Bionic update: upstream stable patchset 2019-07-30

Bug #1838459 reported by Kamal Mostafa on 2019-07-30
This bug affects 1 person
Affects Status Importance Assigned to Milestone
linux (Ubuntu)
Kamal Mostafa

Bug Description

SRU Justification

       The upstream process for stable tree updates is quite similar
       in scope to the Ubuntu SRU process, e.g., each patch has to
       demonstrably fix a bug, and each patch is vetted by upstream
       by originating either directly from a mainline/stable Linux tree or
       a minimally backported form of that patch. The following upstream
       stable patches should be included in the Ubuntu kernel:

       upstream stable patchset 2019-07-30

            Ported from the following upstream stable releases:
                v4.14.115, v4.19.38,
                v4.14.116, v4.19.39,
                v4.14.117, v4.19.41,
                v4.14.118, v4.19.42,
                v4.14.119, v4.19.43

       from git://

kbuild: simplify ld-option implementation
cifs: do not attempt cifs operation on smb2+ rename error
tracing: Fix a memory leak by early error exit in trace_pid_write()
tracing: Fix buffer_ref pipe ops
zram: pass down the bvec we need to read into in the work struct
lib/Kconfig.debug: fix build error without CONFIG_BLOCK
MIPS: scall64-o32: Fix indirect syscall number load
trace: Fix preempt_enable_no_resched() abuse
IB/rdmavt: Fix frwr memory registration
sched/numa: Fix a possible divide-by-zero
ceph: only use d_name directly when parent is locked
ceph: ensure d_name stability in ceph_dentry_hash()
ceph: fix ci->i_head_snapc leak
nfsd: Don't release the callback slot unless it was actually held
sunrpc: don't mark uninitialised items as VALID.
Input: synaptics-rmi4 - write config register values to the right offset
dmaengine: sh: rcar-dmac: With cyclic DMA residue 0 is valid
ARM: 8857/1: efi: enable CP15 DMB instructions before cleaning the cache
drm/vc4: Fix memory leak during gpu reset.
drm/vc4: Fix compilation error reported by kbuild test bot
ext4: fix some error pointer dereferences
vsock/virtio: fix kernel panic from virtio_transport_reset_no_sock
tipc: handle the err returned from cmd header function
slip: make slhc_free() silently accept an error pointer
intel_th: gth: Fix an off-by-one in output unassigning
fs/proc/proc_sysctl.c: Fix a NULL pointer dereference
ipvs: fix warning on unused variable
sched/deadline: Correctly handle active 0-lag timers
NFS: Forbid setting AF_INET6 to "struct sockaddr_in"->sin_family.
netfilter: ebtables: CONFIG_COMPAT: drop a bogus WARN_ON
fm10k: Fix a potential NULL pointer dereference
tipc: check bearer name with right length in tipc_nl_compat_bearer_enable
tipc: check link name with right length in tipc_nl_compat_link_set
x86, retpolines: Raise limit for generating indirect calls from switch-case
x86/retpolines: Disable switch jump tables when retpolines are enabled
mm: Fix warning in insert_pfn()
ipv4: add sanity checks in ipv4_link_failure()
mlxsw: spectrum: Fix autoneg status in ethtool
net/mlx5e: ethtool, Remove unsupported SFP EEPROM high pages query
net: rds: exchange of 8K and 1M pool
net: stmmac: move stmmac_check_ether_addr() to driver probe
stmmac: pci: Adjust IOT2000 matching
team: fix possible recursive locking when add slaves
net/rose: fix unbound loop in rose_loopback_timer()
ipv4: set the tcp_min_rtt_wlen range from 0 to one day
powerpc/fsl: Add FSL_PPC_BOOK3E as supported arch for nospectre_v2 boot arg
Documentation: Add nospectre_v1 parameter
netfilter: nf_tables: warn when expr implements only one of activate/deactivate
net/ibmvnic: Fix RTNL deadlock during device reset
drm/rockchip: fix for mailbox read validation.
powerpc/vdso32: fix CLOCK_MONOTONIC on PPC64
perf/x86/intel: Enable C-state residency events for Cannon Lake
perf/x86/intel: Update KBL Package C-state events to also include PC8/PC9/PC10 counters
powerpc/mm/radix: Make Radix require HUGETLB_PAGE
workqueue: Try to catch flush_work() without INIT_WORK().
mlxsw: pci: Reincrease PCI reset timeout
mm: make page ref count overflow check tighter and more explicit
mm: add 'try_get_page()' helper function
mm: prevent get_user_pages() from overflowing page refcount
fs: prevent page refcount overflow in pipe_buf_get
ARM: dts: bcm283x: Fix hdmi hpd gpio pull
s390: limit brk randomization to 32MB
qlcnic: Avoid potential NULL pointer dereference
netfilter: nft_set_rbtree: check for inactive element after flag mismatch
netfilter: bridge: set skb transport_header before entering NF_INET_PRE_ROUTING
s390/qeth: fix race when initializing the IP address table
sc16is7xx: missing unregister/delete driver on error in sc16is7xx_init()
serial: ar933x_uart: Fix build failure with disabled console
KVM: arm/arm64: vgic-its: Take the srcu lock when parsing the memslots
usb: gadget: net2280: Fix overrun of OUT messages
usb: gadget: net2280: Fix net2280_dequeue()
usb: gadget: net2272: Fix net2272_dequeue()
ARM: dts: pfla02: increase phy reset duration
net: ks8851: Dequeue RX packets explicitly
net: ks8851: Reassert reset pin if chip ID check fails
net: ks8851: Delay requesting IRQ until opened
net: ks8851: Set initial carrier state to down
staging: rtl8188eu: Fix potential NULL pointer dereference of kcalloc
staging: rtlwifi: rtl8822b: fix to avoid potential NULL pointer dereference
staging: rtl8712: uninitialized memory in read_bbreg_hdl()
staging: rtlwifi: Fix potential NULL pointer dereference of kzalloc
net: macb: Add null check for PCLK and HCLK
net/sched: don't dereference a->goto_chain to read the chain index
ARM: dts: imx6qdl: Fix typo in imx6qdl-icore-rqs.dtsi
NFS: Fix a typo in nfs_init_timeout_values()
net: xilinx: fix possible object reference leak
net: ibm: fix possible object reference leak
net: ethernet: ti: fix possible object reference leak
gpio: aspeed: fix a potential NULL pointer dereference
drm/meson: Fix invalid pointer in meson_drv_unbind()
drm/meson: Uninstall IRQ handler
scsi: qla4xxx: fix a potential NULL pointer dereference
usb: usb251xb: fix to avoid potential NULL pointer dereference
usb: u132-hcd: fix resource leak
ceph: fix use-after-free on symlink traversal
scsi: zfcp: reduce flood of fcrscn1 trace records on multi-element RSCN
libata: fix using DMA buffers on stack
gpio: of: Fix of_gpiochip_add() error path
kconfig/[mn]conf: handle backspace (^H) key
ptrace: take into account saved_sigmask in PTRACE{GET,SET}SIGMASK
leds: pca9532: fix a potential NULL pointer dereference
KVM: arm64: Reset the PMU in preemptible context
KVM: arm/arm64: vgic-its: Take the srcu lock when writing to guest memory
scsi: aacraid: Insure we don't access PCIe space during AER/EEH
x86/realmode: Don't leak the trampoline kernel address
x86/mm: Don't exceed the valid physical address space
ipv4: ip_do_fragment: Preserve skb_iif during fragmentation
ipv6/flowlabel: wait rcu grace period before put_pid()
ipv6: invert flowlabel sharing check in process and user mode
l2ip: fix possible use-after-free
l2tp: use rcu_dereference_sk_user_data() in l2tp_udp_encap_recv()
net: dsa: bcm_sf2: fix buffer overflow doing set_rxnfc
net: phy: marvell: Fix buffer overrun with stats counters
sctp: avoid running the sctp state machine recursively
packet: validate msg_namelen in send directly
bnxt_en: Improve multicast address setup logic.
bnxt_en: Free short FW command HWRM memory in error path in bnxt_init_one()
ALSA: line6: use dynamic buffers
rxrpc: Fix net namespace cleanup
kasan: remove redundant initialization of variable 'real_size'
kasan: prevent compiler from optimizing away memset in tests
caif: reduce stack size with KASAN
ALSA: hda/realtek - Add new Dell platform for headset mode
USB: yurex: Fix protection fault after device removal
USB: w1 ds2490: Fix bug caused by improper use of altsetting array
usb: usbip: fix isoc packet num validation in get_pipe
USB: core: Fix unterminated string returned by usb_string()
USB: core: Fix bug caused by duplicate interface PM usage counter
nvme-loop: init nvmet_ctrl fatal_err_work when allocate
HID: logitech: check the return value of create_singlethread_workqueue
HID: debug: fix race condition with between rdesc_show() and device removal
rtc: sh: Fix invalid alarm warning for non-enabled alarm
batman-adv: Reduce claim hash refcnt only for removed entry
batman-adv: Reduce tt_local hash refcnt only for removed entry
batman-adv: Reduce tt_global hash refcnt only for removed entry
ARM: dts: rockchip: Fix gpu opp node names for rk3288
net/mlx5: E-Switch, Fix esw manager vport indication for more vport commands
bonding: show full hw address in sysfs for slave entries
net: stmmac: ratelimit RX error logs
net: stmmac: don't overwrite discard_frame status
net: stmmac: fix dropping of multi-descriptor RX frames
net: stmmac: don't log oversized frames
jffs2: fix use-after-free on symlink traversal
debugfs: fix use-after-free on symlink traversal
rtc: da9063: set uie_unsupported when relevant
HID: input: add mapping for Assistant key
vfio/pci: use correct format characters
scsi: core: add new RDAC LENOVO/DE_Series device
scsi: storvsc: Fix calculation of sub-channel count
net: hns: Fix WARNING when remove HNS driver with SMMU enabled
kmemleak: powerpc: skip scanning holes in the .bss section
hugetlbfs: fix memory leak for resv_map
sh: fix multiple function definition build errors
xsysace: Fix error handling in ace_setup
ARM: orion: don't use using 64-bit DMA masks
ARM: iop: don't use using 64-bit DMA masks
perf/x86/amd: Update generic hardware cache events for Family 17h
Bluetooth: btusb: request wake pin with NOAUTOEN
staging: iio: adt7316: allow adt751x to use internal vref for all dacs
staging: iio: adt7316: fix the dac read calculation
staging: iio: adt7316: fix the dac write calculation
scsi: RDMA/srpt: Fix a credit leak for aborted commands
ASoC: stm32: fix sai driver name initialisation
IB/core: Unregister notifier before freeing MAD security
IB/core: Fix potential memory leak while creating MAD agents
IB/core: Destroy QP if XRC QP fails
Input: snvs_pwrkey - initialize necessary driver data before enabling IRQ
Input: stmfts - acknowledge that setting brightness is a blocking call
selinux: never allow relabeling on context mounts
powerpc/mm/hash: Handle mmap_min_addr correctly in get_unmapped_area topdown search
x86/mce: Improve error message when kernel cannot recover, p2
clk: x86: Add system specific quirk to mark clocks as critical
i2c: i2c-stm32f7: Fix SDADEL minimum formula
media: v4l2: i2c: ov7670: Fix PLL bypass register values
mm/kmemleak.c: fix unused-function warning
mac80211: don't attempt to rename ERR_PTR() debugfs dirs
i2c: Remove unnecessary call to irq_find_mapping
i2c: Clear client->irq in i2c_device_remove
i2c: Allow recovery of the initial IRQ by an I2C client device.
i2c: Prevent runtime suspend of adapter when Host Notify is required
ALSA: hda/realtek - Apply the fixup for ASUS Q325UAR
USB: dummy-hcd: Fix failure to give back unlinked URBs
batman-adv: fix warning in function batadv_v_elp_get_throughput
riscv: fix accessing 8-byte variable from RV32
net: stmmac: don't stop NAPI processing when dropping a packet
mfd: twl-core: Disable IRQ while suspended
block: use blk_free_flush_queue() to free hctx->fq in blk_mq_init_hctx
arm/mach-at91/pm : fix possible object reference leak
fs: stream_open - opener for stream-like files so that read and write can run simultaneously without deadlock
block: pass no-op callback to INIT_WORK().
platform/x86: intel_pmc_core: Fix PCH IP name
platform/x86: intel_pmc_core: Handle CFL regmap properly
x86/mm: Fix a crash with kmemleak_scan()
Drivers: hv: vmbus: Remove the undesired put_cpu_ptr() in hv_synic_cleanup()
ubsan: Fix nasty -Wbuiltin-declaration-mismatch GCC-9 warnings
staging: greybus: power_supply: fix prop-descriptor request size
ASoC: hdmi-codec: fix S/PDIF DAI
ASoC:soc-pcm:fix a codec fixup issue in TDM case
ASoC: nau8824: fix the issue of the widget with prefix name
ASoC: nau8810: fix the issue of widget with prefixed name
ASoC: samsung: odroid: Fix clock configuration for 44100 sample rate
ASoC: wm_adsp: Add locking to wm_adsp2_bus_error
ASoC: cs4270: Set auto-increment bit for register writes
IB/hfi1: Eliminate opcode tests on mr deref
MIPS: KGDB: fix kgdb support for SMP platforms.
ASoC: tlv320aic32x4: Fix Common Pins
drm/mediatek: Fix an error code in mtk_hdmi_dt_parse_pdata()
perf/x86/intel: Fix handling of wakeup_events for multi-entry PEBS
perf/x86/intel: Initialize TFA MSR
linux/kernel.h: Use parentheses around argument in u64_to_user_ptr()
ASoC: rockchip: pdm: fix regmap_ops hang issue
slab: fix a crash by reading /proc/slab_allocators
virtio_pci: fix a NULL pointer reference in vp_del_vqs
RDMA/vmw_pvrdma: Fix memory leak on pvrdma_pci_remove
scsi: csiostor: fix missing data copy in csio_scsi_err_handler()
drm/mediatek: fix possible object reference leak
ASoC: Intel: kbl: fix wrong number of channels
virtio-blk: limit number of hw queues by nr_cpu_ids
platform/x86: pmc_atom: Drop __initconst on dmi table
genirq: Prevent use-after-free and work list corruption
usb: dwc3: Fix default lpm_nyet_threshold value
USB: serial: f81232: fix interrupt worker not stop
USB: cdc-acm: fix unthrottle races
usb-storage: Set virt_boundary_mask to avoid SG overflows
intel_th: pci: Add Comet Lake support
scsi: qla2xxx: Fix incorrect region-size setting in optrom SYSFS routines
UAS: fix alignment of scatter/gather segments
ASoC: Intel: avoid Oops if DMA setup fails
locking/futex: Allow low-level atomic operations to return -EAGAIN
arm64: futex: Bound number of LDXR/STXR loops in FUTEX_WAKE_OP
ASoC: tlv320aic3x: fix reset gpio reference counting
ASoC: stm32: sai: fix exposed capabilities in spdif mode
ASoC:intel:skl:fix a simultaneous playback & capture issue on hda platform
ASoC: dapm: Fix NULL pointer dereference in snd_soc_dapm_free_kcontrol
drm/omap: hdmi4_cec: Fix CEC clock handling for PM
IB/hfi1: Fix the allocation of RSM table
drm/amd/display: fix cursor black issue
objtool: Add machine_real_restart() to the noreturn list
objtool: Add rewind_stack_do_exit() to the noreturn list
RDMA/hns: Fix bug that caused srq creation to fail
perf/core: Fix perf_event_disable_inatomic() race
soc: sunxi: Fix missing dependency on REGMAP_MMIO
scsi: lpfc: change snprintf to scnprintf for possible overflow
UBUNTU: upstream stable to v4.14.119, v4.19.43

CVE References

Changed in linux (Ubuntu):
status: New → Confirmed
tags: added: kernel-stable-tracking-bug
description: updated
Changed in linux (Ubuntu Bionic):
status: New → In Progress
assignee: nobody → Kamal Mostafa (kamalmostafa)
description: updated
Changed in linux (Ubuntu Bionic):
status: In Progress → Fix Committed
Launchpad Janitor (janitor) wrote :
Download full text (235.3 KiB)

This bug was fixed in the package linux - 4.15.0-60.67

linux (4.15.0-60.67) bionic; urgency=medium

  * bionic/linux: 4.15.0-60.67 -proposed tracker (LP: #1841086)

  * [Regression] net test from ubuntu_kernel_selftests failed due to bpf test
    compilation issue (LP: #1840935)
    - SAUCE: Fix "bpf: relax verifier restriction on BPF_MOV | BPF_ALU"

  * [Regression] failed to compile seccomp test from ubuntu_kernel_selftests
    (LP: #1840932)
    - Revert "selftests: skip seccomp get_metadata test if not real root"

  * Packaging resync (LP: #1786013)
    - [Packaging] resync getabis

linux (4.15.0-59.66) bionic; urgency=medium

  * bionic/linux: 4.15.0-59.66 -proposed tracker (LP: #1840006)

  * zfs not completely removed from bionic tree (LP: #1840051)
    - SAUCE: (noup) remove completely the zfs code

  * Packaging resync (LP: #1786013)
    - [Packaging] update helper scripts

  * [18.04 FEAT] Enhanced hardware support (LP: #1836857)
    - s390: report new CPU capabilities
    - s390: add alignment hints to vector load and store

  * [18.04 FEAT] Enhanced CPU-MF hardware counters - kernel part (LP: #1836860)
    - s390/cpum_cf: Add support for CPU-MF SVN 6
    - s390/cpumf: Add extended counter set definitions for model 8561 and 8562

  * ideapad_laptop disables WiFi/BT radios on Lenovo Y540 (LP: #1837136)
    - platform/x86: ideapad-laptop: Remove no_hw_rfkill_list

  * Stacked onexec transitions fail when under NO NEW PRIVS restrictions
    (LP: #1839037)
    - SAUCE: apparmor: fix nnp subset check failure when, stacking

  * bcache: bch_allocator_thread(): hung task timeout (LP: #1784665) // Tight
    timeout for bcache removal causes spurious failures (LP: #1796292)
    - SAUCE: bcache: fix deadlock in bcache_allocator

  * bcache: bch_allocator_thread(): hung task timeout (LP: #1784665)
    - bcache: never writeback a discard operation
    - bcache: improve bcache_reboot()
    - bcache: fix writeback target calc on large devices
    - bcache: add journal statistic
    - bcache: fix high CPU occupancy during journal
    - bcache: use pr_info() to inform duplicated CACHE_SET_IO_DISABLE set
    - bcache: fix incorrect sysfs output value of strip size
    - bcache: fix error return value in memory shrink
    - bcache: fix using of loop variable in memory shrink
    - bcache: Fix indentation
    - bcache: Add __printf annotation to __bch_check_keys()
    - bcache: Annotate switch fall-through
    - bcache: Fix kernel-doc warnings
    - bcache: Remove an unused variable
    - bcache: Suppress more warnings about set-but-not-used variables
    - bcache: Reduce the number of sparse complaints about lock imbalances
    - bcache: Fix a compiler warning in bcache_device_init()
    - bcache: Move couple of string arrays to sysfs.c
    - bcache: Move couple of functions to sysfs.c
    - bcache: Replace bch_read_string_list() by __sysfs_match_string()

  * linux hwe i386 kernel 5.0.0-21.22~18.04.1 crashes on Lenovo x220
    (LP: #1838115)
    - x86/mm: Check for pfn instead of page in vmalloc_sync_one()
    - x86/mm: Sync also unmappings in vmalloc_sync_all()
    - mm/vmalloc.c: add priority threshold to __purge_vmap_area_lazy()...

Changed in linux (Ubuntu Bionic):
status: Fix Committed → Fix Released

Still occurring on 4.15.0-60-generic #67-Ubuntu SMP
Have attached the kernel panic

Kamal Mostafa (kamalmostafa) wrote :

@secretly: FYI, the panic you report in comment #2 was tracked as bug 1842447 and has been fixed and released in version 4.15.0-62.69.

To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers