Xenial update: 4.4.197 upstream stable release

Bug #1848780 reported by Connor Kuehl on 2019-10-18
10
This bug affects 1 person
Affects Status Importance Assigned to Milestone
linux (Ubuntu)
Undecided
Unassigned
Xenial
Medium
Connor Kuehl

Bug Description

SRU Justification

    Impact:
       The upstream process for stable tree updates is quite similar
       in scope to the Ubuntu SRU process, e.g., each patch has to
       demonstrably fix a bug, and each patch is vetted by upstream
       by originating either directly from a mainline/stable Linux tree or
       a minimally backported form of that patch. The following upstream
       stable patches should be included in the Ubuntu kernel:

* KVM: s390: Test for bad access register and size at the start of S390_MEM_OP
* s390/topology: avoid firing events before kobjs are created
* s390/cio: avoid calling strlen on null pointer
* s390/cio: exclude subchannels with no parent from pseudo check
* KVM: nVMX: handle page fault in vmread fix
* ASoC: Define a set of DAPM pre/post-up events
* powerpc/powernv: Restrict OPAL symbol map to only be readable by root
* can: mcp251x: mcp251x_hw_reset(): allow more time after a reset
* crypto: qat - Silence smp_processor_id() warning
* ieee802154: atusb: fix use-after-free at disconnect
* cfg80211: initialize on-stack chandefs
* ima: always return negative code for error
* fs: nfs: Fix possible null-pointer dereferences in encode_attrs()
* 9p: avoid attaching writeback_fid on mmap with type PRIVATE
* xen/pci: reserve MCFG areas earlier
* ceph: fix directories inode i_blkbits initialization
* drm/amdgpu: Check for valid number of registers to read
* thermal: Fix use-after-free when unregistering thermal zone device
* fuse: fix memleak in cuse_channel_open
* kernel/elfcore.c: include proper prototypes
* tools lib traceevent: Do not free tep->cmdlines in add_new_comm() on failure
* perf stat: Fix a segmentation fault when using repeat forever
* crypto: caam - fix concurrency issue in givencrypt descriptor
* cfg80211: add and use strongly typed element iteration macros
* cfg80211: Use const more consistently in for_each_element macros
* nl80211: validate beacon head
* ASoC: sgtl5000: Improve VAG power and mute control
* panic: ensure preemption is disabled during panic()
* UBUNTU: [Config] updateconfigs for USB_RIO500
* USB: rio500: Remove Rio 500 kernel driver
* USB: yurex: Don't retry on unexpected errors
* USB: yurex: fix NULL-derefs on disconnect
* USB: usb-skeleton: fix runtime PM after driver unbind
* USB: usb-skeleton: fix NULL-deref on disconnect
* xhci: Prevent device initiated U1/U2 link pm if exit latency is too long
* xhci: Check all endpoints for LPM timeout
* usb: xhci: wait for CNR controller not ready bit in xhci resume
* xhci: Increase STS_SAVE timeout in xhci_suspend()
* USB: adutux: remove redundant variable minor
* USB: adutux: fix use-after-free on disconnect
* USB: adutux: fix NULL-derefs on disconnect
* USB: adutux: fix use-after-free on release
* USB: iowarrior: fix use-after-free on disconnect
* USB: iowarrior: fix use-after-free on release
* USB: iowarrior: fix use-after-free after driver unbind
* USB: usblp: fix runtime PM after driver unbind
* USB: chaoskey: fix use-after-free on release
* USB: ldusb: fix NULL-derefs on driver unbind
* serial: uartlite: fix exit path null pointer
* USB: serial: keyspan: fix NULL-derefs on open() and write()
* USB: serial: ftdi_sio: add device IDs for Sienna and Echelon PL-20
* USB: serial: option: add Telit FN980 compositions
* USB: serial: option: add support for Cinterion CLS8 devices
* USB: serial: fix runtime PM after driver unbind
* USB: usblcd: fix I/O after disconnect
* USB: microtek: fix info-leak at probe
* USB: dummy-hcd: fix power budget for SuperSpeed mode
* usb: renesas_usbhs: gadget: Do not discard queues in usb_ep_set_{halt,wedge}()
* usb: renesas_usbhs: gadget: Fix usb_ep_set_{halt,wedge}() behavior
* USB: legousbtower: fix slab info leak at probe
* USB: legousbtower: fix deadlock on disconnect
* USB: legousbtower: fix potential NULL-deref on disconnect
* USB: legousbtower: fix open after failed reset request
* USB: legousbtower: fix use-after-free on release
* staging: vt6655: Fix memory leak in vt6655_probe
* iio: adc: ad799x: fix probe error handling
* iio: light: opt3001: fix mutex unlock race
* perf llvm: Don't access out-of-scope array
* CIFS: Gracefully handle QueryInfo errors during open
* CIFS: Force reval dentry if LOOKUP_REVAL flag is set
* kernel/sysctl.c: do not override max_threads provided by userspace
* arm64: capabilities: Handle sign of the feature bit
* arm64: Rename cpuid_feature field extract routines
* Staging: fbtft: fix memory leak in fbtft_framebuffer_alloc
* cifs: Check uniqueid for SMB2+ and return -ESTALE if necessary
* CIFS: Force revalidate inode when dentry is stale
* media: stkwebcam: fix runtime PM after driver unbind
* tracing: Get trace_array reference for available_tracers files
* x86/asm: Fix MWAITX C-state hint value
* Linux 4.4.197

       4.4.197 upstream stable release
       from git://git.kernel.org/

Connor Kuehl (connork) on 2019-10-18
Changed in linux (Ubuntu):
status: New → Confirmed
tags: added: kernel-stable-tracking-bug
Changed in linux (Ubuntu):
status: Confirmed → Invalid
Changed in linux (Ubuntu Xenial):
status: New → In Progress
importance: Undecided → Medium
assignee: nobody → Connor Kuehl (connork)
Connor Kuehl (connork) wrote :

The following commits were skipped because they have already been applied:

* xfs: clear sb->s_fs_info on mount failure

Connor Kuehl (connork) on 2019-10-18
description: updated
Changed in linux (Ubuntu Xenial):
status: In Progress → Fix Committed
Launchpad Janitor (janitor) wrote :
Download full text (18.6 KiB)

This bug was fixed in the package linux - 4.4.0-168.197

---------------
linux (4.4.0-168.197) xenial; urgency=medium

  * CVE-2018-12207
    - KVM: x86: MMU: Encapsulate the type of rmap-chain head in a new struct
    - KVM: x86: MMU: Consolidate quickly_check_mmio_pf() and is_mmio_page_fault()
    - KVM: x86: MMU: Move handle_mmio_page_fault() call to kvm_mmu_page_fault()
    - KVM: MMU: rename has_wrprotected_page to mmu_gfn_lpage_is_disallowed
    - KVM: MMU: introduce kvm_mmu_gfn_{allow,disallow}_lpage
    - KVM: x86: MMU: Make mmu_set_spte() return emulate value
    - KVM: x86: MMU: Move initialization of parent_ptes out from
      kvm_mmu_alloc_page()
    - KVM: x86: MMU: always set accessed bit in shadow PTEs
    - KVM: x86: MMU: Move parent_pte handling from kvm_mmu_get_page() to
      link_shadow_page()
    - KVM: x86: MMU: Remove unused parameter parent_pte from kvm_mmu_get_page()
    - KVM: x86: simplify ept_misconfig
    - KVM: x86: extend usage of RET_MMIO_PF_* constants
    - KVM: MMU: drop vcpu param in gpte_access
    - kvm: Convert kvm_lock to a mutex
    - kvm: x86: Do not release the page inside mmu_set_spte()
    - KVM: x86: make FNAME(fetch) and __direct_map more similar
    - KVM: x86: remove now unneeded hugepage gfn adjustment
    - KVM: x86: change kvm_mmu_page_get_gfn BUG_ON to WARN_ON
    - KVM: x86: add tracepoints around __direct_map and FNAME(fetch)
    - SAUCE: KVM: vmx, svm: always run with EFER.NXE=1 when shadow paging is
      active
    - SAUCE: x86: Add ITLB_MULTIHIT bug infrastructure
    - SAUCE: kvm: mmu: ITLB_MULTIHIT mitigation
    - SAUCE: kvm: Add helper function for creating VM worker threads
    - SAUCE: kvm: x86: mmu: Recovery of shattered NX large pages
    - SAUCE: cpu/speculation: Uninline and export CPU mitigations helpers
    - SAUCE: kvm: x86: mmu: Apply global mitigations knob to ITLB_MULTIHIT

  * CVE-2019-11135
    - KVM: x86: Emulate MSR_IA32_ARCH_CAPABILITIES on AMD hosts
    - KVM: x86: use Intel speculation bugs and features as derived in generic x86
      code
    - x86/msr: Add the IA32_TSX_CTRL MSR
    - x86/cpu: Add a helper function x86_read_arch_cap_msr()
    - x86/cpu: Add a "tsx=" cmdline option with TSX disabled by default
    - x86/speculation/taa: Add mitigation for TSX Async Abort
    - x86/speculation/taa: Add sysfs reporting for TSX Async Abort
    - kvm/x86: Export MDS_NO=0 to guests when TSX is enabled
    - x86/tsx: Add "auto" option to the tsx= cmdline parameter
    - x86/speculation/taa: Add documentation for TSX Async Abort
    - x86/tsx: Add config options to set tsx=on|off|auto
    - SAUCE: x86/speculation/taa: Call tsx_init()
    - SAUCE: x86/cpu: Include cpu header from bugs.c
    - [Config] Disable TSX by default when possible

  * CVE-2019-0154
    - SAUCE: i915_bpo: drm/i915: Lower RM timeout to avoid DSI hard hangs
    - SAUCE: i915_bpo: drm/i915/gen8+: Add RC6 CTX corruption WA
    - SAUCE: drm/i915/gen8+: Add RC6 CTX corruption WA

  * CVE-2019-0155
    - SAUCE: i915_bpo: drm/i915/gtt: Add read only pages to gen8_pte_encode
    - SAUCE: i915_bpo: drm/i915/gtt: Read-only pages for insert_entries on bdw+
    - SAUCE: i915_bpo: drm/i915/gtt: Disable read-on...

Changed in linux (Ubuntu Xenial):
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers