Cosmic update: 4.18.17 upstream stable release

Bug #1802119 reported by Stefan Bader on 2018-11-07
10
This bug affects 1 person
Affects Status Importance Assigned to Milestone
linux (Ubuntu)
Undecided
Unassigned
Cosmic
Medium
Stefan Bader

Bug Description

SRU Justification

    Impact:
       The upstream process for stable tree updates is quite similar
       in scope to the Ubuntu SRU process, e.g., each patch has to
       demonstrably fix a bug, and each patch is vetted by upstream
       by originating either directly from a mainline/stable Linux tree or
       a minimally backported form of that patch. The following upstream
       stable patches should be included in the Ubuntu kernel:

       4.18.17 upstream stable release
       from git://git.kernel.org/

The following patches will be applied:
* xfrm: Validate address prefix lengths in the xfrm selector.
* xfrm6: call kfree_skb when skb is toobig
* xfrm: reset transport header back to network header after all input
  transforms ahave been applied
* xfrm: reset crypto_done when iterating over multiple input xfrms
* mac80211: Always report TX status
* cfg80211: reg: Init wiphy_idx in regulatory_hint_core()
* mac80211: fix pending queue hang due to TX_DROP
* cfg80211: Address some corner cases in scan result channel updating
* mac80211: TDLS: fix skb queue/priority assignment
* mac80211: fix TX status reporting for ieee80211s
* xfrm: Fix NULL pointer dereference when skb_dst_force clears the dst_entry.
* ARM: 8799/1: mm: fix pci_ioremap_io() offset check
* xfrm: validate template mode
* drm/i2c: tda9950: fix timeout counter check
* drm/i2c: tda9950: set MAX_RETRIES for errors only
* netfilter: bridge: Don't sabotage nf_hook calls from an l3mdev
* netfilter: conntrack: get rid of double sizeof
* arm64: hugetlb: Fix handling of young ptes
* ARM: dts: BCM63xx: Fix incorrect interrupt specifiers
* net: macb: Clean 64b dma addresses if they are not detected
* soc: fsl: qbman: qman: avoid allocating from non existing gen_pool
* soc: fsl: qe: Fix copy/paste bug in ucc_get_tdm_sync_shift()
* nl80211: Fix possible Spectre-v1 for NL80211_TXRATE_HT
* mac80211_hwsim: fix locking when iterating radios during ns exit
* mac80211_hwsim: fix race in radio destruction from netlink notifier
* mac80211_hwsim: do not omit multicast announce of first added radio
* Bluetooth: SMP: fix crash in unpairing
* pxa168fb: prepare the clock
* qed: Avoid implicit enum conversion in qed_set_tunn_cls_info
* qed: Fix mask parameter in qed_vf_prep_tunn_req_tlv
* qed: Avoid implicit enum conversion in qed_roce_mode_to_flavor
* qed: Avoid constant logical operation warning in qed_vf_pf_acquire
* qed: Avoid implicit enum conversion in qed_iwarp_parse_rx_pkt
* nl80211: Fix possible Spectre-v1 for CQM RSSI thresholds
* scsi: qedi: Initialize the stats mutex lock
* rxrpc: Fix checks as to whether we should set up a new call
* rxrpc: Fix RTT gathering
* rxrpc: Fix transport sockopts to get IPv4 errors on an IPv6 socket
* rxrpc: Fix error distribution
* netfilter: nft_set_rbtree: add missing rb_erase() in GC routine
* netfilter: avoid erronous array bounds warning
* asix: Check for supported Wake-on-LAN modes
* ax88179_178a: Check for supported Wake-on-LAN modes
* lan78xx: Check for supported Wake-on-LAN modes
* sr9800: Check for supported Wake-on-LAN modes
* r8152: Check for supported Wake-on-LAN Modes
* smsc75xx: Check for Wake-on-LAN modes
* smsc95xx: Check for Wake-on-LAN modes
* cfg80211: fix use-after-free in reg_process_hint()
* KVM: nVMX: Do not expose MPX VMX controls when guest MPX disabled
* KVM: x86: Do not use kvm_x86_ops->mpx_supported() directly
* KVM: nVMX: Fix emulation of VM_ENTRY_LOAD_BNDCFGS
* perf/core: Fix perf_pmu_unregister() locking
* perf/x86/intel/uncore: Use boot_cpu_data.phys_proc_id instead of
  hardcorded physical package ID 0
* perf/ring_buffer: Prevent concurent ring buffer access
* perf/x86/intel/uncore: Fix PCI BDF address of M3UPI on SKX
* perf/x86/amd/uncore: Set ThreadMask and SliceMask for L3 Cache perf events
* thunderbolt: Do not handle ICM events after domain is stopped
* thunderbolt: Initialize after IOMMUs
* net: fec: fix rare tx timeout
* declance: Fix continuation with the adapter identification message
* RISCV: Fix end PFN for low memory
* Revert "serial: 8250_dw: Fix runtime PM handling"
* locking/ww_mutex: Fix runtime warning in the WW mutex selftest
* drm/amd/display: Signal hw_done() after waiting for flip_done()
* be2net: don't flip hw_features when VXLANs are added/deleted
* powerpc/numa: Skip onlining a offline node in kdump path
* net: cxgb3_main: fix a missing-check bug
* yam: fix a missing-check bug
* ocfs2: fix crash in ocfs2_duplicate_clusters_by_page()
* mm/gup_benchmark: fix unsigned comparison to zero in __gup_benchmark_ioctl
* mm/migrate.c: split only transparent huge pages when allocation fails
* x86/paravirt: Fix some warning messages
* clk: mvebu: armada-37xx-periph: Remove unused var num_parents
* libertas: call into generic suspend code before turning off power
* perf report: Don't try to map ip to invalid map
* tls: Fix improper revert in zerocopy_from_iter
* HID: i2c-hid: Remove RESEND_REPORT_DESCR quirk and its handling
* compiler.h: Allow arch-specific asm/compiler.h
* ARM: dts: imx53-qsb: disable 1.2GHz OPP
* perf python: Use -Wno-redundant-decls to build with PYTHON=python3
* perf record: Use unmapped IP for inline callchain cursors
* rxrpc: Don't check RXRPC_CALL_TX_LAST after calling rxrpc_rotate_tx_window()
* rxrpc: Carry call state out of locked section in rxrpc_rotate_tx_window()
* rxrpc: Only take the rwind and mtu values from latest ACK
* rxrpc: Fix connection-level abort handling
* KVM: x86: support CONFIG_KVM_AMD=y with CONFIG_CRYPTO_DEV_CCP_DD=m
* net: ena: fix warning in rmmod caused by double iounmap
* net: ena: fix rare bug when failed restart/resume is followed by driver removal
* net: ena: fix NULL dereference due to untimely napi initialization
* gpio: Assign gpio_irq_chip::parents to non-stack pointer
* IB/mlx5: Unmap DMA addr from HCA before IOMMU
* rds: RDS (tcp) hangs on sendto() to unresponding address
* selftests: rtnetlink.sh explicitly requires bash.
* selftests: udpgso_bench.sh explicitly requires bash
* vmlinux.lds.h: Fix incomplete .text.exit discards
* vmlinux.lds.h: Fix linker warnings about orphan .LPBX sections
* afs: Fix cell proc list
* fs/fat/fatent.c: add cond_resched() to fat_count_free_clusters()
* Revert "mm: slowly shrink slabs with a relatively small number of objects"
* Revert "netfilter: ipv6: nf_defrag: drop skb dst before queueing"
* perf tools: Disable parallelism for 'make clean'
* bridge: do not add port to router list when receives query with source 0.0.0.0
* ipv6: mcast: fix a use-after-free in inet6_mc_check
* ipv6/ndisc: Preserve IPv6 control buffer if protocol error handlers are called
* ipv6: rate-limit probes for neighbourless routes
* llc: set SOCK_RCU_FREE in llc_sap_add_socket()
* net: fec: don't dump RX FIFO register when not available
* net/ipv6: Fix index counter for unicast addresses in in6_dump_addrs
* net/mlx5e: fix csum adjustments caused by RXFCS
* net: sched: gred: pass the right attribute to gred_change_table_def()
* net: socket: fix a missing-check bug
* net: stmmac: Fix stmmac_mdio_reset() when building stmmac as modules
* net: udp: fix handling of CHECKSUM_COMPLETE packets
* r8169: fix NAPI handling under high load
* rtnetlink: Disallow FDB configuration for non-Ethernet device
* sctp: fix race on sctp_id2asoc
* tipc: fix unsafe rcu locking when accessing publication list
* udp6: fix encap return code for resubmitting
* vhost: Fix Spectre V1 vulnerability
* virtio_net: avoid using netif_tx_disable() for serializing tx routine
* ethtool: fix a privilege escalation bug
* bonding: fix length of actor system
* ip6_tunnel: Fix encapsulation layout
* openvswitch: Fix push/pop ethernet validation
* net: ipmr: fix unresolved entry dumps
* net/mlx5: Take only bit 24-26 of wqe.pftype_wq for page fault type
* net: bcmgenet: Poll internal PHY for GENETv5
* net: sched: Fix for duplicate class dump
* net/sched: cls_api: add missing validation of netlink attributes
* net/ipv6: Allow onlink routes to have a device mismatch if it is the
  default route
* sctp: fix the data size calculation in sctp_data_size
* sctp: not free the new asoc when sctp_wait_for_connect returns err
* net/mlx5: Fix memory leak when setting fpga ipsec caps
* net/smc: fix smc_buf_unuse to use the lgr pointer
* mlxsw: spectrum_switchdev: Don't ignore deletions of learned MACs
* net: bpfilter: use get_pid_task instead of pid_task
* net: drop skb on failure in ip_check_defrag()
* net: fix pskb_trim_rcsum_slow() with odd trim offset
* net/mlx5: WQ, fixes for fragmented WQ buffers API
* mlxsw: core: Fix devlink unregister flow
* sparc64: Export __node_distance.
* sparc64: Make corrupted user stacks more debuggable.
* sparc64: Make proc_id signed.
* sparc64: Set %l4 properly on trap return after handling signals.
* sparc64: Wire up compat getpeername and getsockname.
* sparc: Fix single-pcr perf event counter management.
* sparc: Fix syscall fallback bugs in VDSO.
* sparc: Throttle perf events properly.
* net: bridge: remove ipv6 zero address check in mcast queries
* Linux 4.18.17

Stefan Bader (smb) on 2018-11-07
tags: added: kernel-stable-tracking-bug
Changed in linux (Ubuntu Cosmic):
assignee: nobody → Stefan Bader (smb)
importance: Undecided → Medium
status: New → In Progress
Changed in linux (Ubuntu):
status: New → Invalid
Stefan Bader (smb) on 2018-11-07
description: updated
Changed in linux (Ubuntu Cosmic):
status: In Progress → Fix Committed
Launchpad Janitor (janitor) wrote :
Download full text (39.7 KiB)

This bug was fixed in the package linux - 4.18.0-12.13

---------------
linux (4.18.0-12.13) cosmic; urgency=medium

  * linux: 4.18.0-12.13 -proposed tracker (LP: #1802743)

  * [FEAT] Guest-dedicated Crypto Adapters (LP: #1787405)
    - s390/zcrypt: Add ZAPQ inline function.
    - s390/zcrypt: Review inline assembler constraints.
    - s390/zcrypt: Integrate ap_asm.h into include/asm/ap.h.
    - s390/zcrypt: fix ap_instructions_available() returncodes
    - KVM: s390: vsie: simulate VCPU SIE entry/exit
    - KVM: s390: introduce and use KVM_REQ_VSIE_RESTART
    - KVM: s390: refactor crypto initialization
    - s390: vfio-ap: base implementation of VFIO AP device driver
    - s390: vfio-ap: register matrix device with VFIO mdev framework
    - s390: vfio-ap: sysfs interfaces to configure adapters
    - s390: vfio-ap: sysfs interfaces to configure domains
    - s390: vfio-ap: sysfs interfaces to configure control domains
    - s390: vfio-ap: sysfs interface to view matrix mdev matrix
    - KVM: s390: interface to clear CRYCB masks
    - s390: vfio-ap: implement mediated device open callback
    - s390: vfio-ap: implement VFIO_DEVICE_GET_INFO ioctl
    - s390: vfio-ap: zeroize the AP queues
    - s390: vfio-ap: implement VFIO_DEVICE_RESET ioctl
    - KVM: s390: Clear Crypto Control Block when using vSIE
    - KVM: s390: vsie: Do the CRYCB validation first
    - KVM: s390: vsie: Make use of CRYCB FORMAT2 clear
    - KVM: s390: vsie: Allow CRYCB FORMAT-2
    - KVM: s390: vsie: allow CRYCB FORMAT-1
    - KVM: s390: vsie: allow CRYCB FORMAT-0
    - KVM: s390: vsie: allow guest FORMAT-0 CRYCB on host FORMAT-1
    - KVM: s390: vsie: allow guest FORMAT-1 CRYCB on host FORMAT-2
    - KVM: s390: vsie: allow guest FORMAT-0 CRYCB on host FORMAT-2
    - KVM: s390: device attrs to enable/disable AP interpretation
    - KVM: s390: CPU model support for AP virtualization
    - s390: doc: detailed specifications for AP virtualization
    - KVM: s390: fix locking for crypto setting error path
    - KVM: s390: Tracing APCB changes
    - s390: vfio-ap: setup APCB mask using KVM dedicated function
    - [Config:] Enable CONFIG_S390_AP_IOMMU and set CONFIG_VFIO_AP to module.

  * Bypass of mount visibility through userns + mount propagation (LP: #1789161)
    - mount: Retest MNT_LOCKED in do_umount
    - mount: Don't allow copying MNT_UNBINDABLE|MNT_LOCKED mounts

  * CVE-2018-18955: nested user namespaces with more than five extents
    incorrectly grant privileges over inode (LP: #1801924) // CVE-2018-18955
    - userns: also map extents in the reverse map to kernel IDs

  * kdump fail due to an IRQ storm (LP: #1797990)
    - SAUCE: x86/PCI: Export find_cap() to be used in early PCI code
    - SAUCE: x86/quirks: Add parameter to clear MSIs early on boot
    - SAUCE: x86/quirks: Scan all busses for early PCI quirks

  * crash in ENA driver on removing an interface (LP: #1802341)
    - SAUCE: net: ena: fix crash during ena_remove()

  * Ubuntu 18.04.1 - [s390x] Kernel panic while stressing network bonding
    (LP: #1797367)
    - s390/qeth: reduce hard-coded access to ccw channels
    - s390/qeth: sanitize strings in debug messages

  * Add checksum offload and T...

Changed in linux (Ubuntu Cosmic):
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers