Xenial update to 4.4.118 stable release

Bug #1756866 reported by Juerg Haefliger on 2018-03-19
This bug affects 1 person
Affects Status Importance Assigned to Milestone
linux (Ubuntu)

Bug Description

SRU Justification

   The upstream process for stable tree updates is quite similar
   in scope to the Ubuntu SRU process, e.g., each patch has to
   demonstrably fix a bug, and each patch is vetted by upstream
   by originating either directly from a mainline/stable Linux tree
   or a minimally backported form of that patch. The 4.4.118 upstream
   stable stable patch set is now available. It should be included
   in the Ubuntu kernel as well.



   The following patches from the 4.4.118 stable release shall be

   * Linux 4.4.118
   * net: dst_cache_per_cpu_dst_set() can be static
   * crypto: s5p-sss - Fix kernel Oops in AES-ECB mode
   * KVM: nVMX: invvpid handling improvements
   * KVM: VMX: clean up declaration of VPID/EPT invalidation types
   * kvm: nVMX: Fix kernel panics induced by illegal INVEPT/INVVPID types
   * KVM: nVMX: vmx_complete_nested_posted_interrupt() can't fail
   * KVM: nVMX: kmap() can't fail
   * x86/speculation: Fix typo IBRS_ATT, which should be IBRS_ALL
   * x86/spectre: Simplify spectre_v2 command line parsing
   * x86/retpoline: Avoid retpolines for built-in __init functions
   * x86/kvm: Update spectre-v1 mitigation
   * x86/paravirt: Remove 'noreplace-paravirt' cmdline option
   * x86/spectre: Fix spelling mistake: "vunerable"-> "vulnerable"
   * x86/spectre: Report get_user mitigation for spectre_v1
   * nl80211: Sanitize array index in parse_txq_params
   * vfs, fdtable: Prevent bounds-check bypass via speculative execution
   * x86/syscall: Sanitize syscall table de-references under speculation
   * x86/get_user: Use pointer masking to limit speculation
   * x86: Introduce barrier_nospec
   * x86: Implement array_index_mask_nospec
   * array_index_nospec: Sanitize speculative array de-references
   * Documentation: Document array_index_nospec
   * x86/spectre: Check CONFIG_RETPOLINE in command line parser
   * x86/cpu/bugs: Make retpoline module warning conditional
   * x86/bugs: Drop one "mitigation" from dmesg
   * x86/nospec: Fix header guards names
   * module/retpoline: Warn about missing retpoline in module
   * KVM: VMX: Make indirect call speculation safe
   * KVM: x86: Make indirect calls in emulator speculation safe
   * x86/retpoline: Remove the esp/rsp thunk
   * KVM: async_pf: Fix #DF due to inject "Page not Present" and "Page Ready" exceptions simultaneously
   * kasan: rework Kconfig settings
   * drm/gma500: remove helper function
   * x86/microcode/AMD: Change load_microcode_amd()'s param to bool to fix preemptibility bug
   * genksyms: Fix segfault with invalid declarations
   * dell-wmi, dell-laptop: depends DMI
   * netlink: fix nla_put_{u8,u16,u32} for KASAN
   * ASoC: Intel: Kconfig: fix build when ACPI is not enabled
   * ARM: tegra: select USB_ULPI from EHCI rather than platform
   * ncr5380: shut up gcc indentation warning
   * usb: phy: msm add regulator dependency
   * idle: i7300: add PCI dependency
   * binfmt_elf: compat: avoid unused function warning
   * isdn: sc: work around type mismatch warning
   * power: bq27xxx_battery: mark some symbols __maybe_unused
   * Revert "power: bq27xxx_battery: Remove unneeded dependency in Kconfig"
   * ncpfs: fix unused variable warning
   * gpio: xgene: mark PM functions as __maybe_unused
   * net: hp100: remove unnecessary #ifdefs
   * dmaengine: zx: fix build warning
   * perf/x86: Shut up false-positive -Wmaybe-uninitialized warning
   * wireless: cw1200: use __maybe_unused to hide pm functions_
   * cw1200: fix bogus maybe-uninitialized warning
   * v4l: remove MEDIA_TUNER dependency for VIDEO_TUNER
   * hdpvr: hide unused variable
   * drm/gma500: Sanity-check pipe index
   * serial: 8250_mid: fix broken DMA dependency
   * ASoC: rockchip: use __maybe_unused to hide st_irq_syscfg_resume
   * ISDN: eicon: reduce stack size of sig_ind function
   * em28xx: only use mt9v011 if camera support is enabled
   * go7007: add MEDIA_CAMERA_SUPPORT dependency
   * KVM: add X86_LOCAL_APIC dependency
   * Input: tca8418_keypad - hide gcc-4.9 -Wmaybe-uninitialized warning
   * drm/nouveau: hide gcc-4.9 -Wmaybe-uninitialized
   * tc358743: fix register i2c_rd/wr functions
   * staging: unisys: visorinput depends on INPUT
   * i2c: remove __init from i2c_register_board_info()
   * b2c2: flexcop: avoid unused function warnings
   * infiniband: cxgb4: use %pR format string for printing resources
   * iio: adc: axp288: remove redundant duplicate const on axp288_adc_channels
   * ASoC: mediatek: add i2c dependency
   * genirq/msi: Add stubs for get_cached_msi_msg/pci_write_msi_msg
   * tty: cyclades: cyz_interrupt is only used for PCI
   * drm/vmwgfx: use *_32_bits() macros
   * tlan: avoid unused label with PCI=n
   * tc1100-wmi: fix build warning when CONFIG_PM not enabled
   * ipv4: ipconfig: avoid unused ic_proto_used symbol
   * netfilter: ipvs: avoid unused variable warnings
   * x86/platform/olpc: Fix resume handler build warning
   * staging: wilc1000: fix kbuild test robot error
   * rtlwifi: fix gcc-6 indentation warning
   * USB: cdc_subset: only build when one driver is enabled
   * hwrng: exynos - use __maybe_unused to hide pm functions
   * fbdev: sm712fb: avoid unused function warnings
   * Drivers: hv: vmbus: fix build warning
   * modsign: hide openssl output in silent builds
   * fbdev: s6e8ax0: avoid unused function warnings
   * mtd: cfi: enforce valid geometry configuration
   * mtd: sh_flctl: pass FIFO as physical address
   * amd-xgbe: Fix unused suspend handlers build warning
   * fbdev: auo_k190x: avoid unused function warnings
   * driver-core: use 'dev' argument in dev_dbg_ratelimited stub
   * target/user: Fix cast from pointer to phys_addr_t
   * tty: hvc_xen: hide xen_console_remove when unused
   * usb: musb/ux500: remove duplicate check for dma_is_compatible
   * pwc: hide unused label
   * SCSI: initio: remove duplicate module device table
   * scsi: mvumi: use __maybe_unused to hide pm functions
   * video: Use bool instead int pointer for get_opt_bool() argument
   * fbdev: sis: enforce selection of at least one backend
   * staging: ste_rmi4: avoid unused function warnings
   * video: fbdev: sis: remove unused variable
   * scsi: fdomain: drop fdomain_pci_tbl when built-in
   * mptfusion: hide unused seq_mpt_print_ioc_summary function
   * mtd: maps: add __init attribute
   * mtd: ichxrom: maybe-uninitialized with gcc-4.9
   * md: avoid warning for 32-bit sector_t
   * profile: hide unused functions when !CONFIG_PROC_FS
   * dpt_i2o: fix build warning
   * drivers/net: fix eisa_driver probe section mismatch
   * scsi: sim710: fix build warning
   * x86/boot: Avoid warning for zero-filling .bss
   * thermal: spear: use __maybe_unused for PM functions
   * ssb: mark ssb_bus_register as __maybe_unused
   * reiserfs: avoid a -Wmaybe-uninitialized warning
   * ALSA: hda/ca0132 - fix possible NULL pointer use
   * arm64: Kconfig: select COMPAT_BINFMT_ELF only when BINFMT_ELF is set
   * scsi: advansys: fix uninitialized data access
   * x86/platform: Add PCI dependency for PUNIT_ATOM_DEBUG
   * x86: add MULTIUSER dependency for KVM
   * thermal: fix INTEL_SOC_DTS_IOSF_CORE dependencies
   * x86/build: Silence the build with "make -s"
   * tools build: Add tools tree support for 'make -s'
   * x86/fpu/math-emu: Fix possible uninitialized variable use
   * arm64: define BUG() instruction without CONFIG_BUG
   * x86/ras/inject: Make it depend on X86_LOCAL_APIC=y
   * scsi: advansys: fix build warning for PCI=n
   * video: fbdev: via: remove possibly unused variables
   * platform/x86: intel_mid_thermal: Fix suspend handlers unused warning
   * gpio: intel-mid: Fix build warning when !CONFIG_PM
   * vmxnet3: prevent building with 64K pages
   * isdn: icn: remove a #warning
   * virtio_balloon: prevent uninitialized variable use
   * hippi: Fix a Fix a possible sleep-in-atomic bug in rr_close
   * xen: XEN_ACPI_PROCESSOR is Dom0-only
   * x86/mm/kmmio: Fix mmiotrace for page unaligned addresses
   * mm/early_ioremap: Fix boot hang with earlyprintk=efi,keep
   * dmaengine: jz4740: disable/unprepare clk if probe fails
   * drm/armada: fix leak of crtc structure
   * xfrm: Fix stack-out-of-bounds with misconfigured transport mode policies.
   * spi: sun4i: disable clocks in the remove function
   * ASoC: rockchip: disable clock on error
   * clk: fix a panic error caused by accessing NULL pointer
   * dmaengine: at_hdmac: fix potential NULL pointer dereference in atc_prep_dma_interleaved
   * dmaengine: ioat: Fix error handling path
   * 509: fix printing uninitialized stack memory when OID is empty
   * btrfs: Fix possible off-by-one in btrfs_search_path_in_tree
   * net_sched: red: Avoid illegal values
   * net_sched: red: Avoid devision by zero
   * gianfar: fix a flooded alignment reports because of padding issue.
   * s390/dasd: prevent prefix I/O error
   * powerpc/perf: Fix oops when grouping different pmu events
   * ipvlan: Add the skb->mark as flow4's member to lookup route
   * scripts/kernel-doc: Don't fail with status != 0 if error encountered with -none
   * RDMA/cma: Make sure that PSN is not over max allowed
   * pinctrl: sunxi: Fix A80 interrupt pin bank
   * media: s5k6aa: describe some function parameters
   * perf bench numa: Fixup discontiguous/sparse numa nodes
   * perf top: Fix window dimensions change handling
   * ARM: dts: am4372: Correct the interrupts_properties of McASP
   * ARM: dts: Fix omap4 hang with GPS connected to USB by using wakeupgen
   * ARM: AM33xx: PRM: Remove am33xx_pwrdm_read_prev_pwrst function
   * ARM: OMAP2+: Fix SRAM virt to phys translation for save_secure_ram_context
   * usb: build drivers/usb/common/ when USB_SUPPORT is set
   * usbip: keep usbip_device sockfd state in sync with tcp_socket
   * staging: iio: adc: ad7192: fix external frequency setting
   * binder: check for binder_thread allocation failure in binder_poll()
   * staging: android: ashmem: Fix a race condition in pin ioctls
   * dn_getsockoptdecnet: move nf_{get/set}sockopt outside sock lock
   * Make DST_CACHE a silent config option
   * arm64: dts: add #cooling-cells to CPU nodes
   * video: fbdev/mmp: add MODULE_LICENSE
   * ASoC: ux500: add MODULE_LICENSE tag
   * net: avoid skb_warn_bad_offload on IS_ERR
   * netfilter: xt_RATEEST: acquire xt_rateest_mutex for hash insert
   * netfilter: on sockopt() acquire sock lock only in the required scope
   * netfilter: ipt_CLUSTERIP: fix out-of-bounds accesses in clusterip_tg_check()
   * netfilter: x_tables: avoid out-of-bounds reads in xt_request_find_{match|target}
   * netfilter: x_tables: fix int overflow in xt_alloc_table_info()
   * KVM: x86: fix escape of guest dr6 to the host
   * crypto: x86/twofish-3way - Fix %rbp usage
   * selinux: skip bounded transition processing if the policy isn't loaded
   * selinux: ensure the context is NUL terminated in security_context_to_sid_core()
   * Provide a function to create a NUL-terminated string from unterminated data
   * drm: Require __GFP_NOFAIL for the legacy drm_modeset_lock_all
   * blktrace: fix unlocked registration of tracepoints
   * xfrm: check id proto in validate_tmpl()
   * xfrm: Fix stack-out-of-bounds read on socket policy lookup.
   * mm,vmscan: Make unregister_shrinker() no-op if register_shrinker() failed.
   * cfg80211: check dev_set_name() return value
   * net: replace dst_cache ip6_tunnel implementation with the generic one
   * net: add dst_cache support

Juerg Haefliger (juergh) on 2018-03-19
description: updated
Juerg Haefliger (juergh) on 2018-04-03
Changed in linux (Ubuntu):
status: New → Invalid
Changed in linux (Ubuntu Xenial):
status: New → In Progress
Juerg Haefliger (juergh) wrote :

Skipping the following patches (already applied):
  * KVM: VMX: Make indirect call speculation safe
  * KVM: x86: Make indirect calls in emulator speculation safe
  * Drivers: hv: vmbus: fix build warning

Juerg Haefliger (juergh) wrote :

Skipping the following patches:
   * x86/kvm: Update spectre-v1 mitigation
   * x86/spectre: Report get_user mitigation for spectre_v1
   * nl80211: Sanitize array index in parse_txq_params
   * vfs, fdtable: Prevent bounds-check bypass via speculative execution
   * x86/syscall: Sanitize syscall table de-references under speculation
   * x86/get_user: Use pointer masking to limit speculation
   * x86: Introduce barrier_nospec
   * x86: Implement array_index_mask_nospec
   * array_index_nospec: Sanitize speculative array de-references
   * Documentation: Document array_index_nospec

This is upstream's implementation of Spectre v1 for Intel which is different than what we currently have in Xenial. We need to review it first to make sure we're not regressing, before we pull it in.

Stefan Bader (smb) on 2018-04-16
Changed in linux (Ubuntu Xenial):
status: In Progress → Fix Committed
Launchpad Janitor (janitor) wrote :
Download full text (59.3 KiB)

This bug was fixed in the package linux - 4.4.0-127.153

linux (4.4.0-127.153) xenial; urgency=medium

  * CVE-2018-3639 (powerpc)
    - powerpc/pseries: Support firmware disable of RFI flush
    - powerpc/powernv: Support firmware disable of RFI flush
    - powerpc/rfi-flush: Move the logic to avoid a redo into the debugfs code
    - powerpc/rfi-flush: Make it possible to call setup_rfi_flush() again
    - powerpc/rfi-flush: Always enable fallback flush on pseries
    - powerpc/rfi-flush: Differentiate enabled and patched flush types
    - powerpc/rfi-flush: Call setup_rfi_flush() after LPM migration
    - powerpc/pseries: Add new H_GET_CPU_CHARACTERISTICS flags
    - powerpc: Add security feature flags for Spectre/Meltdown
    - powerpc/pseries: Set or clear security feature flags
    - powerpc/powernv: Set or clear security feature flags
    - powerpc/64s: Move cpu_show_meltdown()
    - powerpc/64s: Enhance the information in cpu_show_meltdown()
    - powerpc/powernv: Use the security flags in pnv_setup_rfi_flush()
    - powerpc/pseries: Use the security flags in pseries_setup_rfi_flush()
    - powerpc/64s: Wire up cpu_show_spectre_v1()
    - powerpc/64s: Wire up cpu_show_spectre_v2()
    - powerpc/pseries: Fix clearing of security feature flags
    - powerpc: Move default security feature flags
    - powerpc/pseries: Restore default security feature flags on setup
    - SAUCE: powerpc/64s: Add support for a store forwarding barrier at kernel

  * CVE-2018-3639 (x86)
    - SAUCE: Clean up IBPB and IBRS control functions and macros
    - SAUCE: Fix up IBPB and IBRS kernel parameters documentation
    - SAUCE: Remove #define X86_FEATURE_PTI
    - x86/cpufeature: Move some of the scattered feature bits to x86_capability
    - x86/cpufeature: Cleanup get_cpu_cap()
    - x86/cpu: Probe CPUID leaf 6 even when cpuid_level == 6
    - x86/cpufeatures: Add CPUID_7_EDX CPUID leaf
    - x86/cpufeatures: Add Intel feature bits for Speculation Control
    - SAUCE: x86/kvm: Expose SPEC_CTRL from the leaf
    - x86/cpufeatures: Add AMD feature bits for Speculation Control
    - x86/msr: Add definitions for new speculation control MSRs
    - SAUCE: x86/msr: Rename MSR spec control feature bits
    - x86/pti: Do not enable PTI on CPUs which are not vulnerable to Meltdown
    - x86/cpufeature: Blacklist SPEC_CTRL/PRED_CMD on early Spectre v2 microcodes
    - x86/speculation: Add basic IBPB (Indirect Branch Prediction Barrier) support
    - x86/speculation: Add <asm/msr-index.h> dependency
    - x86/cpufeatures: Clean up Spectre v2 related CPUID flags
    - x86/cpuid: Fix up "virtual" IBRS/IBPB/STIBP feature bits on Intel
    - SAUCE: x86/speculation: Move vendor specific IBRS/IBPB control code
    - SAUCE: x86: Add alternative_msr_write
    - SAUCE: x86/nospec: Simplify alternative_msr_write()
    - SAUCE: x86/bugs: Concentrate bug detection into a separate function
    - SAUCE: x86/bugs: Concentrate bug reporting into a separate function
    - arch: Introduce post-init read-only memory
    - SAUCE: x86/bugs: Read SPEC_CTRL MSR during boot and re-use reserved bits
    - SAUCE: x86/bugs, KVM: Support the combination of guest a...

Changed in linux (Ubuntu Xenial):
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers