Bug #1821378 “[linux-azure] Include mainline commits fc96df16a1c...” : Xenial (16.04) : Bugs : linux-azure package : Ubuntu

Joseph Salisbury (jsalisbury) on 2019-03-22

tags:

added: kernel-hyper-v

Revision history for this message

Marcelo Cerri (mhcerri) wrote on 2019-04-22:

#1

https://lists.ubuntu.com/archives/kernel-team/2019-April/100261.html

Revision history for this message

Marcelo Cerri (mhcerri) wrote on 2019-04-22:

#2

https://lists.ubuntu.com/archives/kernel-team/2019-April/100267.html

Kleber Sacilotto de Souza (kleber-souza) on 2019-04-25

Changed in linux-azure (Ubuntu Cosmic):
status:	New → Fix Committed

Marcelo Cerri (mhcerri) on 2019-04-25

Changed in linux-azure (Ubuntu Xenial):
status:	New → Fix Committed

Revision history for this message

Launchpad Janitor (janitor) wrote on 2019-05-14:

#3

Download full text (15.2 KiB)

This bug was fixed in the package linux-azure - 4.18.0-1018.18

---------------
linux-azure (4.18.0-1018.18) cosmic; urgency=medium

[ Ubuntu: 4.18.0-20.21 ]

  * CVE-2018-12126 // CVE-2018-12127 // CVE-2018-12130
    - Documentation/l1tf: Fix small spelling typo
    - x86/cpu: Sanitize FAM6_ATOM naming
    - kvm: x86: Report STIBP on GET_SUPPORTED_CPUID
    - locking/atomics, asm-generic: Move some macros from <linux/bitops.h> to a
      new <linux/bits.h> file
    - tools include: Adopt linux/bits.h
    - x86/msr-index: Cleanup bit defines
    - x86/speculation: Consolidate CPU whitelists
    - x86/speculation/mds: Add basic bug infrastructure for MDS
    - x86/speculation/mds: Add BUG_MSBDS_ONLY
    - x86/kvm: Expose X86_FEATURE_MD_CLEAR to guests
    - x86/speculation/mds: Add mds_clear_cpu_buffers()
    - x86/speculation/mds: Clear CPU buffers on exit to user
    - x86/kvm/vmx: Add MDS protection when L1D Flush is not active
    - x86/speculation/mds: Conditionally clear CPU buffers on idle entry
    - x86/speculation/mds: Add mitigation control for MDS
    - x86/speculation/mds: Add sysfs reporting for MDS
    - x86/speculation/mds: Add mitigation mode VMWERV
    - Documentation: Move L1TF to separate directory
    - Documentation: Add MDS vulnerability documentation
    - x86/speculation/mds: Add mds=full,nosmt cmdline option
    - x86/speculation: Move arch_smt_update() call to after mitigation decisions
    - x86/speculation/mds: Add SMT warning message
    - x86/speculation/mds: Fix comment
    - x86/speculation/mds: Print SMT vulnerable on MSBDS with mitigations off
    - x86/speculation/mds: Add 'mitigations=' support for MDS
  * CVE-2017-5715 // CVE-2017-5753
    - s390/speculation: Support 'mitigations=' cmdline option
  * CVE-2017-5715 // CVE-2017-5753 // CVE-2017-5754 // CVE-2018-3639
    - powerpc/speculation: Support 'mitigations=' cmdline option
  * CVE-2017-5715 // CVE-2017-5754 // CVE-2018-3620 // CVE-2018-3639 //
    CVE-2018-3646
    - cpu/speculation: Add 'mitigations=' cmdline option
    - x86/speculation: Support 'mitigations=' cmdline option
  * Packaging resync (LP: #1786013)
    - [Packaging] resync git-ubuntu-log

linux-azure (4.18.0-1017.17) cosmic; urgency=medium

* linux-azure: 4.18.0-1017.17 -proposed tracker (LP: #1826166)

  * [linux-azure] Include mainline commits fc96df16a1ce and ba50bf1ce9a5 in
    Azure kernel (LP: #1821378)
    - Drivers: hv: vmbus: Return -EINVAL for the sys files for unopened channels
    - Drivers: hv: vmbus: Check for ring when getting debug info

* [linux-azure] Commit To Improve NVMe Performance (LP: #1819689)
- blk-mq: remove the request_list usage

[ Ubuntu: 4.18.0-19.20 ]

  * linux: 4.18.0-19.20 -proposed tracker (LP: #1826171)
  * Packaging resync (LP: #1786013)
    - [Packaging] resync git-ubuntu-log
  * autopkgtests run too often, too much and don't skip enough (LP: #1823056)
    - [Debian] Set +x on rebuild testcase.
    - [Debian] Skip rebuild test, for regression-suite deps.
    - [Debian] Make ubuntu-regression-suite skippable on unbootable kernels.
    - [Debian] make rebuild use skippable error codes when skipping.
    - [Debian] Only run regression-suite...

This bug was fixed in the package linux-azure - 4.18.0-1018.18

---------------
linux-azure (4.18.0-1018.18) cosmic; urgency=medium

[ Ubuntu: 4.18.0-20.21 ]

* CVE-2018-12126 // CVE-2018-12127 // CVE-2018-12130
    - Documentation/l1tf: Fix small spelling typo
    - x86/cpu: Sanitize FAM6_ATOM naming
    - kvm: x86: Report STIBP on GET_SUPPORTED_CPUID
    - locking/atomics, asm-generic: Move some macros from <linux/bitops.h> to a
      new <linux/bits.h> file
    - tools include: Adopt linux/bits.h
    - x86/msr-index: Cleanup bit defines
    - x86/speculation: Consolidate CPU whitelists
    - x86/speculation/mds: Add basic bug infrastructure for MDS
    - x86/speculation/mds: Add BUG_MSBDS_ONLY
    - x86/kvm: Expose X86_FEATURE_MD_CLEAR to guests
    - x86/speculation/mds: Add mds_clear_cpu_buffers()
    - x86/speculation/mds: Clear CPU buffers on exit to user
    - x86/kvm/vmx: Add MDS protection when L1D Flush is not active
    - x86/speculation/mds: Conditionally clear CPU buffers on idle entry
    - x86/speculation/mds: Add mitigation control for MDS
    - x86/speculation/mds: Add sysfs reporting for MDS
    - x86/speculation/mds: Add mitigation mode VMWERV
    - Documentation: Move L1TF to separate directory
    - Documentation: Add MDS vulnerability documentation
    - x86/speculation/mds: Add mds=full,nosmt cmdline option
    - x86/speculation: Move arch_smt_update() call to after mitigation decisions
    - x86/speculation/mds: Add SMT warning message
    - x86/speculation/mds: Fix comment
    - x86/speculation/mds: Print SMT vulnerable on MSBDS with mitigations off
    - x86/speculation/mds: Add 'mitigations=' support for MDS
  * CVE-2017-5715 // CVE-2017-5753
    - s390/speculation: Support 'mitigations=' cmdline option
  * CVE-2017-5715 // CVE-2017-5753 // CVE-2017-5754 // CVE-2018-3639
    - powerpc/speculation: Support 'mitigations=' cmdline option
  * CVE-2017-5715 // CVE-2017-5754 // CVE-2018-3620 // CVE-2018-3639 //
    CVE-2018-3646
    - cpu/speculation: Add 'mitigations=' cmdline option
    - x86/speculation: Support 'mitigations=' cmdline option
  * Packaging resync (LP: #1786013)
    - [Packaging] resync git-ubuntu-log

linux-azure (4.18.0-1017.17) cosmic; urgency=medium

* linux-azure: 4.18.0-1017.17 -proposed tracker (LP: #1826166)

* [linux-azure] Include mainline commits fc96df16a1ce and ba50bf1ce9a5 in
    Azure kernel (LP: #1821378)
    - Drivers: hv: vmbus: Return -EINVAL for the sys files for unopened channels
    - Drivers: hv: vmbus: Check for ring when getting debug info

* [linux-azure] Commit To Improve NVMe Performance (LP: #1819689)
    - blk-mq: remove the request_list usage

[ Ubuntu: 4.18.0-19.20 ]

* linux: 4.18.0-19.20 -proposed tracker (LP: #1826171)
  * Packaging resync (LP: #1786013)
    - [Packaging] resync git-ubuntu-log
  * autopkgtests run too often, too much and don't skip enough (LP: #1823056)
    - [Debian] Set +x on rebuild testcase.
    - [Debian] Skip rebuild test, for regression-suite deps.
    - [Debian] Make ubuntu-regression-suite skippable on unbootable kernels.
    - [Debian] make rebuild use skippable error codes when skipping.
    - [Debian] Only run regression-suite, if requested to.
  * CVE-2017-5753
    - s390/keyboard: sanitize array index in do_kdsk_ioctl
    - drm/bufs: Fix Spectre v1 vulnerability
    - drivers/misc/sgi-gru: fix Spectre v1 vulnerability
    - ipv4: Fix potential Spectre v1 vulnerability
    - aio: fix spectre gadget in lookup_ioctx
    - ALSA: emux: Fix potential Spectre v1 vulnerabilities
    - ALSA: pcm: Fix potential Spectre v1 vulnerability
    - ip6mr: Fix potential Spectre v1 vulnerability
    - ALSA: rme9652: Fix potential Spectre v1 vulnerability
    - ALSA: emu10k1: Fix potential Spectre v1 vulnerabilities
    - KVM: arm/arm64: vgic: Fix off-by-one bug in vgic_get_irq()
    - drm/ioctl: Fix Spectre v1 vulnerabilities
    - net: core: Fix Spectre v1 vulnerability
    - phonet: af_phonet: Fix Spectre v1 vulnerability
    - nfc: af_nfc: Fix Spectre v1 vulnerability
    - can: af_can: Fix Spectre v1 vulnerability
    - net: Revert recent Spectre-v1 patches.
    - char/mwave: fix potential Spectre v1 vulnerability
    - applicom: Fix potential Spectre v1 vulnerabilities
    - ipmi: msghandler: Fix potential Spectre v1 vulnerabilities
    - powerpc/ptrace: Mitigate potential Spectre v1
    - cfg80211: prevent speculation on cfg80211_classify8021d() return
    - ALSA: rawmidi: Fix potential Spectre v1 vulnerability
    - ALSA: seq: oss: Fix Spectre v1 vulnerability
  * NULL pointer dereference when using z3fold and zswap (LP: #1814874)
    - z3fold: fix possible reclaim races
  * The Realtek card reader does not enter PCIe 1.1/1.2 (LP: #1825487)
    - misc: rtsx: Enable OCP for rts522a rts524a rts525a rts5260
    - SAUCE: misc: rtsx: Fixed rts5260 power saving parameter and sd glitch
  * headset-mic doesn't work on two Dell laptops. (LP: #1825272)
    - ALSA: hda/realtek - add two more pin configuration sets to quirk table
  * CVE-2018-16884
    - sunrpc: use SVC_NET() in svcauth_gss_* functions
    - sunrpc: use-after-free in svc_process_common()
  * AMD Rome :  Minimal support patches (LP: #1816669)
    - x86: irq_remapping: Move irq remapping mode enum
    - iommu/amd: Add support for higher 64-bit IOMMU Control Register
    - iommu/amd: Add support for IOMMU XT mode
  * sky2 ethernet card don't work after returning from suspension (LP: #1798921)
    - sky2: Increase D3 delay again
  * CVE-2019-9500
    - brcmfmac: assure SSID length from firmware is limited
  * CVE-2019-9503
    - brcmfmac: add subtype check for event handling in data path
  * CVE-2019-3882
    - vfio/type1: Limit DMA mappings per container
  * CVE-2019-3887
    - KVM: x86: nVMX: close leak of L0's x2APIC MSRs (CVE-2019-3887)
    - KVM: x86: nVMX: fix x2APIC VTPR read intercept
  * CVE-2019-3874
    - sctp: use sk_wmem_queued to check for writable space
    - sctp: implement memory accounting on tx path
    - sctp: implement memory accounting on rx path
  * Intel I210 Ethernet card not working after hotplug [8086:1533]
    (LP: #1818490)
    - igb: Fix WARN_ONCE on runtime suspend
  * autofs kernel module missing (LP: #1824333)
    - [Config] Update autofs4 path in inclusion list
  * tasks doing write()/fsync() hit deadlock in write_cache_pages()
    (LP: #1824827)
    - mm/page-writeback.c: fix range_cyclic writeback vs writepages deadlock
  * Pop noise when headset is plugged in or removed from GHS/Line-out jack
    (LP: #1821290)
    - ALSA: hda/realtek - Add unplug function into unplug state of Headset Mode
      for ALC225
    - ALSA: hda/realtek - Disable headset Mic VREF for headset mode of ALC225
    - ALSA: hda/realtek - Add support headset mode for DELL WYSE AIO
    - ALSA: hda/realtek - Add support headset mode for New DELL WYSE NB
  * mac80211_hwsim unable to handle kernel NULL pointer dereference
    at0000000000000000  (LP: #1825058)
    - mac80211_hwsim: Timer should be initialized before device registered
  * [regression][snd_hda_codec_realtek] repeating crackling noise after 19.04
    upgrade (LP: #1821663)
    - ALSA: hda - add Lenovo IdeaCentre B550 to the power_save_blacklist
    - ALSA: hda - Add two more machines to the power_save_blacklist
  * systemd cause kernel trace "BUG: unable to handle kernel paging request at
    6db23a14" on Cosmic i386 (LP: #1813244) // systemd cause kernel trace "BUG:
    unable to handle kernel paging request at 6db23a14" on Cosmic i386
    (LP: #1813244)
    - openvswitch: fix flow actions reallocation

linux-azure (4.18.0-1016.16) cosmic; urgency=medium

* linux-azure: 4.18.0-1016.16 -proposed tracker (LP: #1824841)

* The 4.18.0-1015.15 Azure Kernel Panics Due to Missing Commit (LP: #1823805)
    - scsi: storvsc: Fix a race in sub-channel creation that can cause panic

* linux-azure: Add the Catapult FPGA Driver (LP: #1824879)
    - SAUCE: linux-azure: Include Catapult FPGA PCI driver
    - [Config] linux-azure: CONFIG_CATAPULT_PCI=m

linux-azure (4.18.0-1015.15) cosmic; urgency=medium

* linux-azure: 4.18.0-1015.15 -proposed tracker (LP: #1822791)

* Upstream Commits Needed for DPDK on Azure (LP: #1812123)
    - vmbus: keep pointer to ring buffer page
    - uio: introduce UIO_MEM_IOVA
    - hv_uio_generic: map ringbuffer phys addr
    - uio_hv_generic: defer opening vmbus until first use
    - uio_hv_generic: set callbacks on open
    - vmbus: pass channel to hv_process_channel_removal
    - vmbus: split ring buffer allocation from open
    - vmbus: fix subchannel removal

* [Hyper-V] Enable CONFIG_HOTPLUG_CPU in linux-azure (LP: #1821934)
    - Revert "UBUNTU: [Config] azure: CONFIG_HOTPLUG_CPU=n"

[ Ubuntu: 4.18.0-18.19 ]

* linux: 4.18.0-18.19 -proposed tracker (LP: #1822796)
  * Packaging resync (LP: #1786013)
    - [Packaging] update helper scripts
    - [Packaging] resync retpoline extraction
  * 3b080b2564287be91605bfd1d5ee985696e61d3c in ubuntu_btrfs_kernel_fixes
    triggers system hang on i386 (LP: #1812845)
    - btrfs: raid56: properly unmap parity page in finish_parity_scrub()
  * [SRU][B/C/OEM]IOMMU: add kernel dma protection (LP: #1820153)
    - ACPI / property: Allow multiple property compatible _DSD entries
    - PCI / ACPI: Identify untrusted PCI devices
    - iommu/vt-d: Force IOMMU on for platform opt in hint
    - iommu/vt-d: Do not enable ATS for untrusted devices
    - thunderbolt: Export IOMMU based DMA protection support to userspace
    - iommu/vt-d: Disable ATS support on untrusted devices
  * Huawei Hi1822 NIC has poor performance (LP: #1820187)
    - net-next: hinic: fix a problem in free_tx_poll()
    - hinic: remove ndo_poll_controller
    - net-next/hinic: add checksum offload and TSO support
    - hinic: Fix l4_type parameter in hinic_task_set_tunnel_l4
    - net-next/hinic:replace multiply and division operators
    - net-next/hinic:add rx checksum offload for HiNIC
    - net-next/hinic:fix a bug in set mac address
    - net-next/hinic: fix a bug in rx data flow
    - net: hinic: fix null pointer dereference on pointer hwdev
    - hinic: optmize rx refill buffer mechanism
    - net-next/hinic:add shutdown callback
    - net-next/hinic: replace disable_irq_nosync/enable_irq
  * [CONFIG] please enable highdpi font FONT_TER16x32 (LP: #1819881)
    - Fonts: New Terminus large console font
    - [Config]: enable highdpi Terminus 16x32 font support
  * [19.04 FEAT] qeth: Enhanced link speed - kernel part (LP: #1814892)
    - s390/qeth: report 25Gbit link speed
  * Avoid potential memory corruption on HiSilicon SoCs (LP: #1819546)
    - iommu/arm-smmu-v3: Avoid memory corruption from Hisilicon MSI payloads
  * CVE-2017-5715
    - x86/speculation: Apply IBPB more strictly to avoid cross-process data leak
    - x86/speculation: Propagate information about RSB filling mitigation to sysfs
    - x86/speculation: Add RETPOLINE_AMD support to the inline asm CALL_NOSPEC
      variant
    - x86/retpoline: Make CONFIG_RETPOLINE depend on compiler support
    - x86/retpoline: Remove minimal retpoline support
    - x86/speculation: Update the TIF_SSBD comment
    - x86/speculation: Clean up spectre_v2_parse_cmdline()
    - x86/speculation: Remove unnecessary ret variable in cpu_show_common()
    - x86/speculation: Move STIPB/IBPB string conditionals out of
      cpu_show_common()
    - x86/speculation: Disable STIBP when enhanced IBRS is in use
    - x86/speculation: Rename SSBD update functions
    - x86/speculation: Reorganize speculation control MSRs update
    - sched/smt: Make sched_smt_present track topology
    - x86/Kconfig: Select SCHED_SMT if SMP enabled
    - sched/smt: Expose sched_smt_present static key
    - x86/speculation: Rework SMT state change
    - x86/l1tf: Show actual SMT state
    - x86/speculation: Reorder the spec_v2 code
    - x86/speculation: Mark string arrays const correctly
    - x86/speculataion: Mark command line parser data __initdata
    - x86/speculation: Unify conditional spectre v2 print functions
    - x86/speculation: Add command line control for indirect branch speculation
    - x86/speculation: Prepare for per task indirect branch speculation control
    - x86/process: Consolidate and simplify switch_to_xtra() code
    - x86/speculation: Avoid __switch_to_xtra() calls
    - x86/speculation: Prepare for conditional IBPB in switch_mm()
    - ptrace: Remove unused ptrace_may_access_sched() and MODE_IBRS
    - x86/speculation: Split out TIF update
    - x86/speculation: Prevent stale SPEC_CTRL msr content
    - x86/speculation: Prepare arch_smt_update() for PRCTL mode
    - x86/speculation: Add prctl() control for indirect branch speculation
    - x86/speculation: Enable prctl mode for spectre_v2_user
    - x86/speculation: Add seccomp Spectre v2 user space protection mode
    - x86/speculation: Provide IBPB always command line options
    - kvm: svm: Ensure an IBPB on all affected CPUs when freeing a vmcb
    - x86/speculation: Change misspelled STIPB to STIBP
    - x86/speculation: Add support for STIBP always-on preferred mode
    - x86, modpost: Replace last remnants of RETPOLINE with CONFIG_RETPOLINE
  * [Ubuntu] vfio-ap: add subsystem to matrix device to avoid libudev failures
    (LP: #1818854)
    - s390: vfio_ap: link the vfio_ap devices to the vfio_ap bus subsystem
  * Kernel regularly logs: Bluetooth: hci0: last event is not cmd complete
    (0x0f) (LP: #1748565)
    - Bluetooth: Fix unnecessary error message for HCI request completion
  * HiSilicon HNS ethernet broken in 4.15.0-45 (LP: #1818294)
    - net: hns: Fix WARNING when hns modules installed
  * Lenovo ideapad 330-15ICH Wifi rfkill hard blocked (LP: #1811815)
    - platform/x86: ideapad: Add ideapad 330-15ICH to no_hw_rfkill
  * Qualcomm Atheros QCA9377 wireless does not work (LP: #1818204)
    - platform/x86: ideapad-laptop: Add Ideapad 530S-14ARR to no_hw_rfkill list
  * fscache: jobs might hang when fscache disk is full (LP: #1821395)
    - fscache: fix race between enablement and dropping of object
  * hns3: fix oops in hns3_clean_rx_ring() (LP: #1821064)
    - net: hns3: add dma_rmb() for rx description
  * tcm_loop.ko: move from modules-extra into main modules package
    (LP: #1817786)
    - [Packaging] move tcm_loop.lo to main linux-modules package
  * tcmu user space crash results in kernel module hang. (LP: #1819504)
    - scsi: tcmu: delete unused __wait
    - scsi: tcmu: track nl commands
    - scsi: tcmu: simplify nl interface
    - scsi: tcmu: add module wide block/reset_netlink support
  * Intel XL710 - i40e driver does not work with kernel 4.15 (Ubuntu 18.04)
    (LP: #1779756)
    - i40e: prevent overlapping tx_timeout recover
  * some codecs stop working after S3 (LP: #1820930)
    - ALSA: hda - Enforces runtime_resume after S3 and S4 for each codec
  * 4.15 s390x kernel BUG at /build/linux-
    Gycr4Z/linux-4.15.0/drivers/block/virtio_blk.c:565! (LP: #1788432)
    - virtio/s390: avoid race on vcdev->config
    - virtio/s390: fix race in ccw_io_helper()
  * [SRU][B/B-OEM/C/D] Fix AMD IOMMU NULL dereference (LP: #1820990)
    - iommu/amd: Fix NULL dereference bug in match_hid_uid
  * New Intel Wireless-AC 9260 [8086:2526] card not correctly probed in Ubuntu
    system (LP: #1821271)
    - iwlwifi: add new card for 9260 series
  * Add support for MAC address pass through on RTL8153-BD (LP: #1821276)
    - r8152: Add support for MAC address pass through on RTL8153-BD
    - r8152: Fix an error on RTL8153-BD MAC Address Passthrough support

-- Stefan Bader <stefan.bader@canonical.com>  Tue, 07 May 2019 19:14:33 +0200

Changed in linux-azure (Ubuntu Cosmic):
status:	Fix Committed → Fix Released

Revision history for this message

Launchpad Janitor (janitor) wrote on 2019-05-14:

#4

Download full text (13.5 KiB)

This bug was fixed in the package linux-azure - 4.15.0-1045.49

---------------
linux-azure (4.15.0-1045.49) xenial; urgency=medium

* [linux-azure] Storage performance drop on RAID (LP: #1828248)
- Revert "blk-mq: remove the request_list usage"

[ Ubuntu: 4.15.0-50.54 ]

  * CVE-2018-12126 // CVE-2018-12127 // CVE-2018-12130
    - Documentation/l1tf: Fix small spelling typo
    - x86/cpu: Sanitize FAM6_ATOM naming
    - kvm: x86: Report STIBP on GET_SUPPORTED_CPUID
    - locking/atomics, asm-generic: Move some macros from <linux/bitops.h> to a
      new <linux/bits.h> file
    - tools include: Adopt linux/bits.h
    - x86/msr-index: Cleanup bit defines
    - x86/speculation: Consolidate CPU whitelists
    - x86/speculation/mds: Add basic bug infrastructure for MDS
    - x86/speculation/mds: Add BUG_MSBDS_ONLY
    - x86/kvm: Expose X86_FEATURE_MD_CLEAR to guests
    - x86/speculation/mds: Add mds_clear_cpu_buffers()
    - x86/speculation/mds: Clear CPU buffers on exit to user
    - x86/kvm/vmx: Add MDS protection when L1D Flush is not active
    - x86/speculation/mds: Conditionally clear CPU buffers on idle entry
    - x86/speculation/mds: Add mitigation control for MDS
    - x86/speculation/mds: Add sysfs reporting for MDS
    - x86/speculation/mds: Add mitigation mode VMWERV
    - Documentation: Move L1TF to separate directory
    - Documentation: Add MDS vulnerability documentation
    - x86/speculation/mds: Add mds=full,nosmt cmdline option
    - x86/speculation: Move arch_smt_update() call to after mitigation decisions
    - x86/speculation/mds: Add SMT warning message
    - x86/speculation/mds: Fix comment
    - x86/speculation/mds: Print SMT vulnerable on MSBDS with mitigations off
    - x86/speculation/mds: Add 'mitigations=' support for MDS
  * CVE-2017-5715 // CVE-2017-5753
    - s390/speculation: Support 'mitigations=' cmdline option
  * CVE-2017-5715 // CVE-2017-5753 // CVE-2017-5754 // CVE-2018-3639
    - powerpc/speculation: Support 'mitigations=' cmdline option
  * CVE-2017-5715 // CVE-2017-5754 // CVE-2018-3620 // CVE-2018-3639 //
    CVE-2018-3646
    - cpu/speculation: Add 'mitigations=' cmdline option
    - x86/speculation: Support 'mitigations=' cmdline option
  * Packaging resync (LP: #1786013)
    - [Packaging] resync git-ubuntu-log

linux-azure (4.15.0-1044.48) xenial; urgency=medium

* linux-azure: 4.15.0-1044.48 -proposed tracker (LP: #1826354)

  * [linux-azure] Include mainline commits fc96df16a1ce and ba50bf1ce9a5 in
    Azure kernel (LP: #1821378)
    - Drivers: hv: vmbus: Return -EINVAL for the sys files for unopened channels
    - Drivers: hv: vmbus: Check for ring when getting debug info

* [linux-azure] Commit To Improve NVMe Performance (LP: #1819689)
- blk-mq: remove the request_list usage

[ Ubuntu: 4.15.0-49.53 ]

  * linux: 4.15.0-49.53 -proposed tracker (LP: #1826358)
  * Backport support for software count cache flush Spectre v2 mitigation. (CVE)
    (required for POWER9 DD2.3) (LP: #1822870)
    - powerpc/64s: Add support for ori barrier_nospec patching
    - powerpc/64s: Patch barrier_nospec in modules
    - powerpc/64s: Enable barrier_nospec based on firmware settings
    - powerpc...

This bug was fixed in the package linux-azure - 4.15.0-1045.49

---------------
linux-azure (4.15.0-1045.49) xenial; urgency=medium

*  [linux-azure] Storage performance drop on RAID (LP: #1828248)
    - Revert "blk-mq: remove the request_list usage"

[ Ubuntu: 4.15.0-50.54 ]

* CVE-2018-12126 // CVE-2018-12127 // CVE-2018-12130
    - Documentation/l1tf: Fix small spelling typo
    - x86/cpu: Sanitize FAM6_ATOM naming
    - kvm: x86: Report STIBP on GET_SUPPORTED_CPUID
    - locking/atomics, asm-generic: Move some macros from <linux/bitops.h> to a
      new <linux/bits.h> file
    - tools include: Adopt linux/bits.h
    - x86/msr-index: Cleanup bit defines
    - x86/speculation: Consolidate CPU whitelists
    - x86/speculation/mds: Add basic bug infrastructure for MDS
    - x86/speculation/mds: Add BUG_MSBDS_ONLY
    - x86/kvm: Expose X86_FEATURE_MD_CLEAR to guests
    - x86/speculation/mds: Add mds_clear_cpu_buffers()
    - x86/speculation/mds: Clear CPU buffers on exit to user
    - x86/kvm/vmx: Add MDS protection when L1D Flush is not active
    - x86/speculation/mds: Conditionally clear CPU buffers on idle entry
    - x86/speculation/mds: Add mitigation control for MDS
    - x86/speculation/mds: Add sysfs reporting for MDS
    - x86/speculation/mds: Add mitigation mode VMWERV
    - Documentation: Move L1TF to separate directory
    - Documentation: Add MDS vulnerability documentation
    - x86/speculation/mds: Add mds=full,nosmt cmdline option
    - x86/speculation: Move arch_smt_update() call to after mitigation decisions
    - x86/speculation/mds: Add SMT warning message
    - x86/speculation/mds: Fix comment
    - x86/speculation/mds: Print SMT vulnerable on MSBDS with mitigations off
    - x86/speculation/mds: Add 'mitigations=' support for MDS
  * CVE-2017-5715 // CVE-2017-5753
    - s390/speculation: Support 'mitigations=' cmdline option
  * CVE-2017-5715 // CVE-2017-5753 // CVE-2017-5754 // CVE-2018-3639
    - powerpc/speculation: Support 'mitigations=' cmdline option
  * CVE-2017-5715 // CVE-2017-5754 // CVE-2018-3620 // CVE-2018-3639 //
    CVE-2018-3646
    - cpu/speculation: Add 'mitigations=' cmdline option
    - x86/speculation: Support 'mitigations=' cmdline option
  * Packaging resync (LP: #1786013)
    - [Packaging] resync git-ubuntu-log

linux-azure (4.15.0-1044.48) xenial; urgency=medium

* linux-azure: 4.15.0-1044.48 -proposed tracker (LP: #1826354)

* [linux-azure] Include mainline commits fc96df16a1ce and ba50bf1ce9a5 in
    Azure kernel (LP: #1821378)
    - Drivers: hv: vmbus: Return -EINVAL for the sys files for unopened channels
    - Drivers: hv: vmbus: Check for ring when getting debug info

* [linux-azure] Commit To Improve NVMe Performance (LP: #1819689)
    - blk-mq: remove the request_list usage

[ Ubuntu: 4.15.0-49.53 ]

* linux: 4.15.0-49.53 -proposed tracker (LP: #1826358)
  * Backport support for software count cache flush Spectre v2 mitigation. (CVE)
    (required for POWER9 DD2.3) (LP: #1822870)
    - powerpc/64s: Add support for ori barrier_nospec patching
    - powerpc/64s: Patch barrier_nospec in modules
    - powerpc/64s: Enable barrier_nospec based on firmware settings
    - powerpc: Use barrier_nospec in copy_from_user()
    - powerpc/64: Use barrier_nospec in syscall entry
    - powerpc/64s: Enhance the information in cpu_show_spectre_v1()
    - powerpc/64: Disable the speculation barrier from the command line
    - powerpc/64: Make stf barrier PPC_BOOK3S_64 specific.
    - powerpc/64: Add CONFIG_PPC_BARRIER_NOSPEC
    - powerpc/64: Call setup_barrier_nospec() from setup_arch()
    - powerpc/64: Make meltdown reporting Book3S 64 specific
    - powerpc/lib/code-patching: refactor patch_instruction()
    - powerpc/lib/feature-fixups: use raw_patch_instruction()
    - powerpc/asm: Add a patch_site macro & helpers for patching instructions
    - powerpc/64s: Add new security feature flags for count cache flush
    - powerpc/64s: Add support for software count cache flush
    - powerpc/pseries: Query hypervisor for count cache flush settings
    - powerpc/powernv: Query firmware for count cache flush settings
    - powerpc/fsl: Add nospectre_v2 command line argument
    - KVM: PPC: Book3S: Add count cache flush parameters to kvmppc_get_cpu_char()
    - [Config] Add CONFIG_PPC_BARRIER_NOSPEC
  * Packaging resync (LP: #1786013)
    - [Packaging] resync git-ubuntu-log
  * autopkgtests run too often, too much and don't skip enough (LP: #1823056)
    - [Debian] Set +x on rebuild testcase.
    - [Debian] Skip rebuild test, for regression-suite deps.
    - [Debian] Make ubuntu-regression-suite skippable on unbootable kernels.
    - [Debian] make rebuild use skippable error codes when skipping.
    - [Debian] Only run regression-suite, if requested to.
  * bionic: fork out linux-snapdragon into its own topic kernel (LP: #1820868)
    - [Packaging] remove arm64 snapdragon from getabis
    - [Config] config changes for snapdragon split
    - packaging: arm64: disable building the snapdragon flavour
    - [Packaging] arm64: Drop snapdragon from kernel-versions
  * CVE-2017-5753
    - KVM: arm/arm64: vgic: fix possible spectre-v1 in vgic_get_irq()
    - media: dvb_ca_en50221: prevent using slot_info for Spectre attacs
    - sysvipc/sem: mitigate semnum index against spectre v1
    - libahci: Fix possible Spectre-v1 pmp indexing in ahci_led_store()
    - s390/keyboard: sanitize array index in do_kdsk_ioctl
    - arm64: fix possible spectre-v1 write in ptrace_hbp_set_event()
    - KVM: arm/arm64: vgic: Fix possible spectre-v1 write in vgic_mmio_write_apr()
    - pktcdvd: Fix possible Spectre-v1 for pkt_devs
    - net: socket: fix potential spectre v1 gadget in socketcall
    - net: socket: Fix potential spectre v1 gadget in sock_is_registered
    - drm/amdgpu/pm: Fix potential Spectre v1
    - netlink: Fix spectre v1 gadget in netlink_create()
    - ext4: fix spectre gadget in ext4_mb_regular_allocator()
    - drm/i915/kvmgt: Fix potential Spectre v1
    - net: sock_diag: Fix spectre v1 gadget in __sock_diag_cmd()
    - fs/quota: Fix spectre gadget in do_quotactl
    - hwmon: (nct6775) Fix potential Spectre v1
    - mac80211_hwsim: Fix possible Spectre-v1 for hwsim_world_regdom_custom
    - switchtec: Fix Spectre v1 vulnerability
    - misc: hmc6352: fix potential Spectre v1
    - tty: vt_ioctl: fix potential Spectre v1
    - nl80211: Fix possible Spectre-v1 for NL80211_TXRATE_HT
    - nl80211: Fix possible Spectre-v1 for CQM RSSI thresholds
    - IB/ucm: Fix Spectre v1 vulnerability
    - RDMA/ucma: Fix Spectre v1 vulnerability
    - drm/bufs: Fix Spectre v1 vulnerability
    - usb: gadget: storage: Fix Spectre v1 vulnerability
    - ptp: fix Spectre v1 vulnerability
    - HID: hiddev: fix potential Spectre v1
    - vhost: Fix Spectre V1 vulnerability
    - drivers/misc/sgi-gru: fix Spectre v1 vulnerability
    - ipv4: Fix potential Spectre v1 vulnerability
    - aio: fix spectre gadget in lookup_ioctx
    - ALSA: emux: Fix potential Spectre v1 vulnerabilities
    - ALSA: pcm: Fix potential Spectre v1 vulnerability
    - ip6mr: Fix potential Spectre v1 vulnerability
    - ALSA: rme9652: Fix potential Spectre v1 vulnerability
    - ALSA: emu10k1: Fix potential Spectre v1 vulnerabilities
    - KVM: arm/arm64: vgic: Fix off-by-one bug in vgic_get_irq()
    - drm/ioctl: Fix Spectre v1 vulnerabilities
    - char/mwave: fix potential Spectre v1 vulnerability
    - applicom: Fix potential Spectre v1 vulnerabilities
    - ipmi: msghandler: Fix potential Spectre v1 vulnerabilities
    - powerpc/ptrace: Mitigate potential Spectre v1
    - cfg80211: prevent speculation on cfg80211_classify8021d() return
    - ALSA: rawmidi: Fix potential Spectre v1 vulnerability
    - ALSA: seq: oss: Fix Spectre v1 vulnerability
  * Bionic: Sync to Xenial (Spectre) (LP: #1822760)
    - x86/speculation/l1tf: Suggest what to do on systems with too much RAM
    - KVM: SVM: Add MSR-based feature support for serializing LFENCE
    - KVM: VMX: fixes for vmentry_l1d_flush module parameter
    - KVM: X86: Allow userspace to define the microcode version
    - SAUCE: [Fix] x86/KVM/VMX: Add L1D flush logic
    - SAUCE: [Fix] x86/speculation: Use ARCH_CAPABILITIES to skip L1D flush on
      vmentry
  * [SRU] [B/OEM] Fix ACPI bug that causes boot failure (LP: #1819921)
    - SAUCE: ACPI / bus: Add some Lenovo laptops in list of acpi table term list
  * Bionic update: upstream stable patchset for fuse 2019-04-12 (LP: #1824553)
    - fuse: fix double request_end()
    - fuse: fix unlocked access to processing queue
    - fuse: umount should wait for all requests
    - fuse: Fix oops at process_init_reply()
    - fuse: Don't access pipe->buffers without pipe_lock()
    - fuse: Fix use-after-free in fuse_dev_do_read()
    - fuse: Fix use-after-free in fuse_dev_do_write()
    - fuse: set FR_SENT while locked
    - fuse: fix blocked_waitq wakeup
    - fuse: fix leaked notify reply
    - fuse: fix possibly missed wake-up after abort
    - fuse: fix use-after-free in fuse_direct_IO()
    - fuse: continue to send FUSE_RELEASEDIR when FUSE_OPEN returns ENOSYS
    - fuse: handle zero sized retrieve correctly
    - fuse: call pipe_buf_release() under pipe lock
    - fuse: decrement NR_WRITEBACK_TEMP on the right page
  * Backport support for software count cache flush Spectre v2 mitigation. (CVE)
    (required for POWER9 DD2.3) (LP: #1822870) // Backport support for software
    count cache flush Spectre v2 mitigation. (CVE) (required for POWER9 DD2.3)
    (LP: #1822870)
    - powerpc64s: Show ori31 availability in spectre_v1 sysfs file not v2
    - powerpc/fsl: Fix spectre_v2 mitigations reporting
    - powerpc: Avoid code patching freed init sections
  * Backport support for software count cache flush Spectre v2 mitigation. (CVE)
    (required for POWER9 DD2.3) (LP: #1822870) // Backport support for software
    count cache flush Spectre v2 mitigation. (CVE) (required for POWER9 DD2.3)
    (LP: #1822870) // Backport support for software count cache flush Spectre v2
    mitigation. (CVE) (required for POWER9 DD2.3) (LP: #1822870)
    - powerpc/security: Fix spectre_v2 reporting
  * CVE-2019-3874
    - sctp: use sk_wmem_queued to check for writable space
    - sctp: implement memory accounting on tx path
    - sctp: implement memory accounting on rx path
  * NULL pointer dereference when using z3fold and zswap (LP: #1814874)
    - z3fold: fix possible reclaim races
  * Kprobe event argument syntax in ftrace from ubuntu_kernel_selftests failed
    on B PowerPC (LP: #1812809)
    - selftests/ftrace: Add ppc support for kprobe args tests
  * The Realtek card reader does not enter PCIe 1.1/1.2 (LP: #1825487)
    - misc: rtsx: make various functions static
    - misc: rtsx: Enable OCP for rts522a rts524a rts525a rts5260
    - SAUCE: misc: rtsx: Fixed rts5260 power saving parameter and sd glitch
  * headset-mic doesn't work on two Dell laptops. (LP: #1825272)
    - ALSA: hda/realtek - add two more pin configuration sets to quirk table
  * CVE-2018-16884
    - sunrpc: use SVC_NET() in svcauth_gss_* functions
    - sunrpc: use-after-free in svc_process_common()
  * sky2 ethernet card don't work after returning from suspension (LP: #1798921)
    - sky2: Increase D3 delay again
  * CVE-2019-9500
    - brcmfmac: assure SSID length from firmware is limited
  * CVE-2019-9503
    - brcmfmac: add subtype check for event handling in data path
  * CVE-2019-3882
    - vfio/type1: Limit DMA mappings per container
  * Intel I210 Ethernet card not working after hotplug [8086:1533]
    (LP: #1818490)
    - igb: Fix WARN_ONCE on runtime suspend
  * bionic, xenial/hwe: misses "fuse: fix initial parallel dirops" patch
    (LP: #1823972)
    - fuse: fix initial parallel dirops
  * amdgpu resume failure: failed to allocate wb slot (LP: #1825074)
    - drm/amdgpu: fix&cleanups for wb_clear
  * Pop noise when headset is plugged in or removed from GHS/Line-out jack
    (LP: #1821290)
    - ALSA: hda/realtek - Add unplug function into unplug state of Headset Mode
      for ALC225
    - ALSA: hda/realtek - Disable headset Mic VREF for headset mode of ALC225
    - ALSA: hda/realtek - Add support headset mode for DELL WYSE AIO
    - ALSA: hda/realtek - Add support headset mode for New DELL WYSE NB
  * mac80211_hwsim unable to handle kernel NULL pointer dereference
    at0000000000000000  (LP: #1825058)
    - mac80211_hwsim: Timer should be initialized before device registered
  * [regression][snd_hda_codec_realtek] repeating crackling noise after 19.04
    upgrade (LP: #1821663)
    - ALSA: hda: Add Intel NUC7i3BNB to the power_save blacklist
    - ALSA: hda - add Lenovo IdeaCentre B550 to the power_save_blacklist
    - ALSA: hda - Add two more machines to the power_save_blacklist
  * ubuntu_nbd_smoke_test failed on P9 with Bionic kernel (LP: #1822247)
    - nbd: fix how we set bd_invalidated
  * TSC clocksource not available in nested guests (LP: #1822821)
    - kvmclock: fix TSC calibration for nested guests
  * 4.15 kernel ip_vs --ops causes performance and hang problem (LP: #1819786)
    - ipvs: fix refcount usage for conns in ops mode
  * systemd cause kernel trace "BUG: unable to handle kernel paging request at
    6db23a14" on Cosmic i386 (LP: #1813244) // systemd cause kernel trace "BUG:
    unable to handle kernel paging request at 6db23a14" on Cosmic i386
    (LP: #1813244)
    - openvswitch: fix flow actions reallocation

linux-azure (4.15.0-1043.47) xenial; urgency=medium

* linux-azure: 4.15.0-1043.47 -proposed tracker (LP: #1826230)

* linux-azure: Add the Catapult FPGA Driver (LP: #1824879)
    - SAUCE: linux-azure: Include Catapult FPGA PCI driver
    - [Config] linux-azure: CONFIG_CATAPULT_PCI=m

-- Stefan Bader <stefan.bader@canonical.com>  Mon, 13 May 2019 18:10:13 +0200

Changed in linux-azure (Ubuntu Xenial):
status:	Fix Committed → Fix Released

Revision history for this message

Launchpad Janitor (janitor) wrote on 2019-05-14:

#5

Download full text (13.9 KiB)

This bug was fixed in the package linux-azure - 4.15.0-1045.49~14.04.1

---------------
linux-azure (4.15.0-1045.49~14.04.1) trusty; urgency=medium

[ Ubuntu: 4.15.0-1045.49 ]

  * [linux-azure] Storage performance drop on RAID (LP: #1828248)
    - Revert "blk-mq: remove the request_list usage"
  * CVE-2018-12126 // CVE-2018-12127 // CVE-2018-12130
    - Documentation/l1tf: Fix small spelling typo
    - x86/cpu: Sanitize FAM6_ATOM naming
    - kvm: x86: Report STIBP on GET_SUPPORTED_CPUID
    - locking/atomics, asm-generic: Move some macros from <linux/bitops.h> to a
      new <linux/bits.h> file
    - tools include: Adopt linux/bits.h
    - x86/msr-index: Cleanup bit defines
    - x86/speculation: Consolidate CPU whitelists
    - x86/speculation/mds: Add basic bug infrastructure for MDS
    - x86/speculation/mds: Add BUG_MSBDS_ONLY
    - x86/kvm: Expose X86_FEATURE_MD_CLEAR to guests
    - x86/speculation/mds: Add mds_clear_cpu_buffers()
    - x86/speculation/mds: Clear CPU buffers on exit to user
    - x86/kvm/vmx: Add MDS protection when L1D Flush is not active
    - x86/speculation/mds: Conditionally clear CPU buffers on idle entry
    - x86/speculation/mds: Add mitigation control for MDS
    - x86/speculation/mds: Add sysfs reporting for MDS
    - x86/speculation/mds: Add mitigation mode VMWERV
    - Documentation: Move L1TF to separate directory
    - Documentation: Add MDS vulnerability documentation
    - x86/speculation/mds: Add mds=full,nosmt cmdline option
    - x86/speculation: Move arch_smt_update() call to after mitigation decisions
    - x86/speculation/mds: Add SMT warning message
    - x86/speculation/mds: Fix comment
    - x86/speculation/mds: Print SMT vulnerable on MSBDS with mitigations off
    - x86/speculation/mds: Add 'mitigations=' support for MDS
  * CVE-2017-5715 // CVE-2017-5753
    - s390/speculation: Support 'mitigations=' cmdline option
  * CVE-2017-5715 // CVE-2017-5753 // CVE-2017-5754 // CVE-2018-3639
    - powerpc/speculation: Support 'mitigations=' cmdline option
  * CVE-2017-5715 // CVE-2017-5754 // CVE-2018-3620 // CVE-2018-3639 //
    CVE-2018-3646
    - cpu/speculation: Add 'mitigations=' cmdline option
    - x86/speculation: Support 'mitigations=' cmdline option
  * Packaging resync (LP: #1786013)
    - [Packaging] resync git-ubuntu-log

linux-azure (4.15.0-1044.48~14.04.1) trusty; urgency=medium

* linux-azure: 4.15.0-1044.48~14.04.1 -proposed tracker (LP: #1826352)

  * Packaging resync (LP: #1786013)
    - [Packaging] resync git-ubuntu-log
    - [Packaging] update helper scripts

[ Ubuntu: 4.15.0-1044.48 ]

  * linux-azure: 4.15.0-1044.48 -proposed tracker (LP: #1826354)
  * [linux-azure] Include mainline commits fc96df16a1ce and ba50bf1ce9a5 in
    Azure kernel (LP: #1821378)
    - Drivers: hv: vmbus: Return -EINVAL for the sys files for unopened channels
    - Drivers: hv: vmbus: Check for ring when getting debug info
  * [linux-azure] Commit To Improve NVMe Performance (LP: #1819689)
    - blk-mq: remove the request_list usage
  * linux: 4.15.0-49.53 -proposed tracker (LP: #1826358)
  * Backport support for software count cache flush Spectre v2 mitigation. (CVE)
    (required for POWER9 DD...

This bug was fixed in the package linux-azure - 4.15.0-1045.49~14.04.1

---------------
linux-azure (4.15.0-1045.49~14.04.1) trusty; urgency=medium

[ Ubuntu: 4.15.0-1045.49 ]

*  [linux-azure] Storage performance drop on RAID (LP: #1828248)
    - Revert "blk-mq: remove the request_list usage"
  * CVE-2018-12126 // CVE-2018-12127 // CVE-2018-12130
    - Documentation/l1tf: Fix small spelling typo
    - x86/cpu: Sanitize FAM6_ATOM naming
    - kvm: x86: Report STIBP on GET_SUPPORTED_CPUID
    - locking/atomics, asm-generic: Move some macros from <linux/bitops.h> to a
      new <linux/bits.h> file
    - tools include: Adopt linux/bits.h
    - x86/msr-index: Cleanup bit defines
    - x86/speculation: Consolidate CPU whitelists
    - x86/speculation/mds: Add basic bug infrastructure for MDS
    - x86/speculation/mds: Add BUG_MSBDS_ONLY
    - x86/kvm: Expose X86_FEATURE_MD_CLEAR to guests
    - x86/speculation/mds: Add mds_clear_cpu_buffers()
    - x86/speculation/mds: Clear CPU buffers on exit to user
    - x86/kvm/vmx: Add MDS protection when L1D Flush is not active
    - x86/speculation/mds: Conditionally clear CPU buffers on idle entry
    - x86/speculation/mds: Add mitigation control for MDS
    - x86/speculation/mds: Add sysfs reporting for MDS
    - x86/speculation/mds: Add mitigation mode VMWERV
    - Documentation: Move L1TF to separate directory
    - Documentation: Add MDS vulnerability documentation
    - x86/speculation/mds: Add mds=full,nosmt cmdline option
    - x86/speculation: Move arch_smt_update() call to after mitigation decisions
    - x86/speculation/mds: Add SMT warning message
    - x86/speculation/mds: Fix comment
    - x86/speculation/mds: Print SMT vulnerable on MSBDS with mitigations off
    - x86/speculation/mds: Add 'mitigations=' support for MDS
  * CVE-2017-5715 // CVE-2017-5753
    - s390/speculation: Support 'mitigations=' cmdline option
  * CVE-2017-5715 // CVE-2017-5753 // CVE-2017-5754 // CVE-2018-3639
    - powerpc/speculation: Support 'mitigations=' cmdline option
  * CVE-2017-5715 // CVE-2017-5754 // CVE-2018-3620 // CVE-2018-3639 //
    CVE-2018-3646
    - cpu/speculation: Add 'mitigations=' cmdline option
    - x86/speculation: Support 'mitigations=' cmdline option
  * Packaging resync (LP: #1786013)
    - [Packaging] resync git-ubuntu-log

linux-azure (4.15.0-1044.48~14.04.1) trusty; urgency=medium

* linux-azure: 4.15.0-1044.48~14.04.1 -proposed tracker (LP: #1826352)

* Packaging resync (LP: #1786013)
    - [Packaging] resync git-ubuntu-log
    - [Packaging] update helper scripts

[ Ubuntu: 4.15.0-1044.48 ]

* linux-azure: 4.15.0-1044.48 -proposed tracker (LP: #1826354)
  * [linux-azure] Include mainline commits fc96df16a1ce and ba50bf1ce9a5 in
    Azure kernel (LP: #1821378)
    - Drivers: hv: vmbus: Return -EINVAL for the sys files for unopened channels
    - Drivers: hv: vmbus: Check for ring when getting debug info
  * [linux-azure] Commit To Improve NVMe Performance (LP: #1819689)
    - blk-mq: remove the request_list usage
  * linux: 4.15.0-49.53 -proposed tracker (LP: #1826358)
  * Backport support for software count cache flush Spectre v2 mitigation. (CVE)
    (required for POWER9 DD2.3) (LP: #1822870)
    - powerpc/64s: Add support for ori barrier_nospec patching
    - powerpc/64s: Patch barrier_nospec in modules
    - powerpc/64s: Enable barrier_nospec based on firmware settings
    - powerpc: Use barrier_nospec in copy_from_user()
    - powerpc/64: Use barrier_nospec in syscall entry
    - powerpc/64s: Enhance the information in cpu_show_spectre_v1()
    - powerpc/64: Disable the speculation barrier from the command line
    - powerpc/64: Make stf barrier PPC_BOOK3S_64 specific.
    - powerpc/64: Add CONFIG_PPC_BARRIER_NOSPEC
    - powerpc/64: Call setup_barrier_nospec() from setup_arch()
    - powerpc/64: Make meltdown reporting Book3S 64 specific
    - powerpc/lib/code-patching: refactor patch_instruction()
    - powerpc/lib/feature-fixups: use raw_patch_instruction()
    - powerpc/asm: Add a patch_site macro & helpers for patching instructions
    - powerpc/64s: Add new security feature flags for count cache flush
    - powerpc/64s: Add support for software count cache flush
    - powerpc/pseries: Query hypervisor for count cache flush settings
    - powerpc/powernv: Query firmware for count cache flush settings
    - powerpc/fsl: Add nospectre_v2 command line argument
    - KVM: PPC: Book3S: Add count cache flush parameters to kvmppc_get_cpu_char()
    - [Config] Add CONFIG_PPC_BARRIER_NOSPEC
  * Packaging resync (LP: #1786013)
    - [Packaging] resync git-ubuntu-log
  * autopkgtests run too often, too much and don't skip enough (LP: #1823056)
    - [Debian] Set +x on rebuild testcase.
    - [Debian] Skip rebuild test, for regression-suite deps.
    - [Debian] Make ubuntu-regression-suite skippable on unbootable kernels.
    - [Debian] make rebuild use skippable error codes when skipping.
    - [Debian] Only run regression-suite, if requested to.
  * bionic: fork out linux-snapdragon into its own topic kernel (LP: #1820868)
    - [Packaging] remove arm64 snapdragon from getabis
    - [Config] config changes for snapdragon split
    - packaging: arm64: disable building the snapdragon flavour
    - [Packaging] arm64: Drop snapdragon from kernel-versions
  * CVE-2017-5753
    - KVM: arm/arm64: vgic: fix possible spectre-v1 in vgic_get_irq()
    - media: dvb_ca_en50221: prevent using slot_info for Spectre attacs
    - sysvipc/sem: mitigate semnum index against spectre v1
    - libahci: Fix possible Spectre-v1 pmp indexing in ahci_led_store()
    - s390/keyboard: sanitize array index in do_kdsk_ioctl
    - arm64: fix possible spectre-v1 write in ptrace_hbp_set_event()
    - KVM: arm/arm64: vgic: Fix possible spectre-v1 write in vgic_mmio_write_apr()
    - pktcdvd: Fix possible Spectre-v1 for pkt_devs
    - net: socket: fix potential spectre v1 gadget in socketcall
    - net: socket: Fix potential spectre v1 gadget in sock_is_registered
    - drm/amdgpu/pm: Fix potential Spectre v1
    - netlink: Fix spectre v1 gadget in netlink_create()
    - ext4: fix spectre gadget in ext4_mb_regular_allocator()
    - drm/i915/kvmgt: Fix potential Spectre v1
    - net: sock_diag: Fix spectre v1 gadget in __sock_diag_cmd()
    - fs/quota: Fix spectre gadget in do_quotactl
    - hwmon: (nct6775) Fix potential Spectre v1
    - mac80211_hwsim: Fix possible Spectre-v1 for hwsim_world_regdom_custom
    - switchtec: Fix Spectre v1 vulnerability
    - misc: hmc6352: fix potential Spectre v1
    - tty: vt_ioctl: fix potential Spectre v1
    - nl80211: Fix possible Spectre-v1 for NL80211_TXRATE_HT
    - nl80211: Fix possible Spectre-v1 for CQM RSSI thresholds
    - IB/ucm: Fix Spectre v1 vulnerability
    - RDMA/ucma: Fix Spectre v1 vulnerability
    - drm/bufs: Fix Spectre v1 vulnerability
    - usb: gadget: storage: Fix Spectre v1 vulnerability
    - ptp: fix Spectre v1 vulnerability
    - HID: hiddev: fix potential Spectre v1
    - vhost: Fix Spectre V1 vulnerability
    - drivers/misc/sgi-gru: fix Spectre v1 vulnerability
    - ipv4: Fix potential Spectre v1 vulnerability
    - aio: fix spectre gadget in lookup_ioctx
    - ALSA: emux: Fix potential Spectre v1 vulnerabilities
    - ALSA: pcm: Fix potential Spectre v1 vulnerability
    - ip6mr: Fix potential Spectre v1 vulnerability
    - ALSA: rme9652: Fix potential Spectre v1 vulnerability
    - ALSA: emu10k1: Fix potential Spectre v1 vulnerabilities
    - KVM: arm/arm64: vgic: Fix off-by-one bug in vgic_get_irq()
    - drm/ioctl: Fix Spectre v1 vulnerabilities
    - char/mwave: fix potential Spectre v1 vulnerability
    - applicom: Fix potential Spectre v1 vulnerabilities
    - ipmi: msghandler: Fix potential Spectre v1 vulnerabilities
    - powerpc/ptrace: Mitigate potential Spectre v1
    - cfg80211: prevent speculation on cfg80211_classify8021d() return
    - ALSA: rawmidi: Fix potential Spectre v1 vulnerability
    - ALSA: seq: oss: Fix Spectre v1 vulnerability
  * Bionic: Sync to Xenial (Spectre) (LP: #1822760)
    - x86/speculation/l1tf: Suggest what to do on systems with too much RAM
    - KVM: SVM: Add MSR-based feature support for serializing LFENCE
    - KVM: VMX: fixes for vmentry_l1d_flush module parameter
    - KVM: X86: Allow userspace to define the microcode version
    - SAUCE: [Fix] x86/KVM/VMX: Add L1D flush logic
    - SAUCE: [Fix] x86/speculation: Use ARCH_CAPABILITIES to skip L1D flush on
      vmentry
  * [SRU] [B/OEM] Fix ACPI bug that causes boot failure (LP: #1819921)
    - SAUCE: ACPI / bus: Add some Lenovo laptops in list of acpi table term list
  * Bionic update: upstream stable patchset for fuse 2019-04-12 (LP: #1824553)
    - fuse: fix double request_end()
    - fuse: fix unlocked access to processing queue
    - fuse: umount should wait for all requests
    - fuse: Fix oops at process_init_reply()
    - fuse: Don't access pipe->buffers without pipe_lock()
    - fuse: Fix use-after-free in fuse_dev_do_read()
    - fuse: Fix use-after-free in fuse_dev_do_write()
    - fuse: set FR_SENT while locked
    - fuse: fix blocked_waitq wakeup
    - fuse: fix leaked notify reply
    - fuse: fix possibly missed wake-up after abort
    - fuse: fix use-after-free in fuse_direct_IO()
    - fuse: continue to send FUSE_RELEASEDIR when FUSE_OPEN returns ENOSYS
    - fuse: handle zero sized retrieve correctly
    - fuse: call pipe_buf_release() under pipe lock
    - fuse: decrement NR_WRITEBACK_TEMP on the right page
  * Backport support for software count cache flush Spectre v2 mitigation. (CVE)
    (required for POWER9 DD2.3) (LP: #1822870) // Backport support for software
    count cache flush Spectre v2 mitigation. (CVE) (required for POWER9 DD2.3)
    (LP: #1822870)
    - powerpc64s: Show ori31 availability in spectre_v1 sysfs file not v2
    - powerpc/fsl: Fix spectre_v2 mitigations reporting
    - powerpc: Avoid code patching freed init sections
  * Backport support for software count cache flush Spectre v2 mitigation. (CVE)
    (required for POWER9 DD2.3) (LP: #1822870) // Backport support for software
    count cache flush Spectre v2 mitigation. (CVE) (required for POWER9 DD2.3)
    (LP: #1822870) // Backport support for software count cache flush Spectre v2
    mitigation. (CVE) (required for POWER9 DD2.3) (LP: #1822870)
    - powerpc/security: Fix spectre_v2 reporting
  * CVE-2019-3874
    - sctp: use sk_wmem_queued to check for writable space
    - sctp: implement memory accounting on tx path
    - sctp: implement memory accounting on rx path
  * NULL pointer dereference when using z3fold and zswap (LP: #1814874)
    - z3fold: fix possible reclaim races
  * Kprobe event argument syntax in ftrace from ubuntu_kernel_selftests failed
    on B PowerPC (LP: #1812809)
    - selftests/ftrace: Add ppc support for kprobe args tests
  * The Realtek card reader does not enter PCIe 1.1/1.2 (LP: #1825487)
    - misc: rtsx: make various functions static
    - misc: rtsx: Enable OCP for rts522a rts524a rts525a rts5260
    - SAUCE: misc: rtsx: Fixed rts5260 power saving parameter and sd glitch
  * headset-mic doesn't work on two Dell laptops. (LP: #1825272)
    - ALSA: hda/realtek - add two more pin configuration sets to quirk table
  * CVE-2018-16884
    - sunrpc: use SVC_NET() in svcauth_gss_* functions
    - sunrpc: use-after-free in svc_process_common()
  * sky2 ethernet card don't work after returning from suspension (LP: #1798921)
    - sky2: Increase D3 delay again
  * CVE-2019-9500
    - brcmfmac: assure SSID length from firmware is limited
  * CVE-2019-9503
    - brcmfmac: add subtype check for event handling in data path
  * CVE-2019-3882
    - vfio/type1: Limit DMA mappings per container
  * Intel I210 Ethernet card not working after hotplug [8086:1533]
    (LP: #1818490)
    - igb: Fix WARN_ONCE on runtime suspend
  * bionic, xenial/hwe: misses "fuse: fix initial parallel dirops" patch
    (LP: #1823972)
    - fuse: fix initial parallel dirops
  * amdgpu resume failure: failed to allocate wb slot (LP: #1825074)
    - drm/amdgpu: fix&cleanups for wb_clear
  * Pop noise when headset is plugged in or removed from GHS/Line-out jack
    (LP: #1821290)
    - ALSA: hda/realtek - Add unplug function into unplug state of Headset Mode
      for ALC225
    - ALSA: hda/realtek - Disable headset Mic VREF for headset mode of ALC225
    - ALSA: hda/realtek - Add support headset mode for DELL WYSE AIO
    - ALSA: hda/realtek - Add support headset mode for New DELL WYSE NB
  * mac80211_hwsim unable to handle kernel NULL pointer dereference
    at0000000000000000  (LP: #1825058)
    - mac80211_hwsim: Timer should be initialized before device registered
  * [regression][snd_hda_codec_realtek] repeating crackling noise after 19.04
    upgrade (LP: #1821663)
    - ALSA: hda: Add Intel NUC7i3BNB to the power_save blacklist
    - ALSA: hda - add Lenovo IdeaCentre B550 to the power_save_blacklist
    - ALSA: hda - Add two more machines to the power_save_blacklist
  * ubuntu_nbd_smoke_test failed on P9 with Bionic kernel (LP: #1822247)
    - nbd: fix how we set bd_invalidated
  * TSC clocksource not available in nested guests (LP: #1822821)
    - kvmclock: fix TSC calibration for nested guests
  * 4.15 kernel ip_vs --ops causes performance and hang problem (LP: #1819786)
    - ipvs: fix refcount usage for conns in ops mode
  * systemd cause kernel trace "BUG: unable to handle kernel paging request at
    6db23a14" on Cosmic i386 (LP: #1813244) // systemd cause kernel trace "BUG:
    unable to handle kernel paging request at 6db23a14" on Cosmic i386
    (LP: #1813244)
    - openvswitch: fix flow actions reallocation

linux-azure (4.15.0-1043.47~14.04.1) trusty; urgency=medium

* linux-azure: 4.15.0-1043.47~14.04.1 -proposed tracker (LP: #1826229)

* Packaging resync (LP: #1786013)
    - [Packaging] update helper scripts

[ Ubuntu: 4.15.0-1043.47 ]

* linux-azure: 4.15.0-1043.47 -proposed tracker (LP: #1826230)
  * linux-azure: Add the Catapult FPGA Driver (LP: #1824879)
    - SAUCE: linux-azure: Include Catapult FPGA PCI driver
    - [Config] linux-azure: CONFIG_CATAPULT_PCI=m

-- Stefan Bader <stefan.bader@canonical.com>  Mon, 13 May 2019 18:50:49 +0200

Changed in linux-azure (Ubuntu):
status:	New → Fix Released

Revision history for this message

Steve Langasek (vorlon) wrote on 2019-05-14: Update Released

#6

The verification of the Stable Release Update for linux-azure has completed successfully and the package has now been released to -updates. Subsequently, the Ubuntu Stable Release Updates Team is being unsubscribed and will not receive messages about this bug report. In the event that you encounter a regression using the package from -updates please report a new bug using ubuntu-bug and tag the bug report regression-update so we can easily find any regressions.

	Status	Importance	Assigned to
linux-azure (Ubuntu)	Fix Released	Undecided	Unassigned
Xenial	Fix Released	Undecided	Unassigned
Cosmic	Fix Released	Undecided	Unassigned

Ubuntu
linux-azure package

[linux-azure] Include mainline commits fc96df16a1ce and ba50bf1ce9a5 in Azure kernel

Bug Description

CVE References

Other bug subscribers

Remote bug watches

Ubuntulinux-azure package

[linux-azure] Include mainline commits fc96df16a1ce and ba50bf1ce9a5 in Azure kernel

Bug Description

CVE References

Other bug subscribers

Remote bug watches

Ubuntu
linux-azure package