| Message ID | 1520608885-7023-1-git-send-email-stefan.bader@canonical.com |
|---|---|
| State | New |
| Headers | show |
| Series | [Xenial,SRU] Xenial update to 4.4.114 stable release | expand |
On 03/09/18 16:21, Stefan Bader wrote: > Deliberately skipping "Revert "module: Add retpoline tag to VERMAGIC"" > because we decided we actually are fine with flagging things that way. > > Skipping because already applied: > * Slow system response time due to a monitor bug (bug 1606147) > - x86/cpu/intel: Introduce macros for Intel family numbers > * CVE-2017-1000364 > - mm/mmap.c: do not blow on PROT_NONE MAP_FIXED holes in the stack > * CVE-2017-17448 > - netfilter: nfnetlink_cthelper: Add missing permission checks > * CVE-2017-17450 > - netfilter: xt_osf: Add missing permission checks > > We backported the following set for (bug 16407868): > * netfilter: x_tables: pass xt_counters struct instead of packet > counter > * netfilter: x_tables: pass xt_counters struct to counter allocator > * netfilter: x_tables: pack percpu counter allocations > this caused the following stable patch to be not needed in Xenial: > * netfilter: fix IS_ERR_VALUE usage > > Special care should be used when looking at "x86/retpoline: Fill RSB on > context switch for affected CPUs". This uses a cpufeature bit which was > used initially by the Spectre v2 Intel patches. So in order to apply it > I did move the SPEC_CTRL bit definition out of the way. > > -Stefan > > -- > > The following changes since commit fdf2a7bfb332c7f3e54da19e4161db4ac448bf20: > > Linux 4.4.113 (2018-03-09 08:52:15 +0100) > > are available in the git repository at: > > git://git.launchpad.net/~smb/+git/linux-xenial stable-4.4 > > for you to fetch changes up to 9126c8a3ac8a35006fa8c03e6672a1282095840b: > > Linux 4.4.114 (2018-03-09 15:46:48 +0100) > > ---------------------------------------------------------------- > Aaron Ma (1): > Input: trackpoint - force 3 buttons if 0 button is reported > > Alexey Kodanev (1): > dccp: don't restart ccid2_hc_tx_rto_expire() if sk in closed state > > Andrew Goodbody (1): > usb: usbip: Fix possible deadlocks reported by lockdep > > Andy Lutomirski (1): > x86/asm/32: Make sync_core() handle missing CPUID on all 32-bit kernels > > Ben Hutchings (4): > x86/microcode/intel: Fix BDW late-loading revision check > vsyscall: Fix permissions for emulate mode with KAISER/PTI > ipv6: Fix getsockopt() for sockets with default IPV6_AUTOFLOWLABEL > nfsd: auth: Fix gid sorting when rootsquash enabled > > Craig Gallek (1): > tcp: __tcp_hdrlen() helper > > Dan Streetman (1): > net: tcp: close sock if net namespace is exiting > > Daniel Bristot de Oliveira (1): > sched/deadline: Use the revised wakeup rule for suspending constrained dl tasks > > David Woodhouse (1): > x86/retpoline: Fill RSB on context switch for affected CPUs > > Doug Berger (1): > cma: fix calculation of aligned offset > > Eric Biggers (1): > PM / sleep: declare __tracedata symbols as char[] rather than char > > Eric Dumazet (3): > ipv6: ip6_make_skb() needs to clear cork.base.dst > net: qdisc_pkt_len_init() should be more robust > flow_dissector: properly cap thoff field > > Felix Fietkau (1): > net: igmp: fix source address check for IGMPv3 reports > > Florian Westphal (2): > netfilter: x_tables: speed up jump target validation > netfilter: restart search if moved to other chain > > Francois Romieu (1): > r8169: fix memory corruption on retrieval of hardware statistics. > > Greg KH (1): > eventpoll.h: add missing epoll event masks > > Greg Kroah-Hartman (1): > Linux 4.4.114 > > Guillaume Nault (1): > pppoe: take ->needed_headroom of lower device into account on xmit > > Hongxu Jia (1): > netfilter: arp_tables: fix invoking 32bit "iptable -P INPUT ACCEPT" failed in 64bit kernel > > Jan Kara (2): > ext2: Don't clear SGID when inheriting ACLs > reiserfs: Don't clear SGID when inheriting ACLs > > Janakarajan Natarajan (1): > Prevent timer value 0 for MWAITX > > Jeff Mahoney (2): > reiserfs: fix race in prealloc discard > reiserfs: don't preallocate blocks for extended attributes > > Jia Zhang (1): > x86/microcode/intel: Extend BDW late-loading further with LLC size check > > Jim Westfall (2): > net: Allow neigh contructor functions ability to modify the primary_key > ipv4: Make neigh lookup keys for loopback/point-to-point devices be INADDR_ANY > > Jiri Slaby (2): > ipc: msg, make msgrcv work with LONG_MIN > fs/fcntl: f_setown, avoid undefined behaviour > > Johannes Thumshirn (1): > scsi: libiscsi: fix shifting of DID_REQUEUE host byte > > Jonathan Dieter (2): > usbip: Fix implicit fallthrough warning > usbip: Fix potential format overflow in userspace tools > > Liping Zhang (2): > netfilter: nf_ct_expect: remove the redundant slash when policy name is empty > netfilter: nfnetlink_queue: reject verdict request from different portid > > Marc Kleine-Budde (2): > can: af_can: can_rcv(): replace WARN_ONCE by pr_warn_once > can: af_can: canfd_rcv(): replace WARN_ONCE by pr_warn_once > > Michal Hocko (1): > hwpoison, memcg: forcibly uncharge LRU pages > > Mike Maloney (1): > ipv6: fix udpv6 sendmsg crash caused by too small MTU > > Minghuan Lian (1): > PCI: layerscape: Fix MSG TLP drop setting > > Neil Horman (1): > vmxnet3: repair memory leak > > Paolo Abeni (1): > netfilter: nf_dup_ipv6: set again FLOWI_FLAG_KNOWN_NH at flowi6_flags > > Pau Espin Pedrol (1): > netfilter: use fwmark_reflect in nf_send_reset > > Rafael J. Wysocki (2): > ACPI / processor: Avoid reserving IO regions too early > ACPI / scan: Prefer devices without _HID/_CID for _ADR matching > > Rui Wang (1): > x86/ioapic: Fix incorrect pointers in ioapic_setup_resources() > > Seunghun Han (1): > ACPICA: Namespace: fix operand cache leak > > Shuah Khan (4): > usbip: prevent vhci_hcd driver from leaking a socket pointer address > usbip: fix stub_rx: get_pipe() to validate endpoint number > usbip: fix stub_rx: harden CMD_SUBMIT path to handle malicious input > usbip: prevent leaking socket pointer address in messages > > Sudeep Holla (2): > drivers: base: cacheinfo: fix x86 with CONFIG_OF enabled > drivers: base: cacheinfo: fix boot error message when acpi is enabled > > Thomas Gleixner (2): > timers: Plug locking race vs. timer migration > hrtimer: Reset hrtimer cpu base proper on CPU hotplug > > Thomas Meyer (1): > um: link vmlinux with -no-pie > > Ulrich Weber (1): > netfilter: nf_conntrack_sip: extend request line validation > > Vegard Nossum (1): > time: Avoid undefined behaviour in ktime_add_safe() > > Vlastimil Babka (2): > fs/select: add vmalloc fallback for select(2) > mm, page_alloc: fix potential false positive in __zone_watermark_ok > > Xin Long (2): > sctp: do not allow the v4 socket to bind a v4mapped v6 address > sctp: return error if the asoc has been peeled off in sctp_wait_for_sndbuf > > Yang Shi (1): > PCI: layerscape: Add "fsl,ls2085a-pcie" compatible ID > > Yuiko Oshino (1): > lan78xx: Fix failure in USB Full Speed > > yangbo lu (1): > mmc: sdhci-of-esdhc: add/remove some quirks according to vendor version > > Makefile | 2 +- > arch/um/Makefile | 2 +- > arch/x86/entry/vsyscall/vsyscall_64.c | 7 ++- > arch/x86/include/asm/cpufeatures.h | 3 +- > arch/x86/include/asm/processor.h | 2 +- > arch/x86/include/asm/switch_to.h | 38 ++++++++++++ > arch/x86/include/asm/vsyscall.h | 1 + > arch/x86/kernel/apic/io_apic.c | 2 +- > arch/x86/kernel/cpu/bugs.c | 36 +++++++++++ > arch/x86/kernel/cpu/intel_cacheinfo.c | 2 + > arch/x86/kernel/cpu/microcode/intel.c | 21 ++++++- > arch/x86/lib/delay.c | 7 +++ > arch/x86/mm/kaiser.c | 2 +- > drivers/acpi/acpi_processor.c | 9 --- > drivers/acpi/acpica/nsutils.c | 23 +++---- > drivers/acpi/glue.c | 12 ++-- > drivers/acpi/processor_throttling.c | 9 +++ > drivers/base/cacheinfo.c | 15 +++-- > drivers/base/power/trace.c | 4 +- > drivers/input/mouse/trackpoint.c | 3 + > drivers/mmc/host/sdhci-of-esdhc.c | 10 +++ > drivers/net/ethernet/realtek/r8169.c | 9 +-- > drivers/net/ppp/pppoe.c | 11 ++-- > drivers/net/usb/lan78xx.c | 1 + > drivers/net/vmxnet3/vmxnet3_drv.c | 2 +- > drivers/pci/host/pci-layerscape.c | 22 ++++--- > drivers/scsi/libiscsi.c | 2 +- > drivers/usb/usbip/stub_dev.c | 3 +- > drivers/usb/usbip/stub_rx.c | 46 +++++++++++--- > drivers/usb/usbip/usbip_common.c | 15 ++--- > drivers/usb/usbip/usbip_common.h | 1 + > drivers/usb/usbip/usbip_event.c | 5 +- > drivers/usb/usbip/vhci_hcd.c | 90 ++++++++++++++++----------- > drivers/usb/usbip/vhci_rx.c | 30 +++++---- > drivers/usb/usbip/vhci_sysfs.c | 44 ++++++++------ > drivers/usb/usbip/vhci_tx.c | 14 +++-- > fs/ext2/acl.c | 36 ++++++----- > fs/fcntl.c | 4 ++ > fs/nfsd/auth.c | 5 +- > fs/reiserfs/bitmap.c | 14 ++++- > fs/reiserfs/xattr_acl.c | 12 ++-- > fs/select.c | 14 ++++- > include/linux/cacheinfo.h | 1 + > include/linux/ktime.h | 7 +++ > include/linux/netfilter/x_tables.h | 4 ++ > include/linux/sched.h | 1 + > include/linux/tcp.h | 7 ++- > include/net/arp.h | 3 + > include/net/ipv6.h | 1 + > include/net/net_namespace.h | 10 +++ > include/uapi/linux/eventpoll.h | 13 ++++ > ipc/msg.c | 5 +- > kernel/sched/core.c | 2 + > kernel/sched/deadline.c | 98 ++++++++++++++++++++++++++---- > kernel/time/hrtimer.c | 5 +- > kernel/time/timer.c | 9 ++- > mm/cma.c | 15 ++--- > mm/memcontrol.c | 2 +- > mm/memory-failure.c | 7 +++ > mm/page_alloc.c | 6 +- > net/can/af_can.c | 22 +++---- > net/core/dev.c | 19 ++++-- > net/core/flow_dissector.c | 3 +- > net/core/neighbour.c | 4 +- > net/dccp/ccids/ccid2.c | 3 + > net/ipv4/arp.c | 7 ++- > net/ipv4/igmp.c | 2 +- > net/ipv4/netfilter/arp_tables.c | 51 ++++++++-------- > net/ipv4/netfilter/ip_tables.c | 45 +++++++------- > net/ipv4/netfilter/nf_reject_ipv4.c | 2 + > net/ipv4/tcp.c | 3 + > net/ipv4/tcp_timer.c | 15 +++++ > net/ipv6/ip6_output.c | 9 ++- > net/ipv6/ipv6_sockglue.c | 2 +- > net/ipv6/netfilter/ip6_tables.c | 45 +++++++------- > net/ipv6/netfilter/nf_dup_ipv6.c | 1 + > net/ipv6/netfilter/nf_reject_ipv6.c | 3 + > net/netfilter/nf_conntrack_core.c | 7 +++ > net/netfilter/nf_conntrack_expect.c | 2 +- > net/netfilter/nf_conntrack_sip.c | 5 +- > net/netfilter/nfnetlink_queue.c | 6 +- > net/netfilter/x_tables.c | 50 +++++++++++++++ > net/sctp/socket.c | 30 ++++----- > tools/usb/usbip/libsrc/usbip_common.c | 9 ++- > tools/usb/usbip/libsrc/usbip_host_driver.c | 27 ++++++-- > tools/usb/usbip/libsrc/vhci_driver.c | 8 +-- > tools/usb/usbip/src/usbip.c | 2 + > 87 files changed, 820 insertions(+), 348 deletions(-) > Applied to xenial/master-next branch. Thanks, Kleber
Deliberately skipping "Revert "module: Add retpoline tag to VERMAGIC"" because we decided we actually are fine with flagging things that way. Skipping because already applied: * Slow system response time due to a monitor bug (bug 1606147) - x86/cpu/intel: Introduce macros for Intel family numbers * CVE-2017-1000364 - mm/mmap.c: do not blow on PROT_NONE MAP_FIXED holes in the stack * CVE-2017-17448 - netfilter: nfnetlink_cthelper: Add missing permission checks * CVE-2017-17450 - netfilter: xt_osf: Add missing permission checks We backported the following set for (bug 16407868): * netfilter: x_tables: pass xt_counters struct instead of packet counter * netfilter: x_tables: pass xt_counters struct to counter allocator * netfilter: x_tables: pack percpu counter allocations this caused the following stable patch to be not needed in Xenial: * netfilter: fix IS_ERR_VALUE usage Special care should be used when looking at "x86/retpoline: Fill RSB on context switch for affected CPUs". This uses a cpufeature bit which was used initially by the Spectre v2 Intel patches. So in order to apply it I did move the SPEC_CTRL bit definition out of the way. -Stefan -- The following changes since commit fdf2a7bfb332c7f3e54da19e4161db4ac448bf20: Linux 4.4.113 (2018-03-09 08:52:15 +0100) are available in the git repository at: git://git.launchpad.net/~smb/+git/linux-xenial stable-4.4 for you to fetch changes up to 9126c8a3ac8a35006fa8c03e6672a1282095840b: Linux 4.4.114 (2018-03-09 15:46:48 +0100) ---------------------------------------------------------------- Aaron Ma (1): Input: trackpoint - force 3 buttons if 0 button is reported Alexey Kodanev (1): dccp: don't restart ccid2_hc_tx_rto_expire() if sk in closed state Andrew Goodbody (1): usb: usbip: Fix possible deadlocks reported by lockdep Andy Lutomirski (1): x86/asm/32: Make sync_core() handle missing CPUID on all 32-bit kernels Ben Hutchings (4): x86/microcode/intel: Fix BDW late-loading revision check vsyscall: Fix permissions for emulate mode with KAISER/PTI ipv6: Fix getsockopt() for sockets with default IPV6_AUTOFLOWLABEL nfsd: auth: Fix gid sorting when rootsquash enabled Craig Gallek (1): tcp: __tcp_hdrlen() helper Dan Streetman (1): net: tcp: close sock if net namespace is exiting Daniel Bristot de Oliveira (1): sched/deadline: Use the revised wakeup rule for suspending constrained dl tasks David Woodhouse (1): x86/retpoline: Fill RSB on context switch for affected CPUs Doug Berger (1): cma: fix calculation of aligned offset Eric Biggers (1): PM / sleep: declare __tracedata symbols as char[] rather than char Eric Dumazet (3): ipv6: ip6_make_skb() needs to clear cork.base.dst net: qdisc_pkt_len_init() should be more robust flow_dissector: properly cap thoff field Felix Fietkau (1): net: igmp: fix source address check for IGMPv3 reports Florian Westphal (2): netfilter: x_tables: speed up jump target validation netfilter: restart search if moved to other chain Francois Romieu (1): r8169: fix memory corruption on retrieval of hardware statistics. Greg KH (1): eventpoll.h: add missing epoll event masks Greg Kroah-Hartman (1): Linux 4.4.114 Guillaume Nault (1): pppoe: take ->needed_headroom of lower device into account on xmit Hongxu Jia (1): netfilter: arp_tables: fix invoking 32bit "iptable -P INPUT ACCEPT" failed in 64bit kernel Jan Kara (2): ext2: Don't clear SGID when inheriting ACLs reiserfs: Don't clear SGID when inheriting ACLs Janakarajan Natarajan (1): Prevent timer value 0 for MWAITX Jeff Mahoney (2): reiserfs: fix race in prealloc discard reiserfs: don't preallocate blocks for extended attributes Jia Zhang (1): x86/microcode/intel: Extend BDW late-loading further with LLC size check Jim Westfall (2): net: Allow neigh contructor functions ability to modify the primary_key ipv4: Make neigh lookup keys for loopback/point-to-point devices be INADDR_ANY Jiri Slaby (2): ipc: msg, make msgrcv work with LONG_MIN fs/fcntl: f_setown, avoid undefined behaviour Johannes Thumshirn (1): scsi: libiscsi: fix shifting of DID_REQUEUE host byte Jonathan Dieter (2): usbip: Fix implicit fallthrough warning usbip: Fix potential format overflow in userspace tools Liping Zhang (2): netfilter: nf_ct_expect: remove the redundant slash when policy name is empty netfilter: nfnetlink_queue: reject verdict request from different portid Marc Kleine-Budde (2): can: af_can: can_rcv(): replace WARN_ONCE by pr_warn_once can: af_can: canfd_rcv(): replace WARN_ONCE by pr_warn_once Michal Hocko (1): hwpoison, memcg: forcibly uncharge LRU pages Mike Maloney (1): ipv6: fix udpv6 sendmsg crash caused by too small MTU Minghuan Lian (1): PCI: layerscape: Fix MSG TLP drop setting Neil Horman (1): vmxnet3: repair memory leak Paolo Abeni (1): netfilter: nf_dup_ipv6: set again FLOWI_FLAG_KNOWN_NH at flowi6_flags Pau Espin Pedrol (1): netfilter: use fwmark_reflect in nf_send_reset Rafael J. Wysocki (2): ACPI / processor: Avoid reserving IO regions too early ACPI / scan: Prefer devices without _HID/_CID for _ADR matching Rui Wang (1): x86/ioapic: Fix incorrect pointers in ioapic_setup_resources() Seunghun Han (1): ACPICA: Namespace: fix operand cache leak Shuah Khan (4): usbip: prevent vhci_hcd driver from leaking a socket pointer address usbip: fix stub_rx: get_pipe() to validate endpoint number usbip: fix stub_rx: harden CMD_SUBMIT path to handle malicious input usbip: prevent leaking socket pointer address in messages Sudeep Holla (2): drivers: base: cacheinfo: fix x86 with CONFIG_OF enabled drivers: base: cacheinfo: fix boot error message when acpi is enabled Thomas Gleixner (2): timers: Plug locking race vs. timer migration hrtimer: Reset hrtimer cpu base proper on CPU hotplug Thomas Meyer (1): um: link vmlinux with -no-pie Ulrich Weber (1): netfilter: nf_conntrack_sip: extend request line validation Vegard Nossum (1): time: Avoid undefined behaviour in ktime_add_safe() Vlastimil Babka (2): fs/select: add vmalloc fallback for select(2) mm, page_alloc: fix potential false positive in __zone_watermark_ok Xin Long (2): sctp: do not allow the v4 socket to bind a v4mapped v6 address sctp: return error if the asoc has been peeled off in sctp_wait_for_sndbuf Yang Shi (1): PCI: layerscape: Add "fsl,ls2085a-pcie" compatible ID Yuiko Oshino (1): lan78xx: Fix failure in USB Full Speed yangbo lu (1): mmc: sdhci-of-esdhc: add/remove some quirks according to vendor version Makefile | 2 +- arch/um/Makefile | 2 +- arch/x86/entry/vsyscall/vsyscall_64.c | 7 ++- arch/x86/include/asm/cpufeatures.h | 3 +- arch/x86/include/asm/processor.h | 2 +- arch/x86/include/asm/switch_to.h | 38 ++++++++++++ arch/x86/include/asm/vsyscall.h | 1 + arch/x86/kernel/apic/io_apic.c | 2 +- arch/x86/kernel/cpu/bugs.c | 36 +++++++++++ arch/x86/kernel/cpu/intel_cacheinfo.c | 2 + arch/x86/kernel/cpu/microcode/intel.c | 21 ++++++- arch/x86/lib/delay.c | 7 +++ arch/x86/mm/kaiser.c | 2 +- drivers/acpi/acpi_processor.c | 9 --- drivers/acpi/acpica/nsutils.c | 23 +++---- drivers/acpi/glue.c | 12 ++-- drivers/acpi/processor_throttling.c | 9 +++ drivers/base/cacheinfo.c | 15 +++-- drivers/base/power/trace.c | 4 +- drivers/input/mouse/trackpoint.c | 3 + drivers/mmc/host/sdhci-of-esdhc.c | 10 +++ drivers/net/ethernet/realtek/r8169.c | 9 +-- drivers/net/ppp/pppoe.c | 11 ++-- drivers/net/usb/lan78xx.c | 1 + drivers/net/vmxnet3/vmxnet3_drv.c | 2 +- drivers/pci/host/pci-layerscape.c | 22 ++++--- drivers/scsi/libiscsi.c | 2 +- drivers/usb/usbip/stub_dev.c | 3 +- drivers/usb/usbip/stub_rx.c | 46 +++++++++++--- drivers/usb/usbip/usbip_common.c | 15 ++--- drivers/usb/usbip/usbip_common.h | 1 + drivers/usb/usbip/usbip_event.c | 5 +- drivers/usb/usbip/vhci_hcd.c | 90 ++++++++++++++++----------- drivers/usb/usbip/vhci_rx.c | 30 +++++---- drivers/usb/usbip/vhci_sysfs.c | 44 ++++++++------ drivers/usb/usbip/vhci_tx.c | 14 +++-- fs/ext2/acl.c | 36 ++++++----- fs/fcntl.c | 4 ++ fs/nfsd/auth.c | 5 +- fs/reiserfs/bitmap.c | 14 ++++- fs/reiserfs/xattr_acl.c | 12 ++-- fs/select.c | 14 ++++- include/linux/cacheinfo.h | 1 + include/linux/ktime.h | 7 +++ include/linux/netfilter/x_tables.h | 4 ++ include/linux/sched.h | 1 + include/linux/tcp.h | 7 ++- include/net/arp.h | 3 + include/net/ipv6.h | 1 + include/net/net_namespace.h | 10 +++ include/uapi/linux/eventpoll.h | 13 ++++ ipc/msg.c | 5 +- kernel/sched/core.c | 2 + kernel/sched/deadline.c | 98 ++++++++++++++++++++++++++---- kernel/time/hrtimer.c | 5 +- kernel/time/timer.c | 9 ++- mm/cma.c | 15 ++--- mm/memcontrol.c | 2 +- mm/memory-failure.c | 7 +++ mm/page_alloc.c | 6 +- net/can/af_can.c | 22 +++---- net/core/dev.c | 19 ++++-- net/core/flow_dissector.c | 3 +- net/core/neighbour.c | 4 +- net/dccp/ccids/ccid2.c | 3 + net/ipv4/arp.c | 7 ++- net/ipv4/igmp.c | 2 +- net/ipv4/netfilter/arp_tables.c | 51 ++++++++-------- net/ipv4/netfilter/ip_tables.c | 45 +++++++------- net/ipv4/netfilter/nf_reject_ipv4.c | 2 + net/ipv4/tcp.c | 3 + net/ipv4/tcp_timer.c | 15 +++++ net/ipv6/ip6_output.c | 9 ++- net/ipv6/ipv6_sockglue.c | 2 +- net/ipv6/netfilter/ip6_tables.c | 45 +++++++------- net/ipv6/netfilter/nf_dup_ipv6.c | 1 + net/ipv6/netfilter/nf_reject_ipv6.c | 3 + net/netfilter/nf_conntrack_core.c | 7 +++ net/netfilter/nf_conntrack_expect.c | 2 +- net/netfilter/nf_conntrack_sip.c | 5 +- net/netfilter/nfnetlink_queue.c | 6 +- net/netfilter/x_tables.c | 50 +++++++++++++++ net/sctp/socket.c | 30 ++++----- tools/usb/usbip/libsrc/usbip_common.c | 9 ++- tools/usb/usbip/libsrc/usbip_host_driver.c | 27 ++++++-- tools/usb/usbip/libsrc/vhci_driver.c | 8 +-- tools/usb/usbip/src/usbip.c | 2 + 87 files changed, 820 insertions(+), 348 deletions(-)