Bug #1877858 “Improve TSC refinement (and calibration) reliabili...” : Bugs : linux package : Ubuntu

Guilherme G. Piccoli (gpiccoli) on 2020-05-10

description:	updated
Changed in linux (Ubuntu Xenial):
status:	New → In Progress
importance:	Undecided → High
Changed in linux (Ubuntu Bionic):
status:	New → In Progress
importance:	Undecided → High
assignee:	nobody → Guilherme G. Piccoli (gpiccoli)
Changed in linux (Ubuntu Xenial):
assignee:	nobody → Guilherme G. Piccoli (gpiccoli)

Revision history for this message

Guilherme G. Piccoli (gpiccoli) wrote on 2020-05-10:

#1

SRU just submitted to kernel team mailing-list: https://lists.ubuntu.com/archives/kernel-team/2020-May/109698.html

Cheers,

Guilherme

Khaled El Mously (kmously) on 2020-05-14

Changed in linux (Ubuntu Xenial):
status:	In Progress → Fix Committed
Changed in linux (Ubuntu Bionic):
status:	In Progress → Fix Committed

Revision history for this message

Ubuntu Kernel Bot (ubuntu-kernel-bot) wrote on 2020-05-19:

#2

This bug is awaiting verification that the kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-bionic' to 'verification-done-bionic'. If the problem still exists, change the tag 'verification-needed-bionic' to 'verification-failed-bionic'.

If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you!

tags:	added: verification-needed-bionic
tags:	added: verification-needed-xenial

Revision history for this message

Ubuntu Kernel Bot (ubuntu-kernel-bot) wrote on 2020-05-19:

#3

This bug is awaiting verification that the kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-xenial' to 'verification-done-xenial'. If the problem still exists, change the tag 'verification-needed-xenial' to 'verification-failed-xenial'.

If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you!

Revision history for this message

Guilherme G. Piccoli (gpiccoli) wrote on 2020-06-01:

#4

Verified by code inspection on Bionic (4.15.0-102) and Xenial (4.4.0-180). I don't have a system with Skylake available; there's an user that experienced this and I'm waiting on his test, as soon as he responds, I'll comment here. But marking as verifying anyway based on the code lookup, we need the patches in this cycle.

Cheers,

Guilherme

tags:

added: verification-done-bionic verification-done-xenial
removed: verification-needed-bionic verification-needed-xenial

Revision history for this message

Launchpad Janitor (janitor) wrote on 2020-06-09:

#5

Download full text (18.8 KiB)

This bug was fixed in the package linux - 4.15.0-106.107

---------------
linux (4.15.0-106.107) bionic; urgency=medium

  * CVE-2020-0543
    - SAUCE: x86/cpu: Add a steppings field to struct x86_cpu_id
    - SAUCE: x86/cpu: Add 'table' argument to cpu_matches()
    - SAUCE: x86/speculation: Add Special Register Buffer Data Sampling (SRBDS)
      mitigation
    - SAUCE: x86/speculation: Add SRBDS vulnerability and mitigation documentation
    - SAUCE: x86/speculation: Add Ivy Bridge to affected list

linux (4.15.0-103.104) bionic; urgency=medium

* bionic/linux: 4.15.0-103.104 -proposed tracker (LP: #1881272)

  * "BUG: unable to handle kernel paging request" when testing
    ubuntu_kvm_smoke_test.kvm_smoke_test with B-KVM in proposed (LP: #1881072)
    - KVM: VMX: Explicitly reference RCX as the vmx_vcpu pointer in asm blobs
    - KVM: VMX: Mark RCX, RDX and RSI as clobbered in vmx_vcpu_run()'s asm blob

linux (4.15.0-102.103) bionic; urgency=medium

* bionic/linux: 4.15.0-102.103 -proposed tracker (LP: #1878856)

* Packaging resync (LP: #1786013)
- update dkms package versions

  * debian/scripts/file-downloader does not handle positive failures correctly
    (LP: #1878897)
    - [Packaging] file-downloader not handling positive failures correctly

  * Kernel log flood "ceph: Failed to find inode for 1" (LP: #1875884)
    - ceph: don't check quota for snap inode
    - ceph: quota: cache inode pointer in ceph_snap_realm

  * [UBUNTU 18.04] zpcictl --reset - contribution for kernel (LP: #1870320)
    - s390/pci: Recover handle in clp_set_pci_fn()
    - s390/pci: Fix possible deadlock in recover_store()

  * Bionic update: upstream stable patchset 2020-05-12 (LP: #1878256)
    - drm/edid: Fix off-by-one in DispID DTD pixel clock
    - drm/qxl: qxl_release leak in qxl_draw_dirty_fb()
    - drm/qxl: qxl_release leak in qxl_hw_surface_alloc()
    - drm/qxl: qxl_release use after free
    - btrfs: fix block group leak when removing fails
    - btrfs: fix partial loss of prealloc extent past i_size after fsync
    - mmc: sdhci-xenon: fix annoying 1.8V regulator warning
    - mmc: sdhci-pci: Fix eMMC driver strength for BYT-based controllers
    - ALSA: hda/realtek - Two front mics on a Lenovo ThinkCenter
    - ALSA: hda/hdmi: fix without unlocked before return
    - ALSA: pcm: oss: Place the plugin buffer overflow checks correctly
    - PM: ACPI: Output correct message on target power state
    - PM: hibernate: Freeze kernel threads in software_resume()
    - dm verity fec: fix hash block number in verity_fec_decode
    - RDMA/mlx5: Set GRH fields in query QP on RoCE
    - RDMA/mlx4: Initialize ib_spec on the stack
    - vfio: avoid possible overflow in vfio_iommu_type1_pin_pages
    - vfio/type1: Fix VA->PA translation for PFNMAP VMAs in vaddr_get_pfn()
    - iommu/qcom: Fix local_base status check
    - scsi: target/iblock: fix WRITE SAME zeroing
    - iommu/amd: Fix legacy interrupt remapping for x2APIC-enabled system
    - ALSA: opti9xx: shut up gcc-10 range warning
    - nfs: Fix potential posix_acl refcnt leak in nfs3_set_acl
    - dmaengine: dmatest: Fix iteration non-stop logic
    - selinux: properly handle multiple messages in ...

This bug was fixed in the package linux - 4.15.0-106.107

---------------
linux (4.15.0-106.107) bionic; urgency=medium

* CVE-2020-0543
    - SAUCE: x86/cpu: Add a steppings field to struct x86_cpu_id
    - SAUCE: x86/cpu: Add 'table' argument to cpu_matches()
    - SAUCE: x86/speculation: Add Special Register Buffer Data Sampling (SRBDS)
      mitigation
    - SAUCE: x86/speculation: Add SRBDS vulnerability and mitigation documentation
    - SAUCE: x86/speculation: Add Ivy Bridge to affected list

linux (4.15.0-103.104) bionic; urgency=medium

* bionic/linux: 4.15.0-103.104 -proposed tracker (LP: #1881272)

* "BUG: unable to handle kernel paging request" when testing
    ubuntu_kvm_smoke_test.kvm_smoke_test with B-KVM in proposed (LP: #1881072)
    - KVM: VMX: Explicitly reference RCX as the vmx_vcpu pointer in asm blobs
    - KVM: VMX: Mark RCX, RDX and RSI as clobbered in vmx_vcpu_run()'s asm blob

linux (4.15.0-102.103) bionic; urgency=medium

* bionic/linux: 4.15.0-102.103 -proposed tracker (LP: #1878856)

* Packaging resync (LP: #1786013)
    - update dkms package versions

* debian/scripts/file-downloader does not handle positive failures correctly
    (LP: #1878897)
    - [Packaging] file-downloader not handling positive failures correctly

* Kernel log flood "ceph: Failed to find inode for 1" (LP: #1875884)
    - ceph: don't check quota for snap inode
    - ceph: quota: cache inode pointer in ceph_snap_realm

* [UBUNTU 18.04] zpcictl --reset - contribution for kernel (LP: #1870320)
    - s390/pci: Recover handle in clp_set_pci_fn()
    - s390/pci: Fix possible deadlock in recover_store()

* Bionic update: upstream stable patchset 2020-05-12 (LP: #1878256)
    - drm/edid: Fix off-by-one in DispID DTD pixel clock
    - drm/qxl: qxl_release leak in qxl_draw_dirty_fb()
    - drm/qxl: qxl_release leak in qxl_hw_surface_alloc()
    - drm/qxl: qxl_release use after free
    - btrfs: fix block group leak when removing fails
    - btrfs: fix partial loss of prealloc extent past i_size after fsync
    - mmc: sdhci-xenon: fix annoying 1.8V regulator warning
    - mmc: sdhci-pci: Fix eMMC driver strength for BYT-based controllers
    - ALSA: hda/realtek - Two front mics on a Lenovo ThinkCenter
    - ALSA: hda/hdmi: fix without unlocked before return
    - ALSA: pcm: oss: Place the plugin buffer overflow checks correctly
    - PM: ACPI: Output correct message on target power state
    - PM: hibernate: Freeze kernel threads in software_resume()
    - dm verity fec: fix hash block number in verity_fec_decode
    - RDMA/mlx5: Set GRH fields in query QP on RoCE
    - RDMA/mlx4: Initialize ib_spec on the stack
    - vfio: avoid possible overflow in vfio_iommu_type1_pin_pages
    - vfio/type1: Fix VA->PA translation for PFNMAP VMAs in vaddr_get_pfn()
    - iommu/qcom: Fix local_base status check
    - scsi: target/iblock: fix WRITE SAME zeroing
    - iommu/amd: Fix legacy interrupt remapping for x2APIC-enabled system
    - ALSA: opti9xx: shut up gcc-10 range warning
    - nfs: Fix potential posix_acl refcnt leak in nfs3_set_acl
    - dmaengine: dmatest: Fix iteration non-stop logic
    - selinux: properly handle multiple messages in selinux_netlink_send()
    - ASoC: tas571x: disable regulators on failed probe
    - ASoC: wm8960: Fix wrong clock after suspend & resume
    - rxrpc: Fix DATA Tx to disable nofrag for UDP on AF_INET6 socket
    - xfs: acquire superblock freeze protection on eofblocks scans
    - cpumap: Avoid warning when CONFIG_DEBUG_PER_CPU_MAPS is enabled
    - net: fec: set GPR bit on suspend by DT configuration.
    - ALSA: hda: Keep the controller initialization even if no codecs found
    - ALSA: hda: Explicitly permit using autosuspend if runtime PM is supported
    - ALSA: hda: call runtime_allow() for all hda controllers
    - scsi: qla2xxx: check UNLOADING before posting async work
    - RDMA/core: Fix race between destroy and release FD object
    - btrfs: transaction: Avoid deadlock due to bad initialization timing of
      fs_info::journal_info
    - mmc: sdhci-msm: Enable host capabilities pertains to R1b response
    - mmc: meson-mx-sdio: Set MMC_CAP_WAIT_WHILE_BUSY
    - mmc: meson-mx-sdio: remove the broken ->card_busy() op

* Bionic update: upstream stable patchset 2020-05-07 (LP: #1877461)
    - ext4: fix extent_status fragmentation for plain files
    - net: ipv4: avoid unused variable warning for sysctl
    - crypto: mxs-dcp - make symbols 'sha1_null_hash' and 'sha256_null_hash'
      static
    - vti4: removed duplicate log message.
    - watchdog: reset last_hw_keepalive time at start
    - scsi: lpfc: Fix kasan slab-out-of-bounds error in lpfc_unreg_login
    - ceph: return ceph_mdsc_do_request() errors from __get_parent()
    - ceph: don't skip updating wanted caps when cap is stale
    - pwm: rcar: Fix late Runtime PM enablement
    - scsi: iscsi: Report unbind session event when the target has been removed
    - ASoC: Intel: atom: Take the drv->lock mutex before calling
      sst_send_slot_map()
    - kernel/gcov/fs.c: gcov_seq_next() should increase position index
    - selftests: kmod: fix handling test numbers above 9
    - ipc/util.c: sysvipc_find_ipc() should increase position index
    - s390/cio: avoid duplicated 'ADD' uevents
    - pwm: renesas-tpu: Fix late Runtime PM enablement
    - pwm: bcm2835: Dynamically allocate base
    - perf/core: Disable page faults when getting phys address
    - PCI/ASPM: Allow re-enabling Clock PM
    - mm, slub: restore the original intention of prefetch_freepointer()
    - cxgb4: fix large delays in PTP synchronization
    - ipv6: fix restrict IPV6_ADDRFORM operation
    - macsec: avoid to set wrong mtu
    - macvlan: fix null dereference in macvlan_device_event()
    - net: bcmgenet: correct per TX/RX ring statistics
    - net: netrom: Fix potential nr_neigh refcnt leak in nr_add_node
    - net/x25: Fix x25_neigh refcnt leak when receiving frame
    - tcp: cache line align MAX_TCP_HEADER
    - team: fix hang in team_mode_get()
    - net: dsa: b53: Fix ARL register definitions
    - xfrm: Always set XFRM_TRANSFORMED in xfrm{4,6}_output_finish
    - vrf: Check skb for XFRM_TRANSFORMED flag
    - KEYS: Avoid false positive ENOMEM error on key read
    - ALSA: hda: Remove ASUS ROG Zenith from the blacklist
    - iio: adc: stm32-adc: fix sleep in atomic context
    - iio: xilinx-xadc: Fix ADC-B powerdown
    - iio: xilinx-xadc: Fix clearing interrupt when enabling trigger
    - iio: xilinx-xadc: Fix sequencer configuration for aux channels in
      simultaneous mode
    - fs/namespace.c: fix mountpoint reference counter race
    - USB: sisusbvga: Change port variable from signed to unsigned
    - USB: Add USB_QUIRK_DELAY_CTRL_MSG and USB_QUIRK_DELAY_INIT for Corsair K70
      RGB RAPIDFIRE
    - USB: early: Handle AMD's spec-compliant identifiers, too
    - USB: core: Fix free-while-in-use bug in the USB S-Glibrary
    - USB: hub: Fix handling of connect changes during sleep
    - overflow.h: Add arithmetic shift helper
    - vmalloc: fix remap_vmalloc_range() bounds checks
    - mm/hugetlb: fix a addressing exception caused by huge_pte_offset
    - mm/ksm: fix NULL pointer dereference when KSM zero page is enabled
    - tools/vm: fix cross-compile build
    - ALSA: usx2y: Fix potential NULL dereference
    - ALSA: hda/realtek - Add new codec supported for ALC245
    - ALSA: usb-audio: Fix usb audio refcnt leak when getting spdif
    - ALSA: usb-audio: Filter out unsupported sample rates on Focusrite devices
    - tpm/tpm_tis: Free IRQ if probing fails
    - tpm: ibmvtpm: retry on H_CLOSED in tpm_ibmvtpm_send()
    - KVM: Check validity of resolved slot when searching memslots
    - KVM: VMX: Enable machine check support for 32bit targets
    - tty: hvc: fix buffer overflow during hvc_alloc().
    - tty: rocket, avoid OOB access
    - usb-storage: Add unusual_devs entry for JMicron JMS566
    - audit: check the length of userspace generated audit records
    - ASoC: dapm: fixup dapm kcontrol widget
    - iwlwifi: pcie: actually release queue memory in TVQM
    - ARM: imx: provide v7_cpu_resume() only on ARM_CPU_SUSPEND=y
    - powerpc/setup_64: Set cache-line-size based on cache-block-size
    - staging: comedi: dt2815: fix writing hi byte of analog output
    - staging: comedi: Fix comedi_device refcnt leak in comedi_open
    - vt: don't hardcode the mem allocation upper bound
    - staging: vt6656: Don't set RCR_MULTICAST or RCR_BROADCAST by default.
    - staging: vt6656: Fix calling conditions of vnt_set_bss_mode
    - staging: vt6656: Fix drivers TBTT timing counter.
    - staging: vt6656: Fix pairwise key entry save.
    - staging: vt6656: Power save stop wake_up_count wrap around.
    - cdc-acm: close race betrween suspend() and acm_softint
    - cdc-acm: introduce a cool down
    - UAS: no use logging any details in case of ENODEV
    - UAS: fix deadlock in error handling and PM flushing work
    - usb: f_fs: Clear OS Extended descriptor counts to zero in ffs_data_reset()
    - serial: sh-sci: Make sure status register SCxSR is read in correct sequence
    - xfs: Fix deadlock between AGI and AGF with RENAME_WHITEOUT
    - remoteproc: Fix wrong rvring index computation
    - mtd: cfi: fix deadloop in cfi_cmdset_0002.c do_write_buffer
    - binder: take read mode of mmap_sem in binder_alloc_free_page()
    - usb: dwc3: gadget: Do link recovery for SS and SSP
    - usb: gadget: udc: bdc: Remove unnecessary NULL checks in bdc_req_complete
    - iio:ad7797: Use correct attribute_group
    - nfsd: memory corruption in nfsd4_lock()
    - i2c: altera: use proper variable to hold errno
    - net/cxgb4: Check the return from t4_query_params properly
    - ARM: dts: bcm283x: Disable dsi0 node
    - perf/core: fix parent pid/tid in task exit events
    - mm: shmem: disable interrupt when acquiring info->lock in userfaultfd_copy
      path
    - bpf, x86: Fix encoding for lower 8-bit registers in BPF_STX BPF_B
    - x86: hyperv: report value of misc_features
    - xfs: fix partially uninitialized structure in xfs_reflink_remap_extent
    - scsi: target: fix PR IN / READ FULL STATUS for FC
    - objtool: Fix CONFIG_UBSAN_TRAP unreachable warnings
    - objtool: Support Clang non-section symbols in ORC dump
    - xen/xenbus: ensure xenbus_map_ring_valloc() returns proper grant status
    - arm64: Delete the space separator in __emit_inst
    - ext4: use matching invalidatepage in ext4_writepage
    - ext4: increase wait time needed before reuse of deleted inode numbers
    - ext4: convert BUG_ON's to WARN_ON's in mballoc.c
    - hwmon: (jc42) Fix name to have no illegal characters
    - qed: Fix use after free in qed_chain_free
    - ext4: check for non-zero journal inum in ext4_calculate_overhead
    - propagate_one(): mnt_set_mountpoint() needs mount_lock
    - kconfig: qconf: Fix a few alignment issues
    - loop: Better discard support for block devices
    - drm/amd/display: Not doing optimize bandwidth if flip pending.
    - virtio-blk: improve virtqueue error to BLK_STS
    - scsi: smartpqi: fix call trace in device discovery
    - net: ipv6: add net argument to ip6_dst_lookup_flow
    - net: ipv6_stub: use ip6_dst_lookup_flow instead of ip6_dst_lookup
    - f2fs: fix to avoid memory leakage in f2fs_listxattr
    - KVM: VMX: Zero out *all* general purpose registers after VM-Exit
    - KVM: Introduce a new guest mapping API
    - kvm: fix compilation on aarch64
    - kvm: fix compilation on s390
    - kvm: fix compile on s390 part 2
    - KVM: Properly check if "page" is valid in kvm_vcpu_unmap
    - x86/kvm: Introduce kvm_(un)map_gfn()
    - x86/kvm: Cache gfn to pfn translation
    - vrf: Fix IPv6 with qdisc and xfrm
    - net: dsa: b53: Lookup VID in ARL searches when VLAN is enabled
    - net: dsa: b53: Rework ARL bin logic
    - net: dsa: b53: b53_arl_rw_op() needs to select IVL or SVL
    - mlxsw: Fix some IS_ERR() vs NULL bugs
    - iio: core: remove extra semi-colon from devm_iio_device_register() macro
    - iio: st_sensors: rely on odr mask to know if odr can be set
    - iio: xilinx-xadc: Make sure not exceed maximum samplerate
    - iwlwifi: mvm: beacon statistics shouldn't go backwards
    - xhci: prevent bus suspend if a roothub port detected a over-current
      condition

* Bionic update: upstream stable patchset 2020-04-27 (LP: #1875506)
    - KVM: VMX: fix crash cleanup when KVM wasn't used
    - amd-xgbe: Use __napi_schedule() in BH context
    - hsr: check protocol version in hsr_newlink()
    - net: ipv4: devinet: Fix crash when add/del multicast IP with autojoin
    - net: ipv6: do not consider routes via gateways for anycast address check
    - net: qrtr: send msgs from local of same id as broadcast
    - net: revert default NAPI poll timeout to 2 jiffies
    - net: stmmac: dwmac-sunxi: Provide TX and RX fifo sizes
    - scsi: ufs: Fix ufshcd_hold() caused scheduling while atomic
    - jbd2: improve comments about freeing data buffers whose page mapping is NULL
    - pwm: pca9685: Fix PWM/GPIO inter-operation
    - ext4: fix incorrect group count in ext4_fill_super error message
    - ext4: fix incorrect inodes per group in error message
    - ASoC: Intel: mrfld: fix incorrect check on p->sink
    - ASoC: Intel: mrfld: return error codes when an error occurs
    - ALSA: usb-audio: Don't override ignore_ctl_error value from the map
    - tracing: Fix the race between registering 'snapshot' event trigger and
      triggering 'snapshot' operation
    - btrfs: check commit root generation in should_ignore_root
    - mac80211_hwsim: Use kstrndup() in place of kasprintf()
    - ext4: do not zeroout extents beyond i_disksize
    - dm flakey: check for null arg_name in parse_features()
    - kvm: x86: Host feature SSBD doesn't imply guest feature SPEC_CTRL_SSBD
    - x86/microcode/AMD: Increase microcode PATCH_MAX_SIZE
    - x86/intel_rdt: Add two new resources for L2 Code and Data Prioritization
      (CDP)
    - x86/intel_rdt: Enable L2 CDP in MSR IA32_L2_QOS_CFG
    - x86/resctrl: Preserve CDP enable over CPU hotplug
    - x86/resctrl: Fix invalid attempt at removing the default resource group
    - mm/vmalloc.c: move 'area->pages' after if statement
    - objtool: Fix switch table detection in .text.unlikely
    - scsi: sg: add sg_remove_request in sg_common_write
    - ext4: use non-movable memory for superblock readahead
    - arm, bpf: Fix bugs with ALU64 {RSH, ARSH} BPF_K shift by 0
    - netfilter: nf_tables: report EOPNOTSUPP on unsupported flags/object type
    - irqchip/mbigen: Free msi_desc on device teardown
    - ALSA: hda: Don't release card at firmware loading error
    - lib/raid6: use vdupq_n_u8 to avoid endianness warnings
    - video: fbdev: sis: Remove unnecessary parentheses and commented code
    - drm: NULL pointer dereference [null-pointer-deref] (CWE 476) problem
    - clk: Fix debugfs_create_*() usage
    - Revert "gpio: set up initial state from .get_direction()"
    - wil6210: increase firmware ready timeout
    - wil6210: fix temperature debugfs
    - scsi: ufs: make sure all interrupts are processed
    - scsi: ufs: ufs-qcom: remove broken hci version quirk
    - wil6210: rate limit wil_rx_refill error
    - rpmsg: glink: use put_device() if device_register fail
    - rtc: pm8xxx: Fix issue in RTC write path
    - rpmsg: glink: Fix missing mutex_init() in qcom_glink_alloc_channel()
    - rpmsg: glink: smem: Ensure ordering during tx
    - wil6210: fix PCIe bus mastering in case of interface down
    - wil6210: add block size checks during FW load
    - wil6210: fix length check in __wmi_send
    - wil6210: abort properly in cfg suspend
    - rbd: avoid a deadlock on header_rwsem when flushing notifies
    - rbd: call rbd_dev_unprobe() after unwatching and flushing notifies
    - of: unittest: kmemleak in of_unittest_platform_populate()
    - clk: at91: usb: continue if clk_hw_round_rate() return zero
    - power: supply: bq27xxx_battery: Silence deferred-probe error
    - clk: tegra: Fix Tegra PMC clock out parents
    - soc: imx: gpc: fix power up sequencing
    - rtc: 88pm860x: fix possible race condition
    - NFSv4/pnfs: Return valid stateids in nfs_layout_find_inode_by_stateid()
    - NFS: direct.c: Fix memory leak of dreq when nfs_get_lock_context fails
    - s390/cpuinfo: fix wrong output when CPU0 is offline
    - powerpc/maple: Fix declaration made after definition
    - ext4: do not commit super on read-only bdev
    - include/linux/swapops.h: correct guards for non_swap_entry()
    - percpu_counter: fix a data race at vm_committed_as
    - compiler.h: fix error in BUILD_BUG_ON() reporting
    - KVM: s390: vsie: Fix possible race when shadowing region 3 tables
    - x86: ACPI: fix CPU hotplug deadlock
    - drm/amdkfd: kfree the wrong pointer
    - NFS: Fix memory leaks in nfs_pageio_stop_mirroring()
    - iommu/vt-d: Fix mm reference leak
    - ext2: fix empty body warnings when -Wextra is used
    - ext2: fix debug reference to ext2_xattr_cache
    - libnvdimm: Out of bounds read in __nd_ioctl()
    - iommu/amd: Fix the configuration of GCR3 table root pointer
    - net: dsa: bcm_sf2: Fix overflow checks
    - fbdev: potential information leak in do_fb_ioctl()
    - tty: evh_bytechan: Fix out of bounds accesses
    - locktorture: Print ratio of acquisitions, not failures
    - mtd: lpddr: Fix a double free in probe()
    - mtd: phram: fix a double free issue in error path
    - KEYS: Use individual pages in big_key for crypto buffers
    - KEYS: Don't write out to userspace while holding key semaphore
    - keys: Fix proc_keys_next to increase position index
    - wil6210: ignore HALP ICR if already handled
    - wil6210: remove reset file from debugfs
    - ARM: dts: imx6: Use gpc for FEC interrupt controller to fix wake on LAN.
    - of: unittest: kmemleak on changeset destroy
    - of: overlay: kmemleak in dup_and_fixup_symbol_prop()
    - s390/cpum_sf: Fix wrong page count in error message
    - f2fs: fix NULL pointer dereference in f2fs_write_begin()

* psock_tpacket from the net test in ubuntu_kernel_selftests failed on KVM
    kernels (LP: #1812176)
    - selftests/net: skip psock_tpacket test if KALLSYMS was not enabled

* Bionic ubuntu ethtool doesn't check ring parameters boundaries
    (LP: #1874444)
    - ethtool: Ensure new ring parameters are within bounds during SRINGPARAM

* Improve TSC refinement (and calibration) reliability (LP: #1877858)
    - x86/tsc: Make calibration refinement more robust
    - x86/tsc: Use CPUID.0x16 to calculate missing crystal frequency

* Do not treat unresolved test case in ftrace from ubuntu_kernel_selftests as
    failure (LP: #1877958)
    - ftrace/selftest: make unresolved cases cause failure if --fail-unresolved
      set

* Add support for Ambiq micro AM1805 RTC chip (LP: #1876667)
    - SAUCE: rtc: add am-1805 RTC driver

* 'Elan touchpad' not detected on 'Lenovo ThinkBook 15 IIL' (LP: #1861610)
    - SAUCE: Input: elan_i2c - add more hardware ID for Lenovo laptop

* Kdump broken since 4.15.0-65 on secureboot - purgatory cannot load
    (LP: #1869672)
    - SAUCE: x86/purgatory: Fix Makefile to prevent undefined symbols

-- Kleber Sacilotto de Souza <kleber.souza@canonical.com>  Thu, 04 Jun 2020 12:16:05 +0200

Changed in linux (Ubuntu Bionic):
status:	Fix Committed → Fix Released

Revision history for this message

Launchpad Janitor (janitor) wrote on 2020-06-09:

#6

Download full text (31.3 KiB)

This bug was fixed in the package linux - 4.4.0-184.214

---------------
linux (4.4.0-184.214) xenial; urgency=medium

  * CVE-2020-0543
    - SAUCE: x86/cpu: Add a steppings field to struct x86_cpu_id
    - SAUCE: x86/cpu: Add 'table' argument to cpu_matches()
    - SAUCE: x86/speculation: Add Special Register Buffer Data Sampling (SRBDS)
      mitigation
    - SAUCE: x86/speculation: Add SRBDS vulnerability and mitigation documentation
    - SAUCE: x86/speculation: Add Ivy Bridge to affected list

linux (4.4.0-181.211) xenial; urgency=medium

* xenial/linux: 4.4.0-181.211 -proposed tracker (LP: #1881170)

* CVE-2020-12769
- spi: spi-dw: Add lock protect dw_spi rx/tx to prevent concurrent calls

  * I2C bus on Dell Edge Gateway stops working after upgrading to
    Ubuntu-4.4.0-180.210 (LP: #1881124)
    - SAUCE: Revert: Revert "ACPI / LPSS: allow to use specific PM domain during
      ->probe()"

linux (4.4.0-180.210) xenial; urgency=medium

* xenial/linux: 4.4.0-180.210 -proposed tracker (LP: #1878873)

  * Xenial update: 4.4.223 upstream stable release (LP: #1878232)
    - mwifiex: fix PCIe register information for 8997 chipset
    - drm/qxl: qxl_release use after free
    - drm/qxl: qxl_release leak in qxl_draw_dirty_fb()
    - staging: rtl8192u: Fix crash due to pointers being "confusing"
    - usb: gadget: f_acm: Fix configfs attr name
    - usb: gadged: pch_udc: get rid of redundant assignments
    - usb: gadget: pch_udc: reorder spin_[un]lock to avoid deadlock
    - usb: gadget: udc: core: don't starve DMA resources
    - MIPS: Fix macro typo
    - MIPS: ptrace: Drop cp0_tcstatus from regoffset_table[]
    - MIPS: BMIPS: Fix PRID_IMP_BMIPS5000 masking for BMIPS5200
    - MIPS: smp-cps: Stop printing EJTAG exceptions to UART
    - MIPS: scall: Handle seccomp filters which redirect syscalls
    - MIPS: BMIPS: BMIPS5000 has I cache filing from D cache
    - MIPS: BMIPS: Clear MIPS_CACHE_ALIASES earlier
    - MIPS: BMIPS: local_r4k___flush_cache_all needs to blast S-cache
    - MIPS: BMIPS: Pretty print BMIPS5200 processor name
    - MIPS: Fix HTW config on XPA kernel without LPA enabled
    - MIPS: BMIPS: Adjust mips-hpt-frequency for BCM7435
    - MIPS: math-emu: Fix BC1{EQ,NE}Z emulation
    - MIPS: Fix BC1{EQ,NE}Z return offset calculation
    - MIPS: perf: Fix I6400 event numbers
    - MIPS: KVM: Fix translation of MFC0 ErrCtl
    - MIPS: SMP: Update cpu_foreign_map on CPU disable
    - MIPS: c-r4k: Fix protected_writeback_scache_line for EVA
    - MIPS: Octeon: Off by one in octeon_irq_gpio_map()
    - bpf, mips: fix off-by-one in ctx offset allocation
    - MIPS: RM7000: Double locking bug in rm7k_tc_disable()
    - MIPS: Define AT_VECTOR_SIZE_ARCH for ARCH_DLINFO
    - mips/panic: replace smp_send_stop() with kdump friendly version in panic
      path
    - ARM: dts: armadillo800eva Correct extal1 frequency to 24 MHz
    - ARM: imx: select SRC for i.MX7
    - ARM: dts: kirkwood: gpio pin fixes for linkstation ls-wxl/wsxl
    - ARM: dts: kirkwood: gpio pin fixes for linkstation ls-wvl/vl
    - ARM: dts: kirkwood: gpio-leds fixes for linkstation ls-wxl/wsxl
    - ARM: dts: kirkwood: gpio-leds fixes for linkstation ls-wvl/v...

This bug was fixed in the package linux - 4.4.0-184.214

---------------
linux (4.4.0-184.214) xenial; urgency=medium

* CVE-2020-0543
    - SAUCE: x86/cpu: Add a steppings field to struct x86_cpu_id
    - SAUCE: x86/cpu: Add 'table' argument to cpu_matches()
    - SAUCE: x86/speculation: Add Special Register Buffer Data Sampling (SRBDS)
      mitigation
    - SAUCE: x86/speculation: Add SRBDS vulnerability and mitigation documentation
    - SAUCE: x86/speculation: Add Ivy Bridge to affected list

linux (4.4.0-181.211) xenial; urgency=medium

* xenial/linux: 4.4.0-181.211 -proposed tracker (LP: #1881170)

* CVE-2020-12769
    - spi: spi-dw: Add lock protect dw_spi rx/tx to prevent concurrent calls

* I2C bus on Dell Edge Gateway stops working after upgrading to
    Ubuntu-4.4.0-180.210 (LP: #1881124)
    - SAUCE: Revert: Revert "ACPI / LPSS: allow to use specific PM domain during
      ->probe()"

linux (4.4.0-180.210) xenial; urgency=medium

* xenial/linux: 4.4.0-180.210 -proposed tracker (LP: #1878873)

* Xenial update: 4.4.223 upstream stable release (LP: #1878232)
    - mwifiex: fix PCIe register information for 8997 chipset
    - drm/qxl: qxl_release use after free
    - drm/qxl: qxl_release leak in qxl_draw_dirty_fb()
    - staging: rtl8192u: Fix crash due to pointers being "confusing"
    - usb: gadget: f_acm: Fix configfs attr name
    - usb: gadged: pch_udc: get rid of redundant assignments
    - usb: gadget: pch_udc: reorder spin_[un]lock to avoid deadlock
    - usb: gadget: udc: core: don't starve DMA resources
    - MIPS: Fix macro typo
    - MIPS: ptrace: Drop cp0_tcstatus from regoffset_table[]
    - MIPS: BMIPS: Fix PRID_IMP_BMIPS5000 masking for BMIPS5200
    - MIPS: smp-cps: Stop printing EJTAG exceptions to UART
    - MIPS: scall: Handle seccomp filters which redirect syscalls
    - MIPS: BMIPS: BMIPS5000 has I cache filing from D cache
    - MIPS: BMIPS: Clear MIPS_CACHE_ALIASES earlier
    - MIPS: BMIPS: local_r4k___flush_cache_all needs to blast S-cache
    - MIPS: BMIPS: Pretty print BMIPS5200 processor name
    - MIPS: Fix HTW config on XPA kernel without LPA enabled
    - MIPS: BMIPS: Adjust mips-hpt-frequency for BCM7435
    - MIPS: math-emu: Fix BC1{EQ,NE}Z emulation
    - MIPS: Fix BC1{EQ,NE}Z return offset calculation
    - MIPS: perf: Fix I6400 event numbers
    - MIPS: KVM: Fix translation of MFC0 ErrCtl
    - MIPS: SMP: Update cpu_foreign_map on CPU disable
    - MIPS: c-r4k: Fix protected_writeback_scache_line for EVA
    - MIPS: Octeon: Off by one in octeon_irq_gpio_map()
    - bpf, mips: fix off-by-one in ctx offset allocation
    - MIPS: RM7000: Double locking bug in rm7k_tc_disable()
    - MIPS: Define AT_VECTOR_SIZE_ARCH for ARCH_DLINFO
    - mips/panic: replace smp_send_stop() with kdump friendly version in panic
      path
    - ARM: dts: armadillo800eva Correct extal1 frequency to 24 MHz
    - ARM: imx: select SRC for i.MX7
    - ARM: dts: kirkwood: gpio pin fixes for linkstation ls-wxl/wsxl
    - ARM: dts: kirkwood: gpio pin fixes for linkstation ls-wvl/vl
    - ARM: dts: kirkwood: gpio-leds fixes for linkstation ls-wxl/wsxl
    - ARM: dts: kirkwood: gpio-leds fixes for linkstation ls-wvl/vl
    - ARM: dts: orion5x: gpio pin fixes for linkstation lswtgl
    - ARM: dts: orion5x: fix the missing mtd flash on linkstation lswtgl
    - ARM: dts: kirkwood: use unique machine name for ds112
    - ARM: dts: kirkwood: add kirkwood-ds112.dtb to Makefile
    - ARM: OMAP2+: hwmod: fix _idle() hwmod state sanity check sequence
    - perf/x86: Fix filter_events() bug with event mappings
    - x86/LDT: Print the real LDT base address
    - x86/apic/uv: Silence a shift wrapping warning
    - ALSA: fm801: explicitly free IRQ line
    - ALSA: fm801: propagate TUNER_ONLY bit when autodetected
    - ALSA: fm801: detect FM-only card earlier
    - netfilter: nfnetlink: use original skbuff when acking batches
    - xfrm: fix crash in XFRM_MSG_GETSA netlink handler
    - mwifiex: fix IBSS data path issue.
    - mwifiex: add missing check for PCIe8997 chipset
    - iwlwifi: set max firmware version of 7265 to 17
    - Bluetooth: btmrvl: fix hung task warning dump
    - dccp: limit sk_filter trim to payload
    - net/mlx4_core: Do not BUG_ON during reset when PCI is offline
    - mlxsw: pci: Correctly determine if descriptor queue is full
    - PCI: Supply CPU physical address (not bus address) to iomem_is_exclusive()
    - alpha/PCI: Call iomem_is_exclusive() for IORESOURCE_MEM, but not
      IORESOURCE_IO
    - vfio/pci: Allow VPD short read
    - mlxsw: Treat local port 64 as valid
    - IB/mlx4: Initialize hop_limit when creating address handle
    - GRE: Disable segmentation offloads w/ CSUM and we are encapsulated via FOU
    - powerpc/pci/of: Parse unassigned resources
    - firmware: actually return NULL on failed request_firmware_nowait()
    - c8sectpfe: Rework firmware loading mechanism
    - net/mlx5: Avoid passing dma address 0 to firmware
    - IB/mlx5: Fix RC transport send queue overhead computation
    - net/mlx5: Make command timeout way shorter
    - IB/mlx5: Fix FW version diaplay in sysfs
    - net/mlx5e: Fix MLX5E_100BASE_T define
    - net/mlx5: Fix the size of modify QP mailbox
    - net/mlx5: Fix masking of reserved bits in XRCD number
    - net/mlx5e: Fix blue flame quota logic
    - net/mlx5: use mlx5_buf_alloc_node instead of mlx5_buf_alloc in
      mlx5_wq_ll_create
    - net/mlx5: Avoid calling sleeping function by the health poll thread
    - net/mlx5: Fix wait_vital for VFs and remove fixed sleep
    - net/mlx5: Fix potential deadlock in command mode change
    - net/mlx5: Add timeout handle to commands with callback
    - net/mlx5: Fix pci error recovery flow
    - net/mlx5e: Copy all L2 headers into inline segment
    - net_sched: keep backlog updated with qlen
    - sch_drr: update backlog as well
    - sch_hfsc: always keep backlog updated
    - sch_prio: update backlog as well
    - sch_qfq: keep backlog updated with qlen
    - sch_sfb: keep backlog updated with qlen
    - sch_tbf: update backlog as well
    - btrfs: cleaner_kthread() doesn't need explicit freeze
    - irda: Free skb on irda_accept error path.
    - phy: fix device reference leaks
    - bonding: prevent out of bound accesses
    - mtd: nand: fix ONFI parameter page layout
    - ath10k: free cached fw bin contents when get board id fails
    - xprtrdma: checking for NULL instead of IS_ERR()
    - xprtrdma: Fix additional uses of spin_lock_irqsave(rb_lock)
    - xprtrdma: xprt_rdma_free() must not release backchannel reqs
    - xprtrdma: rpcrdma_bc_receive_call() should init rq_private_buf.len
    - RDMA/cxgb3: device driver frees DMA memory with different size
    - mlxsw: spectrum: Don't forward packets when STP state is DISABLED
    - mlxsw: spectrum: Disable learning according to STP state
    - mlxsw: spectrum: Don't count internal TX header bytes to stats
    - mlxsw: spectrum: Indicate support for autonegotiation
    - mlxsw: spectrum: Fix misuse of hard_header_len
    - net: tcp_memcontrol: properly detect ancestor socket pressure
    - tcp: do not set rtt_min to 1
    - RDS:TCP: Synchronize rds_tcp_accept_one with rds_send_xmit when resetting
      t_sock
    - net: ipv6: tcp reset, icmp need to consider L3 domain
    - batman-adv: Fix lockdep annotation of batadv_tlv_container_remove
    - batman-adv: replace WARN with rate limited output on non-existing VLAN
    - tty: serial: msm: Support more bauds
    - serial: samsung: Fix possible out of bounds access on non-DT platform
    - isa: Call isa_bus_init before dependent ISA bus drivers register
    - Btrfs: clean up an error code in btrfs_init_space_info()
    - Input: gpio-keys - fix check for disabling unsupported keys
    - Input: edt-ft5x06 - fix setting gain, offset, and threshold via device tree
    - net/xfrm_input: fix possible NULL deref of tunnel.ip6->parms.i_key
    - xfrm_user: propagate sec ctx allocation errors
    - xfrm: Fix memory leak of aead algorithm name
    - mac80211: fix mgmt-tx abort cookie and leak
    - mac80211: TDLS: always downgrade invalid chandefs
    - mac80211: TDLS: change BW calculation for WIDER_BW peers
    - mac80211: Fix BW upgrade for TDLS peers
    - NFS: Fix an LOCK/OPEN race when unlinking an open file
    - net: get rid of an signed integer overflow in ip_idents_reserve()
    - mtd: nand: denali: add missing nand_release() call in denali_remove()
    - ASoC: Intel: pass correct parameter in sst_alloc_stream_mrfld()
    - ASoC: tegra_alc5632: check return value
    - ASoC: fsl_ssi: mark SACNT register volatile
    - Revert "ACPI / LPSS: allow to use specific PM domain during ->probe()"
    - mmc: sdhci: restore behavior when setting VDD via external regulator
    - mmc: sd: limit SD card power limit according to cards capabilities
    - mmc: debugfs: correct wrong voltage value
    - mmc: block: return error on failed mmc_blk_get()
    - clk: rockchip: Revert "clk: rockchip: reset init state before mmc card
      initialization"
    - mmc: dw_mmc: rockchip: Set the drive phase properly
    - mmc: moxart: fix wait_for_completion_interruptible_timeout return variable
      type
    - mmc: sdhci: Fix regression setting power on Trats2 board
    - perf tools: Fix perf regs mask generation
    - powerpc/book3s: Fix MCE console messages for unrecoverable MCE.
    - sctp: fix the transports round robin issue when init is retransmitted
    - sunrpc: Update RPCBIND_MAXNETIDLEN
    - NFC: nci: memory leak in nci_core_conn_create()
    - net: phy: Avoid polling PHY with PHY_IGNORE_INTERRUPTS
    - net: phy: Fix phy_mac_interrupt()
    - net: phy: bcm7xxx: Fix shadow mode 2 disabling
    - of_mdio: fix node leak in of_phy_register_fixed_link error path
    - phy: micrel: Fix finding PHY properties in MAC node for KSZ9031.
    - net: dsa: slave: fix of-node leak and phy priority
    - drivers: net: cpsw: don't ignore phy-mode if phy-handle is used
    - iommu/dma: Respect IOMMU aperture when allocating
    - mdio-sun4i: oops in error handling in probe
    - iio:ad7797: Use correct attribute_group
    - selftests/ipc: Fix test failure seen after initial test run
    - wimax/i2400m: Fix potential urb refcnt leak
    - cifs: protect updating server->dstaddr with a spinlock
    - scripts/config: allow colons in option strings for sed
    - lib/mpi: Fix building for powerpc with clang
    - net: bcmgenet: suppress warnings on failed Rx SKB allocations
    - net: systemport: suppress warnings on failed Rx SKB allocations
    - rc: allow rc modules to be loaded if rc-main is not a module
    - lirc_imon: do not leave imon_probe() with mutex held
    - am437x-vpfe: fix an uninitialized variable bug
    - cx23885: uninitialized variable in cx23885_av_work_handler()
    - ath9k_htc: check for underflow in ath9k_htc_rx_msg()
    - VFIO: platform: reset: fix a warning message condition
    - net: moxa: fix an error code
    - mfd: lp8788-irq: Uninitialized variable in irq handler
    - ethernet: micrel: fix some error codes
    - power: ipaq-micro-battery: freeing the wrong variable
    - i40e: fix an uninitialized variable bug
    - qede: uninitialized variable in qede_start_xmit()
    - qlcnic: potential NULL dereference in qlcnic_83xx_get_minidump_template()
    - qlcnic: use the correct ring in qlcnic_83xx_process_rcv_ring_diag()
    - target: Fix a memory leak in target_dev_lba_map_store()
    - memory/tegra: Add number of TLB lines for Tegra124
    - pinctrl: bcm2835: Fix memory leak in error path
    - be2net: Don't leak iomapped memory on removal.
    - ipv4: Fix memory leak in exception case for splitting tries
    - flow_dissector: Check for IP fragmentation even if not using IPv4 address
    - ipv4: fix checksum annotation in udp4_csum_init
    - ipv4: do not abuse GFP_ATOMIC in inet_netconf_notify_devconf()
    - ipv4: accept u8 in IP_TOS ancillary data
    - net: vrf: Fix dev refcnt leak due to IPv6 prefix route
    - ipv6: fix checksum annotation in udp6_csum_init
    - ipv6: do not abuse GFP_ATOMIC in inet6_netconf_notify_devconf()
    - ipv6: add missing netconf notif when 'all' is updated
    - net: ipv6: Fix processing of RAs in presence of VRF
    - netfilter: nf_tables: fix a wrong check to skip the inactive rules
    - netfilter: nft_dynset: fix panic if NFT_SET_HASH is not enabled
    - netfilter: nf_tables: destroy the set if fail to add transaction
    - netfilter: nft_dup: do not use sreg_dev if the user doesn't specify it
    - udp: restore UDPlite many-cast delivery
    - clk: st: avoid uninitialized variable use
    - clk: gpio: handle error codes for of_clk_get_parent_count()
    - clk: ti: omap3+: dpll: use non-locking version of clk_get_rate
    - clk: multiplier: Prevent the multiplier from under / over flowing
    - clk: imx: clk-pllv3: fix incorrect handle of enet powerdown bit
    - clk: xgene: Don't call __pa on ioremaped address
    - cls_bpf: reset class and reuse major in da
    - arm64: bpf: jit JMP_JSET_{X,K}
    - bpf, trace: check event type in bpf_perf_event_read
    - bpf: fix map not being uncharged during map creation failure
    - net/mlx4_core: Fix potential corruption in counters database
    - net/mlx4_core: Fix access to uninitialized index
    - net/mlx4_en: Fix the return value of a failure in VLAN VID add/kill
    - net/mlx4_core: Check device state before unregistering it
    - net/mlx4_core: Fix the resource-type enum in res tracker to conform to FW
      spec
    - net/mlx4_en: Process all completions in RX rings after port goes up
    - net/mlx4_core: Do not access comm channel if it has not yet been initialized
    - net/mlx4_en: Fix potential deadlock in port statistics flow
    - net/mlx4: Fix uninitialized fields in rule when adding promiscuous mode to
      device managed flow steering
    - net/mlx4_core: Fix QUERY FUNC CAP flags
    - mlxsw: switchx2: Fix misuse of hard_header_len
    - mlxsw: switchx2: Fix ethernet port initialization
    - sched/fair: Fix calc_cfs_shares() fixed point arithmetics width confusion
    - net_sched: flower: Avoid dissection of unmasked keys
    - pkt_sched: fq: use proper locking in fq_dump_stats()
    - sched/preempt: Fix preempt_count manipulations
    - power: bq27xxx: fix reading for bq27000 and bq27010
    - power: bq27xxx: fix register numbers of bq27500
    - power: test_power: correctly handle empty writes
    - power: bq27xxx_battery: Fix bq27541 AveragePower register address
    - power_supply: tps65217-charger: Fix NULL deref during property export
    - net: vrf: Fix dst reference counting
    - net: Don't delete routes in different VRFs
    - vti6: fix input path
    - ipv4: Fix table id reference in fib_sync_down_addr
    - mlx4: do not call napi_schedule() without care
    - xprtrdma: Fix backchannel allocation of extra rpcrdma_reps
    - ALSA: fm801: Initialize chip after IRQ handler is registered
    - bonding: fix length of actor system
    - MIPS: perf: Remove incorrect odd/even counter handling for I6400
    - Revert "cpufreq: Drop rwsem lock around CPUFREQ_GOV_POLICY_EXIT"
    - net: dsa: mv88e6xxx: unlock DSA and CPU ports
    - gfs2: fix flock panic issue
    - blk-mq: fix undefined behaviour in order_to_size()
    - dm: fix second blk_delay_queue() parameter to be in msec units not jiffies
    - dmaengine: edma: Add probe callback to edma_tptc_driver
    - openvswitch: update checksum in {push,pop}_mpls
    - cxgb4/cxgb4vf: Fixes regression in perf when tx vlan offload is disabled
    - net: bcmgenet: fix skb_len in bcmgenet_xmit_single()
    - net: bcmgenet: device stats are unsigned long
    - gre: do not assign header_ops in collect metadata mode
    - gre: build header correctly for collect metadata tunnels
    - gre: reject GUE and FOU in collect metadata mode
    - sfc: fix potential stack corruption from running past stat bitmask
    - sfc: clear napi_hash state when copying channels
    - net: bcmsysport: Device stats are unsigned long
    - cxgbi: fix uninitialized flowi6
    - net: macb: add missing free_netdev() on error in macb_probe()
    - macvtap: segmented packet is consumed
    - tipc: fix the error handling in tipc_udp_enable()
    - net: icmp6_send should use dst dev to determine L3 domain
    - et131x: Fix logical vs bitwise check in et131x_tx_timeout()
    - net: ethernet: stmmac: dwmac-sti: fix probe error path
    - rtnl: reset calcit fptr in rtnl_unregister()
    - net: ethernet: stmmac: dwmac-rk: fix probe error path
    - fq_codel: return non zero qlen in class dumps
    - net: ethernet: stmmac: dwmac-generic: fix probe error path
    - bnxt: add a missing rcu synchronization
    - qdisc: fix a module refcount leak in qdisc_create_dflt()
    - net: axienet: Fix return value check in axienet_probe()
    - bnxt_en: Remove locking around txr->dev_state
    - net: ethernet: davinci_emac: Fix devioctl while in fixed link
    - net: ethernet: mvneta: Remove IFF_UNICAST_FLT which is not implemented
    - net: ethernet: ti: cpsw: fix device and of_node leaks
    - net: ethernet: ti: cpsw: fix secondary-emac probe error path
    - net: hns: fix device reference leaks
    - net: bridge: don't increment tx_dropped in br_do_proxy_arp
    - net: dsa: mv88e6xxx: enable SA learning on DSA ports
    - net: ehea: avoid null pointer dereference
    - l2tp: fix use-after-free during module unload
    - hwrng: exynos - Disable runtime PM on driver unbind
    - net: icmp_route_lookup should use rt dev to determine L3 domain
    - net: mvneta: fix trivial cut-off issue in mvneta_ethtool_update_stats
    - net: macb: replace macb_writel() call by queue_writel() to update queue ISR
    - ravb: Add missing free_irq() call to ravb_close()
    - mvpp2: use correct size for memset
    - net: vxlan: lwt: Fix vxlan local traffic.
    - net: ethoc: Fix early error paths
    - net: mv643xx_eth: fix packet corruption with TSO and tiny unaligned packets.
    - regulator: core: Rely on regulator_dev_release to free constraints
    - net: dsa: mv88e6xxx: fix port VLAN maps
    - at803x: fix reset handling
    - cxl: Fix DAR check & use REGION_ID instead of opencoding
    - net: ethernet: davinci_emac: Fix platform_data overwrite
    - ata: sata_dwc_460ex: remove incorrect locking
    - pinctrl: tegra: Correctly check the supported configuration
    - brcmfmac: add fallback for devices that do not report per-chain values
    - brcmfmac: restore stopping netdev queue when bus clogs up
    - bridge: Fix problems around fdb entries pointing to the bridge device
    - bna: add missing per queue ethtool stat
    - net: skbuff: Remove errornous length validation in skb_vlan_pop()
    - net: ep93xx_eth: Do not crash unloading module
    - macvlan: Fix potential use-after free for broadcasts
    - sctp: Fix SHUTDOWN CTSN Ack in the peer restart case
    - ALSA: hda: Match both PCI ID and SSID for driver blacklist
    - mac80211: add ieee80211_is_any_nullfunc()
    - Linux 4.4.223

* Xenial update: 4.4.222 upstream stable release (LP: #1878246)
    - ext4: fix special inode number checks in __ext4_iget()
    - drm/qxl: qxl_release leak in qxl_hw_surface_alloc()
    - ALSA: pcm: oss: Place the plugin buffer overflow checks correctly
    - PM: ACPI: Output correct message on target power state
    - RDMA/mlx4: Initialize ib_spec on the stack
    - vfio/type1: Fix VA->PA translation for PFNMAP VMAs in vaddr_get_pfn()
    - ALSA: opti9xx: shut up gcc-10 range warning
    - nfs: Fix potential posix_acl refcnt leak in nfs3_set_acl
    - dmaengine: dmatest: Fix iteration non-stop logic
    - i2c: designware-pci: use IRQF_COND_SUSPEND flag
    - perf hists: Fix HISTC_MEM_DCACHELINE width setting
    - powerpc/perf: Remove PPMU_HAS_SSLOT flag for Power8
    - perf/x86: Fix uninitialized value usage
    - exynos4-is: fix a format string bug
    - ASoC: wm8960: Fix WM8960_SYSCLK_PLL mode
    - ASoC: imx-spdif: Fix crash on suspend
    - ipv6: use READ_ONCE() for inet->hdrincl as in ipv4
    - selinux: properly handle multiple messages in selinux_netlink_send()
    - Linux 4.4.222

* Xenial update: 4.4.221 upstream stable release (LP: #1878098)
    - ext4: fix extent_status fragmentation for plain files
    - ALSA: hda - Fix incorrect usage of IS_REACHABLE()
    - net: ipv4: emulate READ_ONCE() on ->hdrincl bit-field in raw_sendmsg()
    - net: ipv4: avoid unused variable warning for sysctl
    - crypto: mxs-dcp - make symbols 'sha1_null_hash' and 'sha256_null_hash'
      static
    - vti4: removed duplicate log message.
    - scsi: lpfc: Fix kasan slab-out-of-bounds error in lpfc_unreg_login
    - ceph: return ceph_mdsc_do_request() errors from __get_parent()
    - ceph: don't skip updating wanted caps when cap is stale
    - pwm: rcar: Fix late Runtime PM enablement
    - scsi: iscsi: Report unbind session event when the target has been removed
    - ASoC: Intel: atom: Take the drv->lock mutex before calling
      sst_send_slot_map()
    - kernel/gcov/fs.c: gcov_seq_next() should increase position index
    - ipc/util.c: sysvipc_find_ipc() should increase position index
    - s390/cio: avoid duplicated 'ADD' uevents
    - pwm: renesas-tpu: Fix late Runtime PM enablement
    - pwm: bcm2835: Dynamically allocate base
    - ipv6: fix restrict IPV6_ADDRFORM operation
    - macvlan: fix null dereference in macvlan_device_event()
    - net: netrom: Fix potential nr_neigh refcnt leak in nr_add_node
    - net/x25: Fix x25_neigh refcnt leak when receiving frame
    - tcp: cache line align MAX_TCP_HEADER
    - team: fix hang in team_mode_get()
    - xfrm: Always set XFRM_TRANSFORMED in xfrm{4,6}_output_finish
    - ALSA: hda: Remove ASUS ROG Zenith from the blacklist
    - iio: xilinx-xadc: Fix ADC-B powerdown
    - iio: xilinx-xadc: Fix clearing interrupt when enabling trigger
    - iio: xilinx-xadc: Fix sequencer configuration for aux channels in
      simultaneous mode
    - fs/namespace.c: fix mountpoint reference counter race
    - USB: sisusbvga: Change port variable from signed to unsigned
    - USB: Add USB_QUIRK_DELAY_CTRL_MSG and USB_QUIRK_DELAY_INIT for Corsair K70
      RGB RAPIDFIRE
    - drivers: usb: core: Don't disable irqs in usb_sg_wait() during URB submit.
    - drivers: usb: core: Minimize irq disabling in usb_sg_cancel()
    - USB: core: Fix free-while-in-use bug in the USB S-Glibrary
    - USB: hub: Fix handling of connect changes during sleep
    - ALSA: usx2y: Fix potential NULL dereference
    - ALSA: usb-audio: Fix usb audio refcnt leak when getting spdif
    - ALSA: usb-audio: Filter out unsupported sample rates on Focusrite devices
    - KVM: Check validity of resolved slot when searching memslots
    - KVM: VMX: Enable machine check support for 32bit targets
    - tty: hvc: fix buffer overflow during hvc_alloc().
    - tty: rocket, avoid OOB access
    - usb-storage: Add unusual_devs entry for JMicron JMS566
    - audit: check the length of userspace generated audit records
    - ASoC: dapm: fixup dapm kcontrol widget
    - ARM: imx: provide v7_cpu_resume() only on ARM_CPU_SUSPEND=y
    - staging: comedi: dt2815: fix writing hi byte of analog output
    - staging: comedi: Fix comedi_device refcnt leak in comedi_open
    - staging: vt6656: Fix drivers TBTT timing counter.
    - staging: vt6656: Power save stop wake_up_count wrap around.
    - UAS: no use logging any details in case of ENODEV
    - UAS: fix deadlock in error handling and PM flushing work
    - usb: f_fs: Clear OS Extended descriptor counts to zero in ffs_data_reset()
    - remoteproc: Fix wrong rvring index computation
    - sctp: use right member as the param of list_for_each_entry
    - fuse: fix possibly missed wake-up after abort
    - mtd: cfi: fix deadloop in cfi_cmdset_0002.c do_write_buffer
    - usb: gadget: udc: bdc: Remove unnecessary NULL checks in bdc_req_complete
    - net/cxgb4: Check the return from t4_query_params properly
    - perf/core: fix parent pid/tid in task exit events
    - bpf, x86: Fix encoding for lower 8-bit registers in BPF_STX BPF_B
    - scsi: target: fix PR IN / READ FULL STATUS for FC
    - xen/xenbus: ensure xenbus_map_ring_valloc() returns proper grant status
    - ext4: convert BUG_ON's to WARN_ON's in mballoc.c
    - ext4: avoid declaring fs inconsistent due to invalid file handles
    - ext4: protect journal inode's blocks using block_validity
    - ext4: don't perform block validity checks on the journal inode
    - ext4: fix block validity checks for journal inodes using indirect blocks
    - ext4: unsigned int compared against zero
    - propagate_one(): mnt_set_mountpoint() needs mount_lock
    - Linux 4.4.221

* Xenial update: 4.4.220 upstream stable release (LP: #1875905)
    - bus: sunxi-rsb: Return correct data when mixing 16-bit and 8-bit reads
    - net: vxge: fix wrong __VA_ARGS__ usage
    - qlcnic: Fix bad kzalloc null test
    - i2c: st: fix missing struct parameter description
    - irqchip/versatile-fpga: Handle chained IRQs properly
    - selftests/x86/ptrace_syscall_32: Fix no-vDSO segfault
    - libata: Remove extra scsi_host_put() in ata_scsi_add_hosts()
    - gfs2: Don't demote a glock until its revokes are written
    - x86/boot: Use unsigned comparison for addresses
    - locking/lockdep: Avoid recursion in lockdep_count_{for,back}ward_deps()
    - btrfs: remove a BUG_ON() from merge_reloc_roots()
    - btrfs: track reloc roots based on their commit root bytenr
    - misc: rtsx: set correct pcr_ops for rts522A
    - ASoC: fix regwmask
    - ASoC: dapm: connect virtual mux with default value
    - ASoC: dpcm: allow start or stop during pause for backend
    - ASoC: topology: use name_prefix for new kcontrol
    - usb: gadget: f_fs: Fix use after free issue as part of queue failure
    - usb: gadget: composite: Inform controller driver of self-powered
    - ALSA: usb-audio: Add mixer workaround for TRX40 and co
    - ALSA: hda: Add driver blacklist
    - ALSA: hda: Fix potential access overflow in beep helper
    - ALSA: ice1724: Fix invalid access for enumerated ctl items
    - ALSA: pcm: oss: Fix regression by buffer overflow fix
    - acpi/x86: ignore unspecified bit positions in the ACPI global lock field
    - thermal: devfreq_cooling: inline all stubs for CONFIG_DEVFREQ_THERMAL=n
    - irqchip/versatile-fpga: Apply clear-mask earlier
    - MIPS: OCTEON: irq: Fix potential NULL pointer dereference
    - ath9k: Handle txpower changes even when TPC is disabled
    - signal: Extend exec_id to 64bits
    - x86/entry/32: Add missing ASM_CLAC to general_protection entry
    - KVM: x86: Allocate new rmap and large page tracking when moving memslot
    - crypto: mxs-dcp - fix scatterlist linearization for hash
    - futex: futex_wake_op, do not fail on invalid op
    - xen-netfront: Rework the fix for Rx stall during OOM and network stress
    - ALSA: hda: Initialize power_state field properly
    - Btrfs: incremental send, fix invalid memory access
    - IB/ipoib: Fix lockdep issue found on ipoib_ib_dev_heavy_flush
    - scsi: zfcp: fix missing erp_lock in port recovery trigger for point-to-point
    - arm64: armv8_deprecated: Fix undef_hook mask for thumb setend
    - ext4: fix a data race at inode->i_blocks
    - ocfs2: no need try to truncate file beyond i_size
    - s390/diag: fix display of diagnose call statistics
    - Input: i8042 - add Acer Aspire 5738z to nomux list
    - kmod: make request_module() return an error when autoloading is disabled
    - hfsplus: fix crash and filesystem corruption when deleting files
    - powerpc/64/tm: Don't let userspace set regs->trap via sigreturn
    - Btrfs: fix crash during unmount due to race with delayed inode workers
    - drm/dp_mst: Fix clearing payload state on topology disable
    - ipmi: fix hung processes in __get_guid()
    - powerpc/fsl_booke: Avoid creating duplicate tlb1 entry
    - misc: echo: Remove unnecessary parentheses and simplify check for zero
    - mfd: dln2: Fix sanity checking for endpoints
    - net: ipv4: devinet: Fix crash when add/del multicast IP with autojoin
    - net: ipv6: do not consider routes via gateways for anycast address check
    - scsi: ufs: Fix ufshcd_hold() caused scheduling while atomic
    - jbd2: improve comments about freeing data buffers whose page mapping is NULL
    - ext4: fix incorrect group count in ext4_fill_super error message
    - ext4: fix incorrect inodes per group in error message
    - ASoC: Intel: mrfld: fix incorrect check on p->sink
    - ASoC: Intel: mrfld: return error codes when an error occurs
    - ALSA: usb-audio: Don't override ignore_ctl_error value from the map
    - mac80211_hwsim: Use kstrndup() in place of kasprintf()
    - ext4: do not zeroout extents beyond i_disksize
    - dm flakey: check for null arg_name in parse_features()
    - kvm: x86: Host feature SSBD doesn't imply guest feature SPEC_CTRL_SSBD
    - x86/mitigations: Clear CPU buffers on the SYSCALL fast path
    - tracing: Fix the race between registering 'snapshot' event trigger and
      triggering 'snapshot' operation
    - scsi: sg: add sg_remove_request in sg_common_write
    - ALSA: hda: Don't release card at firmware loading error
    - video: fbdev: sis: Remove unnecessary parentheses and commented code
    - drm: NULL pointer dereference [null-pointer-deref] (CWE 476) problem
    - wil6210: increase firmware ready timeout
    - wil6210: fix temperature debugfs
    - scsi: ufs: ufs-qcom: remove broken hci version quirk
    - wil6210: rate limit wil_rx_refill error
    - rtc: pm8xxx: Fix issue in RTC write path
    - soc: qcom: smem: Use le32_to_cpu for comparison
    - of: fix missing kobject init for !SYSFS && OF_DYNAMIC config
    - of: unittest: kmemleak in of_unittest_platform_populate()
    - clk: at91: usb: continue if clk_hw_round_rate() return zero
    - clk: tegra: Fix Tegra PMC clock out parents
    - NFS: direct.c: Fix memory leak of dreq when nfs_get_lock_context fails
    - ext4: do not commit super on read-only bdev
    - percpu_counter: fix a data race at vm_committed_as
    - compiler.h: fix error in BUILD_BUG_ON() reporting
    - NFS: Fix memory leaks in nfs_pageio_stop_mirroring()
    - ext2: fix empty body warnings when -Wextra is used
    - iommu/amd: Fix the configuration of GCR3 table root pointer
    - fbdev: potential information leak in do_fb_ioctl()
    - tty: evh_bytechan: Fix out of bounds accesses
    - locktorture: Print ratio of acquisitions, not failures
    - mtd: lpddr: Fix a double free in probe()
    - mtd: phram: fix a double free issue in error path
    - x86/CPU: Add native CPUID variants returning a single datum
    - x86/microcode/intel: replace sync_core() with native_cpuid_reg(eax)
    - x86/vdso: Fix lsl operand order
    - Linux 4.4.220

* Panic on suspend/resume Kernel panic - not syncing: stack-protector: Kernel
    stack is corrupted in: sata_pmp_eh_recover+0xa2b/0xa40 (LP: #1821434) //
    Xenial update: 4.4.220 upstream stable release (LP: #1875905)
    - libata: Return correct status in sata_pmp_eh_recover_pm() when
      ATA_DFLAG_DETACH is set

* psock_tpacket from the net test in ubuntu_kernel_selftests failed on KVM
    kernels (LP: #1812176)
    - selftests/net: skip psock_tpacket test if KALLSYMS was not enabled

* tunnels over IPv6 are unencrypted when using IPsec (LP: #1876982) //
    CVE-2020-1749
    - net: ipv6: add net argument to ip6_dst_lookup_flow
    - net: ipv6_stub: use ip6_dst_lookup_flow instead of ip6_dst_lookup

* Bionic ubuntu ethtool doesn't check ring parameters boundaries
    (LP: #1874444)
    - ethtool: Ensure new ring parameters are within bounds during SRINGPARAM

* Improve TSC refinement (and calibration) reliability (LP: #1877858)
    - x86/tsc: Make calibration refinement more robust

* Do not treat unresolved test case in ftrace from ubuntu_kernel_selftests as
    failure (LP: #1877958)
    - ftrace/selftest: make unresolved cases cause failure if --fail-unresolved
      set

-- Kleber Sacilotto de Souza <kleber.souza@canonical.com>  Wed, 03 Jun 2020 12:51:31 +0200

Changed in linux (Ubuntu Xenial):
status:	Fix Committed → Fix Released

Guilherme G. Piccoli (gpiccoli) on 2020-06-10

Changed in linux (Ubuntu):
status:	In Progress → Fix Released

Ubuntu
linux package

Improve TSC refinement (and calibration) reliability

Bug Description

CVE References

Other bug subscribers

Remote bug watches

	Status	Importance	Assigned to
linux (Ubuntu)	Fix Released	High	Guilherme G. Piccoli
Xenial	Fix Released	High	Guilherme G. Piccoli
Bionic	Fix Released	High	Guilherme G. Piccoli

Ubuntulinux package

Improve TSC refinement (and calibration) reliability

Bug Description

CVE References

Other bug subscribers

Remote bug watches

Ubuntu
linux package