Bug #1786057 “qeth: don't clobber buffer on async TX completion” : Xenial (16.04) : Bugs : linux package : Ubuntu

bugproxy (bugproxy) on 2018-08-08

tags:	added: architecture-s39064 bugnameltc-170402 severity-high targetmilestone-inin1804
Changed in ubuntu:
assignee:	nobody → Skipper Bug Screeners (skipper-screen-team)
affects:	ubuntu → linux (Ubuntu)

Andrew Cloke (andrew-cloke) on 2018-08-08

Changed in ubuntu-z-systems:
importance:	Undecided → High
assignee:	nobody → Canonical Kernel Team (canonical-kernel-team)
status:	New → Triaged

Joseph Salisbury (jsalisbury) on 2018-08-09

Changed in linux (Ubuntu):
importance:	Undecided → High
status:	New → Triaged
Changed in linux (Ubuntu Xenial):
status:	New → Triaged
Changed in linux (Ubuntu Bionic):
status:	New → Triaged
Changed in linux (Ubuntu Xenial):
importance:	Undecided → High
Changed in linux (Ubuntu Bionic):
importance:	Undecided → High
Changed in linux (Ubuntu Xenial):
assignee:	nobody → Joseph Salisbury (jsalisbury)
Changed in linux (Ubuntu Bionic):
assignee:	nobody → Joseph Salisbury (jsalisbury)
Changed in linux (Ubuntu):
assignee:	Skipper Bug Screeners (skipper-screen-team) → Joseph Salisbury (jsalisbury)
status:	Triaged → In Progress
Changed in linux (Ubuntu Xenial):
status:	Triaged → In Progress
Changed in linux (Ubuntu Bionic):
status:	Triaged → In Progress

Revision history for this message

Joseph Salisbury (jsalisbury) wrote on 2018-08-09:

#1

I built xenial and bionic test kernels, both with commit ce28867fd20c. The test kernels can be downloaded from:
http://kernel.ubuntu.com/~jsalisbury/lp1786057

Can you test these kernels and see if they resolve this bug?

Note about installing test kernels:
* If the test kernel is prior to 4.15(Bionic) you need to install the linux-image and linux-image-extra .deb packages.
* If the test kernel is 4.15(Bionic) or newer, you need to install the linux-modules, linux-modules-extra and linux-image-unsigned .deb packages.

Thanks in advance!

Frank Heimes (fheimes) on 2018-08-09

Changed in ubuntu-z-systems:
status:	Triaged → In Progress

Revision history for this message

bugproxy (bugproxy) wrote on 2018-08-14: Comment bridged from LTC Bugzilla

#2

------- Comment From <email address hidden> 2018-08-14 08:24 EDT-------
Fix was verified upfront via upstream

Revision history for this message

Joseph Salisbury (jsalisbury) wrote on 2018-08-14:

#3

Bionic SRU request submitted:
https://lists.ubuntu.com/archives/kernel-team/2018-August/094678.html

Xenial SRU request submitted:
https://lists.ubuntu.com/archives/kernel-team/2018-August/094681.html

Joseph Salisbury (jsalisbury) on 2018-08-14

description:

updated

Kleber Sacilotto de Souza (kleber-souza) on 2018-08-27

Changed in linux (Ubuntu Xenial):
status:	In Progress → Fix Committed

Frank Heimes (fheimes) on 2018-08-27

Changed in linux (Ubuntu Bionic):
status:	In Progress → Fix Committed
Changed in linux (Ubuntu):
status:	In Progress → Fix Committed
status:	Fix Committed → In Progress

Revision history for this message

Brad Figg (brad-figg) wrote on 2018-08-28:

#4

This bug is awaiting verification that the kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-bionic' to 'verification-done-bionic'. If the problem still exists, change the tag 'verification-needed-bionic' to 'verification-failed-bionic'.

If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you!

tags:

added: verification-needed-bionic

Revision history for this message

Frank Heimes (fheimes) wrote on 2018-08-28:

#5

According to comment #2 fix was verified by IBM-
Setting the tag accordingly ...

tags:

added: verification-done-bionic
removed: verification-needed-bionic

Revision history for this message

Frank Heimes (fheimes) wrote on 2018-08-28:

#6

Since work already started to upgrade the cosmic kernel to 4.18 and the above commit is from 4.18,
I change 'linux (Ubuntu)' to Fix Committed, too.

Changed in linux (Ubuntu):
status:	In Progress → Fix Committed
Changed in ubuntu-z-systems:
status:	In Progress → Fix Committed

Revision history for this message

Brad Figg (brad-figg) wrote on 2018-08-29:

#7

This bug is awaiting verification that the kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-xenial' to 'verification-done-xenial'. If the problem still exists, change the tag 'verification-needed-xenial' to 'verification-failed-xenial'.

If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you!

tags:

added: verification-needed-xenial

Frank Heimes (fheimes) on 2018-08-29

tags:

added: verification-done verification-done-xenial
removed: verification-needed-xenial

Revision history for this message

Launchpad Janitor (janitor) wrote on 2018-09-10:

#8

Download full text (32.9 KiB)

This bug was fixed in the package linux - 4.15.0-34.37

---------------
linux (4.15.0-34.37) bionic; urgency=medium

* linux: 4.15.0-34.37 -proposed tracker (LP: #1788744)

  * Bionic update: upstream stable patchset 2018-08-09 (LP: #1786352)
    - MIPS: c-r4k: Fix data corruption related to cache coherence
    - MIPS: ptrace: Expose FIR register through FP regset
    - MIPS: Fix ptrace(2) PTRACE_PEEKUSR and PTRACE_POKEUSR accesses to o32 FGRs
    - KVM: Fix spelling mistake: "cop_unsuable" -> "cop_unusable"
    - affs_lookup(): close a race with affs_remove_link()
    - fs: don't scan the inode cache before SB_BORN is set
    - aio: fix io_destroy(2) vs. lookup_ioctx() race
    - ALSA: timer: Fix pause event notification
    - do d_instantiate/unlock_new_inode combinations safely
    - mmc: sdhci-iproc: remove hard coded mmc cap 1.8v
    - mmc: sdhci-iproc: fix 32bit writes for TRANSFER_MODE register
    - mmc: sdhci-iproc: add SDHCI_QUIRK2_HOST_OFF_CARD_ON for cygnus
    - libata: Blacklist some Sandisk SSDs for NCQ
    - libata: blacklist Micron 500IT SSD with MU01 firmware
    - xen-swiotlb: fix the check condition for xen_swiotlb_free_coherent
    - drm/vmwgfx: Fix 32-bit VMW_PORT_HB_[IN|OUT] macros
    - arm64: lse: Add early clobbers to some input/output asm operands
    - powerpc/64s: Clear PCR on boot
    - IB/hfi1: Use after free race condition in send context error path
    - IB/umem: Use the correct mm during ib_umem_release
    - idr: fix invalid ptr dereference on item delete
    - Revert "ipc/shm: Fix shmat mmap nil-page protection"
    - ipc/shm: fix shmat() nil address after round-down when remapping
    - mm/kasan: don't vfree() nonexistent vm_area
    - kasan: free allocated shadow memory on MEM_CANCEL_ONLINE
    - kasan: fix memory hotplug during boot
    - kernel/sys.c: fix potential Spectre v1 issue
    - KVM: s390: vsie: fix < 8k check for the itdba
    - KVM: x86: Update cpuid properly when CR4.OSXAVE or CR4.PKE is changed
    - kvm: x86: IA32_ARCH_CAPABILITIES is always supported
    - powerpc/64s: Improve RFI L1-D cache flush fallback
    - powerpc/pseries: Restore default security feature flags on setup
    - powerpc/64s: Fix section mismatch warnings from setup_rfi_flush()
    - MIPS: generic: Fix machine compatible matching
    - mac80211: mesh: fix wrong mesh TTL offset calculation
    - ARC: Fix malformed ARC_EMUL_UNALIGNED default
    - ptr_ring: prevent integer overflow when calculating size
    - arm64: dts: rockchip: fix rock64 gmac2io stability issues
    - arm64: dts: rockchip: correct ep-gpios for rk3399-sapphire
    - libata: Fix compile warning with ATA_DEBUG enabled
    - selftests: sync: missing CFLAGS while compiling
    - selftest/vDSO: fix O=
    - selftests: pstore: Adding config fragment CONFIG_PSTORE_RAM=m
    - selftests: memfd: add config fragment for fuse
    - ARM: OMAP2+: timer: fix a kmemleak caused in omap_get_timer_dt
    - ARM: OMAP3: Fix prm wake interrupt for resume
    - ARM: OMAP2+: Fix sar_base inititalization for HS omaps
    - ARM: OMAP1: clock: Fix debugfs_create_*() usage
    - tls: retrun the correct IV in getsockopt
    - xhci: workaround for AMD Promontory disabled ports w...

This bug was fixed in the package linux - 4.15.0-34.37

---------------
linux (4.15.0-34.37) bionic; urgency=medium

* linux: 4.15.0-34.37 -proposed tracker (LP: #1788744)

* Bionic update: upstream stable patchset 2018-08-09 (LP: #1786352)
    - MIPS: c-r4k: Fix data corruption related to cache coherence
    - MIPS: ptrace: Expose FIR register through FP regset
    - MIPS: Fix ptrace(2) PTRACE_PEEKUSR and PTRACE_POKEUSR accesses to o32 FGRs
    - KVM: Fix spelling mistake: "cop_unsuable" -> "cop_unusable"
    - affs_lookup(): close a race with affs_remove_link()
    - fs: don't scan the inode cache before SB_BORN is set
    - aio: fix io_destroy(2) vs. lookup_ioctx() race
    - ALSA: timer: Fix pause event notification
    - do d_instantiate/unlock_new_inode combinations safely
    - mmc: sdhci-iproc: remove hard coded mmc cap 1.8v
    - mmc: sdhci-iproc: fix 32bit writes for TRANSFER_MODE register
    - mmc: sdhci-iproc: add SDHCI_QUIRK2_HOST_OFF_CARD_ON for cygnus
    - libata: Blacklist some Sandisk SSDs for NCQ
    - libata: blacklist Micron 500IT SSD with MU01 firmware
    - xen-swiotlb: fix the check condition for xen_swiotlb_free_coherent
    - drm/vmwgfx: Fix 32-bit VMW_PORT_HB_[IN|OUT] macros
    - arm64: lse: Add early clobbers to some input/output asm operands
    - powerpc/64s: Clear PCR on boot
    - IB/hfi1: Use after free race condition in send context error path
    - IB/umem: Use the correct mm during ib_umem_release
    - idr: fix invalid ptr dereference on item delete
    - Revert "ipc/shm: Fix shmat mmap nil-page protection"
    - ipc/shm: fix shmat() nil address after round-down when remapping
    - mm/kasan: don't vfree() nonexistent vm_area
    - kasan: free allocated shadow memory on MEM_CANCEL_ONLINE
    - kasan: fix memory hotplug during boot
    - kernel/sys.c: fix potential Spectre v1 issue
    - KVM: s390: vsie: fix < 8k check for the itdba
    - KVM: x86: Update cpuid properly when CR4.OSXAVE or CR4.PKE is changed
    - kvm: x86: IA32_ARCH_CAPABILITIES is always supported
    - powerpc/64s: Improve RFI L1-D cache flush fallback
    - powerpc/pseries: Restore default security feature flags on setup
    - powerpc/64s: Fix section mismatch warnings from setup_rfi_flush()
    - MIPS: generic: Fix machine compatible matching
    - mac80211: mesh: fix wrong mesh TTL offset calculation
    - ARC: Fix malformed ARC_EMUL_UNALIGNED default
    - ptr_ring: prevent integer overflow when calculating size
    - arm64: dts: rockchip: fix rock64 gmac2io stability issues
    - arm64: dts: rockchip: correct ep-gpios for rk3399-sapphire
    - libata: Fix compile warning with ATA_DEBUG enabled
    - selftests: sync: missing CFLAGS while compiling
    - selftest/vDSO: fix O=
    - selftests: pstore: Adding config fragment CONFIG_PSTORE_RAM=m
    - selftests: memfd: add config fragment for fuse
    - ARM: OMAP2+: timer: fix a kmemleak caused in omap_get_timer_dt
    - ARM: OMAP3: Fix prm wake interrupt for resume
    - ARM: OMAP2+: Fix sar_base inititalization for HS omaps
    - ARM: OMAP1: clock: Fix debugfs_create_*() usage
    - tls: retrun the correct IV in getsockopt
    - xhci: workaround for AMD Promontory disabled ports wakeup
    - IB/uverbs: Fix method merging in uverbs_ioctl_merge
    - IB/uverbs: Fix possible oops with duplicate ioctl attributes
    - IB/uverbs: Fix unbalanced unlock on error path for rdma_explicit_destroy
    - arm64: dts: rockchip: Fix DWMMC clocks
    - ARM: dts: rockchip: Fix DWMMC clocks
    - iwlwifi: mvm: fix security bug in PN checking
    - iwlwifi: mvm: fix IBSS for devices that support station type API
    - iwlwifi: mvm: always init rs with 20mhz bandwidth rates
    - NFC: llcp: Limit size of SDP URI
    - rxrpc: Work around usercopy check
    - MD: Free bioset when md_run fails
    - md: fix md_write_start() deadlock w/o metadata devices
    - s390/dasd: fix handling of internal requests
    - xfrm: do not call rcu_read_unlock when afinfo is NULL in xfrm_get_tos
    - mac80211: round IEEE80211_TX_STATUS_HEADROOM up to multiple of 4
    - mac80211: fix a possible leak of station stats
    - mac80211: fix calling sleeping function in atomic context
    - cfg80211: clear wep keys after disconnection
    - mac80211: Do not disconnect on invalid operating class
    - mac80211: Fix sending ADDBA response for an ongoing session
    - gpu: ipu-v3: pre: fix device node leak in ipu_pre_lookup_by_phandle
    - gpu: ipu-v3: prg: fix device node leak in ipu_prg_lookup_by_phandle
    - md raid10: fix NULL deference in handle_write_completed()
    - drm/exynos: g2d: use monotonic timestamps
    - drm/exynos: fix comparison to bitshift when dealing with a mask
    - drm/meson: fix vsync buffer update
    - arm64: perf: correct PMUVer probing
    - RDMA/bnxt_re: Unpin SQ and RQ memory if QP create fails
    - RDMA/bnxt_re: Fix system crash during load/unload
    - net/mlx5e: Return error if prio is specified when offloading eswitch vlan
      push
    - locking/xchg/alpha: Add unconditional memory barrier to cmpxchg()
    - md: raid5: avoid string overflow warning
    - virtio_net: fix XDP code path in receive_small()
    - kernel/relay.c: limit kmalloc size to KMALLOC_MAX_SIZE
    - bug.h: work around GCC PR82365 in BUG()
    - selftests/memfd: add run_fuse_test.sh to TEST_FILES
    - seccomp: add a selftest for get_metadata
    - soc: imx: gpc: de-register power domains only if initialized
    - powerpc/bpf/jit: Fix 32-bit JIT for seccomp_data access
    - s390/cio: fix ccw_device_start_timeout API
    - s390/cio: fix return code after missing interrupt
    - s390/cio: clear timer when terminating driver I/O
    - selftests/bpf/test_maps: exit child process without error in ENOMEM case
    - PKCS#7: fix direct verification of SignerInfo signature
    - arm64: dts: cavium: fix PCI bus dtc warnings
    - nfs: system crashes after NFS4ERR_MOVED recovery
    - ARM: OMAP: Fix dmtimer init for omap1
    - smsc75xx: fix smsc75xx_set_features()
    - regulatory: add NUL to request alpha2
    - integrity/security: fix digsig.c build error with header file
    - x86/intel_rdt: Fix incorrect returned value when creating rdgroup sub-
      directory in resctrl file system
    - locking/xchg/alpha: Fix xchg() and cmpxchg() memory ordering bugs
    - x86/topology: Update the 'cpu cores' field in /proc/cpuinfo correctly across
      CPU hotplug operations
    - mac80211: drop frames with unexpected DS bits from fast-rx to slow path
    - arm64: fix unwind_frame() for filtered out fn for function graph tracing
    - macvlan: fix use-after-free in macvlan_common_newlink()
    - KVM: nVMX: Don't halt vcpu when L1 is injecting events to L2
    - kvm: fix warning for CONFIG_HAVE_KVM_EVENTFD builds
    - ARM: dts: imx6dl: Include correct dtsi file for Engicam i.CoreM6
      DualLite/Solo RQS
    - fs: dcache: Avoid livelock between d_alloc_parallel and __d_add
    - fs: dcache: Use READ_ONCE when accessing i_dir_seq
    - md: fix a potential deadlock of raid5/raid10 reshape
    - md/raid1: fix NULL pointer dereference
    - batman-adv: fix packet checksum in receive path
    - batman-adv: invalidate checksum on fragment reassembly
    - netfilter: ipt_CLUSTERIP: put config struct if we can't increment ct
      refcount
    - netfilter: ipt_CLUSTERIP: put config instead of freeing it
    - netfilter: ebtables: convert BUG_ONs to WARN_ONs
    - batman-adv: Ignore invalid batadv_iv_gw during netlink send
    - batman-adv: Ignore invalid batadv_v_gw during netlink send
    - batman-adv: Fix netlink dumping of BLA claims
    - batman-adv: Fix netlink dumping of BLA backbones
    - nvme-pci: Fix nvme queue cleanup if IRQ setup fails
    - clocksource/drivers/fsl_ftm_timer: Fix error return checking
    - libceph, ceph: avoid memory leak when specifying same option several times
    - ceph: fix dentry leak when failing to init debugfs
    - xen/pvcalls: fix null pointer dereference on map->sock
    - ARM: orion5x: Revert commit 4904dbda41c8.
    - qrtr: add MODULE_ALIAS macro to smd
    - selftests/futex: Fix line continuation in Makefile
    - r8152: fix tx packets accounting
    - virtio-gpu: fix ioctl and expose the fixed status to userspace.
    - dmaengine: rcar-dmac: fix max_chunk_size for R-Car Gen3
    - bcache: fix kcrashes with fio in RAID5 backend dev
    - ip_gre: fix IFLA_MTU ignored on NEWLINK
    - ip6_tunnel: fix IFLA_MTU ignored on NEWLINK
    - sit: fix IFLA_MTU ignored on NEWLINK
    - nbd: fix return value in error handling path
    - ARM: dts: NSP: Fix amount of RAM on BCM958625HR
    - ARM: dts: bcm283x: Fix unit address of local_intc
    - powerpc/boot: Fix random libfdt related build errors
    - clocksource/drivers/mips-gic-timer: Use correct shift count to extract data
    - gianfar: Fix Rx byte accounting for ndev stats
    - net/tcp/illinois: replace broken algorithm reference link
    - nvmet: fix PSDT field check in command format
    - net/smc: use link_id of server in confirm link reply
    - mlxsw: core: Fix flex keys scratchpad offset conflict
    - mlxsw: spectrum: Treat IPv6 unregistered multicast as broadcast
    - spectrum: Reference count VLAN entries
    - ARC: mcip: halt GFRC counter when ARC cores halt
    - ARC: mcip: update MCIP debug mask when the new cpu came online
    - ARC: setup cpu possible mask according to possible-cpus dts property
    - ipvs: remove IPS_NAT_MASK check to fix passive FTP
    - IB/mlx: Set slid to zero in Ethernet completion struct
    - RDMA/bnxt_re: Unconditionly fence non wire memory operations
    - RDMA/bnxt_re: Fix incorrect DB offset calculation
    - RDMA/bnxt_re: Fix the ib_reg failure cleanup
    - xen/pirq: fix error path cleanup when binding MSIs
    - drm/amd/amdgpu: Correct VRAM width for APUs with GMC9
    - xfrm: Fix ESN sequence number handling for IPsec GSO packets.
    - arm64: dts: rockchip: Fix rk3399-gru-* s2r (pinctrl hogs, wifi reset)
    - drm/sun4i: Fix dclk_set_phase
    - btrfs: use kvzalloc to allocate btrfs_fs_info
    - Btrfs: send, fix issuing write op when processing hole in no data mode
    - Btrfs: fix log replay failure after linking special file and fsync
    - ceph: fix potential memory leak in init_caches()
    - block: display the correct diskname for bio
    - selftests/powerpc: Skip the subpage_prot tests if the syscall is unavailable
    - net: ethtool: don't ignore return from driver get_fecparam method
    - iwlwifi: mvm: fix TX of CCMP 256
    - iwlwifi: mvm: Fix channel switch for count 0 and 1
    - iwlwifi: mvm: fix assert 0x2B00 on older FWs
    - iwlwifi: avoid collecting firmware dump if not loaded
    - iwlwifi: mvm: Direct multicast frames to the correct station
    - iwlwifi: mvm: Correctly set the tid for mcast queue
    - rds: Incorrect reference counting in TCP socket creation
    - watchdog: f71808e_wdt: Fix magic close handling
    - batman-adv: Fix multicast packet loss with a single WANT_ALL_IPV4/6 flag
    - hv_netvsc: use napi_schedule_irqoff
    - hv_netvsc: filter multicast/broadcast
    - hv_netvsc: propagate rx filters to VF
    - ARM: dts: rockchip: Add missing #sound-dai-cells on rk3288
    - e1000e: Fix check_for_link return value with autoneg off
    - e1000e: allocate ring descriptors with dma_zalloc_coherent
    - ia64/err-inject: Use get_user_pages_fast()
    - RDMA/qedr: Fix kernel panic when running fio over NFSoRDMA
    - RDMA/qedr: Fix iWARP write and send with immediate
    - IB/mlx4: Fix corruption of RoCEv2 IPv4 GIDs
    - IB/mlx4: Include GID type when deleting GIDs from HW table under RoCE
    - IB/mlx5: Fix an error code in __mlx5_ib_modify_qp()
    - fbdev: Fixing arbitrary kernel leak in case FBIOGETCMAP_SPARC in
      sbusfb_ioctl_helper().
    - fsl/fman: avoid sleeping in atomic context while adding an address
    - qed: Free RoCE ILT Memory on rmmod qedr
    - net: qcom/emac: Use proper free methods during TX
    - net: smsc911x: Fix unload crash when link is up
    - IB/core: Fix possible crash to access NULL netdev
    - cxgb4: do not set needs_free_netdev for mgmt dev's
    - xen-blkfront: move negotiate_mq to cover all cases of new VBDs
    - xen: xenbus: use put_device() instead of kfree()
    - hv_netvsc: fix filter flags
    - hv_netvsc: fix locking for rx_mode
    - hv_netvsc: fix locking during VF setup
    - ARM: davinci: fix the GPIO lookup for omapl138-hawk
    - arm64: Relax ARM_SMCCC_ARCH_WORKAROUND_1 discovery
    - selftests/vm/run_vmtests: adjust hugetlb size according to nr_cpus
    - lib/test_kmod.c: fix limit check on number of test devices created
    - dmaengine: mv_xor_v2: Fix clock resource by adding a register clock
    - netfilter: ebtables: fix erroneous reject of last rule
    - can: m_can: change comparison to bitshift when dealing with a mask
    - can: m_can: select pinctrl state in each suspend/resume function
    - bnxt_en: Check valid VNIC ID in bnxt_hwrm_vnic_set_tpa().
    - workqueue: use put_device() instead of kfree()
    - ipv4: lock mtu in fnhe when received PMTU < net.ipv4.route.min_pmtu
    - sunvnet: does not support GSO for sctp
    - KVM: arm/arm64: vgic: Add missing irq_lock to vgic_mmio_read_pending
    - gpu: ipu-v3: prg: avoid possible array underflow
    - drm/imx: move arming of the vblank event to atomic_flush
    - drm/nouveau/bl: fix backlight regression
    - xfrm: fix rcu_read_unlock usage in xfrm_local_error
    - iwlwifi: mvm: set the correct tid when we flush the MCAST sta
    - iwlwifi: mvm: Correctly set IGTK for AP
    - iwlwifi: mvm: fix error checking for multi/broadcast sta
    - net: Fix vlan untag for bridge and vlan_dev with reorder_hdr off
    - vlan: Fix out of order vlan headers with reorder header off
    - batman-adv: fix header size check in batadv_dbg_arp()
    - batman-adv: Fix skbuff rcsum on packet reroute
    - vti4: Don't count header length twice on tunnel setup
    - ip_tunnel: Clamp MTU to bounds on new link
    - vti6: Fix dev->max_mtu setting
    - iwlwifi: mvm: Increase session protection time after CS
    - iwlwifi: mvm: clear tx queue id when unreserving aggregation queue
    - iwlwifi: mvm: make sure internal station has a valid id
    - iwlwifi: mvm: fix array out of bounds reference
    - drm/tegra: Shutdown on driver unbind
    - perf/cgroup: Fix child event counting bug
    - brcmfmac: Fix check for ISO3166 code
    - kbuild: make scripts/adjust_autoksyms.sh robust against timestamp races
    - RDMA/ucma: Correct option size check using optlen
    - RDMA/qedr: fix QP's ack timeout configuration
    - RDMA/qedr: Fix rc initialization on CNQ allocation failure
    - RDMA/qedr: Fix QP state initialization race
    - net/sched: fix idr leak on the error path of tcf_bpf_init()
    - net/sched: fix idr leak in the error path of tcf_simp_init()
    - net/sched: fix idr leak in the error path of tcf_act_police_init()
    - net/sched: fix idr leak in the error path of tcp_pedit_init()
    - net/sched: fix idr leak in the error path of __tcf_ipt_init()
    - net/sched: fix idr leak in the error path of tcf_skbmod_init()
    - net: dsa: Fix functional dsa-loop dependency on FIXED_PHY
    - drm/ast: Fixed 1280x800 Display Issue
    - mm/mempolicy.c: avoid use uninitialized preferred_node
    - mm, thp: do not cause memcg oom for thp
    - xfrm: Fix transport mode skb control buffer usage.
    - selftests: ftrace: Add probe event argument syntax testcase
    - selftests: ftrace: Add a testcase for string type with kprobe_event
    - selftests: ftrace: Add a testcase for probepoint
    - drm/amdkfd: Fix scratch memory with HWS enabled
    - batman-adv: fix multicast-via-unicast transmission with AP isolation
    - batman-adv: fix packet loss for broadcasted DHCP packets to a server
    - ARM: 8748/1: mm: Define vdso_start, vdso_end as array
    - lan78xx: Set ASD in MAC_CR when EEE is enabled.
    - net: qmi_wwan: add BroadMobi BM806U 2020:2033
    - bonding: fix the err path for dev hwaddr sync in bond_enslave
    - net: dsa: mt7530: fix module autoloading for OF platform drivers
    - net/mlx5: Make eswitch support to depend on switchdev
    - perf/x86/intel: Fix linear IP of PEBS real_ip on Haswell and later CPUs
    - x86/alternatives: Fixup alternative_call_2
    - llc: properly handle dev_queue_xmit() return value
    - builddeb: Fix header package regarding dtc source links
    - qede: Fix barrier usage after tx doorbell write.
    - mm, slab: memcg_link the SLAB's kmem_cache
    - mm/page_owner: fix recursion bug after changing skip entries
    - mm/kmemleak.c: wait for scan completion before disabling free
    - hv_netvsc: enable multicast if necessary
    - qede: Do not drop rx-checksum invalidated packets.
    - net: Fix untag for vlan packets without ethernet header
    - vlan: Fix vlan insertion for packets without ethernet header
    - net: mvneta: fix enable of all initialized RXQs
    - sh: fix debug trap failure to process signals before return to user
    - firmware: dmi_scan: Fix UUID length safety check
    - nvme: don't send keep-alives to the discovery controller
    - Btrfs: clean up resources during umount after trans is aborted
    - Btrfs: fix loss of prealloc extents past i_size after fsync log replay
    - x86/pgtable: Don't set huge PUD/PMD on non-leaf entries
    - fs/proc/proc_sysctl.c: fix potential page fault while unregistering sysctl
      table
    - swap: divide-by-zero when zero length swap file on ssd
    - z3fold: fix memory leak
    - sr: get/drop reference to device in revalidate and check_events
    - Force log to disk before reading the AGF during a fstrim
    - cpufreq: CPPC: Initialize shared perf capabilities of CPUs
    - powerpc/fscr: Enable interrupts earlier before calling get_user()
    - perf tools: Fix perf builds with clang support
    - perf clang: Add support for recent clang versions
    - dp83640: Ensure against premature access to PHY registers after reset
    - ibmvnic: Zero used TX descriptor counter on reset
    - mm/ksm: fix interaction with THP
    - mm: fix races between address_space dereference and free in page_evicatable
    - mm: thp: fix potential clearing to referenced flag in
      page_idle_clear_pte_refs_one()
    - Btrfs: bail out on error during replay_dir_deletes
    - Btrfs: fix NULL pointer dereference in log_dir_items
    - btrfs: Fix possible softlock on single core machines
    - IB/rxe: Fix for oops in rxe_register_device on ppc64le arch
    - ocfs2/dlm: don't handle migrate lockres if already in shutdown
    - powerpc/64s/idle: Fix restore of AMOR on POWER9 after deep sleep
    - sched/rt: Fix rq->clock_update_flags < RQCF_ACT_SKIP warning
    - x86/mm: Fix bogus warning during EFI bootup, use boot_cpu_has() instead of
      this_cpu_has() in build_cr3_noflush()
    - KVM: VMX: raise internal error for exception during invalid protected mode
      state
    - lan78xx: Connect phy early
    - sparc64: Make atomic_xchg() an inline function rather than a macro.
    - net: bgmac: Fix endian access in bgmac_dma_tx_ring_free()
    - net: bgmac: Correctly annotate register space
    - btrfs: tests/qgroup: Fix wrong tree backref level
    - Btrfs: fix copy_items() return value when logging an inode
    - btrfs: fix lockdep splat in btrfs_alloc_subvolume_writers
    - btrfs: qgroup: Fix root item corruption when multiple same source snapshots
      are created with quota enabled
    - rxrpc: Fix Tx ring annotation after initial Tx failure
    - rxrpc: Don't treat call aborts as conn aborts
    - xen/acpi: off by one in read_acpi_id()
    - drivers: macintosh: rack-meter: really fix bogus memsets
    - ACPI: acpi_pad: Fix memory leak in power saving threads
    - powerpc/mpic: Check if cpu_possible() in mpic_physmask()
    - ieee802154: ca8210: fix uninitialised data read
    - ath10k: advertize beacon_int_min_gcd
    - iommu/amd: Take into account that alloc_dev_data() may return NULL
    - intel_th: Use correct method of finding hub
    - m68k: set dma and coherent masks for platform FEC ethernets
    - iwlwifi: mvm: check if mac80211_queue is valid in iwl_mvm_disable_txq
    - parisc/pci: Switch LBA PCI bus from Hard Fail to Soft Fail mode
    - hwmon: (nct6775) Fix writing pwmX_mode
    - powerpc/perf: Prevent kernel address leak to userspace via BHRB buffer
    - powerpc/perf: Fix kernel address leak via sampling registers
    - rsi: fix kernel panic observed on 64bit machine
    - tools/thermal: tmon: fix for segfault
    - selftests: Print the test we're running to /dev/kmsg
    - net/mlx5: Protect from command bit overflow
    - watchdog: davinci_wdt: fix error handling in davinci_wdt_probe()
    - ath10k: Fix kernel panic while using worker (ath10k_sta_rc_update_wk)
    - nvme-pci: disable APST for Samsung NVMe SSD 960 EVO + ASUS PRIME Z370-A
    - ath9k: fix crash in spectral scan
    - cxgb4: Setup FW queues before registering netdev
    - ima: Fix Kconfig to select TPM 2.0 CRB interface
    - ima: Fallback to the builtin hash algorithm
    - watchdog: aspeed: Allow configuring for alternate boot
    - arm: dts: socfpga: fix GIC PPI warning
    - ext4: don't complain about incorrect features when probing
    - drm/vmwgfx: Unpin the screen object backup buffer when not used
    - iommu/mediatek: Fix protect memory setting
    - cpufreq: cppc_cpufreq: Fix cppc_cpufreq_init() failure path
    - IB/mlx5: Set the default active rate and width to QDR and 4X
    - zorro: Set up z->dev.dma_mask for the DMA API
    - bcache: quit dc->writeback_thread when BCACHE_DEV_DETACHING is set
    - remoteproc: imx_rproc: Fix an error handling path in 'imx_rproc_probe()'
    - dt-bindings: add device tree binding for Allwinner H6 main CCU
    - ACPICA: Events: add a return on failure from acpi_hw_register_read
    - ACPICA: Fix memory leak on unusual memory leak
    - ACPICA: acpi: acpica: fix acpi operand cache leak in nseval.c
    - cxgb4: Fix queue free path of ULD drivers
    - i2c: mv64xxx: Apply errata delay only in standard mode
    - KVM: lapic: stop advertising DIRECTED_EOI when in-kernel IOAPIC is in use
    - perf top: Fix top.call-graph config option reading
    - perf stat: Fix core dump when flag T is used
    - IB/core: Honor port_num while resolving GID for IB link layer
    - drm/amdkfd: add missing include of mm.h
    - coresight: Use %px to print pcsr instead of %p
    - regulator: gpio: Fix some error handling paths in 'gpio_regulator_probe()'
    - spi: bcm-qspi: fIX some error handling paths
    - net/smc: pay attention to MAX_ORDER for CQ entries
    - MIPS: ath79: Fix AR724X_PLL_REG_PCIE_CONFIG offset
    - watchdog: dw: RMW the control register
    - watchdog: aspeed: Fix translation of reset mode to ctrl register
    - drm/meson: Fix some error handling paths in 'meson_drv_bind_master()'
    - drm/meson: Fix an un-handled error path in 'meson_drv_bind_master()'
    - powerpc: Add missing prototype for arch_irq_work_raise()
    - f2fs: fix to set KEEP_SIZE bit in f2fs_zero_range
    - f2fs: fix to clear CP_TRIMMED_FLAG
    - f2fs: fix to check extent cache in f2fs_drop_extent_tree
    - perf/core: Fix installing cgroup events on CPU
    - max17042: propagate of_node to power supply device
    - perf/core: Fix perf_output_read_group()
    - drm/panel: simple: Fix the bus format for the Ontat panel
    - hwmon: (pmbus/max8688) Accept negative page register values
    - hwmon: (pmbus/adm1275) Accept negative page register values
    - perf/x86/intel: Properly save/restore the PMU state in the NMI handler
    - cdrom: do not call check_disk_change() inside cdrom_open()
    - efi/arm*: Only register page tables when they exist
    - perf/x86/intel: Fix large period handling on Broadwell CPUs
    - perf/x86/intel: Fix event update for auto-reload
    - arm64: dts: qcom: Fix SPI5 config on MSM8996
    - soc: qcom: wcnss_ctrl: Fix increment in NV upload
    - gfs2: Fix fallocate chunk size
    - x86/devicetree: Initialize device tree before using it
    - x86/devicetree: Fix device IRQ settings in DT
    - phy: rockchip-emmc: retry calpad busy trimming
    - ALSA: vmaster: Propagate slave error
    - phy: qcom-qmp: Fix phy pipe clock gating
    - drm/bridge: sii902x: Retry status read after DDI I2C
    - tools: hv: fix compiler warnings about major/target_fname
    - block: null_blk: fix 'Invalid parameters' when loading module
    - dmaengine: pl330: fix a race condition in case of threaded irqs
    - dmaengine: rcar-dmac: Check the done lists in rcar_dmac_chan_get_residue()
    - enic: enable rq before updating rq descriptors
    - watchdog: asm9260_wdt: fix error handling in asm9260_wdt_probe()
    - hwrng: stm32 - add reset during probe
    - pinctrl: devicetree: Fix dt_to_map_one_config handling of hogs
    - pinctrl: artpec6: dt: add missing pin group uart5nocts
    - vfio-ccw: fence off transport mode
    - dmaengine: qcom: bam_dma: get num-channels and num-ees from dt
    - drm: omapdrm: dss: Move initialization code from component bind to probe
    - ARM: dts: dra71-evm: Correct evm_sd regulator max voltage
    - drm/amdgpu: disable GFX ring and disable PQ wptr in hw_fini
    - drm/amdgpu: adjust timeout for ib_ring_tests(v2)
    - net: stmmac: ensure that the device has released ownership before reading
      data
    - net: stmmac: ensure that the MSS desc is the last desc to set the own bit
    - cpufreq: Reorder cpufreq_online() error code path
    - dpaa_eth: fix SG mapping
    - PCI: Add function 1 DMA alias quirk for Marvell 88SE9220
    - udf: Provide saner default for invalid uid / gid
    - ixgbe: prevent ptp_rx_hang from running when in FILTER_ALL mode
    - sh_eth: fix TSU init on SH7734/R8A7740
    - power: supply: ltc2941-battery-gauge: Fix temperature units
    - ARM: dts: bcm283x: Fix probing of bcm2835-i2s
    - ARM: dts: bcm283x: Fix pin function of JTAG pins
    - PCMCIA / PM: Avoid noirq suspend aborts during suspend-to-idle
    - audit: return on memory error to avoid null pointer dereference
    - net: stmmac: call correct function in stmmac_mac_config_rx_queues_routing()
    - rcu: Call touch_nmi_watchdog() while printing stall warnings
    - pinctrl: sh-pfc: r8a7796: Fix MOD_SEL register pin assignment for SSI pins
      group
    - dpaa_eth: fix pause capability advertisement logic
    - MIPS: Octeon: Fix logging messages with spurious periods after newlines
    - drm/rockchip: Respect page offset for PRIME mmap calls
    - x86/apic: Set up through-local-APIC mode on the boot CPU if 'noapic'
      specified
    - perf test: Fix test case inet_pton to accept inlines.
    - perf report: Fix wrong jump arrow
    - perf tests: Use arch__compare_symbol_names to compare symbols
    - perf report: Fix memory corruption in --branch-history mode --branch-history
    - perf tests: Fix dwarf unwind for stripped binaries
    - selftests/net: fixes psock_fanout eBPF test case
    - netlabel: If PF_INET6, check sk_buff ip header version
    - drm: rcar-du: lvds: Fix LVDS startup on R-Car Gen3
    - drm: rcar-du: lvds: Fix LVDS startup on R-Car Gen2
    - ARM: dts: at91: tse850: use the correct compatible for the eeprom
    - regmap: Correct comparison in regmap_cached
    - i40e: Add delay after EMP reset for firmware to recover
    - ARM: dts: imx7d: cl-som-imx7: fix pinctrl_enet
    - ARM: dts: porter: Fix HDMI output routing
    - regulator: of: Add a missing 'of_node_put()' in an error handling path of
      'of_regulator_match()'
    - pinctrl: mcp23s08: spi: Fix regmap debugfs entries
    - kdb: make "mdr" command repeat
    - drm/vmwgfx: Set dmabuf_size when vmw_dmabuf_init is successful
    - perf tools: Add trace/beauty/generated/ into .gitignore
    - tools: sync up .h files with the repective arch and uapi .h files
    - MIPS: xilfpga: Stop generating useless dtb.o
    - MIPS: xilfpga: Actually include FDT in fitImage
    - MIPS: Fix build with DEBUG_ZBOOT and MACH_JZ4770
    - fix breakage caused by d_find_alias() semantics change
    - Btrfs: fix error handling in btrfs_truncate()
    - mmc: block: propagate correct returned value in mmc_rpmb_ioctl
    - arm64: export tishift functions to modules
    - bcma: fix buffer size caused crash in bcma_core_mips_print_irq()
    - PM / core: Fix direct_complete handling for devices with no callbacks
    - ARM: dts: sun4i: Fix incorrect clocks for displays
    - bnxt_en: Ignore src port field in decap filter nodes
    - kasan, slub: fix handling of kasan_slab_free hook
    - riscv/spinlock: Strengthen implementations with fences
    - platform/x86: dell-smbios: Fix memory leaks in build_tokens_sysfs()
    - rxrpc: Fix resend event time calculation
    - i40e: hold the RTNL lock while changing interrupt schemes
    - hv_netvsc: Fix the return status in RX path
    - firmware: fix checking for return values for fw_add_devm_name()
    - bcache: set writeback_rate_update_seconds in range [1, 60] seconds
    - bcache: fix cached_dev->count usage for bch_cache_set_error()
    - bcache: stop dc->writeback_rate_update properly
    - ibmvnic: Fix reset return from closed state
    - powerpc/vas: Fix cleanup when VAS is not configured
    - f2fs: flush cp pack except cp pack 2 page at first
    - drm/amdgpu: Clean sdma wptr register when only enable wptr polling
    - powerpc/mm/slice: Remove intermediate bitmap copy
    - powerpc/mm/slice: create header files dedicated to slices
    - powerpc/mm/slice: Enhance for supporting PPC32
    - powerpc/mm/slice: Fix hugepage allocation at hint address on 8xx
    - ibmvnic: Allocate statistics buffers during probe
    - dt-bindings: display: msm/dsi: Fix the PHY regulator supply props
    - drm/amd/display: Set vsc pack revision when DPCD revision is >= 1.2
    - soc: renesas: r8a77970-sysc: fix power area parents
    - drm/vblank: Data type fixes for 64-bit vblank sequences.
    - selftests: Add FIB onlink tests
    - soc: amlogic: meson-gx-pwrc-vpu: fix error on shutdown when domain is
      powered off

* arm-smmu-v3 arm-smmu-v3.1.auto: failed to allocate MSIs (LP: #1785282)
    - ACPICA: iasl: Add SMMUv3 device ID mapping index support
    - ACPI/IORT: Remove temporary iort_get_id_mapping_index() ACPICA guard

* Driver iwlwifi for Intel Wireless-AC 9560 is slow and unreliable in kernel
    4.15.0-20-generic (LP: #1772467)
    - scsi: hpsa: disable device during shutdown

* [Bionic] i2c: xlp9xx: Add SMBAlert support  (LP: #1786981)
    - i2c: xlp9xx: Add support for SMBAlert

* qeth: don't clobber buffer on async TX completion (LP: #1786057)
    - s390/qeth: don't clobber buffer on async TX completion

* Linux 4.15.0-23 crashes during the boot process with a "Unable to handle
    kernel NULL pointer dereference" message (LP: #1777338)
    - x86/xen: Add call of speculative_store_bypass_ht_init() to PV paths

* ThinkPad systems have no HDMI sound when using the nvidia GPU (LP: #1787058)
    - ACPI / OSI: Add OEM _OSI string to enable NVidia HDMI audio

* [Bionic] i2c: xlp9xx: Fix case where SSIF read transaction completes early
    (LP: #1787240)
    - i2c: xlp9xx: Fix case where SSIF read transaction completes early

* [Bionic] integrate upstream fix for Cavium zram driver (LP: #1787469)
    - Revert "UBUNTU: SAUCE: crypto: thunderx_zip: Fix fallout from
      CONFIG_VMAP_STACK"
    - crypto: cavium - Fix fallout from CONFIG_VMAP_STACK
    - crypto: cavium - Limit result reading attempts
    - crypto: cavium - Prevent division by zero
    - crypto: cavium - Fix statistics pending request value
    - crypto: cavium - Fix smp_processor_id() warnings

* Bugfix for handling of shadow doorbell buffer (LP: #1788222)
    - nvme-pci: add a memory barrier to nvme_dbbuf_update_and_check_event

* nvme devices namespace assigned to the wrong controller (LP: #1789227)
    - nvme/multipath: Fix multipath disabled naming collisions

* linux-cloud-tools-common: Ensure hv-kvp-daemon.service starts before
    walinuxagent.service (LP: #1739107)
    - [Debian] hyper-v -- Ensure that hv-kvp-daemon.service starts before
      walinuxagent.service

* hinic interfaces aren't getting predictable names (LP: #1783138)
    - hinic: Link the logical network device to the pci device in sysfs

* Suspend fails in Ubuntu and Kubuntu 18.04 but works fine in Ubuntu and
    Kubuntu 17.10 (and on Kubuntu 18.04 using kernel 4.14.47) (LP: #1774950)
    - ACPI / LPSS: Avoid PM quirks on suspend and resume from S3
    - ACPI / LPSS: Avoid PM quirks on suspend and resume from hibernation

* [Bionic] Bluetooth: Support RTL8723D and RTL8821C Devices (LP: #1784835)
    - Bluetooth: btrtl: Add RTL8723D and RTL8821C devices

* CacheFiles: Error: Overlong wait for old active object to go away.
    (LP: #1776254)
    - cachefiles: Fix missing clear of the CACHEFILES_OBJECT_ACTIVE flag
    - cachefiles: Wait rather than BUG'ing on "Unexpected object collision"

* fscache cookie refcount updated incorrectly during fscache object allocation
    (LP: #1776277) // fscache cookie refcount updated incorrectly during fscache
    object allocation (LP: #1776277)
    - fscache: Fix reference overput in fscache_attach_object() error handling

* FS-Cache: Assertion failed: FS-Cache: 6 == 5 is false (LP: #1774336)
    - Revert "UBUNTU: SAUCE: CacheFiles: fix a read_waiter/read_copier race"
    - fscache: Allow cancelled operations to be enqueued
    - cachefiles: Fix refcounting bug in backing-file read monitoring

* SMB3: Fix regression in server reconnect detection (LP: #1786110)
    - smb3: on reconnect set PreviousSessionId field

* CVE-2018-1118
    - vhost: fix info leak due to uninitialized memory

-- Kleber Sacilotto de Souza <kleber.souza@canonical.com>  Mon, 27 Aug 2018 16:45:36 +0200

Changed in linux (Ubuntu Bionic):
status:	Fix Committed → Fix Released

Revision history for this message

Launchpad Janitor (janitor) wrote on 2018-09-10:

#9

This bug was fixed in the package linux - 4.4.0-135.161

---------------
linux (4.4.0-135.161) xenial; urgency=medium

* linux: 4.4.0-135.161 -proposed tracker (LP: #1788766)

  * [Regression] APM Merlin boards fail to recover link after interface down/up
    (LP: #1785739)
    - net: phylib: fix interrupts re-enablement in phy_start
    - net: phy: fix phy_start to consider PHY_IGNORE_INTERRUPT

* qeth: don't clobber buffer on async TX completion (LP: #1786057)
- s390/qeth: don't clobber buffer on async TX completion

* nvme: avoid cqe corruption (LP: #1788035)
- nvme: avoid cqe corruption when update at the same time as read

  * CacheFiles: Error: Overlong wait for old active object to go away.
    (LP: #1776254)
    - cachefiles: Fix missing clear of the CACHEFILES_OBJECT_ACTIVE flag
    - cachefiles: Wait rather than BUG'ing on "Unexpected object collision"

  * fscache cookie refcount updated incorrectly during fscache object allocation
    (LP: #1776277) // fscache cookie refcount updated incorrectly during fscache
    object allocation (LP: #1776277)
    - fscache: Fix reference overput in fscache_attach_object() error handling

  * FS-Cache: Assertion failed: FS-Cache: 6 == 5 is false (LP: #1774336)
    - Revert "UBUNTU: SAUCE: CacheFiles: fix a read_waiter/read_copier race"
    - fscache: Allow cancelled operations to be enqueued
    - cachefiles: Fix refcounting bug in backing-file read monitoring

  * linux-cloud-tools-common: Ensure hv-kvp-daemon.service starts before
    walinuxagent.service (LP: #1739107)
    - [Debian] hyper-v -- Ensure that hv-kvp-daemon.service starts before
      walinuxagent.service

-- Khalid Elmously <email address hidden> Sun, 26 Aug 2018 23:56:50 -0400

Changed in linux (Ubuntu Xenial):
status:	Fix Committed → Fix Released

Frank Heimes (fheimes) on 2018-09-11

Changed in linux (Ubuntu):
status:	Fix Committed → Fix Released
Changed in ubuntu-z-systems:
status:	Fix Committed → Fix Released

Revision history for this message

bugproxy (bugproxy) wrote on 2018-09-11:

#10

------- Comment From <email address hidden> 2018-09-11 03:35 EDT-------
Ibm bugzilla status -> closed, Fix Released for Bionic and Xenial

Brad Figg (brad-figg) on 2019-07-24

tags:

added: cscc

Ubuntu
linux package

qeth: don't clobber buffer on async TX completion

Bug Description

CVE References

Other bug subscribers

Remote bug watches

	Status	Importance	Assigned to
Ubuntu on IBM z Systems	Fix Released	High	Canonical Kernel Team
linux (Ubuntu)	Fix Released	High	Joseph Salisbury
Xenial	Fix Released	High	Joseph Salisbury
Bionic	Fix Released	High	Joseph Salisbury

Ubuntulinux package

qeth: don't clobber buffer on async TX completion

Bug Description

CVE References

Other bug subscribers

Remote bug watches

Ubuntu
linux package