Bionic update: upstream stable patchset 2019-07-10

Bug #1836117 reported by Kamal Mostafa on 2019-07-10
This bug affects 1 person
Affects Status Importance Assigned to Milestone
linux (Ubuntu)
Kamal Mostafa

Bug Description

SRU Justification

       The upstream process for stable tree updates is quite similar
       in scope to the Ubuntu SRU process, e.g., each patch has to
       demonstrably fix a bug, and each patch is vetted by upstream
       by originating either directly from a mainline/stable Linux tree or
       a minimally backported form of that patch. The following upstream
       stable patches should be included in the Ubuntu kernel:

       upstream stable patchset 2019-07-10

       Ported from the following upstream stable releases:
           v4.14.71, v4.18.9,
           v4.14.72, v4.18.10

       from git://

i2c: xiic: Make the start and the byte count write atomic
i2c: i801: fix DNV's SMBCTRL register offset
scsi: lpfc: Correct MDS diag and nvmet configuration
nbd: don't allow invalid blocksize settings
block: bfq: swap puts in bfqg_and_blkg_put
android: binder: fix the race mmap and alloc_new_buf_locked
MIPS: VDSO: Match data page cache colouring when D$ aliases
SMB3: Backup intent flag missing for directory opens with backupuid mounts
smb3: check for and properly advertise directory lease support
Btrfs: fix data corruption when deduplicating between different files
KVM: s390: vsie: copy wrapping keys to right place
KVM: VMX: Do not allow reexecute_instruction() when skipping MMIO instr
ALSA: hda - Fix cancel_work_sync() stall from jackpoll work
cpu/hotplug: Adjust misplaced smb() in cpuhp_thread_fun()
cpu/hotplug: Prevent state corruption on error rollback
x86/microcode: Make sure boot_cpu_data.microcode is up-to-date
x86/microcode: Update the new microcode revision unconditionally
crypto: aes-generic - fix aes-generic regression on powerpc
tpm: separate cmd_ready/go_idle from runtime_pm
ARC: [plat-axs*]: Enable SWAP
misc: mic: SCIF Fix scif_get_new_port() error handling
ethtool: Remove trailing semicolon for static inline
i2c: aspeed: Add an explicit type casting for *get_clk_reg_val
Bluetooth: h5: Fix missing dependency on BT_HCIUART_SERDEV
gpio: tegra: Move driver registration to subsys_init level
selftests/bpf: fix a typo in map in map test
media: davinci: vpif_display: Mix memory leak on probe error path
media: dw2102: Fix memleak on sequence of probes
net: phy: Fix the register offsets in Broadcom iProc mdio mux driver
blk-mq: fix updating tags depth
scsi: target: fix __transport_register_session locking
md/raid5: fix data corruption of replacements after originals dropped
timers: Clear timer_base::must_forward_clk with timer_base::lock held
media: camss: csid: Configure data type and decode format properly
gpu: ipu-v3: default to id 0 on missing OF alias
misc: ti-st: Fix memory leak in the error path of probe()
uio: potential double frees if __uio_register_device() fails
firmware: vpd: Fix section enabled flag on vpd_section_destroy
Drivers: hv: vmbus: Cleanup synic memory free path
tty: rocket: Fix possible buffer overwrite on register_PCI
f2fs: fix to active page in lru list for read path
f2fs: do not set free of current section
f2fs: fix defined but not used build warnings
perf tools: Allow overriding MAX_NR_CPUS at compile time
NFSv4.0 fix client reference leak in callback
perf c2c report: Fix crash for empty browser
perf evlist: Fix error out while applying initial delay and LBR
macintosh/via-pmu: Add missing mmio accessors
ath9k: report tx status on EOSP
ath9k_hw: fix channel maximum power level test
ath10k: prevent active scans on potential unusable channels
wlcore: Set rx_status boottime_ns field on rx
MIPS: Fix ISA virt/bus conversion for non-zero PHYS_OFFSET
scsi: 3ware: fix return 0 on the error path of probe
tools/testing/nvdimm: kaddr and pfn can be NULL to ->direct_access()
ath10k: disable bundle mgmt tx completion event support
Bluetooth: hidp: Fix handling of strncpy for hid->name information
pinctrl: imx: off by one in imx_pinconf_group_dbg_show()
gpio: ml-ioh: Fix buffer underwrite on probe error path
pinctrl/amd: only handle irq if it is pending and unmasked
net: mvneta: fix mtu change on port without link
f2fs: try grabbing node page lock aggressively in sync scenario
f2fs: fix to skip GC if type in SSA and SIT is inconsistent
tpm_tis_spi: Pass the SPI IRQ down to the driver
tpm/tpm_i2c_infineon: switch to i2c_lock_bus(..., I2C_LOCK_SEGMENT)
f2fs: fix to do sanity check with reserved blkaddr of inline inode
MIPS: Octeon: add missing of_node_put()
MIPS: generic: fix missing of_node_put()
net: dcb: For wild-card lookups, use priority -1, not 0
dm cache: only allow a single io_mode cache feature to be requested
Input: atmel_mxt_ts - only use first T9 instance
media: s5p-mfc: Fix buffer look up in s5p_mfc_handle_frame_{new, copy_time} functions
media: helene: fix xtal frequency setting at power on
f2fs: fix to wait on page writeback before updating page
f2fs: Fix uninitialized return in f2fs_ioc_shutdown()
iommu/ipmmu-vmsa: Fix allocation in atomic context
mfd: ti_am335x_tscadc: Fix struct clk memory leak
f2fs: fix to do sanity check with {sit,nat}_ver_bitmap_bytesize
NFSv4.1: Fix a potential layoutget/layoutrecall deadlock
MIPS: WARN_ON invalid DMA cache maintenance, not BUG_ON
RDMA/cma: Do not ignore net namespace for unbound cm_id
inet: frags: change inet_frags_init_net() return value
inet: frags: add a pointer to struct netns_frags
inet: frags: refactor ipfrag_init()
inet: frags: refactor ipv6_frag_init()
inet: frags: refactor lowpan_net_frag_init()
ipv6: export ip6 fragments sysctl to unprivileged users
rhashtable: add schedule points
inet: frags: use rhashtables for reassembly units
inet: frags: remove some helpers
inet: frags: get rif of inet_frag_evicting()
inet: frags: remove inet_frag_maybe_warn_overflow()
inet: frags: break the 2GB limit for frags storage
inet: frags: do not clone skb in ip_expire()
ipv6: frags: rewrite ip6_expire_frag_queue()
rhashtable: reorganize struct rhashtable layout
inet: frags: reorganize struct netns_frags
inet: frags: get rid of ipfrag_skb_cb/FRAG_CB
inet: frags: fix ip6frag_low_thresh boundary
ip: discard IPv4 datagrams with overlapping segments.
net: modify skb_rbtree_purge to return the truesize of all purged skbs.
ipv6: defrag: drop non-last frags smaller than min mtu
net: pskb_trim_rcsum() and CHECKSUM_COMPLETE are friends
mtd: ubi: wl: Fix error return code in ubi_wl_init()
tun: fix use after free for ptr_ring
tuntap: fix use after free during release
autofs: fix autofs_sbi() does not check super block type
KVM: PPC: Book3S HV: Use correct pagesize in kvm_unmap_radix()
ARC: [plat-axs*/plat-hsdk]: Allow U-Boot to pass MAC-address to the kernel
x86/apic/vector: Make error return value negative
tc-testing: flush gact actions on test teardown
pinctrl: berlin: fix 'pctrl->functions' allocation in berlin_pinctrl_build_state
powerpc/4xx: Fix error return path in ppc4xx_msi_probe()
scsi: qla2xxx: Fix unintended Logout
iwlwifi: pcie: don't access periphery registers when not available
f2fs: Keep alloc_valid_block_count in sync
f2fs: issue discard align to section in LFS mode
device-dax: avoid hang on error before devm_memremap_pages()
regulator: tps65217: Fix NULL pointer dereference on probe
gpio: pxa: disable pinctrl calls for PXA3xx
thermal_hwmon: Sanitize attribute name passed to hwmon
f2fs: fix to do sanity check with extra_attr feature
RDMA/hns: Add illegal hop_num judgement
RDMA/hns: Update the data type of immediate data
be2net: Fix memory leak in be_cmd_get_profile_config()
net/mlx5: Fix use-after-free in self-healing flow
net: qca_spi: Fix race condition in spi transfers
rds: fix two RCU related problems
net/mlx5: Check for error in mlx5_attach_interface
net/mlx5: Fix debugfs cleanup in the device init/remove flow
net/mlx5: E-Switch, Fix memory leak when creating switchdev mode FDB tables
net/tls: Set count of SG entries if sk_alloc_sg returns -ENOSPC
erspan: fix error handling for erspan tunnel
erspan: return PACKET_REJECT when the appropriate tunnel is not found
tcp: really ignore MSG_ZEROCOPY if no SO_ZEROCOPY
usb: dwc3: change stream event enable bit back to 13
iommu/arm-smmu-v3: sync the OVACKFLG to PRIQ consumer register
iommu/io-pgtable-arm-v7s: Abort allocation when table address overflows the PTE
ALSA: msnd: Fix the default sample sizes
ALSA: usb-audio: Fix multiple definitions in AU0828_DEVICE() macro
xfrm: fix 'passing zero to ERR_PTR()' warning
amd-xgbe: use dma_mapping_error to check map errors
gfs2: Special-case rindex for gfs2_grow
clk: imx6ul: fix missing of_node_put()
clk: core: Potentially free connection id
clk: clk-fixed-factor: Clear OF_POPULATED flag in case of failure
kbuild: add .DELETE_ON_ERROR special target
media: tw686x: Fix oops on buffer alloc failure
dmaengine: pl330: fix irq race with terminate_all
MIPS: ath79: fix system restart
media: videobuf2-core: check for q->error in vb2_core_qbuf()
IB/rxe: Drop QP0 silently
block: allow max_discard_segments to be stacked
IB/ipoib: Fix error return code in ipoib_dev_init()
mtd/maps: fix solutionengine.c printk format warnings
media: ov5645: Supported external clock is 24MHz
perf test: Fix subtest number when showing results
gfs2: Don't reject a supposedly full bitmap if we have blocks reserved
perf tools: Synthesize GROUP_DESC feature in pipe mode
fbdev: omapfb: off by one in omapfb_register_client()
perf tools: Fix struct comm_str removal crash
video: goldfishfb: fix memory leak on driver remove
fbdev/via: fix defined but not used warning
perf powerpc: Fix callchain ip filtering when return address is in a register
video: fbdev: pxafb: clear allocated memory for video modes
fbdev: Distinguish between interlaced and progressive modes
ARM: exynos: Clear global variable on init error path
perf powerpc: Fix callchain ip filtering
nvme-rdma: unquiesce queues when deleting the controller
powerpc/powernv: opal_put_chars partial write fix
staging: bcm2835-camera: fix timeout handling in wait_for_completion_timeout
staging: bcm2835-camera: handle wait_for_completion_timeout return properly
ASoC: rt5514: Fix the issue of the delay volume applied
MIPS: jz4740: Bump zload address
mac80211: restrict delayed tailroom needed decrement
Smack: Fix handling of IPv4 traffic received by PF_INET6 sockets
wan/fsl_ucc_hdlc: use IS_ERR_VALUE() to check return value of qe_muram_alloc
reset: imx7: Fix always writing bits as 0
nfp: avoid buffer leak when FW communication fails
xen-netfront: fix queue name setting
arm64: dts: qcom: db410c: Fix Bluetooth LED trigger
ARM: dts: qcom: msm8974-hammerhead: increase load on l20 for sdhci
s390/qeth: fix race in used-buffer accounting
s390/qeth: reset layer2 attribute on layer switch
platform/x86: toshiba_acpi: Fix defined but not used build warnings
KVM: arm/arm64: Fix vgic init race
drivers/base: stop new probing during shutdown
i2c: aspeed: Fix initial values of master and slave state
dmaengine: mv_xor_v2: kill the tasklets upon exit
crypto: sharah - Unregister correct algorithms for SAHARA 3
xen-netfront: fix warn message as irq device name has '/'
RDMA/cma: Protect cma dev list with lock
pstore: Fix incorrect persistent ram buffer mapping
xen/netfront: fix waiting for xenbus state change
IB/ipoib: Avoid a race condition between start_xmit and cm_rep_handler
mmc: omap_hsmmc: fix wakeirq handling on removal
ipmi: Fix I2C client removal in the SSIF driver
Tools: hv: Fix a bug in the key delete code
xhci: Fix use after free for URB cancellation on a reallocated endpoint
usb: Don't die twice if PCI xhci host is not responding in resume
mei: ignore not found client in the enumeration
mei: bus: need to unlink client before freeing
USB: Add quirk to support DJI CineSSD
usb: uas: add support for more quirk flags
usb: Avoid use-after-free by flushing endpoints early in usb_set_interface()
usb: host: u132-hcd: Fix a sleep-in-atomic-context bug in u132_get_frame()
USB: add quirk for WORLDE Controller KS49 or Prodipe MIDI 49C USB controller
usb: gadget: udc: renesas_usb3: fix maxpacket size of ep0
USB: net2280: Fix erroneous synchronization change
USB: serial: io_ti: fix array underflow in completion handler
usb: misc: uss720: Fix two sleep-in-atomic-context bugs
USB: serial: ti_usb_3410_5052: fix array underflow in completion handler
USB: yurex: Fix buffer over-read in yurex_write()
Revert "cdc-acm: implement put_char() and flush_chars()"
cifs: prevent integer overflow in nxt_dir_entry()
CIFS: fix wrapping bugs in num_entries()
xtensa: ISS: don't allocate memory in platform_setup
perf/core: Force USER_DS when recording user stack data
NFSv4.1 fix infinite loop on I/O.
binfmt_elf: Respect error return from `regset->active'
net/mlx5: Add missing SET_DRIVER_VERSION command translation
arm64: dts: uniphier: Add missing cooling device properties for CPUs
audit: fix use-after-free in audit_add_watch
mtdchar: fix overflows in adjustment of `count`
Bluetooth: Use lock_sock_nested in bt_accept_enqueue
evm: Don't deadlock if a crypto algorithm is unavailable
KVM: PPC: Book3S HV: Add of_node_put() in success path
security: check for kstrdup() failure in lsm_append()
MIPS: loongson64: cs5536: Fix PCI_OHCI_INT_REG reads
configfs: fix registered group removal
pinctrl: rza1: Fix selector use for groups and functions
sched/core: Use smp_mb() in wake_woken_function()
efi/esrt: Only call efi_mem_reserve() for boot services memory
ARM: hisi: handle of_iomap and fix missing of_node_put
ARM: hisi: fix error handling and missing of_node_put
ARM: hisi: check of_iomap and fix missing of_node_put
liquidio: fix hang when re-binding VF host drv after running DPDK VF driver
gpu: ipu-v3: csi: pass back mbus_code_to_bus_cfg error codes
tty: fix termios input-speed encoding when using BOTHER
tty: fix termios input-speed encoding
mmc: sdhci-of-esdhc: set proper dma mask for ls104x chips
mmc: tegra: prevent HS200 on Tegra 3
mmc: sdhci: do not try to use 3.3V signaling if not supported
drm/nouveau: Fix runtime PM leak in drm_open()
drm/nouveau/debugfs: Wake up GPU before doing any reclocking
drm/nouveau: tegra: Detach from ARM DMA/IOMMU mapping
parport: sunbpp: fix error return code
sched/fair: Fix util_avg of new tasks for asymmetric systems
coresight: Handle errors in finding input/output ports
coresight: tpiu: Fix disabling timeouts
coresight: ETM: Add support for Arm Cortex-A73 and Cortex-A35
staging: bcm2835-audio: Don't leak workqueue if open fails
gpio: pxa: Fix potential NULL dereference
gpiolib: Mark gpio_suffixes array with __maybe_unused
mfd: 88pm860x-i2c: switch to i2c_lock_bus(..., I2C_LOCK_SEGMENT)
input: rohm_bu21023: switch to i2c_lock_bus(..., I2C_LOCK_SEGMENT)
drm/amdkfd: Fix error codes in kfd_get_process
rtc: bq4802: add error handling for devm_ioremap
ALSA: pcm: Fix snd_interval_refine first/last with open min/max
scsi: libfc: fixup 'sleeping function called from invalid context'
drm/panel: type promotion bug in s6e8aa0_read_mtp_id()
blk-mq: only attempt to merge bio if there is rq in sw queue
blk-mq: avoid to synchronize rcu inside blk_cleanup_queue()
pinctrl: msm: Fix msm_config_group_get() to be compliant
pinctrl: qcom: spmi-gpio: Fix pmic_gpio_config_get() to be compliant
clk: tegra: bpmp: Don't crash when a clock fails to register
mei: bus: type promotion bug in mei_nfc_if_version()
earlycon: Initialize port->uartclk based on clock-frequency property
earlycon: Remove hardcoded port->uartclk initialization in of_setup_earlycon
net/ipv6: prevent use after free in ip6_route_mpath_notify
Partial revert "e1000e: Avoid receiver overrun interrupt bursts"
e1000e: Fix queue interrupt re-raising in Other interrupt
e1000e: Avoid missed interrupts following ICR read
Revert "e1000e: Separate signaling for link check/link up"
e1000e: Fix link check race condition
e1000e: Fix check_for_link return value with autoneg off
tipc: orphan sock in tipc_release()
net/mlx5: Fix not releasing read lock when adding flow rules
iommu/arm-smmu-v3: sync the OVACKFLG to PRIQ consumer register
iwlwifi: cancel the injective function between hw pointers to tfd entry index
kbuild: do not update config when running install targets
omapfb: rename omap2 module to omap2fb.ko
UBUNTU: [Config] Rename omapfb to omap2fb
perf script: Show correct offsets for DWARF-based unwinding
iommu/ipmmu-vmsa: IMUCTRn.TTSEL needs a special usage on R-Car Gen3
ipmi: Move BT capabilities detection to the detect call
ovl: fix oopses in ovl_fill_super() failure paths
usb: xhci: fix interrupt transfer error happened on MTK platforms
usb: mtu3: fix error of xhci port id when enable U3 dual role
dm verity: fix crash on bufio buffer that was allocated with vmalloc
cifs: integer overflow in in SMB2_ioctl()
perf tools: Fix maps__find_symbol_by_name()
NFSv4: Fix a tracepoint Oops in initiate_file_draining()
of: add helper to lookup compatible child node
mmc: meson-mx-sdio: fix OF child-node lookup
bpf: fix rcu annotations in compute_effective_progs()
spi: dw: fix possible race condition
PM / devfreq: use put_device() instead of kfree()
ASoC: hdmi-codec: fix routing
drm/amd/display: support access ddc for mst branch
rcutorture: Use monotonic timestamp for stall detection
selftests: vDSO - fix to return KSFT_SKIP when test couldn't be run
selftests/android: initialize heap_type to avoid compiling warning
scsi: lpfc: Fix NVME Target crash in defer rcv logic
scsi: lpfc: Fix panic if driver unloaded when port is offline
arm64: perf: Disable PMU while processing counter overflows
staging: fsl-dpaa2/eth: Fix DMA mapping direction
block/DAC960.c: fix defined but not used build warnings
IB/mlx5: fix uaccess beyond "count" in debugfs read/write handlers

Changed in linux (Ubuntu):
status: New → Confirmed
tags: added: kernel-stable-tracking-bug
description: updated
Changed in linux (Ubuntu Bionic):
status: New → In Progress
assignee: nobody → Kamal Mostafa (kamalmostafa)
description: updated
Changed in linux (Ubuntu Bionic):
status: In Progress → Fix Committed
Launchpad Janitor (janitor) wrote :
Download full text (171.3 KiB)

This bug was fixed in the package linux - 4.15.0-58.64

linux (4.15.0-58.64) bionic; urgency=medium

  * unable to handle kernel NULL pointer dereference at 000000000000002c (IP:
    iget5_locked+0x9e/0x1f0) (LP: #1838982)
    - Revert "ovl: set I_CREATING on inode being created"
    - Revert "new primitive: discard_new_inode()"

linux (4.15.0-57.63) bionic; urgency=medium

  * CVE-2019-1125
    - x86/cpufeatures: Carve out CQM features retrieval
    - x86/cpufeatures: Combine word 11 and 12 into a new scattered features word
    - x86/speculation: Prepare entry code for Spectre v1 swapgs mitigations
    - x86/speculation: Enable Spectre v1 swapgs mitigations
    - x86/entry/64: Use JMP instead of JMPQ
    - x86/speculation/swapgs: Exclude ATOMs from speculation through SWAPGS

  * Packaging resync (LP: #1786013)
    - update dkms package versions

linux (4.15.0-56.62) bionic; urgency=medium

  * bionic/linux: 4.15.0-56.62 -proposed tracker (LP: #1837626)

  * Packaging resync (LP: #1786013)
    - [Packaging] resync git-ubuntu-log
    - [Packaging] update helper scripts

  * CVE-2019-2101
    - media: uvcvideo: Fix 'type' check leading to overflow

  * hibmc-drm Causes Unreadable Display for Huawei amd64 Servers (LP: #1762940)
    - [Config] Set CONFIG_DRM_HISI_HIBMC to arm64 only
    - SAUCE: Make CONFIG_DRM_HISI_HIBMC depend on ARM64

  * Bionic: support for Solarflare X2542 network adapter (sfc driver)
    (LP: #1836635)
    - sfc: make mem_bar a function rather than a constant
    - sfc: support VI strides other than 8k
    - sfc: add Medford2 (SFC9250) PCI Device IDs
    - sfc: improve PTP error reporting
    - sfc: update EF10 register definitions
    - sfc: populate the timer reload field
    - sfc: update MCDI protocol headers
    - sfc: support variable number of MAC stats
    - sfc: expose FEC stats on Medford2
    - sfc: expose CTPIO stats on NICs that support them
    - sfc: basic MCDI mapping of 25/50/100G link speeds
    - sfc: support the ethtool ksettings API properly so that 25/50/100G works
    - sfc: add bits for 25/50/100G supported/advertised speeds
    - sfc: remove tx and MCDI handling from NAPI budget consideration
    - sfc: handle TX timestamps in the normal data path
    - sfc: add function to determine which TX timestamping method to use
    - sfc: use main datapath for HW timestamps if available
    - sfc: only enable TX timestamping if the adapter is licensed for it
    - sfc: MAC TX timestamp handling on the 8000 series
    - sfc: on 8000 series use TX queues for TX timestamps
    - sfc: only advertise TX timestamping if we have the license for it
    - sfc: simplify RX datapath timestamping
    - sfc: support separate PTP and general timestamping
    - sfc: support second + quarter ns time format for receive datapath
    - sfc: support Medford2 frequency adjustment format
    - sfc: add suffix to large constant in ptp
    - sfc: mark some unexported symbols as static
    - sfc: update MCDI protocol headers
    - sfc: support FEC configuration through ethtool
    - sfc: remove ctpio_dmabuf_start from stats
    - sfc: stop the TX queue before pushing new buffers

  * [18.04 FEAT] zKVM: Add hardwar...

Changed in linux (Ubuntu Bionic):
status: Fix Committed → Fix Released
Po-Hsu Lin (cypressyew) on 2019-10-03
Changed in linux (Ubuntu):
status: Confirmed → Invalid
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers