Public bug reported:
SRU Justification
Impact:
The upstream process for stable tree updates is quite similar
in scope to the Ubuntu SRU process, e.g., each patch has to
demonstrably fix a bug, and each patch is vetted by upstream
by originating either directly from a mainline/stable Linux tree or
a minimally backported form of that patch. The following upstream
stable patches should be included in the Ubuntu kernel:
upstream stable patchset 2020-10-23
Ported from the following upstream stable releases:
v4.14.200, v4.19.148,
v4.19.149
from git://git.kernel.org/
af_key: pfkey_dump needs parameter validation
KVM: fix memory leak in kvm_io_bus_unregister_dev()
kprobes: fix kill kprobe which has been marked as gone
mm/thp: fix __split_huge_pmd_locked() for migration PMD
cxgb4: Fix offset when clearing filter byte counters
geneve: add transport ports in route lookup for geneve
hdlc_ppp: add range checks in ppp_cp_parse_cr()
ip: fix tos reflection in ack and reset packets
net: ipv6: fix kconfig dependency warning for IPV6_SEG6_HMAC
nfp: use correct define to return NONE fec
tipc: Fix memory leak in tipc_group_create_member()
tipc: fix shutdown() of connection oriented socket
tipc: use skb_unshare() instead in tipc_buf_append()
bnxt_en: Protect bnxt_set_eee() and bnxt_set_pauseparam() with mutex.
net: phy: Avoid NPD upon phy_detach() when driver is unbound
net: qrtr: check skb_put_padto() return value
net: add __must_check to skb_put_padto()
ipv4: Update exception handling for multipath routes via same device
MAINTAINERS: add CLANG/LLVM BUILD SUPPORT info
Documentation/llvm: add documentation on building w/ Clang/LLVM
Documentation/llvm: fix the name of llvm-size
net: wan: wanxl: use allow to pass CROSS_COMPILE_M68k for rebuilding firmware
net: wan: wanxl: use $(M68KCC) instead of $(M68KAS) for rebuilding firmware
kbuild: replace AS=clang with LLVM_IAS=1
tcp_bbr: refactor bbr_target_cwnd() for general inflight provisioning
tcp_bbr: adapt cwnd based on ack aggregation estimation
serial: 8250: Avoid error message on reprobe
RDMA/ucma: ucma_context reference leak in error path
mm: fix double page fault on arm64 if PTE_AF is cleared
scsi: aacraid: fix illegal IO beyond last LBA
m68k: q40: Fix info-leak in rtc_ioctl
gma/gma500: fix a memory disclosure bug due to uninitialized bytes
ASoC: kirkwood: fix IRQ error handling
media: smiapp: Fix error handling at NVM reading
arch/x86/lib/usercopy_64.c: fix __copy_user_flushcache() cache writeback
x86/ioapic: Unbreak check_timer()
ALSA: usb-audio: Add delay quirk for H570e USB headsets
ALSA: hda/realtek - Couldn't detect Mic if booting with headset plugged
PM / devfreq: tegra30: Fix integer overflow on CPU's freq max out
scsi: fnic: fix use after free
clk/ti/adpll: allocate room for terminating null
mtd: cfi_cmdset_0002: don't free cfi->cfiq in error path of cfi_amdstd_setup()
mfd: mfd-core: Protect against NULL call-back function pointer
tracing: Adding NULL checks for trace_array descriptor pointer
bcache: fix a lost wake-up problem caused by mca_cannibalize_lock
RDMA/i40iw: Fix potential use after free
xfs: fix attr leaf header freemap.size underflow
RDMA/iw_cgxb4: Fix an error handling path in 'c4iw_connect()'
mmc: core: Fix size overflow for mmc partitions
gfs2: clean up iopen glock mess in gfs2_create_inode
debugfs: Fix !DEBUG_FS debugfs_create_automount
CIFS: Properly process SMB3 lease breaks
kernel/sys.c: avoid copying possible padding bytes in copy_to_user
neigh_stat_seq_next() should increase position index
rt_cpu_seq_next should increase position index
seqlock: Require WRITE_ONCE surrounding raw_seqcount_barrier
media: ti-vpe: cal: Restrict DMA to avoid memory corruption
ACPI: EC: Reference count query handlers under lock
dmaengine: zynqmp_dma: fix burst length configuration
powerpc/eeh: Only dump stack once if an MMIO loop is detected
tracing: Set kernel_stack's caller size properly
ar5523: Add USB ID of SMCWUSBT-G2 wireless adapter
selftests/ftrace: fix glob selftest
tools/power/x86/intel_pstate_tracer: changes for python 3 compatibility
Bluetooth: Fix refcount use-after-free issue
mm: pagewalk: fix termination condition in walk_pte_range()
Bluetooth: prefetch channel before killing sock
ALSA: hda: Clear RIRB status before reading WP
skbuff: fix a data race in skb_queue_len()
audit: CONFIG_CHANGE don't log internal bookkeeping as an event
selinux: sel_avc_get_stat_idx should increase position index
scsi: lpfc: Fix RQ buffer leakage when no IOCBs available
scsi: lpfc: Fix coverity errors in fmdi attribute handling
drm/omap: fix possible object reference leak
perf test: Fix test trace+probe_vfs_getname.sh on s390
RDMA/rxe: Fix configuration of atomic queue pair attributes
KVM: x86: fix incorrect comparison in trace event
media: staging/imx: Missing assignment in imx_media_capture_device_register()
x86/pkeys: Add check for pkey "overflow"
bpf: Remove recursion prevention from rcu free callback
dmaengine: tegra-apb: Prevent race conditions on channel's freeing
media: go7007: Fix URB type for interrupt handling
Bluetooth: guard against controllers sending zero'd events
timekeeping: Prevent 32bit truncation in scale64_check_overflow()
ext4: fix a data race at inode->i_disksize
mm: avoid data corruption on CoW fault into PFN-mapped VMA
drm/amdgpu: increase atombios cmd timeout
ath10k: use kzalloc to read for ath10k_sdio_hif_diag_read
scsi: aacraid: Disabling TM path and only processing IOP reset
Bluetooth: L2CAP: handle l2cap config request during open state
media: tda10071: fix unsigned sign extension overflow
xfs: don't ever return a stale pointer from __xfs_dir3_free_read
tpm: ibmvtpm: Wait for buffer to be set before proceeding
rtc: ds1374: fix possible race condition
tracing: Use address-of operator on section symbols
serial: 8250_port: Don't service RX FIFO if throttled
serial: 8250_omap: Fix sleeping function called from invalid context during
probe
serial: 8250: 8250_omap: Terminate DMA before pushing data on RX timeout
perf cpumap: Fix snprintf overflow check
cpufreq: powernv: Fix frame-size-overflow in powernv_cpufreq_work_fn
tools: gpio-hammer: Avoid potential overflow in main
RDMA/rxe: Set sys_image_guid to be aligned with HW IB devices
SUNRPC: Fix a potential buffer overflow in 'svc_print_xprts()'
svcrdma: Fix leak of transport addresses
ubifs: Fix out-of-bounds memory access caused by abnormal value of node_len
ALSA: usb-audio: Fix case when USB MIDI interface has more than one extra
endpoint descriptor
NFS: Fix races nfs_page_group_destroy() vs nfs_destroy_unlinked_subrequests()
mm/kmemleak.c: use address-of operator on section symbols
mm/filemap.c: clear page error before actual read
mm/vmscan.c: fix data races using kswapd_classzone_idx
mm/mmap.c: initialize align_offset explicitly for vm_unmapped_area
scsi: qedi: Fix termination timeouts in session logout
serial: uartps: Wait for tx_empty in console setup
KVM: Remove CREATE_IRQCHIP/SET_PIT2 race
bdev: Reduce time holding bd_mutex in sync in blkdev_close()
drivers: char: tlclk.c: Avoid data race between init and interrupt handler
staging:r8188eu: avoid skb_clone for amsdu to msdu conversion
sparc64: vcc: Fix error return code in vcc_probe()
arm64: cpufeature: Relax checks for AArch32 support at EL[0-2]
dt-bindings: sound: wm8994: Correct required supplies based on actual
implementaion
atm: fix a memory leak of vcc->user_back
power: supply: max17040: Correct voltage reading
phy: samsung: s5pv210-usb2: Add delay after reset
Bluetooth: Handle Inquiry Cancel error after Inquiry Complete
USB: EHCI: ehci-mv: fix error handling in mv_ehci_probe()
tty: serial: samsung: Correct clock selection logic
ALSA: hda: Fix potential race in unsol event handler
powerpc/traps: Make unrecoverable NMIs die instead of panic
fuse: don't check refcount after stealing page
USB: EHCI: ehci-mv: fix less than zero comparison of an unsigned int
arm64/cpufeature: Drop TraceFilt feature exposure from ID_DFR0 register
e1000: Do not perform reset in reset_task if we are already down
drm/nouveau/debugfs: fix runtime pm imbalance on error
printk: handle blank console arguments passed in.
usb: dwc3: Increase timeout for CmdAct cleared by device controller
btrfs: don't force read-only after error in drop snapshot
vfio/pci: fix memory leaks of eventfd ctx
perf util: Fix memory leak of prefix_if_not_in
perf kcore_copy: Fix module map when there are no modules loaded
mtd: rawnand: omap_elm: Fix runtime PM imbalance on error
ceph: fix potential race in ceph_check_caps
mm/swap_state: fix a data race in swapin_nr_pages
rapidio: avoid data race between file operation callbacks and mport_cdev_add().
mtd: parser: cmdline: Support MTD names containing one or more colons
x86/speculation/mds: Mark mds_user_clear_cpu_buffers() __always_inline
vfio/pci: Clear error and request eventfd ctx after releasing
cifs: Fix double add page to memcg when cifs_readpages
scsi: libfc: Handling of extra kref
scsi: libfc: Skip additional kref updating work event
selftests/x86/syscall_nt: Clear weird flags after each test
vfio/pci: fix racy on error and request eventfd ctx
btrfs: qgroup: fix data leak caused by race between writeback and truncate
s390/init: add missing __init annotations
i2c: core: Call i2c_acpi_install_space_handler() before
i2c_acpi_register_devices()
objtool: Fix noreturn detection for ignored functions
ieee802154: fix one possible memleak in ca8210_dev_com_init
ieee802154/adf7242: check status of adf7242_read_reg
clocksource/drivers/h8300_timer8: Fix wrong return value in h8300_8timer_init()
batman-adv: bla: fix type misuse for backbone_gw hash indexing
atm: eni: fix the missed pci_disable_device() for eni_init_one()
batman-adv: mcast/TT: fix wrongly dropped or rerouted packets
mac802154: tx: fix use-after-free
drm/vc4/vc4_hdmi: fill ASoC card owner
net: qed: RDMA personality shouldn't fail VF load
batman-adv: Add missing include for in_interrupt()
batman-adv: mcast: fix duplicate mcast packets in BLA backbone from mesh
ALSA: asihpi: fix iounmap in error handler
MIPS: Add the missing 'CPU_1074K' into __get_cpu_type()
s390/dasd: Fix zero write for FBA devices
kprobes: Fix to check probe enabled before disarm_kprobe_ftrace()
mm, THP, swap: fix allocating cluster for swapfile by mistake
lib/string.c: implement stpcpy
ata: define AC_ERR_OK
ata: make qc_prep return ata_completion_errors
ata: sata_mv, avoid trigerrable BUG_ON
media: mc-device.c: fix memleak in media_device_register_entity
tpm_crb: fix fTPM on AMD Zen+ CPUs
RDMA/qedr: Fix potential use after free
fix dget_parent() fastpath race
scsi: pm80xx: Cleanup command when a reset times out
ASoC: max98090: remove msleep in PLL unlocked workaround
ipv6_route_seq_next should increase position index
scsi: ufs: Fix a race condition in the tracing code
s390/cpum_sf: Use kzalloc and minor changes
ceph: ensure we have a new cap before continuing in fill_inode
mm/swapfile.c: swap_next should increase position index
dmaengine: stm32-mdma: use vchan_terminate_vdesc() in .terminate_all
dmaengine: stm32-dma: use vchan_terminate_vdesc() in .terminate_all
drm/amd/display: dal_ddc_i2c_payloads_create can fail causing panic
firmware: arm_sdei: Use cpus_read_lock() to avoid races with cpuhp
random: fix data races at timer_rand_state
bus: hisi_lpc: Fixup IO ports addresses to avoid use-after-free in host removal
perf jevents: Fix leak of mapfile memory
xfs: mark dir corrupt when lookup-by-hash fails
rtc: sa1100: fix possible race condition
nfsd: Don't add locks to closed or closing open stateids
KVM: PPC: Book3S HV: Treat TM-related invalid form instructions on P9 like the
valid ones
thermal: rcar_thermal: Handle probe error gracefully
nvme: Fix controller creation races with teardown flow
scsi: hpsa: correct race condition in offload enabled
PCI: Use ioremap(), not phys_to_virt() for platform ROM
KVM: arm64: vgic-its: Fix memory leak on the error path of vgic_add_lpi()
net: openvswitch: use u64 for meter bucket
scsi: aacraid: Fix error handling paths in aac_probe_one()
scsi: cxlflash: Fix error return code in cxlflash_probe()
drm/nouveau: fix runtime pm imbalance on error
perf evsel: Fix 2 memory leaks
perf stat: Fix duration_time value for higher intervals
perf metricgroup: Free metric_events on error
ASoC: img-i2s-out: Fix runtime PM imbalance on error
wlcore: fix runtime pm imbalance in wl1271_tx_work
nvme: fix possible deadlock when I/O is blocked
net: openvswitch: use div_u64() for 64-by-32 divisions
nvme: explicitly update mpath disk capacity on revalidation
ASoC: wm8994: Skip setting of the WM8994_MICBIAS register for WM1811
drm/amdkfd: fix a memory leak issue
batman-adv: mcast: fix duplicate mcast packets from BLA backbone to mesh
KVM: x86: Reset MMU context if guest toggles CR4.SMAP or CR4.PKE
KVM: SVM: Add a dedicated INVD intercept routine
s390/zcrypt: Fix ZCRYPT_PERDEV_REQCNT ioctl
kprobes: Fix compiler warning for !CONFIG_KPROBES_ON_FTRACE
KVM: arm64: Assume write fault on S1PTW permission fault on instruction fetch
UBUNTU: upstream stable to v4.14.200, v4.19.149
** Affects: linux (Ubuntu)
Importance: Undecided
Status: Confirmed
** Affects: linux (Ubuntu Bionic)
Importance: Undecided
Assignee: Kamal Mostafa (kamalmostafa)
Status: In Progress
** Tags: kernel-stable-tracking-bug
** Changed in: linux (Ubuntu)
Status: New => Confirmed
** Tags added: kernel-stable-tracking-bug
** Also affects: linux (Ubuntu Bionic)
Importance: Undecided
Status: New
** Changed in: linux (Ubuntu Bionic)
Status: New => In Progress
** Changed in: linux (Ubuntu Bionic)
Assignee: (unassigned) => Kamal Mostafa (kamalmostafa)
** Description changed:
-
- SRU Justification
-
- Impact:
- The upstream process for stable tree updates is quite similar
- in scope to the Ubuntu SRU process, e.g., each patch has to
- demonstrably fix a bug, and each patch is vetted by upstream
- by originating either directly from a mainline/stable Linux tree or
- a minimally backported form of that patch. The following upstream
- stable patches should be included in the Ubuntu kernel:
-
- upstream stable patchset 2020-10-23
- from git://git.kernel.org/
+ SRU Justification
+
+ Impact:
+ The upstream process for stable tree updates is quite similar
+ in scope to the Ubuntu SRU process, e.g., each patch has to
+ demonstrably fix a bug, and each patch is vetted by upstream
+ by originating either directly from a mainline/stable Linux tree or
+ a minimally backported form of that patch. The following upstream
+ stable patches should be included in the Ubuntu kernel:
+
+ upstream stable patchset 2020-10-23
+
+ Ported from the following upstream stable releases:
+ v4.14.200, v4.19.148,
+ v4.19.149
+
+ from git://git.kernel.org/
+
+ af_key: pfkey_dump needs parameter validation
+ KVM: fix memory leak in kvm_io_bus_unregister_dev()
+ kprobes: fix kill kprobe which has been marked as gone
+ mm/thp: fix __split_huge_pmd_locked() for migration PMD
+ cxgb4: Fix offset when clearing filter byte counters
+ geneve: add transport ports in route lookup for geneve
+ hdlc_ppp: add range checks in ppp_cp_parse_cr()
+ ip: fix tos reflection in ack and reset packets
+ net: ipv6: fix kconfig dependency warning for IPV6_SEG6_HMAC
+ nfp: use correct define to return NONE fec
+ tipc: Fix memory leak in tipc_group_create_member()
+ tipc: fix shutdown() of connection oriented socket
+ tipc: use skb_unshare() instead in tipc_buf_append()
+ bnxt_en: Protect bnxt_set_eee() and bnxt_set_pauseparam() with mutex.
+ net: phy: Avoid NPD upon phy_detach() when driver is unbound
+ net: qrtr: check skb_put_padto() return value
+ net: add __must_check to skb_put_padto()
+ ipv4: Update exception handling for multipath routes via same device
+ MAINTAINERS: add CLANG/LLVM BUILD SUPPORT info
+ Documentation/llvm: add documentation on building w/ Clang/LLVM
+ Documentation/llvm: fix the name of llvm-size
+ net: wan: wanxl: use allow to pass CROSS_COMPILE_M68k for rebuilding firmware
+ net: wan: wanxl: use $(M68KCC) instead of $(M68KAS) for rebuilding firmware
+ kbuild: replace AS=clang with LLVM_IAS=1
+ tcp_bbr: refactor bbr_target_cwnd() for general inflight provisioning
+ tcp_bbr: adapt cwnd based on ack aggregation estimation
+ serial: 8250: Avoid error message on reprobe
+ RDMA/ucma: ucma_context reference leak in error path
+ mm: fix double page fault on arm64 if PTE_AF is cleared
+ scsi: aacraid: fix illegal IO beyond last LBA
+ m68k: q40: Fix info-leak in rtc_ioctl
+ gma/gma500: fix a memory disclosure bug due to uninitialized bytes
+ ASoC: kirkwood: fix IRQ error handling
+ media: smiapp: Fix error handling at NVM reading
+ arch/x86/lib/usercopy_64.c: fix __copy_user_flushcache() cache writeback
+ x86/ioapic: Unbreak check_timer()
+ ALSA: usb-audio: Add delay quirk for H570e USB headsets
+ ALSA: hda/realtek - Couldn't detect Mic if booting with headset plugged
+ PM / devfreq: tegra30: Fix integer overflow on CPU's freq max out
+ scsi: fnic: fix use after free
+ clk/ti/adpll: allocate room for terminating null
+ mtd: cfi_cmdset_0002: don't free cfi->cfiq in error path of cfi_amdstd_setup()
+ mfd: mfd-core: Protect against NULL call-back function pointer
+ tracing: Adding NULL checks for trace_array descriptor pointer
+ bcache: fix a lost wake-up problem caused by mca_cannibalize_lock
+ RDMA/i40iw: Fix potential use after free
+ xfs: fix attr leaf header freemap.size underflow
+ RDMA/iw_cgxb4: Fix an error handling path in 'c4iw_connect()'
+ mmc: core: Fix size overflow for mmc partitions
+ gfs2: clean up iopen glock mess in gfs2_create_inode
+ debugfs: Fix !DEBUG_FS debugfs_create_automount
+ CIFS: Properly process SMB3 lease breaks
+ kernel/sys.c: avoid copying possible padding bytes in copy_to_user
+ neigh_stat_seq_next() should increase position index
+ rt_cpu_seq_next should increase position index
+ seqlock: Require WRITE_ONCE surrounding raw_seqcount_barrier
+ media: ti-vpe: cal: Restrict DMA to avoid memory corruption
+ ACPI: EC: Reference count query handlers under lock
+ dmaengine: zynqmp_dma: fix burst length configuration
+ powerpc/eeh: Only dump stack once if an MMIO loop is detected
+ tracing: Set kernel_stack's caller size properly
+ ar5523: Add USB ID of SMCWUSBT-G2 wireless adapter
+ selftests/ftrace: fix glob selftest
+ tools/power/x86/intel_pstate_tracer: changes for python 3 compatibility
+ Bluetooth: Fix refcount use-after-free issue
+ mm: pagewalk: fix termination condition in walk_pte_range()
+ Bluetooth: prefetch channel before killing sock
+ ALSA: hda: Clear RIRB status before reading WP
+ skbuff: fix a data race in skb_queue_len()
+ audit: CONFIG_CHANGE don't log internal bookkeeping as an event
+ selinux: sel_avc_get_stat_idx should increase position index
+ scsi: lpfc: Fix RQ buffer leakage when no IOCBs available
+ scsi: lpfc: Fix coverity errors in fmdi attribute handling
+ drm/omap: fix possible object reference leak
+ perf test: Fix test trace+probe_vfs_getname.sh on s390
+ RDMA/rxe: Fix configuration of atomic queue pair attributes
+ KVM: x86: fix incorrect comparison in trace event
+ media: staging/imx: Missing assignment in imx_media_capture_device_register()
+ x86/pkeys: Add check for pkey "overflow"
+ bpf: Remove recursion prevention from rcu free callback
+ dmaengine: tegra-apb: Prevent race conditions on channel's freeing
+ media: go7007: Fix URB type for interrupt handling
+ Bluetooth: guard against controllers sending zero'd events
+ timekeeping: Prevent 32bit truncation in scale64_check_overflow()
+ ext4: fix a data race at inode->i_disksize
+ mm: avoid data corruption on CoW fault into PFN-mapped VMA
+ drm/amdgpu: increase atombios cmd timeout
+ ath10k: use kzalloc to read for ath10k_sdio_hif_diag_read
+ scsi: aacraid: Disabling TM path and only processing IOP reset
+ Bluetooth: L2CAP: handle l2cap config request during open state
+ media: tda10071: fix unsigned sign extension overflow
+ xfs: don't ever return a stale pointer from __xfs_dir3_free_read
+ tpm: ibmvtpm: Wait for buffer to be set before proceeding
+ rtc: ds1374: fix possible race condition
+ tracing: Use address-of operator on section symbols
+ serial: 8250_port: Don't service RX FIFO if throttled
+ serial: 8250_omap: Fix sleeping function called from invalid context during
probe
+ serial: 8250: 8250_omap: Terminate DMA before pushing data on RX timeout
+ perf cpumap: Fix snprintf overflow check
+ cpufreq: powernv: Fix frame-size-overflow in powernv_cpufreq_work_fn
+ tools: gpio-hammer: Avoid potential overflow in main
+ RDMA/rxe: Set sys_image_guid to be aligned with HW IB devices
+ SUNRPC: Fix a potential buffer overflow in 'svc_print_xprts()'
+ svcrdma: Fix leak of transport addresses
+ ubifs: Fix out-of-bounds memory access caused by abnormal value of node_len
+ ALSA: usb-audio: Fix case when USB MIDI interface has more than one extra
endpoint descriptor
+ NFS: Fix races nfs_page_group_destroy() vs nfs_destroy_unlinked_subrequests()
+ mm/kmemleak.c: use address-of operator on section symbols
+ mm/filemap.c: clear page error before actual read
+ mm/vmscan.c: fix data races using kswapd_classzone_idx
+ mm/mmap.c: initialize align_offset explicitly for vm_unmapped_area
+ scsi: qedi: Fix termination timeouts in session logout
+ serial: uartps: Wait for tx_empty in console setup
+ KVM: Remove CREATE_IRQCHIP/SET_PIT2 race
+ bdev: Reduce time holding bd_mutex in sync in blkdev_close()
+ drivers: char: tlclk.c: Avoid data race between init and interrupt handler
+ staging:r8188eu: avoid skb_clone for amsdu to msdu conversion
+ sparc64: vcc: Fix error return code in vcc_probe()
+ arm64: cpufeature: Relax checks for AArch32 support at EL[0-2]
+ dt-bindings: sound: wm8994: Correct required supplies based on actual
implementaion
+ atm: fix a memory leak of vcc->user_back
+ power: supply: max17040: Correct voltage reading
+ phy: samsung: s5pv210-usb2: Add delay after reset
+ Bluetooth: Handle Inquiry Cancel error after Inquiry Complete
+ USB: EHCI: ehci-mv: fix error handling in mv_ehci_probe()
+ tty: serial: samsung: Correct clock selection logic
+ ALSA: hda: Fix potential race in unsol event handler
+ powerpc/traps: Make unrecoverable NMIs die instead of panic
+ fuse: don't check refcount after stealing page
+ USB: EHCI: ehci-mv: fix less than zero comparison of an unsigned int
+ arm64/cpufeature: Drop TraceFilt feature exposure from ID_DFR0 register
+ e1000: Do not perform reset in reset_task if we are already down
+ drm/nouveau/debugfs: fix runtime pm imbalance on error
+ printk: handle blank console arguments passed in.
+ usb: dwc3: Increase timeout for CmdAct cleared by device controller
+ btrfs: don't force read-only after error in drop snapshot
+ vfio/pci: fix memory leaks of eventfd ctx
+ perf util: Fix memory leak of prefix_if_not_in
+ perf kcore_copy: Fix module map when there are no modules loaded
+ mtd: rawnand: omap_elm: Fix runtime PM imbalance on error
+ ceph: fix potential race in ceph_check_caps
+ mm/swap_state: fix a data race in swapin_nr_pages
+ rapidio: avoid data race between file operation callbacks and
mport_cdev_add().
+ mtd: parser: cmdline: Support MTD names containing one or more colons
+ x86/speculation/mds: Mark mds_user_clear_cpu_buffers() __always_inline
+ vfio/pci: Clear error and request eventfd ctx after releasing
+ cifs: Fix double add page to memcg when cifs_readpages
+ scsi: libfc: Handling of extra kref
+ scsi: libfc: Skip additional kref updating work event
+ selftests/x86/syscall_nt: Clear weird flags after each test
+ vfio/pci: fix racy on error and request eventfd ctx
+ btrfs: qgroup: fix data leak caused by race between writeback and truncate
+ s390/init: add missing __init annotations
+ i2c: core: Call i2c_acpi_install_space_handler() before
i2c_acpi_register_devices()
+ objtool: Fix noreturn detection for ignored functions
+ ieee802154: fix one possible memleak in ca8210_dev_com_init
+ ieee802154/adf7242: check status of adf7242_read_reg
+ clocksource/drivers/h8300_timer8: Fix wrong return value in
h8300_8timer_init()
+ batman-adv: bla: fix type misuse for backbone_gw hash indexing
+ atm: eni: fix the missed pci_disable_device() for eni_init_one()
+ batman-adv: mcast/TT: fix wrongly dropped or rerouted packets
+ mac802154: tx: fix use-after-free
+ drm/vc4/vc4_hdmi: fill ASoC card owner
+ net: qed: RDMA personality shouldn't fail VF load
+ batman-adv: Add missing include for in_interrupt()
+ batman-adv: mcast: fix duplicate mcast packets in BLA backbone from mesh
+ ALSA: asihpi: fix iounmap in error handler
+ MIPS: Add the missing 'CPU_1074K' into __get_cpu_type()
+ s390/dasd: Fix zero write for FBA devices
+ kprobes: Fix to check probe enabled before disarm_kprobe_ftrace()
+ mm, THP, swap: fix allocating cluster for swapfile by mistake
+ lib/string.c: implement stpcpy
+ ata: define AC_ERR_OK
+ ata: make qc_prep return ata_completion_errors
+ ata: sata_mv, avoid trigerrable BUG_ON
+ media: mc-device.c: fix memleak in media_device_register_entity
+ tpm_crb: fix fTPM on AMD Zen+ CPUs
+ RDMA/qedr: Fix potential use after free
+ fix dget_parent() fastpath race
+ scsi: pm80xx: Cleanup command when a reset times out
+ ASoC: max98090: remove msleep in PLL unlocked workaround
+ ipv6_route_seq_next should increase position index
+ scsi: ufs: Fix a race condition in the tracing code
+ s390/cpum_sf: Use kzalloc and minor changes
+ ceph: ensure we have a new cap before continuing in fill_inode
+ mm/swapfile.c: swap_next should increase position index
+ dmaengine: stm32-mdma: use vchan_terminate_vdesc() in .terminate_all
+ dmaengine: stm32-dma: use vchan_terminate_vdesc() in .terminate_all
+ drm/amd/display: dal_ddc_i2c_payloads_create can fail causing panic
+ firmware: arm_sdei: Use cpus_read_lock() to avoid races with cpuhp
+ random: fix data races at timer_rand_state
+ bus: hisi_lpc: Fixup IO ports addresses to avoid use-after-free in host
removal
+ perf jevents: Fix leak of mapfile memory
+ xfs: mark dir corrupt when lookup-by-hash fails
+ rtc: sa1100: fix possible race condition
+ nfsd: Don't add locks to closed or closing open stateids
+ KVM: PPC: Book3S HV: Treat TM-related invalid form instructions on P9 like
the valid ones
+ thermal: rcar_thermal: Handle probe error gracefully
+ nvme: Fix controller creation races with teardown flow
+ scsi: hpsa: correct race condition in offload enabled
+ PCI: Use ioremap(), not phys_to_virt() for platform ROM
+ KVM: arm64: vgic-its: Fix memory leak on the error path of vgic_add_lpi()
+ net: openvswitch: use u64 for meter bucket
+ scsi: aacraid: Fix error handling paths in aac_probe_one()
+ scsi: cxlflash: Fix error return code in cxlflash_probe()
+ drm/nouveau: fix runtime pm imbalance on error
+ perf evsel: Fix 2 memory leaks
+ perf stat: Fix duration_time value for higher intervals
+ perf metricgroup: Free metric_events on error
+ ASoC: img-i2s-out: Fix runtime PM imbalance on error
+ wlcore: fix runtime pm imbalance in wl1271_tx_work
+ nvme: fix possible deadlock when I/O is blocked
+ net: openvswitch: use div_u64() for 64-by-32 divisions
+ nvme: explicitly update mpath disk capacity on revalidation
+ ASoC: wm8994: Skip setting of the WM8994_MICBIAS register for WM1811
+ drm/amdkfd: fix a memory leak issue
+ batman-adv: mcast: fix duplicate mcast packets from BLA backbone to mesh
+ KVM: x86: Reset MMU context if guest toggles CR4.SMAP or CR4.PKE
+ KVM: SVM: Add a dedicated INVD intercept routine
+ s390/zcrypt: Fix ZCRYPT_PERDEV_REQCNT ioctl
+ kprobes: Fix compiler warning for !CONFIG_KPROBES_ON_FTRACE
+ KVM: arm64: Assume write fault on S1PTW permission fault on instruction fetch
+ UBUNTU: upstream stable to v4.14.200, v4.19.149
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1901257
Title:
Bionic update: upstream stable patchset 2020-10-23
Status in linux package in Ubuntu:
Confirmed
Status in linux source package in Bionic:
In Progress
Bug description:
SRU Justification
Impact:
The upstream process for stable tree updates is quite similar
in scope to the Ubuntu SRU process, e.g., each patch has to
demonstrably fix a bug, and each patch is vetted by upstream
by originating either directly from a mainline/stable Linux tree or
a minimally backported form of that patch. The following upstream
stable patches should be included in the Ubuntu kernel:
upstream stable patchset 2020-10-23
Ported from the following upstream stable releases:
v4.14.200, v4.19.148,
v4.19.149
from git://git.kernel.org/
af_key: pfkey_dump needs parameter validation
KVM: fix memory leak in kvm_io_bus_unregister_dev()
kprobes: fix kill kprobe which has been marked as gone
mm/thp: fix __split_huge_pmd_locked() for migration PMD
cxgb4: Fix offset when clearing filter byte counters
geneve: add transport ports in route lookup for geneve
hdlc_ppp: add range checks in ppp_cp_parse_cr()
ip: fix tos reflection in ack and reset packets
net: ipv6: fix kconfig dependency warning for IPV6_SEG6_HMAC
nfp: use correct define to return NONE fec
tipc: Fix memory leak in tipc_group_create_member()
tipc: fix shutdown() of connection oriented socket
tipc: use skb_unshare() instead in tipc_buf_append()
bnxt_en: Protect bnxt_set_eee() and bnxt_set_pauseparam() with mutex.
net: phy: Avoid NPD upon phy_detach() when driver is unbound
net: qrtr: check skb_put_padto() return value
net: add __must_check to skb_put_padto()
ipv4: Update exception handling for multipath routes via same device
MAINTAINERS: add CLANG/LLVM BUILD SUPPORT info
Documentation/llvm: add documentation on building w/ Clang/LLVM
Documentation/llvm: fix the name of llvm-size
net: wan: wanxl: use allow to pass CROSS_COMPILE_M68k for rebuilding firmware
net: wan: wanxl: use $(M68KCC) instead of $(M68KAS) for rebuilding firmware
kbuild: replace AS=clang with LLVM_IAS=1
tcp_bbr: refactor bbr_target_cwnd() for general inflight provisioning
tcp_bbr: adapt cwnd based on ack aggregation estimation
serial: 8250: Avoid error message on reprobe
RDMA/ucma: ucma_context reference leak in error path
mm: fix double page fault on arm64 if PTE_AF is cleared
scsi: aacraid: fix illegal IO beyond last LBA
m68k: q40: Fix info-leak in rtc_ioctl
gma/gma500: fix a memory disclosure bug due to uninitialized bytes
ASoC: kirkwood: fix IRQ error handling
media: smiapp: Fix error handling at NVM reading
arch/x86/lib/usercopy_64.c: fix __copy_user_flushcache() cache writeback
x86/ioapic: Unbreak check_timer()
ALSA: usb-audio: Add delay quirk for H570e USB headsets
ALSA: hda/realtek - Couldn't detect Mic if booting with headset plugged
PM / devfreq: tegra30: Fix integer overflow on CPU's freq max out
scsi: fnic: fix use after free
clk/ti/adpll: allocate room for terminating null
mtd: cfi_cmdset_0002: don't free cfi->cfiq in error path of cfi_amdstd_setup()
mfd: mfd-core: Protect against NULL call-back function pointer
tracing: Adding NULL checks for trace_array descriptor pointer
bcache: fix a lost wake-up problem caused by mca_cannibalize_lock
RDMA/i40iw: Fix potential use after free
xfs: fix attr leaf header freemap.size underflow
RDMA/iw_cgxb4: Fix an error handling path in 'c4iw_connect()'
mmc: core: Fix size overflow for mmc partitions
gfs2: clean up iopen glock mess in gfs2_create_inode
debugfs: Fix !DEBUG_FS debugfs_create_automount
CIFS: Properly process SMB3 lease breaks
kernel/sys.c: avoid copying possible padding bytes in copy_to_user
neigh_stat_seq_next() should increase position index
rt_cpu_seq_next should increase position index
seqlock: Require WRITE_ONCE surrounding raw_seqcount_barrier
media: ti-vpe: cal: Restrict DMA to avoid memory corruption
ACPI: EC: Reference count query handlers under lock
dmaengine: zynqmp_dma: fix burst length configuration
powerpc/eeh: Only dump stack once if an MMIO loop is detected
tracing: Set kernel_stack's caller size properly
ar5523: Add USB ID of SMCWUSBT-G2 wireless adapter
selftests/ftrace: fix glob selftest
tools/power/x86/intel_pstate_tracer: changes for python 3 compatibility
Bluetooth: Fix refcount use-after-free issue
mm: pagewalk: fix termination condition in walk_pte_range()
Bluetooth: prefetch channel before killing sock
ALSA: hda: Clear RIRB status before reading WP
skbuff: fix a data race in skb_queue_len()
audit: CONFIG_CHANGE don't log internal bookkeeping as an event
selinux: sel_avc_get_stat_idx should increase position index
scsi: lpfc: Fix RQ buffer leakage when no IOCBs available
scsi: lpfc: Fix coverity errors in fmdi attribute handling
drm/omap: fix possible object reference leak
perf test: Fix test trace+probe_vfs_getname.sh on s390
RDMA/rxe: Fix configuration of atomic queue pair attributes
KVM: x86: fix incorrect comparison in trace event
media: staging/imx: Missing assignment in imx_media_capture_device_register()
x86/pkeys: Add check for pkey "overflow"
bpf: Remove recursion prevention from rcu free callback
dmaengine: tegra-apb: Prevent race conditions on channel's freeing
media: go7007: Fix URB type for interrupt handling
Bluetooth: guard against controllers sending zero'd events
timekeeping: Prevent 32bit truncation in scale64_check_overflow()
ext4: fix a data race at inode->i_disksize
mm: avoid data corruption on CoW fault into PFN-mapped VMA
drm/amdgpu: increase atombios cmd timeout
ath10k: use kzalloc to read for ath10k_sdio_hif_diag_read
scsi: aacraid: Disabling TM path and only processing IOP reset
Bluetooth: L2CAP: handle l2cap config request during open state
media: tda10071: fix unsigned sign extension overflow
xfs: don't ever return a stale pointer from __xfs_dir3_free_read
tpm: ibmvtpm: Wait for buffer to be set before proceeding
rtc: ds1374: fix possible race condition
tracing: Use address-of operator on section symbols
serial: 8250_port: Don't service RX FIFO if throttled
serial: 8250_omap: Fix sleeping function called from invalid context during
probe
serial: 8250: 8250_omap: Terminate DMA before pushing data on RX timeout
perf cpumap: Fix snprintf overflow check
cpufreq: powernv: Fix frame-size-overflow in powernv_cpufreq_work_fn
tools: gpio-hammer: Avoid potential overflow in main
RDMA/rxe: Set sys_image_guid to be aligned with HW IB devices
SUNRPC: Fix a potential buffer overflow in 'svc_print_xprts()'
svcrdma: Fix leak of transport addresses
ubifs: Fix out-of-bounds memory access caused by abnormal value of node_len
ALSA: usb-audio: Fix case when USB MIDI interface has more than one extra
endpoint descriptor
NFS: Fix races nfs_page_group_destroy() vs nfs_destroy_unlinked_subrequests()
mm/kmemleak.c: use address-of operator on section symbols
mm/filemap.c: clear page error before actual read
mm/vmscan.c: fix data races using kswapd_classzone_idx
mm/mmap.c: initialize align_offset explicitly for vm_unmapped_area
scsi: qedi: Fix termination timeouts in session logout
serial: uartps: Wait for tx_empty in console setup
KVM: Remove CREATE_IRQCHIP/SET_PIT2 race
bdev: Reduce time holding bd_mutex in sync in blkdev_close()
drivers: char: tlclk.c: Avoid data race between init and interrupt handler
staging:r8188eu: avoid skb_clone for amsdu to msdu conversion
sparc64: vcc: Fix error return code in vcc_probe()
arm64: cpufeature: Relax checks for AArch32 support at EL[0-2]
dt-bindings: sound: wm8994: Correct required supplies based on actual
implementaion
atm: fix a memory leak of vcc->user_back
power: supply: max17040: Correct voltage reading
phy: samsung: s5pv210-usb2: Add delay after reset
Bluetooth: Handle Inquiry Cancel error after Inquiry Complete
USB: EHCI: ehci-mv: fix error handling in mv_ehci_probe()
tty: serial: samsung: Correct clock selection logic
ALSA: hda: Fix potential race in unsol event handler
powerpc/traps: Make unrecoverable NMIs die instead of panic
fuse: don't check refcount after stealing page
USB: EHCI: ehci-mv: fix less than zero comparison of an unsigned int
arm64/cpufeature: Drop TraceFilt feature exposure from ID_DFR0 register
e1000: Do not perform reset in reset_task if we are already down
drm/nouveau/debugfs: fix runtime pm imbalance on error
printk: handle blank console arguments passed in.
usb: dwc3: Increase timeout for CmdAct cleared by device controller
btrfs: don't force read-only after error in drop snapshot
vfio/pci: fix memory leaks of eventfd ctx
perf util: Fix memory leak of prefix_if_not_in
perf kcore_copy: Fix module map when there are no modules loaded
mtd: rawnand: omap_elm: Fix runtime PM imbalance on error
ceph: fix potential race in ceph_check_caps
mm/swap_state: fix a data race in swapin_nr_pages
rapidio: avoid data race between file operation callbacks and
mport_cdev_add().
mtd: parser: cmdline: Support MTD names containing one or more colons
x86/speculation/mds: Mark mds_user_clear_cpu_buffers() __always_inline
vfio/pci: Clear error and request eventfd ctx after releasing
cifs: Fix double add page to memcg when cifs_readpages
scsi: libfc: Handling of extra kref
scsi: libfc: Skip additional kref updating work event
selftests/x86/syscall_nt: Clear weird flags after each test
vfio/pci: fix racy on error and request eventfd ctx
btrfs: qgroup: fix data leak caused by race between writeback and truncate
s390/init: add missing __init annotations
i2c: core: Call i2c_acpi_install_space_handler() before
i2c_acpi_register_devices()
objtool: Fix noreturn detection for ignored functions
ieee802154: fix one possible memleak in ca8210_dev_com_init
ieee802154/adf7242: check status of adf7242_read_reg
clocksource/drivers/h8300_timer8: Fix wrong return value in
h8300_8timer_init()
batman-adv: bla: fix type misuse for backbone_gw hash indexing
atm: eni: fix the missed pci_disable_device() for eni_init_one()
batman-adv: mcast/TT: fix wrongly dropped or rerouted packets
mac802154: tx: fix use-after-free
drm/vc4/vc4_hdmi: fill ASoC card owner
net: qed: RDMA personality shouldn't fail VF load
batman-adv: Add missing include for in_interrupt()
batman-adv: mcast: fix duplicate mcast packets in BLA backbone from mesh
ALSA: asihpi: fix iounmap in error handler
MIPS: Add the missing 'CPU_1074K' into __get_cpu_type()
s390/dasd: Fix zero write for FBA devices
kprobes: Fix to check probe enabled before disarm_kprobe_ftrace()
mm, THP, swap: fix allocating cluster for swapfile by mistake
lib/string.c: implement stpcpy
ata: define AC_ERR_OK
ata: make qc_prep return ata_completion_errors
ata: sata_mv, avoid trigerrable BUG_ON
media: mc-device.c: fix memleak in media_device_register_entity
tpm_crb: fix fTPM on AMD Zen+ CPUs
RDMA/qedr: Fix potential use after free
fix dget_parent() fastpath race
scsi: pm80xx: Cleanup command when a reset times out
ASoC: max98090: remove msleep in PLL unlocked workaround
ipv6_route_seq_next should increase position index
scsi: ufs: Fix a race condition in the tracing code
s390/cpum_sf: Use kzalloc and minor changes
ceph: ensure we have a new cap before continuing in fill_inode
mm/swapfile.c: swap_next should increase position index
dmaengine: stm32-mdma: use vchan_terminate_vdesc() in .terminate_all
dmaengine: stm32-dma: use vchan_terminate_vdesc() in .terminate_all
drm/amd/display: dal_ddc_i2c_payloads_create can fail causing panic
firmware: arm_sdei: Use cpus_read_lock() to avoid races with cpuhp
random: fix data races at timer_rand_state
bus: hisi_lpc: Fixup IO ports addresses to avoid use-after-free in host
removal
perf jevents: Fix leak of mapfile memory
xfs: mark dir corrupt when lookup-by-hash fails
rtc: sa1100: fix possible race condition
nfsd: Don't add locks to closed or closing open stateids
KVM: PPC: Book3S HV: Treat TM-related invalid form instructions on P9 like
the valid ones
thermal: rcar_thermal: Handle probe error gracefully
nvme: Fix controller creation races with teardown flow
scsi: hpsa: correct race condition in offload enabled
PCI: Use ioremap(), not phys_to_virt() for platform ROM
KVM: arm64: vgic-its: Fix memory leak on the error path of vgic_add_lpi()
net: openvswitch: use u64 for meter bucket
scsi: aacraid: Fix error handling paths in aac_probe_one()
scsi: cxlflash: Fix error return code in cxlflash_probe()
drm/nouveau: fix runtime pm imbalance on error
perf evsel: Fix 2 memory leaks
perf stat: Fix duration_time value for higher intervals
perf metricgroup: Free metric_events on error
ASoC: img-i2s-out: Fix runtime PM imbalance on error
wlcore: fix runtime pm imbalance in wl1271_tx_work
nvme: fix possible deadlock when I/O is blocked
net: openvswitch: use div_u64() for 64-by-32 divisions
nvme: explicitly update mpath disk capacity on revalidation
ASoC: wm8994: Skip setting of the WM8994_MICBIAS register for WM1811
drm/amdkfd: fix a memory leak issue
batman-adv: mcast: fix duplicate mcast packets from BLA backbone to mesh
KVM: x86: Reset MMU context if guest toggles CR4.SMAP or CR4.PKE
KVM: SVM: Add a dedicated INVD intercept routine
s390/zcrypt: Fix ZCRYPT_PERDEV_REQCNT ioctl
kprobes: Fix compiler warning for !CONFIG_KPROBES_ON_FTRACE
KVM: arm64: Assume write fault on S1PTW permission fault on instruction fetch
UBUNTU: upstream stable to v4.14.200, v4.19.149
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1901257/+subscriptions
--
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help : https://help.launchpad.net/ListHelp
