Eoan update: 5.3.7 upstream stable release

Bug #1848750 reported by Connor Kuehl on 2019-10-18
10
This bug affects 1 person
Affects Status Importance Assigned to Milestone
linux (Ubuntu)
Undecided
Unassigned
Eoan
Medium
Connor Kuehl

Bug Description

SRU Justification

    Impact:
       The upstream process for stable tree updates is quite similar
       in scope to the Ubuntu SRU process, e.g., each patch has to
       demonstrably fix a bug, and each patch is vetted by upstream
       by originating either directly from a mainline/stable Linux tree or
       a minimally backported form of that patch. The following upstream
       stable patches should be included in the Ubuntu kernel:

* panic: ensure preemption is disabled during panic()
* UBUNTU: [Config] updateconfigs for USB_RIO500
* USB: rio500: Remove Rio 500 kernel driver
* USB: yurex: Don't retry on unexpected errors
* USB: yurex: fix NULL-derefs on disconnect
* USB: usb-skeleton: fix runtime PM after driver unbind
* USB: usb-skeleton: fix NULL-deref on disconnect
* xhci: Fix false warning message about wrong bounce buffer write length
* xhci: Prevent device initiated U1/U2 link pm if exit latency is too long
* xhci: Check all endpoints for LPM timeout
* xhci: Fix USB 3.1 capability detection on early xHCI 1.1 spec based hosts
* usb: xhci: wait for CNR controller not ready bit in xhci resume
* xhci: Prevent deadlock when xhci adapter breaks during init
* xhci: Increase STS_SAVE timeout in xhci_suspend()
* xhci: Fix NULL pointer dereference in xhci_clear_tt_buffer_complete()
* USB: adutux: fix use-after-free on disconnect
* USB: adutux: fix NULL-derefs on disconnect
* USB: adutux: fix use-after-free on release
* USB: iowarrior: fix use-after-free on disconnect
* USB: iowarrior: fix use-after-free on release
* USB: iowarrior: fix use-after-free after driver unbind
* USB: usblp: fix runtime PM after driver unbind
* USB: chaoskey: fix use-after-free on release
* USB: ldusb: fix NULL-derefs on driver unbind
* serial: uartlite: fix exit path null pointer
* serial: uartps: Fix uartps_major handling
* USB: serial: keyspan: fix NULL-derefs on open() and write()
* USB: serial: ftdi_sio: add device IDs for Sienna and Echelon PL-20
* USB: serial: option: add Telit FN980 compositions
* USB: serial: option: add support for Cinterion CLS8 devices
* USB: serial: fix runtime PM after driver unbind
* USB: usblcd: fix I/O after disconnect
* USB: microtek: fix info-leak at probe
* USB: dummy-hcd: fix power budget for SuperSpeed mode
* usb: renesas_usbhs: gadget: Do not discard queues in usb_ep_set_{halt,wedge}()
* usb: renesas_usbhs: gadget: Fix usb_ep_set_{halt,wedge}() behavior
* usb: typec: tcpm: usb: typec: tcpm: Fix a signedness bug in tcpm_fw_get_caps()
* usb: typec: ucsi: ccg: Remove run_isr flag
* usb: typec: ucsi: displayport: Fix for the mode entering routine
* USB: legousbtower: fix slab info leak at probe
* USB: legousbtower: fix deadlock on disconnect
* USB: legousbtower: fix potential NULL-deref on disconnect
* USB: legousbtower: fix open after failed reset request
* USB: legousbtower: fix use-after-free on release
* mei: me: add comet point (lake) LP device ids
* mei: avoid FW version request on Ibex Peak and earlier
* gpio: eic: sprd: Fix the incorrect EIC offset when toggling
* staging/fbtft: Depend on OF
* staging: bcm2835-audio: Fix draining behavior regression
* Staging: fbtft: fix memory leak in fbtft_framebuffer_alloc
* staging: rtl8188eu: fix HighestRate check in odm_ARFBRefresh_8188E()
* staging: vt6655: Fix memory leak in vt6655_probe
* iio: adc: hx711: fix bug in sampling of data
* iio: adc: ad799x: fix probe error handling
* iio: adc: axp288: Override TS pin bias current for some models
* iio: adc: stm32-adc: move registers definitions
* iio: adc: stm32-adc: fix a race when using several adcs with dma and irq
* iio: light: opt3001: fix mutex unlock race
* iio: light: add missing vcnl4040 of_compatible
* iio: accel: adxl372: Fix/remove limitation for FIFO samples
* iio: accel: adxl372: Fix push to buffers lost samples
* iio: accel: adxl372: Perform a reset at start up
* efivar/ssdt: Don't iterate over EFI vars if no SSDT override was specified
* perf llvm: Don't access out-of-scope array
* perf inject jit: Fix JIT_CODE_MOVE filename
* drm/i915: Perform GGTT restore much earlier during resume
* selinux: fix context string corruption in convert_context()
* CIFS: Gracefully handle QueryInfo errors during open
* CIFS: Force revalidate inode when dentry is stale
* CIFS: Force reval dentry if LOOKUP_REVAL flag is set
* cifs: use cifsInodeInfo->open_file_lock while iterating to avoid a panic
* kernel/sysctl.c: do not override max_threads provided by userspace
* mm/z3fold.c: claim page in the beginning of free
* mm/page_alloc.c: fix a crash in free_pages_prepare()
* mm/vmpressure.c: fix a signedness bug in vmpressure_register_event()
* IB/core: Fix wrong iterating on ports
* firmware: google: increment VPD key_len properly
* gpio: fix getting nonexclusive gpiods from DT
* gpiolib: don't clear FLAG_IS_OUT when emulating open-drain/open-source
* btrfs: relocation: fix use-after-free on dead relocation roots
* btrfs: allocate new inode in NOFS context
* btrfs: fix balance convert to single on 32-bit host CPUs
* Btrfs: fix memory leak due to concurrent append writes with fiemap
* btrfs: fix incorrect updating of log root tree
* btrfs: fix uninitialized ret in ref-verify
* NFS: Fix O_DIRECT accounting of number of bytes read/written
* MIPS: Disable Loongson MMI instructions for kernel build
* MIPS: elf_hwcap: Export userspace ASEs
* RDMA/vmw_pvrdma: Free SRQ only once
* ACPI/PPTT: Add support for ACPI 6.3 thread flag
* arm64: topology: Use PPTT to determine if PE is a thread
* iio: light: fix vcnl4000 devicetree hooks
* Fix the locking in dcache_readdir() and friends
* drm/i915: Bump skl+ max plane width to 5k for linear/x-tiled
* drm/i915: Whitelist COMMON_SLICE_CHICKEN2
* drm/i915: Mark contents as dirty on a write fault
* drm/msm: Use the correct dma_sync calls harder
* media: stkwebcam: fix runtime PM after driver unbind
* arm64/sve: Fix wrong free for task->thread.sve_state
* tracing/hwlat: Report total time spent in all NMIs during the sample
* tracing/hwlat: Don't ignore outer-loop duration when calculating max_latency
* ftrace: Get a reference counter for the trace_array on filter files
* tracing: Get trace_array reference for available_tracers files
* hwmon: Fix HWMON_P_MIN_ALARM mask
* mtd: rawnand: au1550nd: Fix au_read_buf16() prototype
* x86/asm: Fix MWAITX C-state hint value
* io_uring: only flush workqueues on fileset removal
* efi/tpm: Fix sanity check of unsigned tbl_size being less than zero
* Linux 5.3.7
* UBUNTU: [Packaging] remove rtc-bd70528 from modules
* UBUNTU: [Packaging] Remove now un-used modules for amd64

       5.3.7 upstream stable release
       from git://git.kernel.org/

Connor Kuehl (connork) on 2019-10-18
Changed in linux (Ubuntu):
status: New → Confirmed
tags: added: kernel-stable-tracking-bug
Changed in linux (Ubuntu):
status: Confirmed → Invalid
Changed in linux (Ubuntu Eoan):
status: New → In Progress
importance: Undecided → Medium
assignee: nobody → Connor Kuehl (connork)
Connor Kuehl (connork) wrote :

The following patches were skipped since they've already been applied as cherry picks:

* efi/tpm: Don't access event->count when it isn't mapped
* efi/tpm: Don't traverse an event log with no events
* efi/tpm: Only set 'efi_tpm_final_log_size' after successful event log parsing
* blk-wbt: fix performance regression in wbt scale_up/scale_down

Connor Kuehl (connork) on 2019-10-21
description: updated
Changed in linux (Ubuntu Eoan):
status: In Progress → Fix Committed

All autopkgtests for the newly accepted linux-gcp-5.3 (5.3.0-1008.9~18.04.1) for bionic have finished running.
The following regressions have been reported in tests triggered by the package:

linux-gcp-5.3/unknown (amd64)

Please visit the excuses page listed below and investigate the failures, proceeding afterwards as per the StableReleaseUpdates policy regarding autopkgtest regressions [1].

https://people.canonical.com/~ubuntu-archive/proposed-migration/bionic/update_excuses.html#linux-gcp-5.3

[1] https://wiki.ubuntu.com/StableReleaseUpdates#Autopkgtest_Regressions

Thank you!

Launchpad Janitor (janitor) wrote :
Download full text (53.1 KiB)

This bug was fixed in the package linux - 5.3.0-22.24

---------------
linux (5.3.0-22.24) eoan; urgency=medium

  * [REGRESSION] md/raid0: cannot assemble multi-zone RAID0 with default_layout
    setting (LP: #1849682)
    - Revert "md/raid0: avoid RAID0 data corruption due to layout confusion."

  * refcount underflow and type confusion in shiftfs (LP: #1850867) // CVE-2019-15793
    - SAUCE: shiftfs: Correct id translation for lower fs operations
    - SAUCE: shiftfs: prevent type confusion
    - SAUCE: shiftfs: Fix refcount underflow in btrfs ioctl handling

  * CVE-2018-12207
    - kvm: x86, powerpc: do not allow clearing largepages debugfs entry
    - SAUCE: KVM: vmx, svm: always run with EFER.NXE=1 when shadow paging is
      active
    - SAUCE: x86: Add ITLB_MULTIHIT bug infrastructure
    - SAUCE: kvm: mmu: ITLB_MULTIHIT mitigation
    - SAUCE: kvm: Add helper function for creating VM worker threads
    - SAUCE: kvm: x86: mmu: Recovery of shattered NX large pages
    - SAUCE: cpu/speculation: Uninline and export CPU mitigations helpers
    - SAUCE: kvm: x86: mmu: Apply global mitigations knob to ITLB_MULTIHIT

  * CVE-2019-11135
    - x86/msr: Add the IA32_TSX_CTRL MSR
    - x86/cpu: Add a helper function x86_read_arch_cap_msr()
    - x86/cpu: Add a "tsx=" cmdline option with TSX disabled by default
    - x86/speculation/taa: Add mitigation for TSX Async Abort
    - x86/speculation/taa: Add sysfs reporting for TSX Async Abort
    - kvm/x86: Export MDS_NO=0 to guests when TSX is enabled
    - x86/tsx: Add "auto" option to the tsx= cmdline parameter
    - x86/speculation/taa: Add documentation for TSX Async Abort
    - x86/tsx: Add config options to set tsx=on|off|auto
    - [Config] Disable TSX by default when possible

  * CVE-2019-0154
    - SAUCE: drm/i915: Lower RM timeout to avoid DSI hard hangs
    - SAUCE: drm/i915/gen8+: Add RC6 CTX corruption WA

  * CVE-2019-0155
    - SAUCE: drm/i915: Rename gen7 cmdparser tables
    - SAUCE: drm/i915: Disable Secure Batches for gen6+
    - SAUCE: drm/i915: Remove Master tables from cmdparser
    - SAUCE: drm/i915: Add support for mandatory cmdparsing
    - SAUCE: drm/i915: Support ro ppgtt mapped cmdparser shadow buffers
    - SAUCE: drm/i915: Allow parsing of unsized batches
    - SAUCE: drm/i915: Add gen9 BCS cmdparsing
    - SAUCE: drm/i915/cmdparser: Use explicit goto for error paths
    - SAUCE: drm/i915/cmdparser: Add support for backward jumps
    - SAUCE: drm/i915/cmdparser: Ignore Length operands during command matching

linux (5.3.0-21.22) eoan; urgency=medium

  * eoan/linux: 5.3.0-21.22 -proposed tracker (LP: #1850486)

  * Fix signing of staging modules in eoan (LP: #1850234)
    - [Packaging] Leave unsigned modules unsigned after adding .gnu_debuglink

linux (5.3.0-20.21) eoan; urgency=medium

  * eoan/linux: 5.3.0-20.21 -proposed tracker (LP: #1849064)

  * eoan: alsa/sof: Enable SOF_HDA link and codec (LP: #1848490)
    - [Config] Enable SOF_HDA link and codec

  * Eoan update: 5.3.7 upstream stable release (LP: #1848750)
    - panic: ensure preemption is disabled during panic()
    - [Config] updateconfigs for USB_RIO500
    - USB: rio500: Remove Rio 500 kernel driver
   ...

Changed in linux (Ubuntu Eoan):
status: Fix Committed → Fix Released
Launchpad Janitor (janitor) wrote :
Download full text (33.2 KiB)

This bug was fixed in the package linux - 5.3.0-24.26

---------------
linux (5.3.0-24.26) eoan; urgency=medium

  * eoan/linux: 5.3.0-24.26 -proposed tracker (LP: #1852232)

  * Eoan update: 5.3.9 upstream stable release (LP: #1851550)
    - io_uring: fix up O_NONBLOCK handling for sockets
    - dm snapshot: introduce account_start_copy() and account_end_copy()
    - dm snapshot: rework COW throttling to fix deadlock
    - Btrfs: fix inode cache block reserve leak on failure to allocate data space
    - btrfs: qgroup: Always free PREALLOC META reserve in
      btrfs_delalloc_release_extents()
    - iio: adc: meson_saradc: Fix memory allocation order
    - iio: fix center temperature of bmc150-accel-core
    - libsubcmd: Make _FORTIFY_SOURCE defines dependent on the feature
    - perf tests: Avoid raising SEGV using an obvious NULL dereference
    - perf map: Fix overlapped map handling
    - perf script brstackinsn: Fix recovery from LBR/binary mismatch
    - perf jevents: Fix period for Intel fixed counters
    - perf tools: Propagate get_cpuid() error
    - perf annotate: Propagate perf_env__arch() error
    - perf annotate: Fix the signedness of failure returns
    - perf annotate: Propagate the symbol__annotate() error return
    - perf annotate: Fix arch specific ->init() failure errors
    - perf annotate: Return appropriate error code for allocation failures
    - perf annotate: Don't return -1 for error when doing BPF disassembly
    - staging: rtl8188eu: fix null dereference when kzalloc fails
    - RDMA/siw: Fix serialization issue in write_space()
    - RDMA/hfi1: Prevent memory leak in sdma_init
    - RDMA/iw_cxgb4: fix SRQ access from dump_qp()
    - RDMA/iwcm: Fix a lock inversion issue
    - HID: hyperv: Use in-place iterator API in the channel callback
    - kselftest: exclude failed TARGETS from runlist
    - selftests/kselftest/runner.sh: Add 45 second timeout per test
    - nfs: Fix nfsi->nrequests count error on nfs_inode_remove_request
    - arm64: cpufeature: Effectively expose FRINT capability to userspace
    - arm64: Fix incorrect irqflag restore for priority masking for compat
    - arm64: ftrace: Ensure synchronisation in PLT setup for Neoverse-N1 #1542419
    - tty: serial: owl: Fix the link time qualifier of 'owl_uart_exit()'
    - tty: serial: rda: Fix the link time qualifier of 'rda_uart_exit()'
    - serial/sifive: select SERIAL_EARLYCON
    - tty: n_hdlc: fix build on SPARC
    - misc: fastrpc: prevent memory leak in fastrpc_dma_buf_attach
    - RDMA/core: Fix an error handling path in 'res_get_common_doit()'
    - RDMA/cm: Fix memory leak in cm_add/remove_one
    - RDMA/nldev: Reshuffle the code to avoid need to rebind QP in error path
    - RDMA/mlx5: Do not allow rereg of a ODP MR
    - RDMA/mlx5: Order num_pending_prefetch properly with synchronize_srcu
    - RDMA/mlx5: Add missing synchronize_srcu() for MW cases
    - gpio: max77620: Use correct unit for debounce times
    - fs: cifs: mute -Wunused-const-variable message
    - arm64: vdso32: Fix broken compat vDSO build warnings
    - arm64: vdso32: Detect binutils support for dmb ishld
    - serial: mctrl_gpio: Check for NULL pointer
    - serial: 8250_...

Changed in linux (Ubuntu):
status: Invalid → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers