Disco update: v5.0.6 upstream stable release

Bug #1823060 reported by Seth Forshee on 2019-04-03
10
This bug affects 1 person
Affects Status Importance Assigned to Milestone
linux (Ubuntu)
Medium
Seth Forshee
Disco
Medium
Seth Forshee

Bug Description

SRU Justification

    Impact:
       The upstream process for stable tree updates is quite similar
       in scope to the Ubuntu SRU process, e.g., each patch has to
       demonstrably fix a bug, and each patch is vetted by upstream
       by originating either directly from a mainline/stable Linux tree or
       a minimally backported form of that patch. The following upstream
       stable patches should be included in the Ubuntu kernel:

       v5.0.6 upstream stable release
       from git://git.kernel.org/

Linux 5.0.6
mt76x02u: use usb_bulk_msg to upload firmware
bpf: do not restore dst_reg when cur_state is freed
KVM: x86: update %rip after emulating IO
KVM: x86: Emulate MSR_IA32_ARCH_CAPABILITIES on AMD hosts
KVM: Reject device ioctls from processes other than the VM's creator
x86/smp: Enforce CONFIG_HOTPLUG_CPU when SMP=y
cpu/hotplug: Prevent crash when CPU bringup fails on CONFIG_HOTPLUG_CPU=n
watchdog: Respect watchdog cpumask on CPU hotplug
powerpc/pseries/mce: Fix misleading print for TLB mutlihit
powerpc/64: Fix memcmp reading past the end of src/dest
powerpc/pseries/energy: Use OF accessor functions to read ibm,drc-indexes
objtool: Query pkg-config for libelf location
perf intel-pt: Fix TSC slip
perf pmu: Fix parser error for uncore event alias
mm/migrate.c: add missing flush_dcache_page for non-mapped page migrate
mm/page_isolation.c: fix a wrong flag in set_migratetype_isolate()
mm/memory_hotplug.c: fix notification in offline error path
mm/debug.c: fix __dump_page when mapping->host is not set
mm: mempolicy: make mbind() return -EIO when MPOL_MF_STRICT is specified
iommu/io-pgtable-arm-v7s: request DMA32 memory, and improve debugging
mm: add support for kmem caches in DMA32 zone
mm/hotplug: fix offline undo_isolate_page_range()
usb: typec: Fix unchecked return value
usb: typec: tcpm: Try PD-2.0 if sink does not respond to 3.0 source-caps
usb: cdc-acm: fix race during wakeup blocking TX traffic
xhci: Don't let USB3 ports stuck in polling state prevent suspend
usb: xhci: dbc: Don't free all memory with spinlock held
xhci: Fix port resume done detection for SS ports with LPM enabled
usb: host: xhci-rcar: Add XHCI_TRUST_TX_LENGTH quirk
mm/memory.c: fix modifying of page protection by insert_pfn()
usb: common: Consider only available nodes for dr_mode
USB: gadget: f_hid: fix deadlock in f_hidg_write()
usb: mtu3: fix EXTCON dependency
phy: sun4i-usb: Support set_mode to USB_HOST for non-OTG PHYs
gpio: adnp: Fix testing wrong value in adnp_gpio_direction_input
gpio: exar: add a check for the return value of ida_simple_get fails
drm/i915/icl: Fix the TRANS_DDI_FUNC_CTL2 bitfield macro
drm/i915/gvt: Fix MI_FLUSH_DW parsing with correct index check
drm/i915: Mark AML 0x87CA as ULX
drm/vkms: fix use-after-free when drm_gem_handle_create() fails
drm/vgem: fix use-after-free when drm_gem_handle_create() fails
cpufreq: scpi: Fix use after free
cpufreq: intel_pstate: Also use CPPC nominal_perf for base_frequency
blk-mq: fix sbitmap ws_active for shared tags
drivers/block/zram/zram_drv.c: fix idle/writeback string compare
fs/proc/proc_sysctl.c: fix NULL pointer dereference in put_links
Disable kgdboc failed by echo space to /sys/module/kgdboc/parameters/kgdboc
ACPI / CPPC: Fix guaranteed performance handling
USB: serial: option: add Olicard 600
USB: serial: option: add support for Quectel EM12
USB: serial: option: set driver_info for SIM5218 and compatibles
USB: serial: mos7720: fix mos_parport refcount imbalance on error path
USB: serial: ftdi_sio: add additional NovaTech products
USB: serial: cp210x: add new device id
serial: sh-sci: Fix setting SCSCR_TIE while transferring data
serial: mvebu-uart: Fix to avoid a potential NULL pointer dereference
serial: max310x: Fix to avoid potential NULL pointer dereference
staging: erofs: keep corrupted fs from crashing kernel in erofs_readdir()
staging: erofs: fix error handling when failed to read compresssed data
staging: erofs: fix to handle error path of erofs_vmap()
staging: vt6655: Fix interrupt race condition on device start up.
staging: vt6655: Remove vif check from vnt_interrupt
staging: speakup_soft: Fix alternate speech with other synths
staging: olpc_dcon_xo_1: add missing 'const' qualifier
staging: comedi: ni_mio_common: Fix divide-by-zero for DIO cmdtest
tty: serial: qcom_geni_serial: Initialize baud in qcom_geni_console_setup
tty: atmel_serial: fix a potential NULL pointer dereference
tty: mxs-auart: fix a potential NULL pointer dereference
tty/serial: atmel: RS485 HD w/DMA: enable RX after TX is stopped
tty/serial: atmel: Add is_half_duplex helper
drm/rockchip: vop: reset scale mode when win is disabled
scsi: zfcp: fix scsi_eh host reset with port_forced ERP for non-NPIV FCP devices
scsi: zfcp: fix rport unblock if deleted SCSI devices on Scsi_Host
scsi: sd: Quiesce warning if device does not report optimal I/O size
scsi: sd: Fix a race between closing an sd device and sd I/O
ocfs2: fix inode bh swapping mixup in ocfs2_reflink_inodes_lock
fs/open.c: allow opening only regular files during execve()
kbuild: modversions: Fix relative CRC byte order interpretation
ALSA: hda/realtek - Fix speakers on Acer Predator Helios 500 Ryzen laptops
ALSA: hda/realtek: Enable headset MIC of ASUS X430UN and X512DK with ALC256
ALSA: hda/realtek: Enable headset mic of ASUS P5440FF with ALC256
ALSA: hda/realtek: Enable ASUS X441MB and X705FD headset MIC with ALC256
ALSA: hda/realtek - Add support for Acer Aspire E5-523G/ES1-432 headset mic
ALSA: hda/realtek: Enable headset MIC of Acer Aspire Z24-890 with ALC286
ALSA: hda/realtek: Enable headset MIC of Acer AIO with ALC286
ALSA: hda/realtek - Add support headset mode for New DELL WYSE NB
ALSA: hda/realtek - Add support headset mode for DELL WYSE AIO
ALSA: hda/realtek: merge alc_fixup_headset_jack to alc295_fixup_chromebook
ALSA: hda/realtek - Fixed Headset Mic JD not stable
ALSA: pcm: Don't suspend stream in unrecoverable PCM state
ALSA: pcm: Fix possible OOB access in PCM oss plugins
ALSA: seq: oss: Fix Spectre v1 vulnerability
ALSA: rawmidi: Fix potential Spectre v1 vulnerability
net: dsa: qca8k: remove leftover phy accessors
NFSv4.1 don't free interrupted slot on open
NFS: fix mount/umount race in nlmclnt.
NFS: Fix nfs4_lock_state refcounting in nfs4_alloc_{lock,unlock}data()
vfio: ccw: only free cp on final interrupt
powerpc: bpf: Fix generation of load/store DW instructions
ARM: imx6q: cpuidle: fix bug that CPU might not wake up at expected time
tracing: initialize variable in create_dyn_event()
locks: wake any locks blocked on request before deadlock check
Btrfs: fix assertion failure on fsync with NO_HOLES enabled
btrfs: Avoid possible qgroup_rsv_size overflow in btrfs_calculate_inode_block_rsv_size
btrfs: Fix bound checking in qgroup_trace_new_subtree_blocks
btrfs: don't report readahead errors and don't update statistics
btrfs: remove WARN_ON in log_dir_items
Btrfs: fix incorrect file size after shrinking truncate and fsync
powerpc/fsl: Fix the flush of branch predictor.
tun: add a missing rcu_read_unlock() in error path
ila: Fix rhashtable walker list corruption
r8169: fix cable re-plugging issue
net: phy: don't clear BMCR in genphy_soft_reset
net: mii: Fix PAUSE cap advertisement from linkmode_adv_to_lcl_adv_t() helper
net: dsa: mv88e6xxx: fix few issues in mv88e6390x_port_set_cmode
thunderx: eliminate extra calls to put_page() for pages held for recycling
thunderx: enable page recycling for non-XDP case
vxlan: Don't call gro_cells_destroy() before device is unregistered
vrf: prevent adding upper devices
tun: properly test for IFF_UP
tipc: fix cancellation of topology subscriptions
tipc: change to check tipc_own_id to return in tipc_net_stop
tipc: allow service ranges to be connect()'ed on RDM/DGRAM
tcp: do not use ipv6 header for ipv4 flow
sctp: use memdup_user instead of vmemdup_user
sctp: get sctphdr by offset in sctp_compute_cksum
rhashtable: Still do rehash when we get EEXIST
packets: Always register packet sk in the same order
net: usb: aqc111: Extend HWID table by QNAP device
net-sysfs: call dev_hold if kobject_init_and_add success
net: stmmac: fix memory corruption with large MTUs
net: rose: fix a possible stack overflow
net: phy: meson-gxl: fix interrupt support
net/packet: Set __GFP_NOWARN upon allocation in alloc_pg_vec
net: datagram: fix unbounded loop in __skb_try_recv_datagram()
net: aquantia: fix rx checksum offload for UDP/TCP over IPv6
mISDN: hfcpci: Test both vendor & device ID for Digium HFC4S
mac8390: Fix mmio access size probe
ipv6: make ip6_create_rt_rcu return ip6_null_entry instead of NULL
gtp: change NET_UDP_TUNNEL dependency to select
genetlink: Fix a memory leak on error path
dccp: do not use ipv6 header for ipv4 flow
netfilter: nf_tables: fix set double-free in abort path

The following patches from this stable update had already been applied:

Bluetooth: Check L2CAP option sizes returned from l2cap_get_conf_opt
Bluetooth: Verify that l2cap_get_conf_opt provides large enough buffer
btrfs: raid56: properly unmap parity page in finish_parity_scrub()

CVE References

Seth Forshee (sforshee) on 2019-04-03
Changed in linux (Ubuntu):
status: New → Confirmed
tags: added: kernel-stable-tracking-bug
Changed in linux (Ubuntu Disco):
assignee: nobody → Seth Forshee (sforshee)
importance: Undecided → Medium
status: Confirmed → In Progress
Seth Forshee (sforshee) on 2019-04-03
description: updated
Changed in linux (Ubuntu Disco):
status: In Progress → Fix Committed
Launchpad Janitor (janitor) wrote :
Download full text (50.5 KiB)

This bug was fixed in the package linux - 5.0.0-11.12

---------------
linux (5.0.0-11.12) disco; urgency=medium

  * linux: 5.0.0-11.12 -proposed tracker (LP: #1824383)

  * hns3: PPU_PF_ABNORMAL_INT_ST over_8bd_no_fe found [error status=0x1]
    (LP: #1824194)
    - net: hns3: fix for not calculating tx bd num correctly

  * disco: unable to use iptables/enable ufw under -virtual kernel
    (LP: #1823862)
    - [Packaging] add bpfilter to linux-modules

  * Make shiftfs a module rather than built-in (LP: #1824354)
    - [Config] CONFIG_SHIFT_FS=m

  * shiftfs: chown sets untranslated ids in lower fs (LP: #1824350)
    - SAUCE: shiftfs: use translated ids when chaning lower fs attrs

  * [Hyper-V] KVP daemon fails to start on first boot of disco VM (LP: #1820063)
    - [Packaging] bind hv_kvp_daemon startup to hv_kvp device

linux (5.0.0-10.11) disco; urgency=medium

  * linux: 5.0.0-10.11 -proposed tracker (LP: #1823936)

  * Apparmor enforcement failure in lxc selftests (LP: #1823379)
    - SAUCE: apparmor: Restore Y/N in /sys for apparmor's "enabled"

  * systemd cause kernel trace "BUG: unable to handle kernel paging request at
    6db23a14" on Cosmic i386 (LP: #1813244)
    - openvswitch: fix flow actions reallocation

linux (5.0.0-9.10) disco; urgency=medium

  * linux: 5.0.0-9.10 -proposed tracker (LP: #1823228)

  * Packaging resync (LP: #1786013)
    - [Packaging] resync git-ubuntu-log
    - [Packaging] update helper scripts
    - [Packaging] resync retpoline extraction

  * Huawei Hi1822 NIC has poor performance (LP: #1820187)
    - net-next/hinic: replace disable_irq_nosync/enable_irq

  * Add uid shifting overlay filesystem (shiftfs) (LP: #1823186)
    - shiftfs: uid/gid shifting bind mount
    - shiftfs: rework and extend
    - shiftfs: support some btrfs ioctls
    - [Config] enable shiftfs

  * Cannot boot or install - have to use nomodeset (LP: #1821820)
    - Revert "drm/i915/fbdev: Actually configure untiled displays"

  * Disco update: v5.0.6 upstream stable release (LP: #1823060)
    - netfilter: nf_tables: fix set double-free in abort path
    - dccp: do not use ipv6 header for ipv4 flow
    - genetlink: Fix a memory leak on error path
    - gtp: change NET_UDP_TUNNEL dependency to select
    - ipv6: make ip6_create_rt_rcu return ip6_null_entry instead of NULL
    - mac8390: Fix mmio access size probe
    - mISDN: hfcpci: Test both vendor & device ID for Digium HFC4S
    - net: aquantia: fix rx checksum offload for UDP/TCP over IPv6
    - net: datagram: fix unbounded loop in __skb_try_recv_datagram()
    - net/packet: Set __GFP_NOWARN upon allocation in alloc_pg_vec
    - net: phy: meson-gxl: fix interrupt support
    - net: rose: fix a possible stack overflow
    - net: stmmac: fix memory corruption with large MTUs
    - net-sysfs: call dev_hold if kobject_init_and_add success
    - net: usb: aqc111: Extend HWID table by QNAP device
    - packets: Always register packet sk in the same order
    - rhashtable: Still do rehash when we get EEXIST
    - sctp: get sctphdr by offset in sctp_compute_cksum
    - sctp: use memdup_user instead of vmemdup_user
    - tcp: do not use ipv6 header for ipv4 flow
    - tipc: allow servic...

Changed in linux (Ubuntu Disco):
status: Fix Committed → Fix Released
Brad Figg (brad-figg) on 2019-07-24
tags: added: cscc
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers