Bionic update: upstream stable patchset 2019-07-22

Bug #1837477 reported by Kamal Mostafa on 2019-07-22
10
This bug affects 1 person
Affects Status Importance Assigned to Milestone
linux (Ubuntu)
Undecided
Unassigned
Bionic
Undecided
Kamal Mostafa

Bug Description

SRU Justification

    Impact:
       The upstream process for stable tree updates is quite similar
       in scope to the Ubuntu SRU process, e.g., each patch has to
       demonstrably fix a bug, and each patch is vetted by upstream
       by originating either directly from a mainline/stable Linux tree or
       a minimally backported form of that patch. The following upstream
       stable patches should be included in the Ubuntu kernel:

       upstream stable patchset 2019-07-22

            Ported from the following upstream stable releases:
                v4.14.93, v4.19.15,
                v4.14.94, v4.19.16,
                v4.14.95, v4.19.17,
                v4.14.96, v4.19.18

       from git://git.kernel.org/

pinctrl: meson: fix pull enable register calculation
powerpc: Fix COFF zImage booting on old powermacs
powerpc/mm: Fix linux page tables build with some configs
HID: ite: Add USB id match for another ITE based keyboard rfkill key quirk
ARM: imx: update the cpu power up timing setting on i.mx6sx
ARM: dts: imx7d-nitrogen7: Fix the description of the Wifi clock
Input: restore EV_ABS ABS_RESERVED
checkstack.pl: fix for aarch64
xfrm: Fix error return code in xfrm_output_one()
xfrm: Fix bucket count reported to userspace
xfrm: Fix NULL pointer dereference in xfrm_input when skb_dst_force clears the dst_entry.
netfilter: seqadj: re-load tcp header pointer after possible head reallocation
scsi: bnx2fc: Fix NULL dereference in error handling
Input: omap-keypad - fix idle configuration to not block SoC idle states
Input: synaptics - enable RMI on ThinkPad T560
ibmvnic: Fix non-atomic memory allocation in IRQ context
ieee802154: ca8210: fix possible u8 overflow in ca8210_rx_done
i40e: fix mac filter delete when setting mac address
netfilter: ipset: do not call ipset_nest_end after nla_nest_cancel
netfilter: nat: can't use dst_hold on noref dst
bnx2x: Clear fip MAC when fcoe offload support is disabled
bnx2x: Remove configured vlans as part of unload sequence.
bnx2x: Send update-svid ramrod with retry/poll flags enabled
scsi: target: iscsi: cxgbit: add missing spin_lock_init()
x86, hyperv: remove PCI dependency
drivers: net: xgene: Remove unnecessary forward declarations
w90p910_ether: remove incorrect __init annotation
SUNRPC: Fix a race with XPRT_CONNECTING
qed: Fix an error code qed_ll2_start_xmit()
net: macb: fix random memory corruption on RX with 64-bit DMA
net: macb: fix dropped RX frames due to a race
lan78xx: Resolve issue with changing MAC address
vxge: ensure data0 is initialized in when fetching firmware version information
mac80211: free skb fraglist before freeing the skb
kbuild: fix false positive warning/error about missing libelf
virtio: fix test build after uio.h change
gpio: mvebu: only fail on missing clk if pwm is actually to be used
Input: synaptics - enable SMBus for HP EliteBook 840 G4
net: netxen: fix a missing check and an uninitialized use
qmi_wwan: Fix qmap header retrieval in qmimux_rx_fixup
serial/sunsu: fix refcount leak
scsi: zfcp: fix posting too many status read buffers leading to adapter shutdown
scsi: lpfc: do not set queue->page_count to 0 if pc_sli4_params.wqpcnt is invalid
tools: fix cross-compile var clobbering
zram: fix double free backing device
hwpoison, memory_hotplug: allow hwpoisoned pages to be offlined
mm, devm_memremap_pages: mark devm_memremap_pages() EXPORT_SYMBOL_GPL
mm, devm_memremap_pages: kill mapping "System RAM" support
mm, hmm: use devm semantics for hmm_devmem_{add, remove}
mm, hmm: mark hmm_devmem_{add, add_resource} EXPORT_SYMBOL_GPL
mm, swap: fix swapoff with KSM pages
sunrpc: fix cache_head leak due to queued request
powerpc: avoid -mno-sched-epilog on GCC 4.9 and newer
powerpc: Disable -Wbuiltin-requires-header when setjmp is used
ftrace: Build with CPPFLAGS to get -Qunused-arguments
kbuild: add -no-integrated-as Clang option unconditionally
kbuild: consolidate Clang compiler flags
Makefile: Export clang toolchain variables
powerpc/boot: Set target when cross-compiling for clang
raid6/ppc: Fix build for clang
ALSA: cs46xx: Potential NULL dereference in probe
ALSA: usb-audio: Avoid access before bLength check in build_audio_procunit()
ALSA: usb-audio: Fix an out-of-bound read in create_composite_quirks
dlm: fixed memory leaks after failed ls_remove_names allocation
dlm: possible memory leak on error path in create_lkb()
dlm: lost put_lkb on error path in receive_convert() and receive_unlock()
dlm: memory leaks on error path in dlm_user_request()
gfs2: Get rid of potential double-freeing in gfs2_create_inode
gfs2: Fix loop in gfs2_rbm_find
b43: Fix error in cordic routine
selinux: policydb - fix byte order and alignment issues
scripts/kallsyms: filter arm64's __efistub_ symbols
arm64: drop linker script hack to hide __efistub_ symbols
arm64: relocatable: fix inconsistencies in linker script and options
powerpc/tm: Set MSR[TS] just prior to recheckpoint
9p/net: put a lower bound on msize
rxe: fix error completion wr_id and qp_num
iommu/vt-d: Handle domain agaw being less than iommu agaw
sched/fair: Fix infinite loop in update_blocked_averages() by reverting a9e7f6544b9c
ceph: don't update importing cap's mseq when handing cap export
genwqe: Fix size check
intel_th: msu: Fix an off-by-one in attribute store
power: supply: olpc_battery: correct the temperature units
lib: fix build failure in CONFIG_DEBUG_VIRTUAL test
drm/vc4: Set ->is_yuv to false when num_planes == 1
bnx2x: Fix NULL pointer dereference in bnx2x_del_all_vlans() on some hw
tools: power/acpi, revert to LD = gcc
ARM: dts: sun8i: a83t: bananapi-m3: increase vcc-pd voltage to 3.3V
arm64: dts: mt7622: fix no more console output on rfb1
ibmvnic: Convert reset work item mutex to spin lock
ixgbe: Fix race when the VF driver does a reset
net: macb: add missing barriers when reading descriptors
powerpc: remove old GCC version checks
Fix failure path in alloc_pid()
block: deactivate blk_stat timer in wbt_disable_default()
PCI / PM: Allow runtime PM without callback functions
leds: pwm: silently error out on EPROBE_DEFER
Revert "powerpc/tm: Unset MSR[TS] if not recheckpointing"
iio: dac: ad5686: fix bit shift read register
video: fbdev: pxafb: Fix "WARNING: invalid free of devm_ allocated data"
drivers/perf: hisi: Fixup one DDRC PMU register offset
drm/nouveau/drm/nouveau: Check rc from drm_dp_mst_topology_mgr_resume()
drm/rockchip: psr: do not dereference encoder before it is null checked.
CIFS: Fix adjustment of credits for MTU requests
CIFS: Do not hide EINTR after sending network packets
cifs: Fix potential OOB access of lock element array
usb: cdc-acm: send ZLP for Telit 3G Intel based modems
USB: storage: don't insert sane sense for SPC3+ when bad sense specified
USB: storage: add quirk for SMI SM3350
USB: Add USB_QUIRK_DELAY_CTRL_MSG quirk for Corsair K70 RGB
slab: alien caches must not be initialized if the allocation of the alien cache failed
mm: page_mapped: don't assume compound page is huge or THP
mm, memcg: fix reclaim deadlock with writeback
ACPI: power: Skip duplicate power resource references in _PRx
ACPI / PMIC: xpower: Fix TS-pin current-source handling
i2c: dev: prevent adapter retries and timeout being set as minus value
drm/fb-helper: Partially bring back workaround for bugs of SDL 1.2
rbd: don't return 0 on unmap if RBD_DEV_FLAG_REMOVING is set
ext4: make sure enough credits are reserved for dioread_nolock writes
ext4: fix a potential fiemap/page fault deadlock w/ inline_data
ext4: avoid kernel warning when writing the superblock to a dead device
ext4: track writeback errors using the generic tracking infrastructure
KVM: arm/arm64: Fix VMID alloc race by reverting to lock-less
Btrfs: fix deadlock when using free space tree due to block group creation
mm/usercopy.c: no check page span for stack objects
vfio/type1: Fix unmap overflow off-by-one
drm/amdgpu: Don't ignore rc from drm_dp_mst_topology_mgr_resume()
ext4: fix special inode number checks in __ext4_iget()
Btrfs: fix access to available allocation bits when starting balance
Btrfs: use nofs context when initializing security xattrs to avoid deadlock
tty/ldsem: Wake up readers after timed out down_write()
can: gw: ensure DLC boundaries after CAN frame modification
mmc: sdhci-msm: Disable CDR function on TX
media: em28xx: Fix misplaced reset of dev->v4l::field_count
scsi: target: iscsi: cxgbit: fix csk leak
scsi: target: iscsi: cxgbit: fix csk leak
arm64/kvm: consistently handle host HCR_EL2 flags
arm64: Don't trap host pointer auth use to EL2
ipv6: fix kernel-infoleak in ipv6_local_error()
net: bridge: fix a bug on using a neighbour cache entry without checking its state
packet: Do not leak dev refcounts on error exit
bonding: update nest level on unlink
ip: on queued skb use skb_header_pointer instead of pskb_may_pull
crypto: caam - fix zero-length buffer DMA mapping
crypto: authencesn - Avoid twice completion call in decrypt path
crypto: bcm - convert to use crypto_authenc_extractkeys()
btrfs: wait on ordered extents on abort cleanup
Yama: Check for pid death before checking ancestry
scsi: core: Synchronize request queue PM status only on successful resume
scsi: sd: Fix cache_type_store()
crypto: talitos - reorder code in talitos_edesc_alloc()
crypto: talitos - fix ablkcipher for CONFIG_VMAP_STACK
mips: fix n32 compat_ipc_parse_version
MIPS: lantiq: Fix IPI interrupt handling
OF: properties: add missing of_node_put
mfd: tps6586x: Handle interrupts on suspend
media: v4l: ioctl: Validate num_planes for debug messages
pstore/ram: Avoid allocation and leak of platform data
arm64: kaslr: ensure randomized quantities are clean to the PoC
Disable MSI also when pcie-octeon.pcie_disable on
omap2fb: Fix stack memory disclosure
media: vivid: fix error handling of kthread_run
media: vivid: set min width/height to a value > 0
bpf: in __bpf_redirect_no_mac pull mac only if present
LSM: Check for NULL cred-security on free
media: vb2: vb2_mmap: move lock up
sunrpc: handle ENOMEM in rpcb_getport_async
netfilter: ebtables: account ebt_table_info to kmemcg
selinux: fix GPF on invalid policy
blockdev: Fix livelocks on loop device
sctp: allocate sctp_sockaddr_entry with kzalloc
tipc: fix uninit-value in tipc_nl_compat_link_reset_stats
tipc: fix uninit-value in tipc_nl_compat_bearer_enable
tipc: fix uninit-value in tipc_nl_compat_link_set
tipc: fix uninit-value in tipc_nl_compat_name_table_dump
tipc: fix uninit-value in tipc_nl_compat_doit
block/loop: Don't grab "struct file" for vfs_getattr() operation.
loop: drop caches if offset or block_size are changed
drm/fb-helper: Ignore the value of fb_var_screeninfo.pixclock
media: vb2: be sure to unlock mutex on errors
nbd: Use set_blocksize() to set device blocksize
tun: publish tfile after it's fully initialized
crypto: sm3 - fix undefined shift by >= width of value
MIPS: BCM47XX: Setup struct device for the SoC
RDMA/vmw_pvrdma: Return the correct opcode when creating WR
arm64: dts: marvell: armada-ap806: reserve PSCI area
ipv6: make icmp6_send() robust against null skb->dev
block: use rcu_work instead of call_rcu to avoid sleep in softirq
selftests: Fix test errors related to lib.mk khdr target
ipv6: Consider sk_bound_dev_if when binding a socket to a v4 mapped address
mlxsw: spectrum: Disable lag port TX before removing it
mlxsw: spectrum_switchdev: Set PVID correctly during VLAN deletion
net, skbuff: do not prefer skb allocation fails early
qmi_wwan: add MTU default to qmap network interface
ipv6: Take rcu_read_lock in __inet6_bind for mapped addresses
net: dsa: mv88x6xxx: mv88e6390 errata
gpio: pl061: Move irq_chip definition inside struct pl061
platform/x86: asus-wmi: Tell the EC the OS will handle the display off hotkey
e1000e: allow non-monotonic SYSTIM readings
writeback: don't decrement wb->refcnt if !wb->bdi
serial: set suppress_bind_attrs flag only if builtin
ALSA: oxfw: add support for APOGEE duet FireWire
x86/mce: Fix -Wmissing-prototypes warnings
MIPS: SiByte: Enable swiotlb for SWARM, LittleSur and BigSur
arm64: perf: set suppress_bind_attrs flag to true
usb: gadget: udc: renesas_usb3: add a safety connection way for forced_b_device
selinux: always allow mounting submounts
rxe: IB_WR_REG_MR does not capture MR's iova field
jffs2: Fix use of uninitialized delayed_work, lockdep breakage
clk: imx: make mux parent strings const
pstore/ram: Do not treat empty buffers as valid
powerpc/xmon: Fix invocation inside lock region
powerpc/pseries/cpuidle: Fix preempt warning
media: firewire: Fix app_info parameter type in avc_ca{,_app}_info
media: venus: core: Set dma maximum segment size
net: call sk_dst_reset when set SO_DONTROUTE
scsi: target: use consistent left-aligned ASCII INQUIRY data
selftests: do not macro-expand failed assertion expressions
clk: imx6q: reset exclusive gates on init
arm64: Fix minor issues with the dcache_by_line_op macro
kconfig: fix file name and line number of warn_ignored_character()
kconfig: fix memory leak when EOF is encountered in quotation
mmc: atmel-mci: do not assume idle after atmci_request_end
btrfs: improve error handling of btrfs_add_link
tty/serial: do not free trasnmit buffer page under port lock
perf intel-pt: Fix error with config term "pt=0"
perf svghelper: Fix unchecked usage of strncpy()
perf parse-events: Fix unchecked usage of strncpy()
netfilter: ipt_CLUSTERIP: check MAC address when duplicate config is set
dm crypt: use u64 instead of sector_t to store iv_offset
dm kcopyd: Fix bug causing workqueue stalls
tools lib subcmd: Don't add the kernel sources to the include path
dm snapshot: Fix excessive memory usage and workqueue stalls
quota: Lock s_umount in exclusive mode for Q_XQUOTA{ON,OFF} quotactls.
clocksource/drivers/integrator-ap: Add missing of_node_put()
ALSA: bebob: fix model-id of unit for Apogee Ensemble
sysfs: Disable lockdep for driver bind/unbind files
IB/usnic: Fix potential deadlock
scsi: smartpqi: correct lun reset issues
scsi: smartpqi: call pqi_free_interrupts() in pqi_shutdown()
scsi: megaraid: fix out-of-bound array accesses
ocfs2: fix panic due to unrecovered local alloc
mm/page-writeback.c: don't break integrity writeback on ->writepage() error
mm/swap: use nr_node_ids for avail_lists in swap_info_struct
mm, proc: be more verbose about unstable VMA flags in /proc/<pid>/smaps
UBUNTU: [Config] updateconfigs for CIFS_ALLOW_INSECURE_LEGACY
cifs: allow disabling insecure dialects in the config
cifs: In Kconfig CONFIG_CIFS_POSIX needs depends on legacy (insecure cifs)
PCI: dwc: Move interrupt acking into the proper callback
ipmi:ssif: Fix handling of multi-part return messages
net: clear skb->tstamp in bridge forwarding path
netfilter: ipset: Allow matching on destination MAC address for mac and ipmac sets
drm/amdkfd: fix interrupt spin lock
of: overlay: add missing of_node_put() after add new node to changeset
drm/atomic-helper: Complete fake_commit->flip_done potentially earlier
ASoC: pcm3168a: Don't disable pcm3168a when CONFIG_PM defined
efi/libstub: Disable some warnings for x86{,_64}
media: uvcvideo: Refactor teardown of uvc on USB disconnect
arm64: kasan: Increase stack size for KASAN_EXTRA
bpf: relax verifier restriction on BPF_MOV | BPF_ALU
perf vendor events intel: Fix Load_Miss_Real_Latency on SKL/SKX
netfilter: ipt_CLUSTERIP: remove wrong WARN_ON_ONCE in netns exit routine
netfilter: ipt_CLUSTERIP: fix deadlock in netns exit routine
x86/topology: Use total_cpus for max logical packages calculation
perf stat: Avoid segfaults caused by negated options
perf tools: Add missing sigqueue() prototype for systems lacking it
perf tools: Add missing open_memstream() prototype for systems lacking it
dm: Check for device sector overflow if CONFIG_LBDAF is not set
userfaultfd: clear flag if remap event not enabled

CVE References

Changed in linux (Ubuntu):
status: New → Confirmed
tags: added: kernel-stable-tracking-bug
description: updated
Changed in linux (Ubuntu Bionic):
assignee: nobody → Kamal Mostafa (kamalmostafa)
status: New → In Progress
Changed in linux (Ubuntu Bionic):
status: In Progress → Fix Committed
Launchpad Janitor (janitor) wrote :
Download full text (235.3 KiB)

This bug was fixed in the package linux - 4.15.0-60.67

---------------
linux (4.15.0-60.67) bionic; urgency=medium

  * bionic/linux: 4.15.0-60.67 -proposed tracker (LP: #1841086)

  * [Regression] net test from ubuntu_kernel_selftests failed due to bpf test
    compilation issue (LP: #1840935)
    - SAUCE: Fix "bpf: relax verifier restriction on BPF_MOV | BPF_ALU"

  * [Regression] failed to compile seccomp test from ubuntu_kernel_selftests
    (LP: #1840932)
    - Revert "selftests: skip seccomp get_metadata test if not real root"

  * Packaging resync (LP: #1786013)
    - [Packaging] resync getabis

linux (4.15.0-59.66) bionic; urgency=medium

  * bionic/linux: 4.15.0-59.66 -proposed tracker (LP: #1840006)

  * zfs not completely removed from bionic tree (LP: #1840051)
    - SAUCE: (noup) remove completely the zfs code

  * Packaging resync (LP: #1786013)
    - [Packaging] update helper scripts

  * [18.04 FEAT] Enhanced hardware support (LP: #1836857)
    - s390: report new CPU capabilities
    - s390: add alignment hints to vector load and store

  * [18.04 FEAT] Enhanced CPU-MF hardware counters - kernel part (LP: #1836860)
    - s390/cpum_cf: Add support for CPU-MF SVN 6
    - s390/cpumf: Add extended counter set definitions for model 8561 and 8562

  * ideapad_laptop disables WiFi/BT radios on Lenovo Y540 (LP: #1837136)
    - platform/x86: ideapad-laptop: Remove no_hw_rfkill_list

  * Stacked onexec transitions fail when under NO NEW PRIVS restrictions
    (LP: #1839037)
    - SAUCE: apparmor: fix nnp subset check failure when, stacking

  * bcache: bch_allocator_thread(): hung task timeout (LP: #1784665) // Tight
    timeout for bcache removal causes spurious failures (LP: #1796292)
    - SAUCE: bcache: fix deadlock in bcache_allocator

  * bcache: bch_allocator_thread(): hung task timeout (LP: #1784665)
    - bcache: never writeback a discard operation
    - bcache: improve bcache_reboot()
    - bcache: fix writeback target calc on large devices
    - bcache: add journal statistic
    - bcache: fix high CPU occupancy during journal
    - bcache: use pr_info() to inform duplicated CACHE_SET_IO_DISABLE set
    - bcache: fix incorrect sysfs output value of strip size
    - bcache: fix error return value in memory shrink
    - bcache: fix using of loop variable in memory shrink
    - bcache: Fix indentation
    - bcache: Add __printf annotation to __bch_check_keys()
    - bcache: Annotate switch fall-through
    - bcache: Fix kernel-doc warnings
    - bcache: Remove an unused variable
    - bcache: Suppress more warnings about set-but-not-used variables
    - bcache: Reduce the number of sparse complaints about lock imbalances
    - bcache: Fix a compiler warning in bcache_device_init()
    - bcache: Move couple of string arrays to sysfs.c
    - bcache: Move couple of functions to sysfs.c
    - bcache: Replace bch_read_string_list() by __sysfs_match_string()

  * linux hwe i386 kernel 5.0.0-21.22~18.04.1 crashes on Lenovo x220
    (LP: #1838115)
    - x86/mm: Check for pfn instead of page in vmalloc_sync_one()
    - x86/mm: Sync also unmappings in vmalloc_sync_all()
    - mm/vmalloc.c: add priority threshold to __purge_vmap_area_lazy()...

Changed in linux (Ubuntu Bionic):
status: Fix Committed → Fix Released
Po-Hsu Lin (cypressyew) on 2019-10-03
Changed in linux (Ubuntu):
status: Confirmed → Invalid
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers