Cosmic update to v4.18.7 stable release
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
linux (Ubuntu) |
Fix Released
|
Medium
|
Seth Forshee |
Bug Description
SRU Justification
Impact:
The upstream process for stable tree updates is quite similar
in scope to the Ubuntu SRU process, e.g., each patch has to
demonstrably fix a bug, and each patch is vetted by upstream
by originating either directly from a mainline/stable Linux tree or
a minimally backported form of that patch. The v4.18.7 upstream stable
patch set is now available. It should be included in the Ubuntu
kernel as well.
TEST CASE: TBD
The following patches from the v4.18.7 stable release shall be applied:
rcu: Make expedited GPs handle CPU 0 being offline
net: 6lowpan: fix reserved space for single frames
net: mac802154: tx: expand tailroom if necessary
9p/net: Fix zero-copy path in the 9p virtio transport
spi: davinci: fix a NULL pointer dereference
spi: pxa2xx: Add support for Intel Ice Lake
spi: spi-fsl-dspi: Fix imprecise abort on VF500 during probe
spi: cadence: Change usleep_range() to udelay(), for atomic context
mmc: block: Fix unsupported parallel dispatch of requests
mmc: renesas_
mmc: renesas_
readahead: stricter check for bdi io_pages
block: fix infinite loop if the device loses discard capability
block: blk_init_
block: really disable runtime-pm for blk-mq
blkcg: Introduce blkg_root_lookup()
block: Introduce blk_exit_queue()
block: Ensure that a request queue is dissociated from the cgroup controller
apparmor: fix bad debug check in apparmor_
dma-buf: Move BUG_ON from _add_shared_fence to _add_shared_inplace
libertas: fix suspend and resume for SDIO connected cards
media: Revert "[media] tvp5150: fix pad format frame height"
mailbox: xgene-slimpro: Fix potential NULL pointer dereference
Replace magic for trusting the secondary keyring with #define
Fix kexec forbidding kernels signed with keys in the secondary keyring to boot
powerpc/fadump: handle crash memory ranges array index overflow
powerpc/64s: Fix page table fragment refcount race vs speculative references
powerpc/pseries: Fix endianness while restoring of r3 in MCE handler.
powerpc/pkeys: Give all threads control of their key permissions
powerpc/pkeys: Deny read/write/execute by default
powerpc/pkeys: key allocation/
powerpc/pkeys: Save the pkey registers before fork
powerpc/pkeys: Fix calculation of total pkeys.
powerpc/pkeys: Preallocate execute-only key
powerpc/nohash: fix pte_access_
powerpc64/ftrace: Include ftrace.h needed for enable/disable calls
powerpc/
cxl: Fix wrong comparison in cxl_adapter_
IB/mlx5: Honor cnt_set_id_valid flag instead of set_id
IB/mlx5: Fix leaking stack memory to userspace
IB/srpt: Fix srpt_cm_req_recv() error path (1/2)
IB/srpt: Fix srpt_cm_req_recv() error path (2/2)
IB/srpt: Support HCAs with more than two ports
overflow.h: Add arithmetic shift helper
RDMA/mlx5: Fix shift overflow in mlx5_ib_create_wq
ib_srpt: Fix a use-after-free in srpt_close_ch()
ib_srpt: Fix a use-after-free in __srpt_
RDMA/rxe: Set wqe->status correctly if an unexpected response is received
9p: fix multiple NULL-pointer-
fs/9p/xattr.c: catch the error of p9_client_clunk when setting xattr failed
9p/virtio: fix off-by-one error in sg list bounds check
net/9p/client.c: version pointer uninitialized
net/9p/trans_fd.c: fix race-condition by flushing workqueue before the kfree()
dm integrity: change 'suspending' variable from bool to int
dm thin: stop no_space_timeout worker when switching to write-mode
dm cache metadata: save in-core policy_hint_size to on-disk superblock
dm cache metadata: set dirty on all cache blocks after a crash
dm crypt: don't decrease device limits
dm writecache: fix a crash due to reading past end of dirty_bitmap
uart: fix race between uart_put_char() and uart_shutdown()
Drivers: hv: vmbus: Fix the offer_in_progress in vmbus_process_
Drivers: hv: vmbus: Reset the channel callback in vmbus_onoffer_
iio: sca3000: Fix missing return in switch
iio: ad9523: Fix displayed phase
iio: ad9523: Fix return value for ad952x_store()
extcon: Release locking when sending the notification of connector state
eventpoll.h: wrap casts in () properly
vmw_balloon: fix inflation of 64-bit GFNs
vmw_balloon: do not use 2MB without batching
vmw_balloon: VMCI_DOORBELL_SET does not check status
vmw_balloon: fix VMCI use when balloon built into kernel
rtc: omap: fix resource leak in registration error path
rtc: omap: fix potential crash on power off
tracing: Do not call start/stop() functions when tracing_on does not change
tracing/blktrace: Fix to allow setting same value
printk/tracing: Do not trace printk_nmi_enter()
livepatch: Validate module/old func name length
uprobes: Use synchronize_rcu() not synchronize_sched()
mfd: hi655x: Fix regmap area declared size for hi655x
ovl: fix wrong use of impure dir cache in ovl_iterate()
ACPICA: AML Parser: skip opcodes that open a scope upon parse failure
ACPICA: Clear status of all events when entering sleep states
drivers/
sched: idle: Avoid retaining the tick when it has been stopped
cpuidle: menu: Handle stopped tick more aggressively
cpufreq: governor: Avoid accessing invalid governor_data
PM / sleep: wakeup: Fix build error caused by missing SRCU support
ALSA: ac97: fix device initialization in the compat layer
ALSA: ac97: fix check of pm_runtime_get_sync failure
ALSA: ac97: fix unbalanced pm_runtime_enable
i2c: designware: Re-init controllers with pm_disabled set on resume
KVM: VMX: fixes for vmentry_l1d_flush module parameter
KVM: PPC: Book3S: Fix guest DMA when guest partially backed by THP pages
xtensa: limit offsets in __loop_
xtensa: increase ranges in ___invalidate_
block, bfq: return nbytes and not zero from struct cftype .write() method
pnfs/blocklayout: off by one in bl_map_stripe()
nfsd: fix leaked file lock with nfs exported overlayfs
NFSv4 client live hangs after live data migration recovery
NFSv4: Fix locking in pnfs_generic_
NFSv4: Fix a sleep in atomic context in nfs4_callback_
ARM: tegra: Fix Tegra30 Cardhu PCA954x reset
ARM: dts: am57xx-idk: Enable dual role for USB2 port
pwm: omap-dmtimer: Return -EPROBE_DEFER if no dmtimer platform data
mm/tlb: Remove tlb_remove_table() non-concurrent condition
iommu/ipmmu-vmsa: Don't register as BUS IOMMU if machine doesn't have IPMMU-VMSA
iommu/vt-d: Add definitions for PFSID
iommu/vt-d: Fix dev iotlb pfsid use
sys: don't hold uts_sem while accessing userspace memory
userns: move user access out of the mutex
ubifs: Fix memory leak in lprobs self-check
Revert "UBIFS: Fix potential integer overflow in allocation"
ubifs: Check data node size before truncate
ubifs: xattr: Don't operate on deleted inodes
ubifs: Fix directory size calculation for symlinks
ubifs: Fix synced_i_size calculation for xattr inodes
pwm: tiehrpwm: Don't use emulation mode bits to control PWM output
pwm: tiehrpwm: Fix disabling of output of PWMs
fb: fix lost console when the user unplugs a USB adapter
udlfb: fix semaphore value leak
udlfb: fix display corruption of the last line
udlfb: don't switch if we are switching to the same videomode
udlfb: set optimal write delay
udlfb: make a local copy of fb_ops
udlfb: handle allocation failure
udlfb: set line_length in dlfb_ops_set_par
getxattr: use correct xattr length
libnvdimm: Use max contiguous area for namespace size
libnvdimm: fix ars_status output length calculation
bcache: release dc->writeback_lock properly in bch_writeback_
kconfig: fix "Can't open ..." in parallel build
perf auxtrace: Fix queue resize
crypto: vmx - Fix sleep-in-atomic bugs
crypto: aesni - Use unaligned loads from gcm_context_data
crypto: arm64/sm4-ce - check for the right CPU feature bit
crypto: caam - fix DMA mapping direction for RSA forms 2 & 3
crypto: caam/jr - fix descriptor DMA unmapping
crypto: caam/qi - fix error path in xts setkey
fs/quota: Fix spectre gadget in do_quotactl
udf: Fix mounting of Win7 created UDF filesystems
cpuidle: menu: Retain tick when shallow state is selected
arm64: mm: always enable CONFIG_
Linux 4.18.7
The following patches from the v4.18.7 stable release had already been applied:
ocxl: Fix page fault handler in case of fault on dying process
cap_inode_
mm, dev_pagemap: Do not clear ->mapping on final put
CVE References
tags: | added: kernel-stable-tracking-bug |
Changed in linux (Ubuntu): | |
assignee: | nobody → Seth Forshee (sforshee) |
importance: | Undecided → Medium |
status: | New → In Progress |
description: | updated |
description: | updated |
Changed in linux (Ubuntu): | |
status: | In Progress → Fix Committed |
tags: | added: cscc |
This bug was fixed in the package linux - 4.18.0-8.9
---------------
linux (4.18.0-8.9) cosmic; urgency=medium
* linux: 4.18.0-8.9 -proposed tracker (LP: #1791663)
* Cosmic update to v4.18.7 stable release (LP: #1791660) sdhi_internal_ dmac: mask DMAC interrupts sdhi_internal_ dmac: fix #define RST_RESERVED_BITS allocated_ queue() set q->fq as NULL in the fail case secid_to_ secctx( ) deallocation must not change pkey registers permitted( ) powernv/ pci: Work around races in PCI bridge enabling context_ get() close_all_ ch()
- rcu: Make expedited GPs handle CPU 0 being offline
- net: 6lowpan: fix reserved space for single frames
- net: mac802154: tx: expand tailroom if necessary
- 9p/net: Fix zero-copy path in the 9p virtio transport
- spi: davinci: fix a NULL pointer dereference
- spi: pxa2xx: Add support for Intel Ice Lake
- spi: spi-fsl-dspi: Fix imprecise abort on VF500 during probe
- spi: cadence: Change usleep_range() to udelay(), for atomic context
- mmc: block: Fix unsupported parallel dispatch of requests
- mmc: renesas_
- mmc: renesas_
- readahead: stricter check for bdi io_pages
- block: fix infinite loop if the device loses discard capability
- block: blk_init_
- block: really disable runtime-pm for blk-mq
- blkcg: Introduce blkg_root_lookup()
- block: Introduce blk_exit_queue()
- block: Ensure that a request queue is dissociated from the cgroup controller
- apparmor: fix bad debug check in apparmor_
- dma-buf: Move BUG_ON from _add_shared_fence to _add_shared_inplace
- libertas: fix suspend and resume for SDIO connected cards
- media: Revert "[media] tvp5150: fix pad format frame height"
- mailbox: xgene-slimpro: Fix potential NULL pointer dereference
- Replace magic for trusting the secondary keyring with #define
- Fix kexec forbidding kernels signed with keys in the secondary keyring to
boot
- powerpc/fadump: handle crash memory ranges array index overflow
- powerpc/64s: Fix page table fragment refcount race vs speculative references
- powerpc/pseries: Fix endianness while restoring of r3 in MCE handler.
- powerpc/pkeys: Give all threads control of their key permissions
- powerpc/pkeys: Deny read/write/execute by default
- powerpc/pkeys: key allocation/
- powerpc/pkeys: Save the pkey registers before fork
- powerpc/pkeys: Fix calculation of total pkeys.
- powerpc/pkeys: Preallocate execute-only key
- powerpc/nohash: fix pte_access_
- powerpc64/ftrace: Include ftrace.h needed for enable/disable calls
- powerpc/
- cxl: Fix wrong comparison in cxl_adapter_
- IB/mlx5: Honor cnt_set_id_valid flag instead of set_id
- IB/mlx5: Fix leaking stack memory to userspace
- IB/srpt: Fix srpt_cm_req_recv() error path (1/2)
- IB/srpt: Fix srpt_cm_req_recv() error path (2/2)
- IB/srpt: Support HCAs with more than two ports
- overflow.h: Add arithmetic shift helper
- RDMA/mlx5: Fix shift overflow in mlx5_ib_create_wq
- ib_srpt: Fix a use-after-free in srpt_close_ch()
- ib_srpt: Fix a use-after-free in __srpt_
- RDMA/rxe: Set wqe->status correctly if an unexpected...