Xenial update to 4.4.110 stable release
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
linux (Ubuntu) |
Invalid
|
Undecided
|
Unassigned | ||
Xenial |
Fix Released
|
Medium
|
Unassigned |
Bug Description
SRU Justification
Impact:
The upstream process for stable tree updates is quite similar
in scope to the Ubuntu SRU process, e.g., each patch has to
demonstrably fix a bug, and each patch is vetted by upstream
by originating either directly from a mainline/stable Linux tree or
a minimally backported form of that patch. The 4.4.110 upstream stable
patch set is now available. It should be included in the Ubuntu
kernel as well.
TEST CASE: TBD
The following patches from the 4.4.110 stable release shall be applied:
* x86/boot: Add early cmdline parsing for options with arguments
* KAISER: Kernel Address Isolation
* kaiser: merged update
* kaiser: do not set _PAGE_NX on pgd_none
* kaiser: stack map PAGE_SIZE at THREAD_
* kaiser: fix build and FIXME in alloc_ldt_struct()
* kaiser: KAISER depends on SMP
* kaiser: fix regs to do_nmi() ifndef CONFIG_KAISER
* kaiser: fix perf crashes
* kaiser: ENOMEM if kaiser_
* kaiser: tidied up asm/kaiser.h somewhat
* kaiser: tidied up kaiser_
* kaiser: kaiser_
* kaiser: cleanups while trying for gold link
* kaiser: name that 0x1000 KAISER_
* kaiser: delete KAISER_REAL_SWITCH option
* kaiser: vmstat show NR_KAISERTABLE as nr_overhead
* kaiser: enhanced by kernel and user PCIDs
* kaiser: load_new_mm_cr3() let SWITCH_USER_CR3 flush user
* kaiser: PCID 0 for kernel and 128 for user
* kaiser: x86_cr3_
* kaiser: paranoid_entry pass cr3 need to paranoid_exit
* kaiser: _pgd_alloc() without __GFP_REPEAT to avoid stalls
* kaiser: fix unlikely error in alloc_ldt_struct()
* kaiser: add "nokaiser" boot option, using ALTERNATIVE
* x86/kaiser: Rename and simplify X86_FEATURE_KAISER handling
* x86/kaiser: Check boottime cmdline params
* kaiser: use ALTERNATIVE instead of x86_cr3_
* kaiser: drop is_atomic arg to kaiser_
* kaiser: asm/tlbflush.h handle noPGE at lower level
* kaiser: kaiser_
* x86/paravirt: Dont patch flush_tlb_single
* x86/kaiser: Reenable PARAVIRT
* kaiser: disabled on Xen PV
* x86/kaiser: Move feature detection up
* KPTI: Rename to PAGE_TABLE_
* KPTI: Report when enabled
* x86, vdso, pvclock: Simplify and speed up the vdso pvclock reader
* x86/vdso: Get pvclock data from the vvar VMA instead of the fixmap
* x86/kasan: Clear kasan_zero_page after TLB flush
* kaiser: Set _PAGE_NX only if supported
* Linux 4.4.110
tags: | added: kernel-stable-tracking-bug |
Changed in linux (Ubuntu): | |
status: | New → Invalid |
Changed in linux (Ubuntu Xenial): | |
importance: | Undecided → Medium |
status: | New → Fix Committed |
Only one of the patches for this release actually needed to be applied, as the rest had already been applied previously for spectre/meltdown (CVE-2017-5754) though not necessarily in the same order.
The only patch that actually needed to be applied is:
* KPTI: Rename to PAGE_TABLE_ ISOLATION
Further, one additional patch was required in debian. master/ config/ config. common. ubuntu to change the config name from CONFIG_KAISER to CONFIG_ PAGE_TABLE_ ISOLATION.