Ubuntu
linux package

Xenial update to 4.4.134 stable release

Bug #1775771 reported by Juerg Haefliger on 2018-06-08

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	linux (Ubuntu)	Invalid	Undecided	Unassigned
	Xenial	Fix Released	Undecided	Unassigned

Bug Description

SRU Justification

Impact:
   The upstream process for stable tree updates is quite similar
   in scope to the Ubuntu SRU process, e.g., each patch has to
   demonstrably fix a bug, and each patch is vetted by upstream
   by originating either directly from a mainline/stable Linux tree
   or a minimally backported form of that patch. The 4.4.134 upstream
   stable stable patch set is now available. It should be included
   in the Ubuntu kernel as well.

git://git.kernel.org/

TEST CASE: TBD

The following patches from the 4.4.134 stable release shall be
applied:

  * Linux 4.4.134
  * s390/ftrace: use expoline for indirect branches
  * kdb: make "mdr" command repeat
  * Bluetooth: btusb: Add device ID for RTL8822BE
  * ASoC: samsung: i2s: Ensure the RCLK rate is properly determined
  * regulator: of: Add a missing 'of_node_put()' in an error handling path of 'of_regulator_match()'
  * scsi: lpfc: Fix frequency of Release WQE CQEs
  * scsi: lpfc: Fix soft lockup in lpfc worker thread during LIP testing
  * scsi: lpfc: Fix issue_lip if link is disabled
  * netlabel: If PF_INET6, check sk_buff ip header version
  * selftests/net: fixes psock_fanout eBPF test case
  * perf report: Fix memory corruption in --branch-history mode --branch-history
  * perf tests: Use arch__compare_symbol_names to compare symbols
  * x86/apic: Set up through-local-APIC mode on the boot CPU if 'noapic' specified
  * drm/rockchip: Respect page offset for PRIME mmap calls
  * MIPS: Octeon: Fix logging messages with spurious periods after newlines
  * audit: return on memory error to avoid null pointer dereference
  * crypto: sunxi-ss - Add MODULE_ALIAS to sun4i-ss
  * clk: samsung: exynos3250: Fix PLL rates
  * clk: samsung: exynos5250: Fix PLL rates
  * clk: samsung: exynos5433: Fix PLL rates
  * clk: samsung: exynos5260: Fix PLL rates
  * clk: samsung: s3c2410: Fix PLL rates
  * media: cx25821: prevent out-of-bounds read on array card
  * udf: Provide saner default for invalid uid / gid
  * PCI: Add function 1 DMA alias quirk for Marvell 88SE9220
  * serial: arc_uart: Fix out-of-bounds access through DT alias
  * serial: fsl_lpuart: Fix out-of-bounds access through DT alias
  * serial: imx: Fix out-of-bounds access through serial port index
  * serial: mxs-auart: Fix out-of-bounds access through serial port index
  * serial: samsung: Fix out-of-bounds access through serial port index
  * serial: xuartps: Fix out-of-bounds access through DT alias
  * rtc: tx4939: avoid unintended sign extension on a 24 bit shift
  * staging: rtl8192u: return -ENOMEM on failed allocation of priv->oldaddr
  * hwrng: stm32 - add reset during probe
  * enic: enable rq before updating rq descriptors
  * clk: rockchip: Prevent calculating mmc phase if clock rate is zero
  * media: em28xx: USB bulk packet size fix
  * dmaengine: pl330: fix a race condition in case of threaded irqs
  * media: s3c-camif: fix out-of-bounds array access
  * media: cx23885: Set subdev host data to clk_freq pointer
  * media: cx23885: Override 888 ImpactVCBe crystal frequency
  * ALSA: vmaster: Propagate slave error
  * x86/devicetree: Fix device IRQ settings in DT
  * x86/devicetree: Initialize device tree before using it
  * usb: gadget: composite: fix incorrect handling of OS desc requests
  * usb: gadget: udc: change comparison to bitshift when dealing with a mask
  * gfs2: Fix fallocate chunk size
  * cdrom: do not call check_disk_change() inside cdrom_open()
  * hwmon: (pmbus/adm1275) Accept negative page register values
  * hwmon: (pmbus/max8688) Accept negative page register values
  * perf/core: Fix perf_output_read_group()
  * ASoC: topology: create TLV data for dapm widgets
  * powerpc: Add missing prototype for arch_irq_work_raise()
  * usb: gadget: ffs: Execute copy_to_user() with USER_DS set
  * usb: gadget: ffs: Let setup() return USB_GADGET_DELAYED_STATUS
  * usb: dwc2: Fix interval type issue
  * ipmi_ssif: Fix kernel panic at msg_done_handler
  * PCI: Restore config space on runtime resume despite being unbound
  * MIPS: ath79: Fix AR724X_PLL_REG_PCIE_CONFIG offset
  * xhci: zero usb device slot_id member when disabling and freeing a xhci slot
  * KVM: lapic: stop advertising DIRECTED_EOI when in-kernel IOAPIC is in use
  * i2c: mv64xxx: Apply errata delay only in standard mode
  * ACPICA: acpi: acpica: fix acpi operand cache leak in nseval.c
  * ACPICA: Events: add a return on failure from acpi_hw_register_read
  * bcache: quit dc->writeback_thread when BCACHE_DEV_DETACHING is set
  * zorro: Set up z->dev.dma_mask for the DMA API
  * clk: Don't show the incorrect clock phase
  * cpufreq: cppc_cpufreq: Fix cppc_cpufreq_init() failure path
  * usb: dwc3: Update DWC_usb31 GTXFIFOSIZ reg fields
  * arm: dts: socfpga: fix GIC PPI warning
  * virtio-net: Fix operstate for virtio when no VIRTIO_NET_F_STATUS
  * ima: Fallback to the builtin hash algorithm
  * ima: Fix Kconfig to select TPM 2.0 CRB interface
  * ath10k: Fix kernel panic while using worker (ath10k_sta_rc_update_wk)
  * net/mlx5: Protect from command bit overflow
  * selftests: Print the test we're running to /dev/kmsg
  * tools/thermal: tmon: fix for segfault
  * powerpc/perf: Fix kernel address leak via sampling registers
  * powerpc/perf: Prevent kernel address leak to userspace via BHRB buffer
  * rtc: hctosys: Ensure system time doesn't overflow time_t
  * hwmon: (nct6775) Fix writing pwmX_mode
  * parisc/pci: Switch LBA PCI bus from Hard Fail to Soft Fail mode
  * m68k: set dma and coherent masks for platform FEC ethernets
  * powerpc/mpic: Check if cpu_possible() in mpic_physmask()
  * ACPI: acpi_pad: Fix memory leak in power saving threads
  * xen/acpi: off by one in read_acpi_id()
  * btrfs: fix lockdep splat in btrfs_alloc_subvolume_writers
  * Btrfs: fix copy_items() return value when logging an inode
  * btrfs: tests/qgroup: Fix wrong tree backref level
  * Bluetooth: btusb: Add USB ID 7392:a611 for Edimax EW-7611ULB
  * net: bgmac: Fix endian access in bgmac_dma_tx_ring_free()
  * rtc: snvs: Fix usage of snvs_rtc_enable
  * sparc64: Make atomic_xchg() an inline function rather than a macro.
  * fscache: Fix hanging wait on page discarded by writeback
  * KVM: VMX: raise internal error for exception during invalid protected mode state
  * sched/rt: Fix rq->clock_update_flags < RQCF_ACT_SKIP warning
  * ocfs2/dlm: don't handle migrate lockres if already in shutdown
  * btrfs: Fix possible softlock on single core machines
  * Btrfs: fix NULL pointer dereference in log_dir_items
  * Btrfs: bail out on error during replay_dir_deletes
  * mm: fix races between address_space dereference and free in page_evicatable
  * mm/ksm: fix interaction with THP
  * dp83640: Ensure against premature access to PHY registers after reset
  * scsi: aacraid: Insure command thread is not recursively stopped
  * cpufreq: CPPC: Initialize shared perf capabilities of CPUs
  * Force log to disk before reading the AGF during a fstrim
  * sr: get/drop reference to device in revalidate and check_events
  * swap: divide-by-zero when zero length swap file on ssd
  * fs/proc/proc_sysctl.c: fix potential page fault while unregistering sysctl table
  * x86/pgtable: Don't set huge PUD/PMD on non-leaf entries
  * sh: fix debug trap failure to process signals before return to user
  * net: mvneta: fix enable of all initialized RXQs
  * net: Fix untag for vlan packets without ethernet header
  * mm/kmemleak.c: wait for scan completion before disabling free
  * llc: properly handle dev_queue_xmit() return value
  * net-usb: add qmi_wwan if on lte modem wistron neweb d18q1
  * net/usb/qmi_wwan.c: Add USB id for lt4120 modem
  * net: qmi_wwan: add BroadMobi BM806U 2020:2033
  * ARM: 8748/1: mm: Define vdso_start, vdso_end as array
  * batman-adv: fix packet loss for broadcasted DHCP packets to a server
  * batman-adv: fix multicast-via-unicast transmission with AP isolation
  * selftests: ftrace: Add a testcase for probepoint
  * selftests: ftrace: Add a testcase for string type with kprobe_event
  * selftests: ftrace: Add probe event argument syntax testcase
  * mm/mempolicy.c: avoid use uninitialized preferred_node
  * RDMA/ucma: Correct option size check using optlen
  * perf/cgroup: Fix child event counting bug
  * vti4: Don't override MTU passed on link creation via IFLA_MTU
  * vti4: Don't count header length twice on tunnel setup
  * batman-adv: fix header size check in batadv_dbg_arp()
  * net: Fix vlan untag for bridge and vlan_dev with reorder_hdr off
  * sunvnet: does not support GSO for sctp
  * ipv4: lock mtu in fnhe when received PMTU < net.ipv4.route.min_pmtu
  * workqueue: use put_device() instead of kfree()
  * bnxt_en: Check valid VNIC ID in bnxt_hwrm_vnic_set_tpa().
  * netfilter: ebtables: fix erroneous reject of last rule
  * USB: OHCI: Fix NULL dereference in HCDs using HCD_LOCAL_MEM
  * xen: xenbus: use put_device() instead of kfree()
  * fbdev: Fixing arbitrary kernel leak in case FBIOGETCMAP_SPARC in sbusfb_ioctl_helper().
  * scsi: sd: Keep disk read-only when re-reading partition
  * scsi: mpt3sas: Do not mark fw_event workqueue as WQ_MEM_RECLAIM
  * usb: musb: call pm_runtime_{get,put}_sync before reading vbus registers
  * e1000e: allocate ring descriptors with dma_zalloc_coherent
  * e1000e: Fix check_for_link return value with autoneg off
  * watchdog: f71808e_wdt: Fix magic close handling
  * KVM: PPC: Book3S HV: Fix VRMA initialization with 2MB or 1GB memory backing
  * selftests/powerpc: Skip the subpage_prot tests if the syscall is unavailable
  * Btrfs: send, fix issuing write op when processing hole in no data mode
  * xen/pirq: fix error path cleanup when binding MSIs
  * net/tcp/illinois: replace broken algorithm reference link
  * gianfar: Fix Rx byte accounting for ndev stats
  * sit: fix IFLA_MTU ignored on NEWLINK
  * bcache: fix kcrashes with fio in RAID5 backend dev
  * dmaengine: rcar-dmac: fix max_chunk_size for R-Car Gen3
  * virtio-gpu: fix ioctl and expose the fixed status to userspace.
  * r8152: fix tx packets accounting
  * clocksource/drivers/fsl_ftm_timer: Fix error return checking
  * nvme-pci: Fix nvme queue cleanup if IRQ setup fails
  * netfilter: ebtables: convert BUG_ONs to WARN_ONs
  * batman-adv: invalidate checksum on fragment reassembly
  * batman-adv: fix packet checksum in receive path
  * md/raid1: fix NULL pointer dereference
  * media: dmxdev: fix error code for invalid ioctls
  * x86/topology: Update the 'cpu cores' field in /proc/cpuinfo correctly across CPU hotplug operations
  * locking/xchg/alpha: Fix xchg() and cmpxchg() memory ordering bugs
  * regulatory: add NUL to request alpha2
  * smsc75xx: fix smsc75xx_set_features()
  * ARM: OMAP: Fix dmtimer init for omap1
  * s390/cio: clear timer when terminating driver I/O
  * s390/cio: fix return code after missing interrupt
  * powerpc/bpf/jit: Fix 32-bit JIT for seccomp_data access
  * kernel/relay.c: limit kmalloc size to KMALLOC_MAX_SIZE
  * md: raid5: avoid string overflow warning
  * locking/xchg/alpha: Add unconditional memory barrier to cmpxchg()
  * usb: musb: fix enumeration after resume
  * drm/exynos: fix comparison to bitshift when dealing with a mask
  * md raid10: fix NULL deference in handle_write_completed()
  * mac80211: round IEEE80211_TX_STATUS_HEADROOM up to multiple of 4
  * NFC: llcp: Limit size of SDP URI
  * ARM: OMAP1: clock: Fix debugfs_create_*() usage
  * ARM: OMAP3: Fix prm wake interrupt for resume
  * ARM: OMAP2+: timer: fix a kmemleak caused in omap_get_timer_dt
  * scsi: qla4xxx: skip error recovery in case of register disconnect.
  * scsi: aacraid: fix shutdown crash when init fails
  * scsi: storvsc: Increase cmd_per_lun for higher speed devices
  * selftests: memfd: add config fragment for fuse
  * usb: dwc2: Fix dwc2_hsotg_core_init_disconnected()
  * usb: gadget: fsl_udc_core: fix ep valid checks
  * usb: gadget: f_uac2: fix bFirstInterface in composite gadget
  * ARC: Fix malformed ARC_EMUL_UNALIGNED default
  * scsi: qla2xxx: Avoid triggering undefined behavior in qla2x00_mbx_completion()
  * scsi: mptfusion: Add bounds check in mptctl_hp_targetinfo()
  * scsi: sym53c8xx_2: iterator underflow in sym_getsync()
  * scsi: bnx2fc: Fix check in SCSI completion handler for timed out request
  * scsi: ufs: Enable quirk to ignore sending WRITE_SAME command
  * irqchip/gic-v3: Change pr_debug message to pr_devel
  * locking/qspinlock: Ensure node->count is updated before initialising node
  * tools/libbpf: handle issues with bpf ELF objects containing .eh_frames
  * bcache: return attach error when no cache set exist
  * bcache: fix for data collapse after re-attaching an attached device
  * bcache: fix for allocator and register thread race
  * bcache: properly set task state in bch_writeback_thread()
  * cifs: silence compiler warnings showing up with gcc-8.0.0
  * proc: fix /proc/*/map_files lookup
  * arm64: spinlock: Fix theoretical trylock() A-B-A with LSE atomics
  * RDS: IB: Fix null pointer issue
  * xen/grant-table: Use put_page instead of free_page
  * xen-netfront: Fix race between device setup and open
  * MIPS: TXx9: use IS_BUILTIN() for CONFIG_LEDS_CLASS
  * bpf: fix selftests/bpf test_kmod.sh failure when CONFIG_BPF_JIT_ALWAYS_ON=y
  * ACPI: processor_perflib: Do not send _PPC change notification if not ready
  * firmware: dmi_scan: Fix handling of empty DMI strings
  * x86/power: Fix swsusp_arch_resume prototype
  * IB/ipoib: Fix for potential no-carrier state
  * mm: pin address_space before dereferencing it while isolating an LRU page
  * asm-generic: provide generic_pmdp_establish()
  * mm/mempolicy: add nodes_empty check in SYSC_migrate_pages
  * mm/mempolicy: fix the check of nodemask from user
  * ocfs2: return error when we attempt to access a dirty bh in jbd2
  * ocfs2/acl: use 'ip_xattr_sem' to protect getting extended attribute
  * ocfs2: return -EROFS to mount.ocfs2 if inode block is invalid
  * ntb_transport: Fix bug with max_mw_size parameter
  * RDMA/mlx5: Avoid memory leak in case of XRCD dealloc failure
  * powerpc/numa: Ensure nodes initialized for hotplug
  * powerpc/numa: Use ibm,max-associativity-domains to discover possible nodes
  * jffs2: Fix use-after-free bug in jffs2_iget()'s error handling path
  * HID: roccat: prevent an out of bounds read in kovaplus_profile_activated()
  * scsi: fas216: fix sense buffer initialization
  * Btrfs: fix scrub to repair raid6 corruption
  * btrfs: Fix out of bounds access in btrfs_search_slot
  * Btrfs: set plug for fsync
  * ipmi/powernv: Fix error return code in ipmi_powernv_probe()
  * mac80211_hwsim: fix possible memory leak in hwsim_new_radio_nl()
  * kconfig: Fix expr_free() E_NOT leak
  * kconfig: Fix automatic menu creation mem leak
  * kconfig: Don't leak main menus during parsing
  * watchdog: sp5100_tco: Fix watchdog disable bit
  * nfs: Do not convert nfs_idmap_cache_timeout to jiffies
  * dm thin: fix documentation relative to low water mark threshold
  * tools lib traceevent: Fix get_field_str() for dynamic strings
  * perf callchain: Fix attr.sample_max_stack setting
  * tools lib traceevent: Simplify pointer print logic and fix %pF
  * PCI: Add function 1 DMA alias quirk for Marvell 9128
  * tracing/hrtimer: Fix tracing bugs by taking all clock bases and modes into account
  * kvm: x86: fix KVM_XEN_HVM_CONFIG ioctl
  * ASoC: au1x: Fix timeout tests in au1xac97c_ac97_read()
  * ALSA: hda - Use IS_REACHABLE() for dependency on input
  * NFSv4: always set NFS_LOCK_LOST when a lock is lost.
  * firewire-ohci: work around oversized DMA reads on JMicron controllers
  * do d_instantiate/unlock_new_inode combinations safely
  * xfs: remove racy hasattr check from attr ops
  * kernel/signal.c: avoid undefined behaviour in kill_something_info
  * kernel/sys.c: fix potential Spectre v1 issue
  * kasan: fix memory hotplug during boot
  * ipc/shm: fix shmat() nil address after round-down when remapping
  * Revert "ipc/shm: Fix shmat mmap nil-page protection"
  * xen-swiotlb: fix the check condition for xen_swiotlb_free_coherent
  * libata: blacklist Micron 500IT SSD with MU01 firmware
  * libata: Blacklist some Sandisk SSDs for NCQ
  * mmc: sdhci-iproc: fix 32bit writes for TRANSFER_MODE register
  * ALSA: timer: Fix pause event notification
  * aio: fix io_destroy(2) vs. lookup_ioctx() race
  * affs_lookup(): close a race with affs_remove_link()
  * KVM: Fix spelling mistake: "cop_unsuable" -> "cop_unusable"
  * MIPS: Fix ptrace(2) PTRACE_PEEKUSR and PTRACE_POKEUSR accesses to o32 FGRs
  * MIPS: ptrace: Expose FIR register through FP regset

See original description

Tags:

CVE References

Juerg Haefliger (juergh) on 2018-06-08

Changed in linux (Ubuntu):
status:	New → Invalid

Revision history for this message

Juerg Haefliger (juergh) wrote on 2018-06-08:

List of previously applied patches:
  * mac80211_hwsim: fix possible memory leak in hwsim_new_radio_nl()
  * bpf: fix selftests/bpf test_kmod.sh failure when CONFIG_BPF_JIT_ALWAYS_ON=y
  * virtio-net: Fix operstate for virtio when no VIRTIO_NET_F_STATUS

Juerg Haefliger (juergh) on 2018-06-08

description:

updated

Kleber Sacilotto de Souza (kleber-souza) on 2018-06-08

Changed in linux (Ubuntu Xenial):
status:	New → Fix Committed

Revision history for this message

Launchpad Janitor (janitor) wrote on 2018-07-02:

Download full text (29.8 KiB)

This bug was fixed in the package linux - 4.4.0-130.156

---------------
linux (4.4.0-130.156) xenial; urgency=medium

* linux: 4.4.0-130.156 -proposed tracker (LP: #1776822)

  * CVE-2018-3665 (x86)
    - x86/fpu: Fix early FPU command-line parsing
    - x86/fpu: Fix 'no387' regression
    - x86/fpu: Disable MPX when eagerfpu is off
    - x86/fpu: Default eagerfpu=on on all CPUs
    - x86/fpu: Fix FNSAVE usage in eagerfpu mode
    - x86/fpu: Fix math emulation in eager fpu mode
    - x86/fpu: Fix eager-FPU handling on legacy FPU machines

linux (4.4.0-129.155) xenial; urgency=medium

* linux: 4.4.0-129.155 -proposed tracker (LP: #1776352)

This bug was fixed in the package linux - 4.4.0-130.156

---------------
linux (4.4.0-130.156) xenial; urgency=medium

* linux: 4.4.0-130.156 -proposed tracker (LP: #1776822)

linux (4.4.0-129.155) xenial; urgency=medium

* linux: 4.4.0-129.155 -proposed tracker (LP: #1776352)

* Xenial update to 4.4.134 stable release (LP: #1775771)
    - MIPS: ptrace: Expose FIR register through FP regset
    - MIPS: Fix ptrace(2) PTRACE_PEEKUSR and PTRACE_POKEUSR accesses to o32 FGRs
    - KVM: Fix spelling mistake: "cop_unsuable" -> "cop_unusable"
    - affs_lookup(): close a race with affs_remove_link()
    - aio: fix io_destroy(2) vs. lookup_ioctx() race
    - ALSA: timer: Fix pause event notification
    - mmc: sdhci-iproc: fix 32bit writes for TRANSFER_MODE register
    - libata: Blacklist some Sandisk SSDs for NCQ
    - libata: blacklist Micron 500IT SSD with MU01 firmware
    - xen-swiotlb: fix the check condition for xen_swiotlb_free_coherent
    - Revert "ipc/shm: Fix shmat mmap nil-page protection"
    - ipc/shm: fix shmat() nil address after round-down when remapping
    - kasan: fix memory hotplug during boot
    - kernel/sys.c: fix potential Spectre v1 issue
    - kernel/signal.c: avoid undefined behaviour in kill_something_info
    - xfs: remove racy hasattr check from attr ops
    - do d_instantiate/unlock_new_inode combinations safely
    - firewire-ohci: work around oversized DMA reads on JMicron controllers
    - NFSv4: always set NFS_LOCK_LOST when a lock is lost.
    - ALSA: hda - Use IS_REACHABLE() for dependency on input
    - ASoC: au1x: Fix timeout tests in au1xac97c_ac97_read()
    - kvm: x86: fix KVM_XEN_HVM_CONFIG ioctl
    - tracing/hrtimer: Fix tracing bugs by taking all clock bases and modes into
      account
    - PCI: Add function 1 DMA alias quirk for Marvell 9128
    - tools lib traceevent: Simplify pointer print logic and fix %pF
    - perf callchain: Fix attr.sample_max_stack setting
    - tools lib traceevent: Fix get_field_str() for dynamic strings
    - dm thin: fix documentation relative to low water mark threshold
    - nfs: Do not convert nfs_idmap_cache_timeout to jiffies
    - watchdog: sp5100_tco: Fix watchdog disable bit
    - kconfig: Don't leak main menus during parsing
    - kconfig: Fix automatic menu creation mem leak
    - kconfig: Fix expr_free() E_NOT leak
    - ipmi/powernv: Fix error return code in ipmi_powernv_probe()
    - Btrfs: set plug for fsync
    - btrfs: Fix out of bounds access in btrfs_search_slot
    - Btrfs: fix scrub to repair raid6 corruption
    - scsi: fas216: fix sense buffer initialization
    - HID: roccat: prevent an out of bounds read in kovaplus_profile_activated()
    - jffs2: Fix use-after-free bug in jffs2_iget()'s error handling path
    - powerpc/numa: Use ibm,max-associativity-domains to discover possible nodes
    - powerpc/numa: Ensure nodes initialized for hotplug
    - RDMA/mlx5: Avoid memory leak in case of XRCD dealloc failure
    - ntb_transport: Fix bug with max_mw_size parameter
    - ocfs2: return -EROFS to mount.ocfs2 if inode block is invalid
    - ocfs2/acl: use 'ip_xattr_sem' to protect getting extended attribute
    - ocfs2: return error when we attempt to access a dirty bh in jbd2
    - mm/mempolicy: fix the check of nodemask from user
    - mm/mempolicy: add nodes_empty check in SYSC_migrate_pages
    - asm-generic: provide generic_pmdp_establish()
    - mm: pin address_space before dereferencing it while isolating an LRU page
    - IB/ipoib: Fix for potential no-carrier state
    - x86/power: Fix swsusp_arch_resume prototype
    - firmware: dmi_scan: Fix handling of empty DMI strings
    - ACPI: processor_perflib: Do not send _PPC change notification if not ready
    - MIPS: TXx9: use IS_BUILTIN() for CONFIG_LEDS_CLASS
    - xen-netfront: Fix race between device setup and open
    - xen/grant-table: Use put_page instead of free_page
    - RDS: IB: Fix null pointer issue
    - arm64: spinlock: Fix theoretical trylock() A-B-A with LSE atomics
    - proc: fix /proc/*/map_files lookup
    - cifs: silence compiler warnings showing up with gcc-8.0.0
    - bcache: properly set task state in bch_writeback_thread()
    - bcache: fix for allocator and register thread race
    - bcache: fix for data collapse after re-attaching an attached device
    - bcache: return attach error when no cache set exist
    - tools/libbpf: handle issues with bpf ELF objects containing .eh_frames
    - locking/qspinlock: Ensure node->count is updated before initialising node
    - irqchip/gic-v3: Change pr_debug message to pr_devel
    - scsi: ufs: Enable quirk to ignore sending WRITE_SAME command
    - scsi: bnx2fc: Fix check in SCSI completion handler for timed out request
    - scsi: sym53c8xx_2: iterator underflow in sym_getsync()
    - scsi: mptfusion: Add bounds check in mptctl_hp_targetinfo()
    - scsi: qla2xxx: Avoid triggering undefined behavior in
      qla2x00_mbx_completion()
    - ARC: Fix malformed ARC_EMUL_UNALIGNED default
    - usb: gadget: f_uac2: fix bFirstInterface in composite gadget
    - usb: gadget: fsl_udc_core: fix ep valid checks
    - usb: dwc2: Fix dwc2_hsotg_core_init_disconnected()
    - selftests: memfd: add config fragment for fuse
    - scsi: storvsc: Increase cmd_per_lun for higher speed devices
    - scsi: aacraid: fix shutdown crash when init fails
    - scsi: qla4xxx: skip error recovery in case of register disconnect.
    - ARM: OMAP2+: timer: fix a kmemleak caused in omap_get_timer_dt
    - ARM: OMAP3: Fix prm wake interrupt for resume
    - ARM: OMAP1: clock: Fix debugfs_create_*() usage
    - NFC: llcp: Limit size of SDP URI
    - mac80211: round IEEE80211_TX_STATUS_HEADROOM up to multiple of 4
    - md raid10: fix NULL deference in handle_write_completed()
    - drm/exynos: fix comparison to bitshift when dealing with a mask
    - usb: musb: fix enumeration after resume
    - locking/xchg/alpha: Add unconditional memory barrier to cmpxchg()
    - md: raid5: avoid string overflow warning
    - kernel/relay.c: limit kmalloc size to KMALLOC_MAX_SIZE
    - powerpc/bpf/jit: Fix 32-bit JIT for seccomp_data access
    - s390/cio: fix return code after missing interrupt
    - s390/cio: clear timer when terminating driver I/O
    - ARM: OMAP: Fix dmtimer init for omap1
    - smsc75xx: fix smsc75xx_set_features()
    - regulatory: add NUL to request alpha2
    - locking/xchg/alpha: Fix xchg() and cmpxchg() memory ordering bugs
    - x86/topology: Update the 'cpu cores' field in /proc/cpuinfo correctly across
      CPU hotplug operations
    - media: dmxdev: fix error code for invalid ioctls
    - md/raid1: fix NULL pointer dereference
    - batman-adv: fix packet checksum in receive path
    - batman-adv: invalidate checksum on fragment reassembly
    - netfilter: ebtables: convert BUG_ONs to WARN_ONs
    - nvme-pci: Fix nvme queue cleanup if IRQ setup fails
    - clocksource/drivers/fsl_ftm_timer: Fix error return checking
    - r8152: fix tx packets accounting
    - virtio-gpu: fix ioctl and expose the fixed status to userspace.
    - dmaengine: rcar-dmac: fix max_chunk_size for R-Car Gen3
    - bcache: fix kcrashes with fio in RAID5 backend dev
    - sit: fix IFLA_MTU ignored on NEWLINK
    - gianfar: Fix Rx byte accounting for ndev stats
    - net/tcp/illinois: replace broken algorithm reference link
    - xen/pirq: fix error path cleanup when binding MSIs
    - Btrfs: send, fix issuing write op when processing hole in no data mode
    - selftests/powerpc: Skip the subpage_prot tests if the syscall is unavailable
    - KVM: PPC: Book3S HV: Fix VRMA initialization with 2MB or 1GB memory backing
    - watchdog: f71808e_wdt: Fix magic close handling
    - e1000e: Fix check_for_link return value with autoneg off
    - e1000e: allocate ring descriptors with dma_zalloc_coherent
    - usb: musb: call pm_runtime_{get,put}_sync before reading vbus registers
    - scsi: mpt3sas: Do not mark fw_event workqueue as WQ_MEM_RECLAIM
    - scsi: sd: Keep disk read-only when re-reading partition
    - fbdev: Fixing arbitrary kernel leak in case FBIOGETCMAP_SPARC in
      sbusfb_ioctl_helper().
    - xen: xenbus: use put_device() instead of kfree()
    - USB: OHCI: Fix NULL dereference in HCDs using HCD_LOCAL_MEM
    - netfilter: ebtables: fix erroneous reject of last rule
    - bnxt_en: Check valid VNIC ID in bnxt_hwrm_vnic_set_tpa().
    - workqueue: use put_device() instead of kfree()
    - ipv4: lock mtu in fnhe when received PMTU < net.ipv4.route.min_pmtu
    - sunvnet: does not support GSO for sctp
    - net: Fix vlan untag for bridge and vlan_dev with reorder_hdr off
    - batman-adv: fix header size check in batadv_dbg_arp()
    - vti4: Don't count header length twice on tunnel setup
    - vti4: Don't override MTU passed on link creation via IFLA_MTU
    - perf/cgroup: Fix child event counting bug
    - RDMA/ucma: Correct option size check using optlen
    - mm/mempolicy.c: avoid use uninitialized preferred_node
    - selftests: ftrace: Add probe event argument syntax testcase
    - selftests: ftrace: Add a testcase for string type with kprobe_event
    - selftests: ftrace: Add a testcase for probepoint
    - batman-adv: fix multicast-via-unicast transmission with AP isolation
    - batman-adv: fix packet loss for broadcasted DHCP packets to a server
    - ARM: 8748/1: mm: Define vdso_start, vdso_end as array
    - net: qmi_wwan: add BroadMobi BM806U 2020:2033
    - net/usb/qmi_wwan.c: Add USB id for lt4120 modem
    - net-usb: add qmi_wwan if on lte modem wistron neweb d18q1
    - llc: properly handle dev_queue_xmit() return value
    - mm/kmemleak.c: wait for scan completion before disabling free
    - net: Fix untag for vlan packets without ethernet header
    - net: mvneta: fix enable of all initialized RXQs
    - sh: fix debug trap failure to process signals before return to user
    - x86/pgtable: Don't set huge PUD/PMD on non-leaf entries
    - fs/proc/proc_sysctl.c: fix potential page fault while unregistering sysctl
      table
    - swap: divide-by-zero when zero length swap file on ssd
    - sr: get/drop reference to device in revalidate and check_events
    - Force log to disk before reading the AGF during a fstrim
    - cpufreq: CPPC: Initialize shared perf capabilities of CPUs
    - scsi: aacraid: Insure command thread is not recursively stopped
    - dp83640: Ensure against premature access to PHY registers after reset
    - mm/ksm: fix interaction with THP
    - mm: fix races between address_space dereference and free in page_evicatable
    - Btrfs: bail out on error during replay_dir_deletes
    - Btrfs: fix NULL pointer dereference in log_dir_items
    - btrfs: Fix possible softlock on single core machines
    - ocfs2/dlm: don't handle migrate lockres if already in shutdown
    - sched/rt: Fix rq->clock_update_flags < RQCF_ACT_SKIP warning
    - KVM: VMX: raise internal error for exception during invalid protected mode
      state
    - fscache: Fix hanging wait on page discarded by writeback
    - sparc64: Make atomic_xchg() an inline function rather than a macro.
    - rtc: snvs: Fix usage of snvs_rtc_enable
    - net: bgmac: Fix endian access in bgmac_dma_tx_ring_free()
    - Bluetooth: btusb: Add USB ID 7392:a611 for Edimax EW-7611ULB
    - btrfs: tests/qgroup: Fix wrong tree backref level
    - Btrfs: fix copy_items() return value when logging an inode
    - btrfs: fix lockdep splat in btrfs_alloc_subvolume_writers
    - xen/acpi: off by one in read_acpi_id()
    - ACPI: acpi_pad: Fix memory leak in power saving threads
    - powerpc/mpic: Check if cpu_possible() in mpic_physmask()
    - m68k: set dma and coherent masks for platform FEC ethernets
    - parisc/pci: Switch LBA PCI bus from Hard Fail to Soft Fail mode
    - hwmon: (nct6775) Fix writing pwmX_mode
    - rtc: hctosys: Ensure system time doesn't overflow time_t
    - powerpc/perf: Prevent kernel address leak to userspace via BHRB buffer
    - powerpc/perf: Fix kernel address leak via sampling registers
    - tools/thermal: tmon: fix for segfault
    - selftests: Print the test we're running to /dev/kmsg
    - net/mlx5: Protect from command bit overflow
    - ath10k: Fix kernel panic while using worker (ath10k_sta_rc_update_wk)
    - ima: Fix Kconfig to select TPM 2.0 CRB interface
    - [Config] CONFIG_TCG_CRB=y
    - ima: Fallback to the builtin hash algorithm
    - arm: dts: socfpga: fix GIC PPI warning
    - usb: dwc3: Update DWC_usb31 GTXFIFOSIZ reg fields
    - cpufreq: cppc_cpufreq: Fix cppc_cpufreq_init() failure path
    - clk: Don't show the incorrect clock phase
    - zorro: Set up z->dev.dma_mask for the DMA API
    - bcache: quit dc->writeback_thread when BCACHE_DEV_DETACHING is set
    - ACPICA: Events: add a return on failure from acpi_hw_register_read
    - ACPICA: acpi: acpica: fix acpi operand cache leak in nseval.c
    - i2c: mv64xxx: Apply errata delay only in standard mode
    - KVM: lapic: stop advertising DIRECTED_EOI when in-kernel IOAPIC is in use
    - xhci: zero usb device slot_id member when disabling and freeing a xhci slot
    - MIPS: ath79: Fix AR724X_PLL_REG_PCIE_CONFIG offset
    - PCI: Restore config space on runtime resume despite being unbound
    - ipmi_ssif: Fix kernel panic at msg_done_handler
    - usb: dwc2: Fix interval type issue
    - usb: gadget: ffs: Let setup() return USB_GADGET_DELAYED_STATUS
    - usb: gadget: ffs: Execute copy_to_user() with USER_DS set
    - powerpc: Add missing prototype for arch_irq_work_raise()
    - ASoC: topology: create TLV data for dapm widgets
    - perf/core: Fix perf_output_read_group()
    - hwmon: (pmbus/max8688) Accept negative page register values
    - hwmon: (pmbus/adm1275) Accept negative page register values
    - cdrom: do not call check_disk_change() inside cdrom_open()
    - gfs2: Fix fallocate chunk size
    - usb: gadget: udc: change comparison to bitshift when dealing with a mask
    - usb: gadget: composite: fix incorrect handling of OS desc requests
    - x86/devicetree: Initialize device tree before using it
    - x86/devicetree: Fix device IRQ settings in DT
    - ALSA: vmaster: Propagate slave error
    - media: cx23885: Override 888 ImpactVCBe crystal frequency
    - media: cx23885: Set subdev host data to clk_freq pointer
    - media: s3c-camif: fix out-of-bounds array access
    - dmaengine: pl330: fix a race condition in case of threaded irqs
    - media: em28xx: USB bulk packet size fix
    - clk: rockchip: Prevent calculating mmc phase if clock rate is zero
    - enic: enable rq before updating rq descriptors
    - hwrng: stm32 - add reset during probe
    - staging: rtl8192u: return -ENOMEM on failed allocation of priv->oldaddr
    - rtc: tx4939: avoid unintended sign extension on a 24 bit shift
    - serial: xuartps: Fix out-of-bounds access through DT alias
    - serial: samsung: Fix out-of-bounds access through serial port index
    - serial: mxs-auart: Fix out-of-bounds access through serial port index
    - serial: imx: Fix out-of-bounds access through serial port index
    - serial: fsl_lpuart: Fix out-of-bounds access through DT alias
    - serial: arc_uart: Fix out-of-bounds access through DT alias
    - PCI: Add function 1 DMA alias quirk for Marvell 88SE9220
    - udf: Provide saner default for invalid uid / gid
    - media: cx25821: prevent out-of-bounds read on array card
    - clk: samsung: s3c2410: Fix PLL rates
    - clk: samsung: exynos5260: Fix PLL rates
    - clk: samsung: exynos5433: Fix PLL rates
    - clk: samsung: exynos5250: Fix PLL rates
    - clk: samsung: exynos3250: Fix PLL rates
    - crypto: sunxi-ss - Add MODULE_ALIAS to sun4i-ss
    - audit: return on memory error to avoid null pointer dereference
    - MIPS: Octeon: Fix logging messages with spurious periods after newlines
    - drm/rockchip: Respect page offset for PRIME mmap calls
    - x86/apic: Set up through-local-APIC mode on the boot CPU if 'noapic'
      specified
    - perf tests: Use arch__compare_symbol_names to compare symbols
    - perf report: Fix memory corruption in --branch-history mode --branch-history
    - selftests/net: fixes psock_fanout eBPF test case
    - netlabel: If PF_INET6, check sk_buff ip header version
    - scsi: lpfc: Fix issue_lip if link is disabled
    - scsi: lpfc: Fix soft lockup in lpfc worker thread during LIP testing
    - scsi: lpfc: Fix frequency of Release WQE CQEs
    - regulator: of: Add a missing 'of_node_put()' in an error handling path of
      'of_regulator_match()'
    - ASoC: samsung: i2s: Ensure the RCLK rate is properly determined
    - Bluetooth: btusb: Add device ID for RTL8822BE
    - kdb: make "mdr" command repeat
    - s390/ftrace: use expoline for indirect branches
    - Linux 4.4.134

* Support SocketCAN over USB on Dell IoT 300x Gateways (LP: #1774563)
    - [Config] CONFIG_CAN_HMS_USB=m
    - SAUCE: (no-up) Support IXXAT USB SocketCAN device
    - i386/amd64 -- Add new module ixx_usb

* Ubuntu 16.04 (4.4.0-127) hangs on boot with virtio-scsi MQ enabled
    (LP: #1775235)
    - SAUCE: (no-up) virtio-scsi: Increment reqs counter.

* register on binfmt_misc may overflow and crash the system (LP: #1775856)
    - fs/binfmt_misc.c: do not allow offset overflow

* The kernel NULL pointer dereference happens when accessing the task_struct
    by task_cpu() in function cpuacct_charge() (LP: #1775326)
    - sched/cpuacct: Simplify the cpuacct code

* Xenial update to 4.4.133 stable release (LP: #1775477)
    - 8139too: Use disable_irq_nosync() in rtl8139_poll_controller()
    - bridge: check iface upper dev when setting master via ioctl
    - dccp: fix tasklet usage
    - ipv4: fix memory leaks in udp_sendmsg, ping_v4_sendmsg
    - llc: better deal with too small mtu
    - net: ethernet: sun: niu set correct packet size in skb
    - net/mlx4_en: Verify coalescing parameters are in range
    - net_sched: fq: take care of throttled flows before reuse
    - net: support compat 64-bit time in {s,g}etsockopt
    - openvswitch: Don't swap table in nlattr_set() after OVS_ATTR_NESTED is found
    - qmi_wwan: do not steal interfaces from class drivers
    - r8169: fix powering up RTL8168h
    - sctp: handle two v4 addrs comparison in sctp_inet6_cmp_addr
    - sctp: use the old asoc when making the cookie-ack chunk in dupcook_d
    - tg3: Fix vunmap() BUG_ON() triggered from tg3_free_consistent().
    - bonding: do not allow rlb updates to invalid mac
    - tcp: ignore Fast Open on repair mode
    - sctp: fix the issue that the cookie-ack with auth can't get processed
    - sctp: delay the authentication for the duplicated cookie-echo chunk
    - ALSA: timer: Call notifier in the same spinlock
    - audit: move calcs after alloc and check when logging set loginuid
    - arm64: introduce mov_q macro to move a constant into a 64-bit register
    - [Config] Add CONFIG_ARM64_ERRATUM_1024718=y
    - arm64: Add work around for Arm Cortex-A55 Erratum 1024718
    - futex: Remove unnecessary warning from get_futex_key
    - futex: Remove duplicated code and fix undefined behaviour
    - xfrm: fix xfrm_do_migrate() with AEAD e.g(AES-GCM)
    - lockd: lost rollback of set_grace_period() in lockd_down_net()
    - Revert "ARM: dts: imx6qdl-wandboard: Fix audio channel swap"
    - l2tp: revert "l2tp: fix missing print session offset info"
    - pipe: cap initial pipe capacity according to pipe-max-size limit
    - futex: futex_wake_op, fix sign_extend32 sign bits
    - kernel/exit.c: avoid undefined behaviour when calling wait4()
    - usbip: usbip_host: refine probe and disconnect debug msgs to be useful
    - usbip: usbip_host: delete device from busid_table after rebind
    - usbip: usbip_host: run rebind from exit when module is removed
    - usbip: usbip_host: fix NULL-ptr deref and use-after-free errors
    - usbip: usbip_host: fix bad unlock balance during stub_probe()
    - ALSA: usb: mixer: volume quirk for CM102-A+/102S+
    - ALSA: hda: Add Lenovo C50 All in one to the power_save blacklist
    - ALSA: control: fix a redundant-copy issue
    - spi: pxa2xx: Allow 64-bit DMA
    - powerpc/powernv: panic() on OPAL < V3
    - powerpc/powernv: Remove OPALv2 firmware define and references
    - powerpc/powernv: remove FW_FEATURE_OPALv3 and just use FW_FEATURE_OPAL
    - cpuidle: coupled: remove unused define cpuidle_coupled_lock
    - powerpc: Don't preempt_disable() in show_cpuinfo()
    - vmscan: do not force-scan file lru if its absolute size is small
    - mm: filemap: remove redundant code in do_read_cache_page
    - mm: filemap: avoid unnecessary calls to lock_page when waiting for IO to
      complete during a read
    - signals: avoid unnecessary taking of sighand->siglock
    - tracing/x86/xen: Remove zero data size trace events
      trace_xen_mmu_flush_tlb{_all}
    - proc read mm's {arg,env}_{start,end} with mmap semaphore taken.
    - powerpc/powernv: Fix NVRAM sleep in invalid context when crashing
    - mm: don't allow deferred pages with NEED_PER_CPU_KM
    - s390/qdio: fix access to uninitialized qdio_q fields
    - s390/qdio: don't release memory in qdio_setup_irq()
    - s390: remove indirect branch from do_softirq_own_stack
    - efi: Avoid potential crashes, fix the 'struct efi_pci_io_protocol_32'
      definition for mixed mode
    - ARM: 8771/1: kprobes: Prohibit kprobes on do_undefinstr
    - tick/broadcast: Use for_each_cpu() specially on UP kernels
    - ARM: 8769/1: kprobes: Fix to use get_kprobe_ctlblk after irq-disabed
    - ARM: 8770/1: kprobes: Prohibit probing on optimized_callback
    - ARM: 8772/1: kprobes: Prohibit kprobes on get_user functions
    - Btrfs: fix xattr loss after power failure
    - btrfs: fix crash when trying to resume balance without the resume flag
    - btrfs: fix reading stale metadata blocks after degraded raid1 mounts
    - net: test tailroom before appending to linear skb
    - packet: in packet_snd start writing at link layer allocation
    - sock_diag: fix use-after-free read in __sk_free
    - tcp: purge write queue in tcp_connect_init()
    - ext2: fix a block leak
    - s390: add assembler macros for CPU alternatives
    - s390: move expoline assembler macros to a header
    - s390/lib: use expoline for indirect branches
    - s390/kernel: use expoline for indirect branches
    - s390: move spectre sysfs attribute code
    - s390: extend expoline to BC instructions
    - s390: use expoline thunks in the BPF JIT
    - scsi: libsas: defer ata device eh commands to libata
    - scsi: sg: allocate with __GFP_ZERO in sg_build_indirect()
    - scsi: zfcp: fix infinite iteration on ERP ready list
    - dmaengine: ensure dmaengine helpers check valid callback
    - time: Fix CLOCK_MONOTONIC_RAW sub-nanosecond accounting
    - gpio: rcar: Add Runtime PM handling for interrupts
    - cfg80211: limit wiphy names to 128 bytes
    - hfsplus: stop workqueue when fill_super() failed
    - x86/kexec: Avoid double free_page() upon do_kexec_load() failure
    - Linux 4.4.133

* vmxnet3: update to latest ToT (LP: #1768143)
    - vmxnet3: avoid xmit reset due to a race in vmxnet3
    - vmxnet3: use correct flag to indicate LRO feature
    - vmxnet3: fix incorrect dereference when rxvlan is disabled

* Prevent speculation on user controlled pointer (LP: #1775137)
    - x86: reorganize SMAP handling in user space accesses
    - x86: fix SMAP in 32-bit environments
    - x86: Introduce __uaccess_begin_nospec() and uaccess_try_nospec
    - x86/usercopy: Replace open coded stac/clac with __uaccess_{begin, end}
    - x86/uaccess: Use __uaccess_begin_nospec() and uaccess_try_nospec

* Xenial update to 4.4.132 stable release (LP: #1774173)
    - perf/core: Fix the perf_cpu_time_max_percent check
    - bpf: map_get_next_key to return first key on NULL
    - percpu: include linux/sched.h for cond_resched()
    - mac80211: allow not sending MIC up from driver for HW crypto
    - mac80211: allow same PN for AMSDU sub-frames
    - mac80211: Add RX flag to indicate ICV stripped
    - ath10k: fix rfc1042 header retrieval in QCA4019 with eth decap mode
    - ath10k: rebuild crypto header in rx data frames
    - gpmi-nand: Handle ECC Errors in erased pages
    - USB: serial: option: Add support for Quectel EP06
    - ALSA: pcm: Check PCM state at xfern compat ioctl
    - ALSA: seq: Fix races at MIDI encoding in snd_virmidi_output_trigger()
    - ALSA: aloop: Mark paused device as inactive
    - ALSA: aloop: Add missing cable lock to ctl API callbacks
    - tracepoint: Do not warn on ENOMEM
    - Input: leds - fix out of bound access
    - Input: atmel_mxt_ts - add touchpad button mapping for Samsung Chromebook Pro
    - xfs: prevent creating negative-sized file via INSERT_RANGE
    - RDMA/ucma: Allow resolving address w/o specifying source address
    - RDMA/mlx5: Protect from shift operand overflow
    - NET: usb: qmi_wwan: add support for ublox R410M PID 0x90b2
    - IB/mlx5: Use unlimited rate when static rate is not supported
    - drm/vmwgfx: Fix a buffer object leak
    - test_firmware: fix setting old custom fw path back on exit, second try
    - USB: serial: visor: handle potential invalid device configuration
    - USB: Accept bulk endpoints with 1024-byte maxpacket
    - USB: serial: option: reimplement interface masking
    - USB: serial: option: adding support for ublox R410M
    - usb: musb: host: fix potential NULL pointer dereference
    - ipvs: fix rtnl_lock lockups caused by start_sync_thread
    - crypto: af_alg - fix possible uninit-value in alg_bind()
    - netlink: fix uninit-value in netlink_sendmsg
    - net: fix rtnh_ok()
    - net: initialize skb->peeked when cloning
    - net: fix uninit-value in __hw_addr_add_ex()
    - dccp: initialize ireq->ir_mark
    - soreuseport: initialise timewait reuseport field
    - perf: Remove superfluous allocation error check
    - tcp: fix TCP_REPAIR_QUEUE bound checking
    - bdi: Fix oops in wb_workfn()
    - f2fs: fix a dead loop in f2fs_fiemap()
    - xfrm_user: fix return value from xfrm_user_rcv_msg
    - rfkill: gpio: fix memory leak in probe error path
    - libata: Apply NOLPM quirk for SanDisk SD7UB3Q*G1001 SSDs
    - tracing: Fix regex_match_front() to not over compare the test string
    - can: kvaser_usb: Increase correct stats counter in kvaser_usb_rx_can_msg()
    - net: atm: Fix potential Spectre v1
    - atm: zatm: Fix potential Spectre v1
    - Revert "Bluetooth: btusb: Fix quirk for Atheros 1525/QCA6174"
    - tracing/uprobe_event: Fix strncpy corner case
    - perf/x86: Fix possible Spectre-v1 indexing for hw_perf_event cache_*
    - perf/x86/cstate: Fix possible Spectre-v1 indexing for pkg_msr
    - perf/x86/msr: Fix possible Spectre-v1 indexing in the MSR driver
    - perf/core: Fix possible Spectre-v1 indexing for ->aux_pages[]
    - perf/x86: Fix possible Spectre-v1 indexing for x86_pmu::event_map()
    - Linux 4.4.132

* Update to upstream's implementation of Spectre v1 mitigation (LP: #1774181)
    - Documentation: Document array_index_nospec
    - array_index_nospec: Sanitize speculative array de-references
    - x86: Implement array_index_mask_nospec
    - x86: Introduce barrier_nospec
    - x86/get_user: Use pointer masking to limit speculation
    - x86/syscall: Sanitize syscall table de-references under speculation
    - vfs, fdtable: Prevent bounds-check bypass via speculative execution
    - nl80211: Sanitize array index in parse_txq_params
    - x86/spectre: Report get_user mitigation for spectre_v1
    - x86/kvm: Update spectre-v1 mitigation
    - nospec: Allow index argument to have const-qualified type
    - x86/syscall: Sanitize syscall table de-references under speculation fix
    - mpls, nospec: Sanitize array index in mpls_label_ok()
    - nospec: Include <asm/barrier.h> dependency
    - nospec: Move array_index_nospec() parameter checking into separate macro
    - nospec: Kill array_index_nospec_mask_check()
    - ALSA: seq: oss: Hardening for potential Spectre v1
    - ALSA: hda: Hardening for potential Spectre v1
    - SAUCE: Replace osb() calls with array_index_nospec()
    - SAUCE: Rename osb() to barrier_nospec()
    - SAUCE: bpf: Use barrier_nospec() instead of osb()

* CVE-2018-3639 (x86)
    - KVM: x86: remove magic number with enum cpuid_leafs
    - SAUCE: x86/cpufeatures: Move CPUID_7_EDX CPUID bits to word 18
    - SAUCE: x86: Remove double include
    - SAUCE: x86/pti: Evaluate X86_BUG_CPU_MELTDOWN when pti=auto
    - SAUCE: x86/speculation: Query individual feature flags when reloading
      microcode

* cpum_sf: ensure sample freq is non-zero (LP: #1772593)
    - s390/cpum_sf: ensure sample frequency of perf event attributes is non-zero

* ELANPAD ELAN0612 does not work, patch available (LP: #1773509)
    - SAUCE: Input: elan_i2c - add ELAN0612 to the ACPI table

* FS-Cache: Assertion failed: FS-Cache: 6 == 5 is false (LP: #1774336)
    - SAUCE: CacheFiles: fix a read_waiter/read_copier race

* Kernel 4.4 NBD size overflow with image size exceeding 1TB (LP: #1772575)
    - nbd: use loff_t for blocksize and nbd_set_size args
    - nbd: fix 64-bit division

* 4.4.0-127.153 generates many "sit: non-ECT" messages (LP: #1772775)
    - Revert "sit: reload iphdr in ipip6_rcv"

* Creation of IMA file hashes fails when appraisal is enabled (LP: #1771826)
    - Revert "ima: limit file hash setting by user to fix and log modes"

* Setting ipv6.disable=1 prevents both IPv4 and IPv6 socket opening for VXLAN
    tunnels (LP: #1771301)
    - vxlan: correctly handle ipv6.disable module parameter

* CVE-2018-7755
    - SAUCE: floppy: Do not copy a kernel pointer to user memory in FDGETPRM ioctl

* Support UVC1.5 Camera for Xenial (LP: #1773905)
    - uvcvideo: Enable UVC 1.5 device detection

* Kernel produces empty lines in /proc/PID/status (LP: #1772671)
    - SAUCE: seccomp: Remove double newline sequence in /proc/PID/status

* rfi-flush: Switch to new linear fallback flush (LP: #1744173)
    - powerpc/64s: Improve RFI L1-D cache flush fallback
    - SAUCE: rfi-flush: Make it possible to call setup_rfi_flush() again

-- Stefan Bader <stefan.bader@canonical.com>  Thu, 14 Jun 2018 06:53:41 +0200

Changed in linux (Ubuntu Xenial):
status:	Fix Committed → Fix Released

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.

Ubuntulinux package