Bug #1840717 “hns3: ring buffer race leads can cause corruption” : Bugs : linux package : Ubuntu

dann frazier (dannf) on 2019-08-19

Changed in linux (Ubuntu Bionic):
status:	New → In Progress
assignee:	nobody → dann frazier (dannf)

dann frazier (dannf) on 2019-08-19

Changed in linux (Ubuntu):
assignee:	dann frazier (dannf) → nobody
Changed in linux (Ubuntu Bionic):
status:	In Progress → Fix Released
status:	Fix Released → In Progress
Changed in linux (Ubuntu Disco):
status:	New → Fix Released

Kleber Sacilotto de Souza (kleber-souza) on 2019-09-03

Changed in linux (Ubuntu Bionic):
status:	In Progress → Fix Committed

Revision history for this message

Ubuntu Kernel Bot (ubuntu-kernel-bot) wrote on 2019-09-11:

#1

This bug is awaiting verification that the kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-bionic' to 'verification-done-bionic'. If the problem still exists, change the tag 'verification-needed-bionic' to 'verification-failed-bionic'.

If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you!

tags:

added: verification-needed-bionic

Revision history for this message

dann frazier (dannf) wrote on 2019-09-11:

#2

Proposed kernel regression tested w/ a 10 minute iperf run.

tags:

added: verification-done-bionic
removed: verification-needed-bionic

Revision history for this message

Launchpad Janitor (janitor) wrote on 2019-09-30:

#3

Download full text (20.2 KiB)

This bug was fixed in the package linux - 4.15.0-65.74

---------------
linux (4.15.0-65.74) bionic; urgency=medium

* bionic/linux: 4.15.0-65.74 -proposed tracker (LP: #1844403)

  * arm64: large modules fail to load (LP: #1841109)
    - arm64/kernel: kaslr: reduce module randomization range to 4 GB
    - arm64/kernel: don't ban ADRP to work around Cortex-A53 erratum #843419
    - arm64: fix undefined reference to 'printk'
    - arm64/kernel: rename module_emit_adrp_veneer->module_emit_veneer_for_adrp
    - [config] Remove CONFIG_ARM64_MODULE_CMODEL_LARGE

* CVE-2018-20976
- xfs: clear sb->s_fs_info on mount failure

  * br_netfilter: namespace sysctl operations (LP: #1836910)
    - net: bridge: add bitfield for options and convert vlan opts
    - net: bridge: convert nf call options to bits
    - netfilter: bridge: port sysctls to use brnf_net
    - netfilter: bridge: namespace bridge netfilter sysctls
    - netfilter: bridge: prevent UAF in brnf_exit_net()

* tuntap: correctly set SOCKWQ_ASYNC_NOSPACE (LP: #1830756)
- tuntap: correctly set SOCKWQ_ASYNC_NOSPACE

  * Bionic update: upstream stable patchset 2019-08-30 (LP: #1842114)
    - HID: Add 044f:b320 ThrustMaster, Inc. 2 in 1 DT
    - MIPS: kernel: only use i8253 clocksource with periodic clockevent
    - mips: fix cacheinfo
    - netfilter: ebtables: fix a memory leak bug in compat
    - ASoC: dapm: Fix handling of custom_stop_condition on DAPM graph walks
    - bonding: Force slave speed check after link state recovery for 802.3ad
    - can: dev: call netif_carrier_off() in register_candev()
    - ASoC: Fail card instantiation if DAI format setup fails
    - st21nfca_connectivity_event_received: null check the allocation
    - st_nci_hci_connectivity_event_received: null check the allocation
    - ASoC: ti: davinci-mcasp: Correct slot_width posed constraint
    - net: usb: qmi_wwan: Add the BroadMobi BM818 card
    - qed: RDMA - Fix the hw_ver returned in device attributes
    - isdn: mISDN: hfcsusb: Fix possible null-pointer dereferences in
      start_isoc_chain()
    - netfilter: ipset: Fix rename concurrency with listing
    - isdn: hfcsusb: Fix mISDN driver crash caused by transfer buffer on the stack
    - perf bench numa: Fix cpu0 binding
    - can: sja1000: force the string buffer NULL-terminated
    - can: peak_usb: force the string buffer NULL-terminated
    - net/ethernet/qlogic/qed: force the string buffer NULL-terminated
    - NFSv4: Fix a potential sleep while atomic in nfs4_do_reclaim()
    - HID: input: fix a4tech horizontal wheel custom usage
    - SMB3: Kernel oops mounting a encryptData share with CONFIG_DEBUG_VIRTUAL
    - net: cxgb3_main: Fix a resource leak in a error path in 'init_one()'
    - net: hisilicon: make hip04_tx_reclaim non-reentrant
    - net: hisilicon: fix hip04-xmit never return TX_BUSY
    - net: hisilicon: Fix dma_map_single failed on arm64
    - libata: have ata_scsi_rw_xlat() fail invalid passthrough requests
    - libata: add SG safety checks in SFF pio transfers
    - x86/lib/cpu: Address missing prototypes warning
    - drm/vmwgfx: fix memory leak when too many retries have occurred
    - perf ftrace: Fix failure to set cpuma...

This bug was fixed in the package linux - 4.15.0-65.74

---------------
linux (4.15.0-65.74) bionic; urgency=medium

* bionic/linux: 4.15.0-65.74 -proposed tracker (LP: #1844403)

* arm64: large modules fail to load (LP: #1841109)
    - arm64/kernel: kaslr: reduce module randomization range to 4 GB
    - arm64/kernel: don't ban ADRP to work around Cortex-A53 erratum #843419
    - arm64: fix undefined reference to 'printk'
    - arm64/kernel: rename module_emit_adrp_veneer->module_emit_veneer_for_adrp
    - [config] Remove CONFIG_ARM64_MODULE_CMODEL_LARGE

* CVE-2018-20976
    - xfs: clear sb->s_fs_info on mount failure

* br_netfilter: namespace sysctl operations (LP: #1836910)
    - net: bridge: add bitfield for options and convert vlan opts
    - net: bridge: convert nf call options to bits
    - netfilter: bridge: port sysctls to use brnf_net
    - netfilter: bridge: namespace bridge netfilter sysctls
    - netfilter: bridge: prevent UAF in brnf_exit_net()

* tuntap: correctly set SOCKWQ_ASYNC_NOSPACE (LP: #1830756)
    - tuntap: correctly set SOCKWQ_ASYNC_NOSPACE

* Bionic update: upstream stable patchset 2019-08-30 (LP: #1842114)
    - HID: Add 044f:b320 ThrustMaster, Inc. 2 in 1 DT
    - MIPS: kernel: only use i8253 clocksource with periodic clockevent
    - mips: fix cacheinfo
    - netfilter: ebtables: fix a memory leak bug in compat
    - ASoC: dapm: Fix handling of custom_stop_condition on DAPM graph walks
    - bonding: Force slave speed check after link state recovery for 802.3ad
    - can: dev: call netif_carrier_off() in register_candev()
    - ASoC: Fail card instantiation if DAI format setup fails
    - st21nfca_connectivity_event_received: null check the allocation
    - st_nci_hci_connectivity_event_received: null check the allocation
    - ASoC: ti: davinci-mcasp: Correct slot_width posed constraint
    - net: usb: qmi_wwan: Add the BroadMobi BM818 card
    - qed: RDMA - Fix the hw_ver returned in device attributes
    - isdn: mISDN: hfcsusb: Fix possible null-pointer dereferences in
      start_isoc_chain()
    - netfilter: ipset: Fix rename concurrency with listing
    - isdn: hfcsusb: Fix mISDN driver crash caused by transfer buffer on the stack
    - perf bench numa: Fix cpu0 binding
    - can: sja1000: force the string buffer NULL-terminated
    - can: peak_usb: force the string buffer NULL-terminated
    - net/ethernet/qlogic/qed: force the string buffer NULL-terminated
    - NFSv4: Fix a potential sleep while atomic in nfs4_do_reclaim()
    - HID: input: fix a4tech horizontal wheel custom usage
    - SMB3: Kernel oops mounting a encryptData share with CONFIG_DEBUG_VIRTUAL
    - net: cxgb3_main: Fix a resource leak in a error path in 'init_one()'
    - net: hisilicon: make hip04_tx_reclaim non-reentrant
    - net: hisilicon: fix hip04-xmit never return TX_BUSY
    - net: hisilicon: Fix dma_map_single failed on arm64
    - libata: have ata_scsi_rw_xlat() fail invalid passthrough requests
    - libata: add SG safety checks in SFF pio transfers
    - x86/lib/cpu: Address missing prototypes warning
    - drm/vmwgfx: fix memory leak when too many retries have occurred
    - perf ftrace: Fix failure to set cpumask when only one cpu is present
    - perf cpumap: Fix writing to illegal memory in handling cpumap mask
    - perf pmu-events: Fix missing "cpu_clk_unhalted.core" event
    - selftests: kvm: Adding config fragments
    - HID: wacom: correct misreported EKR ring values
    - HID: wacom: Correct distance scale for 2nd-gen Intuos devices
    - Revert "dm bufio: fix deadlock with loop device"
    - ceph: don't try fill file_lock on unsuccessful GETFILELOCK reply
    - libceph: fix PG split vs OSD (re)connect race
    - drm/nouveau: Don't retry infinitely when receiving no data on i2c over AUX
    - gpiolib: never report open-drain/source lines as 'input' to user-space
    - userfaultfd_release: always remove uffd flags and clear vm_userfaultfd_ctx
    - x86/retpoline: Don't clobber RFLAGS during CALL_NOSPEC on i386
    - x86/apic: Handle missing global clockevent gracefully
    - x86/CPU/AMD: Clear RDRAND CPUID bit on AMD family 15h/16h
    - x86/boot: Save fields explicitly, zero out everything else
    - x86/boot: Fix boot regression caused by bootparam sanitizing
    - dm kcopyd: always complete failed jobs
    - dm btree: fix order of block initialization in btree_split_beneath
    - dm space map metadata: fix missing store of apply_bops() return value
    - dm table: fix invalid memory accesses with too high sector number
    - dm zoned: improve error handling in reclaim
    - dm zoned: improve error handling in i/o map code
    - dm zoned: properly handle backing device failure
    - genirq: Properly pair kobject_del() with kobject_add()
    - mm, page_owner: handle THP splits correctly
    - mm/zsmalloc.c: migration can leave pages in ZS_EMPTY indefinitely
    - mm/zsmalloc.c: fix race condition in zs_destroy_pool
    - xfs: fix missing ILOCK unlock when xfs_setattr_nonsize fails due to EDQUOT
    - dm zoned: fix potential NULL dereference in dmz_do_reclaim()
    - powerpc: Allow flush_(inval_)dcache_range to work across ranges >4GB
    - can: mcp251x: add error check when wq alloc failed
    - netfilter: ipset: Actually allow destination MAC address for hash:ip,mac
      sets too
    - netfilter: ipset: Copy the right MAC address in bitmap:ip,mac and
      hash:ip,mac sets
    - rxrpc: Fix the lack of notification when sendmsg() fails on a DATA packet
    - net: phy: phy_led_triggers: Fix a possible null-pointer dereference in
      phy_led_trigger_change_speed()
    - NFS: Fix regression whereby fscache errors are appearing on 'nofsc' mounts
    - net: stmmac: Fix issues when number of Queues >= 4
    - KVM: arm64: Don't write junk to sysregs on reset
    - KVM: arm: Don't write junk to CP15 registers on reset
    - xfs: don't trip over uninitialized buffer on extent read of corrupted inode
    - xfs: Move fs/xfs/xfs_attr.h to fs/xfs/libxfs/xfs_attr.h
    - xfs: Add helper function xfs_attr_try_sf_addname
    - xfs: Add attibute remove and helper functions

* Bionic update: upstream stable patchset 2019-08-27 (LP: #1841652)
    - sh: kernel: hw_breakpoint: Fix missing break in switch statement
    - mm/usercopy: use memory range to be accessed for wraparound check
    - mm/memcontrol.c: fix use after free in mem_cgroup_iter()
    - bpf: get rid of pure_initcall dependency to enable jits
    - bpf: restrict access to core bpf sysctls
    - bpf: add bpf_jit_limit knob to restrict unpriv allocations
    - xtensa: add missing isync to the cpu_reset TLB code
    - ALSA: hda - Apply workaround for another AMD chip 1022:1487
    - ALSA: hda - Fix a memory leak bug
    - HID: holtek: test for sanity of intfdata
    - HID: hiddev: avoid opening a disconnected device
    - HID: hiddev: do cleanup in failure of opening a device
    - Input: kbtab - sanity check for endpoint type
    - Input: iforce - add sanity checks
    - net: usb: pegasus: fix improper read if get_registers() fail
    - netfilter: ebtables: also count base chain policies
    - clk: at91: generated: Truncate divisor to GENERATED_MAX_DIV + 1
    - clk: renesas: cpg-mssr: Fix reset control race condition
    - xen/pciback: remove set but not used variable 'old_state'
    - irqchip/gic-v3-its: Free unused vpt_page when alloc vpe table fail
    - irqchip/irq-imx-gpcv2: Forward irq type to parent
    - perf header: Fix divide by zero error if f_header.attr_size==0
    - perf header: Fix use of unitialized value warning
    - libata: zpodd: Fix small read overflow in zpodd_get_mech_type()
    - drm/bridge: lvds-encoder: Fix build error while CONFIG_DRM_KMS_HELPER=m
    - scsi: hpsa: correct scsi command status issue after reset
    - scsi: qla2xxx: Fix possible fcport null-pointer dereferences
    - ata: libahci: do not complain in case of deferred probe
    - kbuild: modpost: handle KBUILD_EXTRA_SYMBOLS only for external modules
    - arm64/efi: fix variable 'si' set but not used
    - arm64: unwind: Prohibit probing on return_address()
    - arm64/mm: fix variable 'pud' set but not used
    - IB/core: Add mitigation for Spectre V1
    - IB/mad: Fix use-after-free in ib mad completion handling
    - drm: msm: Fix add_gpu_components
    - ocfs2: remove set but not used variable 'last_hash'
    - asm-generic: fix -Wtype-limits compiler warnings
    - KVM: arm/arm64: Sync ICH_VMCR_EL2 back when about to block
    - staging: comedi: dt3000: Fix signed integer overflow 'divider * base'
    - staging: comedi: dt3000: Fix rounding up of timer divisor
    - iio: adc: max9611: Fix temperature reading in probe
    - USB: core: Fix races in character device registration and deregistraion
    - usb: gadget: udc: renesas_usb3: Fix sysfs interface of "role"
    - usb: cdc-acm: make sure a refcount is taken early enough
    - USB: CDC: fix sanity checks in CDC union parser
    - USB: serial: option: add D-Link DWM-222 device ID
    - USB: serial: option: Add support for ZTE MF871A
    - USB: serial: option: add the BroadMobi BM818 card
    - USB: serial: option: Add Motorola modem UARTs
    - bpf: fix bpf_jit_limit knob for PAGE_SIZE >= 64K
    - arm64: ftrace: Ensure module ftrace trampoline is coherent with I-side
    - netfilter: conntrack: Use consistent ct id hash calculation
    - Input: psmouse - fix build error of multiple definition
    - iommu/amd: Move iommu_init_pci() to .init section
    - bnx2x: Fix VF's VLAN reconfiguration in reload.
    - net/mlx4_en: fix a memory leak bug
    - net/packet: fix race in tpacket_snd()
    - sctp: fix the transport error_count check
    - xen/netback: Reset nr_frags before freeing skb
    - net/mlx5e: Only support tx/rx pause setting for port owner
    - net/mlx5e: Use flow keys dissector to parse packets for ARFS
    - team: Add vlan tx offload to hw_enc_features
    - bonding: Add vlan tx offload to hw_enc_features
    - mmc: sdhci-of-arasan: Do now show error message in case of deffered probe
    - xfrm: policy: remove pcpu policy cache
    - mm/hmm: fix bad subpage pointer in try_to_unmap_one
    - mm: mempolicy: make the behavior consistent when MPOL_MF_MOVE* and
      MPOL_MF_STRICT were specified
    - mm: mempolicy: handle vma with unmovable pages mapped correctly in mbind
    - riscv: Make __fstate_clean() work correctly.
    - Revert "kmemleak: allow to coexist with fault injection"
    - sctp: fix memleak in sctp_send_reset_streams

* Bionic update: upstream stable patchset 2019-08-16 (LP: #1840520)
    - iio: adc: max9611: Fix misuse of GENMASK macro
    - crypto: ccp - Fix oops by properly managing allocated structures
    - crypto: ccp - Ignore tag length when decrypting GCM ciphertext
    - usb: usbfs: fix double-free of usb memory upon submiturb error
    - usb: iowarrior: fix deadlock on disconnect
    - sound: fix a memory leak bug
    - mmc: cavium: Set the correct dma max segment size for mmc_host
    - mmc: cavium: Add the missing dma unmap when the dma has finished.
    - loop: set PF_MEMALLOC_NOIO for the worker thread
    - Input: synaptics - enable RMI mode for HP Spectre X360
    - lkdtm: support llvm-objcopy
    - crypto: ccp - Validate buffer lengths for copy operations
    - crypto: ccp - Add support for valid authsize values less than 16
    - perf annotate: Fix s390 gap between kernel end and module start
    - perf db-export: Fix thread__exec_comm()
    - perf record: Fix module size on s390
    - usb: host: xhci-rcar: Fix timeout in xhci_suspend()
    - usb: yurex: Fix use-after-free in yurex_delete
    - can: rcar_canfd: fix possible IRQ storm on high load
    - can: peak_usb: fix potential double kfree_skb()
    - netfilter: nfnetlink: avoid deadlock due to synchronous request_module
    - vfio-ccw: Set pa_nr to 0 if memory allocation fails for pa_iova_pfn
    - netfilter: Fix rpfilter dropping vrf packets by mistake
    - netfilter: nft_hash: fix symhash with modulus one
    - scripts/sphinx-pre-install: fix script for RHEL/CentOS
    - iscsi_ibft: make ISCSI_IBFT dependson ACPI instead of ISCSI_IBFT_FIND
    - mac80211: don't warn about CW params when not using them
    - hwmon: (nct6775) Fix register address and added missed tolerance for nct6106
    - drm: silence variable 'conn' set but not used
    - cpufreq/pasemi: fix use-after-free in pas_cpufreq_cpu_init()
    - s390/qdio: add sanity checks to the fast-requeue path
    - ALSA: compress: Fix regression on compressed capture streams
    - ALSA: compress: Prevent bypasses of set_params
    - ALSA: compress: Don't allow paritial drain operations on capture streams
    - ALSA: compress: Be more restrictive about when a drain is allowed
    - perf tools: Fix proper buffer size for feature processing
    - perf probe: Avoid calling freeing routine multiple times for same pointer
    - drbd: dynamically allocate shash descriptor
    - ACPI/IORT: Fix off-by-one check in iort_dev_find_its_id()
    - ARM: davinci: fix sleep.S build error on ARMv4
    - scsi: megaraid_sas: fix panic on loading firmware crashdump
    - scsi: ibmvfc: fix WARN_ON during event pool release
    - scsi: scsi_dh_alua: always use a 2 second delay before retrying RTPG
    - test_firmware: fix a memory leak bug
    - tty/ldsem, locking/rwsem: Add missing ACQUIRE to read_failed sleep loop
    - perf/core: Fix creating kernel counters for PMUs that override event->cpu
    - HID: sony: Fix race condition between rumble and device remove.
    - can: peak_usb: pcan_usb_pro: Fix info-leaks to USB devices
    - can: peak_usb: pcan_usb_fd: Fix info-leaks to USB devices
    - hwmon: (nct7802) Fix wrong detection of in4 presence
    - drm/i915: Fix wrong escape clock divisor init for GLK
    - ALSA: firewire: fix a memory leak bug
    - ALSA: hda - Don't override global PCM hw info flag
    - ALSA: hda - Workaround for crackled sound on AMD controller (1022:1457)
    - mac80211: don't WARN on short WMM parameters from AP
    - SMB3: Fix deadlock in validate negotiate hits reconnect
    - smb3: send CAP_DFS capability during session setup
    - NFSv4: Only pass the delegation to setattr if we're sending a truncate
    - NFSv4: Fix an Oops in nfs4_do_setattr
    - KVM: Fix leak vCPU's VMCS value into other pCPU
    - mwifiex: fix 802.11n/WPA detection
    - iwlwifi: don't unmap as page memory that was mapped as single
    - iwlwifi: mvm: fix an out-of-bound access
    - iwlwifi: mvm: don't send GEO_TX_POWER_LIMIT on version < 41
    - iwlwifi: mvm: fix version check for GEO_TX_POWER_LIMIT support
    - iio: cros_ec_accel_legacy: Fix incorrect channel setting
    - staging: android: ion: Bail out upon SIGKILL when allocating memory.
    - x86/purgatory: Use CFLAGS_REMOVE rather than reset KBUILD_CFLAGS
    - usb: typec: tcpm: free log buf memory when remove debug file
    - usb: typec: tcpm: remove tcpm dir if no children
    - usb: typec: tcpm: Add NULL check before dereferencing config
    - netfilter: conntrack: always store window size un-scaled
    - drm/amd/display: Wait for backlight programming completion in set backlight
      level
    - drm/amd/display: use encoder's engine id to find matched free audio device
    - drm/amd/display: Fix dc_create failure handling and 666 color depths
    - drm/amd/display: Only enable audio if speaker allocation exists
    - drm/amd/display: Increase size of audios array
    - allocate_flower_entry: should check for null deref
    - s390/dma: provide proper ARCH_ZONE_DMA_BITS value
    - ALSA: hiface: fix multiple memory leak bugs

* Bionic update: upstream stable patchset 2019-08-15 (LP: #1840378)
    - scsi: fcoe: Embed fc_rport_priv in fcoe_rport structure
    - ARM: dts: Add pinmuxing for i2c2 and i2c3 for LogicPD SOM-LV
    - ARM: dts: Add pinmuxing for i2c2 and i2c3 for LogicPD torpedo
    - HID: wacom: fix bit shift for Cintiq Companion 2
    - HID: Add quirk for HP X1200 PIXART OEM mouse
    - RDMA: Directly cast the sockaddr union to sockaddr
    - IB: directly cast the sockaddr union to aockaddr
    - atm: iphase: Fix Spectre v1 vulnerability
    - ife: error out when nla attributes are empty
    - ip6_tunnel: fix possible use-after-free on xmit
    - net: bridge: delete local fdb on device init failure
    - net: bridge: mcast: don't delete permanent entries when fast leave is
      enabled
    - net: fix ifindex collision during namespace removal
    - net/mlx5: Use reversed order when unregister devices
    - net: phylink: Fix flow control for fixed-link
    - net: sched: Fix a possible null-pointer dereference in dequeue_func()
    - NFC: nfcmrvl: fix gpio-handling regression
    - tipc: compat: allow tipc commands without arguments
    - compat_ioctl: pppoe: fix PPPOEIOCSFWD handling
    - net/mlx5e: Prevent encap flow counter update async to user query
    - tun: mark small packets as owned by the tap sock
    - mvpp2: refactor MTU change code
    - bnx2x: Disable multi-cos feature.
    - cgroup: Call cgroup_release() before __exit_signal()
    - cgroup: Implement css_task_iter_skip()
    - cgroup: Include dying leaders with live threads in PROCS iterations
    - cgroup: css_task_iter_skip()'d iterators must be advanced before accessed
    - cgroup: Fix css_task_iter_advance_css_set() cset skip condition
    - spi: bcm2835: Fix 3-wire mode if DMA is enabled
    - driver core: Establish order of operations for device_add and device_del via
      bitflag
    - drivers/base: Introduce kill_device()
    - libnvdimm/bus: Prevent duplicate device_unregister() calls
    - libnvdimm/region: Register badblocks before namespaces
    - libnvdimm/bus: Prepare the nd_ioctl() path to be re-entrant
    - libnvdimm/bus: Fix wait_nvdimm_bus_probe_idle() ABBA deadlock
    - ipip: validate header length in ipip_tunnel_xmit
    - mvpp2: fix panic on module removal
    - net/mlx5: Fix modify_cq_in alignment
    - r8169: don't use MSI before RTL8168d

* VIMC module not available (CONFIG_VIDEO_VIMC not set) (LP: #1831482)
    - [Config] Enable VIMC module

* reboot will introduce an alarm 'beep ...' during BIOS phase (LP: #1840395)
    - ALSA: hda - Let all conexant codec enter D3 when rebooting
    - ALSA: hda - Add a generic reboot_notify

* Include Sunix serial/parallel driver (LP: #1826716)
    - serial: 8250_pci: Add support for Sunix serial boards
    - parport: parport_serial: Add support for Sunix Multi I/O boards

* Intel HDMI audio print "Unable to sync register" errors (LP: #1840394)
    - ALSA: hda - Don't resume forcibly i915 HDMI/DP codec

* Support cpufreq, thermal sensors & cooling cells on iMX6Q based Nitrogen6x
    board (LP: #1840437)
    - arm: imx: Add MODULE_ALIAS for cpufreq
    - ARM: dts: imx: Add missing OPP properties for CPUs
    - ARM: dts: imx7d: use operating-points-v2 for cpu
    - ARM: dts: imx7d: remove "operating-points" property for cpu1
    - ARM: dts: imx: add cooling-cells for cpufreq cooling device
    - ARM: dts: imx6: add thermal sensor and cooling cells

* hns3: ring buffer race leads can cause corruption (LP: #1840717)
    - net: hns3: minor optimization for ring_space
    - net: hns3: fix data race between ring->next_to_clean
    - net: hns3: optimize the barrier using when cleaning TX BD

* Bionic build broken if CONFIG_MODVERSIONS enabled (LP: #1840321)
    - Revert "genksyms: Teach parser about 128-bit built-in types"

* [bionic] drm/i915: softpin broken, needs to be fixed for 32bit mesa
    (LP: #1815172)
    - SAUCE: drm/i915: Partially revert d6edad3777c28ea

* Goodix touchpad may drop first input event (LP: #1840075)
    - mfd: intel-lpss: Remove D3cold delay

* NULL pointer dereference when Inserting the VIMC module (LP: #1840028)
    - media: vimc: fix component match compare

* Fix touchpad IRQ storm after S3 (LP: #1841396)
    - pinctrl: intel: remap the pin number to gpio offset for irq enabled pin

* [SRU][B/OEM-B/OEM-OSP1/D] UBUNTU: SAUCE: enable middle button for one more
    ThinkPad (LP: #1841722)
    - SAUCE: Input: elantech - enable middle button for one more ThinkPad

* Test 391/u and 391/p from ubuntu_bpf failed on B (LP: #1841704)
    - SAUCE: Fix "bpf: improve verifier branch analysis"

* crypto/testmgr.o fails to build due to struct cipher_testvec not having data
    members: ctext, ptext, len (LP: #1841264)
    - SAUCE: Revert "crypto: testmgr - add AES-CFB tests"

* Bionic QEMU with Bionic Kernel hangs in AMD FX-8350 with cpu-host as
    passthrough (LP: #1834522)
    - KVM: SVM: install RSM intercept
    - KVM: x86: SVM: Set EMULTYPE_NO_REEXECUTE for RSM emulation

-- Kleber Sacilotto de Souza <kleber.souza@canonical.com>  Tue, 17 Sep 2019 18:12:26 +0200

Changed in linux (Ubuntu Bionic):
status:	Fix Committed → Fix Released

	Status	Importance	Assigned to
linux (Ubuntu)	Fix Released	Undecided	Unassigned
Bionic	Fix Released	Undecided	dann frazier
Disco	Fix Released	Undecided	Unassigned

Ubuntu
linux package

hns3: ring buffer race leads can cause corruption

Bug Description

CVE References

Other bug subscribers

Remote bug watches

Ubuntulinux package

hns3: ring buffer race leads can cause corruption

Bug Description

CVE References

Other bug subscribers

Remote bug watches

Ubuntu
linux package