Bionic update: upstream stable patchset 2020-03-09

Bug #1866678 reported by Kamal Mostafa on 2020-03-09
10
This bug affects 1 person
Affects Status Importance Assigned to Milestone
linux (Ubuntu)
Undecided
Unassigned
Bionic
Undecided
Kamal Mostafa

Bug Description

SRU Justification

    Impact:
       The upstream process for stable tree updates is quite similar
       in scope to the Ubuntu SRU process, e.g., each patch has to
       demonstrably fix a bug, and each patch is vetted by upstream
       by originating either directly from a mainline/stable Linux tree or
       a minimally backported form of that patch. The following upstream
       stable patches should be included in the Ubuntu kernel:

       upstream stable patchset 2020-03-09

                Ported from the following upstream stable releases:
                        v4.14.171, v4.19.103

       from git://git.kernel.org/

kernel/module: Fix memleak in module_add_modinfo_attrs()
media: iguanair: fix endpoint sanity check
x86/cpu: Update cached HLE state on write to TSX_CTRL_CPUID_CLEAR
iwlwifi: mvm: fix NVM check for 3168 devices
sparc32: fix struct ipc64_perm type definition
cls_rsvp: fix rsvp_policy
gtp: use __GFP_NOWARN to avoid memalloc warning
l2tp: Allow duplicate session creation with UDP
net: hsr: fix possible NULL deref in hsr_handle_frame()
net_sched: fix an OOB access in cls_tcindex
bnxt_en: Fix TC queue mapping.
tcp: clear tp->total_retrans in tcp_disconnect()
tcp: clear tp->delivered in tcp_disconnect()
tcp: clear tp->data_segs{in|out} in tcp_disconnect()
tcp: clear tp->segs_{in|out} in tcp_disconnect()
rxrpc: Fix insufficient receive notification generation
rxrpc: Fix NULL pointer deref due to call->conn being cleared on disconnect
media: uvcvideo: Avoid cyclic entity chains due to malformed USB descriptors
mfd: dln2: More sanity checking for endpoints
tracing: Fix sched switch start/stop refcount racy updates
brcmfmac: Fix memory leak in brcmf_usbdev_qinit
usb: gadget: legacy: set max_speed to super-speed
usb: gadget: f_ncm: Use atomic_t to track in-flight request
usb: gadget: f_ecm: Use atomic_t to track in-flight request
ALSA: dummy: Fix PCM format loop in proc output
media/v4l2-core: set pages dirty upon releasing DMA buffers
media: v4l2-rect.h: fix v4l2_rect_map_inside() top/left adjustments
lib/test_kasan.c: fix memory leak in kmalloc_oob_krealloc_more()
irqdomain: Fix a memory leak in irq_domain_push_irq()
platform/x86: intel_scu_ipc: Fix interrupt support
KVM: arm64: Only sign-extend MMIO up to register width
MIPS: fix indentation of the 'RELOCS' message
s390/mm: fix dynamic pagetable upgrade for hugetlbfs
powerpc/xmon: don't access ASDR in VMs
powerpc/pseries: Advance pfn if section is not present in lmb_is_removable()
mmc: spi: Toggle SPI polarity, do not hardcode it
ACPI: video: Do not export a non working backlight interface on MSI MS-7721 boards
alarmtimer: Unregister wakeup source when module get fails
ubifs: Reject unsupported ioctl flags explicitly
ubifs: Fix FS_IOC_SETFLAGS unexpectedly clearing encrypt flag
ubifs: Fix deadlock in concurrent bulk-read and writepage
PCI: keystone: Fix link training retries initiation
mmc: sdhci-of-at91: fix memleak on clk_get failure
ubifs: don't trigger assertion on invalid no-key filename
hv_balloon: Balloon up according to request page number
crypto: api - Check spawn->alg under lock in crypto_drop_spawn
scsi: qla2xxx: Fix mtcp dump collection failure
power: supply: ltc2941-battery-gauge: fix use-after-free
f2fs: choose hardlimit when softlimit is larger than hardlimit in f2fs_statfs_project()
f2fs: fix miscounted block limit in f2fs_statfs_project()
f2fs: code cleanup for f2fs_statfs_project()
PM: core: Fix handling of devices deleted during system-wide resume
UBUNTU: [Config] updateconfigs for CONFIG_OF_DMA_DEFAULT_COHERENT
of: Add OF_DMA_DEFAULT_COHERENT & select it on powerpc
dm zoned: support zone sizes smaller than 128MiB
dm space map common: fix to ensure new block isn't already in use
dm crypt: fix benbi IV constructor crash if used in authenticated mode
tracing: Annotate ftrace_graph_hash pointer with __rcu
tracing: Annotate ftrace_graph_notrace_hash pointer with __rcu
ftrace: Add comment to why rcu_dereference_sched() is open coded
ftrace: Protect ftrace_graph_hash with ftrace_sync
samples/bpf: Don't try to remove user's homedir on clean
crypto: ccp - set max RSA modulus size for v3 platform devices as well
crypto: pcrypt - Do not clear MAY_SLEEP flag in original request
crypto: atmel-aes - Fix counter overflow in CTR mode
crypto: api - Fix race condition in crypto_spawn_alg
crypto: picoxcell - adjust the position of tasklet_init and fix missed tasklet_kill
scsi: qla2xxx: Fix unbound NVME response length
NFS: Fix memory leaks and corruption in readdir
NFS: Directory page cache pages need to be locked when read
btrfs: set trans->drity in btrfs_commit_transaction
ARM: tegra: Enable PLLP bypass during Tegra124 LP1
iwlwifi: don't throw error when trying to remove IGTK
mwifiex: fix unbalanced locking in mwifiex_process_country_ie()
sunrpc: expiry_time should be seconds not timeval
tools/kvm_stat: Fix kvm_exit filter name
xen/balloon: Support xend-based toolstack take two
KVM: x86: Refactor picdev_write() to prevent Spectre-v1/L1TF attacks
KVM: x86: Refactor prefix decoding to prevent Spectre-v1/L1TF attacks
KVM: x86: Protect DR-based index computations from Spectre-v1/L1TF attacks
KVM: x86: Protect kvm_lapic_reg_write() from Spectre-v1/L1TF attacks
KVM: x86: Protect kvm_hv_msr_[get|set]_crash_data() from Spectre-v1/L1TF attacks
KVM: x86: Protect ioapic_write_indirect() from Spectre-v1/L1TF attacks
KVM: x86: Protect MSR-based index computations in pmu.h from Spectre-v1/L1TF attacks
KVM: x86: Protect ioapic_read_indirect() from Spectre-v1/L1TF attacks
KVM: x86: Protect MSR-based index computations from Spectre-v1/L1TF attacks in x86.c
KVM: x86: Protect x86_decode_insn from Spectre-v1/L1TF attacks
KVM: x86: Protect MSR-based index computations in fixed_msr_to_seg_unit() from Spectre-v1/L1TF attacks
KVM: PPC: Book3S HV: Uninit vCPU if vcore creation fails
KVM: PPC: Book3S PR: Free shared page if mmu initialization fails
KVM: x86: Free wbinvd_dirty_mask if vCPU creation fails
clk: tegra: Mark fuse clock as critical
scsi: qla2xxx: Fix the endianness of the qla82xx_get_fw_size() return type
scsi: csiostor: Adjust indentation in csio_device_reset
scsi: qla4xxx: Adjust indentation in qla4xxx_mem_free
scsi: ufs: Recheck bkops level if bkops is disabled
phy: qualcomm: Adjust indentation in read_poll_timeout
ext2: Adjust indentation in ext2_fill_super
powerpc/44x: Adjust indentation in ibm4xx_denali_fixup_memsize
NFC: pn544: Adjust indentation in pn544_hci_check_presence
ppp: Adjust indentation into ppp_async_input
net: smc911x: Adjust indentation in smc911x_phy_configure
net: tulip: Adjust indentation in {dmfe, uli526x}_init_module
IB/mlx5: Fix outstanding_pi index for GSI qps
IB/core: Fix ODP get user pages flow
nfsd: fix delay timer on 32-bit architectures
nfsd: fix jiffies/time_t mixup in LRU list
ubi: fastmap: Fix inverted logic in seen selfcheck
ubi: Fix an error pointer dereference in error handling code
mfd: da9062: Fix watchdog compatible string
mfd: rn5t618: Mark ADC control register volatile
net: dsa: bcm_sf2: Only 7278 supports 2Gb/sec IMP port
net_sched: fix a resource leak in tcindex_set_parms()
net: systemport: Avoid RBUF stuck in Wake-on-LAN mode
net: macb: Remove unnecessary alignment check for TSO
net: macb: Limit maximum GEM TX length in TSO
bonding/alb: properly access headers in bond_alb_xmit()
ext4: fix deadlock allocating crypto bounce page from mempool
btrfs: Get rid of the confusing btrfs_file_extent_inline_len
Btrfs: fix missing hole after hole punching and fsync when using NO_HOLES
btrfs: use bool argument in free_root_pointers()
btrfs: free block groups after free'ing fs trees
btrfs: remove trivial locking wrappers of tree mod log
Btrfs: fix race between adding and putting tree mod seq elements and nodes
drm: atmel-hlcdc: enable clock before configuring timing engine
KVM: x86: Protect pmu_intel.c from Spectre-v1/L1TF attacks
btrfs: flush write bio if we loop in extent_write_cache_pages
KVM: x86: Fix potential put_fpu() w/o load_fpu() on MPX platform
KVM: x86/mmu: Apply max PA check for MMIO sptes to 32-bit KVM
KVM: nVMX: vmread should not set rflags to specify success in case of #PF
KVM: Use vcpu-specific gva->hva translation when querying host page size
KVM: Play nice with read-only memslots when querying host page size
KVM: s390: do not clobber registers during guest reset/store status
cifs: fail i/o on soft mounts if sessionsetup errors out
clocksource: Prevent double add_timer_on() for watchdog_timer
perf/core: Fix mlock accounting in perf_mmap()
rxrpc: Fix service call disconnection
ASoC: pcm: update FE/BE trigger order based on the command
hv_sock: Remove the accept port restriction
RDMA/netlink: Do not always generate an ACK for some netlink operations
scsi: ufs: Fix ufshcd_probe_hba() reture value in case ufshcd_scsi_add_wlus() fails
PCI/switchtec: Fix vep_vector_number ioread width
PCI: Don't disable bridge BARs when assigning bus resources
nfs: NFS_SWAP should depend on SWAP
NFS/pnfs: Fix pnfs_generic_prepare_to_resend_writes()
NFSv4: try lease recovery on NFS4ERR_EXPIRED
serial: uartps: Add a timeout to the tx empty wait
rtc: hym8563: Return -EINVAL if the time is known to be invalid
rtc: cmos: Stop using shared IRQ
ARC: [plat-axs10x]: Add missing multicast filter number to GMAC node
platform/x86: intel_mid_powerbtn: Take a copy of ddata
ARM: dts: at91: sama5d3: fix maximum peripheral clock rates
ARM: dts: at91: sama5d3: define clock rate range for tcb1
tools/power/acpi: fix compilation error
powerpc/pseries/vio: Fix iommu_table use-after-free refcount warning
powerpc/pseries: Allow not having ibm, hypertas-functions::hcall-multi-tce for DDW
KVM: arm/arm64: vgic-its: Fix restoration of unmapped collections
ARM: 8949/1: mm: mark free_memmap as __init
arm64: cpufeature: Fix the type of no FP/SIMD capability
KVM: arm/arm64: Fix young bit from mmu notifier
crypto: artpec6 - return correct error code for failed setkey()
crypto: atmel-sha - fix error handling when setting hmac key
media: i2c: adv748x: Fix unsafe macros
pinctrl: sh-pfc: r8a7778: Fix duplicate SDSELF_B and SD1_CLK_B
scsi: megaraid_sas: Do not initiate OCR if controller is not in ready state
dm: fix potential for q->make_request_fn NULL pointer
serial: uartps: Move the spinlock after the read of the tx empty
mwifiex: Fix possible buffer overflows in mwifiex_ret_wmm_get_status()
mwifiex: Fix possible buffer overflows in mwifiex_cmd_append_vsie_tlv()
libertas: don't exit from lbs_ibss_join_existing() with RCU read lock held
libertas: make lbs_ibss_join_existing() return error code on rates overflow
udf: Allow writing to 'Rewritable' partitions
printk: fix exclusive_console replaying
usb: typec: tcpci: mask event interrupts when remove driver
ALSA: hda: Add Clevo W65_67SB the power_save blacklist
KVM: arm/arm64: Correct AArch32 SPSR on exception entry
crypto: geode-aes - convert to skcipher API and make thread-safe
mfd: axp20x: Mark AXP20X_VBUS_IPSOUT_MGMT as volatile
scripts/find-unused-docs: Fix massive false positives
padata: Remove broken queue flushing
jbd2_seq_info_next should increase position index
watchdog: fix UAF in reboot notifier handling in watchdog core code
bcache: add readahead cache policy options via sysfs interface
eventfd: track eventfd_signal() recursion depth
x86/kvm: Be careful not to clear KVM_VCPU_FLUSH_TLB bit
drm/amd/dm/mst: Ignore payload update failures
percpu: Separate decrypted varaibles anytime encryption can be enabled
drm: msm: mdp4: Adjust indentation in mdp4_dsi_encoder_enable
net: dsa: b53: Always use dev->vlan_enabled in b53_configure_vlan()
drm/dp_mst: Remove VCPI while disabling topology mgr
KVM: x86: Use gpa_t for cr2/gpa to fix TDP support on 32-bit KVM
x86/apic/msi: Plug non-maskable MSI affinity race
UBUNTU: upstream stable to v4.14.171, v4.19.103

CVE References

Changed in linux (Ubuntu):
status: New → Confirmed
tags: added: kernel-stable-tracking-bug
Changed in linux (Ubuntu Bionic):
status: New → In Progress
assignee: nobody → Kamal Mostafa (kamalmostafa)
description: updated
Changed in linux (Ubuntu Bionic):
status: In Progress → Fix Committed
Launchpad Janitor (janitor) wrote :
Download full text (27.7 KiB)

This bug was fixed in the package linux - 4.15.0-96.97

---------------
linux (4.15.0-96.97) bionic; urgency=medium

  * CVE-2020-8834
    - KVM: PPC: Book3S HV: Factor fake-suspend handling out of
      kvmppc_save/restore_tm
    - KVM: PPC: Book3S PR: Move kvmppc_save_tm/kvmppc_restore_tm to separate file
    - KVM: PPC: Book3S PR: Add guest MSR parameter for
      kvmppc_save_tm()/kvmppc_restore_tm()

linux (4.15.0-94.95) bionic; urgency=medium

  * bionic/linux: 4.15.0-94.95 -proposed tracker (LP: #1868984)

  * Missing wireless network interface after kernel 5.3.0-43 upgrade with eoan
    (LP: #1868442)
    - iwlwifi: mvm: Do not require PHY_SKU NVM section for 3168 devices

linux (4.15.0-93.94) bionic; urgency=medium

  * bionic/linux: 4.15.0-93.94 -proposed tracker (LP: #1868764)

  * quotactl04 from ubuntu_ltp_syscalls failed with B (LP: #1868665)
    - ext4: fix mount failure with quota configured as module

linux (4.15.0-92.93) bionic; urgency=medium

  * bionic/linux: 4.15.0-92.93 -proposed tracker (LP: #1867272)

  * Packaging resync (LP: #1786013)
    - [Packaging] resync getabis
    - [Packaging] update helper scripts

  * Introduce the new NVIDIA 440 series, and add 5.4 Linux compatibility to the
    340 and 390 series (LP: #1854485)
    - [Packaging] NVIDIA -- add support for the 435 and the 440 series

  * Stop using get_scalar_status command in Dell AIO uart backlight driver
    (LP: #1865402)
    - SAUCE: platform/x86: dell-uart-backlight: add get_display_mode command

  * Bionic update: upstream stable patchset 2020-03-12 (LP: #1867194)
    - RDMA/core: Fix locking in ib_uverbs_event_read
    - gpio: zynq: Report gpio direction at boot
    - arm64: ptrace: nofpsimd: Fail FP/SIMD regset operations
    - KVM: arm: Fix DFSR setting for non-LPAE aarch32 guests
    - KVM: arm: Make inject_abt32() inject an external abort instead
    - mtd: onenand_base: Adjust indentation in onenand_read_ops_nolock
    - mtd: sharpslpart: Fix unsigned comparison to zero
    - padata: fix null pointer deref of pd->pinst
    - Input: synaptics - switch T470s to RMI4 by default
    - Input: synaptics - enable SMBus on ThinkPad L470
    - Input: synaptics - remove the LEN0049 dmi id from topbuttonpad list
    - ALSA: hda/realtek - Fix silent output on MSI-GL73
    - ALSA: usb-audio: Apply sample rate quirk for Audioengine D1
    - arm64: cpufeature: Set the FP/SIMD compat HWCAP bits properly
    - ALSA: usb-audio: sound: usb: usb true/false for bool return type
    - ext4: don't assume that mmp_nodename/bdevname have NUL
    - ext4: fix support for inode sizes > 1024 bytes
    - ext4: fix checksum errors with indexed dirs
    - ext4: add cond_resched() to ext4_protect_reserved_inode
    - ext4: improve explanation of a mount failure caused by a misconfigured
      kernel
    - Btrfs: fix race between using extent maps and merging them
    - btrfs: ref-verify: fix memory leaks
    - btrfs: print message when tree-log replay starts
    - btrfs: log message when rw remount is attempted with unclean tree-log
    - arm64: ssbs: Fix context-switch when SSBS is present on all CPUs
    - perf/x86/amd: Add missing L2 misses event spec to AMD Family 17h's ev...

Changed in linux (Ubuntu Bionic):
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers