This bug was fixed in the package linux-azure - 4.15.0-1025.26~16.04.1
---------------
linux-azure (4.15.0-1025.26~16.04.1) xenial; urgency=medium
[ Ubuntu: 4.15.0-36.39 ]
* CVE-2018-14633
- iscsi target: Use hex2bin instead of a re-implementation
* CVE-2018-17182
- mm: get rid of vmacache_flush_all() entirely
linux-azure (4.15.0-1024.25) bionic; urgency=medium
* linux-azure: 4.15.0-1024.25 -proposed tracker (LP: #1791726)
* [Regression] kernel crashdump fails on arm64 (LP: #1786878)
- [config] update configs after rebase
* azure 4.15 kernel: reading sysfs file causing oops (LP: #1789638)
- SAUCE: vmbus: don't return values for uninitalized channels
[ Ubuntu: 4.15.0-35.38 ]
* linux: 4.15.0-35.38 -proposed tracker (LP: #1791719)
* device hotplug of vfio devices can lead to deadlock in vfio_pci_release
(LP: #1792099)
- SAUCE: vfio -- release device lock before userspace requests
* L1TF mitigation not effective in some CPU and RAM combinations
(LP: #1788563)
- x86/speculation/l1tf: Fix overflow in l1tf_pfn_limit() on 32bit
- x86/speculation/l1tf: Fix off-by-one error when warning that system has
too
much RAM
- x86/speculation/l1tf: Increase l1tf memory limit for Nehalem+
* CVE-2018-15594
- x86/paravirt: Fix spectre-v2 mitigations for paravirt guests
* CVE-2017-5715 (Spectre v2 s390x)
- KVM: s390: implement CPU model only facilities
- s390: detect etoken facility
- KVM: s390: add etoken support for guests
- s390/lib: use expoline for all bcr instructions
- s390: fix br_r1_trampoline for machines without exrl
- SAUCE: s390: use expoline thunks for all branches generated by the BPF JIT
* Ubuntu18.04.1: cpuidle: powernv: Fix promotion from snooze if next state
disabled (performance) (LP: #1790602)
- cpuidle: powernv: Fix promotion from snooze if next state disabled
* Watchdog CPU:19 Hard LOCKUP when kernel crash was triggered (LP: #1790636)
- powerpc: hard disable irqs in smp_send_stop loop
- powerpc: Fix deadlock with multiple calls to smp_send_stop
- powerpc: smp_send_stop do not offline stopped CPUs
- powerpc/powernv: Fix opal_event_shutdown() called with interrupts disabled
* Security fix: check if IOMMU page is contained in the pinned physical page
(LP: #1785675)
- vfio/spapr: Use IOMMU pageshift rather than pagesize
- KVM: PPC: Check if IOMMU page is contained in the pinned physical page
* Missing Intel GPU pci-id's (LP: #1789924)
- drm/i915/kbl: Add KBL GT2 sku
- drm/i915/whl: Introducing Whiskey Lake platform
- drm/i915/aml: Introducing Amber Lake platform
- drm/i915/cfl: Add a new CFL PCI ID.
* CVE-2018-15572
- x86/speculation: Protect against userspace-userspace spectreRSB
* Support Power Management for Thunderbolt Controller (LP: #1789358)
- thunderbolt: Handle NULL boot ACL entries properly
- thunderbolt: Notify userspace when boot_acl is changed
- thunderbolt: Use 64-bit DMA mask if supported by the platform
- thunderbolt: Do not unnecessarily call ICM get route
- thunderbolt: No need to take tb->lock in domain suspend/complete
- thunderbolt: Use correct ICM commands in system suspend
- thunderbolt: Add support for runtime PM
* random oopses on s390 systems using NVMe devices (LP: #1790480)
- s390/pci: fix out of bounds access during irq setup
* [Bionic] Spectre v4 mitigation (Speculative Store Bypass Disable) support
for arm64 using SMC firmware call to set a hardware chicken bit
(LP: #1787993) // CVE-2018-3639 (arm64)
- arm64: alternatives: Add dynamic patching feature
- KVM: arm/arm64: Do not use kern_hyp_va() with kvm_vgic_global_state
- KVM: arm64: Avoid storing the vcpu pointer on the stack
- arm/arm64: smccc: Add SMCCC-specific return codes
- arm64: Call ARCH_WORKAROUND_2 on transitions between EL0 and EL1
- arm64: Add per-cpu infrastructure to call ARCH_WORKAROUND_2
- arm64: Add ARCH_WORKAROUND_2 probing
- arm64: Add 'ssbd' command-line option
- arm64: ssbd: Add global mitigation state accessor
- arm64: ssbd: Skip apply_ssbd if not using dynamic mitigation
- arm64: ssbd: Restore mitigation status on CPU resume
- arm64: ssbd: Introduce thread flag to control userspace mitigation
- arm64: ssbd: Add prctl interface for per-thread mitigation
- arm64: KVM: Add HYP per-cpu accessors
- arm64: KVM: Add ARCH_WORKAROUND_2 support for guests
- arm64: KVM: Handle guest's ARCH_WORKAROUND_2 requests
- arm64: KVM: Add ARCH_WORKAROUND_2 discovery through ARCH_FEATURES_FUNC_ID
- [Config] ARM64_SSBD=y
* Reconcile hns3 SAUCE patches with upstream (LP: #1787477)
- Revert "UBUNTU: SAUCE: net: hns3: Optimize PF CMDQ interrupt switching
process"
- Revert "UBUNTU: SAUCE: net: hns3: Fix for VF mailbox receiving unknown
message"
- Revert "UBUNTU: SAUCE: net: hns3: Fix for VF mailbox cannot receiving PF
response"
- Revert "UBUNTU: SAUCE: {topost} net: hns3: fix comments for
hclge_get_ring_chain_from_mbx"
- Revert "UBUNTU: SAUCE: {topost} net: hns3: fix for using wrong mask and
shift in hclge_get_ring_chain_from_mbx"
- Revert "UBUNTU: SAUCE: {topost} net: hns3: fix for reset_level default
assignment probelm"
- Revert "UBUNTU: SAUCE: {topost} net: hns3: remove unnecessary ring
configuration operation while resetting"
- Revert "UBUNTU: SAUCE: {topost} net: hns3: fix return value error in
hns3_reset_notify_down_enet"
- Revert "UBUNTU: SAUCE: net: hns3: Fix for phy link issue when using
marvell
phy driver"
- Revert "UBUNTU: SAUCE: {topost} net: hns3: separate roce from nic when
resetting"
- Revert "UBUNTU: SAUCE: {topost} net: hns3: correct reset event status
register"
- Revert "UBUNTU: SAUCE: {topost} net: hns3: prevent to request reset
frequently"
- Revert "UBUNTU: SAUCE: {topost} net: hns3: reset net device with
rtnl_lock"
- Revert "UBUNTU: SAUCE: {topost} net: hns3: modify the order of
initializeing
command queue register"
- Revert "UBUNTU: SAUCE: {topost} net: hns3: prevent sending command during
global or core reset"
- Revert "UBUNTU: SAUCE: {topost} net: hns3: remove the warning when clear
reset cause"
- Revert "UBUNTU: SAUCE: {topost} net: hns3: fix get_vector ops in
hclgevf_main module"
- Revert "UBUNTU: SAUCE: {topost} net: hns3: fix warning bug when doing lp
selftest"
- Revert "UBUNTU: SAUCE: {topost} net: hns3: Add configure for mac minimal
frame size"
- Revert "UBUNTU: SAUCE: {topost} net: hns3: fix for mailbox message
truncated
problem"
- Revert "UBUNTU: SAUCE: {topost} net: hns3: fix for l4 checksum offload
bug"
- Revert "UBUNTU: SAUCE: {topost} net: hns3: fix for waterline not setting
correctly"
- Revert "UBUNTU: SAUCE: {topost} net: hns3: fix for mac pause not disable
in
pfc mode"
- Revert "UBUNTU: SAUCE: {topost} net: hns3: fix tc setup when netdev is
first
up"
- Revert "UBUNTU: SAUCE: {topost} net: hns3: Add SPDX tags to hns3 driver"
- Revert "UBUNTU: SAUCE: {topost} net: hns3: remove unused struct member and
definition"
- Revert "UBUNTU: SAUCE: {topost} net: hns3: fix mislead parameter name"
- Revert "UBUNTU: SAUCE: {topost} net: hns3: modify inconsistent bit mask
macros"
- Revert "UBUNTU: SAUCE: {topost} net: hns3: use decimal for bit offset
macros"
- Revert "UBUNTU: SAUCE: {topost} net: hns3: fix unreasonable code comments"
- Revert "UBUNTU: SAUCE: {topost} net: hns3: remove extra space and
brackets"
- Revert "UBUNTU: SAUCE: {topost} net: hns3: standardize the handle of
return
value"
- Revert "UBUNTU: SAUCE: {topost} net: hns3: remove some redundant
assignments"
- Revert "UBUNTU: SAUCE: {topost} net: hns3: fix unused function warning in
VF
driver"
- Revert "UBUNTU: SAUCE: {topost} net: hns3: modify hnae_ to hnae3_"
- Revert "UBUNTU: SAUCE: {topost} net: hns3: use dma_zalloc_coherent instead
of kzalloc/dma_map_single"
- Revert "UBUNTU: SAUCE: {topost} net: hns3: give default option while
dependency HNS3 set"
- Revert "UBUNTU: SAUCE: {topost} net: hns3: remove some unused members of
some structures"
- Revert "UBUNTU: SAUCE: {topost} net: hns3: remove a redundant
hclge_cmd_csq_done"
- Revert "UBUNTU: SAUCE: {topost} net: hns3: using modulo for cyclic
counters
in hclge_cmd_send"
- Revert "UBUNTU: SAUCE: {topost} net: hns3: simplify hclge_cmd_csq_clean"
- Revert "UBUNTU: SAUCE: {topost} net: hns3: remove some redundant
assignments"
- Revert "UBUNTU: SAUCE: {topost} net: hns3: remove useless code in
hclge_cmd_send"
- Revert "UBUNTU: SAUCE: {topost} net: hns3: remove unused
hclge_ring_to_dma_dir"
- Revert "UBUNTU: SAUCE: {topost} net: hns3: use lower_32_bits and
upper_32_bits"
- Revert "UBUNTU: SAUCE: {topost} net: hns3: remove back in struct hclge_hw"
- Revert "UBUNTU: SAUCE: {topost} net: hns3: add unlikely for error check"
- Revert "UBUNTU: SAUCE: {topost} net: hns3: remove the Redundant put_vector
in hns3_client_uninit"
- Revert "UBUNTU: SAUCE: {topost} net: hns3: print the ret value in error
information"
- Revert "UBUNTU: SAUCE: {topost} net: hns3: extraction an interface for
state
state init|uninit"
- Revert "UBUNTU: SAUCE: {topost} net: hns3: remove unused head file in
hnae3.c"
- Revert "UBUNTU: SAUCE: {topost} net: hns3: add l4_type check for both ipv4
and ipv6"
- Revert "UBUNTU: SAUCE: {topost} net: hns3: add vector status check before
free vector"
- Revert "UBUNTU: SAUCE: {topost} net: hns3: rename the interface for
init_client_instance and uninit_client_instance"
- Revert "UBUNTU: SAUCE: {topost} net: hns3: remove hclge_get_vector_index
from hclge_bind_ring_with_vector"
- Revert "UBUNTU: SAUCE: {topost} net: hns3: RX BD information valid only in
last BD except VLD bit and buffer size"
- Revert "UBUNTU: SAUCE: {topost} net: hns3: add support for serdes loopback
selftest"
- net: hns3: Updates RX packet info fetch in case of multi BD
- net: hns3: remove unused hclgevf_cfg_func_mta_filter
- net: hns3: Fix for VF mailbox cannot receiving PF response
- net: hns3: Fix for VF mailbox receiving unknown message
- net: hns3: Optimize PF CMDQ interrupt switching process
- net: hns3: remove hclge_get_vector_index from hclge_bind_ring_with_vector
- net: hns3: rename the interface for init_client_instance and
uninit_client_instance
- net: hns3: add vector status check before free vector
- net: hns3: add l4_type check for both ipv4 and ipv6
- net: hns3: add unlikely for error check
- net: hns3: remove unused head file in hnae3.c
- net: hns3: extraction an interface for state init|uninit
- net: hns3: print the ret value in error information
- net: hns3: remove the Redundant put_vector in hns3_client_uninit
- net: hns3: remove back in struct hclge_hw
- net: hns3: use lower_32_bits and upper_32_bits
- net: hns3: remove unused hclge_ring_to_dma_dir
- net: hns3: remove useless code in hclge_cmd_send
- net: hns3: remove some redundant assignments
- net: hns3: simplify hclge_cmd_csq_clean
- net: hns3: remove a redundant hclge_cmd_csq_done
- net: hns3: remove some unused members of some structures
- net: hns3: give default option while dependency HNS3 set
- net: hns3: use dma_zalloc_coherent instead of kzalloc/dma_map_single
- net: hns3: modify hnae_ to hnae3_
- net: hns3: Fix tc setup when netdev is first up
- net: hns3: Fix for mac pause not disable in pfc mode
- net: hns3: Fix for waterline not setting correctly
- net: hns3: Fix for l4 checksum offload bug
- net: hns3: Fix for mailbox message truncated problem
- net: hns3: Add configure for mac minimal frame size
- net: hns3: Fix warning bug when doing lp selftest
- net: hns3: Fix get_vector ops in hclgevf_main module
- net: hns3: Remove the warning when clear reset cause
- net: hns3: Prevent sending command during global or core reset
- net: hns3: Modify the order of initializing command queue register
- net: hns3: Reset net device with rtnl_lock
- net: hns3: Prevent to request reset frequently
- net: hns3: Correct reset event status register
- net: hns3: Fix return value error in hns3_reset_notify_down_enet
- net: hns3: remove unnecessary ring configuration operation while resetting
- net: hns3: Fix for reset_level default assignment probelm
- net: hns3: Fix for using wrong mask and shift in
hclge_get_ring_chain_from_mbx
- net: hns3: Fix comments for hclge_get_ring_chain_from_mbx
- net: hns3: Remove some redundant assignments
- net: hns3: Standardize the handle of return value
- net: hns3: Remove extra space and brackets
- net: hns3: Correct unreasonable code comments
- net: hns3: Use decimal for bit offset macros
- net: hns3: Modify inconsistent bit mask macros
- net: hns3: Fix misleading parameter name
- net: hns3: Remove unused struct member and definition
- net: hns3: Add SPDX tags to HNS3 PF driver
- net: hns3: Add support for serdes loopback selftest
- net: hns3: Fix for phy link issue when using marvell phy driver
- SAUCE: {topost} net: hns3: separate roce from nic when resetting
* CVE-2018-6555
- SAUCE: irda: Only insert new objects into the global database via
setsockopt
* CVE-2018-6554
- SAUCE: irda: Fix memory leak caused by repeated binds of irda socket
* Bionic update: upstream stable patchset 2018-08-31 (LP: #1790188)
- netfilter: nf_tables: fix NULL pointer dereference on
nft_ct_helper_obj_dump()
- blkdev_report_zones_ioctl(): Use vmalloc() to allocate large buffers
- af_key: Always verify length of provided sadb_key
- gpio: No NULL owner
- KVM: X86: Fix reserved bits check for MOV to CR3
- KVM: x86: introduce linear_{read,write}_system
- KVM: x86: pass kvm_vcpu to kvm_read_guest_virt and
kvm_write_guest_virt_system
- staging: android: ion: Switch to pr_warn_once in ion_buffer_destroy
- NFC: pn533: don't send USB data off of the stack
- usbip: vhci_sysfs: fix potential Spectre v1
- usb-storage: Add support for FL_ALWAYS_SYNC flag in the UAS driver
- usb-storage: Add compatibility quirk flags for G-Technologies G-Drive
- Input: xpad - add GPD Win 2 Controller USB IDs
- phy: qcom-qusb2: Fix crash if nvmem cell not specified
- usb: gadget: function: printer: avoid wrong list handling in
printer_write()
- usb: gadget: udc: renesas_usb3: disable the controller's irqs for
reconnecting
- serial: sh-sci: Stop using printk format %pCr
- tty/serial: atmel: use port->name as name in request_irq()
- serial: samsung: fix maxburst parameter for DMA transactions
- serial: 8250: omap: Fix idling of clocks for unused uarts
- vmw_balloon: fixing double free when batching mode is off
- tty: pl011: Avoid spuriously stuck-off interrupts
- kvm: x86: use correct privilege level for sgdt/sidt/fxsave/fxrstor access
- Input: goodix - add new ACPI id for GPD Win 2 touch screen
- crypto: caam - strip input zeros from RSA input buffer
- crypto: caam - fix DMA mapping dir for generated IV
- crypto: caam - fix IV DMA mapping and updating
- crypto: caam/qi - fix IV DMA mapping and updating
- crypto: caam - fix size of RSA prime factor q
- crypto: vmx - Remove overly verbose printk from AES init routines
- crypto: vmx - Remove overly verbose printk from AES XTS init
- crypto: omap-sham - fix memleak
- usb: typec: wcove: Remove dependency on HW FSM
- usb: gadget: udc: renesas_usb3: fix double phy_put()
- usb: gadget: udc: renesas_usb3: should remove debugfs
- usb: gadget: udc: renesas_usb3: should call pm_runtime_enable() before add
udc
- usb: gadget: udc: renesas_usb3: should call devm_phy_get() before add udc
- usb: gadget: udc: renesas_usb3: should fail if devm_phy_get() returns
error
* Bionic update: upstream stable patchset 2018-08-29 (LP: #1789666)
- scsi: sd_zbc: Avoid that resetting a zone fails sporadically
- mmap: introduce sane default mmap limits
- mmap: relax file size limit for regular files
- btrfs: define SUPER_FLAG_METADUMP_V2
- kconfig: Avoid format overflow warning from GCC 8.1
- be2net: Fix error detection logic for BE3
- bnx2x: use the right constant
- dccp: don't free ccid2_hc_tx_sock struct in dccp_disconnect()
- enic: set DMA mask to 47 bit
- ip6mr: only set ip6mr_table from setsockopt when ip6mr_new_table succeeds
- ip6_tunnel: remove magic mtu value 0xFFF8
- ipmr: properly check rhltable_init() return value
- ipv4: remove warning in ip_recv_error
- ipv6: omit traffic class when calculating flow hash
- isdn: eicon: fix a missing-check bug
- kcm: Fix use-after-free caused by clonned sockets
- netdev-FAQ: clarify DaveM's position for stable backports
- net: ipv4: add missing RTA_TABLE to rtm_ipv4_policy
- net: metrics: add proper netlink validation
- net/packet: refine check for priv area size
- net: phy: broadcom: Fix bcm_write_exp()
- net: usb: cdc_mbim: add flag FLAG_SEND_ZLP
- packet: fix reserve calculation
- qed: Fix mask for physical address in ILT entry
- sctp: not allow transport timeout value less than HZ/5 for hb_timer
- team: use netdev_features_t instead of u32
- vhost: synchronize IOTLB message with dev cleanup
- vrf: check the original netdevice for generating redirect
- ipv6: sr: fix memory OOB access in seg6_do_srh_encap/inline
- net: phy: broadcom: Fix auxiliary control register reads
- net-sysfs: Fix memory leak in XPS configuration
- virtio-net: correctly transmit XDP buff after linearizing
- net/mlx4: Fix irq-unsafe spinlock usage
- tun: Fix NULL pointer dereference in XDP redirect
- virtio-net: correctly check num_buf during err path
- net/mlx5e: When RXFCS is set, add FCS data into checksum calculation
- virtio-net: fix leaking page for gso packet during mergeable XDP
- rtnetlink: validate attributes in do_setlink()
- cls_flower: Fix incorrect idr release when failing to modify rule
- PCI: hv: Do not wait forever on a device that has disappeared
- drm: set FMODE_UNSIGNED_OFFSET for drm files
- l2tp: fix refcount leakage on PPPoL2TP sockets
- mlxsw: spectrum: Forbid creation of VLAN 1 over port/LAG
- net: ethernet: ti: cpdma: correct error handling for chan create
- net: ethernet: davinci_emac: fix error handling in probe()
- net: dsa: b53: Fix for brcm tag issue in Cygnus SoC
- net : sched: cls_api: deal with egdev path only if needed
* Bionic update: upstream stable patchset 2018-08-24 (LP: #1788897)
- fix io_destroy()/aio_complete() race
- mm: fix the NULL mapping case in __isolate_lru_page()
- objtool: Support GCC 8's cold subfunctions
- objtool: Support GCC 8 switch tables
- objtool: Detect RIP-relative switch table references
- objtool: Detect RIP-relative switch table references, part 2
- objtool: Fix "noreturn" detection for recursive sibling calls
- xfs: convert XFS_AGFL_SIZE to a helper function
- xfs: detect agfl count corruption and reset agfl
- Input: synaptics - Lenovo Carbon X1 Gen5 (2017) devices should use RMI
- Input: synaptics - add Lenovo 80 series ids to SMBus
- Input: elan_i2c_smbus - fix corrupted stack
- tracing: Fix crash when freeing instances with event triggers
- tracing: Make the snapshot trigger work with instances
- selinux: KASAN: slab-out-of-bounds in xattr_getsecurity
- cfg80211: further limit wiphy names to 64 bytes
- drm/amd/powerplay: Fix enum mismatch
- rtlwifi: rtl8192cu: Remove variable self-assignment in rf.c
- platform/chrome: cros_ec_lpc: remove redundant pointer request
- kbuild: clang: disable unused variable warnings only when constant
- tcp: avoid integer overflows in tcp_rcv_space_adjust()
- iio: ad7793: implement IIO_CHAN_INFO_SAMP_FREQ
- iio:buffer: make length types match kfifo types
- iio:kfifo_buf: check for uint overflow
- iio: adc: select buffer for at91-sama5d2_adc
- MIPS: lantiq: gphy: Drop reboot/remove reset asserts
- MIPS: ptrace: Fix PTRACE_PEEKUSR requests for 64-bit FGRs
- MIPS: prctl: Disallow FRE without FR with PR_SET_FP_MODE requests
- scsi: scsi_transport_srp: Fix shost to rport translation
- stm class: Use vmalloc for the master map
- hwtracing: stm: fix build error on some arches
- IB/core: Fix error code for invalid GID entry
- mm/huge_memory.c: __split_huge_page() use atomic ClearPageDirty()
- Revert "rt2800: use TXOP_BACKOFF for probe frames"
- intel_th: Use correct device when freeing buffers
- drm/psr: Fix missed entry in PSR setup time table.
- drm/i915/lvds: Move acpi lid notification registration to registration
phase
- drm/i915: Disable LVDS on Radiant P845
- drm/vmwgfx: Use kasprintf
- drm/vmwgfx: Fix host logging / guestinfo reading error paths
- nvme: fix extended data LBA supported setting
- iio: hid-sensor-trigger: Fix sometimes not powering up the sensor after
resume
- x86/MCE/AMD: Define a function to get SMCA bank type
- x86/mce/AMD: Pass the bank number to smca_get_bank_type()
- x86/mce/AMD, EDAC/mce_amd: Enumerate Reserved SMCA bank type
- x86/mce/AMD: Carve out SMCA get_block_address() code
- x86/MCE/AMD: Cache SMCA MISC block addresses
* errors when scanning partition table of corrupted AIX disk (LP: #1787281)
- partitions/aix: fix usage of uninitialized lv_info and lvname structures
- partitions/aix: append null character to print data from disk
* tlbie master timeout checkstop (using NVidia/GPU) (LP: #1789772)
- powerpc/mm/hugetlb: Update huge_ptep_set_access_flags to call
__ptep_set_access_flags directly
- powerpc/mm/radix: Move function from radix.h to pgtable-radix.c
- powerpc/mm: Change function prototype
- powerpc/mm/radix: Change pte relax sequence to handle nest MMU hang
* performance drop with ATS enabled (LP: #1788097)
- powerpc/powernv: Fix concurrency issue with npu->mmio_atsd_usage
* [Regression] kernel crashdump fails on arm64 (LP: #1786878)
- arm64: export memblock_reserve()d regions via /proc/iomem
- drivers: acpi: add dependency of EFI for arm64
- efi/arm: preserve early mapping of UEFI memory map longer for BGRT
- efi/arm: map UEFI memory map even w/o runtime services enabled
- arm64: acpi: fix alignment fault in accessing ACPI
- [Config] CONFIG_ARCH_SUPPORTS_ACPI=y
- arm64: fix ACPI dependencies
- ACPI: fix menuconfig presentation of ACPI submenu
* TB 16 issue on Dell Lattitude 7490 with large amount of data (LP: #1785780)
- r8152: disable RX aggregation on new Dell TB16 dock
* dell_wmi: Unknown key codes (LP: #1762385)
- platform/x86: dell-wmi: Ignore new rfkill and fn-lock events
* Enable AMD PCIe MP2 for AMDI0011 (LP: #1773940)
- SAUCE: i2c:amd I2C Driver based on PCI Interface for upcoming platform
- SAUCE: i2c:amd move out pointer in union i2c_event_base
- SAUCE: i2c:amd Depends on ACPI
- [Config] i2c: CONFIG_I2C_AMD_MP2=y on x86
* r8169 no internet after suspending (LP: #1779817)
- r8169: restore previous behavior to accept BIOS WoL settings
- r8169: don't use MSI-X on RTL8168g
- r8169: don't use MSI-X on RTL8106e
* Fix Intel Cannon Lake LPSS I2C input clock (LP: #1789790)
- mfd: intel-lpss: Fix Intel Cannon Lake LPSS I2C input clock
* Microphone cannot be detected with front panel audio combo jack on HP Z8-G4
machine (LP: #1789145)
- ALSA: hda/realtek - Fix HP Headset Mic can't record
* Tango platform uses __initcall without further checks (LP: #1787945)
- [Config] disable ARCH_TANGO
* [18.10 FEAT] Add kernel config option "CONFIG_SCLP_OFB" (LP: #1787898)
- [Config] CONFIG_SCLP_OFB=y for s390x
-- Kleber Sacilotto de Souza <kleber.so...@canonical.com> Tue, 25 Sep
2018 12:26:20 +0200
** Changed in: linux-azure (Ubuntu Bionic)
Status: Fix Committed => Fix Released
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux-azure in Ubuntu.
https://bugs.launchpad.net/bugs/1789638
Title:
azure 4.15 kernel: reading sysfs file causing oops
Status in linux package in Ubuntu:
Incomplete
Status in linux-azure package in Ubuntu:
Fix Released
Status in linux source package in Bionic:
In Progress
Status in linux-azure source package in Bionic:
Fix Released
Bug description:
Kernel: 4.15.0-1021-azure, in Xenial VM on Azure.
How to reproduce:
git clone git://kernel.ubuntu.com/cking/stress-ng
cd stress-ng
make
./stress-ng --sysfs 0 -t 120
One gets the following:
[ 22.451885] BUG: unable to handle kernel NULL pointer dereference at
0000000000000004
[ 22.455286] IP: read_avail_show+0x1c/0x40
[ 22.455286] PGD 800000042d59e067 P4D 800000042d59e067 PUD 42eb8c067 PMD 0
[ 22.455286] Oops: 0000 [#1] SMP PTI
[ 22.455286] Modules linked in: nf_conntrack_ipv4 nf_defrag_ipv4 xt_owner
xt_conntrack nf_conntrack iptable_security ip_tables x_tables serio_raw joydev
hv_balloon ib_iser iscsi_tcp libiscsi_tcp libiscsi scsi_transport_iscsi autofs4
btrfs zstd_compress raid10 raid456 async_raid6_recov async_memcpy async_pq
async_xor async_tx xor raid6_pq libcrc32c raid1 raid0 multipath linear
hid_generic crct10dif_pclmul crc32_pclmul ghash_clmulni_intel pcbc aesni_intel
aes_x86_64 crypto_simd glue_helper cryptd hyperv_fb hid_hyperv pata_acpi
cfbfillrect hyperv_keyboard cfbimgblt hid cfbcopyarea hv_netvsc hv_utils
[ 22.455286] CPU: 1 PID: 1670 Comm: cat Not tainted 4.15.0-1021-azure
#21~16.04.1-Ubuntu
[ 22.455286] Hardware name: Microsoft Corporation Virtual Machine/Virtual
Machine, BIOS 090007 06/02/2017
[ 22.455286] RIP: 0010:read_avail_show+0x1c/0x40
[ 22.455286] RSP: 0018:ffffafa4c4eafdb0 EFLAGS: 00010286
[ 22.455286] RAX: 0000000000000000 RBX: ffff9db36c93e880 RCX:
ffff9db36f136908
[ 22.860062] RDX: 0000000000000000 RSI: ffff9db364548000 RDI:
ffff9db364548000
[ 22.888042] RBP: ffffafa4c4eafdb0 R08: ffff9db364548000 R09:
ffff9db36c049840
[ 22.920041] R10: ffff9db364548000 R11: 0000000000000000 R12:
ffffffff92ae9440
[ 22.948058] R13: ffff9db36c22d200 R14: 0000000000000001 R15:
ffff9db36c93e880
[ 22.972043] FS: 00007f67eeec6700(0000) GS:ffff9db37fd00000(0000)
knlGS:0000000000000000
[ 23.004046] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 23.024016] CR2: 0000000000000004 CR3: 000000042c37a003 CR4:
00000000001606e0
[ 23.048014] Call Trace:
[ 23.060019] vmbus_chan_attr_show+0x21/0x30
[ 23.076018] sysfs_kf_seq_show+0xa2/0x130
[ 23.088030] kernfs_seq_show+0x27/0x30
[ 23.100020] seq_read+0xb7/0x480
[ 23.112014] kernfs_fop_read+0x111/0x190
[ 23.128017] ? security_file_permission+0xa1/0xc0
[ 23.144013] __vfs_read+0x1b/0x40
[ 23.156019] vfs_read+0x93/0x130
[ 23.168013] SyS_read+0x55/0xc0
[ 23.180021] do_syscall_64+0x73/0x130
[ 23.192014] entry_SYSCALL_64_after_hwframe+0x3d/0xa2
[ 23.212022] RIP: 0033:0x7f67ee9d8260
[ 23.224016] RSP: 002b:00007fffdc193ff8 EFLAGS: 00000246 ORIG_RAX:
0000000000000000
[ 23.252022] RAX: ffffffffffffffda RBX: 0000000000020000 RCX:
00007f67ee9d8260
[ 23.276019] RDX: 0000000000020000 RSI: 00007f67eed0c000 RDI:
0000000000000003
[ 23.300020] RBP: 0000000000020000 R08: ffffffffffffffff R09:
0000000000000000
[ 23.328025] R10: 000000000000037b R11: 0000000000000246 R12:
00007f67eed0c000
[ 23.352036] R13: 0000000000000003 R14: 0000000000000000 R15:
0000000000020000
[ 23.376678] Code: fb 3a 17 00 48 98 5d c3 0f 1f 80 00 00 00 00 0f 1f 44 00
00 55 48 8b 87 38 01 00 00 49 89 f0 8b 97 48 01 00 00 4c 89 c7 48 89 e5 <8b> 48
04 8b 00 29 ca 89 c6 29 ce 01 c2 39 c1 0f 46 d6 48 c7 c6
[ 23.444022] RIP: read_avail_show+0x1c/0x40 RSP: ffffafa4c4eafdb0
[ 23.468021] CR2: 0000000000000004
[ 23.481135] ---[ end trace 348a4b7d5a6747d1 ]---
Cornered this down to just reading:
cat
/sys/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0A03:00/device:07/VMBUS:01/99221fa0
-24ad-11e2-be98-001aa01bbf6e/channels/4/read_avail
There are various /sysfs VMBUS files that trigger this, see a fix on
comment #5 below that addresses all the ones I could find.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1789638/+subscriptions
--
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help : https://help.launchpad.net/ListHelp
