APPLIED/cmnt: [PULL][xenial] Stable update to 4.4.112
Stefan Bader
stefan.bader at canonical.com
Wed Feb 28 15:55:50 UTC 2018
On 25.01.2018 03:50, Khaled Elmously wrote:
> The following changes since commit 96e8eec96913d917583bccb74bfd8d9f767f307e:
>
> Linux 4.4.111 (2018-01-24 20:26:14 -0500)
>
> are available in the git repository at:
>
> git+ssh://kmously@git.launchpad.net/~kmously/ubuntu/+source/linux/+git/xenial update-to-4.4.112
>
> for you to fetch changes up to 16afa8545e61f047dd50570a86011ae42249c550:
>
> Linux 4.4.112 (2018-01-24 21:03:05 -0500)
>
> ----------------------------------------------------------------
> Alexei Starovoitov (4):
> bpf: move fixup_bpf_calls() function
> bpf: refactor fixup_bpf_calls()
> bpf: adjust insn_aux_data when patching insns
> bpf: prevent out-of-bounds speculation
>
> Andrew Honig (1):
> KVM: x86: Add memory barrier on vmcs field lookup
>
> Andrey Ryabinin (2):
> net/mac80211/debugfs.c: prevent build failure with CONFIG_UBSAN=y
> mm/page-writeback: fix dirty_ratelimit calculation
>
> Andrii Vladyka (1):
> net: core: fix module type in sock_diag_bind
>
> Andy Lutomirski (3):
> x86/vsdo: Fix build on PARAVIRT_CLOCK=y, KVM_GUEST=n
> x86/cpu: Factor out application of forced CPU caps
> selftests/x86: Add test_vsyscall
>
> Ani Sinha (1):
> sysrq: Fix warning in sysrq generated crash.
>
> Bart Van Assche (1):
> IB/srpt: Disable RDMA access by the initiator
>
> Ben Hutchings (1):
> xhci: Fix ring leak in failure path of xhci_alloc_virt_device()
>
> Ben Seri (1):
> Bluetooth: Prevent stack info leak from the EFS element.
>
> Benjamin Poirier (1):
> e1000e: Fix e1000_check_for_copper_link_ich8lan return value.
>
> Borislav Petkov (2):
> x86/cpu: Merge bugs.c and bugs_64.c
> x86/alternatives: Fix optimize_nops() checking
>
> Christian Holl (1):
> USB: serial: cp210x: add new device ID ELV ALC 8xxx
>
> Cong Wang (1):
> 8021q: fix a memory leak for VLAN 0 device
>
> Dan Carpenter (1):
> drm/vmwgfx: Potential off by one in vmw_view_add()
>
> Dan Streetman (2):
> mm/zswap: use workqueue to destroy pool
> zswap: don't param_set_charp while holding spinlock
>
> Daniel Borkmann (1):
> bpf, array: fix overflow in max_entries and undefined behavior in index_mask
>
> Dave Hansen (1):
> x86/Documentation: Add PTI description
>
> David Woodhouse (3):
> x86/cpufeatures: Add X86_BUG_SPECTRE_V[12]
> sysfs/cpu: Fix typos in vulnerability documentation
> x86/alternatives: Add missing '\n' at end of ALTERNATIVE inline asm
>
> Davidlohr Bueso (1):
> locking/mutex: Allow next waiter lockless wakeup
>
> Diego Elio Pettenò (1):
> USB: serial: cp210x: add IDs for LifeScan OneTouch Verio IQ
>
> Eli Cooper (1):
> ip6_tunnel: disable dst caching if tunnel is dual-stack
>
> Eric Biggers (1):
> crypto: algapi - fix NULL dereference in crypto_remove_spawns()
>
> Eric Dumazet (5):
> lan78xx: use skb_cow_head() to deal with cloned skbs
> sr9700: use skb_cow_head() to deal with cloned skbs
> smsc75xx: use skb_cow_head() to deal with cloned skbs
> cx82310_eth: use skb_cow_head() to deal with cloned skbs
> ipv6: fix possible mem leaks in ipv6_make_skb()
>
> Greg Kroah-Hartman (2):
> Revert "userfaultfd: selftest: vm: allow to build in vm/ directory"
> Linux 4.4.112
>
> Icenowy Zheng (1):
> uas: ignore UAS for Norelsys NS1068(X) chips
>
> Ilya Dryomov (1):
> rbd: set max_segments to USHRT_MAX
>
> Jakub Kicinski (1):
> bpf: don't (ab)use instructions to store state
>
> Jean-Philippe Brucker (1):
> iommu/arm-smmu-v3: Don't free page table ops twice
>
> Jeff Layton (1):
> locks: don't check for race with close when setting OFD lock
>
> Jerome Brunet (1):
> net: stmmac: enable EEE in MII, GMII or RGMII only
>
> Jia Zhang (1):
> x86/microcode/intel: Extend BDW late-loading with a revision check
>
> Jianyu Zhan (1):
> futex: Replace barrier() in unqueue_me() with READ_ONCE()
>
> Jiri Kosina (1):
> x86/mm/pat, /dev/mem: Remove superfluous error message
>
> Jiri Slaby (1):
> hwrng: core - sleep interruptible in read
>
> Joonsoo Kim (2):
> mm/compaction: fix invalid free_pfn and compact_cached_free_pfn
> mm/compaction: pass only pageblock aligned range to pageblock_pfn_to_page
>
> Lepton Wu (1):
> kaiser: Set _PAGE_NX only if supported
>
> Maciej W. Rozycki (7):
> MIPS: Validate PR_SET_FP_MODE prctl(2) requests against the ABI of the task
> MIPS: Factor out NT_PRFPREG regset access helpers
> MIPS: Guard against any partial write attempt with PTRACE_SETREGSET
> MIPS: Consistently handle buffer counter with PTRACE_SETREGSET
> MIPS: Fix an FCSR access API regression with NT_PRFPREG and MSA
> MIPS: Also verify sizeof `elf_fpreg_t' with PTRACE_SETREGSET
> MIPS: Disallow outsized PTRACE_SETREGSET NT_PRFPREG regset accesses
>
> Mohamed Ghannam (2):
> RDS: Heap OOB write in rds_message_alloc_sgs()
> RDS: null pointer dereference in rds_atomic_free_op
>
> Nicholas Bellinger (2):
> iscsi-target: Make TASK_REASSIGN use proper se_cmd->cmd_kref
> target: Avoid early CMD_T_PRE_EXECUTE failures during ABORT_TASK
>
> Oliver Neukum (1):
> usbvision fix overflow of interfaces array
>
> Pavel Tatashin (1):
> x86/pti/efi: broken conversion from efi to kernel page table
>
> Pete Zaitcev (1):
> USB: fix usbmon BUG trigger
>
> Sergei Shtylyov (2):
> sh_eth: fix TSU resource handling
> sh_eth: fix SH7757 GEther initialization
>
> Shuah Khan (1):
> usbip: remove kernel addresses from usb device and urb debug msgs
>
> Stefan Agner (1):
> usb: misc: usb3503: make sure reset is low for at least 100us
>
> Suren Baghdasaryan (1):
> dm bufio: fix shrinker scans when (nr_to_scan < retain_target)
>
> Takashi Iwai (7):
> ALSA: pcm: Remove incorrect snd_BUG_ON() usages
> ALSA: pcm: Add missing error checks in OSS emulation plugin builder
> ALSA: pcm: Abort properly at pending signal in OSS read/write loops
> ALSA: pcm: Allow aborting mutex lock at OSS read/write loops
> ALSA: aloop: Release cable upon open error path
> ALSA: aloop: Fix inconsistent format due to incomplete rule
> ALSA: aloop: Fix racy hw constraints adjustment
>
> Thomas Gleixner (5):
> x86/cpufeatures: Make CPU bugs sticky
> x86/cpufeatures: Add X86_BUG_CPU_INSECURE
> x86/pti: Rename BUG_CPU_INSECURE to BUG_CPU_MELTDOWN
> sysfs/cpu: Add vulnerability folder
> x86/cpu: Implement CPU vulnerabilites sysfs functions
>
> Ulf Hansson (1):
> usb: musb: ux500: Fix NULL pointer dereference at system PM
>
> Vikas C Sajjan (2):
> x86/acpi: Handle SCI interrupts above legacy space gracefully
> x86/acpi: Reduce code duplication in mp_override_legacy_irq()
>
> Viktor Slavkovic (1):
> staging: android: ashmem: fix a race condition in ASHMEM_SET_SIZE ioctl
>
> Wanpeng Li (1):
> KVM: Fix stack-out-of-bounds read in write_mmio
>
> Wolfgang Grandegger (1):
> can: gs_usb: fix return value of the "set_bittiming" callback
>
> hayeswang (3):
> r8152: fix the wake event
> r8152: use test_and_clear_bit
> r8152: adjust ALDPS function
>
> Documentation/ABI/testing/sysfs-devices-system-cpu | 16 +
> Documentation/kernel-parameters.txt | 21 +-
> Documentation/x86/pti.txt | 186 ++++++++
> Makefile | 2 +-
> arch/arm/kvm/mmio.c | 6 +-
> arch/mips/kernel/process.c | 12 +
> arch/mips/kernel/ptrace.c | 147 ++++--
> arch/x86/Kconfig | 1 +
> arch/x86/include/asm/alternative.h | 4 +-
> arch/x86/include/asm/cpufeature.h | 2 +
> arch/x86/include/asm/cpufeatures.h | 5 +-
> arch/x86/include/asm/kaiser.h | 10 +
> arch/x86/include/asm/processor.h | 4 +-
> arch/x86/include/asm/pvclock.h | 2 +-
> arch/x86/kernel/acpi/boot.c | 61 ++-
> arch/x86/kernel/alternative.c | 7 +-
> arch/x86/kernel/cpu/Makefile | 4 +-
> arch/x86/kernel/cpu/bugs.c | 55 ++-
> arch/x86/kernel/cpu/bugs_64.c | 33 --
> arch/x86/kernel/cpu/common.c | 33 +-
> arch/x86/kernel/cpu/microcode/intel.c | 14 +-
> arch/x86/kvm/vmx.c | 12 +-
> arch/x86/kvm/x86.c | 8 +-
> arch/x86/mm/kaiser.c | 2 +
> arch/x86/mm/pat.c | 5 +-
> arch/x86/realmode/init.c | 4 +-
> arch/x86/realmode/rm/trampoline_64.S | 3 +-
> crypto/algapi.c | 12 +
> drivers/base/Kconfig | 3 +
> drivers/base/cpu.c | 48 ++
> drivers/block/rbd.c | 2 +-
> drivers/char/hw_random/core.c | 6 +-
> drivers/char/mem.c | 6 +-
> drivers/gpu/drm/vmwgfx/vmwgfx_execbuf.c | 2 +
> drivers/infiniband/ulp/srpt/ib_srpt.c | 3 +-
> drivers/iommu/arm-smmu-v3.c | 8 +-
> drivers/md/dm-bufio.c | 7 +-
> drivers/media/usb/usbvision/usbvision-video.c | 7 +
> drivers/net/can/usb/gs_usb.c | 2 +-
> drivers/net/ethernet/intel/e1000e/ich8lan.c | 11 +-
> drivers/net/ethernet/renesas/sh_eth.c | 29 +-
> drivers/net/ethernet/stmicro/stmmac/stmmac_main.c | 6 +
> drivers/net/usb/cx82310_eth.c | 7 +-
> drivers/net/usb/lan78xx.c | 9 +-
> drivers/net/usb/r8152.c | 131 +++---
> drivers/net/usb/smsc75xx.c | 8 +-
> drivers/net/usb/sr9700.c | 9 +-
> drivers/staging/android/ashmem.c | 2 +
> drivers/target/iscsi/iscsi_target.c | 20 +-
> drivers/target/target_core_tmr.c | 9 +
> drivers/target/target_core_transport.c | 2 +
> drivers/tty/sysrq.c | 6 +
> drivers/usb/host/xhci-mem.c | 3 +-
> drivers/usb/misc/usb3503.c | 2 +
> drivers/usb/mon/mon_bin.c | 8 +-
> drivers/usb/musb/ux500.c | 7 +-
> drivers/usb/serial/cp210x.c | 2 +
> drivers/usb/storage/unusual_uas.h | 7 +
> drivers/usb/usbip/usbip_common.c | 17 +-
> fs/locks.c | 16 +-
> include/linux/bpf.h | 2 +
> include/linux/cpu.h | 7 +
> include/linux/phy.h | 11 +
> include/linux/sh_eth.h | 1 -
> include/target/target_core_base.h | 1 +
> include/trace/events/kvm.h | 7 +-
> kernel/bpf/arraymap.c | 37 +-
> kernel/bpf/syscall.c | 54 ---
> kernel/bpf/verifier.c | 190 ++++++--
> kernel/futex.c | 8 +-
> kernel/locking/mutex.c | 5 +-
> mm/compaction.c | 50 ++-
> mm/page-writeback.c | 11 +-
> mm/zswap.c | 24 +-
> net/8021q/vlan.c | 7 +-
> net/bluetooth/l2cap_core.c | 20 +-
> net/core/sock_diag.c | 2 +-
> net/ipv6/ip6_output.c | 4 +-
> net/ipv6/ip6_tunnel.c | 9 +-
> net/mac80211/debugfs.c | 7 +-
> net/rds/rdma.c | 4 +
> sound/core/oss/pcm_oss.c | 41 +-
> sound/core/oss/pcm_plugin.c | 14 +-
> sound/core/pcm_lib.c | 4 +-
> sound/drivers/aloop.c | 98 ++--
> tools/testing/selftests/vm/Makefile | 4 -
> tools/testing/selftests/x86/Makefile | 3 +-
> tools/testing/selftests/x86/test_vsyscall.c | 500 +++++++++++++++++++++
> 88 files changed, 1709 insertions(+), 492 deletions(-)
> create mode 100644 Documentation/x86/pti.txt
> delete mode 100644 arch/x86/kernel/cpu/bugs_64.c
> create mode 100644 tools/testing/selftests/x86/test_vsyscall.c
>
>
Since this update was prepared, the following patches were already applied:
* KVM: Fix stack-out-of-bounds read in write_mmio (CVE-2017-17741)
* RDS: null pointer dereference in rds_atomic_free_op (CVE-2018-5333)
Needed fixup:
* bpf: don't (ab)use instructions to store state
We added a partial backport of this change when applying
"bpf: fix branch pruning logic" (CVE-2017-17862)
* bpf: prevent out-of-bounds speculation
Because of changes introduced by "bpf: fix branch pruning
logic" (CVE-2017-17862)
The following patches were all also applied already as part of
CVE-2017-5715 (Spectre v2 retpoline):
* x86/cpu: Factor out application of forced CPU caps
* x86/cpufeatures: Make CPU bugs sticky
* x86/cpufeatures: Add X86_BUG_CPU_INSECURE
* x86/pti: Rename BUG_CPU_INSECURE to BUG_CPU_MELTDOWN
* x86/cpufeatures: Add X86_BUG_SPECTRE_V[12]
* x86/cpu: Merge bugs.c and bugs_64.c
* sysfs/cpu: Add vulnerability folder
* x86/cpu: Implement CPU vulnerabilites sysfs functions
* x86/alternatives: Add missing '\n' at end of ALTERNATIVE inline asm
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <https://lists.ubuntu.com/archives/kernel-team/attachments/20180228/8aaea7f1/attachment.sig>
More information about the kernel-team
mailing list