Ubuntu
linux package

Bionic update: upstream stable patchset 2021-11-23

Bug #1951997 reported by Kamal Mostafa on 2021-11-23

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	linux (Ubuntu)	Invalid	Undecided	Unassigned
	Bionic	Fix Released	Medium	Kamal Mostafa

Bug Description

SRU Justification

    Impact:
       The upstream process for stable tree updates is quite similar
       in scope to the Ubuntu SRU process, e.g., each patch has to
       demonstrably fix a bug, and each patch is vetted by upstream
       by originating either directly from a mainline/stable Linux tree or
       a minimally backported form of that patch. The following upstream
       stable patches should be included in the Ubuntu kernel:

upstream stable patchset 2021-11-23

Ported from the following upstream stable releases:
v4.14.253, v4.19.214

from git://git.kernel.org/

btrfs: always wait on ordered extents at fsync time
ARM: dts: at91: sama5d2_som1_ek: disable ISC node by default
xtensa: xtfpga: use CONFIG_USE_OF instead of CONFIG_OF
xtensa: xtfpga: Try software restart before simulating CPU reset
NFSD: Keep existing listeners on portlist error
netfilter: ipvs: make global sysctl readonly in non-init netns
NIOS2: irqflags: rename a redefined register name
can: rcar_can: fix suspend/resume
can: peak_usb: pcan_usb_fd_decode_status(): fix back to ERROR_ACTIVE state notification
can: peak_pci: peak_pci_remove(): fix UAF
ocfs2: fix data corruption after conversion from inline format
ocfs2: mount fails with buffer overflow in strlen
elfcore: correct reference to CONFIG_UML
ALSA: usb-audio: Provide quirk for Sennheiser GSP670 Headset
ASoC: DAPM: Fix missing kctl change notifications
nfc: nci: fix the UAF of rf_conn_info object
isdn: cpai: check ctr->cnr to avoid array index out of bound
netfilter: Kconfig: use 'default y' instead of 'm' for bool config option
btrfs: deal with errors when checking if a dir entry exists during log replay
net: stmmac: add support for dwmac 3.40a
ARM: dts: spear3xx: Fix gmac node
isdn: mISDN: Fix sleeping function called from invalid context
platform/x86: intel_scu_ipc: Update timeout value in comment
ALSA: hda: avoid write to STATESTS if controller is in reset
tracing: Have all levels of checks prevent recursion
ARM: 9122/1: select HAVE_FUTEX_CMPXCHG
dma-debug: fix sg checks in debug_dma_map_sg()
ASoC: wm8960: Fix clock configuration on slave mode
lan78xx: select CRC32
net: hns3: add limit ets dwrr bandwidth cannot be 0
net: hns3: disable sriov before unload hclge layer
ALSA: hda/realtek: Add quirk for Clevo PC50HS
mm, slub: fix mismatch between reconstructed freelist depth and cnt
gcc-plugins/structleak: add makefile var for disabling structleak
UBUNTU: upstream stable to v4.14.253, v4.19.214

See original description

Tags:

CVE References

Kamal Mostafa (kamalmostafa) on 2021-11-23

Changed in linux (Ubuntu):
status:	New → Confirmed
tags:	added: kernel-stable-tracking-bug

Revision history for this message

Kamal Mostafa (kamalmostafa) wrote on 2021-11-23:

Note:

scsi: core: Fix shost->cmd_per_lun calculation in scsi_add_host_with_dma()

from v4.14.253 is being held out, pending testing w.r.t.

UBUNTU: SAUCE: Revert "scsi: core: Cap scsi_host cmd_per_lun at can_queue"
https://bugs.launchpad.net/bugs/1940564

description:	updated
Changed in linux (Ubuntu Bionic):
status:	New → In Progress
importance:	Undecided → Medium
assignee:	nobody → Kamal Mostafa (kamalmostafa)
Changed in linux (Ubuntu):
status:	Confirmed → Invalid
description:	updated

Stefan Bader (smb) on 2021-11-24

Changed in linux (Ubuntu Bionic):
status:	In Progress → Fix Committed

Revision history for this message

Launchpad Janitor (janitor) wrote on 2022-01-04:

Download full text (10.4 KiB)

This bug was fixed in the package linux - 4.15.0-166.174

---------------
linux (4.15.0-166.174) bionic; urgency=medium

* bionic/linux: 4.15.0-166.174 -proposed tracker (LP: #1953667)

* Ubuntu version macros overflow with high ABI numbers (LP: #1953522)
- SAUCE: Revert "stable: clamp SUBLEVEL in 4.14"

  * test_bpf.sh test in net of ubuntu_kernel_selftests failed on B-4.15 and
    variants (LP: #1953287)
    - SAUCE: Revert "bpf: add also cbpf long jump test cases with heavy expansion"

  * test_bpf.sh test in net of ubuntu_kernel_selftests failed on B-4.15 and
    variants (LP: #1953287) // CVE-2018-25020
    - bpf: fix truncated jump targets on heavy expansions

linux (4.15.0-165.173) bionic; urgency=medium

* bionic/linux: 4.15.0-165.173 -proposed tracker (LP: #1952780)

  * Support builtin revoked certificates (LP: #1932029)
    - certs: Add EFI_CERT_X509_GUID support for dbx entries
    - certs: Move load_system_certificate_list to a common function
    - integrity: Move import of MokListRT certs to a separate routine
    - integrity: Load certs from the EFI MOK config table
    - certs: Add ability to preload revocation certs
    - certs: add 'x509_revocation_list' to gitignore
    - SAUCE: Dump stack when X.509 certificates cannot be loaded
    - [Packaging] build canonical-revoked-certs.pem from branch/arch certs
    - [Packaging] Revoke 2012 UEFI signing certificate as built-in
    - [Config] Configure CONFIG_SYSTEM_REVOCATION_KEYS with revoked keys

  * Support importing mokx keys into revocation list from the mok table
    (LP: #1928679)
    - efi: Support for MOK variable config table
    - efi: mokvar-table: fix some issues in new code
    - efi: mokvar: add missing include of asm/early_ioremap.h
    - efi/mokvar: Reserve the table only if it is in boot services data
    - SAUCE: integrity: Load mokx certs from the EFI MOK config table
    - SAUCE: integrity: add informational messages when revoking certs

  * CVE-2021-4002
    - arm64: tlb: Provide forward declaration of tlb_flush() before including
      tlb.h
    - mm: mmu_notifier fix for tlb_end_vma
    - hugetlbfs: flush TLBs correctly after huge_pmd_unshare

linux (4.15.0-164.172) bionic; urgency=medium

* bionic/linux: 4.15.0-164.172 -proposed tracker (LP: #1952348)

  * Packaging resync (LP: #1786013)
    - [Packaging] resync update-dkms-versions helper
    - debian/dkms-versions -- update from kernel-versions (main/2021.11.29)

This bug was fixed in the package linux - 4.15.0-166.174

---------------
linux (4.15.0-166.174) bionic; urgency=medium

* bionic/linux: 4.15.0-166.174 -proposed tracker (LP: #1953667)

* Ubuntu version macros overflow with high ABI numbers (LP: #1953522)
    - SAUCE: Revert "stable: clamp SUBLEVEL in 4.14"

* test_bpf.sh test in net of ubuntu_kernel_selftests failed on B-4.15 and
    variants (LP: #1953287)
    - SAUCE: Revert "bpf: add also cbpf long jump test cases with heavy expansion"

* test_bpf.sh test in net of ubuntu_kernel_selftests failed on B-4.15 and
    variants (LP: #1953287) // CVE-2018-25020
    - bpf: fix truncated jump targets on heavy expansions

linux (4.15.0-165.173) bionic; urgency=medium

* bionic/linux: 4.15.0-165.173 -proposed tracker (LP: #1952780)

linux (4.15.0-164.172) bionic; urgency=medium

* bionic/linux: 4.15.0-164.172 -proposed tracker (LP: #1952348)

* Packaging resync (LP: #1786013)
    - [Packaging] resync update-dkms-versions helper
    - debian/dkms-versions -- update from kernel-versions (main/2021.11.29)

* Bionic update: upstream stable patchset 2021-11-23 (LP: #1951997)
    - btrfs: always wait on ordered extents at fsync time
    - ARM: dts: at91: sama5d2_som1_ek: disable ISC node by default
    - xtensa: xtfpga: use CONFIG_USE_OF instead of CONFIG_OF
    - xtensa: xtfpga: Try software restart before simulating CPU reset
    - NFSD: Keep existing listeners on portlist error
    - netfilter: ipvs: make global sysctl readonly in non-init netns
    - NIOS2: irqflags: rename a redefined register name
    - can: rcar_can: fix suspend/resume
    - can: peak_usb: pcan_usb_fd_decode_status(): fix back to ERROR_ACTIVE state
      notification
    - can: peak_pci: peak_pci_remove(): fix UAF
    - ocfs2: fix data corruption after conversion from inline format
    - ocfs2: mount fails with buffer overflow in strlen
    - elfcore: correct reference to CONFIG_UML
    - ALSA: usb-audio: Provide quirk for Sennheiser GSP670 Headset
    - ASoC: DAPM: Fix missing kctl change notifications
    - nfc: nci: fix the UAF of rf_conn_info object
    - isdn: cpai: check ctr->cnr to avoid array index out of bound
    - netfilter: Kconfig: use 'default y' instead of 'm' for bool config option
    - btrfs: deal with errors when checking if a dir entry exists during log
      replay
    - net: stmmac: add support for dwmac 3.40a
    - ARM: dts: spear3xx: Fix gmac node
    - isdn: mISDN: Fix sleeping function called from invalid context
    - platform/x86: intel_scu_ipc: Update timeout value in comment
    - ALSA: hda: avoid write to STATESTS if controller is in reset
    - tracing: Have all levels of checks prevent recursion
    - ARM: 9122/1: select HAVE_FUTEX_CMPXCHG
    - dma-debug: fix sg checks in debug_dma_map_sg()
    - ASoC: wm8960: Fix clock configuration on slave mode
    - lan78xx: select CRC32
    - net: hns3: add limit ets dwrr bandwidth cannot be 0
    - net: hns3: disable sriov before unload hclge layer
    - ALSA: hda/realtek: Add quirk for Clevo PC50HS
    - mm, slub: fix mismatch between reconstructed freelist depth and cnt
    - gcc-plugins/structleak: add makefile var for disabling structleak

* creat09 from ubuntu_ltp_syscalls and cve-2018-13405 from ubuntu_ltp/cve
    failed with XFS (LP: #1950239)
    - xfs: ensure that the inode uid/gid match values match the icdinode ones
    - xfs: merge the projid fields in struct xfs_icdinode
    - xfs: remove the icdinode di_uid/di_gid members
    - xfs: fix up non-directory creation in SGID directories

* ubuntu_ltp / finit_module02 fails on v4.15 and other kernels (LP: #1950644)
    - vfs: check fd has read access in kernel_read_file_from_fd()

* reuseport_bpf_numa in net from ubuntu_kernel_selftests fails on ppc64le
    (LP: #1867570)
    - selftests/net: Fix reuseport_bpf_numa by skipping unavailable nodes

* Bionic update: upstream stable patchset 2021-11-12 (LP: #1950816)
    - net: mdio: introduce a shutdown method to mdio device drivers
    - xen-netback: correct success/error reporting for the SKB-with-fraglist case
    - sparc64: fix pci_iounmap() when CONFIG_PCI is not set
    - ext2: fix sleeping in atomic bugs on error
    - scsi: sd: Free scsi_disk device via put_device()
    - usb: testusb: Fix for showing the connection speed
    - usb: dwc2: check return value after calling platform_get_resource()
    - scsi: ses: Retry failed Send/Receive Diagnostic commands
    - libata: Add ATA_HORKAGE_NO_NCQ_ON_ATI for Samsung 860 and 870 SSD.
    - lib/timerqueue: Rely on rbtree semantics for next timer
    - selftests: be sure to make khdr before other targets
    - Partially revert "usb: Kconfig: using select for USB_COMMON dependency"
    - USB: cdc-acm: fix racy tty buffer accesses
    - USB: cdc-acm: fix break reporting
    - ovl: fix missing negative dentry check in ovl_rename()
    - nfsd4: Handle the NFSv4 READDIR 'dircount' hint being zero
    - xen/balloon: fix cancelled balloon action
    - ARM: dts: omap3430-sdp: Fix NAND device node
    - ARM: dts: qcom: apq8064: use compatible which contains chipid
    - bpf: add also cbpf long jump test cases with heavy expansion
    - bpf, mips: Validate conditional branch offsets
    - xtensa: call irqchip_init only when CONFIG_USE_OF is selected
    - bpf: Fix integer overflow in prealloc_elems_and_freelist()
    - phy: mdio: fix memory leak
    - net_sched: fix NULL deref in fifo_set_limit()
    - powerpc/fsl/dts: Fix phy-connection-type for fm1mac3
    - ptp_pch: Load module automatically if ID matches
    - ARM: imx6: disable the GIC CPU interface before calling stby-poweroff
      sequence
    - net: bridge: use nla_total_size_64bit() in br_get_linkxstats_size()
    - netlink: annotate data races around nlk->bound
    - drm/nouveau/debugfs: fix file release memory leak
    - rtnetlink: fix if_nlmsg_stats_size() under estimation
    - i40e: fix endless loop under rtnl
    - i2c: acpi: fix resource leak in reconfiguration device addition
    - net: phy: bcm7xxx: Fixed indirect MMD operations
    - HID: apple: Fix logical maximum and usage maximum of Magic Keyboard JIS
    - netfilter: ip6_tables: zero-initialize fragment offset
    - mac80211: Drop frames from invalid MAC address in ad-hoc mode
    - m68k: Handle arrivals of multiple signals correctly
    - net: sun: SUNVNET_COMMON should depend on INET
    - scsi: ses: Fix unsigned comparison with less than zero
    - scsi: virtio_scsi: Fix spelling mistake "Unsupport" -> "Unsupported"
    - perf/x86: Reset destroy callback on event init failure
    - sched: Always inline is_percpu_thread()
    - bpf, arm: Fix register clobbering in div/mod implementation
    - i40e: Fix freeing of uninitialized misc IRQ vector
    - mac80211: check return value of rhashtable_init
    - stable: clamp SUBLEVEL in 4.14
    - ALSA: seq: Fix a potential UAF by wrong private_free call order
    - s390: fix strrchr() implementation
    - btrfs: deal with errors when replaying dir entry during log replay
    - btrfs: deal with errors when adding inode reference during log replay
    - btrfs: check for error when looking up inode during dir entry replay
    - xhci: Fix command ring pointer corruption while aborting a command
    - xhci: Enable trust tx length quirk for Fresco FL11 USB controller
    - cb710: avoid NULL pointer subtraction
    - efi/cper: use stack buffer for error record decoding
    - efi: Change down_interruptible() in virt_efi_reset_system() to
      down_trylock()
    - usb: musb: dsps: Fix the probe error path
    - Input: xpad - add support for another USB ID of Nacon GC-100
    - USB: serial: qcserial: add EM9191 QDL support
    - USB: serial: option: add Quectel EC200S-CN module support
    - USB: serial: option: add Telit LE910Cx composition 0x1204
    - USB: serial: option: add prod. id for Quectel EG91
    - virtio: write back F_VERSION_1 before validate
    - nvmem: Fix shift-out-of-bound (UBSAN) with byte size cells
    - x86/Kconfig: Do not enable AMD_MEM_ENCRYPT_ACTIVE_BY_DEFAULT automatically
    - iio: adc: aspeed: set driver data when adc probe.
    - iio: adc128s052: Fix the error handling path of 'adc128_probe()'
    - iio: light: opt3001: Fixed timeout error when 0 lux
    - iio: ssp_sensors: add more range checking in ssp_parse_dataframe()
    - iio: ssp_sensors: fix error code in ssp_print_mcu_debug()
    - sctp: account stream padding length for reconf chunk
    - net: arc: select CRC32
    - net: korina: select CRC32
    - net: encx24j600: check error in devm_regmap_init_encx24j600
    - ethernet: s2io: fix setting mac address during resume
    - nfc: fix error handling of nfc_proto_register()
    - NFC: digital: fix possible memory leak in digital_tg_listen_mdaa()
    - NFC: digital: fix possible memory leak in digital_in_send_sdd_req()
    - pata_legacy: fix a couple uninitialized variable bugs
    - drm/msm: Fix null pointer dereference on pointer edp
    - drm/msm/dsi: fix off by one in dsi_bus_clk_enable error handling
    - acpi/arm64: fix next_platform_timer() section mismatch error
    - qed: Fix missing error code in qed_slowpath_start()
    - r8152: select CRC32 and CRYPTO/CRYPTO_HASH/CRYPTO_SHA256

-- Kleber Sacilotto de Souza <kleber.souza@canonical.com>  Wed, 08 Dec 2021 18:15:03 +0100

Changed in linux (Ubuntu Bionic):
status:	Fix Committed → Fix Released

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.

Ubuntulinux package