Disco update: 5.0.18 upstream stable release

Bug #1836614 reported by Stefan Bader on 2019-07-15
This bug affects 1 person
Affects Status Importance Assigned to Milestone
linux (Ubuntu)
Stefan Bader

Bug Description

SRU Justification

       The upstream process for stable tree updates is quite similar
       in scope to the Ubuntu SRU process, e.g., each patch has to
       demonstrably fix a bug, and each patch is vetted by upstream
       by originating either directly from a mainline/stable Linux tree or
       a minimally backported form of that patch. The following upstream
       stable patches should be included in the Ubuntu kernel:

       5.0.18 upstream stable release
       from git://git.kernel.org/

The following patches were applied:
* locking/rwsem: Prevent decrement of reader count before increment
* x86/speculation/mds: Revert CPU buffer clear on double fault exit
* x86/speculation/mds: Improve CPU buffer clear documentation
* objtool: Fix function fallthrough detection
* arm64: dts: rockchip: fix IO domain voltage setting of APIO5 on rockpro64
* arm64: dts: rockchip: Disable DCMDs on RK3399's eMMC controller.
* ARM: dts: qcom: ipq4019: enlarge PCIe BAR range
* ARM: dts: exynos: Fix interrupt for shared EINTs on Exynos5260
* ARM: dts: exynos: Fix audio (microphone) routing on Odroid XU3
* mmc: sdhci-of-arasan: Add DTS property to disable DCMDs.
* ARM: exynos: Fix a leaked reference by adding missing of_node_put
* power: supply: axp288_charger: Fix unchecked return value
* power: supply: axp288_fuel_gauge: Add ACEPC T8 and T11 mini PCs to the blacklist
* arm64: mmap: Ensure file offset is treated as unsigned
* arm64: arch_timer: Ensure counter register reads occur with seqlock held
* arm64: compat: Reduce address limit
* arm64: Clear OSDLR_EL1 on CPU boot
* arm64: Save and restore OSDLR_EL1 across suspend/resume
* sched/x86: Save [ER]FLAGS on context switch
* x86/MCE: Add an MCE-record filtering function
* x86/MCE/AMD: Turn off MC4_MISC thresholding on all family 0x15 models
* x86/MCE/AMD: Carve out the MC4_MISC thresholding quirk
* x86/MCE: Group AMD function prototypes in <asm/mce.h>
* x86/MCE/AMD: Don't report L1 BTB MCA errors on some family 17h models
* crypto: crypto4xx - fix ctr-aes missing output IV
* crypto: crypto4xx - fix cfb and ofb "overran dst buffer" issues
* crypto: salsa20 - don't access already-freed walk.iv
* crypto: lrw - don't access already-freed walk.iv
* crypto: chacha-generic - fix use as arm64 no-NEON fallback
* crypto: chacha20poly1305 - set cra_name correctly
* crypto: ccp - Do not free psp_master when PLATFORM_INIT fails
* crypto: vmx - fix copy-paste error in CTR mode
* crypto: skcipher - don't WARN on unprocessed data after slow walk step
* crypto: crct10dif-generic - fix use via crypto_shash_digest()
* crypto: x86/crct10dif-pcl - fix use via crypto_shash_digest()
* crypto: arm64/gcm-aes-ce - fix no-NEON fallback code
* crypto: gcm - fix incompatibility between "gcm" and "gcm_base"
* crypto: rockchip - update IV buffer to contain the next IV
* crypto: caam/qi2 - fix zero-length buffer DMA mapping
* crypto: caam/qi2 - fix DMA mapping of stack memory
* crypto: caam/qi2 - generate hash keys in-place
* crypto: arm/aes-neonbs - don't access already-freed walk.iv
* crypto: arm64/aes-neonbs - don't access already-freed walk.iv
* mmc: tegra: fix ddr signaling for non-ddr modes
* mmc: core: Fix tag set memory leak
* mmc: sdhci-pci: Fix BYT OCP setting
* ALSA: line6: toneport: Fix broken usage of timer for delayed execution
* ALSA: usb-audio: Fix a memory leak bug
* ALSA: hda/realtek - EAPD turn on later
* ASoC: max98090: Fix restore of DAPM Muxes
* ASoC: RT5677-SPI: Disable 16Bit SPI Transfers
* ASoC: fsl_esai: Fix missing break in switch statement
* ASoC: codec: hdac_hdmi add device_link to card device
* bpf, arm64: remove prefetch insn in xadd mapping
* crypto: ccree - remove special handling of chained sg
* crypto: ccree - fix mem leak on error path
* crypto: ccree - don't map MAC key on stack
* crypto: ccree - use correct internal state sizes for export
* crypto: ccree - don't map AEAD key and IV on stack
* crypto: ccree - pm resume first enable the source clk
* crypto: ccree - HOST_POWER_DOWN_EN should be the last CC access during suspend
* crypto: ccree - add function to handle cryptocell tee fips error
* crypto: ccree - handle tee fips error during power management resume
* mm/mincore.c: make mincore() more conservative
* mm/huge_memory: fix vmf_insert_pfn_{pmd, pud}() crash, handle unaligned addresses
* mm/hugetlb.c: don't put_page in lock of hugetlb_lock
* hugetlb: use same fault hash key for shared and private mappings
* ocfs2: fix ocfs2 read inode data panic in ocfs2_iget
* userfaultfd: use RCU to free the task struct when fork fails
* ACPI: PM: Set enable_for_wake for wakeup GPEs during suspend-to-idle
* mfd: da9063: Fix OTP control register names to match datasheets for DA9063/63L
* mfd: max77620: Fix swapped FPS_PERIOD_MAX_US values
* mtd: spi-nor: intel-spi: Avoid crossing 4K address boundary on read/write
* mtd: maps: physmap: Store gpio_values correctly
* mtd: maps: Allow MTD_PHYSMAP with MTD_RAM
* tty: vt.c: Fix TIOCL_BLANKSCREEN console blanking if blankinterval == 0
* tty/vt: fix write/write race in ioctl(KDSKBSENT) handler
* jbd2: check superblock mapped prior to committing
* ext4: make sanity check in mballoc more strict
* ext4: ignore e_value_offs for xattrs with value-in-ea-inode
* ext4: avoid drop reference to iloc.bh twice
* ext4: fix use-after-free race with debug_want_extra_isize
* ext4: actually request zeroing of inode table after grow
* ext4: fix ext4_show_options for file systems w/o journal
* btrfs: Check the first key and level for cached extent buffer
* btrfs: Correctly free extent buffer in case btree_read_extent_buffer_pages fails
* btrfs: Honour FITRIM range constraints during free space trim
* Btrfs: send, flush dellaloc in order to avoid data loss
* Btrfs: do not start a transaction during fiemap
* Btrfs: do not start a transaction at iterate_extent_inodes()
* Btrfs: fix race between send and deduplication that lead to failures and crashes
* bcache: fix a race between cache register and cacheset unregister
* bcache: never set KEY_PTRS of journal key to 0 in journal_reclaim()
* ipmi:ssif: compare block number correctly for multi-part return messages
* crypto: ccm - fix incompatibility between "ccm" and "ccm_base"
* fs/writeback.c: use rcu_barrier() to wait for inflight wb switches going into
  workqueue when umount
* tty: Don't force RISCV SBI console as preferred console
* ext4: fix data corruption caused by overlapping unaligned and aligned IO
* ext4: fix use-after-free in dx_release()
* ext4: avoid panic during forced reboot due to aborted journal
* ALSA: hda/realtek - Fix for Lenovo B50-70 inverted internal microphone bug
* jbd2: fix potential double free
* KVM: Fix the bitmap range to copy during clear dirty
* KVM: x86: Skip EFER vs. guest CPUID checks for host-initiated writes
* KVM: lapic: Busy wait for timer to expire when using hv_timer
* kbuild: turn auto.conf.cmd into a mandatory include file
* xen/pvh: set xen_domain_type to HVM in xen_pvh_init
* xen/pvh: correctly setup the PV EFI interface for dom0
* libnvdimm/namespace: Fix label tracking error
* iov_iter: optimize page_copy_sane()
* s390/mm: make the pxd_offset functions more robust
* s390/mm: convert to the generic get_user_pages_fast code
* ext4: fix compile error when using BUFFER_TRACE
* ext4: don't update s_rev_level if not required
* Linux 5.0.18

CVE References

Stefan Bader (smb) on 2019-07-15
Changed in linux (Ubuntu):
status: New → Confirmed
tags: added: kernel-stable-tracking-bug
Changed in linux (Ubuntu Disco):
assignee: nobody → Stefan Bader (smb)
importance: Undecided → Medium
status: New → In Progress
Changed in linux (Ubuntu):
status: Confirmed → Invalid
Stefan Bader (smb) wrote :

Already applied for bug #1827967:
- "ALSA: hda/hdmi - Read the pin sense from register when repolling"
- "ALSA: hda/hdmi - Consider eld_valid when reporting jack event"

Already applied for bug #1827555:
- "ALSA: hda/realtek - Headset fixup for System76 Gazelle (gaze14)"
- "ALSA: hda/realtek - Corrected fixup for System76 Gazelle (gaze14)"

Already applied for CVE-2019-11833:
- "ext4: zero out the unused memory region in the extent tree block"

Already applied for bug #1828798:
- "ALSA: hda/realtek - Fixup headphone noise via runtime suspend"

description: updated
Stefan Bader (smb) wrote :

Commit "s390/mm: convert to the generic get_user_pages_fast code" implements a gup_fast_permitted() function which expects 2 arguments. However at that point the general mm code is using 3 arguments. This gets changed in 5.0.19 by "mm/gup: Remove the 'write' parameter from gup_fast_permitted()". To avoid breaking the build on s390x this one patch from 5.0.19 got moved into 5.0.18.

Changed in linux (Ubuntu Disco):
status: In Progress → Fix Committed
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package linux - 5.0.0-25.26

linux (5.0.0-25.26) disco; urgency=medium

  * CVE-2019-1125
    - x86/cpufeatures: Carve out CQM features retrieval
    - x86/cpufeatures: Combine word 11 and 12 into a new scattered features word
    - x86/speculation: Prepare entry code for Spectre v1 swapgs mitigations
    - x86/speculation: Enable Spectre v1 swapgs mitigations
    - x86/entry/64: Use JMP instead of JMPQ
    - x86/speculation/swapgs: Exclude ATOMs from speculation through SWAPGS

 -- Kleber Sacilotto de Souza <email address hidden> Thu, 01 Aug 2019 12:04:35 +0200

Changed in linux (Ubuntu Disco):
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers