Xenial update to 4.4.141 stable release

Bug #1790620 reported by Stefan Bader on 2018-09-04
18
This bug affects 2 people
Affects Status Importance Assigned to Milestone
linux (Ubuntu)
Undecided
Unassigned
Xenial
Medium
Stefan Bader

Bug Description

SRU Justification

    Impact:
       The upstream process for stable tree updates is quite similar
       in scope to the Ubuntu SRU process, e.g., each patch has to
       demonstrably fix a bug, and each patch is vetted by upstream
       by originating either directly from a mainline/stable Linux tree or
       a minimally backported form of that patch. The 4.4.141 upstream stable
       patch set is now available. It should be included in the Ubuntu
       kernel as well.

       git://git.kernel.org/

    TEST CASE: TBD

The following patches from the 4.4.141 stable release shall be applied:
* MIPS: Fix ioremap() RAM check
* ibmasm: don't write out of bounds in read handler
* vmw_balloon: fix inflation with batching
* ahci: Disable LPM on Lenovo 50 series laptops with a too old BIOS
* USB: serial: ch341: fix type promotion bug in ch341_control_in()
* USB: serial: cp210x: add another USB ID for Qivicon ZigBee stick
* USB: serial: keyspan_pda: fix modem-status error handling
* USB: yurex: fix out-of-bounds uaccess in read handler
* USB: serial: mos7840: fix status-register error handling
* usb: quirks: add delay quirks for Corsair Strafe
* xhci: xhci-mem: off by one in xhci_stream_id_to_ring()
* HID: usbhid: add quirk for innomedia INNEX GENESIS/ATARI adapter
* tools build: fix # escaping in .cmd files for future Make
* iw_cxgb4: correctly enforce the max reg_mr depth
* x86/cpufeature: Move some of the scattered feature bits to x86_capability
* x86/cpu: Provide a config option to disable static_cpu_has
* x86/fpu: Add an XSTATE_OP() macro
* x86/fpu: Get rid of xstate_fault()
* x86/headers: Don't include asm/processor.h in asm/atomic.h
* x86/cpufeature: Replace the old static_cpu_has() with safe variant
* x86/cpufeature: Get rid of the non-asm goto variant
* x86/alternatives: Add an auxilary section
* x86/alternatives: Discard dynamic check after init
* x86/vdso: Use static_cpu_has()
* x86/boot: Simplify kernel load address alignment check
* x86/cpufeature: Speed up cpu_feature_enabled()
* x86/cpufeature, x86/mm/pkeys: Add protection keys related CPUID definitions
* x86/mm/pkeys: Fix mismerge of protection keys CPUID bits
* x86/cpu: Add detection of AMD RAS Capabilities
* x86/cpufeature, x86/mm/pkeys: Fix broken compile-time disabling of pkeys
* x86/cpufeature: Make sure DISABLED/REQUIRED macros are updated
* x86/cpufeature: Add helper macro for mask check macros
* uprobes/x86: Remove incorrect WARN_ON() in uprobe_init_insn()
* netfilter: nf_queue: augment nfqa_cfg_policy
* netfilter: x_tables: initialise match/target check parameter struct
* loop: add recursion validation to LOOP_CHANGE_FD
* PM / hibernate: Fix oops at snapshot_write()
* UBUNTU: SAUCE: RDMA/ucm: Blacklist UCM module
* loop: remember whether sysfs_create_group() was done
* Linux 4.4.141

Stefan Bader (smb) on 2018-09-04
tags: added: kernel-stable-tracking-bug
Changed in linux (Ubuntu Xenial):
assignee: nobody → Stefan Bader (smb)
importance: Undecided → Medium
status: New → In Progress
Changed in linux (Ubuntu):
status: New → Invalid
Stefan Bader (smb) wrote :

Already applied:
* Fix up non-directory creation in SGID directories
  for bug #1779923 / CVE-2018-13405
* "x86/cpufeature: Cleanup get_cpu_cap()" for CVE-2018-3639.
  Currently applied version has one additional change for
  KVM.
* "x86/cpufeature: Carve out X86_FEATURE_*" for bug #1397880
* "x86/cpufeature: Update cpufeaure macros"
  Those were already correctly added with a previous backport.

Already applied but picked in modified form to remove delta:
* "x86/cpufeature: Move some of the scattered feature bits
  to x86_capability" for CVE-2018-3639 (x86).
  The changes were verified to be technically the same. Only
  added a spacing newline that could make future backports
  simpler.

Modified:
* "x86/headers: Don't include asm/processor.h in asm/atomic.h"
  Because we picked up "x86/cpufeature: Carve out X86_FEATURE_*"
  the 3rd hunk modifying the lib can be dropped.
* "x86/cpufeature, x86/mm/pkeys: Add protection keys related
  CPUID definitions"
  We already have extended the feature words to 19, so all those
  changes could be dropped.
* "x86/cpu: Add detection of AMD RAS Capabilities"
  Again dropped modifications to extend the number of feature
  words.
* "86/cpufeature, x86/mm/pkeys: Fix broken compile-time disabling
  of pkeys"
  Only needed to fix one part as the other parts were correctly
  added before.

Stefan Bader (smb) wrote :

Modified:
* "x86/cpufeature: Make sure DISABLED/REQUIRED macros are updated"
  Adjust for NCAPINTS == 19. Done like upstream but wondering
  whether this all makes sense (not wrong but somehow duplicated.

Stefan Bader (smb) wrote :

Modified:
* "x86/cpufeature: Add helper macro for mask check macros"
  Adjust for NCAPINTS == 19.
* "loop: add recursion validation to LOOP_CHANGE_FD"
  Work around modifications for AUFS.

Stefan Bader (smb) wrote :

Dropped "RDMA/ucm: Mark UCM interface as BROKEN" and replaced it by "UBUNTU: SAUCE: RDMA/ucm: Blacklist UCM module". We do not know whether there is some external user of the deprecated interface and just removing the module (ib_ucm) might be considered a regression.

Stefan Bader (smb) on 2018-09-05
description: updated
Changed in linux (Ubuntu Xenial):
status: In Progress → Fix Committed
Launchpad Janitor (janitor) wrote :
Download full text (9.6 KiB)

This bug was fixed in the package linux - 4.4.0-137.163

---------------
linux (4.4.0-137.163) xenial; urgency=medium

  * CVE-2018-14633
    - iscsi target: Use hex2bin instead of a re-implementation

  * CVE-2018-17182
    - mm: get rid of vmacache_flush_all() entirely

linux (4.4.0-136.162) xenial; urgency=medium

  * linux: 4.4.0-136.162 -proposed tracker (LP: #1791745)

  * CVE-2017-5753
    - bpf: properly enforce index mask to prevent out-of-bounds speculation
    - Revert "UBUNTU: SAUCE: bpf: Use barrier_nospec() instead of osb()"
    - Revert "bpf: prevent speculative execution in eBPF interpreter"

  * L1TF mitigation not effective in some CPU and RAM combinations
    (LP: #1788563) // CVE-2018-3620 // CVE-2018-3646
    - x86/speculation/l1tf: Fix overflow in l1tf_pfn_limit() on 32bit
    - x86/speculation/l1tf: Fix off-by-one error when warning that system has too
      much RAM
    - x86/speculation/l1tf: Increase l1tf memory limit for Nehalem+

  * CVE-2018-15594
    - x86/paravirt: Fix spectre-v2 mitigations for paravirt guests

  * Xenial update to 4.4.144 stable release (LP: #1791080)
    - KVM/Eventfd: Avoid crash when assign and deassign specific eventfd in
      parallel.
    - x86/MCE: Remove min interval polling limitation
    - fat: fix memory allocation failure handling of match_strdup()
    - ALSA: rawmidi: Change resized buffers atomically
    - ARC: Fix CONFIG_SWAP
    - ARC: mm: allow mprotect to make stack mappings executable
    - mm: memcg: fix use after free in mem_cgroup_iter()
    - ipv4: Return EINVAL when ping_group_range sysctl doesn't map to user ns
    - ipv6: fix useless rol32 call on hash
    - lib/rhashtable: consider param->min_size when setting initial table size
    - net/ipv4: Set oif in fib_compute_spec_dst
    - net: phy: fix flag masking in __set_phy_supported
    - ptp: fix missing break in switch
    - tg3: Add higher cpu clock for 5762.
    - net: Don't copy pfmemalloc flag in __copy_skb_header()
    - skbuff: Unconditionally copy pfmemalloc in __skb_clone()
    - xhci: Fix perceived dead host due to runtime suspend race with event handler
    - x86/paravirt: Make native_save_fl() extern inline
    - SAUCE: Add missing CPUID_7_EDX defines
    - SAUCE: x86/speculation: Expose indirect_branch_prediction_barrier()
    - x86/pti: Mark constant arrays as __initconst
    - x86/asm/entry/32: Simplify pushes of zeroed pt_regs->REGs
    - x86/entry/64/compat: Clear registers for compat syscalls, to reduce
      speculation attack surface
    - x86/speculation: Clean up various Spectre related details
    - x86/speculation: Fix up array_index_nospec_mask() asm constraint
    - x86/xen: Zero MSR_IA32_SPEC_CTRL before suspend
    - x86/mm: Factor out LDT init from context init
    - x86/mm: Give each mm TLB flush generation a unique ID
    - SAUCE: x86/speculation: Use Indirect Branch Prediction Barrier in context
      switch
    - x86/speculation: Use IBRS if available before calling into firmware
    - x86/speculation: Move firmware_restrict_branch_speculation_*() from C to CPP
    - selftest/seccomp: Fix the seccomp(2) signature
    - xen: set cpu capabilities from xen_start_kernel()
    - x86/amd: d...

Read more...

Changed in linux (Ubuntu Xenial):
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Duplicates of this bug

Other bug subscribers