Xenial update to 4.4.113 stable release

Bug #1754375 reported by Stefan Bader on 2018-03-08
This bug affects 1 person
Affects Status Importance Assigned to Milestone
linux (Ubuntu)
Stefan Bader

Bug Description

SRU Justification

       The upstream process for stable tree updates is quite similar
       in scope to the Ubuntu SRU process, e.g., each patch has to
       demonstrably fix a bug, and each patch is vetted by upstream
       by originating either directly from a mainline/stable Linux tree or
       a minimally backported form of that patch. The 4.4.113 upstream stable
       patch set is now available. It should be included in the Ubuntu
       kernel as well.



The following patches from the 4.4.113 stable release shall be applied:
* gcov: disable for COMPILE_TEST
* scsi: sg: disable SET_FORCE_LOW_DMA
* futex: Prevent overflow by strengthen input validation
* ALSA: pcm: Remove yet superfluous WARN_ON()
* ALSA: hda - Apply headphone noise quirk for another Dell XPS 13 variant
* ALSA: hda - Apply the existing quirk to iMac 14,1
* af_key: fix buffer overread in verify_address_len()
* af_key: fix buffer overread in parse_exthdrs()
* scsi: hpsa: fix volume offline state
* sched/deadline: Zero out positive runtime after throttling constrained tasks
* pipe: avoid round_pipe_size() nr_pages overflow on 32-bit
* x86/apic/vector: Fix off by one in error path
* Input: 88pm860x-ts - fix child-node lookup
* Input: twl6040-vibra - fix DT node memory management
* Input: twl6040-vibra - fix child-node lookup
* Input: twl4030-vibra - fix sibling-node lookup
* tracing: Fix converting enum's from the map in trace_event_eval_update()
* phy: work around 'phys' references to usb-nop-xceiv devices
* ARM: dts: kirkwood: fix pin-muxing of MPP7 on OpenBlocks A7
* can: peak: fix potential bug in packet fragmentation
* dm btree: fix serious bug in btree_split_beneath()
* dm thin metadata: THIN_MAX_CONCURRENT_LOCKS should be 6
* arm64: KVM: Fix SMCCC handling of unimplemented SMC/HVC calls
* kbuild: modversions for EXPORT_SYMBOL() for asm
* x86/pti: Document fix wrong index
* MIPS: AR7: ensure the port type's FCR value is used
* Linux 4.4.113

Stefan Bader (smb) on 2018-03-08
tags: added: kernel-stable-tracking-bug
Stefan Bader (smb) wrote :

* CVE-2017-5753 (Spectre v1 Intel)
  - x86/cpu/AMD: Make LFENCE a serializing instruction
    -> x86/cpu/AMD: Make the LFENCE instruction serialized
  - x86/cpu/AMD: Use LFENCE_RDTSC in preference to MFENCE_RDTSC

* CVE-2017-5715 (Spectre v2 retpoline)
  - x86/mm/32: Move setup_clear_cpu_cap(X86_FEATURE_PCID) earlier
  - x86/asm: Use register variable to get stack pointer value
  - x86/kbuild: enable modversions for symbols exported from asm
  - x86/asm: Make asm/alternative.h safe from assembly
  - EXPORT_SYMBOL() for asm
  - kconfig.h: use __is_defined() to check if MODULE is defined
  - x86/retpoline: Add initial retpoline support
  - x86/spectre: Add boot time option to select Spectre v2 mitigation
  - x86/retpoline/crypto: Convert crypto assembler indirect jumps
  - x86/retpoline/entry: Convert entry assembler indirect jumps
  - x86/retpoline/ftrace: Convert ftrace assembler indirect jumps
  - x86/retpoline/hyperv: Convert assembler indirect jumps
  - x86/retpoline/xen: Convert Xen hypercall indirect jumps
  - x86/retpoline/checksum32: Convert assembler indirect jumps
  - x86/retpoline/irq32: Convert assembler indirect jumps
  - x86/retpoline: Fill return stack buffer on vmexit
  - x86/retpoline: Remove compile time warning
  - x86/retpoline: Add LFENCE to the retpoline/RSB filling RSB macros
  - module: Add retpoline tag to VERMAGIC
  - x86/cpu, x86/pti: Do not enable PTI on AMD processors
  - x86/mce: Make machine check speculation protected
  - retpoline: Introduce start/end markers of indirect thunk
  - kprobes/x86: Blacklist indirect thunk functions for kprobes
  - kprobes/x86: Disable optimizing on the function jumps to indirect thunk
  - x86/retpoline: Optimize inline assembler for vmexit_fill_RSB

* bug 1743053:
  - libata: apply MAX_SEC_1024 to all LITEON EP1 series devices

description: updated
Changed in linux (Ubuntu Xenial):
assignee: nobody → Stefan Bader (smb)
importance: Undecided → Medium
status: New → In Progress
Changed in linux (Ubuntu):
status: New → Invalid
Stefan Bader (smb) wrote :

After some discussion it has been decided to add the following changes to this set:
* Revert "x86/cpu/AMD: Make the LFENCE instruction serialized"
* x86/cpu/AMD: Make LFENCE a serializing instruction
* x86/cpu/AMD: Use LFENCE_RDTSC in preference to MFENCE_RDTSC

Those have been marked with "CVE-2017-5753 (Spectre v1 Intel -> upstream)" so they will show up in a separate section in the changelog as done for this stable update and replacing the Intel patches by upstream counterparts.

Changed in linux (Ubuntu Xenial):
status: In Progress → Fix Committed
Launchpad Janitor (janitor) wrote :
Download full text (56.9 KiB)

This bug was fixed in the package linux - 4.4.0-119.143

linux (4.4.0-119.143) xenial; urgency=medium

  * linux: 4.4.0-119.143 -proposed tracker (LP: #1760327)

  * Dell XPS 13 9360 bluetooth scan can not detect any device (LP: #1759821)
    - Revert "Bluetooth: btusb: fix QCA Rome suspend/resume"

linux (4.4.0-118.142) xenial; urgency=medium

  * linux: 4.4.0-118.142 -proposed tracker (LP: #1759607)

  * Kernel panic with AWS 4.4.0-1053 / 4.4.0-1015 (Trusty) (LP: #1758869)
    - x86/microcode/AMD: Do not load when running on a hypervisor

  * CVE-2018-8043
    - net: phy: mdio-bcm-unimac: fix potential NULL dereference in

linux (4.4.0-117.141) xenial; urgency=medium

  * linux: 4.4.0-117.141 -proposed tracker (LP: #1755208)

  * Xenial update to 4.4.114 stable release (LP: #1754592)
    - x86/asm/32: Make sync_core() handle missing CPUID on all 32-bit kernels
    - usbip: prevent vhci_hcd driver from leaking a socket pointer address
    - usbip: Fix implicit fallthrough warning
    - usbip: Fix potential format overflow in userspace tools
    - x86/microcode/intel: Fix BDW late-loading revision check
    - x86/retpoline: Fill RSB on context switch for affected CPUs
    - sched/deadline: Use the revised wakeup rule for suspending constrained dl
    - can: af_can: can_rcv(): replace WARN_ONCE by pr_warn_once
    - can: af_can: canfd_rcv(): replace WARN_ONCE by pr_warn_once
    - PM / sleep: declare __tracedata symbols as char[] rather than char
    - time: Avoid undefined behaviour in ktime_add_safe()
    - timers: Plug locking race vs. timer migration
    - Prevent timer value 0 for MWAITX
    - drivers: base: cacheinfo: fix x86 with CONFIG_OF enabled
    - drivers: base: cacheinfo: fix boot error message when acpi is enabled
    - PCI: layerscape: Add "fsl,ls2085a-pcie" compatible ID
    - PCI: layerscape: Fix MSG TLP drop setting
    - mmc: sdhci-of-esdhc: add/remove some quirks according to vendor version
    - fs/select: add vmalloc fallback for select(2)
    - hwpoison, memcg: forcibly uncharge LRU pages
    - cma: fix calculation of aligned offset
    - mm, page_alloc: fix potential false positive in __zone_watermark_ok
    - ipc: msg, make msgrcv work with LONG_MIN
    - x86/ioapic: Fix incorrect pointers in ioapic_setup_resources()
    - ACPI / processor: Avoid reserving IO regions too early
    - ACPI / scan: Prefer devices without _HID/_CID for _ADR matching
    - ACPICA: Namespace: fix operand cache leak
    - netfilter: x_tables: speed up jump target validation
    - netfilter: arp_tables: fix invoking 32bit "iptable -P INPUT ACCEPT" failed
      in 64bit kernel
    - netfilter: nf_dup_ipv6: set again FLOWI_FLAG_KNOWN_NH at flowi6_flags
    - netfilter: nf_ct_expect: remove the redundant slash when policy name is
    - netfilter: nfnetlink_queue: reject verdict request from different portid
    - netfilter: restart search if moved to other chain
    - netfilter: nf_conntrack_sip: extend request line validation
    - netfilter: use fwmark_reflect in nf_send_reset
    - ext2: Don't clear SGID when inheriting ACLs
    - reiserfs: fix race in prealloc discard
    - re...

Changed in linux (Ubuntu Xenial):
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers