Bug #1849016 “bionic/linux-aws: 4.15.0-1053.55 -proposed tracker...” : Series automated-testing : Bugs : Kernel SRU Workflow

Khaled El Mously (kmously) on 2019-10-21

tags:	added: bionic kernel-release-tracking-bug
Changed in linux-aws (Ubuntu Bionic):
status:	New → Confirmed
Changed in linux-aws (Ubuntu):
status:	New → Invalid
Changed in linux-aws (Ubuntu Bionic):
importance:	Undecided → Medium
tags:	added: kernel-release-tracking-bug-live
description:	updated
tags:	added: kernel-sru-cycle-2019.10.21-1

Khaled El Mously (kmously) on 2019-10-21

description:	updated
tags:	added: kernel-sru-derivative-of-1849035
Changed in kernel-sru-workflow:
status:	New → In Progress
importance:	Undecided → Medium
tags:	removed: kernel-sru-derivative-of-1849035
tags:	added: kernel-sru-derivative-of-1849035

Ubuntu Kernel Bot (ubuntu-kernel-bot) on 2019-10-21

summary:	- linux-aws: <version to be filled> -proposed tracker + bionic/linux-aws: <version to be filled> -proposed tracker
description:	updated

Ubuntu Kernel Bot (ubuntu-kernel-bot) on 2019-10-21

description:

updated

Khaled El Mously (kmously) on 2019-10-22

summary:

- bionic/linux-aws: <version to be filled> -proposed tracker
+ bionic/linux-aws: 4.15.0-1048.50 -proposed tracker

Ubuntu Kernel Bot (ubuntu-kernel-bot) on 2019-10-22

description:

updated

Khaled El Mously (kmously) on 2019-10-22

summary:

- bionic/linux-aws: 4.15.0-1048.50 -proposed tracker
+ bionic/linux-aws: 4.15.0-1053.55 -proposed tracker

Ubuntu Kernel Bot (ubuntu-kernel-bot) on 2019-10-22

description:

updated

Ubuntu Kernel Bot (ubuntu-kernel-bot) on 2019-10-22

description:

updated

Ubuntu Kernel Bot (ubuntu-kernel-bot) on 2019-10-22

tags:	added: block-proposed-bionic
tags:	added: block-proposed
description:	updated

Ubuntu Kernel Bot (ubuntu-kernel-bot) on 2019-10-22

description:

updated

Ubuntu Kernel Bot (ubuntu-kernel-bot) on 2019-10-22

description:

updated

Ubuntu Kernel Bot (ubuntu-kernel-bot) on 2019-10-22

description:

updated

Ubuntu Kernel Bot (ubuntu-kernel-bot) on 2019-10-22

description:

updated

Ubuntu Kernel Bot (ubuntu-kernel-bot) on 2019-10-23

description:

updated

Ubuntu Kernel Bot (ubuntu-kernel-bot) on 2019-10-24

description:

updated

Stefan Bader (smb) on 2019-10-25

description:	updated
tags:	removed: kernel-sru-derivative-of-1849035
tags:	added: kernel-sru-derivative-of-1849855

Revision history for this message

Po-Hsu Lin (cypressyew) wrote on 2019-11-01:

#1

4.15.0-1053.55 - aws
Regression test CMPL, RTB.

Issue to note in arm64 (aws):
ubuntu_ltp - proc01 (bug 1829849) binfmt_misc02 (bug 1822246) fs_fill (bug 1842266) cpuacct_100_100 (bug 1829978) memcg_stat (bug 1829983) memcg_use_hierarchy (bug 1829989) memcg_usage_in_bytes (bug 1829984) memcg_test_3 (bug 1836694) cgroup_fj_* failure caused by memcg_test_3 (bug 1836694) getaddrinfo_01 (bug 1829995) mm test failed on some instances
ubuntu_ltp_syscalls - fallocate04, fallocate05, fdatasync03, fremovexattr01, fremovexattr02, fsync01, fsync04, msync04, preadv03, preadv03_64, preadv203, preadv203_64, pwritev03, pwritev03_64, sync03, syncfs01, sync_file_range02, copy_file_range01, statx04 (bug 1842266) fsetxattr01, fgetxattr01, fanotify13, fanotify14, lremovexattr01, setxattr01 (bug 1842266) msgstress03 (bug 1783881)

Skipped / blacklisted:
* iosched_bugs
* libhugetlbfs
* monotonic_time
* tsc
* ubuntu_32_on_64
* ubuntu_seccomp
* ubuntu_sysdig_smoke_test

Issue to note in x86_64 (aws):
  tsc - failed on i3.metal
  ubuntu_kernel_selftests - raw_skew in timer (bug 1811194)
  ubuntu_kvm_unit_tests - apic timeouted (bug 1748103) apic-split (bug 1821390) vmx (bug 1821394) vmx_apic_passthrough_thread (bug 1822309) vmx_apicv_test (bug 1837543) vmx_hlt_with_rvi_test (bug 1822308) on i3.metal
  ubuntu_ltp - proc01 (bug 1829849) binfmt_misc02 (bug 1822246) fs_fill (bug 1842266) cpuacct_100_100 (bug 1829978) cpuset_hotplug (bug 1834006) memcg_stat (bug 1829983) memcg_use_hierarchy (bug 1829989) memcg_usage_in_bytes (bug 1829984) memcg_max_usage_in_bytes (bug 1829979) getaddrinfo_01 (bug 1829995) crypto_user02 (bug 1837543) ltp_acpi (bug 1830676)
  ubuntu_ltp_syscalls - fallocate04, fallocate05, fdatasync03, fremovexattr01, fremovexattr02, fsync01, fsync04, msync04, preadv03, preadv03_64, preadv203, preadv203_64, pwritev03, pwritev03_64, sync03, syncfs01, sync_file_range02, copy_file_range01, statx04 (bug 1842266) fsetxattr01, fgetxattr01, fanotify13, fanotify14, lremovexattr01, setxattr01 (bug 1842266) msgstress03 (bug 1783881)

Skipped / blacklisted:
* libhugetlbfs
* ubuntu_seccomp

4.15.0-1053.55 - aws
Regression test CMPL, RTB.

Issue to note in arm64 (aws):
  ubuntu_ltp - proc01 (bug 1829849) binfmt_misc02 (bug 1822246) fs_fill (bug 1842266) cpuacct_100_100 (bug 1829978) memcg_stat (bug 1829983) memcg_use_hierarchy (bug 1829989) memcg_usage_in_bytes (bug 1829984) memcg_test_3 (bug 1836694) cgroup_fj_* failure caused by memcg_test_3 (bug 1836694) getaddrinfo_01 (bug 1829995) mm test failed on some instances
  ubuntu_ltp_syscalls - fallocate04, fallocate05, fdatasync03, fremovexattr01, fremovexattr02, fsync01, fsync04, msync04, preadv03, preadv03_64, preadv203, preadv203_64, pwritev03, pwritev03_64, sync03, syncfs01, sync_file_range02, copy_file_range01, statx04 (bug 1842266) fsetxattr01, fgetxattr01, fanotify13, fanotify14, lremovexattr01, setxattr01 (bug 1842266) msgstress03 (bug 1783881)

Skipped / blacklisted:
 * iosched_bugs
 * libhugetlbfs
 * monotonic_time
 * tsc
 * ubuntu_32_on_64
 * ubuntu_seccomp
 * ubuntu_sysdig_smoke_test

Issue to note in x86_64 (aws):
  tsc - failed on i3.metal
  ubuntu_kernel_selftests - raw_skew in timer (bug 1811194)
  ubuntu_kvm_unit_tests - apic timeouted (bug 1748103) apic-split (bug 1821390) vmx (bug 1821394) vmx_apic_passthrough_thread (bug 1822309) vmx_apicv_test (bug 1837543) vmx_hlt_with_rvi_test (bug 1822308) on i3.metal
  ubuntu_ltp - proc01 (bug 1829849) binfmt_misc02 (bug 1822246) fs_fill (bug 1842266) cpuacct_100_100 (bug 1829978) cpuset_hotplug (bug 1834006) memcg_stat (bug 1829983) memcg_use_hierarchy (bug 1829989) memcg_usage_in_bytes (bug 1829984) memcg_max_usage_in_bytes (bug 1829979) getaddrinfo_01 (bug 1829995) crypto_user02 (bug 1837543) ltp_acpi (bug 1830676)
  ubuntu_ltp_syscalls - fallocate04, fallocate05, fdatasync03, fremovexattr01, fremovexattr02, fsync01, fsync04, msync04, preadv03, preadv03_64, preadv203, preadv203_64, pwritev03, pwritev03_64, sync03, syncfs01, sync_file_range02, copy_file_range01, statx04 (bug 1842266) fsetxattr01, fgetxattr01, fanotify13, fanotify14, lremovexattr01, setxattr01 (bug 1842266) msgstress03 (bug 1783881)

Skipped / blacklisted:
 * libhugetlbfs
 * ubuntu_seccomp

tags:

added: regression-testing-passed

Ubuntu Kernel Bot (ubuntu-kernel-bot) on 2019-11-01

description:

updated

Ubuntu Kernel Bot (ubuntu-kernel-bot) on 2019-11-06

description:

updated

Ubuntu Kernel Bot (ubuntu-kernel-bot) on 2019-11-11

description:

updated

Ubuntu Kernel Bot (ubuntu-kernel-bot) on 2019-11-12

description:

updated

Revision history for this message

Launchpad Janitor (janitor) wrote on 2019-11-12:

#2

Download full text (24.2 KiB)

This bug was fixed in the package linux-aws - 4.15.0-1054.56

---------------
linux-aws (4.15.0-1054.56) bionic; urgency=medium

* CVE-2019-11135
- [Config] Disable TSX by default when possible

[ Ubuntu: 4.15.0-69.78 ]

  * KVM NULL pointer deref (LP: #1851205)
    - KVM: nVMX: handle page fault in vmread fix
  * CVE-2018-12207
    - KVM: MMU: drop vcpu param in gpte_access
    - kvm: Convert kvm_lock to a mutex
    - kvm: x86: Do not release the page inside mmu_set_spte()
    - KVM: x86: make FNAME(fetch) and __direct_map more similar
    - KVM: x86: remove now unneeded hugepage gfn adjustment
    - KVM: x86: change kvm_mmu_page_get_gfn BUG_ON to WARN_ON
    - KVM: x86: add tracepoints around __direct_map and FNAME(fetch)
    - kvm: x86, powerpc: do not allow clearing largepages debugfs entry
    - SAUCE: KVM: vmx, svm: always run with EFER.NXE=1 when shadow paging is
      active
    - SAUCE: x86: Add ITLB_MULTIHIT bug infrastructure
    - SAUCE: kvm: mmu: ITLB_MULTIHIT mitigation
    - SAUCE: kvm: Add helper function for creating VM worker threads
    - SAUCE: kvm: x86: mmu: Recovery of shattered NX large pages
    - SAUCE: cpu/speculation: Uninline and export CPU mitigations helpers
    - SAUCE: kvm: x86: mmu: Apply global mitigations knob to ITLB_MULTIHIT
  * CVE-2019-11135
    - KVM: x86: use Intel speculation bugs and features as derived in generic x86
      code
    - x86/msr: Add the IA32_TSX_CTRL MSR
    - x86/cpu: Add a helper function x86_read_arch_cap_msr()
    - x86/cpu: Add a "tsx=" cmdline option with TSX disabled by default
    - x86/speculation/taa: Add mitigation for TSX Async Abort
    - x86/speculation/taa: Add sysfs reporting for TSX Async Abort
    - kvm/x86: Export MDS_NO=0 to guests when TSX is enabled
    - x86/tsx: Add "auto" option to the tsx= cmdline parameter
    - x86/speculation/taa: Add documentation for TSX Async Abort
    - x86/tsx: Add config options to set tsx=on|off|auto
    - SAUCE: x86/speculation/taa: Call tsx_init()
    - SAUCE: x86/cpu: Include cpu header from bugs.c
    - [Config] Disable TSX by default when possible
  * CVE-2019-0154
    - SAUCE: drm/i915: Lower RM timeout to avoid DSI hard hangs
    - SAUCE: drm/i915/gen8+: Add RC6 CTX corruption WA
  * CVE-2019-0155
    - drm/i915/gtt: Add read only pages to gen8_pte_encode
    - drm/i915/gtt: Read-only pages for insert_entries on bdw+
    - drm/i915/gtt: Disable read-only support under GVT
    - drm/i915: Prevent writing into a read-only object via a GGTT mmap
    - drm/i915/cmdparser: Check reg_table_count before derefencing.
    - drm/i915/cmdparser: Do not check past the cmd length.
    - drm/i915: Silence smatch for cmdparser
    - drm/i915: Move engine->needs_cmd_parser to engine->flags
    - SAUCE: drm/i915: Rename gen7 cmdparser tables
    - SAUCE: drm/i915: Disable Secure Batches for gen6+
    - SAUCE: drm/i915: Remove Master tables from cmdparser
    - SAUCE: drm/i915: Add support for mandatory cmdparsing
    - SAUCE: drm/i915: Support ro ppgtt mapped cmdparser shadow buffers
    - SAUCE: drm/i915: Allow parsing of unsized batches
    - SAUCE: drm/i915: Add gen9 BCS cmdparsing
    - SAUCE: drm/i915/cmdparser: Use explicit goto ...

This bug was fixed in the package linux-aws - 4.15.0-1054.56

---------------
linux-aws (4.15.0-1054.56) bionic; urgency=medium

* CVE-2019-11135
    - [Config] Disable TSX by default when possible

[ Ubuntu: 4.15.0-69.78 ]

* KVM NULL pointer deref (LP: #1851205)
    - KVM: nVMX: handle page fault in vmread fix
  * CVE-2018-12207
    - KVM: MMU: drop vcpu param in gpte_access
    - kvm: Convert kvm_lock to a mutex
    - kvm: x86: Do not release the page inside mmu_set_spte()
    - KVM: x86: make FNAME(fetch) and __direct_map more similar
    - KVM: x86: remove now unneeded hugepage gfn adjustment
    - KVM: x86: change kvm_mmu_page_get_gfn BUG_ON to WARN_ON
    - KVM: x86: add tracepoints around __direct_map and FNAME(fetch)
    - kvm: x86, powerpc: do not allow clearing largepages debugfs entry
    - SAUCE: KVM: vmx, svm: always run with EFER.NXE=1 when shadow paging is
      active
    - SAUCE: x86: Add ITLB_MULTIHIT bug infrastructure
    - SAUCE: kvm: mmu: ITLB_MULTIHIT mitigation
    - SAUCE: kvm: Add helper function for creating VM worker threads
    - SAUCE: kvm: x86: mmu: Recovery of shattered NX large pages
    - SAUCE: cpu/speculation: Uninline and export CPU mitigations helpers
    - SAUCE: kvm: x86: mmu: Apply global mitigations knob to ITLB_MULTIHIT
  * CVE-2019-11135
    - KVM: x86: use Intel speculation bugs and features as derived in generic x86
      code
    - x86/msr: Add the IA32_TSX_CTRL MSR
    - x86/cpu: Add a helper function x86_read_arch_cap_msr()
    - x86/cpu: Add a "tsx=" cmdline option with TSX disabled by default
    - x86/speculation/taa: Add mitigation for TSX Async Abort
    - x86/speculation/taa: Add sysfs reporting for TSX Async Abort
    - kvm/x86: Export MDS_NO=0 to guests when TSX is enabled
    - x86/tsx: Add "auto" option to the tsx= cmdline parameter
    - x86/speculation/taa: Add documentation for TSX Async Abort
    - x86/tsx: Add config options to set tsx=on|off|auto
    - SAUCE: x86/speculation/taa: Call tsx_init()
    - SAUCE: x86/cpu: Include cpu header from bugs.c
    - [Config] Disable TSX by default when possible
  * CVE-2019-0154
    - SAUCE: drm/i915: Lower RM timeout to avoid DSI hard hangs
    - SAUCE: drm/i915/gen8+: Add RC6 CTX corruption WA
  * CVE-2019-0155
    - drm/i915/gtt: Add read only pages to gen8_pte_encode
    - drm/i915/gtt: Read-only pages for insert_entries on bdw+
    - drm/i915/gtt: Disable read-only support under GVT
    - drm/i915: Prevent writing into a read-only object via a GGTT mmap
    - drm/i915/cmdparser: Check reg_table_count before derefencing.
    - drm/i915/cmdparser: Do not check past the cmd length.
    - drm/i915: Silence smatch for cmdparser
    - drm/i915: Move engine->needs_cmd_parser to engine->flags
    - SAUCE: drm/i915: Rename gen7 cmdparser tables
    - SAUCE: drm/i915: Disable Secure Batches for gen6+
    - SAUCE: drm/i915: Remove Master tables from cmdparser
    - SAUCE: drm/i915: Add support for mandatory cmdparsing
    - SAUCE: drm/i915: Support ro ppgtt mapped cmdparser shadow buffers
    - SAUCE: drm/i915: Allow parsing of unsized batches
    - SAUCE: drm/i915: Add gen9 BCS cmdparsing
    - SAUCE: drm/i915/cmdparser: Use explicit goto for error paths
    - SAUCE: drm/i915/cmdparser: Add support for backward jumps
    - SAUCE: drm/i915/cmdparser: Ignore Length operands during command matching

[ Ubuntu: 4.15.0-68.77 ]

* bionic/linux: 4.15.0-68.77 -proposed tracker (LP: #1849855)
  * [REGRESSION]  md/raid0: cannot assemble multi-zone RAID0 with default_layout
    setting (LP: #1849682)
    - Revert "md/raid0: avoid RAID0 data corruption due to layout confusion."

linux-aws (4.15.0-1053.55) bionic; urgency=medium

* bionic/linux-aws: 4.15.0-1053.55 -proposed tracker (LP: #1849016)

[ Ubuntu: 4.15.0-67.76 ]

* bionic/linux: 4.15.0-67.76 -proposed tracker (LP: #1849035)
  * Unexpected CFS throttling  (LP: #1832151)
    - sched/fair: Add lsub_positive() and use it consistently
    - sched/fair: Fix low cpu usage with high throttling by removing expiration of
      cpu-local slices
    - sched/fair: Fix -Wunused-but-set-variable warnings
  * [CML] New device IDs for CML-U (LP: #1843774)
    - i2c: i801: Add support for Intel Comet Lake
    - spi: pxa2xx: Add support for Intel Comet Lake
  * CVE-2019-17666
    - SAUCE: rtlwifi: rtl8822b: Fix potential overflow on P2P code
    - SAUCE: rtlwifi: Fix potential overflow on P2P code
  * md raid0/linear doesn't show error state if an array member is removed and
    allows successful writes (LP: #1847773)
    - md raid0/linear: Mark array as 'broken' and fail BIOs if a member is gone
  * Change Config Option CONFIG_MEMORY_HOTPLUG_DEFAULT_ONLINE for s390x from yes
    to no (LP: #1848492)
    - [Config] Change Config Option CONFIG_MEMORY_HOTPLUG_DEFAULT_ONLINE for s390x
      from yes to no
  * [Packaging] Support building Flattened Image Tree (FIT) kernels
    (LP: #1847969)
    - [Packaging] add rules to build FIT image
    - [Packaging] force creation of headers directory
  * bcache: Performance degradation when querying priority_stats (LP: #1840043)
    - bcache: add cond_resched() in __bch_cache_cmp()
  * Add installer support for iwlmvm adapters (LP: #1848236)
    - d-i: Add iwlmvm to nic-modules
  * Check for CPU Measurement sampling (LP: #1847590)
    - s390/cpumsf: Check for CPU Measurement sampling
  * [CML-U] Comet lake platform need ISH driver support (LP: #1843775)
    - HID: intel-ish-hid: Add Comet Lake PCI device ID
  * intel-lpss driver conflicts with write-combining MTRR region (LP: #1845584)
    - SAUCE: mfd: intel-lpss: add quirk for Dell XPS 13 7390 2-in-1
  * Fix non-working Realtek USB ethernet after system resume (LP: #1847063)
    - r8152: remove extra action copying ethernet address
    - r8152: Refresh MAC address during USBDEVFS_RESET
    - r8152: Set macpassthru in reset_resume callback
  * Ubuntu 18.04  - wrong cpu-mf counter number (LP: #1847109)
    - s390/cpum_cf: correct counter number of LAST_HOST_TRANSLATIONS
  * PM / hibernate: fix potential memory corruption (LP: #1847118)
    - PM / hibernate: memory_bm_find_bit(): Tighten node optimisation
  * Microphone-Mute keyboard LED is always on/off on Dell Latitude 3310
    (LP: #1846453)
    - platform/x86: dell-laptop: Add 2-in-1 devices to the DMI whitelist
    - platform/x86: dell-laptop: Removed duplicates in DMI whitelist
  * xHCI on AMD Stoney Ridge cannot detect USB 2.0 or 1.1 devices.
    (LP: #1846470)
    - x86/PCI: Avoid AMD FCH XHCI USB PME# from D0 defect
  * CVE-2019-15098
    - ath6kl: fix a NULL-ptr-deref bug in ath6kl_usb_alloc_urb_from_pipe()
  * Bionic update: upstream stable patchset 2019-10-15 (LP: #1848274)
    - tpm: use tpm_try_get_ops() in tpm-sysfs.c.
    - tpm: Fix TPM 1.2 Shutdown sequence to prevent future TPM operations
    - drm/bridge: tc358767: Increase AUX transfer length limit
    - drm/panel: simple: fix AUO g185han01 horizontal blanking
    - video: ssd1307fb: Start page range at page_offset
    - drm/stm: attach gem fence to atomic state
    - drm/radeon: Fix EEH during kexec
    - gpu: drm: radeon: Fix a possible null-pointer dereference in
      radeon_connector_set_property()
    - ipmi_si: Only schedule continuously in the thread in maintenance mode
    - clk: qoriq: Fix -Wunused-const-variable
    - clk: sunxi-ng: v3s: add missing clock slices for MMC2 module clocks
    - clk: sirf: Don't reference clk_init_data after registration
    - clk: zx296718: Don't reference clk_init_data after registration
    - powerpc/xmon: Check for HV mode when dumping XIVE info from OPAL
    - powerpc/rtas: use device model APIs and serialization during LPM
    - powerpc/futex: Fix warning: 'oldval' may be used uninitialized in this
      function
    - powerpc/pseries/mobility: use cond_resched when updating device tree
    - pinctrl: tegra: Fix write barrier placement in pmx_writel
    - vfio_pci: Restore original state on release
    - drm/nouveau/volt: Fix for some cards having 0 maximum voltage
    - drm/amdgpu/si: fix ASIC tests
    - powerpc/64s/exception: machine check use correct cfar for late handler
    - powerpc/pseries: correctly track irq state in default idle
    - arm64: fix unreachable code issue with cmpxchg
    - clk: at91: select parent if main oscillator or bypass is enabled
    - scsi: core: Reduce memory required for SCSI logging
    - dma-buf/sw_sync: Synchronize signal vs syncpt free
    - MIPS: tlbex: Explicitly cast _PAGE_NO_EXEC to a boolean
    - i2c-cht-wc: Fix lockdep warning
    - PCI: tegra: Fix OF node reference leak
    - livepatch: Nullify obj->mod in klp_module_coming()'s error path
    - ARM: 8898/1: mm: Don't treat faults reported from cache maintenance as
      writes
    - rtc: snvs: fix possible race condition
    - HID: apple: Fix stuck function keys when using FN
    - PCI: rockchip: Propagate errors for optional regulators
    - PCI: imx6: Propagate errors for optional regulators
    - PCI: exynos: Propagate errors for optional PHYs
    - security: smack: Fix possible null-pointer dereferences in
      smack_socket_sock_rcv_skb()
    - ARM: 8903/1: ensure that usable memory in bank 0 starts from a PMD-aligned
      address
    - fat: work around race with userspace's read via blockdev while mounting
    - pktcdvd: remove warning on attempting to register non-passthrough dev
    - hypfs: Fix error number left in struct pointer member
    - kbuild: clean compressed initramfs image
    - ocfs2: wait for recovering done after direct unlock request
    - kmemleak: increase DEBUG_KMEMLEAK_EARLY_LOG_SIZE default to 16K
    - bpf: fix use after free in prog symbol exposure
    - cxgb4:Fix out-of-bounds MSI-X info array access
    - erspan: remove the incorrect mtu limit for erspan
    - hso: fix NULL-deref on tty open
    - ipv6: drop incoming packets having a v4mapped source address
    - net: ipv4: avoid mixed n_redirects and rate_tokens usage
    - net: qlogic: Fix memory leak in ql_alloc_large_buffers
    - net: Unpublish sk from sk_reuseport_cb before call_rcu
    - nfc: fix memory leak in llcp_sock_bind()
    - qmi_wwan: add support for Cinterion CLS8 devices
    - sch_dsmark: fix potential NULL deref in dsmark_init()
    - vsock: Fix a lockdep warning in __vsock_release()
    - net/rds: Fix error handling in rds_ib_add_one()
    - xen-netfront: do not use ~0U as error return value for xennet_fill_frags()
    - tipc: fix unlimited bundling of small messages
    - sch_cbq: validate TCA_CBQ_WRROPT to avoid crash
    - ipv6: Handle missing host route in __ipv6_ifa_notify
    - Smack: Don't ignore other bprm->unsafe flags if LSM_UNSAFE_PTRACE is set
    - smack: use GFP_NOFS while holding inode_smack::smk_lock
    - NFC: fix attrs checks in netlink interface
    - kexec: bail out upon SIGKILL when allocating memory.
    - drm/panel: check failure cases in the probe func
    - drm/amd/display: reprogram VM config when system resume
    - pinctrl: amd: disable spurious-firing GPIO IRQs
    - pstore: fs superblock limits
    - pinctrl: meson-gxbb: Fix wrong pinning definition for uart_c
    - mbox: qcom: add APCS child device for QCS404
    - ARM: 8875/1: Kconfig: default to AEABI w/ Clang
    - arm64: consider stack randomization for mmap base only when necessary
    - mips: properly account for stack randomization and stack guard gap
    - arm: properly account for stack randomization and stack guard gap
    - arm: use STACK_TOP when computing mmap base address
  * Bionic update: upstream stable patchset 2019-10-07 (LP: #1847155)
    - Revert "Bluetooth: validate BLE connection interval updates"
    - powerpc/xive: Fix bogus error code returned by OPAL
    - IB/core: Add an unbound WQ type to the new CQ API
    - HID: prodikeys: Fix general protection fault during probe
    - HID: sony: Fix memory corruption issue on cleanup.
    - HID: logitech: Fix general protection fault caused by Logitech driver
    - HID: hidraw: Fix invalid read in hidraw_ioctl
    - mtd: cfi_cmdset_0002: Use chip_good() to retry in do_write_oneword()
    - crypto: talitos - fix missing break in switch statement
    - iwlwifi: mvm: send BCAST management frames to the right station
    - media: tvp5150: fix switch exit in set control handler
    - ASoC: fsl: Fix of-node refcount unbalance in fsl_ssi_probe_from_dt()
    - arm64: kpti: Whitelist Cortex-A CPUs that don't implement the CSV3 field
    - ALSA: hda - Add laptop imic fixup for ASUS M9V laptop
    - ALSA: hda - Apply AMD controller workaround for Raven platform
    - objtool: Clobber user CFLAGS variable
    - pinctrl: sprd: Use define directive for sprd_pinconf_params values
    - power: supply: sysfs: ratelimit property read error message
    - irqchip/gic-v3-its: Fix LPI release for Multi-MSI devices
    - f2fs: check all the data segments against all node ones
    - PCI: hv: Avoid use of hv_pci_dev->pci_slot after freeing it
    - blk-mq: move cancel of requeue_work to the front of blk_exit_queue
    - Revert "f2fs: avoid out-of-range memory access"
    - dm zoned: fix invalid memory access
    - f2fs: fix to do sanity check on segment bitmap of LFS curseg
    - drm: Flush output polling on shutdown
    - net: don't warn in inet diag when IPV6 is disabled
    - ACPI: video: Add new hw_changes_brightness quirk, set it on PB Easynote MZ35
    - xfs: don't crash on null attr fork xfs_bmapi_read
    - Bluetooth: btrtl: Additional Realtek 8822CE Bluetooth devices
    - f2fs: use generic EFSBADCRC/EFSCORRUPTED
    - arcnet: provide a buffer big enough to actually receive packets
    - cdc_ncm: fix divide-by-zero caused by invalid wMaxPacketSize
    - macsec: drop skb sk before calling gro_cells_receive
    - net/phy: fix DP83865 10 Mbps HDX loopback disable function
    - net: qrtr: Stop rx_worker before freeing node
    - net/sched: act_sample: don't push mac header on ip6gre ingress
    - net_sched: add max len check for TCA_KIND
    - openvswitch: change type of UPCALL_PID attribute to NLA_UNSPEC
    - ppp: Fix memory leak in ppp_write
    - sch_netem: fix a divide by zero in tabledist()
    - skge: fix checksum byte order
    - usbnet: ignore endpoints with invalid wMaxPacketSize
    - usbnet: sanity checking of packet sizes and device mtu
    - net/mlx5: Add device ID of upcoming BlueField-2
    - mISDN: enforce CAP_NET_RAW for raw sockets
    - appletalk: enforce CAP_NET_RAW for raw sockets
    - ax25: enforce CAP_NET_RAW for raw sockets
    - ieee802154: enforce CAP_NET_RAW for raw sockets
    - nfc: enforce CAP_NET_RAW for raw sockets
    - ALSA: hda: Flush interrupts on disabling
    - regulator: lm363x: Fix off-by-one n_voltages for lm3632 ldo_vpos/ldo_vneg
    - ASoC: sgtl5000: Fix charge pump source assignment
    - dmaengine: bcm2835: Print error in case setting DMA mask fails
    - leds: leds-lp5562 allow firmware files up to the maximum length
    - media: dib0700: fix link error for dibx000_i2c_set_speed
    - media: mtk-cir: lower de-glitch counter for rc-mm protocol
    - media: exynos4-is: fix leaked of_node references
    - media: hdpvr: Add device num check and handling
    - media: i2c: ov5640: Check for devm_gpiod_get_optional() error
    - sched/fair: Fix imbalance due to CPU affinity
    - sched/core: Fix CPU controller for !RT_GROUP_SCHED
    - x86/reboot: Always use NMI fallback when shutdown via reboot vector IPI
      fails
    - x86/apic: Soft disable APIC before initializing it
    - ALSA: hda - Show the fatal CORB/RIRB error more clearly
    - ALSA: i2c: ak4xxx-adda: Fix a possible null pointer dereference in
      build_adc_controls()
    - EDAC/mc: Fix grain_bits calculation
    - media: iguanair: add sanity checks
    - base: soc: Export soc_device_register/unregister APIs
    - ALSA: usb-audio: Skip bSynchAddress endpoint check if it is invalid
    - ia64:unwind: fix double free for mod->arch.init_unw_table
    - EDAC/altera: Use the proper type for the IRQ status bits
    - ASoC: rsnd: don't call clk_get_rate() under atomic context
    - md/raid1: end bio when the device faulty
    - md: don't call spare_active in md_reap_sync_thread if all member devices
      can't work
    - md: don't set In_sync if array is frozen
    - ACPI / processor: don't print errors for processorIDs == 0xff
    - EDAC, pnd2: Fix ioremap() size in dnv_rd_reg()
    - efi: cper: print AER info of PCIe fatal error
    - sched/fair: Use rq_lock/unlock in online_fair_sched_group
    - media: gspca: zero usb_buf on error
    - perf test vfs_getname: Disable ~/.perfconfig to get default output
    - media: mtk-mdp: fix reference count on old device tree
    - media: fdp1: Reduce FCP not found message level to debug
    - media: rc: imon: Allow iMON RC protocol for ffdc 7e device
    - dmaengine: iop-adma: use correct printk format strings
    - perf record: Support aarch64 random socket_id assignment
    - media: i2c: ov5645: Fix power sequence
    - media: omap3isp: Don't set streaming state on random subdevs
    - media: imx: mipi csi-2: Don't fail if initial state times-out
    - net: lpc-enet: fix printk format strings
    - ARM: dts: imx7d: cl-som-imx7: make ethernet work again
    - media: radio/si470x: kill urb on error
    - media: hdpvr: add terminating 0 at end of string
    - nbd: add missing config put
    - media: dvb-core: fix a memory leak bug
    - libperf: Fix alignment trap with xyarray contents in 'perf stat'
    - EDAC/amd64: Recognize DRAM device type ECC capability
    - EDAC/amd64: Decode syndrome before translating address
    - PM / devfreq: passive: Use non-devm notifiers
    - PM / devfreq: exynos-bus: Correct clock enable sequence
    - media: cec-notifier: clear cec_adap in cec_notifier_unregister
    - media: saa7146: add cleanup in hexium_attach()
    - media: cpia2_usb: fix memory leaks
    - media: saa7134: fix terminology around saa7134_i2c_eeprom_md7134_gate()
    - perf trace beauty ioctl: Fix off-by-one error in cmd->string table
    - media: ov9650: add a sanity check
    - ASoC: es8316: fix headphone mixer volume table
    - ACPI / CPPC: do not require the _PSD method
    - arm64: kpti: ensure patched kernel text is fetched from PoU
    - nvmet: fix data units read and written counters in SMART log
    - iommu/amd: Silence warnings under memory pressure
    - iommu/iova: Avoid false sharing on fq_timer_on
    - libtraceevent: Change users plugin directory
    - ARM: dts: exynos: Mark LDO10 as always-on on Peach Pit/Pi Chromebooks
    - ACPI: custom_method: fix memory leaks
    - ACPI / PCI: fix acpi_pci_irq_enable() memory leak
    - hwmon: (acpi_power_meter) Change log level for 'unsafe software power cap'
    - md/raid1: fail run raid1 array when active disk less than one
    - dmaengine: ti: edma: Do not reset reserved paRAM slots
    - kprobes: Prohibit probing on BUG() and WARN() address
    - s390/crypto: xts-aes-s390 fix extra run-time crypto self tests finding
    - ASoC: dmaengine: Make the pcm->name equal to pcm->id if the name is not set
    - raid5: don't set STRIPE_HANDLE to stripe which is in batch list
    - mmc: core: Clarify sdio_irq_pending flag for MMC_CAP2_SDIO_IRQ_NOTHREAD
    - mmc: sdhci: Fix incorrect switch to HS mode
    - raid5: don't increment read_errors on EILSEQ return
    - libertas: Add missing sentinel at end of if_usb.c fw_table
    - ALSA: hda - Drop unsol event handler for Intel HDMI codecs
    - drm/amd/powerplay/smu7: enforce minimal VBITimeout (v2)
    - media: ttusb-dec: Fix info-leak in ttusb_dec_send_command()
    - ALSA: hda/realtek - Blacklist PC beep for Lenovo ThinkCentre M73/93
    - btrfs: extent-tree: Make sure we only allocate extents from block groups
      with the same type
    - media: omap3isp: Set device on omap3isp subdevs
    - PM / devfreq: passive: fix compiler warning
    - ALSA: firewire-tascam: handle error code when getting current source of
      clock
    - ALSA: firewire-tascam: check intermediate state of clock status and retry
    - scsi: scsi_dh_rdac: zero cdb in send_mode_select()
    - printk: Do not lose last line in kmsg buffer dump
    - IB/hfi1: Define variables as unsigned long to fix KASAN warning
    - randstruct: Check member structs in is_pure_ops_struct()
    - ALSA: hda/realtek - Fixup mute led on HP Spectre x360
    - fuse: fix missing unlock_page in fuse_writepage()
    - parisc: Disable HP HSC-PCI Cards to prevent kernel crash
    - x86/retpolines: Fix up backport of a9d57ef15cbe
    - KVM: x86: always stop emulation on page fault
    - KVM: x86: set ctxt->have_exception in x86_decode_insn()
    - KVM: x86: Manually calculate reserved bits when loading PDPTRS
    - media: sn9c20x: Add MSI MS-1039 laptop to flip_dmi_table
    - binfmt_elf: Do not move brk for INTERP-less ET_EXEC
    - ASoC: Intel: NHLT: Fix debug print format
    - ASoC: Intel: Skylake: Use correct function to access iomem space
    - ASoC: Intel: Fix use of potentially uninitialized variable
    - ARM: samsung: Fix system restart on S3C6410
    - ARM: zynq: Use memcpy_toio instead of memcpy on smp bring-up
    - arm64: dts: rockchip: limit clock rate of MMC controllers for RK3328
    - alarmtimer: Use EOPNOTSUPP instead of ENOTSUPP
    - regulator: Defer init completion for a while after late_initcall
    - gfs2: clear buf_in_tr when ending a transaction in sweep_bh_for_rgrps
    - memcg, oom: don't require __GFP_FS when invoking memcg OOM killer
    - memcg, kmem: do not fail __GFP_NOFAIL charges
    - ovl: filter of trusted xattr results in audit
    - Btrfs: fix use-after-free when using the tree modification log
    - btrfs: Relinquish CPUs in btrfs_compare_trees
    - btrfs: qgroup: Fix the wrong target io_tree when freeing reserved data space
    - md/raid6: Set R5_ReadError when there is read failure on parity disk
    - md: don't report active array_state until after revalidate_disk() completes.
    - md: only call set_in_sync() when it is expected to succeed.
    - cfg80211: Purge frame registrations on iftype change
    - /dev/mem: Bail out upon SIGKILL.
    - ext4: fix warning inside ext4_convert_unwritten_extents_endio
    - ext4: fix punch hole for inline_data file systems
    - quota: fix wrong condition in is_quota_modification()
    - hwrng: core - don't wait on add_early_randomness()
    - i2c: riic: Clear NACK in tend isr
    - CIFS: fix max ea value size
    - CIFS: Fix oplock handling for SMB 2.1+ protocols
    - md/raid0: avoid RAID0 data corruption due to layout confusion.
    - mm/compaction.c: clear total_{migrate,free}_scanned before scanning a new
      zone
    - btrfs: qgroup: Drop quota_root and fs_info parameters from
      update_qgroup_status_item
    - Btrfs: fix race setting up and completing qgroup rescan workers
    - net/ibmvnic: free reset work of removed device from queue
    - HID: Add quirk for HP X500 PIXART OEM mouse
    - net/mlx5e: Set ECN for received packets using CQE indication
    - net/mlx5e: don't set CHECKSUM_COMPLETE on SCTP packets
    - mlx5: fix get_ip_proto()
    - net/mlx5e: Allow reporting of checksum unnecessary
    - net/mlx5e: XDP, Avoid checksum complete when XDP prog is loaded
    - net/mlx5e: Rx, Check ip headers sanity
    - bcache: remove redundant LIST_HEAD(journal) from run_cache_set()
    - initramfs: don't free a non-existent initrd
    - blk-mq: change gfp flags to GFP_NOIO in blk_mq_realloc_hw_ctxs
    - net/ibmvnic: Fix missing { in __ibmvnic_reset
    - net_sched: check cops->tcf_block in tc_bind_tclass()
    - loop: Add LOOP_SET_BLOCK_SIZE in compat ioctl
    - loop: Add LOOP_SET_DIRECT_IO to compat ioctl
    - perf config: Honour $PERF_CONFIG env var to specify alternate .perfconfig
    - ASoC: sun4i-i2s: Don't use the oversample to calculate BCLK
    - posix-cpu-timers: Sanitize bogus WARNONS
    - x86/apic/vector: Warn when vector space exhaustion breaks affinity
    - x86/mm/pti: Do not invoke PTI functions when PTI is disabled
    - x86/mm/pti: Handle unaligned address gracefully in pti_clone_pagetable()
    - libata/ahci: Drop PCS quirk for Denverton and beyond
    - x86/cpu: Add Tiger Lake to Intel family
    - platform/x86: intel_pmc_core: Do not ioremap RAM
    - mmc: core: Add helper function to indicate if SDIO IRQs is enabled
    - mmc: dw_mmc: Re-store SDIO IRQs mask at system resume
    - iwlwifi: fw: don't send GEO_TX_POWER_LIMIT command to FW version 36
    - Revert "ceph: use ceph_evict_inode to cleanup inode's resource"
    - ceph: use ceph_evict_inode to cleanup inode's resource
    - ALSA: hda/realtek - PCI quirk for Medion E4254
    - smb3: allow disabling requesting leases
    - btrfs: fix allocation of free space cache v1 bitmap pages
    - drm/amd/display: Restore backlight brightness after system resume

-- Andrea Righi <andrea.righi@canonical.com>  Thu, 07 Nov 2019 15:38:04 +0100

Changed in linux-aws (Ubuntu Bionic):
status:	Confirmed → Fix Released

Andy Whitcroft (apw) on 2019-11-13

tags:	removed: kernel-sru-derivative-of-1849855
description:	updated
tags:	removed: kernel-release-tracking-bug-live
Changed in kernel-sru-workflow:
status:	In Progress → Invalid

Kernel SRU Workflow

bionic/linux-aws: 4.15.0-1053.55 -proposed tracker

Bug Description

CVE References

Other bug subscribers

Remote bug watches

	Status	Importance	Assigned to
Kernel SRU Workflow	Invalid	Medium	Unassigned
Automated-testing	Invalid	Medium	Canonical Kernel Team
Certification-testing	Invalid	Medium	Canonical Hardware Certification
Prepare-package	Invalid	Medium	Khaled El Mously
Prepare-package-lrm	Invalid	Medium	Khaled El Mously
Prepare-package-meta	Invalid	Medium	Khaled El Mously
Promote-to-proposed	Invalid	Medium	Andy Whitcroft
Promote-to-security	New	Medium	Ubuntu Stable Release Updates Team
Promote-to-updates	New	Medium	Ubuntu Stable Release Updates Team
Regression-testing	Fix Released	Medium	Po-Hsu Lin
Security-signoff	Fix Released	Medium	Steve Beattie
Verification-testing	Fix Released	Medium	Canonical Kernel Team
linux-aws (Ubuntu)	Invalid	Undecided	Unassigned
Bionic	Fix Released	Medium	Unassigned