Bionic update: upstream stable patchset 2018-05-24

Bug #1773233 reported by Kamal Mostafa on 2018-05-24
This bug affects 1 person
Affects Status Importance Assigned to Milestone
linux (Ubuntu)
Kamal Mostafa

Bug Description

SRU Justification

       The upstream process for stable tree updates is quite similar
       in scope to the Ubuntu SRU process, e.g., each patch has to
       demonstrably fix a bug, and each patch is vetted by upstream
       by originating either directly from a mainline/stable Linux tree or
       a minimally backported form of that patch. The following upstream
       stable patches should be included in the Ubuntu kernel:

       upstream stable patchset 2018-05-24 (ported from v4.14.36 and v4.16.4)
       from git://

HID: i2c-hid: fix inverted return value from i2c_hid_command()
device-dax: allow MAP_SYNC to succeed
libnvdimm, dimm: handle EACCES failures from label reads
drm/i915: Fix hibernation with ACPI S0 target state
s390: add support for IBM z14 Model ZR1
HID: i2c-hid: Fix resume issue on Raydium touchscreen device
pwm: mediatek: Improve precision in rate calculation
pwm: mediatek: Fix up PWM4 and PWM5 malfunction on MT7623
clk: tegra: Mark HCLK, SCLK and EMC as critical
trace_uprobe: Use %lx to display offset
drm/amd/display: HDMI has no sound after Panel power off/on
mmc: core: Prevent bus reference leak in mmc_blk_init()
drivers/infiniband/ulp/srpt/ib_srpt.c: fix build with gcc-4.4.4
drivers/infiniband/core/verbs.c: fix build with gcc-4.4.4
IB/srpt: Fix an out-of-bounds stack access in srpt_zerolength_write()
xprtrdma: Fix corner cases when handling device removal
xprtrdma: Fix latency regression on NUMA NFS/RDMA clients
RDMA/core: Avoid that ib_drain_qp() triggers an out-of-bounds stack access
ext4: force revalidation of directory pointer after seekdir(2)
ext4: fix offset overflow on 32-bit archs in ext4_iomap_begin()
ceph: always update atime/mtime/ctime for new inode
powerpc/64s: Fix pkey support in dt_cpu_ftrs, add CPU_FTR_PKEY bit
acpi, nfit: rework NVDIMM leaf method detection
media: rc: oops in ir_timer_keyup after device unplug
mm: hwpoison: disable memory error handling on 1GB hugepage
Bluetooth: hci_bcm: Add irq_polarity module option
writeback: safer lock nesting
media: staging: lirc_zilog: incorrect reference counting
Revert "media: lirc_zilog: driver only sends LIRCCODE"
mm/filemap.c: fix NULL pointer in page_cache_tree_insert()
autofs: mount point create should honour passed in mode
Don't leak MNT_INTERNAL away from internal mounts
rpc_pipefs: fix double-dput()
orangefs_kill_sb(): deal with allocation failures
hypfs_kill_super(): deal with failed allocations
jffs2_kill_sb(): deal with failed allocations
drm/i915: Correctly handle limited range YCbCr data on VLV/CHV
mmc: sdhci-pci: Only do AMD tuning for HS200
fanotify: fix logic of events on child
udf: Fix leak of UTF-16 surrogates into encoded strings
powerpc/lib: Fix off-by-one in alternate feature patching
powerpc/eeh: Fix enabling bridge MMIO windows
MIPS: memset.S: Fix clobber of v1 in last_fixup
MIPS: memset.S: Fix return of __clear_user from Lpartial_fixup
MIPS: memset.S: EVA & fault support for small_memset
MIPS: uaccess: Add micromips clobbers to bzero invocation
HID: wacom: bluetooth: send exit report for recent Bluetooth devices
HID: hidraw: Fix crash on HIDIOCGFEATURE with a destroyed device
HID: input: fix battery level reporting on BT mice
random: add new ioctl RNDRESEEDCRNG
random: crng_reseed() should lock the crng instance that it is modifying
random: use a different mixing algorithm for add_device_randomness()
random: fix crng_ready() test
ALSA: hda - New VIA controller suppor no-snoop path
ALSA: rawmidi: Fix missing input substream checks in compat ioctls
ALSA: line6: Use correct endpoint type for midi output
drm/radeon: Fix PCIe lane width calculation
drm/radeon: add PX quirk for Asus K73TK
drm/rockchip: Clear all interrupts before requesting the IRQ
drm/amdgpu/si: implement get/set pcie_lanes asic callback
drm/amdgpu: Fix PCIe lane width calculation
drm/amdgpu/sdma: fix mask in emit_pipeline_sync
drm/amdgpu: Fix always_valid bos multiple LRU insertions.
drm/amdgpu: Add an ATPX quirk for hybrid laptop
ALSA: pcm: Fix endless loop for XRUN recovery in OSS emulation
ALSA: pcm: Fix mutex unbalance in OSS emulation ioctls
ALSA: pcm: Return -EBUSY for OSS ioctls changing busy streams
ALSA: pcm: Avoid potential races between OSS ioctls and read/write
ALSA: pcm: Use ERESTARTSYS instead of EINTR in OSS emulation
watchdog: f71808e_wdt: Fix WD_EN register read
dt-bindings: clock: mediatek: add binding for fixed-factor clock axisel_d4
thermal: imx: Fix race condition in imx_thermal_probe()
pwm: rcar: Fix a condition to prevent mismatch value setting to duty
clk: bcm2835: De-assert/assert PLL reset signal when appropriate
clk: mediatek: fix PWM clock source by adding a fixed-factor clock
clk: fix false-positive Wmaybe-uninitialized warning
clk: mvebu: armada-38x: add support for missing clocks
PCI: Mark Broadcom HT1100 and HT2000 Root Port Extended Tags as broken
mmc: tmio: Fix error handling when issuing CMD23
mmc: jz4740: Fix race condition in IRQ mask update
iommu/vt-d: Fix a potential memory leak
um: Use POSIX ucontext_t instead of struct ucontext
um: Compile with modern headers
ring-buffer: Check if memory is available before allocation
nfit: skip region registration for incomplete control regions
nfit, address-range-scrub: fix scrub in-progress reporting
libnvdimm, namespace: use a safe lookup for dimm device name
libnvdimm, dimm: fix dpa reservation vs uninitialized label area
tpm: self test failure should not cause suspend to fail
cxl: Fix possible deadlock when processing page faults from cxllib
dmaengine: at_xdmac: fix rare residue corruption
IB/srp: Fix completion vector assignment algorithm
IB/srp: Fix srp_abort()
ALSA: pcm: Fix UAF at PCM release via PCM timer access
RDMA/rxe: Fix an out-of-bounds read
RDMA/mlx5: Protect from NULL pointer derefence
RDMA/ucma: Don't allow setting RDMA_OPTION_IB_PATH without an RDMA device
dm crypt: limit the number of allocated pages
ext4: add extra checks to ext4_xattr_block_get()
ext4: add bounds checking to ext4_xattr_find_entry()
ext4: move call to ext4_error() into ext4_xattr_check_block()
ext4: don't allow r/w mounts if metadata blocks overlap the superblock
ext4: always initialize the crc32c checksum driver
ext4: limit xattr size to INT_MAX
ext4: protect i_disksize update by i_data_sem in direct write path
ext4: don't update checksum of new initialized bitmaps
ext4: pass -ESHUTDOWN code to jbd2 layer
ext4: eliminate sleep from shutdown ioctl
ext4: shutdown should not prevent get_write_access
jbd2: if the journal is aborted then don't allow update of the log tail
block: use 32-bit blk_status_t on Alpha
extcon: intel-cht-wc: Set direction and drv flags for V5 boost GPIO
random: use a tighter cap in credit_entropy_bits_safe()
irqchip/gic: Take lock when updating irq type
ASoC: topology: Fix kcontrol name string handling
ASoC: ssm2602: Replace reg_default_raw with reg_default
soc: mediatek: fix the mistaken pointer accessed when subdomains are added
HID: core: Fix size as type u32
HID: Fix hid_report_len usage
powerpc/powernv: Fix OPAL NVRAM driver OPAL_BUSY loops
powerpc/powernv: define a standard delay for OPAL_BUSY type retry loops
powerpc/kexec_file: Fix error code when trying to load kdump kernel
powerpc/kprobes: Fix call trace due to incorrect preempt count
powerpc/64: Fix smp_wmb barrier definition use use lwsync consistently
powerpc/64: Call H_REGISTER_PROC_TBL when running as a HPT guest on POWER9
powerpc/64s: Fix dt_cpu_ftrs to have restore_cpu clear unwanted LPCR bits
CIFS: fix sha512 check in cifs_crypto_secmech_release
CIFS: add sha512 secmech
CIFS: refactor crypto shash/sdesc allocation&free
i2c: i801: Restore configuration at shutdown
i2c: i801: Save register SMBSLVCMD value only once
HID: i2c-hid: fix size check and type usage
smb3: Fix root directory when server returns inode number of zero
fix smb3-encryption breakage when CONFIG_DEBUG_SG=y
cifs: fix memory leak in SMB2_open()
usb: dwc3: gadget: never call ->complete() from ->ep_queue()
usb: dwc3: pci: Properly cleanup resource
usb: dwc3: prevent setting PRTCAP to OTG from debugfs
USB:fix USB3 devices behind USB3 hubs not resuming at hibernate thaw
USB: gadget: f_midi: fixing a possible double-free in f_midi
ACPI / hotplug / PCI: Check presence of slot itself in get_slot_status()
ACPI / video: Add quirk to force acpi-video backlight on Samsung 670Z5E
regmap: Fix reversed bounds check in regmap_raw_write()
x86/xen: Delay get_cpu_cap until stack canary is established
media: vsp1: Fix BRx conditional path in WPF
media: vivid: check if the cec_adapter is valid
media: atomisp_fops.c: disable atomisp_compat_ioctl32
spi: Fix unregistration of controller with fixed SPI bus number
spi: Fix scatterlist elements size in spi_map_buf
spi: atmel: init FIFOs before spi enable
ARM: dts: at91: sama5d4: fix pinctrl compatible string
ARM: dts: exynos: Fix IOMMU support for GScaler devices on Exynos5250
ARM: dts: at91: at91sam9g25: fix mux-mask pinctrl property
arm: dts: mt7623: fix USB initialization fails on bananapi-r2
ARM: EXYNOS: Fix coupled CPU idle freeze on Exynos4210
KVM: arm/arm64: vgic-its: Fix potential overrun in vgic_copy_lpi_list
ARM64: dts: meson: reduce odroid-c2 eMMC maximum rate
usb: gadget: udc: core: update usb_ep_queue() documentation
phy: allwinner: sun4i-usb: poll vbus changes on A23/A33 when driving VBUS
usb: musb: gadget: misplaced out of bounds check
mm, slab: reschedule cache_reap() on the same CPU
ipc/shm: fix use-after-free of shm file via remap_file_pages()
resource: fix integer overflow at reallocation
fs/reiserfs/journal.c: add missing resierfs_warning() arg
task_struct: only use anon struct under randstruct plugin
mm/hmm: hmm_pfns_bad() was accessing wrong struct
mm/ksm.c: fix inconsistent accounting of zero pages
ubi: Reject MLC NAND
ubi: Fix error for write access
ubi: fastmap: Don't flush fastmap work on detach
ubifs: Check ubifs_wbuf_sync() return code
cpufreq: CPPC: Use transition_delay_us depending transition_latency
tty: make n_tty_read() always abort if hangup is in progress

CVE References

tags: added: kernel-stable-tracking-bug
Changed in linux (Ubuntu Bionic):
assignee: nobody → Kamal Mostafa (kamalmostafa)
status: New → In Progress
description: updated
description: updated
summary: - Bionic update: upstream stable patchset
+ Bionic update: upstream stable patchset 2018-05-24
description: updated
Changed in linux (Ubuntu Bionic):
status: In Progress → Fix Committed
Launchpad Janitor (janitor) wrote :
Download full text (49.5 KiB)

This bug was fixed in the package linux - 4.15.0-24.26

linux (4.15.0-24.26) bionic; urgency=medium

  * linux: 4.15.0-24.26 -proposed tracker (LP: #1776338)

  * Bionic update: upstream stable patchset 2018-06-06 (LP: #1775483)
    - drm: bridge: dw-hdmi: Fix overflow workaround for Amlogic Meson GX SoCs
    - i40e: Fix attach VF to VM issue
    - tpm: cmd_ready command can be issued only after granting locality
    - tpm: tpm-interface: fix tpm_transmit/_cmd kdoc
    - tpm: add retry logic
    - Revert "ath10k: send (re)assoc peer command when NSS changed"
    - bonding: do not set slave_dev npinfo before slave_enable_netpoll in
    - ipv6: add RTA_TABLE and RTA_PREFSRC to rtm_ipv6_policy
    - ipv6: sr: fix NULL pointer dereference in seg6_do_srh_encap()- v4 pkts
    - KEYS: DNS: limit the length of option strings
    - l2tp: check sockaddr length in pppol2tp_connect()
    - net: validate attribute sizes in neigh_dump_table()
    - llc: delete timers synchronously in llc_sk_free()
    - tcp: don't read out-of-bounds opsize
    - net: af_packet: fix race in PACKET_{R|T}X_RING
    - tcp: md5: reject TCP_MD5SIG or TCP_MD5SIG_EXT on established sockets
    - net: fix deadlock while clearing neighbor proxy table
    - team: avoid adding twice the same option to the event list
    - net/smc: fix shutdown in state SMC_LISTEN
    - team: fix netconsole setup over team
    - packet: fix bitfield update race
    - tipc: add policy for TIPC_NLA_NET_ADDR
    - pppoe: check sockaddr length in pppoe_connect()
    - vlan: Fix reading memory beyond skb->tail in skb_vlan_tagged_multi
    - amd-xgbe: Add pre/post auto-negotiation phy hooks
    - sctp: do not check port in sctp_inet6_cmp_addr
    - amd-xgbe: Improve KR auto-negotiation and training
    - strparser: Do not call mod_delayed_work with a timeout of LONG_MAX
    - amd-xgbe: Only use the SFP supported transceiver signals
    - strparser: Fix incorrect strp->need_bytes value.
    - net: sched: ife: signal not finding metaid
    - tcp: clear tp->packets_out when purging write queue
    - net: sched: ife: handle malformed tlv length
    - net: sched: ife: check on metadata length
    - llc: hold llc_sap before release_sock()
    - llc: fix NULL pointer deref for SOCK_ZAPPED
    - net: ethernet: ti: cpsw: fix tx vlan priority mapping
    - virtio_net: split out ctrl buffer
    - virtio_net: fix adding vids on big-endian
    - KVM: s390: force bp isolation for VSIE
    - s390: correct module section names for expoline code revert
    - microblaze: Setup dependencies for ASM optimized lib functions
    - commoncap: Handle memory allocation failure.
    - scsi: mptsas: Disable WRITE SAME
    - cdrom: information leak in cdrom_ioctl_media_changed()
    - m68k/mac: Don't remap SWIM MMIO region
    - block/swim: Check drive type
    - block/swim: Don't log an error message for an invalid ioctl
    - block/swim: Remove extra put_disk() call from error path
    - block/swim: Rename macros to avoid inconsistent inverted logic
    - block/swim: Select appropriate drive on device open
    - block/swim: Fix array bounds check
    - block/swim: Fix IO error at end of medium

Changed in linux (Ubuntu Bionic):
status: Fix Committed → Fix Released
Launchpad Janitor (janitor) wrote :
Download full text (4.1 KiB)

This bug was fixed in the package linux - 4.15.0-29.31

linux (4.15.0-29.31) bionic; urgency=medium

  * linux: 4.15.0-29.31 -proposed tracker (LP: #1782173)

  * [SRU Bionic][Cosmic] kernel panic in ipmi_ssif at msg_done_handler
    (LP: #1777716)
    - ipmi_ssif: Fix kernel panic at msg_done_handler

  * Update to ocxl driver for 18.04.1 (LP: #1775786)
    - misc: ocxl: use put_device() instead of device_unregister()
    - powerpc: Add TIDR CPU feature for POWER9
    - powerpc: Use TIDR CPU feature to control TIDR allocation
    - powerpc: use task_pid_nr() for TID allocation
    - ocxl: Rename pnv_ocxl_spa_remove_pe to clarify it's action
    - ocxl: Expose the thread_id needed for wait on POWER9
    - ocxl: Add an IOCTL so userspace knows what OCXL features are available
    - ocxl: Document new OCXL IOCTLs
    - ocxl: Fix missing unlock on error in afu_ioctl_enable_p9_wait()

  * Critical upstream bugfix missing in Ubuntu 18.04 - frequent Xorg crash after
    suspend (LP: #1776887)
    - ocxl: Document the OCXL_IOCTL_GET_METADATA IOCTL

  * Hard LOCKUP observed on stressing Ubuntu 18 04 (LP: #1777194)
    - powerpc: use NMI IPI for smp_send_stop
    - powerpc: Fix smp_send_stop NMI IPI handling

  * IPL: ppc64_cpu --frequency hang with INFO: rcu_sched detected stalls on
    CPUs/tasks on w34 and wsbmc016 with 920.1714.20170330n (LP: #1773964)
    - rtc: opal: Fix OPAL RTC driver OPAL_BUSY loops

  * [Regression] EXT4-fs error (device sda2): ext4_validate_block_bitmap:383:
    comm stress-ng: bg 4705: bad block bitmap checksum (LP: #1781709)
    - SAUCE: Revert "UBUNTU: SAUCE: ext4: fix ext4_validate_inode_bitmap: comm
      stress-ng: Corrupt inode bitmap"
    - SAUCE: ext4: check for allocation block validity with block group locked

linux (4.15.0-28.30) bionic; urgency=medium

  * linux: 4.15.0-28.30 -proposed tracker (LP: #1781433)

  * Cannot set MTU higher than 1500 in Xen instance (LP: #1781413)
    - xen-netfront: Fix mismatched rtnl_unlock
    - xen-netfront: Update features after registering netdev

linux (4.15.0-27.29) bionic; urgency=medium

  * linux: 4.15.0-27.29 -proposed tracker (LP: #1781062)

  * [Regression] EXT4-fs error (device sda1): ext4_validate_inode_bitmap:99:
    comm stress-ng: Corrupt inode bitmap (LP: #1780137)
    - SAUCE: ext4: fix ext4_validate_inode_bitmap: comm stress-ng: Corrupt inode

linux (4.15.0-26.28) bionic; urgency=medium

  * linux: 4.15.0-26.28 -proposed tracker (LP: #1780112)

  * failure to boot with linux-image-4.15.0-24-generic (LP: #1779827) // Cloud-
    init causes potentially huge boot delays with 4.15 kernels (LP: #1780062)
    - random: Make getrandom() ready earlier

linux (4.15.0-25.27) bionic; urgency=medium

  * linux: 4.15.0-25.27 -proposed tracker (LP: #1779354)

  * hisi_sas_v3_hw: internal task abort: timeout and not done. (LP: #1777736)
    - scsi: hisi_sas: Update a couple of register settings for v3 hw

  * hisi_sas: Add missing PHY spinlock init (LP: #1777734)
    - scsi: hisi_sas: Add missing PHY spinlock init

  * hisi_sas: improve read performance by pre-allocating slot DMA buffers
    (LP: #1777727)
    - scsi: hisi_sas: use dma_zalloc_cohe...


Changed in linux (Ubuntu):
status: New → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers