Xenial update to 4.4.123 stable release

Bug #1764666 reported by Juerg Haefliger on 2018-04-17
This bug affects 1 person
Affects Status Importance Assigned to Milestone
linux (Ubuntu)

Bug Description

SRU Justification

   The upstream process for stable tree updates is quite similar
   in scope to the Ubuntu SRU process, e.g., each patch has to
   demonstrably fix a bug, and each patch is vetted by upstream
   by originating either directly from a mainline/stable Linux tree
   or a minimally backported form of that patch. The 4.4.123 upstream
   stable stable patch set is now available. It should be included
   in the Ubuntu kernel as well.



   The following patches from the 4.4.123 stable release shall be

   * Linux 4.4.123
   * bpf: fix incorrect sign extension in check_alu_op()
   * usb: gadget: bdc: 64-bit pointer capability check
   * USB: gadget: udc: Add missing platform_device_put() on error in bdc_pci_probe()
   * btrfs: Fix use-after-free when cleaning up fs_devs with a single stale device
   * btrfs: alloc_chunk: fix DUP stripe size handling
   * ARM: dts: LogicPD Torpedo: Fix I2C1 pinmux
   * scsi: sg: only check for dxfer_len greater than 256M
   * scsi: sg: fix static checker warning in sg_is_valid_dxfer
   * scsi: sg: fix SG_DXFER_FROM_DEV transfers
   * irqchip/gic-v3-its: Ensure nr_ites >= nr_lpis
   * fs/aio: Use RCU accessors for kioctx_table->table[]
   * fs/aio: Add explicit RCU grace period when freeing kioctx
   * lock_parent() needs to recheck if dentry got __dentry_kill'ed under it
   * fs: Teach path_connected to handle nfs filesystems with multiple roots.
   * drm/amdgpu/dce: Don't turn off DP sink when disconnected
   * ALSA: seq: Clear client entry before deleting else at closing
   * ALSA: seq: Fix possible UAF in snd_seq_check_queue()
   * ALSA: hda - Revert power_save option default value
   * ALSA: pcm: Fix UAF in snd_pcm_oss_get_formats()
   * x86/mm: Fix vmalloc_fault to use pXd_large
   * x86/vm86/32: Fix POPF emulation
   * selftests/x86/entry_from_vm86: Add test cases for POPF
   * selftests/x86: Add tests for the STR and SLDT instructions
   * selftests/x86: Add tests for User-Mode Instruction Prevention
   * selftests/x86/entry_from_vm86: Exit with 1 if we fail
   * ima: relax requiring a file signature for new files with zero length
   * rcutorture/configinit: Fix build directory error message
   * ipvlan: add L2 check for packets arriving via virtual devices
   * ASoC: nuc900: Fix a loop timeout test
   * mac80211: remove BUG() when interface type is invalid
   * mac80211_hwsim: enforce PS_MANUAL_POLL to be set after PS_ENABLED
   * agp/intel: Flush all chipset writes after updating the GGTT
   * drm/amdkfd: Fix memory leaks in kfd topology
   * veth: set peer GSO values
   * media: cpia2: Fix a couple off by one bugs
   * scsi: dh: add new rdac devices
   * scsi: devinfo: apply to HP XP the same flags as Hitachi VSP
   * scsi: core: scsi_get_device_flags_keyed(): Always return device flags
   * spi: sun6i: disable/unprepare clocks on remove
   * tools/usbip: fixes build with musl libc toolchain
   * ath10k: fix invalid STS_CAP_OFFSET_MASK
   * clk: qcom: msm8916: fix mnd_width for codec_digcodec
   * cpufreq: Fix governor module removal race
   * ath10k: update tdls teardown state to target
   * ARM: dts: omap3-n900: Fix the audio CODEC's reset pin
   * ARM: dts: am335x-pepper: Fix the audio CODEC's reset pin
   * mtd: nand: fix interpretation of NAND_CMD_NONE in nand_command[_lp]()
   * net: xfrm: allow clearing socket xfrm policies.
   * test_firmware: fix setting old custom fw path back on exit
   * sched: Stop resched_cpu() from sending IPIs to offline CPUs
   * sched: Stop switched_to_rt() from sending IPIs to offline CPUs
   * ARM: dts: exynos: Correct Trats2 panel reset line
   * HID: elo: clear BTN_LEFT mapping
   * video/hdmi: Allow "empty" HDMI infoframes
   * drm/edid: set ELD connector type in drm_edid_to_eld()
   * wil6210: fix memory access violation in wil_memcpy_from/toio_32
   * pwm: tegra: Increase precision in PWM rate calculation
   * kprobes/x86: Set kprobes pages read-only
   * kprobes/x86: Fix kprobe-booster not to boost far call instructions
   * scsi: sg: close race condition in sg_remove_sfp_usercontext()
   * scsi: sg: check for valid direction before starting the request
   * perf session: Don't rely on evlist in pipe mode
   * perf inject: Copy events when reordering events in pipe mode
   * drivers/perf: arm_pmu: handle no platform_device
   * usb: gadget: dummy_hcd: Fix wrong power status bit clear/reset in dummy_hub_control()
   * usb: dwc2: Make sure we disconnect the gadget state
   * md/raid6: Fix anomily when recovering a single device in RAID6.
   * regulator: isl9305: fix array size
   * MIPS: r2-on-r6-emu: Clear BLTZALL and BGEZALL debugfs counters
   * MIPS: r2-on-r6-emu: Fix BLEZL and BGTZL identification
   * MIPS: BPF: Fix multiple problems in JIT skb access helpers.
   * MIPS: BPF: Quit clobbering callee saved registers in JIT code.
   * coresight: Fixes coresight DT parse to get correct output port ID.
   * drm/amdgpu: Fail fb creation from imported dma-bufs. (v2)
   * drm/radeon: Fail fb creation from imported dma-bufs.
   * video: ARM CLCD: fix dma allocation size
   * iommu/iova: Fix underflow bug in __alloc_and_insert_iova_range
   * apparmor: Make path_max parameter readonly
   * scsi: ses: don't get power status of SES device slot on probe
   * fm10k: correctly check if interface is removed
   * ALSA: firewire-digi00x: handle all MIDI messages on streaming packets
   * reiserfs: Make cancel_old_flush() reliable
   * ARM: dts: koelsch: Correct clock frequency of X2 DU clock input
   * net/faraday: Add missing include of of.h
   * powerpc: Avoid taking a data miss on every userspace instruction miss
   * ARM: dts: r8a7791: Correct parent of SSI[0-9] clocks
   * ARM: dts: r8a7790: Correct parent of SSI[0-9] clocks
   * NFC: nfcmrvl: double free on error path
   * NFC: nfcmrvl: Include unaligned.h instead of access_ok.h
   * vxlan: vxlan dev should inherit lowerdev's gso_max_size
   * drm/vmwgfx: Fixes to vmwgfx_fb
   * braille-console: Fix value returned by _braille_console_setup
   * bonding: refine bond_fold_stats() wrap detection
   * f2fs: relax node version check for victim data in gc
   * blk-throttle: make sure expire time isn't too big
   * mm: Fix false-positive VM_BUG_ON() in page_cache_{get,add}_speculative()
   * driver: (adm1275) set the m,b and R coefficients correctly for power
   * dmaengine: imx-sdma: add 1ms delay to ensure SDMA channel is stopped
   * tcp: sysctl: Fix a race to avoid unexpected 0 window from space
   * spi: omap2-mcspi: poll OMAP2_MCSPI_CHSTAT_RXS for PIO transfer
   * ASoC: rcar: ssi: don't set SSICR.CKDV = 000 with SSIWSR.CONT
   * sched: act_csum: don't mangle TCP and UDP GSO packets
   * Input: qt1070 - add OF device ID table
   * sysrq: Reset the watchdog timers while displaying high-resolution timers
   * timers, sched_clock: Update timeout for clock wrap
   * media: i2c/soc_camera: fix ov6650 sensor getting wrong clock
   * scsi: ipr: Fix missed EH wakeup
   * solo6x10: release vb2 buffers in solo_stop_streaming()
   * of: fix of_device_get_modalias returned length when truncating buffers
   * batman-adv: handle race condition for claims between gateways
   * ARM: dts: Adjust moxart IRQ controller and flags
   * net/8021q: create device with all possible features in wanted_features
   * HID: clamp input to logical range if no null state
   * perf probe: Return errno when not hitting any event
   * ath10k: disallow DFS simulation if DFS channel is not enabled
   * drm: Defer disabling the vblank IRQ until the next interrupt (for instant-off)
   * drivers: net: xgene: Fix hardware checksum setting
   * perf tools: Make perf_event__synthesize_mmap_events() scale
   * i40e: fix ethtool to get EEPROM data from X722 interface
   * i40e: Acquire NVM lock before reads on all devices
   * perf sort: Fix segfault with basic block 'cycles' sort dimension
   * selinux: check for address length in selinux_socket_bind()
   * PCI/MSI: Stop disabling MSI/MSI-X in pci_device_shutdown()
   * ath10k: fix a warning during channel switch with multiple vaps
   * drm: qxl: Don't alloc fbdev if emulation is not supported
   * HID: reject input outside logical range only if null state is set
   * staging: wilc1000: add check for kmalloc allocation failure.
   * staging: speakup: Replace BUG_ON() with WARN_ON().
   * Input: tsc2007 - check for presence and power down tsc2007 during probe
   * blkcg: fix double free of new_blkg in blkcg_init_queue

Juerg Haefliger (juergh) on 2018-04-17
Changed in linux (Ubuntu):
status: New → Invalid
Juerg Haefliger (juergh) on 2018-04-17
description: updated
Juerg Haefliger (juergh) wrote :

Skipped the following patches because they're applied already:
   * bpf: fix incorrect sign extension in check_alu_op()
   * scsi: ses: don't get power status of SES device slot on probe

Stefan Bader (smb) on 2018-04-17
Changed in linux (Ubuntu Xenial):
importance: Undecided → Medium
status: New → In Progress
Stefan Bader (smb) on 2018-04-17
Changed in linux (Ubuntu Xenial):
status: In Progress → Fix Committed
Launchpad Janitor (janitor) wrote :
Download full text (59.3 KiB)

This bug was fixed in the package linux - 4.4.0-127.153

linux (4.4.0-127.153) xenial; urgency=medium

  * CVE-2018-3639 (powerpc)
    - powerpc/pseries: Support firmware disable of RFI flush
    - powerpc/powernv: Support firmware disable of RFI flush
    - powerpc/rfi-flush: Move the logic to avoid a redo into the debugfs code
    - powerpc/rfi-flush: Make it possible to call setup_rfi_flush() again
    - powerpc/rfi-flush: Always enable fallback flush on pseries
    - powerpc/rfi-flush: Differentiate enabled and patched flush types
    - powerpc/rfi-flush: Call setup_rfi_flush() after LPM migration
    - powerpc/pseries: Add new H_GET_CPU_CHARACTERISTICS flags
    - powerpc: Add security feature flags for Spectre/Meltdown
    - powerpc/pseries: Set or clear security feature flags
    - powerpc/powernv: Set or clear security feature flags
    - powerpc/64s: Move cpu_show_meltdown()
    - powerpc/64s: Enhance the information in cpu_show_meltdown()
    - powerpc/powernv: Use the security flags in pnv_setup_rfi_flush()
    - powerpc/pseries: Use the security flags in pseries_setup_rfi_flush()
    - powerpc/64s: Wire up cpu_show_spectre_v1()
    - powerpc/64s: Wire up cpu_show_spectre_v2()
    - powerpc/pseries: Fix clearing of security feature flags
    - powerpc: Move default security feature flags
    - powerpc/pseries: Restore default security feature flags on setup
    - SAUCE: powerpc/64s: Add support for a store forwarding barrier at kernel

  * CVE-2018-3639 (x86)
    - SAUCE: Clean up IBPB and IBRS control functions and macros
    - SAUCE: Fix up IBPB and IBRS kernel parameters documentation
    - SAUCE: Remove #define X86_FEATURE_PTI
    - x86/cpufeature: Move some of the scattered feature bits to x86_capability
    - x86/cpufeature: Cleanup get_cpu_cap()
    - x86/cpu: Probe CPUID leaf 6 even when cpuid_level == 6
    - x86/cpufeatures: Add CPUID_7_EDX CPUID leaf
    - x86/cpufeatures: Add Intel feature bits for Speculation Control
    - SAUCE: x86/kvm: Expose SPEC_CTRL from the leaf
    - x86/cpufeatures: Add AMD feature bits for Speculation Control
    - x86/msr: Add definitions for new speculation control MSRs
    - SAUCE: x86/msr: Rename MSR spec control feature bits
    - x86/pti: Do not enable PTI on CPUs which are not vulnerable to Meltdown
    - x86/cpufeature: Blacklist SPEC_CTRL/PRED_CMD on early Spectre v2 microcodes
    - x86/speculation: Add basic IBPB (Indirect Branch Prediction Barrier) support
    - x86/speculation: Add <asm/msr-index.h> dependency
    - x86/cpufeatures: Clean up Spectre v2 related CPUID flags
    - x86/cpuid: Fix up "virtual" IBRS/IBPB/STIBP feature bits on Intel
    - SAUCE: x86/speculation: Move vendor specific IBRS/IBPB control code
    - SAUCE: x86: Add alternative_msr_write
    - SAUCE: x86/nospec: Simplify alternative_msr_write()
    - SAUCE: x86/bugs: Concentrate bug detection into a separate function
    - SAUCE: x86/bugs: Concentrate bug reporting into a separate function
    - arch: Introduce post-init read-only memory
    - SAUCE: x86/bugs: Read SPEC_CTRL MSR during boot and re-use reserved bits
    - SAUCE: x86/bugs, KVM: Support the combination of guest a...

Changed in linux (Ubuntu Xenial):
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers