Ubuntu
linux package

test_072_config_strict_devmem in kernel security test failed with 4.4/4.15 kvm

Bionic (18.04)
Bug #1760648

Bug #1760648 reported by Po-Hsu Lin on 2018-04-02

This bug affects 1 person

	Status	Importance	Assigned to
QA Regression Testing	Invalid	Undecided	Unassigned
linux (Ubuntu)	Incomplete	Undecided	Unassigned
Xenial	New	Undecided	Unassigned
Bionic	Incomplete	Undecided	Unassigned
linux-kvm (Ubuntu)	Fix Released	Undecided	Kamal Mostafa
Xenial	Fix Released	Undecided	Kamal Mostafa
Bionic	Fix Released	Undecided	Kamal Mostafa

Bug Description

  FAIL: test_072_config_strict_devmem (__main__.KernelSecurityTest)
  CONFIG_STRICT_DEVMEM enabled
  ----------------------------------------------------------------------
  Traceback (most recent call last):
    File "./test-kernel-security.py", line 707, in test_072_config_strict_devmem
      self.assertEqual(self._test_config('STRICT_DEVMEM'), strict)
  AssertionError: False != True

Steps to reproduce:
  Deploy the node with Xenial 4.4 kernel, install linux-kvm
  sudo apt-get install python-minimal
  git clone --depth=1 git://kernel.ubuntu.com/ubuntu/autotest-client-tests -b master-next
  git clone --depth=1 git://kernel.ubuntu.com/ubuntu/autotest
  rm -fr autotest/client/tests
  ln -sf ~/autotest-client-tests autotest/client/tests
  AUTOTEST_PATH=/home/ubuntu/autotest sudo -E autotest/client/autotest-local --verbose autotest/client/tests/ubuntu_qrt_kernel_security/control

ProblemType: Bug
DistroRelease: Ubuntu 16.04
Package: linux-image-4.4.0-1019-kvm 4.4.0-1019.24
ProcVersionSignature: User Name 4.4.0-1019.24-kvm 4.4.98
Uname: Linux 4.4.0-1019-kvm x86_64
NonfreeKernelModules: signpost
ApportVersion: 2.20.1-0ubuntu2.15
Architecture: amd64
Date: Mon Apr 2 17:02:10 2018
ProcEnviron:
TERM=xterm-256color
PATH=(custom, no user)
XDG_RUNTIME_DIR=<set>
LANG=en_US.UTF-8
SHELL=/bin/bash
SourcePackage: linux-kvm
UpgradeStatus: No upgrade log present (probably fresh install)

Tags:

CVE References

Revision history for this message

Po-Hsu Lin (cypressyew) wrote on 2018-04-02:

Dependencies.txt Edit (2.2 KiB, text/plain; charset="utf-8")
JournalErrors.txt Edit (112.6 KiB, text/plain; charset="utf-8")
ProcCpuinfoMinimal.txt Edit (712 bytes, text/plain; charset="utf-8")

Revision history for this message

Ubuntu Kernel Bot (ubuntu-kernel-bot) wrote on 2018-04-02: Missing required logs.

This bug is missing log files that will aid in diagnosing the problem. While running an Ubuntu kernel (not a mainline or third-party kernel) please enter the following command in a terminal window:

apport-collect 1760648

and then change the status of the bug to 'Confirmed'.

If, due to the nature of the issue you have encountered, you are unable to run this command, please add a comment stating that fact and change the bug status to 'Confirmed'.

This change has been made by an automated script, maintained by the Ubuntu Kernel Team.

Changed in linux (Ubuntu):
status:	New → Incomplete

Po-Hsu Lin (cypressyew) on 2018-04-02

summary:

- test_072_config_strict_devmem in kernel security test failed with 4.4
- X-kvm
+ test_072_config_strict_devmem in kernel security test failed with
+ 4.4/4.15 kvm

Kamal Mostafa (kamalmostafa) on 2018-04-11

Changed in linux-kvm (Ubuntu Xenial):
status:	New → In Progress
Changed in linux-kvm (Ubuntu Bionic):
status:	New → In Progress
Changed in linux-kvm (Ubuntu Xenial):
assignee:	nobody → Kamal Mostafa (kamalmostafa)
Changed in linux-kvm (Ubuntu Bionic):
assignee:	nobody → Kamal Mostafa (kamalmostafa)

Kamal Mostafa (kamalmostafa) on 2018-04-12

Changed in linux-kvm (Ubuntu Xenial):
status:	In Progress → Fix Committed
Changed in linux-kvm (Ubuntu Bionic):
status:	In Progress → Fix Committed

Po-Hsu Lin (cypressyew) on 2018-04-13

Changed in qa-regression-testing:
status:	New → Invalid

Revision history for this message

Launchpad Janitor (janitor) wrote on 2018-04-22:

Download full text (36.6 KiB)

This bug was fixed in the package linux-kvm - 4.15.0-1006.6

---------------
linux-kvm (4.15.0-1006.6) bionic; urgency=medium

* linux-kvm: 4.15.0-1006.6 -proposed tracker (LP: #1765498)

[ Ubuntu: 4.15.0-18.19 ]

  * linux: 4.15.0-18.19 -proposed tracker (LP: #1765490)
  * [regression] Ubuntu 18.04:[4.15.0-17-generic #18] KVM Guest Kernel:
    meltdown: rfi/fallback displacement flush not enabled bydefault (kvm)
    (LP: #1765429)
    - powerpc/pseries: Fix clearing of security feature flags
  * signing: only install a signed kernel (LP: #1764794)
    - [Packaging] update to Debian like control scripts
    - [Packaging] switch to triggers for postinst.d postrm.d handling
    - [Packaging] signing -- switch to raw-signing tarballs
    - [Packaging] signing -- switch to linux-image as signed when available
    - [Config] signing -- enable Opal signing for ppc64el
    - [Packaging] printenv -- add signing options
  * [18.04 FEAT] Sign POWER host/NV kernels (LP: #1696154)
    - [Packaging] signing -- add support for signing Opal kernel binaries
  * Please cherrypick s390 unwind fix (LP: #1765083)
    - s390/compat: fix setup_frame32
  * Ubuntu 18.04 installer does not detect any IPR based HDD/RAID array [S822L]
    [ipr] (LP: #1751813)
    - d-i: move ipr to storage-core-modules on ppc64el
  * drivers/gpu/drm/bridge/adv7511/adv7511.ko missing (LP: #1764816)
    - SAUCE: (no-up) rename the adv7511 drm driver to adv7511_drm
  * Miscellaneous Ubuntu changes
    - [Packaging] Add linux-oem to rebuild test blacklist.

[ Ubuntu: 4.15.0-17.18 ]

  * linux: 4.15.0-17.18 -proposed tracker (LP: #1764498)
  * Eventual OOM with profile reloads (LP: #1750594)
    - SAUCE: apparmor: fix memory leak when duplicate profile load

linux-kvm (4.15.0-1005.5) bionic; urgency=medium

* linux-kvm: 4.15.0-1005.5 -proposed tracker (LP: #1763792)

  * test_151_sysctl_disables_bpf_unpriv_userns in kernel security test failed
    with 4.4/4.15 kvm (LP: #1760656)
    - kvm: [config] enable BPF_SYSCALL

  * test_077_config_security_ipsec in kernel security test failed with 4.4/4.15
    kvm (LP: #1760653)
    - kvm: [config] enable ipsec configs

  * test_072_config_strict_devmem in kernel security test failed with 4.4/4.15
    kvm (LP: #1760648) // test_072_strict_devmem in kernel security test failed
    with 4.4/4.15 kvm (LP: #1760649)
    - kvm: [config] enable DEVMEM

  * test_076_config_security_acl_ext4 in kernel security test failed with
    4.4/4.15 kvm (LP: #1760652) // test_160_setattr_CVE_2015_1350 in kernel
    security test failed with 4.4/4.15 kvm (LP: #1760657)
    - kvm: [config] enable POSIX_ACL, XATTR, FS_SECURITY for all filesystems

  * test_074_config_security_default_mmap_min_addr in kernel security test
    failed with 4.4/4.15 kvm (LP: #1760650)
    - kvm: [config] DEFAULT_MMAP_MIN_ADDR=65536

* linux-kvm 4.15 needs UNWINDER_FRAME_POINTER (LP: #1763107)
- kvm: [Config] CONFIG_UNWINDER_FRAME_POINTER=y for amd64

[ Ubuntu: 4.15.0-16.17 ]

This bug was fixed in the package linux-kvm - 4.15.0-1006.6

---------------
linux-kvm (4.15.0-1006.6) bionic; urgency=medium

* linux-kvm: 4.15.0-1006.6 -proposed tracker (LP: #1765498)

[ Ubuntu: 4.15.0-18.19 ]

[ Ubuntu: 4.15.0-17.18 ]

* linux: 4.15.0-17.18 -proposed tracker (LP: #1764498)
  * Eventual OOM with profile reloads (LP: #1750594)
    - SAUCE: apparmor: fix memory leak when duplicate profile load

linux-kvm (4.15.0-1005.5) bionic; urgency=medium

* linux-kvm: 4.15.0-1005.5 -proposed tracker (LP: #1763792)

* test_151_sysctl_disables_bpf_unpriv_userns in kernel security test failed
    with 4.4/4.15 kvm (LP: #1760656)
    - kvm: [config] enable BPF_SYSCALL

* test_077_config_security_ipsec in kernel security test failed with 4.4/4.15
    kvm (LP: #1760653)
    - kvm: [config] enable ipsec configs

* test_076_config_security_acl_ext4  in kernel security test failed with
    4.4/4.15 kvm (LP: #1760652) // test_160_setattr_CVE_2015_1350 in kernel
    security test failed with 4.4/4.15 kvm (LP: #1760657)
    - kvm: [config] enable POSIX_ACL, XATTR, FS_SECURITY for all filesystems

* test_074_config_security_default_mmap_min_addr in kernel security test
    failed with 4.4/4.15 kvm (LP: #1760650)
    - kvm: [config] DEFAULT_MMAP_MIN_ADDR=65536

* linux-kvm 4.15 needs UNWINDER_FRAME_POINTER (LP: #1763107)
    - kvm: [Config] CONFIG_UNWINDER_FRAME_POINTER=y for amd64

[ Ubuntu: 4.15.0-16.17 ]

* linux: 4.15.0-16.17 -proposed tracker (LP: #1763785)
  * [18.04] [bug] CFL-S(CNP)/CNL GPIO testing failed (LP: #1757346)
    - [Config]: Set CONFIG_PINCTRL_CANNONLAKE=y
  * [Ubuntu 18.04] USB Type-C test failed on GLK (LP: #1758797)
    - SAUCE: usb: typec: ucsi: Increase command completion timeout value
  * Fix trying to "push" an already active pool VP (LP: #1763386)
    - SAUCE: powerpc/xive: Fix trying to "push" an already active pool VP
  * hisi_sas: Revert and replace SAUCE patches w/ upstream (LP: #1762824)
    - Revert "UBUNTU: SAUCE: scsi: hisi_sas: export device table of v3 hw to
      userspace"
    - Revert "UBUNTU: SAUCE: scsi: hisi_sas: config for hip08 ES"
    - scsi: hisi_sas: modify some register config for hip08
    - scsi: hisi_sas: add v3 hw MODULE_DEVICE_TABLE()
  * Realtek card reader - RTS5243 [VEN_10EC&DEV_5260] (LP: #1737673)
    - misc: rtsx: Move Realtek Card Reader Driver to misc
    - updateconfigs for Realtek Card Reader Driver
    - misc: rtsx: Add support for RTS5260
    - misc: rtsx: Fix symbol clashes
  * Mellanox [mlx5] [bionic] UBSAN: Undefined behaviour in
    ./include/linux/net_dim.h (LP: #1763269)
    - net/mlx5e: Fix int overflow
  * apparmor bug fixes for bionic (LP: #1763427)
    - apparmor: fix logging of the existence test for signals
    - apparmor: make signal label match work when matching stacked labels
    - apparmor: audit unknown signal numbers
    - apparmor: fix memory leak on buffer on error exit path
    - apparmor: fix mediation of prlimit
  * dangling symlinks to loaded apparmor policy (LP: #1755563) // apparmor bug
    fixes for bionic (LP: #1763427)
    - apparmor: fix dangling symlinks to policy rawdata after replacement
  * [OPAL] Assert fail:
    core/mem_region.c:447:lock_held_by_me(&region->free_list_lock)
    (LP: #1762913)
    - powerpc/watchdog: remove arch_trigger_cpumask_backtrace
  * [LTC Test] Ubuntu 18.04: tm_trap_test failed on P8 compat mode guest
    (LP: #1762928)
    - powerpc/tm: Fix endianness flip on trap
  * Add support for RT5660 codec based sound cards on Baytrail (LP: #1657674)
    - SAUCE: (no-up) ASoC: Intel: Support machine driver for RT5660 on Baytrail
    - SAUCE: (no-up) ASoC: rt5660: Add ACPI support
    - SAUCE: (no-up): ASoC: Intel: bytcr-rt5660: Add MCLK, quirks
    - [Config] CONFIG_SND_SOC_INTEL_BYTCR_RT5660_MACH=m, CONFIG_SND_SOC_RT5660=m
  * /dev/ipmi enumeration flaky on Cavium Sabre nodes (LP: #1762812)
    - i2c: xlp9xx: return ENXIO on slave address NACK
    - i2c: xlp9xx: Handle transactions with I2C_M_RECV_LEN properly
    - i2c: xlp9xx: Check for Bus state before every transfer
    - i2c: xlp9xx: Handle NACK on DATA properly
  * [18.04 FEAT] Add kvm_stat from kernel tree (LP: #1734130)
    - tools/kvm_stat: simplify the sortkey function
    - tools/kvm_stat: use a namedtuple for storing the values
    - tools/kvm_stat: use a more pythonic way to iterate over dictionaries
    - tools/kvm_stat: avoid 'is' for equality checks
    - tools/kvm_stat: fix crash when filtering out all non-child trace events
    - tools/kvm_stat: print error on invalid regex
    - tools/kvm_stat: fix debugfs handling
    - tools/kvm_stat: mark private methods as such
    - tools/kvm_stat: eliminate extra guest/pid selection dialog
    - tools/kvm_stat: separate drilldown and fields filtering
    - tools/kvm_stat: group child events indented after parent
    - tools/kvm_stat: print 'Total' line for multiple events only
    - tools/kvm_stat: Fix python3 syntax
    - tools/kvm_stat: Don't use deprecated file()
    - tools/kvm_stat: Remove unused function
    - [Packaging] Add linux-tools-host package for VM host tools
    - [Config] do_tools_host=true for amd64
  * Bionic update to v4.15.17 stable release (LP: #1763366)
    - i40iw: Fix sequence number for the first partial FPDU
    - i40iw: Correct Q1/XF object count equation
    - i40iw: Validate correct IRD/ORD connection parameters
    - clk: meson: mpll: use 64-bit maths in params_from_rate
    - ARM: dts: ls1021a: add "fsl,ls1021a-esdhc" compatible string to esdhc node
    - Bluetooth: Add a new 04ca:3015 QCA_ROME device
    - ipv6: Reinject IPv6 packets if IPsec policy matches after SNAT
    - thermal: power_allocator: fix one race condition issue for thermal_instances
      list
    - perf probe: Find versioned symbols from map
    - perf probe: Add warning message if there is unexpected event name
    - perf evsel: Fix swap for samples with raw data
    - perf evsel: Enable ignore_missing_thread for pid option
    - l2tp: fix missing print session offset info
    - rds; Reset rs->rs_bound_addr in rds_add_bound() failure path
    - ACPI / video: Default lcd_only to true on Win8-ready and newer machines
    - IB/mlx5: Report inner RSS capability
    - VFS: close race between getcwd() and d_move()
    - watchdog: dw_wdt: add stop watchdog operation
    - clk: divider: fix incorrect usage of container_of
    - PM / devfreq: Fix potential NULL pointer dereference in governor_store
    - gpiolib: don't dereference a desc before validation
    - net_sch: red: Fix the new offload indication
    - selftests/net: fix bugs in address and port initialization
    - thermal/drivers/hisi: Remove bogus const from function return type
    - RDMA/cma: Mark end of CMA ID messages
    - hwmon: (ina2xx) Make calibration register value fixed
    - f2fs: fix lock dependency in between dio_rwsem & i_mmap_sem
    - clk: sunxi-ng: a83t: Add M divider to TCON1 clock
    - media: videobuf2-core: don't go out of the buffer range
    - ASoC: Intel: Skylake: Disable clock gating during firmware and library
      download
    - ASoC: Intel: cht_bsw_rt5645: Analog Mic support
    - drm/msm: Fix NULL deref in adreno_load_gpu
    - IB/ipoib: Fix for notify send CQ failure messages
    - spi: sh-msiof: Fix timeout failures for TX-only DMA transfers
    - scsi: mpt3sas: Proper handling of set/clear of "ATA command pending" flag.
    - irqchip/ompic: fix return value check in ompic_of_init()
    - irqchip/gic-v3: Fix the driver probe() fail due to disabled GICC entry
    - ACPI: EC: Fix debugfs_create_*() usage
    - mac80211: Fix setting TX power on monitor interfaces
    - vfb: fix video mode and line_length being set when loaded
    - crypto: crypto4xx - perform aead icv check in the driver
    - gpio: label descriptors using the device name
    - arm64: asid: Do not replace active_asids if already 0
    - powernv-cpufreq: Add helper to extract pstate from PMSR
    - IB/rdmavt: Allocate CQ memory on the correct node
    - blk-mq: avoid to map CPU into stale hw queue
    - blk-mq: fix race between updating nr_hw_queues and switching io sched
    - backlight: tdo24m: Fix the SPI CS between transfers
    - nvme-fabrics: protect against module unload during create_ctrl
    - nvme-fabrics: don't check for non-NULL module in nvmf_register_transport
    - pinctrl: baytrail: Enable glitch filter for GPIOs used as interrupts
    - nvme_fcloop: disassocate local port structs
    - nvme_fcloop: fix abort race condition
    - tpm: return a TPM_RC_COMMAND_CODE response if command is not implemented
    - perf report: Fix a no annotate browser displayed issue
    - staging: lustre: disable preempt while sampling processor id.
    - ASoC: Intel: sst: Fix the return value of 'sst_send_byte_stream_mrfld()'
    - power: supply: axp288_charger: Properly stop work on probe-error / remove
    - rt2x00: do not pause queue unconditionally on error path
    - wl1251: check return from call to wl1251_acx_arp_ip_filter
    - net/mlx5: Fix race for multiple RoCE enable
    - bcache: ret IOERR when read meets metadata error
    - bcache: stop writeback thread after detaching
    - bcache: segregate flash only volume write streams
    - net: Fix netdev_WARN_ONCE macro
    - net/mlx5e: IPoIB, Use correct timestamp in child receive flow
    - blk-mq: fix kernel oops in blk_mq_tag_idle()
    - tty: n_gsm: Allow ADM response in addition to UA for control dlci
    - block, bfq: put async queues for root bfq groups too
    - serdev: Fix serdev_uevent failure on ACPI enumerated serdev-controllers
    - EDAC, mv64x60: Fix an error handling path
    - uio_hv_generic: check that host supports monitor page
    - Bluetooth: hci_bcm: Mandate presence of shutdown and device wake GPIO
    - Bluetooth: hci_bcm: Validate IRQ before using it
    - Bluetooth: hci_bcm: Make shutdown and device wake GPIO optional
    - i40evf: don't rely on netif_running() outside rtnl_lock()
    - drm/amd/powerplay: fix memory leakage when reload (v2)
    - cxgb4vf: Fix SGE FL buffer initialization logic for 64K pages
    - PM / domains: Don't skip driver's ->suspend|resume_noirq() callbacks
    - scsi: megaraid_sas: Error handling for invalid ldcount provided by firmware
      in RAID map
    - scsi: megaraid_sas: unload flag should be set after scsi_remove_host is
      called
    - RDMA/cma: Fix rdma_cm path querying for RoCE
    - gpio: thunderx: fix error return code in thunderx_gpio_probe()
    - x86/gart: Exclude GART aperture from vmcore
    - sdhci: Advertise 2.0v supply on SDIO host controller
    - Input: goodix - disable IRQs while suspended
    - mtd: mtd_oobtest: Handle bitflips during reads
    - crypto: aes-generic - build with -Os on gcc-7+
    - perf tools: Fix copyfile_offset update of output offset
    - tcmu: release blocks for partially setup cmds
    - thermal: int3400_thermal: fix error handling in int3400_thermal_probe()
    - drm/i915/cnp: Ignore VBT request for know invalid DDC pin.
    - drm/i915/cnp: Properly handle VBT ddc pin out of bounds.
    - x86/microcode: Propagate return value from updating functions
    - x86/CPU: Add a microcode loader callback
    - x86/CPU: Check CPU feature bits after microcode upgrade
    - x86/microcode: Get rid of struct apply_microcode_ctx
    - x86/microcode/intel: Check microcode revision before updating sibling
      threads
    - x86/microcode/intel: Writeback and invalidate caches before updating
      microcode
    - x86/microcode: Do not upload microcode if CPUs are offline
    - x86/microcode/intel: Look into the patch cache first
    - x86/microcode: Request microcode on the BSP
    - x86/microcode: Synchronize late microcode loading
    - x86/microcode: Attempt late loading only when new microcode is present
    - x86/microcode: Fix CPU synchronization routine
    - arp: fix arp_filter on l3slave devices
    - ipv6: the entire IPv6 header chain must fit the first fragment
    - lan78xx: Crash in lan78xx_writ_reg (Workqueue: events
      lan78xx_deferred_multicast_write)
    - net: dsa: Discard frames from unused ports
    - net: fix possible out-of-bound read in skb_network_protocol()
    - net/ipv6: Fix route leaking between VRFs
    - net/ipv6: Increment OUTxxx counters after netfilter hook
    - netlink: make sure nladdr has correct size in netlink_connect()
    - net/mlx5e: Verify coalescing parameters in range
    - net sched actions: fix dumping which requires several messages to user space
    - net/sched: fix NULL dereference in the error path of tcf_bpf_init()
    - pptp: remove a buggy dst release in pptp_connect()
    - r8169: fix setting driver_data after register_netdev
    - sctp: do not leak kernel memory to user space
    - sctp: sctp_sockaddr_af must check minimal addr length for AF_INET6
    - vhost: correctly remove wait queue during poll failure
    - vlan: also check phy_driver ts_info for vlan's real device
    - vrf: Fix use after free and double free in vrf_finish_output
    - bonding: fix the err path for dev hwaddr sync in bond_enslave
    - bonding: move dev_mc_sync after master_upper_dev_link in bond_enslave
    - bonding: process the err returned by dev_set_allmulti properly in
      bond_enslave
    - net: fool proof dev_valid_name()
    - ip_tunnel: better validate user provided tunnel names
    - ipv6: sit: better validate user provided tunnel names
    - ip6_gre: better validate user provided tunnel names
    - ip6_tunnel: better validate user provided tunnel names
    - vti6: better validate user provided tunnel names
    - net/mlx5e: Set EQE based as default TX interrupt moderation mode
    - net_sched: fix a missing idr_remove() in u32_delete_key()
    - net/sched: fix NULL dereference in the error path of tcf_vlan_init()
    - net/mlx5e: Avoid using the ipv6 stub in the TC offload neigh update path
    - net/mlx5e: Fix memory usage issues in offloading TC flows
    - net/sched: fix NULL dereference in the error path of tcf_sample_init()
    - nfp: use full 40 bits of the NSP buffer address
    - ipv6: sr: fix seg6 encap performances with TSO enabled
    - net/mlx5e: Don't override vport admin link state in switchdev mode
    - net/mlx5e: Sync netdev vxlan ports at open
    - net/sched: fix NULL dereference in the error path of tunnel_key_init()
    - net/sched: fix NULL dereference on the error path of tcf_skbmod_init()
    - strparser: Fix sign of err codes
    - net/mlx4_en: Fix mixed PFC and Global pause user control requests
    - net/mlx5e: Fix traffic being dropped on VF representor
    - vhost: validate log when IOTLB is enabled
    - route: check sysctl_fib_multipath_use_neigh earlier than hash
    - team: move dev_mc_sync after master_upper_dev_link in team_port_add
    - vhost_net: add missing lock nesting notation
    - net/mlx4_core: Fix memory leak while delete slave's resources
    - Linux 4.15.17
  * sky2 gigabit ethernet driver sometimes stops working after lid-open resume
    from sleep (88E8055) (LP: #1758507) // Bionic update to v4.15.17 stable
    release (LP: #1763366)
    - sky2: Increase D3 delay to sky2 stops working after suspend
  * [Featire] CNL: Enable RAPL support (LP: #1685712)
    - powercap: RAPL: Add support for Cannon Lake
  * System Z {kernel} UBUNTU18.04 wrong kernel config (LP: #1762719)
    - s390: move nobp parameter functions to nospec-branch.c
    - s390: add automatic detection of the spectre defense
    - s390: report spectre mitigation via syslog
    - s390: add sysfs attributes for spectre
    - [Config] CONFIG_EXPOLINE_AUTO=y, CONFIG_KERNEL_NOBP=n for s390
    - s390: correct nospec auto detection init order
  * Merge the linux-snapdragon kernel into bionic master/snapdragon
    (LP: #1763040)
    - drm/msm: fix spelling mistake: "ringubffer" -> "ringbuffer"
    - drm/msm: fix msm_rd_dump_submit prototype
    - drm/msm: gpu: Only sync fences on rings that exist
    - wcn36xx: set default BTLE coexistence config
    - wcn36xx: Add hardware scan offload support
    - wcn36xx: Reduce spinlock in indication handler
    - wcn36xx: fix incorrect assignment to msg_body.min_ch_time
    - wcn36xx: release DMA memory in case of error
    - mailbox: qcom: Convert APCS IPC driver to use regmap
    - mailbox: qcom: Create APCS child device for clock controller
    - clk: qcom: Add A53 PLL support
    - clk: qcom: Add regmap mux-div clocks support
    - clk: qcom: Add APCS clock controller support
    - clk: qcom: msm8916: Fix return value check in qcom_apcs_msm8916_clk_probe()
    - media: venus: venc: set correctly GOP size and number of B-frames
    - media: venus: venc: configure entropy mode
    - media: venus: venc: Apply inloop deblocking filter
    - media: venus: cleanup set_property controls
    - arm64: defconfig: enable REMOTEPROC
    - arm64: defconfig: enable QCOM audio drivers for APQ8016 and DB410c
    - kernel: configs; add distro.config
    - arm64: configs: enable WCN36xx
    - kernel: distro.config: enable debug friendly USB network adpater
    - arm64: configs: enable QCOM Venus
    - arm64: defconfig: Enable a53/apcs and avs
    - arm64: defconfig: enable ondemand governor as default
    - arm64: defconfig: enable QCOM_TSENS
    - arm64: defconfig: enable new trigger modes for leds
    - kernel: configs: enable dm_mod and dm_crypt
    - Force the SMD regulator driver to be compiled-in
    - arm64: defconfig: enable CFG80211_DEFAULT_PS by default
    - arm64: configs: enable BT_QCOMSMD
    - kernel: configs: add more USB net drivers
    - arm64: defconfig: disable ANALOG_TV and DIGITAL_TV
    - arm64: configs: Enable camera drivers
    - kernel: configs: add freq stat to sysfs
    - arm64: defconfig: enable CONFIG_USB_CONFIGFS_F_FS by default
    - arm64: defconfig: Enable QRTR features
    - kernel: configs: set USB_CONFIG_F_FS in distro.config
    - kernel: distro.config: enable 'schedutil' CPUfreq governor
    - kernel: distro.config: enable 'fq' and 'fq_codel' qdiscs
    - kernel: distro.config: enable 'BBR' TCP congestion algorithm
    - arm64: defconfig: enable LEDS_QCOM_LPG
    - HACK: drm/msm/iommu: Remove runtime_put calls in map/unmap
    - power: avs: Add support for CPR (Core Power Reduction)
    - power: avs: cpr: Use raw mem access for qfprom
    - power: avs: cpr: fix with new reg_sequence structures
    - power: avs: cpr: Register with cpufreq-dt
    - regulator: smd: Add floor and corner operations
    - PM / OPP: Support adjusting OPP voltages at runtime
    - PM / OPP: Drop RCU usage in dev_pm_opp_adjust_voltage()
    - PM / OPP: HACK: Allow to set regulator without opp_list
    - PM / OPP: Add a helper to get an opp regulator for device
