Xenial update: 4.4.197 upstream stable release

Bug #1848780 reported by Connor Kuehl on 2019-10-18
This bug affects 1 person
Affects Status Importance Assigned to Milestone
linux (Ubuntu)
Connor Kuehl

Bug Description

SRU Justification

       The upstream process for stable tree updates is quite similar
       in scope to the Ubuntu SRU process, e.g., each patch has to
       demonstrably fix a bug, and each patch is vetted by upstream
       by originating either directly from a mainline/stable Linux tree or
       a minimally backported form of that patch. The following upstream
       stable patches should be included in the Ubuntu kernel:

* KVM: s390: Test for bad access register and size at the start of S390_MEM_OP
* s390/topology: avoid firing events before kobjs are created
* s390/cio: avoid calling strlen on null pointer
* s390/cio: exclude subchannels with no parent from pseudo check
* KVM: nVMX: handle page fault in vmread fix
* ASoC: Define a set of DAPM pre/post-up events
* powerpc/powernv: Restrict OPAL symbol map to only be readable by root
* can: mcp251x: mcp251x_hw_reset(): allow more time after a reset
* crypto: qat - Silence smp_processor_id() warning
* ieee802154: atusb: fix use-after-free at disconnect
* cfg80211: initialize on-stack chandefs
* ima: always return negative code for error
* fs: nfs: Fix possible null-pointer dereferences in encode_attrs()
* 9p: avoid attaching writeback_fid on mmap with type PRIVATE
* xen/pci: reserve MCFG areas earlier
* ceph: fix directories inode i_blkbits initialization
* drm/amdgpu: Check for valid number of registers to read
* thermal: Fix use-after-free when unregistering thermal zone device
* fuse: fix memleak in cuse_channel_open
* kernel/elfcore.c: include proper prototypes
* tools lib traceevent: Do not free tep->cmdlines in add_new_comm() on failure
* perf stat: Fix a segmentation fault when using repeat forever
* crypto: caam - fix concurrency issue in givencrypt descriptor
* cfg80211: add and use strongly typed element iteration macros
* cfg80211: Use const more consistently in for_each_element macros
* nl80211: validate beacon head
* ASoC: sgtl5000: Improve VAG power and mute control
* panic: ensure preemption is disabled during panic()
* UBUNTU: [Config] updateconfigs for USB_RIO500
* USB: rio500: Remove Rio 500 kernel driver
* USB: yurex: Don't retry on unexpected errors
* USB: yurex: fix NULL-derefs on disconnect
* USB: usb-skeleton: fix runtime PM after driver unbind
* USB: usb-skeleton: fix NULL-deref on disconnect
* xhci: Prevent device initiated U1/U2 link pm if exit latency is too long
* xhci: Check all endpoints for LPM timeout
* usb: xhci: wait for CNR controller not ready bit in xhci resume
* xhci: Increase STS_SAVE timeout in xhci_suspend()
* USB: adutux: remove redundant variable minor
* USB: adutux: fix use-after-free on disconnect
* USB: adutux: fix NULL-derefs on disconnect
* USB: adutux: fix use-after-free on release
* USB: iowarrior: fix use-after-free on disconnect
* USB: iowarrior: fix use-after-free on release
* USB: iowarrior: fix use-after-free after driver unbind
* USB: usblp: fix runtime PM after driver unbind
* USB: chaoskey: fix use-after-free on release
* USB: ldusb: fix NULL-derefs on driver unbind
* serial: uartlite: fix exit path null pointer
* USB: serial: keyspan: fix NULL-derefs on open() and write()
* USB: serial: ftdi_sio: add device IDs for Sienna and Echelon PL-20
* USB: serial: option: add Telit FN980 compositions
* USB: serial: option: add support for Cinterion CLS8 devices
* USB: serial: fix runtime PM after driver unbind
* USB: usblcd: fix I/O after disconnect
* USB: microtek: fix info-leak at probe
* USB: dummy-hcd: fix power budget for SuperSpeed mode
* usb: renesas_usbhs: gadget: Do not discard queues in usb_ep_set_{halt,wedge}()
* usb: renesas_usbhs: gadget: Fix usb_ep_set_{halt,wedge}() behavior
* USB: legousbtower: fix slab info leak at probe
* USB: legousbtower: fix deadlock on disconnect
* USB: legousbtower: fix potential NULL-deref on disconnect
* USB: legousbtower: fix open after failed reset request
* USB: legousbtower: fix use-after-free on release
* staging: vt6655: Fix memory leak in vt6655_probe
* iio: adc: ad799x: fix probe error handling
* iio: light: opt3001: fix mutex unlock race
* perf llvm: Don't access out-of-scope array
* CIFS: Gracefully handle QueryInfo errors during open
* CIFS: Force reval dentry if LOOKUP_REVAL flag is set
* kernel/sysctl.c: do not override max_threads provided by userspace
* arm64: capabilities: Handle sign of the feature bit
* arm64: Rename cpuid_feature field extract routines
* Staging: fbtft: fix memory leak in fbtft_framebuffer_alloc
* cifs: Check uniqueid for SMB2+ and return -ESTALE if necessary
* CIFS: Force revalidate inode when dentry is stale
* media: stkwebcam: fix runtime PM after driver unbind
* tracing: Get trace_array reference for available_tracers files
* x86/asm: Fix MWAITX C-state hint value
* Linux 4.4.197

       4.4.197 upstream stable release
       from git://git.kernel.org/

Connor Kuehl (connork) on 2019-10-18
Changed in linux (Ubuntu):
status: New → Confirmed
tags: added: kernel-stable-tracking-bug
Changed in linux (Ubuntu):
status: Confirmed → Invalid
Changed in linux (Ubuntu Xenial):
status: New → In Progress
importance: Undecided → Medium
assignee: nobody → Connor Kuehl (connork)
Connor Kuehl (connork) wrote :

The following commits were skipped because they have already been applied:

* xfs: clear sb->s_fs_info on mount failure

Connor Kuehl (connork) on 2019-10-18
description: updated
Changed in linux (Ubuntu Xenial):
status: In Progress → Fix Committed
Launchpad Janitor (janitor) wrote :
Download full text (18.6 KiB)

This bug was fixed in the package linux - 4.4.0-168.197

linux (4.4.0-168.197) xenial; urgency=medium

  * CVE-2018-12207
    - KVM: x86: MMU: Encapsulate the type of rmap-chain head in a new struct
    - KVM: x86: MMU: Consolidate quickly_check_mmio_pf() and is_mmio_page_fault()
    - KVM: x86: MMU: Move handle_mmio_page_fault() call to kvm_mmu_page_fault()
    - KVM: MMU: rename has_wrprotected_page to mmu_gfn_lpage_is_disallowed
    - KVM: MMU: introduce kvm_mmu_gfn_{allow,disallow}_lpage
    - KVM: x86: MMU: Make mmu_set_spte() return emulate value
    - KVM: x86: MMU: Move initialization of parent_ptes out from
    - KVM: x86: MMU: always set accessed bit in shadow PTEs
    - KVM: x86: MMU: Move parent_pte handling from kvm_mmu_get_page() to
    - KVM: x86: MMU: Remove unused parameter parent_pte from kvm_mmu_get_page()
    - KVM: x86: simplify ept_misconfig
    - KVM: x86: extend usage of RET_MMIO_PF_* constants
    - KVM: MMU: drop vcpu param in gpte_access
    - kvm: Convert kvm_lock to a mutex
    - kvm: x86: Do not release the page inside mmu_set_spte()
    - KVM: x86: make FNAME(fetch) and __direct_map more similar
    - KVM: x86: remove now unneeded hugepage gfn adjustment
    - KVM: x86: change kvm_mmu_page_get_gfn BUG_ON to WARN_ON
    - KVM: x86: add tracepoints around __direct_map and FNAME(fetch)
    - SAUCE: KVM: vmx, svm: always run with EFER.NXE=1 when shadow paging is
    - SAUCE: x86: Add ITLB_MULTIHIT bug infrastructure
    - SAUCE: kvm: mmu: ITLB_MULTIHIT mitigation
    - SAUCE: kvm: Add helper function for creating VM worker threads
    - SAUCE: kvm: x86: mmu: Recovery of shattered NX large pages
    - SAUCE: cpu/speculation: Uninline and export CPU mitigations helpers
    - SAUCE: kvm: x86: mmu: Apply global mitigations knob to ITLB_MULTIHIT

  * CVE-2019-11135
    - KVM: x86: Emulate MSR_IA32_ARCH_CAPABILITIES on AMD hosts
    - KVM: x86: use Intel speculation bugs and features as derived in generic x86
    - x86/msr: Add the IA32_TSX_CTRL MSR
    - x86/cpu: Add a helper function x86_read_arch_cap_msr()
    - x86/cpu: Add a "tsx=" cmdline option with TSX disabled by default
    - x86/speculation/taa: Add mitigation for TSX Async Abort
    - x86/speculation/taa: Add sysfs reporting for TSX Async Abort
    - kvm/x86: Export MDS_NO=0 to guests when TSX is enabled
    - x86/tsx: Add "auto" option to the tsx= cmdline parameter
    - x86/speculation/taa: Add documentation for TSX Async Abort
    - x86/tsx: Add config options to set tsx=on|off|auto
    - SAUCE: x86/speculation/taa: Call tsx_init()
    - SAUCE: x86/cpu: Include cpu header from bugs.c
    - [Config] Disable TSX by default when possible

  * CVE-2019-0154
    - SAUCE: i915_bpo: drm/i915: Lower RM timeout to avoid DSI hard hangs
    - SAUCE: i915_bpo: drm/i915/gen8+: Add RC6 CTX corruption WA
    - SAUCE: drm/i915/gen8+: Add RC6 CTX corruption WA

  * CVE-2019-0155
    - SAUCE: i915_bpo: drm/i915/gtt: Add read only pages to gen8_pte_encode
    - SAUCE: i915_bpo: drm/i915/gtt: Read-only pages for insert_entries on bdw+
    - SAUCE: i915_bpo: drm/i915/gtt: Disable read-on...

Changed in linux (Ubuntu Xenial):
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers