group.of.nepali.translators team mailing list archive
-
group.of.nepali.translators team
-
Mailing list archive
-
Message #31438
[Bug 1812159] Re: q-r-t security test wants SCHED_STACK_END_CHECK to be enabled in KVM kernels
This bug was fixed in the package linux-kvm - 4.4.0-1052.59
---------------
linux-kvm (4.4.0-1052.59) xenial; urgency=medium
* linux-kvm: 4.4.0-1052.59 -proposed tracker (LP: #1834909)
* Xenial update: 4.4.180 upstream stable release (LP: #1830176)
- [Config]: enable CONFIG_SCHED_SMT
* q-r-t security test wants SCHED_STACK_END_CHECK to be enabled in KVM kernels
(LP: #1812159)
- [Config]: enable SCHED_STACK_END_CHECK
[ Ubuntu: 4.4.0-155.182 ]
* linux: 4.4.0-155.182 -proposed tracker (LP: #1834918)
* Geneve tunnels don't work when ipv6 is disabled (LP: #1794232)
- geneve: correctly handle ipv6.disable module parameter
* Kernel modules generated incorrectly when system is localized to a non-
English language (LP: #1828084)
- scripts: override locale from environment when running recordmcount.pl
* Handle overflow in proc_get_long of sysctl (LP: #1833935)
- sysctl: handle overflow in proc_get_long
* Xenial update: 4.4.181 upstream stable release (LP: #1832661)
- x86/speculation/mds: Revert CPU buffer clear on double fault exit
- x86/speculation/mds: Improve CPU buffer clear documentation
- ARM: exynos: Fix a leaked reference by adding missing of_node_put
- crypto: vmx - fix copy-paste error in CTR mode
- crypto: crct10dif-generic - fix use via crypto_shash_digest()
- crypto: x86/crct10dif-pcl - fix use via crypto_shash_digest()
- ALSA: usb-audio: Fix a memory leak bug
- ALSA: hda/hdmi - Consider eld_valid when reporting jack event
- ALSA: hda/realtek - EAPD turn on later
- ASoC: max98090: Fix restore of DAPM Muxes
- ASoC: RT5677-SPI: Disable 16Bit SPI Transfers
- mm/mincore.c: make mincore() more conservative
- ocfs2: fix ocfs2 read inode data panic in ocfs2_iget
- mfd: da9063: Fix OTP control register names to match datasheets for
DA9063/63L
- tty/vt: fix write/write race in ioctl(KDSKBSENT) handler
- ext4: actually request zeroing of inode table after grow
- ext4: fix ext4_show_options for file systems w/o journal
- Btrfs: do not start a transaction at iterate_extent_inodes()
- bcache: fix a race between cache register and cacheset unregister
- bcache: never set KEY_PTRS of journal key to 0 in journal_reclaim()
- ipmi:ssif: compare block number correctly for multi-part return messages
- crypto: gcm - Fix error return code in crypto_gcm_create_common()
- crypto: gcm - fix incompatibility between "gcm" and "gcm_base"
- crypto: chacha20poly1305 - set cra_name correctly
- crypto: salsa20 - don't access already-freed walk.iv
- crypto: arm/aes-neonbs - don't access already-freed walk.iv
- writeback: synchronize sync(2) against cgroup writeback membership switches
- fs/writeback.c: use rcu_barrier() to wait for inflight wb switches going
into workqueue when umount
- ALSA: hda/realtek - Fix for Lenovo B50-70 inverted internal microphone bug
- KVM: x86: Skip EFER vs. guest CPUID checks for host-initiated writes
- net: avoid weird emergency message
- net/mlx4_core: Change the error print to info print
- ppp: deflate: Fix possible crash in deflate_init
- tipc: switch order of device registration to fix a crash
- tipc: fix modprobe tipc failed after switch order of device registration
- stm class: Fix channel free in stm output free path
- md: add mddev->pers to avoid potential NULL pointer dereference
- intel_th: msu: Fix single mode with IOMMU
- of: fix clang -Wunsequenced for be32_to_cpu()
- cifs: fix strcat buffer overflow and reduce raciness in
smb21_set_oplock_level()
- media: ov6650: Fix sensor possibly not detected on probe
- NFS4: Fix v4.0 client state corruption when mount
- clk: tegra: Fix PLLM programming on Tegra124+ when PMC overrides divider
- fuse: fix writepages on 32bit
- fuse: honor RLIMIT_FSIZE in fuse_file_fallocate
- iommu/tegra-smmu: Fix invalid ASID bits on Tegra30/114
- ceph: flush dirty inodes before proceeding with remount
- tracing: Fix partial reading of trace event's id file
- memory: tegra: Fix integer overflow on tick value calculation
- perf intel-pt: Fix instructions sampling rate
- perf intel-pt: Fix improved sample timestamp
- perf intel-pt: Fix sample timestamp wrt non-taken branches
- fbdev: sm712fb: fix brightness control on reboot, don't set SR30
- fbdev: sm712fb: fix VRAM detection, don't set SR70/71/74/75
- fbdev: sm712fb: fix white screen of death on reboot, don't set CR3B-CR3F
- fbdev: sm712fb: fix boot screen glitch when sm712fb replaces VGA
- fbdev: sm712fb: fix crashes during framebuffer writes by correctly mapping
VRAM
- fbdev: sm712fb: fix support for 1024x768-16 mode
- fbdev: sm712fb: use 1024x768 by default on non-MIPS, fix garbled display
- fbdev: sm712fb: fix crashes and garbled display during DPMS modesetting
- PCI: Mark Atheros AR9462 to avoid bus reset
- dm delay: fix a crash when invalid device is specified
- xfrm: policy: Fix out-of-bound array accesses in __xfrm_policy_unlink
- xfrm6_tunnel: Fix potential panic when unloading xfrm6_tunnel module
- vti4: ipip tunnel deregistration fixes.
- xfrm4: Fix uninitialized memory read in _decode_session4
- KVM: arm/arm64: Ensure vcpu target is unset on reset failure
- power: supply: sysfs: prevent endless uevent loop with
CONFIG_POWER_SUPPLY_DEBUG
- ufs: fix braino in ufs_get_inode_gid() for solaris UFS flavour
- perf bench numa: Add define for RUSAGE_THREAD if not present
- Revert "Don't jump to compute_result state from check_result state"
- md/raid: raid5 preserve the writeback action after the parity check
- btrfs: Honour FITRIM range constraints during free space trim
- fbdev: sm712fb: fix memory frequency by avoiding a switch/case fallthrough
- ext4: do not delete unlinked inode from orphan list on failed truncate
- KVM: x86: fix return value for reserved EFER
- bio: fix improper use of smp_mb__before_atomic()
- Revert "scsi: sd: Keep disk read-only when re-reading partition"
- crypto: vmx - CTR: always increment IV as quadword
- gfs2: Fix sign extension bug in gfs2_update_stats
- Btrfs: fix race between ranged fsync and writeback of adjacent ranges
- btrfs: sysfs: don't leak memory when failing add fsid
- fbdev: fix divide error in fb_var_to_videomode
- hugetlb: use same fault hash key for shared and private mappings
- fbdev: fix WARNING in __alloc_pages_nodemask bug
- media: cpia2: Fix use-after-free in cpia2_exit
- media: vivid: use vfree() instead of kfree() for dev->bitmap_cap
- ssb: Fix possible NULL pointer dereference in ssb_host_pcmcia_exit
- at76c50x-usb: Don't register led_trigger if usb_register_driver failed
- perf tools: No need to include bitops.h in util.h
- gfs2: Fix lru_count going negative
- cxgb4: Fix error path in cxgb4_init_module
- mmc: core: Verify SD bus width
- powerpc/boot: Fix missing check of lseek() return value
- ASoC: imx: fix fiq dependencies
- spi: pxa2xx: fix SCR (divisor) calculation
- brcm80211: potential NULL dereference in
brcmf_cfg80211_vndr_cmds_dcmd_handler()
- rtc: 88pm860x: prevent use-after-free on device remove
- w1: fix the resume command API
- dmaengine: pl330: _stop: clear interrupt status
- mac80211/cfg80211: update bss channel on channel switch
- ASoC: fsl_sai: Update is_slave_mode with correct value
- mwifiex: prevent an array overflow
- net: cw1200: fix a NULL pointer dereference
- bcache: return error immediately in bch_journal_replay()
- bcache: fix failure in journal relplay
- bcache: add failure check to run_cache_set() for journal replay
- bcache: avoid clang -Wunintialized warning
- x86/build: Move _etext to actual end of .text
- smpboot: Place the __percpu annotation correctly
- x86/mm: Remove in_nmi() warning from 64-bit implementation of
vmalloc_fault()
- mm/uaccess: Use 'unsigned long' to placate UBSAN warnings on older GCC
versions
- HID: logitech-hidpp: use RAP instead of FAP to get the protocol version
- pinctrl: pistachio: fix leaked of_node references
- dmaengine: at_xdmac: remove BUG_ON macro in tasklet
