Xenial update to 4.4.122 stable release

Bug #1764627 reported by Juerg Haefliger on 2018-04-17
10
This bug affects 1 person
Affects Status Importance Assigned to Milestone
linux (Ubuntu)
Undecided
Unassigned
Xenial
Medium
Unassigned

Bug Description

SRU Justification

Impact:
   The upstream process for stable tree updates is quite similar
   in scope to the Ubuntu SRU process, e.g., each patch has to
   demonstrably fix a bug, and each patch is vetted by upstream
   by originating either directly from a mainline/stable Linux tree
   or a minimally backported form of that patch. The 4.4.122 upstream
   stable stable patch set is now available. It should be included
   in the Ubuntu kernel as well.

   git://git.kernel.org/

TEST CASE: TBD

   The following patches from the 4.4.122 stable release shall be
   applied:

   * Linux 4.4.122
   * fixup: sctp: verify size of a new chunk in _sctp_make_chunk()
   * serial: 8250_pci: Add Brainboxes UC-260 4 port serial device
   * usb: gadget: f_fs: Fix use-after-free in ffs_fs_kill_sb()
   * usb: usbmon: Read text within supplied buffer size
   * USB: usbmon: remove assignment from IS_ERR argument
   * usb: quirks: add control message delay for 1b1c:1b20
   * USB: storage: Add JMicron bridge 152d:2567 to unusual_devs.h
   * staging: android: ashmem: Fix lockdep issue during llseek
   * staging: comedi: fix comedi_nsamples_left.
   * uas: fix comparison for error code
   * tty/serial: atmel: add new version check for usart
   * serial: sh-sci: prevent lockup on full TTY buffers
   * x86: Treat R_X86_64_PLT32 as R_X86_64_PC32
   * x86/module: Detect and skip invalid relocations
   * Revert "ARM: dts: LogicPD Torpedo: Fix I2C1 pinmux"
   * NFS: Fix an incorrect type in struct nfs_direct_req
   * scsi: qla2xxx: Replace fcport alloc with qla2x00_alloc_fcport
   * ubi: Fix race condition between ubi volume creation and udev
   * ext4: inplace xattr block update fails to deduplicate blocks
   * netfilter: x_tables: pack percpu counter allocations
   * netfilter: x_tables: pass xt_counters struct to counter allocator
   * netfilter: x_tables: pass xt_counters struct instead of packet counter
   * netfilter: use skb_to_full_sk in ip_route_me_harder
   * netfilter: ipv6: fix use-after-free Write in nf_nat_ipv6_manip_pkt
   * netfilter: bridge: ebt_among: add missing match size checks
   * netfilter: ebtables: CONFIG_COMPAT: don't trust userland offsets
   * netfilter: IDLETIMER: be syzkaller friendly
   * netfilter: nat: cope with negative port range
   * netfilter: x_tables: fix missing timer initialization in xt_LED
   * netfilter: add back stackpointer size checks
   * tc358743: fix register i2c_rd/wr function fix
   * Input: tca8418_keypad - remove double read of key event register
   * ARM: omap2: hide omap3_save_secure_ram on non-OMAP3 builds
   * netfilter: nfnetlink_queue: fix timestamp attribute
   * watchdog: hpwdt: fix unused variable warning
   * watchdog: hpwdt: Check source of NMI
   * watchdog: hpwdt: SMBIOS check
   * nospec: Include <asm/barrier.h> dependency
   * ALSA: hda: add dock and led support for HP ProBook 640 G2
   * ALSA: hda: add dock and led support for HP EliteBook 820 G3
   * ALSA: seq: More protection for concurrent write and ioctl races
   * ALSA: seq: Don't allow resizing pool in use
   * ALSA: hda/realtek - Fix dock line-out volume on Dell Precision 7520
   * x86/MCE: Serialize sysfs changes
   * bcache: don't attach backing with duplicate UUID
   * kbuild: Handle builtin dtb file names containing hyphens
   * loop: Fix lost writes caused by missing flag
   * Input: matrix_keypad - fix race when disabling interrupts
   * MIPS: OCTEON: irq: Check for null return on kzalloc allocation
   * MIPS: ath25: Check for kzalloc allocation failure
   * MIPS: BMIPS: Do not mask IPIs during suspend
   * drm/amdgpu: fix KV harvesting
   * drm/radeon: fix KV harvesting
   * drm/amdgpu: Notify sbios device ready before send request
   * drm/amdgpu: Fix deadlock on runtime suspend
   * drm/radeon: Fix deadlock on runtime suspend
   * drm/nouveau: Fix deadlock on runtime suspend
   * drm: Allow determining if current task is output poll worker
   * workqueue: Allow retrieval of current task's work struct
   * scsi: qla2xxx: Fix NULL pointer crash due to active timer for ABTS
   * RDMA/mlx5: Fix integer overflow while resizing CQ
   * RDMA/ucma: Check that user doesn't overflow QP state
   * RDMA/ucma: Limit possible option size

Juerg Haefliger (juergh) on 2018-04-17
Changed in linux (Ubuntu):
status: New → Invalid
Juerg Haefliger (juergh) wrote :

Skipped the following patches because they were applied already:
   * netfilter: x_tables: pack percpu counter allocations
   * netfilter: x_tables: pass xt_counters struct to counter allocator
   * netfilter: x_tables: pass xt_counters struct instead of packet counter
   * ARM: omap2: hide omap3_save_secure_ram on non-OMAP3 builds

Skipped the following patches because they depend/modify upstream's Spectre v1 implementation which we haven't pulled in (yet) with the earlier stable update to 4.4.118:
   * nospec: Include <asm/barrier.h> dependency

description: updated
Stefan Bader (smb) on 2018-04-17
Changed in linux (Ubuntu Xenial):
importance: Undecided → Medium
status: New → In Progress
Stefan Bader (smb) on 2018-04-17
Changed in linux (Ubuntu Xenial):
status: In Progress → Fix Committed
Launchpad Janitor (janitor) wrote :
Download full text (59.3 KiB)

This bug was fixed in the package linux - 4.4.0-127.153

---------------
linux (4.4.0-127.153) xenial; urgency=medium

  * CVE-2018-3639 (powerpc)
    - powerpc/pseries: Support firmware disable of RFI flush
    - powerpc/powernv: Support firmware disable of RFI flush
    - powerpc/rfi-flush: Move the logic to avoid a redo into the debugfs code
    - powerpc/rfi-flush: Make it possible to call setup_rfi_flush() again
    - powerpc/rfi-flush: Always enable fallback flush on pseries
    - powerpc/rfi-flush: Differentiate enabled and patched flush types
    - powerpc/rfi-flush: Call setup_rfi_flush() after LPM migration
    - powerpc/pseries: Add new H_GET_CPU_CHARACTERISTICS flags
    - powerpc: Add security feature flags for Spectre/Meltdown
    - powerpc/pseries: Set or clear security feature flags
    - powerpc/powernv: Set or clear security feature flags
    - powerpc/64s: Move cpu_show_meltdown()
    - powerpc/64s: Enhance the information in cpu_show_meltdown()
    - powerpc/powernv: Use the security flags in pnv_setup_rfi_flush()
    - powerpc/pseries: Use the security flags in pseries_setup_rfi_flush()
    - powerpc/64s: Wire up cpu_show_spectre_v1()
    - powerpc/64s: Wire up cpu_show_spectre_v2()
    - powerpc/pseries: Fix clearing of security feature flags
    - powerpc: Move default security feature flags
    - powerpc/pseries: Restore default security feature flags on setup
    - SAUCE: powerpc/64s: Add support for a store forwarding barrier at kernel
      entry/exit

  * CVE-2018-3639 (x86)
    - SAUCE: Clean up IBPB and IBRS control functions and macros
    - SAUCE: Fix up IBPB and IBRS kernel parameters documentation
    - SAUCE: Remove #define X86_FEATURE_PTI
    - x86/cpufeature: Move some of the scattered feature bits to x86_capability
    - x86/cpufeature: Cleanup get_cpu_cap()
    - x86/cpu: Probe CPUID leaf 6 even when cpuid_level == 6
    - x86/cpufeatures: Add CPUID_7_EDX CPUID leaf
    - x86/cpufeatures: Add Intel feature bits for Speculation Control
    - SAUCE: x86/kvm: Expose SPEC_CTRL from the leaf
    - x86/cpufeatures: Add AMD feature bits for Speculation Control
    - x86/msr: Add definitions for new speculation control MSRs
    - SAUCE: x86/msr: Rename MSR spec control feature bits
    - x86/pti: Do not enable PTI on CPUs which are not vulnerable to Meltdown
    - x86/cpufeature: Blacklist SPEC_CTRL/PRED_CMD on early Spectre v2 microcodes
    - x86/speculation: Add basic IBPB (Indirect Branch Prediction Barrier) support
    - x86/speculation: Add <asm/msr-index.h> dependency
    - x86/cpufeatures: Clean up Spectre v2 related CPUID flags
    - x86/cpuid: Fix up "virtual" IBRS/IBPB/STIBP feature bits on Intel
    - SAUCE: x86/speculation: Move vendor specific IBRS/IBPB control code
    - SAUCE: x86: Add alternative_msr_write
    - SAUCE: x86/nospec: Simplify alternative_msr_write()
    - SAUCE: x86/bugs: Concentrate bug detection into a separate function
    - SAUCE: x86/bugs: Concentrate bug reporting into a separate function
    - arch: Introduce post-init read-only memory
    - SAUCE: x86/bugs: Read SPEC_CTRL MSR during boot and re-use reserved bits
    - SAUCE: x86/bugs, KVM: Support the combination of guest a...

Changed in linux (Ubuntu Xenial):
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers