[ubuntu/artful-updates] linux-snapdragon 4.4.0-1088.93 (Accepted)
Andy Whitcroft
apw at canonical.com
Thu Apr 5 08:35:44 UTC 2018
linux-snapdragon (4.4.0-1088.93) xenial; urgency=medium
* linux-snapdragon: 4.4.0-1088.93 -proposed tracker (LP: #1755215)
[ Ubuntu: 4.4.0-117.141 ]
* linux: 4.4.0-117.141 -proposed tracker (LP: #1755208)
* Xenial update to 4.4.114 stable release (LP: #1754592)
- x86/asm/32: Make sync_core() handle missing CPUID on all 32-bit kernels
- usbip: prevent vhci_hcd driver from leaking a socket pointer address
- usbip: Fix implicit fallthrough warning
- usbip: Fix potential format overflow in userspace tools
- x86/microcode/intel: Fix BDW late-loading revision check
- x86/retpoline: Fill RSB on context switch for affected CPUs
- sched/deadline: Use the revised wakeup rule for suspending constrained dl
tasks
- can: af_can: can_rcv(): replace WARN_ONCE by pr_warn_once
- can: af_can: canfd_rcv(): replace WARN_ONCE by pr_warn_once
- PM / sleep: declare __tracedata symbols as char[] rather than char
- time: Avoid undefined behaviour in ktime_add_safe()
- timers: Plug locking race vs. timer migration
- Prevent timer value 0 for MWAITX
- drivers: base: cacheinfo: fix x86 with CONFIG_OF enabled
- drivers: base: cacheinfo: fix boot error message when acpi is enabled
- PCI: layerscape: Add "fsl,ls2085a-pcie" compatible ID
- PCI: layerscape: Fix MSG TLP drop setting
- mmc: sdhci-of-esdhc: add/remove some quirks according to vendor version
- fs/select: add vmalloc fallback for select(2)
- hwpoison, memcg: forcibly uncharge LRU pages
- cma: fix calculation of aligned offset
- mm, page_alloc: fix potential false positive in __zone_watermark_ok
- ipc: msg, make msgrcv work with LONG_MIN
- x86/ioapic: Fix incorrect pointers in ioapic_setup_resources()
- ACPI / processor: Avoid reserving IO regions too early
- ACPI / scan: Prefer devices without _HID/_CID for _ADR matching
- ACPICA: Namespace: fix operand cache leak
- netfilter: x_tables: speed up jump target validation
- netfilter: arp_tables: fix invoking 32bit "iptable -P INPUT ACCEPT" failed
in 64bit kernel
- netfilter: nf_dup_ipv6: set again FLOWI_FLAG_KNOWN_NH at flowi6_flags
- netfilter: nf_ct_expect: remove the redundant slash when policy name is
empty
- netfilter: nfnetlink_queue: reject verdict request from different portid
- netfilter: restart search if moved to other chain
- netfilter: nf_conntrack_sip: extend request line validation
- netfilter: use fwmark_reflect in nf_send_reset
- ext2: Don't clear SGID when inheriting ACLs
- reiserfs: fix race in prealloc discard
- reiserfs: don't preallocate blocks for extended attributes
- reiserfs: Don't clear SGID when inheriting ACLs
- fs/fcntl: f_setown, avoid undefined behaviour
- scsi: libiscsi: fix shifting of DID_REQUEUE host byte
- Input: trackpoint - force 3 buttons if 0 button is reported
- usb: usbip: Fix possible deadlocks reported by lockdep
- usbip: fix stub_rx: get_pipe() to validate endpoint number
- usbip: fix stub_rx: harden CMD_SUBMIT path to handle malicious input
- usbip: prevent leaking socket pointer address in messages
- um: link vmlinux with -no-pie
- vsyscall: Fix permissions for emulate mode with KAISER/PTI
- eventpoll.h: add missing epoll event masks
- x86/microcode/intel: Extend BDW late-loading further with LLC size check
- hrtimer: Reset hrtimer cpu base proper on CPU hotplug
- dccp: don't restart ccid2_hc_tx_rto_expire() if sk in closed state
- ipv6: Fix getsockopt() for sockets with default IPV6_AUTOFLOWLABEL
- ipv6: fix udpv6 sendmsg crash caused by too small MTU
- ipv6: ip6_make_skb() needs to clear cork.base.dst
- lan78xx: Fix failure in USB Full Speed
- net: igmp: fix source address check for IGMPv3 reports
- tcp: __tcp_hdrlen() helper
- net: qdisc_pkt_len_init() should be more robust
- pppoe: take ->needed_headroom of lower device into account on xmit
- r8169: fix memory corruption on retrieval of hardware statistics.
- sctp: do not allow the v4 socket to bind a v4mapped v6 address
- sctp: return error if the asoc has been peeled off in sctp_wait_for_sndbuf
- vmxnet3: repair memory leak
- net: Allow neigh contructor functions ability to modify the primary_key
- ipv4: Make neigh lookup keys for loopback/point-to-point devices be
INADDR_ANY
- flow_dissector: properly cap thoff field
- net: tcp: close sock if net namespace is exiting
- nfsd: auth: Fix gid sorting when rootsquash enabled
- Linux 4.4.114
* Xenial update to 4.4.113 stable release (LP: #1754375)
- gcov: disable for COMPILE_TEST
- scsi: sg: disable SET_FORCE_LOW_DMA
- futex: Prevent overflow by strengthen input validation
- ALSA: pcm: Remove yet superfluous WARN_ON()
- ALSA: hda - Apply headphone noise quirk for another Dell XPS 13 variant
- ALSA: hda - Apply the existing quirk to iMac 14,1
- af_key: fix buffer overread in verify_address_len()
- af_key: fix buffer overread in parse_exthdrs()
- scsi: hpsa: fix volume offline state
- sched/deadline: Zero out positive runtime after throttling constrained tasks
- pipe: avoid round_pipe_size() nr_pages overflow on 32-bit
- x86/apic/vector: Fix off by one in error path
- Input: 88pm860x-ts - fix child-node lookup
- Input: twl6040-vibra - fix DT node memory management
- Input: twl6040-vibra - fix child-node lookup
- Input: twl4030-vibra - fix sibling-node lookup
- tracing: Fix converting enum's from the map in trace_event_eval_update()
- phy: work around 'phys' references to usb-nop-xceiv devices
- ARM: dts: kirkwood: fix pin-muxing of MPP7 on OpenBlocks A7
- can: peak: fix potential bug in packet fragmentation
- dm btree: fix serious bug in btree_split_beneath()
- dm thin metadata: THIN_MAX_CONCURRENT_LOCKS should be 6
- arm64: KVM: Fix SMCCC handling of unimplemented SMC/HVC calls
- kbuild: modversions for EXPORT_SYMBOL() for asm
- x86/pti: Document fix wrong index
- MIPS: AR7: ensure the port type's FCR value is used
- Linux 4.4.113
* Xenial update to 4.4.113 stable release (LP: #1754375) // CVE-2017-5753
(Spectre v1 Intel -> upstream)
- Revert "x86/cpu/AMD: Make the LFENCE instruction serialized"
- x86/cpu/AMD: Make LFENCE a serializing instruction
- x86/cpu/AMD: Use LFENCE_RDTSC in preference to MFENCE_RDTSC
* i2c-thunderx: erroneous error message "unhandled state: 0" (LP: #1754076)
- i2c: octeon: Prevent error message on bus error
* qeth: fix calculation of required buffer elements for skb (LP: #1750810)
- s390/qeth: fix underestimated count of buffer elements
* Support rfkill-any led trigger for Fujitsu u727 (LP: #1745130)
- rfkill: Add rfkill-any LED trigger
* Redpine: Sometimes Wi-Fi connection shows "unavailable" after resume from
WoWLAN S4. WLAN can be recover after reboot or reloading WIFI driver.
(LP: #1753438) // Redpine: BLE scanning for nearby beacons per second is too
low and result high loss rate. (LP: #1753439)
- SAUCE: Redpine: resolve race while resuming from S4
- SAUCE: Redpine: Fix card write failure issue at S4 restore
- SAUCE: Redpine: Add deep sleep enable before connection
- SAUCE: Redpine: resolve power save issue after S4 resume
* qeth: check not more than 16 SBALEs on the completion queue (LP: #1750568)
- qeth: check not more than 16 SBALEs on the completion queue
* qeth: fix L3 next-hop im xmit qeth hdr (LP: #1750813)
- s390/qeth: fix L3 next-hop in xmit qeth hdr
* qemu-efi-aarch64 in >= artful can't boot xenial cloud images (LP: #1744754)
- irqchip/gic-v3: Refactor gic_of_init() for GICv3 driver
- irqchip/gic-v3: Add ACPI support for GICv3/4 initialization
- irqchip/gic-v3: ACPI: Add redistributor support via GICC structures
- irqchip/gic-v3: Remove gic_root_node variable from the ITS code
- irqchip/gic-v3-its: Mark its_init() and its children as __init
- ACPICA: Headers: Add new constants for the DBG2 ACPI table
- of/serial: move earlycon early_param handling to serial
- ACPI: parse SPCR and enable matching console
- [Config] CONFIG_ACPI_SPCR_TABLE=y
- ARM64: ACPI: enable ACPI_SPCR_TABLE
- serial: pl011: add console matching function
* OOM and High CPU utilization in update_blocked_averages because of too many
cfs_rqs in rq->leaf_cfs_rq_list (LP: #1747896)
- sched/fair: Fix O(nr_cgroups) in load balance path
* linux-tools: perf incorrectly linking libbfd (LP: #1748922)
- SAUCE: tools -- add ability to disable libbfd
- [Packaging] correct disablement of libbfd
* retpoline abi files are empty on i386 (LP: #1751021)
- [Packaging] retpoline-extract -- instantiate retpoline files for i386
- [Packaging] final-checks -- sanity checking ABI contents
- [Packaging] final-checks -- check for empty retpoline files
* bnx2x_attn_int_deasserted3:4323 MC assert! (LP: #1715519) //
CVE-2018-1000026
- net: create skb_gso_validate_mac_len()
- bnx2x: disable GSO where gso_size is too big for hardware
* CVE-2017-17448
- netfilter: nfnetlink_cthelper: Add missing permission checks
* TB16 dock ethernet corrupts data with hw checksum silently failing
(LP: #1729674)
- r8152: disable RX aggregation on Dell TB16 dock
* linux < 4.8: x-netns vti is broken (LP: #1744078)
- net: l3mdev: Add master device lookup by index
- xfrm: Only add l3mdev oif to dst lookups
* Xenial update to 4.4.112 stable release (LP: #1745266)
- dm bufio: fix shrinker scans when (nr_to_scan < retain_target)
- can: gs_usb: fix return value of the "set_bittiming" callback
- IB/srpt: Disable RDMA access by the initiator
- MIPS: Validate PR_SET_FP_MODE prctl(2) requests against the ABI of the task
- MIPS: Factor out NT_PRFPREG regset access helpers
- MIPS: Guard against any partial write attempt with PTRACE_SETREGSET
- MIPS: Consistently handle buffer counter with PTRACE_SETREGSET
- MIPS: Fix an FCSR access API regression with NT_PRFPREG and MSA
- MIPS: Also verify sizeof `elf_fpreg_t' with PTRACE_SETREGSET
- MIPS: Disallow outsized PTRACE_SETREGSET NT_PRFPREG regset accesses
- net/mac80211/debugfs.c: prevent build failure with CONFIG_UBSAN=y
- x86/vsdo: Fix build on PARAVIRT_CLOCK=y, KVM_GUEST=n
- x86/acpi: Handle SCI interrupts above legacy space gracefully
- iommu/arm-smmu-v3: Don't free page table ops twice
- ALSA: pcm: Remove incorrect snd_BUG_ON() usages
- ALSA: pcm: Add missing error checks in OSS emulation plugin builder
- ALSA: pcm: Abort properly at pending signal in OSS read/write loops
- ALSA: pcm: Allow aborting mutex lock at OSS read/write loops
- ALSA: aloop: Release cable upon open error path
- ALSA: aloop: Fix inconsistent format due to incomplete rule
- ALSA: aloop: Fix racy hw constraints adjustment
- x86/acpi: Reduce code duplication in mp_override_legacy_irq()
- mm/compaction: fix invalid free_pfn and compact_cached_free_pfn
- mm/compaction: pass only pageblock aligned range to pageblock_pfn_to_page
- mm/page-writeback: fix dirty_ratelimit calculation
- mm/zswap: use workqueue to destroy pool
- zswap: don't param_set_charp while holding spinlock
- locks: don't check for race with close when setting OFD lock
- futex: Replace barrier() in unqueue_me() with READ_ONCE()
- locking/mutex: Allow next waiter lockless wakeup
- usbvision fix overflow of interfaces array
- usb: musb: ux500: Fix NULL pointer dereference at system PM
- r8152: fix the wake event
- r8152: use test_and_clear_bit
- r8152: adjust ALDPS function
- lan78xx: use skb_cow_head() to deal with cloned skbs
- sr9700: use skb_cow_head() to deal with cloned skbs
- smsc75xx: use skb_cow_head() to deal with cloned skbs
- cx82310_eth: use skb_cow_head() to deal with cloned skbs
- x86/mm/pat, /dev/mem: Remove superfluous error message
- hwrng: core - sleep interruptible in read
- sysrq: Fix warning in sysrq generated crash.
- xhci: Fix ring leak in failure path of xhci_alloc_virt_device()
- Revert "userfaultfd: selftest: vm: allow to build in vm/ directory"
- x86/pti/efi: broken conversion from efi to kernel page table
- 8021q: fix a memory leak for VLAN 0 device
- ip6_tunnel: disable dst caching if tunnel is dual-stack
- net: core: fix module type in sock_diag_bind
- RDS: Heap OOB write in rds_message_alloc_sgs()
- sh_eth: fix TSU resource handling
- sh_eth: fix SH7757 GEther initialization
- net: stmmac: enable EEE in MII, GMII or RGMII only
- ipv6: fix possible mem leaks in ipv6_make_skb()
- crypto: algapi - fix NULL dereference in crypto_remove_spawns()
- rbd: set max_segments to USHRT_MAX
- x86/microcode/intel: Extend BDW late-loading with a revision check
- KVM: x86: Add memory barrier on vmcs field lookup
- drm/vmwgfx: Potential off by one in vmw_view_add()
- kaiser: Set _PAGE_NX only if supported
- bpf: don't (ab)use instructions to store state
- bpf: move fixup_bpf_calls() function
- bpf: refactor fixup_bpf_calls()
- bpf: adjust insn_aux_data when patching insns
- bpf: prevent out-of-bounds speculation
- bpf, array: fix overflow in max_entries and undefined behavior in index_mask
- iscsi-target: Make TASK_REASSIGN use proper se_cmd->cmd_kref
- target: Avoid early CMD_T_PRE_EXECUTE failures during ABORT_TASK
- USB: serial: cp210x: add IDs for LifeScan OneTouch Verio IQ
- USB: serial: cp210x: add new device ID ELV ALC 8xxx
- usb: misc: usb3503: make sure reset is low for at least 100us
- USB: fix usbmon BUG trigger
- usbip: remove kernel addresses from usb device and urb debug msgs
- staging: android: ashmem: fix a race condition in ASHMEM_SET_SIZE ioctl
- Bluetooth: Prevent stack info leak from the EFS element.
- uas: ignore UAS for Norelsys NS1068(X) chips
- e1000e: Fix e1000_check_for_copper_link_ich8lan return value.
- x86/Documentation: Add PTI description
- sysfs/cpu: Fix typos in vulnerability documentation
- x86/alternatives: Fix optimize_nops() checking
- selftests/x86: Add test_vsyscall
- Linux 4.4.112
* Xenial update to 4.4.111 stable release (LP: #1745263)
- x86/kasan: Write protect kasan zero shadow
- kernel/acct.c: fix the acct->needcheck check in check_free_space()
- crypto: n2 - cure use after free
- crypto: chacha20poly1305 - validate the digest size
- crypto: pcrypt - fix freeing pcrypt instances
- sunxi-rsb: Include OF based modalias in device uevent
- fscache: Fix the default for fscache_maybe_release_page()
- kernel: make groups_sort calling a responsibility group_info allocators
- kernel/signal.c: protect the traced SIGNAL_UNKILLABLE tasks from SIGKILL
- kernel/signal.c: protect the SIGNAL_UNKILLABLE tasks from !sig_kernel_only()
signals
- kernel/signal.c: remove the no longer needed SIGNAL_UNKILLABLE check in
complete_signal()
- ARC: uaccess: dont use "l" gcc inline asm constraint modifier
- parisc: Fix alignment of pa_tlb_lock in assembly on 32-bit SMP kernel
- genksyms: Handle string literals with spaces in reference files
- module: Issue warnings when tainting kernel
- proc: much faster /proc/vmstat
- Fix build error in vma.c
- Linux 4.4.111
* x86/net/bpf: return statement missing value (LP: #1745364)
- SAUCE: (no-up) arch/x86/bpf: Fix missed return statement
* Ubuntu 16.04 - s390/cpuinfo: show facilities as reported by stfle
(LP: #1744736)
- s390/bitops: add for_each_set_bit_inv helper
- s390/cpuinfo: show facilities as reported by stfle
* Xenial update to 4.4.110 stable release (LP: #1745071)
- KPTI: Rename to PAGE_TABLE_ISOLATION
- SAUCE: Replace CONFIG_KAISER with CONFIG_PAGE_TABLE_ISOLATION
- Linux 4.4.110
* Xenial update to 4.4.109 stable release (LP: #1745069)
- ACPI: APEI / ERST: Fix missing error handling in erst_reader()
- crypto: mcryptd - protect the per-CPU queue with a lock
- mfd: cros ec: spi: Don't send first message too soon
- mfd: twl4030-audio: Fix sibling-node lookup
- mfd: twl6040: Fix child-node lookup
- ALSA: rawmidi: Avoid racy info ioctl via ctl device
- ALSA: usb-audio: Fix the missing ctl name suffix at parsing SU
- PCI / PM: Force devices to D0 in pci_pm_thaw_noirq()
- parisc: Hide Diva-built-in serial aux and graphics card
- spi: xilinx: Detect stall with Unknown commands
- KVM: X86: Fix load RFLAGS w/o the fixed bit
- powerpc/perf: Dereference BHRB entries safely
- net: mvneta: clear interface link status on port disable
- tracing: Remove extra zeroing out of the ring buffer page
- tracing: Fix possible double free on failure of allocating trace buffer
- tracing: Fix crash when it fails to alloc ring buffer
- ring-buffer: Mask out the info bits when returning buffer page length
- iw_cxgb4: Only validate the MSN for successful completions
- ASoC: fsl_ssi: AC'97 ops need regmap, clock and cleaning up on failure
- ASoC: twl4030: fix child-node lookup
- ALSA: hda: Drop useless WARN_ON()
- ALSA: hda - fix headset mic detection issue on a Dell machine
- x86/vm86/32: Switch to flush_tlb_mm_range() in mark_screen_rdonly()
- x86/mm: Remove flush_tlb() and flush_tlb_current_task()
- x86/mm: Make flush_tlb_mm_range() more predictable
- x86/mm: Reimplement flush_tlb_page() using flush_tlb_mm_range()
- x86/mm: Remove the UP asm/tlbflush.h code, always use the (formerly) SMP
code
- x86/mm: Add the 'nopcid' boot option to turn off PCID
- x86/mm/64: Fix reboot interaction with CR4.PCIDE
- kbuild: add '-fno-stack-check' to kernel build options
- ipv4: igmp: guard against silly MTU values
- ipv6: mcast: better catch silly mtu values
- net: igmp: Use correct source address on IGMPv3 reports
- netlink: Add netns check on taps
- net: qmi_wwan: add Sierra EM7565 1199:9091
- net: reevalulate autoflowlabel setting after sysctl setting
- tcp md5sig: Use skb's saddr when replying to an incoming segment
- tg3: Fix rx hang on MTU change with 5717/5719
- net: mvmdio: disable/unprepare clocks in EPROBE_DEFER case
- sctp: Replace use of sockets_allocated with specified macro.
- ipv4: Fix use-after-free when flushing FIB tables
- net: bridge: fix early call to br_stp_change_bridge_id and plug newlink
leaks
- net: phy: micrel: ksz9031: reconfigure autoneg after phy autoneg workaround
- sock: free skb in skb_complete_tx_timestamp on error
- usbip: fix usbip bind writing random string after command in match_busid
- usbip: stub: stop printing kernel pointer addresses in messages
- usbip: vhci: stop printing kernel pointer addresses in messages
- USB: serial: ftdi_sio: add id for Airbus DS P8GR
- USB: serial: qcserial: add Sierra Wireless EM7565
- USB: serial: option: add support for Telit ME910 PID 0x1101
- USB: serial: option: adding support for YUGA CLM920-NC5
- usb: Add device quirk for Logitech HD Pro Webcam C925e
- usb: add RESET_RESUME for ELSA MicroLink 56K
- USB: Fix off by one in type-specific length check of BOS SSP capability
- usb: xhci: Add XHCI_TRUST_TX_LENGTH for Renesas uPD720201
- nohz: Prevent a timer interrupt storm in tick_nohz_stop_sched_tick()
- x86/smpboot: Remove stale TLB flush invocations
- n_tty: fix EXTPROC vs ICANON interaction with TIOCINQ (aka FIONREAD)
- mm/vmstat: Make NR_TLB_REMOTE_FLUSH_RECEIVED available even on UP
- Linux 4.4.109
* Xenial update to 4.4.108 stable release (LP: #1745054)
- arm64: Initialise high_memory global variable earlier
- cxl: Check if vphb exists before iterating over AFU devices
- x86/mm: Fix INVPCID asm constraint
- x86/mm: Add a 'noinvpcid' boot option to turn off INVPCID
- mm/rmap: batched invalidations should use existing api
- mm/mmu_context, sched/core: Fix mmu_context.h assumption
- sched/core: Add switch_mm_irqs_off() and use it in the scheduler
- x86/mm, sched/core: Turn off IRQs in switch_mm()
- ARM: Hide finish_arch_post_lock_switch() from modules
- sched/core: Idle_task_exit() shouldn't use switch_mm_irqs_off()
- x86/irq: Do not substract irq_tlb_count from irq_call_count
- ALSA: hda - add support for docking station for HP 820 G2
- ALSA: hda - add support for docking station for HP 840 G3
- arm: kprobes: Fix the return address of multiple kretprobes
- arm: kprobes: Align stack to 8-bytes in test code
- cpuidle: Validate cpu_dev in cpuidle_add_sysfs()
- crypto: deadlock between crypto_alg_sem/rtnl_mutex/genl_mutex
- sch_dsmark: fix invalid skb_cow() usage
- bna: integer overflow bug in debugfs
- net: qmi_wwan: Add USB IDs for MDM6600 modem on Motorola Droid 4
- usb: gadget: f_uvc: Sanity check wMaxPacketSize for SuperSpeed
- usb: gadget: udc: remove pointer dereference after free
- netfilter: nfnl_cthelper: fix runtime expectation policy updates
- netfilter: nfnl_cthelper: Fix memory leak
- inet: frag: release spinlock before calling icmp_send()
- pinctrl: st: add irq_request/release_resources callbacks
- scsi: lpfc: Fix PT2PT PRLI reject
- KVM: x86: correct async page present tracepoint
- KVM: VMX: Fix enable VPID conditions
- ARM: dts: ti: fix PCI bus dtc warnings
- hwmon: (asus_atk0110) fix uninitialized data access
- HID: xinmo: fix for out of range for THT 2P arcade controller.
- r8152: prevent the driver from transmitting packets with carrier off
- s390/qeth: no ETH header for outbound AF_IUCV
- bna: avoid writing uninitialized data into hw registers
- net: Do not allow negative values for busy_read and busy_poll sysctl
interfaces
- i40e: Do not enable NAPI on q_vectors that have no rings
- RDMA/iser: Fix possible mr leak on device removal event
- irda: vlsi_ir: fix check for DMA mapping errors
- netfilter: nfnl_cthelper: fix a race when walk the nf_ct_helper_hash table
- netfilter: nf_nat_snmp: Fix panic when snmp_trap_helper fails to register
- ARM: dts: am335x-evmsk: adjust mmc2 param to allow suspend
- KVM: pci-assign: do not map smm memory slot pages in vt-d page tables
- isdn: kcapi: avoid uninitialized data
- xhci: plat: Register shutdown for xhci_plat
- netfilter: nfnetlink_queue: fix secctx memory leak
- ARM: dma-mapping: disallow dma_get_sgtable() for non-kernel managed memory
- cpuidle: powernv: Pass correct drv->cpumask for registration
- bnxt_en: Fix NULL pointer dereference in reopen failure path
- backlight: pwm_bl: Fix overflow condition
- crypto: crypto4xx - increase context and scatter ring buffer elements
- rtc: pl031: make interrupt optional
- net: phy: at803x: Change error to EINVAL for invalid MAC
- PCI: Avoid bus reset if bridge itself is broken
- scsi: cxgb4i: fix Tx skb leak
- scsi: mpt3sas: Fix IO error occurs on pulling out a drive from RAID1 volume
created on two SATA drive
- PCI: Create SR-IOV virtfn/physfn links before attaching driver
- igb: check memory allocation failure
- ixgbe: fix use of uninitialized padding
- PCI/AER: Report non-fatal errors only to the affected endpoint
- scsi: lpfc: Fix secure firmware updates
- scsi: lpfc: PLOGI failures during NPIV testing
- fm10k: ensure we process SM mbx when processing VF mbx
- tcp: fix under-evaluated ssthresh in TCP Vegas
- rtc: set the alarm to the next expiring timer
- cpuidle: fix broadcast control when broadcast can not be entered
- thermal: hisilicon: Handle return value of clk_prepare_enable
- MIPS: math-emu: Fix final emulation phase for certain instructions
- Revert "Bluetooth: btusb: driver to enable the usb-wakeup feature"
- ALSA: hda - Clear the leftover component assignment at snd_hdac_i915_exit()
- ALSA: hda - Degrade i915 binding failure message
- ALSA: hda - Fix yet another i915 pointer leftover in error path
- alpha: fix build failures
- Linux 4.4.108
* Xenial update to 4.4.107 stable release (LP: #1745052)
- crypto: hmac - require that the underlying hash algorithm is unkeyed
- crypto: salsa20 - fix blkcipher_walk API usage
- autofs: fix careless error in recent commit
- tracing: Allocate mask_str buffer dynamically
- USB: uas and storage: Add US_FL_BROKEN_FUA for another JMicron JMS567 ID
- USB: core: prevent malicious bNumInterfaces overflow
- usbip: fix stub_send_ret_submit() vulnerability to null transfer_buffer
- ceph: drop negative child dentries before try pruning inode's alias
- Bluetooth: btusb: driver to enable the usb-wakeup feature
- xhci: Don't add a virt_dev to the devs array before it's fully allocated
- sched/rt: Do not pull from current CPU if only one CPU to pull
- dmaengine: dmatest: move callback wait queue to thread context
- ext4: fix fdatasync(2) after fallocate(2) operation
- ext4: fix crash when a directory's i_size is too small
- KEYS: add missing permission check for request_key() destination
- mac80211: Fix addition of mesh configuration element
- usb: phy: isp1301: Add OF device ID table
- md-cluster: free md_cluster_info if node leave cluster
- userfaultfd: shmem: __do_fault requires VM_FAULT_NOPAGE
- userfaultfd: selftest: vm: allow to build in vm/ directory
- net: initialize msg.msg_flags in recvfrom
- net: bcmgenet: correct the RBUF_OVFL_CNT and RBUF_ERR_CNT MIB values
- net: bcmgenet: correct MIB access of UniMAC RUNT counters
- net: bcmgenet: reserved phy revisions must be checked first
- net: bcmgenet: power down internal phy if open or resume fails
- net: bcmgenet: Power up the internal PHY before probing the MII
- NFSD: fix nfsd_minorversion(.., NFSD_AVAIL)
- NFSD: fix nfsd_reset_versions for NFSv4.
- Input: i8042 - add TUXEDO BU1406 (N24_25BU) to the nomux list
- drm/omap: fix dmabuf mmap for dma_alloc'ed buffers
- netfilter: bridge: honor frag_max_size when refragmenting
- writeback: fix memory leak in wb_queue_work()
- net: wimax/i2400m: fix NULL-deref at probe
- dmaengine: Fix array index out of bounds warning in __get_unmap_pool()
- net: Resend IGMP memberships upon peer notification.
- mlxsw: reg: Fix SPVM max record count
- mlxsw: reg: Fix SPVMLR max record count
- intel_th: pci: Add Gemini Lake support
- openrisc: fix issue handling 8 byte get_user calls
- scsi: hpsa: update check for logical volume status
- scsi: hpsa: limit outstanding rescans
- fjes: Fix wrong netdevice feature flags
- drm/radeon/si: add dpm quirk for Oland
- sched/deadline: Make sure the replenishment timer fires in the next period
- sched/deadline: Throttle a constrained deadline task activated after the
deadline
- sched/deadline: Use deadline instead of period when calculating overflow
- mmc: mediatek: Fixed bug where clock frequency could be set wrong
- drm/radeon: reinstate oland workaround for sclk
- afs: Fix missing put_page()
- afs: Populate group ID from vnode status
- afs: Adjust mode bits processing
- afs: Flush outstanding writes when an fd is closed
- afs: Migrate vlocation fields to 64-bit
- afs: Prevent callback expiry timer overflow
- afs: Fix the maths in afs_fs_store_data()
- afs: Populate and use client modification time
- afs: Fix page leak in afs_write_begin()
- afs: Fix afs_kill_pages()
- perf symbols: Fix symbols__fixup_end heuristic for corner cases
- efi/esrt: Cleanup bad memory map log messages
- NFSv4.1 respect server's max size in CREATE_SESSION
- btrfs: add missing memset while reading compressed inline extents
- target: Use system workqueue for ALUA transitions
- target: fix ALUA transition timeout handling
- target: fix race during implicit transition work flushes
- sfc: don't warn on successful change of MAC
- fbdev: controlfb: Add missing modes to fix out of bounds access
- video: udlfb: Fix read EDID timeout
- video: fbdev: au1200fb: Release some resources if a memory allocation fails
- video: fbdev: au1200fb: Return an error code if a memory allocation fails
- rtc: pcf8563: fix output clock rate
- dmaengine: ti-dma-crossbar: Correct am335x/am43xx mux value type
- PCI/PME: Handle invalid data when reading Root Status
- powerpc/powernv/cpufreq: Fix the frequency read by /proc/cpuinfo
- netfilter: ipvs: Fix inappropriate output of procfs
- powerpc/opal: Fix EBUSY bug in acquiring tokens
- powerpc/ipic: Fix status get and status clear
- target/iscsi: Fix a race condition in iscsit_add_reject_from_cmd()
- iscsi-target: fix memory leak in lio_target_tiqn_addtpg()
- target:fix condition return in core_pr_dump_initiator_port()
- target/file: Do not return error for UNMAP if length is zero
- arm-ccn: perf: Prevent module unload while PMU is in use
- crypto: tcrypt - fix buffer lengths in test_aead_speed()
- mm: Handle 0 flags in _calc_vm_trans() macro
- clk: mediatek: add the option for determining PLL source clock
- clk: imx6: refine hdmi_isfr's parent to make HDMI work on i.MX6 SoCs w/o VPU
- clk: tegra: Fix cclk_lp divisor register
- ppp: Destroy the mutex when cleanup
- thermal/drivers/step_wise: Fix temperature regulation misbehavior
- GFS2: Take inode off order_write list when setting jdata flag
- bcache: explicitly destroy mutex while exiting
- bcache: fix wrong cache_misses statistics
- l2tp: cleanup l2tp_tunnel_delete calls
- xfs: fix log block underflow during recovery cycle verification
- xfs: fix incorrect extent state in xfs_bmap_add_extent_unwritten_real
- PCI: Detach driver before procfs & sysfs teardown on device remove
- scsi: hpsa: cleanup sas_phy structures in sysfs when unloading
- scsi: hpsa: destroy sas transport properties before scsi_host
- powerpc/perf/hv-24x7: Fix incorrect comparison in memord
- tty fix oops when rmmod 8250
- usb: musb: da8xx: fix babble condition handling
- pinctrl: adi2: Fix Kconfig build problem
- raid5: Set R5_Expanded on parity devices as well as data.
- scsi: scsi_devinfo: Add REPORTLUN2 to EMC SYMMETRIX blacklist entry
- vt6655: Fix a possible sleep-in-atomic bug in vt6655_suspend
- scsi: sd: change manage_start_stop to bool in sysfs interface
- scsi: sd: change allow_restart to bool in sysfs interface
- scsi: bfa: integer overflow in debugfs
- udf: Avoid overflow when session starts at large offset
- macvlan: Only deliver one copy of the frame to the macvlan interface
- RDMA/cma: Avoid triggering undefined behavior
- IB/ipoib: Grab rtnl lock on heavy flush when calling ndo_open/stop
- ath9k: fix tx99 potential info leak
- Linux 4.4.107
* Xenial update to 4.4.106 stable release (LP: #1745047)
- can: ti_hecc: Fix napi poll return value for repoll
- can: kvaser_usb: free buf in error paths
- can: kvaser_usb: Fix comparison bug in kvaser_usb_read_bulk_callback()
- can: kvaser_usb: ratelimit errors if incomplete messages are received
- can: kvaser_usb: cancel urb on -EPIPE and -EPROTO
- can: ems_usb: cancel urb on -EPIPE and -EPROTO
- can: esd_usb2: cancel urb on -EPIPE and -EPROTO
- can: usb_8dev: cancel urb on -EPIPE and -EPROTO
- virtio: release virtio index when fail to device_register
- hv: kvp: Avoid reading past allocated blocks from KVP file
- isa: Prevent NULL dereference in isa_bus driver callbacks
- scsi: libsas: align sata_device's rps_resp on a cacheline
- efi: Move some sysfs files to be read-only by root
- ASN.1: fix out-of-bounds read when parsing indefinite length item
- ASN.1: check for error from ASN1_OP_END__ACT actions
- X.509: reject invalid BIT STRING for subjectPublicKey
- x86/PCI: Make broadcom_postcore_init() check acpi_disabled
- ALSA: pcm: prevent UAF in snd_pcm_info
- ALSA: seq: Remove spurious WARN_ON() at timer check
- ALSA: usb-audio: Fix out-of-bound error
- ALSA: usb-audio: Add check return value for usb_string()
- iommu/vt-d: Fix scatterlist offset handling
- s390: fix compat system call table
- kdb: Fix handling of kallsyms_symbol_next() return value
- drm: extra printk() wrapper macros
- drm/exynos: gem: Drop NONCONTIG flag for buffers allocated without IOMMU
- media: dvb: i2c transfers over usb cannot be done from stack
- arm64: KVM: fix VTTBR_BADDR_MASK BUG_ON off-by-one
- KVM: VMX: remove I/O port 0x80 bypass on Intel hosts
- arm64: fpsimd: Prevent registers leaking from dead tasks
- ARM: BUG if jumping to usermode address in kernel mode
- ARM: avoid faulting on qemu
- thp: reduce indentation level in change_huge_pmd()
- thp: fix MADV_DONTNEED vs. numa balancing race
- mm: drop unused pmdp_huge_get_and_clear_notify()
- Revert "drm/armada: Fix compile fail"
- Revert "spi: SPI_FSL_DSPI should depend on HAS_DMA"
- Revert "s390/kbuild: enable modversions for symbols exported from asm"
- vti6: Don't report path MTU below IPV6_MIN_MTU.
- ARM: OMAP2+: gpmc-onenand: propagate error on initialization failure
- x86/hpet: Prevent might sleep splat on resume
- selftest/powerpc: Fix false failures for skipped tests
- module: set __jump_table alignment to 8
- ARM: OMAP2+: Fix device node reference counts
- ARM: OMAP2+: Release device node after it is no longer needed.
- gpio: altera: Use handle_level_irq when configured as a level_high
- HID: chicony: Add support for another ASUS Zen AiO keyboard
- usb: gadget: configs: plug memory leak
- USB: gadgetfs: Fix a potential memory leak in 'dev_config()'
- kvm: nVMX: VMCLEAR should not cause the vCPU to shut down
- libata: drop WARN from protocol error in ata_sff_qc_issue()
- workqueue: trigger WARN if queue_delayed_work() is called with NULL @wq
- scsi: lpfc: Fix crash during Hardware error recovery on SLI3 adapters
- irqchip/crossbar: Fix incorrect type of register size
- KVM: nVMX: reset nested_run_pending if the vCPU is going to be reset
- arm: KVM: Survive unknown traps from guests
- arm64: KVM: Survive unknown traps from guests
- spi_ks8995: fix "BUG: key accdaa28 not in .data!"
- bnx2x: prevent crash when accessing PTP with interface down
- bnx2x: fix possible overrun of VFPF multicast addresses array
- bnx2x: do not rollback VF MAC/VLAN filters we did not configure
- ipv6: reorder icmpv6_init() and ip6_mr_init()
- crypto: s5p-sss - Fix completing crypto request in IRQ handler
- i2c: riic: fix restart condition
- zram: set physical queue limits to avoid array out of bounds accesses
- netfilter: don't track fragmented packets
- axonram: Fix gendisk handling
- drm/amd/amdgpu: fix console deadlock if late init failed
- powerpc/powernv/ioda2: Gracefully fail if too many TCE levels requested
- EDAC, i5000, i5400: Fix use of MTR_DRAM_WIDTH macro
- EDAC, i5000, i5400: Fix definition of NRECMEMB register
- kbuild: pkg: use --transform option to prefix paths in tar
- mac80211_hwsim: Fix memory leak in hwsim_new_radio_nl()
- route: also update fnhe_genid when updating a route cache
- route: update fnhe_expires for redirect when the fnhe exists
- lib/genalloc.c: make the avail variable an atomic_long_t
- dynamic-debug-howto: fix optional/omitted ending line number to be LARGE
instead of 0
- NFS: Fix a typo in nfs_rename()
- sunrpc: Fix rpc_task_begin trace point
- block: wake up all tasks blocked in get_request()
- sparc64/mm: set fields in deferred pages
- sctp: do not free asoc when it is already dead in sctp_sendmsg
- sctp: use the right sk after waking up from wait_buf sleep
- atm: horizon: Fix irq release error
- jump_label: Invoke jump_label_test() via early_initcall()
- xfrm: Copy policy family in clone_policy
- IB/mlx4: Increase maximal message size under UD QP
- IB/mlx5: Assign send CQ and recv CQ of UMR QP
- afs: Connect up the CB.ProbeUuid
- ipvlan: fix ipv6 outbound device
- audit: ensure that 'audit=1' actually enables audit for PID 1
- ipmi: Stop timers before cleaning up the module
- s390: always save and restore all registers on context switch
- tipc: fix memory leak in tipc_accept_from_sock()
- rds: Fix NULL pointer dereference in __rds_rdma_map
- sit: update frag_off info
- packet: fix crash in fanout_demux_rollover()
- net/packet: fix a race in packet_bind() and packet_notifier()
- Revert "x86/efi: Build our own page table structures"
- Revert "x86/efi: Hoist page table switching code into efi_call_virt()"
- Revert "x86/mm/pat: Ensure cpa->pfn only contains page frame numbers"
- arm: KVM: Fix VTTBR_BADDR_MASK BUG_ON off-by-one
- usb: gadget: ffs: Forbid usb_ep_alloc_request from sleeping
- Linux 4.4.106
* Xenial update to 4.4.105 stable release (LP: #1745046)
- bcache: only permit to recovery read error when cache device is clean
- bcache: recover data from backing when data is clean
- uas: Always apply US_FL_NO_ATA_1X quirk to Seagate devices
- usb: quirks: Add no-lpm quirk for KY-688 USB 3.1 Type-C Hub
- serial: 8250_pci: Add Amazon PCI serial device ID
- s390/runtime instrumentation: simplify task exit handling
- USB: serial: option: add Quectel BG96 id
- ima: fix hash algorithm initialization
- s390/pci: do not require AIS facility
- selftests/x86/ldt_get: Add a few additional tests for limits
- serial: 8250_fintek: Fix rs485 disablement on invalid ioctl()
- spi: sh-msiof: Fix DMA transfer size check
- usb: phy: tahvo: fix error handling in tahvo_usb_probe()
- serial: 8250: Preserve DLD[7:4] for PORT_XR17V35X
- x86/entry: Use SYSCALL_DEFINE() macros for sys_modify_ldt()
- EDAC, sb_edac: Fix missing break in switch
- sysrq : fix Show Regs call trace on ARM
- perf test attr: Fix ignored test case result
- kprobes/x86: Disable preemption in ftrace-based jprobes
- net: systemport: Utilize skb_put_padto()
- net: systemport: Pad packet before inserting TSB
- ARM: OMAP1: DMA: Correct the number of logical channels
- vti6: fix device register to report IFLA_INFO_KIND
- net/appletalk: Fix kernel memory disclosure
- ravb: Remove Rx overflow log messages
- nfs: Don't take a reference on fl->fl_file for LOCK operation
- KVM: arm/arm64: Fix occasional warning from the timer work function
- NFSv4: Fix client recovery when server reboots multiple times
- drm/exynos/decon5433: set STANDALONE_UPDATE_F on output enablement
- net: sctp: fix array overrun read on sctp_timer_tbl
- tipc: fix cleanup at module unload
- dmaengine: pl330: fix double lock
- tcp: correct memory barrier usage in tcp_check_space()
- mm: avoid returning VM_FAULT_RETRY from ->page_mkwrite handlers
- xen-netfront: Improve error handling during initialization
- net: fec: fix multicast filtering hardware setup
- Revert "ocfs2: should wait dio before inode lock in ocfs2_setattr()"
- usb: hub: Cycle HUB power when initialization fails
- usb: xhci: fix panic in xhci_free_virt_devices_depth_first
- usb: ch9: Add size macro for SSP dev cap descriptor
- USB: core: Add type-specific length check of BOS descriptors
- USB: Increase usbfs transfer limit
- USB: devio: Prevent integer overflow in proc_do_submiturb()
- USB: usbfs: Filter flags passed in from user space
- usb: host: fix incorrect updating of offset
- xen-netfront: avoid crashing on resume after a failure in talk_to_netback()
- Linux 4.4.105
* Xenial update to 4.4.104 stable release (LP: #1745043)
- x86/mm/pat: Ensure cpa->pfn only contains page frame numbers
- x86/efi: Hoist page table switching code into efi_call_virt()
- x86/efi: Build our own page table structures
- ARM: dts: omap3: logicpd-torpedo-37xx-devkit: Fix MMC1 cd-gpio
- x86/efi-bgrt: Fix kernel panic when mapping BGRT data
- x86/efi-bgrt: Replace early_memremap() with memremap()
- mm/madvise.c: fix madvise() infinite loop under special circumstances
- btrfs: clear space cache inode generation always
- KVM: x86: pvclock: Handle first-time write to pvclock-page contains random
junk
- KVM: x86: Exit to user-mode on #UD intercept when emulator requires
- KVM: x86: inject exceptions produced by x86_decode_insn
- mmc: core: Do not leave the block driver in a suspended state
- eeprom: at24: check at24_read/write arguments
- bcache: Fix building error on MIPS
- Revert "drm/radeon: dont switch vt on suspend"
- drm/radeon: fix atombios on big endian
- drm/panel: simple: Add missing panel_simple_unprepare() calls
- mtd: nand: Fix writing mtdoops to nand flash.
- NFS: revalidate "." etc correctly on "open".
- drm/i915: Don't try indexed reads to alternate slave addresses
- drm/i915: Prevent zero length "index" write
- nfsd: Make init_open_stateid() a bit more whole
- nfsd: Fix stateid races between OPEN and CLOSE
- nfsd: Fix another OPEN stateid race
- Linux 4.4.104
* Xenial update to 4.4.103 stable release (LP: #1744873)
- s390: fix transactional execution control register handling
- s390/runtime instrumention: fix possible memory corruption
- s390/disassembler: add missing end marker for e7 table
- s390/disassembler: increase show_code buffer size
- AF_VSOCK: Shrink the area influenced by prepare_to_wait
- vsock: use new wait API for vsock_stream_sendmsg()
- sched: Make resched_cpu() unconditional
- lib/mpi: call cond_resched() from mpi_powm() loop
- x86/decoder: Add new TEST instruction pattern
- ARM: 8722/1: mm: make STRICT_KERNEL_RWX effective for LPAE
- ARM: 8721/1: mm: dump: check hardware RO bit for LPAE
- MIPS: ralink: Fix MT7628 pinmux
- MIPS: ralink: Fix typo in mt7628 pinmux function
- ALSA: hda: Add Raven PCI ID
- dm bufio: fix integer overflow when limiting maximum cache size
- dm: fix race between dm_get_from_kobject() and __dm_destroy()
- MIPS: Fix an n32 core file generation regset support regression
- MIPS: BCM47XX: Fix LED inversion for WRT54GSv1
- autofs: don't fail mount for transient error
- nilfs2: fix race condition that causes file system corruption
- eCryptfs: use after free in ecryptfs_release_messaging()
- bcache: check ca->alloc_thread initialized before wake up it
- isofs: fix timestamps beyond 2027
- NFS: Fix typo in nomigration mount option
- nfs: Fix ugly referral attributes
- nfsd: deal with revoked delegations appropriately
- rtlwifi: rtl8192ee: Fix memory leak when loading firmware
- rtlwifi: fix uninitialized rtlhal->last_suspend_sec time
- ata: fixes kernel crash while tracing ata_eh_link_autopsy event
- ext4: fix interaction between i_size, fallocate, and delalloc after a crash
- ALSA: pcm: update tstamp only if audio_tstamp changed
- ALSA: usb-audio: Add sanity checks to FE parser
- ALSA: usb-audio: Fix potential out-of-bound access at parsing SU
- ALSA: usb-audio: Add sanity checks in v2 clock parsers
- ALSA: timer: Remove kernel warning at compat ioctl error paths
- ALSA: hda/realtek - Fix ALC700 family no sound issue
- fix a page leak in vhost_scsi_iov_to_sgl() error recovery
- fs/9p: Compare qid.path in v9fs_test_inode
- iscsi-target: Fix non-immediate TMR reference leak
- target: Fix QUEUE_FULL + SCSI task attribute handling
- KVM: nVMX: set IDTR and GDTR limits when loading L1 host state
- KVM: SVM: obey guest PAT
- SUNRPC: Fix tracepoint storage issues with svc_recv and svc_rqst_status
- clk: ti: dra7-atl-clock: Fix of_node reference counting
- clk: ti: dra7-atl-clock: fix child-node lookups
- libnvdimm, namespace: fix label initialization to use valid seq numbers
- libnvdimm, namespace: make 'resource' attribute only readable by root
- IB/srpt: Do not accept invalid initiator port names
- IB/srp: Avoid that a cable pull can trigger a kernel crash
- NFC: fix device-allocation error return
- i40e: Use smp_rmb rather than read_barrier_depends
- igb: Use smp_rmb rather than read_barrier_depends
- igbvf: Use smp_rmb rather than read_barrier_depends
- ixgbevf: Use smp_rmb rather than read_barrier_depends
- i40evf: Use smp_rmb rather than read_barrier_depends
- fm10k: Use smp_rmb rather than read_barrier_depends
- ixgbe: Fix skb list corruption on Power systems
- parisc: Fix validity check of pointer size argument in new CAS
implementation
- powerpc/signal: Properly handle return value from uprobe_deny_signal()
- media: Don't do DMA on stack for firmware upload in the AS102 driver
- media: rc: check for integer overflow
- cx231xx-cards: fix NULL-deref on missing association descriptor
- media: v4l2-ctrl: Fix flags field on Control events
- sched/rt: Simplify the IPI based RT balancing logic
- fscrypt: lock mutex before checking for bounce page pool
- net/9p: Switch to wait_event_killable()
- PM / OPP: Add missing of_node_put(np)
- e1000e: Fix error path in link detection
- e1000e: Fix return value test
- RDS: RDMA: return appropriate error on rdma map failures
- PCI: Apply _HPX settings only to relevant devices
- dmaengine: zx: set DMA_CYCLIC cap_mask bit
- net: Allow IP_MULTICAST_IF to set index to L3 slave
- net: 3com: typhoon: typhoon_init_one: make return values more specific
- net: 3com: typhoon: typhoon_init_one: fix incorrect return values
- drm/armada: Fix compile fail
- ath10k: fix incorrect txpower set by P2P_DEVICE interface
- ath10k: ignore configuring the incorrect board_id
- ath10k: fix potential memory leak in ath10k_wmi_tlv_op_pull_fw_stats()
- ath10k: set CTS protection VDEV param only if VDEV is up
- ALSA: hda - Apply ALC269_FIXUP_NO_SHUTUP on HDA_FIXUP_ACT_PROBE
- drm: Apply range restriction after color adjustment when allocation
- mac80211: Remove invalid flag operations in mesh TSF synchronization
- mac80211: Suppress NEW_PEER_CANDIDATE event if no room
- iio: light: fix improper return value
- staging: iio: cdc: fix improper return value
- spi: SPI_FSL_DSPI should depend on HAS_DMA
- netfilter: nft_queue: use raw_smp_processor_id()
- netfilter: nf_tables: fix oob access
- ASoC: rsnd: don't double free kctrl
- btrfs: return the actual error value from from btrfs_uuid_tree_iterate
- ASoC: wm_adsp: Don't overrun firmware file buffer when reading region data
- s390/kbuild: enable modversions for symbols exported from asm
- xen: xenbus driver must not accept invalid transaction ids
- Revert "sctp: do not peel off an assoc from one netns to another one"
- Linux 4.4.103
* ppc64el: Do not call ibm,os-term on panic (LP: #1736954)
- powerpc: Do not call ppc_md.panic in fadump panic notifier
* Xenial update to 4.4.102 stable release (LP: #1744870)
- mm, hwpoison: fixup "mm: check the return value of lookup_page_ext for all
call sites"
- Linux 4.4.102
* Xenial update to 4.4.101 stable release (LP: #1744794)
- tcp: do not mangle skb->cb[] in tcp_make_synack()
- netfilter/ipvs: clear ipvs_property flag when SKB net namespace changed
- bonding: discard lowest hash bit for 802.3ad layer3+4
- vlan: fix a use-after-free in vlan_device_event()
- af_netlink: ensure that NLMSG_DONE never fails in dumps
- sctp: do not peel off an assoc from one netns to another one
- fealnx: Fix building error on MIPS
- net/sctp: Always set scope_id in sctp_inet6_skb_msgname
- ima: do not update security.ima if appraisal status is not INTEGRITY_PASS
- serial: omap: Fix EFR write on RTS deassertion
- arm64: fix dump_instr when PAN and UAO are in use
- ocfs2: should wait dio before inode lock in ocfs2_setattr()
- ipmi: fix unsigned long underflow
- mm/page_alloc.c: broken deferred calculation
- coda: fix 'kernel memory exposure attempt' in fsync
- mm: check the return value of lookup_page_ext for all call sites
- mm/page_ext.c: check if page_ext is not prepared
- mm/pagewalk.c: report holes in hugetlb ranges
- Linux 4.4.101
* Xenial update to 4.4.100 stable release (LP: #1744639)
- media: imon: Fix null-ptr-deref in imon_probe
- media: dib0700: fix invalid dvb_detach argument
- KVM: x86: fix singlestepping over syscall
- net: cdc_ether: fix divide by 0 on bad descriptors
- net: qmi_wwan: fix divide by 0 on bad descriptors
- arm: crypto: reduce priority of bit-sliced AES cipher
- Bluetooth: btusb: fix QCA Rome suspend/resume
- dmaengine: dmatest: warn user when dma test times out
- extcon: palmas: Check the parent instance to prevent the NULL
- fm10k: request reset when mbx->state changes
- ARM: dts: Fix compatible for ti81xx uarts for 8250
- ARM: dts: Fix am335x and dm814x scm syscon to probe children
- ARM: OMAP2+: Fix init for multiple quirks for the same SoC
- ARM: dts: Fix omap3 off mode pull defines
- ata: ATA_BMDMA should depend on HAS_DMA
- ata: SATA_HIGHBANK should depend on HAS_DMA
- ata: SATA_MV should depend on HAS_DMA
- drm/sti: sti_vtg: Handle return NULL error from devm_ioremap_nocache
- igb: reset the PHY before reading the PHY ID
- igb: close/suspend race in netif_device_detach
- igb: Fix hw_dbg logging in igb_update_flash_i210
- scsi: ufs-qcom: Fix module autoload
- scsi: ufs: add capability to keep auto bkops always enabled
- staging: rtl8188eu: fix incorrect ERROR tags from logs
- scsi: lpfc: FCoE VPort enable-disable does not bring up the VPort
- scsi: lpfc: Correct host name in symbolic_name field
- scsi: lpfc: Correct issue leading to oops during link reset
- scsi: lpfc: Clear the VendorVersion in the PLOGI/PLOGI ACC payload
- ALSA: vx: Don't try to update capture stream before running
- ALSA: vx: Fix possible transfer overflow
- backlight: lcd: Fix race condition during register
- backlight: adp5520: Fix error handling in adp5520_bl_probe()
- gpu: drm: mgag200: mgag200_main:- Handle error from pci_iomap
- ALSA: hda/realtek - Add new codec ID ALC299
- arm64: dts: NS2: reserve memory for Nitro firmware
- ixgbe: fix AER error handling
- ixgbe: handle close/suspend race with netif_device_detach/present
- ixgbe: Reduce I2C retry count on X550 devices
- ixgbe: add mask for 64 RSS queues
- ixgbe: do not disable FEC from the driver
- staging: rtl8712: fixed little endian problem
- MIPS: End asm function prologue macros with .insn
- mm: add PHYS_PFN, use it in __phys_to_pfn()
- MIPS: init: Ensure bootmem does not corrupt reserved memory
- MIPS: init: Ensure reserved memory regions are not added to bootmem
- MIPS: Netlogic: Exclude netlogic,xlp-pic code from XLR builds
- Revert "crypto: xts - Add ECB dependency"
- Revert "uapi: fix linux/rds.h userspace compilation errors"
- uapi: fix linux/rds.h userspace compilation error
- uapi: fix linux/rds.h userspace compilation errors
- USB: usbfs: compute urb->actual_length for isochronous
- USB: Add delay-init quirk for Corsair K70 LUX keyboards
- USB: serial: qcserial: add pid/vid for Sierra Wireless EM7355 fw update
- USB: serial: garmin_gps: fix I/O after failed probe and remove
- USB: serial: garmin_gps: fix memory leak on probe errors
- Linux 4.4.100
* Xenial update to 4.4.99 stable release (LP: #1744636)
- mac80211: accept key reinstall without changing anything
- mac80211: use constant time comparison with keys
- mac80211: don't compare TKIP TX MIC key in reinstall prevention
- usb: usbtest: fix NULL pointer dereference
- Input: ims-psu - check if CDC union descriptor is sane
- ALSA: seq: Cancel pending autoload work at unbinding device
- tun/tap: sanitize TUNSETSNDBUF input
- tcp: fix tcp_mtu_probe() vs highest_sack
- l2tp: check ps->sock before running pppol2tp_session_ioctl()
- tun: call dev_get_valid_name() before register_netdevice()
- sctp: add the missing sock_owned_by_user check in sctp_icmp_redirect
- packet: avoid panic in packet_getsockopt()
- ipv6: flowlabel: do not leave opt->tot_len with garbage
- net/unix: don't show information about sockets from other namespaces
- ip6_gre: only increase err_count for some certain type icmpv6 in ip6gre_err
- tun: allow positive return values on dev_get_valid_name() call
- sctp: reset owner sk for data chunks on out queues when migrating a sock
- ppp: fix race in ppp device destruction
- ipip: only increase err_count for some certain type icmp in ipip_err
- tcp/dccp: fix ireq->opt races
- tcp/dccp: fix lockdep splat in inet_csk_route_req()
- tcp/dccp: fix other lockdep splats accessing ireq_opt
- security/keys: add CONFIG_KEYS_COMPAT to Kconfig
- tipc: fix link attribute propagation bug
- brcmfmac: remove setting IBSS mode when stopping AP
- target/iscsi: Fix iSCSI task reassignment handling
- target: Fix node_acl demo-mode + uncached dynamic shutdown regression
- misc: panel: properly restore atomic counter on error path
- Linux 4.4.99
* elantech touchpad of Lenovo L480/580 failed to detect hw_version
(LP: #1733605)
- Input: elantech - add new icbody type 15
* Disabling zfs does not always disable module checks for the zfs modules
(LP: #1737176)
- [Packaging] disable zfs module checks when zfs is disabled
* Using asymmetric key for IMA appraisal crashes the system in Ubuntu 16.04
(LP: #1735977)
- integrity: convert digsig to akcipher api
* CVE-2017-17450
- netfilter: xt_osf: Add missing permission checks
* CVE-2017-15129
- net: Fix double free and memory corruption in get_net_ns_by_id()
* CVE-2018-5344
- loop: fix concurrent lo_open/lo_release
* [KVM] Lower the default for halt_poll_ns to 200000 ns (LP: #1724614)
- KVM: x86: lower default for halt_poll_ns
* $(LOCAL_ENV_CC) and $(LOCAL_ENV_DISTCC_HOSTS) should be properly quoted
(LP: #1744077)
- [Debian] pass LOCAL_ENV_CC and LOCAL_ENV_DISTCC_HOSTS properly
* Redpine: Wifi/BT not functioning after s3 resume (LP: #1742090) //
[16.04][classic] Redpine: wowlan feature doesn't work (LP: #1742094)
- SAUCE: Redpine: fix for wowlan wakeup failure
- SAUCE: Redpine: fix data issue with non-uapsd APs
- SAUCE: Redpine: fix reset card issue
- SAUCE: Redpine: fix wowlan issue
* Using an NVMe drive causes huge power drain (LP: #1664602) // Samsung SSD
960 EVO 500GB refused to change power state (LP: #1705748)
- nvme-pci: disable APST on Samsung SSD 960 EVO + ASUS PRIME B350M-A
* Using an NVMe drive causes huge power drain (LP: #1664602)
- nvme/scsi: Remove power management support
- nvme: return the whole CQE through the request passthrough interface
- nvme: factor out a add nvme_is_write helper
- nvme: Modify and export sync command submission for fabrics
- nvme: Fix nvme_get/set_features() with a NULL result pointer
- nvme: Pass pointers, not dma addresses, to nvme_get/set_features()
- nvme: Add a quirk mechanism that uses identify_ctrl
- nvme: Enable autonomous power state transitions
- nvme: Adjust the Samsung APST quirk
- nvme: Quirk APST off on "THNSF5256GPUK TOSHIBA"
- nvme: only consider exit latency when choosing useful non-op power states
- nvme: relax APST default max latency to 100ms
- nvme: Quirk APST on Intel 600P/P3100 devices
* CVE-2017-17862
- bpf: fix branch pruning logic
* CVE-2017-16995
- bpf: fix incorrect sign extension in check_alu_op()
* CVE-2017-17741
- KVM: Fix stack-out-of-bounds read in write_mmio
* CVE-2018-5333
- RDS: null pointer dereference in rds_atomic_free_op
* the kernel is blackholing IPv6 packets to linkdown nexthops (LP: #1738219)
- ipv6: Do not consider linkdown nexthops during multipath
* /dev/bcache/by-uuid links not created after reboot (LP: #1729145)
- SAUCE: (no-up) bcache: decouple emitting a cached_dev CHANGE uevent
* e1000e in 4.4.0-97-generic breaks 82574L under heavy load. (LP: #1730550)
- e1000e: Avoid receiver overrun interrupt bursts
- e1000e: Separate signaling for link check/link up
* ath10k: enhance rf signal strength (LP: #1736317)
- ath10k: add max_tx_power for QCA6174 WLAN.RM.2.0 firmware
* User reports excessive ALUA retry messages (LP: #1720228)
- scsi_dh_alua: uninitialized variable in alua_rtpg()
* Add installer support for new Broadcom network drivers. (LP: #1734757)
- d-i: Add bnxt_en_bpo to nic-modules.
* Transparent hugepages should default to enabled=madvise (LP: #1703742)
- SAUCE: use CONFIG_TRANSPARENT_HUGEPAGE_MADVISE=y as default
linux-snapdragon (4.4.0-1087.92) xenial; urgency=medium
* linux-snapdragon: 4.4.0-1087.92 -proposed tracker (LP: #1749096)
[ Ubuntu: 4.4.0-116.140 ]
* linux: 4.4.0-116.140 -proposed tracker (LP: #1748990)
* BUG: unable to handle kernel NULL pointer dereference at 0000000000000009
(LP: #1748671)
- SAUCE: net: ipv4: fix for a race condition in raw_sendmsg -- fix backport
linux-snapdragon (4.4.0-1086.91) xenial; urgency=medium
* linux-snapdragon: 4.4.0-1086.91 -proposed tracker (LP: #1748494)
[ Ubuntu: 4.4.0-115.139 ]
* linux: 4.4.0-115.138 -proposed tracker (LP: #1748745)
* CVE-2017-5715 (Spectre v2 Intel)
- Revert "UBUNTU: SAUCE: turn off IBPB when full retpoline is present"
- SAUCE: turn off IBRS when full retpoline is present
- [Packaging] retpoline files must be sorted
- [Packaging] pull in retpoline files
[ Ubuntu: 4.4.0-114.137 ]
* linux: 4.4.0-114.137 -proposed tracker (LP: #1748484)
* ALSA backport missing NVIDIA GPU codec IDs to patch table to
Ubuntu 16.04 LTS Kernel (LP: #1744117)
- ALSA: hda - Add missing NVIDIA GPU codec IDs to patch table
* Shutdown hang on 16.04 with iscsi targets (LP: #1569925)
- scsi: libiscsi: Allow sd_shutdown on bad transport
* libata: apply MAX_SEC_1024 to all LITEON EP1 series devices (LP: #1743053)
- libata: apply MAX_SEC_1024 to all LITEON EP1 series devices
* KVM patches for s390x to provide facility bits 81 (ppa15) and 82 (bpb)
(LP: #1747090)
- KVM: s390: wire up bpb feature
- KVM: s390: Enable all facility bits that are known good for passthrough
* CVE-2017-5715 (Spectre v2 Intel)
- SAUCE: drop lingering gmb() macro
- x86/feature: Enable the x86 feature to control Speculation
- x86/feature: Report presence of IBPB and IBRS control
- x86/enter: MACROS to set/clear IBRS and set IBPB
- x86/enter: Use IBRS on syscall and interrupts
- x86/idle: Disable IBRS entering idle and enable it on wakeup
- x86/idle: Disable IBRS when offlining cpu and re-enable on wakeup
- x86/mm: Set IBPB upon context switch
- x86/mm: Only set IBPB when the new thread cannot ptrace current thread
- x86/kvm: add MSR_IA32_SPEC_CTRL and MSR_IA32_PRED_CMD to kvm
- x86/kvm: Set IBPB when switching VM
- x86/kvm: Toggle IBRS on VM entry and exit
- x86/spec_ctrl: Add sysctl knobs to enable/disable SPEC_CTRL feature
- x86/spec_ctrl: Add lock to serialize changes to ibrs and ibpb control
- x86/cpu/amd, kvm: Satisfy guest kernel reads of IC_CFG MSR
- x86/cpu/AMD: Add speculative control support for AMD
- x86/microcode: Extend post microcode reload to support IBPB feature
- KVM: SVM: Do not intercept new speculative control MSRs
- x86/svm: Set IBRS value on VM entry and exit
- x86/svm: Set IBPB when running a different VCPU
- KVM: x86: Add speculative control CPUID support for guests
- SAUCE: Fix spec_ctrl support in KVM
- SAUCE: turn off IBPB when full retpoline is present
linux-snapdragon (4.4.0-1085.90) xenial; urgency=low
* linux-snapdragon: 4.4.0-1085.90 -proposed tracker (LP: #1746942)
[ Ubuntu: 4.4.0-113.136 ]
* linux: 4.4.0-113.136 -proposed tracker (LP: #1746936)
* Missing install-time driver for QLogic QED 25/40/100Gb Ethernet NIC
(LP: #1743638)
- [d-i] Add qede to nic-modules udeb
* CVE-2017-5753 (Spectre v1 Intel)
- x86/cpu/AMD: Make the LFENCE instruction serialized
- x86/cpu/AMD: Remove now unused definition of MFENCE_RDTSC feature
- SAUCE: reinstate MFENCE_RDTSC feature definition
- locking/barriers: introduce new observable speculation barrier
- bpf: prevent speculative execution in eBPF interpreter
- x86, bpf, jit: prevent speculative execution when JIT is enabled
- SAUCE: FIX: x86, bpf, jit: prevent speculative execution when JIT is enabled
- carl9170: prevent speculative execution
- qla2xxx: prevent speculative execution
- Thermal/int340x: prevent speculative execution
- ipv4: prevent speculative execution
- ipv6: prevent speculative execution
- fs: prevent speculative execution
- net: mpls: prevent speculative execution
- udf: prevent speculative execution
- userns: prevent speculative execution
- SAUCE: claim mitigation via observable speculation barrier
- SAUCE: powerpc: add osb barrier
- SAUCE: s390/spinlock: add osb memory barrier
- SAUCE: arm64: no osb() implementation yet
- SAUCE: arm: no osb() implementation yet
* CVE-2017-5715 (Spectre v2 retpoline)
- x86/cpuid: Provide get_scattered_cpuid_leaf()
- x86/cpu: Factor out application of forced CPU caps
- x86/cpufeatures: Make CPU bugs sticky
- x86/cpufeatures: Add X86_BUG_CPU_INSECURE
- x86/cpu, x86/pti: Do not enable PTI on AMD processors
- x86/pti: Rename BUG_CPU_INSECURE to BUG_CPU_MELTDOWN
- x86/cpufeatures: Add X86_BUG_SPECTRE_V[12]
- x86/cpu: Merge bugs.c and bugs_64.c
- sysfs/cpu: Add vulnerability folder
- x86/cpu: Implement CPU vulnerabilites sysfs functions
- x86/alternatives: Add missing '\n' at end of ALTERNATIVE inline asm
- x86/mm/32: Move setup_clear_cpu_cap(X86_FEATURE_PCID) earlier
- x86/asm: Use register variable to get stack pointer value
- x86/kbuild: enable modversions for symbols exported from asm
- x86/asm: Make asm/alternative.h safe from assembly
- EXPORT_SYMBOL() for asm
- kconfig.h: use __is_defined() to check if MODULE is defined
- x86/retpoline: Add initial retpoline support
- x86/spectre: Add boot time option to select Spectre v2 mitigation
- x86/retpoline/crypto: Convert crypto assembler indirect jumps
- x86/retpoline/entry: Convert entry assembler indirect jumps
- x86/retpoline/ftrace: Convert ftrace assembler indirect jumps
- x86/retpoline/hyperv: Convert assembler indirect jumps
- x86/retpoline/xen: Convert Xen hypercall indirect jumps
- x86/retpoline/checksum32: Convert assembler indirect jumps
- x86/retpoline/irq32: Convert assembler indirect jumps
- x86/retpoline: Fill return stack buffer on vmexit
- x86/retpoline: Remove compile time warning
- x86/retpoline: Add LFENCE to the retpoline/RSB filling RSB macros
- module: Add retpoline tag to VERMAGIC
- x86/mce: Make machine check speculation protected
- retpoline: Introduce start/end markers of indirect thunk
- kprobes/x86: Blacklist indirect thunk functions for kprobes
- kprobes/x86: Disable optimizing on the function jumps to indirect thunk
- x86/retpoline: Optimize inline assembler for vmexit_fill_RSB
- [Config] CONFIG_RETPOLINE=y
- [Packaging] retpoline -- add call site validation
- [Config] disable retpoline checks for first upload
* CVE-2017-5715 (revert embargoed) // CVE-2017-5753 (revert embargoed)
- Revert "UBUNTU: SAUCE: Fix spec_ctrl support in KVM"
- Revert "x86/cpuid: Provide get_scattered_cpuid_leaf()"
- Revert "kvm: vmx: Scrub hardware GPRs at VM-exit"
- Revert "Revert "x86/svm: Add code to clear registers on VM exit""
- Revert "UBUNTU: SAUCE: x86/microcode: Extend post microcode reload to
support IBPB feature -- repair missmerge"
- Revert "arm: no gmb() implementation yet"
- Revert "arm64: no gmb() implementation yet"
- Revert "UBUNTU: SAUCE: x86/kvm: Fix stuff_RSB() for 32-bit"
- Revert "s390/spinlock: add gmb memory barrier"
- Revert "powerpc: add gmb barrier"
- Revert "x86/cpu/AMD: Remove now unused definition of MFENCE_RDTSC feature"
- Revert "x86/cpu/AMD: Make the LFENCE instruction serialized"
- Revert "x86/svm: Add code to clear registers on VM exit"
- Revert "x86/svm: Add code to clobber the RSB on VM exit"
- Revert "KVM: x86: Add speculative control CPUID support for guests"
- Revert "x86/svm: Set IBPB when running a different VCPU"
- Revert "x86/svm: Set IBRS value on VM entry and exit"
- Revert "KVM: SVM: Do not intercept new speculative control MSRs"
- Revert "x86/microcode: Extend post microcode reload to support IBPB feature"
- Revert "x86/cpu/AMD: Add speculative control support for AMD"
- Revert "x86/cpu/amd, kvm: Satisfy guest kernel reads of IC_CFG MSR"
- Revert "x86/entry: Use retpoline for syscall's indirect calls"
- Revert "x86/syscall: Clear unused extra registers on 32-bit compatible
syscall entrance"
- Revert "x86/syscall: Clear unused extra registers on syscall entrance"
- Revert "x86/spec_ctrl: Add lock to serialize changes to ibrs and ibpb
control"
- Revert "x86/spec_ctrl: Add sysctl knobs to enable/disable SPEC_CTRL feature"
- Revert "x86/kvm: Pad RSB on VM transition"
- Revert "x86/kvm: Toggle IBRS on VM entry and exit"
- Revert "x86/kvm: Set IBPB when switching VM"
- Revert "x86/kvm: add MSR_IA32_SPEC_CTRL and MSR_IA32_PRED_CMD to kvm"
- Revert "x86/entry: Stuff RSB for entry to kernel for non-SMEP platform"
- Revert "x86/mm: Only set IBPB when the new thread cannot ptrace current
thread"
- Revert "x86/mm: Set IBPB upon context switch"
- Revert "x86/idle: Disable IBRS when offlining cpu and re-enable on wakeup"
- Revert "x86/idle: Disable IBRS entering idle and enable it on wakeup"
- Revert "x86/enter: Use IBRS on syscall and interrupts"
- Revert "x86/enter: MACROS to set/clear IBRS and set IBPB"
- Revert "x86/feature: Report presence of IBPB and IBRS control"
- Revert "x86/feature: Enable the x86 feature to control Speculation"
- Revert "udf: prevent speculative execution"
- Revert "net: mpls: prevent speculative execution"
- Revert "fs: prevent speculative execution"
- Revert "ipv6: prevent speculative execution"
- Revert "userns: prevent speculative execution"
- Revert "Thermal/int340x: prevent speculative execution"
- Revert "qla2xxx: prevent speculative execution"
- Revert "carl9170: prevent speculative execution"
- Revert "uvcvideo: prevent speculative execution"
- Revert "x86, bpf, jit: prevent speculative execution when JIT is enabled"
- Revert "bpf: prevent speculative execution in eBPF interpreter"
* CVE-2017-17712
- net: ipv4: fix for a race condition in raw_sendmsg
* upload urgency should be medium by default (LP: #1745338)
- [Packaging] update urgency to medium by default
* CVE-CVE-2017-12190
- more bio_map_user_iov() leak fixes
* CVE-2015-8952
- mbcache2: reimplement mbcache
- ext2: convert to mbcache2
- ext4: convert to mbcache2
- mbcache2: limit cache size
- mbcache2: Use referenced bit instead of LRU
- ext4: kill ext4_mballoc_ready
- ext4: shortcut setting of xattr to the same value
- mbcache: remove mbcache
- mbcache2: rename to mbcache
- mbcache: get rid of _e_hash_list_head
- mbcache: add reusable flag to cache entries
* CVE-2017-15115
- sctp: do not peel off an assoc from one netns to another one
* CVE-2017-8824
- dccp: CVE-2017-8824: use-after-free in DCCP code
[ Ubuntu: 4.4.0-112.135 ]
* linux: 4.4.0-112.135 -proposed tracker (LP: #1744244)
* CVE-2017-5715 // CVE-2017-5753
- x86/cpuid: Provide get_scattered_cpuid_leaf()
- SAUCE: Fix spec_ctrl support in KVM
- SAUCE: s390: improve cpu alternative handling for gmb and nobp
- SAUCE: s390: print messages for gmb and nobp
- [Config] KERNEL_NOBP=y
[ Ubuntu: 4.4.0-111.134 ]
* linux: 4.4.0-111.134 -proposed tracker (LP: #1743362)
* Do not duplicate changelog entries assigned to more than one bug or CVE
(LP: #1743383)
- [Packaging] git-ubuntu-log -- handle multiple bugs/cves better
* CVE-2017-5715 // CVE-2017-5753
- SAUCE: x86/microcode: Extend post microcode reload to support IBPB feature
-- repair missmerge
- Revert "x86/svm: Add code to clear registers on VM exit"
- kvm: vmx: Scrub hardware GPRs at VM-exit
* CVE-2017-5754
- SAUCE: powerpc: use sync instead of hwsync mnemonic
[ Ubuntu: 4.4.0-110.133 ]
* linux: 4.4.0-110.133 -proposed tracker (LP: #1742995)
* CVE-2017-5753
- x86/microcode/AMD: Add support for fam17h microcode loading
- bpf: add bpf_patch_insn_single helper
- bpf: prepare bpf_int_jit_compile/bpf_prog_select_runtime apis
- bpf: add generic constant blinding for use in jits
- locking/barriers: introduce new memory barrier gmb()
- bpf: prevent speculative execution in eBPF interpreter
- x86, bpf, jit: prevent speculative execution when JIT is enabled
- uvcvideo: prevent speculative execution
- carl9170: prevent speculative execution
- qla2xxx: prevent speculative execution
- Thermal/int340x: prevent speculative execution
- userns: prevent speculative execution
- ipv6: prevent speculative execution
- fs: prevent speculative execution
- net: mpls: prevent speculative execution
- udf: prevent speculative execution
- x86/feature: Enable the x86 feature to control Speculation
- x86/feature: Report presence of IBPB and IBRS control
- x86/enter: MACROS to set/clear IBRS and set IBPB
- x86/enter: Use IBRS on syscall and interrupts
- x86/idle: Disable IBRS entering idle and enable it on wakeup
- x86/idle: Disable IBRS when offlining cpu and re-enable on wakeup
- x86/mm: Set IBPB upon context switch
- x86/mm: Only set IBPB when the new thread cannot ptrace current thread
- x86/entry: Stuff RSB for entry to kernel for non-SMEP platform
- x86/kvm: add MSR_IA32_SPEC_CTRL and MSR_IA32_PRED_CMD to kvm
- x86/kvm: Set IBPB when switching VM
- x86/kvm: Toggle IBRS on VM entry and exit
- x86/kvm: Pad RSB on VM transition
- x86/spec_ctrl: Add sysctl knobs to enable/disable SPEC_CTRL feature
- x86/spec_ctrl: Add lock to serialize changes to ibrs and ibpb control
- x86/syscall: Clear unused extra registers on syscall entrance
- x86/syscall: Clear unused extra registers on 32-bit compatible syscall
entrance
- x86/entry: Use retpoline for syscall's indirect calls
- x86/cpu/amd, kvm: Satisfy guest kernel reads of IC_CFG MSR
- x86/cpu/AMD: Add speculative control support for AMD
- x86/microcode: Extend post microcode reload to support IBPB feature
- KVM: SVM: Do not intercept new speculative control MSRs
- x86/svm: Set IBRS value on VM entry and exit
- x86/svm: Set IBPB when running a different VCPU
- KVM: x86: Add speculative control CPUID support for guests
- x86/svm: Add code to clobber the RSB on VM exit
- x86/svm: Add code to clear registers on VM exit
- x86/cpu/AMD: Make the LFENCE instruction serialized
- x86/cpu/AMD: Remove now unused definition of MFENCE_RDTSC feature
- powerpc: add gmb barrier
- s390/spinlock: add gmb memory barrier
- SAUCE: x86/kvm: Fix stuff_RSB() for 32-bit
- arm64: no gmb() implementation yet
- arm: no gmb() implementation yet
* CVE-2017-5715
- x86/microcode/AMD: Add support for fam17h microcode loading
- bpf: add bpf_patch_insn_single helper
- bpf: prepare bpf_int_jit_compile/bpf_prog_select_runtime apis
- bpf: add generic constant blinding for use in jits
- locking/barriers: introduce new memory barrier gmb()
- bpf: prevent speculative execution in eBPF interpreter
- x86, bpf, jit: prevent speculative execution when JIT is enabled
- uvcvideo: prevent speculative execution
- carl9170: prevent speculative execution
- qla2xxx: prevent speculative execution
- Thermal/int340x: prevent speculative execution
- userns: prevent speculative execution
- ipv6: prevent speculative execution
- fs: prevent speculative execution
- net: mpls: prevent speculative execution
- udf: prevent speculative execution
- x86/feature: Enable the x86 feature to control Speculation
- x86/feature: Report presence of IBPB and IBRS control
- x86/enter: MACROS to set/clear IBRS and set IBPB
- x86/enter: Use IBRS on syscall and interrupts
- x86/idle: Disable IBRS entering idle and enable it on wakeup
- x86/idle: Disable IBRS when offlining cpu and re-enable on wakeup
- x86/mm: Set IBPB upon context switch
- x86/mm: Only set IBPB when the new thread cannot ptrace current thread
- x86/entry: Stuff RSB for entry to kernel for non-SMEP platform
- x86/kvm: add MSR_IA32_SPEC_CTRL and MSR_IA32_PRED_CMD to kvm
- x86/kvm: Set IBPB when switching VM
- x86/kvm: Toggle IBRS on VM entry and exit
- x86/kvm: Pad RSB on VM transition
- x86/spec_ctrl: Add sysctl knobs to enable/disable SPEC_CTRL feature
- x86/spec_ctrl: Add lock to serialize changes to ibrs and ibpb control
- x86/syscall: Clear unused extra registers on syscall entrance
- x86/syscall: Clear unused extra registers on 32-bit compatible syscall
entrance
- x86/entry: Use retpoline for syscall's indirect calls
- x86/cpu/amd, kvm: Satisfy guest kernel reads of IC_CFG MSR
- x86/cpu/AMD: Add speculative control support for AMD
- x86/microcode: Extend post microcode reload to support IBPB feature
- KVM: SVM: Do not intercept new speculative control MSRs
- x86/svm: Set IBRS value on VM entry and exit
- x86/svm: Set IBPB when running a different VCPU
- KVM: x86: Add speculative control CPUID support for guests
- x86/svm: Add code to clobber the RSB on VM exit
- x86/svm: Add code to clear registers on VM exit
- x86/cpu/AMD: Make the LFENCE instruction serialized
- x86/cpu/AMD: Remove now unused definition of MFENCE_RDTSC feature
- powerpc: add gmb barrier
- s390/spinlock: add gmb memory barrier
- SAUCE: x86/kvm: Fix stuff_RSB() for 32-bit
- arm64: no gmb() implementation yet
- arm: no gmb() implementation yet
* powerpc: flush L1D on return to use (LP: #1742772)
- SAUCE: powerpc: Secure memory rfi flush
- SAUCE: rfi-flush: Make DEBUG_RFI a CONFIG option
- SAUCE: rfi-flush: Add HRFI_TO_UNKNOWN and use it in denorm
- SAUCE: Fixup rfid in kvmppc_skip_Hinterrupt should be hrfid
- SAUCE: rfi-flush: kvmppc_skip_(H)interrupt returns to host
- SAUCE: KVM: Revert the implementation of H_GET_CPU_CHARACTERISTICS
- SAUCE: rfi-flush: Implement congruence-first fallback flush
- SAUCE: rfi-flush: Make l1d_flush_type bit flags
- SAUCE: rfi-flush: Push the instruction selection down to the patching
routine
- SAUCE: rfi-flush: Expand the RFI section to two nop slots
- SAUCE: rfi-flush: Support more than one flush type at once
- SAUCE: rfi-flush: Allow HV to advertise multiple flush types
- SAUCE: rfi-flush: Add speculation barrier before ori 30,30,0 flush
- SAUCE: powerpc/asm: Allow including ppc_asm.h in asm files
- SAUCE: Remove setup.h include file otherwise compilation complains about
missing header file.
- SAUCE: Fix compilation errors for arch/powerpc/lib/feature-fixups.c
- SAUCE: rfi-flush: Add barriers to the fallback L1D flushing
- SAUCE: rfi-flush: Rework powernv logic to be more cautious
- SAUCE: rfi-flush: Rework pseries logic to be more cautious
- SAUCE: rfi-flush: Fix the fallback flush to actually activate
- SAUCE: rfi-flush: Fix HRFI_TO_UNKNOWN
- SAUCE: rfi-flush: Refactor the macros so the nops are defined once
- SAUCE: rfi-flush: Add no_rfi_flush and nopti comandline options
- SAUCE: rfi-flush: Use rfi-flush in printks
- SAUCE: rfi-flush: Fallback flush add load dependency
- SAUCE: rfi-flush: Fix the 32-bit KVM build
- SAUCE: rfi-flush: Fix some RFI conversions in the KVM code
- SAUCE: UBUNTU: [Config] Disable CONFIG_PPC_DEBUG_RFI
* s390: add ppa to kernel entry/exit (LP: #1742771)
- s390: introduce CPU alternatives
- s390: add ppa to kernel entry / exit
* CVE-2017-5754
- x86/tlb: Drop the _GPL from the cpu_tlbstate export
- Map the vsyscall page with _PAGE_USER
- s390: introduce CPU alternatives
- s390: add ppa to kernel entry / exit
- SAUCE: powerpc: Secure memory rfi flush
- SAUCE: rfi-flush: Make DEBUG_RFI a CONFIG option
- SAUCE: rfi-flush: Add HRFI_TO_UNKNOWN and use it in denorm
- SAUCE: Fixup rfid in kvmppc_skip_Hinterrupt should be hrfid
- SAUCE: rfi-flush: kvmppc_skip_(H)interrupt returns to host
- SAUCE: KVM: Revert the implementation of H_GET_CPU_CHARACTERISTICS
- SAUCE: rfi-flush: Implement congruence-first fallback flush
- SAUCE: rfi-flush: Make l1d_flush_type bit flags
- SAUCE: rfi-flush: Push the instruction selection down to the patching
routine
- SAUCE: rfi-flush: Expand the RFI section to two nop slots
- SAUCE: rfi-flush: Support more than one flush type at once
- SAUCE: rfi-flush: Allow HV to advertise multiple flush types
- SAUCE: rfi-flush: Add speculation barrier before ori 30,30,0 flush
- SAUCE: powerpc/asm: Allow including ppc_asm.h in asm files
- SAUCE: Remove setup.h include file otherwise compilation complains about
missing header file.
- SAUCE: Fix compilation errors for arch/powerpc/lib/feature-fixups.c
- SAUCE: rfi-flush: Add barriers to the fallback L1D flushing
- SAUCE: rfi-flush: Rework powernv logic to be more cautious
- SAUCE: rfi-flush: Rework pseries logic to be more cautious
- SAUCE: rfi-flush: Fix the fallback flush to actually activate
- SAUCE: rfi-flush: Fix HRFI_TO_UNKNOWN
- SAUCE: rfi-flush: Refactor the macros so the nops are defined once
- SAUCE: rfi-flush: Add no_rfi_flush and nopti comandline options
- SAUCE: rfi-flush: Use rfi-flush in printks
- SAUCE: rfi-flush: Fallback flush add load dependency
- SAUCE: rfi-flush: Fix the 32-bit KVM build
- SAUCE: rfi-flush: Fix some RFI conversions in the KVM code
- SAUCE: UBUNTU: [Config] Disable CONFIG_PPC_DEBUG_RFI
[ Ubuntu: 4.4.0-109.132 ]
* linux: 4.4.0-109.132 -proposed tracker (LP: #1742252)
* Kernel trace with xenial 4.4 (4.4.0-108.131, Candidate kernels for PTI fix)
(LP: #1741934)
- SAUCE: kaiser: fix perf crashes - fix to original commit
[ Ubuntu: 4.4.0-108.131 ]
* linux: 4.4.0-108.131 -proposed tracker (LP: #1741727)
* CVE-2017-5754
- x86/mm: Disable PCID on 32-bit kernels
linux-snapdragon (4.4.0-1084.89) xenial; urgency=low
* linux-snapdragon: 4.4.0-1084.89 -proposed tracker (LP: #1741653)
[ Ubuntu: 4.4.0-107.130 ]
* linux: 4.4.0-107.130 -proposed tracker (LP: #1741643)
* CVE-2017-5754
- Revert "UBUNTU: SAUCE: arch/x86/entry/vdso: temporarily disable vdso"
- KPTI: Report when enabled
- x86, vdso, pvclock: Simplify and speed up the vdso pvclock reader
- x86/vdso: Get pvclock data from the vvar VMA instead of the fixmap
- x86/kasan: Clear kasan_zero_page after TLB flush
- kaiser: Set _PAGE_NX only if supported
[ Ubuntu: 4.4.0-106.129 ]
* linux: 4.4.0-106.129 -proposed tracker (LP: #1741528)
* CVE-2017-5754
- KAISER: Kernel Address Isolation
- kaiser: merged update
- kaiser: do not set _PAGE_NX on pgd_none
- kaiser: stack map PAGE_SIZE at THREAD_SIZE-PAGE_SIZE
- kaiser: fix build and FIXME in alloc_ldt_struct()
- kaiser: KAISER depends on SMP
- kaiser: fix regs to do_nmi() ifndef CONFIG_KAISER
- kaiser: fix perf crashes
- kaiser: ENOMEM if kaiser_pagetable_walk() NULL
- kaiser: tidied up asm/kaiser.h somewhat
- kaiser: tidied up kaiser_add/remove_mapping slightly
- kaiser: kaiser_remove_mapping() move along the pgd
- kaiser: cleanups while trying for gold link
- kaiser: name that 0x1000 KAISER_SHADOW_PGD_OFFSET
- kaiser: delete KAISER_REAL_SWITCH option
- kaiser: vmstat show NR_KAISERTABLE as nr_overhead
- x86/mm: Enable CR4.PCIDE on supported systems
- x86/mm: Build arch/x86/mm/tlb.c even on !SMP
- x86/mm, sched/core: Uninline switch_mm()
- x86/mm: Add INVPCID helpers
- x86/mm: If INVPCID is available, use it to flush global mappings
- kaiser: enhanced by kernel and user PCIDs
- kaiser: load_new_mm_cr3() let SWITCH_USER_CR3 flush user
- kaiser: PCID 0 for kernel and 128 for user
- kaiser: x86_cr3_pcid_noflush and x86_cr3_pcid_user
- kaiser: paranoid_entry pass cr3 need to paranoid_exit
- kaiser: _pgd_alloc() without __GFP_REPEAT to avoid stalls
- kaiser: fix unlikely error in alloc_ldt_struct()
- kaiser: add "nokaiser" boot option, using ALTERNATIVE
- x86/kaiser: Rename and simplify X86_FEATURE_KAISER handling
- x86/boot: Add early cmdline parsing for options with arguments
- x86/kaiser: Check boottime cmdline params
- kaiser: use ALTERNATIVE instead of x86_cr3_pcid_noflush
- kaiser: drop is_atomic arg to kaiser_pagetable_walk()
- kaiser: asm/tlbflush.h handle noPGE at lower level
- kaiser: kaiser_flush_tlb_on_return_to_user() check PCID
- x86/paravirt: Dont patch flush_tlb_single
- x86/kaiser: Reenable PARAVIRT
- kaiser: disabled on Xen PV
- x86/kaiser: Move feature detection up
- kvm: x86: fix RSM when PCID is non-zero
- SAUCE: arch/x86/entry/vdso: temporarily disable vdso
- [Config]: CONFIG_KAISER=y
linux-snapdragon (4.4.0-1082.87) xenial; urgency=low
* linux-snapdragon: 4.4.0-1082.87 -proposed tracker (LP: #1737520)
[ Ubuntu: 4.4.0-104.127 ]
* linux: 4.4.0-104.127 -proposed tracker (LP: #1737511)
* upgrading linux-image package to 4.4.0-103.126 breaks Ceph network file
system connection (LP: #1737033)
- Revert "libceph: MOSDOpReply v7 encoding"
- Revert "libceph: advertise support for TUNABLES5"
- Revert "crush: decode and initialize chooseleaf_stable"
- Revert "crush: add chooseleaf_stable tunable"
- Revert "crush: ensure take bucket value is valid"
- Revert "crush: ensure bucket id is valid before indexing buckets array"
Date: 2018-03-14 09:45:22.129889+00:00
Changed-By: Khaled El Mously <khalid.elmously at canonical.com>
Signed-By: Andy Whitcroft <apw at canonical.com>
https://launchpad.net/ubuntu/+source/linux-snapdragon/4.4.0-1088.93
-------------- next part --------------
Sorry, changesfile not available.
More information about the Artful-changes
mailing list