Cosmic update to v4.18.8 stable release

Bug #1793069 reported by Seth Forshee on 2018-09-18
16
This bug affects 2 people
Affects Status Importance Assigned to Milestone
linux (Ubuntu)
Medium
Seth Forshee

Bug Description

SRU Justification

    Impact:
       The upstream process for stable tree updates is quite similar
       in scope to the Ubuntu SRU process, e.g., each patch has to
       demonstrably fix a bug, and each patch is vetted by upstream
       by originating either directly from a mainline/stable Linux tree or
       a minimally backported form of that patch. The v4.18.8 upstream stable
       patch set is now available. It should be included in the Ubuntu
       kernel as well.

       git://git.kernel.org/

    TEST CASE: TBD

       The following patches from the v4.18.8 stable release shall be applied:

act_ife: fix a potential use-after-free
ipv4: tcp: send zero IPID for RST and ACK sent in SYN-RECV and TIME-WAIT state
net: bcmgenet: use MAC link status for fixed phy
net: macb: do not disable MDIO bus at open/close time
net: sched: Fix memory exposure from short TCA_U32_SEL
qlge: Fix netdev features configuration.
r8169: add support for NCube 8168 network card
tcp: do not restart timewait timer on rst reception
vti6: remove !skb->ignore_df check from vti6_xmit()
act_ife: move tcfa_lock down to where necessary
act_ife: fix a potential deadlock
net: sched: action_ife: take reference to meta module
bnxt_en: Clean up unused functions.
bnxt_en: Do not adjust max_cp_rings by the ones used by RDMA.
net/sched: act_pedit: fix dump of extended layered op
tipc: fix a missing rhashtable_walk_exit()
hv_netvsc: Fix a deadlock by getting rtnl lock earlier in netvsc_probe()
tipc: fix the big/little endian issue in tipc_dest
sctp: remove useless start_fail from sctp_ht_iter in proc
erspan: set erspan_ver to 1 by default when adding an erspan dev
net: macb: Fix regression breaking non-MDIO fixed-link PHYs
ipv6: don't get lwtstate twice in ip6_rt_copy_init()
net/ipv6: init ip6 anycast rt->dst.input as ip6_input
net/ipv6: Only update MTU metric if it set
net/ipv6: Put lwtstate when destroying fib6_info
net/mlx5: Fix SQ offset in QPs with small RQ
r8169: set RxConfig after tx/rx is enabled for RTL8169sb/8110sb devices
Revert "net: stmmac: Do not keep rearming the coalesce timer in stmmac_xmit"
ip6_vti: fix creating fallback tunnel device for vti6
ip6_vti: fix a null pointer deference when destroy vti6 tunnel
nfp: wait for posted reconfigs when disabling the device
sctp: hold transport before accessing its asoc in sctp_transport_get_next
mlxsw: spectrum_switchdev: Do not leak RIFs when removing bridge
vhost: correctly check the iova range when waking virtqueue
hv_netvsc: ignore devices that are not PCI
cifs: check if SMB2 PDU size has been padded and suppress the warning
hfsplus: don't return 0 when fill_super() failed
hfs: prevent crash on exit from failed search
sunrpc: Don't use stack buffer with scatterlist
fork: don't copy inconsistent signal handler state to child
fs/proc/vmcore.c: hide vmcoredd_mmap_dumps() for nommu builds
reiserfs: change j_timestamp type to time64_t
iommu/rockchip: Handle errors returned from PM framework
hfsplus: fix NULL dereference in hfsplus_lookup()
iommu/rockchip: Move irq request past pm_runtime_enable
fs/proc/kcore.c: use __pa_symbol() for KCORE_TEXT list entries
fat: validate ->i_start before using
workqueue: skip lockdep wq dependency in cancel_work_sync()
workqueue: re-add lockdep dependencies for flushing
scripts: modpost: check memory allocation results
apparmor: fix an error code in __aa_create_ns()
virtio: pci-legacy: Validate queue pfn
x86/mce: Add notifier_block forward declaration
i2c: core: ACPI: Make acpi_gsb_i2c_read_bytes() check i2c_transfer return value
IB/hfi1: Invalid NUMA node information can cause a divide by zero
pwm: meson: Fix mux clock names
powerpc/topology: Get topology for shared processors at boot
mm/fadvise.c: fix signed overflow UBSAN complaint
mm: make DEFERRED_STRUCT_PAGE_INIT explicitly depend on SPARSEMEM
fs/dcache.c: fix kmemcheck splat at take_dentry_name_snapshot()
platform/x86: intel_punit_ipc: fix build errors
bpf, sockmap: fix map elem deletion race with smap_stop_sock
tcp, ulp: fix leftover icsk_ulp_ops preventing sock from reattach
bpf, sockmap: fix sock_map_ctx_update_elem race with exist/noexist
net/xdp: Fix suspicious RCU usage warning
bpf, sockmap: fix leakage of smap_psock_map_entry
samples/bpf: all XDP samples should unload xdp/bpf prog on SIGTERM
netfilter: ip6t_rpfilter: set F_IFACE for linklocal addresses
s390/kdump: Fix memleak in nt_vmcoreinfo
ipvs: fix race between ip_vs_conn_new() and ip_vs_del_dest()
mfd: sm501: Set coherent_dma_mask when creating subdevices
netfilter: x_tables: do not fail xt_alloc_table_info too easilly
platform/x86: asus-nb-wmi: Add keymap entry for lid flip action on UX360
netfilter: fix memory leaks on netlink_dump_start error
tcp, ulp: add alias for all ulp modules
ubi: Initialize Fastmap checkmapping correctly
RDMA/hns: Fix usage of bitmap allocation functions return values
ACPICA: ACPICA: add status check for acpi_hw_read before assigning return value
perf arm spe: Fix uninitialized record error variable
net: hns3: Fix for command format parsing error in hclge_is_all_function_id_zero
block: don't warn for flush on read-only device
PCI: Match Root Port's MPS to endpoint's MPSS as necessary
drm/amd/display: Guard against null crtc in CRC IRQ
coccicheck: return proper error code on fail
perf tools: Check for null when copying nsinfo.
f2fs: avoid race between zero_range and background GC
f2fs: fix avoid race between truncate and background GC
RISC-V: Use KBUILD_CFLAGS instead of KCFLAGS when building the vDSO
irqchip/stm32: Fix init error handling
irqchip/bcm7038-l1: Hide cpu offline callback when building for !SMP
net/9p/trans_fd.c: fix race by holding the lock
net/9p: fix error path of p9_virtio_probe
f2fs: fix to clear PG_checked flag in set_page_dirty()
pinctrl: axp209: Fix NULL pointer dereference after allocation
bpf: fix bpffs non-array map seq_show issue
powerpc/uaccess: Enable get_user(u64, *p) on 32-bit
powerpc: Fix size calculation using resource_size()
perf probe powerpc: Fix trace event post-processing
block: bvec_nr_vecs() returns value for wrong slab
brcmfmac: fix brcmf_wiphy_wowl_params() NULL pointer dereference
s390/dasd: fix hanging offline processing due to canceled worker
s390/dasd: fix panic for failed online processing
ACPI / scan: Initialize status to ACPI_STA_DEFAULT
blk-mq: count the hctx as active before allocating tag
scsi: aic94xx: fix an error code in aic94xx_init()
NFSv4: Fix error handling in nfs4_sp4_select_mode()
Input: do not use WARN() in input_alloc_absinfo()
xen/balloon: fix balloon initialization for PVH Dom0
PCI: mvebu: Fix I/O space end address calculation
dm kcopyd: avoid softlockup in run_complete_job
staging: comedi: ni_mio_common: fix subdevice flags for PFI subdevice
ASoC: rt5677: Fix initialization of rt5677_of_match.data
iommu/omap: Fix cache flushes on L2 table entries
selftests/powerpc: Kill child processes on SIGINT
selinux: cleanup dentry and inodes on error in selinuxfs
RDS: IB: fix 'passing zero to ERR_PTR()' warning
cfq: Suppress compiler warnings about comparisons
smb3: fix reset of bytes read and written stats
CIFS: fix memory leak and remove dead code
SMB3: Number of requests sent should be displayed for SMB3 not just CIFS
smb3: if server does not support posix do not allow posix mount option
powerpc/platforms/85xx: fix t1042rdb_diu.c build errors & warning
powerpc/64s: Make rfi_flush_fallback a little more robust
um: fix parallel building with O= option
powerpc/pseries: Avoid using the size greater than RTAS_ERROR_LOG_MAX.
clk: rockchip: Add pclk_rkpwm_pmu to PMU critical clocks in rk3399
drm/amd/display: Read back max backlight value at boot
KVM: vmx: track host_state.loaded using a loaded_vmcs pointer
kvm: nVMX: Fix fault vector for VMX operation at CPL > 0
drm/etnaviv: fix crash in GPU suspend when init failed due to buffer placement
btrfs: Exit gracefully when chunk map cannot be inserted to the tree
btrfs: replace: Reset on-disk dev stats value after replace
btrfs: fix in-memory value of total_devices after seed device deletion
btrfs: relocation: Only remove reloc rb_trees if reloc control has been initialized
btrfs: tree-checker: Detect invalid and empty essential trees
btrfs: check-integrity: Fix NULL pointer dereference for degraded mount
btrfs: lift uuid_mutex to callers of btrfs_open_devices
btrfs: Don't remove block group that still has pinned down bytes
btrfs: Fix a C compliance issue
arm64: rockchip: Force CONFIG_PM on Rockchip systems
ARM: rockchip: Force CONFIG_PM on Rockchip systems
btrfs: do btrfs_free_stale_devices outside of device_list_add
btrfs: extend locked section when adding a new device in device_list_add
btrfs: rename local devices for fs_devices in btrfs_free_stale_devices(
btrfs: use device_list_mutex when removing stale devices
btrfs: lift uuid_mutex to callers of btrfs_scan_one_device
btrfs: lift uuid_mutex to callers of btrfs_parse_early_options
btrfs: reorder initialization before the mount locks uuid_mutex
btrfs: fix mount and ioctl device scan ioctl race
drm/i915/lpe: Mark LPE audio runtime pm as "no callbacks"
drm/i915: Nuke the LVDS lid notifier
drm/i915: Increase LSPCON timeout
drm/i915: Free write_buf that we allocated with kzalloc.
drm/amdgpu: update uvd_v6_0_ring_vm_funcs to use new nop packet
drm/amdgpu: fix a reversed condition
drm/amdgpu: Fix RLC safe mode test in gfx_v9_0_enter_rlc_safe_mode
drm/amd/pp: Convert voltage unit in mV*4 to mV on CZ/ST
drm/amd/powerplay: fixed uninitialized value
drm/amd/pp/Polaris12: Fix a chunk of registers missed to program
drm/edid: Quirk Vive Pro VR headset non-desktop.
drm/edid: Add 6 bpc quirk for SDC panel in Lenovo B50-80
drm/amd/display: fix type of variable
drm/amd/display: Don't share clk source between DP and HDMI
drm/amd/display: update clk for various HDMI color depths
drm/amd/display: Use requested HDMI aspect ratio
drm/amd/display: Report non-DP display as disconnected without EDID
drm/rockchip: lvds: add missing of_node_put
drm/rockchip: vop: split out core clock enablement into separate functions
drm/rockchip: vop: fix irq disabled after vop driver probed
drm/amd/display: Pass connector id when executing VBIOS CT
drm/amd/display: Check if clock source in use before disabling
drm/amdgpu: update tmr mc address
drm/amdgpu:add tmr mc address into amdgpu_firmware_info
drm/amdgpu:add new firmware id for VCN
drm/amdgpu:add VCN support in PSP driver
drm/amdgpu:add VCN booting with firmware loaded by PSP
drm/amdgpu: fix incorrect use of fcheck
drm/amdgpu: fix incorrect use of drm_file->pid
drm/i915: Re-apply "Perform link quality check, unconditionally during long pulse"
uapi/linux/keyctl.h: don't use C++ reserved keyword as a struct member name
mm: respect arch_dup_mmap() return value
drm/i915: set DP Main Stream Attribute for color range on DDI platforms
x86/tsc: Prevent result truncation on 32bit
drm/amdgpu: Keep track of amount of pinned CPU visible VRAM
drm/amdgpu: Make pin_size values atomic
drm/amdgpu: Warn and update pin_size values when destroying a pinned BO
drm/amdgpu: Don't warn on destroying a pinned BO
debugobjects: Make stack check warning more informative
x86/pae: use 64 bit atomic xchg function in native_ptep_get_and_clear
x86/xen: don't write ptes directly in 32-bit PV guests
kbuild: make missing $DEPMOD a Warning instead of an Error
kvm: x86: Set highest physical address bits in non-present/reserved SPTEs
x86: kvm: avoid unused variable warning
HID: redragon: fix num lock and caps lock LEDs
ASoC: wm8994: Fix missing break in switch
Linux 4.18.8

       The following patches from the v4.18.8 stable release shall be applied:

r8152: disable RX aggregation on new Dell TB16 dock
net: hns3: Fix for phy link issue when using marvell phy driver

CVE References

Seth Forshee (sforshee) on 2018-09-18
tags: added: kernel-stable-tracking-bug
Changed in linux (Ubuntu):
assignee: nobody → Seth Forshee (sforshee)
importance: Undecided → Medium
status: New → In Progress
description: updated
Seth Forshee (sforshee) on 2018-09-18
description: updated
Seth Forshee (sforshee) on 2018-09-18
Changed in linux (Ubuntu):
status: In Progress → Fix Committed
Launchpad Janitor (janitor) wrote :
Download full text (60.2 KiB)

This bug was fixed in the package linux - 4.18.0-9.10

---------------
linux (4.18.0-9.10) cosmic; urgency=medium

  * linux: 4.18.0-9.10 -proposed tracker (LP: #1796346)

  * Cosmic update: v4.18.12 upstream stable release (LP: #1796139)
    - crypto: skcipher - Fix -Wstringop-truncation warnings
    - iio: adc: ina2xx: avoid kthread_stop() with stale task_struct
    - tsl2550: fix lux1_input error in low light
    - misc: ibmvmc: Use GFP_ATOMIC under spin lock
    - vmci: type promotion bug in qp_host_get_user_memory()
    - siox: don't create a thread without starting it
    - x86/numa_emulation: Fix emulated-to-physical node mapping
    - staging: rts5208: fix missing error check on call to rtsx_write_register
    - power: supply: axp288_charger: Fix initial constant_charge_current value
    - misc: sram: enable clock before registering regions
    - serial: sh-sci: Stop RX FIFO timer during port shutdown
    - uwb: hwa-rc: fix memory leak at probe
    - power: vexpress: fix corruption in notifier registration
    - iommu/amd: make sure TLB to be flushed before IOVA freed
    - Bluetooth: Add a new Realtek 8723DE ID 0bda:b009
    - USB: serial: kobil_sct: fix modem-status error handling
    - 6lowpan: iphc: reset mac_header after decompress to fix panic
    - iommu/msm: Don't call iommu_device_{,un}link from atomic context
    - s390/mm: correct allocate_pgste proc_handler callback
    - power: remove possible deadlock when unregistering power_supply
    - drm/amd/display/dc/dce: Fix multiple potential integer overflows
    - drm/amd/display: fix use of uninitialized memory
    - md-cluster: clear another node's suspend_area after the copy is finished
    - cxgb4: Fix the condition to check if the card is T5
    - RDMA/bnxt_re: Fix a couple off by one bugs
    - RDMA/i40w: Hold read semaphore while looking after VMA
    - RDMA/bnxt_re: Fix a bunch of off by one bugs in qplib_fp.c
    - IB/core: type promotion bug in rdma_rw_init_one_mr()
    - media: exynos4-is: Prevent NULL pointer dereference in __isp_video_try_fmt()
    - IB/mlx4: Test port number before querying type.
    - powerpc/kdump: Handle crashkernel memory reservation failure
    - media: fsl-viu: fix error handling in viu_of_probe()
    - vhost_net: Avoid tx vring kicks during busyloop
    - media: staging/imx: fill vb2_v4l2_buffer field entry
    - IB/mlx5: Fix GRE flow specification
    - include/rdma/opa_addr.h: Fix an endianness issue
    - x86/tsc: Add missing header to tsc_msr.c
    - ARM: hwmod: RTC: Don't assume lock/unlock will be called with irq enabled
    - x86/entry/64: Add two more instruction suffixes
    - ARM: dts: ls1021a: Add missing cooling device properties for CPUs
    - scsi: target/iscsi: Make iscsit_ta_authentication() respect the output
      buffer size
    - thermal: i.MX: Allow thermal probe to fail gracefully in case of bad
      calibration.
    - scsi: klist: Make it safe to use klists in atomic context
    - scsi: ibmvscsi: Improve strings handling
    - scsi: target: Avoid that EXTENDED COPY commands trigger lock inversion
    - usb: wusbcore: security: cast sizeof to int for comparison
    - ath10k: sdio: use same endpoint id for all packets...

Changed in linux (Ubuntu):
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers