This bug was fixed in the package linux - 5.4.0-42.46
---------------
linux (5.4.0-42.46) focal; urgency=medium
* focal/linux: 5.4.0-42.46 -proposed tracker (LP: #1887069)
* linux 4.15.0-109-generic network DoS regression vs -108 (LP: #1886668)
- SAUCE: Revert "netprio_cgroup: Fix unlimited memory leak of v2 cgroups"
linux (5.4.0-41.45) focal; urgency=medium
* focal/linux: 5.4.0-41.45 -proposed tracker (LP: #1885855)
* Packaging resync (LP: #1786013)
- update dkms package versions
* CVE-2019-19642
- kernel/relay.c: handle alloc_percpu returning NULL in relay_open
* CVE-2019-16089
- SAUCE: nbd_genl_status: null check for nla_nest_start
* CVE-2020-11935
- aufs: do not call i_readcount_inc()
* ip_defrag.sh in net from ubuntu_kernel_selftests failed with 5.0 / 5.3 / 5.4
kernel (LP: #1826848)
- selftests: net: ip_defrag: ignore EPERM
* Update lockdown patches (LP: #1884159)
- SAUCE: acpi: disallow loading configfs acpi tables when locked down
* seccomp_bpf fails on powerpc (LP: #1885757)
- SAUCE: selftests/seccomp: fix ptrace tests on powerpc
* Introduce the new NVIDIA 418-server and 440-server series, and update the
current NVIDIA drivers (LP: #1881137)
- [packaging] add signed modules for the 418-server and the 440-server
flavours
-- Khalid Elmously <khalid.elmou...@canonical.com> Thu, 09 Jul 2020
19:50:26 -0400
** Changed in: linux (Ubuntu)
Status: Invalid => Fix Released
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2019-16089
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2019-19642
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2020-11935
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1877394
Title:
Kernel panic due to NULL ringbuffer vaddr dereference in i915
Status in linux package in Ubuntu:
Fix Released
Status in linux source package in Focal:
Fix Released
Bug description:
SRU Justification:
[Impact]
A sauce fix for a kernel panic in i915 that I frequently experienced was
fixed by upstream.
[Fix]
The sauce patch I made should be dropped in exchange for the proper upstream
fix.
[Test]
I tested the upstream fix and can confirm it fixes the crashes I experienced.
[Regression Potential]
Low. The upstream fix for this bug is tiny and we get to remove a nasty sauce
patch.
---
This is what the crash looks like:
BUG: unable to handle page fault for address: 0000000000003448
RIP: 0010:gen8_emit_flush_render+0x163/0x190
Call Trace:
execlists_request_alloc+0x25/0x40
__i915_request_create+0x1f4/0x2c0
i915_request_create+0x71/0xc0
i915_gem_do_execbuffer+0xb98/0x1a80
? preempt_count_add+0x68/0xa0
? _raw_spin_lock+0x13/0x30
? _raw_spin_unlock+0x16/0x30
i915_gem_execbuffer2_ioctl+0x1de/0x3c0
? i915_gem_busy_ioctl+0x7f/0x1d0
? i915_gem_execbuffer_ioctl+0x2d0/0x2d0
drm_ioctl_kernel+0xb2/0x100
drm_ioctl+0x209/0x360
? i915_gem_execbuffer_ioctl+0x2d0/0x2d0
ksys_ioctl+0x87/0xc0
__x64_sys_ioctl+0x16/0x20
do_syscall_64+0x4e/0x150
entry_SYSCALL_64_after_hwframe+0x44/0xa9
This bug was fixed by "UBUNTU: SAUCE: drm/i915: Synchronize active and
retire callbacks" but there is an upstream fix for it, "drm/i915/gt:
Make intel_ring_unpin() safe for concurrent pint". Let's replace the
sauce patch with the upstream fix.
More info here: https://gitlab.freedesktop.org/drm/intel/issues/1599
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1877394/+subscriptions
--
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help : https://help.launchpad.net/ListHelp
