[ubuntu/bionic-security] linux-aws 4.15.0-1029.30 (Accepted)
Andy Whitcroft
apw at canonical.com
Thu Nov 29 20:56:55 UTC 2018
linux-aws (4.15.0-1029.30) bionic; urgency=medium
* Miscellaneous Ubuntu changes
- [Config] linux-aws: enable arm64 build
linux-aws (4.15.0-1028.29) bionic; urgency=medium
* linux-aws: 4.15.0-1028.29 -proposed tracker (LP: #1802558)
* Improve AWS hibernation performance (LP: #1803613)
- SAUCE: [aws] PM / hibernate: Speed up hibernation by batching requests
* Restore request-based mode to xen-blkfront for AWS kernels (LP: #1801305)
- SAUCE: xen/manage: keep track of the on-going suspend mode
- SAUCE: xen/manage: introduce helper function to know the on-going suspend
mode
- SAUCE: xenbus: add freeze/thaw/restore callbacks support
- SAUCE: xen-blkfront: add callbacks for PM suspend and hibernation
- SAUCE: xen-blkfront: resurrect request-based mode
- SAUCE: xen-blkfront: Fixed blkfront_restore to remove a call to negotiate_mq
[ Ubuntu: 4.15.0-42.45 ]
* linux: 4.15.0-42.45 -proposed tracker (LP: #1803592)
* [FEAT] Guest-dedicated Crypto Adapters (LP: #1787405)
- KVM: s390: reset crypto attributes for all vcpus
- KVM: s390: vsie: simulate VCPU SIE entry/exit
- KVM: s390: introduce and use KVM_REQ_VSIE_RESTART
- KVM: s390: refactor crypto initialization
- s390: vfio-ap: base implementation of VFIO AP device driver
- s390: vfio-ap: register matrix device with VFIO mdev framework
- s390: vfio-ap: sysfs interfaces to configure adapters
- s390: vfio-ap: sysfs interfaces to configure domains
- s390: vfio-ap: sysfs interfaces to configure control domains
- s390: vfio-ap: sysfs interface to view matrix mdev matrix
- KVM: s390: interface to clear CRYCB masks
- s390: vfio-ap: implement mediated device open callback
- s390: vfio-ap: implement VFIO_DEVICE_GET_INFO ioctl
- s390: vfio-ap: zeroize the AP queues
- s390: vfio-ap: implement VFIO_DEVICE_RESET ioctl
- KVM: s390: Clear Crypto Control Block when using vSIE
- KVM: s390: vsie: Do the CRYCB validation first
- KVM: s390: vsie: Make use of CRYCB FORMAT2 clear
- KVM: s390: vsie: Allow CRYCB FORMAT-2
- KVM: s390: vsie: allow CRYCB FORMAT-1
- KVM: s390: vsie: allow CRYCB FORMAT-0
- KVM: s390: vsie: allow guest FORMAT-0 CRYCB on host FORMAT-1
- KVM: s390: vsie: allow guest FORMAT-1 CRYCB on host FORMAT-2
- KVM: s390: vsie: allow guest FORMAT-0 CRYCB on host FORMAT-2
- KVM: s390: device attrs to enable/disable AP interpretation
- KVM: s390: CPU model support for AP virtualization
- s390: doc: detailed specifications for AP virtualization
- KVM: s390: fix locking for crypto setting error path
- KVM: s390: Tracing APCB changes
- s390: vfio-ap: setup APCB mask using KVM dedicated function
- s390/zcrypt: Add ZAPQ inline function.
- s390/zcrypt: Review inline assembler constraints.
- s390/zcrypt: Integrate ap_asm.h into include/asm/ap.h.
- s390/zcrypt: fix ap_instructions_available() returncodes
- s390/zcrypt: remove VLA usage from the AP bus
- s390/zcrypt: Remove deprecated ioctls.
- s390/zcrypt: Remove deprecated zcrypt proc interface.
- s390/zcrypt: Support up to 256 crypto adapters.
- [Config:] Enable CONFIG_S390_AP_IOMMU and set CONFIG_VFIO_AP to module.
* Bypass of mount visibility through userns + mount propagation (LP: #1789161)
- mount: Retest MNT_LOCKED in do_umount
- mount: Don't allow copying MNT_UNBINDABLE|MNT_LOCKED mounts
* CVE-2018-18955: nested user namespaces with more than five extents
incorrectly grant privileges over inode (LP: #1801924) // CVE-2018-18955
- userns: also map extents in the reverse map to kernel IDs
* kdump fail due to an IRQ storm (LP: #1797990)
- SAUCE: x86/PCI: Export find_cap() to be used in early PCI code
- SAUCE: x86/quirks: Add parameter to clear MSIs early on boot
- SAUCE: x86/quirks: Scan all busses for early PCI quirks
[ Ubuntu: 4.15.0-40.43 ]
* linux: 4.15.0-40.43 -proposed tracker (LP: #1802554)
* crash in ENA driver on removing an interface (LP: #1802341)
- SAUCE: net: ena: fix crash during ena_remove()
* Ubuntu 18.04.1 - [s390x] Kernel panic while stressing network bonding
(LP: #1797367)
- s390/qeth: don't keep track of MAC address's cast type
- s390/qeth: consolidate qeth MAC address helpers
- s390/qeth: avoid using is_multicast_ether_addr_64bits on (u8 *)[6]
- s390/qeth: remove outdated portname debug msg
- s390/qeth: reduce hard-coded access to ccw channels
- s390/qeth: sanitize strings in debug messages
* [18.04 FEAT] zcrypt DD: introduce APQN tags to support deterministic driver
binding (LP: #1799184)
- s390/zcrypt: code beautify
- s390/zcrypt: AP bus support for alternate driver(s)
- s390/zcrypt: hex string mask improvements for apmask and aqmask.
- s390/zcrypt: remove unused functions and declarations
- s390/zcrypt: Show load of cards and queues in sysfs
* [GLK/CLX] Enhanced IBRS (LP: #1786139)
- x86/speculation: Remove SPECTRE_V2_IBRS in enum spectre_v2_mitigation
- x86/speculation: Support Enhanced IBRS on future CPUs
* Allow signed kernels to be kexec'ed under lockdown (LP: #1798441)
- Fix kexec forbidding kernels signed with keys in the secondary keyring to
boot
* Overlayfs in user namespace leaks directory content of inaccessible
directories (LP: #1793458) // CVE-2018-6559
- SAUCE: overlayfs: ensure mounter privileges when reading directories
* Update ENA driver to version 2.0.1K (LP: #1798182)
- net: ena: remove ndo_poll_controller
- net: ena: fix warning in rmmod caused by double iounmap
- net: ena: fix rare bug when failed restart/resume is followed by driver
removal
- net: ena: fix NULL dereference due to untimely napi initialization
- net: ena: fix auto casting to boolean
- net: ena: minor performance improvement
- net: ena: complete host info to match latest ENA spec
- net: ena: introduce Low Latency Queues data structures according to ENA spec
- net: ena: add functions for handling Low Latency Queues in ena_com
- net: ena: add functions for handling Low Latency Queues in ena_netdev
- net: ena: use CSUM_CHECKED device indication to report skb's checksum status
- net: ena: explicit casting and initialization, and clearer error handling
- net: ena: limit refill Rx threshold to 256 to avoid latency issues
- net: ena: change rx copybreak default to reduce kernel memory pressure
- net: ena: remove redundant parameter in ena_com_admin_init()
- net: ena: update driver version to 2.0.1
- net: ena: fix indentations in ena_defs for better readability
- net: ena: Fix Kconfig dependency on X86
- net: ena: enable Low Latency Queues
- net: ena: fix compilation error in xtensa architecture
* Bionic update: upstream stable patchset 2018-10-29 (LP: #1800537)
- bonding: re-evaluate force_primary when the primary slave name changes
- cdc_ncm: avoid padding beyond end of skb
- ipv6: allow PMTU exceptions to local routes
- net: dsa: add error handling for pskb_trim_rcsum
- net/sched: act_simple: fix parsing of TCA_DEF_DATA
- tcp: verify the checksum of the first data segment in a new connection
- udp: fix rx queue len reported by diag and proc interface
- net: in virtio_net_hdr only add VLAN_HLEN to csum_start if payload holds
vlan
- tls: fix use-after-free in tls_push_record
- ext4: fix hole length detection in ext4_ind_map_blocks()
- ext4: update mtime in ext4_punch_hole even if no blocks are released
- ext4: bubble errors from ext4_find_inline_data_nolock() up to ext4_iget()
- ext4: fix fencepost error in check for inode count overflow during resize
- driver core: Don't ignore class_dir_create_and_add() failure.
- Btrfs: fix clone vs chattr NODATASUM race
- Btrfs: fix memory and mount leak in btrfs_ioctl_rm_dev_v2()
- btrfs: return error value if create_io_em failed in cow_file_range
- btrfs: scrub: Don't use inode pages for device replace
- ALSA: hda/conexant - Add fixup for HP Z2 G4 workstation
- ALSA: hda - Handle kzalloc() failure in snd_hda_attach_pcm_stream()
- ALSA: hda: add dock and led support for HP EliteBook 830 G5
- ALSA: hda: add dock and led support for HP ProBook 640 G4
- x86/MCE: Fix stack out-of-bounds write in mce-inject.c: Flags_read()
- smb3: fix various xid leaks
- CIFS: 511c54a2f69195b28afb9dd119f03787b1625bb4 adds a check for session
expiry
- cifs: For SMB2 security informaion query, check for minimum sized security
descriptor instead of sizeof FileAllInformation class
- nbd: fix nbd device deletion
- nbd: update size when connected
- nbd: use bd_set_size when updating disk size
- blk-mq: reinit q->tag_set_list entry only after grace period
- bdi: Move cgroup bdi_writeback to a dedicated low concurrency workqueue
- cpufreq: Fix new policy initialization during limits updates via sysfs
- cpufreq: governors: Fix long idle detection logic in load calculation
- libata: zpodd: small read overflow in eject_tray()
- libata: Drop SanDisk SD7UB3Q*G1001 NOLPM quirk
- w1: mxc_w1: Enable clock before calling clk_get_rate() on it
- x86/intel_rdt: Enable CMT and MBM on new Skylake stepping
- iwlwifi: fw: harden page loading code
- orangefs: set i_size on new symlink
- orangefs: report attributes_mask and attributes for statx
- HID: intel_ish-hid: ipc: register more pm callbacks to support hibernation
- HID: wacom: Correct logical maximum Y for 2nd-gen Intuos Pro large
- mm, page_alloc: do not break __GFP_THISNODE by zonelist reset
- net: phy: dp83822: use BMCR_ANENABLE instead of BMSR_ANEGCAPABLE for DP83620
- cpufreq: ti-cpufreq: Fix an incorrect error return value
- x86/vector: Fix the args of vector_alloc tracepoint
- x86/apic/vector: Prevent hlist corruption and leaks
- x86/apic: Provide apic_ack_irq()
- x86/ioapic: Use apic_ack_irq()
- x86/platform/uv: Use apic_ack_irq()
- irq_remapping: Use apic_ack_irq()
- genirq/generic_pending: Do not lose pending affinity update
- genirq/affinity: Defer affinity setting if irq chip is busy
- genirq/migration: Avoid out of line call if pending is not set
* [bionic]mlx5: reading SW stats through ifstat cause kernel crash
(LP: #1799049)
- net/mlx5e: Don't attempt to dereference the ppriv struct if not being
eswitch manager
* [Bionic][Cosmic] ipmi: Fix timer race with module unload (LP: #1799281)
- ipmi: Fix timer race with module unload
* [Bionic] ipmi: Remove ACPI SPMI probing from the SSIF (I2C) driver
(LP: #1799276)
- ipmi: Remove ACPI SPMI probing from the SSIF (I2C) driver
* execveat03 in ubuntu_ltp_syscalls failed on X/B (LP: #1786729)
- cap_inode_getsecurity: use d_find_any_alias() instead of d_find_alias()
* [Bionic][Cosmic] Fix to ipmi to support vendor specific messages greater
than 255 bytes (LP: #1799794)
- ipmi:ssif: Add support for multi-part transmit messages > 2 parts
* libvirtd is unable to configure bridge devices inside of LXD containers
(LP: #1784501)
- kernfs: allow creating kernfs objects with arbitrary uid/gid
- sysfs, kobject: allow creating kobject belonging to arbitrary users
- kobject: kset_create_and_add() - fetch ownership info from parent
- driver core: set up ownership of class devices in sysfs
- net-sysfs: require net admin in the init ns for setting tx_maxrate
- net-sysfs: make sure objects belong to container's owner
- net: create reusable function for getting ownership info of sysfs inodes
- bridge: make sure objects belong to container's owner
- sysfs: Fix regression when adding a file to an existing group
* [Ubuntu] kvm: fix deadlock when killed by oom (LP: #1800849)
- s390/kvm: fix deadlock when killed by oom
* [Ubuntu] net/af_iucv: fix skb leaks for HiperTransport (LP: #1800639)
- net/af_iucv: drop inbound packets with invalid flags
- net/af_iucv: fix skb handling on HiperTransport xmit error
* Power consumption during s2idle is higher than long idle(sk hynix)
(LP: #1801875)
- SAUCE: pci: prevent sk hynix nvme from entering D3
- SAUCE: nvme: add quirk to not call disable function when suspending
* Enable keyboard wakeup for S2Idle laptops (LP: #1798552)
- Input: i8042 - enable keyboard wakeups by default when s2idle is used
* NULL pointer dereference at 0000000000000020 when access
dst_orig->ops->family in function xfrm_lookup_with_ifid() (LP: #1801878)
- xfrm: Fix NULL pointer dereference when skb_dst_force clears the dst_entry.
* [Ubuntu] qdio: reset old sbal_state flags (LP: #1801686)
- s390/qdio: reset old sbal_state flags
* hns3: map tx ring to tc (LP: #1802023)
- net: hns3: Set tx ring' tc info when netdev is up
* [Ubuntu] qeth: Fix potential array overrun in cmd/rc lookup (LP: #1800641)
- s390: qeth_core_mpc: Use ARRAY_SIZE instead of reimplementing its function
- s390: qeth: Fix potential array overrun in cmd/rc lookup
* Vulkan applications cause permanent memory leak with Intel GPU
(LP: #1798165)
- drm/syncobj: Don't leak fences when WAIT_FOR_SUBMIT is set
* Mounting SOFS SMB shares fails (LP: #1792580)
- cifs: connect to servername instead of IP for IPC$ share
* Packaging resync (LP: #1786013)
- [Package] add support for specifying the primary makefile
Date: 2018-11-21 23:51:12.365669+00:00
Changed-By: Kamal Mostafa <kamal at canonical.com>
Signed-By: Andy Whitcroft <apw at canonical.com>
https://launchpad.net/ubuntu/+source/linux-aws/4.15.0-1029.30
-------------- next part --------------
Sorry, changesfile not available.
More information about the Bionic-changes
mailing list