Ubuntu
linux package

Xenial update to 4.4.141 stable release

Bug #1790620 reported by Stefan Bader
18
This bug affects 2 people
Affects Status Importance Assigned to Milestone
linux (Ubuntu)
Invalid
Undecided
Unassigned
Xenial
Fix Released
Medium
Stefan Bader

Bug Description

SRU Justification

    Impact:
       The upstream process for stable tree updates is quite similar
       in scope to the Ubuntu SRU process, e.g., each patch has to
       demonstrably fix a bug, and each patch is vetted by upstream
       by originating either directly from a mainline/stable Linux tree or
       a minimally backported form of that patch. The 4.4.141 upstream stable
       patch set is now available. It should be included in the Ubuntu
       kernel as well.

       git://git.kernel.org/

    TEST CASE: TBD

The following patches from the 4.4.141 stable release shall be applied:
* MIPS: Fix ioremap() RAM check
* ibmasm: don't write out of bounds in read handler
* vmw_balloon: fix inflation with batching
* ahci: Disable LPM on Lenovo 50 series laptops with a too old BIOS
* USB: serial: ch341: fix type promotion bug in ch341_control_in()
* USB: serial: cp210x: add another USB ID for Qivicon ZigBee stick
* USB: serial: keyspan_pda: fix modem-status error handling
* USB: yurex: fix out-of-bounds uaccess in read handler
* USB: serial: mos7840: fix status-register error handling
* usb: quirks: add delay quirks for Corsair Strafe
* xhci: xhci-mem: off by one in xhci_stream_id_to_ring()
* HID: usbhid: add quirk for innomedia INNEX GENESIS/ATARI adapter
* tools build: fix # escaping in .cmd files for future Make
* iw_cxgb4: correctly enforce the max reg_mr depth
* x86/cpufeature: Move some of the scattered feature bits to x86_capability
* x86/cpu: Provide a config option to disable static_cpu_has
* x86/fpu: Add an XSTATE_OP() macro
* x86/fpu: Get rid of xstate_fault()
* x86/headers: Don't include asm/processor.h in asm/atomic.h
* x86/cpufeature: Replace the old static_cpu_has() with safe variant
* x86/cpufeature: Get rid of the non-asm goto variant
* x86/alternatives: Add an auxilary section
* x86/alternatives: Discard dynamic check after init
* x86/vdso: Use static_cpu_has()
* x86/boot: Simplify kernel load address alignment check
* x86/cpufeature: Speed up cpu_feature_enabled()
* x86/cpufeature, x86/mm/pkeys: Add protection keys related CPUID definitions
* x86/mm/pkeys: Fix mismerge of protection keys CPUID bits
* x86/cpu: Add detection of AMD RAS Capabilities
* x86/cpufeature, x86/mm/pkeys: Fix broken compile-time disabling of pkeys
* x86/cpufeature: Make sure DISABLED/REQUIRED macros are updated
* x86/cpufeature: Add helper macro for mask check macros
* uprobes/x86: Remove incorrect WARN_ON() in uprobe_init_insn()
* netfilter: nf_queue: augment nfqa_cfg_policy
* netfilter: x_tables: initialise match/target check parameter struct
* loop: add recursion validation to LOOP_CHANGE_FD
* PM / hibernate: Fix oops at snapshot_write()
* UBUNTU: SAUCE: RDMA/ucm: Blacklist UCM module
* loop: remember whether sysfs_create_group() was done
* Linux 4.4.141

See original description
Stefan Bader (smb)
tags: added: kernel-stable-tracking-bug
Changed in linux (Ubuntu Xenial):
assignee: nobody → Stefan Bader (smb)
importance: Undecided → Medium
status: New → In Progress
Changed in linux (Ubuntu):
status: New → Invalid
Revision history for this message
Stefan Bader (smb) wrote :

Already applied:
* Fix up non-directory creation in SGID directories
  for bug #1779923 / CVE-2018-13405
* "x86/cpufeature: Cleanup get_cpu_cap()" for CVE-2018-3639.
  Currently applied version has one additional change for
  KVM.
* "x86/cpufeature: Carve out X86_FEATURE_*" for bug #1397880
* "x86/cpufeature: Update cpufeaure macros"
  Those were already correctly added with a previous backport.

Already applied but picked in modified form to remove delta:
* "x86/cpufeature: Move some of the scattered feature bits
  to x86_capability" for CVE-2018-3639 (x86).
  The changes were verified to be technically the same. Only
  added a spacing newline that could make future backports
  simpler.

Modified:
* "x86/headers: Don't include asm/processor.h in asm/atomic.h"
  Because we picked up "x86/cpufeature: Carve out X86_FEATURE_*"
  the 3rd hunk modifying the lib can be dropped.
* "x86/cpufeature, x86/mm/pkeys: Add protection keys related
  CPUID definitions"
  We already have extended the feature words to 19, so all those
  changes could be dropped.
* "x86/cpu: Add detection of AMD RAS Capabilities"
  Again dropped modifications to extend the number of feature
  words.
* "86/cpufeature, x86/mm/pkeys: Fix broken compile-time disabling
  of pkeys"
  Only needed to fix one part as the other parts were correctly
  added before.

Revision history for this message
Stefan Bader (smb) wrote :

Modified:
* "x86/cpufeature: Make sure DISABLED/REQUIRED macros are updated"
  Adjust for NCAPINTS == 19. Done like upstream but wondering
  whether this all makes sense (not wrong but somehow duplicated.

Revision history for this message
Stefan Bader (smb) wrote :

Modified:
* "x86/cpufeature: Add helper macro for mask check macros"
  Adjust for NCAPINTS == 19.
* "loop: add recursion validation to LOOP_CHANGE_FD"
  Work around modifications for AUFS.

Revision history for this message
Stefan Bader (smb) wrote :

Dropped "RDMA/ucm: Mark UCM interface as BROKEN" and replaced it by "UBUNTU: SAUCE: RDMA/ucm: Blacklist UCM module". We do not know whether there is some external user of the deprecated interface and just removing the module (ib_ucm) might be considered a regression.

Stefan Bader (smb)
description: updated
Kleber Sacilotto de Souza (kleber-souza)
Changed in linux (Ubuntu Xenial):
status: In Progress → Fix Committed
Revision history for this message
Launchpad Janitor (janitor) wrote :
Download full text (9.6 KiB)

This bug was fixed in the package linux - 4.4.0-137.163

---------------
linux (4.4.0-137.163) xenial; urgency=medium

  * CVE-2018-14633
    - iscsi target: Use hex2bin instead of a re-implementation

  * CVE-2018-17182
    - mm: get rid of vmacache_flush_all() entirely

linux (4.4.0-136.162) xenial; urgency=medium

  * linux: 4.4.0-136.162 -proposed tracker (LP: #1791745)

  * CVE-2017-5753
    - bpf: properly enforce index mask to prevent out-of-bounds speculation
    - Revert "UBUNTU: SAUCE: bpf: Use barrier_nospec() instead of osb()"
    - Revert "bpf: prevent speculative execution in eBPF interpreter"

  * L1TF mitigation not effective in some CPU and RAM combinations
    (LP: #1788563) // CVE-2018-3620 // CVE-2018-3646
    - x86/speculation/l1tf: Fix overflow in l1tf_pfn_limit() on 32bit
    - x86/speculation/l1tf: Fix off-by-one error when warning that system has too
      much RAM
    - x86/speculation/l1tf: Increase l1tf memory limit for Nehalem+

  * CVE-2018-15594
    - x86/paravirt: Fix spectre-v2 mitigations for paravirt guests

  * Xenial update to 4.4.144 stable release (LP: #1791080)
    - KVM/Eventfd: Avoid crash when assign and deassign specific eventfd in
      parallel.
    - x86/MCE: Remove min interval polling limitation
    - fat: fix memory allocation failure handling of match_strdup()
    - ALSA: rawmidi: Change resized buffers atomically
    - ARC: Fix CONFIG_SWAP
    - ARC: mm: allow mprotect to make stack mappings executable
    - mm: memcg: fix use after free in mem_cgroup_iter()
    - ipv4: Return EINVAL when ping_group_range sysctl doesn't map to user ns
    - ipv6: fix useless rol32 call on hash
    - lib/rhashtable: consider param->min_size when setting initial table size
    - net/ipv4: Set oif in fib_compute_spec_dst
    - net: phy: fix flag masking in __set_phy_supported
    - ptp: fix missing break in switch
    - tg3: Add higher cpu clock for 5762.
    - net: Don't copy pfmemalloc flag in __copy_skb_header()
    - skbuff: Unconditionally copy pfmemalloc in __skb_clone()
    - xhci: Fix perceived dead host due to runtime suspend race with event handler
    - x86/paravirt: Make native_save_fl() extern inline
    - SAUCE: Add missing CPUID_7_EDX defines
    - SAUCE: x86/speculation: Expose indirect_branch_prediction_barrier()
    - x86/pti: Mark constant arrays as __initconst
    - x86/asm/entry/32: Simplify pushes of zeroed pt_regs->REGs
    - x86/entry/64/compat: Clear registers for compat syscalls, to reduce
      speculation attack surface
    - x86/speculation: Clean up various Spectre related details
    - x86/speculation: Fix up array_index_nospec_mask() asm constraint
    - x86/xen: Zero MSR_IA32_SPEC_CTRL before suspend
    - x86/mm: Factor out LDT init from context init
    - x86/mm: Give each mm TLB flush generation a unique ID
    - SAUCE: x86/speculation: Use Indirect Branch Prediction Barrier in context
      switch
    - x86/speculation: Use IBRS if available before calling into firmware
    - x86/speculation: Move firmware_restrict_branch_speculation_*() from C to CPP
    - selftest/seccomp: Fix the seccomp(2) signature
    - xen: set cpu capabilities from xen_start_kernel()
    - x86/amd: d...

Read more...

Changed in linux (Ubuntu Xenial):
status: Fix Committed → Fix Released
Brad Figg (brad-figg)
tags: added: cscc
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Duplicates of this bug

Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.