    - cpufreq: Add apq8016 to cpufreq-dt-platdev blacklist
    - regulator: smd: Allow REGULATOR_QCOM_SMD_RPM=m
    - ov5645: I2C address change
    - i2c: Add Qualcomm Camera Control Interface driver
    - camss: vfe: Skip first four frames from sensor
    - camss: Do not register if no cameras are present
    - i2c-qcom-cci: Fix run queue completion timeout
    - i2c-qcom-cci: Fix I2C address bug
    - media: ov5645: Fix I2C address
    - drm/bridge/adv7511: Delay clearing of HPD interrupt status
    - HACK: drm/msm/adv7511: Don't rely on interrupts for EDID parsing
    - leds: Add driver for Qualcomm LPG
    - wcn36xx: Fix warning due to duplicate scan_completed notification
    - arm64: dts: Add CPR DT node for msm8916
    - arm64: dts: add spmi-regulator nodes
    - arm64: dts: msm8916: Add cpufreq support
    - arm64: dts: msm8916: Add a shared CPU opp table
    - arm64: dts: msm8916: Add cpu cooling maps
    - arm64: dts: pm8916: Mark the s2 regulator as always-on
    - dt-bindings: mailbox: qcom: Document the APCS clock binding
    - arm64: dts: qcom: msm8916: Add msm8916 A53 PLL DT node
    - arm64: dts: qcom: msm8916: Use the new APCS mailbox driver
    - arm64: dts: qcom: msm8916: Add clock properties to the APCS node
    - arm64: dts: qcom: apq8016-sbc: Allow USR4 LED to notify kernel panic
    - dt-bindings: media: Binding document for Qualcomm Camera Control Interface
      driver
    - MAINTAINERS: Add Qualcomm Camera Control Interface driver
    - DT: leds: Add Qualcomm Light Pulse Generator binding
    - arm64: dts: qcom: msm8996: Add mpp and lpg blocks
    - arm64: dts: qcom: Add pwm node for pm8916
    - arm64: dts: qcom: Add user LEDs on db820c
    - arm64: dts: qcom: Add WiFI/BT LEDs on db820c
    - ARM: dts: qcom: Add LPG node to pm8941
    - ARM: dts: qcom: honami: Add LPG node and RGB LED
    - arm64: dts: qcom: Add Camera Control Interface support
    - arm64: dts: qcom: Add apps_iommu vfe child node
    - arm64: dts: qcom: Add camss device node
    - arm64: dts: qcom: Add ov5645 device nodes
    - arm64: dts: msm8916: Fix camera sensors I2C addresses
    - arm: dts: qcom: db410c: Enable PWM signal on MPP4
    - packaging: arm64: add a uboot flavour - part1
    - packaging: arm64: add a uboot flavour - part2
    - packaging: arm64: add a uboot flavour - part3
    - packaging: arm64: add a uboot flavour - part4
    - packaging: arm64: add a uboot flavour - part5
    - packaging: arm64: rename uboot flavour to snapdragon
    - [Config] updateconfigs after qcomlt import
    - [Config] arm64: snapdragon: COMMON_CLK_QCOM=y
    - [Config] arm64: snapdragon: MSM_GCC_8916=y
    - [Config] arm64: snapdragon: REGULATOR_FIXED_VOLTAGE=y
    - [Config] arm64: snapdragon: PINCTRL_MSM8916=y
    - [Config] arm64: snapdragon: HWSPINLOCK_QCOM=y
    - [Config] arm64: snapdragon: SPMI=y, SPMI_MSM_PMIC_ARB=y
    - [Config] arm64: snapdragon: REGMAP_SPMI=y, PINCTRL_QCOM_SPMI_PMIC=y
    - [Config] arm64: snapdragon: REGULATOR_QCOM_SPMI=y
    - [Config] arm64: snapdragon: MFD_SPMI_PMIC=y
    - [Config] arm64: snapdragon: QCOM_SMEM=y
    - [Config] arm64: snapdragon: RPMSG=y, RPMSG_QCOM_SMD=y
    - [Config] arm64: snapdragon: QCOM_SMD_RPM=y, REGULATOR_QCOM_SMD_RPM=y
    - [Config] arm64: snapdragon: QCOM_CLK_SMD_RPM=y
    - [Config] arm64: snapdragon: QCOM_BAM_DMA=y
    - [Config] arm64: snapdragon: QCOM_HIDMA=y, QCOM_HIDMA_MGMT=y
    - [Config] arm64: snapdragon: QCOM_CPR=y
    - [Config] arm64: snapdragon: QCOM_QFPROM=y, QCOM_TSENS=y
    - [Config] arm64: snapdragon: MMC_SDHCI=y, MMC_SDHCI_PLTFM=y, MMC_SDHCI_MSM=y
    - [Config] turn off DRM_MSM_REGISTER_LOGGING
    - [Config] arm64: snapdragon: I2C_QUP=y
    - [Config] arm64: snapdragon: SPI_QUP=y
    - [Config] arm64: snapdragon: USB_ULPI_BUS=y, PHY_QCOM_USB_HS=y
    - [Config] arm64: snapdragon: QCOM_APCS_IPC=y
    - [Config] arm64: snapdragon: QCOM_WCNSS_CTRL=y
    - [Config] arm64: snapdragon: QCOM_SMSM=y
    - [Config] arm64: snapdragon: QCOM_SMP2P=y
    - [Config] arm64: snapdragon: DRM_MSM=y
    - [Config] arm64: snapdragon: SND_SOC=y
    - [Config] arm64: snapdragon: QCOM_WCNSS_PIL=m
    - [Config] arm64: snapdragon: QCOM_A53PLL=y, QCOM_CLK_APCS_MSM8916=y
    - [Config] arm64: snapdragon: INPUT_PM8941_PWRKEY=y
    - [Config] arm64: snapdragon: MEDIA_SUBDRV_AUTOSELECT=y, VIDEO_OV5645=m
    - [Config] arm64: snapdragon: SND_SOC_APQ8016_SBC=y, SND_SOC_LPASS_APQ8016=y
    - [Config] arm64: snapdragon: SND_SOC_MSM8916_WCD_ANALOG=y,
      SND_SOC_MSM8916_WCD_DIGITAL=y
    - SAUCE: media: ov5645: skip address change if dt addr == default addr
    - SAUCE: drm/msm/adv7511: wrap hacks under CONFIG_ADV7511_SNAPDRAGON_HACKS
      #ifdefs
    - [Config] arm64: snapdragon: ADV7511_SNAPDRAGON_HACKS=y
    - packaging: snapdragon: fixup ABI paths
  * LSM stacking patches for bionic (LP: #1763062)
    - SAUCE: LSM stacking: procfs: add smack subdir to attrs
    - SAUCE: LSM stacking: LSM: Manage credential security blobs
    - SAUCE: LSM stacking: LSM: Manage file security blobs
    - SAUCE: LSM stacking: LSM: Manage task security blobs
    - SAUCE: LSM stacking: LSM: Manage remaining security blobs
    - SAUCE: LSM stacking: LSM: General stacking
    - SAUCE: LSM stacking: fixup initialize task->security
    - SAUCE: LSM stacking: fixup: alloc_task_ctx is dead code
    - SAUCE: LSM stacking: add support for stacking getpeersec_stream
    - SAUCE: LSM stacking: add stacking support to apparmor network hooks
    - SAUCE: LSM stacking: fixup apparmor stacking enablement
    - SAUCE: LSM stacking: fixup stacking kconfig
    - SAUCE: LSM stacking: allow selecting multiple LSMs using kernel boot params
    - SAUCE: LSM stacking: provide prctl interface for setting context
    - SAUCE: LSM stacking: inherit current display LSM
    - SAUCE: LSM stacking: keep an index for each registered LSM
    - SAUCE: LSM stacking: verify display LSM
    - SAUCE: LSM stacking: provide a way to specify the default display lsm
    - SAUCE: LSM stacking: make sure LSM blob align on 64 bit boundaries
    - SAUCE: LSM stacking: add /proc/<pid>/attr/display_lsm
    - SAUCE: LSM stacking: add Kconfig to set default display LSM
    - SAUCE: LSM stacking: add configs for LSM stacking
    - SAUCE: LSM stacking: add apparmor and selinux proc dirs
    - SAUCE: LSM stacking: remove procfs context interface
  * linux 4.13.0-13.14 ADT test failure with linux 4.13.0-13.14
    (LP: #1720779) // LSM stacking patches for bionic (LP: #1763062)
    - SAUCE: LSM stacking: check for invalid zero sized writes
  * RDMA/hns: ensure for-loop actually iterates and free's buffers
    (LP: #1762757)
    - RDMA/hns: ensure for-loop actually iterates and free's buffers
  * Support cq/rq record doorbell for RDMA on HSilicon hip08 systems
    (LP: #1762755)
    - RDMA/hns: Fix the endian problem for hns
    - RDMA/hns: Support rq record doorbell for the user space
    - RDMA/hns: Support cq record doorbell for the user space
    - RDMA/hns: Support rq record doorbell for kernel space
    - RDMA/hns: Support cq record doorbell for kernel space
    - RDMA/hns: Fix cqn type and init resp
    - RDMA/hns: Fix init resp when alloc ucontext
    - RDMA/hns: Fix cq record doorbell enable in kernel
  * Replace LPC patchset with upstream version (LP: #1762758)
    - Revert "UBUNTU: SAUCE: MAINTAINERS: Add maintainer for HiSilicon LPC driver"
    - Revert "UBUNTU: SAUCE: HISI LPC: Add ACPI support"
    - Revert "UBUNTU: SAUCE: ACPI / scan: do not enumerate Indirect IO host
      children"
    - Revert "UBUNTU: SAUCE: HISI LPC: Support the LPC host on Hip06/Hip07 with DT
      bindings"
    - Revert "UBUNTU: SAUCE: OF: Add missing I/O range exception for indirect-IO
      devices"
    - Revert "UBUNTU: SAUCE: PCI: Apply the new generic I/O management on PCI IO
      hosts"
    - Revert "UBUNTU: SAUCE: PCI: Add fwnode handler as input param of
      pci_register_io_range()"
    - Revert "UBUNTU: SAUCE: PCI: Remove unused __weak attribute in
      pci_register_io_range()"
    - Revert "UBUNTU: SAUCE: LIB: Introduce a generic PIO mapping method"
    - lib: Add generic PIO mapping method
    - PCI: Remove __weak tag from pci_register_io_range()
    - PCI: Add fwnode handler as input param of pci_register_io_range()
    - PCI: Apply the new generic I/O management on PCI IO hosts
    - of: Add missing I/O range exception for indirect-IO devices
    - HISI LPC: Support the LPC host on Hip06/Hip07 with DT bindings
    - ACPI / scan: Rename acpi_is_serial_bus_slave() for more general use
    - ACPI / scan: Do not enumerate Indirect IO host children
    - HISI LPC: Add ACPI support
    - MAINTAINERS: Add John Garry as maintainer for HiSilicon LPC driver
  * Enable Tunneled Operations on POWER9 (LP: #1762448)
    - powerpc/powernv: Enable tunneled operations
    - cxl: read PHB indications from the device tree
  * PSL traces reset after PERST for debug AFU image (LP: #1762462)
    - cxl: Enable NORST bit in PSL_DEBUG register for PSL9
  * NFS + sec=krb5 is broken (LP: #1759791)
    - sunrpc: remove incorrect HMAC request initialization
  * Raspberry Pi 3 microSD support missing from the installer (LP: #1729128)
    - d-i: add bcm2835 to block-modules
  * Backport USB core quirks (LP: #1762695)
    - usb: core: Add "quirks" parameter for usbcore
    - usb: core: Copy parameter string correctly and remove superfluous null check
    - usb: core: Add USB_QUIRK_DELAY_CTRL_MSG to usbcore quirks
  * [Ubuntu 18.04] cryptsetup: 'device-mapper: reload ioctl on  failed' when
    setting up a second end-to-end encrypted disk (LP: #1762353)
    - SAUCE: s390/crypto: Adjust s390 aes and paes cipher
  * Additional spectre and meltdown patches (LP: #1760099) // CVE-2017-5715
    - powerpc/64s: Wire up cpu_show_spectre_v2()
  * Additional spectre and meltdown patches (LP: #1760099) // CVE-2017-5753
    - powerpc/64s: Wire up cpu_show_spectre_v1()
  * Additional spectre and meltdown patches (LP: #1760099) // CVE-2017-5754
    - powerpc/rfi-flush: Move the logic to avoid a redo into the debugfs code
    - powerpc/rfi-flush: Make it possible to call setup_rfi_flush() again
    - powerpc/rfi-flush: Always enable fallback flush on pseries
    - powerpc/rfi-flush: Differentiate enabled and patched flush types
    - powerpc/rfi-flush: Call setup_rfi_flush() after LPM migration
    - powerpc/64s: Move cpu_show_meltdown()
    - powerpc/64s: Enhance the information in cpu_show_meltdown()
    - powerpc/powernv: Use the security flags in pnv_setup_rfi_flush()
    - powerpc/pseries: Use the security flags in pseries_setup_rfi_flush()
  * Additional spectre and meltdown patches (LP: #1760099) // CVE-2017-5715 //
    CVE-2017-5753 // CVE-2017-5754
    - powerpc/pseries: Add new H_GET_CPU_CHARACTERISTICS flags
    - powerpc: Add security feature flags for Spectre/Meltdown
    - powerpc/pseries: Set or clear security feature flags
    - powerpc/powernv: Set or clear security feature flags
  * Hisilicon network subsystem 3 support (LP: #1761610)
    - net: hns3: export pci table of hclge and hclgevf to userspace
    - d-i: Add hns3 drivers to nic-modules
  * "ip a" command on a guest VM shows UNKNOWN status (LP: #1761534)
    - virtio-net: Fix operstate for virtio when no VIRTIO_NET_F_STATUS
  * perf vendor events arm64: Enable JSON events for ThunderX2 B0 (LP: #1760712)
    - perf vendor events aarch64: Add JSON metrics for ARM Cortex-A53 Processor
    - perf vendor events: Drop incomplete multiple mapfile support
    - perf vendor events: Fix error code in json_events()
    - perf vendor events: Drop support for unused topic directories
    - perf vendor events: Add support for pmu events vendor subdirectory
    - perf vendor events arm64: Relocate ThunderX2 JSON to cavium subdirectory
    - perf vendor events arm64: Relocate Cortex A53 JSONs to arm subdirectory
    - perf vendor events: Add support for arch standard events
    - perf vendor events arm64: Add armv8-recommended.json
    - perf vendor events arm64: Fixup ThunderX2 to use recommended events
    - perf vendor events arm64: fixup A53 to use recommended events
    - perf vendor events arm64: add HiSilicon hip08 JSON file
    - perf vendor events arm64: Enable JSON events for ThunderX2 B0
  * Warning "cache flush timed out!" seen when unloading the cxl driver
    (LP: #1762367)
    - cxl: Check if PSL data-cache is available before issue flush request
  * Bionic update to 4.15.16 stable release (LP: #1762370)
    - ARM: OMAP: Fix SRAM W+X mapping
    - ARM: 8746/1: vfp: Go back to clearing vfp_current_hw_state[]
    - ARM: dts: sun6i: a31s: bpi-m2: improve pmic properties
    - ARM: dts: sun6i: a31s: bpi-m2: add missing regulators
    - mtd: jedec_probe: Fix crash in jedec_read_mfr()
    - mtd: nand: atmel: Fix get_sectorsize() function
    - ALSA: usb-audio: Add native DSD support for TEAC UD-301
    - ALSA: pcm: Use dma_bytes as size parameter in dma_mmap_coherent()
    - ALSA: pcm: potential uninitialized return values
    - x86/platform/uv/BAU: Add APIC idt entry
    - perf/hwbp: Simplify the perf-hwbp code, fix documentation
    - ceph: only dirty ITER_IOVEC pages for direct read
    - ipc/shm.c: add split function to shm_vm_ops
    - i2c: i2c-stm32f7: fix no check on returned setup
    - powerpc/mm: Add tracking of the number of coprocessors using a context
    - powerpc/mm: Workaround Nest MMU bug with TLB invalidations
    - powerpc/64s: Fix i-side SLB miss bad address handler saving nonvolatile GPRs
    - partitions/msdos: Unable to mount UFS 44bsd partitions
    - xfrm_user: uncoditionally validate esn replay attribute struct
    - RDMA/ucma: Check AF family prior resolving address
    - RDMA/ucma: Fix use-after-free access in ucma_close
    - RDMA/ucma: Ensure that CM_ID exists prior to access it
    - RDMA/rdma_cm: Fix use after free race with process_one_req
    - RDMA/ucma: Check that device is connected prior to access it
    - RDMA/ucma: Check that device exists prior to accessing it
    - RDMA/ucma: Introduce safer rdma_addr_size() variants
    - ipv6: fix possible deadlock in rt6_age_examine_exception()
    - net: xfrm: use preempt-safe this_cpu_read() in ipcomp_alloc_tfms()
    - xfrm: Refuse to insert 32 bit userspace socket policies on 64 bit systems
    - percpu: add __GFP_NORETRY semantics to the percpu balancing path
    - netfilter: x_tables: make allocation less aggressive
    - netfilter: bridge: ebt_among: add more missing match size checks
    - l2tp: fix races with ipv4-mapped ipv6 addresses
    - netfilter: drop template ct when conntrack is skipped.
    - netfilter: x_tables: add and use xt_check_proc_name
    - phy: qcom-ufs: add MODULE_LICENSE tag
    - Bluetooth: Fix missing encryption refresh on Security Request
    - drm/i915/dp: Write to SET_POWER dpcd to enable MST hub.
    - bitmap: fix memset optimization on big-endian systems
    - USB: serial: ftdi_sio: add RT Systems VX-8 cable
    - USB: serial: ftdi_sio: add support for Harman FirmwareHubEmulator
    - USB: serial: cp210x: add ELDAT Easywave RX09 id
    - serial: 8250: Add Nuvoton NPCM UART
    - mei: remove dev_err message on an unsupported ioctl
    - /dev/mem: Avoid overwriting "err" in read_mem()
    - media: usbtv: prevent double free in error case
    - parport_pc: Add support for WCH CH382L PCI-E single parallel port card.
    - crypto: lrw - Free rctx->ext with kzfree
    - crypto: talitos - don't persistently map req_ctx->hw_context and
      req_ctx->buf
    - crypto: inside-secure - fix clock management
    - crypto: testmgr - Fix incorrect values in PKCS#1 test vector
    - crypto: talitos - fix IPsec cipher in length
    - crypto: ahash - Fix early termination in hash walk
    - crypto: caam - Fix null dereference at error path
    - crypto: ccp - return an actual key size from RSA max_size callback
    - crypto: arm,arm64 - Fix random regeneration of S_shipped
    - crypto: x86/cast5-avx - fix ECB encryption when long sg follows short one
    - Btrfs: fix unexpected cow in run_delalloc_nocow
    - staging: comedi: ni_mio_common: ack ai fifo error interrupts.
    - Revert "base: arch_topology: fix section mismatch build warnings"
    - Input: ALPS - fix TrackStick detection on Thinkpad L570 and Latitude 7370
    - Input: i8042 - add Lenovo ThinkPad L460 to i8042 reset list
    - Input: i8042 - enable MUX on Sony VAIO VGN-CS series to fix touchpad
    - vt: change SGR 21 to follow the standards
    - ARM: dts: DRA76-EVM: Set powerhold property for tps65917
    - net: hns: Fix ethtool private flags
    - Fix slab name "biovec-(1<<(21-12))"
    - Revert "ARM: dts: am335x-pepper: Fix the audio CODEC's reset pin"
    - Revert "ARM: dts: omap3-n900: Fix the audio CODEC's reset pin"
    - Revert "cpufreq: Fix governor module removal race"
    - Revert "ip6_vti: adjust vti mtu according to mtu of lower device"
    - Linux 4.15.16
  * [18.04][config] regression: nvme and nvme_core couldn't be built as modules
    starting 4.15-rc2 (LP: #1759893)
    - SAUCE: Revert "lightnvm: include NVM Express driver if OCSSD is selected for
      build"
    - [Config] CONFIG_BLK_DEV_NMVE=m
  * Miscellaneous Ubuntu changes
    - [Packaging] Only install cloud init files when do_tools_common=true

-- Thadeu Lima de Souza Cascardo <cascardo@canonical.com>  Fri, 20 Apr 2018 12:16:40 -0300

Changed in linux-kvm (Ubuntu Bionic):
status:	Fix Committed → Fix Released

Revision history for this message

Launchpad Janitor (janitor) wrote on 2018-06-11:

Download full text (16.7 KiB)

This bug was fixed in the package linux-kvm - 4.4.0-1027.32

---------------
linux-kvm (4.4.0-1027.32) xenial; urgency=medium

* linux-kvm: 4.4.0-1027.32 -proposed tracker (LP: #1772964)

* Xenial update to 4.4.129 stable release (LP: #1768429)
- [Config] Remove ARCH_HWEIGHT_CFLAGS

  * test_140_kernel_modules_not_tainted in kernel security test failed with 4.15
    kvm kernel (LP: #1766832)
    - kvm: [config] enable CONFIG_MODULE_UNLOAD

  * test_072_config_debug_set_module_ronx in kernel security test failed with
    4.4 X-kvm (LP: #1760646)
    - kvm: [config] enable CONFIG_DEBUG_SET_MODULE_RONX

  * test_151_sysctl_disables_bpf_unpriv_userns in kernel security test failed
    with 4.4/4.15 kvm (LP: #1760656)
    - kvm: [config] enable BPF_SYSCALL

  * test_077_config_security_ipsec in kernel security test failed with 4.4/4.15
    kvm (LP: #1760653)
    - kvm: [config] enable ipsec configs

  * test_074_config_security_default_mmap_min_addr in kernel security test
    failed with 4.4/4.15 kvm (LP: #1760650)
    - kvm: [config] DEFAULT_MMAP_MIN_ADDR=65536

  * test_072_config_debug_rodata in kernel security test failed with 4.4 X-kvm
    (LP: #1760643)
    - [Config] enable CONFIG_DEBUG_RODATA

[ Ubuntu: 4.4.0-128.154 ]

This bug was fixed in the package linux-kvm - 4.4.0-1027.32

---------------
linux-kvm (4.4.0-1027.32) xenial; urgency=medium

* linux-kvm: 4.4.0-1027.32 -proposed tracker (LP: #1772964)

* Xenial update to 4.4.129 stable release (LP: #1768429)
    - [Config] Remove ARCH_HWEIGHT_CFLAGS

* test_140_kernel_modules_not_tainted in kernel security test failed with 4.15
    kvm kernel (LP: #1766832)
    - kvm: [config] enable CONFIG_MODULE_UNLOAD

* test_072_config_debug_set_module_ronx  in kernel security test failed with
    4.4 X-kvm (LP: #1760646)
    - kvm: [config] enable CONFIG_DEBUG_SET_MODULE_RONX

* test_151_sysctl_disables_bpf_unpriv_userns in kernel security test failed
    with 4.4/4.15 kvm (LP: #1760656)
    - kvm: [config] enable BPF_SYSCALL

* test_077_config_security_ipsec in kernel security test failed with 4.4/4.15
    kvm (LP: #1760653)
    - kvm: [config] enable ipsec configs

* test_076_config_security_acl_ext4  in kernel security test failed with
    4.4/4.15 kvm (LP: #1760652) // test_160_setattr_CVE_2015_1350 in kernel
    security test failed with 4.4/4.15 kvm (LP: #1760657)
    - kvm: [config] enable POSIX_ACL, XATTR, FS_SECURITY for all filesystems

* test_074_config_security_default_mmap_min_addr in kernel security test
    failed with 4.4/4.15 kvm (LP: #1760650)
    - kvm: [config] DEFAULT_MMAP_MIN_ADDR=65536

* test_072_config_debug_rodata in kernel security test failed with 4.4 X-kvm
    (LP: #1760643)
    - [Config] enable CONFIG_DEBUG_RODATA

[ Ubuntu: 4.4.0-128.154 ]

* linux: 4.4.0-128.154 -proposed tracker (LP: #1772960)
  * CVE-2018-3639 (x86)
    - x86/cpu: Make alternative_msr_write work for 32-bit code
    - x86/bugs: Fix the parameters alignment and missing void
    - KVM: SVM: Move spec control call after restore of GS
    - x86/speculation: Use synthetic bits for IBRS/IBPB/STIBP
    - x86/cpufeatures: Disentangle MSR_SPEC_CTRL enumeration from IBRS
    - x86/cpufeatures: Disentangle SSBD enumeration
    - x86/cpu/AMD: Fix erratum 1076 (CPB bit)
    - x86/cpufeatures: Add FEATURE_ZEN
    - x86/speculation: Handle HT correctly on AMD
    - x86/bugs, KVM: Extend speculation control for VIRT_SPEC_CTRL
    - x86/speculation: Add virtualized speculative store bypass disable support
    - x86/speculation: Rework speculative_store_bypass_update()
    - x86/bugs: Unify x86_spec_ctrl_{set_guest,restore_host}
    - x86/bugs: Expose x86_spec_ctrl_base directly
    - x86/bugs: Remove x86_spec_ctrl_set()
    - x86/bugs: Rework spec_ctrl base and mask logic
    - x86/speculation, KVM: Implement support for VIRT_SPEC_CTRL/LS_CFG
    - KVM: SVM: Implement VIRT_SPEC_CTRL support for SSBD
    - x86/bugs: Rename SSBD_NO to SSB_NO
    - KVM: VMX: Expose SSBD properly to guests.
  * [i915_bpo] Fix flickering issue after panel change (LP: #1770565)
    - drm/i915: Fix iboost setting for DDI with 4 lanes on SKL
    - drm/i915: Name the "iboost bit"
    - drm/i915: Program iboost settings for HDMI/DVI on SKL
    - drm/i915: Move bxt_ddi_vswing_sequence() call into intel_ddi_pre_enable()
      for HDMI
    - drm/i915: Explicitly use ddi buf trans entry 9 for hdmi
    - drm/i915: Split DP/eDP/FDI and HDMI/DVI DDI buffer programming apart
    - drm/i915: Get the iboost setting based on the port type
    - drm/i915: Simplify intel_ddi_get_encoder_port()
    - drm/i915: Fix iboost setting for SKL Y/U DP DDI buffer translation entry 2
    - drm/i915: KBL - Recommended buffer translation programming for DisplayPort
    - drm/i915: Ignore OpRegion panel type except on select machines
  * [SRU][Bionic/Artful] fix false positives in W+X checking (LP: #1769696)
    - init: fix false positives in W+X checking
  * [Ubuntu 16.04] kernel: fix rwlock implementation (LP: #1761674)
    - SAUCE: (no-up) s390: fix rwlock implementation
  * linux < 4.11: unable to use netfilter logging from non-init namespaces
    (LP: #1766573)
    - netfilter: allow logging from non-init namespaces
  * [LTC Test] Ubuntu 18.04:  tm_sigreturn failed on P8 compat mode 16.04.04
    guest (LP: #1771439)
    - powerpc: signals: Discard transaction state from signal frames
  * QCA9377 requires more IRAM banks for its new firmware (LP: #1748345)
    - ath10k: update the IRAM bank number for QCA9377
  * i915/kbl_dmc_ver1.bin failed with error -2 package 1.157.17 kernel
    4.4.0-116-generic (LP: #1752536)
    - ubuntu: i915_bpo - Add MODULE_FIRMWARE for Geminilake's DMC
  * Xenial update to 4.4.131 stable release (LP: #1768825)
    - ext4: prevent right-shifting extents beyond EXT_MAX_BLOCKS
    - ext4: set h_journal if there is a failure starting a reserved handle
    - ext4: add validity checks for bitmap block numbers
    - ext4: fix bitmap position validation
    - usbip: usbip_host: fix to hold parent lock for device_attach() calls
    - usbip: vhci_hcd: Fix usb device and sockfd leaks
    - USB: serial: simple: add libtransistor console
    - USB: serial: ftdi_sio: use jtag quirk for Arrow USB Blaster
    - USB: serial: cp210x: add ID for NI USB serial console
    - usb: core: Add quirk for HP v222w 16GB Mini
    - USB: Increment wakeup count on remote wakeup.
    - ALSA: usb-audio: Skip broken EU on Dell dock USB-audio
    - virtio: add ability to iterate over vqs
    - virtio_console: free buffers after reset
    - drm/virtio: fix vq wait_event condition
    - tty: Don't call panic() at tty_ldisc_init()
    - tty: n_gsm: Fix long delays with control frame timeouts in ADM mode
    - tty: n_gsm: Fix DLCI handling for ADM mode if debug & 2 is not set
    - tty: Use __GFP_NOFAIL for tty_ldisc_get()
    - ALSA: core: Report audio_tstamp in snd_pcm_sync_ptr
    - ALSA: seq: oss: Fix unbalanced use lock for synth MIDI device
    - ALSA: hda/realtek - Add some fixes for ALC233
    - mtd: cfi: cmdset_0001: Do not allow read/write to suspend erase block.
    - mtd: cfi: cmdset_0001: Workaround Micron Erase suspend bug.
    - mtd: cfi: cmdset_0002: Do not allow read/write to suspend erase block.
    - kobject: don't use WARN for registration failures
    - scsi: sd: Defer spinning up drive while SANITIZE is in progress
    - ARM: amba: Make driver_override output consistent with other buses
    - ARM: amba: Fix race condition with driver_override
    - ARM: amba: Don't read past the end of sysfs "driver_override" buffer
    - ASoC: fsl_esai: Fix divisor calculation failure at lower ratio
    - libceph: validate con->state at the top of try_write()
    - x86/ipc: Fix x32 version of shmid64_ds and msqid64_ds
    - x86/smpboot: Don't use mwait_play_dead() on AMD systems
    - serial: mctrl_gpio: export mctrl_gpio_disable_ms and mctrl_gpio_init
    - serial: mctrl_gpio: Add missing module license
    - Linux 4.4.131
  * Xenial update to 4.4.130 stable release (LP: #1768474) // CVE-2017-5715 //
    CVE-2017-5753
    - SAUCE: s390: print messages for gmb and nobp
  * Xenial update to 4.4.130 stable release (LP: #1768474)
    - cifs: do not allow creating sockets except with SMB1 posix exensions
    - x86/tsc: Prevent 32bit truncation in calc_hpet_ref()
    - perf: Return proper values for user stack errors
    - staging: ion : Donnot wakeup kswapd in ion system alloc
    - r8152: add Linksys USB3GIGV1 id
    - Input: drv260x - fix initializing overdrive voltage
    - ath9k_hw: check if the chip failed to wake up
    - jbd2: fix use after free in kjournald2()
    - Revert "ath10k: send (re)assoc peer command when NSS changed"
    - Revert "UBUNTU: SAUCE: s390: print messages for gmb and nobp"
    - Revert "UBUNTU: SAUCE: s390: improve cpu alternative handling for gmb and
      nobp"
    - Revert "s390: add ppa to kernel entry / exit"
    - Revert "s390: introduce CPU alternatives"
    - s390: introduce CPU alternatives
    - s390: enable CPU alternatives unconditionally
    - s390/alternative: use a copy of the facility bit mask
    - s390: add options to change branch prediction behaviour for the kernel
    - s390: scrub registers on kernel entry and KVM exit
    - s390: add optimized array_index_mask_nospec
    - s390: run user space and KVM guests with modified branch prediction
    - s390: introduce execute-trampolines for branches
    - s390: Replace IS_ENABLED(EXPOLINE_*) with IS_ENABLED(CONFIG_EXPOLINE_*)
    - s390: do not bypass BPENTER for interrupt system calls
    - s390/entry.S: fix spurious zeroing of r0
    - s390: move nobp parameter functions to nospec-branch.c
    - s390: add automatic detection of the spectre defense
    - [Config] Add CONFIG_EXPOLINE=y and CONFIG_EXPOLINE_AUTO=y
    - s390: report spectre mitigation via syslog
    - s390: add sysfs attributes for spectre
    - s390: correct nospec auto detection init order
    - s390: correct module section names for expoline code revert
    - bonding: do not set slave_dev npinfo before slave_enable_netpoll in
      bond_enslave
    - KEYS: DNS: limit the length of option strings
    - l2tp: check sockaddr length in pppol2tp_connect()
    - net: validate attribute sizes in neigh_dump_table()
    - llc: delete timers synchronously in llc_sk_free()
    - tcp: don't read out-of-bounds opsize
    - team: avoid adding twice the same option to the event list
    - team: fix netconsole setup over team
    - packet: fix bitfield update race
    - pppoe: check sockaddr length in pppoe_connect()
    - vlan: Fix reading memory beyond skb->tail in skb_vlan_tagged_multi
    - sctp: do not check port in sctp_inet6_cmp_addr
    - llc: hold llc_sap before release_sock()
    - llc: fix NULL pointer deref for SOCK_ZAPPED
    - tipc: add policy for TIPC_NLA_NET_ADDR
    - net: fix deadlock while clearing neighbor proxy table
    - tcp: md5: reject TCP_MD5SIG or TCP_MD5SIG_EXT on established sockets
    - net: af_packet: fix race in PACKET_{R|T}X_RING
    - ipv6: add RTA_TABLE and RTA_PREFSRC to rtm_ipv6_policy
    - scsi: mptsas: Disable WRITE SAME
    - cdrom: information leak in cdrom_ioctl_media_changed()
    - s390/cio: update chpid descriptor after resource accessibility event
    - s390/uprobes: implement arch_uretprobe_is_alive()
    - Linux 4.4.130
    - SAUCE: s390: Add 'nogmb' kernel parameter
  * Xenial update to 4.4.129 stable release (LP: #1768429)
    - media: v4l2-compat-ioctl32: don't oops on overlay
    - parisc: Fix out of array access in match_pci_device()
    - perf intel-pt: Fix overlap detection to identify consecutive buffers
      correctly
    - perf intel-pt: Fix sync_switch
    - perf intel-pt: Fix error recovery from missing TIP packet
    - perf intel-pt: Fix timestamp following overflow
    - radeon: hide pointless #warning when compile testing
    - block/loop: fix deadlock after loop_set_status
    - s390/qdio: don't retry EQBS after CCQ 96
    - s390/qdio: don't merge ERROR output buffers
    - s390/ipl: ensure loadparm valid flag is set
    - getname_kernel() needs to make sure that ->name != ->iname in long case
    - rtl8187: Fix NULL pointer dereference in priv->conf_mutex
    - hwmon: (ina2xx) Fix access to uninitialized mutex
    - cdc_ether: flag the Cinterion AHS8 modem by gemalto as WWAN
    - slip: Check if rstate is initialized before uncompressing
    - lan78xx: Correctly indicate invalid OTP
    - x86/hweight: Get rid of the special calling convention
    - [Config] Remove ARCH_HWEIGHT_CFLAGS
    - x86/hweight: Don't clobber %rdi
    - tty: make n_tty_read() always abort if hangup is in progress
    - ubifs: Check ubifs_wbuf_sync() return code
    - ubi: fastmap: Don't flush fastmap work on detach
    - ubi: Fix error for write access
    - ubi: Reject MLC NAND
    - fs/reiserfs/journal.c: add missing resierfs_warning() arg
    - resource: fix integer overflow at reallocation
    - ipc/shm: fix use-after-free of shm file via remap_file_pages()
    - mm, slab: reschedule cache_reap() on the same CPU
    - usb: musb: gadget: misplaced out of bounds check
    - ARM: dts: at91: at91sam9g25: fix mux-mask pinctrl property
    - ARM: dts: at91: sama5d4: fix pinctrl compatible string
    - xen-netfront: Fix hang on device removal
    - regmap: Fix reversed bounds check in regmap_raw_write()
    - ACPI / video: Add quirk to force acpi-video backlight on Samsung 670Z5E
    - ACPI / hotplug / PCI: Check presence of slot itself in get_slot_status()
    - USB:fix USB3 devices behind USB3 hubs not resuming at hibernate thaw
    - usb: dwc3: pci: Properly cleanup resource
    - HID: i2c-hid: fix size check and type usage
    - powerpc/powernv: Handle unknown OPAL errors in opal_nvram_write()
    - powerpc/64: Fix smp_wmb barrier definition use use lwsync consistently
    - powerpc/powernv: define a standard delay for OPAL_BUSY type retry loops
    - powerpc/powernv: Fix OPAL NVRAM driver OPAL_BUSY loops
    - HID: Fix hid_report_len usage
    - HID: core: Fix size as type u32
    - ASoC: ssm2602: Replace reg_default_raw with reg_default
    - thunderbolt: Resume control channel after hibernation image is created
    - random: use a tighter cap in credit_entropy_bits_safe()
    - jbd2: if the journal is aborted then don't allow update of the log tail
    - ext4: don't update checksum of new initialized bitmaps
    - ext4: fail ext4_iget for root directory if unallocated
    - RDMA/ucma: Don't allow setting RDMA_OPTION_IB_PATH without an RDMA device
    - ALSA: pcm: Fix UAF at PCM release via PCM timer access
    - IB/srp: Fix srp_abort()
    - IB/srp: Fix completion vector assignment algorithm
    - dmaengine: at_xdmac: fix rare residue corruption
    - um: Use POSIX ucontext_t instead of struct ucontext
    - iommu/vt-d: Fix a potential memory leak
    - mmc: jz4740: Fix race condition in IRQ mask update
    - clk: mvebu: armada-38x: add support for 1866MHz variants
    - clk: mvebu: armada-38x: add support for missing clocks
    - clk: bcm2835: De-assert/assert PLL reset signal when appropriate
    - thermal: imx: Fix race condition in imx_thermal_probe()
    - watchdog: f71808e_wdt: Fix WD_EN register read
    - ALSA: oss: consolidate kmalloc/memset 0 call to kzalloc
    - ALSA: pcm: Use ERESTARTSYS instead of EINTR in OSS emulation
    - ALSA: pcm: Avoid potential races between OSS ioctls and read/write
    - ALSA: pcm: Return -EBUSY for OSS ioctls changing busy streams
    - ALSA: pcm: Fix mutex unbalance in OSS emulation ioctls
    - ALSA: pcm: Fix endless loop for XRUN recovery in OSS emulation
    - vfio-pci: Virtualize PCIe & AF FLR
    - vfio/pci: Virtualize Maximum Payload Size
    - vfio/pci: Virtualize Maximum Read Request Size
    - ext4: don't allow r/w mounts if metadata blocks overlap the superblock
    - drm/radeon: Fix PCIe lane width calculation
    - ext4: fix crashes in dioread_nolock mode
    - ext4: fix deadlock between inline_data and ext4_expand_extra_isize_ea()
    - ALSA: line6: Use correct endpoint type for midi output
    - ALSA: rawmidi: Fix missing input substream checks in compat ioctls
    - ALSA: hda - New VIA controller suppor no-snoop path
    - HID: hidraw: Fix crash on HIDIOCGFEATURE with a destroyed device
    - MIPS: uaccess: Add micromips clobbers to bzero invocation
    - MIPS: memset.S: EVA & fault support for small_memset
    - MIPS: memset.S: Fix return of __clear_user from Lpartial_fixup
    - MIPS: memset.S: Fix clobber of v1 in last_fixup
    - powerpc/eeh: Fix enabling bridge MMIO windows
    - powerpc/lib: Fix off-by-one in alternate feature patching
    - jffs2_kill_sb(): deal with failed allocations
    - hypfs_kill_super(): deal with failed allocations
    - rpc_pipefs: fix double-dput()
    - Don't leak MNT_INTERNAL away from internal mounts
    - autofs: mount point create should honour passed in mode
    - mm: allow GFP_{FS,IO} for page_cache_read page cache allocation
    - mm/filemap.c: fix NULL pointer in page_cache_tree_insert()
    - ext4: bugfix for mmaped pages in mpage_release_unused_pages()
    - fanotify: fix logic of events on child
    - writeback: safer lock nesting
    - Linux 4.4.129
  * CVE-2018-8087
    - mac80211_hwsim: fix possible memory leak in hwsim_new_radio_nl()
  * Integrated Webcam Realtek Integrated_Webcam_HD (0bda:58f4) not working in
    DELL XPS 13 9370 with firmware 1.50 (LP: #1763748)
    - SAUCE: media: uvcvideo: Support realtek's UVC 1.5 device
  * [Xenial] Kernels OOPS when mwifiex is in AP mode (LP: #1769671)
    - Revert "UBUNTU: SAUCE: mwifiex: do not dereference invalid pointer"
    - Revert "UBUNTU: SAUCE: net/wireless: do not dereference invalid pointer"
    - mwifiex: cfg80211: do not change virtual interface during scan processing
  * user space process hung in 'D' state waiting for disk io to complete
    (LP: #1750038)
    - NFS: Use GFP_NOIO for two allocations in writeback
  * Acer Swift sf314-52 power button not managed  (LP: #1766054)
    - SAUCE: platform/x86: acer-wmi: add another KEY_POWER keycode

-- Khalid Elmously <khalid.elmously@canonical.com>  Fri, 25 May 2018 16:30:58 -0400

Changed in linux-kvm (Ubuntu Xenial):
status:	Fix Committed → Fix Released

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Bug attachments

Add attachment

Remote bug watches

Bug watches keep track of this bug in other bug trackers.

Ubuntulinux package

test_072_config_strict_devmem in kernel security test failed with 4.4/4.15 kvm

Bug Description

CVE References

Other bug subscribers

Bug attachments

Remote bug watches

Ubuntu
linux package