernel, you need to install both the linux-image and linux-image-extra .deb packages.

Thanks in advance!

Revision history for this message

bugproxy (bugproxy) wrote on 2018-02-27:

#5

------- Comment From <email address hidden> 2018-02-27 11:50 EDT-------
I'm not able to test this kernel, but this patch was verified upfront, before posting..

Revision history for this message

Joseph Salisbury (jsalisbury) wrote on 2018-03-01:

#6

SRU Request submitted:
https://lists.ubuntu.com/archives/kernel-team/2018-March/090520.html

description:

updated

Frank Heimes (fheimes) on 2018-03-01

Changed in ubuntu-z-systems:
status:	In Progress → Fix Committed

Kleber Sacilotto de Souza (kleber-souza) on 2018-03-02

Changed in linux (Ubuntu Xenial):
status:	In Progress → Fix Committed

Revision history for this message

Stefan Bader (smb) wrote on 2018-03-19:

#7

This bug is awaiting verification that the kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-xenial' to 'verification-done-xenial'. If the problem still exists, change the tag 'verification-needed-xenial' to 'verification-failed-xenial'.

If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you!

tags:

added: verification-needed-xenial

Revision history for this message

bugproxy (bugproxy) wrote on 2018-03-19:

#8

------- Comment From <email address hidden> 2018-03-19 07:33 EDT-------
patch verified upfront - see LP comment #5 from 2018-02-27

Frank Heimes (fheimes) on 2018-03-19

tags:

added: verification-done-xenial
removed: verification-needed-xenial

Revision history for this message

Launchpad Janitor (janitor) wrote on 2018-04-04:

#9

Download full text (56.9 KiB)

This bug was fixed in the package linux - 4.4.0-119.143

---------------
linux (4.4.0-119.143) xenial; urgency=medium

* linux: 4.4.0-119.143 -proposed tracker (LP: #1760327)

* Dell XPS 13 9360 bluetooth scan can not detect any device (LP: #1759821)
- Revert "Bluetooth: btusb: fix QCA Rome suspend/resume"

linux (4.4.0-118.142) xenial; urgency=medium

* linux: 4.4.0-118.142 -proposed tracker (LP: #1759607)

* Kernel panic with AWS 4.4.0-1053 / 4.4.0-1015 (Trusty) (LP: #1758869)
- x86/microcode/AMD: Do not load when running on a hypervisor

  * CVE-2018-8043
    - net: phy: mdio-bcm-unimac: fix potential NULL dereference in
      unimac_mdio_probe()

linux (4.4.0-117.141) xenial; urgency=medium

* linux: 4.4.0-117.141 -proposed tracker (LP: #1755208)

  * Xenial update to 4.4.114 stable release (LP: #1754592)
    - x86/asm/32: Make sync_core() handle missing CPUID on all 32-bit kernels
    - usbip: prevent vhci_hcd driver from leaking a socket pointer address
    - usbip: Fix implicit fallthrough warning
    - usbip: Fix potential format overflow in userspace tools
    - x86/microcode/intel: Fix BDW late-loading revision check
    - x86/retpoline: Fill RSB on context switch for affected CPUs
    - sched/deadline: Use the revised wakeup rule for suspending constrained dl
      tasks
    - can: af_can: can_rcv(): replace WARN_ONCE by pr_warn_once
    - can: af_can: canfd_rcv(): replace WARN_ONCE by pr_warn_once
    - PM / sleep: declare __tracedata symbols as char[] rather than char
    - time: Avoid undefined behaviour in ktime_add_safe()
    - timers: Plug locking race vs. timer migration
    - Prevent timer value 0 for MWAITX
    - drivers: base: cacheinfo: fix x86 with CONFIG_OF enabled
    - drivers: base: cacheinfo: fix boot error message when acpi is enabled
    - PCI: layerscape: Add "fsl,ls2085a-pcie" compatible ID
    - PCI: layerscape: Fix MSG TLP drop setting
    - mmc: sdhci-of-esdhc: add/remove some quirks according to vendor version
    - fs/select: add vmalloc fallback for select(2)
    - hwpoison, memcg: forcibly uncharge LRU pages
    - cma: fix calculation of aligned offset
    - mm, page_alloc: fix potential false positive in __zone_watermark_ok
    - ipc: msg, make msgrcv work with LONG_MIN
    - x86/ioapic: Fix incorrect pointers in ioapic_setup_resources()
    - ACPI / processor: Avoid reserving IO regions too early
    - ACPI / scan: Prefer devices without _HID/_CID for _ADR matching
    - ACPICA: Namespace: fix operand cache leak
    - netfilter: x_tables: speed up jump target validation
    - netfilter: arp_tables: fix invoking 32bit "iptable -P INPUT ACCEPT" failed
      in 64bit kernel
    - netfilter: nf_dup_ipv6: set again FLOWI_FLAG_KNOWN_NH at flowi6_flags
    - netfilter: nf_ct_expect: remove the redundant slash when policy name is
      empty
    - netfilter: nfnetlink_queue: reject verdict request from different portid
    - netfilter: restart search if moved to other chain
    - netfilter: nf_conntrack_sip: extend request line validation
    - netfilter: use fwmark_reflect in nf_send_reset
    - ext2: Don't clear SGID when inheriting ACLs
    - reiserfs: fix race in prealloc discard
    - re...

This bug was fixed in the package linux - 4.4.0-119.143

---------------
linux (4.4.0-119.143) xenial; urgency=medium

* linux: 4.4.0-119.143 -proposed tracker (LP: #1760327)

* Dell XPS 13 9360 bluetooth scan can not detect any device (LP: #1759821)
    - Revert "Bluetooth: btusb: fix QCA Rome suspend/resume"

linux (4.4.0-118.142) xenial; urgency=medium

* linux: 4.4.0-118.142 -proposed tracker (LP: #1759607)

* Kernel panic with AWS 4.4.0-1053 / 4.4.0-1015 (Trusty) (LP: #1758869)
    - x86/microcode/AMD: Do not load when running on a hypervisor

* CVE-2018-8043
    - net: phy: mdio-bcm-unimac: fix potential NULL dereference in
      unimac_mdio_probe()

linux (4.4.0-117.141) xenial; urgency=medium

* linux: 4.4.0-117.141 -proposed tracker (LP: #1755208)

* Xenial update to 4.4.114 stable release (LP: #1754592)
    - x86/asm/32: Make sync_core() handle missing CPUID on all 32-bit kernels
    - usbip: prevent vhci_hcd driver from leaking a socket pointer address
    - usbip: Fix implicit fallthrough warning
    - usbip: Fix potential format overflow in userspace tools
    - x86/microcode/intel: Fix BDW late-loading revision check
    - x86/retpoline: Fill RSB on context switch for affected CPUs
    - sched/deadline: Use the revised wakeup rule for suspending constrained dl
      tasks
    - can: af_can: can_rcv(): replace WARN_ONCE by pr_warn_once
    - can: af_can: canfd_rcv(): replace WARN_ONCE by pr_warn_once
    - PM / sleep: declare __tracedata symbols as char[] rather than char
    - time: Avoid undefined behaviour in ktime_add_safe()
    - timers: Plug locking race vs. timer migration
    - Prevent timer value 0 for MWAITX
    - drivers: base: cacheinfo: fix x86 with CONFIG_OF enabled
    - drivers: base: cacheinfo: fix boot error message when acpi is enabled
    - PCI: layerscape: Add "fsl,ls2085a-pcie" compatible ID
    - PCI: layerscape: Fix MSG TLP drop setting
    - mmc: sdhci-of-esdhc: add/remove some quirks according to vendor version
    - fs/select: add vmalloc fallback for select(2)
    - hwpoison, memcg: forcibly uncharge LRU pages
    - cma: fix calculation of aligned offset
    - mm, page_alloc: fix potential false positive in __zone_watermark_ok
    - ipc: msg, make msgrcv work with LONG_MIN
    - x86/ioapic: Fix incorrect pointers in ioapic_setup_resources()
    - ACPI / processor: Avoid reserving IO regions too early
    - ACPI / scan: Prefer devices without _HID/_CID for _ADR matching
    - ACPICA: Namespace: fix operand cache leak
    - netfilter: x_tables: speed up jump target validation
    - netfilter: arp_tables: fix invoking 32bit "iptable -P INPUT ACCEPT" failed
      in 64bit kernel
    - netfilter: nf_dup_ipv6: set again FLOWI_FLAG_KNOWN_NH at flowi6_flags
    - netfilter: nf_ct_expect: remove the redundant slash when policy name is
      empty
    - netfilter: nfnetlink_queue: reject verdict request from different portid
    - netfilter: restart search if moved to other chain
    - netfilter: nf_conntrack_sip: extend request line validation
    - netfilter: use fwmark_reflect in nf_send_reset
    - ext2: Don't clear SGID when inheriting ACLs
    - reiserfs: fix race in prealloc discard
    - reiserfs: don't preallocate blocks for extended attributes
    - reiserfs: Don't clear SGID when inheriting ACLs
    - fs/fcntl: f_setown, avoid undefined behaviour
    - scsi: libiscsi: fix shifting of DID_REQUEUE host byte
    - Input: trackpoint - force 3 buttons if 0 button is reported
    - usb: usbip: Fix possible deadlocks reported by lockdep
    - usbip: fix stub_rx: get_pipe() to validate endpoint number
    - usbip: fix stub_rx: harden CMD_SUBMIT path to handle malicious input
    - usbip: prevent leaking socket pointer address in messages
    - um: link vmlinux with -no-pie
    - vsyscall: Fix permissions for emulate mode with KAISER/PTI
    - eventpoll.h: add missing epoll event masks
    - x86/microcode/intel: Extend BDW late-loading further with LLC size check
    - hrtimer: Reset hrtimer cpu base proper on CPU hotplug
    - dccp: don't restart ccid2_hc_tx_rto_expire() if sk in closed state
    - ipv6: Fix getsockopt() for sockets with default IPV6_AUTOFLOWLABEL
    - ipv6: fix udpv6 sendmsg crash caused by too small MTU
    - ipv6: ip6_make_skb() needs to clear cork.base.dst
    - lan78xx: Fix failure in USB Full Speed
    - net: igmp: fix source address check for IGMPv3 reports
    - tcp: __tcp_hdrlen() helper
    - net: qdisc_pkt_len_init() should be more robust
    - pppoe: take ->needed_headroom of lower device into account on xmit
    - r8169: fix memory corruption on retrieval of hardware statistics.
    - sctp: do not allow the v4 socket to bind a v4mapped v6 address
    - sctp: return error if the asoc has been peeled off in sctp_wait_for_sndbuf
    - vmxnet3: repair memory leak
    - net: Allow neigh contructor functions ability to modify the primary_key
    - ipv4: Make neigh lookup keys for loopback/point-to-point devices be
      INADDR_ANY
    - flow_dissector: properly cap thoff field
    - net: tcp: close sock if net namespace is exiting
    - nfsd: auth: Fix gid sorting when rootsquash enabled
    - Linux 4.4.114

