Bionic update: upstream stable patchset 2020-06-25

Bug #1885176 reported by Kamal Mostafa
This bug affects 1 person
Affects Status Importance Assigned to Milestone
linux (Ubuntu)
Kamal Mostafa

Bug Description

SRU Justification

       The upstream process for stable tree updates is quite similar
       in scope to the Ubuntu SRU process, e.g., each patch has to
       demonstrably fix a bug, and each patch is vetted by upstream
       by originating either directly from a mainline/stable Linux tree or
       a minimally backported form of that patch. The following upstream
       stable patches should be included in the Ubuntu kernel:

       upstream stable patchset 2020-06-25

                Ported from the following upstream stable releases:
                        v4.14.185, v4.19.129

       from git://

ipv6: fix IPV6_ADDRFORM operation logic
vxlan: Avoid infinite loop when suppressing NS messages with invalid options
make 'user_access_begin()' do 'access_ok()'
Fix 'acccess_ok()' on alpha and SH
arch/openrisc: Fix issues with access_ok()
x86: uaccess: Inhibit speculation past access_ok() in user_access_begin()
lib: Reduce user_access_begin() boundaries in strncpy_from_user() and strnlen_user()
serial: imx: Fix handling of TC irq in combination with DMA
crypto: talitos - fix ECB and CBC algs ivsize
ARM: 8977/1: ptrace: Fix mask for thumb breakpoint hook
sched/fair: Don't NUMA balance for kthreads
Input: synaptics - add a second working PNP_ID for Lenovo T470s
drivers/net/ibmvnic: Update VNIC protocol version reporting
powerpc/xive: Clear the page tables for the ESB IO mapping
ath9k_htc: Silence undersized packet warnings
perf probe: Accept the instance number of kretprobe event
mm: add kvfree_sensitive() for freeing sensitive data objects
x86_64: Fix jiffies ODR violation
x86/PCI: Mark Intel C620 MROMs as having non-compliant BARs
x86/speculation: Prevent rogue cross-process SSBD shutdown
x86/reboot/quirks: Add MacBook6,1 reboot quirk
efi/efivars: Add missing kobject_put() in sysfs entry creation error path
ALSA: es1688: Add the missed snd_card_free()
ALSA: hda/realtek - add a pintbl quirk for several Lenovo machines
ALSA: usb-audio: Fix inconsistent card PM state after resume
ACPI: sysfs: Fix reference count leak in acpi_sysfs_add_hotplug_profile()
ACPI: CPPC: Fix reference count leak in acpi_cppc_processor_probe()
ACPI: GED: add support for _Exx / _Lxx handler methods
ACPI: PM: Avoid using power resources if there are none for D0
cgroup, blkcg: Prepare some symbols for module and !CONFIG_CGROUP usages
nilfs2: fix null pointer dereference at nilfs_segctor_do_construct()
spi: bcm2835aux: Fix controller unregister order
spi: bcm-qspi: when tx/rx buffer is NULL set to 0
crypto: cavium/nitrox - Fix 'nitrox_get_first_device()' when ndevlist is fully iterated
ALSA: pcm: disallow linking stream to itself
kvm: x86: Fix L1TF mitigation for shadow MMU
KVM: x86/mmu: Consolidate "is MMIO SPTE" code
KVM: x86: only do L1TF workaround on affected processors
x86/speculation: Avoid force-disabling IBPB based on STIBP and enhanced IBRS.
x86/speculation: PR_SPEC_FORCE_DISABLE enforcement for indirect branches.
spi: dw: Fix controller unregister order
spi: No need to assign dummy value in spi_unregister_controller()
spi: Fix controller unregister order
spi: pxa2xx: Fix controller unregister order
spi: bcm2835: Fix controller unregister order
crypto: virtio: Fix use-after-free in virtio_crypto_skcipher_finalize_req()
crypto: virtio: Fix src/dst scatterlist calculation in __virtio_crypto_skcipher_do_req()
crypto: virtio: Fix dest length calculation in __virtio_crypto_skcipher_do_req()
selftests/net: in rxtimestamp getopt_long needs terminating null entry
ovl: initialize error in ovl_copy_xattr
proc: Use new_inode not new_inode_pseudo
video: fbdev: w100fb: Fix a potential double free.
KVM: nSVM: fix condition for filtering async PF
KVM: nSVM: leave ASID aside in copy_vmcb_control_area
KVM: nVMX: Consult only the "basic" exit reason when routing nested exit
KVM: MIPS: Define KVM_ENTRYHI_ASID to cpu_asid_mask(&boot_cpu_data)
KVM: MIPS: Fix VPN2_MASK definition for variable cpu_vmbits
KVM: arm64: Make vcpu_cp1x() work on Big Endian hosts
ath9k: Fix use-after-free Read in ath9k_wmi_ctrl_rx
ath9k: Fix use-after-free Write in ath9k_htc_rx_msg
ath9x: Fix stack-out-of-bounds Write in ath9k_hif_usb_rx_cb
ath9k: Fix general protection fault in ath9k_hif_usb_rx_cb
Smack: slab-out-of-bounds in vsscanf
mm/slub: fix a memory leak in sysfs_slab_add()
fat: don't allow to mount if the FAT length == 0
perf: Add cond_resched() to task_function_call()
agp/intel: Reinforce the barrier after GTT updates
mmc: sdhci-msm: Clear tuning done flag while hs400 tuning
mmc: sdio: Fix potential NULL pointer error in mmc_sdio_init_card()
can: kvaser_usb: kvaser_usb_leaf: Fix some info-leaks to USB devices
xen/pvcalls-back: test for errors when calling backend_connect()
ACPI: GED: use correct trigger type field in _Exx / _Lxx handling
drm: bridge: adv7511: Extend list of audio sample rates
crypto: ccp -- don't "select" CONFIG_DMADEVICES
media: si2157: Better check for running tuner in init
objtool: Ignore empty alternatives
spi: pxa2xx: Apply CS clk quirk to BXT
net: ena: fix error returning in ena_com_get_hash_function()
spi: dw: Zero DMA Tx and Rx configurations on stack
ixgbe: Fix XDP redirect on archs with PAGE_SIZE above 4K
MIPS: Loongson: Build ATI Radeon GPU driver as module
Bluetooth: Add SCO fallback for invalid LMP parameters error
kgdb: Prevent infinite recursive entries to the debugger
spi: dw: Enable interrupts in accordance with DMA xfer mode
clocksource: dw_apb_timer: Make CPU-affiliation being optional
clocksource: dw_apb_timer_of: Fix missing clockevent timers
btrfs: do not ignore error from btrfs_next_leaf() when inserting checksums
ARM: 8978/1: mm: make act_mm() respect THREAD_SIZE
spi: dw: Fix Rx-only DMA transfers
x86/kvm/hyper-v: Explicitly align hcall param for kvm_hyperv_exit
net: vmxnet3: fix possible buffer overflow caused by bad DMA value in vmxnet3_get_rss()
staging: android: ion: use vmap instead of vm_map_ram
brcmfmac: fix wrong location to get firmware feature
tools api fs: Make xxx__mountpoint() more scalable
e1000: Distribute switch variables for initialization
dt-bindings: display: mediatek: control dpi pins mode to avoid leakage
audit: fix a net reference leak in audit_send_reply()
media: dvb: return -EREMOTEIO on i2c transfer failure.
media: platform: fcp: Set appropriate DMA parameters
MIPS: Make sparse_init() using top-down allocation
audit: fix a net reference leak in audit_list_rules_send()
netfilter: nft_nat: return EOPNOTSUPP if type or flags are not supported
net: bcmgenet: set Rx mode before starting netif
lib/mpi: Fix 64-bit MIPS build with Clang
exit: Move preemption fixup up, move blocking operations down
net: lpc-enet: fix error return code in lpc_mii_init()
media: cec: silence shift wrapping warning in __cec_s_log_addrs()
net: allwinner: Fix use correct return type for ndo_start_xmit()
powerpc/spufs: fix copy_to_user while atomic
Crypto/chcr: fix for ccm(aes) failed test
MIPS: Truncate link address into 32bit for 32bit kernel
mips: cm: Fix an invalid error code of INTVN_*_ERR
kgdb: Fix spurious true from in_dbg_master()
nvme: refine the Qemu Identify CNS quirk
wcn36xx: Fix error handling path in 'wcn36xx_probe()'
net: qed*: Reduce RX and TX default ring count when running inside kdump kernel
md: don't flush workqueue unconditionally in md_open
rtlwifi: Fix a double free in _rtl_usb_tx_urb_setup()
mwifiex: Fix memory corruption in dump_station
x86/boot: Correct relocation destination on old linkers
mips: MAAR: Use more precise address mask
mips: Add udelay lpj numbers adjustment
x86/mm: Stop printing BRK addresses
m68k: mac: Don't call via_flush_cache() on Mac IIfx
macvlan: Skip loopback packets in RX handler
PCI: Don't disable decoding when mmio_always_on is set
MIPS: Fix IRQ tracing when call handle_fpe() and handle_msa_fpe()
mmc: sdhci-msm: Set SDHCI_QUIRK_MULTIBLOCK_READ_ACMD12 quirk
staging: greybus: sdio: Respect the cmd->busy_timeout from the mmc core
mmc: via-sdmmc: Respect the cmd->busy_timeout from the mmc core
ixgbe: fix signed-integer-overflow warning
mmc: sdhci-esdhc-imx: fix the mask for tuning start point
spi: dw: Return any value retrieved from the dma_transfer callback
cpuidle: Fix three reference count leaks
platform/x86: hp-wmi: Convert simple_strtoul() to kstrtou32()
string.h: fix incompatibility between FORTIFY_SOURCE and KASAN
btrfs: send: emit file capabilities after chown
mm: thp: make the THP mapcount atomic against __split_huge_pmd_locked()
ima: Fix ima digest hash table key calculation
ima: Directly assign the ima_default_policy pointer to ima_rules
evm: Fix possible memory leak in evm_calc_hmac_or_hash()
ext4: fix EXT_MAX_EXTENT/INDEX to check for zeroed eh_max
ext4: fix error pointer dereference
ext4: fix race between ext4_sync_parent() and rename()
PCI: Add ACS quirk for iProc PAXB
PCI: Add ACS quirk for Ampere root ports
PCI: Make ACS quirk implementations more uniform
vga_switcheroo: Deduplicate power state tracking
vga_switcheroo: Use device link for HDA controller
PCI: Generalize multi-function power dependency device links
PCI: Add ACS quirk for Intel Root Complex Integrated Endpoints
PCI: Unify ACS quirk desired vs provided checking
btrfs: fix error handling when submitting direct I/O bio
btrfs: fix wrong file range cleanup after an error filling dealloc range
blk-mq: move _blk_mq_update_nr_hw_queues synchronize_rcu call
PCI: Program MPS for RCiEP devices
e1000e: Relax condition to trigger reset for ME workaround
carl9170: remove P2P_GO support
media: go7007: fix a miss of snd_card_free
b43legacy: Fix case where channel status is corrupted
b43: Fix connection problem with WPA3
b43_legacy: Fix connection problem with WPA3
media: ov5640: fix use of destroyed mutex
igb: Report speed and duplex as unknown when device is runtime suspended
power: vexpress: add suppress_bind_attrs to true
pinctrl: samsung: Save/restore eint_mask over suspend for EINT_TYPE GPIOs
sparc32: fix register window handling in genregs32_[gs]et()
sparc64: fix misuses of access_process_vm() in genregs32_[sg]et()
dm crypt: avoid truncating the logical block size
kernel/cpu_pm: Fix uninitted local in cpu_pm
ARM: tegra: Correct PL310 Auxiliary Control Register initialization
drivers/macintosh: Fix memleak in windfarm_pm112 driver
powerpc/64s: Don't let DT CPU features set FSCR_DSCR
powerpc/64s: Save FSCR to init_task.thread.fscr after feature init
kbuild: force to build vmlinux if CONFIG_MODVERSION=y
sunrpc: svcauth_gss_register_pseudoflavor must reject duplicate registrations.
sunrpc: clean up properly in gss_mech_unregister()
mtd: rawnand: brcmnand: fix hamming oob layout
mtd: rawnand: pasemi: Fix the probe error path
w1: omap-hdq: cleanup to add missing newline for some dev_dbg
perf probe: Do not show the skipped events
perf probe: Fix to check blacklist address correctly
perf symbols: Fix debuginfo search for Ubuntu
bridge: Avoid infinite loop when suppressing NS messages with invalid options
tun: correct header offsets in napi frags mode
Input: mms114 - fix handling of mms345l
x86/cpu/amd: Make erratum #1054 a legacy erratum
ALSA: usb-audio: Add vendor, product and profile name for HP Thunderbolt Dock
PM: runtime: clk: Fix clk_pm_runtime_get() error path
net: atlantic: make hw_get_regs optional
efi/libstub/x86: Work around LLVM ELF quirk build regression
mmc: meson-mx-sdio: trigger a soft reset after a timeout or CRC error
Bluetooth: btbcm: Add 2 missing models to subver tables
sched/core: Fix illegal RCU from offline CPUs
drivers/perf: hisi: Fix typo in events attribute array
xfs: reset buffer write failure state on successful completion
net/mlx5e: IPoIB, Drop multicast packets that this interface sent
crypto: stm32/crc32 - fix ext4 chksum BUG_ON()
crypto: stm32/crc32 - fix run-time self test issue.
crypto: stm32/crc32 - fix multi-instance
btrfs: qgroup: mark qgroup inconsistent if we're inherting snapshot to a new qgroup
bcache: fix refcount underflow in bcache_device_free()
PCI: Avoid Pericom USB controller OHCI/EHCI PME# defect
PCI: Remove unused NFP32xx IDs
PCI: add USR vendor id and use it in r8169 and w6692 driver
PCI: Move Rohm Vendor ID to generic list
misc: pci_endpoint_test: Add the layerscape EP device support
misc: pci_endpoint_test: Add support to test PCI EP in AM654x
x86/amd_nb: Add PCI device IDs for family 17h, model 70h
ALSA: lx6464es - add support for LX6464ESe pci express variant
PCI: Add Genesys Logic, Inc. Vendor ID
PCI: Add Amazon's Annapurna Labs vendor ID
x86/amd_nb: Add Family 19h PCI IDs
PCI: Add Loongson vendor ID
serial: 8250_pci: Move Pericom IDs to pci_ids.h
alpha: fix memory barriers so that they conform to the specification
perf probe: Check address correctness by map instead of _etext
UBUNTU: upstream stable to v4.14.185, v4.19.129

CVE References

Changed in linux (Ubuntu):
status: New → Confirmed
tags: added: kernel-stable-tracking-bug
Changed in linux (Ubuntu Bionic):
status: New → In Progress
assignee: nobody → Kamal Mostafa (kamalmostafa)
description: updated
Changed in linux (Ubuntu Bionic):
status: In Progress → Fix Committed
Revision history for this message
Launchpad Janitor (janitor) wrote :
Download full text (55.0 KiB)

This bug was fixed in the package linux - 4.15.0-115.116

linux (4.15.0-115.116) bionic; urgency=medium

  * bionic/linux: 4.15.0-115.116 -proposed tracker (LP: #1893055)

  * [Potential Regression] dscr_inherit_exec_test from powerpc in
    ubuntu_kernel_selftests failed on B/E/F (LP: #1888332)
    - powerpc/64s: Don't init FSCR_DSCR in __init_FSCR()

linux (4.15.0-114.115) bionic; urgency=medium

  * bionic/linux: 4.15.0-114.115 -proposed tracker (LP: #1891052)

  * ipsec: policy priority management is broken (LP: #1890796)
    - xfrm: policy: match with both mark and mask on user interfaces

linux (4.15.0-113.114) bionic; urgency=medium

  * bionic/linux: 4.15.0-113.114 -proposed tracker (LP: #1890705)

  * Packaging resync (LP: #1786013)
    - update dkms package versions

  * Reapply "usb: handle warm-reset port requests on hub resume" (LP: #1859873)
    - usb: handle warm-reset port requests on hub resume

  * Bionic update: upstream stable patchset 2020-07-29 (LP: #1889474)
    - gpio: arizona: handle pm_runtime_get_sync failure case
    - gpio: arizona: put pm_runtime in case of failure
    - pinctrl: amd: fix npins for uart0 in kerncz_groups
    - mac80211: allow rx of mesh eapol frames with default rx key
    - scsi: scsi_transport_spi: Fix function pointer check
    - xtensa: fix __sync_fetch_and_{and,or}_4 declarations
    - xtensa: update *pos in
    - drivers/net/wan/lapbether: Fixed the value of hard_header_len
    - net: sky2: initialize return of gm_phy_read
    - drm/nouveau/i2c/g94-: increase NV_PMGR_DP_AUXCTL_TRANSACTREQ timeout
    - irqdomain/treewide: Keep firmware node unconditionally allocated
    - SUNRPC reverting d03727b248d0 ("NFSv4 fix CLOSE not waiting for direct IO
    - spi: spi-fsl-dspi: Exit the ISR with IRQ_NONE when it's not ours
    - IB/umem: fix reference count leak in ib_umem_odp_get()
    - uprobes: Change handle_swbp() to send SIGTRAP with si_code=SI_KERNEL, to fix
      GDB regression
    - ALSA: info: Drop WARN_ON() from buffer NULL sanity check
    - ASoC: rt5670: Correct RT5670_LDO_SEL_MASK
    - btrfs: fix double free on ulist after backref resolution failure
    - btrfs: fix mount failure caused by race with umount
    - btrfs: fix page leaks after failure to lock page for delalloc
    - bnxt_en: Fix race when modifying pause settings.
    - hippi: Fix a size used in a 'pci_free_consistent()' in an error handling
    - ax88172a: fix ax88172a_unbind() failures
    - net: dp83640: fix SIOCSHWTSTAMP to update the struct with actual
    - drm: sun4i: hdmi: Fix inverted HPD result
    - net: smc91x: Fix possible memory leak in smc_drv_probe()
    - bonding: check error value of register_netdevice() immediately
    - mlxsw: destroy workqueue when trap_register in mlxsw_emad_init
    - ipvs: fix the connection sync failed in some cases
    - i2c: rcar: always clear ICSAR to avoid side effects
    - bonding: check return value of register_netdevice() in bond_newlink()
    - serial: exar: Fix GPIO configuration for Sealevel cards based on XR17V35X
    - scripts/decode_stacktrace: strip basepath from all paths
    - HID: i...

Changed in linux (Ubuntu Bionic):
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers