Disco update: v5.0.4 upstream stable release

Bug #1821607 reported by Seth Forshee on 2019-03-25
10
This bug affects 1 person
Affects Status Importance Assigned to Milestone
linux-azure (Ubuntu)
Undecided
Seth Forshee
Disco
Undecided
Seth Forshee

Bug Description

SRU Justification

    Impact:
       The upstream process for stable tree updates is quite similar
       in scope to the Ubuntu SRU process, e.g., each patch has to
       demonstrably fix a bug, and each patch is vetted by upstream
       by originating either directly from a mainline/stable Linux tree or
       a minimally backported form of that patch. The following upstream
       stable patches should be included in the Ubuntu kernel:

       v5.0.4 upstream stable release
       from git://git.kernel.org/

Linux 5.0.4
SUNRPC: Respect RPC call timeouts when retrying transmission
SUNRPC: Fix up RPC back channel transmission
SUNRPC: Prevent thundering herd when the socket is not connected
s390/setup: fix boot crash for machine without EDAT-1
net: dsa: lantiq_gswip: fix OF child-node lookups
net: dsa: lantiq_gswip: fix use-after-free on failed probe
KVM: nVMX: Check a single byte for VMCS "launched" in nested early checks
KVM: nVMX: Ignore limit checks on VMX instructions using flat segments
KVM: nVMX: Apply addr size mask to effective address for VMX instructions
KVM: nVMX: Sign extend displacements of VMX instr's mem operands
KVM: x86/mmu: Do not cache MMIO accesses while memslots are in flux
KVM: x86/mmu: Detect MMIO generation wrap in any address space
KVM: VMX: Zero out *all* general purpose registers after VM-Exit
KVM: VMX: Compare only a single byte for VMCS' "launched" in vCPU-run
KVM: Call kvm_arch_memslots_updated() before updating memslots
drm/amd/display: don't call dm_pp_ function from an fpu block
drm/amd/powerplay: correct power reading on fiji
drm/radeon/evergreen_cs: fix missing break in switch statement
drm/fb-helper: generic: Fix drm_fbdev_client_restore()
media: imx: csi: Stop upstream before disabling IDMA channel
media: imx: csi: Disable CSI immediately after last EOF
media: imx-csi: Input connections to CSI should be optional
media: vimc: Add vimc-streamer for stream control
media: uvcvideo: Avoid NULL pointer dereference at the end of streaming
media: sun6i: Fix CSI regmap's max_register
media: lgdt330x: fix lock status reporting
media: imx: prpencvf: Stop upstream before disabling IDMA channel
rcu: Do RCU GP kthread self-wakeup from softirq and interrupt
tpm: Unify the send callback behaviour
tpm/tpm_crb: Avoid unaligned reads in crb_recv()
x86/ftrace: Fix warning and considate ftrace_jmp_replace() and ftrace_call_replace()
x86/kvmclock: set offset for kvm unstable clock
md: Fix failed allocation of md_register_thread
perf intel-pt: Fix divide by zero when TSC is not available
perf/x86/intel/uncore: Fix client IMC events return huge result
perf intel-pt: Fix overlap calculation for padding
perf auxtrace: Define auxtrace record alignment
perf tools: Fix split_kallsyms_for_kcore() for trampoline symbols
perf intel-pt: Fix CYC timestamp calculation after OVF
x86/unwind/orc: Fix ORC unwind table alignment
vt: perform safe console erase in the right order
stable-kernel-rules.rst: add link to networking patch queue
bcache: use (REQ_META|REQ_PRIO) to indicate bio for metadata
bcache: treat stale && dirty keys as bad keys
PM / OPP: Update performance state when freq == old_freq
PM / wakeup: Rework wakeup source timer cancellation
svcrpc: fix UDP on servers with lots of threads
NFSv4.1: Reinitialise sequence results before retransmitting a request
nfsd: fix wrong check in write_v4_end_grace()
nfsd: fix memory corruption caused by readdir
nfsd: fix performance-limiting session calculation
NFS: Don't recoalesce on error in nfs_pageio_complete_mirror()
NFS: Fix an I/O request leakage in nfs_do_recoalesce
NFS: Fix I/O request leakages
cpuidle: governor: Add new governors to cpuidle_governors again
cpcap-charger: generate events for userspace
mfd: sm501: Fix potential NULL pointer dereference
media: cx25840: mark pad sig_types to fix cx231xx init
dm integrity: limit the rate of error messages
dm: fix to_sector() for 32bit
ipmi_si: fix use-after-free of resource->name
ipmi_si: Fix crash when using hard-coded device
Revert "KVM/MMU: Flush tlb directly in the kvm_zap_gfn_range()"
arm64: KVM: Fix architecturally invalid reset value for FPEXC32_EL2
arm64: debug: Ensure debug handlers check triggering exception level
arm64: debug: Don't propagate UNKNOWN FAR into si_code for debug signals
arm64: Fix HCR.TGE status for NMI contexts
ARM: s3c24xx: Fix boolean expressions in osiris_dvs_notify
powerpc/traps: Fix the message printed when stack overflows
powerpc/traps: fix recoverability of machine check handling on book3s/32
powerpc/smp: Fix NMI IPI xmon timeout
powerpc/smp: Fix NMI IPI timeout
powerpc/hugetlb: Don't do runtime allocation of 16G pages in LPAR configuration
powerpc/ptrace: Simplify vr_get/set() to avoid GCC warning
powerpc: Fix 32-bit KVM-PR lockup and host crash with MacOS guest
powerpc/64s/hash: Fix assert_slb_presence() use of the slbfee. instruction
powerpc/powernv: Don't reprogram SLW image on every KVM guest entry/exit
powerpc/kvm: Save and restore host AMR/IAMR/UAMOR
powerpc/83xx: Also save/restore SPRG4-7 during suspend
powerpc/powernv: Make opal log only readable by root
powerpc/wii: properly disable use of BATs when requested.
powerpc/32: Clear on-stack exception marker upon exception return
security/selinux: fix SECURITY_LSM_NATIVE_LABELS on reused superblock
selinux: add the missing walk_size + len check in selinux_sctp_bind_connect
jbd2: fix compile warning when using JBUFFER_TRACE
jbd2: clear dirty flag when revoking a buffer from an older transaction
serial: 8250_pci: Have ACCES cards that use the four port Pericom PI7C9X7954 chip use the pci_pericom_setup()
serial: 8250_pci: Fix number of ports for ACCES serial cards
serial: 8250_of: assume reg-shift of 2 for mrvl,mmp-uart
serial: uartps: Fix stuck ISR if RX disabled with non-empty FIFO
dmaengine: usb-dmac: Make DMAC system sleep callbacks explicit
usb: typec: tps6598x: handle block writes separately with plain-I2C adapters
usb: chipidea: tegra: Fix missed ci_hdrc_remove_device()
clk: ingenic: Fix doc of ingenic_cgu_div_info
clk: ingenic: Fix round_rate misbehaving with non-integer dividers
clk: samsung: exynos5: Fix kfree() of const memory on setting driver_override
clk: samsung: exynos5: Fix possible NULL pointer exception on platform_device_alloc() failure
clk: clk-twl6040: Fix imprecise external abort for pdmclk
clk: uniphier: Fix update register for CPU-gear
ext2: Fix underflow in ext2_max_size()
cxl: Wrap iterations over afu slices inside 'afu_list_lock'
IB/rdmavt: Fix concurrency panics in QP post_send and modify to error
IB/rdmavt: Fix loopback send with invalidate ordering
IB/hfi1: Close race condition on user context disable and close
PCI: pci-bridge-emul: Extend pci_bridge_emul_init() with flags
PCI: pci-bridge-emul: Create per-bridge copy of register behavior
PCI: dwc: skip MSI init if MSIs have been explicitly disabled
PCI: qcom: Don't deassert reset GPIO during probe
PCI/DPC: Fix print AER status in DPC event handling
PCI/ASPM: Use LTR if already enabled by platform
swiotlb: Add is_swiotlb_active() function
swiotlb: Introduce swiotlb_max_mapping_size()
dma: Introduce dma_max_mapping_size()
ext4: fix crash during online resizing
ext4: add mask of ext4 flags to swap
ext4: update quota information while swapping boot loader inode
gpio: pca953x: Fix dereference of irq data in shutdown
media: i2c: ov5640: Fix post-reset delay
i2c: tegra: update maximum transfer size
i2c: tegra: fix maximum transfer size
parport_pc: fix find_superio io compare code, should use equal test.
intel_th: Don't reference unassigned outputs
device property: Fix the length used in PROPERTY_ENTRY_STRING()
nvmem: core: don't check the return value of notifier chain call
kernel/sysctl.c: add missing range check in do_proc_dointvec_minmax_conv
mm/memory.c: do_fault: avoid usage of stale vm_area_struct
mm/vmalloc: fix size check for remap_vmalloc_range_partial()
mm: hwpoison: fix thp split handing in soft_offline_in_use_page()
ext4: cleanup pagecache before swap i_data
ext4: fix check of inode in swap_inode_boot_loader
cpufreq: pxa2xx: remove incorrect __init annotation
cpufreq: tegra124: add missing of_node_put()
cpufreq: kryo: Release OPP tables on module removal
x86/kprobes: Prohibit probing on optprobe template code
irqchip/brcmstb-l2: Use _irqsave locking variants in non-interrupt code
irqchip/gic-v3-its: Avoid parsing _indirect_ twice for Device table
libertas_tf: don't set URB_ZERO_PACKET on IN USB transfer
soc: qcom: rpmh: Avoid accessing freed memory from batch API
Btrfs: fix deadlock between clone/dedupe and rename
Btrfs: fix corruption reading shared and compressed extents after hole punching
btrfs: init csum_list before possible free
btrfs: ensure that a DUP or RAID1 block group has exactly two stripes
btrfs: drop the lock on error in btrfs_dev_replace_cancel
btrfs: scrub: fix circular locking dependency warning
Btrfs: setup a nofs context for memory allocation at __btrfs_set_acl
Btrfs: setup a nofs context for memory allocation at btrfs_create_tree()
m68k: Add -ffreestanding to CFLAGS
ovl: Do not lose security.capability xattr over metadata file copy-up
ovl: During copy up, first copy up data and then xattrs
splice: don't merge into linked buffers
fs/devpts: always delete dcache dentry-s in dput()
scsi: qla2xxx: Use complete switch scan for RSCN events
scsi: qla2xxx: Avoid PCI IRQ affinity mapping when multiqueue is not supported
scsi: qla2xxx: Fix LUN discovery if loop id is not assigned yet by firmware
scsi: target/iscsi: Avoid iscsit_release_commands_from_conn() deadlock
scsi: sd: Optimal I/O size should be a multiple of physical block size
scsi: aacraid: Fix performance issue on logical drives
scsi: virtio_scsi: don't send sc payload with tmfs
s390/virtio: handle find on invalid queue gracefully
s390/setup: fix early warning messages
s390: vfio_ap: link the vfio_ap devices to the vfio_ap bus subsystem
clocksource/drivers/arch_timer: Workaround for Allwinner A64 timer instability
clocksource/drivers/exynos_mct: Clear timer interrupt when shutdown
clocksource/drivers/exynos_mct: Move one-shot check from tick clear to ISR
mt76: fix corrupted software generated tx CCMP PN
regulator: s2mpa01: Fix step values for some LDOs
regulator: max77620: Initialize values for DT properties
regulator: s2mps11: Fix steps for buck7, buck8 and LDO35
spi: spi-gpio: fix SPI_CS_HIGH capability
spi: omap2-mcspi: Fix DMA and FIFO event trigger size mismatch
spi: pxa2xx: Setup maximum supported DMA transfer length
spi: ti-qspi: Fix mmap read when more than one CS in use
mmc:fix a bug when max_discard is 0
mmc: renesas_sdhi: Fix card initialization failure in high speed mode
mmc: sdhci-esdhc-imx: fix HS400 timing issue
ACPI / device_sysfs: Avoid OF modalias creation for removed device
xen: fix dom0 boot on huge systems
vmw_balloon: release lock on error in vmballoon_reset()
tracing/perf: Use strndup_user() instead of buggy open-coded version
tracing: Do not free iter->trace in fail path of tracing_open_pipe()
tracing: Use strncpy instead of memcpy for string keys in hist triggers
smb3: make default i/o size for smb3 mounts larger
CIFS: Fix read after write for files with read caching
CIFS: Do not skip SMB2 message IDs on send failures
CIFS: Do not reset lease state to NONE on lease break
CIFS: Fix leaking locked VFS cache pages in writeback retry
crypto: arm64/aes-ccm - fix bugs in non-NEON fallback routine
crypto: arm64/aes-ccm - fix logical bug in AAD MAC handling
crypto: x86/morus - fix handling chunked inputs and MAY_SLEEP
crypto: x86/aesni-gcm - fix crash on empty plaintext
crypto: x86/aegis - fix handling chunked inputs and MAY_SLEEP
crypto: testmgr - skip crc32c context test for ahash algorithms
crypto: skcipher - set CRYPTO_TFM_NEED_KEY if ->setkey() fails
crypto: pcbc - remove bogus memcpy()s with src == dest
crypto: morus - fix handling chunked inputs
crypto: hash - set CRYPTO_TFM_NEED_KEY if ->setkey() fails
crypto: arm64/crct10dif - revert to C code for short inputs
crypto: arm64/aes-neonbs - fix returning final keystream block
crypto: arm/crct10dif - revert to C code for short inputs
crypto: aegis - fix handling chunked inputs
crypto: aead - set CRYPTO_TFM_NEED_KEY if ->setkey() fails
fix cgroup_do_mount() handling of failure exits
libnvdimm: Fix altmap reservation size calculation
libnvdimm/pmem: Honor force_raw for legacy pmem regions
libnvdimm, pfn: Fix over-trim in trim_pfn_device()
libnvdimm/label: Clear 'updating' flag after label-set update
nfit/ars: Attempt short-ARS even in the no_init_ars case
nfit/ars: Attempt a short-ARS whenever the ARS state is idle at boot
acpi/nfit: Fix bus command validation
nfit: acpi_nfit_ctl(): Check out_obj->type in the right place
nfit: Fix nfit_intel_shutdown_status() command submission
dax: Flush partial PMDs correctly
crypto: rockchip - update new iv to device in multiple operations
crypto: rockchip - fix scatterlist nents error
crypto: ahash - fix another early termination in hash walk
crypto: ofb - fix handling partial blocks and make thread-safe
crypto: cfb - remove bogus memcpy() with src == dest
crypto: cfb - add missing 'chunksize' property
crypto: ccree - don't copy zero size ciphertext
crypto: ccree - unmap buffer before copying IV
crypto: ccree - fix free of unallocated mlli buffer
crypto: caam - fix DMA mapping of stack memory
crypto: caam - fixed handling of sg list
crypto: ccree - fix missing break in switch statement
crypto: caam - fix hash context DMA unmap size
stm class: Fix an endless loop in channel allocation
stm class: Prevent division by zero
mei: bus: move hw module get/put to probe/release
mei: hbm: clean the feature flags on link reset
iio: adc: exynos-adc: Use proper number of channels for Exynos4x12
iio: adc: exynos-adc: Fix NULL pointer exception on unbind
ASoC: codecs: pcm186x: Fix energysense SLEEP bit
ASoC: codecs: pcm186x: fix wrong usage of DECLARE_TLV_DB_SCALE()
ASoC: fsl_esai: fix register setting issue in RIGHT_J mode
9p/net: fix memory leak in p9_client_create
9p: use inode->i_lock to protect i_size_write() under 32-bit

The following patches from this stable update had already been applied:

PCI: pciehp: Disable Data Link Layer State Changed event on suspend
bcache: never writeback a discard operation

CVE References

Seth Forshee (sforshee) on 2019-03-25
Changed in linux-azure (Ubuntu):
status: New → Confirmed
tags: added: kernel-stable-tracking-bug
Changed in linux-azure (Ubuntu Disco):
assignee: nobody → Seth Forshee (sforshee)
status: Confirmed → In Progress
Seth Forshee (sforshee) on 2019-03-25
description: updated
Changed in linux-azure (Ubuntu Disco):
status: In Progress → Fix Committed
Launchpad Janitor (janitor) wrote :
Download full text (50.3 KiB)

This bug was fixed in the package linux-azure - 5.0.0-1002.2

---------------
linux-azure (5.0.0-1002.2) disco; urgency=medium

  * linux-azure: 5.0.0-1002.2 -proposed tracker (LP: #1823220)

  * Set CONFIG_RANDOM_TRUST_CPU=y (LP: #1823754)
    - [Config] CONFIG_RANDOM_TRUST_CPU=y

  * PAGE_POISONING / PAGE_POISONING_NO_SANITY / PAGE_POISONING_ZERO option was
    expected to be set in C-KVM (LP: #1812624)
    - [Config]: enable PAGE_POISONING, PAGE_POISONING_NO_SANITY,
      PAGE_POISONING_ZERO

  * Add CONFIG_NO_HZ_FULL=y to linux-azure kernels (LP: #1818138)
    - [Config] linux-azure: CONFIG_NO_HZ_FULL=y

  * Miscellaneous Ubuntu changes
    - [Config] update configs after rebase to 5.0.0-10.11
    - Revert "UBUNTU: [Config] azure: CONFIG_HOTPLUG_CPU=n"

  [ Ubuntu: 5.0.0-10.11 ]

  * linux: 5.0.0-10.11 -proposed tracker (LP: #1823936)
  * Apparmor enforcement failure in lxc selftests (LP: #1823379)
    - SAUCE: apparmor: Restore Y/N in /sys for apparmor's "enabled"
  * systemd cause kernel trace "BUG: unable to handle kernel paging request at
    6db23a14" on Cosmic i386 (LP: #1813244)
    - openvswitch: fix flow actions reallocation

  [ Ubuntu: 5.0.0-9.10 ]

  * linux: 5.0.0-9.10 -proposed tracker (LP: #1823228)
  * Packaging resync (LP: #1786013)
    - [Packaging] resync git-ubuntu-log
    - [Packaging] update helper scripts
    - [Packaging] resync retpoline extraction
  * Huawei Hi1822 NIC has poor performance (LP: #1820187)
    - net-next/hinic: replace disable_irq_nosync/enable_irq
  * Add uid shifting overlay filesystem (shiftfs) (LP: #1823186)
    - shiftfs: uid/gid shifting bind mount
    - shiftfs: rework and extend
    - shiftfs: support some btrfs ioctls
    - [Config] enable shiftfs
  * Cannot boot or install - have to use nomodeset (LP: #1821820)
    - Revert "drm/i915/fbdev: Actually configure untiled displays"
  * Disco update: v5.0.6 upstream stable release (LP: #1823060)
    - netfilter: nf_tables: fix set double-free in abort path
    - dccp: do not use ipv6 header for ipv4 flow
    - genetlink: Fix a memory leak on error path
    - gtp: change NET_UDP_TUNNEL dependency to select
    - ipv6: make ip6_create_rt_rcu return ip6_null_entry instead of NULL
    - mac8390: Fix mmio access size probe
    - mISDN: hfcpci: Test both vendor & device ID for Digium HFC4S
    - net: aquantia: fix rx checksum offload for UDP/TCP over IPv6
    - net: datagram: fix unbounded loop in __skb_try_recv_datagram()
    - net/packet: Set __GFP_NOWARN upon allocation in alloc_pg_vec
    - net: phy: meson-gxl: fix interrupt support
    - net: rose: fix a possible stack overflow
    - net: stmmac: fix memory corruption with large MTUs
    - net-sysfs: call dev_hold if kobject_init_and_add success
    - net: usb: aqc111: Extend HWID table by QNAP device
    - packets: Always register packet sk in the same order
    - rhashtable: Still do rehash when we get EEXIST
    - sctp: get sctphdr by offset in sctp_compute_cksum
    - sctp: use memdup_user instead of vmemdup_user
    - tcp: do not use ipv6 header for ipv4 flow
    - tipc: allow service ranges to be connect()'ed on RDM/DGRAM
    - tipc: change to check tipc_own_id to return in tipc_net_stop
 ...

Changed in linux-azure (Ubuntu Disco):
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers