Ubuntu
linux package

Bionic update: upstream stable patchset 2019-09-10

Bug #1843463 reported by Kamal Mostafa on 2019-09-10

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	linux (Ubuntu)	Invalid	Undecided	Unassigned
	Bionic	Fix Released	Undecided	Kamal Mostafa

Bug Description

SRU Justification

    Impact:
       The upstream process for stable tree updates is quite similar
       in scope to the Ubuntu SRU process, e.g., each patch has to
       demonstrably fix a bug, and each patch is vetted by upstream
       by originating either directly from a mainline/stable Linux tree or
       a minimally backported form of that patch. The following upstream
       stable patches should be included in the Ubuntu kernel:

upstream stable patchset 2019-09-10

Ported from the following upstream stable releases:
v4.14.143, v4.19.72

from git://git.kernel.org/

net: tundra: tsi108: use spin_lock_irqsave instead of spin_lock_irq in IRQ context
hv_netvsc: Fix a warning of suspicious RCU usage
net: tc35815: Explicitly check NET_IP_ALIGN is not zero in tc35815_rx
Bluetooth: btqca: Add a short delay before downloading the NVM
ibmveth: Convert multicast list size for little-endian system
gpio: Fix build error of function redefinition
drm/mediatek: use correct device to import PRIME buffers
drm/mediatek: set DMA max segment size
cxgb4: fix a memory leak bug
liquidio: add cleanup in octeon_setup_iq()
net: myri10ge: fix memory leaks
lan78xx: Fix memory leaks
vfs: fix page locking deadlocks when deduping files
cx82310_eth: fix a memory leak bug
net: kalmia: fix memory leaks
wimax/i2400m: fix a memory leak bug
ravb: Fix use-after-free ravb_tstamp_skb
kprobes: Fix potential deadlock in kprobe_optimizer()
HID: cp2112: prevent sleeping function called from invalid context
Input: hyperv-keyboard: Use in-place iterator API in the channel callback
Tools: hv: kvp: eliminate 'may be used uninitialized' warning
IB/mlx4: Fix memory leaks
ceph: fix buffer free while holding i_ceph_lock in __ceph_setxattr()
ceph: fix buffer free while holding i_ceph_lock in __ceph_build_xattrs_blob()
ceph: fix buffer free while holding i_ceph_lock in fill_inode()
KVM: arm/arm64: Only skip MMIO insn once
libceph: allow ceph_buffer_put() to receive a NULL ceph_buffer
spi: bcm2835aux: unifying code between polling and interrupt driven code
spi: bcm2835aux: remove dangerous uncontrolled read of fifo
spi: bcm2835aux: fix corruptions for longer spi transfers
net: fix skb use after free in netpoll
net_sched: fix a NULL pointer deref in ipt action
net: stmmac: dwmac-rk: Don't fail if phy regulator is absent
tcp: inherit timestamp on mtu probe
tcp: remove empty skb from write queue in error cases
net: sched: act_sample: fix psample group handling on overwrite
mld: fix memory leak in mld_del_delrec()
x86/boot: Preserve boot_params.secure_boot from sanitizing
tools: bpftool: fix error message (prog -> object)
scsi: qla2xxx: Fix gnl.l memory leak on adapter init failure
afs: Fix leak in afs_lookup_cell_rcu()
UBUNTU: upstream stable to v4.14.143, v4.19.72

See original description

Tags:

CVE References

2018-21008

Kamal Mostafa (kamalmostafa) on 2019-09-10

Changed in linux (Ubuntu):
status:	New → Confirmed
tags:	added: kernel-stable-tracking-bug

Kamal Mostafa (kamalmostafa) on 2019-09-10

Changed in linux (Ubuntu Bionic):
status:	New → In Progress
assignee:	nobody → Kamal Mostafa (kamalmostafa)
description:	updated
description:	updated

Khaled El Mously (kmously) on 2019-09-26

Changed in linux (Ubuntu Bionic):
status:	In Progress → Fix Committed

Revision history for this message

Launchpad Janitor (janitor) wrote on 2019-10-21:

Download full text (23.3 KiB)

This bug was fixed in the package linux - 4.15.0-66.75

---------------
linux (4.15.0-66.75) bionic; urgency=medium

* bionic/linux: 4.15.0-66.75 -proposed tracker (LP: #1846131)

* Packaging resync (LP: #1786013)
- [Packaging] update helper scripts

* CVE-2018-21008
- rsi: add fix for crash during assertions

  * ipv6: fix neighbour resolution with raw socket (LP: #1834465)
    - ipv6: constify rt6_nexthop()
    - ipv6: fix neighbour resolution with raw socket

  * run_netsocktests from net in ubuntu_kernel_selftests failed with X-4.15
    (LP: #1842023)
    - SAUCE: selftests: net: replace AF_MAX with INT_MAX in socket.c

  * No sound inputs from the external microphone and headset on a Dell machine
    (LP: #1842265)
    - ALSA: hda - Expand pin_match function to match upcoming new tbls
    - ALSA: hda - Define a fallback_pin_fixup_tbl for alc269 family

* Add -fcf-protection=none when using retpoline flags (LP: #1843291)
- SAUCE: kbuild: add -fcf-protection=none when using retpoline flags

* Enhanced Hardware Support - Finalize Naming (LP: #1842774)
- s390: add support for IBM z15 machines

This bug was fixed in the package linux - 4.15.0-66.75

---------------
linux (4.15.0-66.75) bionic; urgency=medium

* bionic/linux: 4.15.0-66.75 -proposed tracker (LP: #1846131)

* Packaging resync (LP: #1786013)
    - [Packaging] update helper scripts

* CVE-2018-21008
    - rsi: add fix for crash during assertions

* ipv6: fix neighbour resolution with raw socket (LP: #1834465)
    - ipv6: constify rt6_nexthop()
    - ipv6: fix neighbour resolution with raw socket

* run_netsocktests from net in ubuntu_kernel_selftests failed with X-4.15
    (LP: #1842023)
    - SAUCE: selftests: net: replace AF_MAX with INT_MAX in socket.c

* Add -fcf-protection=none when using retpoline flags (LP: #1843291)
    - SAUCE: kbuild: add -fcf-protection=none when using retpoline flags

* Enhanced Hardware Support - Finalize Naming (LP: #1842774)
    - s390: add support for IBM z15 machines

* Bionic update: upstream stable patchset 2019-09-24 (LP: #1845266)
    - bridge/mdb: remove wrong use of NLM_F_MULTI
    - cdc_ether: fix rndis support for Mediatek based smartphones
    - ipv6: Fix the link time qualifier of 'ping_v6_proc_exit_net()'
    - isdn/capi: check message length in capi_write()
    - net: Fix null de-reference of device refcount
    - net: gso: Fix skb_segment splat when splitting gso_size mangled skb having
      linear-headed frag_list
    - net: phylink: Fix flow control resolution
    - sch_hhf: ensure quantum and hhf_non_hh_weight are non-zero
    - sctp: Fix the link time qualifier of 'sctp_ctrlsock_exit()'
    - sctp: use transport pf_retrans in sctp_do_8_2_transport_strike
    - tcp: fix tcp_ecn_withdraw_cwr() to clear TCP_ECN_QUEUE_CWR
    - tipc: add NULL pointer check before calling kfree_rcu
    - tun: fix use-after-free when register netdev failed
    - btrfs: compression: add helper for type to string conversion
    - btrfs: correctly validate compression type
    - Revert "MIPS: SiByte: Enable swiotlb for SWARM, LittleSur and BigSur"
    - gpiolib: acpi: Add gpiolib_acpi_run_edge_events_on_boot option and blacklist
    - gpio: fix line flag validation in linehandle_create
    - gpio: fix line flag validation in lineevent_create
    - Btrfs: fix assertion failure during fsync and use of stale transaction
    - genirq: Prevent NULL pointer dereference in resend_irqs()
    - KVM: s390: Do not leak kernel stack data in the KVM_S390_INTERRUPT ioctl
    - KVM: x86: work around leak of uninitialized stack contents
    - KVM: nVMX: handle page fault in vmread
    - MIPS: VDSO: Prevent use of smp_processor_id()
    - MIPS: VDSO: Use same -m%-float cflag as the kernel proper
    - powerpc: Add barrier_nospec to raw_copy_in_user()
    - drm/meson: Add support for XBGR8888 & ABGR8888 formats
    - clk: rockchip: Don't yell about bad mmc phases when getting
    - mtd: rawnand: mtk: Fix wrongly assigned OOB buffer pointer issue
    - PCI: Always allow probing with driver_override
    - ubifs: Correctly use tnc_next() in search_dh_cookie()
    - driver core: Fix use-after-free and double free on glue directory
    - crypto: talitos - check AES key size
    - crypto: talitos - fix CTR alg blocksize
    - crypto: talitos - check data blocksize in ablkcipher.
    - crypto: talitos - fix ECB algs ivsize
    - crypto: talitos - Do not modify req->cryptlen on decryption.
    - crypto: talitos - HMAC SNOOP NO AFEU mode requires SW icv checking.
    - firmware: ti_sci: Always request response from firmware
    - drm/mediatek: mtk_drm_drv.c: Add of_node_put() before goto
    - Revert "Bluetooth: btusb: driver to enable the usb-wakeup feature"
    - platform/x86: pmc_atom: Add CB4063 Beckhoff Automation board to
      critclk_systems DMI table
    - nvmem: Use the same permissions for eeprom as for nvmem
    - x86/build: Add -Wnoaddress-of-packed-member to REALMODE_CFLAGS, to silence
      GCC9 build warning
    - ixgbe: Prevent u8 wrapping of ITR value to something less than 10us
    - x86/purgatory: Change compiler flags from -mcmodel=kernel to -mcmodel=large
      to fix kexec relocation errors
    - modules: fix BUG when load module with rodata=n
    - modules: fix compile error if don't have strict module rwx
    - HID: wacom: generic: read HID_DG_CONTACTMAX from any feature report
    - Input: elan_i2c - remove Lenovo Legion Y7000 PnpID
    - powerpc/mm/radix: Use the right page size for vmemmap mapping
    - USB: usbcore: Fix slab-out-of-bounds bug during device reset
    - phy: renesas: rcar-gen3-usb2: Disable clearing VBUS in over-current
    - media: tm6000: double free if usb disconnect while streaming
    - xen-netfront: do not assume sk_buff_head list is empty in error handling
    - net_sched: let qdisc_put() accept NULL pointer
    - KVM: coalesced_mmio: add bounds checking
    - firmware: google: check if size is valid when decoding VPD data
    - serial: sprd: correct the wrong sequence of arguments
    - tty/serial: atmel: reschedule TX after RX was started
    - mwifiex: Fix three heap overflow at parsing element in cfg80211_ap_settings
    - nl80211: Fix possible Spectre-v1 for CQM RSSI thresholds
    - ARM: OMAP2+: Fix missing SYSC_HAS_RESET_STATUS for dra7 epwmss
    - s390/bpf: fix lcgr instruction encoding
    - ARM: OMAP2+: Fix omap4 errata warning on other SoCs
    - ARM: dts: dra74x: Fix iodelay configuration for mmc3
    - s390/bpf: use 32-bit index for tail calls
    - fpga: altera-ps-spi: Fix getting of optional confd gpio
    - netfilter: xt_nfacct: Fix alignment mismatch in xt_nfacct_match_info
    - NFSv4: Fix return values for nfs4_file_open()
    - NFSv4: Fix return value in nfs_finish_open()
    - NFS: Fix initialisation of I/O result struct in nfs_pgio_rpcsetup
    - Kconfig: Fix the reference to the IDT77105 Phy driver in the description of
      ATM_NICSTAR_USE_IDT77105
    - qed: Add cleanup in qed_slowpath_start()
    - ARM: 8874/1: mm: only adjust sections of valid mm structures
    - batman-adv: Only read OGM2 tvlv_len after buffer len check
    - r8152: Set memory to all 0xFFs on failed reg reads
    - x86/apic: Fix arch_dynirq_lower_bound() bug for DT enabled machines
    - netfilter: nf_conntrack_ftp: Fix debug output
    - NFSv2: Fix eof handling
    - NFSv2: Fix write regression
    - kallsyms: Don't let kallsyms_lookup_size_offset() fail on retrieving the
      first symbol
    - cifs: set domainName when a domain-key is used in multiuser
    - cifs: Use kzfree() to zero out the password
    - ARM: 8901/1: add a criteria for pfn_valid of arm
    - sky2: Disable MSI on yet another ASUS boards (P6Xxxx)
    - i2c: designware: Synchronize IRQs when unregistering slave client
    - perf/x86/intel: Restrict period on Nehalem
    - perf/x86/amd/ibs: Fix sample bias for dispatched micro-ops
    - amd-xgbe: Fix error path in xgbe_mod_init()
    - tools/power x86_energy_perf_policy: Fix "uninitialized variable" warnings at
      -O2
    - tools/power x86_energy_perf_policy: Fix argument parsing
    - tools/power turbostat: fix buffer overrun
    - net: seeq: Fix the function used to release some memory in an error handling
      path
    - dmaengine: ti: dma-crossbar: Fix a memory leak bug
    - dmaengine: ti: omap-dma: Add cleanup in omap_dma_probe()
    - x86/uaccess: Don't leak the AC flags into __get_user() argument evaluation
    - x86/hyper-v: Fix overflow bug in fill_gva_list()
    - keys: Fix missing null pointer check in request_key_auth_describe()
    - iommu/amd: Flush old domains in kdump kernel
    - iommu/amd: Fix race in increase_address_space()
    - PCI: kirin: Fix section mismatch warning
    - floppy: fix usercopy direction
    - binfmt_elf: move brk out of mmap when doing direct loader exec
    - tcp: Reset send_head when removing skb from write-queue
    - tcp: Don't dequeue SYN/FIN-segments from write-queue
    - media: technisat-usb2: break out of loop at end of buffer
    - tools: bpftool: close prog FD before exit on showing a single program
    - netfilter: xt_physdev: Fix spurious error message in physdev_mt_check
    - ibmvnic: Do not process reset during or after device removal
    - net: aquantia: fix out of memory condition on rx side

