Bionic update: upstream stable patchset 2019-10-15

Bug #1848274 reported by Kamal Mostafa on 2019-10-15
10
This bug affects 1 person
Affects Status Importance Assigned to Milestone
linux (Ubuntu)
Undecided
Unassigned
Bionic
Undecided
Kamal Mostafa

Bug Description

SRU Justification

    Impact:
       The upstream process for stable tree updates is quite similar
       in scope to the Ubuntu SRU process, e.g., each patch has to
       demonstrably fix a bug, and each patch is vetted by upstream
       by originating either directly from a mainline/stable Linux tree or
       a minimally backported form of that patch. The following upstream
       stable patches should be included in the Ubuntu kernel:

       upstream stable patchset 2019-10-15

  Ported from the following upstream stable releases:
   v4.14.148, v4.19.78

       from git://git.kernel.org/

tpm: use tpm_try_get_ops() in tpm-sysfs.c.
tpm: Fix TPM 1.2 Shutdown sequence to prevent future TPM operations
drm/bridge: tc358767: Increase AUX transfer length limit
drm/panel: simple: fix AUO g185han01 horizontal blanking
video: ssd1307fb: Start page range at page_offset
drm/stm: attach gem fence to atomic state
drm/radeon: Fix EEH during kexec
gpu: drm: radeon: Fix a possible null-pointer dereference in radeon_connector_set_property()
ipmi_si: Only schedule continuously in the thread in maintenance mode
clk: qoriq: Fix -Wunused-const-variable
clk: sunxi-ng: v3s: add missing clock slices for MMC2 module clocks
clk: sirf: Don't reference clk_init_data after registration
clk: zx296718: Don't reference clk_init_data after registration
powerpc/xmon: Check for HV mode when dumping XIVE info from OPAL
powerpc/rtas: use device model APIs and serialization during LPM
powerpc/futex: Fix warning: 'oldval' may be used uninitialized in this function
powerpc/pseries/mobility: use cond_resched when updating device tree
pinctrl: tegra: Fix write barrier placement in pmx_writel
vfio_pci: Restore original state on release
drm/nouveau/volt: Fix for some cards having 0 maximum voltage
drm/amdgpu/si: fix ASIC tests
powerpc/64s/exception: machine check use correct cfar for late handler
powerpc/pseries: correctly track irq state in default idle
arm64: fix unreachable code issue with cmpxchg
clk: at91: select parent if main oscillator or bypass is enabled
scsi: core: Reduce memory required for SCSI logging
dma-buf/sw_sync: Synchronize signal vs syncpt free
MIPS: tlbex: Explicitly cast _PAGE_NO_EXEC to a boolean
i2c-cht-wc: Fix lockdep warning
PCI: tegra: Fix OF node reference leak
livepatch: Nullify obj->mod in klp_module_coming()'s error path
ARM: 8898/1: mm: Don't treat faults reported from cache maintenance as writes
rtc: snvs: fix possible race condition
HID: apple: Fix stuck function keys when using FN
PCI: rockchip: Propagate errors for optional regulators
PCI: imx6: Propagate errors for optional regulators
PCI: exynos: Propagate errors for optional PHYs
security: smack: Fix possible null-pointer dereferences in smack_socket_sock_rcv_skb()
ARM: 8903/1: ensure that usable memory in bank 0 starts from a PMD-aligned address
fat: work around race with userspace's read via blockdev while mounting
pktcdvd: remove warning on attempting to register non-passthrough dev
hypfs: Fix error number left in struct pointer member
kbuild: clean compressed initramfs image
ocfs2: wait for recovering done after direct unlock request
kmemleak: increase DEBUG_KMEMLEAK_EARLY_LOG_SIZE default to 16K
bpf: fix use after free in prog symbol exposure
cxgb4:Fix out-of-bounds MSI-X info array access
erspan: remove the incorrect mtu limit for erspan
hso: fix NULL-deref on tty open
ipv6: drop incoming packets having a v4mapped source address
net: ipv4: avoid mixed n_redirects and rate_tokens usage
net: qlogic: Fix memory leak in ql_alloc_large_buffers
net: Unpublish sk from sk_reuseport_cb before call_rcu
nfc: fix memory leak in llcp_sock_bind()
qmi_wwan: add support for Cinterion CLS8 devices
sch_dsmark: fix potential NULL deref in dsmark_init()
vsock: Fix a lockdep warning in __vsock_release()
net/rds: Fix error handling in rds_ib_add_one()
xen-netfront: do not use ~0U as error return value for xennet_fill_frags()
tipc: fix unlimited bundling of small messages
sch_cbq: validate TCA_CBQ_WRROPT to avoid crash
ipv6: Handle missing host route in __ipv6_ifa_notify
Smack: Don't ignore other bprm->unsafe flags if LSM_UNSAFE_PTRACE is set
smack: use GFP_NOFS while holding inode_smack::smk_lock
NFC: fix attrs checks in netlink interface
kexec: bail out upon SIGKILL when allocating memory.
drm/panel: check failure cases in the probe func
drm/amd/display: reprogram VM config when system resume
pinctrl: amd: disable spurious-firing GPIO IRQs
pstore: fs superblock limits
pinctrl: meson-gxbb: Fix wrong pinning definition for uart_c
mbox: qcom: add APCS child device for QCS404
ARM: 8875/1: Kconfig: default to AEABI w/ Clang
arm64: consider stack randomization for mmap base only when necessary
mips: properly account for stack randomization and stack guard gap
arm: properly account for stack randomization and stack guard gap
arm: use STACK_TOP when computing mmap base address
UBUNTU: upstream stable to v4.14.148, v4.19.78

Changed in linux (Ubuntu):
status: New → Confirmed
tags: added: kernel-stable-tracking-bug
Changed in linux (Ubuntu Bionic):
status: New → In Progress
assignee: nobody → Kamal Mostafa (kamalmostafa)
description: updated
Changed in linux (Ubuntu Bionic):
status: In Progress → Fix Committed
Launchpad Janitor (janitor) wrote :
Download full text (24.0 KiB)

This bug was fixed in the package linux - 4.15.0-69.78

---------------
linux (4.15.0-69.78) bionic; urgency=medium

  * KVM NULL pointer deref (LP: #1851205)
    - KVM: nVMX: handle page fault in vmread fix

  * CVE-2018-12207
    - KVM: MMU: drop vcpu param in gpte_access
    - kvm: Convert kvm_lock to a mutex
    - kvm: x86: Do not release the page inside mmu_set_spte()
    - KVM: x86: make FNAME(fetch) and __direct_map more similar
    - KVM: x86: remove now unneeded hugepage gfn adjustment
    - KVM: x86: change kvm_mmu_page_get_gfn BUG_ON to WARN_ON
    - KVM: x86: add tracepoints around __direct_map and FNAME(fetch)
    - kvm: x86, powerpc: do not allow clearing largepages debugfs entry
    - SAUCE: KVM: vmx, svm: always run with EFER.NXE=1 when shadow paging is
      active
    - SAUCE: x86: Add ITLB_MULTIHIT bug infrastructure
    - SAUCE: kvm: mmu: ITLB_MULTIHIT mitigation
    - SAUCE: kvm: Add helper function for creating VM worker threads
    - SAUCE: kvm: x86: mmu: Recovery of shattered NX large pages
    - SAUCE: cpu/speculation: Uninline and export CPU mitigations helpers
    - SAUCE: kvm: x86: mmu: Apply global mitigations knob to ITLB_MULTIHIT

  * CVE-2019-11135
    - KVM: x86: use Intel speculation bugs and features as derived in generic x86
      code
    - x86/msr: Add the IA32_TSX_CTRL MSR
    - x86/cpu: Add a helper function x86_read_arch_cap_msr()
    - x86/cpu: Add a "tsx=" cmdline option with TSX disabled by default
    - x86/speculation/taa: Add mitigation for TSX Async Abort
    - x86/speculation/taa: Add sysfs reporting for TSX Async Abort
    - kvm/x86: Export MDS_NO=0 to guests when TSX is enabled
    - x86/tsx: Add "auto" option to the tsx= cmdline parameter
    - x86/speculation/taa: Add documentation for TSX Async Abort
    - x86/tsx: Add config options to set tsx=on|off|auto
    - SAUCE: x86/speculation/taa: Call tsx_init()
    - SAUCE: x86/cpu: Include cpu header from bugs.c
    - [Config] Disable TSX by default when possible

  * CVE-2019-0154
    - SAUCE: drm/i915: Lower RM timeout to avoid DSI hard hangs
    - SAUCE: drm/i915/gen8+: Add RC6 CTX corruption WA

  * CVE-2019-0155
    - drm/i915/gtt: Add read only pages to gen8_pte_encode
    - drm/i915/gtt: Read-only pages for insert_entries on bdw+
    - drm/i915/gtt: Disable read-only support under GVT
    - drm/i915: Prevent writing into a read-only object via a GGTT mmap
    - drm/i915/cmdparser: Check reg_table_count before derefencing.
    - drm/i915/cmdparser: Do not check past the cmd length.
    - drm/i915: Silence smatch for cmdparser
    - drm/i915: Move engine->needs_cmd_parser to engine->flags
    - SAUCE: drm/i915: Rename gen7 cmdparser tables
    - SAUCE: drm/i915: Disable Secure Batches for gen6+
    - SAUCE: drm/i915: Remove Master tables from cmdparser
    - SAUCE: drm/i915: Add support for mandatory cmdparsing
    - SAUCE: drm/i915: Support ro ppgtt mapped cmdparser shadow buffers
    - SAUCE: drm/i915: Allow parsing of unsized batches
    - SAUCE: drm/i915: Add gen9 BCS cmdparsing
    - SAUCE: drm/i915/cmdparser: Use explicit goto for error paths
    - SAUCE: drm/i915/cmdparser: Add support for backward jumps
    - SAUCE: drm/i915/cmdpar...

Changed in linux (Ubuntu Bionic):
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers