Xenial update to 4.4.141 stable release

Bug #1790620 reported by Stefan Bader on 2018-09-04
This bug affects 2 people
Affects Status Importance Assigned to Milestone
linux (Ubuntu)
Stefan Bader

Bug Description

SRU Justification

       The upstream process for stable tree updates is quite similar
       in scope to the Ubuntu SRU process, e.g., each patch has to
       demonstrably fix a bug, and each patch is vetted by upstream
       by originating either directly from a mainline/stable Linux tree or
       a minimally backported form of that patch. The 4.4.141 upstream stable
       patch set is now available. It should be included in the Ubuntu
       kernel as well.



The following patches from the 4.4.141 stable release shall be applied:
* MIPS: Fix ioremap() RAM check
* ibmasm: don't write out of bounds in read handler
* vmw_balloon: fix inflation with batching
* ahci: Disable LPM on Lenovo 50 series laptops with a too old BIOS
* USB: serial: ch341: fix type promotion bug in ch341_control_in()
* USB: serial: cp210x: add another USB ID for Qivicon ZigBee stick
* USB: serial: keyspan_pda: fix modem-status error handling
* USB: yurex: fix out-of-bounds uaccess in read handler
* USB: serial: mos7840: fix status-register error handling
* usb: quirks: add delay quirks for Corsair Strafe
* xhci: xhci-mem: off by one in xhci_stream_id_to_ring()
* HID: usbhid: add quirk for innomedia INNEX GENESIS/ATARI adapter
* tools build: fix # escaping in .cmd files for future Make
* iw_cxgb4: correctly enforce the max reg_mr depth
* x86/cpufeature: Move some of the scattered feature bits to x86_capability
* x86/cpu: Provide a config option to disable static_cpu_has
* x86/fpu: Add an XSTATE_OP() macro
* x86/fpu: Get rid of xstate_fault()
* x86/headers: Don't include asm/processor.h in asm/atomic.h
* x86/cpufeature: Replace the old static_cpu_has() with safe variant
* x86/cpufeature: Get rid of the non-asm goto variant
* x86/alternatives: Add an auxilary section
* x86/alternatives: Discard dynamic check after init
* x86/vdso: Use static_cpu_has()
* x86/boot: Simplify kernel load address alignment check
* x86/cpufeature: Speed up cpu_feature_enabled()
* x86/cpufeature, x86/mm/pkeys: Add protection keys related CPUID definitions
* x86/mm/pkeys: Fix mismerge of protection keys CPUID bits
* x86/cpu: Add detection of AMD RAS Capabilities
* x86/cpufeature, x86/mm/pkeys: Fix broken compile-time disabling of pkeys
* x86/cpufeature: Make sure DISABLED/REQUIRED macros are updated
* x86/cpufeature: Add helper macro for mask check macros
* uprobes/x86: Remove incorrect WARN_ON() in uprobe_init_insn()
* netfilter: nf_queue: augment nfqa_cfg_policy
* netfilter: x_tables: initialise match/target check parameter struct
* loop: add recursion validation to LOOP_CHANGE_FD
* PM / hibernate: Fix oops at snapshot_write()
* UBUNTU: SAUCE: RDMA/ucm: Blacklist UCM module
* loop: remember whether sysfs_create_group() was done
* Linux 4.4.141

Stefan Bader (smb) on 2018-09-04
tags: added: kernel-stable-tracking-bug
Changed in linux (Ubuntu Xenial):
assignee: nobody → Stefan Bader (smb)
importance: Undecided → Medium
status: New → In Progress
Changed in linux (Ubuntu):
status: New → Invalid
Stefan Bader (smb) wrote :

Already applied:
* Fix up non-directory creation in SGID directories
  for bug #1779923 / CVE-2018-13405
* "x86/cpufeature: Cleanup get_cpu_cap()" for CVE-2018-3639.
  Currently applied version has one additional change for
* "x86/cpufeature: Carve out X86_FEATURE_*" for bug #1397880
* "x86/cpufeature: Update cpufeaure macros"
  Those were already correctly added with a previous backport.

Already applied but picked in modified form to remove delta:
* "x86/cpufeature: Move some of the scattered feature bits
  to x86_capability" for CVE-2018-3639 (x86).
  The changes were verified to be technically the same. Only
  added a spacing newline that could make future backports

* "x86/headers: Don't include asm/processor.h in asm/atomic.h"
  Because we picked up "x86/cpufeature: Carve out X86_FEATURE_*"
  the 3rd hunk modifying the lib can be dropped.
* "x86/cpufeature, x86/mm/pkeys: Add protection keys related
  CPUID definitions"
  We already have extended the feature words to 19, so all those
  changes could be dropped.
* "x86/cpu: Add detection of AMD RAS Capabilities"
  Again dropped modifications to extend the number of feature
* "86/cpufeature, x86/mm/pkeys: Fix broken compile-time disabling
  of pkeys"
  Only needed to fix one part as the other parts were correctly
  added before.

Stefan Bader (smb) wrote :

* "x86/cpufeature: Make sure DISABLED/REQUIRED macros are updated"
  Adjust for NCAPINTS == 19. Done like upstream but wondering
  whether this all makes sense (not wrong but somehow duplicated.

Stefan Bader (smb) wrote :

* "x86/cpufeature: Add helper macro for mask check macros"
  Adjust for NCAPINTS == 19.
* "loop: add recursion validation to LOOP_CHANGE_FD"
  Work around modifications for AUFS.

Stefan Bader (smb) wrote :

Dropped "RDMA/ucm: Mark UCM interface as BROKEN" and replaced it by "UBUNTU: SAUCE: RDMA/ucm: Blacklist UCM module". We do not know whether there is some external user of the deprecated interface and just removing the module (ib_ucm) might be considered a regression.

Stefan Bader (smb) on 2018-09-05
description: updated
Changed in linux (Ubuntu Xenial):
status: In Progress → Fix Committed
Launchpad Janitor (janitor) wrote :
Download full text (9.6 KiB)

This bug was fixed in the package linux - 4.4.0-137.163

linux (4.4.0-137.163) xenial; urgency=medium

  * CVE-2018-14633
    - iscsi target: Use hex2bin instead of a re-implementation

  * CVE-2018-17182
    - mm: get rid of vmacache_flush_all() entirely

linux (4.4.0-136.162) xenial; urgency=medium

  * linux: 4.4.0-136.162 -proposed tracker (LP: #1791745)

  * CVE-2017-5753
    - bpf: properly enforce index mask to prevent out-of-bounds speculation
    - Revert "UBUNTU: SAUCE: bpf: Use barrier_nospec() instead of osb()"
    - Revert "bpf: prevent speculative execution in eBPF interpreter"

  * L1TF mitigation not effective in some CPU and RAM combinations
    (LP: #1788563) // CVE-2018-3620 // CVE-2018-3646
    - x86/speculation/l1tf: Fix overflow in l1tf_pfn_limit() on 32bit
    - x86/speculation/l1tf: Fix off-by-one error when warning that system has too
      much RAM
    - x86/speculation/l1tf: Increase l1tf memory limit for Nehalem+

  * CVE-2018-15594
    - x86/paravirt: Fix spectre-v2 mitigations for paravirt guests

  * Xenial update to 4.4.144 stable release (LP: #1791080)
    - KVM/Eventfd: Avoid crash when assign and deassign specific eventfd in
    - x86/MCE: Remove min interval polling limitation
    - fat: fix memory allocation failure handling of match_strdup()
    - ALSA: rawmidi: Change resized buffers atomically
    - ARC: mm: allow mprotect to make stack mappings executable
    - mm: memcg: fix use after free in mem_cgroup_iter()
    - ipv4: Return EINVAL when ping_group_range sysctl doesn't map to user ns
    - ipv6: fix useless rol32 call on hash
    - lib/rhashtable: consider param->min_size when setting initial table size
    - net/ipv4: Set oif in fib_compute_spec_dst
    - net: phy: fix flag masking in __set_phy_supported
    - ptp: fix missing break in switch
    - tg3: Add higher cpu clock for 5762.
    - net: Don't copy pfmemalloc flag in __copy_skb_header()
    - skbuff: Unconditionally copy pfmemalloc in __skb_clone()
    - xhci: Fix perceived dead host due to runtime suspend race with event handler
    - x86/paravirt: Make native_save_fl() extern inline
    - SAUCE: Add missing CPUID_7_EDX defines
    - SAUCE: x86/speculation: Expose indirect_branch_prediction_barrier()
    - x86/pti: Mark constant arrays as __initconst
    - x86/asm/entry/32: Simplify pushes of zeroed pt_regs->REGs
    - x86/entry/64/compat: Clear registers for compat syscalls, to reduce
      speculation attack surface
    - x86/speculation: Clean up various Spectre related details
    - x86/speculation: Fix up array_index_nospec_mask() asm constraint
    - x86/xen: Zero MSR_IA32_SPEC_CTRL before suspend
    - x86/mm: Factor out LDT init from context init
    - x86/mm: Give each mm TLB flush generation a unique ID
    - SAUCE: x86/speculation: Use Indirect Branch Prediction Barrier in context
    - x86/speculation: Use IBRS if available before calling into firmware
    - x86/speculation: Move firmware_restrict_branch_speculation_*() from C to CPP
    - selftest/seccomp: Fix the seccomp(2) signature
    - xen: set cpu capabilities from xen_start_kernel()
    - x86/amd: d...


Changed in linux (Ubuntu Xenial):
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Duplicates of this bug

Other bug subscribers