Cosmic update: 4.18.13 upstream stable release

Bug #1801931 reported by Stefan Bader on 2018-11-06
16
This bug affects 2 people
Affects Status Importance Assigned to Milestone
linux (Ubuntu)
Undecided
Unassigned
Cosmic
Medium
Stefan Bader

Bug Description

SRU Justification

    Impact:
       The upstream process for stable tree updates is quite similar
       in scope to the Ubuntu SRU process, e.g., each patch has to
       demonstrably fix a bug, and each patch is vetted by upstream
       by originating either directly from a mainline/stable Linux tree or
       a minimally backported form of that patch. The following upstream
       stable patches should be included in the Ubuntu kernel:

       4.18.13 upstream stable release
       from git://git.kernel.org/

The following patches will be applied:
* rseq/selftests: fix parametrized test with -fpie
* mac80211: Run TXQ teardown code before de-registering interfaces
* mac80211_hwsim: require at least one channel
* Btrfs: fix unexpected failure of nocow buffered writes after snapshotting when
  low on space
* KVM: PPC: Book3S HV: Don't truncate HPTE index in xlate function
* cfg80211: remove division by size of sizeof(struct ieee80211_wmm_rule)
* btrfs: btrfs_shrink_device should call commit transaction at the end
* scsi: csiostor: add a check for NULL pointer after kmalloc()
* scsi: csiostor: fix incorrect port capabilities
* scsi: libata: Add missing newline at end of file
* scsi: aacraid: fix a signedness bug
* bpf, sockmap: fix potential use after free in bpf_tcp_close
* bpf, sockmap: fix psock refcount leak in bpf_tcp_recvmsg
* bpf: sockmap, decrement copied count correctly in redirect error case
* mac80211: correct use of IEEE80211_VHT_CAP_RXSTBC_X
* mac80211_hwsim: correct use of IEEE80211_VHT_CAP_RXSTBC_X
* cfg80211: make wmm_rule part of the reg_rule structure
* mac80211_hwsim: Fix possible Spectre-v1 for hwsim_world_regdom_custom
* nl80211: Fix nla_put_u8 to u16 for NL80211_WMMR_TXOP
* nl80211: Pass center frequency in kHz instead of MHz
* bpf: fix several offset tests in bpf_msg_pull_data
* gpio: adp5588: Fix sleep-in-atomic-context bug
* mac80211: mesh: fix HWMP sequence numbering to follow standard
* mac80211: avoid kernel panic when building AMSDU from non-linear SKB
* gpiolib: acpi: Switch to cansleep version of GPIO library call
* gpiolib-acpi: Register GpioInt ACPI event handlers from a late_initcall
* gpio: dwapb: Fix error handling in dwapb_gpio_probe()
* bpf: fix msg->data/data_end after sg shift repair in bpf_msg_pull_data
* bpf: fix shift upon scatterlist ring wrap-around in bpf_msg_pull_data
* bpf: fix sg shift repair start offset in bpf_msg_pull_data
* tipc: switch to rhashtable iterator
* sh_eth: Add R7S9210 support
* net: mvpp2: initialize port of_node pointer
* tc-testing: add test-cases for numeric and invalid control action
* cfg80211: nl80211_update_ft_ies() to validate NL80211_ATTR_IE
* mac80211: do not convert to A-MSDU if frag/subframe limited
* mac80211: always account for A-MSDU header changes
* tools/kvm_stat: fix python3 issues
* tools/kvm_stat: fix handling of invalid paths in debugfs provider
* tools/kvm_stat: fix updates for dead guests
* gpio: Fix crash due to registration race
* ARC: atomics: unbork atomic_fetch_##op()
* Revert "blk-throttle: fix race between blkcg_bio_issue_check() and
  cgroup_rmdir()"
* md/raid5-cache: disable reshape completely
* RAID10 BUG_ON in raise_barrier when force is true and conf->barrier is 0
* selftests: pmtu: maximum MTU for vti4 is 2^16-1-20
* selftests: pmtu: detect correct binary to ping ipv6 addresses
* ibmvnic: Include missing return code checks in reset function
* bpf: Fix bpf_msg_pull_data()
* bpf: avoid misuse of psock when TCP_ULP_BPF collides with another ULP
* i2c: uniphier: issue STOP only for last message or I2C_M_STOP
* i2c: uniphier-f: issue STOP only for last message or I2C_M_STOP
* net: cadence: Fix a sleep-in-atomic-context bug in macb_halt_tx()
* fs/cifs: don't translate SFM_SLASH (U+F026) to backslash
* mac80211: fix an off-by-one issue in A-MSDU max_subframe computation
* cfg80211: fix a type issue in ieee80211_chandef_to_operating_class()
* mac80211: fix WMM TXOP calculation
* mac80211: fix a race between restart and CSA flows
* mac80211: Fix station bandwidth setting after channel switch
* mac80211: don't Tx a deauth frame if the AP forbade Tx
* mac80211: shorten the IBSS debug messages
* fsnotify: fix ignore mask logic in fsnotify()
* net/ibm/emac: wrong emac_calc_base call was used by typo
* nds32: fix logic for module
* nds32: add NULL entry to the end of_device_id array
* nds32: Fix empty call trace
* nds32: Fix get_user/put_user macro expand pointer problem
* nds32: fix build error because of wrong semicolon
* tools/vm/slabinfo.c: fix sign-compare warning
* tools/vm/page-types.c: fix "defined but not used" warning
* nds32: linker script: GCOV kernel may refers data in __exit
* ceph: avoid a use-after-free in ceph_destroy_options()
* firmware: arm_scmi: fix divide by zero when sustained_perf_level is zero
* afs: Fix cell specification to permit an empty address list
* mm: madvise(MADV_DODUMP): allow hugetlbfs pages
* bpf: 32-bit RSH verification must truncate input before the ALU op
* netfilter: xt_cluster: add dependency on conntrack module
* netfilter: xt_checksum: ignore gso skbs
* HID: intel-ish-hid: Enable Sunrise Point-H ish driver
* HID: add support for Apple Magic Keyboards
* usb: gadget: fotg210-udc: Fix memory leak of fotg210->ep[i]
* HID: hid-saitek: Add device ID for RAT 7 Contagion
* scsi: iscsi: target: Set conn->sess to NULL when iscsi_login_set_conn_values
  fails
* scsi: iscsi: target: Fix conn_ops double free
* scsi: qedi: Add the CRC size within iSCSI NVM image
* perf annotate: Properly interpret indirect call
* perf evsel: Fix potential null pointer dereference in perf_evsel__new_idx()
* perf util: Fix bad memory access in trace info.
* perf probe powerpc: Ignore SyS symbols irrespective of endianness
* perf annotate: Fix parsing aarch64 branch instructions after objdump update
* netfilter: kconfig: nat related expression depend on nftables core
* netfilter: nf_tables: release chain in flushing set
* Revert "iio: temperature: maxim_thermocouple: add MAX31856 part"
* iio: imu: st_lsm6dsx: take into account ts samples in wm configuration
* RDMA/ucma: check fd type in ucma_migrate_id()
* riscv: Do not overwrite initrd_start and initrd_end
* HID: sensor-hub: Restore fixup for Lenovo ThinkPad Helix 2 sensor hub report
* usb: host: xhci-plat: Iterate over parent nodes for finding quirks
* USB: yurex: Check for truncation in yurex_read()
* nvmet-rdma: fix possible bogus dereference under heavy load
* bnxt_re: Fix couple of memory leaks that could lead to IOMMU call traces
* net/mlx5: Consider PCI domain in search for next dev
* dm raid: fix reshape race on small devices
* drm/nouveau: fix oops in client init failure path
* drm/nouveau/mmu: don't attempt to dereference vmm without valid instance pointer
* drm/nouveau/TBDdevinit: don't fail when PMU/PRE_OS is missing from VBIOS
* drm/nouveau/disp: fix DP disable race
* drm/nouveau/disp/gm200-: enforce identity-mapped SOR assignment for LVDS/eDP
  panels
* dm raid: fix stripe adding reshape deadlock
* dm raid: fix rebuild of specific devices by updating superblock
* dm raid: fix RAID leg rebuild errors
* r8169: set TxConfig register after TX / RX is enabled, just like RxConfig
* fs/cifs: suppress a string overflow warning
* perf/x86/intel: Add support/quirk for the MISPREDICT bit on Knights Landing CPUs
* sched/topology: Set correct NUMA topology type
* dm thin metadata: try to avoid ever aborting transactions
* netfilter: nfnetlink_queue: Solve the NFQUEUE/conntrack clash for NF_REPEAT
* netfilter: xt_hashlimit: use s->file instead of s->private
* arch/hexagon: fix kernel/dma.c build warning
* hexagon: modify ffs() and fls() to return int
* drm/amdgpu: Fix SDMA hang in prt mode v2
* arm64: jump_label.h: use asm_volatile_goto macro instead of "asm goto"
* drm/amdgpu: fix error handling in amdgpu_cs_user_fence_chunk
* r8169: Clear RTL_FLAG_TASK_*_PENDING when clearing RTL_FLAG_TASK_ENABLED
* s390/qeth: don't dump past end of unknown HW header
* cifs: read overflow in is_valid_oplock_break()
* asm-generic: io: Fix ioport_map() for !CONFIG_GENERIC_IOMAP &&
  CONFIG_INDIRECT_PIO
* xen/manage: don't complain about an empty value in control/sysrq node
* xen: avoid crash in disable_hotplug_cpu
* xen: fix GCC warning and remove duplicate EVTCHN_ROW/EVTCHN_COL usage
* x86/APM: Fix build warning when PROC_FS is not enabled
* new primitive: discard_new_inode()
* vfs: don't evict uninitialized inode
* ovl: set I_CREATING on inode being created
* ovl: fix access beyond unterminated strings
* ovl: fix memory leak on unlink of indexed file
* ovl: fix format of setxattr debug
* sysfs: Do not return POSIX ACL xattrs via listxattr
* b43: fix DMA error related regression with proprietary firmware
* firmware: Fix security issue with request_firmware_into_buf()
* firmware: Always initialize the fw_priv list object
* cpufreq: qcom-kryo: Fix section annotations
* smb2: fix missing files in root share directory listing
* iommu/amd: Clear memory encryption mask from physical address
* ALSA: hda/realtek - Cannot adjust speaker's volume on Dell XPS 27 7760
* crypto: qat - Fix KASAN stack-out-of-bounds bug in adf_probe()
* crypto: chelsio - Fix memory corruption in DMA Mapped buffers.
* crypto: mxs-dcp - Fix wait logic on chan threads
* crypto: caam/jr - fix ablkcipher_edesc pointer arithmetic
* gpiolib: Free the last requested descriptor
* Drivers: hv: vmbus: Use get/put_cpu() in vmbus_connect()
* tools: hv: fcopy: set 'error' in case an unknown operation was requested
* proc: restrict kernel stack dumps to root
* ocfs2: fix locking for res->tracking and dlm->tracking_list
* HID: i2c-hid: disable runtime PM operations on hantick touchpad
* ixgbe: check return value of napi_complete_done()
* dm thin metadata: fix __udivdi3 undefined on 32-bit
* Revert "drm/amd/pp: Send khz clock values to DC for smu7/8"
* Linux 4.18.13

Stefan Bader (smb) on 2018-11-06
tags: added: kernel-stable-tracking-bug
Changed in linux (Ubuntu):
status: New → Invalid
Changed in linux (Ubuntu Cosmic):
assignee: nobody → Stefan Bader (smb)
importance: Undecided → Medium
status: New → In Progress
Stefan Bader (smb) wrote :

Skipping because those were already applied for bug #1792209.
* "net: hns: add the code for cleaning pkt in chip"
* "net: hns: add netif_carrier_off before change speed and duplex"

Skip "HID: i2c-hid: Don't reset device upon system resume" because it was already applied for bug #1792309.

Skipping because those were already applied for bug #1792044
* "net: ena: fix surprise unplug NULL dereference kernel crash"
* "net: ena: fix driver when PAGE_SIZE == 64kB"
* "net: ena: fix device destruction to gracefully free resources"
* "net: ena: fix potential double ena_destroy_device()"
* "net: ena: fix missing lock during device destruction"
* "net: ena: fix missing calls to READ_ONCE"

Skip "s390/qeth: use vzalloc for QUERY OAT buffer" because it was already applied for bug #1793086.

Stefan Bader (smb) on 2018-11-06
description: updated

Regression for Bug #1796720.
* "Driver: Video(DRI - non Intel): fix Power consumption RX560 idle raised from 7 W to 13 W"

Changed in linux (Ubuntu Cosmic):
status: In Progress → Fix Committed
Launchpad Janitor (janitor) wrote :
Download full text (39.7 KiB)

This bug was fixed in the package linux - 4.18.0-12.13

---------------
linux (4.18.0-12.13) cosmic; urgency=medium

  * linux: 4.18.0-12.13 -proposed tracker (LP: #1802743)

  * [FEAT] Guest-dedicated Crypto Adapters (LP: #1787405)
    - s390/zcrypt: Add ZAPQ inline function.
    - s390/zcrypt: Review inline assembler constraints.
    - s390/zcrypt: Integrate ap_asm.h into include/asm/ap.h.
    - s390/zcrypt: fix ap_instructions_available() returncodes
    - KVM: s390: vsie: simulate VCPU SIE entry/exit
    - KVM: s390: introduce and use KVM_REQ_VSIE_RESTART
    - KVM: s390: refactor crypto initialization
    - s390: vfio-ap: base implementation of VFIO AP device driver
    - s390: vfio-ap: register matrix device with VFIO mdev framework
    - s390: vfio-ap: sysfs interfaces to configure adapters
    - s390: vfio-ap: sysfs interfaces to configure domains
    - s390: vfio-ap: sysfs interfaces to configure control domains
    - s390: vfio-ap: sysfs interface to view matrix mdev matrix
    - KVM: s390: interface to clear CRYCB masks
    - s390: vfio-ap: implement mediated device open callback
    - s390: vfio-ap: implement VFIO_DEVICE_GET_INFO ioctl
    - s390: vfio-ap: zeroize the AP queues
    - s390: vfio-ap: implement VFIO_DEVICE_RESET ioctl
    - KVM: s390: Clear Crypto Control Block when using vSIE
    - KVM: s390: vsie: Do the CRYCB validation first
    - KVM: s390: vsie: Make use of CRYCB FORMAT2 clear
    - KVM: s390: vsie: Allow CRYCB FORMAT-2
    - KVM: s390: vsie: allow CRYCB FORMAT-1
    - KVM: s390: vsie: allow CRYCB FORMAT-0
    - KVM: s390: vsie: allow guest FORMAT-0 CRYCB on host FORMAT-1
    - KVM: s390: vsie: allow guest FORMAT-1 CRYCB on host FORMAT-2
    - KVM: s390: vsie: allow guest FORMAT-0 CRYCB on host FORMAT-2
    - KVM: s390: device attrs to enable/disable AP interpretation
    - KVM: s390: CPU model support for AP virtualization
    - s390: doc: detailed specifications for AP virtualization
    - KVM: s390: fix locking for crypto setting error path
    - KVM: s390: Tracing APCB changes
    - s390: vfio-ap: setup APCB mask using KVM dedicated function
    - [Config:] Enable CONFIG_S390_AP_IOMMU and set CONFIG_VFIO_AP to module.

  * Bypass of mount visibility through userns + mount propagation (LP: #1789161)
    - mount: Retest MNT_LOCKED in do_umount
    - mount: Don't allow copying MNT_UNBINDABLE|MNT_LOCKED mounts

  * CVE-2018-18955: nested user namespaces with more than five extents
    incorrectly grant privileges over inode (LP: #1801924) // CVE-2018-18955
    - userns: also map extents in the reverse map to kernel IDs

  * kdump fail due to an IRQ storm (LP: #1797990)
    - SAUCE: x86/PCI: Export find_cap() to be used in early PCI code
    - SAUCE: x86/quirks: Add parameter to clear MSIs early on boot
    - SAUCE: x86/quirks: Scan all busses for early PCI quirks

  * crash in ENA driver on removing an interface (LP: #1802341)
    - SAUCE: net: ena: fix crash during ena_remove()

  * Ubuntu 18.04.1 - [s390x] Kernel panic while stressing network bonding
    (LP: #1797367)
    - s390/qeth: reduce hard-coded access to ccw channels
    - s390/qeth: sanitize strings in debug messages

  * Add checksum offload and T...

Changed in linux (Ubuntu Cosmic):
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers