Bionic update: upstream stable patchset 2019-07-19

Bug #1837257 reported by Kamal Mostafa
This bug affects 1 person
Affects Status Importance Assigned to Milestone
linux (Ubuntu)
Kamal Mostafa

Bug Description

SRU Justification

       The upstream process for stable tree updates is quite similar
       in scope to the Ubuntu SRU process, e.g., each patch has to
       demonstrably fix a bug, and each patch is vetted by upstream
       by originating either directly from a mainline/stable Linux tree or
       a minimally backported form of that patch. The following upstream
       stable patches should be included in the Ubuntu kernel:

       upstream stable patchset 2019-07-19

            Ported from the following upstream stable releases:
                v4.14.90, v4.19.12,
                v4.14.91, v4.19.13,
                v4.14.92, v4.19.14

       from git://

pinctrl: sunxi: a83t: Fix IRQ offset typo for PH11
userfaultfd: check VM_MAYWRITE was set after verifying the uffd is registered
arm64: dma-mapping: Fix FORCE_CONTIGUOUS buffer clearing
MMC: OMAP: fix broken MMC on OMAP15XX/OMAP5910/OMAP310
mmc: sdhci: fix the timeout check window for clock and reset
ARM: mmp/mmp2: fix cpu_is_mmp2() on mmp2-dt
dm thin: send event about thin-pool state change _after_ making it
dm cache metadata: verify cache has blocks in blocks_are_clean_separate_dirty()
tracing: Fix memory leak in set_trigger_filter()
tracing: Fix memory leak of instance function hash filters
powerpc/msi: Fix NULL pointer access in teardown code
drm/nouveau/kms: Fix memory leak in nv50_mstm_del()
drm/i915/execlists: Apply a full mb before execution for Braswell
drm/amdgpu: update SMC firmware image for polaris10 variants
x86/build: Fix compiler support check for CONFIG_RETPOLINE
locking: Remove smp_read_barrier_depends() from queued_spin_lock_slowpath()
locking/qspinlock: Ensure node is initialised before updating prev->next
locking/qspinlock: Bound spinning on pending->locked transition in slowpath
locking/qspinlock: Merge 'struct __qspinlock' into 'struct qspinlock'
locking/qspinlock: Remove unbounded cmpxchg() loop from locking slowpath
locking/qspinlock: Remove duplicate clear_pending() function from PV code
locking/qspinlock: Kill cmpxchg() loop when claiming lock from head of queue
locking/qspinlock: Re-order code
locking/qspinlock/x86: Increase _Q_PENDING_LOOPS upper bound
locking/qspinlock, x86: Provide liveness guarantee
mac80211: don't WARN on bad WMM parameters from buggy APs
mac80211: Fix condition validating WMM IE
IB/hfi1: Remove race conditions in user_sdma send path
locking/qspinlock: Fix build for anonymous union in older GCC compilers
mac80211_hwsim: fix module init error paths for netlink
Input: hyper-v - fix wakeup from suspend-to-idle
scsi: libiscsi: Fix NULL pointer dereference in iscsi_eh_session_reset
scsi: vmw_pscsi: Rearrange code to avoid multiple calls to free_irq during unload
x86/earlyprintk/efi: Fix infinite loop on some screen widths
drm/msm: Grab a vblank reference when waiting for commit_done
ARC: io.h: Implement reads{x}()/writes{x}()
bonding: fix 802.3ad state sent to partner when unbinding slave
bpf: Fix verifier log string check for bad alignment.
nfs: don't dirty kernel pages read by direct-io
SUNRPC: Fix a potential race in xprt_connect()
sbus: char: add of_node_put()
drivers/sbus/char: add of_node_put()
drivers/tty: add missing of_node_put()
ide: pmac: add of_node_put()
drm/msm: Fix error return checking
clk: mvebu: Off by one bugs in cp110_of_clk_get()
clk: mmp: Off by one in mmp_clk_add()
Input: synaptics - enable SMBus for HP 15-ay000
Input: omap-keypad - fix keyboard debounce configuration
libata: whitelist all SAMSUNG MZ7KM* solid-state disks
mv88e6060: disable hardware level MAC learning
net/mlx4_en: Fix build break when CONFIG_INET is off
ARM: 8814/1: mm: improve/fix ARM v7_dma_inv_range() unaligned address handling
ARM: 8815/1: V7M: align v7m_dma_inv_range() with v7 counterpart
ethernet: fman: fix wrong of_node_put() in probe function
drm/ast: Fix connector leak during driver unload
vhost/vsock: fix reset orphans race with close timeout
mlxsw: spectrum_switchdev: Fix VLAN device deletion via ioctl
i2c: axxia: properly handle master timeout
i2c: scmi: Fix probe error on devices with an empty SMB0001 ACPI device node
i2c: uniphier: fix violation of tLOW requirement for Fast-mode
i2c: uniphier-f: fix violation of tLOW requirement for Fast-mode
nvmet-rdma: fix response use after free
rtc: snvs: Add timeouts to avoid kernel lockups
bpf, arm: fix emit_ldx_r and emit_mov_i using TMP_REG_1
scsi: raid_attrs: fix unused variable warning
staging: olpc_dcon: add a missing dependency
ARM: dts: qcom-apq8064-arrow-sd-600eval fix graph_endpoint warning
mmc: core: use mrq->sbc when sending CMD23 for RPMB
dm: call blk_queue_split() to impose device limits on bios
media: vb2: don't call __vb2_queue_cancel if vb2_start_streaming failed
powerpc: Look for "stdout-path" when setting up legacy consoles
dm zoned: Fix target BIO completion handling
block: fix infinite loop if the device loses discard capability
ASoC: sta32x: set ->component pointer in private struct
perf record: Synthesize features before events in pipe mode
USB: hso: Fix OOB memory access in hso_probe/hso_get_config_data
xhci: Don't prevent USB2 bus suspend in state check intended for USB3 only
USB: xhci: fix 'broken_suspend' placement in struct xchi_hcd
USB: serial: option: add GosunCn ZTE WeLink ME3630
USB: serial: option: add HP lt4132
USB: serial: option: add Simcom SIM7500/SIM7600 (MBIM mode)
USB: serial: option: add Fibocom NL668 series
USB: serial: option: add Telit LN940 series
scsi: sd: use mempool for discard special page
mmc: core: Reset HPI enabled state during re-init and in case of errors
mmc: core: Allow BKOPS and CACHE ctrl even if no HPI support
mmc: core: Use a minimum 1600ms timeout when enabling CACHE ctrl
mmc: omap_hsmmc: fix DMA API warning
gpio: max7301: fix driver for use with CONFIG_VMAP_STACK
gpiolib-acpi: Only defer request_irq for GpioInt ACPI event handlers
posix-timers: Fix division by zero bug
kvm: x86: Add AMD's EX_CFG to the list of ignored MSRs
Drivers: hv: vmbus: Return -EINVAL for the sys files for unopened channels
x86/mtrr: Don't copy uninitialized gentry fields back to userspace
panic: avoid deadlocks in re-entrant console drivers
iwlwifi: mvm: don't send GEO_TX_POWER_LIMIT to old firmwares
iwlwifi: add new cards for 9560, 9462, 9461 and killer series
ubifs: Handle re-linking of inodes correctly while recovery
mm: don't miss the last page because of round-off error
proc/sysctl: don't return ENOMEM on lookup when a table is unregistering
i2c: rcar: check bus state before reinitializing
drm/amd/display: Fix 6x4K displays light-up on Vega20 (v2)
drm/msm: Fix task dump in gpu recovery
drm/msm: fix handling of cmdstream offset
net: aquantia: fix rx checksum offload bits
liquidio: read sc->iq_no before release sc
drm/msm/hdmi: Enable HPD after HDMI IRQ is set up
macvlan: return correct error value
bpf: check pending signals while verifying programs
ARM: 8816/1: dma-mapping: fix potential uninitialized return
tools/testing/nvdimm: Align test resources to 128M
Btrfs: fix missing delayed iputs on unmount
ax25: fix a use-after-free in ax25_fillin_cb()
gro_cell: add napi_disable in gro_cells_destroy
ibmveth: fix DMA unmap error in ibmveth_xmit_start error path
ieee802154: lowpan_header_create check must check daddr
ipv6: explicitly initialize udp6_addr in udp_sock_create6()
ipv6: tunnels: fix two use-after-free
isdn: fix kernel-infoleak in capi_unlocked_ioctl
net: macb: restart tx after tx used bit read
net: phy: Fix the issue that netif always links up after resuming
netrom: fix locking in nr_find_socket()
net/wan: fix a double free in x25_asy_open_tty()
packet: validate address length
packet: validate address length if non-zero
ptr_ring: wrap back ->producer in __ptr_ring_swap_queue()
qmi_wwan: Added support for Telit LN940 series
sctp: initialize sin6_flowinfo for ipv6 addrs in sctp_inet6addr_event
tcp: fix a race in inet_diag_dump_icsk()
tipc: fix a double kfree_skb()
vhost: make sure used idx is seen before log in vhost_add_used_n()
VSOCK: Send reset control packet when socket is partially bound
xen/netfront: tolerate frags with no data
net/mlx5: Typo fix in del_sw_hw_rule
net/mlx5e: RX, Fix wrong early return in receive queue poll
mlxsw: core: Increase timeout during firmware flash process
net/mlx5e: Remove the false indication of software timestamping support
tipc: use lock_sock() in tipc_sk_reinit()
tipc: compare remote and local protocols in tipc_udp_enable()
qmi_wwan: Added support for Fibocom NL668 series
qmi_wwan: Add support for Fibocom NL678 series
net/smc: fix TCP fallback socket release
sock: Make sock->sk_stamp thread-safe
IB/hfi1: Incorrect sizing of sge for PIO will OOPs
mtd: atmel-quadspi: disallow building on ebsa110
ALSA: hda: add mute LED support for HP EliteBook 840 G4
ALSA: fireface: fix for state to fetch PCM frames
ALSA: firewire-lib: fix wrong handling payload_length as payload_quadlet
ALSA: firewire-lib: fix wrong assignment for 'out_packet_without_header' tracepoint
ALSA: firewire-lib: use the same print format for 'without_header' tracepoints
ALSA: hda/tegra: clear pending irq handlers
USB: serial: pl2303: add ids for Hewlett-Packard HP POS pole displays
USB: serial: option: add Fibocom NL678 series
usb: r8a66597: Fix a possible concurrency use-after-free bug in r8a66597_endpoint_disable()
staging: wilc1000: fix missing read_write setting when reading data
qmi_wwan: apply SET_DTR quirk to the SIMCOM shared device ID
s390/pci: fix sleeping in atomic during hotplug
x86/speculation/l1tf: Drop the swap storage limit restriction when l1tf=off
KVM: x86: Use jmp to invoke kvm_spurious_fault() from .fixup
KVM: nVMX: Free the VMREAD/VMWRITE bitmaps if alloc_kvm_area() fails
platform-msi: Free descriptors in platform_msi_domain_free()
perf pmu: Suppress potential format-truncation warning
ext4: add ext4_sb_bread() to disambiguate ENOMEM cases
ext4: fix possible use after free in ext4_quota_enable
ext4: missing unlock/put_page() in ext4_try_to_write_inline_data()
ext4: fix EXT4_IOC_GROUP_ADD ioctl
ext4: include terminating u32 in size of xattr entries when expanding inodes
ext4: force inode writes when nfsd calls commit_metadata()
ext4: check for shutdown and r/o file system in ext4_write_inode()
spi: bcm2835: Fix race on DMA termination
spi: bcm2835: Fix book-keeping of DMA termination
spi: bcm2835: Avoid finishing transfer prematurely in IRQ mode
clk: rockchip: fix typo in rk3188 spdif_frac parent
crypto: cavium/nitrox - fix a DMA pool free failure
cdc-acm: fix abnormal DATA RX issue for Mediatek Preloader.
Btrfs: fix fsync of files with multiple hard links in new directories
f2fs: fix validation of the block count in sanity_check_raw_super
serial: uartps: Fix interrupt mask issue to handle the RX interrupts properly
media: vivid: free bitmap_cap when updating std/timings/etc.
media: v4l2-tpg: array index could become negative
MIPS: math-emu: Write-protect delay slot emulation pages
MIPS: c-r4k: Add r4k_blast_scache_node for Loongson-3
MIPS: Ensure pmd_present() returns false after pmd_mknotpresent()
MIPS: Align kernel load address to 64KB
MIPS: Expand MIPS32 ASIDs to 64 bits
MIPS: OCTEON: mark RGMII interface disabled on OCTEON III
CIFS: Fix error mapping for SMB2_LOCK command which caused OFD lock problem
arm64: KVM: Avoid setting the upper 32 bits of VTCR_EL2 to 1
arm/arm64: KVM: vgic: Force VM halt when changing the active state of GICv3 PPIs/SGIs
rtc: m41t80: Correct alarm month range with RTC reads
tpm: tpm_i2c_nuvoton: use correct command duration for TPM 2.x
spi: bcm2835: Unbreak the build of esoteric configs
MIPS: Only include mmzone.h when CONFIG_NEED_MULTIPLE_NODES=y
KVM: X86: Fix NULL deref in vcpu_scan_ioapic
futex: Cure exit race
x86/mm: Fix decoy address handling vs 32-bit builds
x86/intel_rdt: Ensure a CPU remains online for the region's pseudo-locking sequence
mm: add mm_pxd_folded checks to pgtable_bytes accounting functions
mm: make the __PAGETABLE_PxD_FOLDED defines non-empty
mm: introduce mm_[p4d|pud|pmd]_folded
ip: validate header length on virtual device xmit
net: clear skb->tstamp in forwarding paths
net/hamradio/6pack: use mod_timer() to rearm timers
tipc: check tsk->group in tipc_wait_for_cond()
tipc: check group dests after tipc_wait_for_cond()
ipv6: frags: Fix bogus skb->sk in reassembled packets
ALSA: hda/realtek: Enable audio jacks of ASUS UX391UA with ALC294
ALSA: hda/realtek: Enable the headset mic auto detection for ASUS laptops
ASoC: intel: cht_bsw_max98090_ti: Add pmc_plt_clk_0 quirk for Chromebook Clapper
ASoC: intel: cht_bsw_max98090_ti: Add pmc_plt_clk_0 quirk for Chromebook Gnawty
Input: elan_i2c - add ACPI ID for touchpad in ASUS Aspire F5-573G
arm64: KVM: Make VHE Stage-2 TLB invalidation operations non-interruptible
DRM: UDL: get rid of useless vblank initialization
clocksource/drivers/arc_timer: Utilize generic sched_clock
ocxl: Fix endiannes bug in ocxl_link_update_pe()
ocxl: Fix endiannes bug in read_afu_name()
ext4: add verifier check for symlink with append/immutable flags
ext4: avoid declaring fs inconsistent due to invalid file handles
clk: sunxi-ng: Use u64 for calculation of NM rate
crypto: testmgr - add AES-CFB tests
btrfs: dev-replace: go back to suspended state if target device is missing
btrfs: run delayed items before dropping the snapshot
powerpc/tm: Unset MSR[TS] if not recheckpointing
f2fs: read page index before freeing
f2fs: sanity check of xattr entry size
media: cec: keep track of outstanding transmits
media: imx274: fix stack corruption in imx274_read_reg
media: vb2: check memory model for VIDIOC_CREATE_BUFS
MIPS: Fix a R10000_LLSC_WAR logic in atomic.h
KVM: arm/arm64: vgic: Do not cond_resched_lock() with IRQs disabled
KVM: arm/arm64: vgic: Cap SPIs to the VM-defined maximum

CVE References

Changed in linux (Ubuntu):
status: New → Confirmed
tags: added: kernel-stable-tracking-bug
Changed in linux (Ubuntu Bionic):
status: New → In Progress
assignee: nobody → Kamal Mostafa (kamalmostafa)
description: updated
description: updated
Changed in linux (Ubuntu Bionic):
status: In Progress → Fix Committed
Revision history for this message
Launchpad Janitor (janitor) wrote :
Download full text (235.3 KiB)

This bug was fixed in the package linux - 4.15.0-60.67

linux (4.15.0-60.67) bionic; urgency=medium

  * bionic/linux: 4.15.0-60.67 -proposed tracker (LP: #1841086)

  * [Regression] net test from ubuntu_kernel_selftests failed due to bpf test
    compilation issue (LP: #1840935)
    - SAUCE: Fix "bpf: relax verifier restriction on BPF_MOV | BPF_ALU"

  * [Regression] failed to compile seccomp test from ubuntu_kernel_selftests
    (LP: #1840932)
    - Revert "selftests: skip seccomp get_metadata test if not real root"

  * Packaging resync (LP: #1786013)
    - [Packaging] resync getabis

linux (4.15.0-59.66) bionic; urgency=medium

  * bionic/linux: 4.15.0-59.66 -proposed tracker (LP: #1840006)

  * zfs not completely removed from bionic tree (LP: #1840051)
    - SAUCE: (noup) remove completely the zfs code

  * Packaging resync (LP: #1786013)
    - [Packaging] update helper scripts

  * [18.04 FEAT] Enhanced hardware support (LP: #1836857)
    - s390: report new CPU capabilities
    - s390: add alignment hints to vector load and store

  * [18.04 FEAT] Enhanced CPU-MF hardware counters - kernel part (LP: #1836860)
    - s390/cpum_cf: Add support for CPU-MF SVN 6
    - s390/cpumf: Add extended counter set definitions for model 8561 and 8562

  * ideapad_laptop disables WiFi/BT radios on Lenovo Y540 (LP: #1837136)
    - platform/x86: ideapad-laptop: Remove no_hw_rfkill_list

  * Stacked onexec transitions fail when under NO NEW PRIVS restrictions
    (LP: #1839037)
    - SAUCE: apparmor: fix nnp subset check failure when, stacking

  * bcache: bch_allocator_thread(): hung task timeout (LP: #1784665) // Tight
    timeout for bcache removal causes spurious failures (LP: #1796292)
    - SAUCE: bcache: fix deadlock in bcache_allocator

  * bcache: bch_allocator_thread(): hung task timeout (LP: #1784665)
    - bcache: never writeback a discard operation
    - bcache: improve bcache_reboot()
    - bcache: fix writeback target calc on large devices
    - bcache: add journal statistic
    - bcache: fix high CPU occupancy during journal
    - bcache: use pr_info() to inform duplicated CACHE_SET_IO_DISABLE set
    - bcache: fix incorrect sysfs output value of strip size
    - bcache: fix error return value in memory shrink
    - bcache: fix using of loop variable in memory shrink
    - bcache: Fix indentation
    - bcache: Add __printf annotation to __bch_check_keys()
    - bcache: Annotate switch fall-through
    - bcache: Fix kernel-doc warnings
    - bcache: Remove an unused variable
    - bcache: Suppress more warnings about set-but-not-used variables
    - bcache: Reduce the number of sparse complaints about lock imbalances
    - bcache: Fix a compiler warning in bcache_device_init()
    - bcache: Move couple of string arrays to sysfs.c
    - bcache: Move couple of functions to sysfs.c
    - bcache: Replace bch_read_string_list() by __sysfs_match_string()

  * linux hwe i386 kernel 5.0.0-21.22~18.04.1 crashes on Lenovo x220
    (LP: #1838115)
    - x86/mm: Check for pfn instead of page in vmalloc_sync_one()
    - x86/mm: Sync also unmappings in vmalloc_sync_all()
    - mm/vmalloc.c: add priority threshold to __purge_vmap_area_lazy()...

Changed in linux (Ubuntu Bionic):
status: Fix Committed → Fix Released
Po-Hsu Lin (cypressyew)
Changed in linux (Ubuntu):
status: Confirmed → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers