Bionic update: upstream stable patchset 2019-07-19

Bug #1837257 reported by Kamal Mostafa on 2019-07-19
10
This bug affects 1 person
Affects Status Importance Assigned to Milestone
linux (Ubuntu)
Undecided
Unassigned
Bionic
Undecided
Kamal Mostafa

Bug Description

SRU Justification

    Impact:
       The upstream process for stable tree updates is quite similar
       in scope to the Ubuntu SRU process, e.g., each patch has to
       demonstrably fix a bug, and each patch is vetted by upstream
       by originating either directly from a mainline/stable Linux tree or
       a minimally backported form of that patch. The following upstream
       stable patches should be included in the Ubuntu kernel:

       upstream stable patchset 2019-07-19

            Ported from the following upstream stable releases:
                          v4.19.11,
                v4.14.90, v4.19.12,
                v4.14.91, v4.19.13,
                v4.14.92, v4.19.14

       from git://git.kernel.org/

pinctrl: sunxi: a83t: Fix IRQ offset typo for PH11
userfaultfd: check VM_MAYWRITE was set after verifying the uffd is registered
arm64: dma-mapping: Fix FORCE_CONTIGUOUS buffer clearing
MMC: OMAP: fix broken MMC on OMAP15XX/OMAP5910/OMAP310
mmc: sdhci: fix the timeout check window for clock and reset
ARM: mmp/mmp2: fix cpu_is_mmp2() on mmp2-dt
dm thin: send event about thin-pool state change _after_ making it
dm cache metadata: verify cache has blocks in blocks_are_clean_separate_dirty()
tracing: Fix memory leak in set_trigger_filter()
tracing: Fix memory leak of instance function hash filters
powerpc/msi: Fix NULL pointer access in teardown code
drm/nouveau/kms: Fix memory leak in nv50_mstm_del()
drm/i915/execlists: Apply a full mb before execution for Braswell
drm/amdgpu: update SMC firmware image for polaris10 variants
x86/build: Fix compiler support check for CONFIG_RETPOLINE
locking: Remove smp_read_barrier_depends() from queued_spin_lock_slowpath()
locking/qspinlock: Ensure node is initialised before updating prev->next
locking/qspinlock: Bound spinning on pending->locked transition in slowpath
locking/qspinlock: Merge 'struct __qspinlock' into 'struct qspinlock'
locking/qspinlock: Remove unbounded cmpxchg() loop from locking slowpath
locking/qspinlock: Remove duplicate clear_pending() function from PV code
locking/qspinlock: Kill cmpxchg() loop when claiming lock from head of queue
locking/qspinlock: Re-order code
locking/qspinlock/x86: Increase _Q_PENDING_LOOPS upper bound
locking/qspinlock, x86: Provide liveness guarantee
mac80211: don't WARN on bad WMM parameters from buggy APs
mac80211: Fix condition validating WMM IE
IB/hfi1: Remove race conditions in user_sdma send path
locking/qspinlock: Fix build for anonymous union in older GCC compilers
mac80211_hwsim: fix module init error paths for netlink
Input: hyper-v - fix wakeup from suspend-to-idle
scsi: libiscsi: Fix NULL pointer dereference in iscsi_eh_session_reset
scsi: vmw_pscsi: Rearrange code to avoid multiple calls to free_irq during unload
x86/earlyprintk/efi: Fix infinite loop on some screen widths
drm/msm: Grab a vblank reference when waiting for commit_done
ARC: io.h: Implement reads{x}()/writes{x}()
bonding: fix 802.3ad state sent to partner when unbinding slave
bpf: Fix verifier log string check for bad alignment.
nfs: don't dirty kernel pages read by direct-io
SUNRPC: Fix a potential race in xprt_connect()
sbus: char: add of_node_put()
drivers/sbus/char: add of_node_put()
drivers/tty: add missing of_node_put()
ide: pmac: add of_node_put()
drm/msm: Fix error return checking
clk: mvebu: Off by one bugs in cp110_of_clk_get()
clk: mmp: Off by one in mmp_clk_add()
Input: synaptics - enable SMBus for HP 15-ay000
Input: omap-keypad - fix keyboard debounce configuration
libata: whitelist all SAMSUNG MZ7KM* solid-state disks
mv88e6060: disable hardware level MAC learning
net/mlx4_en: Fix build break when CONFIG_INET is off
ARM: 8814/1: mm: improve/fix ARM v7_dma_inv_range() unaligned address handling
ARM: 8815/1: V7M: align v7m_dma_inv_range() with v7 counterpart
ethernet: fman: fix wrong of_node_put() in probe function
drm/ast: Fix connector leak during driver unload
vhost/vsock: fix reset orphans race with close timeout
mlxsw: spectrum_switchdev: Fix VLAN device deletion via ioctl
i2c: axxia: properly handle master timeout
i2c: scmi: Fix probe error on devices with an empty SMB0001 ACPI device node
i2c: uniphier: fix violation of tLOW requirement for Fast-mode
i2c: uniphier-f: fix violation of tLOW requirement for Fast-mode
nvmet-rdma: fix response use after free
rtc: snvs: Add timeouts to avoid kernel lockups
bpf, arm: fix emit_ldx_r and emit_mov_i using TMP_REG_1
scsi: raid_attrs: fix unused variable warning
staging: olpc_dcon: add a missing dependency
ARM: dts: qcom-apq8064-arrow-sd-600eval fix graph_endpoint warning
mmc: core: use mrq->sbc when sending CMD23 for RPMB
dm: call blk_queue_split() to impose device limits on bios
media: vb2: don't call __vb2_queue_cancel if vb2_start_streaming failed
powerpc: Look for "stdout-path" when setting up legacy consoles
dm zoned: Fix target BIO completion handling
block: fix infinite loop if the device loses discard capability
ASoC: sta32x: set ->component pointer in private struct
perf record: Synthesize features before events in pipe mode
USB: hso: Fix OOB memory access in hso_probe/hso_get_config_data
xhci: Don't prevent USB2 bus suspend in state check intended for USB3 only
USB: xhci: fix 'broken_suspend' placement in struct xchi_hcd
USB: serial: option: add GosunCn ZTE WeLink ME3630
USB: serial: option: add HP lt4132
USB: serial: option: add Simcom SIM7500/SIM7600 (MBIM mode)
USB: serial: option: add Fibocom NL668 series
USB: serial: option: add Telit LN940 series
scsi: sd: use mempool for discard special page
mmc: core: Reset HPI enabled state during re-init and in case of errors
mmc: core: Allow BKOPS and CACHE ctrl even if no HPI support
mmc: core: Use a minimum 1600ms timeout when enabling CACHE ctrl
mmc: omap_hsmmc: fix DMA API warning
gpio: max7301: fix driver for use with CONFIG_VMAP_STACK
gpiolib-acpi: Only defer request_irq for GpioInt ACPI event handlers
posix-timers: Fix division by zero bug
kvm: x86: Add AMD's EX_CFG to the list of ignored MSRs
Drivers: hv: vmbus: Return -EINVAL for the sys files for unopened channels
x86/mtrr: Don't copy uninitialized gentry fields back to userspace
panic: avoid deadlocks in re-entrant console drivers
iwlwifi: mvm: don't send GEO_TX_POWER_LIMIT to old firmwares
iwlwifi: add new cards for 9560, 9462, 9461 and killer series
ubifs: Handle re-linking of inodes correctly while recovery
mm: don't miss the last page because of round-off error
proc/sysctl: don't return ENOMEM on lookup when a table is unregistering
i2c: rcar: check bus state before reinitializing
drm/amd/display: Fix 6x4K displays light-up on Vega20 (v2)
drm/msm: Fix task dump in gpu recovery
drm/msm: fix handling of cmdstream offset
net: aquantia: fix rx checksum offload bits
liquidio: read sc->iq_no before release sc
drm/msm/hdmi: Enable HPD after HDMI IRQ is set up
macvlan: return correct error value
bpf: check pending signals while verifying programs
ARM: 8816/1: dma-mapping: fix potential uninitialized return
tools/testing/nvdimm: Align test resources to 128M
Btrfs: fix missing delayed iputs on unmount
ax25: fix a use-after-free in ax25_fillin_cb()
gro_cell: add napi_disable in gro_cells_destroy
ibmveth: fix DMA unmap error in ibmveth_xmit_start error path
ieee802154: lowpan_header_create check must check daddr
ipv6: explicitly initialize udp6_addr in udp_sock_create6()
ipv6: tunnels: fix two use-after-free
isdn: fix kernel-infoleak in capi_unlocked_ioctl
net: macb: restart tx after tx used bit read
net: phy: Fix the issue that netif always links up after resuming
netrom: fix locking in nr_find_socket()
net/wan: fix a double free in x25_asy_open_tty()
packet: validate address length
packet: validate address length if non-zero
ptr_ring: wrap back ->producer in __ptr_ring_swap_queue()
qmi_wwan: Added support for Telit LN940 series
sctp: initialize sin6_flowinfo for ipv6 addrs in sctp_inet6addr_event
tcp: fix a race in inet_diag_dump_icsk()
tipc: fix a double kfree_skb()
vhost: make sure used idx is seen before log in vhost_add_used_n()
VSOCK: Send reset control packet when socket is partially bound
xen/netfront: tolerate frags with no data
net/mlx5: Typo fix in del_sw_hw_rule
net/mlx5e: RX, Fix wrong early return in receive queue poll
mlxsw: core: Increase timeout during firmware flash process
net/mlx5e: Remove the false indication of software timestamping support
tipc: use lock_sock() in tipc_sk_reinit()
tipc: compare remote and local protocols in tipc_udp_enable()
qmi_wwan: Added support for Fibocom NL668 series
qmi_wwan: Add support for Fibocom NL678 series
net/smc: fix TCP fallback socket release
sock: Make sock->sk_stamp thread-safe
IB/hfi1: Incorrect sizing of sge for PIO will OOPs
mtd: atmel-quadspi: disallow building on ebsa110
ALSA: hda: add mute LED support for HP EliteBook 840 G4
ALSA: fireface: fix for state to fetch PCM frames
ALSA: firewire-lib: fix wrong handling payload_length as payload_quadlet
ALSA: firewire-lib: fix wrong assignment for 'out_packet_without_header' tracepoint
ALSA: firewire-lib: use the same print format for 'without_header' tracepoints
ALSA: hda/tegra: clear pending irq handlers
USB: serial: pl2303: add ids for Hewlett-Packard HP POS pole displays
USB: serial: option: add Fibocom NL678 series
usb: r8a66597: Fix a possible concurrency use-after-free bug in r8a66597_endpoint_disable()
staging: wilc1000: fix missing read_write setting when reading data
qmi_wwan: apply SET_DTR quirk to the SIMCOM shared device ID
s390/pci: fix sleeping in atomic during hotplug
x86/speculation/l1tf: Drop the swap storage limit restriction when l1tf=off
KVM: x86: Use jmp to invoke kvm_spurious_fault() from .fixup
KVM: nVMX: Free the VMREAD/VMWRITE bitmaps if alloc_kvm_area() fails
platform-msi: Free descriptors in platform_msi_domain_free()
perf pmu: Suppress potential format-truncation warning
ext4: add ext4_sb_bread() to disambiguate ENOMEM cases
ext4: fix possible use after free in ext4_quota_enable
ext4: missing unlock/put_page() in ext4_try_to_write_inline_data()
ext4: fix EXT4_IOC_GROUP_ADD ioctl
ext4: include terminating u32 in size of xattr entries when expanding inodes
ext4: force inode writes when nfsd calls commit_metadata()
ext4: check for shutdown and r/o file system in ext4_write_inode()
spi: bcm2835: Fix race on DMA termination
spi: bcm2835: Fix book-keeping of DMA termination
spi: bcm2835: Avoid finishing transfer prematurely in IRQ mode
clk: rockchip: fix typo in rk3188 spdif_frac parent
crypto: cavium/nitrox - fix a DMA pool free failure
cgroup: fix CSS_TASK_ITER_PROCS
cdc-acm: fix abnormal DATA RX issue for Mediatek Preloader.
Btrfs: fix fsync of files with multiple hard links in new directories
f2fs: fix validation of the block count in sanity_check_raw_super
serial: uartps: Fix interrupt mask issue to handle the RX interrupts properly
media: vivid: free bitmap_cap when updating std/timings/etc.
media: v4l2-tpg: array index could become negative
MIPS: math-emu: Write-protect delay slot emulation pages
MIPS: c-r4k: Add r4k_blast_scache_node for Loongson-3
MIPS: Ensure pmd_present() returns false after pmd_mknotpresent()
MIPS: Align kernel load address to 64KB
MIPS: Expand MIPS32 ASIDs to 64 bits
MIPS: OCTEON: mark RGMII interface disabled on OCTEON III
CIFS: Fix error mapping for SMB2_LOCK command which caused OFD lock problem
arm64: KVM: Avoid setting the upper 32 bits of VTCR_EL2 to 1
arm/arm64: KVM: vgic: Force VM halt when changing the active state of GICv3 PPIs/SGIs
rtc: m41t80: Correct alarm month range with RTC reads
tpm: tpm_i2c_nuvoton: use correct command duration for TPM 2.x
spi: bcm2835: Unbreak the build of esoteric configs
MIPS: Only include mmzone.h when CONFIG_NEED_MULTIPLE_NODES=y
KVM: X86: Fix NULL deref in vcpu_scan_ioapic
futex: Cure exit race
x86/mm: Fix decoy address handling vs 32-bit builds
x86/intel_rdt: Ensure a CPU remains online for the region's pseudo-locking sequence
mm: add mm_pxd_folded checks to pgtable_bytes accounting functions
mm: make the __PAGETABLE_PxD_FOLDED defines non-empty
mm: introduce mm_[p4d|pud|pmd]_folded
ip: validate header length on virtual device xmit
net: clear skb->tstamp in forwarding paths
net/hamradio/6pack: use mod_timer() to rearm timers
tipc: check tsk->group in tipc_wait_for_cond()
tipc: check group dests after tipc_wait_for_cond()
ipv6: frags: Fix bogus skb->sk in reassembled packets
ALSA: hda/realtek: Enable audio jacks of ASUS UX391UA with ALC294
ALSA: hda/realtek: Enable the headset mic auto detection for ASUS laptops
ASoC: intel: cht_bsw_max98090_ti: Add pmc_plt_clk_0 quirk for Chromebook Clapper
ASoC: intel: cht_bsw_max98090_ti: Add pmc_plt_clk_0 quirk for Chromebook Gnawty
Input: elan_i2c - add ACPI ID for touchpad in ASUS Aspire F5-573G
arm64: KVM: Make VHE Stage-2 TLB invalidation operations non-interruptible
DRM: UDL: get rid of useless vblank initialization
clocksource/drivers/arc_timer: Utilize generic sched_clock
ocxl: Fix endiannes bug in ocxl_link_update_pe()
ocxl: Fix endiannes bug in read_afu_name()
ext4: add verifier check for symlink with append/immutable flags
ext4: avoid declaring fs inconsistent due to invalid file handles
clk: sunxi-ng: Use u64 for calculation of NM rate
crypto: testmgr - add AES-CFB tests
btrfs: dev-replace: go back to suspended state if target device is missing
btrfs: run delayed items before dropping the snapshot
powerpc/tm: Unset MSR[TS] if not recheckpointing
f2fs: read page index before freeing
f2fs: sanity check of xattr entry size
media: cec: keep track of outstanding transmits
media: imx274: fix stack corruption in imx274_read_reg
media: vb2: check memory model for VIDIOC_CREATE_BUFS
MIPS: Fix a R10000_LLSC_WAR logic in atomic.h
KVM: arm/arm64: vgic: Do not cond_resched_lock() with IRQs disabled
KVM: arm/arm64: vgic: Cap SPIs to the VM-defined maximum

CVE References

Changed in linux (Ubuntu):
status: New → Confirmed
tags: added: kernel-stable-tracking-bug
Changed in linux (Ubuntu Bionic):
status: New → In Progress
assignee: nobody → Kamal Mostafa (kamalmostafa)
description: updated
description: updated
Changed in linux (Ubuntu Bionic):
status: In Progress → Fix Committed
Launchpad Janitor (janitor) wrote :
Download full text (235.3 KiB)

This bug was fixed in the package linux - 4.15.0-60.67

---------------
linux (4.15.0-60.67) bionic; urgency=medium

  * bionic/linux: 4.15.0-60.67 -proposed tracker (LP: #1841086)

  * [Regression] net test from ubuntu_kernel_selftests failed due to bpf test
    compilation issue (LP: #1840935)
    - SAUCE: Fix "bpf: relax verifier restriction on BPF_MOV | BPF_ALU"

  * [Regression] failed to compile seccomp test from ubuntu_kernel_selftests
    (LP: #1840932)
    - Revert "selftests: skip seccomp get_metadata test if not real root"

  * Packaging resync (LP: #1786013)
    - [Packaging] resync getabis

linux (4.15.0-59.66) bionic; urgency=medium

  * bionic/linux: 4.15.0-59.66 -proposed tracker (LP: #1840006)

  * zfs not completely removed from bionic tree (LP: #1840051)
    - SAUCE: (noup) remove completely the zfs code

  * Packaging resync (LP: #1786013)
    - [Packaging] update helper scripts

  * [18.04 FEAT] Enhanced hardware support (LP: #1836857)
    - s390: report new CPU capabilities
    - s390: add alignment hints to vector load and store

  * [18.04 FEAT] Enhanced CPU-MF hardware counters - kernel part (LP: #1836860)
    - s390/cpum_cf: Add support for CPU-MF SVN 6
    - s390/cpumf: Add extended counter set definitions for model 8561 and 8562

  * ideapad_laptop disables WiFi/BT radios on Lenovo Y540 (LP: #1837136)
    - platform/x86: ideapad-laptop: Remove no_hw_rfkill_list

  * Stacked onexec transitions fail when under NO NEW PRIVS restrictions
    (LP: #1839037)
    - SAUCE: apparmor: fix nnp subset check failure when, stacking

  * bcache: bch_allocator_thread(): hung task timeout (LP: #1784665) // Tight
    timeout for bcache removal causes spurious failures (LP: #1796292)
    - SAUCE: bcache: fix deadlock in bcache_allocator

  * bcache: bch_allocator_thread(): hung task timeout (LP: #1784665)
    - bcache: never writeback a discard operation
    - bcache: improve bcache_reboot()
    - bcache: fix writeback target calc on large devices
    - bcache: add journal statistic
    - bcache: fix high CPU occupancy during journal
    - bcache: use pr_info() to inform duplicated CACHE_SET_IO_DISABLE set
    - bcache: fix incorrect sysfs output value of strip size
    - bcache: fix error return value in memory shrink
    - bcache: fix using of loop variable in memory shrink
    - bcache: Fix indentation
    - bcache: Add __printf annotation to __bch_check_keys()
    - bcache: Annotate switch fall-through
    - bcache: Fix kernel-doc warnings
    - bcache: Remove an unused variable
    - bcache: Suppress more warnings about set-but-not-used variables
    - bcache: Reduce the number of sparse complaints about lock imbalances
    - bcache: Fix a compiler warning in bcache_device_init()
    - bcache: Move couple of string arrays to sysfs.c
    - bcache: Move couple of functions to sysfs.c
    - bcache: Replace bch_read_string_list() by __sysfs_match_string()

  * linux hwe i386 kernel 5.0.0-21.22~18.04.1 crashes on Lenovo x220
    (LP: #1838115)
    - x86/mm: Check for pfn instead of page in vmalloc_sync_one()
    - x86/mm: Sync also unmappings in vmalloc_sync_all()
    - mm/vmalloc.c: add priority threshold to __purge_vmap_area_lazy()...

Changed in linux (Ubuntu Bionic):
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers