Xenial update to 4.4.116 stable release

Bug #1756121 reported by Juerg Haefliger
This bug affects 1 person
Affects Status Importance Assigned to Milestone
linux (Ubuntu)
Fix Released

Bug Description

SRU Justification

   The upstream process for stable tree updates is quite similar
   in scope to the Ubuntu SRU process, e.g., each patch has to
   demonstrably fix a bug, and each patch is vetted by upstream
   by originating either directly from a mainline/stable Linux tree
   or a minimally backported form of that patch. The 4.4.116 upstream
   stable stable patch set is now available. It should be included
   in the Ubuntu kernel as well.



   The following patches from the 4.4.116 stable release shall be

   * Linux 4.4.116
   * ftrace: Remove incorrect setting of glob search field
   * mn10300/misalignment: Use SIGSEGV SEGV_MAPERR to report a failed user copy
   * ovl: fix failure to fsync lower dir
   * ACPI: sbshc: remove raw pointer from printk() message
   * nvme: Fix managing degraded controllers
   * btrfs: Handle btrfs_set_extent_delalloc failure in fixup worker
   * pktcdvd: Fix pkt_setup_dev() error path
   * EDAC, octeon: Fix an uninitialized variable warning
   * xtensa: fix futex_atomic_cmpxchg_inatomic
   * alpha: fix reboot on Avanti platform
   * alpha: fix crash if pthread_create races with signal delivery
   * signal/sh: Ensure si_signo is initialized in do_divide_error
   * signal/openrisc: Fix do_unaligned_access to send the proper signal
   * Bluetooth: btusb: Restore QCA Rome suspend/resume fix with a "rewritten" version
   * Revert "Bluetooth: btusb: fix QCA Rome suspend/resume"
   * Bluetooth: btsdio: Do not bind to non-removable BCM43341
   * HID: quirks: Fix keyboard + touchpad on Toshiba Click Mini not working
   * kernel/async.c: revert "async: simplify lowest_in_progress()"
   * media: cxusb, dib0700: ignore XC2028_I2C_FLUSH
   * media: ts2020: avoid integer overflows on 32 bit machines
   * watchdog: imx2_wdt: restore previous timeout after suspend+resume
   * KVM: nVMX: Fix races when sending nested PI while dest enters/leaves L2
   * arm: KVM: Fix SMCCC handling of unimplemented SMC/HVC calls
   * crypto: caam - fix endless loop when DECO acquire fails
   * media: v4l2-compat-ioctl32.c: refactor compat ioctl32 logic
   * media: v4l2-compat-ioctl32.c: don't copy back the result for certain errors
   * media: v4l2-compat-ioctl32.c: drop pr_info for unknown buffer type
   * media: v4l2-compat-ioctl32.c: copy clip list in put_v4l2_window32
   * media: v4l2-compat-ioctl32: Copy v4l2_window->global_alpha
   * media: v4l2-compat-ioctl32.c: make ctrl_is_pointer work for subdevs
   * media: v4l2-compat-ioctl32.c: fix ctrl_is_pointer
   * media: v4l2-compat-ioctl32.c: copy m.userptr in put_v4l2_plane32
   * media: v4l2-compat-ioctl32.c: avoid sizeof(type)
   * media: v4l2-compat-ioctl32.c: move 'helper' functions to __get/put_v4l2_format32
   * media: v4l2-compat-ioctl32.c: fix the indentation
   * media: v4l2-compat-ioctl32.c: add missing VIDIOC_PREPARE_BUF
   * vb2: V4L2_BUF_FLAG_DONE is set after DQBUF
   * media: v4l2-ioctl.c: don't copy back the result for -ENOTTY
   * nsfs: mark dentry with DCACHE_RCUACCESS
   * crypto: poly1305 - remove ->setkey() method
   * crypto: cryptd - pass through absence of ->setkey()
   * crypto: hash - introduce crypto_hash_alg_has_setkey()
   * ahci: Add Intel Cannon Lake PCH-H PCI ID
   * ahci: Add PCI ids for Intel Bay Trail, Cherry Trail and Apollo Lake AHCI
   * ahci: Annotate PCI ids for mobile Intel chipsets as such
   * kernfs: fix regression in kernfs_fop_write caused by wrong type
   * NFS: reject request for id_legacy key without auxdata
   * NFS: commit direct writes even if they fail partially
   * NFS: Add a cond_resched() to nfs_commit_release_pages()
   * nfs/pnfs: fix nfs_direct_req ref leak when i/o falls back to the mds
   * ubi: block: Fix locking for idr_alloc/idr_remove
   * mtd: nand: sunxi: Fix ECC strength choice
   * mtd: nand: Fix nand_do_read_oob() return value
   * mtd: nand: brcmnand: Disable prefetch by default
   * mtd: cfi: convert inline functions to macros
   * media: dvb-usb-v2: lmedm04: move ts2020 attach to dm04_lme2510_tuner
   * media: dvb-usb-v2: lmedm04: Improve logic checking of warm start
   * dccp: CVE-2017-8824: use-after-free in DCCP code
   * sched/rt: Up the root domain ref count when passing it around via IPIs
   * sched/rt: Use container_of() to get root domain in rto_push_irq_work_func()
   * usb: gadget: uvc: Missing files for configfs interface
   * posix-timer: Properly check sigevent->sigev_notify
   * netfilter: nf_queue: Make the queue_handler pernet
   * kaiser: fix compile error without vsyscall
   * x86/kaiser: fix build error with KASAN && !FUNCTION_GRAPH_TRACER
   * dmaengine: dmatest: fix container_of member in dmatest_callback
   * CIFS: zero sensitive data when freeing
   * cifs: Fix autonegotiate security settings mismatch
   * cifs: Fix missing put_xid in cifs_file_strict_mmap
   * powerpc/pseries: include linux/types.h in asm/hvcall.h
   * x86/microcode: Do the family check first
   * x86/microcode/AMD: Do not load when running on a hypervisor
   * crypto: tcrypt - fix S/G table for test_aead_speed()
   * don't put symlink bodies in pagecache into highmem
   * KEYS: encrypted: fix buffer overread in valid_master_desc()
   * media: soc_camera: soc_scale_crop: add missing MODULE_DESCRIPTION/AUTHOR/LICENSE
   * vhost_net: stop device during reset owner
   * tcp: release sk_frag.page in tcp_disconnect
   * r8169: fix RTL8168EP take too long to complete driver initialization.
   * qlcnic: fix deadlock bug
   * net: igmp: add a missing rcu locking section
   * ip6mr: fix stale iterator
   * x86/asm: Fix inline asm call constraints for GCC 4.4
   * drm: rcar-du: Fix race condition when disabling planes at CRTC stop
   * drm: rcar-du: Use the VBK interrupt for vblank events
   * ASoC: rsnd: avoid duplicate free_irq()
   * ASoC: rsnd: don't call free_irq() on Parent SSI
   * ASoC: simple-card: Fix misleading error message
   * net: cdc_ncm: initialize drvflags before usage
   * usbip: fix 3eee23c3ec14 tcp_socket address still in the status file
   * usbip: vhci_hcd: clear just the USB_PORT_STAT_POWER bit
   * powerpc/64s: Allow control of RFI flush via debugfs
   * powerpc/64s: Wire up cpu_show_meltdown()
   * powerpc/powernv: Check device-tree for RFI flush settings
   * powerpc/pseries: Query hypervisor for RFI flush settings
   * powerpc/64s: Support disabling RFI flush with no_rfi_flush and nopti
   * powerpc/64s: Add support for RFI flush of L1-D cache
   * powerpc/64s: Convert slb_miss_common to use RFI_TO_USER/KERNEL
   * powerpc/64: Convert the syscall exit path to use RFI_TO_USER/KERNEL
   * powerpc/64: Convert fast_exception_return to use RFI_TO_USER/KERNEL
   * powerpc/64s: Simple RFI macro conversions
   * powerpc/64: Add macros for annotating the destination of rfid/hrfid
   * powerpc/pseries: Add H_GET_CPU_CHARACTERISTICS flags & wrapper
   * powerpc: Simplify module TOC handling
   * powerpc: Fix VSX enabling/flushing to also test MSR_FP and MSR_VEC
   * powerpc/64: Fix flush_(d|i)cache_range() called from modules
   * powerpc/bpf/jit: Disable classic BPF JIT on ppc64le

CVE References

Juerg Haefliger (juergh)
Changed in linux (Ubuntu):
status: New → Invalid
Juerg Haefliger (juergh)
description: updated
Revision history for this message
Juerg Haefliger (juergh) wrote :

List of skipped patches (already applied previously or not applicable):
   * nvme: Fix managing degraded controllers
   * dccp: CVE-2017-8824: use-after-free in DCCP code

Revision history for this message
Juerg Haefliger (juergh) wrote :

Reverted the following SAUCE patches. The update to .116 pulls in upstream's final implementation.

1a7bb6191224 UBUNTU: SAUCE: UBUNTU: [Config] Disable CONFIG_PPC_DEBUG_RFI
2a12cf7710e1 UBUNTU: SAUCE: rfi-flush: Fix some RFI conversions in the KVM code
68ee8a04f527 UBUNTU: SAUCE: rfi-flush: Fix the 32-bit KVM build
b6a090d66183 UBUNTU: SAUCE: rfi-flush: Fallback flush add load dependency
9fb6d7509dcd UBUNTU: SAUCE: rfi-flush: Use rfi-flush in printks
2d8d8a2459d2 UBUNTU: SAUCE: rfi-flush: Add no_rfi_flush and nopti comandline options
d275a2d6aa9b UBUNTU: SAUCE: rfi-flush: Refactor the macros so the nops are defined once
e82cad5fc178 UBUNTU: SAUCE: rfi-flush: Fix HRFI_TO_UNKNOWN
1a65b15b16bd UBUNTU: SAUCE: rfi-flush: Fix the fallback flush to actually activate
c049d338c5c2 UBUNTU: SAUCE: rfi-flush: Rework pseries logic to be more cautious
884242613372 UBUNTU: SAUCE: rfi-flush: Rework powernv logic to be more cautious
ee71154ed061 UBUNTU: SAUCE: rfi-flush: Add barriers to the fallback L1D flushing
cab09201eef8 UBUNTU: SAUCE: Fix compilation errors for arch/powerpc/lib/feature-fixups.c
4fc2e0b57c89 UBUNTU: SAUCE: Remove setup.h include file otherwise compilation complains about missing header file.
323c02b05b3a UBUNTU: SAUCE: powerpc/asm: Allow including ppc_asm.h in asm files
d585250a68cd UBUNTU: SAUCE: rfi-flush: Add speculation barrier before ori 30,30,0 flush
5dcadca3b007 UBUNTU: SAUCE: rfi-flush: Allow HV to advertise multiple flush types
313e806c5d1f UBUNTU: SAUCE: rfi-flush: Support more than one flush type at once
00d9e152a174 UBUNTU: SAUCE: rfi-flush: Expand the RFI section to two nop slots
e1f3564b8cc8 UBUNTU: SAUCE: rfi-flush: Push the instruction selection down to the patching routine
0929d8b8c889 UBUNTU: SAUCE: rfi-flush: Make l1d_flush_type bit flags
2d94edf362f5 UBUNTU: SAUCE: rfi-flush: Implement congruence-first fallback flush
b9bc93cd2404 UBUNTU: SAUCE: KVM: Revert the implementation of H_GET_CPU_CHARACTERISTICS
dad6dc82037d UBUNTU: SAUCE: rfi-flush: kvmppc_skip_(H)interrupt returns to host
341c0f15655c UBUNTU: SAUCE: Fixup rfid in kvmppc_skip_Hinterrupt should be hrfid
035298082b55 UBUNTU: SAUCE: rfi-flush: Add HRFI_TO_UNKNOWN and use it in denorm
8319f6cde6b4 UBUNTU: SAUCE: rfi-flush: Make DEBUG_RFI a CONFIG option
76b012587aa8 UBUNTU: SAUCE: powerpc: Secure memory rfi flush

Revision history for this message
Stefan Bader (smb) wrote :

Also skip (because picked up since preparation):
* x86/microcode/AMD: Do not load when running on a hypervisor
* Revert "Bluetooth: btusb: fix QCA Rome suspend/resume"

Changed in linux (Ubuntu Xenial):
status: New → Fix Committed
Revision history for this message
Launchpad Janitor (janitor) wrote :
Download full text (17.7 KiB)

This bug was fixed in the package linux - 4.4.0-121.145

linux (4.4.0-121.145) xenial; urgency=medium

  * linux: 4.4.0-121.145 -proposed tracker (LP: #1763687)

  * Ubuntu-4.4.0-120.144 fails to boot on arm64* hardware (LP: #1763644)
    - [Config] arm64: disable BPF_JIT_ALWAYS_ON

linux (4.4.0-120.144) xenial; urgency=medium

  * linux: 4.4.0-120.144 -proposed tracker (LP: #1761438)

  * intel-microcode 3.20180312.0 causes lockup at login screen(w/ linux-
    image-4.13.0-37-generic) (LP: #1759920) // CVE-2017-5715 (Spectre v2 Intel)
    - Revert "x86/mm: Only set IBPB when the new thread cannot ptrace current
    - x86/speculation: Use Indirect Branch Prediction Barrier in context switch

  * DKMS driver builds fail with: Cannot use CONFIG_STACK_VALIDATION=y, please
    install libelf-dev, libelf-devel or elfutils-libelf-devel (LP: #1760876)
    - [Packaging] include the retpoline extractor in the headers

  * retpoline hints: primary infrastructure and initial hints (LP: #1758856)
    - [Packaging] retpoline-extract: flag *0xNNN(%reg) branches
    - x86/speculation, objtool: Annotate indirect calls/jumps for objtool
    - x86/speculation, objtool: Annotate indirect calls/jumps for objtool on 32bit
    - x86/paravirt, objtool: Annotate indirect calls
    - x86/asm: Stop depending on ptrace.h in alternative.h
    - [Packaging] retpoline -- add safe usage hint support
    - [Packaging] retpoline-check -- only report additions
    - [Packaging] retpoline -- widen indirect call/jmp detection
    - [Packaging] retpoline -- elide %rip relative indirections
    - [Packaging] retpoline -- clear hint information from packages
    - SAUCE: modpost: add discard to non-allocatable whitelist
    - KVM: x86: Make indirect calls in emulator speculation safe
    - KVM: VMX: Make indirect call speculation safe
    - x86/boot, objtool: Annotate indirect jump in secondary_startup_64()
    - SAUCE: early/late -- annotate indirect calls in early/late initialisation
    - SAUCE: vga_set_mode -- avoid jump tables
    - [Config] retpoline -- switch to new format
    - [Packaging] final-checks -- remove check for empty retpoline files

  * Xenial update to 4.4.117 stable release (LP: #1756860)
    - IB/mlx4: Fix incorrectly releasing steerable UD QPs when have only ETH ports
    - PM / devfreq: Propagate error from devfreq_add_device()
    - s390: fix handling of -1 in set{,fs}[gu]id16 syscalls
    - ARM: dts: STi: Add gpio polarity for "hdmi,hpd-gpio" property
    - arm: spear600: Add missing interrupt-parent of rtc
    - arm: spear13xx: Fix dmas cells
    - arm: spear13xx: Fix spics gpio controller's warning
    - ALSA: seq: Fix regression by incorrect ioctl_mutex usages
    - KVM/x86: Reduce retpoline performance impact in slot_handle_level_range(),
      by always inlining iterator helper methods
    - x86/cpu: Change type of x86_cache_size variable to unsigned int
    - drm/radeon: adjust tested variable
    - rtc-opal: Fix handling of firmware error codes, prevent busy loops
    - ext4: save error to disk in __ext4_grp_locked_error()
    - ext4: correct documentation for grpid mount option
    - mm: hide a #warning fo...

Changed in linux (Ubuntu Xenial):
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.