+linux (4.13.0-44.49) UNRELEASED; urgency=medium
+
+ CHANGELOG: Do not edit directly. Autogenerated at release.
+ CHANGELOG: Use the printchanges target to see the curent changes.
+ CHANGELOG: Use the insertchanges target to create the final log.
+
+ -- Stefan Bader <stefan.bader@canonical.com> Wed, 23 May 2018 09:06:26 +0200
+
+linux (4.13.0-43.48) artful; urgency=medium
+
+ * CVE-2018-3639 (powerpc)
+ - SAUCE: rfi-flush: update H_CPU_* macro names to upstream
+ - SAUCE: rfi-flush: update plpar_get_cpu_characteristics() signature to
+ upstream
+ - SAUCE: update pseries_setup_rfi_flush() capitalization to upstream
+ - powerpc/pseries: Support firmware disable of RFI flush
+ - powerpc/powernv: Support firmware disable of RFI flush
+ - powerpc/64s: Allow control of RFI flush via debugfs
+ - powerpc/rfi-flush: Move the logic to avoid a redo into the debugfs code
+ - powerpc/rfi-flush: Always enable fallback flush on pseries
+ - powerpc/rfi-flush: Differentiate enabled and patched flush types
+ - powerpc/pseries: Add new H_GET_CPU_CHARACTERISTICS flags
+ - powerpc: Add security feature flags for Spectre/Meltdown
+ - powerpc/powernv: Set or clear security feature flags
+ - powerpc/pseries: Set or clear security feature flags
+ - powerpc/powernv: Use the security flags in pnv_setup_rfi_flush()
+ - powerpc/pseries: Use the security flags in pseries_setup_rfi_flush()
+ - powerpc/pseries: Fix clearing of security feature flags
+ - powerpc: Move default security feature flags
+ - powerpc/pseries: Restore default security feature flags on setup
+ - powerpc/64s: Add support for a store forwarding barrier at kernel entry/exit
+
+ * CVE-2018-3639 (x86)
+ - SAUCE: Add X86_FEATURE_ARCH_CAPABILITIES
+ - SAUCE: x86: Add alternative_msr_write
+ - x86/nospec: Simplify alternative_msr_write()
+ - x86/pti: Do not enable PTI on CPUs which are not vulnerable to Meltdown
+ - x86/bugs: Concentrate bug detection into a separate function
+ - x86/bugs: Concentrate bug reporting into a separate function
+ - x86/msr: Add definitions for new speculation control MSRs
+ - x86/bugs: Read SPEC_CTRL MSR during boot and re-use reserved bits
+ - x86/bugs, KVM: Support the combination of guest and host IBRS
+ - x86/bugs: Expose /sys/../spec_store_bypass
+ - x86/cpufeatures: Add X86_FEATURE_RDS
+ - x86/bugs: Provide boot parameters for the spec_store_bypass_disable
+ mitigation
+ - x86/bugs/intel: Set proper CPU features and setup RDS
+ - x86/bugs: Whitelist allowed SPEC_CTRL MSR values
+ - x86/bugs/AMD: Add support to disable RDS on Fam[15,16,17]h if requested
+ - x86/KVM/VMX: Expose SPEC_CTRL Bit(2) to the guest
+ - x86/speculation: Create spec-ctrl.h to avoid include hell
+ - prctl: Add speculation control prctls
+ - x86/process: Allow runtime control of Speculative Store Bypass
+ - x86/speculation: Add prctl for Speculative Store Bypass mitigation
+ - nospec: Allow getting/setting on non-current task
+ - proc: Provide details on speculation flaw mitigations
+ - seccomp: Enable speculation flaw mitigations
+ - SAUCE: x86/bugs: Honour SPEC_CTRL default
+ - x86/bugs: Make boot modes __ro_after_init
+ - prctl: Add force disable speculation
+ - seccomp: Use PR_SPEC_FORCE_DISABLE
+ - seccomp: Add filter flag to opt-out of SSB mitigation
+ - seccomp: Move speculation migitation control to arch code
+ - x86/speculation: Make "seccomp" the default mode for Speculative Store
+ Bypass
+ - x86/bugs: Rename _RDS to _SSBD
+ - proc: Use underscores for SSBD in 'status'
+ - Documentation/spec_ctrl: Do some minor cleanups
+ - x86/bugs: Fix __ssb_select_mitigation() return type
+ - x86/bugs: Make cpu_show_common() static
+
+ * LSM Stacking prctl values should be redefined as to not collide with
+ upstream prctls (LP: #1769263) // CVE-2018-3639
+ - SAUCE: LSM stacking: adjust prctl values
+
+ -- Stefan Bader <stefan.bader@canonical.com> Tue, 15 May 2018 07:39:26 +0200
+
+linux (4.13.0-42.47) artful; urgency=medium
+
+ * linux: 4.13.0-42.47 -proposed tracker (LP: #1769993)
+
+ * arm64: fix CONFIG_DEBUG_WX address reporting (LP: #1765850)
+ - arm64: fix CONFIG_DEBUG_WX address reporting
+
+ * HiSilicon HNS NIC names are truncated in /proc/interrupts (LP: #1765977)
+ - net: hns: Avoid action name truncation
+
+ * CVE-2017-18208
+ - mm/madvise.c: fix madvise() infinite loop under special circumstances
+
+ * CVE-2018-8822
+ - staging: ncpfs: memory corruption in ncp_read_kernel()
+
+ * CVE-2017-18203
+ - dm: fix race between dm_get_from_kobject() and __dm_destroy()
+
+ * CVE-2017-17449
+ - netlink: Add netns check on taps
+
+ * CVE-2017-17975
+ - media: usbtv: prevent double free in error case
+
+ * [8086:3e92] display becomes blank after S3 (LP: #1763271)
+ - drm/i915/edp: Allow alternate fixed mode for eDP if available.
+ - drm/i915/dp: rename intel_dp_is_edp to intel_dp_is_port_edp
+ - drm/i915/dp: make is_edp non-static and rename to intel_dp_is_edp
+ - drm/i915/edp: Do not do link training fallback or prune modes on EDP
+
+ * sky2 gigabit ethernet driver sometimes stops working after lid-open resume
+ from sleep (88E8055) (LP: #1758507)
+ - sky2: Increase D3 delay to sky2 stops working after suspend
+
+ * perf vendor events arm64: Enable JSON events for ThunderX2 B0 (LP: #1760712)
+ - perf vendor events arm64: Enable JSON events for ThunderX2 B0
+
+ * No network with e1000e driver on 4.13.0-38-generic (LP: #1762693)
+ - e1000e: Fix e1000_check_for_copper_link_ich8lan return value.
+
+ * /dev/ipmi enumeration flaky on Cavium Sabre nodes (LP: #1762812)
+ - i2c: xlp9xx: return ENXIO on slave address NACK
+ - i2c: xlp9xx: Handle transactions with I2C_M_RECV_LEN properly
+ - i2c: xlp9xx: Check for Bus state before every transfer
+ - i2c: xlp9xx: Handle NACK on DATA properly
+
+ * "ip a" command on a guest VM shows UNKNOWN status (LP: #1761534)
+ - virtio-net: Fix operstate for virtio when no VIRTIO_NET_F_STATUS
+
+ * fix regression in mm/hotplug, allows NVIDIA driver to work (LP: #1761104)
+ - SAUCE: Fix revert "mm, memory_hotplug: do not associate hotadded memory to
+ zones until online"
+
+ * ibrs/ibpb fixes result in excessive kernel logging (LP: #1755627)
+ - SAUCE: remove ibrs_dump sysctl interface
+
+ -- Kleber Sacilotto de Souza <kleber.souza@canonical.com> Mon, 07 May 2018 15:06:58 +0200
+
+linux (4.13.0-41.46) artful; urgency=medium
+
+ * CVE-2018-8897
+ - x86/entry/64: Don't use IST entry for #BP stack
+
+ * CVE-2018-1087
+ - kvm/x86: fix icebp instruction handling
+
+ * CVE-2018-1000199
+ - perf/hwbp: Simplify the perf-hwbp code, fix documentation
+
+ -- Kleber Sacilotto de Souza <kleber.souza@canonical.com> Wed, 02 May 2018 11:58:49 +0200
+
+linux (4.13.0-39.44) artful; urgency=medium
+
+ * linux: 4.13.0-39.44 -proposed tracker (LP: #1761456)
+
+ * intel-microcode 3.20180312.0 causes lockup at login screen(w/ linux-
+ image-4.13.0-37-generic) (LP: #1759920) // CVE-2017-5715 (Spectre v2
+ Intel) // CVE-2017-5754
+ - x86/mm: Reinitialize TLB state on hotplug and resume
+
+ * intel-microcode 3.20180312.0 causes lockup at login screen(w/ linux-
+ image-4.13.0-37-generic) (LP: #1759920) // CVE-2017-5715 (Spectre v2 Intel)
+ - Revert "x86/mm: Only set IBPB when the new thread cannot ptrace current
+ thread"
+ - x86/speculation: Use Indirect Branch Prediction Barrier in context switch
+
+ * DKMS driver builds fail with: Cannot use CONFIG_STACK_VALIDATION=y, please
+ install libelf-dev, libelf-devel or elfutils-libelf-devel (LP: #1760876)
+ - [Packaging] include the retpoline extractor in the headers
+
+ * retpoline hints: primary infrastructure and initial hints (LP: #1758856)
+ - [Packaging] retpoline-extract: flag *0xNNN(%reg) branches
+ - x86/speculation, objtool: Annotate indirect calls/jumps for objtool
+ - x86/speculation, objtool: Annotate indirect calls/jumps for objtool on 32bit
+ - x86/paravirt, objtool: Annotate indirect calls
+ - [Packaging] retpoline -- add safe usage hint support
+ - [Packaging] retpoline-check -- only report additions
+ - [Packaging] retpoline -- widen indirect call/jmp detection
+ - [Packaging] retpoline -- elide %rip relative indirections
+ - [Packaging] retpoline -- clear hint information from packages
+ - KVM: x86: Make indirect calls in emulator speculation safe
+ - KVM: VMX: Make indirect call speculation safe
+ - x86/boot, objtool: Annotate indirect jump in secondary_startup_64()
+ - SAUCE: early/late -- annotate indirect calls in early/late initialisation
+ code
+ - SAUCE: vga_set_mode -- avoid jump tables
+ - [Config] retpoline -- switch to new format
+ - [Packaging] retpoline hints -- handle missing files when RETPOLINE not
+ enabled
+ - [Packaging] final-checks -- remove check for empty retpoline files
+
+ * retpoline: ignore %cs:0xNNN constant indirections (LP: #1752655)
+ - [Packaging] retpoline -- elide %cs:0xNNNN constants on i386
+
+ * zfs system process hung on container stop/delete (LP: #1754584)
+ - SAUCE: Fix non-prefaulted page deadlock (LP: #1754584)
+
+ * zfs-linux 0.6.5.11-1ubuntu5 ADT test failure with linux 4.15.0-1.2
+ (LP: #1737761)
+ - SAUCE: (noup) Update zfs to 0.6.5.11-1ubuntu3.2
+
+ * AT_BASE_PLATFORM in AUXV is absent on kernels available on Ubuntu 17.10
+ (LP: #1759312)
+ - powerpc/64s: Fix NULL AT_BASE_PLATFORM when using DT CPU features
+
+ * btrfs and tar sparse truncate archives (LP: #1757565)
+ - Btrfs: move definition of the function btrfs_find_new_delalloc_bytes
+ - Btrfs: fix reported number of inode blocks after buffered append writes
+
+ * efifb broken on ThunderX-based Gigabyte nodes (LP: #1758375)
+ - drivers/fbdev/efifb: Allow BAR to be moved instead of claiming it
+
+ * Intel i40e PF reset due to incorrect MDD detection (continues...)
