Bionic update: upstream stable patchset 2019-07-30

Bug #1838459 reported by Kamal Mostafa on 2019-07-30
10
This bug affects 1 person
Affects Status Importance Assigned to Milestone
linux (Ubuntu)
Undecided
Unassigned
Bionic
Undecided
Kamal Mostafa

Bug Description

SRU Justification

    Impact:
       The upstream process for stable tree updates is quite similar
       in scope to the Ubuntu SRU process, e.g., each patch has to
       demonstrably fix a bug, and each patch is vetted by upstream
       by originating either directly from a mainline/stable Linux tree or
       a minimally backported form of that patch. The following upstream
       stable patches should be included in the Ubuntu kernel:

       upstream stable patchset 2019-07-30

            Ported from the following upstream stable releases:
                v4.14.115, v4.19.38,
                v4.14.116, v4.19.39,
                           v4.19.40,
                v4.14.117, v4.19.41,
                v4.14.118, v4.19.42,
                v4.14.119, v4.19.43

       from git://git.kernel.org/

kbuild: simplify ld-option implementation
cifs: do not attempt cifs operation on smb2+ rename error
tracing: Fix a memory leak by early error exit in trace_pid_write()
tracing: Fix buffer_ref pipe ops
zram: pass down the bvec we need to read into in the work struct
lib/Kconfig.debug: fix build error without CONFIG_BLOCK
MIPS: scall64-o32: Fix indirect syscall number load
trace: Fix preempt_enable_no_resched() abuse
IB/rdmavt: Fix frwr memory registration
sched/numa: Fix a possible divide-by-zero
ceph: only use d_name directly when parent is locked
ceph: ensure d_name stability in ceph_dentry_hash()
ceph: fix ci->i_head_snapc leak
nfsd: Don't release the callback slot unless it was actually held
sunrpc: don't mark uninitialised items as VALID.
Input: synaptics-rmi4 - write config register values to the right offset
dmaengine: sh: rcar-dmac: With cyclic DMA residue 0 is valid
ARM: 8857/1: efi: enable CP15 DMB instructions before cleaning the cache
drm/vc4: Fix memory leak during gpu reset.
drm/vc4: Fix compilation error reported by kbuild test bot
ext4: fix some error pointer dereferences
vsock/virtio: fix kernel panic from virtio_transport_reset_no_sock
tipc: handle the err returned from cmd header function
slip: make slhc_free() silently accept an error pointer
intel_th: gth: Fix an off-by-one in output unassigning
fs/proc/proc_sysctl.c: Fix a NULL pointer dereference
ipvs: fix warning on unused variable
sched/deadline: Correctly handle active 0-lag timers
NFS: Forbid setting AF_INET6 to "struct sockaddr_in"->sin_family.
netfilter: ebtables: CONFIG_COMPAT: drop a bogus WARN_ON
fm10k: Fix a potential NULL pointer dereference
tipc: check bearer name with right length in tipc_nl_compat_bearer_enable
tipc: check link name with right length in tipc_nl_compat_link_set
x86, retpolines: Raise limit for generating indirect calls from switch-case
x86/retpolines: Disable switch jump tables when retpolines are enabled
mm: Fix warning in insert_pfn()
ipv4: add sanity checks in ipv4_link_failure()
mlxsw: spectrum: Fix autoneg status in ethtool
net/mlx5e: ethtool, Remove unsupported SFP EEPROM high pages query
net: rds: exchange of 8K and 1M pool
net: stmmac: move stmmac_check_ether_addr() to driver probe
stmmac: pci: Adjust IOT2000 matching
team: fix possible recursive locking when add slaves
net/rose: fix unbound loop in rose_loopback_timer()
ipv4: set the tcp_min_rtt_wlen range from 0 to one day
powerpc/fsl: Add FSL_PPC_BOOK3E as supported arch for nospectre_v2 boot arg
Documentation: Add nospectre_v1 parameter
netfilter: nf_tables: warn when expr implements only one of activate/deactivate
net/ibmvnic: Fix RTNL deadlock during device reset
drm/rockchip: fix for mailbox read validation.
powerpc/vdso32: fix CLOCK_MONOTONIC on PPC64
perf/x86/intel: Enable C-state residency events for Cannon Lake
perf/x86/intel: Update KBL Package C-state events to also include PC8/PC9/PC10 counters
powerpc/mm/radix: Make Radix require HUGETLB_PAGE
workqueue: Try to catch flush_work() without INIT_WORK().
mlxsw: pci: Reincrease PCI reset timeout
mm: make page ref count overflow check tighter and more explicit
mm: add 'try_get_page()' helper function
mm: prevent get_user_pages() from overflowing page refcount
fs: prevent page refcount overflow in pipe_buf_get
ARM: dts: bcm283x: Fix hdmi hpd gpio pull
s390: limit brk randomization to 32MB
qlcnic: Avoid potential NULL pointer dereference
netfilter: nft_set_rbtree: check for inactive element after flag mismatch
netfilter: bridge: set skb transport_header before entering NF_INET_PRE_ROUTING
s390/qeth: fix race when initializing the IP address table
sc16is7xx: missing unregister/delete driver on error in sc16is7xx_init()
serial: ar933x_uart: Fix build failure with disabled console
KVM: arm/arm64: vgic-its: Take the srcu lock when parsing the memslots
usb: gadget: net2280: Fix overrun of OUT messages
usb: gadget: net2280: Fix net2280_dequeue()
usb: gadget: net2272: Fix net2272_dequeue()
ARM: dts: pfla02: increase phy reset duration
net: ks8851: Dequeue RX packets explicitly
net: ks8851: Reassert reset pin if chip ID check fails
net: ks8851: Delay requesting IRQ until opened
net: ks8851: Set initial carrier state to down
staging: rtl8188eu: Fix potential NULL pointer dereference of kcalloc
staging: rtlwifi: rtl8822b: fix to avoid potential NULL pointer dereference
staging: rtl8712: uninitialized memory in read_bbreg_hdl()
staging: rtlwifi: Fix potential NULL pointer dereference of kzalloc
net: macb: Add null check for PCLK and HCLK
net/sched: don't dereference a->goto_chain to read the chain index
ARM: dts: imx6qdl: Fix typo in imx6qdl-icore-rqs.dtsi
NFS: Fix a typo in nfs_init_timeout_values()
net: xilinx: fix possible object reference leak
net: ibm: fix possible object reference leak
net: ethernet: ti: fix possible object reference leak
gpio: aspeed: fix a potential NULL pointer dereference
drm/meson: Fix invalid pointer in meson_drv_unbind()
drm/meson: Uninstall IRQ handler
scsi: qla4xxx: fix a potential NULL pointer dereference
usb: usb251xb: fix to avoid potential NULL pointer dereference
usb: u132-hcd: fix resource leak
ceph: fix use-after-free on symlink traversal
scsi: zfcp: reduce flood of fcrscn1 trace records on multi-element RSCN
libata: fix using DMA buffers on stack
gpio: of: Fix of_gpiochip_add() error path
kconfig/[mn]conf: handle backspace (^H) key
ptrace: take into account saved_sigmask in PTRACE{GET,SET}SIGMASK
leds: pca9532: fix a potential NULL pointer dereference
KVM: arm64: Reset the PMU in preemptible context
KVM: arm/arm64: vgic-its: Take the srcu lock when writing to guest memory
scsi: aacraid: Insure we don't access PCIe space during AER/EEH
x86/realmode: Don't leak the trampoline kernel address
x86/mm: Don't exceed the valid physical address space
ipv4: ip_do_fragment: Preserve skb_iif during fragmentation
ipv6/flowlabel: wait rcu grace period before put_pid()
ipv6: invert flowlabel sharing check in process and user mode
l2ip: fix possible use-after-free
l2tp: use rcu_dereference_sk_user_data() in l2tp_udp_encap_recv()
net: dsa: bcm_sf2: fix buffer overflow doing set_rxnfc
net: phy: marvell: Fix buffer overrun with stats counters
sctp: avoid running the sctp state machine recursively
packet: validate msg_namelen in send directly
bnxt_en: Improve multicast address setup logic.
bnxt_en: Free short FW command HWRM memory in error path in bnxt_init_one()
ALSA: line6: use dynamic buffers
rxrpc: Fix net namespace cleanup
kasan: remove redundant initialization of variable 'real_size'
kasan: prevent compiler from optimizing away memset in tests
caif: reduce stack size with KASAN
ALSA: hda/realtek - Add new Dell platform for headset mode
USB: yurex: Fix protection fault after device removal
USB: w1 ds2490: Fix bug caused by improper use of altsetting array
usb: usbip: fix isoc packet num validation in get_pipe
USB: core: Fix unterminated string returned by usb_string()
USB: core: Fix bug caused by duplicate interface PM usage counter
nvme-loop: init nvmet_ctrl fatal_err_work when allocate
HID: logitech: check the return value of create_singlethread_workqueue
HID: debug: fix race condition with between rdesc_show() and device removal
rtc: sh: Fix invalid alarm warning for non-enabled alarm
batman-adv: Reduce claim hash refcnt only for removed entry
batman-adv: Reduce tt_local hash refcnt only for removed entry
batman-adv: Reduce tt_global hash refcnt only for removed entry
ARM: dts: rockchip: Fix gpu opp node names for rk3288
net/mlx5: E-Switch, Fix esw manager vport indication for more vport commands
bonding: show full hw address in sysfs for slave entries
net: stmmac: ratelimit RX error logs
net: stmmac: don't overwrite discard_frame status
net: stmmac: fix dropping of multi-descriptor RX frames
net: stmmac: don't log oversized frames
jffs2: fix use-after-free on symlink traversal
debugfs: fix use-after-free on symlink traversal
rtc: da9063: set uie_unsupported when relevant
HID: input: add mapping for Assistant key
vfio/pci: use correct format characters
scsi: core: add new RDAC LENOVO/DE_Series device
scsi: storvsc: Fix calculation of sub-channel count
net: hns: Fix WARNING when remove HNS driver with SMMU enabled
kmemleak: powerpc: skip scanning holes in the .bss section
hugetlbfs: fix memory leak for resv_map
sh: fix multiple function definition build errors
xsysace: Fix error handling in ace_setup
ARM: orion: don't use using 64-bit DMA masks
ARM: iop: don't use using 64-bit DMA masks
perf/x86/amd: Update generic hardware cache events for Family 17h
Bluetooth: btusb: request wake pin with NOAUTOEN
staging: iio: adt7316: allow adt751x to use internal vref for all dacs
staging: iio: adt7316: fix the dac read calculation
staging: iio: adt7316: fix the dac write calculation
scsi: RDMA/srpt: Fix a credit leak for aborted commands
ASoC: stm32: fix sai driver name initialisation
IB/core: Unregister notifier before freeing MAD security
IB/core: Fix potential memory leak while creating MAD agents
IB/core: Destroy QP if XRC QP fails
Input: snvs_pwrkey - initialize necessary driver data before enabling IRQ
Input: stmfts - acknowledge that setting brightness is a blocking call
selinux: never allow relabeling on context mounts
powerpc/mm/hash: Handle mmap_min_addr correctly in get_unmapped_area topdown search
x86/mce: Improve error message when kernel cannot recover, p2
clk: x86: Add system specific quirk to mark clocks as critical
i2c: i2c-stm32f7: Fix SDADEL minimum formula
media: v4l2: i2c: ov7670: Fix PLL bypass register values
mm/kmemleak.c: fix unused-function warning
mac80211: don't attempt to rename ERR_PTR() debugfs dirs
i2c: Remove unnecessary call to irq_find_mapping
i2c: Clear client->irq in i2c_device_remove
i2c: Allow recovery of the initial IRQ by an I2C client device.
i2c: Prevent runtime suspend of adapter when Host Notify is required
ALSA: hda/realtek - Apply the fixup for ASUS Q325UAR
USB: dummy-hcd: Fix failure to give back unlinked URBs
batman-adv: fix warning in function batadv_v_elp_get_throughput
riscv: fix accessing 8-byte variable from RV32
net: stmmac: don't stop NAPI processing when dropping a packet
mfd: twl-core: Disable IRQ while suspended
block: use blk_free_flush_queue() to free hctx->fq in blk_mq_init_hctx
arm/mach-at91/pm : fix possible object reference leak
fs: stream_open - opener for stream-like files so that read and write can run simultaneously without deadlock
block: pass no-op callback to INIT_WORK().
platform/x86: intel_pmc_core: Fix PCH IP name
platform/x86: intel_pmc_core: Handle CFL regmap properly
x86/mm: Fix a crash with kmemleak_scan()
Drivers: hv: vmbus: Remove the undesired put_cpu_ptr() in hv_synic_cleanup()
ubsan: Fix nasty -Wbuiltin-declaration-mismatch GCC-9 warnings
staging: greybus: power_supply: fix prop-descriptor request size
ASoC: hdmi-codec: fix S/PDIF DAI
ASoC:soc-pcm:fix a codec fixup issue in TDM case
ASoC: nau8824: fix the issue of the widget with prefix name
ASoC: nau8810: fix the issue of widget with prefixed name
ASoC: samsung: odroid: Fix clock configuration for 44100 sample rate
ASoC: wm_adsp: Add locking to wm_adsp2_bus_error
ASoC: cs4270: Set auto-increment bit for register writes
IB/hfi1: Eliminate opcode tests on mr deref
MIPS: KGDB: fix kgdb support for SMP platforms.
ASoC: tlv320aic32x4: Fix Common Pins
drm/mediatek: Fix an error code in mtk_hdmi_dt_parse_pdata()
perf/x86/intel: Fix handling of wakeup_events for multi-entry PEBS
perf/x86/intel: Initialize TFA MSR
linux/kernel.h: Use parentheses around argument in u64_to_user_ptr()
ASoC: rockchip: pdm: fix regmap_ops hang issue
slab: fix a crash by reading /proc/slab_allocators
virtio_pci: fix a NULL pointer reference in vp_del_vqs
RDMA/vmw_pvrdma: Fix memory leak on pvrdma_pci_remove
scsi: csiostor: fix missing data copy in csio_scsi_err_handler()
drm/mediatek: fix possible object reference leak
ASoC: Intel: kbl: fix wrong number of channels
virtio-blk: limit number of hw queues by nr_cpu_ids
platform/x86: pmc_atom: Drop __initconst on dmi table
genirq: Prevent use-after-free and work list corruption
usb: dwc3: Fix default lpm_nyet_threshold value
USB: serial: f81232: fix interrupt worker not stop
USB: cdc-acm: fix unthrottle races
usb-storage: Set virt_boundary_mask to avoid SG overflows
intel_th: pci: Add Comet Lake support
scsi: qla2xxx: Fix incorrect region-size setting in optrom SYSFS routines
UAS: fix alignment of scatter/gather segments
ASoC: Intel: avoid Oops if DMA setup fails
locking/futex: Allow low-level atomic operations to return -EAGAIN
arm64: futex: Bound number of LDXR/STXR loops in FUTEX_WAKE_OP
ASoC: tlv320aic3x: fix reset gpio reference counting
ASoC: stm32: sai: fix exposed capabilities in spdif mode
ASoC:intel:skl:fix a simultaneous playback & capture issue on hda platform
ASoC: dapm: Fix NULL pointer dereference in snd_soc_dapm_free_kcontrol
drm/omap: hdmi4_cec: Fix CEC clock handling for PM
IB/hfi1: Fix the allocation of RSM table
drm/amd/display: fix cursor black issue
objtool: Add machine_real_restart() to the noreturn list
objtool: Add rewind_stack_do_exit() to the noreturn list
RDMA/hns: Fix bug that caused srq creation to fail
perf/core: Fix perf_event_disable_inatomic() race
soc: sunxi: Fix missing dependency on REGMAP_MMIO
scsi: lpfc: change snprintf to scnprintf for possible overflow
UBUNTU: upstream stable to v4.14.119, v4.19.43

CVE References

Changed in linux (Ubuntu):
status: New → Confirmed
tags: added: kernel-stable-tracking-bug
description: updated
Changed in linux (Ubuntu Bionic):
status: New → In Progress
assignee: nobody → Kamal Mostafa (kamalmostafa)
description: updated
Changed in linux (Ubuntu Bionic):
status: In Progress → Fix Committed
Launchpad Janitor (janitor) wrote :
Download full text (235.3 KiB)

This bug was fixed in the package linux - 4.15.0-60.67

---------------
linux (4.15.0-60.67) bionic; urgency=medium

  * bionic/linux: 4.15.0-60.67 -proposed tracker (LP: #1841086)

  * [Regression] net test from ubuntu_kernel_selftests failed due to bpf test
    compilation issue (LP: #1840935)
    - SAUCE: Fix "bpf: relax verifier restriction on BPF_MOV | BPF_ALU"

  * [Regression] failed to compile seccomp test from ubuntu_kernel_selftests
    (LP: #1840932)
    - Revert "selftests: skip seccomp get_metadata test if not real root"

  * Packaging resync (LP: #1786013)
    - [Packaging] resync getabis

linux (4.15.0-59.66) bionic; urgency=medium

  * bionic/linux: 4.15.0-59.66 -proposed tracker (LP: #1840006)

  * zfs not completely removed from bionic tree (LP: #1840051)
    - SAUCE: (noup) remove completely the zfs code

  * Packaging resync (LP: #1786013)
    - [Packaging] update helper scripts

  * [18.04 FEAT] Enhanced hardware support (LP: #1836857)
    - s390: report new CPU capabilities
    - s390: add alignment hints to vector load and store

  * [18.04 FEAT] Enhanced CPU-MF hardware counters - kernel part (LP: #1836860)
    - s390/cpum_cf: Add support for CPU-MF SVN 6
    - s390/cpumf: Add extended counter set definitions for model 8561 and 8562

  * ideapad_laptop disables WiFi/BT radios on Lenovo Y540 (LP: #1837136)
    - platform/x86: ideapad-laptop: Remove no_hw_rfkill_list

  * Stacked onexec transitions fail when under NO NEW PRIVS restrictions
    (LP: #1839037)
    - SAUCE: apparmor: fix nnp subset check failure when, stacking

  * bcache: bch_allocator_thread(): hung task timeout (LP: #1784665) // Tight
    timeout for bcache removal causes spurious failures (LP: #1796292)
    - SAUCE: bcache: fix deadlock in bcache_allocator

  * bcache: bch_allocator_thread(): hung task timeout (LP: #1784665)
    - bcache: never writeback a discard operation
    - bcache: improve bcache_reboot()
    - bcache: fix writeback target calc on large devices
    - bcache: add journal statistic
    - bcache: fix high CPU occupancy during journal
    - bcache: use pr_info() to inform duplicated CACHE_SET_IO_DISABLE set
    - bcache: fix incorrect sysfs output value of strip size
    - bcache: fix error return value in memory shrink
    - bcache: fix using of loop variable in memory shrink
    - bcache: Fix indentation
    - bcache: Add __printf annotation to __bch_check_keys()
    - bcache: Annotate switch fall-through
    - bcache: Fix kernel-doc warnings
    - bcache: Remove an unused variable
    - bcache: Suppress more warnings about set-but-not-used variables
    - bcache: Reduce the number of sparse complaints about lock imbalances
    - bcache: Fix a compiler warning in bcache_device_init()
    - bcache: Move couple of string arrays to sysfs.c
    - bcache: Move couple of functions to sysfs.c
    - bcache: Replace bch_read_string_list() by __sysfs_match_string()

  * linux hwe i386 kernel 5.0.0-21.22~18.04.1 crashes on Lenovo x220
    (LP: #1838115)
    - x86/mm: Check for pfn instead of page in vmalloc_sync_one()
    - x86/mm: Sync also unmappings in vmalloc_sync_all()
    - mm/vmalloc.c: add priority threshold to __purge_vmap_area_lazy()...

Changed in linux (Ubuntu Bionic):
status: Fix Committed → Fix Released

Still occurring on 4.15.0-60-generic #67-Ubuntu SMP
Have attached the kernel panic

Kamal Mostafa (kamalmostafa) wrote :

@secretly: FYI, the panic you report in comment #2 was tracked as bug 1842447 and has been fixed and released in version 4.15.0-62.69.

To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers