Eoan update: upstream stable patchset 2020-03-27

Bug #1869433 reported by Kamal Mostafa
This bug affects 1 person
Affects Status Importance Assigned to Milestone
linux (Ubuntu)
Kamal Mostafa

Bug Description

SRU Justification

       The upstream process for stable tree updates is quite similar
       in scope to the Ubuntu SRU process, e.g., each patch has to
       demonstrably fix a bug, and each patch is vetted by upstream
       by originating either directly from a mainline/stable Linux tree or
       a minimally backported form of that patch. The following upstream
       stable patches should be included in the Ubuntu kernel:

       upstream stable patchset 2020-03-27

                Ported from the following upstream stable releases:
                        v4.19.109, v5.4.25,
                        v4.19.111, v5.4.26

       from git://git.kernel.org/

net: dsa: bcm_sf2: Forcibly configure IMP port for 1Gb/sec
RDMA/core: Fix pkey and port assignment in get_new_pps
RDMA/core: Fix use of logical OR in get_new_pps
kprobes: Fix optimize_kprobe()/unoptimize_kprobe() cancellation logic
ALSA: hda: do not override bus codec_mask in link_get()
serial: ar933x_uart: set UART_CS_{RX,TX}_READY_ORIDE
selftests: fix too long argument
usb: gadget: composite: Support more than 500mA MaxPower
usb: gadget: ffs: ffs_aio_cancel(): Save/restore IRQ flags
usb: gadget: serial: fix Tx stall after buffer overflow
drm/msm/mdp5: rate limit pp done timeout warnings
drm: msm: Fix return type of dsi_mgr_connector_mode_valid for kCFI
scsi: megaraid_sas: silence a warning
drm/msm/dsi: save pll state before dsi host is powered off
drm/msm/dsi/pll: call vco set rate explicitly
selftests: forwarding: use proto icmp for {gretap, ip6gretap}_mac testing
net: ks8851-ml: Remove 8-bit bus accessors
net: ks8851-ml: Fix 16-bit data access
net: ks8851-ml: Fix 16-bit IO operation
watchdog: da9062: do not ping the hw during stop()
s390/cio: cio_ignore_proc_seq_next should increase position index
s390: make 'install' not depend on vmlinux
x86/boot/compressed: Don't declare __force_order in kaslr_64.c
s390/qdio: fill SL with absolute addresses
nvme: Fix uninitialized-variable warning
ice: Don't tell the OS that link is going down
x86/xen: Distribute switch variables for initialization
net: thunderx: workaround BGX TX Underflow issue
ALSA: hda/realtek - Fix silent output on Gigabyte X570 Aorus Master
cifs: don't leak -EAGAIN for stat() during reconnect
usb: storage: Add quirk for Samsung Fit flash
usb: quirks: add NO_LPM quirk for Logitech Screen Share
usb: dwc3: gadget: Update chain bit correctly when using sg list
usb: core: hub: fix unhandled return by employing a void function
usb: core: hub: do error out if usb_autopm_get_interface() fails
usb: core: port: do error out if usb_autopm_get_interface() fails
vgacon: Fix a UAF in vgacon_invert_region
mm, numa: fix bad pmd by atomically check for pmd_trans_huge when marking page tables prot_numa
mm: fix possible PMD dirty bit lost in set_pmd_migration_entry()
fat: fix uninit-memory access for partial initialized inode
arm: dts: dra76x: Fix mmc3 max-frequency
tty:serial:mvebu-uart:fix a wrong return
serial: 8250_exar: add support for ACCES cards
vt: selection, close sel_buffer race
vt: selection, push console lock down
vt: selection, push sel_lock up
media: v4l2-mem2mem.c: fix broken links
x86/pkeys: Manually set X86_FEATURE_OSPKE to preserve existing changes
dmaengine: tegra-apb: Fix use-after-free
dmaengine: tegra-apb: Prevent race conditions of tasklet vs free list
dm cache: fix a crash due to incorrect work item cancelling
dm: report suspended device during destroy
dm writecache: verify watermark during resume
ARM: dts: ls1021a: Restore MDIO compatible to gianfar
spi: bcm63xx-hsspi: Really keep pll clk enabled
ASoC: topology: Fix memleak in soc_tplg_link_elems_load()
ASoC: topology: Fix memleak in soc_tplg_manifest_load()
ASoC: intel: skl: Fix pin debug prints
ASoC: intel: skl: Fix possible buffer overflow in debug outputs
ASoC: pcm: Fix possible buffer overflow in dpcm state sysfs output
ASoC: pcm512x: Fix unbalanced regulator enable call in probe error path
ASoC: dapm: Correct DAPM handling of active widgets during shutdown
drm/sun4i: Fix DE2 VI layer format support
drm/sun4i: de2/de3: Remove unsupported VI layer formats
phy: mapphone-mdm6600: Fix timeouts by adding wake-up handling
phy: mapphone-mdm6600: Fix write timeouts with shorter GPIO toggle interval
ARM: dts: imx6: phycore-som: fix emmc supply
RDMA/iwcm: Fix iwcm work deallocation
RMDA/cm: Fix missing ib_cm_destroy_id() in ib_cm_insert_listen()
IB/hfi1, qib: Ensure RCU is locked when accessing list
ARM: imx: build v7_cpu_resume() unconditionally
ARM: dts: am437x-idk-evm: Fix incorrect OPP node names
ARM: dts: imx7-colibri: Fix frequency for sd/mmc
hwmon: (adt7462) Fix an error return in ADT7462_REG_VOLT()
dmaengine: coh901318: Fix a double lock bug in dma_tc_handle()
powerpc: fix hardware PMU exception bug on PowerVM compatibility mode systems
efi/x86: Align GUIDs to their size in the mixed mode runtime wrapper
efi/x86: Handle by-ref arguments covering multiple pages in mixed mode
dm integrity: fix a deadlock due to offloading to an incorrect workqueue
KVM: SVM: fix up incorrect backport
block, bfq: get extra ref to prevent a queue from being freed during a group move
block, bfq: do not insert oom queue into position tree
dm thin metadata: fix lockdep complaint
blktrace: fix dereference after null check
habanalabs: halt the engines before hard-reset
habanalabs: do not halt CoreSight during hard reset
habanalabs: patched cb equals user cb in device memset
drm/modes: Make sure to parse valid rotation value from cmdline
drm/modes: Allow DRM_MODE_ROTATE_0 when applying video mode parameters
selftests: forwarding: vxlan_bridge_1d: fix tos value
net: atlantic: check rpc result and wait for rpc address
net: ethernet: dm9000: Handle -EPROBE_DEFER in dm9000_parse_dt()
nvme/pci: Add sleep quirk for Samsung and Toshiba drives
csky/mm: Fixup export invalid_pte_table symbol
csky: Set regs->usp to kernel sp, when the exception is from kernel
csky/smp: Fixup boot failed when CONFIG_SMP
csky: Fixup ftrace modify panic
csky: Fixup compile warning for three unimplemented syscalls
arch/csky: fix some Kconfig typos
selftests: forwarding: vxlan_bridge_1d: use more proper tos value
firmware: imx: scu: Ensure sequential TX
binder: prevent UAF for binderfs devices
binder: prevent UAF for binderfs devices II
ALSA: hda/realtek - Add Headset Button supported for ThinkPad X1
ALSA: hda/realtek - Enable the headset of ASUS B9450FA with ALC294
mm, hotplug: fix page online with DEBUG_PAGEALLOC compiled but not enabled
btrfs: fix RAID direct I/O reads with alternate csums
arm64: dts: socfpga: agilex: Fix gmac compatible
tty: serial: fsl_lpuart: free IDs allocated by IDA
media: hantro: Fix broken media controller links
media: mc-entity.c: use & to check pad flags, not ==
perf intel-pt: Fix endless record after being terminated
perf intel-bts: Fix endless record after being terminated
perf cs-etm: Fix endless record after being terminated
perf arm-spe: Fix endless record after being terminated
spi: spidev: Fix CS polarity if GPIO descriptors are used
s390/pci: Fix unexpected write combine on resource
s390/mm: fix panic in gup_fast on large pud
dmaengine: imx-sdma: fix context cache
dmaengine: imx-sdma: Fix the event id check to include RX event for UART6
dm integrity: fix recalculation when moving from journal mode to bitmap mode
dm integrity: fix invalid table returned due to argument count mismatch
dm zoned: Fix reference counter initial value of chunk works
dm: fix congested_fn for request-based device
drm/virtio: make resource id workaround runtime switchable.
drm/virtio: fix resource id creation race
ASoC: SOF: Fix snd_sof_ipc_stream_posn()
powerpc: define helpers to get L1 icache sizes
powerpc: Convert flush_icache_range & friends to C
powerpc/mm: Fix missing KUAP disable in flush_coherent_icache()
ASoC: Intel: Skylake: Fix available clock counter incrementation
spi: atmel-quadspi: fix possible MMIO window size overrun
drm/sun4i: Add separate DE3 VI layer formats
drm/i915: Program MBUS with rmw during initialization
drm/i915/selftests: Fix return in assert_mmap_offset()
arm64: dts: imx8qxp-mek: Remove unexisting Ethernet PHY
firmware: imx: misc: Align imx sc msg structs to 4
firmware: imx: scu-pd: Align imx sc msg structs to 4
firmware: imx: Align imx_sc_msg_req_cpu_start to 4
Revert "RDMA/cma: Simplify rdma_resolve_addr() error flow"
RDMA/nldev: Fix crash when set a QP to a new counter but QPN is missing
RDMA/siw: Fix failure handling during device creation
RDMA/core: Fix protection fault in ib_mr_pool_destroy
regulator: stm32-vrefbuf: fix a possible overshoot when re-enabling
ARM: dts: dra7xx-clocks: Fixup IPU1 mux clock parent source
dma-buf: free dmabuf->name in dma_buf_release()
arm64: dts: meson: fix gxm-khadas-vim2 wifi
bus: ti-sysc: Fix 1-wire reset quirk
EDAC/synopsys: Do not print an error with back-to-back snprintf() calls
efi: READ_ONCE rng seed size before munmap
block, bfq: get a ref to a group when adding it to a service tree
block, bfq: remove ifdefs from around gets/puts of bfq groups
csky: Implement copy_thread_tls
drm/virtio: module_param_named() requires linux/moduleparam.h
UBUNTU: upstream stable to v4.19.110, v5.4.25
net: phy: Avoid multiple suspends
cgroup, netclassid: periodically release file_lock on classid updating
gre: fix uninit-value in __iptunnel_pull_header
inet_diag: return classid for all socket types
ipv6/addrconf: call ipv6_mc_up() for non-Ethernet interface
ipvlan: add cond_resched_rcu() while processing muticast backlog
ipvlan: do not add hardware address of master to its unicast filter list
ipvlan: do not use cond_resched_rcu() in ipvlan_process_multicast()
ipvlan: don't deref eth hdr before checking it's set
net/ipv6: use configured metric when add peer route
netlink: Use netlink header as base to calculate bad attribute offset
net: macsec: update SCI upon MAC address change.
net: nfc: fix bounds checking bugs on "pipe"
net/packet: tpacket_rcv: do not increment ring index on drop
net: stmmac: dwmac1000: Disable ACS if enhanced descs are not used
net: systemport: fix index check to avoid an array out of bounds access
sfc: detach from cb_page in efx_copy_channel()
bnxt_en: reinitialize IRQs when MTU is modified
cgroup: memcg: net: do not associate sock with unrelated cgroup
net: memcg: late association of sock to memcg
net: memcg: fix lockdep splat in inet_csk_accept()
devlink: validate length of param values
fib: add missing attribute validation for tun_id
nl802154: add missing attribute validation
nl802154: add missing attribute validation for dev_type
can: add missing attribute validation for termination
macsec: add missing attribute validation for port
net: fq: add missing attribute validation for orphan mask
team: add missing attribute validation for port ifindex
team: add missing attribute validation for array index
nfc: add missing attribute validation for SE API
nfc: add missing attribute validation for deactivate target
nfc: add missing attribute validation for vendor subcommand
net: phy: fix MDIO bus PM PHY resuming
selftests/net/fib_tests: update addr_metric_test for peer route testing
net/ipv6: need update peer route when modify metric
net/ipv6: remove the old peer route if change it to a new one
tipc: add missing attribute validation for MTU property
devlink: validate length of region addr/len
bonding/alb: make sure arp header is pulled before accessing it
slip: make slhc_compress() more robust against malicious packets
net: fec: validate the new settings in fec_enet_set_coalesce()
macvlan: add cond_resched() during multicast processing
cgroup: cgroup_procs_next should increase position index
cgroup: Iterate tasks that did not finish do_exit()
virtio-blk: fix hw_queue stopped on arbitrary error
iommu/vt-d: quirk_ioat_snb_local_iommu: replace WARN_TAINT with pr_warn + add_taint
netfilter: nf_conntrack: ct_cpu_seq_next should increase position index
netfilter: synproxy: synproxy_cpu_seq_next should increase position index
netfilter: xt_recent: recent_seq_next should increase position index
netfilter: x_tables: xt_mttg_seq_next should increase position index
workqueue: don't use wq_select_unbound_cpu() for bound works
drm/amd/display: remove duplicated assignment to grph_obj_type
ktest: Add timeout for ssh sync testing
cifs_atomic_open(): fix double-put on late allocation failure
gfs2_atomic_open(): fix O_EXCL|O_CREAT handling on cold dcache
KVM: x86: clear stale x86_emulate_ctxt->intercept value
ARC: define __ALIGN_STR and __ALIGN symbols for ARC
macintosh: windfarm: fix MODINFO regression
efi: Fix a race and a buffer overflow while reading efivars via sysfs
mt76: fix array overflow on receiving too many fragments for a packet
x86/mce: Fix logic and comments around MSR_PPIN_CTL
iommu/dma: Fix MSI reservation allocation
iommu/vt-d: dmar: replace WARN_TAINT with pr_warn + add_taint
iommu/vt-d: Fix a bug in intel_iommu_iova_to_phys() for huge page
batman-adv: Don't schedule OGM for disabled interface
pinctrl: meson-gxl: fix GPIOX sdio pins
pinctrl: core: Remove extra kref_get which blocks hogs being freed
drm/i915/gvt: Fix unnecessary schedule timer when no vGPU exits
i2c: gpio: suppress error on probe defer
nl80211: add missing attribute validation for critical protocol indication
nl80211: add missing attribute validation for beacon report scanning
nl80211: add missing attribute validation for channel switch
perf bench futex-wake: Restore thread count default to online CPU count
netfilter: cthelper: add missing attribute validation for cthelper
netfilter: nft_payload: add missing attribute validation for payload csum flags
netfilter: nft_tunnel: add missing attribute validation for tunnels
iommu/vt-d: Fix the wrong printing in RHSA parsing
iommu/vt-d: Ignore devices with out-of-spec domain number
i2c: acpi: put device when verifying client fails
ipv6: restrict IPV6_ADDRFORM operation
net/smc: check for valid ib_client_data
net/smc: cancel event worker during device removal
efi: Add a sanity check to efivar_store_raw()
batman-adv: Avoid free/alloc race when handling OGM2 buffer
virtio_balloon: Adjust label in virtballoon_probe
ALSA: hda/realtek - More constifications
net: dsa: fix phylink_start()/phylink_stop() calls
net: dsa: mv88e6xxx: fix lockup on warm boot
net: hns3: fix a not link up issue when fibre port supports autoneg
net: phy: bcm63xx: fix OOPS due to missing driver name
taprio: Fix sending packets without dequeueing them
net: taprio: add missing attribute validation for txtime delay
net: phy: avoid clearing PHY interrupts twice in irq handler
net: dsa: Don't instantiate phylink for CPU/DSA ports unless needed
netfilter: nf_tables: fix infinite loop when expr is not available
drm/i915: be more solid in checking the alignment
drm/i915: Defer semaphore priority bumping to a workqueue
KVM: nVMX: avoid NULL pointer dereference with incorrect EVMCS GPAs
s390/dasd: fix data corruption for thin provisioned devices
x86/ioremap: Map EFI runtime services data as encrypted for SEV
perf/amd/uncore: Replace manual sampling check with CAP_NO_INTERRUPT flag
pinctrl: imx: scu: Align imx sc msg structs to 4
virtio_ring: Fix mem leak with vring_new_virtqueue()
drm/i915/gvt: Fix dma-buf display blur issue on CFL
iommu/vt-d: Fix RCU-list bugs in intel_iommu_init()
netfilter: nf_tables: dump NFTA_CHAIN_FLAGS attribute
netfilter: nft_chain_nat: inet family is missing module ownership
UBUNTU: upstream stable to v4.19.111, v5.4.26

CVE References

Changed in linux (Ubuntu):
status: New → Confirmed
tags: added: kernel-stable-tracking-bug
Changed in linux (Ubuntu Eoan):
status: New → In Progress
assignee: nobody → Kamal Mostafa (kamalmostafa)
description: updated
Changed in linux (Ubuntu Eoan):
status: In Progress → Fix Committed
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package linux - 5.3.0-51.44

linux (5.3.0-51.44) eoan; urgency=medium

  * CVE-2020-11884
    - SAUCE: s390/mm: fix page table upgrade vs 2ndary address mode accesses

 -- Thadeu Lima de Souza Cascardo <email address hidden> Wed, 22 Apr 2020 17:35:41 -0300

Changed in linux (Ubuntu Eoan):
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers