Bionic update: upstream stable patchset 2019-07-15

Bug #1836654 reported by Kamal Mostafa on 2019-07-15
Bug Description

SRU Justification

       The upstream process for stable tree updates is quite similar
       in scope to the Ubuntu SRU process, e.g., each patch has to
       demonstrably fix a bug, and each patch is vetted by upstream
       by originating either directly from a mainline/stable Linux tree or
       a minimally backported form of that patch. The following upstream
       stable patches should be included in the Ubuntu kernel:

       upstream stable patchset 2019-07-15

        Ported from the following upstream stable releases:
            v4.14.78, v4.18.16,
            v4.14.79, v4.18.17,
            v4.14.80, v4.18.18

       from git://

media: af9035: prevent buffer overflow on write
batman-adv: Avoid probe ELP information leak
batman-adv: Fix segfault when writing to throughput_override
batman-adv: Fix segfault when writing to sysfs elp_interval
batman-adv: Prevent duplicated gateway_node entry
batman-adv: Prevent duplicated nc_node entry
batman-adv: Prevent duplicated softif_vlan entry
batman-adv: Prevent duplicated global TT entry
batman-adv: Prevent duplicated tvlv handler
batman-adv: fix backbone_gw refcount on queue_work() failure
batman-adv: fix hardif_neigh refcount on queue_work() failure
clocksource/drivers/ti-32k: Add CLOCK_SOURCE_SUSPEND_NONSTOP flag for non-am43 SoCs
scsi: ibmvscsis: Fix a stringop-overflow warning
scsi: ibmvscsis: Ensure partition name is properly NUL terminated
intel_th: pci: Add Ice Lake PCH support
Input: atakbd - fix Atari keymap
Input: atakbd - fix Atari CapsLock behaviour
net: emac: fix fixed-link setup for the RTL8363SB switch
ravb: do not write 1 to reserved bits
PCI: dwc: Fix scheduling while atomic issues
drm: mali-dp: Call drm_crtc_vblank_reset on device init
scsi: ipr: System hung while dlpar adding primary ipr adapter back
scsi: sd: don't crash the host on invalid commands
net/mlx4: Use cpumask_available for eq->affinity_mask
clocksource/drivers/fttmr010: Fix set_next_event handler
powerpc/tm: Fix userspace r13 corruption
powerpc/tm: Avoid possible userspace r1 corruption on reclaim
iommu/amd: Return devid as alias for ACPI HID devices
ARC: build: Get rid of toolchain check
ARC: build: Don't set CROSS_COMPILE in arch's Makefile
HID: quirks: fix support for Apple Magic Keyboards
staging: ccree: check DMA pool buf !NULL before free
net/smc: fix sizeof to int comparison
qed: Fix populating the invalid stag value in multi function mode.
RDMA/uverbs: Fix validity check for modify QP
bpf: test_maps, only support ESTABLISHED socks
RDMA/bnxt_re: Fix system crash during RDMA resource initialization
RISC-V: include linux/ftrace.h in asm-prototypes.h
powerpc/numa: Use associativity if VPHN hcall is successful
x86/boot: Fix kexec booting failure in the SEV bit detection code
xfrm: Validate address prefix lengths in the xfrm selector.
xfrm6: call kfree_skb when skb is toobig
xfrm: reset transport header back to network header after all input transforms ahave been applied
xfrm: reset crypto_done when iterating over multiple input xfrms
mac80211: Always report TX status
cfg80211: reg: Init wiphy_idx in regulatory_hint_core()
mac80211: fix pending queue hang due to TX_DROP
cfg80211: Address some corner cases in scan result channel updating
mac80211: TDLS: fix skb queue/priority assignment
mac80211: fix TX status reporting for ieee80211s
ARM: 8799/1: mm: fix pci_ioremap_io() offset check
xfrm: validate template mode
netfilter: bridge: Don't sabotage nf_hook calls from an l3mdev
arm64: hugetlb: Fix handling of young ptes
ARM: dts: BCM63xx: Fix incorrect interrupt specifiers
net: macb: Clean 64b dma addresses if they are not detected
soc: fsl: qbman: qman: avoid allocating from non existing gen_pool
soc: fsl: qe: Fix copy/paste bug in ucc_get_tdm_sync_shift()
mac80211_hwsim: do not omit multicast announce of first added radio
Bluetooth: SMP: fix crash in unpairing
pxa168fb: prepare the clock
qed: Avoid implicit enum conversion in qed_set_tunn_cls_info
qed: Fix mask parameter in qed_vf_prep_tunn_req_tlv
qed: Avoid implicit enum conversion in qed_roce_mode_to_flavor
qed: Avoid constant logical operation warning in qed_vf_pf_acquire
qed: Avoid implicit enum conversion in qed_iwarp_parse_rx_pkt
asix: Check for supported Wake-on-LAN modes
ax88179_178a: Check for supported Wake-on-LAN modes
lan78xx: Check for supported Wake-on-LAN modes
sr9800: Check for supported Wake-on-LAN modes
r8152: Check for supported Wake-on-LAN Modes
smsc75xx: Check for Wake-on-LAN modes
smsc95xx: Check for Wake-on-LAN modes
cfg80211: fix use-after-free in reg_process_hint()
perf/core: Fix perf_pmu_unregister() locking
perf/ring_buffer: Prevent concurent ring buffer access
perf/x86/intel/uncore: Fix PCI BDF address of M3UPI on SKX
perf/x86/amd/uncore: Set ThreadMask and SliceMask for L3 Cache perf events
net: fec: fix rare tx timeout
declance: Fix continuation with the adapter identification message
locking/ww_mutex: Fix runtime warning in the WW mutex selftest
be2net: don't flip hw_features when VXLANs are added/deleted
net: cxgb3_main: fix a missing-check bug
yam: fix a missing-check bug
ocfs2: fix crash in ocfs2_duplicate_clusters_by_page()
iwlwifi: mvm: check for short GI only for OFDM
iwlwifi: dbg: allow wrt collection before ALIVE
iwlwifi: fix the ALIVE notification layout
usbip: vhci_hcd: update 'status' file header and format
net/mlx5: Fix mlx5_get_vector_affinity function
powerpc/pseries: Add empty update_numa_cpu_lookup_table() for NUMA=n
dm integrity: fail early if required HMAC key is not available
net: phy: realtek: Use the dummy stubs for MMD register access for rtl8211b
net: phy: Add general dummy stubs for MMD register access
scsi: qla2xxx: Avoid double completion of abort command
kbuild: set no-integrated-as before incl. arch Makefile
IB/mlx5: Avoid passing an invalid QP type to firmware
l2tp: remove configurable payload offset
cifs: Use ULL suffix for 64-bit constant
KVM: x86: Update the exit_qualification access bits while walking an address
sparc64: Fix regression in pmdp_invalidate().
tpm: move the delay_msec increment after sleep in tpm_transmit()
bpf: sockmap, map_release does not hold refcnt for pinned maps
tpm: tpm_crb: relinquish locality on error path.
IB/usnic: Update with bug fixes from core code
mmc: dw_mmc-rockchip: correct property names in debug
MIPS: Workaround GCC __builtin_unreachable reordering bug
iio: buffer: fix the function signature to match implementation
selftests/powerpc: Add ptrace hw breakpoint test
scsi: ibmvfc: Avoid unnecessary port relogin
scsi: sd: Remember that READ CAPACITY(16) succeeded
btrfs: quota: Set rescan progress to (u64)-1 if we hit last leaf
net: phy: phylink: Don't release NULL GPIO
x86/paravirt: Fix some warning messages
net: stmmac: mark PM functions as __maybe_unused
kconfig: fix the rule of mainmenu_stmt symbol
libertas: call into generic suspend code before turning off power
compiler.h: Allow arch-specific asm/compiler.h
ARM: dts: imx53-qsb: disable 1.2GHz OPP
perf python: Use -Wno-redundant-decls to build with PYTHON=python3
rxrpc: Don't check RXRPC_CALL_TX_LAST after calling rxrpc_rotate_tx_window()
rxrpc: Only take the rwind and mtu values from latest ACK
rxrpc: Fix connection-level abort handling
selftests: explicitly requires bash.
fs/fat/fatent.c: add cond_resched() to fat_count_free_clusters()
mtd: spi-nor: Add support for is25wp series chips
ARM: dts: r8a7790: Correct critical CPU temperature
media: uvcvideo: Fix driver reference counting
Revert "netfilter: ipv6: nf_defrag: drop skb dst before queueing"
perf tools: Disable parallelism for 'make clean'
drm/i915/gvt: fix memory leak of a cmd_entry struct on error exit path
bridge: do not add port to router list when receives query with source
net: bridge: remove ipv6 zero address check in mcast queries
ipv6: mcast: fix a use-after-free in inet6_mc_check
ipv6/ndisc: Preserve IPv6 control buffer if protocol error handlers are called
llc: set SOCK_RCU_FREE in llc_sap_add_socket()
net: fec: don't dump RX FIFO register when not available
net/ipv6: Fix index counter for unicast addresses in in6_dump_addrs
net: sched: gred: pass the right attribute to gred_change_table_def()
net: socket: fix a missing-check bug
net: stmmac: Fix stmmac_mdio_reset() when building stmmac as modules
net: udp: fix handling of CHECKSUM_COMPLETE packets
r8169: fix NAPI handling under high load
sctp: fix race on sctp_id2asoc
udp6: fix encap return code for resubmitting
virtio_net: avoid using netif_tx_disable() for serializing tx routine
ethtool: fix a privilege escalation bug
bonding: fix length of actor system
ip6_tunnel: Fix encapsulation layout
openvswitch: Fix push/pop ethernet validation
net/mlx5: Take only bit 24-26 of wqe.pftype_wq for page fault type
net: sched: Fix for duplicate class dump
net: drop skb on failure in ip_check_defrag()
net: fix pskb_trim_rcsum_slow() with odd trim offset
net/mlx5e: fix csum adjustments caused by RXFCS
rtnetlink: Disallow FDB configuration for non-Ethernet device
net: ipmr: fix unresolved entry dumps
net: bcmgenet: Poll internal PHY for GENETv5
net/sched: cls_api: add missing validation of netlink attributes
net/mlx5: Fix build break when CONFIG_SMP=n
mac80211_hwsim: fix locking when iterating radios during ns exit
rxrpc: Fix checks as to whether we should set up a new call
rxrpc: Fix transport sockopts to get IPv4 errors on an IPv6 socket
thunderbolt: Do not handle ICM events after domain is stopped
thunderbolt: Initialize after IOMMUs
RISCV: Fix end PFN for low memory
drm/amd/display: Signal hw_done() after waiting for flip_done()
powerpc/numa: Skip onlining a offline node in kdump path
mm/gup_benchmark: fix unsigned comparison to zero in __gup_benchmark_ioctl
perf report: Don't try to map ip to invalid map
perf record: Use unmapped IP for inline callchain cursors
rxrpc: Carry call state out of locked section in rxrpc_rotate_tx_window()
gpio: Assign gpio_irq_chip::parents to non-stack pointer
IB/mlx5: Unmap DMA addr from HCA before IOMMU
rds: RDS (tcp) hangs on sendto() to unresponding address
sparc64: Export __node_distance.
sparc64: Make corrupted user stacks more debuggable.
sparc64: Make proc_id signed.
sparc64: Set %l4 properly on trap return after handling signals.
sparc: Fix single-pcr perf event counter management.
sparc: Fix syscall fallback bugs in VDSO.
sparc: Throttle perf events properly.
eeprom: at24: Add support for address-width property
vfs: swap names of {do,vfs}_clone_file_range()
bpf: fix partial copy of map_ptr when dst is scalar
gpio: mxs: Get rid of external API call
xfs: truncate transaction does not modify the inobt
cachefiles: fix the race between cachefiles_bury_object() and rmdir(2)
drm/edid: Add 6 bpc quirk for BOE panel in HP Pavilion 15-n233sl
drm/edid: VSDB yCBCr420 Deep Color mode bit definitions
drm: fb-helper: Reject all pixel format changing requests
cdc-acm: do not reset notification buffer index upon urb unlinking
cdc-acm: correct counting of UART states in serial state notification
cdc-acm: fix race between reset and control messaging
usb: usbip: Fix BUG: KASAN: slab-out-of-bounds in vhci_hub_control()
USB: fix the usbfs flag sanitization for control transfers
Input: elan_i2c - add ACPI ID for Lenovo IdeaPad 330-15IGM
sched/fair: Fix throttle_list starvation with low CFS quota
x86/tsc: Force inlining of cyc2ns bits
x86, hibernate: Fix nosave_regions setup for hibernation
x86/percpu: Fix this_cpu_read()
x86/time: Correct the attribute on jiffies' definition
x86/fpu: Fix i486 + no387 boot crash by only saving FPU registers on context switch if there is an FPU
clk: sunxi-ng: sun4i: Set VCO and PLL bias current to lowest setting
drm/sun4i: Fix an ulong overflow in the dotclock driver
x86/swiotlb: Enable swiotlb for > 4GiG RAM on 32-bit kernels

Changed in linux (Ubuntu):
status: New → Confirmed
tags: added: kernel-stable-tracking-bug
description: updated
Changed in linux (Ubuntu Bionic):
status: New → In Progress
assignee: nobody → Kamal Mostafa (kamalmostafa)
Changed in linux (Ubuntu Bionic):
status: In Progress → Fix Committed
Launchpad Janitor (janitor) wrote :
This bug was fixed in the package linux - 4.15.0-58.64

linux (4.15.0-58.64) bionic; urgency=medium

  * unable to handle kernel NULL pointer dereference at 000000000000002c (IP:
    iget5_locked+0x9e/0x1f0) (LP: #1838982)
    - Revert "ovl: set I_CREATING on inode being created"
    - Revert "new primitive: discard_new_inode()"

linux (4.15.0-57.63) bionic; urgency=medium

  * CVE-2019-1125
    - x86/cpufeatures: Carve out CQM features retrieval
    - x86/cpufeatures: Combine word 11 and 12 into a new scattered features word
    - x86/speculation: Prepare entry code for Spectre v1 swapgs mitigations
    - x86/speculation: Enable Spectre v1 swapgs mitigations
    - x86/entry/64: Use JMP instead of JMPQ
    - x86/speculation/swapgs: Exclude ATOMs from speculation through SWAPGS

  * Packaging resync (LP: #1786013)
    - update dkms package versions

linux (4.15.0-56.62) bionic; urgency=medium

  * bionic/linux: 4.15.0-56.62 -proposed tracker (LP: #1837626)

  * Packaging resync (LP: #1786013)
    - [Packaging] resync git-ubuntu-log
    - [Packaging] update helper scripts

  * CVE-2019-2101
    - media: uvcvideo: Fix 'type' check leading to overflow

  * hibmc-drm Causes Unreadable Display for Huawei amd64 Servers (LP: #1762940)
    - [Config] Set CONFIG_DRM_HISI_HIBMC to arm64 only
    - SAUCE: Make CONFIG_DRM_HISI_HIBMC depend on ARM64

  * Bionic: support for Solarflare X2542 network adapter (sfc driver)
    (LP: #1836635)
    - sfc: make mem_bar a function rather than a constant
    - sfc: support VI strides other than 8k
    - sfc: add Medford2 (SFC9250) PCI Device IDs
    - sfc: improve PTP error reporting
    - sfc: update EF10 register definitions
    - sfc: populate the timer reload field
    - sfc: update MCDI protocol headers
    - sfc: support variable number of MAC stats
    - sfc: expose FEC stats on Medford2
    - sfc: expose CTPIO stats on NICs that support them
    - sfc: basic MCDI mapping of 25/50/100G link speeds
    - sfc: support the ethtool ksettings API properly so that 25/50/100G works
    - sfc: add bits for 25/50/100G supported/advertised speeds
    - sfc: remove tx and MCDI handling from NAPI budget consideration
    - sfc: handle TX timestamps in the normal data path
    - sfc: add function to determine which TX timestamping method to use
    - sfc: use main datapath for HW timestamps if available
    - sfc: only enable TX timestamping if the adapter is licensed for it
    - sfc: MAC TX timestamp handling on the 8000 series
    - sfc: on 8000 series use TX queues for TX timestamps
    - sfc: only advertise TX timestamping if we have the license for it
    - sfc: simplify RX datapath timestamping
    - sfc: support separate PTP and general timestamping
    - sfc: support second + quarter ns time format for receive datapath
    - sfc: support Medford2 frequency adjustment format
    - sfc: add suffix to large constant in ptp
    - sfc: mark some unexported symbols as static
    - sfc: update MCDI protocol headers
    - sfc: support FEC configuration through ethtool
    - sfc: remove ctpio_dmabuf_start from stats
    - sfc: stop the TX queue before pushing new buffers

  * [18.04 FEAT] zKVM: Add hardwar...

Changed in linux (Ubuntu Bionic):
status: Fix Committed → Fix Released
Po-Hsu Lin (cypressyew) on 2019-10-03
Changed in linux (Ubuntu):
status: Confirmed → Invalid
