Bug #1819621 “linux-kvm: 4.18.0-1009.9 -proposed tracker” : Series promote-to-proposed : Bugs : Kernel SRU Workflow

Kleber Sacilotto de Souza (kleber-souza) on 2019-03-12

Changed in linux-kvm (Ubuntu):
status:	New → Invalid
Changed in linux-kvm (Ubuntu Cosmic):
importance:	Undecided → Medium
tags:	added: cosmic
tags:	added: kernel-release-tracking-bug
tags:	added: kernel-release-tracking-bug-live
tags:	added: kernel-sru-cycle-2019.03.11-1
Changed in kernel-sru-workflow:
status:	New → In Progress
importance:	Undecided → Medium
description:	updated
tags:	added: kernel-sru-derivative-of-1819624

Brad Figg (brad-figg) on 2019-03-12

description:

updated

Brad Figg (brad-figg) on 2019-03-12

description:

updated

Brad Figg (brad-figg) on 2019-03-13

description:

updated

Kleber Sacilotto de Souza (kleber-souza) on 2019-03-13

summary:

- linux-kvm: <version to be filled> -proposed tracker
+ linux-kvm: 4.18.0-1009.9 -proposed tracker

Brad Figg (brad-figg) on 2019-03-13

description:

updated

Brad Figg (brad-figg) on 2019-03-14

description:

updated

Brad Figg (brad-figg) on 2019-03-14

description:

updated

Brad Figg (brad-figg) on 2019-03-14

tags:	added: block-proposed-cosmic
tags:	added: block-proposed
description:	updated

Brad Figg (brad-figg) on 2019-03-14

description:

updated

Brad Figg (brad-figg) on 2019-03-14

description:

updated

Brad Figg (brad-figg) on 2019-03-15

description:

updated

Brad Figg (brad-figg) on 2019-03-16

description:

updated

Revision history for this message

Po-Hsu Lin (cypressyew) wrote on 2019-03-21:

#1

4.18.0-1009.9 - kvm
Regression test CMPL, RTB.

Issue to note in amd64:
  ubuntu_fan_smoke_test - ubuntu_fan_smoke_test failed on 4.4/4.15 kvm kernel (bug 1763323)
  ubuntu_kernel_selftests - psock_tpacket in net failed (bug 1812176) test_bpf in net (bug 1812189) RTNETLINK in net (bug 1812194) fib_tests in net (bug 1812622) fib-onlink-tests in net (bug 1812622) fib_rule_tests in net (bug 1812622) msg_zerocopy in net (bug 1812620) psock_snd in net (bug 1812618) ftrace (bug 1812318)
  ubuntu_kvm_unit_tests - 12 failed on KVM nodes
  ubuntu_ltp - test timed out
  ubuntu_ltp_syscalls - getrandom02 timed out (bug 1797327) fanotify09 case 2 (bug 1804594) msgstress03 (bug 1797341) msgstress04 (bug 1797348) quotactl01, quotactl02, quotactl03 (bug 1797325)
  ubuntu_qrt_apparmor - mmap timeouted (bug 1783922)
  ubuntu_qrt_kernel_security - SCHED_STACK_END_CHECK should be enabled (bug 1812159) LOCK_DOWN_KERNEL should be enabled (bug 1811981)
  ubuntu_quota_smoke_test - failed with KVM kernel (bug 1784535)
  ubuntu_sysdig_smoke_test - Unable to insert sysdig_probe module on B-KVM kernel (bug 1766565)

tags:

added: regression-testing-passed

Brad Figg (brad-figg) on 2019-03-21

description:

updated

Brad Figg (brad-figg) on 2019-03-25

description:

updated

Brad Figg (brad-figg) on 2019-03-27

description:

updated

Ubuntu Kernel Bot (ubuntu-kernel-bot) on 2019-04-01

description:

updated

Ubuntu Kernel Bot (ubuntu-kernel-bot) on 2019-04-01

description:

updated

Ubuntu Kernel Bot (ubuntu-kernel-bot) on 2019-04-01

description:

updated

Ubuntu Kernel Bot (ubuntu-kernel-bot) on 2019-04-02

tags:	removed: block-proposed-cosmic
tags:	removed: block-proposed
description:	updated

Revision history for this message

Launchpad Janitor (janitor) wrote on 2019-04-02:

#2

Download full text (5.4 KiB)

This bug was fixed in the package linux-kvm - 4.18.0-1009.9

---------------
linux-kvm (4.18.0-1009.9) cosmic; urgency=medium

* linux-kvm: 4.18.0-1009.9 -proposed tracker (LP: #1819621)

  * CONFIG_SECURITY_SELINUX_DISABLE should be disabled on KVM kernel
    (LP: #1812153)
    - [Config]: disable CONFIG_SECURITY_SELINUX_DISABLE
    - [Config]: disable CONFIG_SECURITY_WRITABLE_HOOKS

  * PAGE_POISONING / PAGE_POISONING_NO_SANITY / PAGE_POISONING_ZERO option was
    expected to be set in C-KVM (LP: #1812624)
    - [Config]: enable PAGE_POISONING, PAGE_POISONING_NO_SANITY,
      PAGE_POISONING_ZERO

[ Ubuntu: 4.18.0-17.18 ]

  * linux: 4.18.0-17.18 -proposed tracker (LP: #1819624)
  * Packaging resync (LP: #1786013)
    - [Packaging] resync getabis
    - [Packaging] update helper scripts
  * C++ demangling support missing from perf (LP: #1396654)
    - [Packaging] fix a mistype
  * arm-smmu-v3 arm-smmu-v3.3.auto: CMD_SYNC timeout (LP: #1818162)
    - iommu/arm-smmu-v3: Fix unexpected CMD_SYNC timeout
  * Crash in nvme_irq_check() when using threaded interrupts (LP: #1818747)
    - nvme-pci: fix out of bounds access in nvme_cqe_pending
  * CVE-2019-9003
    - ipmi: fix use-after-free of user->release_barrier.rda
  * CVE-2019-9162
    - netfilter: nf_nat_snmp_basic: add missing length checks in ASN.1 cbs
  * CVE-2019-9213
    - mm: enforce min addr even if capable() in expand_downwards()
  * CVE-2019-3460
    - Bluetooth: Check L2CAP option sizes returned from l2cap_get_conf_opt
  * tun/tap: unable to manage carrier state from userland (LP: #1806392)
    - tun: implement carrier change
  * CVE-2019-8980
    - exec: Fix mem leak in kernel_read_file
  * [Packaging] Allow overlay of config annotations (LP: #1752072)
    - [Packaging] config-check: Add an include directive
  * amdgpu with mst WARNING on blanking (LP: #1814308)
    - drm/amd/display: Fix MST dp_blank REG_WAIT timeout
  * CVE-2019-7308
    - bpf: move {prev_,}insn_idx into verifier env
    - bpf: move tmp variable into ax register in interpreter
    - bpf: enable access to ax register also from verifier rewrite
    - bpf: restrict map value pointer arithmetic for unprivileged
    - bpf: restrict stack pointer arithmetic for unprivileged
    - bpf: restrict unknown scalars of mixed signed bounds for unprivileged
    - bpf: fix check_map_access smin_value test when pointer contains offset
    - bpf: prevent out of bounds speculation on pointer arithmetic
    - bpf: fix sanitation of alu op with pointer / scalar type from different
      paths
    - bpf: add various test cases to test_verifier
    - bpf: add various test cases to selftests
  * CVE-2017-5753
    - bpf: fix inner map masking to prevent oob under speculation
  * Use memblock quirk instead of delayed allocation for GICv3 LPI tables
    (LP: #1816425)
    - efi/arm: Revert "Defer persistent reservations until after paging_init()"
    - arm64, mm, efi: Account for GICv3 LPI tables in static memblock reserve
      table
  * efi/arm/arm64: Allow SetVirtualAddressMap() to be omitted (LP: #1814982)
    - efi/arm/arm64: Allow SetVirtualAddressMap() to be omitted
  * Update ENA driver to version 2.0.3K (LP: #1816806)
    - net: ...

This bug was fixed in the package linux-kvm - 4.18.0-1009.9

---------------
linux-kvm (4.18.0-1009.9) cosmic; urgency=medium

* linux-kvm: 4.18.0-1009.9 -proposed tracker (LP: #1819621)

* CONFIG_SECURITY_SELINUX_DISABLE should be disabled on KVM kernel
    (LP: #1812153)
    - [Config]: disable CONFIG_SECURITY_SELINUX_DISABLE
    - [Config]: disable CONFIG_SECURITY_WRITABLE_HOOKS

* PAGE_POISONING / PAGE_POISONING_NO_SANITY / PAGE_POISONING_ZERO option was
    expected to be set in C-KVM (LP: #1812624)
    - [Config]: enable PAGE_POISONING, PAGE_POISONING_NO_SANITY,
      PAGE_POISONING_ZERO

[ Ubuntu: 4.18.0-17.18 ]

* linux: 4.18.0-17.18 -proposed tracker (LP: #1819624)
  * Packaging resync (LP: #1786013)
    - [Packaging] resync getabis
    - [Packaging] update helper scripts
  * C++ demangling support missing from perf (LP: #1396654)
    - [Packaging] fix a mistype
  * arm-smmu-v3 arm-smmu-v3.3.auto: CMD_SYNC timeout (LP: #1818162)
    - iommu/arm-smmu-v3: Fix unexpected CMD_SYNC timeout
  * Crash in nvme_irq_check() when using threaded interrupts (LP: #1818747)
    - nvme-pci: fix out of bounds access in nvme_cqe_pending
  * CVE-2019-9003
    - ipmi: fix use-after-free of user->release_barrier.rda
  * CVE-2019-9162
    - netfilter: nf_nat_snmp_basic: add missing length checks in ASN.1 cbs
  * CVE-2019-9213
    - mm: enforce min addr even if capable() in expand_downwards()
  * CVE-2019-3460
    - Bluetooth: Check L2CAP option sizes returned from l2cap_get_conf_opt
  * tun/tap: unable to manage carrier state from userland (LP: #1806392)
    - tun: implement carrier change
  * CVE-2019-8980
    - exec: Fix mem leak in kernel_read_file
  * [Packaging] Allow overlay of config annotations (LP: #1752072)
    - [Packaging] config-check: Add an include directive
  * amdgpu with mst WARNING on blanking (LP: #1814308)
    - drm/amd/display: Fix MST dp_blank REG_WAIT timeout
  * CVE-2019-7308
    - bpf: move {prev_,}insn_idx into verifier env
    - bpf: move tmp variable into ax register in interpreter
    - bpf: enable access to ax register also from verifier rewrite
    - bpf: restrict map value pointer arithmetic for unprivileged
    - bpf: restrict stack pointer arithmetic for unprivileged
    - bpf: restrict unknown scalars of mixed signed bounds for unprivileged
    - bpf: fix check_map_access smin_value test when pointer contains offset
    - bpf: prevent out of bounds speculation on pointer arithmetic
    - bpf: fix sanitation of alu op with pointer / scalar type from different
      paths
    - bpf: add various test cases to test_verifier
    - bpf: add various test cases to selftests
  * CVE-2017-5753
    - bpf: fix inner map masking to prevent oob under speculation
  * Use memblock quirk instead of delayed allocation for GICv3 LPI tables
    (LP: #1816425)
    - efi/arm: Revert "Defer persistent reservations until after paging_init()"
    - arm64, mm, efi: Account for GICv3 LPI tables in static memblock reserve
      table
  * efi/arm/arm64: Allow SetVirtualAddressMap() to be omitted (LP: #1814982)
    - efi/arm/arm64: Allow SetVirtualAddressMap() to be omitted
  * Update ENA driver to version 2.0.3K (LP: #1816806)
    - net: ena: update driver version from 2.0.2 to 2.0.3
    - net: ena: fix race between link up and device initalization
    - net: ena: fix crash during failed resume from hibernation
  * Silent "Unknown key" message when pressing keyboard backlight hotkey
    (LP: #1817063)
    - platform/x86: dell-wmi: Ignore new keyboard backlight change event
  * CVE-2018-19824
    - ALSA: usb-audio: Fix UAF decrement if card has no live interfaces in card.c
  * CVE-2019-3459
    - Bluetooth: Verify that l2cap_get_conf_opt provides large enough buffer
  * CONFIG_TEST_BPF is disabled (LP: #1813955)
    - [Config]: Reenable TEST_BPF
  * installer does not support iSCSI iBFT (LP: #1817321)
    - d-i: add iscsi_ibft to scsi-modules
  * CVE-2019-7222
    - KVM: x86: work around leak of uninitialized stack contents (CVE-2019-7222)
  * CVE-2019-7221
    - KVM: nVMX: unconditionally cancel preemption timer in free_nested
      (CVE-2019-7221)
  * CVE-2019-6974
    - kvm: fix kvm_ioctl_create_device() reference counting (CVE-2019-6974)
  * hns3 nic speed may not match optical port speed (LP: #1817969)
    - net: hns3: Config NIC port speed same as that of optical module
  * [Hyper-V] srcu: Lock srcu_data structure in srcu_gp_start() (LP: #1802021)
    - srcu: Lock srcu_data structure in srcu_gp_start()
  * libsas disks can have non-unique by-path names (LP: #1817784)
    - scsi: libsas: Fix rphy phy_identifier for PHYs with end devices attached
  * Bluetooth not working (Intel CyclonePeak) (LP: #1817518)
    - Bluetooth: btusb: Add support for Intel bluetooth device 8087:0029
  * CVE-2019-8912
    - net: crypto set sk to NULL when af_alg_release.
    - net: socket: set sock->sk to NULL after calling proto_ops::release()
  * 4.18.0 thinkpad_acpi : thresholds for BAT1 not writable (LP: #1812099)
    - platform/x86: thinkpad_acpi: Fix multi-battery bug
  * [ALSA] [PATCH] System76 darp5 and oryp5 fixups (LP: #1815831)
    - ALSA: hda/realtek - Headset microphone support for System76 darp5
    - ALSA: hda/realtek - Headset microphone and internal speaker support for
      System76 oryp5
  * CVE-2019-8956
    - sctp: walk the list of asoc safely
  * Constant noise in the headphone on Lenovo X1 machines (LP: #1817263)
    - ALSA: hda/realtek: Disable PC beep in passthrough on alc285

-- Kleber Sacilotto de Souza <kleber.souza@canonical.com>  Thu, 14 Mar 2019 09:43:06 +0100

Changed in linux-kvm (Ubuntu Cosmic):
status:	New → Fix Released

Ubuntu Kernel Bot (ubuntu-kernel-bot) on 2019-04-02

description:

updated

Ubuntu Kernel Bot (ubuntu-kernel-bot) on 2019-04-02

description:

updated

Revision history for this message

Ubuntu Kernel Bot (ubuntu-kernel-bot) wrote on 2019-04-02: Workflow done!

#3

All tasks have been completed and the bug is being set to Fix Released

Changed in kernel-sru-workflow:
status:	In Progress → Fix Released
description:	updated
tags:	removed: kernel-release-tracking-bug-live

Kernel SRU Workflow

linux-kvm: 4.18.0-1009.9 -proposed tracker

Bug Description

CVE References

Other bug subscribers

Remote bug watches

	Status	Importance	Assigned to
Kernel SRU Workflow	Fix Released	Medium	Unassigned
Automated-testing	Fix Released	Medium	Canonical Kernel Team
Certification-testing	Invalid	Medium	Canonical Hardware Certification
Prepare-package	Fix Released	Medium	Unassigned
Prepare-package-meta	Fix Released	Medium	Kleber Sacilotto de Souza
Promote-to-proposed	Fix Released	Medium	Łukasz Zemczak
Promote-to-security	Fix Released	Medium	Łukasz Zemczak
Promote-to-updates	Fix Released	Medium	Łukasz Zemczak
Regression-testing	Fix Released	Medium	Po-Hsu Lin
Security-signoff	Fix Released	Medium	Steve Beattie
Verification-testing	Fix Released	Medium	Canonical Kernel Team
linux-kvm (Ubuntu)	Invalid	Undecided	Unassigned
Cosmic	Fix Released	Medium	Unassigned