+ (LP: #1723127)
+ - i40e/i40evf: Account for frags split over multiple descriptors in check
+ linearize
+
+ * Fix an issue that when system in S3, USB keyboard can't wake up the system.
+ (LP: #1759511)
+ - ACPI / PM: Allow deeper wakeup power states with no _SxD nor _SxW
+
+ * [8086:3e92] display becomes blank after S3 (LP: #1759188)
+ - drm/i915: Apply Display WA #1183 on skl, kbl, and cfl
+
+ * add audio kernel patches for Raven (LP: #1758364)
+ - ALSA: hda: Add Raven PCI ID
+ - ALSA: hda/realtek - Fix ALC700 family no sound issue
+
+ * Cpu utilization showing system time for kvm guests (performance) (sysstat)
+ (LP: #1755979)
+ - KVM: PPC: Book3S HV: Fix guest time accounting with VIRT_CPU_ACCOUNTING_GEN
+
+ * Kernel panic on a nfsroot system (LP: #1734327)
+ - Revert "UBUNTU: SAUCE: LSM stacking: add stacking support to apparmor
+ network hooks"
+ - Revert "UBUNTU: SAUCE: LSM stacking: LSM: Infrastructure management of the
+ remaining blobs"
+
+ * can't record sound via front headset port on the Dell Precision 3630
+ (LP: #1759088)
+ - ALSA: hda/realtek - Fix Dell headset Mic can't record
+
+ * speaker can't output sound anymore after system resumes from S3 on a lenovo
+ machine with alc257 (LP: #1758829)
+ - ALSA: hda/realtek - Fix speaker no sound after system resume
+
+ * hda driver initialization takes too much time on the machine with coffeelake
+ audio controller [8086:a348] (LP: #1758800)
+ - ALSA: hda - Force polling mode on CFL for fixing codec communication
+
+ * Let headset-mode initialization be called on Dell Precision 3930
+ (LP: #1757584)
+ - ALSA: hda/realtek - Add headset mode support for Dell laptop
+
+ * ubuntu_zram_smoke test will cause soft lockup on Artful ThunderX ARM64
+ (LP: #1755073)
+ - SAUCE: crypto: thunderx_zip: Fix fallout from CONFIG_VMAP_STACK
+
+ * [Hyper-V] include kvp fix for Avoid reading past allocated blocks from KVP
+ file (LP: #1750349)
+ - hv: kvp: Avoid reading past allocated blocks from KVP file
+
+ * IMA policy parsing is broken in 4.13 (LP: #1755804)
+ - ima/policy: fix parsing of fsuuid
+
+ * external mic not work on Dell OptiPlex 7460 AIO (LP: #1755954)
+ - ALSA: hda/realtek - Add headset mode support for Dell laptop
+
+ * sbsa watchdog crashes thunderx2 system (LP: #1755595)
+ - watchdog: sbsa: use 32-bit read for WCV
+
+ * CVE-2018-8043
+ - net: phy: mdio-bcm-unimac: fix potential NULL dereference in
+ unimac_mdio_probe()
+
+ -- Stefan Bader <stefan.bader@canonical.com> Thu, 05 Apr 2018 14:47:00 +0200
+
+linux (4.13.0-38.43) artful; urgency=medium
+
+ * linux: 4.13.0-38.43 -proposed tracker (LP: #1755762)
+
+ * Servers going OOM after updating kernel from 4.10 to 4.13 (LP: #1748408)
+ - i40e: Fix memory leak related filter programming status
+ - i40e: Add programming descriptors to cleaned_count
+
+ * [SRU] Lenovo E41 Mic mute hotkey is not responding (LP: #1753347)
+ - platform/x86: ideapad-laptop: Increase timeout to wait for EC answer
+
+ * fails to dump with latest kpti fixes (LP: #1750021)
+ - kdump: write correct address of mem_section into vmcoreinfo
+
+ * headset mic can't be detected on two Dell machines (LP: #1748807)
+ - ALSA: hda/realtek - Support headset mode for ALC215/ALC285/ALC289
+ - ALSA: hda - Fix headset mic detection problem for two Dell machines
+ - ALSA: hda - Fix a wrong FIXUP for alc289 on Dell machines
+
+ * CIFS SMB2/SMB3 does not work for domain based DFS (LP: #1747572)
+ - CIFS: make IPC a regular tcon
+ - CIFS: use tcon_ipc instead of use_ipc parameter of SMB2_ioctl
+ - CIFS: dump IPC tcon in debug proc file
+
+ * i2c-thunderx: erroneous error message "unhandled state: 0" (LP: #1754076)
+ - i2c: octeon: Prevent error message on bus error
+
+ * hisi_sas: Add disk LED support (LP: #1752695)
+ - scsi: hisi_sas: directly attached disk LED feature for v2 hw
+
+ * EDAC, sb_edac: Backport 1 patch to Ubuntu 17.10 (Fix missing DIMM sysfs
+ entries with KNL SNC2/SNC4 mode) (LP: #1743856)
+ - EDAC, sb_edac: Fix missing DIMM sysfs entries with KNL SNC2/SNC4 mode
+
+ * [regression] Colour banding and artefacts appear system-wide on an Asus
+ Zenbook UX303LA with Intel HD 4400 graphics (LP: #1749420)
+ - drm/edid: Add 6 bpc quirk for CPT panel in Asus UX303LA
+
+ * DVB Card with SAA7146 chipset not working (LP: #1742316)
+ - vmalloc: fix __GFP_HIGHMEM usage for vmalloc_32 on 32b systems
+
+ * [Asus UX360UA] battery status in unity-panel is not changing when battery is
+ being charged (LP: #1661876) // AC adapter status not detected on Asus
+ ZenBook UX410UAK (LP: #1745032)
+ - ACPI / battery: Add quirk for Asus UX360UA and UX410UAK
+
+ * ASUS UX305LA - Battery state not detected correctly (LP: #1482390)
+ - ACPI / battery: Add quirk for Asus GL502VSK and UX305LA
+
+ * support thunderx2 vendor pmu events (LP: #1747523)
+ - perf pmu: Extract function to get JSON alias map
+ - perf pmu: Pass pmu as a parameter to get_cpuid_str()
+ - perf tools arm64: Add support for get_cpuid_str function.
+ - perf pmu: Add helper function is_pmu_core to detect PMU CORE devices
+ - perf vendor events arm64: Add ThunderX2 implementation defined pmu core
+ events
+ - perf pmu: Add check for valid cpuid in perf_pmu__find_map()
+
+ * lpfc.ko module doesn't work (LP: #1746970)
+ - scsi: lpfc: Fix loop mode target discovery
+
+ * Ubuntu 17.10 crashes on vmalloc.c (LP: #1739498)
+ - powerpc/mm/book3s64: Make KERN_IO_START a variable
+ - powerpc/mm/slb: Move comment next to the code it's referring to
+ - powerpc/mm/hash64: Make vmalloc 56T on hash
+
+ * ethtool -p fails to light NIC LED on HiSilicon D05 systems (LP: #1748567)
+ - net: hns: add ACPI mode support for ethtool -p
+
+ * CVE-2017-17807
+ - KEYS: add missing permission check for request_key() destination
+
+ * [Artful SRU] Fix capsule update regression (LP: #1746019)
+ - efi/capsule-loader: Reinstate virtual capsule mapping
+
+ * [Artful/Bionic] [Config] enable EDAC_GHES for ARM64 (LP: #1747746)
+ - Ubuntu: [Config] enable EDAC_GHES for ARM64
+
+ * linux-tools: perf incorrectly linking libbfd (LP: #1748922)
+ - SAUCE: tools -- add ability to disable libbfd
+ - [Packaging] correct disablement of libbfd
+
+ * Cherry pick c96f5471ce7d for delayacct fix (LP: #1747769)
+ - delayacct: Account blkio completion on the correct task
+
+ * Error in CPU frequency reporting when nominal and min pstates are same
+ (cpufreq) (LP: #1746174)
+ - cpufreq: powernv: Dont assume distinct pstate values for nominal and pmin
+
+ * retpoline abi files are empty on i386 (LP: #1751021)
+ - [Packaging] retpoline-extract -- instantiate retpoline files for i386
+ - [Packaging] final-checks -- sanity checking ABI contents
+ - [Packaging] final-checks -- check for empty retpoline files
+
+ * [P9,Power NV][WSP][Ubuntu 1804] : "Kernel access of bad area " when grouping
+ different pmu events using perf fuzzer . (perf:) (LP: #1746225)
+ - powerpc/perf: Fix oops when grouping different pmu events
+
+ * bnx2x_attn_int_deasserted3:4323 MC assert! (LP: #1715519) //
+ CVE-2018-1000026
+ - net: create skb_gso_validate_mac_len()
+ - bnx2x: disable GSO where gso_size is too big for hardware
+
+ * Ubuntu16.04.03: ISAv3 initialize MMU registers before setting partition
+ table (LP: #1736145)
+ - powerpc/64s: Initialize ISAv3 MMU registers before setting partition table
+
+ * powerpc/powernv: Flush console before platform error reboot (LP: #1735159)
+ - powerpc/powernv: Flush console before platform error reboot
+
+ * Touchpad stops working after a few seconds in Lenovo ideapad 320
+ (LP: #1732056)
+ - pinctrl/amd: fix masking of GPIO interrupts
+
+ * [Artful][Wyse 3040] System hang when trying to enable an offlined CPU core
+ (LP: #1736393)
+ - SAUCE: drm/i915:Don't set chip specific data
+ - SAUCE: drm/i915: make previous commit affects Wyse 3040 only
+
+ * ppc64el: Do not call ibm,os-term on panic (LP: #1736954)
+ - powerpc: Do not call ppc_md.panic in fadump panic notifier
+
+ * Artful update to 4.13.16 stable release (LP: #1744213)
+ - tcp_nv: fix division by zero in tcpnv_acked()
+ - net: vrf: correct FRA_L3MDEV encode type
+ - tcp: do not mangle skb->cb[] in tcp_make_synack()
+ - net: systemport: Correct IPG length settings
+ - netfilter/ipvs: clear ipvs_property flag when SKB net namespace changed
+ - l2tp: don't use l2tp_tunnel_find() in l2tp_ip and l2tp_ip6
+ - bonding: discard lowest hash bit for 802.3ad layer3+4
+ - net: cdc_ether: fix divide by 0 on bad descriptors
+ - net: qmi_wwan: fix divide by 0 on bad descriptors
+ - qmi_wwan: Add missing skb_reset_mac_header-call
+ - net: usb: asix: fill null-ptr-deref in asix_suspend
+ - tcp: gso: avoid refcount_t warning from tcp_gso_segment()
+ - tcp: fix tcp_fastretrans_alert warning
+ - vlan: fix a use-after-free in vlan_device_event()
+ - net/mlx5: Cancel health poll before sending panic teardown command
+ - net/mlx5e: Set page to null in case dma mapping fails
+ - af_netlink: ensure that NLMSG_DONE never fails in dumps
+ - vxlan: fix the issue that neigh proxy blocks all icmpv6 packets
+ - net: cdc_ncm: GetNtbFormat endian fix
+ - fealnx: Fix building error on MIPS
+ - net/sctp: Always set scope_id in sctp_inet6_skb_msgname
+ - ima: do not update security.ima if appraisal status is not INTEGRITY_PASS
+ - serial: omap: Fix EFR write on RTS deassertion
+ - serial: 8250_fintek: Fix finding base_port with activated SuperIO
+ - tpm-dev-common: Reject too short writes
+ - rcu: Fix up pending cbs check in rcu_prepare_for_idle
+ - ocfs2: fix cluster hang after a node dies
+ - ocfs2: should wait dio before inode lock in ocfs2_setattr()
+ - ipmi: fix unsigned long underflow
+ - mm/page_alloc.c: broken deferred calculation
+ - mm/page_ext.c: check if page_ext is not prepared
+ - x86/cpu/amd: Derive L3 shared_cpu_map from cpu_llc_shared_mask
+ - coda: fix 'kernel memory exposure attempt' in fsync
+ - Linux 4.13.16
+
+ * Artful update to 4.13.15 stable release (LP: #1744212)
+ - media: imon: Fix null-ptr-deref in imon_probe
+ - media: dib0700: fix invalid dvb_detach argument
+ - crypto: dh - Fix double free of ctx->p
+ - crypto: dh - Don't permit 'p' to be 0
+ - crypto: dh - Don't permit 'key' or 'g' size longer than 'p'
+ - USB: early: Use new USB product ID and strings for DbC device
+ - USB: usbfs: compute urb->actual_length for isochronous
+ - USB: Add delay-init quirk for Corsair K70 LUX keyboards
+ - usb: gadget: f_fs: Fix use-after-free in ffs_free_inst
+ - USB: serial: metro-usb: stop I/O after failed open
+ - USB: serial: Change DbC debug device binding ID
+ - USB: serial: qcserial: add pid/vid for Sierra Wireless EM7355 fw update
+ - USB: serial: garmin_gps: fix I/O after failed probe and remove
+ - USB: serial: garmin_gps: fix memory leak on probe errors
+ - x86/MCE/AMD: Always give panic severity for UC errors in kernel context
+ - platform/x86: peaq-wmi: Add DMI check before binding to the WMI interface
+ - platform/x86: peaq_wmi: Fix missing terminating entry for peaq_dmi_table
+ - HID: cp2112: add HIDRAW dependency
+ - HID: wacom: generic: Recognize WACOM_HID_WD_PEN as a type of pen collection
+ - staging: wilc1000: Fix bssid buffer offset in Txq
+ - staging: ccree: fix 64 bit scatter/gather DMA ops
+ - staging: greybus: spilib: fix use-after-free after deregistration
+ - staging: vboxvideo: Fix reporting invalid suggested-offset-properties
+ - staging: rtl8188eu: Revert 4 commits breaking ARP
+ - Linux 4.13.15
+
+ * time drifting on linux-hwe kernels (LP: #1744988)
+ - x86/tsc: Future-proof native_calibrate_tsc()
+ - x86/tsc: Fix erroneous TSC rate on Skylake Xeon
+ - x86/tsc: Print tsc_khz, when it differs from cpu_khz
+
+ * Please backport vmd suspend/resume patches to 16.04 hwe (LP: #1745508)
+ - PCI: vmd: Free up IRQs on suspend path
+
+ * CVE-2017-17448
+ - netfilter: nfnetlink_cthelper: Add missing permission checks
+
+ * Dell XPS 13 9360 bluetooth (Atheros) won't connect after resume
+ (LP: #1744712)
+ - Bluetooth: btusb: Restore QCA Rome suspend/resume fix with a "rewritten"
+ version
+
+ * [SRU] TrackPoint: middle button doesn't work on TrackPoint-compatible
+ device. (LP: #1746002)
+ - Input: trackpoint - force 3 buttons if 0 button is reported
+
+ * TB16 dock ethernet corrupts data with hw checksum silently failing
+ (LP: #1729674)
+ - r8152: disable RX aggregation on Dell TB16 dock
+
+ * [Artful] Realtek ALC225: 2 secs noise when a headset plugged in
+ (LP: #1744058)
+ - Revert "UBUNTU: SAUCE: ALSA: hda/realtek - Add support headset mode for DELL
+ WYSE"
+ - SAUCE: ALSA: hda/realtek - Add support headset mode for DELL WYSE
+ - ALSA: hda/realtek - update ALC225 depop optimize
+
+ * [A] skb leak in vhost_net / tun / tap (LP: #1738975)
+ - vhost: fix skb leak in handle_rx()
+ - tap: free skb if flags error
+ - tun: free skb in early errors
+
+ * Commit d9018976cdb6 missing in Kernels <4.14.x preventing lasting fix of
+ Intel SPI bug on certain serial flash (LP: #1742696)
+ - mfd: lpc_ich: Do not touch SPI-NOR write protection bit on Haswell/Broadwell
+ - spi-nor: intel-spi: Fix broken software sequencing codes
+
+ * CVE-2018-5332
+ - RDS: Heap OOB write in rds_message_alloc_sgs()
+
+ * [A] KVM Windows BSOD on 4.13.x (LP: #1738972)
+ - KVM: x86: fix APIC page invalidation
+
+ * elantech touchpad of Lenovo L480/580 failed to detect hw_version
+ (LP: #1733605)
+ - Input: elantech - add new icbody type 15
+
+ * [SRU] External HDMI monitor failed to show screen on Lenovo X1 series
+ (LP: #1738523)
+ - SAUCE: drm/i915: Disable writing of TMDS_OE on Lenovo ThinkPad X1 series
+
+ * ubuntu/xr-usb-serial didn't get built in zesty and artful (LP: #1733281)
+ - SAUCE: make sure ubuntu/xr-usb-serial builds for x86
+
+ * Disabling zfs does not always disable module checks for the zfs modules
+ (LP: #1737176)
+ - [Packaging] disable zfs module checks when zfs is disabled
+
+ * CVE-2017-17806
+ - crypto: hmac - require that the underlying hash algorithm is unkeyed
+
+ * CVE-2017-17805
+ - crypto: salsa20 - fix blkcipher_walk API usage
+
+ * CVE-2017-16994
+ - mm/pagewalk.c: report holes in hugetlb ranges
+
+ * CVE-2017-17450
+ - netfilter: xt_osf: Add missing permission checks
+
+ * apparmor profile load in stacked policy container fails (LP: #1746463)
+ - SAUCE: apparmor: fix display of .ns_name for containers
+
+ * CVE-2017-15129
+ - net: Fix double free and memory corruption in get_net_ns_by_id()
+
+ * CVE-2018-5344
+ - loop: fix concurrent lo_open/lo_release
+
+ * CVE-2017-1000407
+ - KVM: VMX: remove I/O port 0x80 bypass on Intel hosts
+
+ * CVE-2017-0861
+ - ALSA: pcm: prevent UAF in snd_pcm_info
+
+ * perf stat segfaults on uncore events w/o -a (LP: #1745246)
+ - perf xyarray: Save max_x, max_y
+ - perf evsel: Fix buffer overflow while freeing events
+
+ * Support cppc-cpufreq driver on ThunderX2 systems (LP: #1745007)
+ - mailbox: PCC: Move the MAX_PCC_SUBSPACES definition to header file
+ - ACPI / CPPC: Make CPPC ACPI driver aware of PCC subspace IDs
+ - ACPI / CPPC: Fix KASAN global out of bounds warning
+ - ACPI: CPPC: remove initial assignment of pcc_ss_data
+
+ * P-state not working in kernel 4.13 (LP: #1743269)
+ - x86 / CPU: Avoid unnecessary IPIs in arch_freq_get_on_cpu()
+ - x86 / CPU: Always show current CPU frequency in /proc/cpuinfo
+
+ * Regression: KVM no longer supports Intel CPUs without Virtual NMI
+ (LP: #1741655)
+ - kvm: vmx: Reinstate support for CPUs without virtual NMI
+
+ * System hang with Linux kernel due to mainline commit 24247aeeabe
+ (LP: #1733662)
+ - x86/intel_rdt/cqm: Prevent use after free
+
+ * $(LOCAL_ENV_CC) and $(LOCAL_ENV_DISTCC_HOSTS) should be properly quoted
+ (LP: #1744077)
+ - [Debian] pass LOCAL_ENV_CC and LOCAL_ENV_DISTCC_HOSTS properly
+
+ * the wifi driver is always hard blocked on a lenovo laptop (LP: #1743672)
+ - ACPI: EC: Fix possible issues related to EC initialization order
+
+ * text VTs are unavailable on desktop after upgrade to Ubuntu 17.10
+ (LP: #1724911)
+ - drm/i915/fbdev: Always forward hotplug events
+
+ * Samsung SSD 960 EVO 500GB refused to change power state (LP: #1705748)
+ - nvme-pci: disable APST on Samsung SSD 960 EVO + ASUS PRIME B350M-A
+
+ * [0cf3:e010] QCA6174A XR failed to pair with bt 4.0 device (LP: #1741166)
+ - Bluetooth: btusb: Add support for 0cf3:e010
+
+ * CVE-2017-17741
+ - KVM: Fix stack-out-of-bounds read in write_mmio
+
+ * CVE-2018-5333
+ - RDS: null pointer dereference in rds_atomic_free_op
+
+ * [800 G3 SFF] [800 G3 DM]External microphone of headset(3-ring) is working,
+ 2-ring mic not working, both not shown in sound settings (LP: #1740974)
+ - ALSA: hda - Add MIC_NO_PRESENCE fixup for 2 HP machines
+
+ * Two front mics can't work on a lenovo machine (LP: #1740973)
+ - ALSA: hda - change the location for one mic on a Lenovo machine
+
+ * No external microphone be detected via headset jack on a dell machine
+ (LP: #1740972)
+ - ALSA: hda - fix headset mic detection issue on a Dell machine
+
+ * Can't detect external headset via line-out jack on some Dell machines
+ (LP: #1740971)
+ - ALSA: hda/realtek - Fix Dell AIO LineOut issue
+
+ * Support realtek new codec alc257 in the alsa hda driver (LP: #1738911)
+ - ALSA: hda/realtek - New codec support for ALC257
+
+ * Add support for 16g huge pages on Ubuntu 16.04.2 PowerNV (LP: #1706247)
+ - powerpc/mm/hugetlb: Allow runtime allocation of 16G.
+ - powerpc/mm/hugetlb: Add support for reserving gigantic huge pages via kernel
+ command line
+ - mm/hugetlb: Allow arch to override and call the weak function
+
+ * the kernel is blackholing IPv6 packets to linkdown nexthops (LP: #1738219)
+ - ipv6: Do not consider linkdown nexthops during multipath
+
+ * e1000e in 4.4.0-97-generic breaks 82574L under heavy load. (LP: #1730550)
+ - e1000e: Avoid receiver overrun interrupt bursts
+ - e1000e: Separate signaling for link check/link up
+
+ * Ubuntu 17.10: Include patch "crypto: vmx - Use skcipher for ctr fallback"
+ (LP: #1732978)
+ - crypto: vmx - Use skcipher for ctr fallback
+
+ * QCA Rome bluetooth can not wakeup after USB runtime suspended.
+ (LP: #1737890)
+ - Bluetooth: btusb: driver to enable the usb-wakeup feature
+
+ * /dev/bcache/by-uuid links not created after reboot (LP: #1729145)
+ - SAUCE: (no-up) bcache: decouple emitting a cached_dev CHANGE uevent
+
+ * Some VMs fail to reboot with "watchdog: BUG: soft lockup - CPU#0 stuck for
+ 22s! [systemd:1]" (LP: #1730717)
+ - SAUCE: exec: fix lockup because retry loop may never exit
+
+ * Request to backport cxlflash patches to 16.04 HWE Kernel (LP: #1730515)
+ - scsi: cxlflash: Use derived maximum write same length
+ - scsi: cxlflash: Allow cards without WWPN VPD to configure
+ - scsi: cxlflash: Derive pid through accessors
+
+ * vagrant artful64 box filesystem too small (LP: #1726818)
+ - block: factor out __blkdev_issue_zero_pages()
+ - block: cope with WRITE ZEROES failing in blkdev_issue_zeroout()
+
+ * Artful update to 4.13.14 stable release (LP: #1744121)
+ - ppp: fix race in ppp device destruction
+ - gso: fix payload length when gso_size is zero
+ - ipv4: Fix traffic triggered IPsec connections.
+ - ipv6: Fix traffic triggered IPsec connections.
+ - netlink: do not set cb_running if dump's start() errs
+ - net: call cgroup_sk_alloc() earlier in sk_clone_lock()
+ - macsec: fix memory leaks when skb_to_sgvec fails
+ - l2tp: check ps->sock before running pppol2tp_session_ioctl()
+ - netlink: fix netlink_ack() extack race
+ - sctp: add the missing sock_owned_by_user check in sctp_icmp_redirect
+ - tcp/dccp: fix ireq->opt races
+ - packet: avoid panic in packet_getsockopt()
+ - geneve: Fix function matching VNI and tunnel ID on big-endian
+ - net: bridge: fix returning of vlan range op errors
+ - soreuseport: fix initialization race
+ - ipv6: flowlabel: do not leave opt->tot_len with garbage
+ - sctp: full support for ipv6 ip_nonlocal_bind & IP_FREEBIND
+ - tcp/dccp: fix lockdep splat in inet_csk_route_req()
+ - tcp/dccp: fix other lockdep splats accessing ireq_opt
+ - net: dsa: check master device before put
+ - net/unix: don't show information about sockets from other namespaces
+ - tap: double-free in error path in tap_open()
+ - net/mlx5: Fix health work queue spin lock to IRQ safe
+ - net/mlx5e: Properly deal with encap flows add/del under neigh update
+ - ipip: only increase err_count for some certain type icmp in ipip_err
+ - ip6_gre: only increase err_count for some certain type icmpv6 in ip6gre_err
+ - ip6_gre: update dst pmtu if dev mtu has been updated by toobig in
+ __gre6_xmit
+ - tcp: refresh tp timestamp before tcp_mtu_probe()
+ - tap: reference to KVA of an unloaded module causes kernel panic
+ - sctp: reset owner sk for data chunks on out queues when migrating a sock
+ - net_sched: avoid matching qdisc with zero handle
+ - l2tp: hold tunnel in pppol2tp_connect()
+ - ipv6: addrconf: increment ifp refcount before ipv6_del_addr()
+ - tcp: fix tcp_mtu_probe() vs highest_sack
+ - mac80211: accept key reinstall without changing anything
+ - mac80211: use constant time comparison with keys
+ - mac80211: don't compare TKIP TX MIC key in reinstall prevention
+ - usb: usbtest: fix NULL pointer dereference
+ - Input: ims-psu - check if CDC union descriptor is sane
+ - EDAC, sb_edac: Don't create a second memory controller if HA1 is not present
+ - dmaengine: dmatest: warn user when dma test times out
+ - Linux 4.13.14
+
+ -- Stefan Bader <stefan.bader@canonical.com> Wed, 14 Mar 2018 11:38:23 +0100
+
+linux (4.13.0-37.42) artful; urgency=medium
+
+ * linux: 4.13.0-37.42 -proposed tracker (LP: #1751798)
+
+ * CVE-2017-5715 // CVE-2017-5753 // CVE-2017-5754
+ - arm64: Add ASM_BUG()
+ - arm64: consistently use bl for C exception entry
+ - arm64: move non-entry code out of .entry.text
+ - arm64: unwind: avoid percpu indirection for irq stack
+ - arm64: unwind: disregard frame.sp when validating frame pointer
+ - arm64: mm: Fix set_memory_valid() declaration
+ - arm64: Convert __inval_cache_range() to area-based
+ - arm64: Expose DC CVAP to userspace
+ - arm64: Handle trapped DC CVAP
+ - arm64: Implement pmem API support
+ - arm64: uaccess: Implement *_flushcache variants
+ - arm64/vdso: Support mremap() for vDSO
+ - arm64: unwind: reference pt_regs via embedded stack frame
+ - arm64: unwind: remove sp from struct stackframe
+ - arm64: uaccess: Add the uaccess_flushcache.c file
+ - arm64: fix pmem interface definition
+ - arm64: compat: Remove leftover variable declaration
+ - fork: allow arch-override of VMAP stack alignment
+ - arm64: kernel: remove {THREAD,IRQ_STACK}_START_SP
+ - arm64: factor out PAGE_* and CONT_* definitions
+ - arm64: clean up THREAD_* definitions
+ - arm64: clean up irq stack definitions
+ - arm64: move SEGMENT_ALIGN to <asm/memory.h>
+ - efi/arm64: add EFI_KIMG_ALIGN
+ - arm64: factor out entry stack manipulation
+ - arm64: assembler: allow adr_this_cpu to use the stack pointer
+ - arm64: use an irq stack pointer
+ - arm64: add basic VMAP_STACK support
+ - arm64: add on_accessible_stack()
+ - arm64: add VMAP_STACK overflow detection
+ - arm64: Convert pte handling from inline asm to using (cmp)xchg
+ - kvm: arm64: Convert kvm_set_s2pte_readonly() from inline asm to cmpxchg()
+ - arm64: Move PTE_RDONLY bit handling out of set_pte_at()
+ - arm64: Ignore hardware dirty bit updates in ptep_set_wrprotect()
+ - arm64: Remove the !CONFIG_ARM64_HW_AFDBM alternative code paths
+ - arm64: introduce separated bits for mm_context_t flags
+ - arm64: cleanup {COMPAT_,}SET_PERSONALITY() macro
+ - KVM: arm/arm64: Fix guest external abort matching
+ - KVM: arm/arm64: vgic: constify seq_operations and file_operations
+ - KVM: arm/arm64: vITS: Drop its_ite->lpi field
+ - KVM: arm/arm64: Extract GICv3 max APRn index calculation
+ - KVM: arm/arm64: Support uaccess of GICC_APRn
+ - arm64: Use larger stacks when KASAN is selected
+ - arm64: Define cputype macros for Falkor CPU
+ - arm64: SW PAN: Point saved ttbr0 at the zero page when switching to init_mm
+ - arm64: SW PAN: Update saved ttbr0 value on enter_lazy_tlb
+ - x86/syscalls: Check address limit on user-mode return
+ - arm/syscalls: Check address limit on user-mode return
+ - arm64/syscalls: Check address limit on user-mode return
+ - Revert "arm/syscalls: Check address limit on user-mode return"
+ - syscalls: Use CHECK_DATA_CORRUPTION for addr_limit_user_check
+ - arm/syscalls: Optimize address limit check
+ - arm64/syscalls: Move address limit check in loop
+ - futex: Remove duplicated code and fix undefined behaviour
+ - arm64: KVM: Fix SMCCC handling of unimplemented SMC/HVC calls
+ - arm64: syscallno is secretly an int, make it official
+ - arm64: move TASK_* definitions to <asm/processor.h>
+ - arm64: mm: Use non-global mappings for kernel space
+ - arm64: mm: Temporarily disable ARM64_SW_TTBR0_PAN
+ - arm64: mm: Move ASID from TTBR0 to TTBR1
+ - arm64: mm: Remove pre_ttbr0_update_workaround for Falkor erratum #E1003
+ - arm64: mm: Rename post_ttbr0_update_workaround
+ - arm64: mm: Fix and re-enable ARM64_SW_TTBR0_PAN
+ - arm64: mm: Allocate ASIDs in pairs
+ - arm64: mm: Add arm64_kernel_unmapped_at_el0 helper
+ - arm64: mm: Invalidate both kernel and user ASIDs when performing TLBI
+ - arm64: entry: Add exception trampoline page for exceptions from EL0
+ - arm64: mm: Map entry trampoline into trampoline and kernel page tables
+ - arm64: entry: Explicitly pass exception level to kernel_ventry macro
+ - arm64: entry: Hook up entry trampoline to exception vectors
+ - arm64: erratum: Work around Falkor erratum #E1003 in trampoline code
+ - arm64: cpu_errata: Add Kryo to Falkor 1003 errata
+ - arm64: tls: Avoid unconditional zeroing of tpidrro_el0 for native tasks
+ - arm64: entry: Add fake CPU feature for unmapping the kernel at EL0
+ - arm64: kaslr: Put kernel vectors address in separate data page
+ - arm64: use RET instruction for exiting the trampoline
+ - arm64: Kconfig: Add CONFIG_UNMAP_KERNEL_AT_EL0
+ - arm64: Kconfig: Reword UNMAP_KERNEL_AT_EL0 kconfig entry
+ - arm64: Take into account ID_AA64PFR0_EL1.CSV3
+ - arm64: capabilities: Handle duplicate entries for a capability
+ - arm64: mm: Introduce TTBR_ASID_MASK for getting at the ASID in the TTBR
+ - arm64: kpti: Fix the interaction between ASID switching and software PAN
+ - arm64: cputype: Add MIDR values for Cavium ThunderX2 CPUs
+ - arm64: Turn on KPTI only on CPUs that need it
+ - arm64: kpti: Make use of nG dependent on arm64_kernel_unmapped_at_el0()
+ - arm64: mm: Permit transitioning from Global to Non-Global without BBM
+ - arm64: kpti: Add ->enable callback to remap swapper using nG mappings
+ - arm64: Force KPTI to be disabled on Cavium ThunderX
+ - arm64: entry: Reword comment about post_ttbr_update_workaround
+ - arm64: idmap: Use "awx" flags for .idmap.text .pushsection directives
+ - arm64: barrier: Add CSDB macros to control data-value prediction
+ - arm64: Implement array_index_mask_nospec()
+ - arm64: Make USER_DS an inclusive limit
+ - arm64: Use pointer masking to limit uaccess speculation
+ - arm64: entry: Ensure branch through syscall table is bounded under
+ speculation
+ - arm64: uaccess: Prevent speculative use of the current addr_limit
+ - arm64: uaccess: Don't bother eliding access_ok checks in __{get, put}_user
+ - arm64: uaccess: Mask __user pointers for __arch_{clear, copy_*}_user
+ - arm64: futex: Mask __user pointers prior to dereference
+ - arm64: cpufeature: __this_cpu_has_cap() shouldn't stop early
+ - arm64: Run enable method for errata work arounds on late CPUs
+ - arm64: cpufeature: Pass capability structure to ->enable callback
+ - drivers/firmware: Expose psci_get_version through psci_ops structure
+ - arm64: Move post_ttbr_update_workaround to C code
+ - arm64: Add skeleton to harden the branch predictor against aliasing attacks
+ - arm64: Move BP hardening to check_and_switch_context
+ - arm64: KVM: Use per-CPU vector when BP hardening is enabled
+ - arm64: entry: Apply BP hardening for high-priority synchronous exceptions
+ - arm64: entry: Apply BP hardening for suspicious interrupts from EL0
+ - arm64: cputype: Add missing MIDR values for Cortex-A72 and Cortex-A75
+ - arm64: Implement branch predictor hardening for affected Cortex-A CPUs
+ - arm64: Implement branch predictor hardening for Falkor
+ - arm64: Branch predictor hardening for Cavium ThunderX2
+ - arm64: KVM: Increment PC after handling an SMC trap
+ - arm/arm64: KVM: Consolidate the PSCI include files
+ - arm/arm64: KVM: Add PSCI_VERSION helper
+ - arm/arm64: KVM: Add smccc accessors to PSCI code
+ - arm/arm64: KVM: Implement PSCI 1.0 support
+ - arm/arm64: KVM: Advertise SMCCC v1.1
+ - arm64: KVM: Make PSCI_VERSION a fast path
+ - arm/arm64: KVM: Turn kvm_psci_version into a static inline
+ - arm64: KVM: Report SMCCC_ARCH_WORKAROUND_1 BP hardening support
+ - arm64: KVM: Add SMCCC_ARCH_WORKAROUND_1 fast handling
+ - firmware/psci: Expose PSCI conduit
+ - firmware/psci: Expose SMCCC version through psci_ops
+ - arm/arm64: smccc: Make function identifiers an unsigned quantity
+ - arm/arm64: smccc: Implement SMCCC v1.1 inline primitive
+ - arm64: Add ARM_SMCCC_ARCH_WORKAROUND_1 BP hardening support
+ - arm64: Kill PSCI_GET_VERSION as a variant-2 workaround
+ - [Config] UNMAP_KERNEL_AT_EL0=y && HARDEN_BRANCH_PREDICTOR=y
+ - SAUCE: arm64: __idmap_cpu_set_reserved_ttbr1: fix !ARM64_PA_BITS_52 logic
+ - arm64: Add missing Falkor part number for branch predictor hardening
+ - arm64: mm: fix thinko in non-global page table attribute check
+
+ * linux-image-4.13.0-26-generic / linux-image-extra-4.13.0-26-generic fail to
+ boot (LP: #1742721)
+ - staging: sm750fb: Fix parameter mistake in poke32
+
+ -- Kleber Sacilotto de Souza <kleber.souza@canonical.com> Wed, 07 Mar 2018 12:20:00 +0100
+
+linux (4.13.0-36.40) artful; urgency=medium
+
+ * linux: 4.13.0-36.40 -proposed tracker (LP: #1750010)
+
+ * Rebuild without "CVE-2017-5754 ARM64 KPTI fixes" patch set
+
+ -- Khalid Elmously <khalid.elmously@canonical.com> Fri, 16 Feb 2018 12:49:24 -0500
+
+linux (4.13.0-35.39) artful; urgency=medium
+
+ * linux: 4.13.0-35.39 -proposed tracker (LP: #1748743)
+
+ * CVE-2017-5715 (Spectre v2 Intel)
+ - Revert "UBUNTU: SAUCE: turn off IBPB when full retpoline is present"
+ - SAUCE: turn off IBRS when full retpoline is present
+ - [Packaging] retpoline files must be sorted
+ - [Packaging] pull in retpoline files
+
+ -- Kleber Sacilotto de Souza <kleber.souza@canonical.com> Mon, 12 Feb 2018 11:28:27 +0100
+
+linux (4.13.0-34.37) artful; urgency=medium
+
+ * linux: 4.13.0-34.37 -proposed tracker (LP: #1748475)
+
+ * libata: apply MAX_SEC_1024 to all LITEON EP1 series devices (LP: #1743053)
+ - libata: apply MAX_SEC_1024 to all LITEON EP1 series devices
+
+ * KVM patches for s390x to provide facility bits 81 (ppa15) and 82 (bpb)
+ (LP: #1747090)
+ - KVM: s390: wire up bpb feature
+
+ * artful 4.13 i386 kernels crash after memory hotplug remove (LP: #1747069)
+ - Revert "mm, memory_hotplug: do not associate hotadded memory to zones until
+ online"
+
+ * CVE-2017-5715 (Spectre v2 Intel)
+ - x86/feature: Enable the x86 feature to control Speculation
+ - x86/feature: Report presence of IBPB and IBRS control
+ - x86/enter: MACROS to set/clear IBRS and set IBPB
+ - x86/enter: Use IBRS on syscall and interrupts
+ - x86/idle: Disable IBRS entering idle and enable it on wakeup
+ - x86/idle: Disable IBRS when offlining cpu and re-enable on wakeup
+ - x86/mm: Set IBPB upon context switch
+ - x86/mm: Only set IBPB when the new thread cannot ptrace current thread
+ - x86/entry: Stuff RSB for entry to kernel for non-SMEP platform
+ - x86/kvm: add MSR_IA32_SPEC_CTRL and MSR_IA32_PRED_CMD to kvm
+ - x86/kvm: Set IBPB when switching VM
+ - x86/kvm: Toggle IBRS on VM entry and exit
+ - x86/spec_ctrl: Add sysctl knobs to enable/disable SPEC_CTRL feature
+ - x86/spec_ctrl: Add lock to serialize changes to ibrs and ibpb control
+ - x86/cpu/AMD: Add speculative control support for AMD
+ - x86/microcode: Extend post microcode reload to support IBPB feature
+ - KVM: SVM: Do not intercept new speculative control MSRs
+ - x86/svm: Set IBRS value on VM entry and exit
+ - x86/svm: Set IBPB when running a different VCPU
+ - KVM: x86: Add speculative control CPUID support for guests
+ - SAUCE: turn off IBPB when full retpoline is present
+
+ * Artful 4.13 fixes for tun (LP: #1748846)
+ - tun: call dev_get_valid_name() before register_netdevice()
+ - tun: allow positive return values on dev_get_valid_name() call
+ - tun/tap: sanitize TUNSETSNDBUF input
+
+ * boot failure on AMD Raven + WestonXT (LP: #1742759)
+ - SAUCE: drm/amdgpu: add atpx quirk handling (v2)
+
+ -- Khalid Elmously <khalid.elmously@canonical.com> Fri, 09 Feb 2018 14:42:56 -0500
+
+linux (4.13.0-33.36) artful; urgency=low
+
+ * linux: 4.13.0-33.36 -proposed tracker (LP: #1746903)
+
+ [ Stefan Bader ]
+ * starting VMs causing retpoline4 to reboot (LP: #1747507) // CVE-2017-5715
+ (Spectre v2 retpoline)
+ - x86/retpoline: Fill RSB on context switch for affected CPUs
+ - x86/retpoline: Add LFENCE to the retpoline/RSB filling RSB macros
+ - x86/retpoline: Optimize inline assembler for vmexit_fill_RSB
+ - x86/retpoline: Remove the esp/rsp thunk
+ - x86/retpoline: Simplify vmexit_fill_RSB()
+
+ * Missing install-time driver for QLogic QED 25/40/100Gb Ethernet NIC
+ (LP: #1743638)
+ - [d-i] Add qede to nic-modules udeb
+
+ * hisi_sas: driver robustness fixes (LP: #1739807)
+ - scsi: hisi_sas: fix reset and port ID refresh issues
+ - scsi: hisi_sas: avoid potential v2 hw interrupt issue
+ - scsi: hisi_sas: fix v2 hw underflow residual value
+ - scsi: hisi_sas: add v2 hw DFX feature
+ - scsi: hisi_sas: add irq and tasklet cleanup in v2 hw
+ - scsi: hisi_sas: service interrupt ITCT_CLR interrupt in v2 hw
+ - scsi: hisi_sas: fix internal abort slot timeout bug
+ - scsi: hisi_sas: us start_phy in PHY_FUNC_LINK_RESET
+ - scsi: hisi_sas: fix NULL check in SMP abort task path
+ - scsi: hisi_sas: fix the risk of freeing slot twice
+ - scsi: hisi_sas: kill tasklet when destroying irq in v3 hw
+ - scsi: hisi_sas: complete all tasklets prior to host reset
+
+ * [Artful/Zesty] ACPI APEI error handling bug fixes (LP: #1732990)
+ - ACPI: APEI: fix the wrong iteration of generic error status block
+ - ACPI / APEI: clear error status before acknowledging the error
+
+ * [Zesty/Artful] On ARM64 PCIE physical function passthrough guest fails to
+ boot (LP: #1732804)
+ - vfio/pci: Virtualize Maximum Payload Size
+ - vfio/pci: Virtualize Maximum Read Request Size
+
+ * hisi_sas: Add ATA command support for SMR disks (LP: #1739891)
+ - scsi: hisi_sas: support zone management commands
+
+ * thunderx2: i2c driver PEC and ACPI clock fixes (LP: #1738073)
+ - ACPI / APD: Add clock frequency for ThunderX2 I2C controller
+ - i2c: xlp9xx: Get clock frequency with clk API
+ - i2c: xlp9xx: Handle I2C_M_RECV_LEN in msg->flags
+
+ * Falkor erratum 1041 needs workaround (LP: #1738497)
+ - [Config] CONFIG_QCOM_FALKOR_ERRATUM_E1041=y
+ - arm64: Add software workaround for Falkor erratum 1041
+
+ * ThunderX: TX failure unless checksum offload disabled (LP: #1736593)
+ - net: thunderx: Fix TCP/UDP checksum offload for IPv6 pkts
+ - net: thunderx: Fix TCP/UDP checksum offload for IPv4 pkts
+
+ * arm64/thunderx: Unhandled context faults in ACPI mode (LP: #1736774)
+ - PCI: Set Cavium ACS capability quirk flags to assert RR/CR/SV/UF
+ - PCI: Apply Cavium ThunderX ACS quirk to more Root Ports
+
+ * arm64: Unfair rwlock can stall the system (LP: #1732238)
+ - locking/qrwlock: Use 'struct qrwlock' instead of 'struct __qrwlock'
+ - locking/atomic: Add atomic_cond_read_acquire()
+ - locking/qrwlock: Use atomic_cond_read_acquire() when spinning in qrwlock
+ - locking/qrwlock, arm64: Move rwlock implementation over to qrwlocks
+ - locking/qrwlock: Prevent slowpath writers getting held up by fastpath
+
+ * Shutdown hang on 16.04 with iscsi targets (LP: #1569925)
+ - scsi: libiscsi: Allow sd_shutdown on bad transport
+
+ * bt_iter() crash due to NULL pointer (LP: #1744300)
+ - blk-mq-tag: check for NULL rq when iterating tags
+
+ * hisilicon hibmc regression due to ea642c3216cb ("drm/ttm: add io_mem_pfn
+ callback") (LP: #1738334)
+ - SAUCE: drm: hibmc: Initialize the hibmc_bo_driver.io_mem_pfn
+
+ * CVE-2017-5754 ARM64 KPTI fixes
+ - arm64: Add ASM_BUG()
+ - arm64: consistently use bl for C exception entry
+ - arm64: syscallno is secretly an int, make it official
+ - arm64: Abstract syscallno manipulation
+ - arm64: move non-entry code out of .entry.text
+ - arm64: unwind: avoid percpu indirection for irq stack
+ - arm64: unwind: disregard frame.sp when validating frame pointer
+ - arm64: mm: Fix set_memory_valid() declaration
+ - arm64: Convert __inval_cache_range() to area-based
+ - arm64: Expose DC CVAP to userspace
+ - arm64: Handle trapped DC CVAP
+ - arm64: Implement pmem API support
+ - arm64: uaccess: Implement *_flushcache variants
+ - arm64/vdso: Support mremap() for vDSO
+ - arm64: unwind: reference pt_regs via embedded stack frame
+ - arm64: unwind: remove sp from struct stackframe
+ - arm64: uaccess: Add the uaccess_flushcache.c file
+ - arm64: fix pmem interface definition
+ - arm64: compat: Remove leftover variable declaration
+ - fork: allow arch-override of VMAP stack alignment
+ - arm64: kernel: remove {THREAD,IRQ_STACK}_START_SP
+ - arm64: factor out PAGE_* and CONT_* definitions
+ - arm64: clean up THREAD_* definitions
+ - arm64: clean up irq stack definitions
+ - arm64: move SEGMENT_ALIGN to <asm/memory.h>
+ - efi/arm64: add EFI_KIMG_ALIGN
+ - arm64: factor out entry stack manipulation
+ - arm64: assembler: allow adr_this_cpu to use the stack pointer
+ - arm64: use an irq stack pointer
+ - arm64: add basic VMAP_STACK support
+ - arm64: add on_accessible_stack()
+ - arm64: add VMAP_STACK overflow detection
+ - arm64: Convert pte handling from inline asm to using (cmp)xchg
+ - kvm: arm64: Convert kvm_set_s2pte_readonly() from inline asm to cmpxchg()
+ - arm64: Move PTE_RDONLY bit handling out of set_pte_at()
+ - arm64: Ignore hardware dirty bit updates in ptep_set_wrprotect()
+ - arm64: Remove the !CONFIG_ARM64_HW_AFDBM alternative code paths
+ - arm64: introduce separated bits for mm_context_t flags
+ - arm64: cleanup {COMPAT_,}SET_PERSONALITY() macro
+ - KVM: arm/arm64: Fix guest external abort matching
+ - KVM: arm/arm64: vgic: constify seq_operations and file_operations
+ - KVM: arm/arm64: vITS: Drop its_ite->lpi field
+ - KVM: arm/arm64: Extract GICv3 max APRn index calculation
+ - KVM: arm/arm64: Support uaccess of GICC_APRn
+ - arm64: move TASK_* definitions to <asm/processor.h>
+ - arm64: Use larger stacks when KASAN is selected
+ - arm64: sysreg: Move SPE registers and PSB into common header files
+ - arm64: head: Init PMSCR_EL2.{PA,PCT} when entered at EL2 without VHE
+ - arm64: Update fault_info table with new exception types
+ - arm64: Use existing defines for mdscr
+ - arm64: Fix single stepping in kernel traps
+ - arm64: asm-bug: Renumber macro local labels to avoid clashes
+ - arm64: Implement arch-specific pte_access_permitted()
+ - arm64: explicitly mask all exceptions
+ - arm64: introduce an order for exceptions
+ - arm64: Move the async/fiq helpers to explicitly set process context flags
+ - arm64: Mask all exceptions during kernel_exit
+ - arm64: entry.S: Remove disable_dbg
+ - arm64: entry.S: convert el1_sync
+ - arm64: entry.S convert el0_sync
+ - arm64: entry.S: convert elX_irq
+ - arm64: entry.S: move SError handling into a C function for future expansion
+ - arm64: pgd: Mark pgd_cache as __ro_after_init
+ - arm64: cpu_ops: Add missing 'const' qualifiers
+ - arm64: context: Fix comments and remove pointless smp_wmb()
+ - arm64: SW PAN: Point saved ttbr0 at the zero page when switching to init_mm
+ - arm64: SW PAN: Update saved ttbr0 value on enter_lazy_tlb
+ - arm64: Expose support for optional ARMv8-A features
+ - arm64: KVM: Hide unsupported AArch64 CPU features from guests
+ - arm64: mm: Use non-global mappings for kernel space
+ - arm64: mm: Temporarily disable ARM64_SW_TTBR0_PAN
+ - arm64: mm: Move ASID from TTBR0 to TTBR1
+ - arm64: mm: Remove pre_ttbr0_update_workaround for Falkor erratum #E1003
+ - arm64: mm: Rename post_ttbr0_update_workaround
+ - arm64: mm: Fix and re-enable ARM64_SW_TTBR0_PAN
+ - arm64: mm: Allocate ASIDs in pairs
+ - arm64: mm: Add arm64_kernel_unmapped_at_el0 helper
+ - arm64: mm: Invalidate both kernel and user ASIDs when performing TLBI
+ - arm64: entry: Add exception trampoline page for exceptions from EL0
+ - arm64: mm: Map entry trampoline into trampoline and kernel page tables
+ - arm64: entry: Explicitly pass exception level to kernel_ventry macro
+ - arm64: entry: Hook up entry trampoline to exception vectors
+ - arm64: erratum: Work around Falkor erratum #E1003 in trampoline code
+ - arm64: tls: Avoid unconditional zeroing of tpidrro_el0 for native tasks
+ - arm64: entry: Add fake CPU feature for unmapping the kernel at EL0
+ - arm64: Kconfig: Add CONFIG_UNMAP_KERNEL_AT_EL0
+ - arm64: mm: Introduce TTBR_ASID_MASK for getting at the ASID in the TTBR
+ - arm64: kaslr: Put kernel vectors address in separate data page
+ - arm64: use RET instruction for exiting the trampoline
+ - arm64: Kconfig: Reword UNMAP_KERNEL_AT_EL0 kconfig entry
+ - arm64: Fix the feature type for ID register fields
+ - arm64: Take into account ID_AA64PFR0_EL1.CSV3
+ - arm64: cpufeature: Pass capability structure to ->enable callback
+ - drivers/firmware: Expose psci_get_version through psci_ops structure
+ - arm64: Move post_ttbr_update_workaround to C code
+ - arm64: Add skeleton to harden the branch predictor against aliasing attacks
+ - arm64: KVM: Use per-CPU vector when BP hardening is enabled
+ - arm64: KVM: Make PSCI_VERSION a fast path
+ - arm64: cputype: Add missing MIDR values for Cortex-A72 and Cortex-A75
+ - arm64: Implement branch predictor hardening for affected Cortex-A CPUs
+ - arm64: Define cputype macros for Falkor CPU
+ - arm64: Implement branch predictor hardening for Falkor
+ - arm64: cputype: Add MIDR values for Cavium ThunderX2 CPUs
+ - bpf: inline map in map lookup functions for array and htab
+ - bpf: perf event change needed for subsequent bpf helpers
+ - bpf: do not test for PCPU_MIN_UNIT_SIZE before percpu allocations
+ - arm64: Branch predictor hardening for Cavium ThunderX2
+ - arm64: capabilities: Handle duplicate entries for a capability
+ - arm64: kpti: Fix the interaction between ASID switching and software PAN
+ - SAUCE: arm: Add BTB invalidation on switch_mm for Cortex-A9, A12 and A17
+ - SAUCE: arm: Invalidate BTB on prefetch abort outside of user mapping on
+ Cortex A8, A9, A12 and A17
+ - SAUCE: arm: KVM: Invalidate BTB on guest exit
+ - SAUCE: arm: Add icache invalidation on switch_mm for Cortex-A15
+ - SAUCE: arm: Invalidate icache on prefetch abort outside of user mapping on
+ Cortex-A15
+ - SAUCE: arm: KVM: Invalidate icache on guest exit for Cortex-A15
+ - SAUCE: asm-generic/barrier: add generic nospec helpers
+ - SAUCE: Documentation: document nospec helpers
+ - SAUCE: arm64: implement nospec_{load,ptr}()
+ - SAUCE: arm: implement nospec_ptr()
+ - SAUCE: bpf: inhibit speculated out-of-bounds pointers
+ - SAUCE: arm64: Implement branch predictor hardening for Falkor
+ - SAUCE: arm64: Branch predictor hardening for Cavium ThunderX2
+ - [Config] UNMAP_KERNEL_AT_EL0=y && HARDEN_BRANCH_PREDICTOR=y
+
+ * [artful] panic in update_stack_state when reading /proc/<pid>/stack on i386
+ (LP: #1747263)
+ - x86/unwind: Fix dereference of untrusted pointer
+
+ * CVE-2017-5753 (Spectre v1 Intel)
+ - x86/cpu/AMD: Remove now unused definition of MFENCE_RDTSC feature
+ - SAUCE: reinstate MFENCE_RDTSC feature definition
+ - locking/barriers: introduce new observable speculation barrier
+ - bpf: prevent speculative execution in eBPF interpreter
+ - x86, bpf, jit: prevent speculative execution when JIT is enabled
+ - SAUCE: FIX: x86, bpf, jit: prevent speculative execution when JIT is enabled
+ - uvcvideo: prevent speculative execution
+ - carl9170: prevent speculative execution
+ - p54: prevent speculative execution
+ - qla2xxx: prevent speculative execution
+ - cw1200: prevent speculative execution
+ - Thermal/int340x: prevent speculative execution
+ - ipv4: prevent speculative execution
+ - ipv6: prevent speculative execution
+ - fs: prevent speculative execution
+ - net: mpls: prevent speculative execution
+ - udf: prevent speculative execution
+ - userns: prevent speculative execution
+ - SAUCE: powerpc: add osb barrier
+ - SAUCE: s390/spinlock: add osb memory barrier
+ - SAUCE: claim mitigation via observable speculation barrier
+
+ * CVE-2017-5715 (Spectre v2 retpoline)
+ - x86/asm: Fix inline asm call constraints for Clang
+ - kvm: vmx: Scrub hardware GPRs at VM-exit
+ - sysfs/cpu: Add vulnerability folder
+ - x86/cpu: Implement CPU vulnerabilites sysfs functions
+ - x86/tboot: Unbreak tboot with PTI enabled
+ - objtool: Detect jumps to retpoline thunks
+ - objtool: Allow alternatives to be ignored
+ - x86/retpoline: Add initial retpoline support
+ - x86/spectre: Add boot time option to select Spectre v2 mitigation
+ - x86/retpoline/crypto: Convert crypto assembler indirect jumps
+ - x86/retpoline/entry: Convert entry assembler indirect jumps
+ - x86/retpoline/ftrace: Convert ftrace assembler indirect jumps
+ - x86/retpoline/hyperv: Convert assembler indirect jumps
+ - x86/retpoline/xen: Convert Xen hypercall indirect jumps
+ - x86/retpoline/checksum32: Convert assembler indirect jumps
+ - x86/retpoline/irq32: Convert assembler indirect jumps
+ - x86/retpoline: Fill return stack buffer on vmexit
+ - selftests/x86: Add test_vsyscall
+ - x86/pti: Fix !PCID and sanitize defines
+ - security/Kconfig: Correct the Documentation reference for PTI
+ - x86,perf: Disable intel_bts when PTI
+ - x86/retpoline: Remove compile time warning
+ - [Config] enable CONFIG_GENERIC_CPU_VULNERABILITIES
+ - [Config] enable CONFIG_RETPOLINE
+ - [Packaging] retpoline -- add call site validation
+ - [Config] disable retpoline checks for first upload
+
+ * CVE-2017-5715 (revert embargoed) // CVE-2017-5753 (revert embargoed)
+ - Revert "UBUNTU: SAUCE: x86/entry: Fix up retpoline assembler labels"
+ - Revert "kvm: vmx: Scrub hardware GPRs at VM-exit"
+ - Revert "Revert "x86/svm: Add code to clear registers on VM exit""
+ - Revert "UBUNTU: SAUCE: x86/microcode: Extend post microcode reload to
+ support IBPB feature -- repair missmerge"
+ - Revert "UBUNTU: SAUCE: x86/kvm: Fix stuff_RSB() for 32-bit"
+ - Revert "s390/spinlock: add gmb memory barrier"
+ - Revert "powerpc: add gmb barrier"
+ - Revert "x86/cpu/AMD: Remove now unused definition of MFENCE_RDTSC feature"
+ - Revert "x86/svm: Add code to clear registers on VM exit"
+ - Revert "x86/svm: Add code to clobber the RSB on VM exit"
+ - Revert "KVM: x86: Add speculative control CPUID support for guests"
+ - Revert "x86/svm: Set IBPB when running a different VCPU"
+ - Revert "x86/svm: Set IBRS value on VM entry and exit"
+ - Revert "KVM: SVM: Do not intercept new speculative control MSRs"
+ - Revert "x86/microcode: Extend post microcode reload to support IBPB feature"
+ - Revert "x86/cpu/AMD: Add speculative control support for AMD"
+ - Revert "x86/entry: Use retpoline for syscall's indirect calls"
+ - Revert "x86/syscall: Clear unused extra registers on 32-bit compatible
+ syscall entrance"
+ - Revert "x86/syscall: Clear unused extra registers on syscall entrance"
+ - Revert "x86/spec_ctrl: Add lock to serialize changes to ibrs and ibpb
+ control"
+ - Revert "x86/spec_ctrl: Add sysctl knobs to enable/disable SPEC_CTRL feature"
+ - Revert "x86/kvm: Pad RSB on VM transition"
+ - Revert "x86/kvm: Toggle IBRS on VM entry and exit"
+ - Revert "x86/kvm: Set IBPB when switching VM"
+ - Revert "x86/kvm: add MSR_IA32_SPEC_CTRL and MSR_IA32_PRED_CMD to kvm"
+ - Revert "x86/entry: Stuff RSB for entry to kernel for non-SMEP platform"
+ - Revert "x86/mm: Only set IBPB when the new thread cannot ptrace current
+ thread"
+ - Revert "x86/mm: Set IBPB upon context switch"
+ - Revert "x86/idle: Disable IBRS when offlining cpu and re-enable on wakeup"
+ - Revert "x86/idle: Disable IBRS entering idle and enable it on wakeup"
+ - Revert "x86/enter: Use IBRS on syscall and interrupts"
+ - Revert "x86/enter: MACROS to set/clear IBRS and set IBPB"
+ - Revert "x86/feature: Report presence of IBPB and IBRS control"
+ - Revert "x86/feature: Enable the x86 feature to control Speculation"
+ - Revert "udf: prevent speculative execution"
+ - Revert "net: mpls: prevent speculative execution"
+ - Revert "fs: prevent speculative execution"
+ - Revert "ipv6: prevent speculative execution"
+ - Revert "userns: prevent speculative execution"
+ - Revert "Thermal/int340x: prevent speculative execution"
+ - Revert "cw1200: prevent speculative execution"
+ - Revert "qla2xxx: prevent speculative execution"
+ - Revert "p54: prevent speculative execution"
+ - Revert "carl9170: prevent speculative execution"
+ - Revert "uvcvideo: prevent speculative execution"
+ - Revert "x86, bpf, jit: prevent speculative execution when JIT is enabled"
+ - Revert "bpf: prevent speculative execution in eBPF interpreter"
+ - Revert "locking/barriers: introduce new memory barrier gmb()"
+
+ * Unable to boot with i386 4.13.0-25 / 4.13.0-26 / 4.13.0-31 kernel on Xenial
+ / Artful (LP: #1745118)
+ - x86/mm: Fix overlap of i386 CPU_ENTRY_AREA with FIX_BTMAP
+
+ * 4.13: unable to increase MTU configuration for GRE devices (LP: #1743746)
+ - ip_gre: remove the incorrect mtu limit for ipgre tap
+
+ * CVE-2017-17712
+ - net: ipv4: fix for a race condition in raw_sendmsg
+
+ * upload urgency should be medium by default (LP: #1745338)
+ - [Packaging] update urgency to medium by default
+
+ * CVE-2017-15115
+ - sctp: do not peel off an assoc from one netns to another one
+
+ * CVE-2017-8824
+ - dccp: CVE-2017-8824: use-after-free in DCCP code
+
+ -- Khalid Elmously <khalid.elmously@canonical.com> Tue, 06 Feb 2018 13:19:16 -0500
+
+linux (4.13.0-32.35) artful; urgency=low
+
+ * CVE-2017-5715 // CVE-2017-5753
+ - SAUCE: x86/entry: Fix up retpoline assembler labels
+
+ -- Stefan Bader <stefan.bader@canonical.com> Tue, 23 Jan 2018 09:13:39 +0100
+
+linux (4.13.0-31.34) artful; urgency=low
+
+ * linux: 4.13.0-31.34 -proposed tracker (LP: #1744294)
+
+ [ Stefan Bader ]
+ * CVE-2017-5715 // CVE-2017-5753
+ - SAUCE: s390: improve cpu alternative handling for gmb and nobp
+ - SAUCE: s390: print messages for gmb and nobp
+ - [Config] KERNEL_NOBP=y
+
+ -- Marcelo Henrique Cerri <marcelo.cerri@canonical.com> Fri, 19 Jan 2018 09:56:09 -0200
+
+linux (4.13.0-30.33) artful; urgency=low
+
+ * linux: 4.13.0-30.33 -proposed tracker (LP: #1743412)
+
+ * Do not duplicate changelog entries assigned to more than one bug or CVE
+ (LP: #1743383)
+ - [Packaging] git-ubuntu-log -- handle multiple bugs/cves better
+
+ * Unable to handle kernel NULL pointer dereference at isci_task_abort_task
+ (LP: #1726519)
+ - Revert "scsi: libsas: allow async aborts"
+
+ * CVE-2017-5715 // CVE-2017-5753
+ - SAUCE: x86/microcode: Extend post microcode reload to support IBPB feature
+ -- repair missmerge
+ - Revert "x86/svm: Add code to clear registers on VM exit"
+ - kvm: vmx: Scrub hardware GPRs at VM-exit
+
+ -- Marcelo Henrique Cerri <marcelo.cerri@canonical.com> Mon, 15 Jan 2018 16:46:07 -0200
+
+linux (4.13.0-29.32) artful; urgency=low
+
+ * linux: 4.13.0-29.32 -proposed tracker (LP: #1742722)
+
+ * CVE-2017-5754
+ - Revert "x86/cpu: Implement CPU vulnerabilites sysfs functions"
+ - Revert "sysfs/cpu: Fix typos in vulnerability documentation"
+ - Revert "sysfs/cpu: Add vulnerability folder"
+ - Revert "UBUNTU: [Config] updateconfigs to enable
+ GENERIC_CPU_VULNERABILITIES"
+
+ -- Kleber Sacilotto de Souza <kleber.souza@canonical.com> Fri, 12 Jan 2018 12:10:51 +0100
+
+linux (4.13.0-28.31) artful; urgency=low
+
+ * CVE-2017-5753
+ - SAUCE: x86/kvm: Fix stuff_RSB() for 32-bit
+
+ * CVE-2017-5715
+ - SAUCE: x86/kvm: Fix stuff_RSB() for 32-bit
+
+ -- Seth Forshee <seth.forshee@canonical.com> Thu, 11 Jan 2018 17:52:21 -0600
+
+linux (4.13.0-27.30) artful; urgency=low
+
+ [ Andy Whitcroft ]
+ * CVE-2017-5753
+ - locking/barriers: introduce new memory barrier gmb()
+ - bpf: prevent speculative execution in eBPF interpreter
+ - x86, bpf, jit: prevent speculative execution when JIT is enabled
+ - uvcvideo: prevent speculative execution
+ - carl9170: prevent speculative execution
+ - p54: prevent speculative execution
+ - qla2xxx: prevent speculative execution
+ - cw1200: prevent speculative execution
+ - Thermal/int340x: prevent speculative execution
+ - userns: prevent speculative execution
+ - ipv6: prevent speculative execution
+ - fs: prevent speculative execution
+ - net: mpls: prevent speculative execution
+ - udf: prevent speculative execution
+ - x86/feature: Enable the x86 feature to control Speculation
+ - x86/feature: Report presence of IBPB and IBRS control
+ - x86/enter: MACROS to set/clear IBRS and set IBPB
+ - x86/enter: Use IBRS on syscall and interrupts
+ - x86/idle: Disable IBRS entering idle and enable it on wakeup
+ - x86/idle: Disable IBRS when offlining cpu and re-enable on wakeup
+ - x86/mm: Set IBPB upon context switch
+ - x86/mm: Only set IBPB when the new thread cannot ptrace current thread
+ - x86/entry: Stuff RSB for entry to kernel for non-SMEP platform
+ - x86/kvm: add MSR_IA32_SPEC_CTRL and MSR_IA32_PRED_CMD to kvm
+ - x86/kvm: Set IBPB when switching VM
+ - x86/kvm: Toggle IBRS on VM entry and exit
+ - x86/kvm: Pad RSB on VM transition
+ - x86/spec_ctrl: Add sysctl knobs to enable/disable SPEC_CTRL feature
+ - x86/spec_ctrl: Add lock to serialize changes to ibrs and ibpb control
+ - x86/syscall: Clear unused extra registers on syscall entrance
+ - x86/syscall: Clear unused extra registers on 32-bit compatible syscall
+ entrance
+ - x86/entry: Use retpoline for syscall's indirect calls
+ - x86/cpu/AMD: Add speculative control support for AMD
+ - x86/microcode: Extend post microcode reload to support IBPB feature
+ - KVM: SVM: Do not intercept new speculative control MSRs
+ - x86/svm: Set IBRS value on VM entry and exit
+ - x86/svm: Set IBPB when running a different VCPU
+ - KVM: x86: Add speculative control CPUID support for guests
+ - x86/svm: Add code to clobber the RSB on VM exit
+ - x86/svm: Add code to clear registers on VM exit
+ - x86/cpu/AMD: Remove now unused definition of MFENCE_RDTSC feature
+ - powerpc: add gmb barrier
+ - s390/spinlock: add gmb memory barrier
+ - x86/microcode/AMD: Add support for fam17h microcode loading
+
+ * CVE-2017-5715
+ - locking/barriers: introduce new memory barrier gmb()
+ - bpf: prevent speculative execution in eBPF interpreter
+ - x86, bpf, jit: prevent speculative execution when JIT is enabled
+ - uvcvideo: prevent speculative execution
+ - carl9170: prevent speculative execution
+ - p54: prevent speculative execution
+ - qla2xxx: prevent speculative execution
+ - cw1200: prevent speculative execution
+ - Thermal/int340x: prevent speculative execution
+ - userns: prevent speculative execution
+ - ipv6: prevent speculative execution
+ - fs: prevent speculative execution
+ - net: mpls: prevent speculative execution
+ - udf: prevent speculative execution
+ - x86/feature: Enable the x86 feature to control Speculation
+ - x86/feature: Report presence of IBPB and IBRS control
+ - x86/enter: MACROS to set/clear IBRS and set IBPB
+ - x86/enter: Use IBRS on syscall and interrupts
+ - x86/idle: Disable IBRS entering idle and enable it on wakeup
+ - x86/idle: Disable IBRS when offlining cpu and re-enable on wakeup
+ - x86/mm: Set IBPB upon context switch
+ - x86/mm: Only set IBPB when the new thread cannot ptrace current thread
+ - x86/entry: Stuff RSB for entry to kernel for non-SMEP platform
+ - x86/kvm: add MSR_IA32_SPEC_CTRL and MSR_IA32_PRED_CMD to kvm
+ - x86/kvm: Set IBPB when switching VM
+ - x86/kvm: Toggle IBRS on VM entry and exit
+ - x86/kvm: Pad RSB on VM transition
+ - x86/spec_ctrl: Add sysctl knobs to enable/disable SPEC_CTRL feature
+ - x86/spec_ctrl: Add lock to serialize changes to ibrs and ibpb control
+ - x86/syscall: Clear unused extra registers on syscall entrance
+ - x86/syscall: Clear unused extra registers on 32-bit compatible syscall
+ entrance
+ - x86/entry: Use retpoline for syscall's indirect calls
+ - x86/cpu/AMD: Add speculative control support for AMD
+ - x86/microcode: Extend post microcode reload to support IBPB feature
+ - KVM: SVM: Do not intercept new speculative control MSRs
+ - x86/svm: Set IBRS value on VM entry and exit
+ - x86/svm: Set IBPB when running a different VCPU
+ - KVM: x86: Add speculative control CPUID support for guests
+ - x86/svm: Add code to clobber the RSB on VM exit
+ - x86/svm: Add code to clear registers on VM exit
+ - x86/cpu/AMD: Remove now unused definition of MFENCE_RDTSC feature
+ - powerpc: add gmb barrier
+ - s390/spinlock: add gmb memory barrier
+ - x86/microcode/AMD: Add support for fam17h microcode loading
+
+ * CVE-2017-5754
+ - x86/pti: Enable PTI by default
+ - x86/pti: Make sure the user/kernel PTEs match
+ - x86/dumpstack: Fix partial register dumps
+ - x86/dumpstack: Print registers for first stack frame
+ - x86/process: Define cpu_tss_rw in same section as declaration
+ - x86/mm: Set MODULES_END to 0xffffffffff000000
+ - x86/mm: Map cpu_entry_area at the same place on 4/5 level
+ - x86/kaslr: Fix the vaddr_end mess
+ - x86/events/intel/ds: Use the proper cache flush method for mapping ds
+ buffers
+ - x86/tlb: Drop the _GPL from the cpu_tlbstate export
+ - x86/alternatives: Add missing '\n' at end of ALTERNATIVE inline asm
+ - x86/pti: Rename BUG_CPU_INSECURE to BUG_CPU_MELTDOWN
+ - x86/pti: Unbreak EFI old_memmap
+ - x86/Documentation: Add PTI description
+ - x86/cpufeatures: Add X86_BUG_SPECTRE_V[12]
+ - sysfs/cpu: Add vulnerability folder
+ - x86/cpu: Implement CPU vulnerabilites sysfs functions
+ - x86/tboot: Unbreak tboot with PTI enabled
+ - x86/mm/pti: Remove dead logic in pti_user_pagetable_walk*()
+ - x86/cpu/AMD: Make LFENCE a serializing instruction
+ - x86/cpu/AMD: Use LFENCE_RDTSC in preference to MFENCE_RDTSC
+ - sysfs/cpu: Fix typos in vulnerability documentation
+ - x86/alternatives: Fix optimize_nops() checking
+ - x86/pti: Make unpoison of pgd for trusted boot work for real
+ - s390: introduce CPU alternatives
+ - s390: add ppa to kernel entry / exit
+ - SAUCE: powerpc: Secure memory rfi flush
+ - SAUCE: rfi-flush: Make DEBUG_RFI a CONFIG option
+ - SAUCE: rfi-flush: Add HRFI_TO_UNKNOWN and use it in denorm
+ - SAUCE: rfi-flush: kvmppc_skip_(H)interrupt returns to host kernel
+ - SAUCE: KVM: Revert the implementation of H_GET_CPU_CHARACTERISTICS
+ - SAUCE: rfi-flush: Implement congruence-first fallback flush
+ - SAUCE: rfi-flush: Make l1d_flush_type bit flags
+ - SAUCE: rfi-flush: Push the instruction selection down to the patching
+ routine
+ - SAUCE: rfi-flush: Expand the RFI section to two nop slots
+ - SAUCE: rfi-flush: Support more than one flush type at once
+ - SAUCE: rfi-flush: Allow HV to advertise multiple flush types
+ - SAUCE: rfi-flush: Add speculation barrier before ori 30,30,0 flush
+ - SAUCE: rfi-flush: Add barriers to the fallback L1D flushing
+ - SAUCE: rfi-flush: Rework powernv logic to be more cautious
+ - SAUCE: rfi-flush: Rework pseries logic to be more cautious
+ - SAUCE: rfi-flush: Put the fallback flushes in the real trampoline section
+ - SAUCE: rfi-flush: Fix the fallback flush to actually activate
+ - SAUCE: rfi-flush: Fix HRFI_TO_UNKNOWN
+ - SAUCE: rfi-flush: Refactor the macros so the nops are defined once
+ - SAUCE: rfi-flush: Add no_rfi_flush and nopti comandline options
+ - SAUCE: rfi-flush: Use rfi-flush in printks
+ - SAUCE: rfi-flush: Fallback flush add load dependency
+ - SAUCE: rfi-flush: Fix the 32-bit KVM build
+ - SAUCE: rfi-flush: Fix some RFI conversions in the KVM code
+ - SAUCE: rfi-flush: Make the fallback robust against memory corruption
+ - [Config] Disable CONFIG_PPC_DEBUG_RFI
+ - [Config] updateconfigs to enable GENERIC_CPU_VULNERABILITIES
+
+ * powerpc: flush L1D on return to use (LP: #1742772)
+ - SAUCE: powerpc: Secure memory rfi flush
+ - SAUCE: rfi-flush: Make DEBUG_RFI a CONFIG option
+ - SAUCE: rfi-flush: Add HRFI_TO_UNKNOWN and use it in denorm
+ - SAUCE: rfi-flush: kvmppc_skip_(H)interrupt returns to host kernel
+ - SAUCE: KVM: Revert the implementation of H_GET_CPU_CHARACTERISTICS
+ - SAUCE: rfi-flush: Implement congruence-first fallback flush
+ - SAUCE: rfi-flush: Make l1d_flush_type bit flags
+ - SAUCE: rfi-flush: Push the instruction selection down to the patching
+ routine
+ - SAUCE: rfi-flush: Expand the RFI section to two nop slots
+ - SAUCE: rfi-flush: Support more than one flush type at once
+ - SAUCE: rfi-flush: Allow HV to advertise multiple flush types
+ - SAUCE: rfi-flush: Add speculation barrier before ori 30,30,0 flush
+ - SAUCE: rfi-flush: Add barriers to the fallback L1D flushing
+ - SAUCE: rfi-flush: Rework powernv logic to be more cautious
+ - SAUCE: rfi-flush: Rework pseries logic to be more cautious
+ - SAUCE: rfi-flush: Put the fallback flushes in the real trampoline section
+ - SAUCE: rfi-flush: Fix the fallback flush to actually activate
+ - SAUCE: rfi-flush: Fix HRFI_TO_UNKNOWN
+ - SAUCE: rfi-flush: Refactor the macros so the nops are defined once
+ - SAUCE: rfi-flush: Add no_rfi_flush and nopti comandline options
+ - SAUCE: rfi-flush: Use rfi-flush in printks
+ - SAUCE: rfi-flush: Fallback flush add load dependency
+ - SAUCE: rfi-flush: Fix the 32-bit KVM build
+ - SAUCE: rfi-flush: Fix some RFI conversions in the KVM code
+ - SAUCE: rfi-flush: Make the fallback robust against memory corruption
+ - [Config] Disable CONFIG_PPC_DEBUG_RFI
+
+ * s390: add ppa to kernel entry/exit (LP: #1742771)
+ - s390: introduce CPU alternatives
+ - s390: add ppa to kernel entry / exit
+
+ -- Marcelo Henrique Cerri <marcelo.cerri@canonical.com> Thu, 11 Jan 2018 18:41:44 -0200
+
+linux (4.13.0-25.29) artful; urgency=low
+
+ * linux: 4.13.0-25.29 -proposed tracker (LP: #1741955)
+
+ * CVE-2017-5754
+ - Revert "UBUNTU: [Config] updateconfigs to enable PTI"
+ - [Config] Enable PTI with UNWINDER_FRAME_POINTER
+
+ -- Marcelo Henrique Cerri <marcelo.cerri@canonical.com> Mon, 08 Jan 2018 17:13:57 -0200
+
+linux (4.13.0-24.28) artful; urgency=low
+
+ * linux: 4.13.0-24.28 -proposed tracker (LP: #1741745)
+
+ * CVE-2017-5754
+ - x86/cpu, x86/pti: Do not enable PTI on AMD processors
+
+ -- Marcelo Henrique Cerri <marcelo.cerri@canonical.com> Sun, 07 Jan 2018 11:49:34 -0200
+