* Bionic update: upstream stable patchset 2019-09-18 (LP: #1844558)
    - ALSA: hda - Fix potential endless loop at applying quirks
    - ALSA: hda/realtek - Fix overridden device-specific initialization
    - ALSA: hda/realtek - Fix the problem of two front mics on a ThinkCentre
    - sched/fair: Don't assign runtime for throttled cfs_rq
    - drm/vmwgfx: Fix double free in vmw_recv_msg()
    - xfrm: clean up xfrm protocol checks
    - PCI: designware-ep: Fix find_first_zero_bit() usage
    - PCI: dra7xx: Fix legacy INTD IRQ handling
    - vhost/test: fix build for vhost test
    - batman-adv: fix uninit-value in batadv_netlink_get_ifindex()
    - batman-adv: Only read OGM tvlv_len after buffer len check
    - hv_sock: Fix hang when a connection is closed
    - powerpc/64: mark start_here_multiplatform as __ref
    - arm64: dts: rockchip: enable usb-host regulators at boot on rk3328-rock64
    - scripts/decode_stacktrace: match basepath using shell prefix operator, not
      regex
    - clk: s2mps11: Add used attribute to s2mps11_dt_match
    - kernel/module: Fix mem leak in module_add_modinfo_attrs
    - ALSA: hda/realtek - Enable internal speaker & headset mic of ASUS UX431FL
    - {nl,mac}80211: fix interface combinations on crypto controlled devices
    - x86/ftrace: Fix warning and considate ftrace_jmp_replace() and
      ftrace_call_replace()
    - media: stm32-dcmi: fix irq = 0 case
    - modules: always page-align module section allocations
    - scsi: qla2xxx: Move log messages before issuing command to firmware
    - keys: Fix the use of the C++ keyword "private" in uapi/linux/keyctl.h
    - Drivers: hv: kvp: Fix two "this statement may fall through" warnings
    - remoteproc: qcom: q6v5-mss: add SCM probe dependency
    - KVM: x86: hyperv: enforce vp_index < KVM_MAX_VCPUS
    - KVM: x86: hyperv: consistently use 'hv_vcpu' for 'struct kvm_vcpu_hv'
      variables
    - drm/i915: Fix intel_dp_mst_best_encoder()
    - drm/i915: Rename PLANE_CTL_DECOMPRESSION_ENABLE
    - drm/i915/gen9+: Fix initial readout for Y tiled framebuffers
    - drm/atomic_helper: Disallow new modesets on unregistered connectors
    - Drivers: hv: kvp: Fix the indentation of some "break" statements
    - Drivers: hv: kvp: Fix the recent regression caused by incorrect clean-up
    - drm/amd/dm: Understand why attaching path/tile properties are needed
    - ARM: davinci: da8xx: define gpio interrupts as separate resources
    - ARM: davinci: dm365: define gpio interrupts as separate resources
    - ARM: davinci: dm646x: define gpio interrupts as separate resources
    - ARM: davinci: dm355: define gpio interrupts as separate resources
    - ARM: davinci: dm644x: define gpio interrupts as separate resources
    - media: vim2m: use workqueue
    - media: vim2m: use cancel_delayed_work_sync instead of flush_schedule_work
    - drm/i915: Restore sane defaults for KMS on GEM error load
    - KVM: PPC: Book3S HV: Fix race between kvm_unmap_hva_range and MMU mode
      switch
    - Btrfs: clean up scrub is_dev_replace parameter
    - Btrfs: fix deadlock with memory reclaim during scrub
    - btrfs: Remove extent_io_ops::fill_delalloc
    - btrfs: Fix error handling in btrfs_cleanup_ordered_extents
    - scsi: megaraid_sas: Fix combined reply queue mode detection
    - scsi: megaraid_sas: Add check for reset adapter bit
    - media: vim2m: only cancel work if it is for right context
    - ARC: show_regs: lockdep: re-enable preemption
    - ARC: mm: do_page_fault fixes #1: relinquish mmap_sem if signal arrives while
      handle_mm_fault
    - IB/uverbs: Fix OOPs upon device disassociation
    - drm/vblank: Allow dynamic per-crtc max_vblank_count
    - drm/i915/ilk: Fix warning when reading emon_status with no output
    - mfd: Kconfig: Fix I2C_DESIGNWARE_PLATFORM dependencies
    - tpm: Fix some name collisions with drivers/char/tpm.h
    - bcache: replace hard coded number with BUCKET_GC_GEN_MAX
    - bcache: treat stale && dirty keys as bad keys
    - KVM: VMX: Compare only a single byte for VMCS' "launched" in vCPU-run
    - iio: adc: exynos-adc: Add S5PV210 variant
    - iio: adc: exynos-adc: Use proper number of channels for Exynos4x12
    - drm/nouveau: Don't WARN_ON VCPI allocation failures
    - x86/kvmclock: set offset for kvm unstable clock
    - powerpc/kvm: Save and restore host AMR/IAMR/UAMOR
    - mmc: renesas_sdhi: Fix card initialization failure in high speed mode
    - btrfs: scrub: pass fs_info to scrub_setup_ctx
    - btrfs: init csum_list before possible free
    - PCI: qcom: Don't deassert reset GPIO during probe
    - drm: add __user attribute to ptr_to_compat()
    - CIFS: Fix error paths in writeback code
    - CIFS: Fix leaking locked VFS cache pages in writeback retry
    - drm/i915: Handle vm_mmap error during I915_GEM_MMAP ioctl with WC set
    - drm/i915: Sanity check mmap length against object size
    - IB/mlx5: Reset access mask when looping inside page fault handler
    - kvm: mmu: Fix overflow on kvm mmu page limit calculation
    - x86/kvm: move kvm_load/put_guest_xcr0 into atomic context
    - KVM: x86: Always use 32-bit SMRAM save state for 32-bit kernels
    - cifs: Fix lease buffer length error
    - ext4: protect journal inode's blocks using block_validity
    - dm mpath: fix missing call of path selector type->end_io
    - blk-mq: free hw queue's resource in hctx's release handler
    - mmc: sdhci-pci: Add support for Intel ICP
    - mmc: sdhci-pci: Add support for Intel CML
    - dm crypt: move detailed message into debug level
    - kvm: Check irqchip mode before assign irqfd
    - drm/amdgpu: fix ring test failure issue during s3 in vce 3.0 (V2)
    - drm/amdgpu/{uvd,vcn}: fetch ring's read_ptr after alloc
    - Btrfs: fix race between block group removal and block group allocation
    - cifs: add spinlock for the openFileList to cifsInodeInfo
    - IB/hfi1: Avoid hardlockup with flushlist_lock
    - apparmor: reset pos on failure to unpack for various functions
    - staging: wilc1000: fix error path cleanup in wilc_wlan_initialize()
    - scsi: zfcp: fix request object use-after-free in send path causing wrong
      traces
    - cifs: Properly handle auto disabling of serverino option
    - ceph: use ceph_evict_inode to cleanup inode's resource
    - KVM: x86: optimize check for valid PAT value
    - KVM: VMX: Always signal #GP on WRMSR to MSR_IA32_CR_PAT with bad value
    - KVM: VMX: Fix handling of #MC that occurs during VM-Entry
    - KVM: VMX: check CPUID before allowing read/write of IA32_XSS
    - resource: Include resource end in walk_*() interfaces
    - resource: Fix find_next_iomem_res() iteration issue
    - resource: fix locking in find_next_iomem_res()
    - pstore: Fix double-free in pstore_mkfile() failure path
    - dm thin metadata: check if in fail_io mode when setting needs_check
    - drm/panel: Add support for Armadeus ST0700 Adapt
    - ALSA: hda - Fix intermittent CORB/RIRB stall on Intel chips
    - iommu/iova: Remove stale cached32_node
    - gpio: don't WARN() on NULL descs if gpiolib is disabled
    - i2c: at91: disable TXRDY interrupt after sending data
    - i2c: at91: fix clk_offset for sama5d2
    - mm/migrate.c: initialize pud_entry in migrate_vma()
    - iio: adc: gyroadc: fix uninitialized return code
    - NFSv4: Fix delegation state recovery
    - bcache: only clear BTREE_NODE_dirty bit when it is set
    - bcache: add comments for mutex_lock(&b->write_lock)
    - virtio/s390: fix race on airq_areas[]
    - ext4: don't perform block validity checks on the journal inode
    - ext4: fix block validity checks for journal inodes using indirect blocks
    - ext4: unsigned int compared against zero
    - powerpc/tm: Remove msr_tm_active()

* Bionic update: upstream stable patchset 2019-09-10 (LP: #1843463)
    - net: tundra: tsi108: use spin_lock_irqsave instead of spin_lock_irq in IRQ
      context
    - hv_netvsc: Fix a warning of suspicious RCU usage
    - net: tc35815: Explicitly check NET_IP_ALIGN is not zero in tc35815_rx
    - Bluetooth: btqca: Add a short delay before downloading the NVM
    - ibmveth: Convert multicast list size for little-endian system
    - gpio: Fix build error of function redefinition
    - drm/mediatek: use correct device to import PRIME buffers
    - drm/mediatek: set DMA max segment size
    - cxgb4: fix a memory leak bug
    - liquidio: add cleanup in octeon_setup_iq()
    - net: myri10ge: fix memory leaks
    - lan78xx: Fix memory leaks
    - vfs: fix page locking deadlocks when deduping files
    - cx82310_eth: fix a memory leak bug
    - net: kalmia: fix memory leaks
    - wimax/i2400m: fix a memory leak bug
    - ravb: Fix use-after-free ravb_tstamp_skb
    - kprobes: Fix potential deadlock in kprobe_optimizer()
    - HID: cp2112: prevent sleeping function called from invalid context
    - Input: hyperv-keyboard: Use in-place iterator API in the channel callback
    - Tools: hv: kvp: eliminate 'may be used uninitialized' warning
    - IB/mlx4: Fix memory leaks
    - ceph: fix buffer free while holding i_ceph_lock in __ceph_setxattr()
    - ceph: fix buffer free while holding i_ceph_lock in
      __ceph_build_xattrs_blob()
    - ceph: fix buffer free while holding i_ceph_lock in fill_inode()
    - KVM: arm/arm64: Only skip MMIO insn once
    - libceph: allow ceph_buffer_put() to receive a NULL ceph_buffer
    - spi: bcm2835aux: unifying code between polling and interrupt driven code
    - spi: bcm2835aux: remove dangerous uncontrolled read of fifo
    - spi: bcm2835aux: fix corruptions for longer spi transfers
    - net: fix skb use after free in netpoll
    - net_sched: fix a NULL pointer deref in ipt action
    - net: stmmac: dwmac-rk: Don't fail if phy regulator is absent
    - tcp: inherit timestamp on mtu probe
    - tcp: remove empty skb from write queue in error cases
    - net: sched: act_sample: fix psample group handling on overwrite
    - mld: fix memory leak in mld_del_delrec()
    - x86/boot: Preserve boot_params.secure_boot from sanitizing
    - tools: bpftool: fix error message (prog -> object)
    - scsi: qla2xxx: Fix gnl.l memory leak on adapter init failure
    - afs: Fix leak in afs_lookup_cell_rcu()

* Bionic update: upstream stable patchset 2019-09-09 (LP: #1843338)
    - dmaengine: ste_dma40: fix unneeded variable warning
    - auxdisplay: panel: need to delete scan_timer when misc_register fails in
      panel_attach
    - iommu/dma: Handle SG length overflow better
    - usb: gadget: composite: Clear "suspended" on reset/disconnect
    - usb: gadget: mass_storage: Fix races between fsg_disable and fsg_set_alt
    - xen/blkback: fix memory leaks
    - i2c: rcar: avoid race when unregistering slave client
    - i2c: emev2: avoid race when unregistering slave client
    - drm/ast: Fixed reboot test may cause system hanged
    - usb: host: fotg2: restart hcd after port reset
    - tools: hv: fix KVP and VSS daemons exit code
    - watchdog: bcm2835_wdt: Fix module autoload
    - drm/bridge: tfp410: fix memleak in get_modes()
    - scsi: ufs: Fix RX_TERMINATION_FORCE_ENABLE define value
    - drm/tilcdc: Register cpufreq notifier after we have initialized crtc
    - ALSA: usb-audio: Fix a stack buffer overflow bug in check_input_term
    - ALSA: usb-audio: Fix an OOB bug in parse_audio_mixer_unit
    - net/smc: make sure EPOLLOUT is raised
    - tcp: make sure EPOLLOUT wont be missed
    - mm/zsmalloc.c: fix build when CONFIG_COMPACTION=n
    - ALSA: line6: Fix memory leak at line6_init_pcm() error path
    - ALSA: seq: Fix potential concurrent access to the deleted pool
    - kvm: x86: skip populating logical dest map if apic is not sw enabled
    - KVM: x86: Don't update RIP or do single-step on faulting emulation
    - x86/apic: Do not initialize LDR and DFR for bigsmp
    - ftrace: Fix NULL pointer dereference in t_probe_next()
    - ftrace: Check for successful allocation of hash
    - ftrace: Check for empty hash and comment the race with registering probes
    - usb-storage: Add new JMS567 revision to unusual_devs
    - USB: cdc-wdm: fix race between write and disconnect due to flag abuse
    - usb: chipidea: udc: don't do hardware access if gadget has stopped
    - usb: host: ohci: fix a race condition between shutdown and irq
    - usb: host: xhci: rcar: Fix typo in compatible string matching
    - USB: storage: ums-realtek: Update module parameter description for
      auto_delink_en
    - uprobes/x86: Fix detection of 32-bit user mode
    - mmc: sdhci-of-at91: add quirk for broken HS200
    - mmc: core: Fix init of SD cards reporting an invalid VDD range
    - stm class: Fix a double free of stm_source_device
    - intel_th: pci: Add support for another Lewisburg PCH
    - intel_th: pci: Add Tiger Lake support
    - drm/i915: Don't deballoon unused ggtt drm_mm_node in linux guest
    - VMCI: Release resource if the work is already queued
    - crypto: ccp - Ignore unconfigured CCP device on suspend/resume
    - Revert "cfg80211: fix processing world regdomain when non modular"
    - mac80211: fix possible sta leak
    - KVM: PPC: Book3S: Fix incorrect guest-to-user-translation error handling
    - KVM: arm/arm64: vgic: Fix potential deadlock when ap_list is long
    - KVM: arm/arm64: vgic-v2: Handle SGI bits in GICD_I{S,C}PENDR0 as WI
    - NFS: Clean up list moves of struct nfs_page
    - NFSv4/pnfs: Fix a page lock leak in nfs_pageio_resend()
    - NFS: Pass error information to the pgio error cleanup routine
    - NFS: Ensure O_DIRECT reports an error if the bytes read/written is 0
    - i2c: piix4: Fix port selection for AMD Family 16h Model 30h
    - x86/ptrace: fix up botched merge of spectrev1 fix
    - Revert "ASoC: Fail card instantiation if DAI format setup fails"
    - nvme-multipath: revalidate nvme_ns_head gendisk in nvme_validate_ns
    - afs: Fix the CB.ProbeUuid service handler to reply correctly
    - dmaengine: stm32-mdma: Fix a possible null-pointer dereference in
      stm32_mdma_irq_handler()
    - omap-dma/omap_vout_vrfb: fix off-by-one fi value
    - arm64: cpufeature: Don't treat granule sizes as strict
    - tools: hv: fixed Python pep8/flake8 warnings for lsvmbus
    - ipv4/icmp: fix rt dst dev null pointer dereference
    - ALSA: hda - Fixes inverted Conexant GPIO mic mute led
    - usb: hcd: use managed device resources
    - lib: logic_pio: Fix RCU usage
    - lib: logic_pio: Avoid possible overlap for unregistering regions
    - lib: logic_pio: Add logic_pio_unregister_range()
    - drm/amdgpu: Add APTX quirk for Dell Latitude 5495
    - drm/i915: Call dma_set_max_seg_size() in i915_driver_hw_probe()
    - bus: hisi_lpc: Unregister logical PIO range to avoid potential use-after-
      free

* New ID in ums-realtek module breaks cardreader (LP: #1838886) // Bionic
    update: upstream stable patchset 2019-09-09 (LP: #1843338)
    - USB: storage: ums-realtek: Whitelist auto-delink support

* TC filters are broken on Mellanox after upstream stable updates
    (LP: #1842502)
    - net/mlx5e: Remove redundant vport context vlan update
    - net/mlx5e: Properly order min inline mode setup while parsing TC matches
    - net/mlx5e: Get the required HW match level while parsing TC flow matches
    - net/mlx5e: Always use the match level enum when parsing TC rule match
    - net/mlx5e: Don't match on vlan non-existence if ethertype is wildcarded

-- Khalid Elmously <khalid.elmously@canonical.com>  Mon, 30 Sep 2019 23:02:24 -0400

Changed in linux (Ubuntu Bionic):
status:	Fix Committed → Fix Released

Po-Hsu Lin (cypressyew) on 2020-01-08

Changed in linux (Ubuntu):
status:	Confirmed → Invalid

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.

Ubuntulinux package