Bug #1777029 “fscache: Fix hanging wait on page discarded by wri...” : Bugs : linux package : Ubuntu

Daniel Axtens (daxtens) on 2018-06-15

description:

updated

Khaled El Mously (kmously) on 2018-06-19

Changed in linux (Ubuntu Trusty):
status:	New → Fix Committed
Changed in linux (Ubuntu Xenial):
status:	New → Fix Committed
Changed in linux (Ubuntu Artful):
status:	New → Fix Committed
Changed in linux (Ubuntu Bionic):
status:	New → Fix Committed

Daniel Axtens (daxtens) on 2018-06-19

Changed in linux (Ubuntu):
importance:	Undecided → High
Changed in linux (Ubuntu Trusty):
importance:	Undecided → High
Changed in linux (Ubuntu Xenial):
importance:	Undecided → High
Changed in linux (Ubuntu Artful):
importance:	Undecided → High
Changed in linux (Ubuntu Bionic):
importance:	Undecided → High

Revision history for this message

Dan Streetman (ddstreet) wrote on 2018-07-11:

#1

Note, this merged into Xenial via bug 1775771 by standard upstream stable merge process; it landed in Xenial commit 25ef67b828ea16b768ce2c549c2c92b9cad79ceb which is included starting at kernel 4.4.0-129.155.

Changed in linux (Ubuntu Xenial):
status:	Fix Committed → Fix Released

Revision history for this message

Dan Streetman (ddstreet) wrote on 2018-07-11:

#2

marking fix released for Xenial, based on explanation above.

Revision history for this message

Andy Whitcroft (apw) wrote on 2018-07-24: Closing unsupported series nomination.

#3

This bug was nominated against a series that is no longer supported, ie artful. The bug task representing the artful nomination is being closed as Won't Fix.

This change has been made by an automated script, maintained by the Ubuntu Kernel Team.

Changed in linux (Ubuntu Artful):
status:	Fix Committed → Won't Fix

Revision history for this message

Brad Figg (brad-figg) wrote on 2018-08-02:

#4

This bug is awaiting verification that the kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-trusty' to 'verification-done-trusty'. If the problem still exists, change the tag 'verification-needed-trusty' to 'verification-failed-trusty'.

If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you!

tags:

added: verification-needed-trusty

Revision history for this message

Brad Figg (brad-figg) wrote on 2018-08-07:

#5

This bug is awaiting verification that the kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-bionic' to 'verification-done-bionic'. If the problem still exists, change the tag 'verification-needed-bionic' to 'verification-failed-bionic'.

If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you!

tags:

added: verification-needed-bionic

Revision history for this message

Launchpad Janitor (janitor) wrote on 2018-08-23:

#6

Download full text (35.6 KiB)

This bug was fixed in the package linux - 4.15.0-33.36

---------------
linux (4.15.0-33.36) bionic; urgency=medium

* linux: 4.15.0-33.36 -proposed tracker (LP: #1787149)

  * RTNL assertion failure on ipvlan (LP: #1776927)
    - ipvlan: drop ipv6 dependency
    - ipvlan: use per device spinlock to protect addrs list updates
    - SAUCE: fix warning from "ipvlan: drop ipv6 dependency"

* ubuntu_bpf_jit test failed on Bionic s390x systems (LP: #1753941)
- test_bpf: flag tests that cannot be jited on s390

  * HDMI/DP audio can't work on the laptop of Dell Latitude 5495 (LP: #1782689)
    - drm/nouveau: fix nouveau_dsm_get_client_id()'s return type
    - drm/radeon: fix radeon_atpx_get_client_id()'s return type
    - drm/amdgpu: fix amdgpu_atpx_get_client_id()'s return type
    - platform/x86: apple-gmux: fix gmux_get_client_id()'s return type
    - ALSA: hda: use PCI_BASE_CLASS_DISPLAY to replace PCI_CLASS_DISPLAY_VGA
    - vga_switcheroo: set audio client id according to bound GPU id

  * locking sockets broken due to missing AppArmor socket mediation patches
    (LP: #1780227)
    - UBUNTU SAUCE: apparmor: fix apparmor mediating locking non-fs, unix sockets

* Update2 for ocxl driver (LP: #1781436)
- ocxl: Fix page fault handler in case of fault on dying process

  * netns: unable to follow an interface that moves to another netns
    (LP: #1774225)
    - net: core: Expose number of link up/down transitions
    - dev: always advertise the new nsid when the netns iface changes
    - dev: advertise the new ifindex when the netns iface changes

  * [Bionic] Disk IO hangs when using BFQ as io scheduler (LP: #1780066)
    - block, bfq: fix occurrences of request finish method's old name
    - block, bfq: remove batches of confusing ifdefs
    - block, bfq: add requeue-request hook

* HP ProBook 455 G5 needs mute-led-gpio fixup (LP: #1781763)
- ALSA: hda: add mute led support for HP ProBook 455 G5

  * [Bionic] bug fixes to improve stability of the ThunderX2 i2c driver
    (LP: #1781476)
    - i2c: xlp9xx: Fix issue seen when updating receive length
    - i2c: xlp9xx: Make sure the transfer size is not more than
      I2C_SMBUS_BLOCK_SIZE

* x86/kvm: fix LAPIC timer drift when guest uses periodic mode (LP: #1778486)
- x86/kvm: fix LAPIC timer drift when guest uses periodic mode

* Please include ax88179_178a and r8152 modules in d-i udeb (LP: #1771823)
- [Config:] d-i: Add ax88179_178a and r8152 to nic-modules

* Nvidia fails after switching its mode (LP: #1778658)
- PCI: Restore config space on runtime resume despite being unbound

* Kernel error "task zfs:pid blocked for more than 120 seconds" (LP: #1781364)
- SAUCE: (noup) zfs to 0.7.5-1ubuntu16.3

  * CVE-2018-12232
    - PATCH 1/1] socket: close race condition between sock_close() and
      sockfs_setattr()

* CVE-2018-10323
- xfs: set format back to extents if xfs_bmap_extents_to_btree

  * change front mic location for more lenovo m7/8/9xx machines (LP: #1781316)
    - ALSA: hda/realtek - Fix the problem of two front mics on more machines
    - ALSA: hda/realtek - two more lenovo models need fixup of MIC_LOCATION

* Cephfs + fscache: unab...

This bug was fixed in the package linux - 4.15.0-33.36

---------------
linux (4.15.0-33.36) bionic; urgency=medium

* linux: 4.15.0-33.36 -proposed tracker (LP: #1787149)

* RTNL assertion failure on ipvlan (LP: #1776927)
    - ipvlan: drop ipv6 dependency
    - ipvlan: use per device spinlock to protect addrs list updates
    - SAUCE: fix warning from "ipvlan: drop ipv6 dependency"

* ubuntu_bpf_jit test failed on Bionic s390x systems (LP: #1753941)
    - test_bpf: flag tests that cannot be jited on s390

* HDMI/DP audio can't work on the laptop of Dell Latitude 5495 (LP: #1782689)
    - drm/nouveau: fix nouveau_dsm_get_client_id()'s return type
    - drm/radeon: fix radeon_atpx_get_client_id()'s return type
    - drm/amdgpu: fix amdgpu_atpx_get_client_id()'s return type
    - platform/x86: apple-gmux: fix gmux_get_client_id()'s return type
    - ALSA: hda: use PCI_BASE_CLASS_DISPLAY to replace PCI_CLASS_DISPLAY_VGA
    - vga_switcheroo: set audio client id according to bound GPU id

* locking sockets broken due to missing AppArmor socket mediation patches
    (LP: #1780227)
    - UBUNTU SAUCE: apparmor: fix apparmor mediating locking non-fs, unix sockets

* Update2 for ocxl driver (LP: #1781436)
    - ocxl: Fix page fault handler in case of fault on dying process

* netns: unable to follow an interface that moves to another netns
    (LP: #1774225)
    - net: core: Expose number of link up/down transitions
    - dev: always advertise the new nsid when the netns iface changes
    - dev: advertise the new ifindex when the netns iface changes

* [Bionic] Disk IO hangs when using BFQ as io scheduler (LP: #1780066)
    - block, bfq: fix occurrences of request finish method's old name
    - block, bfq: remove batches of confusing ifdefs
    - block, bfq: add requeue-request hook

* HP ProBook 455 G5 needs mute-led-gpio fixup (LP: #1781763)
    - ALSA: hda: add mute led support for HP ProBook 455 G5

* [Bionic] bug fixes to improve stability of the ThunderX2 i2c driver
    (LP: #1781476)
    - i2c: xlp9xx: Fix issue seen when updating receive length
    - i2c: xlp9xx: Make sure the transfer size is not more than
      I2C_SMBUS_BLOCK_SIZE

* x86/kvm: fix LAPIC timer drift when guest uses periodic mode (LP: #1778486)
    - x86/kvm: fix LAPIC timer drift when guest uses periodic mode

* Please include ax88179_178a and r8152 modules in d-i udeb (LP: #1771823)
    - [Config:] d-i: Add ax88179_178a and r8152 to nic-modules

* Nvidia fails after switching its mode (LP: #1778658)
    - PCI: Restore config space on runtime resume despite being unbound

* Kernel error "task zfs:pid blocked for more than 120 seconds" (LP: #1781364)
    - SAUCE: (noup) zfs to 0.7.5-1ubuntu16.3

* CVE-2018-12232
    - PATCH 1/1] socket: close race condition between sock_close() and
      sockfs_setattr()

* CVE-2018-10323
    - xfs: set format back to extents if xfs_bmap_extents_to_btree

* change front mic location for more lenovo m7/8/9xx machines (LP: #1781316)
    - ALSA: hda/realtek - Fix the problem of two front mics on more machines
    - ALSA: hda/realtek - two more lenovo models need fixup of MIC_LOCATION

* Cephfs + fscache: unable to handle kernel NULL pointer dereference at
    0000000000000000 IP: jbd2__journal_start+0x22/0x1f0 (LP: #1783246)
    - ceph: track read contexts in ceph_file_info

* Touchpad of ThinkPad P52 failed to work with message "lost sync at byte"
    (LP: #1779802)
    - Input: elantech - fix V4 report decoding for module with middle key
    - Input: elantech - enable middle button of touchpads on ThinkPad P52

* xhci_hcd 0000:00:14.0: Root hub is not suspended (LP: #1779823)
    - usb: xhci: dbc: Fix lockdep warning
    - usb: xhci: dbc: Don't decrement runtime PM counter if DBC is not started

* CVE-2018-13406
    - video: uvesafb: Fix integer overflow in allocation

* CVE-2018-10840
    - ext4: correctly handle a zero-length xattr with a non-zero e_value_offs

* CVE-2018-11412
    - ext4: do not allow external inodes for inline data

* CVE-2018-10881
    - ext4: clear i_data in ext4_inode_info when removing inline data

* CVE-2018-12233
    - jfs: Fix inconsistency between memory allocation and ea_buf->max_size

* CVE-2018-12904
    - kvm: nVMX: Enforce cpl=0 for VMX instructions

* Error parsing PCC subspaces from PCCT (LP: #1528684)
    - mailbox: PCC: erroneous error message when parsing ACPI PCCT

* CVE-2018-13094
    - xfs: don't call xfs_da_shrink_inode with NULL bp

* other users' coredumps can be read via setgid directory and killpriv bypass
    (LP: #1779923) // CVE-2018-13405
    - Fix up non-directory creation in SGID directories

* Invoking obsolete 'firmware_install' target breaks snap build (LP: #1782166)
    - snapcraft.yaml: stop invoking the obsolete (and non-existing)
      'firmware_install' target

* snapcraft.yaml: missing ubuntu-retpoline-extract-one script breaks the build
    (LP: #1782116)
    - snapcraft.yaml: copy retpoline-extract-one to scripts before build

* Allow Raven Ridge's audio controller to be runtime suspended (LP: #1782540)
    - ALSA: hda: Add AZX_DCAPS_PM_RUNTIME for AMD Raven Ridge

* CVE-2018-11506
    - sr: pass down correctly sized SCSI sense buffer

* Bionic update: upstream stable patchset 2018-07-24 (LP: #1783418)
    - net: Fix a bug in removing queues from XPS map
    - net/mlx4_core: Fix error handling in mlx4_init_port_info.
    - net/sched: fix refcnt leak in the error path of tcf_vlan_init()
    - net: sched: red: avoid hashing NULL child
    - net/smc: check for missing nlattrs in SMC_PNETID messages
    - net: test tailroom before appending to linear skb
    - packet: in packet_snd start writing at link layer allocation
    - sock_diag: fix use-after-free read in __sk_free
    - tcp: purge write queue in tcp_connect_init()
    - vmxnet3: set the DMA mask before the first DMA map operation
    - vmxnet3: use DMA memory barriers where required
    - hv_netvsc: empty current transmit aggregation if flow blocked
    - hv_netvsc: Use the num_online_cpus() for channel limit
    - hv_netvsc: avoid retry on send during shutdown
    - hv_netvsc: only wake transmit queue if link is up
    - hv_netvsc: fix error unwind handling if vmbus_open fails
    - hv_netvsc: cancel subchannel setup before halting device
    - hv_netvsc: fix race in napi poll when rescheduling
    - hv_netvsc: defer queue selection to VF
    - hv_netvsc: disable NAPI before channel close
    - hv_netvsc: use RCU to fix concurrent rx and queue changes
    - hv_netvsc: change GPAD teardown order on older versions
    - hv_netvsc: common detach logic
    - hv_netvsc: Use Windows version instead of NVSP version on GPAD teardown
    - hv_netvsc: Split netvsc_revoke_buf() and netvsc_teardown_gpadl()
    - hv_netvsc: Ensure correct teardown message sequence order
    - hv_netvsc: Fix a network regression after ifdown/ifup
    - sparc: vio: use put_device() instead of kfree()
    - ext2: fix a block leak
    - s390: add assembler macros for CPU alternatives
    - s390: move expoline assembler macros to a header
    - s390/crc32-vx: use expoline for indirect branches
    - s390/lib: use expoline for indirect branches
    - s390/ftrace: use expoline for indirect branches
    - s390/kernel: use expoline for indirect branches
    - s390: move spectre sysfs attribute code
    - s390: extend expoline to BC instructions
    - s390: use expoline thunks in the BPF JIT
    - scsi: sg: allocate with __GFP_ZERO in sg_build_indirect()
    - scsi: zfcp: fix infinite iteration on ERP ready list
    - loop: don't call into filesystem while holding lo_ctl_mutex
    - loop: fix LOOP_GET_STATUS lock imbalance
    - cfg80211: limit wiphy names to 128 bytes
    - hfsplus: stop workqueue when fill_super() failed
    - x86/kexec: Avoid double free_page() upon do_kexec_load() failure
    - usb: gadget: f_uac2: fix bFirstInterface in composite gadget
    - usb: dwc3: Undo PHY init if soft reset fails
    - usb: dwc3: omap: don't miss events during suspend/resume
    - usb: gadget: core: Fix use-after-free of usb_request
    - usb: gadget: fsl_udc_core: fix ep valid checks
    - usb: dwc2: Fix dwc2_hsotg_core_init_disconnected()
    - usb: cdc_acm: prevent race at write to acm while system resumes
    - net: usbnet: fix potential deadlock on 32bit hosts
    - ARM: dts: imx7d-sdb: Fix regulator-usb-otg2-vbus node name
    - usb: host: xhci-plat: revert "usb: host: xhci-plat: enable clk in resume
      timing"
    - USB: OHCI: Fix NULL dereference in HCDs using HCD_LOCAL_MEM
    - net/usb/qmi_wwan.c: Add USB id for lt4120 modem
    - net-usb: add qmi_wwan if on lte modem wistron neweb d18q1
    - Bluetooth: btusb: Add USB ID 7392:a611 for Edimax EW-7611ULB
    - ALSA: usb-audio: Add native DSD support for Luxman DA-06
    - usb: dwc3: Add SoftReset PHY synchonization delay
    - usb: dwc3: Update DWC_usb31 GTXFIFOSIZ reg fields
    - usb: dwc3: Makefile: fix link error on randconfig
    - xhci: zero usb device slot_id member when disabling and freeing a xhci slot
    - usb: dwc2: Fix interval type issue
    - usb: dwc2: hcd: Fix host channel halt flow
    - usb: dwc2: host: Fix transaction errors in host mode
    - usb: gadget: ffs: Let setup() return USB_GADGET_DELAYED_STATUS
    - usb: gadget: ffs: Execute copy_to_user() with USER_DS set
    - usbip: Correct maximum value of CONFIG_USBIP_VHCI_HC_PORTS
    - usb: gadget: udc: change comparison to bitshift when dealing with a mask
    - usb: gadget: composite: fix incorrect handling of OS desc requests
    - media: lgdt3306a: Fix module count mismatch on usb unplug
    - media: em28xx: USB bulk packet size fix
    - Bluetooth: btusb: Add device ID for RTL8822BE
    - xhci: Show what USB release number the xHC supports from protocol capablity
    - staging: bcm2835-audio: Release resources on module_exit()
    - staging: lustre: fix bug in osc_enter_cache_try
    - staging: fsl-dpaa2/eth: Fix incorrect casts
    - staging: rtl8192u: return -ENOMEM on failed allocation of priv->oldaddr
    - staging: ks7010: Use constants from ieee80211_eid instead of literal ints.
    - staging: lustre: lmv: correctly iput lmo_root
    - crypto: inside-secure - wait for the request to complete if in the backlog
    - crypto: atmel-aes - fix the keys zeroing on errors
    - crypto: ccp - don't disable interrupts while setting up debugfs
    - crypto: inside-secure - do not process request if no command was issued
    - crypto: inside-secure - fix the cache_len computation
    - crypto: inside-secure - fix the extra cache computation
    - crypto: sunxi-ss - Add MODULE_ALIAS to sun4i-ss
    - crypto: inside-secure - fix the invalidation step during cra_exit
    - scsi: mpt3sas: fix an out of bound write
    - scsi: ufs: Enable quirk to ignore sending WRITE_SAME command
    - scsi: bnx2fc: Fix check in SCSI completion handler for timed out request
    - scsi: sym53c8xx_2: iterator underflow in sym_getsync()
    - scsi: mptfusion: Add bounds check in mptctl_hp_targetinfo()
    - scsi: qla2xxx: Avoid triggering undefined behavior in
      qla2x00_mbx_completion()
    - scsi: storvsc: Increase cmd_per_lun for higher speed devices
    - scsi: qedi: Fix truncation of CHAP name and secret
    - scsi: aacraid: fix shutdown crash when init fails
    - scsi: qla4xxx: skip error recovery in case of register disconnect.
    - scsi: qedi: Fix kernel crash during port toggle
    - scsi: mpt3sas: Do not mark fw_event workqueue as WQ_MEM_RECLAIM
    - scsi: sd: Keep disk read-only when re-reading partition
    - scsi: iscsi_tcp: set BDI_CAP_STABLE_WRITES when data digest enabled
    - scsi: aacraid: Insure command thread is not recursively stopped
    - scsi: core: Make SCSI Status CONDITION MET equivalent to GOOD
    - scsi: mvsas: fix wrong endianness of sgpio api
    - ASoC: hdmi-codec: Fix module unloading caused kernel crash
    - ASoC: rockchip: rk3288-hdmi-analog: Select needed codecs
    - ASoC: samsung: odroid: Fix 32000 sample rate handling
    - ASoC: topology: create TLV data for dapm widgets
    - ASoC: samsung: i2s: Ensure the RCLK rate is properly determined
    - clk: rockchip: Fix wrong parent for SDMMC phase clock for rk3228
    - clk: Don't show the incorrect clock phase
    - clk: hisilicon: mark wdt_mux_p[] as const
    - clk: tegra: Fix pll_u rate configuration
    - clk: rockchip: Prevent calculating mmc phase if clock rate is zero
    - clk: samsung: s3c2410: Fix PLL rates
    - clk: samsung: exynos7: Fix PLL rates
    - clk: samsung: exynos5260: Fix PLL rates
    - clk: samsung: exynos5433: Fix PLL rates
    - clk: samsung: exynos5250: Fix PLL rates
    - clk: samsung: exynos3250: Fix PLL rates
    - media: dmxdev: fix error code for invalid ioctls
    - media: Don't let tvp5150_get_vbi() go out of vbi_ram_default array
    - media: ov5645: add missing of_node_put() in error path
    - media: cx23885: Override 888 ImpactVCBe crystal frequency
    - media: cx23885: Set subdev host data to clk_freq pointer
    - media: s3c-camif: fix out-of-bounds array access
    - media: lgdt3306a: Fix a double kfree on i2c device remove
    - media: em28xx: Add Hauppauge SoloHD/DualHD bulk models
    - media: v4l: vsp1: Fix display stalls when requesting too many inputs
    - media: i2c: adv748x: fix HDMI field heights
    - media: vb2: Fix videobuf2 to map correct area
    - media: vivid: fix incorrect capabilities for radio
    - media: cx25821: prevent out-of-bounds read on array card
    - serial: xuartps: Fix out-of-bounds access through DT alias
    - serial: sh-sci: Fix out-of-bounds access through DT alias
    - serial: samsung: Fix out-of-bounds access through serial port index
    - serial: mxs-auart: Fix out-of-bounds access through serial port index
    - serial: imx: Fix out-of-bounds access through serial port index
    - serial: fsl_lpuart: Fix out-of-bounds access through DT alias
    - serial: arc_uart: Fix out-of-bounds access through DT alias
    - serial: 8250: Don't service RX FIFO if interrupts are disabled
    - serial: altera: ensure port->regshift is honored consistently
    - rtc: snvs: Fix usage of snvs_rtc_enable
    - rtc: hctosys: Ensure system time doesn't overflow time_t
    - rtc: rk808: fix possible race condition
    - rtc: m41t80: fix race conditions
    - rtc: tx4939: avoid unintended sign extension on a 24 bit shift
    - rtc: rp5c01: fix possible race condition
    - rtc: goldfish: Add missing MODULE_LICENSE
    - cxgb4: Correct ntuple mask validation for hash filters
    - net: dsa: bcm_sf2: Fix RX_CLS_LOC_ANY overwrite for last rule
    - net: dsa: Do not register devlink for unused ports
    - net: dsa: bcm_sf2: Fix IPv6 rules and chain ID
    - net: dsa: bcm_sf2: Fix IPv6 rule half deletion
    - 3c59x: convert to generic DMA API
    - net: ip6_gre: Request headroom in __gre6_xmit()
    - net: ip6_gre: Split up ip6gre_tnl_link_config()
    - net: ip6_gre: Split up ip6gre_tnl_change()
    - net: ip6_gre: Split up ip6gre_newlink()
    - net: ip6_gre: Split up ip6gre_changelink()
    - qed: LL2 flush isles when connection is closed
    - qed: Fix possibility of list corruption during rmmod flows
    - qed: Fix LL2 race during connection terminate
    - powerpc: Move default security feature flags
    - Bluetooth: btusb: Add support for Intel Bluetooth device 22560 [8087:0026]
    - staging: fsl-dpaa2/eth: Fix incorrect kfree
    - crypto: inside-secure - move the digest to the request context
    - scsi: lpfc: Fix NVME Initiator FirstBurst
    - serial: mvebu-uart: fix tx lost characters

* Bionic update: upstream stable patchset 2018-07-20 (LP: #1782846)
    - usbip: usbip_host: refine probe and disconnect debug msgs to be useful
    - usbip: usbip_host: delete device from busid_table after rebind
    - usbip: usbip_host: run rebind from exit when module is removed
    - usbip: usbip_host: fix NULL-ptr deref and use-after-free errors
    - usbip: usbip_host: fix bad unlock balance during stub_probe()
    - ALSA: usb: mixer: volume quirk for CM102-A+/102S+
    - ALSA: hda: Add Lenovo C50 All in one to the power_save blacklist
    - ALSA: control: fix a redundant-copy issue
    - spi: pxa2xx: Allow 64-bit DMA
    - spi: bcm-qspi: Avoid setting MSPI_CDRAM_PCS for spi-nor master
    - spi: bcm-qspi: Always read and set BSPI_MAST_N_BOOT_CTRL
    - KVM: arm/arm64: VGIC/ITS save/restore: protect kvm_read_guest() calls
    - KVM: arm/arm64: VGIC/ITS: protect kvm_read_guest() calls with SRCU lock
    - vfio: ccw: fix cleanup if cp_prefetch fails
    - tracing/x86/xen: Remove zero data size trace events
      trace_xen_mmu_flush_tlb{_all}
    - tee: shm: fix use-after-free via temporarily dropped reference
    - netfilter: nf_tables: free set name in error path
    - netfilter: nf_tables: can't fail after linking rule into active rule list
    - netfilter: nf_socket: Fix out of bounds access in nf_sk_lookup_slow_v{4,6}
    - i2c: designware: fix poll-after-enable regression
    - powerpc/powernv: Fix NVRAM sleep in invalid context when crashing
    - drm: Match sysfs name in link removal to link creation
    - lib/test_bitmap.c: fix bitmap optimisation tests to report errors correctly
    - radix tree: fix multi-order iteration race
    - mm: don't allow deferred pages with NEED_PER_CPU_KM
    - drm/i915/gen9: Add WaClearHIZ_WM_CHICKEN3 for bxt and glk
    - s390/qdio: fix access to uninitialized qdio_q fields
    - s390/qdio: don't release memory in qdio_setup_irq()
    - s390: remove indirect branch from do_softirq_own_stack
    - x86/pkeys: Override pkey when moving away from PROT_EXEC
    - x86/pkeys: Do not special case protection key 0
    - efi: Avoid potential crashes, fix the 'struct efi_pci_io_protocol_32'
      definition for mixed mode
    - ARM: 8771/1: kprobes: Prohibit kprobes on do_undefinstr
    - x86/mm: Drop TS_COMPAT on 64-bit exec() syscall
    - tick/broadcast: Use for_each_cpu() specially on UP kernels
    - ARM: 8769/1: kprobes: Fix to use get_kprobe_ctlblk after irq-disabed
    - ARM: 8770/1: kprobes: Prohibit probing on optimized_callback
    - ARM: 8772/1: kprobes: Prohibit kprobes on get_user functions
    - Btrfs: fix xattr loss after power failure
    - Btrfs: send, fix invalid access to commit roots due to concurrent
      snapshotting
    - btrfs: property: Set incompat flag if lzo/zstd compression is set
    - btrfs: fix crash when trying to resume balance without the resume flag
    - btrfs: Split btrfs_del_delalloc_inode into 2 functions
    - btrfs: Fix delalloc inodes invalidation during transaction abort
    - btrfs: fix reading stale metadata blocks after degraded raid1 mounts
    - xhci: Fix USB3 NULL pointer dereference at logical disconnect.
    - KVM: arm/arm64: Properly protect VGIC locks from IRQs
    - KVM: arm/arm64: VGIC/ITS: Promote irq_lock() in update_affinity
    - hwmon: (k10temp) Fix reading critical temperature register
    - hwmon: (k10temp) Use API function to access System Management Network
    - vsprintf: Replace memory barrier with static_key for random_ptr_key update
    - x86/amd_nb: Add support for Raven Ridge CPUs
    - x86/apic/x2apic: Initialize cluster ID properly

* Bionic update: upstream stable patchset 2018-07-09 (LP: #1780858)
    - 8139too: Use disable_irq_nosync() in rtl8139_poll_controller()
    - bridge: check iface upper dev when setting master via ioctl
    - dccp: fix tasklet usage
    - ipv4: fix fnhe usage by non-cached routes
    - ipv4: fix memory leaks in udp_sendmsg, ping_v4_sendmsg
    - llc: better deal with too small mtu
    - net: ethernet: sun: niu set correct packet size in skb
    - net: ethernet: ti: cpsw: fix packet leaking in dual_mac mode
    - net/mlx4_en: Fix an error handling path in 'mlx4_en_init_netdev()'
    - net/mlx4_en: Verify coalescing parameters are in range
    - net/mlx5e: Err if asked to offload TC match on frag being first
    - net/mlx5: E-Switch, Include VF RDMA stats in vport statistics
    - net sched actions: fix refcnt leak in skbmod
    - net_sched: fq: take care of throttled flows before reuse
    - net: support compat 64-bit time in {s,g}etsockopt
    - net/tls: Don't recursively call push_record during tls_write_space callbacks
    - net/tls: Fix connection stall on partial tls record
    - openvswitch: Don't swap table in nlattr_set() after OVS_ATTR_NESTED is found
    - qmi_wwan: do not steal interfaces from class drivers
    - r8169: fix powering up RTL8168h
    - rds: do not leak kernel memory to user land
    - sctp: delay the authentication for the duplicated cookie-echo chunk
    - sctp: fix the issue that the cookie-ack with auth can't get processed
    - sctp: handle two v4 addrs comparison in sctp_inet6_cmp_addr
    - sctp: remove sctp_chunk_put from fail_mark err path in
      sctp_ulpevent_make_rcvmsg
    - sctp: use the old asoc when making the cookie-ack chunk in dupcook_d
    - tcp_bbr: fix to zero idle_restart only upon S/ACKed data
    - tcp: ignore Fast Open on repair mode
    - tg3: Fix vunmap() BUG_ON() triggered from tg3_free_consistent().
    - bonding: do not allow rlb updates to invalid mac
    - bonding: send learning packets for vlans on slave
    - net: sched: fix error path in tcf_proto_create() when modules are not
      configured
    - net/mlx5e: TX, Use correct counter in dma_map error flow
    - net/mlx5: Avoid cleaning flow steering table twice during error flow
    - hv_netvsc: set master device
    - ipv6: fix uninit-value in ip6_multipath_l3_keys()
    - net/mlx5e: Allow offloading ipv4 header re-write for icmp
    - nsh: fix infinite loop
    - udp: fix SO_BINDTODEVICE
    - l2tp: revert "l2tp: fix missing print session offset info"
    - proc: do not access cmdline nor environ from file-backed areas
    - net/smc: restrict non-blocking connect finish
    - mlxsw: spectrum_switchdev: Do not remove mrouter port from MDB's ports list
    - net/mlx5e: DCBNL fix min inline header size for dscp
    - net: systemport: Correclty disambiguate driver instances
    - sctp: clear the new asoc's stream outcnt in sctp_stream_update
    - tcp: restore autocorking
    - tipc: fix one byte leak in tipc_sk_set_orig_addr()
    - hv_netvsc: Fix net device attach on older Windows hosts

* Bionic update: upstream stable patchset 2018-07-06 (LP: #1780499)
    - ext4: prevent right-shifting extents beyond EXT_MAX_BLOCKS
    - ipvs: fix rtnl_lock lockups caused by start_sync_thread
    - netfilter: ebtables: don't attempt to allocate 0-sized compat array
    - kcm: Call strp_stop before strp_done in kcm_attach
    - crypto: af_alg - fix possible uninit-value in alg_bind()
    - netlink: fix uninit-value in netlink_sendmsg
    - net: fix rtnh_ok()
    - net: initialize skb->peeked when cloning
    - net: fix uninit-value in __hw_addr_add_ex()
    - dccp: initialize ireq->ir_mark
    - ipv4: fix uninit-value in ip_route_output_key_hash_rcu()
    - soreuseport: initialise timewait reuseport field
    - inetpeer: fix uninit-value in inet_getpeer
    - memcg: fix per_node_info cleanup
    - perf: Remove superfluous allocation error check
    - tcp: fix TCP_REPAIR_QUEUE bound checking
    - bdi: wake up concurrent wb_shutdown() callers.
    - bdi: Fix oops in wb_workfn()
    - gpioib: do not free unrequested descriptors
    - gpio: fix aspeed_gpio unmask irq
    - gpio: fix error path in lineevent_create
    - rfkill: gpio: fix memory leak in probe error path
    - libata: Apply NOLPM quirk for SanDisk SD7UB3Q*G1001 SSDs
    - dm integrity: use kvfree for kvmalloc'd memory
    - tracing: Fix regex_match_front() to not over compare the test string
    - z3fold: fix reclaim lock-ups
    - mm: sections are not offlined during memory hotremove
    - mm, oom: fix concurrent munlock and oom reaper unmap, v3
    - ceph: fix rsize/wsize capping in ceph_direct_read_write()
    - can: kvaser_usb: Increase correct stats counter in kvaser_usb_rx_can_msg()
    - can: hi311x: Acquire SPI lock on ->do_get_berr_counter
    - can: hi311x: Work around TX complete interrupt erratum
    - drm/vc4: Fix scaling of uni-planar formats
    - drm/i915: Fix drm:intel_enable_lvds ERROR message in kernel log
    - drm/atomic: Clean old_state/new_state in drm_atomic_state_default_clear()
    - drm/atomic: Clean private obj old_state/new_state in
      drm_atomic_state_default_clear()
    - net: atm: Fix potential Spectre v1
    - atm: zatm: Fix potential Spectre v1
    - cpufreq: schedutil: Avoid using invalid next_freq
    - Revert "Bluetooth: btusb: Fix quirk for Atheros 1525/QCA6174"
    - Bluetooth: btusb: Only check needs_reset_resume DMI table for QCA rome
      chipsets
    - thermal: exynos: Reading temperature makes sense only when TMU is turned on
    - thermal: exynos: Propagate error value from tmu_read()
    - nvme: add quirk to force medium priority for SQ creation
    - smb3: directory sync should not return an error
    - sched/autogroup: Fix possible Spectre-v1 indexing for sched_prio_to_weight[]
    - tracing/uprobe_event: Fix strncpy corner case
    - perf/x86: Fix possible Spectre-v1 indexing for hw_perf_event cache_*
    - perf/x86/cstate: Fix possible Spectre-v1 indexing for pkg_msr
    - perf/x86/msr: Fix possible Spectre-v1 indexing in the MSR driver
    - perf/core: Fix possible Spectre-v1 indexing for ->aux_pages[]
    - perf/x86: Fix possible Spectre-v1 indexing for x86_pmu::event_map()
    - i2c: dev: prevent ZERO_SIZE_PTR deref in i2cdev_ioctl_rdwr()
    - bdi: Fix use after free bug in debugfs_remove()
    - drm/ttm: Use GFP_TRANSHUGE_LIGHT for allocating huge pages
    - drm/i915: Adjust eDP's logical vco in a reliable place.
    - drm/nouveau/ttm: don't dereference nvbo::cli, it can outlive client
    - sched/core: Fix possible Spectre-v1 indexing for sched_prio_to_weight[]

* Bionic update: upstream stable patchset 2018-06-26 (LP: #1778759)
    - percpu: include linux/sched.h for cond_resched()
    - ACPI / button: make module loadable when booted in non-ACPI mode
    - USB: serial: option: Add support for Quectel EP06
    - ALSA: hda - Fix incorrect usage of IS_REACHABLE()
    - ALSA: pcm: Check PCM state at xfern compat ioctl
    - ALSA: seq: Fix races at MIDI encoding in snd_virmidi_output_trigger()
    - ALSA: dice: fix kernel NULL pointer dereference due to invalid calculation
      for array index
    - ALSA: aloop: Mark paused device as inactive
    - ALSA: aloop: Add missing cable lock to ctl API callbacks
    - tracepoint: Do not warn on ENOMEM
    - scsi: target: Fix fortify_panic kernel exception
    - Input: leds - fix out of bound access
    - Input: atmel_mxt_ts - add touchpad button mapping for Samsung Chromebook Pro
    - rtlwifi: btcoex: Add power_on_setting routine
    - rtlwifi: cleanup 8723be ant_sel definition
    - xfs: prevent creating negative-sized file via INSERT_RANGE
    - RDMA/cxgb4: release hw resources on device removal
    - RDMA/ucma: Allow resolving address w/o specifying source address
    - RDMA/mlx5: Fix multiple NULL-ptr deref errors in rereg_mr flow
    - RDMA/mlx5: Protect from shift operand overflow
    - NET: usb: qmi_wwan: add support for ublox R410M PID 0x90b2
    - IB/mlx5: Use unlimited rate when static rate is not supported
    - IB/hfi1: Fix handling of FECN marked multicast packet
    - IB/hfi1: Fix loss of BECN with AHG
    - IB/hfi1: Fix NULL pointer dereference when invalid num_vls is used
    - iw_cxgb4: Atomically flush per QP HW CQEs
    - drm/vmwgfx: Fix a buffer object leak
    - drm/bridge: vga-dac: Fix edid memory leak
    - test_firmware: fix setting old custom fw path back on exit, second try
    - errseq: Always report a writeback error once
    - USB: serial: visor: handle potential invalid device configuration
    - usb: dwc3: gadget: Fix list_del corruption in dwc3_ep_dequeue
    - USB: Accept bulk endpoints with 1024-byte maxpacket
    - USB: serial: option: reimplement interface masking
    - USB: serial: option: adding support for ublox R410M
    - usb: musb: host: fix potential NULL pointer dereference
    - usb: musb: trace: fix NULL pointer dereference in musb_g_tx()
    - platform/x86: asus-wireless: Fix NULL pointer dereference
    - irqchip/qcom: Fix check for spurious interrupts
    - tracing: Fix bad use of igrab in trace_uprobe.c
    - [Config] CONFIG_ARM64_ERRATUM_1024718=y
    - arm64: Add work around for Arm Cortex-A55 Erratum 1024718
    - Input: atmel_mxt_ts - add touchpad button mapping for Samsung Chromebook Pro
    - infiniband: mlx5: fix build errors when INFINIBAND_USER_ACCESS=m
    - btrfs: Take trans lock before access running trans in check_delayed_ref
    - drm/vc4: Make sure vc4_bo_{inc,dec}_usecnt() calls are balanced
    - xhci: Fix use-after-free in xhci_free_virt_device
    - platform/x86: Kconfig: Fix dell-laptop dependency chain.
    - KVM: x86: remove APIC Timer periodic/oneshot spikes
    - clocksource: Allow clocksource_mark_unstable() on unregistered clocksources
    - clocksource: Initialize cs->wd_list
    - clocksource: Consistent de-rate when marking unstable

* Bionic update: upstream stable patchset 2018-06-22 (LP: #1778265)
    - ext4: set h_journal if there is a failure starting a reserved handle
    - ext4: add MODULE_SOFTDEP to ensure crc32c is included in the initramfs
    - ext4: add validity checks for bitmap block numbers
    - ext4: fix bitmap position validation
    - random: fix possible sleeping allocation from irq context
    - random: rate limit unseeded randomness warnings
    - usbip: usbip_event: fix to not print kernel pointer address
    - usbip: usbip_host: fix to hold parent lock for device_attach() calls
    - usbip: vhci_hcd: Fix usb device and sockfd leaks
    - usbip: vhci_hcd: check rhport before using in vhci_hub_control()
    - Revert "xhci: plat: Register shutdown for xhci_plat"
    - USB: serial: simple: add libtransistor console
    - USB: serial: ftdi_sio: use jtag quirk for Arrow USB Blaster
    - USB: serial: cp210x: add ID for NI USB serial console
    - usb: core: Add quirk for HP v222w 16GB Mini
    - USB: Increment wakeup count on remote wakeup.
    - ALSA: usb-audio: Skip broken EU on Dell dock USB-audio
    - virtio: add ability to iterate over vqs
    - virtio_console: don't tie bufs to a vq
    - virtio_console: free buffers after reset
    - virtio_console: drop custom control queue cleanup
    - virtio_console: move removal code
    - virtio_console: reset on out of memory
    - drm/virtio: fix vq wait_event condition
    - tty: Don't call panic() at tty_ldisc_init()
    - tty: n_gsm: Fix long delays with control frame timeouts in ADM mode
    - tty: n_gsm: Fix DLCI handling for ADM mode if debug & 2 is not set
    - tty: Avoid possible error pointer dereference at tty_ldisc_restore().
    - tty: Use __GFP_NOFAIL for tty_ldisc_get()
    - ALSA: dice: fix OUI for TC group
    - ALSA: dice: fix error path to destroy initialized stream data
    - ALSA: hda - Skip jack and others for non-existing PCM streams
    - ALSA: opl3: Hardening for potential Spectre v1
    - ALSA: asihpi: Hardening for potential Spectre v1
    - ALSA: hdspm: Hardening for potential Spectre v1
    - ALSA: rme9652: Hardening for potential Spectre v1
    - ALSA: control: Hardening for potential Spectre v1
    - ALSA: pcm: Return negative delays from SNDRV_PCM_IOCTL_DELAY.
    - ALSA: core: Report audio_tstamp in snd_pcm_sync_ptr
    - ALSA: seq: oss: Fix unbalanced use lock for synth MIDI device
    - ALSA: seq: oss: Hardening for potential Spectre v1
    - ALSA: hda: Hardening for potential Spectre v1
    - ALSA: hda/realtek - Add some fixes for ALC233
    - ALSA: hda/realtek - Update ALC255 depop optimize
    - ALSA: hda/realtek - change the location for one of two front mics
    - mtd: spi-nor: cadence-quadspi: Fix page fault kernel panic
    - mtd: cfi: cmdset_0001: Do not allow read/write to suspend erase block.
    - mtd: cfi: cmdset_0001: Workaround Micron Erase suspend bug.
    - mtd: cfi: cmdset_0002: Do not allow read/write to suspend erase block.
    - mtd: rawnand: tango: Fix struct clk memory leak
    - kobject: don't use WARN for registration failures
    - scsi: sd: Defer spinning up drive while SANITIZE is in progress
    - bfq-iosched: ensure to clear bic/bfqq pointers when preparing request
    - vfio: ccw: process ssch with interrupts disabled
    - ANDROID: binder: prevent transactions into own process.
    - PCI: aardvark: Fix logic in advk_pcie_{rd,wr}_conf()
    - PCI: aardvark: Set PIO_ADDR_LS correctly in advk_pcie_rd_conf()
    - PCI: aardvark: Use ISR1 instead of ISR0 interrupt in legacy irq mode
    - PCI: aardvark: Fix PCIe Max Read Request Size setting
    - ARM: amba: Make driver_override output consistent with other buses
    - ARM: amba: Fix race condition with driver_override
    - ARM: amba: Don't read past the end of sysfs "driver_override" buffer
    - ARM: socfpga_defconfig: Remove QSPI Sector 4K size force
    - KVM: arm/arm64: Close VMID generation race
    - crypto: drbg - set freed buffers to NULL
    - ASoC: fsl_esai: Fix divisor calculation failure at lower ratio
    - libceph: un-backoff on tick when we have a authenticated session
    - libceph: reschedule a tick in finish_hunting()
    - libceph: validate con->state at the top of try_write()
    - fpga-manager: altera-ps-spi: preserve nCONFIG state
    - earlycon: Use a pointer table to fix __earlycon_table stride
    - drm/amdgpu: set COMPUTE_PGM_RSRC1 for SGPR/VGPR clearing shaders
    - drm/i915: Enable display WA#1183 from its correct spot
    - objtool, perf: Fix GCC 8 -Wrestrict error
    - tools/lib/subcmd/pager.c: do not alias select() params
    - x86/ipc: Fix x32 version of shmid64_ds and msqid64_ds
    - x86/smpboot: Don't use mwait_play_dead() on AMD systems
    - x86/microcode/intel: Save microcode patch unconditionally
    - x86/microcode: Do not exit early from __reload_late()
    - tick/sched: Do not mess with an enqueued hrtimer
    - arm/arm64: KVM: Add PSCI version selection API
    - powerpc/eeh: Fix race with driver un/bind
    - serial: mvebu-uart: Fix local flags handling on termios update
    - block: do not use interruptible wait anywhere
    - ASoC: dmic: Fix clock parenting
    - PCI / PM: Do not clear state_saved in pci_pm_freeze() when smart suspend is
      set
    - module: Fix display of wrong module .text address
    - drm/edid: Reset more of the display info
    - drm/i915/fbdev: Enable late fbdev initial configuration
    - drm/i915/audio: set minimum CD clock to twice the BCLK
    - drm/amd/display: Fix deadlock when flushing irq
    - drm/amd/display: Disallow enabling CRTC without primary plane with FB

* Bionic update: upstream stable patchset 2018-06-22 (LP: #1778265) //
    CVE-2018-1108.
    - random: set up the NUMA crng instances after the CRNG is fully initialized

* Ryzen/Raven Ridge USB ports do not work (LP: #1756700)
    - xhci: Fix USB ports for Dell Inspiron 5775

* [Ubuntu 1804][boston][ixgbe] EEH causes kernel BUG at /build/linux-
    jWa1Fv/linux-4.15.0/drivers/pci/msi.c:352 (i2S) (LP: #1776389)
    - ixgbe/ixgbevf: Free IRQ when PCI error recovery removes the device

* Need fix to aacraid driver to prevent panic (LP: #1770095)
    - scsi: aacraid: Correct hba_send to include iu_type

* kernel: Fix arch random implementation (LP: #1775391)
    - s390/archrandom: Rework arch random implementation.

* kernel: Fix memory leak on CCA and EP11 CPRB processing. (LP: #1775390)
    - s390/zcrypt: Fix CCA and EP11 CPRB processing failure memory leak.

* Various fixes for CXL kernel module (LP: #1774471)
    - cxl: Remove function write_timebase_ctrl_psl9() for PSL9
    - cxl: Set the PBCQ Tunnel BAR register when enabling capi mode
    - cxl: Report the tunneled operations status
    - cxl: Configure PSL to not use APC virtual machines
    - cxl: Disable prefault_mode in Radix mode

* Bluetooth not working (LP: #1764645)
    - Bluetooth: btusb: Apply QCA Rome patches for some ATH3012 models

* linux-snapdragon: wcn36xx: mac address generation on boot (LP: #1776491)
    - [Config] arm64: snapdragon: WCN36XX_SNAPDRAGON_HACKS=y
    - SAUCE: wcn36xx: read MAC from file or randomly generate one

* fscache: Fix hanging wait on page discarded by writeback (LP: #1777029)
    - fscache: Fix hanging wait on page discarded by writeback

-- Kleber Sacilotto de Souza <kleber.souza@canonical.com>  Wed, 15 Aug 2018 14:50:38 +0200

Changed in linux (Ubuntu Bionic):
status:	Fix Committed → Fix Released

Revision history for this message

Launchpad Janitor (janitor) wrote on 2018-08-23:

#7

Download full text (6.4 KiB)

This bug was fixed in the package linux - 3.13.0-157.207

---------------
linux (3.13.0-157.207) trusty; urgency=medium

* linux: 3.13.0-157.207 -proposed tracker (LP: #1787982)

* CVE-2017-5715 (Spectre v2 retpoline)
- SAUCE: Fix "x86/retpoline/entry: Convert entry assembler indirect jumps"

* CVE-2017-2583
- KVM: x86: fix emulation of "MOV SS, null selector"

* CVE-2017-7518
- KVM: x86: fix singlestepping over syscall

* CVE-2017-18270
- KEYS: prevent creating a different user's keyrings

  * Update to upstream's implementation of Spectre v1 mitigation (LP: #1774181)
    - Documentation: Document array_index_nospec
    - array_index_nospec: Sanitize speculative array de-references
    - x86: Implement array_index_mask_nospec
    - x86: Introduce barrier_nospec
    - x86/get_user: Use pointer masking to limit speculation
    - x86/syscall: Sanitize syscall table de-references under speculation
    - vfs, fdtable: Prevent bounds-check bypass via speculative execution
    - nl80211: Sanitize array index in parse_txq_params
    - x86/spectre: Report get_user mitigation for spectre_v1
    - x86/kvm: Update spectre-v1 mitigation
    - nospec: Allow index argument to have const-qualified type
    - nospec: Move array_index_nospec() parameter checking into separate macro
    - nospec: Kill array_index_nospec_mask_check()
    - SAUCE: Replace osb() calls with array_index_nospec()
    - SAUCE: Rename osb() to barrier_nospec()
    - SAUCE: x86: Use barrier_nospec in arch/x86/um/asm/barrier.h

  * Prevent speculation on user controlled pointer (LP: #1775137)
    - x86: reorganize SMAP handling in user space accesses
    - x86: fix SMAP in 32-bit environments
    - x86: Introduce __uaccess_begin_nospec() and uaccess_try_nospec
    - x86/usercopy: Replace open coded stac/clac with __uaccess_{begin, end}
    - x86/uaccess: Use __uaccess_begin_nospec() and uaccess_try_nospec

  * CVE-2016-10208
    - ext4: validate s_first_meta_bg at mount time
    - ext4: fix fencepost in s_first_meta_bg validation

* CVE-2018-10323
- xfs: set format back to extents if xfs_bmap_extents_to_btree

* CVE-2017-16911
- usbip: prevent vhci_hcd driver from leaking a socket pointer address

* CVE-2018-13406
- video: uvesafb: Fix integer overflow in allocation

* CVE-2018-10877
- ext4: verify the depth of extent tree in ext4_find_extent()

* CVE-2018-10881
- ext4: clear i_data in ext4_inode_info when removing inline data

* CVE-2018-1092
- ext4: fail ext4_iget for root directory if unallocated

  * CVE-2018-1093
    - ext4: fix block bitmap validation when bigalloc, ^flex_bg
    - ext4: add validity checks for bitmap block numbers

* CVE-2018-12233
- jfs: Fix inconsistency between memory allocation and ea_buf->max_size

* CVE-2017-16912
- usbip: fix stub_rx: get_pipe() to validate endpoint number

* CVE-2018-10675
- mm/mempolicy: fix use after free when calling get_mempolicy

  * CVE-2017-8831
    - saa7164: fix sparse warnings
    - saa7164: fix double fetch PCIe access condition

* CVE-2017-16533
- HID: usbhid: fix out-of-bounds bug

* CVE-2017-16538
- media: dvb-usb-v2: lmedm04: move ts2...

Ubuntu
linux package

fscache: Fix hanging wait on page discarded by writeback

Bug Description

CVE References

Other bug subscribers

Remote bug watches

	Status	Importance	Assigned to
linux (Ubuntu)	Confirmed	High	Daniel Axtens
Trusty	Fix Released	High	Unassigned
Xenial	Fix Released	High	Unassigned
Artful	Won't Fix	High	Unassigned
Bionic	Fix Released	High	Unassigned

Ubuntulinux package

fscache: Fix hanging wait on page discarded by writeback

Bug Description

CVE References

Other bug subscribers

Remote bug watches

Ubuntu
linux package