Xenial update to 4.4.148 stable release

Bug #1792174 reported by Stefan Bader on 2018-09-12
10
This bug affects 1 person
Affects Status Importance Assigned to Milestone
linux (Ubuntu)
Undecided
Unassigned
Xenial
Medium
Stefan Bader

Bug Description

SRU Justification

    Impact:
       The upstream process for stable tree updates is quite similar
       in scope to the Ubuntu SRU process, e.g., each patch has to
       demonstrably fix a bug, and each patch is vetted by upstream
       by originating either directly from a mainline/stable Linux tree or
       a minimally backported form of that patch. The 4.4.148 upstream stable
       patch set is now available. It should be included in the Ubuntu
       kernel as well.

       git://git.kernel.org/

    TEST CASE: TBD

The following patches from the 4.4.148 stable release shall be applied:
* ext4: fix check to prevent initializing reserved inodes
* tpm: fix race condition in tpm_common_write()
* ipv4+ipv6: Make INET*_ESP select CRYPTO_ECHAINIV
* fork: unconditionally clear stack on fork
* parisc: Enable CONFIG_MLONGCALLS by default
* parisc: Define mb() and add memory barriers to assembler unlock sequences
* xen/netfront: don't cache skb_shinfo()
* ACPI / LPSS: Add missing prv_offset setting for byt/cht PWM devices
* scsi: sr: Avoid that opening a CD-ROM hangs with runtime power management enabled
* root dentries need RCU-delayed freeing
* fix mntput/mntput race
* fix __legitimize_mnt()/mntput() race
* IB/core: Make testing MR flags for writability a static inline function
* IB/mlx4: Mark user MR as writable if actual virtual memory is writable
* IB/ocrdma: fix out of bounds access to local buffer
* ARM: dts: imx6sx: fix irq for pcie bridge
* kprobes/x86: Fix %p uses in error messages
* x86/irqflags: Provide a declaration for native_save_fl
* UBUNTU: SAUCE: Sync pgtable_64.h with upstream stable
* mm: x86: move _PAGE_SWP_SOFT_DIRTY from bit 7 to bit 1
* UBUNTU: SAUCE: Sync pgtable-3level.h with upstream stable
* UBUNTU: SAUCE: Sync pgtable.h with upstream stable
* mm: Add vm_insert_pfn_prot()
* mm: fix cache mode tracking in vm_insert_mixed()
* x86/mm/kmmio: Make the tracer robust against L1TF
* x86/init: fix build with CONFIG_SWAP=n
* Linux 4.4.148

Stefan Bader (smb) on 2018-09-12
tags: added: kernel-stable-tracking-bug
Stefan Bader (smb) on 2018-09-12
Changed in linux (Ubuntu Xenial):
assignee: nobody → Stefan Bader (smb)
importance: Undecided → Medium
status: New → In Progress
Changed in linux (Ubuntu):
status: New → Invalid
Stefan Bader (smb) wrote :

Skipped:
* "x86/paravirt: Fix spectre-v2 mitigations for paravirt
  guests (CVE-2018-15594)
* "x86/speculation: Protect against userspace-userspace
  spectreRSB" (CVE-2018-15572)

Skipped patches from L1TF (CVE-2018-3620, CVE-2018-3646):
* "x86/speculation/l1tf: Increase 32bit PAE
  __PHYSICAL_PAGE_SHIFT"
* "x86/mm: Move swap offset/type up in PTE to work around
  erratum"
* "x86/mm: Fix swap entry comment and macro"
* "x86/speculation/l1tf: Change order of offset/type in
  swap entry"
* "x86/speculation/l1tf: Protect swap entries against L1TF"
* "x86/speculation/l1tf: Protect PROT_NONE PTEs against
  speculation"
* "x86/speculation/l1tf: Make sure the first page is
  always reserved"
* "x86/speculation/l1tf: Add sysfs reporting for l1tf"
* "x86/speculation/l1tf: Disallow non privileged high MMIO
  PROT_NONE mappings"
* "x86/speculation/l1tf: Limit swap file size to MAX_PA/2"
* "x86/bugs: Move the l1tf function and define pr_fmt
  properly"
* "x86/speculation/l1tf: Extend 64bit swap file size limit"
* "x86/cpufeatures: Add detection of L1D cache flush
  support."
* "x86/speculation/l1tf: Protect PAE swap entries against
  L1TF"
* "x86/speculation/l1tf: Fix up pte->pfn conversion for
  PAE"
* "x86/speculation/l1tf: Invert all not present mappings"
* "x86/speculation/l1tf: Make pmd/pud_mknotpresent()
  invert"
* "x86/mm/pat: Make set_memory_np() L1TF safe"
* "x86/speculation/l1tf: Fix up CPU feature flags"
* "x86/speculation/l1tf: Unbreak
  !__HAVE_ARCH_PFN_MODIFY_ALLOWED architectures"

Modified "mm: x86: move _PAGE_SWP_SOFT_DIRTY from bit 7 to bit 1" to do the changes to arch/x86/include/asm/pgtable_types.h only (because changes to arch/x86/include/asm/pgtable_64.h were already present).

Stefan Bader (smb) on 2018-09-12
description: updated
Changed in linux (Ubuntu Xenial):
status: In Progress → Fix Committed
Launchpad Janitor (janitor) wrote :
Download full text (28.0 KiB)

This bug was fixed in the package linux - 4.4.0-138.164

---------------
linux (4.4.0-138.164) xenial; urgency=medium

  * linux: 4.4.0-138.164 -proposed tracker (LP: #1795582)

  * Linux 4.4.155 stable release build is broken on ppc64 (LP: #1795662)
    - powerpc/fadump: Return error when fadump registration fails

  * Kernel hang on drive pull caused by regression introduced by commit
    287922eb0b18 (LP: #1791790)
    - block: Fix a race between blk_cleanup_queue() and timeout handling

  * qeth: use vzalloc for QUERY OAT buffer (LP: #1793086)
    - s390/qeth: use vzalloc for QUERY OAT buffer

  * Page leaking in cachefiles_read_backing_file while vmscan is active
    (LP: #1793430)
    - SAUCE: cachefiles: Page leaking in cachefiles_read_backing_file while vmscan
      is active

  * Bugfix for handling of shadow doorbell buffer (LP: #1788222)
    - nvme-pci: add a memory barrier to nvme_dbbuf_update_and_check_event

  * Xenial update to 4.4.155 stable release (LP: #1792419)
    - net: 6lowpan: fix reserved space for single frames
    - net: mac802154: tx: expand tailroom if necessary
    - 9p/net: Fix zero-copy path in the 9p virtio transport
    - net: lan78xx: Fix misplaced tasklet_schedule() call
    - spi: davinci: fix a NULL pointer dereference
    - drm/i915/userptr: reject zero user_size
    - powerpc/fadump: handle crash memory ranges array index overflow
    - powerpc/pseries: Fix endianness while restoring of r3 in MCE handler.
    - fs/9p/xattr.c: catch the error of p9_client_clunk when setting xattr failed
    - 9p/virtio: fix off-by-one error in sg list bounds check
    - net/9p/client.c: version pointer uninitialized
    - net/9p/trans_fd.c: fix race-condition by flushing workqueue before the
      kfree()
    - dm cache metadata: save in-core policy_hint_size to on-disk superblock
    - iio: ad9523: Fix displayed phase
    - iio: ad9523: Fix return value for ad952x_store()
    - vmw_balloon: fix inflation of 64-bit GFNs
    - vmw_balloon: do not use 2MB without batching
    - vmw_balloon: VMCI_DOORBELL_SET does not check status
    - vmw_balloon: fix VMCI use when balloon built into kernel
    - tracing: Do not call start/stop() functions when tracing_on does not change
    - tracing/blktrace: Fix to allow setting same value
    - kthread, tracing: Don't expose half-written comm when creating kthreads
    - uprobes: Use synchronize_rcu() not synchronize_sched()
    - 9p: fix multiple NULL-pointer-dereferences
    - PM / sleep: wakeup: Fix build error caused by missing SRCU support
    - pnfs/blocklayout: off by one in bl_map_stripe()
    - ARM: tegra: Fix Tegra30 Cardhu PCA954x reset
    - mm/tlb: Remove tlb_remove_table() non-concurrent condition
    - iommu/vt-d: Add definitions for PFSID
    - iommu/vt-d: Fix dev iotlb pfsid use
    - osf_getdomainname(): use copy_to_user()
    - sys: don't hold uts_sem while accessing userspace memory
    - userns: move user access out of the mutex
    - ubifs: Fix memory leak in lprobs self-check
    - Revert "UBIFS: Fix potential integer overflow in allocation"
    - ubifs: Check data node size before truncate
    - ubifs: Fix synced_i_size calculation for xattr inodes
    - pwm: ti...

Changed in linux (Ubuntu Xenial):
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers