Eoan update: v5.3.8 upstream stable release

Bug #1850456 reported by Connor Kuehl on 2019-10-29
This bug affects 2 people
Affects Status Importance Assigned to Milestone
linux (Ubuntu)
Connor Kuehl

Bug Description

SRU Justification

       The upstream process for stable tree updates is quite similar
       in scope to the Ubuntu SRU process, e.g., each patch has to
       demonstrably fix a bug, and each patch is vetted by upstream
       by originating either directly from a mainline/stable Linux tree or
       a minimally backported form of that patch. The following upstream
       stable patches should be included in the Ubuntu kernel:

* drm: Free the writeback_job when it with an empty fb
* drm: Clear the fence pointer when writeback job signaled
* clk: ti: dra7: Fix mcasp8 clock bits
* ARM: dts: Fix wrong clocks for dra7 mcasp
* nvme-pci: Fix a race in controller removal
* scsi: ufs: skip shutdown if hba is not powered
* scsi: megaraid: disable device when probe failed after enabled device
* scsi: qla2xxx: Silence fwdump template message
* scsi: qla2xxx: Fix unbound sleep in fcport delete path.
* scsi: qla2xxx: Fix stale mem access on driver unload
* scsi: qla2xxx: Fix N2N link reset
* scsi: qla2xxx: Fix N2N link up fail
* ARM: dts: Fix gpio0 flags for am335x-icev2
* ARM: OMAP2+: Fix missing reset done flag for am3 and am43
* ARM: OMAP2+: Add missing LCDC midlemode for am335x
* ARM: OMAP2+: Fix warnings with broken omap2_set_init_voltage()
* nvme-tcp: fix wrong stop condition in io_work
* nvme-pci: Save PCI state before putting drive into deepest state
* nvme: fix an error code in nvme_init_subsystem()
* nvme-rdma: Fix max_hw_sectors calculation
* Added QUIRKs for ADATA XPG SX8200 Pro 512GB
* nvme: Add quirk for Kingston NVME SSD running FW E8FK11.T
* nvme: allow 64-bit results in passthru commands
* drm/komeda: prevent memory leak in komeda_wb_connector_add
* nvme-rdma: fix possible use-after-free in connect timeout
* blk-mq: honor IO scheduler for multiqueue devices
* ieee802154: ca8210: prevent memory leak
* ARM: dts: am4372: Set memory bandwidth limit for DISPC
* net: dsa: qca8k: Use up to 7 ports for all operations
* MIPS: dts: ar9331: fix interrupt-controller size
* xen/efi: Set nonblocking callbacks
* loop: change queue block size to match when using DIO
* nl80211: fix null pointer dereference
* mac80211: fix txq null pointer dereference
* netfilter: nft_connlimit: disable bh on garbage collection
* net: mscc: ocelot: add missing of_node_put after calling of_get_child_by_name
* net: dsa: rtl8366rb: add missing of_node_put after calling of_get_child_by_name
* net: stmmac: xgmac: Not all Unicast addresses may be available
* net: stmmac: dwmac4: Always update the MAC Hash Filter
* net: stmmac: Correctly take timestamp for PTPv2
* net: stmmac: Do not stop PHY if WoL is enabled
* net: ag71xx: fix mdio subnode support
* RISC-V: Clear load reservations while restoring hart contexts
* riscv: Fix memblock reservation for device tree blob
* drm/amdgpu: fix multiple memory leaks in acp_hw_init
* drm/amd/display: memory leak
* mips: Loongson: Fix the link time qualifier of 'serial_exit()'
* net: hisilicon: Fix usage of uninitialized variable in function mdio_sc_cfg_reg_write()
* net: stmmac: Avoid deadlock on suspend/resume
* selftests: kvm: Fix libkvm build error
* lib: textsearch: fix escapes in example code
* s390/mm: fix -Wunused-but-set-variable warnings
* net: phy: allow for reset line to be tied to a sleepy GPIO controller
* net: phy: fix write to mii-ctrl1000 register
* namespace: fix namespace.pl script to support relative paths
* Convert filldir[64]() from __put_user() to unsafe_put_user()
* elf: don't use MAP_FIXED_NOREPLACE for elf executable mappings
* Make filldir[64]() verify the directory entry filename is valid
* uaccess: implement a proper unsafe_copy_to_user() and switch filldir over to it
* filldir[64]: remove WARN_ON_ONCE() for bad directory entries
