Bug #1787089 “[AEP-bug] ext4: more rare direct I/O vs unmap fail...” : Bugs : intel

Revision history for this message

quanxian (quanxian-wang) wrote on 2018-08-15:

#1

This bug is related with CLX platform which is not published, keep it private until CLX platform is released. Thanks for your understanding.

information type:

Public → Private

Revision history for this message

quanxian (quanxian-wang) wrote on 2018-08-15:

#2

Additional Note from Developer: This is a bug fix than feature request since it's addressing race condition in the filesystem. But for this patch to apply, the following patches must be there already:
Commit from Dan released 5/9
d6dc57e251a ("xfs, dax: introduce xfs_break_dax_layouts()")
Commit from Ross released 7/29
cdbf8897cb0 ("dax: dax_layout_busy_page() warn on !exceptional")
430657b6be8 ("ext4: handle layout changes to pinned DAX mappings")

quanxian (quanxian-wang) on 2018-08-15

no longer affects:

linux (Ubuntu)

Joseph Salisbury (jsalisbury) on 2018-08-15

tags:

added: kernel-da-key

Revision history for this message

pragyansri.pathi@intel.com (pragyan) wrote on 2018-08-20:

#3

Commit in 4.19:
e25ff835af

Revision history for this message

quanxian (quanxian-wang) wrote on 2018-08-27:

#4

another commit for xfs:
xfs: more rare direct I/O vs unmap failures
e25ff835af8

this patch is in 4.19. please cherry pick it into 18.10. Thanks

Revision history for this message

quanxian (quanxian-wang) wrote on 2018-08-27:

#5

need backporting

Joseph Salisbury (jsalisbury) on 2018-08-31

affects:	ubuntu → linux (Ubuntu)
Changed in linux (Ubuntu):
importance:	Undecided → Medium
status:	New → Triaged
Changed in intel:
status:	New → Triaged
importance:	Undecided → Medium

Revision history for this message

Joseph Salisbury (jsalisbury) wrote on 2018-09-07:

#6

I built a test kernel with commits cdbf8897cb0, 430657b6be8 and e25ff835af8. Commit d6dc57e251a is already in the 18.10 kernel since it was in mainline as of v4.18-rc1.

The test kernel can be downloaded from:
http://kernel.ubuntu.com/~jsalisbury/lp1787089

Can you test this kernel and see if it resolves this bug?

Note about installing test kernels:
• If the test kernel is prior to 4.15(Bionic) you need to install the linux-image and linux-image-extra .deb packages.
• If the test kernel is 4.15(Bionic) or newer, you need to install the linux-modules, linux-modules-extra and linux-image-unsigned .deb packages.

Thanks in advance!

Changed in linux (Ubuntu):
status:	Triaged → In Progress
assignee:	nobody → Joseph Salisbury (jsalisbury)

Revision history for this message

quanxian (quanxian-wang) wrote on 2018-09-10:

#7

I am finding the test case from upstream to have a try.

Joseph Salisbury (jsalisbury) on 2018-09-10

information type:

Private → Public

Revision history for this message

Joseph Salisbury (jsalisbury) wrote on 2018-09-10:

#8

Cosmic request:
https://lists.ubuntu.com/archives/kernel-team/2018-September/095337.html

Revision history for this message

quanxian (quanxian-wang) wrote on 2018-09-11:

#9

Intel upstream developer no longer works at Intel and without test case left. Currently we have no way to test it. Sorry about that.

Thadeu Lima de Souza Cascardo (cascardo) on 2018-09-11

Changed in linux (Ubuntu):
status:	In Progress → Fix Committed

Revision history for this message

Launchpad Janitor (janitor) wrote on 2018-10-12:

#10

Download full text (60.2 KiB)

This bug was fixed in the package linux - 4.18.0-9.10

---------------
linux (4.18.0-9.10) cosmic; urgency=medium

* linux: 4.18.0-9.10 -proposed tracker (LP: #1796346)

  * Cosmic update: v4.18.12 upstream stable release (LP: #1796139)
    - crypto: skcipher - Fix -Wstringop-truncation warnings
    - iio: adc: ina2xx: avoid kthread_stop() with stale task_struct
    - tsl2550: fix lux1_input error in low light
    - misc: ibmvmc: Use GFP_ATOMIC under spin lock
    - vmci: type promotion bug in qp_host_get_user_memory()
    - siox: don't create a thread without starting it
    - x86/numa_emulation: Fix emulated-to-physical node mapping
    - staging: rts5208: fix missing error check on call to rtsx_write_register
    - power: supply: axp288_charger: Fix initial constant_charge_current value
    - misc: sram: enable clock before registering regions
    - serial: sh-sci: Stop RX FIFO timer during port shutdown
    - uwb: hwa-rc: fix memory leak at probe
    - power: vexpress: fix corruption in notifier registration
    - iommu/amd: make sure TLB to be flushed before IOVA freed
    - Bluetooth: Add a new Realtek 8723DE ID 0bda:b009
    - USB: serial: kobil_sct: fix modem-status error handling
    - 6lowpan: iphc: reset mac_header after decompress to fix panic
    - iommu/msm: Don't call iommu_device_{,un}link from atomic context
    - s390/mm: correct allocate_pgste proc_handler callback
    - power: remove possible deadlock when unregistering power_supply
    - drm/amd/display/dc/dce: Fix multiple potential integer overflows
    - drm/amd/display: fix use of uninitialized memory
    - md-cluster: clear another node's suspend_area after the copy is finished
    - cxgb4: Fix the condition to check if the card is T5
    - RDMA/bnxt_re: Fix a couple off by one bugs
    - RDMA/i40w: Hold read semaphore while looking after VMA
    - RDMA/bnxt_re: Fix a bunch of off by one bugs in qplib_fp.c
    - IB/core: type promotion bug in rdma_rw_init_one_mr()
    - media: exynos4-is: Prevent NULL pointer dereference in __isp_video_try_fmt()
    - IB/mlx4: Test port number before querying type.
    - powerpc/kdump: Handle crashkernel memory reservation failure
    - media: fsl-viu: fix error handling in viu_of_probe()
    - vhost_net: Avoid tx vring kicks during busyloop
    - media: staging/imx: fill vb2_v4l2_buffer field entry
    - IB/mlx5: Fix GRE flow specification
    - include/rdma/opa_addr.h: Fix an endianness issue
    - x86/tsc: Add missing header to tsc_msr.c
    - ARM: hwmod: RTC: Don't assume lock/unlock will be called with irq enabled
    - x86/entry/64: Add two more instruction suffixes
    - ARM: dts: ls1021a: Add missing cooling device properties for CPUs
    - scsi: target/iscsi: Make iscsit_ta_authentication() respect the output
      buffer size
    - thermal: i.MX: Allow thermal probe to fail gracefully in case of bad
      calibration.
    - scsi: klist: Make it safe to use klists in atomic context
    - scsi: ibmvscsi: Improve strings handling
    - scsi: target: Avoid that EXTENDED COPY commands trigger lock inversion
    - usb: wusbcore: security: cast sizeof to int for comparison
    - ath10k: sdio: use same endpoint id for all packets...

This bug was fixed in the package linux - 4.18.0-9.10

---------------
linux (4.18.0-9.10) cosmic; urgency=medium

* linux: 4.18.0-9.10 -proposed tracker (LP: #1796346)

* Cosmic update: v4.18.12 upstream stable release (LP: #1796139)
    - crypto: skcipher - Fix -Wstringop-truncation warnings
    - iio: adc: ina2xx: avoid kthread_stop() with stale task_struct
    - tsl2550: fix lux1_input error in low light
    - misc: ibmvmc: Use GFP_ATOMIC under spin lock
    - vmci: type promotion bug in qp_host_get_user_memory()
    - siox: don't create a thread without starting it
    - x86/numa_emulation: Fix emulated-to-physical node mapping
    - staging: rts5208: fix missing error check on call to rtsx_write_register
    - power: supply: axp288_charger: Fix initial constant_charge_current value
    - misc: sram: enable clock before registering regions
    - serial: sh-sci: Stop RX FIFO timer during port shutdown
    - uwb: hwa-rc: fix memory leak at probe
    - power: vexpress: fix corruption in notifier registration
    - iommu/amd: make sure TLB to be flushed before IOVA freed
    - Bluetooth: Add a new Realtek 8723DE ID 0bda:b009
    - USB: serial: kobil_sct: fix modem-status error handling
    - 6lowpan: iphc: reset mac_header after decompress to fix panic
    - iommu/msm: Don't call iommu_device_{,un}link from atomic context
    - s390/mm: correct allocate_pgste proc_handler callback
    - power: remove possible deadlock when unregistering power_supply
    - drm/amd/display/dc/dce: Fix multiple potential integer overflows
    - drm/amd/display: fix use of uninitialized memory
    - md-cluster: clear another node's suspend_area after the copy is finished
    - cxgb4: Fix the condition to check if the card is T5
    - RDMA/bnxt_re: Fix a couple off by one bugs
    - RDMA/i40w: Hold read semaphore while looking after VMA
    - RDMA/bnxt_re: Fix a bunch of off by one bugs in qplib_fp.c
    - IB/core: type promotion bug in rdma_rw_init_one_mr()
    - media: exynos4-is: Prevent NULL pointer dereference in __isp_video_try_fmt()
    - IB/mlx4: Test port number before querying type.
    - powerpc/kdump: Handle crashkernel memory reservation failure
    - media: fsl-viu: fix error handling in viu_of_probe()
    - vhost_net: Avoid tx vring kicks during busyloop
    - media: staging/imx: fill vb2_v4l2_buffer field entry
    - IB/mlx5: Fix GRE flow specification
    - include/rdma/opa_addr.h: Fix an endianness issue
    - x86/tsc: Add missing header to tsc_msr.c
    - ARM: hwmod: RTC: Don't assume lock/unlock will be called with irq enabled
    - x86/entry/64: Add two more instruction suffixes
    - ARM: dts: ls1021a: Add missing cooling device properties for CPUs
    - scsi: target/iscsi: Make iscsit_ta_authentication() respect the output
      buffer size
    - thermal: i.MX: Allow thermal probe to fail gracefully in case of bad
      calibration.
    - scsi: klist: Make it safe to use klists in atomic context
    - scsi: ibmvscsi: Improve strings handling
    - scsi: target: Avoid that EXTENDED COPY commands trigger lock inversion
    - usb: wusbcore: security: cast sizeof to int for comparison
    - ath10k: sdio: use same endpoint id for all packets in a bundle
    - ath10k: sdio: set skb len for all rx packets
    - powerpc/powernv/ioda2: Reduce upper limit for DMA window size
    - platform/x86: asus-wireless: Fix uninitialized symbol usage
    - ACPI / button: increment wakeup count only when notified
    - s390/sysinfo: add missing #ifdef CONFIG_PROC_FS
    - alarmtimer: Prevent overflow for relative nanosleep
    - s390/dasd: correct numa_node in dasd_alloc_queue
    - s390/scm_blk: correct numa_node in scm_blk_dev_setup
    - s390/extmem: fix gcc 8 stringop-overflow warning
    - mtd: rawnand: atmel: add module param to avoid using dma
    - iio: accel: adxl345: convert address field usage in iio_chan_spec
    - posix-timers: Make forward callback return s64
    - posix-timers: Sanitize overrun handling
    - ALSA: snd-aoa: add of_node_put() in error path
    - selftests: forwarding: Tweak tc filters for mirror-to-gretap tests
    - ath10k: use locked skb_dequeue for rx completions
    - media: s3c-camif: ignore -ENOIOCTLCMD from v4l2_subdev_call for s_power
    - media: soc_camera: ov772x: correct setting of banding filter
    - media: omap3isp: zero-initialize the isp cam_xclk{a,b} initial data
    - media: ov772x: add checks for register read errors
    - staging: android: ashmem: Fix mmap size validation
    - media: ov772x: allow i2c controllers without I2C_FUNC_PROTOCOL_MANGLING
    - staging: mt7621-eth: Fix memory leak in mtk_add_mac() error path
    - drivers/tty: add error handling for pcmcia_loop_config
    - arm64: dts: renesas: salvator-common: Fix adv7482 decimal unit addresses
    - serial: pxa: Fix an error handling path in 'serial_pxa_probe()'
    - staging: mt7621-dts: Fix remaining pcie warnings
    - media: tm6000: add error handling for dvb_register_adapter
    - ASoC: qdsp6: qdafe: fix some off by one bugs
    - net: phy: xgmiitorgmii: Check read_status results
    - ath10k: protect ath10k_htt_rx_ring_free with rx_ring.lock
    - drm/sun4i: Enable DW HDMI PHY clock
    - net: phy: xgmiitorgmii: Check phy_driver ready before accessing
    - drm/sun4i: Fix releasing node when enumerating enpoints
    - ath10k: transmit queued frames after processing rx packets
    - mt76x2: fix mrr idx/count estimation in mt76x2_mac_fill_tx_status()
    - rndis_wlan: potential buffer overflow in rndis_wlan_auth_indication()
    - brcmsmac: fix wrap around in conversion from constant to s16
    - bitfield: fix *_encode_bits()
    - wlcore: Add missing PM call for wlcore_cmd_wait_for_event_or_timeout()
    - drm/omap: gem: Fix mm_list locking
    - ARM: mvebu: declare asm symbols as character arrays in pmsu.c
    - RDMA/uverbs: Don't overwrite NULL pointer with ZERO_SIZE_PTR
    - Documentation/process: fix reST table border error
    - perf/hw_breakpoint: Split attribute parse and commit
    - arm: dts: mediatek: Add missing cooling device properties for CPUs
    - HID: hid-ntrig: add error handling for sysfs_create_group
    - HID: i2c-hid: Use devm to allocate i2c_hid struct
    - MIPS: boot: fix build rule of vmlinux.its.S
    - arm64: dts: renesas: Fix VSPD registers range
    - drm/v3d: Take a lock across GPU scheduler job creation and queuing.
    - perf/x86/intel/lbr: Fix incomplete LBR call stack
    - scsi: bnx2i: add error handling for ioremap_nocache
    - iomap: complete partial direct I/O writes synchronously
    - spi: orion: fix CS GPIO handling again
    - scsi: megaraid_sas: Update controller info during resume
    - ASoC: Intel: bytcr_rt5640: Fix Acer Iconia 8 over-current detect threshold
    - ASoC: rt1305: Use ULL suffixes for 64-bit constants
    - ASoC: rsnd: SSI parent cares SWSP bit
    - EDAC, i7core: Fix memleaks and use-after-free on probe and remove
    - ASoC: dapm: Fix potential DAI widget pointer deref when linking DAIs
    - module: exclude SHN_UNDEF symbols from kallsyms api
    - gpio: Fix wrong rounding in gpio-menz127
    - nfsd: fix corrupted reply to badly ordered compound
    - EDAC: Fix memleak in module init error path
    - EDAC, altera: Fix an error handling path in altr_s10_sdram_probe()
    - staging: pi433: fix race condition in pi433_ioctl
    - ath10k: fix incorrect size of dma_free_coherent in
      ath10k_ce_alloc_src_ring_64
    - ath10k: snoc: use correct bus-specific pointer in RX retry
    - fs/lock: skip lock owner pid translation in case we are in init_pid_ns
    - ath10k: fix memory leak of tpc_stats
    - Input: xen-kbdfront - fix multi-touch XenStore node's locations
    - iio: 104-quad-8: Fix off-by-one error in register selection
    - drm/vc4: Add missing formats to vc4_format_mod_supported().
    - ARM: dts: dra7: fix DCAN node addresses
    - drm/vc4: plane: Expand the lower bits by repeating the higher bits
    - perf tests: Fix indexing when invoking subtests
    - gpio: tegra: Fix tegra_gpio_irq_set_type()
    - block: fix deadline elevator drain for zoned block devices
    - x86/mm: Expand static page table for fixmap space
    - tty: serial: lpuart: avoid leaking struct tty_struct
    - serial: imx: restore handshaking irq for imx1
    - serial: mvebu-uart: Fix reporting of effective CSIZE to userspace
    - serial: cpm_uart: return immediately from console poll
    - intel_th: Fix device removal logic
    - intel_th: Fix resource handling for ACPI glue layer
    - spi: tegra20-slink: explicitly enable/disable clock
    - spi: sh-msiof: Fix invalid SPI use during system suspend
    - spi: sh-msiof: Fix handling of write value for SISTR register
    - spi: rspi: Fix invalid SPI use during system suspend
    - spi: rspi: Fix interrupted DMA transfers
    - regulator: fix crash caused by null driver data
    - regulator: Fix 'do-nothing' value for regulators without suspend state
    - USB: fix error handling in usb_driver_claim_interface()
    - USB: handle NULL config in usb_find_alt_setting()
    - usb: roles: Take care of driver module reference counting
    - usb: musb: dsps: do not disable CPPI41 irq in driver teardown
    - USB: usbdevfs: sanitize flags more
    - USB: usbdevfs: restore warning for nonsensical flags
    - Revert "usb: cdc-wdm: Fix a sleep-in-atomic-context bug in
      service_outstanding_interrupt()"
    - USB: remove LPM management from usb_driver_claim_interface()
    - uaccess: Fix is_source param for check_copy_size() in copy_to_iter_mcsafe()
    - ext2, dax: set ext2_dax_aops for dax files
    - filesystem-dax: Fix use of zero page
    - IB/srp: Avoid that sg_reset -d ${srp_device} triggers an infinite loop
    - IB/hfi1: Fix SL array bounds check
    - IB/hfi1: Invalid user input can result in crash
    - IB/hfi1: Fix context recovery when PBC has an UnsupportedVL
    - IB/hfi1: Fix destroy_qp hang after a link down
    - ACPI / hotplug / PCI: Don't scan for non-hotplug bridges if slot is not
      bridge
    - RDMA/uverbs: Atomically flush and mark closed the comp event queue
    - arm64: KVM: Tighten guest core register access from userspace
    - ARM: OMAP2+: Fix null hwmod for ti-sysc debug
    - ARM: OMAP2+: Fix module address for modules using mpu_rt_idx
    - bus: ti-sysc: Fix module register ioremap for larger offsets
    - qed: Wait for ready indication before rereading the shmem
    - qed: Wait for MCP halt and resume commands to take place
    - qed: Prevent a possible deadlock during driver load and unload
    - qed: Avoid sending mailbox commands when MFW is not responsive
    - thermal: of-thermal: disable passive polling when thermal zone is disabled
    - isofs: reject hardware sector size > 2048 bytes
    - mmc: atmel-mci: fix bad logic of sg_copy_{from,to}_buffer conversion
    - mmc: android-goldfish: fix bad logic of sg_copy_{from,to}_buffer conversion
    - bus: ti-sysc: Fix no_console_suspend handling
    - ARM: dts: omap4-droid4: fix vibrations on Droid 4
    - bpf, sockmap: fix sock_hash_alloc and reject zero-sized keys
    - bpf, sockmap: fix sock hash count in alloc_sock_hash_elem
    - tls: possible hang when do_tcp_sendpages hits sndbuf is full case
    - bpf: sockmap: write_space events need to be passed to TCP handler
    - drm/amdgpu: fix VM clearing for the root PD
    - drm/amdgpu: fix preamble handling
    - amdgpu: fix multi-process hang issue
    - net/ncsi: Fixup .dumpit message flags and ID check in Netlink handler
    - tcp_bbr: add bbr_check_probe_rtt_done() helper
    - tcp_bbr: in restart from idle, see if we should exit PROBE_RTT
    - net: hns: fix length and page_offset overflow when CONFIG_ARM64_64K_PAGES
    - net: hns: fix skb->truesize underestimation
    - net: hns3: fix page_offset overflow when CONFIG_ARM64_64K_PAGES
    - ice: Fix multiple static analyser warnings
    - ice: Report stats for allocated queues via ethtool stats
    - ice: Clean control queues only when they are initialized
    - ice: Fix bugs in control queue processing
    - ice: Use order_base_2 to calculate higher power of 2
    - ice: Set VLAN flags correctly
    - tools: bpftool: return from do_event_pipe() on bad arguments
    - ice: Fix a few null pointer dereference issues
    - ice: Fix potential return of uninitialized value
    - e1000: check on netif_running() before calling e1000_up()
    - e1000: ensure to free old tx/rx rings in set_ringparam()
    - ixgbe: fix driver behaviour after issuing VFLR
    - i40e: Fix for Tx timeouts when interface is brought up if DCB is enabled
    - i40e: fix condition of WARN_ONCE for stat strings
    - crypto: chtls - fix null dereference chtls_free_uld()
    - crypto: cavium/nitrox - fix for command corruption in queue full case with
      backlog submissions.
    - hwmon: (ina2xx) fix sysfs shunt resistor read access
    - hwmon: (adt7475) Make adt7475_read_word() return errors
    - Revert "ARM: dts: imx7d: Invert legacy PCI irq mapping"
    - drm/amdgpu: Enable/disable gfx PG feature in rlc safe mode
    - drm/amdgpu: Update power state at the end of smu hw_init.
    - ata: ftide010: Add a quirk for SQ201
    - nvme-fcloop: Fix dropped LS's to removed target port
    - ARM: dts: omap4-droid4: Fix emmc errors seen on some devices
    - drm/amdgpu: Need to set moved to true when evict bo
    - arm/arm64: smccc-1.1: Make return values unsigned long
    - arm/arm64: smccc-1.1: Handle function result as parameters
    - i2c: i801: Allow ACPI AML access I/O ports not reserved for SMBus
    - clk: x86: Set default parent to 48Mhz
    - x86/pti: Fix section mismatch warning/error
    - KVM: PPC: Book3S HV: Fix guest r11 corruption with POWER9 TM workarounds
    - powerpc: fix csum_ipv6_magic() on little endian platforms
    - powerpc/pkeys: Fix reading of ibm, processor-storage-keys property
    - powerpc/pseries: Fix unitialized timer reset on migration
    - arm64: KVM: Sanitize PSTATE.M when being set from userspace
    - media: v4l: event: Prevent freeing event subscriptions while accessed
    - Linux 4.18.12

* Fix usbcore.quirks when used at boot (LP: #1795784)
    - usb: core: safely deal with the dynamic quirk lists

* Dell new AIO requires a new uart backlight driver (LP: #1727235)
    - SAUCE: platform/x86: dell-uart-backlight: new backlight driver for DELL AIO
    - updateconfigs for Dell UART backlight driver

* Please make CONFIG_PWM_LPSS_PCI and CONFIG_PWM_LPSS_PLATFORM built in to
    make brightness adjustment working on various BayTrail/CherryTrail-based
    devices (LP: #1783964)
    - [Config]: Make PWM_LPSS_* built-in

* CVE-2018-5391
    - SAUCE: Revert "net: increase fragment memory usage limits"

* check and fix zkey required kernel modules locations in debs, udebs, and
    initramfs (LP: #1794346)
    - [Config] add s390 crypto modules to crypt-modules udeb

* iptables --list --numeric fails on -virtual kernel / -virtual missing
    bpfilter (LP: #1795036)
    - [Config] add bpfilter.ko to generic inclusion list

* fails to build  on armhf because of module rename (LP: #1795665)
    - [Config] omapfb was renamed to omap2fb

* qeth: use vzalloc for QUERY OAT buffer (LP: #1793086)
    - s390/qeth: use vzalloc for QUERY OAT buffer

* Cosmic update to 4.18.11 stable release (LP: #1795486)
    - gso_segment: Reset skb->mac_len after modifying network header
    - ipv6: fix possible use-after-free in ip6_xmit()
    - net/appletalk: fix minor pointer leak to userspace in SIOCFINDIPDDPRT
    - net: hp100: fix always-true check for link up state
    - pppoe: fix reception of frames with no mac header
    - qmi_wwan: set DTR for modems in forced USB2 mode
    - udp4: fix IP_CMSG_CHECKSUM for connected sockets
    - tls: don't copy the key out of tls12_crypto_info_aes_gcm_128
    - tls: zero the crypto information from tls_context before freeing
    - tls: clear key material from kernel memory when do_tls_setsockopt_conf fails
    - neighbour: confirm neigh entries when ARP packet is received
    - udp6: add missing checks on edumux packet processing
    - net/sched: act_sample: fix NULL dereference in the data path
    - hv_netvsc: fix schedule in RCU context
    - net: dsa: mv88e6xxx: Fix ATU Miss Violation
    - socket: fix struct ifreq size in compat ioctl
    - tls: fix currently broken MSG_PEEK behavior
    - ipv6: use rt6_info members when dst is set in rt6_fill_node
    - net/ipv6: do not copy dst flags on rt init
    - net: mvpp2: let phylink manage the carrier state
    - net: rtnl_configure_link: fix dev flags changes arg to __dev_notify_flags
    - NFC: Fix possible memory corruption when handling SHDLC I-Frame commands
    - NFC: Fix the number of pipes
    - ASoC: wm9712: fix replace codec to component
    - ASoC: cs4265: fix MMTLR Data switch control
    - ASoC: tas6424: Save last fault register even when clear
    - ASoC: rsnd: fixup not to call clk_get/set under non-atomic
    - ASoC: uapi: fix sound/skl-tplg-interface.h userspace compilation errors
    - ALSA: bebob: fix memory leak for M-Audio FW1814 and ProjectMix I/O at error
      path
    - ALSA: bebob: use address returned by kmalloc() instead of kernel stack for
      streaming DMA mapping
    - ALSA: emu10k1: fix possible info leak to userspace on
      SNDRV_EMU10K1_IOCTL_INFO
    - ALSA: fireface: fix memory leak in ff400_switch_fetching_mode()
    - ALSA: firewire-digi00x: fix memory leak of private data
    - ALSA: firewire-tascam: fix memory leak of private data
    - ALSA: fireworks: fix memory leak of response buffer at error path
    - ALSA: oxfw: fix memory leak for model-dependent data at error path
    - ALSA: oxfw: fix memory leak of discovered stream formats at error path
    - ALSA: oxfw: fix memory leak of private data
    - mtd: devices: m25p80: Make sure the buffer passed in op is DMA-able
    - mtd: rawnand: denali: fix a race condition when DMA is kicked
    - platform/x86: dell-smbios-wmi: Correct a memory leak
    - platform/x86: alienware-wmi: Correct a memory leak
    - xen/netfront: don't bug in case of too many frags
    - xen/x86/vpmu: Zero struct pt_regs before calling into sample handling code
    - spi: fix IDR collision on systems with both fixed and dynamic SPI bus
      numbers
    - Revert "PCI: Add ACS quirk for Intel 300 series"
    - ring-buffer: Allow for rescheduling when removing pages
    - crypto: x86/aegis,morus - Do not require OSXSAVE for SSE2
    - fork: report pid exhaustion correctly
    - mm: disable deferred struct page for 32-bit arches
    - mm: shmem.c: Correctly annotate new inodes for lockdep
    - Revert "rpmsg: core: add support to power domains for devices"
    - bpf/verifier: disallow pointer subtraction
    - Revert "uapi/linux/keyctl.h: don't use C++ reserved keyword as a struct
      member name"
    - scsi: target: iscsi: Use bin2hex instead of a re-implementation
    - Revert "ubifs: xattr: Don't operate on deleted inodes"
    - libata: mask swap internal and hardware tag
    - ocfs2: fix ocfs2 read block panic
    - drm/i915/bdw: Increase IPS disable timeout to 100ms
    - drm/nouveau: Reset MST branching unit before enabling
    - drm/nouveau: Only write DP_MSTM_CTRL when needed
    - drm/nouveau: Remove duplicate poll_enable() in pmops_runtime_suspend()
    - drm/nouveau: Fix deadlocks in nouveau_connector_detect()
    - drm/nouveau/drm/nouveau: Don't forget to cancel hpd_work on suspend/unload
    - drm/nouveau/drm/nouveau: Fix bogus drm_kms_helper_poll_enable() placement
    - drm/nouveau/drm/nouveau: Fix deadlock with fb_helper with async RPM requests
    - drm/nouveau/drm/nouveau: Use pm_runtime_get_noresume() in connector_detect()
    - drm/nouveau/drm/nouveau: Prevent handling ACPI HPD events too early
    - drm/vc4: Fix the "no scaling" case on multi-planar YUV formats
    - drm: udl: Destroy framebuffer only if it was initialized
    - drm/amdgpu: add new polaris pci id
    - tty: vt_ioctl: fix potential Spectre v1
    - ext4: check to make sure the rename(2)'s destination is not freed
    - ext4: avoid divide by zero fault when deleting corrupted inline directories
    - ext4: avoid arithemetic overflow that can trigger a BUG
    - ext4: recalucate superblock checksum after updating free blocks/inodes
    - ext4: fix online resize's handling of a too-small final block group
    - ext4: fix online resizing for bigalloc file systems with a 1k block size
    - ext4: don't mark mmp buffer head dirty
    - ext4: show test_dummy_encryption mount option in /proc/mounts
    - ext4, dax: add ext4_bmap to ext4_dax_aops
    - ext4, dax: set ext4_dax_aops for dax files
    - sched/fair: Fix vruntime_normalized() for remote non-migration wakeup
    - vmw_balloon: include asm/io.h
    - iw_cxgb4: only allow 1 flush on user qps
    - spi: Fix double IDR allocation with DT aliases
    - Linux 4.18.11

* CVE-2018-14633
    - scsi: target: iscsi: Use hex2bin instead of a re-implementation

* Cosmic update to 4.18.10 stable release (LP: #1794597)
    - be2net: Fix memory leak in be_cmd_get_profile_config()
    - net/mlx5: Fix use-after-free in self-healing flow
    - net: qca_spi: Fix race condition in spi transfers
    - rds: fix two RCU related problems
    - tipc: orphan sock in tipc_release()
    - net/mlx5: E-Switch, Fix memory leak when creating switchdev mode FDB tables
    - net/tls: Set count of SG entries if sk_alloc_sg returns -ENOSPC
    - net/mlx5: Check for error in mlx5_attach_interface
    - net/mlx5: Fix debugfs cleanup in the device init/remove flow
    - erspan: fix error handling for erspan tunnel
    - erspan: return PACKET_REJECT when the appropriate tunnel is not found
    - tcp: really ignore MSG_ZEROCOPY if no SO_ZEROCOPY
    - net/mlx5: Fix not releasing read lock when adding flow rules
    - net/mlx5: Fix possible deadlock from lockdep when adding fte to fg
    - net/mlx5: Use u16 for Work Queue buffer fragment size
    - usb: dwc3: change stream event enable bit back to 13
    - iommu/arm-smmu-v3: sync the OVACKFLG to PRIQ consumer register
    - iommu/io-pgtable-arm-v7s: Abort allocation when table address overflows the
      PTE
    - iommu/io-pgtable-arm: Fix pgtable allocation in selftest
    - ALSA: msnd: Fix the default sample sizes
    - ALSA: usb-audio: Add support for Encore mDSD USB DAC
    - ALSA: usb-audio: Fix multiple definitions in AU0828_DEVICE() macro
    - xfrm: fix 'passing zero to ERR_PTR()' warning
    - amd-xgbe: use dma_mapping_error to check map errors
    - nfp: don't fail probe on pci_sriov_set_totalvfs() errors
    - iwlwifi: cancel the injective function between hw pointers to tfd entry
      index
    - gfs2: Special-case rindex for gfs2_grow
    - clk: imx6ul: fix missing of_node_put()
    - clk: imx6sll: fix missing of_node_put()
    - clk: mvebu: armada-37xx-periph: Fix wrong return value in get_parent
    - Input: pxrc - fix freeing URB on device teardown
    - clk: core: Potentially free connection id
    - clk: clk-fixed-factor: Clear OF_POPULATED flag in case of failure
    - kbuild: add .DELETE_ON_ERROR special target
    - kbuild: do not update config when running install targets
    - media: tw686x: Fix oops on buffer alloc failure
    - dmaengine: pl330: fix irq race with terminate_all
    - MIPS: ath79: fix system restart
    - media: videobuf2-core: check for q->error in vb2_core_qbuf()
    - IB/rxe: Drop QP0 silently
    - block: allow max_discard_segments to be stacked
    - IB/ipoib: Fix error return code in ipoib_dev_init()
    - mtd/maps: fix solutionengine.c printk format warnings
    - media: ov5645: Supported external clock is 24MHz
    - perf test: Fix subtest number when showing results
    - gfs2: Don't reject a supposedly full bitmap if we have blocks reserved
    - perf tools: Synthesize GROUP_DESC feature in pipe mode
    - perf tests: Fix record+probe_libc_inet_pton.sh for powerpc64
    - perf tests: Fix record+probe_libc_inet_pton.sh when event exists
    - perf tests: Fix record+probe_libc_inet_pton.sh to ensure cleanups
    - fbdev: omapfb: off by one in omapfb_register_client()
    - perf tools: Fix struct comm_str removal crash
    - video: goldfishfb: fix memory leak on driver remove
    - fbdev/via: fix defined but not used warning
    - perf powerpc: Fix callchain ip filtering when return address is in a
      register
    - video: fbdev: pxafb: clear allocated memory for video modes
    - fbdev: Distinguish between interlaced and progressive modes
    - omapfb: rename omap2 module to omap2fb.ko
    - ARM: exynos: Clear global variable on init error path
    - perf powerpc: Fix callchain ip filtering
    - nvmet: fix file discard return status
    - nvme-rdma: unquiesce queues when deleting the controller
    - KVM: arm/arm64: vgic: Fix possible spectre-v1 write in vgic_mmio_write_apr()
    - powerpc/powernv: opal_put_chars partial write fix
    - perf script: Show correct offsets for DWARF-based unwinding
    - staging: bcm2835-camera: fix timeout handling in wait_for_completion_timeout
    - staging: bcm2835-camera: handle wait_for_completion_timeout return properly
    - ASoC: rt5514: Fix the issue of the delay volume applied
    - MIPS: jz4740: Bump zload address
    - mac80211: restrict delayed tailroom needed decrement
    - Smack: Fix handling of IPv4 traffic received by PF_INET6 sockets
    - wan/fsl_ucc_hdlc: use IS_ERR_VALUE() to check return value of qe_muram_alloc
    - arm64: fix possible spectre-v1 write in ptrace_hbp_set_event()
    - reset: imx7: Fix always writing bits as 0
    - ALSA: usb-audio: Generic DSD detection for Thesycon-based implementations
    - nfp: avoid buffer leak when FW communication fails
    - xen-netfront: fix queue name setting
    - arm64: dts: qcom: db410c: Fix Bluetooth LED trigger
    - ARM: dts: qcom: msm8974-hammerhead: increase load on l20 for sdhci
    - soc: qcom: smem: Correct check for global partition
    - s390/qeth: fix race in used-buffer accounting
    - s390/qeth: reset layer2 attribute on layer switch
    - platform/x86: toshiba_acpi: Fix defined but not used build warnings
    - KVM: arm/arm64: Fix vgic init race
    - drivers/base: stop new probing during shutdown
    - i2c: aspeed: Fix initial values of master and slave state
    - drm/amd/pp: Set Max clock level to display by default
    - regulator: qcom_spmi: Use correct regmap when checking for error
    - regulator: qcom_spmi: Fix warning Bad of_node_put()
    - iommu/ipmmu-vmsa: IMUCTRn.TTSEL needs a special usage on R-Car Gen3
    - dmaengine: mv_xor_v2: kill the tasklets upon exit
    - crypto: sharah - Unregister correct algorithms for SAHARA 3
    - x86/pti: Check the return value of pti_user_pagetable_walk_p4d()
    - x86/pti: Check the return value of pti_user_pagetable_walk_pmd()
    - x86/mm/pti: Add an overflow check to pti_clone_pmds()
    - PCI/AER: Honor "pcie_ports=native" even if HEST sets FIRMWARE_FIRST
    - xen-netfront: fix warn message as irq device name has '/'
    - RDMA/cma: Protect cma dev list with lock
    - pstore: Fix incorrect persistent ram buffer mapping
    - xen/netfront: fix waiting for xenbus state change
    - IB/ipoib: Avoid a race condition between start_xmit and cm_rep_handler
    - mmc: omap_hsmmc: fix wakeirq handling on removal
    - ipmi: Rework SMI registration failure
    - ipmi: Move BT capabilities detection to the detect call
    - ipmi: Fix I2C client removal in the SSIF driver
    - ovl: fix oopses in ovl_fill_super() failure paths
    - vmbus: don't return values for uninitalized channels
    - Tools: hv: Fix a bug in the key delete code
    - misc: ibmvsm: Fix wrong assignment of return code
    - misc: hmc6352: fix potential Spectre v1
    - xhci: Fix use after free for URB cancellation on a reallocated endpoint
    - usb: Don't die twice if PCI xhci host is not responding in resume
    - usb: xhci: fix interrupt transfer error happened on MTK platforms
    - usb: mtu3: fix error of xhci port id when enable U3 dual role
    - mei: ignore not found client in the enumeration
    - mei: bus: fix hw module get/put balance
    - mei: bus: need to unlink client before freeing
    - dm verity: fix crash on bufio buffer that was allocated with vmalloc
    - USB: Add quirk to support DJI CineSSD
    - usb: uas: add support for more quirk flags
    - usb: Avoid use-after-free by flushing endpoints early in usb_set_interface()
    - usb: host: u132-hcd: Fix a sleep-in-atomic-context bug in u132_get_frame()
    - USB: add quirk for WORLDE Controller KS49 or Prodipe MIDI 49C USB controller
    - usb: gadget: udc: renesas_usb3: fix maxpacket size of ep0
    - USB: net2280: Fix erroneous synchronization change
    - USB: serial: io_ti: fix array underflow in completion handler
    - usb: misc: uss720: Fix two sleep-in-atomic-context bugs
    - USB: serial: ti_usb_3410_5052: fix array underflow in completion handler
    - USB: yurex: Fix buffer over-read in yurex_write()
    - usb: cdc-wdm: Fix a sleep-in-atomic-context bug in
      service_outstanding_interrupt()
    - Revert "cdc-acm: implement put_char() and flush_chars()"
    - cifs: prevent integer overflow in nxt_dir_entry()
    - CIFS: fix wrapping bugs in num_entries()
    - cifs: integer overflow in in SMB2_ioctl()
    - xtensa: ISS: don't allocate memory in platform_setup
    - perf/core: Force USER_DS when recording user stack data
    - perf tools: Fix maps__find_symbol_by_name()
    - of: fix phandle cache creation for DTs with no phandles
    - x86/EISA: Don't probe EISA bus for Xen PV guests
    - NFSv4: Fix a tracepoint Oops in initiate_file_draining()
    - NFSv4.1 fix infinite loop on I/O.
    - of: add helper to lookup compatible child node
    - mmc: meson-mx-sdio: fix OF child-node lookup
    - binfmt_elf: Respect error return from `regset->active'
    - net/mlx5: Add missing SET_DRIVER_VERSION command translation
    - arm64: dts: uniphier: Add missing cooling device properties for CPUs
    - audit: fix use-after-free in audit_add_watch
    - mtdchar: fix overflows in adjustment of `count`
    - vfs: fix freeze protection in mnt_want_write_file() for overlayfs
    - bpf: fix rcu annotations in compute_effective_progs()
    - spi: dw: fix possible race condition
    - Bluetooth: Use lock_sock_nested in bt_accept_enqueue
    - evm: Don't deadlock if a crypto algorithm is unavailable
    - KVM: PPC: Book3S HV: Add of_node_put() in success path
    - security: check for kstrdup() failure in lsm_append()
    - PM / devfreq: use put_device() instead of kfree()
    - KVM: PPC: Book3S: Fix matching of hardware and emulated TCE tables
    - MIPS: loongson64: cs5536: Fix PCI_OHCI_INT_REG reads
    - configfs: fix registered group removal
    - pinctrl: mt7622: Fix probe fail by misuse the selector
    - pinctrl: rza1: Fix selector use for groups and functions
    - arm64: dts: mt7622: update a clock property for UART0
    - sched/core: Use smp_mb() in wake_woken_function()
    - efi/esrt: Only call efi_mem_reserve() for boot services memory
    - ARM: hisi: handle of_iomap and fix missing of_node_put
    - ARM: hisi: fix error handling and missing of_node_put
    - ARM: hisi: check of_iomap and fix missing of_node_put
    - liquidio: fix hang when re-binding VF host drv after running DPDK VF driver
    - gpu: ipu-v3: csi: pass back mbus_code_to_bus_cfg error codes
    - ASoC: hdmi-codec: fix routing
    - serial: 8250: of: Correct of_platform_serial_setup() error handling
    - tty: fix termios input-speed encoding when using BOTHER
    - tty: fix termios input-speed encoding
    - mmc: sdhci-of-esdhc: set proper dma mask for ls104x chips
    - mmc: tegra: prevent HS200 on Tegra 3
    - mmc: sdhci: do not try to use 3.3V signaling if not supported
    - drm/nouveau: Fix runtime PM leak in drm_open()
    - drm/nouveau/debugfs: Wake up GPU before doing any reclocking
    - drm/nouveau: tegra: Detach from ARM DMA/IOMMU mapping
    - tls: Fix zerocopy_from_iter iov handling
    - parport: sunbpp: fix error return code
    - sched/fair: Fix util_avg of new tasks for asymmetric systems
    - coresight: Handle errors in finding input/output ports
    - coresight: tpiu: Fix disabling timeouts
    - coresight: ETM: Add support for Arm Cortex-A73 and Cortex-A35
    - f2fs: do checkpoint in kill_sb
    - tools/testing/nvdimm: Fix support for emulating controller temperature
    - drm/amd/display: support access ddc for mst branch
    - ASoC: qdsp6: q6afe-dai: fix a range check in of_q6afe_parse_dai_data()
    - lightnvm: pblk: assume that chunks are closed on 1.2 devices
    - lightnvm: pblk: enable line minor version detection
    - staging: bcm2835-audio: Don't leak workqueue if open fails
    - gpio: pxa: Fix potential NULL dereference
    - gpiolib: Mark gpio_suffixes array with __maybe_unused
    - net: gemini: Allow multiple ports to instantiate
    - net: mvpp2: make sure we use single queue mode on PPv2.1
    - rcutorture: Use monotonic timestamp for stall detection
    - mfd: 88pm860x-i2c: switch to i2c_lock_bus(..., I2C_LOCK_SEGMENT)
    - input: rohm_bu21023: switch to i2c_lock_bus(..., I2C_LOCK_SEGMENT)
    - drm/amdkfd: Fix kernel queue 64 bit doorbell offset calculation
    - drm/amdkfd: Fix error codes in kfd_get_process
    - rtc: bq4802: add error handling for devm_ioremap
    - selftests: vDSO - fix to return KSFT_SKIP when test couldn't be run
    - selftests/android: initialize heap_type to avoid compiling warning
    - ALSA: pcm: Fix snd_interval_refine first/last with open min/max
    - scsi: libfc: fixup 'sleeping function called from invalid context'
    - scsi: lpfc: Fix NVME Target crash in defer rcv logic
    - scsi: lpfc: Fix panic if driver unloaded when port is offline
    - remoteproc: qcom: q6v5-pil: fix modem hang on SDM845 after axis2 clk unvote
    - selftest: timers: Tweak raw_skew to SKIP when ADJ_OFFSET/other clock
      adjustments are in progress
    - ASoC: rt5651: Fix workqueue cancel vs irq free race on remove
    - drm/panel: type promotion bug in s6e8aa0_read_mtp_id()
    - arm64: perf: Disable PMU while processing counter overflows
    - drm/amd/pp: Send khz clock values to DC for smu7/8
    - dmaengine: sh: rcar-dmac: avoid to write CHCR.TE to 1 if TCR is set to 0
    - staging: fsl-dpaa2/eth: Fix DMA mapping direction
    - block/DAC960.c: fix defined but not used build warnings
    - IB/mlx5: fix uaccess beyond "count" in debugfs read/write handlers
    - blk-mq: only attempt to merge bio if there is rq in sw queue
    - blk-mq: avoid to synchronize rcu inside blk_cleanup_queue()
    - pinctrl: msm: Fix msm_config_group_get() to be compliant
    - pinctrl: qcom: spmi-gpio: Fix pmic_gpio_config_get() to be compliant
    - clk: tegra: bpmp: Don't crash when a clock fails to register
    - mei: bus: type promotion bug in mei_nfc_if_version()
    - crypto: ccp - add timeout support in the SEV command
    - Linux 4.18.10

* Fix MCE handling for user access of poisoned device-dax mapping
    (LP: #1774366)
    - x86/mce: Fix set_mce_nospec() to avoid #GP fault

* [Ubuntu] s390/crypto: Fix return code checking in cbc_paes_crypt.
    (LP: #1794294)
    - s390/crypto: Fix return code checking in cbc_paes_crypt()

* Oracle cosmic image does not find broadcom network device in Shape
    VMStandard2.1 (LP: #1790652)
    - SAUCE: bnxt_en: Fix VF mac address regression.

* Page leaking in cachefiles_read_backing_file while vmscan is active
    (LP: #1793430)
    - SAUCE: cachefiles: Page leaking in cachefiles_read_backing_file while vmscan
      is active

* hns3: enable ethtool rx-vlan-filter on supported hw (LP: #1793394)
    - net: hns3: Add vlan filter setting by ethtool command -K

* hns3: Modifying channel parameters will reset ring parameters back to
    defaults (LP: #1793404)
    - net: hns3: Fix desc num set to default when setting channel

* hisi_sas: Add SATA FIX check for v3 hw (LP: #1794151)
    - scsi: hisi_sas: Add SATA FIS check for v3 hw

* Fix potential corruption using SAS controller on HiSilicon arm64 boards
    (LP: #1794156)
    - scsi: hisi_sas: add memory barrier in task delivery function

* hisi_sas: Reduce unnecessary spin lock contention (LP: #1794165)
    - scsi: hisi_sas: Tidy hisi_sas_task_prep()

* Add functional level reset support for the SAS controller on HiSilicon D06
    systems (LP: #1794166)
    - scsi: hisi_sas: tidy host controller reset function a bit
    - scsi: hisi_sas: relocate some common code for v3 hw
    - scsi: hisi_sas: Implement handlers of PCIe FLR for v3 hw

* HiSilicon SAS controller doesn't recover from PHY STP link timeout
    (LP: #1794172)
    - scsi: hisi_sas: tidy channel interrupt handler for v3 hw
    - scsi: hisi_sas: Fix the failure of recovering PHY from STP link timeout

* Cosmic update to 4.18.9 stable release (LP: #1793682)
    - i2c: xiic: Make the start and the byte count write atomic
    - i2c: i801: fix DNV's SMBCTRL register offset
    - HID: multitouch: fix Elan panels with 2 input modes declaration
    - HID: core: fix grouping by application
    - HID: input: fix leaking custom input node name
    - mm/hugetlb: filter out hugetlb pages if HUGEPAGE migration is not supported.
    - memory_hotplug: fix kernel_panic on offline page processing
    - mac80211: don't update the PM state of a peer upon a multicast frame
    - scsi: lpfc: Correct MDS diag and nvmet configuration
    - nbd: don't allow invalid blocksize settings
    - block: don't warn when doing fsync on read-only devices
    - block: bfq: swap puts in bfqg_and_blkg_put
    - android: binder: fix the race mmap and alloc_new_buf_locked
    - MIPS: VDSO: Match data page cache colouring when D$ aliases
    - SMB3: Backup intent flag missing for directory opens with backupuid mounts
    - smb3: check for and properly advertise directory lease support
    - cifs: connect to servername instead of IP for IPC$ share
    - btrfs: fix qgroup_free wrong num_bytes in btrfs_subvolume_reserve_metadata
    - Btrfs: fix data corruption when deduplicating between different files
    - arm64: KVM: Only force FPEXC32_EL2.EN if trapping FPSIMD
    - KVM: arm/arm64: Clean dcache to PoC when changing PTE due to CoW
    - KVM: PPC: Book3S HV: Use correct pagesize in kvm_unmap_radix()
    - KVM: s390: vsie: copy wrapping keys to right place
    - KVM: x86: SVM: Set EMULTYPE_NO_REEXECUTE for RSM emulation
    - KVM: VMX: Do not allow reexecute_instruction() when skipping MMIO instr
    - KVM: x86: Invert emulation re-execute behavior to make it opt-in
    - KVM: x86: Merge EMULTYPE_RETRY and EMULTYPE_ALLOW_REEXECUTE
    - KVM: x86: Default to not allowing emulation retry in kvm_mmu_page_fault
    - KVM: x86: Do not re-{try,execute} after failed emulation in L2
    - ARC: [plat-axs*/plat-hsdk]: Allow U-Boot to pass MAC-address to the kernel
    - ACPI / LPSS: Force LPSS quirks on boot
    - memory: ti-aemif: fix a potential NULL-pointer dereference
    - ALSA: hda - Fix cancel_work_sync() stall from jackpoll work
    - cpu/hotplug: Adjust misplaced smb() in cpuhp_thread_fun()
    - cpu/hotplug: Prevent state corruption on error rollback
    - x86/microcode: Make sure boot_cpu_data.microcode is up-to-date
    - x86/microcode: Update the new microcode revision unconditionally
    - x86/process: Don't mix user/kernel regs in 64bit __show_regs()
    - x86/apic/vector: Make error return value negative
    - switchtec: Fix Spectre v1 vulnerability
    - ARC: [plat-axs*]: Enable SWAP
    - tc-testing: flush gact actions on test teardown
    - tc-testing: remove duplicate spaces in connmark match patterns
    - misc: mic: SCIF Fix scif_get_new_port() error handling
    - ALSA: hda/realtek - Add mute LED quirk for HP Spectre x360
    - ethtool: Remove trailing semicolon for static inline
    - i2c: aspeed: Add an explicit type casting for *get_clk_reg_val
    - Bluetooth: h5: Fix missing dependency on BT_HCIUART_SERDEV
    - pinctrl: berlin: fix 'pctrl->functions' allocation in
      berlin_pinctrl_build_state
    - gpio: tegra: Move driver registration to subsys_init level
    - powerpc/4xx: Fix error return path in ppc4xx_msi_probe()
    - selftests/bpf: fix a typo in map in map test
    - media: davinci: vpif_display: Mix memory leak on probe error path
    - media: dw2102: Fix memleak on sequence of probes
    - net: phy: Fix the register offsets in Broadcom iProc mdio mux driver
    - scsi: qla2xxx: Fix unintended Logout
    - scsi: qla2xxx: Fix session state stuck in Get Port DB
    - scsi: qla2xxx: Silent erroneous message
    - clk: scmi: Fix the rounding of clock rate
    - blk-mq: fix updating tags depth
    - scsi: lpfc: Fix driver crash when re-registering NVME rports.
    - scsi: target: fix __transport_register_session locking
    - md/raid5: fix data corruption of replacements after originals dropped
    - timers: Clear timer_base::must_forward_clk with timer_base::lock held
    - media: camss: csid: Configure data type and decode format properly
    - gpu: ipu-v3: default to id 0 on missing OF alias
    - misc: ti-st: Fix memory leak in the error path of probe()
    - uio: potential double frees if __uio_register_device() fails
    - firmware: vpd: Fix section enabled flag on vpd_section_destroy
    - Drivers: hv: vmbus: Cleanup synic memory free path
    - tty: rocket: Fix possible buffer overwrite on register_PCI
    - uio: fix possible circular locking dependency
    - iwlwifi: pcie: don't access periphery registers when not available
    - IB/IPoIB: Set ah valid flag in multicast send flow
    - f2fs: fix to active page in lru list for read path
    - f2fs: do not set free of current section
    - f2fs: Keep alloc_valid_block_count in sync
    - f2fs: issue discard align to section in LFS mode
    - f2fs: fix defined but not used build warnings
    - f2fs: fix to detect looped node chain correctly
    - ASoC: soc-pcm: Use delay set in component pointer function
    - perf tools: Allow overriding MAX_NR_CPUS at compile time
    - device-dax: avoid hang on error before devm_memremap_pages()
    - NFSv4.0 fix client reference leak in callback
    - perf c2c report: Fix crash for empty browser
    - perf evlist: Fix error out while applying initial delay and LBR
    - powerpc/pseries: fix EEH recovery of some IOV devices
    - macintosh/via-pmu: Add missing mmio accessors
    - perf build: Fix installation directory for eBPF
    - ath9k: report tx status on EOSP
    - ath9k_hw: fix channel maximum power level test
    - ath10k: prevent active scans on potential unusable channels
    - wlcore: Set rx_status boottime_ns field on rx
    - rpmsg: core: add support to power domains for devices
    - mtd: rawnand: make subop helpers return unsigned values
    - scsi: tcmu: do not set max_blocks if data_bitmap has been setup
    - MIPS: Fix ISA virt/bus conversion for non-zero PHYS_OFFSET
    - ata: libahci: Allow reconfigure of DEVSLP register
    - ata: libahci: Correct setting of DEVSLP register
    - nfs: Referrals not inheriting proto setting from parent
    - scsi: 3ware: fix return 0 on the error path of probe
    - tools/testing/nvdimm: kaddr and pfn can be NULL to ->direct_access()
    - ath10k: disable bundle mgmt tx completion event support
    - media: em28xx: explicitly disable TS packet filter
    - PCI: mobiveil: Add missing ../pci.h include
    - PCI: mobiveil: Fix struct mobiveil_pcie.pcie_reg_base address type
    - powerpc/mm: Don't report PUDs as memory leaks when using kmemleak
    - Bluetooth: hidp: Fix handling of strncpy for hid->name information
    - x86/mm: Remove in_nmi() warning from vmalloc_fault()
    - regulator: tps65217: Fix NULL pointer dereference on probe
    - pinctrl: imx: off by one in imx_pinconf_group_dbg_show()
    - gpio: pxa: disable pinctrl calls for PXA3xx
    - gpio: ml-ioh: Fix buffer underwrite on probe error path
    - pinctrl/amd: only handle irq if it is pending and unmasked
    - net: mvneta: fix mtu change on port without link
    - f2fs: try grabbing node page lock aggressively in sync scenario
    - pktcdvd: Fix possible Spectre-v1 for pkt_devs
    - f2fs: fix to skip GC if type in SSA and SIT is inconsistent
    - tpm_tis_spi: Pass the SPI IRQ down to the driver
    - tpm/tpm_i2c_infineon: switch to i2c_lock_bus(..., I2C_LOCK_SEGMENT)
    - f2fs: fix to do sanity check with reserved blkaddr of inline inode
    - MIPS: Octeon: add missing of_node_put()
    - MIPS: generic: fix missing of_node_put()
    - thermal: rcar_thermal: avoid NULL dereference in absence of IRQ resources
    - thermal_hwmon: Sanitize attribute name passed to hwmon
    - net: dcb: For wild-card lookups, use priority -1, not 0
    - dm cache: only allow a single io_mode cache feature to be requested
    - Input: atmel_mxt_ts - only use first T9 instance
    - media: s5p-mfc: Fix buffer look up in s5p_mfc_handle_frame_{new, copy_time}
      functions
    - media: rcar-csi2: update stream start for V3M
    - media: helene: fix xtal frequency setting at power on
    - drm/amd/display: Prevent PSR from being enabled if initialization fails
    - media: em28xx: Fix dual transport stream operation
    - iommu/arm-smmu-v3: Abort all transactions if SMMU is enabled in kdump kernel
    - f2fs: fix to wait on page writeback before updating page
    - f2fs: Fix uninitialized return in f2fs_ioc_shutdown()
    - media: em28xx: Fix DualHD disconnect oops
    - f2fs: avoid potential deadlock in f2fs_sbi_store
    - f2fs: fix to do sanity check with secs_per_zone
    - mfd: rave-sp: Initialize flow control and parity of the port
    - iommu/ipmmu-vmsa: Fix allocation in atomic context
    - mfd: ti_am335x_tscadc: Fix struct clk memory leak
    - f2fs: fix to do sanity check with {sit,nat}_ver_bitmap_bytesize
    - f2fs: fix to propagate return value of scan_nat_page()
    - f2fs: fix to do sanity check with extra_attr feature
    - RDMA/hns: Add illegal hop_num judgement
    - NFSv4.1: Fix a potential layoutget/layoutrecall deadlock
    - RDMA/hns: Update the data type of immediate data
    - MIPS: WARN_ON invalid DMA cache maintenance, not BUG_ON
    - MIPS: mscc: ocelot: fix length of memory address space for MIIM
    - RDMA/cma: Do not ignore net namespace for unbound cm_id
    - clocksource: Revert "Remove kthread"
    - autofs: fix autofs_sbi() does not check super block type
    - mm: get rid of vmacache_flush_all() entirely
    - Linux 4.18.9

* SRU: Enable middle button of touchpad on ThinkPad P72 (LP: #1793463)
    - Input: elantech - enable middle button of touchpad on ThinkPad P72

* Improvements to the kernel source package preparation (LP: #1793461)
    - [Packaging] startnewrelease: add support for backport kernels

* hns3: Retrieve RoCE MSI-X config from firmware (LP: #1793221)
    - net: hns3: Fix MSIX allocation issue for VF
    - net: hns3: Refine the MSIX allocation for PF

* Fix unusable NVIDIA GPU after S3 (LP: #1793338)
    - SAUCE: PCI: Reprogram bridge prefetch registers on resume

* net: hns: Avoid hang when link is changed while handling packets
    (LP: #1792209)
    - net: hns: add the code for cleaning pkt in chip
    - net: hns: add netif_carrier_off before change speed and duplex

* Cosmic update to v4.18.8 stable release (LP: #1793069)
    - act_ife: fix a potential use-after-free
    - ipv4: tcp: send zero IPID for RST and ACK sent in SYN-RECV and TIME-WAIT
      state
    - net: bcmgenet: use MAC link status for fixed phy
    - net: macb: do not disable MDIO bus at open/close time
    - net: sched: Fix memory exposure from short TCA_U32_SEL
    - qlge: Fix netdev features configuration.
    - r8169: add support for NCube 8168 network card
    - tcp: do not restart timewait timer on rst reception
    - vti6: remove !skb->ignore_df check from vti6_xmit()
    - act_ife: move tcfa_lock down to where necessary
    - act_ife: fix a potential deadlock
    - net: sched: action_ife: take reference to meta module
    - bnxt_en: Clean up unused functions.
    - bnxt_en: Do not adjust max_cp_rings by the ones used by RDMA.
    - net/sched: act_pedit: fix dump of extended layered op
    - tipc: fix a missing rhashtable_walk_exit()
    - hv_netvsc: Fix a deadlock by getting rtnl lock earlier in netvsc_probe()
    - tipc: fix the big/little endian issue in tipc_dest
    - sctp: remove useless start_fail from sctp_ht_iter in proc
    - erspan: set erspan_ver to 1 by default when adding an erspan dev
    - net: macb: Fix regression breaking non-MDIO fixed-link PHYs
    - ipv6: don't get lwtstate twice in ip6_rt_copy_init()
    - net/ipv6: init ip6 anycast rt->dst.input as ip6_input
    - net/ipv6: Only update MTU metric if it set
    - net/ipv6: Put lwtstate when destroying fib6_info
    - net/mlx5: Fix SQ offset in QPs with small RQ
    - r8169: set RxConfig after tx/rx is enabled for RTL8169sb/8110sb devices
    - Revert "net: stmmac: Do not keep rearming the coalesce timer in stmmac_xmit"
    - ip6_vti: fix creating fallback tunnel device for vti6
    - ip6_vti: fix a null pointer deference when destroy vti6 tunnel
    - nfp: wait for posted reconfigs when disabling the device
    - sctp: hold transport before accessing its asoc in sctp_transport_get_next
    - mlxsw: spectrum_switchdev: Do not leak RIFs when removing bridge
    - vhost: correctly check the iova range when waking virtqueue
    - hv_netvsc: ignore devices that are not PCI
    - cifs: check if SMB2 PDU size has been padded and suppress the warning
    - hfsplus: don't return 0 when fill_super() failed
    - hfs: prevent crash on exit from failed search
    - sunrpc: Don't use stack buffer with scatterlist
    - fork: don't copy inconsistent signal handler state to child
    - fs/proc/vmcore.c: hide vmcoredd_mmap_dumps() for nommu builds
    - reiserfs: change j_timestamp type to time64_t
    - iommu/rockchip: Handle errors returned from PM framework
    - hfsplus: fix NULL dereference in hfsplus_lookup()
    - iommu/rockchip: Move irq request past pm_runtime_enable
    - fs/proc/kcore.c: use __pa_symbol() for KCORE_TEXT list entries
    - fat: validate ->i_start before using
    - workqueue: skip lockdep wq dependency in cancel_work_sync()
    - workqueue: re-add lockdep dependencies for flushing
    - scripts: modpost: check memory allocation results
    - apparmor: fix an error code in __aa_create_ns()
    - virtio: pci-legacy: Validate queue pfn
    - x86/mce: Add notifier_block forward declaration
    - i2c: core: ACPI: Make acpi_gsb_i2c_read_bytes() check i2c_transfer return
      value
    - IB/hfi1: Invalid NUMA node information can cause a divide by zero
    - pwm: meson: Fix mux clock names
    - powerpc/topology: Get topology for shared processors at boot
    - mm/fadvise.c: fix signed overflow UBSAN complaint
    - mm: make DEFERRED_STRUCT_PAGE_INIT explicitly depend on SPARSEMEM
    - fs/dcache.c: fix kmemcheck splat at take_dentry_name_snapshot()
    - platform/x86: intel_punit_ipc: fix build errors
    - bpf, sockmap: fix map elem deletion race with smap_stop_sock
    - tcp, ulp: fix leftover icsk_ulp_ops preventing sock from reattach
    - bpf, sockmap: fix sock_map_ctx_update_elem race with exist/noexist
    - net/xdp: Fix suspicious RCU usage warning
    - bpf, sockmap: fix leakage of smap_psock_map_entry
    - samples/bpf: all XDP samples should unload xdp/bpf prog on SIGTERM
    - netfilter: ip6t_rpfilter: set F_IFACE for linklocal addresses
    - s390/kdump: Fix memleak in nt_vmcoreinfo
    - ipvs: fix race between ip_vs_conn_new() and ip_vs_del_dest()
    - mfd: sm501: Set coherent_dma_mask when creating subdevices
    - netfilter: x_tables: do not fail xt_alloc_table_info too easilly
    - platform/x86: asus-nb-wmi: Add keymap entry for lid flip action on UX360
    - netfilter: fix memory leaks on netlink_dump_start error
    - tcp, ulp: add alias for all ulp modules
    - ubi: Initialize Fastmap checkmapping correctly
    - RDMA/hns: Fix usage of bitmap allocation functions return values
    - ACPICA: ACPICA: add status check for acpi_hw_read before assigning return
      value
    - perf arm spe: Fix uninitialized record error variable
    - net: hns3: Fix for command format parsing error in
      hclge_is_all_function_id_zero
    - block: don't warn for flush on read-only device
    - PCI: Match Root Port's MPS to endpoint's MPSS as necessary
    - drm/amd/display: Guard against null crtc in CRC IRQ
    - coccicheck: return proper error code on fail
    - perf tools: Check for null when copying nsinfo.
    - f2fs: avoid race between zero_range and background GC
    - f2fs: fix avoid race between truncate and background GC
    - RISC-V: Use KBUILD_CFLAGS instead of KCFLAGS when building the vDSO
    - irqchip/stm32: Fix init error handling
    - irqchip/bcm7038-l1: Hide cpu offline callback when building for !SMP
    - net/9p/trans_fd.c: fix race by holding the lock
    - net/9p: fix error path of p9_virtio_probe
    - f2fs: fix to clear PG_checked flag in set_page_dirty()
    - pinctrl: axp209: Fix NULL pointer dereference after allocation
    - bpf: fix bpffs non-array map seq_show issue
    - powerpc/uaccess: Enable get_user(u64, *p) on 32-bit
    - powerpc: Fix size calculation using resource_size()
    - perf probe powerpc: Fix trace event post-processing
    - block: bvec_nr_vecs() returns value for wrong slab
    - brcmfmac: fix brcmf_wiphy_wowl_params() NULL pointer dereference
    - s390/dasd: fix hanging offline processing due to canceled worker
    - s390/dasd: fix panic for failed online processing
    - ACPI / scan: Initialize status to ACPI_STA_DEFAULT
    - blk-mq: count the hctx as active before allocating tag
    - scsi: aic94xx: fix an error code in aic94xx_init()
    - NFSv4: Fix error handling in nfs4_sp4_select_mode()
    - Input: do not use WARN() in input_alloc_absinfo()
    - xen/balloon: fix balloon initialization for PVH Dom0
    - PCI: mvebu: Fix I/O space end address calculation
    - dm kcopyd: avoid softlockup in run_complete_job
    - staging: comedi: ni_mio_common: fix subdevice flags for PFI subdevice
    - ASoC: rt5677: Fix initialization of rt5677_of_match.data
    - iommu/omap: Fix cache flushes on L2 table entries
    - selftests/powerpc: Kill child processes on SIGINT
    - selinux: cleanup dentry and inodes on error in selinuxfs
    - RDS: IB: fix 'passing zero to ERR_PTR()' warning
    - cfq: Suppress compiler warnings about comparisons
    - smb3: fix reset of bytes read and written stats
    - CIFS: fix memory leak and remove dead code
    - SMB3: Number of requests sent should be displayed for SMB3 not just CIFS
    - smb3: if server does not support posix do not allow posix mount option
    - powerpc/platforms/85xx: fix t1042rdb_diu.c build errors & warning
    - powerpc/64s: Make rfi_flush_fallback a little more robust
    - um: fix parallel building with O= option
    - powerpc/pseries: Avoid using the size greater than RTAS_ERROR_LOG_MAX.
    - clk: rockchip: Add pclk_rkpwm_pmu to PMU critical clocks in rk3399
    - drm/amd/display: Read back max backlight value at boot
    - KVM: vmx: track host_state.loaded using a loaded_vmcs pointer
    - kvm: nVMX: Fix fault vector for VMX operation at CPL > 0
    - drm/etnaviv: fix crash in GPU suspend when init failed due to buffer
      placement
    - btrfs: Exit gracefully when chunk map cannot be inserted to the tree
    - btrfs: replace: Reset on-disk dev stats value after replace
    - btrfs: fix in-memory value of total_devices after seed device deletion
    - btrfs: relocation: Only remove reloc rb_trees if reloc control has been
      initialized
    - btrfs: tree-checker: Detect invalid and empty essential trees
    - btrfs: check-integrity: Fix NULL pointer dereference for degraded mount
    - btrfs: lift uuid_mutex to callers of btrfs_open_devices
    - btrfs: Don't remove block group that still has pinned down bytes
    - btrfs: Fix a C compliance issue
    - arm64: rockchip: Force CONFIG_PM on Rockchip systems
    - ARM: rockchip: Force CONFIG_PM on Rockchip systems
    - btrfs: do btrfs_free_stale_devices outside of device_list_add
    - btrfs: extend locked section when adding a new device in device_list_add
    - btrfs: rename local devices for fs_devices in btrfs_free_stale_devices(
    - btrfs: use device_list_mutex when removing stale devices
    - btrfs: lift uuid_mutex to callers of btrfs_scan_one_device
    - btrfs: lift uuid_mutex to callers of btrfs_parse_early_options
    - btrfs: reorder initialization before the mount locks uuid_mutex
    - btrfs: fix mount and ioctl device scan ioctl race
    - drm/i915/lpe: Mark LPE audio runtime pm as "no callbacks"
    - drm/i915: Nuke the LVDS lid notifier
    - drm/i915: Increase LSPCON timeout
    - drm/i915: Free write_buf that we allocated with kzalloc.
    - drm/amdgpu: update uvd_v6_0_ring_vm_funcs to use new nop packet
    - drm/amdgpu: fix a reversed condition
    - drm/amdgpu: Fix RLC safe mode test in gfx_v9_0_enter_rlc_safe_mode
    - drm/amd/pp: Convert voltage unit in mV*4 to mV on CZ/ST
    - drm/amd/powerplay: fixed uninitialized value
    - drm/amd/pp/Polaris12: Fix a chunk of registers missed to program
    - drm/edid: Quirk Vive Pro VR headset non-desktop.
    - drm/amd/display: fix type of variable
    - drm/amd/display: Don't share clk source between DP and HDMI
    - drm/amd/display: update clk for various HDMI color depths
    - drm/amd/display: Use requested HDMI aspect ratio
    - drm/amd/display: Report non-DP display as disconnected without EDID
    - drm/rockchip: lvds: add missing of_node_put
    - drm/rockchip: vop: split out core clock enablement into separate functions
    - drm/rockchip: vop: fix irq disabled after vop driver probed
    - drm/amd/display: Pass connector id when executing VBIOS CT
    - drm/amd/display: Check if clock source in use before disabling
    - drm/amdgpu: update tmr mc address
    - drm/amdgpu:add tmr mc address into amdgpu_firmware_info
    - drm/amdgpu:add new firmware id for VCN
    - drm/amdgpu:add VCN support in PSP driver
    - drm/amdgpu:add VCN booting with firmware loaded by PSP
    - drm/amdgpu: fix incorrect use of fcheck
    - drm/amdgpu: fix incorrect use of drm_file->pid
    - drm/i915: Re-apply "Perform link quality check, unconditionally during long
      pulse"
    - uapi/linux/keyctl.h: don't use C++ reserved keyword as a struct member name
    - mm: respect arch_dup_mmap() return value
    - drm/i915: set DP Main Stream Attribute for color range on DDI platforms
    - x86/tsc: Prevent result truncation on 32bit
    - drm/amdgpu: Keep track of amount of pinned CPU visible VRAM
    - drm/amdgpu: Make pin_size values atomic
    - drm/amdgpu: Warn and update pin_size values when destroying a pinned BO
    - drm/amdgpu: Don't warn on destroying a pinned BO
    - debugobjects: Make stack check warning more informative
    - x86/pae: use 64 bit atomic xchg function in native_ptep_get_and_clear
    - x86/xen: don't write ptes directly in 32-bit PV guests
    - kbuild: make missing $DEPMOD a Warning instead of an Error
    - kvm: x86: Set highest physical address bits in non-present/reserved SPTEs
    - x86: kvm: avoid unused variable warning
    - HID: redragon: fix num lock and caps lock LEDs
    - ASoC: wm8994: Fix missing break in switch
    - Linux 4.18.8

* [Regression] Colour banding appears on Lenovo B50-80 integrated display
    (LP: #1788308) // Cosmic update to v4.18.8 stable release (LP: #1793069)
    - drm/edid: Add 6 bpc quirk for SDC panel in Lenovo B50-80

* Fix I2C touchpanels' interrupt storms after system suspend (LP: #1792309)
    - HID: i2c-hid: Fix flooded incomplete report after S3 on Rayd touchscreen
    - HID: i2c-hid: Don't reset device upon system resume

* Error reported when creating ZFS pool with "-t" option, despite successful
    pool creation (LP: #1769937)
    - SAUCE: (noup) Update zfs to 0.7.9-3ubuntu6

* update ENA driver to latest mainline version (LP: #1792044)
    - net: ena: fix surprise unplug NULL dereference kernel crash
    - net: ena: fix driver when PAGE_SIZE == 64kB
    - net: ena: fix device destruction to gracefully free resources
    - net: ena: fix potential double ena_destroy_device()
    - net: ena: fix missing lock during device destruction
    - net: ena: fix missing calls to READ_ONCE
    - net: ena: fix incorrect usage of memory barriers

* device hotplug of vfio devices can lead to deadlock in vfio_pci_release
    (LP: #1792099)
    - SAUCE: vfio -- release device lock before userspace requests

* [AEP-bug] ext4: more rare direct I/O vs unmap failures (LP: #1787089)
    - dax: dax_layout_busy_page() warn on !exceptional
    - ext4: handle layout changes to pinned DAX mappings
    - xfs: Close race between direct IO and xfs_break_layouts()

* [Bug][CLX]assertion failure with util_range_rw using libpmemlog, possible
    kernel DAX bug (LP: #1789146)
    - dax: remove VM_MIXEDMAP for fsdax and device dax

* [Feature] Optimize huge page clear/copy cache behavior (LP: #1730836)
    - mm, clear_huge_page: move order algorithm into a separate function
    - mm, huge page: copy target sub-page last when copy huge page
    - mm, hugetlbfs: rename address to haddr in hugetlb_cow()
    - mm, hugetlbfs: pass fault address to cow handler

* [ICL] Touch support (LP: #1771245)
    - mfd: intel-lpss: Add Ice Lake PCI IDs

* Miscellaneous Ubuntu changes
    - [Packaging] retpoline -- fix temporary filenaming
    - SAUCE: update aufs to aufs4.18 20180910
    - CONFIG_BCH_CONST_PARAMS=n
    - Packaging: final-checks: remove trailing backport suffix

-- Seth Forshee <seth.forshee@canonical.com>  Fri, 05 Oct 2018 11:13:20 -0500

Changed in linux (Ubuntu):
status:	Fix Committed → Fix Released

quanxian (quanxian-wang) on 2018-10-26

Changed in intel:
status:	Triaged → Fix Released

Revision history for this message

Brad Figg (brad-figg) wrote on 2019-02-14:

#11

This bug is awaiting verification that the kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-bionic' to 'verification-done-bionic'. If the problem still exists, change the tag 'verification-needed-bionic' to 'verification-failed-bionic'.

If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you!

tags:

added: verification-needed-bionic

Andy Whitcroft (apw) on 2019-02-14

tags:

added: kernel-fixup-verification-needed-bionic
removed: verification-needed-bionic

Revision history for this message

Andy Whitcroft (apw) wrote on 2019-02-14:

#12

This bug was erroneously marked for verification in bionic; verification is not required and verification-needed-bionic is being removed.

tags:

added: verification-done-bionic

Affects		Status	Importance	Assigned to	Milestone
	intel	Fix Released	Medium	Unassigned
	linux (Ubuntu)	Fix Released	Medium	Unassigned

intel

[AEP-bug] ext4: more rare direct I/O vs unmap failures

Bug Description

CVE References

Other bug subscribers

Remote bug watches