Cosmic update: 4.18.17 upstream stable release

Bug #1802119 reported by Stefan Bader on 2018-11-07
This bug affects 1 person
Affects Status Importance Assigned to Milestone
linux (Ubuntu)
Stefan Bader

Bug Description

SRU Justification

       The upstream process for stable tree updates is quite similar
       in scope to the Ubuntu SRU process, e.g., each patch has to
       demonstrably fix a bug, and each patch is vetted by upstream
       by originating either directly from a mainline/stable Linux tree or
       a minimally backported form of that patch. The following upstream
       stable patches should be included in the Ubuntu kernel:

       4.18.17 upstream stable release
       from git://

The following patches will be applied:
* xfrm: Validate address prefix lengths in the xfrm selector.
* xfrm6: call kfree_skb when skb is toobig
* xfrm: reset transport header back to network header after all input
  transforms ahave been applied
* xfrm: reset crypto_done when iterating over multiple input xfrms
* mac80211: Always report TX status
* cfg80211: reg: Init wiphy_idx in regulatory_hint_core()
* mac80211: fix pending queue hang due to TX_DROP
* cfg80211: Address some corner cases in scan result channel updating
* mac80211: TDLS: fix skb queue/priority assignment
* mac80211: fix TX status reporting for ieee80211s
* xfrm: Fix NULL pointer dereference when skb_dst_force clears the dst_entry.
* ARM: 8799/1: mm: fix pci_ioremap_io() offset check
* xfrm: validate template mode
* drm/i2c: tda9950: fix timeout counter check
* drm/i2c: tda9950: set MAX_RETRIES for errors only
* netfilter: bridge: Don't sabotage nf_hook calls from an l3mdev
* netfilter: conntrack: get rid of double sizeof
* arm64: hugetlb: Fix handling of young ptes
* ARM: dts: BCM63xx: Fix incorrect interrupt specifiers
* net: macb: Clean 64b dma addresses if they are not detected
* soc: fsl: qbman: qman: avoid allocating from non existing gen_pool
* soc: fsl: qe: Fix copy/paste bug in ucc_get_tdm_sync_shift()
* nl80211: Fix possible Spectre-v1 for NL80211_TXRATE_HT
* mac80211_hwsim: fix locking when iterating radios during ns exit
* mac80211_hwsim: fix race in radio destruction from netlink notifier
* mac80211_hwsim: do not omit multicast announce of first added radio
* Bluetooth: SMP: fix crash in unpairing
* pxa168fb: prepare the clock
* qed: Avoid implicit enum conversion in qed_set_tunn_cls_info
* qed: Fix mask parameter in qed_vf_prep_tunn_req_tlv
* qed: Avoid implicit enum conversion in qed_roce_mode_to_flavor
* qed: Avoid constant logical operation warning in qed_vf_pf_acquire
* qed: Avoid implicit enum conversion in qed_iwarp_parse_rx_pkt
* nl80211: Fix possible Spectre-v1 for CQM RSSI thresholds
* scsi: qedi: Initialize the stats mutex lock
* rxrpc: Fix checks as to whether we should set up a new call
* rxrpc: Fix RTT gathering
* rxrpc: Fix transport sockopts to get IPv4 errors on an IPv6 socket
* rxrpc: Fix error distribution
* netfilter: nft_set_rbtree: add missing rb_erase() in GC routine
* netfilter: avoid erronous array bounds warning
* asix: Check for supported Wake-on-LAN modes
* ax88179_178a: Check for supported Wake-on-LAN modes
* lan78xx: Check for supported Wake-on-LAN modes
* sr9800: Check for supported Wake-on-LAN modes
* r8152: Check for supported Wake-on-LAN Modes
* smsc75xx: Check for Wake-on-LAN modes
* smsc95xx: Check for Wake-on-LAN modes
* cfg80211: fix use-after-free in reg_process_hint()
* KVM: nVMX: Do not expose MPX VMX controls when guest MPX disabled
* KVM: x86: Do not use kvm_x86_ops->mpx_supported() directly
* KVM: nVMX: Fix emulation of VM_ENTRY_LOAD_BNDCFGS
* perf/core: Fix perf_pmu_unregister() locking
* perf/x86/intel/uncore: Use boot_cpu_data.phys_proc_id instead of
  hardcorded physical package ID 0
* perf/ring_buffer: Prevent concurent ring buffer access
* perf/x86/intel/uncore: Fix PCI BDF address of M3UPI on SKX
* perf/x86/amd/uncore: Set ThreadMask and SliceMask for L3 Cache perf events
* thunderbolt: Do not handle ICM events after domain is stopped
* thunderbolt: Initialize after IOMMUs
* net: fec: fix rare tx timeout
* declance: Fix continuation with the adapter identification message
* RISCV: Fix end PFN for low memory
* Revert "serial: 8250_dw: Fix runtime PM handling"
* locking/ww_mutex: Fix runtime warning in the WW mutex selftest
* drm/amd/display: Signal hw_done() after waiting for flip_done()
* be2net: don't flip hw_features when VXLANs are added/deleted
* powerpc/numa: Skip onlining a offline node in kdump path
* net: cxgb3_main: fix a missing-check bug
* yam: fix a missing-check bug
* ocfs2: fix crash in ocfs2_duplicate_clusters_by_page()
* mm/gup_benchmark: fix unsigned comparison to zero in __gup_benchmark_ioctl
* mm/migrate.c: split only transparent huge pages when allocation fails
* x86/paravirt: Fix some warning messages
* clk: mvebu: armada-37xx-periph: Remove unused var num_parents
* libertas: call into generic suspend code before turning off power
* perf report: Don't try to map ip to invalid map
* tls: Fix improper revert in zerocopy_from_iter
* HID: i2c-hid: Remove RESEND_REPORT_DESCR quirk and its handling
* compiler.h: Allow arch-specific asm/compiler.h
* ARM: dts: imx53-qsb: disable 1.2GHz OPP
* perf python: Use -Wno-redundant-decls to build with PYTHON=python3
* perf record: Use unmapped IP for inline callchain cursors
* rxrpc: Don't check RXRPC_CALL_TX_LAST after calling rxrpc_rotate_tx_window()
* rxrpc: Carry call state out of locked section in rxrpc_rotate_tx_window()
* rxrpc: Only take the rwind and mtu values from latest ACK
* rxrpc: Fix connection-level abort handling
* net: ena: fix warning in rmmod caused by double iounmap
* net: ena: fix rare bug when failed restart/resume is followed by driver removal
* net: ena: fix NULL dereference due to untimely napi initialization
* gpio: Assign gpio_irq_chip::parents to non-stack pointer
* IB/mlx5: Unmap DMA addr from HCA before IOMMU
* rds: RDS (tcp) hangs on sendto() to unresponding address
* selftests: explicitly requires bash.
* selftests: explicitly requires bash
* Fix incomplete .text.exit discards
* Fix linker warnings about orphan .LPBX sections
* afs: Fix cell proc list
* fs/fat/fatent.c: add cond_resched() to fat_count_free_clusters()
* Revert "mm: slowly shrink slabs with a relatively small number of objects"
* Revert "netfilter: ipv6: nf_defrag: drop skb dst before queueing"
* perf tools: Disable parallelism for 'make clean'
* bridge: do not add port to router list when receives query with source
* ipv6: mcast: fix a use-after-free in inet6_mc_check
* ipv6/ndisc: Preserve IPv6 control buffer if protocol error handlers are called
* ipv6: rate-limit probes for neighbourless routes
* llc: set SOCK_RCU_FREE in llc_sap_add_socket()
* net: fec: don't dump RX FIFO register when not available
* net/ipv6: Fix index counter for unicast addresses in in6_dump_addrs
* net/mlx5e: fix csum adjustments caused by RXFCS
* net: sched: gred: pass the right attribute to gred_change_table_def()
* net: socket: fix a missing-check bug
* net: stmmac: Fix stmmac_mdio_reset() when building stmmac as modules
* net: udp: fix handling of CHECKSUM_COMPLETE packets
* r8169: fix NAPI handling under high load
* rtnetlink: Disallow FDB configuration for non-Ethernet device
* sctp: fix race on sctp_id2asoc
* tipc: fix unsafe rcu locking when accessing publication list
* udp6: fix encap return code for resubmitting
* vhost: Fix Spectre V1 vulnerability
* virtio_net: avoid using netif_tx_disable() for serializing tx routine
* ethtool: fix a privilege escalation bug
* bonding: fix length of actor system
* ip6_tunnel: Fix encapsulation layout
* openvswitch: Fix push/pop ethernet validation
* net: ipmr: fix unresolved entry dumps
* net/mlx5: Take only bit 24-26 of wqe.pftype_wq for page fault type
* net: bcmgenet: Poll internal PHY for GENETv5
* net: sched: Fix for duplicate class dump
* net/sched: cls_api: add missing validation of netlink attributes
* net/ipv6: Allow onlink routes to have a device mismatch if it is the
  default route
* sctp: fix the data size calculation in sctp_data_size
* sctp: not free the new asoc when sctp_wait_for_connect returns err
* net/mlx5: Fix memory leak when setting fpga ipsec caps
* net/smc: fix smc_buf_unuse to use the lgr pointer
* mlxsw: spectrum_switchdev: Don't ignore deletions of learned MACs
* net: bpfilter: use get_pid_task instead of pid_task
* net: drop skb on failure in ip_check_defrag()
* net: fix pskb_trim_rcsum_slow() with odd trim offset
* net/mlx5: WQ, fixes for fragmented WQ buffers API
* mlxsw: core: Fix devlink unregister flow
* sparc64: Export __node_distance.
* sparc64: Make corrupted user stacks more debuggable.
* sparc64: Make proc_id signed.
* sparc64: Set %l4 properly on trap return after handling signals.
* sparc64: Wire up compat getpeername and getsockname.
* sparc: Fix single-pcr perf event counter management.
* sparc: Fix syscall fallback bugs in VDSO.
* sparc: Throttle perf events properly.
* net: bridge: remove ipv6 zero address check in mcast queries
* Linux 4.18.17

Stefan Bader (smb) on 2018-11-07
tags: added: kernel-stable-tracking-bug
Changed in linux (Ubuntu Cosmic):
assignee: nobody → Stefan Bader (smb)
importance: Undecided → Medium
status: New → In Progress
Changed in linux (Ubuntu):
status: New → Invalid
Stefan Bader (smb) on 2018-11-07
description: updated
Changed in linux (Ubuntu Cosmic):
status: In Progress → Fix Committed
Launchpad Janitor (janitor) wrote :
Download full text (39.7 KiB)

This bug was fixed in the package linux - 4.18.0-12.13

linux (4.18.0-12.13) cosmic; urgency=medium

  * linux: 4.18.0-12.13 -proposed tracker (LP: #1802743)

  * [FEAT] Guest-dedicated Crypto Adapters (LP: #1787405)
    - s390/zcrypt: Add ZAPQ inline function.
    - s390/zcrypt: Review inline assembler constraints.
    - s390/zcrypt: Integrate ap_asm.h into include/asm/ap.h.
    - s390/zcrypt: fix ap_instructions_available() returncodes
    - KVM: s390: vsie: simulate VCPU SIE entry/exit
    - KVM: s390: introduce and use KVM_REQ_VSIE_RESTART
    - KVM: s390: refactor crypto initialization
    - s390: vfio-ap: base implementation of VFIO AP device driver
    - s390: vfio-ap: register matrix device with VFIO mdev framework
    - s390: vfio-ap: sysfs interfaces to configure adapters
    - s390: vfio-ap: sysfs interfaces to configure domains
    - s390: vfio-ap: sysfs interfaces to configure control domains
    - s390: vfio-ap: sysfs interface to view matrix mdev matrix
    - KVM: s390: interface to clear CRYCB masks
    - s390: vfio-ap: implement mediated device open callback
    - s390: vfio-ap: implement VFIO_DEVICE_GET_INFO ioctl
    - s390: vfio-ap: zeroize the AP queues
    - s390: vfio-ap: implement VFIO_DEVICE_RESET ioctl
    - KVM: s390: Clear Crypto Control Block when using vSIE
    - KVM: s390: vsie: Do the CRYCB validation first
    - KVM: s390: vsie: Make use of CRYCB FORMAT2 clear
    - KVM: s390: vsie: Allow CRYCB FORMAT-2
    - KVM: s390: vsie: allow CRYCB FORMAT-1
    - KVM: s390: vsie: allow CRYCB FORMAT-0
    - KVM: s390: vsie: allow guest FORMAT-0 CRYCB on host FORMAT-1
    - KVM: s390: vsie: allow guest FORMAT-1 CRYCB on host FORMAT-2
    - KVM: s390: vsie: allow guest FORMAT-0 CRYCB on host FORMAT-2
    - KVM: s390: device attrs to enable/disable AP interpretation
    - KVM: s390: CPU model support for AP virtualization
    - s390: doc: detailed specifications for AP virtualization
    - KVM: s390: fix locking for crypto setting error path
    - KVM: s390: Tracing APCB changes
    - s390: vfio-ap: setup APCB mask using KVM dedicated function
    - [Config:] Enable CONFIG_S390_AP_IOMMU and set CONFIG_VFIO_AP to module.

  * Bypass of mount visibility through userns + mount propagation (LP: #1789161)
    - mount: Retest MNT_LOCKED in do_umount
    - mount: Don't allow copying MNT_UNBINDABLE|MNT_LOCKED mounts

  * CVE-2018-18955: nested user namespaces with more than five extents
    incorrectly grant privileges over inode (LP: #1801924) // CVE-2018-18955
    - userns: also map extents in the reverse map to kernel IDs

  * kdump fail due to an IRQ storm (LP: #1797990)
    - SAUCE: x86/PCI: Export find_cap() to be used in early PCI code
    - SAUCE: x86/quirks: Add parameter to clear MSIs early on boot
    - SAUCE: x86/quirks: Scan all busses for early PCI quirks

  * crash in ENA driver on removing an interface (LP: #1802341)
    - SAUCE: net: ena: fix crash during ena_remove()

  * Ubuntu 18.04.1 - [s390x] Kernel panic while stressing network bonding
    (LP: #1797367)
    - s390/qeth: reduce hard-coded access to ccw channels
    - s390/qeth: sanitize strings in debug messages

  * Add checksum offload and T...

Changed in linux (Ubuntu Cosmic):
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers