Eoan update: v5.3.8 upstream stable release

Bug #1850456 reported by Connor Kuehl on 2019-10-29
14
This bug affects 2 people
Affects Status Importance Assigned to Milestone
linux (Ubuntu)
Undecided
Unassigned
Eoan
Medium
Connor Kuehl

Bug Description

SRU Justification

    Impact:
       The upstream process for stable tree updates is quite similar
       in scope to the Ubuntu SRU process, e.g., each patch has to
       demonstrably fix a bug, and each patch is vetted by upstream
       by originating either directly from a mainline/stable Linux tree or
       a minimally backported form of that patch. The following upstream
       stable patches should be included in the Ubuntu kernel:

* drm: Free the writeback_job when it with an empty fb
* drm: Clear the fence pointer when writeback job signaled
* clk: ti: dra7: Fix mcasp8 clock bits
* ARM: dts: Fix wrong clocks for dra7 mcasp
* nvme-pci: Fix a race in controller removal
* scsi: ufs: skip shutdown if hba is not powered
* scsi: megaraid: disable device when probe failed after enabled device
* scsi: qla2xxx: Silence fwdump template message
* scsi: qla2xxx: Fix unbound sleep in fcport delete path.
* scsi: qla2xxx: Fix stale mem access on driver unload
* scsi: qla2xxx: Fix N2N link reset
* scsi: qla2xxx: Fix N2N link up fail
* ARM: dts: Fix gpio0 flags for am335x-icev2
* ARM: OMAP2+: Fix missing reset done flag for am3 and am43
* ARM: OMAP2+: Add missing LCDC midlemode for am335x
* ARM: OMAP2+: Fix warnings with broken omap2_set_init_voltage()
* nvme-tcp: fix wrong stop condition in io_work
* nvme-pci: Save PCI state before putting drive into deepest state
* nvme: fix an error code in nvme_init_subsystem()
* nvme-rdma: Fix max_hw_sectors calculation
* Added QUIRKs for ADATA XPG SX8200 Pro 512GB
* nvme: Add quirk for Kingston NVME SSD running FW E8FK11.T
* nvme: allow 64-bit results in passthru commands
* drm/komeda: prevent memory leak in komeda_wb_connector_add
* nvme-rdma: fix possible use-after-free in connect timeout
* blk-mq: honor IO scheduler for multiqueue devices
* ieee802154: ca8210: prevent memory leak
* ARM: dts: am4372: Set memory bandwidth limit for DISPC
* net: dsa: qca8k: Use up to 7 ports for all operations
* MIPS: dts: ar9331: fix interrupt-controller size
* xen/efi: Set nonblocking callbacks
* loop: change queue block size to match when using DIO
* nl80211: fix null pointer dereference
* mac80211: fix txq null pointer dereference
* netfilter: nft_connlimit: disable bh on garbage collection
* net: mscc: ocelot: add missing of_node_put after calling of_get_child_by_name
* net: dsa: rtl8366rb: add missing of_node_put after calling of_get_child_by_name
* net: stmmac: xgmac: Not all Unicast addresses may be available
* net: stmmac: dwmac4: Always update the MAC Hash Filter
* net: stmmac: Correctly take timestamp for PTPv2
* net: stmmac: Do not stop PHY if WoL is enabled
* net: ag71xx: fix mdio subnode support
* RISC-V: Clear load reservations while restoring hart contexts
* riscv: Fix memblock reservation for device tree blob
* drm/amdgpu: fix multiple memory leaks in acp_hw_init
* drm/amd/display: memory leak
* mips: Loongson: Fix the link time qualifier of 'serial_exit()'
* net: hisilicon: Fix usage of uninitialized variable in function mdio_sc_cfg_reg_write()
* net: stmmac: Avoid deadlock on suspend/resume
* selftests: kvm: Fix libkvm build error
* lib: textsearch: fix escapes in example code
* s390/mm: fix -Wunused-but-set-variable warnings
* net: phy: allow for reset line to be tied to a sleepy GPIO controller
* net: phy: fix write to mii-ctrl1000 register
* namespace: fix namespace.pl script to support relative paths
* Convert filldir[64]() from __put_user() to unsafe_put_user()
* elf: don't use MAP_FIXED_NOREPLACE for elf executable mappings
* Make filldir[64]() verify the directory entry filename is valid
* uaccess: implement a proper unsafe_copy_to_user() and switch filldir over to it
* filldir[64]: remove WARN_ON_ONCE() for bad directory entries
* net_sched: fix backward compatibility for TCA_KIND
* net_sched: fix backward compatibility for TCA_ACT_KIND
* libata/ahci: Fix PCS quirk application
* md/raid0: fix warning message for parameter default_layout
* Revert "drm/radeon: Fix EEH during kexec"
* ocfs2: fix panic due to ocfs2_wq is null
* nvme-pci: Set the prp2 correctly when using more than 4k page
* ipv4: fix race condition between route lookup and invalidation
* ipv4: Return -ENETUNREACH if we can't create route but saddr is valid
* net: avoid potential infinite loop in tc_ctl_action()
* net: bcmgenet: Fix RGMII_MODE_EN value for GENET v1/2/3
* net: bcmgenet: Set phydev->dev_flags only for internal PHYs
* net: i82596: fix dma_alloc_attr for sni_82596
* net/ibmvnic: Fix EOI when running in XIVE mode.
* net: ipv6: fix listify ip6_rcv_finish in case of forwarding
* net: stmmac: disable/enable ptp_ref_clk in suspend/resume flow
* rxrpc: Fix possible NULL pointer access in ICMP handling
* sched: etf: Fix ordering of packets with same txtime
* sctp: change sctp_prot .no_autobind with true
* net: aquantia: temperature retrieval fix
* net: aquantia: when cleaning hw cache it should be toggled
* net: aquantia: do not pass lro session with invalid tcp checksum
* net: aquantia: correctly handle macvlan and multicast coexistence
* net: phy: micrel: Discern KSZ8051 and KSZ8795 PHYs
* net: phy: micrel: Update KSZ87xx PHY name
* net: avoid errors when trying to pop MLPS header on non-MPLS packets
* net/sched: fix corrupted L2 header with MPLS 'push' and 'pop' actions
* netdevsim: Fix error handling in nsim_fib_init and nsim_fib_exit
* net: ethernet: broadcom: have drivers select DIMLIB as needed
* net: phy: Fix "link partner" information disappear issue
* rxrpc: use rcu protection while reading sk->sk_user_data
* io_uring: fix bad inflight accounting for SETUP_IOPOLL|SETUP_SQTHREAD
* io_uring: Fix corrupted user_data
* USB: legousbtower: fix memleak on disconnect
* ALSA: hda/realtek - Add support for ALC711
* ALSA: hda/realtek - Enable headset mic on Asus MJ401TA
* ALSA: usb-audio: Disable quirks for BOSS Katana amplifiers
* ALSA: hda - Force runtime PM on Nvidia HDMI codecs
* usb: udc: lpc32xx: fix bad bit shift operation
* USB: serial: ti_usb_3410_5052: fix port-close races
* USB: ldusb: fix memleak on disconnect
* USB: usblp: fix use-after-free on disconnect
* USB: ldusb: fix read info leaks
* binder: Don't modify VMA bounds in ->mmap handler
* MIPS: tlbex: Fix build_restore_pagemask KScratch restore
* staging: wlan-ng: fix exit return when sme->key_idx >= NUM_WEPKEYS
* scsi: zfcp: fix reaction on bit error threshold notification
* scsi: sd: Ignore a failure to sync cache due to lack of authorization
* scsi: core: save/restore command resid for error handling
* scsi: core: try to get module before removing device
* scsi: ch: Make it possible to open a ch device multiple times again
* Revert "Input: elantech - enable SMBus on new (2018+) systems"
* Input: da9063 - fix capability and drop KEY_SLEEP
* Input: synaptics-rmi4 - avoid processing unknown IRQs
* Input: st1232 - fix reporting multitouch coordinates
* ASoC: rsnd: Reinitialize bit clock inversion flag for every format setting
* ACPI: CPPC: Set pcc_data[pcc_ss_id] to NULL in acpi_cppc_processor_exit()
* ACPI: NFIT: Fix unlock on error in scrub_show()
* iwlwifi: pcie: change qu with jf devices to use qu configuration
* cfg80211: wext: avoid copying malformed SSIDs
* mac80211: Reject malformed SSID elements
* drm/edid: Add 6 bpc quirk for SDC panel in Lenovo G50
* drm/ttm: Restore ttm prefaulting
* drm/panfrost: Handle resetting on timeout better
* drm/amdgpu: Bail earlier when amdgpu.cik_/si_support is not set to 1
* drm/amdgpu/sdma5: fix mask value of POLL_REGMEM packet for pipe sync
* drm/i915/userptr: Never allow userptr into the mappable GGTT
* drm/i915: Favor last VBT child device with conflicting AUX ch/DDC pin
* drm/amdgpu/vce: fix allocation size in enc ring test
* drm/amdgpu/vcn: fix allocation size in enc ring test
* drm/amdgpu/uvd6: fix allocation size in enc ring test (v2)
* drm/amdgpu/uvd7: fix allocation size in enc ring test (v2)
* drm/amdgpu: user pages array memory leak fix
* drivers/base/memory.c: don't access uninitialized memmaps in soft_offline_page_store()
* fs/proc/page.c: don't access uninitialized memmaps in fs/proc/page.c
* io_uring: Fix broken links with offloading
* io_uring: Fix race for sqes with userspace
* io_uring: used cached copies of sq->dropped and cq->overflow
* mmc: mxs: fix flags passed to dmaengine_prep_slave_sg
* mmc: cqhci: Commit descriptors before setting the doorbell
* mmc: sdhci-omap: Fix Tuning procedure for temperatures < -20C
* mm/memory-failure.c: don't access uninitialized memmaps in memory_failure()
* mm/slub: fix a deadlock in show_slab_objects()
* mm/page_owner: don't access uninitialized memmaps when reading /proc/pagetypeinfo
* mm/memunmap: don't access uninitialized memmap in memunmap_pages()
* mm: memcg/slab: fix panic in __free_slab() caused by premature memcg pointer release
* mm, compaction: fix wrong pfn handling in __reset_isolation_pfn()
* mm: memcg: get number of pages on the LRU list in memcgroup base on lru_zone_size
* mm: memblock: do not enforce current limit for memblock_phys* family
* hugetlbfs: don't access uninitialized memmaps in pfn_range_valid_gigantic()
* mm/memory-failure: poison read receives SIGKILL instead of SIGBUS if mmaped more than once
* zram: fix race between backing_dev_show and backing_dev_store
* xtensa: drop EXPORT_SYMBOL for outs*/ins*
* xtensa: fix change_bit in exclusive access option
* s390/zcrypt: fix memleak at release
* s390/kaslr: add support for R_390_GLOB_DAT relocation type
* lib/vdso: Make clock_getres() POSIX compliant again
* parisc: Fix vmap memory leak in ioremap()/iounmap()
* EDAC/ghes: Fix Use after free in ghes_edac remove path
* arm64: KVM: Trap VM ops when ARM64_WORKAROUND_CAVIUM_TX2_219_TVM is set
* arm64: Avoid Cavium TX2 erratum 219 when switching TTBR
* arm64: Enable workaround for Cavium TX2 erratum 219 when running SMT
* arm64: Allow CAVIUM_TX2_ERRATUM_219 to be selected
* CIFS: avoid using MID 0xFFFF
* cifs: Fix missed free operations
* CIFS: Fix use after free of file info structures
* perf/aux: Fix AUX output stopping
* tracing: Fix race in perf_trace_buf initialization
* fs/dax: Fix pmd vs pte conflict detection
* dm cache: fix bugs when a GFP_NOWAIT allocation fails
* irqchip/sifive-plic: Switch to fasteoi flow
* x86/boot/64: Make level2_kernel_pgt pages invalid outside kernel area
* x86/apic/x2apic: Fix a NULL pointer deref when handling a dying cpu
* x86/hyperv: Make vapic support x2apic mode
* pinctrl: cherryview: restore Strago DMI workaround for all versions
* pinctrl: armada-37xx: fix control of pins 32 and up
* pinctrl: armada-37xx: swap polarity on LED group
* btrfs: block-group: Fix a memory leak due to missing btrfs_put_block_group()
* Btrfs: add missing extents release on file extent cluster relocation error
* btrfs: don't needlessly create extent-refs kernel thread
* Btrfs: fix qgroup double free after failure to reserve metadata for delalloc
* Btrfs: check for the full sync flag while holding the inode lock during fsync
* btrfs: tracepoints: Fix wrong parameter order for qgroup events
* btrfs: tracepoints: Fix bad entry members of qgroup events
* KVM: PPC: Book3S HV: XIVE: Ensure VP isn't already in use
* memstick: jmb38x_ms: Fix an error handling path in 'jmb38x_ms_probe()'
* cpufreq: Avoid cpufreq_suspend() deadlock on system shutdown
* ceph: just skip unrecognized info in ceph_reply_info_extra
* xen/netback: fix error path of xenvif_connect_data()
* PCI: PM: Fix pci_power_up()
* opp: of: drop incorrect lockdep_assert_held()
* of: reserved_mem: add missing of_node_put() for proper ref-counting
* blk-rq-qos: fix first node deletion of rq_qos_del()
* RDMA/cxgb4: Do not dma memory off of the stack
* Linux 5.3.8
* UBUNTU: upstream stable to v5.3.8

       v5.3.8 upstream stable release
       from git://git.kernel.org/

CVE References

Connor Kuehl (connork) on 2019-10-29
Changed in linux (Ubuntu):
status: New → Confirmed
tags: added: kernel-stable-tracking-bug
Changed in linux (Ubuntu):
status: Confirmed → Invalid
Changed in linux (Ubuntu Eoan):
status: New → In Progress
importance: Undecided → Medium
assignee: nobody → Connor Kuehl (connork)
Connor Kuehl (connork) wrote :

The following patches were skipped since they have already been applied:

* r8152: Set macpassthru in reset_resume callback
* LSM: SafeSetID: Stop releasing uninitialized ruleset

Connor Kuehl (connork) on 2019-10-29
description: updated
Changed in linux (Ubuntu Eoan):
status: In Progress → Fix Committed
Stefan Bader (smb) wrote :

Dropped before 2019.11.11 cycle start: "md/raid0: fix warning message for parameter default_layout". The patch this fixes was reverted until user-space can handle the situation (bug #1849682).

Launchpad Janitor (janitor) wrote :
Download full text (33.2 KiB)

This bug was fixed in the package linux - 5.3.0-24.26

---------------
linux (5.3.0-24.26) eoan; urgency=medium

  * eoan/linux: 5.3.0-24.26 -proposed tracker (LP: #1852232)

  * Eoan update: 5.3.9 upstream stable release (LP: #1851550)
    - io_uring: fix up O_NONBLOCK handling for sockets
    - dm snapshot: introduce account_start_copy() and account_end_copy()
    - dm snapshot: rework COW throttling to fix deadlock
    - Btrfs: fix inode cache block reserve leak on failure to allocate data space
    - btrfs: qgroup: Always free PREALLOC META reserve in
      btrfs_delalloc_release_extents()
    - iio: adc: meson_saradc: Fix memory allocation order
    - iio: fix center temperature of bmc150-accel-core
    - libsubcmd: Make _FORTIFY_SOURCE defines dependent on the feature
    - perf tests: Avoid raising SEGV using an obvious NULL dereference
    - perf map: Fix overlapped map handling
    - perf script brstackinsn: Fix recovery from LBR/binary mismatch
    - perf jevents: Fix period for Intel fixed counters
    - perf tools: Propagate get_cpuid() error
    - perf annotate: Propagate perf_env__arch() error
    - perf annotate: Fix the signedness of failure returns
    - perf annotate: Propagate the symbol__annotate() error return
    - perf annotate: Fix arch specific ->init() failure errors
    - perf annotate: Return appropriate error code for allocation failures
    - perf annotate: Don't return -1 for error when doing BPF disassembly
    - staging: rtl8188eu: fix null dereference when kzalloc fails
    - RDMA/siw: Fix serialization issue in write_space()
    - RDMA/hfi1: Prevent memory leak in sdma_init
    - RDMA/iw_cxgb4: fix SRQ access from dump_qp()
    - RDMA/iwcm: Fix a lock inversion issue
    - HID: hyperv: Use in-place iterator API in the channel callback
    - kselftest: exclude failed TARGETS from runlist
    - selftests/kselftest/runner.sh: Add 45 second timeout per test
    - nfs: Fix nfsi->nrequests count error on nfs_inode_remove_request
    - arm64: cpufeature: Effectively expose FRINT capability to userspace
    - arm64: Fix incorrect irqflag restore for priority masking for compat
    - arm64: ftrace: Ensure synchronisation in PLT setup for Neoverse-N1 #1542419
    - tty: serial: owl: Fix the link time qualifier of 'owl_uart_exit()'
    - tty: serial: rda: Fix the link time qualifier of 'rda_uart_exit()'
    - serial/sifive: select SERIAL_EARLYCON
    - tty: n_hdlc: fix build on SPARC
    - misc: fastrpc: prevent memory leak in fastrpc_dma_buf_attach
    - RDMA/core: Fix an error handling path in 'res_get_common_doit()'
    - RDMA/cm: Fix memory leak in cm_add/remove_one
    - RDMA/nldev: Reshuffle the code to avoid need to rebind QP in error path
    - RDMA/mlx5: Do not allow rereg of a ODP MR
    - RDMA/mlx5: Order num_pending_prefetch properly with synchronize_srcu
    - RDMA/mlx5: Add missing synchronize_srcu() for MW cases
    - gpio: max77620: Use correct unit for debounce times
    - fs: cifs: mute -Wunused-const-variable message
    - arm64: vdso32: Fix broken compat vDSO build warnings
    - arm64: vdso32: Detect binutils support for dmb ishld
    - serial: mctrl_gpio: Check for NULL pointer
    - serial: 8250_...

Changed in linux (Ubuntu Eoan):
status: Fix Committed → Fix Released
Changed in linux (Ubuntu):
status: Invalid → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers