Disco update: upstream stable patchset 2019-10-16

Bug #1848367 reported by Kamal Mostafa on 2019-10-16
This bug affects 1 person
Affects Status Importance Assigned to Milestone
linux (Ubuntu)
Kamal Mostafa

Bug Description

SRU Justification

       The upstream process for stable tree updates is quite similar
       in scope to the Ubuntu SRU process, e.g., each patch has to
       demonstrably fix a bug, and each patch is vetted by upstream
       by originating either directly from a mainline/stable Linux tree or
       a minimally backported form of that patch. The following upstream
       stable patches should be included in the Ubuntu kernel:

       upstream stable patchset 2019-10-16

  Ported from the following upstream stable releases:
   v4.19.77, v5.2.19

       from git://git.kernel.org/

arcnet: provide a buffer big enough to actually receive packets
cdc_ncm: fix divide-by-zero caused by invalid wMaxPacketSize
macsec: drop skb sk before calling gro_cells_receive
net/phy: fix DP83865 10 Mbps HDX loopback disable function
net: qrtr: Stop rx_worker before freeing node
net/sched: act_sample: don't push mac header on ip6gre ingress
net_sched: add max len check for TCA_KIND
nfp: flower: fix memory leak in nfp_flower_spawn_vnic_reprs
openvswitch: change type of UPCALL_PID attribute to NLA_UNSPEC
ppp: Fix memory leak in ppp_write
sch_netem: fix a divide by zero in tabledist()
skge: fix checksum byte order
usbnet: ignore endpoints with invalid wMaxPacketSize
usbnet: sanity checking of packet sizes and device mtu
net: sched: fix possible crash in tcf_action_destroy()
tcp: better handle TCP_USER_TIMEOUT in SYN_SENT state
net/mlx5: Add device ID of upcoming BlueField-2
nfp: flower: prevent memory leak in nfp_flower_spawn_phy_reprs
ALSA: hda: Flush interrupts on disabling
regulator: lm363x: Fix off-by-one n_voltages for lm3632 ldo_vpos/ldo_vneg
ASoC: tlv320aic31xx: suppress error message for EPROBE_DEFER
ASoC: sgtl5000: Fix of unmute outputs on probe
ASoC: sgtl5000: Fix charge pump source assignment
firmware: qcom_scm: Use proper types for dma mappings
dmaengine: bcm2835: Print error in case setting DMA mask fails
leds: leds-lp5562 allow firmware files up to the maximum length
media: dib0700: fix link error for dibx000_i2c_set_speed
media: mtk-cir: lower de-glitch counter for rc-mm protocol
media: exynos4-is: fix leaked of_node references
media: hdpvr: Add device num check and handling
media: i2c: ov5640: Check for devm_gpiod_get_optional() error
time/tick-broadcast: Fix tick_broadcast_offline() lockdep complaint
sched/fair: Fix imbalance due to CPU affinity
sched/core: Fix CPU controller for !RT_GROUP_SCHED
x86/apic: Make apic_pending_intr_clear() more robust
sched/deadline: Fix bandwidth accounting at all levels after offline migration
x86/reboot: Always use NMI fallback when shutdown via reboot vector IPI fails
x86/apic: Soft disable APIC before initializing it
ALSA: hda - Show the fatal CORB/RIRB error more clearly
ALSA: i2c: ak4xxx-adda: Fix a possible null pointer dereference in build_adc_controls()
EDAC/mc: Fix grain_bits calculation
media: iguanair: add sanity checks
base: soc: Export soc_device_register/unregister APIs
ALSA: usb-audio: Skip bSynchAddress endpoint check if it is invalid
ia64:unwind: fix double free for mod->arch.init_unw_table
EDAC/altera: Use the proper type for the IRQ status bits
ASoC: rsnd: don't call clk_get_rate() under atomic context
arm64/prefetch: fix a -Wtype-limits warning
md/raid1: end bio when the device faulty
md: don't call spare_active in md_reap_sync_thread if all member devices can't work
md: don't set In_sync if array is frozen
media: media/platform: fsl-viu.c: fix build for MICROBLAZE
ACPI / processor: don't print errors for processorIDs == 0xff
loop: Add LOOP_SET_DIRECT_IO to compat ioctl
EDAC, pnd2: Fix ioremap() size in dnv_rd_reg()
efi: cper: print AER info of PCIe fatal error
firmware: arm_scmi: Check if platform has released shmem before using
sched/fair: Use rq_lock/unlock in online_fair_sched_group
idle: Prevent late-arriving interrupts from disrupting offline
media: gspca: zero usb_buf on error
perf config: Honour $PERF_CONFIG env var to specify alternate .perfconfig
perf test vfs_getname: Disable ~/.perfconfig to get default output
media: mtk-mdp: fix reference count on old device tree
media: fdp1: Reduce FCP not found message level to debug
media: em28xx: modules workqueue not inited for 2nd device
media: rc: imon: Allow iMON RC protocol for ffdc 7e device
dmaengine: iop-adma: use correct printk format strings
perf record: Support aarch64 random socket_id assignment
media: vsp1: fix memory leak of dl on error return path
media: i2c: ov5645: Fix power sequence
media: omap3isp: Don't set streaming state on random subdevs
media: imx: mipi csi-2: Don't fail if initial state times-out
net: lpc-enet: fix printk format strings
m68k: Prevent some compiler warnings in Coldfire builds
ARM: dts: imx7d: cl-som-imx7: make ethernet work again
ARM: dts: imx7-colibri: disable HS400
media: radio/si470x: kill urb on error
media: hdpvr: add terminating 0 at end of string
ASoC: uniphier: Fix double reset assersion when transitioning to suspend state
tools headers: Fixup bitsperlong per arch includes
ASoC: sun4i-i2s: Don't use the oversample to calculate BCLK
led: triggers: Fix a memory leak bug
nbd: add missing config put
media: mceusb: fix (eliminate) TX IR signal length limit
media: dvb-frontends: use ida for pll number
posix-cpu-timers: Sanitize bogus WARNONS
media: dvb-core: fix a memory leak bug
libperf: Fix alignment trap with xyarray contents in 'perf stat'
EDAC/amd64: Recognize DRAM device type ECC capability
EDAC/amd64: Decode syndrome before translating address
PM / devfreq: passive: Use non-devm notifiers
PM / devfreq: exynos-bus: Correct clock enable sequence
media: cec-notifier: clear cec_adap in cec_notifier_unregister
media: saa7146: add cleanup in hexium_attach()
media: cpia2_usb: fix memory leaks
media: saa7134: fix terminology around saa7134_i2c_eeprom_md7134_gate()
perf trace beauty ioctl: Fix off-by-one error in cmd->string table
media: ov9650: add a sanity check
ASoC: es8316: fix headphone mixer volume table
ACPI / CPPC: do not require the _PSD method
sched/cpufreq: Align trace event behavior of fast switching
x86/apic/vector: Warn when vector space exhaustion breaks affinity
arm64: kpti: ensure patched kernel text is fetched from PoU
x86/mm/pti: Do not invoke PTI functions when PTI is disabled
ASoC: fsl_ssi: Fix clock control issue in master mode
x86/mm/pti: Handle unaligned address gracefully in pti_clone_pagetable()
nvmet: fix data units read and written counters in SMART log
nvme-multipath: fix ana log nsid lookup when nsid is not found
ALSA: firewire-motu: add support for MOTU 4pre
iommu/amd: Silence warnings under memory pressure
libata/ahci: Drop PCS quirk for Denverton and beyond
iommu/iova: Avoid false sharing on fq_timer_on
libtraceevent: Change users plugin directory
ARM: dts: exynos: Mark LDO10 as always-on on Peach Pit/Pi Chromebooks
ACPI: custom_method: fix memory leaks
ACPI / PCI: fix acpi_pci_irq_enable() memory leak
closures: fix a race on wakeup from closure_sync
hwmon: (acpi_power_meter) Change log level for 'unsafe software power cap'
md/raid1: fail run raid1 array when active disk less than one
dmaengine: ti: edma: Do not reset reserved paRAM slots
kprobes: Prohibit probing on BUG() and WARN() address
s390/crypto: xts-aes-s390 fix extra run-time crypto self tests finding
x86/cpu: Add Tiger Lake to Intel family
platform/x86: intel_pmc_core: Do not ioremap RAM
ASoC: dmaengine: Make the pcm->name equal to pcm->id if the name is not set
raid5: don't set STRIPE_HANDLE to stripe which is in batch list
mmc: core: Clarify sdio_irq_pending flag for MMC_CAP2_SDIO_IRQ_NOTHREAD
mmc: sdhci: Fix incorrect switch to HS mode
mmc: core: Add helper function to indicate if SDIO IRQs is enabled
mmc: dw_mmc: Re-store SDIO IRQs mask at system resume
raid5: don't increment read_errors on EILSEQ return
libertas: Add missing sentinel at end of if_usb.c fw_table
ALSA: hda - Drop unsol event handler for Intel HDMI codecs
drm/amd/powerplay/smu7: enforce minimal VBITimeout (v2)
media: ttusb-dec: Fix info-leak in ttusb_dec_send_command()
ALSA: hda/realtek - Blacklist PC beep for Lenovo ThinkCentre M73/93
iommu/amd: Override wrong IVRS IOAPIC on Raven Ridge systems
btrfs: extent-tree: Make sure we only allocate extents from block groups with the same type
media: omap3isp: Set device on omap3isp subdevs
PM / devfreq: passive: fix compiler warning
iwlwifi: fw: don't send GEO_TX_POWER_LIMIT command to FW version 36
ALSA: firewire-tascam: handle error code when getting current source of clock
ALSA: firewire-tascam: check intermediate state of clock status and retry
scsi: scsi_dh_rdac: zero cdb in send_mode_select()
scsi: qla2xxx: Fix Relogin to prevent modifying scan_state flag
printk: Do not lose last line in kmsg buffer dump
IB/mlx5: Free mpi in mp_slave mode
IB/hfi1: Define variables as unsigned long to fix KASAN warning
randstruct: Check member structs in is_pure_ops_struct()
Revert "ceph: use ceph_evict_inode to cleanup inode's resource"
ceph: use ceph_evict_inode to cleanup inode's resource
ALSA: hda/realtek - PCI quirk for Medion E4254
blk-mq: add callback of .cleanup_rq
scsi: implement .cleanup_rq callback
powerpc/imc: Dont create debugfs files for cpu-less nodes
fuse: fix missing unlock_page in fuse_writepage()
parisc: Disable HP HSC-PCI Cards to prevent kernel crash
KVM: x86: always stop emulation on page fault
KVM: x86: set ctxt->have_exception in x86_decode_insn()
KVM: x86: Manually calculate reserved bits when loading PDPTRS
media: sn9c20x: Add MSI MS-1039 laptop to flip_dmi_table
media: don't drop front-end reference count for ->detach
binfmt_elf: Do not move brk for INTERP-less ET_EXEC
ASoC: Intel: NHLT: Fix debug print format
ASoC: Intel: Skylake: Use correct function to access iomem space
ASoC: Intel: Fix use of potentially uninitialized variable
ARM: samsung: Fix system restart on S3C6410
ARM: zynq: Use memcpy_toio instead of memcpy on smp bring-up
arm64: tlb: Ensure we execute an ISB following walk cache invalidation
arm64: dts: rockchip: limit clock rate of MMC controllers for RK3328
alarmtimer: Use EOPNOTSUPP instead of ENOTSUPP
regulator: Defer init completion for a while after late_initcall
efifb: BGRT: Improve efifb_bgrt_sanity_check
gfs2: clear buf_in_tr when ending a transaction in sweep_bh_for_rgrps
memcg, oom: don't require __GFP_FS when invoking memcg OOM killer
memcg, kmem: do not fail __GFP_NOFAIL charges
i40e: check __I40E_VF_DISABLE bit in i40e_sync_filters_subtask
block: fix null pointer dereference in blk_mq_rq_timed_out()
smb3: allow disabling requesting leases
ovl: Fix dereferencing possible ERR_PTR()
ovl: filter of trusted xattr results in audit
btrfs: fix allocation of free space cache v1 bitmap pages
Btrfs: fix use-after-free when using the tree modification log
btrfs: Relinquish CPUs in btrfs_compare_trees
btrfs: qgroup: Fix the wrong target io_tree when freeing reserved data space
btrfs: qgroup: Fix reserved data space leak if we have multiple reserve calls
Btrfs: fix race setting up and completing qgroup rescan workers
md/raid6: Set R5_ReadError when there is read failure on parity disk
md: don't report active array_state until after revalidate_disk() completes.
md: only call set_in_sync() when it is expected to succeed.
cfg80211: Purge frame registrations on iftype change
/dev/mem: Bail out upon SIGKILL.
ext4: fix warning inside ext4_convert_unwritten_extents_endio
ext4: fix punch hole for inline_data file systems
quota: fix wrong condition in is_quota_modification()
hwrng: core - don't wait on add_early_randomness()
i2c: riic: Clear NACK in tend isr
CIFS: fix max ea value size
CIFS: Fix oplock handling for SMB 2.1+ protocols
md/raid0: avoid RAID0 data corruption due to layout confusion.
fuse: fix deadlock with aio poll and fuse_iqueue::waitq.lock
mm/compaction.c: clear total_{migrate,free}_scanned before scanning a new zone
drm/amd/display: Restore backlight brightness after system resume
selftests: Update fib_tests to handle missing ping6
vrf: Do not attempt to create IPv6 mcast rule if IPv6 is disabled
net/mlx5e: Fix traffic duplication in ethtool steering
media: vivid:add sanity check to avoid divide error and set value to 1 if 0.
media: vb2: reorder checks in vb2_poll()
media: vivid: work around high stack usage with clang
rcu/tree: Call setschedule() gp ktread to SCHED_FIFO outside of atomic region
arm64: mm: free the initrd reserved memblock in a aligned manner
soc: amlogic: meson-clk-measure: protect measure with a mutex
RAS: Build debugfs.o only when enabled in Kconfig
ASoC: hdac_hda: fix page fault issue by removing race
perf tools: Fix paths in include statements
blk-mq: Fix memory leak in blk_mq_init_allocated_queue error handling
media: i2c: tda1997x: prevent potential NULL pointer access
arm64/efi: Move variable assignments after SECTIONS
ARM: xscale: fix multi-cpu compilation
x86/platform/intel/iosf_mbi Rewrite locking
powerpc/Makefile: Always pass --synthetic to nm if supported
ACPI / APEI: Release resources if gen_pool_add() fails
ARM: at91: move platform-specific asm-offset.h to arch/arm/mach-at91
soc: renesas: rmobile-sysc: Set GENPD_FLAG_ALWAYS_ON for always-on domain
soc: renesas: Enable ARM_ERRATA_754322 for affected Cortex-A9
PM / devfreq: Fix kernel oops on governor module load
media: aspeed-video: address a protential usage of an unitialized var
ASoC: Intel: Haswell: Adjust machine device private context
x86/amd_nb: Add PCI device IDs for family 17h, model 70h
hwmon: (k10temp) Add support for AMD family 17h, model 70h CPUs
block: make rq sector size accessible for block stats
mmc: mtk-sd: Re-store SDIO IRQs mask at system resume
drm: fix module name in edid_firmware log message
zd1211rw: remove false assertion from zd_mac_clear()
btrfs: delayed-inode: Kill the BUG_ON() in btrfs_delete_delayed_dir_index()
kvm: Nested KVM MMUs need PAE root too
ARM: dts: logicpd-torpedo-baseboard: Fix missing video
ARM: omap2plus_defconfig: Fix missing video
ARM: dts: am3517-evm: Fix missing video
rcu/tree: Fix SCHED_FIFO params
fuse: fix beyond-end-of-page access in fuse_parse_cache()
KVM: x86: Disable posted interrupts for non-standard IRQs delivery modes
spi: spi-fsl-dspi: Exit the ISR with IRQ_NONE when it's not ours
iommu/arm-smmu-v3: Disable detection of ATS and PRI
mt76: round up length on mt76_wr_copy
ath10k: fix channel info parsing for non tlv target
block: mq-deadline: Fix queue restart handling
btrfs: adjust dirty_metadata_bytes after writeback failure of extent buffer
SUNRPC: Fix buffer handling of GSS MIC without slack
ACPI / LPSS: Save/restore LPSS private registers also on Lynxpoint
fs: Export generic_fadvise()
mm: Handle MADV_WILLNEED through vfs_fadvise()
xfs: Fix stale data exposure when readahead races with hole punch
ipmi: move message error checking to avoid deadlock
UBUNTU: upstream stable to v4.19.77, v5.2.19

Changed in linux (Ubuntu):
status: New → Confirmed
tags: added: kernel-stable-tracking-bug
description: updated
Changed in linux (Ubuntu Disco):
status: New → In Progress
assignee: nobody → Kamal Mostafa (kamalmostafa)
Changed in linux (Ubuntu Disco):
status: In Progress → Fix Committed
Launchpad Janitor (janitor) wrote :
Download full text (38.6 KiB)

This bug was fixed in the package linux - 5.0.0-35.38

linux (5.0.0-35.38) disco; urgency=medium

  * [REGRESSION] md/raid0: cannot assemble multi-zone RAID0 with default_layout
    setting (LP: #1849682)
    - SAUCE: Fix revert "md/raid0: avoid RAID0 data corruption due to layout

  * refcount underflow and type confusion in shiftfs (LP: #1850867) // CVE-2019-15793
    - SAUCE: shiftfs: Correct id translation for lower fs operations
    - SAUCE: shiftfs: prevent type confusion
    - SAUCE: shiftfs: Fix refcount underflow in btrfs ioctl handling

  * CVE-2018-12207
    - kvm: Convert kvm_lock to a mutex
    - kvm: x86: Do not release the page inside mmu_set_spte()
    - KVM: x86: make FNAME(fetch) and __direct_map more similar
    - KVM: x86: remove now unneeded hugepage gfn adjustment
    - KVM: x86: change kvm_mmu_page_get_gfn BUG_ON to WARN_ON
    - KVM: x86: add tracepoints around __direct_map and FNAME(fetch)
    - kvm: x86, powerpc: do not allow clearing largepages debugfs entry
    - SAUCE: KVM: vmx, svm: always run with EFER.NXE=1 when shadow paging is
    - SAUCE: x86: Add ITLB_MULTIHIT bug infrastructure
    - SAUCE: kvm: mmu: ITLB_MULTIHIT mitigation
    - SAUCE: kvm: Add helper function for creating VM worker threads
    - SAUCE: kvm: x86: mmu: Recovery of shattered NX large pages
    - SAUCE: cpu/speculation: Uninline and export CPU mitigations helpers
    - SAUCE: kvm: x86: mmu: Apply global mitigations knob to ITLB_MULTIHIT

  * CVE-2019-11135
    - KVM: x86: use Intel speculation bugs and features as derived in generic x86
    - x86/msr: Add the IA32_TSX_CTRL MSR
    - x86/cpu: Add a helper function x86_read_arch_cap_msr()
    - x86/cpu: Add a "tsx=" cmdline option with TSX disabled by default
    - x86/speculation/taa: Add mitigation for TSX Async Abort
    - x86/speculation/taa: Add sysfs reporting for TSX Async Abort
    - kvm/x86: Export MDS_NO=0 to guests when TSX is enabled
    - x86/tsx: Add "auto" option to the tsx= cmdline parameter
    - x86/speculation/taa: Add documentation for TSX Async Abort
    - x86/tsx: Add config options to set tsx=on|off|auto
    - SAUCE: x86/speculation/taa: Call tsx_init()
    - [Config] Disable TSX by default when possible

  * CVE-2019-0154
    - SAUCE: drm/i915: Lower RM timeout to avoid DSI hard hangs
    - SAUCE: drm/i915/gen8+: Add RC6 CTX corruption WA

  * CVE-2019-0155
    - SAUCE: drm/i915: Rename gen7 cmdparser tables
    - SAUCE: drm/i915: Disable Secure Batches for gen6+
    - SAUCE: drm/i915: Remove Master tables from cmdparser
    - SAUCE: drm/i915: Add support for mandatory cmdparsing
    - SAUCE: drm/i915: Support ro ppgtt mapped cmdparser shadow buffers
    - SAUCE: drm/i915: Allow parsing of unsized batches
    - SAUCE: drm/i915: Add gen9 BCS cmdparsing
    - SAUCE: drm/i915/cmdparser: Use explicit goto for error paths
    - SAUCE: drm/i915/cmdparser: Add support for backward jumps
    - SAUCE: drm/i915/cmdparser: Ignore Length operands during command matching

linux (5.0.0-34.36) disco; urgency=medium

  * disco/linux: <version to be filled> -proposed tracker (LP: #1850574)

  * [REGRESSION] md/raid0: cannot as...

Changed in linux (Ubuntu Disco):
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers