Eoan update: upstream stable patchset 2020-03-27

Bug #1869433 reported by Kamal Mostafa
10
This bug affects 1 person
Affects Status Importance Assigned to Milestone
linux (Ubuntu)
Undecided
Unassigned
Eoan
Undecided
Kamal Mostafa

Bug Description

SRU Justification

    Impact:
       The upstream process for stable tree updates is quite similar
       in scope to the Ubuntu SRU process, e.g., each patch has to
       demonstrably fix a bug, and each patch is vetted by upstream
       by originating either directly from a mainline/stable Linux tree or
       a minimally backported form of that patch. The following upstream
       stable patches should be included in the Ubuntu kernel:

       upstream stable patchset 2020-03-27

                Ported from the following upstream stable releases:
                        v4.19.109, v5.4.25,
                        v4.19.110,
                        v4.19.111, v5.4.26

       from git://git.kernel.org/

net: dsa: bcm_sf2: Forcibly configure IMP port for 1Gb/sec
RDMA/core: Fix pkey and port assignment in get_new_pps
RDMA/core: Fix use of logical OR in get_new_pps
kprobes: Fix optimize_kprobe()/unoptimize_kprobe() cancellation logic
ALSA: hda: do not override bus codec_mask in link_get()
serial: ar933x_uart: set UART_CS_{RX,TX}_READY_ORIDE
selftests: fix too long argument
usb: gadget: composite: Support more than 500mA MaxPower
usb: gadget: ffs: ffs_aio_cancel(): Save/restore IRQ flags
usb: gadget: serial: fix Tx stall after buffer overflow
drm/msm/mdp5: rate limit pp done timeout warnings
drm: msm: Fix return type of dsi_mgr_connector_mode_valid for kCFI
scsi: megaraid_sas: silence a warning
drm/msm/dsi: save pll state before dsi host is powered off
drm/msm/dsi/pll: call vco set rate explicitly
selftests: forwarding: use proto icmp for {gretap, ip6gretap}_mac testing
net: ks8851-ml: Remove 8-bit bus accessors
net: ks8851-ml: Fix 16-bit data access
net: ks8851-ml: Fix 16-bit IO operation
watchdog: da9062: do not ping the hw during stop()
s390/cio: cio_ignore_proc_seq_next should increase position index
s390: make 'install' not depend on vmlinux
x86/boot/compressed: Don't declare __force_order in kaslr_64.c
s390/qdio: fill SL with absolute addresses
nvme: Fix uninitialized-variable warning
ice: Don't tell the OS that link is going down
x86/xen: Distribute switch variables for initialization
net: thunderx: workaround BGX TX Underflow issue
ALSA: hda/realtek - Fix silent output on Gigabyte X570 Aorus Master
cifs: don't leak -EAGAIN for stat() during reconnect
usb: storage: Add quirk for Samsung Fit flash
usb: quirks: add NO_LPM quirk for Logitech Screen Share
usb: dwc3: gadget: Update chain bit correctly when using sg list
usb: core: hub: fix unhandled return by employing a void function
usb: core: hub: do error out if usb_autopm_get_interface() fails
usb: core: port: do error out if usb_autopm_get_interface() fails
vgacon: Fix a UAF in vgacon_invert_region
mm, numa: fix bad pmd by atomically check for pmd_trans_huge when marking page tables prot_numa
mm: fix possible PMD dirty bit lost in set_pmd_migration_entry()
fat: fix uninit-memory access for partial initialized inode
arm: dts: dra76x: Fix mmc3 max-frequency
tty:serial:mvebu-uart:fix a wrong return
serial: 8250_exar: add support for ACCES cards
vt: selection, close sel_buffer race
vt: selection, push console lock down
vt: selection, push sel_lock up
media: v4l2-mem2mem.c: fix broken links
x86/pkeys: Manually set X86_FEATURE_OSPKE to preserve existing changes
dmaengine: tegra-apb: Fix use-after-free
dmaengine: tegra-apb: Prevent race conditions of tasklet vs free list
dm cache: fix a crash due to incorrect work item cancelling
dm: report suspended device during destroy
dm writecache: verify watermark during resume
ARM: dts: ls1021a: Restore MDIO compatible to gianfar
spi: bcm63xx-hsspi: Really keep pll clk enabled
ASoC: topology: Fix memleak in soc_tplg_link_elems_load()
ASoC: topology: Fix memleak in soc_tplg_manifest_load()
ASoC: intel: skl: Fix pin debug prints
ASoC: intel: skl: Fix possible buffer overflow in debug outputs
ASoC: pcm: Fix possible buffer overflow in dpcm state sysfs output
ASoC: pcm512x: Fix unbalanced regulator enable call in probe error path
ASoC: dapm: Correct DAPM handling of active widgets during shutdown
drm/sun4i: Fix DE2 VI layer format support
drm/sun4i: de2/de3: Remove unsupported VI layer formats
phy: mapphone-mdm6600: Fix timeouts by adding wake-up handling
phy: mapphone-mdm6600: Fix write timeouts with shorter GPIO toggle interval
ARM: dts: imx6: phycore-som: fix emmc supply
RDMA/iwcm: Fix iwcm work deallocation
RMDA/cm: Fix missing ib_cm_destroy_id() in ib_cm_insert_listen()
IB/hfi1, qib: Ensure RCU is locked when accessing list
ARM: imx: build v7_cpu_resume() unconditionally
ARM: dts: am437x-idk-evm: Fix incorrect OPP node names
ARM: dts: imx7-colibri: Fix frequency for sd/mmc
hwmon: (adt7462) Fix an error return in ADT7462_REG_VOLT()
dmaengine: coh901318: Fix a double lock bug in dma_tc_handle()
powerpc: fix hardware PMU exception bug on PowerVM compatibility mode systems
efi/x86: Align GUIDs to their size in the mixed mode runtime wrapper
efi/x86: Handle by-ref arguments covering multiple pages in mixed mode
dm integrity: fix a deadlock due to offloading to an incorrect workqueue
KVM: SVM: fix up incorrect backport
block, bfq: get extra ref to prevent a queue from being freed during a group move
block, bfq: do not insert oom queue into position tree
dm thin metadata: fix lockdep complaint
blktrace: fix dereference after null check
habanalabs: halt the engines before hard-reset
habanalabs: do not halt CoreSight during hard reset
habanalabs: patched cb equals user cb in device memset
drm/modes: Make sure to parse valid rotation value from cmdline
drm/modes: Allow DRM_MODE_ROTATE_0 when applying video mode parameters
selftests: forwarding: vxlan_bridge_1d: fix tos value
net: atlantic: check rpc result and wait for rpc address
net: ethernet: dm9000: Handle -EPROBE_DEFER in dm9000_parse_dt()
nvme/pci: Add sleep quirk for Samsung and Toshiba drives
csky/mm: Fixup export invalid_pte_table symbol
csky: Set regs->usp to kernel sp, when the exception is from kernel
csky/smp: Fixup boot failed when CONFIG_SMP
csky: Fixup ftrace modify panic
csky: Fixup compile warning for three unimplemented syscalls
arch/csky: fix some Kconfig typos
selftests: forwarding: vxlan_bridge_1d: use more proper tos value
firmware: imx: scu: Ensure sequential TX
binder: prevent UAF for binderfs devices
binder: prevent UAF for binderfs devices II
ALSA: hda/realtek - Add Headset Button supported for ThinkPad X1
ALSA: hda/realtek - Enable the headset of ASUS B9450FA with ALC294
mm, hotplug: fix page online with DEBUG_PAGEALLOC compiled but not enabled
btrfs: fix RAID direct I/O reads with alternate csums
arm64: dts: socfpga: agilex: Fix gmac compatible
tty: serial: fsl_lpuart: free IDs allocated by IDA
media: hantro: Fix broken media controller links
media: mc-entity.c: use & to check pad flags, not ==
perf intel-pt: Fix endless record after being terminated
perf intel-bts: Fix endless record after being terminated
perf cs-etm: Fix endless record after being terminated
perf arm-spe: Fix endless record after being terminated
spi: spidev: Fix CS polarity if GPIO descriptors are used
s390/pci: Fix unexpected write combine on resource
s390/mm: fix panic in gup_fast on large pud
dmaengine: imx-sdma: fix context cache
dmaengine: imx-sdma: Fix the event id check to include RX event for UART6
dm integrity: fix recalculation when moving from journal mode to bitmap mode
dm integrity: fix invalid table returned due to argument count mismatch
dm zoned: Fix reference counter initial value of chunk works
dm: fix congested_fn for request-based device
drm/virtio: make resource id workaround runtime switchable.
drm/virtio: fix resource id creation race
ASoC: SOF: Fix snd_sof_ipc_stream_posn()
powerpc: define helpers to get L1 icache sizes
powerpc: Convert flush_icache_range & friends to C
powerpc/mm: Fix missing KUAP disable in flush_coherent_icache()
ASoC: Intel: Skylake: Fix available clock counter incrementation
spi: atmel-quadspi: fix possible MMIO window size overrun
drm/sun4i: Add separate DE3 VI layer formats
drm/i915: Program MBUS with rmw during initialization
drm/i915/selftests: Fix return in assert_mmap_offset()
arm64: dts: imx8qxp-mek: Remove unexisting Ethernet PHY
firmware: imx: misc: Align imx sc msg structs to 4
firmware: imx: scu-pd: Align imx sc msg structs to 4
firmware: imx: Align imx_sc_msg_req_cpu_start to 4
Revert "RDMA/cma: Simplify rdma_resolve_addr() error flow"
RDMA/nldev: Fix crash when set a QP to a new counter but QPN is missing
RDMA/siw: Fix failure handling during device creation
RDMA/core: Fix protection fault in ib_mr_pool_destroy
regulator: stm32-vrefbuf: fix a possible overshoot when re-enabling
ARM: dts: dra7xx-clocks: Fixup IPU1 mux clock parent source
dma-buf: free dmabuf->name in dma_buf_release()
arm64: dts: meson: fix gxm-khadas-vim2 wifi
bus: ti-sysc: Fix 1-wire reset quirk
EDAC/synopsys: Do not print an error with back-to-back snprintf() calls
efi: READ_ONCE rng seed size before munmap
block, bfq: get a ref to a group when adding it to a service tree
block, bfq: remove ifdefs from around gets/puts of bfq groups
csky: Implement copy_thread_tls
drm/virtio: module_param_named() requires linux/moduleparam.h
UBUNTU: upstream stable to v4.19.110, v5.4.25
net: phy: Avoid multiple suspends
cgroup, netclassid: periodically release file_lock on classid updating
gre: fix uninit-value in __iptunnel_pull_header
inet_diag: return classid for all socket types
ipv6/addrconf: call ipv6_mc_up() for non-Ethernet interface
ipvlan: add cond_resched_rcu() while processing muticast backlog
ipvlan: do not add hardware address of master to its unicast filter list
ipvlan: do not use cond_resched_rcu() in ipvlan_process_multicast()
ipvlan: don't deref eth hdr before checking it's set
net/ipv6: use configured metric when add peer route
netlink: Use netlink header as base to calculate bad attribute offset
net: macsec: update SCI upon MAC address change.
net: nfc: fix bounds checking bugs on "pipe"
net/packet: tpacket_rcv: do not increment ring index on drop
net: stmmac: dwmac1000: Disable ACS if enhanced descs are not used
net: systemport: fix index check to avoid an array out of bounds access
sfc: detach from cb_page in efx_copy_channel()
bnxt_en: reinitialize IRQs when MTU is modified
cgroup: memcg: net: do not associate sock with unrelated cgroup
net: memcg: late association of sock to memcg
net: memcg: fix lockdep splat in inet_csk_accept()
devlink: validate length of param values
fib: add missing attribute validation for tun_id
nl802154: add missing attribute validation
nl802154: add missing attribute validation for dev_type
can: add missing attribute validation for termination
macsec: add missing attribute validation for port
net: fq: add missing attribute validation for orphan mask
team: add missing attribute validation for port ifindex
team: add missing attribute validation for array index
nfc: add missing attribute validation for SE API
nfc: add missing attribute validation for deactivate target
nfc: add missing attribute validation for vendor subcommand
net: phy: fix MDIO bus PM PHY resuming
selftests/net/fib_tests: update addr_metric_test for peer route testing
net/ipv6: need update peer route when modify metric
net/ipv6: remove the old peer route if change it to a new one
tipc: add missing attribute validation for MTU property
devlink: validate length of region addr/len
bonding/alb: make sure arp header is pulled before accessing it
slip: make slhc_compress() more robust against malicious packets
net: fec: validate the new settings in fec_enet_set_coalesce()
macvlan: add cond_resched() during multicast processing
cgroup: cgroup_procs_next should increase position index
cgroup: Iterate tasks that did not finish do_exit()
virtio-blk: fix hw_queue stopped on arbitrary error
iommu/vt-d: quirk_ioat_snb_local_iommu: replace WARN_TAINT with pr_warn + add_taint
netfilter: nf_conntrack: ct_cpu_seq_next should increase position index
netfilter: synproxy: synproxy_cpu_seq_next should increase position index
netfilter: xt_recent: recent_seq_next should increase position index
netfilter: x_tables: xt_mttg_seq_next should increase position index
workqueue: don't use wq_select_unbound_cpu() for bound works
drm/amd/display: remove duplicated assignment to grph_obj_type
ktest: Add timeout for ssh sync testing
cifs_atomic_open(): fix double-put on late allocation failure
gfs2_atomic_open(): fix O_EXCL|O_CREAT handling on cold dcache
KVM: x86: clear stale x86_emulate_ctxt->intercept value
ARC: define __ALIGN_STR and __ALIGN symbols for ARC
macintosh: windfarm: fix MODINFO regression
efi: Fix a race and a buffer overflow while reading efivars via sysfs
mt76: fix array overflow on receiving too many fragments for a packet
x86/mce: Fix logic and comments around MSR_PPIN_CTL
iommu/dma: Fix MSI reservation allocation
iommu/vt-d: dmar: replace WARN_TAINT with pr_warn + add_taint
iommu/vt-d: Fix a bug in intel_iommu_iova_to_phys() for huge page
batman-adv: Don't schedule OGM for disabled interface
pinctrl: meson-gxl: fix GPIOX sdio pins
pinctrl: core: Remove extra kref_get which blocks hogs being freed
drm/i915/gvt: Fix unnecessary schedule timer when no vGPU exits
i2c: gpio: suppress error on probe defer
nl80211: add missing attribute validation for critical protocol indication
nl80211: add missing attribute validation for beacon report scanning
nl80211: add missing attribute validation for channel switch
perf bench futex-wake: Restore thread count default to online CPU count
netfilter: cthelper: add missing attribute validation for cthelper
netfilter: nft_payload: add missing attribute validation for payload csum flags
netfilter: nft_tunnel: add missing attribute validation for tunnels
iommu/vt-d: Fix the wrong printing in RHSA parsing
iommu/vt-d: Ignore devices with out-of-spec domain number
i2c: acpi: put device when verifying client fails
ipv6: restrict IPV6_ADDRFORM operation
net/smc: check for valid ib_client_data
net/smc: cancel event worker during device removal
efi: Add a sanity check to efivar_store_raw()
batman-adv: Avoid free/alloc race when handling OGM2 buffer
virtio_balloon: Adjust label in virtballoon_probe
ALSA: hda/realtek - More constifications
net: dsa: fix phylink_start()/phylink_stop() calls
net: dsa: mv88e6xxx: fix lockup on warm boot
net: hns3: fix a not link up issue when fibre port supports autoneg
net: phy: bcm63xx: fix OOPS due to missing driver name
taprio: Fix sending packets without dequeueing them
net: taprio: add missing attribute validation for txtime delay
net: phy: avoid clearing PHY interrupts twice in irq handler
net: dsa: Don't instantiate phylink for CPU/DSA ports unless needed
netfilter: nf_tables: fix infinite loop when expr is not available
drm/i915: be more solid in checking the alignment
drm/i915: Defer semaphore priority bumping to a workqueue
KVM: nVMX: avoid NULL pointer dereference with incorrect EVMCS GPAs
s390/dasd: fix data corruption for thin provisioned devices
x86/ioremap: Map EFI runtime services data as encrypted for SEV
perf/amd/uncore: Replace manual sampling check with CAP_NO_INTERRUPT flag
pinctrl: imx: scu: Align imx sc msg structs to 4
virtio_ring: Fix mem leak with vring_new_virtqueue()
drm/i915/gvt: Fix dma-buf display blur issue on CFL
iommu/vt-d: Fix RCU-list bugs in intel_iommu_init()
netfilter: nf_tables: dump NFTA_CHAIN_FLAGS attribute
netfilter: nft_chain_nat: inet family is missing module ownership
UBUNTU: upstream stable to v4.19.111, v5.4.26

CVE References

Changed in linux (Ubuntu):
status: New → Confirmed
tags: added: kernel-stable-tracking-bug
Changed in linux (Ubuntu Eoan):
status: New → In Progress
assignee: nobody → Kamal Mostafa (kamalmostafa)
description: updated
Changed in linux (Ubuntu Eoan):
status: In Progress → Fix Committed
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package linux - 5.3.0-51.44

---------------
linux (5.3.0-51.44) eoan; urgency=medium

  * CVE-2020-11884
    - SAUCE: s390/mm: fix page table upgrade vs 2ndary address mode accesses

 -- Thadeu Lima de Souza Cascardo <email address hidden> Wed, 22 Apr 2020 17:35:41 -0300

Changed in linux (Ubuntu Eoan):
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers