This bug was fixed in the package linux - 4.4.0-193.224
---------------
linux (4.4.0-193.224) xenial; urgency=medium
* CVE-2020-16119
- SAUCE: dccp: avoid double free of ccid on child socket
linux (4.4.0-192.222) xenial; urgency=medium
* xenial/linux: 4.4.0-192.222 -proposed tracker (LP: #1897734)
* mwifiex stops working after kernel upgrade (LP: #1897299)
- mwifiex: Increase AES key storage size to 256 bits
* xenial 4.4.0-191-generic in -proposed has a regression (LP: #1896725)
- Revert "XEN uses irqdesc::irq_data_common::handler_data to store a per
interrupt XEN data pointer which contains XEN specific information."
linux (4.4.0-191.221) xenial; urgency=medium
* xenial/linux: 4.4.0-191.221 -proposed tracker (LP: #1896067)
* Novalink (mkvterm command failure) (LP: #1892546)
- tty: hvcs: Don't NULL tty->driver_data until hvcs_cleanup()
* Xenial update: v4.4.236 upstream stable release (LP: #1895891)
- HID: core: Correctly handle ReportSize being zero
- HID: core: Sanitize event code and type when mapping input
- perf record/stat: Explicitly call out event modifiers in the documentation
- mm, page_alloc: remove unnecessary variable from free_pcppages_bulk
- hwmon: (applesmc) check status earlier.
- ceph: don't allow setlease on cephfs
- s390: don't trace preemption in percpu macros
- xen/xenbus: Fix granting of vmalloc'd memory
- dmaengine: of-dma: Fix of_dma_router_xlate's of_dma_xlate handling
- batman-adv: Avoid uninitialized chaddr when handling DHCP
- batman-adv: bla: use netif_rx_ni when not in interrupt context
- dmaengine: at_hdmac: check return value of of_find_device_by_node() in
at_dma_xlate()
- netfilter: nf_tables: incorrect enum nft_list_attributes definition
- netfilter: nf_tables: fix destination register zeroing
- dmaengine: pl330: Fix burst length if burst size is smaller than bus width
- bnxt_en: Check for zero dir entries in NVRAM.
- fix regression in "epoll: Keep a reference on files added to the check
list"
- tg3: Fix soft lockup when tg3_reset_task() fails.
- iommu/vt-d: Serialize IOMMU GCMD register modifications
- thermal: ti-soc-thermal: Fix bogus thermal shutdowns for omap4430
- include/linux/log2.h: add missing () around n in roundup_pow_of_two()
- btrfs: drop path before adding new uuid tree entry
- btrfs: Remove redundant extent_buffer_get in get_old_root
- btrfs: Remove extraneous extent_buffer_get from tree_mod_log_rewind
- btrfs: set the lockdep class for log tree extent buffers
- uaccess: Add non-pagefault user-space read functions
- uaccess: Add non-pagefault user-space write function
- btrfs: fix potential deadlock in the search ioctl
- net: qmi_wwan: MDM9x30 specific power management
- net: qmi_wwan: support "raw IP" mode
- net: qmi_wwan: should hold RTNL while changing netdev type
- net: qmi_wwan: ignore bogus CDC Union descriptors
- Add Dell Wireless 5809e Gobi 4G HSPA+ Mobile Broadband Card (rev3) to
qmi_wwan
- qmi_wwan: Added support for Gemalto's Cinterion PHxx WWAN interface
- qmi_wwan: add support for Quectel EC21 and EC25
- NET: usb: qmi_wwan: add support for Telit LE922A PID 0x1040
- drivers: net: usb: qmi_wwan: add QMI_QUIRK_SET_DTR for Telit PID 0x1201
- usb: qmi_wwan: add D-Link DWM-222 A2 device ID
- net: usb: qmi_wwan: add Telit ME910 support
- net: usb: qmi_wwan: add Telit 0x1050 composition
- ALSA: ca0106: fix error code handling
- ALSA: pcm: oss: Remove superfluous WARN_ON() for mulaw sanity check
- dm cache metadata: Avoid returning cmd->bm wild pointer on error
- dm thin metadata: Avoid returning cmd->bm wild pointer on error
- net: refactor bind_bucket fastreuse into helper
- net: initialize fastreuse on inet_inherit_port
- checkpatch: fix the usage of capture group ( ... )
- mm/hugetlb: fix a race between hugetlb sysctl handlers
- cfg80211: regulatory: reject invalid hints
- net: usb: Fix uninit-was-stored issue in asix_read_phy_addr()
- ALSA: firewire-digi00x: add support for console models of Digi00x series
- ALSA: firewire-digi00x: exclude Avid Adrenaline from detection
- ALSA; firewire-tascam: exclude Tascam FE-8 from detection
- fs/affs: use octal for permissions
- affs: fix basic permission bits to actually work
- ravb: Fixed to be able to unload modules
- net: ethernet: mlx4: Fix memory allocation in mlx4_buddy_init()
- bnxt_en: Failure to update PHY is not fatal condition.
- bnxt: don't enable NAPI until rings are ready
- net: usb: dm9601: Add USB ID of Keenetic Plus DSL
- sctp: not disable bh in the whole sctp_get_port_local()
- net: disable netpoll on fresh napis
- Linux 4.4.236
* clock: overriding the clocksource should select the requested clocksource
(LP: #1894591)
- clocksource: Defer override invalidation unless clock is unstable
* alsa/hdmi: the hdmi audio stops working from Ubuntu-4.4.0-155.182
(LP: #1895603)
- ALSA: hda/hdmi - Read the pin sense from register when repolling
- SAUCE: ALSA: hda/hdmi - Check pin_eld->monitor_present
* Xenial update: v4.4.235 upstream stable release (LP: #1895031)
- net: Fix potential wrong skb->protocol in skb_vlan_untag()
- tipc: fix uninit skb->data in tipc_nl_compat_dumpit()
- ipvlan: fix device features
- bonding: show saner speed for broadcast mode
- bonding: fix a potential double-unregister
- powerpc/pseries: Do not initiate shutdown when system is running on UPS
- ALSA: pci: delete repeated words in comments
- ASoC: tegra: Fix reference count leaks.
- media: pci: ttpci: av7110: fix possible buffer overflow caused by bad DMA
value in debiirq()
- scsi: target: tcmu: Fix crash on ARM during cmd completion
- drm/amdkfd: Fix reference count leaks.
- drm/radeon: fix multiple reference count leak
- drm/amdgpu: fix ref count leak in amdgpu_driver_open_kms
- drm/amd/display: fix ref count leak in amdgpu_drm_ioctl
- drm/amdgpu: fix ref count leak in amdgpu_display_crtc_set_config
- drm/amdgpu/display: fix ref count leak when pm_runtime_get_sync fails
- scsi: lpfc: Fix shost refcount mismatch when deleting vport
- selftests/powerpc: Purge extra count_pmc() calls of ebb selftests
- PCI: Fix pci_create_slot() reference count leak
- rtlwifi: rtl8192cu: Prevent leaking urb
- mips/vdso: Fix resource leaks in genvdso.c
- drm/nouveau/drm/noveau: fix reference count leak in nouveau_fbcon_open
- drm/nouveau: Fix reference count leak in nouveau_connector_detect
- locking/lockdep: Fix overflow in presentation of average lock-time
- scsi: iscsi: Do not put host in iscsi_set_flashnode_param()
- ceph: fix potential mdsc use-after-free crash
- scsi: fcoe: Memory leak fix in fcoe_sysfs_fcf_del()
- EDAC/ie31200: Fallback if host bridge device is already initialized
- media: davinci: vpif_capture: fix potential double free
- powerpc/spufs: add CONFIG_COREDUMP dependency
- USB: sisusbvga: Fix a potential UB casued by left shifting a negative
value
- Revert "ath10k: fix DMA related firmware crashes on multiple devices"
- i2c: rcar: in slave mode, clear NACK earlier
- jbd2: make sure jh have b_transaction set in refile/unfile_buffer
- jbd2: abort journal if free a async write error metadata buffer
- s390/cio: add cond_resched() in the slow_eval_known_fn() loop
- scsi: ufs: Fix possible infinite loop in ufshcd_hold
- net: gianfar: Add of_node_put() before goto statement
- fbcon: prevent user font height or width change from causing potential
out-
of-bounds access
- USB: lvtest: return proper error code in probe
- vt: defer kfree() of vc_screenbuf in vc_do_resize()
- vt_ioctl: change VT_RESIZEX ioctl to check for error return from
vc_resize()
- serial: samsung: Removes the IRQ not found warning
- serial: pl011: Don't leak amba_ports entry on driver register error
- serial: 8250: change lock order in serial8250_do_startup()
- writeback: Protect inode->i_io_list with inode->i_lock
- writeback: Avoid skipping inode writeback
- writeback: Fix sync livelock due to b_dirty_time processing
- XEN uses irqdesc::irq_data_common::handler_data to store a per interrupt
XEN
data pointer which contains XEN specific information.
- xhci: Do warm-reset when both CAS and XDEV_RESUME are set
- PM: sleep: core: Fix the handling of pending runtime resume requests
- device property: Fix the secondary firmware node handling in
set_primary_fwnode()
- USB: yurex: Fix bad gfp argument
- usb: uas: Add quirk for PNY Pro Elite
- USB: Ignore UAS for JMicron JMS567 ATA/ATAPI Bridge
- usb: host: ohci-exynos: Fix error handling in exynos_ohci_probe()
- usb: storage: Add unusual_uas entry for Sony PSZ drives
- btrfs: check the right error variable in btrfs_del_dir_entries_in_log
- HID: hiddev: Fix slab-out-of-bounds write in hiddev_ioctl_usage()
- ALSA: usb-audio: Update documentation comment for MS2109 quirk
- Linux 4.4.235
* DELL LATITUDE 5491 touchscreen doesn't work (LP: #1889446) // Xenial update:
v4.4.235 upstream stable release (LP: #1895031)
- USB: quirks: Add no-lpm quirk for another Raydium touchscreen
* Xenial update: v4.4.234 upstream stable release (LP: #1893248)
- cxl: Fix kobject memleak
- drm/imx: imx-ldb: Disable both channels for split mode in enc->disable()
- perf probe: Fix memory leakage when the probe point is not found
- net/compat: Add missing sock updates for SCM_RIGHTS
- watchdog: f71808e_wdt: indicate WDIOF_CARDRESET support in
watchdog_info.options
- watchdog: f71808e_wdt: remove use of wrong watchdog_info option
- coredump: fix race condition between collapse_huge_page() and core dumping
- khugepaged: khugepaged_test_exit() check mmget_still_valid()
- khugepaged: adjust VM_BUG_ON_MM() in __khugepaged_enter()
- btrfs: export helpers for subvolume name/id resolution
- btrfs: don't show full path of bind mounts in subvol=
- romfs: fix uninitialized memory leak in romfs_dev_read()
- mm: include CMA pages in lowmem_reserve at boot
- mm, page_alloc: fix core hung in free_pcppages_bulk()
- ext4: clean up ext4_match() and callers
- ext4: fix checking of directory entry validity for inline directories
- media: budget-core: Improve exception handling in budget_register()
- media: vpss: clean up resources in init
- Input: psmouse - add a newline when printing 'proto' by sysfs
- m68knommu: fix overwriting of bits in ColdFire V3 cache control
- xfs: fix inode quota reservation checks
- jffs2: fix UAF problem
- scsi: libfc: Free skb in fc_disc_gpn_id_resp() for valid cases
- virtio_ring: Avoid loop when vq is broken in virtqueue_poll
- xfs: Fix UBSAN null-ptr-deref in xfs_sysfs_init
- alpha: fix annotation of io{read,write}{16,32}be()
- ext4: fix potential negative array index in do_split()
- ASoC: intel: Fix memleak in sst_media_open
- powerpc: Allow 4224 bytes of stack expansion for the signal frame
- epoll: Keep a reference on files added to the check list
- do_epoll_ctl(): clean the failure exits up a bit
- mm/hugetlb: fix calculation of adjust_range_if_pmd_sharing_possible
- xen: don't reschedule in preemption off sections
- omapfb: dss: Fix max fclk divider for omap36xx
- KVM: arm/arm64: Don't reschedule in unmap_stage2_range()
- Linux 4.4.234
* CVE-2018-10322
- libxfs: synchronize dinode_verify with userspace
- xfs: sanity check directory inode di_size
- xfs: move inode fork verifiers to xfs_dinode_verify
- xfs: enhance dinode verifier
-- Thadeu Lima de Souza Cascardo <casca...@canonical.com> Tue, 06 Oct
2020 12:24:31 -0300
** Changed in: linux (Ubuntu Xenial)
Status: Fix Committed => Fix Released
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-10322
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2020-16119
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1894591
Title:
clock: overriding the clocksource should select the requested
clocksource
Status in linux package in Ubuntu:
Fix Released
Status in linux source package in Xenial:
Fix Released
Bug description:
BugLink: https://bugs.launchpad.net/bugs/1894591
[Impact]
The default clocksource for a KVM VM is kvm-clock, and I happen to
need tsc.
$ cat /sys/devices/system/clocksource/clocksource0/current_clocksource
kvm-clock
If I edit /etc/default/grub and append "clocksource=tsc" to
GRUB_CMDLINE_LINUX_DEFAULT and reboot, I find the clocksource is still
kvm-clock.
$ cat /sys/devices/system/clocksource/clocksource0/current_clocksource
kvm-clock
I can work around this by telling the kernel that the tsc clocksource
is reliable, before the watchdog has a chance to see for itself that
it is reliable:
GRUB_CMDLINE_LINUX_DEFAULT="clocksource=tsc tsc=reliable"
$ cat /sys/devices/system/clocksource/clocksource0/current_clocksource
tsc
If I override the clocksource, the kernel should respect my wishes and
I should receive the requested clocksource.
[Fix]
The fix landed in Linux 4.9 in the below commit:
commit 36374583f9084cdab4b5dcf5521a3ce55bebb9fa
Author: Kyle Walker <kwal...@redhat.com>
Date: Sat Aug 6 12:07:30 2016 -0400
Subject: clocksource: Defer override invalidation unless clock is unstable
Link:
https://github.com/torvalds/linux/commit/36374583f9084cdab4b5dcf5521a3ce55bebb9fa
The commit ensures the override doesn't get cleared before the
watchdog has had an opportunity to check if the clocksource is stable
or not. However, if the clocksource is known to be unstable at this
point in time, it will clear the override and return to the default.
This is a clean cherry-pick to the Xenial 4.4 kernel.
[Testcase]
Start up a KVM VM, possibly enable invtsc on the QEMU command line.
The default clocksource will be kvm-clock:
$ cat /sys/devices/system/clocksource/clocksource0/current_clocksource
kvm-clock
If you set the kernel command line to:
GRUB_CMDLINE_LINUX_DEFAULT="clocksource=tsc"
If you reboot, you will see the incorrect option of kvm-clock:
$ cat /sys/devices/system/clocksource/clocksource0/current_clocksource
kvm-clock
There is a test kernel available in the below ppa, with the commit
applied:
https://launchpad.net/~mruffell/+archive/ubuntu/sf291501-test
If you install the test kernel, and leave the kernel command line as:
GRUB_CMDLINE_LINUX_DEFAULT="clocksource=tsc"
You will get the requested clocksource:
$ cat /sys/devices/system/clocksource/clocksource0/current_clocksource
tsc
You will also get the following in dmesg:
$ dmesg | grep defer
[ 1.002599] clocksource: Override clocksource tsc is not currently HRT
compatible - deferring
[Regression Potential]
This commit changes how the kernel treats clocksource overrides. If
any users have an override set, but the kernel is clearing the
override and returning to the default, when they install a patched
kernel, they will change over to their requested override, which may
come as a surprise.
If there is a regression, it will only affect systems who have
clocksource overrides in place, and in the worst case, will revert the
system to its default clocksource if the selected clocksource override
is found to be unstable.
The commit is well tested, and should not cause any regressions.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1894591/+subscriptions
--
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help : https://help.launchpad.net/ListHelp
