Disco update: upstream stable patchset 2019-10-16

Bug #1848367 reported by Kamal Mostafa on 2019-10-16
10
This bug affects 1 person
Affects Status Importance Assigned to Milestone
linux (Ubuntu)
Undecided
Unassigned
Disco
Undecided
Kamal Mostafa

Bug Description

SRU Justification

    Impact:
       The upstream process for stable tree updates is quite similar
       in scope to the Ubuntu SRU process, e.g., each patch has to
       demonstrably fix a bug, and each patch is vetted by upstream
       by originating either directly from a mainline/stable Linux tree or
       a minimally backported form of that patch. The following upstream
       stable patches should be included in the Ubuntu kernel:

       upstream stable patchset 2019-10-16

  Ported from the following upstream stable releases:
   v4.19.77, v5.2.19

       from git://git.kernel.org/

arcnet: provide a buffer big enough to actually receive packets
cdc_ncm: fix divide-by-zero caused by invalid wMaxPacketSize
macsec: drop skb sk before calling gro_cells_receive
net/phy: fix DP83865 10 Mbps HDX loopback disable function
net: qrtr: Stop rx_worker before freeing node
net/sched: act_sample: don't push mac header on ip6gre ingress
net_sched: add max len check for TCA_KIND
nfp: flower: fix memory leak in nfp_flower_spawn_vnic_reprs
openvswitch: change type of UPCALL_PID attribute to NLA_UNSPEC
ppp: Fix memory leak in ppp_write
sch_netem: fix a divide by zero in tabledist()
skge: fix checksum byte order
usbnet: ignore endpoints with invalid wMaxPacketSize
usbnet: sanity checking of packet sizes and device mtu
net: sched: fix possible crash in tcf_action_destroy()
tcp: better handle TCP_USER_TIMEOUT in SYN_SENT state
net/mlx5: Add device ID of upcoming BlueField-2
nfp: flower: prevent memory leak in nfp_flower_spawn_phy_reprs
ALSA: hda: Flush interrupts on disabling
regulator: lm363x: Fix off-by-one n_voltages for lm3632 ldo_vpos/ldo_vneg
ASoC: tlv320aic31xx: suppress error message for EPROBE_DEFER
ASoC: sgtl5000: Fix of unmute outputs on probe
ASoC: sgtl5000: Fix charge pump source assignment
firmware: qcom_scm: Use proper types for dma mappings
dmaengine: bcm2835: Print error in case setting DMA mask fails
leds: leds-lp5562 allow firmware files up to the maximum length
media: dib0700: fix link error for dibx000_i2c_set_speed
media: mtk-cir: lower de-glitch counter for rc-mm protocol
media: exynos4-is: fix leaked of_node references
media: hdpvr: Add device num check and handling
media: i2c: ov5640: Check for devm_gpiod_get_optional() error
time/tick-broadcast: Fix tick_broadcast_offline() lockdep complaint
sched/fair: Fix imbalance due to CPU affinity
sched/core: Fix CPU controller for !RT_GROUP_SCHED
x86/apic: Make apic_pending_intr_clear() more robust
sched/deadline: Fix bandwidth accounting at all levels after offline migration
x86/reboot: Always use NMI fallback when shutdown via reboot vector IPI fails
x86/apic: Soft disable APIC before initializing it
ALSA: hda - Show the fatal CORB/RIRB error more clearly
ALSA: i2c: ak4xxx-adda: Fix a possible null pointer dereference in build_adc_controls()
EDAC/mc: Fix grain_bits calculation
media: iguanair: add sanity checks
base: soc: Export soc_device_register/unregister APIs
ALSA: usb-audio: Skip bSynchAddress endpoint check if it is invalid
ia64:unwind: fix double free for mod->arch.init_unw_table
EDAC/altera: Use the proper type for the IRQ status bits
ASoC: rsnd: don't call clk_get_rate() under atomic context
arm64/prefetch: fix a -Wtype-limits warning
md/raid1: end bio when the device faulty
md: don't call spare_active in md_reap_sync_thread if all member devices can't work
md: don't set In_sync if array is frozen
media: media/platform: fsl-viu.c: fix build for MICROBLAZE
ACPI / processor: don't print errors for processorIDs == 0xff
loop: Add LOOP_SET_DIRECT_IO to compat ioctl
EDAC, pnd2: Fix ioremap() size in dnv_rd_reg()
efi: cper: print AER info of PCIe fatal error
firmware: arm_scmi: Check if platform has released shmem before using
sched/fair: Use rq_lock/unlock in online_fair_sched_group
idle: Prevent late-arriving interrupts from disrupting offline
media: gspca: zero usb_buf on error
perf config: Honour $PERF_CONFIG env var to specify alternate .perfconfig
perf test vfs_getname: Disable ~/.perfconfig to get default output
media: mtk-mdp: fix reference count on old device tree
media: fdp1: Reduce FCP not found message level to debug
media: em28xx: modules workqueue not inited for 2nd device
media: rc: imon: Allow iMON RC protocol for ffdc 7e device
dmaengine: iop-adma: use correct printk format strings
perf record: Support aarch64 random socket_id assignment
media: vsp1: fix memory leak of dl on error return path
media: i2c: ov5645: Fix power sequence
media: omap3isp: Don't set streaming state on random subdevs
media: imx: mipi csi-2: Don't fail if initial state times-out
net: lpc-enet: fix printk format strings
m68k: Prevent some compiler warnings in Coldfire builds
ARM: dts: imx7d: cl-som-imx7: make ethernet work again
ARM: dts: imx7-colibri: disable HS400
media: radio/si470x: kill urb on error
media: hdpvr: add terminating 0 at end of string
ASoC: uniphier: Fix double reset assersion when transitioning to suspend state
tools headers: Fixup bitsperlong per arch includes
ASoC: sun4i-i2s: Don't use the oversample to calculate BCLK
led: triggers: Fix a memory leak bug
nbd: add missing config put
media: mceusb: fix (eliminate) TX IR signal length limit
media: dvb-frontends: use ida for pll number
posix-cpu-timers: Sanitize bogus WARNONS
media: dvb-core: fix a memory leak bug
libperf: Fix alignment trap with xyarray contents in 'perf stat'
EDAC/amd64: Recognize DRAM device type ECC capability
EDAC/amd64: Decode syndrome before translating address
PM / devfreq: passive: Use non-devm notifiers
PM / devfreq: exynos-bus: Correct clock enable sequence
media: cec-notifier: clear cec_adap in cec_notifier_unregister
media: saa7146: add cleanup in hexium_attach()
media: cpia2_usb: fix memory leaks
media: saa7134: fix terminology around saa7134_i2c_eeprom_md7134_gate()
perf trace beauty ioctl: Fix off-by-one error in cmd->string table
media: ov9650: add a sanity check
ASoC: es8316: fix headphone mixer volume table
ACPI / CPPC: do not require the _PSD method
sched/cpufreq: Align trace event behavior of fast switching
x86/apic/vector: Warn when vector space exhaustion breaks affinity
arm64: kpti: ensure patched kernel text is fetched from PoU
x86/mm/pti: Do not invoke PTI functions when PTI is disabled
ASoC: fsl_ssi: Fix clock control issue in master mode
x86/mm/pti: Handle unaligned address gracefully in pti_clone_pagetable()
nvmet: fix data units read and written counters in SMART log
nvme-multipath: fix ana log nsid lookup when nsid is not found
ALSA: firewire-motu: add support for MOTU 4pre
iommu/amd: Silence warnings under memory pressure
libata/ahci: Drop PCS quirk for Denverton and beyond
iommu/iova: Avoid false sharing on fq_timer_on
libtraceevent: Change users plugin directory
ARM: dts: exynos: Mark LDO10 as always-on on Peach Pit/Pi Chromebooks
ACPI: custom_method: fix memory leaks
ACPI / PCI: fix acpi_pci_irq_enable() memory leak
closures: fix a race on wakeup from closure_sync
hwmon: (acpi_power_meter) Change log level for 'unsafe software power cap'
md/raid1: fail run raid1 array when active disk less than one
dmaengine: ti: edma: Do not reset reserved paRAM slots
kprobes: Prohibit probing on BUG() and WARN() address
s390/crypto: xts-aes-s390 fix extra run-time crypto self tests finding
x86/cpu: Add Tiger Lake to Intel family
platform/x86: intel_pmc_core: Do not ioremap RAM
ASoC: dmaengine: Make the pcm->name equal to pcm->id if the name is not set
raid5: don't set STRIPE_HANDLE to stripe which is in batch list
mmc: core: Clarify sdio_irq_pending flag for MMC_CAP2_SDIO_IRQ_NOTHREAD
mmc: sdhci: Fix incorrect switch to HS mode
mmc: core: Add helper function to indicate if SDIO IRQs is enabled
mmc: dw_mmc: Re-store SDIO IRQs mask at system resume
raid5: don't increment read_errors on EILSEQ return
libertas: Add missing sentinel at end of if_usb.c fw_table
ALSA: hda - Drop unsol event handler for Intel HDMI codecs
drm/amd/powerplay/smu7: enforce minimal VBITimeout (v2)
media: ttusb-dec: Fix info-leak in ttusb_dec_send_command()
ALSA: hda/realtek - Blacklist PC beep for Lenovo ThinkCentre M73/93
iommu/amd: Override wrong IVRS IOAPIC on Raven Ridge systems
btrfs: extent-tree: Make sure we only allocate extents from block groups with the same type
media: omap3isp: Set device on omap3isp subdevs
PM / devfreq: passive: fix compiler warning
iwlwifi: fw: don't send GEO_TX_POWER_LIMIT command to FW version 36
ALSA: firewire-tascam: handle error code when getting current source of clock
ALSA: firewire-tascam: check intermediate state of clock status and retry
scsi: scsi_dh_rdac: zero cdb in send_mode_select()
scsi: qla2xxx: Fix Relogin to prevent modifying scan_state flag
printk: Do not lose last line in kmsg buffer dump
IB/mlx5: Free mpi in mp_slave mode
IB/hfi1: Define variables as unsigned long to fix KASAN warning
randstruct: Check member structs in is_pure_ops_struct()
Revert "ceph: use ceph_evict_inode to cleanup inode's resource"
ceph: use ceph_evict_inode to cleanup inode's resource
ALSA: hda/realtek - PCI quirk for Medion E4254
blk-mq: add callback of .cleanup_rq
scsi: implement .cleanup_rq callback
powerpc/imc: Dont create debugfs files for cpu-less nodes
fuse: fix missing unlock_page in fuse_writepage()
parisc: Disable HP HSC-PCI Cards to prevent kernel crash
KVM: x86: always stop emulation on page fault
KVM: x86: set ctxt->have_exception in x86_decode_insn()
KVM: x86: Manually calculate reserved bits when loading PDPTRS
media: sn9c20x: Add MSI MS-1039 laptop to flip_dmi_table
media: don't drop front-end reference count for ->detach
binfmt_elf: Do not move brk for INTERP-less ET_EXEC
ASoC: Intel: NHLT: Fix debug print format
ASoC: Intel: Skylake: Use correct function to access iomem space
ASoC: Intel: Fix use of potentially uninitialized variable
ARM: samsung: Fix system restart on S3C6410
ARM: zynq: Use memcpy_toio instead of memcpy on smp bring-up
arm64: tlb: Ensure we execute an ISB following walk cache invalidation
arm64: dts: rockchip: limit clock rate of MMC controllers for RK3328
alarmtimer: Use EOPNOTSUPP instead of ENOTSUPP
regulator: Defer init completion for a while after late_initcall
efifb: BGRT: Improve efifb_bgrt_sanity_check
gfs2: clear buf_in_tr when ending a transaction in sweep_bh_for_rgrps
memcg, oom: don't require __GFP_FS when invoking memcg OOM killer
memcg, kmem: do not fail __GFP_NOFAIL charges
i40e: check __I40E_VF_DISABLE bit in i40e_sync_filters_subtask
block: fix null pointer dereference in blk_mq_rq_timed_out()
smb3: allow disabling requesting leases
ovl: Fix dereferencing possible ERR_PTR()
ovl: filter of trusted xattr results in audit
btrfs: fix allocation of free space cache v1 bitmap pages
Btrfs: fix use-after-free when using the tree modification log
btrfs: Relinquish CPUs in btrfs_compare_trees
btrfs: qgroup: Fix the wrong target io_tree when freeing reserved data space
btrfs: qgroup: Fix reserved data space leak if we have multiple reserve calls
Btrfs: fix race setting up and completing qgroup rescan workers
md/raid6: Set R5_ReadError when there is read failure on parity disk
md: don't report active array_state until after revalidate_disk() completes.
md: only call set_in_sync() when it is expected to succeed.
cfg80211: Purge frame registrations on iftype change
/dev/mem: Bail out upon SIGKILL.
ext4: fix warning inside ext4_convert_unwritten_extents_endio
ext4: fix punch hole for inline_data file systems
quota: fix wrong condition in is_quota_modification()
hwrng: core - don't wait on add_early_randomness()
i2c: riic: Clear NACK in tend isr
CIFS: fix max ea value size
CIFS: Fix oplock handling for SMB 2.1+ protocols
md/raid0: avoid RAID0 data corruption due to layout confusion.
fuse: fix deadlock with aio poll and fuse_iqueue::waitq.lock
mm/compaction.c: clear total_{migrate,free}_scanned before scanning a new zone
drm/amd/display: Restore backlight brightness after system resume
selftests: Update fib_tests to handle missing ping6
vrf: Do not attempt to create IPv6 mcast rule if IPv6 is disabled
net/mlx5e: Fix traffic duplication in ethtool steering
media: vivid:add sanity check to avoid divide error and set value to 1 if 0.
media: vb2: reorder checks in vb2_poll()
media: vivid: work around high stack usage with clang
rcu/tree: Call setschedule() gp ktread to SCHED_FIFO outside of atomic region
arm64: mm: free the initrd reserved memblock in a aligned manner
soc: amlogic: meson-clk-measure: protect measure with a mutex
RAS: Build debugfs.o only when enabled in Kconfig
ASoC: hdac_hda: fix page fault issue by removing race
perf tools: Fix paths in include statements
blk-mq: Fix memory leak in blk_mq_init_allocated_queue error handling
media: i2c: tda1997x: prevent potential NULL pointer access
arm64/efi: Move variable assignments after SECTIONS
ARM: xscale: fix multi-cpu compilation
kasan/arm64: fix CONFIG_KASAN_SW_TAGS && KASAN_INLINE
x86/platform/intel/iosf_mbi Rewrite locking
powerpc/Makefile: Always pass --synthetic to nm if supported
ACPI / APEI: Release resources if gen_pool_add() fails
ARM: at91: move platform-specific asm-offset.h to arch/arm/mach-at91
soc: renesas: rmobile-sysc: Set GENPD_FLAG_ALWAYS_ON for always-on domain
soc: renesas: Enable ARM_ERRATA_754322 for affected Cortex-A9
PM / devfreq: Fix kernel oops on governor module load
media: aspeed-video: address a protential usage of an unitialized var
ASoC: Intel: Haswell: Adjust machine device private context
x86/amd_nb: Add PCI device IDs for family 17h, model 70h
hwmon: (k10temp) Add support for AMD family 17h, model 70h CPUs
block: make rq sector size accessible for block stats
mmc: mtk-sd: Re-store SDIO IRQs mask at system resume
drm: fix module name in edid_firmware log message
zd1211rw: remove false assertion from zd_mac_clear()
btrfs: delayed-inode: Kill the BUG_ON() in btrfs_delete_delayed_dir_index()
kvm: Nested KVM MMUs need PAE root too
ARM: dts: logicpd-torpedo-baseboard: Fix missing video
ARM: omap2plus_defconfig: Fix missing video
ARM: dts: am3517-evm: Fix missing video
rcu/tree: Fix SCHED_FIFO params
fuse: fix beyond-end-of-page access in fuse_parse_cache()
KVM: x86: Disable posted interrupts for non-standard IRQs delivery modes
spi: spi-fsl-dspi: Exit the ISR with IRQ_NONE when it's not ours
iommu/arm-smmu-v3: Disable detection of ATS and PRI
mt76: round up length on mt76_wr_copy
ath10k: fix channel info parsing for non tlv target
block: mq-deadline: Fix queue restart handling
btrfs: adjust dirty_metadata_bytes after writeback failure of extent buffer
SUNRPC: Fix buffer handling of GSS MIC without slack
ACPI / LPSS: Save/restore LPSS private registers also on Lynxpoint
fs: Export generic_fadvise()
mm: Handle MADV_WILLNEED through vfs_fadvise()
xfs: Fix stale data exposure when readahead races with hole punch
ipmi: move message error checking to avoid deadlock
UBUNTU: upstream stable to v4.19.77, v5.2.19

Changed in linux (Ubuntu):
status: New → Confirmed
tags: added: kernel-stable-tracking-bug
description: updated
Changed in linux (Ubuntu Disco):
status: New → In Progress
assignee: nobody → Kamal Mostafa (kamalmostafa)
Changed in linux (Ubuntu Disco):
status: In Progress → Fix Committed
Launchpad Janitor (janitor) wrote :
Download full text (38.6 KiB)

This bug was fixed in the package linux - 5.0.0-35.38

---------------
linux (5.0.0-35.38) disco; urgency=medium

  * [REGRESSION] md/raid0: cannot assemble multi-zone RAID0 with default_layout
    setting (LP: #1849682)
    - SAUCE: Fix revert "md/raid0: avoid RAID0 data corruption due to layout
      confusion."

  * refcount underflow and type confusion in shiftfs (LP: #1850867) // CVE-2019-15793
    - SAUCE: shiftfs: Correct id translation for lower fs operations
    - SAUCE: shiftfs: prevent type confusion
    - SAUCE: shiftfs: Fix refcount underflow in btrfs ioctl handling

  * CVE-2018-12207
    - kvm: Convert kvm_lock to a mutex
    - kvm: x86: Do not release the page inside mmu_set_spte()
    - KVM: x86: make FNAME(fetch) and __direct_map more similar
    - KVM: x86: remove now unneeded hugepage gfn adjustment
    - KVM: x86: change kvm_mmu_page_get_gfn BUG_ON to WARN_ON
    - KVM: x86: add tracepoints around __direct_map and FNAME(fetch)
    - kvm: x86, powerpc: do not allow clearing largepages debugfs entry
    - SAUCE: KVM: vmx, svm: always run with EFER.NXE=1 when shadow paging is
      active
    - SAUCE: x86: Add ITLB_MULTIHIT bug infrastructure
    - SAUCE: kvm: mmu: ITLB_MULTIHIT mitigation
    - SAUCE: kvm: Add helper function for creating VM worker threads
    - SAUCE: kvm: x86: mmu: Recovery of shattered NX large pages
    - SAUCE: cpu/speculation: Uninline and export CPU mitigations helpers
    - SAUCE: kvm: x86: mmu: Apply global mitigations knob to ITLB_MULTIHIT

  * CVE-2019-11135
    - KVM: x86: use Intel speculation bugs and features as derived in generic x86
      code
    - x86/msr: Add the IA32_TSX_CTRL MSR
    - x86/cpu: Add a helper function x86_read_arch_cap_msr()
    - x86/cpu: Add a "tsx=" cmdline option with TSX disabled by default
    - x86/speculation/taa: Add mitigation for TSX Async Abort
    - x86/speculation/taa: Add sysfs reporting for TSX Async Abort
    - kvm/x86: Export MDS_NO=0 to guests when TSX is enabled
    - x86/tsx: Add "auto" option to the tsx= cmdline parameter
    - x86/speculation/taa: Add documentation for TSX Async Abort
    - x86/tsx: Add config options to set tsx=on|off|auto
    - SAUCE: x86/speculation/taa: Call tsx_init()
    - [Config] Disable TSX by default when possible

  * CVE-2019-0154
    - SAUCE: drm/i915: Lower RM timeout to avoid DSI hard hangs
    - SAUCE: drm/i915/gen8+: Add RC6 CTX corruption WA

  * CVE-2019-0155
    - SAUCE: drm/i915: Rename gen7 cmdparser tables
    - SAUCE: drm/i915: Disable Secure Batches for gen6+
    - SAUCE: drm/i915: Remove Master tables from cmdparser
    - SAUCE: drm/i915: Add support for mandatory cmdparsing
    - SAUCE: drm/i915: Support ro ppgtt mapped cmdparser shadow buffers
    - SAUCE: drm/i915: Allow parsing of unsized batches
    - SAUCE: drm/i915: Add gen9 BCS cmdparsing
    - SAUCE: drm/i915/cmdparser: Use explicit goto for error paths
    - SAUCE: drm/i915/cmdparser: Add support for backward jumps
    - SAUCE: drm/i915/cmdparser: Ignore Length operands during command matching

linux (5.0.0-34.36) disco; urgency=medium

  * disco/linux: <version to be filled> -proposed tracker (LP: #1850574)

  * [REGRESSION] md/raid0: cannot as...

Changed in linux (Ubuntu Disco):
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers