Eoan update: upstream stable patchset 2020-03-20

Bug #1868324 reported by Kamal Mostafa
This bug affects 1 person
Affects Status Importance Assigned to Milestone
linux (Ubuntu)
Kamal Mostafa

Bug Description

SRU Justification

       The upstream process for stable tree updates is quite similar
       in scope to the Ubuntu SRU process, e.g., each patch has to
       demonstrably fix a bug, and each patch is vetted by upstream
       by originating either directly from a mainline/stable Linux tree or
       a minimally backported form of that patch. The following upstream
       stable patches should be included in the Ubuntu kernel:

       upstream stable patchset 2020-03-20

                Ported from the following upstream stable releases:
                        v4.19.106, v5.4.22

       from git://git.kernel.org/

core: Don't skip generic XDP program execution for cloned SKBs
enic: prevent waking up stopped tx queues over watchdog reset
net/smc: fix leak of kernel memory to user space
net: dsa: tag_qca: Make sure there is headroom for tag
net/sched: matchall: add missing validation of TCA_MATCHALL_FLAGS
net/sched: flower: add missing validation of TCA_FLOWER_FLAGS
Revert "KVM: nVMX: Use correct root level for nested EPT shadow page tables"
KVM: nVMX: Use correct root level for nested EPT shadow page tables
drm/gma500: Fixup fbdev stolen size usage evaluation
cpu/hotplug, stop_machine: Fix stop_machine vs hotplug order
brcmfmac: Fix use after free in brcmf_sdio_readframes()
leds: pca963x: Fix open-drain initialization
ext4: fix ext4_dax_read/write inode locking sequence for IOCB_NOWAIT
ALSA: ctl: allow TLV read operation for callback type of element in locked case
gianfar: Fix TX timestamping with a stacked DSA driver
pinctrl: sh-pfc: sh7264: Fix CAN function GPIOs
pxa168fb: Fix the function used to release some memory in an error handling path
media: i2c: mt9v032: fix enum mbus codes and frame sizes
powerpc/powernv/iov: Ensure the pdn for VFs always contains a valid PE number
gpio: gpio-grgpio: fix possible sleep-in-atomic-context bugs in grgpio_irq_map/unmap()
iommu/vt-d: Fix off-by-one in PASID allocation
media: sti: bdisp: fix a possible sleep-in-atomic-context bug in bdisp_device_run()
pinctrl: baytrail: Do not clear IRQ flags on direct-irq enabled pins
efi/x86: Map the entire EFI vendor string before copying it
MIPS: Loongson: Fix potential NULL dereference in loongson3_platform_init()
sparc: Add .exit.data section.
uio: fix a sleep-in-atomic-context bug in uio_dmem_genirq_irqcontrol()
usb: gadget: udc: fix possible sleep-in-atomic-context bugs in gr_probe()
usb: dwc2: Fix IN FIFO allocation
clocksource/drivers/bcm2835_timer: Fix memory leak of timer
kselftest: Minimise dependency of get_size on C library interfaces
jbd2: clear JBD2_ABORT flag before journal_reset to update log tail info when load journal
x86/sysfb: Fix check for bad VRAM size
pwm: omap-dmtimer: Simplify error handling
s390/pci: Fix possible deadlock in recover_store()
powerpc/iov: Move VF pdev fixup into pcibios_fixup_iov()
tracing: Fix tracing_stat return values in error handling paths
tracing: Fix very unlikely race of registering two stat tracers
ARM: 8952/1: Disable kmemleak on XIP kernels
ext4, jbd2: ensure panic when aborting with zero errno
ath10k: Correct the DMA direction for management tx buffers
drm/amd/display: Retrain dongles when SINK_COUNT becomes non-zero
nbd: add a flush_workqueue in nbd_start_device
kconfig: fix broken dependency in randconfig-generated .config
clk: qcom: rcg2: Don't crash if our parent can't be found; return an error
drm/amdgpu: remove 4 set but not used variable in amdgpu_atombios_get_connector_info_from_object_table
drm/amdgpu: Ensure ret is always initialized when using SOC15_WAIT_ON_RREG
regulator: rk808: Lower log level on optional GPIOs being not available
net/wan/fsl_ucc_hdlc: reject muram offsets above 64K
NFC: port100: Convert cpu_to_le16(le16_to_cpu(E1) + E2) to use le16_add_cpu().
arm64: dts: allwinner: H6: Add PMU mode
arm: dts: allwinner: H3: Add PMU node
selinux: ensure we cleanup the internal AVC counters on error in avc_insert()
arm64: dts: qcom: msm8996: Disable USB2 PHY suspend by core
ARM: dts: imx6: rdu2: Disable WP for USDHC2 and USDHC3
ARM: dts: imx6: rdu2: Limit USBH1 to Full Speed
PCI: iproc: Apply quirk_paxc_bridge() for module as well as built-in
media: cx23885: Add support for AVerMedia CE310B
PCI: Add generic quirk for increasing D3hot delay
PCI: Increase D3 delay for AMD Ryzen5/7 XHCI controllers
media: v4l2-device.h: Explicitly compare grp{id,mask} to zero in v4l2_device macros
reiserfs: Fix spurious unlock in reiserfs_fill_super() error handling
r8169: check that Realtek PHY driver module is loaded
fore200e: Fix incorrect checks of NULL pointer dereference
netfilter: nft_tunnel: add the missing ERSPAN_VERSION nla_policy
ALSA: usx2y: Adjust indentation in snd_usX2Y_hwdep_dsp_status
b43legacy: Fix -Wcast-function-type
ipw2x00: Fix -Wcast-function-type
iwlegacy: Fix -Wcast-function-type
rtlwifi: rtl_pci: Fix -Wcast-function-type
orinoco: avoid assertion in case of NULL pointer
ACPICA: Disassembler: create buffer fields in ACPI_PARSE_LOAD_PASS1
scsi: ufs: Complete pending requests in host reset and restore path
scsi: aic7xxx: Adjust indentation in ahc_find_syncrate
drm/mediatek: handle events when enabling/disabling crtc
ARM: dts: r8a7779: Add device node for ARM global timer
selinux: ensure we cleanup the internal AVC counters on error in avc_update()
dmaengine: Store module owner in dma_device struct
crypto: chtls - Fixed memory leak
x86/vdso: Provide missing include file
PM / devfreq: rk3399_dmc: Add COMPILE_TEST and HAVE_ARM_SMCCC dependency
pinctrl: sh-pfc: sh7269: Fix CAN function GPIOs
reset: uniphier: Add SCSSI reset control for each channel
RDMA/rxe: Fix error type of mmap_offset
clk: sunxi-ng: add mux and pll notifiers for A64 CPU clock
ALSA: sh: Fix unused variable warnings
clk: uniphier: Add SCSSI clock gate for each channel
ALSA: sh: Fix compile warning wrt const
tools lib api fs: Fix gcc9 stringop-truncation compilation error
ACPI: button: Add DMI quirk for Razer Blade Stealth 13 late 2019 lid switch
mlx5: work around high stack usage with gcc
drm: remove the newline for CRC source name.
ARM: dts: stm32: Add power-supply for DSI panel on stm32f469-disco
usbip: Fix unsafe unaligned pointer usage
udf: Fix free space reporting for metadata and virtual partitions
staging: rtl8188: avoid excessive stack usage
IB/hfi1: Add software counter for ctxt0 seq drop
soc/tegra: fuse: Correct straps' address for older Tegra124 device trees
efi/x86: Don't panic or BUG() on non-critical error conditions
rcu: Use WRITE_ONCE() for assignments to ->pprev for hlist_nulls
Input: edt-ft5x06 - work around first register access error
x86/nmi: Remove irq_work from the long duration NMI handler
wan: ixp4xx_hss: fix compile-testing on 64-bit
ASoC: atmel: fix build error with CONFIG_SND_ATMEL_SOC_DMA=m
tty: synclinkmp: Adjust indentation in several functions
tty: synclink_gt: Adjust indentation in several functions
visorbus: fix uninitialized variable access
driver core: platform: Prevent resouce overflow from causing infinite loops
driver core: Print device when resources present in really_probe()
bpf: Return -EBADRQC for invalid map type in __bpf_tx_xdp_map
vme: bridges: reduce stack usage
drm/nouveau/secboot/gm20b: initialize pointer in gm20b_secboot_new()
drm/nouveau/gr/gk20a,gm200-: add terminators to method lists read from fw
drm/nouveau: Fix copy-paste error in nouveau_fence_wait_uevent_handler
drm/nouveau/drm/ttm: Remove set but not used variable 'mem'
drm/nouveau/fault/gv100-: fix memory leak on module unload
drm/vmwgfx: prevent memory leak in vmw_cmdbuf_res_add
usb: musb: omap2430: Get rid of musb .set_vbus for omap2430 glue
iommu/arm-smmu-v3: Use WRITE_ONCE() when changing validity of an STE
f2fs: set I_LINKABLE early to avoid wrong access by vfs
f2fs: free sysfs kobject
scsi: iscsi: Don't destroy session if there are outstanding connections
arm64: fix alternatives with LLVM's integrated assembler
drm/amd/display: fixup DML dependencies
watchdog/softlockup: Enforce that timestamp is valid on boot
f2fs: fix memleak of kobject
x86/mm: Fix NX bit clearing issue in kernel_map_pages_in_pgd
pwm: omap-dmtimer: Remove PWM chip in .remove before making it unfunctional
cmd64x: potential buffer overflow in cmd64x_program_timings()
ide: serverworks: potential overflow in svwks_set_pio_mode()
pwm: Remove set but not set variable 'pwm'
btrfs: fix possible NULL-pointer dereference in integrity checks
btrfs: safely advance counter when looking up bio csums
btrfs: device stats, log when stats are zeroed
module: avoid setting info->name early in case we can fall back to info->mod->name
remoteproc: Initialize rproc_class before use
irqchip/mbigen: Set driver .suppress_bind_attrs to avoid remove problems
ALSA: hda/hdmi - add retry logic to parse_intel_hdmi()
kbuild: use -S instead of -E for precise cc-option test in Kconfig
x86/decoder: Add TEST opcode to Group3-2
s390: adjust -mpacked-stack support check for clang 10
s390/ftrace: generate traced function stack frame
driver core: platform: fix u32 greater or equal to zero comparison
ALSA: hda - Add docking station support for Lenovo Thinkpad T420s
drm/nouveau/mmu: fix comptag memory leak
powerpc/sriov: Remove VF eeh_dev state when disabling SR-IOV
bcache: cached_dev_free needs to put the sb page
iommu/vt-d: Remove unnecessary WARN_ON_ONCE()
selftests: bpf: Reset global state between reuseport test runs
jbd2: switch to use jbd2_journal_abort() when failed to submit the commit record
jbd2: make sure ESHUTDOWN to be recorded in the journal superblock
ARM: 8951/1: Fix Kexec compilation issue.
hostap: Adjust indentation in prism2_hostapd_add_sta
iwlegacy: ensure loop counter addr does not wrap and cause an infinite loop
cifs: fix NULL dereference in match_prepath
bpf: map_seq_next should always increase position index
ceph: check availability of mds cluster on mount after wait timeout
rbd: work around -Wuninitialized warning
irqchip/gic-v3: Only provision redistributors that are enabled in ACPI
drm/nouveau/disp/nv50-: prevent oops when no channel method map provided
ftrace: fpid_next() should increase position index
trigger_next should increase position index
radeon: insert 10ms sleep in dce5_crtc_load_lut
ocfs2: fix a NULL pointer dereference when call ocfs2_update_inode_fsync_trans()
lib/scatterlist.c: adjust indentation in __sg_alloc_table
reiserfs: prevent NULL pointer dereference in reiserfs_insert_item()
bcache: explicity type cast in bset_bkey_last()
irqchip/gic-v3-its: Reference to its_invall_cmd descriptor when building INVALL
iwlwifi: mvm: Fix thermal zone registration
microblaze: Prevent the overflow of the start
brd: check and limit max_part par
drm/amdgpu/smu10: fix smu10_get_clock_by_type_with_latency
drm/amdgpu/smu10: fix smu10_get_clock_by_type_with_voltage
NFS: Fix memory leaks
help_next should increase position index
cifs: log warning message (once) if out of disk space
virtio_balloon: prevent pfn array overflow
mlxsw: spectrum_dpipe: Add missing error path
drm/amdgpu/display: handle multiple numbers of fclks in dcn_calcs.c (v2)
ath10k: Fix qmi init error handling
wil6210: fix break that is never reached because of zero'ing of a retry counter
drm/qxl: Complete exception handling in qxl_device_init()
rcu: Fix missed wakeup of exp_wq waiters
rcu: Fix data-race due to atomic_t copy-by-value
f2fs: preallocate DIO blocks when forcing buffered_io
f2fs: call f2fs_balance_fs outside of locked page
media: meson: add missing allocation failure check on new_buf
clk: meson: pll: Fix by 0 division in __pll_params_to_rate()
brcmfmac: Fix memory leak in brcmf_p2p_create_p2pdev()
PCI: Fix pci_add_dma_alias() bitmask size
drm/mipi_dbi: Fix off-by-one bugs in mipi_dbi_blank()
drm/msm/adreno: fix zap vs no-zap handling
media: ov5640: Fix check for PLL1 exceeding max allowed rate
clk: at91: sam9x60: fix programmable clock prescaler
clk: meson: meson8b: make the CCF use the glitch-free mali mux
x86/fpu: Deactivate FPU state after failure during state load
char/random: silence a lockdep splat with printk()
IB/core: Let IB core distribute cache update events
net: ethernet: ixp4xx: Standard module init
raid6/test: fix a compilation error
spi: fsl-lpspi: fix only one cs-gpio working
drm/amd/display: Clear state after exiting fixed active VRR state
clk: ti: dra7: fix parent for gmac_clkctrl
dmaengine: fsl-qdma: fix duplicated argument to &&
wan/hdlc_x25: fix skb handling
rtw88: fix rate mask for 1SS chip
brcmfmac: sdio: Fix OOB interrupt initialization on brcm43362
selftests: settings: tests can be in subsubdirs
rtc: i2c/spi: Avoid inclusion of REGMAP support when not needed
tracing: Simplify assignment parsing for hist triggers
Btrfs: keep pages dirty when using btrfs_writepage_fixup_worker
drivers/block/zram/zram_drv.c: fix error return codes not being returned in writeback_store
block, bfq: do not plug I/O for bfq_queues with no proc refs
clk: qcom: Don't overwrite 'cfg' in clk_rcg2_dfs_populate_freq()
drm/amdkfd: Fix a bug in SDMA RLC queue counting under HWS mode
ath10k: correct the tlv len of ath10k_wmi_tlv_op_gen_config_pno_start
drm/panel: simple: Add Logic PD Type 28 display support
arm64: dts: rockchip: Fix NanoPC-T4 cooling maps
ASoC: intel: sof_rt5682: Add quirk for number of HDMI DAI's
ASoC: intel: sof_rt5682: Add support for tgl-max98357a-rt5682
arm64: dts: allwinner: H5: Add PMU node
bus: ti-sysc: Implement quirk handling for CLKDM_NOAUTO
Revert "nfp: abm: fix memory leak in nfp_abm_u32_knode_replace"
gpu/drm: ingenic: Avoid null pointer deference in plane atomic update
selftests/net: make so_txtime more robust to timer variance
samples/bpf: Set -fno-stack-protector when building BPF programs
PCI: Add nr_devfns parameter to pci_add_dma_alias()
PCI: Add DMA alias quirk for PLX PEX NTB
drm/amdgpu: fix KIQ ring test fail in TDR of SRIOV
clk: qcom: smd: Add missing bimc clock
nfsd: Clone should commit src file metadata too
crypto: inside-secure - add unspecified HAS_IOMEM dependency
clk: renesas: rcar-gen3: Allow changing the RPC[D2] clocks
scsi: lpfc: Fix: Rework setting of fdmi symbolic node name registration
arm64: dts: qcom: db845c: Enable ath10k 8bit host-cap quirk
iommu/amd: Check feature support bit before accessing MSI capability registers
iommu/amd: Only support x2APIC with IVHD type 11h/40h
iommu/iova: Silence warnings under memory pressure
clk: actually call the clock init before any other callback of the clock
drm/fbdev: Fallback to non tiled mode if all tiles not present
ASoC: soc-topology: fix endianness issues
fbdev: fix numbering of fbcon options
clk: Use parent node pointer during registration if necessary
ALSA: hda/realtek - Apply mic mute LED quirk for Dell E7xx laptops, too
net: phy: fixed_phy: fix use-after-free when checking link GPIO
vfio/spapr/nvlink2: Skip unpinning pages on error exit
ASoC: Intel: sof_rt5682: Ignore the speaker amp when there isn't one.
iommu/vt-d: Match CPU and IOMMU paging mode
iommu/vt-d: Avoid sending invalid page response
drm/amdkfd: Fix permissions of hang_hws
RDMA/hns: Avoid printing address of mtt page
usb: dwc3: use proper initializers for property entries
drm/mediatek: Add gamma property according to hardware capability
IB/hfi1: Add RcvShortLengthErrCnt to hfi1stats
bnxt: Detach page from page pool before sending up the stack
clocksource: davinci: only enable clockevents once tim34 is initialized
arm64: dts: rockchip: fix dwmmc clock name for px30
arm64: dts: rockchip: add reg property to brcmf sub-nodes
ARM: dts: rockchip: add reg property to brcmf sub node for rk3188-bqedison2qc
ALSA: usb-audio: Add boot quirk for MOTU M Series
raid6/test: fix a compilation warning
dm thin: don't allow changing data device during thin-pool reload
perf/imx_ddr: Fix cpu hotplug state cleanup
kbuild: remove *.tmp file when filechk fails
ALSA: usb-audio: unlock on error in probe
scsi: ufs: pass device information to apply_dev_quirks
scsi: ufs-mediatek: add apply_dev_quirks variant operation
ALSA: usb-audio: add implicit fb quirk for MOTU M Series
RDMA/mlx5: Don't fake udata for kernel path
EDAC/sifive: Fix return value check in ecc_register()
KVM: PPC: Remove set but not used variable 'ra', 'rs', 'rt'
sched/core: Fix size of rq::uclamp initialization
sched/topology: Assert non-NUMA topology masks don't (partially) overlap
perf/x86/amd: Constrain Large Increment per Cycle events
debugobjects: Fix various data races
ASoC: SOF: Intel: hda: Fix SKL dai count
regulator: vctrl-regulator: Avoid deadlock getting and setting the voltage
regulator: core: Fix exported symbols to the exported GPL version
spi: spi-fsl-qspi: Ensure width is respected in spi-mem operations
bpf, btf: Always output invariant hit in pahole DWARF to BTF transform
sunrpc: Fix potential leaks in sunrpc_cache_unhash()
media: uvcvideo: Add a quirk to force GEO GC6500 Camera bits-per-pixel value
btrfs: separate definition of assertion failure handlers
btrfs: Fix split-brain handling when changing FSID to metadata uuid
alarmtimer: Make alarmtimer platform device child of RTC device
powerpc/pseries/lparcfg: Fix display of Maximum Memory
ALSA: usb-audio: add quirks for Line6 Helix devices fw>=2.82
rtw88: fix potential NULL skb access in TX ISR
cifs: fix unitialized variable poential problem with network I/O cache lock patch
cifs: Fix mount options set in automount
powerpc/mm: Don't log user reads to 0xffffffff
drm/amd/display: do not allocate display_mode_lib unnecessarily
char: hpet: Fix out-of-bounds read bug
powerpc: Do not consider weak unresolved symbol relocations as bad
btrfs: do not do delalloc reservation under page lock
ocfs2: make local header paths relative to C files
bcache: fix memory corruption in bch_cache_accounting_clear()
bcache: fix incorrect data type usage in btree_flush_write()
nvme-pci: remove nvmeq->tags
iwlwifi: mvm: Check the sta is not NULL in iwl_mvm_cfg_he_sta()
asm-generic/tlb: add missing CONFIG symbol
i40e: Relax i40e_xsk_wakeup's return value when PF is busy
s390/pci: Recover handle in clp_set_pci_fn()
rtc: Kconfig: select REGMAP_I2C when necessary
UBUNTU: upstream stable to v4.19.106, v5.4.22

CVE References

Changed in linux (Ubuntu):
status: New → Confirmed
tags: added: kernel-stable-tracking-bug
Changed in linux (Ubuntu Eoan):
status: New → In Progress
assignee: nobody → Kamal Mostafa (kamalmostafa)
description: updated
Changed in linux (Ubuntu Eoan):
status: In Progress → Fix Committed
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package linux - 5.3.0-51.44

linux (5.3.0-51.44) eoan; urgency=medium

  * CVE-2020-11884
    - SAUCE: s390/mm: fix page table upgrade vs 2ndary address mode accesses

 -- Thadeu Lima de Souza Cascardo <email address hidden> Wed, 22 Apr 2020 17:35:41 -0300

Changed in linux (Ubuntu Eoan):
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers