Bionic update: upstream stable patchset 2020-03-09

Bug #1866678 reported by Kamal Mostafa on 2020-03-09
This bug affects 1 person
Affects Status Importance Assigned to Milestone
linux (Ubuntu)
Kamal Mostafa

Bug Description

SRU Justification

       The upstream process for stable tree updates is quite similar
       in scope to the Ubuntu SRU process, e.g., each patch has to
       demonstrably fix a bug, and each patch is vetted by upstream
       by originating either directly from a mainline/stable Linux tree or
       a minimally backported form of that patch. The following upstream
       stable patches should be included in the Ubuntu kernel:

       upstream stable patchset 2020-03-09

                Ported from the following upstream stable releases:
                        v4.14.171, v4.19.103

       from git://

kernel/module: Fix memleak in module_add_modinfo_attrs()
media: iguanair: fix endpoint sanity check
x86/cpu: Update cached HLE state on write to TSX_CTRL_CPUID_CLEAR
iwlwifi: mvm: fix NVM check for 3168 devices
sparc32: fix struct ipc64_perm type definition
cls_rsvp: fix rsvp_policy
gtp: use __GFP_NOWARN to avoid memalloc warning
l2tp: Allow duplicate session creation with UDP
net: hsr: fix possible NULL deref in hsr_handle_frame()
net_sched: fix an OOB access in cls_tcindex
bnxt_en: Fix TC queue mapping.
tcp: clear tp->total_retrans in tcp_disconnect()
tcp: clear tp->delivered in tcp_disconnect()
tcp: clear tp->data_segs{in|out} in tcp_disconnect()
tcp: clear tp->segs_{in|out} in tcp_disconnect()
rxrpc: Fix insufficient receive notification generation
rxrpc: Fix NULL pointer deref due to call->conn being cleared on disconnect
media: uvcvideo: Avoid cyclic entity chains due to malformed USB descriptors
mfd: dln2: More sanity checking for endpoints
tracing: Fix sched switch start/stop refcount racy updates
brcmfmac: Fix memory leak in brcmf_usbdev_qinit
usb: gadget: legacy: set max_speed to super-speed
usb: gadget: f_ncm: Use atomic_t to track in-flight request
usb: gadget: f_ecm: Use atomic_t to track in-flight request
ALSA: dummy: Fix PCM format loop in proc output
media/v4l2-core: set pages dirty upon releasing DMA buffers
media: v4l2-rect.h: fix v4l2_rect_map_inside() top/left adjustments
lib/test_kasan.c: fix memory leak in kmalloc_oob_krealloc_more()
irqdomain: Fix a memory leak in irq_domain_push_irq()
platform/x86: intel_scu_ipc: Fix interrupt support
KVM: arm64: Only sign-extend MMIO up to register width
MIPS: fix indentation of the 'RELOCS' message
s390/mm: fix dynamic pagetable upgrade for hugetlbfs
powerpc/xmon: don't access ASDR in VMs
powerpc/pseries: Advance pfn if section is not present in lmb_is_removable()
mmc: spi: Toggle SPI polarity, do not hardcode it
ACPI: video: Do not export a non working backlight interface on MSI MS-7721 boards
alarmtimer: Unregister wakeup source when module get fails
ubifs: Reject unsupported ioctl flags explicitly
ubifs: Fix FS_IOC_SETFLAGS unexpectedly clearing encrypt flag
ubifs: Fix deadlock in concurrent bulk-read and writepage
PCI: keystone: Fix link training retries initiation
mmc: sdhci-of-at91: fix memleak on clk_get failure
ubifs: don't trigger assertion on invalid no-key filename
hv_balloon: Balloon up according to request page number
crypto: api - Check spawn->alg under lock in crypto_drop_spawn
scsi: qla2xxx: Fix mtcp dump collection failure
power: supply: ltc2941-battery-gauge: fix use-after-free
f2fs: choose hardlimit when softlimit is larger than hardlimit in f2fs_statfs_project()
f2fs: fix miscounted block limit in f2fs_statfs_project()
f2fs: code cleanup for f2fs_statfs_project()
PM: core: Fix handling of devices deleted during system-wide resume
of: Add OF_DMA_DEFAULT_COHERENT & select it on powerpc
dm zoned: support zone sizes smaller than 128MiB
dm space map common: fix to ensure new block isn't already in use
dm crypt: fix benbi IV constructor crash if used in authenticated mode
tracing: Annotate ftrace_graph_hash pointer with __rcu
tracing: Annotate ftrace_graph_notrace_hash pointer with __rcu
ftrace: Add comment to why rcu_dereference_sched() is open coded
ftrace: Protect ftrace_graph_hash with ftrace_sync
samples/bpf: Don't try to remove user's homedir on clean
crypto: ccp - set max RSA modulus size for v3 platform devices as well
crypto: pcrypt - Do not clear MAY_SLEEP flag in original request
crypto: atmel-aes - Fix counter overflow in CTR mode
crypto: api - Fix race condition in crypto_spawn_alg
crypto: picoxcell - adjust the position of tasklet_init and fix missed tasklet_kill
scsi: qla2xxx: Fix unbound NVME response length
NFS: Fix memory leaks and corruption in readdir
NFS: Directory page cache pages need to be locked when read
btrfs: set trans->drity in btrfs_commit_transaction
ARM: tegra: Enable PLLP bypass during Tegra124 LP1
iwlwifi: don't throw error when trying to remove IGTK
mwifiex: fix unbalanced locking in mwifiex_process_country_ie()
sunrpc: expiry_time should be seconds not timeval
tools/kvm_stat: Fix kvm_exit filter name
xen/balloon: Support xend-based toolstack take two
KVM: x86: Refactor picdev_write() to prevent Spectre-v1/L1TF attacks
KVM: x86: Refactor prefix decoding to prevent Spectre-v1/L1TF attacks
KVM: x86: Protect DR-based index computations from Spectre-v1/L1TF attacks
KVM: x86: Protect kvm_lapic_reg_write() from Spectre-v1/L1TF attacks
KVM: x86: Protect kvm_hv_msr_[get|set]_crash_data() from Spectre-v1/L1TF attacks
KVM: x86: Protect ioapic_write_indirect() from Spectre-v1/L1TF attacks
KVM: x86: Protect MSR-based index computations in pmu.h from Spectre-v1/L1TF attacks
KVM: x86: Protect ioapic_read_indirect() from Spectre-v1/L1TF attacks
KVM: x86: Protect MSR-based index computations from Spectre-v1/L1TF attacks in x86.c
KVM: x86: Protect x86_decode_insn from Spectre-v1/L1TF attacks
KVM: x86: Protect MSR-based index computations in fixed_msr_to_seg_unit() from Spectre-v1/L1TF attacks
KVM: PPC: Book3S HV: Uninit vCPU if vcore creation fails
KVM: PPC: Book3S PR: Free shared page if mmu initialization fails
KVM: x86: Free wbinvd_dirty_mask if vCPU creation fails
clk: tegra: Mark fuse clock as critical
scsi: qla2xxx: Fix the endianness of the qla82xx_get_fw_size() return type
scsi: csiostor: Adjust indentation in csio_device_reset
scsi: qla4xxx: Adjust indentation in qla4xxx_mem_free
scsi: ufs: Recheck bkops level if bkops is disabled
phy: qualcomm: Adjust indentation in read_poll_timeout
ext2: Adjust indentation in ext2_fill_super
powerpc/44x: Adjust indentation in ibm4xx_denali_fixup_memsize
NFC: pn544: Adjust indentation in pn544_hci_check_presence
ppp: Adjust indentation into ppp_async_input
net: smc911x: Adjust indentation in smc911x_phy_configure
net: tulip: Adjust indentation in {dmfe, uli526x}_init_module
IB/mlx5: Fix outstanding_pi index for GSI qps
IB/core: Fix ODP get user pages flow
nfsd: fix delay timer on 32-bit architectures
nfsd: fix jiffies/time_t mixup in LRU list
ubi: fastmap: Fix inverted logic in seen selfcheck
ubi: Fix an error pointer dereference in error handling code
mfd: da9062: Fix watchdog compatible string
mfd: rn5t618: Mark ADC control register volatile
net: dsa: bcm_sf2: Only 7278 supports 2Gb/sec IMP port
net_sched: fix a resource leak in tcindex_set_parms()
net: systemport: Avoid RBUF stuck in Wake-on-LAN mode
net: macb: Remove unnecessary alignment check for TSO
net: macb: Limit maximum GEM TX length in TSO
bonding/alb: properly access headers in bond_alb_xmit()
ext4: fix deadlock allocating crypto bounce page from mempool
btrfs: Get rid of the confusing btrfs_file_extent_inline_len
Btrfs: fix missing hole after hole punching and fsync when using NO_HOLES
btrfs: use bool argument in free_root_pointers()
btrfs: free block groups after free'ing fs trees
btrfs: remove trivial locking wrappers of tree mod log
Btrfs: fix race between adding and putting tree mod seq elements and nodes
drm: atmel-hlcdc: enable clock before configuring timing engine
KVM: x86: Protect pmu_intel.c from Spectre-v1/L1TF attacks
btrfs: flush write bio if we loop in extent_write_cache_pages
KVM: x86: Fix potential put_fpu() w/o load_fpu() on MPX platform
KVM: x86/mmu: Apply max PA check for MMIO sptes to 32-bit KVM
KVM: nVMX: vmread should not set rflags to specify success in case of #PF
KVM: Use vcpu-specific gva->hva translation when querying host page size
KVM: Play nice with read-only memslots when querying host page size
KVM: s390: do not clobber registers during guest reset/store status
cifs: fail i/o on soft mounts if sessionsetup errors out
clocksource: Prevent double add_timer_on() for watchdog_timer
perf/core: Fix mlock accounting in perf_mmap()
rxrpc: Fix service call disconnection
ASoC: pcm: update FE/BE trigger order based on the command
hv_sock: Remove the accept port restriction
RDMA/netlink: Do not always generate an ACK for some netlink operations
scsi: ufs: Fix ufshcd_probe_hba() reture value in case ufshcd_scsi_add_wlus() fails
PCI/switchtec: Fix vep_vector_number ioread width
PCI: Don't disable bridge BARs when assigning bus resources
nfs: NFS_SWAP should depend on SWAP
NFS/pnfs: Fix pnfs_generic_prepare_to_resend_writes()
NFSv4: try lease recovery on NFS4ERR_EXPIRED
serial: uartps: Add a timeout to the tx empty wait
rtc: hym8563: Return -EINVAL if the time is known to be invalid
rtc: cmos: Stop using shared IRQ
ARC: [plat-axs10x]: Add missing multicast filter number to GMAC node
platform/x86: intel_mid_powerbtn: Take a copy of ddata
ARM: dts: at91: sama5d3: fix maximum peripheral clock rates
ARM: dts: at91: sama5d3: define clock rate range for tcb1
tools/power/acpi: fix compilation error
powerpc/pseries/vio: Fix iommu_table use-after-free refcount warning
powerpc/pseries: Allow not having ibm, hypertas-functions::hcall-multi-tce for DDW
KVM: arm/arm64: vgic-its: Fix restoration of unmapped collections
ARM: 8949/1: mm: mark free_memmap as __init
arm64: cpufeature: Fix the type of no FP/SIMD capability
KVM: arm/arm64: Fix young bit from mmu notifier
crypto: artpec6 - return correct error code for failed setkey()
crypto: atmel-sha - fix error handling when setting hmac key
media: i2c: adv748x: Fix unsafe macros
pinctrl: sh-pfc: r8a7778: Fix duplicate SDSELF_B and SD1_CLK_B
scsi: megaraid_sas: Do not initiate OCR if controller is not in ready state
dm: fix potential for q->make_request_fn NULL pointer
serial: uartps: Move the spinlock after the read of the tx empty
mwifiex: Fix possible buffer overflows in mwifiex_ret_wmm_get_status()
mwifiex: Fix possible buffer overflows in mwifiex_cmd_append_vsie_tlv()
libertas: don't exit from lbs_ibss_join_existing() with RCU read lock held
libertas: make lbs_ibss_join_existing() return error code on rates overflow
udf: Allow writing to 'Rewritable' partitions
printk: fix exclusive_console replaying
usb: typec: tcpci: mask event interrupts when remove driver
ALSA: hda: Add Clevo W65_67SB the power_save blacklist
KVM: arm/arm64: Correct AArch32 SPSR on exception entry
crypto: geode-aes - convert to skcipher API and make thread-safe
mfd: axp20x: Mark AXP20X_VBUS_IPSOUT_MGMT as volatile
scripts/find-unused-docs: Fix massive false positives
padata: Remove broken queue flushing
jbd2_seq_info_next should increase position index
watchdog: fix UAF in reboot notifier handling in watchdog core code
bcache: add readahead cache policy options via sysfs interface
eventfd: track eventfd_signal() recursion depth
x86/kvm: Be careful not to clear KVM_VCPU_FLUSH_TLB bit
drm/amd/dm/mst: Ignore payload update failures
percpu: Separate decrypted varaibles anytime encryption can be enabled
drm: msm: mdp4: Adjust indentation in mdp4_dsi_encoder_enable
net: dsa: b53: Always use dev->vlan_enabled in b53_configure_vlan()
drm/dp_mst: Remove VCPI while disabling topology mgr
KVM: x86: Use gpa_t for cr2/gpa to fix TDP support on 32-bit KVM
x86/apic/msi: Plug non-maskable MSI affinity race
UBUNTU: upstream stable to v4.14.171, v4.19.103

CVE References

Changed in linux (Ubuntu):
status: New → Confirmed
tags: added: kernel-stable-tracking-bug
Changed in linux (Ubuntu Bionic):
status: New → In Progress
assignee: nobody → Kamal Mostafa (kamalmostafa)
description: updated
Changed in linux (Ubuntu Bionic):
status: In Progress → Fix Committed
Launchpad Janitor (janitor) wrote :
Download full text (27.7 KiB)

This bug was fixed in the package linux - 4.15.0-96.97

linux (4.15.0-96.97) bionic; urgency=medium

  * CVE-2020-8834
    - KVM: PPC: Book3S HV: Factor fake-suspend handling out of
    - KVM: PPC: Book3S PR: Move kvmppc_save_tm/kvmppc_restore_tm to separate file
    - KVM: PPC: Book3S PR: Add guest MSR parameter for

linux (4.15.0-94.95) bionic; urgency=medium

  * bionic/linux: 4.15.0-94.95 -proposed tracker (LP: #1868984)

  * Missing wireless network interface after kernel 5.3.0-43 upgrade with eoan
    (LP: #1868442)
    - iwlwifi: mvm: Do not require PHY_SKU NVM section for 3168 devices

linux (4.15.0-93.94) bionic; urgency=medium

  * bionic/linux: 4.15.0-93.94 -proposed tracker (LP: #1868764)

  * quotactl04 from ubuntu_ltp_syscalls failed with B (LP: #1868665)
    - ext4: fix mount failure with quota configured as module

linux (4.15.0-92.93) bionic; urgency=medium

  * bionic/linux: 4.15.0-92.93 -proposed tracker (LP: #1867272)

  * Packaging resync (LP: #1786013)
    - [Packaging] resync getabis
    - [Packaging] update helper scripts

  * Introduce the new NVIDIA 440 series, and add 5.4 Linux compatibility to the
    340 and 390 series (LP: #1854485)
    - [Packaging] NVIDIA -- add support for the 435 and the 440 series

  * Stop using get_scalar_status command in Dell AIO uart backlight driver
    (LP: #1865402)
    - SAUCE: platform/x86: dell-uart-backlight: add get_display_mode command

  * Bionic update: upstream stable patchset 2020-03-12 (LP: #1867194)
    - RDMA/core: Fix locking in ib_uverbs_event_read
    - gpio: zynq: Report gpio direction at boot
    - arm64: ptrace: nofpsimd: Fail FP/SIMD regset operations
    - KVM: arm: Fix DFSR setting for non-LPAE aarch32 guests
    - KVM: arm: Make inject_abt32() inject an external abort instead
    - mtd: onenand_base: Adjust indentation in onenand_read_ops_nolock
    - mtd: sharpslpart: Fix unsigned comparison to zero
    - padata: fix null pointer deref of pd->pinst
    - Input: synaptics - switch T470s to RMI4 by default
    - Input: synaptics - enable SMBus on ThinkPad L470
    - Input: synaptics - remove the LEN0049 dmi id from topbuttonpad list
    - ALSA: hda/realtek - Fix silent output on MSI-GL73
    - ALSA: usb-audio: Apply sample rate quirk for Audioengine D1
    - arm64: cpufeature: Set the FP/SIMD compat HWCAP bits properly
    - ALSA: usb-audio: sound: usb: usb true/false for bool return type
    - ext4: don't assume that mmp_nodename/bdevname have NUL
    - ext4: fix support for inode sizes > 1024 bytes
    - ext4: fix checksum errors with indexed dirs
    - ext4: add cond_resched() to ext4_protect_reserved_inode
    - ext4: improve explanation of a mount failure caused by a misconfigured
    - Btrfs: fix race between using extent maps and merging them
    - btrfs: ref-verify: fix memory leaks
    - btrfs: print message when tree-log replay starts
    - btrfs: log message when rw remount is attempted with unclean tree-log
    - arm64: ssbs: Fix context-switch when SSBS is present on all CPUs
    - perf/x86/amd: Add missing L2 misses event spec to AMD Family 17h's ev...

Changed in linux (Ubuntu Bionic):
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers