Disco update: v5.0.4 upstream stable release

Bug #1821607 reported by Seth Forshee on 2019-03-25
This bug affects 1 person
Affects Status Importance Assigned to Milestone
linux-azure (Ubuntu)
Seth Forshee
Seth Forshee

Bug Description

SRU Justification

       The upstream process for stable tree updates is quite similar
       in scope to the Ubuntu SRU process, e.g., each patch has to
       demonstrably fix a bug, and each patch is vetted by upstream
       by originating either directly from a mainline/stable Linux tree or
       a minimally backported form of that patch. The following upstream
       stable patches should be included in the Ubuntu kernel:

       v5.0.4 upstream stable release
       from git://git.kernel.org/

Linux 5.0.4
SUNRPC: Respect RPC call timeouts when retrying transmission
SUNRPC: Fix up RPC back channel transmission
SUNRPC: Prevent thundering herd when the socket is not connected
s390/setup: fix boot crash for machine without EDAT-1
net: dsa: lantiq_gswip: fix OF child-node lookups
net: dsa: lantiq_gswip: fix use-after-free on failed probe
KVM: nVMX: Check a single byte for VMCS "launched" in nested early checks
KVM: nVMX: Ignore limit checks on VMX instructions using flat segments
KVM: nVMX: Apply addr size mask to effective address for VMX instructions
KVM: nVMX: Sign extend displacements of VMX instr's mem operands
KVM: x86/mmu: Do not cache MMIO accesses while memslots are in flux
KVM: x86/mmu: Detect MMIO generation wrap in any address space
KVM: VMX: Zero out *all* general purpose registers after VM-Exit
KVM: VMX: Compare only a single byte for VMCS' "launched" in vCPU-run
KVM: Call kvm_arch_memslots_updated() before updating memslots
drm/amd/display: don't call dm_pp_ function from an fpu block
drm/amd/powerplay: correct power reading on fiji
drm/radeon/evergreen_cs: fix missing break in switch statement
drm/fb-helper: generic: Fix drm_fbdev_client_restore()
media: imx: csi: Stop upstream before disabling IDMA channel
media: imx: csi: Disable CSI immediately after last EOF
media: imx-csi: Input connections to CSI should be optional
media: vimc: Add vimc-streamer for stream control
media: uvcvideo: Avoid NULL pointer dereference at the end of streaming
media: sun6i: Fix CSI regmap's max_register
media: lgdt330x: fix lock status reporting
media: imx: prpencvf: Stop upstream before disabling IDMA channel
rcu: Do RCU GP kthread self-wakeup from softirq and interrupt
tpm: Unify the send callback behaviour
tpm/tpm_crb: Avoid unaligned reads in crb_recv()
x86/ftrace: Fix warning and considate ftrace_jmp_replace() and ftrace_call_replace()
x86/kvmclock: set offset for kvm unstable clock
md: Fix failed allocation of md_register_thread
perf intel-pt: Fix divide by zero when TSC is not available
perf/x86/intel/uncore: Fix client IMC events return huge result
perf intel-pt: Fix overlap calculation for padding
perf auxtrace: Define auxtrace record alignment
perf tools: Fix split_kallsyms_for_kcore() for trampoline symbols
perf intel-pt: Fix CYC timestamp calculation after OVF
x86/unwind/orc: Fix ORC unwind table alignment
vt: perform safe console erase in the right order
stable-kernel-rules.rst: add link to networking patch queue
bcache: use (REQ_META|REQ_PRIO) to indicate bio for metadata
bcache: treat stale && dirty keys as bad keys
PM / OPP: Update performance state when freq == old_freq
PM / wakeup: Rework wakeup source timer cancellation
svcrpc: fix UDP on servers with lots of threads
NFSv4.1: Reinitialise sequence results before retransmitting a request
nfsd: fix wrong check in write_v4_end_grace()
nfsd: fix memory corruption caused by readdir
nfsd: fix performance-limiting session calculation
NFS: Don't recoalesce on error in nfs_pageio_complete_mirror()
NFS: Fix an I/O request leakage in nfs_do_recoalesce
NFS: Fix I/O request leakages
cpuidle: governor: Add new governors to cpuidle_governors again
cpcap-charger: generate events for userspace
mfd: sm501: Fix potential NULL pointer dereference
media: cx25840: mark pad sig_types to fix cx231xx init
dm integrity: limit the rate of error messages
dm: fix to_sector() for 32bit
ipmi_si: fix use-after-free of resource->name
ipmi_si: Fix crash when using hard-coded device
Revert "KVM/MMU: Flush tlb directly in the kvm_zap_gfn_range()"
arm64: KVM: Fix architecturally invalid reset value for FPEXC32_EL2
arm64: debug: Ensure debug handlers check triggering exception level
arm64: debug: Don't propagate UNKNOWN FAR into si_code for debug signals
arm64: Fix HCR.TGE status for NMI contexts
ARM: s3c24xx: Fix boolean expressions in osiris_dvs_notify
powerpc/traps: Fix the message printed when stack overflows
powerpc/traps: fix recoverability of machine check handling on book3s/32
powerpc/smp: Fix NMI IPI xmon timeout
powerpc/smp: Fix NMI IPI timeout
powerpc/hugetlb: Don't do runtime allocation of 16G pages in LPAR configuration
powerpc/ptrace: Simplify vr_get/set() to avoid GCC warning
powerpc: Fix 32-bit KVM-PR lockup and host crash with MacOS guest
powerpc/64s/hash: Fix assert_slb_presence() use of the slbfee. instruction
powerpc/powernv: Don't reprogram SLW image on every KVM guest entry/exit
powerpc/kvm: Save and restore host AMR/IAMR/UAMOR
powerpc/83xx: Also save/restore SPRG4-7 during suspend
powerpc/powernv: Make opal log only readable by root
powerpc/wii: properly disable use of BATs when requested.
powerpc/32: Clear on-stack exception marker upon exception return
security/selinux: fix SECURITY_LSM_NATIVE_LABELS on reused superblock
selinux: add the missing walk_size + len check in selinux_sctp_bind_connect
jbd2: fix compile warning when using JBUFFER_TRACE
jbd2: clear dirty flag when revoking a buffer from an older transaction
serial: 8250_pci: Have ACCES cards that use the four port Pericom PI7C9X7954 chip use the pci_pericom_setup()
serial: 8250_pci: Fix number of ports for ACCES serial cards
serial: 8250_of: assume reg-shift of 2 for mrvl,mmp-uart
serial: uartps: Fix stuck ISR if RX disabled with non-empty FIFO
dmaengine: usb-dmac: Make DMAC system sleep callbacks explicit
usb: typec: tps6598x: handle block writes separately with plain-I2C adapters
usb: chipidea: tegra: Fix missed ci_hdrc_remove_device()
clk: ingenic: Fix doc of ingenic_cgu_div_info
clk: ingenic: Fix round_rate misbehaving with non-integer dividers
clk: samsung: exynos5: Fix kfree() of const memory on setting driver_override
clk: samsung: exynos5: Fix possible NULL pointer exception on platform_device_alloc() failure
clk: clk-twl6040: Fix imprecise external abort for pdmclk
clk: uniphier: Fix update register for CPU-gear
ext2: Fix underflow in ext2_max_size()
cxl: Wrap iterations over afu slices inside 'afu_list_lock'
IB/rdmavt: Fix concurrency panics in QP post_send and modify to error
IB/rdmavt: Fix loopback send with invalidate ordering
IB/hfi1: Close race condition on user context disable and close
PCI: pci-bridge-emul: Extend pci_bridge_emul_init() with flags
PCI: pci-bridge-emul: Create per-bridge copy of register behavior
PCI: dwc: skip MSI init if MSIs have been explicitly disabled
PCI: qcom: Don't deassert reset GPIO during probe
PCI/DPC: Fix print AER status in DPC event handling
PCI/ASPM: Use LTR if already enabled by platform
swiotlb: Add is_swiotlb_active() function
swiotlb: Introduce swiotlb_max_mapping_size()
dma: Introduce dma_max_mapping_size()
ext4: fix crash during online resizing
ext4: add mask of ext4 flags to swap
ext4: update quota information while swapping boot loader inode
gpio: pca953x: Fix dereference of irq data in shutdown
media: i2c: ov5640: Fix post-reset delay
i2c: tegra: update maximum transfer size
i2c: tegra: fix maximum transfer size
parport_pc: fix find_superio io compare code, should use equal test.
intel_th: Don't reference unassigned outputs
device property: Fix the length used in PROPERTY_ENTRY_STRING()
nvmem: core: don't check the return value of notifier chain call
kernel/sysctl.c: add missing range check in do_proc_dointvec_minmax_conv
mm/memory.c: do_fault: avoid usage of stale vm_area_struct
mm/vmalloc: fix size check for remap_vmalloc_range_partial()
mm: hwpoison: fix thp split handing in soft_offline_in_use_page()
ext4: cleanup pagecache before swap i_data
ext4: fix check of inode in swap_inode_boot_loader
cpufreq: pxa2xx: remove incorrect __init annotation
cpufreq: tegra124: add missing of_node_put()
cpufreq: kryo: Release OPP tables on module removal
x86/kprobes: Prohibit probing on optprobe template code
irqchip/brcmstb-l2: Use _irqsave locking variants in non-interrupt code
irqchip/gic-v3-its: Avoid parsing _indirect_ twice for Device table
libertas_tf: don't set URB_ZERO_PACKET on IN USB transfer
soc: qcom: rpmh: Avoid accessing freed memory from batch API
Btrfs: fix deadlock between clone/dedupe and rename
Btrfs: fix corruption reading shared and compressed extents after hole punching
btrfs: init csum_list before possible free
btrfs: ensure that a DUP or RAID1 block group has exactly two stripes
btrfs: drop the lock on error in btrfs_dev_replace_cancel
btrfs: scrub: fix circular locking dependency warning
Btrfs: setup a nofs context for memory allocation at __btrfs_set_acl
Btrfs: setup a nofs context for memory allocation at btrfs_create_tree()
m68k: Add -ffreestanding to CFLAGS
ovl: Do not lose security.capability xattr over metadata file copy-up
ovl: During copy up, first copy up data and then xattrs
splice: don't merge into linked buffers
fs/devpts: always delete dcache dentry-s in dput()
scsi: qla2xxx: Use complete switch scan for RSCN events
scsi: qla2xxx: Avoid PCI IRQ affinity mapping when multiqueue is not supported
scsi: qla2xxx: Fix LUN discovery if loop id is not assigned yet by firmware
scsi: target/iscsi: Avoid iscsit_release_commands_from_conn() deadlock
scsi: sd: Optimal I/O size should be a multiple of physical block size
scsi: aacraid: Fix performance issue on logical drives
scsi: virtio_scsi: don't send sc payload with tmfs
s390/virtio: handle find on invalid queue gracefully
s390/setup: fix early warning messages
s390: vfio_ap: link the vfio_ap devices to the vfio_ap bus subsystem
clocksource/drivers/arch_timer: Workaround for Allwinner A64 timer instability
clocksource/drivers/exynos_mct: Clear timer interrupt when shutdown
clocksource/drivers/exynos_mct: Move one-shot check from tick clear to ISR
mt76: fix corrupted software generated tx CCMP PN
regulator: s2mpa01: Fix step values for some LDOs
regulator: max77620: Initialize values for DT properties
regulator: s2mps11: Fix steps for buck7, buck8 and LDO35
spi: spi-gpio: fix SPI_CS_HIGH capability
spi: omap2-mcspi: Fix DMA and FIFO event trigger size mismatch
spi: pxa2xx: Setup maximum supported DMA transfer length
spi: ti-qspi: Fix mmap read when more than one CS in use
mmc:fix a bug when max_discard is 0
mmc: renesas_sdhi: Fix card initialization failure in high speed mode
mmc: sdhci-esdhc-imx: fix HS400 timing issue
ACPI / device_sysfs: Avoid OF modalias creation for removed device
xen: fix dom0 boot on huge systems
vmw_balloon: release lock on error in vmballoon_reset()
tracing/perf: Use strndup_user() instead of buggy open-coded version
tracing: Do not free iter->trace in fail path of tracing_open_pipe()
tracing: Use strncpy instead of memcpy for string keys in hist triggers
smb3: make default i/o size for smb3 mounts larger
CIFS: Fix read after write for files with read caching
CIFS: Do not skip SMB2 message IDs on send failures
CIFS: Do not reset lease state to NONE on lease break
CIFS: Fix leaking locked VFS cache pages in writeback retry
crypto: arm64/aes-ccm - fix bugs in non-NEON fallback routine
crypto: arm64/aes-ccm - fix logical bug in AAD MAC handling
crypto: x86/morus - fix handling chunked inputs and MAY_SLEEP
crypto: x86/aesni-gcm - fix crash on empty plaintext
crypto: x86/aegis - fix handling chunked inputs and MAY_SLEEP
crypto: testmgr - skip crc32c context test for ahash algorithms
crypto: skcipher - set CRYPTO_TFM_NEED_KEY if ->setkey() fails
crypto: pcbc - remove bogus memcpy()s with src == dest
crypto: morus - fix handling chunked inputs
crypto: hash - set CRYPTO_TFM_NEED_KEY if ->setkey() fails
crypto: arm64/crct10dif - revert to C code for short inputs
crypto: arm64/aes-neonbs - fix returning final keystream block
crypto: arm/crct10dif - revert to C code for short inputs
crypto: aegis - fix handling chunked inputs
crypto: aead - set CRYPTO_TFM_NEED_KEY if ->setkey() fails
fix cgroup_do_mount() handling of failure exits
libnvdimm: Fix altmap reservation size calculation
libnvdimm/pmem: Honor force_raw for legacy pmem regions
libnvdimm, pfn: Fix over-trim in trim_pfn_device()
libnvdimm/label: Clear 'updating' flag after label-set update
nfit/ars: Attempt short-ARS even in the no_init_ars case
nfit/ars: Attempt a short-ARS whenever the ARS state is idle at boot
acpi/nfit: Fix bus command validation
nfit: acpi_nfit_ctl(): Check out_obj->type in the right place
nfit: Fix nfit_intel_shutdown_status() command submission
dax: Flush partial PMDs correctly
crypto: rockchip - update new iv to device in multiple operations
crypto: rockchip - fix scatterlist nents error
crypto: ahash - fix another early termination in hash walk
crypto: ofb - fix handling partial blocks and make thread-safe
crypto: cfb - remove bogus memcpy() with src == dest
crypto: cfb - add missing 'chunksize' property
crypto: ccree - don't copy zero size ciphertext
crypto: ccree - unmap buffer before copying IV
crypto: ccree - fix free of unallocated mlli buffer
crypto: caam - fix DMA mapping of stack memory
crypto: caam - fixed handling of sg list
crypto: ccree - fix missing break in switch statement
crypto: caam - fix hash context DMA unmap size
stm class: Fix an endless loop in channel allocation
stm class: Prevent division by zero
mei: bus: move hw module get/put to probe/release
mei: hbm: clean the feature flags on link reset
iio: adc: exynos-adc: Use proper number of channels for Exynos4x12
iio: adc: exynos-adc: Fix NULL pointer exception on unbind
ASoC: codecs: pcm186x: Fix energysense SLEEP bit
ASoC: codecs: pcm186x: fix wrong usage of DECLARE_TLV_DB_SCALE()
ASoC: fsl_esai: fix register setting issue in RIGHT_J mode
9p/net: fix memory leak in p9_client_create
9p: use inode->i_lock to protect i_size_write() under 32-bit

The following patches from this stable update had already been applied:

PCI: pciehp: Disable Data Link Layer State Changed event on suspend
bcache: never writeback a discard operation

CVE References

Seth Forshee (sforshee) on 2019-03-25
Changed in linux-azure (Ubuntu):
status: New → Confirmed
tags: added: kernel-stable-tracking-bug
Changed in linux-azure (Ubuntu Disco):
assignee: nobody → Seth Forshee (sforshee)
status: Confirmed → In Progress
Seth Forshee (sforshee) on 2019-03-25
description: updated
Changed in linux-azure (Ubuntu Disco):
status: In Progress → Fix Committed
Launchpad Janitor (janitor) wrote :
Download full text (50.3 KiB)

This bug was fixed in the package linux-azure - 5.0.0-1002.2

linux-azure (5.0.0-1002.2) disco; urgency=medium

  * linux-azure: 5.0.0-1002.2 -proposed tracker (LP: #1823220)

  * Set CONFIG_RANDOM_TRUST_CPU=y (LP: #1823754)

    expected to be set in C-KVM (LP: #1812624)

  * Add CONFIG_NO_HZ_FULL=y to linux-azure kernels (LP: #1818138)
    - [Config] linux-azure: CONFIG_NO_HZ_FULL=y

  * Miscellaneous Ubuntu changes
    - [Config] update configs after rebase to 5.0.0-10.11
    - Revert "UBUNTU: [Config] azure: CONFIG_HOTPLUG_CPU=n"

  [ Ubuntu: 5.0.0-10.11 ]

  * linux: 5.0.0-10.11 -proposed tracker (LP: #1823936)
  * Apparmor enforcement failure in lxc selftests (LP: #1823379)
    - SAUCE: apparmor: Restore Y/N in /sys for apparmor's "enabled"
  * systemd cause kernel trace "BUG: unable to handle kernel paging request at
    6db23a14" on Cosmic i386 (LP: #1813244)
    - openvswitch: fix flow actions reallocation

  [ Ubuntu: 5.0.0-9.10 ]

  * linux: 5.0.0-9.10 -proposed tracker (LP: #1823228)
  * Packaging resync (LP: #1786013)
    - [Packaging] resync git-ubuntu-log
    - [Packaging] update helper scripts
    - [Packaging] resync retpoline extraction
  * Huawei Hi1822 NIC has poor performance (LP: #1820187)
    - net-next/hinic: replace disable_irq_nosync/enable_irq
  * Add uid shifting overlay filesystem (shiftfs) (LP: #1823186)
    - shiftfs: uid/gid shifting bind mount
    - shiftfs: rework and extend
    - shiftfs: support some btrfs ioctls
    - [Config] enable shiftfs
  * Cannot boot or install - have to use nomodeset (LP: #1821820)
    - Revert "drm/i915/fbdev: Actually configure untiled displays"
  * Disco update: v5.0.6 upstream stable release (LP: #1823060)
    - netfilter: nf_tables: fix set double-free in abort path
    - dccp: do not use ipv6 header for ipv4 flow
    - genetlink: Fix a memory leak on error path
    - gtp: change NET_UDP_TUNNEL dependency to select
    - ipv6: make ip6_create_rt_rcu return ip6_null_entry instead of NULL
    - mac8390: Fix mmio access size probe
    - mISDN: hfcpci: Test both vendor & device ID for Digium HFC4S
    - net: aquantia: fix rx checksum offload for UDP/TCP over IPv6
    - net: datagram: fix unbounded loop in __skb_try_recv_datagram()
    - net/packet: Set __GFP_NOWARN upon allocation in alloc_pg_vec
    - net: phy: meson-gxl: fix interrupt support
    - net: rose: fix a possible stack overflow
    - net: stmmac: fix memory corruption with large MTUs
    - net-sysfs: call dev_hold if kobject_init_and_add success
    - net: usb: aqc111: Extend HWID table by QNAP device
    - packets: Always register packet sk in the same order
    - rhashtable: Still do rehash when we get EEXIST
    - sctp: get sctphdr by offset in sctp_compute_cksum
    - sctp: use memdup_user instead of vmemdup_user
    - tcp: do not use ipv6 header for ipv4 flow
    - tipc: allow service ranges to be connect()'ed on RDM/DGRAM
    - tipc: change to check tipc_own_id to return in tipc_net_stop

Changed in linux-azure (Ubuntu Disco):
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers