Bionic update: upstream stable patchset 2019-07-17

Bug #1836968 reported by Kamal Mostafa on 2019-07-17
10
This bug affects 1 person
Affects Status Importance Assigned to Milestone
linux (Ubuntu)
Undecided
Unassigned
Bionic
Undecided
Kamal Mostafa

Bug Description

SRU Justification

    Impact:
       The upstream process for stable tree updates is quite similar
       in scope to the Ubuntu SRU process, e.g., each patch has to
       demonstrably fix a bug, and each patch is vetted by upstream
       by originating either directly from a mainline/stable Linux tree or
       a minimally backported form of that patch. The following upstream
       stable patches should be included in the Ubuntu kernel:

       upstream stable patchset 2019-07-17

            Ported from the following upstream stable releases:
                v4.14.83, v4.19.4,
                v4.14.84, v4.19.5,
                v4.14.85, v4.19.6,
                v4.14.86, v4.19.7

       from git://git.kernel.org/

flow_dissector: do not dissect l4 ports for fragments
ibmvnic: fix accelerated VLAN handling
ip_tunnel: don't force DF when MTU is locked
ipv6: Fix PMTU updates for UDP/raw sockets in presence of VRF
net-gro: reset skb->pkt_type in napi_reuse_skb()
sctp: not allow to set asoc prsctp_enable by sockopt
tg3: Add PHY reset for 5717/5719/5720 in change ring and flow control paths
tuntap: fix multiqueue rx
net: systemport: Protect stop from timeout
net: qualcomm: rmnet: Fix incorrect assignment of real_dev
net: dsa: microchip: initialize mutex before use
sctp: fix strchange_flags name for Stream Change Event
net: phy: mdio-gpio: Fix working over slow can_sleep GPIOs
sctp: not increase stream's incnt before sending addstrm_in request
mlxsw: spectrum: Fix IP2ME CPU policer configuration
net: smsc95xx: Fix MTU range
usbnet: smsc95xx: disable carrier check while suspending
inet: frags: better deal with smp races
ARM: dts: r8a7791: Correct critical CPU temperature
ARM: dts: r8a7793: Correct critical CPU temperature
net: bcmgenet: protect stop from timeout
tcp: Fix SOF_TIMESTAMPING_RX_HARDWARE to use the latest timestamp during TCP coalescing
tipc: don't assume linear buffer when reading ancillary data
tipc: fix link re-establish failure
net/mlx5e: Claim TC hw offloads support only under a proper build config
net/mlx5e: Adjust to max number of channles when re-attaching
net/mlx5e: Fix selftest for small MTUs
l2tp: fix a sock refcnt leak in l2tp_tunnel_register
net/mlx5e: IPoIB, Reset QP after channels are closed
net: dsa: mv88e6xxx: Fix clearing of stats counters
net: phy: realtek: fix RTL8201F sysfs name
sctp: define SCTP_SS_DEFAULT for Stream schedulers
rxrpc: Fix lockup due to no error backoff after ack transmit error
cifs: don't dereference smb_file_target before null check
cifs: fix return value for cifs_listxattr
arm64: kprobe: make page to RO mode when allocate it
ixgbe: fix MAC anti-spoofing filter after VFLR
reiserfs: propagate errors from fill_with_dentries() properly
hfs: prevent btree data loss on root split
hfsplus: prevent btree data loss on root split
um: Give start_idle_thread() a return code
drm/edid: Add 6 bpc quirk for BOE panel.
platform/x86: intel_telemetry: report debugfs failure
clk: fixed-rate: fix of_node_get-put imbalance
perf symbols: Set PLT entry/header sizes properly on Sparc
fs/exofs: fix potential memory leak in mount option parsing
clk: samsung: exynos5420: Enable PERIS clocks for suspend
apparmor: Fix uninitialized value in aa_split_fqname
x86/earlyprintk: Add a force option for pciserial device
platform/x86: acerhdf: Add BIOS entry for Gateway LT31 v1.3307
arm64: percpu: Initialize ret in the default case
s390/vdso: add missing FORCE to build targets
netfilter: ipset: list:set: Decrease refcount synchronously on deletion and replace
netfilter: ipset: actually allow allowable CIDR 0 in hash:net,port,net
s390/mm: Fix ERROR: "__node_distance" undefined!
netfilter: ipset: Correct rcu_dereference() call in ip_set_put_comment()
netfilter: xt_IDLETIMER: add sysfs filename checking routine
s390/qeth: fix HiperSockets sniffer
hwmon: (ibmpowernv) Remove bogus __init annotations
Revert "drm/exynos/decon5433: implement frame counter"
clk: fixed-factor: fix of_node_get-put imbalance
lib/raid6: Fix arm64 test build
s390/perf: Change CPUM_CF return code in event init function
sched/core: Take the hotplug lock in sched_init_smp()
i40e: restore NETIF_F_GSO_IPXIP[46] to netdev features
qed: Fix memory/entry leak in qed_init_sp_request()
qed: Fix blocking/unlimited SPQ entries leak
qed: Fix potential memory corruption
net: stmmac: Fix RX packet size > 8191
SUNRPC: drop pointless static qualifier in xdr_get_next_encode_buffer()
ACPI / watchdog: Prefer iTCO_wdt always when WDAT table uses RTC SRAM
perf machine: Add machine__is() to identify machine arch
perf tools: Fix kernel_start for PTI on x86
perf machine: Add nr_cpus_avail()
perf machine: Workaround missing maps for x86 PTI entry trampolines
perf test code-reading: Fix perf_env setup for PTI entry trampolines
media: v4l: event: Add subscription to list before calling "add" operation
MIPS: OCTEON: cavium_octeon_defconfig: re-enable OCTEON USB driver
uio: Fix an Oops on load
usb: cdc-acm: add entry for Hiro (Conexant) modem
usb: quirks: Add delay-init quirk for Corsair K70 LUX RGB
misc: atmel-ssc: Fix section annotation on atmel_ssc_get_driver_data
USB: misc: appledisplay: add 20" Apple Cinema Display
ACPI / platform: Add SMB0001 HID to forbidden_id_list
HID: uhid: forbid UHID_CREATE under KERNEL_DS or elevated privileges
libceph: fall back to sendmsg for slab pages
drm/i915: Replace some PAGE_SIZE with I915_GTT_PAGE_SIZE
perf unwind: Take pgoff into account when reporting elf to libdwfl
netfilter: bridge: define INT_MIN & INT_MAX in userspace
s390/decompressor: add missing FORCE to build targets
Revert "HID: add NOGET quirk for Eaton Ellipse MAX UPS"
HID: alps: allow incoming reports when only the trackstick is opened
s390/mm: fix mis-accounting of pgtable_bytes
drm/amd/display: Stop leaking planes
drm/amd/amdgpu/dm: Fix dm_dp_create_fake_mst_encoder()
ceph: quota: fix null pointer dereference in quota check
nvme: make sure ns head inherits underlying device limits
i2c: omap: Enable for ARCH_K3
net: aquantia: fix potential IOMMU fault after driver unbind
net: aquantia: fixed enable unicast on 32 macvlan
net: aquantia: invalid checksumm offload implementation
mtd: rawnand: atmel: fix OF child-node lookup
efi/libstub: arm: support building with clang
ARM: 8766/1: drop no-thumb-interwork in EABI mode
ARM: 8767/1: add support for building ARM kernel with clang
bus: arm-cci: remove unnecessary unreachable()
ARM: trusted_foundations: do not use naked function
usb: core: Fix hub port connection events lost
usb: dwc3: gadget: fix ISOC TRB type on unaligned transfers
usb: dwc3: gadget: Properly check last unaligned/zero chain TRB
usb: dwc3: core: Clean up ULPI device
xhci: Add check for invalid byte size error when UAS devices are connected.
ALSA: oss: Use kvzalloc() for local buffer allocations
MAINTAINERS: Add Sasha as a stable branch maintainer
mmc: sdhci-pci: Try "cd" for card-detect lookup before using NULL
gpio: don't free unallocated ida on gpiochip_add_data_with_key() error path
iwlwifi: mvm: support sta_statistics() even on older firmware
iwlwifi: mvm: fix regulatory domain update when the firmware starts
iwlwifi: mvm: don't use SAR Geo if basic SAR is not used
brcmfmac: fix reporting support for 160 MHz channels
tools/power/cpupower: fix compilation with STATIC=true
v9fs_dir_readdir: fix double-free on p9stat_read error
selinux: Add __GFP_NOWARN to allocation at str_read()
Input: synaptics - avoid using uninitialized variable when probing
bfs: add sanity check at bfs_fill_super()
sctp: clear the transport of some out_chunk_list chunks in sctp_assoc_rm_peer
gfs2: Don't leave s_fs_info pointing to freed memory in init_sbd
llc: do not use sk_eat_skb()
mm: don't warn about large allocations for slab
mm/memory.c: recheck page table entry with page table lock held
IB/core: Perform modify QP on real one
usb: xhci: Prevent bus suspend if a port connect change or polling state is detected
drm/ast: change resolution may cause screen blurred
drm/ast: fixed cursor may disappear sometimes
can: dev: can_get_echo_skb(): factor out non sending code to __can_get_echo_skb()
can: dev: __can_get_echo_skb(): replace struct can_frame by canfd_frame to access frame length
can: dev: __can_get_echo_skb(): Don't crash the kernel if can_priv::echo_skb is accessed out of bounds
can: dev: __can_get_echo_skb(): print error message, if trying to echo non existing skb
can: rx-offload: introduce can_rx_offload_get_echo_skb() and can_rx_offload_queue_sorted() functions
can: rx-offload: rename can_rx_offload_irq_queue_err_skb() to can_rx_offload_queue_tail()
can: raw: check for CAN FD capable netdev in raw_sendmsg()
can: hi311x: Use level-triggered interrupt
IB/hfi1: Eliminate races in the SDMA send error path
pinctrl: meson: fix pinconf bias disable
KVM: PPC: Move and undef TRACE_INCLUDE_PATH/FILE
cpufreq: imx6q: add return value check for voltage scale
rtc: pcf2127: fix a kmemleak caused in pcf2127_i2c_gather_write
crypto: simd - correctly take reqsize of wrapped skcipher into account
floppy: fix race condition in __floppy_read_block_0()
powerpc/io: Fix the IO workarounds code to work with Radix
perf/x86/intel/uncore: Add more IMC PCI IDs for KabyLake and CoffeeLake CPUs
SUNRPC: Fix a bogus get/put in generic_key_to_expire()
kdb: Use strscpy with destination buffer size
powerpc/numa: Suppress "VPHN is not supported" messages
tmpfs: make lseek(SEEK_DATA/SEK_HOLE) return ENXIO with a negative offset
mm, page_alloc: check for max order in hot path
arm64: remove no-op -p linker flag
ubi: fastmap: Check each mapping only once
Input: xpad - add PDP device id 0x02a4
Input: xpad - fix some coding style issues
Input: xpad - avoid using __set_bit() for capabilities
Input: xpad - add support for Xbox1 PDP Camo series gamepad
iwlwifi: fix wrong WGDS_WIFI_DATA_SIZE
kbuild: allow to use GCC toolchain not in Clang search path
PCI: endpoint: Populate func_no before calling pci_epc_add_epf()
i40iw: Fix memory leak in error path of create QP
clk: samsung: exynos5250: Add missing clocks for FIMC LITE SYSMMU devices
ARM: dts: exynos: Fix invalid node referenced by i2c20 alias in Peach Pit and Pi
include/linux/pfn_t.h: force '~' to be parsed as an unary operator
tty: wipe buffer.
tty: wipe buffer if not echoing data
namei: allow restricted O_CREAT of FIFOs and regular files
lan78xx: Read MAC address from DT if present
s390/mm: Check for valid vma before zapping in gmap_discard
rcu: Make need_resched() respond to urgent RCU-QS needs
net: ieee802154: 6lowpan: fix frag reassembly
EVM: Add support for portable signature format
ima: re-introduce own integrity cache lock
ima: re-initialize iint->atomic_flags
xhci: Fix leaking USB3 shared_hcd at xhci removal
Documentation/security-bugs: Clarify treatment of embargoed information
Documentation/security-bugs: Postpone fix publication in exceptional cases
ACPICA: AML interpreter: add region addresses in global list during initialization
fsnotify: generalize handling of extra event flags
pinctrl: meson: fix gxbb ao pull register bits
pinctrl: meson: fix gxl ao pull register bits
pinctrl: meson: fix meson8 ao pull register bits
pinctrl: meson: fix meson8b ao pull register bits
riscv: add missing vdso_install target
media: ov5640: fix wrong binning value in exposure calculation
media: ov5640: fix auto controls values when switching to manual mode
mm/huge_memory: rename freeze_page() to unmap_page()
mm/huge_memory.c: reorder operations in __split_huge_page_tail()
mm/huge_memory: splitting set mapping+index before unfreeze
mm/huge_memory: fix lockdep complaint on 32-bit i_size_read()
mm/khugepaged: collapse_shmem() stop if punched or truncated
mm/khugepaged: fix crashes due to misaccounted holes
mm/khugepaged: collapse_shmem() remember to clear holes
mm/khugepaged: minor reorderings in collapse_shmem()
mm/khugepaged: collapse_shmem() without freezing new_page
mm/khugepaged: collapse_shmem() do not crash on Compound
media: em28xx: Fix use-after-free when disconnecting
ubi: Initialize Fastmap checkmapping correctly
libceph: store ceph_auth_handshake pointer in ceph_connection
libceph: factor out __prepare_write_connect()
libceph: factor out __ceph_x_decrypt()
libceph: factor out encrypt_authorizer()
libceph: add authorizer challenge
libceph: implement CEPHX_V2 calculation mode
net/tls: Fixed return value when tls_complete_pending_work() fails
wil6210: missing length check in wmi_set_ie
btrfs: validate type when reading a chunk
btrfs: Verify that every chunk has corresponding block group at mount time
btrfs: tree-checker: Add checker for dir item
btrfs: tree-checker: use %zu format string for size_t
btrfs: tree-check: reduce stack consumption in check_dir_item
btrfs: tree-checker: Verify block_group_item
btrfs: tree-checker: Detect invalid and empty essential trees
btrfs: Check that each block group has corresponding chunk at mount time
btrfs: tree-checker: Check level for leaves and nodes
btrfs: tree-checker: Fix misleading group system information
f2fs: check blkaddr more accuratly before issue a bio
f2fs: enhance sanity_check_raw_super() to avoid potential overflow
f2fs: clean up with is_valid_blkaddr()
f2fs: introduce and spread verify_blkaddr
f2fs: fix to do sanity check with secs_per_zone
f2fs: fix to do sanity check with user_block_count
f2fs: fix to do sanity check with node footer and iblocks
f2fs: fix to do sanity check with block address in main area
f2fs: fix to do sanity check with i_extra_isize
f2fs: fix to do sanity check with cp_pack_start_sum
net: skb_scrub_packet(): Scrub offload_fwd_mark
net: thunderx: set xdp_prog to NULL if bpf_prog_add fails
virtio-net: disable guest csum during XDP set
virtio-net: fail XDP set if guest csum is negotiated
net: thunderx: set tso_hdrs pointer to NULL in nicvf_free_snd_queue
packet: copy user buffers before orphan or clone
rapidio/rionet: do not free skb before reading its length
usbnet: ipheth: fix potential recvmsg bug and recvmsg bug 2
kvm: mmu: Fix race in emulated page table writes
KVM: x86: Fix kernel info-leak in KVM_HC_CLOCK_PAIRING hypercall
xtensa: enable coprocessors that are being flushed
xtensa: fix coprocessor context offset definitions
xtensa: fix coprocessor part of ptrace_{get,set}xregs
Btrfs: ensure path name is null terminated at btrfs_control_ioctl
btrfs: relocation: set trans to be NULL after ending transaction
PCI: layerscape: Fix wrong invocation of outbound window disable accessor
arm64: dts: rockchip: Fix PCIe reset polarity for rk3399-puma-haikou.
x86/fpu: Disable bottom halves while loading FPU registers
perf/x86/intel: Move branch tracing setup to the Intel-specific source file
perf/x86/intel: Add generic branch tracing check to intel_pmu_has_bts()
fs: fix lost error code in dio_complete
ALSA: wss: Fix invalid snd_free_pages() at error path
ALSA: ac97: Fix incorrect bit shift at AC97-SPSA control write
ALSA: control: Fix race between adding and removing a user element
ALSA: sparc: Fix invalid snd_free_pages() at error path
ALSA: hda/realtek - Support ALC300
ALSA: hda/realtek - fix headset mic detection for MSI MS-B171
ext2: fix potential use after free
ARM: dts: rockchip: Remove @0 from the veyron memory node
dmaengine: at_hdmac: fix memory leak in at_dma_xlate()
dmaengine: at_hdmac: fix module unloading
staging: vchiq_arm: fix compat VCHIQ_IOC_AWAIT_COMPLETION
staging: rtl8723bs: Add missing return for cfg80211_rtw_get_station
USB: usb-storage: Add new IDs to ums-realtek
usb: core: quirks: add RESET_RESUME quirk for Cherry G230 Stream series
Revert "usb: dwc3: gadget: skip Set/Clear Halt when invalid"
iio:st_magn: Fix enable device after trigger
lib/test_kmod.c: fix rmmod double free
mm: use swp_offset as key in shmem_replace_page()
misc: mic/scif: fix copy-paste error in scif_create_remote_lookup
binder: fix race that allows malicious free of live buffer
libceph: weaken sizeof check in ceph_x_verify_authorizer_reply()
libceph: check authorizer reply/challenge length before reading
f2fs: fix missing up_read
net: don't keep lonely packets forever in the gro hash
net: phy: add workaround for issue where PHY driver doesn't bind to the device
KVM: nVMX/nSVM: Fix bug which sets vcpu->arch.tsc_offset to L1 tsc_offset
udf: Allow mounting volumes with incorrect identification strings
btrfs: Always try all copies when reading extent buffers
Btrfs: fix rare chances for data loss when doing a fast fsync
Btrfs: fix race between enabling quotas and subvolume creation
perf/x86/intel: Disallow precise_ip on BTS events
ALSA: hda: Add ASRock H81M-HDS to the power_save blacklist
ALSA: hda: Add ASRock N68C-S UCC the power_save blacklist
function_graph: Create function_graph_enter() to consolidate architecture code
ARM: function_graph: Simplify with function_graph_enter()
microblaze: function_graph: Simplify with function_graph_enter()
x86/function_graph: Simplify with function_graph_enter()
powerpc/function_graph: Simplify with function_graph_enter()
sh/function_graph: Simplify with function_graph_enter()
sparc/function_graph: Simplify with function_graph_enter()
parisc: function_graph: Simplify with function_graph_enter()
s390/function_graph: Simplify with function_graph_enter()
arm64: function_graph: Simplify with function_graph_enter()
MIPS: function_graph: Simplify with function_graph_enter()
function_graph: Make ftrace_push_return_trace() static
function_graph: Use new curr_ret_depth to manage depth instead of curr_ret_stack
function_graph: Have profiler use curr_ret_stack and not depth
function_graph: Move return callback before update of curr_ret_stack
function_graph: Reverse the order of pushing the ret_stack and the callback
ext2: initialize opts.s_mount_opt as zero before using it
ASoC: intel: cht_bsw_max98090_ti: Add quirk for boards using pmc_plt_clk_0
staging: most: use format specifier "%s" in snprintf
iio/hid-sensors: Fix IIO_CHAN_INFO_RAW returning wrong values for signed numbers
mm: cleancache: fix corruption on missed inode invalidation

Changed in linux (Ubuntu):
status: New → Confirmed
tags: added: kernel-stable-tracking-bug
description: updated
description: updated
Changed in linux (Ubuntu Bionic):
status: New → In Progress
assignee: nobody → Kamal Mostafa (kamalmostafa)
Changed in linux (Ubuntu Bionic):
status: In Progress → Fix Committed
Launchpad Janitor (janitor) wrote :
Download full text (171.3 KiB)

This bug was fixed in the package linux - 4.15.0-58.64

---------------
linux (4.15.0-58.64) bionic; urgency=medium

  * unable to handle kernel NULL pointer dereference at 000000000000002c (IP:
    iget5_locked+0x9e/0x1f0) (LP: #1838982)
    - Revert "ovl: set I_CREATING on inode being created"
    - Revert "new primitive: discard_new_inode()"

linux (4.15.0-57.63) bionic; urgency=medium

  * CVE-2019-1125
    - x86/cpufeatures: Carve out CQM features retrieval
    - x86/cpufeatures: Combine word 11 and 12 into a new scattered features word
    - x86/speculation: Prepare entry code for Spectre v1 swapgs mitigations
    - x86/speculation: Enable Spectre v1 swapgs mitigations
    - x86/entry/64: Use JMP instead of JMPQ
    - x86/speculation/swapgs: Exclude ATOMs from speculation through SWAPGS

  * Packaging resync (LP: #1786013)
    - update dkms package versions

linux (4.15.0-56.62) bionic; urgency=medium

  * bionic/linux: 4.15.0-56.62 -proposed tracker (LP: #1837626)

  * Packaging resync (LP: #1786013)
    - [Packaging] resync git-ubuntu-log
    - [Packaging] update helper scripts

  * CVE-2019-2101
    - media: uvcvideo: Fix 'type' check leading to overflow

  * hibmc-drm Causes Unreadable Display for Huawei amd64 Servers (LP: #1762940)
    - [Config] Set CONFIG_DRM_HISI_HIBMC to arm64 only
    - SAUCE: Make CONFIG_DRM_HISI_HIBMC depend on ARM64

  * Bionic: support for Solarflare X2542 network adapter (sfc driver)
    (LP: #1836635)
    - sfc: make mem_bar a function rather than a constant
    - sfc: support VI strides other than 8k
    - sfc: add Medford2 (SFC9250) PCI Device IDs
    - sfc: improve PTP error reporting
    - sfc: update EF10 register definitions
    - sfc: populate the timer reload field
    - sfc: update MCDI protocol headers
    - sfc: support variable number of MAC stats
    - sfc: expose FEC stats on Medford2
    - sfc: expose CTPIO stats on NICs that support them
    - sfc: basic MCDI mapping of 25/50/100G link speeds
    - sfc: support the ethtool ksettings API properly so that 25/50/100G works
    - sfc: add bits for 25/50/100G supported/advertised speeds
    - sfc: remove tx and MCDI handling from NAPI budget consideration
    - sfc: handle TX timestamps in the normal data path
    - sfc: add function to determine which TX timestamping method to use
    - sfc: use main datapath for HW timestamps if available
    - sfc: only enable TX timestamping if the adapter is licensed for it
    - sfc: MAC TX timestamp handling on the 8000 series
    - sfc: on 8000 series use TX queues for TX timestamps
    - sfc: only advertise TX timestamping if we have the license for it
    - sfc: simplify RX datapath timestamping
    - sfc: support separate PTP and general timestamping
    - sfc: support second + quarter ns time format for receive datapath
    - sfc: support Medford2 frequency adjustment format
    - sfc: add suffix to large constant in ptp
    - sfc: mark some unexported symbols as static
    - sfc: update MCDI protocol headers
    - sfc: support FEC configuration through ethtool
    - sfc: remove ctpio_dmabuf_start from stats
    - sfc: stop the TX queue before pushing new buffers

  * [18.04 FEAT] zKVM: Add hardwar...

Changed in linux (Ubuntu Bionic):
status: Fix Committed → Fix Released
Po-Hsu Lin (cypressyew) on 2019-10-03
Changed in linux (Ubuntu):
status: Confirmed → Invalid
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers