Bionic update: upstream stable patchset 2018-05-24

Bug #1773233 reported by Kamal Mostafa on 2018-05-24
10
This bug affects 1 person
Affects Status Importance Assigned to Milestone
linux (Ubuntu)
Undecided
Unassigned
Bionic
Undecided
Kamal Mostafa

Bug Description

SRU Justification

    Impact:
       The upstream process for stable tree updates is quite similar
       in scope to the Ubuntu SRU process, e.g., each patch has to
       demonstrably fix a bug, and each patch is vetted by upstream
       by originating either directly from a mainline/stable Linux tree or
       a minimally backported form of that patch. The following upstream
       stable patches should be included in the Ubuntu kernel:

       upstream stable patchset 2018-05-24 (ported from v4.14.36 and v4.16.4)
       from git://git.kernel.org/

HID: i2c-hid: fix inverted return value from i2c_hid_command()
device-dax: allow MAP_SYNC to succeed
libnvdimm, dimm: handle EACCES failures from label reads
drm/i915: Fix hibernation with ACPI S0 target state
s390: add support for IBM z14 Model ZR1
HID: i2c-hid: Fix resume issue on Raydium touchscreen device
pwm: mediatek: Improve precision in rate calculation
pwm: mediatek: Fix up PWM4 and PWM5 malfunction on MT7623
clk: tegra: Mark HCLK, SCLK and EMC as critical
trace_uprobe: Use %lx to display offset
drm/amd/display: HDMI has no sound after Panel power off/on
mmc: core: Prevent bus reference leak in mmc_blk_init()
drivers/infiniband/ulp/srpt/ib_srpt.c: fix build with gcc-4.4.4
drivers/infiniband/core/verbs.c: fix build with gcc-4.4.4
IB/srpt: Fix an out-of-bounds stack access in srpt_zerolength_write()
xprtrdma: Fix corner cases when handling device removal
xprtrdma: Fix latency regression on NUMA NFS/RDMA clients
RDMA/core: Avoid that ib_drain_qp() triggers an out-of-bounds stack access
ext4: force revalidation of directory pointer after seekdir(2)
ext4: fix offset overflow on 32-bit archs in ext4_iomap_begin()
ceph: always update atime/mtime/ctime for new inode
powerpc/64s: Fix pkey support in dt_cpu_ftrs, add CPU_FTR_PKEY bit
acpi, nfit: rework NVDIMM leaf method detection
media: rc: oops in ir_timer_keyup after device unplug
mm: hwpoison: disable memory error handling on 1GB hugepage
Bluetooth: hci_bcm: Add irq_polarity module option
writeback: safer lock nesting
media: staging: lirc_zilog: incorrect reference counting
Revert "media: lirc_zilog: driver only sends LIRCCODE"
mm/filemap.c: fix NULL pointer in page_cache_tree_insert()
autofs: mount point create should honour passed in mode
Don't leak MNT_INTERNAL away from internal mounts
rpc_pipefs: fix double-dput()
orangefs_kill_sb(): deal with allocation failures
hypfs_kill_super(): deal with failed allocations
jffs2_kill_sb(): deal with failed allocations
drm/i915: Correctly handle limited range YCbCr data on VLV/CHV
mmc: sdhci-pci: Only do AMD tuning for HS200
fanotify: fix logic of events on child
udf: Fix leak of UTF-16 surrogates into encoded strings
powerpc/lib: Fix off-by-one in alternate feature patching
powerpc/eeh: Fix enabling bridge MMIO windows
MIPS: memset.S: Fix clobber of v1 in last_fixup
MIPS: memset.S: Fix return of __clear_user from Lpartial_fixup
MIPS: memset.S: EVA & fault support for small_memset
MIPS: uaccess: Add micromips clobbers to bzero invocation
HID: wacom: bluetooth: send exit report for recent Bluetooth devices
HID: hidraw: Fix crash on HIDIOCGFEATURE with a destroyed device
HID: input: fix battery level reporting on BT mice
random: add new ioctl RNDRESEEDCRNG
random: crng_reseed() should lock the crng instance that it is modifying
random: use a different mixing algorithm for add_device_randomness()
random: fix crng_ready() test
ALSA: hda - New VIA controller suppor no-snoop path
ALSA: rawmidi: Fix missing input substream checks in compat ioctls
ALSA: line6: Use correct endpoint type for midi output
drm/radeon: Fix PCIe lane width calculation
drm/radeon: add PX quirk for Asus K73TK
drm/rockchip: Clear all interrupts before requesting the IRQ
drm/amdgpu/si: implement get/set pcie_lanes asic callback
drm/amdgpu: Fix PCIe lane width calculation
drm/amdgpu/sdma: fix mask in emit_pipeline_sync
drm/amdgpu: Fix always_valid bos multiple LRU insertions.
drm/amdgpu: Add an ATPX quirk for hybrid laptop
ALSA: pcm: Fix endless loop for XRUN recovery in OSS emulation
ALSA: pcm: Fix mutex unbalance in OSS emulation ioctls
ALSA: pcm: Return -EBUSY for OSS ioctls changing busy streams
ALSA: pcm: Avoid potential races between OSS ioctls and read/write
ALSA: pcm: Use ERESTARTSYS instead of EINTR in OSS emulation
watchdog: f71808e_wdt: Fix WD_EN register read
dt-bindings: clock: mediatek: add binding for fixed-factor clock axisel_d4
thermal: imx: Fix race condition in imx_thermal_probe()
pwm: rcar: Fix a condition to prevent mismatch value setting to duty
clk: bcm2835: De-assert/assert PLL reset signal when appropriate
clk: mediatek: fix PWM clock source by adding a fixed-factor clock
clk: fix false-positive Wmaybe-uninitialized warning
clk: mvebu: armada-38x: add support for missing clocks
PCI: Mark Broadcom HT1100 and HT2000 Root Port Extended Tags as broken
mmc: tmio: Fix error handling when issuing CMD23
mmc: jz4740: Fix race condition in IRQ mask update
iommu/vt-d: Fix a potential memory leak
um: Use POSIX ucontext_t instead of struct ucontext
um: Compile with modern headers
ring-buffer: Check if memory is available before allocation
nfit: skip region registration for incomplete control regions
nfit, address-range-scrub: fix scrub in-progress reporting
libnvdimm, namespace: use a safe lookup for dimm device name
libnvdimm, dimm: fix dpa reservation vs uninitialized label area
tpm: self test failure should not cause suspend to fail
cxl: Fix possible deadlock when processing page faults from cxllib
dmaengine: at_xdmac: fix rare residue corruption
IB/srp: Fix completion vector assignment algorithm
IB/srp: Fix srp_abort()
ALSA: pcm: Fix UAF at PCM release via PCM timer access
RDMA/rxe: Fix an out-of-bounds read
RDMA/mlx5: Protect from NULL pointer derefence
RDMA/ucma: Don't allow setting RDMA_OPTION_IB_PATH without an RDMA device
dm crypt: limit the number of allocated pages
ext4: add extra checks to ext4_xattr_block_get()
ext4: add bounds checking to ext4_xattr_find_entry()
ext4: move call to ext4_error() into ext4_xattr_check_block()
ext4: don't allow r/w mounts if metadata blocks overlap the superblock
ext4: always initialize the crc32c checksum driver
ext4: limit xattr size to INT_MAX
ext4: protect i_disksize update by i_data_sem in direct write path
ext4: don't update checksum of new initialized bitmaps
ext4: pass -ESHUTDOWN code to jbd2 layer
ext4: eliminate sleep from shutdown ioctl
ext4: shutdown should not prevent get_write_access
jbd2: if the journal is aborted then don't allow update of the log tail
block: use 32-bit blk_status_t on Alpha
extcon: intel-cht-wc: Set direction and drv flags for V5 boost GPIO
random: use a tighter cap in credit_entropy_bits_safe()
irqchip/gic: Take lock when updating irq type
ASoC: topology: Fix kcontrol name string handling
ASoC: ssm2602: Replace reg_default_raw with reg_default
soc: mediatek: fix the mistaken pointer accessed when subdomains are added
HID: core: Fix size as type u32
HID: Fix hid_report_len usage
powerpc/powernv: Fix OPAL NVRAM driver OPAL_BUSY loops
powerpc/powernv: define a standard delay for OPAL_BUSY type retry loops
powerpc/kexec_file: Fix error code when trying to load kdump kernel
powerpc/kprobes: Fix call trace due to incorrect preempt count
powerpc/64: Fix smp_wmb barrier definition use use lwsync consistently
powerpc/64: Call H_REGISTER_PROC_TBL when running as a HPT guest on POWER9
powerpc/64s: Fix dt_cpu_ftrs to have restore_cpu clear unwanted LPCR bits
CIFS: fix sha512 check in cifs_crypto_secmech_release
CIFS: add sha512 secmech
CIFS: refactor crypto shash/sdesc allocation&free
i2c: i801: Restore configuration at shutdown
i2c: i801: Save register SMBSLVCMD value only once
HID: i2c-hid: fix size check and type usage
smb3: Fix root directory when server returns inode number of zero
fix smb3-encryption breakage when CONFIG_DEBUG_SG=y
cifs: fix memory leak in SMB2_open()
usb: dwc3: gadget: never call ->complete() from ->ep_queue()
usb: dwc3: pci: Properly cleanup resource
usb: dwc3: prevent setting PRTCAP to OTG from debugfs
USB:fix USB3 devices behind USB3 hubs not resuming at hibernate thaw
USB: gadget: f_midi: fixing a possible double-free in f_midi
ACPI / hotplug / PCI: Check presence of slot itself in get_slot_status()
ACPI / video: Add quirk to force acpi-video backlight on Samsung 670Z5E
regmap: Fix reversed bounds check in regmap_raw_write()
x86/xen: Delay get_cpu_cap until stack canary is established
media: vsp1: Fix BRx conditional path in WPF
media: vivid: check if the cec_adapter is valid
media: atomisp_fops.c: disable atomisp_compat_ioctl32
spi: Fix unregistration of controller with fixed SPI bus number
spi: Fix scatterlist elements size in spi_map_buf
spi: atmel: init FIFOs before spi enable
ARM: dts: at91: sama5d4: fix pinctrl compatible string
ARM: dts: exynos: Fix IOMMU support for GScaler devices on Exynos5250
ARM: dts: at91: at91sam9g25: fix mux-mask pinctrl property
arm: dts: mt7623: fix USB initialization fails on bananapi-r2
ARM: EXYNOS: Fix coupled CPU idle freeze on Exynos4210
KVM: arm/arm64: vgic-its: Fix potential overrun in vgic_copy_lpi_list
ARM64: dts: meson: reduce odroid-c2 eMMC maximum rate
usb: gadget: udc: core: update usb_ep_queue() documentation
phy: allwinner: sun4i-usb: poll vbus changes on A23/A33 when driving VBUS
usb: musb: gadget: misplaced out of bounds check
mm, slab: reschedule cache_reap() on the same CPU
ipc/shm: fix use-after-free of shm file via remap_file_pages()
resource: fix integer overflow at reallocation
fs/reiserfs/journal.c: add missing resierfs_warning() arg
task_struct: only use anon struct under randstruct plugin
mm/hmm: hmm_pfns_bad() was accessing wrong struct
mm/ksm.c: fix inconsistent accounting of zero pages
ubi: Reject MLC NAND
ubi: Fix error for write access
ubi: fastmap: Don't flush fastmap work on detach
ubifs: Check ubifs_wbuf_sync() return code
cpufreq: CPPC: Use transition_delay_us depending transition_latency
tty: make n_tty_read() always abort if hangup is in progress

CVE References

tags: added: kernel-stable-tracking-bug
Changed in linux (Ubuntu Bionic):
assignee: nobody → Kamal Mostafa (kamalmostafa)
status: New → In Progress
description: updated
description: updated
summary: - Bionic update: upstream stable patchset
+ Bionic update: upstream stable patchset 2018-05-24
description: updated
Changed in linux (Ubuntu Bionic):
status: In Progress → Fix Committed
Launchpad Janitor (janitor) wrote :
Download full text (49.5 KiB)

This bug was fixed in the package linux - 4.15.0-24.26

---------------
linux (4.15.0-24.26) bionic; urgency=medium

  * linux: 4.15.0-24.26 -proposed tracker (LP: #1776338)

  * Bionic update: upstream stable patchset 2018-06-06 (LP: #1775483)
    - drm: bridge: dw-hdmi: Fix overflow workaround for Amlogic Meson GX SoCs
    - i40e: Fix attach VF to VM issue
    - tpm: cmd_ready command can be issued only after granting locality
    - tpm: tpm-interface: fix tpm_transmit/_cmd kdoc
    - tpm: add retry logic
    - Revert "ath10k: send (re)assoc peer command when NSS changed"
    - bonding: do not set slave_dev npinfo before slave_enable_netpoll in
      bond_enslave
    - ipv6: add RTA_TABLE and RTA_PREFSRC to rtm_ipv6_policy
    - ipv6: sr: fix NULL pointer dereference in seg6_do_srh_encap()- v4 pkts
    - KEYS: DNS: limit the length of option strings
    - l2tp: check sockaddr length in pppol2tp_connect()
    - net: validate attribute sizes in neigh_dump_table()
    - llc: delete timers synchronously in llc_sk_free()
    - tcp: don't read out-of-bounds opsize
    - net: af_packet: fix race in PACKET_{R|T}X_RING
    - tcp: md5: reject TCP_MD5SIG or TCP_MD5SIG_EXT on established sockets
    - net: fix deadlock while clearing neighbor proxy table
    - team: avoid adding twice the same option to the event list
    - net/smc: fix shutdown in state SMC_LISTEN
    - team: fix netconsole setup over team
    - packet: fix bitfield update race
    - tipc: add policy for TIPC_NLA_NET_ADDR
    - pppoe: check sockaddr length in pppoe_connect()
    - vlan: Fix reading memory beyond skb->tail in skb_vlan_tagged_multi
    - amd-xgbe: Add pre/post auto-negotiation phy hooks
    - sctp: do not check port in sctp_inet6_cmp_addr
    - amd-xgbe: Improve KR auto-negotiation and training
    - strparser: Do not call mod_delayed_work with a timeout of LONG_MAX
    - amd-xgbe: Only use the SFP supported transceiver signals
    - strparser: Fix incorrect strp->need_bytes value.
    - net: sched: ife: signal not finding metaid
    - tcp: clear tp->packets_out when purging write queue
    - net: sched: ife: handle malformed tlv length
    - net: sched: ife: check on metadata length
    - llc: hold llc_sap before release_sock()
    - llc: fix NULL pointer deref for SOCK_ZAPPED
    - net: ethernet: ti: cpsw: fix tx vlan priority mapping
    - virtio_net: split out ctrl buffer
    - virtio_net: fix adding vids on big-endian
    - KVM: s390: force bp isolation for VSIE
    - s390: correct module section names for expoline code revert
    - microblaze: Setup dependencies for ASM optimized lib functions
    - commoncap: Handle memory allocation failure.
    - scsi: mptsas: Disable WRITE SAME
    - cdrom: information leak in cdrom_ioctl_media_changed()
    - m68k/mac: Don't remap SWIM MMIO region
    - block/swim: Check drive type
    - block/swim: Don't log an error message for an invalid ioctl
    - block/swim: Remove extra put_disk() call from error path
    - block/swim: Rename macros to avoid inconsistent inverted logic
    - block/swim: Select appropriate drive on device open
    - block/swim: Fix array bounds check
    - block/swim: Fix IO error at end of medium
    -...

Changed in linux (Ubuntu Bionic):
status: Fix Committed → Fix Released
Launchpad Janitor (janitor) wrote :
Download full text (4.1 KiB)

This bug was fixed in the package linux - 4.15.0-29.31

---------------
linux (4.15.0-29.31) bionic; urgency=medium

  * linux: 4.15.0-29.31 -proposed tracker (LP: #1782173)

  * [SRU Bionic][Cosmic] kernel panic in ipmi_ssif at msg_done_handler
    (LP: #1777716)
    - ipmi_ssif: Fix kernel panic at msg_done_handler

  * Update to ocxl driver for 18.04.1 (LP: #1775786)
    - misc: ocxl: use put_device() instead of device_unregister()
    - powerpc: Add TIDR CPU feature for POWER9
    - powerpc: Use TIDR CPU feature to control TIDR allocation
    - powerpc: use task_pid_nr() for TID allocation
    - ocxl: Rename pnv_ocxl_spa_remove_pe to clarify it's action
    - ocxl: Expose the thread_id needed for wait on POWER9
    - ocxl: Add an IOCTL so userspace knows what OCXL features are available
    - ocxl: Document new OCXL IOCTLs
    - ocxl: Fix missing unlock on error in afu_ioctl_enable_p9_wait()

  * Critical upstream bugfix missing in Ubuntu 18.04 - frequent Xorg crash after
    suspend (LP: #1776887)
    - ocxl: Document the OCXL_IOCTL_GET_METADATA IOCTL

  * Hard LOCKUP observed on stressing Ubuntu 18 04 (LP: #1777194)
    - powerpc: use NMI IPI for smp_send_stop
    - powerpc: Fix smp_send_stop NMI IPI handling

  * IPL: ppc64_cpu --frequency hang with INFO: rcu_sched detected stalls on
    CPUs/tasks on w34 and wsbmc016 with 920.1714.20170330n (LP: #1773964)
    - rtc: opal: Fix OPAL RTC driver OPAL_BUSY loops

  * [Regression] EXT4-fs error (device sda2): ext4_validate_block_bitmap:383:
    comm stress-ng: bg 4705: bad block bitmap checksum (LP: #1781709)
    - SAUCE: Revert "UBUNTU: SAUCE: ext4: fix ext4_validate_inode_bitmap: comm
      stress-ng: Corrupt inode bitmap"
    - SAUCE: ext4: check for allocation block validity with block group locked

linux (4.15.0-28.30) bionic; urgency=medium

  * linux: 4.15.0-28.30 -proposed tracker (LP: #1781433)

  * Cannot set MTU higher than 1500 in Xen instance (LP: #1781413)
    - xen-netfront: Fix mismatched rtnl_unlock
    - xen-netfront: Update features after registering netdev

linux (4.15.0-27.29) bionic; urgency=medium

  * linux: 4.15.0-27.29 -proposed tracker (LP: #1781062)

  * [Regression] EXT4-fs error (device sda1): ext4_validate_inode_bitmap:99:
    comm stress-ng: Corrupt inode bitmap (LP: #1780137)
    - SAUCE: ext4: fix ext4_validate_inode_bitmap: comm stress-ng: Corrupt inode
      bitmap

linux (4.15.0-26.28) bionic; urgency=medium

  * linux: 4.15.0-26.28 -proposed tracker (LP: #1780112)

  * failure to boot with linux-image-4.15.0-24-generic (LP: #1779827) // Cloud-
    init causes potentially huge boot delays with 4.15 kernels (LP: #1780062)
    - random: Make getrandom() ready earlier

linux (4.15.0-25.27) bionic; urgency=medium

  * linux: 4.15.0-25.27 -proposed tracker (LP: #1779354)

  * hisi_sas_v3_hw: internal task abort: timeout and not done. (LP: #1777736)
    - scsi: hisi_sas: Update a couple of register settings for v3 hw

  * hisi_sas: Add missing PHY spinlock init (LP: #1777734)
    - scsi: hisi_sas: Add missing PHY spinlock init

  * hisi_sas: improve read performance by pre-allocating slot DMA buffers
    (LP: #1777727)
    - scsi: hisi_sas: use dma_zalloc_cohe...

Read more...

Changed in linux (Ubuntu):
status: New → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers