Bug #1793461 “Improvements to the kernel source package preparat...” : Bionic (18.04) : Bugs : linux-hwe-edge package : Ubuntu

Revision history for this message

Ubuntu Kernel Bot (ubuntu-kernel-bot) wrote on 2018-09-20: Missing required logs.

#1

This bug is missing log files that will aid in diagnosing the problem. While running an Ubuntu kernel (not a mainline or third-party kernel) please enter the following command in a terminal window:

apport-collect 1793461

and then change the status of the bug to 'Confirmed'.

If, due to the nature of the issue you have encountered, you are unable to run this command, please add a comment stating that fact and change the bug status to 'Confirmed'.

This change has been made by an automated script, maintained by the Ubuntu Kernel Team.

Changed in linux (Ubuntu):
status:	New → Incomplete
Changed in linux (Ubuntu Bionic):
status:	New → Incomplete
Changed in linux (Ubuntu Precise):
status:	New → Incomplete
Changed in linux (Ubuntu Trusty):
status:	New → Incomplete
Changed in linux (Ubuntu Xenial):
status:	New → Incomplete

Seth Forshee (sforshee) on 2018-09-20

Changed in linux (Ubuntu Cosmic):
status:	Incomplete → Fix Committed

Kleber Sacilotto de Souza (kleber-souza) on 2018-09-20

Changed in linux (Ubuntu Trusty):
status:	Incomplete → Fix Committed
Changed in linux (Ubuntu Xenial):
status:	Incomplete → Fix Committed
Changed in linux (Ubuntu Bionic):
status:	Incomplete → Fix Committed

Kleber Sacilotto de Souza (kleber-souza) on 2018-09-20

Changed in linux (Ubuntu Precise):
status:	Incomplete → Fix Committed

Revision history for this message

Brad Figg (brad-figg) wrote on 2018-10-03:

#2

This bug is awaiting verification that the kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-bionic' to 'verification-done-bionic'. If the problem still exists, change the tag 'verification-needed-bionic' to 'verification-failed-bionic'.

If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you!

tags:

added: verification-needed-bionic

Revision history for this message

Brad Figg (brad-figg) wrote on 2018-10-04:

#3

This bug is awaiting verification that the kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-xenial' to 'verification-done-xenial'. If the problem still exists, change the tag 'verification-needed-xenial' to 'verification-failed-xenial'.

If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you!

tags:

added: verification-needed-xenial

Revision history for this message

Brad Figg (brad-figg) wrote on 2018-10-04:

#4

This bug is awaiting verification that the kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-trusty' to 'verification-done-trusty'. If the problem still exists, change the tag 'verification-needed-trusty' to 'verification-failed-trusty'.

If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you!

tags:

added: verification-needed-trusty

Thadeu Lima de Souza Cascardo (cascardo) on 2018-10-08

Changed in linux-hwe-edge (Ubuntu Bionic):
status:	New → Fix Committed

Revision history for this message

Kleber Sacilotto de Souza (kleber-souza) wrote on 2018-10-12:

#5

New 'startnewrelease' target used for all Trusty, Xenial and Bionic backports this cycle. Worked as expected.

tags:

added: verification-done-bionic verification-done-trusty verification-done-xenial
removed: verification-needed-bionic verification-needed-trusty verification-needed-xenial

Revision history for this message

Launchpad Janitor (janitor) wrote on 2018-10-12:

#6

Download full text (60.2 KiB)

This bug was fixed in the package linux - 4.18.0-9.10

---------------
linux (4.18.0-9.10) cosmic; urgency=medium

* linux: 4.18.0-9.10 -proposed tracker (LP: #1796346)

  * Cosmic update: v4.18.12 upstream stable release (LP: #1796139)
    - crypto: skcipher - Fix -Wstringop-truncation warnings
    - iio: adc: ina2xx: avoid kthread_stop() with stale task_struct
    - tsl2550: fix lux1_input error in low light
    - misc: ibmvmc: Use GFP_ATOMIC under spin lock
    - vmci: type promotion bug in qp_host_get_user_memory()
    - siox: don't create a thread without starting it
    - x86/numa_emulation: Fix emulated-to-physical node mapping
    - staging: rts5208: fix missing error check on call to rtsx_write_register
    - power: supply: axp288_charger: Fix initial constant_charge_current value
    - misc: sram: enable clock before registering regions
    - serial: sh-sci: Stop RX FIFO timer during port shutdown
    - uwb: hwa-rc: fix memory leak at probe
    - power: vexpress: fix corruption in notifier registration
    - iommu/amd: make sure TLB to be flushed before IOVA freed
    - Bluetooth: Add a new Realtek 8723DE ID 0bda:b009
    - USB: serial: kobil_sct: fix modem-status error handling
    - 6lowpan: iphc: reset mac_header after decompress to fix panic
    - iommu/msm: Don't call iommu_device_{,un}link from atomic context
    - s390/mm: correct allocate_pgste proc_handler callback
    - power: remove possible deadlock when unregistering power_supply
    - drm/amd/display/dc/dce: Fix multiple potential integer overflows
    - drm/amd/display: fix use of uninitialized memory
    - md-cluster: clear another node's suspend_area after the copy is finished
    - cxgb4: Fix the condition to check if the card is T5
    - RDMA/bnxt_re: Fix a couple off by one bugs
    - RDMA/i40w: Hold read semaphore while looking after VMA
    - RDMA/bnxt_re: Fix a bunch of off by one bugs in qplib_fp.c
    - IB/core: type promotion bug in rdma_rw_init_one_mr()
    - media: exynos4-is: Prevent NULL pointer dereference in __isp_video_try_fmt()
    - IB/mlx4: Test port number before querying type.
    - powerpc/kdump: Handle crashkernel memory reservation failure
    - media: fsl-viu: fix error handling in viu_of_probe()
    - vhost_net: Avoid tx vring kicks during busyloop
    - media: staging/imx: fill vb2_v4l2_buffer field entry
    - IB/mlx5: Fix GRE flow specification
    - include/rdma/opa_addr.h: Fix an endianness issue
    - x86/tsc: Add missing header to tsc_msr.c
    - ARM: hwmod: RTC: Don't assume lock/unlock will be called with irq enabled
    - x86/entry/64: Add two more instruction suffixes
    - ARM: dts: ls1021a: Add missing cooling device properties for CPUs
    - scsi: target/iscsi: Make iscsit_ta_authentication() respect the output
      buffer size
    - thermal: i.MX: Allow thermal probe to fail gracefully in case of bad
      calibration.
    - scsi: klist: Make it safe to use klists in atomic context
    - scsi: ibmvscsi: Improve strings handling
    - scsi: target: Avoid that EXTENDED COPY commands trigger lock inversion
    - usb: wusbcore: security: cast sizeof to int for comparison
    - ath10k: sdio: use same endpoint id for all packets...

This bug was fixed in the package linux - 4.18.0-9.10

---------------
linux (4.18.0-9.10) cosmic; urgency=medium

* linux: 4.18.0-9.10 -proposed tracker (LP: #1796346)

* Cosmic update: v4.18.12 upstream stable release (LP: #1796139)
    - crypto: skcipher - Fix -Wstringop-truncation warnings
    - iio: adc: ina2xx: avoid kthread_stop() with stale task_struct
    - tsl2550: fix lux1_input error in low light
    - misc: ibmvmc: Use GFP_ATOMIC under spin lock
    - vmci: type promotion bug in qp_host_get_user_memory()
    - siox: don't create a thread without starting it
    - x86/numa_emulation: Fix emulated-to-physical node mapping
    - staging: rts5208: fix missing error check on call to rtsx_write_register
    - power: supply: axp288_charger: Fix initial constant_charge_current value
    - misc: sram: enable clock before registering regions
    - serial: sh-sci: Stop RX FIFO timer during port shutdown
    - uwb: hwa-rc: fix memory leak at probe
    - power: vexpress: fix corruption in notifier registration
    - iommu/amd: make sure TLB to be flushed before IOVA freed
    - Bluetooth: Add a new Realtek 8723DE ID 0bda:b009
    - USB: serial: kobil_sct: fix modem-status error handling
    - 6lowpan: iphc: reset mac_header after decompress to fix panic
    - iommu/msm: Don't call iommu_device_{,un}link from atomic context
    - s390/mm: correct allocate_pgste proc_handler callback
    - power: remove possible deadlock when unregistering power_supply
    - drm/amd/display/dc/dce: Fix multiple potential integer overflows
    - drm/amd/display: fix use of uninitialized memory
    - md-cluster: clear another node's suspend_area after the copy is finished
    - cxgb4: Fix the condition to check if the card is T5
    - RDMA/bnxt_re: Fix a couple off by one bugs
    - RDMA/i40w: Hold read semaphore while looking after VMA
    - RDMA/bnxt_re: Fix a bunch of off by one bugs in qplib_fp.c
    - IB/core: type promotion bug in rdma_rw_init_one_mr()
    - media: exynos4-is: Prevent NULL pointer dereference in __isp_video_try_fmt()
    - IB/mlx4: Test port number before querying type.
    - powerpc/kdump: Handle crashkernel memory reservation failure
    - media: fsl-viu: fix error handling in viu_of_probe()
    - vhost_net: Avoid tx vring kicks during busyloop
    - media: staging/imx: fill vb2_v4l2_buffer field entry
    - IB/mlx5: Fix GRE flow specification
    - include/rdma/opa_addr.h: Fix an endianness issue
    - x86/tsc: Add missing header to tsc_msr.c
    - ARM: hwmod: RTC: Don't assume lock/unlock will be called with irq enabled
    - x86/entry/64: Add two more instruction suffixes
    - ARM: dts: ls1021a: Add missing cooling device properties for CPUs
    - scsi: target/iscsi: Make iscsit_ta_authentication() respect the output
      buffer size
    - thermal: i.MX: Allow thermal probe to fail gracefully in case of bad
      calibration.
    - scsi: klist: Make it safe to use klists in atomic context
    - scsi: ibmvscsi: Improve strings handling
    - scsi: target: Avoid that EXTENDED COPY commands trigger lock inversion
    - usb: wusbcore: security: cast sizeof to int for comparison
    - ath10k: sdio: use same endpoint id for all packets in a bundle
    - ath10k: sdio: set skb len for all rx packets
    - powerpc/powernv/ioda2: Reduce upper limit for DMA window size
    - platform/x86: asus-wireless: Fix uninitialized symbol usage
    - ACPI / button: increment wakeup count only when notified
    - s390/sysinfo: add missing #ifdef CONFIG_PROC_FS
    - alarmtimer: Prevent overflow for relative nanosleep
    - s390/dasd: correct numa_node in dasd_alloc_queue
    - s390/scm_blk: correct numa_node in scm_blk_dev_setup
    - s390/extmem: fix gcc 8 stringop-overflow warning
    - mtd: rawnand: atmel: add module param to avoid using dma
    - iio: accel: adxl345: convert address field usage in iio_chan_spec
    - posix-timers: Make forward callback return s64
    - posix-timers: Sanitize overrun handling
    - ALSA: snd-aoa: add of_node_put() in error path
    - selftests: forwarding: Tweak tc filters for mirror-to-gretap tests
    - ath10k: use locked skb_dequeue for rx completions
    - media: s3c-camif: ignore -ENOIOCTLCMD from v4l2_subdev_call for s_power
    - media: soc_camera: ov772x: correct setting of banding filter
    - media: omap3isp: zero-initialize the isp cam_xclk{a,b} initial data
    - media: ov772x: add checks for register read errors
    - staging: android: ashmem: Fix mmap size validation
    - media: ov772x: allow i2c controllers without I2C_FUNC_PROTOCOL_MANGLING
    - staging: mt7621-eth: Fix memory leak in mtk_add_mac() error path
    - drivers/tty: add error handling for pcmcia_loop_config
    - arm64: dts: renesas: salvator-common: Fix adv7482 decimal unit addresses
    - serial: pxa: Fix an error handling path in 'serial_pxa_probe()'
    - staging: mt7621-dts: Fix remaining pcie warnings
    - media: tm6000: add error handling for dvb_register_adapter
    - ASoC: qdsp6: qdafe: fix some off by one bugs
    - net: phy: xgmiitorgmii: Check read_status results
    - ath10k: protect ath10k_htt_rx_ring_free with rx_ring.lock
    - drm/sun4i: Enable DW HDMI PHY clock
    - net: phy: xgmiitorgmii: Check phy_driver ready before accessing
    - drm/sun4i: Fix releasing node when enumerating enpoints
    - ath10k: transmit queued frames after processing rx packets
    - mt76x2: fix mrr idx/count estimation in mt76x2_mac_fill_tx_status()
    - rndis_wlan: potential buffer overflow in rndis_wlan_auth_indication()
    - brcmsmac: fix wrap around in conversion from constant to s16
    - bitfield: fix *_encode_bits()
    - wlcore: Add missing PM call for wlcore_cmd_wait_for_event_or_timeout()
    - drm/omap: gem: Fix mm_list locking
    - ARM: mvebu: declare asm symbols as character arrays in pmsu.c
    - RDMA/uverbs: Don't overwrite NULL pointer with ZERO_SIZE_PTR
    - Documentation/process: fix reST table border error
    - perf/hw_breakpoint: Split attribute parse and commit
    - arm: dts: mediatek: Add missing cooling device properties for CPUs
    - HID: hid-ntrig: add error handling for sysfs_create_group
    - HID: i2c-hid: Use devm to allocate i2c_hid struct
    - MIPS: boot: fix build rule of vmlinux.its.S
    - arm64: dts: renesas: Fix VSPD registers range
    - drm/v3d: Take a lock across GPU scheduler job creation and queuing.
    - perf/x86/intel/lbr: Fix incomplete LBR call stack
    - scsi: bnx2i: add error handling for ioremap_nocache
    - iomap: complete partial direct I/O writes synchronously
    - spi: orion: fix CS GPIO handling again
    - scsi: megaraid_sas: Update controller info during resume
    - ASoC: Intel: bytcr_rt5640: Fix Acer Iconia 8 over-current detect threshold
    - ASoC: rt1305: Use ULL suffixes for 64-bit constants
    - ASoC: rsnd: SSI parent cares SWSP bit
    - EDAC, i7core: Fix memleaks and use-after-free on probe and remove
    - ASoC: dapm: Fix potential DAI widget pointer deref when linking DAIs
    - module: exclude SHN_UNDEF symbols from kallsyms api
    - gpio: Fix wrong rounding in gpio-menz127
    - nfsd: fix corrupted reply to badly ordered compound
    - EDAC: Fix memleak in module init error path
    - EDAC, altera: Fix an error handling path in altr_s10_sdram_probe()
    - staging: pi433: fix race condition in pi433_ioctl
    - ath10k: fix incorrect size of dma_free_coherent in
      ath10k_ce_alloc_src_ring_64
    - ath10k: snoc: use correct bus-specific pointer in RX retry
    - fs/lock: skip lock owner pid translation in case we are in init_pid_ns
    - ath10k: fix memory leak of tpc_stats
    - Input: xen-kbdfront - fix multi-touch XenStore node's locations
    - iio: 104-quad-8: Fix off-by-one error in register selection
    - drm/vc4: Add missing formats to vc4_format_mod_supported().
    - ARM: dts: dra7: fix DCAN node addresses
    - drm/vc4: plane: Expand the lower bits by repeating the higher bits
    - perf tests: Fix indexing when invoking subtests
    - gpio: tegra: Fix tegra_gpio_irq_set_type()
    - block: fix deadline elevator drain for zoned block devices
    - x86/mm: Expand static page table for fixmap space
    - tty: serial: lpuart: avoid leaking struct tty_struct
    - serial: imx: restore handshaking irq for imx1
    - serial: mvebu-uart: Fix reporting of effective CSIZE to userspace
    - serial: cpm_uart: return immediately from console poll
    - intel_th: Fix device removal logic
    - intel_th: Fix resource handling for ACPI glue layer
    - spi: tegra20-slink: explicitly enable/disable clock
    - spi: sh-msiof: Fix invalid SPI use during system suspend
    - spi: sh-msiof: Fix handling of write value for SISTR register
    - spi: rspi: Fix invalid SPI use during system suspend
    - spi: rspi: Fix interrupted DMA transfers
    - regulator: fix crash caused by null driver data
    - regulator: Fix 'do-nothing' value for regulators without suspend state
    - USB: fix error handling in usb_driver_claim_interface()
    - USB: handle NULL config in usb_find_alt_setting()
    - usb: roles: Take care of driver module reference counting
    - usb: musb: dsps: do not disable CPPI41 irq in driver teardown
    - USB: usbdevfs: sanitize flags more
    - USB: usbdevfs: restore warning for nonsensical flags
    - Revert "usb: cdc-wdm: Fix a sleep-in-atomic-context bug in
      service_outstanding_interrupt()"
    - USB: remove LPM management from usb_driver_claim_interface()
    - uaccess: Fix is_source param for check_copy_size() in copy_to_iter_mcsafe()
    - ext2, dax: set ext2_dax_aops for dax files
    - filesystem-dax: Fix use of zero page
    - IB/srp: Avoid that sg_reset -d ${srp_device} triggers an infinite loop
    - IB/hfi1: Fix SL array bounds check
    - IB/hfi1: Invalid user input can result in crash
    - IB/hfi1: Fix context recovery when PBC has an UnsupportedVL
    - IB/hfi1: Fix destroy_qp hang after a link down
    - ACPI / hotplug / PCI: Don't scan for non-hotplug bridges if slot is not
      bridge
    - RDMA/uverbs: Atomically flush and mark closed the comp event queue
    - arm64: KVM: Tighten guest core register access from userspace
    - ARM: OMAP2+: Fix null hwmod for ti-sysc debug
    - ARM: OMAP2+: Fix module address for modules using mpu_rt_idx
    - bus: ti-sysc: Fix module register ioremap for larger offsets
    - qed: Wait for ready indication before rereading the shmem
    - qed: Wait for MCP halt and resume commands to take place
    - qed: Prevent a possible deadlock during driver load and unload
    - qed: Avoid sending mailbox commands when MFW is not responsive
    - thermal: of-thermal: disable passive polling when thermal zone is disabled
    - isofs: reject hardware sector size > 2048 bytes
    - mmc: atmel-mci: fix bad logic of sg_copy_{from,to}_buffer conversion
    - mmc: android-goldfish: fix bad logic of sg_copy_{from,to}_buffer conversion
    - bus: ti-sysc: Fix no_console_suspend handling
    - ARM: dts: omap4-droid4: fix vibrations on Droid 4
    - bpf, sockmap: fix sock_hash_alloc and reject zero-sized keys
    - bpf, sockmap: fix sock hash count in alloc_sock_hash_elem
    - tls: possible hang when do_tcp_sendpages hits sndbuf is full case
    - bpf: sockmap: write_space events need to be passed to TCP handler
    - drm/amdgpu: fix VM clearing for the root PD
    - drm/amdgpu: fix preamble handling
    - amdgpu: fix multi-process hang issue
    - net/ncsi: Fixup .dumpit message flags and ID check in Netlink handler
    - tcp_bbr: add bbr_check_probe_rtt_done() helper
    - tcp_bbr: in restart from idle, see if we should exit PROBE_RTT
    - net: hns: fix length and page_offset overflow when CONFIG_ARM64_64K_PAGES
    - net: hns: fix skb->truesize underestimation
    - net: hns3: fix page_offset overflow when CONFIG_ARM64_64K_PAGES
    - ice: Fix multiple static analyser warnings
    - ice: Report stats for allocated queues via ethtool stats
    - ice: Clean control queues only when they are initialized
    - ice: Fix bugs in control queue processing
    - ice: Use order_base_2 to calculate higher power of 2
    - ice: Set VLAN flags correctly
    - tools: bpftool: return from do_event_pipe() on bad arguments
    - ice: Fix a few null pointer dereference issues
    - ice: Fix potential return of uninitialized value
    - e1000: check on netif_running() before calling e1000_up()
    - e1000: ensure to free old tx/rx rings in set_ringparam()
    - ixgbe: fix driver behaviour after issuing VFLR
    - i40e: Fix for Tx timeouts when interface is brought up if DCB is enabled
    - i40e: fix condition of WARN_ONCE for stat strings
    - crypto: chtls - fix null dereference chtls_free_uld()
    - crypto: cavium/nitrox - fix for command corruption in queue full case with
      backlog submissions.
    - hwmon: (ina2xx) fix sysfs shunt resistor read access
    - hwmon: (adt7475) Make adt7475_read_word() return errors
    - Revert "ARM: dts: imx7d: Invert legacy PCI irq mapping"
    - drm/amdgpu: Enable/disable gfx PG feature in rlc safe mode
    - drm/amdgpu: Update power state at the end of smu hw_init.
    - ata: ftide010: Add a quirk for SQ201
    - nvme-fcloop: Fix dropped LS's to removed target port
    - ARM: dts: omap4-droid4: Fix emmc errors seen on some devices
    - drm/amdgpu: Need to set moved to true when evict bo
    - arm/arm64: smccc-1.1: Make return values unsigned long
    - arm/arm64: smccc-1.1: Handle function result as parameters
    - i2c: i801: Allow ACPI AML access I/O ports not reserved for SMBus
    - clk: x86: Set default parent to 48Mhz
    - x86/pti: Fix section mismatch warning/error
    - KVM: PPC: Book3S HV: Fix guest r11 corruption with POWER9 TM workarounds
    - powerpc: fix csum_ipv6_magic() on little endian platforms
    - powerpc/pkeys: Fix reading of ibm, processor-storage-keys property
    - powerpc/pseries: Fix unitialized timer reset on migration
    - arm64: KVM: Sanitize PSTATE.M when being set from userspace
    - media: v4l: event: Prevent freeing event subscriptions while accessed
    - Linux 4.18.12

* Fix usbcore.quirks when used at boot (LP: #1795784)
    - usb: core: safely deal with the dynamic quirk lists

* Dell new AIO requires a new uart backlight driver (LP: #1727235)
    - SAUCE: platform/x86: dell-uart-backlight: new backlight driver for DELL AIO
    - updateconfigs for Dell UART backlight driver

* Please make CONFIG_PWM_LPSS_PCI and CONFIG_PWM_LPSS_PLATFORM built in to
    make brightness adjustment working on various BayTrail/CherryTrail-based
    devices (LP: #1783964)
    - [Config]: Make PWM_LPSS_* built-in

* CVE-2018-5391
    - SAUCE: Revert "net: increase fragment memory usage limits"

* check and fix zkey required kernel modules locations in debs, udebs, and
    initramfs (LP: #1794346)
    - [Config] add s390 crypto modules to crypt-modules udeb

* iptables --list --numeric fails on -virtual kernel / -virtual missing
    bpfilter (LP: #1795036)
    - [Config] add bpfilter.ko to generic inclusion list

* fails to build  on armhf because of module rename (LP: #1795665)
    - [Config] omapfb was renamed to omap2fb

* qeth: use vzalloc for QUERY OAT buffer (LP: #1793086)
    - s390/qeth: use vzalloc for QUERY OAT buffer

* Cosmic update to 4.18.11 stable release (LP: #1795486)
    - gso_segment: Reset skb->mac_len after modifying network header
    - ipv6: fix possible use-after-free in ip6_xmit()
    - net/appletalk: fix minor pointer leak to userspace in SIOCFINDIPDDPRT
    - net: hp100: fix always-true check for link up state
    - pppoe: fix reception of frames with no mac header
    - qmi_wwan: set DTR for modems in forced USB2 mode
    - udp4: fix IP_CMSG_CHECKSUM for connected sockets
    - tls: don't copy the key out of tls12_crypto_info_aes_gcm_128
    - tls: zero the crypto information from tls_context before freeing
    - tls: clear key material from kernel memory when do_tls_setsockopt_conf fails
    - neighbour: confirm neigh entries when ARP packet is received
    - udp6: add missing checks on edumux packet processing
    - net/sched: act_sample: fix NULL dereference in the data path
    - hv_netvsc: fix schedule in RCU context
    - net: dsa: mv88e6xxx: Fix ATU Miss Violation
    - socket: fix struct ifreq size in compat ioctl
    - tls: fix currently broken MSG_PEEK behavior
    - ipv6: use rt6_info members when dst is set in rt6_fill_node
    - net/ipv6: do not copy dst flags on rt init
    - net: mvpp2: let phylink manage the carrier state
    - net: rtnl_configure_link: fix dev flags changes arg to __dev_notify_flags
    - NFC: Fix possible memory corruption when handling SHDLC I-Frame commands
    - NFC: Fix the number of pipes
    - ASoC: wm9712: fix replace codec to component
    - ASoC: cs4265: fix MMTLR Data switch control
    - ASoC: tas6424: Save last fault register even when clear
    - ASoC: rsnd: fixup not to call clk_get/set under non-atomic
    - ASoC: uapi: fix sound/skl-tplg-interface.h userspace compilation errors
    - ALSA: bebob: fix memory leak for M-Audio FW1814 and ProjectMix I/O at error
      path
    - ALSA: bebob: use address returned by kmalloc() instead of kernel stack for
      streaming DMA mapping
    - ALSA: emu10k1: fix possible info leak to userspace on
      SNDRV_EMU10K1_IOCTL_INFO
    - ALSA: fireface: fix memory leak in ff400_switch_fetching_mode()
    - ALSA: firewire-digi00x: fix memory leak of private data
    - ALSA: firewire-tascam: fix memory leak of private data
    - ALSA: fireworks: fix memory leak of response buffer at error path
    - ALSA: oxfw: fix memory leak for model-dependent data at error path
    - ALSA: oxfw: fix memory leak of discovered stream formats at error path
    - ALSA: oxfw: fix memory leak of private data
    - mtd: devices: m25p80: Make sure the buffer passed in op is DMA-able
    - mtd: rawnand: denali: fix a race condition when DMA is kicked
    - platform/x86: dell-smbios-wmi: Correct a memory leak
    - platform/x86: alienware-wmi: Correct a memory leak
    - xen/netfront: don't bug in case of too many frags
    - xen/x86/vpmu: Zero struct pt_regs before calling into sample handling code
    - spi: fix IDR collision on systems with both fixed and dynamic SPI bus
      numbers
    - Revert "PCI: Add ACS quirk for Intel 300 series"
    - ring-buffer: Allow for rescheduling when removing pages
    - crypto: x86/aegis,morus - Do not require OSXSAVE for SSE2
    - fork: report pid exhaustion correctly
    - mm: disable deferred struct page for 32-bit arches
    - mm: shmem.c: Correctly annotate new inodes for lockdep
    - Revert "rpmsg: core: add support to power domains for devices"
    - bpf/verifier: disallow pointer subtraction
    - Revert "uapi/linux/keyctl.h: don't use C++ reserved keyword as a struct
      member name"
    - scsi: target: iscsi: Use bin2hex instead of a re-implementation
    - Revert "ubifs: xattr: Don't operate on deleted inodes"
    - libata: mask swap internal and hardware tag
    - ocfs2: fix ocfs2 read block panic
    - drm/i915/bdw: Increase IPS disable timeout to 100ms
    - drm/nouveau: Reset MST branching unit before enabling
    - drm/nouveau: Only write DP_MSTM_CTRL when needed
    - drm/nouveau: Remove duplicate poll_enable() in pmops_runtime_suspend()
    - drm/nouveau: Fix deadlocks in nouveau_connector_detect()
    - drm/nouveau/drm/nouveau: Don't forget to cancel hpd_work on suspend/unload
    - drm/nouveau/drm/nouveau: Fix bogus drm_kms_helper_poll_enable() placement
    - drm/nouveau/drm/nouveau: Fix deadlock with fb_helper with async RPM requests
    - drm/nouveau/drm/nouveau: Use pm_runtime_get_noresume() in connector_detect()
    - drm/nouveau/drm/nouveau: Prevent handling ACPI HPD events too early
    - drm/vc4: Fix the "no scaling" case on multi-planar YUV formats
    - drm: udl: Destroy framebuffer only if it was initialized
    - drm/amdgpu: add new polaris pci id
    - tty: vt_ioctl: fix potential Spectre v1
    - ext4: check to make sure the rename(2)'s destination is not freed
    - ext4: avoid divide by zero fault when deleting corrupted inline directories
    - ext4: avoid arithemetic overflow that can trigger a BUG
    - ext4: recalucate superblock checksum after updating free blocks/inodes
    - ext4: fix online resize's handling of a too-small final block group
    - ext4: fix online resizing for bigalloc file systems with a 1k block size
    - ext4: don't mark mmp buffer head dirty
    - ext4: show test_dummy_encryption mount option in /proc/mounts
    - ext4, dax: add ext4_bmap to ext4_dax_aops
    - ext4, dax: set ext4_dax_aops for dax files
    - sched/fair: Fix vruntime_normalized() for remote non-migration wakeup
    - vmw_balloon: include asm/io.h
    - iw_cxgb4: only allow 1 flush on user qps
    - spi: Fix double IDR allocation with DT aliases
    - Linux 4.18.11

* CVE-2018-14633
    - scsi: target: iscsi: Use hex2bin instead of a re-implementation

* Cosmic update to 4.18.10 stable release (LP: #1794597)
    - be2net: Fix memory leak in be_cmd_get_profile_config()
    - net/mlx5: Fix use-after-free in self-healing flow
    - net: qca_spi: Fix race condition in spi transfers
    - rds: fix two RCU related problems
    - tipc: orphan sock in tipc_release()
    - net/mlx5: E-Switch, Fix memory leak when creating switchdev mode FDB tables
    - net/tls: Set count of SG entries if sk_alloc_sg returns -ENOSPC
    - net/mlx5: Check for error in mlx5_attach_interface
    - net/mlx5: Fix debugfs cleanup in the device init/remove flow
    - erspan: fix error handling for erspan tunnel
    - erspan: return PACKET_REJECT when the appropriate tunnel is not found
    - tcp: really ignore MSG_ZEROCOPY if no SO_ZEROCOPY
    - net/mlx5: Fix not releasing read lock when adding flow rules
    - net/mlx5: Fix possible deadlock from lockdep when adding fte to fg
    - net/mlx5: Use u16 for Work Queue buffer fragment size
    - usb: dwc3: change stream event enable bit back to 13
    - iommu/arm-smmu-v3: sync the OVACKFLG to PRIQ consumer register
    - iommu/io-pgtable-arm-v7s: Abort allocation when table address overflows the
      PTE
    - iommu/io-pgtable-arm: Fix pgtable allocation in selftest
    - ALSA: msnd: Fix the default sample sizes
    - ALSA: usb-audio: Add support for Encore mDSD USB DAC
    - ALSA: usb-audio: Fix multiple definitions in AU0828_DEVICE() macro
    - xfrm: fix 'passing zero to ERR_PTR()' warning
    - amd-xgbe: use dma_mapping_error to check map errors
    - nfp: don't fail probe on pci_sriov_set_totalvfs() errors
    - iwlwifi: cancel the injective function between hw pointers to tfd entry
      index
    - gfs2: Special-case rindex for gfs2_grow
    - clk: imx6ul: fix missing of_node_put()
    - clk: imx6sll: fix missing of_node_put()
    - clk: mvebu: armada-37xx-periph: Fix wrong return value in get_parent
    - Input: pxrc - fix freeing URB on device teardown
    - clk: core: Potentially free connection id
    - clk: clk-fixed-factor: Clear OF_POPULATED flag in case of failure
    - kbuild: add .DELETE_ON_ERROR special target
    - kbuild: do not update config when running install targets
    - media: tw686x: Fix oops on buffer alloc failure
    - dmaengine: pl330: fix irq race with terminate_all
    - MIPS: ath79: fix system restart
    - media: videobuf2-core: check for q->error in vb2_core_qbuf()
    - IB/rxe: Drop QP0 silently
    - block: allow max_discard_segments to be stacked
    - IB/ipoib: Fix error return code in ipoib_dev_init()
    - mtd/maps: fix solutionengine.c printk format warnings
    - media: ov5645: Supported external clock is 24MHz
    - perf test: Fix subtest number when showing results
    - gfs2: Don't reject a supposedly full bitmap if we have blocks reserved
    - perf tools: Synthesize GROUP_DESC feature in pipe mode
    - perf tests: Fix record+probe_libc_inet_pton.sh for powerpc64
    - perf tests: Fix record+probe_libc_inet_pton.sh when event exists
    - perf tests: Fix record+probe_libc_inet_pton.sh to ensure cleanups
    - fbdev: omapfb: off by one in omapfb_register_client()
    - perf tools: Fix struct comm_str removal crash
    - video: goldfishfb: fix memory leak on driver remove
    - fbdev/via: fix defined but not used warning
    - perf powerpc: Fix callchain ip filtering when return address is in a
      register
    - video: fbdev: pxafb: clear allocated memory for video modes
    - fbdev: Distinguish between interlaced and progressive modes
    - omapfb: rename omap2 module to omap2fb.ko
    - ARM: exynos: Clear global variable on init error path
    - perf powerpc: Fix callchain ip filtering
    - nvmet: fix file discard return status
    - nvme-rdma: unquiesce queues when deleting the controller
    - KVM: arm/arm64: vgic: Fix possible spectre-v1 write in vgic_mmio_write_apr()
    - powerpc/powernv: opal_put_chars partial write fix
    - perf script: Show correct offsets for DWARF-based unwinding
    - staging: bcm2835-camera: fix timeout handling in wait_for_completion_timeout
    - staging: bcm2835-camera: handle wait_for_completion_timeout return properly
    - ASoC: rt5514: Fix the issue of the delay volume applied
    - MIPS: jz4740: Bump zload address
    - mac80211: restrict delayed tailroom needed decrement
    - Smack: Fix handling of IPv4 traffic received by PF_INET6 sockets
    - wan/fsl_ucc_hdlc: use IS_ERR_VALUE() to check return value of qe_muram_alloc
    - arm64: fix possible spectre-v1 write in ptrace_hbp_set_event()
    - reset: imx7: Fix always writing bits as 0
    - ALSA: usb-audio: Generic DSD detection for Thesycon-based implementations
    - nfp: avoid buffer leak when FW communication fails
    - xen-netfront: fix queue name setting
    - arm64: dts: qcom: db410c: Fix Bluetooth LED trigger
    - ARM: dts: qcom: msm8974-hammerhead: increase load on l20 for sdhci
    - soc: qcom: smem: Correct check for global partition
    - s390/qeth: fix race in used-buffer accounting
    - s390/qeth: reset layer2 attribute on layer switch
    - platform/x86: toshiba_acpi: Fix defined but not used build warnings
    - KVM: arm/arm64: Fix vgic init race
    - drivers/base: stop new probing during shutdown
    - i2c: aspeed: Fix initial values of master and slave state
    - drm/amd/pp: Set Max clock level to display by default
    - regulator: qcom_spmi: Use correct regmap when checking for error
    - regulator: qcom_spmi: Fix warning Bad of_node_put()
    - iommu/ipmmu-vmsa: IMUCTRn.TTSEL needs a special usage on R-Car Gen3
    - dmaengine: mv_xor_v2: kill the tasklets upon exit
    - crypto: sharah - Unregister correct algorithms for SAHARA 3
    - x86/pti: Check the return value of pti_user_pagetable_walk_p4d()
    - x86/pti: Check the return value of pti_user_pagetable_walk_pmd()
    - x86/mm/pti: Add an overflow check to pti_clone_pmds()
    - PCI/AER: Honor "pcie_ports=native" even if HEST sets FIRMWARE_FIRST
    - xen-netfront: fix warn message as irq device name has '/'
    - RDMA/cma: Protect cma dev list with lock
    - pstore: Fix incorrect persistent ram buffer mapping
    - xen/netfront: fix waiting for xenbus state change
    - IB/ipoib: Avoid a race condition between start_xmit and cm_rep_handler
    - mmc: omap_hsmmc: fix wakeirq handling on removal
    - ipmi: Rework SMI registration failure
    - ipmi: Move BT capabilities detection to the detect call
    - ipmi: Fix I2C client removal in the SSIF driver
    - ovl: fix oopses in ovl_fill_super() failure paths
    - vmbus: don't return values for uninitalized channels
    - Tools: hv: Fix a bug in the key delete code
    - misc: ibmvsm: Fix wrong assignment of return code
    - misc: hmc6352: fix potential Spectre v1
    - xhci: Fix use after free for URB cancellation on a reallocated endpoint
    - usb: Don't die twice if PCI xhci host is not responding in resume
    - usb: xhci: fix interrupt transfer error happened on MTK platforms
    - usb: mtu3: fix error of xhci port id when enable U3 dual role
    - mei: ignore not found client in the enumeration
    - mei: bus: fix hw module get/put balance
    - mei: bus: need to unlink client before freeing
    - dm verity: fix crash on bufio buffer that was allocated with vmalloc
    - USB: Add quirk to support DJI CineSSD
    - usb: uas: add support for more quirk flags
    - usb: Avoid use-after-free by flushing endpoints early in usb_set_interface()
    - usb: host: u132-hcd: Fix a sleep-in-atomic-context bug in u132_get_frame()
    - USB: add quirk for WORLDE Controller KS49 or Prodipe MIDI 49C USB controller
    - usb: gadget: udc: renesas_usb3: fix maxpacket size of ep0
    - USB: net2280: Fix erroneous synchronization change
    - USB: serial: io_ti: fix array underflow in completion handler
    - usb: misc: uss720: Fix two sleep-in-atomic-context bugs
    - USB: serial: ti_usb_3410_5052: fix array underflow in completion handler
    - USB: yurex: Fix buffer over-read in yurex_write()
    - usb: cdc-wdm: Fix a sleep-in-atomic-context bug in
      service_outstanding_interrupt()
    - Revert "cdc-acm: implement put_char() and flush_chars()"
    - cifs: prevent integer overflow in nxt_dir_entry()
    - CIFS: fix wrapping bugs in num_entries()
    - cifs: integer overflow in in SMB2_ioctl()
    - xtensa: ISS: don't allocate memory in platform_setup
    - perf/core: Force USER_DS when recording user stack data
    - perf tools: Fix maps__find_symbol_by_name()
    - of: fix phandle cache creation for DTs with no phandles
    - x86/EISA: Don't probe EISA bus for Xen PV guests
    - NFSv4: Fix a tracepoint Oops in initiate_file_draining()
    - NFSv4.1 fix infinite loop on I/O.
    - of: add helper to lookup compatible child node
    - mmc: meson-mx-sdio: fix OF child-node lookup
    - binfmt_elf: Respect error return from `regset->active'
    - net/mlx5: Add missing SET_DRIVER_VERSION command translation
    - arm64: dts: uniphier: Add missing cooling device properties for CPUs
    - audit: fix use-after-free in audit_add_watch
    - mtdchar: fix overflows in adjustment of `count`
    - vfs: fix freeze protection in mnt_want_write_file() for overlayfs
    - bpf: fix rcu annotations in compute_effective_progs()
    - spi: dw: fix possible race condition
    - Bluetooth: Use lock_sock_nested in bt_accept_enqueue
    - evm: Don't deadlock if a crypto algorithm is unavailable
    - KVM: PPC: Book3S HV: Add of_node_put() in success path
    - security: check for kstrdup() failure in lsm_append()
    - PM / devfreq: use put_device() instead of kfree()
    - KVM: PPC: Book3S: Fix matching of hardware and emulated TCE tables
    - MIPS: loongson64: cs5536: Fix PCI_OHCI_INT_REG reads
    - configfs: fix registered group removal
    - pinctrl: mt7622: Fix probe fail by misuse the selector
    - pinctrl: rza1: Fix selector use for groups and functions
    - arm64: dts: mt7622: update a clock property for UART0
    - sched/core: Use smp_mb() in wake_woken_function()
    - efi/esrt: Only call efi_mem_reserve() for boot services memory
    - ARM: hisi: handle of_iomap and fix missing of_node_put
    - ARM: hisi: fix error handling and missing of_node_put
    - ARM: hisi: check of_iomap and fix missing of_node_put
    - liquidio: fix hang when re-binding VF host drv after running DPDK VF driver
    - gpu: ipu-v3: csi: pass back mbus_code_to_bus_cfg error codes
    - ASoC: hdmi-codec: fix routing
    - serial: 8250: of: Correct of_platform_serial_setup() error handling
    - tty: fix termios input-speed encoding when using BOTHER
    - tty: fix termios input-speed encoding
    - mmc: sdhci-of-esdhc: set proper dma mask for ls104x chips
    - mmc: tegra: prevent HS200 on Tegra 3
    - mmc: sdhci: do not try to use 3.3V signaling if not supported
    - drm/nouveau: Fix runtime PM leak in drm_open()
    - drm/nouveau/debugfs: Wake up GPU before doing any reclocking
    - drm/nouveau: tegra: Detach from ARM DMA/IOMMU mapping
    - tls: Fix zerocopy_from_iter iov handling
    - parport: sunbpp: fix error return code
    - sched/fair: Fix util_avg of new tasks for asymmetric systems
    - coresight: Handle errors in finding input/output ports
    - coresight: tpiu: Fix disabling timeouts
    - coresight: ETM: Add support for Arm Cortex-A73 and Cortex-A35
    - f2fs: do checkpoint in kill_sb
    - tools/testing/nvdimm: Fix support for emulating controller temperature
    - drm/amd/display: support access ddc for mst branch
    - ASoC: qdsp6: q6afe-dai: fix a range check in of_q6afe_parse_dai_data()
    - lightnvm: pblk: assume that chunks are closed on 1.2 devices
    - lightnvm: pblk: enable line minor version detection
    - staging: bcm2835-audio: Don't leak workqueue if open fails
    - gpio: pxa: Fix potential NULL dereference
    - gpiolib: Mark gpio_suffixes array with __maybe_unused
    - net: gemini: Allow multiple ports to instantiate
    - net: mvpp2: make sure we use single queue mode on PPv2.1
    - rcutorture: Use monotonic timestamp for stall detection
    - mfd: 88pm860x-i2c: switch to i2c_lock_bus(..., I2C_LOCK_SEGMENT)
    - input: rohm_bu21023: switch to i2c_lock_bus(..., I2C_LOCK_SEGMENT)
    - drm/amdkfd: Fix kernel queue 64 bit doorbell offset calculation
    - drm/amdkfd: Fix error codes in kfd_get_process
    - rtc: bq4802: add error handling for devm_ioremap
    - selftests: vDSO - fix to return KSFT_SKIP when test couldn't be run
    - selftests/android: initialize heap_type to avoid compiling warning
    - ALSA: pcm: Fix snd_interval_refine first/last with open min/max
    - scsi: libfc: fixup 'sleeping function called from invalid context'
    - scsi: lpfc: Fix NVME Target crash in defer rcv logic
    - scsi: lpfc: Fix panic if driver unloaded when port is offline
    - remoteproc: qcom: q6v5-pil: fix modem hang on SDM845 after axis2 clk unvote
    - selftest: timers: Tweak raw_skew to SKIP when ADJ_OFFSET/other clock
      adjustments are in progress
    - ASoC: rt5651: Fix workqueue cancel vs irq free race on remove
    - drm/panel: type promotion bug in s6e8aa0_read_mtp_id()
    - arm64: perf: Disable PMU while processing counter overflows
    - drm/amd/pp: Send khz clock values to DC for smu7/8
    - dmaengine: sh: rcar-dmac: avoid to write CHCR.TE to 1 if TCR is set to 0
    - staging: fsl-dpaa2/eth: Fix DMA mapping direction
    - block/DAC960.c: fix defined but not used build warnings
    - IB/mlx5: fix uaccess beyond "count" in debugfs read/write handlers
    - blk-mq: only attempt to merge bio if there is rq in sw queue
    - blk-mq: avoid to synchronize rcu inside blk_cleanup_queue()
    - pinctrl: msm: Fix msm_config_group_get() to be compliant
    - pinctrl: qcom: spmi-gpio: Fix pmic_gpio_config_get() to be compliant
    - clk: tegra: bpmp: Don't crash when a clock fails to register
    - mei: bus: type promotion bug in mei_nfc_if_version()
    - crypto: ccp - add timeout support in the SEV command
    - Linux 4.18.10

* Fix MCE handling for user access of poisoned device-dax mapping
    (LP: #1774366)
    - x86/mce: Fix set_mce_nospec() to avoid #GP fault

* [Ubuntu] s390/crypto: Fix return code checking in cbc_paes_crypt.
    (LP: #1794294)
    - s390/crypto: Fix return code checking in cbc_paes_crypt()

* Oracle cosmic image does not find broadcom network device in Shape
    VMStandard2.1 (LP: #1790652)
    - SAUCE: bnxt_en: Fix VF mac address regression.

* Page leaking in cachefiles_read_backing_file while vmscan is active
    (LP: #1793430)
    - SAUCE: cachefiles: Page leaking in cachefiles_read_backing_file while vmscan
      is active

* hns3: enable ethtool rx-vlan-filter on supported hw (LP: #1793394)
    - net: hns3: Add vlan filter setting by ethtool command -K

* hns3: Modifying channel parameters will reset ring parameters back to
    defaults (LP: #1793404)
    - net: hns3: Fix desc num set to default when setting channel

* hisi_sas: Add SATA FIX check for v3 hw (LP: #1794151)
    - scsi: hisi_sas: Add SATA FIS check for v3 hw

* Fix potential corruption using SAS controller on HiSilicon arm64 boards
    (LP: #1794156)
    - scsi: hisi_sas: add memory barrier in task delivery function

* hisi_sas: Reduce unnecessary spin lock contention (LP: #1794165)
    - scsi: hisi_sas: Tidy hisi_sas_task_prep()

* Add functional level reset support for the SAS controller on HiSilicon D06
    systems (LP: #1794166)
    - scsi: hisi_sas: tidy host controller reset function a bit
    - scsi: hisi_sas: relocate some common code for v3 hw
    - scsi: hisi_sas: Implement handlers of PCIe FLR for v3 hw

* HiSilicon SAS controller doesn't recover from PHY STP link timeout
    (LP: #1794172)
    - scsi: hisi_sas: tidy channel interrupt handler for v3 hw
    - scsi: hisi_sas: Fix the failure of recovering PHY from STP link timeout

* Cosmic update to 4.18.9 stable release (LP: #1793682)
    - i2c: xiic: Make the start and the byte count write atomic
    - i2c: i801: fix DNV's SMBCTRL register offset
    - HID: multitouch: fix Elan panels with 2 input modes declaration
    - HID: core: fix grouping by application
    - HID: input: fix leaking custom input node name
    - mm/hugetlb: filter out hugetlb pages if HUGEPAGE migration is not supported.
    - memory_hotplug: fix kernel_panic on offline page processing
    - mac80211: don't update the PM state of a peer upon a multicast frame
    - scsi: lpfc: Correct MDS diag and nvmet configuration
    - nbd: don't allow invalid blocksize settings
    - block: don't warn when doing fsync on read-only devices
    - block: bfq: swap puts in bfqg_and_blkg_put
    - android: binder: fix the race mmap and alloc_new_buf_locked
    - MIPS: VDSO: Match data page cache colouring when D$ aliases
    - SMB3: Backup intent flag missing for directory opens with backupuid mounts
    - smb3: check for and properly advertise directory lease support
    - cifs: connect to servername instead of IP for IPC$ share
    - btrfs: fix qgroup_free wrong num_bytes in btrfs_subvolume_reserve_metadata
    - Btrfs: fix data corruption when deduplicating between different files
    - arm64: KVM: Only force FPEXC32_EL2.EN if trapping FPSIMD
    - KVM: arm/arm64: Clean dcache to PoC when changing PTE due to CoW
    - KVM: PPC: Book3S HV: Use correct pagesize in kvm_unmap_radix()
    - KVM: s390: vsie: copy wrapping keys to right place
    - KVM: x86: SVM: Set EMULTYPE_NO_REEXECUTE for RSM emulation
    - KVM: VMX: Do not allow reexecute_instruction() when skipping MMIO instr
    - KVM: x86: Invert emulation re-execute behavior to make it opt-in
    - KVM: x86: Merge EMULTYPE_RETRY and EMULTYPE_ALLOW_REEXECUTE
    - KVM: x86: Default to not allowing emulation retry in kvm_mmu_page_fault
    - KVM: x86: Do not re-{try,execute} after failed emulation in L2
    - ARC: [plat-axs*/plat-hsdk]: Allow U-Boot to pass MAC-address to the kernel
    - ACPI / LPSS: Force LPSS quirks on boot
    - memory: ti-aemif: fix a potential NULL-pointer dereference
    - ALSA: hda - Fix cancel_work_sync() stall from jackpoll work
    - cpu/hotplug: Adjust misplaced smb() in cpuhp_thread_fun()
    - cpu/hotplug: Prevent state corruption on error rollback
    - x86/microcode: Make sure boot_cpu_data.microcode is up-to-date
    - x86/microcode: Update the new microcode revision unconditionally
    - x86/process: Don't mix user/kernel regs in 64bit __show_regs()
    - x86/apic/vector: Make error return value negative
    - switchtec: Fix Spectre v1 vulnerability
    - ARC: [plat-axs*]: Enable SWAP
    - tc-testing: flush gact actions on test teardown
    - tc-testing: remove duplicate spaces in connmark match patterns
    - misc: mic: SCIF Fix scif_get_new_port() error handling
    - ALSA: hda/realtek - Add mute LED quirk for HP Spectre x360
    - ethtool: Remove trailing semicolon for static inline
    - i2c: aspeed: Add an explicit type casting for *get_clk_reg_val
    - Bluetooth: h5: Fix missing dependency on BT_HCIUART_SERDEV
    - pinctrl: berlin: fix 'pctrl->functions' allocation in
      berlin_pinctrl_build_state
    - gpio: tegra: Move driver registration to subsys_init level
    - powerpc/4xx: Fix error return path in ppc4xx_msi_probe()
    - selftests/bpf: fix a typo in map in map test
    - media: davinci: vpif_display: Mix memory leak on probe error path
    - media: dw2102: Fix memleak on sequence of probes
    - net: phy: Fix the register offsets in Broadcom iProc mdio mux driver
    - scsi: qla2xxx: Fix unintended Logout
    - scsi: qla2xxx: Fix session state stuck in Get Port DB
    - scsi: qla2xxx: Silent erroneous message
    - clk: scmi: Fix the rounding of clock rate
    - blk-mq: fix updating tags depth
    - scsi: lpfc: Fix driver crash when re-registering NVME rports.
    - scsi: target: fix __transport_register_session locking
    - md/raid5: fix data corruption of replacements after originals dropped
    - timers: Clear timer_base::must_forward_clk with timer_base::lock held
    - media: camss: csid: Configure data type and decode format properly
    - gpu: ipu-v3: default to id 0 on missing OF alias
    - misc: ti-st: Fix memory leak in the error path of probe()
    - uio: potential double frees if __uio_register_device() fails
    - firmware: vpd: Fix section enabled flag on vpd_section_destroy
    - Drivers: hv: vmbus: Cleanup synic memory free path
    - tty: rocket: Fix possible buffer overwrite on register_PCI
    - uio: fix possible circular locking dependency
    - iwlwifi: pcie: don't access periphery registers when not available
    - IB/IPoIB: Set ah valid flag in multicast send flow
    - f2fs: fix to active page in lru list for read path
    - f2fs: do not set free of current section
    - f2fs: Keep alloc_valid_block_count in sync
    - f2fs: issue discard align to section in LFS mode
    - f2fs: fix defined but not used build warnings
    - f2fs: fix to detect looped node chain correctly
    - ASoC: soc-pcm: Use delay set in component pointer function
    - perf tools: Allow overriding MAX_NR_CPUS at compile time
    - device-dax: avoid hang on error before devm_memremap_pages()
    - NFSv4.0 fix client reference leak in callback
    - perf c2c report: Fix crash for empty browser
    - perf evlist: Fix error out while applying initial delay and LBR
    - powerpc/pseries: fix EEH recovery of some IOV devices
    - macintosh/via-pmu: Add missing mmio accessors
    - perf build: Fix installation directory for eBPF
    - ath9k: report tx status on EOSP
    - ath9k_hw: fix channel maximum power level test
    - ath10k: prevent active scans on potential unusable channels
    - wlcore: Set rx_status boottime_ns field on rx
    - rpmsg: core: add support to power domains for devices
    - mtd: rawnand: make subop helpers return unsigned values
    - scsi: tcmu: do not set max_blocks if data_bitmap has been setup
    - MIPS: Fix ISA virt/bus conversion for non-zero PHYS_OFFSET
    - ata: libahci: Allow reconfigure of DEVSLP register
    - ata: libahci: Correct setting of DEVSLP register
    - nfs: Referrals not inheriting proto setting from parent
    - scsi: 3ware: fix return 0 on the error path of probe
    - tools/testing/nvdimm: kaddr and pfn can be NULL to ->direct_access()
    - ath10k: disable bundle mgmt tx completion event support
    - media: em28xx: explicitly disable TS packet filter
    - PCI: mobiveil: Add missing ../pci.h include
    - PCI: mobiveil: Fix struct mobiveil_pcie.pcie_reg_base address type
    - powerpc/mm: Don't report PUDs as memory leaks when using kmemleak
    - Bluetooth: hidp: Fix handling of strncpy for hid->name information
    - x86/mm: Remove in_nmi() warning from vmalloc_fault()
    - regulator: tps65217: Fix NULL pointer dereference on probe
    - pinctrl: imx: off by one in imx_pinconf_group_dbg_show()
    - gpio: pxa: disable pinctrl calls for PXA3xx
    - gpio: ml-ioh: Fix buffer underwrite on probe error path
    - pinctrl/amd: only handle irq if it is pending and unmasked
    - net: mvneta: fix mtu change on port without link
    - f2fs: try grabbing node page lock aggressively in sync scenario
    - pktcdvd: Fix possible Spectre-v1 for pkt_devs
    - f2fs: fix to skip GC if type in SSA and SIT is inconsistent
    - tpm_tis_spi: Pass the SPI IRQ down to the driver
    - tpm/tpm_i2c_infineon: switch to i2c_lock_bus(..., I2C_LOCK_SEGMENT)
    - f2fs: fix to do sanity check with reserved blkaddr of inline inode
    - MIPS: Octeon: add missing of_node_put()
    - MIPS: generic: fix missing of_node_put()
    - thermal: rcar_thermal: avoid NULL dereference in absence of IRQ resources
    - thermal_hwmon: Sanitize attribute name passed to hwmon
    - net: dcb: For wild-card lookups, use priority -1, not 0
    - dm cache: only allow a single io_mode cache feature to be requested
    - Input: atmel_mxt_ts - only use first T9 instance
    - media: s5p-mfc: Fix buffer look up in s5p_mfc_handle_frame_{new, copy_time}
      functions
    - media: rcar-csi2: update stream start for V3M
    - media: helene: fix xtal frequency setting at power on
    - drm/amd/display: Prevent PSR from being enabled if initialization fails
    - media: em28xx: Fix dual transport stream operation
    - iommu/arm-smmu-v3: Abort all transactions if SMMU is enabled in kdump kernel
    - f2fs: fix to wait on page writeback before updating page
    - f2fs: Fix uninitialized return in f2fs_ioc_shutdown()
    - media: em28xx: Fix DualHD disconnect oops
    - f2fs: avoid potential deadlock in f2fs_sbi_store
    - f2fs: fix to do sanity check with secs_per_zone
    - mfd: rave-sp: Initialize flow control and parity of the port
    - iommu/ipmmu-vmsa: Fix allocation in atomic context
    - mfd: ti_am335x_tscadc: Fix struct clk memory leak
    - f2fs: fix to do sanity check with {sit,nat}_ver_bitmap_bytesize
    - f2fs: fix to propagate return value of scan_nat_page()
    - f2fs: fix to do sanity check with extra_attr feature
    - RDMA/hns: Add illegal hop_num judgement
    - NFSv4.1: Fix a potential layoutget/layoutrecall deadlock
    - RDMA/hns: Update the data type of immediate data
    - MIPS: WARN_ON invalid DMA cache maintenance, not BUG_ON
    - MIPS: mscc: ocelot: fix length of memory address space for MIIM
    - RDMA/cma: Do not ignore net namespace for unbound cm_id
    - clocksource: Revert "Remove kthread"
    - autofs: fix autofs_sbi() does not check super block type
    - mm: get rid of vmacache_flush_all() entirely
    - Linux 4.18.9

* SRU: Enable middle button of touchpad on ThinkPad P72 (LP: #1793463)
    - Input: elantech - enable middle button of touchpad on ThinkPad P72

* Improvements to the kernel source package preparation (LP: #1793461)
    - [Packaging] startnewrelease: add support for backport kernels

* hns3: Retrieve RoCE MSI-X config from firmware (LP: #1793221)
    - net: hns3: Fix MSIX allocation issue for VF
    - net: hns3: Refine the MSIX allocation for PF

* Fix unusable NVIDIA GPU after S3 (LP: #1793338)
    - SAUCE: PCI: Reprogram bridge prefetch registers on resume

* net: hns: Avoid hang when link is changed while handling packets
    (LP: #1792209)
    - net: hns: add the code for cleaning pkt in chip
    - net: hns: add netif_carrier_off before change speed and duplex

* Cosmic update to v4.18.8 stable release (LP: #1793069)
    - act_ife: fix a potential use-after-free
    - ipv4: tcp: send zero IPID for RST and ACK sent in SYN-RECV and TIME-WAIT
      state
    - net: bcmgenet: use MAC link status for fixed phy
    - net: macb: do not disable MDIO bus at open/close time
    - net: sched: Fix memory exposure from short TCA_U32_SEL
    - qlge: Fix netdev features configuration.
    - r8169: add support for NCube 8168 network card
    - tcp: do not restart timewait timer on rst reception
    - vti6: remove !skb->ignore_df check from vti6_xmit()
    - act_ife: move tcfa_lock down to where necessary
    - act_ife: fix a potential deadlock
    - net: sched: action_ife: take reference to meta module
    - bnxt_en: Clean up unused functions.
    - bnxt_en: Do not adjust max_cp_rings by the ones used by RDMA.
    - net/sched: act_pedit: fix dump of extended layered op
    - tipc: fix a missing rhashtable_walk_exit()
    - hv_netvsc: Fix a deadlock by getting rtnl lock earlier in netvsc_probe()
    - tipc: fix the big/little endian issue in tipc_dest
    - sctp: remove useless start_fail from sctp_ht_iter in proc
    - erspan: set erspan_ver to 1 by default when adding an erspan dev
    - net: macb: Fix regression breaking non-MDIO fixed-link PHYs
    - ipv6: don't get lwtstate twice in ip6_rt_copy_init()
    - net/ipv6: init ip6 anycast rt->dst.input as ip6_input
    - net/ipv6: Only update MTU metric if it set
    - net/ipv6: Put lwtstate when destroying fib6_info
    - net/mlx5: Fix SQ offset in QPs with small RQ
    - r8169: set RxConfig after tx/rx is enabled for RTL8169sb/8110sb devices
    - Revert "net: stmmac: Do not keep rearming the coalesce timer in stmmac_xmit"
    - ip6_vti: fix creating fallback tunnel device for vti6
    - ip6_vti: fix a null pointer deference when destroy vti6 tunnel
    - nfp: wait for posted reconfigs when disabling the device
    - sctp: hold transport before accessing its asoc in sctp_transport_get_next
    - mlxsw: spectrum_switchdev: Do not leak RIFs when removing bridge
    - vhost: correctly check the iova range when waking virtqueue
    - hv_netvsc: ignore devices that are not PCI
    - cifs: check if SMB2 PDU size has been padded and suppress the warning
    - hfsplus: don't return 0 when fill_super() failed
    - hfs: prevent crash on exit from failed search
    - sunrpc: Don't use stack buffer with scatterlist
    - fork: don't copy inconsistent signal handler state to child
    - fs/proc/vmcore.c: hide vmcoredd_mmap_dumps() for nommu builds
    - reiserfs: change j_timestamp type to time64_t
    - iommu/rockchip: Handle errors returned from PM framework
    - hfsplus: fix NULL dereference in hfsplus_lookup()
    - iommu/rockchip: Move irq request past pm_runtime_enable
    - fs/proc/kcore.c: use __pa_symbol() for KCORE_TEXT list entries
    - fat: validate ->i_start before using
    - workqueue: skip lockdep wq dependency in cancel_work_sync()
    - workqueue: re-add lockdep dependencies for flushing
    - scripts: modpost: check memory allocation results
    - apparmor: fix an error code in __aa_create_ns()
    - virtio: pci-legacy: Validate queue pfn
    - x86/mce: Add notifier_block forward declaration
    - i2c: core: ACPI: Make acpi_gsb_i2c_read_bytes() check i2c_transfer return
      value
    - IB/hfi1: Invalid NUMA node information can cause a divide by zero
    - pwm: meson: Fix mux clock names
    - powerpc/topology: Get topology for shared processors at boot
    - mm/fadvise.c: fix signed overflow UBSAN complaint
    - mm: make DEFERRED_STRUCT_PAGE_INIT explicitly depend on SPARSEMEM
    - fs/dcache.c: fix kmemcheck splat at take_dentry_name_snapshot()
    - platform/x86: intel_punit_ipc: fix build errors
    - bpf, sockmap: fix map elem deletion race with smap_stop_sock
    - tcp, ulp: fix leftover icsk_ulp_ops preventing sock from reattach
    - bpf, sockmap: fix sock_map_ctx_update_elem race with exist/noexist
    - net/xdp: Fix suspicious RCU usage warning
    - bpf, sockmap: fix leakage of smap_psock_map_entry
    - samples/bpf: all XDP samples should unload xdp/bpf prog on SIGTERM
    - netfilter: ip6t_rpfilter: set F_IFACE for linklocal addresses
    - s390/kdump: Fix memleak in nt_vmcoreinfo
    - ipvs: fix race between ip_vs_conn_new() and ip_vs_del_dest()
    - mfd: sm501: Set coherent_dma_mask when creating subdevices
    - netfilter: x_tables: do not fail xt_alloc_table_info too easilly
    - platform/x86: asus-nb-wmi: Add keymap entry for lid flip action on UX360
    - netfilter: fix memory leaks on netlink_dump_start error
    - tcp, ulp: add alias for all ulp modules
    - ubi: Initialize Fastmap checkmapping correctly
    - RDMA/hns: Fix usage of bitmap allocation functions return values
    - ACPICA: ACPICA: add status check for acpi_hw_read before assigning return
      value
    - perf arm spe: Fix uninitialized record error variable
    - net: hns3: Fix for command format parsing error in
      hclge_is_all_function_id_zero
    - block: don't warn for flush on read-only device
    - PCI: Match Root Port's MPS to endpoint's MPSS as necessary
    - drm/amd/display: Guard against null crtc in CRC IRQ
    - coccicheck: return proper error code on fail
    - perf tools: Check for null when copying nsinfo.
    - f2fs: avoid race between zero_range and background GC
    - f2fs: fix avoid race between truncate and background GC
    - RISC-V: Use KBUILD_CFLAGS instead of KCFLAGS when building the vDSO
    - irqchip/stm32: Fix init error handling
    - irqchip/bcm7038-l1: Hide cpu offline callback when building for !SMP
    - net/9p/trans_fd.c: fix race by holding the lock
    - net/9p: fix error path of p9_virtio_probe
    - f2fs: fix to clear PG_checked flag in set_page_dirty()
    - pinctrl: axp209: Fix NULL pointer dereference after allocation
    - bpf: fix bpffs non-array map seq_show issue
    - powerpc/uaccess: Enable get_user(u64, *p) on 32-bit
    - powerpc: Fix size calculation using resource_size()
    - perf probe powerpc: Fix trace event post-processing
    - block: bvec_nr_vecs() returns value for wrong slab
    - brcmfmac: fix brcmf_wiphy_wowl_params() NULL pointer dereference
    - s390/dasd: fix hanging offline processing due to canceled worker
    - s390/dasd: fix panic for failed online processing
    - ACPI / scan: Initialize status to ACPI_STA_DEFAULT
    - blk-mq: count the hctx as active before allocating tag
    - scsi: aic94xx: fix an error code in aic94xx_init()
    - NFSv4: Fix error handling in nfs4_sp4_select_mode()
    - Input: do not use WARN() in input_alloc_absinfo()
    - xen/balloon: fix balloon initialization for PVH Dom0
    - PCI: mvebu: Fix I/O space end address calculation
    - dm kcopyd: avoid softlockup in run_complete_job
    - staging: comedi: ni_mio_common: fix subdevice flags for PFI subdevice
    - ASoC: rt5677: Fix initialization of rt5677_of_match.data
    - iommu/omap: Fix cache flushes on L2 table entries
    - selftests/powerpc: Kill child processes on SIGINT
    - selinux: cleanup dentry and inodes on error in selinuxfs
    - RDS: IB: fix 'passing zero to ERR_PTR()' warning
    - cfq: Suppress compiler warnings about comparisons
    - smb3: fix reset of bytes read and written stats
    - CIFS: fix memory leak and remove dead code
    - SMB3: Number of requests sent should be displayed for SMB3 not just CIFS
    - smb3: if server does not support posix do not allow posix mount option
    - powerpc/platforms/85xx: fix t1042rdb_diu.c build errors & warning
    - powerpc/64s: Make rfi_flush_fallback a little more robust
    - um: fix parallel building with O= option
    - powerpc/pseries: Avoid using the size greater than RTAS_ERROR_LOG_MAX.
    - clk: rockchip: Add pclk_rkpwm_pmu to PMU critical clocks in rk3399
    - drm/amd/display: Read back max backlight value at boot
    - KVM: vmx: track host_state.loaded using a loaded_vmcs pointer
    - kvm: nVMX: Fix fault vector for VMX operation at CPL > 0
    - drm/etnaviv: fix crash in GPU suspend when init failed due to buffer
      placement
    - btrfs: Exit gracefully when chunk map cannot be inserted to the tree
    - btrfs: replace: Reset on-disk dev stats value after replace
    - btrfs: fix in-memory value of total_devices after seed device deletion
    - btrfs: relocation: Only remove reloc rb_trees if reloc control has been
      initialized
    - btrfs: tree-checker: Detect invalid and empty essential trees
    - btrfs: check-integrity: Fix NULL pointer dereference for degraded mount
    - btrfs: lift uuid_mutex to callers of btrfs_open_devices
    - btrfs: Don't remove block group that still has pinned down bytes
    - btrfs: Fix a C compliance issue
    - arm64: rockchip: Force CONFIG_PM on Rockchip systems
    - ARM: rockchip: Force CONFIG_PM on Rockchip systems
    - btrfs: do btrfs_free_stale_devices outside of device_list_add
    - btrfs: extend locked section when adding a new device in device_list_add
    - btrfs: rename local devices for fs_devices in btrfs_free_stale_devices(
    - btrfs: use device_list_mutex when removing stale devices
    - btrfs: lift uuid_mutex to callers of btrfs_scan_one_device
    - btrfs: lift uuid_mutex to callers of btrfs_parse_early_options
    - btrfs: reorder initialization before the mount locks uuid_mutex
    - btrfs: fix mount and ioctl device scan ioctl race
    - drm/i915/lpe: Mark LPE audio runtime pm as "no callbacks"
    - drm/i915: Nuke the LVDS lid notifier
    - drm/i915: Increase LSPCON timeout
    - drm/i915: Free write_buf that we allocated with kzalloc.
    - drm/amdgpu: update uvd_v6_0_ring_vm_funcs to use new nop packet
    - drm/amdgpu: fix a reversed condition
    - drm/amdgpu: Fix RLC safe mode test in gfx_v9_0_enter_rlc_safe_mode
    - drm/amd/pp: Convert voltage unit in mV*4 to mV on CZ/ST
    - drm/amd/powerplay: fixed uninitialized value
    - drm/amd/pp/Polaris12: Fix a chunk of registers missed to program
    - drm/edid: Quirk Vive Pro VR headset non-desktop.
    - drm/amd/display: fix type of variable
    - drm/amd/display: Don't share clk source between DP and HDMI
    - drm/amd/display: update clk for various HDMI color depths
    - drm/amd/display: Use requested HDMI aspect ratio
    - drm/amd/display: Report non-DP display as disconnected without EDID
    - drm/rockchip: lvds: add missing of_node_put
    - drm/rockchip: vop: split out core clock enablement into separate functions
    - drm/rockchip: vop: fix irq disabled after vop driver probed
    - drm/amd/display: Pass connector id when executing VBIOS CT
    - drm/amd/display: Check if clock source in use before disabling
    - drm/amdgpu: update tmr mc address
    - drm/amdgpu:add tmr mc address into amdgpu_firmware_info
    - drm/amdgpu:add new firmware id for VCN
    - drm/amdgpu:add VCN support in PSP driver
    - drm/amdgpu:add VCN booting with firmware loaded by PSP
    - drm/amdgpu: fix incorrect use of fcheck
    - drm/amdgpu: fix incorrect use of drm_file->pid
    - drm/i915: Re-apply "Perform link quality check, unconditionally during long
      pulse"
    - uapi/linux/keyctl.h: don't use C++ reserved keyword as a struct member name
    - mm: respect arch_dup_mmap() return value
    - drm/i915: set DP Main Stream Attribute for color range on DDI platforms
    - x86/tsc: Prevent result truncation on 32bit
    - drm/amdgpu: Keep track of amount of pinned CPU visible VRAM
    - drm/amdgpu: Make pin_size values atomic
    - drm/amdgpu: Warn and update pin_size values when destroying a pinned BO
    - drm/amdgpu: Don't warn on destroying a pinned BO
    - debugobjects: Make stack check warning more informative
    - x86/pae: use 64 bit atomic xchg function in native_ptep_get_and_clear
    - x86/xen: don't write ptes directly in 32-bit PV guests
    - kbuild: make missing $DEPMOD a Warning instead of an Error
    - kvm: x86: Set highest physical address bits in non-present/reserved SPTEs
    - x86: kvm: avoid unused variable warning
    - HID: redragon: fix num lock and caps lock LEDs
    - ASoC: wm8994: Fix missing break in switch
    - Linux 4.18.8

* [Regression] Colour banding appears on Lenovo B50-80 integrated display
    (LP: #1788308) // Cosmic update to v4.18.8 stable release (LP: #1793069)
    - drm/edid: Add 6 bpc quirk for SDC panel in Lenovo B50-80

* Fix I2C touchpanels' interrupt storms after system suspend (LP: #1792309)
    - HID: i2c-hid: Fix flooded incomplete report after S3 on Rayd touchscreen
    - HID: i2c-hid: Don't reset device upon system resume

* Error reported when creating ZFS pool with "-t" option, despite successful
    pool creation (LP: #1769937)
    - SAUCE: (noup) Update zfs to 0.7.9-3ubuntu6

* update ENA driver to latest mainline version (LP: #1792044)
    - net: ena: fix surprise unplug NULL dereference kernel crash
    - net: ena: fix driver when PAGE_SIZE == 64kB
    - net: ena: fix device destruction to gracefully free resources
    - net: ena: fix potential double ena_destroy_device()
    - net: ena: fix missing lock during device destruction
    - net: ena: fix missing calls to READ_ONCE
    - net: ena: fix incorrect usage of memory barriers

* device hotplug of vfio devices can lead to deadlock in vfio_pci_release
    (LP: #1792099)
    - SAUCE: vfio -- release device lock before userspace requests

* [AEP-bug] ext4: more rare direct I/O vs unmap failures (LP: #1787089)
    - dax: dax_layout_busy_page() warn on !exceptional
    - ext4: handle layout changes to pinned DAX mappings
    - xfs: Close race between direct IO and xfs_break_layouts()

* [Bug][CLX]assertion failure with util_range_rw using libpmemlog, possible
    kernel DAX bug (LP: #1789146)
    - dax: remove VM_MIXEDMAP for fsdax and device dax

* [Feature] Optimize huge page clear/copy cache behavior (LP: #1730836)
    - mm, clear_huge_page: move order algorithm into a separate function
    - mm, huge page: copy target sub-page last when copy huge page
    - mm, hugetlbfs: rename address to haddr in hugetlb_cow()
    - mm, hugetlbfs: pass fault address to cow handler

* [ICL] Touch support (LP: #1771245)
    - mfd: intel-lpss: Add Ice Lake PCI IDs

* Miscellaneous Ubuntu changes
    - [Packaging] retpoline -- fix temporary filenaming
    - SAUCE: update aufs to aufs4.18 20180910
    - CONFIG_BCH_CONST_PARAMS=n
    - Packaging: final-checks: remove trailing backport suffix

-- Seth Forshee <seth.forshee@canonical.com>  Fri, 05 Oct 2018 11:13:20 -0500

Changed in linux (Ubuntu Cosmic):
status:	Fix Committed → Fix Released

Revision history for this message

Launchpad Janitor (janitor) wrote on 2018-10-22:

#7

This bug was fixed in the package linux - 3.13.0-161.211

---------------
linux (3.13.0-161.211) trusty; urgency=medium

* linux: 3.13.0-161.211 -proposed tracker (LP: #1795595)

  * CVE-2017-0794
    - scsi: sg: protect accesses to 'reserved' page array
    - scsi: sg: reset 'res_in_use' after unlinking reserved array
    - scsi: sg: recheck MMAP_IO request length with lock held

* CVE-2017-15299
- KEYS: don't let add_key() update an uninstantiated key

* CVE-2015-8539
- KEYS: Fix handling of stored error in a negatively instantiated user key

  * CVE-2018-7566
    - ALSA: seq: Fix racy pool initializations
    - ALSA: seq: More protection for concurrent write and ioctl races

* CVE-2018-1000004. // CVE-2018-7566
- ALSA: seq: Don't allow resizing pool in use

* CVE-2018-1000004
- ALSA: seq: Make ioctls race-free

* CVE-2017-18216
- ocfs2: subsystem.su_mutex is required while accessing the item->ci_parent

  * CVE-2016-7913
    - tuner-xc2028: Don't try to sleep twice
    - xc2028: avoid use after free
    - xc2028: unlock on error in xc2028_set_config()
    - xc2028: Fix use-after-free bug properly

  * The VM hang happens because of pending interrupts not reinjected when
    migrating the VM several times (LP: #1791286)
    - KVM: ioapic: merge ioapic_deliver into ioapic_service
    - KVM: ioapic: clear IRR for edge-triggered interrupts at delivery
    - KVM: ioapic: extract body of kvm_ioapic_set_irq
    - KVM: ioapic: reinject pending interrupts on KVM_SET_IRQCHIP

* CVE-2018-5390
- SAUCE: tcp: Correct the backport of the CVE-2018-5390 fix

* CVE-2018-9518
- NFC: llcp: Limit size of SDP URI

* Improvements to the kernel source package preparation (LP: #1793461)
- [Packaging] startnewrelease: add support for backport kernels

-- Stefan Bader <email address hidden> Wed, 03 Oct 2018 16:41:42 +0200

Changed in linux (Ubuntu Trusty):
status:	Fix Committed → Fix Released

Revision history for this message

Launchpad Janitor (janitor) wrote on 2018-10-22:

#8

Download full text (20.0 KiB)

This bug was fixed in the package linux - 4.15.0-38.41

---------------
linux (4.15.0-38.41) bionic; urgency=medium

* linux: 4.15.0-38.41 -proposed tracker (LP: #1797061)

  * Silent data corruption in Linux kernel 4.15 (LP: #1796542)
    - block: add a lower-level bio_add_page interface
    - block: bio_iov_iter_get_pages: fix size of last iovec
    - blkdev: __blkdev_direct_IO_simple: fix leak in error case
    - block: bio_iov_iter_get_pages: pin more pages for multi-segment IOs

linux (4.15.0-37.40) bionic; urgency=medium

* linux: 4.15.0-37.40 -proposed tracker (LP: #1795564)

* hns3: enable ethtool rx-vlan-filter on supported hw (LP: #1793394)
- net: hns3: Add vlan filter setting by ethtool command -K

  * hns3: Modifying channel parameters will reset ring parameters back to
    defaults (LP: #1793404)
    - net: hns3: Fix desc num set to default when setting channel

* hisi_sas: Add SATA FIX check for v3 hw (LP: #1794151)
- scsi: hisi_sas: Add SATA FIS check for v3 hw

  * Fix potential corruption using SAS controller on HiSilicon arm64 boards
    (LP: #1794156)
    - scsi: hisi_sas: add memory barrier in task delivery function

* hisi_sas: Reduce unnecessary spin lock contention (LP: #1794165)
- scsi: hisi_sas: Tidy hisi_sas_task_prep()

  * Add functional level reset support for the SAS controller on HiSilicon D06
    systems (LP: #1794166)
    - scsi: hisi_sas: tidy host controller reset function a bit
    - scsi: hisi_sas: relocate some common code for v3 hw
    - scsi: hisi_sas: Implement handlers of PCIe FLR for v3 hw

  * HiSilicon SAS controller doesn't recover from PHY STP link timeout
    (LP: #1794172)
    - scsi: hisi_sas: tidy channel interrupt handler for v3 hw
    - scsi: hisi_sas: Fix the failure of recovering PHY from STP link timeout

* getxattr: always handle namespaced attributes (LP: #1789746)
- getxattr: use correct xattr length

* Fix unusable NVIDIA GPU after S3 (LP: #1793338)
- PCI: Reprogram bridge prefetch registers on resume

  * Fails to boot under Xen PV: BUG: unable to handle kernel paging request at
    edc21fd9 (LP: #1789118)
    - x86/EISA: Don't probe EISA bus for Xen PV guests

* qeth: use vzalloc for QUERY OAT buffer (LP: #1793086)
- s390/qeth: use vzalloc for QUERY OAT buffer

* SRU: Enable middle button of touchpad on ThinkPad P72 (LP: #1793463)
- Input: elantech - enable middle button of touchpad on ThinkPad P72

  * Dell new AIO requires a new uart backlight driver (LP: #1727235)
    - SAUCE: platform/x86: dell-uart-backlight: new backlight driver for DELL AIO
    - updateconfigs for Dell UART backlight driver

  * [Ubuntu] s390/crypto: Fix return code checking in cbc_paes_crypt.
    (LP: #1794294)
    - s390/crypto: Fix return code checking in cbc_paes_crypt()

  * hns3: Retrieve RoCE MSI-X config from firmware (LP: #1793221)
    - net: hns3: Fix MSIX allocation issue for VF
    - net: hns3: Refine the MSIX allocation for PF

  * net: hns: Avoid hang when link is changed while handling packets
    (LP: #1792209)
    - net: hns: add the code for cleaning pkt in chip
    - net: hns: add netif_carrier_off before change speed and duplex

* Page leaki...

This bug was fixed in the package linux - 4.15.0-38.41

---------------
linux (4.15.0-38.41) bionic; urgency=medium

* linux: 4.15.0-38.41 -proposed tracker (LP: #1797061)

* Silent data corruption in Linux kernel 4.15 (LP: #1796542)
    - block: add a lower-level bio_add_page interface
    - block: bio_iov_iter_get_pages: fix size of last iovec
    - blkdev: __blkdev_direct_IO_simple: fix leak in error case
    - block: bio_iov_iter_get_pages: pin more pages for multi-segment IOs

linux (4.15.0-37.40) bionic; urgency=medium

* linux: 4.15.0-37.40 -proposed tracker (LP: #1795564)

* hns3: enable ethtool rx-vlan-filter on supported hw (LP: #1793394)
    - net: hns3: Add vlan filter setting by ethtool command -K

* hns3: Modifying channel parameters will reset ring parameters back to
    defaults (LP: #1793404)
    - net: hns3: Fix desc num set to default when setting channel

* hisi_sas: Add SATA FIX check for v3 hw (LP: #1794151)
    - scsi: hisi_sas: Add SATA FIS check for v3 hw

* Fix potential corruption using SAS controller on HiSilicon arm64 boards
    (LP: #1794156)
    - scsi: hisi_sas: add memory barrier in task delivery function

* hisi_sas: Reduce unnecessary spin lock contention (LP: #1794165)
    - scsi: hisi_sas: Tidy hisi_sas_task_prep()

* Add functional level reset support for the SAS controller on HiSilicon D06
    systems (LP: #1794166)
    - scsi: hisi_sas: tidy host controller reset function a bit
    - scsi: hisi_sas: relocate some common code for v3 hw
    - scsi: hisi_sas: Implement handlers of PCIe FLR for v3 hw

* HiSilicon SAS controller doesn't recover from PHY STP link timeout
    (LP: #1794172)
    - scsi: hisi_sas: tidy channel interrupt handler for v3 hw
    - scsi: hisi_sas: Fix the failure of recovering PHY from STP link timeout

* getxattr: always handle namespaced attributes (LP: #1789746)
    - getxattr: use correct xattr length

* Fix unusable NVIDIA GPU after S3 (LP: #1793338)
    - PCI: Reprogram bridge prefetch registers on resume

* Fails to boot under Xen PV: BUG: unable to handle kernel paging request at
    edc21fd9 (LP: #1789118)
    - x86/EISA: Don't probe EISA bus for Xen PV guests

* qeth: use vzalloc for QUERY OAT buffer (LP: #1793086)
    - s390/qeth: use vzalloc for QUERY OAT buffer

* SRU: Enable middle button of touchpad on ThinkPad P72 (LP: #1793463)
    - Input: elantech - enable middle button of touchpad on ThinkPad P72

* Dell new AIO requires a new uart backlight driver (LP: #1727235)
    - SAUCE: platform/x86: dell-uart-backlight: new backlight driver for DELL AIO
    - updateconfigs for Dell UART backlight driver

* [Ubuntu] s390/crypto: Fix return code checking in cbc_paes_crypt.
    (LP: #1794294)
    - s390/crypto: Fix return code checking in cbc_paes_crypt()

* hns3: Retrieve RoCE MSI-X config from firmware (LP: #1793221)
    - net: hns3: Fix MSIX allocation issue for VF
    - net: hns3: Refine the MSIX allocation for PF

* net: hns: Avoid hang when link is changed while handling packets
    (LP: #1792209)
    - net: hns: add the code for cleaning pkt in chip
    - net: hns: add netif_carrier_off before change speed and duplex

* Page leaking in cachefiles_read_backing_file while vmscan is active
    (LP: #1793430)
    - SAUCE: cachefiles: Page leaking in cachefiles_read_backing_file while vmscan
      is active

* some nvidia p1000 graphic cards hang during the boot (LP: #1791569)
    - drm/nouveau/gr/gf100-: virtualise tpc_mask + apply fixes from traces

* Error reported when creating ZFS pool with "-t" option, despite successful
    pool creation (LP: #1769937)
    - SAUCE: (noup) Update zfs to 0.7.5-1ubuntu16.4

* Fix I2C touchpanels' interrupt storms after system suspend (LP: #1792309)
    - HID: i2c-hid: Fix flooded incomplete report after S3 on Rayd touchscreen
    - HID: i2c-hid: Don't reset device upon system resume

* ipmmu is always registered (LP: #1783746)
    - iommu/ipmmu-vmsa: Don't register as BUS IOMMU if machine doesn't have IPMMU-
      VMSA

* Bionic update: upstream stable patchset 2018-09-27 (LP: #1794889)
    - clocksource/drivers/imx-tpm: Correct some registers operation flow
    - Input: synaptics-rmi4 - fix an unchecked out of memory error path
    - KVM: X86: fix incorrect reference of trace_kvm_pi_irte_update
    - x86: Add check for APIC access address for vmentry of L2 guests
    - MIPS: io: Prevent compiler reordering writeX()
    - nfp: ignore signals when communicating with management FW
    - perf report: Fix switching to another perf.data file
    - fsnotify: fix ignore mask logic in send_to_group()
    - MIPS: io: Add barrier after register read in readX()
    - s390/smsgiucv: disable SMSG on module unload
    - isofs: fix potential memory leak in mount option parsing
    - MIPS: dts: Boston: Fix PCI bus dtc warnings:
    - spi: sh-msiof: Fix bit field overflow writes to TSCR/RSCR
    - doc: Add vendor prefix for Kieback & Peter GmbH
    - dt-bindings: pinctrl: sunxi: Fix reference to driver
    - dt-bindings: serial: sh-sci: Add support for r8a77965 (H)SCIF
    - dt-bindings: dmaengine: rcar-dmac: document R8A77965 support
    - clk: honor CLK_MUX_ROUND_CLOSEST in generic clk mux
    - ASoC: rt5514: Add the missing register in the readable table
    - eCryptfs: don't pass up plaintext names when using filename encryption
    - soc: bcm: raspberrypi-power: Fix use of __packed
    - soc: bcm2835: Make !RASPBERRYPI_FIRMWARE dummies return failure
    - PCI: kirin: Fix reset gpio name
    - ASoC: topology: Fix bugs of freeing soc topology
    - xen: xenbus_dev_frontend: Really return response string
    - ASoC: topology: Check widget kcontrols before deref.
    - spi: cadence: Add usleep_range() for cdns_spi_fill_tx_fifo()
    - blkcg: don't hold blkcg lock when deactivating policy
    - tipc: fix infinite loop when dumping link monitor summary
    - scsi: iscsi: respond to netlink with unicast when appropriate
    - scsi: megaraid_sas: Do not log an error if FW successfully initializes.
    - scsi: target: fix crash with iscsi target and dvd
    - netfilter: nf_tables: NAT chain and extensions require NF_TABLES
    - netfilter: nf_tables: fix out-of-bounds in nft_chain_commit_update
    - ASoC: msm8916-wcd-analog: use threaded context for mbhc events
    - drm/msm: Fix possible null dereference on failure of get_pages()
    - drm/msm/dsi: use correct enum in dsi_get_cmd_fmt
    - drm/msm: don't deref error pointer in the msm_fbdev_create error path
    - blkcg: init root blkcg_gq under lock
    - vfs: Undo an overly zealous MS_RDONLY -> SB_RDONLY conversion
    - parisc: time: Convert read_persistent_clock() to read_persistent_clock64()
    - scsi: storvsc: Set up correct queue depth values for IDE devices
    - scsi: isci: Fix infinite loop in while loop
    - mm, pagemap: fix swap offset value for PMD migration entry
    - proc: revalidate kernel thread inodes to root:root
    - kexec_file: do not add extra alignment to efi memmap
    - mm: memcg: add __GFP_NOWARN in __memcg_schedule_kmem_cache_create()
    - usb: typec: ucsi: fix tracepoint related build error
    - ACPI / PM: Blacklist Low Power S0 Idle _DSM for ThinkPad X1 Tablet(2016)
    - dt-bindings: meson-uart: DT fix s/clocks-names/clock-names/
    - net: phy: marvell: clear wol event before setting it
    - ARM: dts: da850: fix W=1 warnings with pinmux node
    - ACPI / watchdog: Prefer iTCO_wdt on Lenovo Z50-70
    - drm/amdkfd: fix clock counter retrieval for node without GPU
    - thermal: int3403_thermal: Fix NULL pointer deref on module load / probe
    - net: ethtool: Add missing kernel doc for FEC parameters
    - arm64: ptrace: remove addr_limit manipulation
    - HID: lenovo: Add support for IBM/Lenovo Scrollpoint mice
    - HID: wacom: Release device resource data obtained by devres_alloc()
    - selftests: ftrace: Add a testcase for multiple actions on trigger
    - rds: ib: Fix missing call to rds_ib_dev_put in rds_ib_setup_qp
    - perf/x86/intel: Don't enable freeze-on-smi for PerfMon V1
    - remoteproc: qcom: Fix potential device node leaks
    - rpmsg: added MODULE_ALIAS for rpmsg_char
    - HID: intel-ish-hid: use put_device() instead of kfree()
    - blk-mq: fix sysfs inflight counter
    - arm64: fix possible spectre-v1 in ptrace_hbp_get_event()
    - KVM: arm/arm64: vgic: fix possible spectre-v1 in vgic_mmio_read_apr()
    - libahci: Allow drivers to override stop_engine
    - ata: ahci: mvebu: override ahci_stop_engine for mvebu AHCI
    - x86/cpu/intel: Add missing TLB cpuid values
    - bpf: fix uninitialized variable in bpf tools
    - i2c: sprd: Prevent i2c accesses after suspend is called
    - i2c: sprd: Fix the i2c count issue
    - tipc: fix bug in function tipc_nl_node_dump_monitor
    - nvme: depend on INFINIBAND_ADDR_TRANS
    - nvmet-rdma: depend on INFINIBAND_ADDR_TRANS
    - ib_srpt: depend on INFINIBAND_ADDR_TRANS
    - ib_srp: depend on INFINIBAND_ADDR_TRANS
    - IB: make INFINIBAND_ADDR_TRANS configurable
    - IB/uverbs: Fix validating mandatory attributes
    - RDMA/cma: Fix use after destroy access to net namespace for IPoIB
    - RDMA/iwpm: fix memory leak on map_info
    - IB/rxe: add RXE_START_MASK for rxe_opcode IB_OPCODE_RC_SEND_ONLY_INV
    - IB/rxe: avoid double kfree_skb
    - <linux/stringhash.h>: fix end_name_hash() for 64bit long
    - IB/core: Make ib_mad_client_id atomic
    - ARM: davinci: board-da830-evm: fix GPIO lookup for MMC/SD
    - ARM: davinci: board-da850-evm: fix GPIO lookup for MMC/SD
    - ARM: davinci: board-omapl138-hawk: fix GPIO numbers for MMC/SD lookup
    - ARM: davinci: board-dm355-evm: fix broken networking
    - dt-bindings: panel: lvds: Fix path to display timing bindings
    - ARM: OMAP2+: powerdomain: use raw_smp_processor_id() for trace
    - ARM: dts: logicpd-som-lv: Fix WL127x Startup Issues
    - ARM: dts: logicpd-som-lv: Fix Audio Mute
    - Input: atmel_mxt_ts - fix the firmware update
    - hexagon: add memset_io() helper
    - hexagon: export csum_partial_copy_nocheck
    - scsi: vmw-pvscsi: return DID_BUS_BUSY for adapter-initated aborts
    - bpf, x64: fix memleak when not converging after image
    - parisc: drivers.c: Fix section mismatches
    - stop_machine, sched: Fix migrate_swap() vs. active_balance() deadlock
    - kthread, sched/wait: Fix kthread_parkme() wait-loop
    - arm64: tegra: Make BCM89610 PHY interrupt as active low
    - iommu/vt-d: fix shift-out-of-bounds in bug checking
    - nvme: fix potential memory leak in option parsing
    - nvme: Set integrity flag for user passthrough commands
    - ARM: OMAP1: ams-delta: fix deferred_fiq handler
    - smc: fix sendpage() call
    - IB/hfi1 Use correct type for num_user_context
    - IB/hfi1: Fix memory leak in exception path in get_irq_affinity()
    - RDMA/cma: Do not query GID during QP state transition to RTR
    - spi: bcm2835aux: ensure interrupts are enabled for shared handler
    - sched/core: Introduce set_special_state()
    - sh: fix build failure for J2 cpu with SMP disabled
    - tee: check shm references are consistent in offset/size
    - mac80211: Adjust SAE authentication timeout
    - drm/omap: silence unititialized variable warning
    - drm/omap: fix uninitialized ret variable
    - drm/omap: fix possible NULL ref issue in tiler_reserve_2d
    - drm/omap: check return value from soc_device_match
    - drm/omap: handle alloc failures in omap_connector
    - driver core: add __printf verification to __ata_ehi_pushv_desc
    - ARM: dts: cygnus: fix irq type for arm global timer
    - mac80211: use timeout from the AddBA response instead of the request
    - net: aquantia: driver should correctly declare vlan_features bits
    - can: dev: increase bus-off message severity
    - arm64: Add MIDR encoding for NVIDIA CPUs
    - cifs: smb2ops: Fix listxattr() when there are no EAs
    - agp: uninorth: make two functions static
    - tipc: eliminate KMSAN uninit-value in strcmp complaint
    - qed: Fix l2 initializations over iWARP personality
    - qede: Fix gfp flags sent to rdma event node allocation
    - rxrpc: Fix error reception on AF_INET6 sockets
    - rxrpc: Fix the min security level for kernel calls
    - KVM: Extend MAX_IRQ_ROUTES to 4096 for all archs
    - x86: Delay skip of emulated hypercall instruction
    - ixgbe: return error on unsupported SFP module when resetting
    - net sched actions: fix invalid pointer dereferencing if skbedit flags
      missing
    - proc/kcore: don't bounds check against address 0
    - ocfs2: take inode cluster lock before moving reflinked inode from orphan dir
    - kprobes/x86: Prohibit probing on exception masking instructions
    - uprobes/x86: Prohibit probing on MOV SS instruction
    - objtool, kprobes/x86: Sync the latest <asm/insn.h> header with
      tools/objtool/arch/x86/include/asm/insn.h
    - x86/pkeys/selftests: Adjust the self-test to fresh distros that export the
      pkeys ABI
    - x86/mpx/selftests: Adjust the self-test to fresh distros that export the MPX
      ABI
    - x86/selftests: Add mov_to_ss test
    - x86/pkeys/selftests: Give better unexpected fault error messages
    - x86/pkeys/selftests: Stop using assert()
    - x86/pkeys/selftests: Remove dead debugging code, fix dprint_in_signal
    - x86/pkeys/selftests: Allow faults on unknown keys
    - x86/pkeys/selftests: Factor out "instruction page"
    - x86/pkeys/selftests: Add PROT_EXEC test
    - x86/pkeys/selftests: Fix pkey exhaustion test off-by-one
    - x86/pkeys/selftests: Fix pointer math
    - x86/pkeys/selftests: Save off 'prot' for allocations
    - x86/pkeys/selftests: Add a test for pkey 0
    - mtd: Fix comparison in map_word_andequal()
    - afs: Fix the non-encryption of calls
    - usb: musb: fix remote wakeup racing with suspend
    - ARM: keystone: fix platform_domain_notifier array overrun
    - i2c: pmcmsp: return message count on master_xfer success
    - i2c: pmcmsp: fix error return from master_xfer
    - i2c: viperboard: return message count on master_xfer success
    - ARM: davinci: dm646x: fix timer interrupt generation
    - ARM: davinci: board-dm646x-evm: pass correct I2C adapter id for VPIF
    - ARM: davinci: board-dm646x-evm: set VPIF capture card name
    - clk: imx6ull: use OSC clock during AXI rate change
    - locking/rwsem: Add a new RWSEM_ANONYMOUSLY_OWNED flag
    - locking/percpu-rwsem: Annotate rwsem ownership transfer by setting
      RWSEM_OWNER_UNKNOWN
    - drm/dumb-buffers: Integer overflow in drm_mode_create_ioctl()
    - sched/debug: Move the print_rt_rq() and print_dl_rq() declarations to
      kernel/sched/sched.h
    - sched/deadline: Make the grub_reclaim() function static
    - parisc: Move setup_profiling_timer() out of init section
    - efi/libstub/arm64: Handle randomized TEXT_OFFSET
    - ARM: 8753/1: decompressor: add a missing parameter to the addruart macro
    - ARM: 8758/1: decompressor: restore r1 and r2 just before jumping to the
      kernel
    - ARM: kexec: fix kdump register saving on panic()
    - Revert "Btrfs: fix scrub to repair raid6 corruption"
    - Btrfs: fix scrub to repair raid6 corruption
    - Btrfs: make raid6 rebuild retry more
    - tcp: do not overshoot window_clamp in tcp_rcv_space_adjust()
    - ibmvnic: Do not notify peers on parameter change resets
    - dt-bindings: net: ravb: Add support for r8a77965 SoC
    - X86/KVM: Properly update 'tsc_offset' to represent the running guest
    - kvm: x86: move MSR_IA32_TSC handling to x86.c
    - ARM: dts: Fix cm2 and prm sizes for omap4
    - powerpc/64s: Default l1d_size to 64K in RFI fallback flush
    - KVM: arm/arm64: vgic: Kick new VCPU on interrupt migration
    - arm64: kasan: avoid pfn_to_nid() before page array is initialized
    - ARM64: dts: meson-gxl: add USB host support
    - ARM64: dts: meson-gxm: add GXM specific USB host configuration
    - ARM64: dts: meson-gxl-s905x-p212: enable the USB controller
    - ARM64: dts: meson-gx-p23x-q20x: enable the USB controller
    - ARM64: dts: meson-gxl-s905x-libretech-cc: enable the USB controller
    - ARM64: dts: meson-gxl-nexbox-a95x: enable the USB controller
    - ARM64: dts: meson-gxm-khadas-vim2: enable the USB controller
    - arm64: dts: correct SATA addresses for Stingray
    - afs: Fix server record deletion
    - proc: fix /proc/loadavg regression
    - s390/qeth: fix request-side race during cmd IO timeout
    - ACPI / scan: Initialize watchdog before PNP
    - CIFS: set *resp_buf_type to NO_BUFFER on error
    - arm64: dts: uniphier: fix input delay value for legacy mode of eMMC
    - igb: Fix the transmission mode of queue 0 for Qav mode
    - RISC-V: build vdso-dummy.o with -no-pie
    - arm64: only advance singlestep for user instruction traps
    - perf pmu: Fix core PMU alias list for X86 platform
    - bpf, x64: fix JIT emission for dead code
    - powerpc/kvm/booke: Fix altivec related build break
    - reset: uniphier: fix USB clock line for LD20
    - nfp: don't depend on eth_tbl being available
    - net: mvpp2: Fix clk error path in mvpp2_probe
    - kvm: apic: Flush TLB after APIC mode/address change if VPIDs are in use
    - IB/uverbs: Fix validating mandatory attributes
    - RDMA/hns: Intercept illegal RDMA operation when use inline data
    - pinctrl: cherryview: Associate IRQ descriptors to irqdomain
    - kthread, sched/wait: Fix kthread_parkme() completion issue
    - iommu/vt-d: Fix usage of force parameter in intel_ir_reconfigure_irte()
    - nvme/multipath: Disable runtime writable enabling parameter
    - ARM: dts: correct missing "compatible" entry for ti81xx SoCs
    - usb: typec: tps6598x: handle block reads separately with plain-I2C adapters
    - IB/mlx4: Fix integer overflow when calculating optimal MTT size
    - bpf: add map_alloc_check callback
    - bpf: fix possible spectre-v1 in find_and_alloc_map()
    - drm/exynos/mixer: fix synchronization check in interlaced mode
    - drm/exynos: mixer: avoid Oops in vp_video_buffer()
    - bpf: use array_index_nospec in find_prog_type
    - gcc-plugins: fix build condition of SANCOV plugin
    - drm/vc4: Fix oops dereferencing DPI's connector since panel_bridge.
    - nvme: fix use-after-free in nvme_free_ns_head
    - powerpc/pseries: Fix CONFIG_NUMA=n build
    - HID: i2c-hid: Add RESEND_REPORT_DESCR quirk for Toshiba Click Mini L9W-B
    - cifs: Allocate validate negotiation request through kmalloc
    - drm/amdgpu: Switch to interruptable wait to recover from ring hang.
    - rxrpc: Fix missing start of call timeout
    - ARM: dts: imx51-zii-rdu1: fix touchscreen bindings
    - sh: switch to NO_BOOTMEM
    - lib/find_bit_benchmark.c: avoid soft lockup in test_find_first_bit()
    - x86/pkeys/selftests: Avoid printf-in-signal deadlocks
    - afs: Fix address list parsing
    - afs: Fix refcounting in callback registration
    - afs: Fix server rotation's handling of fileserver probe failure
    - afs: Fix VNOVOL handling in address rotation
    - afs: Fix the handling of CB.InitCallBackState3 to find the server by UUID
    - afs: Fix afs_find_server search loop
    - KVM: X86: Lower the default timer frequency limit to 200us
    - platform/x86: DELL_WMI use depends on instead of select for DELL_SMBIOS
    - ARM: replace unnecessary perl with sed and the shell $(( )) operator

* Improvements to the kernel source package preparation (LP: #1793461)
    - [Packaging] startnewrelease: add support for backport kernels

* Kernel 4.15.0-35.38 fails to build with CONFIG_XFS_ONLINE_SCRUB enabled
    (LP: #1792393)
    - SAUCE: xfs: fix build error with CONFIG_XFS_ONLINE_SCRUB enabled

* update ENA driver to latest mainline version (LP: #1792044)
    - net: ena: add detection and recovery mechanism for handling missed/misrouted
      MSI-X
    - net: ena: increase ena driver version to 1.5.0
    - net: ena: Eliminate duplicate barriers on weakly-ordered archs
    - SAUCE: ena: devm_kzalloc() -> devm_kcalloc()
    - net: ena: Fix use of uninitialized DMA address bits field
    - net: ena: fix surprise unplug NULL dereference kernel crash
    - net: ena: fix driver when PAGE_SIZE == 64kB
    - net: ena: fix device destruction to gracefully free resources
    - net: ena: fix potential double ena_destroy_device()
    - net: ena: fix missing lock during device destruction
    - net: ena: fix missing calls to READ_ONCE
    - net: ena: fix incorrect usage of memory barriers

-- Stefan Bader <stefan.bader@canonical.com>  Wed, 10 Oct 2018 11:20:35 +0200

Changed in linux (Ubuntu Bionic):
status:	Fix Committed → Fix Released

Revision history for this message

Launchpad Janitor (janitor) wrote on 2018-10-22:

#9

Download full text (28.0 KiB)

This bug was fixed in the package linux - 4.4.0-138.164

---------------
linux (4.4.0-138.164) xenial; urgency=medium

* linux: 4.4.0-138.164 -proposed tracker (LP: #1795582)

* Linux 4.4.155 stable release build is broken on ppc64 (LP: #1795662)
- powerpc/fadump: Return error when fadump registration fails

  * Kernel hang on drive pull caused by regression introduced by commit
    287922eb0b18 (LP: #1791790)
    - block: Fix a race between blk_cleanup_queue() and timeout handling

* qeth: use vzalloc for QUERY OAT buffer (LP: #1793086)
- s390/qeth: use vzalloc for QUERY OAT buffer

  * Page leaking in cachefiles_read_backing_file while vmscan is active
    (LP: #1793430)
    - SAUCE: cachefiles: Page leaking in cachefiles_read_backing_file while vmscan
      is active

* Bugfix for handling of shadow doorbell buffer (LP: #1788222)
- nvme-pci: add a memory barrier to nvme_dbbuf_update_and_check_event

  * Xenial update to 4.4.155 stable release (LP: #1792419)
    - net: 6lowpan: fix reserved space for single frames
    - net: mac802154: tx: expand tailroom if necessary
    - 9p/net: Fix zero-copy path in the 9p virtio transport
    - net: lan78xx: Fix misplaced tasklet_schedule() call
    - spi: davinci: fix a NULL pointer dereference
    - drm/i915/userptr: reject zero user_size
    - powerpc/fadump: handle crash memory ranges array index overflow
    - powerpc/pseries: Fix endianness while restoring of r3 in MCE handler.
    - fs/9p/xattr.c: catch the error of p9_client_clunk when setting xattr failed
    - 9p/virtio: fix off-by-one error in sg list bounds check
    - net/9p/client.c: version pointer uninitialized
    - net/9p/trans_fd.c: fix race-condition by flushing workqueue before the
      kfree()
    - dm cache metadata: save in-core policy_hint_size to on-disk superblock
    - iio: ad9523: Fix displayed phase
    - iio: ad9523: Fix return value for ad952x_store()
    - vmw_balloon: fix inflation of 64-bit GFNs
    - vmw_balloon: do not use 2MB without batching
    - vmw_balloon: VMCI_DOORBELL_SET does not check status
    - vmw_balloon: fix VMCI use when balloon built into kernel
    - tracing: Do not call start/stop() functions when tracing_on does not change
    - tracing/blktrace: Fix to allow setting same value
    - kthread, tracing: Don't expose half-written comm when creating kthreads
    - uprobes: Use synchronize_rcu() not synchronize_sched()
    - 9p: fix multiple NULL-pointer-dereferences
    - PM / sleep: wakeup: Fix build error caused by missing SRCU support
    - pnfs/blocklayout: off by one in bl_map_stripe()
    - ARM: tegra: Fix Tegra30 Cardhu PCA954x reset
    - mm/tlb: Remove tlb_remove_table() non-concurrent condition
    - iommu/vt-d: Add definitions for PFSID
    - iommu/vt-d: Fix dev iotlb pfsid use
    - osf_getdomainname(): use copy_to_user()
    - sys: don't hold uts_sem while accessing userspace memory
    - userns: move user access out of the mutex
    - ubifs: Fix memory leak in lprobs self-check
    - Revert "UBIFS: Fix potential integer overflow in allocation"
    - ubifs: Check data node size before truncate
    - ubifs: Fix synced_i_size calculation for xattr inodes
    - pwm: ti...

This bug was fixed in the package linux - 4.4.0-138.164

---------------
linux (4.4.0-138.164) xenial; urgency=medium

* linux: 4.4.0-138.164 -proposed tracker (LP: #1795582)

* Linux 4.4.155 stable release build is broken on ppc64 (LP: #1795662)
    - powerpc/fadump: Return error when fadump registration fails

* Kernel hang on drive pull caused by regression introduced by commit
    287922eb0b18 (LP: #1791790)
    - block: Fix a race between blk_cleanup_queue() and timeout handling

* qeth: use vzalloc for QUERY OAT buffer (LP: #1793086)
    - s390/qeth: use vzalloc for QUERY OAT buffer

* Page leaking in cachefiles_read_backing_file while vmscan is active
    (LP: #1793430)
    - SAUCE: cachefiles: Page leaking in cachefiles_read_backing_file while vmscan
      is active

* Bugfix for handling of shadow doorbell buffer (LP: #1788222)
    - nvme-pci: add a memory barrier to nvme_dbbuf_update_and_check_event

* Xenial update to 4.4.155 stable release (LP: #1792419)
    - net: 6lowpan: fix reserved space for single frames
    - net: mac802154: tx: expand tailroom if necessary
    - 9p/net: Fix zero-copy path in the 9p virtio transport
    - net: lan78xx: Fix misplaced tasklet_schedule() call
    - spi: davinci: fix a NULL pointer dereference
    - drm/i915/userptr: reject zero user_size
    - powerpc/fadump: handle crash memory ranges array index overflow
    - powerpc/pseries: Fix endianness while restoring of r3 in MCE handler.
    - fs/9p/xattr.c: catch the error of p9_client_clunk when setting xattr failed
    - 9p/virtio: fix off-by-one error in sg list bounds check
    - net/9p/client.c: version pointer uninitialized
    - net/9p/trans_fd.c: fix race-condition by flushing workqueue before the
      kfree()
    - dm cache metadata: save in-core policy_hint_size to on-disk superblock
    - iio: ad9523: Fix displayed phase
    - iio: ad9523: Fix return value for ad952x_store()
    - vmw_balloon: fix inflation of 64-bit GFNs
    - vmw_balloon: do not use 2MB without batching
    - vmw_balloon: VMCI_DOORBELL_SET does not check status
    - vmw_balloon: fix VMCI use when balloon built into kernel
    - tracing: Do not call start/stop() functions when tracing_on does not change
    - tracing/blktrace: Fix to allow setting same value
    - kthread, tracing: Don't expose half-written comm when creating kthreads
    - uprobes: Use synchronize_rcu() not synchronize_sched()
    - 9p: fix multiple NULL-pointer-dereferences
    - PM / sleep: wakeup: Fix build error caused by missing SRCU support
    - pnfs/blocklayout: off by one in bl_map_stripe()
    - ARM: tegra: Fix Tegra30 Cardhu PCA954x reset
    - mm/tlb: Remove tlb_remove_table() non-concurrent condition
    - iommu/vt-d: Add definitions for PFSID
    - iommu/vt-d: Fix dev iotlb pfsid use
    - osf_getdomainname(): use copy_to_user()
    - sys: don't hold uts_sem while accessing userspace memory
    - userns: move user access out of the mutex
    - ubifs: Fix memory leak in lprobs self-check
    - Revert "UBIFS: Fix potential integer overflow in allocation"
    - ubifs: Check data node size before truncate
    - ubifs: Fix synced_i_size calculation for xattr inodes
    - pwm: tiehrpwm: Fix disabling of output of PWMs
    - fb: fix lost console when the user unplugs a USB adapter
    - udlfb: set optimal write delay
    - getxattr: use correct xattr length
    - bcache: release dc->writeback_lock properly in bch_writeback_thread()
    - perf auxtrace: Fix queue resize
    - fs/quota: Fix spectre gadget in do_quotactl
    - x86/io: add interface to reserve io memtype for a resource range. (v1.1)
    - drm/drivers: add support for using the arch wc mapping API.
    - Linux 4.4.155

* Xenial update to 4.4.154 stable release (LP: #1792392)
    - sched/sysctl: Check user input value of sysctl_sched_time_avg
    - Cipso: cipso_v4_optptr enter infinite loop
    - vti6: fix PMTU caching and reporting on xmit
    - xfrm: fix missing dst_release() after policy blocking lbcast and multicast
    - xfrm: free skb if nlsk pointer is NULL
    - mac80211: add stations tied to AP_VLANs during hw reconfig
    - nl80211: Add a missing break in parse_station_flags
    - drm/bridge: adv7511: Reset registers on hotplug
    - scsi: libiscsi: fix possible NULL pointer dereference in case of TMF
    - drm/imx: imx-ldb: disable LDB on driver bind
    - drm/imx: imx-ldb: check if channel is enabled before printing warning
    - usb: gadget: r8a66597: Fix two possible sleep-in-atomic-context bugs in
      init_controller()
    - usb: gadget: r8a66597: Fix a possible sleep-in-atomic-context bugs in
      r8a66597_queue()
    - usb/phy: fix PPC64 build errors in phy-fsl-usb.c
    - tools: usb: ffs-test: Fix build on big endian systems
    - usb: gadget: f_uac2: fix endianness of 'struct cntrl_*_lay3'
    - tools/power turbostat: fix -S on UP systems
    - net: caif: Add a missing rcu_read_unlock() in caif_flow_cb
    - qed: Fix possible race for the link state value.
    - atl1c: reserve min skb headroom
    - net: prevent ISA drivers from building on PPC32
    - can: mpc5xxx_can: check of_iomap return before use
    - i2c: davinci: Avoid zero value of CLKH
    - media: staging: omap4iss: Include asm/cacheflush.h after generic includes
    - bnx2x: Fix invalid memory access in rss hash config path.
    - net: axienet: Fix double deregister of mdio
    - selftests/ftrace: Add snapshot and tracing_on test case
    - zswap: re-check zswap_is_full() after do zswap_shrink()
    - tools/power turbostat: Read extended processor family from CPUID
    - Revert "MIPS: BCM47XX: Enable 74K Core ExternalSync for PCIe erratum"
    - enic: handle mtu change for vf properly
    - arc: fix build errors in arc/include/asm/delay.h
    - arc: fix type warnings in arc/mm/cache.c
    - drivers: net: lmc: fix case value for target abort error
    - scsi: fcoe: drop frames in ELS LOGO error path
    - scsi: vmw_pvscsi: Return DID_RESET for status SAM_STAT_COMMAND_TERMINATED
    - mm/memory.c: check return value of ioremap_prot
    - cifs: add missing debug entries for kconfig options
    - cifs: check kmalloc before use
    - smb3: Do not send SMB3 SET_INFO if nothing changed
    - smb3: don't request leases in symlink creation and query
    - btrfs: don't leak ret from do_chunk_alloc
    - s390/kvm: fix deadlock when killed by oom
    - ext4: check for NUL characters in extended attribute's name
    - ext4: sysfs: print ext4_super_block fields as little-endian
    - ext4: reset error code in ext4_find_entry in fallback
    - arm64: mm: check for upper PAGE_SHIFT bits in pfn_valid()
    - KVM: arm/arm64: Skip updating PTE entry if no change
    - KVM: arm/arm64: Skip updating PMD entry if no change
    - x86/speculation/l1tf: Suggest what to do on systems with too much RAM
    - x86/process: Re-export start_thread()
    - fuse: Don't access pipe->buffers without pipe_lock()
    - fuse: fix double request_end()
    - fuse: fix unlocked access to processing queue
    - fuse: umount should wait for all requests
    - fuse: Fix oops at process_init_reply()
    - fuse: Add missed unlock_page() to fuse_readpages_fill()
    - udl-kms: change down_interruptible to down
    - udl-kms: handle allocation failure
    - udl-kms: fix crash due to uninitialized memory
    - ASoC: dpcm: don't merge format from invalid codec dai
    - ASoC: sirf: Fix potential NULL pointer dereference
    - pinctrl: freescale: off by one in imx1_pinconf_group_dbg_show()
    - x86/irqflags: Mark native_restore_fl extern inline
    - s390: fix br_r1_trampoline for machines without exrl
    - s390/qdio: reset old sbal_state flags
    - kprobes: Make list and blacklist root user read only
    - MIPS: Correct the 64-bit DSP accumulator register size
    - MIPS: lib: Provide MIPS64r6 __multi3() for GCC < 7
    - scsi: sysfs: Introduce sysfs_{un,}break_active_protection()
    - scsi: core: Avoid that SCSI device removal through sysfs triggers a deadlock
    - iscsi target: fix session creation failure handling
    - cdrom: Fix info leak/OOB read in cdrom_ioctl_drive_status
    - Linux 4.4.154

* Xenial update to 4.4.153 stable release (LP: #1792383)
    - x86/mm: Fix use-after-free of ldt_struct
    - ovl: Ensure upper filesystem supports d_type
    - ovl: Do d_type check only if work dir creation was successful
    - ovl: warn instead of error if d_type is not supported
    - Linux 4.4.153

* Xenial update to 4.4.152 stable release (LP: #1792377)
    - ARC: Explicitly add -mmedium-calls to CFLAGS
    - netfilter: ipv6: nf_defrag: reduce struct net memory waste
    - selftests: pstore: return Kselftest Skip code for skipped tests
    - selftests: static_keys: return Kselftest Skip code for skipped tests
    - selftests: user: return Kselftest Skip code for skipped tests
    - selftests: zram: return Kselftest Skip code for skipped tests
    - selftests: sync: add config fragment for testing sync framework
    - ARM: dts: Cygnus: Fix I2C controller interrupt type
    - usb: dwc2: fix isoc split in transfer with no data
    - usb: gadget: composite: fix delayed_status race condition when set_interface
    - usb: gadget: dwc2: fix memory leak in gadget_init()
    - scsi: xen-scsifront: add error handling for xenbus_printf
    - arm64: make secondary_start_kernel() notrace
    - qed: Add sanity check for SIMD fastpath handler.
    - enic: initialize enic->rfs_h.lock in enic_probe
    - net: hamradio: use eth_broadcast_addr
    - net: propagate dev_get_valid_name return code
    - ARC: Enable machine_desc->init_per_cpu for !CONFIG_SMP
    - net: davinci_emac: match the mdio device against its compatible if possible
    - locking/lockdep: Do not record IRQ state within lockdep code
    - ipv6: mcast: fix unsolicited report interval after receiving querys
    - Smack: Mark inode instant in smack_task_to_inode
    - cxgb4: when disabling dcb set txq dcb priority to 0
    - brcmfmac: stop watchdog before detach and free everything
    - ARM: dts: am437x: make edt-ft5x06 a wakeup source
    - usb: xhci: increase CRS timeout value
    - perf test session topology: Fix test on s390
    - perf report powerpc: Fix crash if callchain is empty
    - selftests/x86/sigreturn/64: Fix spurious failures on AMD CPUs
    - ARM: dts: da850: Fix interrups property for gpio
    - dmaengine: k3dma: Off by one in k3_of_dma_simple_xlate()
    - md/raid10: fix that replacement cannot complete recovery after reassemble
    - drm/exynos: gsc: Fix support for NV16/61, YUV420/YVU420 and YUV422 modes
    - drm/exynos: decon5433: Fix per-plane global alpha for XRGB modes
    - drm/exynos: decon5433: Fix WINCONx reset value
    - bnx2x: Fix receiving tx-timeout in error or recovery state.
    - m68k: fix "bad page state" oops on ColdFire boot
    - HID: wacom: Correct touch maximum XY of 2nd-gen Intuos
    - ARM: imx_v6_v7_defconfig: Select ULPI support
    - ARM: imx_v4_v5_defconfig: Select ULPI support
    - tracing: Use __printf markup to silence compiler
    - kasan: fix shadow_size calculation error in kasan_module_alloc
    - smsc75xx: Add workaround for gigabit link up hardware errata.
    - netfilter: x_tables: set module owner for icmp(6) matches
    - ARM: pxa: irq: fix handling of ICMR registers in suspend/resume
    - ieee802154: at86rf230: switch from BUG_ON() to WARN_ON() on problem
    - ieee802154: at86rf230: use __func__ macro for debug messages
    - ieee802154: fakelb: switch from BUG_ON() to WARN_ON() on problem
    - drm/armada: fix colorkey mode property
    - bnxt_en: Fix for system hang if request_irq fails
    - perf llvm-utils: Remove bashism from kernel include fetch script
    - ARM: 8780/1: ftrace: Only set kernel memory back to read-only after boot
    - ARM: dts: am3517.dtsi: Disable reference to OMAP3 OTG controller
    - ixgbe: Be more careful when modifying MAC filters
    - packet: reset network header if packet shorter than ll reserved space
    - qlogic: check kstrtoul() for errors
    - tcp: remove DELAYED ACK events in DCTCP
    - drm/nouveau/gem: off by one bugs in nouveau_gem_pushbuf_reloc_apply()
    - net/ethernet/freescale/fman: fix cross-build error
    - net: usb: rtl8150: demote allmulti message to dev_dbg()
    - net: qca_spi: Avoid packet drop during initial sync
    - net: qca_spi: Make sure the QCA7000 reset is triggered
    - net: qca_spi: Fix log level if probe fails
    - tcp: identify cryptic messages as TCP seq # bugs
    - staging: android: ion: check for kref overflow
    - KVM: irqfd: fix race between EPOLLHUP and irq_bypass_register_consumer
    - ext4: fix spectre gadget in ext4_mb_regular_allocator()
    - parisc: Remove ordered stores from syscall.S
    - xfrm_user: prevent leaking 2 bytes of kernel memory
    - netfilter: conntrack: dccp: treat SYNC/SYNCACK as invalid if no prior state
    - packet: refine ring v3 block size test to hold one frame
    - bridge: Propagate vlan add failure to user
    - parisc: Remove unnecessary barriers from spinlock.h
    - PCI: hotplug: Don't leak pci_slot on registration failure
    - PCI: Skip MPS logic for Virtual Functions (VFs)
    - PCI: pciehp: Fix use-after-free on unplug
    - i2c: imx: Fix race condition in dma read
    - reiserfs: fix broken xattr handling (heap corruption, bad retval)
    - Linux 4.4.152

* Xenial update to 4.4.151 stable release (LP: #1792340)
    - dccp: fix undefined behavior with 'cwnd' shift in ccid2_cwnd_restart()
    - l2tp: use sk_dst_check() to avoid race on sk->sk_dst_cache
    - llc: use refcount_inc_not_zero() for llc_sap_find()
    - net_sched: Fix missing res info when create new tc_index filter
    - vsock: split dwork to avoid reinitializations
    - net_sched: fix NULL pointer dereference when delete tcindex filter
    - ALSA: hda - Sleep for 10ms after entering D3 on Conexant codecs
    - ALSA: hda - Turn CX8200 into D3 as well upon reboot
    - ALSA: vx222: Fix invalid endian conversions
    - ALSA: virmidi: Fix too long output trigger loop
    - ALSA: cs5535audio: Fix invalid endian conversion
    - ALSA: hda: Correct Asrock B85M-ITX power_save blacklist entry
    - ALSA: memalloc: Don't exceed over the requested size
    - ALSA: vxpocket: Fix invalid endian conversions
    - USB: serial: sierra: fix potential deadlock at close
    - USB: option: add support for DW5821e
    - ACPI: save NVS memory for Lenovo G50-45
    - ACPI / PM: save NVS memory for ASUS 1025C laptop
    - serial: 8250_dw: always set baud rate in dw8250_set_termios
    - Bluetooth: avoid killing an already killed socket
    - isdn: Disable IIOCDBGVAR
    - Linux 4.4.151

* Xenial update to 4.4.150 stable release (LP: #1792336)
    - x86/speculation/l1tf: Exempt zeroed PTEs from inversion
    - Linux 4.4.150

* Xenial update to 4.4.149 stable release (LP: #1792310)
    - x86/mm: Disable ioremap free page handling on x86-PAE
    - tcp: Fix missing range_truesize enlargement in the backport
    - kasan: don't emit builtin calls when sanitization is off
    - i2c: ismt: fix wrong device address when unmap the data buffer
    - kbuild: verify that $DEPMOD is installed
    - crypto: vmac - require a block cipher with 128-bit block size
    - crypto: vmac - separate tfm and request context
    - crypto: blkcipher - fix crash flushing dcache in error path
    - crypto: ablkcipher - fix crash flushing dcache in error path
    - ASoC: Intel: cht_bsw_max98090_ti: Fix jack initialization
    - ioremap: Update pgtable free interfaces with addr
    - x86/mm: Add TLB purge to free pmd/pte page interfaces
    - Linux 4.4.149

* Xenial update to 4.4.149 stable release (LP: #1792310) // CVE-2018-9363
    - Bluetooth: hidp: buffer overflow in hidp_process_report

* Xenial update to 4.4.148 stable release (LP: #1792174)
    - ext4: fix check to prevent initializing reserved inodes
    - tpm: fix race condition in tpm_common_write()
    - ipv4+ipv6: Make INET*_ESP select CRYPTO_ECHAINIV
    - fork: unconditionally clear stack on fork
    - parisc: Enable CONFIG_MLONGCALLS by default
    - parisc: Define mb() and add memory barriers to assembler unlock sequences
    - xen/netfront: don't cache skb_shinfo()
    - ACPI / LPSS: Add missing prv_offset setting for byt/cht PWM devices
    - scsi: sr: Avoid that opening a CD-ROM hangs with runtime power management
      enabled
    - root dentries need RCU-delayed freeing
    - fix mntput/mntput race
    - fix __legitimize_mnt()/mntput() race
    - IB/core: Make testing MR flags for writability a static inline function
    - IB/mlx4: Mark user MR as writable if actual virtual memory is writable
    - IB/ocrdma: fix out of bounds access to local buffer
    - ARM: dts: imx6sx: fix irq for pcie bridge
    - kprobes/x86: Fix %p uses in error messages
    - x86/irqflags: Provide a declaration for native_save_fl
    - SAUCE: Sync pgtable_64.h with upstream stable
    - mm: x86: move _PAGE_SWP_SOFT_DIRTY from bit 7 to bit 1
    - SAUCE: Sync pgtable-3level.h with upstream stable
    - SAUCE: Sync pgtable.h with upstream stable
    - mm: Add vm_insert_pfn_prot()
    - mm: fix cache mode tracking in vm_insert_mixed()
    - x86/mm/kmmio: Make the tracer robust against L1TF
    - x86/init: fix build with CONFIG_SWAP=n
    - Linux 4.4.148

* Xenial update to 4.4.147 stable release (LP: #1792109)
    - scsi: qla2xxx: Fix ISP recovery on unload
    - scsi: qla2xxx: Return error when TMF returns
    - genirq: Make force irq threading setup more robust
    - nohz: Fix local_timer_softirq_pending()
    - netlink: Do not subscribe to non-existent groups
    - netlink: Don't shift with UB on nlk->ngroups
    - netlink: Don't shift on 64 for ngroups
    - ACPI / PCI: Bail early in acpi_pci_add_bus() if there is no ACPI handle
    - ring_buffer: tracing: Inherit the tracing setting to next ring buffer
    - i2c: imx: Fix reinit_completion() use
    - Linux 4.4.147

* Xenial update to 4.4.146 stable release (LP: #1791953)
    - MIPS: Fix off-by-one in pci_resource_to_user()
    - Input: elan_i2c - add ACPI ID for lenovo ideapad 330
    - Input: i8042 - add Lenovo LaVie Z to the i8042 reset list
    - Input: elan_i2c - add another ACPI ID for Lenovo Ideapad 330-15AST
    - tracing: Fix double free of event_trigger_data
    - tracing: Fix possible double free in event_enable_trigger_func()
    - tracing/kprobes: Fix trace_probe flags on enable_trace_kprobe() failure
    - tracing: Quiet gcc warning about maybe unused link variable
    - xen/netfront: raise max number of slots in xennet_get_responses()
    - ALSA: emu10k1: add error handling for snd_ctl_add
    - ALSA: fm801: add error handling for snd_ctl_add
    - nfsd: fix potential use-after-free in nfsd4_decode_getdeviceinfo
    - mm: vmalloc: avoid racy handling of debugobjects in vunmap
    - mm/slub.c: add __printf verification to slab_err()
    - rtc: ensure rtc_set_alarm fails when alarms are not supported
    - netfilter: ipset: List timing out entries with "timeout 1" instead of zero
    - infiniband: fix a possible use-after-free bug
    - hvc_opal: don't set tb_ticks_per_usec in udbg_init_opal_common()
    - powerpc/64s: Fix compiler store ordering to SLB shadow area
    - RDMA/mad: Convert BUG_ONs to error flows
    - disable loading f2fs module on PAGE_SIZE > 4KB
    - f2fs: fix to don't trigger writeback during recovery
    - usbip: usbip_detach: Fix memory, udev context and udev leak
    - perf/x86/intel/uncore: Correct fixed counter index check in generic code
    - perf/x86/intel/uncore: Correct fixed counter index check for NHM
    - iwlwifi: pcie: fix race in Rx buffer allocator
    - Bluetooth: hci_qca: Fix "Sleep inside atomic section" warning
    - Bluetooth: btusb: Add a new Realtek 8723DE ID 2ff8:b011
    - ASoC: dpcm: fix BE dai not hw_free and shutdown
    - mfd: cros_ec: Fail early if we cannot identify the EC
    - mwifiex: handle race during mwifiex_usb_disconnect
    - wlcore: sdio: check for valid platform device data before suspend
    - media: videobuf2-core: don't call memop 'finish' when queueing
    - btrfs: add barriers to btrfs_sync_log before log_commit_wait wakeups
    - btrfs: qgroup: Finish rescan when hit the last leaf of extent tree
    - PCI: Prevent sysfs disable of device while driver is attached
    - ath: Add regulatory mapping for FCC3_ETSIC
    - ath: Add regulatory mapping for ETSI8_WORLD
    - ath: Add regulatory mapping for APL13_WORLD
    - ath: Add regulatory mapping for APL2_FCCA
    - ath: Add regulatory mapping for Uganda
    - ath: Add regulatory mapping for Tanzania
    - ath: Add regulatory mapping for Serbia
    - ath: Add regulatory mapping for Bermuda
    - ath: Add regulatory mapping for Bahamas
    - powerpc/32: Add a missing include header
    - powerpc/chrp/time: Make some functions static, add missing header include
    - powerpc/powermac: Add missing prototype for note_bootable_part()
    - powerpc/powermac: Mark variable x as unused
    - powerpc/8xx: fix invalid register expression in head_8xx.S
    - pinctrl: at91-pio4: add missing of_node_put
    - PCI: pciehp: Request control of native hotplug only if supported
    - mwifiex: correct histogram data with appropriate index
    - scsi: ufs: fix exception event handling
    - ALSA: emu10k1: Rate-limit error messages about page errors
    - regulator: pfuze100: add .is_enable() for pfuze100_swb_regulator_ops
    - md: fix NULL dereference of mddev->pers in remove_and_add_spares()
    - media: smiapp: fix timeout checking in smiapp_read_nvm
    - ALSA: usb-audio: Apply rate limit to warning messages in URB complete
      callback
    - HID: hid-plantronics: Re-resend Update to map button for PTT products
    - drm/radeon: fix mode_valid's return type
    - powerpc/embedded6xx/hlwd-pic: Prevent interrupts from being handled by
      Starlet
    - HID: i2c-hid: check if device is there before really probing
    - tty: Fix data race in tty_insert_flip_string_fixed_flag
    - dma-iommu: Fix compilation when !CONFIG_IOMMU_DMA
    - media: rcar_jpu: Add missing clk_disable_unprepare() on error in jpu_open()
    - libata: Fix command retry decision
    - media: saa7164: Fix driver name in debug output
    - mtd: rawnand: fsl_ifc: fix FSL NAND driver to read all ONFI parameter pages
    - brcmfmac: Add support for bcm43364 wireless chipset
    - s390/cpum_sf: Add data entry sizes to sampling trailer entry
    - perf: fix invalid bit in diagnostic entry
    - scsi: 3w-9xxx: fix a missing-check bug
    - scsi: 3w-xxxx: fix a missing-check bug
    - scsi: megaraid: silence a static checker bug
    - thermal: exynos: fix setting rising_threshold for Exynos5433
    - bpf: fix references to free_bpf_prog_info() in comments
    - media: siano: get rid of __le32/__le16 cast warnings
    - drm/atomic: Handling the case when setting old crtc for plane
    - ALSA: hda/ca0132: fix build failure when a local macro is defined
    - memory: tegra: Do not handle spurious interrupts
    - memory: tegra: Apply interrupts mask per SoC
    - drm/gma500: fix psb_intel_lvds_mode_valid()'s return type
    - ipconfig: Correctly initialise ic_nameservers
    - rsi: Fix 'invalid vdd' warning in mmc
    - audit: allow not equal op for audit by executable
    - microblaze: Fix simpleImage format generation
    - usb: hub: Don't wait for connect state at resume for powered-off ports
    - crypto: authencesn - don't leak pointers to authenc keys
    - crypto: authenc - don't leak pointers to authenc keys
    - media: omap3isp: fix unbalanced dma_iommu_mapping
    - scsi: scsi_dh: replace too broad "TP9" string with the exact models
    - scsi: megaraid_sas: Increase timeout by 1 sec for non-RAID fastpath IOs
    - media: si470x: fix __be16 annotations
    - drm: Add DP PSR2 sink enable bit
    - random: mix rdrand with entropy sent in from userspace
    - squashfs: be more careful about metadata corruption
    - ext4: fix inline data updates with checksums enabled
    - ext4: check for allocation block validity with block group locked
    - dmaengine: pxa_dma: remove duplicate const qualifier
    - ASoC: pxa: Fix module autoload for platform drivers
    - ipv4: remove BUG_ON() from fib_compute_spec_dst
    - net: fix amd-xgbe flow-control issue
    - net: lan78xx: fix rx handling before first packet is send
    - xen-netfront: wait xenbus state change when load module manually
    - NET: stmmac: align DMA stuff to largest cache line length
    - tcp: do not force quickack when receiving out-of-order packets
    - tcp: add max_quickacks param to tcp_incr_quickack and
      tcp_enter_quickack_mode
    - tcp: do not aggressively quick ack after ECN events
    - tcp: refactor tcp_ecn_check_ce to remove sk type cast
    - tcp: add one more quick ack after after ECN events
    - inet: frag: enforce memory limits earlier
    - net: dsa: Do not suspend/resume closed slave_dev
    - netlink: Fix spectre v1 gadget in netlink_create()
    - squashfs: more metadata hardening
    - squashfs: more metadata hardenings
    - can: ems_usb: Fix memory leak on ems_usb_disconnect()
    - net: socket: fix potential spectre v1 gadget in socketcall
    - virtio_balloon: fix another race between migration and ballooning
    - kvm: x86: vmx: fix vpid leak
    - crypto: padlock-aes - Fix Nano workaround data corruption
    - scsi: sg: fix minor memory leak in error path
    - Linux 4.4.146

* Xenial update to 4.4.145 stable release (LP: #1791942)
    - MIPS: ath79: fix register address in ath79_ddr_wb_flush()
    - ip: hash fragments consistently
    - net/mlx4_core: Save the qpn from the input modifier in RST2INIT wrapper
    - rtnetlink: add rtnl_link_state check in rtnl_configure_link
    - tcp: fix dctcp delayed ACK schedule
    - tcp: helpers to send special DCTCP ack
    - tcp: do not cancel delay-AcK on DCTCP special ACK
    - tcp: do not delay ACK in DCTCP upon CE status change
    - ip: in cmsg IP(V6)_ORIGDSTADDR call pskb_may_pull
    - usb: cdc_acm: Add quirk for Castles VEGA3000
    - usb: core: handle hub C_PORT_OVER_CURRENT condition
    - usb: gadget: f_fs: Only return delayed status when len is 0
    - driver core: Partially revert "driver core: correct device's shutdown order"
    - can: xilinx_can: fix RX loop if RXNEMP is asserted without RXOK
    - can: xilinx_can: fix recovery from error states not being propagated
    - can: xilinx_can: fix device dropping off bus on RX overrun
    - can: xilinx_can: keep only 1-2 frames in TX FIFO to fix TX accounting
    - can: xilinx_can: fix incorrect clear of non-processed interrupts
    - can: xilinx_can: fix RX overflow interrupt not being enabled
    - turn off -Wattribute-alias
    - ARM: fix put_user() for gcc-8
    - Linux 4.4.145

* kernel panic - null pointer dereference on ipset operations (LP: #1793753)
    - netfilter: ipset: fix race condition in ipset save, swap and delete
    - netfilter: ipset: Fix race between dump and swap

* Improvements to the kernel source package preparation (LP: #1793461)
    - [Packaging] startnewrelease: add support for backport kernels

* update ENA driver to latest mainline version (LP: #1792044)
    - net: ena: Remove redundant unlikely()
    - net: ena: reduce the severity of some printouts
    - net: ena: fix rare kernel crash when bar memory remap fails
    - net: ena: fix wrong max Tx/Rx queues on ethtool
    - net: ena: improve ENA driver boot time.
    - net: ena: remove legacy suspend suspend/resume support
    - net: ena: add power management ops to the ENA driver
    - net: ena: add statistics for missed tx packets
    - net: ena: add new admin define for future support of IPv6 RSS
    - net: ena: increase ena driver version to 1.3.0
    - net: ena: fix race condition between device reset and link up setup
    - net: ena: add detection and recovery mechanism for handling missed/misrouted
      MSI-X
    - net: ena: increase ena driver version to 1.5.0
    - net: ena: fix error handling in ena_down() sequence
    - net: ena: Eliminate duplicate barriers on weakly-ordered archs
    - SAUCE: ena: devm_kzalloc() -> devm_kcalloc()
    - net: ena: Fix use of uninitialized DMA address bits field
    - net: ena: fix surprise unplug NULL dereference kernel crash
    - net: ena: fix driver when PAGE_SIZE == 64kB
    - net: ena: fix device destruction to gracefully free resources
    - net: ena: fix potential double ena_destroy_device()
    - net: ena: fix missing lock during device destruction
    - net: ena: fix missing calls to READ_ONCE
    - net: ena: fix incorrect usage of memory barriers

-- Kleber Sacilotto de Souza <kleber.souza@canonical.com>  Tue, 02 Oct 2018 14:39:36 +0000

Changed in linux (Ubuntu Xenial):
status:	Fix Committed → Fix Released

Mathew Hodson (mhodson) on 2018-10-27

no longer affects:	linux-hwe-edge (Ubuntu Precise)
no longer affects:	linux-hwe-edge (Ubuntu Trusty)

Revision history for this message

Launchpad Janitor (janitor) wrote on 2021-05-03:

#10

This bug was fixed in the package linux - 3.2.0-150.197

---------------
linux (3.2.0-150.197) precise; urgency=medium

* precise/linux: 3.2.0-150.197 -proposed tracker (LP: #1919172)

  * CVE-2021-27365
    - scsi: iscsi: Verify lengths on passthrough PDUs
    - sysfs: Add sysfs_emit and sysfs_emit_at to format sysfs output
    - scsi: iscsi: Ensure sysfs attributes are limited to PAGE_SIZE

* CVE-2021-27363 // CVE-2021-27364
- scsi: iscsi: Restrict sessions and handles to admin capabilities

  * CVE-2021-27364
    - scsi: iscsi: respond to netlink with unicast when appropriate
    - Add file_ns_capable() helper function for open-time capability checking
    - net: Add variants of capable for use on on sockets
    - netlink: Make the sending netlink socket availabe in NETLINK_CB

-- Thadeu Lima de Souza Cascardo <email address hidden> Mon, 05 Apr 2021 14:23:29 -0300

Changed in linux (Ubuntu Precise):
status:	Fix Committed → Fix Released

Affects		Status	Importance	Assigned to
	linux (Ubuntu)	Fix Released	Undecided	Unassigned
Nominated for Disco by Marcelo Cerri
	Precise	Fix Released	Undecided	Unassigned
	Trusty	Fix Released	Undecided	Unassigned
	Xenial	Fix Released	Undecided	Unassigned
	Bionic	Fix Released	Undecided	Unassigned
	Cosmic	Fix Released	Undecided	Unassigned
	linux-hwe-edge (Ubuntu)	New	Undecided	Unassigned
Nominated for Disco by Marcelo Cerri
	Xenial	New	Undecided	Unassigned
	Bionic	Fix Committed	Undecided	Unassigned
	Cosmic	New	Undecided	Unassigned

Ubuntu
linux-hwe-edge package

Improvements to the kernel source package preparation

Bug Description

CVE References

Other bug subscribers

Remote bug watches

Ubuntulinux-hwe-edge package

Improvements to the kernel source package preparation

Bug Description

CVE References

Other bug subscribers

Remote bug watches

Ubuntu
linux-hwe-edge package