* net_sched: fix backward compatibility for TCA_KIND
* net_sched: fix backward compatibility for TCA_ACT_KIND
* libata/ahci: Fix PCS quirk application
* md/raid0: fix warning message for parameter default_layout
* Revert "drm/radeon: Fix EEH during kexec"
* ocfs2: fix panic due to ocfs2_wq is null
* nvme-pci: Set the prp2 correctly when using more than 4k page
* ipv4: fix race condition between route lookup and invalidation
* ipv4: Return -ENETUNREACH if we can't create route but saddr is valid
* net: avoid potential infinite loop in tc_ctl_action()
* net: bcmgenet: Fix RGMII_MODE_EN value for GENET v1/2/3
* net: bcmgenet: Set phydev->dev_flags only for internal PHYs
* net: i82596: fix dma_alloc_attr for sni_82596
* net/ibmvnic: Fix EOI when running in XIVE mode.
* net: ipv6: fix listify ip6_rcv_finish in case of forwarding
* net: stmmac: disable/enable ptp_ref_clk in suspend/resume flow
* rxrpc: Fix possible NULL pointer access in ICMP handling
* sched: etf: Fix ordering of packets with same txtime
* sctp: change sctp_prot .no_autobind with true
* net: aquantia: temperature retrieval fix
* net: aquantia: when cleaning hw cache it should be toggled
* net: aquantia: do not pass lro session with invalid tcp checksum
* net: aquantia: correctly handle macvlan and multicast coexistence
* net: phy: micrel: Discern KSZ8051 and KSZ8795 PHYs
* net: phy: micrel: Update KSZ87xx PHY name
* net: avoid errors when trying to pop MLPS header on non-MPLS packets
* net/sched: fix corrupted L2 header with MPLS 'push' and 'pop' actions
* netdevsim: Fix error handling in nsim_fib_init and nsim_fib_exit
* net: ethernet: broadcom: have drivers select DIMLIB as needed
* net: phy: Fix "link partner" information disappear issue
* rxrpc: use rcu protection while reading sk->sk_user_data
* io_uring: fix bad inflight accounting for SETUP_IOPOLL|SETUP_SQTHREAD
* io_uring: Fix corrupted user_data
* USB: legousbtower: fix memleak on disconnect
* ALSA: hda/realtek - Add support for ALC711
* ALSA: hda/realtek - Enable headset mic on Asus MJ401TA
* ALSA: usb-audio: Disable quirks for BOSS Katana amplifiers
* ALSA: hda - Force runtime PM on Nvidia HDMI codecs
* usb: udc: lpc32xx: fix bad bit shift operation
* USB: serial: ti_usb_3410_5052: fix port-close races
* USB: ldusb: fix memleak on disconnect
* USB: usblp: fix use-after-free on disconnect
* USB: ldusb: fix read info leaks
* binder: Don't modify VMA bounds in ->mmap handler
* MIPS: tlbex: Fix build_restore_pagemask KScratch restore
* staging: wlan-ng: fix exit return when sme->key_idx >= NUM_WEPKEYS
* scsi: zfcp: fix reaction on bit error threshold notification
* scsi: sd: Ignore a failure to sync cache due to lack of authorization
* scsi: core: save/restore command resid for error handling
* scsi: core: try to get module before removing device
* scsi: ch: Make it possible to open a ch device multiple times again
* Revert "Input: elantech - enable SMBus on new (2018+) systems"
* Input: da9063 - fix capability and drop KEY_SLEEP
* Input: synaptics-rmi4 - avoid processing unknown IRQs
* Input: st1232 - fix reporting multitouch coordinates
* ASoC: rsnd: Reinitialize bit clock inversion flag for every format setting
* ACPI: CPPC: Set pcc_data[pcc_ss_id] to NULL in acpi_cppc_processor_exit()
* ACPI: NFIT: Fix unlock on error in scrub_show()
* iwlwifi: pcie: change qu with jf devices to use qu configuration
* cfg80211: wext: avoid copying malformed SSIDs
* mac80211: Reject malformed SSID elements
* drm/edid: Add 6 bpc quirk for SDC panel in Lenovo G50
* drm/ttm: Restore ttm prefaulting
* drm/panfrost: Handle resetting on timeout better
* drm/amdgpu: Bail earlier when amdgpu.cik_/si_support is not set to 1
* drm/amdgpu/sdma5: fix mask value of POLL_REGMEM packet for pipe sync
* drm/i915/userptr: Never allow userptr into the mappable GGTT
* drm/i915: Favor last VBT child device with conflicting AUX ch/DDC pin
* drm/amdgpu/vce: fix allocation size in enc ring test
* drm/amdgpu/vcn: fix allocation size in enc ring test
* drm/amdgpu/uvd6: fix allocation size in enc ring test (v2)
* drm/amdgpu/uvd7: fix allocation size in enc ring test (v2)
* drm/amdgpu: user pages array memory leak fix
* drivers/base/memory.c: don't access uninitialized memmaps in soft_offline_page_store()
* fs/proc/page.c: don't access uninitialized memmaps in fs/proc/page.c
* io_uring: Fix broken links with offloading
* io_uring: Fix race for sqes with userspace
* io_uring: used cached copies of sq->dropped and cq->overflow
* mmc: mxs: fix flags passed to dmaengine_prep_slave_sg
* mmc: cqhci: Commit descriptors before setting the doorbell
* mmc: sdhci-omap: Fix Tuning procedure for temperatures < -20C
* mm/memory-failure.c: don't access uninitialized memmaps in memory_failure()
* mm/slub: fix a deadlock in show_slab_objects()
* mm/page_owner: don't access uninitialized memmaps when reading /proc/pagetypeinfo
* mm/memunmap: don't access uninitialized memmap in memunmap_pages()
* mm: memcg/slab: fix panic in __free_slab() caused by premature memcg pointer release
* mm, compaction: fix wrong pfn handling in __reset_isolation_pfn()
* mm: memcg: get number of pages on the LRU list in memcgroup base on lru_zone_size
* mm: memblock: do not enforce current limit for memblock_phys* family
* hugetlbfs: don't access uninitialized memmaps in pfn_range_valid_gigantic()
* mm/memory-failure: poison read receives SIGKILL instead of SIGBUS if mmaped more than once
* zram: fix race between backing_dev_show and backing_dev_store
* xtensa: drop EXPORT_SYMBOL for outs*/ins*
* xtensa: fix change_bit in exclusive access option
* s390/zcrypt: fix memleak at release
* s390/kaslr: add support for R_390_GLOB_DAT relocation type
* lib/vdso: Make clock_getres() POSIX compliant again
* parisc: Fix vmap memory leak in ioremap()/iounmap()
* EDAC/ghes: Fix Use after free in ghes_edac remove path
* arm64: KVM: Trap VM ops when ARM64_WORKAROUND_CAVIUM_TX2_219_TVM is set
* arm64: Avoid Cavium TX2 erratum 219 when switching TTBR
* arm64: Enable workaround for Cavium TX2 erratum 219 when running SMT
* arm64: Allow CAVIUM_TX2_ERRATUM_219 to be selected
* CIFS: avoid using MID 0xFFFF
* cifs: Fix missed free operations
* CIFS: Fix use after free of file info structures
* perf/aux: Fix AUX output stopping
* tracing: Fix race in perf_trace_buf initialization
* fs/dax: Fix pmd vs pte conflict detection
* dm cache: fix bugs when a GFP_NOWAIT allocation fails
* irqchip/sifive-plic: Switch to fasteoi flow
* x86/boot/64: Make level2_kernel_pgt pages invalid outside kernel area
* x86/apic/x2apic: Fix a NULL pointer deref when handling a dying cpu
* x86/hyperv: Make vapic support x2apic mode
* pinctrl: cherryview: restore Strago DMI workaround for all versions
* pinctrl: armada-37xx: fix control of pins 32 and up
* pinctrl: armada-37xx: swap polarity on LED group
* btrfs: block-group: Fix a memory leak due to missing btrfs_put_block_group()
* Btrfs: add missing extents release on file extent cluster relocation error
* btrfs: don't needlessly create extent-refs kernel thread
* Btrfs: fix qgroup double free after failure to reserve metadata for delalloc
* Btrfs: check for the full sync flag while holding the inode lock during fsync
* btrfs: tracepoints: Fix wrong parameter order for qgroup events
* btrfs: tracepoints: Fix bad entry members of qgroup events
* KVM: PPC: Book3S HV: XIVE: Ensure VP isn't already in use
* memstick: jmb38x_ms: Fix an error handling path in 'jmb38x_ms_probe()'
* cpufreq: Avoid cpufreq_suspend() deadlock on system shutdown
* ceph: just skip unrecognized info in ceph_reply_info_extra
* xen/netback: fix error path of xenvif_connect_data()
* PCI: PM: Fix pci_power_up()
* opp: of: drop incorrect lockdep_assert_held()
* of: reserved_mem: add missing of_node_put() for proper ref-counting
* blk-rq-qos: fix first node deletion of rq_qos_del()
* RDMA/cxgb4: Do not dma memory off of the stack
* Linux 5.3.8
* UBUNTU: upstream stable to v5.3.8

       v5.3.8 upstream stable release
       from git://git.kernel.org/

CVE References

Connor Kuehl (connork) on 2019-10-29
Changed in linux (Ubuntu):
status: New → Confirmed
tags: added: kernel-stable-tracking-bug
Changed in linux (Ubuntu):
status: Confirmed → Invalid
Changed in linux (Ubuntu Eoan):
status: New → In Progress
importance: Undecided → Medium
assignee: nobody → Connor Kuehl (connork)
Connor Kuehl (connork) wrote :

The following patches were skipped since they have already been applied:

* r8152: Set macpassthru in reset_resume callback
* LSM: SafeSetID: Stop releasing uninitialized ruleset

Connor Kuehl (connork) on 2019-10-29
description: updated
Changed in linux (Ubuntu Eoan):
status: In Progress → Fix Committed
Stefan Bader (smb) wrote :

Dropped before 2019.11.11 cycle start: "md/raid0: fix warning message for parameter default_layout". The patch this fixes was reverted until user-space can handle the situation (bug #1849682).

Launchpad Janitor (janitor) wrote :
Download full text (33.2 KiB)

This bug was fixed in the package linux - 5.3.0-24.26

linux (5.3.0-24.26) eoan; urgency=medium

  * eoan/linux: 5.3.0-24.26 -proposed tracker (LP: #1852232)

  * Eoan update: 5.3.9 upstream stable release (LP: #1851550)
    - io_uring: fix up O_NONBLOCK handling for sockets
    - dm snapshot: introduce account_start_copy() and account_end_copy()
    - dm snapshot: rework COW throttling to fix deadlock
    - Btrfs: fix inode cache block reserve leak on failure to allocate data space
    - btrfs: qgroup: Always free PREALLOC META reserve in
    - iio: adc: meson_saradc: Fix memory allocation order
    - iio: fix center temperature of bmc150-accel-core
    - libsubcmd: Make _FORTIFY_SOURCE defines dependent on the feature
    - perf tests: Avoid raising SEGV using an obvious NULL dereference
    - perf map: Fix overlapped map handling
    - perf script brstackinsn: Fix recovery from LBR/binary mismatch
    - perf jevents: Fix period for Intel fixed counters
    - perf tools: Propagate get_cpuid() error
    - perf annotate: Propagate perf_env__arch() error
    - perf annotate: Fix the signedness of failure returns
    - perf annotate: Propagate the symbol__annotate() error return
    - perf annotate: Fix arch specific ->init() failure errors
    - perf annotate: Return appropriate error code for allocation failures
    - perf annotate: Don't return -1 for error when doing BPF disassembly
    - staging: rtl8188eu: fix null dereference when kzalloc fails
    - RDMA/siw: Fix serialization issue in write_space()
    - RDMA/hfi1: Prevent memory leak in sdma_init
    - RDMA/iw_cxgb4: fix SRQ access from dump_qp()
    - RDMA/iwcm: Fix a lock inversion issue
    - HID: hyperv: Use in-place iterator API in the channel callback
    - kselftest: exclude failed TARGETS from runlist
    - selftests/kselftest/runner.sh: Add 45 second timeout per test
    - nfs: Fix nfsi->nrequests count error on nfs_inode_remove_request
    - arm64: cpufeature: Effectively expose FRINT capability to userspace
    - arm64: Fix incorrect irqflag restore for priority masking for compat
    - arm64: ftrace: Ensure synchronisation in PLT setup for Neoverse-N1 #1542419
    - tty: serial: owl: Fix the link time qualifier of 'owl_uart_exit()'
    - tty: serial: rda: Fix the link time qualifier of 'rda_uart_exit()'
    - serial/sifive: select SERIAL_EARLYCON
    - tty: n_hdlc: fix build on SPARC
    - misc: fastrpc: prevent memory leak in fastrpc_dma_buf_attach
    - RDMA/core: Fix an error handling path in 'res_get_common_doit()'
    - RDMA/cm: Fix memory leak in cm_add/remove_one
    - RDMA/nldev: Reshuffle the code to avoid need to rebind QP in error path
    - RDMA/mlx5: Do not allow rereg of a ODP MR
    - RDMA/mlx5: Order num_pending_prefetch properly with synchronize_srcu
    - RDMA/mlx5: Add missing synchronize_srcu() for MW cases
    - gpio: max77620: Use correct unit for debounce times
    - fs: cifs: mute -Wunused-const-variable message
    - arm64: vdso32: Fix broken compat vDSO build warnings
    - arm64: vdso32: Detect binutils support for dmb ishld
    - serial: mctrl_gpio: Check for NULL pointer
    - serial: 8250_...

Changed in linux (Ubuntu Eoan):
status: Fix Committed → Fix Released
Changed in linux (Ubuntu):
status: Invalid → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers