Bionic update: upstream stable patchset 2019-08-01
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
linux (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned | ||
Bionic |
Fix Released
|
Undecided
|
Kamal Mostafa |
Bug Description
SRU Justification
Impact:
The upstream process for stable tree updates is quite similar
in scope to the Ubuntu SRU process, e.g., each patch has to
demonstrably fix a bug, and each patch is vetted by upstream
by originating either directly from a mainline/stable Linux tree or
a minimally backported form of that patch. The following upstream
stable patches should be included in the Ubuntu kernel:
upstream stable patchset 2019-08-01
Ported from the following upstream stable releases:
from git://git.
x86: Hide the int3_emulate_
ext4: do not delete unlinked inode from orphan list on failed truncate
f2fs: Fix use of number of devices
KVM: x86: fix return value for reserved EFER
bio: fix improper use of smp_mb_
sbitmap: fix improper use of smp_mb_
Revert "scsi: sd: Keep disk read-only when re-reading partition"
crypto: vmx - CTR: always increment IV as quadword
mmc: sdhci-iproc: cygnus: Set NO_HISPD bit to fix HS50 data hold time problem
mmc: sdhci-iproc: Set NO_HISPD bit to fix HS50 data hold time problem
kvm: svm/avic: fix off-by-one in checking host APIC ID
libnvdimm/pmem: Bypass CONFIG_
arm64/iommu: handle non-remapped addresses in ->mmap and ->get_sgtable
gfs2: Fix sign extension bug in gfs2_update_stats
Btrfs: do not abort transaction at btrfs_update_root() after failure to COW path
Btrfs: avoid fallback to transaction commit during fsync of files with holes
Btrfs: fix race between ranged fsync and writeback of adjacent ranges
btrfs: sysfs: Fix error path kobject memory leak
btrfs: sysfs: don't leak memory when failing add fsid
fbdev: fix divide error in fb_var_to_videomode
btrfs: honor path->skip_locking in backref code
fbdev: fix WARNING in __alloc_
media: cpia2: Fix use-after-free in cpia2_exit
media: serial_ir: Fix use-after-free in serial_
media: vivid: use vfree() instead of kfree() for dev->bitmap_cap
ssb: Fix possible NULL pointer dereference in ssb_host_
bpf: devmap: fix use-after-free Read in __dev_map_
batman-adv: mcast: fix multicast tt/tvlv worker locking
at76c50x-usb: Don't register led_trigger if usb_register_driver failed
net: erspan: fix use-after-free
gfs2: Fix lru_count going negative
cxgb4: Fix error path in cxgb4_init_module
NFS: make nfs_match_client killable
IB/hfi1: Fix WQ_MEM_RECLAIM warning
gfs2: Fix occasional glock use-after-free
mmc: core: Verify SD bus width
tools/bpf: fix perf build error with uClibc (seen on ARC)
dmaengine: tegra210-dma: free dma controller in remove()
net: ena: gcc 8: fix compilation warning
pinctrl: zte: fix leaked of_node references
ASoC: hdmi-codec: unlock the device on startup errors
powerpc/perf: Return accordingly on invalid chip-id in
powerpc/boot: Fix missing check of lseek() return value
ASoC: imx: fix fiq dependencies
spi: pxa2xx: fix SCR (divisor) calculation
brcm80211: potential NULL dereference in brcmf_cfg80211_
ACPI / property: fix handling of data_nodes in acpi_get_
ARM: vdso: Remove dependency with the arch_timer driver internals
arm64: Fix compiler warning from pte_unmap() with -Wunused-
sched/cpufreq: Fix kobject memleak
scsi: qla2xxx: Fix a qla24xx_
scsi: qla2xxx: Fix abort handling in tcm_qla2xxx_
scsi: qla2xxx: Avoid that lockdep complains about unsafe locking in tcm_qla2xxx_
Btrfs: fix data bytes_may_use underflow with fallocate due to failed quota reserve
btrfs: fix panic during relocation after ENOSPC before writeback happens
btrfs: Don't panic when we can't find a root key
iwlwifi: pcie: don't crash on invalid RX interrupt
rtc: 88pm860x: prevent use-after-free on device remove
scsi: qedi: Abort ep termination if offload not scheduled
w1: fix the resume command API
dmaengine: pl330: _stop: clear interrupt status
mac80211/cfg80211: update bss channel on channel switch
libbpf: fix samples/bpf build failure due to undefined UINT32_MAX
ASoC: fsl_sai: Update is_slave_mode with correct value
mwifiex: prevent an array overflow
net: cw1200: fix a NULL pointer dereference
crypto: sun4i-ss - Fix invalid calculation of hash end
bcache: return error immediately in bch_journal_
bcache: fix failure in journal relplay
bcache: add failure check to run_cache_set() for journal replay
bcache: avoid clang -Wunintialized warning
vfio-ccw: Do not call flush_workqueue while holding the spinlock
vfio-ccw: Release any channel program when releasing/removing vfio-ccw mdev
smpboot: Place the __percpu annotation correctly
x86/mm: Remove in_nmi() warning from 64-bit implementation of vmalloc_fault()
mm/uaccess: Use 'unsigned long' to placate UBSAN warnings on older GCC versions
HID: logitech-hidpp: use RAP instead of FAP to get the protocol version
pinctrl: pistachio: fix leaked of_node references
pinctrl: samsung: fix leaked of_node references
clk: rockchip: undo several noc and special clocks as critical on rk3288
dmaengine: at_xdmac: remove BUG_ON macro in tasklet
media: coda: clear error return value before picture run
media: ov6650: Move v4l2_clk_get() to ov6650_
media: au0828: stop video streaming only when last user stops
media: ov2659: make S_FMT succeed even if requested format doesn't match
audit: fix a memory leak bug
media: stm32-dcmi: fix crash when subdev do not expose any formats
media: au0828: Fix NULL pointer dereference in au0828_
media: pvrusb2: Prevent a buffer overflow
powerpc/64: Fix booting large kernels with STRICT_KERNEL_RWX
random: add a spinlock_t to struct batched_entropy
cgroup: protect cgroup-
sched/core: Check quota and period overflow at usec to nsec conversion
sched/rt: Check integer overflow at usec to nsec conversion
sched/core: Handle overflow in cpu_shares_
drm/msm: a5xx: fix possible object reference leak
USB: core: Don't unbind interfaces following device reset failure
x86/irq/64: Limit IST stack overflow check to #DB stack
phy: sun4i-usb: Make sure to disable PHY0 passby for peripheral mode
i40e: Able to add up to 16 MAC filters on an untrusted VF
i40e: don't allow changes to HW VLAN stripping on active port VLANs
arm64: vdso: Fix clock_getres() for CLOCK_REALTIME
RDMA/cxgb4: Fix null pointer dereference on alloc_skb failure
hwmon: (vt1211) Use request_
hwmon: (smsc47m1) Use request_
hwmon: (smsc47b397) Use request_
hwmon: (pc87427) Use request_
hwmon: (f71805f) Use request_
scsi: libsas: Do discovery on empty PHY to update PHY info
mmc: core: make pwrseq_emmc (partially) support sleepy GPIO controllers
mmc_spi: add a status check for spi_sync_locked
mmc: sdhci-of-esdhc: add erratum eSDHC5 support
mmc: sdhci-of-esdhc: add erratum A-009204 support
mmc: sdhci-of-esdhc: add erratum eSDHC-A001 and A-008358 support
drm/amdgpu: fix old fence check in amdgpu_fence_emit
PM / core: Propagate dev->power.
clk: rockchip: Fix video codec clocks on rk3288
extcon: arizona: Disable mic detect if running when driver is removed
clk: rockchip: Make rkpwm a critical clock on rk3288
s390: zcrypt: initialize variables before_use
x86/microcode: Fix the ancient deprecated microcode loading method
s390: cio: fix cio_irb declaration
cpufreq: ppc_cbe: fix possible object reference leak
cpufreq/pasemi: fix possible object reference leak
cpufreq: pmac32: fix possible object reference leak
cpufreq: kirkwood: fix possible object reference leak
block: sed-opal: fix IOC_OPAL_
x86/build: Keep local relocations with ld.lld
iio: ad_sigma_delta: Properly handle SPI bus locking vs CS assertion
iio: hmc5843: fix potential NULL pointer dereferences
iio: common: ssp_sensors: Initialize calculated_time in ssp_common_
rtlwifi: fix a potential NULL pointer dereference
mwifiex: Fix mem leak in mwifiex_tm_cmd
brcmfmac: fix missing checks for kmemdup
b43: shut up clang -Wuninitialized variable warning
brcmfmac: convert dev_init_lock mutex to completion
brcmfmac: fix WARNING during USB disconnect in case of unempty psq
brcmfmac: fix race during disconnect when USB completion is in progress
brcmfmac: fix Oops when bringing up interface during USB disconnect
rtc: xgene: fix possible race condition
rtlwifi: fix potential NULL pointer dereference
scsi: ufs: Fix regulator load and icc-level configuration
scsi: ufs: Avoid configuring regulator with undefined voltage range
arm64: cpu_ops: fix a leaked reference by adding missing of_node_put
x86/uaccess, signal: Fix AC=1 bloat
x86/ia32: Fix ia32_restore_
chardev: add additional check for minor range overlap
RDMA/hns: Fix bad endianess of port_pd variable
HID: core: move Usage Page concatenation to Main item
ASoC: eukrea-tlv320: fix a leaked reference by adding missing of_node_put
ASoC: fsl_utils: fix a leaked reference by adding missing of_node_put
cxgb3/l2t: Fix undefined behaviour
HID: logitech-hidpp: change low battery level threshold from 31 to 30 percent
spi: tegra114: reset controller on probe
kobject: Don't trigger kobject_
media: video-mux: fix null pointer dereferences
media: wl128x: prevent two potential buffer overflows
scsi: qedf: Add missing return in qedf_post_io_req() in the fcport offload check
virtio_console: initialize vtermno value for ports
tty: ipwireless: fix missing checks for ioremap
x86/mce: Fix machine_
rcutorture: Fix cleanup path for invalid torture_type strings
rcuperf: Fix cleanup path for invalid perf_type strings
usb: core: Add PM runtime calls to usb_hcd_
scsi: qla4xxx: avoid freeing unallocated dma memory
batman-adv: allow updating DAT entry timeouts on incoming ARP Replies
dmaengine: tegra210-adma: use devm_clk_*() helpers
hwrng: omap - Set default quality
thunderbolt: Fix to check for kmemdup failure
media: m88ds3103: serialize reset messages in m88ds3103_
media: vimc: stream: fix thread state before sleep
media: go7007: avoid clang frame overflow warning with KASAN
media: vimc: zero the media_device on probe
scsi: lpfc: Fix FDMI manufacturer attribute value
scsi: lpfc: Fix fc4type information for FDMI
media: saa7146: avoid high stack usage with clang
scsi: lpfc: Fix SLI3 commands being issued on SLI4 devices
spi : spi-topcliff-pch: Fix to handle empty DMA buffers
spi: rspi: Fix sequencer reset during initialization
spi: Fix zero length xfer bug
ASoC: davinci-mcasp: Fix clang warning without CONFIG_PM
drm/drv: Hold ref on parent device during drm_device lifetime
drm: Wake up next in drm_read() chain if we are forced to putback the event
vfio-ccw: Prevent quiesce function going into an infinite loop
NFS: Fix a double unlock from nfs_match,
ext4: wait for outstanding dio during truncate in nojournal mode
NFSv4.1 fix incorrect return value in copy_file_range
media: vb2: add waiting_in_dqbuf flag
acct_on(): don't mess with freeze protection
hv_netvsc: fix race that may miss tx queue wakeup
Bluetooth: Ignore CC events not matching the last HCI command
powerpc/perf: Fix loop exit condition in nest_imc_event_init
drm/nouveau/
media: stm32-dcmi: return appropriate error codes during probe
powerpc/watchdog: Use hrtimers for per-CPU heartbeat
scsi: qla2xxx: Fix hardirq-unsafe locking
x86/modules: Avoid breaking W^X while loading modules
sched/nohz: Run NOHZ idle load balancer on HK_FLAG_MISC CPUs
s390: qeth: address type mismatch warning
rsi: Fix NULL pointer dereference in kmalloc
nvme: set 0 capacity if namespace block size exceeds PAGE_SIZE
bcache: avoid potential memleak of list of journal_replay(s) in the CACHE_SYNC branch of run_cache_set
RDMA/cma: Consider scope_id while binding to ipv6 ll address
block: fix use-after-free on gendisk
staging: vc04_services: handle kzalloc failure
irq_work: Do not raise an IPI when queueing work on the local CPU
thunderbolt: Take domain lock in switch sysfs attribute callbacks
drm: etnaviv: avoid DMA API warning when importing buffers
ACPI/IORT: Reject platform device creation on NUMA node mapping failure
perf/x86/msr: Add Icelake support
perf/x86/
perf/x86/
drm/panel: otm8009a: Add delay at the end of initialization
thunderbolt: property: Fix a missing check of kzalloc
thunderbolt: Fix to check the return value of kmemdup
x86/mce: Handle varying MCA bank counts
scsi: lpfc: avoid uninitialized variable warning
thunderbolt: Fix to check return value of ida_simple_get
drm/amd/display: fix releasing planes when exiting odm
thunderbolt: property: Fix a NULL pointer dereference
e1000e: Disable runtime PM on CNP+
igb: Exclude device from suspend direct complete optimization
media: si2165: fix a missing check of return value
drm/amd/display: Fix Divide by 0 in memory calculations
spi: imx: stop buffer overflow in RX FIFO flush
bonding/802.3ad: fix slave link initialization transition states
cxgb4: offload VLAN flows regardless of VLAN ethtype
inet: switch IP ID generator to siphash
ipv4/igmp: fix another memory leak in igmpv3_del_delrec()
ipv4/igmp: fix build error if !CONFIG_
ipv6: Consider sk_bound_dev_if when binding a raw socket to an address
llc: fix skb leak in llc_build_
net: dsa: mv88e6xxx: fix handling of upper half of STATS_TYPE_PORT
net: fec: fix the clk mismatch in failed_reset path
net-gro: fix use-after-free read in napi_gro_frags()
net: mvneta: Fix err code path of probe
net: mvpp2: fix bad MVPP2_TXQ_
net: phy: marvell10g: report if the PHY fails to boot firmware
net: stmmac: fix reset gpio free missing
usbnet: fix kernel crash after disconnect
tipc: Avoid copying bytes beyond the supplied data
net/mlx5: Allocate root ns memory using kzalloc to match kfree
bnxt_en: Fix aggregation buffer leak under OOM condition.
crypto: vmx - ghash: do nosimd fallback manually
include/
compiler.h: give up __compiletime_
xen/pciback: Don't disable PCI_COMMAND on PCI device reset.
tipc: fix modprobe tipc failed after switch order of device registration
sparc64: Fix regression in non-hypervisor TLB flush xcall
include/
xhci: update bounce buffer with correct sg num
xhci: Use %zu for printing size_t type
xhci: Convert xhci_handshake() to use readl_poll_
usb: xhci: avoid null pointer deref when bos field is NULL
usbip: usbip_host: fix BUG: sleeping function called from invalid context
usbip: usbip_host: fix stub_dev lock context imbalance regression
USB: Fix slab-out-of-bounds write in usb_get_
USB: sisusbvga: fix oops in error path of sisusb_probe
USB: Add LPM quirk for Surface Dock GigE adapter
USB: rio500: refuse more than one device at a time
USB: rio500: fix memory leak in close after disconnect
media: usb: siano: Fix general protection fault in smsusb
media: usb: siano: Fix false-positive "uninitialized variable" warning
media: smsusb: better handle optional alignment
scsi: zfcp: fix missing zfcp_port reference put on -EBUSY from port_remove
scsi: zfcp: fix to prevent port_remove with pure auto scan LUNs (only sdevs)
Btrfs: fix wrong ctime and mtime of a directory after log replay
Btrfs: fix race updating log root item during fsync
Btrfs: fix fsync not persisting changed attributes of a directory
Btrfs: incremental send, fix file corruption when no-holes feature is enabled
KVM: PPC: Book3S HV: XIVE: Do not clear IRQ data of passthrough interrupts
powerpc/perf: Fix MMCRA corruption by bhrb_filter
ALSA: hda/realtek - Set default power save node to 0
KVM: s390: Do not report unusabled IDs via KVM_CAP_MAX_VCPU_ID
drm/nouveau/i2c: Disable i2c bus access after ->fini()
tty: serial: msm_serial: Fix XON/XOFF
tty: max310x: Fix external crystal register setup
memcg: make it work on sparse non-0-node systems
kernel/signal.c: trace_signal_
docs: Fix conf.py for Sphinx 2.0
doc: Cope with the deprecation of AutoReporter
doc: Cope with Sphinx logging deprecations
ima: show rules with IMA_INMASK correctly
serial: sh-sci: disable DMA for uart_console
staging: vc04_services: prevent integer overflow in create_pagelist()
staging: wlan-ng: fix adapter initialization failure
CIFS: cifs_read_
gcc-plugins: Fix build failures under Darwin host
drm/vmwgfx: Don't send drm sysfs hotplug events on initial master set
drm/rockchip: shutdown drm subsystem on shutdown
Compiler Attributes: add support for __copy (gcc >= 9)
include/
binder: fix race between munmap() and direct reclaim
media: uvcvideo: Fix uvc_alloc_entity() allocation alignment
brcmfmac: fix NULL pointer derefence during USB disconnect
iio: dac: ds4422/ds4424 fix chip verification
s390/crypto: fix possible sleep during spinlock aquired
ALSA: line6: Assure canceling delayed work at disconnection
vt/fbcon: deinitialize resources in visual_init() after failed memory allocation
cifs: fix memory leak of pneg_inbuf on -EOPNOTSUPP ioctl case
x86/ftrace: Do not call function graph from dynamic trampolines
x86/ftrace: Set trampoline pages as executable
x86/kprobes: Set instruction page as executable
of: overlay: validate overlay properties #address-cells and #size-cells
of: overlay: set node fields from properties when add new overlay node
ethtool: fix potential userspace buffer overflow
Fix memory leak in sctp_process_init
neighbor: Call __ipv4_
net/mlx4_en: ethtool, Remove unsupported SFP EEPROM high pages query
net: rds: fix memory leak in rds_ib_
pktgen: do not sleep with the thread lock held.
ipv6: fix EFAULT on sendto with icmpv6 and hdrincl
ipv6: use READ_ONCE() for inet->hdrincl as in ipv4
net: sfp: read eeprom in maximum 16 byte increments
ipv6: fix the check before getting the cookie in rt6_get_cookie
rcu: locking and unlocking need to always be at least barriers
parisc: Use implicit space register selection for loading the coherence index of I/O pdirs
fuse: fallocate: fix return with locked inode
pstore: Remove needless lock during console writes
pstore: Convert buf_lock to semaphore
pstore/ram: Run without kernel crash dump region
x86/power: Fix 'nosmt' vs hibernation triple fault during resume
i2c: xiic: Add max_read_len quirk
MIPS: Bounds check virt_addr_valid
MIPS: pistachio: Build uImage.gz by default
genwqe: Prevent an integer overflow in the ioctl
test_firmware: Use correct snprintf() limit
drm/gma500/cdv: Check vbt config bits when detecting lvds panels
drm/amdgpu/psp: move psp version specific function pointers to early_init
drm/i915: Fix I915_EXEC_RING_MASK
drm/i915/fbc: disable framebuffer compression on GeminiLake
TTY: serial_core, add ->install
qmi_wwan: Add quirk for Quectel dynamic config
ipv4: Define __ipv4_
ethtool: check the return value of get_regs_len
net: ethernet: ti: cpsw_ethtool: fix ethtool ring param set
net: mvpp2: Use strscpy to handle stat strings
packet: unconditionally free po->rollover
NFSv4.1: Again fix a race where CB_NOTIFY_LOCK fails to wake a waiter
NFSv4.1: Fix bug only first CB_NOTIFY_LOCK is handled
s390/mm: fix address space detection in exception handling
drm/msm: fix fb references in async update
drm: add non-desktop quirk for Valve HMDs
drm: add non-desktop quirks to Sensics and OSVR headsets.
drm/amdgpu: remove ATPX_DGPU_
UBUNTU: upstream stable to v4.14.125, v4.19.50
CVE References
Changed in linux (Ubuntu): | |
status: | New → Confirmed |
tags: | added: kernel-stable-tracking-bug |
description: | updated |
Changed in linux (Ubuntu Bionic): | |
status: | New → In Progress |
assignee: | nobody → Kamal Mostafa (kamalmostafa) |
description: | updated |
Changed in linux (Ubuntu Bionic): | |
status: | In Progress → Fix Committed |
Changed in linux (Ubuntu): | |
status: | Confirmed → Fix Released |
This bug was fixed in the package linux - 4.15.0-60.67
---------------
linux (4.15.0-60.67) bionic; urgency=medium
* bionic/linux: 4.15.0-60.67 -proposed tracker (LP: #1841086)
* [Regression] net test from ubuntu_ kernel_ selftests failed due to bpf test
compilation issue (LP: #1840935)
- SAUCE: Fix "bpf: relax verifier restriction on BPF_MOV | BPF_ALU"
* [Regression] failed to compile seccomp test from ubuntu_ kernel_ selftests
(LP: #1840932)
- Revert "selftests: skip seccomp get_metadata test if not real root"
* Packaging resync (LP: #1786013)
- [Packaging] resync getabis
linux (4.15.0-59.66) bionic; urgency=medium
* bionic/linux: 4.15.0-59.66 -proposed tracker (LP: #1840006)
* zfs not completely removed from bionic tree (LP: #1840051)
- SAUCE: (noup) remove completely the zfs code
* Packaging resync (LP: #1786013)
- [Packaging] update helper scripts
* [18.04 FEAT] Enhanced hardware support (LP: #1836857)
- s390: report new CPU capabilities
- s390: add alignment hints to vector load and store
* [18.04 FEAT] Enhanced CPU-MF hardware counters - kernel part (LP: #1836860)
- s390/cpum_cf: Add support for CPU-MF SVN 6
- s390/cpumf: Add extended counter set definitions for model 8561 and 8562
* ideapad_laptop disables WiFi/BT radios on Lenovo Y540 (LP: #1837136)
- platform/x86: ideapad-laptop: Remove no_hw_rfkill_list
* Stacked onexec transitions fail when under NO NEW PRIVS restrictions
(LP: #1839037)
- SAUCE: apparmor: fix nnp subset check failure when, stacking
* bcache: bch_allocator_ thread( ): hung task timeout (LP: #1784665) // Tight
timeout for bcache removal causes spurious failures (LP: #1796292)
- SAUCE: bcache: fix deadlock in bcache_allocator
* bcache: bch_allocator_ thread( ): hung task timeout (LP: #1784665) IO_DISABLE set device_ init() string_ list() by __sysfs_ match_string( )
- bcache: never writeback a discard operation
- bcache: improve bcache_reboot()
- bcache: fix writeback target calc on large devices
- bcache: add journal statistic
- bcache: fix high CPU occupancy during journal
- bcache: use pr_info() to inform duplicated CACHE_SET_
- bcache: fix incorrect sysfs output value of strip size
- bcache: fix error return value in memory shrink
- bcache: fix using of loop variable in memory shrink
- bcache: Fix indentation
- bcache: Add __printf annotation to __bch_check_keys()
- bcache: Annotate switch fall-through
- bcache: Fix kernel-doc warnings
- bcache: Remove an unused variable
- bcache: Suppress more warnings about set-but-not-used variables
- bcache: Reduce the number of sparse complaints about lock imbalances
- bcache: Fix a compiler warning in bcache_
- bcache: Move couple of string arrays to sysfs.c
- bcache: Move couple of functions to sysfs.c
- bcache: Replace bch_read_
* linux hwe i386 kernel 5.0.0-21.22~18.04.1 crashes on Lenovo x220 vmap_area_ lazy(). ..
(LP: #1838115)
- x86/mm: Check for pfn instead of page in vmalloc_sync_one()
- x86/mm: Sync also unmappings in vmalloc_sync_all()
- mm/vmalloc.c: add priority threshold to __purge_