Bug #1818162 “arm-smmu-v3 arm-smmu-v3.3.auto: CMD_SYNC timeout” : Bugs : linux package : Ubuntu

dann frazier (dannf) on 2019-03-05

Changed in linux (Ubuntu Bionic):
status:	New → In Progress
Changed in linux (Ubuntu Cosmic):
status:	New → In Progress
description:	updated
Changed in linux (Ubuntu Bionic):
assignee:	nobody → dann frazier (dannf)
Changed in linux (Ubuntu Cosmic):
assignee:	nobody → dann frazier (dannf)
Changed in linux (Ubuntu):
status:	Confirmed → Fix Committed
assignee:	dann frazier (dannf) → nobody

Khaled El Mously (kmously) on 2019-03-12

Changed in linux (Ubuntu Bionic):
status:	In Progress → Fix Committed
Changed in linux (Ubuntu Cosmic):
status:	In Progress → Fix Committed

Revision history for this message

Brad Figg (brad-figg) wrote on 2019-03-15:

#1

This bug is awaiting verification that the kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-cosmic' to 'verification-done-cosmic'. If the problem still exists, change the tag 'verification-needed-cosmic' to 'verification-failed-cosmic'.

If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you!

tags:

added: verification-needed-cosmic

Revision history for this message

Brad Figg (brad-figg) wrote on 2019-03-15:

#2

This bug is awaiting verification that the kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-bionic' to 'verification-done-bionic'. If the problem still exists, change the tag 'verification-needed-bionic' to 'verification-failed-bionic'.

If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you!

tags:

added: verification-needed-bionic

Revision history for this message

dann frazier (dannf) wrote on 2019-03-19:

#3

= bionic verification =
After running cert:

ubuntu@d06-4:~$ cat /proc/version
Linux version 4.15.0-47-generic (buildd@bos02-arm64-022) (gcc version 7.3.0 (Ubuntu/Linaro 7.3.0-16ubuntu3)) #50-Ubuntu SMP Wed Mar 13 10:42:02 UTC 2019
ubuntu@d06-4:~$ dmesg | grep CMD_SYNC
ubuntu@d06-4:~$

tags:

added: verification-done-bionic
removed: verification-needed-bionic

Revision history for this message

dann frazier (dannf) wrote on 2019-03-20:

#4

= cosmic verification =
After running cert:

ubuntu@d06-4:~$ cat /proc/version
Linux version 4.18.0-17-generic (buildd@bos02-arm64-075) (gcc version 7.3.0 (Ubuntu/Linaro 7.3.0-16ubuntu3)) #18~18.04.1-Ubuntu SMP Fri Mar 15 15:27:57 UTC 2019
ubuntu@d06-4:~$ dmesg | grep CMD_SYNC

tags:

added: verification-done-cosmic
removed: verification-needed-cosmic

Revision history for this message

Launchpad Janitor (janitor) wrote on 2019-04-02:

#5

Download full text (25.4 KiB)

This bug was fixed in the package linux - 4.15.0-47.50

---------------
linux (4.15.0-47.50) bionic; urgency=medium

* linux: 4.15.0-47.50 -proposed tracker (LP: #1819716)

  * Packaging resync (LP: #1786013)
    - [Packaging] resync getabis
    - [Packaging] update helper scripts
    - [Packaging] resync retpoline extraction

* C++ demangling support missing from perf (LP: #1396654)
- [Packaging] fix a mistype

* arm-smmu-v3 arm-smmu-v3.3.auto: CMD_SYNC timeout (LP: #1818162)
- iommu/arm-smmu-v3: Fix unexpected CMD_SYNC timeout

* Crash in nvme_irq_check() when using threaded interrupts (LP: #1818747)
- nvme-pci: fix out of bounds access in nvme_cqe_pending

* CVE-2019-9213
- mm: enforce min addr even if capable() in expand_downwards()

* CVE-2019-3460
- Bluetooth: Check L2CAP option sizes returned from l2cap_get_conf_opt

  * amdgpu with mst WARNING on blanking (LP: #1814308)
    - drm/amd/display: Don't use dc_link in link_encoder
    - drm/amd/display: Move wait for hpd ready out from edp power control.
    - drm/amd/display: eDP sequence BL off first then DP blank.
    - drm/amd/display: Fix unused variable compilation error
    - drm/amd/display: Fix warning about misaligned code
    - drm/amd/display: Fix MST dp_blank REG_WAIT timeout

* tun/tap: unable to manage carrier state from userland (LP: #1806392)
- tun: implement carrier change

* CVE-2019-8980
- exec: Fix mem leak in kernel_read_file

  * raw_skew in timer from the ubuntu_kernel_selftests failed on Bionic
    (LP: #1811194)
    - selftest: timers: Tweak raw_skew to SKIP when ADJ_OFFSET/other clock
      adjustments are in progress

* [Packaging] Allow overlay of config annotations (LP: #1752072)
- [Packaging] config-check: Add an include directive

  * CVE-2019-7308
    - bpf: move {prev_,}insn_idx into verifier env
    - bpf: move tmp variable into ax register in interpreter
    - bpf: enable access to ax register also from verifier rewrite
    - bpf: restrict map value pointer arithmetic for unprivileged
    - bpf: restrict stack pointer arithmetic for unprivileged
    - bpf: restrict unknown scalars of mixed signed bounds for unprivileged
    - bpf: fix check_map_access smin_value test when pointer contains offset
    - bpf: prevent out of bounds speculation on pointer arithmetic
    - bpf: fix sanitation of alu op with pointer / scalar type from different
      paths
    - bpf: add various test cases to selftests

  * CVE-2017-5753
    - bpf: properly enforce index mask to prevent out-of-bounds speculation
    - bpf: fix inner map masking to prevent oob under speculation

* BPF: kernel pointer leak to unprivileged userspace (LP: #1815259)
- bpf/verifier: disallow pointer subtraction

  * squashfs hardening (LP: #1816756)
    - squashfs: more metadata hardening
    - squashfs metadata 2: electric boogaloo
    - squashfs: more metadata hardening
    - Squashfs: Compute expected length from inode size rather than block length

* efi/arm/arm64: Allow SetVirtualAddressMap() to be omitted (LP: #1814982)
- efi/arm/arm64: Allow SetVirtualAddressMap() to be omitted

* Update ENA driver to version 2.0.3K (LP: #1816806)...

This bug was fixed in the package linux - 4.15.0-47.50

---------------
linux (4.15.0-47.50) bionic; urgency=medium

* linux: 4.15.0-47.50 -proposed tracker (LP: #1819716)

* Packaging resync (LP: #1786013)
    - [Packaging] resync getabis
    - [Packaging] update helper scripts
    - [Packaging] resync retpoline extraction

* C++ demangling support missing from perf (LP: #1396654)
    - [Packaging] fix a mistype

* arm-smmu-v3 arm-smmu-v3.3.auto: CMD_SYNC timeout (LP: #1818162)
    - iommu/arm-smmu-v3: Fix unexpected CMD_SYNC timeout

* Crash in nvme_irq_check() when using threaded interrupts (LP: #1818747)
    - nvme-pci: fix out of bounds access in nvme_cqe_pending

* CVE-2019-9213
    - mm: enforce min addr even if capable() in expand_downwards()

* CVE-2019-3460
    - Bluetooth: Check L2CAP option sizes returned from l2cap_get_conf_opt

* amdgpu with mst WARNING on blanking (LP: #1814308)
    - drm/amd/display: Don't use dc_link in link_encoder
    - drm/amd/display: Move wait for hpd ready out from edp power control.
    - drm/amd/display: eDP sequence BL off first then DP blank.
    - drm/amd/display: Fix unused variable compilation error
    - drm/amd/display: Fix warning about misaligned code
    - drm/amd/display: Fix MST dp_blank REG_WAIT timeout

* tun/tap: unable to manage carrier state from userland (LP: #1806392)
    - tun: implement carrier change

* CVE-2019-8980
    - exec: Fix mem leak in kernel_read_file

* raw_skew in timer from the ubuntu_kernel_selftests failed on Bionic
    (LP: #1811194)
    - selftest: timers: Tweak raw_skew to SKIP when ADJ_OFFSET/other clock
      adjustments are in progress

* [Packaging] Allow overlay of config annotations (LP: #1752072)
    - [Packaging] config-check: Add an include directive

* CVE-2019-7308
    - bpf: move {prev_,}insn_idx into verifier env
    - bpf: move tmp variable into ax register in interpreter
    - bpf: enable access to ax register also from verifier rewrite
    - bpf: restrict map value pointer arithmetic for unprivileged
    - bpf: restrict stack pointer arithmetic for unprivileged
    - bpf: restrict unknown scalars of mixed signed bounds for unprivileged
    - bpf: fix check_map_access smin_value test when pointer contains offset
    - bpf: prevent out of bounds speculation on pointer arithmetic
    - bpf: fix sanitation of alu op with pointer / scalar type from different
      paths
    - bpf: add various test cases to selftests

* CVE-2017-5753
    - bpf: properly enforce index mask to prevent out-of-bounds speculation
    - bpf: fix inner map masking to prevent oob under speculation

* BPF: kernel pointer leak to unprivileged userspace (LP: #1815259)
    - bpf/verifier: disallow pointer subtraction

* squashfs hardening (LP: #1816756)
    - squashfs: more metadata hardening
    - squashfs metadata 2: electric boogaloo
    - squashfs: more metadata hardening
    - Squashfs: Compute expected length from inode size rather than block length

* efi/arm/arm64: Allow SetVirtualAddressMap() to be omitted (LP: #1814982)
    - efi/arm/arm64: Allow SetVirtualAddressMap() to be omitted

* Update ENA driver to version 2.0.3K (LP: #1816806)
    - net: ena: update driver version from 2.0.2 to 2.0.3
    - net: ena: fix race between link up and device initalization
    - net: ena: fix crash during failed resume from hibernation

* ipset kernel error: 4.15.0-43-generic (LP: #1811394)
    - netfilter: ipset: Fix wraparound in hash:*net* types

* Silent "Unknown key" message when pressing keyboard backlight hotkey
    (LP: #1817063)
    - platform/x86: dell-wmi: Ignore new keyboard backlight change event

* CVE-2018-18021
    - arm64: KVM: Tighten guest core register access from userspace
    - KVM: arm/arm64: Introduce vcpu_el1_is_32bit
    - arm64: KVM: Sanitize PSTATE.M when being set from userspace

* CVE-2018-14678
    - x86/entry/64: Remove %ebx handling from error_entry/exit

* CVE-2018-19824
    - ALSA: usb-audio: Fix UAF decrement if card has no live interfaces in card.c

* CVE-2019-3459
    - Bluetooth: Verify that l2cap_get_conf_opt provides large enough buffer

* Bionic update: upstream stable patchset 2019-02-08 (LP: #1815234)
    - fork: unconditionally clear stack on fork
    - spi: spi-s3c64xx: Fix system resume support
    - Input: elan_i2c - add ACPI ID for lenovo ideapad 330
    - Input: i8042 - add Lenovo LaVie Z to the i8042 reset list
    - Input: elan_i2c - add another ACPI ID for Lenovo Ideapad 330-15AST
    - kvm, mm: account shadow page tables to kmemcg
    - delayacct: fix crash in delayacct_blkio_end() after delayacct init failure
    - tracing: Fix double free of event_trigger_data
    - tracing: Fix possible double free in event_enable_trigger_func()
    - kthread, tracing: Don't expose half-written comm when creating kthreads
    - tracing/kprobes: Fix trace_probe flags on enable_trace_kprobe() failure
    - tracing: Quiet gcc warning about maybe unused link variable
    - arm64: fix vmemmap BUILD_BUG_ON() triggering on !vmemmap setups
    - mlxsw: spectrum_switchdev: Fix port_vlan refcounting
    - kcov: ensure irq code sees a valid area
    - xen/netfront: raise max number of slots in xennet_get_responses()
    - skip LAYOUTRETURN if layout is invalid
    - ALSA: emu10k1: add error handling for snd_ctl_add
    - ALSA: fm801: add error handling for snd_ctl_add
    - NFSv4.1: Fix the client behaviour on NFS4ERR_SEQ_FALSE_RETRY
    - nfsd: fix potential use-after-free in nfsd4_decode_getdeviceinfo
    - vfio: platform: Fix reset module leak in error path
    - vfio/mdev: Check globally for duplicate devices
    - vfio/type1: Fix task tracking for QEMU vCPU hotplug
    - kernel/hung_task.c: show all hung tasks before panic
    - mm: /proc/pid/pagemap: hide swap entries from unprivileged users
    - mm: vmalloc: avoid racy handling of debugobjects in vunmap
    - mm/slub.c: add __printf verification to slab_err()
    - rtc: ensure rtc_set_alarm fails when alarms are not supported
    - perf tools: Fix pmu events parsing rule
    - netfilter: ipset: forbid family for hash:mac sets
    - netfilter: ipset: List timing out entries with "timeout 1" instead of zero
    - irqchip/ls-scfg-msi: Map MSIs in the iommu
    - watchdog: da9063: Fix updating timeout value
    - printk: drop in_nmi check from printk_safe_flush_on_panic()
    - bpf, arm32: fix inconsistent naming about emit_a32_lsr_{r64,i64}
    - ceph: fix alignment of rasize
    - e1000e: Ignore TSYNCRXCTL when getting I219 clock attributes
    - powerpc/lib: Adjust .balign inside string functions for PPC32
    - powerpc/64s: Add barrier_nospec
    - powerpc/eeh: Fix use-after-release of EEH driver
    - hvc_opal: don't set tb_ticks_per_usec in udbg_init_opal_common()
    - powerpc/64s: Fix compiler store ordering to SLB shadow area
    - RDMA/mad: Convert BUG_ONs to error flows
    - lightnvm: pblk: warn in case of corrupted write buffer
    - netfilter: nf_tables: check msg_type before nft_trans_set(trans)
    - pnfs: Don't release the sequence slot until we've processed layoutget on
      open
    - disable loading f2fs module on PAGE_SIZE > 4KB
    - f2fs: fix error path of move_data_page
    - f2fs: fix to don't trigger writeback during recovery
    - f2fs: fix to wait page writeback during revoking atomic write
    - f2fs: Fix deadlock in shutdown ioctl
    - f2fs: fix to detect failure of dquot_initialize
    - f2fs: fix race in between GC and atomic open
    - block, bfq: remove wrong lock in bfq_requests_merged
    - usbip: usbip_detach: Fix memory, udev context and udev leak
    - usbip: dynamically allocate idev by nports found in sysfs
    - perf/x86/intel/uncore: Correct fixed counter index check in generic code
    - perf/x86/intel/uncore: Correct fixed counter index check for NHM
    - selftests/intel_pstate: Improve test, minor fixes
    - selftests: memfd: return Kselftest Skip code for skipped tests
    - selftests: intel_pstate: return Kselftest Skip code for skipped tests
    - PCI: Fix devm_pci_alloc_host_bridge() memory leak
    - iwlwifi: pcie: fix race in Rx buffer allocator
    - Bluetooth: hci_qca: Fix "Sleep inside atomic section" warning
    - Bluetooth: btusb: Add a new Realtek 8723DE ID 2ff8:b011
    - ASoC: dpcm: fix BE dai not hw_free and shutdown
    - mfd: cros_ec: Fail early if we cannot identify the EC
    - mwifiex: handle race during mwifiex_usb_disconnect
    - wlcore: sdio: check for valid platform device data before suspend
    - media: tw686x: Fix incorrect vb2_mem_ops GFP flags
    - media: videobuf2-core: don't call memop 'finish' when queueing
    - Btrfs: don't return ino to ino cache if inode item removal fails
    - Btrfs: don't BUG_ON() in btrfs_truncate_inode_items()
    - btrfs: add barriers to btrfs_sync_log before log_commit_wait wakeups
    - btrfs: qgroup: Finish rescan when hit the last leaf of extent tree
    - x86/microcode: Make the late update update_lock a raw lock for RT
    - PM / wakeup: Make s2idle_lock a RAW_SPINLOCK
    - PCI: Prevent sysfs disable of device while driver is attached
    - nvme-rdma: stop admin queue before freeing it
    - nvme-pci: Fix AER reset handling
    - ath: Add regulatory mapping for FCC3_ETSIC
    - ath: Add regulatory mapping for ETSI8_WORLD
    - ath: Add regulatory mapping for APL13_WORLD
    - ath: Add regulatory mapping for APL2_FCCA
    - ath: Add regulatory mapping for Uganda
    - ath: Add regulatory mapping for Tanzania
    - ath: Add regulatory mapping for Serbia
    - ath: Add regulatory mapping for Bermuda
    - ath: Add regulatory mapping for Bahamas
    - powerpc/32: Add a missing include header
    - powerpc/chrp/time: Make some functions static, add missing header include
    - powerpc/powermac: Add missing prototype for note_bootable_part()
    - powerpc/powermac: Mark variable x as unused
    - powerpc: Add __printf verification to prom_printf
    - spi: sh-msiof: Fix setting SIRMDR1.SYNCAC to match SITMDR1.SYNCAC
    - powerpc/8xx: fix invalid register expression in head_8xx.S
    - pinctrl: at91-pio4: add missing of_node_put
    - bpf: powerpc64: pad function address loads with NOPs
    - PCI: pciehp: Request control of native hotplug only if supported
    - net: dsa: qca8k: Add support for QCA8334 switch
    - mwifiex: correct histogram data with appropriate index
    - ima: based on policy verify firmware signatures (pre-allocated buffer)
    - drivers/perf: arm-ccn: don't log to dmesg in event_init
    - spi: Add missing pm_runtime_put_noidle() after failed get
    - fscrypt: use unbound workqueue for decryption
    - scsi: ufs: ufshcd: fix possible unclocked register access
    - scsi: ufs: fix exception event handling
    - scsi: zfcp: assert that the ERP lock is held when tracing a recovery trigger
    - drm/nouveau/fifo/gk104-: poll for runlist update completion
    - Bluetooth: btusb: add ID for LiteOn 04ca:301a
    - rtc: tps6586x: fix possible race condition
    - rtc: vr41xx: fix possible race condition
    - rtc: tps65910: fix possible race condition
    - ALSA: emu10k1: Rate-limit error messages about page errors
    - regulator: pfuze100: add .is_enable() for pfuze100_swb_regulator_ops
    - md/raid1: add error handling of read error from FailFast device
    - md: fix NULL dereference of mddev->pers in remove_and_add_spares()
    - ixgbevf: fix MAC address changes through ixgbevf_set_mac()
    - media: smiapp: fix timeout checking in smiapp_read_nvm
    - net: ethernet: ti: cpsw-phy-sel: check bus_find_device() ret value
    - ALSA: usb-audio: Apply rate limit to warning messages in URB complete
      callback
    - media: atomisp: ov2680: don't declare unused vars
    - arm64: cmpwait: Clear event register before arming exclusive monitor
    - HID: hid-plantronics: Re-resend Update to map button for PTT products
    - arm64: dts: renesas: salvator-common: use audio-graph-card for Sound
    - drm/radeon: fix mode_valid's return type
    - drm/amdgpu: Remove VRAM from shared bo domains.
    - powerpc/embedded6xx/hlwd-pic: Prevent interrupts from being handled by
      Starlet
    - HID: i2c-hid: check if device is there before really probing
    - EDAC, altera: Fix ARM64 build warning
    - ARM: dts: stih407-pinctrl: Fix complain about IRQ_TYPE_NONE usage
    - ARM: dts: emev2: Add missing interrupt-affinity to PMU node
    - ARM: dts: sh73a0: Add missing interrupt-affinity to PMU node
    - nvmem: properly handle returned value nvmem_reg_read
    - i40e: free the skb after clearing the bitlock
    - tty: Fix data race in tty_insert_flip_string_fixed_flag
    - dma-iommu: Fix compilation when !CONFIG_IOMMU_DMA
    - net: phy: phylink: Release link GPIO
    - media: rcar_jpu: Add missing clk_disable_unprepare() on error in jpu_open()
    - libata: Fix command retry decision
    - ACPI / LPSS: Only call pwm_add_table() for Bay Trail PWM if PMIC HRV is 2
    - media: media-device: fix ioctl function types
    - media: saa7164: Fix driver name in debug output
    - mtd: rawnand: fsl_ifc: fix FSL NAND driver to read all ONFI parameter pages
    - brcmfmac: Add support for bcm43364 wireless chipset
    - s390/cpum_sf: Add data entry sizes to sampling trailer entry
    - perf: fix invalid bit in diagnostic entry
    - bnxt_en: Check unsupported speeds in bnxt_update_link() on PF only.
    - scsi: 3w-9xxx: fix a missing-check bug
    - scsi: 3w-xxxx: fix a missing-check bug
    - scsi: megaraid: silence a static checker bug
    - scsi: qedf: Set the UNLOADING flag when removing a vport
    - staging: lustre: o2iblnd: fix race at kiblnd_connect_peer
    - staging: lustre: o2iblnd: Fix FastReg map/unmap for MLX5
    - thermal: exynos: fix setting rising_threshold for Exynos5433
    - bpf: fix references to free_bpf_prog_info() in comments
    - f2fs: avoid fsync() failure caused by EAGAIN in writepage()
    - media: siano: get rid of __le32/__le16 cast warnings
    - drm/atomic: Handling the case when setting old crtc for plane
    - ALSA: hda/ca0132: fix build failure when a local macro is defined
    - mmc: dw_mmc: update actual clock for mmc debugfs
    - mmc: pwrseq: Use kmalloc_array instead of stack VLA
    - dt-bindings: pinctrl: meson: add support for the Meson8m2 SoC
    - spi: meson-spicc: Fix error handling in meson_spicc_probe()
    - dt-bindings: net: meson-dwmac: new compatible name for AXG SoC
    - backlight: pwm_bl: Don't use GPIOF_* with gpiod_get_direction
    - stop_machine: Use raw spinlocks
    - delayacct: Use raw_spinlocks
    - memory: tegra: Do not handle spurious interrupts
    - memory: tegra: Apply interrupts mask per SoC
    - nvme: lightnvm: add granby support
    - arm64: defconfig: Enable Rockchip io-domain driver
    - igb: Fix queue selection on MAC filters on i210
    - drm/gma500: fix psb_intel_lvds_mode_valid()'s return type
    - ipconfig: Correctly initialise ic_nameservers
    - rsi: Fix 'invalid vdd' warning in mmc
    - rsi: fix nommu_map_sg overflow kernel panic
    - audit: allow not equal op for audit by executable
    - staging: vchiq_core: Fix missing semaphore release in error case
    - staging: lustre: llite: correct removexattr detection
    - staging: lustre: ldlm: free resource when ldlm_lock_create() fails.
    - serial: core: Make sure compiler barfs for 16-byte earlycon names
    - soc: imx: gpcv2: Do not pass static memory as platform data
    - microblaze: Fix simpleImage format generation
    - usb: hub: Don't wait for connect state at resume for powered-off ports
    - crypto: authencesn - don't leak pointers to authenc keys
    - crypto: authenc - don't leak pointers to authenc keys
    - media: omap3isp: fix unbalanced dma_iommu_mapping
    - regulator: Don't return or expect -errno from of_map_mode()
    - scsi: scsi_dh: replace too broad "TP9" string with the exact models
    - scsi: megaraid_sas: Increase timeout by 1 sec for non-RAID fastpath IOs
    - media: atomisp: compat32: fix __user annotations
    - media: si470x: fix __be16 annotations
    - ASoC: topology: Fix bclk and fsync inversion in set_link_hw_format()
    - ASoC: topology: Add missing clock gating parameter when parsing hw_configs
    - drm: Add DP PSR2 sink enable bit
    - drm/atomic-helper: Drop plane->fb references only for
      drm_atomic_helper_shutdown()
    - drm/dp/mst: Fix off-by-one typo when dump payload table
    - block: reset bi_iter.bi_done after splitting bio
    - random: mix rdrand with entropy sent in from userspace
    - squashfs: be more careful about metadata corruption
    - ext4: fix inline data updates with checksums enabled
    - ext4: fix check to prevent initializing reserved inodes
    - PCI: xgene: Remove leftover pci_scan_child_bus() call
    - RDMA/uverbs: Protect from attempts to create flows on unsupported QP
    - net: dsa: qca8k: Force CPU port to its highest bandwidth
    - net: dsa: qca8k: Enable RXMAC when bringing up a port
    - net: dsa: qca8k: Add QCA8334 binding documentation
    - net: dsa: qca8k: Allow overwriting CPU port setting
    - ipv4: remove BUG_ON() from fib_compute_spec_dst
    - net: fix amd-xgbe flow-control issue
    - net: lan78xx: fix rx handling before first packet is send
    - net: mdio-mux: bcm-iproc: fix wrong getter and setter pair
    - NET: stmmac: align DMA stuff to largest cache line length
    - tcp_bbr: fix bw probing to raise in-flight data for very small BDPs
    - xen-netfront: wait xenbus state change when load module manually
    - netlink: Do not subscribe to non-existent groups
    - netlink: Don't shift with UB on nlk->ngroups
    - tcp: do not force quickack when receiving out-of-order packets
    - tcp: add max_quickacks param to tcp_incr_quickack and
      tcp_enter_quickack_mode
    - tcp: do not aggressively quick ack after ECN events
    - tcp: refactor tcp_ecn_check_ce to remove sk type cast
    - tcp: add one more quick ack after after ECN events
    - mm: disallow mappings that conflict for devm_memremap_pages()
    - drm/i915/glk: Add Quirk for GLK NUC HDMI port issues.
    - mm: check for SIGKILL inside dup_mmap() loop
    - rxrpc: Fix terminal retransmission connection ID to include the channel
    - ceph: fix use-after-free in ceph_statfs()
    - lightnvm: proper error handling for pblk_bio_add_pages
    - f2fs: don't drop dentry pages after fs shutdown
    - selftests: filesystems: return Kselftest Skip code for skipped tests
    - selftests/filesystems: devpts_pts included wrong header
    - iwlwifi: mvm: open BA session only when sta is authorized
    - drm/amd/display: Do not program interrupt status on disabled crtc
    - soc: qcom: smem: fix qcom_smem_set_global_partition()
    - soc: qcom: smem: byte swap values properly
    - pinctrl: msm: fix gpio-hog related boot issues
    - net: mvpp2: Add missing VLAN tag detection
    - drm/nouveau: remove fence wait code from deferred client work handler
    - drm/nouveau/gem: lookup VMAs for buffers referenced by pushbuf ioctl
    - clocksource: Move inline keyword to the beginning of function declarations
    - media: staging: atomisp: Comment out several unused sensor resolutions
    - IB: Fix RDMA_RXE and INFINIBAND_RDMAVT dependencies for DMA_VIRT_OPS
    - rsi: Add null check for virtual interfaces in wowlan config
    - ARM: dts: stih410: Fix complain about IRQ_TYPE_NONE usage
    - ARM: dts: imx53: Fix LDB OF graph warning
    - soc/tegra: pmc: Don't allocate struct tegra_powergate on stack
    - mlxsw: spectrum_router: Return an error for non-default FIB rules
    - i40e: Add advertising 10G LR mode
    - i40e: avoid overflow in i40e_ptp_adjfreq()
    - ath10k: fix kernel panic while reading tpc_stats
    - ASoC: fsl_ssi: Use u32 variable type when using regmap_read()
    - platform/x86: dell-smbios: Match on www.dell.com in OEM strings too
    - staging: ks7010: fix error handling in ks7010_upload_firmware
    - media: rc: mce_kbd decoder: low timeout values cause double keydowns
    - ath10k: search all IEs for variant before falling back
    - PCI/ASPM: Disable ASPM L1.2 Substate if we don't have LTR
    - ARM: dts: imx6qdl-wandboard: Let the codec control MCLK pinctrl
    - drm/amdgpu: Avoid reclaim while holding locks taken in MMU notifier
    - nvmet-fc: fix target sgl list on large transfers
    - i2c: rcar: handle RXDMA HW behaviour on Gen3
    - gpio: uniphier: set legitimate irq trigger type in .to_irq hook
    - tcp: ack immediately when a cwr packet arrives
    - ACPICA: AML Parser: ignore control method status in module-level code

* Bionic update: upstream stable patchset 2019-02-05 (LP: #1814813)
    - MIPS: ath79: fix register address in ath79_ddr_wb_flush()
    - MIPS: Fix off-by-one in pci_resource_to_user()
    - xen/PVH: Set up GS segment for stack canary
    - drm/nouveau/drm/nouveau: Fix runtime PM leak in nv50_disp_atomic_commit()
    - drm/nouveau: Set DRIVER_ATOMIC cap earlier to fix debugfs
    - bonding: set default miimon value for non-arp modes if not set
    - ip: hash fragments consistently
    - ip: in cmsg IP(V6)_ORIGDSTADDR call pskb_may_pull
    - net/mlx4_core: Save the qpn from the input modifier in RST2INIT wrapper
    - net: skb_segment() should not return NULL
    - net/mlx5: Adjust clock overflow work period
    - net/mlx5e: Don't allow aRFS for encapsulated packets
    - net/mlx5e: Fix quota counting in aRFS expire flow
    - net/ipv6: Fix linklocal to global address with VRF
    - multicast: do not restore deleted record source filter mode to new one
    - net: phy: consider PHY_IGNORE_INTERRUPT in phy_start_aneg_priv
    - sock: fix sg page frag coalescing in sk_alloc_sg
    - rtnetlink: add rtnl_link_state check in rtnl_configure_link
    - vxlan: add new fdb alloc and create helpers
    - vxlan: make netlink notify in vxlan_fdb_destroy optional
    - vxlan: fix default fdb entry netlink notify ordering during netdev create
    - tcp: fix dctcp delayed ACK schedule
    - tcp: helpers to send special DCTCP ack
    - tcp: do not cancel delay-AcK on DCTCP special ACK
    - tcp: do not delay ACK in DCTCP upon CE status change
    - staging: speakup: fix wraparound in uaccess length check
    - usb: cdc_acm: Add quirk for Castles VEGA3000
    - usb: core: handle hub C_PORT_OVER_CURRENT condition
    - usb: dwc2: Fix DMA alignment to start at allocated boundary
    - usb: gadget: f_fs: Only return delayed status when len is 0
    - driver core: Partially revert "driver core: correct device's shutdown order"
    - can: xilinx_can: fix RX loop if RXNEMP is asserted without RXOK
    - can: xilinx_can: fix power management handling
    - can: xilinx_can: fix recovery from error states not being propagated
    - can: xilinx_can: fix device dropping off bus on RX overrun
    - can: xilinx_can: keep only 1-2 frames in TX FIFO to fix TX accounting
    - can: xilinx_can: fix incorrect clear of non-processed interrupts
    - can: xilinx_can: fix RX overflow interrupt not being enabled
    - can: peak_canfd: fix firmware < v3.3.0: limit allocation to 32-bit DMA addr
      only
    - can: m_can.c: fix setup of CCCR register: clear CCCR NISO bit before
      checking can.ctrlmode
    - turn off -Wattribute-alias
    - net-next/hinic: fix a problem in hinic_xmit_frame()
    - net/mlx5e: Refine ets validation function
    - nfp: flower: ensure dead neighbour entries are not offloaded
    - usb: gadget: Fix OS descriptors support
    - ACPICA: AML Parser: ignore dispatcher error status during table load

* installer does not support iSCSI iBFT (LP: #1817321)
    - d-i: add iscsi_ibft to scsi-modules

* CVE-2019-7222
    - KVM: x86: work around leak of uninitialized stack contents (CVE-2019-7222)

* CVE-2019-7221
    - KVM: nVMX: unconditionally cancel preemption timer in free_nested
      (CVE-2019-7221)

* CVE-2019-6974
    - kvm: fix kvm_ioctl_create_device() reference counting (CVE-2019-6974)

* Regular D-state processes impacting LXD containers (LP: #1817628)
    - mm: do not stall register_shrinker()

* hns3 nic speed may not match optical port speed (LP: #1817969)
    - net: hns3: Config NIC port speed same as that of optical module

* [Hyper-V] srcu: Lock srcu_data structure in srcu_gp_start() (LP: #1802021)
    - srcu: Prohibit call_srcu() use under raw spinlocks
    - srcu: Lock srcu_data structure in srcu_gp_start()

* libsas disks can have non-unique by-path names (LP: #1817784)
    - scsi: libsas: Fix rphy phy_identifier for PHYs with end devices attached

* Bluetooth not working (Intel CyclonePeak) (LP: #1817518)
    - Bluetooth: btusb: Add support for Intel bluetooth device 8087:0029

* CVE-2019-8912
    - net: crypto set sk to NULL when af_alg_release.
    - net: socket: set sock->sk to NULL after calling proto_ops::release()

* Trackpad is not recognized. (LP: #1817200)
    - pinctrl: cannonlake: Fix gpio base for GPP-E

* [ALSA] [PATCH] System76 darp5 and oryp5 fixups (LP: #1815831)
    - ALSA: hda/realtek - Headset microphone support for System76 darp5
    - ALSA: hda/realtek - Headset microphone and internal speaker support for
      System76 oryp5

* Constant noise in the headphone on Lenovo X1 machines (LP: #1817263)
    - ALSA: hda/realtek: Disable PC beep in passthrough on alc285

* AC adapter status not detected on Asus ZenBook UX410UAK (LP: #1745032)
    - Revert "ACPI / battery: Add quirk for Asus GL502VSK and UX305LA"
    - ACPI / AC: Remove initializer for unused ident dmi_system_id
    - ACPI / battery: Remove initializer for unused ident dmi_system_id
    - ACPI / battery: Add handling for devices which wrongly report discharging
      state
    - ACPI / battery: Ignore AC state in handle_discharging on systems where it is
      broken

* TPM intermittently fails after cold-boot (LP: #1762672)
    - tpm: fix intermittent failure with self tests

* qlcnic: Firmware aborts/hangs in QLogic NIC (LP: #1815033)
    - qlcnic: fix Tx descriptor corruption on 82xx devices

-- Khalid Elmously <khalid.elmously@canonical.com>  Wed, 13 Mar 2019 04:37:49 +0000

Changed in linux (Ubuntu Bionic):
status:	Fix Committed → Fix Released

Revision history for this message

Launchpad Janitor (janitor) wrote on 2019-04-02:

#6

Download full text (5.0 KiB)

This bug was fixed in the package linux - 4.18.0-17.18

---------------
linux (4.18.0-17.18) cosmic; urgency=medium

* linux: 4.18.0-17.18 -proposed tracker (LP: #1819624)

  * Packaging resync (LP: #1786013)
    - [Packaging] resync getabis
    - [Packaging] update helper scripts

* C++ demangling support missing from perf (LP: #1396654)
- [Packaging] fix a mistype

* arm-smmu-v3 arm-smmu-v3.3.auto: CMD_SYNC timeout (LP: #1818162)
- iommu/arm-smmu-v3: Fix unexpected CMD_SYNC timeout

* Crash in nvme_irq_check() when using threaded interrupts (LP: #1818747)
- nvme-pci: fix out of bounds access in nvme_cqe_pending

* CVE-2019-9003
- ipmi: fix use-after-free of user->release_barrier.rda

* CVE-2019-9162
- netfilter: nf_nat_snmp_basic: add missing length checks in ASN.1 cbs

* CVE-2019-9213
- mm: enforce min addr even if capable() in expand_downwards()

* CVE-2019-3460
- Bluetooth: Check L2CAP option sizes returned from l2cap_get_conf_opt

* tun/tap: unable to manage carrier state from userland (LP: #1806392)
- tun: implement carrier change

* CVE-2019-8980
- exec: Fix mem leak in kernel_read_file

* [Packaging] Allow overlay of config annotations (LP: #1752072)
- [Packaging] config-check: Add an include directive

* amdgpu with mst WARNING on blanking (LP: #1814308)
- drm/amd/display: Fix MST dp_blank REG_WAIT timeout

  * CVE-2019-7308
    - bpf: move {prev_,}insn_idx into verifier env
    - bpf: move tmp variable into ax register in interpreter
    - bpf: enable access to ax register also from verifier rewrite
    - bpf: restrict map value pointer arithmetic for unprivileged
    - bpf: restrict stack pointer arithmetic for unprivileged
    - bpf: restrict unknown scalars of mixed signed bounds for unprivileged
    - bpf: fix check_map_access smin_value test when pointer contains offset
    - bpf: prevent out of bounds speculation on pointer arithmetic
    - bpf: fix sanitation of alu op with pointer / scalar type from different
      paths
    - bpf: add various test cases to test_verifier
    - bpf: add various test cases to selftests

* CVE-2017-5753
- bpf: fix inner map masking to prevent oob under speculation

  * Use memblock quirk instead of delayed allocation for GICv3 LPI tables
    (LP: #1816425)
    - efi/arm: Revert "Defer persistent reservations until after paging_init()"
    - arm64, mm, efi: Account for GICv3 LPI tables in static memblock reserve
      table

* efi/arm/arm64: Allow SetVirtualAddressMap() to be omitted (LP: #1814982)
- efi/arm/arm64: Allow SetVirtualAddressMap() to be omitted

  * Update ENA driver to version 2.0.3K (LP: #1816806)
    - net: ena: update driver version from 2.0.2 to 2.0.3
    - net: ena: fix race between link up and device initalization
    - net: ena: fix crash during failed resume from hibernation

  * Silent "Unknown key" message when pressing keyboard backlight hotkey
    (LP: #1817063)
    - platform/x86: dell-wmi: Ignore new keyboard backlight change event

* CVE-2018-19824
- ALSA: usb-audio: Fix UAF decrement if card has no live interfaces in card.c

* CVE-2019-3459
- Bluetooth: Verify that l2cap_get...

	Status	Importance	Assigned to
linux (Ubuntu)	Fix Released	Undecided	Unassigned
Bionic	Fix Released	Undecided	dann frazier
Cosmic	Fix Released	Undecided	dann frazier

Ubuntu
linux package

arm-smmu-v3 arm-smmu-v3.3.auto: CMD_SYNC timeout

Bug Description

CVE References

Other bug subscribers

Remote bug watches

Ubuntulinux package

arm-smmu-v3 arm-smmu-v3.3.auto: CMD_SYNC timeout

Bug Description

CVE References

Other bug subscribers

Remote bug watches

Ubuntu
linux package