Xenial update to 4.4.128 stable release

Bug #1765010 reported by Juerg Haefliger on 2018-04-18
This bug affects 1 person
Affects Status Importance Assigned to Milestone
linux (Ubuntu)

Bug Description

SRU Justification

   The upstream process for stable tree updates is quite similar
   in scope to the Ubuntu SRU process, e.g., each patch has to
   demonstrably fix a bug, and each patch is vetted by upstream
   by originating either directly from a mainline/stable Linux tree
   or a minimally backported form of that patch. The 4.4.128 upstream
   stable stable patch set is now available. It should be included
   in the Ubuntu kernel as well.



   The following patches from the 4.4.128 stable release shall be

   * Linux 4.4.128
   * Revert "xhci: plat: Register shutdown for xhci_plat"
   * vrf: Fix use after free and double free in vrf_finish_output
   * ipv6: the entire IPv6 header chain must fit the first fragment
   * net/ipv6: Increment OUTxxx counters after netfilter hook
   * net sched actions: fix dumping which requires several messages to user space
   * r8169: fix setting driver_data after register_netdev
   * vti6: better validate user provided tunnel names
   * ip6_tunnel: better validate user provided tunnel names
   * ip6_gre: better validate user provided tunnel names
   * ipv6: sit: better validate user provided tunnel names
   * ip_tunnel: better validate user provided tunnel names
   * net: fool proof dev_valid_name()
   * bonding: process the err returned by dev_set_allmulti properly in bond_enslave
   * bonding: move dev_mc_sync after master_upper_dev_link in bond_enslave
   * bonding: fix the err path for dev hwaddr sync in bond_enslave
   * vlan: also check phy_driver ts_info for vlan's real device
   * vhost: correctly remove wait queue during poll failure
   * sky2: Increase D3 delay to sky2 stops working after suspend
   * sctp: sctp_sockaddr_af must check minimal addr length for AF_INET6
   * sctp: do not leak kernel memory to user space
   * pptp: remove a buggy dst release in pptp_connect()
   * net/sched: fix NULL dereference in the error path of tcf_bpf_init()
   * netlink: make sure nladdr has correct size in netlink_connect()
   * net/ipv6: Fix route leaking between VRFs
   * net: fix possible out-of-bound read in skb_network_protocol()
   * arp: fix arp_filter on l3slave devices
   * Kbuild: provide a __UNIQUE_ID for clang
   * futex: Remove requirement for lock_page() in get_futex_key()
   * random: use lockless method of accessing and updating f->reg_idx
   * virtio_net: check return value of skb_to_sgvec in one more location
   * virtio_net: check return value of skb_to_sgvec always
   * rxrpc: check return value of skb_to_sgvec always
   * ipsec: check return value of skb_to_sgvec always
   * perf tools: Fix copyfile_offset update of output offset
   * cxgb4vf: Fix SGE FL buffer initialization logic for 64K pages
   * EDAC, mv64x60: Fix an error handling path
   * tty: n_gsm: Allow ADM response in addition to UA for control dlci
   * blk-mq: fix kernel oops in blk_mq_tag_idle()
   * scsi: libsas: initialize sas_phy status according to response of DISCOVER
   * scsi: libsas: fix error when getting phy events
   * scsi: libsas: fix memory leak in sas_smp_get_phy_events()
   * bcache: segregate flash only volume write streams
   * bcache: stop writeback thread after detaching
   * vxlan: dont migrate permanent fdb entries during learn
   * s390/dasd: fix hanging safe offline
   * ACPICA: Disassembler: Abort on an invalid/unknown AML opcode
   * ACPICA: Events: Add runtime stub support for event APIs
   * cpuidle: dt: Add missing 'of_node_put()'
   * Bluetooth: Send HCI Set Event Mask Page 2 command only when needed
   * iio: magnetometer: st_magn_spi: fix spi_device_id table
   * sparc64: ldc abort during vds iso boot
   * sctp: fix recursive locking warning in sctp_do_peeloff
   * bnx2x: Allow vfs to disable txvlan offload
   * xen: avoid type warning in xchg_xen_ulong
   * skbuff: only inherit relevant tx_flags
   * perf tests: Decompress kernel module before objdump
   * net: emac: fix reset timeout with AR8035 phy
   * Fix loop device flush before configure v3
   * MIPS: kprobes: flush_insn_slot should flush only if probe initialised
   * MIPS: mm: adjust PKMAP location
   * MIPS: mm: fixed mappings: correct initialisation
   * perf/core: Correct event creation with PERF_FORMAT_GROUP
   * e1000e: Undo e1000e_pm_freeze if __e1000_shutdown fails
   * ARM: imx: Add MXC_CPU_IMX6ULL and cpu_is_imx6ull
   * net: phy: avoid genphy_aneg_done() for PHYs without clause 22 support
   * mceusb: sporadic RX truncation corruption fix
   * cx25840: fix unchecked return values
   * e1000e: fix race condition around skb_tstamp_tx()
   * tags: honor COMPILED_SOURCE with apart output directory
   * perf report: Ensure the perf DSO mapping matches what libdw sees
   * perf header: Set proper module name when build-id event found
   * net/mlx4: Check if Granular QoS per VF has been enabled before updating QP qos_vport
   * net/mlx4: Fix the check in attaching steering rules
   * sit: reload iphdr in ipip6_rcv
   * skbuff: return -EMSGSIZE in skb_to_sgvec to prevent overflow
   * bio-integrity: Do not allocate integrity context for bio w/o data
   * Fix serial console on SNI RM400 machines
   * cxgb4: fix incorrect cim_la output for T6
   * drm/omap: fix tiled buffer stride calculations
   * mISDN: Fix a sleep-in-atomic bug
   * qlcnic: Fix a sleep-in-atomic bug in qlcnic_82xx_hw_write_wx_2M and qlcnic_82xx_hw_read_wx_2M
   * perf trace: Add mmap alias for s390
   * powerpc/spufs: Fix coredump of SPU contexts
   * clk: Fix __set_clk_rates error print-string
   * clk: scpi: fix return type of __scpi_dvfs_round_rate
   * KVM: SVM: do not zero out segment attributes if segment is unusable or not present
   * net: freescale: fix potential null pointer dereference
   * SUNRPC: ensure correct error is reported by xs_tcp_setup_socket()
   * rtc: interface: Validate alarm-time before handling rollover
   * rtc: opal: Handle disabled TPO in opal_get_tpo_time()
   * cxgb4: FW upgrade fixes
   * net/mlx5: avoid build warning for uniprocessor
   * arm64: futex: Fix undefined behaviour with FUTEX_OP_OPARG_SHIFT usage
   * dmaengine: imx-sdma: Handle return value of clk_prepare_enable
   * powerpc/[booke|4xx]: Don't clobber TCR[WP] when setting TCR[DIE]
   * ovl: filter trusted xattr for non-admin
   * hdlcdrv: Fix divide by zero in hdlcdrv_ioctl
   * wl1251: check return from call to wl1251_acx_arp_ip_filter
   * ASoC: Intel: sst: Fix the return value of 'sst_send_byte_stream_mrfld()'
   * gpio: label descriptors using the device name
   * vfb: fix video mode and line_length being set when loaded
   * scsi: mpt3sas: Proper handling of set/clear of "ATA command pending" flag.
   * scsi: libiscsi: Allow sd_shutdown on bad transport
   * ASoC: Intel: cht_bsw_rt5645: Analog Mic support
   * media: videobuf2-core: don't go out of the buffer range
   * hwmon: (ina2xx) Make calibration register value fixed
   * rds; Reset rs->rs_bound_addr in rds_add_bound() failure path
   * l2tp: fix missing print session offset info
   * perf probe: Add warning message if there is unexpected event name
   * thermal: power_allocator: fix one race condition issue for thermal_instances list
   * ARM: dts: ls1021a: add "fsl,ls1021a-esdhc" compatible string to esdhc node
   * net: llc: add lock_sock in llc_ui_bind to avoid a race condition
   * KVM: nVMX: Fix handling of lmsw instruction
   * bonding: Don't update slave->link until ready to commit
   * Input: elan_i2c - clear INT before resetting controller
   * net: move somaxconn init from sysctl code
   * tcp: better validation of received ack sequences
   * ext4: fix off-by-one on max nr_pages in ext4_find_unwritten_pgoff()
   * fix race in drivers/char/random.c:get_reg()
   * scsi: bnx2fc: fix race condition in bnx2fc_get_host_stats()
   * ASoC: rsnd: SSI PIO adjust to 24bit mode
   * pNFS/flexfiles: missing error code in ff_layout_alloc_lseg()
   * netfilter: ctnetlink: fix incorrect nf_ct_put during hash resize
   * libceph: NULL deref on crush_decode() error path
   * net: ieee802154: fix net_device reference release too early
   * mlx5: fix bug reading rss_hash_type from CQE
   * block: fix an error code in add_partition()
   * selinux: do not check open permission on sockets
   * net/mlx5: Tolerate irq_set_affinity_hint() failures
   * sched/numa: Use down_read_trylock() for the mmap_sem
   * leds: pca955x: Correct I2C Functionality
   * ray_cs: Avoid reading past end of buffer
   * ARM: davinci: da8xx: Create DSP device only when assigned memory
   * md-cluster: fix potential lock issue in add_new_disk
   * ext4: handle the rest of ext4_mb_load_buddy() ENOMEM errors
   * iio: hi8435: cleanup reset gpio
   * iio: hi8435: avoid garbage event at first enable
   * xfrm: fix state migration copy replay sequence numbers
   * selftests/powerpc: Fix TM resched DSCR test with some compilers
   * ath5k: fix memory leak on buf on failed eeprom read
   * powerpc/mm: Fix virt_addr_valid() etc. on 64-bit hash
   * scsi: csiostor: fix use after free in csio_hw_use_fwconfig()
   * sh_eth: Use platform device for printing before register_netdev()
   * serial: sh-sci: Fix race condition causing garbage during shutdown
   * serial: 8250: omap: Disable DMA for console UART
   * USB: ene_usb6250: fix SCSI residue overwriting
   * net: x25: fix one potential use-after-free issue
   * USB: ene_usb6250: fix first command execution
   * usb: chipidea: properly handle host or gadget initialization failure
   * arp: honour gratuitous ARP _replies_
   * neighbour: update neigh timestamps iff update is effective
   * ata: libahci: properly propagate return value of platform_get_irq()
   * btrfs: fix incorrect error return ret being passed to mapping_set_error
   * usb: dwc3: keystone: check return value
   * async_tx: Fix DMA_PREP_FENCE usage in do_async_gen_syndrome()
   * ipv6: avoid dad-failures for addresses with NODAD
   * ARM: dts: imx6qdl-wandboard: Fix audio channel swap
   * x86/tsc: Provide 'tsc=unstable' boot parameter
   * staging: wlan-ng: prism2mgmt.c: fixed a double endian conversion before calling hfa384x_drvr_setconfig16, also fixes relative sparse warning
   * ARM: dts: imx53-qsrb: Pulldown PMIC IRQ pin
   * PowerCap: Fix an error code in powercap_register_zone()
   * bus: brcmstb_gisb: correct support for 64-bit address output
   * bus: brcmstb_gisb: Use register offsets with writes too
   * SMB2: Fix share type handling
   * vmxnet3: ensure that adapter is in proper state during force_close
   * KVM: PPC: Book3S PR: Check copy_to/from_user return values
   * Input: elantech - force relative mode on a certain module
   * Input: elan_i2c - check if device is there before really probing
   * netxen_nic: set rcode to the return status from the call to netxen_issue_cmd
   * net: qca_spi: Fix alignment issues in rx path
   * blk-mq: NVMe 512B/4K+T10 DIF/DIX format returns I/O error on dd with split op
   * CIFS: silence lockdep splat in cifs_relock_file()
   * NFSv4.1: Work around a Linux server bug...
   * net/mlx4_en: Avoid adding steering rules with invalid ring
   * s390: move _text symbol to address higher than zero
   * pidns: disable pid allocation if pid_ns_prepare_proc() is failed in alloc_pid()
   * drivers/misc/vmw_vmci/vmci_queue_pair.c: fix a couple integer overflow tests
   * lockd: fix lockd shutdown race
   * net: ethernet: ti: cpsw: adjust cpsw fifos depth for fullduplex flow control
   * net: cdc_ncm: Fix TX zero padding
   * ipmi_ssif: unlock on allocation failure
   * qlge: Avoid reading past end of buffer
   * bna: Avoid reading past end of buffer
   * mac80211: bail out from prep_connection() if a reconfig is ongoing
   * af_key: Fix slab-out-of-bounds in pfkey_compile_policy.
   * IB/srpt: Fix abort handling
   * x86/asm: Don't use RBP as a temporary register in csum_partial_copy_generic()
   * rtc: snvs: fix an incorrect check of return value
   * md/raid5: make use of spin_lock_irq over local_irq_disable + spin_lock
   * cfg80211: make RATE_INFO_BW_20 the default

Juerg Haefliger (juergh) on 2018-04-18
Changed in linux (Ubuntu):
status: New → Invalid
Juerg Haefliger (juergh) on 2018-04-18
description: updated
Juerg Haefliger (juergh) wrote :

Skipped the following commits because they're already applied:
   * scsi: libiscsi: Allow sd_shutdown on bad transport
   * blk-mq: NVMe 512B/4K+T10 DIF/DIX format returns I/O error on dd with split op

Juerg Haefliger (juergh) wrote :

Skipped the following commit since it introduces a build failure as shown below:
   * perf tests: Decompress kernel module before objdump

  CC tests/llvm-src-base.o
  CC tests/llvm-src-kbuild.o
  LD util/libperf-in.o
tests/code-reading.c: In function 'read_object_code':
tests/code-reading.c:186:19: error: 'KMOD_DECOMP_LEN' undeclared (first use in this function)
  char decomp_name[KMOD_DECOMP_LEN];

Stefan Bader (smb) on 2018-04-19
Changed in linux (Ubuntu Xenial):
importance: Undecided → Medium
status: New → In Progress
Stefan Bader (smb) on 2018-04-19
Changed in linux (Ubuntu Xenial):
status: In Progress → Fix Committed
Launchpad Janitor (janitor) wrote :
Download full text (59.3 KiB)

This bug was fixed in the package linux - 4.4.0-127.153

linux (4.4.0-127.153) xenial; urgency=medium

  * CVE-2018-3639 (powerpc)
    - powerpc/pseries: Support firmware disable of RFI flush
    - powerpc/powernv: Support firmware disable of RFI flush
    - powerpc/rfi-flush: Move the logic to avoid a redo into the debugfs code
    - powerpc/rfi-flush: Make it possible to call setup_rfi_flush() again
    - powerpc/rfi-flush: Always enable fallback flush on pseries
    - powerpc/rfi-flush: Differentiate enabled and patched flush types
    - powerpc/rfi-flush: Call setup_rfi_flush() after LPM migration
    - powerpc/pseries: Add new H_GET_CPU_CHARACTERISTICS flags
    - powerpc: Add security feature flags for Spectre/Meltdown
    - powerpc/pseries: Set or clear security feature flags
    - powerpc/powernv: Set or clear security feature flags
    - powerpc/64s: Move cpu_show_meltdown()
    - powerpc/64s: Enhance the information in cpu_show_meltdown()
    - powerpc/powernv: Use the security flags in pnv_setup_rfi_flush()
    - powerpc/pseries: Use the security flags in pseries_setup_rfi_flush()
    - powerpc/64s: Wire up cpu_show_spectre_v1()
    - powerpc/64s: Wire up cpu_show_spectre_v2()
    - powerpc/pseries: Fix clearing of security feature flags
    - powerpc: Move default security feature flags
    - powerpc/pseries: Restore default security feature flags on setup
    - SAUCE: powerpc/64s: Add support for a store forwarding barrier at kernel

  * CVE-2018-3639 (x86)
    - SAUCE: Clean up IBPB and IBRS control functions and macros
    - SAUCE: Fix up IBPB and IBRS kernel parameters documentation
    - SAUCE: Remove #define X86_FEATURE_PTI
    - x86/cpufeature: Move some of the scattered feature bits to x86_capability
    - x86/cpufeature: Cleanup get_cpu_cap()
    - x86/cpu: Probe CPUID leaf 6 even when cpuid_level == 6
    - x86/cpufeatures: Add CPUID_7_EDX CPUID leaf
    - x86/cpufeatures: Add Intel feature bits for Speculation Control
    - SAUCE: x86/kvm: Expose SPEC_CTRL from the leaf
    - x86/cpufeatures: Add AMD feature bits for Speculation Control
    - x86/msr: Add definitions for new speculation control MSRs
    - SAUCE: x86/msr: Rename MSR spec control feature bits
    - x86/pti: Do not enable PTI on CPUs which are not vulnerable to Meltdown
    - x86/cpufeature: Blacklist SPEC_CTRL/PRED_CMD on early Spectre v2 microcodes
    - x86/speculation: Add basic IBPB (Indirect Branch Prediction Barrier) support
    - x86/speculation: Add <asm/msr-index.h> dependency
    - x86/cpufeatures: Clean up Spectre v2 related CPUID flags
    - x86/cpuid: Fix up "virtual" IBRS/IBPB/STIBP feature bits on Intel
    - SAUCE: x86/speculation: Move vendor specific IBRS/IBPB control code
    - SAUCE: x86: Add alternative_msr_write
    - SAUCE: x86/nospec: Simplify alternative_msr_write()
    - SAUCE: x86/bugs: Concentrate bug detection into a separate function
    - SAUCE: x86/bugs: Concentrate bug reporting into a separate function
    - arch: Introduce post-init read-only memory
    - SAUCE: x86/bugs: Read SPEC_CTRL MSR during boot and re-use reserved bits
    - SAUCE: x86/bugs, KVM: Support the combination of guest a...

Changed in linux (Ubuntu Xenial):
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers