Bionic update: upstream stable patchset 2019-07-12

Bug #1836426 reported by Kamal Mostafa on 2019-07-12
10
This bug affects 1 person
Affects Status Importance Assigned to Milestone
linux (Ubuntu)
Undecided
Unassigned
Bionic
Undecided
Kamal Mostafa

Bug Description

SRU Justification

    Impact:
       The upstream process for stable tree updates is quite similar
       in scope to the Ubuntu SRU process, e.g., each patch has to
       demonstrably fix a bug, and each patch is vetted by upstream
       by originating either directly from a mainline/stable Linux tree or
       a minimally backported form of that patch. The following upstream
       stable patches should be included in the Ubuntu kernel:

       upstream stable patchset 2019-07-12

       Ported from the following upstream stable releases:
            v4.14.75, v4.18.13,
            v4.14.76, v4.18.14,
            v4.14.77, v4.18.15

       from git://git.kernel.org/

drm/amd/pp: initialize result to before or'ing in data
drm/amdgpu: add another ATPX quirk for TOPAZ
tools/power turbostat: fix possible sprintf buffer overflow
mac80211: Run TXQ teardown code before de-registering interfaces
mac80211_hwsim: require at least one channel
btrfs: btrfs_shrink_device should call commit transaction at the end
scsi: csiostor: add a check for NULL pointer after kmalloc()
mac80211: correct use of IEEE80211_VHT_CAP_RXSTBC_X
mac80211_hwsim: correct use of IEEE80211_VHT_CAP_RXSTBC_X
gpio: adp5588: Fix sleep-in-atomic-context bug
mac80211: mesh: fix HWMP sequence numbering to follow standard
mac80211: avoid kernel panic when building AMSDU from non-linear SKB
gpiolib: acpi: Switch to cansleep version of GPIO library call
gpiolib-acpi: Register GpioInt ACPI event handlers from a late_initcall
cfg80211: nl80211_update_ft_ies() to validate NL80211_ATTR_IE
mac80211: do not convert to A-MSDU if frag/subframe limited
mac80211: always account for A-MSDU header changes
tools/kvm_stat: fix handling of invalid paths in debugfs provider
gpio: Fix crash due to registration race
ARC: atomics: unbork atomic_fetch_##op()
md/raid5-cache: disable reshape completely
RAID10 BUG_ON in raise_barrier when force is true and conf->barrier is 0
i2c: uniphier: issue STOP only for last message or I2C_M_STOP
i2c: uniphier-f: issue STOP only for last message or I2C_M_STOP
net: cadence: Fix a sleep-in-atomic-context bug in macb_halt_tx()
fs/cifs: don't translate SFM_SLASH (U+F026) to backslash
mac80211: fix an off-by-one issue in A-MSDU max_subframe computation
cfg80211: fix a type issue in ieee80211_chandef_to_operating_class()
mac80211: fix a race between restart and CSA flows
mac80211: Fix station bandwidth setting after channel switch
mac80211: don't Tx a deauth frame if the AP forbade Tx
mac80211: shorten the IBSS debug messages
tools/vm/slabinfo.c: fix sign-compare warning
tools/vm/page-types.c: fix "defined but not used" warning
mm: madvise(MADV_DODUMP): allow hugetlbfs pages
netfilter: xt_cluster: add dependency on conntrack module
HID: add support for Apple Magic Keyboards
usb: gadget: fotg210-udc: Fix memory leak of fotg210->ep[i]
HID: hid-saitek: Add device ID for RAT 7 Contagion
scsi: qedi: Add the CRC size within iSCSI NVM image
perf evsel: Fix potential null pointer dereference in perf_evsel__new_idx()
perf util: Fix bad memory access in trace info.
perf probe powerpc: Ignore SyS symbols irrespective of endianness
netfilter: nf_tables: release chain in flushing set
Revert "iio: temperature: maxim_thermocouple: add MAX31856 part"
RDMA/ucma: check fd type in ucma_migrate_id()
HID: sensor-hub: Restore fixup for Lenovo ThinkPad Helix 2 sensor hub report
USB: yurex: Check for truncation in yurex_read()
nvmet-rdma: fix possible bogus dereference under heavy load
net/mlx5: Consider PCI domain in search for next dev
drm/nouveau/TBDdevinit: don't fail when PMU/PRE_OS is missing from VBIOS
drm/nouveau/disp: fix DP disable race
dm raid: fix rebuild of specific devices by updating superblock
fs/cifs: suppress a string overflow warning
perf/x86/intel: Add support/quirk for the MISPREDICT bit on Knights Landing CPUs
dm thin metadata: try to avoid ever aborting transactions
arch/hexagon: fix kernel/dma.c build warning
hexagon: modify ffs() and fls() to return int
arm64: jump_label.h: use asm_volatile_goto macro instead of "asm goto"
drm/amdgpu: fix error handling in amdgpu_cs_user_fence_chunk
r8169: Clear RTL_FLAG_TASK_*_PENDING when clearing RTL_FLAG_TASK_ENABLED
s390/qeth: don't dump past end of unknown HW header
cifs: read overflow in is_valid_oplock_break()
xen/manage: don't complain about an empty value in control/sysrq node
xen: avoid crash in disable_hotplug_cpu
xen: fix GCC warning and remove duplicate EVTCHN_ROW/EVTCHN_COL usage
ovl: fix access beyond unterminated strings
ovl: fix memory leak on unlink of indexed file
ovl: fix format of setxattr debug
sysfs: Do not return POSIX ACL xattrs via listxattr
smb2: fix missing files in root share directory listing
iommu/amd: Clear memory encryption mask from physical address
ALSA: hda/realtek - Cannot adjust speaker's volume on Dell XPS 27 7760
crypto: qat - Fix KASAN stack-out-of-bounds bug in adf_probe()
crypto: mxs-dcp - Fix wait logic on chan threads
crypto: caam/jr - fix ablkcipher_edesc pointer arithmetic
gpiolib: Free the last requested descriptor
Drivers: hv: vmbus: Use get/put_cpu() in vmbus_connect()
tools: hv: fcopy: set 'error' in case an unknown operation was requested
ocfs2: fix locking for res->tracking and dlm->tracking_list
ixgbe: check return value of napi_complete_done()
dm thin metadata: fix __udivdi3 undefined on 32-bit
Btrfs: fix unexpected failure of nocow buffered writes after snapshotting when low on space
scsi: aacraid: fix a signedness bug
tipc: switch to rhashtable iterator
net: mvpp2: initialize port of_node pointer
tc-testing: add test-cases for numeric and invalid control action
tools/kvm_stat: fix updates for dead guests
ibmvnic: Include missing return code checks in reset function
net/ibm/emac: wrong emac_calc_base call was used by typo
ceph: avoid a use-after-free in ceph_destroy_options()
afs: Fix cell specification to permit an empty address list
netfilter: xt_checksum: ignore gso skbs
HID: intel-ish-hid: Enable Sunrise Point-H ish driver
iio: imu: st_lsm6dsx: take into account ts samples in wm configuration
riscv: Do not overwrite initrd_start and initrd_end
drm/nouveau: fix oops in client init failure path
drm/nouveau/mmu: don't attempt to dereference vmm without valid instance pointer
drm/nouveau/disp/gm200-: enforce identity-mapped SOR assignment for LVDS/eDP panels
sched/topology: Set correct NUMA topology type
drm/amdgpu: Fix SDMA hang in prt mode v2
asm-generic: io: Fix ioport_map() for !CONFIG_GENERIC_IOMAP && CONFIG_INDIRECT_PIO
x86/APM: Fix build warning when PROC_FS is not enabled
new primitive: discard_new_inode()
ovl: set I_CREATING on inode being created
crypto: chelsio - Fix memory corruption in DMA Mapped buffers.
perf/core: Add sanity check to deal with pinned event failure
mm: migration: fix migration of huge PMD shared pages
mm, thp: fix mlocking THP page with migration enabled
mm/vmstat.c: skip NR_TLB_REMOTE_FLUSH* properly
KVM: x86: fix L1TF's MMIO GFN calculation
blk-mq: I/O and timer unplugs are inverted in blktrace
clocksource/drivers/timer-atmel-pit: Properly handle error cases
fbdev/omapfb: fix omapfb_memory_read infoleak
drm/amdgpu: Fix vce work queue was not cancelled when suspend
x86/vdso: Fix asm constraints on vDSO syscall fallbacks
selftests/x86: Add clock_gettime() tests to test_vdso
x86/vdso: Only enable vDSO retpolines when enabled and supported
x86/vdso: Fix vDSO syscall fallback asm constraint regression
mac80211: fix setting IEEE80211_KEY_FLAG_RX_MGMT for AP mode keys
PM / core: Clear the direct_complete flag on errors
dm cache metadata: ignore hints array being too small during resize
dm cache: fix resize crash if user doesn't reload cache table
xhci: Add missing CAS workaround for Intel Sunrise Point xHCI
usb: xhci-mtk: resume USB3 roothub first
USB: serial: simple: add Motorola Tetra MTP6550 id
usb: cdc_acm: Do not leak URB buffers
of: unittest: Disable interrupt node tests for old world MAC systems
perf annotate: Use asprintf when formatting objdump command line
perf tools: Fix python extension build for gcc 8
ath10k: fix use-after-free in ath10k_wmi_cmd_send_nowait
ath10k: fix kernel panic issue during pci probe
nvme_fc: fix ctrl create failures racing with workq items
powerpc/lib: fix book3s/32 boot failure due to code patching
ARC: clone syscall to setp r25 as thread pointer
perf utils: Move is_directory() to path.h
f2fs: fix invalid memory access
ucma: fix a use-after-free in ucma_resolve_ip()
ubifs: Check for name being NULL while mounting
rds: rds_ib_recv_alloc_cache() should call alloc_percpu_gfp() instead
ath10k: fix scan crash due to incorrect length calculation
pstore/ram: Fix failure-path memory leak in ramoops_init
mac80211: allocate TXQs for active monitor interfaces
drm: fix use-after-free read in drm_mode_create_lease_ioctl()
USB: serial: option: improve Quectel EP06 detection
USB: serial: option: add two-endpoints device-id flag
tipc: call start and done ops directly in __tipc_nl_compat_dumpit()
bnxt_en: Fix TX timeout during netpoll.
bnxt_en: free hwrm resources, if driver probe fails.
bonding: avoid possible dead-lock
ip6_tunnel: be careful when accessing the inner header
ip_tunnel: be careful when accessing the inner header
ipv4: fix use-after-free in ip_cmsg_recv_dstaddr()
ipv6: take rcu lock in rawv6_send_hdrinc()
net: dsa: bcm_sf2: Call setup during switch resume
net: hns: fix for unmapping problem when SMMU is on
net: ipv4: update fnhe_pmtu when first hop's MTU changes
net/ipv6: Display all addresses in output of /proc/net/if_inet6
netlabel: check for IPV4MASK in addrinfo_get
net: mvpp2: Extract the correct ethtype from the skb for tx csum offload
net: mvpp2: fix a txq_done race condition
net: sched: Add policy validation for tc attributes
net: systemport: Fix wake-up interrupt race during resume
net/usb: cancel pending work when unbinding smsc75xx
qmi_wwan: Added support for Gemalto's Cinterion ALASxx WWAN interface
rtnl: limit IFLA_NUM_TX_QUEUES and IFLA_NUM_RX_QUEUES to 4096
sctp: update dst pmtu with the correct daddr
team: Forbid enslaving team device to itself
tipc: fix flow control accounting for implicit connect
udp: Unbreak modules that rely on external __skb_recv_udp() availability
net: stmmac: Fixup the tail addr setting in xmit path
net/packet: fix packet drop as of virtio gso
net: dsa: bcm_sf2: Fix unbind ordering
net/mlx5e: Set vlan masks for all offloaded TC rules
net: aquantia: memory corruption on jumbo frames
net/mlx5: E-Switch, Fix out of bound access when setting vport rate
bonding: pass link-local packets to bonding master also.
bonding: fix warning message
nfp: avoid soft lockups under control message storm
bnxt_en: don't try to offload VLAN 'modify' action
net-ethtool: ETHTOOL_GUFO did not and should not require CAP_NET_ADMIN
tcp/dccp: fix lockdep issue when SYN is backlogged
inet: make sure to grab rcu_read_lock before using ireq->ireq_opt
ASoC: rt5514: Fix the issue of the delay volume applied again
ASoC: wm8804: Add ACPI support
ASoC: sigmadsp: safeload should not have lower byte limit
selftests/efivarfs: add required kernel configs
selftests: memory-hotplug: add required configs
ASoC: rsnd: adg: care clock-frequency size
ASoC: rsnd: don't fallback to PIO mode when -EPROBE_DEFER
Bluetooth: hci_ldisc: Free rw_semaphore on close
mfd: omap-usb-host: Fix dts probe of children
scsi: iscsi: target: Don't use stack buffer for scatterlist
scsi: qla2xxx: Fix an endian bug in fcpcmd_is_corrupted()
sound: enable interrupt after dma buffer initialization
sound: don't call skl_init_chip() to reset intel skl soc
stmmac: fix valid numbers of unicast filter entries
net: macb: disable scatter-gather for macb on sama5d3
ARM: dts: at91: add new compatibility string for macb on sama5d3
PCI: hv: support reporting serial number as slot information
clk: x86: add "ether_clk" alias for Bay Trail / Cherry Trail
clk: x86: Stop marking clocks as CLK_IS_CRITICAL
x86/kvm/lapic: always disable MMIO interface in x2APIC mode
drm/amdgpu: Fix SDMA HQD destroy error on gfx_v7
mm/vmstat.c: fix outdated vmstat_text
MIPS: VDSO: Always map near top of user memory
mach64: detect the dot clock divider correctly on sparc
percpu: stop leaking bitmap metadata blocks
perf script python: Fix export-to-postgresql.py occasional failure
perf script python: Fix export-to-sqlite.py sample columns
s390/cio: Fix how vfio-ccw checks pinned pages
dm cache: destroy migration_cache if cache target registration failed
dm: fix report zone remapping to account for partition offset
dm linear: eliminate linear_end_io call if CONFIG_DM_ZONED disabled
dm linear: fix linear_end_io conditional definition
cgroup: Fix dom_cgrp propagation when enabling threaded mode
mmc: block: avoid multiblock reads for the last sector in SPI mode
pinctrl: mcp23s08: fix irq and irqchip setup order
arm64: perf: Reject stand-alone CHAIN events for PMUv3
mm/thp: fix call to mmu_notifier in set_pmd_migration_entry() v2
mm: Preserve _PAGE_DEVMAP across mprotect() calls
i2c: i2c-scmi: fix for i2c_smbus_write_block_data
xhci: Don't print a warning when setting link state for disabled ports
mm: introduce NR_INDIRECTLY_RECLAIMABLE_BYTES
mm: treat indirectly reclaimable memory as available in MemAvailable
dcache: account external names as indirectly reclaimable memory
mm: treat indirectly reclaimable memory as free in overcommit logic
mm: don't show nr_indirectly_reclaimable in /proc/vmstat
ARM: add more CPU part numbers for Cortex and Brahma B15 CPUs
ARM: bugs: prepare processor bug infrastructure
ARM: bugs: hook processor bug checking into SMP and suspend paths
ARM: bugs: add support for per-processor bug checking
UBUNTU: [Config] updateconfigs for CPU_SPECTRE
ARM: spectre: add Kconfig symbol for CPUs vulnerable to Spectre
ARM: spectre-v2: harden branch predictor on context switches
ARM: spectre-v2: add Cortex A8 and A15 validation of the IBE bit
ARM: spectre-v2: harden user aborts in kernel space
ARM: spectre-v2: add firmware based hardening
ARM: spectre-v2: warn about incorrect context switching functions
ARM: KVM: invalidate BTB on guest exit for Cortex-A12/A17
ARM: KVM: invalidate icache on guest exit for Cortex-A15
ARM: spectre-v2: KVM: invalidate icache on guest exit for Brahma B15
ARM: KVM: Add SMCCC_ARCH_WORKAROUND_1 fast handling
ARM: KVM: report support for SMCCC_ARCH_WORKAROUND_1
ARM: spectre-v1: add speculation barrier (csdb) macros
ARM: spectre-v1: add array_index_mask_nospec() implementation
ARM: spectre-v1: fix syscall entry
ARM: signal: copy registers using __copy_from_user()
ARM: vfp: use __copy_from_user() when restoring VFP state
ARM: oabi-compat: copy semops using __copy_from_user()
ARM: use __inttype() in get_user()
ARM: spectre-v1: use get_user() for __get_user()
ARM: spectre-v1: mitigate user accesses
perf tools: Fix snprint warnings for gcc 8
net: sched: cls_u32: fix hnode refcounting
net: qualcomm: rmnet: Skip processing loopback packets
net: qualcomm: rmnet: Fix incorrect allocation flag in transmit
tun: remove unused parameters
tun: initialize napi_mutex unconditionally
tun: napi flags belong to tfile
net: dsa: b53: Keep CPU port as tagged in all VLANs
rtnetlink: Fail dump if target netnsid is invalid
net: ipv4: don't let PMTU updates increase route MTU
ASoC: dapm: Fix NULL pointer deference on CODEC to CODEC DAIs
selftests: android: move config up a level
selftests: add headers_install to lib.mk
Bluetooth: SMP: Fix trying to use non-existent local OOB data
Bluetooth: Use correct tfm to generate OOB data
net: ethernet: ti: add missing GENERIC_ALLOCATOR dependency
afs: Fix afs_server struct leak
afs: Fix clearance of reply

Changed in linux (Ubuntu):
status: New → Confirmed
tags: added: kernel-stable-tracking-bug
description: updated
Changed in linux (Ubuntu Bionic):
status: New → In Progress
assignee: nobody → Kamal Mostafa (kamalmostafa)
Changed in linux (Ubuntu Bionic):
status: In Progress → Fix Committed
Launchpad Janitor (janitor) wrote :
Download full text (171.3 KiB)

This bug was fixed in the package linux - 4.15.0-58.64

---------------
linux (4.15.0-58.64) bionic; urgency=medium

  * unable to handle kernel NULL pointer dereference at 000000000000002c (IP:
    iget5_locked+0x9e/0x1f0) (LP: #1838982)
    - Revert "ovl: set I_CREATING on inode being created"
    - Revert "new primitive: discard_new_inode()"

linux (4.15.0-57.63) bionic; urgency=medium

  * CVE-2019-1125
    - x86/cpufeatures: Carve out CQM features retrieval
    - x86/cpufeatures: Combine word 11 and 12 into a new scattered features word
    - x86/speculation: Prepare entry code for Spectre v1 swapgs mitigations
    - x86/speculation: Enable Spectre v1 swapgs mitigations
    - x86/entry/64: Use JMP instead of JMPQ
    - x86/speculation/swapgs: Exclude ATOMs from speculation through SWAPGS

  * Packaging resync (LP: #1786013)
    - update dkms package versions

linux (4.15.0-56.62) bionic; urgency=medium

  * bionic/linux: 4.15.0-56.62 -proposed tracker (LP: #1837626)

  * Packaging resync (LP: #1786013)
    - [Packaging] resync git-ubuntu-log
    - [Packaging] update helper scripts

  * CVE-2019-2101
    - media: uvcvideo: Fix 'type' check leading to overflow

  * hibmc-drm Causes Unreadable Display for Huawei amd64 Servers (LP: #1762940)
    - [Config] Set CONFIG_DRM_HISI_HIBMC to arm64 only
    - SAUCE: Make CONFIG_DRM_HISI_HIBMC depend on ARM64

  * Bionic: support for Solarflare X2542 network adapter (sfc driver)
    (LP: #1836635)
    - sfc: make mem_bar a function rather than a constant
    - sfc: support VI strides other than 8k
    - sfc: add Medford2 (SFC9250) PCI Device IDs
    - sfc: improve PTP error reporting
    - sfc: update EF10 register definitions
    - sfc: populate the timer reload field
    - sfc: update MCDI protocol headers
    - sfc: support variable number of MAC stats
    - sfc: expose FEC stats on Medford2
    - sfc: expose CTPIO stats on NICs that support them
    - sfc: basic MCDI mapping of 25/50/100G link speeds
    - sfc: support the ethtool ksettings API properly so that 25/50/100G works
    - sfc: add bits for 25/50/100G supported/advertised speeds
    - sfc: remove tx and MCDI handling from NAPI budget consideration
    - sfc: handle TX timestamps in the normal data path
    - sfc: add function to determine which TX timestamping method to use
    - sfc: use main datapath for HW timestamps if available
    - sfc: only enable TX timestamping if the adapter is licensed for it
    - sfc: MAC TX timestamp handling on the 8000 series
    - sfc: on 8000 series use TX queues for TX timestamps
    - sfc: only advertise TX timestamping if we have the license for it
    - sfc: simplify RX datapath timestamping
    - sfc: support separate PTP and general timestamping
    - sfc: support second + quarter ns time format for receive datapath
    - sfc: support Medford2 frequency adjustment format
    - sfc: add suffix to large constant in ptp
    - sfc: mark some unexported symbols as static
    - sfc: update MCDI protocol headers
    - sfc: support FEC configuration through ethtool
    - sfc: remove ctpio_dmabuf_start from stats
    - sfc: stop the TX queue before pushing new buffers

  * [18.04 FEAT] zKVM: Add hardwar...

Changed in linux (Ubuntu Bionic):
status: Fix Committed → Fix Released
Po-Hsu Lin (cypressyew) on 2019-10-03
Changed in linux (Ubuntu):
status: Confirmed → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers