Xenial update to 4.4.128 stable release

Bug #1765010 reported by Juerg Haefliger on 2018-04-18
10
This bug affects 1 person
Affects Status Importance Assigned to Milestone
linux (Ubuntu)
Undecided
Unassigned
Xenial
Medium
Unassigned

Bug Description

SRU Justification

Impact:
   The upstream process for stable tree updates is quite similar
   in scope to the Ubuntu SRU process, e.g., each patch has to
   demonstrably fix a bug, and each patch is vetted by upstream
   by originating either directly from a mainline/stable Linux tree
   or a minimally backported form of that patch. The 4.4.128 upstream
   stable stable patch set is now available. It should be included
   in the Ubuntu kernel as well.

   git://git.kernel.org/

TEST CASE: TBD

   The following patches from the 4.4.128 stable release shall be
   applied:

   * Linux 4.4.128
   * Revert "xhci: plat: Register shutdown for xhci_plat"
   * vrf: Fix use after free and double free in vrf_finish_output
   * ipv6: the entire IPv6 header chain must fit the first fragment
   * net/ipv6: Increment OUTxxx counters after netfilter hook
   * net sched actions: fix dumping which requires several messages to user space
   * r8169: fix setting driver_data after register_netdev
   * vti6: better validate user provided tunnel names
   * ip6_tunnel: better validate user provided tunnel names
   * ip6_gre: better validate user provided tunnel names
   * ipv6: sit: better validate user provided tunnel names
   * ip_tunnel: better validate user provided tunnel names
   * net: fool proof dev_valid_name()
   * bonding: process the err returned by dev_set_allmulti properly in bond_enslave
   * bonding: move dev_mc_sync after master_upper_dev_link in bond_enslave
   * bonding: fix the err path for dev hwaddr sync in bond_enslave
   * vlan: also check phy_driver ts_info for vlan's real device
   * vhost: correctly remove wait queue during poll failure
   * sky2: Increase D3 delay to sky2 stops working after suspend
   * sctp: sctp_sockaddr_af must check minimal addr length for AF_INET6
   * sctp: do not leak kernel memory to user space
   * pptp: remove a buggy dst release in pptp_connect()
   * net/sched: fix NULL dereference in the error path of tcf_bpf_init()
   * netlink: make sure nladdr has correct size in netlink_connect()
   * net/ipv6: Fix route leaking between VRFs
   * net: fix possible out-of-bound read in skb_network_protocol()
   * arp: fix arp_filter on l3slave devices
   * Kbuild: provide a __UNIQUE_ID for clang
   * futex: Remove requirement for lock_page() in get_futex_key()
   * random: use lockless method of accessing and updating f->reg_idx
   * virtio_net: check return value of skb_to_sgvec in one more location
   * virtio_net: check return value of skb_to_sgvec always
   * rxrpc: check return value of skb_to_sgvec always
   * ipsec: check return value of skb_to_sgvec always
   * perf tools: Fix copyfile_offset update of output offset
   * cxgb4vf: Fix SGE FL buffer initialization logic for 64K pages
   * EDAC, mv64x60: Fix an error handling path
   * tty: n_gsm: Allow ADM response in addition to UA for control dlci
   * blk-mq: fix kernel oops in blk_mq_tag_idle()
   * scsi: libsas: initialize sas_phy status according to response of DISCOVER
   * scsi: libsas: fix error when getting phy events
   * scsi: libsas: fix memory leak in sas_smp_get_phy_events()
   * bcache: segregate flash only volume write streams
   * bcache: stop writeback thread after detaching
   * vxlan: dont migrate permanent fdb entries during learn
   * s390/dasd: fix hanging safe offline
   * ACPICA: Disassembler: Abort on an invalid/unknown AML opcode
   * ACPICA: Events: Add runtime stub support for event APIs
   * cpuidle: dt: Add missing 'of_node_put()'
   * Bluetooth: Send HCI Set Event Mask Page 2 command only when needed
   * iio: magnetometer: st_magn_spi: fix spi_device_id table
   * sparc64: ldc abort during vds iso boot
   * sctp: fix recursive locking warning in sctp_do_peeloff
   * bnx2x: Allow vfs to disable txvlan offload
   * xen: avoid type warning in xchg_xen_ulong
   * skbuff: only inherit relevant tx_flags
   * perf tests: Decompress kernel module before objdump
   * net: emac: fix reset timeout with AR8035 phy
   * Fix loop device flush before configure v3
   * MIPS: kprobes: flush_insn_slot should flush only if probe initialised
   * MIPS: mm: adjust PKMAP location
   * MIPS: mm: fixed mappings: correct initialisation
   * perf/core: Correct event creation with PERF_FORMAT_GROUP
   * e1000e: Undo e1000e_pm_freeze if __e1000_shutdown fails
   * ARM: imx: Add MXC_CPU_IMX6ULL and cpu_is_imx6ull
   * net: phy: avoid genphy_aneg_done() for PHYs without clause 22 support
   * mceusb: sporadic RX truncation corruption fix
   * cx25840: fix unchecked return values
   * e1000e: fix race condition around skb_tstamp_tx()
   * tags: honor COMPILED_SOURCE with apart output directory
   * perf report: Ensure the perf DSO mapping matches what libdw sees
   * perf header: Set proper module name when build-id event found
   * net/mlx4: Check if Granular QoS per VF has been enabled before updating QP qos_vport
   * net/mlx4: Fix the check in attaching steering rules
   * sit: reload iphdr in ipip6_rcv
   * skbuff: return -EMSGSIZE in skb_to_sgvec to prevent overflow
   * bio-integrity: Do not allocate integrity context for bio w/o data
   * Fix serial console on SNI RM400 machines
   * cxgb4: fix incorrect cim_la output for T6
   * drm/omap: fix tiled buffer stride calculations
   * mISDN: Fix a sleep-in-atomic bug
   * qlcnic: Fix a sleep-in-atomic bug in qlcnic_82xx_hw_write_wx_2M and qlcnic_82xx_hw_read_wx_2M
   * perf trace: Add mmap alias for s390
   * powerpc/spufs: Fix coredump of SPU contexts
   * clk: Fix __set_clk_rates error print-string
   * clk: scpi: fix return type of __scpi_dvfs_round_rate
   * KVM: SVM: do not zero out segment attributes if segment is unusable or not present
   * net: freescale: fix potential null pointer dereference
   * SUNRPC: ensure correct error is reported by xs_tcp_setup_socket()
   * rtc: interface: Validate alarm-time before handling rollover
   * rtc: opal: Handle disabled TPO in opal_get_tpo_time()
   * cxgb4: FW upgrade fixes
   * net/mlx5: avoid build warning for uniprocessor
   * arm64: futex: Fix undefined behaviour with FUTEX_OP_OPARG_SHIFT usage
   * dmaengine: imx-sdma: Handle return value of clk_prepare_enable
   * powerpc/[booke|4xx]: Don't clobber TCR[WP] when setting TCR[DIE]
   * ovl: filter trusted xattr for non-admin
   * hdlcdrv: Fix divide by zero in hdlcdrv_ioctl
   * wl1251: check return from call to wl1251_acx_arp_ip_filter
   * ASoC: Intel: sst: Fix the return value of 'sst_send_byte_stream_mrfld()'
   * gpio: label descriptors using the device name
   * vfb: fix video mode and line_length being set when loaded
   * scsi: mpt3sas: Proper handling of set/clear of "ATA command pending" flag.
   * scsi: libiscsi: Allow sd_shutdown on bad transport
   * ASoC: Intel: cht_bsw_rt5645: Analog Mic support
   * media: videobuf2-core: don't go out of the buffer range
   * hwmon: (ina2xx) Make calibration register value fixed
   * rds; Reset rs->rs_bound_addr in rds_add_bound() failure path
   * l2tp: fix missing print session offset info
   * perf probe: Add warning message if there is unexpected event name
   * thermal: power_allocator: fix one race condition issue for thermal_instances list
   * ARM: dts: ls1021a: add "fsl,ls1021a-esdhc" compatible string to esdhc node
   * net: llc: add lock_sock in llc_ui_bind to avoid a race condition
   * KVM: nVMX: Fix handling of lmsw instruction
   * bonding: Don't update slave->link until ready to commit
   * Input: elan_i2c - clear INT before resetting controller
   * net: move somaxconn init from sysctl code
   * tcp: better validation of received ack sequences
   * ext4: fix off-by-one on max nr_pages in ext4_find_unwritten_pgoff()
   * fix race in drivers/char/random.c:get_reg()
   * scsi: bnx2fc: fix race condition in bnx2fc_get_host_stats()
   * ASoC: rsnd: SSI PIO adjust to 24bit mode
   * pNFS/flexfiles: missing error code in ff_layout_alloc_lseg()
   * netfilter: ctnetlink: fix incorrect nf_ct_put during hash resize
   * libceph: NULL deref on crush_decode() error path
   * net: ieee802154: fix net_device reference release too early
   * mlx5: fix bug reading rss_hash_type from CQE
   * block: fix an error code in add_partition()
   * selinux: do not check open permission on sockets
   * net/mlx5: Tolerate irq_set_affinity_hint() failures
   * sched/numa: Use down_read_trylock() for the mmap_sem
   * leds: pca955x: Correct I2C Functionality
   * ray_cs: Avoid reading past end of buffer
   * ARM: davinci: da8xx: Create DSP device only when assigned memory
   * md-cluster: fix potential lock issue in add_new_disk
   * ext4: handle the rest of ext4_mb_load_buddy() ENOMEM errors
   * iio: hi8435: cleanup reset gpio
   * iio: hi8435: avoid garbage event at first enable
   * xfrm: fix state migration copy replay sequence numbers
   * selftests/powerpc: Fix TM resched DSCR test with some compilers
   * ath5k: fix memory leak on buf on failed eeprom read
   * powerpc/mm: Fix virt_addr_valid() etc. on 64-bit hash
   * scsi: csiostor: fix use after free in csio_hw_use_fwconfig()
   * sh_eth: Use platform device for printing before register_netdev()
   * serial: sh-sci: Fix race condition causing garbage during shutdown
   * serial: 8250: omap: Disable DMA for console UART
   * USB: ene_usb6250: fix SCSI residue overwriting
   * net: x25: fix one potential use-after-free issue
   * USB: ene_usb6250: fix first command execution
   * usb: chipidea: properly handle host or gadget initialization failure
   * arp: honour gratuitous ARP _replies_
   * neighbour: update neigh timestamps iff update is effective
   * ata: libahci: properly propagate return value of platform_get_irq()
   * btrfs: fix incorrect error return ret being passed to mapping_set_error
   * usb: dwc3: keystone: check return value
   * async_tx: Fix DMA_PREP_FENCE usage in do_async_gen_syndrome()
   * ipv6: avoid dad-failures for addresses with NODAD
   * ARM: dts: imx6qdl-wandboard: Fix audio channel swap
   * x86/tsc: Provide 'tsc=unstable' boot parameter
   * staging: wlan-ng: prism2mgmt.c: fixed a double endian conversion before calling hfa384x_drvr_setconfig16, also fixes relative sparse warning
   * ARM: dts: imx53-qsrb: Pulldown PMIC IRQ pin
   * PowerCap: Fix an error code in powercap_register_zone()
   * bus: brcmstb_gisb: correct support for 64-bit address output
   * bus: brcmstb_gisb: Use register offsets with writes too
   * SMB2: Fix share type handling
   * vmxnet3: ensure that adapter is in proper state during force_close
   * KVM: PPC: Book3S PR: Check copy_to/from_user return values
   * Input: elantech - force relative mode on a certain module
   * Input: elan_i2c - check if device is there before really probing
   * netxen_nic: set rcode to the return status from the call to netxen_issue_cmd
   * net: qca_spi: Fix alignment issues in rx path
   * blk-mq: NVMe 512B/4K+T10 DIF/DIX format returns I/O error on dd with split op
   * CIFS: silence lockdep splat in cifs_relock_file()
   * NFSv4.1: Work around a Linux server bug...
   * net/mlx4_en: Avoid adding steering rules with invalid ring
   * s390: move _text symbol to address higher than zero
   * pidns: disable pid allocation if pid_ns_prepare_proc() is failed in alloc_pid()
   * drivers/misc/vmw_vmci/vmci_queue_pair.c: fix a couple integer overflow tests
   * lockd: fix lockd shutdown race
   * net: ethernet: ti: cpsw: adjust cpsw fifos depth for fullduplex flow control
   * net: cdc_ncm: Fix TX zero padding
   * ipmi_ssif: unlock on allocation failure
   * qlge: Avoid reading past end of buffer
   * bna: Avoid reading past end of buffer
   * mac80211: bail out from prep_connection() if a reconfig is ongoing
   * af_key: Fix slab-out-of-bounds in pfkey_compile_policy.
   * IB/srpt: Fix abort handling
   * NFSv4.1: RECLAIM_COMPLETE must handle NFS4ERR_CONN_NOT_BOUND_TO_SESSION
   * x86/asm: Don't use RBP as a temporary register in csum_partial_copy_generic()
   * rtc: snvs: fix an incorrect check of return value
   * md/raid5: make use of spin_lock_irq over local_irq_disable + spin_lock
   * cfg80211: make RATE_INFO_BW_20 the default

Juerg Haefliger (juergh) on 2018-04-18
Changed in linux (Ubuntu):
status: New → Invalid
Juerg Haefliger (juergh) on 2018-04-18
description: updated
Juerg Haefliger (juergh) wrote :

Skipped the following commits because they're already applied:
   * scsi: libiscsi: Allow sd_shutdown on bad transport
   * blk-mq: NVMe 512B/4K+T10 DIF/DIX format returns I/O error on dd with split op

Juerg Haefliger (juergh) wrote :

Skipped the following commit since it introduces a build failure as shown below:
   * perf tests: Decompress kernel module before objdump

  CC tests/llvm-src-base.o
  CC tests/llvm-src-kbuild.o
  LD util/libperf-in.o
tests/code-reading.c: In function 'read_object_code':
tests/code-reading.c:186:19: error: 'KMOD_DECOMP_LEN' undeclared (first use in this function)
  char decomp_name[KMOD_DECOMP_LEN];
                   ^

Stefan Bader (smb) on 2018-04-19
Changed in linux (Ubuntu Xenial):
importance: Undecided → Medium
status: New → In Progress
Stefan Bader (smb) on 2018-04-19
Changed in linux (Ubuntu Xenial):
status: In Progress → Fix Committed
Launchpad Janitor (janitor) wrote :
Download full text (59.3 KiB)

This bug was fixed in the package linux - 4.4.0-127.153

---------------
linux (4.4.0-127.153) xenial; urgency=medium

  * CVE-2018-3639 (powerpc)
    - powerpc/pseries: Support firmware disable of RFI flush
    - powerpc/powernv: Support firmware disable of RFI flush
    - powerpc/rfi-flush: Move the logic to avoid a redo into the debugfs code
    - powerpc/rfi-flush: Make it possible to call setup_rfi_flush() again
    - powerpc/rfi-flush: Always enable fallback flush on pseries
    - powerpc/rfi-flush: Differentiate enabled and patched flush types
    - powerpc/rfi-flush: Call setup_rfi_flush() after LPM migration
    - powerpc/pseries: Add new H_GET_CPU_CHARACTERISTICS flags
    - powerpc: Add security feature flags for Spectre/Meltdown
    - powerpc/pseries: Set or clear security feature flags
    - powerpc/powernv: Set or clear security feature flags
    - powerpc/64s: Move cpu_show_meltdown()
    - powerpc/64s: Enhance the information in cpu_show_meltdown()
    - powerpc/powernv: Use the security flags in pnv_setup_rfi_flush()
    - powerpc/pseries: Use the security flags in pseries_setup_rfi_flush()
    - powerpc/64s: Wire up cpu_show_spectre_v1()
    - powerpc/64s: Wire up cpu_show_spectre_v2()
    - powerpc/pseries: Fix clearing of security feature flags
    - powerpc: Move default security feature flags
    - powerpc/pseries: Restore default security feature flags on setup
    - SAUCE: powerpc/64s: Add support for a store forwarding barrier at kernel
      entry/exit

  * CVE-2018-3639 (x86)
    - SAUCE: Clean up IBPB and IBRS control functions and macros
    - SAUCE: Fix up IBPB and IBRS kernel parameters documentation
    - SAUCE: Remove #define X86_FEATURE_PTI
    - x86/cpufeature: Move some of the scattered feature bits to x86_capability
    - x86/cpufeature: Cleanup get_cpu_cap()
    - x86/cpu: Probe CPUID leaf 6 even when cpuid_level == 6
    - x86/cpufeatures: Add CPUID_7_EDX CPUID leaf
    - x86/cpufeatures: Add Intel feature bits for Speculation Control
    - SAUCE: x86/kvm: Expose SPEC_CTRL from the leaf
    - x86/cpufeatures: Add AMD feature bits for Speculation Control
    - x86/msr: Add definitions for new speculation control MSRs
    - SAUCE: x86/msr: Rename MSR spec control feature bits
    - x86/pti: Do not enable PTI on CPUs which are not vulnerable to Meltdown
    - x86/cpufeature: Blacklist SPEC_CTRL/PRED_CMD on early Spectre v2 microcodes
    - x86/speculation: Add basic IBPB (Indirect Branch Prediction Barrier) support
    - x86/speculation: Add <asm/msr-index.h> dependency
    - x86/cpufeatures: Clean up Spectre v2 related CPUID flags
    - x86/cpuid: Fix up "virtual" IBRS/IBPB/STIBP feature bits on Intel
    - SAUCE: x86/speculation: Move vendor specific IBRS/IBPB control code
    - SAUCE: x86: Add alternative_msr_write
    - SAUCE: x86/nospec: Simplify alternative_msr_write()
    - SAUCE: x86/bugs: Concentrate bug detection into a separate function
    - SAUCE: x86/bugs: Concentrate bug reporting into a separate function
    - arch: Introduce post-init read-only memory
    - SAUCE: x86/bugs: Read SPEC_CTRL MSR during boot and re-use reserved bits
    - SAUCE: x86/bugs, KVM: Support the combination of guest a...

Changed in linux (Ubuntu Xenial):
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers