linux-hwe (4.13.0-45.50~16.04.1) xenial; urgency=medium * linux-hwe: 4.13.0-45.50~16.04.1 -proposed tracker (LP: #1774129) * linux: 4.13.0-45.50 -proposed tracker (LP: #1774124) * CVE-2018-3639 (x86) - SAUCE: Set generic SSBD feature for Intel cpus -- Kleber Sacilotto de Souza Wed, 30 May 2018 11:35:28 +0200 linux (4.13.0-44.49) artful; urgency=medium * linux: 4.13.0-44.49 -proposed tracker (LP: #1772951) * CVE-2018-3639 (x86) - x86/cpu: Make alternative_msr_write work for 32-bit code - x86/cpu/AMD: Fix erratum 1076 (CPB bit) - x86/bugs: Fix the parameters alignment and missing void - KVM: SVM: Move spec control call after restore of GS - x86/speculation: Use synthetic bits for IBRS/IBPB/STIBP - x86/cpufeatures: Disentangle MSR_SPEC_CTRL enumeration from IBRS - x86/cpufeatures: Disentangle SSBD enumeration - x86/cpufeatures: Add FEATURE_ZEN - x86/speculation: Handle HT correctly on AMD - x86/bugs, KVM: Extend speculation control for VIRT_SPEC_CTRL - x86/speculation: Add virtualized speculative store bypass disable support - x86/speculation: Rework speculative_store_bypass_update() - x86/bugs: Unify x86_spec_ctrl_{set_guest,restore_host} - x86/bugs: Expose x86_spec_ctrl_base directly - x86/bugs: Remove x86_spec_ctrl_set() - x86/bugs: Rework spec_ctrl base and mask logic - x86/speculation, KVM: Implement support for VIRT_SPEC_CTRL/LS_CFG - KVM: SVM: Implement VIRT_SPEC_CTRL support for SSBD - x86/bugs: Rename SSBD_NO to SSB_NO - KVM: VMX: Expose SSBD properly to guests. * [Ubuntu 16.04] kernel: fix rwlock implementation (LP: #1761674) - SAUCE: (no-up) s390: fix rwlock implementation * CVE-2018-7492 - rds: Fix NULL pointer dereference in __rds_rdma_map * CVE-2018-8781 - drm: udl: Properly check framebuffer mmap offsets * fsnotify: Fix fsnotify_mark_connector race (LP: #1765564) - fsnotify: Fix fsnotify_mark_connector race * Kernel panic on boot (m1.small in cn-north-1) (LP: #1771679) - x86/xen: Reset VCPU0 info pointer after shared_info remap * Suspend to idle: Open lid didn't resume (LP: #1771542) - ACPI / PM: Do not reconfigure GPEs for suspend-to-idle * CVE-2018-1092 - ext4: fail ext4_iget for root directory if unallocated * [SRU][Artful] using vfio-pci on a combination of cn8xxx and some PCI devices results in a kernel panic. (LP: #1770254) - PCI: Avoid bus reset if bridge itself is broken - PCI: Mark Cavium CN8xxx to avoid bus reset - PCI: Avoid slot reset if bridge itself is broken * Battery drains when laptop is off (shutdown) (LP: #1745646) - PCI / PM: Check device_may_wakeup() in pci_enable_wake() * perf record crash: refcount_inc assertion failed (LP: #1769027) - perf cgroup: Fix refcount usage - perf xyarray: Fix wrong processing when closing evsel fd * Dell Latitude 5490/5590 BIOS update 1.1.9 causes black screen at boot (LP: #1764194) - drm/i915/bios: filter out invalid DDC pins from VBT child devices * Fix an issue that some PCI devices get incorrectly suspended (LP: #1764684) - PCI / PM: Always check PME wakeup capability for runtime wakeup support * [SRU][Bionic/Artful] fix false positives in W+X checking (LP: #1769696) - init: fix false positives in W+X checking * CVE-2018-1068 - netfilter: ebtables: CONFIG_COMPAT: don't trust userland offsets * CVE-2018-8087 - mac80211_hwsim: fix possible memory leak in hwsim_new_radio_nl() * Integrated Webcam Realtek Integrated_Webcam_HD (0bda:58f4) not working in DELL XPS 13 9370 with firmware 1.50 (LP: #1763748) - SAUCE: media: uvcvideo: Support realtek's UVC 1.5 device * unregister_netdevice: waiting for eth0 to become free. Usage count = 5 (LP: #1746474) - ipv4: convert dst_metrics.refcnt from atomic_t to refcount_t - xfrm: reuse uncached_list to track xdsts * Acer Swift sf314-52 power button not managed (LP: #1766054) - SAUCE: platform/x86: acer-wmi: add another KEY_POWER keycode * set PINCFG_HEADSET_MIC to parse_flags for Dell precision 3630 (LP: #1766398) - ALSA: hda/realtek - set PINCFG_HEADSET_MIC to parse_flags * Change the location for one of two front mics on a lenovo thinkcentre machine (LP: #1766477) - ALSA: hda/realtek - adjust the location of one mic -- Stefan Bader Thu, 24 May 2018 10:31:54 +0200 linux (4.13.0-43.48) artful; urgency=medium * CVE-2018-3639 (powerpc) - SAUCE: rfi-flush: update H_CPU_* macro names to upstream - SAUCE: rfi-flush: update plpar_get_cpu_characteristics() signature to upstream - SAUCE: update pseries_setup_rfi_flush() capitalization to upstream - powerpc/pseries: Support firmware disable of RFI flush - powerpc/powernv: Support firmware disable of RFI flush - powerpc/64s: Allow control of RFI flush via debugfs - powerpc/rfi-flush: Move the logic to avoid a redo into the debugfs code - powerpc/rfi-flush: Always enable fallback flush on pseries - powerpc/rfi-flush: Differentiate enabled and patched flush types - powerpc/pseries: Add new H_GET_CPU_CHARACTERISTICS flags - powerpc: Add security feature flags for Spectre/Meltdown - powerpc/powernv: Set or clear security feature flags - powerpc/pseries: Set or clear security feature flags - powerpc/powernv: Use the security flags in pnv_setup_rfi_flush() - powerpc/pseries: Use the security flags in pseries_setup_rfi_flush() - powerpc/pseries: Fix clearing of security feature flags - powerpc: Move default security feature flags - powerpc/pseries: Restore default security feature flags on setup - powerpc/64s: Add support for a store forwarding barrier at kernel entry/exit * CVE-2018-3639 (x86) - SAUCE: Add X86_FEATURE_ARCH_CAPABILITIES - SAUCE: x86: Add alternative_msr_write - x86/nospec: Simplify alternative_msr_write() - x86/pti: Do not enable PTI on CPUs which are not vulnerable to Meltdown - x86/bugs: Concentrate bug detection into a separate function - x86/bugs: Concentrate bug reporting into a separate function - x86/msr: Add definitions for new speculation control MSRs - x86/bugs: Read SPEC_CTRL MSR during boot and re-use reserved bits - x86/bugs, KVM: Support the combination of guest and host IBRS - x86/bugs: Expose /sys/../spec_store_bypass - x86/cpufeatures: Add X86_FEATURE_RDS - x86/bugs: Provide boot parameters for the spec_store_bypass_disable mitigation - x86/bugs/intel: Set proper CPU features and setup RDS - x86/bugs: Whitelist allowed SPEC_CTRL MSR values - x86/bugs/AMD: Add support to disable RDS on Fam[15,16,17]h if requested - x86/KVM/VMX: Expose SPEC_CTRL Bit(2) to the guest - x86/speculation: Create spec-ctrl.h to avoid include hell - prctl: Add speculation control prctls - x86/process: Allow runtime control of Speculative Store Bypass - x86/speculation: Add prctl for Speculative Store Bypass mitigation - nospec: Allow getting/setting on non-current task - proc: Provide details on speculation flaw mitigations - seccomp: Enable speculation flaw mitigations - SAUCE: x86/bugs: Honour SPEC_CTRL default - x86/bugs: Make boot modes __ro_after_init - prctl: Add force disable speculation - seccomp: Use PR_SPEC_FORCE_DISABLE - seccomp: Add filter flag to opt-out of SSB mitigation - seccomp: Move speculation migitation control to arch code - x86/speculation: Make "seccomp" the default mode for Speculative Store Bypass - x86/bugs: Rename _RDS to _SSBD - proc: Use underscores for SSBD in 'status' - Documentation/spec_ctrl: Do some minor cleanups - x86/bugs: Fix __ssb_select_mitigation() return type - x86/bugs: Make cpu_show_common() static * LSM Stacking prctl values should be redefined as to not collide with upstream prctls (LP: #1769263) // CVE-2018-3639 - SAUCE: LSM stacking: adjust prctl values -- Stefan Bader Tue, 15 May 2018 07:39:26 +0200 linux (4.13.0-42.47) artful; urgency=medium * linux: 4.13.0-42.47 -proposed tracker (LP: #1769993) * arm64: fix CONFIG_DEBUG_WX address reporting (LP: #1765850) - arm64: fix CONFIG_DEBUG_WX address reporting * HiSilicon HNS NIC names are truncated in /proc/interrupts (LP: #1765977) - net: hns: Avoid action name truncation * CVE-2017-18208 - mm/madvise.c: fix madvise() infinite loop under special circumstances * CVE-2018-8822 - staging: ncpfs: memory corruption in ncp_read_kernel() * CVE-2017-18203 - dm: fix race between dm_get_from_kobject() and __dm_destroy() * CVE-2017-17449 - netlink: Add netns check on taps * CVE-2017-17975 - media: usbtv: prevent double free in error case * [8086:3e92] display becomes blank after S3 (LP: #1763271) - drm/i915/edp: Allow alternate fixed mode for eDP if available. - drm/i915/dp: rename intel_dp_is_edp to intel_dp_is_port_edp - drm/i915/dp: make is_edp non-static and rename to intel_dp_is_edp - drm/i915/edp: Do not do link training fallback or prune modes on EDP * sky2 gigabit ethernet driver sometimes stops working after lid-open resume from sleep (88E8055) (LP: #1758507) - sky2: Increase D3 delay to sky2 stops working after suspend * perf vendor events arm64: Enable JSON events for ThunderX2 B0 (LP: #1760712) - perf vendor events arm64: Enable JSON events for ThunderX2 B0 * No network with e1000e driver on 4.13.0-38-generic (LP: #1762693) - e1000e: Fix e1000_check_for_copper_link_ich8lan return value. * /dev/ipmi enumeration flaky on Cavium Sabre nodes (LP: #1762812) - i2c: xlp9xx: return ENXIO on slave address NACK - i2c: xlp9xx: Handle transactions with I2C_M_RECV_LEN properly - i2c: xlp9xx: Check for Bus state before every transfer - i2c: xlp9xx: Handle NACK on DATA properly * "ip a" command on a guest VM shows UNKNOWN status (LP: #1761534) - virtio-net: Fix operstate for virtio when no VIRTIO_NET_F_STATUS * fix regression in mm/hotplug, allows NVIDIA driver to work (LP: #1761104) - SAUCE: Fix revert "mm, memory_hotplug: do not associate hotadded memory to zones until online" * ibrs/ibpb fixes result in excessive kernel logging (LP: #1755627) - SAUCE: remove ibrs_dump sysctl interface -- Kleber Sacilotto de Souza Mon, 07 May 2018 15:06:58 +0200 linux (4.13.0-41.46) artful; urgency=medium * CVE-2018-8897 - x86/entry/64: Don't use IST entry for #BP stack * CVE-2018-1087 - kvm/x86: fix icebp instruction handling * CVE-2018-1000199 - perf/hwbp: Simplify the perf-hwbp code, fix documentation -- Kleber Sacilotto de Souza Wed, 02 May 2018 11:58:49 +0200 linux (4.13.0-39.44) artful; urgency=medium * linux: 4.13.0-39.44 -proposed tracker (LP: #1761456) * intel-microcode 3.20180312.0 causes lockup at login screen(w/ linux- image-4.13.0-37-generic) (LP: #1759920) // CVE-2017-5715 (Spectre v2 Intel) // CVE-2017-5754 - x86/mm: Reinitialize TLB state on hotplug and resume * intel-microcode 3.20180312.0 causes lockup at login screen(w/ linux- image-4.13.0-37-generic) (LP: #1759920) // CVE-2017-5715 (Spectre v2 Intel) - Revert "x86/mm: Only set IBPB when the new thread cannot ptrace current thread" - x86/speculation: Use Indirect Branch Prediction Barrier in context switch * DKMS driver builds fail with: Cannot use CONFIG_STACK_VALIDATION=y, please install libelf-dev, libelf-devel or elfutils-libelf-devel (LP: #1760876) - [Packaging] include the retpoline extractor in the headers * retpoline hints: primary infrastructure and initial hints (LP: #1758856) - [Packaging] retpoline-extract: flag *0xNNN(%reg) branches - x86/speculation, objtool: Annotate indirect calls/jumps for objtool - x86/speculation, objtool: Annotate indirect calls/jumps for objtool on 32bit - x86/paravirt, objtool: Annotate indirect calls - [Packaging] retpoline -- add safe usage hint support - [Packaging] retpoline-check -- only report additions - [Packaging] retpoline -- widen indirect call/jmp detection - [Packaging] retpoline -- elide %rip relative indirections - [Packaging] retpoline -- clear hint information from packages - KVM: x86: Make indirect calls in emulator speculation safe - KVM: VMX: Make indirect call speculation safe - x86/boot, objtool: Annotate indirect jump in secondary_startup_64() - SAUCE: early/late -- annotate indirect calls in early/late initialisation code - SAUCE: vga_set_mode -- avoid jump tables - [Config] retpoline -- switch to new format - [Packaging] retpoline hints -- handle missing files when RETPOLINE not enabled - [Packaging] final-checks -- remove check for empty retpoline files * retpoline: ignore %cs:0xNNN constant indirections (LP: #1752655) - [Packaging] retpoline -- elide %cs:0xNNNN constants on i386 * zfs system process hung on container stop/delete (LP: #1754584) - SAUCE: Fix non-prefaulted page deadlock (LP: #1754584) * zfs-linux 0.6.5.11-1ubuntu5 ADT test failure with linux 4.15.0-1.2 (LP: #1737761) - SAUCE: (noup) Update zfs to 0.6.5.11-1ubuntu3.2 * AT_BASE_PLATFORM in AUXV is absent on kernels available on Ubuntu 17.10 (LP: #1759312) - powerpc/64s: Fix NULL AT_BASE_PLATFORM when using DT CPU features * btrfs and tar sparse truncate archives (LP: #1757565) - Btrfs: move definition of the function btrfs_find_new_delalloc_bytes - Btrfs: fix reported number of inode blocks after buffered append writes * efifb broken on ThunderX-based Gigabyte nodes (LP: #1758375) - drivers/fbdev/efifb: Allow BAR to be moved instead of claiming it * Intel i40e PF reset due to incorrect MDD detection (continues...) (LP: #1723127) - i40e/i40evf: Account for frags split over multiple descriptors in check linearize * Fix an issue that when system in S3, USB keyboard can't wake up the system. (LP: #1759511) - ACPI / PM: Allow deeper wakeup power states with no _SxD nor _SxW * [8086:3e92] display becomes blank after S3 (LP: #1759188) - drm/i915: Apply Display WA #1183 on skl, kbl, and cfl * add audio kernel patches for Raven (LP: #1758364) - ALSA: hda: Add Raven PCI ID - ALSA: hda/realtek - Fix ALC700 family no sound issue * Cpu utilization showing system time for kvm guests (performance) (sysstat) (LP: #1755979) - KVM: PPC: Book3S HV: Fix guest time accounting with VIRT_CPU_ACCOUNTING_GEN * Kernel panic on a nfsroot system (LP: #1734327) - Revert "UBUNTU: SAUCE: LSM stacking: add stacking support to apparmor network hooks" - Revert "UBUNTU: SAUCE: LSM stacking: LSM: Infrastructure management of the remaining blobs" * can't record sound via front headset port on the Dell Precision 3630 (LP: #1759088) - ALSA: hda/realtek - Fix Dell headset Mic can't record * speaker can't output sound anymore after system resumes from S3 on a lenovo machine with alc257 (LP: #1758829) - ALSA: hda/realtek - Fix speaker no sound after system resume * hda driver initialization takes too much time on the machine with coffeelake audio controller [8086:a348] (LP: #1758800) - ALSA: hda - Force polling mode on CFL for fixing codec communication * Let headset-mode initialization be called on Dell Precision 3930 (LP: #1757584) - ALSA: hda/realtek - Add headset mode support for Dell laptop * ubuntu_zram_smoke test will cause soft lockup on Artful ThunderX ARM64 (LP: #1755073) - SAUCE: crypto: thunderx_zip: Fix fallout from CONFIG_VMAP_STACK * [Hyper-V] include kvp fix for Avoid reading past allocated blocks from KVP file (LP: #1750349) - hv: kvp: Avoid reading past allocated blocks from KVP file * IMA policy parsing is broken in 4.13 (LP: #1755804) - ima/policy: fix parsing of fsuuid * external mic not work on Dell OptiPlex 7460 AIO (LP: #1755954) - ALSA: hda/realtek - Add headset mode support for Dell laptop * sbsa watchdog crashes thunderx2 system (LP: #1755595) - watchdog: sbsa: use 32-bit read for WCV * CVE-2018-8043 - net: phy: mdio-bcm-unimac: fix potential NULL dereference in unimac_mdio_probe() -- Stefan Bader Thu, 05 Apr 2018 14:47:00 +0200 linux (4.13.0-38.43) artful; urgency=medium * linux: 4.13.0-38.43 -proposed tracker (LP: #1755762) * Servers going OOM after updating kernel from 4.10 to 4.13 (LP: #1748408) - i40e: Fix memory leak related filter programming status - i40e: Add programming descriptors to cleaned_count * [SRU] Lenovo E41 Mic mute hotkey is not responding (LP: #1753347) - platform/x86: ideapad-laptop: Increase timeout to wait for EC answer * fails to dump with latest kpti fixes (LP: #1750021) - kdump: write correct address of mem_section into vmcoreinfo * headset mic can't be detected on two Dell machines (LP: #1748807) - ALSA: hda/realtek - Support headset mode for ALC215/ALC285/ALC289 - ALSA: hda - Fix headset mic detection problem for two Dell machines - ALSA: hda - Fix a wrong FIXUP for alc289 on Dell machines * CIFS SMB2/SMB3 does not work for domain based DFS (LP: #1747572) - CIFS: make IPC a regular tcon - CIFS: use tcon_ipc instead of use_ipc parameter of SMB2_ioctl - CIFS: dump IPC tcon in debug proc file * i2c-thunderx: erroneous error message "unhandled state: 0" (LP: #1754076) - i2c: octeon: Prevent error message on bus error * hisi_sas: Add disk LED support (LP: #1752695) - scsi: hisi_sas: directly attached disk LED feature for v2 hw * EDAC, sb_edac: Backport 1 patch to Ubuntu 17.10 (Fix missing DIMM sysfs entries with KNL SNC2/SNC4 mode) (LP: #1743856) - EDAC, sb_edac: Fix missing DIMM sysfs entries with KNL SNC2/SNC4 mode * [regression] Colour banding and artefacts appear system-wide on an Asus Zenbook UX303LA with Intel HD 4400 graphics (LP: #1749420) - drm/edid: Add 6 bpc quirk for CPT panel in Asus UX303LA * DVB Card with SAA7146 chipset not working (LP: #1742316) - vmalloc: fix __GFP_HIGHMEM usage for vmalloc_32 on 32b systems * [Asus UX360UA] battery status in unity-panel is not changing when battery is being charged (LP: #1661876) // AC adapter status not detected on Asus ZenBook UX410UAK (LP: #1745032) - ACPI / battery: Add quirk for Asus UX360UA and UX410UAK * ASUS UX305LA - Battery state not detected correctly (LP: #1482390) - ACPI / battery: Add quirk for Asus GL502VSK and UX305LA * support thunderx2 vendor pmu events (LP: #1747523) - perf pmu: Extract function to get JSON alias map - perf pmu: Pass pmu as a parameter to get_cpuid_str() - perf tools arm64: Add support for get_cpuid_str function. - perf pmu: Add helper function is_pmu_core to detect PMU CORE devices - perf vendor events arm64: Add ThunderX2 implementation defined pmu core events - perf pmu: Add check for valid cpuid in perf_pmu__find_map() * lpfc.ko module doesn't work (LP: #1746970) - scsi: lpfc: Fix loop mode target discovery * Ubuntu 17.10 crashes on vmalloc.c (LP: #1739498) - powerpc/mm/book3s64: Make KERN_IO_START a variable - powerpc/mm/slb: Move comment next to the code it's referring to - powerpc/mm/hash64: Make vmalloc 56T on hash * ethtool -p fails to light NIC LED on HiSilicon D05 systems (LP: #1748567) - net: hns: add ACPI mode support for ethtool -p * CVE-2017-17807 - KEYS: add missing permission check for request_key() destination * [Artful SRU] Fix capsule update regression (LP: #1746019) - efi/capsule-loader: Reinstate virtual capsule mapping * [Artful/Bionic] [Config] enable EDAC_GHES for ARM64 (LP: #1747746) - Ubuntu: [Config] enable EDAC_GHES for ARM64 * linux-tools: perf incorrectly linking libbfd (LP: #1748922) - SAUCE: tools -- add ability to disable libbfd - [Packaging] correct disablement of libbfd * Cherry pick c96f5471ce7d for delayacct fix (LP: #1747769) - delayacct: Account blkio completion on the correct task * Error in CPU frequency reporting when nominal and min pstates are same (cpufreq) (LP: #1746174) - cpufreq: powernv: Dont assume distinct pstate values for nominal and pmin * retpoline abi files are empty on i386 (LP: #1751021) - [Packaging] retpoline-extract -- instantiate retpoline files for i386 - [Packaging] final-checks -- sanity checking ABI contents - [Packaging] final-checks -- check for empty retpoline files * [P9,Power NV][WSP][Ubuntu 1804] : "Kernel access of bad area " when grouping different pmu events using perf fuzzer . (perf:) (LP: #1746225) - powerpc/perf: Fix oops when grouping different pmu events * bnx2x_attn_int_deasserted3:4323 MC assert! (LP: #1715519) // CVE-2018-1000026 - net: create skb_gso_validate_mac_len() - bnx2x: disable GSO where gso_size is too big for hardware * Ubuntu16.04.03: ISAv3 initialize MMU registers before setting partition table (LP: #1736145) - powerpc/64s: Initialize ISAv3 MMU registers before setting partition table * powerpc/powernv: Flush console before platform error reboot (LP: #1735159) - powerpc/powernv: Flush console before platform error reboot * Touchpad stops working after a few seconds in Lenovo ideapad 320 (LP: #1732056) - pinctrl/amd: fix masking of GPIO interrupts * [Artful][Wyse 3040] System hang when trying to enable an offlined CPU core (LP: #1736393) - SAUCE: drm/i915:Don't set chip specific data - SAUCE: drm/i915: make previous commit affects Wyse 3040 only * ppc64el: Do not call ibm,os-term on panic (LP: #1736954) - powerpc: Do not call ppc_md.panic in fadump panic notifier * Artful update to 4.13.16 stable release (LP: #1744213) - tcp_nv: fix division by zero in tcpnv_acked() - net: vrf: correct FRA_L3MDEV encode type - tcp: do not mangle skb->cb[] in tcp_make_synack() - net: systemport: Correct IPG length settings - netfilter/ipvs: clear ipvs_property flag when SKB net namespace changed - l2tp: don't use l2tp_tunnel_find() in l2tp_ip and l2tp_ip6 - bonding: discard lowest hash bit for 802.3ad layer3+4 - net: cdc_ether: fix divide by 0 on bad descriptors - net: qmi_wwan: fix divide by 0 on bad descriptors - qmi_wwan: Add missing skb_reset_mac_header-call - net: usb: asix: fill null-ptr-deref in asix_suspend - tcp: gso: avoid refcount_t warning from tcp_gso_segment() - tcp: fix tcp_fastretrans_alert warning - vlan: fix a use-after-free in vlan_device_event() - net/mlx5: Cancel health poll before sending panic teardown command - net/mlx5e: Set page to null in case dma mapping fails - af_netlink: ensure that NLMSG_DONE never fails in dumps - vxlan: fix the issue that neigh proxy blocks all icmpv6 packets - net: cdc_ncm: GetNtbFormat endian fix - fealnx: Fix building error on MIPS - net/sctp: Always set scope_id in sctp_inet6_skb_msgname - ima: do not update security.ima if appraisal status is not INTEGRITY_PASS - serial: omap: Fix EFR write on RTS deassertion - serial: 8250_fintek: Fix finding base_port with activated SuperIO - tpm-dev-common: Reject too short writes - rcu: Fix up pending cbs check in rcu_prepare_for_idle - ocfs2: fix cluster hang after a node dies - ocfs2: should wait dio before inode lock in ocfs2_setattr() - ipmi: fix unsigned long underflow - mm/page_alloc.c: broken deferred calculation - mm/page_ext.c: check if page_ext is not prepared - x86/cpu/amd: Derive L3 shared_cpu_map from cpu_llc_shared_mask - coda: fix 'kernel memory exposure attempt' in fsync - Linux 4.13.16 * Artful update to 4.13.15 stable release (LP: #1744212) - media: imon: Fix null-ptr-deref in imon_probe - media: dib0700: fix invalid dvb_detach argument - crypto: dh - Fix double free of ctx->p - crypto: dh - Don't permit 'p' to be 0 - crypto: dh - Don't permit 'key' or 'g' size longer than 'p' - USB: early: Use new USB product ID and strings for DbC device - USB: usbfs: compute urb->actual_length for isochronous - USB: Add delay-init quirk for Corsair K70 LUX keyboards - usb: gadget: f_fs: Fix use-after-free in ffs_free_inst - USB: serial: metro-usb: stop I/O after failed open - USB: serial: Change DbC debug device binding ID - USB: serial: qcserial: add pid/vid for Sierra Wireless EM7355 fw update - USB: serial: garmin_gps: fix I/O after failed probe and remove - USB: serial: garmin_gps: fix memory leak on probe errors - x86/MCE/AMD: Always give panic severity for UC errors in kernel context - platform/x86: peaq-wmi: Add DMI check before binding to the WMI interface - platform/x86: peaq_wmi: Fix missing terminating entry for peaq_dmi_table - HID: cp2112: add HIDRAW dependency - HID: wacom: generic: Recognize WACOM_HID_WD_PEN as a type of pen collection - staging: wilc1000: Fix bssid buffer offset in Txq - staging: ccree: fix 64 bit scatter/gather DMA ops - staging: greybus: spilib: fix use-after-free after deregistration - staging: vboxvideo: Fix reporting invalid suggested-offset-properties - staging: rtl8188eu: Revert 4 commits breaking ARP - Linux 4.13.15 * time drifting on linux-hwe kernels (LP: #1744988) - x86/tsc: Future-proof native_calibrate_tsc() - x86/tsc: Fix erroneous TSC rate on Skylake Xeon - x86/tsc: Print tsc_khz, when it differs from cpu_khz * Please backport vmd suspend/resume patches to 16.04 hwe (LP: #1745508) - PCI: vmd: Free up IRQs on suspend path * CVE-2017-17448 - netfilter: nfnetlink_cthelper: Add missing permission checks * Dell XPS 13 9360 bluetooth (Atheros) won't connect after resume (LP: #1744712) - Bluetooth: btusb: Restore QCA Rome suspend/resume fix with a "rewritten" version * [SRU] TrackPoint: middle button doesn't work on TrackPoint-compatible device. (LP: #1746002) - Input: trackpoint - force 3 buttons if 0 button is reported * TB16 dock ethernet corrupts data with hw checksum silently failing (LP: #1729674) - r8152: disable RX aggregation on Dell TB16 dock * [Artful] Realtek ALC225: 2 secs noise when a headset plugged in (LP: #1744058) - Revert "UBUNTU: SAUCE: ALSA: hda/realtek - Add support headset mode for DELL WYSE" - SAUCE: ALSA: hda/realtek - Add support headset mode for DELL WYSE - ALSA: hda/realtek - update ALC225 depop optimize * [A] skb leak in vhost_net / tun / tap (LP: #1738975) - vhost: fix skb leak in handle_rx() - tap: free skb if flags error - tun: free skb in early errors * Commit d9018976cdb6 missing in Kernels <4.14.x preventing lasting fix of Intel SPI bug on certain serial flash (LP: #1742696) - mfd: lpc_ich: Do not touch SPI-NOR write protection bit on Haswell/Broadwell - spi-nor: intel-spi: Fix broken software sequencing codes * CVE-2018-5332 - RDS: Heap OOB write in rds_message_alloc_sgs() * [A] KVM Windows BSOD on 4.13.x (LP: #1738972) - KVM: x86: fix APIC page invalidation * elantech touchpad of Lenovo L480/580 failed to detect hw_version (LP: #1733605) - Input: elantech - add new icbody type 15 * [SRU] External HDMI monitor failed to show screen on Lenovo X1 series (LP: #1738523) - SAUCE: drm/i915: Disable writing of TMDS_OE on Lenovo ThinkPad X1 series * ubuntu/xr-usb-serial didn't get built in zesty and artful (LP: #1733281) - SAUCE: make sure ubuntu/xr-usb-serial builds for x86 * Disabling zfs does not always disable module checks for the zfs modules (LP: #1737176) - [Packaging] disable zfs module checks when zfs is disabled * CVE-2017-17806 - crypto: hmac - require that the underlying hash algorithm is unkeyed * CVE-2017-17805 - crypto: salsa20 - fix blkcipher_walk API usage * CVE-2017-16994 - mm/pagewalk.c: report holes in hugetlb ranges * CVE-2017-17450 - netfilter: xt_osf: Add missing permission checks * apparmor profile load in stacked policy container fails (LP: #1746463) - SAUCE: apparmor: fix display of .ns_name for containers * CVE-2017-15129 - net: Fix double free and memory corruption in get_net_ns_by_id() * CVE-2018-5344 - loop: fix concurrent lo_open/lo_release * CVE-2017-1000407 - KVM: VMX: remove I/O port 0x80 bypass on Intel hosts * CVE-2017-0861 - ALSA: pcm: prevent UAF in snd_pcm_info * perf stat segfaults on uncore events w/o -a (LP: #1745246) - perf xyarray: Save max_x, max_y - perf evsel: Fix buffer overflow while freeing events * Support cppc-cpufreq driver on ThunderX2 systems (LP: #1745007) - mailbox: PCC: Move the MAX_PCC_SUBSPACES definition to header file - ACPI / CPPC: Make CPPC ACPI driver aware of PCC subspace IDs - ACPI / CPPC: Fix KASAN global out of bounds warning - ACPI: CPPC: remove initial assignment of pcc_ss_data * P-state not working in kernel 4.13 (LP: #1743269) - x86 / CPU: Avoid unnecessary IPIs in arch_freq_get_on_cpu() - x86 / CPU: Always show current CPU frequency in /proc/cpuinfo * Regression: KVM no longer supports Intel CPUs without Virtual NMI (LP: #1741655) - kvm: vmx: Reinstate support for CPUs without virtual NMI * System hang with Linux kernel due to mainline commit 24247aeeabe (LP: #1733662) - x86/intel_rdt/cqm: Prevent use after free * $(LOCAL_ENV_CC) and $(LOCAL_ENV_DISTCC_HOSTS) should be properly quoted (LP: #1744077) - [Debian] pass LOCAL_ENV_CC and LOCAL_ENV_DISTCC_HOSTS properly * the wifi driver is always hard blocked on a lenovo laptop (LP: #1743672) - ACPI: EC: Fix possible issues related to EC initialization order * text VTs are unavailable on desktop after upgrade to Ubuntu 17.10 (LP: #1724911) - drm/i915/fbdev: Always forward hotplug events * Samsung SSD 960 EVO 500GB refused to change power state (LP: #1705748) - nvme-pci: disable APST on Samsung SSD 960 EVO + ASUS PRIME B350M-A * [0cf3:e010] QCA6174A XR failed to pair with bt 4.0 device (LP: #1741166) - Bluetooth: btusb: Add support for 0cf3:e010 * CVE-2017-17741 - KVM: Fix stack-out-of-bounds read in write_mmio * CVE-2018-5333 - RDS: null pointer dereference in rds_atomic_free_op * [800 G3 SFF] [800 G3 DM]External microphone of headset(3-ring) is working, 2-ring mic not working, both not shown in sound settings (LP: #1740974) - ALSA: hda - Add MIC_NO_PRESENCE fixup for 2 HP machines * Two front mics can't work on a lenovo machine (LP: #1740973) - ALSA: hda - change the location for one mic on a Lenovo machine * No external microphone be detected via headset jack on a dell machine (LP: #1740972) - ALSA: hda - fix headset mic detection issue on a Dell machine * Can't detect external headset via line-out jack on some Dell machines (LP: #1740971) - ALSA: hda/realtek - Fix Dell AIO LineOut issue * Support realtek new codec alc257 in the alsa hda driver (LP: #1738911) - ALSA: hda/realtek - New codec support for ALC257 * Add support for 16g huge pages on Ubuntu 16.04.2 PowerNV (LP: #1706247) - powerpc/mm/hugetlb: Allow runtime allocation of 16G. - powerpc/mm/hugetlb: Add support for reserving gigantic huge pages via kernel command line - mm/hugetlb: Allow arch to override and call the weak function * the kernel is blackholing IPv6 packets to linkdown nexthops (LP: #1738219) - ipv6: Do not consider linkdown nexthops during multipath * e1000e in 4.4.0-97-generic breaks 82574L under heavy load. (LP: #1730550) - e1000e: Avoid receiver overrun interrupt bursts - e1000e: Separate signaling for link check/link up * Ubuntu 17.10: Include patch "crypto: vmx - Use skcipher for ctr fallback" (LP: #1732978) - crypto: vmx - Use skcipher for ctr fallback * QCA Rome bluetooth can not wakeup after USB runtime suspended. (LP: #1737890) - Bluetooth: btusb: driver to enable the usb-wakeup feature * /dev/bcache/by-uuid links not created after reboot (LP: #1729145) - SAUCE: (no-up) bcache: decouple emitting a cached_dev CHANGE uevent * Some VMs fail to reboot with "watchdog: BUG: soft lockup - CPU#0 stuck for 22s! [systemd:1]" (LP: #1730717) - SAUCE: exec: fix lockup because retry loop may never exit * Request to backport cxlflash patches to 16.04 HWE Kernel (LP: #1730515) - scsi: cxlflash: Use derived maximum write same length - scsi: cxlflash: Allow cards without WWPN VPD to configure - scsi: cxlflash: Derive pid through accessors * vagrant artful64 box filesystem too small (LP: #1726818) - block: factor out __blkdev_issue_zero_pages() - block: cope with WRITE ZEROES failing in blkdev_issue_zeroout() * Artful update to 4.13.14 stable release (LP: #1744121) - ppp: fix race in ppp device destruction - gso: fix payload length when gso_size is zero - ipv4: Fix traffic triggered IPsec connections. - ipv6: Fix traffic triggered IPsec connections. - netlink: do not set cb_running if dump's start() errs - net: call cgroup_sk_alloc() earlier in sk_clone_lock() - macsec: fix memory leaks when skb_to_sgvec fails - l2tp: check ps->sock before running pppol2tp_session_ioctl() - netlink: fix netlink_ack() extack race - sctp: add the missing sock_owned_by_user check in sctp_icmp_redirect - tcp/dccp: fix ireq->opt races - packet: avoid panic in packet_getsockopt() - geneve: Fix function matching VNI and tunnel ID on big-endian - net: bridge: fix returning of vlan range op errors - soreuseport: fix initialization race - ipv6: flowlabel: do not leave opt->tot_len with garbage - sctp: full support for ipv6 ip_nonlocal_bind & IP_FREEBIND - tcp/dccp: fix lockdep splat in inet_csk_route_req() - tcp/dccp: fix other lockdep splats accessing ireq_opt - net: dsa: check master device before put - net/unix: don't show information about sockets from other namespaces - tap: double-free in error path in tap_open() - net/mlx5: Fix health work queue spin lock to IRQ safe - net/mlx5e: Properly deal with encap flows add/del under neigh update - ipip: only increase err_count for some certain type icmp in ipip_err - ip6_gre: only increase err_count for some certain type icmpv6 in ip6gre_err - ip6_gre: update dst pmtu if dev mtu has been updated by toobig in __gre6_xmit - tcp: refresh tp timestamp before tcp_mtu_probe() - tap: reference to KVA of an unloaded module causes kernel panic - sctp: reset owner sk for data chunks on out queues when migrating a sock - net_sched: avoid matching qdisc with zero handle - l2tp: hold tunnel in pppol2tp_connect() - ipv6: addrconf: increment ifp refcount before ipv6_del_addr() - tcp: fix tcp_mtu_probe() vs highest_sack - mac80211: accept key reinstall without changing anything - mac80211: use constant time comparison with keys - mac80211: don't compare TKIP TX MIC key in reinstall prevention - usb: usbtest: fix NULL pointer dereference - Input: ims-psu - check if CDC union descriptor is sane - EDAC, sb_edac: Don't create a second memory controller if HA1 is not present - dmaengine: dmatest: warn user when dma test times out - Linux 4.13.14 -- Stefan Bader Wed, 14 Mar 2018 11:38:23 +0100 linux (4.13.0-37.42) artful; urgency=medium * linux: 4.13.0-37.42 -proposed tracker (LP: #1751798) * CVE-2017-5715 // CVE-2017-5753 // CVE-2017-5754 - arm64: Add ASM_BUG() - arm64: consistently use bl for C exception entry - arm64: move non-entry code out of .entry.text - arm64: unwind: avoid percpu indirection for irq stack - arm64: unwind: disregard frame.sp when validating frame pointer - arm64: mm: Fix set_memory_valid() declaration - arm64: Convert __inval_cache_range() to area-based - arm64: Expose DC CVAP to userspace - arm64: Handle trapped DC CVAP - arm64: Implement pmem API support - arm64: uaccess: Implement *_flushcache variants - arm64/vdso: Support mremap() for vDSO - arm64: unwind: reference pt_regs via embedded stack frame - arm64: unwind: remove sp from struct stackframe - arm64: uaccess: Add the uaccess_flushcache.c file - arm64: fix pmem interface definition - arm64: compat: Remove leftover variable declaration - fork: allow arch-override of VMAP stack alignment - arm64: kernel: remove {THREAD,IRQ_STACK}_START_SP - arm64: factor out PAGE_* and CONT_* definitions - arm64: clean up THREAD_* definitions - arm64: clean up irq stack definitions - arm64: move SEGMENT_ALIGN to - efi/arm64: add EFI_KIMG_ALIGN - arm64: factor out entry stack manipulation - arm64: assembler: allow adr_this_cpu to use the stack pointer - arm64: use an irq stack pointer - arm64: add basic VMAP_STACK support - arm64: add on_accessible_stack() - arm64: add VMAP_STACK overflow detection - arm64: Convert pte handling from inline asm to using (cmp)xchg - kvm: arm64: Convert kvm_set_s2pte_readonly() from inline asm to cmpxchg() - arm64: Move PTE_RDONLY bit handling out of set_pte_at() - arm64: Ignore hardware dirty bit updates in ptep_set_wrprotect() - arm64: Remove the !CONFIG_ARM64_HW_AFDBM alternative code paths - arm64: introduce separated bits for mm_context_t flags - arm64: cleanup {COMPAT_,}SET_PERSONALITY() macro - KVM: arm/arm64: Fix guest external abort matching - KVM: arm/arm64: vgic: constify seq_operations and file_operations - KVM: arm/arm64: vITS: Drop its_ite->lpi field - KVM: arm/arm64: Extract GICv3 max APRn index calculation - KVM: arm/arm64: Support uaccess of GICC_APRn - arm64: Use larger stacks when KASAN is selected - arm64: Define cputype macros for Falkor CPU - arm64: SW PAN: Point saved ttbr0 at the zero page when switching to init_mm - arm64: SW PAN: Update saved ttbr0 value on enter_lazy_tlb - x86/syscalls: Check address limit on user-mode return - arm/syscalls: Check address limit on user-mode return - arm64/syscalls: Check address limit on user-mode return - Revert "arm/syscalls: Check address limit on user-mode return" - syscalls: Use CHECK_DATA_CORRUPTION for addr_limit_user_check - arm/syscalls: Optimize address limit check - arm64/syscalls: Move address limit check in loop - futex: Remove duplicated code and fix undefined behaviour - arm64: KVM: Fix SMCCC handling of unimplemented SMC/HVC calls - arm64: syscallno is secretly an int, make it official - arm64: move TASK_* definitions to - arm64: mm: Use non-global mappings for kernel space - arm64: mm: Temporarily disable ARM64_SW_TTBR0_PAN - arm64: mm: Move ASID from TTBR0 to TTBR1 - arm64: mm: Remove pre_ttbr0_update_workaround for Falkor erratum #E1003 - arm64: mm: Rename post_ttbr0_update_workaround - arm64: mm: Fix and re-enable ARM64_SW_TTBR0_PAN - arm64: mm: Allocate ASIDs in pairs - arm64: mm: Add arm64_kernel_unmapped_at_el0 helper - arm64: mm: Invalidate both kernel and user ASIDs when performing TLBI - arm64: entry: Add exception trampoline page for exceptions from EL0 - arm64: mm: Map entry trampoline into trampoline and kernel page tables - arm64: entry: Explicitly pass exception level to kernel_ventry macro - arm64: entry: Hook up entry trampoline to exception vectors - arm64: erratum: Work around Falkor erratum #E1003 in trampoline code - arm64: cpu_errata: Add Kryo to Falkor 1003 errata - arm64: tls: Avoid unconditional zeroing of tpidrro_el0 for native tasks - arm64: entry: Add fake CPU feature for unmapping the kernel at EL0 - arm64: kaslr: Put kernel vectors address in separate data page - arm64: use RET instruction for exiting the trampoline - arm64: Kconfig: Add CONFIG_UNMAP_KERNEL_AT_EL0 - arm64: Kconfig: Reword UNMAP_KERNEL_AT_EL0 kconfig entry - arm64: Take into account ID_AA64PFR0_EL1.CSV3 - arm64: capabilities: Handle duplicate entries for a capability - arm64: mm: Introduce TTBR_ASID_MASK for getting at the ASID in the TTBR - arm64: kpti: Fix the interaction between ASID switching and software PAN - arm64: cputype: Add MIDR values for Cavium ThunderX2 CPUs - arm64: Turn on KPTI only on CPUs that need it - arm64: kpti: Make use of nG dependent on arm64_kernel_unmapped_at_el0() - arm64: mm: Permit transitioning from Global to Non-Global without BBM - arm64: kpti: Add ->enable callback to remap swapper using nG mappings - arm64: Force KPTI to be disabled on Cavium ThunderX - arm64: entry: Reword comment about post_ttbr_update_workaround - arm64: idmap: Use "awx" flags for .idmap.text .pushsection directives - arm64: barrier: Add CSDB macros to control data-value prediction - arm64: Implement array_index_mask_nospec() - arm64: Make USER_DS an inclusive limit - arm64: Use pointer masking to limit uaccess speculation - arm64: entry: Ensure branch through syscall table is bounded under speculation - arm64: uaccess: Prevent speculative use of the current addr_limit - arm64: uaccess: Don't bother eliding access_ok checks in __{get, put}_user - arm64: uaccess: Mask __user pointers for __arch_{clear, copy_*}_user - arm64: futex: Mask __user pointers prior to dereference - arm64: cpufeature: __this_cpu_has_cap() shouldn't stop early - arm64: Run enable method for errata work arounds on late CPUs - arm64: cpufeature: Pass capability structure to ->enable callback - drivers/firmware: Expose psci_get_version through psci_ops structure - arm64: Move post_ttbr_update_workaround to C code - arm64: Add skeleton to harden the branch predictor against aliasing attacks - arm64: Move BP hardening to check_and_switch_context - arm64: KVM: Use per-CPU vector when BP hardening is enabled - arm64: entry: Apply BP hardening for high-priority synchronous exceptions - arm64: entry: Apply BP hardening for suspicious interrupts from EL0 - arm64: cputype: Add missing MIDR values for Cortex-A72 and Cortex-A75 - arm64: Implement branch predictor hardening for affected Cortex-A CPUs - arm64: Implement branch predictor hardening for Falkor - arm64: Branch predictor hardening for Cavium ThunderX2 - arm64: KVM: Increment PC after handling an SMC trap - arm/arm64: KVM: Consolidate the PSCI include files - arm/arm64: KVM: Add PSCI_VERSION helper - arm/arm64: KVM: Add smccc accessors to PSCI code - arm/arm64: KVM: Implement PSCI 1.0 support - arm/arm64: KVM: Advertise SMCCC v1.1 - arm64: KVM: Make PSCI_VERSION a fast path - arm/arm64: KVM: Turn kvm_psci_version into a static inline - arm64: KVM: Report SMCCC_ARCH_WORKAROUND_1 BP hardening support - arm64: KVM: Add SMCCC_ARCH_WORKAROUND_1 fast handling - firmware/psci: Expose PSCI conduit - firmware/psci: Expose SMCCC version through psci_ops - arm/arm64: smccc: Make function identifiers an unsigned quantity - arm/arm64: smccc: Implement SMCCC v1.1 inline primitive - arm64: Add ARM_SMCCC_ARCH_WORKAROUND_1 BP hardening support - arm64: Kill PSCI_GET_VERSION as a variant-2 workaround - [Config] UNMAP_KERNEL_AT_EL0=y && HARDEN_BRANCH_PREDICTOR=y - SAUCE: arm64: __idmap_cpu_set_reserved_ttbr1: fix !ARM64_PA_BITS_52 logic - arm64: Add missing Falkor part number for branch predictor hardening - arm64: mm: fix thinko in non-global page table attribute check * linux-image-4.13.0-26-generic / linux-image-extra-4.13.0-26-generic fail to boot (LP: #1742721) - staging: sm750fb: Fix parameter mistake in poke32 -- Kleber Sacilotto de Souza Wed, 07 Mar 2018 12:20:00 +0100 linux (4.13.0-36.40) artful; urgency=medium * linux: 4.13.0-36.40 -proposed tracker (LP: #1750010) * Rebuild without "CVE-2017-5754 ARM64 KPTI fixes" patch set -- Khalid Elmously Fri, 16 Feb 2018 12:49:24 -0500 linux (4.13.0-35.39) artful; urgency=medium * linux: 4.13.0-35.39 -proposed tracker (LP: #1748743) * CVE-2017-5715 (Spectre v2 Intel) - Revert "UBUNTU: SAUCE: turn off IBPB when full retpoline is present" - SAUCE: turn off IBRS when full retpoline is present - [Packaging] retpoline files must be sorted - [Packaging] pull in retpoline files -- Kleber Sacilotto de Souza Mon, 12 Feb 2018 11:28:27 +0100 # For older changelog entries, run 'apt-get changelog linux-headers-4.13.0-45-generic'