* Xenial update to 4.4.113 stable release (LP: #1754375)
    - gcov: disable for COMPILE_TEST
    - scsi: sg: disable SET_FORCE_LOW_DMA
    - futex: Prevent overflow by strengthen input validation
    - ALSA: pcm: Remove yet superfluous WARN_ON()
    - ALSA: hda - Apply headphone noise quirk for another Dell XPS 13 variant
    - ALSA: hda - Apply the existing quirk to iMac 14,1
    - af_key: fix buffer overread in verify_address_len()
    - af_key: fix buffer overread in parse_exthdrs()
    - scsi: hpsa: fix volume offline state
    - sched/deadline: Zero out positive runtime after throttling constrained tasks
    - pipe: avoid round_pipe_size() nr_pages overflow on 32-bit
    - x86/apic/vector: Fix off by one in error path
    - Input: 88pm860x-ts - fix child-node lookup
    - Input: twl6040-vibra - fix DT node memory management
    - Input: twl6040-vibra - fix child-node lookup
    - Input: twl4030-vibra - fix sibling-node lookup
    - tracing: Fix converting enum's from the map in trace_event_eval_update()
    - phy: work around 'phys' references to usb-nop-xceiv devices
    - ARM: dts: kirkwood: fix pin-muxing of MPP7 on OpenBlocks A7
    - can: peak: fix potential bug in packet fragmentation
    - dm btree: fix serious bug in btree_split_beneath()
    - dm thin metadata: THIN_MAX_CONCURRENT_LOCKS should be 6
    - arm64: KVM: Fix SMCCC handling of unimplemented SMC/HVC calls
    - kbuild: modversions for EXPORT_SYMBOL() for asm
    - x86/pti: Document fix wrong index
    - MIPS: AR7: ensure the port type's FCR value is used
    - Linux 4.4.113

* Xenial update to 4.4.113 stable release (LP: #1754375) // CVE-2017-5753
    (Spectre v1 Intel -> upstream)
    - Revert "x86/cpu/AMD: Make the LFENCE instruction serialized"
    - x86/cpu/AMD: Make LFENCE a serializing instruction
    - x86/cpu/AMD: Use LFENCE_RDTSC in preference to MFENCE_RDTSC

* i2c-thunderx: erroneous error message "unhandled state: 0" (LP: #1754076)
    - i2c: octeon: Prevent error message on bus error

* qeth: fix calculation of required buffer elements for skb (LP: #1750810)
    - s390/qeth: fix underestimated count of buffer elements

* Support rfkill-any led trigger for Fujitsu u727 (LP: #1745130)
    - rfkill: Add rfkill-any LED trigger

* Redpine: Sometimes Wi-Fi connection shows "unavailable" after resume from
    WoWLAN S4. WLAN can be recover after reboot or reloading WIFI driver.
    (LP: #1753438) // Redpine: BLE scanning for nearby beacons per second is too
    low and result high loss rate. (LP: #1753439)
    - SAUCE: Redpine: resolve race while resuming from S4
    - SAUCE: Redpine: Fix card write failure issue at S4 restore
    - SAUCE: Redpine: Add deep sleep enable before connection
    - SAUCE: Redpine: resolve power save issue after S4 resume

* qeth: check not more than 16 SBALEs on the completion queue (LP: #1750568)
    - qeth: check not more than 16 SBALEs on the completion queue

* qeth: fix L3 next-hop im xmit qeth hdr (LP: #1750813)
    - s390/qeth: fix L3 next-hop in xmit qeth hdr

* qemu-efi-aarch64 in >= artful can't boot xenial cloud images (LP: #1744754)
    - irqchip/gic-v3: Refactor gic_of_init() for GICv3 driver
    - irqchip/gic-v3: Add ACPI support for GICv3/4 initialization
    - irqchip/gic-v3: ACPI: Add redistributor support via GICC structures
    - irqchip/gic-v3: Remove gic_root_node variable from the ITS code
    - irqchip/gic-v3-its: Mark its_init() and its children as __init
    - ACPICA: Headers: Add new constants for the DBG2 ACPI table
    - of/serial: move earlycon early_param handling to serial
    - ACPI: parse SPCR and enable matching console
    - [Config] CONFIG_ACPI_SPCR_TABLE=y
    - ARM64: ACPI: enable ACPI_SPCR_TABLE
    - serial: pl011: add console matching function

* OOM and High CPU utilization in update_blocked_averages because of too many
    cfs_rqs in rq->leaf_cfs_rq_list (LP: #1747896)
    - sched/fair: Fix O(nr_cgroups) in load balance path

* linux-tools: perf incorrectly linking libbfd (LP: #1748922)
    - SAUCE: tools -- add ability to disable libbfd
    - [Packaging] correct disablement of libbfd

* retpoline abi files are empty on i386 (LP: #1751021)
    - [Packaging] retpoline-extract -- instantiate retpoline files for i386
    - [Packaging] final-checks -- sanity checking ABI contents
    - [Packaging] final-checks -- check for empty retpoline files

* bnx2x_attn_int_deasserted3:4323 MC assert! (LP: #1715519) //
    CVE-2018-1000026
    - net: create skb_gso_validate_mac_len()
    - bnx2x: disable GSO where gso_size is too big for hardware

* CVE-2017-17448
    - netfilter: nfnetlink_cthelper: Add missing permission checks

* TB16 dock ethernet corrupts data with hw checksum silently failing
    (LP: #1729674)
    - r8152: disable RX aggregation on Dell TB16 dock

* linux < 4.8: x-netns vti is broken (LP: #1744078)
    - net: l3mdev: Add master device lookup by index
    - xfrm: Only add l3mdev oif to dst lookups

* Xenial update to 4.4.112 stable release (LP: #1745266)
    - dm bufio: fix shrinker scans when (nr_to_scan < retain_target)
    - can: gs_usb: fix return value of the "set_bittiming" callback
    - IB/srpt: Disable RDMA access by the initiator
    - MIPS: Validate PR_SET_FP_MODE prctl(2) requests against the ABI of the task
    - MIPS: Factor out NT_PRFPREG regset access helpers
    - MIPS: Guard against any partial write attempt with PTRACE_SETREGSET
    - MIPS: Consistently handle buffer counter with PTRACE_SETREGSET
    - MIPS: Fix an FCSR access API regression with NT_PRFPREG and MSA
    - MIPS: Also verify sizeof `elf_fpreg_t' with PTRACE_SETREGSET
    - MIPS: Disallow outsized PTRACE_SETREGSET NT_PRFPREG regset accesses
    - net/mac80211/debugfs.c: prevent build failure with CONFIG_UBSAN=y
    - x86/vsdo: Fix build on PARAVIRT_CLOCK=y, KVM_GUEST=n
    - x86/acpi: Handle SCI interrupts above legacy space gracefully
    - iommu/arm-smmu-v3: Don't free page table ops twice
    - ALSA: pcm: Remove incorrect snd_BUG_ON() usages
    - ALSA: pcm: Add missing error checks in OSS emulation plugin builder
    - ALSA: pcm: Abort properly at pending signal in OSS read/write loops
    - ALSA: pcm: Allow aborting mutex lock at OSS read/write loops
    - ALSA: aloop: Release cable upon open error path
    - ALSA: aloop: Fix inconsistent format due to incomplete rule
    - ALSA: aloop: Fix racy hw constraints adjustment
    - x86/acpi: Reduce code duplication in mp_override_legacy_irq()
    - mm/compaction: fix invalid free_pfn and compact_cached_free_pfn
    - mm/compaction: pass only pageblock aligned range to pageblock_pfn_to_page
    - mm/page-writeback: fix dirty_ratelimit calculation
    - mm/zswap: use workqueue to destroy pool
    - zswap: don't param_set_charp while holding spinlock
    - locks: don't check for race with close when setting OFD lock
    - futex: Replace barrier() in unqueue_me() with READ_ONCE()
    - locking/mutex: Allow next waiter lockless wakeup
    - usbvision fix overflow of interfaces array
    - usb: musb: ux500: Fix NULL pointer dereference at system PM
    - r8152: fix the wake event
    - r8152: use test_and_clear_bit
    - r8152: adjust ALDPS function
    - lan78xx: use skb_cow_head() to deal with cloned skbs
    - sr9700: use skb_cow_head() to deal with cloned skbs
    - smsc75xx: use skb_cow_head() to deal with cloned skbs
    - cx82310_eth: use skb_cow_head() to deal with cloned skbs
    - x86/mm/pat, /dev/mem: Remove superfluous error message
    - hwrng: core - sleep interruptible in read
    - sysrq: Fix warning in sysrq generated crash.
    - xhci: Fix ring leak in failure path of xhci_alloc_virt_device()
    - Revert "userfaultfd: selftest: vm: allow to build in vm/ directory"
    - x86/pti/efi: broken conversion from efi to kernel page table
    - 8021q: fix a memory leak for VLAN 0 device
    - ip6_tunnel: disable dst caching if tunnel is dual-stack
    - net: core: fix module type in sock_diag_bind
    - RDS: Heap OOB write in rds_message_alloc_sgs()
    - sh_eth: fix TSU resource handling
    - sh_eth: fix SH7757 GEther initialization
    - net: stmmac: enable EEE in MII, GMII or RGMII only
    - ipv6: fix possible mem leaks in ipv6_make_skb()
    - crypto: algapi - fix NULL dereference in crypto_remove_spawns()
    - rbd: set max_segments to USHRT_MAX
    - x86/microcode/intel: Extend BDW late-loading with a revision check
    - KVM: x86: Add memory barrier on vmcs field lookup
    - drm/vmwgfx: Potential off by one in vmw_view_add()
    - kaiser: Set _PAGE_NX only if supported
    - bpf: don't (ab)use instructions to store state
    - bpf: move fixup_bpf_calls() function
    - bpf: refactor fixup_bpf_calls()
    - bpf: adjust insn_aux_data when patching insns
    - bpf: prevent out-of-bounds speculation
    - bpf, array: fix overflow in max_entries and undefined behavior in index_mask
    - iscsi-target: Make TASK_REASSIGN use proper se_cmd->cmd_kref
    - target: Avoid early CMD_T_PRE_EXECUTE failures during ABORT_TASK
    - USB: serial: cp210x: add IDs for LifeScan OneTouch Verio IQ
    - USB: serial: cp210x: add new device ID ELV ALC 8xxx
    - usb: misc: usb3503: make sure reset is low for at least 100us
    - USB: fix usbmon BUG trigger
    - usbip: remove kernel addresses from usb device and urb debug msgs
    - staging: android: ashmem: fix a race condition in ASHMEM_SET_SIZE ioctl
    - Bluetooth: Prevent stack info leak from the EFS element.
    - uas: ignore UAS for Norelsys NS1068(X) chips
    - e1000e: Fix e1000_check_for_copper_link_ich8lan return value.
    - x86/Documentation: Add PTI description
    - sysfs/cpu: Fix typos in vulnerability documentation
    - x86/alternatives: Fix optimize_nops() checking
    - selftests/x86: Add test_vsyscall
    - Linux 4.4.112

* Xenial update to 4.4.111 stable release (LP: #1745263)
    - x86/kasan: Write protect kasan zero shadow
    - kernel/acct.c: fix the acct->needcheck check in check_free_space()
    - crypto: n2 - cure use after free
    - crypto: chacha20poly1305 - validate the digest size
    - crypto: pcrypt - fix freeing pcrypt instances
    - sunxi-rsb: Include OF based modalias in device uevent
    - fscache: Fix the default for fscache_maybe_release_page()
    - kernel: make groups_sort calling a responsibility group_info allocators
    - kernel/signal.c: protect the traced SIGNAL_UNKILLABLE tasks from SIGKILL
    - kernel/signal.c: protect the SIGNAL_UNKILLABLE tasks from !sig_kernel_only()
      signals
    - kernel/signal.c: remove the no longer needed SIGNAL_UNKILLABLE check in
      complete_signal()
    - ARC: uaccess: dont use "l" gcc inline asm constraint modifier
    - parisc: Fix alignment of pa_tlb_lock in assembly on 32-bit SMP kernel
    - genksyms: Handle string literals with spaces in reference files
    - module: Issue warnings when tainting kernel
    - proc: much faster /proc/vmstat
    - Fix build error in vma.c
    - Linux 4.4.111

* x86/net/bpf: return statement missing value (LP: #1745364)
    - SAUCE: (no-up) arch/x86/bpf: Fix missed return statement

* Ubuntu 16.04 - s390/cpuinfo: show facilities as reported by stfle
    (LP: #1744736)
    - s390/bitops: add for_each_set_bit_inv helper
    - s390/cpuinfo: show facilities as reported by stfle

* Xenial update to 4.4.110 stable release (LP: #1745071)
    - KPTI: Rename to PAGE_TABLE_ISOLATION
    - SAUCE: Replace CONFIG_KAISER with CONFIG_PAGE_TABLE_ISOLATION
    - Linux 4.4.110

* Xenial update to 4.4.109 stable release (LP: #1745069)
    - ACPI: APEI / ERST: Fix missing error handling in erst_reader()
    - crypto: mcryptd - protect the per-CPU queue with a lock
    - mfd: cros ec: spi: Don't send first message too soon
    - mfd: twl4030-audio: Fix sibling-node lookup
    - mfd: twl6040: Fix child-node lookup
    - ALSA: rawmidi: Avoid racy info ioctl via ctl device
    - ALSA: usb-audio: Fix the missing ctl name suffix at parsing SU
    - PCI / PM: Force devices to D0 in pci_pm_thaw_noirq()
    - parisc: Hide Diva-built-in serial aux and graphics card
    - spi: xilinx: Detect stall with Unknown commands
    - KVM: X86: Fix load RFLAGS w/o the fixed bit
    - powerpc/perf: Dereference BHRB entries safely
    - net: mvneta: clear interface link status on port disable
    - tracing: Remove extra zeroing out of the ring buffer page
    - tracing: Fix possible double free on failure of allocating trace buffer
    - tracing: Fix crash when it fails to alloc ring buffer
    - ring-buffer: Mask out the info bits when returning buffer page length
    - iw_cxgb4: Only validate the MSN for successful completions
    - ASoC: fsl_ssi: AC'97 ops need regmap, clock and cleaning up on failure
    - ASoC: twl4030: fix child-node lookup
    - ALSA: hda: Drop useless WARN_ON()
    - ALSA: hda - fix headset mic detection issue on a Dell machine
    - x86/vm86/32: Switch to flush_tlb_mm_range() in mark_screen_rdonly()
    - x86/mm: Remove flush_tlb() and flush_tlb_current_task()
    - x86/mm: Make flush_tlb_mm_range() more predictable
    - x86/mm: Reimplement flush_tlb_page() using flush_tlb_mm_range()
    - x86/mm: Remove the UP asm/tlbflush.h code, always use the (formerly) SMP
      code
    - x86/mm: Add the 'nopcid' boot option to turn off PCID
    - x86/mm/64: Fix reboot interaction with CR4.PCIDE
    - kbuild: add '-fno-stack-check' to kernel build options
    - ipv4: igmp: guard against silly MTU values
    - ipv6: mcast: better catch silly mtu values
    - net: igmp: Use correct source address on IGMPv3 reports
    - netlink: Add netns check on taps
    - net: qmi_wwan: add Sierra EM7565 1199:9091
    - net: reevalulate autoflowlabel setting after sysctl setting
    - tcp md5sig: Use skb's saddr when replying to an incoming segment
    - tg3: Fix rx hang on MTU change with 5717/5719
    - net: mvmdio: disable/unprepare clocks in EPROBE_DEFER case
    - sctp: Replace use of sockets_allocated with specified macro.
    - ipv4: Fix use-after-free when flushing FIB tables
    - net: bridge: fix early call to br_stp_change_bridge_id and plug newlink
      leaks
    - net: phy: micrel: ksz9031: reconfigure autoneg after phy autoneg workaround
    - sock: free skb in skb_complete_tx_timestamp on error
    - usbip: fix usbip bind writing random string after command in match_busid
    - usbip: stub: stop printing kernel pointer addresses in messages
    - usbip: vhci: stop printing kernel pointer addresses in messages
    - USB: serial: ftdi_sio: add id for Airbus DS P8GR
    - USB: serial: qcserial: add Sierra Wireless EM7565
    - USB: serial: option: add support for Telit ME910 PID 0x1101
    - USB: serial: option: adding support for YUGA CLM920-NC5
    - usb: Add device quirk for Logitech HD Pro Webcam C925e
    - usb: add RESET_RESUME for ELSA MicroLink 56K
    - USB: Fix off by one in type-specific length check of BOS SSP capability
    - usb: xhci: Add XHCI_TRUST_TX_LENGTH for Renesas uPD720201
    - nohz: Prevent a timer interrupt storm in tick_nohz_stop_sched_tick()
    - x86/smpboot: Remove stale TLB flush invocations
    - n_tty: fix EXTPROC vs ICANON interaction with TIOCINQ (aka FIONREAD)
    - mm/vmstat: Make NR_TLB_REMOTE_FLUSH_RECEIVED available even on UP
    - Linux 4.4.109

* Xenial update to 4.4.108 stable release (LP: #1745054)
    - arm64: Initialise high_memory global variable earlier
    - cxl: Check if vphb exists before iterating over AFU devices
    - x86/mm: Fix INVPCID asm constraint
    - x86/mm: Add a 'noinvpcid' boot option to turn off INVPCID
    - mm/rmap: batched invalidations should use existing api
    - mm/mmu_context, sched/core: Fix mmu_context.h assumption
    - sched/core: Add switch_mm_irqs_off() and use it in the scheduler
    - x86/mm, sched/core: Turn off IRQs in switch_mm()
    - ARM: Hide finish_arch_post_lock_switch() from modules
    - sched/core: Idle_task_exit() shouldn't use switch_mm_irqs_off()
    - x86/irq: Do not substract irq_tlb_count from irq_call_count
    - ALSA: hda - add support for docking station for HP 820 G2
    - ALSA: hda - add support for docking station for HP 840 G3
    - arm: kprobes: Fix the return address of multiple kretprobes
    - arm: kprobes: Align stack to 8-bytes in test code
    - cpuidle: Validate cpu_dev in cpuidle_add_sysfs()
    - crypto: deadlock between crypto_alg_sem/rtnl_mutex/genl_mutex
    - sch_dsmark: fix invalid skb_cow() usage
    - bna: integer overflow bug in debugfs
    - net: qmi_wwan: Add USB IDs for MDM6600 modem on Motorola Droid 4
    - usb: gadget: f_uvc: Sanity check wMaxPacketSize for SuperSpeed
    - usb: gadget: udc: remove pointer dereference after free
    - netfilter: nfnl_cthelper: fix runtime expectation policy updates
    - netfilter: nfnl_cthelper: Fix memory leak
    - inet: frag: release spinlock before calling icmp_send()
    - pinctrl: st: add irq_request/release_resources callbacks
    - scsi: lpfc: Fix PT2PT PRLI reject
    - KVM: x86: correct async page present tracepoint
    - KVM: VMX: Fix enable VPID conditions
    - ARM: dts: ti: fix PCI bus dtc warnings
    - hwmon: (asus_atk0110) fix uninitialized data access
    - HID: xinmo: fix for out of range for THT 2P arcade controller.
    - r8152: prevent the driver from transmitting packets with carrier off
    - s390/qeth: no ETH header for outbound AF_IUCV
    - bna: avoid writing uninitialized data into hw registers
    - net: Do not allow negative values for busy_read and busy_poll sysctl
      interfaces
    - i40e: Do not enable NAPI on q_vectors that have no rings
    - RDMA/iser: Fix possible mr leak on device removal event
    - irda: vlsi_ir: fix check for DMA mapping errors
    - netfilter: nfnl_cthelper: fix a race when walk the nf_ct_helper_hash table
    - netfilter: nf_nat_snmp: Fix panic when snmp_trap_helper fails to register
    - ARM: dts: am335x-evmsk: adjust mmc2 param to allow suspend
    - KVM: pci-assign: do not map smm memory slot pages in vt-d page tables
    - isdn: kcapi: avoid uninitialized data
    - xhci: plat: Register shutdown for xhci_plat
    - netfilter: nfnetlink_queue: fix secctx memory leak
    - ARM: dma-mapping: disallow dma_get_sgtable() for non-kernel managed memory
    - cpuidle: powernv: Pass correct drv->cpumask for registration
    - bnxt_en: Fix NULL pointer dereference in reopen failure path
    - backlight: pwm_bl: Fix overflow condition
    - crypto: crypto4xx - increase context and scatter ring buffer elements
    - rtc: pl031: make interrupt optional
    - net: phy: at803x: Change error to EINVAL for invalid MAC
    - PCI: Avoid bus reset if bridge itself is broken
    - scsi: cxgb4i: fix Tx skb leak
    - scsi: mpt3sas: Fix IO error occurs on pulling out a drive from RAID1 volume
      created on two SATA drive
    - PCI: Create SR-IOV virtfn/physfn links before attaching driver
    - igb: check memory allocation failure
    - ixgbe: fix use of uninitialized padding
    - PCI/AER: Report non-fatal errors only to the affected endpoint
    - scsi: lpfc: Fix secure firmware updates
    - scsi: lpfc: PLOGI failures during NPIV testing
    - fm10k: ensure we process SM mbx when processing VF mbx
    - tcp: fix under-evaluated ssthresh in TCP Vegas
    - rtc: set the alarm to the next expiring timer
    - cpuidle: fix broadcast control when broadcast can not be entered
    - thermal: hisilicon: Handle return value of clk_prepare_enable
    - MIPS: math-emu: Fix final emulation phase for certain instructions
    - Revert "Bluetooth: btusb: driver to enable the usb-wakeup feature"
    - ALSA: hda - Clear the leftover component assignment at snd_hdac_i915_exit()
    - ALSA: hda - Degrade i915 binding failure message
    - ALSA: hda - Fix yet another i915 pointer leftover in error path
    - alpha: fix build failures
    - Linux 4.4.108

* Xenial update to 4.4.107 stable release (LP: #1745052)
    - crypto: hmac - require that the underlying hash algorithm is unkeyed
    - crypto: salsa20 - fix blkcipher_walk API usage
    - autofs: fix careless error in recent commit
    - tracing: Allocate mask_str buffer dynamically
    - USB: uas and storage: Add US_FL_BROKEN_FUA for another JMicron JMS567 ID
    - USB: core: prevent malicious bNumInterfaces overflow
    - usbip: fix stub_send_ret_submit() vulnerability to null transfer_buffer
    - ceph: drop negative child dentries before try pruning inode's alias
    - Bluetooth: btusb: driver to enable the usb-wakeup feature
    - xhci: Don't add a virt_dev to the devs array before it's fully allocated
    - sched/rt: Do not pull from current CPU if only one CPU to pull
    - dmaengine: dmatest: move callback wait queue to thread context
    - ext4: fix fdatasync(2) after fallocate(2) operation
    - ext4: fix crash when a directory's i_size is too small
    - KEYS: add missing permission check for request_key() destination
    - mac80211: Fix addition of mesh configuration element
    - usb: phy: isp1301: Add OF device ID table
    - md-cluster: free md_cluster_info if node leave cluster
    - userfaultfd: shmem: __do_fault requires VM_FAULT_NOPAGE
    - userfaultfd: selftest: vm: allow to build in vm/ directory
    - net: initialize msg.msg_flags in recvfrom
    - net: bcmgenet: correct the RBUF_OVFL_CNT and RBUF_ERR_CNT MIB values
    - net: bcmgenet: correct MIB access of UniMAC RUNT counters
    - net: bcmgenet: reserved phy revisions must be checked first
    - net: bcmgenet: power down internal phy if open or resume fails
    - net: bcmgenet: Power up the internal PHY before probing the MII
    - NFSD: fix nfsd_minorversion(.., NFSD_AVAIL)
    - NFSD: fix nfsd_reset_versions for NFSv4.
    - Input: i8042 - add TUXEDO BU1406 (N24_25BU) to the nomux list
    - drm/omap: fix dmabuf mmap for dma_alloc'ed buffers
    - netfilter: bridge: honor frag_max_size when refragmenting
    - writeback: fix memory leak in wb_queue_work()
    - net: wimax/i2400m: fix NULL-deref at probe
    - dmaengine: Fix array index out of bounds warning in __get_unmap_pool()
    - net: Resend IGMP memberships upon peer notification.
    - mlxsw: reg: Fix SPVM max record count
    - mlxsw: reg: Fix SPVMLR max record count
    - intel_th: pci: Add Gemini Lake support
    - openrisc: fix issue handling 8 byte get_user calls
    - scsi: hpsa: update check for logical volume status
    - scsi: hpsa: limit outstanding rescans
    - fjes: Fix wrong netdevice feature flags
    - drm/radeon/si: add dpm quirk for Oland
    - sched/deadline: Make sure the replenishment timer fires in the next period
    - sched/deadline: Throttle a constrained deadline task activated after the
      deadline
    - sched/deadline: Use deadline instead of period when calculating overflow
    - mmc: mediatek: Fixed bug where clock frequency could be set wrong
    - drm/radeon: reinstate oland workaround for sclk
    - afs: Fix missing put_page()
    - afs: Populate group ID from vnode status
    - afs: Adjust mode bits processing
    - afs: Flush outstanding writes when an fd is closed
    - afs: Migrate vlocation fields to 64-bit
    - afs: Prevent callback expiry timer overflow
    - afs: Fix the maths in afs_fs_store_data()
    - afs: Populate and use client modification time
    - afs: Fix page leak in afs_write_begin()
    - afs: Fix afs_kill_pages()
    - perf symbols: Fix symbols__fixup_end heuristic for corner cases
    - efi/esrt: Cleanup bad memory map log messages
    - NFSv4.1 respect server's max size in CREATE_SESSION
    - btrfs: add missing memset while reading compressed inline extents
    - target: Use system workqueue for ALUA transitions
    - target: fix ALUA transition timeout handling
    - target: fix race during implicit transition work flushes
    - sfc: don't warn on successful change of MAC
    - fbdev: controlfb: Add missing modes to fix out of bounds access
    - video: udlfb: Fix read EDID timeout
    - video: fbdev: au1200fb: Release some resources if a memory allocation fails
    - video: fbdev: au1200fb: Return an error code if a memory allocation fails
    - rtc: pcf8563: fix output clock rate
    - dmaengine: ti-dma-crossbar: Correct am335x/am43xx mux value type
    - PCI/PME: Handle invalid data when reading Root Status
    - powerpc/powernv/cpufreq: Fix the frequency read by /proc/cpuinfo
    - netfilter: ipvs: Fix inappropriate output of procfs
    - powerpc/opal: Fix EBUSY bug in acquiring tokens
    - powerpc/ipic: Fix status get and status clear
    - target/iscsi: Fix a race condition in iscsit_add_reject_from_cmd()
    - iscsi-target: fix memory leak in lio_target_tiqn_addtpg()
    - target:fix condition return in core_pr_dump_initiator_port()
    - target/file: Do not return error for UNMAP if length is zero
    - arm-ccn: perf: Prevent module unload while PMU is in use
    - crypto: tcrypt - fix buffer lengths in test_aead_speed()
    - mm: Handle 0 flags in _calc_vm_trans() macro
    - clk: mediatek: add the option for determining PLL source clock
    - clk: imx6: refine hdmi_isfr's parent to make HDMI work on i.MX6 SoCs w/o VPU
    - clk: tegra: Fix cclk_lp divisor register
    - ppp: Destroy the mutex when cleanup
    - thermal/drivers/step_wise: Fix temperature regulation misbehavior
    - GFS2: Take inode off order_write list when setting jdata flag
    - bcache: explicitly destroy mutex while exiting
    - bcache: fix wrong cache_misses statistics
    - l2tp: cleanup l2tp_tunnel_delete calls
    - xfs: fix log block underflow during recovery cycle verification
    - xfs: fix incorrect extent state in xfs_bmap_add_extent_unwritten_real
    - PCI: Detach driver before procfs & sysfs teardown on device remove
    - scsi: hpsa: cleanup sas_phy structures in sysfs when unloading
    - scsi: hpsa: destroy sas transport properties before scsi_host
    - powerpc/perf/hv-24x7: Fix incorrect comparison in memord
    - tty fix oops when rmmod 8250
    - usb: musb: da8xx: fix babble condition handling
    - pinctrl: adi2: Fix Kconfig build problem
    - raid5: Set R5_Expanded on parity devices as well as data.
    - scsi: scsi_devinfo: Add REPORTLUN2 to EMC SYMMETRIX blacklist entry
    - vt6655: Fix a possible sleep-in-atomic bug in vt6655_suspend
    - scsi: sd: change manage_start_stop to bool in sysfs interface
    - scsi: sd: change allow_restart to bool in sysfs interface
    - scsi: bfa: integer overflow in debugfs
    - udf: Avoid overflow when session starts at large offset
    - macvlan: Only deliver one copy of the frame to the macvlan interface
    - RDMA/cma: Avoid triggering undefined behavior
    - IB/ipoib: Grab rtnl lock on heavy flush when calling ndo_open/stop
    - ath9k: fix tx99 potential info leak
    - Linux 4.4.107

* Xenial update to 4.4.106 stable release (LP: #1745047)
    - can: ti_hecc: Fix napi poll return value for repoll
    - can: kvaser_usb: free buf in error paths
    - can: kvaser_usb: Fix comparison bug in kvaser_usb_read_bulk_callback()
    - can: kvaser_usb: ratelimit errors if incomplete messages are received
    - can: kvaser_usb: cancel urb on -EPIPE and -EPROTO
    - can: ems_usb: cancel urb on -EPIPE and -EPROTO
    - can: esd_usb2: cancel urb on -EPIPE and -EPROTO
    - can: usb_8dev: cancel urb on -EPIPE and -EPROTO
    - virtio: release virtio index when fail to device_register
    - hv: kvp: Avoid reading past allocated blocks from KVP file
    - isa: Prevent NULL dereference in isa_bus driver callbacks
    - scsi: libsas: align sata_device's rps_resp on a cacheline
    - efi: Move some sysfs files to be read-only by root
    - ASN.1: fix out-of-bounds read when parsing indefinite length item
    - ASN.1: check for error from ASN1_OP_END__ACT actions
    - X.509: reject invalid BIT STRING for subjectPublicKey
    - x86/PCI: Make broadcom_postcore_init() check acpi_disabled
    - ALSA: pcm: prevent UAF in snd_pcm_info
    - ALSA: seq: Remove spurious WARN_ON() at timer check
    - ALSA: usb-audio: Fix out-of-bound error
    - ALSA: usb-audio: Add check return value for usb_string()
    - iommu/vt-d: Fix scatterlist offset handling
    - s390: fix compat system call table
    - kdb: Fix handling of kallsyms_symbol_next() return value
    - drm: extra printk() wrapper macros
    - drm/exynos: gem: Drop NONCONTIG flag for buffers allocated without IOMMU
    - media: dvb: i2c transfers over usb cannot be done from stack
    - arm64: KVM: fix VTTBR_BADDR_MASK BUG_ON off-by-one
    - KVM: VMX: remove I/O port 0x80 bypass on Intel hosts
    - arm64: fpsimd: Prevent registers leaking from dead tasks
    - ARM: BUG if jumping to usermode address in kernel mode
    - ARM: avoid faulting on qemu
    - thp: reduce indentation level in change_huge_pmd()
    - thp: fix MADV_DONTNEED vs. numa balancing race
    - mm: drop unused pmdp_huge_get_and_clear_notify()
    - Revert "drm/armada: Fix compile fail"
    - Revert "spi: SPI_FSL_DSPI should depend on HAS_DMA"
    - Revert "s390/kbuild: enable modversions for symbols exported from asm"
    - vti6: Don't report path MTU below IPV6_MIN_MTU.
    - ARM: OMAP2+: gpmc-onenand: propagate error on initialization failure
    - x86/hpet: Prevent might sleep splat on resume
    - selftest/powerpc: Fix false failures for skipped tests
    - module: set __jump_table alignment to 8
    - ARM: OMAP2+: Fix device node reference counts
    - ARM: OMAP2+: Release device node after it is no longer needed.
    - gpio: altera: Use handle_level_irq when configured as a level_high
    - HID: chicony: Add support for another ASUS Zen AiO keyboard
    - usb: gadget: configs: plug memory leak
    - USB: gadgetfs: Fix a potential memory leak in 'dev_config()'
    - kvm: nVMX: VMCLEAR should not cause the vCPU to shut down
    - libata: drop WARN from protocol error in ata_sff_qc_issue()
    - workqueue: trigger WARN if queue_delayed_work() is called with NULL @wq
    - scsi: lpfc: Fix crash during Hardware error recovery on SLI3 adapters
    - irqchip/crossbar: Fix incorrect type of register size
    - KVM: nVMX: reset nested_run_pending if the vCPU is going to be reset
    - arm: KVM: Survive unknown traps from guests
    - arm64: KVM: Survive unknown traps from guests
    - spi_ks8995: fix "BUG: key accdaa28 not in .data!"
    - bnx2x: prevent crash when accessing PTP with interface down
    - bnx2x: fix possible overrun of VFPF multicast addresses array
    - bnx2x: do not rollback VF MAC/VLAN filters we did not configure
    - ipv6: reorder icmpv6_init() and ip6_mr_init()
    - crypto: s5p-sss - Fix completing crypto request in IRQ handler
    - i2c: riic: fix restart condition
    - zram: set physical queue limits to avoid array out of bounds accesses
    - netfilter: don't track fragmented packets
    - axonram: Fix gendisk handling
    - drm/amd/amdgpu: fix console deadlock if late init failed
    - powerpc/powernv/ioda2: Gracefully fail if too many TCE levels requested
    - EDAC, i5000, i5400: Fix use of MTR_DRAM_WIDTH macro
    - EDAC, i5000, i5400: Fix definition of NRECMEMB register
    - kbuild: pkg: use --transform option to prefix paths in tar
    - mac80211_hwsim: Fix memory leak in hwsim_new_radio_nl()
    - route: also update fnhe_genid when updating a route cache
    - route: update fnhe_expires for redirect when the fnhe exists
    - lib/genalloc.c: make the avail variable an atomic_long_t
    - dynamic-debug-howto: fix optional/omitted ending line number to be LARGE
      instead of 0
    - NFS: Fix a typo in nfs_rename()
    - sunrpc: Fix rpc_task_begin trace point
    - block: wake up all tasks blocked in get_request()
    - sparc64/mm: set fields in deferred pages
    - sctp: do not free asoc when it is already dead in sctp_sendmsg
    - sctp: use the right sk after waking up from wait_buf sleep
    - atm: horizon: Fix irq release error
    - jump_label: Invoke jump_label_test() via early_initcall()
    - xfrm: Copy policy family in clone_policy
    - IB/mlx4: Increase maximal message size under UD QP
    - IB/mlx5: Assign send CQ and recv CQ of UMR QP
    - afs: Connect up the CB.ProbeUuid
    - ipvlan: fix ipv6 outbound device
    - audit: ensure that 'audit=1' actually enables audit for PID 1
    - ipmi: Stop timers before cleaning up the module
    - s390: always save and restore all registers on context switch
    - tipc: fix memory leak in tipc_accept_from_sock()
    - rds: Fix NULL pointer dereference in __rds_rdma_map
    - sit: update frag_off info
    - packet: fix crash in fanout_demux_rollover()
    - net/packet: fix a race in packet_bind() and packet_notifier()
    - Revert "x86/efi: Build our own page table structures"
    - Revert "x86/efi: Hoist page table switching code into efi_call_virt()"
    - Revert "x86/mm/pat: Ensure cpa->pfn only contains page frame numbers"
    - arm: KVM: Fix VTTBR_BADDR_MASK BUG_ON off-by-one
    - usb: gadget: ffs: Forbid usb_ep_alloc_request from sleeping
    - Linux 4.4.106

* Xenial update to 4.4.105 stable release (LP: #1745046)
    - bcache: only permit to recovery read error when cache device is clean
    - bcache: recover data from backing when data is clean
    - uas: Always apply US_FL_NO_ATA_1X quirk to Seagate devices
    - usb: quirks: Add no-lpm quirk for KY-688 USB 3.1 Type-C Hub
    - serial: 8250_pci: Add Amazon PCI serial device ID
    - s390/runtime instrumentation: simplify task exit handling
    - USB: serial: option: add Quectel BG96 id
    - ima: fix hash algorithm initialization
    - s390/pci: do not require AIS facility
    - selftests/x86/ldt_get: Add a few additional tests for limits
    - serial: 8250_fintek: Fix rs485 disablement on invalid ioctl()
    - spi: sh-msiof: Fix DMA transfer size check
    - usb: phy: tahvo: fix error handling in tahvo_usb_probe()
    - serial: 8250: Preserve DLD[7:4] for PORT_XR17V35X
    - x86/entry: Use SYSCALL_DEFINE() macros for sys_modify_ldt()
    - EDAC, sb_edac: Fix missing break in switch
    - sysrq : fix Show Regs call trace on ARM
    - perf test attr: Fix ignored test case result
    - kprobes/x86: Disable preemption in ftrace-based jprobes
    - net: systemport: Utilize skb_put_padto()
    - net: systemport: Pad packet before inserting TSB
    - ARM: OMAP1: DMA: Correct the number of logical channels
    - vti6: fix device register to report IFLA_INFO_KIND
    - net/appletalk: Fix kernel memory disclosure
    - ravb: Remove Rx overflow log messages
    - nfs: Don't take a reference on fl->fl_file for LOCK operation
    - KVM: arm/arm64: Fix occasional warning from the timer work function
    - NFSv4: Fix client recovery when server reboots multiple times
    - drm/exynos/decon5433: set STANDALONE_UPDATE_F on output enablement
    - net: sctp: fix array overrun read on sctp_timer_tbl
    - tipc: fix cleanup at module unload
    - dmaengine: pl330: fix double lock
    - tcp: correct memory barrier usage in tcp_check_space()
    - mm: avoid returning VM_FAULT_RETRY from ->page_mkwrite handlers
    - xen-netfront: Improve error handling during initialization
    - net: fec: fix multicast filtering hardware setup
    - Revert "ocfs2: should wait dio before inode lock in ocfs2_setattr()"
    - usb: hub: Cycle HUB power when initialization fails
    - usb: xhci: fix panic in xhci_free_virt_devices_depth_first
    - usb: ch9: Add size macro for SSP dev cap descriptor
    - USB: core: Add type-specific length check of BOS descriptors
    - USB: Increase usbfs transfer limit
    - USB: devio: Prevent integer overflow in proc_do_submiturb()
    - USB: usbfs: Filter flags passed in from user space
    - usb: host: fix incorrect updating of offset
    - xen-netfront: avoid crashing on resume after a failure in talk_to_netback()
    - Linux 4.4.105

* Xenial update to 4.4.104 stable release (LP: #1745043)
    - x86/mm/pat: Ensure cpa->pfn only contains page frame numbers
    - x86/efi: Hoist page table switching code into efi_call_virt()
    - x86/efi: Build our own page table structures
    - ARM: dts: omap3: logicpd-torpedo-37xx-devkit: Fix MMC1 cd-gpio
    - x86/efi-bgrt: Fix kernel panic when mapping BGRT data
    - x86/efi-bgrt: Replace early_memremap() with memremap()
    - mm/madvise.c: fix madvise() infinite loop under special circumstances
    - btrfs: clear space cache inode generation always
    - KVM: x86: pvclock: Handle first-time write to pvclock-page contains random
      junk
    - KVM: x86: Exit to user-mode on #UD intercept when emulator requires
    - KVM: x86: inject exceptions produced by x86_decode_insn
    - mmc: core: Do not leave the block driver in a suspended state
    - eeprom: at24: check at24_read/write arguments
    - bcache: Fix building error on MIPS
    - Revert "drm/radeon: dont switch vt on suspend"
    - drm/radeon: fix atombios on big endian
    - drm/panel: simple: Add missing panel_simple_unprepare() calls
    - mtd: nand: Fix writing mtdoops to nand flash.
    - NFS: revalidate "." etc correctly on "open".
    - drm/i915: Don't try indexed reads to alternate slave addresses
    - drm/i915: Prevent zero length "index" write
    - nfsd: Make init_open_stateid() a bit more whole
    - nfsd: Fix stateid races between OPEN and CLOSE
    - nfsd: Fix another OPEN stateid race
    - Linux 4.4.104

* Xenial update to 4.4.103 stable release (LP: #1744873)
    - s390: fix transactional execution control register handling
    - s390/runtime instrumention: fix possible memory corruption
    - s390/disassembler: add missing end marker for e7 table
    - s390/disassembler: increase show_code buffer size
    - AF_VSOCK: Shrink the area influenced by prepare_to_wait
    - vsock: use new wait API for vsock_stream_sendmsg()
    - sched: Make resched_cpu() unconditional
    - lib/mpi: call cond_resched() from mpi_powm() loop
    - x86/decoder: Add new TEST instruction pattern
    - ARM: 8722/1: mm: make STRICT_KERNEL_RWX effective for LPAE
    - ARM: 8721/1: mm: dump: check hardware RO bit for LPAE
    - MIPS: ralink: Fix MT7628 pinmux
    - MIPS: ralink: Fix typo in mt7628 pinmux function
    - ALSA: hda: Add Raven PCI ID
    - dm bufio: fix integer overflow when limiting maximum cache size
    - dm: fix race between dm_get_from_kobject() and __dm_destroy()
    - MIPS: Fix an n32 core file generation regset support regression
    - MIPS: BCM47XX: Fix LED inversion for WRT54GSv1
    - autofs: don't fail mount for transient error
    - nilfs2: fix race condition that causes file system corruption
    - eCryptfs: use after free in ecryptfs_release_messaging()
    - bcache: check ca->alloc_thread initialized before wake up it
    - isofs: fix timestamps beyond 2027
    - NFS: Fix typo in nomigration mount option
    - nfs: Fix ugly referral attributes
    - nfsd: deal with revoked delegations appropriately
    - rtlwifi: rtl8192ee: Fix memory leak when loading firmware
    - rtlwifi: fix uninitialized rtlhal->last_suspend_sec time
    - ata: fixes kernel crash while tracing ata_eh_link_autopsy event
    - ext4: fix interaction between i_size, fallocate, and delalloc after a crash
    - ALSA: pcm: update tstamp only if audio_tstamp changed
    - ALSA: usb-audio: Add sanity checks to FE parser
    - ALSA: usb-audio: Fix potential out-of-bound access at parsing SU
    - ALSA: usb-audio: Add sanity checks in v2 clock parsers
    - ALSA: timer: Remove kernel warning at compat ioctl error paths
    - ALSA: hda/realtek - Fix ALC700 family no sound issue
    - fix a page leak in vhost_scsi_iov_to_sgl() error recovery
    - fs/9p: Compare qid.path in v9fs_test_inode
    - iscsi-target: Fix non-immediate TMR reference leak
    - target: Fix QUEUE_FULL + SCSI task attribute handling
    - KVM: nVMX: set IDTR and GDTR limits when loading L1 host state
    - KVM: SVM: obey guest PAT
    - SUNRPC: Fix tracepoint storage issues with svc_recv and svc_rqst_status
    - clk: ti: dra7-atl-clock: Fix of_node reference counting
    - clk: ti: dra7-atl-clock: fix child-node lookups
    - libnvdimm, namespace: fix label initialization to use valid seq numbers
    - libnvdimm, namespace: make 'resource' attribute only readable by root
    - IB/srpt: Do not accept invalid initiator port names
    - IB/srp: Avoid that a cable pull can trigger a kernel crash
    - NFC: fix device-allocation error return
    - i40e: Use smp_rmb rather than read_barrier_depends
    - igb: Use smp_rmb rather than read_barrier_depends
    - igbvf: Use smp_rmb rather than read_barrier_depends
    - ixgbevf: Use smp_rmb rather than read_barrier_depends
    - i40evf: Use smp_rmb rather than read_barrier_depends
    - fm10k: Use smp_rmb rather than read_barrier_depends
    - ixgbe: Fix skb list corruption on Power systems
    - parisc: Fix validity check of pointer size argument in new CAS
      implementation
    - powerpc/signal: Properly handle return value from uprobe_deny_signal()
    - media: Don't do DMA on stack for firmware upload in the AS102 driver
    - media: rc: check for integer overflow
    - cx231xx-cards: fix NULL-deref on missing association descriptor
    - media: v4l2-ctrl: Fix flags field on Control events
    - sched/rt: Simplify the IPI based RT balancing logic
    - fscrypt: lock mutex before checking for bounce page pool
    - net/9p: Switch to wait_event_killable()
    - PM / OPP: Add missing of_node_put(np)
    - e1000e: Fix error path in link detection
    - e1000e: Fix return value test
    - RDS: RDMA: return appropriate error on rdma map failures
    - PCI: Apply _HPX settings only to relevant devices
    - dmaengine: zx: set DMA_CYCLIC cap_mask bit
    - net: Allow IP_MULTICAST_IF to set index to L3 slave
    - net: 3com: typhoon: typhoon_init_one: make return values more specific
    - net: 3com: typhoon: typhoon_init_one: fix incorrect return values
    - drm/armada: Fix compile fail
    - ath10k: fix incorrect txpower set by P2P_DEVICE interface
    - ath10k: ignore configuring the incorrect board_id
    - ath10k: fix potential memory leak in ath10k_wmi_tlv_op_pull_fw_stats()
    - ath10k: set CTS protection VDEV param only if VDEV is up
    - ALSA: hda - Apply ALC269_FIXUP_NO_SHUTUP on HDA_FIXUP_ACT_PROBE
    - drm: Apply range restriction after color adjustment when allocation
    - mac80211: Remove invalid flag operations in mesh TSF synchronization
    - mac80211: Suppress NEW_PEER_CANDIDATE event if no room
    - iio: light: fix improper return value
    - staging: iio: cdc: fix improper return value
    - spi: SPI_FSL_DSPI should depend on HAS_DMA
    - netfilter: nft_queue: use raw_smp_processor_id()
    - netfilter: nf_tables: fix oob access
    - ASoC: rsnd: don't double free kctrl
    - btrfs: return the actual error value from from btrfs_uuid_tree_iterate
    - ASoC: wm_adsp: Don't overrun firmware file buffer when reading region data
    - s390/kbuild: enable modversions for symbols exported from asm
    - xen: xenbus driver must not accept invalid transaction ids
    - Revert "sctp: do not peel off an assoc from one netns to another one"
    - Linux 4.4.103

* ppc64el: Do not call ibm,os-term on panic (LP: #1736954)
    - powerpc: Do not call ppc_md.panic in fadump panic notifier

* Xenial update to 4.4.102 stable release (LP: #1744870)
    - mm, hwpoison: fixup "mm: check the return value of lookup_page_ext for all
      call sites"
    - Linux 4.4.102

* Xenial update to 4.4.101 stable release (LP: #1744794)
    - tcp: do not mangle skb->cb[] in tcp_make_synack()
    - netfilter/ipvs: clear ipvs_property flag when SKB net namespace changed
    - bonding: discard lowest hash bit for 802.3ad layer3+4
    - vlan: fix a use-after-free in vlan_device_event()
    - af_netlink: ensure that NLMSG_DONE never fails in dumps
    - sctp: do not peel off an assoc from one netns to another one
    - fealnx: Fix building error on MIPS
    - net/sctp: Always set scope_id in sctp_inet6_skb_msgname
    - ima: do not update security.ima if appraisal status is not INTEGRITY_PASS
    - serial: omap: Fix EFR write on RTS deassertion
    - arm64: fix dump_instr when PAN and UAO are in use
    - ocfs2: should wait dio before inode lock in ocfs2_setattr()
    - ipmi: fix unsigned long underflow
    - mm/page_alloc.c: broken deferred calculation
    - coda: fix 'kernel memory exposure attempt' in fsync
    - mm: check the return value of lookup_page_ext for all call sites
    - mm/page_ext.c: check if page_ext is not prepared
    - mm/pagewalk.c: report holes in hugetlb ranges
    - Linux 4.4.101

* Xenial update to 4.4.100 stable release (LP: #1744639)
    - media: imon: Fix null-ptr-deref in imon_probe
    - media: dib0700: fix invalid dvb_detach argument
    - KVM: x86: fix singlestepping over syscall
    - net: cdc_ether: fix divide by 0 on bad descriptors
    - net: qmi_wwan: fix divide by 0 on bad descriptors
    - arm: crypto: reduce priority of bit-sliced AES cipher
    - Bluetooth: btusb: fix QCA Rome suspend/resume
    - dmaengine: dmatest: warn user when dma test times out
    - extcon: palmas: Check the parent instance to prevent the NULL
    - fm10k: request reset when mbx->state changes
    - ARM: dts: Fix compatible for ti81xx uarts for 8250
    - ARM: dts: Fix am335x and dm814x scm syscon to probe children
    - ARM: OMAP2+: Fix init for multiple quirks for the same SoC
    - ARM: dts: Fix omap3 off mode pull defines
    - ata: ATA_BMDMA should depend on HAS_DMA
    - ata: SATA_HIGHBANK should depend on HAS_DMA
    - ata: SATA_MV should depend on HAS_DMA
    - drm/sti: sti_vtg: Handle return NULL error from devm_ioremap_nocache
    - igb: reset the PHY before reading the PHY ID
    - igb: close/suspend race in netif_device_detach
    - igb: Fix hw_dbg logging in igb_update_flash_i210
    - scsi: ufs-qcom: Fix module autoload
    - scsi: ufs: add capability to keep auto bkops always enabled
    - staging: rtl8188eu: fix incorrect ERROR tags from logs
    - scsi: lpfc: FCoE VPort enable-disable does not bring up the VPort
    - scsi: lpfc: Correct host name in symbolic_name field
    - scsi: lpfc: Correct issue leading to oops during link reset
    - scsi: lpfc: Clear the VendorVersion in the PLOGI/PLOGI ACC payload
    - ALSA: vx: Don't try to update capture stream before running
    - ALSA: vx: Fix possible transfer overflow
    - backlight: lcd: Fix race condition during register
    - backlight: adp5520: Fix error handling in adp5520_bl_probe()
    - gpu: drm: mgag200: mgag200_main:- Handle error from pci_iomap
    - ALSA: hda/realtek - Add new codec ID ALC299
    - arm64: dts: NS2: reserve memory for Nitro firmware
    - ixgbe: fix AER error handling
    - ixgbe: handle close/suspend race with netif_device_detach/present
    - ixgbe: Reduce I2C retry count on X550 devices
    - ixgbe: add mask for 64 RSS queues
    - ixgbe: do not disable FEC from the driver
    - staging: rtl8712: fixed little endian problem
    - MIPS: End asm function prologue macros with .insn
    - mm: add PHYS_PFN, use it in __phys_to_pfn()
    - MIPS: init: Ensure bootmem does not corrupt reserved memory
    - MIPS: init: Ensure reserved memory regions are not added to bootmem
    - MIPS: Netlogic: Exclude netlogic,xlp-pic code from XLR builds
    - Revert "crypto: xts - Add ECB dependency"
    - Revert "uapi: fix linux/rds.h userspace compilation errors"
    - uapi: fix linux/rds.h userspace compilation error
    - uapi: fix linux/rds.h userspace compilation errors
    - USB: usbfs: compute urb->actual_length for isochronous
    - USB: Add delay-init quirk for Corsair K70 LUX keyboards
    - USB: serial: qcserial: add pid/vid for Sierra Wireless EM7355 fw update
    - USB: serial: garmin_gps: fix I/O after failed probe and remove
    - USB: serial: garmin_gps: fix memory leak on probe errors
    - Linux 4.4.100

* Xenial update to 4.4.99 stable release (LP: #1744636)
    - mac80211: accept key reinstall without changing anything
    - mac80211: use constant time comparison with keys
    - mac80211: don't compare TKIP TX MIC key in reinstall prevention
    - usb: usbtest: fix NULL pointer dereference
    - Input: ims-psu - check if CDC union descriptor is sane
    - ALSA: seq: Cancel pending autoload work at unbinding device
    - tun/tap: sanitize TUNSETSNDBUF input
    - tcp: fix tcp_mtu_probe() vs highest_sack
    - l2tp: check ps->sock before running pppol2tp_session_ioctl()
    - tun: call dev_get_valid_name() before register_netdevice()
    - sctp: add the missing sock_owned_by_user check in sctp_icmp_redirect
    - packet: avoid panic in packet_getsockopt()
    - ipv6: flowlabel: do not leave opt->tot_len with garbage
    - net/unix: don't show information about sockets from other namespaces
    - ip6_gre: only increase err_count for some certain type icmpv6 in ip6gre_err
    - tun: allow positive return values on dev_get_valid_name() call
    - sctp: reset owner sk for data chunks on out queues when migrating a sock
    - ppp: fix race in ppp device destruction
    - ipip: only increase err_count for some certain type icmp in ipip_err
    - tcp/dccp: fix ireq->opt races
    - tcp/dccp: fix lockdep splat in inet_csk_route_req()
    - tcp/dccp: fix other lockdep splats accessing ireq_opt
    - security/keys: add CONFIG_KEYS_COMPAT to Kconfig
    - tipc: fix link attribute propagation bug
    - brcmfmac: remove setting IBSS mode when stopping AP
    - target/iscsi: Fix iSCSI task reassignment handling
    - target: Fix node_acl demo-mode + uncached dynamic shutdown regression
    - misc: panel: properly restore atomic counter on error path
    - Linux 4.4.99

* elantech touchpad of Lenovo L480/580 failed to detect hw_version
    (LP: #1733605)
    - Input: elantech - add new icbody type 15

* Disabling zfs does not always disable module checks for the zfs modules
    (LP: #1737176)
    - [Packaging] disable zfs module checks when zfs is disabled

* Using asymmetric key for IMA appraisal crashes the system in Ubuntu 16.04
    (LP: #1735977)
    - integrity: convert digsig to akcipher api

* CVE-2017-17450
    - netfilter: xt_osf: Add missing permission checks

* CVE-2017-15129
    - net: Fix double free and memory corruption in get_net_ns_by_id()

* CVE-2018-5344
    - loop: fix concurrent lo_open/lo_release

* [KVM] Lower the default for halt_poll_ns to 200000 ns (LP: #1724614)
    - KVM: x86: lower default for halt_poll_ns

* $(LOCAL_ENV_CC) and $(LOCAL_ENV_DISTCC_HOSTS) should be properly quoted
    (LP: #1744077)
    - [Debian] pass LOCAL_ENV_CC and LOCAL_ENV_DISTCC_HOSTS properly

* Redpine: Wifi/BT not functioning after s3 resume (LP: #1742090) //
    [16.04][classic] Redpine: wowlan feature doesn't work (LP: #1742094)
    - SAUCE: Redpine: fix for wowlan wakeup failure
    - SAUCE: Redpine: fix data issue with non-uapsd APs
    - SAUCE: Redpine: fix reset card issue
    - SAUCE: Redpine: fix wowlan issue

* Using an NVMe drive causes huge power drain (LP: #1664602) // Samsung SSD
    960 EVO 500GB refused to change power state (LP: #1705748)
    - nvme-pci: disable APST on Samsung SSD 960 EVO + ASUS PRIME B350M-A

* Using an NVMe drive causes huge power drain (LP: #1664602)
    - nvme/scsi: Remove power management support
    - nvme: return the whole CQE through the request passthrough interface
    - nvme: factor out a add nvme_is_write helper
    - nvme: Modify and export sync command submission for fabrics
    - nvme: Fix nvme_get/set_features() with a NULL result pointer
    - nvme: Pass pointers, not dma addresses, to nvme_get/set_features()
    - nvme: Add a quirk mechanism that uses identify_ctrl
    - nvme: Enable autonomous power state transitions
    - nvme: Adjust the Samsung APST quirk
    - nvme: Quirk APST off on "THNSF5256GPUK TOSHIBA"
    - nvme: only consider exit latency when choosing useful non-op power states
    - nvme: relax APST default max latency to 100ms
    - nvme: Quirk APST on Intel 600P/P3100 devices

* CVE-2017-17862
    - bpf: fix branch pruning logic

* CVE-2017-16995
    - bpf: fix incorrect sign extension in check_alu_op()

* CVE-2017-17741
    - KVM: Fix stack-out-of-bounds read in write_mmio

* CVE-2018-5333
    - RDS: null pointer dereference in rds_atomic_free_op

* the kernel is blackholing IPv6 packets to linkdown nexthops (LP: #1738219)
    - ipv6: Do not consider linkdown nexthops during multipath

* /dev/bcache/by-uuid links not created after reboot (LP: #1729145)
    - SAUCE: (no-up) bcache: decouple emitting a cached_dev CHANGE uevent

* e1000e in 4.4.0-97-generic breaks 82574L under heavy load. (LP: #1730550)
    - e1000e: Avoid receiver overrun interrupt bursts
    - e1000e: Separate signaling for link check/link up

* ath10k: enhance rf signal strength (LP: #1736317)
    - ath10k: add max_tx_power for QCA6174 WLAN.RM.2.0 firmware

* User reports excessive ALUA retry messages (LP: #1720228)
    - scsi_dh_alua: uninitialized variable in alua_rtpg()

* Add installer support for new Broadcom network drivers.  (LP: #1734757)
    - d-i: Add bnxt_en_bpo to nic-modules.

* Transparent hugepages should default to enabled=madvise (LP: #1703742)
    - SAUCE: use CONFIG_TRANSPARENT_HUGEPAGE_MADVISE=y as default

-- Khalid Elmously <khalid.elmously@canonical.com>  Sat, 31 Mar 2018 17:09:19 +0000

Changed in linux (Ubuntu Xenial):
status:	Fix Committed → Fix Released

Frank Heimes (fheimes) on 2018-04-04

Changed in ubuntu-z-systems:
status:	Fix Committed → Fix Released

Revision history for this message

bugproxy (bugproxy) wrote on 2018-04-04:

#10

------- Comment From <email address hidden> 2018-04-04 07:00 EDT-------
IBM bugzilla status-> closed, Fix Released with Xenial

Ubuntu
linux package

qeth: fix L3 next-hop im xmit qeth hdr

Bug Description

CVE References

Other bug subscribers

Remote bug watches

	Status	Importance	Assigned to
Ubuntu on IBM z Systems	Fix Released	High	Canonical Kernel Team
linux (Ubuntu)	Fix Released	High	Joseph Salisbury
Xenial	Fix Released	High	Joseph Salisbury

Ubuntulinux package

qeth: fix L3 next-hop im xmit qeth hdr

Bug Description

CVE References

Other bug subscribers

Remote bug watches

Ubuntu
linux package