Xenial update to 4.4.124 stable release

Bug #1764762 reported by Juerg Haefliger on 2018-04-17
10
This bug affects 1 person
Affects Status Importance Assigned to Milestone
linux (Ubuntu)
Undecided
Unassigned
Xenial
Medium
Unassigned

Bug Description

SRU Justification

Impact:
   The upstream process for stable tree updates is quite similar
   in scope to the Ubuntu SRU process, e.g., each patch has to
   demonstrably fix a bug, and each patch is vetted by upstream
   by originating either directly from a mainline/stable Linux tree
   or a minimally backported form of that patch. The 4.4.124 upstream
   stable stable patch set is now available. It should be included
   in the Ubuntu kernel as well.

   git://git.kernel.org/

TEST CASE: TBD

   The following patches from the 4.4.124 stable release shall be
   applied:

   * Linux 4.4.124
   * RDMA/ucma: Fix access to non-initialized CM_ID object
   * dmaengine: ti-dma-crossbar: Fix event mapping for TPCC_EVT_MUX_60_63
   * clk: si5351: Rename internal plls to avoid name collisions
   * nfsd4: permit layoutget of executable-only files
   * RDMA/ocrdma: Fix permissions for OCRDMA_RESET_STATS
   * ip6_vti: adjust vti mtu according to mtu of lower device
   * iommu/vt-d: clean up pr_irq if request_threaded_irq fails
   * pinctrl: Really force states during suspend/resume
   * coresight: Fix disabling of CoreSight TPIU
   * pty: cancel pty slave port buf's work in tty_release
   * drm/omap: DMM: Check for DMM readiness after successful transaction commit
   * vgacon: Set VGA struct resource types
   * IB/umem: Fix use of npages/nmap fields
   * RDMA/cma: Use correct size when writing netlink stats
   * IB/ipoib: Avoid memory leak if the SA returns a different DGID
   * mmc: avoid removing non-removable hosts during suspend
   * platform/chrome: Use proper protocol transfer function
   * cros_ec: fix nul-termination for firmware build info
   * media: [RESEND] media: dvb-frontends: Add delay to Si2168 restart
   * media: bt8xx: Fix err 'bt878_probe()'
   * rtlwifi: rtl_pci: Fix the bug when inactiveps is enabled.
   * RDMA/iwpm: Fix uninitialized error code in iwpm_send_mapinfo()
   * drm/msm: fix leak in failed get_pages
   * media: c8sectpfe: fix potential NULL pointer dereference in c8sectpfe_timer_interrupt
   * Bluetooth: hci_qca: Avoid setup failure on missing rampatch
   * perf tests kmod-path: Don't fail if compressed modules aren't supported
   * rtc: ds1374: wdt: Fix stop/start ioctl always returning -EINVAL
   * rtc: ds1374: wdt: Fix issue with timeout scaling from secs to wdt ticks
   * cifs: small underflow in cnvrtDosUnixTm()
   * net: hns: fix ethtool_get_strings overflow in hns driver
   * sm501fb: don't return zero on failure path in sm501fb_start()
   * video: fbdev: udlfb: Fix buffer on stack
   * tcm_fileio: Prevent information leak for short reads
   * ia64: fix module loading for gcc-5.4
   * md/raid10: skip spare disk as 'first' disk
   * Input: twl4030-pwrbutton - use correct device for irq request
   * power: supply: pda_power: move from timer to delayed_work
   * bnx2x: Align RX buffers
   * drm/nouveau/kms: Increase max retries in scanout position queries.
   * ACPI / PMIC: xpower: Fix power_table addresses
   * ipmi/watchdog: fix wdog hang on panic waiting for ipmi response
   * ARM: DRA7: clockdomain: Change the CLKTRCTRL of CM_PCIE_CLKSTCTRL to SW_WKUP
   * mmc: sdhci-of-esdhc: limit SD clock for ls1012a/ls1046a
   * staging: wilc1000: fix unchecked return value
   * staging: unisys: visorhba: fix s-Par to boot with option CONFIG_VMAP_STACK set to y
   * mtip32xx: use runtime tag to initialize command header
   * mfd: palmas: Reset the POWERHOLD mux during power off
   * mac80211: don't parse encrypted management frames in ieee80211_frame_acked
   * Btrfs: send, fix file hole not being preserved due to inline extent
   * rndis_wlan: add return value validation
   * mt7601u: check return value of alloc_skb
   * iio: st_pressure: st_accel: Initialise sensor platform data properly
   * NFS: don't try to cross a mountpount when there isn't one there.
   * infiniband/uverbs: Fix integer overflows
   * scsi: mac_esp: Replace bogus memory barrier with spinlock
   * qlcnic: fix unchecked return value
   * wan: pc300too: abort path on failure
   * mmc: host: omap_hsmmc: checking for NULL instead of IS_ERR()
   * openvswitch: Delete conntrack entry clashing with an expectation.
   * netfilter: xt_CT: fix refcnt leak on error path
   * Fix driver usage of 128B WQEs when WQ_CREATE is V1.
   * ASoC: Intel: Skylake: Uninitialized variable in probe_codec()
   * IB/mlx4: Change vma from shared to private
   * IB/mlx4: Take write semaphore when changing the vma struct
   * HSI: ssi_protocol: double free in ssip_pn_xmit()
   * IB/ipoib: Update broadcast object if PKey value was changed in index 0
   * IB/ipoib: Fix deadlock between ipoib_stop and mcast join flow
   * ALSA: hda - Fix headset microphone detection for ASUS N551 and N751
   * e1000e: fix timing for 82579 Gigabit Ethernet controller
   * tcp: remove poll() flakes with FastOpen
   * NFS: Fix missing pg_cleanup after nfs_pageio_cond_complete()
   * md/raid10: wait up frozen array in handle_write_completed
   * iommu/omap: Register driver before setting IOMMU ops
   * ARM: 8668/1: ftrace: Fix dynamic ftrace with DEBUG_RODATA and !FRAME_POINTER
   * KVM: PPC: Book3S PR: Exit KVM on failed mapping
   * scsi: virtio_scsi: Always try to read VPD pages
   * clk: ns2: Correct SDIO bits
   * ath: Fix updating radar flags for coutry code India
   * spi: dw: Disable clock after unregistering the host
   * media/dvb-core: Race condition when writing to CAM
   * net: ipv6: send unsolicited NA on admin up
   * i2c: i2c-scmi: add a MS HID
   * genirq: Use irqd_get_trigger_type to compare the trigger type for shared IRQs
   * cpufreq/sh: Replace racy task affinity logic
   * ACPI/processor: Replace racy task affinity logic
   * ACPI/processor: Fix error handling in __acpi_processor_start()
   * time: Change posix clocks ops interfaces to use timespec64
   * Input: ar1021_i2c - fix too long name in driver's device table
   * rtc: cmos: Do not assume irq 8 for rtc when there are no legacy irqs
   * x86: i8259: export legacy_pic symbol
   * regulator: anatop: set default voltage selector for pcie
   * platform/x86: asus-nb-wmi: Add wapf4 quirk for the X302UA
   * staging: android: ashmem: Fix possible deadlock in ashmem_ioctl
   * CIFS: Enable encryption during session setup phase
   * SMB3: Validate negotiate request must always be signed
   * tpm_tis: fix potential buffer overruns caused by bit glitches on the bus
   * tpm: fix potential buffer overruns caused by bit glitches on the bus

Juerg Haefliger (juergh) on 2018-04-17
Changed in linux (Ubuntu):
status: New → Invalid
Juerg Haefliger (juergh) on 2018-04-18
description: updated
Juerg Haefliger (juergh) wrote :

Reverted the following SAUCE patch to be replaced by its upstream equivalent:
   * UBUNTU: SAUCE: (no-up) iio: st_pressure: st_accel: Initialise sensor platform data properly

Skipped the following patches since they're already applied:
   * CIFS: Enable encryption during session setup phase
   * SMB3: Validate negotiate request must always be signed

Stefan Bader (smb) on 2018-04-18
Changed in linux (Ubuntu Xenial):
importance: Undecided → Medium
status: New → In Progress
Stefan Bader (smb) on 2018-04-18
Changed in linux (Ubuntu Xenial):
status: In Progress → Fix Committed
Launchpad Janitor (janitor) wrote :
Download full text (59.3 KiB)

This bug was fixed in the package linux - 4.4.0-127.153

---------------
linux (4.4.0-127.153) xenial; urgency=medium

  * CVE-2018-3639 (powerpc)
    - powerpc/pseries: Support firmware disable of RFI flush
    - powerpc/powernv: Support firmware disable of RFI flush
    - powerpc/rfi-flush: Move the logic to avoid a redo into the debugfs code
    - powerpc/rfi-flush: Make it possible to call setup_rfi_flush() again
    - powerpc/rfi-flush: Always enable fallback flush on pseries
    - powerpc/rfi-flush: Differentiate enabled and patched flush types
    - powerpc/rfi-flush: Call setup_rfi_flush() after LPM migration
    - powerpc/pseries: Add new H_GET_CPU_CHARACTERISTICS flags
    - powerpc: Add security feature flags for Spectre/Meltdown
    - powerpc/pseries: Set or clear security feature flags
    - powerpc/powernv: Set or clear security feature flags
    - powerpc/64s: Move cpu_show_meltdown()
    - powerpc/64s: Enhance the information in cpu_show_meltdown()
    - powerpc/powernv: Use the security flags in pnv_setup_rfi_flush()
    - powerpc/pseries: Use the security flags in pseries_setup_rfi_flush()
    - powerpc/64s: Wire up cpu_show_spectre_v1()
    - powerpc/64s: Wire up cpu_show_spectre_v2()
    - powerpc/pseries: Fix clearing of security feature flags
    - powerpc: Move default security feature flags
    - powerpc/pseries: Restore default security feature flags on setup
    - SAUCE: powerpc/64s: Add support for a store forwarding barrier at kernel
      entry/exit

  * CVE-2018-3639 (x86)
    - SAUCE: Clean up IBPB and IBRS control functions and macros
    - SAUCE: Fix up IBPB and IBRS kernel parameters documentation
    - SAUCE: Remove #define X86_FEATURE_PTI
    - x86/cpufeature: Move some of the scattered feature bits to x86_capability
    - x86/cpufeature: Cleanup get_cpu_cap()
    - x86/cpu: Probe CPUID leaf 6 even when cpuid_level == 6
    - x86/cpufeatures: Add CPUID_7_EDX CPUID leaf
    - x86/cpufeatures: Add Intel feature bits for Speculation Control
    - SAUCE: x86/kvm: Expose SPEC_CTRL from the leaf
    - x86/cpufeatures: Add AMD feature bits for Speculation Control
    - x86/msr: Add definitions for new speculation control MSRs
    - SAUCE: x86/msr: Rename MSR spec control feature bits
    - x86/pti: Do not enable PTI on CPUs which are not vulnerable to Meltdown
    - x86/cpufeature: Blacklist SPEC_CTRL/PRED_CMD on early Spectre v2 microcodes
    - x86/speculation: Add basic IBPB (Indirect Branch Prediction Barrier) support
    - x86/speculation: Add <asm/msr-index.h> dependency
    - x86/cpufeatures: Clean up Spectre v2 related CPUID flags
    - x86/cpuid: Fix up "virtual" IBRS/IBPB/STIBP feature bits on Intel
    - SAUCE: x86/speculation: Move vendor specific IBRS/IBPB control code
    - SAUCE: x86: Add alternative_msr_write
    - SAUCE: x86/nospec: Simplify alternative_msr_write()
    - SAUCE: x86/bugs: Concentrate bug detection into a separate function
    - SAUCE: x86/bugs: Concentrate bug reporting into a separate function
    - arch: Introduce post-init read-only memory
    - SAUCE: x86/bugs: Read SPEC_CTRL MSR during boot and re-use reserved bits
    - SAUCE: x86/bugs, KVM: Support the combination of guest a...

Changed in linux (Ubuntu Xenial):
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers