Bug #1818747 “Crash in nvme_irq_check() when using threaded inte...” : Cosmic (18.10) : Bugs : linux package : Ubuntu

dann frazier (dannf) on 2019-03-05

Changed in linux (Ubuntu Bionic):
status:	New → Fix Released
Changed in linux (Ubuntu Cosmic):
status:	New → In Progress
assignee:	nobody → dann frazier (dannf)

dann frazier (dannf) on 2019-03-05

Changed in linux (Ubuntu Disco):
status:	New → Fix Released
Changed in linux (Ubuntu Bionic):
status:	Fix Released → In Progress
status:	In Progress → Triaged
assignee:	nobody → dann frazier (dannf)

dann frazier (dannf) on 2019-03-05

Changed in linux (Ubuntu Bionic):
status:	Triaged → In Progress

Khaled El Mously (kmously) on 2019-03-12

Changed in linux (Ubuntu Bionic):
status:	In Progress → Fix Committed
Changed in linux (Ubuntu Cosmic):
status:	In Progress → Fix Committed

Revision history for this message

Brad Figg (brad-figg) wrote on 2019-03-15:

#1

This bug is awaiting verification that the kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-cosmic' to 'verification-done-cosmic'. If the problem still exists, change the tag 'verification-needed-cosmic' to 'verification-failed-cosmic'.

If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you!

tags:

added: verification-needed-cosmic

Revision history for this message

Brad Figg (brad-figg) wrote on 2019-03-15:

#2

This bug is awaiting verification that the kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-bionic' to 'verification-done-bionic'. If the problem still exists, change the tag 'verification-needed-bionic' to 'verification-failed-bionic'.

If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you!

tags:

added: verification-needed-bionic

dann frazier (dannf) on 2019-03-19

tags:

added: verification-done-bionic
removed: verification-needed-bionic

dann frazier (dannf) on 2019-03-19

tags:

added: verification-done-cosmic
removed: verification-needed-cosmic

Revision history for this message

Launchpad Janitor (janitor) wrote on 2019-04-02:

#3

Download full text (25.4 KiB)

This bug was fixed in the package linux - 4.15.0-47.50

---------------
linux (4.15.0-47.50) bionic; urgency=medium

* linux: 4.15.0-47.50 -proposed tracker (LP: #1819716)

  * Packaging resync (LP: #1786013)
    - [Packaging] resync getabis
    - [Packaging] update helper scripts
    - [Packaging] resync retpoline extraction

* C++ demangling support missing from perf (LP: #1396654)
- [Packaging] fix a mistype

* arm-smmu-v3 arm-smmu-v3.3.auto: CMD_SYNC timeout (LP: #1818162)
- iommu/arm-smmu-v3: Fix unexpected CMD_SYNC timeout

* Crash in nvme_irq_check() when using threaded interrupts (LP: #1818747)
- nvme-pci: fix out of bounds access in nvme_cqe_pending

* CVE-2019-9213
- mm: enforce min addr even if capable() in expand_downwards()

* CVE-2019-3460
- Bluetooth: Check L2CAP option sizes returned from l2cap_get_conf_opt

  * amdgpu with mst WARNING on blanking (LP: #1814308)
    - drm/amd/display: Don't use dc_link in link_encoder
    - drm/amd/display: Move wait for hpd ready out from edp power control.
    - drm/amd/display: eDP sequence BL off first then DP blank.
    - drm/amd/display: Fix unused variable compilation error
    - drm/amd/display: Fix warning about misaligned code
    - drm/amd/display: Fix MST dp_blank REG_WAIT timeout

* tun/tap: unable to manage carrier state from userland (LP: #1806392)
- tun: implement carrier change

* CVE-2019-8980
- exec: Fix mem leak in kernel_read_file

  * raw_skew in timer from the ubuntu_kernel_selftests failed on Bionic
    (LP: #1811194)
    - selftest: timers: Tweak raw_skew to SKIP when ADJ_OFFSET/other clock
      adjustments are in progress

* [Packaging] Allow overlay of config annotations (LP: #1752072)
- [Packaging] config-check: Add an include directive

  * CVE-2019-7308
    - bpf: move {prev_,}insn_idx into verifier env
    - bpf: move tmp variable into ax register in interpreter
    - bpf: enable access to ax register also from verifier rewrite
    - bpf: restrict map value pointer arithmetic for unprivileged
    - bpf: restrict stack pointer arithmetic for unprivileged
    - bpf: restrict unknown scalars of mixed signed bounds for unprivileged
    - bpf: fix check_map_access smin_value test when pointer contains offset
    - bpf: prevent out of bounds speculation on pointer arithmetic
    - bpf: fix sanitation of alu op with pointer / scalar type from different
      paths
    - bpf: add various test cases to selftests

  * CVE-2017-5753
    - bpf: properly enforce index mask to prevent out-of-bounds speculation
    - bpf: fix inner map masking to prevent oob under speculation

* BPF: kernel pointer leak to unprivileged userspace (LP: #1815259)
- bpf/verifier: disallow pointer subtraction

  * squashfs hardening (LP: #1816756)
    - squashfs: more metadata hardening
    - squashfs metadata 2: electric boogaloo
    - squashfs: more metadata hardening
    - Squashfs: Compute expected length from inode size rather than block length

* efi/arm/arm64: Allow SetVirtualAddressMap() to be omitted (LP: #1814982)
- efi/arm/arm64: Allow SetVirtualAddressMap() to be omitted

* Update ENA driver to version 2.0.3K (LP: #1816806)...

This bug was fixed in the package linux - 4.15.0-47.50

---------------
linux (4.15.0-47.50) bionic; urgency=medium

* linux: 4.15.0-47.50 -proposed tracker (LP: #1819716)

* Packaging resync (LP: #1786013)
    - [Packaging] resync getabis
    - [Packaging] update helper scripts
    - [Packaging] resync retpoline extraction

* C++ demangling support missing from perf (LP: #1396654)
    - [Packaging] fix a mistype

* arm-smmu-v3 arm-smmu-v3.3.auto: CMD_SYNC timeout (LP: #1818162)
    - iommu/arm-smmu-v3: Fix unexpected CMD_SYNC timeout

* Crash in nvme_irq_check() when using threaded interrupts (LP: #1818747)
    - nvme-pci: fix out of bounds access in nvme_cqe_pending

* CVE-2019-9213
    - mm: enforce min addr even if capable() in expand_downwards()

* CVE-2019-3460
    - Bluetooth: Check L2CAP option sizes returned from l2cap_get_conf_opt

* amdgpu with mst WARNING on blanking (LP: #1814308)
    - drm/amd/display: Don't use dc_link in link_encoder
    - drm/amd/display: Move wait for hpd ready out from edp power control.
    - drm/amd/display: eDP sequence BL off first then DP blank.
    - drm/amd/display: Fix unused variable compilation error
    - drm/amd/display: Fix warning about misaligned code
    - drm/amd/display: Fix MST dp_blank REG_WAIT timeout

* tun/tap: unable to manage carrier state from userland (LP: #1806392)
    - tun: implement carrier change

* CVE-2019-8980
    - exec: Fix mem leak in kernel_read_file

* raw_skew in timer from the ubuntu_kernel_selftests failed on Bionic
    (LP: #1811194)
    - selftest: timers: Tweak raw_skew to SKIP when ADJ_OFFSET/other clock
      adjustments are in progress

* [Packaging] Allow overlay of config annotations (LP: #1752072)
    - [Packaging] config-check: Add an include directive

* CVE-2019-7308
    - bpf: move {prev_,}insn_idx into verifier env
    - bpf: move tmp variable into ax register in interpreter
    - bpf: enable access to ax register also from verifier rewrite
    - bpf: restrict map value pointer arithmetic for unprivileged
    - bpf: restrict stack pointer arithmetic for unprivileged
    - bpf: restrict unknown scalars of mixed signed bounds for unprivileged
    - bpf: fix check_map_access smin_value test when pointer contains offset
    - bpf: prevent out of bounds speculation on pointer arithmetic
    - bpf: fix sanitation of alu op with pointer / scalar type from different
      paths
    - bpf: add various test cases to selftests

* CVE-2017-5753
    - bpf: properly enforce index mask to prevent out-of-bounds speculation
    - bpf: fix inner map masking to prevent oob under speculation

* BPF: kernel pointer leak to unprivileged userspace (LP: #1815259)
    - bpf/verifier: disallow pointer subtraction

* squashfs hardening (LP: #1816756)
    - squashfs: more metadata hardening
    - squashfs metadata 2: electric boogaloo
    - squashfs: more metadata hardening
    - Squashfs: Compute expected length from inode size rather than block length

* efi/arm/arm64: Allow SetVirtualAddressMap() to be omitted (LP: #1814982)
    - efi/arm/arm64: Allow SetVirtualAddressMap() to be omitted

* Update ENA driver to version 2.0.3K (LP: #1816806)
    - net: ena: update driver version from 2.0.2 to 2.0.3
    - net: ena: fix race between link up and device initalization
    - net: ena: fix crash during failed resume from hibernation

* ipset kernel error: 4.15.0-43-generic (LP: #1811394)
    - netfilter: ipset: Fix wraparound in hash:*net* types

* Silent "Unknown key" message when pressing keyboard backlight hotkey
    (LP: #1817063)
    - platform/x86: dell-wmi: Ignore new keyboard backlight change event

* CVE-2018-18021
    - arm64: KVM: Tighten guest core register access from userspace
    - KVM: arm/arm64: Introduce vcpu_el1_is_32bit
    - arm64: KVM: Sanitize PSTATE.M when being set from userspace

* CVE-2018-14678
    - x86/entry/64: Remove %ebx handling from error_entry/exit

* CVE-2018-19824
    - ALSA: usb-audio: Fix UAF decrement if card has no live interfaces in card.c

* CVE-2019-3459
    - Bluetooth: Verify that l2cap_get_conf_opt provides large enough buffer

* Bionic update: upstream stable patchset 2019-02-08 (LP: #1815234)
    - fork: unconditionally clear stack on fork
    - spi: spi-s3c64xx: Fix system resume support
    - Input: elan_i2c - add ACPI ID for lenovo ideapad 330
    - Input: i8042 - add Lenovo LaVie Z to the i8042 reset list
    - Input: elan_i2c - add another ACPI ID for Lenovo Ideapad 330-15AST
    - kvm, mm: account shadow page tables to kmemcg
    - delayacct: fix crash in delayacct_blkio_end() after delayacct init failure
    - tracing: Fix double free of event_trigger_data
    - tracing: Fix possible double free in event_enable_trigger_func()
    - kthread, tracing: Don't expose half-written comm when creating kthreads
    - tracing/kprobes: Fix trace_probe flags on enable_trace_kprobe() failure
    - tracing: Quiet gcc warning about maybe unused link variable
    - arm64: fix vmemmap BUILD_BUG_ON() triggering on !vmemmap setups
    - mlxsw: spectrum_switchdev: Fix port_vlan refcounting
    - kcov: ensure irq code sees a valid area
    - xen/netfront: raise max number of slots in xennet_get_responses()
    - skip LAYOUTRETURN if layout is invalid
    - ALSA: emu10k1: add error handling for snd_ctl_add
    - ALSA: fm801: add error handling for snd_ctl_add
    - NFSv4.1: Fix the client behaviour on NFS4ERR_SEQ_FALSE_RETRY
    - nfsd: fix potential use-after-free in nfsd4_decode_getdeviceinfo
    - vfio: platform: Fix reset module leak in error path
    - vfio/mdev: Check globally for duplicate devices
    - vfio/type1: Fix task tracking for QEMU vCPU hotplug
    - kernel/hung_task.c: show all hung tasks before panic
    - mm: /proc/pid/pagemap: hide swap entries from unprivileged users
    - mm: vmalloc: avoid racy handling of debugobjects in vunmap
    - mm/slub.c: add __printf verification to slab_err()
    - rtc: ensure rtc_set_alarm fails when alarms are not supported
    - perf tools: Fix pmu events parsing rule
    - netfilter: ipset: forbid family for hash:mac sets
    - netfilter: ipset: List timing out entries with "timeout 1" instead of zero
    - irqchip/ls-scfg-msi: Map MSIs in the iommu
    - watchdog: da9063: Fix updating timeout value
    - printk: drop in_nmi check from printk_safe_flush_on_panic()
    - bpf, arm32: fix inconsistent naming about emit_a32_lsr_{r64,i64}
    - ceph: fix alignment of rasize
    - e1000e: Ignore TSYNCRXCTL when getting I219 clock attributes
    - powerpc/lib: Adjust .balign inside string functions for PPC32
    - powerpc/64s: Add barrier_nospec
    - powerpc/eeh: Fix use-after-release of EEH driver
    - hvc_opal: don't set tb_ticks_per_usec in udbg_init_opal_common()
    - powerpc/64s: Fix compiler store ordering to SLB shadow area
    - RDMA/mad: Convert BUG_ONs to error flows
    - lightnvm: pblk: warn in case of corrupted write buffer
    - netfilter: nf_tables: check msg_type before nft_trans_set(trans)
    - pnfs: Don't release the sequence slot until we've processed layoutget on
      open
    - disable loading f2fs module on PAGE_SIZE > 4KB
    - f2fs: fix error path of move_data_page
    - f2fs: fix to don't trigger writeback during recovery
    - f2fs: fix to wait page writeback during revoking atomic write
    - f2fs: Fix deadlock in shutdown ioctl
    - f2fs: fix to detect failure of dquot_initialize
    - f2fs: fix race in between GC and atomic open
    - block, bfq: remove wrong lock in bfq_requests_merged
    - usbip: usbip_detach: Fix memory, udev context and udev leak
    - usbip: dynamically allocate idev by nports found in sysfs
    - perf/x86/intel/uncore: Correct fixed counter index check in generic code
    - perf/x86/intel/uncore: Correct fixed counter index check for NHM
    - selftests/intel_pstate: Improve test, minor fixes
    - selftests: memfd: return Kselftest Skip code for skipped tests
    - selftests: intel_pstate: return Kselftest Skip code for skipped tests
    - PCI: Fix devm_pci_alloc_host_bridge() memory leak
    - iwlwifi: pcie: fix race in Rx buffer allocator
    - Bluetooth: hci_qca: Fix "Sleep inside atomic section" warning
    - Bluetooth: btusb: Add a new Realtek 8723DE ID 2ff8:b011
    - ASoC: dpcm: fix BE dai not hw_free and shutdown
    - mfd: cros_ec: Fail early if we cannot identify the EC
    - mwifiex: handle race during mwifiex_usb_disconnect
    - wlcore: sdio: check for valid platform device data before suspend
    - media: tw686x: Fix incorrect vb2_mem_ops GFP flags
    - media: videobuf2-core: don't call memop 'finish' when queueing
    - Btrfs: don't return ino to ino cache if inode item removal fails
    - Btrfs: don't BUG_ON() in btrfs_truncate_inode_items()
    - btrfs: add barriers to btrfs_sync_log before log_commit_wait wakeups
    - btrfs: qgroup: Finish rescan when hit the last leaf of extent tree
    - x86/microcode: Make the late update update_lock a raw lock for RT
    - PM / wakeup: Make s2idle_lock a RAW_SPINLOCK
    - PCI: Prevent sysfs disable of device while driver is attached
    - nvme-rdma: stop admin queue before freeing it
    - nvme-pci: Fix AER reset handling
    - ath: Add regulatory mapping for FCC3_ETSIC
    - ath: Add regulatory mapping for ETSI8_WORLD
    - ath: Add regulatory mapping for APL13_WORLD
    - ath: Add regulatory mapping for APL2_FCCA
    - ath: Add regulatory mapping for Uganda
    - ath: Add regulatory mapping for Tanzania
    - ath: Add regulatory mapping for Serbia
    - ath: Add regulatory mapping for Bermuda
    - ath: Add regulatory mapping for Bahamas
    - powerpc/32: Add a missing include header
    - powerpc/chrp/time: Make some functions static, add missing header include
    - powerpc/powermac: Add missing prototype for note_bootable_part()
    - powerpc/powermac: Mark variable x as unused
    - powerpc: Add __printf verification to prom_printf
    - spi: sh-msiof: Fix setting SIRMDR1.SYNCAC to match SITMDR1.SYNCAC
    - powerpc/8xx: fix invalid register expression in head_8xx.S
    - pinctrl: at91-pio4: add missing of_node_put
    - bpf: powerpc64: pad function address loads with NOPs
    - PCI: pciehp: Request control of native hotplug only if supported
    - net: dsa: qca8k: Add support for QCA8334 switch
    - mwifiex: correct histogram data with appropriate index
    - ima: based on policy verify firmware signatures (pre-allocated buffer)
    - drivers/perf: arm-ccn: don't log to dmesg in event_init
    - spi: Add missing pm_runtime_put_noidle() after failed get
    - fscrypt: use unbound workqueue for decryption
    - scsi: ufs: ufshcd: fix possible unclocked register access
    - scsi: ufs: fix exception event handling
    - scsi: zfcp: assert that the ERP lock is held when tracing a recovery trigger
    - drm/nouveau/fifo/gk104-: poll for runlist update completion
    - Bluetooth: btusb: add ID for LiteOn 04ca:301a
    - rtc: tps6586x: fix possible race condition
    - rtc: vr41xx: fix possible race condition
    - rtc: tps65910: fix possible race condition
    - ALSA: emu10k1: Rate-limit error messages about page errors
    - regulator: pfuze100: add .is_enable() for pfuze100_swb_regulator_ops
    - md/raid1: add error handling of read error from FailFast device
    - md: fix NULL dereference of mddev->pers in remove_and_add_spares()
    - ixgbevf: fix MAC address changes through ixgbevf_set_mac()
    - media: smiapp: fix timeout checking in smiapp_read_nvm
    - net: ethernet: ti: cpsw-phy-sel: check bus_find_device() ret value
    - ALSA: usb-audio: Apply rate limit to warning messages in URB complete
      callback
    - media: atomisp: ov2680: don't declare unused vars
    - arm64: cmpwait: Clear event register before arming exclusive monitor
    - HID: hid-plantronics: Re-resend Update to map button for PTT products
    - arm64: dts: renesas: salvator-common: use audio-graph-card for Sound
    - drm/radeon: fix mode_valid's return type
    - drm/amdgpu: Remove VRAM from shared bo domains.
    - powerpc/embedded6xx/hlwd-pic: Prevent interrupts from being handled by
      Starlet
    - HID: i2c-hid: check if device is there before really probing
    - EDAC, altera: Fix ARM64 build warning
    - ARM: dts: stih407-pinctrl: Fix complain about IRQ_TYPE_NONE usage
    - ARM: dts: emev2: Add missing interrupt-affinity to PMU node
    - ARM: dts: sh73a0: Add missing interrupt-affinity to PMU node
    - nvmem: properly handle returned value nvmem_reg_read
    - i40e: free the skb after clearing the bitlock
    - tty: Fix data race in tty_insert_flip_string_fixed_flag
    - dma-iommu: Fix compilation when !CONFIG_IOMMU_DMA
    - net: phy: phylink: Release link GPIO
    - media: rcar_jpu: Add missing clk_disable_unprepare() on error in jpu_open()
    - libata: Fix command retry decision
    - ACPI / LPSS: Only call pwm_add_table() for Bay Trail PWM if PMIC HRV is 2
    - media: media-device: fix ioctl function types
    - media: saa7164: Fix driver name in debug output
    - mtd: rawnand: fsl_ifc: fix FSL NAND driver to read all ONFI parameter pages
    - brcmfmac: Add support for bcm43364 wireless chipset
    - s390/cpum_sf: Add data entry sizes to sampling trailer entry
    - perf: fix invalid bit in diagnostic entry
    - bnxt_en: Check unsupported speeds in bnxt_update_link() on PF only.
    - scsi: 3w-9xxx: fix a missing-check bug
    - scsi: 3w-xxxx: fix a missing-check bug
    - scsi: megaraid: silence a static checker bug
    - scsi: qedf: Set the UNLOADING flag when removing a vport
    - staging: lustre: o2iblnd: fix race at kiblnd_connect_peer
    - staging: lustre: o2iblnd: Fix FastReg map/unmap for MLX5
    - thermal: exynos: fix setting rising_threshold for Exynos5433
    - bpf: fix references to free_bpf_prog_info() in comments
    - f2fs: avoid fsync() failure caused by EAGAIN in writepage()
    - media: siano: get rid of __le32/__le16 cast warnings
    - drm/atomic: Handling the case when setting old crtc for plane
    - ALSA: hda/ca0132: fix build failure when a local macro is defined
    - mmc: dw_mmc: update actual clock for mmc debugfs
    - mmc: pwrseq: Use kmalloc_array instead of stack VLA
    - dt-bindings: pinctrl: meson: add support for the Meson8m2 SoC
    - spi: meson-spicc: Fix error handling in meson_spicc_probe()
    - dt-bindings: net: meson-dwmac: new compatible name for AXG SoC
    - backlight: pwm_bl: Don't use GPIOF_* with gpiod_get_direction
    - stop_machine: Use raw spinlocks
    - delayacct: Use raw_spinlocks
    - memory: tegra: Do not handle spurious interrupts
    - memory: tegra: Apply interrupts mask per SoC
    - nvme: lightnvm: add granby support
    - arm64: defconfig: Enable Rockchip io-domain driver
    - igb: Fix queue selection on MAC filters on i210
    - drm/gma500: fix psb_intel_lvds_mode_valid()'s return type
    - ipconfig: Correctly initialise ic_nameservers
    - rsi: Fix 'invalid vdd' warning in mmc
    - rsi: fix nommu_map_sg overflow kernel panic
    - audit: allow not equal op for audit by executable
    - staging: vchiq_core: Fix missing semaphore release in error case
    - staging: lustre: llite: correct removexattr detection
    - staging: lustre: ldlm: free resource when ldlm_lock_create() fails.
    - serial: core: Make sure compiler barfs for 16-byte earlycon names
    - soc: imx: gpcv2: Do not pass static memory as platform data
    - microblaze: Fix simpleImage format generation
    - usb: hub: Don't wait for connect state at resume for powered-off ports
    - crypto: authencesn - don't leak pointers to authenc keys
    - crypto: authenc - don't leak pointers to authenc keys
    - media: omap3isp: fix unbalanced dma_iommu_mapping
    - regulator: Don't return or expect -errno from of_map_mode()
    - scsi: scsi_dh: replace too broad "TP9" string with the exact models
    - scsi: megaraid_sas: Increase timeout by 1 sec for non-RAID fastpath IOs
    - media: atomisp: compat32: fix __user annotations
    - media: si470x: fix __be16 annotations
    - ASoC: topology: Fix bclk and fsync inversion in set_link_hw_format()
    - ASoC: topology: Add missing clock gating parameter when parsing hw_configs
    - drm: Add DP PSR2 sink enable bit
    - drm/atomic-helper: Drop plane->fb references only for
      drm_atomic_helper_shutdown()
    - drm/dp/mst: Fix off-by-one typo when dump payload table
    - block: reset bi_iter.bi_done after splitting bio
    - random: mix rdrand with entropy sent in from userspace
    - squashfs: be more careful about metadata corruption
    - ext4: fix inline data updates with checksums enabled
    - ext4: fix check to prevent initializing reserved inodes
    - PCI: xgene: Remove leftover pci_scan_child_bus() call
    - RDMA/uverbs: Protect from attempts to create flows on unsupported QP
    - net: dsa: qca8k: Force CPU port to its highest bandwidth
    - net: dsa: qca8k: Enable RXMAC when bringing up a port
    - net: dsa: qca8k: Add QCA8334 binding documentation
    - net: dsa: qca8k: Allow overwriting CPU port setting
    - ipv4: remove BUG_ON() from fib_compute_spec_dst
    - net: fix amd-xgbe flow-control issue
    - net: lan78xx: fix rx handling before first packet is send
    - net: mdio-mux: bcm-iproc: fix wrong getter and setter pair
    - NET: stmmac: align DMA stuff to largest cache line length
    - tcp_bbr: fix bw probing to raise in-flight data for very small BDPs
    - xen-netfront: wait xenbus state change when load module manually
    - netlink: Do not subscribe to non-existent groups
    - netlink: Don't shift with UB on nlk->ngroups
    - tcp: do not force quickack when receiving out-of-order packets
    - tcp: add max_quickacks param to tcp_incr_quickack and
      tcp_enter_quickack_mode
    - tcp: do not aggressively quick ack after ECN events
    - tcp: refactor tcp_ecn_check_ce to remove sk type cast
    - tcp: add one more quick ack after after ECN events
    - mm: disallow mappings that conflict for devm_memremap_pages()
    - drm/i915/glk: Add Quirk for GLK NUC HDMI port issues.
    - mm: check for SIGKILL inside dup_mmap() loop
    - rxrpc: Fix terminal retransmission connection ID to include the channel
    - ceph: fix use-after-free in ceph_statfs()
    - lightnvm: proper error handling for pblk_bio_add_pages
    - f2fs: don't drop dentry pages after fs shutdown
    - selftests: filesystems: return Kselftest Skip code for skipped tests
    - selftests/filesystems: devpts_pts included wrong header
    - iwlwifi: mvm: open BA session only when sta is authorized
    - drm/amd/display: Do not program interrupt status on disabled crtc
    - soc: qcom: smem: fix qcom_smem_set_global_partition()
    - soc: qcom: smem: byte swap values properly
    - pinctrl: msm: fix gpio-hog related boot issues
    - net: mvpp2: Add missing VLAN tag detection
    - drm/nouveau: remove fence wait code from deferred client work handler
    - drm/nouveau/gem: lookup VMAs for buffers referenced by pushbuf ioctl
    - clocksource: Move inline keyword to the beginning of function declarations
    - media: staging: atomisp: Comment out several unused sensor resolutions
    - IB: Fix RDMA_RXE and INFINIBAND_RDMAVT dependencies for DMA_VIRT_OPS
    - rsi: Add null check for virtual interfaces in wowlan config
    - ARM: dts: stih410: Fix complain about IRQ_TYPE_NONE usage
    - ARM: dts: imx53: Fix LDB OF graph warning
    - soc/tegra: pmc: Don't allocate struct tegra_powergate on stack
    - mlxsw: spectrum_router: Return an error for non-default FIB rules
    - i40e: Add advertising 10G LR mode
    - i40e: avoid overflow in i40e_ptp_adjfreq()
    - ath10k: fix kernel panic while reading tpc_stats
    - ASoC: fsl_ssi: Use u32 variable type when using regmap_read()
    - platform/x86: dell-smbios: Match on www.dell.com in OEM strings too
    - staging: ks7010: fix error handling in ks7010_upload_firmware
    - media: rc: mce_kbd decoder: low timeout values cause double keydowns
    - ath10k: search all IEs for variant before falling back
    - PCI/ASPM: Disable ASPM L1.2 Substate if we don't have LTR
    - ARM: dts: imx6qdl-wandboard: Let the codec control MCLK pinctrl
    - drm/amdgpu: Avoid reclaim while holding locks taken in MMU notifier
    - nvmet-fc: fix target sgl list on large transfers
    - i2c: rcar: handle RXDMA HW behaviour on Gen3
    - gpio: uniphier: set legitimate irq trigger type in .to_irq hook
    - tcp: ack immediately when a cwr packet arrives
    - ACPICA: AML Parser: ignore control method status in module-level code

* Bionic update: upstream stable patchset 2019-02-05 (LP: #1814813)
    - MIPS: ath79: fix register address in ath79_ddr_wb_flush()
    - MIPS: Fix off-by-one in pci_resource_to_user()
    - xen/PVH: Set up GS segment for stack canary
    - drm/nouveau/drm/nouveau: Fix runtime PM leak in nv50_disp_atomic_commit()
    - drm/nouveau: Set DRIVER_ATOMIC cap earlier to fix debugfs
    - bonding: set default miimon value for non-arp modes if not set
    - ip: hash fragments consistently
    - ip: in cmsg IP(V6)_ORIGDSTADDR call pskb_may_pull
    - net/mlx4_core: Save the qpn from the input modifier in RST2INIT wrapper
    - net: skb_segment() should not return NULL
    - net/mlx5: Adjust clock overflow work period
    - net/mlx5e: Don't allow aRFS for encapsulated packets
    - net/mlx5e: Fix quota counting in aRFS expire flow
    - net/ipv6: Fix linklocal to global address with VRF
    - multicast: do not restore deleted record source filter mode to new one
    - net: phy: consider PHY_IGNORE_INTERRUPT in phy_start_aneg_priv
    - sock: fix sg page frag coalescing in sk_alloc_sg
    - rtnetlink: add rtnl_link_state check in rtnl_configure_link
    - vxlan: add new fdb alloc and create helpers
    - vxlan: make netlink notify in vxlan_fdb_destroy optional
    - vxlan: fix default fdb entry netlink notify ordering during netdev create
    - tcp: fix dctcp delayed ACK schedule
    - tcp: helpers to send special DCTCP ack
    - tcp: do not cancel delay-AcK on DCTCP special ACK
    - tcp: do not delay ACK in DCTCP upon CE status change
    - staging: speakup: fix wraparound in uaccess length check
    - usb: cdc_acm: Add quirk for Castles VEGA3000
    - usb: core: handle hub C_PORT_OVER_CURRENT condition
    - usb: dwc2: Fix DMA alignment to start at allocated boundary
    - usb: gadget: f_fs: Only return delayed status when len is 0
    - driver core: Partially revert "driver core: correct device's shutdown order"
    - can: xilinx_can: fix RX loop if RXNEMP is asserted without RXOK
    - can: xilinx_can: fix power management handling
    - can: xilinx_can: fix recovery from error states not being propagated
    - can: xilinx_can: fix device dropping off bus on RX overrun
    - can: xilinx_can: keep only 1-2 frames in TX FIFO to fix TX accounting
    - can: xilinx_can: fix incorrect clear of non-processed interrupts
    - can: xilinx_can: fix RX overflow interrupt not being enabled
    - can: peak_canfd: fix firmware < v3.3.0: limit allocation to 32-bit DMA addr
      only
    - can: m_can.c: fix setup of CCCR register: clear CCCR NISO bit before
      checking can.ctrlmode
    - turn off -Wattribute-alias
    - net-next/hinic: fix a problem in hinic_xmit_frame()
    - net/mlx5e: Refine ets validation function
    - nfp: flower: ensure dead neighbour entries are not offloaded
    - usb: gadget: Fix OS descriptors support
    - ACPICA: AML Parser: ignore dispatcher error status during table load

* installer does not support iSCSI iBFT (LP: #1817321)
    - d-i: add iscsi_ibft to scsi-modules

* CVE-2019-7222
    - KVM: x86: work around leak of uninitialized stack contents (CVE-2019-7222)

* CVE-2019-7221
    - KVM: nVMX: unconditionally cancel preemption timer in free_nested
      (CVE-2019-7221)

* CVE-2019-6974
    - kvm: fix kvm_ioctl_create_device() reference counting (CVE-2019-6974)

* Regular D-state processes impacting LXD containers (LP: #1817628)
    - mm: do not stall register_shrinker()

* hns3 nic speed may not match optical port speed (LP: #1817969)
    - net: hns3: Config NIC port speed same as that of optical module

* [Hyper-V] srcu: Lock srcu_data structure in srcu_gp_start() (LP: #1802021)
    - srcu: Prohibit call_srcu() use under raw spinlocks
    - srcu: Lock srcu_data structure in srcu_gp_start()

* libsas disks can have non-unique by-path names (LP: #1817784)
    - scsi: libsas: Fix rphy phy_identifier for PHYs with end devices attached

* Bluetooth not working (Intel CyclonePeak) (LP: #1817518)
    - Bluetooth: btusb: Add support for Intel bluetooth device 8087:0029

* CVE-2019-8912
    - net: crypto set sk to NULL when af_alg_release.
    - net: socket: set sock->sk to NULL after calling proto_ops::release()

* Trackpad is not recognized. (LP: #1817200)
    - pinctrl: cannonlake: Fix gpio base for GPP-E

* [ALSA] [PATCH] System76 darp5 and oryp5 fixups (LP: #1815831)
    - ALSA: hda/realtek - Headset microphone support for System76 darp5
    - ALSA: hda/realtek - Headset microphone and internal speaker support for
      System76 oryp5

* Constant noise in the headphone on Lenovo X1 machines (LP: #1817263)
    - ALSA: hda/realtek: Disable PC beep in passthrough on alc285

* AC adapter status not detected on Asus ZenBook UX410UAK (LP: #1745032)
    - Revert "ACPI / battery: Add quirk for Asus GL502VSK and UX305LA"
    - ACPI / AC: Remove initializer for unused ident dmi_system_id
    - ACPI / battery: Remove initializer for unused ident dmi_system_id
    - ACPI / battery: Add handling for devices which wrongly report discharging
      state
    - ACPI / battery: Ignore AC state in handle_discharging on systems where it is
      broken

* TPM intermittently fails after cold-boot (LP: #1762672)
    - tpm: fix intermittent failure with self tests

* qlcnic: Firmware aborts/hangs in QLogic NIC (LP: #1815033)
    - qlcnic: fix Tx descriptor corruption on 82xx devices

-- Khalid Elmously <khalid.elmously@canonical.com>  Wed, 13 Mar 2019 04:37:49 +0000

Changed in linux (Ubuntu Bionic):
status:	Fix Committed → Fix Released

Revision history for this message

Launchpad Janitor (janitor) wrote on 2019-04-02:

#4

Download full text (5.0 KiB)

This bug was fixed in the package linux - 4.18.0-17.18

---------------
linux (4.18.0-17.18) cosmic; urgency=medium

* linux: 4.18.0-17.18 -proposed tracker (LP: #1819624)

  * Packaging resync (LP: #1786013)
    - [Packaging] resync getabis
    - [Packaging] update helper scripts

* C++ demangling support missing from perf (LP: #1396654)
- [Packaging] fix a mistype

* arm-smmu-v3 arm-smmu-v3.3.auto: CMD_SYNC timeout (LP: #1818162)
- iommu/arm-smmu-v3: Fix unexpected CMD_SYNC timeout

* Crash in nvme_irq_check() when using threaded interrupts (LP: #1818747)
- nvme-pci: fix out of bounds access in nvme_cqe_pending

* CVE-2019-9003
- ipmi: fix use-after-free of user->release_barrier.rda

* CVE-2019-9162
- netfilter: nf_nat_snmp_basic: add missing length checks in ASN.1 cbs

* CVE-2019-9213
- mm: enforce min addr even if capable() in expand_downwards()

* CVE-2019-3460
- Bluetooth: Check L2CAP option sizes returned from l2cap_get_conf_opt

* tun/tap: unable to manage carrier state from userland (LP: #1806392)
- tun: implement carrier change

* CVE-2019-8980
- exec: Fix mem leak in kernel_read_file

* [Packaging] Allow overlay of config annotations (LP: #1752072)
- [Packaging] config-check: Add an include directive

* amdgpu with mst WARNING on blanking (LP: #1814308)
- drm/amd/display: Fix MST dp_blank REG_WAIT timeout

  * CVE-2019-7308
    - bpf: move {prev_,}insn_idx into verifier env
    - bpf: move tmp variable into ax register in interpreter
    - bpf: enable access to ax register also from verifier rewrite
    - bpf: restrict map value pointer arithmetic for unprivileged
    - bpf: restrict stack pointer arithmetic for unprivileged
    - bpf: restrict unknown scalars of mixed signed bounds for unprivileged
    - bpf: fix check_map_access smin_value test when pointer contains offset
    - bpf: prevent out of bounds speculation on pointer arithmetic
    - bpf: fix sanitation of alu op with pointer / scalar type from different
      paths
    - bpf: add various test cases to test_verifier
    - bpf: add various test cases to selftests

* CVE-2017-5753
- bpf: fix inner map masking to prevent oob under speculation

  * Use memblock quirk instead of delayed allocation for GICv3 LPI tables
    (LP: #1816425)
    - efi/arm: Revert "Defer persistent reservations until after paging_init()"
    - arm64, mm, efi: Account for GICv3 LPI tables in static memblock reserve
      table

* efi/arm/arm64: Allow SetVirtualAddressMap() to be omitted (LP: #1814982)
- efi/arm/arm64: Allow SetVirtualAddressMap() to be omitted

  * Update ENA driver to version 2.0.3K (LP: #1816806)
    - net: ena: update driver version from 2.0.2 to 2.0.3
    - net: ena: fix race between link up and device initalization
    - net: ena: fix crash during failed resume from hibernation

  * Silent "Unknown key" message when pressing keyboard backlight hotkey
    (LP: #1817063)
    - platform/x86: dell-wmi: Ignore new keyboard backlight change event

* CVE-2018-19824
- ALSA: usb-audio: Fix UAF decrement if card has no live interfaces in card.c

* CVE-2019-3459
- Bluetooth: Verify that l2cap_get...

	Status	Importance	Assigned to
linux (Ubuntu)	Fix Released	Undecided	Unassigned
Bionic	Fix Released	Undecided	dann frazier
Cosmic	Fix Released	Undecided	dann frazier
Disco	Fix Released	Undecided	Unassigned

Ubuntu
linux package

Crash in nvme_irq_check() when using threaded interrupts

Bug Description

CVE References

Other bug subscribers

Remote bug watches

Ubuntulinux package

Crash in nvme_irq_check() when using threaded interrupts

Bug Description

CVE References

Other bug subscribers

Remote bug watches

Ubuntu
linux package