Xenial update to 4.4.114 stable release

Bug #1754592 reported by Stefan Bader on 2018-03-09
10
This bug affects 1 person
Affects Status Importance Assigned to Milestone
linux (Ubuntu)
Undecided
Unassigned
Xenial
Medium
Stefan Bader

Bug Description

SRU Justification

    Impact:
       The upstream process for stable tree updates is quite similar
       in scope to the Ubuntu SRU process, e.g., each patch has to
       demonstrably fix a bug, and each patch is vetted by upstream
       by originating either directly from a mainline/stable Linux tree or
       a minimally backported form of that patch. The 4.4.114 upstream stable
       patch set is now available. It should be included in the Ubuntu
       kernel as well.

       git://git.kernel.org/

    TEST CASE: TBD

The following patches from the 4.4.114 stable release shall be applied:
* x86/asm/32: Make sync_core() handle missing CPUID on all 32-bit kernels
* usbip: prevent vhci_hcd driver from leaking a socket pointer address
* usbip: Fix implicit fallthrough warning
* usbip: Fix potential format overflow in userspace tools
* x86/microcode/intel: Fix BDW late-loading revision check
* x86/retpoline: Fill RSB on context switch for affected CPUs
* sched/deadline: Use the revised wakeup rule for suspending constrained dl tasks
* can: af_can: can_rcv(): replace WARN_ONCE by pr_warn_once
* can: af_can: canfd_rcv(): replace WARN_ONCE by pr_warn_once
* PM / sleep: declare __tracedata symbols as char[] rather than char
* time: Avoid undefined behaviour in ktime_add_safe()
* timers: Plug locking race vs. timer migration
* Prevent timer value 0 for MWAITX
* drivers: base: cacheinfo: fix x86 with CONFIG_OF enabled
* drivers: base: cacheinfo: fix boot error message when acpi is enabled
* PCI: layerscape: Add "fsl,ls2085a-pcie" compatible ID
* PCI: layerscape: Fix MSG TLP drop setting
* mmc: sdhci-of-esdhc: add/remove some quirks according to vendor version
* fs/select: add vmalloc fallback for select(2)
* hwpoison, memcg: forcibly uncharge LRU pages
* cma: fix calculation of aligned offset
* mm, page_alloc: fix potential false positive in __zone_watermark_ok
* ipc: msg, make msgrcv work with LONG_MIN
* x86/ioapic: Fix incorrect pointers in ioapic_setup_resources()
* ACPI / processor: Avoid reserving IO regions too early
* ACPI / scan: Prefer devices without _HID/_CID for _ADR matching
* ACPICA: Namespace: fix operand cache leak
* netfilter: x_tables: speed up jump target validation
* netfilter: arp_tables: fix invoking 32bit "iptable -P INPUT ACCEPT" failed in
  64bit kernel
* netfilter: nf_dup_ipv6: set again FLOWI_FLAG_KNOWN_NH at flowi6_flags
* netfilter: nf_ct_expect: remove the redundant slash when policy name is empty
* netfilter: nfnetlink_queue: reject verdict request from different portid
* netfilter: restart search if moved to other chain
* netfilter: nf_conntrack_sip: extend request line validation
* netfilter: use fwmark_reflect in nf_send_reset
* ext2: Don't clear SGID when inheriting ACLs
* reiserfs: fix race in prealloc discard
* reiserfs: don't preallocate blocks for extended attributes
* reiserfs: Don't clear SGID when inheriting ACLs
* fs/fcntl: f_setown, avoid undefined behaviour
* scsi: libiscsi: fix shifting of DID_REQUEUE host byte
* Input: trackpoint - force 3 buttons if 0 button is reported
* usb: usbip: Fix possible deadlocks reported by lockdep
* usbip: fix stub_rx: get_pipe() to validate endpoint number
* usbip: fix stub_rx: harden CMD_SUBMIT path to handle malicious input
* usbip: prevent leaking socket pointer address in messages
* um: link vmlinux with -no-pie
* vsyscall: Fix permissions for emulate mode with KAISER/PTI
* eventpoll.h: add missing epoll event masks
* x86/microcode/intel: Extend BDW late-loading further with LLC size check
* hrtimer: Reset hrtimer cpu base proper on CPU hotplug
* dccp: don't restart ccid2_hc_tx_rto_expire() if sk in closed state
* ipv6: Fix getsockopt() for sockets with default IPV6_AUTOFLOWLABEL
* ipv6: fix udpv6 sendmsg crash caused by too small MTU
* ipv6: ip6_make_skb() needs to clear cork.base.dst
* lan78xx: Fix failure in USB Full Speed
* net: igmp: fix source address check for IGMPv3 reports
* tcp: __tcp_hdrlen() helper
* net: qdisc_pkt_len_init() should be more robust
* pppoe: take ->needed_headroom of lower device into account on xmit
* r8169: fix memory corruption on retrieval of hardware statistics.
* sctp: do not allow the v4 socket to bind a v4mapped v6 address
* sctp: return error if the asoc has been peeled off in sctp_wait_for_sndbuf
* vmxnet3: repair memory leak
* net: Allow neigh contructor functions ability to modify the primary_key
* ipv4: Make neigh lookup keys for loopback/point-to-point devices be INADDR_ANY
* flow_dissector: properly cap thoff field
* net: tcp: close sock if net namespace is exiting
* nfsd: auth: Fix gid sorting when rootsquash enabled
* Linux 4.4.114

Stefan Bader (smb) on 2018-03-09
tags: added: kernel-stable-tracking-bug
Stefan Bader (smb) on 2018-03-09
Changed in linux (Ubuntu Xenial):
assignee: nobody → Stefan Bader (smb)
importance: Undecided → Medium
status: New → In Progress
Changed in linux (Ubuntu):
status: New → Invalid
Stefan Bader (smb) wrote :

Deliberately skipping "Revert "module: Add retpoline tag to VERMAGIC"" because we decided we actually are fine with flagging things that way.

Skipping because already applied:
* Slow system response time due to a monitor bug (bug 1606147)
  - x86/cpu/intel: Introduce macros for Intel family numbers
* CVE-2017-1000364
  - mm/mmap.c: do not blow on PROT_NONE MAP_FIXED holes in the stack
* CVE-2017-17448
  - netfilter: nfnetlink_cthelper: Add missing permission checks
* CVE-2017-17450
  - netfilter: xt_osf: Add missing permission checks

We backported the following set for (bug 16407868):
 * netfilter: x_tables: pass xt_counters struct instead of packet
   counter
 * netfilter: x_tables: pass xt_counters struct to counter allocator
 * netfilter: x_tables: pack percpu counter allocations
this caused the following stable patch to be not needed in Xenial:
 * netfilter: fix IS_ERR_VALUE usage

Skipped until later decision (Spectre v2 upstream):
* x86/retpoline: Fill RSB on context switch for affected CPUs
  -> re-defines the SPEC_CTRL bit with a different name and does
     some STUFF_RSB related things

Stefan Bader (smb) wrote :

Now back-backported the fill RSB change to fit into Xenial code base (x86/retpoline: Fill RSB on context switch for affected CPUs).

Stefan Bader (smb) on 2018-03-09
description: updated
Changed in linux (Ubuntu Xenial):
status: In Progress → Fix Committed
Launchpad Janitor (janitor) wrote :
Download full text (56.9 KiB)

This bug was fixed in the package linux - 4.4.0-119.143

---------------
linux (4.4.0-119.143) xenial; urgency=medium

  * linux: 4.4.0-119.143 -proposed tracker (LP: #1760327)

  * Dell XPS 13 9360 bluetooth scan can not detect any device (LP: #1759821)
    - Revert "Bluetooth: btusb: fix QCA Rome suspend/resume"

linux (4.4.0-118.142) xenial; urgency=medium

  * linux: 4.4.0-118.142 -proposed tracker (LP: #1759607)

  * Kernel panic with AWS 4.4.0-1053 / 4.4.0-1015 (Trusty) (LP: #1758869)
    - x86/microcode/AMD: Do not load when running on a hypervisor

  * CVE-2018-8043
    - net: phy: mdio-bcm-unimac: fix potential NULL dereference in
      unimac_mdio_probe()

linux (4.4.0-117.141) xenial; urgency=medium

  * linux: 4.4.0-117.141 -proposed tracker (LP: #1755208)

  * Xenial update to 4.4.114 stable release (LP: #1754592)
    - x86/asm/32: Make sync_core() handle missing CPUID on all 32-bit kernels
    - usbip: prevent vhci_hcd driver from leaking a socket pointer address
    - usbip: Fix implicit fallthrough warning
    - usbip: Fix potential format overflow in userspace tools
    - x86/microcode/intel: Fix BDW late-loading revision check
    - x86/retpoline: Fill RSB on context switch for affected CPUs
    - sched/deadline: Use the revised wakeup rule for suspending constrained dl
      tasks
    - can: af_can: can_rcv(): replace WARN_ONCE by pr_warn_once
    - can: af_can: canfd_rcv(): replace WARN_ONCE by pr_warn_once
    - PM / sleep: declare __tracedata symbols as char[] rather than char
    - time: Avoid undefined behaviour in ktime_add_safe()
    - timers: Plug locking race vs. timer migration
    - Prevent timer value 0 for MWAITX
    - drivers: base: cacheinfo: fix x86 with CONFIG_OF enabled
    - drivers: base: cacheinfo: fix boot error message when acpi is enabled
    - PCI: layerscape: Add "fsl,ls2085a-pcie" compatible ID
    - PCI: layerscape: Fix MSG TLP drop setting
    - mmc: sdhci-of-esdhc: add/remove some quirks according to vendor version
    - fs/select: add vmalloc fallback for select(2)
    - hwpoison, memcg: forcibly uncharge LRU pages
    - cma: fix calculation of aligned offset
    - mm, page_alloc: fix potential false positive in __zone_watermark_ok
    - ipc: msg, make msgrcv work with LONG_MIN
    - x86/ioapic: Fix incorrect pointers in ioapic_setup_resources()
    - ACPI / processor: Avoid reserving IO regions too early
    - ACPI / scan: Prefer devices without _HID/_CID for _ADR matching
    - ACPICA: Namespace: fix operand cache leak
    - netfilter: x_tables: speed up jump target validation
    - netfilter: arp_tables: fix invoking 32bit "iptable -P INPUT ACCEPT" failed
      in 64bit kernel
    - netfilter: nf_dup_ipv6: set again FLOWI_FLAG_KNOWN_NH at flowi6_flags
    - netfilter: nf_ct_expect: remove the redundant slash when policy name is
      empty
    - netfilter: nfnetlink_queue: reject verdict request from different portid
    - netfilter: restart search if moved to other chain
    - netfilter: nf_conntrack_sip: extend request line validation
    - netfilter: use fwmark_reflect in nf_send_reset
    - ext2: Don't clear SGID when inheriting ACLs
    - reiserfs: fix race in prealloc discard
    - re...

Changed in linux (Ubuntu Xenial):
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers