Ubuntu
linux package

Cosmic update to v4.18.7 stable release

Bug #1791660 reported by Seth Forshee on 2018-09-10

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	linux (Ubuntu)	Fix Released	Medium	Seth Forshee

Bug Description

SRU Justification

    Impact:
       The upstream process for stable tree updates is quite similar
       in scope to the Ubuntu SRU process, e.g., each patch has to
       demonstrably fix a bug, and each patch is vetted by upstream
       by originating either directly from a mainline/stable Linux tree or
       a minimally backported form of that patch. The v4.18.7 upstream stable
       patch set is now available. It should be included in the Ubuntu
       kernel as well.

git://git.kernel.org/

TEST CASE: TBD

The following patches from the v4.18.7 stable release shall be applied:

rcu: Make expedited GPs handle CPU 0 being offline
net: 6lowpan: fix reserved space for single frames
net: mac802154: tx: expand tailroom if necessary
9p/net: Fix zero-copy path in the 9p virtio transport
spi: davinci: fix a NULL pointer dereference
spi: pxa2xx: Add support for Intel Ice Lake
spi: spi-fsl-dspi: Fix imprecise abort on VF500 during probe
spi: cadence: Change usleep_range() to udelay(), for atomic context
mmc: block: Fix unsupported parallel dispatch of requests
mmc: renesas_sdhi_internal_dmac: mask DMAC interrupts
mmc: renesas_sdhi_internal_dmac: fix #define RST_RESERVED_BITS
readahead: stricter check for bdi io_pages
block: fix infinite loop if the device loses discard capability
block: blk_init_allocated_queue() set q->fq as NULL in the fail case
block: really disable runtime-pm for blk-mq
blkcg: Introduce blkg_root_lookup()
block: Introduce blk_exit_queue()
block: Ensure that a request queue is dissociated from the cgroup controller
apparmor: fix bad debug check in apparmor_secid_to_secctx()
dma-buf: Move BUG_ON from _add_shared_fence to _add_shared_inplace
libertas: fix suspend and resume for SDIO connected cards
media: Revert "[media] tvp5150: fix pad format frame height"
mailbox: xgene-slimpro: Fix potential NULL pointer dereference
Replace magic for trusting the secondary keyring with #define
Fix kexec forbidding kernels signed with keys in the secondary keyring to boot
powerpc/fadump: handle crash memory ranges array index overflow
powerpc/64s: Fix page table fragment refcount race vs speculative references
powerpc/pseries: Fix endianness while restoring of r3 in MCE handler.
powerpc/pkeys: Give all threads control of their key permissions
powerpc/pkeys: Deny read/write/execute by default
powerpc/pkeys: key allocation/deallocation must not change pkey registers
powerpc/pkeys: Save the pkey registers before fork
powerpc/pkeys: Fix calculation of total pkeys.
powerpc/pkeys: Preallocate execute-only key
powerpc/nohash: fix pte_access_permitted()
powerpc64/ftrace: Include ftrace.h needed for enable/disable calls
powerpc/powernv/pci: Work around races in PCI bridge enabling
cxl: Fix wrong comparison in cxl_adapter_context_get()
IB/mlx5: Honor cnt_set_id_valid flag instead of set_id
IB/mlx5: Fix leaking stack memory to userspace
IB/srpt: Fix srpt_cm_req_recv() error path (1/2)
IB/srpt: Fix srpt_cm_req_recv() error path (2/2)
IB/srpt: Support HCAs with more than two ports
overflow.h: Add arithmetic shift helper
RDMA/mlx5: Fix shift overflow in mlx5_ib_create_wq
ib_srpt: Fix a use-after-free in srpt_close_ch()
ib_srpt: Fix a use-after-free in __srpt_close_all_ch()
RDMA/rxe: Set wqe->status correctly if an unexpected response is received
9p: fix multiple NULL-pointer-dereferences
fs/9p/xattr.c: catch the error of p9_client_clunk when setting xattr failed
9p/virtio: fix off-by-one error in sg list bounds check
net/9p/client.c: version pointer uninitialized
net/9p/trans_fd.c: fix race-condition by flushing workqueue before the kfree()
dm integrity: change 'suspending' variable from bool to int
dm thin: stop no_space_timeout worker when switching to write-mode
dm cache metadata: save in-core policy_hint_size to on-disk superblock
dm cache metadata: set dirty on all cache blocks after a crash
dm crypt: don't decrease device limits
dm writecache: fix a crash due to reading past end of dirty_bitmap
uart: fix race between uart_put_char() and uart_shutdown()
Drivers: hv: vmbus: Fix the offer_in_progress in vmbus_process_offer()
Drivers: hv: vmbus: Reset the channel callback in vmbus_onoffer_rescind()
iio: sca3000: Fix missing return in switch
iio: ad9523: Fix displayed phase
iio: ad9523: Fix return value for ad952x_store()
extcon: Release locking when sending the notification of connector state
eventpoll.h: wrap casts in () properly
vmw_balloon: fix inflation of 64-bit GFNs
vmw_balloon: do not use 2MB without batching
vmw_balloon: VMCI_DOORBELL_SET does not check status
vmw_balloon: fix VMCI use when balloon built into kernel
rtc: omap: fix resource leak in registration error path
rtc: omap: fix potential crash on power off
tracing: Do not call start/stop() functions when tracing_on does not change
tracing/blktrace: Fix to allow setting same value
printk/tracing: Do not trace printk_nmi_enter()
livepatch: Validate module/old func name length
uprobes: Use synchronize_rcu() not synchronize_sched()
mfd: hi655x: Fix regmap area declared size for hi655x
ovl: fix wrong use of impure dir cache in ovl_iterate()
ACPICA: AML Parser: skip opcodes that open a scope upon parse failure
ACPICA: Clear status of all events when entering sleep states
drivers/block/zram/zram_drv.c: fix bug storing backing_dev
sched: idle: Avoid retaining the tick when it has been stopped
cpuidle: menu: Handle stopped tick more aggressively
cpufreq: governor: Avoid accessing invalid governor_data
PM / sleep: wakeup: Fix build error caused by missing SRCU support
ALSA: ac97: fix device initialization in the compat layer
ALSA: ac97: fix check of pm_runtime_get_sync failure
ALSA: ac97: fix unbalanced pm_runtime_enable
i2c: designware: Re-init controllers with pm_disabled set on resume
KVM: VMX: fixes for vmentry_l1d_flush module parameter
KVM: PPC: Book3S: Fix guest DMA when guest partially backed by THP pages
xtensa: limit offsets in __loop_cache_{all,page}
xtensa: increase ranges in ___invalidate_{i,d}cache_all
block, bfq: return nbytes and not zero from struct cftype .write() method
pnfs/blocklayout: off by one in bl_map_stripe()
nfsd: fix leaked file lock with nfs exported overlayfs
NFSv4 client live hangs after live data migration recovery
NFSv4: Fix locking in pnfs_generic_recover_commit_reqs
NFSv4: Fix a sleep in atomic context in nfs4_callback_sequence()
ARM: tegra: Fix Tegra30 Cardhu PCA954x reset
ARM: dts: am57xx-idk: Enable dual role for USB2 port
pwm: omap-dmtimer: Return -EPROBE_DEFER if no dmtimer platform data
mm/tlb: Remove tlb_remove_table() non-concurrent condition
iommu/ipmmu-vmsa: Don't register as BUS IOMMU if machine doesn't have IPMMU-VMSA
iommu/vt-d: Add definitions for PFSID
iommu/vt-d: Fix dev iotlb pfsid use
sys: don't hold uts_sem while accessing userspace memory
userns: move user access out of the mutex
ubifs: Fix memory leak in lprobs self-check
Revert "UBIFS: Fix potential integer overflow in allocation"
ubifs: Check data node size before truncate
ubifs: xattr: Don't operate on deleted inodes
ubifs: Fix directory size calculation for symlinks
ubifs: Fix synced_i_size calculation for xattr inodes
pwm: tiehrpwm: Don't use emulation mode bits to control PWM output
pwm: tiehrpwm: Fix disabling of output of PWMs
fb: fix lost console when the user unplugs a USB adapter
udlfb: fix semaphore value leak
udlfb: fix display corruption of the last line
udlfb: don't switch if we are switching to the same videomode
udlfb: set optimal write delay
udlfb: make a local copy of fb_ops
udlfb: handle allocation failure
udlfb: set line_length in dlfb_ops_set_par
getxattr: use correct xattr length
libnvdimm: Use max contiguous area for namespace size
libnvdimm: fix ars_status output length calculation
bcache: release dc->writeback_lock properly in bch_writeback_thread()
kconfig: fix "Can't open ..." in parallel build
perf auxtrace: Fix queue resize
crypto: vmx - Fix sleep-in-atomic bugs
crypto: aesni - Use unaligned loads from gcm_context_data
crypto: arm64/sm4-ce - check for the right CPU feature bit
crypto: caam - fix DMA mapping direction for RSA forms 2 & 3
crypto: caam/jr - fix descriptor DMA unmapping
crypto: caam/qi - fix error path in xts setkey
fs/quota: Fix spectre gadget in do_quotactl
udf: Fix mounting of Win7 created UDF filesystems
cpuidle: menu: Retain tick when shallow state is selected
arm64: mm: always enable CONFIG_HOLES_IN_ZONE
Linux 4.18.7

The following patches from the v4.18.7 stable release had already been applied:

ocxl: Fix page fault handler in case of fault on dying process
cap_inode_getsecurity: use d_find_any_alias() instead of d_find_alias()
mm, dev_pagemap: Do not clear ->mapping on final put

See original description

Tags:

CVE References

2017-5715

Seth Forshee (sforshee) on 2018-09-10

tags:	added: kernel-stable-tracking-bug
Changed in linux (Ubuntu):
assignee:	nobody → Seth Forshee (sforshee)
importance:	Undecided → Medium
status:	New → In Progress
description:	updated
description:	updated

Seth Forshee (sforshee) on 2018-09-10

Changed in linux (Ubuntu):
status:	In Progress → Fix Committed

Revision history for this message

Launchpad Janitor (janitor) wrote on 2018-10-01:

Download full text (29.0 KiB)

This bug was fixed in the package linux - 4.18.0-8.9

---------------
linux (4.18.0-8.9) cosmic; urgency=medium

* linux: 4.18.0-8.9 -proposed tracker (LP: #1791663)

This bug was fixed in the package linux - 4.18.0-8.9

---------------
linux (4.18.0-8.9) cosmic; urgency=medium

* linux: 4.18.0-8.9 -proposed tracker (LP: #1791663)

* Cosmic update to v4.18.7 stable release (LP: #1791660)
    - rcu: Make expedited GPs handle CPU 0 being offline
    - net: 6lowpan: fix reserved space for single frames
    - net: mac802154: tx: expand tailroom if necessary
    - 9p/net: Fix zero-copy path in the 9p virtio transport
    - spi: davinci: fix a NULL pointer dereference
    - spi: pxa2xx: Add support for Intel Ice Lake
    - spi: spi-fsl-dspi: Fix imprecise abort on VF500 during probe
    - spi: cadence: Change usleep_range() to udelay(), for atomic context
    - mmc: block: Fix unsupported parallel dispatch of requests
    - mmc: renesas_sdhi_internal_dmac: mask DMAC interrupts
    - mmc: renesas_sdhi_internal_dmac: fix #define RST_RESERVED_BITS
    - readahead: stricter check for bdi io_pages
    - block: fix infinite loop if the device loses discard capability
    - block: blk_init_allocated_queue() set q->fq as NULL in the fail case
    - block: really disable runtime-pm for blk-mq
    - blkcg: Introduce blkg_root_lookup()
    - block: Introduce blk_exit_queue()
    - block: Ensure that a request queue is dissociated from the cgroup controller
    - apparmor: fix bad debug check in apparmor_secid_to_secctx()
    - dma-buf: Move BUG_ON from _add_shared_fence to _add_shared_inplace
    - libertas: fix suspend and resume for SDIO connected cards
    - media: Revert "[media] tvp5150: fix pad format frame height"
    - mailbox: xgene-slimpro: Fix potential NULL pointer dereference
    - Replace magic for trusting the secondary keyring with #define
    - Fix kexec forbidding kernels signed with keys in the secondary keyring to
      boot
    - powerpc/fadump: handle crash memory ranges array index overflow
    - powerpc/64s: Fix page table fragment refcount race vs speculative references
    - powerpc/pseries: Fix endianness while restoring of r3 in MCE handler.
    - powerpc/pkeys: Give all threads control of their key permissions
    - powerpc/pkeys: Deny read/write/execute by default
    - powerpc/pkeys: key allocation/deallocation must not change pkey registers
    - powerpc/pkeys: Save the pkey registers before fork
    - powerpc/pkeys: Fix calculation of total pkeys.
    - powerpc/pkeys: Preallocate execute-only key
    - powerpc/nohash: fix pte_access_permitted()
    - powerpc64/ftrace: Include ftrace.h needed for enable/disable calls
    - powerpc/powernv/pci: Work around races in PCI bridge enabling
    - cxl: Fix wrong comparison in cxl_adapter_context_get()
    - IB/mlx5: Honor cnt_set_id_valid flag instead of set_id
    - IB/mlx5: Fix leaking stack memory to userspace
    - IB/srpt: Fix srpt_cm_req_recv() error path (1/2)
    - IB/srpt: Fix srpt_cm_req_recv() error path (2/2)
    - IB/srpt: Support HCAs with more than two ports
    - overflow.h: Add arithmetic shift helper
    - RDMA/mlx5: Fix shift overflow in mlx5_ib_create_wq
    - ib_srpt: Fix a use-after-free in srpt_close_ch()
    - ib_srpt: Fix a use-after-free in __srpt_close_all_ch()
    - RDMA/rxe: Set wqe->status correctly if an unexpected response is received
    - 9p: fix multiple NULL-pointer-dereferences
    - fs/9p/xattr.c: catch the error of p9_client_clunk when setting xattr failed
    - 9p/virtio: fix off-by-one error in sg list bounds check
    - net/9p/client.c: version pointer uninitialized
    - net/9p/trans_fd.c: fix race-condition by flushing workqueue before the
      kfree()
    - dm integrity: change 'suspending' variable from bool to int
    - dm thin: stop no_space_timeout worker when switching to write-mode
    - dm cache metadata: save in-core policy_hint_size to on-disk superblock
    - dm cache metadata: set dirty on all cache blocks after a crash
    - dm crypt: don't decrease device limits
    - dm writecache: fix a crash due to reading past end of dirty_bitmap
    - uart: fix race between uart_put_char() and uart_shutdown()
    - Drivers: hv: vmbus: Fix the offer_in_progress in vmbus_process_offer()
    - Drivers: hv: vmbus: Reset the channel callback in vmbus_onoffer_rescind()
    - iio: sca3000: Fix missing return in switch
    - iio: ad9523: Fix displayed phase
    - iio: ad9523: Fix return value for ad952x_store()
    - extcon: Release locking when sending the notification of connector state
    - eventpoll.h: wrap casts in () properly
    - vmw_balloon: fix inflation of 64-bit GFNs
    - vmw_balloon: do not use 2MB without batching
    - vmw_balloon: VMCI_DOORBELL_SET does not check status
    - vmw_balloon: fix VMCI use when balloon built into kernel
    - rtc: omap: fix resource leak in registration error path
    - rtc: omap: fix potential crash on power off
    - tracing: Do not call start/stop() functions when tracing_on does not change
    - tracing/blktrace: Fix to allow setting same value
    - printk/tracing: Do not trace printk_nmi_enter()
    - livepatch: Validate module/old func name length
    - uprobes: Use synchronize_rcu() not synchronize_sched()
    - mfd: hi655x: Fix regmap area declared size for hi655x
    - ovl: fix wrong use of impure dir cache in ovl_iterate()
    - ACPICA: AML Parser: skip opcodes that open a scope upon parse failure
    - ACPICA: Clear status of all events when entering sleep states
    - drivers/block/zram/zram_drv.c: fix bug storing backing_dev
    - sched: idle: Avoid retaining the tick when it has been stopped
    - cpuidle: menu: Handle stopped tick more aggressively
    - cpufreq: governor: Avoid accessing invalid governor_data
    - PM / sleep: wakeup: Fix build error caused by missing SRCU support
    - ALSA: ac97: fix device initialization in the compat layer
    - ALSA: ac97: fix check of pm_runtime_get_sync failure
    - ALSA: ac97: fix unbalanced pm_runtime_enable
    - i2c: designware: Re-init controllers with pm_disabled set on resume
    - KVM: VMX: fixes for vmentry_l1d_flush module parameter
    - KVM: PPC: Book3S: Fix guest DMA when guest partially backed by THP pages
    - xtensa: limit offsets in __loop_cache_{all,page}
    - xtensa: increase ranges in ___invalidate_{i,d}cache_all
    - block, bfq: return nbytes and not zero from struct cftype .write() method
    - pnfs/blocklayout: off by one in bl_map_stripe()
    - nfsd: fix leaked file lock with nfs exported overlayfs
    - NFSv4 client live hangs after live data migration recovery
    - NFSv4: Fix locking in pnfs_generic_recover_commit_reqs
    - NFSv4: Fix a sleep in atomic context in nfs4_callback_sequence()
    - ARM: tegra: Fix Tegra30 Cardhu PCA954x reset
    - ARM: dts: am57xx-idk: Enable dual role for USB2 port
    - pwm: omap-dmtimer: Return -EPROBE_DEFER if no dmtimer platform data
    - mm/tlb: Remove tlb_remove_table() non-concurrent condition
    - iommu/ipmmu-vmsa: Don't register as BUS IOMMU if machine doesn't have IPMMU-
      VMSA
    - iommu/vt-d: Add definitions for PFSID
    - iommu/vt-d: Fix dev iotlb pfsid use
    - sys: don't hold uts_sem while accessing userspace memory
    - userns: move user access out of the mutex
    - ubifs: Fix memory leak in lprobs self-check
    - Revert "UBIFS: Fix potential integer overflow in allocation"
    - ubifs: Check data node size before truncate
    - ubifs: xattr: Don't operate on deleted inodes
    - ubifs: Fix directory size calculation for symlinks
    - ubifs: Fix synced_i_size calculation for xattr inodes
    - pwm: tiehrpwm: Don't use emulation mode bits to control PWM output
    - pwm: tiehrpwm: Fix disabling of output of PWMs
    - fb: fix lost console when the user unplugs a USB adapter
    - udlfb: fix semaphore value leak
    - udlfb: fix display corruption of the last line
    - udlfb: don't switch if we are switching to the same videomode
    - udlfb: set optimal write delay
    - udlfb: make a local copy of fb_ops
    - udlfb: handle allocation failure
    - udlfb: set line_length in dlfb_ops_set_par
    - getxattr: use correct xattr length
    - libnvdimm: Use max contiguous area for namespace size
    - libnvdimm: fix ars_status output length calculation
    - bcache: release dc->writeback_lock properly in bch_writeback_thread()
    - kconfig: fix "Can't open ..." in parallel build
    - perf auxtrace: Fix queue resize
    - crypto: vmx - Fix sleep-in-atomic bugs
    - crypto: aesni - Use unaligned loads from gcm_context_data
    - crypto: arm64/sm4-ce - check for the right CPU feature bit
    - crypto: caam - fix DMA mapping direction for RSA forms 2 & 3
    - crypto: caam/jr - fix descriptor DMA unmapping
    - crypto: caam/qi - fix error path in xts setkey
    - fs/quota: Fix spectre gadget in do_quotactl
    - udf: Fix mounting of Win7 created UDF filesystems
    - cpuidle: menu: Retain tick when shallow state is selected
    - arm64: mm: always enable CONFIG_HOLES_IN_ZONE
    - Linux 4.18.7

* CVE-2017-5715
    - s390: detect etoken facility
    - KVM: s390: add etoken support for guests

* Missing Intel GPU pci-id's (LP: #1789924)
    - drm/i915/whl: Introducing Whiskey Lake platform
    - drm/i915/aml: Introducing Amber Lake platform
    - drm/i915/cfl: Add a new CFL PCI ID.

* [18.10 FEAT] Add kernel config options for SMC-R/D (LP: #1789934)
    - s390/ism: add device driver for internal shared memory
    - CONFIG_ISM=y for s390

* Cosmic update to v4.18.6 stable release (LP: #1791105)
    - PATCH scripts/kernel-doc
    - scripts/kernel-doc: Escape all literal braces in regexes
    - scsi: libsas: dynamically allocate and free ata host
    - xprtrdma: Fix disconnect regression
    - mei: don't update offset in write
    - cifs: add missing support for ACLs in SMB 3.11
    - CIFS: fix uninitialized ptr deref in smb2 signing
    - cifs: add missing debug entries for kconfig options
    - cifs: use a refcount to protect open/closing the cached file handle
    - cifs: check kmalloc before use
    - smb3: enumerating snapshots was leaving part of the data off end
    - smb3: Do not send SMB3 SET_INFO if nothing changed
    - smb3: don't request leases in symlink creation and query
    - smb3: fill in statfs fsid and correct namelen
    - btrfs: use correct compare function of dirty_metadata_bytes
    - btrfs: don't leak ret from do_chunk_alloc
    - Btrfs: fix mount failure after fsync due to hard link recreation
    - Btrfs: fix btrfs_write_inode vs delayed iput deadlock
    - Btrfs: fix send failure when root has deleted files still open
    - Btrfs: send, fix incorrect file layout after hole punching beyond eof
    - hwmon: (k10temp) 27C Offset needed for Threadripper2
    - bpf, arm32: fix stack var offset in jit
    - regulator: arizona-ldo1: Use correct device to get enable GPIO
    - iommu/arm-smmu: Error out only if not enough context interrupts
    - printk: Split the code for storing a message into the log buffer
    - printk: Create helper function to queue deferred console handling
    - printk/nmi: Prevent deadlock when accessing the main log buffer in NMI
    - kprobes/arm64: Fix %p uses in error messages
    - arm64: Fix mismatched cache line size detection
    - arm64: Handle mismatched cache type
    - arm64: mm: check for upper PAGE_SHIFT bits in pfn_valid()
    - arm64: dts: rockchip: corrected uart1 clock-names for rk3328
    - KVM: arm/arm64: Fix potential loss of ptimer interrupts
    - KVM: arm/arm64: Fix lost IRQs from emulated physcial timer when blocked
    - KVM: arm/arm64: Skip updating PMD entry if no change
    - KVM: arm/arm64: Skip updating PTE entry if no change
    - s390/kvm: fix deadlock when killed by oom
    - perf kvm: Fix subcommands on s390
    - stop_machine: Reflow cpu_stop_queue_two_works()
    - stop_machine: Atomically queue and wake stopper threads
    - ext4: check for NUL characters in extended attribute's name
    - ext4: use ext4_warning() for sb_getblk failure
    - ext4: sysfs: print ext4_super_block fields as little-endian
    - ext4: reset error code in ext4_find_entry in fallback
    - ext4: fix race when setting the bitmap corrupted flag
    - x86/gpu: reserve ICL's graphics stolen memory
    - platform/x86: wmi: Do not mix pages and kmalloc
    - platform/x86: ideapad-laptop: Apply no_hw_rfkill to Y20-15IKBM, too
    - mm: move tlb_table_flush to tlb_flush_mmu_free
    - mm/tlb, x86/mm: Support invalidating TLB caches for RCU_TABLE_FREE
    - x86/speculation/l1tf: Fix overflow in l1tf_pfn_limit() on 32bit
    - x86/speculation/l1tf: Fix off-by-one error when warning that system has too
      much RAM
    - x86/speculation/l1tf: Suggest what to do on systems with too much RAM
    - x86/vdso: Fix vDSO build if a retpoline is emitted
    - x86/process: Re-export start_thread()
    - KVM: x86: ensure all MSRs can always be KVM_GET/SET_MSR'd
    - KVM: x86: SVM: Call x86_spec_ctrl_set_guest/host() with interrupts disabled
    - fuse: Don't access pipe->buffers without pipe_lock()
    - fuse: fix initial parallel dirops
    - fuse: fix double request_end()
    - fuse: fix unlocked access to processing queue
    - fuse: umount should wait for all requests
    - fuse: Fix oops at process_init_reply()
    - fuse: Add missed unlock_page() to fuse_readpages_fill()
    - lib/vsprintf: Do not handle %pO[^F] as %px
    - udl-kms: change down_interruptible to down
    - udl-kms: handle allocation failure
    - udl-kms: fix crash due to uninitialized memory
    - udl-kms: avoid division
    - b43legacy/leds: Ensure NUL-termination of LED name string
    - b43/leds: Ensure NUL-termination of LED name string
    - ASoC: dpcm: don't merge format from invalid codec dai
    - ASoC: zte: Fix incorrect PCM format bit usages
    - ASoC: sirf: Fix potential NULL pointer dereference
    - ASoC: wm_adsp: Correct DSP pointer for preloader control
    - soc: qcom: rmtfs-mem: fix memleak in probe error paths
    - pinctrl: freescale: off by one in imx1_pinconf_group_dbg_show()
    - scsi: qla2xxx: Fix stalled relogin
    - x86/vdso: Fix lsl operand order
    - x86/nmi: Fix NMI uaccess race against CR3 switching
    - x86/irqflags: Mark native_restore_fl extern inline
    - x86/spectre: Add missing family 6 check to microcode check
    - x86/speculation/l1tf: Increase l1tf memory limit for Nehalem+
    - hwmon: (nct6775) Fix potential Spectre v1
    - x86/entry/64: Wipe KASAN stack shadow before rewind_stack_do_exit()
    - x86: Allow generating user-space headers without a compiler
    - s390/mm: fix addressing exception after suspend/resume
    - s390/lib: use expoline for all bcr instructions
    - s390: fix br_r1_trampoline for machines without exrl
    - s390/qdio: reset old sbal_state flags
    - s390/numa: move initial setup of node_to_cpumask_map
    - s390/purgatory: Fix crash with expoline enabled
    - s390/purgatory: Add missing FORCE to Makefile targets
    - kprobes: Show blacklist addresses as same as kallsyms does
    - kprobes: Replace %p with other pointer types
    - kprobes/arm: Fix %p uses in error messages
    - kprobes: Make list and blacklist root user read only
    - MIPS: Correct the 64-bit DSP accumulator register size
    - MIPS: memset.S: Fix byte_fixup for MIPSr6
    - MIPS: Always use -march=<arch>, not -<arch> shortcuts
    - MIPS: Change definition of cpu_relax() for Loongson-3
    - MIPS: lib: Provide MIPS64r6 __multi3() for GCC < 7
    - tpm: Return the actual size when receiving an unsupported command
    - tpm: separate cmd_ready/go_idle from runtime_pm
    - scsi: mpt3sas: Fix calltrace observed while running IO & reset
    - scsi: mpt3sas: Fix _transport_smp_handler() error path
    - scsi: sysfs: Introduce sysfs_{un,}break_active_protection()
    - scsi: core: Avoid that SCSI device removal through sysfs triggers a deadlock
    - iscsi target: fix session creation failure handling
    - mtd: rawnand: hynix: Use ->exec_op() in hynix_nand_reg_write_op()
    - mtd: rawnand: fsmc: Stop using chip->read_buf()
    - mtd: rawnand: marvell: add suspend and resume hooks
    - mtd: rawnand: qcom: wait for desc completion in all BAM channels
    - clk: rockchip: fix clk_i2sout parent selection bits on rk3399
    - clk: npcm7xx: fix memory allocation
    - PM / clk: signedness bug in of_pm_clk_add_clks()
    - power: generic-adc-battery: fix out-of-bounds write when copying channel
      properties
    - power: generic-adc-battery: check for duplicate properties copied from iio
      channels
    - watchdog: Mark watchdog touch functions as notrace
    - cdrom: Fix info leak/OOB read in cdrom_ioctl_drive_status
    - x86/dumpstack: Don't dump kernel memory based on usermode RIP
    - Linux 4.18.6
    - updateconfigs after v4.18.6 stable update

* random oopses on s390 systems using NVMe devices (LP: #1790480)
    - s390/pci: fix out of bounds access during irq setup

* [18.10 FEAT] zcrypt DD: introduce APQN tags to support deterministic driver
    binding (LP: #1784331)
    - s390/zcrypt: code beautify
    - s390/zcrypt: AP bus support for alternate driver(s)
    - s390/zcrypt: hex string mask improvements for apmask and aqmask.

* performance drop with ATS enabled (LP: #1788097)
    - powerpc/powernv: Fix concurrency issue with npu->mmio_atsd_usage

* Fix MCE handling for user access of poisoned device-dax mapping
    (LP: #1774366)
    - device-dax: Convert to vmf_insert_mixed and vm_fault_t
    - device-dax: Enable page_mapping()
    - device-dax: Set page->index
    - filesystem-dax: Set page->index
    - mm, madvise_inject_error: Disable MADV_SOFT_OFFLINE for ZONE_DEVICE pages
    - mm, dev_pagemap: Do not clear ->mapping on final put
    - mm, madvise_inject_error: Let memory_failure() optionally take a page
      reference
    - mm, memory_failure: Collect mapping size in collect_procs()
    - filesystem-dax: Introduce dax_lock_mapping_entry()
    - mm, memory_failure: Teach memory_failure() about dev_pagemap pages
    - x86/mm/pat: Prepare {reserve, free}_memtype() for "decoy" addresses
    - x86/memory_failure: Introduce {set, clear}_mce_nospec()
    - libnvdimm, pmem: Restore page attributes when clearing errors

* Reconcile hns3 SAUCE patches with upstream (LP: #1787477)
    - Revert "UBUNTU: SAUCE: {topost} net: hns3: fix comments for
      hclge_get_ring_chain_from_mbx"
    - Revert "UBUNTU: SAUCE: {topost} net: hns3: fix for using wrong mask and
      shift in hclge_get_ring_chain_from_mbx"
    - Revert "UBUNTU: SAUCE: {topost} net: hns3: fix for reset_level default
      assignment probelm"
    - Revert "UBUNTU: SAUCE: {topost} net: hns3: remove unnecessary ring
      configuration operation while resetting"
    - Revert "UBUNTU: SAUCE: {topost} net: hns3: fix return value error in
      hns3_reset_notify_down_enet"
    - Revert "UBUNTU: SAUCE: net: hns3: Fix for phy link issue when using marvell
      phy driver"
    - Revert "UBUNTU: SAUCE: {topost} net: hns3: separate roce from nic when
      resetting"
    - Revert "UBUNTU: SAUCE: {topost} net: hns3: correct reset event status
      register"
    - Revert "UBUNTU: SAUCE: {topost} net: hns3: prevent to request reset
      frequently"
    - Revert "UBUNTU: SAUCE: {topost} net: hns3: reset net device with rtnl_lock"
    - Revert "UBUNTU: SAUCE: {topost} net: hns3: modify the order of initializeing
      command queue register"
    - Revert "UBUNTU: SAUCE: {topost} net: hns3: prevent sending command during
      global or core reset"
    - Revert "UBUNTU: SAUCE: {topost} net: hns3: Use roce handle when calling roce
      callback function"
    - Revert "UBUNTU: SAUCE: {topost} net: hns3: remove the warning when clear
      reset cause"
    - Revert "UBUNTU: SAUCE: {topost} net: hns3: fix get_vector ops in
      hclgevf_main module"
    - Revert "UBUNTU: SAUCE: {topost} net: hns3: fix warning bug when doing lp
      selftest"
    - Revert "UBUNTU: SAUCE: {topost} net: hns3: Add configure for mac minimal
      frame size"
    - Revert "UBUNTU: SAUCE: {topost} net: hns3: fix for mailbox message truncated
      problem"
    - Revert "UBUNTU: SAUCE: {topost} net: hns3: fix for l4 checksum offload bug"
    - Revert "UBUNTU: SAUCE: {topost} net: hns3: fix for waterline not setting
      correctly"
    - Revert "UBUNTU: SAUCE: {topost} net: hns3: fix for mac pause not disable in
      pfc mode"
    - Revert "UBUNTU: SAUCE: {topost} net: hns3: fix tc setup when netdev is first
      up"
    - Revert "UBUNTU: SAUCE: {topost} net: hns3: Add calling roce callback
      function when link status change"
    - Revert "UBUNTU: SAUCE: {topost} net: hns3: optimize the process of notifying
      roce client"
    - Revert "UBUNTU: SAUCE: {topost} net: hns3: Add pf reset for hip08 RoCE"
    - Revert "UBUNTU: SAUCE: {topost} net: hns3: Add SPDX tags to hns3 driver"
    - Revert "UBUNTU: SAUCE: {topost} net: hns3: remove unused struct member and
      definition"
    - Revert "UBUNTU: SAUCE: {topost} net: hns3: fix mislead parameter name"
    - Revert "UBUNTU: SAUCE: {topost} net: hns3: modify inconsistent bit mask
      macros"
    - Revert "UBUNTU: SAUCE: {topost} net: hns3: use decimal for bit offset
      macros"
    - Revert "UBUNTU: SAUCE: {topost} net: hns3: fix unreasonable code comments"
    - Revert "UBUNTU: SAUCE: {topost} net: hns3: remove extra space and brackets"
    - Revert "UBUNTU: SAUCE: {topost} net: hns3: standardize the handle of return
      value"
    - Revert "UBUNTU: SAUCE: {topost} net: hns3: remove some redundant
      assignments"
    - Revert "UBUNTU: SAUCE: {topost} net: hns3: modify hnae_ to hnae3_"
    - Revert "UBUNTU: SAUCE: {topost} net: hns3: use dma_zalloc_coherent instead
      of kzalloc/dma_map_single"
    - Revert "UBUNTU: SAUCE: {topost} net: hns3: give default option while
      dependency HNS3 set"
    - Revert "UBUNTU: SAUCE: {topost} net: hns3: remove some unused members of
      some structures"
    - Revert "UBUNTU: SAUCE: {topost} net: hns3: remove a redundant
      hclge_cmd_csq_done"
    - Revert "UBUNTU: SAUCE: {topost} net: hns3: using modulo for cyclic counters
      in hclge_cmd_send"
    - Revert "UBUNTU: SAUCE: {topost} net: hns3: simplify hclge_cmd_csq_clean"
    - Revert "UBUNTU: SAUCE: {topost} net: hns3: remove some redundant
      assignments"
    - Revert "UBUNTU: SAUCE: {topost} net: hns3: remove useless code in
      hclge_cmd_send"
    - Revert "UBUNTU: SAUCE: {topost} net: hns3: remove unused
      hclge_ring_to_dma_dir"
    - Revert "UBUNTU: SAUCE: {topost} net: hns3: use lower_32_bits and
      upper_32_bits"
    - Revert "UBUNTU: SAUCE: {topost} net: hns3: remove back in struct hclge_hw"
    - Revert "UBUNTU: SAUCE: {topost} net: hns3: add unlikely for error check"
    - Revert "UBUNTU: SAUCE: {topost} net: hns3: remove the Redundant put_vector
      in hns3_client_uninit"
    - Revert "UBUNTU: SAUCE: {topost} net: hns3: print the ret value in error
      information"
    - Revert "UBUNTU: SAUCE: {topost} net: hns3: extraction an interface for state
      state init|uninit"
    - Revert "UBUNTU: SAUCE: {topost} net: hns3: remove unused head file in
      hnae3.c"
    - Revert "UBUNTU: SAUCE: {topost} net: hns3: add l4_type check for both ipv4
      and ipv6"
    - Revert "UBUNTU: SAUCE: {topost} net: hns3: add vector status check before
      free vector"
    - Revert "UBUNTU: SAUCE: {topost} net: hns3: rename the interface for
      init_client_instance and uninit_client_instance"
    - Revert "UBUNTU: SAUCE: {topost} net: hns3: remove hclge_get_vector_index
      from hclge_bind_ring_with_vector"
    - Revert "UBUNTU: SAUCE: {topost} net: hns3: RX BD information valid only in
      last BD except VLD bit and buffer size"
    - Revert "UBUNTU: SAUCE: {topost} net: hns3: add support for serdes loopback
      selftest"
    - net: hns3: Updates RX packet info fetch in case of multi BD
    - net: hns3: remove hclge_get_vector_index from hclge_bind_ring_with_vector
    - net: hns3: rename the interface for init_client_instance and
      uninit_client_instance
    - net: hns3: add vector status check before free vector
    - net: hns3: add l4_type check for both ipv4 and ipv6
    - net: hns3: add unlikely for error check
    - net: hns3: remove unused head file in hnae3.c
    - net: hns3: extraction an interface for state init|uninit
    - net: hns3: print the ret value in error information
    - net: hns3: remove the Redundant put_vector in hns3_client_uninit
    - net: hns3: remove back in struct hclge_hw
    - net: hns3: use lower_32_bits and upper_32_bits
    - net: hns3: remove unused hclge_ring_to_dma_dir
    - net: hns3: remove useless code in hclge_cmd_send
    - net: hns3: remove some redundant assignments
    - net: hns3: simplify hclge_cmd_csq_clean
    - net: hns3: remove a redundant hclge_cmd_csq_done
    - net: hns3: remove some unused members of some structures
    - net: hns3: give default option while dependency HNS3 set
    - net: hns3: use dma_zalloc_coherent instead of kzalloc/dma_map_single
    - net: hns3: modify hnae_ to hnae3_
    - net: hns3: Fix tc setup when netdev is first up
    - net: hns3: Fix for mac pause not disable in pfc mode
    - net: hns3: Fix for waterline not setting correctly
    - net: hns3: Fix for l4 checksum offload bug
    - net: hns3: Fix for mailbox message truncated problem
    - net: hns3: Add configure for mac minimal frame size
    - net: hns3: Fix warning bug when doing lp selftest
    - net: hns3: Fix get_vector ops in hclgevf_main module
    - net: hns3: Remove the warning when clear reset cause
    - net: hns3: Prevent sending command during global or core reset
    - net: hns3: Modify the order of initializing command queue register
    - net: hns3: Reset net device with rtnl_lock
    - net: hns3: Prevent to request reset frequently
    - net: hns3: Correct reset event status register
    - net: hns3: Fix return value error in hns3_reset_notify_down_enet
    - net: hns3: remove unnecessary ring configuration operation while resetting
    - net: hns3: Fix for reset_level default assignment probelm
    - net: hns3: Fix for using wrong mask and shift in
      hclge_get_ring_chain_from_mbx
    - net: hns3: Fix comments for hclge_get_ring_chain_from_mbx
    - net: hns3: Remove some redundant assignments
    - net: hns3: Standardize the handle of return value
    - net: hns3: Remove extra space and brackets
    - net: hns3: Correct unreasonable code comments
    - net: hns3: Use decimal for bit offset macros
    - net: hns3: Modify inconsistent bit mask macros
    - net: hns3: Fix misleading parameter name
    - net: hns3: Remove unused struct member and definition
    - net: hns3: Add SPDX tags to HNS3 PF driver
    - net: hns3: Add support for serdes loopback selftest
    - net: hns3: Fix for phy link issue when using marvell phy driver

* [Regression] kernel crashdump fails on arm64 (LP: #1786878)
    - arm64: export memblock_reserve()d regions via /proc/iomem
    - drivers: acpi: add dependency of EFI for arm64
    - efi/arm: preserve early mapping of UEFI memory map longer for BGRT
    - efi/arm: map UEFI memory map even w/o runtime services enabled
    - arm64: acpi: fix alignment fault in accessing ACPI
    - [Config] CONFIG_ARCH_SUPPORTS_ACPI=y
    - arm64: fix ACPI dependencies
    - ACPI: fix menuconfig presentation of ACPI submenu

* TB 16 issue on Dell Lattitude 7490 with large amount of data (LP: #1785780)
    - r8152: disable RX aggregation on new Dell TB16 dock

* Support Power Management for Thunderbolt Controller  (LP: #1789358)
    - thunderbolt: Use 64-bit DMA mask if supported by the platform
    - thunderbolt: Do not unnecessarily call ICM get route
    - thunderbolt: No need to take tb->lock in domain suspend/complete
    - thunderbolt: Use correct ICM commands in system suspend
    - thunderbolt: Add support for runtime PM

* Enable AMD PCIe MP2 for AMDI0011 (LP: #1773940)
    - SAUCE: i2c:amd I2C Driver based on PCI Interface for upcoming platform
    - SAUCE: i2c:amd move out pointer in union i2c_event_base
    - SAUCE: i2c:amd Depends on ACPI
    - [Config] i2c: CONFIG_I2C_AMD_MP2=y on x86

* Microphone cannot be detected with front panel audio combo jack on HP Z8-G4
    machine (LP: #1789145)
    - ALSA: hda/realtek - Fix HP Headset Mic can't record

* Please enable CONFIG_PAGE_POISONING (LP: #1783651)
    - [Config] Enable CONFIG_PAGE_POISONING configs

* Tango platform uses __initcall without further checks (LP: #1787945)
    - [Config] disable ARCH_TANGO

* [18.10 FEAT] SMC-Direct (LP: #1786902)
    - net/smc: determine port attributes independent from pnet table
    - net/smc: add pnetid support
    - net/smc: add base infrastructure for SMC-D and ISM
    - net/smc: add pnetid support for SMC-D and ISM
    - net/smc: add SMC-D support in CLC messages
    - net/smc: add SMC-D support in data transfer
    - net/smc: add SMC-D support in af_smc
    - net/smc: add SMC-D diag support
    - net/smc: provide smc mode in smc_diag.c
    - net/smc: eliminate cursor read and write calls
    - net/smc: add function to get link group from link
    - net/smc: use DECLARE_BITMAP for rtokens_used_mask
    - net/smc: remove local variable page in smc_rx_splice()
    - net/smc: Remove a WARN_ON() statement
    - net/smc: Simplify ib_post_(send|recv|srq_recv)() calls
    - net/smc: fewer parameters for smc_llc_send_confirm_link()
    - net/smc: use correct vlan gid of RoCE device
    - net/smc: provide fallback reason code
    - net/smc: improve delete link processing
    - net: simplify sock_poll_wait
    - net/smc: send response to test link signal

* Miscellaneous Ubuntu changes
    - [Config] update annotations for CONFIG_CRYPTO_SPECK_NEON
    - [Config] fix up annotatios for CONFIG_CRYPTO_SPECK

-- Seth Forshee <seth.forshee@canonical.com>  Mon, 10 Sep 2018 07:08:38 -0500

Changed in linux (Ubuntu):
status:	Fix Committed → Fix Released

Brad Figg (brad-figg) on 2019-07-24

tags:

added: cscc

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.

Ubuntulinux package