Bug #1774336 “FS-Cache: Assertion failed: FS-Cache: 6 == 5 is fa...” : Bugs : linux package : Ubuntu

Daniel Axtens (daxtens) on 2018-05-31

Changed in linux (Ubuntu):
status:	New → Confirmed
assignee:	nobody → Daniel Axtens (daxtens)

Kleber Sacilotto de Souza (kleber-souza) on 2018-06-12

Changed in linux (Ubuntu Trusty):
status:	New → Fix Committed
Changed in linux (Ubuntu Xenial):
status:	New → Fix Committed
Changed in linux (Ubuntu Artful):
status:	New → Fix Committed
Changed in linux (Ubuntu Bionic):
status:	New → Fix Committed

Revision history for this message

Brad Figg (brad-figg) wrote on 2018-06-13:

#1

This bug is awaiting verification that the kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-artful' to 'verification-done-artful'. If the problem still exists, change the tag 'verification-needed-artful' to 'verification-failed-artful'.

If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you!

tags:

added: verification-needed-artful

Revision history for this message

Brad Figg (brad-figg) wrote on 2018-06-13:

#2

This bug is awaiting verification that the kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-xenial' to 'verification-done-xenial'. If the problem still exists, change the tag 'verification-needed-xenial' to 'verification-failed-xenial'.

If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you!

tags:

added: verification-needed-xenial

Revision history for this message

Brad Figg (brad-figg) wrote on 2018-06-14:

#3

This bug is awaiting verification that the kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-bionic' to 'verification-done-bionic'. If the problem still exists, change the tag 'verification-needed-bionic' to 'verification-failed-bionic'.

If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you!

tags:

added: verification-needed-bionic

Revision history for this message

Brad Figg (brad-figg) wrote on 2018-06-15:

#4

This bug is awaiting verification that the kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-trusty' to 'verification-done-trusty'. If the problem still exists, change the tag 'verification-needed-trusty' to 'verification-failed-trusty'.

If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you!

tags:

added: verification-needed-trusty

Revision history for this message

David Coronel (davecore) wrote on 2018-06-19:

#5

I have confirmation from a user running NFS stress tests on Xenial with this kernel and has not seen any issues. Changed tag to verification-done-xenial.

tags:

added: verification-done-xenial
removed: verification-needed-xenial

Revision history for this message

Launchpad Janitor (janitor) wrote on 2018-07-02:

#6

This bug was fixed in the package linux - 4.13.0-46.51

---------------
linux (4.13.0-46.51) artful; urgency=medium

* linux: 4.13.0-46.51 -proposed tracker (LP: #1776333)

* register on binfmt_misc may overflow and crash the system (LP: #1775856)
- fs/binfmt_misc.c: do not allow offset overflow

* CVE-2018-11508
- compat: fix 4-byte infoleak via uninitialized struct field

  * rfi-flush: Switch to new linear fallback flush (LP: #1744173)
    - SAUCE: rfi-flush: Factor out init_fallback_flush()
    - SAUCE: rfi-flush: Move rfi_flush_fallback_area to end of paca
    - powerpc/64s: Improve RFI L1-D cache flush fallback
    - powerpc/rfi-flush: Make it possible to call setup_rfi_flush() again
    - powerpc/rfi-flush: Differentiate enabled and patched flush types
    - powerpc/rfi-flush: Call setup_rfi_flush() after LPM migration

* Fix enabling bridge MMIO windows (LP: #1771344)
- powerpc/eeh: Fix enabling bridge MMIO windows

* CVE-2018-1130
- dccp: check sk for closed state in dccp_sendmsg()

* CVE-2018-7757
- scsi: libsas: fix memory leak in sas_smp_get_phy_events()

* cpum_sf: ensure sample freq is non-zero (LP: #1772593)
- s390/cpum_sf: ensure sample frequency of perf event attributes is non-zero

  * wlp3s0: failed to remove key (1, ff:ff:ff:ff:ff:ff) from hardware (-22)
    (LP: #1720930)
    - iwlwifi: mvm: fix "failed to remove key" message

* CVE-2018-6927
- futex: Prevent overflow by strengthen input validation

  * After update to 4.13-43 Intel Graphics are Laggy (LP: #1773520)
    - SAUCE: Revert "drm/i915/edp: Allow alternate fixed mode for eDP if
      available."

* ELANPAD ELAN0612 does not work, patch available (LP: #1773509)
- SAUCE: Input: elan_i2c - add ELAN0612 to the ACPI table

* kernel backtrace when receiving large UDP packages (LP: #1772031)
- iov_iter: fix page_copy_sane for compound pages

* FS-Cache: Assertion failed: FS-Cache: 6 == 5 is false (LP: #1774336)
- SAUCE: CacheFiles: fix a read_waiter/read_copier race

* CVE-2018-5803
- sctp: verify size of a new chunk in _sctp_make_chunk()

* enable mic-mute hotkey and led on Lenovo M820z and M920z (LP: #1774306)
- ALSA: hda/realtek - Enable mic-mute hotkey for several Lenovo AIOs

* CVE-2018-7755
- SAUCE: floppy: Do not copy a kernel pointer to user memory in FDGETPRM ioctl

* CVE-2018-5750
- ACPI: sbshc: remove raw pointer from printk() message

-- Khalid Elmously <email address hidden> Mon, 11 Jun 2018 23:25:30 +0000

This bug was fixed in the package linux - 4.13.0-46.51

---------------
linux (4.13.0-46.51) artful; urgency=medium

* linux: 4.13.0-46.51 -proposed tracker (LP: #1776333)

* register on binfmt_misc may overflow and crash the system (LP: #1775856)
    - fs/binfmt_misc.c: do not allow offset overflow

* CVE-2018-11508
    - compat: fix 4-byte infoleak via uninitialized struct field

* rfi-flush: Switch to new linear fallback flush (LP: #1744173)
    - SAUCE: rfi-flush: Factor out init_fallback_flush()
    - SAUCE: rfi-flush: Move rfi_flush_fallback_area to end of paca
    - powerpc/64s: Improve RFI L1-D cache flush fallback
    - powerpc/rfi-flush: Make it possible to call setup_rfi_flush() again
    - powerpc/rfi-flush: Differentiate enabled and patched flush types
    - powerpc/rfi-flush: Call setup_rfi_flush() after LPM migration

* Fix enabling bridge MMIO windows (LP: #1771344)
    - powerpc/eeh: Fix enabling bridge MMIO windows

* CVE-2018-1130
    - dccp: check sk for closed state in dccp_sendmsg()

* CVE-2018-7757
    - scsi: libsas: fix memory leak in sas_smp_get_phy_events()

* cpum_sf: ensure sample freq is non-zero (LP: #1772593)
    - s390/cpum_sf: ensure sample frequency of perf event attributes is non-zero

* wlp3s0: failed to remove key (1, ff:ff:ff:ff:ff:ff) from hardware (-22)
    (LP: #1720930)
    - iwlwifi: mvm: fix "failed to remove key" message

* CVE-2018-6927
    - futex: Prevent overflow by strengthen input validation

* After update to 4.13-43 Intel Graphics are Laggy (LP: #1773520)
    - SAUCE: Revert "drm/i915/edp: Allow alternate fixed mode for eDP if
      available."

* ELANPAD ELAN0612 does not work, patch available (LP: #1773509)
    - SAUCE: Input: elan_i2c - add ELAN0612 to the ACPI table

* kernel backtrace when receiving large UDP packages (LP: #1772031)
    - iov_iter: fix page_copy_sane for compound pages

* FS-Cache: Assertion failed: FS-Cache: 6 == 5 is false (LP: #1774336)
    - SAUCE: CacheFiles: fix a read_waiter/read_copier race

* CVE-2018-5803
    - sctp: verify size of a new chunk in _sctp_make_chunk()

* enable mic-mute hotkey and led on Lenovo M820z and M920z (LP: #1774306)
    - ALSA: hda/realtek - Enable mic-mute hotkey for several Lenovo AIOs

* CVE-2018-7755
    - SAUCE: floppy: Do not copy a kernel pointer to user memory in FDGETPRM ioctl

* CVE-2018-5750
    - ACPI: sbshc: remove raw pointer from printk() message

-- Khalid Elmously <khalid.elmously@canonical.com>  Mon, 11 Jun 2018 23:25:30 +0000

Changed in linux (Ubuntu Artful):
status:	Fix Committed → Fix Released

Revision history for this message

Launchpad Janitor (janitor) wrote on 2018-07-02:

#8

Download full text (49.5 KiB)

This bug was fixed in the package linux - 4.15.0-24.26

---------------
linux (4.15.0-24.26) bionic; urgency=medium

* linux: 4.15.0-24.26 -proposed tracker (LP: #1776338)

  * Bionic update: upstream stable patchset 2018-06-06 (LP: #1775483)
    - drm: bridge: dw-hdmi: Fix overflow workaround for Amlogic Meson GX SoCs
    - i40e: Fix attach VF to VM issue
    - tpm: cmd_ready command can be issued only after granting locality
    - tpm: tpm-interface: fix tpm_transmit/_cmd kdoc
    - tpm: add retry logic
    - Revert "ath10k: send (re)assoc peer command when NSS changed"
    - bonding: do not set slave_dev npinfo before slave_enable_netpoll in
      bond_enslave
    - ipv6: add RTA_TABLE and RTA_PREFSRC to rtm_ipv6_policy
    - ipv6: sr: fix NULL pointer dereference in seg6_do_srh_encap()- v4 pkts
    - KEYS: DNS: limit the length of option strings
    - l2tp: check sockaddr length in pppol2tp_connect()
    - net: validate attribute sizes in neigh_dump_table()
    - llc: delete timers synchronously in llc_sk_free()
    - tcp: don't read out-of-bounds opsize
    - net: af_packet: fix race in PACKET_{R|T}X_RING
    - tcp: md5: reject TCP_MD5SIG or TCP_MD5SIG_EXT on established sockets
    - net: fix deadlock while clearing neighbor proxy table
    - team: avoid adding twice the same option to the event list
    - net/smc: fix shutdown in state SMC_LISTEN
    - team: fix netconsole setup over team
    - packet: fix bitfield update race
    - tipc: add policy for TIPC_NLA_NET_ADDR
    - pppoe: check sockaddr length in pppoe_connect()
    - vlan: Fix reading memory beyond skb->tail in skb_vlan_tagged_multi
    - amd-xgbe: Add pre/post auto-negotiation phy hooks
    - sctp: do not check port in sctp_inet6_cmp_addr
    - amd-xgbe: Improve KR auto-negotiation and training
    - strparser: Do not call mod_delayed_work with a timeout of LONG_MAX
    - amd-xgbe: Only use the SFP supported transceiver signals
    - strparser: Fix incorrect strp->need_bytes value.
    - net: sched: ife: signal not finding metaid
    - tcp: clear tp->packets_out when purging write queue
    - net: sched: ife: handle malformed tlv length
    - net: sched: ife: check on metadata length
    - llc: hold llc_sap before release_sock()
    - llc: fix NULL pointer deref for SOCK_ZAPPED
    - net: ethernet: ti: cpsw: fix tx vlan priority mapping
    - virtio_net: split out ctrl buffer
    - virtio_net: fix adding vids on big-endian
    - KVM: s390: force bp isolation for VSIE
    - s390: correct module section names for expoline code revert
    - microblaze: Setup dependencies for ASM optimized lib functions
    - commoncap: Handle memory allocation failure.
    - scsi: mptsas: Disable WRITE SAME
    - cdrom: information leak in cdrom_ioctl_media_changed()
    - m68k/mac: Don't remap SWIM MMIO region
    - block/swim: Check drive type
    - block/swim: Don't log an error message for an invalid ioctl
    - block/swim: Remove extra put_disk() call from error path
    - block/swim: Rename macros to avoid inconsistent inverted logic
    - block/swim: Select appropriate drive on device open
    - block/swim: Fix array bounds check
    - block/swim: Fix IO error at end of medium
    -...

This bug was fixed in the package linux - 4.15.0-24.26

---------------
linux (4.15.0-24.26) bionic; urgency=medium

* linux: 4.15.0-24.26 -proposed tracker (LP: #1776338)

* Bionic update: upstream stable patchset 2018-06-06 (LP: #1775483)
    - drm: bridge: dw-hdmi: Fix overflow workaround for Amlogic Meson GX SoCs
    - i40e: Fix attach VF to VM issue
    - tpm: cmd_ready command can be issued only after granting locality
    - tpm: tpm-interface: fix tpm_transmit/_cmd kdoc
    - tpm: add retry logic
    - Revert "ath10k: send (re)assoc peer command when NSS changed"
    - bonding: do not set slave_dev npinfo before slave_enable_netpoll in
      bond_enslave
    - ipv6: add RTA_TABLE and RTA_PREFSRC to rtm_ipv6_policy
    - ipv6: sr: fix NULL pointer dereference in seg6_do_srh_encap()- v4 pkts
    - KEYS: DNS: limit the length of option strings
    - l2tp: check sockaddr length in pppol2tp_connect()
    - net: validate attribute sizes in neigh_dump_table()
    - llc: delete timers synchronously in llc_sk_free()
    - tcp: don't read out-of-bounds opsize
    - net: af_packet: fix race in PACKET_{R|T}X_RING
    - tcp: md5: reject TCP_MD5SIG or TCP_MD5SIG_EXT on established sockets
    - net: fix deadlock while clearing neighbor proxy table
    - team: avoid adding twice the same option to the event list
    - net/smc: fix shutdown in state SMC_LISTEN
    - team: fix netconsole setup over team
    - packet: fix bitfield update race
    - tipc: add policy for TIPC_NLA_NET_ADDR
    - pppoe: check sockaddr length in pppoe_connect()
    - vlan: Fix reading memory beyond skb->tail in skb_vlan_tagged_multi
    - amd-xgbe: Add pre/post auto-negotiation phy hooks
    - sctp: do not check port in sctp_inet6_cmp_addr
    - amd-xgbe: Improve KR auto-negotiation and training
    - strparser: Do not call mod_delayed_work with a timeout of LONG_MAX
    - amd-xgbe: Only use the SFP supported transceiver signals
    - strparser: Fix incorrect strp->need_bytes value.
    - net: sched: ife: signal not finding metaid
    - tcp: clear tp->packets_out when purging write queue
    - net: sched: ife: handle malformed tlv length
    - net: sched: ife: check on metadata length
    - llc: hold llc_sap before release_sock()
    - llc: fix NULL pointer deref for SOCK_ZAPPED
    - net: ethernet: ti: cpsw: fix tx vlan priority mapping
    - virtio_net: split out ctrl buffer
    - virtio_net: fix adding vids on big-endian
    - KVM: s390: force bp isolation for VSIE
    - s390: correct module section names for expoline code revert
    - microblaze: Setup dependencies for ASM optimized lib functions
    - commoncap: Handle memory allocation failure.
    - scsi: mptsas: Disable WRITE SAME
    - cdrom: information leak in cdrom_ioctl_media_changed()
    - m68k/mac: Don't remap SWIM MMIO region
    - block/swim: Check drive type
    - block/swim: Don't log an error message for an invalid ioctl
    - block/swim: Remove extra put_disk() call from error path
    - block/swim: Rename macros to avoid inconsistent inverted logic
    - block/swim: Select appropriate drive on device open
    - block/swim: Fix array bounds check
    - block/swim: Fix IO error at end of medium
    - tracing: Fix missing tab for hwlat_detector print format
    - s390/cio: update chpid descriptor after resource accessibility event
    - s390/dasd: fix IO error for newly defined devices
    - s390/uprobes: implement arch_uretprobe_is_alive()
    - ACPI / video: Only default only_lcd to true on Win8-ready _desktops_
    - docs: ip-sysctl.txt: fix name of some ipv6 variables
    - net: mvpp2: Fix DMA address mask size
    - net: stmmac: Disable ACS Feature for GMAC >= 4
    - l2tp: hold reference on tunnels in netlink dumps
    - l2tp: hold reference on tunnels printed in pppol2tp proc file
    - l2tp: hold reference on tunnels printed in l2tp/tunnels debugfs file
    - l2tp: fix {pppol2tp, l2tp_dfs}_seq_stop() in case of seq_file overflow
    - s390/qeth: fix error handling in adapter command callbacks
    - s390/qeth: avoid control IO completion stalls
    - s390/qeth: handle failure on workqueue creation
    - bnxt_en: Fix memory fault in bnxt_ethtool_init()
    - virtio-net: add missing virtqueue kick when flushing packets
    - VSOCK: make af_vsock.ko removable again
    - hwmon: (k10temp) Add temperature offset for Ryzen 2700X
    - hwmon: (k10temp) Add support for AMD Ryzen w/ Vega graphics
    - s390/cpum_cf: rename IBM z13/z14 counter names
    - kprobes: Fix random address output of blacklist file
    - Revert "pinctrl: intel: Initialize GPIO properly when used through irqchip"

* Lenovo V330 needs patch in ideapad_laptop module for rfkill (LP: #1774636)
    - SAUCE: Add Lenovo V330 to the ideapad_laptop rfkill blacklist

* bluetooth controller fail after suspend with USB autosuspend on XPS 13 9360
    (LP: #1775217)
    - Bluetooth: btusb: Add Dell XPS 13 9360 to btusb_needs_reset_resume_table

* [Hyper-V] PCI: hv: Fix 2 hang issues in hv_compose_msi_msg (LP: #1758378)
    - PCI: hv: Only queue new work items in hv_pci_devices_present() if necessary
    - PCI: hv: Remove the bogus test in hv_eject_device_work()
    - PCI: hv: Fix a comment typo in _hv_pcifront_read_config()

* register on binfmt_misc may overflow and crash the system (LP: #1775856)
    - fs/binfmt_misc.c: do not allow offset overflow

* CVE-2018-11508
    - compat: fix 4-byte infoleak via uninitialized struct field

* Network installs fail on SocioNext board (LP: #1775884)
    - net: netsec: reduce DMA mask to 40 bits
    - net: socionext: reset hardware in ndo_stop
    - net: netsec: enable tx-irq during open callback

* r8169 ethernet card don't work after returning from suspension
    (LP: #1752772)
    - PCI: Add pcim_set_mwi(), a device-managed pci_set_mwi()
    - r8169: switch to device-managed functions in probe
    - r8169: remove netif_napi_del in probe error path
    - r8169: remove some WOL-related dead code
    - r8169: disable WOL per default
    - r8169: improve interrupt handling
    - r8169: fix interrupt number after adding support for MSI-X interrupts

* ISST-LTE:KVM:Ubuntu18.04:BostonLC:boslcp3:boslcp3g3:Guest conosle hangs
    after hotplug CPU add operation. (LP: #1759723)
    - genirq/affinity: assign vectors to all possible CPUs
    - genirq/affinity: Don't return with empty affinity masks on error
    - genirq/affinity: Rename *node_to_possible_cpumask as *node_to_cpumask
    - genirq/affinity: Move actual irq vector spreading into a helper function
    - genirq/affinity: Allow irq spreading from a given starting point
    - genirq/affinity: Spread irq vectors among present CPUs as far as possible
    - blk-mq: simplify queue mapping & schedule with each possisble CPU
    - blk-mq: make sure hctx->next_cpu is set correctly
    - blk-mq: Avoid that blk_mq_delay_run_hw_queue() introduces unintended delays
    - blk-mq: make sure that correct hctx->next_cpu is set
    - blk-mq: avoid to write intermediate result to hctx->next_cpu
    - blk-mq: introduce blk_mq_hw_queue_first_cpu() to figure out first cpu
    - blk-mq: don't check queue mapped in __blk_mq_delay_run_hw_queue()
    - nvme: pci: pass max vectors as num_possible_cpus() to pci_alloc_irq_vectors
    - scsi: hpsa: fix selection of reply queue
    - scsi: megaraid_sas: fix selection of reply queue
    - scsi: core: introduce force_blk_mq
    - scsi: virtio_scsi: fix IO hang caused by automatic irq vector affinity
    - scsi: virtio_scsi: unify scsi_host_template

* Fix several bugs in RDMA/hns driver (LP: #1770974)
    - RDMA/hns: Use structs to describe the uABI instead of opencoding
    - RDMA/hns: Remove unnecessary platform_get_resource() error check
    - RDMA/hns: Remove unnecessary operator
    - RDMA/hns: Add names to function arguments in function pointers
    - RDMA/hns: Fix misplaced call to hns_roce_cleanup_hem_table
    - RDMA/hns: Fix a bug with modifying mac address
    - RDMA/hns: Use free_pages function instead of free_page
    - RDMA/hns: Replace __raw_write*(cpu_to_le*()) with LE write*()
    - RDMA/hns: Bugfix for init hem table
    - RDMA/hns: Intercept illegal RDMA operation when use inline data
    - RDMA/hns: Fix the qp context state diagram
    - RDMA/hns: Only assign mtu if IB_QP_PATH_MTU bit is set
    - RDMA/hns: Remove some unnecessary attr_mask judgement
    - RDMA/hns: Only assign dqpn if IB_QP_PATH_DEST_QPN bit is set
    - RDMA/hns: Adjust the order of cleanup hem table
    - RDMA/hns: Update assignment method for owner field of send wqe
    - RDMA/hns: Submit bad wr
    - RDMA/hns: Fix a couple misspellings
    - RDMA/hns: Add rq inline flags judgement
    - RDMA/hns: Bugfix for rq record db for kernel
    - RDMA/hns: Load the RoCE dirver automatically
    - RDMA/hns: Update convert function of endian format
    - RDMA/hns: Add return operation when configured global param fail
    - RDMA/hns: Not support qp transition from reset to reset for hip06
    - RDMA/hns: Fix the bug with rq sge
    - RDMA/hns: Set desc_dma_addr for zero when free cmq desc
    - RDMA/hns: Enable inner_pa_vld filed of mpt
    - RDMA/hns: Set NULL for __internal_mr
    - RDMA/hns: Fix the bug with NULL pointer
    - RDMA/hns: Bugfix for cq record db for kernel
    - RDMA/hns: Move the location for initializing tmp_len
    - RDMA/hns: Drop local zgid in favor of core defined variable
    - RDMA/hns: Add 64KB page size support for hip08
    - RDMA/hns: Rename the idx field of db
    - RDMA/hns: Modify uar allocation algorithm to avoid bitmap exhaust
    - RDMA/hns: Increase checking CMQ status timeout value
    - RDMA/hns: Add reset process for RoCE in hip08
    - RDMA/hns: Fix the illegal memory operation when cross page
    - RDMA/hns: Implement the disassociate_ucontext API

* powerpc/livepatch: Implement reliable stack tracing for the consistency
    model (LP: #1771844)
    - powerpc/livepatch: Implement reliable stack tracing for the consistency
      model

* vmxnet3: update to latest ToT (LP: #1768143)
    - vmxnet3: avoid xmit reset due to a race in vmxnet3
    - vmxnet3: use correct flag to indicate LRO feature
    - vmxnet3: fix incorrect dereference when rxvlan is disabled

* 4.15.0-22-generic fails to boot on IBM S822LC (POWER8 (raw), altivec
    supported) (LP: #1773162)
    - Revert "powerpc/64s: Add support for a store forwarding barrier at kernel
      entry/exit"
    - powerpc/64s: Add support for a store forwarding barrier at kernel entry/exit

* Decode ARM CPER records in kernel (LP: #1770244)
    - [Config] CONFIG_UEFI_CPER_ARM=y
    - efi: Move ARM CPER code to new file
    - efi: Parse ARM error information value

* Adding back alx WoL feature (LP: #1772610)
    - SAUCE: Revert "alx: remove WoL support"
    - SAUCE: alx: add enable_wol paramenter

* Lancer A0 Asic HBA's won't boot with 18.04 (LP: #1768103)
    - scsi: lpfc: Fix WQ/CQ creation for older asic's.
    - scsi: lpfc: Fix 16gb hbas failing cq create.

* [LTCTest][OPAL][OP920] cpupower idle-info is not listing stop4 and stop5
    idle states when all CORES are guarded (LP: #1771780)
    - SAUCE: cpuidle/powernv : init all present cpus for deep states

* Huawei 25G/100G Network Adapters Unsupported (LP: #1770970)
    - net-next/hinic: add pci device ids for 25ge and 100ge card

* [Ubuntu 18.04.1] POWER9 - Nvidia Volta - Kernel changes to enable Nvidia
    driver on bare metal (LP: #1772991)
    - powerpc/powernv/npu: Fix deadlock in mmio_invalidate()
    - powerpc/powernv/mce: Don't silently restart the machine
    - powerpc/npu-dma.c: Fix crash after __mmu_notifier_register failure
    - powerpc/mm: Flush cache on memory hot(un)plug
    - powerpc/powernv/memtrace: Let the arch hotunplug code flush cache
    - powerpc/powernv/npu: Add lock to prevent race in concurrent context
      init/destroy
    - powerpc/powernv/npu: Prevent overwriting of pnv_npu2_init_contex() callback
      parameters
    - powerpc/powernv/npu: Do a PID GPU TLB flush when invalidating a large
      address range
    - powerpc/mce: Fix a bug where mce loops on memory UE.

* cpum_sf: ensure sample freq is non-zero (LP: #1772593)
    - s390/cpum_sf: ensure sample frequency of perf event attributes is non-zero

* PCIe link speeds of 16 GT/s are shown as "Unknown speed" (LP: #1773243)
    - PCI: Add decoding for 16 GT/s link speed

* False positive ACPI _PRS error messages (LP: #1773295)
    - ACPI / PCI: pci_link: Allow the absence of _PRS and change log level

* Dell systems crash when disabling Nvidia dGPU (LP: #1773299)
    - ACPI / OSI: Add OEM _OSI strings to disable NVidia RTD3

* wlp3s0: failed to remove key (1, ff:ff:ff:ff:ff:ff) from hardware (-22)
    (LP: #1720930)
    - iwlwifi: mvm: fix "failed to remove key" message

* Expose arm64 CPU topology to userspace (LP: #1770231)
    - ACPICA: ACPI 6.2: Additional PPTT flags
    - drivers: base: cacheinfo: move cache_setup_of_node()
    - drivers: base: cacheinfo: setup DT cache properties early
    - cacheinfo: rename of_node to fw_token
    - arm64/acpi: Create arch specific cpu to acpi id helper
    - ACPI/PPTT: Add Processor Properties Topology Table parsing
    - [Config] CONFIG_ACPI_PPTT=y
    - ACPI: Enable PPTT support on ARM64
    - drivers: base cacheinfo: Add support for ACPI based firmware tables
    - arm64: Add support for ACPI based firmware tables
    - arm64: topology: rename cluster_id
    - arm64: topology: enable ACPI/PPTT based CPU topology
    - ACPI: Add PPTT to injectable table list
    - arm64: topology: divorce MC scheduling domain from core_siblings

* hisi_sas robustness fixes (LP: #1774466)
    - scsi: hisi_sas: delete timer when removing hisi_sas driver
    - scsi: hisi_sas: print device id for errors
    - scsi: hisi_sas: Add some checks to avoid free'ing a sas_task twice
    - scsi: hisi_sas: check host frozen before calling "done" function
    - scsi: hisi_sas: check sas_dev gone earlier in hisi_sas_abort_task()
    - scsi: hisi_sas: stop controller timer for reset
    - scsi: hisi_sas: update PHY linkrate after a controller reset
    - scsi: hisi_sas: change slot index allocation mode
    - scsi: hisi_sas: Change common allocation mode of device id
    - scsi: hisi_sas: Reset disks when discovered
    - scsi: hisi_sas: Create a scsi_host_template per HW module
    - scsi: hisi_sas: Init disks after controller reset
    - scsi: hisi_sas: Try wait commands before before controller reset
    - scsi: hisi_sas: Include TMF elements in struct hisi_sas_slot
    - scsi: hisi_sas: Add v2 hw force PHY function for internal ATA command
    - scsi: hisi_sas: Terminate STP reject quickly for v2 hw
    - scsi: hisi_sas: Fix return value when get_free_slot() failed
    - scsi: hisi_sas: Mark PHY as in reset for nexus reset

* hisi_sas: Support newer v3 hardware (LP: #1774467)
    - scsi: hisi_sas: update RAS feature for later revision of v3 HW
    - scsi: hisi_sas: check IPTT is valid before using it for v3 hw
    - scsi: hisi_sas: fix PI memory size
    - scsi: hisi_sas: config ATA de-reset as an constrained command for v3 hw
    - scsi: hisi_sas: remove redundant handling to event95 for v3
    - scsi: hisi_sas: add readl poll timeout helper wrappers
    - scsi: hisi_sas: workaround a v3 hw hilink bug
    - scsi: hisi_sas: Add LED feature for v3 hw

* hisi_sas: improve performance by optimizing DQ locking (LP: #1774472)
    - scsi: hisi_sas: initialize dq spinlock before use
    - scsi: hisi_sas: optimise the usage of DQ locking
    - scsi: hisi_sas: relocate smp sg map
    - scsi: hisi_sas: make return type of prep functions void
    - scsi: hisi_sas: allocate slot buffer earlier
    - scsi: hisi_sas: Don't lock DQ for complete task sending
    - scsi: hisi_sas: Use device lock to protect slot alloc/free
    - scsi: hisi_sas: add check of device in hisi_sas_task_exec()
    - scsi: hisi_sas: fix a typo in hisi_sas_task_prep()

* Request to revert SAUCE patches in the 18.04 SRU and update with upstream
    version (LP: #1768431)
    - scsi: cxlflash: Handle spurious interrupts
    - scsi: cxlflash: Remove commmands from pending list on timeout
    - scsi: cxlflash: Synchronize reset and remove ops
    - SAUCE: (no-up) cxlflash: OCXL diff between v2 and v3

* After update to 4.13-43 Intel Graphics are Laggy (LP: #1773520)
    - SAUCE: Revert "drm/i915/edp: Allow alternate fixed mode for eDP if
      available."

* ELANPAD ELAN0612 does not work, patch available (LP: #1773509)
    - SAUCE: Input: elan_i2c - add ELAN0612 to the ACPI table

* FS-Cache: Assertion failed: FS-Cache: 6 == 5 is false (LP: #1774336)
    - SAUCE: CacheFiles: fix a read_waiter/read_copier race

* hns3 driver updates (LP: #1768670)
    - net: hns3: VF should get the real rss_size instead of rss_size_max
    - net: hns3: set the cmdq out_vld bit to 0 after used
    - net: hns3: fix endian issue when PF get mbx message flag
    - net: hns3: fix the queue id for tqp enable&&reset
    - net: hns3: set the max ring num when alloc netdev
    - net: hns3: add support for VF driver inner interface
      hclgevf_ops.get_tqps_and_rss_info
    - net: hns3: refactor the hclge_get/set_rss function
    - net: hns3: refactor the hclge_get/set_rss_tuple function
    - net: hns3: fix for RSS configuration loss problem during reset
    - net: hns3: fix for pause configuration lost during reset
    - net: hns3: fix for use-after-free when setting ring parameter
    - net: hns3: refactor the get/put_vector function
    - net: hns3: fix for coalesce configuration lost during reset
    - net: hns3: refactor the coalesce related struct
    - net: hns3: fix for coal configuation lost when setting the channel
    - net: hns3: add existence check when remove old uc mac address
    - net: hns3: fix for netdev not running problem after calling net_stop and
      net_open
    - net: hns3: fix for ipv6 address loss problem after setting channels
    - net: hns3: unify the pause params setup function
    - net: hns3: fix rx path skb->truesize reporting bug
    - net: hns3: add support for querying pfc puase packets statistic
    - net: hns3: fix for loopback failure when vlan filter is enable
    - net: hns3: fix for buffer overflow smatch warning
    - net: hns3: fix error type definition of return value
    - net: hns3: fix return value error of hclge_get_mac_vlan_cmd_status()
    - net: hns3: add existence checking before adding unicast mac address
    - net: hns3: add result checking for VF when modify unicast mac address
    - net: hns3: reallocate tx/rx buffer after changing mtu
    - net: hns3: fix the VF queue reset flow error
    - net: hns3: fix for vlan table lost problem when resetting
    - net: hns3: increase the max time for IMP handle command
    - net: hns3: change GL update rate
    - net: hns3: change the time interval of int_gl calculating
    - net: hns3: fix for getting wrong link mode problem
    - net: hns3: add get_link support to VF
    - net: hns3: add querying speed and duplex support to VF
    - net: hns3: fix for not returning problem in get_link_ksettings when phy
      exists
    - net: hns3: Changes to make enet watchdog timeout func common for PF/VF
    - net: hns3: Add VF Reset Service Task to support event handling
    - net: hns3: Add VF Reset device state and its handling
    - net: hns3: Add support to request VF Reset to PF
    - net: hns3: Add support to reset the enet/ring mgmt layer
    - net: hns3: Add support to re-initialize the hclge device
    - net: hns3: Changes to support ARQ(Asynchronous Receive Queue)
    - net: hns3: Add *Asserting Reset* mailbox message & handling in VF
    - net: hns3: Changes required in PF mailbox to support VF reset
    - net: hns3: hclge_inform_reset_assert_to_vf() can be static
    - net: hns3: fix for returning wrong value problem in hns3_get_rss_key_size
    - net: hns3: fix for returning wrong value problem in hns3_get_rss_indir_size
    - net: hns3: fix for the wrong shift problem in hns3_set_txbd_baseinfo
    - net: hns3: fix for not initializing VF rss_hash_key problem
    - net: hns3: never send command queue message to IMP when reset
    - net: hns3: remove unnecessary pci_set_drvdata() and devm_kfree()
    - net: hns3: fix length overflow when CONFIG_ARM64_64K_PAGES
    - net: hns3: Remove error log when getting pfc stats fails
    - net: hns3: fix to correctly fetch l4 protocol outer header
    - net: hns3: Fixes the out of bounds access in hclge_map_tqp
    - net: hns3: Fixes the error legs in hclge_init_ae_dev function
    - net: hns3: fix for phy_addr error in hclge_mac_mdio_config
    - net: hns3: Fix to support autoneg only for port attached with phy
    - net: hns3: fix a dead loop in hclge_cmd_csq_clean
    - net: hns3: Fix for packet loss due wrong filter config in VLAN tbls
    - net: hns3: Remove packet statistics in the range of 8192~12287
    - net: hns3: Add support of hardware rx-vlan-offload to HNS3 VF driver
    - net: hns3: Fix for setting mac address when resetting
    - net: hns3: remove add/del_tunnel_udp in hns3_enet module
    - net: hns3: fix for cleaning ring problem
    - net: hns3: refactor the loopback related function
    - net: hns3: Fix for deadlock problem occurring when unregistering ae_algo
    - net: hns3: Fix for the null pointer problem occurring when initializing
      ae_dev failed
    - net: hns3: Add a check for client instance init state
    - net: hns3: Change return type of hnae3_register_ae_dev
    - net: hns3: Change return type of hnae3_register_ae_algo
    - net: hns3: Change return value in hnae3_register_client
    - net: hns3: Fixes the back pressure setting when sriov is enabled
    - net: hns3: Fix for fiber link up problem
    - net: hns3: Add support of .sriov_configure in HNS3 driver
    - net: hns3: Fixes the missing PCI iounmap for various legs
    - net: hns3: Fixes error reported by Kbuild and internal review
    - net: hns3: Fixes API to fetch ethernet header length with kernel default
    - net: hns3: cleanup of return values in hclge_init_client_instance()
    - net: hns3: Fix the missing client list node initialization
    - net: hns3: Fix for hns3 module is loaded multiple times problem
    - net: hns3: Use enums instead of magic number in hclge_is_special_opcode
    - net: hns3: Fix for netdev not running problem after calling net_stop and
      net_open
    - net: hns3: Fixes kernel panic issue during rmmod hns3 driver
    - net: hns3: Fix for CMDQ and Misc. interrupt init order problem
    - net: hns3: Updates RX packet info fetch in case of multi BD
    - net: hns3: Add support for tx_accept_tag2 and tx_accept_untag2 config
    - net: hns3: Add STRP_TAGP field support for hardware revision 0x21
    - net: hns3: Add support to enable TX/RX promisc mode for H/W rev(0x21)
    - net: hns3: Fix for PF mailbox receving unknown message
    - net: hns3: Fixes the state to indicate client-type initialization
    - net: hns3: Fixes the init of the VALID BD info in the descriptor
    - net: hns3: Removes unnecessary check when clearing TX/RX rings
    - net: hns3: Clear TX/RX rings when stopping port & un-initializing client
    - net: hns3: Remove unused led control code
    - net: hns3: Adds support for led locate command for copper port
    - net: hns3: Fixes initalization of RoCE handle and makes it conditional
    - net: hns3: Disable vf vlan filter when vf vlan table is full
    - net: hns3: Add support for IFF_ALLMULTI flag
    - net: hns3: Add repeat address checking for setting mac address
    - net: hns3: Fix setting mac address error
    - net: hns3: Fix for service_task not running problem after resetting
    - net: hns3: Fix for hclge_reset running repeatly problem
    - net: hns3: Fix for phy not link up problem after resetting
    - net: hns3: Add missing break in misc_irq_handle
    - net: hns3: Fix for vxlan tx checksum bug
    - net: hns3: Optimize the PF's process of updating multicast MAC
    - net: hns3: Optimize the VF's process of updating multicast MAC
    - SAUCE: {topost} net: hns3: add support for serdes loopback selftest
    - SAUCE: {topost} net: hns3: RX BD information valid only in last BD except
      VLD bit and buffer size
    - SAUCE: {topost} net: hns3: remove hclge_get_vector_index from
      hclge_bind_ring_with_vector
    - SAUCE: {topost} net: hns3: rename the interface for init_client_instance and
      uninit_client_instance
    - SAUCE: {topost} net: hns3: add vector status check before free vector
    - SAUCE: {topost} net: hns3: add l4_type check for both ipv4 and ipv6
    - SAUCE: {topost} net: hns3: remove unused head file in hnae3.c
    - SAUCE: {topost} net: hns3: extraction an interface for state state
      init|uninit
    - SAUCE: {topost} net: hns3: print the ret value in error information
    - SAUCE: {topost} net: hns3: remove the Redundant put_vector in
      hns3_client_uninit
    - SAUCE: {topost} net: hns3: add unlikely for error check
    - SAUCE: {topost} net: hns3: remove back in struct hclge_hw
    - SAUCE: {topost} net: hns3: use lower_32_bits and upper_32_bits
    - SAUCE: {topost} net: hns3: remove unused hclge_ring_to_dma_dir
    - SAUCE: {topost} net: hns3: remove useless code in hclge_cmd_send
    - SAUCE: {topost} net: hns3: remove some redundant assignments
    - SAUCE: {topost} net: hns3: simplify hclge_cmd_csq_clean
    - SAUCE: {topost} net: hns3: using modulo for cyclic counters in
      hclge_cmd_send
    - SAUCE: {topost} net: hns3: remove a redundant hclge_cmd_csq_done
    - SAUCE: {topost} net: hns3: remove some unused members of some structures
    - SAUCE: {topost} net: hns3: give default option while dependency HNS3 set
    - SAUCE: {topost} net: hns3: use dma_zalloc_coherent instead of
      kzalloc/dma_map_single
    - SAUCE: {topost} net: hns3: modify hnae_ to hnae3_
    - SAUCE: {topost} net: hns3: fix unused function warning in VF driver
    - SAUCE: {topost} net: hns3: remove some redundant assignments
    - SAUCE: {topost} net: hns3: standardize the handle of return value
    - SAUCE: {topost} net: hns3: remove extra space and brackets
    - SAUCE: {topost} net: hns3: fix unreasonable code comments
    - SAUCE: {topost} net: hns3: use decimal for bit offset macros
    - SAUCE: {topost} net: hns3: modify inconsistent bit mask macros
    - SAUCE: {topost} net: hns3: fix mislead parameter name
    - SAUCE: {topost} net: hns3: remove unused struct member and definition
    - SAUCE: {topost} net: hns3: Add SPDX tags to hns3 driver
    - SAUCE: {topost} net: hns3: Add pf reset for hip08 RoCE
    - SAUCE: {topost} net: hns3: optimize the process of notifying roce client
    - SAUCE: {topost} net: hns3: Add calling roce callback function when link
      status change
    - SAUCE: {topost} net: hns3: fix tc setup when netdev is first up
    - SAUCE: {topost} net: hns3: fix for mac pause not disable in pfc mode
    - SAUCE: {topost} net: hns3: fix for waterline not setting correctly
    - SAUCE: {topost} net: hns3: fix for l4 checksum offload bug
    - SAUCE: {topost} net: hns3: fix for mailbox message truncated problem
    - SAUCE: {topost} net: hns3: Add configure for mac minimal frame size
    - SAUCE: {topost} net: hns3: fix warning bug when doing lp selftest
    - SAUCE: {topost} net: hns3: fix get_vector ops in hclgevf_main module
    - SAUCE: {topost} net: hns3: remove the warning when clear reset cause
    - SAUCE: {topost} net: hns3: Use roce handle when calling roce callback
      function
    - SAUCE: {topost} net: hns3: prevent sending command during global or core
      reset
    - SAUCE: {topost} net: hns3: modify the order of initializeing command queue
      register
    - SAUCE: {topost} net: hns3: reset net device with rtnl_lock
    - SAUCE: {topost} net: hns3: prevent to request reset frequently
    - SAUCE: {topost} net: hns3: correct reset event status register
    - SAUCE: {topost} net: hns3: separate roce from nic when resetting
    - SAUCE: net: hns3: Fix for phy link issue when using marvell phy driver
    - SAUCE: {topost} net: hns3: fix return value error in
      hns3_reset_notify_down_enet
    - SAUCE: {topost} net: hns3: remove unnecessary ring configuration operation
      while resetting
    - SAUCE: {topost} net: hns3: fix for reset_level default assignment probelm
    - SAUCE: {topost} net: hns3: fix for using wrong mask and shift in
      hclge_get_ring_chain_from_mbx
    - SAUCE: {topost} net: hns3: fix comments for hclge_get_ring_chain_from_mbx
    - SAUCE: net: hns3: Fix for VF mailbox cannot receiving PF response
    - SAUCE: net: hns3: Fix for VF mailbox receiving unknown message
    - SAUCE: net: hns3: Optimize PF CMDQ interrupt switching process

* enable mic-mute hotkey and led on Lenovo M820z and M920z (LP: #1774306)
    - ALSA: hda/realtek - Enable mic-mute hotkey for several Lenovo AIOs

* Bionic update: upstream stable patchset 2018-05-29 (LP: #1774063)
    - cifs: do not allow creating sockets except with SMB1 posix exensions
    - btrfs: fix unaligned access in readdir
    - x86/acpi: Prevent X2APIC id 0xffffffff from being accounted
    - clocksource/imx-tpm: Correct -ETIME return condition check
    - x86/tsc: Prevent 32bit truncation in calc_hpet_ref()
    - drm/vc4: Fix memory leak during BO teardown
    - drm/i915/gvt: throw error on unhandled vfio ioctls
    - drm/i915/audio: Fix audio detection issue on GLK
    - drm/i915: Do no use kfree() to free a kmem_cache_alloc() return value
    - drm/i915: Fix LSPCON TMDS output buffer enabling from low-power state
    - drm/i915/bxt, glk: Increase PCODE timeouts during CDCLK freq changing
    - usb: musb: fix enumeration after resume
    - usb: musb: call pm_runtime_{get,put}_sync before reading vbus registers
    - usb: musb: Fix external abort in musb_remove on omap2430
    - firewire-ohci: work around oversized DMA reads on JMicron controllers
    - x86/tsc: Allow TSC calibration without PIT
    - NFSv4: always set NFS_LOCK_LOST when a lock is lost.
    - ACPI / LPSS: Do not instiate platform_dev for devs without MMIO resources
    - ALSA: hda - Use IS_REACHABLE() for dependency on input
    - ASoC: au1x: Fix timeout tests in au1xac97c_ac97_read()
    - kvm: x86: fix KVM_XEN_HVM_CONFIG ioctl
    - RDMA/core: Clarify rdma_ah_find_type
    - KVM: PPC: Book3S HV: Enable migration of decrementer register
    - netfilter: ipv6: nf_defrag: Pass on packets to stack per RFC2460
    - tracing/hrtimer: Fix tracing bugs by taking all clock bases and modes into
      account
    - KVM: s390: use created_vcpus in more places
    - platform/x86: dell-laptop: Filter out spurious keyboard backlight change
      events
    - xprtrdma: Fix backchannel allocation of extra rpcrdma_reps
    - selftest: ftrace: Fix to pick text symbols for kprobes
    - PCI: Add function 1 DMA alias quirk for Marvell 9128
    - Input: psmouse - fix Synaptics detection when protocol is disabled
    - libbpf: Makefile set specified permission mode
    - Input: synaptics - reset the ABS_X/Y fuzz after initializing MT axes
    - i40iw: Free IEQ resources
    - i40iw: Zero-out consumer key on allocate stag for FMR
    - perf unwind: Do not look just at the global callchain_param.record_mode
    - tools lib traceevent: Simplify pointer print logic and fix %pF
    - perf callchain: Fix attr.sample_max_stack setting
    - tools lib traceevent: Fix get_field_str() for dynamic strings
    - perf record: Fix failed memory allocation for get_cpuid_str
    - iommu/exynos: Don't unconditionally steal bus ops
    - powerpc: System reset avoid interleaving oops using die synchronisation
    - iommu/vt-d: Use domain instead of cache fetching
    - dm thin: fix documentation relative to low water mark threshold
    - dm mpath: return DM_MAPIO_REQUEUE on blk-mq rq allocation failure
    - ubifs: Fix uninitialized variable in search_dh_cookie()
    - net: stmmac: dwmac-meson8b: fix setting the RGMII TX clock on Meson8b
    - net: stmmac: dwmac-meson8b: propagate rate changes to the parent clock
    - spi: a3700: Clear DATA_OUT when performing a read
    - IB/cq: Don't force IB_POLL_DIRECT poll context for ib_process_cq_direct
    - nfs: Do not convert nfs_idmap_cache_timeout to jiffies
    - MIPS: Fix clean of vmlinuz.{32,ecoff,bin,srec}
    - PCI: Add dummy pci_irqd_intx_xlate() for CONFIG_PCI=n build
    - watchdog: sp5100_tco: Fix watchdog disable bit
    - kconfig: Don't leak main menus during parsing
    - kconfig: Fix automatic menu creation mem leak
    - kconfig: Fix expr_free() E_NOT leak
    - ipmi/powernv: Fix error return code in ipmi_powernv_probe()
    - Btrfs: set plug for fsync
    - btrfs: Fix out of bounds access in btrfs_search_slot
    - Btrfs: fix scrub to repair raid6 corruption
    - btrfs: fail mount when sb flag is not in BTRFS_SUPER_FLAG_SUPP
    - Btrfs: fix unexpected EEXIST from btrfs_get_extent
    - Btrfs: raid56: fix race between merge_bio and rbio_orig_end_io
    - RDMA/cma: Check existence of netdevice during port validation
    - f2fs: avoid hungtask when GC encrypted block if io_bits is set
    - scsi: devinfo: fix format of the device list
    - scsi: fas216: fix sense buffer initialization
    - Input: stmfts - set IRQ_NOAUTOEN to the irq flag
    - HID: roccat: prevent an out of bounds read in kovaplus_profile_activated()
    - nfp: fix error return code in nfp_pci_probe()
    - block: Set BIO_TRACE_COMPLETION on new bio during split
    - bpf: test_maps: cleanup sockmaps when test ends
    - i40evf: Don't schedule reset_task when device is being removed
    - i40evf: ignore link up if not running
    - platform/x86: thinkpad_acpi: suppress warning about palm detection
    - KVM: s390: vsie: use READ_ONCE to access some SCB fields
    - blk-mq-debugfs: don't allow write on attributes with seq_operations set
    - ASoC: rockchip: Use dummy_dai for rt5514 dsp dailink
    - igb: Allow to remove administratively set MAC on VFs
    - igb: Clear TXSTMP when ptp_tx_work() is timeout
    - fm10k: fix "failed to kill vid" message for VF
    - x86/hyperv: Stop suppressing X86_FEATURE_PCID
    - tty: serial: exar: Relocate sleep wake-up handling
    - device property: Define type of PROPERTY_ENRTY_*() macros
    - crypto: artpec6 - remove select on non-existing CRYPTO_SHA384
    - RDMA/uverbs: Use an unambiguous errno for method not supported
    - jffs2: Fix use-after-free bug in jffs2_iget()'s error handling path
    - ixgbe: don't set RXDCTL.RLPML for 82599
    - i40e: program fragmented IPv4 filter input set
    - i40e: fix reported mask for ntuple filters
    - samples/bpf: Partially fixes the bpf.o build
    - powerpc/numa: Use ibm,max-associativity-domains to discover possible nodes
    - powerpc/numa: Ensure nodes initialized for hotplug
    - RDMA/mlx5: Avoid memory leak in case of XRCD dealloc failure
    - ntb_transport: Fix bug with max_mw_size parameter
    - gianfar: prevent integer wrapping in the rx handler
    - x86/hyperv: Check for required priviliges in hyperv_init()
    - netfilter: x_tables: fix pointer leaks to userspace
    - tcp_nv: fix potential integer overflow in tcpnv_acked
    - kvm: Map PFN-type memory regions as writable (if possible)
    - x86/kvm/vmx: do not use vm-exit instruction length for fast MMIO when
      running nested
    - fs/dax.c: release PMD lock even when there is no PMD support in DAX
    - ocfs2: return -EROFS to mount.ocfs2 if inode block is invalid
    - ocfs2/acl: use 'ip_xattr_sem' to protect getting extended attribute
    - ocfs2: return error when we attempt to access a dirty bh in jbd2
    - mm/mempolicy: fix the check of nodemask from user
    - mm/mempolicy: add nodes_empty check in SYSC_migrate_pages
    - asm-generic: provide generic_pmdp_establish()
    - sparc64: update pmdp_invalidate() to return old pmd value
    - mm: thp: use down_read_trylock() in khugepaged to avoid long block
    - mm: pin address_space before dereferencing it while isolating an LRU page
    - mm/fadvise: discard partial page if endbyte is also EOF
    - openvswitch: Remove padding from packet before L3+ conntrack processing
    - blk-mq: fix discard merge with scheduler attached
    - IB/hfi1: Re-order IRQ cleanup to address driver cleanup race
    - IB/hfi1: Fix for potential refcount leak in hfi1_open_file()
    - IB/ipoib: Fix for potential no-carrier state
    - IB/core: Map iWarp AH type to undefined in rdma_ah_find_type
    - drm/nouveau/pmu/fuc: don't use movw directly anymore
    - s390/eadm: fix CONFIG_BLOCK include dependency
    - netfilter: ipv6: nf_defrag: Kill frag queue on RFC2460 failure
    - x86/power: Fix swsusp_arch_resume prototype
    - x86/dumpstack: Avoid uninitlized variable
    - firmware: dmi_scan: Fix handling of empty DMI strings
    - ACPI: processor_perflib: Do not send _PPC change notification if not ready
    - ACPI / bus: Do not call _STA on battery devices with unmet dependencies
    - ACPI / scan: Use acpi_bus_get_status() to initialize ACPI_TYPE_DEVICE devs
    - MIPS: TXx9: use IS_BUILTIN() for CONFIG_LEDS_CLASS
    - perf record: Fix period option handling
    - MIPS: Generic: Support GIC in EIC mode
    - perf evsel: Fix period/freq terms setup
    - xen-netfront: Fix race between device setup and open
    - xen/grant-table: Use put_page instead of free_page
    - bpf: sockmap, fix leaking maps with attached but not detached progs
    - RDS: IB: Fix null pointer issue
    - arm64: spinlock: Fix theoretical trylock() A-B-A with LSE atomics
    - proc: fix /proc/*/map_files lookup
    - PM / domains: Fix up domain-idle-states OF parsing
    - cifs: silence compiler warnings showing up with gcc-8.0.0
    - bcache: properly set task state in bch_writeback_thread()
    - bcache: fix for allocator and register thread race
    - bcache: fix for data collapse after re-attaching an attached device
    - bcache: return attach error when no cache set exist
    - cpufreq: intel_pstate: Enable HWP during system resume on CPU0
    - selftests/ftrace: Add some missing glob checks
    - rxrpc: Don't put crypto buffers on the stack
    - svcrdma: Fix Read chunk round-up
    - net: Extra '_get' in declaration of arch_get_platform_mac_address
    - tools/libbpf: handle issues with bpf ELF objects containing .eh_frames
    - SUNRPC: Don't call __UDPX_INC_STATS() from a preemptible context
    - net: stmmac: discard disabled flags in interrupt status register
    - bpf: fix rlimit in reuseport net selftest
    - ACPI / EC: Restore polling during noirq suspend/resume phases
    - PM / wakeirq: Fix unbalanced IRQ enable for wakeirq
    - vfs/proc/kcore, x86/mm/kcore: Fix SMAP fault when dumping vsyscall user page
    - powerpc/mm/hash64: Zero PGD pages on allocation
    - x86/platform/UV: Fix GAM Range Table entries less than 1GB
    - locking/qspinlock: Ensure node->count is updated before initialising node
    - powerpc/powernv: IMC fix out of bounds memory access at shutdown
    - perf test: Fix test trace+probe_libc_inet_pton.sh for s390x
    - irqchip/gic-v3: Ignore disabled ITS nodes
    - cpumask: Make for_each_cpu_wrap() available on UP as well
    - irqchip/gic-v3: Change pr_debug message to pr_devel
    - RDMA/core: Reduce poll batch for direct cq polling
    - alarmtimer: Init nanosleep alarm timer on stack
    - netfilter: x_tables: cap allocations at 512 mbyte
    - netfilter: x_tables: add counters allocation wrapper
    - netfilter: compat: prepare xt_compat_init_offsets to return errors
    - netfilter: compat: reject huge allocation requests
    - netfilter: x_tables: limit allocation requests for blob rule heads
    - perf: Fix sample_max_stack maximum check
    - perf: Return proper values for user stack errors
    - RDMA/mlx5: Fix NULL dereference while accessing XRC_TGT QPs
    - Revert "KVM: X86: Fix SMRAM accessing even if VM is shutdown"
    - mac80211_hwsim: fix use-after-free bug in hwsim_exit_net
    - btrfs: Fix race condition between delayed refs and blockgroup removal
    - mm,vmscan: Allow preallocating memory for register_shrinker().

* Bionic update: upstream stable patchset 2018-05-24 (LP: #1773233)
    - tty: make n_tty_read() always abort if hangup is in progress
    - cpufreq: CPPC: Use transition_delay_us depending transition_latency
    - ubifs: Check ubifs_wbuf_sync() return code
    - ubi: fastmap: Don't flush fastmap work on detach
    - ubi: Fix error for write access
    - ubi: Reject MLC NAND
    - mm/ksm.c: fix inconsistent accounting of zero pages
    - mm/hmm: hmm_pfns_bad() was accessing wrong struct
    - task_struct: only use anon struct under randstruct plugin
    - fs/reiserfs/journal.c: add missing resierfs_warning() arg
    - resource: fix integer overflow at reallocation
    - ipc/shm: fix use-after-free of shm file via remap_file_pages()
    - mm, slab: reschedule cache_reap() on the same CPU
    - usb: musb: gadget: misplaced out of bounds check
    - phy: allwinner: sun4i-usb: poll vbus changes on A23/A33 when driving VBUS
    - usb: gadget: udc: core: update usb_ep_queue() documentation
    - ARM64: dts: meson: reduce odroid-c2 eMMC maximum rate
    - KVM: arm/arm64: vgic-its: Fix potential overrun in vgic_copy_lpi_list
    - ARM: EXYNOS: Fix coupled CPU idle freeze on Exynos4210
    - arm: dts: mt7623: fix USB initialization fails on bananapi-r2
    - ARM: dts: at91: at91sam9g25: fix mux-mask pinctrl property
    - ARM: dts: exynos: Fix IOMMU support for GScaler devices on Exynos5250
    - ARM: dts: at91: sama5d4: fix pinctrl compatible string
    - spi: atmel: init FIFOs before spi enable
    - spi: Fix scatterlist elements size in spi_map_buf
    - spi: Fix unregistration of controller with fixed SPI bus number
    - media: atomisp_fops.c: disable atomisp_compat_ioctl32
    - media: vivid: check if the cec_adapter is valid
    - media: vsp1: Fix BRx conditional path in WPF
    - x86/xen: Delay get_cpu_cap until stack canary is established
    - regmap: Fix reversed bounds check in regmap_raw_write()
    - ACPI / video: Add quirk to force acpi-video backlight on Samsung 670Z5E
    - ACPI / hotplug / PCI: Check presence of slot itself in get_slot_status()
    - USB: gadget: f_midi: fixing a possible double-free in f_midi
    - USB:fix USB3 devices behind USB3 hubs not resuming at hibernate thaw
    - usb: dwc3: prevent setting PRTCAP to OTG from debugfs
    - usb: dwc3: pci: Properly cleanup resource
    - usb: dwc3: gadget: never call ->complete() from ->ep_queue()
    - cifs: fix memory leak in SMB2_open()
    - fix smb3-encryption breakage when CONFIG_DEBUG_SG=y
    - smb3: Fix root directory when server returns inode number of zero
    - HID: i2c-hid: fix size check and type usage
    - i2c: i801: Save register SMBSLVCMD value only once
    - i2c: i801: Restore configuration at shutdown
    - CIFS: refactor crypto shash/sdesc allocation&free
    - CIFS: add sha512 secmech
    - CIFS: fix sha512 check in cifs_crypto_secmech_release
    - powerpc/64s: Fix dt_cpu_ftrs to have restore_cpu clear unwanted LPCR bits
    - powerpc/64: Call H_REGISTER_PROC_TBL when running as a HPT guest on POWER9
    - powerpc/64: Fix smp_wmb barrier definition use use lwsync consistently
    - powerpc/kprobes: Fix call trace due to incorrect preempt count
    - powerpc/kexec_file: Fix error code when trying to load kdump kernel
    - powerpc/powernv: define a standard delay for OPAL_BUSY type retry loops
    - powerpc/powernv: Fix OPAL NVRAM driver OPAL_BUSY loops
    - HID: Fix hid_report_len usage
    - HID: core: Fix size as type u32
    - soc: mediatek: fix the mistaken pointer accessed when subdomains are added
    - ASoC: ssm2602: Replace reg_default_raw with reg_default
    - ASoC: topology: Fix kcontrol name string handling
    - irqchip/gic: Take lock when updating irq type
    - random: use a tighter cap in credit_entropy_bits_safe()
    - extcon: intel-cht-wc: Set direction and drv flags for V5 boost GPIO
    - block: use 32-bit blk_status_t on Alpha
    - jbd2: if the journal is aborted then don't allow update of the log tail
    - ext4: shutdown should not prevent get_write_access
    - ext4: eliminate sleep from shutdown ioctl
    - ext4: pass -ESHUTDOWN code to jbd2 layer
    - ext4: don't update checksum of new initialized bitmaps
    - ext4: protect i_disksize update by i_data_sem in direct write path
    - ext4: limit xattr size to INT_MAX
    - ext4: always initialize the crc32c checksum driver
    - ext4: don't allow r/w mounts if metadata blocks overlap the superblock
    - ext4: move call to ext4_error() into ext4_xattr_check_block()
    - ext4: add bounds checking to ext4_xattr_find_entry()
    - ext4: add extra checks to ext4_xattr_block_get()
    - dm crypt: limit the number of allocated pages
    - RDMA/ucma: Don't allow setting RDMA_OPTION_IB_PATH without an RDMA device
    - RDMA/mlx5: Protect from NULL pointer derefence
    - RDMA/rxe: Fix an out-of-bounds read
    - ALSA: pcm: Fix UAF at PCM release via PCM timer access
    - IB/srp: Fix srp_abort()
    - IB/srp: Fix completion vector assignment algorithm
    - dmaengine: at_xdmac: fix rare residue corruption
    - cxl: Fix possible deadlock when processing page faults from cxllib
    - tpm: self test failure should not cause suspend to fail
    - libnvdimm, dimm: fix dpa reservation vs uninitialized label area
    - libnvdimm, namespace: use a safe lookup for dimm device name
    - nfit, address-range-scrub: fix scrub in-progress reporting
    - nfit: skip region registration for incomplete control regions
    - ring-buffer: Check if memory is available before allocation
    - um: Compile with modern headers
    - um: Use POSIX ucontext_t instead of struct ucontext
    - iommu/vt-d: Fix a potential memory leak
    - mmc: jz4740: Fix race condition in IRQ mask update
    - mmc: tmio: Fix error handling when issuing CMD23
    - PCI: Mark Broadcom HT1100 and HT2000 Root Port Extended Tags as broken
    - clk: mvebu: armada-38x: add support for missing clocks
    - clk: fix false-positive Wmaybe-uninitialized warning
    - clk: mediatek: fix PWM clock source by adding a fixed-factor clock
    - clk: bcm2835: De-assert/assert PLL reset signal when appropriate
    - pwm: rcar: Fix a condition to prevent mismatch value setting to duty
    - thermal: imx: Fix race condition in imx_thermal_probe()
    - dt-bindings: clock: mediatek: add binding for fixed-factor clock axisel_d4
    - watchdog: f71808e_wdt: Fix WD_EN register read
    - ALSA: pcm: Use ERESTARTSYS instead of EINTR in OSS emulation
    - ALSA: pcm: Avoid potential races between OSS ioctls and read/write
    - ALSA: pcm: Return -EBUSY for OSS ioctls changing busy streams
    - ALSA: pcm: Fix mutex unbalance in OSS emulation ioctls
    - ALSA: pcm: Fix endless loop for XRUN recovery in OSS emulation
    - drm/amdgpu: Add an ATPX quirk for hybrid laptop
    - drm/amdgpu: Fix always_valid bos multiple LRU insertions.
    - drm/amdgpu/sdma: fix mask in emit_pipeline_sync
    - drm/amdgpu: Fix PCIe lane width calculation
    - drm/amdgpu/si: implement get/set pcie_lanes asic callback
    - drm/rockchip: Clear all interrupts before requesting the IRQ
    - drm/radeon: add PX quirk for Asus K73TK
    - drm/radeon: Fix PCIe lane width calculation
    - ALSA: line6: Use correct endpoint type for midi output
    - ALSA: rawmidi: Fix missing input substream checks in compat ioctls
    - ALSA: hda - New VIA controller suppor no-snoop path
    - random: fix crng_ready() test
    - random: use a different mixing algorithm for add_device_randomness()
    - random: crng_reseed() should lock the crng instance that it is modifying
    - random: add new ioctl RNDRESEEDCRNG
    - HID: input: fix battery level reporting on BT mice
    - HID: hidraw: Fix crash on HIDIOCGFEATURE with a destroyed device
    - HID: wacom: bluetooth: send exit report for recent Bluetooth devices
    - MIPS: uaccess: Add micromips clobbers to bzero invocation
    - MIPS: memset.S: EVA & fault support for small_memset
    - MIPS: memset.S: Fix return of __clear_user from Lpartial_fixup
    - MIPS: memset.S: Fix clobber of v1 in last_fixup
    - powerpc/eeh: Fix enabling bridge MMIO windows
    - powerpc/lib: Fix off-by-one in alternate feature patching
    - udf: Fix leak of UTF-16 surrogates into encoded strings
    - fanotify: fix logic of events on child
    - mmc: sdhci-pci: Only do AMD tuning for HS200
    - drm/i915: Correctly handle limited range YCbCr data on VLV/CHV
    - jffs2_kill_sb(): deal with failed allocations
    - hypfs_kill_super(): deal with failed allocations
    - orangefs_kill_sb(): deal with allocation failures
    - rpc_pipefs: fix double-dput()
    - Don't leak MNT_INTERNAL away from internal mounts
    - autofs: mount point create should honour passed in mode
    - mm/filemap.c: fix NULL pointer in page_cache_tree_insert()
    - Revert "media: lirc_zilog: driver only sends LIRCCODE"
    - media: staging: lirc_zilog: incorrect reference counting
    - writeback: safer lock nesting
    - Bluetooth: hci_bcm: Add irq_polarity module option
    - mm: hwpoison: disable memory error handling on 1GB hugepage
    - media: rc: oops in ir_timer_keyup after device unplug
    - acpi, nfit: rework NVDIMM leaf method detection
    - ceph: always update atime/mtime/ctime for new inode
    - ext4: fix offset overflow on 32-bit archs in ext4_iomap_begin()
    - ext4: force revalidation of directory pointer after seekdir(2)
    - RDMA/core: Avoid that ib_drain_qp() triggers an out-of-bounds stack access
    - xprtrdma: Fix latency regression on NUMA NFS/RDMA clients
    - xprtrdma: Fix corner cases when handling device removal
    - IB/srpt: Fix an out-of-bounds stack access in srpt_zerolength_write()
    - drivers/infiniband/core/verbs.c: fix build with gcc-4.4.4
    - drivers/infiniband/ulp/srpt/ib_srpt.c: fix build with gcc-4.4.4
    - mmc: core: Prevent bus reference leak in mmc_blk_init()
    - drm/amd/display: HDMI has no sound after Panel power off/on
    - trace_uprobe: Use %lx to display offset
    - clk: tegra: Mark HCLK, SCLK and EMC as critical
    - pwm: mediatek: Fix up PWM4 and PWM5 malfunction on MT7623
    - pwm: mediatek: Improve precision in rate calculation
    - HID: i2c-hid: Fix resume issue on Raydium touchscreen device
    - s390: add support for IBM z14 Model ZR1
    - drm/i915: Fix hibernation with ACPI S0 target state
    - libnvdimm, dimm: handle EACCES failures from label reads
    - device-dax: allow MAP_SYNC to succeed
    - HID: i2c-hid: fix inverted return value from i2c_hid_command()

* CVE-2018-7755
    - SAUCE: floppy: Do not copy a kernel pointer to user memory in FDGETPRM ioctl

-- Kleber Sacilotto de Souza <kleber.souza@canonical.com>  Tue, 12 Jun 2018 18:09:35 +0200

Changed in linux (Ubuntu Bionic):
status:	Fix Committed → Fix Released

Revision history for this message

Launchpad Janitor (janitor) wrote on 2018-07-02:

#7

This bug was fixed in the package linux - 3.13.0-153.203

---------------
linux (3.13.0-153.203) trusty; urgency=medium

* linux: 3.13.0-153.203 -proposed tracker (LP: #1776819)

  * CVE-2018-3665 (x86)
    - x86/fpu: Print out whether we are doing lazy/eager FPU context switches
    - x86/fpu: Default eagerfpu=on on all CPUs
    - x86/fpu: Fix math emulation in eager fpu mode

linux (3.13.0-152.202) trusty; urgency=medium

* linux: 3.13.0-152.202 -proposed tracker (LP: #1776350)

* CVE-2017-15265
- ALSA: seq: Fix use-after-free at creating a port

* register on binfmt_misc may overflow and crash the system (LP: #1775856)
- fs/binfmt_misc.c: do not allow offset overflow

  * CVE-2018-1130
    - dccp: check sk for closed state in dccp_sendmsg()
    - ipv6: dccp: add missing bind_conflict to dccp_ipv6_mapped

  * add_key04 in LTP syscall test cause kernel oops (NULL pointer dereference)
    with T kernel (LP: #1775316) // CVE-2017-12193
    - assoc_array: Fix a buggy node-splitting case

* CVE-2017-12154
- kvm: nVMX: Don't allow L2 to access the hardware CR8

* CVE-2018-7757
- scsi: libsas: fix memory leak in sas_smp_get_phy_events()

* CVE-2018-6927
- futex: Prevent overflow by strengthen input validation

* FS-Cache: Assertion failed: FS-Cache: 6 == 5 is false (LP: #1774336)
- SAUCE: CacheFiles: fix a read_waiter/read_copier race

* CVE-2018-5803
- sctp: verify size of a new chunk in _sctp_make_chunk()

  * WARNING: CPU: 28 PID: 34085 at /build/linux-
    90Gc2C/linux-3.13.0/net/core/dev.c:1433 dev_disable_lro+0x87/0x90()
    (LP: #1771480)
    - net/core: generic support for disabling netdev features down stack
    - SAUCE: Backport helper function netdev_upper_get_next_dev_rcu

* CVE-2018-7755
- SAUCE: floppy: Do not copy a kernel pointer to user memory in FDGETPRM ioctl

* CVE-2018-5750
- ACPI: sbshc: remove raw pointer from printk() message

-- Stefan Bader <email address hidden> Thu, 14 Jun 2018 07:00:42 +0200

This bug was fixed in the package linux - 3.13.0-153.203

---------------
linux (3.13.0-153.203) trusty; urgency=medium

* linux: 3.13.0-153.203 -proposed tracker (LP: #1776819)

* CVE-2018-3665 (x86)
    - x86/fpu: Print out whether we are doing lazy/eager FPU context switches
    - x86/fpu: Default eagerfpu=on on all CPUs
    - x86/fpu: Fix math emulation in eager fpu mode

linux (3.13.0-152.202) trusty; urgency=medium

* linux: 3.13.0-152.202 -proposed tracker (LP: #1776350)

* CVE-2017-15265
    - ALSA: seq: Fix use-after-free at creating a port

* register on binfmt_misc may overflow and crash the system (LP: #1775856)
    - fs/binfmt_misc.c: do not allow offset overflow

* CVE-2018-1130
    - dccp: check sk for closed state in dccp_sendmsg()
    - ipv6: dccp: add missing bind_conflict to dccp_ipv6_mapped

* add_key04 in LTP syscall test cause kernel oops (NULL pointer dereference)
    with T kernel (LP: #1775316) // CVE-2017-12193
    - assoc_array: Fix a buggy node-splitting case

* CVE-2017-12154
    - kvm: nVMX: Don't allow L2 to access the hardware CR8

* CVE-2018-7757
    - scsi: libsas: fix memory leak in sas_smp_get_phy_events()

* CVE-2018-6927
    - futex: Prevent overflow by strengthen input validation

* FS-Cache: Assertion failed: FS-Cache: 6 == 5 is false (LP: #1774336)
    - SAUCE: CacheFiles: fix a read_waiter/read_copier race

* CVE-2018-5803
    - sctp: verify size of a new chunk in _sctp_make_chunk()

* WARNING: CPU: 28 PID: 34085 at /build/linux-
    90Gc2C/linux-3.13.0/net/core/dev.c:1433 dev_disable_lro+0x87/0x90()
    (LP: #1771480)
    - net/core: generic support for disabling netdev features down stack
    - SAUCE: Backport helper function netdev_upper_get_next_dev_rcu

* CVE-2018-7755
    - SAUCE: floppy: Do not copy a kernel pointer to user memory in FDGETPRM ioctl

* CVE-2018-5750
    - ACPI: sbshc: remove raw pointer from printk() message

-- Stefan Bader <stefan.bader@canonical.com>  Thu, 14 Jun 2018 07:00:42 +0200

Changed in linux (Ubuntu Trusty):
status:	Fix Committed → Fix Released

Revision history for this message

Launchpad Janitor (janitor) wrote on 2018-07-02:

#9

Download full text (29.8 KiB)

This bug was fixed in the package linux - 4.4.0-130.156

---------------
linux (4.4.0-130.156) xenial; urgency=medium

* linux: 4.4.0-130.156 -proposed tracker (LP: #1776822)

  * CVE-2018-3665 (x86)
    - x86/fpu: Fix early FPU command-line parsing
    - x86/fpu: Fix 'no387' regression
    - x86/fpu: Disable MPX when eagerfpu is off
    - x86/fpu: Default eagerfpu=on on all CPUs
    - x86/fpu: Fix FNSAVE usage in eagerfpu mode
    - x86/fpu: Fix math emulation in eager fpu mode
    - x86/fpu: Fix eager-FPU handling on legacy FPU machines

linux (4.4.0-129.155) xenial; urgency=medium

* linux: 4.4.0-129.155 -proposed tracker (LP: #1776352)

  * Xenial update to 4.4.134 stable release (LP: #1775771)
    - MIPS: ptrace: Expose FIR register through FP regset
    - MIPS: Fix ptrace(2) PTRACE_PEEKUSR and PTRACE_POKEUSR accesses to o32 FGRs
    - KVM: Fix spelling mistake: "cop_unsuable" -> "cop_unusable"
    - affs_lookup(): close a race with affs_remove_link()
    - aio: fix io_destroy(2) vs. lookup_ioctx() race
    - ALSA: timer: Fix pause event notification
    - mmc: sdhci-iproc: fix 32bit writes for TRANSFER_MODE register
    - libata: Blacklist some Sandisk SSDs for NCQ
    - libata: blacklist Micron 500IT SSD with MU01 firmware
    - xen-swiotlb: fix the check condition for xen_swiotlb_free_coherent
    - Revert "ipc/shm: Fix shmat mmap nil-page protection"
    - ipc/shm: fix shmat() nil address after round-down when remapping
    - kasan: fix memory hotplug during boot
    - kernel/sys.c: fix potential Spectre v1 issue
    - kernel/signal.c: avoid undefined behaviour in kill_something_info
    - xfs: remove racy hasattr check from attr ops
    - do d_instantiate/unlock_new_inode combinations safely
    - firewire-ohci: work around oversized DMA reads on JMicron controllers
    - NFSv4: always set NFS_LOCK_LOST when a lock is lost.
    - ALSA: hda - Use IS_REACHABLE() for dependency on input
    - ASoC: au1x: Fix timeout tests in au1xac97c_ac97_read()
    - kvm: x86: fix KVM_XEN_HVM_CONFIG ioctl
    - tracing/hrtimer: Fix tracing bugs by taking all clock bases and modes into
      account
    - PCI: Add function 1 DMA alias quirk for Marvell 9128
    - tools lib traceevent: Simplify pointer print logic and fix %pF
    - perf callchain: Fix attr.sample_max_stack setting
    - tools lib traceevent: Fix get_field_str() for dynamic strings
    - dm thin: fix documentation relative to low water mark threshold
    - nfs: Do not convert nfs_idmap_cache_timeout to jiffies
    - watchdog: sp5100_tco: Fix watchdog disable bit
    - kconfig: Don't leak main menus during parsing
    - kconfig: Fix automatic menu creation mem leak
    - kconfig: Fix expr_free() E_NOT leak
    - ipmi/powernv: Fix error return code in ipmi_powernv_probe()
    - Btrfs: set plug for fsync
    - btrfs: Fix out of bounds access in btrfs_search_slot
    - Btrfs: fix scrub to repair raid6 corruption
    - scsi: fas216: fix sense buffer initialization
    - HID: roccat: prevent an out of bounds read in kovaplus_profile_activated()
    - jffs2: Fix use-after-free bug in jffs2_iget()'s error handling path
    - powerpc/numa: Use ibm,max-associativity-domains to discover possib...

This bug was fixed in the package linux - 4.4.0-130.156

---------------
linux (4.4.0-130.156) xenial; urgency=medium

* linux: 4.4.0-130.156 -proposed tracker (LP: #1776822)

* CVE-2018-3665 (x86)
    - x86/fpu: Fix early FPU command-line parsing
    - x86/fpu: Fix 'no387' regression
    - x86/fpu: Disable MPX when eagerfpu is off
    - x86/fpu: Default eagerfpu=on on all CPUs
    - x86/fpu: Fix FNSAVE usage in eagerfpu mode
    - x86/fpu: Fix math emulation in eager fpu mode
    - x86/fpu: Fix eager-FPU handling on legacy FPU machines

linux (4.4.0-129.155) xenial; urgency=medium

* linux: 4.4.0-129.155 -proposed tracker (LP: #1776352)

* Xenial update to 4.4.134 stable release (LP: #1775771)
    - MIPS: ptrace: Expose FIR register through FP regset
    - MIPS: Fix ptrace(2) PTRACE_PEEKUSR and PTRACE_POKEUSR accesses to o32 FGRs
    - KVM: Fix spelling mistake: "cop_unsuable" -> "cop_unusable"
    - affs_lookup(): close a race with affs_remove_link()
    - aio: fix io_destroy(2) vs. lookup_ioctx() race
    - ALSA: timer: Fix pause event notification
    - mmc: sdhci-iproc: fix 32bit writes for TRANSFER_MODE register
    - libata: Blacklist some Sandisk SSDs for NCQ
    - libata: blacklist Micron 500IT SSD with MU01 firmware
    - xen-swiotlb: fix the check condition for xen_swiotlb_free_coherent
    - Revert "ipc/shm: Fix shmat mmap nil-page protection"
    - ipc/shm: fix shmat() nil address after round-down when remapping
    - kasan: fix memory hotplug during boot
    - kernel/sys.c: fix potential Spectre v1 issue
    - kernel/signal.c: avoid undefined behaviour in kill_something_info
    - xfs: remove racy hasattr check from attr ops
    - do d_instantiate/unlock_new_inode combinations safely
    - firewire-ohci: work around oversized DMA reads on JMicron controllers
    - NFSv4: always set NFS_LOCK_LOST when a lock is lost.
    - ALSA: hda - Use IS_REACHABLE() for dependency on input
    - ASoC: au1x: Fix timeout tests in au1xac97c_ac97_read()
    - kvm: x86: fix KVM_XEN_HVM_CONFIG ioctl
    - tracing/hrtimer: Fix tracing bugs by taking all clock bases and modes into
      account
    - PCI: Add function 1 DMA alias quirk for Marvell 9128
    - tools lib traceevent: Simplify pointer print logic and fix %pF
    - perf callchain: Fix attr.sample_max_stack setting
    - tools lib traceevent: Fix get_field_str() for dynamic strings
    - dm thin: fix documentation relative to low water mark threshold
    - nfs: Do not convert nfs_idmap_cache_timeout to jiffies
    - watchdog: sp5100_tco: Fix watchdog disable bit
    - kconfig: Don't leak main menus during parsing
    - kconfig: Fix automatic menu creation mem leak
    - kconfig: Fix expr_free() E_NOT leak
    - ipmi/powernv: Fix error return code in ipmi_powernv_probe()
    - Btrfs: set plug for fsync
    - btrfs: Fix out of bounds access in btrfs_search_slot
    - Btrfs: fix scrub to repair raid6 corruption
    - scsi: fas216: fix sense buffer initialization
    - HID: roccat: prevent an out of bounds read in kovaplus_profile_activated()
    - jffs2: Fix use-after-free bug in jffs2_iget()'s error handling path
    - powerpc/numa: Use ibm,max-associativity-domains to discover possible nodes
    - powerpc/numa: Ensure nodes initialized for hotplug
    - RDMA/mlx5: Avoid memory leak in case of XRCD dealloc failure
    - ntb_transport: Fix bug with max_mw_size parameter
    - ocfs2: return -EROFS to mount.ocfs2 if inode block is invalid
    - ocfs2/acl: use 'ip_xattr_sem' to protect getting extended attribute
    - ocfs2: return error when we attempt to access a dirty bh in jbd2
    - mm/mempolicy: fix the check of nodemask from user
    - mm/mempolicy: add nodes_empty check in SYSC_migrate_pages
    - asm-generic: provide generic_pmdp_establish()
    - mm: pin address_space before dereferencing it while isolating an LRU page
    - IB/ipoib: Fix for potential no-carrier state
    - x86/power: Fix swsusp_arch_resume prototype
    - firmware: dmi_scan: Fix handling of empty DMI strings
    - ACPI: processor_perflib: Do not send _PPC change notification if not ready
    - MIPS: TXx9: use IS_BUILTIN() for CONFIG_LEDS_CLASS
    - xen-netfront: Fix race between device setup and open
    - xen/grant-table: Use put_page instead of free_page
    - RDS: IB: Fix null pointer issue
    - arm64: spinlock: Fix theoretical trylock() A-B-A with LSE atomics
    - proc: fix /proc/*/map_files lookup
    - cifs: silence compiler warnings showing up with gcc-8.0.0
    - bcache: properly set task state in bch_writeback_thread()
    - bcache: fix for allocator and register thread race
    - bcache: fix for data collapse after re-attaching an attached device
    - bcache: return attach error when no cache set exist
    - tools/libbpf: handle issues with bpf ELF objects containing .eh_frames
    - locking/qspinlock: Ensure node->count is updated before initialising node
    - irqchip/gic-v3: Change pr_debug message to pr_devel
    - scsi: ufs: Enable quirk to ignore sending WRITE_SAME command
    - scsi: bnx2fc: Fix check in SCSI completion handler for timed out request
    - scsi: sym53c8xx_2: iterator underflow in sym_getsync()
    - scsi: mptfusion: Add bounds check in mptctl_hp_targetinfo()
    - scsi: qla2xxx: Avoid triggering undefined behavior in
      qla2x00_mbx_completion()
    - ARC: Fix malformed ARC_EMUL_UNALIGNED default
    - usb: gadget: f_uac2: fix bFirstInterface in composite gadget
    - usb: gadget: fsl_udc_core: fix ep valid checks
    - usb: dwc2: Fix dwc2_hsotg_core_init_disconnected()
    - selftests: memfd: add config fragment for fuse
    - scsi: storvsc: Increase cmd_per_lun for higher speed devices
    - scsi: aacraid: fix shutdown crash when init fails
    - scsi: qla4xxx: skip error recovery in case of register disconnect.
    - ARM: OMAP2+: timer: fix a kmemleak caused in omap_get_timer_dt
    - ARM: OMAP3: Fix prm wake interrupt for resume
    - ARM: OMAP1: clock: Fix debugfs_create_*() usage
    - NFC: llcp: Limit size of SDP URI
    - mac80211: round IEEE80211_TX_STATUS_HEADROOM up to multiple of 4
    - md raid10: fix NULL deference in handle_write_completed()
    - drm/exynos: fix comparison to bitshift when dealing with a mask
    - usb: musb: fix enumeration after resume
    - locking/xchg/alpha: Add unconditional memory barrier to cmpxchg()
    - md: raid5: avoid string overflow warning
    - kernel/relay.c: limit kmalloc size to KMALLOC_MAX_SIZE
    - powerpc/bpf/jit: Fix 32-bit JIT for seccomp_data access
    - s390/cio: fix return code after missing interrupt
    - s390/cio: clear timer when terminating driver I/O
    - ARM: OMAP: Fix dmtimer init for omap1
    - smsc75xx: fix smsc75xx_set_features()
    - regulatory: add NUL to request alpha2
    - locking/xchg/alpha: Fix xchg() and cmpxchg() memory ordering bugs
    - x86/topology: Update the 'cpu cores' field in /proc/cpuinfo correctly across
      CPU hotplug operations
    - media: dmxdev: fix error code for invalid ioctls
    - md/raid1: fix NULL pointer dereference
    - batman-adv: fix packet checksum in receive path
    - batman-adv: invalidate checksum on fragment reassembly
    - netfilter: ebtables: convert BUG_ONs to WARN_ONs
    - nvme-pci: Fix nvme queue cleanup if IRQ setup fails
    - clocksource/drivers/fsl_ftm_timer: Fix error return checking
    - r8152: fix tx packets accounting
    - virtio-gpu: fix ioctl and expose the fixed status to userspace.
    - dmaengine: rcar-dmac: fix max_chunk_size for R-Car Gen3
    - bcache: fix kcrashes with fio in RAID5 backend dev
    - sit: fix IFLA_MTU ignored on NEWLINK
    - gianfar: Fix Rx byte accounting for ndev stats
    - net/tcp/illinois: replace broken algorithm reference link
    - xen/pirq: fix error path cleanup when binding MSIs
    - Btrfs: send, fix issuing write op when processing hole in no data mode
    - selftests/powerpc: Skip the subpage_prot tests if the syscall is unavailable
    - KVM: PPC: Book3S HV: Fix VRMA initialization with 2MB or 1GB memory backing
    - watchdog: f71808e_wdt: Fix magic close handling
    - e1000e: Fix check_for_link return value with autoneg off
    - e1000e: allocate ring descriptors with dma_zalloc_coherent
    - usb: musb: call pm_runtime_{get,put}_sync before reading vbus registers
    - scsi: mpt3sas: Do not mark fw_event workqueue as WQ_MEM_RECLAIM
    - scsi: sd: Keep disk read-only when re-reading partition
    - fbdev: Fixing arbitrary kernel leak in case FBIOGETCMAP_SPARC in
      sbusfb_ioctl_helper().
    - xen: xenbus: use put_device() instead of kfree()
    - USB: OHCI: Fix NULL dereference in HCDs using HCD_LOCAL_MEM
    - netfilter: ebtables: fix erroneous reject of last rule
    - bnxt_en: Check valid VNIC ID in bnxt_hwrm_vnic_set_tpa().
    - workqueue: use put_device() instead of kfree()
    - ipv4: lock mtu in fnhe when received PMTU < net.ipv4.route.min_pmtu
    - sunvnet: does not support GSO for sctp
    - net: Fix vlan untag for bridge and vlan_dev with reorder_hdr off
    - batman-adv: fix header size check in batadv_dbg_arp()
    - vti4: Don't count header length twice on tunnel setup
    - vti4: Don't override MTU passed on link creation via IFLA_MTU
    - perf/cgroup: Fix child event counting bug
    - RDMA/ucma: Correct option size check using optlen
    - mm/mempolicy.c: avoid use uninitialized preferred_node
    - selftests: ftrace: Add probe event argument syntax testcase
    - selftests: ftrace: Add a testcase for string type with kprobe_event
    - selftests: ftrace: Add a testcase for probepoint
    - batman-adv: fix multicast-via-unicast transmission with AP isolation
    - batman-adv: fix packet loss for broadcasted DHCP packets to a server
    - ARM: 8748/1: mm: Define vdso_start, vdso_end as array
    - net: qmi_wwan: add BroadMobi BM806U 2020:2033
    - net/usb/qmi_wwan.c: Add USB id for lt4120 modem
    - net-usb: add qmi_wwan if on lte modem wistron neweb d18q1
    - llc: properly handle dev_queue_xmit() return value
    - mm/kmemleak.c: wait for scan completion before disabling free
    - net: Fix untag for vlan packets without ethernet header
    - net: mvneta: fix enable of all initialized RXQs
    - sh: fix debug trap failure to process signals before return to user
    - x86/pgtable: Don't set huge PUD/PMD on non-leaf entries
    - fs/proc/proc_sysctl.c: fix potential page fault while unregistering sysctl
      table
    - swap: divide-by-zero when zero length swap file on ssd
    - sr: get/drop reference to device in revalidate and check_events
    - Force log to disk before reading the AGF during a fstrim
    - cpufreq: CPPC: Initialize shared perf capabilities of CPUs
    - scsi: aacraid: Insure command thread is not recursively stopped
    - dp83640: Ensure against premature access to PHY registers after reset
    - mm/ksm: fix interaction with THP
    - mm: fix races between address_space dereference and free in page_evicatable
    - Btrfs: bail out on error during replay_dir_deletes
    - Btrfs: fix NULL pointer dereference in log_dir_items
    - btrfs: Fix possible softlock on single core machines
    - ocfs2/dlm: don't handle migrate lockres if already in shutdown
    - sched/rt: Fix rq->clock_update_flags < RQCF_ACT_SKIP warning
    - KVM: VMX: raise internal error for exception during invalid protected mode
      state
    - fscache: Fix hanging wait on page discarded by writeback
    - sparc64: Make atomic_xchg() an inline function rather than a macro.
    - rtc: snvs: Fix usage of snvs_rtc_enable
    - net: bgmac: Fix endian access in bgmac_dma_tx_ring_free()
    - Bluetooth: btusb: Add USB ID 7392:a611 for Edimax EW-7611ULB
    - btrfs: tests/qgroup: Fix wrong tree backref level
    - Btrfs: fix copy_items() return value when logging an inode
    - btrfs: fix lockdep splat in btrfs_alloc_subvolume_writers
    - xen/acpi: off by one in read_acpi_id()
    - ACPI: acpi_pad: Fix memory leak in power saving threads
    - powerpc/mpic: Check if cpu_possible() in mpic_physmask()
    - m68k: set dma and coherent masks for platform FEC ethernets
    - parisc/pci: Switch LBA PCI bus from Hard Fail to Soft Fail mode
    - hwmon: (nct6775) Fix writing pwmX_mode
    - rtc: hctosys: Ensure system time doesn't overflow time_t
    - powerpc/perf: Prevent kernel address leak to userspace via BHRB buffer
    - powerpc/perf: Fix kernel address leak via sampling registers
    - tools/thermal: tmon: fix for segfault
    - selftests: Print the test we're running to /dev/kmsg
    - net/mlx5: Protect from command bit overflow
    - ath10k: Fix kernel panic while using worker (ath10k_sta_rc_update_wk)
    - ima: Fix Kconfig to select TPM 2.0 CRB interface
    - [Config] CONFIG_TCG_CRB=y
    - ima: Fallback to the builtin hash algorithm
    - arm: dts: socfpga: fix GIC PPI warning
    - usb: dwc3: Update DWC_usb31 GTXFIFOSIZ reg fields
    - cpufreq: cppc_cpufreq: Fix cppc_cpufreq_init() failure path
    - clk: Don't show the incorrect clock phase
    - zorro: Set up z->dev.dma_mask for the DMA API
    - bcache: quit dc->writeback_thread when BCACHE_DEV_DETACHING is set
    - ACPICA: Events: add a return on failure from acpi_hw_register_read
    - ACPICA: acpi: acpica: fix acpi operand cache leak in nseval.c
    - i2c: mv64xxx: Apply errata delay only in standard mode
    - KVM: lapic: stop advertising DIRECTED_EOI when in-kernel IOAPIC is in use
    - xhci: zero usb device slot_id member when disabling and freeing a xhci slot
    - MIPS: ath79: Fix AR724X_PLL_REG_PCIE_CONFIG offset
    - PCI: Restore config space on runtime resume despite being unbound
    - ipmi_ssif: Fix kernel panic at msg_done_handler
    - usb: dwc2: Fix interval type issue
    - usb: gadget: ffs: Let setup() return USB_GADGET_DELAYED_STATUS
    - usb: gadget: ffs: Execute copy_to_user() with USER_DS set
    - powerpc: Add missing prototype for arch_irq_work_raise()
    - ASoC: topology: create TLV data for dapm widgets
    - perf/core: Fix perf_output_read_group()
    - hwmon: (pmbus/max8688) Accept negative page register values
    - hwmon: (pmbus/adm1275) Accept negative page register values
    - cdrom: do not call check_disk_change() inside cdrom_open()
    - gfs2: Fix fallocate chunk size
    - usb: gadget: udc: change comparison to bitshift when dealing with a mask
    - usb: gadget: composite: fix incorrect handling of OS desc requests
    - x86/devicetree: Initialize device tree before using it
    - x86/devicetree: Fix device IRQ settings in DT
    - ALSA: vmaster: Propagate slave error
    - media: cx23885: Override 888 ImpactVCBe crystal frequency
    - media: cx23885: Set subdev host data to clk_freq pointer
    - media: s3c-camif: fix out-of-bounds array access
    - dmaengine: pl330: fix a race condition in case of threaded irqs
    - media: em28xx: USB bulk packet size fix
    - clk: rockchip: Prevent calculating mmc phase if clock rate is zero
    - enic: enable rq before updating rq descriptors
    - hwrng: stm32 - add reset during probe
    - staging: rtl8192u: return -ENOMEM on failed allocation of priv->oldaddr
    - rtc: tx4939: avoid unintended sign extension on a 24 bit shift
    - serial: xuartps: Fix out-of-bounds access through DT alias
    - serial: samsung: Fix out-of-bounds access through serial port index
    - serial: mxs-auart: Fix out-of-bounds access through serial port index
    - serial: imx: Fix out-of-bounds access through serial port index
    - serial: fsl_lpuart: Fix out-of-bounds access through DT alias
    - serial: arc_uart: Fix out-of-bounds access through DT alias
    - PCI: Add function 1 DMA alias quirk for Marvell 88SE9220
    - udf: Provide saner default for invalid uid / gid
    - media: cx25821: prevent out-of-bounds read on array card
    - clk: samsung: s3c2410: Fix PLL rates
    - clk: samsung: exynos5260: Fix PLL rates
    - clk: samsung: exynos5433: Fix PLL rates
    - clk: samsung: exynos5250: Fix PLL rates
    - clk: samsung: exynos3250: Fix PLL rates
    - crypto: sunxi-ss - Add MODULE_ALIAS to sun4i-ss
    - audit: return on memory error to avoid null pointer dereference
    - MIPS: Octeon: Fix logging messages with spurious periods after newlines
    - drm/rockchip: Respect page offset for PRIME mmap calls
    - x86/apic: Set up through-local-APIC mode on the boot CPU if 'noapic'
      specified
    - perf tests: Use arch__compare_symbol_names to compare symbols
    - perf report: Fix memory corruption in --branch-history mode --branch-history
    - selftests/net: fixes psock_fanout eBPF test case
    - netlabel: If PF_INET6, check sk_buff ip header version
    - scsi: lpfc: Fix issue_lip if link is disabled
    - scsi: lpfc: Fix soft lockup in lpfc worker thread during LIP testing
    - scsi: lpfc: Fix frequency of Release WQE CQEs
    - regulator: of: Add a missing 'of_node_put()' in an error handling path of
      'of_regulator_match()'
    - ASoC: samsung: i2s: Ensure the RCLK rate is properly determined
    - Bluetooth: btusb: Add device ID for RTL8822BE
    - kdb: make "mdr" command repeat
    - s390/ftrace: use expoline for indirect branches
    - Linux 4.4.134

* Support SocketCAN over USB on Dell IoT 300x Gateways (LP: #1774563)
    - [Config] CONFIG_CAN_HMS_USB=m
    - SAUCE: (no-up) Support IXXAT USB SocketCAN device
    - i386/amd64 -- Add new module ixx_usb

* Ubuntu 16.04 (4.4.0-127) hangs on boot with virtio-scsi MQ enabled
    (LP: #1775235)
    - SAUCE: (no-up) virtio-scsi: Increment reqs counter.

* register on binfmt_misc may overflow and crash the system (LP: #1775856)
    - fs/binfmt_misc.c: do not allow offset overflow

* The kernel NULL pointer dereference happens when accessing the task_struct
    by task_cpu() in function cpuacct_charge() (LP: #1775326)
    - sched/cpuacct: Simplify the cpuacct code

* Xenial update to 4.4.133 stable release (LP: #1775477)
    - 8139too: Use disable_irq_nosync() in rtl8139_poll_controller()
    - bridge: check iface upper dev when setting master via ioctl
    - dccp: fix tasklet usage
    - ipv4: fix memory leaks in udp_sendmsg, ping_v4_sendmsg
    - llc: better deal with too small mtu
    - net: ethernet: sun: niu set correct packet size in skb
    - net/mlx4_en: Verify coalescing parameters are in range
    - net_sched: fq: take care of throttled flows before reuse
    - net: support compat 64-bit time in {s,g}etsockopt
    - openvswitch: Don't swap table in nlattr_set() after OVS_ATTR_NESTED is found
    - qmi_wwan: do not steal interfaces from class drivers
    - r8169: fix powering up RTL8168h
    - sctp: handle two v4 addrs comparison in sctp_inet6_cmp_addr
    - sctp: use the old asoc when making the cookie-ack chunk in dupcook_d
    - tg3: Fix vunmap() BUG_ON() triggered from tg3_free_consistent().
    - bonding: do not allow rlb updates to invalid mac
    - tcp: ignore Fast Open on repair mode
    - sctp: fix the issue that the cookie-ack with auth can't get processed
    - sctp: delay the authentication for the duplicated cookie-echo chunk
    - ALSA: timer: Call notifier in the same spinlock
    - audit: move calcs after alloc and check when logging set loginuid
    - arm64: introduce mov_q macro to move a constant into a 64-bit register
    - [Config] Add CONFIG_ARM64_ERRATUM_1024718=y
    - arm64: Add work around for Arm Cortex-A55 Erratum 1024718
    - futex: Remove unnecessary warning from get_futex_key
    - futex: Remove duplicated code and fix undefined behaviour
    - xfrm: fix xfrm_do_migrate() with AEAD e.g(AES-GCM)
    - lockd: lost rollback of set_grace_period() in lockd_down_net()
    - Revert "ARM: dts: imx6qdl-wandboard: Fix audio channel swap"
    - l2tp: revert "l2tp: fix missing print session offset info"
    - pipe: cap initial pipe capacity according to pipe-max-size limit
    - futex: futex_wake_op, fix sign_extend32 sign bits
    - kernel/exit.c: avoid undefined behaviour when calling wait4()
    - usbip: usbip_host: refine probe and disconnect debug msgs to be useful
    - usbip: usbip_host: delete device from busid_table after rebind
    - usbip: usbip_host: run rebind from exit when module is removed
    - usbip: usbip_host: fix NULL-ptr deref and use-after-free errors
    - usbip: usbip_host: fix bad unlock balance during stub_probe()
    - ALSA: usb: mixer: volume quirk for CM102-A+/102S+
    - ALSA: hda: Add Lenovo C50 All in one to the power_save blacklist
    - ALSA: control: fix a redundant-copy issue
    - spi: pxa2xx: Allow 64-bit DMA
    - powerpc/powernv: panic() on OPAL < V3
    - powerpc/powernv: Remove OPALv2 firmware define and references
    - powerpc/powernv: remove FW_FEATURE_OPALv3 and just use FW_FEATURE_OPAL
    - cpuidle: coupled: remove unused define cpuidle_coupled_lock
    - powerpc: Don't preempt_disable() in show_cpuinfo()
    - vmscan: do not force-scan file lru if its absolute size is small
    - mm: filemap: remove redundant code in do_read_cache_page
    - mm: filemap: avoid unnecessary calls to lock_page when waiting for IO to
      complete during a read
    - signals: avoid unnecessary taking of sighand->siglock
    - tracing/x86/xen: Remove zero data size trace events
      trace_xen_mmu_flush_tlb{_all}
    - proc read mm's {arg,env}_{start,end} with mmap semaphore taken.
    - powerpc/powernv: Fix NVRAM sleep in invalid context when crashing
    - mm: don't allow deferred pages with NEED_PER_CPU_KM
    - s390/qdio: fix access to uninitialized qdio_q fields
    - s390/qdio: don't release memory in qdio_setup_irq()
    - s390: remove indirect branch from do_softirq_own_stack
    - efi: Avoid potential crashes, fix the 'struct efi_pci_io_protocol_32'
      definition for mixed mode
    - ARM: 8771/1: kprobes: Prohibit kprobes on do_undefinstr
    - tick/broadcast: Use for_each_cpu() specially on UP kernels
    - ARM: 8769/1: kprobes: Fix to use get_kprobe_ctlblk after irq-disabed
    - ARM: 8770/1: kprobes: Prohibit probing on optimized_callback
    - ARM: 8772/1: kprobes: Prohibit kprobes on get_user functions
    - Btrfs: fix xattr loss after power failure
    - btrfs: fix crash when trying to resume balance without the resume flag
    - btrfs: fix reading stale metadata blocks after degraded raid1 mounts
    - net: test tailroom before appending to linear skb
    - packet: in packet_snd start writing at link layer allocation
    - sock_diag: fix use-after-free read in __sk_free
    - tcp: purge write queue in tcp_connect_init()
    - ext2: fix a block leak
    - s390: add assembler macros for CPU alternatives
    - s390: move expoline assembler macros to a header
    - s390/lib: use expoline for indirect branches
    - s390/kernel: use expoline for indirect branches
    - s390: move spectre sysfs attribute code
    - s390: extend expoline to BC instructions
    - s390: use expoline thunks in the BPF JIT
    - scsi: libsas: defer ata device eh commands to libata
    - scsi: sg: allocate with __GFP_ZERO in sg_build_indirect()
    - scsi: zfcp: fix infinite iteration on ERP ready list
    - dmaengine: ensure dmaengine helpers check valid callback
    - time: Fix CLOCK_MONOTONIC_RAW sub-nanosecond accounting
    - gpio: rcar: Add Runtime PM handling for interrupts
    - cfg80211: limit wiphy names to 128 bytes
    - hfsplus: stop workqueue when fill_super() failed
    - x86/kexec: Avoid double free_page() upon do_kexec_load() failure
    - Linux 4.4.133

* vmxnet3: update to latest ToT (LP: #1768143)
    - vmxnet3: avoid xmit reset due to a race in vmxnet3
    - vmxnet3: use correct flag to indicate LRO feature
    - vmxnet3: fix incorrect dereference when rxvlan is disabled

* Prevent speculation on user controlled pointer (LP: #1775137)
    - x86: reorganize SMAP handling in user space accesses
    - x86: fix SMAP in 32-bit environments
    - x86: Introduce __uaccess_begin_nospec() and uaccess_try_nospec
    - x86/usercopy: Replace open coded stac/clac with __uaccess_{begin, end}
    - x86/uaccess: Use __uaccess_begin_nospec() and uaccess_try_nospec

* Xenial update to 4.4.132 stable release (LP: #1774173)
    - perf/core: Fix the perf_cpu_time_max_percent check
    - bpf: map_get_next_key to return first key on NULL
    - percpu: include linux/sched.h for cond_resched()
    - mac80211: allow not sending MIC up from driver for HW crypto
    - mac80211: allow same PN for AMSDU sub-frames
    - mac80211: Add RX flag to indicate ICV stripped
    - ath10k: fix rfc1042 header retrieval in QCA4019 with eth decap mode
    - ath10k: rebuild crypto header in rx data frames
    - gpmi-nand: Handle ECC Errors in erased pages
    - USB: serial: option: Add support for Quectel EP06
    - ALSA: pcm: Check PCM state at xfern compat ioctl
    - ALSA: seq: Fix races at MIDI encoding in snd_virmidi_output_trigger()
    - ALSA: aloop: Mark paused device as inactive
    - ALSA: aloop: Add missing cable lock to ctl API callbacks
    - tracepoint: Do not warn on ENOMEM
    - Input: leds - fix out of bound access
    - Input: atmel_mxt_ts - add touchpad button mapping for Samsung Chromebook Pro
    - xfs: prevent creating negative-sized file via INSERT_RANGE
    - RDMA/ucma: Allow resolving address w/o specifying source address
    - RDMA/mlx5: Protect from shift operand overflow
    - NET: usb: qmi_wwan: add support for ublox R410M PID 0x90b2
    - IB/mlx5: Use unlimited rate when static rate is not supported
    - drm/vmwgfx: Fix a buffer object leak
    - test_firmware: fix setting old custom fw path back on exit, second try
    - USB: serial: visor: handle potential invalid device configuration
    - USB: Accept bulk endpoints with 1024-byte maxpacket
    - USB: serial: option: reimplement interface masking
    - USB: serial: option: adding support for ublox R410M
    - usb: musb: host: fix potential NULL pointer dereference
    - ipvs: fix rtnl_lock lockups caused by start_sync_thread
    - crypto: af_alg - fix possible uninit-value in alg_bind()
    - netlink: fix uninit-value in netlink_sendmsg
    - net: fix rtnh_ok()
    - net: initialize skb->peeked when cloning
    - net: fix uninit-value in __hw_addr_add_ex()
    - dccp: initialize ireq->ir_mark
    - soreuseport: initialise timewait reuseport field
    - perf: Remove superfluous allocation error check
    - tcp: fix TCP_REPAIR_QUEUE bound checking
    - bdi: Fix oops in wb_workfn()
    - f2fs: fix a dead loop in f2fs_fiemap()
    - xfrm_user: fix return value from xfrm_user_rcv_msg
    - rfkill: gpio: fix memory leak in probe error path
    - libata: Apply NOLPM quirk for SanDisk SD7UB3Q*G1001 SSDs
    - tracing: Fix regex_match_front() to not over compare the test string
    - can: kvaser_usb: Increase correct stats counter in kvaser_usb_rx_can_msg()
    - net: atm: Fix potential Spectre v1
    - atm: zatm: Fix potential Spectre v1
    - Revert "Bluetooth: btusb: Fix quirk for Atheros 1525/QCA6174"
    - tracing/uprobe_event: Fix strncpy corner case
    - perf/x86: Fix possible Spectre-v1 indexing for hw_perf_event cache_*
    - perf/x86/cstate: Fix possible Spectre-v1 indexing for pkg_msr
    - perf/x86/msr: Fix possible Spectre-v1 indexing in the MSR driver
    - perf/core: Fix possible Spectre-v1 indexing for ->aux_pages[]
    - perf/x86: Fix possible Spectre-v1 indexing for x86_pmu::event_map()
    - Linux 4.4.132

* Update to upstream's implementation of Spectre v1 mitigation (LP: #1774181)
    - Documentation: Document array_index_nospec
    - array_index_nospec: Sanitize speculative array de-references
    - x86: Implement array_index_mask_nospec
    - x86: Introduce barrier_nospec
    - x86/get_user: Use pointer masking to limit speculation
    - x86/syscall: Sanitize syscall table de-references under speculation
    - vfs, fdtable: Prevent bounds-check bypass via speculative execution
    - nl80211: Sanitize array index in parse_txq_params
    - x86/spectre: Report get_user mitigation for spectre_v1
    - x86/kvm: Update spectre-v1 mitigation
    - nospec: Allow index argument to have const-qualified type
    - x86/syscall: Sanitize syscall table de-references under speculation fix
    - mpls, nospec: Sanitize array index in mpls_label_ok()
    - nospec: Include <asm/barrier.h> dependency
    - nospec: Move array_index_nospec() parameter checking into separate macro
    - nospec: Kill array_index_nospec_mask_check()
    - ALSA: seq: oss: Hardening for potential Spectre v1
    - ALSA: hda: Hardening for potential Spectre v1
    - SAUCE: Replace osb() calls with array_index_nospec()
    - SAUCE: Rename osb() to barrier_nospec()
    - SAUCE: bpf: Use barrier_nospec() instead of osb()

* CVE-2018-3639 (x86)
    - KVM: x86: remove magic number with enum cpuid_leafs
    - SAUCE: x86/cpufeatures: Move CPUID_7_EDX CPUID bits to word 18
    - SAUCE: x86: Remove double include
    - SAUCE: x86/pti: Evaluate X86_BUG_CPU_MELTDOWN when pti=auto
    - SAUCE: x86/speculation: Query individual feature flags when reloading
      microcode

* cpum_sf: ensure sample freq is non-zero (LP: #1772593)
    - s390/cpum_sf: ensure sample frequency of perf event attributes is non-zero

* ELANPAD ELAN0612 does not work, patch available (LP: #1773509)
    - SAUCE: Input: elan_i2c - add ELAN0612 to the ACPI table

* FS-Cache: Assertion failed: FS-Cache: 6 == 5 is false (LP: #1774336)
    - SAUCE: CacheFiles: fix a read_waiter/read_copier race

* Kernel 4.4 NBD size overflow with image size exceeding 1TB (LP: #1772575)
    - nbd: use loff_t for blocksize and nbd_set_size args
    - nbd: fix 64-bit division

* 4.4.0-127.153 generates many "sit: non-ECT" messages (LP: #1772775)
    - Revert "sit: reload iphdr in ipip6_rcv"

* Creation of IMA file hashes fails when appraisal is enabled (LP: #1771826)
    - Revert "ima: limit file hash setting by user to fix and log modes"

* Setting ipv6.disable=1 prevents both IPv4 and IPv6 socket opening for VXLAN
    tunnels (LP: #1771301)
    - vxlan: correctly handle ipv6.disable module parameter

* CVE-2018-7755
    - SAUCE: floppy: Do not copy a kernel pointer to user memory in FDGETPRM ioctl

* Support UVC1.5 Camera for Xenial (LP: #1773905)
    - uvcvideo: Enable UVC 1.5 device detection

* Kernel produces empty lines in /proc/PID/status (LP: #1772671)
    - SAUCE: seccomp: Remove double newline sequence in /proc/PID/status

* rfi-flush: Switch to new linear fallback flush (LP: #1744173)
    - powerpc/64s: Improve RFI L1-D cache flush fallback
    - SAUCE: rfi-flush: Make it possible to call setup_rfi_flush() again

-- Stefan Bader <stefan.bader@canonical.com>  Thu, 14 Jun 2018 06:53:41 +0200

Changed in linux (Ubuntu Xenial):
status:	Fix Committed → Fix Released

Revision history for this message

Launchpad Janitor (janitor) wrote on 2018-07-26:

#10

Download full text (4.1 KiB)

This bug was fixed in the package linux - 4.15.0-29.31

---------------
linux (4.15.0-29.31) bionic; urgency=medium

* linux: 4.15.0-29.31 -proposed tracker (LP: #1782173)

  * [SRU Bionic][Cosmic] kernel panic in ipmi_ssif at msg_done_handler
    (LP: #1777716)
    - ipmi_ssif: Fix kernel panic at msg_done_handler

  * Update to ocxl driver for 18.04.1 (LP: #1775786)
    - misc: ocxl: use put_device() instead of device_unregister()
    - powerpc: Add TIDR CPU feature for POWER9
    - powerpc: Use TIDR CPU feature to control TIDR allocation
    - powerpc: use task_pid_nr() for TID allocation
    - ocxl: Rename pnv_ocxl_spa_remove_pe to clarify it's action
    - ocxl: Expose the thread_id needed for wait on POWER9
    - ocxl: Add an IOCTL so userspace knows what OCXL features are available
    - ocxl: Document new OCXL IOCTLs
    - ocxl: Fix missing unlock on error in afu_ioctl_enable_p9_wait()

  * Critical upstream bugfix missing in Ubuntu 18.04 - frequent Xorg crash after
    suspend (LP: #1776887)
    - ocxl: Document the OCXL_IOCTL_GET_METADATA IOCTL

  * Hard LOCKUP observed on stressing Ubuntu 18 04 (LP: #1777194)
    - powerpc: use NMI IPI for smp_send_stop
    - powerpc: Fix smp_send_stop NMI IPI handling

  * IPL: ppc64_cpu --frequency hang with INFO: rcu_sched detected stalls on
    CPUs/tasks on w34 and wsbmc016 with 920.1714.20170330n (LP: #1773964)
    - rtc: opal: Fix OPAL RTC driver OPAL_BUSY loops

  * [Regression] EXT4-fs error (device sda2): ext4_validate_block_bitmap:383:
    comm stress-ng: bg 4705: bad block bitmap checksum (LP: #1781709)
    - SAUCE: Revert "UBUNTU: SAUCE: ext4: fix ext4_validate_inode_bitmap: comm
      stress-ng: Corrupt inode bitmap"
    - SAUCE: ext4: check for allocation block validity with block group locked

linux (4.15.0-28.30) bionic; urgency=medium

* linux: 4.15.0-28.30 -proposed tracker (LP: #1781433)

  * Cannot set MTU higher than 1500 in Xen instance (LP: #1781413)
    - xen-netfront: Fix mismatched rtnl_unlock
    - xen-netfront: Update features after registering netdev

linux (4.15.0-27.29) bionic; urgency=medium

* linux: 4.15.0-27.29 -proposed tracker (LP: #1781062)

  * [Regression] EXT4-fs error (device sda1): ext4_validate_inode_bitmap:99:
    comm stress-ng: Corrupt inode bitmap (LP: #1780137)
    - SAUCE: ext4: fix ext4_validate_inode_bitmap: comm stress-ng: Corrupt inode
      bitmap

linux (4.15.0-26.28) bionic; urgency=medium

* linux: 4.15.0-26.28 -proposed tracker (LP: #1780112)

  * failure to boot with linux-image-4.15.0-24-generic (LP: #1779827) // Cloud-
    init causes potentially huge boot delays with 4.15 kernels (LP: #1780062)
    - random: Make getrandom() ready earlier

linux (4.15.0-25.27) bionic; urgency=medium

* linux: 4.15.0-25.27 -proposed tracker (LP: #1779354)

* hisi_sas_v3_hw: internal task abort: timeout and not done. (LP: #1777736)
- scsi: hisi_sas: Update a couple of register settings for v3 hw

* hisi_sas: Add missing PHY spinlock init (LP: #1777734)
- scsi: hisi_sas: Add missing PHY spinlock init

  * hisi_sas: improve read performance by pre-allocating slot DMA buffers
    (LP: #1777727)
    - scsi: hisi_sas: use dma_zalloc_cohe...

	Status	Importance	Assigned to
linux (Ubuntu)	Fix Released	Undecided	Daniel Axtens
Trusty	Fix Released	Undecided	Unassigned
Xenial	Fix Released	Undecided	Unassigned
Artful	Fix Released	Undecided	Unassigned
Bionic	Fix Released	Undecided	Unassigned

Ubuntu
linux package

FS-Cache: Assertion failed: FS-Cache: 6 == 5 is false

Bug Description

CVE References

Other bug subscribers

Remote bug watches

Changed in linux (Ubuntu):
status:	Confirmed → Fix Released

Ubuntulinux package

FS-Cache: Assertion failed: FS-Cache: 6 == 5 is false

Bug Description

CVE References

Other bug subscribers

Remote bug watches

Ubuntu
linux package