Bionic update: upstream stable patchset 2019-07-11

Bug #1836287 reported by Kamal Mostafa
This bug affects 1 person
Affects Status Importance Assigned to Milestone
linux (Ubuntu)
Kamal Mostafa

Bug Description

SRU Justification

       The upstream process for stable tree updates is quite similar
       in scope to the Ubuntu SRU process, e.g., each patch has to
       demonstrably fix a bug, and each patch is vetted by upstream
       by originating either directly from a mainline/stable Linux tree or
       a minimally backported form of that patch. The following upstream
       stable patches should be included in the Ubuntu kernel:

       upstream stable patchset 2019-07-11

       Ported from the following upstream stable releases:
            v4.14.73, v4.18.11,
            v4.14.74, v4.18.12

       from git://

perf tools: Fix undefined symbol scnprintf in
gso_segment: Reset skb->mac_len after modifying network header
ipv6: fix possible use-after-free in ip6_xmit()
net/appletalk: fix minor pointer leak to userspace in SIOCFINDIPDDPRT
net: hp100: fix always-true check for link up state
pppoe: fix reception of frames with no mac header
qmi_wwan: set DTR for modems in forced USB2 mode
udp4: fix IP_CMSG_CHECKSUM for connected sockets
neighbour: confirm neigh entries when ARP packet is received
udp6: add missing checks on edumux packet processing
net/sched: act_sample: fix NULL dereference in the data path
tls: don't copy the key out of tls12_crypto_info_aes_gcm_128
tls: zero the crypto information from tls_context before freeing
tls: clear key material from kernel memory when do_tls_setsockopt_conf fails
NFC: Fix possible memory corruption when handling SHDLC I-Frame commands
NFC: Fix the number of pipes
ASoC: cs4265: fix MMTLR Data switch control
ASoC: rsnd: fixup not to call clk_get/set under non-atomic
ALSA: bebob: fix memory leak for M-Audio FW1814 and ProjectMix I/O at error path
ALSA: bebob: use address returned by kmalloc() instead of kernel stack for streaming DMA mapping
ALSA: emu10k1: fix possible info leak to userspace on SNDRV_EMU10K1_IOCTL_INFO
ALSA: fireface: fix memory leak in ff400_switch_fetching_mode()
ALSA: firewire-digi00x: fix memory leak of private data
ALSA: firewire-tascam: fix memory leak of private data
ALSA: fireworks: fix memory leak of response buffer at error path
ALSA: oxfw: fix memory leak for model-dependent data at error path
ALSA: oxfw: fix memory leak of discovered stream formats at error path
ALSA: oxfw: fix memory leak of private data
platform/x86: alienware-wmi: Correct a memory leak
xen/netfront: don't bug in case of too many frags
xen/x86/vpmu: Zero struct pt_regs before calling into sample handling code
spi: fix IDR collision on systems with both fixed and dynamic SPI bus numbers
ring-buffer: Allow for rescheduling when removing pages
mm: shmem.c: Correctly annotate new inodes for lockdep
scsi: target: iscsi: Use bin2hex instead of a re-implementation
ocfs2: fix ocfs2 read block panic
drm/nouveau: Fix deadlocks in nouveau_connector_detect()
drm/nouveau/drm/nouveau: Don't forget to cancel hpd_work on suspend/unload
drm/nouveau/drm/nouveau: Fix bogus drm_kms_helper_poll_enable() placement
drm/nouveau/drm/nouveau: Use pm_runtime_get_noresume() in connector_detect()
drm/nouveau/drm/nouveau: Prevent handling ACPI HPD events too early
drm/vc4: Fix the "no scaling" case on multi-planar YUV formats
drm: udl: Destroy framebuffer only if it was initialized
drm/amdgpu: add new polaris pci id
ext4: check to make sure the rename(2)'s destination is not freed
ext4: avoid divide by zero fault when deleting corrupted inline directories
ext4: avoid arithemetic overflow that can trigger a BUG
ext4: recalucate superblock checksum after updating free blocks/inodes
ext4: fix online resize's handling of a too-small final block group
ext4: fix online resizing for bigalloc file systems with a 1k block size
ext4: don't mark mmp buffer head dirty
ext4: show test_dummy_encryption mount option in /proc/mounts
sched/fair: Fix vruntime_normalized() for remote non-migration wakeup
PCI: aardvark: Size bridges before resources allocation
vmw_balloon: include asm/io.h
iw_cxgb4: only allow 1 flush on user qps
tick/nohz: Prevent bogus softirq pending warning
spi: Fix double IDR allocation with DT aliases
hv_netvsc: fix schedule in RCU context
bnxt_en: Fix VF mac address regression.
net: rtnl_configure_link: fix dev flags changes arg to __dev_notify_flags
mtd: rawnand: denali: fix a race condition when DMA is kicked
platform/x86: dell-smbios-wmi: Correct a memory leak
spi: fix IDR collision on systems with both fixed and dynamic SPI bus numbers
fork: report pid exhaustion correctly
mm: disable deferred struct page for 32-bit arches
libata: mask swap internal and hardware tag
drm/i915/bdw: Increase IPS disable timeout to 100ms
drm/nouveau: Reset MST branching unit before enabling
drm/nouveau: Only write DP_MSTM_CTRL when needed
drm/nouveau: Remove duplicate poll_enable() in pmops_runtime_suspend()
ext4, dax: set ext4_dax_aops for dax files
crypto: skcipher - Fix -Wstringop-truncation warnings
iio: adc: ina2xx: avoid kthread_stop() with stale task_struct
tsl2550: fix lux1_input error in low light
vmci: type promotion bug in qp_host_get_user_memory()
x86/numa_emulation: Fix emulated-to-physical node mapping
staging: rts5208: fix missing error check on call to rtsx_write_register
power: supply: axp288_charger: Fix initial constant_charge_current value
misc: sram: enable clock before registering regions
serial: sh-sci: Stop RX FIFO timer during port shutdown
uwb: hwa-rc: fix memory leak at probe
power: vexpress: fix corruption in notifier registration
iommu/amd: make sure TLB to be flushed before IOVA freed
Bluetooth: Add a new Realtek 8723DE ID 0bda:b009
USB: serial: kobil_sct: fix modem-status error handling
6lowpan: iphc: reset mac_header after decompress to fix panic
iommu/msm: Don't call iommu_device_{,un}link from atomic context
s390/mm: correct allocate_pgste proc_handler callback
power: remove possible deadlock when unregistering power_supply
md-cluster: clear another node's suspend_area after the copy is finished
RDMA/bnxt_re: Fix a couple off by one bugs
RDMA/i40w: Hold read semaphore while looking after VMA
IB/core: type promotion bug in rdma_rw_init_one_mr()
media: exynos4-is: Prevent NULL pointer dereference in __isp_video_try_fmt()
IB/mlx4: Test port number before querying type.
powerpc/kdump: Handle crashkernel memory reservation failure
media: fsl-viu: fix error handling in viu_of_probe()
media: staging/imx: fill vb2_v4l2_buffer field entry
x86/tsc: Add missing header to tsc_msr.c
ARM: hwmod: RTC: Don't assume lock/unlock will be called with irq enabled
x86/entry/64: Add two more instruction suffixes
ARM: dts: ls1021a: Add missing cooling device properties for CPUs
scsi: target/iscsi: Make iscsit_ta_authentication() respect the output buffer size
scsi: klist: Make it safe to use klists in atomic context
scsi: ibmvscsi: Improve strings handling
scsi: target: Avoid that EXTENDED COPY commands trigger lock inversion
usb: wusbcore: security: cast sizeof to int for comparison
ath10k: sdio: use same endpoint id for all packets in a bundle
ath10k: sdio: set skb len for all rx packets
powerpc/powernv/ioda2: Reduce upper limit for DMA window size
s390/sysinfo: add missing #ifdef CONFIG_PROC_FS
alarmtimer: Prevent overflow for relative nanosleep
s390/dasd: correct numa_node in dasd_alloc_queue
s390/scm_blk: correct numa_node in scm_blk_dev_setup
s390/extmem: fix gcc 8 stringop-overflow warning
mtd: rawnand: atmel: add module param to avoid using dma
iio: accel: adxl345: convert address field usage in iio_chan_spec
posix-timers: Make forward callback return s64
ALSA: snd-aoa: add of_node_put() in error path
media: s3c-camif: ignore -ENOIOCTLCMD from v4l2_subdev_call for s_power
media: soc_camera: ov772x: correct setting of banding filter
media: omap3isp: zero-initialize the isp cam_xclk{a,b} initial data
staging: android: ashmem: Fix mmap size validation
drivers/tty: add error handling for pcmcia_loop_config
media: tm6000: add error handling for dvb_register_adapter
net: phy: xgmiitorgmii: Check read_status results
ath10k: protect ath10k_htt_rx_ring_free with rx_ring.lock
net: phy: xgmiitorgmii: Check phy_driver ready before accessing
drm/sun4i: Fix releasing node when enumerating enpoints
ath10k: transmit queued frames after processing rx packets
rndis_wlan: potential buffer overflow in rndis_wlan_auth_indication()
brcmsmac: fix wrap around in conversion from constant to s16
ARM: mvebu: declare asm symbols as character arrays in pmsu.c
arm: dts: mediatek: Add missing cooling device properties for CPUs
HID: hid-ntrig: add error handling for sysfs_create_group
MIPS: boot: fix build rule of vmlinux.its.S
perf/x86/intel/lbr: Fix incomplete LBR call stack
scsi: bnx2i: add error handling for ioremap_nocache
iomap: complete partial direct I/O writes synchronously
scsi: megaraid_sas: Update controller info during resume
EDAC, i7core: Fix memleaks and use-after-free on probe and remove
ASoC: dapm: Fix potential DAI widget pointer deref when linking DAIs
module: exclude SHN_UNDEF symbols from kallsyms api
gpio: Fix wrong rounding in gpio-menz127
nfsd: fix corrupted reply to badly ordered compound
EDAC: Fix memleak in module init error path
fs/lock: skip lock owner pid translation in case we are in init_pid_ns
Input: xen-kbdfront - fix multi-touch XenStore node's locations
iio: 104-quad-8: Fix off-by-one error in register selection
ARM: dts: dra7: fix DCAN node addresses
x86/mm: Expand static page table for fixmap space
tty: serial: lpuart: avoid leaking struct tty_struct
serial: cpm_uart: return immediately from console poll
intel_th: Fix device removal logic
spi: tegra20-slink: explicitly enable/disable clock
spi: sh-msiof: Fix invalid SPI use during system suspend
spi: sh-msiof: Fix handling of write value for SISTR register
spi: rspi: Fix invalid SPI use during system suspend
spi: rspi: Fix interrupted DMA transfers
regulator: fix crash caused by null driver data
USB: fix error handling in usb_driver_claim_interface()
USB: handle NULL config in usb_find_alt_setting()
usb: musb: dsps: do not disable CPPI41 irq in driver teardown
slub: make ->cpu_partial unsigned int
USB: usbdevfs: sanitize flags more
USB: usbdevfs: restore warning for nonsensical flags
USB: remove LPM management from usb_driver_claim_interface()
IB/srp: Avoid that sg_reset -d ${srp_device} triggers an infinite loop
IB/hfi1: Fix SL array bounds check
IB/hfi1: Invalid user input can result in crash
IB/hfi1: Fix context recovery when PBC has an UnsupportedVL
RDMA/uverbs: Atomically flush and mark closed the comp event queue
ovl: hash non-dir by lower inode for fsnotify
drm/i915: Remove vma from object on destroy, not close
serial: imx: restore handshaking irq for imx1
qed: Wait for ready indication before rereading the shmem
qed: Wait for MCP halt and resume commands to take place
qed: Prevent a possible deadlock during driver load and unload
qed: Avoid sending mailbox commands when MFW is not responsive
thermal: of-thermal: disable passive polling when thermal zone is disabled
isofs: reject hardware sector size > 2048 bytes
tls: possible hang when do_tcp_sendpages hits sndbuf is full case
bpf: sockmap: write_space events need to be passed to TCP handler
net: hns: fix length and page_offset overflow when CONFIG_ARM64_64K_PAGES
e1000: check on netif_running() before calling e1000_up()
e1000: ensure to free old tx/rx rings in set_ringparam()
crypto: cavium/nitrox - fix for command corruption in queue full case with backlog submissions.
hwmon: (ina2xx) fix sysfs shunt resistor read access
hwmon: (adt7475) Make adt7475_read_word() return errors
Revert "ARM: dts: imx7d: Invert legacy PCI irq mapping"
drm/amdgpu: Enable/disable gfx PG feature in rlc safe mode
drm/amdgpu: Update power state at the end of smu hw_init.
ata: ftide010: Add a quirk for SQ201
nvme-fcloop: Fix dropped LS's to removed target port
ARM: dts: omap4-droid4: Fix emmc errors seen on some devices
arm/arm64: smccc-1.1: Make return values unsigned long
arm/arm64: smccc-1.1: Handle function result as parameters
i2c: i801: Allow ACPI AML access I/O ports not reserved for SMBus
x86/pti: Fix section mismatch warning/error
media: v4l: event: Prevent freeing event subscriptions while accessed
drm/amd/display/dc/dce: Fix multiple potential integer overflows
drm/amd/display: fix use of uninitialized memory
RDMA/bnxt_re: Fix a bunch of off by one bugs in qplib_fp.c
vhost_net: Avoid tx vring kicks during busyloop
thermal: i.MX: Allow thermal probe to fail gracefully in case of bad calibration.
platform/x86: asus-wireless: Fix uninitialized symbol usage
ACPI / button: increment wakeup count only when notified
media: ov772x: add checks for register read errors
media: ov772x: allow i2c controllers without I2C_FUNC_PROTOCOL_MANGLING
drm/omap: gem: Fix mm_list locking
ASoC: rsnd: SSI parent cares SWSP bit
staging: pi433: fix race condition in pi433_ioctl
perf tests: Fix indexing when invoking subtests
gpio: tegra: Fix tegra_gpio_irq_set_type()
block: fix deadline elevator drain for zoned block devices
serial: mvebu-uart: Fix reporting of effective CSIZE to userspace
intel_th: Fix resource handling for ACPI glue layer
ext2, dax: set ext2_dax_aops for dax files
IB/hfi1: Fix destroy_qp hang after a link down
ARM: OMAP2+: Fix null hwmod for ti-sysc debug
ARM: OMAP2+: Fix module address for modules using mpu_rt_idx
bus: ti-sysc: Fix module register ioremap for larger offsets
drm/amdgpu: fix preamble handling
amdgpu: fix multi-process hang issue
tcp_bbr: add bbr_check_probe_rtt_done() helper
tcp_bbr: in restart from idle, see if we should exit PROBE_RTT
net: hns3: fix page_offset overflow when CONFIG_ARM64_64K_PAGES
ixgbe: fix driver behaviour after issuing VFLR
powerpc/pseries: Fix unitialized timer reset on migration

Changed in linux (Ubuntu):
status: New → Confirmed
tags: added: kernel-stable-tracking-bug
description: updated
Changed in linux (Ubuntu Bionic):
status: New → In Progress
assignee: nobody → Kamal Mostafa (kamalmostafa)
Changed in linux (Ubuntu Bionic):
status: In Progress → Fix Committed
Revision history for this message
Launchpad Janitor (janitor) wrote :
Download full text (171.3 KiB)

This bug was fixed in the package linux - 4.15.0-58.64

linux (4.15.0-58.64) bionic; urgency=medium

  * unable to handle kernel NULL pointer dereference at 000000000000002c (IP:
    iget5_locked+0x9e/0x1f0) (LP: #1838982)
    - Revert "ovl: set I_CREATING on inode being created"
    - Revert "new primitive: discard_new_inode()"

linux (4.15.0-57.63) bionic; urgency=medium

  * CVE-2019-1125
    - x86/cpufeatures: Carve out CQM features retrieval
    - x86/cpufeatures: Combine word 11 and 12 into a new scattered features word
    - x86/speculation: Prepare entry code for Spectre v1 swapgs mitigations
    - x86/speculation: Enable Spectre v1 swapgs mitigations
    - x86/entry/64: Use JMP instead of JMPQ
    - x86/speculation/swapgs: Exclude ATOMs from speculation through SWAPGS

  * Packaging resync (LP: #1786013)
    - update dkms package versions

linux (4.15.0-56.62) bionic; urgency=medium

  * bionic/linux: 4.15.0-56.62 -proposed tracker (LP: #1837626)

  * Packaging resync (LP: #1786013)
    - [Packaging] resync git-ubuntu-log
    - [Packaging] update helper scripts

  * CVE-2019-2101
    - media: uvcvideo: Fix 'type' check leading to overflow

  * hibmc-drm Causes Unreadable Display for Huawei amd64 Servers (LP: #1762940)
    - [Config] Set CONFIG_DRM_HISI_HIBMC to arm64 only
    - SAUCE: Make CONFIG_DRM_HISI_HIBMC depend on ARM64

  * Bionic: support for Solarflare X2542 network adapter (sfc driver)
    (LP: #1836635)
    - sfc: make mem_bar a function rather than a constant
    - sfc: support VI strides other than 8k
    - sfc: add Medford2 (SFC9250) PCI Device IDs
    - sfc: improve PTP error reporting
    - sfc: update EF10 register definitions
    - sfc: populate the timer reload field
    - sfc: update MCDI protocol headers
    - sfc: support variable number of MAC stats
    - sfc: expose FEC stats on Medford2
    - sfc: expose CTPIO stats on NICs that support them
    - sfc: basic MCDI mapping of 25/50/100G link speeds
    - sfc: support the ethtool ksettings API properly so that 25/50/100G works
    - sfc: add bits for 25/50/100G supported/advertised speeds
    - sfc: remove tx and MCDI handling from NAPI budget consideration
    - sfc: handle TX timestamps in the normal data path
    - sfc: add function to determine which TX timestamping method to use
    - sfc: use main datapath for HW timestamps if available
    - sfc: only enable TX timestamping if the adapter is licensed for it
    - sfc: MAC TX timestamp handling on the 8000 series
    - sfc: on 8000 series use TX queues for TX timestamps
    - sfc: only advertise TX timestamping if we have the license for it
    - sfc: simplify RX datapath timestamping
    - sfc: support separate PTP and general timestamping
    - sfc: support second + quarter ns time format for receive datapath
    - sfc: support Medford2 frequency adjustment format
    - sfc: add suffix to large constant in ptp
    - sfc: mark some unexported symbols as static
    - sfc: update MCDI protocol headers
    - sfc: support FEC configuration through ethtool
    - sfc: remove ctpio_dmabuf_start from stats
    - sfc: stop the TX queue before pushing new buffers

  * [18.04 FEAT] zKVM: Add hardwar...

Changed in linux (Ubuntu Bionic):
status: Fix Committed → Fix Released
Po-Hsu Lin (cypressyew)
Changed in linux (Ubuntu):
status: Confirmed → Invalid
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers