Public bug reported:
SRU Justification
Impact:
The upstream process for stable tree updates is quite similar
in scope to the Ubuntu SRU process, e.g., each patch has to
demonstrably fix a bug, and each patch is vetted by upstream
by originating either directly from a mainline/stable Linux tree or
a minimally backported form of that patch. The following upstream
stable patches should be included in the Ubuntu kernel:
upstream stable patchset 2019-07-11
Ported from the following upstream stable releases:
v4.14.73, v4.18.11,
v4.14.74, v4.18.12
from git://git.kernel.org/
perf tools: Fix undefined symbol scnprintf in libperf-jvmti.so
gso_segment: Reset skb->mac_len after modifying network header
ipv6: fix possible use-after-free in ip6_xmit()
net/appletalk: fix minor pointer leak to userspace in SIOCFINDIPDDPRT
net: hp100: fix always-true check for link up state
pppoe: fix reception of frames with no mac header
qmi_wwan: set DTR for modems in forced USB2 mode
udp4: fix IP_CMSG_CHECKSUM for connected sockets
neighbour: confirm neigh entries when ARP packet is received
udp6: add missing checks on edumux packet processing
net/sched: act_sample: fix NULL dereference in the data path
tls: don't copy the key out of tls12_crypto_info_aes_gcm_128
tls: zero the crypto information from tls_context before freeing
tls: clear key material from kernel memory when do_tls_setsockopt_conf fails
NFC: Fix possible memory corruption when handling SHDLC I-Frame commands
NFC: Fix the number of pipes
ASoC: cs4265: fix MMTLR Data switch control
ASoC: rsnd: fixup not to call clk_get/set under non-atomic
ALSA: bebob: fix memory leak for M-Audio FW1814 and ProjectMix I/O at error path
ALSA: bebob: use address returned by kmalloc() instead of kernel stack for
streaming DMA mapping
ALSA: emu10k1: fix possible info leak to userspace on SNDRV_EMU10K1_IOCTL_INFO
ALSA: fireface: fix memory leak in ff400_switch_fetching_mode()
ALSA: firewire-digi00x: fix memory leak of private data
ALSA: firewire-tascam: fix memory leak of private data
ALSA: fireworks: fix memory leak of response buffer at error path
ALSA: oxfw: fix memory leak for model-dependent data at error path
ALSA: oxfw: fix memory leak of discovered stream formats at error path
ALSA: oxfw: fix memory leak of private data
platform/x86: alienware-wmi: Correct a memory leak
xen/netfront: don't bug in case of too many frags
xen/x86/vpmu: Zero struct pt_regs before calling into sample handling code
spi: fix IDR collision on systems with both fixed and dynamic SPI bus numbers
ring-buffer: Allow for rescheduling when removing pages
mm: shmem.c: Correctly annotate new inodes for lockdep
scsi: target: iscsi: Use bin2hex instead of a re-implementation
ocfs2: fix ocfs2 read block panic
drm/nouveau: Fix deadlocks in nouveau_connector_detect()
drm/nouveau/drm/nouveau: Don't forget to cancel hpd_work on suspend/unload
drm/nouveau/drm/nouveau: Fix bogus drm_kms_helper_poll_enable() placement
drm/nouveau/drm/nouveau: Use pm_runtime_get_noresume() in connector_detect()
drm/nouveau/drm/nouveau: Prevent handling ACPI HPD events too early
drm/vc4: Fix the "no scaling" case on multi-planar YUV formats
drm: udl: Destroy framebuffer only if it was initialized
drm/amdgpu: add new polaris pci id
ext4: check to make sure the rename(2)'s destination is not freed
ext4: avoid divide by zero fault when deleting corrupted inline directories
ext4: avoid arithemetic overflow that can trigger a BUG
ext4: recalucate superblock checksum after updating free blocks/inodes
ext4: fix online resize's handling of a too-small final block group
ext4: fix online resizing for bigalloc file systems with a 1k block size
ext4: don't mark mmp buffer head dirty
ext4: show test_dummy_encryption mount option in /proc/mounts
sched/fair: Fix vruntime_normalized() for remote non-migration wakeup
PCI: aardvark: Size bridges before resources allocation
vmw_balloon: include asm/io.h
iw_cxgb4: only allow 1 flush on user qps
tick/nohz: Prevent bogus softirq pending warning
spi: Fix double IDR allocation with DT aliases
hv_netvsc: fix schedule in RCU context
bnxt_en: Fix VF mac address regression.
net: rtnl_configure_link: fix dev flags changes arg to __dev_notify_flags
mtd: rawnand: denali: fix a race condition when DMA is kicked
platform/x86: dell-smbios-wmi: Correct a memory leak
spi: fix IDR collision on systems with both fixed and dynamic SPI bus numbers
fork: report pid exhaustion correctly
mm: disable deferred struct page for 32-bit arches
libata: mask swap internal and hardware tag
drm/i915/bdw: Increase IPS disable timeout to 100ms
drm/nouveau: Reset MST branching unit before enabling
drm/nouveau: Only write DP_MSTM_CTRL when needed
drm/nouveau: Remove duplicate poll_enable() in pmops_runtime_suspend()
ext4, dax: set ext4_dax_aops for dax files
crypto: skcipher - Fix -Wstringop-truncation warnings
iio: adc: ina2xx: avoid kthread_stop() with stale task_struct
tsl2550: fix lux1_input error in low light
vmci: type promotion bug in qp_host_get_user_memory()
x86/numa_emulation: Fix emulated-to-physical node mapping
staging: rts5208: fix missing error check on call to rtsx_write_register
power: supply: axp288_charger: Fix initial constant_charge_current value
misc: sram: enable clock before registering regions
serial: sh-sci: Stop RX FIFO timer during port shutdown
uwb: hwa-rc: fix memory leak at probe
power: vexpress: fix corruption in notifier registration
iommu/amd: make sure TLB to be flushed before IOVA freed
Bluetooth: Add a new Realtek 8723DE ID 0bda:b009
USB: serial: kobil_sct: fix modem-status error handling
6lowpan: iphc: reset mac_header after decompress to fix panic
iommu/msm: Don't call iommu_device_{,un}link from atomic context
s390/mm: correct allocate_pgste proc_handler callback
power: remove possible deadlock when unregistering power_supply
md-cluster: clear another node's suspend_area after the copy is finished
RDMA/bnxt_re: Fix a couple off by one bugs
RDMA/i40w: Hold read semaphore while looking after VMA
IB/core: type promotion bug in rdma_rw_init_one_mr()
media: exynos4-is: Prevent NULL pointer dereference in __isp_video_try_fmt()
IB/mlx4: Test port number before querying type.
powerpc/kdump: Handle crashkernel memory reservation failure
media: fsl-viu: fix error handling in viu_of_probe()
media: staging/imx: fill vb2_v4l2_buffer field entry
x86/tsc: Add missing header to tsc_msr.c
ARM: hwmod: RTC: Don't assume lock/unlock will be called with irq enabled
x86/entry/64: Add two more instruction suffixes
ARM: dts: ls1021a: Add missing cooling device properties for CPUs
scsi: target/iscsi: Make iscsit_ta_authentication() respect the output buffer
size
scsi: klist: Make it safe to use klists in atomic context
scsi: ibmvscsi: Improve strings handling
scsi: target: Avoid that EXTENDED COPY commands trigger lock inversion
usb: wusbcore: security: cast sizeof to int for comparison
ath10k: sdio: use same endpoint id for all packets in a bundle
ath10k: sdio: set skb len for all rx packets
powerpc/powernv/ioda2: Reduce upper limit for DMA window size
s390/sysinfo: add missing #ifdef CONFIG_PROC_FS
alarmtimer: Prevent overflow for relative nanosleep
s390/dasd: correct numa_node in dasd_alloc_queue
s390/scm_blk: correct numa_node in scm_blk_dev_setup
s390/extmem: fix gcc 8 stringop-overflow warning
mtd: rawnand: atmel: add module param to avoid using dma
iio: accel: adxl345: convert address field usage in iio_chan_spec
posix-timers: Make forward callback return s64
ALSA: snd-aoa: add of_node_put() in error path
media: s3c-camif: ignore -ENOIOCTLCMD from v4l2_subdev_call for s_power
media: soc_camera: ov772x: correct setting of banding filter
media: omap3isp: zero-initialize the isp cam_xclk{a,b} initial data
staging: android: ashmem: Fix mmap size validation
drivers/tty: add error handling for pcmcia_loop_config
media: tm6000: add error handling for dvb_register_adapter
net: phy: xgmiitorgmii: Check read_status results
ath10k: protect ath10k_htt_rx_ring_free with rx_ring.lock
net: phy: xgmiitorgmii: Check phy_driver ready before accessing
drm/sun4i: Fix releasing node when enumerating enpoints
ath10k: transmit queued frames after processing rx packets
rndis_wlan: potential buffer overflow in rndis_wlan_auth_indication()
brcmsmac: fix wrap around in conversion from constant to s16
ARM: mvebu: declare asm symbols as character arrays in pmsu.c
arm: dts: mediatek: Add missing cooling device properties for CPUs
HID: hid-ntrig: add error handling for sysfs_create_group
MIPS: boot: fix build rule of vmlinux.its.S
perf/x86/intel/lbr: Fix incomplete LBR call stack
scsi: bnx2i: add error handling for ioremap_nocache
iomap: complete partial direct I/O writes synchronously
scsi: megaraid_sas: Update controller info during resume
EDAC, i7core: Fix memleaks and use-after-free on probe and remove
ASoC: dapm: Fix potential DAI widget pointer deref when linking DAIs
module: exclude SHN_UNDEF symbols from kallsyms api
gpio: Fix wrong rounding in gpio-menz127
nfsd: fix corrupted reply to badly ordered compound
EDAC: Fix memleak in module init error path
fs/lock: skip lock owner pid translation in case we are in init_pid_ns
Input: xen-kbdfront - fix multi-touch XenStore node's locations
iio: 104-quad-8: Fix off-by-one error in register selection
ARM: dts: dra7: fix DCAN node addresses
x86/mm: Expand static page table for fixmap space
tty: serial: lpuart: avoid leaking struct tty_struct
serial: cpm_uart: return immediately from console poll
intel_th: Fix device removal logic
spi: tegra20-slink: explicitly enable/disable clock
spi: sh-msiof: Fix invalid SPI use during system suspend
spi: sh-msiof: Fix handling of write value for SISTR register
spi: rspi: Fix invalid SPI use during system suspend
spi: rspi: Fix interrupted DMA transfers
regulator: fix crash caused by null driver data
USB: fix error handling in usb_driver_claim_interface()
USB: handle NULL config in usb_find_alt_setting()
usb: musb: dsps: do not disable CPPI41 irq in driver teardown
slub: make ->cpu_partial unsigned int
USB: usbdevfs: sanitize flags more
USB: usbdevfs: restore warning for nonsensical flags
USB: remove LPM management from usb_driver_claim_interface()
IB/srp: Avoid that sg_reset -d ${srp_device} triggers an infinite loop
IB/hfi1: Fix SL array bounds check
IB/hfi1: Invalid user input can result in crash
IB/hfi1: Fix context recovery when PBC has an UnsupportedVL
RDMA/uverbs: Atomically flush and mark closed the comp event queue
ovl: hash non-dir by lower inode for fsnotify
drm/i915: Remove vma from object on destroy, not close
serial: imx: restore handshaking irq for imx1
qed: Wait for ready indication before rereading the shmem
qed: Wait for MCP halt and resume commands to take place
qed: Prevent a possible deadlock during driver load and unload
qed: Avoid sending mailbox commands when MFW is not responsive
thermal: of-thermal: disable passive polling when thermal zone is disabled
isofs: reject hardware sector size > 2048 bytes
tls: possible hang when do_tcp_sendpages hits sndbuf is full case
bpf: sockmap: write_space events need to be passed to TCP handler
net: hns: fix length and page_offset overflow when CONFIG_ARM64_64K_PAGES
e1000: check on netif_running() before calling e1000_up()
e1000: ensure to free old tx/rx rings in set_ringparam()
crypto: cavium/nitrox - fix for command corruption in queue full case with
backlog submissions.
hwmon: (ina2xx) fix sysfs shunt resistor read access
hwmon: (adt7475) Make adt7475_read_word() return errors
Revert "ARM: dts: imx7d: Invert legacy PCI irq mapping"
drm/amdgpu: Enable/disable gfx PG feature in rlc safe mode
drm/amdgpu: Update power state at the end of smu hw_init.
ata: ftide010: Add a quirk for SQ201
nvme-fcloop: Fix dropped LS's to removed target port
ARM: dts: omap4-droid4: Fix emmc errors seen on some devices
arm/arm64: smccc-1.1: Make return values unsigned long
arm/arm64: smccc-1.1: Handle function result as parameters
i2c: i801: Allow ACPI AML access I/O ports not reserved for SMBus
x86/pti: Fix section mismatch warning/error
media: v4l: event: Prevent freeing event subscriptions while accessed
drm/amd/display/dc/dce: Fix multiple potential integer overflows
drm/amd/display: fix use of uninitialized memory
RDMA/bnxt_re: Fix a bunch of off by one bugs in qplib_fp.c
vhost_net: Avoid tx vring kicks during busyloop
thermal: i.MX: Allow thermal probe to fail gracefully in case of bad
calibration.
platform/x86: asus-wireless: Fix uninitialized symbol usage
ACPI / button: increment wakeup count only when notified
media: ov772x: add checks for register read errors
media: ov772x: allow i2c controllers without I2C_FUNC_PROTOCOL_MANGLING
drm/omap: gem: Fix mm_list locking
ASoC: rsnd: SSI parent cares SWSP bit
staging: pi433: fix race condition in pi433_ioctl
perf tests: Fix indexing when invoking subtests
gpio: tegra: Fix tegra_gpio_irq_set_type()
block: fix deadline elevator drain for zoned block devices
serial: mvebu-uart: Fix reporting of effective CSIZE to userspace
intel_th: Fix resource handling for ACPI glue layer
ext2, dax: set ext2_dax_aops for dax files
IB/hfi1: Fix destroy_qp hang after a link down
ARM: OMAP2+: Fix null hwmod for ti-sysc debug
ARM: OMAP2+: Fix module address for modules using mpu_rt_idx
bus: ti-sysc: Fix module register ioremap for larger offsets
drm/amdgpu: fix preamble handling
amdgpu: fix multi-process hang issue
tcp_bbr: add bbr_check_probe_rtt_done() helper
tcp_bbr: in restart from idle, see if we should exit PROBE_RTT
net: hns3: fix page_offset overflow when CONFIG_ARM64_64K_PAGES
ixgbe: fix driver behaviour after issuing VFLR
powerpc/pseries: Fix unitialized timer reset on migration
** Affects: linux (Ubuntu)
Importance: Undecided
Status: Confirmed
** Affects: linux (Ubuntu Bionic)
Importance: Undecided
Assignee: Kamal Mostafa (kamalmostafa)
Status: In Progress
** Tags: kernel-stable-tracking-bug
** Changed in: linux (Ubuntu)
Status: New => Confirmed
** Tags added: kernel-stable-tracking-bug
** Also affects: linux (Ubuntu Bionic)
Importance: Undecided
Status: New
** Description changed:
-
- SRU Justification
-
- Impact:
- The upstream process for stable tree updates is quite similar
- in scope to the Ubuntu SRU process, e.g., each patch has to
- demonstrably fix a bug, and each patch is vetted by upstream
- by originating either directly from a mainline/stable Linux tree or
- a minimally backported form of that patch. The following upstream
- stable patches should be included in the Ubuntu kernel:
-
- upstream stable patchset 2019-07-11
- from git://git.kernel.org/
+ SRU Justification
+
+ Impact:
+ The upstream process for stable tree updates is quite similar
+ in scope to the Ubuntu SRU process, e.g., each patch has to
+ demonstrably fix a bug, and each patch is vetted by upstream
+ by originating either directly from a mainline/stable Linux tree or
+ a minimally backported form of that patch. The following upstream
+ stable patches should be included in the Ubuntu kernel:
+
+ upstream stable patchset 2019-07-11
+
+ Ported from the following upstream stable releases:
+ v4.14.73, v4.18.11,
+ v4.14.74, v4.18.12
+
+ from git://git.kernel.org/
+
+ perf tools: Fix undefined symbol scnprintf in libperf-jvmti.so
+ gso_segment: Reset skb->mac_len after modifying network header
+ ipv6: fix possible use-after-free in ip6_xmit()
+ net/appletalk: fix minor pointer leak to userspace in SIOCFINDIPDDPRT
+ net: hp100: fix always-true check for link up state
+ pppoe: fix reception of frames with no mac header
+ qmi_wwan: set DTR for modems in forced USB2 mode
+ udp4: fix IP_CMSG_CHECKSUM for connected sockets
+ neighbour: confirm neigh entries when ARP packet is received
+ udp6: add missing checks on edumux packet processing
+ net/sched: act_sample: fix NULL dereference in the data path
+ tls: don't copy the key out of tls12_crypto_info_aes_gcm_128
+ tls: zero the crypto information from tls_context before freeing
+ tls: clear key material from kernel memory when do_tls_setsockopt_conf fails
+ NFC: Fix possible memory corruption when handling SHDLC I-Frame commands
+ NFC: Fix the number of pipes
+ ASoC: cs4265: fix MMTLR Data switch control
+ ASoC: rsnd: fixup not to call clk_get/set under non-atomic
+ ALSA: bebob: fix memory leak for M-Audio FW1814 and ProjectMix I/O at error
path
+ ALSA: bebob: use address returned by kmalloc() instead of kernel stack for
streaming DMA mapping
+ ALSA: emu10k1: fix possible info leak to userspace on SNDRV_EMU10K1_IOCTL_INFO
+ ALSA: fireface: fix memory leak in ff400_switch_fetching_mode()
+ ALSA: firewire-digi00x: fix memory leak of private data
+ ALSA: firewire-tascam: fix memory leak of private data
+ ALSA: fireworks: fix memory leak of response buffer at error path
+ ALSA: oxfw: fix memory leak for model-dependent data at error path
+ ALSA: oxfw: fix memory leak of discovered stream formats at error path
+ ALSA: oxfw: fix memory leak of private data
+ platform/x86: alienware-wmi: Correct a memory leak
+ xen/netfront: don't bug in case of too many frags
+ xen/x86/vpmu: Zero struct pt_regs before calling into sample handling code
+ spi: fix IDR collision on systems with both fixed and dynamic SPI bus numbers
+ ring-buffer: Allow for rescheduling when removing pages
+ mm: shmem.c: Correctly annotate new inodes for lockdep
+ scsi: target: iscsi: Use bin2hex instead of a re-implementation
+ ocfs2: fix ocfs2 read block panic
+ drm/nouveau: Fix deadlocks in nouveau_connector_detect()
+ drm/nouveau/drm/nouveau: Don't forget to cancel hpd_work on suspend/unload
+ drm/nouveau/drm/nouveau: Fix bogus drm_kms_helper_poll_enable() placement
+ drm/nouveau/drm/nouveau: Use pm_runtime_get_noresume() in connector_detect()
+ drm/nouveau/drm/nouveau: Prevent handling ACPI HPD events too early
+ drm/vc4: Fix the "no scaling" case on multi-planar YUV formats
+ drm: udl: Destroy framebuffer only if it was initialized
+ drm/amdgpu: add new polaris pci id
+ ext4: check to make sure the rename(2)'s destination is not freed
+ ext4: avoid divide by zero fault when deleting corrupted inline directories
+ ext4: avoid arithemetic overflow that can trigger a BUG
+ ext4: recalucate superblock checksum after updating free blocks/inodes
+ ext4: fix online resize's handling of a too-small final block group
+ ext4: fix online resizing for bigalloc file systems with a 1k block size
+ ext4: don't mark mmp buffer head dirty
+ ext4: show test_dummy_encryption mount option in /proc/mounts
+ sched/fair: Fix vruntime_normalized() for remote non-migration wakeup
+ PCI: aardvark: Size bridges before resources allocation
+ vmw_balloon: include asm/io.h
+ iw_cxgb4: only allow 1 flush on user qps
+ tick/nohz: Prevent bogus softirq pending warning
+ spi: Fix double IDR allocation with DT aliases
+ hv_netvsc: fix schedule in RCU context
+ bnxt_en: Fix VF mac address regression.
+ net: rtnl_configure_link: fix dev flags changes arg to __dev_notify_flags
+ mtd: rawnand: denali: fix a race condition when DMA is kicked
+ platform/x86: dell-smbios-wmi: Correct a memory leak
+ spi: fix IDR collision on systems with both fixed and dynamic SPI bus numbers
+ fork: report pid exhaustion correctly
+ mm: disable deferred struct page for 32-bit arches
+ libata: mask swap internal and hardware tag
+ drm/i915/bdw: Increase IPS disable timeout to 100ms
+ drm/nouveau: Reset MST branching unit before enabling
+ drm/nouveau: Only write DP_MSTM_CTRL when needed
+ drm/nouveau: Remove duplicate poll_enable() in pmops_runtime_suspend()
+ ext4, dax: set ext4_dax_aops for dax files
+ crypto: skcipher - Fix -Wstringop-truncation warnings
+ iio: adc: ina2xx: avoid kthread_stop() with stale task_struct
+ tsl2550: fix lux1_input error in low light
+ vmci: type promotion bug in qp_host_get_user_memory()
+ x86/numa_emulation: Fix emulated-to-physical node mapping
+ staging: rts5208: fix missing error check on call to rtsx_write_register
+ power: supply: axp288_charger: Fix initial constant_charge_current value
+ misc: sram: enable clock before registering regions
+ serial: sh-sci: Stop RX FIFO timer during port shutdown
+ uwb: hwa-rc: fix memory leak at probe
+ power: vexpress: fix corruption in notifier registration
+ iommu/amd: make sure TLB to be flushed before IOVA freed
+ Bluetooth: Add a new Realtek 8723DE ID 0bda:b009
+ USB: serial: kobil_sct: fix modem-status error handling
+ 6lowpan: iphc: reset mac_header after decompress to fix panic
+ iommu/msm: Don't call iommu_device_{,un}link from atomic context
+ s390/mm: correct allocate_pgste proc_handler callback
+ power: remove possible deadlock when unregistering power_supply
+ md-cluster: clear another node's suspend_area after the copy is finished
+ RDMA/bnxt_re: Fix a couple off by one bugs
+ RDMA/i40w: Hold read semaphore while looking after VMA
+ IB/core: type promotion bug in rdma_rw_init_one_mr()
+ media: exynos4-is: Prevent NULL pointer dereference in __isp_video_try_fmt()
+ IB/mlx4: Test port number before querying type.
+ powerpc/kdump: Handle crashkernel memory reservation failure
+ media: fsl-viu: fix error handling in viu_of_probe()
+ media: staging/imx: fill vb2_v4l2_buffer field entry
+ x86/tsc: Add missing header to tsc_msr.c
+ ARM: hwmod: RTC: Don't assume lock/unlock will be called with irq enabled
+ x86/entry/64: Add two more instruction suffixes
+ ARM: dts: ls1021a: Add missing cooling device properties for CPUs
+ scsi: target/iscsi: Make iscsit_ta_authentication() respect the output buffer
size
+ scsi: klist: Make it safe to use klists in atomic context
+ scsi: ibmvscsi: Improve strings handling
+ scsi: target: Avoid that EXTENDED COPY commands trigger lock inversion
+ usb: wusbcore: security: cast sizeof to int for comparison
+ ath10k: sdio: use same endpoint id for all packets in a bundle
+ ath10k: sdio: set skb len for all rx packets
+ powerpc/powernv/ioda2: Reduce upper limit for DMA window size
+ s390/sysinfo: add missing #ifdef CONFIG_PROC_FS
+ alarmtimer: Prevent overflow for relative nanosleep
+ s390/dasd: correct numa_node in dasd_alloc_queue
+ s390/scm_blk: correct numa_node in scm_blk_dev_setup
+ s390/extmem: fix gcc 8 stringop-overflow warning
+ mtd: rawnand: atmel: add module param to avoid using dma
+ iio: accel: adxl345: convert address field usage in iio_chan_spec
+ posix-timers: Make forward callback return s64
+ ALSA: snd-aoa: add of_node_put() in error path
+ media: s3c-camif: ignore -ENOIOCTLCMD from v4l2_subdev_call for s_power
+ media: soc_camera: ov772x: correct setting of banding filter
+ media: omap3isp: zero-initialize the isp cam_xclk{a,b} initial data
+ staging: android: ashmem: Fix mmap size validation
+ drivers/tty: add error handling for pcmcia_loop_config
+ media: tm6000: add error handling for dvb_register_adapter
+ net: phy: xgmiitorgmii: Check read_status results
+ ath10k: protect ath10k_htt_rx_ring_free with rx_ring.lock
+ net: phy: xgmiitorgmii: Check phy_driver ready before accessing
+ drm/sun4i: Fix releasing node when enumerating enpoints
+ ath10k: transmit queued frames after processing rx packets
+ rndis_wlan: potential buffer overflow in rndis_wlan_auth_indication()
+ brcmsmac: fix wrap around in conversion from constant to s16
+ ARM: mvebu: declare asm symbols as character arrays in pmsu.c
+ arm: dts: mediatek: Add missing cooling device properties for CPUs
+ HID: hid-ntrig: add error handling for sysfs_create_group
+ MIPS: boot: fix build rule of vmlinux.its.S
+ perf/x86/intel/lbr: Fix incomplete LBR call stack
+ scsi: bnx2i: add error handling for ioremap_nocache
+ iomap: complete partial direct I/O writes synchronously
+ scsi: megaraid_sas: Update controller info during resume
+ EDAC, i7core: Fix memleaks and use-after-free on probe and remove
+ ASoC: dapm: Fix potential DAI widget pointer deref when linking DAIs
+ module: exclude SHN_UNDEF symbols from kallsyms api
+ gpio: Fix wrong rounding in gpio-menz127
+ nfsd: fix corrupted reply to badly ordered compound
+ EDAC: Fix memleak in module init error path
+ fs/lock: skip lock owner pid translation in case we are in init_pid_ns
+ Input: xen-kbdfront - fix multi-touch XenStore node's locations
+ iio: 104-quad-8: Fix off-by-one error in register selection
+ ARM: dts: dra7: fix DCAN node addresses
+ x86/mm: Expand static page table for fixmap space
+ tty: serial: lpuart: avoid leaking struct tty_struct
+ serial: cpm_uart: return immediately from console poll
+ intel_th: Fix device removal logic
+ spi: tegra20-slink: explicitly enable/disable clock
+ spi: sh-msiof: Fix invalid SPI use during system suspend
+ spi: sh-msiof: Fix handling of write value for SISTR register
+ spi: rspi: Fix invalid SPI use during system suspend
+ spi: rspi: Fix interrupted DMA transfers
+ regulator: fix crash caused by null driver data
+ USB: fix error handling in usb_driver_claim_interface()
+ USB: handle NULL config in usb_find_alt_setting()
+ usb: musb: dsps: do not disable CPPI41 irq in driver teardown
+ slub: make ->cpu_partial unsigned int
+ USB: usbdevfs: sanitize flags more
+ USB: usbdevfs: restore warning for nonsensical flags
+ USB: remove LPM management from usb_driver_claim_interface()
+ IB/srp: Avoid that sg_reset -d ${srp_device} triggers an infinite loop
+ IB/hfi1: Fix SL array bounds check
+ IB/hfi1: Invalid user input can result in crash
+ IB/hfi1: Fix context recovery when PBC has an UnsupportedVL
+ RDMA/uverbs: Atomically flush and mark closed the comp event queue
+ ovl: hash non-dir by lower inode for fsnotify
+ drm/i915: Remove vma from object on destroy, not close
+ serial: imx: restore handshaking irq for imx1
+ qed: Wait for ready indication before rereading the shmem
+ qed: Wait for MCP halt and resume commands to take place
+ qed: Prevent a possible deadlock during driver load and unload
+ qed: Avoid sending mailbox commands when MFW is not responsive
+ thermal: of-thermal: disable passive polling when thermal zone is disabled
+ isofs: reject hardware sector size > 2048 bytes
+ tls: possible hang when do_tcp_sendpages hits sndbuf is full case
+ bpf: sockmap: write_space events need to be passed to TCP handler
+ net: hns: fix length and page_offset overflow when CONFIG_ARM64_64K_PAGES
+ e1000: check on netif_running() before calling e1000_up()
+ e1000: ensure to free old tx/rx rings in set_ringparam()
+ crypto: cavium/nitrox - fix for command corruption in queue full case with
backlog submissions.
+ hwmon: (ina2xx) fix sysfs shunt resistor read access
+ hwmon: (adt7475) Make adt7475_read_word() return errors
+ Revert "ARM: dts: imx7d: Invert legacy PCI irq mapping"
+ drm/amdgpu: Enable/disable gfx PG feature in rlc safe mode
+ drm/amdgpu: Update power state at the end of smu hw_init.
+ ata: ftide010: Add a quirk for SQ201
+ nvme-fcloop: Fix dropped LS's to removed target port
+ ARM: dts: omap4-droid4: Fix emmc errors seen on some devices
+ arm/arm64: smccc-1.1: Make return values unsigned long
+ arm/arm64: smccc-1.1: Handle function result as parameters
+ i2c: i801: Allow ACPI AML access I/O ports not reserved for SMBus
+ x86/pti: Fix section mismatch warning/error
+ media: v4l: event: Prevent freeing event subscriptions while accessed
+ drm/amd/display/dc/dce: Fix multiple potential integer overflows
+ drm/amd/display: fix use of uninitialized memory
+ RDMA/bnxt_re: Fix a bunch of off by one bugs in qplib_fp.c
+ vhost_net: Avoid tx vring kicks during busyloop
+ thermal: i.MX: Allow thermal probe to fail gracefully in case of bad
calibration.
+ platform/x86: asus-wireless: Fix uninitialized symbol usage
+ ACPI / button: increment wakeup count only when notified
+ media: ov772x: add checks for register read errors
+ media: ov772x: allow i2c controllers without I2C_FUNC_PROTOCOL_MANGLING
+ drm/omap: gem: Fix mm_list locking
+ ASoC: rsnd: SSI parent cares SWSP bit
+ staging: pi433: fix race condition in pi433_ioctl
+ perf tests: Fix indexing when invoking subtests
+ gpio: tegra: Fix tegra_gpio_irq_set_type()
+ block: fix deadline elevator drain for zoned block devices
+ serial: mvebu-uart: Fix reporting of effective CSIZE to userspace
+ intel_th: Fix resource handling for ACPI glue layer
+ ext2, dax: set ext2_dax_aops for dax files
+ IB/hfi1: Fix destroy_qp hang after a link down
+ ARM: OMAP2+: Fix null hwmod for ti-sysc debug
+ ARM: OMAP2+: Fix module address for modules using mpu_rt_idx
+ bus: ti-sysc: Fix module register ioremap for larger offsets
+ drm/amdgpu: fix preamble handling
+ amdgpu: fix multi-process hang issue
+ tcp_bbr: add bbr_check_probe_rtt_done() helper
+ tcp_bbr: in restart from idle, see if we should exit PROBE_RTT
+ net: hns3: fix page_offset overflow when CONFIG_ARM64_64K_PAGES
+ ixgbe: fix driver behaviour after issuing VFLR
+ powerpc/pseries: Fix unitialized timer reset on migration
** Changed in: linux (Ubuntu Bionic)
Status: New => In Progress
** Changed in: linux (Ubuntu Bionic)
Assignee: (unassigned) => Kamal Mostafa (kamalmostafa)
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1836287
Title:
Bionic update: upstream stable patchset 2019-07-11
Status in linux package in Ubuntu:
Confirmed
Status in linux source package in Bionic:
In Progress
Bug description:
SRU Justification
Impact:
The upstream process for stable tree updates is quite similar
in scope to the Ubuntu SRU process, e.g., each patch has to
demonstrably fix a bug, and each patch is vetted by upstream
by originating either directly from a mainline/stable Linux tree or
a minimally backported form of that patch. The following upstream
stable patches should be included in the Ubuntu kernel:
upstream stable patchset 2019-07-11
Ported from the following upstream stable releases:
v4.14.73, v4.18.11,
v4.14.74, v4.18.12
from git://git.kernel.org/
perf tools: Fix undefined symbol scnprintf in libperf-jvmti.so
gso_segment: Reset skb->mac_len after modifying network header
ipv6: fix possible use-after-free in ip6_xmit()
net/appletalk: fix minor pointer leak to userspace in SIOCFINDIPDDPRT
net: hp100: fix always-true check for link up state
pppoe: fix reception of frames with no mac header
qmi_wwan: set DTR for modems in forced USB2 mode
udp4: fix IP_CMSG_CHECKSUM for connected sockets
neighbour: confirm neigh entries when ARP packet is received
udp6: add missing checks on edumux packet processing
net/sched: act_sample: fix NULL dereference in the data path
tls: don't copy the key out of tls12_crypto_info_aes_gcm_128
tls: zero the crypto information from tls_context before freeing
tls: clear key material from kernel memory when do_tls_setsockopt_conf fails
NFC: Fix possible memory corruption when handling SHDLC I-Frame commands
NFC: Fix the number of pipes
ASoC: cs4265: fix MMTLR Data switch control
ASoC: rsnd: fixup not to call clk_get/set under non-atomic
ALSA: bebob: fix memory leak for M-Audio FW1814 and ProjectMix I/O at error
path
ALSA: bebob: use address returned by kmalloc() instead of kernel stack for
streaming DMA mapping
ALSA: emu10k1: fix possible info leak to userspace on SNDRV_EMU10K1_IOCTL_INFO
ALSA: fireface: fix memory leak in ff400_switch_fetching_mode()
ALSA: firewire-digi00x: fix memory leak of private data
ALSA: firewire-tascam: fix memory leak of private data
ALSA: fireworks: fix memory leak of response buffer at error path
ALSA: oxfw: fix memory leak for model-dependent data at error path
ALSA: oxfw: fix memory leak of discovered stream formats at error path
ALSA: oxfw: fix memory leak of private data
platform/x86: alienware-wmi: Correct a memory leak
xen/netfront: don't bug in case of too many frags
xen/x86/vpmu: Zero struct pt_regs before calling into sample handling code
spi: fix IDR collision on systems with both fixed and dynamic SPI bus numbers
ring-buffer: Allow for rescheduling when removing pages
mm: shmem.c: Correctly annotate new inodes for lockdep
scsi: target: iscsi: Use bin2hex instead of a re-implementation
ocfs2: fix ocfs2 read block panic
drm/nouveau: Fix deadlocks in nouveau_connector_detect()
drm/nouveau/drm/nouveau: Don't forget to cancel hpd_work on suspend/unload
drm/nouveau/drm/nouveau: Fix bogus drm_kms_helper_poll_enable() placement
drm/nouveau/drm/nouveau: Use pm_runtime_get_noresume() in connector_detect()
drm/nouveau/drm/nouveau: Prevent handling ACPI HPD events too early
drm/vc4: Fix the "no scaling" case on multi-planar YUV formats
drm: udl: Destroy framebuffer only if it was initialized
drm/amdgpu: add new polaris pci id
ext4: check to make sure the rename(2)'s destination is not freed
ext4: avoid divide by zero fault when deleting corrupted inline directories
ext4: avoid arithemetic overflow that can trigger a BUG
ext4: recalucate superblock checksum after updating free blocks/inodes
ext4: fix online resize's handling of a too-small final block group
ext4: fix online resizing for bigalloc file systems with a 1k block size
ext4: don't mark mmp buffer head dirty
ext4: show test_dummy_encryption mount option in /proc/mounts
sched/fair: Fix vruntime_normalized() for remote non-migration wakeup
PCI: aardvark: Size bridges before resources allocation
vmw_balloon: include asm/io.h
iw_cxgb4: only allow 1 flush on user qps
tick/nohz: Prevent bogus softirq pending warning
spi: Fix double IDR allocation with DT aliases
hv_netvsc: fix schedule in RCU context
bnxt_en: Fix VF mac address regression.
net: rtnl_configure_link: fix dev flags changes arg to __dev_notify_flags
mtd: rawnand: denali: fix a race condition when DMA is kicked
platform/x86: dell-smbios-wmi: Correct a memory leak
spi: fix IDR collision on systems with both fixed and dynamic SPI bus numbers
fork: report pid exhaustion correctly
mm: disable deferred struct page for 32-bit arches
libata: mask swap internal and hardware tag
drm/i915/bdw: Increase IPS disable timeout to 100ms
drm/nouveau: Reset MST branching unit before enabling
drm/nouveau: Only write DP_MSTM_CTRL when needed
drm/nouveau: Remove duplicate poll_enable() in pmops_runtime_suspend()
ext4, dax: set ext4_dax_aops for dax files
crypto: skcipher - Fix -Wstringop-truncation warnings
iio: adc: ina2xx: avoid kthread_stop() with stale task_struct
tsl2550: fix lux1_input error in low light
vmci: type promotion bug in qp_host_get_user_memory()
x86/numa_emulation: Fix emulated-to-physical node mapping
staging: rts5208: fix missing error check on call to rtsx_write_register
power: supply: axp288_charger: Fix initial constant_charge_current value
misc: sram: enable clock before registering regions
serial: sh-sci: Stop RX FIFO timer during port shutdown
uwb: hwa-rc: fix memory leak at probe
power: vexpress: fix corruption in notifier registration
iommu/amd: make sure TLB to be flushed before IOVA freed
Bluetooth: Add a new Realtek 8723DE ID 0bda:b009
USB: serial: kobil_sct: fix modem-status error handling
6lowpan: iphc: reset mac_header after decompress to fix panic
iommu/msm: Don't call iommu_device_{,un}link from atomic context
s390/mm: correct allocate_pgste proc_handler callback
power: remove possible deadlock when unregistering power_supply
md-cluster: clear another node's suspend_area after the copy is finished
RDMA/bnxt_re: Fix a couple off by one bugs
RDMA/i40w: Hold read semaphore while looking after VMA
IB/core: type promotion bug in rdma_rw_init_one_mr()
media: exynos4-is: Prevent NULL pointer dereference in __isp_video_try_fmt()
IB/mlx4: Test port number before querying type.
powerpc/kdump: Handle crashkernel memory reservation failure
media: fsl-viu: fix error handling in viu_of_probe()
media: staging/imx: fill vb2_v4l2_buffer field entry
x86/tsc: Add missing header to tsc_msr.c
ARM: hwmod: RTC: Don't assume lock/unlock will be called with irq enabled
x86/entry/64: Add two more instruction suffixes
ARM: dts: ls1021a: Add missing cooling device properties for CPUs
scsi: target/iscsi: Make iscsit_ta_authentication() respect the output buffer
size
scsi: klist: Make it safe to use klists in atomic context
scsi: ibmvscsi: Improve strings handling
scsi: target: Avoid that EXTENDED COPY commands trigger lock inversion
usb: wusbcore: security: cast sizeof to int for comparison
ath10k: sdio: use same endpoint id for all packets in a bundle
ath10k: sdio: set skb len for all rx packets
powerpc/powernv/ioda2: Reduce upper limit for DMA window size
s390/sysinfo: add missing #ifdef CONFIG_PROC_FS
alarmtimer: Prevent overflow for relative nanosleep
s390/dasd: correct numa_node in dasd_alloc_queue
s390/scm_blk: correct numa_node in scm_blk_dev_setup
s390/extmem: fix gcc 8 stringop-overflow warning
mtd: rawnand: atmel: add module param to avoid using dma
iio: accel: adxl345: convert address field usage in iio_chan_spec
posix-timers: Make forward callback return s64
ALSA: snd-aoa: add of_node_put() in error path
media: s3c-camif: ignore -ENOIOCTLCMD from v4l2_subdev_call for s_power
media: soc_camera: ov772x: correct setting of banding filter
media: omap3isp: zero-initialize the isp cam_xclk{a,b} initial data
staging: android: ashmem: Fix mmap size validation
drivers/tty: add error handling for pcmcia_loop_config
media: tm6000: add error handling for dvb_register_adapter
net: phy: xgmiitorgmii: Check read_status results
ath10k: protect ath10k_htt_rx_ring_free with rx_ring.lock
net: phy: xgmiitorgmii: Check phy_driver ready before accessing
drm/sun4i: Fix releasing node when enumerating enpoints
ath10k: transmit queued frames after processing rx packets
rndis_wlan: potential buffer overflow in rndis_wlan_auth_indication()
brcmsmac: fix wrap around in conversion from constant to s16
ARM: mvebu: declare asm symbols as character arrays in pmsu.c
arm: dts: mediatek: Add missing cooling device properties for CPUs
HID: hid-ntrig: add error handling for sysfs_create_group
MIPS: boot: fix build rule of vmlinux.its.S
perf/x86/intel/lbr: Fix incomplete LBR call stack
scsi: bnx2i: add error handling for ioremap_nocache
iomap: complete partial direct I/O writes synchronously
scsi: megaraid_sas: Update controller info during resume
EDAC, i7core: Fix memleaks and use-after-free on probe and remove
ASoC: dapm: Fix potential DAI widget pointer deref when linking DAIs
module: exclude SHN_UNDEF symbols from kallsyms api
gpio: Fix wrong rounding in gpio-menz127
nfsd: fix corrupted reply to badly ordered compound
EDAC: Fix memleak in module init error path
fs/lock: skip lock owner pid translation in case we are in init_pid_ns
Input: xen-kbdfront - fix multi-touch XenStore node's locations
iio: 104-quad-8: Fix off-by-one error in register selection
ARM: dts: dra7: fix DCAN node addresses
x86/mm: Expand static page table for fixmap space
tty: serial: lpuart: avoid leaking struct tty_struct
serial: cpm_uart: return immediately from console poll
intel_th: Fix device removal logic
spi: tegra20-slink: explicitly enable/disable clock
spi: sh-msiof: Fix invalid SPI use during system suspend
spi: sh-msiof: Fix handling of write value for SISTR register
spi: rspi: Fix invalid SPI use during system suspend
spi: rspi: Fix interrupted DMA transfers
regulator: fix crash caused by null driver data
USB: fix error handling in usb_driver_claim_interface()
USB: handle NULL config in usb_find_alt_setting()
usb: musb: dsps: do not disable CPPI41 irq in driver teardown
slub: make ->cpu_partial unsigned int
USB: usbdevfs: sanitize flags more
USB: usbdevfs: restore warning for nonsensical flags
USB: remove LPM management from usb_driver_claim_interface()
IB/srp: Avoid that sg_reset -d ${srp_device} triggers an infinite loop
IB/hfi1: Fix SL array bounds check
IB/hfi1: Invalid user input can result in crash
IB/hfi1: Fix context recovery when PBC has an UnsupportedVL
RDMA/uverbs: Atomically flush and mark closed the comp event queue
ovl: hash non-dir by lower inode for fsnotify
drm/i915: Remove vma from object on destroy, not close
serial: imx: restore handshaking irq for imx1
qed: Wait for ready indication before rereading the shmem
qed: Wait for MCP halt and resume commands to take place
qed: Prevent a possible deadlock during driver load and unload
qed: Avoid sending mailbox commands when MFW is not responsive
thermal: of-thermal: disable passive polling when thermal zone is disabled
isofs: reject hardware sector size > 2048 bytes
tls: possible hang when do_tcp_sendpages hits sndbuf is full case
bpf: sockmap: write_space events need to be passed to TCP handler
net: hns: fix length and page_offset overflow when CONFIG_ARM64_64K_PAGES
e1000: check on netif_running() before calling e1000_up()
e1000: ensure to free old tx/rx rings in set_ringparam()
crypto: cavium/nitrox - fix for command corruption in queue full case with
backlog submissions.
hwmon: (ina2xx) fix sysfs shunt resistor read access
hwmon: (adt7475) Make adt7475_read_word() return errors
Revert "ARM: dts: imx7d: Invert legacy PCI irq mapping"
drm/amdgpu: Enable/disable gfx PG feature in rlc safe mode
drm/amdgpu: Update power state at the end of smu hw_init.
ata: ftide010: Add a quirk for SQ201
nvme-fcloop: Fix dropped LS's to removed target port
ARM: dts: omap4-droid4: Fix emmc errors seen on some devices
arm/arm64: smccc-1.1: Make return values unsigned long
arm/arm64: smccc-1.1: Handle function result as parameters
i2c: i801: Allow ACPI AML access I/O ports not reserved for SMBus
x86/pti: Fix section mismatch warning/error
media: v4l: event: Prevent freeing event subscriptions while accessed
drm/amd/display/dc/dce: Fix multiple potential integer overflows
drm/amd/display: fix use of uninitialized memory
RDMA/bnxt_re: Fix a bunch of off by one bugs in qplib_fp.c
vhost_net: Avoid tx vring kicks during busyloop
thermal: i.MX: Allow thermal probe to fail gracefully in case of bad
calibration.
platform/x86: asus-wireless: Fix uninitialized symbol usage
ACPI / button: increment wakeup count only when notified
media: ov772x: add checks for register read errors
media: ov772x: allow i2c controllers without I2C_FUNC_PROTOCOL_MANGLING
drm/omap: gem: Fix mm_list locking
ASoC: rsnd: SSI parent cares SWSP bit
staging: pi433: fix race condition in pi433_ioctl
perf tests: Fix indexing when invoking subtests
gpio: tegra: Fix tegra_gpio_irq_set_type()
block: fix deadline elevator drain for zoned block devices
serial: mvebu-uart: Fix reporting of effective CSIZE to userspace
intel_th: Fix resource handling for ACPI glue layer
ext2, dax: set ext2_dax_aops for dax files
IB/hfi1: Fix destroy_qp hang after a link down
ARM: OMAP2+: Fix null hwmod for ti-sysc debug
ARM: OMAP2+: Fix module address for modules using mpu_rt_idx
bus: ti-sysc: Fix module register ioremap for larger offsets
drm/amdgpu: fix preamble handling
amdgpu: fix multi-process hang issue
tcp_bbr: add bbr_check_probe_rtt_done() helper
tcp_bbr: in restart from idle, see if we should exit PROBE_RTT
net: hns3: fix page_offset overflow when CONFIG_ARM64_64K_PAGES
ixgbe: fix driver behaviour after issuing VFLR
powerpc/pseries: Fix unitialized timer reset on migration
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1836287/+subscriptions
--
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help : https://help.launchpad.net/ListHelp
