Xenial update to 4.4.112 stable release

Bug #1745266 reported by Khaled El Mously on 2018-01-25
10
This bug affects 1 person
Affects Status Importance Assigned to Milestone
linux (Ubuntu)
Undecided
Unassigned
Xenial
Medium
Unassigned

Bug Description

SRU Justification

    Impact:
       The upstream process for stable tree updates is quite similar
       in scope to the Ubuntu SRU process, e.g., each patch has to
       demonstrably fix a bug, and each patch is vetted by upstream
       by originating either directly from a mainline/stable Linux tree or
       a minimally backported form of that patch. The 4.4.112 upstream stable
       patch set is now available. It should be included in the Ubuntu
       kernel as well.

       git://git.kernel.org/

    TEST CASE: TBD

       The following patches from the 4.4.112 stable release shall be applied:
* dm bufio: fix shrinker scans when (nr_to_scan < retain_target)
* KVM: Fix stack-out-of-bounds read in write_mmio
* can: gs_usb: fix return value of the "set_bittiming" callback
* IB/srpt: Disable RDMA access by the initiator
* MIPS: Validate PR_SET_FP_MODE prctl(2) requests against the ABI of the task
* MIPS: Factor out NT_PRFPREG regset access helpers
* MIPS: Guard against any partial write attempt with PTRACE_SETREGSET
* MIPS: Consistently handle buffer counter with PTRACE_SETREGSET
* MIPS: Fix an FCSR access API regression with NT_PRFPREG and MSA
* MIPS: Also verify sizeof `elf_fpreg_t' with PTRACE_SETREGSET
* MIPS: Disallow outsized PTRACE_SETREGSET NT_PRFPREG regset accesses
* net/mac80211/debugfs.c: prevent build failure with CONFIG_UBSAN=y
* kvm: vmx: Scrub hardware GPRs at VM-exit
* x86/vsdo: Fix build on PARAVIRT_CLOCK=y, KVM_GUEST=n
* x86/acpi: Handle SCI interrupts above legacy space gracefully
* iommu/arm-smmu-v3: Don't free page table ops twice
* ALSA: pcm: Remove incorrect snd_BUG_ON() usages
* ALSA: pcm: Add missing error checks in OSS emulation plugin builder
* ALSA: pcm: Abort properly at pending signal in OSS read/write loops
* ALSA: pcm: Allow aborting mutex lock at OSS read/write loops
* ALSA: aloop: Release cable upon open error path
* ALSA: aloop: Fix inconsistent format due to incomplete rule
* ALSA: aloop: Fix racy hw constraints adjustment
* x86/acpi: Reduce code duplication in mp_override_legacy_irq()
* mm/compaction: fix invalid free_pfn and compact_cached_free_pfn
* mm/compaction: pass only pageblock aligned range to pageblock_pfn_to_page
* mm/page-writeback: fix dirty_ratelimit calculation
* mm/zswap: use workqueue to destroy pool
* zswap: don't param_set_charp while holding spinlock
* locks: don't check for race with close when setting OFD lock
* futex: Replace barrier() in unqueue_me() with READ_ONCE()
* locking/mutex: Allow next waiter lockless wakeup
* usbvision fix overflow of interfaces array
* usb: musb: ux500: Fix NULL pointer dereference at system PM
* r8152: fix the wake event
* r8152: use test_and_clear_bit
* r8152: adjust ALDPS function
* lan78xx: use skb_cow_head() to deal with cloned skbs
* sr9700: use skb_cow_head() to deal with cloned skbs
* smsc75xx: use skb_cow_head() to deal with cloned skbs
* cx82310_eth: use skb_cow_head() to deal with cloned skbs
* x86/mm/pat, /dev/mem: Remove superfluous error message
* hwrng: core - sleep interruptible in read
* sysrq: Fix warning in sysrq generated crash.
* xhci: Fix ring leak in failure path of xhci_alloc_virt_device()
* Revert "userfaultfd: selftest: vm: allow to build in vm/ directory"
* x86/pti/efi: broken conversion from efi to kernel page table
* 8021q: fix a memory leak for VLAN 0 device
* ip6_tunnel: disable dst caching if tunnel is dual-stack
* net: core: fix module type in sock_diag_bind
* RDS: Heap OOB write in rds_message_alloc_sgs()
* RDS: null pointer dereference in rds_atomic_free_op
* sh_eth: fix TSU resource handling
* sh_eth: fix SH7757 GEther initialization
* net: stmmac: enable EEE in MII, GMII or RGMII only
* ipv6: fix possible mem leaks in ipv6_make_skb()
* crypto: algapi - fix NULL dereference in crypto_remove_spawns()
* rbd: set max_segments to USHRT_MAX
* x86/microcode/intel: Extend BDW late-loading with a revision check
* KVM: x86: Add memory barrier on vmcs field lookup
* drm/vmwgfx: Potential off by one in vmw_view_add()
* kaiser: Set _PAGE_NX only if supported
* bpf: add bpf_patch_insn_single helper
* bpf: don't (ab)use instructions to store state
* bpf: move fixup_bpf_calls() function
* bpf: refactor fixup_bpf_calls()
* bpf: adjust insn_aux_data when patching insns
* bpf: prevent out-of-bounds speculation
* bpf, array: fix overflow in max_entries and undefined behavior in index_mask
* iscsi-target: Make TASK_REASSIGN use proper se_cmd->cmd_kref
* target: Avoid early CMD_T_PRE_EXECUTE failures during ABORT_TASK
* USB: serial: cp210x: add IDs for LifeScan OneTouch Verio IQ
* USB: serial: cp210x: add new device ID ELV ALC 8xxx
* usb: misc: usb3503: make sure reset is low for at least 100us
* USB: fix usbmon BUG trigger
* usbip: remove kernel addresses from usb device and urb debug msgs
* staging: android: ashmem: fix a race condition in ASHMEM_SET_SIZE ioctl
* Bluetooth: Prevent stack info leak from the EFS element.
* uas: ignore UAS for Norelsys NS1068(X) chips
* e1000e: Fix e1000_check_for_copper_link_ich8lan return value.
* x86/Documentation: Add PTI description
* x86/cpu: Factor out application of forced CPU caps
* x86/cpufeatures: Make CPU bugs sticky
* x86/cpufeatures: Add X86_BUG_CPU_INSECURE
* x86/pti: Rename BUG_CPU_INSECURE to BUG_CPU_MELTDOWN
* x86/cpufeatures: Add X86_BUG_SPECTRE_V[12]
* x86/cpu: Merge bugs.c and bugs_64.c
* sysfs/cpu: Add vulnerability folder
* x86/cpu: Implement CPU vulnerabilites sysfs functions
* sysfs/cpu: Fix typos in vulnerability documentation
* x86/alternatives: Fix optimize_nops() checking
* x86/alternatives: Add missing '\n' at end of ALTERNATIVE inline asm
* selftests/x86: Add test_vsyscall
* Linux 4.4.112

tags: added: kernel-stable-tracking-bug
Khaled El Mously (kmously) wrote :

The following patches were NOT applied as they had been applied previously:

 * kvm: vmx: Scrub hardware GPRs at VM-exit
 * bpf: add bpf_patch_insn_single helper

description: updated
Khaled El Mously (kmously) wrote :

Note that a few patches were referring to arch/x86/include/asm/cpufeature.h , however, looking at the code it appears the patches really should be applied to arch/x86/include/asm/cpufeatures.h instead (has an extra 's' - plural). Those patches basically had to be manually done.

Stefan Bader (smb) on 2018-02-28
Changed in linux (Ubuntu):
status: New → Invalid
Changed in linux (Ubuntu Xenial):
importance: Undecided → Medium
Stefan Bader (smb) wrote :

Since this update was prepared, the following patches were already applied:
* KVM: Fix stack-out-of-bounds read in write_mmio (CVE-2017-17741)
* RDS: null pointer dereference in rds_atomic_free_op (CVE-2018-5333)

Needed fixup:
* bpf: don't (ab)use instructions to store state
  We added a partial backport of this change when applying
  "bpf: fix branch pruning logic" (CVE-2017-17862)
* bpf: prevent out-of-bounds speculation
  Because of changes introduced by "bpf: fix branch pruning
  logic" (CVE-2017-17862)

The following patches were all also applied already as part of
CVE-2017-5715 (Spectre v2 retpoline):
* x86/cpu: Factor out application of forced CPU caps
* x86/cpufeatures: Make CPU bugs sticky
* x86/cpufeatures: Add X86_BUG_CPU_INSECURE
* x86/pti: Rename BUG_CPU_INSECURE to BUG_CPU_MELTDOWN
* x86/cpufeatures: Add X86_BUG_SPECTRE_V[12]
* x86/cpu: Merge bugs.c and bugs_64.c
* sysfs/cpu: Add vulnerability folder
* x86/cpu: Implement CPU vulnerabilites sysfs functions
* x86/alternatives: Add missing '\n' at end of ALTERNATIVE inline asm

Stefan Bader (smb) on 2018-02-28
Changed in linux (Ubuntu Xenial):
status: New → Fix Committed
Launchpad Janitor (janitor) wrote :
Download full text (56.9 KiB)

This bug was fixed in the package linux - 4.4.0-119.143

---------------
linux (4.4.0-119.143) xenial; urgency=medium

  * linux: 4.4.0-119.143 -proposed tracker (LP: #1760327)

  * Dell XPS 13 9360 bluetooth scan can not detect any device (LP: #1759821)
    - Revert "Bluetooth: btusb: fix QCA Rome suspend/resume"

linux (4.4.0-118.142) xenial; urgency=medium

  * linux: 4.4.0-118.142 -proposed tracker (LP: #1759607)

  * Kernel panic with AWS 4.4.0-1053 / 4.4.0-1015 (Trusty) (LP: #1758869)
    - x86/microcode/AMD: Do not load when running on a hypervisor

  * CVE-2018-8043
    - net: phy: mdio-bcm-unimac: fix potential NULL dereference in
      unimac_mdio_probe()

linux (4.4.0-117.141) xenial; urgency=medium

  * linux: 4.4.0-117.141 -proposed tracker (LP: #1755208)

  * Xenial update to 4.4.114 stable release (LP: #1754592)
    - x86/asm/32: Make sync_core() handle missing CPUID on all 32-bit kernels
    - usbip: prevent vhci_hcd driver from leaking a socket pointer address
    - usbip: Fix implicit fallthrough warning
    - usbip: Fix potential format overflow in userspace tools
    - x86/microcode/intel: Fix BDW late-loading revision check
    - x86/retpoline: Fill RSB on context switch for affected CPUs
    - sched/deadline: Use the revised wakeup rule for suspending constrained dl
      tasks
    - can: af_can: can_rcv(): replace WARN_ONCE by pr_warn_once
    - can: af_can: canfd_rcv(): replace WARN_ONCE by pr_warn_once
    - PM / sleep: declare __tracedata symbols as char[] rather than char
    - time: Avoid undefined behaviour in ktime_add_safe()
    - timers: Plug locking race vs. timer migration
    - Prevent timer value 0 for MWAITX
    - drivers: base: cacheinfo: fix x86 with CONFIG_OF enabled
    - drivers: base: cacheinfo: fix boot error message when acpi is enabled
    - PCI: layerscape: Add "fsl,ls2085a-pcie" compatible ID
    - PCI: layerscape: Fix MSG TLP drop setting
    - mmc: sdhci-of-esdhc: add/remove some quirks according to vendor version
    - fs/select: add vmalloc fallback for select(2)
    - hwpoison, memcg: forcibly uncharge LRU pages
    - cma: fix calculation of aligned offset
    - mm, page_alloc: fix potential false positive in __zone_watermark_ok
    - ipc: msg, make msgrcv work with LONG_MIN
    - x86/ioapic: Fix incorrect pointers in ioapic_setup_resources()
    - ACPI / processor: Avoid reserving IO regions too early
    - ACPI / scan: Prefer devices without _HID/_CID for _ADR matching
    - ACPICA: Namespace: fix operand cache leak
    - netfilter: x_tables: speed up jump target validation
    - netfilter: arp_tables: fix invoking 32bit "iptable -P INPUT ACCEPT" failed
      in 64bit kernel
    - netfilter: nf_dup_ipv6: set again FLOWI_FLAG_KNOWN_NH at flowi6_flags
    - netfilter: nf_ct_expect: remove the redundant slash when policy name is
      empty
    - netfilter: nfnetlink_queue: reject verdict request from different portid
    - netfilter: restart search if moved to other chain
    - netfilter: nf_conntrack_sip: extend request line validation
    - netfilter: use fwmark_reflect in nf_send_reset
    - ext2: Don't clear SGID when inheriting ACLs
    - reiserfs: fix race in prealloc discard
    - re...

Changed in linux (Ubuntu Xenial):
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers