Bionic update: upstream stable patchset 2019-07-17

Bug #1836968 reported by Kamal Mostafa
This bug affects 1 person
Affects Status Importance Assigned to Milestone
linux (Ubuntu)
Fix Released
Kamal Mostafa

Bug Description

SRU Justification

       The upstream process for stable tree updates is quite similar
       in scope to the Ubuntu SRU process, e.g., each patch has to
       demonstrably fix a bug, and each patch is vetted by upstream
       by originating either directly from a mainline/stable Linux tree or
       a minimally backported form of that patch. The following upstream
       stable patches should be included in the Ubuntu kernel:

       upstream stable patchset 2019-07-17

            Ported from the following upstream stable releases:
                v4.14.83, v4.19.4,
                v4.14.84, v4.19.5,
                v4.14.85, v4.19.6,
                v4.14.86, v4.19.7

       from git://

flow_dissector: do not dissect l4 ports for fragments
ibmvnic: fix accelerated VLAN handling
ip_tunnel: don't force DF when MTU is locked
ipv6: Fix PMTU updates for UDP/raw sockets in presence of VRF
net-gro: reset skb->pkt_type in napi_reuse_skb()
sctp: not allow to set asoc prsctp_enable by sockopt
tg3: Add PHY reset for 5717/5719/5720 in change ring and flow control paths
tuntap: fix multiqueue rx
net: systemport: Protect stop from timeout
net: qualcomm: rmnet: Fix incorrect assignment of real_dev
net: dsa: microchip: initialize mutex before use
sctp: fix strchange_flags name for Stream Change Event
net: phy: mdio-gpio: Fix working over slow can_sleep GPIOs
sctp: not increase stream's incnt before sending addstrm_in request
mlxsw: spectrum: Fix IP2ME CPU policer configuration
net: smsc95xx: Fix MTU range
usbnet: smsc95xx: disable carrier check while suspending
inet: frags: better deal with smp races
ARM: dts: r8a7791: Correct critical CPU temperature
ARM: dts: r8a7793: Correct critical CPU temperature
net: bcmgenet: protect stop from timeout
tcp: Fix SOF_TIMESTAMPING_RX_HARDWARE to use the latest timestamp during TCP coalescing
tipc: don't assume linear buffer when reading ancillary data
tipc: fix link re-establish failure
net/mlx5e: Claim TC hw offloads support only under a proper build config
net/mlx5e: Adjust to max number of channles when re-attaching
net/mlx5e: Fix selftest for small MTUs
l2tp: fix a sock refcnt leak in l2tp_tunnel_register
net/mlx5e: IPoIB, Reset QP after channels are closed
net: dsa: mv88e6xxx: Fix clearing of stats counters
net: phy: realtek: fix RTL8201F sysfs name
sctp: define SCTP_SS_DEFAULT for Stream schedulers
rxrpc: Fix lockup due to no error backoff after ack transmit error
cifs: don't dereference smb_file_target before null check
cifs: fix return value for cifs_listxattr
arm64: kprobe: make page to RO mode when allocate it
ixgbe: fix MAC anti-spoofing filter after VFLR
reiserfs: propagate errors from fill_with_dentries() properly
hfs: prevent btree data loss on root split
hfsplus: prevent btree data loss on root split
um: Give start_idle_thread() a return code
drm/edid: Add 6 bpc quirk for BOE panel.
platform/x86: intel_telemetry: report debugfs failure
clk: fixed-rate: fix of_node_get-put imbalance
perf symbols: Set PLT entry/header sizes properly on Sparc
fs/exofs: fix potential memory leak in mount option parsing
clk: samsung: exynos5420: Enable PERIS clocks for suspend
apparmor: Fix uninitialized value in aa_split_fqname
x86/earlyprintk: Add a force option for pciserial device
platform/x86: acerhdf: Add BIOS entry for Gateway LT31 v1.3307
arm64: percpu: Initialize ret in the default case
s390/vdso: add missing FORCE to build targets
netfilter: ipset: list:set: Decrease refcount synchronously on deletion and replace
netfilter: ipset: actually allow allowable CIDR 0 in hash:net,port,net
s390/mm: Fix ERROR: "__node_distance" undefined!
netfilter: ipset: Correct rcu_dereference() call in ip_set_put_comment()
netfilter: xt_IDLETIMER: add sysfs filename checking routine
s390/qeth: fix HiperSockets sniffer
hwmon: (ibmpowernv) Remove bogus __init annotations
Revert "drm/exynos/decon5433: implement frame counter"
clk: fixed-factor: fix of_node_get-put imbalance
lib/raid6: Fix arm64 test build
s390/perf: Change CPUM_CF return code in event init function
sched/core: Take the hotplug lock in sched_init_smp()
i40e: restore NETIF_F_GSO_IPXIP[46] to netdev features
qed: Fix memory/entry leak in qed_init_sp_request()
qed: Fix blocking/unlimited SPQ entries leak
qed: Fix potential memory corruption
net: stmmac: Fix RX packet size > 8191
SUNRPC: drop pointless static qualifier in xdr_get_next_encode_buffer()
ACPI / watchdog: Prefer iTCO_wdt always when WDAT table uses RTC SRAM
perf machine: Add machine__is() to identify machine arch
perf tools: Fix kernel_start for PTI on x86
perf machine: Add nr_cpus_avail()
perf machine: Workaround missing maps for x86 PTI entry trampolines
perf test code-reading: Fix perf_env setup for PTI entry trampolines
media: v4l: event: Add subscription to list before calling "add" operation
MIPS: OCTEON: cavium_octeon_defconfig: re-enable OCTEON USB driver
uio: Fix an Oops on load
usb: cdc-acm: add entry for Hiro (Conexant) modem
usb: quirks: Add delay-init quirk for Corsair K70 LUX RGB
misc: atmel-ssc: Fix section annotation on atmel_ssc_get_driver_data
USB: misc: appledisplay: add 20" Apple Cinema Display
ACPI / platform: Add SMB0001 HID to forbidden_id_list
HID: uhid: forbid UHID_CREATE under KERNEL_DS or elevated privileges
libceph: fall back to sendmsg for slab pages
drm/i915: Replace some PAGE_SIZE with I915_GTT_PAGE_SIZE
perf unwind: Take pgoff into account when reporting elf to libdwfl
netfilter: bridge: define INT_MIN & INT_MAX in userspace
s390/decompressor: add missing FORCE to build targets
Revert "HID: add NOGET quirk for Eaton Ellipse MAX UPS"
HID: alps: allow incoming reports when only the trackstick is opened
s390/mm: fix mis-accounting of pgtable_bytes
drm/amd/display: Stop leaking planes
drm/amd/amdgpu/dm: Fix dm_dp_create_fake_mst_encoder()
ceph: quota: fix null pointer dereference in quota check
nvme: make sure ns head inherits underlying device limits
i2c: omap: Enable for ARCH_K3
net: aquantia: fix potential IOMMU fault after driver unbind
net: aquantia: fixed enable unicast on 32 macvlan
net: aquantia: invalid checksumm offload implementation
mtd: rawnand: atmel: fix OF child-node lookup
efi/libstub: arm: support building with clang
ARM: 8766/1: drop no-thumb-interwork in EABI mode
ARM: 8767/1: add support for building ARM kernel with clang
bus: arm-cci: remove unnecessary unreachable()
ARM: trusted_foundations: do not use naked function
usb: core: Fix hub port connection events lost
usb: dwc3: gadget: fix ISOC TRB type on unaligned transfers
usb: dwc3: gadget: Properly check last unaligned/zero chain TRB
usb: dwc3: core: Clean up ULPI device
xhci: Add check for invalid byte size error when UAS devices are connected.
ALSA: oss: Use kvzalloc() for local buffer allocations
MAINTAINERS: Add Sasha as a stable branch maintainer
mmc: sdhci-pci: Try "cd" for card-detect lookup before using NULL
gpio: don't free unallocated ida on gpiochip_add_data_with_key() error path
iwlwifi: mvm: support sta_statistics() even on older firmware
iwlwifi: mvm: fix regulatory domain update when the firmware starts
iwlwifi: mvm: don't use SAR Geo if basic SAR is not used
brcmfmac: fix reporting support for 160 MHz channels
tools/power/cpupower: fix compilation with STATIC=true
v9fs_dir_readdir: fix double-free on p9stat_read error
selinux: Add __GFP_NOWARN to allocation at str_read()
Input: synaptics - avoid using uninitialized variable when probing
bfs: add sanity check at bfs_fill_super()
sctp: clear the transport of some out_chunk_list chunks in sctp_assoc_rm_peer
gfs2: Don't leave s_fs_info pointing to freed memory in init_sbd
llc: do not use sk_eat_skb()
mm: don't warn about large allocations for slab
mm/memory.c: recheck page table entry with page table lock held
IB/core: Perform modify QP on real one
usb: xhci: Prevent bus suspend if a port connect change or polling state is detected
drm/ast: change resolution may cause screen blurred
drm/ast: fixed cursor may disappear sometimes
can: dev: can_get_echo_skb(): factor out non sending code to __can_get_echo_skb()
can: dev: __can_get_echo_skb(): replace struct can_frame by canfd_frame to access frame length
can: dev: __can_get_echo_skb(): Don't crash the kernel if can_priv::echo_skb is accessed out of bounds
can: dev: __can_get_echo_skb(): print error message, if trying to echo non existing skb
can: rx-offload: introduce can_rx_offload_get_echo_skb() and can_rx_offload_queue_sorted() functions
can: rx-offload: rename can_rx_offload_irq_queue_err_skb() to can_rx_offload_queue_tail()
can: raw: check for CAN FD capable netdev in raw_sendmsg()
can: hi311x: Use level-triggered interrupt
IB/hfi1: Eliminate races in the SDMA send error path
pinctrl: meson: fix pinconf bias disable
cpufreq: imx6q: add return value check for voltage scale
rtc: pcf2127: fix a kmemleak caused in pcf2127_i2c_gather_write
crypto: simd - correctly take reqsize of wrapped skcipher into account
floppy: fix race condition in __floppy_read_block_0()
powerpc/io: Fix the IO workarounds code to work with Radix
perf/x86/intel/uncore: Add more IMC PCI IDs for KabyLake and CoffeeLake CPUs
SUNRPC: Fix a bogus get/put in generic_key_to_expire()
kdb: Use strscpy with destination buffer size
powerpc/numa: Suppress "VPHN is not supported" messages
tmpfs: make lseek(SEEK_DATA/SEK_HOLE) return ENXIO with a negative offset
mm, page_alloc: check for max order in hot path
arm64: remove no-op -p linker flag
ubi: fastmap: Check each mapping only once
Input: xpad - add PDP device id 0x02a4
Input: xpad - fix some coding style issues
Input: xpad - avoid using __set_bit() for capabilities
Input: xpad - add support for Xbox1 PDP Camo series gamepad
iwlwifi: fix wrong WGDS_WIFI_DATA_SIZE
kbuild: allow to use GCC toolchain not in Clang search path
PCI: endpoint: Populate func_no before calling pci_epc_add_epf()
i40iw: Fix memory leak in error path of create QP
clk: samsung: exynos5250: Add missing clocks for FIMC LITE SYSMMU devices
ARM: dts: exynos: Fix invalid node referenced by i2c20 alias in Peach Pit and Pi
include/linux/pfn_t.h: force '~' to be parsed as an unary operator
tty: wipe buffer.
tty: wipe buffer if not echoing data
namei: allow restricted O_CREAT of FIFOs and regular files
lan78xx: Read MAC address from DT if present
s390/mm: Check for valid vma before zapping in gmap_discard
rcu: Make need_resched() respond to urgent RCU-QS needs
net: ieee802154: 6lowpan: fix frag reassembly
EVM: Add support for portable signature format
ima: re-introduce own integrity cache lock
ima: re-initialize iint->atomic_flags
xhci: Fix leaking USB3 shared_hcd at xhci removal
Documentation/security-bugs: Clarify treatment of embargoed information
Documentation/security-bugs: Postpone fix publication in exceptional cases
ACPICA: AML interpreter: add region addresses in global list during initialization
fsnotify: generalize handling of extra event flags
pinctrl: meson: fix gxbb ao pull register bits
pinctrl: meson: fix gxl ao pull register bits
pinctrl: meson: fix meson8 ao pull register bits
pinctrl: meson: fix meson8b ao pull register bits
riscv: add missing vdso_install target
media: ov5640: fix wrong binning value in exposure calculation
media: ov5640: fix auto controls values when switching to manual mode
mm/huge_memory: rename freeze_page() to unmap_page()
mm/huge_memory.c: reorder operations in __split_huge_page_tail()
mm/huge_memory: splitting set mapping+index before unfreeze
mm/huge_memory: fix lockdep complaint on 32-bit i_size_read()
mm/khugepaged: collapse_shmem() stop if punched or truncated
mm/khugepaged: fix crashes due to misaccounted holes
mm/khugepaged: collapse_shmem() remember to clear holes
mm/khugepaged: minor reorderings in collapse_shmem()
mm/khugepaged: collapse_shmem() without freezing new_page
mm/khugepaged: collapse_shmem() do not crash on Compound
media: em28xx: Fix use-after-free when disconnecting
ubi: Initialize Fastmap checkmapping correctly
libceph: store ceph_auth_handshake pointer in ceph_connection
libceph: factor out __prepare_write_connect()
libceph: factor out __ceph_x_decrypt()
libceph: factor out encrypt_authorizer()
libceph: add authorizer challenge
libceph: implement CEPHX_V2 calculation mode
net/tls: Fixed return value when tls_complete_pending_work() fails
wil6210: missing length check in wmi_set_ie
btrfs: validate type when reading a chunk
btrfs: Verify that every chunk has corresponding block group at mount time
btrfs: tree-checker: Add checker for dir item
btrfs: tree-checker: use %zu format string for size_t
btrfs: tree-check: reduce stack consumption in check_dir_item
btrfs: tree-checker: Verify block_group_item
btrfs: tree-checker: Detect invalid and empty essential trees
btrfs: Check that each block group has corresponding chunk at mount time
btrfs: tree-checker: Check level for leaves and nodes
btrfs: tree-checker: Fix misleading group system information
f2fs: check blkaddr more accuratly before issue a bio
f2fs: enhance sanity_check_raw_super() to avoid potential overflow
f2fs: clean up with is_valid_blkaddr()
f2fs: introduce and spread verify_blkaddr
f2fs: fix to do sanity check with secs_per_zone
f2fs: fix to do sanity check with user_block_count
f2fs: fix to do sanity check with node footer and iblocks
f2fs: fix to do sanity check with block address in main area
f2fs: fix to do sanity check with i_extra_isize
f2fs: fix to do sanity check with cp_pack_start_sum
net: skb_scrub_packet(): Scrub offload_fwd_mark
net: thunderx: set xdp_prog to NULL if bpf_prog_add fails
virtio-net: disable guest csum during XDP set
virtio-net: fail XDP set if guest csum is negotiated
net: thunderx: set tso_hdrs pointer to NULL in nicvf_free_snd_queue
packet: copy user buffers before orphan or clone
rapidio/rionet: do not free skb before reading its length
usbnet: ipheth: fix potential recvmsg bug and recvmsg bug 2
kvm: mmu: Fix race in emulated page table writes
KVM: x86: Fix kernel info-leak in KVM_HC_CLOCK_PAIRING hypercall
xtensa: enable coprocessors that are being flushed
xtensa: fix coprocessor context offset definitions
xtensa: fix coprocessor part of ptrace_{get,set}xregs
Btrfs: ensure path name is null terminated at btrfs_control_ioctl
btrfs: relocation: set trans to be NULL after ending transaction
PCI: layerscape: Fix wrong invocation of outbound window disable accessor
arm64: dts: rockchip: Fix PCIe reset polarity for rk3399-puma-haikou.
x86/fpu: Disable bottom halves while loading FPU registers
perf/x86/intel: Move branch tracing setup to the Intel-specific source file
perf/x86/intel: Add generic branch tracing check to intel_pmu_has_bts()
fs: fix lost error code in dio_complete
ALSA: wss: Fix invalid snd_free_pages() at error path
ALSA: ac97: Fix incorrect bit shift at AC97-SPSA control write
ALSA: control: Fix race between adding and removing a user element
ALSA: sparc: Fix invalid snd_free_pages() at error path
ALSA: hda/realtek - Support ALC300
ALSA: hda/realtek - fix headset mic detection for MSI MS-B171
ext2: fix potential use after free
ARM: dts: rockchip: Remove @0 from the veyron memory node
dmaengine: at_hdmac: fix memory leak in at_dma_xlate()
dmaengine: at_hdmac: fix module unloading
staging: vchiq_arm: fix compat VCHIQ_IOC_AWAIT_COMPLETION
staging: rtl8723bs: Add missing return for cfg80211_rtw_get_station
USB: usb-storage: Add new IDs to ums-realtek
usb: core: quirks: add RESET_RESUME quirk for Cherry G230 Stream series
Revert "usb: dwc3: gadget: skip Set/Clear Halt when invalid"
iio:st_magn: Fix enable device after trigger
lib/test_kmod.c: fix rmmod double free
mm: use swp_offset as key in shmem_replace_page()
misc: mic/scif: fix copy-paste error in scif_create_remote_lookup
binder: fix race that allows malicious free of live buffer
libceph: weaken sizeof check in ceph_x_verify_authorizer_reply()
libceph: check authorizer reply/challenge length before reading
f2fs: fix missing up_read
net: don't keep lonely packets forever in the gro hash
net: phy: add workaround for issue where PHY driver doesn't bind to the device
KVM: nVMX/nSVM: Fix bug which sets vcpu->arch.tsc_offset to L1 tsc_offset
udf: Allow mounting volumes with incorrect identification strings
btrfs: Always try all copies when reading extent buffers
Btrfs: fix rare chances for data loss when doing a fast fsync
Btrfs: fix race between enabling quotas and subvolume creation
perf/x86/intel: Disallow precise_ip on BTS events
ALSA: hda: Add ASRock H81M-HDS to the power_save blacklist
ALSA: hda: Add ASRock N68C-S UCC the power_save blacklist
function_graph: Create function_graph_enter() to consolidate architecture code
ARM: function_graph: Simplify with function_graph_enter()
microblaze: function_graph: Simplify with function_graph_enter()
x86/function_graph: Simplify with function_graph_enter()
powerpc/function_graph: Simplify with function_graph_enter()
sh/function_graph: Simplify with function_graph_enter()
sparc/function_graph: Simplify with function_graph_enter()
parisc: function_graph: Simplify with function_graph_enter()
s390/function_graph: Simplify with function_graph_enter()
arm64: function_graph: Simplify with function_graph_enter()
MIPS: function_graph: Simplify with function_graph_enter()
function_graph: Make ftrace_push_return_trace() static
function_graph: Use new curr_ret_depth to manage depth instead of curr_ret_stack
function_graph: Have profiler use curr_ret_stack and not depth
function_graph: Move return callback before update of curr_ret_stack
function_graph: Reverse the order of pushing the ret_stack and the callback
ext2: initialize opts.s_mount_opt as zero before using it
ASoC: intel: cht_bsw_max98090_ti: Add quirk for boards using pmc_plt_clk_0
staging: most: use format specifier "%s" in snprintf
iio/hid-sensors: Fix IIO_CHAN_INFO_RAW returning wrong values for signed numbers
mm: cleancache: fix corruption on missed inode invalidation

Changed in linux (Ubuntu):
status: New → Confirmed
tags: added: kernel-stable-tracking-bug
description: updated
description: updated
Changed in linux (Ubuntu Bionic):
status: New → In Progress
assignee: nobody → Kamal Mostafa (kamalmostafa)
Changed in linux (Ubuntu Bionic):
status: In Progress → Fix Committed
Revision history for this message
Launchpad Janitor (janitor) wrote :
Download full text (171.3 KiB)

This bug was fixed in the package linux - 4.15.0-58.64

linux (4.15.0-58.64) bionic; urgency=medium

  * unable to handle kernel NULL pointer dereference at 000000000000002c (IP:
    iget5_locked+0x9e/0x1f0) (LP: #1838982)
    - Revert "ovl: set I_CREATING on inode being created"
    - Revert "new primitive: discard_new_inode()"

linux (4.15.0-57.63) bionic; urgency=medium

  * CVE-2019-1125
    - x86/cpufeatures: Carve out CQM features retrieval
    - x86/cpufeatures: Combine word 11 and 12 into a new scattered features word
    - x86/speculation: Prepare entry code for Spectre v1 swapgs mitigations
    - x86/speculation: Enable Spectre v1 swapgs mitigations
    - x86/entry/64: Use JMP instead of JMPQ
    - x86/speculation/swapgs: Exclude ATOMs from speculation through SWAPGS

  * Packaging resync (LP: #1786013)
    - update dkms package versions

linux (4.15.0-56.62) bionic; urgency=medium

  * bionic/linux: 4.15.0-56.62 -proposed tracker (LP: #1837626)

  * Packaging resync (LP: #1786013)
    - [Packaging] resync git-ubuntu-log
    - [Packaging] update helper scripts

  * CVE-2019-2101
    - media: uvcvideo: Fix 'type' check leading to overflow

  * hibmc-drm Causes Unreadable Display for Huawei amd64 Servers (LP: #1762940)
    - [Config] Set CONFIG_DRM_HISI_HIBMC to arm64 only
    - SAUCE: Make CONFIG_DRM_HISI_HIBMC depend on ARM64

  * Bionic: support for Solarflare X2542 network adapter (sfc driver)
    (LP: #1836635)
    - sfc: make mem_bar a function rather than a constant
    - sfc: support VI strides other than 8k
    - sfc: add Medford2 (SFC9250) PCI Device IDs
    - sfc: improve PTP error reporting
    - sfc: update EF10 register definitions
    - sfc: populate the timer reload field
    - sfc: update MCDI protocol headers
    - sfc: support variable number of MAC stats
    - sfc: expose FEC stats on Medford2
    - sfc: expose CTPIO stats on NICs that support them
    - sfc: basic MCDI mapping of 25/50/100G link speeds
    - sfc: support the ethtool ksettings API properly so that 25/50/100G works
    - sfc: add bits for 25/50/100G supported/advertised speeds
    - sfc: remove tx and MCDI handling from NAPI budget consideration
    - sfc: handle TX timestamps in the normal data path
    - sfc: add function to determine which TX timestamping method to use
    - sfc: use main datapath for HW timestamps if available
    - sfc: only enable TX timestamping if the adapter is licensed for it
    - sfc: MAC TX timestamp handling on the 8000 series
    - sfc: on 8000 series use TX queues for TX timestamps
    - sfc: only advertise TX timestamping if we have the license for it
    - sfc: simplify RX datapath timestamping
    - sfc: support separate PTP and general timestamping
    - sfc: support second + quarter ns time format for receive datapath
    - sfc: support Medford2 frequency adjustment format
    - sfc: add suffix to large constant in ptp
    - sfc: mark some unexported symbols as static
    - sfc: update MCDI protocol headers
    - sfc: support FEC configuration through ethtool
    - sfc: remove ctpio_dmabuf_start from stats
    - sfc: stop the TX queue before pushing new buffers

  * [18.04 FEAT] zKVM: Add hardwar...

Changed in linux (Ubuntu Bionic):
status: Fix Committed → Fix Released
Po-Hsu Lin (cypressyew)
Changed in linux (Ubuntu):
status: Confirmed → Invalid
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers