Eoan update: v5.3.6 upstream stable release

Bug #1848039 reported by Paolo Pisati on 2019-10-14
10
This bug affects 1 person
Affects Status Importance Assigned to Milestone
linux (Ubuntu)
Undecided
Unassigned
Eoan
Undecided
Unassigned

Bug Description

    SRU Justification

    Impact:
       The upstream process for stable tree updates is quite similar
       in scope to the Ubuntu SRU process, e.g., each patch has to
       demonstrably fix a bug, and each patch is vetted by upstream
       by originating either directly from a mainline/stable Linux tree or
       a minimally backported form of that patch. The following upstream
       stable patches should be included in the Ubuntu kernel:

       v5.3.6 upstream stable release
       from git://git.kernel.org/

Linux 5.3.6
libnvdimm: prevent nvdimm from requesting key when security is disabled
staging: erofs: detect potential multiref due to corrupted images
staging: erofs: avoid endless loop of invalid lookback distance 0
staging: erofs: add two missing erofs_workgroup_put for corrupted images
staging: erofs: some compressed cluster should be submitted for corrupted images
staging: erofs: fix an error handling in erofs_readdir()
coresight: etm4x: Use explicit barriers on enable/disable
vfs: Fix EOVERFLOW testing in put_compat_statfs64
riscv: Avoid interrupts being erroneously enabled in handle_exception()
perf stat: Reset previous counts on repeat with interval
tick: broadcast-hrtimer: Fix a race in bc_set_next
KVM: nVMX: Fix consistency check on injected exception error code
Btrfs: fix selftests failure due to uninitialized i_mode in test inodes
drm/radeon: Bail earlier when radeon.cik_/si_support=0 is passed
nfp: abm: fix memory leak in nfp_abm_u32_knode_replace
mlxsw: spectrum_flower: Fail in case user specifies multiple mirror actions
perf unwind: Fix libunwind build failure on i386 systems
i2c: qcom-geni: Disable DMA processing on the Lenovo Yoga C630
net: dsa: microchip: Always set regmap stride to 1
bpf: Fix bpf_event_output re-entry issue
blk-mq: move lockdep_assert_held() into elevator_exit
libbpf: fix false uninitialized variable warning
kernel/elfcore.c: include proper prototypes
selftests/bpf: adjust strobemeta loop to satisfy latest clang
include/trace/events/writeback.h: fix -Wstringop-truncation warnings
perf build: Add detection of java-11-openjdk-devel package
sched/core: Fix migration to invalid CPU in __set_cpus_allowed_ptr()
sched/membarrier: Fix private expedited registration check
sched/membarrier: Call sync_core only before usermode for same mm
libnvdimm/nfit_test: Fix acpi_handle redefinition
fuse: fix memleak in cuse_channel_open
libnvdimm: Fix endian conversion issues
libnvdimm/region: Initialize bad block for volatile namespaces
iommu/amd: Fix downgrading default page-sizes in alloc_pte()
thermal_hwmon: Sanitize thermal_zone type
thermal: Fix use-after-free when unregistering thermal zone device
ntb: point to right memory window index
x86/purgatory: Disable the stackleak GCC plugin for the purgatory
selftests/seccomp: fix build on older kernels
pwm: stm32-lp: Add check in case requested period cannot be achieved
SUNRPC: Don't try to parse incomplete RPC messages
pNFS: Ensure we do clear the return-on-close layout stateid on fatal errors
perf probe: Fix to clear tev->nargs in clear_probe_trace_event()
drm/amdgpu: Check for valid number of registers to read
drm/amdgpu: Fix KFD-related kernel oops on Hawaii
netfilter: nf_tables: allow lookups in dynamic sets
watchdog: aspeed: Add support for AST2600
SUNRPC: RPC level errors should always set task->tk_rpc_status
ceph: reconnect connection if session hang in opening state
ceph: fetch cap_gen under spinlock in ceph_add_cap
ceph: fix directories inode i_blkbits initialization
fuse: fix request limit
xen/pci: reserve MCFG areas earlier
9p: avoid attaching writeback_fid on mmap with type PRIVATE
9p: Transport error uninitialized
xprtrdma: Send Queue size grows after a reconnect
xprtrdma: Toggle XPRT_CONGESTED in xprtrdma's slot methods
fs: nfs: Fix possible null-pointer dereferences in encode_attrs()
ima: fix freeing ongoing ahash_request
ima: always return negative code for error
drivers: thermal: qcom: tsens: Fix memory leak from qfprom read
cfg80211: initialize on-stack chandefs
cfg80211: validate SSID/MBSSID element ordering assumption
nl80211: validate beacon head
ieee802154: atusb: fix use-after-free at disconnect
xen/xenbus: fix self-deadlock after killing user process
xen/balloon: Set pages PageOffline() in balloon_add_region()
DTS: ARM: gta04: introduce legacy spi-cs-high to make display work again
sched: Add __ASSEMBLY__ guards around struct clone_args
libnvdimm/altmap: Track namespace boundaries in altmap
Revert "locking/pvqspinlock: Don't wait if vCPU is preempted"
mmc: sdhci: Let drivers define their DMA mask
mmc: sdhci-of-esdhc: set DMA snooping based on DMA coherence
mmc: sdhci: improve ADMA error reporting
mmc: tegra: Implement ->set_dma_mask()
mac80211: keep BHs disabled while calling drv_tx_wake_queue()
drm/i915: to make vgpu ppgtt notificaiton as atomic operation
drm/i915/gvt: update vgpu workload head pointer correctly
drm/amd/powerplay: change metrics update period from 1ms to 100ms
drm/nouveau/kms/nv50-: Don't create MSTMs for eDP connectors
drm/msm/dsi: Fix return value check for clk_get_parent
drm/omap: fix max fclk divider for omap36xx
drm: mali-dp: Mark expected switch fall-through
drm/atomic: Take the atomic toys away from X
drm/atomic: Reject FLIP_ASYNC unconditionally
drm/i915/dp: Fix dsc bpp calculations, v5.
perf stat: Fix a segmentation fault when using repeat forever
perf tools: Fix segfault in cpu_cache_level__read()
watchdog: imx2_wdt: fix min() calculation in imx2_wdt_set_timeout
selftests: pidfd: Fix undefined reference to pthread_create()
selftests/tpm2: Add the missing TEST_FILES assignment
PCI: Restore Resizable BAR size bits correctly for 1MB BARs
PCI: vmd: Fix shadow offsets to reflect spec changes
PCI: hv: Avoid use of hv_pci_dev->pci_slot after freeing it
PCI: vmd: Fix config addressing when using bus offsets
timer: Read jiffies once when forwarding base clk
usercopy: Avoid HIGHMEM pfn warning
tracing: Make sure variable reference alias has correct var_ref_idx
power: supply: sbs-battery: only return health when battery present
power: supply: sbs-battery: use correct flags field
MIPS: Treat Loongson Extensions as ASEs
crypto: ccree - use the full crypt length value
crypto: ccree - account for TEE not ready to report
crypto: caam - fix concurrency issue in givencrypt descriptor
crypto: caam/qi - fix error handling in ERN handler
crypto: cavium/zip - Add missing single_release()
crypto: skcipher - Unmap pages after an external error
crypto: qat - Silence smp_processor_id() warning
tools lib traceevent: Do not free tep->cmdlines in add_new_comm() on failure
tools lib traceevent: Fix "robust" test of do_generate_dynamic_list_file
can: mcp251x: mcp251x_hw_reset(): allow more time after a reset
powerpc/mm: Fixup tlbie vs mtpidr/mtlpidr ordering issue on POWER9
powerpc/mm: Fix an Oops in kasan_mmu_init()
powerpc/mm: Add a helper to select PAGE_KERNEL_RO or PAGE_READONLY
powerpc/book3s64/radix: Rename CPU_FTR_P9_TLBIE_BUG feature flag
powerpc/book3s64/mm: Don't do tlbie fixup for some hardware revisions
powerpc/kasan: Fix shadow area set up for modules.
powerpc/kasan: Fix parallel loading of modules.
powerpc/powernv/ioda: Fix race in TCE level allocation
powerpc/pseries: Fix cpu_hotplug_lock acquisition in resize_hpt()
powerpc/powernv: Restrict OPAL symbol map to only be readable by root
powerpc/ptdump: Fix addresses display on PPC32
powerpc/32s: Fix boot failure with DEBUG_PAGEALLOC without KASAN.
powerpc/603: Fix handling of the DIRTY flag
powerpc/mce: Schedule work from irq_work
powerpc/mce: Fix MCE handling for huge pages
powerpc/xive: Implement get_irqchip_state method for XIVE to fix shutdown race
ASoC: sgtl5000: Improve VAG power and mute control
ASoC: Define a set of DAPM pre/post-up events
PM / devfreq: tegra: Fix kHz to Hz conversion
nbd: fix max number of supported devs
KVM: X86: Fix userspace set invalid CR4
KVM: PPC: Book3S HV: Don't lose pending doorbell request on migration on P9
KVM: PPC: Book3S HV: Check for MMU ready on piggybacked virtual cores
KVM: PPC: Book3S HV: Fix race in re-enabling XIVE escalation interrupts
KVM: PPC: Book3S HV: Don't push XIVE context when not using XIVE device
KVM: PPC: Book3S HV: XIVE: Free escalation interrupts before disabling the VP
KVM: PPC: Book3S: Enable XIVE native capability only if OPAL has required functions
KVM: s390: fix __insn32_query() inline assembly
Revert "s390/dasd: Add discard support for ESE volumes"
s390/dasd: Fix error handling during online processing
s390/cio: exclude subchannels with no parent from pseudo check
s390/cio: avoid calling strlen on null pointer
s390/topology: avoid firing events before kobjs are created
KVM: s390: Test for bad access register and size at the start of S390_MEM_OP
s390/sclp: Fix bit checked for has_sipl
s390/process: avoid potential reading of freed stack

Paolo Pisati (p-pisati) on 2019-10-14
Changed in linux (Ubuntu):
status: New → Confirmed
tags: added: kernel-stable-tracking-bug
Changed in linux (Ubuntu Eoan):
status: Confirmed → Fix Committed

All autopkgtests for the newly accepted linux-gcp-5.3 (5.3.0-1008.9~18.04.1) for bionic have finished running.
The following regressions have been reported in tests triggered by the package:

linux-gcp-5.3/unknown (amd64)

Please visit the excuses page listed below and investigate the failures, proceeding afterwards as per the StableReleaseUpdates policy regarding autopkgtest regressions [1].

https://people.canonical.com/~ubuntu-archive/proposed-migration/bionic/update_excuses.html#linux-gcp-5.3

[1] https://wiki.ubuntu.com/StableReleaseUpdates#Autopkgtest_Regressions

Thank you!

Launchpad Janitor (janitor) wrote :
Download full text (53.1 KiB)

This bug was fixed in the package linux - 5.3.0-22.24

---------------
linux (5.3.0-22.24) eoan; urgency=medium

  * [REGRESSION] md/raid0: cannot assemble multi-zone RAID0 with default_layout
    setting (LP: #1849682)
    - Revert "md/raid0: avoid RAID0 data corruption due to layout confusion."

  * refcount underflow and type confusion in shiftfs (LP: #1850867) // CVE-2019-15793
    - SAUCE: shiftfs: Correct id translation for lower fs operations
    - SAUCE: shiftfs: prevent type confusion
    - SAUCE: shiftfs: Fix refcount underflow in btrfs ioctl handling

  * CVE-2018-12207
    - kvm: x86, powerpc: do not allow clearing largepages debugfs entry
    - SAUCE: KVM: vmx, svm: always run with EFER.NXE=1 when shadow paging is
      active
    - SAUCE: x86: Add ITLB_MULTIHIT bug infrastructure
    - SAUCE: kvm: mmu: ITLB_MULTIHIT mitigation
    - SAUCE: kvm: Add helper function for creating VM worker threads
    - SAUCE: kvm: x86: mmu: Recovery of shattered NX large pages
    - SAUCE: cpu/speculation: Uninline and export CPU mitigations helpers
    - SAUCE: kvm: x86: mmu: Apply global mitigations knob to ITLB_MULTIHIT

  * CVE-2019-11135
    - x86/msr: Add the IA32_TSX_CTRL MSR
    - x86/cpu: Add a helper function x86_read_arch_cap_msr()
    - x86/cpu: Add a "tsx=" cmdline option with TSX disabled by default
    - x86/speculation/taa: Add mitigation for TSX Async Abort
    - x86/speculation/taa: Add sysfs reporting for TSX Async Abort
    - kvm/x86: Export MDS_NO=0 to guests when TSX is enabled
    - x86/tsx: Add "auto" option to the tsx= cmdline parameter
    - x86/speculation/taa: Add documentation for TSX Async Abort
    - x86/tsx: Add config options to set tsx=on|off|auto
    - [Config] Disable TSX by default when possible

  * CVE-2019-0154
    - SAUCE: drm/i915: Lower RM timeout to avoid DSI hard hangs
    - SAUCE: drm/i915/gen8+: Add RC6 CTX corruption WA

  * CVE-2019-0155
    - SAUCE: drm/i915: Rename gen7 cmdparser tables
    - SAUCE: drm/i915: Disable Secure Batches for gen6+
    - SAUCE: drm/i915: Remove Master tables from cmdparser
    - SAUCE: drm/i915: Add support for mandatory cmdparsing
    - SAUCE: drm/i915: Support ro ppgtt mapped cmdparser shadow buffers
    - SAUCE: drm/i915: Allow parsing of unsized batches
    - SAUCE: drm/i915: Add gen9 BCS cmdparsing
    - SAUCE: drm/i915/cmdparser: Use explicit goto for error paths
    - SAUCE: drm/i915/cmdparser: Add support for backward jumps
    - SAUCE: drm/i915/cmdparser: Ignore Length operands during command matching

linux (5.3.0-21.22) eoan; urgency=medium

  * eoan/linux: 5.3.0-21.22 -proposed tracker (LP: #1850486)

  * Fix signing of staging modules in eoan (LP: #1850234)
    - [Packaging] Leave unsigned modules unsigned after adding .gnu_debuglink

linux (5.3.0-20.21) eoan; urgency=medium

  * eoan/linux: 5.3.0-20.21 -proposed tracker (LP: #1849064)

  * eoan: alsa/sof: Enable SOF_HDA link and codec (LP: #1848490)
    - [Config] Enable SOF_HDA link and codec

  * Eoan update: 5.3.7 upstream stable release (LP: #1848750)
    - panic: ensure preemption is disabled during panic()
    - [Config] updateconfigs for USB_RIO500
    - USB: rio500: Remove Rio 500 kernel driver
   ...

Changed in linux (Ubuntu Eoan):
status: Fix Committed → Fix Released
Launchpad Janitor (janitor) wrote :
Download full text (33.2 KiB)

This bug was fixed in the package linux - 5.3.0-24.26

---------------
linux (5.3.0-24.26) eoan; urgency=medium

  * eoan/linux: 5.3.0-24.26 -proposed tracker (LP: #1852232)

  * Eoan update: 5.3.9 upstream stable release (LP: #1851550)
    - io_uring: fix up O_NONBLOCK handling for sockets
    - dm snapshot: introduce account_start_copy() and account_end_copy()
    - dm snapshot: rework COW throttling to fix deadlock
    - Btrfs: fix inode cache block reserve leak on failure to allocate data space
    - btrfs: qgroup: Always free PREALLOC META reserve in
      btrfs_delalloc_release_extents()
    - iio: adc: meson_saradc: Fix memory allocation order
    - iio: fix center temperature of bmc150-accel-core
    - libsubcmd: Make _FORTIFY_SOURCE defines dependent on the feature
    - perf tests: Avoid raising SEGV using an obvious NULL dereference
    - perf map: Fix overlapped map handling
    - perf script brstackinsn: Fix recovery from LBR/binary mismatch
    - perf jevents: Fix period for Intel fixed counters
    - perf tools: Propagate get_cpuid() error
    - perf annotate: Propagate perf_env__arch() error
    - perf annotate: Fix the signedness of failure returns
    - perf annotate: Propagate the symbol__annotate() error return
    - perf annotate: Fix arch specific ->init() failure errors
    - perf annotate: Return appropriate error code for allocation failures
    - perf annotate: Don't return -1 for error when doing BPF disassembly
    - staging: rtl8188eu: fix null dereference when kzalloc fails
    - RDMA/siw: Fix serialization issue in write_space()
    - RDMA/hfi1: Prevent memory leak in sdma_init
    - RDMA/iw_cxgb4: fix SRQ access from dump_qp()
    - RDMA/iwcm: Fix a lock inversion issue
    - HID: hyperv: Use in-place iterator API in the channel callback
    - kselftest: exclude failed TARGETS from runlist
    - selftests/kselftest/runner.sh: Add 45 second timeout per test
    - nfs: Fix nfsi->nrequests count error on nfs_inode_remove_request
    - arm64: cpufeature: Effectively expose FRINT capability to userspace
    - arm64: Fix incorrect irqflag restore for priority masking for compat
    - arm64: ftrace: Ensure synchronisation in PLT setup for Neoverse-N1 #1542419
    - tty: serial: owl: Fix the link time qualifier of 'owl_uart_exit()'
    - tty: serial: rda: Fix the link time qualifier of 'rda_uart_exit()'
    - serial/sifive: select SERIAL_EARLYCON
    - tty: n_hdlc: fix build on SPARC
    - misc: fastrpc: prevent memory leak in fastrpc_dma_buf_attach
    - RDMA/core: Fix an error handling path in 'res_get_common_doit()'
    - RDMA/cm: Fix memory leak in cm_add/remove_one
    - RDMA/nldev: Reshuffle the code to avoid need to rebind QP in error path
    - RDMA/mlx5: Do not allow rereg of a ODP MR
    - RDMA/mlx5: Order num_pending_prefetch properly with synchronize_srcu
    - RDMA/mlx5: Add missing synchronize_srcu() for MW cases
    - gpio: max77620: Use correct unit for debounce times
    - fs: cifs: mute -Wunused-const-variable message
    - arm64: vdso32: Fix broken compat vDSO build warnings
    - arm64: vdso32: Detect binutils support for dmb ishld
    - serial: mctrl_gpio: Check for NULL pointer
    - serial: 8250_...

Changed in linux (Ubuntu):
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers