Cosmic update: 4.18.13 upstream stable release

Bug #1801931 reported by Stefan Bader on 2018-11-06
This bug affects 2 people
Affects Status Importance Assigned to Milestone
linux (Ubuntu)
Stefan Bader

Bug Description

SRU Justification

       The upstream process for stable tree updates is quite similar
       in scope to the Ubuntu SRU process, e.g., each patch has to
       demonstrably fix a bug, and each patch is vetted by upstream
       by originating either directly from a mainline/stable Linux tree or
       a minimally backported form of that patch. The following upstream
       stable patches should be included in the Ubuntu kernel:

       4.18.13 upstream stable release
       from git://

The following patches will be applied:
* rseq/selftests: fix parametrized test with -fpie
* mac80211: Run TXQ teardown code before de-registering interfaces
* mac80211_hwsim: require at least one channel
* Btrfs: fix unexpected failure of nocow buffered writes after snapshotting when
  low on space
* KVM: PPC: Book3S HV: Don't truncate HPTE index in xlate function
* cfg80211: remove division by size of sizeof(struct ieee80211_wmm_rule)
* btrfs: btrfs_shrink_device should call commit transaction at the end
* scsi: csiostor: add a check for NULL pointer after kmalloc()
* scsi: csiostor: fix incorrect port capabilities
* scsi: libata: Add missing newline at end of file
* scsi: aacraid: fix a signedness bug
* bpf, sockmap: fix potential use after free in bpf_tcp_close
* bpf, sockmap: fix psock refcount leak in bpf_tcp_recvmsg
* bpf: sockmap, decrement copied count correctly in redirect error case
* mac80211: correct use of IEEE80211_VHT_CAP_RXSTBC_X
* mac80211_hwsim: correct use of IEEE80211_VHT_CAP_RXSTBC_X
* cfg80211: make wmm_rule part of the reg_rule structure
* mac80211_hwsim: Fix possible Spectre-v1 for hwsim_world_regdom_custom
* nl80211: Fix nla_put_u8 to u16 for NL80211_WMMR_TXOP
* nl80211: Pass center frequency in kHz instead of MHz
* bpf: fix several offset tests in bpf_msg_pull_data
* gpio: adp5588: Fix sleep-in-atomic-context bug
* mac80211: mesh: fix HWMP sequence numbering to follow standard
* mac80211: avoid kernel panic when building AMSDU from non-linear SKB
* gpiolib: acpi: Switch to cansleep version of GPIO library call
* gpiolib-acpi: Register GpioInt ACPI event handlers from a late_initcall
* gpio: dwapb: Fix error handling in dwapb_gpio_probe()
* bpf: fix msg->data/data_end after sg shift repair in bpf_msg_pull_data
* bpf: fix shift upon scatterlist ring wrap-around in bpf_msg_pull_data
* bpf: fix sg shift repair start offset in bpf_msg_pull_data
* tipc: switch to rhashtable iterator
* sh_eth: Add R7S9210 support
* net: mvpp2: initialize port of_node pointer
* tc-testing: add test-cases for numeric and invalid control action
* cfg80211: nl80211_update_ft_ies() to validate NL80211_ATTR_IE
* mac80211: do not convert to A-MSDU if frag/subframe limited
* mac80211: always account for A-MSDU header changes
* tools/kvm_stat: fix python3 issues
* tools/kvm_stat: fix handling of invalid paths in debugfs provider
* tools/kvm_stat: fix updates for dead guests
* gpio: Fix crash due to registration race
* ARC: atomics: unbork atomic_fetch_##op()
* Revert "blk-throttle: fix race between blkcg_bio_issue_check() and
* md/raid5-cache: disable reshape completely
* RAID10 BUG_ON in raise_barrier when force is true and conf->barrier is 0
* selftests: pmtu: maximum MTU for vti4 is 2^16-1-20
* selftests: pmtu: detect correct binary to ping ipv6 addresses
* ibmvnic: Include missing return code checks in reset function
* bpf: Fix bpf_msg_pull_data()
* bpf: avoid misuse of psock when TCP_ULP_BPF collides with another ULP
* i2c: uniphier: issue STOP only for last message or I2C_M_STOP
* i2c: uniphier-f: issue STOP only for last message or I2C_M_STOP
* net: cadence: Fix a sleep-in-atomic-context bug in macb_halt_tx()
* fs/cifs: don't translate SFM_SLASH (U+F026) to backslash
* mac80211: fix an off-by-one issue in A-MSDU max_subframe computation
* cfg80211: fix a type issue in ieee80211_chandef_to_operating_class()
* mac80211: fix WMM TXOP calculation
* mac80211: fix a race between restart and CSA flows
* mac80211: Fix station bandwidth setting after channel switch
* mac80211: don't Tx a deauth frame if the AP forbade Tx
* mac80211: shorten the IBSS debug messages
* fsnotify: fix ignore mask logic in fsnotify()
* net/ibm/emac: wrong emac_calc_base call was used by typo
* nds32: fix logic for module
* nds32: add NULL entry to the end of_device_id array
* nds32: Fix empty call trace
* nds32: Fix get_user/put_user macro expand pointer problem
* nds32: fix build error because of wrong semicolon
* tools/vm/slabinfo.c: fix sign-compare warning
* tools/vm/page-types.c: fix "defined but not used" warning
* nds32: linker script: GCOV kernel may refers data in __exit
* ceph: avoid a use-after-free in ceph_destroy_options()
* firmware: arm_scmi: fix divide by zero when sustained_perf_level is zero
* afs: Fix cell specification to permit an empty address list
* mm: madvise(MADV_DODUMP): allow hugetlbfs pages
* bpf: 32-bit RSH verification must truncate input before the ALU op
* netfilter: xt_cluster: add dependency on conntrack module
* netfilter: xt_checksum: ignore gso skbs
* HID: intel-ish-hid: Enable Sunrise Point-H ish driver
* HID: add support for Apple Magic Keyboards
* usb: gadget: fotg210-udc: Fix memory leak of fotg210->ep[i]
* HID: hid-saitek: Add device ID for RAT 7 Contagion
* scsi: iscsi: target: Set conn->sess to NULL when iscsi_login_set_conn_values
* scsi: iscsi: target: Fix conn_ops double free
* scsi: qedi: Add the CRC size within iSCSI NVM image
* perf annotate: Properly interpret indirect call
* perf evsel: Fix potential null pointer dereference in perf_evsel__new_idx()
* perf util: Fix bad memory access in trace info.
* perf probe powerpc: Ignore SyS symbols irrespective of endianness
* perf annotate: Fix parsing aarch64 branch instructions after objdump update
* netfilter: kconfig: nat related expression depend on nftables core
* netfilter: nf_tables: release chain in flushing set
* Revert "iio: temperature: maxim_thermocouple: add MAX31856 part"
* iio: imu: st_lsm6dsx: take into account ts samples in wm configuration
* RDMA/ucma: check fd type in ucma_migrate_id()
* riscv: Do not overwrite initrd_start and initrd_end
* HID: sensor-hub: Restore fixup for Lenovo ThinkPad Helix 2 sensor hub report
* usb: host: xhci-plat: Iterate over parent nodes for finding quirks
* USB: yurex: Check for truncation in yurex_read()
* nvmet-rdma: fix possible bogus dereference under heavy load
* bnxt_re: Fix couple of memory leaks that could lead to IOMMU call traces
* net/mlx5: Consider PCI domain in search for next dev
* dm raid: fix reshape race on small devices
* drm/nouveau: fix oops in client init failure path
* drm/nouveau/mmu: don't attempt to dereference vmm without valid instance pointer
* drm/nouveau/TBDdevinit: don't fail when PMU/PRE_OS is missing from VBIOS
* drm/nouveau/disp: fix DP disable race
* drm/nouveau/disp/gm200-: enforce identity-mapped SOR assignment for LVDS/eDP
* dm raid: fix stripe adding reshape deadlock
* dm raid: fix rebuild of specific devices by updating superblock
* dm raid: fix RAID leg rebuild errors
* r8169: set TxConfig register after TX / RX is enabled, just like RxConfig
* fs/cifs: suppress a string overflow warning
* perf/x86/intel: Add support/quirk for the MISPREDICT bit on Knights Landing CPUs
* sched/topology: Set correct NUMA topology type
* dm thin metadata: try to avoid ever aborting transactions
* netfilter: nfnetlink_queue: Solve the NFQUEUE/conntrack clash for NF_REPEAT
* netfilter: xt_hashlimit: use s->file instead of s->private
* arch/hexagon: fix kernel/dma.c build warning
* hexagon: modify ffs() and fls() to return int
* drm/amdgpu: Fix SDMA hang in prt mode v2
* arm64: jump_label.h: use asm_volatile_goto macro instead of "asm goto"
* drm/amdgpu: fix error handling in amdgpu_cs_user_fence_chunk
* r8169: Clear RTL_FLAG_TASK_*_PENDING when clearing RTL_FLAG_TASK_ENABLED
* s390/qeth: don't dump past end of unknown HW header
* cifs: read overflow in is_valid_oplock_break()
* asm-generic: io: Fix ioport_map() for !CONFIG_GENERIC_IOMAP &&
* xen/manage: don't complain about an empty value in control/sysrq node
* xen: avoid crash in disable_hotplug_cpu
* xen: fix GCC warning and remove duplicate EVTCHN_ROW/EVTCHN_COL usage
* x86/APM: Fix build warning when PROC_FS is not enabled
* new primitive: discard_new_inode()
* vfs: don't evict uninitialized inode
* ovl: set I_CREATING on inode being created
* ovl: fix access beyond unterminated strings
* ovl: fix memory leak on unlink of indexed file
* ovl: fix format of setxattr debug
* sysfs: Do not return POSIX ACL xattrs via listxattr
* b43: fix DMA error related regression with proprietary firmware
* firmware: Fix security issue with request_firmware_into_buf()
* firmware: Always initialize the fw_priv list object
* cpufreq: qcom-kryo: Fix section annotations
* smb2: fix missing files in root share directory listing
* iommu/amd: Clear memory encryption mask from physical address
* ALSA: hda/realtek - Cannot adjust speaker's volume on Dell XPS 27 7760
* crypto: qat - Fix KASAN stack-out-of-bounds bug in adf_probe()
* crypto: chelsio - Fix memory corruption in DMA Mapped buffers.
* crypto: mxs-dcp - Fix wait logic on chan threads
* crypto: caam/jr - fix ablkcipher_edesc pointer arithmetic
* gpiolib: Free the last requested descriptor
* Drivers: hv: vmbus: Use get/put_cpu() in vmbus_connect()
* tools: hv: fcopy: set 'error' in case an unknown operation was requested
* proc: restrict kernel stack dumps to root
* ocfs2: fix locking for res->tracking and dlm->tracking_list
* HID: i2c-hid: disable runtime PM operations on hantick touchpad
* ixgbe: check return value of napi_complete_done()
* dm thin metadata: fix __udivdi3 undefined on 32-bit
* Revert "drm/amd/pp: Send khz clock values to DC for smu7/8"
* Linux 4.18.13

Stefan Bader (smb) on 2018-11-06
tags: added: kernel-stable-tracking-bug
Changed in linux (Ubuntu):
status: New → Invalid
Changed in linux (Ubuntu Cosmic):
assignee: nobody → Stefan Bader (smb)
importance: Undecided → Medium
status: New → In Progress
Stefan Bader (smb) wrote :

Skipping because those were already applied for bug #1792209.
* "net: hns: add the code for cleaning pkt in chip"
* "net: hns: add netif_carrier_off before change speed and duplex"

Skip "HID: i2c-hid: Don't reset device upon system resume" because it was already applied for bug #1792309.

Skipping because those were already applied for bug #1792044
* "net: ena: fix surprise unplug NULL dereference kernel crash"
* "net: ena: fix driver when PAGE_SIZE == 64kB"
* "net: ena: fix device destruction to gracefully free resources"
* "net: ena: fix potential double ena_destroy_device()"
* "net: ena: fix missing lock during device destruction"
* "net: ena: fix missing calls to READ_ONCE"

Skip "s390/qeth: use vzalloc for QUERY OAT buffer" because it was already applied for bug #1793086.

Stefan Bader (smb) on 2018-11-06
description: updated

Regression for Bug #1796720.
* "Driver: Video(DRI - non Intel): fix Power consumption RX560 idle raised from 7 W to 13 W"

Changed in linux (Ubuntu Cosmic):
status: In Progress → Fix Committed
Launchpad Janitor (janitor) wrote :
Download full text (39.7 KiB)

This bug was fixed in the package linux - 4.18.0-12.13

linux (4.18.0-12.13) cosmic; urgency=medium

  * linux: 4.18.0-12.13 -proposed tracker (LP: #1802743)

  * [FEAT] Guest-dedicated Crypto Adapters (LP: #1787405)
    - s390/zcrypt: Add ZAPQ inline function.
    - s390/zcrypt: Review inline assembler constraints.
    - s390/zcrypt: Integrate ap_asm.h into include/asm/ap.h.
    - s390/zcrypt: fix ap_instructions_available() returncodes
    - KVM: s390: vsie: simulate VCPU SIE entry/exit
    - KVM: s390: introduce and use KVM_REQ_VSIE_RESTART
    - KVM: s390: refactor crypto initialization
    - s390: vfio-ap: base implementation of VFIO AP device driver
    - s390: vfio-ap: register matrix device with VFIO mdev framework
    - s390: vfio-ap: sysfs interfaces to configure adapters
    - s390: vfio-ap: sysfs interfaces to configure domains
    - s390: vfio-ap: sysfs interfaces to configure control domains
    - s390: vfio-ap: sysfs interface to view matrix mdev matrix
    - KVM: s390: interface to clear CRYCB masks
    - s390: vfio-ap: implement mediated device open callback
    - s390: vfio-ap: implement VFIO_DEVICE_GET_INFO ioctl
    - s390: vfio-ap: zeroize the AP queues
    - s390: vfio-ap: implement VFIO_DEVICE_RESET ioctl
    - KVM: s390: Clear Crypto Control Block when using vSIE
    - KVM: s390: vsie: Do the CRYCB validation first
    - KVM: s390: vsie: Make use of CRYCB FORMAT2 clear
    - KVM: s390: vsie: Allow CRYCB FORMAT-2
    - KVM: s390: vsie: allow CRYCB FORMAT-1
    - KVM: s390: vsie: allow CRYCB FORMAT-0
    - KVM: s390: vsie: allow guest FORMAT-0 CRYCB on host FORMAT-1
    - KVM: s390: vsie: allow guest FORMAT-1 CRYCB on host FORMAT-2
    - KVM: s390: vsie: allow guest FORMAT-0 CRYCB on host FORMAT-2
    - KVM: s390: device attrs to enable/disable AP interpretation
    - KVM: s390: CPU model support for AP virtualization
    - s390: doc: detailed specifications for AP virtualization
    - KVM: s390: fix locking for crypto setting error path
    - KVM: s390: Tracing APCB changes
    - s390: vfio-ap: setup APCB mask using KVM dedicated function
    - [Config:] Enable CONFIG_S390_AP_IOMMU and set CONFIG_VFIO_AP to module.

  * Bypass of mount visibility through userns + mount propagation (LP: #1789161)
    - mount: Retest MNT_LOCKED in do_umount
    - mount: Don't allow copying MNT_UNBINDABLE|MNT_LOCKED mounts

  * CVE-2018-18955: nested user namespaces with more than five extents
    incorrectly grant privileges over inode (LP: #1801924) // CVE-2018-18955
    - userns: also map extents in the reverse map to kernel IDs

  * kdump fail due to an IRQ storm (LP: #1797990)
    - SAUCE: x86/PCI: Export find_cap() to be used in early PCI code
    - SAUCE: x86/quirks: Add parameter to clear MSIs early on boot
    - SAUCE: x86/quirks: Scan all busses for early PCI quirks

  * crash in ENA driver on removing an interface (LP: #1802341)
    - SAUCE: net: ena: fix crash during ena_remove()

  * Ubuntu 18.04.1 - [s390x] Kernel panic while stressing network bonding
    (LP: #1797367)
    - s390/qeth: reduce hard-coded access to ccw channels
    - s390/qeth: sanitize strings in debug messages

  * Add checksum offload and T...

Changed in linux (Ubuntu Cosmic):
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers