← Back to team overview

group.of.nepali.translators team mailing list archive

[Bug 1760650] Re: test_074_config_security_default_mmap_min_addr in kernel security test failed with 4.4/4.15 kvm

 

This bug was fixed in the package linux-kvm - 4.15.0-1006.6

---------------
linux-kvm (4.15.0-1006.6) bionic; urgency=medium

  * linux-kvm: 4.15.0-1006.6 -proposed tracker (LP: #1765498)

  [ Ubuntu: 4.15.0-18.19 ]

  * linux: 4.15.0-18.19 -proposed tracker (LP: #1765490)
  * [regression] Ubuntu 18.04:[4.15.0-17-generic #18] KVM Guest Kernel:
    meltdown: rfi/fallback displacement flush not enabled bydefault (kvm)
    (LP: #1765429)
    - powerpc/pseries: Fix clearing of security feature flags
  * signing: only install a signed kernel (LP: #1764794)
    - [Packaging] update to Debian like control scripts
    - [Packaging] switch to triggers for postinst.d postrm.d handling
    - [Packaging] signing -- switch to raw-signing tarballs
    - [Packaging] signing -- switch to linux-image as signed when available
    - [Config] signing -- enable Opal signing for ppc64el
    - [Packaging] printenv -- add signing options
  * [18.04 FEAT] Sign POWER host/NV kernels (LP: #1696154)
    - [Packaging] signing -- add support for signing Opal kernel binaries
  * Please cherrypick s390 unwind fix (LP: #1765083)
    - s390/compat: fix setup_frame32
  * Ubuntu 18.04 installer does not detect any IPR based HDD/RAID array [S822L]
    [ipr] (LP: #1751813)
    - d-i: move ipr to storage-core-modules on ppc64el
  * drivers/gpu/drm/bridge/adv7511/adv7511.ko missing (LP: #1764816)
    - SAUCE: (no-up) rename the adv7511 drm driver to adv7511_drm
  * Miscellaneous Ubuntu changes
    - [Packaging] Add linux-oem to rebuild test blacklist.

  [ Ubuntu: 4.15.0-17.18 ]

  * linux: 4.15.0-17.18 -proposed tracker (LP: #1764498)
  * Eventual OOM with profile reloads (LP: #1750594)
    - SAUCE: apparmor: fix memory leak when duplicate profile load

linux-kvm (4.15.0-1005.5) bionic; urgency=medium

  * linux-kvm: 4.15.0-1005.5 -proposed tracker (LP: #1763792)

  * test_151_sysctl_disables_bpf_unpriv_userns in kernel security test failed
    with 4.4/4.15 kvm (LP: #1760656)
    - kvm: [config] enable BPF_SYSCALL

  * test_077_config_security_ipsec in kernel security test failed with 4.4/4.15
    kvm (LP: #1760653)
    - kvm: [config] enable ipsec configs

  * test_072_config_strict_devmem in kernel security test failed with 4.4/4.15
    kvm (LP: #1760648) // test_072_strict_devmem in kernel security test failed
    with 4.4/4.15 kvm (LP: #1760649)
    - kvm: [config] enable DEVMEM

  * test_076_config_security_acl_ext4  in kernel security test failed with
    4.4/4.15 kvm (LP: #1760652) // test_160_setattr_CVE_2015_1350 in kernel
    security test failed with 4.4/4.15 kvm (LP: #1760657)
    - kvm: [config] enable POSIX_ACL, XATTR, FS_SECURITY for all filesystems

  * test_074_config_security_default_mmap_min_addr in kernel security test
    failed with 4.4/4.15 kvm (LP: #1760650)
    - kvm: [config] DEFAULT_MMAP_MIN_ADDR=65536

  * linux-kvm 4.15 needs UNWINDER_FRAME_POINTER (LP: #1763107)
    - kvm: [Config] CONFIG_UNWINDER_FRAME_POINTER=y for amd64

  [ Ubuntu: 4.15.0-16.17 ]

  * linux: 4.15.0-16.17 -proposed tracker (LP: #1763785)
  * [18.04] [bug] CFL-S(CNP)/CNL GPIO testing failed (LP: #1757346)
    - [Config]: Set CONFIG_PINCTRL_CANNONLAKE=y
  * [Ubuntu 18.04] USB Type-C test failed on GLK (LP: #1758797)
    - SAUCE: usb: typec: ucsi: Increase command completion timeout value
  * Fix trying to "push" an already active pool VP (LP: #1763386)
    - SAUCE: powerpc/xive: Fix trying to "push" an already active pool VP
  * hisi_sas: Revert and replace SAUCE patches w/ upstream (LP: #1762824)
    - Revert "UBUNTU: SAUCE: scsi: hisi_sas: export device table of v3 hw to
      userspace"
    - Revert "UBUNTU: SAUCE: scsi: hisi_sas: config for hip08 ES"
    - scsi: hisi_sas: modify some register config for hip08
    - scsi: hisi_sas: add v3 hw MODULE_DEVICE_TABLE()
  * Realtek card reader - RTS5243 [VEN_10EC&DEV_5260] (LP: #1737673)
    - misc: rtsx: Move Realtek Card Reader Driver to misc
    - updateconfigs for Realtek Card Reader Driver
    - misc: rtsx: Add support for RTS5260
    - misc: rtsx: Fix symbol clashes
  * Mellanox [mlx5] [bionic] UBSAN: Undefined behaviour in
    ./include/linux/net_dim.h (LP: #1763269)
    - net/mlx5e: Fix int overflow
  * apparmor bug fixes for bionic (LP: #1763427)
    - apparmor: fix logging of the existence test for signals
    - apparmor: make signal label match work when matching stacked labels
    - apparmor: audit unknown signal numbers
    - apparmor: fix memory leak on buffer on error exit path
    - apparmor: fix mediation of prlimit
  * dangling symlinks to loaded apparmor policy (LP: #1755563) // apparmor bug
    fixes for bionic (LP: #1763427)
    - apparmor: fix dangling symlinks to policy rawdata after replacement
  * [OPAL] Assert fail:
    core/mem_region.c:447:lock_held_by_me(&region->free_list_lock)
    (LP: #1762913)
    - powerpc/watchdog: remove arch_trigger_cpumask_backtrace
  * [LTC Test] Ubuntu 18.04: tm_trap_test failed on P8 compat mode guest
    (LP: #1762928)
    - powerpc/tm: Fix endianness flip on trap
  * Add support for RT5660 codec based sound cards on Baytrail (LP: #1657674)
    - SAUCE: (no-up) ASoC: Intel: Support machine driver for RT5660 on Baytrail
    - SAUCE: (no-up) ASoC: rt5660: Add ACPI support
    - SAUCE: (no-up): ASoC: Intel: bytcr-rt5660: Add MCLK, quirks
    - [Config] CONFIG_SND_SOC_INTEL_BYTCR_RT5660_MACH=m, CONFIG_SND_SOC_RT5660=m
  * /dev/ipmi enumeration flaky on Cavium Sabre nodes (LP: #1762812)
    - i2c: xlp9xx: return ENXIO on slave address NACK
    - i2c: xlp9xx: Handle transactions with I2C_M_RECV_LEN properly
    - i2c: xlp9xx: Check for Bus state before every transfer
    - i2c: xlp9xx: Handle NACK on DATA properly
  * [18.04 FEAT] Add kvm_stat from kernel tree (LP: #1734130)
    - tools/kvm_stat: simplify the sortkey function
    - tools/kvm_stat: use a namedtuple for storing the values
    - tools/kvm_stat: use a more pythonic way to iterate over dictionaries
    - tools/kvm_stat: avoid 'is' for equality checks
    - tools/kvm_stat: fix crash when filtering out all non-child trace events
    - tools/kvm_stat: print error on invalid regex
    - tools/kvm_stat: fix debugfs handling
    - tools/kvm_stat: mark private methods as such
    - tools/kvm_stat: eliminate extra guest/pid selection dialog
    - tools/kvm_stat: separate drilldown and fields filtering
    - tools/kvm_stat: group child events indented after parent
    - tools/kvm_stat: print 'Total' line for multiple events only
    - tools/kvm_stat: Fix python3 syntax
    - tools/kvm_stat: Don't use deprecated file()
    - tools/kvm_stat: Remove unused function
    - [Packaging] Add linux-tools-host package for VM host tools
    - [Config] do_tools_host=true for amd64
  * Bionic update to v4.15.17 stable release (LP: #1763366)
    - i40iw: Fix sequence number for the first partial FPDU
    - i40iw: Correct Q1/XF object count equation
    - i40iw: Validate correct IRD/ORD connection parameters
    - clk: meson: mpll: use 64-bit maths in params_from_rate
    - ARM: dts: ls1021a: add "fsl,ls1021a-esdhc" compatible string to esdhc node
    - Bluetooth: Add a new 04ca:3015 QCA_ROME device
    - ipv6: Reinject IPv6 packets if IPsec policy matches after SNAT
    - thermal: power_allocator: fix one race condition issue for thermal_instances
      list
    - perf probe: Find versioned symbols from map
    - perf probe: Add warning message if there is unexpected event name
    - perf evsel: Fix swap for samples with raw data
    - perf evsel: Enable ignore_missing_thread for pid option
    - l2tp: fix missing print session offset info
    - rds; Reset rs->rs_bound_addr in rds_add_bound() failure path
    - ACPI / video: Default lcd_only to true on Win8-ready and newer machines
    - IB/mlx5: Report inner RSS capability
    - VFS: close race between getcwd() and d_move()
    - watchdog: dw_wdt: add stop watchdog operation
    - clk: divider: fix incorrect usage of container_of
    - PM / devfreq: Fix potential NULL pointer dereference in governor_store
    - gpiolib: don't dereference a desc before validation
    - net_sch: red: Fix the new offload indication
    - selftests/net: fix bugs in address and port initialization
    - thermal/drivers/hisi: Remove bogus const from function return type
    - RDMA/cma: Mark end of CMA ID messages
    - hwmon: (ina2xx) Make calibration register value fixed
    - f2fs: fix lock dependency in between dio_rwsem & i_mmap_sem
    - clk: sunxi-ng: a83t: Add M divider to TCON1 clock
    - media: videobuf2-core: don't go out of the buffer range
    - ASoC: Intel: Skylake: Disable clock gating during firmware and library
      download
    - ASoC: Intel: cht_bsw_rt5645: Analog Mic support
    - drm/msm: Fix NULL deref in adreno_load_gpu
    - IB/ipoib: Fix for notify send CQ failure messages
    - spi: sh-msiof: Fix timeout failures for TX-only DMA transfers
    - scsi: mpt3sas: Proper handling of set/clear of "ATA command pending" flag.
    - irqchip/ompic: fix return value check in ompic_of_init()
    - irqchip/gic-v3: Fix the driver probe() fail due to disabled GICC entry
    - ACPI: EC: Fix debugfs_create_*() usage
    - mac80211: Fix setting TX power on monitor interfaces
    - vfb: fix video mode and line_length being set when loaded
    - crypto: crypto4xx - perform aead icv check in the driver
    - gpio: label descriptors using the device name
    - arm64: asid: Do not replace active_asids if already 0
    - powernv-cpufreq: Add helper to extract pstate from PMSR
    - IB/rdmavt: Allocate CQ memory on the correct node
    - blk-mq: avoid to map CPU into stale hw queue
    - blk-mq: fix race between updating nr_hw_queues and switching io sched
    - backlight: tdo24m: Fix the SPI CS between transfers
    - nvme-fabrics: protect against module unload during create_ctrl
    - nvme-fabrics: don't check for non-NULL module in nvmf_register_transport
    - pinctrl: baytrail: Enable glitch filter for GPIOs used as interrupts
    - nvme_fcloop: disassocate local port structs
    - nvme_fcloop: fix abort race condition
    - tpm: return a TPM_RC_COMMAND_CODE response if command is not implemented
    - perf report: Fix a no annotate browser displayed issue
    - staging: lustre: disable preempt while sampling processor id.
    - ASoC: Intel: sst: Fix the return value of 'sst_send_byte_stream_mrfld()'
    - power: supply: axp288_charger: Properly stop work on probe-error / remove
    - rt2x00: do not pause queue unconditionally on error path
    - wl1251: check return from call to wl1251_acx_arp_ip_filter
    - net/mlx5: Fix race for multiple RoCE enable
    - bcache: ret IOERR when read meets metadata error
    - bcache: stop writeback thread after detaching
    - bcache: segregate flash only volume write streams
    - net: Fix netdev_WARN_ONCE macro
    - net/mlx5e: IPoIB, Use correct timestamp in child receive flow
    - blk-mq: fix kernel oops in blk_mq_tag_idle()
    - tty: n_gsm: Allow ADM response in addition to UA for control dlci
    - block, bfq: put async queues for root bfq groups too
    - serdev: Fix serdev_uevent failure on ACPI enumerated serdev-controllers
    - EDAC, mv64x60: Fix an error handling path
    - uio_hv_generic: check that host supports monitor page
    - Bluetooth: hci_bcm: Mandate presence of shutdown and device wake GPIO
    - Bluetooth: hci_bcm: Validate IRQ before using it
    - Bluetooth: hci_bcm: Make shutdown and device wake GPIO optional
    - i40evf: don't rely on netif_running() outside rtnl_lock()
    - drm/amd/powerplay: fix memory leakage when reload (v2)
    - cxgb4vf: Fix SGE FL buffer initialization logic for 64K pages
    - PM / domains: Don't skip driver's ->suspend|resume_noirq() callbacks
    - scsi: megaraid_sas: Error handling for invalid ldcount provided by firmware
      in RAID map
    - scsi: megaraid_sas: unload flag should be set after scsi_remove_host is
      called
    - RDMA/cma: Fix rdma_cm path querying for RoCE
    - gpio: thunderx: fix error return code in thunderx_gpio_probe()
    - x86/gart: Exclude GART aperture from vmcore
    - sdhci: Advertise 2.0v supply on SDIO host controller
    - Input: goodix - disable IRQs while suspended
    - mtd: mtd_oobtest: Handle bitflips during reads
    - crypto: aes-generic - build with -Os on gcc-7+
    - perf tools: Fix copyfile_offset update of output offset
    - tcmu: release blocks for partially setup cmds
    - thermal: int3400_thermal: fix error handling in int3400_thermal_probe()
    - drm/i915/cnp: Ignore VBT request for know invalid DDC pin.
    - drm/i915/cnp: Properly handle VBT ddc pin out of bounds.
    - x86/microcode: Propagate return value from updating functions
    - x86/CPU: Add a microcode loader callback
    - x86/CPU: Check CPU feature bits after microcode upgrade
    - x86/microcode: Get rid of struct apply_microcode_ctx
    - x86/microcode/intel: Check microcode revision before updating sibling
      threads
    - x86/microcode/intel: Writeback and invalidate caches before updating
      microcode
    - x86/microcode: Do not upload microcode if CPUs are offline
    - x86/microcode/intel: Look into the patch cache first
    - x86/microcode: Request microcode on the BSP
    - x86/microcode: Synchronize late microcode loading
    - x86/microcode: Attempt late loading only when new microcode is present
    - x86/microcode: Fix CPU synchronization routine
    - arp: fix arp_filter on l3slave devices
    - ipv6: the entire IPv6 header chain must fit the first fragment
    - lan78xx: Crash in lan78xx_writ_reg (Workqueue: events
      lan78xx_deferred_multicast_write)
    - net: dsa: Discard frames from unused ports
    - net: fix possible out-of-bound read in skb_network_protocol()
    - net/ipv6: Fix route leaking between VRFs
    - net/ipv6: Increment OUTxxx counters after netfilter hook
    - netlink: make sure nladdr has correct size in netlink_connect()
    - net/mlx5e: Verify coalescing parameters in range
    - net sched actions: fix dumping which requires several messages to user space
    - net/sched: fix NULL dereference in the error path of tcf_bpf_init()
    - pptp: remove a buggy dst release in pptp_connect()
    - r8169: fix setting driver_data after register_netdev
    - sctp: do not leak kernel memory to user space
    - sctp: sctp_sockaddr_af must check minimal addr length for AF_INET6
    - vhost: correctly remove wait queue during poll failure
    - vlan: also check phy_driver ts_info for vlan's real device
    - vrf: Fix use after free and double free in vrf_finish_output
    - bonding: fix the err path for dev hwaddr sync in bond_enslave
    - bonding: move dev_mc_sync after master_upper_dev_link in bond_enslave
    - bonding: process the err returned by dev_set_allmulti properly in
      bond_enslave
    - net: fool proof dev_valid_name()
    - ip_tunnel: better validate user provided tunnel names
    - ipv6: sit: better validate user provided tunnel names
    - ip6_gre: better validate user provided tunnel names
    - ip6_tunnel: better validate user provided tunnel names
    - vti6: better validate user provided tunnel names
    - net/mlx5e: Set EQE based as default TX interrupt moderation mode
    - net_sched: fix a missing idr_remove() in u32_delete_key()
    - net/sched: fix NULL dereference in the error path of tcf_vlan_init()
    - net/mlx5e: Avoid using the ipv6 stub in the TC offload neigh update path
    - net/mlx5e: Fix memory usage issues in offloading TC flows
    - net/sched: fix NULL dereference in the error path of tcf_sample_init()
    - nfp: use full 40 bits of the NSP buffer address
    - ipv6: sr: fix seg6 encap performances with TSO enabled
    - net/mlx5e: Don't override vport admin link state in switchdev mode
    - net/mlx5e: Sync netdev vxlan ports at open
    - net/sched: fix NULL dereference in the error path of tunnel_key_init()
    - net/sched: fix NULL dereference on the error path of tcf_skbmod_init()
    - strparser: Fix sign of err codes
    - net/mlx4_en: Fix mixed PFC and Global pause user control requests
    - net/mlx5e: Fix traffic being dropped on VF representor
    - vhost: validate log when IOTLB is enabled
    - route: check sysctl_fib_multipath_use_neigh earlier than hash
    - team: move dev_mc_sync after master_upper_dev_link in team_port_add
    - vhost_net: add missing lock nesting notation
    - net/mlx4_core: Fix memory leak while delete slave's resources
    - Linux 4.15.17
  * sky2 gigabit ethernet driver sometimes stops working after lid-open resume
    from sleep (88E8055) (LP: #1758507) // Bionic update to v4.15.17 stable
    release (LP: #1763366)
    - sky2: Increase D3 delay to sky2 stops working after suspend
  * [Featire] CNL: Enable RAPL support (LP: #1685712)
    - powercap: RAPL: Add support for Cannon Lake
  * System Z {kernel} UBUNTU18.04 wrong kernel config (LP: #1762719)
    - s390: move nobp parameter functions to nospec-branch.c
    - s390: add automatic detection of the spectre defense
    - s390: report spectre mitigation via syslog
    - s390: add sysfs attributes for spectre
    - [Config] CONFIG_EXPOLINE_AUTO=y, CONFIG_KERNEL_NOBP=n for s390
    - s390: correct nospec auto detection init order
  * Merge the linux-snapdragon kernel into bionic master/snapdragon
    (LP: #1763040)
    - drm/msm: fix spelling mistake: "ringubffer" -> "ringbuffer"
    - drm/msm: fix msm_rd_dump_submit prototype
    - drm/msm: gpu: Only sync fences on rings that exist
    - wcn36xx: set default BTLE coexistence config
    - wcn36xx: Add hardware scan offload support
    - wcn36xx: Reduce spinlock in indication handler
    - wcn36xx: fix incorrect assignment to msg_body.min_ch_time
    - wcn36xx: release DMA memory in case of error
    - mailbox: qcom: Convert APCS IPC driver to use regmap
    - mailbox: qcom: Create APCS child device for clock controller
    - clk: qcom: Add A53 PLL support
    - clk: qcom: Add regmap mux-div clocks support
    - clk: qcom: Add APCS clock controller support
    - clk: qcom: msm8916: Fix return value check in qcom_apcs_msm8916_clk_probe()
    - media: venus: venc: set correctly GOP size and number of B-frames
    - media: venus: venc: configure entropy mode
    - media: venus: venc: Apply inloop deblocking filter
    - media: venus: cleanup set_property controls
    - arm64: defconfig: enable REMOTEPROC
    - arm64: defconfig: enable QCOM audio drivers for APQ8016 and DB410c
    - kernel: configs; add distro.config
    - arm64: configs: enable WCN36xx
    - kernel: distro.config: enable debug friendly USB network adpater
    - arm64: configs: enable QCOM Venus
    - arm64: defconfig: Enable a53/apcs and avs
    - arm64: defconfig: enable ondemand governor as default
    - arm64: defconfig: enable QCOM_TSENS
    - arm64: defconfig: enable new trigger modes for leds
    - kernel: configs: enable dm_mod and dm_crypt
    - Force the SMD regulator driver to be compiled-in
    - arm64: defconfig: enable CFG80211_DEFAULT_PS by default
    - arm64: configs: enable BT_QCOMSMD
    - kernel: configs: add more USB net drivers
    - arm64: defconfig: disable ANALOG_TV and DIGITAL_TV
    - arm64: configs: Enable camera drivers
    - kernel: configs: add freq stat to sysfs
    - arm64: defconfig: enable CONFIG_USB_CONFIGFS_F_FS by default
    - arm64: defconfig: Enable QRTR features
    - kernel: configs: set USB_CONFIG_F_FS in distro.config
    - kernel: distro.config: enable 'schedutil' CPUfreq governor
    - kernel: distro.config: enable 'fq' and 'fq_codel' qdiscs
    - kernel: distro.config: enable 'BBR' TCP congestion algorithm
    - arm64: defconfig: enable LEDS_QCOM_LPG
    - HACK: drm/msm/iommu: Remove runtime_put calls in map/unmap
    - power: avs: Add support for CPR (Core Power Reduction)
    - power: avs: cpr: Use raw mem access for qfprom
    - power: avs: cpr: fix with new reg_sequence structures
    - power: avs: cpr: Register with cpufreq-dt
    - regulator: smd: Add floor and corner operations
    - PM / OPP: Support adjusting OPP voltages at runtime
    - PM / OPP: Drop RCU usage in dev_pm_opp_adjust_voltage()
    - PM / OPP: HACK: Allow to set regulator without opp_list
    - PM / OPP: Add a helper to get an opp regulator for device
    - cpufreq: Add apq8016 to cpufreq-dt-platdev blacklist
    - regulator: smd: Allow REGULATOR_QCOM_SMD_RPM=m
    - ov5645: I2C address change
    - i2c: Add Qualcomm Camera Control Interface driver
    - camss: vfe: Skip first four frames from sensor
    - camss: Do not register if no cameras are present
    - i2c-qcom-cci: Fix run queue completion timeout
    - i2c-qcom-cci: Fix I2C address bug
    - media: ov5645: Fix I2C address
    - drm/bridge/adv7511: Delay clearing of HPD interrupt status
    - HACK: drm/msm/adv7511: Don't rely on interrupts for EDID parsing
    - leds: Add driver for Qualcomm LPG
    - wcn36xx: Fix warning due to duplicate scan_completed notification
    - arm64: dts: Add CPR DT node for msm8916
    - arm64: dts: add spmi-regulator nodes
    - arm64: dts: msm8916: Add cpufreq support
    - arm64: dts: msm8916: Add a shared CPU opp table
    - arm64: dts: msm8916: Add cpu cooling maps
    - arm64: dts: pm8916: Mark the s2 regulator as always-on
    - dt-bindings: mailbox: qcom: Document the APCS clock binding
    - arm64: dts: qcom: msm8916: Add msm8916 A53 PLL DT node
    - arm64: dts: qcom: msm8916: Use the new APCS mailbox driver
    - arm64: dts: qcom: msm8916: Add clock properties to the APCS node
    - arm64: dts: qcom: apq8016-sbc: Allow USR4 LED to notify kernel panic
    - dt-bindings: media: Binding document for Qualcomm Camera Control Interface
      driver
    - MAINTAINERS: Add Qualcomm Camera Control Interface driver
    - DT: leds: Add Qualcomm Light Pulse Generator binding
    - arm64: dts: qcom: msm8996: Add mpp and lpg blocks
    - arm64: dts: qcom: Add pwm node for pm8916
    - arm64: dts: qcom: Add user LEDs on db820c
    - arm64: dts: qcom: Add WiFI/BT LEDs on db820c
    - ARM: dts: qcom: Add LPG node to pm8941
    - ARM: dts: qcom: honami: Add LPG node and RGB LED
    - arm64: dts: qcom: Add Camera Control Interface support
    - arm64: dts: qcom: Add apps_iommu vfe child node
    - arm64: dts: qcom: Add camss device node
    - arm64: dts: qcom: Add ov5645 device nodes
    - arm64: dts: msm8916: Fix camera sensors I2C addresses
    - arm: dts: qcom: db410c: Enable PWM signal on MPP4
    - packaging: arm64: add a uboot flavour - part1
    - packaging: arm64: add a uboot flavour - part2
    - packaging: arm64: add a uboot flavour - part3
    - packaging: arm64: add a uboot flavour - part4
    - packaging: arm64: add a uboot flavour - part5
    - packaging: arm64: rename uboot flavour to snapdragon
    - [Config] updateconfigs after qcomlt import
    - [Config] arm64: snapdragon: COMMON_CLK_QCOM=y
    - [Config] arm64: snapdragon: MSM_GCC_8916=y
    - [Config] arm64: snapdragon: REGULATOR_FIXED_VOLTAGE=y
    - [Config] arm64: snapdragon: PINCTRL_MSM8916=y
    - [Config] arm64: snapdragon: HWSPINLOCK_QCOM=y
    - [Config] arm64: snapdragon: SPMI=y, SPMI_MSM_PMIC_ARB=y
    - [Config] arm64: snapdragon: REGMAP_SPMI=y, PINCTRL_QCOM_SPMI_PMIC=y
    - [Config] arm64: snapdragon: REGULATOR_QCOM_SPMI=y
    - [Config] arm64: snapdragon: MFD_SPMI_PMIC=y
    - [Config] arm64: snapdragon: QCOM_SMEM=y
    - [Config] arm64: snapdragon: RPMSG=y, RPMSG_QCOM_SMD=y
    - [Config] arm64: snapdragon: QCOM_SMD_RPM=y, REGULATOR_QCOM_SMD_RPM=y
    - [Config] arm64: snapdragon: QCOM_CLK_SMD_RPM=y
    - [Config] arm64: snapdragon: QCOM_BAM_DMA=y
    - [Config] arm64: snapdragon: QCOM_HIDMA=y, QCOM_HIDMA_MGMT=y
    - [Config] arm64: snapdragon: QCOM_CPR=y
    - [Config] arm64: snapdragon: QCOM_QFPROM=y, QCOM_TSENS=y
    - [Config] arm64: snapdragon: MMC_SDHCI=y, MMC_SDHCI_PLTFM=y, MMC_SDHCI_MSM=y
    - [Config] turn off DRM_MSM_REGISTER_LOGGING
    - [Config] arm64: snapdragon: I2C_QUP=y
    - [Config] arm64: snapdragon: SPI_QUP=y
    - [Config] arm64: snapdragon: USB_ULPI_BUS=y, PHY_QCOM_USB_HS=y
    - [Config] arm64: snapdragon: QCOM_APCS_IPC=y
    - [Config] arm64: snapdragon: QCOM_WCNSS_CTRL=y
    - [Config] arm64: snapdragon: QCOM_SMSM=y
    - [Config] arm64: snapdragon: QCOM_SMP2P=y
    - [Config] arm64: snapdragon: DRM_MSM=y
    - [Config] arm64: snapdragon: SND_SOC=y
    - [Config] arm64: snapdragon: QCOM_WCNSS_PIL=m
    - [Config] arm64: snapdragon: QCOM_A53PLL=y, QCOM_CLK_APCS_MSM8916=y
    - [Config] arm64: snapdragon: INPUT_PM8941_PWRKEY=y
    - [Config] arm64: snapdragon: MEDIA_SUBDRV_AUTOSELECT=y, VIDEO_OV5645=m
    - [Config] arm64: snapdragon: SND_SOC_APQ8016_SBC=y, SND_SOC_LPASS_APQ8016=y
    - [Config] arm64: snapdragon: SND_SOC_MSM8916_WCD_ANALOG=y,
      SND_SOC_MSM8916_WCD_DIGITAL=y
    - SAUCE: media: ov5645: skip address change if dt addr == default addr
    - SAUCE: drm/msm/adv7511: wrap hacks under CONFIG_ADV7511_SNAPDRAGON_HACKS
      #ifdefs
    - [Config] arm64: snapdragon: ADV7511_SNAPDRAGON_HACKS=y
    - packaging: snapdragon: fixup ABI paths
  * LSM stacking patches for bionic (LP: #1763062)
    - SAUCE: LSM stacking: procfs: add smack subdir to attrs
    - SAUCE: LSM stacking: LSM: Manage credential security blobs
    - SAUCE: LSM stacking: LSM: Manage file security blobs
    - SAUCE: LSM stacking: LSM: Manage task security blobs
    - SAUCE: LSM stacking: LSM: Manage remaining security blobs
    - SAUCE: LSM stacking: LSM: General stacking
    - SAUCE: LSM stacking: fixup initialize task->security
    - SAUCE: LSM stacking: fixup: alloc_task_ctx is dead code
    - SAUCE: LSM stacking: add support for stacking getpeersec_stream
    - SAUCE: LSM stacking: add stacking support to apparmor network hooks
    - SAUCE: LSM stacking: fixup apparmor stacking enablement
    - SAUCE: LSM stacking: fixup stacking kconfig
    - SAUCE: LSM stacking: allow selecting multiple LSMs using kernel boot params
    - SAUCE: LSM stacking: provide prctl interface for setting context
    - SAUCE: LSM stacking: inherit current display LSM
    - SAUCE: LSM stacking: keep an index for each registered LSM
    - SAUCE: LSM stacking: verify display LSM
    - SAUCE: LSM stacking: provide a way to specify the default display lsm
    - SAUCE: LSM stacking: make sure LSM blob align on 64 bit boundaries
    - SAUCE: LSM stacking: add /proc/<pid>/attr/display_lsm
    - SAUCE: LSM stacking: add Kconfig to set default display LSM
    - SAUCE: LSM stacking: add configs for LSM stacking
    - SAUCE: LSM stacking: add apparmor and selinux proc dirs
    - SAUCE: LSM stacking: remove procfs context interface
  * linux 4.13.0-13.14 ADT test failure with linux 4.13.0-13.14
    (LP: #1720779) // LSM stacking patches for bionic (LP: #1763062)
    - SAUCE: LSM stacking: check for invalid zero sized writes
  * RDMA/hns: ensure for-loop actually iterates and free's buffers
    (LP: #1762757)
    - RDMA/hns: ensure for-loop actually iterates and free's buffers
  * Support cq/rq record doorbell for RDMA on HSilicon hip08 systems
    (LP: #1762755)
    - RDMA/hns: Fix the endian problem for hns
    - RDMA/hns: Support rq record doorbell for the user space
    - RDMA/hns: Support cq record doorbell for the user space
    - RDMA/hns: Support rq record doorbell for kernel space
    - RDMA/hns: Support cq record doorbell for kernel space
    - RDMA/hns: Fix cqn type and init resp
    - RDMA/hns: Fix init resp when alloc ucontext
    - RDMA/hns: Fix cq record doorbell enable in kernel
  * Replace LPC patchset with upstream version (LP: #1762758)
    - Revert "UBUNTU: SAUCE: MAINTAINERS: Add maintainer for HiSilicon LPC driver"
    - Revert "UBUNTU: SAUCE: HISI LPC: Add ACPI support"
    - Revert "UBUNTU: SAUCE: ACPI / scan: do not enumerate Indirect IO host
      children"
    - Revert "UBUNTU: SAUCE: HISI LPC: Support the LPC host on Hip06/Hip07 with DT
      bindings"
    - Revert "UBUNTU: SAUCE: OF: Add missing I/O range exception for indirect-IO
      devices"
    - Revert "UBUNTU: SAUCE: PCI: Apply the new generic I/O management on PCI IO
      hosts"
    - Revert "UBUNTU: SAUCE: PCI: Add fwnode handler as input param of
      pci_register_io_range()"
    - Revert "UBUNTU: SAUCE: PCI: Remove unused __weak attribute in
      pci_register_io_range()"
    - Revert "UBUNTU: SAUCE: LIB: Introduce a generic PIO mapping method"
    - lib: Add generic PIO mapping method
    - PCI: Remove __weak tag from pci_register_io_range()
    - PCI: Add fwnode handler as input param of pci_register_io_range()
    - PCI: Apply the new generic I/O management on PCI IO hosts
    - of: Add missing I/O range exception for indirect-IO devices
    - HISI LPC: Support the LPC host on Hip06/Hip07 with DT bindings
    - ACPI / scan: Rename acpi_is_serial_bus_slave() for more general use
    - ACPI / scan: Do not enumerate Indirect IO host children
    - HISI LPC: Add ACPI support
    - MAINTAINERS: Add John Garry as maintainer for HiSilicon LPC driver
  * Enable Tunneled Operations on POWER9 (LP: #1762448)
    - powerpc/powernv: Enable tunneled operations
    - cxl: read PHB indications from the device tree
  * PSL traces reset after PERST for debug AFU image (LP: #1762462)
    - cxl: Enable NORST bit in PSL_DEBUG register for PSL9
  * NFS + sec=krb5 is broken (LP: #1759791)
    - sunrpc: remove incorrect HMAC request initialization
  * Raspberry Pi 3 microSD support missing from the installer (LP: #1729128)
    - d-i: add bcm2835 to block-modules
  * Backport USB core quirks (LP: #1762695)
    - usb: core: Add "quirks" parameter for usbcore
    - usb: core: Copy parameter string correctly and remove superfluous null check
    - usb: core: Add USB_QUIRK_DELAY_CTRL_MSG to usbcore quirks
  * [Ubuntu 18.04] cryptsetup: 'device-mapper: reload ioctl on  failed' when
    setting up a second end-to-end encrypted disk (LP: #1762353)
    - SAUCE: s390/crypto: Adjust s390 aes and paes cipher
  * Additional spectre and meltdown patches (LP: #1760099) // CVE-2017-5715
    - powerpc/64s: Wire up cpu_show_spectre_v2()
  * Additional spectre and meltdown patches (LP: #1760099) // CVE-2017-5753
    - powerpc/64s: Wire up cpu_show_spectre_v1()
  * Additional spectre and meltdown patches (LP: #1760099) // CVE-2017-5754
    - powerpc/rfi-flush: Move the logic to avoid a redo into the debugfs code
    - powerpc/rfi-flush: Make it possible to call setup_rfi_flush() again
    - powerpc/rfi-flush: Always enable fallback flush on pseries
    - powerpc/rfi-flush: Differentiate enabled and patched flush types
    - powerpc/rfi-flush: Call setup_rfi_flush() after LPM migration
    - powerpc/64s: Move cpu_show_meltdown()
    - powerpc/64s: Enhance the information in cpu_show_meltdown()
    - powerpc/powernv: Use the security flags in pnv_setup_rfi_flush()
    - powerpc/pseries: Use the security flags in pseries_setup_rfi_flush()
  * Additional spectre and meltdown patches (LP: #1760099) // CVE-2017-5715 //
    CVE-2017-5753 // CVE-2017-5754
    - powerpc/pseries: Add new H_GET_CPU_CHARACTERISTICS flags
    - powerpc: Add security feature flags for Spectre/Meltdown
    - powerpc/pseries: Set or clear security feature flags
    - powerpc/powernv: Set or clear security feature flags
  * Hisilicon network subsystem 3 support (LP: #1761610)
    - net: hns3: export pci table of hclge and hclgevf to userspace
    - d-i: Add hns3 drivers to nic-modules
  * "ip a" command on a guest VM shows UNKNOWN status (LP: #1761534)
    - virtio-net: Fix operstate for virtio when no VIRTIO_NET_F_STATUS
  * perf vendor events arm64: Enable JSON events for ThunderX2 B0 (LP: #1760712)
    - perf vendor events aarch64: Add JSON metrics for ARM Cortex-A53 Processor
    - perf vendor events: Drop incomplete multiple mapfile support
    - perf vendor events: Fix error code in json_events()
    - perf vendor events: Drop support for unused topic directories
    - perf vendor events: Add support for pmu events vendor subdirectory
    - perf vendor events arm64: Relocate ThunderX2 JSON to cavium subdirectory
    - perf vendor events arm64: Relocate Cortex A53 JSONs to arm subdirectory
    - perf vendor events: Add support for arch standard events
    - perf vendor events arm64: Add armv8-recommended.json
    - perf vendor events arm64: Fixup ThunderX2 to use recommended events
    - perf vendor events arm64: fixup A53 to use recommended events
    - perf vendor events arm64: add HiSilicon hip08 JSON file
    - perf vendor events arm64: Enable JSON events for ThunderX2 B0
  * Warning "cache flush timed out!" seen when unloading the cxl driver
    (LP: #1762367)
    - cxl: Check if PSL data-cache is available before issue flush request
  * Bionic update to 4.15.16 stable release (LP: #1762370)
    - ARM: OMAP: Fix SRAM W+X mapping
    - ARM: 8746/1: vfp: Go back to clearing vfp_current_hw_state[]
    - ARM: dts: sun6i: a31s: bpi-m2: improve pmic properties
    - ARM: dts: sun6i: a31s: bpi-m2: add missing regulators
    - mtd: jedec_probe: Fix crash in jedec_read_mfr()
    - mtd: nand: atmel: Fix get_sectorsize() function
    - ALSA: usb-audio: Add native DSD support for TEAC UD-301
    - ALSA: pcm: Use dma_bytes as size parameter in dma_mmap_coherent()
    - ALSA: pcm: potential uninitialized return values
    - x86/platform/uv/BAU: Add APIC idt entry
    - perf/hwbp: Simplify the perf-hwbp code, fix documentation
    - ceph: only dirty ITER_IOVEC pages for direct read
    - ipc/shm.c: add split function to shm_vm_ops
    - i2c: i2c-stm32f7: fix no check on returned setup
    - powerpc/mm: Add tracking of the number of coprocessors using a context
    - powerpc/mm: Workaround Nest MMU bug with TLB invalidations
    - powerpc/64s: Fix i-side SLB miss bad address handler saving nonvolatile GPRs
    - partitions/msdos: Unable to mount UFS 44bsd partitions
    - xfrm_user: uncoditionally validate esn replay attribute struct
    - RDMA/ucma: Check AF family prior resolving address
    - RDMA/ucma: Fix use-after-free access in ucma_close
    - RDMA/ucma: Ensure that CM_ID exists prior to access it
    - RDMA/rdma_cm: Fix use after free race with process_one_req
    - RDMA/ucma: Check that device is connected prior to access it
    - RDMA/ucma: Check that device exists prior to accessing it
    - RDMA/ucma: Introduce safer rdma_addr_size() variants
    - ipv6: fix possible deadlock in rt6_age_examine_exception()
    - net: xfrm: use preempt-safe this_cpu_read() in ipcomp_alloc_tfms()
    - xfrm: Refuse to insert 32 bit userspace socket policies on 64 bit systems
    - percpu: add __GFP_NORETRY semantics to the percpu balancing path
    - netfilter: x_tables: make allocation less aggressive
    - netfilter: bridge: ebt_among: add more missing match size checks
    - l2tp: fix races with ipv4-mapped ipv6 addresses
    - netfilter: drop template ct when conntrack is skipped.
    - netfilter: x_tables: add and use xt_check_proc_name
    - phy: qcom-ufs: add MODULE_LICENSE tag
    - Bluetooth: Fix missing encryption refresh on Security Request
    - drm/i915/dp: Write to SET_POWER dpcd to enable MST hub.
    - bitmap: fix memset optimization on big-endian systems
    - USB: serial: ftdi_sio: add RT Systems VX-8 cable
    - USB: serial: ftdi_sio: add support for Harman FirmwareHubEmulator
    - USB: serial: cp210x: add ELDAT Easywave RX09 id
    - serial: 8250: Add Nuvoton NPCM UART
    - mei: remove dev_err message on an unsupported ioctl
    - /dev/mem: Avoid overwriting "err" in read_mem()
    - media: usbtv: prevent double free in error case
    - parport_pc: Add support for WCH CH382L PCI-E single parallel port card.
    - crypto: lrw - Free rctx->ext with kzfree
    - crypto: talitos - don't persistently map req_ctx->hw_context and
      req_ctx->buf
    - crypto: inside-secure - fix clock management
    - crypto: testmgr - Fix incorrect values in PKCS#1 test vector
    - crypto: talitos - fix IPsec cipher in length
    - crypto: ahash - Fix early termination in hash walk
    - crypto: caam - Fix null dereference at error path
    - crypto: ccp - return an actual key size from RSA max_size callback
    - crypto: arm,arm64 - Fix random regeneration of S_shipped
    - crypto: x86/cast5-avx - fix ECB encryption when long sg follows short one
    - Btrfs: fix unexpected cow in run_delalloc_nocow
    - staging: comedi: ni_mio_common: ack ai fifo error interrupts.
    - Revert "base: arch_topology: fix section mismatch build warnings"
    - Input: ALPS - fix TrackStick detection on Thinkpad L570 and Latitude 7370
    - Input: i8042 - add Lenovo ThinkPad L460 to i8042 reset list
    - Input: i8042 - enable MUX on Sony VAIO VGN-CS series to fix touchpad
    - vt: change SGR 21 to follow the standards
    - ARM: dts: DRA76-EVM: Set powerhold property for tps65917
    - net: hns: Fix ethtool private flags
    - Fix slab name "biovec-(1<<(21-12))"
    - Revert "ARM: dts: am335x-pepper: Fix the audio CODEC's reset pin"
    - Revert "ARM: dts: omap3-n900: Fix the audio CODEC's reset pin"
    - Revert "cpufreq: Fix governor module removal race"
    - Revert "ip6_vti: adjust vti mtu according to mtu of lower device"
    - Linux 4.15.16
  * [18.04][config] regression: nvme and nvme_core couldn't be built as modules
    starting 4.15-rc2 (LP: #1759893)
    - SAUCE: Revert "lightnvm: include NVM Express driver if OCSSD is selected for
      build"
    - [Config] CONFIG_BLK_DEV_NMVE=m
  * Miscellaneous Ubuntu changes
    - [Packaging] Only install cloud init files when do_tools_common=true

 -- Thadeu Lima de Souza Cascardo <cascardo@xxxxxxxxxxxxx>  Fri, 20 Apr
2018 12:16:40 -0300

** Changed in: linux-kvm (Ubuntu Bionic)
       Status: Fix Committed => Fix Released

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2017-5715

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2017-5753

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2017-5754

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1760650

Title:
  test_074_config_security_default_mmap_min_addr in kernel security test
  failed with 4.4/4.15 kvm

Status in QA Regression Testing:
  Invalid
Status in linux-kvm package in Ubuntu:
  Fix Released
Status in linux-kvm source package in Xenial:
  Fix Committed
Status in linux-kvm source package in Bionic:
  Fix Released

Bug description:
    FAIL: test_074_config_security_default_mmap_min_addr (__main__.KernelSecurityTest)
    CONFIG_DEFAULT_MMAP_MIN_ADDR
    ----------------------------------------------------------------------
    Traceback (most recent call last):
      File "./test-kernel-security.py", line 832, in test_074_config_security_default_mmap_min_addr
        self.assertEqual(self._get_config(config), expected)
    AssertionError: '4096' != '65536'

  Steps to reproduce:
    Deploy the node with Xenial 4.4 kernel, install linux-kvm
    sudo apt-get install python-minimal
    git clone --depth=1 git://kernel.ubuntu.com/ubuntu/autotest-client-tests -b master-next
    git clone --depth=1 git://kernel.ubuntu.com/ubuntu/autotest
    rm -fr autotest/client/tests
    ln -sf ~/autotest-client-tests autotest/client/tests
    AUTOTEST_PATH=/home/ubuntu/autotest sudo -E autotest/client/autotest-local --verbose autotest/client/tests/ubuntu_qrt_kernel_security/control

  ProblemType: Bug
  DistroRelease: Ubuntu 16.04
  Package: linux-image-4.4.0-1019-kvm 4.4.0-1019.24
  ProcVersionSignature: User Name 4.4.0-1019.24-kvm 4.4.98
  Uname: Linux 4.4.0-1019-kvm x86_64
  NonfreeKernelModules: signpost
  ApportVersion: 2.20.1-0ubuntu2.15
  Architecture: amd64
  Date: Mon Apr  2 17:13:02 2018
  ProcEnviron:
   TERM=xterm-256color
   PATH=(custom, no user)
   XDG_RUNTIME_DIR=<set>
   LANG=en_US.UTF-8
   SHELL=/bin/bash
  SourcePackage: linux-kvm
  UpgradeStatus: No upgrade log present (probably fresh install)

To manage notifications about this bug go to:
https://bugs.launchpad.net/qa-regression-testing/+bug/1760650/+subscriptions