Bionic update: upstream stable patchset 2019-02-08

Bug #1815234 reported by Kamal Mostafa on 2019-02-08
This bug affects 1 person
Affects Status Importance Assigned to Milestone
linux (Ubuntu)
Kamal Mostafa

Bug Description

SRU Justification

       The upstream process for stable tree updates is quite similar
       in scope to the Ubuntu SRU process, e.g., each patch has to
       demonstrably fix a bug, and each patch is vetted by upstream
       by originating either directly from a mainline/stable Linux tree or
       a minimally backported form of that patch. The following upstream
       stable patches should be included in the Ubuntu kernel:

       upstream stable patchset 2019-02-08 (ported from v4.14.60 and v4.17.12)
       from git://

fork: unconditionally clear stack on fork
spi: spi-s3c64xx: Fix system resume support
Input: elan_i2c - add ACPI ID for lenovo ideapad 330
Input: i8042 - add Lenovo LaVie Z to the i8042 reset list
Input: elan_i2c - add another ACPI ID for Lenovo Ideapad 330-15AST
kvm, mm: account shadow page tables to kmemcg
delayacct: fix crash in delayacct_blkio_end() after delayacct init failure
tracing: Fix double free of event_trigger_data
tracing: Fix possible double free in event_enable_trigger_func()
kthread, tracing: Don't expose half-written comm when creating kthreads
tracing/kprobes: Fix trace_probe flags on enable_trace_kprobe() failure
tracing: Quiet gcc warning about maybe unused link variable
arm64: fix vmemmap BUILD_BUG_ON() triggering on !vmemmap setups
mlxsw: spectrum_switchdev: Fix port_vlan refcounting
kcov: ensure irq code sees a valid area
xen/netfront: raise max number of slots in xennet_get_responses()
skip LAYOUTRETURN if layout is invalid
ALSA: emu10k1: add error handling for snd_ctl_add
ALSA: fm801: add error handling for snd_ctl_add
NFSv4.1: Fix the client behaviour on NFS4ERR_SEQ_FALSE_RETRY
nfsd: fix potential use-after-free in nfsd4_decode_getdeviceinfo
vfio: platform: Fix reset module leak in error path
vfio/mdev: Check globally for duplicate devices
vfio/type1: Fix task tracking for QEMU vCPU hotplug
kernel/hung_task.c: show all hung tasks before panic
mm: /proc/pid/pagemap: hide swap entries from unprivileged users
mm: vmalloc: avoid racy handling of debugobjects in vunmap
mm/slub.c: add __printf verification to slab_err()
rtc: ensure rtc_set_alarm fails when alarms are not supported
perf tools: Fix pmu events parsing rule
netfilter: ipset: forbid family for hash:mac sets
netfilter: ipset: List timing out entries with "timeout 1" instead of zero
irqchip/ls-scfg-msi: Map MSIs in the iommu
watchdog: da9063: Fix updating timeout value
printk: drop in_nmi check from printk_safe_flush_on_panic()
bpf, arm32: fix inconsistent naming about emit_a32_lsr_{r64,i64}
ceph: fix alignment of rasize
e1000e: Ignore TSYNCRXCTL when getting I219 clock attributes
powerpc/lib: Adjust .balign inside string functions for PPC32
powerpc/64s: Add barrier_nospec
powerpc/eeh: Fix use-after-release of EEH driver
hvc_opal: don't set tb_ticks_per_usec in udbg_init_opal_common()
powerpc/64s: Fix compiler store ordering to SLB shadow area
RDMA/mad: Convert BUG_ONs to error flows
lightnvm: pblk: warn in case of corrupted write buffer
netfilter: nf_tables: check msg_type before nft_trans_set(trans)
pnfs: Don't release the sequence slot until we've processed layoutget on open
disable loading f2fs module on PAGE_SIZE > 4KB
f2fs: fix error path of move_data_page
f2fs: fix to don't trigger writeback during recovery
f2fs: fix to wait page writeback during revoking atomic write
f2fs: Fix deadlock in shutdown ioctl
f2fs: fix to detect failure of dquot_initialize
f2fs: fix race in between GC and atomic open
block, bfq: remove wrong lock in bfq_requests_merged
usbip: usbip_detach: Fix memory, udev context and udev leak
usbip: dynamically allocate idev by nports found in sysfs
perf/x86/intel/uncore: Correct fixed counter index check in generic code
perf/x86/intel/uncore: Correct fixed counter index check for NHM
selftests/intel_pstate: Improve test, minor fixes
selftests: memfd: return Kselftest Skip code for skipped tests
selftests: intel_pstate: return Kselftest Skip code for skipped tests
PCI: Fix devm_pci_alloc_host_bridge() memory leak
iwlwifi: pcie: fix race in Rx buffer allocator
Bluetooth: hci_qca: Fix "Sleep inside atomic section" warning
Bluetooth: btusb: Add a new Realtek 8723DE ID 2ff8:b011
ASoC: dpcm: fix BE dai not hw_free and shutdown
mfd: cros_ec: Fail early if we cannot identify the EC
mwifiex: handle race during mwifiex_usb_disconnect
wlcore: sdio: check for valid platform device data before suspend
media: tw686x: Fix incorrect vb2_mem_ops GFP flags
media: videobuf2-core: don't call memop 'finish' when queueing
Btrfs: don't return ino to ino cache if inode item removal fails
Btrfs: don't BUG_ON() in btrfs_truncate_inode_items()
btrfs: add barriers to btrfs_sync_log before log_commit_wait wakeups
btrfs: qgroup: Finish rescan when hit the last leaf of extent tree
x86/microcode: Make the late update update_lock a raw lock for RT
PM / wakeup: Make s2idle_lock a RAW_SPINLOCK
PCI: Prevent sysfs disable of device while driver is attached
nvme-rdma: stop admin queue before freeing it
nvme-pci: Fix AER reset handling
ath: Add regulatory mapping for FCC3_ETSIC
ath: Add regulatory mapping for ETSI8_WORLD
ath: Add regulatory mapping for APL13_WORLD
ath: Add regulatory mapping for APL2_FCCA
ath: Add regulatory mapping for Uganda
ath: Add regulatory mapping for Tanzania
ath: Add regulatory mapping for Serbia
ath: Add regulatory mapping for Bermuda
ath: Add regulatory mapping for Bahamas
powerpc/32: Add a missing include header
powerpc/chrp/time: Make some functions static, add missing header include
powerpc/powermac: Add missing prototype for note_bootable_part()
powerpc/powermac: Mark variable x as unused
powerpc: Add __printf verification to prom_printf
spi: sh-msiof: Fix setting SIRMDR1.SYNCAC to match SITMDR1.SYNCAC
powerpc/8xx: fix invalid register expression in head_8xx.S
pinctrl: at91-pio4: add missing of_node_put
bpf: powerpc64: pad function address loads with NOPs
PCI: pciehp: Request control of native hotplug only if supported
net: dsa: qca8k: Add support for QCA8334 switch
mwifiex: correct histogram data with appropriate index
ima: based on policy verify firmware signatures (pre-allocated buffer)
drivers/perf: arm-ccn: don't log to dmesg in event_init
spi: Add missing pm_runtime_put_noidle() after failed get
fscrypt: use unbound workqueue for decryption
scsi: ufs: ufshcd: fix possible unclocked register access
scsi: ufs: fix exception event handling
scsi: zfcp: assert that the ERP lock is held when tracing a recovery trigger
drm/nouveau/fifo/gk104-: poll for runlist update completion
Bluetooth: btusb: add ID for LiteOn 04ca:301a
rtc: tps6586x: fix possible race condition
rtc: vr41xx: fix possible race condition
rtc: tps65910: fix possible race condition
ALSA: emu10k1: Rate-limit error messages about page errors
regulator: pfuze100: add .is_enable() for pfuze100_swb_regulator_ops
md/raid1: add error handling of read error from FailFast device
md: fix NULL dereference of mddev->pers in remove_and_add_spares()
ixgbevf: fix MAC address changes through ixgbevf_set_mac()
media: smiapp: fix timeout checking in smiapp_read_nvm
net: ethernet: ti: cpsw-phy-sel: check bus_find_device() ret value
ALSA: usb-audio: Apply rate limit to warning messages in URB complete callback
media: atomisp: ov2680: don't declare unused vars
arm64: cmpwait: Clear event register before arming exclusive monitor
HID: hid-plantronics: Re-resend Update to map button for PTT products
arm64: dts: renesas: salvator-common: use audio-graph-card for Sound
drm/radeon: fix mode_valid's return type
drm/amdgpu: Remove VRAM from shared bo domains.
powerpc/embedded6xx/hlwd-pic: Prevent interrupts from being handled by Starlet
HID: i2c-hid: check if device is there before really probing
EDAC, altera: Fix ARM64 build warning
ARM: dts: stih407-pinctrl: Fix complain about IRQ_TYPE_NONE usage
ARM: dts: emev2: Add missing interrupt-affinity to PMU node
ARM: dts: sh73a0: Add missing interrupt-affinity to PMU node
nvmem: properly handle returned value nvmem_reg_read
i40e: free the skb after clearing the bitlock
tty: Fix data race in tty_insert_flip_string_fixed_flag
dma-iommu: Fix compilation when !CONFIG_IOMMU_DMA
net: phy: phylink: Release link GPIO
media: rcar_jpu: Add missing clk_disable_unprepare() on error in jpu_open()
libata: Fix command retry decision
ACPI / LPSS: Only call pwm_add_table() for Bay Trail PWM if PMIC HRV is 2
media: media-device: fix ioctl function types
media: saa7164: Fix driver name in debug output
mtd: rawnand: fsl_ifc: fix FSL NAND driver to read all ONFI parameter pages
brcmfmac: Add support for bcm43364 wireless chipset
s390/cpum_sf: Add data entry sizes to sampling trailer entry
perf: fix invalid bit in diagnostic entry
bnxt_en: Check unsupported speeds in bnxt_update_link() on PF only.
scsi: 3w-9xxx: fix a missing-check bug
scsi: 3w-xxxx: fix a missing-check bug
scsi: megaraid: silence a static checker bug
scsi: qedf: Set the UNLOADING flag when removing a vport
staging: lustre: o2iblnd: fix race at kiblnd_connect_peer
staging: lustre: o2iblnd: Fix FastReg map/unmap for MLX5
thermal: exynos: fix setting rising_threshold for Exynos5433
bpf: fix references to free_bpf_prog_info() in comments
f2fs: avoid fsync() failure caused by EAGAIN in writepage()
media: siano: get rid of __le32/__le16 cast warnings
drm/atomic: Handling the case when setting old crtc for plane
ALSA: hda/ca0132: fix build failure when a local macro is defined
mmc: dw_mmc: update actual clock for mmc debugfs
mmc: pwrseq: Use kmalloc_array instead of stack VLA
dt-bindings: pinctrl: meson: add support for the Meson8m2 SoC
spi: meson-spicc: Fix error handling in meson_spicc_probe()
dt-bindings: net: meson-dwmac: new compatible name for AXG SoC
backlight: pwm_bl: Don't use GPIOF_* with gpiod_get_direction
stop_machine: Use raw spinlocks
delayacct: Use raw_spinlocks
memory: tegra: Do not handle spurious interrupts
memory: tegra: Apply interrupts mask per SoC
nvme: lightnvm: add granby support
arm64: defconfig: Enable Rockchip io-domain driver
igb: Fix queue selection on MAC filters on i210
drm/gma500: fix psb_intel_lvds_mode_valid()'s return type
ipconfig: Correctly initialise ic_nameservers
rsi: Fix 'invalid vdd' warning in mmc
rsi: fix nommu_map_sg overflow kernel panic
audit: allow not equal op for audit by executable
staging: vchiq_core: Fix missing semaphore release in error case
staging: lustre: llite: correct removexattr detection
staging: lustre: ldlm: free resource when ldlm_lock_create() fails.
serial: core: Make sure compiler barfs for 16-byte earlycon names
soc: imx: gpcv2: Do not pass static memory as platform data
microblaze: Fix simpleImage format generation
usb: hub: Don't wait for connect state at resume for powered-off ports
crypto: authencesn - don't leak pointers to authenc keys
crypto: authenc - don't leak pointers to authenc keys
media: omap3isp: fix unbalanced dma_iommu_mapping
regulator: Don't return or expect -errno from of_map_mode()
scsi: scsi_dh: replace too broad "TP9" string with the exact models
scsi: megaraid_sas: Increase timeout by 1 sec for non-RAID fastpath IOs
media: atomisp: compat32: fix __user annotations
media: si470x: fix __be16 annotations
ASoC: topology: Fix bclk and fsync inversion in set_link_hw_format()
ASoC: topology: Add missing clock gating parameter when parsing hw_configs
drm: Add DP PSR2 sink enable bit
drm/atomic-helper: Drop plane->fb references only for drm_atomic_helper_shutdown()
drm/dp/mst: Fix off-by-one typo when dump payload table
block: reset bi_iter.bi_done after splitting bio
random: mix rdrand with entropy sent in from userspace
squashfs: be more careful about metadata corruption
ext4: fix inline data updates with checksums enabled
ext4: fix check to prevent initializing reserved inodes
PCI: xgene: Remove leftover pci_scan_child_bus() call
RDMA/uverbs: Protect from attempts to create flows on unsupported QP
net: dsa: qca8k: Force CPU port to its highest bandwidth
net: dsa: qca8k: Enable RXMAC when bringing up a port
net: dsa: qca8k: Add QCA8334 binding documentation
net: dsa: qca8k: Allow overwriting CPU port setting
ipv4: remove BUG_ON() from fib_compute_spec_dst
net: fix amd-xgbe flow-control issue
net: lan78xx: fix rx handling before first packet is send
net: mdio-mux: bcm-iproc: fix wrong getter and setter pair
NET: stmmac: align DMA stuff to largest cache line length
tcp_bbr: fix bw probing to raise in-flight data for very small BDPs
xen-netfront: wait xenbus state change when load module manually
netlink: Do not subscribe to non-existent groups
netlink: Don't shift with UB on nlk->ngroups
tcp: do not force quickack when receiving out-of-order packets
tcp: add max_quickacks param to tcp_incr_quickack and tcp_enter_quickack_mode
tcp: do not aggressively quick ack after ECN events
tcp: refactor tcp_ecn_check_ce to remove sk type cast
tcp: add one more quick ack after after ECN events
mm: disallow mappings that conflict for devm_memremap_pages()
drm/i915/glk: Add Quirk for GLK NUC HDMI port issues.
mm: check for SIGKILL inside dup_mmap() loop
rxrpc: Fix terminal retransmission connection ID to include the channel
ceph: fix use-after-free in ceph_statfs()
lightnvm: proper error handling for pblk_bio_add_pages
f2fs: don't drop dentry pages after fs shutdown
selftests: filesystems: return Kselftest Skip code for skipped tests
selftests/filesystems: devpts_pts included wrong header
iwlwifi: mvm: open BA session only when sta is authorized
drm/amd/display: Do not program interrupt status on disabled crtc
soc: qcom: smem: fix qcom_smem_set_global_partition()
soc: qcom: smem: byte swap values properly
pinctrl: msm: fix gpio-hog related boot issues
net: mvpp2: Add missing VLAN tag detection
drm/nouveau: remove fence wait code from deferred client work handler
drm/nouveau/gem: lookup VMAs for buffers referenced by pushbuf ioctl
clocksource: Move inline keyword to the beginning of function declarations
media: staging: atomisp: Comment out several unused sensor resolutions
rsi: Add null check for virtual interfaces in wowlan config
ARM: dts: stih410: Fix complain about IRQ_TYPE_NONE usage
ARM: dts: imx53: Fix LDB OF graph warning
soc/tegra: pmc: Don't allocate struct tegra_powergate on stack
mlxsw: spectrum_router: Return an error for non-default FIB rules
i40e: Add advertising 10G LR mode
i40e: avoid overflow in i40e_ptp_adjfreq()
ath10k: fix kernel panic while reading tpc_stats
ASoC: fsl_ssi: Use u32 variable type when using regmap_read()
platform/x86: dell-smbios: Match on in OEM strings too
staging: ks7010: fix error handling in ks7010_upload_firmware
media: rc: mce_kbd decoder: low timeout values cause double keydowns
ath10k: search all IEs for variant before falling back
PCI/ASPM: Disable ASPM L1.2 Substate if we don't have LTR
ARM: dts: imx6qdl-wandboard: Let the codec control MCLK pinctrl
drm/amdgpu: Avoid reclaim while holding locks taken in MMU notifier
nvmet-fc: fix target sgl list on large transfers
i2c: rcar: handle RXDMA HW behaviour on Gen3
gpio: uniphier: set legitimate irq trigger type in .to_irq hook
tcp: ack immediately when a cwr packet arrives
ACPICA: AML Parser: ignore control method status in module-level code

Changed in linux (Ubuntu):
status: New → Confirmed
tags: added: kernel-stable-tracking-bug
Changed in linux (Ubuntu Bionic):
status: New → In Progress
assignee: nobody → Kamal Mostafa (kamalmostafa)
description: updated
Stefan Bader (smb) on 2019-03-01
Changed in linux (Ubuntu):
status: Confirmed → Invalid
Changed in linux (Ubuntu Bionic):
status: In Progress → Fix Committed
importance: Undecided → Medium
Launchpad Janitor (janitor) wrote :
Download full text (25.4 KiB)

This bug was fixed in the package linux - 4.15.0-47.50

linux (4.15.0-47.50) bionic; urgency=medium

  * linux: 4.15.0-47.50 -proposed tracker (LP: #1819716)

  * Packaging resync (LP: #1786013)
    - [Packaging] resync getabis
    - [Packaging] update helper scripts
    - [Packaging] resync retpoline extraction

  * C++ demangling support missing from perf (LP: #1396654)
    - [Packaging] fix a mistype

  * arm-smmu-v3 CMD_SYNC timeout (LP: #1818162)
    - iommu/arm-smmu-v3: Fix unexpected CMD_SYNC timeout

  * Crash in nvme_irq_check() when using threaded interrupts (LP: #1818747)
    - nvme-pci: fix out of bounds access in nvme_cqe_pending

  * CVE-2019-9213
    - mm: enforce min addr even if capable() in expand_downwards()

  * CVE-2019-3460
    - Bluetooth: Check L2CAP option sizes returned from l2cap_get_conf_opt

  * amdgpu with mst WARNING on blanking (LP: #1814308)
    - drm/amd/display: Don't use dc_link in link_encoder
    - drm/amd/display: Move wait for hpd ready out from edp power control.
    - drm/amd/display: eDP sequence BL off first then DP blank.
    - drm/amd/display: Fix unused variable compilation error
    - drm/amd/display: Fix warning about misaligned code
    - drm/amd/display: Fix MST dp_blank REG_WAIT timeout

  * tun/tap: unable to manage carrier state from userland (LP: #1806392)
    - tun: implement carrier change

  * CVE-2019-8980
    - exec: Fix mem leak in kernel_read_file

  * raw_skew in timer from the ubuntu_kernel_selftests failed on Bionic
    (LP: #1811194)
    - selftest: timers: Tweak raw_skew to SKIP when ADJ_OFFSET/other clock
      adjustments are in progress

  * [Packaging] Allow overlay of config annotations (LP: #1752072)
    - [Packaging] config-check: Add an include directive

  * CVE-2019-7308
    - bpf: move {prev_,}insn_idx into verifier env
    - bpf: move tmp variable into ax register in interpreter
    - bpf: enable access to ax register also from verifier rewrite
    - bpf: restrict map value pointer arithmetic for unprivileged
    - bpf: restrict stack pointer arithmetic for unprivileged
    - bpf: restrict unknown scalars of mixed signed bounds for unprivileged
    - bpf: fix check_map_access smin_value test when pointer contains offset
    - bpf: prevent out of bounds speculation on pointer arithmetic
    - bpf: fix sanitation of alu op with pointer / scalar type from different
    - bpf: add various test cases to selftests

  * CVE-2017-5753
    - bpf: properly enforce index mask to prevent out-of-bounds speculation
    - bpf: fix inner map masking to prevent oob under speculation

  * BPF: kernel pointer leak to unprivileged userspace (LP: #1815259)
    - bpf/verifier: disallow pointer subtraction

  * squashfs hardening (LP: #1816756)
    - squashfs: more metadata hardening
    - squashfs metadata 2: electric boogaloo
    - squashfs: more metadata hardening
    - Squashfs: Compute expected length from inode size rather than block length

  * efi/arm/arm64: Allow SetVirtualAddressMap() to be omitted (LP: #1814982)
    - efi/arm/arm64: Allow SetVirtualAddressMap() to be omitted

  * Update ENA driver to version 2.0.3K (LP: #1816806)...

Changed in linux (Ubuntu Bionic):
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers