Disco update: 5.0.18 upstream stable release

Bug #1836614 reported by Stefan Bader on 2019-07-15
10
This bug affects 1 person
Affects Status Importance Assigned to Milestone
linux (Ubuntu)
Undecided
Unassigned
Disco
Medium
Stefan Bader

Bug Description

SRU Justification

    Impact:
       The upstream process for stable tree updates is quite similar
       in scope to the Ubuntu SRU process, e.g., each patch has to
       demonstrably fix a bug, and each patch is vetted by upstream
       by originating either directly from a mainline/stable Linux tree or
       a minimally backported form of that patch. The following upstream
       stable patches should be included in the Ubuntu kernel:

       5.0.18 upstream stable release
       from git://git.kernel.org/

The following patches were applied:
* locking/rwsem: Prevent decrement of reader count before increment
* x86/speculation/mds: Revert CPU buffer clear on double fault exit
* x86/speculation/mds: Improve CPU buffer clear documentation
* objtool: Fix function fallthrough detection
* arm64: dts: rockchip: fix IO domain voltage setting of APIO5 on rockpro64
* arm64: dts: rockchip: Disable DCMDs on RK3399's eMMC controller.
* ARM: dts: qcom: ipq4019: enlarge PCIe BAR range
* ARM: dts: exynos: Fix interrupt for shared EINTs on Exynos5260
* ARM: dts: exynos: Fix audio (microphone) routing on Odroid XU3
* mmc: sdhci-of-arasan: Add DTS property to disable DCMDs.
* ARM: exynos: Fix a leaked reference by adding missing of_node_put
* power: supply: axp288_charger: Fix unchecked return value
* power: supply: axp288_fuel_gauge: Add ACEPC T8 and T11 mini PCs to the blacklist
* arm64: mmap: Ensure file offset is treated as unsigned
* arm64: arch_timer: Ensure counter register reads occur with seqlock held
* arm64: compat: Reduce address limit
* arm64: Clear OSDLR_EL1 on CPU boot
* arm64: Save and restore OSDLR_EL1 across suspend/resume
* sched/x86: Save [ER]FLAGS on context switch
* x86/MCE: Add an MCE-record filtering function
* x86/MCE/AMD: Turn off MC4_MISC thresholding on all family 0x15 models
* x86/MCE/AMD: Carve out the MC4_MISC thresholding quirk
* x86/MCE: Group AMD function prototypes in <asm/mce.h>
* x86/MCE/AMD: Don't report L1 BTB MCA errors on some family 17h models
* crypto: crypto4xx - fix ctr-aes missing output IV
* crypto: crypto4xx - fix cfb and ofb "overran dst buffer" issues
* crypto: salsa20 - don't access already-freed walk.iv
* crypto: lrw - don't access already-freed walk.iv
* crypto: chacha-generic - fix use as arm64 no-NEON fallback
* crypto: chacha20poly1305 - set cra_name correctly
* crypto: ccp - Do not free psp_master when PLATFORM_INIT fails
* crypto: vmx - fix copy-paste error in CTR mode
* crypto: skcipher - don't WARN on unprocessed data after slow walk step
* crypto: crct10dif-generic - fix use via crypto_shash_digest()
* crypto: x86/crct10dif-pcl - fix use via crypto_shash_digest()
* crypto: arm64/gcm-aes-ce - fix no-NEON fallback code
* crypto: gcm - fix incompatibility between "gcm" and "gcm_base"
* crypto: rockchip - update IV buffer to contain the next IV
* crypto: caam/qi2 - fix zero-length buffer DMA mapping
* crypto: caam/qi2 - fix DMA mapping of stack memory
* crypto: caam/qi2 - generate hash keys in-place
* crypto: arm/aes-neonbs - don't access already-freed walk.iv
* crypto: arm64/aes-neonbs - don't access already-freed walk.iv
* mmc: tegra: fix ddr signaling for non-ddr modes
* mmc: core: Fix tag set memory leak
* mmc: sdhci-pci: Fix BYT OCP setting
* ALSA: line6: toneport: Fix broken usage of timer for delayed execution
* ALSA: usb-audio: Fix a memory leak bug
* ALSA: hda/realtek - EAPD turn on later
* ASoC: max98090: Fix restore of DAPM Muxes
* ASoC: RT5677-SPI: Disable 16Bit SPI Transfers
* ASoC: fsl_esai: Fix missing break in switch statement
* ASoC: codec: hdac_hdmi add device_link to card device
* bpf, arm64: remove prefetch insn in xadd mapping
* crypto: ccree - remove special handling of chained sg
* crypto: ccree - fix mem leak on error path
* crypto: ccree - don't map MAC key on stack
* crypto: ccree - use correct internal state sizes for export
* crypto: ccree - don't map AEAD key and IV on stack
* crypto: ccree - pm resume first enable the source clk
* crypto: ccree - HOST_POWER_DOWN_EN should be the last CC access during suspend
* crypto: ccree - add function to handle cryptocell tee fips error
* crypto: ccree - handle tee fips error during power management resume
* mm/mincore.c: make mincore() more conservative
* mm/huge_memory: fix vmf_insert_pfn_{pmd, pud}() crash, handle unaligned addresses
* mm/hugetlb.c: don't put_page in lock of hugetlb_lock
* hugetlb: use same fault hash key for shared and private mappings
* ocfs2: fix ocfs2 read inode data panic in ocfs2_iget
* userfaultfd: use RCU to free the task struct when fork fails
* ACPI: PM: Set enable_for_wake for wakeup GPEs during suspend-to-idle
* mfd: da9063: Fix OTP control register names to match datasheets for DA9063/63L
* mfd: max77620: Fix swapped FPS_PERIOD_MAX_US values
* mtd: spi-nor: intel-spi: Avoid crossing 4K address boundary on read/write
* mtd: maps: physmap: Store gpio_values correctly
* mtd: maps: Allow MTD_PHYSMAP with MTD_RAM
* tty: vt.c: Fix TIOCL_BLANKSCREEN console blanking if blankinterval == 0
* tty/vt: fix write/write race in ioctl(KDSKBSENT) handler
* jbd2: check superblock mapped prior to committing
* ext4: make sanity check in mballoc more strict
* ext4: ignore e_value_offs for xattrs with value-in-ea-inode
* ext4: avoid drop reference to iloc.bh twice
* ext4: fix use-after-free race with debug_want_extra_isize
* ext4: actually request zeroing of inode table after grow
* ext4: fix ext4_show_options for file systems w/o journal
* btrfs: Check the first key and level for cached extent buffer
* btrfs: Correctly free extent buffer in case btree_read_extent_buffer_pages fails
* btrfs: Honour FITRIM range constraints during free space trim
* Btrfs: send, flush dellaloc in order to avoid data loss
* Btrfs: do not start a transaction during fiemap
* Btrfs: do not start a transaction at iterate_extent_inodes()
* Btrfs: fix race between send and deduplication that lead to failures and crashes
* bcache: fix a race between cache register and cacheset unregister
* bcache: never set KEY_PTRS of journal key to 0 in journal_reclaim()
* ipmi:ssif: compare block number correctly for multi-part return messages
* crypto: ccm - fix incompatibility between "ccm" and "ccm_base"
* fs/writeback.c: use rcu_barrier() to wait for inflight wb switches going into
  workqueue when umount
* tty: Don't force RISCV SBI console as preferred console
* ext4: fix data corruption caused by overlapping unaligned and aligned IO
* ext4: fix use-after-free in dx_release()
* ext4: avoid panic during forced reboot due to aborted journal
* ALSA: hda/realtek - Fix for Lenovo B50-70 inverted internal microphone bug
* jbd2: fix potential double free
* KVM: Fix the bitmap range to copy during clear dirty
* KVM: x86: Skip EFER vs. guest CPUID checks for host-initiated writes
* KVM: lapic: Busy wait for timer to expire when using hv_timer
* kbuild: turn auto.conf.cmd into a mandatory include file
* xen/pvh: set xen_domain_type to HVM in xen_pvh_init
* xen/pvh: correctly setup the PV EFI interface for dom0
* libnvdimm/namespace: Fix label tracking error
* iov_iter: optimize page_copy_sane()
* s390/mm: make the pxd_offset functions more robust
* s390/mm: convert to the generic get_user_pages_fast code
* ext4: fix compile error when using BUFFER_TRACE
* ext4: don't update s_rev_level if not required
* Linux 5.0.18

CVE References

Stefan Bader (smb) on 2019-07-15
Changed in linux (Ubuntu):
status: New → Confirmed
tags: added: kernel-stable-tracking-bug
Changed in linux (Ubuntu Disco):
assignee: nobody → Stefan Bader (smb)
importance: Undecided → Medium
status: New → In Progress
Changed in linux (Ubuntu):
status: Confirmed → Invalid
Stefan Bader (smb) wrote :

Already applied for bug #1827967:
- "ALSA: hda/hdmi - Read the pin sense from register when repolling"
- "ALSA: hda/hdmi - Consider eld_valid when reporting jack event"

Already applied for bug #1827555:
- "ALSA: hda/realtek - Headset fixup for System76 Gazelle (gaze14)"
- "ALSA: hda/realtek - Corrected fixup for System76 Gazelle (gaze14)"

Already applied for CVE-2019-11833:
- "ext4: zero out the unused memory region in the extent tree block"

Already applied for bug #1828798:
- "ALSA: hda/realtek - Fixup headphone noise via runtime suspend"

description: updated
Stefan Bader (smb) wrote :

Commit "s390/mm: convert to the generic get_user_pages_fast code" implements a gup_fast_permitted() function which expects 2 arguments. However at that point the general mm code is using 3 arguments. This gets changed in 5.0.19 by "mm/gup: Remove the 'write' parameter from gup_fast_permitted()". To avoid breaking the build on s390x this one patch from 5.0.19 got moved into 5.0.18.

Changed in linux (Ubuntu Disco):
status: In Progress → Fix Committed
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package linux - 5.0.0-25.26

---------------
linux (5.0.0-25.26) disco; urgency=medium

  * CVE-2019-1125
    - x86/cpufeatures: Carve out CQM features retrieval
    - x86/cpufeatures: Combine word 11 and 12 into a new scattered features word
    - x86/speculation: Prepare entry code for Spectre v1 swapgs mitigations
    - x86/speculation: Enable Spectre v1 swapgs mitigations
    - x86/entry/64: Use JMP instead of JMPQ
    - x86/speculation/swapgs: Exclude ATOMs from speculation through SWAPGS

 -- Kleber Sacilotto de Souza <email address hidden> Thu, 01 Aug 2019 12:04:35 +0200

Changed in linux (Ubuntu Disco):
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers