Ubuntu
linux package

Cosmic update to 4.17.13 stable release

Bug #1785710 reported by Thadeu Lima de Souza Cascardo on 2018-08-06

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	linux (Ubuntu)	Fix Released	Undecided	Unassigned

Bug Description

SRU Justification

    Impact:
       The upstream process for stable tree updates is quite similar
       in scope to the Ubuntu SRU process, e.g., each patch has to
       demonstrably fix a bug, and each patch is vetted by upstream
       by originating either directly from a mainline/stable Linux tree or
       a minimally backported form of that patch. The 4.17.13 upstream stable
       patch set is now available. It should be included in the Ubuntu
       kernel as well.

git://git.kernel.org/

TEST CASE: TBD

The following patches from the 4.17.13 stable release shall be applied:

128642b28a7d Linux 4.17.13
bced7cbdcc36 scsi: sg: fix minor memory leak in error path
9d61d4bdf223 drm/atomic: Initialize variables in drm_atomic_helper_async_check() to make gcc happy
3859ebae85c7 drm/atomic: Check old_plane_state->crtc in drm_atomic_helper_async_check()
53a1cb1c35df drm/vc4: Reset ->{x, y}_scaling[1] when dealing with uniplanar formats
3f9bc0411d11 crypto: padlock-aes - Fix Nano workaround data corruption
d432f2f0bf99 RDMA/uverbs: Expand primary and alt AV port checks
afda82507fe2 brcmfmac: fix regression in parsing NVRAM for multiple devices
b5c014661a41 iwlwifi: add more card IDs for 9000 series
9559dd910cfa userfaultfd: remove uffd flags from vma->vm_flags if UFFD_EVENT_FORK fails
80755071c18c ipc/shm.c add ->pagesize function to shm_vm_ops
cbdef783b1a6 audit: fix potential null dereference 'context->module.name'
aa0703c2e330 kvm: x86: vmx: fix vpid leak
6557adc69262 x86/entry/64: Remove %ebx handling from error_entry/exit
15265c81886b x86/apic: Future-proof the TSC_DEADLINE quirk for SKX
d17111f7b41f x86/efi: Access EFI MMIO data as unencrypted when SEV is active
c301e0b0a0f2 virtio_balloon: fix another race between migration and ballooning
82d0d07a25eb net: socket: Fix potential spectre v1 gadget in sock_is_registered
baaa0eb84e9a net: socket: fix potential spectre v1 gadget in socketcall
e8445da5dfe0 can: ems_usb: Fix memory leak on ems_usb_disconnect()
ca774ff89f46 squashfs: more metadata hardenings
c14014186eef squashfs: more metadata hardening
1c83fc5eeecc net/mlx5e: IPoIB, Set the netdevice sw mtu in ipoib enhanced flow
e4cecd1c0611 net/mlx5e: Set port trust mode to PCP as default
60406fbeb48d net/mlx5e: E-Switch, Initialize eswitch only if eswitch manager
528e9fa8184b rxrpc: Fix user call ID check in rxrpc_service_prealloc_one
6ee47da71bf7 net: stmmac: Fix WoL for PCI-based setups
a927731692c7 netlink: Fix spectre v1 gadget in netlink_create()
bfa48dc9a9f9 net: dsa: Do not suspend/resume closed slave_dev
868d277f4142 ipv4: frags: handle possible skb truesize change
e874d4ea8d24 inet: frag: enforce memory limits earlier
e611b8fdde06 bonding: avoid lockdep confusion in bond_get_stats()

Tags:

CVE References

2018-9363

Thadeu Lima de Souza Cascardo (cascardo) on 2018-08-06

tags:

added: kernel-stable-tracking-bug

Revision history for this message

Launchpad Janitor (janitor) wrote on 2018-08-28:

Download full text (12.2 KiB)

This bug was fixed in the package linux - 4.17.0-9.10

---------------
linux (4.17.0-9.10) cosmic; urgency=medium

* linux: 4.17.0-9.10 -proposed tracker (LP: #1787988)

  * Cosmic update to 4.17.17 stable release (LP: #1787973)
    - x86/speculation/l1tf: Exempt zeroed PTEs from inversion
    - Linux 4.17.17

  * Cosmic update to 4.17.16 stable release (LP: #1787972)
    - x86/l1tf: Fix build error seen if CONFIG_KVM_INTEL is disabled
    - x86: i8259: Add missing include file
    - x86/platform/UV: Mark memblock related init code and data correctly
    - x86/mm/pti: Clear Global bit more aggressively
    - xen/pv: Call get_cpu_address_sizes to set x86_virt/phys_bits
    - x86/mm: Disable ioremap free page handling on x86-PAE
    - kbuild: verify that $DEPMOD is installed
    - crypto: ccree - fix finup
    - crypto: ccree - fix iv handling
    - crypto: ccp - Check for NULL PSP pointer at module unload
    - crypto: ccp - Fix command completion detection race
    - crypto: x86/sha256-mb - fix digest copy in sha256_mb_mgr_get_comp_job_avx2()
    - crypto: vmac - require a block cipher with 128-bit block size
    - crypto: vmac - separate tfm and request context
    - crypto: blkcipher - fix crash flushing dcache in error path
    - crypto: ablkcipher - fix crash flushing dcache in error path
    - crypto: skcipher - fix aligning block size in skcipher_copy_iv()
    - crypto: skcipher - fix crash flushing dcache in error path
    - ioremap: Update pgtable free interfaces with addr
    - x86/mm: Add TLB purge to free pmd/pte page interfaces
    - Linux 4.17.16

* Cosmic update to 4.17.16 stable release (LP: #1787972) // CVE-2018-9363
- Bluetooth: hidp: buffer overflow in hidp_process_report

  * linux-cloud-tools-common: Ensure hv-kvp-daemon.service starts before
    walinuxagent.service (LP: #1739107)
    - [Debian] hyper-v -- Ensure that hv-kvp-daemon.service starts before
      walinuxagent.service

* Miscellaneous Ubuntu changes
- [Packaging] retpoline -- fix temporary filenaming

linux (4.17.0-8.9) cosmic; urgency=medium

* linux: 4.17.0-8.9 -proposed tracker (LP: #1787259)

This bug was fixed in the package linux - 4.17.0-9.10

---------------
linux (4.17.0-9.10) cosmic; urgency=medium

* linux: 4.17.0-9.10 -proposed tracker (LP: #1787988)

* Cosmic update to 4.17.17 stable release (LP: #1787973)
    - x86/speculation/l1tf: Exempt zeroed PTEs from inversion
    - Linux 4.17.17

* Cosmic update to 4.17.16 stable release (LP: #1787972) // CVE-2018-9363
    - Bluetooth: hidp: buffer overflow in hidp_process_report

* Miscellaneous Ubuntu changes
    - [Packaging] retpoline -- fix temporary filenaming

linux (4.17.0-8.9) cosmic; urgency=medium

* linux: 4.17.0-8.9 -proposed tracker (LP: #1787259)

* Cosmic update to v4.17.15 stable release (LP: #1787257)
    - parisc: Enable CONFIG_MLONGCALLS by default
    - parisc: Define mb() and add memory barriers to assembler unlock sequences
    - Mark HI and TASKLET softirq synchronous
    - stop_machine: Disable preemption after queueing stopper threads
    - sched/deadline: Update rq_clock of later_rq when pushing a task
    - zram: remove BD_CAP_SYNCHRONOUS_IO with writeback feature
    - xen/netfront: don't cache skb_shinfo()
    - bpf, sockmap: fix leak in bpf_tcp_sendmsg wait for mem path
    - bpf, sockmap: fix bpf_tcp_sendmsg sock error handling
    - scsi: sr: Avoid that opening a CD-ROM hangs with runtime power management
      enabled
    - scsi: qla2xxx: Fix memory leak for allocating abort IOCB
    - init: rename and re-order boot_cpu_state_init()
    - root dentries need RCU-delayed freeing
    - make sure that __dentry_kill() always invalidates d_seq, unhashed or not
    - fix mntput/mntput race
    - fix __legitimize_mnt()/mntput() race
    - ARM: dts: imx6sx: fix irq for pcie bridge
    - x86/paravirt: Fix spectre-v2 mitigations for paravirt guests
    - x86/speculation: Protect against userspace-userspace spectreRSB
    - kprobes/x86: Fix %p uses in error messages
    - x86/irqflags: Provide a declaration for native_save_fl
    - x86/speculation/l1tf: Increase 32bit PAE __PHYSICAL_PAGE_SHIFT
    - x86/speculation/l1tf: Change order of offset/type in swap entry
    - x86/speculation/l1tf: Protect swap entries against L1TF
    - x86/speculation/l1tf: Protect PROT_NONE PTEs against speculation
    - x86/speculation/l1tf: Make sure the first page is always reserved
    - x86/speculation/l1tf: Add sysfs reporting for l1tf
    - x86/speculation/l1tf: Disallow non privileged high MMIO PROT_NONE mappings
    - x86/speculation/l1tf: Limit swap file size to MAX_PA/2
    - x86/bugs: Move the l1tf function and define pr_fmt properly
    - sched/smt: Update sched_smt_present at runtime
    - x86/smp: Provide topology_is_primary_thread()
    - x86/topology: Provide topology_smt_supported()
    - cpu/hotplug: Make bringup/teardown of smp threads symmetric
    - cpu/hotplug: Split do_cpu_down()
    - cpu/hotplug: Provide knobs to control SMT
    - x86/cpu: Remove the pointless CPU printout
    - x86/cpu/AMD: Remove the pointless detect_ht() call
    - x86/cpu/common: Provide detect_ht_early()
    - x86/cpu/topology: Provide detect_extended_topology_early()
    - x86/cpu/intel: Evaluate smp_num_siblings early
    - x86/CPU/AMD: Do not check CPUID max ext level before parsing SMP info
    - x86/cpu/AMD: Evaluate smp_num_siblings early
    - x86/apic: Ignore secondary threads if nosmt=force
    - x86/speculation/l1tf: Extend 64bit swap file size limit
    - x86/cpufeatures: Add detection of L1D cache flush support.
    - x86/CPU/AMD: Move TOPOEXT reenablement before reading smp_num_siblings
    - x86/speculation/l1tf: Protect PAE swap entries against L1TF
    - x86/speculation/l1tf: Fix up pte->pfn conversion for PAE
    - Revert "x86/apic: Ignore secondary threads if nosmt=force"
    - cpu/hotplug: Boot HT siblings at least once
    - x86/KVM: Warn user if KVM is loaded SMT and L1TF CPU bug being present
    - x86/KVM/VMX: Add module argument for L1TF mitigation
    - x86/KVM/VMX: Add L1D flush algorithm
    - x86/KVM/VMX: Add L1D MSR based flush
    - x86/KVM/VMX: Add L1D flush logic
    - x86/KVM/VMX: Split the VMX MSR LOAD structures to have an host/guest numbers
    - x86/KVM/VMX: Add find_msr() helper function
    - x86/KVM/VMX: Separate the VMX AUTOLOAD guest/host number accounting
    - x86/KVM/VMX: Extend add_atomic_switch_msr() to allow VMENTER only MSRs
    - x86/KVM/VMX: Use MSR save list for IA32_FLUSH_CMD if required
    - cpu/hotplug: Online siblings when SMT control is turned on
    - x86/litf: Introduce vmx status variable
    - x86/kvm: Drop L1TF MSR list approach
    - x86/l1tf: Handle EPT disabled state proper
    - x86/kvm: Move l1tf setup function
    - x86/kvm: Add static key for flush always
    - x86/kvm: Serialize L1D flush parameter setter
    - x86/kvm: Allow runtime control of L1D flush
    - cpu/hotplug: Expose SMT control init function
    - cpu/hotplug: Set CPU_SMT_NOT_SUPPORTED early
    - x86/bugs, kvm: Introduce boot-time control of L1TF mitigations
    - Documentation: Add section about CPU vulnerabilities
    - x86/speculation/l1tf: Unbreak !__HAVE_ARCH_PFN_MODIFY_ALLOWED architectures
    - x86/KVM/VMX: Initialize the vmx_l1d_flush_pages' content
    - Documentation/l1tf: Fix typos
    - cpu/hotplug: detect SMT disabled by BIOS
    - x86/KVM/VMX: Don't set l1tf_flush_l1d to true from vmx_l1d_flush()
    - x86/KVM/VMX: Replace 'vmx_l1d_flush_always' with 'vmx_l1d_flush_cond'
    - x86/KVM/VMX: Move the l1tf_flush_l1d test to vmx_l1d_flush()
    - x86/irq: Demote irq_cpustat_t::__softirq_pending to u16
    - x86/KVM/VMX: Introduce per-host-cpu analogue of l1tf_flush_l1d
    - x86: Don't include linux/irq.h from asm/hardirq.h
    - x86/irq: Let interrupt handlers set kvm_cpu_l1tf_flush_l1d
    - x86/KVM/VMX: Don't set l1tf_flush_l1d from vmx_handle_external_intr()
    - Documentation/l1tf: Remove Yonah processors from not vulnerable list
    - x86/speculation: Simplify sysfs report of VMX L1TF vulnerability
    - x86/speculation: Use ARCH_CAPABILITIES to skip L1D flush on vmentry
    - KVM: VMX: Tell the nested hypervisor to skip L1D flush on vmentry
    - cpu/hotplug: Fix SMT supported evaluation
    - x86/speculation/l1tf: Invert all not present mappings
    - x86/speculation/l1tf: Make pmd/pud_mknotpresent() invert
    - x86/mm/pat: Make set_memory_np() L1TF safe
    - x86/mm/kmmio: Make the tracer robust against L1TF
    - tools headers: Synchronize prctl.h ABI header
    - tools headers: Synchronise x86 cpufeatures.h for L1TF additions
    - x86/microcode: Allow late microcode loading with SMT disabled
    - x86/smp: fix non-SMP broken build due to redefinition of
      apic_id_is_primary_thread
    - cpu/hotplug: Non-SMP machines do not make use of booted_once
    - x86/init: fix build with CONFIG_SWAP=n
    - x86/CPU/AMD: Have smp_num_siblings and cpu_llc_id always be present
    - Linux 4.17.15
    - [Config] updateconfigs after v4.17.15 stable update

* Cosmic update to v4.17.14 stable release (LP: #1787031)
    - scsi: qla2xxx: Fix unintialized List head crash
    - scsi: qla2xxx: Fix NPIV deletion by calling wait_for_sess_deletion
    - scsi: qla2xxx: Fix driver unload by shutting down chip
    - scsi: qla2xxx: Fix ISP recovery on unload
    - scsi: qla2xxx: Return error when TMF returns
    - jfs: Fix usercopy whitelist for inline inode data
    - genirq: Make force irq threading setup more robust
    - perf/x86/intel/uncore: Fix hardcoded index of Broadwell extra PCI devices
    - nohz: Fix local_timer_softirq_pending()
    - nohz: Fix missing tick reprogram when interrupting an inline softirq
    - netlink: Don't shift on 64 for ngroups
    - ring_buffer: tracing: Inherit the tracing setting to next ring buffer
    - i2c: imx: Fix reinit_completion() use
    - Btrfs: fix file data corruption after cloning a range and fsync
    - Partially revert "block: fail op_is_write() requests to read-only
      partitions"
    - xfs: validate cached inodes are free when allocated
    - Linux 4.17.14

* Consider enabling CONFIG_NETWORK_PHY_TIMESTAMPING (LP: #1785816)
    - [Config] Enable timestamping in network PHY devices

* Cosmic update to 4.17.13 stable release (LP: #1785710)
    - bonding: avoid lockdep confusion in bond_get_stats()
    - inet: frag: enforce memory limits earlier
    - ipv4: frags: handle possible skb truesize change
    - net: dsa: Do not suspend/resume closed slave_dev
    - netlink: Fix spectre v1 gadget in netlink_create()
    - net: stmmac: Fix WoL for PCI-based setups
    - rxrpc: Fix user call ID check in rxrpc_service_prealloc_one
    - net/mlx5e: E-Switch, Initialize eswitch only if eswitch manager
    - net/mlx5e: Set port trust mode to PCP as default
    - net/mlx5e: IPoIB, Set the netdevice sw mtu in ipoib enhanced flow
    - squashfs: more metadata hardening
    - squashfs: more metadata hardenings
    - can: ems_usb: Fix memory leak on ems_usb_disconnect()
    - net: socket: fix potential spectre v1 gadget in socketcall
    - net: socket: Fix potential spectre v1 gadget in sock_is_registered
    - virtio_balloon: fix another race between migration and ballooning
    - x86/efi: Access EFI MMIO data as unencrypted when SEV is active
    - x86/apic: Future-proof the TSC_DEADLINE quirk for SKX
    - x86/entry/64: Remove %ebx handling from error_entry/exit
    - kvm: x86: vmx: fix vpid leak
    - audit: fix potential null dereference 'context->module.name'
    - ipc/shm.c add ->pagesize function to shm_vm_ops
    - userfaultfd: remove uffd flags from vma->vm_flags if UFFD_EVENT_FORK fails
    - iwlwifi: add more card IDs for 9000 series
    - brcmfmac: fix regression in parsing NVRAM for multiple devices
    - RDMA/uverbs: Expand primary and alt AV port checks
    - crypto: padlock-aes - Fix Nano workaround data corruption
    - drm/vc4: Reset ->{x, y}_scaling[1] when dealing with uniplanar formats
    - drm/atomic: Check old_plane_state->crtc in drm_atomic_helper_async_check()
    - drm/atomic: Initialize variables in drm_atomic_helper_async_check() to make
      gcc happy
    - scsi: sg: fix minor memory leak in error path
    - Linux 4.17.13

* CacheFiles: Error: Overlong wait for old active object to go away.
    (LP: #1776254)
    - cachefiles: Fix missing clear of the CACHEFILES_OBJECT_ACTIVE flag
    - cachefiles: Wait rather than BUG'ing on "Unexpected object collision"

* fscache cookie refcount updated incorrectly during fscache object allocation
    (LP: #1776277) // fscache cookie refcount updated incorrectly during fscache
    object allocation (LP: #1776277)
    - fscache: Fix reference overput in fscache_attach_object() error handling

* FS-Cache: Assertion failed: FS-Cache: 6 == 5 is false (LP: #1774336)
    - Revert "UBUNTU: SAUCE: CacheFiles: fix a read_waiter/read_copier race"
    - fscache: Allow cancelled operations to be enqueued
    - cachefiles: Fix refcounting bug in backing-file read monitoring

* Miscellaneous Ubuntu changes
    - [Config] CONFIG_SYSCTL_SYSCALL=n

-- Thadeu Lima de Souza Cascardo <cascardo@canonical.com>  Mon, 20 Aug 2018 14:37:36 -0300

Changed in linux (Ubuntu):
status:	New → Fix Released

Brad Figg (brad-figg) on 2019-07-24

tags:

added: cscc

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.

Ubuntulinux package