Bionic update: upstream stable patchset 2020-11-10

Bug #1903768 reported by Kamal Mostafa on 2020-11-10
10
This bug affects 1 person
Affects Status Importance Assigned to Milestone
linux (Ubuntu)
Undecided
Unassigned
Bionic
Undecided
Kamal Mostafa

Bug Description

SRU Justification

    Impact:
       The upstream process for stable tree updates is quite similar
       in scope to the Ubuntu SRU process, e.g., each patch has to
       demonstrably fix a bug, and each patch is vetted by upstream
       by originating either directly from a mainline/stable Linux tree or
       a minimally backported form of that patch. The following upstream
       stable patches should be included in the Ubuntu kernel:

       upstream stable patchset 2020-11-10

                Ported from the following upstream stable releases:
                        v4.14.202, v4.19.152,
                        v4.14.203, v4.19.153

       from git://git.kernel.org/

Bluetooth: fix kernel oops in store_pending_adv_report
Bluetooth: Consolidate encryption handling in hci_encrypt_cfm
Bluetooth: Fix update of connection state in `hci_encrypt_cfm`
Bluetooth: Disconnect if E0 is used for Level 4
media: usbtv: Fix refcounting mixup
USB: serial: option: add Cellient MPL200 card
USB: serial: option: Add Telit FT980-KS composition
staging: comedi: check validity of wMaxPacketSize of usb endpoints found
USB: serial: pl2303: add device-id for HP GC device
USB: serial: ftdi_sio: add support for FreeCalypso JTAG+UART adapters
reiserfs: Initialize inode keys properly
reiserfs: Fix oops during mount
drivers/net/ethernet/marvell/mvmdio.c: Fix non OF case
crypto: bcm - Verify GCM/CCM key length in setkey
crypto: qat - check cipher length for aead AES-CBC-HMAC-SHA
ARM: 8858/1: vdso: use $(LD) instead of $(CC) to link VDSO
ARM: 8939/1: kbuild: use correct nm executable
ARM: 8867/1: vdso: pass --be8 to linker if necessary
UBUNTU: upstream stable to v4.14.202, v4.19.152
ibmveth: Switch order of ibmveth_helper calls.
ibmveth: Identify ingress large send packets.
ipv4: Restore flowi4_oif update before call to xfrm_lookup_route
mlx4: handle non-napi callers to napi_poll
net: usb: qmi_wwan: add Cellient MPL200 card
tipc: fix the skb_unshare() in tipc_buf_append()
net/ipv4: always honour route mtu during forwarding
r8169: fix data corruption issue on RTL8402
binder: fix UAF when releasing todo list
ALSA: bebob: potential info leak in hwdep_read()
net: hdlc: In hdlc_rcv, check to make sure dev is an HDLC device
net: hdlc_raw_eth: Clear the IFF_TX_SKB_SHARING flag after calling ether_setup
nfc: Ensure presence of NFC_ATTR_FIRMWARE_NAME attribute in nfc_genl_fw_download()
tcp: fix to update snd_wl1 in bulk receiver fast path
icmp: randomize the global rate limiter
cifs: remove bogus debug code
cifs: Return the error from crypt_message when enc/dec key not found.
KVM: x86/mmu: Commit zap of remaining invalid pages when recovering lpages
KVM: SVM: Initialize prev_ga_tag before use
ima: Don't ignore errors from crypto_shash_update()
crypto: algif_aead - Do not set MAY_BACKLOG on the async path
EDAC/i5100: Fix error handling order in i5100_init_one()
x86/fpu: Allow multiple bits in clearcpuid= parameter
drivers/perf: xgene_pmu: Fix uninitialized resource struct
crypto: algif_skcipher - EBUSY on aio should be an error
crypto: mediatek - Fix wrong return value in mtk_desc_ring_alloc()
crypto: ixp4xx - Fix the size used in a 'dma_free_coherent()' call
media: tuner-simple: fix regression in simple_set_radio_freq
media: Revert "media: exynos4-is: Add missed check for pinctrl_lookup_state()"
media: m5mols: Check function pointer in m5mols_sensor_power
media: uvcvideo: Set media controller entity functions
media: omap3isp: Fix memleak in isp_probe
crypto: omap-sham - fix digcnt register handling with export/import
cypto: mediatek - fix leaks in mtk_desc_ring_alloc
media: mx2_emmaprp: Fix memleak in emmaprp_probe
media: tc358743: initialize variable
media: platform: fcp: Fix a reference count leak.
media: s5p-mfc: Fix a reference count leak
media: ti-vpe: Fix a missing check and reference count leak
regulator: resolve supply after creating regulator
ath10k: provide survey info as accumulated data
Bluetooth: hci_uart: Cancel init work before unregistering
ath6kl: prevent potential array overflow in ath6kl_add_new_sta()
ath9k: Fix potential out of bounds in ath9k_htc_txcompletion_cb()
wcn36xx: Fix reported 802.11n rx_highest rate wcn3660/wcn3680
ASoC: qcom: lpass-platform: fix memory leak
ASoC: qcom: lpass-cpu: fix concurrency issue
brcmfmac: check ndev pointer
mwifiex: Do not use GFP_KERNEL in atomic context
drm/gma500: fix error check
scsi: qla4xxx: Fix an error handling path in 'qla4xxx_get_host_stats()'
scsi: csiostor: Fix wrong return value in csio_hw_prep_fw()
backlight: sky81452-backlight: Fix refcount imbalance on error
VMCI: check return value of get_user_pages_fast() for errors
tty: serial: earlycon dependency
pty: do tty_flip_buffer_push without port->lock in pty_write
pwm: lpss: Fix off by one error in base_unit math in pwm_lpss_prepare()
pwm: lpss: Add range limit check for the base_unit register value
drivers/virt/fsl_hypervisor: Fix error handling path
video: fbdev: vga16fb: fix setting of pixclock because a pass-by-value error
video: fbdev: sis: fix null ptr dereference
HID: roccat: add bounds checking in kone_sysfs_write_settings()
pinctrl: mcp23s08: Fix mcp23x17_regmap initialiser
pinctrl: mcp23s08: Fix mcp23x17 precious range
ath6kl: wmi: prevent a shift wrapping bug in ath6kl_wmi_delete_pstream_cmd()
misc: mic: scif: Fix error handling path
ALSA: seq: oss: Avoid mutex lock for a long-time ioctl
usb: dwc2: Fix parameter type in function pointer prototype
quota: clear padding in v2r1_mem2diskdqb()
HID: hid-input: fix stylus battery reporting
qtnfmac: fix resource leaks on unsupported iftype error return path
net: enic: Cure the enic api locking trainwreck
mfd: sm501: Fix leaks in probe()
iwlwifi: mvm: split a print to avoid a WARNING in ROC
usb: gadget: f_ncm: fix ncm_bitrate for SuperSpeed and above.
usb: gadget: u_ether: enable qmult on SuperSpeed Plus as well
nl80211: fix non-split wiphy information
usb: dwc2: Fix INTR OUT transfers in DDMA mode.
scsi: be2iscsi: Fix a theoretical leak in beiscsi_create_eqs()
mwifiex: fix double free
net: korina: fix kfree of rx/tx descriptor array
mm/memcg: fix device private memcg accounting
mm, oom_adj: don't loop through tasks in __set_oom_adj when not necessary
IB/mlx4: Fix starvation in paravirt mux/demux
IB/mlx4: Adjust delayed work when a dup is observed
powerpc/pseries: Fix missing of_node_put() in rng_init()
powerpc/icp-hv: Fix missing of_node_put() in success path
mtd: lpddr: fix excessive stack usage with clang
mtd: mtdoops: Don't write panic data twice
ARM: 9007/1: l2c: fix prefetch bits init in L2X0_AUX_CTRL using DT values
arc: plat-hsdk: fix kconfig dependency warning when !RESET_CONTROLLER
xfs: limit entries returned when counting fsmap records
RDMA/qedr: Fix use of uninitialized field
powerpc/tau: Use appropriate temperature sample interval
powerpc/tau: Remove duplicated set_thresholds() call
powerpc/tau: Disable TAU between measurements
perf intel-pt: Fix "context_switch event has no tid" error
RDMA/hns: Set the unsupported wr opcode
kdb: Fix pager search for multi-line strings
overflow: Include header file with SIZE_MAX declaration
powerpc/perf: Exclude pmc5/6 from the irrelevant PMU group constraints
powerpc/perf/hv-gpci: Fix starting index value
cpufreq: powernv: Fix frame-size-overflow in powernv_cpufreq_reboot_notifier
IB/rdmavt: Fix sizeof mismatch
f2fs: wait for sysfs kobject removal before freeing f2fs_sb_info
lib/crc32.c: fix trivial typo in preprocessor condition
ramfs: fix nommu mmap with gaps in the page cache
rapidio: fix error handling path
rapidio: fix the missed put_device() for rio_mport_add_riodev
mailbox: avoid timer start from callback
i2c: rcar: Auto select RESET_CONTROLLER
PCI: iproc: Set affinity mask on MSI interrupts
clk: at91: clk-main: update key before writing AT91_CKGR_MOR
clk: bcm2835: add missing release if devm_clk_hw_register fails
ext4: limit entries returned when counting fsmap records
vfio/pci: Clear token on bypass registration failure
vfio iommu type1: Fix memory leak in vfio_iommu_type1_pin_pages
Input: imx6ul_tsc - clean up some errors in imx6ul_tsc_resume()
Input: stmfts - fix a & vs && typo
Input: ep93xx_keypad - fix handling of platform_get_irq() error
Input: omap4-keypad - fix handling of platform_get_irq() error
Input: twl4030_keypad - fix handling of platform_get_irq() error
Input: sun4i-ps2 - fix handling of platform_get_irq() error
KVM: x86: emulating RDPID failure shall return #UD rather than #GP
memory: omap-gpmc: Fix a couple off by ones
memory: fsl-corenet-cf: Fix handling of platform_get_irq() error
arm64: dts: qcom: msm8916: Fix MDP/DSI interrupts
ARM: dts: owl-s500: Fix incorrect PPI interrupt specifiers
arm64: dts: zynqmp: Remove additional compatible string for i2c IPs
powerpc/powernv/dump: Fix race while processing OPAL dump
nvmet: fix uninitialized work for zero kato
NTB: hw: amd: fix an issue about leak system resources
perf: correct SNOOPX field offset
i2c: core: Restore acpi_walk_dep_device_list() getting called after registering the ACPI i2c devs
crypto: ccp - fix error handling
media: firewire: fix memory leak
media: ati_remote: sanity check for both endpoints
media: st-delta: Fix reference count leak in delta_run_work
media: sti: Fix reference count leaks
media: exynos4-is: Fix several reference count leaks due to pm_runtime_get_sync
media: exynos4-is: Fix a reference count leak due to pm_runtime_get_sync
media: exynos4-is: Fix a reference count leak
media: vsp1: Fix runtime PM imbalance on error
media: platform: s3c-camif: Fix runtime PM imbalance on error
media: platform: sti: hva: Fix runtime PM imbalance on error
media: bdisp: Fix runtime PM imbalance on error
media: media/pci: prevent memory leak in bttv_probe
media: uvcvideo: Ensure all probed info is returned to v4l2
mmc: sdio: Check for CISTPL_VERS_1 buffer size
media: saa7134: avoid a shift overflow
fs: dlm: fix configfs memory leak
media: venus: core: Fix runtime PM imbalance in venus_probe
ntfs: add check for mft record size in superblock
mac80211: handle lack of sband->bitrates in rates
PM: hibernate: remove the bogus call to get_gendisk() in software_resume()
scsi: mvumi: Fix error return in mvumi_io_attach()
scsi: target: core: Add CONTROL field for trace events
mic: vop: copy data to kernel space then write to io memory
misc: vop: add round_up(x,4) for vring_size to avoid kernel panic
usb: gadget: function: printer: fix use-after-free in __lock_acquire
udf: Limit sparing table size
udf: Avoid accessing uninitialized data on failed inode read
USB: cdc-acm: handle broken union descriptors
can: flexcan: flexcan_chip_stop(): add error handling and propagate error value
ath9k: hif_usb: fix race condition between usb_get_urb() and usb_kill_anchored_urbs()
misc: rtsx: Fix memory leak in rtsx_pci_probe
reiserfs: only call unlock_new_inode() if I_NEW
xfs: make sure the rt allocator doesn't run off the end
usb: ohci: Default to per-port over-current protection
Bluetooth: Only mark socket zapped after unlocking
scsi: ibmvfc: Fix error return in ibmvfc_probe()
brcmsmac: fix memory leak in wlc_phy_attach_lcnphy
rtl8xxxu: prevent potential memory leak
Fix use after free in get_capset_info callback.
scsi: qedi: Protect active command list to avoid list corruption
scsi: qedi: Fix list_del corruption while removing active I/O
tty: ipwireless: fix error handling
ipvs: Fix uninit-value in do_ip_vs_set_ctl()
reiserfs: Fix memory leak in reiserfs_parse_options()
mwifiex: don't call del_timer_sync() on uninitialized timer
brcm80211: fix possible memleak in brcmf_proto_msgbuf_attach
usb: core: Solve race condition in anchor cleanup functions
scsi: ufs: ufs-qcom: Fix race conditions caused by ufs_qcom_testbus_config()
ath10k: check idx validity in __ath10k_htt_rx_ring_fill_n()
net: korina: cast KSEG0 address to pointer in kfree
tty: serial: fsl_lpuart: fix lpuart32_poll_get_char
usb: cdc-acm: add quirk to blacklist ETAS ES58X devices
USB: cdc-wdm: Make wdm_flush() interruptible and add wdm_fsync().
eeprom: at25: set minimum read/write access stride to 1
usb: gadget: f_ncm: allow using NCM in SuperSpeed Plus gadgets.
powerpc/powernv/opal-dump : Use IRQ_HANDLED instead of numbers in interrupt handler
net: fix pos incrementment in ipv6_route_seq_next
ALSA: hda/realtek: Enable audio jacks of ASUS D700SA with ALC887
x86/nmi: Fix nmi_handle() duration miscalculation
x86/events/amd/iommu: Fix sizeof mismatch
media: uvcvideo: Silence shift-out-of-bounds warning
hwmon: (pmbus/max34440) Fix status register reads for MAX344{51,60,61}
media: tc358743: cleanup tc358743_cec_isr
pinctrl: bcm: fix kconfig dependency warning when !GPIOLIB
spi: spi-s3c64xx: swap s3c64xx_spi_set_cs() and s3c64xx_enable_datapath()
staging: rtl8192u: Do not use GFP_KERNEL in atomic context
net: stmmac: use netif_tx_start|stop_all_queues() function
scsi: target: tcmu: Fix warning: 'page' may be used uninitialized
ipvs: clear skb->tstamp in forwarding path
netfilter: nf_log: missing vlan offload tag and proto
RDMA/ucma: Fix locking for ctx->events_reported
RDMA/ucma: Add missing locking around rdma_leave_multicast()
RDMA/qedr: Fix inline size returned for iWARP
UBUNTU: upstream stable to v4.14.203, v4.19.153

CVE References

Changed in linux (Ubuntu):
status: New → Confirmed
tags: added: kernel-stable-tracking-bug
Changed in linux (Ubuntu Bionic):
status: New → In Progress
assignee: nobody → Kamal Mostafa (kamalmostafa)
description: updated
Changed in linux (Ubuntu Bionic):
status: In Progress → Fix Committed
Launchpad Janitor (janitor) wrote :
Download full text (28.8 KiB)

This bug was fixed in the package linux - 4.15.0-129.132

---------------
linux (4.15.0-129.132) bionic; urgency=medium

  * bionic/linux: 4.15.0-129.132 -proposed tracker (LP: #1907635)

  * Packaging resync (LP: #1786013)
    - update dkms package versions

  * Ubuntu 18.04- call trace in kernel buffer when unloading ib_ipoib module
    (LP: #1904848)
    - SAUCE: net/mlx5e: IPoIB, initialize update_stat_work for ipoib devices

  * memory is leaked when tasks are moved to net_prio (LP: #1886859)
    - netprio_cgroup: Fix unlimited memory leak of v2 cgroups

  * s390: dbginfo.sh triggers kernel panic, reading from
    /sys/kernel/mm/page_idle/bitmap (LP: #1904884)
    - mm/page_idle.c: skip offline pages

  * Bionic update: upstream stable patchset 2020-11-23 (LP: #1905333)
    - drm/i915: Break up error capture compression loops with cond_resched()
    - tipc: fix use-after-free in tipc_bcast_get_mode
    - gianfar: Replace skb_realloc_headroom with skb_cow_head for PTP
    - gianfar: Account for Tx PTP timestamp in the skb headroom
    - net: usb: qmi_wwan: add Telit LE910Cx 0x1230 composition
    - sctp: Fix COMM_LOST/CANT_STR_ASSOC err reporting on big-endian platforms
    - sfp: Fix error handing in sfp_probe()
    - Blktrace: bail out early if block debugfs is not configured
    - i40e: Fix of memory leak and integer truncation in i40e_virtchnl.c
    - Fonts: Replace discarded const qualifier
    - ALSA: usb-audio: Add implicit feedback quirk for Qu-16
    - lib/crc32test: remove extra local_irq_disable/enable
    - kthread_worker: prevent queuing delayed work from timer_fn when it is being
      canceled
    - mm: always have io_remap_pfn_range() set pgprot_decrypted()
    - gfs2: Wake up when sd_glock_disposal becomes zero
    - ftrace: Fix recursion check for NMI test
    - ftrace: Handle tracing when switching between context
    - tracing: Fix out of bounds write in get_trace_buf
    - futex: Handle transient "ownerless" rtmutex state correctly
    - ARM: dts: sun4i-a10: fix cpu_alert temperature
    - x86/kexec: Use up-to-dated screen_info copy to fill boot params
    - of: Fix reserved-memory overlap detection
    - blk-cgroup: Fix memleak on error path
    - blk-cgroup: Pre-allocate tree node on blkg_conf_prep
    - scsi: core: Don't start concurrent async scan on same host
    - vsock: use ns_capable_noaudit() on socket create
    - drm/vc4: drv: Add error handding for bind
    - ACPI: NFIT: Fix comparison to '-ENXIO'
    - vt: Disable KD_FONT_OP_COPY
    - fork: fix copy_process(CLONE_PARENT) race with the exiting ->real_parent
    - serial: 8250_mtk: Fix uart_get_baud_rate warning
    - serial: txx9: add missing platform_driver_unregister() on error in
      serial_txx9_init
    - USB: serial: cyberjack: fix write-URB completion race
    - USB: serial: option: add Quectel EC200T module support
    - USB: serial: option: add LE910Cx compositions 0x1203, 0x1230, 0x1231
    - USB: serial: option: add Telit FN980 composition 0x1055
    - USB: Add NO_LPM quirk for Kingston flash drive
    - usb: mtu3: fix panic in mtu3_gadget_stop()
    - ARC: stack unwinding: avoid indefinite looping
    - Revert "ARC: entry: fix potential EFA c...

Changed in linux (Ubuntu Bionic):
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers