Xenial update to 4.4.121 stable release

Bug #1764367 reported by Juerg Haefliger on 2018-04-16
10
This bug affects 1 person
Affects Status Importance Assigned to Milestone
linux (Ubuntu)
Undecided
Unassigned
Xenial
Medium
Unassigned

Bug Description

SRU Justification

Impact:
   The upstream process for stable tree updates is quite similar
   in scope to the Ubuntu SRU process, e.g., each patch has to
   demonstrably fix a bug, and each patch is vetted by upstream
   by originating either directly from a mainline/stable Linux tree
   or a minimally backported form of that patch. The 4.4.121 upstream
   stable stable patch set is now available. It should be included
   in the Ubuntu kernel as well.

   git://git.kernel.org/

TEST CASE: TBD

   The following patches from the 4.4.121 stable release shall be
   applied:

   * Linux 4.4.121
   * btrfs: preserve i_mode if __btrfs_set_acl() fails
   * bpf, x64: implement retpoline for tail call
   * dm io: fix duplicate bio completion due to missing ref count
   * mpls, nospec: Sanitize array index in mpls_label_ok()
   * net: mpls: Pull common label check into helper
   * sctp: verify size of a new chunk in _sctp_make_chunk()
   * s390/qeth: fix IPA command submission race
   * s390/qeth: fix SETIP command handling
   * sctp: fix dst refcnt leak in sctp_v6_get_dst()
   * sctp: fix dst refcnt leak in sctp_v4_get_dst
   * udplite: fix partial checksum initialization
   * ppp: prevent unregistered channels from connecting to PPP units
   * netlink: ensure to loop over all netns in genlmsg_multicast_allns()
   * net: ipv4: don't allow setting net.ipv4.route.min_pmtu below 68
   * net: fix race on decreasing number of TX queues
   * ipv6 sit: work around bogus gcc-8 -Wrestrict warning
   * hdlc_ppp: carrier detect ok, don't turn off negotiation
   * fib_semantics: Don't match route with mismatching tclassid
   * bridge: check brport attr show in brport_show
   * Revert "led: core: Fix brightness setting when setting delay_off=0"
   * x86/spectre: Fix an error message
   * leds: do not overflow sysfs buffer in led_trigger_show
   * x86/apic/vector: Handle legacy irq data correctly
   * ARM: dts: LogicPD Torpedo: Fix I2C1 pinmux
   * btrfs: Don't clear SGID when inheriting ACLs
   * x86/syscall: Sanitize syscall table de-references under speculation fix
   * KVM: mmu: Fix overlap between public and private memslots
   * ARM: mvebu: Fix broken PL310_ERRATA_753970 selects
   * nospec: Allow index argument to have const-qualified type
   * media: m88ds3103: don't call a non-initalized function
   * cpufreq: s3c24xx: Fix broken s3c_cpufreq_init()
   * ALSA: hda: Add a power_save blacklist
   * ALSA: usb-audio: Add a quirck for B&W PX headphones
   * tpm_i2c_nuvoton: fix potential buffer overruns caused by bit glitches on the bus
   * tpm_i2c_infineon: fix potential buffer overruns caused by bit glitches on the bus
   * tpm: st33zp24: fix potential buffer overruns caused by bit glitches on the bus

Juerg Haefliger (juergh) on 2018-04-16
Changed in linux (Ubuntu):
status: New → Invalid
description: updated
Juerg Haefliger (juergh) wrote :

Skipped the following patch:
   * nospec: Allow index argument to have const-qualified type

This patch modifies code from upstream's Spectre v1 implementation which we haven't pulled in yet (skipped in the update to 4.4.118: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1756866/comments/2)

Juerg Haefliger (juergh) wrote :

Skipped the following patch:
   * mpls, nospec: Sanitize array index in mpls_label_ok()

It references array_index_nospec() which comes from upstream's Spectre v1 implementation.

Juerg Haefliger (juergh) wrote :

Skipped the following patch:
   * x86/syscall: Sanitize syscall table de-references under speculation fix

Which fixes a Spectre v1 commit from upstream 4.4.118 which we haven't applied (yet).

Stefan Bader (smb) wrote :

Will skip over the "Revert "led: core: Fix brightness setting when setting delay_off=0"" because I did not pick up the introducing patch from 4.4.120.

Changed in linux (Ubuntu Xenial):
importance: Undecided → Medium
status: New → In Progress
Stefan Bader (smb) on 2018-04-16
Changed in linux (Ubuntu Xenial):
status: In Progress → Fix Committed
Launchpad Janitor (janitor) wrote :
Download full text (59.3 KiB)

This bug was fixed in the package linux - 4.4.0-127.153

---------------
linux (4.4.0-127.153) xenial; urgency=medium

  * CVE-2018-3639 (powerpc)
    - powerpc/pseries: Support firmware disable of RFI flush
    - powerpc/powernv: Support firmware disable of RFI flush
    - powerpc/rfi-flush: Move the logic to avoid a redo into the debugfs code
    - powerpc/rfi-flush: Make it possible to call setup_rfi_flush() again
    - powerpc/rfi-flush: Always enable fallback flush on pseries
    - powerpc/rfi-flush: Differentiate enabled and patched flush types
    - powerpc/rfi-flush: Call setup_rfi_flush() after LPM migration
    - powerpc/pseries: Add new H_GET_CPU_CHARACTERISTICS flags
    - powerpc: Add security feature flags for Spectre/Meltdown
    - powerpc/pseries: Set or clear security feature flags
    - powerpc/powernv: Set or clear security feature flags
    - powerpc/64s: Move cpu_show_meltdown()
    - powerpc/64s: Enhance the information in cpu_show_meltdown()
    - powerpc/powernv: Use the security flags in pnv_setup_rfi_flush()
    - powerpc/pseries: Use the security flags in pseries_setup_rfi_flush()
    - powerpc/64s: Wire up cpu_show_spectre_v1()
    - powerpc/64s: Wire up cpu_show_spectre_v2()
    - powerpc/pseries: Fix clearing of security feature flags
    - powerpc: Move default security feature flags
    - powerpc/pseries: Restore default security feature flags on setup
    - SAUCE: powerpc/64s: Add support for a store forwarding barrier at kernel
      entry/exit

  * CVE-2018-3639 (x86)
    - SAUCE: Clean up IBPB and IBRS control functions and macros
    - SAUCE: Fix up IBPB and IBRS kernel parameters documentation
    - SAUCE: Remove #define X86_FEATURE_PTI
    - x86/cpufeature: Move some of the scattered feature bits to x86_capability
    - x86/cpufeature: Cleanup get_cpu_cap()
    - x86/cpu: Probe CPUID leaf 6 even when cpuid_level == 6
    - x86/cpufeatures: Add CPUID_7_EDX CPUID leaf
    - x86/cpufeatures: Add Intel feature bits for Speculation Control
    - SAUCE: x86/kvm: Expose SPEC_CTRL from the leaf
    - x86/cpufeatures: Add AMD feature bits for Speculation Control
    - x86/msr: Add definitions for new speculation control MSRs
    - SAUCE: x86/msr: Rename MSR spec control feature bits
    - x86/pti: Do not enable PTI on CPUs which are not vulnerable to Meltdown
    - x86/cpufeature: Blacklist SPEC_CTRL/PRED_CMD on early Spectre v2 microcodes
    - x86/speculation: Add basic IBPB (Indirect Branch Prediction Barrier) support
    - x86/speculation: Add <asm/msr-index.h> dependency
    - x86/cpufeatures: Clean up Spectre v2 related CPUID flags
    - x86/cpuid: Fix up "virtual" IBRS/IBPB/STIBP feature bits on Intel
    - SAUCE: x86/speculation: Move vendor specific IBRS/IBPB control code
    - SAUCE: x86: Add alternative_msr_write
    - SAUCE: x86/nospec: Simplify alternative_msr_write()
    - SAUCE: x86/bugs: Concentrate bug detection into a separate function
    - SAUCE: x86/bugs: Concentrate bug reporting into a separate function
    - arch: Introduce post-init read-only memory
    - SAUCE: x86/bugs: Read SPEC_CTRL MSR during boot and re-use reserved bits
    - SAUCE: x86/bugs, KVM: Support the combination of guest a...

Changed in linux (Ubuntu Xenial):
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers