Bug #1843291 “Add -fcf-protection=none when using retpoline flag...” : Bugs : linux package : Ubuntu

Kleber Sacilotto de Souza (kleber-souza) on 2019-09-27

Changed in linux (Ubuntu Disco):
status:	New → Fix Committed
Changed in linux (Ubuntu Bionic):
status:	New → Fix Committed

Revision history for this message

Ubuntu Kernel Bot (ubuntu-kernel-bot) wrote on 2019-10-02:

#1

This bug is awaiting verification that the kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-bionic' to 'verification-done-bionic'. If the problem still exists, change the tag 'verification-needed-bionic' to 'verification-failed-bionic'.

If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you!

tags:

added: verification-needed-bionic

Revision history for this message

Ubuntu Kernel Bot (ubuntu-kernel-bot) wrote on 2019-10-04:

#2

This bug is awaiting verification that the kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-disco' to 'verification-done-disco'. If the problem still exists, change the tag 'verification-needed-disco' to 'verification-failed-disco'.

If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you!

tags:

added: verification-needed-disco

Revision history for this message

Kleber Sacilotto de Souza (kleber-souza) wrote on 2019-10-11:

#3

Running kernel 5.0.0-31-generic in a Eoan install I get the following error when I try to install lttng-modules-dkms:

CC [M] /var/lib/dkms/lttng-modules/2.10.8/build/lib/ringbuffer/ring_buffer_backend.o
In file included from ./include/linux/export.h:45,
                 from ./include/linux/linkage.h:7,
                 from ./include/linux/kernel.h:7,
                 from ./include/linux/list.h:9,
                 from ./include/linux/module.h:9,
                 from /var/lib/dkms/lttng-modules/2.10.8/build/lib/ringbuffer/ring_buffer_backend.c:2
2:
./include/linux/compiler.h: In function ‘__read_once_size’:
./include/linux/compiler.h:192:1: error: ‘-mindirect-branch’ and ‘-fcf-protection’ are not compatible
  192 | {
      | ^

With kernel 5.0.0-32-generic the modules are built and loaded successfully.

Therefore I'm marking verification-done for Disco.

tags:

added: verification-done-disco
removed: verification-needed-disco

Revision history for this message

Kleber Sacilotto de Souza (kleber-souza) wrote on 2019-10-11:

#4

Confirmed to be also fixed with Bionic kernel. Fails with 4.15.0-65, fixed with 4.15.0-66.

tags:

added: verification-done-bionic
removed: verification-needed-bionic

Revision history for this message

Launchpad Janitor (janitor) wrote on 2019-10-16:

#5

Download full text (22.6 KiB)

This bug was fixed in the package linux - 5.0.0-32.34

---------------
linux (5.0.0-32.34) disco; urgency=medium

* disco/linux: 5.0.0-32.34 -proposed tracker (LP: #1846097)

* CVE-2019-14814 // CVE-2019-14815 // CVE-2019-14816
- mwifiex: Fix three heap overflow at parsing element in cfg80211_ap_settings

* CVE-2019-15505
- media: technisat-usb2: break out of loop at end of buffer

* CVE-2019-2181
- binder: check for overflow when alloc for security context

  * Support Hi1620 zip hw accelerator (LP: #1845355)
    - [Config] Enable HiSilicon QM/ZIP as modules
    - crypto: hisilicon - add queue management driver for HiSilicon QM module
    - crypto: hisilicon - add hardware SGL support
    - crypto: hisilicon - add HiSilicon ZIP accelerator support
    - crypto: hisilicon - add SRIOV support for ZIP
    - Documentation: Add debugfs doc for hisi_zip
    - crypto: hisilicon - add debugfs for ZIP and QM
    - MAINTAINERS: add maintainer for HiSilicon QM and ZIP controller driver
    - crypto: hisilicon - fix kbuild warnings
    - crypto: hisilicon - add dependency for CRYPTO_DEV_HISI_ZIP
    - crypto: hisilicon - init curr_sgl_dma to fix compile warning
    - crypto: hisilicon - add missing single_release
    - crypto: hisilicon - fix error handle in hisi_zip_create_req_q
    - crypto: hisilicon - Fix warning on printing %p with dma_addr_t
    - crypto: hisilicon - Fix return value check in hisi_zip_acompress()
    - crypto: hisilicon - avoid unused function warning

  * xfrm interface: several kernel panic (LP: #1836261)
    - xfrm interface: fix memory leak on creation
    - xfrm interface: avoid corruption on changelink
    - xfrm interface: ifname may be wrong in logs
    - xfrm interface: fix list corruption for x-netns
    - xfrm interface: fix management of phydev

* shiftfs: drop entries from cache on unlink (LP: #1841977)
- SAUCE: shiftfs: fix buggy unlink logic

* shiftfs: mark kmem_cache as reclaimable (LP: #1842059)
- SAUCE: shiftfs: mark slab objects SLAB_RECLAIM_ACCOUNT

  * Suspend to RAM(S3) does not wake up for latest megaraid and mpt3sas
    adapters(SAS3.5 onwards) (LP: #1838751)
    - PCI: Restore Resizable BAR size bits correctly for 1MB BARs

  * No sound inputs from the external microphone and headset on a Dell machine
    (LP: #1842265)
    - ALSA: hda - Expand pin_match function to match upcoming new tbls
    - ALSA: hda - Define a fallback_pin_fixup_tbl for alc269 family

* Add -fcf-protection=none when using retpoline flags (LP: #1843291)
- SAUCE: kbuild: add -fcf-protection=none when using retpoline flags

  * Disco update: upstream stable patchset 2019-09-25 (LP: #1845390)
    - bridge/mdb: remove wrong use of NLM_F_MULTI
    - cdc_ether: fix rndis support for Mediatek based smartphones
    - ipv6: Fix the link time qualifier of 'ping_v6_proc_exit_net()'
    - isdn/capi: check message length in capi_write()
    - ixgbe: Fix secpath usage for IPsec TX offload.
    - net: Fix null de-reference of device refcount
    - net: gso: Fix skb_segment splat when splitting gso_size mangled skb having
      linear-headed frag_list
    - net: phylink: Fix flow control resolution
    - net: s...

This bug was fixed in the package linux - 5.0.0-32.34

---------------
linux (5.0.0-32.34) disco; urgency=medium

* disco/linux: 5.0.0-32.34 -proposed tracker (LP: #1846097)

* CVE-2019-14814 // CVE-2019-14815 // CVE-2019-14816
    - mwifiex: Fix three heap overflow at parsing element in cfg80211_ap_settings

* CVE-2019-15505
    - media: technisat-usb2: break out of loop at end of buffer

* CVE-2019-2181
    - binder: check for overflow when alloc for security context

* Support Hi1620 zip hw accelerator (LP: #1845355)
    - [Config] Enable HiSilicon QM/ZIP as modules
    - crypto: hisilicon - add queue management driver for HiSilicon QM module
    - crypto: hisilicon - add hardware SGL support
    - crypto: hisilicon - add HiSilicon ZIP accelerator support
    - crypto: hisilicon - add SRIOV support for ZIP
    - Documentation: Add debugfs doc for hisi_zip
    - crypto: hisilicon - add debugfs for ZIP and QM
    - MAINTAINERS: add maintainer for HiSilicon QM and ZIP controller driver
    - crypto: hisilicon - fix kbuild warnings
    - crypto: hisilicon - add dependency for CRYPTO_DEV_HISI_ZIP
    - crypto: hisilicon - init curr_sgl_dma to fix compile warning
    - crypto: hisilicon - add missing single_release
    - crypto: hisilicon - fix error handle in hisi_zip_create_req_q
    - crypto: hisilicon - Fix warning on printing %p with dma_addr_t
    - crypto: hisilicon - Fix return value check in hisi_zip_acompress()
    - crypto: hisilicon - avoid unused function warning

* xfrm interface: several kernel panic (LP: #1836261)
    - xfrm interface: fix memory leak on creation
    - xfrm interface: avoid corruption on changelink
    - xfrm interface: ifname may be wrong in logs
    - xfrm interface: fix list corruption for x-netns
    - xfrm interface: fix management of phydev

* shiftfs: drop entries from cache on unlink (LP: #1841977)
    - SAUCE: shiftfs: fix buggy unlink logic

* shiftfs: mark kmem_cache as reclaimable (LP: #1842059)
    - SAUCE: shiftfs: mark slab objects SLAB_RECLAIM_ACCOUNT

*  Suspend to RAM(S3) does not wake up for latest megaraid and mpt3sas
    adapters(SAS3.5 onwards) (LP: #1838751)
    - PCI: Restore Resizable BAR size bits correctly for 1MB BARs

* No sound inputs from the external microphone and headset on a Dell machine
    (LP: #1842265)
    - ALSA: hda - Expand pin_match function to match upcoming new tbls
    - ALSA: hda - Define a fallback_pin_fixup_tbl for alc269 family

* Add -fcf-protection=none when using retpoline flags (LP: #1843291)
    - SAUCE: kbuild: add -fcf-protection=none when using retpoline flags

* Disco update: upstream stable patchset 2019-09-25 (LP: #1845390)
    - bridge/mdb: remove wrong use of NLM_F_MULTI
    - cdc_ether: fix rndis support for Mediatek based smartphones
    - ipv6: Fix the link time qualifier of 'ping_v6_proc_exit_net()'
    - isdn/capi: check message length in capi_write()
    - ixgbe: Fix secpath usage for IPsec TX offload.
    - net: Fix null de-reference of device refcount
    - net: gso: Fix skb_segment splat when splitting gso_size mangled skb having
      linear-headed frag_list
    - net: phylink: Fix flow control resolution
    - net: sched: fix reordering issues
    - sch_hhf: ensure quantum and hhf_non_hh_weight are non-zero
    - sctp: Fix the link time qualifier of 'sctp_ctrlsock_exit()'
    - sctp: use transport pf_retrans in sctp_do_8_2_transport_strike
    - tcp: fix tcp_ecn_withdraw_cwr() to clear TCP_ECN_QUEUE_CWR
    - tipc: add NULL pointer check before calling kfree_rcu
    - tun: fix use-after-free when register netdev failed
    - gpiolib: acpi: Add gpiolib_acpi_run_edge_events_on_boot option and blacklist
    - gpio: fix line flag validation in linehandle_create
    - Btrfs: fix assertion failure during fsync and use of stale transaction
    - ixgbe: Prevent u8 wrapping of ITR value to something less than 10us
    - genirq: Prevent NULL pointer dereference in resend_irqs()
    - KVM: s390: kvm_s390_vm_start_migration: check dirty_bitmap before using it
      as target for memset()
    - KVM: s390: Do not leak kernel stack data in the KVM_S390_INTERRUPT ioctl
    - KVM: x86: work around leak of uninitialized stack contents
    - KVM: nVMX: handle page fault in vmread
    - x86/purgatory: Change compiler flags from -mcmodel=kernel to -mcmodel=large
      to fix kexec relocation errors
    - powerpc: Add barrier_nospec to raw_copy_in_user()
    - drm/meson: Add support for XBGR8888 & ABGR8888 formats
    - clk: rockchip: Don't yell about bad mmc phases when getting
    - mtd: rawnand: mtk: Fix wrongly assigned OOB buffer pointer issue
    - PCI: Always allow probing with driver_override
    - gpio: fix line flag validation in lineevent_create
    - ubifs: Correctly use tnc_next() in search_dh_cookie()
    - driver core: Fix use-after-free and double free on glue directory
    - crypto: talitos - check AES key size
    - crypto: talitos - fix CTR alg blocksize
    - crypto: talitos - check data blocksize in ablkcipher.
    - crypto: talitos - fix ECB algs ivsize
    - crypto: talitos - Do not modify req->cryptlen on decryption.
    - crypto: talitos - HMAC SNOOP NO AFEU mode requires SW icv checking.
    - firmware: ti_sci: Always request response from firmware
    - drm: panel-orientation-quirks: Add extra quirk table entry for GPD MicroPC
    - drm/mediatek: mtk_drm_drv.c: Add of_node_put() before goto
    - Revert "Bluetooth: btusb: driver to enable the usb-wakeup feature"
    - iio: adc: stm32-dfsdm: fix data type
    - modules: fix BUG when load module with rodata=n
    - modules: fix compile error if don't have strict module rwx
    - platform/x86: pmc_atom: Add CB4063 Beckhoff Automation board to
      critclk_systems DMI table
    - rsi: fix a double free bug in rsi_91x_deinit()
    - x86/build: Add -Wnoaddress-of-packed-member to REALMODE_CFLAGS, to silence
      GCC9 build warning
    - ixgbevf: Fix secpath usage for IPsec Tx offload
    - net: fixed_phy: Add forward declaration for struct gpio_desc;
    - net: sock_map, fix missing ulp check in sock hash case
    - Revert "mmc: bcm2835: Terminate timeout work synchronously"
    - mmc: tmio: Fixup runtime PM management during probe
    - mmc: tmio: Fixup runtime PM management during remove
    - drm/i915: Restore relaxed padding (OCL_OOB_SUPPRES_ENABLE) for skl+
    - ixgbe: fix double clean of Tx descriptors with xdp
    - mt76: mt76x0e: disable 5GHz band for MT7630E
    - x86/ima: check EFI SetupMode too
    - kvm: nVMX: Remove unnecessary sync_roots from handle_invept
    - KVM: SVM: Fix detection of AMD Errata 1096

* Disco update: upstream stable patchset 2019-09-19 (LP: #1844722)
    - ALSA: hda - Fix potential endless loop at applying quirks
    - ALSA: hda/realtek - Fix overridden device-specific initialization
    - ALSA: hda/realtek - Add quirk for HP Pavilion 15
    - ALSA: hda/realtek - Enable internal speaker & headset mic of ASUS UX431FL
    - ALSA: hda/realtek - Fix the problem of two front mics on a ThinkCentre
    - sched/fair: Don't assign runtime for throttled cfs_rq
    - drm/vmwgfx: Fix double free in vmw_recv_msg()
    - vhost/test: fix build for vhost test
    - vhost/test: fix build for vhost test - again
    - batman-adv: fix uninit-value in batadv_netlink_get_ifindex()
    - batman-adv: Only read OGM tvlv_len after buffer len check
    - timekeeping: Use proper ktime_add when adding nsecs in coarse offset
    - selftests: fib_rule_tests: use pre-defined DEV_ADDR
    - powerpc/64: mark start_here_multiplatform as __ref
    - media: stm32-dcmi: fix irq = 0 case
    - scripts/decode_stacktrace: match basepath using shell prefix operator, not
      regex
    - nvme-fc: use separate work queue to avoid warning
    - modules: always page-align module section allocations
    - kernel/module: Fix mem leak in module_add_modinfo_attrs
    - drm/vblank: Allow dynamic per-crtc max_vblank_count
    - mfd: Kconfig: Fix I2C_DESIGNWARE_PLATFORM dependencies
    - tpm: Fix some name collisions with drivers/char/tpm.h
    - drm/nouveau: Don't WARN_ON VCPI allocation failures
    - drm: add __user attribute to ptr_to_compat()
    - drm/i915: Handle vm_mmap error during I915_GEM_MMAP ioctl with WC set
    - drm/i915: Sanity check mmap length against object size
    - arm64: dts: stratix10: add the sysmgr-syscon property from the gmac's
    - kvm: mmu: Fix overflow on kvm mmu page limit calculation
    - KVM: x86: Always use 32-bit SMRAM save state for 32-bit kernels
    - media: i2c: tda1997x: select V4L2_FWNODE
    - ext4: protect journal inode's blocks using block_validity
    - ARM: dts: qcom: ipq4019: Fix MSI IRQ type
    - dt-bindings: mmc: Add supports-cqe property
    - dt-bindings: mmc: Add disable-cqe-dcmd property.
    - dm mpath: fix missing call of path selector type->end_io
    - mmc: sdhci-pci: Add support for Intel CML
    - PCI: dwc: Use devm_pci_alloc_host_bridge() to simplify code
    - cifs: smbd: take an array of reqeusts when sending upper layer data
    - drm/amdkfd: Add missing Polaris10 ID
    - kvm: Check irqchip mode before assign irqfd
    - Btrfs: fix race between block group removal and block group allocation
    - cifs: add spinlock for the openFileList to cifsInodeInfo
    - ceph: use ceph_evict_inode to cleanup inode's resource
    - KVM: x86: optimize check for valid PAT value
    - KVM: VMX: Always signal #GP on WRMSR to MSR_IA32_CR_PAT with bad value
    - btrfs: correctly validate compression type
    - dm thin metadata: check if in fail_io mode when setting needs_check
    - bcache: only clear BTREE_NODE_dirty bit when it is set
    - bcache: add comments for mutex_lock(&b->write_lock)
    - bcache: fix race in btree_flush_write()
    - drm/i915: Make sure cdclk is high enough for DP audio on VLV/CHV
    - virtio/s390: fix race on airq_areas[]
    - ext4: don't perform block validity checks on the journal inode
    - ext4: fix block validity checks for journal inodes using indirect blocks
    - ext4: unsigned int compared against zero
    - PCI: Reset both NVIDIA GPU and HDA in ThinkPad P50 workaround
    - gpio: pca953x: correct type of reg_direction
    - gpio: pca953x: use pca953x_read_regs instead of regmap_bulk_read
    - drm/nouveau/sec2/gp102: add missing MODULE_FIRMWAREs
    - powerpc/64e: Drop stale call to smp_processor_id() which hangs SMP startup
    - drm/i915: Disable SAMPLER_STATE prefetching on all Gen11 steppings.
    - mmc: sdhci-sprd: Fix the incorrect soft reset operation when runtime
      resuming
    - usb: chipidea: imx: add imx7ulp support
    - usb: chipidea: imx: fix EPROBE_DEFER support during driver probe

* Disco update: upstream stable patchset 2019-09-11 (LP: #1843622)
    - dmaengine: ste_dma40: fix unneeded variable warning
    - nvme-multipath: revalidate nvme_ns_head gendisk in nvme_validate_ns
    - afs: Fix the CB.ProbeUuid service handler to reply correctly
    - afs: Fix loop index mixup in afs_deliver_vl_get_entry_by_name_u()
    - fs: afs: Fix a possible null-pointer dereference in afs_put_read()
    - afs: Only update d_fsdata if different in afs_d_revalidate()
    - nvmet-loop: Flush nvme_delete_wq when removing the port
    - nvme: fix a possible deadlock when passthru commands sent to a multipath
      device
    - nvme-pci: Fix async probe remove race
    - soundwire: cadence_master: fix register definition for SLAVE_STATE
    - soundwire: cadence_master: fix definitions for INTSTAT0/1
    - auxdisplay: panel: need to delete scan_timer when misc_register fails in
      panel_attach
    - dmaengine: stm32-mdma: Fix a possible null-pointer dereference in
      stm32_mdma_irq_handler()
    - omap-dma/omap_vout_vrfb: fix off-by-one fi value
    - iommu/dma: Handle SG length overflow better
    - usb: gadget: composite: Clear "suspended" on reset/disconnect
    - usb: gadget: mass_storage: Fix races between fsg_disable and fsg_set_alt
    - xen/blkback: fix memory leaks
    - arm64: cpufeature: Don't treat granule sizes as strict
    - i2c: rcar: avoid race when unregistering slave client
    - i2c: emev2: avoid race when unregistering slave client
    - drm/ast: Fixed reboot test may cause system hanged
    - usb: host: fotg2: restart hcd after port reset
    - tools: hv: fixed Python pep8/flake8 warnings for lsvmbus
    - tools: hv: fix KVP and VSS daemons exit code
    - watchdog: bcm2835_wdt: Fix module autoload
    - drm/bridge: tfp410: fix memleak in get_modes()
    - scsi: ufs: Fix RX_TERMINATION_FORCE_ENABLE define value
    - drm/tilcdc: Register cpufreq notifier after we have initialized crtc
    - net/tls: swap sk_write_space on close
    - net: tls, fix sk_write_space NULL write when tx disabled
    - ipv6/addrconf: allow adding multicast addr if IFA_F_MCAUTOJOIN is set
    - ipv6: Default fib6_type to RTN_UNICAST when not set
    - net/smc: make sure EPOLLOUT is raised
    - tcp: make sure EPOLLOUT wont be missed
    - ipv4/icmp: fix rt dst dev null pointer dereference
    - mm/zsmalloc.c: fix build when CONFIG_COMPACTION=n
    - ALSA: usb-audio: Check mixer unit bitmap yet more strictly
    - ALSA: line6: Fix memory leak at line6_init_pcm() error path
    - ALSA: hda - Fixes inverted Conexant GPIO mic mute led
    - ALSA: seq: Fix potential concurrent access to the deleted pool
    - ALSA: usb-audio: Fix invalid NULL check in snd_emuusb_set_samplerate()
    - ALSA: usb-audio: Add implicit fb quirk for Behringer UFX1604
    - kvm: x86: skip populating logical dest map if apic is not sw enabled
    - KVM: x86: Don't update RIP or do single-step on faulting emulation
    - uprobes/x86: Fix detection of 32-bit user mode
    - x86/apic: Do not initialize LDR and DFR for bigsmp
    - ftrace: Fix NULL pointer dereference in t_probe_next()
    - ftrace: Check for successful allocation of hash
    - ftrace: Check for empty hash and comment the race with registering probes
    - usb-storage: Add new JMS567 revision to unusual_devs
    - USB: cdc-wdm: fix race between write and disconnect due to flag abuse
    - usb: hcd: use managed device resources
    - usb: chipidea: udc: don't do hardware access if gadget has stopped
    - usb: host: ohci: fix a race condition between shutdown and irq
    - usb: host: xhci: rcar: Fix typo in compatible string matching
    - USB: storage: ums-realtek: Update module parameter description for
      auto_delink_en
    - mei: me: add Tiger Lake point LP device ID
    - mmc: sdhci-of-at91: add quirk for broken HS200
    - mmc: core: Fix init of SD cards reporting an invalid VDD range
    - stm class: Fix a double free of stm_source_device
    - intel_th: pci: Add support for another Lewisburg PCH
    - intel_th: pci: Add Tiger Lake support
    - typec: tcpm: fix a typo in the comparison of pdo_max_voltage
    - fsi: scom: Don't abort operations for minor errors
    - lib: logic_pio: Fix RCU usage
    - lib: logic_pio: Avoid possible overlap for unregistering regions
    - lib: logic_pio: Add logic_pio_unregister_range()
    - drm/amdgpu: Add APTX quirk for Dell Latitude 5495
    - drm/i915: Don't deballoon unused ggtt drm_mm_node in linux guest
    - drm/i915: Call dma_set_max_seg_size() in i915_driver_hw_probe()
    - bus: hisi_lpc: Unregister logical PIO range to avoid potential use-after-
      free
    - bus: hisi_lpc: Add .remove method to avoid driver unbind crash
    - VMCI: Release resource if the work is already queued
    - crypto: ccp - Ignore unconfigured CCP device on suspend/resume
    - Revert "cfg80211: fix processing world regdomain when non modular"
    - mac80211: fix possible sta leak
    - mac80211: Don't memset RXCB prior to PAE intercept
    - mac80211: Correctly set noencrypt for PAE frames
    - KVM: PPC: Book3S HV: Avoid lockdep debugging in TCE realmode handlers
    - KVM: PPC: Book3S: Fix incorrect guest-to-user-translation error handling
    - KVM: arm/arm64: vgic: Fix potential deadlock when ap_list is long
    - KVM: arm/arm64: vgic-v2: Handle SGI bits in GICD_I{S,C}PENDR0 as WI
    - NFS: Clean up list moves of struct nfs_page
    - NFSv4/pnfs: Fix a page lock leak in nfs_pageio_resend()
    - NFS: Pass error information to the pgio error cleanup routine
    - NFS: Ensure O_DIRECT reports an error if the bytes read/written is 0
    - i2c: piix4: Fix port selection for AMD Family 16h Model 30h
    - x86/ptrace: fix up botched merge of spectrev1 fix
    - mt76: mt76x0u: do not reset radio on resume
    - Revert "ASoC: Fail card instantiation if DAI format setup fails"
    - nvmet: Fix use-after-free bug when a port is removed
    - nvmet-file: fix nvmet_file_flush() always returning an error
    - nvme-rdma: fix possible use-after-free in connect error flow
    - nvme: fix controller removal race with scan work
    - IB/mlx5: Fix implicit MR release flow
    - dma-direct: don't truncate dma_required_mask to bus addressing capabilities
    - riscv: fix flush_tlb_range() end address for flush_tlb_page()
    - drm/scheduler: use job count instead of peek
    - locking/rwsem: Add missing ACQUIRE to read_slowpath exit when queue is empty
    - lcoking/rwsem: Add missing ACQUIRE to read_slowpath sleep loop
    - selftests/bpf: install files test_xdp_vlan.sh
    - ALSA: hda/ca0132 - Add new SBZ quirk
    - KVM: x86: hyper-v: don't crash on KVM_GET_SUPPORTED_HV_CPUID when
      kvm_intel.nested is disabled
    - x86/mm/cpa: Prevent large page split when ftrace flips RW on kernel text
    - usbtmc: more sanity checking for packet size
    - mmc: sdhci-cadence: enable v4_mode to fix ADMA 64-bit addressing
    - mmc: sdhci-sprd: fixed incorrect clock divider
    - mmc: sdhci-sprd: add SDHCI_QUIRK2_PRESET_VALUE_BROKEN
    - mms: sdhci-sprd: add SDHCI_QUIRK_BROKEN_CARD_DETECTION
    - mmc: sdhci-sprd: clear the UHS-I modes read from registers
    - mmc: sdhci-sprd: Implement the get_max_timeout_count() interface
    - mmc: sdhci-sprd: add get_ro hook function
    - drm/i915/dp: Fix DSC enable code to use cpu_transcoder instead of
      encoder->type
    - hsr: implement dellink to clean up resources
    - hsr: fix a NULL pointer deref in hsr_dev_xmit()
    - hsr: switch ->dellink() to ->ndo_uninit()
    - Revert "Input: elantech - enable SMBus on new (2018+) systems"
    - mld: fix memory leak in mld_del_delrec()
    - net: fix skb use after free in netpoll
    - net: sched: act_sample: fix psample group handling on overwrite
    - net_sched: fix a NULL pointer deref in ipt action
    - net: stmmac: dwmac-rk: Don't fail if phy regulator is absent
    - tcp: inherit timestamp on mtu probe
    - tcp: remove empty skb from write queue in error cases
    - x86/boot: Preserve boot_params.secure_boot from sanitizing
    - spi: bcm2835aux: unifying code between polling and interrupt driven code
    - spi: bcm2835aux: remove dangerous uncontrolled read of fifo
    - spi: bcm2835aux: fix corruptions for longer spi transfers
    - net: tundra: tsi108: use spin_lock_irqsave instead of spin_lock_irq in IRQ
      context
    - netfilter: nf_tables: use-after-free in failing rule with bound set
    - tools: bpftool: fix error message (prog -> object)
    - hv_netvsc: Fix a warning of suspicious RCU usage
    - net: tc35815: Explicitly check NET_IP_ALIGN is not zero in tc35815_rx
    - Bluetooth: btqca: Add a short delay before downloading the NVM
    - ibmveth: Convert multicast list size for little-endian system
    - gpio: Fix build error of function redefinition
    - netfilter: nft_flow_offload: skip tcp rst and fin packets
    - drm/mediatek: use correct device to import PRIME buffers
    - drm/mediatek: set DMA max segment size
    - scsi: qla2xxx: Fix gnl.l memory leak on adapter init failure
    - scsi: target: tcmu: avoid use-after-free after command timeout
    - cxgb4: fix a memory leak bug
    - liquidio: add cleanup in octeon_setup_iq()
    - net: myri10ge: fix memory leaks
    - lan78xx: Fix memory leaks
    - vfs: fix page locking deadlocks when deduping files
    - cx82310_eth: fix a memory leak bug
    - net: kalmia: fix memory leaks
    - ibmvnic: Unmap DMA address of TX descriptor buffers after use
    - net: cavium: fix driver name
    - wimax/i2400m: fix a memory leak bug
    - ravb: Fix use-after-free ravb_tstamp_skb
    - kprobes: Fix potential deadlock in kprobe_optimizer()
    - HID: cp2112: prevent sleeping function called from invalid context
    - x86/boot/compressed/64: Fix boot on machines with broken E820 table
    - Input: hyperv-keyboard: Use in-place iterator API in the channel callback
    - Tools: hv: kvp: eliminate 'may be used uninitialized' warning
    - nvme-multipath: fix possible I/O hang when paths are updated
    - IB/mlx4: Fix memory leaks
    - infiniband: hfi1: fix a memory leak bug
    - infiniband: hfi1: fix memory leaks
    - selftests: kvm: fix state save/load on processors without XSAVE
    - selftests/kvm: make platform_info_test pass on AMD
    - ceph: fix buffer free while holding i_ceph_lock in __ceph_setxattr()
    - ceph: fix buffer free while holding i_ceph_lock in
      __ceph_build_xattrs_blob()
    - ceph: fix buffer free while holding i_ceph_lock in fill_inode()
    - KVM: arm/arm64: Only skip MMIO insn once
    - afs: Fix leak in afs_lookup_cell_rcu()
    - KVM: arm/arm64: VGIC: Properly initialise private IRQ affinity
    - x86/boot/compressed/64: Fix missing initialization in
      find_trampoline_placement()
    - libceph: allow ceph_buffer_put() to receive a NULL ceph_buffer
    - Revert "r8152: napi hangup fix after disconnect"
    - r8152: remove calling netif_napi_del
    - batman-adv: Fix netlink dumping of all mcast_flags buckets
    - libbpf: fix erroneous multi-closing of BTF FD
    - libbpf: set BTF FD for prog only when there is supported .BTF.ext data
    - netfilter: nf_flow_table: fix offload for flows that are subject to xfrm
    - clk: samsung: Change signature of exynos5_subcmus_init() function
    - clk: samsung: exynos5800: Move MAU subsystem clocks to MAU sub-CMU
    - clk: samsung: exynos542x: Move MSCL subsystem clocks to its sub-CMU
    - netfilter: nf_flow_table: conntrack picks up expired flows
    - netfilter: nf_flow_table: teardown flow timeout race
    - ixgbe: fix possible deadlock in ixgbe_service_task()
    - nvme: Fix cntlid validation when not using NVMEoF
    - RDMA/cma: fix null-ptr-deref Read in cma_cleanup
    - RDMA/bnxt_re: Fix stack-out-of-bounds in bnxt_qplib_rcfw_send_message
    - gpio: Fix irqchip initialization order

* New ID in ums-realtek module breaks cardreader (LP: #1838886) // Disco
    update: upstream stable patchset 2019-09-11 (LP: #1843622)
    - USB: storage: ums-realtek: Whitelist auto-delink support

* ipv4: enable route flushing in network namespaces (LP: #1836912)
    - ipv4: enable route flushing in network namespaces

* Enhanced Hardware Support - Finalize Naming (LP: #1842774)
    - s390: add support for IBM z15 machines

* CVE-2019-16714
    - net/rds: Fix info leak in rds6_inc_info_copy()

* CVE-2019-14821
    - KVM: coalesced_mmio: add bounds checking

-- Khalid Elmously <khalid.elmously@canonical.com>  Mon, 30 Sep 2019 23:52:23 -0400

Changed in linux (Ubuntu Disco):
status:	Fix Committed → Fix Released

Revision history for this message

Launchpad Janitor (janitor) wrote on 2019-10-21:

#6

Download full text (23.3 KiB)

This bug was fixed in the package linux - 4.15.0-66.75

---------------
linux (4.15.0-66.75) bionic; urgency=medium

* bionic/linux: 4.15.0-66.75 -proposed tracker (LP: #1846131)

* Packaging resync (LP: #1786013)
- [Packaging] update helper scripts

* CVE-2018-21008
- rsi: add fix for crash during assertions

  * ipv6: fix neighbour resolution with raw socket (LP: #1834465)
    - ipv6: constify rt6_nexthop()
    - ipv6: fix neighbour resolution with raw socket

  * run_netsocktests from net in ubuntu_kernel_selftests failed with X-4.15
    (LP: #1842023)
    - SAUCE: selftests: net: replace AF_MAX with INT_MAX in socket.c

  * No sound inputs from the external microphone and headset on a Dell machine
    (LP: #1842265)
    - ALSA: hda - Expand pin_match function to match upcoming new tbls
    - ALSA: hda - Define a fallback_pin_fixup_tbl for alc269 family

* Add -fcf-protection=none when using retpoline flags (LP: #1843291)
- SAUCE: kbuild: add -fcf-protection=none when using retpoline flags

* Enhanced Hardware Support - Finalize Naming (LP: #1842774)
- s390: add support for IBM z15 machines

  * Bionic update: upstream stable patchset 2019-09-24 (LP: #1845266)
    - bridge/mdb: remove wrong use of NLM_F_MULTI
    - cdc_ether: fix rndis support for Mediatek based smartphones
    - ipv6: Fix the link time qualifier of 'ping_v6_proc_exit_net()'
    - isdn/capi: check message length in capi_write()
    - net: Fix null de-reference of device refcount
    - net: gso: Fix skb_segment splat when splitting gso_size mangled skb having
      linear-headed frag_list
    - net: phylink: Fix flow control resolution
    - sch_hhf: ensure quantum and hhf_non_hh_weight are non-zero
    - sctp: Fix the link time qualifier of 'sctp_ctrlsock_exit()'
    - sctp: use transport pf_retrans in sctp_do_8_2_transport_strike
    - tcp: fix tcp_ecn_withdraw_cwr() to clear TCP_ECN_QUEUE_CWR
    - tipc: add NULL pointer check before calling kfree_rcu
    - tun: fix use-after-free when register netdev failed
    - btrfs: compression: add helper for type to string conversion
    - btrfs: correctly validate compression type
    - Revert "MIPS: SiByte: Enable swiotlb for SWARM, LittleSur and BigSur"
    - gpiolib: acpi: Add gpiolib_acpi_run_edge_events_on_boot option and blacklist
    - gpio: fix line flag validation in linehandle_create
    - gpio: fix line flag validation in lineevent_create
    - Btrfs: fix assertion failure during fsync and use of stale transaction
    - genirq: Prevent NULL pointer dereference in resend_irqs()
    - KVM: s390: Do not leak kernel stack data in the KVM_S390_INTERRUPT ioctl
    - KVM: x86: work around leak of uninitialized stack contents
    - KVM: nVMX: handle page fault in vmread
    - MIPS: VDSO: Prevent use of smp_processor_id()
    - MIPS: VDSO: Use same -m%-float cflag as the kernel proper
    - powerpc: Add barrier_nospec to raw_copy_in_user()
    - drm/meson: Add support for XBGR8888 & ABGR8888 formats
    - clk: rockchip: Don't yell about bad mmc phases when getting
    - mtd: rawnand: mtk: Fix wrongly assigned OOB buffer pointer issue
    - PCI: Always allow probing with driver_override
    - ubifs: Cor...

This bug was fixed in the package linux - 4.15.0-66.75

---------------
linux (4.15.0-66.75) bionic; urgency=medium

* bionic/linux: 4.15.0-66.75 -proposed tracker (LP: #1846131)

* Packaging resync (LP: #1786013)
    - [Packaging] update helper scripts

* CVE-2018-21008
    - rsi: add fix for crash during assertions

* ipv6: fix neighbour resolution with raw socket (LP: #1834465)
    - ipv6: constify rt6_nexthop()
    - ipv6: fix neighbour resolution with raw socket

* run_netsocktests from net in ubuntu_kernel_selftests failed with X-4.15
    (LP: #1842023)
    - SAUCE: selftests: net: replace AF_MAX with INT_MAX in socket.c

* No sound inputs from the external microphone and headset on a Dell machine
    (LP: #1842265)
    - ALSA: hda - Expand pin_match function to match upcoming new tbls
    - ALSA: hda - Define a fallback_pin_fixup_tbl for alc269 family

* Add -fcf-protection=none when using retpoline flags (LP: #1843291)
    - SAUCE: kbuild: add -fcf-protection=none when using retpoline flags

* Enhanced Hardware Support - Finalize Naming (LP: #1842774)
    - s390: add support for IBM z15 machines

* Bionic update: upstream stable patchset 2019-09-24 (LP: #1845266)
    - bridge/mdb: remove wrong use of NLM_F_MULTI
    - cdc_ether: fix rndis support for Mediatek based smartphones
    - ipv6: Fix the link time qualifier of 'ping_v6_proc_exit_net()'
    - isdn/capi: check message length in capi_write()
    - net: Fix null de-reference of device refcount
    - net: gso: Fix skb_segment splat when splitting gso_size mangled skb having
      linear-headed frag_list
    - net: phylink: Fix flow control resolution
    - sch_hhf: ensure quantum and hhf_non_hh_weight are non-zero
    - sctp: Fix the link time qualifier of 'sctp_ctrlsock_exit()'
    - sctp: use transport pf_retrans in sctp_do_8_2_transport_strike
    - tcp: fix tcp_ecn_withdraw_cwr() to clear TCP_ECN_QUEUE_CWR
    - tipc: add NULL pointer check before calling kfree_rcu
    - tun: fix use-after-free when register netdev failed
    - btrfs: compression: add helper for type to string conversion
    - btrfs: correctly validate compression type
    - Revert "MIPS: SiByte: Enable swiotlb for SWARM, LittleSur and BigSur"
    - gpiolib: acpi: Add gpiolib_acpi_run_edge_events_on_boot option and blacklist
    - gpio: fix line flag validation in linehandle_create
    - gpio: fix line flag validation in lineevent_create
    - Btrfs: fix assertion failure during fsync and use of stale transaction
    - genirq: Prevent NULL pointer dereference in resend_irqs()
    - KVM: s390: Do not leak kernel stack data in the KVM_S390_INTERRUPT ioctl
    - KVM: x86: work around leak of uninitialized stack contents
    - KVM: nVMX: handle page fault in vmread
    - MIPS: VDSO: Prevent use of smp_processor_id()
    - MIPS: VDSO: Use same -m%-float cflag as the kernel proper
    - powerpc: Add barrier_nospec to raw_copy_in_user()
    - drm/meson: Add support for XBGR8888 & ABGR8888 formats
    - clk: rockchip: Don't yell about bad mmc phases when getting
    - mtd: rawnand: mtk: Fix wrongly assigned OOB buffer pointer issue
    - PCI: Always allow probing with driver_override
    - ubifs: Correctly use tnc_next() in search_dh_cookie()
    - driver core: Fix use-after-free and double free on glue directory
    - crypto: talitos - check AES key size
    - crypto: talitos - fix CTR alg blocksize
    - crypto: talitos - check data blocksize in ablkcipher.
    - crypto: talitos - fix ECB algs ivsize
    - crypto: talitos - Do not modify req->cryptlen on decryption.
    - crypto: talitos - HMAC SNOOP NO AFEU mode requires SW icv checking.
    - firmware: ti_sci: Always request response from firmware
    - drm/mediatek: mtk_drm_drv.c: Add of_node_put() before goto
    - Revert "Bluetooth: btusb: driver to enable the usb-wakeup feature"
    - platform/x86: pmc_atom: Add CB4063 Beckhoff Automation board to
      critclk_systems DMI table
    - nvmem: Use the same permissions for eeprom as for nvmem
    - x86/build: Add -Wnoaddress-of-packed-member to REALMODE_CFLAGS, to silence
      GCC9 build warning
    - ixgbe: Prevent u8 wrapping of ITR value to something less than 10us
    - x86/purgatory: Change compiler flags from -mcmodel=kernel to -mcmodel=large
      to fix kexec relocation errors
    - modules: fix BUG when load module with rodata=n
    - modules: fix compile error if don't have strict module rwx
    - HID: wacom: generic: read HID_DG_CONTACTMAX from any feature report
    - Input: elan_i2c - remove Lenovo Legion Y7000 PnpID
    - powerpc/mm/radix: Use the right page size for vmemmap mapping
    - USB: usbcore: Fix slab-out-of-bounds bug during device reset
    - phy: renesas: rcar-gen3-usb2: Disable clearing VBUS in over-current
    - media: tm6000: double free if usb disconnect while streaming
    - xen-netfront: do not assume sk_buff_head list is empty in error handling
    - net_sched: let qdisc_put() accept NULL pointer
    - KVM: coalesced_mmio: add bounds checking
    - firmware: google: check if size is valid when decoding VPD data
    - serial: sprd: correct the wrong sequence of arguments
    - tty/serial: atmel: reschedule TX after RX was started
    - mwifiex: Fix three heap overflow at parsing element in cfg80211_ap_settings
    - nl80211: Fix possible Spectre-v1 for CQM RSSI thresholds
    - ARM: OMAP2+: Fix missing SYSC_HAS_RESET_STATUS for dra7 epwmss
    - s390/bpf: fix lcgr instruction encoding
    - ARM: OMAP2+: Fix omap4 errata warning on other SoCs
    - ARM: dts: dra74x: Fix iodelay configuration for mmc3
    - s390/bpf: use 32-bit index for tail calls
    - fpga: altera-ps-spi: Fix getting of optional confd gpio
    - netfilter: xt_nfacct: Fix alignment mismatch in xt_nfacct_match_info
    - NFSv4: Fix return values for nfs4_file_open()
    - NFSv4: Fix return value in nfs_finish_open()
    - NFS: Fix initialisation of I/O result struct in nfs_pgio_rpcsetup
    - Kconfig: Fix the reference to the IDT77105 Phy driver in the description of
      ATM_NICSTAR_USE_IDT77105
    - qed: Add cleanup in qed_slowpath_start()
    - ARM: 8874/1: mm: only adjust sections of valid mm structures
    - batman-adv: Only read OGM2 tvlv_len after buffer len check
    - r8152: Set memory to all 0xFFs on failed reg reads
    - x86/apic: Fix arch_dynirq_lower_bound() bug for DT enabled machines
    - netfilter: nf_conntrack_ftp: Fix debug output
    - NFSv2: Fix eof handling
    - NFSv2: Fix write regression
    - kallsyms: Don't let kallsyms_lookup_size_offset() fail on retrieving the
      first symbol
    - cifs: set domainName when a domain-key is used in multiuser
    - cifs: Use kzfree() to zero out the password
    - ARM: 8901/1: add a criteria for pfn_valid of arm
    - sky2: Disable MSI on yet another ASUS boards (P6Xxxx)
    - i2c: designware: Synchronize IRQs when unregistering slave client
    - perf/x86/intel: Restrict period on Nehalem
    - perf/x86/amd/ibs: Fix sample bias for dispatched micro-ops
    - amd-xgbe: Fix error path in xgbe_mod_init()
    - tools/power x86_energy_perf_policy: Fix "uninitialized variable" warnings at
      -O2
    - tools/power x86_energy_perf_policy: Fix argument parsing
    - tools/power turbostat: fix buffer overrun
    - net: seeq: Fix the function used to release some memory in an error handling
      path
    - dmaengine: ti: dma-crossbar: Fix a memory leak bug
    - dmaengine: ti: omap-dma: Add cleanup in omap_dma_probe()
    - x86/uaccess: Don't leak the AC flags into __get_user() argument evaluation
    - x86/hyper-v: Fix overflow bug in fill_gva_list()
    - keys: Fix missing null pointer check in request_key_auth_describe()
    - iommu/amd: Flush old domains in kdump kernel
    - iommu/amd: Fix race in increase_address_space()
    - PCI: kirin: Fix section mismatch warning
    - floppy: fix usercopy direction
    - binfmt_elf: move brk out of mmap when doing direct loader exec
    - tcp: Reset send_head when removing skb from write-queue
    - tcp: Don't dequeue SYN/FIN-segments from write-queue
    - media: technisat-usb2: break out of loop at end of buffer
    - tools: bpftool: close prog FD before exit on showing a single program
    - netfilter: xt_physdev: Fix spurious error message in physdev_mt_check
    - ibmvnic: Do not process reset during or after device removal
    - net: aquantia: fix out of memory condition on rx side

* Bionic update: upstream stable patchset 2019-09-18 (LP: #1844558)
    - ALSA: hda - Fix potential endless loop at applying quirks
    - ALSA: hda/realtek - Fix overridden device-specific initialization
    - ALSA: hda/realtek - Fix the problem of two front mics on a ThinkCentre
    - sched/fair: Don't assign runtime for throttled cfs_rq
    - drm/vmwgfx: Fix double free in vmw_recv_msg()
    - xfrm: clean up xfrm protocol checks
    - PCI: designware-ep: Fix find_first_zero_bit() usage
    - PCI: dra7xx: Fix legacy INTD IRQ handling
    - vhost/test: fix build for vhost test
    - batman-adv: fix uninit-value in batadv_netlink_get_ifindex()
    - batman-adv: Only read OGM tvlv_len after buffer len check
    - hv_sock: Fix hang when a connection is closed
    - powerpc/64: mark start_here_multiplatform as __ref
    - arm64: dts: rockchip: enable usb-host regulators at boot on rk3328-rock64
    - scripts/decode_stacktrace: match basepath using shell prefix operator, not
      regex
    - clk: s2mps11: Add used attribute to s2mps11_dt_match
    - kernel/module: Fix mem leak in module_add_modinfo_attrs
    - ALSA: hda/realtek - Enable internal speaker & headset mic of ASUS UX431FL
    - {nl,mac}80211: fix interface combinations on crypto controlled devices
    - x86/ftrace: Fix warning and considate ftrace_jmp_replace() and
      ftrace_call_replace()
    - media: stm32-dcmi: fix irq = 0 case
    - modules: always page-align module section allocations
    - scsi: qla2xxx: Move log messages before issuing command to firmware
    - keys: Fix the use of the C++ keyword "private" in uapi/linux/keyctl.h
    - Drivers: hv: kvp: Fix two "this statement may fall through" warnings
    - remoteproc: qcom: q6v5-mss: add SCM probe dependency
    - KVM: x86: hyperv: enforce vp_index < KVM_MAX_VCPUS
    - KVM: x86: hyperv: consistently use 'hv_vcpu' for 'struct kvm_vcpu_hv'
      variables
    - drm/i915: Fix intel_dp_mst_best_encoder()
    - drm/i915: Rename PLANE_CTL_DECOMPRESSION_ENABLE
    - drm/i915/gen9+: Fix initial readout for Y tiled framebuffers
    - drm/atomic_helper: Disallow new modesets on unregistered connectors
    - Drivers: hv: kvp: Fix the indentation of some "break" statements
    - Drivers: hv: kvp: Fix the recent regression caused by incorrect clean-up
    - drm/amd/dm: Understand why attaching path/tile properties are needed
    - ARM: davinci: da8xx: define gpio interrupts as separate resources
    - ARM: davinci: dm365: define gpio interrupts as separate resources
    - ARM: davinci: dm646x: define gpio interrupts as separate resources
    - ARM: davinci: dm355: define gpio interrupts as separate resources
    - ARM: davinci: dm644x: define gpio interrupts as separate resources
    - media: vim2m: use workqueue
    - media: vim2m: use cancel_delayed_work_sync instead of flush_schedule_work
    - drm/i915: Restore sane defaults for KMS on GEM error load
    - KVM: PPC: Book3S HV: Fix race between kvm_unmap_hva_range and MMU mode
      switch
    - Btrfs: clean up scrub is_dev_replace parameter
    - Btrfs: fix deadlock with memory reclaim during scrub
    - btrfs: Remove extent_io_ops::fill_delalloc
    - btrfs: Fix error handling in btrfs_cleanup_ordered_extents
    - scsi: megaraid_sas: Fix combined reply queue mode detection
    - scsi: megaraid_sas: Add check for reset adapter bit
    - media: vim2m: only cancel work if it is for right context
    - ARC: show_regs: lockdep: re-enable preemption
    - ARC: mm: do_page_fault fixes #1: relinquish mmap_sem if signal arrives while
      handle_mm_fault
    - IB/uverbs: Fix OOPs upon device disassociation
    - drm/vblank: Allow dynamic per-crtc max_vblank_count
    - drm/i915/ilk: Fix warning when reading emon_status with no output
    - mfd: Kconfig: Fix I2C_DESIGNWARE_PLATFORM dependencies
    - tpm: Fix some name collisions with drivers/char/tpm.h
    - bcache: replace hard coded number with BUCKET_GC_GEN_MAX
    - bcache: treat stale && dirty keys as bad keys
    - KVM: VMX: Compare only a single byte for VMCS' "launched" in vCPU-run
    - iio: adc: exynos-adc: Add S5PV210 variant
    - iio: adc: exynos-adc: Use proper number of channels for Exynos4x12
    - drm/nouveau: Don't WARN_ON VCPI allocation failures
    - x86/kvmclock: set offset for kvm unstable clock
    - powerpc/kvm: Save and restore host AMR/IAMR/UAMOR
    - mmc: renesas_sdhi: Fix card initialization failure in high speed mode
    - btrfs: scrub: pass fs_info to scrub_setup_ctx
    - btrfs: init csum_list before possible free
    - PCI: qcom: Don't deassert reset GPIO during probe
    - drm: add __user attribute to ptr_to_compat()
    - CIFS: Fix error paths in writeback code
    - CIFS: Fix leaking locked VFS cache pages in writeback retry
    - drm/i915: Handle vm_mmap error during I915_GEM_MMAP ioctl with WC set
    - drm/i915: Sanity check mmap length against object size
    - IB/mlx5: Reset access mask when looping inside page fault handler
    - kvm: mmu: Fix overflow on kvm mmu page limit calculation
    - x86/kvm: move kvm_load/put_guest_xcr0 into atomic context
    - KVM: x86: Always use 32-bit SMRAM save state for 32-bit kernels
    - cifs: Fix lease buffer length error
    - ext4: protect journal inode's blocks using block_validity
    - dm mpath: fix missing call of path selector type->end_io
    - blk-mq: free hw queue's resource in hctx's release handler
    - mmc: sdhci-pci: Add support for Intel ICP
    - mmc: sdhci-pci: Add support for Intel CML
    - dm crypt: move detailed message into debug level
    - kvm: Check irqchip mode before assign irqfd
    - drm/amdgpu: fix ring test failure issue during s3 in vce 3.0 (V2)
    - drm/amdgpu/{uvd,vcn}: fetch ring's read_ptr after alloc
    - Btrfs: fix race between block group removal and block group allocation
    - cifs: add spinlock for the openFileList to cifsInodeInfo
    - IB/hfi1: Avoid hardlockup with flushlist_lock
    - apparmor: reset pos on failure to unpack for various functions
    - staging: wilc1000: fix error path cleanup in wilc_wlan_initialize()
    - scsi: zfcp: fix request object use-after-free in send path causing wrong
      traces
    - cifs: Properly handle auto disabling of serverino option
    - ceph: use ceph_evict_inode to cleanup inode's resource
    - KVM: x86: optimize check for valid PAT value
    - KVM: VMX: Always signal #GP on WRMSR to MSR_IA32_CR_PAT with bad value
    - KVM: VMX: Fix handling of #MC that occurs during VM-Entry
    - KVM: VMX: check CPUID before allowing read/write of IA32_XSS
    - resource: Include resource end in walk_*() interfaces
    - resource: Fix find_next_iomem_res() iteration issue
    - resource: fix locking in find_next_iomem_res()
    - pstore: Fix double-free in pstore_mkfile() failure path
    - dm thin metadata: check if in fail_io mode when setting needs_check
    - drm/panel: Add support for Armadeus ST0700 Adapt
    - ALSA: hda - Fix intermittent CORB/RIRB stall on Intel chips
    - iommu/iova: Remove stale cached32_node
    - gpio: don't WARN() on NULL descs if gpiolib is disabled
    - i2c: at91: disable TXRDY interrupt after sending data
    - i2c: at91: fix clk_offset for sama5d2
    - mm/migrate.c: initialize pud_entry in migrate_vma()
    - iio: adc: gyroadc: fix uninitialized return code
    - NFSv4: Fix delegation state recovery
    - bcache: only clear BTREE_NODE_dirty bit when it is set
    - bcache: add comments for mutex_lock(&b->write_lock)
    - virtio/s390: fix race on airq_areas[]
    - ext4: don't perform block validity checks on the journal inode
    - ext4: fix block validity checks for journal inodes using indirect blocks
    - ext4: unsigned int compared against zero
    - powerpc/tm: Remove msr_tm_active()

* Bionic update: upstream stable patchset 2019-09-10 (LP: #1843463)
    - net: tundra: tsi108: use spin_lock_irqsave instead of spin_lock_irq in IRQ
      context
    - hv_netvsc: Fix a warning of suspicious RCU usage
    - net: tc35815: Explicitly check NET_IP_ALIGN is not zero in tc35815_rx
    - Bluetooth: btqca: Add a short delay before downloading the NVM
    - ibmveth: Convert multicast list size for little-endian system
    - gpio: Fix build error of function redefinition
    - drm/mediatek: use correct device to import PRIME buffers
    - drm/mediatek: set DMA max segment size
    - cxgb4: fix a memory leak bug
    - liquidio: add cleanup in octeon_setup_iq()
    - net: myri10ge: fix memory leaks
    - lan78xx: Fix memory leaks
    - vfs: fix page locking deadlocks when deduping files
    - cx82310_eth: fix a memory leak bug
    - net: kalmia: fix memory leaks
    - wimax/i2400m: fix a memory leak bug
    - ravb: Fix use-after-free ravb_tstamp_skb
    - kprobes: Fix potential deadlock in kprobe_optimizer()
    - HID: cp2112: prevent sleeping function called from invalid context
    - Input: hyperv-keyboard: Use in-place iterator API in the channel callback
    - Tools: hv: kvp: eliminate 'may be used uninitialized' warning
    - IB/mlx4: Fix memory leaks
    - ceph: fix buffer free while holding i_ceph_lock in __ceph_setxattr()
    - ceph: fix buffer free while holding i_ceph_lock in
      __ceph_build_xattrs_blob()
    - ceph: fix buffer free while holding i_ceph_lock in fill_inode()
    - KVM: arm/arm64: Only skip MMIO insn once
    - libceph: allow ceph_buffer_put() to receive a NULL ceph_buffer
    - spi: bcm2835aux: unifying code between polling and interrupt driven code
    - spi: bcm2835aux: remove dangerous uncontrolled read of fifo
    - spi: bcm2835aux: fix corruptions for longer spi transfers
    - net: fix skb use after free in netpoll
    - net_sched: fix a NULL pointer deref in ipt action
    - net: stmmac: dwmac-rk: Don't fail if phy regulator is absent
    - tcp: inherit timestamp on mtu probe
    - tcp: remove empty skb from write queue in error cases
    - net: sched: act_sample: fix psample group handling on overwrite
    - mld: fix memory leak in mld_del_delrec()
    - x86/boot: Preserve boot_params.secure_boot from sanitizing
    - tools: bpftool: fix error message (prog -> object)
    - scsi: qla2xxx: Fix gnl.l memory leak on adapter init failure
    - afs: Fix leak in afs_lookup_cell_rcu()

* Bionic update: upstream stable patchset 2019-09-09 (LP: #1843338)
    - dmaengine: ste_dma40: fix unneeded variable warning
    - auxdisplay: panel: need to delete scan_timer when misc_register fails in
      panel_attach
    - iommu/dma: Handle SG length overflow better
    - usb: gadget: composite: Clear "suspended" on reset/disconnect
    - usb: gadget: mass_storage: Fix races between fsg_disable and fsg_set_alt
    - xen/blkback: fix memory leaks
    - i2c: rcar: avoid race when unregistering slave client
    - i2c: emev2: avoid race when unregistering slave client
    - drm/ast: Fixed reboot test may cause system hanged
    - usb: host: fotg2: restart hcd after port reset
    - tools: hv: fix KVP and VSS daemons exit code
    - watchdog: bcm2835_wdt: Fix module autoload
    - drm/bridge: tfp410: fix memleak in get_modes()
    - scsi: ufs: Fix RX_TERMINATION_FORCE_ENABLE define value
    - drm/tilcdc: Register cpufreq notifier after we have initialized crtc
    - ALSA: usb-audio: Fix a stack buffer overflow bug in check_input_term
    - ALSA: usb-audio: Fix an OOB bug in parse_audio_mixer_unit
    - net/smc: make sure EPOLLOUT is raised
    - tcp: make sure EPOLLOUT wont be missed
    - mm/zsmalloc.c: fix build when CONFIG_COMPACTION=n
    - ALSA: line6: Fix memory leak at line6_init_pcm() error path
    - ALSA: seq: Fix potential concurrent access to the deleted pool
    - kvm: x86: skip populating logical dest map if apic is not sw enabled
    - KVM: x86: Don't update RIP or do single-step on faulting emulation
    - x86/apic: Do not initialize LDR and DFR for bigsmp
    - ftrace: Fix NULL pointer dereference in t_probe_next()
    - ftrace: Check for successful allocation of hash
    - ftrace: Check for empty hash and comment the race with registering probes
    - usb-storage: Add new JMS567 revision to unusual_devs
    - USB: cdc-wdm: fix race between write and disconnect due to flag abuse
    - usb: chipidea: udc: don't do hardware access if gadget has stopped
    - usb: host: ohci: fix a race condition between shutdown and irq
    - usb: host: xhci: rcar: Fix typo in compatible string matching
    - USB: storage: ums-realtek: Update module parameter description for
      auto_delink_en
    - uprobes/x86: Fix detection of 32-bit user mode
    - mmc: sdhci-of-at91: add quirk for broken HS200
    - mmc: core: Fix init of SD cards reporting an invalid VDD range
    - stm class: Fix a double free of stm_source_device
    - intel_th: pci: Add support for another Lewisburg PCH
    - intel_th: pci: Add Tiger Lake support
    - drm/i915: Don't deballoon unused ggtt drm_mm_node in linux guest
    - VMCI: Release resource if the work is already queued
    - crypto: ccp - Ignore unconfigured CCP device on suspend/resume
    - Revert "cfg80211: fix processing world regdomain when non modular"
    - mac80211: fix possible sta leak
    - KVM: PPC: Book3S: Fix incorrect guest-to-user-translation error handling
    - KVM: arm/arm64: vgic: Fix potential deadlock when ap_list is long
    - KVM: arm/arm64: vgic-v2: Handle SGI bits in GICD_I{S,C}PENDR0 as WI
    - NFS: Clean up list moves of struct nfs_page
    - NFSv4/pnfs: Fix a page lock leak in nfs_pageio_resend()
    - NFS: Pass error information to the pgio error cleanup routine
    - NFS: Ensure O_DIRECT reports an error if the bytes read/written is 0
    - i2c: piix4: Fix port selection for AMD Family 16h Model 30h
    - x86/ptrace: fix up botched merge of spectrev1 fix
    - Revert "ASoC: Fail card instantiation if DAI format setup fails"
    - nvme-multipath: revalidate nvme_ns_head gendisk in nvme_validate_ns
    - afs: Fix the CB.ProbeUuid service handler to reply correctly
    - dmaengine: stm32-mdma: Fix a possible null-pointer dereference in
      stm32_mdma_irq_handler()
    - omap-dma/omap_vout_vrfb: fix off-by-one fi value
    - arm64: cpufeature: Don't treat granule sizes as strict
    - tools: hv: fixed Python pep8/flake8 warnings for lsvmbus
    - ipv4/icmp: fix rt dst dev null pointer dereference
    - ALSA: hda - Fixes inverted Conexant GPIO mic mute led
    - usb: hcd: use managed device resources
    - lib: logic_pio: Fix RCU usage
    - lib: logic_pio: Avoid possible overlap for unregistering regions
    - lib: logic_pio: Add logic_pio_unregister_range()
    - drm/amdgpu: Add APTX quirk for Dell Latitude 5495
    - drm/i915: Call dma_set_max_seg_size() in i915_driver_hw_probe()
    - bus: hisi_lpc: Unregister logical PIO range to avoid potential use-after-
      free

* New ID in ums-realtek module breaks cardreader (LP: #1838886) // Bionic
    update: upstream stable patchset 2019-09-09 (LP: #1843338)
    - USB: storage: ums-realtek: Whitelist auto-delink support

* TC filters are broken on Mellanox after upstream stable updates
    (LP: #1842502)
    - net/mlx5e: Remove redundant vport context vlan update
    - net/mlx5e: Properly order min inline mode setup while parsing TC matches
    - net/mlx5e: Get the required HW match level while parsing TC flow matches
    - net/mlx5e: Always use the match level enum when parsing TC rule match
    - net/mlx5e: Don't match on vlan non-existence if ethertype is wildcarded

-- Khalid Elmously <khalid.elmously@canonical.com>  Mon, 30 Sep 2019 23:02:24 -0400

Changed in linux (Ubuntu Bionic):
status:	Fix Committed → Fix Released

Revision history for this message

Ubuntu SRU Bot (ubuntu-sru-bot) wrote on 2019-10-29: Autopkgtest regression report (linux-bluefield/5.0.0-1003.12)

#7

All autopkgtests for the newly accepted linux-bluefield (5.0.0-1003.12) for bionic have finished running.
The following regressions have been reported in tests triggered by the package:

fsprotect/unknown (armhf)

Please visit the excuses page listed below and investigate the failures, proceeding afterwards as per the StableReleaseUpdates policy regarding autopkgtest regressions [1].

https://people.canonical.com/~ubuntu-archive/proposed-migration/bionic/update_excuses.html#linux-bluefield

[1] https://wiki.ubuntu.com/StableReleaseUpdates#Autopkgtest_Regressions

Thank you!

Ubuntu
linux package

Add -fcf-protection=none when using retpoline flags

Bug Description

CVE References

Other bug subscribers

Ubuntulinux package

Add -fcf-protection=none when using retpoline flags

Bug Description

CVE References

Other bug subscribers

Ubuntu
linux package