[ubuntu/xenial-security] linux-kvm 4.4.0-1029.34 (Accepted)
Łukasz Zemczak
lukasz.zemczak at canonical.com
Mon Jul 2 08:56:13 UTC 2018
linux-kvm (4.4.0-1029.34) xenial; urgency=medium
* linux-kvm: 4.4.0-1029.34 -proposed tracker (LP: #1776826)
[ Ubuntu: 4.4.0-130.156 ]
* linux: 4.4.0-130.156 -proposed tracker (LP: #1776822)
* CVE-2018-3665 (x86)
- x86/fpu: Fix early FPU command-line parsing
- x86/fpu: Fix 'no387' regression
- x86/fpu: Disable MPX when eagerfpu is off
- x86/fpu: Default eagerfpu=on on all CPUs
- x86/fpu: Fix FNSAVE usage in eagerfpu mode
- x86/fpu: Fix math emulation in eager fpu mode
- x86/fpu: Fix eager-FPU handling on legacy FPU machines
linux-kvm (4.4.0-1028.33) xenial; urgency=medium
* linux-kvm: 4.4.0-1028.33 -proposed tracker (LP: #1776358)
[ Ubuntu: 4.4.0-129.155 ]
* linux: 4.4.0-129.155 -proposed tracker (LP: #1776352)
* Xenial update to 4.4.134 stable release (LP: #1775771)
- MIPS: ptrace: Expose FIR register through FP regset
- MIPS: Fix ptrace(2) PTRACE_PEEKUSR and PTRACE_POKEUSR accesses to o32 FGRs
- KVM: Fix spelling mistake: "cop_unsuable" -> "cop_unusable"
- affs_lookup(): close a race with affs_remove_link()
- aio: fix io_destroy(2) vs. lookup_ioctx() race
- ALSA: timer: Fix pause event notification
- mmc: sdhci-iproc: fix 32bit writes for TRANSFER_MODE register
- libata: Blacklist some Sandisk SSDs for NCQ
- libata: blacklist Micron 500IT SSD with MU01 firmware
- xen-swiotlb: fix the check condition for xen_swiotlb_free_coherent
- Revert "ipc/shm: Fix shmat mmap nil-page protection"
- ipc/shm: fix shmat() nil address after round-down when remapping
- kasan: fix memory hotplug during boot
- kernel/sys.c: fix potential Spectre v1 issue
- kernel/signal.c: avoid undefined behaviour in kill_something_info
- xfs: remove racy hasattr check from attr ops
- do d_instantiate/unlock_new_inode combinations safely
- firewire-ohci: work around oversized DMA reads on JMicron controllers
- NFSv4: always set NFS_LOCK_LOST when a lock is lost.
- ALSA: hda - Use IS_REACHABLE() for dependency on input
- ASoC: au1x: Fix timeout tests in au1xac97c_ac97_read()
- kvm: x86: fix KVM_XEN_HVM_CONFIG ioctl
- tracing/hrtimer: Fix tracing bugs by taking all clock bases and modes into
account
- PCI: Add function 1 DMA alias quirk for Marvell 9128
- tools lib traceevent: Simplify pointer print logic and fix %pF
- perf callchain: Fix attr.sample_max_stack setting
- tools lib traceevent: Fix get_field_str() for dynamic strings
- dm thin: fix documentation relative to low water mark threshold
- nfs: Do not convert nfs_idmap_cache_timeout to jiffies
- watchdog: sp5100_tco: Fix watchdog disable bit
- kconfig: Don't leak main menus during parsing
- kconfig: Fix automatic menu creation mem leak
- kconfig: Fix expr_free() E_NOT leak
- ipmi/powernv: Fix error return code in ipmi_powernv_probe()
- Btrfs: set plug for fsync
- btrfs: Fix out of bounds access in btrfs_search_slot
- Btrfs: fix scrub to repair raid6 corruption
- scsi: fas216: fix sense buffer initialization
- HID: roccat: prevent an out of bounds read in kovaplus_profile_activated()
- jffs2: Fix use-after-free bug in jffs2_iget()'s error handling path
- powerpc/numa: Use ibm,max-associativity-domains to discover possible nodes
- powerpc/numa: Ensure nodes initialized for hotplug
- RDMA/mlx5: Avoid memory leak in case of XRCD dealloc failure
- ntb_transport: Fix bug with max_mw_size parameter
- ocfs2: return -EROFS to mount.ocfs2 if inode block is invalid
- ocfs2/acl: use 'ip_xattr_sem' to protect getting extended attribute
- ocfs2: return error when we attempt to access a dirty bh in jbd2
- mm/mempolicy: fix the check of nodemask from user
- mm/mempolicy: add nodes_empty check in SYSC_migrate_pages
- asm-generic: provide generic_pmdp_establish()
- mm: pin address_space before dereferencing it while isolating an LRU page
- IB/ipoib: Fix for potential no-carrier state
- x86/power: Fix swsusp_arch_resume prototype
- firmware: dmi_scan: Fix handling of empty DMI strings
- ACPI: processor_perflib: Do not send _PPC change notification if not ready
- MIPS: TXx9: use IS_BUILTIN() for CONFIG_LEDS_CLASS
- xen-netfront: Fix race between device setup and open
- xen/grant-table: Use put_page instead of free_page
- RDS: IB: Fix null pointer issue
- arm64: spinlock: Fix theoretical trylock() A-B-A with LSE atomics
- proc: fix /proc/*/map_files lookup
- cifs: silence compiler warnings showing up with gcc-8.0.0
- bcache: properly set task state in bch_writeback_thread()
- bcache: fix for allocator and register thread race
- bcache: fix for data collapse after re-attaching an attached device
- bcache: return attach error when no cache set exist
- tools/libbpf: handle issues with bpf ELF objects containing .eh_frames
- locking/qspinlock: Ensure node->count is updated before initialising node
- irqchip/gic-v3: Change pr_debug message to pr_devel
- scsi: ufs: Enable quirk to ignore sending WRITE_SAME command
- scsi: bnx2fc: Fix check in SCSI completion handler for timed out request
- scsi: sym53c8xx_2: iterator underflow in sym_getsync()
- scsi: mptfusion: Add bounds check in mptctl_hp_targetinfo()
- scsi: qla2xxx: Avoid triggering undefined behavior in
qla2x00_mbx_completion()
- ARC: Fix malformed ARC_EMUL_UNALIGNED default
- usb: gadget: f_uac2: fix bFirstInterface in composite gadget
- usb: gadget: fsl_udc_core: fix ep valid checks
- usb: dwc2: Fix dwc2_hsotg_core_init_disconnected()
- selftests: memfd: add config fragment for fuse
- scsi: storvsc: Increase cmd_per_lun for higher speed devices
- scsi: aacraid: fix shutdown crash when init fails
- scsi: qla4xxx: skip error recovery in case of register disconnect.
- ARM: OMAP2+: timer: fix a kmemleak caused in omap_get_timer_dt
- ARM: OMAP3: Fix prm wake interrupt for resume
- ARM: OMAP1: clock: Fix debugfs_create_*() usage
- NFC: llcp: Limit size of SDP URI
- mac80211: round IEEE80211_TX_STATUS_HEADROOM up to multiple of 4
- md raid10: fix NULL deference in handle_write_completed()
- drm/exynos: fix comparison to bitshift when dealing with a mask
- usb: musb: fix enumeration after resume
- locking/xchg/alpha: Add unconditional memory barrier to cmpxchg()
- md: raid5: avoid string overflow warning
- kernel/relay.c: limit kmalloc size to KMALLOC_MAX_SIZE
- powerpc/bpf/jit: Fix 32-bit JIT for seccomp_data access
- s390/cio: fix return code after missing interrupt
- s390/cio: clear timer when terminating driver I/O
- ARM: OMAP: Fix dmtimer init for omap1
- smsc75xx: fix smsc75xx_set_features()
- regulatory: add NUL to request alpha2
- locking/xchg/alpha: Fix xchg() and cmpxchg() memory ordering bugs
- x86/topology: Update the 'cpu cores' field in /proc/cpuinfo correctly across
CPU hotplug operations
- media: dmxdev: fix error code for invalid ioctls
- md/raid1: fix NULL pointer dereference
- batman-adv: fix packet checksum in receive path
- batman-adv: invalidate checksum on fragment reassembly
- netfilter: ebtables: convert BUG_ONs to WARN_ONs
- nvme-pci: Fix nvme queue cleanup if IRQ setup fails
- clocksource/drivers/fsl_ftm_timer: Fix error return checking
- r8152: fix tx packets accounting
- virtio-gpu: fix ioctl and expose the fixed status to userspace.
- dmaengine: rcar-dmac: fix max_chunk_size for R-Car Gen3
- bcache: fix kcrashes with fio in RAID5 backend dev
- sit: fix IFLA_MTU ignored on NEWLINK
- gianfar: Fix Rx byte accounting for ndev stats
- net/tcp/illinois: replace broken algorithm reference link
- xen/pirq: fix error path cleanup when binding MSIs
- Btrfs: send, fix issuing write op when processing hole in no data mode
- selftests/powerpc: Skip the subpage_prot tests if the syscall is unavailable
- KVM: PPC: Book3S HV: Fix VRMA initialization with 2MB or 1GB memory backing
- watchdog: f71808e_wdt: Fix magic close handling
- e1000e: Fix check_for_link return value with autoneg off
- e1000e: allocate ring descriptors with dma_zalloc_coherent
- usb: musb: call pm_runtime_{get,put}_sync before reading vbus registers
- scsi: mpt3sas: Do not mark fw_event workqueue as WQ_MEM_RECLAIM
- scsi: sd: Keep disk read-only when re-reading partition
- fbdev: Fixing arbitrary kernel leak in case FBIOGETCMAP_SPARC in
sbusfb_ioctl_helper().
- xen: xenbus: use put_device() instead of kfree()
- USB: OHCI: Fix NULL dereference in HCDs using HCD_LOCAL_MEM
- netfilter: ebtables: fix erroneous reject of last rule
- bnxt_en: Check valid VNIC ID in bnxt_hwrm_vnic_set_tpa().
- workqueue: use put_device() instead of kfree()
- ipv4: lock mtu in fnhe when received PMTU < net.ipv4.route.min_pmtu
- sunvnet: does not support GSO for sctp
- net: Fix vlan untag for bridge and vlan_dev with reorder_hdr off
- batman-adv: fix header size check in batadv_dbg_arp()
- vti4: Don't count header length twice on tunnel setup
- vti4: Don't override MTU passed on link creation via IFLA_MTU
- perf/cgroup: Fix child event counting bug
- RDMA/ucma: Correct option size check using optlen
- mm/mempolicy.c: avoid use uninitialized preferred_node
- selftests: ftrace: Add probe event argument syntax testcase
- selftests: ftrace: Add a testcase for string type with kprobe_event
- selftests: ftrace: Add a testcase for probepoint
- batman-adv: fix multicast-via-unicast transmission with AP isolation
- batman-adv: fix packet loss for broadcasted DHCP packets to a server
- ARM: 8748/1: mm: Define vdso_start, vdso_end as array
- net: qmi_wwan: add BroadMobi BM806U 2020:2033
- net/usb/qmi_wwan.c: Add USB id for lt4120 modem
- net-usb: add qmi_wwan if on lte modem wistron neweb d18q1
- llc: properly handle dev_queue_xmit() return value
- mm/kmemleak.c: wait for scan completion before disabling free
- net: Fix untag for vlan packets without ethernet header
- net: mvneta: fix enable of all initialized RXQs
- sh: fix debug trap failure to process signals before return to user
- x86/pgtable: Don't set huge PUD/PMD on non-leaf entries
- fs/proc/proc_sysctl.c: fix potential page fault while unregistering sysctl
table
- swap: divide-by-zero when zero length swap file on ssd
- sr: get/drop reference to device in revalidate and check_events
- Force log to disk before reading the AGF during a fstrim
- cpufreq: CPPC: Initialize shared perf capabilities of CPUs
- scsi: aacraid: Insure command thread is not recursively stopped
- dp83640: Ensure against premature access to PHY registers after reset
- mm/ksm: fix interaction with THP
- mm: fix races between address_space dereference and free in page_evicatable
- Btrfs: bail out on error during replay_dir_deletes
- Btrfs: fix NULL pointer dereference in log_dir_items
- btrfs: Fix possible softlock on single core machines
- ocfs2/dlm: don't handle migrate lockres if already in shutdown
- sched/rt: Fix rq->clock_update_flags < RQCF_ACT_SKIP warning
- KVM: VMX: raise internal error for exception during invalid protected mode
state
- fscache: Fix hanging wait on page discarded by writeback
- sparc64: Make atomic_xchg() an inline function rather than a macro.
- rtc: snvs: Fix usage of snvs_rtc_enable
- net: bgmac: Fix endian access in bgmac_dma_tx_ring_free()
- Bluetooth: btusb: Add USB ID 7392:a611 for Edimax EW-7611ULB
- btrfs: tests/qgroup: Fix wrong tree backref level
- Btrfs: fix copy_items() return value when logging an inode
- btrfs: fix lockdep splat in btrfs_alloc_subvolume_writers
- xen/acpi: off by one in read_acpi_id()
- ACPI: acpi_pad: Fix memory leak in power saving threads
- powerpc/mpic: Check if cpu_possible() in mpic_physmask()
- m68k: set dma and coherent masks for platform FEC ethernets
- parisc/pci: Switch LBA PCI bus from Hard Fail to Soft Fail mode
- hwmon: (nct6775) Fix writing pwmX_mode
- rtc: hctosys: Ensure system time doesn't overflow time_t
- powerpc/perf: Prevent kernel address leak to userspace via BHRB buffer
- powerpc/perf: Fix kernel address leak via sampling registers
- tools/thermal: tmon: fix for segfault
- selftests: Print the test we're running to /dev/kmsg
- net/mlx5: Protect from command bit overflow
- ath10k: Fix kernel panic while using worker (ath10k_sta_rc_update_wk)
- ima: Fix Kconfig to select TPM 2.0 CRB interface
- [Config] CONFIG_TCG_CRB=y
- ima: Fallback to the builtin hash algorithm
- arm: dts: socfpga: fix GIC PPI warning
- usb: dwc3: Update DWC_usb31 GTXFIFOSIZ reg fields
- cpufreq: cppc_cpufreq: Fix cppc_cpufreq_init() failure path
- clk: Don't show the incorrect clock phase
- zorro: Set up z->dev.dma_mask for the DMA API
- bcache: quit dc->writeback_thread when BCACHE_DEV_DETACHING is set
- ACPICA: Events: add a return on failure from acpi_hw_register_read
- ACPICA: acpi: acpica: fix acpi operand cache leak in nseval.c
- i2c: mv64xxx: Apply errata delay only in standard mode
- KVM: lapic: stop advertising DIRECTED_EOI when in-kernel IOAPIC is in use
- xhci: zero usb device slot_id member when disabling and freeing a xhci slot
- MIPS: ath79: Fix AR724X_PLL_REG_PCIE_CONFIG offset
- PCI: Restore config space on runtime resume despite being unbound
- ipmi_ssif: Fix kernel panic at msg_done_handler
- usb: dwc2: Fix interval type issue
- usb: gadget: ffs: Let setup() return USB_GADGET_DELAYED_STATUS
- usb: gadget: ffs: Execute copy_to_user() with USER_DS set
- powerpc: Add missing prototype for arch_irq_work_raise()
- ASoC: topology: create TLV data for dapm widgets
- perf/core: Fix perf_output_read_group()
- hwmon: (pmbus/max8688) Accept negative page register values
- hwmon: (pmbus/adm1275) Accept negative page register values
- cdrom: do not call check_disk_change() inside cdrom_open()
- gfs2: Fix fallocate chunk size
- usb: gadget: udc: change comparison to bitshift when dealing with a mask
- usb: gadget: composite: fix incorrect handling of OS desc requests
- x86/devicetree: Initialize device tree before using it
- x86/devicetree: Fix device IRQ settings in DT
- ALSA: vmaster: Propagate slave error
- media: cx23885: Override 888 ImpactVCBe crystal frequency
- media: cx23885: Set subdev host data to clk_freq pointer
- media: s3c-camif: fix out-of-bounds array access
- dmaengine: pl330: fix a race condition in case of threaded irqs
- media: em28xx: USB bulk packet size fix
- clk: rockchip: Prevent calculating mmc phase if clock rate is zero
- enic: enable rq before updating rq descriptors
- hwrng: stm32 - add reset during probe
- staging: rtl8192u: return -ENOMEM on failed allocation of priv->oldaddr
- rtc: tx4939: avoid unintended sign extension on a 24 bit shift
- serial: xuartps: Fix out-of-bounds access through DT alias
- serial: samsung: Fix out-of-bounds access through serial port index
- serial: mxs-auart: Fix out-of-bounds access through serial port index
- serial: imx: Fix out-of-bounds access through serial port index
- serial: fsl_lpuart: Fix out-of-bounds access through DT alias
- serial: arc_uart: Fix out-of-bounds access through DT alias
- PCI: Add function 1 DMA alias quirk for Marvell 88SE9220
- udf: Provide saner default for invalid uid / gid
- media: cx25821: prevent out-of-bounds read on array card
- clk: samsung: s3c2410: Fix PLL rates
- clk: samsung: exynos5260: Fix PLL rates
- clk: samsung: exynos5433: Fix PLL rates
- clk: samsung: exynos5250: Fix PLL rates
- clk: samsung: exynos3250: Fix PLL rates
- crypto: sunxi-ss - Add MODULE_ALIAS to sun4i-ss
- audit: return on memory error to avoid null pointer dereference
- MIPS: Octeon: Fix logging messages with spurious periods after newlines
- drm/rockchip: Respect page offset for PRIME mmap calls
- x86/apic: Set up through-local-APIC mode on the boot CPU if 'noapic'
specified
- perf tests: Use arch__compare_symbol_names to compare symbols
- perf report: Fix memory corruption in --branch-history mode --branch-history
- selftests/net: fixes psock_fanout eBPF test case
- netlabel: If PF_INET6, check sk_buff ip header version
- scsi: lpfc: Fix issue_lip if link is disabled
- scsi: lpfc: Fix soft lockup in lpfc worker thread during LIP testing
- scsi: lpfc: Fix frequency of Release WQE CQEs
- regulator: of: Add a missing 'of_node_put()' in an error handling path of
'of_regulator_match()'
- ASoC: samsung: i2s: Ensure the RCLK rate is properly determined
- Bluetooth: btusb: Add device ID for RTL8822BE
- kdb: make "mdr" command repeat
- s390/ftrace: use expoline for indirect branches
- Linux 4.4.134
* Support SocketCAN over USB on Dell IoT 300x Gateways (LP: #1774563)
- [Config] CONFIG_CAN_HMS_USB=m
- SAUCE: (no-up) Support IXXAT USB SocketCAN device
- i386/amd64 -- Add new module ixx_usb
* Ubuntu 16.04 (4.4.0-127) hangs on boot with virtio-scsi MQ enabled
(LP: #1775235)
- SAUCE: (no-up) virtio-scsi: Increment reqs counter.
* register on binfmt_misc may overflow and crash the system (LP: #1775856)
- fs/binfmt_misc.c: do not allow offset overflow
* The kernel NULL pointer dereference happens when accessing the task_struct
by task_cpu() in function cpuacct_charge() (LP: #1775326)
- sched/cpuacct: Simplify the cpuacct code
* Xenial update to 4.4.133 stable release (LP: #1775477)
- 8139too: Use disable_irq_nosync() in rtl8139_poll_controller()
- bridge: check iface upper dev when setting master via ioctl
- dccp: fix tasklet usage
- ipv4: fix memory leaks in udp_sendmsg, ping_v4_sendmsg
- llc: better deal with too small mtu
- net: ethernet: sun: niu set correct packet size in skb
- net/mlx4_en: Verify coalescing parameters are in range
- net_sched: fq: take care of throttled flows before reuse
- net: support compat 64-bit time in {s,g}etsockopt
- openvswitch: Don't swap table in nlattr_set() after OVS_ATTR_NESTED is found
- qmi_wwan: do not steal interfaces from class drivers
- r8169: fix powering up RTL8168h
- sctp: handle two v4 addrs comparison in sctp_inet6_cmp_addr
- sctp: use the old asoc when making the cookie-ack chunk in dupcook_d
- tg3: Fix vunmap() BUG_ON() triggered from tg3_free_consistent().
- bonding: do not allow rlb updates to invalid mac
- tcp: ignore Fast Open on repair mode
- sctp: fix the issue that the cookie-ack with auth can't get processed
- sctp: delay the authentication for the duplicated cookie-echo chunk
- ALSA: timer: Call notifier in the same spinlock
- audit: move calcs after alloc and check when logging set loginuid
- arm64: introduce mov_q macro to move a constant into a 64-bit register
- [Config] Add CONFIG_ARM64_ERRATUM_1024718=y
- arm64: Add work around for Arm Cortex-A55 Erratum 1024718
- futex: Remove unnecessary warning from get_futex_key
- futex: Remove duplicated code and fix undefined behaviour
- xfrm: fix xfrm_do_migrate() with AEAD e.g(AES-GCM)
- lockd: lost rollback of set_grace_period() in lockd_down_net()
- Revert "ARM: dts: imx6qdl-wandboard: Fix audio channel swap"
- l2tp: revert "l2tp: fix missing print session offset info"
- pipe: cap initial pipe capacity according to pipe-max-size limit
- futex: futex_wake_op, fix sign_extend32 sign bits
- kernel/exit.c: avoid undefined behaviour when calling wait4()
- usbip: usbip_host: refine probe and disconnect debug msgs to be useful
- usbip: usbip_host: delete device from busid_table after rebind
- usbip: usbip_host: run rebind from exit when module is removed
- usbip: usbip_host: fix NULL-ptr deref and use-after-free errors
- usbip: usbip_host: fix bad unlock balance during stub_probe()
- ALSA: usb: mixer: volume quirk for CM102-A+/102S+
- ALSA: hda: Add Lenovo C50 All in one to the power_save blacklist
- ALSA: control: fix a redundant-copy issue
- spi: pxa2xx: Allow 64-bit DMA
- powerpc/powernv: panic() on OPAL < V3
- powerpc/powernv: Remove OPALv2 firmware define and references
- powerpc/powernv: remove FW_FEATURE_OPALv3 and just use FW_FEATURE_OPAL
- cpuidle: coupled: remove unused define cpuidle_coupled_lock
- powerpc: Don't preempt_disable() in show_cpuinfo()
- vmscan: do not force-scan file lru if its absolute size is small
- mm: filemap: remove redundant code in do_read_cache_page
- mm: filemap: avoid unnecessary calls to lock_page when waiting for IO to
complete during a read
- signals: avoid unnecessary taking of sighand->siglock
- tracing/x86/xen: Remove zero data size trace events
trace_xen_mmu_flush_tlb{_all}
- proc read mm's {arg,env}_{start,end} with mmap semaphore taken.
- powerpc/powernv: Fix NVRAM sleep in invalid context when crashing
- mm: don't allow deferred pages with NEED_PER_CPU_KM
- s390/qdio: fix access to uninitialized qdio_q fields
- s390/qdio: don't release memory in qdio_setup_irq()
- s390: remove indirect branch from do_softirq_own_stack
- efi: Avoid potential crashes, fix the 'struct efi_pci_io_protocol_32'
definition for mixed mode
- ARM: 8771/1: kprobes: Prohibit kprobes on do_undefinstr
- tick/broadcast: Use for_each_cpu() specially on UP kernels
- ARM: 8769/1: kprobes: Fix to use get_kprobe_ctlblk after irq-disabed
- ARM: 8770/1: kprobes: Prohibit probing on optimized_callback
- ARM: 8772/1: kprobes: Prohibit kprobes on get_user functions
- Btrfs: fix xattr loss after power failure
- btrfs: fix crash when trying to resume balance without the resume flag
- btrfs: fix reading stale metadata blocks after degraded raid1 mounts
- net: test tailroom before appending to linear skb
- packet: in packet_snd start writing at link layer allocation
- sock_diag: fix use-after-free read in __sk_free
- tcp: purge write queue in tcp_connect_init()
- ext2: fix a block leak
- s390: add assembler macros for CPU alternatives
- s390: move expoline assembler macros to a header
- s390/lib: use expoline for indirect branches
- s390/kernel: use expoline for indirect branches
- s390: move spectre sysfs attribute code
- s390: extend expoline to BC instructions
- s390: use expoline thunks in the BPF JIT
- scsi: libsas: defer ata device eh commands to libata
- scsi: sg: allocate with __GFP_ZERO in sg_build_indirect()
- scsi: zfcp: fix infinite iteration on ERP ready list
- dmaengine: ensure dmaengine helpers check valid callback
- time: Fix CLOCK_MONOTONIC_RAW sub-nanosecond accounting
- gpio: rcar: Add Runtime PM handling for interrupts
- cfg80211: limit wiphy names to 128 bytes
- hfsplus: stop workqueue when fill_super() failed
- x86/kexec: Avoid double free_page() upon do_kexec_load() failure
- Linux 4.4.133
* vmxnet3: update to latest ToT (LP: #1768143)
- vmxnet3: avoid xmit reset due to a race in vmxnet3
- vmxnet3: use correct flag to indicate LRO feature
- vmxnet3: fix incorrect dereference when rxvlan is disabled
* Prevent speculation on user controlled pointer (LP: #1775137)
- x86: reorganize SMAP handling in user space accesses
- x86: fix SMAP in 32-bit environments
- x86: Introduce __uaccess_begin_nospec() and uaccess_try_nospec
- x86/usercopy: Replace open coded stac/clac with __uaccess_{begin, end}
- x86/uaccess: Use __uaccess_begin_nospec() and uaccess_try_nospec
* Xenial update to 4.4.132 stable release (LP: #1774173)
- perf/core: Fix the perf_cpu_time_max_percent check
- bpf: map_get_next_key to return first key on NULL
- percpu: include linux/sched.h for cond_resched()
- mac80211: allow not sending MIC up from driver for HW crypto
- mac80211: allow same PN for AMSDU sub-frames
- mac80211: Add RX flag to indicate ICV stripped
- ath10k: fix rfc1042 header retrieval in QCA4019 with eth decap mode
- ath10k: rebuild crypto header in rx data frames
- gpmi-nand: Handle ECC Errors in erased pages
- USB: serial: option: Add support for Quectel EP06
- ALSA: pcm: Check PCM state at xfern compat ioctl
- ALSA: seq: Fix races at MIDI encoding in snd_virmidi_output_trigger()
- ALSA: aloop: Mark paused device as inactive
- ALSA: aloop: Add missing cable lock to ctl API callbacks
- tracepoint: Do not warn on ENOMEM
- Input: leds - fix out of bound access
- Input: atmel_mxt_ts - add touchpad button mapping for Samsung Chromebook Pro
- xfs: prevent creating negative-sized file via INSERT_RANGE
- RDMA/ucma: Allow resolving address w/o specifying source address
- RDMA/mlx5: Protect from shift operand overflow
- NET: usb: qmi_wwan: add support for ublox R410M PID 0x90b2
- IB/mlx5: Use unlimited rate when static rate is not supported
- drm/vmwgfx: Fix a buffer object leak
- test_firmware: fix setting old custom fw path back on exit, second try
- USB: serial: visor: handle potential invalid device configuration
- USB: Accept bulk endpoints with 1024-byte maxpacket
- USB: serial: option: reimplement interface masking
- USB: serial: option: adding support for ublox R410M
- usb: musb: host: fix potential NULL pointer dereference
- ipvs: fix rtnl_lock lockups caused by start_sync_thread
- crypto: af_alg - fix possible uninit-value in alg_bind()
- netlink: fix uninit-value in netlink_sendmsg
- net: fix rtnh_ok()
- net: initialize skb->peeked when cloning
- net: fix uninit-value in __hw_addr_add_ex()
- dccp: initialize ireq->ir_mark
- soreuseport: initialise timewait reuseport field
- perf: Remove superfluous allocation error check
- tcp: fix TCP_REPAIR_QUEUE bound checking
- bdi: Fix oops in wb_workfn()
- f2fs: fix a dead loop in f2fs_fiemap()
- xfrm_user: fix return value from xfrm_user_rcv_msg
- rfkill: gpio: fix memory leak in probe error path
- libata: Apply NOLPM quirk for SanDisk SD7UB3Q*G1001 SSDs
- tracing: Fix regex_match_front() to not over compare the test string
- can: kvaser_usb: Increase correct stats counter in kvaser_usb_rx_can_msg()
- net: atm: Fix potential Spectre v1
- atm: zatm: Fix potential Spectre v1
- Revert "Bluetooth: btusb: Fix quirk for Atheros 1525/QCA6174"
- tracing/uprobe_event: Fix strncpy corner case
- perf/x86: Fix possible Spectre-v1 indexing for hw_perf_event cache_*
- perf/x86/cstate: Fix possible Spectre-v1 indexing for pkg_msr
- perf/x86/msr: Fix possible Spectre-v1 indexing in the MSR driver
- perf/core: Fix possible Spectre-v1 indexing for ->aux_pages[]
- perf/x86: Fix possible Spectre-v1 indexing for x86_pmu::event_map()
- Linux 4.4.132
* Update to upstream's implementation of Spectre v1 mitigation (LP: #1774181)
- Documentation: Document array_index_nospec
- array_index_nospec: Sanitize speculative array de-references
- x86: Implement array_index_mask_nospec
- x86: Introduce barrier_nospec
- x86/get_user: Use pointer masking to limit speculation
- x86/syscall: Sanitize syscall table de-references under speculation
- vfs, fdtable: Prevent bounds-check bypass via speculative execution
- nl80211: Sanitize array index in parse_txq_params
- x86/spectre: Report get_user mitigation for spectre_v1
- x86/kvm: Update spectre-v1 mitigation
- nospec: Allow index argument to have const-qualified type
- x86/syscall: Sanitize syscall table de-references under speculation fix
- mpls, nospec: Sanitize array index in mpls_label_ok()
- nospec: Include <asm/barrier.h> dependency
- nospec: Move array_index_nospec() parameter checking into separate macro
- nospec: Kill array_index_nospec_mask_check()
- ALSA: seq: oss: Hardening for potential Spectre v1
- ALSA: hda: Hardening for potential Spectre v1
- SAUCE: Replace osb() calls with array_index_nospec()
- SAUCE: Rename osb() to barrier_nospec()
- SAUCE: bpf: Use barrier_nospec() instead of osb()
* CVE-2018-3639 (x86)
- KVM: x86: remove magic number with enum cpuid_leafs
- SAUCE: x86/cpufeatures: Move CPUID_7_EDX CPUID bits to word 18
- SAUCE: x86: Remove double include
- SAUCE: x86/pti: Evaluate X86_BUG_CPU_MELTDOWN when pti=auto
- SAUCE: x86/speculation: Query individual feature flags when reloading
microcode
* cpum_sf: ensure sample freq is non-zero (LP: #1772593)
- s390/cpum_sf: ensure sample frequency of perf event attributes is non-zero
* ELANPAD ELAN0612 does not work, patch available (LP: #1773509)
- SAUCE: Input: elan_i2c - add ELAN0612 to the ACPI table
* FS-Cache: Assertion failed: FS-Cache: 6 == 5 is false (LP: #1774336)
- SAUCE: CacheFiles: fix a read_waiter/read_copier race
* Kernel 4.4 NBD size overflow with image size exceeding 1TB (LP: #1772575)
- nbd: use loff_t for blocksize and nbd_set_size args
- nbd: fix 64-bit division
* 4.4.0-127.153 generates many "sit: non-ECT" messages (LP: #1772775)
- Revert "sit: reload iphdr in ipip6_rcv"
* Creation of IMA file hashes fails when appraisal is enabled (LP: #1771826)
- Revert "ima: limit file hash setting by user to fix and log modes"
* Setting ipv6.disable=1 prevents both IPv4 and IPv6 socket opening for VXLAN
tunnels (LP: #1771301)
- vxlan: correctly handle ipv6.disable module parameter
* CVE-2018-7755
- SAUCE: floppy: Do not copy a kernel pointer to user memory in FDGETPRM ioctl
* Support UVC1.5 Camera for Xenial (LP: #1773905)
- uvcvideo: Enable UVC 1.5 device detection
* Kernel produces empty lines in /proc/PID/status (LP: #1772671)
- SAUCE: seccomp: Remove double newline sequence in /proc/PID/status
* rfi-flush: Switch to new linear fallback flush (LP: #1744173)
- powerpc/64s: Improve RFI L1-D cache flush fallback
- SAUCE: rfi-flush: Make it possible to call setup_rfi_flush() again
Date: 2018-06-14 10:07:14.542682+00:00
Changed-By: Stefan Bader <stefan.bader at canonical.com>
Signed-By: Łukasz Zemczak <lukasz.zemczak at canonical.com>
https://launchpad.net/ubuntu/+source/linux-kvm/4.4.0-1029.34
-------------- next part --------------
Sorry, changesfile not available.
More information about the Xenial-changes
mailing list