- media: coda: clear error return value before picture run
- media: ov6650: Move v4l2_clk_get() to ov6650_video_probe() helper
- media: au0828: stop video streaming only when last user stops
- media: ov2659: make S_FMT succeed even if requested format doesn't match
- audit: fix a memory leak bug
- media: au0828: Fix NULL pointer dereference in au0828_analog_stream_enable()
- media: pvrusb2: Prevent a buffer overflow
- powerpc/numa: improve control of topology updates
- sched/core: Check quota and period overflow at usec to nsec conversion
- sched/core: Handle overflow in cpu_shares_write_u64
- USB: core: Don't unbind interfaces following device reset failure
- x86/irq/64: Limit IST stack overflow check to #DB stack
- i40e: don't allow changes to HW VLAN stripping on active port VLANs
- RDMA/cxgb4: Fix null pointer dereference on alloc_skb failure
- hwmon: (vt1211) Use request_muxed_region for Super-IO accesses
- hwmon: (smsc47m1) Use request_muxed_region for Super-IO accesses
- hwmon: (smsc47b397) Use request_muxed_region for Super-IO accesses
- hwmon: (pc87427) Use request_muxed_region for Super-IO accesses
- hwmon: (f71805f) Use request_muxed_region for Super-IO accesses
- scsi: libsas: Do discovery on empty PHY to update PHY info
- mmc_spi: add a status check for spi_sync_locked
- mmc: sdhci-of-esdhc: add erratum eSDHC5 support
- mmc: sdhci-of-esdhc: add erratum eSDHC-A001 and A-008358 support
- PM / core: Propagate dev->power.wakeup_path when no callbacks
- extcon: arizona: Disable mic detect if running when driver is removed
- s390: cio: fix cio_irb declaration
- cpufreq: ppc_cbe: fix possible object reference leak
- cpufreq/pasemi: fix possible object reference leak
- cpufreq: pmac32: fix possible object reference leak
- x86/build: Keep local relocations with ld.lld
- iio: ad_sigma_delta: Properly handle SPI bus locking vs CS assertion
- iio: hmc5843: fix potential NULL pointer dereferences
- iio: common: ssp_sensors: Initialize calculated_time in
ssp_common_process_data
- rtlwifi: fix a potential NULL pointer dereference
- brcmfmac: fix missing checks for kmemdup
- b43: shut up clang -Wuninitialized variable warning
- brcmfmac: convert dev_init_lock mutex to completion
- brcmfmac: fix race during disconnect when USB completion is in progress
- scsi: ufs: Fix regulator load and icc-level configuration
- scsi: ufs: Avoid configuring regulator with undefined voltage range
- arm64: cpu_ops: fix a leaked reference by adding missing of_node_put
- x86/ia32: Fix ia32_restore_sigcontext() AC leak
- chardev: add additional check for minor range overlap
- HID: core: move Usage Page concatenation to Main item
- ASoC: eukrea-tlv320: fix a leaked reference by adding missing of_node_put
- ASoC: fsl_utils: fix a leaked reference by adding missing of_node_put
- cxgb3/l2t: Fix undefined behaviour
- spi: tegra114: reset controller on probe
- media: wl128x: prevent two potential buffer overflows
- virtio_console: initialize vtermno value for ports
- tty: ipwireless: fix missing checks for ioremap
- rcutorture: Fix cleanup path for invalid torture_type strings
- usb: core: Add PM runtime calls to usb_hcd_platform_shutdown
- scsi: qla4xxx: avoid freeing unallocated dma memory
- media: m88ds3103: serialize reset messages in m88ds3103_set_frontend
- media: go7007: avoid clang frame overflow warning with KASAN
- media: saa7146: avoid high stack usage with clang
- scsi: lpfc: Fix SLI3 commands being issued on SLI4 devices
- spi : spi-topcliff-pch: Fix to handle empty DMA buffers
- spi: rspi: Fix sequencer reset during initialization
- spi: Fix zero length xfer bug
- ASoC: davinci-mcasp: Fix clang warning without CONFIG_PM
- ipv6: Consider sk_bound_dev_if when binding a raw socket to an address
- llc: fix skb leak in llc_build_and_send_ui_pkt()
- net-gro: fix use-after-free read in napi_gro_frags()
- net: stmmac: fix reset gpio free missing
- usbnet: fix kernel crash after disconnect
- tipc: Avoid copying bytes beyond the supplied data
- bnxt_en: Fix aggregation buffer leak under OOM condition.
- net: mvpp2: fix bad MVPP2_TXQ_SCHED_TOKEN_CNTR_REG queue value
- crypto: vmx - ghash: do nosimd fallback manually
- xen/pciback: Don't disable PCI_COMMAND on PCI device reset.
- Revert "tipc: fix modprobe tipc failed after switch order of device
registration"
- tipc: fix modprobe tipc failed after switch order of device registration -v2
- sparc64: Fix regression in non-hypervisor TLB flush xcall
- include/linux/bitops.h: sanitize rotate primitives
- xhci: Convert xhci_handshake() to use readl_poll_timeout_atomic()
- usb: xhci: avoid null pointer deref when bos field is NULL
- USB: Fix slab-out-of-bounds write in usb_get_bos_descriptor
- USB: sisusbvga: fix oops in error path of sisusb_probe
- USB: Add LPM quirk for Surface Dock GigE adapter
- USB: rio500: refuse more than one device at a time
- USB: rio500: fix memory leak in close after disconnect
- media: usb: siano: Fix general protection fault in smsusb
- media: usb: siano: Fix false-positive "uninitialized variable" warning
- media: smsusb: better handle optional alignment
- scsi: zfcp: fix missing zfcp_port reference put on -EBUSY from port_remove
- scsi: zfcp: fix to prevent port_remove with pure auto scan LUNs (only sdevs)
- Btrfs: fix race updating log root item during fsync
- ALSA: hda/realtek - Set default power save node to 0
- drm/nouveau/i2c: Disable i2c bus access after ->fini()
- tty: serial: msm_serial: Fix XON/XOFF
- tty: max310x: Fix external crystal register setup
- memcg: make it work on sparse non-0-node systems
- kernel/signal.c: trace_signal_deliver when signal_group_exit
- CIFS: cifs_read_allocate_pages: don't iterate through whole page array on
ENOMEM
- binder: Replace "%p" with "%pK" for stable
- binder: replace "%p" with "%pK"
- brcmfmac: Add length checks on firmware events
- brcmfmac: screening firmware event packet
- brcmfmac: revise handling events in receive path
- brcmfmac: fix incorrect event channel deduction
- brcmfmac: add length checks in scheduled scan result handler
- brcmfmac: add subtype check for event handling in data path
- userfaultfd: don't pin the user memory in userfaultfd_file_create()
- Revert "x86/build: Move _etext to actual end of .text"
- net: cdc_ncm: GetNtbFormat endian fix
- usb: gadget: fix request length error for isoc transfer
- media: uvcvideo: Fix uvc_alloc_entity() allocation alignment
- ethtool: fix potential userspace buffer overflow
- neighbor: Call __ipv4_neigh_lookup_noref in neigh_xmit
- net/mlx4_en: ethtool, Remove unsupported SFP EEPROM high pages query
- net: rds: fix memory leak in rds_ib_flush_mr_pool
- pktgen: do not sleep with the thread lock held.
- rcu: locking and unlocking need to always be at least barriers
- parisc: Use implicit space register selection for loading the coherence
index of I/O pdirs
- fuse: fallocate: fix return with locked inode
- MIPS: pistachio: Build uImage.gz by default
- genwqe: Prevent an integer overflow in the ioctl
- drm/gma500/cdv: Check vbt config bits when detecting lvds panels
- fs: stream_open - opener for stream-like files so that read and write can
run simultaneously without deadlock
- fuse: Add FOPEN_STREAM to use stream_open()
- ipv4: Define __ipv4_neigh_lookup_noref when CONFIG_INET is disabled
- ethtool: check the return value of get_regs_len
- Linux 4.4.181
* CVE-2019-2054
- arm/ptrace: run seccomp after ptrace
* CVE-2018-12126 // CVE-2018-12127 // CVE-2018-12130
- x86/speculation: Remove redundant arch_smt_update() invocation
* Revert x86/vdso linker changes from #1830890 as this causes glibc
2.29-0ubuntu3 FTBFS on eoan (LP: #1834315)
- Revert "x86/vdso: Pass --eh-frame-hdr to the linker"
- Revert "x86: vdso: Use $LD instead of $CC to link"
* [linux-azure] Block Layer Commits Requested in Azure Kernels (LP: #1834499)
- bio_copy_from_iter(): get rid of copying iov_iter
- block: Clear kernel memory before copying to user
- block/bio: Do not zero user pages
* CONFIG_LOG_BUF_SHIFT set to 14 is too low on arm64 (LP: #1824864)
- [Config] CONFIG_LOG_BUF_SHIFT=18 on all 64bit arches
* CVE-2019-11833
- ext4: zero out the unused memory region in the extent tree block
* idle-page oopses when accessing page frames that are out of range
(LP: #1833410)
- mm/page_idle.c: fix oops because end_pfn is larger than max_pfn
* Performance degradation when copying from LVM snapshot backed by NVMe disk
(LP: #1833319)
- NVMe: Allow request merges
* Bluetooth regressions with Xenial kernel 4.4.0-152.179 (LP: #1833698)
- Revert "Bluetooth: Align minimum encryption key size for LE and BR/EDR
connections"
* 4.4.0-145-generic Kernel Panic ip6_expire_frag_queue (LP: #1824687)
- SAUCE: ipv6: frags: fix skb extraction in ip6_expire_frag_queue()
* [Xenial] Customer can not SSH to Linux VM due to "VSC State Unhealthy"
(LP: #1826416)
- vmbus: fix missing signaling in hv_signal_on_read()
* Xenial update: 4.4.180 upstream stable release (LP: #1830176)
- kbuild: simplify ld-option implementation
- KVM: fail KVM_SET_VCPU_EVENTS with invalid exception number
- cifs: do not attempt cifs operation on smb2+ rename error
- MIPS: scall64-o32: Fix indirect syscall number load
- trace: Fix preempt_enable_no_resched() abuse
- sched/numa: Fix a possible divide-by-zero
- ceph: ensure d_name stability in ceph_dentry_hash()
- ceph: fix ci->i_head_snapc leak
- nfsd: Don't release the callback slot unless it was actually held
- sunrpc: don't mark uninitialised items as VALID.
- USB: Add new USB LPM helpers
- USB: Consolidate LPM checks to avoid enabling LPM twice
- powerpc/xmon: Add RFI flush related fields to paca dump
- powerpc/64s: Improve RFI L1-D cache flush fallback
- powerpc/64s: Fix section mismatch warnings from setup_rfi_flush()
- Revert "UBUNTU: SAUCE: powerpc/64s: Add support for a store forwarding
barrier at kernel entry/exit"
- powerpc/64s: Add support for a store forwarding barrier at kernel entry/exit
- powerpc/64s: Add barrier_nospec
- powerpc/64s: Add support for ori barrier_nospec patching
- powerpc/64s: Patch barrier_nospec in modules
- powerpc/64s: Enable barrier_nospec based on firmware settings
- powerpc/64: Use barrier_nospec in syscall entry
- powerpc: Use barrier_nospec in copy_from_user()
- powerpc/64s: Enhance the information in cpu_show_spectre_v1()
- powerpc64s: Show ori31 availability in spectre_v1 sysfs file not v2
- powerpc/64: Disable the speculation barrier from the command line
- powerpc/64: Make stf barrier PPC_BOOK3S_64 specific.
- powerpc/64: Add CONFIG_PPC_BARRIER_NOSPEC
- powerpc/64: Call setup_barrier_nospec() from setup_arch()
- powerpc/64: Make meltdown reporting Book3S 64 specific
- powerpc/fsl: Add barrier_nospec implementation for NXP PowerPC Book3E
- powerpc/asm: Add a patch_site macro & helpers for patching instructions
- powerpc/64s: Add new security feature flags for count cache flush
- powerpc/64s: Add support for software count cache flush
- powerpc/pseries: Query hypervisor for count cache flush settings
- powerpc/powernv: Query firmware for count cache flush settings
- powerpc: Avoid code patching freed init sections
- powerpc/fsl: Add infrastructure to fixup branch predictor flush
- powerpc/fsl: Add macro to flush the branch predictor
- powerpc/fsl: Fix spectre_v2 mitigations reporting
- powerpc/fsl: Add nospectre_v2 command line argument
- powerpc/fsl: Flush the branch predictor at each kernel entry (64bit)
- powerpc/fsl: Update Spectre v2 reporting
- powerpc/security: Fix spectre_v2 reporting
- powerpc/fsl: Fix the flush of branch predictor.
- tipc: handle the err returned from cmd header function
- slip: make slhc_free() silently accept an error pointer
- intel_th: gth: Fix an off-by-one in output unassigning
- fs/proc/proc_sysctl.c: Fix a NULL pointer dereference
- NFS: Forbid setting AF_INET6 to "struct sockaddr_in"->sin_family.
- netfilter: ebtables: CONFIG_COMPAT: drop a bogus WARN_ON
- tipc: check bearer name with right length in tipc_nl_compat_bearer_enable
- tipc: check link name with right length in tipc_nl_compat_link_set
- bpf: reject wrong sized filters earlier
- Revert "block/loop: Use global lock for ioctl() operation."
- ipv4: add sanity checks in ipv4_link_failure()
- team: fix possible recursive locking when add slaves
- net: stmmac: move stmmac_check_ether_addr() to driver probe
- ipv4: set the tcp_min_rtt_wlen range from 0 to one day
- powerpc/fsl: Enable runtime patching if nospectre_v2 boot arg is used
- powerpc/fsl: Flush branch predictor when entering KVM
- powerpc/fsl: Emulate SPRN_BUCSR register
- powerpc/fsl: Flush the branch predictor at each kernel entry (32 bit)
- powerpc/fsl: Sanitize the syscall table for NXP PowerPC 32 bit platforms
- powerpc/fsl: Fixed warning: orphan section `__btb_flush_fixup'
- powerpc/fsl: Add FSL_PPC_BOOK3E as supported arch for nospectre_v2 boot arg
- Documentation: Add nospectre_v1 parameter
- usbnet: ipheth: prevent TX queue timeouts when device not ready
- usbnet: ipheth: fix potential null pointer dereference in ipheth_carrier_set
- qlcnic: Avoid potential NULL pointer dereference
- netfilter: bridge: set skb transport_header before entering
NF_INET_PRE_ROUTING
- sc16is7xx: missing unregister/delete driver on error in sc16is7xx_init()
- usb: gadget: net2280: Fix overrun of OUT messages
- usb: gadget: net2280: Fix net2280_dequeue()
- usb: gadget: net2272: Fix net2272_dequeue()
- ARM: dts: pfla02: increase phy reset duration
- net: ks8851: Dequeue RX packets explicitly
- net: ks8851: Reassert reset pin if chip ID check fails
- net: ks8851: Delay requesting IRQ until opened
- net: ks8851: Set initial carrier state to down
- net: xilinx: fix possible object reference leak
- net: ibm: fix possible object reference leak
- net: ethernet: ti: fix possible object reference leak
- scsi: qla4xxx: fix a potential NULL pointer dereference
- usb: u132-hcd: fix resource leak
- ceph: fix use-after-free on symlink traversal
- scsi: zfcp: reduce flood of fcrscn1 trace records on multi-element RSCN
- libata: fix using DMA buffers on stack
- kconfig/[mn]conf: handle backspace (^H) key
- ALSA: line6: use dynamic buffers
- ipv4: ip_do_fragment: Preserve skb_iif during fragmentation
- ipv6/flowlabel: wait rcu grace period before put_pid()
- ipv6: invert flowlabel sharing check in process and user mode
- bnxt_en: Improve multicast address setup logic.
- packet: validate msg_namelen in send directly
- USB: yurex: Fix protection fault after device removal
- USB: w1 ds2490: Fix bug caused by improper use of altsetting array
- USB: core: Fix unterminated string returned by usb_string()
- USB: core: Fix bug caused by duplicate interface PM usage counter
- HID: debug: fix race condition with between rdesc_show() and device removal
- rtc: sh: Fix invalid alarm warning for non-enabled alarm
- bonding: show full hw address in sysfs for slave entries
- jffs2: fix use-after-free on symlink traversal
- debugfs: fix use-after-free on symlink traversal
- rtc: da9063: set uie_unsupported when relevant
- vfio/pci: use correct format characters
- scsi: storvsc: Fix calculation of sub-channel count
- net: hns: Use NAPI_POLL_WEIGHT for hns driver
- net: hns: Fix WARNING when remove HNS driver with SMMU enabled
- hugetlbfs: fix memory leak for resv_map
- xsysace: Fix error handling in ace_setup
- ARM: orion: don't use using 64-bit DMA masks
- ARM: iop: don't use using 64-bit DMA masks
- usb: usbip: fix isoc packet num validation in get_pipe
- staging: iio: adt7316: allow adt751x to use internal vref for all dacs
- staging: iio: adt7316: fix the dac read calculation
- staging: iio: adt7316: fix the dac write calculation
- Input: snvs_pwrkey - initialize necessary driver data before enabling IRQ
- selinux: never allow relabeling on context mounts
- x86/mce: Improve error message when kernel cannot recover, p2
- media: v4l2: i2c: ov7670: Fix PLL bypass register values
- scsi: libsas: fix a race condition when smp task timeout
- ASoC:soc-pcm:fix a codec fixup issue in TDM case
