Xenial update to 4.4.124 stable release

Bug #1764762 reported by Juerg Haefliger on 2018-04-17
This bug affects 1 person
Affects Status Importance Assigned to Milestone
linux (Ubuntu)

Bug Description

SRU Justification

   The upstream process for stable tree updates is quite similar
   in scope to the Ubuntu SRU process, e.g., each patch has to
   demonstrably fix a bug, and each patch is vetted by upstream
   by originating either directly from a mainline/stable Linux tree
   or a minimally backported form of that patch. The 4.4.124 upstream
   stable stable patch set is now available. It should be included
   in the Ubuntu kernel as well.



   The following patches from the 4.4.124 stable release shall be

   * Linux 4.4.124
   * RDMA/ucma: Fix access to non-initialized CM_ID object
   * dmaengine: ti-dma-crossbar: Fix event mapping for TPCC_EVT_MUX_60_63
   * clk: si5351: Rename internal plls to avoid name collisions
   * nfsd4: permit layoutget of executable-only files
   * RDMA/ocrdma: Fix permissions for OCRDMA_RESET_STATS
   * ip6_vti: adjust vti mtu according to mtu of lower device
   * iommu/vt-d: clean up pr_irq if request_threaded_irq fails
   * pinctrl: Really force states during suspend/resume
   * coresight: Fix disabling of CoreSight TPIU
   * pty: cancel pty slave port buf's work in tty_release
   * drm/omap: DMM: Check for DMM readiness after successful transaction commit
   * vgacon: Set VGA struct resource types
   * IB/umem: Fix use of npages/nmap fields
   * RDMA/cma: Use correct size when writing netlink stats
   * IB/ipoib: Avoid memory leak if the SA returns a different DGID
   * mmc: avoid removing non-removable hosts during suspend
   * platform/chrome: Use proper protocol transfer function
   * cros_ec: fix nul-termination for firmware build info
   * media: [RESEND] media: dvb-frontends: Add delay to Si2168 restart
   * media: bt8xx: Fix err 'bt878_probe()'
   * rtlwifi: rtl_pci: Fix the bug when inactiveps is enabled.
   * RDMA/iwpm: Fix uninitialized error code in iwpm_send_mapinfo()
   * drm/msm: fix leak in failed get_pages
   * media: c8sectpfe: fix potential NULL pointer dereference in c8sectpfe_timer_interrupt
   * Bluetooth: hci_qca: Avoid setup failure on missing rampatch
   * perf tests kmod-path: Don't fail if compressed modules aren't supported
   * rtc: ds1374: wdt: Fix stop/start ioctl always returning -EINVAL
   * rtc: ds1374: wdt: Fix issue with timeout scaling from secs to wdt ticks
   * cifs: small underflow in cnvrtDosUnixTm()
   * net: hns: fix ethtool_get_strings overflow in hns driver
   * sm501fb: don't return zero on failure path in sm501fb_start()
   * video: fbdev: udlfb: Fix buffer on stack
   * tcm_fileio: Prevent information leak for short reads
   * ia64: fix module loading for gcc-5.4
   * md/raid10: skip spare disk as 'first' disk
   * Input: twl4030-pwrbutton - use correct device for irq request
   * power: supply: pda_power: move from timer to delayed_work
   * bnx2x: Align RX buffers
   * drm/nouveau/kms: Increase max retries in scanout position queries.
   * ACPI / PMIC: xpower: Fix power_table addresses
   * ipmi/watchdog: fix wdog hang on panic waiting for ipmi response
   * ARM: DRA7: clockdomain: Change the CLKTRCTRL of CM_PCIE_CLKSTCTRL to SW_WKUP
   * mmc: sdhci-of-esdhc: limit SD clock for ls1012a/ls1046a
   * staging: wilc1000: fix unchecked return value
   * staging: unisys: visorhba: fix s-Par to boot with option CONFIG_VMAP_STACK set to y
   * mtip32xx: use runtime tag to initialize command header
   * mfd: palmas: Reset the POWERHOLD mux during power off
   * mac80211: don't parse encrypted management frames in ieee80211_frame_acked
   * Btrfs: send, fix file hole not being preserved due to inline extent
   * rndis_wlan: add return value validation
   * mt7601u: check return value of alloc_skb
   * iio: st_pressure: st_accel: Initialise sensor platform data properly
   * NFS: don't try to cross a mountpount when there isn't one there.
   * infiniband/uverbs: Fix integer overflows
   * scsi: mac_esp: Replace bogus memory barrier with spinlock
   * qlcnic: fix unchecked return value
   * wan: pc300too: abort path on failure
   * mmc: host: omap_hsmmc: checking for NULL instead of IS_ERR()
   * openvswitch: Delete conntrack entry clashing with an expectation.
   * netfilter: xt_CT: fix refcnt leak on error path
   * Fix driver usage of 128B WQEs when WQ_CREATE is V1.
   * ASoC: Intel: Skylake: Uninitialized variable in probe_codec()
   * IB/mlx4: Change vma from shared to private
   * IB/mlx4: Take write semaphore when changing the vma struct
   * HSI: ssi_protocol: double free in ssip_pn_xmit()
   * IB/ipoib: Update broadcast object if PKey value was changed in index 0
   * IB/ipoib: Fix deadlock between ipoib_stop and mcast join flow
   * ALSA: hda - Fix headset microphone detection for ASUS N551 and N751
   * e1000e: fix timing for 82579 Gigabit Ethernet controller
   * tcp: remove poll() flakes with FastOpen
   * NFS: Fix missing pg_cleanup after nfs_pageio_cond_complete()
   * md/raid10: wait up frozen array in handle_write_completed
   * iommu/omap: Register driver before setting IOMMU ops
   * ARM: 8668/1: ftrace: Fix dynamic ftrace with DEBUG_RODATA and !FRAME_POINTER
   * KVM: PPC: Book3S PR: Exit KVM on failed mapping
   * scsi: virtio_scsi: Always try to read VPD pages
   * clk: ns2: Correct SDIO bits
   * ath: Fix updating radar flags for coutry code India
   * spi: dw: Disable clock after unregistering the host
   * media/dvb-core: Race condition when writing to CAM
   * net: ipv6: send unsolicited NA on admin up
   * i2c: i2c-scmi: add a MS HID
   * genirq: Use irqd_get_trigger_type to compare the trigger type for shared IRQs
   * cpufreq/sh: Replace racy task affinity logic
   * ACPI/processor: Replace racy task affinity logic
   * ACPI/processor: Fix error handling in __acpi_processor_start()
   * time: Change posix clocks ops interfaces to use timespec64
   * Input: ar1021_i2c - fix too long name in driver's device table
   * rtc: cmos: Do not assume irq 8 for rtc when there are no legacy irqs
   * x86: i8259: export legacy_pic symbol
   * regulator: anatop: set default voltage selector for pcie
   * platform/x86: asus-nb-wmi: Add wapf4 quirk for the X302UA
   * staging: android: ashmem: Fix possible deadlock in ashmem_ioctl
   * CIFS: Enable encryption during session setup phase
   * SMB3: Validate negotiate request must always be signed
   * tpm_tis: fix potential buffer overruns caused by bit glitches on the bus
   * tpm: fix potential buffer overruns caused by bit glitches on the bus

Juerg Haefliger (juergh) on 2018-04-17
Changed in linux (Ubuntu):
status: New → Invalid
Juerg Haefliger (juergh) on 2018-04-18
description: updated
Juerg Haefliger (juergh) wrote :

Reverted the following SAUCE patch to be replaced by its upstream equivalent:
   * UBUNTU: SAUCE: (no-up) iio: st_pressure: st_accel: Initialise sensor platform data properly

Skipped the following patches since they're already applied:
   * CIFS: Enable encryption during session setup phase
   * SMB3: Validate negotiate request must always be signed

Stefan Bader (smb) on 2018-04-18
Changed in linux (Ubuntu Xenial):
importance: Undecided → Medium
status: New → In Progress
Stefan Bader (smb) on 2018-04-18
Changed in linux (Ubuntu Xenial):
status: In Progress → Fix Committed
Launchpad Janitor (janitor) wrote :
Download full text (59.3 KiB)

This bug was fixed in the package linux - 4.4.0-127.153

linux (4.4.0-127.153) xenial; urgency=medium

  * CVE-2018-3639 (powerpc)
    - powerpc/pseries: Support firmware disable of RFI flush
    - powerpc/powernv: Support firmware disable of RFI flush
    - powerpc/rfi-flush: Move the logic to avoid a redo into the debugfs code
    - powerpc/rfi-flush: Make it possible to call setup_rfi_flush() again
    - powerpc/rfi-flush: Always enable fallback flush on pseries
    - powerpc/rfi-flush: Differentiate enabled and patched flush types
    - powerpc/rfi-flush: Call setup_rfi_flush() after LPM migration
    - powerpc/pseries: Add new H_GET_CPU_CHARACTERISTICS flags
    - powerpc: Add security feature flags for Spectre/Meltdown
    - powerpc/pseries: Set or clear security feature flags
    - powerpc/powernv: Set or clear security feature flags
    - powerpc/64s: Move cpu_show_meltdown()
    - powerpc/64s: Enhance the information in cpu_show_meltdown()
    - powerpc/powernv: Use the security flags in pnv_setup_rfi_flush()
    - powerpc/pseries: Use the security flags in pseries_setup_rfi_flush()
    - powerpc/64s: Wire up cpu_show_spectre_v1()
    - powerpc/64s: Wire up cpu_show_spectre_v2()
    - powerpc/pseries: Fix clearing of security feature flags
    - powerpc: Move default security feature flags
    - powerpc/pseries: Restore default security feature flags on setup
    - SAUCE: powerpc/64s: Add support for a store forwarding barrier at kernel

  * CVE-2018-3639 (x86)
    - SAUCE: Clean up IBPB and IBRS control functions and macros
    - SAUCE: Fix up IBPB and IBRS kernel parameters documentation
    - SAUCE: Remove #define X86_FEATURE_PTI
    - x86/cpufeature: Move some of the scattered feature bits to x86_capability
    - x86/cpufeature: Cleanup get_cpu_cap()
    - x86/cpu: Probe CPUID leaf 6 even when cpuid_level == 6
    - x86/cpufeatures: Add CPUID_7_EDX CPUID leaf
    - x86/cpufeatures: Add Intel feature bits for Speculation Control
    - SAUCE: x86/kvm: Expose SPEC_CTRL from the leaf
    - x86/cpufeatures: Add AMD feature bits for Speculation Control
    - x86/msr: Add definitions for new speculation control MSRs
    - SAUCE: x86/msr: Rename MSR spec control feature bits
    - x86/pti: Do not enable PTI on CPUs which are not vulnerable to Meltdown
    - x86/cpufeature: Blacklist SPEC_CTRL/PRED_CMD on early Spectre v2 microcodes
    - x86/speculation: Add basic IBPB (Indirect Branch Prediction Barrier) support
    - x86/speculation: Add <asm/msr-index.h> dependency
    - x86/cpufeatures: Clean up Spectre v2 related CPUID flags
    - x86/cpuid: Fix up "virtual" IBRS/IBPB/STIBP feature bits on Intel
    - SAUCE: x86/speculation: Move vendor specific IBRS/IBPB control code
    - SAUCE: x86: Add alternative_msr_write
    - SAUCE: x86/nospec: Simplify alternative_msr_write()
    - SAUCE: x86/bugs: Concentrate bug detection into a separate function
    - SAUCE: x86/bugs: Concentrate bug reporting into a separate function
    - arch: Introduce post-init read-only memory
    - SAUCE: x86/bugs: Read SPEC_CTRL MSR during boot and re-use reserved bits
    - SAUCE: x86/bugs, KVM: Support the combination of guest a...

Changed in linux (Ubuntu Xenial):
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers