[ubuntu/xenial-updates] linux 4.4.0-143.169 (Accepted)

Łukasz Zemczak lukasz.zemczak at canonical.com
Fri Mar 15 15:35:31 UTC 2019


linux (4.4.0-143.169) xenial; urgency=medium

  * linux: 4.4.0-143.169 -proposed tracker (LP: #1814647)

  * x86/kvm: Backport fixup and missing commits (LP: #1811646)
    - KVM: x86: avoid vmalloc(0) in the KVM_SET_CPUID
    - kvm: nVMX: VMCLEAR an active shadow VMCS after last use
    - X86/nVMX: Properly set spec_ctrl and pred_cmd before merging MSRs
    - KVM/VMX: Optimize vmx_vcpu_run() and svm_vcpu_run() by marking the RDMSR
      path as unlikely()
    - kvm: x86: IA32_ARCH_CAPABILITIES is always supported
    - KVM: SVM: Add MSR-based feature support for serializing LFENCE
    - KVM: X86: Allow userspace to define the microcode version
    - KVM: x86: SVM: Call x86_spec_ctrl_set_guest/host() with interrupts disabled
    - KVM: VMX: fixes for vmentry_l1d_flush module parameter
    - kvm: svm: Ensure an IBPB on all affected CPUs when freeing a vmcb
    - kvm: vmx: Scrub hardware GPRs at VM-exit
    - SAUCE: [Fix] x86/KVM/VMX: Add L1D flush logic
    - SAUCE: KVM: Move code fragments, cleanup and re-indent

  * linux-buildinfo: pull out ABI information into its own package
    (LP: #1806380)
    - [Packaging] limit preparation to linux-libc-dev in headers
    - [Packaging] commonise debhelper invocation
    - [Packaging] ABI -- accumulate abi information at the end of the build
    - [Packaging] buildinfo -- add basic build information
    - [Packaging] buildinfo -- add firmware information to the flavour ABI
    - [Packaging] buildinfo -- add compiler information to the flavour ABI
    - [Packaging] buildinfo -- add buildinfo support to getabis
    - [Config] buildinfo -- add retpoline version markers
    - [Packaging] getabis -- handle all known package combinations
    - [Packaging] getabis -- support parsing a simple version

  * signing: only install a signed kernel (LP: #1764794)
    - [Packaging] update to Debian like control scripts
    - [Packaging] switch to triggers for postinst.d postrm.d handling
    - [Packaging] signing -- switch to raw-signing tarballs
    - [Packaging] signing -- switch to linux-image as signed when available
    - [Packaging] printenv -- add signing options
    - [Packaging] fix invocation of header postinst hooks
    - [Packaging] signing -- add support for signing Opal kernel binaries
    - [Debian] Use src_pkg_name when constructing udeb control files
    - [Debian] Dynamically determine linux udebs package name
    - [Packaging] handle both linux-lts* and linux-hwe* as backports
    - [Config] linux-source-* is in the primary linux namespace
    - [Packaging] lookup the upstream tag
    - [Packaging] zfs/spl -- enhance provides information
    - [Packaging] switch up to debhelper 9
    - [Packaging] autopkgtest -- disable d-i when dropping flavours
    - [debian] support for ship_extras_package=false
    - [Debian] do_common_tools should always be on
    - [debian] do not force do_tools_common
    - [Packaging] Add linux-tools-host package for VM host tools
    - [Packaging] signing should be conditional
    - [Packaging] skip cloud tools packaging when not building package
    - [Packaging] add acpidbg
    - [debian] prep linux-libc-dev only if do_libc_dev_package=true
    - [Packaging] Only install cloud init files when do_tools_common=true

  * Redpine: Driver crash with network-manager 1.10 and above (LP: #1813869)
    - SAUCE: Redpine: enhancement for MAC spoofing to avoid kernel crash

  * Guests using IBRS incur a large performance penalty (LP: #1764956)
    - SAUCE: Restore the IBRS host state on VMEXIT

  * Xenial update: 4.4.170 upstream stable release (LP: #1811647)
    - USB: hso: Fix OOB memory access in hso_probe/hso_get_config_data
    - xhci: Don't prevent USB2 bus suspend in state check intended for USB3 only
    - USB: serial: option: add GosunCn ZTE WeLink ME3630
    - USB: serial: option: add HP lt4132
    - USB: serial: option: add Simcom SIM7500/SIM7600 (MBIM mode)
    - USB: serial: option: add Fibocom NL668 series
    - USB: serial: option: add Telit LN940 series
    - mmc: core: Reset HPI enabled state during re-init and in case of errors
    - mmc: omap_hsmmc: fix DMA API warning
    - gpio: max7301: fix driver for use with CONFIG_VMAP_STACK
    - Drivers: hv: vmbus: Return -EINVAL for the sys files for unopened channels
    - x86/mtrr: Don't copy uninitialized gentry fields back to userspace
    - drm/ioctl: Fix Spectre v1 vulnerabilities
    - ip6mr: Fix potential Spectre v1 vulnerability
    - ipv4: Fix potential Spectre v1 vulnerability
    - ax25: fix a use-after-free in ax25_fillin_cb()
    - ibmveth: fix DMA unmap error in ibmveth_xmit_start error path
    - ieee802154: lowpan_header_create check must check daddr
    - ipv6: explicitly initialize udp6_addr in udp_sock_create6()
    - isdn: fix kernel-infoleak in capi_unlocked_ioctl
    - netrom: fix locking in nr_find_socket()
    - packet: validate address length
    - packet: validate address length if non-zero
    - sctp: initialize sin6_flowinfo for ipv6 addrs in sctp_inet6addr_event
    - vhost: make sure used idx is seen before log in vhost_add_used_n()
    - VSOCK: Send reset control packet when socket is partially bound
    - xen/netfront: tolerate frags with no data
    - gro_cell: add napi_disable in gro_cells_destroy
    - sock: Make sock->sk_stamp thread-safe
    - ALSA: rme9652: Fix potential Spectre v1 vulnerability
    - ALSA: emu10k1: Fix potential Spectre v1 vulnerabilities
    - ALSA: pcm: Fix potential Spectre v1 vulnerability
    - ALSA: emux: Fix potential Spectre v1 vulnerabilities
    - ALSA: hda: add mute LED support for HP EliteBook 840 G4
    - ALSA: hda/tegra: clear pending irq handlers
    - USB: serial: pl2303: add ids for Hewlett-Packard HP POS pole displays
    - USB: serial: option: add Fibocom NL678 series
    - usb: r8a66597: Fix a possible concurrency use-after-free bug in
      r8a66597_endpoint_disable()
    - Input: elan_i2c - add ACPI ID for touchpad in ASUS Aspire F5-573G
    - KVM: x86: Use jmp to invoke kvm_spurious_fault() from .fixup
    - perf pmu: Suppress potential format-truncation warning
    - ext4: fix possible use after free in ext4_quota_enable
    - ext4: missing unlock/put_page() in ext4_try_to_write_inline_data()
    - ext4: fix EXT4_IOC_GROUP_ADD ioctl
    - ext4: force inode writes when nfsd calls commit_metadata()
    - spi: bcm2835: Fix race on DMA termination
    - spi: bcm2835: Fix book-keeping of DMA termination
    - spi: bcm2835: Avoid finishing transfer prematurely in IRQ mode
    - cdc-acm: fix abnormal DATA RX issue for Mediatek Preloader.
    - media: vivid: free bitmap_cap when updating std/timings/etc.
    - MIPS: Ensure pmd_present() returns false after pmd_mknotpresent()
    - MIPS: Align kernel load address to 64KB
    - CIFS: Fix error mapping for SMB2_LOCK command which caused OFD lock problem
    - x86/kvm/vmx: do not use vm-exit instruction length for fast MMIO when
      running nested
    - spi: bcm2835: Unbreak the build of esoteric configs
    - powerpc: Fix COFF zImage booting on old powermacs
    - ARM: imx: update the cpu power up timing setting on i.mx6sx
    - Input: restore EV_ABS ABS_RESERVED
    - checkstack.pl: fix for aarch64
    - xfrm: Fix bucket count reported to userspace
    - scsi: bnx2fc: Fix NULL dereference in error handling
    - Input: omap-keypad - fix idle configuration to not block SoC idle states
    - scsi: zfcp: fix posting too many status read buffers leading to adapter
      shutdown
    - hwpoison, memory_hotplug: allow hwpoisoned pages to be offlined
    - mm, devm_memremap_pages: mark devm_memremap_pages() EXPORT_SYMBOL_GPL
    - mm, devm_memremap_pages: kill mapping "System RAM" support
    - sunrpc: fix cache_head leak due to queued request
    - sunrpc: use SVC_NET() in svcauth_gss_* functions
    - crypto: x86/chacha20 - avoid sleeping with preemption disabled
    - ALSA: cs46xx: Potential NULL dereference in probe
    - ALSA: usb-audio: Avoid access before bLength check in build_audio_procunit()
    - ALSA: usb-audio: Fix an out-of-bound read in create_composite_quirks
    - dlm: fixed memory leaks after failed ls_remove_names allocation
    - dlm: possible memory leak on error path in create_lkb()
    - dlm: lost put_lkb on error path in receive_convert() and receive_unlock()
    - dlm: memory leaks on error path in dlm_user_request()
    - gfs2: Fix loop in gfs2_rbm_find
    - b43: Fix error in cordic routine
    - 9p/net: put a lower bound on msize
    - iommu/vt-d: Handle domain agaw being less than iommu agaw
    - ceph: don't update importing cap's mseq when handing cap export
    - genwqe: Fix size check
    - intel_th: msu: Fix an off-by-one in attribute store
    - power: supply: olpc_battery: correct the temperature units
    - Linux 4.4.170

  * Xenial update: 4.4.169 upstream stable release (LP: #1811252)
    - lib/interval_tree_test.c: make test options module parameters
    - lib/interval_tree_test.c: allow full tree search
    - lib/rbtree_test.c: make input module parameters
    - lib/rbtree-test: lower default params
    - lib/interval_tree_test.c: allow users to limit scope of endpoint
    - timer/debug: Change /proc/timer_list from 0444 to 0400
    - powerpc/boot: Fix random libfdt related build errors
    - pinctrl: sunxi: a83t: Fix IRQ offset typo for PH11
    - aio: fix spectre gadget in lookup_ioctx
    - MMC: OMAP: fix broken MMC on OMAP15XX/OMAP5910/OMAP310
    - tracing: Fix memory leak in set_trigger_filter()
    - tracing: Fix memory leak of instance function hash filters
    - powerpc/msi: Fix NULL pointer access in teardown code
    - Revert "drm/rockchip: Allow driver to be shutdown on reboot/kexec"
    - f2fs: fix a panic caused by NULL flush_cmd_control
    - mac80211: don't WARN on bad WMM parameters from buggy APs
    - mac80211: Fix condition validating WMM IE
    - mac80211_hwsim: fix module init error paths for netlink
    - scsi: libiscsi: Fix NULL pointer dereference in iscsi_eh_session_reset
    - scsi: vmw_pscsi: Rearrange code to avoid multiple calls to free_irq during
      unload
    - x86/earlyprintk/efi: Fix infinite loop on some screen widths
    - drm/msm: Grab a vblank reference when waiting for commit_done
    - ARC: io.h: Implement reads{x}()/writes{x}()
    - bonding: fix 802.3ad state sent to partner when unbinding slave
    - SUNRPC: Fix a potential race in xprt_connect()
    - sbus: char: add of_node_put()
    - drivers/sbus/char: add of_node_put()
    - drivers/tty: add missing of_node_put()
    - ide: pmac: add of_node_put()
    - clk: mmp: Off by one in mmp_clk_add()
    - Input: omap-keypad - fix keyboard debounce configuration
    - libata: whitelist all SAMSUNG MZ7KM* solid-state disks
    - mv88e6060: disable hardware level MAC learning
    - ARM: 8814/1: mm: improve/fix ARM v7_dma_inv_range() unaligned address
      handling
    - cifs: In Kconfig CONFIG_CIFS_POSIX needs depends on legacy (insecure cifs)
    - [Config] Remove CONFIG_CIFS_POSIX=y
    - i2c: axxia: properly handle master timeout
    - i2c: scmi: Fix probe error on devices with an empty SMB0001 ACPI device node
    - rtc: snvs: add a missing write sync
    - rtc: snvs: Add timeouts to avoid kernel lockups
    - ALSA: isa/wavefront: prevent some out of bound writes
    - Linux 4.4.169

  * Xenial update: 4.4.168 upstream stable release (LP: #1811080)
    - ipv6: Check available headroom in ip6_xmit() even without options
    - net: 8139cp: fix a BUG triggered by changing mtu with network traffic
    - net: phy: don't allow __set_phy_supported to add unsupported modes
    - net: Prevent invalid access to skb->prev in __qdisc_drop_all
    - rtnetlink: ndo_dflt_fdb_dump() only work for ARPHRD_ETHER devices
    - tcp: fix NULL ref in tail loss probe
    - tun: forbid iface creation with rtnl ops
    - neighbour: Avoid writing before skb->head in neigh_hh_output()
    - ARM: OMAP2+: prm44xx: Fix section annotation on
      omap44xx_prm_enable_io_wakeup
    - ARM: OMAP1: ams-delta: Fix possible use of uninitialized field
    - sysv: return 'err' instead of 0 in __sysv_write_inode
    - s390/cpum_cf: Reject request for sampling in event initialization
    - hwmon: (ina2xx) Fix current value calculation
    - ASoC: dapm: Recalculate audio map forcely when card instantiated
    - hwmon: (w83795) temp4_type has writable permission
    - Btrfs: send, fix infinite loop due to directory rename dependencies
    - ASoC: omap-mcpdm: Add pm_qos handling to avoid under/overruns with CPU_IDLE
    - ASoC: omap-dmic: Add pm_qos handling to avoid overruns with CPU_IDLE
    - exportfs: do not read dentry after free
    - bpf: fix check of allowed specifiers in bpf_trace_printk
    - USB: omap_udc: use devm_request_irq()
    - USB: omap_udc: fix crashes on probe error and module removal
    - USB: omap_udc: fix omap_udc_start() on 15xx machines
    - USB: omap_udc: fix USB gadget functionality on Palm Tungsten E
    - KVM: x86: fix empty-body warnings
    - net: thunderx: fix NULL pointer dereference in nic_remove
    - ixgbe: recognize 1000BaseLX SFP modules as 1Gbps
    - net: hisilicon: remove unexpected free_netdev
    - drm/ast: fixed reading monitor EDID not stable issue
    - xen: xlate_mmu: add missing header to fix 'W=1' warning
    - fscache: fix race between enablement and dropping of object
    - fscache, cachefiles: remove redundant variable 'cache'
    - ocfs2: fix deadlock caused by ocfs2_defrag_extent()
    - hfs: do not free node before using
    - hfsplus: do not free node before using
    - debugobjects: avoid recursive calls with kmemleak
    - ocfs2: fix potential use after free
    - pstore: Convert console write to use ->write_buf
    - ALSA: pcm: remove SNDRV_PCM_IOCTL1_INFO internal command
    - KVM: nVMX: fix msr bitmaps to prevent L2 from accessing L0 x2APIC
    - KVM: nVMX: mark vmcs12 pages dirty on L2 exit
    - KVM: nVMX: Eliminate vmcs02 pool
    - KVM: VMX: introduce alloc_loaded_vmcs
    - KVM: VMX: make MSR bitmaps per-VCPU
    - KVM/x86: Add IBPB support
    - KVM/VMX: Allow direct access to MSR_IA32_SPEC_CTRL
    - KVM/SVM: Allow direct access to MSR_IA32_SPEC_CTRL
    - KVM/x86: Remove indirect MSR op calls from SPEC_CTRL
    - x86/uaccess: Use __uaccess_begin_nospec() and uaccess_try_nospec
    - KVM: SVM: Implement VIRT_SPEC_CTRL support for SSBD
    - bpf: support 8-byte metafield access
    - bpf/verifier: Add spi variable to check_stack_write()
    - bpf/verifier: Pass instruction index to check_mem_access() and check_xadd()
    - bpf: Prevent memory disambiguation attack
    - wil6210: missing length check in wmi_set_ie
    - mm/hugetlb.c: don't call region_abort if region_chg fails
    - hugetlbfs: fix offset overflow in hugetlbfs mmap
    - hugetlbfs: check for pgoff value overflow
    - hugetlbfs: fix bug in pgoff overflow checking
    - swiotlb: clean up reporting
    - sr: pass down correctly sized SCSI sense buffer
    - mm: remove write/force parameters from __get_user_pages_locked()
    - mm: remove write/force parameters from __get_user_pages_unlocked()
    - mm/nommu.c: Switch __get_user_pages_unlocked() to use __get_user_pages()
    - mm: replace get_user_pages_unlocked() write/force parameters with gup_flags
    - mm: replace get_user_pages_locked() write/force parameters with gup_flags
    - mm: replace get_vaddr_frames() write/force parameters with gup_flags
    - mm: replace get_user_pages() write/force parameters with gup_flags
    - mm: replace __access_remote_vm() write parameter with gup_flags
    - mm: replace access_remote_vm() write parameter with gup_flags
    - proc: don't use FOLL_FORCE for reading cmdline and environment
    - proc: do not access cmdline nor environ from file-backed areas
    - media: dvb-frontends: fix i2c access helpers for KASAN
    - matroxfb: fix size of memcpy
    - staging: speakup: Replace strncpy with memcpy
    - rocker: fix rocker_tlv_put_* functions for KASAN
    - selftests: Move networking/timestamping from Documentation
    - Linux 4.4.168

  * kernel oops in bcache module (LP: #1793901)
    - SAUCE: bcache: never writeback a discard operation

  * Userspace break as a result of missing patch backport (LP: #1813873)
    - tty: Don't hold ldisc lock in tty_reopen() if ldisc present

  * CVE-2019-6133
    - fork: record start_time late

  * Crash on "ip link add foo type ipip" (LP: #1811803)
    - SAUCE: fan: Fix NULL pointer dereference

Date: 2019-02-07 07:46:31.309707+00:00
Changed-By: Juerg Haefliger <juergh at canonical.com>
Signed-By: Łukasz Zemczak <lukasz.zemczak at canonical.com>
https://launchpad.net/ubuntu/+source/linux/4.4.0-143.169
-------------- next part --------------
Sorry, changesfile not available.


More information about the Xenial-changes mailing list