- ASoC: cs4270: Set auto-increment bit for register writes
- ASoC: tlv320aic32x4: Fix Common Pins
- perf/x86/intel: Fix handling of wakeup_events for multi-entry PEBS
- scsi: csiostor: fix missing data copy in csio_scsi_err_handler()
- iommu/amd: Set exclusion range correctly
- genirq: Prevent use-after-free and work list corruption
- usb: dwc3: Fix default lpm_nyet_threshold value
- scsi: qla2xxx: Fix incorrect region-size setting in optrom SYSFS routines
- Bluetooth: hidp: fix buffer overflow
- Bluetooth: Align minimum encryption key size for LE and BR/EDR connections
- UAS: fix alignment of scatter/gather segments
- ipv6: fix a potential deadlock in do_ipv6_setsockopt()
- ASoC: Intel: avoid Oops if DMA setup fails
- timer/debug: Change /proc/timer_stats from 0644 to 0600
- netfilter: compat: initialize all fields in xt_init
- platform/x86: sony-laptop: Fix unintentional fall-through
- iio: adc: xilinx: fix potential use-after-free on remove
- HID: input: add mapping for Expose/Overview key
- HID: input: add mapping for keyboard Brightness Up/Down/Toggle keys
- libnvdimm/btt: Fix a kmemdup failure check
- s390/dasd: Fix capacity calculation for large volumes
- s390/3270: fix lockdep false positive on view->lock
- KVM: x86: avoid misreporting level-triggered irqs as edge-triggered in
tracing
- tools lib traceevent: Fix missing equality check for strcmp
- init: initialize jump labels before command line option parsing
- ipvs: do not schedule icmp errors from tunnels
- s390: ctcm: fix ctcm_new_device error return code
- gpu: ipu-v3: dp: fix CSC handling
- cw1200: fix missing unlock on error in cw1200_hw_scan()
- Don't jump to compute_result state from check_result state
- x86/microcode/intel: Add a helper which gives the microcode revision
- x86: stop exporting msr-index.h to userland
- x86/microcode/intel: Check microcode revision before updating sibling
threads
- x86/MCE: Save microcode revision in machine check records
- x86/bugs: Add AMD's variant of SSB_NO
- x86/bugs: Add AMD's SPEC_CTRL MSR usage
- x86/bugs: Switch the selection of mitigation from CPU vendor to CPU features
- x86/bugs: Fix the AMD SSBD usage of the SPEC_CTRL MSR
- x86/microcode: Make sure boot_cpu_data.microcode is up-to-date
- x86/microcode: Update the new microcode revision unconditionally
- x86/mm: Use WRITE_ONCE() when setting PTEs
- x86/speculation: Apply IBPB more strictly to avoid cross-process data leak
- x86/speculation: Enable cross-hyperthread spectre v2 STIBP mitigation
- x86/speculation: Propagate information about RSB filling mitigation to sysfs
- x86/speculation: Update the TIF_SSBD comment
- x86/speculation: Clean up spectre_v2_parse_cmdline()
- x86/speculation: Move STIPB/IBPB string conditionals out of
cpu_show_common()
- x86/speculation: Disable STIBP when enhanced IBRS is in use
- x86/speculation: Rename SSBD update functions
- x86/speculation: Reorganize speculation control MSRs update
- x86/Kconfig: Select SCHED_SMT if SMP enabled
- x86/speculation: Mark string arrays const correctly
- x86/speculataion: Mark command line parser data __initdata
- x86/speculation: Add command line control for indirect branch speculation
- x86/speculation: Prepare for per task indirect branch speculation control
- x86/process: Consolidate and simplify switch_to_xtra() code
- x86/speculation: Avoid __switch_to_xtra() calls
- x86/speculation: Prepare for conditional IBPB in switch_mm()
- x86/speculation: Split out TIF update
- x86/speculation: Prepare arch_smt_update() for PRCTL mode
- x86/speculation: Prevent stale SPEC_CTRL msr content
- x86/speculation: Add prctl() control for indirect branch speculation
- x86/speculation: Enable prctl mode for spectre_v2_user
- x86/speculation: Add seccomp Spectre v2 user space protection mode
- x86/speculation: Provide IBPB always command line options
- x86/cpu/bugs: Use __initconst for 'const' init data
- USB: serial: use variable for status
- USB: serial: fix unthrottle races
- bridge: Fix error path for kobject_init_and_add()
- net: ucc_geth - fix Oops when changing number of buffers in the ring
- packet: Fix error path in packet_init
- vlan: disable SIOCSHWTSTAMP in container
- vrf: sit mtu should not be updated when vrf netdev is the link
- ipv4: Fix raw socket lookup for local traffic
- bonding: fix arp_validate toggling in active-backup mode
- drivers/virt/fsl_hypervisor.c: dereferencing error pointers in ioctl
- drivers/virt/fsl_hypervisor.c: prevent integer overflow in ioctl
- powerpc/booke64: set RI in default MSR
- powerpc/lib: fix book3s/32 boot failure due to code patching
- Linux 4.4.180
- SAUCE: Clarify IBRS/IBPB runtime state change messages
- SAUCE: x86/speculation: Move STIBP hunks
- SAUCE: powerpc/speculation: Support 'mitigations=' cmdline option
- SAUCE: x86/speculation: Update 'mitigations=' documentation
- SAUCE: Show 'pti' instead of 'kaiser' in /proc/cpuinfo
- SAUCE: perf/bench: Drop definition of BIT in numa.c
- SAUCE: x86/speculation: Fix SSB command line documentation
* CVE-2018-12126 // CVE-2018-12127 // CVE-2018-12130 // CVE-2019-11091
- SAUCE: Synchronize MDS mitigations with upstream
- Documentation: Correct the possible MDS sysfs values
- x86/speculation/mds: Fix documentation typo
* CVE-2019-11091
- x86/mds: Add MDSUM variant to the MDS documentation
-- Andrea Righi <andrea.righi@xxxxxxxxxxxxx> Thu, 04 Jul 2019 10:47:32
+0200
** Changed in: linux-kvm (Ubuntu Xenial)
Status: Fix Committed => Fix Released
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2019-2054
--
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1812159
Title:
q-r-t security test wants SCHED_STACK_END_CHECK to be enabled in KVM
kernels
Status in ubuntu-kernel-tests:
Fix Released
Status in linux-kvm package in Ubuntu:
Fix Released
Status in linux-kvm source package in Xenial:
Fix Released
Status in linux-kvm source package in Bionic:
Fix Released
Status in linux-kvm source package in Cosmic:
Fix Committed
Status in linux-kvm source package in Disco:
Fix Released
Bug description:
== SRU Justification ==
Security team requires the SCHED_STACK_END_CHECK config to be enabled
on all of our kernel.
The test_380_config_sched_stack_end_check test from q-r-t will fail on
all the KVM kernels.
Copied from the config help text:
This option checks for a stack overrun on calls to schedule(). If the
stack end location is found to be over written always panic as the
content of the corrupted region can no longer be trusted. This is to
ensure no erroneous behaviour occurs which could result in data
corruption or a sporadic crash at a later stage once the region is
examined. The runtime overhead introduced is minimal.
== Test ==
Test kernels could be found here:
https://people.canonical.com/~phlin/kernel/lp-1812159-kvm-sched-check/
This issue case be verified with the test_380_config_sched_stack_end_check test from q-r-t, the test will pass with the patched kernel.
== Regression Potential ==
Low, the introduced runtime overhead is minimal, and it's already enabled in the generic kernel.
== Original Bug report ==
The test_380_config_sched_stack_end_check test failed on the Bionic
KVM kernel
FAIL: test_380_config_sched_stack_end_check (__main__.KernelSecurityConfigTest)
Ensure SCHED_STACK_END_CHECK is set
----------------------------------------------------------------------
Traceback (most recent call last):
File "./test-kernel-security.py", line 2628, in test_380_config_sched_stack_end_check
self.assertKernelConfig('SCHED_STACK_END_CHECK', expected)
File "./test-kernel-security.py", line 207, in assertKernelConfig
self.assertKernelConfigSet(name)
File "./test-kernel-security.py", line 194, in assertKernelConfigSet
'%s option was expected to be set in the kernel config' % name)
AssertionError: SCHED_STACK_END_CHECK option was expected to be set in the kernel config
ProblemType: Bug
DistroRelease: Ubuntu 18.04
Package: linux-image-4.15.0-1028-kvm 4.15.0-1028.28
ProcVersionSignature: User Name 4.15.0-1028.28-kvm 4.15.18
Uname: Linux 4.15.0-1028-kvm x86_64
ApportVersion: 2.20.9-0ubuntu7.5
Architecture: amd64
Date: Thu Jan 17 06:44:41 2019
SourcePackage: linux-kvm
UpgradeStatus: No upgrade log present (probably fresh install)
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu-kernel-tests/+bug/1812159/+subscriptions