Eoan update: v5.3.6 upstream stable release

Bug #1848039 reported by Paolo Pisati on 2019-10-14
This bug affects 1 person
Affects Status Importance Assigned to Milestone
linux (Ubuntu)

Bug Description

    SRU Justification

       The upstream process for stable tree updates is quite similar
       in scope to the Ubuntu SRU process, e.g., each patch has to
       demonstrably fix a bug, and each patch is vetted by upstream
       by originating either directly from a mainline/stable Linux tree or
       a minimally backported form of that patch. The following upstream
       stable patches should be included in the Ubuntu kernel:

       v5.3.6 upstream stable release
       from git://git.kernel.org/

Linux 5.3.6
libnvdimm: prevent nvdimm from requesting key when security is disabled
staging: erofs: detect potential multiref due to corrupted images
staging: erofs: avoid endless loop of invalid lookback distance 0
staging: erofs: add two missing erofs_workgroup_put for corrupted images
staging: erofs: some compressed cluster should be submitted for corrupted images
staging: erofs: fix an error handling in erofs_readdir()
coresight: etm4x: Use explicit barriers on enable/disable
vfs: Fix EOVERFLOW testing in put_compat_statfs64
riscv: Avoid interrupts being erroneously enabled in handle_exception()
perf stat: Reset previous counts on repeat with interval
tick: broadcast-hrtimer: Fix a race in bc_set_next
KVM: nVMX: Fix consistency check on injected exception error code
Btrfs: fix selftests failure due to uninitialized i_mode in test inodes
drm/radeon: Bail earlier when radeon.cik_/si_support=0 is passed
nfp: abm: fix memory leak in nfp_abm_u32_knode_replace
mlxsw: spectrum_flower: Fail in case user specifies multiple mirror actions
perf unwind: Fix libunwind build failure on i386 systems
i2c: qcom-geni: Disable DMA processing on the Lenovo Yoga C630
net: dsa: microchip: Always set regmap stride to 1
bpf: Fix bpf_event_output re-entry issue
blk-mq: move lockdep_assert_held() into elevator_exit
libbpf: fix false uninitialized variable warning
kernel/elfcore.c: include proper prototypes
selftests/bpf: adjust strobemeta loop to satisfy latest clang
include/trace/events/writeback.h: fix -Wstringop-truncation warnings
perf build: Add detection of java-11-openjdk-devel package
sched/core: Fix migration to invalid CPU in __set_cpus_allowed_ptr()
sched/membarrier: Fix private expedited registration check
sched/membarrier: Call sync_core only before usermode for same mm
libnvdimm/nfit_test: Fix acpi_handle redefinition
fuse: fix memleak in cuse_channel_open
libnvdimm: Fix endian conversion issues
libnvdimm/region: Initialize bad block for volatile namespaces
iommu/amd: Fix downgrading default page-sizes in alloc_pte()
thermal_hwmon: Sanitize thermal_zone type
thermal: Fix use-after-free when unregistering thermal zone device
ntb: point to right memory window index
x86/purgatory: Disable the stackleak GCC plugin for the purgatory
selftests/seccomp: fix build on older kernels
pwm: stm32-lp: Add check in case requested period cannot be achieved
SUNRPC: Don't try to parse incomplete RPC messages
pNFS: Ensure we do clear the return-on-close layout stateid on fatal errors
perf probe: Fix to clear tev->nargs in clear_probe_trace_event()
drm/amdgpu: Check for valid number of registers to read
drm/amdgpu: Fix KFD-related kernel oops on Hawaii
netfilter: nf_tables: allow lookups in dynamic sets
watchdog: aspeed: Add support for AST2600
SUNRPC: RPC level errors should always set task->tk_rpc_status
ceph: reconnect connection if session hang in opening state
ceph: fetch cap_gen under spinlock in ceph_add_cap
ceph: fix directories inode i_blkbits initialization
fuse: fix request limit
xen/pci: reserve MCFG areas earlier
9p: avoid attaching writeback_fid on mmap with type PRIVATE
9p: Transport error uninitialized
xprtrdma: Send Queue size grows after a reconnect
xprtrdma: Toggle XPRT_CONGESTED in xprtrdma's slot methods
fs: nfs: Fix possible null-pointer dereferences in encode_attrs()
ima: fix freeing ongoing ahash_request
ima: always return negative code for error
drivers: thermal: qcom: tsens: Fix memory leak from qfprom read
cfg80211: initialize on-stack chandefs
cfg80211: validate SSID/MBSSID element ordering assumption
nl80211: validate beacon head
ieee802154: atusb: fix use-after-free at disconnect
xen/xenbus: fix self-deadlock after killing user process
xen/balloon: Set pages PageOffline() in balloon_add_region()
DTS: ARM: gta04: introduce legacy spi-cs-high to make display work again
sched: Add __ASSEMBLY__ guards around struct clone_args
libnvdimm/altmap: Track namespace boundaries in altmap
Revert "locking/pvqspinlock: Don't wait if vCPU is preempted"
mmc: sdhci: Let drivers define their DMA mask
mmc: sdhci-of-esdhc: set DMA snooping based on DMA coherence
mmc: sdhci: improve ADMA error reporting
mmc: tegra: Implement ->set_dma_mask()
mac80211: keep BHs disabled while calling drv_tx_wake_queue()
drm/i915: to make vgpu ppgtt notificaiton as atomic operation
drm/i915/gvt: update vgpu workload head pointer correctly
drm/amd/powerplay: change metrics update period from 1ms to 100ms
drm/nouveau/kms/nv50-: Don't create MSTMs for eDP connectors
drm/msm/dsi: Fix return value check for clk_get_parent
drm/omap: fix max fclk divider for omap36xx
drm: mali-dp: Mark expected switch fall-through
drm/atomic: Take the atomic toys away from X
drm/atomic: Reject FLIP_ASYNC unconditionally
drm/i915/dp: Fix dsc bpp calculations, v5.
perf stat: Fix a segmentation fault when using repeat forever
perf tools: Fix segfault in cpu_cache_level__read()
watchdog: imx2_wdt: fix min() calculation in imx2_wdt_set_timeout
selftests: pidfd: Fix undefined reference to pthread_create()
selftests/tpm2: Add the missing TEST_FILES assignment
PCI: Restore Resizable BAR size bits correctly for 1MB BARs
PCI: vmd: Fix shadow offsets to reflect spec changes
PCI: hv: Avoid use of hv_pci_dev->pci_slot after freeing it
PCI: vmd: Fix config addressing when using bus offsets
timer: Read jiffies once when forwarding base clk
usercopy: Avoid HIGHMEM pfn warning
tracing: Make sure variable reference alias has correct var_ref_idx
power: supply: sbs-battery: only return health when battery present
power: supply: sbs-battery: use correct flags field
MIPS: Treat Loongson Extensions as ASEs
crypto: ccree - use the full crypt length value
crypto: ccree - account for TEE not ready to report
crypto: caam - fix concurrency issue in givencrypt descriptor
crypto: caam/qi - fix error handling in ERN handler
crypto: cavium/zip - Add missing single_release()
crypto: skcipher - Unmap pages after an external error
crypto: qat - Silence smp_processor_id() warning
tools lib traceevent: Do not free tep->cmdlines in add_new_comm() on failure
tools lib traceevent: Fix "robust" test of do_generate_dynamic_list_file
can: mcp251x: mcp251x_hw_reset(): allow more time after a reset
powerpc/mm: Fixup tlbie vs mtpidr/mtlpidr ordering issue on POWER9
powerpc/mm: Fix an Oops in kasan_mmu_init()
powerpc/mm: Add a helper to select PAGE_KERNEL_RO or PAGE_READONLY
powerpc/book3s64/radix: Rename CPU_FTR_P9_TLBIE_BUG feature flag
powerpc/book3s64/mm: Don't do tlbie fixup for some hardware revisions
powerpc/kasan: Fix shadow area set up for modules.
powerpc/kasan: Fix parallel loading of modules.
powerpc/powernv/ioda: Fix race in TCE level allocation
powerpc/pseries: Fix cpu_hotplug_lock acquisition in resize_hpt()
powerpc/powernv: Restrict OPAL symbol map to only be readable by root
powerpc/ptdump: Fix addresses display on PPC32
powerpc/32s: Fix boot failure with DEBUG_PAGEALLOC without KASAN.
powerpc/603: Fix handling of the DIRTY flag
powerpc/mce: Schedule work from irq_work
powerpc/mce: Fix MCE handling for huge pages
powerpc/xive: Implement get_irqchip_state method for XIVE to fix shutdown race
ASoC: sgtl5000: Improve VAG power and mute control
ASoC: Define a set of DAPM pre/post-up events
PM / devfreq: tegra: Fix kHz to Hz conversion
nbd: fix max number of supported devs
KVM: X86: Fix userspace set invalid CR4
KVM: PPC: Book3S HV: Don't lose pending doorbell request on migration on P9
KVM: PPC: Book3S HV: Check for MMU ready on piggybacked virtual cores
KVM: PPC: Book3S HV: Fix race in re-enabling XIVE escalation interrupts
KVM: PPC: Book3S HV: Don't push XIVE context when not using XIVE device
KVM: PPC: Book3S HV: XIVE: Free escalation interrupts before disabling the VP
KVM: PPC: Book3S: Enable XIVE native capability only if OPAL has required functions
KVM: s390: fix __insn32_query() inline assembly
Revert "s390/dasd: Add discard support for ESE volumes"
s390/dasd: Fix error handling during online processing
s390/cio: exclude subchannels with no parent from pseudo check
s390/cio: avoid calling strlen on null pointer
s390/topology: avoid firing events before kobjs are created
KVM: s390: Test for bad access register and size at the start of S390_MEM_OP
s390/sclp: Fix bit checked for has_sipl
s390/process: avoid potential reading of freed stack

Paolo Pisati (p-pisati) on 2019-10-14
Changed in linux (Ubuntu):
status: New → Confirmed
tags: added: kernel-stable-tracking-bug
Changed in linux (Ubuntu Eoan):
status: Confirmed → Fix Committed

All autopkgtests for the newly accepted linux-gcp-5.3 (5.3.0-1008.9~18.04.1) for bionic have finished running.
The following regressions have been reported in tests triggered by the package:

linux-gcp-5.3/unknown (amd64)

Please visit the excuses page listed below and investigate the failures, proceeding afterwards as per the StableReleaseUpdates policy regarding autopkgtest regressions [1].


[1] https://wiki.ubuntu.com/StableReleaseUpdates#Autopkgtest_Regressions

Thank you!

Launchpad Janitor (janitor) wrote :
Download full text (53.1 KiB)

This bug was fixed in the package linux - 5.3.0-22.24

linux (5.3.0-22.24) eoan; urgency=medium

  * [REGRESSION] md/raid0: cannot assemble multi-zone RAID0 with default_layout
    setting (LP: #1849682)
    - Revert "md/raid0: avoid RAID0 data corruption due to layout confusion."

  * refcount underflow and type confusion in shiftfs (LP: #1850867) // CVE-2019-15793
    - SAUCE: shiftfs: Correct id translation for lower fs operations
    - SAUCE: shiftfs: prevent type confusion
    - SAUCE: shiftfs: Fix refcount underflow in btrfs ioctl handling

  * CVE-2018-12207
    - kvm: x86, powerpc: do not allow clearing largepages debugfs entry
    - SAUCE: KVM: vmx, svm: always run with EFER.NXE=1 when shadow paging is
    - SAUCE: x86: Add ITLB_MULTIHIT bug infrastructure
    - SAUCE: kvm: mmu: ITLB_MULTIHIT mitigation
    - SAUCE: kvm: Add helper function for creating VM worker threads
    - SAUCE: kvm: x86: mmu: Recovery of shattered NX large pages
    - SAUCE: cpu/speculation: Uninline and export CPU mitigations helpers
    - SAUCE: kvm: x86: mmu: Apply global mitigations knob to ITLB_MULTIHIT

  * CVE-2019-11135
    - x86/msr: Add the IA32_TSX_CTRL MSR
    - x86/cpu: Add a helper function x86_read_arch_cap_msr()
    - x86/cpu: Add a "tsx=" cmdline option with TSX disabled by default
    - x86/speculation/taa: Add mitigation for TSX Async Abort
    - x86/speculation/taa: Add sysfs reporting for TSX Async Abort
    - kvm/x86: Export MDS_NO=0 to guests when TSX is enabled
    - x86/tsx: Add "auto" option to the tsx= cmdline parameter
    - x86/speculation/taa: Add documentation for TSX Async Abort
    - x86/tsx: Add config options to set tsx=on|off|auto
    - [Config] Disable TSX by default when possible

  * CVE-2019-0154
    - SAUCE: drm/i915: Lower RM timeout to avoid DSI hard hangs
    - SAUCE: drm/i915/gen8+: Add RC6 CTX corruption WA

  * CVE-2019-0155
    - SAUCE: drm/i915: Rename gen7 cmdparser tables
    - SAUCE: drm/i915: Disable Secure Batches for gen6+
    - SAUCE: drm/i915: Remove Master tables from cmdparser
    - SAUCE: drm/i915: Add support for mandatory cmdparsing
    - SAUCE: drm/i915: Support ro ppgtt mapped cmdparser shadow buffers
    - SAUCE: drm/i915: Allow parsing of unsized batches
    - SAUCE: drm/i915: Add gen9 BCS cmdparsing
    - SAUCE: drm/i915/cmdparser: Use explicit goto for error paths
    - SAUCE: drm/i915/cmdparser: Add support for backward jumps
    - SAUCE: drm/i915/cmdparser: Ignore Length operands during command matching

linux (5.3.0-21.22) eoan; urgency=medium

  * eoan/linux: 5.3.0-21.22 -proposed tracker (LP: #1850486)

  * Fix signing of staging modules in eoan (LP: #1850234)
    - [Packaging] Leave unsigned modules unsigned after adding .gnu_debuglink

linux (5.3.0-20.21) eoan; urgency=medium

  * eoan/linux: 5.3.0-20.21 -proposed tracker (LP: #1849064)

  * eoan: alsa/sof: Enable SOF_HDA link and codec (LP: #1848490)
    - [Config] Enable SOF_HDA link and codec

  * Eoan update: 5.3.7 upstream stable release (LP: #1848750)
    - panic: ensure preemption is disabled during panic()
    - [Config] updateconfigs for USB_RIO500
    - USB: rio500: Remove Rio 500 kernel driver

Changed in linux (Ubuntu Eoan):
status: Fix Committed → Fix Released
Launchpad Janitor (janitor) wrote :
Download full text (33.2 KiB)

This bug was fixed in the package linux - 5.3.0-24.26

linux (5.3.0-24.26) eoan; urgency=medium

  * eoan/linux: 5.3.0-24.26 -proposed tracker (LP: #1852232)

  * Eoan update: 5.3.9 upstream stable release (LP: #1851550)
    - io_uring: fix up O_NONBLOCK handling for sockets
    - dm snapshot: introduce account_start_copy() and account_end_copy()
    - dm snapshot: rework COW throttling to fix deadlock
    - Btrfs: fix inode cache block reserve leak on failure to allocate data space
    - btrfs: qgroup: Always free PREALLOC META reserve in
    - iio: adc: meson_saradc: Fix memory allocation order
    - iio: fix center temperature of bmc150-accel-core
    - libsubcmd: Make _FORTIFY_SOURCE defines dependent on the feature
    - perf tests: Avoid raising SEGV using an obvious NULL dereference
    - perf map: Fix overlapped map handling
    - perf script brstackinsn: Fix recovery from LBR/binary mismatch
    - perf jevents: Fix period for Intel fixed counters
    - perf tools: Propagate get_cpuid() error
    - perf annotate: Propagate perf_env__arch() error
    - perf annotate: Fix the signedness of failure returns
    - perf annotate: Propagate the symbol__annotate() error return
    - perf annotate: Fix arch specific ->init() failure errors
    - perf annotate: Return appropriate error code for allocation failures
    - perf annotate: Don't return -1 for error when doing BPF disassembly
    - staging: rtl8188eu: fix null dereference when kzalloc fails
    - RDMA/siw: Fix serialization issue in write_space()
    - RDMA/hfi1: Prevent memory leak in sdma_init
    - RDMA/iw_cxgb4: fix SRQ access from dump_qp()
    - RDMA/iwcm: Fix a lock inversion issue
    - HID: hyperv: Use in-place iterator API in the channel callback
    - kselftest: exclude failed TARGETS from runlist
    - selftests/kselftest/runner.sh: Add 45 second timeout per test
    - nfs: Fix nfsi->nrequests count error on nfs_inode_remove_request
    - arm64: cpufeature: Effectively expose FRINT capability to userspace
    - arm64: Fix incorrect irqflag restore for priority masking for compat
    - arm64: ftrace: Ensure synchronisation in PLT setup for Neoverse-N1 #1542419
    - tty: serial: owl: Fix the link time qualifier of 'owl_uart_exit()'
    - tty: serial: rda: Fix the link time qualifier of 'rda_uart_exit()'
    - serial/sifive: select SERIAL_EARLYCON
    - tty: n_hdlc: fix build on SPARC
    - misc: fastrpc: prevent memory leak in fastrpc_dma_buf_attach
    - RDMA/core: Fix an error handling path in 'res_get_common_doit()'
    - RDMA/cm: Fix memory leak in cm_add/remove_one
    - RDMA/nldev: Reshuffle the code to avoid need to rebind QP in error path
    - RDMA/mlx5: Do not allow rereg of a ODP MR
    - RDMA/mlx5: Order num_pending_prefetch properly with synchronize_srcu
    - RDMA/mlx5: Add missing synchronize_srcu() for MW cases
    - gpio: max77620: Use correct unit for debounce times
    - fs: cifs: mute -Wunused-const-variable message
    - arm64: vdso32: Fix broken compat vDSO build warnings
    - arm64: vdso32: Detect binutils support for dmb ishld
    - serial: mctrl_gpio: Check for NULL pointer
    - serial: 8250_...

Changed in linux (Ubuntu):
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers