Bug #1836910 “br_netfilter: namespace sysctl operations” : Disco (19.04) : Bugs : linux package : Ubuntu

Revision history for this message

Christian Brauner (cbrauner) wrote on 2019-07-17:

#1

Relevant upstream commits are:

https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=ff6d090d0db41425aef0cfe5dc58bb3cc12514a2

https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=22567590b2e634247931b3d2351384ba45720ebe

https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=7e6daf50e1f4ea0ecd56406beb64ffc66e1e94db

Revision history for this message

Ubuntu Kernel Bot (ubuntu-kernel-bot) wrote on 2019-07-17: Missing required logs.

#2

This bug is missing log files that will aid in diagnosing the problem. While running an Ubuntu kernel (not a mainline or third-party kernel) please enter the following command in a terminal window:

apport-collect 1836910

and then change the status of the bug to 'Confirmed'.

If, due to the nature of the issue you have encountered, you are unable to run this command, please add a comment stating that fact and change the bug status to 'Confirmed'.

This change has been made by an automated script, maintained by the Ubuntu Kernel Team.

Changed in linux (Ubuntu):
status:	New → Incomplete

Christian Brauner (cbrauner) on 2019-07-17

Changed in linux (Ubuntu):
status:	Incomplete → Confirmed

Christian Brauner (cbrauner) on 2019-07-17

description:

updated

Connor Kuehl (connork) on 2019-07-22

Changed in linux (Ubuntu Bionic):
status:	New → In Progress
Changed in linux (Ubuntu Disco):
status:	New → In Progress
Changed in linux (Ubuntu Bionic):
importance:	Undecided → Medium
Changed in linux (Ubuntu Disco):
importance:	Undecided → Medium
assignee:	nobody → Connor Kuehl (connork)
Changed in linux (Ubuntu Bionic):
assignee:	nobody → Connor Kuehl (connork)
Changed in linux (Ubuntu):
status:	Confirmed → Invalid

Revision history for this message

Connor Kuehl (connork) wrote on 2019-07-26:

#3

https://lists.ubuntu.com/archives/kernel-team/2019-July/102594.html

Seth Forshee (sforshee) on 2019-07-30

Changed in linux (Ubuntu):
status:	Invalid → Fix Committed

Christian Brauner (cbrauner) on 2019-07-30

description:

updated

Christian Brauner (cbrauner) on 2019-07-31

description:

updated

Revision history for this message

Launchpad Janitor (janitor) wrote on 2019-08-09:

#4

Download full text (37.9 KiB)

This bug was fixed in the package linux - 5.2.0-10.11

---------------
linux (5.2.0-10.11) eoan; urgency=medium

* eoan/linux: 5.2.0-10.11 -proposed tracker (LP: #1838113)

* Packaging resync (LP: #1786013)
- [Packaging] resync git-ubuntu-log

  * Eoan update: v5.2.4 upstream stable release (LP: #1838428)
    - bnx2x: Prevent load reordering in tx completion processing
    - caif-hsi: fix possible deadlock in cfhsi_exit_module()
    - hv_netvsc: Fix extra rcu_read_unlock in netvsc_recv_callback()
    - igmp: fix memory leak in igmpv3_del_delrec()
    - ipv4: don't set IPv6 only flags to IPv4 addresses
    - ipv6: rt6_check should return NULL if 'from' is NULL
    - ipv6: Unlink sibling route in case of failure
    - net: bcmgenet: use promisc for unsupported filters
    - net: dsa: mv88e6xxx: wait after reset deactivation
    - net: make skb_dst_force return true when dst is refcounted
    - net: neigh: fix multiple neigh timer scheduling
    - net: openvswitch: fix csum updates for MPLS actions
    - net: phy: sfp: hwmon: Fix scaling of RX power
    - net_sched: unset TCQ_F_CAN_BYPASS when adding filters
    - net: stmmac: Re-work the queue selection for TSO packets
    - net/tls: make sure offload also gets the keys wiped
    - nfc: fix potential illegal memory access
    - r8169: fix issue with confused RX unit after PHY power-down on RTL8411b
    - rxrpc: Fix send on a connected, but unbound socket
    - sctp: fix error handling on stream scheduler initialization
    - sctp: not bind the socket in sctp_connect
    - sky2: Disable MSI on ASUS P6T
    - tcp: be more careful in tcp_fragment()
    - tcp: fix tcp_set_congestion_control() use from bpf hook
    - tcp: Reset bytes_acked and bytes_received when disconnecting
    - vrf: make sure skb->data contains ip header to make routing
    - net/mlx5e: IPoIB, Add error path in mlx5_rdma_setup_rn
    - net: bridge: mcast: fix stale nsrcs pointer in igmp3/mld2 report handling
    - net: bridge: mcast: fix stale ipv6 hdr pointer when handling v6 query
    - net: bridge: don't cache ether dest pointer on input
    - net: bridge: stp: don't cache eth dest pointer before skb pull
    - macsec: fix use-after-free of skb during RX
    - macsec: fix checksumming after decryption
    - netrom: fix a memory leak in nr_rx_frame()
    - netrom: hold sock when setting skb->destructor
    - selftests: txring_overwrite: fix incorrect test of mmap() return value
    - net/tls: fix poll ignoring partially copied records
    - net/tls: reject offload of TLS 1.3
    - net/mlx5e: Fix port tunnel GRE entropy control
    - net/mlx5e: Rx, Fix checksum calculation for new hardware
    - net/mlx5e: Fix return value from timeout recover function
    - net/mlx5e: Fix error flow in tx reporter diagnose
    - bnxt_en: Fix VNIC accounting when enabling aRFS on 57500 chips.
    - mlxsw: spectrum_dcb: Configure DSCP map as the last rule is removed
    - net/mlx5: E-Switch, Fix default encap mode
    - mlxsw: spectrum: Do not process learned records with a dummy FID
    - dma-buf: balance refcount inbalance
    - dma-buf: Discard old fence_excl on retrying get_fences_rcu for realloc
    - Revert "gpio/spi: Fix spi-gpio...

This bug was fixed in the package linux - 5.2.0-10.11

---------------
linux (5.2.0-10.11) eoan; urgency=medium

* eoan/linux: 5.2.0-10.11 -proposed tracker (LP: #1838113)

* Packaging resync (LP: #1786013)
    - [Packaging] resync git-ubuntu-log

* Eoan update: v5.2.4 upstream stable release (LP: #1838428)
    - bnx2x: Prevent load reordering in tx completion processing
    - caif-hsi: fix possible deadlock in cfhsi_exit_module()
    - hv_netvsc: Fix extra rcu_read_unlock in netvsc_recv_callback()
    - igmp: fix memory leak in igmpv3_del_delrec()
    - ipv4: don't set IPv6 only flags to IPv4 addresses
    - ipv6: rt6_check should return NULL if 'from' is NULL
    - ipv6: Unlink sibling route in case of failure
    - net: bcmgenet: use promisc for unsupported filters
    - net: dsa: mv88e6xxx: wait after reset deactivation
    - net: make skb_dst_force return true when dst is refcounted
    - net: neigh: fix multiple neigh timer scheduling
    - net: openvswitch: fix csum updates for MPLS actions
    - net: phy: sfp: hwmon: Fix scaling of RX power
    - net_sched: unset TCQ_F_CAN_BYPASS when adding filters
    - net: stmmac: Re-work the queue selection for TSO packets
    - net/tls: make sure offload also gets the keys wiped
    - nfc: fix potential illegal memory access
    - r8169: fix issue with confused RX unit after PHY power-down on RTL8411b
    - rxrpc: Fix send on a connected, but unbound socket
    - sctp: fix error handling on stream scheduler initialization
    - sctp: not bind the socket in sctp_connect
    - sky2: Disable MSI on ASUS P6T
    - tcp: be more careful in tcp_fragment()
    - tcp: fix tcp_set_congestion_control() use from bpf hook
    - tcp: Reset bytes_acked and bytes_received when disconnecting
    - vrf: make sure skb->data contains ip header to make routing
    - net/mlx5e: IPoIB, Add error path in mlx5_rdma_setup_rn
    - net: bridge: mcast: fix stale nsrcs pointer in igmp3/mld2 report handling
    - net: bridge: mcast: fix stale ipv6 hdr pointer when handling v6 query
    - net: bridge: don't cache ether dest pointer on input
    - net: bridge: stp: don't cache eth dest pointer before skb pull
    - macsec: fix use-after-free of skb during RX
    - macsec: fix checksumming after decryption
    - netrom: fix a memory leak in nr_rx_frame()
    - netrom: hold sock when setting skb->destructor
    - selftests: txring_overwrite: fix incorrect test of mmap() return value
    - net/tls: fix poll ignoring partially copied records
    - net/tls: reject offload of TLS 1.3
    - net/mlx5e: Fix port tunnel GRE entropy control
    - net/mlx5e: Rx, Fix checksum calculation for new hardware
    - net/mlx5e: Fix return value from timeout recover function
    - net/mlx5e: Fix error flow in tx reporter diagnose
    - bnxt_en: Fix VNIC accounting when enabling aRFS on 57500 chips.
    - mlxsw: spectrum_dcb: Configure DSCP map as the last rule is removed
    - net/mlx5: E-Switch, Fix default encap mode
    - mlxsw: spectrum: Do not process learned records with a dummy FID
    - dma-buf: balance refcount inbalance
    - dma-buf: Discard old fence_excl on retrying get_fences_rcu for realloc
    - Revert "gpio/spi: Fix spi-gpio regression on active high CS"
    - gpiolib: of: fix a memory leak in of_gpio_flags_quirks()
    - gpio: davinci: silence error prints in case of EPROBE_DEFER
    - MIPS: lb60: Fix pin mappings
    - perf script: Assume native_arch for pipe mode
    - perf/core: Fix exclusive events' grouping
    - perf/core: Fix race between close() and fork()
    - ext4: don't allow any modifications to an immutable file
    - ext4: enforce the immutable flag on open files
    - mm: add filemap_fdatawait_range_keep_errors()
    - jbd2: introduce jbd2_inode dirty range scoping
    - ext4: use jbd2_inode dirty range scoping
    - ext4: allow directory holes
    - KVM: nVMX: do not use dangling shadow VMCS after guest reset
    - KVM: nVMX: Clear pending KVM_REQ_GET_VMCS12_PAGES when leaving nested
    - Revert "kvm: x86: Use task structs fpu field for user"
    - sd_zbc: Fix report zones buffer allocation
    - block: Limit zone array allocation size
    - net: sched: verify that q!=NULL before setting q->flags
    - Linux 5.2.4

* linux hwe i386 kernel 5.0.0-21.22~18.04.1 crashes on Lenovo x220
    (LP: #1838115)
    - x86/mm: Check for pfn instead of page in vmalloc_sync_one()
    - x86/mm: Sync also unmappings in vmalloc_sync_all()
    - mm/vmalloc: Sync unmappings in __purge_vmap_area_lazy()

* br_netfilter: namespace sysctl operations (LP: #1836910)
    - netfilter: bridge: port sysctls to use brnf_net
    - netfilter: bridge: namespace bridge netfilter sysctls
    - netfilter: bridge: prevent UAF in brnf_exit_net()

* Eoan update: v5.2.3 upstream stable release (LP: #1838089)
    - ath10k: Check tx_stats before use it
    - ath10k: htt: don't use txdone_fifo with SDIO
    - ath10k: fix incorrect multicast/broadcast rate setting
    - ath9k: Don't trust TX status TID number when reporting airtime
    - wil6210: fix potential out-of-bounds read
    - ath10k: Do not send probe response template for mesh
    - spi: rockchip: turn down tx dma bursts
    - ath9k: Check for errors when reading SREV register
    - ath10k: Fix the wrong value of enums for wmi tlv stats id
    - wil6210: fix missed MISC mbox interrupt
    - ath6kl: add some bounds checking
    - ath10k: add peer id check in ath10k_peer_find_by_id
    - wil6210: fix spurious interrupts in 3-msi
    - ath: DFS JP domain W56 fixed pulse type 3 RADAR detection
    - ath10k: Fix encoding for protected management frames
    - regmap: debugfs: Fix memory leak in regmap_debugfs_init
    - batman-adv: fix for leaked TVLV handler.
    - media: dvb: usb: fix use after free in dvb_usb_device_exit
    - media: spi: IR LED: add missing of table registration
    - crypto: talitos - fix skcipher failure due to wrong output IV
    - media: ov7740: avoid invalid framesize setting
    - media: marvell-ccic: fix DMA s/g desc number calculation
    - selftests/bpf: adjust verifier scale test
    - media: vpss: fix a potential NULL pointer dereference
    - media: media_device_enum_links32: clean a reserved field
    - ice: Gracefully handle reset failure in ice_alloc_vfs()
    - media: venus: firmware: fix leaked of_node references
    - crypto: caam - avoid S/G table fetching for AEAD zero-length output
    - net: stmmac: dwmac1000: Clear unused address entries
    - net: stmmac: dwmac4/5: Clear unused address entries
    - net: stmmac: Prevent missing interrupts when running NAPI
    - ice: Fix couple of issues in ice_vsi_release
    - net: mvpp2: cls: Extract the RSS context when parsing the ethtool rule
    - qed: Set the doorbell address correctly
    - signal/pid_namespace: Fix reboot_pid_ns to use send_sig not force_sig
    - af_key: fix leaks in key_pol_get_resp and dump_sp.
    - xfrm: Fix xfrm sel prefix length validation
    - media: vim2m: fix two double-free issues
    - media: v4l2-core: fix use-after-free error
    - fscrypt: clean up some BUG_ON()s in block encryption/decryption
    - media: usb:zr364xx:Fix KASAN:null-ptr-deref Read in zr364xx_vidioc_querycap
    - perf annotate TUI browser: Do not use member from variable within its own
      initialization
    - ice: Check all VFs for MDD activity, don't disable
    - media: mc-device.c: don't memset __user pointer contents
    - media: saa7164: fix remove_proc_entry warning
    - ASoC: Intel: sof-rt5682: fix undefined references with Baytrail-only support
    - media: staging: media: davinci_vpfe: - Fix for memory leak if decoder
      initialization fails.
    - net: phy: Check against net_device being NULL
    - net: dsa: sja1105: Fix broken fixed-link interfaces on user ports
    - crypto: talitos - properly handle split ICV.
    - crypto: talitos - Align SEC1 accesses to 32 bits boundaries.
    - tua6100: Avoid build warnings.
    - batman-adv: Fix duplicated OGMs on NETDEV_UP
    - locking/lockdep: Fix OOO unlock when hlocks need merging
    - locking/lockdep: Fix merging of hlocks with non-zero references
    - media: platform: ao-cec-g12a: disable regmap fast_io for cec bus regmap
    - media: wl128x: Fix some error handling in fm_v4l2_init_video_device()
    - cpupower : frequency-set -r option misses the last cpu in related cpu list
    - arm64: mm: make CONFIG_ZONE_DMA32 configurable
    - media: imx7-mipi-csis: Propagate the error if clock enabling fails
    - perf jvmti: Address gcc string overflow warning for strncpy()
    - media: aspeed: change irq to threaded irq
    - media: aspeed: fix a kernel warning on clk control
    - net: stmmac: dwmac4: fix flow control issue
    - net: stmmac: modify default value of tx-frames
    - crypto: inside-secure - do not rely on the hardware last bit for result
      descriptors
    - net: fec: Do not use netdev messages too early
    - net: axienet: Fix race condition causing TX hang
    - s390/qdio: handle PENDING state for QEBSM devices
    - RAS/CEC: Fix pfn insertion
    - net: sfp: add mutex to prevent concurrent state checks
    - netfilter: ipset: fix a missing check of nla_parse
    - ipset: Fix memory accounting for hash types on resize
    - perf cs-etm: Properly set the value of 'old' and 'head' in snapshot mode
    - perf test 6: Fix missing kvm module load for s390
    - perf report: Fix OOM error in TUI mode on s390
    - selftests/bpf : clean up feature/ when make clean
    - irqchip/meson-gpio: Add support for Meson-G12A SoC
    - media: uvcvideo: Fix access to uninitialized fields on probe error
    - media: fdp1: Support M3N and E3 platforms
    - iommu: Fix a leak in iommu_insert_resv_region
    - gpio: omap: fix lack of irqstatus_raw0 for OMAP4
    - gpio: omap: ensure irq is enabled before wakeup
    - regmap: fix bulk writes on paged registers
    - gpio: omap: Fix lost edge wake-up interrupts
    - media: davinci: vpif_capture: fix memory leak in vpif_probe()
    - bpf: silence warning messages in core
    - media: s5p-mfc: fix reading min scratch buffer size on MFC v6/v7
    - selinux: fix empty write to keycreate file
    - crypto: testmgr - add some more preemption points
    - x86/cpu: Add Ice Lake NNPI to Intel family
    - ASoC: meson: axg-tdm: fix sample clock inversion
    - rcu: Force inlining of rcu_read_lock()
    - perf/x86: Add Intel Ice Lake NNPI uncore support
    - x86/cpufeatures: Add FDP_EXCPTN_ONLY and ZERO_FCS_FDS
    - qed: iWARP - Fix tc for MPA ll2 connection
    - block: null_blk: fix race condition for null_del_dev
    - blkcg, writeback: dead memcgs shouldn't contribute to writeback ownership
      arbitration
    - xfrm: fix sa selector validation
    - sched/core: Add __sched tag for io_schedule()
    - perf/x86/intel: Add more Icelake CPUIDs
    - sched/fair: Fix "runnable_avg_yN_inv" not used warnings
    - perf/x86/intel: Disable check_msr for real HW
    - perf/x86/intel/uncore: Handle invalid event coding for free-running counter
    - integrity: Fix __integrity_init_keyring() section mismatch
    - x86/atomic: Fix smp_mb__{before,after}_atomic()
    - perf evsel: Make perf_evsel__name() accept a NULL argument
    - vhost_net: disable zerocopy by default
    - iavf: allow null RX descriptors
    - ipoib: correcly show a VF hardware address
    - ASoC: rsnd: fixup mod ID calculation in rsnd_ctu_probe_
    - tools build: Fix the zstd test in the test-all.c common case feature test
    - bpf: fix callees pruning callers
    - perf build: Handle slang being in /usr/include and in /usr/include/slang/
    - PCI: Add missing link delays required by the PCIe spec
    - net: netsec: initialize tx ring on ndo_open
    - x86/cacheinfo: Fix a -Wtype-limits warning
    - blk-iolatency: only account submitted bios
    - ACPICA: Clear status of GPEs on first direct enable
    - spi: fix ctrl->num_chipselect constraint
    - EDAC/sysfs: Drop device references properly
    - EDAC/sysfs: Fix memory leak when creating a csrow object
    - nvme: fix possible io failures when removing multipathed ns
    - nvme-pci: properly report state change failure in nvme_reset_work
    - nvme-pci: set the errno on ctrl state change error
    - lightnvm: pblk: fix freeing of merged pages
    - lightnvm: fix uninitialized pointer in nvm_remove_tgt()
    - nvme-pci: adjust irq max_vector using num_possible_cpus()
    - arm64: Do not enable IRQs for ct_user_exit
    - ipsec: select crypto ciphers for xfrm_algo
    - media: staging: davinci: fix memory leaks and check for allocation failure
    - ipvs: defer hook registration to avoid leaks
    - media: s5p-mfc: Make additional clocks optional
    - media: i2c: fix warning same module names
    - ntp: Limit TAI-UTC offset
    - timer_list: Guard procfs specific code
    - media: mt9m111: fix fw-node refactoring
    - ASoC: soc-core: call snd_soc_unbind_card() under mutex_lock;
    - acpi/arm64: ignore 5.1 FADTs that are reported as 5.0
    - media: coda: fix mpeg2 sequence number handling
    - media: coda: fix last buffer handling in V4L2_ENC_CMD_STOP
    - media: coda: increment sequence offset for the last returned frame
    - media: vimc: cap: check v4l2_fill_pixfmt return value
    - media: hdpvr: fix locking and a missing msleep
    - net: stmmac: sun8i: force select external PHY when no internal one
    - rtlwifi: rtl8192cu: fix error handle when usb probe failed
    - mt7601u: do not schedule rx_tasklet when the device has been disconnected
    - x86/build: Add 'set -e' to mkcapflags.sh to delete broken capflags.c
    - mt7601u: fix possible memory leak when the device is disconnected
    - ipvs: fix tinfo memory leak in start_sync_thread
    - mt76: mt7615: do not process rx packets if the device is not initialized
    - ath10k: add missing error handling
    - ath10k: fix fw crash by moving chip reset after napi disabled
    - ath10k: fix PCIE device wake up failed
    - ALSA: hdac: Fix codec name after machine driver is unloaded and reloaded
    - perf tools: Increase MAX_NR_CPUS and MAX_CACHES
    - ASoC: Intel: hdac_hdmi: Set ops to NULL on remove
    - block, bfq: fix rq_in_driver check in bfq_update_inject_limit
    - clocksource/drivers/tegra: Release all IRQ's on request_irq() error
    - libata: don't request sense data on !ZAC ATA devices
    - clocksource/drivers/tegra: Restore base address before cleanup
    - clocksource/drivers/exynos_mct: Increase priority over ARM arch timer
    - netfilter: ctnetlink: Fix regression in conntrack entry deletion
    - xsk: Properly terminate assignment in xskq_produce_flush_desc
    - rslib: Fix decoding of shortened codes
    - bpf: fix BPF_ALU32 | BPF_ARSH on BE arches
    - rslib: Fix handling of of caller provided syndrome
    - gpio: Fix return value mismatch of function gpiod_get_from_of_node()
    - net: hns3: restore the MAC autoneg state after reset
    - net/mlx5: Get vport ACL namespace by vport index
    - ixgbe: Check DDM existence in transceiver before access
    - crypto: serpent - mark __serpent_setkey_sbox noinline
    - crypto: asymmetric_keys - select CRYPTO_HASH where needed
    - ath9k: correctly handle short radar pulses
    - wil6210: drop old event after wmi_call timeout
    - EDAC: Fix global-out-of-bounds write when setting edac_mc_poll_msec
    - net/mlx5e: Attach/detach XDP program safely
    - bcache: fix return value error in bch_journal_read()
    - bcache: check CACHE_SET_IO_DISABLE in allocator code
    - bcache: check CACHE_SET_IO_DISABLE bit in bch_journal()
    - bcache: acquire bch_register_lock later in cached_dev_free()
    - bcache: check c->gc_thread by IS_ERR_OR_NULL in cache_set_flush()
    - bcache: avoid a deadlock in bcache_reboot()
    - bcache: fix potential deadlock in cached_def_free()
    - net: hns3: fix a -Wformat-nonliteral compile warning
    - net: hns3: add some error checking in hclge_tm module
    - ath10k: Fix memory leak in qmi
    - ath10k: destroy sdio workqueue while remove sdio module
    - net: mvpp2: prs: Don't override the sign bit in SRAM parser shift
    - igb: clear out skb->tstamp after reading the txtime
    - net: hns3: add Asym Pause support to fix autoneg problem
    - net: ethernet: ti: cpsw: Assign OF node to slave devices
    - iwlwifi: mvm: Drop large non sta frames
    - bpf: fix uapi bpf_prog_info fields alignment
    - netfilter: Fix remainder of pseudo-header protocol 0
    - iwlwifi: dbg: fix debug monitor stop and restart delays
    - bnxt_en: Disable bus master during PCI shutdown and driver unload.
    - bnxt_en: Fix statistics context reservation logic for RDMA driver.
    - bnxt_en: Cap the returned MSIX vectors to the RDMA driver.
    - ALSA: hda: Fix a headphone detection issue when using SOF
    - perf stat: Make metric event lookup more robust
    - perf stat: Fix metrics with --no-merge
    - perf stat: Don't merge events in the same PMU
    - perf stat: Fix group lookup for metric group
    - vxlan: do not destroy fdb if register_netdevice() is failed
    - net: usb: asix: init MAC address buffers
    - rxrpc: Fix oops in tracepoint
    - libbpf: fix GCC8 warning for strncpy
    - bpf, libbpf, smatch: Fix potential NULL pointer dereference
    - selftests: bpf: fix inlines in test_lwt_seg6local
    - bonding: validate ip header before check IPPROTO_IGMP
    - gpiolib: Fix references to gpiod_[gs]et_*value_cansleep() variants
    - iommu/arm-smmu-v3: Invalidate ATC when detaching a device
    - ASoC: audio-graph-card: fix use-after-free in graph_for_each_link
    - tools: bpftool: Fix json dump crash on powerpc
    - net: hns3: enable broadcast promisc mode when initializing VF
    - net: hns3: fix port capbility updating issue
    - Bluetooth: hci_bcsp: Fix memory leak in rx_skb
    - Bluetooth: Add new 13d3:3491 QCA_ROME device
    - Bluetooth: Add new 13d3:3501 QCA_ROME device
    - Bluetooth: 6lowpan: search for destination address in all peers
    - genirq: Update irq stats from NMI handlers
    - perf tests: Fix record+probe_libc_inet_pton.sh for powerpc64
    - Bluetooth: Check state in l2cap_disconnect_rsp
    - Bluetooth: hidp: NUL terminate a string in the compat ioctl
    - gtp: add missing gtp_encap_disable_sock() in gtp_encap_enable()
    - Bluetooth: validate BLE connection interval updates
    - gtp: fix suspicious RCU usage
    - gtp: fix Illegal context switch in RCU read-side critical section.
    - gtp: fix use-after-free in gtp_encap_destroy()
    - gtp: fix use-after-free in gtp_newlink()
    - xdp: fix race on generic receive path
    - net: mvmdio: defer probe of orion-mdio if a clock is not ready
    - net: hns3: fix __QUEUE_STATE_STACK_XOFF not cleared issue
    - iavf: fix dereference of null rx_buffer pointer
    - blk-iolatency: fix STS_AGAIN handling
    - libbpf: fix another GCC8 warning for strncpy
    - floppy: fix div-by-zero in setup_format_params
    - floppy: fix out-of-bounds read in next_valid_format
    - floppy: fix invalid pointer dereference in drive_name
    - floppy: fix out-of-bounds read in copy_buffer
    - xen: let alloc_xenballooned_pages() fail if not enough memory free
    - scsi: NCR5380: Always re-enable reselection interrupt
    - scsi: NCR5380: Handle PDMA failure reliably
    - Revert "scsi: ncr5380: Increase register polling limit"
    - scsi: core: Fix race on creating sense cache
    - scsi: sd_zbc: Fix compilation warning
    - scsi: zfcp: fix request object use-after-free in send path causing seqno
      errors
    - scsi: zfcp: fix request object use-after-free in send path causing wrong
      traces
    - scsi: megaraid_sas: Fix calculation of target ID
    - scsi: mac_scsi: Increase PIO/PDMA transfer length threshold
    - scsi: mac_scsi: Fix pseudo DMA implementation, take 2
    - crypto: ghash - fix unaligned memory access in ghash_setkey()
    - crypto: caam - limit output IV to CBC to work around CTR mode DMA issue
    - crypto: ccp - Validate the the error value used to index error messages
    - crypto: arm64/sha1-ce - correct digest for empty data in finup
    - crypto: arm64/sha2-ce - correct digest for empty data in finup
    - crypto: chacha20poly1305 - fix atomic sleep when using async algorithm
    - crypto: crypto4xx - fix AES CTR blocksize value
    - crypto: crypto4xx - fix blocksize for cfb and ofb
    - crypto: crypto4xx - block ciphers should only accept complete blocks
    - crypto: ccp - memset structure fields to zero before reuse
    - crypto: ccp/gcm - use const time tag comparison.
    - crypto: crypto4xx - fix a potential double free in ppc4xx_trng_probe
    - cifs: always add credits back for unsolicited PDUs
    - cifs: fix crash in smb2_compound_op()/smb2_set_next_command()
    - cifs: Properly handle auto disabling of serverino option
    - cifs: flush before set-info if we have writeable handles
    - CIFS: fix deadlock in cached root handling
    - bcache: Revert "bcache: fix high CPU occupancy during journal"
    - bcache: Revert "bcache: free heap cache_set->flush_btree in
      bch_journal_free"
    - bcache: ignore read-ahead request failure on backing device
    - bcache: fix mistaken sysfs entry for io_error counter
    - bcache: destroy dc->writeback_write_wq if failed to create
      dc->writeback_thread
    - Input: gtco - bounds check collection indent level
    - Input: synaptics - whitelist Lenovo T580 SMBus intertouch
    - regulator: s2mps11: Fix ERR_PTR dereference on GPIO lookup failure
    - regulator: s2mps11: Fix buck7 and buck8 wrong voltages
    - arm64: tegra: Update Jetson TX1 GPU regulator timings
    - arm64: tegra: Fix Jetson Nano GPU regulator
    - iwlwifi: add support for hr1 RF ID
    - iwlwifi: pcie: don't service an interrupt that was masked
    - iwlwifi: pcie: fix ALIVE interrupt handling for gen2 devices w/o MSI-X
    - iwlwifi: don't WARN when calling iwl_get_shared_mem_conf with RF-Kill
    - iwlwifi: fix RF-Kill interrupt while FW load for gen2 devices
    - iwlwifi: mvm: delay GTK setting in FW in AP mode
    - iwlwifi: mvm: clear rfkill_safe_init_done when we start the firmware
    - opp: Don't use IS_ERR on invalid supplies
    - arm64: Fix interrupt tracing in the presence of NMIs
    - tracing: Fix user stack trace "??" output
    - NFSv4: Handle the special Linux file open access mode
    - Revert "NFS: readdirplus optimization by cache mechanism" (memleak)
    - pnfs/flexfiles: Fix PTR_ERR() dereferences in ff_layout_track_ds_error
    - pnfs: Fix a problem where we gratuitously start doing I/O through the MDS
    - SUNRPC: Ensure the bvecs are reset when we re-encode the RPC request
    - lib/scatterlist: Fix mapping iterator when sg->offset is greater than
      PAGE_SIZE
    - ASoC: dapm: Adapt for debugfs API change
    - ASoC: core: Adapt for debugfs API change
    - raid5-cache: Need to do start() part job after adding journal device
    - kconfig: fix missing choice values in auto.conf
    - ALSA: seq: Break too long mutex context in the write loop
    - ALSA: hda - Don't resume forcibly i915 HDMI/DP codec
    - ALSA: hda/realtek - Fixed Headphone Mic can't record on Dell platform
    - ceph: fix end offset in truncate_inode_pages_range call
    - ceph: use ceph_evict_inode to cleanup inode's resource
    - media: v4l2: Test type instead of cfg->type in v4l2_ctrl_new_custom()
    - media: coda: Remove unbalanced and unneeded mutex unlock
    - media: videobuf2-core: Prevent size alignment wrapping buffer size to 0
    - media: videobuf2-dma-sg: Prevent size from overflowing
    - KVM: nVMX: Don't dump VMCS if virtual APIC page can't be mapped
    - KVM: VMX: Always signal #GP on WRMSR to MSR_IA32_CR_PAT with bad value
    - KVM: nVMX: Always sync GUEST_BNDCFGS when it comes from vmcs01
    - KVM: VMX: Fix handling of #MC that occurs during VM-Entry
    - KVM: VMX: check CPUID before allowing read/write of IA32_XSS
    - KVM: Properly check if "page" is valid in kvm_vcpu_unmap
    - KVM: PPC: Book3S HV: Signed extend decrementer value if not using large
      decrementer
    - KVM: PPC: Book3S HV: Clear pending decrementer exceptions on nested guest
      entry
    - KVM: PPC: Book3S HV: Fix CR0 setting in TM emulation
    - KVM: x86/vPMU: refine kvm_pmu err msg when event creation failed
    - arm64: tegra: Fix AGIC register range
    - arm64: irqflags: Add condition flags to inline asm clobber list
    - arm64: Fix incorrect irqflag restore for priority masking
    - intel_th: msu: Fix unused variable warning on arm64 platform
    - signal/usb: Replace kill_pid_info_as_cred with kill_pid_usb_asyncio
    - signal: Correct namespace fixups of si_pid and si_uid
    - fs/proc/proc_sysctl.c: fix the default values of i_uid/i_gid on /proc/sys
      inodes.
    - i3c: fix i2c and i3c scl rate by bus mode
    - ARM: dts: gemini: Set DIR-685 SPI CS as active low
    - drm/nouveau/i2c: Enable i2c pads & busses during preinit
    - padata: use smp_mb in padata_reorder to avoid orphaned padata jobs
    - dm zoned: fix zone state management race
    - xen/events: fix binding user event channels to cpus
    - 9p/xen: Add cleanup path in p9_trans_xen_init
    - 9p/virtio: Add cleanup path in p9_virtio_init
    - rt2x00usb: fix rx queue hang
    - x86/hyper-v: Zero out the VP ASSIST PAGE on allocation
    - x86/boot: Fix memory leak in default_get_smp_config()
    - perf/x86/intel: Fix spurious NMI on fixed counter
    - perf/x86/amd/uncore: Do not set 'ThreadMask' and 'SliceMask' for non-L3 PMCs
    - perf/x86/amd/uncore: Set the thread mask for F17h L3 PMCs
    - x86/stacktrace: Prevent infinite loop in arch_stack_walk_user()
    - drm/edid: parse CEA blocks embedded in DisplayID
    - block: Allow mapping of vmalloc-ed buffers
    - block: Fix potential overflow in blk_report_zones()
    - RDMA/srp: Accept again source addresses that do not have a port number
    - RDMA/odp: Fix missed unlock in non-blocking invalidate_start
    - intel_th: pci: Add Ice Lake NNPI support
    - PCI: hv: Fix a use-after-free bug in hv_eject_device_work()
    - PCI: Do not poll for PME if the device is in D3cold
    - PCI: qcom: Ensure that PERST is asserted for at least 100 ms
    - btrfs: correctly validate compression type
    - Btrfs: fix data loss after inode eviction, renaming it, and fsync it
    - Btrfs: fix fsync not persisting dentry deletions due to inode evictions
    - Btrfs: add missing inode version, ctime and mtime updates when punching hole
    - IB/mlx5: Report correctly tag matching rendezvous capability
    - HID: wacom: generic: only switch the mode on devices with LEDs
    - HID: wacom: generic: Correct pad syncing
    - HID: wacom: correct touch resolution x/y typo
    - mm: vmscan: scan anonymous pages on file refaults
    - mm/nvdimm: add is_ioremap_addr and use that to check ioremap address
    - libnvdimm/pfn: fix fsdax-mode namespace info-block zero-fields
    - mm/memcontrol: fix wrong statistics in memory.stat
    - mm/z3fold.c: lock z3fold page before __SetPageMovable()
    - coda: pass the host file in vma->vm_file on mmap
    - include/asm-generic/bug.h: fix "cut here" for WARN_ON for __WARN_TAINT
      architectures
    - resource: fix locking in find_next_iomem_res()
    - gpu: ipu-v3: ipu-ic: Fix saturation bit offset in TPMEM
    - parisc: Ensure userspace privilege for ptraced processes in regset functions
    - parisc: Avoid kernel panic triggered by invalid kprobe
    - parisc: Fix kernel panic due invalid values in IAOQ0 or IAOQ1
    - powerpc/32s: fix suspend/resume when IBATs 4-7 are used
    - powerpc/mm/32s: fix condition that is always true
    - powerpc/watchpoint: Restore NV GPRs while returning from exception
    - powerpc/powernv/npu: Fix reference leak
    - powerpc/powernv/idle: Fix restore of SPRN_LDBAR for POWER9 stop state.
    - powerpc/powernv: Fix stale iommu table base after VFIO
    - powerpc/pseries: Fix xive=off command line
    - powerpc/pseries: Fix oops in hotplug memory notifier
    - mmc: sdhci-msm: fix mutex while in spinlock
    - eCryptfs: fix a couple type promotion bugs
    - mtd: rawnand: mtk: Correct low level time calculation of r/w cycle
    - mtd: spinand: read returns badly if the last page has bitflips
    - intel_th: msu: Remove set but not used variable 'last'
    - intel_th: msu: Fix single mode with disabled IOMMU
    - Bluetooth: Add SMP workaround Microsoft Surface Precision Mouse bug
    - dax: Fix missed wakeup with PMD faults
    - usb: Handle USB3 remote wakeup for LPM enabled devices correctly
    - blk-throttle: fix zero wait time for iops throttled group
    - clk: imx: imx8mm: correct audio_pll2_clk to audio_pll2_out
    - blk-iolatency: clear use_delay when io.latency is set to zero
    - blkcg: update blkcg_print_stat() to handle larger outputs
    - net: mvmdio: allow up to four clocks to be specified for orion-mdio
    - dt-bindings: allow up to four clocks for orion-mdio
    - pstore: Fix double-free in pstore_mkfile() failure path
    - phy: qcom-qmp: Correct READY_STATUS poll break condition
    - dm thin metadata: check if in fail_io mode when setting needs_check
    - dm bufio: fix deadlock with loop device
    - Linux 5.2.3
    - [Config] add adv7511 to modules.ignore

* CVE-2019-13648
    - powerpc/tm: Fix oops on sigreturn on systems without TM

* alsa/hda: neither mute led nor mic-mute led work on several Lenovo laptops
    (LP: #1837963)
    - SAUCE: ALSA: hda - Add a conexant codec entry to let mute led work

* [18.04 FEAT] Enhanced CPU-MF hardware counters - kernel part (LP: #1836860)
    - s390/cpumf: Add extended counter set definitions for model 8561 and 8562

* Please enable CONFIG_SCSI_UFS_QCOM as a module on arm64 (LP: #1837332)
    - [Config] Enable CONFIG_SCSI_UFS_QCOM as a module on arm64.

* Add arm64 CONFIG_ARCH_MESON=y and related configs Edit (LP: #1820530)
    - [Config] enable ARCH_MESON
    - remove missing module
    - [Config] update annotations after enabling ARCH_MESON for arm64

* Eoan update: v5.2.2 upstream stable release (LP: #1837725)
    - Revert "e1000e: fix cyclic resets at link up with active tx"
    - e1000e: start network tx queue only when link is up
    - Input: synaptics - enable SMBUS on T480 thinkpad trackpad
    - nilfs2: do not use unexported cpu_to_le32()/le32_to_cpu() in uapi header
    - drivers: base: cacheinfo: Ensure cpu hotplug work is done before Intel RDT
    - firmware: improve LSM/IMA security behaviour
    - genirq: Delay deactivation in free_irq()
    - genirq: Fix misleading synchronize_irq() documentation
    - genirq: Add optional hardware synchronization for shutdown
    - x86/ioapic: Implement irq_get_irqchip_state() callback
    - x86/irq: Handle spurious interrupt after shutdown gracefully
    - x86/irq: Seperate unused system vectors from spurious entry again
    - ARC: hide unused function unw_hdr_alloc
    - s390/ipl: Fix detection of has_secure attribute
    - s390: fix stfle zero padding
    - s390/qdio: (re-)initialize tiqdio list entries
    - s390/qdio: don't touch the dsci in tiqdio_add_input_queues()
    - crypto: talitos - move struct talitos_edesc into talitos.h
    - crypto: talitos - fix hash on SEC1.
    - crypto/NX: Set receive window credits to max number of CRBs in RxFIFO
    - x86/entry/32: Fix ENDPROC of common_spurious
    - Linux 5.2.2

* Miscellaneous Ubuntu changes
    - update dkms package versions

linux (5.2.0-9.10) eoan; urgency=medium

* Packaging resync (LP: #1786013)
    - [Packaging] update helper scripts

* input/mouse: alps trackpoint-only device doesn't work (LP: #1836752)
    - SAUCE: Input: alps - don't handle ALPS cs19 trackpoint-only device
    - SAUCE: Input: alps - fix a mismatch between a condition check and its
      comment

* System does not auto detect disconnection of external monitor (LP: #1835001)
    - SAUCE: drm/i915: Add support for retrying hotplug
    - SAUCE: drm/i915: Enable hotplug retry

* alsa/hdmi: add icelake hdmi audio support for a Dell machine (LP: #1836916)
    - SAUCE: ALSA: hda/hdmi - Remove duplicated define
    - SAUCE: ALSA: hda/hdmi - Fix i915 reverse port/pin mapping

* First click on Goodix touchpad doesn't be recognized after runtime suspended
    (LP: #1836836)
    - SAUCE: i2c: designware: add G3 3590 into i2c quirk

* ixgbe{vf} - Physical Function gets IRQ when VF checks link state
    (LP: #1836760)
    - ixgbevf: Use cached link state instead of re-reading the value for ethtool

* Doing multiple squashfs (and other loop?) mounts in parallel breaks
    (LP: #1836914)
    - SAUCE: Revert "loop: Don't change loop device under exclusive opener"

* hibmc-drm Causes Unreadable Display for Huawei amd64 Servers (LP: #1762940)
    - SAUCE: Make CONFIG_DRM_HISI_HIBMC depend on ARM64
    - [Config] Set CONFIG_DRM_HISI_HIBMC to arm64 only
    - [Config] add hibmc-drm to modules.ignore

* hda/realtek: can't detect external mic on a Dell machine (LP: #1836755)
    - ALSA: hda/realtek: apply ALC891 headset fixup to one Dell machine

* Enable Armada SOCs and MVPP2 NIC driver for disco/generic arm64
    (LP: #1835054)
    - [Config] Enable Armada SOCs and MVPP2 NIC driver for disco/generic arm64

* Unhide Nvidia HDA audio controller (LP: #1836308)
    - PCI: Enable NVIDIA HDA controllers

* Intel ethernet I219 may wrongly detect connection speed as 10Mbps
    (LP: #1836177)
    - e1000e: Make watchdog use delayed work

* Sometimes touchpad(goodix) can't use tap function (LP: #1836020)
    - SAUCE: i2c: designware: add Inpiron/Vostro 7590 into i2c quirk
    - SAUCE: i2c: designware: add Inpiron 7591 into i2c quirk

* Intel ethernet I219 has slow RX speed (LP: #1836152)
    - e1000e: add workaround for possible stalled packet
    - e1000e: disable force K1-off feature

* bcache: risk of data loss on I/O errors in backing or caching devices
    (LP: #1829563)
    - Revert "bcache: set CACHE_SET_IO_DISABLE in bch_cached_dev_error()"

* bnx2x driver causes 100% CPU load (LP: #1832082)
    - bnx2x: Prevent ptp_task to be rescheduled indefinitely

* fcf-protection=none patch with new version
    - Revert "UBUNTU: SAUCE: kbuild: add -fcf-protection=none to retpoline flags"
    - SAUCE: kbuild: add -fcf-protection=none when using retpoline flags

* CVE-2019-12614
    - powerpc/pseries/dlpar: Fix a missing check in dlpar_parse_cc_property()

* Eoan update: v5.2.1 upstream stable release (LP: #1836622)
    - crypto: lrw - use correct alignmask
    - crypto: talitos - rename alternative AEAD algos.
    - fscrypt: don't set policy for a dead directory
    - udf: Fix incorrect final NOT_ALLOCATED (hole) extent length
    - media: stv0297: fix frequency range limit
    - ALSA: usb-audio: Fix parse of UAC2 Extension Units
    - ALSA: hda/realtek - Headphone Mic can't record after S3
    - tpm: Actually fail on TPM errors during "get random"
    - tpm: Fix TPM 1.2 Shutdown sequence to prevent future TPM operations
    - block: fix .bi_size overflow
    - block, bfq: NULL out the bic when it's no longer valid
    - perf intel-pt: Fix itrace defaults for perf script
    - perf auxtrace: Fix itrace defaults for perf script
    - perf intel-pt: Fix itrace defaults for perf script intel-pt documentation
    - perf pmu: Fix uncore PMU alias list for ARM64
    - perf thread-stack: Fix thread stack return from kernel for kernel-only case
    - perf header: Assign proper ff->ph in perf_event__synthesize_features()
    - x86/ptrace: Fix possible spectre-v1 in ptrace_get_debugreg()
    - x86/tls: Fix possible spectre-v1 in do_get_thread_area()
    - Documentation: Add section about CPU vulnerabilities for Spectre
    - Documentation/admin: Remove the vsyscall=native documentation
    - mwifiex: Don't abort on small, spec-compliant vendor IEs
    - USB: serial: ftdi_sio: add ID for isodebug v1
    - USB: serial: option: add support for GosunCn ME3630 RNDIS mode
    - Revert "serial: 8250: Don't service RX FIFO if interrupts are disabled"
    - p54usb: Fix race between disconnect and firmware loading
    - usb: gadget: f_fs: data_len used before properly set
    - usb: gadget: ether: Fix race between gether_disconnect and rx_submit
    - usb: dwc2: use a longer AHB idle timeout in dwc2_core_reset()
    - usb: renesas_usbhs: add a workaround for a race condition of workqueue
    - drivers/usb/typec/tps6598x.c: fix portinfo width
    - drivers/usb/typec/tps6598x.c: fix 4CC cmd write
    - p54: fix crash during initialization
    - staging: comedi: dt282x: fix a null pointer deref on interrupt
    - staging: wilc1000: fix error path cleanup in wilc_wlan_initialize()
    - staging: bcm2835-camera: Restore return behavior of ctrl_set_bitrate()
    - staging: comedi: amplc_pci230: fix null pointer deref on interrupt
    - staging: mt7621-pci: fix PCIE_FTS_NUM_LO macro
    - HID: Add another Primax PIXART OEM mouse quirk
    - lkdtm: support llvm-objcopy
    - binder: fix memory leak in error path
    - binder: return errors from buffer copy functions
    - iio: adc: stm32-adc: add missing vdda-supply
    - coresight: Potential uninitialized variable in probe()
    - coresight: etb10: Do not call smp_processor_id from preemptible
    - coresight: tmc-etr: Do not call smp_processor_id() from preemptible
    - coresight: tmc-etr: alloc_perf_buf: Do not call smp_processor_id from
      preemptible
    - coresight: tmc-etf: Do not call smp_processor_id from preemptible
    - carl9170: fix misuse of device driver API
    - Revert "x86/build: Move _etext to actual end of .text"
    - VMCI: Fix integer overflow in VMCI handle arrays
    - staging: vchiq_2835_arm: revert "quit using custom down_interruptible()"
    - staging: vchiq: make wait events interruptible
    - staging: vchiq: revert "switch to wait_for_completion_killable"
    - staging: fsl-dpaa2/ethsw: fix memory leak of switchdev_work
    - staging: bcm2835-camera: Replace spinlock protecting context_map with mutex
    - staging: bcm2835-camera: Ensure all buffers are returned on disable
    - staging: bcm2835-camera: Remove check of the number of buffers supplied
    - staging: bcm2835-camera: Handle empty EOS buffers whilst streaming
    - staging: rtl8712: reduce stack usage, again
    - Linux 5.2.1
    - [Config] updateconfigs after v5.2.1 stable update

* fcf-protection=none patch with upstream version
    - Revert "UBUNTU: SAUCE: add -fcf-protection=none to retpoline flags"
    - SAUCE: kbuild: add -fcf-protection=none to retpoline flags

* Miscellaneous Ubuntu changes
    - SAUCE: selftests/ftrace: avoid failure when trying to probe a notrace
      function
    - SAUCE: selftests/powerpc/ptrace: fix build failure
    - update dkms package versions
    - [Packaging] add zlua to zfs-modules.ignore
    - update dkms package versions

-- Seth Forshee <seth.forshee@canonical.com>  Tue, 30 Jul 2019 12:13:22 -0400

Changed in linux (Ubuntu):
status:	Fix Committed → Fix Released

Khaled El Mously (kmously) on 2019-08-13

Changed in linux (Ubuntu Disco):
status:	In Progress → Fix Committed

Revision history for this message

Ubuntu Kernel Bot (ubuntu-kernel-bot) wrote on 2019-08-15:

#5

This bug is awaiting verification that the kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-disco' to 'verification-done-disco'. If the problem still exists, change the tag 'verification-needed-disco' to 'verification-failed-disco'.

If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you!

tags:

added: verification-needed-disco

Revision history for this message

Ubuntu Kernel Bot (ubuntu-kernel-bot) wrote on 2019-08-20:

#6

This bug is awaiting verification that the kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-bionic' to 'verification-done-bionic'. If the problem still exists, change the tag 'verification-needed-bionic' to 'verification-failed-bionic'.

If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you!

tags:

added: verification-needed-bionic

Christian Brauner (cbrauner) on 2019-08-20

tags:

added: verification-done-bionic verification-done-disco
removed: verification-needed-bionic verification-needed-disco

Revision history for this message

Launchpad Janitor (janitor) wrote on 2019-09-02:

#7

Download full text (34.4 KiB)

This bug was fixed in the package linux - 5.0.0-27.28

---------------
linux (5.0.0-27.28) disco; urgency=medium

* disco/linux: 5.0.0-27.28 -proposed tracker (LP: #1840816)

  * [Potential Regression] System crashes when running ftrace test in
    ubuntu_kernel_selftests (LP: #1840750)
    - x86/kprobes: Set instruction page as executable

linux (5.0.0-26.27) disco; urgency=medium

* disco/linux: 5.0.0-26.27 -proposed tracker (LP: #1839972)

* Packaging resync (LP: #1786013)
- [Packaging] update helper scripts

  * alsa/hdmi: add icelake hdmi audio support for a Dell machine (LP: #1836916)
    - ALSA: hda: hdmi - add Icelake support
    - ALSA: hda/hdmi - Remove duplicated define
    - ALSA: hda/hdmi - Fix i915 reverse port/pin mapping

  * input/mouse: alps trackpoint-only device doesn't work (LP: #1836752)
    - Input: alps - don't handle ALPS cs19 trackpoint-only device
    - Input: alps - fix a mismatch between a condition check and its comment

  * [18.04 FEAT] Enhanced hardware support (LP: #1836857)
    - s390: report new CPU capabilities
    - s390: add alignment hints to vector load and store

  * System does not auto detect disconnection of external monitor (LP: #1835001)
    - drm/i915: Add support for retrying hotplug
    - drm/i915: Enable hotplug retry

  * [18.04 FEAT] Enhanced CPU-MF hardware counters - kernel part (LP: #1836860)
    - s390/cpum_cf: Add support for CPU-MF SVN 6
    - s390/cpumf: Add extended counter set definitions for model 8561 and 8562

  * EeePC 1005px laptop backlight is off after system boot up (LP: #1837117)
    - platform/x86: asus-wmi: Only Tell EC the OS will handle display hotkeys from
      asus_nb_wmi

  * br_netfilter: namespace sysctl operations (LP: #1836910)
    - netfilter: bridge: port sysctls to use brnf_net
    - netfilter: bridge: namespace bridge netfilter sysctls
    - netfilter: bridge: prevent UAF in brnf_exit_net()

* ideapad_laptop disables WiFi/BT radios on Lenovo Y540 (LP: #1837136)
- platform/x86: ideapad-laptop: Remove no_hw_rfkill_list

* shiftfs: allow overlayfs (LP: #1838677)
- SAUCE: shiftfs: enable overlayfs on shiftfs

  * bcache: bch_allocator_thread(): hung task timeout (LP: #1784665)
    - bcache: never writeback a discard operation
    - bcache: improve bcache_reboot()
    - SAUCE: bcache: fix deadlock in bcache_allocator

  * Regressions in CMA allocation rework (LP: #1839395)
    - dma-contiguous: do not overwrite align in dma_alloc_contiguous()
    - dma-contiguous: page-align the size in dma_free_contiguous()

  * CVE-2019-3900
    - vhost: introduce vhost_exceeds_weight()
    - vhost_net: fix possible infinite loop
    - vhost: vsock: add weight support
    - vhost: scsi: add weight support

  * Disco update: 5.0.21 upstream stable release (LP: #1837518)
    - bonding/802.3ad: fix slave link initialization transition states
    - cxgb4: offload VLAN flows regardless of VLAN ethtype
    - inet: switch IP ID generator to siphash
    - ipv4/igmp: fix another memory leak in igmpv3_del_delrec()
    - ipv4/igmp: fix build error if !CONFIG_IP_MULTICAST
    - ipv6: Consider sk_bound_dev_if when binding a raw socket to an address
    - ipv6: Fix redi...

This bug was fixed in the package linux - 5.0.0-27.28

---------------
linux (5.0.0-27.28) disco; urgency=medium

* disco/linux: 5.0.0-27.28 -proposed tracker (LP: #1840816)

* [Potential Regression] System crashes when running ftrace test in
    ubuntu_kernel_selftests (LP: #1840750)
    - x86/kprobes: Set instruction page as executable

linux (5.0.0-26.27) disco; urgency=medium

* disco/linux: 5.0.0-26.27 -proposed tracker (LP: #1839972)

* Packaging resync (LP: #1786013)
    - [Packaging] update helper scripts

* alsa/hdmi: add icelake hdmi audio support for a Dell machine (LP: #1836916)
    - ALSA: hda: hdmi - add Icelake support
    - ALSA: hda/hdmi - Remove duplicated define
    - ALSA: hda/hdmi - Fix i915 reverse port/pin mapping

* input/mouse: alps trackpoint-only device doesn't work (LP: #1836752)
    - Input: alps - don't handle ALPS cs19 trackpoint-only device
    - Input: alps - fix a mismatch between a condition check and its comment

* [18.04 FEAT] Enhanced hardware support (LP: #1836857)
    - s390: report new CPU capabilities
    - s390: add alignment hints to vector load and store

* System does not auto detect disconnection of external monitor (LP: #1835001)
    - drm/i915: Add support for retrying hotplug
    - drm/i915: Enable hotplug retry

* [18.04 FEAT] Enhanced CPU-MF hardware counters - kernel part (LP: #1836860)
    - s390/cpum_cf: Add support for CPU-MF SVN 6
    - s390/cpumf: Add extended counter set definitions for model 8561 and 8562

* EeePC 1005px laptop backlight is off after system boot up (LP: #1837117)
    - platform/x86: asus-wmi: Only Tell EC the OS will handle display hotkeys from
      asus_nb_wmi

* br_netfilter: namespace sysctl operations (LP: #1836910)
    - netfilter: bridge: port sysctls to use brnf_net
    - netfilter: bridge: namespace bridge netfilter sysctls
    - netfilter: bridge: prevent UAF in brnf_exit_net()

* ideapad_laptop disables WiFi/BT radios on Lenovo Y540 (LP: #1837136)
    - platform/x86: ideapad-laptop: Remove no_hw_rfkill_list

* shiftfs: allow overlayfs (LP: #1838677)
    - SAUCE: shiftfs: enable overlayfs on shiftfs

* bcache: bch_allocator_thread(): hung task timeout (LP: #1784665)
    - bcache: never writeback a discard operation
    - bcache: improve bcache_reboot()
    - SAUCE: bcache: fix deadlock in bcache_allocator

* Regressions in CMA allocation rework (LP: #1839395)
    - dma-contiguous: do not overwrite align in dma_alloc_contiguous()
    - dma-contiguous: page-align the size in dma_free_contiguous()

* CVE-2019-3900
    - vhost: introduce vhost_exceeds_weight()
    - vhost_net: fix possible infinite loop
    - vhost: vsock: add weight support
    - vhost: scsi: add weight support

* Disco update: 5.0.21 upstream stable release (LP: #1837518)
    - bonding/802.3ad: fix slave link initialization transition states
    - cxgb4: offload VLAN flows regardless of VLAN ethtype
    - inet: switch IP ID generator to siphash
    - ipv4/igmp: fix another memory leak in igmpv3_del_delrec()
    - ipv4/igmp: fix build error if !CONFIG_IP_MULTICAST
    - ipv6: Consider sk_bound_dev_if when binding a raw socket to an address
    - ipv6: Fix redirect with VRF
    - llc: fix skb leak in llc_build_and_send_ui_pkt()
    - mlxsw: spectrum_acl: Avoid warning after identical rules insertion
    - net: dsa: mv88e6xxx: fix handling of upper half of STATS_TYPE_PORT
    - net: fec: fix the clk mismatch in failed_reset path
    - net-gro: fix use-after-free read in napi_gro_frags()
    - net: mvneta: Fix err code path of probe
    - net: mvpp2: fix bad MVPP2_TXQ_SCHED_TOKEN_CNTR_REG queue value
    - net: phy: marvell10g: report if the PHY fails to boot firmware
    - net: sched: don't use tc_action->order during action dump
    - net: stmmac: fix reset gpio free missing
    - r8169: fix MAC address being lost in PCI D3
    - usbnet: fix kernel crash after disconnect
    - net/mlx5: Avoid double free in fs init error unwinding path
    - tipc: Avoid copying bytes beyond the supplied data
    - net/mlx5: Allocate root ns memory using kzalloc to match kfree
    - net/mlx5e: Disable rxhash when CQE compress is enabled
    - net: stmmac: fix ethtool flow control not able to get/set
    - net: stmmac: dma channel control register need to be init first
    - bnxt_en: Fix aggregation buffer leak under OOM condition.
    - bnxt_en: Fix possible BUG() condition when calling pci_disable_msix().
    - bnxt_en: Reduce memory usage when running in kdump kernel.
    - net/tls: fix state removal with feature flags off
    - net/tls: don't ignore netdev notifications if no TLS features
    - cxgb4: Revert "cxgb4: Remove SGE_HOST_PAGE_SIZE dependency on page size"
    - net: correct zerocopy refcnt with udp MSG_MORE
    - crypto: vmx - ghash: do nosimd fallback manually
    - xen/pciback: Don't disable PCI_COMMAND on PCI device reset.
    - Revert "tipc: fix modprobe tipc failed after switch order of device
      registration"
    - tipc: fix modprobe tipc failed after switch order of device registration
    - Linux 5.0.21

* Disco update: 5.0.20 upstream stable release (LP: #1837517)
    - x86: Hide the int3_emulate_call/jmp functions from UML
    - ext4: do not delete unlinked inode from orphan list on failed truncate
    - ext4: wait for outstanding dio during truncate in nojournal mode
    - KVM: x86: fix return value for reserved EFER
    - bio: fix improper use of smp_mb__before_atomic()
    - sbitmap: fix improper use of smp_mb__before_atomic()
    - Revert "scsi: sd: Keep disk read-only when re-reading partition"
    - crypto: hash - fix incorrect HASH_MAX_DESCSIZE
    - crypto: vmx - CTR: always increment IV as quadword
    - mmc: sdhci-iproc: cygnus: Set NO_HISPD bit to fix HS50 data hold time
      problem
    - mmc: sdhci-iproc: Set NO_HISPD bit to fix HS50 data hold time problem
    - kvm: svm/avic: fix off-by-one in checking host APIC ID
    - libnvdimm/pmem: Bypass CONFIG_HARDENED_USERCOPY overhead
    - arm64/kernel: kaslr: reduce module randomization range to 2 GB
    - arm64/iommu: handle non-remapped addresses in ->mmap and ->get_sgtable
    - gfs2: Fix sign extension bug in gfs2_update_stats
    - btrfs: don't double unlock on error in btrfs_punch_hole
    - Btrfs: do not abort transaction at btrfs_update_root() after failure to COW
      path
    - Btrfs: avoid fallback to transaction commit during fsync of files with holes
    - Btrfs: fix race between ranged fsync and writeback of adjacent ranges
    - btrfs: sysfs: Fix error path kobject memory leak
    - btrfs: sysfs: don't leak memory when failing add fsid
    - fbdev: fix divide error in fb_var_to_videomode
    - cifs: fix credits leak for SMB1 oplock breaks
    - arm64: errata: Add workaround for Cortex-A76 erratum #1463225
    - [Config] Add CONFIG_ARM64_ERRATUM_1463225
    - btrfs: honor path->skip_locking in backref code
    - ovl: relax WARN_ON() for overlapping layers use case
    - fbdev: fix WARNING in __alloc_pages_nodemask bug
    - media: cpia2: Fix use-after-free in cpia2_exit
    - media: serial_ir: Fix use-after-free in serial_ir_init_module
    - media: vb2: add waiting_in_dqbuf flag
    - media: vivid: use vfree() instead of kfree() for dev->bitmap_cap
    - ssb: Fix possible NULL pointer dereference in ssb_host_pcmcia_exit
    - bpf: devmap: fix use-after-free Read in __dev_map_entry_free
    - batman-adv: mcast: fix multicast tt/tvlv worker locking
    - at76c50x-usb: Don't register led_trigger if usb_register_driver failed
    - acct_on(): don't mess with freeze protection
    - netfilter: ctnetlink: Resolve conntrack L3-protocol flush regression
    - Revert "btrfs: Honour FITRIM range constraints during free space trim"
    - gfs2: Fix lru_count going negative
    - cxgb4: Fix error path in cxgb4_init_module
    - afs: Fix getting the afs.fid xattr
    - NFS: make nfs_match_client killable
    - gfs2: fix race between gfs2_freeze_func and unmount
    - IB/hfi1: Fix WQ_MEM_RECLAIM warning
    - gfs2: Fix occasional glock use-after-free
    - mmc: core: Verify SD bus width
    - tools/bpf: fix perf build error with uClibc (seen on ARC)
    - selftests/bpf: set RLIMIT_MEMLOCK properly for test_libbpf_open.c
    - bpftool: exclude bash-completion/bpftool from .gitignore pattern
    - ice: Separate if conditions for ice_set_features()
    - blk-mq: split blk_mq_alloc_and_init_hctx into two parts
    - blk-mq: grab .q_usage_counter when queuing request from plug code path
    - dmaengine: tegra210-dma: free dma controller in remove()
    - net: ena: gcc 8: fix compilation warning
    - net: ena: fix: set freed objects to NULL to avoid failing future allocations
    - hv_netvsc: fix race that may miss tx queue wakeup
    - Bluetooth: Ignore CC events not matching the last HCI command
    - pinctrl: zte: fix leaked of_node references
    - ASoC: Intel: kbl_da7219_max98357a: Map BTN_0 to KEY_PLAYPAUSE
    - usb: dwc2: gadget: Increase descriptors count for ISOC's
    - usb: dwc3: move synchronize_irq() out of the spinlock protected block
    - usb: gadget: f_fs: don't free buffer prematurely
    - ASoC: hdmi-codec: unlock the device on startup errors
    - powerpc/perf: Return accordingly on invalid chip-id in
    - powerpc/boot: Fix missing check of lseek() return value
    - powerpc/perf: Fix loop exit condition in nest_imc_event_init
    - spi: atmel-quadspi: fix crash while suspending
    - ASoC: imx: fix fiq dependencies
    - spi: pxa2xx: fix SCR (divisor) calculation
    - brcm80211: potential NULL dereference in
      brcmf_cfg80211_vndr_cmds_dcmd_handler()
    - ACPI / property: fix handling of data_nodes in acpi_get_next_subnode()
    - drm/nouveau/bar/nv50: ensure BAR is mapped
    - media: stm32-dcmi: return appropriate error codes during probe
    - ARM: vdso: Remove dependency with the arch_timer driver internals
    - arm64: Fix compiler warning from pte_unmap() with -Wunused-but-set-variable
    - x86/ftrace: Set trampoline pages as executable
    - powerpc/watchdog: Use hrtimers for per-CPU heartbeat
    - sched/cpufreq: Fix kobject memleak
    - scsi: qla2xxx: Fix a qla24xx_enable_msix() error path
    - scsi: qla2xxx: Fix abort handling in tcm_qla2xxx_write_pending()
    - scsi: qla2xxx: Avoid that lockdep complains about unsafe locking in
      tcm_qla2xxx_close_session()
    - scsi: qla2xxx: Fix hardirq-unsafe locking
    - x86/modules: Avoid breaking W^X while loading modules
    - Btrfs: fix data bytes_may_use underflow with fallocate due to failed quota
      reserve
    - btrfs: fix panic during relocation after ENOSPC before writeback happens
    - btrfs: Don't panic when we can't find a root key
    - iwlwifi: pcie: don't crash on invalid RX interrupt
    - rtc: 88pm860x: prevent use-after-free on device remove
    - rtc: stm32: manage the get_irq probe defer case
    - scsi: qedi: Abort ep termination if offload not scheduled
    - s390/kexec_file: Fix detection of text segment in ELF loader
    - ALSA: hda: fix unregister device twice on ASoC driver
    - sched/nohz: Run NOHZ idle load balancer on HK_FLAG_MISC CPUs
    - net: ethernet: ti: cpsw: fix allmulti cfg in dual_mac mode
    - w1: fix the resume command API
    - net: phy: improve genphy_soft_reset
    - s390: qeth: address type mismatch warning
    - dmaengine: pl330: _stop: clear interrupt status
    - mac80211/cfg80211: update bss channel on channel switch
    - libbpf: fix samples/bpf build failure due to undefined UINT32_MAX
    - slimbus: fix a potential NULL pointer dereference in
      of_qcom_slim_ngd_register
    - ASoC: fsl_sai: Update is_slave_mode with correct value
    - Fix nfs4.2 return -EINVAL when do dedupe operation
    - mwifiex: prevent an array overflow
    - rsi: Fix NULL pointer dereference in kmalloc
    - net: cw1200: fix a NULL pointer dereference
    - nvme: set 0 capacity if namespace block size exceeds PAGE_SIZE
    - nvme-rdma: fix a NULL deref when an admin connect times out
    - nvme-tcp: fix a NULL deref when an admin connect times out
    - crypto: sun4i-ss - Fix invalid calculation of hash end
    - bcache: avoid potential memleak of list of journal_replay(s) in the
      CACHE_SYNC branch of run_cache_set
    - bcache: return error immediately in bch_journal_replay()
    - bcache: fix failure in journal relplay
    - bcache: add failure check to run_cache_set() for journal replay
    - bcache: avoid clang -Wunintialized warning
    - RDMA/cma: Consider scope_id while binding to ipv6 ll address
    - vfio-ccw: Do not call flush_workqueue while holding the spinlock
    - vfio-ccw: Release any channel program when releasing/removing vfio-ccw mdev
    - x86/build: Move _etext to actual end of .text
    - smpboot: Place the __percpu annotation correctly
    - x86/uaccess: Dont leak the AC flag into __put_user() argument evaluation
    - x86/mm: Remove in_nmi() warning from 64-bit implementation of
      vmalloc_fault()
    - mm/uaccess: Use 'unsigned long' to placate UBSAN warnings on older GCC
      versions
    - Bluetooth: hci_qca: Give enough time to ROME controller to bootup.
    - Bluetooth: btbcm: Add default address for BCM43341B
    - HID: logitech-hidpp: use RAP instead of FAP to get the protocol version
    - pinctrl: pistachio: fix leaked of_node references
    - pinctrl: st: fix leaked of_node references
    - pinctrl: samsung: fix leaked of_node references
    - clk: rockchip: undo several noc and special clocks as critical on rk3288
    - perf/arm-cci: Remove broken race mitigation
    - dmaengine: at_xdmac: remove BUG_ON macro in tasklet
    - media: coda: clear error return value before picture run
    - media: ov6650: Move v4l2_clk_get() to ov6650_video_probe() helper
    - media: au0828: stop video streaming only when last user stops
    - media: ov2659: make S_FMT succeed even if requested format doesn't match
    - audit: fix a memory leak bug
    - media: stm32-dcmi: fix crash when subdev do not expose any formats
    - media: au0828: Fix NULL pointer dereference in au0828_analog_stream_enable()
    - media: pvrusb2: Prevent a buffer overflow
    - iio: adc: stm32-dfsdm: fix unmet direct dependencies detected
    - block: fix use-after-free on gendisk
    - powerpc/numa: improve control of topology updates
    - powerpc/64: Fix booting large kernels with STRICT_KERNEL_RWX
    - random: fix CRNG initialization when random.trust_cpu=1
    - random: add a spinlock_t to struct batched_entropy
    - cgroup: protect cgroup->nr_(dying_)descendants by css_set_lock
    - sched/core: Check quota and period overflow at usec to nsec conversion
    - sched/rt: Check integer overflow at usec to nsec conversion
    - sched/core: Handle overflow in cpu_shares_write_u64
    - staging: vc04_services: handle kzalloc failure
    - drm/msm/dpu: release resources on modeset failure
    - drm/msm: a5xx: fix possible object reference leak
    - drm/msm: dpu: Don't set frame_busy_mask for async updates
    - drm/msm: Fix NULL pointer dereference
    - irq_work: Do not raise an IPI when queueing work on the local CPU
    - thunderbolt: Take domain lock in switch sysfs attribute callbacks
    - s390/qeth: handle error from qeth_update_from_chp_desc()
    - USB: core: Don't unbind interfaces following device reset failure
    - x86/irq/64: Limit IST stack overflow check to #DB stack
    - drm: etnaviv: avoid DMA API warning when importing buffers
    - dt-bindings: phy-qcom-qmp: Add UFS PHY reset
    - phy: sun4i-usb: Make sure to disable PHY0 passby for peripheral mode
    - phy: mapphone-mdm6600: add gpiolib dependency
    - dpaa2-eth: Fix Rx classification status
    - i40e: Able to add up to 16 MAC filters on an untrusted VF
    - i40e: don't allow changes to HW VLAN stripping on active port VLANs
    - ACPI/IORT: Reject platform device creation on NUMA node mapping failure
    - arm64: vdso: Fix clock_getres() for CLOCK_REALTIME
    - RDMA/cxgb4: Fix null pointer dereference on alloc_skb failure
    - perf/x86/msr: Add Icelake support
    - perf/x86/intel/rapl: Add Icelake support
    - perf/x86/intel/cstate: Add Icelake support
    - PM / devfreq: Fix static checker warning in try_then_request_governor
    - hwmon: (vt1211) Use request_muxed_region for Super-IO accesses
    - hwmon: (smsc47m1) Use request_muxed_region for Super-IO accesses
    - hwmon: (smsc47b397) Use request_muxed_region for Super-IO accesses
    - hwmon: (pc87427) Use request_muxed_region for Super-IO accesses
    - hwmon: (f71805f) Use request_muxed_region for Super-IO accesses
    - mmc: core: make pwrseq_emmc (partially) support sleepy GPIO controllers
    - mmc_spi: add a status check for spi_sync_locked
    - mmc: sdhci-of-esdhc: add erratum eSDHC5 support
    - mmc: sdhci-of-esdhc: add erratum A-009204 support
    - mmc: sdhci-of-esdhc: add erratum eSDHC-A001 and A-008358 support
    - drm/amdgpu: fix old fence check in amdgpu_fence_emit
    - PM / core: Propagate dev->power.wakeup_path when no callbacks
    - clk: rockchip: Fix video codec clocks on rk3288
    - extcon: arizona: Disable mic detect if running when driver is removed
    - clk: rockchip: Make rkpwm a critical clock on rk3288
    - clk: zynqmp: fix check for fractional clock
    - s390: zcrypt: initialize variables before_use
    - x86/microcode: Fix the ancient deprecated microcode loading method
    - s390/mm: silence compiler warning when compiling without CONFIG_PGSTE
    - s390: cio: fix cio_irb declaration
    - selftests: cgroup: fix cleanup path in test_memcg_subtree_control()
    - qmi_wwan: Add quirk for Quectel dynamic config
    - cpufreq: ppc_cbe: fix possible object reference leak
    - cpufreq/pasemi: fix possible object reference leak
    - cpufreq: pmac32: fix possible object reference leak
    - cpufreq: kirkwood: fix possible object reference leak
    - cpufreq: imx6q: fix possible object reference leak
    - block: sed-opal: fix IOC_OPAL_ENABLE_DISABLE_MBR
    - samples/bpf: fix build with new clang
    - x86/build: Keep local relocations with ld.lld
    - regulator: core: Avoid potential deadlock on regulator_unregister
    - drm/pl111: fix possible object reference leak
    - iio: ad_sigma_delta: Properly handle SPI bus locking vs CS assertion
    - iio: hmc5843: fix potential NULL pointer dereferences
    - iio: common: ssp_sensors: Initialize calculated_time in
      ssp_common_process_data
    - iio: adc: ti-ads7950: Fix improper use of mlock
    - selftests/bpf: ksym_search won't check symbols exists
    - rtlwifi: fix a potential NULL pointer dereference
    - mwifiex: Fix mem leak in mwifiex_tm_cmd
    - brcmfmac: fix missing checks for kmemdup
    - b43: shut up clang -Wuninitialized variable warning
    - brcmfmac: convert dev_init_lock mutex to completion
    - brcmfmac: fix WARNING during USB disconnect in case of unempty psq
    - brcmfmac: fix race during disconnect when USB completion is in progress
    - brcmfmac: fix Oops when bringing up interface during USB disconnect
    - rtc: xgene: fix possible race condition
    - rtlwifi: fix potential NULL pointer dereference
    - scsi: ufs: Fix regulator load and icc-level configuration
    - scsi: ufs: Avoid configuring regulator with undefined voltage range
    - drm/panel: otm8009a: Add delay at the end of initialization
    - drm/amd/display: Prevent cursor hotspot overflow for RV overlay planes
    - arm64: cpu_ops: fix a leaked reference by adding missing of_node_put
    - locking/static_key: Fix false positive warnings on concurrent dec/inc
    - wil6210: fix return code of wmi_mgmt_tx and wmi_mgmt_tx_ext
    - x86/uaccess, ftrace: Fix ftrace_likely_update() vs. SMAP
    - x86/uaccess, signal: Fix AC=1 bloat
    - x86/ia32: Fix ia32_restore_sigcontext() AC leak
    - x86/uaccess: Fix up the fixup
    - chardev: add additional check for minor range overlap
    - sh: sh7786: Add explicit I/O cast to sh7786_mm_sel()
    - HID: core: move Usage Page concatenation to Main item
    - ASoC: eukrea-tlv320: fix a leaked reference by adding missing of_node_put
    - ASoC: fsl_utils: fix a leaked reference by adding missing of_node_put
    - cxgb3/l2t: Fix undefined behaviour
    - clk: renesas: rcar-gen3: Correct parent clock of SYS-DMAC
    - block: pass page to xen_biovec_phys_mergeable
    - clk: renesas: rcar-gen3: Correct parent clock of Audio-DMAC
    - HID: logitech-hidpp: change low battery level threshold from 31 to 30
      percent
    - spi: tegra114: reset controller on probe
    - kobject: Don't trigger kobject_uevent(KOBJ_REMOVE) twice.
    - media: video-mux: fix null pointer dereferences
    - media: wl128x: prevent two potential buffer overflows
    - media: gspca: Kill URBs on USB device disconnect
    - efifb: Omit memory map check on legacy boot
    - thunderbolt: property: Fix a missing check of kzalloc
    - thunderbolt: Fix to check the return value of kmemdup
    - drm: rcar-du: lvds: Set LVEN and LVRES bits together on D3
    - timekeeping: Force upper bound for setting CLOCK_REALTIME
    - scsi: qedf: Add missing return in qedf_post_io_req() in the fcport offload
      check
    - virtio_console: initialize vtermno value for ports
    - tty: ipwireless: fix missing checks for ioremap
    - staging: mt7621-mmc: Initialize completions a single time during probe
    - overflow: Fix -Wtype-limits compilation warnings
    - x86/mce: Fix machine_check_poll() tests for error types
    - rcutorture: Fix cleanup path for invalid torture_type strings
    - x86/mce: Handle varying MCA bank counts
    - rcuperf: Fix cleanup path for invalid perf_type strings
    - rcu: Do a single rhp->func read in rcu_head_after_call_rcu()
    - spi: stm32-qspi: add spi_master_put in release function
    - usb: core: Add PM runtime calls to usb_hcd_platform_shutdown
    - scsi: qla4xxx: avoid freeing unallocated dma memory
    - scsi: lpfc: avoid uninitialized variable warning
    - ice: Prevent unintended multiple chain resets
    - selinux: avoid uninitialized variable warning
    - batman-adv: allow updating DAT entry timeouts on incoming ARP Replies
    - dmaengine: tegra210-adma: use devm_clk_*() helpers
    - x86/CPU/hygon: Fix phys_proc_id calculation logic for multi-die processors
    - staging: mt7621-mmc: Check for nonzero number of scatterlist entries
    - hwrng: omap - Set default quality
    - thunderbolt: Fix to check return value of ida_simple_get
    - thunderbolt: Fix to check for kmemdup failure
    - drm/amd/display: fix releasing planes when exiting odm
    - drm/amd/display: Link train only when link is DP and backend is enabled
    - drm/amd/display: Reset alpha state for planes to the correct values
    - thunderbolt: property: Fix a NULL pointer dereference
    - media: v4l2-fwnode: The first default data lane is 0 on C-PHY
    - media: staging/intel-ipu3: mark PM function as __maybe_unused
    - tinydrm/mipi-dbi: Use dma-safe buffers for all SPI transfers
    - igb: Exclude device from suspend direct complete optimization
    - media: si2165: fix a missing check of return value
    - media: dvbsky: Avoid leaking dvb frontend
    - media: m88ds3103: serialize reset messages in m88ds3103_set_frontend
    - drm/amd/display: add pipe lock during stream update
    - media: staging: davinci_vpfe: disallow building with COMPILE_TEST
    - drm/amd/display: Fix Divide by 0 in memory calculations
    - drm/amd/display: Set stream->mode_changed when connectors change
    - scsi: ufs: fix a missing check of devm_reset_control_get
    - media: vimc: stream: fix thread state before sleep
    - media: gspca: do not resubmit URBs when streaming has stopped
    - media: go7007: avoid clang frame overflow warning with KASAN
    - media: vimc: zero the media_device on probe
    - media: vim2m: replace devm_kzalloc by kzalloc
    - media: cedrus: Add a quirk for not setting DMA offset
    - scsi: lpfc: Fix FDMI manufacturer attribute value
    - scsi: lpfc: Fix fc4type information for FDMI
    - media: saa7146: avoid high stack usage with clang
    - scsi: lpfc: Fix SLI3 commands being issued on SLI4 devices
    - scsi: lpfc: Fix use-after-free mailbox cmd completion
    - audit: fix a memleak caused by auditing load module
    - spi : spi-topcliff-pch: Fix to handle empty DMA buffers
    - drm: writeback: Fix leak of writeback job
    - drm/omap: dsi: Fix PM for display blank with paired dss_pll calls
    - drm/omap: Notify all devices in the pipeline of output disconnection
    - spi: rspi: Fix sequencer reset during initialization
    - regulator: wm831x ldo: Fix notifier mutex lock warning
    - regulator: wm831x isink: Fix notifier mutex lock warning
    - regulator: ltc3676: Fix notifier mutex lock warning
    - regulator: ltc3589: Fix notifier mutex lock warning
    - regulator: pv88060: Fix notifier mutex lock warning
    - spi: imx: stop buffer overflow in RX FIFO flush
    - regulator: lp8755: Fix notifier mutex lock warning
    - regulator: da9211: Fix notifier mutex lock warning
    - regulator: da9063: Fix notifier mutex lock warning
    - regulator: pv88080: Fix notifier mutex lock warning
    - regulator: wm831x: Fix notifier mutex lock warning
    - regulator: pv88090: Fix notifier mutex lock warning
    - regulator: da9062: Fix notifier mutex lock warning
    - regulator: da9055: Fix notifier mutex lock warning
    - spi: Fix zero length xfer bug
    - ASoC: davinci-mcasp: Fix clang warning without CONFIG_PM
    - ASoC: ti: fix davinci_mcasp_probe dependencies
    - drm/v3d: Handle errors from IRQ setup.
    - drm/drv: Hold ref on parent device during drm_device lifetime
    - drm: Wake up next in drm_read() chain if we are forced to putback the event
    - drm/sun4i: dsi: Change the start delay calculation
    - vfio-ccw: Prevent quiesce function going into an infinite loop
    - ice: Put __ICE_PREPARED_FOR_RESET check in ice_prepare_for_reset
    - drm/sun4i: dsi: Enforce boundaries on the start delay
    - NFS: Fix a double unlock from nfs_match,get_client
    - Linux 5.0.20

* Disco update: 5.0.19 upstream stable release (LP: #1837516)
    - ipv6: fix src addr routing with the exception table
    - ipv6: prevent possible fib6 leaks
    - net: Always descend into dsa/
    - net: avoid weird emergency message
    - net/mlx4_core: Change the error print to info print
    - net: test nouarg before dereferencing zerocopy pointers
    - net: usb: qmi_wwan: add Telit 0x1260 and 0x1261 compositions
    - nfp: flower: add rcu locks when accessing netdev for tunnels
    - ppp: deflate: Fix possible crash in deflate_init
    - rtnetlink: always put IFLA_LINK for links with a link-netnsid
    - tipc: switch order of device registration to fix a crash
    - vsock/virtio: free packets during the socket release
    - tipc: fix modprobe tipc failed after switch order of device registration
    - vsock/virtio: Initialize core virtio vsock before registering the driver
    - net/mlx5e: Add missing ethtool driver info for representors
    - net/mlx5e: Additional check for flow destination comparison
    - net/mlx5: Imply MLXFW in mlx5_core
    - net/mlx5e: Fix ethtool rxfh commands when CONFIG_MLX5_EN_RXNFC is disabled
    - blk-mq: free hw queue's resource in hctx's release handler
    - regulator: core: fix error path for regulator_set_voltage_unlocked
    - parisc: Export running_on_qemu symbol for modules
    - parisc: Add memory clobber to TLB purges
    - parisc: Skip registering LED when running in QEMU
    - parisc: Add memory barrier to asm pdc and sync instructions
    - parisc: Allow live-patching of __meminit functions
    - parisc: Use PA_ASM_LEVEL in boot code
    - parisc: Rename LEVEL to PA_ASM_LEVEL to avoid name clash with DRBD code
    - stm class: Fix channel free in stm output free path
    - stm class: Fix channel bitmap on 32-bit systems
    - brd: re-enable __GFP_HIGHMEM in brd_insert_page()
    - proc: prevent changes to overridden credentials
    - Revert "MD: fix lock contention for flush bios"
    - md: batch flush requests.
    - md: add mddev->pers to avoid potential NULL pointer dereference
    - md: add a missing endianness conversion in check_sb_changes
    - dcache: sort the freeing-without-RCU-delay mess for good.
    - intel_th: msu: Fix single mode with IOMMU
    - p54: drop device reference count if fails to enable device
    - of: fix clang -Wunsequenced for be32_to_cpu()
    - brcmfmac: Add DMI nvram filename quirk for ACEPC T8 and T11 mini PCs
    - phy: ti-pipe3: fix missing bit-wise or operator when assigning val
    - media: ov6650: Fix sensor possibly not detected on probe
    - media: imx: csi: Allow unknown nearest upstream entities
    - media: imx: Clear fwnode link struct for each endpoint iteration
    - RDMA/mlx5: Use get_zeroed_page() for clock_info
    - RDMA/ipoib: Allow user space differentiate between valid dev_port
    - NFS4: Fix v4.0 client state corruption when mount
    - PNFS fallback to MDS if no deviceid found
    - clk: hi3660: Mark clk_gate_ufs_subsys as critical
    - clk: tegra: Fix PLLM programming on Tegra124+ when PMC overrides divider
    - clk: mediatek: Disable tuner_en before change PLL rate
    - clk: rockchip: fix wrong clock definitions for rk3328
    - udlfb: delete the unused parameter for dlfb_handle_damage
    - udlfb: fix sleeping inside spinlock
    - udlfb: introduce a rendering mutex
    - fuse: fix writepages on 32bit
    - fuse: honor RLIMIT_FSIZE in fuse_file_fallocate
    - ovl: fix missing upper fs freeze protection on copy up for ioctl
    - gcc-plugins: arm_ssp_per_task_plugin: Fix for older GCC < 6
    - iommu/tegra-smmu: Fix invalid ASID bits on Tegra30/114
    - ceph: flush dirty inodes before proceeding with remount
    - x86_64: Add gap to int3 to allow for call emulation
    - x86_64: Allow breakpoints to emulate call instructions
    - ftrace/x86_64: Emulate call function while updating in breakpoint handler
    - tracing: Fix partial reading of trace event's id file
    - tracing: probeevent: Fix to make the type of $comm string
    - memory: tegra: Fix integer overflow on tick value calculation
    - perf intel-pt: Fix instructions sampling rate
    - perf intel-pt: Fix improved sample timestamp
    - perf intel-pt: Fix sample timestamp wrt non-taken branches
    - MIPS: perf: Fix build with CONFIG_CPU_BMIPS5000 enabled
    - objtool: Allow AR to be overridden with HOSTAR
    - x86/mpx, mm/core: Fix recursive munmap() corruption
    - fbdev/efifb: Ignore framebuffer memmap entries that lack any memory types
    - fbdev: sm712fb: fix brightness control on reboot, don't set SR30
    - fbdev: sm712fb: fix VRAM detection, don't set SR70/71/74/75
    - fbdev: sm712fb: fix white screen of death on reboot, don't set CR3B-CR3F
    - fbdev: sm712fb: fix boot screen glitch when sm712fb replaces VGA
    - fbdev: sm712fb: fix crashes during framebuffer writes by correctly mapping
      VRAM
    - fbdev: sm712fb: fix support for 1024x768-16 mode
    - fbdev: sm712fb: use 1024x768 by default on non-MIPS, fix garbled display
    - fbdev: sm712fb: fix crashes and garbled display during DPMS modesetting
    - PCI: Mark AMD Stoney Radeon R7 GPU ATS as broken
    - PCI: Mark Atheros AR9462 to avoid bus reset
    - PCI: Reset Lenovo ThinkPad P50 nvgpu at boot if necessary
    - PCI: Init PCIe feature bits for managed host bridge alloc
    - PCI/AER: Change pci_aer_init() stub to return void
    - PCI: rcar: Add the initialization of PCIe link in resume_noirq()
    - PCI: Factor out pcie_retrain_link() function
    - PCI: Work around Pericom PCIe-to-PCI bridge Retrain Link erratum
    - dm cache metadata: Fix loading discard bitset
    - dm zoned: Fix zone report handling
    - dm delay: fix a crash when invalid device is specified
    - dm crypt: move detailed message into debug level
    - dm integrity: correctly calculate the size of metadata area
    - dm mpath: always free attached_handler_name in parse_path()
    - fuse: Add FOPEN_STREAM to use stream_open()
    - xfrm: policy: Fix out-of-bound array accesses in __xfrm_policy_unlink
    - xfrm: Reset secpath in xfrm failure
    - xfrm6_tunnel: Fix potential panic when unloading xfrm6_tunnel module
    - vti4: ipip tunnel deregistration fixes.
    - xfrm: clean up xfrm protocol checks
    - esp4: add length check for UDP encapsulation
    - xfrm: Honor original L3 slave device in xfrmi policy lookup
    - xfrm4: Fix uninitialized memory read in _decode_session4
    - ARC: PAE40: don't panic and instead turn off hw ioc
    - clk: sunxi-ng: nkmp: Avoid GENMASK(-1, 0)
    - KVM: PPC: Book3S HV: Perserve PSSCR FAKE_SUSPEND bit on guest exit
    - KVM: PPC: Book3S: Protect memslots while validating user address
    - power: supply: cpcap-battery: Fix division by zero
    - securityfs: fix use-after-free on symlink traversal
    - apparmorfs: fix use-after-free on symlink traversal
    - PCI: Fix issue with "pci=disable_acs_redir" parameter being ignored
    - x86: kvm: hyper-v: deal with buggy TLB flush requests from WS2012
    - mac80211: Fix kernel panic due to use of txq after free
    - net: ieee802154: fix missing checks for regmap_update_bits
    - KVM: arm/arm64: Ensure vcpu target is unset on reset failure
    - power: supply: sysfs: prevent endless uevent loop with
      CONFIG_POWER_SUPPLY_DEBUG
    - tools: bpftool: fix infinite loop in map create
    - bpf: Fix preempt_enable_no_resched() abuse
    - qmi_wwan: new Wistron, ZTE and D-Link devices
    - iwlwifi: mvm: check for length correctness in iwl_mvm_create_skb()
    - sched/cpufreq: Fix kobject memleak
    - x86/mm/mem_encrypt: Disable all instrumentation for early SME setup
    - KVM: fix KVM_CLEAR_DIRTY_LOG for memory slots of unaligned size
    - KVM: selftests: make hyperv_cpuid test pass on AMD
    - ufs: fix braino in ufs_get_inode_gid() for solaris UFS flavour
    - i2c: designware: ratelimit 'transfer when suspended' errors
    - perf bench numa: Add define for RUSAGE_THREAD if not present
    - perf cs-etm: Always allocate memory for cs_etm_queue::prev_packet
    - perf/x86/intel: Fix race in intel_pmu_disable_event()
    - Revert "Don't jump to compute_result state from check_result state"
    - md/raid: raid5 preserve the writeback action after the parity check
    - driver core: Postpone DMA tear-down until after devres release for probe
      failure
    - bpf: relax inode permission check for retrieving bpf program
    - bpf: add map_lookup_elem_sys_only for lookups from syscall side
    - bpf, lru: avoid messing with eviction heuristics upon syscall lookup
    - fbdev: sm712fb: fix memory frequency by avoiding a switch/case fallthrough
    - Linux 5.0.19

* CVE-2019-13648
    - powerpc/tm: Fix oops on sigreturn on systems without TM

* bcache kernel warning when attaching device (LP: #1837788)
    - bcache: only set BCACHE_DEV_WB_RUNNING when cached device attached

* CVE-2019-14283
    - floppy: fix out-of-bounds read in copy_buffer

* CVE-2019-14284
    - floppy: fix div-by-zero in setup_format_params

* alsa/hda: neither mute led nor mic-mute led work on several Lenovo laptops
    (LP: #1837963)
    - SAUCE: ALSA: hda - Add a conexant codec entry to let mute led work

-- Khalid Elmously <khalid.elmously@canonical.com>  Tue, 20 Aug 2019 15:25:30 -0400

Changed in linux (Ubuntu Disco):
status:	Fix Committed → Fix Released

Revision history for this message

Kleber Sacilotto de Souza (kleber-souza) wrote on 2019-09-03:

#8

The tag verification-needed-bionic has been wrongly added by the bot, the fixes for this bug hasn't been merged yet. I'm removing the tag.

tags:

removed: verification-done-bionic

Kleber Sacilotto de Souza (kleber-souza) on 2019-09-03

Changed in linux (Ubuntu Bionic):
status:	In Progress → Fix Committed

Revision history for this message

Ubuntu Kernel Bot (ubuntu-kernel-bot) wrote on 2019-09-11:

#9

This bug is awaiting verification that the kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-bionic' to 'verification-done-bionic'. If the problem still exists, change the tag 'verification-needed-bionic' to 'verification-failed-bionic'.

If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you!

tags:

added: verification-needed-bionic

Christian Brauner (cbrauner) on 2019-09-16

tags:

added: verification-done-bionic
removed: verification-needed-bionic

Revision history for this message

Launchpad Janitor (janitor) wrote on 2019-09-30:

#10

Download full text (20.2 KiB)

This bug was fixed in the package linux - 4.15.0-65.74

---------------
linux (4.15.0-65.74) bionic; urgency=medium

* bionic/linux: 4.15.0-65.74 -proposed tracker (LP: #1844403)

  * arm64: large modules fail to load (LP: #1841109)
    - arm64/kernel: kaslr: reduce module randomization range to 4 GB
    - arm64/kernel: don't ban ADRP to work around Cortex-A53 erratum #843419
    - arm64: fix undefined reference to 'printk'
    - arm64/kernel: rename module_emit_adrp_veneer->module_emit_veneer_for_adrp
    - [config] Remove CONFIG_ARM64_MODULE_CMODEL_LARGE

* CVE-2018-20976
- xfs: clear sb->s_fs_info on mount failure

  * br_netfilter: namespace sysctl operations (LP: #1836910)
    - net: bridge: add bitfield for options and convert vlan opts
    - net: bridge: convert nf call options to bits
    - netfilter: bridge: port sysctls to use brnf_net
    - netfilter: bridge: namespace bridge netfilter sysctls
    - netfilter: bridge: prevent UAF in brnf_exit_net()

* tuntap: correctly set SOCKWQ_ASYNC_NOSPACE (LP: #1830756)
- tuntap: correctly set SOCKWQ_ASYNC_NOSPACE

  * Bionic update: upstream stable patchset 2019-08-30 (LP: #1842114)
    - HID: Add 044f:b320 ThrustMaster, Inc. 2 in 1 DT
    - MIPS: kernel: only use i8253 clocksource with periodic clockevent
    - mips: fix cacheinfo
    - netfilter: ebtables: fix a memory leak bug in compat
    - ASoC: dapm: Fix handling of custom_stop_condition on DAPM graph walks
    - bonding: Force slave speed check after link state recovery for 802.3ad
    - can: dev: call netif_carrier_off() in register_candev()
    - ASoC: Fail card instantiation if DAI format setup fails
    - st21nfca_connectivity_event_received: null check the allocation
    - st_nci_hci_connectivity_event_received: null check the allocation
    - ASoC: ti: davinci-mcasp: Correct slot_width posed constraint
    - net: usb: qmi_wwan: Add the BroadMobi BM818 card
    - qed: RDMA - Fix the hw_ver returned in device attributes
    - isdn: mISDN: hfcsusb: Fix possible null-pointer dereferences in
      start_isoc_chain()
    - netfilter: ipset: Fix rename concurrency with listing
    - isdn: hfcsusb: Fix mISDN driver crash caused by transfer buffer on the stack
    - perf bench numa: Fix cpu0 binding
    - can: sja1000: force the string buffer NULL-terminated
    - can: peak_usb: force the string buffer NULL-terminated
    - net/ethernet/qlogic/qed: force the string buffer NULL-terminated
    - NFSv4: Fix a potential sleep while atomic in nfs4_do_reclaim()
    - HID: input: fix a4tech horizontal wheel custom usage
    - SMB3: Kernel oops mounting a encryptData share with CONFIG_DEBUG_VIRTUAL
    - net: cxgb3_main: Fix a resource leak in a error path in 'init_one()'
    - net: hisilicon: make hip04_tx_reclaim non-reentrant
    - net: hisilicon: fix hip04-xmit never return TX_BUSY
    - net: hisilicon: Fix dma_map_single failed on arm64
    - libata: have ata_scsi_rw_xlat() fail invalid passthrough requests
    - libata: add SG safety checks in SFF pio transfers
    - x86/lib/cpu: Address missing prototypes warning
    - drm/vmwgfx: fix memory leak when too many retries have occurred
    - perf ftrace: Fix failure to set cpuma...

This bug was fixed in the package linux - 4.15.0-65.74

---------------
linux (4.15.0-65.74) bionic; urgency=medium

* bionic/linux: 4.15.0-65.74 -proposed tracker (LP: #1844403)

* arm64: large modules fail to load (LP: #1841109)
    - arm64/kernel: kaslr: reduce module randomization range to 4 GB
    - arm64/kernel: don't ban ADRP to work around Cortex-A53 erratum #843419
    - arm64: fix undefined reference to 'printk'
    - arm64/kernel: rename module_emit_adrp_veneer->module_emit_veneer_for_adrp
    - [config] Remove CONFIG_ARM64_MODULE_CMODEL_LARGE

* CVE-2018-20976
    - xfs: clear sb->s_fs_info on mount failure

* br_netfilter: namespace sysctl operations (LP: #1836910)
    - net: bridge: add bitfield for options and convert vlan opts
    - net: bridge: convert nf call options to bits
    - netfilter: bridge: port sysctls to use brnf_net
    - netfilter: bridge: namespace bridge netfilter sysctls
    - netfilter: bridge: prevent UAF in brnf_exit_net()

* tuntap: correctly set SOCKWQ_ASYNC_NOSPACE (LP: #1830756)
    - tuntap: correctly set SOCKWQ_ASYNC_NOSPACE

* Bionic update: upstream stable patchset 2019-08-30 (LP: #1842114)
    - HID: Add 044f:b320 ThrustMaster, Inc. 2 in 1 DT
    - MIPS: kernel: only use i8253 clocksource with periodic clockevent
    - mips: fix cacheinfo
    - netfilter: ebtables: fix a memory leak bug in compat
    - ASoC: dapm: Fix handling of custom_stop_condition on DAPM graph walks
    - bonding: Force slave speed check after link state recovery for 802.3ad
    - can: dev: call netif_carrier_off() in register_candev()
    - ASoC: Fail card instantiation if DAI format setup fails
    - st21nfca_connectivity_event_received: null check the allocation
    - st_nci_hci_connectivity_event_received: null check the allocation
    - ASoC: ti: davinci-mcasp: Correct slot_width posed constraint
    - net: usb: qmi_wwan: Add the BroadMobi BM818 card
    - qed: RDMA - Fix the hw_ver returned in device attributes
    - isdn: mISDN: hfcsusb: Fix possible null-pointer dereferences in
      start_isoc_chain()
    - netfilter: ipset: Fix rename concurrency with listing
    - isdn: hfcsusb: Fix mISDN driver crash caused by transfer buffer on the stack
    - perf bench numa: Fix cpu0 binding
    - can: sja1000: force the string buffer NULL-terminated
    - can: peak_usb: force the string buffer NULL-terminated
    - net/ethernet/qlogic/qed: force the string buffer NULL-terminated
    - NFSv4: Fix a potential sleep while atomic in nfs4_do_reclaim()
    - HID: input: fix a4tech horizontal wheel custom usage
    - SMB3: Kernel oops mounting a encryptData share with CONFIG_DEBUG_VIRTUAL
    - net: cxgb3_main: Fix a resource leak in a error path in 'init_one()'
    - net: hisilicon: make hip04_tx_reclaim non-reentrant
    - net: hisilicon: fix hip04-xmit never return TX_BUSY
    - net: hisilicon: Fix dma_map_single failed on arm64
    - libata: have ata_scsi_rw_xlat() fail invalid passthrough requests
    - libata: add SG safety checks in SFF pio transfers
    - x86/lib/cpu: Address missing prototypes warning
    - drm/vmwgfx: fix memory leak when too many retries have occurred
    - perf ftrace: Fix failure to set cpumask when only one cpu is present
    - perf cpumap: Fix writing to illegal memory in handling cpumap mask
    - perf pmu-events: Fix missing "cpu_clk_unhalted.core" event
    - selftests: kvm: Adding config fragments
    - HID: wacom: correct misreported EKR ring values
    - HID: wacom: Correct distance scale for 2nd-gen Intuos devices
    - Revert "dm bufio: fix deadlock with loop device"
    - ceph: don't try fill file_lock on unsuccessful GETFILELOCK reply
    - libceph: fix PG split vs OSD (re)connect race
    - drm/nouveau: Don't retry infinitely when receiving no data on i2c over AUX
    - gpiolib: never report open-drain/source lines as 'input' to user-space
    - userfaultfd_release: always remove uffd flags and clear vm_userfaultfd_ctx
    - x86/retpoline: Don't clobber RFLAGS during CALL_NOSPEC on i386
    - x86/apic: Handle missing global clockevent gracefully
    - x86/CPU/AMD: Clear RDRAND CPUID bit on AMD family 15h/16h
    - x86/boot: Save fields explicitly, zero out everything else
    - x86/boot: Fix boot regression caused by bootparam sanitizing
    - dm kcopyd: always complete failed jobs
    - dm btree: fix order of block initialization in btree_split_beneath
    - dm space map metadata: fix missing store of apply_bops() return value
    - dm table: fix invalid memory accesses with too high sector number
    - dm zoned: improve error handling in reclaim
    - dm zoned: improve error handling in i/o map code
    - dm zoned: properly handle backing device failure
    - genirq: Properly pair kobject_del() with kobject_add()
    - mm, page_owner: handle THP splits correctly
    - mm/zsmalloc.c: migration can leave pages in ZS_EMPTY indefinitely
    - mm/zsmalloc.c: fix race condition in zs_destroy_pool
    - xfs: fix missing ILOCK unlock when xfs_setattr_nonsize fails due to EDQUOT
    - dm zoned: fix potential NULL dereference in dmz_do_reclaim()
    - powerpc: Allow flush_(inval_)dcache_range to work across ranges >4GB
    - can: mcp251x: add error check when wq alloc failed
    - netfilter: ipset: Actually allow destination MAC address for hash:ip,mac
      sets too
    - netfilter: ipset: Copy the right MAC address in bitmap:ip,mac and
      hash:ip,mac sets
    - rxrpc: Fix the lack of notification when sendmsg() fails on a DATA packet
    - net: phy: phy_led_triggers: Fix a possible null-pointer dereference in
      phy_led_trigger_change_speed()
    - NFS: Fix regression whereby fscache errors are appearing on 'nofsc' mounts
    - net: stmmac: Fix issues when number of Queues >= 4
    - KVM: arm64: Don't write junk to sysregs on reset
    - KVM: arm: Don't write junk to CP15 registers on reset
    - xfs: don't trip over uninitialized buffer on extent read of corrupted inode
    - xfs: Move fs/xfs/xfs_attr.h to fs/xfs/libxfs/xfs_attr.h
    - xfs: Add helper function xfs_attr_try_sf_addname
    - xfs: Add attibute remove and helper functions

* Bionic update: upstream stable patchset 2019-08-27 (LP: #1841652)
    - sh: kernel: hw_breakpoint: Fix missing break in switch statement
    - mm/usercopy: use memory range to be accessed for wraparound check
    - mm/memcontrol.c: fix use after free in mem_cgroup_iter()
    - bpf: get rid of pure_initcall dependency to enable jits
    - bpf: restrict access to core bpf sysctls
    - bpf: add bpf_jit_limit knob to restrict unpriv allocations
    - xtensa: add missing isync to the cpu_reset TLB code
    - ALSA: hda - Apply workaround for another AMD chip 1022:1487
    - ALSA: hda - Fix a memory leak bug
    - HID: holtek: test for sanity of intfdata
    - HID: hiddev: avoid opening a disconnected device
    - HID: hiddev: do cleanup in failure of opening a device
    - Input: kbtab - sanity check for endpoint type
    - Input: iforce - add sanity checks
    - net: usb: pegasus: fix improper read if get_registers() fail
    - netfilter: ebtables: also count base chain policies
    - clk: at91: generated: Truncate divisor to GENERATED_MAX_DIV + 1
    - clk: renesas: cpg-mssr: Fix reset control race condition
    - xen/pciback: remove set but not used variable 'old_state'
    - irqchip/gic-v3-its: Free unused vpt_page when alloc vpe table fail
    - irqchip/irq-imx-gpcv2: Forward irq type to parent
    - perf header: Fix divide by zero error if f_header.attr_size==0
    - perf header: Fix use of unitialized value warning
    - libata: zpodd: Fix small read overflow in zpodd_get_mech_type()
    - drm/bridge: lvds-encoder: Fix build error while CONFIG_DRM_KMS_HELPER=m
    - scsi: hpsa: correct scsi command status issue after reset
    - scsi: qla2xxx: Fix possible fcport null-pointer dereferences
    - ata: libahci: do not complain in case of deferred probe
    - kbuild: modpost: handle KBUILD_EXTRA_SYMBOLS only for external modules
    - arm64/efi: fix variable 'si' set but not used
    - arm64: unwind: Prohibit probing on return_address()
    - arm64/mm: fix variable 'pud' set but not used
    - IB/core: Add mitigation for Spectre V1
    - IB/mad: Fix use-after-free in ib mad completion handling
    - drm: msm: Fix add_gpu_components
    - ocfs2: remove set but not used variable 'last_hash'
    - asm-generic: fix -Wtype-limits compiler warnings
    - KVM: arm/arm64: Sync ICH_VMCR_EL2 back when about to block
    - staging: comedi: dt3000: Fix signed integer overflow 'divider * base'
    - staging: comedi: dt3000: Fix rounding up of timer divisor
    - iio: adc: max9611: Fix temperature reading in probe
    - USB: core: Fix races in character device registration and deregistraion
    - usb: gadget: udc: renesas_usb3: Fix sysfs interface of "role"
    - usb: cdc-acm: make sure a refcount is taken early enough
    - USB: CDC: fix sanity checks in CDC union parser
    - USB: serial: option: add D-Link DWM-222 device ID
    - USB: serial: option: Add support for ZTE MF871A
    - USB: serial: option: add the BroadMobi BM818 card
    - USB: serial: option: Add Motorola modem UARTs
    - bpf: fix bpf_jit_limit knob for PAGE_SIZE >= 64K
    - arm64: ftrace: Ensure module ftrace trampoline is coherent with I-side
    - netfilter: conntrack: Use consistent ct id hash calculation
    - Input: psmouse - fix build error of multiple definition
    - iommu/amd: Move iommu_init_pci() to .init section
    - bnx2x: Fix VF's VLAN reconfiguration in reload.
    - net/mlx4_en: fix a memory leak bug
    - net/packet: fix race in tpacket_snd()
    - sctp: fix the transport error_count check
    - xen/netback: Reset nr_frags before freeing skb
    - net/mlx5e: Only support tx/rx pause setting for port owner
    - net/mlx5e: Use flow keys dissector to parse packets for ARFS
    - team: Add vlan tx offload to hw_enc_features
    - bonding: Add vlan tx offload to hw_enc_features
    - mmc: sdhci-of-arasan: Do now show error message in case of deffered probe
    - xfrm: policy: remove pcpu policy cache
    - mm/hmm: fix bad subpage pointer in try_to_unmap_one
    - mm: mempolicy: make the behavior consistent when MPOL_MF_MOVE* and
      MPOL_MF_STRICT were specified
    - mm: mempolicy: handle vma with unmovable pages mapped correctly in mbind
    - riscv: Make __fstate_clean() work correctly.
    - Revert "kmemleak: allow to coexist with fault injection"
    - sctp: fix memleak in sctp_send_reset_streams

* Bionic update: upstream stable patchset 2019-08-16 (LP: #1840520)
    - iio: adc: max9611: Fix misuse of GENMASK macro
    - crypto: ccp - Fix oops by properly managing allocated structures
    - crypto: ccp - Ignore tag length when decrypting GCM ciphertext
    - usb: usbfs: fix double-free of usb memory upon submiturb error
    - usb: iowarrior: fix deadlock on disconnect
    - sound: fix a memory leak bug
    - mmc: cavium: Set the correct dma max segment size for mmc_host
    - mmc: cavium: Add the missing dma unmap when the dma has finished.
    - loop: set PF_MEMALLOC_NOIO for the worker thread
    - Input: synaptics - enable RMI mode for HP Spectre X360
    - lkdtm: support llvm-objcopy
    - crypto: ccp - Validate buffer lengths for copy operations
    - crypto: ccp - Add support for valid authsize values less than 16
    - perf annotate: Fix s390 gap between kernel end and module start
    - perf db-export: Fix thread__exec_comm()
    - perf record: Fix module size on s390
    - usb: host: xhci-rcar: Fix timeout in xhci_suspend()
    - usb: yurex: Fix use-after-free in yurex_delete
    - can: rcar_canfd: fix possible IRQ storm on high load
    - can: peak_usb: fix potential double kfree_skb()
    - netfilter: nfnetlink: avoid deadlock due to synchronous request_module
    - vfio-ccw: Set pa_nr to 0 if memory allocation fails for pa_iova_pfn
    - netfilter: Fix rpfilter dropping vrf packets by mistake
    - netfilter: nft_hash: fix symhash with modulus one
    - scripts/sphinx-pre-install: fix script for RHEL/CentOS
    - iscsi_ibft: make ISCSI_IBFT dependson ACPI instead of ISCSI_IBFT_FIND
    - mac80211: don't warn about CW params when not using them
    - hwmon: (nct6775) Fix register address and added missed tolerance for nct6106
    - drm: silence variable 'conn' set but not used
    - cpufreq/pasemi: fix use-after-free in pas_cpufreq_cpu_init()
    - s390/qdio: add sanity checks to the fast-requeue path
    - ALSA: compress: Fix regression on compressed capture streams
    - ALSA: compress: Prevent bypasses of set_params
    - ALSA: compress: Don't allow paritial drain operations on capture streams
    - ALSA: compress: Be more restrictive about when a drain is allowed
    - perf tools: Fix proper buffer size for feature processing
    - perf probe: Avoid calling freeing routine multiple times for same pointer
    - drbd: dynamically allocate shash descriptor
    - ACPI/IORT: Fix off-by-one check in iort_dev_find_its_id()
    - ARM: davinci: fix sleep.S build error on ARMv4
    - scsi: megaraid_sas: fix panic on loading firmware crashdump
    - scsi: ibmvfc: fix WARN_ON during event pool release
    - scsi: scsi_dh_alua: always use a 2 second delay before retrying RTPG
    - test_firmware: fix a memory leak bug
    - tty/ldsem, locking/rwsem: Add missing ACQUIRE to read_failed sleep loop
    - perf/core: Fix creating kernel counters for PMUs that override event->cpu
    - HID: sony: Fix race condition between rumble and device remove.
    - can: peak_usb: pcan_usb_pro: Fix info-leaks to USB devices
    - can: peak_usb: pcan_usb_fd: Fix info-leaks to USB devices
    - hwmon: (nct7802) Fix wrong detection of in4 presence
    - drm/i915: Fix wrong escape clock divisor init for GLK
    - ALSA: firewire: fix a memory leak bug
    - ALSA: hda - Don't override global PCM hw info flag
    - ALSA: hda - Workaround for crackled sound on AMD controller (1022:1457)
    - mac80211: don't WARN on short WMM parameters from AP
    - SMB3: Fix deadlock in validate negotiate hits reconnect
    - smb3: send CAP_DFS capability during session setup
    - NFSv4: Only pass the delegation to setattr if we're sending a truncate
    - NFSv4: Fix an Oops in nfs4_do_setattr
    - KVM: Fix leak vCPU's VMCS value into other pCPU
    - mwifiex: fix 802.11n/WPA detection
    - iwlwifi: don't unmap as page memory that was mapped as single
    - iwlwifi: mvm: fix an out-of-bound access
    - iwlwifi: mvm: don't send GEO_TX_POWER_LIMIT on version < 41
    - iwlwifi: mvm: fix version check for GEO_TX_POWER_LIMIT support
    - iio: cros_ec_accel_legacy: Fix incorrect channel setting
    - staging: android: ion: Bail out upon SIGKILL when allocating memory.
    - x86/purgatory: Use CFLAGS_REMOVE rather than reset KBUILD_CFLAGS
    - usb: typec: tcpm: free log buf memory when remove debug file
    - usb: typec: tcpm: remove tcpm dir if no children
    - usb: typec: tcpm: Add NULL check before dereferencing config
    - netfilter: conntrack: always store window size un-scaled
    - drm/amd/display: Wait for backlight programming completion in set backlight
      level
    - drm/amd/display: use encoder's engine id to find matched free audio device
    - drm/amd/display: Fix dc_create failure handling and 666 color depths
    - drm/amd/display: Only enable audio if speaker allocation exists
    - drm/amd/display: Increase size of audios array
    - allocate_flower_entry: should check for null deref
    - s390/dma: provide proper ARCH_ZONE_DMA_BITS value
    - ALSA: hiface: fix multiple memory leak bugs

* Bionic update: upstream stable patchset 2019-08-15 (LP: #1840378)
    - scsi: fcoe: Embed fc_rport_priv in fcoe_rport structure
    - ARM: dts: Add pinmuxing for i2c2 and i2c3 for LogicPD SOM-LV
    - ARM: dts: Add pinmuxing for i2c2 and i2c3 for LogicPD torpedo
    - HID: wacom: fix bit shift for Cintiq Companion 2
    - HID: Add quirk for HP X1200 PIXART OEM mouse
    - RDMA: Directly cast the sockaddr union to sockaddr
    - IB: directly cast the sockaddr union to aockaddr
    - atm: iphase: Fix Spectre v1 vulnerability
    - ife: error out when nla attributes are empty
    - ip6_tunnel: fix possible use-after-free on xmit
    - net: bridge: delete local fdb on device init failure
    - net: bridge: mcast: don't delete permanent entries when fast leave is
      enabled
    - net: fix ifindex collision during namespace removal
    - net/mlx5: Use reversed order when unregister devices
    - net: phylink: Fix flow control for fixed-link
    - net: sched: Fix a possible null-pointer dereference in dequeue_func()
    - NFC: nfcmrvl: fix gpio-handling regression
    - tipc: compat: allow tipc commands without arguments
    - compat_ioctl: pppoe: fix PPPOEIOCSFWD handling
    - net/mlx5e: Prevent encap flow counter update async to user query
    - tun: mark small packets as owned by the tap sock
    - mvpp2: refactor MTU change code
    - bnx2x: Disable multi-cos feature.
    - cgroup: Call cgroup_release() before __exit_signal()
    - cgroup: Implement css_task_iter_skip()
    - cgroup: Include dying leaders with live threads in PROCS iterations
    - cgroup: css_task_iter_skip()'d iterators must be advanced before accessed
    - cgroup: Fix css_task_iter_advance_css_set() cset skip condition
    - spi: bcm2835: Fix 3-wire mode if DMA is enabled
    - driver core: Establish order of operations for device_add and device_del via
      bitflag
    - drivers/base: Introduce kill_device()
    - libnvdimm/bus: Prevent duplicate device_unregister() calls
    - libnvdimm/region: Register badblocks before namespaces
    - libnvdimm/bus: Prepare the nd_ioctl() path to be re-entrant
    - libnvdimm/bus: Fix wait_nvdimm_bus_probe_idle() ABBA deadlock
    - ipip: validate header length in ipip_tunnel_xmit
    - mvpp2: fix panic on module removal
    - net/mlx5: Fix modify_cq_in alignment
    - r8169: don't use MSI before RTL8168d

* VIMC module not available (CONFIG_VIDEO_VIMC not set) (LP: #1831482)
    - [Config] Enable VIMC module

* reboot will introduce an alarm 'beep ...' during BIOS phase (LP: #1840395)
    - ALSA: hda - Let all conexant codec enter D3 when rebooting
    - ALSA: hda - Add a generic reboot_notify

* Include Sunix serial/parallel driver (LP: #1826716)
    - serial: 8250_pci: Add support for Sunix serial boards
    - parport: parport_serial: Add support for Sunix Multi I/O boards

* Intel HDMI audio print "Unable to sync register" errors (LP: #1840394)
    - ALSA: hda - Don't resume forcibly i915 HDMI/DP codec

* Support cpufreq, thermal sensors & cooling cells on iMX6Q based Nitrogen6x
    board (LP: #1840437)
    - arm: imx: Add MODULE_ALIAS for cpufreq
    - ARM: dts: imx: Add missing OPP properties for CPUs
    - ARM: dts: imx7d: use operating-points-v2 for cpu
    - ARM: dts: imx7d: remove "operating-points" property for cpu1
    - ARM: dts: imx: add cooling-cells for cpufreq cooling device
    - ARM: dts: imx6: add thermal sensor and cooling cells

* hns3: ring buffer race leads can cause corruption (LP: #1840717)
    - net: hns3: minor optimization for ring_space
    - net: hns3: fix data race between ring->next_to_clean
    - net: hns3: optimize the barrier using when cleaning TX BD

* Bionic build broken if CONFIG_MODVERSIONS enabled (LP: #1840321)
    - Revert "genksyms: Teach parser about 128-bit built-in types"

* [bionic] drm/i915: softpin broken, needs to be fixed for 32bit mesa
    (LP: #1815172)
    - SAUCE: drm/i915: Partially revert d6edad3777c28ea

* Goodix touchpad may drop first input event (LP: #1840075)
    - mfd: intel-lpss: Remove D3cold delay

* NULL pointer dereference when Inserting the VIMC module (LP: #1840028)
    - media: vimc: fix component match compare

* Fix touchpad IRQ storm after S3 (LP: #1841396)
    - pinctrl: intel: remap the pin number to gpio offset for irq enabled pin

* [SRU][B/OEM-B/OEM-OSP1/D] UBUNTU: SAUCE: enable middle button for one more
    ThinkPad (LP: #1841722)
    - SAUCE: Input: elantech - enable middle button for one more ThinkPad

* Test 391/u and 391/p from ubuntu_bpf failed on B (LP: #1841704)
    - SAUCE: Fix "bpf: improve verifier branch analysis"

* crypto/testmgr.o fails to build due to struct cipher_testvec not having data
    members: ctext, ptext, len (LP: #1841264)
    - SAUCE: Revert "crypto: testmgr - add AES-CFB tests"

* Bionic QEMU with Bionic Kernel hangs in AMD FX-8350 with cpu-host as
    passthrough (LP: #1834522)
    - KVM: SVM: install RSM intercept
    - KVM: x86: SVM: Set EMULTYPE_NO_REEXECUTE for RSM emulation

-- Kleber Sacilotto de Souza <kleber.souza@canonical.com>  Tue, 17 Sep 2019 18:12:26 +0200

Changed in linux (Ubuntu Bionic):
status:	Fix Committed → Fix Released

Ubuntu
linux package

br_netfilter: namespace sysctl operations

Bug Description

CVE References

Other bug subscribers

Remote bug watches

	Status	Importance	Assigned to
linux (Ubuntu)	Fix Released	Undecided	Unassigned
Bionic	Fix Released	Medium	Connor Kuehl
Disco	Fix Released	Medium	Connor Kuehl

Ubuntulinux package

br_netfilter: namespace sysctl operations

Bug Description

CVE References

Other bug subscribers

Remote bug watches

Ubuntu
linux package