Disco update: 5.0.17 upstream stable release

Bug #1836577 reported by Stefan Bader on 2019-07-15
This bug affects 1 person
Affects Status Importance Assigned to Milestone
linux (Ubuntu)
Stefan Bader

Bug Description

SRU Justification

       The upstream process for stable tree updates is quite similar
       in scope to the Ubuntu SRU process, e.g., each patch has to
       demonstrably fix a bug, and each patch is vetted by upstream
       by originating either directly from a mainline/stable Linux tree or
       a minimally backported form of that patch. The following upstream
       stable patches should be included in the Ubuntu kernel:

       5.0.17 upstream stable release
       from git://git.kernel.org/

The following patches were applied:
* bfq: update internal depth state when queue depth changes
* platform/x86: sony-laptop: Fix unintentional fall-through
* platform/x86: thinkpad_acpi: Disable Bluetooth for some machines
* platform/x86: dell-laptop: fix rfkill functionality
* hwmon: (pwm-fan) Disable PWM if fetching cooling data fails
* hwmon: (occ) Fix extended status bits
* selftests/seccomp: Handle namespace failures gracefully
* kernfs: fix barrier usage in __kernfs_new_node()
* virt: vbox: Sanity-check parameter types for hgcm-calls coming from userspace
* USB: serial: fix unthrottle races
* iio: adc: xilinx: fix potential use-after-free on remove
* iio: adc: xilinx: fix potential use-after-free on probe
* iio: adc: xilinx: prevent touching unclocked h/w on remove
* acpi/nfit: Always dump _DSM output payload
* libnvdimm/namespace: Fix a potential NULL pointer dereference
* HID: input: add mapping for Expose/Overview key
* HID: input: add mapping for keyboard Brightness Up/Down/Toggle keys
* HID: input: add mapping for "Toggle Display" key
* libnvdimm/btt: Fix a kmemdup failure check
* s390/dasd: Fix capacity calculation for large volumes
* mac80211: fix unaligned access in mesh table hash function
* mac80211: Increase MAX_MSG_LEN
* cfg80211: Handle WMM rules in regulatory domain intersection
* mac80211: fix memory accounting with A-MSDU aggregation
* nl80211: Add NL80211_FLAG_CLEAR_SKB flag for other NL commands
* libnvdimm/security: provide fix for secure-erase to use zero-key
* libnvdimm/pmem: fix a possible OOB access when read and write pmem
* tools/testing/nvdimm: Retain security state after overwrite
* s390/3270: fix lockdep false positive on view->lock
* drm/ttm: fix dma_fence refcount imbalance on error path
* drm/amd/display: extending AUX SW Timeout
* clocksource/drivers/npcm: select TIMER_OF
* clocksource/drivers/oxnas: Fix OX820 compatible
* selftests: fib_tests: Fix 'Command line is not complete' errors
* drm/amdgpu: shadow in shadow_list without tbo.mem.start cause page fault
  in sriov TDR
* mISDN: Check address length before reading address family
* vxge: fix return of a free'd memblock on a failed dma mapping
* qede: fix write to free'd pointer error and double free of ptp
* afs: Unlock pages for __pagevec_release()
* afs: Fix in-progess ops to ignore server-level callback invalidation
* qed: Delete redundant doorbell recovery types
* qed: Fix the doorbell address sanity check
* qed: Fix missing DORQ attentions
* qed: Fix the DORQ's attentions handling
* drm/amd/display: If one stream full updates, full update all planes
* s390/pkey: add one more argument space for debug feature entry
* x86/build/lto: Fix truncated .bss with -fdata-sections
* x86/mm: Prevent bogus warnings with "noexec=off"
* x86/reboot, efi: Use EFI reboot for Acer TravelMate X514-51T
* KVM: nVMX: always use early vmcs check when EPT is disabled
* KVM: fix spectrev1 gadgets
* KVM: x86: avoid misreporting level-triggered irqs as edge-triggered in tracing
* tools lib traceevent: Fix missing equality check for strcmp
* perf top: Always sample time to satisfy needs of use of ordered queuing
* ipmi: ipmi_si_hardcode.c: init si_type array to fix a crash
* ocelot: Don't sleep in atomic context (irqs_disabled())
* perf tools: Fix map reference counting
* scsi: aic7xxx: fix EISA support
* slab: store tagged freelist for off-slab slabmgmt
* mm/hotplug: treat CMA pages as unmovable
* mm: fix inactive list balancing between NUMA nodes and cgroups
* init: initialize jump labels before command line option parsing
* drm: bridge: dw-hdmi: Fix overflow workaround for Rockchip SoCs
* selftests: netfilter: check icmp pkttoobig errors are set as related
* ipvs: do not schedule icmp errors from tunnels
* netfilter: ctnetlink: don't use conntrack/expect object addresses as id
* netfilter: nf_tables: prevent shift wrap in nft_chain_parse_hook()
* netfilter: nat: fix icmp id randomization
* MIPS: perf: ath79: Fix perfcount IRQ assignment
* IB/mlx5: Fix scatter to CQE in DCT QP creation
* s390: ctcm: fix ctcm_new_device error return code
* drm/sun4i: Set device driver data at bind time for use in unbind
* drm/sun4i: Fix component unbinding and component master deletion
* of_net: Fix residues after of_get_nvmem_mac_address removal
* selftests/net: correct the return value for run_afpackettests
* netfilter: never get/set skb->tstamp
* netfilter: fix nf_l4proto_log_invalid to log invalid packets
* dmaengine: bcm2835: Avoid GFP_KERNEL in device_prep_slave_sg
* gpu: ipu-v3: dp: fix CSC handling
* drm/imx: don't skip DP channel disable for background plane
* ARM: fix function graph tracer and unwinder dependencies
* ARM: 8856/1: NOMMU: Fix CCR register faulty initialization when MPU is disabled
* spi: Micrel eth switch: declare missing of table
* spi: ST ST95HF NFC: declare missing of table
* ceph: handle the case where a dentry has been renamed on outstanding req
* Revert "drm/virtio: drop prime import/export callbacks"
* drm/sun4i: Unbind components before releasing DRM and memory
* Input: snvs_pwrkey - make it depend on ARCH_MXC
* Input: synaptics-rmi4 - fix possible double free
* net: vrf: Fix operation not supported when set vrf mac
* gpio: Fix gpiochip_add_data_with_key() error path
* mm/memory_hotplug.c: drop memory device reference after find_memory_block()
* mm/page_alloc.c: avoid potential NULL pointer dereference
* bpf: only test gso type on gso packets
* net: sched: fix cleanup NULL pointer exception in act_mirr
* net: mvpp2: fix validate for PPv2.1
* drm/rockchip: fix for mailbox read validation.
* cw1200: fix missing unlock on error in cw1200_hw_scan()
* mwl8k: Fix rate_idx underflow
* rtlwifi: rtl8723ae: Fix missing break in switch statement
* Don't jump to compute_result state from check_result state
* bonding: fix arp_validate toggling in active-backup mode
* bridge: Fix error path for kobject_init_and_add()
* dpaa_eth: fix SG frame cleanup
* fib_rules: return 0 directly if an exactly same rule exists when NLM_F_EXCL
  not supplied
* ipv4: Fix raw socket lookup for local traffic
* net: dsa: Fix error cleanup path in dsa_init_module
* net: ethernet: stmmac: dwmac-sun8i: enable support of unicast filtering
* net: macb: Change interrupt and napi enable order in open
* net: seeq: fix crash caused by not set dev.parent
* net: ucc_geth - fix Oops when changing number of buffers in the ring
* packet: Fix error path in packet_init
* selinux: do not report error on connect(AF_UNSPEC)
* tipc: fix hanging clients using poll with EPOLLOUT flag
* vlan: disable SIOCSHWTSTAMP in container
* vrf: sit mtu should not be updated when vrf netdev is the link
* tuntap: fix dividing by zero in ebpf queue selection
* tuntap: synchronize through tfiles array instead of tun->numqueues
* net: phy: fix phy_validate_pause
* flow_dissector: disable preemption around BPF calls
* isdn: bas_gigaset: use usb_fill_int_urb() properly
* drivers/virt/fsl_hypervisor.c: dereferencing error pointers in ioctl
* drivers/virt/fsl_hypervisor.c: prevent integer overflow in ioctl
* powerpc/book3s/64: check for NULL pointer in pgd_alloc()
* powerpc/powernv/idle: Restore IAMR after idle
* powerpc/booke64: set RI in default MSR
* virtio_ring: Fix potential mem leak in virtqueue_add_indirect_packed
* PCI: hv: Fix a memory leak in hv_eject_device_work()
* PCI: hv: Add hv_pci_remove_slots() when we unload the driver
* PCI: hv: Add pci_destroy_slot() in pci_devices_present_work(), if necessary
* f2fs: Fix use of number of devices
* Linux 5.0.17

CVE References

Stefan Bader (smb) on 2019-07-15
Changed in linux (Ubuntu):
status: New → Confirmed
tags: added: kernel-stable-tracking-bug
Changed in linux (Ubuntu Disco):
assignee: nobody → Stefan Bader (smb)
importance: Undecided → Medium
status: New → In Progress
Changed in linux (Ubuntu):
status: Confirmed → Invalid
Stefan Bader (smb) wrote :

Applied with fuzz 1 (verified): "x86/reboot, efi: Use EFI reboot for Acer TravelMate X514-51T".

Already applied for bug #1825777: "selftests/net: correct the return value for run_netsocktests".

Already applied for bug #1822871: "arm64/module: ftrace: deal with place relative nature of PLTs".

Already applied for bug #1830815: "RDMA/hns: Bugfix for mapping user db".

description: updated
Changed in linux (Ubuntu Disco):
status: In Progress → Fix Committed
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package linux - 5.0.0-25.26

linux (5.0.0-25.26) disco; urgency=medium

  * CVE-2019-1125
    - x86/cpufeatures: Carve out CQM features retrieval
    - x86/cpufeatures: Combine word 11 and 12 into a new scattered features word
    - x86/speculation: Prepare entry code for Spectre v1 swapgs mitigations
    - x86/speculation: Enable Spectre v1 swapgs mitigations
    - x86/entry/64: Use JMP instead of JMPQ
    - x86/speculation/swapgs: Exclude ATOMs from speculation through SWAPGS

 -- Kleber Sacilotto de Souza <email address hidden> Thu, 01 Aug 2019 12:04:35 +0200

Changed in linux (Ubuntu Disco):
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers