Bionic update to v4.15.4 stable release

Bug #1751064 reported by Seth Forshee on 2018-02-22
This bug affects 1 person
Affects Status Importance Assigned to Milestone
linux (Ubuntu)
Seth Forshee

Bug Description

SRU Justification

       The upstream process for stable tree updates is quite similar
       in scope to the Ubuntu SRU process, e.g., each patch has to
       demonstrably fix a bug, and each patch is vetted by upstream
       by originating either directly from a mainline/stable Linux tree or
       a minimally backported form of that patch. The v4.15.4 upstream stable
       patch set is now available. It should be included in the Ubuntu
       kernel as well.



       The following patches from the v4.15.4 stable release shall be applied:

watchdog: indydog: Add dependency on SGI_HAS_INDYDOG
cifs: Fix missing put_xid in cifs_file_strict_mmap
cifs: Fix autonegotiate security settings mismatch
CIFS: zero sensitive data when freeing
cpufreq: mediatek: add mediatek related projects into blacklist
dmaengine: dmatest: fix container_of member in dmatest_callback
ssb: Do not disable PCI host on non-Mips
watchdog: gpio_wdt: set WDOG_HW_RUNNING in gpio_wdt_stop
Revert "drm/i915: mark all device info struct with __initconst"
sched/rt: Use container_of() to get root domain in rto_push_irq_work_func()
sched/rt: Up the root domain ref count when passing it around via IPIs
media: dvb-usb-v2: lmedm04: Improve logic checking of warm start
media: dvb-usb-v2: lmedm04: move ts2020 attach to dm04_lme2510_tuner
media: hdpvr: Fix an error handling path in hdpvr_probe()
arm64: mm: Use non-global mappings for kernel space
arm64: mm: Temporarily disable ARM64_SW_TTBR0_PAN
arm64: mm: Move ASID from TTBR0 to TTBR1
arm64: mm: Remove pre_ttbr0_update_workaround for Falkor erratum #E1003
arm64: mm: Rename post_ttbr0_update_workaround
arm64: mm: Fix and re-enable ARM64_SW_TTBR0_PAN
arm64: mm: Allocate ASIDs in pairs
arm64: mm: Add arm64_kernel_unmapped_at_el0 helper
arm64: mm: Invalidate both kernel and user ASIDs when performing TLBI
arm64: entry: Add exception trampoline page for exceptions from EL0
arm64: mm: Map entry trampoline into trampoline and kernel page tables
arm64: entry: Explicitly pass exception level to kernel_ventry macro
arm64: entry: Hook up entry trampoline to exception vectors
arm64: erratum: Work around Falkor erratum #E1003 in trampoline code
arm64: cpu_errata: Add Kryo to Falkor 1003 errata
arm64: tls: Avoid unconditional zeroing of tpidrro_el0 for native tasks
arm64: entry: Add fake CPU feature for unmapping the kernel at EL0
arm64: kaslr: Put kernel vectors address in separate data page
arm64: use RET instruction for exiting the trampoline
arm64: Kconfig: Add CONFIG_UNMAP_KERNEL_AT_EL0
arm64: Kconfig: Reword UNMAP_KERNEL_AT_EL0 kconfig entry
arm64: Take into account ID_AA64PFR0_EL1.CSV3
arm64: capabilities: Handle duplicate entries for a capability
arm64: mm: Introduce TTBR_ASID_MASK for getting at the ASID in the TTBR
arm64: kpti: Fix the interaction between ASID switching and software PAN
arm64: cputype: Add MIDR values for Cavium ThunderX2 CPUs
arm64: Turn on KPTI only on CPUs that need it
arm64: kpti: Make use of nG dependent on arm64_kernel_unmapped_at_el0()
arm64: mm: Permit transitioning from Global to Non-Global without BBM
arm64: kpti: Add ->enable callback to remap swapper using nG mappings
arm64: Force KPTI to be disabled on Cavium ThunderX
arm64: entry: Reword comment about post_ttbr_update_workaround
arm64: idmap: Use "awx" flags for .idmap.text .pushsection directives
perf: arm_spe: Fail device probe when arm64_kernel_unmapped_at_el0()
arm64: barrier: Add CSDB macros to control data-value prediction
arm64: Implement array_index_mask_nospec()
arm64: Make USER_DS an inclusive limit
arm64: Use pointer masking to limit uaccess speculation
arm64: entry: Ensure branch through syscall table is bounded under speculation
arm64: uaccess: Prevent speculative use of the current addr_limit
arm64: uaccess: Don't bother eliding access_ok checks in __{get, put}_user
arm64: uaccess: Mask __user pointers for __arch_{clear, copy_*}_user
arm64: futex: Mask __user pointers prior to dereference
arm64: cpufeature: __this_cpu_has_cap() shouldn't stop early
arm64: Run enable method for errata work arounds on late CPUs
arm64: cpufeature: Pass capability structure to ->enable callback
drivers/firmware: Expose psci_get_version through psci_ops structure
arm64: Move post_ttbr_update_workaround to C code
arm64: Add skeleton to harden the branch predictor against aliasing attacks
arm64: Move BP hardening to check_and_switch_context
arm64: KVM: Use per-CPU vector when BP hardening is enabled
arm64: entry: Apply BP hardening for high-priority synchronous exceptions
arm64: entry: Apply BP hardening for suspicious interrupts from EL0
arm64: cputype: Add missing MIDR values for Cortex-A72 and Cortex-A75
arm64: Implement branch predictor hardening for affected Cortex-A CPUs
arm64: Implement branch predictor hardening for Falkor
arm64: Branch predictor hardening for Cavium ThunderX2
arm64: KVM: Increment PC after handling an SMC trap
arm/arm64: KVM: Consolidate the PSCI include files
arm/arm64: KVM: Add PSCI_VERSION helper
arm/arm64: KVM: Add smccc accessors to PSCI code
arm/arm64: KVM: Implement PSCI 1.0 support
arm/arm64: KVM: Advertise SMCCC v1.1
arm64: KVM: Make PSCI_VERSION a fast path
arm/arm64: KVM: Turn kvm_psci_version into a static inline
arm64: KVM: Report SMCCC_ARCH_WORKAROUND_1 BP hardening support
arm64: KVM: Add SMCCC_ARCH_WORKAROUND_1 fast handling
firmware/psci: Expose PSCI conduit
firmware/psci: Expose SMCCC version through psci_ops
arm/arm64: smccc: Make function identifiers an unsigned quantity
arm/arm64: smccc: Implement SMCCC v1.1 inline primitive
arm64: Add ARM_SMCCC_ARCH_WORKAROUND_1 BP hardening support
arm64: Kill PSCI_GET_VERSION as a variant-2 workaround
mtd: cfi: convert inline functions to macros
mtd: nand: brcmnand: Disable prefetch by default
mtd: nand: Fix nand_do_read_oob() return value
mtd: nand: sunxi: Fix ECC strength choice
ubi: Fix race condition between ubi volume creation and udev
ubi: fastmap: Erase outdated anchor PEBs during attach
ubi: block: Fix locking for idr_alloc/idr_remove
ubifs: free the encrypted symlink target
nfs/pnfs: fix nfs_direct_req ref leak when i/o falls back to the mds
nfs41: do not return ENOMEM on LAYOUTUNAVAILABLE
NFS: Add a cond_resched() to nfs_commit_release_pages()
NFS: Fix nfsstat breakage due to LOOKUPP
NFS: commit direct writes even if they fail partially
NFS: reject request for id_legacy key without auxdata
NFS: Fix a race between mmap() and O_DIRECT
nfsd: Detect unhashed stids in nfsd4_verify_open_stid()
kernfs: fix regression in kernfs_fop_write caused by wrong type
ahci: Annotate PCI ids for mobile Intel chipsets as such
ahci: Add PCI ids for Intel Bay Trail, Cherry Trail and Apollo Lake AHCI
ahci: Add Intel Cannon Lake PCH-H PCI ID
crypto: hash - introduce crypto_hash_alg_has_setkey()
crypto: cryptd - pass through absence of ->setkey()
crypto: mcryptd - pass through absence of ->setkey()
crypto: poly1305 - remove ->setkey() method
crypto: hash - annotate algorithms taking optional key
crypto: hash - prevent using keyed hashes without setting key
media: v4l2-ioctl.c: use check_fmt for enum/g/s/try_fmt
media: v4l2-ioctl.c: don't copy back the result for -ENOTTY
media: v4l2-compat-ioctl32.c: add missing VIDIOC_PREPARE_BUF
media: v4l2-compat-ioctl32.c: fix the indentation
media: v4l2-compat-ioctl32.c: move 'helper' functions to __get/put_v4l2_format32
media: v4l2-compat-ioctl32.c: avoid sizeof(type)
media: v4l2-compat-ioctl32.c: copy m.userptr in put_v4l2_plane32
media: v4l2-compat-ioctl32.c: fix ctrl_is_pointer
media: v4l2-compat-ioctl32.c: copy clip list in put_v4l2_window32
media: v4l2-compat-ioctl32.c: drop pr_info for unknown buffer type
media: v4l2-compat-ioctl32.c: don't copy back the result for certain errors
media: v4l2-compat-ioctl32.c: refactor compat ioctl32 logic
media: v4l2-compat-ioctl32.c: make ctrl_is_pointer work for subdevs
crypto: caam - fix endless loop when DECO acquire fails
crypto: sha512-mb - initialize pending lengths correctly
crypto: talitos - fix Kernel Oops on hashing an empty file
arm: KVM: Fix SMCCC handling of unimplemented SMC/HVC calls
KVM: nVMX: Fix races when sending nested PI while dest enters/leaves L2
KVM: nVMX: Fix bug of injecting L2 exception into L1
KVM: PPC: Book3S HV: Make sure we don't re-enter guest without XIVE loaded
KVM: PPC: Book3S HV: Drop locks before reading guest memory
KVM: arm/arm64: Handle CPU_PM_ENTER_FAILED
KVM: PPC: Book3S PR: Fix broken select due to misspelling
ASoC: acpi: fix machine driver selection based on quirk
ASoC: rockchip: i2s: fix playback after runtime resume
ASoC: skl: Fix kernel warning due to zero NHTL entry
ASoC: compress: Correct handling of copy callback
watchdog: imx2_wdt: restore previous timeout after suspend+resume
afs: Add missing afs_put_cell()
afs: Need to clear responded flag in addr cursor
afs: Fix missing cursor clearance
afs: Fix server list handling
btrfs: Handle btrfs_set_extent_delalloc failure in fixup worker
Btrfs: raid56: iterate raid56 internal bio with bio_for_each_segment_all
kasan: don't emit builtin calls when sanitization is off
kasan: rework Kconfig settings
media: dvb_frontend: be sure to init dvb_frontend_handle_ioctl() return code
media: dvb-frontends: fix i2c access helpers for KASAN
media: dt-bindings/media/cec-gpio.txt: mention the CEC/HPD max voltages
media: ts2020: avoid integer overflows on 32 bit machines
media: vivid: fix module load error when enabling fb and no_error_inj=1
media: cxusb, dib0700: ignore XC2028_I2C_FLUSH
fs/proc/kcore.c: use probe_kernel_read() instead of memcpy()
kernel/async.c: revert "async: simplify lowest_in_progress()"
kernel/relay.c: revert "kernel/relay.c: fix potential memory leak"
pipe: actually allow root to exceed the pipe buffer limits
pipe: fix off-by-one error when checking buffer limits
HID: quirks: Fix keyboard + touchpad on Toshiba Click Mini not working
Bluetooth: btsdio: Do not bind to non-removable BCM43341
ipmi: use dynamic memory for DMI driver override
signal/openrisc: Fix do_unaligned_access to send the proper signal
signal/sh: Ensure si_signo is initialized in do_divide_error
alpha: fix crash if pthread_create races with signal delivery
alpha: osf_sys.c: fix put_tv32 regression
alpha: Fix mixed up args in EXC macro in futex operations
alpha: fix reboot on Avanti platform
alpha: fix formating of stack content
xtensa: fix futex_atomic_cmpxchg_inatomic
EDAC, octeon: Fix an uninitialized variable warning
genirq: Make legacy autoprobing work again
pinctrl: intel: Initialize GPIO properly when used through irqchip
pinctrl: mcp23s08: fix irq setup order
pinctrl: sx150x: Unregister the pinctrl on release
pinctrl: sx150x: Register pinctrl before adding the gpiochip
pinctrl: sx150x: Add a static gpio/pinctrl pin range mapping
pktcdvd: Fix pkt_setup_dev() error path
pktcdvd: Fix a recently introduced NULL pointer dereference
blk-mq: quiesce queue before freeing queue
clocksource/drivers/stm32: Fix kernel panic with multiple timers
lib/ubsan.c: s/missaligned/misaligned/
lib/ubsan: add type mismatch handler for new GCC/Clang
objtool: Fix switch-table detection
arm64: dts: marvell: add Ethernet aliases
drm/i915: Avoid PPS HW/SW state mismatch due to rounding
ACPI: sbshc: remove raw pointer from printk() message
acpi, nfit: fix register dimm error handling
ovl: force r/o mount when index dir creation fails
ovl: fix failure to fsync lower dir
ovl: take mnt_want_write() for work/index dir setup
ovl: take mnt_want_write() for removing impure xattr
ovl: hash directory inodes for fsnotify
mn10300/misalignment: Use SIGSEGV SEGV_MAPERR to report a failed user copy
devpts: fix error handling in devpts_mntget()
ftrace: Remove incorrect setting of glob search field
scsi: core: Ensure that the SCSI error handler gets woken up
scsi: lpfc: Fix crash after bad bar setup on driver attachment
scsi: cxlflash: Reset command ioasc
rcu: Export init_rcu_head() and destroy_rcu_head() to GPL modules
Linux 4.15.4

       The following patches from the v4.15.4 stable release had already been applied:

Revert "Bluetooth: btusb: fix QCA Rome suspend/resume"
Bluetooth: btusb: Restore QCA Rome suspend/resume fix with a "rewritten" version

CVE References

Seth Forshee (sforshee) on 2018-02-22
tags: added: kernel-stable-tracking-bug
Seth Forshee (sforshee) on 2018-02-22
description: updated
Changed in linux (Ubuntu):
assignee: nobody → Seth Forshee (sforshee)
importance: Undecided → Medium
status: New → In Progress
description: updated
Changed in linux (Ubuntu):
status: In Progress → Fix Committed
Launchpad Janitor (janitor) wrote :
Download full text (40.0 KiB)

This bug was fixed in the package linux - 4.15.0-12.13

linux (4.15.0-12.13) bionic; urgency=medium

  * linux: 4.15.0-12.13 -proposed tracker (LP: #1754059)

  * CONFIG_EFI=y on armhf (LP: #1726362)
    - [Config] CONFIG_EFI=y on armhf, reconcile secureboot EFI settings

  * ppc64el: Support firmware disable of RFI flush (LP: #1751994)
    - powerpc/pseries: Support firmware disable of RFI flush
    - powerpc/powernv: Support firmware disable of RFI flush

  * [Feature] CFL/CNL (PCH:CNP-H): New GPIO Commit added (GPIO Driver needed)
    (LP: #1751714)
    - gpio / ACPI: Drop unnecessary ACPI GPIO to Linux GPIO translation
    - pinctrl: intel: Allow custom GPIO base for pad groups
    - pinctrl: cannonlake: Align GPIO number space with Windows

  * [Feature] Add xHCI debug device support in the driver (LP: #1730832)
    - usb: xhci: Make some static functions global
    - usb: xhci: Add DbC support in xHCI driver
    - [Config] USB_XHCI_DBGCAP=y for commit mainline dfba2174dc42.

  * [SRU] Lenovo E41 Mic mute hotkey is not responding (LP: #1753347)
    - platform/x86: ideapad-laptop: Increase timeout to wait for EC answer

  * headset mic can't be detected on two Dell machines (LP: #1748807)
    - ALSA: hda - Fix a wrong FIXUP for alc289 on Dell machines

  * hisi_sas: Add disk LED support (LP: #1752695)
    - scsi: hisi_sas: directly attached disk LED feature for v2 hw

  * [Feature] [Graphics]Whiskey Lake (Coffelake-U 4+2) new PCI Device ID adds
    (LP: #1742561)
    - drm/i915/cfl: Adding more Coffee Lake PCI IDs.

  * [Bug] [USB Function][CFL-CNL PCH]Stall Error and USB Transaction Error in
    trace, Disable of device-initiated U1/U2 failed and rebind failed: -517
    during suspend/resume with usb storage. (LP: #1730599)
    - usb: Don't print a warning if interface driver rebind is deferred at resume

  * retpoline: ignore %cs:0xNNN constant indirections (LP: #1752655)
    - [Packaging] retpoline -- elide %cs:0xNNNN constants on i386
    - [Config] retpoline -- clean up i386 retpoline files

  * hisilicon hibmc regression due to ea642c3216cb ("drm/ttm: add io_mem_pfn
    callback") (LP: #1738334)
    - drm/ttm: add ttm_bo_io_mem_pfn to check io_mem_pfn

  * [Asus UX360UA] battery status in unity-panel is not changing when battery is
    being charged (LP: #1661876) // AC adapter status not detected on Asus
    ZenBook UX410UAK (LP: #1745032)
    - ACPI / battery: Add quirk for Asus UX360UA and UX410UAK

  * ASUS UX305LA - Battery state not detected correctly (LP: #1482390)
    - ACPI / battery: Add quirk for Asus GL502VSK and UX305LA

  * [18.04 FEAT] Automatically detect layer2 setting in the qeth device driver
    (LP: #1747639)
    - s390/diag: add diag26c support for VNIC info
    - s390/qeth: support early setup for z/VM NICs

  * Bionic update to v4.15.7 stable release (LP: #1752317)
    - netfilter: drop outermost socket lock in getsockopt()
    - arm64: mm: don't write garbage into TTBR1_EL1 register
    - kconfig.h: Include compiler types to avoid missed struct attributes
    - MIPS: boot: Define __ASSEMBLY__ for its.S build
    - xtensa: fix high memory/reserved memory collision
    - scsi: ibmvfc: fix misde...

Changed in linux (Ubuntu):
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers