Ubuntu
linux package

Bionic update: upstream stable patchset 2018-05-29

Bug #1774063 reported by Kamal Mostafa on 2018-05-29

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	linux (Ubuntu)	Fix Released	Undecided	Unassigned
	Bionic	Fix Released	Undecided	Kamal Mostafa

Bug Description

SRU Justification

    Impact:
       The upstream process for stable tree updates is quite similar
       in scope to the Ubuntu SRU process, e.g., each patch has to
       demonstrably fix a bug, and each patch is vetted by upstream
       by originating either directly from a mainline/stable Linux tree or
       a minimally backported form of that patch. The following upstream
       stable patches should be included in the Ubuntu kernel:

upstream stable patchset 2018-05-29 (ported from v4.14.37 and v4.16.5)
from git://git.kernel.org/

mm,vmscan: Allow preallocating memory for register_shrinker().
btrfs: Fix race condition between delayed refs and blockgroup removal
mac80211_hwsim: fix use-after-free bug in hwsim_exit_net
Revert "KVM: X86: Fix SMRAM accessing even if VM is shutdown"
RDMA/mlx5: Fix NULL dereference while accessing XRC_TGT QPs
perf: Return proper values for user stack errors
perf: Fix sample_max_stack maximum check
netfilter: x_tables: limit allocation requests for blob rule heads
netfilter: compat: reject huge allocation requests
netfilter: compat: prepare xt_compat_init_offsets to return errors
netfilter: x_tables: add counters allocation wrapper
netfilter: x_tables: cap allocations at 512 mbyte
alarmtimer: Init nanosleep alarm timer on stack
RDMA/core: Reduce poll batch for direct cq polling
irqchip/gic-v3: Change pr_debug message to pr_devel
cpumask: Make for_each_cpu_wrap() available on UP as well
irqchip/gic-v3: Ignore disabled ITS nodes
perf test: Fix test trace+probe_libc_inet_pton.sh for s390x
powerpc/powernv: IMC fix out of bounds memory access at shutdown
locking/qspinlock: Ensure node->count is updated before initialising node
x86/platform/UV: Fix GAM Range Table entries less than 1GB
powerpc/mm/hash64: Zero PGD pages on allocation
vfs/proc/kcore, x86/mm/kcore: Fix SMAP fault when dumping vsyscall user page
PM / wakeirq: Fix unbalanced IRQ enable for wakeirq
ACPI / EC: Restore polling during noirq suspend/resume phases
bpf: fix rlimit in reuseport net selftest
net: stmmac: discard disabled flags in interrupt status register
SUNRPC: Don't call __UDPX_INC_STATS() from a preemptible context
tools/libbpf: handle issues with bpf ELF objects containing .eh_frames
net: Extra '_get' in declaration of arch_get_platform_mac_address
svcrdma: Fix Read chunk round-up
rxrpc: Don't put crypto buffers on the stack
selftests/ftrace: Add some missing glob checks
cpufreq: intel_pstate: Enable HWP during system resume on CPU0
bcache: return attach error when no cache set exist
bcache: fix for data collapse after re-attaching an attached device
bcache: fix for allocator and register thread race
bcache: properly set task state in bch_writeback_thread()
cifs: silence compiler warnings showing up with gcc-8.0.0
PM / domains: Fix up domain-idle-states OF parsing
proc: fix /proc/*/map_files lookup
arm64: spinlock: Fix theoretical trylock() A-B-A with LSE atomics
RDS: IB: Fix null pointer issue
bpf: sockmap, fix leaking maps with attached but not detached progs
xen/grant-table: Use put_page instead of free_page
xen-netfront: Fix race between device setup and open
perf evsel: Fix period/freq terms setup
MIPS: Generic: Support GIC in EIC mode
perf record: Fix period option handling
MIPS: TXx9: use IS_BUILTIN() for CONFIG_LEDS_CLASS
ACPI / scan: Use acpi_bus_get_status() to initialize ACPI_TYPE_DEVICE devs
ACPI / bus: Do not call _STA on battery devices with unmet dependencies
ACPI: processor_perflib: Do not send _PPC change notification if not ready
firmware: dmi_scan: Fix handling of empty DMI strings
x86/dumpstack: Avoid uninitlized variable
x86/power: Fix swsusp_arch_resume prototype
netfilter: ipv6: nf_defrag: Kill frag queue on RFC2460 failure
s390/eadm: fix CONFIG_BLOCK include dependency
drm/nouveau/pmu/fuc: don't use movw directly anymore
IB/core: Map iWarp AH type to undefined in rdma_ah_find_type
IB/ipoib: Fix for potential no-carrier state
IB/hfi1: Fix for potential refcount leak in hfi1_open_file()
IB/hfi1: Re-order IRQ cleanup to address driver cleanup race
blk-mq: fix discard merge with scheduler attached
openvswitch: Remove padding from packet before L3+ conntrack processing
mm/fadvise: discard partial page if endbyte is also EOF
mm: pin address_space before dereferencing it while isolating an LRU page
mm: thp: use down_read_trylock() in khugepaged to avoid long block
sparc64: update pmdp_invalidate() to return old pmd value
asm-generic: provide generic_pmdp_establish()
mm/mempolicy: add nodes_empty check in SYSC_migrate_pages
mm/mempolicy: fix the check of nodemask from user
ocfs2: return error when we attempt to access a dirty bh in jbd2
ocfs2/acl: use 'ip_xattr_sem' to protect getting extended attribute
ocfs2: return -EROFS to mount.ocfs2 if inode block is invalid
fs/dax.c: release PMD lock even when there is no PMD support in DAX
x86/kvm/vmx: do not use vm-exit instruction length for fast MMIO when running nested
kvm: Map PFN-type memory regions as writable (if possible)
tcp_nv: fix potential integer overflow in tcpnv_acked
netfilter: x_tables: fix pointer leaks to userspace
x86/hyperv: Check for required priviliges in hyperv_init()
gianfar: prevent integer wrapping in the rx handler
ntb_transport: Fix bug with max_mw_size parameter
RDMA/mlx5: Avoid memory leak in case of XRCD dealloc failure
powerpc/numa: Ensure nodes initialized for hotplug
powerpc/numa: Use ibm,max-associativity-domains to discover possible nodes
samples/bpf: Partially fixes the bpf.o build
i40e: fix reported mask for ntuple filters
i40e: program fragmented IPv4 filter input set
ixgbe: don't set RXDCTL.RLPML for 82599
jffs2: Fix use-after-free bug in jffs2_iget()'s error handling path
RDMA/uverbs: Use an unambiguous errno for method not supported
crypto: artpec6 - remove select on non-existing CRYPTO_SHA384
device property: Define type of PROPERTY_ENRTY_*() macros
tty: serial: exar: Relocate sleep wake-up handling
x86/hyperv: Stop suppressing X86_FEATURE_PCID
fm10k: fix "failed to kill vid" message for VF
igb: Clear TXSTMP when ptp_tx_work() is timeout
igb: Allow to remove administratively set MAC on VFs
ASoC: rockchip: Use dummy_dai for rt5514 dsp dailink
blk-mq-debugfs: don't allow write on attributes with seq_operations set
KVM: s390: vsie: use READ_ONCE to access some SCB fields
platform/x86: thinkpad_acpi: suppress warning about palm detection
i40evf: ignore link up if not running
i40evf: Don't schedule reset_task when device is being removed
bpf: test_maps: cleanup sockmaps when test ends
block: Set BIO_TRACE_COMPLETION on new bio during split
nfp: fix error return code in nfp_pci_probe()
HID: roccat: prevent an out of bounds read in kovaplus_profile_activated()
Input: stmfts - set IRQ_NOAUTOEN to the irq flag
scsi: fas216: fix sense buffer initialization
scsi: devinfo: fix format of the device list
f2fs: avoid hungtask when GC encrypted block if io_bits is set
RDMA/cma: Check existence of netdevice during port validation
Btrfs: raid56: fix race between merge_bio and rbio_orig_end_io
Btrfs: fix unexpected EEXIST from btrfs_get_extent
btrfs: fail mount when sb flag is not in BTRFS_SUPER_FLAG_SUPP
Btrfs: fix scrub to repair raid6 corruption
btrfs: Fix out of bounds access in btrfs_search_slot
Btrfs: set plug for fsync
ipmi/powernv: Fix error return code in ipmi_powernv_probe()
kconfig: Fix expr_free() E_NOT leak
kconfig: Fix automatic menu creation mem leak
kconfig: Don't leak main menus during parsing
watchdog: sp5100_tco: Fix watchdog disable bit
PCI: Add dummy pci_irqd_intx_xlate() for CONFIG_PCI=n build
MIPS: Fix clean of vmlinuz.{32,ecoff,bin,srec}
nfs: Do not convert nfs_idmap_cache_timeout to jiffies
IB/cq: Don't force IB_POLL_DIRECT poll context for ib_process_cq_direct
spi: a3700: Clear DATA_OUT when performing a read
net: stmmac: dwmac-meson8b: propagate rate changes to the parent clock
net: stmmac: dwmac-meson8b: fix setting the RGMII TX clock on Meson8b
ubifs: Fix uninitialized variable in search_dh_cookie()
dm mpath: return DM_MAPIO_REQUEUE on blk-mq rq allocation failure
dm thin: fix documentation relative to low water mark threshold
iommu/vt-d: Use domain instead of cache fetching
powerpc: System reset avoid interleaving oops using die synchronisation
iommu/exynos: Don't unconditionally steal bus ops
perf record: Fix failed memory allocation for get_cpuid_str
tools lib traceevent: Fix get_field_str() for dynamic strings
perf callchain: Fix attr.sample_max_stack setting
tools lib traceevent: Simplify pointer print logic and fix %pF
perf unwind: Do not look just at the global callchain_param.record_mode
i40iw: Zero-out consumer key on allocate stag for FMR
i40iw: Free IEQ resources
Input: synaptics - reset the ABS_X/Y fuzz after initializing MT axes
libbpf: Makefile set specified permission mode
Input: psmouse - fix Synaptics detection when protocol is disabled
PCI: Add function 1 DMA alias quirk for Marvell 9128
selftest: ftrace: Fix to pick text symbols for kprobes
xprtrdma: Fix backchannel allocation of extra rpcrdma_reps
platform/x86: dell-laptop: Filter out spurious keyboard backlight change events
KVM: s390: use created_vcpus in more places
tracing/hrtimer: Fix tracing bugs by taking all clock bases and modes into account
netfilter: ipv6: nf_defrag: Pass on packets to stack per RFC2460
KVM: PPC: Book3S HV: Enable migration of decrementer register
RDMA/core: Clarify rdma_ah_find_type
kvm: x86: fix KVM_XEN_HVM_CONFIG ioctl
ASoC: au1x: Fix timeout tests in au1xac97c_ac97_read()
ALSA: hda - Use IS_REACHABLE() for dependency on input
ACPI / LPSS: Do not instiate platform_dev for devs without MMIO resources
NFSv4: always set NFS_LOCK_LOST when a lock is lost.
x86/tsc: Allow TSC calibration without PIT
firewire-ohci: work around oversized DMA reads on JMicron controllers
usb: musb: Fix external abort in musb_remove on omap2430
usb: musb: call pm_runtime_{get,put}_sync before reading vbus registers
usb: musb: fix enumeration after resume
drm/i915/bxt, glk: Increase PCODE timeouts during CDCLK freq changing
drm/i915: Fix LSPCON TMDS output buffer enabling from low-power state
drm/i915: Do no use kfree() to free a kmem_cache_alloc() return value
drm/i915/audio: Fix audio detection issue on GLK
drm/i915/gvt: throw error on unhandled vfio ioctls
drm/vc4: Fix memory leak during BO teardown
x86/tsc: Prevent 32bit truncation in calc_hpet_ref()
clocksource/imx-tpm: Correct -ETIME return condition check
x86/acpi: Prevent X2APIC id 0xffffffff from being accounted
btrfs: fix unaligned access in readdir
cifs: do not allow creating sockets except with SMB1 posix exensions

See original description

Tags:

CVE References

Kamal Mostafa (kamalmostafa) on 2018-05-29

tags:

added: kernel-stable-tracking-bug

Kamal Mostafa (kamalmostafa) on 2018-05-29

description:	updated
Changed in linux (Ubuntu Bionic):
assignee:	nobody → Kamal Mostafa (kamalmostafa)
status:	New → In Progress

Khaled El Mously (kmously) on 2018-06-07

Changed in linux (Ubuntu Bionic):
status:	In Progress → Fix Committed

Revision history for this message

Launchpad Janitor (janitor) wrote on 2018-07-02:

Download full text (49.5 KiB)

This bug was fixed in the package linux - 4.15.0-24.26

---------------
linux (4.15.0-24.26) bionic; urgency=medium

* linux: 4.15.0-24.26 -proposed tracker (LP: #1776338)

This bug was fixed in the package linux - 4.15.0-24.26

---------------
linux (4.15.0-24.26) bionic; urgency=medium

* linux: 4.15.0-24.26 -proposed tracker (LP: #1776338)

* Bionic update: upstream stable patchset 2018-06-06 (LP: #1775483)
    - drm: bridge: dw-hdmi: Fix overflow workaround for Amlogic Meson GX SoCs
    - i40e: Fix attach VF to VM issue
    - tpm: cmd_ready command can be issued only after granting locality
    - tpm: tpm-interface: fix tpm_transmit/_cmd kdoc
    - tpm: add retry logic
    - Revert "ath10k: send (re)assoc peer command when NSS changed"
    - bonding: do not set slave_dev npinfo before slave_enable_netpoll in
      bond_enslave
    - ipv6: add RTA_TABLE and RTA_PREFSRC to rtm_ipv6_policy
    - ipv6: sr: fix NULL pointer dereference in seg6_do_srh_encap()- v4 pkts
    - KEYS: DNS: limit the length of option strings
    - l2tp: check sockaddr length in pppol2tp_connect()
    - net: validate attribute sizes in neigh_dump_table()
    - llc: delete timers synchronously in llc_sk_free()
    - tcp: don't read out-of-bounds opsize
    - net: af_packet: fix race in PACKET_{R|T}X_RING
    - tcp: md5: reject TCP_MD5SIG or TCP_MD5SIG_EXT on established sockets
    - net: fix deadlock while clearing neighbor proxy table
    - team: avoid adding twice the same option to the event list
    - net/smc: fix shutdown in state SMC_LISTEN
    - team: fix netconsole setup over team
    - packet: fix bitfield update race
    - tipc: add policy for TIPC_NLA_NET_ADDR
    - pppoe: check sockaddr length in pppoe_connect()
    - vlan: Fix reading memory beyond skb->tail in skb_vlan_tagged_multi
    - amd-xgbe: Add pre/post auto-negotiation phy hooks
    - sctp: do not check port in sctp_inet6_cmp_addr
    - amd-xgbe: Improve KR auto-negotiation and training
    - strparser: Do not call mod_delayed_work with a timeout of LONG_MAX
    - amd-xgbe: Only use the SFP supported transceiver signals
    - strparser: Fix incorrect strp->need_bytes value.
    - net: sched: ife: signal not finding metaid
    - tcp: clear tp->packets_out when purging write queue
    - net: sched: ife: handle malformed tlv length
    - net: sched: ife: check on metadata length
    - llc: hold llc_sap before release_sock()
    - llc: fix NULL pointer deref for SOCK_ZAPPED
    - net: ethernet: ti: cpsw: fix tx vlan priority mapping
    - virtio_net: split out ctrl buffer
    - virtio_net: fix adding vids on big-endian
    - KVM: s390: force bp isolation for VSIE
    - s390: correct module section names for expoline code revert
    - microblaze: Setup dependencies for ASM optimized lib functions
    - commoncap: Handle memory allocation failure.
    - scsi: mptsas: Disable WRITE SAME
    - cdrom: information leak in cdrom_ioctl_media_changed()
    - m68k/mac: Don't remap SWIM MMIO region
    - block/swim: Check drive type
    - block/swim: Don't log an error message for an invalid ioctl
    - block/swim: Remove extra put_disk() call from error path
    - block/swim: Rename macros to avoid inconsistent inverted logic
    - block/swim: Select appropriate drive on device open
    - block/swim: Fix array bounds check
    - block/swim: Fix IO error at end of medium
    - tracing: Fix missing tab for hwlat_detector print format
    - s390/cio: update chpid descriptor after resource accessibility event
    - s390/dasd: fix IO error for newly defined devices
    - s390/uprobes: implement arch_uretprobe_is_alive()
    - ACPI / video: Only default only_lcd to true on Win8-ready _desktops_
    - docs: ip-sysctl.txt: fix name of some ipv6 variables
    - net: mvpp2: Fix DMA address mask size
    - net: stmmac: Disable ACS Feature for GMAC >= 4
    - l2tp: hold reference on tunnels in netlink dumps
    - l2tp: hold reference on tunnels printed in pppol2tp proc file
    - l2tp: hold reference on tunnels printed in l2tp/tunnels debugfs file
    - l2tp: fix {pppol2tp, l2tp_dfs}_seq_stop() in case of seq_file overflow
    - s390/qeth: fix error handling in adapter command callbacks
    - s390/qeth: avoid control IO completion stalls
    - s390/qeth: handle failure on workqueue creation
    - bnxt_en: Fix memory fault in bnxt_ethtool_init()
    - virtio-net: add missing virtqueue kick when flushing packets
    - VSOCK: make af_vsock.ko removable again
    - hwmon: (k10temp) Add temperature offset for Ryzen 2700X
    - hwmon: (k10temp) Add support for AMD Ryzen w/ Vega graphics
    - s390/cpum_cf: rename IBM z13/z14 counter names
    - kprobes: Fix random address output of blacklist file
    - Revert "pinctrl: intel: Initialize GPIO properly when used through irqchip"

* Lenovo V330 needs patch in ideapad_laptop module for rfkill (LP: #1774636)
    - SAUCE: Add Lenovo V330 to the ideapad_laptop rfkill blacklist

* bluetooth controller fail after suspend with USB autosuspend on XPS 13 9360
    (LP: #1775217)
    - Bluetooth: btusb: Add Dell XPS 13 9360 to btusb_needs_reset_resume_table

* [Hyper-V] PCI: hv: Fix 2 hang issues in hv_compose_msi_msg (LP: #1758378)
    - PCI: hv: Only queue new work items in hv_pci_devices_present() if necessary
    - PCI: hv: Remove the bogus test in hv_eject_device_work()
    - PCI: hv: Fix a comment typo in _hv_pcifront_read_config()

* register on binfmt_misc may overflow and crash the system (LP: #1775856)
    - fs/binfmt_misc.c: do not allow offset overflow

* CVE-2018-11508
    - compat: fix 4-byte infoleak via uninitialized struct field

* Network installs fail on SocioNext board (LP: #1775884)
    - net: netsec: reduce DMA mask to 40 bits
    - net: socionext: reset hardware in ndo_stop
    - net: netsec: enable tx-irq during open callback

* r8169 ethernet card don't work after returning from suspension
    (LP: #1752772)
    - PCI: Add pcim_set_mwi(), a device-managed pci_set_mwi()
    - r8169: switch to device-managed functions in probe
    - r8169: remove netif_napi_del in probe error path
    - r8169: remove some WOL-related dead code
    - r8169: disable WOL per default
    - r8169: improve interrupt handling
    - r8169: fix interrupt number after adding support for MSI-X interrupts

* ISST-LTE:KVM:Ubuntu18.04:BostonLC:boslcp3:boslcp3g3:Guest conosle hangs
    after hotplug CPU add operation. (LP: #1759723)
    - genirq/affinity: assign vectors to all possible CPUs
    - genirq/affinity: Don't return with empty affinity masks on error
    - genirq/affinity: Rename *node_to_possible_cpumask as *node_to_cpumask
    - genirq/affinity: Move actual irq vector spreading into a helper function
    - genirq/affinity: Allow irq spreading from a given starting point
    - genirq/affinity: Spread irq vectors among present CPUs as far as possible
    - blk-mq: simplify queue mapping & schedule with each possisble CPU
    - blk-mq: make sure hctx->next_cpu is set correctly
    - blk-mq: Avoid that blk_mq_delay_run_hw_queue() introduces unintended delays
    - blk-mq: make sure that correct hctx->next_cpu is set
    - blk-mq: avoid to write intermediate result to hctx->next_cpu
    - blk-mq: introduce blk_mq_hw_queue_first_cpu() to figure out first cpu
    - blk-mq: don't check queue mapped in __blk_mq_delay_run_hw_queue()
    - nvme: pci: pass max vectors as num_possible_cpus() to pci_alloc_irq_vectors
    - scsi: hpsa: fix selection of reply queue
    - scsi: megaraid_sas: fix selection of reply queue
    - scsi: core: introduce force_blk_mq
    - scsi: virtio_scsi: fix IO hang caused by automatic irq vector affinity
    - scsi: virtio_scsi: unify scsi_host_template

* Fix several bugs in RDMA/hns driver (LP: #1770974)
    - RDMA/hns: Use structs to describe the uABI instead of opencoding
    - RDMA/hns: Remove unnecessary platform_get_resource() error check
    - RDMA/hns: Remove unnecessary operator
    - RDMA/hns: Add names to function arguments in function pointers
    - RDMA/hns: Fix misplaced call to hns_roce_cleanup_hem_table
    - RDMA/hns: Fix a bug with modifying mac address
    - RDMA/hns: Use free_pages function instead of free_page
    - RDMA/hns: Replace __raw_write*(cpu_to_le*()) with LE write*()
    - RDMA/hns: Bugfix for init hem table
    - RDMA/hns: Intercept illegal RDMA operation when use inline data
    - RDMA/hns: Fix the qp context state diagram
    - RDMA/hns: Only assign mtu if IB_QP_PATH_MTU bit is set
    - RDMA/hns: Remove some unnecessary attr_mask judgement
    - RDMA/hns: Only assign dqpn if IB_QP_PATH_DEST_QPN bit is set
    - RDMA/hns: Adjust the order of cleanup hem table
    - RDMA/hns: Update assignment method for owner field of send wqe
    - RDMA/hns: Submit bad wr
    - RDMA/hns: Fix a couple misspellings
    - RDMA/hns: Add rq inline flags judgement
    - RDMA/hns: Bugfix for rq record db for kernel
    - RDMA/hns: Load the RoCE dirver automatically
    - RDMA/hns: Update convert function of endian format
    - RDMA/hns: Add return operation when configured global param fail
    - RDMA/hns: Not support qp transition from reset to reset for hip06
    - RDMA/hns: Fix the bug with rq sge
    - RDMA/hns: Set desc_dma_addr for zero when free cmq desc
    - RDMA/hns: Enable inner_pa_vld filed of mpt
    - RDMA/hns: Set NULL for __internal_mr
    - RDMA/hns: Fix the bug with NULL pointer
    - RDMA/hns: Bugfix for cq record db for kernel
    - RDMA/hns: Move the location for initializing tmp_len
    - RDMA/hns: Drop local zgid in favor of core defined variable
    - RDMA/hns: Add 64KB page size support for hip08
    - RDMA/hns: Rename the idx field of db
    - RDMA/hns: Modify uar allocation algorithm to avoid bitmap exhaust
    - RDMA/hns: Increase checking CMQ status timeout value
    - RDMA/hns: Add reset process for RoCE in hip08
    - RDMA/hns: Fix the illegal memory operation when cross page
    - RDMA/hns: Implement the disassociate_ucontext API

* powerpc/livepatch: Implement reliable stack tracing for the consistency
    model (LP: #1771844)
    - powerpc/livepatch: Implement reliable stack tracing for the consistency
      model

* vmxnet3: update to latest ToT (LP: #1768143)
    - vmxnet3: avoid xmit reset due to a race in vmxnet3
    - vmxnet3: use correct flag to indicate LRO feature
    - vmxnet3: fix incorrect dereference when rxvlan is disabled

* 4.15.0-22-generic fails to boot on IBM S822LC (POWER8 (raw), altivec
    supported) (LP: #1773162)
    - Revert "powerpc/64s: Add support for a store forwarding barrier at kernel
      entry/exit"
    - powerpc/64s: Add support for a store forwarding barrier at kernel entry/exit

* Decode ARM CPER records in kernel (LP: #1770244)
    - [Config] CONFIG_UEFI_CPER_ARM=y
    - efi: Move ARM CPER code to new file
    - efi: Parse ARM error information value

* Adding back alx WoL feature (LP: #1772610)
    - SAUCE: Revert "alx: remove WoL support"
    - SAUCE: alx: add enable_wol paramenter

* Lancer A0 Asic HBA's won't boot with 18.04 (LP: #1768103)
    - scsi: lpfc: Fix WQ/CQ creation for older asic's.
    - scsi: lpfc: Fix 16gb hbas failing cq create.

* [LTCTest][OPAL][OP920] cpupower idle-info is not listing stop4 and stop5
    idle states when all CORES are guarded (LP: #1771780)
    - SAUCE: cpuidle/powernv : init all present cpus for deep states

* Huawei 25G/100G Network Adapters Unsupported (LP: #1770970)
    - net-next/hinic: add pci device ids for 25ge and 100ge card

* [Ubuntu 18.04.1] POWER9 - Nvidia Volta - Kernel changes to enable Nvidia
    driver on bare metal (LP: #1772991)
    - powerpc/powernv/npu: Fix deadlock in mmio_invalidate()
    - powerpc/powernv/mce: Don't silently restart the machine
    - powerpc/npu-dma.c: Fix crash after __mmu_notifier_register failure
    - powerpc/mm: Flush cache on memory hot(un)plug
    - powerpc/powernv/memtrace: Let the arch hotunplug code flush cache
    - powerpc/powernv/npu: Add lock to prevent race in concurrent context
      init/destroy
    - powerpc/powernv/npu: Prevent overwriting of pnv_npu2_init_contex() callback
      parameters
    - powerpc/powernv/npu: Do a PID GPU TLB flush when invalidating a large
      address range
    - powerpc/mce: Fix a bug where mce loops on memory UE.

* cpum_sf: ensure sample freq is non-zero (LP: #1772593)
    - s390/cpum_sf: ensure sample frequency of perf event attributes is non-zero

* PCIe link speeds of 16 GT/s are shown as "Unknown speed" (LP: #1773243)
    - PCI: Add decoding for 16 GT/s link speed

* False positive ACPI _PRS error messages (LP: #1773295)
    - ACPI / PCI: pci_link: Allow the absence of _PRS and change log level

* Dell systems crash when disabling Nvidia dGPU (LP: #1773299)
    - ACPI / OSI: Add OEM _OSI strings to disable NVidia RTD3

* wlp3s0: failed to remove key (1, ff:ff:ff:ff:ff:ff) from hardware (-22)
    (LP: #1720930)
    - iwlwifi: mvm: fix "failed to remove key" message

* Expose arm64 CPU topology to userspace (LP: #1770231)
    - ACPICA: ACPI 6.2: Additional PPTT flags
    - drivers: base: cacheinfo: move cache_setup_of_node()
    - drivers: base: cacheinfo: setup DT cache properties early
    - cacheinfo: rename of_node to fw_token
    - arm64/acpi: Create arch specific cpu to acpi id helper
    - ACPI/PPTT: Add Processor Properties Topology Table parsing
    - [Config] CONFIG_ACPI_PPTT=y
    - ACPI: Enable PPTT support on ARM64
    - drivers: base cacheinfo: Add support for ACPI based firmware tables
    - arm64: Add support for ACPI based firmware tables
    - arm64: topology: rename cluster_id
    - arm64: topology: enable ACPI/PPTT based CPU topology
    - ACPI: Add PPTT to injectable table list
    - arm64: topology: divorce MC scheduling domain from core_siblings

* hisi_sas robustness fixes (LP: #1774466)
    - scsi: hisi_sas: delete timer when removing hisi_sas driver
    - scsi: hisi_sas: print device id for errors
    - scsi: hisi_sas: Add some checks to avoid free'ing a sas_task twice
    - scsi: hisi_sas: check host frozen before calling "done" function
    - scsi: hisi_sas: check sas_dev gone earlier in hisi_sas_abort_task()
    - scsi: hisi_sas: stop controller timer for reset
    - scsi: hisi_sas: update PHY linkrate after a controller reset
    - scsi: hisi_sas: change slot index allocation mode
    - scsi: hisi_sas: Change common allocation mode of device id
    - scsi: hisi_sas: Reset disks when discovered
    - scsi: hisi_sas: Create a scsi_host_template per HW module
    - scsi: hisi_sas: Init disks after controller reset
    - scsi: hisi_sas: Try wait commands before before controller reset
    - scsi: hisi_sas: Include TMF elements in struct hisi_sas_slot
    - scsi: hisi_sas: Add v2 hw force PHY function for internal ATA command
    - scsi: hisi_sas: Terminate STP reject quickly for v2 hw
    - scsi: hisi_sas: Fix return value when get_free_slot() failed
    - scsi: hisi_sas: Mark PHY as in reset for nexus reset

* hisi_sas: Support newer v3 hardware (LP: #1774467)
    - scsi: hisi_sas: update RAS feature for later revision of v3 HW
    - scsi: hisi_sas: check IPTT is valid before using it for v3 hw
    - scsi: hisi_sas: fix PI memory size
    - scsi: hisi_sas: config ATA de-reset as an constrained command for v3 hw
    - scsi: hisi_sas: remove redundant handling to event95 for v3
    - scsi: hisi_sas: add readl poll timeout helper wrappers
    - scsi: hisi_sas: workaround a v3 hw hilink bug
    - scsi: hisi_sas: Add LED feature for v3 hw

* hisi_sas: improve performance by optimizing DQ locking (LP: #1774472)
    - scsi: hisi_sas: initialize dq spinlock before use
    - scsi: hisi_sas: optimise the usage of DQ locking
    - scsi: hisi_sas: relocate smp sg map
    - scsi: hisi_sas: make return type of prep functions void
    - scsi: hisi_sas: allocate slot buffer earlier
    - scsi: hisi_sas: Don't lock DQ for complete task sending
    - scsi: hisi_sas: Use device lock to protect slot alloc/free
    - scsi: hisi_sas: add check of device in hisi_sas_task_exec()
    - scsi: hisi_sas: fix a typo in hisi_sas_task_prep()

* Request to revert SAUCE patches in the 18.04 SRU and update with upstream
    version (LP: #1768431)
    - scsi: cxlflash: Handle spurious interrupts
    - scsi: cxlflash: Remove commmands from pending list on timeout
    - scsi: cxlflash: Synchronize reset and remove ops
    - SAUCE: (no-up) cxlflash: OCXL diff between v2 and v3

* After update to 4.13-43 Intel Graphics are Laggy (LP: #1773520)
    - SAUCE: Revert "drm/i915/edp: Allow alternate fixed mode for eDP if
      available."

* ELANPAD ELAN0612 does not work, patch available (LP: #1773509)
    - SAUCE: Input: elan_i2c - add ELAN0612 to the ACPI table

* FS-Cache: Assertion failed: FS-Cache: 6 == 5 is false (LP: #1774336)
    - SAUCE: CacheFiles: fix a read_waiter/read_copier race

* hns3 driver updates (LP: #1768670)
    - net: hns3: VF should get the real rss_size instead of rss_size_max
    - net: hns3: set the cmdq out_vld bit to 0 after used
    - net: hns3: fix endian issue when PF get mbx message flag
    - net: hns3: fix the queue id for tqp enable&&reset
    - net: hns3: set the max ring num when alloc netdev
    - net: hns3: add support for VF driver inner interface
      hclgevf_ops.get_tqps_and_rss_info
    - net: hns3: refactor the hclge_get/set_rss function
    - net: hns3: refactor the hclge_get/set_rss_tuple function
    - net: hns3: fix for RSS configuration loss problem during reset
    - net: hns3: fix for pause configuration lost during reset
    - net: hns3: fix for use-after-free when setting ring parameter
    - net: hns3: refactor the get/put_vector function
    - net: hns3: fix for coalesce configuration lost during reset
    - net: hns3: refactor the coalesce related struct
    - net: hns3: fix for coal configuation lost when setting the channel
    - net: hns3: add existence check when remove old uc mac address
    - net: hns3: fix for netdev not running problem after calling net_stop and
      net_open
    - net: hns3: fix for ipv6 address loss problem after setting channels
    - net: hns3: unify the pause params setup function
    - net: hns3: fix rx path skb->truesize reporting bug
    - net: hns3: add support for querying pfc puase packets statistic
    - net: hns3: fix for loopback failure when vlan filter is enable
    - net: hns3: fix for buffer overflow smatch warning
    - net: hns3: fix error type definition of return value
    - net: hns3: fix return value error of hclge_get_mac_vlan_cmd_status()
    - net: hns3: add existence checking before adding unicast mac address
    - net: hns3: add result checking for VF when modify unicast mac address
    - net: hns3: reallocate tx/rx buffer after changing mtu
    - net: hns3: fix the VF queue reset flow error
    - net: hns3: fix for vlan table lost problem when resetting
    - net: hns3: increase the max time for IMP handle command
    - net: hns3: change GL update rate
    - net: hns3: change the time interval of int_gl calculating
    - net: hns3: fix for getting wrong link mode problem
    - net: hns3: add get_link support to VF
    - net: hns3: add querying speed and duplex support to VF
    - net: hns3: fix for not returning problem in get_link_ksettings when phy
      exists
    - net: hns3: Changes to make enet watchdog timeout func common for PF/VF
    - net: hns3: Add VF Reset Service Task to support event handling
    - net: hns3: Add VF Reset device state and its handling
    - net: hns3: Add support to request VF Reset to PF
    - net: hns3: Add support to reset the enet/ring mgmt layer
    - net: hns3: Add support to re-initialize the hclge device
    - net: hns3: Changes to support ARQ(Asynchronous Receive Queue)
    - net: hns3: Add *Asserting Reset* mailbox message & handling in VF
    - net: hns3: Changes required in PF mailbox to support VF reset
    - net: hns3: hclge_inform_reset_assert_to_vf() can be static
    - net: hns3: fix for returning wrong value problem in hns3_get_rss_key_size
    - net: hns3: fix for returning wrong value problem in hns3_get_rss_indir_size
    - net: hns3: fix for the wrong shift problem in hns3_set_txbd_baseinfo
    - net: hns3: fix for not initializing VF rss_hash_key problem
    - net: hns3: never send command queue message to IMP when reset
    - net: hns3: remove unnecessary pci_set_drvdata() and devm_kfree()
    - net: hns3: fix length overflow when CONFIG_ARM64_64K_PAGES
    - net: hns3: Remove error log when getting pfc stats fails
    - net: hns3: fix to correctly fetch l4 protocol outer header
    - net: hns3: Fixes the out of bounds access in hclge_map_tqp
    - net: hns3: Fixes the error legs in hclge_init_ae_dev function
    - net: hns3: fix for phy_addr error in hclge_mac_mdio_config
    - net: hns3: Fix to support autoneg only for port attached with phy
    - net: hns3: fix a dead loop in hclge_cmd_csq_clean
    - net: hns3: Fix for packet loss due wrong filter config in VLAN tbls
    - net: hns3: Remove packet statistics in the range of 8192~12287
    - net: hns3: Add support of hardware rx-vlan-offload to HNS3 VF driver
    - net: hns3: Fix for setting mac address when resetting
    - net: hns3: remove add/del_tunnel_udp in hns3_enet module
    - net: hns3: fix for cleaning ring problem
    - net: hns3: refactor the loopback related function
    - net: hns3: Fix for deadlock problem occurring when unregistering ae_algo
    - net: hns3: Fix for the null pointer problem occurring when initializing
      ae_dev failed
    - net: hns3: Add a check for client instance init state
    - net: hns3: Change return type of hnae3_register_ae_dev
    - net: hns3: Change return type of hnae3_register_ae_algo
    - net: hns3: Change return value in hnae3_register_client
    - net: hns3: Fixes the back pressure setting when sriov is enabled
    - net: hns3: Fix for fiber link up problem
    - net: hns3: Add support of .sriov_configure in HNS3 driver
    - net: hns3: Fixes the missing PCI iounmap for various legs
    - net: hns3: Fixes error reported by Kbuild and internal review
    - net: hns3: Fixes API to fetch ethernet header length with kernel default
    - net: hns3: cleanup of return values in hclge_init_client_instance()
    - net: hns3: Fix the missing client list node initialization
    - net: hns3: Fix for hns3 module is loaded multiple times problem
    - net: hns3: Use enums instead of magic number in hclge_is_special_opcode
    - net: hns3: Fix for netdev not running problem after calling net_stop and
      net_open
    - net: hns3: Fixes kernel panic issue during rmmod hns3 driver
    - net: hns3: Fix for CMDQ and Misc. interrupt init order problem
    - net: hns3: Updates RX packet info fetch in case of multi BD
    - net: hns3: Add support for tx_accept_tag2 and tx_accept_untag2 config
    - net: hns3: Add STRP_TAGP field support for hardware revision 0x21
    - net: hns3: Add support to enable TX/RX promisc mode for H/W rev(0x21)
    - net: hns3: Fix for PF mailbox receving unknown message
    - net: hns3: Fixes the state to indicate client-type initialization
    - net: hns3: Fixes the init of the VALID BD info in the descriptor
    - net: hns3: Removes unnecessary check when clearing TX/RX rings
    - net: hns3: Clear TX/RX rings when stopping port & un-initializing client
    - net: hns3: Remove unused led control code
    - net: hns3: Adds support for led locate command for copper port
    - net: hns3: Fixes initalization of RoCE handle and makes it conditional
    - net: hns3: Disable vf vlan filter when vf vlan table is full
    - net: hns3: Add support for IFF_ALLMULTI flag
    - net: hns3: Add repeat address checking for setting mac address
    - net: hns3: Fix setting mac address error
    - net: hns3: Fix for service_task not running problem after resetting
    - net: hns3: Fix for hclge_reset running repeatly problem
    - net: hns3: Fix for phy not link up problem after resetting
    - net: hns3: Add missing break in misc_irq_handle
    - net: hns3: Fix for vxlan tx checksum bug
    - net: hns3: Optimize the PF's process of updating multicast MAC
    - net: hns3: Optimize the VF's process of updating multicast MAC
    - SAUCE: {topost} net: hns3: add support for serdes loopback selftest
    - SAUCE: {topost} net: hns3: RX BD information valid only in last BD except
      VLD bit and buffer size
    - SAUCE: {topost} net: hns3: remove hclge_get_vector_index from
      hclge_bind_ring_with_vector
    - SAUCE: {topost} net: hns3: rename the interface for init_client_instance and
      uninit_client_instance
    - SAUCE: {topost} net: hns3: add vector status check before free vector
    - SAUCE: {topost} net: hns3: add l4_type check for both ipv4 and ipv6
    - SAUCE: {topost} net: hns3: remove unused head file in hnae3.c
    - SAUCE: {topost} net: hns3: extraction an interface for state state
      init|uninit
    - SAUCE: {topost} net: hns3: print the ret value in error information
    - SAUCE: {topost} net: hns3: remove the Redundant put_vector in
      hns3_client_uninit
    - SAUCE: {topost} net: hns3: add unlikely for error check
    - SAUCE: {topost} net: hns3: remove back in struct hclge_hw
    - SAUCE: {topost} net: hns3: use lower_32_bits and upper_32_bits
    - SAUCE: {topost} net: hns3: remove unused hclge_ring_to_dma_dir
    - SAUCE: {topost} net: hns3: remove useless code in hclge_cmd_send
    - SAUCE: {topost} net: hns3: remove some redundant assignments
    - SAUCE: {topost} net: hns3: simplify hclge_cmd_csq_clean
    - SAUCE: {topost} net: hns3: using modulo for cyclic counters in
      hclge_cmd_send
    - SAUCE: {topost} net: hns3: remove a redundant hclge_cmd_csq_done
    - SAUCE: {topost} net: hns3: remove some unused members of some structures
    - SAUCE: {topost} net: hns3: give default option while dependency HNS3 set
    - SAUCE: {topost} net: hns3: use dma_zalloc_coherent instead of
      kzalloc/dma_map_single
    - SAUCE: {topost} net: hns3: modify hnae_ to hnae3_
    - SAUCE: {topost} net: hns3: fix unused function warning in VF driver
    - SAUCE: {topost} net: hns3: remove some redundant assignments
    - SAUCE: {topost} net: hns3: standardize the handle of return value
    - SAUCE: {topost} net: hns3: remove extra space and brackets
    - SAUCE: {topost} net: hns3: fix unreasonable code comments
    - SAUCE: {topost} net: hns3: use decimal for bit offset macros
    - SAUCE: {topost} net: hns3: modify inconsistent bit mask macros
    - SAUCE: {topost} net: hns3: fix mislead parameter name
    - SAUCE: {topost} net: hns3: remove unused struct member and definition
    - SAUCE: {topost} net: hns3: Add SPDX tags to hns3 driver
    - SAUCE: {topost} net: hns3: Add pf reset for hip08 RoCE
    - SAUCE: {topost} net: hns3: optimize the process of notifying roce client
    - SAUCE: {topost} net: hns3: Add calling roce callback function when link
      status change
    - SAUCE: {topost} net: hns3: fix tc setup when netdev is first up
    - SAUCE: {topost} net: hns3: fix for mac pause not disable in pfc mode
    - SAUCE: {topost} net: hns3: fix for waterline not setting correctly
    - SAUCE: {topost} net: hns3: fix for l4 checksum offload bug
    - SAUCE: {topost} net: hns3: fix for mailbox message truncated problem
    - SAUCE: {topost} net: hns3: Add configure for mac minimal frame size
    - SAUCE: {topost} net: hns3: fix warning bug when doing lp selftest
    - SAUCE: {topost} net: hns3: fix get_vector ops in hclgevf_main module
    - SAUCE: {topost} net: hns3: remove the warning when clear reset cause
    - SAUCE: {topost} net: hns3: Use roce handle when calling roce callback
      function
    - SAUCE: {topost} net: hns3: prevent sending command during global or core
      reset
    - SAUCE: {topost} net: hns3: modify the order of initializeing command queue
      register
    - SAUCE: {topost} net: hns3: reset net device with rtnl_lock
    - SAUCE: {topost} net: hns3: prevent to request reset frequently
    - SAUCE: {topost} net: hns3: correct reset event status register
    - SAUCE: {topost} net: hns3: separate roce from nic when resetting
    - SAUCE: net: hns3: Fix for phy link issue when using marvell phy driver
    - SAUCE: {topost} net: hns3: fix return value error in
      hns3_reset_notify_down_enet
    - SAUCE: {topost} net: hns3: remove unnecessary ring configuration operation
      while resetting
    - SAUCE: {topost} net: hns3: fix for reset_level default assignment probelm
    - SAUCE: {topost} net: hns3: fix for using wrong mask and shift in
      hclge_get_ring_chain_from_mbx
    - SAUCE: {topost} net: hns3: fix comments for hclge_get_ring_chain_from_mbx
    - SAUCE: net: hns3: Fix for VF mailbox cannot receiving PF response
    - SAUCE: net: hns3: Fix for VF mailbox receiving unknown message
    - SAUCE: net: hns3: Optimize PF CMDQ interrupt switching process

* enable mic-mute hotkey and led on Lenovo M820z and M920z (LP: #1774306)
    - ALSA: hda/realtek - Enable mic-mute hotkey for several Lenovo AIOs

* Bionic update: upstream stable patchset 2018-05-29 (LP: #1774063)
    - cifs: do not allow creating sockets except with SMB1 posix exensions
    - btrfs: fix unaligned access in readdir
    - x86/acpi: Prevent X2APIC id 0xffffffff from being accounted
    - clocksource/imx-tpm: Correct -ETIME return condition check
    - x86/tsc: Prevent 32bit truncation in calc_hpet_ref()
    - drm/vc4: Fix memory leak during BO teardown
    - drm/i915/gvt: throw error on unhandled vfio ioctls
    - drm/i915/audio: Fix audio detection issue on GLK
    - drm/i915: Do no use kfree() to free a kmem_cache_alloc() return value
    - drm/i915: Fix LSPCON TMDS output buffer enabling from low-power state
    - drm/i915/bxt, glk: Increase PCODE timeouts during CDCLK freq changing
    - usb: musb: fix enumeration after resume
    - usb: musb: call pm_runtime_{get,put}_sync before reading vbus registers
    - usb: musb: Fix external abort in musb_remove on omap2430
    - firewire-ohci: work around oversized DMA reads on JMicron controllers
    - x86/tsc: Allow TSC calibration without PIT
    - NFSv4: always set NFS_LOCK_LOST when a lock is lost.
    - ACPI / LPSS: Do not instiate platform_dev for devs without MMIO resources
    - ALSA: hda - Use IS_REACHABLE() for dependency on input
    - ASoC: au1x: Fix timeout tests in au1xac97c_ac97_read()
    - kvm: x86: fix KVM_XEN_HVM_CONFIG ioctl
    - RDMA/core: Clarify rdma_ah_find_type
    - KVM: PPC: Book3S HV: Enable migration of decrementer register
    - netfilter: ipv6: nf_defrag: Pass on packets to stack per RFC2460
    - tracing/hrtimer: Fix tracing bugs by taking all clock bases and modes into
      account
    - KVM: s390: use created_vcpus in more places
    - platform/x86: dell-laptop: Filter out spurious keyboard backlight change
      events
    - xprtrdma: Fix backchannel allocation of extra rpcrdma_reps
    - selftest: ftrace: Fix to pick text symbols for kprobes
    - PCI: Add function 1 DMA alias quirk for Marvell 9128
    - Input: psmouse - fix Synaptics detection when protocol is disabled
    - libbpf: Makefile set specified permission mode
    - Input: synaptics - reset the ABS_X/Y fuzz after initializing MT axes
    - i40iw: Free IEQ resources
    - i40iw: Zero-out consumer key on allocate stag for FMR
    - perf unwind: Do not look just at the global callchain_param.record_mode
    - tools lib traceevent: Simplify pointer print logic and fix %pF
    - perf callchain: Fix attr.sample_max_stack setting
    - tools lib traceevent: Fix get_field_str() for dynamic strings
    - perf record: Fix failed memory allocation for get_cpuid_str
    - iommu/exynos: Don't unconditionally steal bus ops
    - powerpc: System reset avoid interleaving oops using die synchronisation
    - iommu/vt-d: Use domain instead of cache fetching
    - dm thin: fix documentation relative to low water mark threshold
    - dm mpath: return DM_MAPIO_REQUEUE on blk-mq rq allocation failure
    - ubifs: Fix uninitialized variable in search_dh_cookie()
    - net: stmmac: dwmac-meson8b: fix setting the RGMII TX clock on Meson8b
    - net: stmmac: dwmac-meson8b: propagate rate changes to the parent clock
    - spi: a3700: Clear DATA_OUT when performing a read
    - IB/cq: Don't force IB_POLL_DIRECT poll context for ib_process_cq_direct
    - nfs: Do not convert nfs_idmap_cache_timeout to jiffies
    - MIPS: Fix clean of vmlinuz.{32,ecoff,bin,srec}
    - PCI: Add dummy pci_irqd_intx_xlate() for CONFIG_PCI=n build
    - watchdog: sp5100_tco: Fix watchdog disable bit
    - kconfig: Don't leak main menus during parsing
    - kconfig: Fix automatic menu creation mem leak
    - kconfig: Fix expr_free() E_NOT leak
    - ipmi/powernv: Fix error return code in ipmi_powernv_probe()
    - Btrfs: set plug for fsync
    - btrfs: Fix out of bounds access in btrfs_search_slot
    - Btrfs: fix scrub to repair raid6 corruption
    - btrfs: fail mount when sb flag is not in BTRFS_SUPER_FLAG_SUPP
    - Btrfs: fix unexpected EEXIST from btrfs_get_extent
    - Btrfs: raid56: fix race between merge_bio and rbio_orig_end_io
    - RDMA/cma: Check existence of netdevice during port validation
    - f2fs: avoid hungtask when GC encrypted block if io_bits is set
    - scsi: devinfo: fix format of the device list
    - scsi: fas216: fix sense buffer initialization
    - Input: stmfts - set IRQ_NOAUTOEN to the irq flag
    - HID: roccat: prevent an out of bounds read in kovaplus_profile_activated()
    - nfp: fix error return code in nfp_pci_probe()
    - block: Set BIO_TRACE_COMPLETION on new bio during split
    - bpf: test_maps: cleanup sockmaps when test ends
    - i40evf: Don't schedule reset_task when device is being removed
    - i40evf: ignore link up if not running
    - platform/x86: thinkpad_acpi: suppress warning about palm detection
    - KVM: s390: vsie: use READ_ONCE to access some SCB fields
    - blk-mq-debugfs: don't allow write on attributes with seq_operations set
    - ASoC: rockchip: Use dummy_dai for rt5514 dsp dailink
    - igb: Allow to remove administratively set MAC on VFs
    - igb: Clear TXSTMP when ptp_tx_work() is timeout
    - fm10k: fix "failed to kill vid" message for VF
    - x86/hyperv: Stop suppressing X86_FEATURE_PCID
    - tty: serial: exar: Relocate sleep wake-up handling
    - device property: Define type of PROPERTY_ENRTY_*() macros
    - crypto: artpec6 - remove select on non-existing CRYPTO_SHA384
    - RDMA/uverbs: Use an unambiguous errno for method not supported
    - jffs2: Fix use-after-free bug in jffs2_iget()'s error handling path
    - ixgbe: don't set RXDCTL.RLPML for 82599
    - i40e: program fragmented IPv4 filter input set
    - i40e: fix reported mask for ntuple filters
    - samples/bpf: Partially fixes the bpf.o build
    - powerpc/numa: Use ibm,max-associativity-domains to discover possible nodes
    - powerpc/numa: Ensure nodes initialized for hotplug
    - RDMA/mlx5: Avoid memory leak in case of XRCD dealloc failure
    - ntb_transport: Fix bug with max_mw_size parameter
    - gianfar: prevent integer wrapping in the rx handler
    - x86/hyperv: Check for required priviliges in hyperv_init()
    - netfilter: x_tables: fix pointer leaks to userspace
    - tcp_nv: fix potential integer overflow in tcpnv_acked
    - kvm: Map PFN-type memory regions as writable (if possible)
    - x86/kvm/vmx: do not use vm-exit instruction length for fast MMIO when
      running nested
    - fs/dax.c: release PMD lock even when there is no PMD support in DAX
    - ocfs2: return -EROFS to mount.ocfs2 if inode block is invalid
    - ocfs2/acl: use 'ip_xattr_sem' to protect getting extended attribute
    - ocfs2: return error when we attempt to access a dirty bh in jbd2
    - mm/mempolicy: fix the check of nodemask from user
    - mm/mempolicy: add nodes_empty check in SYSC_migrate_pages
    - asm-generic: provide generic_pmdp_establish()
    - sparc64: update pmdp_invalidate() to return old pmd value
    - mm: thp: use down_read_trylock() in khugepaged to avoid long block
    - mm: pin address_space before dereferencing it while isolating an LRU page
    - mm/fadvise: discard partial page if endbyte is also EOF
    - openvswitch: Remove padding from packet before L3+ conntrack processing
    - blk-mq: fix discard merge with scheduler attached
    - IB/hfi1: Re-order IRQ cleanup to address driver cleanup race
    - IB/hfi1: Fix for potential refcount leak in hfi1_open_file()
    - IB/ipoib: Fix for potential no-carrier state
    - IB/core: Map iWarp AH type to undefined in rdma_ah_find_type
    - drm/nouveau/pmu/fuc: don't use movw directly anymore
    - s390/eadm: fix CONFIG_BLOCK include dependency
    - netfilter: ipv6: nf_defrag: Kill frag queue on RFC2460 failure
    - x86/power: Fix swsusp_arch_resume prototype
    - x86/dumpstack: Avoid uninitlized variable
    - firmware: dmi_scan: Fix handling of empty DMI strings
    - ACPI: processor_perflib: Do not send _PPC change notification if not ready
    - ACPI / bus: Do not call _STA on battery devices with unmet dependencies
    - ACPI / scan: Use acpi_bus_get_status() to initialize ACPI_TYPE_DEVICE devs
    - MIPS: TXx9: use IS_BUILTIN() for CONFIG_LEDS_CLASS
    - perf record: Fix period option handling
    - MIPS: Generic: Support GIC in EIC mode
    - perf evsel: Fix period/freq terms setup
    - xen-netfront: Fix race between device setup and open
    - xen/grant-table: Use put_page instead of free_page
    - bpf: sockmap, fix leaking maps with attached but not detached progs
    - RDS: IB: Fix null pointer issue
    - arm64: spinlock: Fix theoretical trylock() A-B-A with LSE atomics
    - proc: fix /proc/*/map_files lookup
    - PM / domains: Fix up domain-idle-states OF parsing
    - cifs: silence compiler warnings showing up with gcc-8.0.0
    - bcache: properly set task state in bch_writeback_thread()
    - bcache: fix for allocator and register thread race
    - bcache: fix for data collapse after re-attaching an attached device
    - bcache: return attach error when no cache set exist
    - cpufreq: intel_pstate: Enable HWP during system resume on CPU0
    - selftests/ftrace: Add some missing glob checks
    - rxrpc: Don't put crypto buffers on the stack
    - svcrdma: Fix Read chunk round-up
    - net: Extra '_get' in declaration of arch_get_platform_mac_address
    - tools/libbpf: handle issues with bpf ELF objects containing .eh_frames
    - SUNRPC: Don't call __UDPX_INC_STATS() from a preemptible context
    - net: stmmac: discard disabled flags in interrupt status register
    - bpf: fix rlimit in reuseport net selftest
    - ACPI / EC: Restore polling during noirq suspend/resume phases
    - PM / wakeirq: Fix unbalanced IRQ enable for wakeirq
    - vfs/proc/kcore, x86/mm/kcore: Fix SMAP fault when dumping vsyscall user page
    - powerpc/mm/hash64: Zero PGD pages on allocation
    - x86/platform/UV: Fix GAM Range Table entries less than 1GB
    - locking/qspinlock: Ensure node->count is updated before initialising node
    - powerpc/powernv: IMC fix out of bounds memory access at shutdown
    - perf test: Fix test trace+probe_libc_inet_pton.sh for s390x
    - irqchip/gic-v3: Ignore disabled ITS nodes
    - cpumask: Make for_each_cpu_wrap() available on UP as well
    - irqchip/gic-v3: Change pr_debug message to pr_devel
    - RDMA/core: Reduce poll batch for direct cq polling
    - alarmtimer: Init nanosleep alarm timer on stack
    - netfilter: x_tables: cap allocations at 512 mbyte
    - netfilter: x_tables: add counters allocation wrapper
    - netfilter: compat: prepare xt_compat_init_offsets to return errors
    - netfilter: compat: reject huge allocation requests
    - netfilter: x_tables: limit allocation requests for blob rule heads
    - perf: Fix sample_max_stack maximum check
    - perf: Return proper values for user stack errors
    - RDMA/mlx5: Fix NULL dereference while accessing XRC_TGT QPs
    - Revert "KVM: X86: Fix SMRAM accessing even if VM is shutdown"
    - mac80211_hwsim: fix use-after-free bug in hwsim_exit_net
    - btrfs: Fix race condition between delayed refs and blockgroup removal
    - mm,vmscan: Allow preallocating memory for register_shrinker().

* Bionic update: upstream stable patchset 2018-05-24 (LP: #1773233)
    - tty: make n_tty_read() always abort if hangup is in progress
    - cpufreq: CPPC: Use transition_delay_us depending transition_latency
    - ubifs: Check ubifs_wbuf_sync() return code
    - ubi: fastmap: Don't flush fastmap work on detach
    - ubi: Fix error for write access
    - ubi: Reject MLC NAND
    - mm/ksm.c: fix inconsistent accounting of zero pages
    - mm/hmm: hmm_pfns_bad() was accessing wrong struct
    - task_struct: only use anon struct under randstruct plugin
    - fs/reiserfs/journal.c: add missing resierfs_warning() arg
    - resource: fix integer overflow at reallocation
    - ipc/shm: fix use-after-free of shm file via remap_file_pages()
    - mm, slab: reschedule cache_reap() on the same CPU
    - usb: musb: gadget: misplaced out of bounds check
    - phy: allwinner: sun4i-usb: poll vbus changes on A23/A33 when driving VBUS
    - usb: gadget: udc: core: update usb_ep_queue() documentation
    - ARM64: dts: meson: reduce odroid-c2 eMMC maximum rate
    - KVM: arm/arm64: vgic-its: Fix potential overrun in vgic_copy_lpi_list
    - ARM: EXYNOS: Fix coupled CPU idle freeze on Exynos4210
    - arm: dts: mt7623: fix USB initialization fails on bananapi-r2
    - ARM: dts: at91: at91sam9g25: fix mux-mask pinctrl property
    - ARM: dts: exynos: Fix IOMMU support for GScaler devices on Exynos5250
    - ARM: dts: at91: sama5d4: fix pinctrl compatible string
    - spi: atmel: init FIFOs before spi enable
    - spi: Fix scatterlist elements size in spi_map_buf
    - spi: Fix unregistration of controller with fixed SPI bus number
    - media: atomisp_fops.c: disable atomisp_compat_ioctl32
    - media: vivid: check if the cec_adapter is valid
    - media: vsp1: Fix BRx conditional path in WPF
    - x86/xen: Delay get_cpu_cap until stack canary is established
    - regmap: Fix reversed bounds check in regmap_raw_write()
    - ACPI / video: Add quirk to force acpi-video backlight on Samsung 670Z5E
    - ACPI / hotplug / PCI: Check presence of slot itself in get_slot_status()
    - USB: gadget: f_midi: fixing a possible double-free in f_midi
    - USB:fix USB3 devices behind USB3 hubs not resuming at hibernate thaw
    - usb: dwc3: prevent setting PRTCAP to OTG from debugfs
    - usb: dwc3: pci: Properly cleanup resource
    - usb: dwc3: gadget: never call ->complete() from ->ep_queue()
    - cifs: fix memory leak in SMB2_open()
    - fix smb3-encryption breakage when CONFIG_DEBUG_SG=y
    - smb3: Fix root directory when server returns inode number of zero
    - HID: i2c-hid: fix size check and type usage
    - i2c: i801: Save register SMBSLVCMD value only once
    - i2c: i801: Restore configuration at shutdown
    - CIFS: refactor crypto shash/sdesc allocation&free
    - CIFS: add sha512 secmech
    - CIFS: fix sha512 check in cifs_crypto_secmech_release
    - powerpc/64s: Fix dt_cpu_ftrs to have restore_cpu clear unwanted LPCR bits
    - powerpc/64: Call H_REGISTER_PROC_TBL when running as a HPT guest on POWER9
    - powerpc/64: Fix smp_wmb barrier definition use use lwsync consistently
    - powerpc/kprobes: Fix call trace due to incorrect preempt count
    - powerpc/kexec_file: Fix error code when trying to load kdump kernel
    - powerpc/powernv: define a standard delay for OPAL_BUSY type retry loops
    - powerpc/powernv: Fix OPAL NVRAM driver OPAL_BUSY loops
    - HID: Fix hid_report_len usage
    - HID: core: Fix size as type u32
    - soc: mediatek: fix the mistaken pointer accessed when subdomains are added
    - ASoC: ssm2602: Replace reg_default_raw with reg_default
    - ASoC: topology: Fix kcontrol name string handling
    - irqchip/gic: Take lock when updating irq type
    - random: use a tighter cap in credit_entropy_bits_safe()
    - extcon: intel-cht-wc: Set direction and drv flags for V5 boost GPIO
    - block: use 32-bit blk_status_t on Alpha
    - jbd2: if the journal is aborted then don't allow update of the log tail
    - ext4: shutdown should not prevent get_write_access
    - ext4: eliminate sleep from shutdown ioctl
    - ext4: pass -ESHUTDOWN code to jbd2 layer
    - ext4: don't update checksum of new initialized bitmaps
    - ext4: protect i_disksize update by i_data_sem in direct write path
    - ext4: limit xattr size to INT_MAX
    - ext4: always initialize the crc32c checksum driver
    - ext4: don't allow r/w mounts if metadata blocks overlap the superblock
    - ext4: move call to ext4_error() into ext4_xattr_check_block()
    - ext4: add bounds checking to ext4_xattr_find_entry()
    - ext4: add extra checks to ext4_xattr_block_get()
    - dm crypt: limit the number of allocated pages
    - RDMA/ucma: Don't allow setting RDMA_OPTION_IB_PATH without an RDMA device
    - RDMA/mlx5: Protect from NULL pointer derefence
    - RDMA/rxe: Fix an out-of-bounds read
    - ALSA: pcm: Fix UAF at PCM release via PCM timer access
    - IB/srp: Fix srp_abort()
    - IB/srp: Fix completion vector assignment algorithm
    - dmaengine: at_xdmac: fix rare residue corruption
    - cxl: Fix possible deadlock when processing page faults from cxllib
    - tpm: self test failure should not cause suspend to fail
    - libnvdimm, dimm: fix dpa reservation vs uninitialized label area
    - libnvdimm, namespace: use a safe lookup for dimm device name
    - nfit, address-range-scrub: fix scrub in-progress reporting
    - nfit: skip region registration for incomplete control regions
    - ring-buffer: Check if memory is available before allocation
    - um: Compile with modern headers
    - um: Use POSIX ucontext_t instead of struct ucontext
    - iommu/vt-d: Fix a potential memory leak
    - mmc: jz4740: Fix race condition in IRQ mask update
    - mmc: tmio: Fix error handling when issuing CMD23
    - PCI: Mark Broadcom HT1100 and HT2000 Root Port Extended Tags as broken
    - clk: mvebu: armada-38x: add support for missing clocks
    - clk: fix false-positive Wmaybe-uninitialized warning
    - clk: mediatek: fix PWM clock source by adding a fixed-factor clock
    - clk: bcm2835: De-assert/assert PLL reset signal when appropriate
    - pwm: rcar: Fix a condition to prevent mismatch value setting to duty
    - thermal: imx: Fix race condition in imx_thermal_probe()
    - dt-bindings: clock: mediatek: add binding for fixed-factor clock axisel_d4
    - watchdog: f71808e_wdt: Fix WD_EN register read
    - ALSA: pcm: Use ERESTARTSYS instead of EINTR in OSS emulation
    - ALSA: pcm: Avoid potential races between OSS ioctls and read/write
    - ALSA: pcm: Return -EBUSY for OSS ioctls changing busy streams
    - ALSA: pcm: Fix mutex unbalance in OSS emulation ioctls
    - ALSA: pcm: Fix endless loop for XRUN recovery in OSS emulation
    - drm/amdgpu: Add an ATPX quirk for hybrid laptop
    - drm/amdgpu: Fix always_valid bos multiple LRU insertions.
    - drm/amdgpu/sdma: fix mask in emit_pipeline_sync
    - drm/amdgpu: Fix PCIe lane width calculation
    - drm/amdgpu/si: implement get/set pcie_lanes asic callback
    - drm/rockchip: Clear all interrupts before requesting the IRQ
    - drm/radeon: add PX quirk for Asus K73TK
    - drm/radeon: Fix PCIe lane width calculation
    - ALSA: line6: Use correct endpoint type for midi output
    - ALSA: rawmidi: Fix missing input substream checks in compat ioctls
    - ALSA: hda - New VIA controller suppor no-snoop path
    - random: fix crng_ready() test
    - random: use a different mixing algorithm for add_device_randomness()
    - random: crng_reseed() should lock the crng instance that it is modifying
    - random: add new ioctl RNDRESEEDCRNG
    - HID: input: fix battery level reporting on BT mice
    - HID: hidraw: Fix crash on HIDIOCGFEATURE with a destroyed device
    - HID: wacom: bluetooth: send exit report for recent Bluetooth devices
    - MIPS: uaccess: Add micromips clobbers to bzero invocation
    - MIPS: memset.S: EVA & fault support for small_memset
    - MIPS: memset.S: Fix return of __clear_user from Lpartial_fixup
    - MIPS: memset.S: Fix clobber of v1 in last_fixup
    - powerpc/eeh: Fix enabling bridge MMIO windows
    - powerpc/lib: Fix off-by-one in alternate feature patching
    - udf: Fix leak of UTF-16 surrogates into encoded strings
    - fanotify: fix logic of events on child
    - mmc: sdhci-pci: Only do AMD tuning for HS200
    - drm/i915: Correctly handle limited range YCbCr data on VLV/CHV
    - jffs2_kill_sb(): deal with failed allocations
    - hypfs_kill_super(): deal with failed allocations
    - orangefs_kill_sb(): deal with allocation failures
    - rpc_pipefs: fix double-dput()
    - Don't leak MNT_INTERNAL away from internal mounts
    - autofs: mount point create should honour passed in mode
    - mm/filemap.c: fix NULL pointer in page_cache_tree_insert()
    - Revert "media: lirc_zilog: driver only sends LIRCCODE"
    - media: staging: lirc_zilog: incorrect reference counting
    - writeback: safer lock nesting
    - Bluetooth: hci_bcm: Add irq_polarity module option
    - mm: hwpoison: disable memory error handling on 1GB hugepage
    - media: rc: oops in ir_timer_keyup after device unplug
    - acpi, nfit: rework NVDIMM leaf method detection
    - ceph: always update atime/mtime/ctime for new inode
    - ext4: fix offset overflow on 32-bit archs in ext4_iomap_begin()
    - ext4: force revalidation of directory pointer after seekdir(2)
    - RDMA/core: Avoid that ib_drain_qp() triggers an out-of-bounds stack access
    - xprtrdma: Fix latency regression on NUMA NFS/RDMA clients
    - xprtrdma: Fix corner cases when handling device removal
    - IB/srpt: Fix an out-of-bounds stack access in srpt_zerolength_write()
    - drivers/infiniband/core/verbs.c: fix build with gcc-4.4.4
    - drivers/infiniband/ulp/srpt/ib_srpt.c: fix build with gcc-4.4.4
    - mmc: core: Prevent bus reference leak in mmc_blk_init()
    - drm/amd/display: HDMI has no sound after Panel power off/on
    - trace_uprobe: Use %lx to display offset
    - clk: tegra: Mark HCLK, SCLK and EMC as critical
    - pwm: mediatek: Fix up PWM4 and PWM5 malfunction on MT7623
    - pwm: mediatek: Improve precision in rate calculation
    - HID: i2c-hid: Fix resume issue on Raydium touchscreen device
    - s390: add support for IBM z14 Model ZR1
    - drm/i915: Fix hibernation with ACPI S0 target state
    - libnvdimm, dimm: handle EACCES failures from label reads
    - device-dax: allow MAP_SYNC to succeed
    - HID: i2c-hid: fix inverted return value from i2c_hid_command()

* CVE-2018-7755
    - SAUCE: floppy: Do not copy a kernel pointer to user memory in FDGETPRM ioctl

-- Kleber Sacilotto de Souza <kleber.souza@canonical.com>  Tue, 12 Jun 2018 18:09:35 +0200

Changed in linux (Ubuntu Bionic):
status:	Fix Committed → Fix Released

Revision history for this message

Launchpad Janitor (janitor) wrote on 2018-07-26:

Download full text (4.1 KiB)

This bug was fixed in the package linux - 4.15.0-29.31

---------------
linux (4.15.0-29.31) bionic; urgency=medium

* linux: 4.15.0-29.31 -proposed tracker (LP: #1782173)

  * [SRU Bionic][Cosmic] kernel panic in ipmi_ssif at msg_done_handler
    (LP: #1777716)
    - ipmi_ssif: Fix kernel panic at msg_done_handler

  * Update to ocxl driver for 18.04.1 (LP: #1775786)
    - misc: ocxl: use put_device() instead of device_unregister()
    - powerpc: Add TIDR CPU feature for POWER9
    - powerpc: Use TIDR CPU feature to control TIDR allocation
    - powerpc: use task_pid_nr() for TID allocation
    - ocxl: Rename pnv_ocxl_spa_remove_pe to clarify it's action
    - ocxl: Expose the thread_id needed for wait on POWER9
    - ocxl: Add an IOCTL so userspace knows what OCXL features are available
    - ocxl: Document new OCXL IOCTLs
    - ocxl: Fix missing unlock on error in afu_ioctl_enable_p9_wait()

  * Critical upstream bugfix missing in Ubuntu 18.04 - frequent Xorg crash after
    suspend (LP: #1776887)
    - ocxl: Document the OCXL_IOCTL_GET_METADATA IOCTL

  * Hard LOCKUP observed on stressing Ubuntu 18 04 (LP: #1777194)
    - powerpc: use NMI IPI for smp_send_stop
    - powerpc: Fix smp_send_stop NMI IPI handling

  * IPL: ppc64_cpu --frequency hang with INFO: rcu_sched detected stalls on
    CPUs/tasks on w34 and wsbmc016 with 920.1714.20170330n (LP: #1773964)
    - rtc: opal: Fix OPAL RTC driver OPAL_BUSY loops

  * [Regression] EXT4-fs error (device sda2): ext4_validate_block_bitmap:383:
    comm stress-ng: bg 4705: bad block bitmap checksum (LP: #1781709)
    - SAUCE: Revert "UBUNTU: SAUCE: ext4: fix ext4_validate_inode_bitmap: comm
      stress-ng: Corrupt inode bitmap"
    - SAUCE: ext4: check for allocation block validity with block group locked

linux (4.15.0-28.30) bionic; urgency=medium

* linux: 4.15.0-28.30 -proposed tracker (LP: #1781433)

  * Cannot set MTU higher than 1500 in Xen instance (LP: #1781413)
    - xen-netfront: Fix mismatched rtnl_unlock
    - xen-netfront: Update features after registering netdev

linux (4.15.0-27.29) bionic; urgency=medium

* linux: 4.15.0-27.29 -proposed tracker (LP: #1781062)

  * [Regression] EXT4-fs error (device sda1): ext4_validate_inode_bitmap:99:
    comm stress-ng: Corrupt inode bitmap (LP: #1780137)
    - SAUCE: ext4: fix ext4_validate_inode_bitmap: comm stress-ng: Corrupt inode
      bitmap

linux (4.15.0-26.28) bionic; urgency=medium

* linux: 4.15.0-26.28 -proposed tracker (LP: #1780112)

  * failure to boot with linux-image-4.15.0-24-generic (LP: #1779827) // Cloud-
    init causes potentially huge boot delays with 4.15 kernels (LP: #1780062)
    - random: Make getrandom() ready earlier

linux (4.15.0-25.27) bionic; urgency=medium

* linux: 4.15.0-25.27 -proposed tracker (LP: #1779354)

* hisi_sas_v3_hw: internal task abort: timeout and not done. (LP: #1777736)
- scsi: hisi_sas: Update a couple of register settings for v3 hw

* hisi_sas: Add missing PHY spinlock init (LP: #1777734)
- scsi: hisi_sas: Add missing PHY spinlock init

  * hisi_sas: improve read performance by pre-allocating slot DMA buffers
    (LP: #1777727)
    - scsi: hisi_sas: use dma_zalloc_cohe...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.

Ubuntulinux package