Public bug reported: SRU Justification
Impact: The upstream process for stable tree updates is quite similar in scope to the Ubuntu SRU process, e.g., each patch has to demonstrably fix a bug, and each patch is vetted by upstream by originating either directly from a mainline/stable Linux tree or a minimally backported form of that patch. The v4.14.6 upstream stable patch set is now available. It should be included in the Ubuntu kernel as well. git://git.kernel.org/ TEST CASE: TBD The following patches from the v4.14.6 stable release shall be applied: usb: gadget: udc: renesas_usb3: fix number of the pipes usb: gadget: core: Fix ->udc_set_speed() speed handling serdev: ttyport: add missing receive_buf sanity checks serdev: ttyport: fix NULL-deref on hangup serdev: ttyport: fix tty locking in close usb: f_fs: Force Reserved1=1 in OS_DESC_EXT_COMPAT can: mcba_usb: fix device disconnect bug can: peak/pci: fix potential bug when probe() fails can: flexcan: fix VF610 state transition issue can: ti_hecc: Fix napi poll return value for repoll can: kvaser_usb: free buf in error paths can: kvaser_usb: Fix comparison bug in kvaser_usb_read_bulk_callback() can: kvaser_usb: ratelimit errors if incomplete messages are received can: kvaser_usb: cancel urb on -EPIPE and -EPROTO can: mcba_usb: cancel urb on -EPROTO can: ems_usb: cancel urb on -EPIPE and -EPROTO can: esd_usb2: cancel urb on -EPIPE and -EPROTO can: usb_8dev: cancel urb on -EPIPE and -EPROTO can: peak/pcie_fd: fix potential bug in restarting tx queue virtio: release virtio index when fail to device_register iio: stm32: fix adc/trigger link error iio: health: max30102: Temperature should be in milli Celsius iio: adc: cpcap: fix incorrect validation iio: adc: meson-saradc: fix the bit_idx of the adc_en clock iio: adc: meson-saradc: initialize the bandgap correctly on older SoCs iio: adc: meson-saradc: Meson8 and Meson8b do not have REG11 and REG13 pinctrl: armada-37xx: Fix direction_output() callback behavior Drivers: hv: vmbus: Fix a rescind issue hv: kvp: Avoid reading past allocated blocks from KVP file firmware: cleanup FIRMWARE_IN_KERNEL message firmware: vpd: Destroy vpd sections in remove function firmware: vpd: Tie firmware kobject to device lifetime firmware: vpd: Fix platform driver and device registration/unregistration isa: Prevent NULL dereference in isa_bus driver callbacks scsi: dma-mapping: always provide dma_get_cache_alignment scsi: use dma_get_cache_alignment() as minimum DMA alignment scsi: libsas: align sata_device's rps_resp on a cacheline efi: Move some sysfs files to be read-only by root efi/esrt: Use memunmap() instead of kfree() to free the remapping ASN.1: fix out-of-bounds read when parsing indefinite length item ASN.1: check for error from ASN1_OP_END__ACT actions KEYS: add missing permission check for request_key() destination KEYS: reject NULL restriction string when type is specified X.509: reject invalid BIT STRING for subjectPublicKey X.509: fix comparisons of ->pkey_algo x86/idt: Load idt early in start_secondary x86/PCI: Make broadcom_postcore_init() check acpi_disabled KVM: x86: fix APIC page invalidation btrfs: fix missing error return in btrfs_drop_snapshot btrfs: handle errors while updating refcounts in update_ref_for_cow ALSA: hda/realtek - New codec support for ALC257 ALSA: pcm: prevent UAF in snd_pcm_info ALSA: seq: Remove spurious WARN_ON() at timer check ALSA: usb-audio: Fix out-of-bound error ALSA: usb-audio: Add check return value for usb_string() iommu/vt-d: Fix scatterlist offset handling smp/hotplug: Move step CPUHP_AP_SMPCFD_DYING to the correct place s390: always save and restore all registers on context switch s390/mm: fix off-by-one bug in 5-level page table handling s390: fix compat system call table KVM: s390: Fix skey emulation permission check Revert "powerpc: Do not call ppc_md.panic in fadump panic notifier" powerpc/64s: Initialize ISAv3 MMU registers before setting partition table iwlwifi: mvm: mark MIC stripped MPDUs iwlwifi: mvm: don't use transmit queue hang detection when it is not possible iwlwifi: mvm: flush queue before deleting ROC iwlwifi: add new cards for 9260 and 22000 series iwlwifi: mvm: fix packet injection iwlwifi: mvm: enable RX offloading with TKIP and WEP brcmfmac: change driver unbind order of the sdio function devices kdb: Fix handling of kallsyms_symbol_next() return value md/r5cache: move mddev_lock() out of r5c_journal_mode_set() drm/bridge: analogix dp: Fix runtime PM state in get_modes() callback drm/exynos: gem: Drop NONCONTIG flag for buffers allocated without IOMMU drm/i915: Fix vblank timestamp/frame counter jumps on gen2 media: dvb: i2c transfers over usb cannot be done from stack media: rc: sir_ir: detect presence of port media: rc: partial revert of "media: rc: per-protocol repeat period" arm64: KVM: fix VTTBR_BADDR_MASK BUG_ON off-by-one arm: KVM: Fix VTTBR_BADDR_MASK BUG_ON off-by-one KVM: VMX: remove I/O port 0x80 bypass on Intel hosts KVM: arm/arm64: Fix broken GICH_ELRSR big endian conversion KVM: arm/arm64: vgic-irqfd: Fix MSI entry allocation KVM: arm/arm64: vgic: Preserve the revious read from the pending table KVM: arm/arm64: vgic-its: Check result of allocation before use arm64: fpsimd: Prevent registers leaking from dead tasks arm64: SW PAN: Point saved ttbr0 at the zero page when switching to init_mm arm64: SW PAN: Update saved ttbr0 value on enter_lazy_tlb Revert "ARM: dts: imx53: add srtc node" bus: arm-cci: Fix use of smp_processor_id() in preemptible context bus: arm-ccn: Check memory allocation failure bus: arm-ccn: Fix use of smp_processor_id() in preemptible context bus: arm-ccn: fix module unloading Error: Removing state 147 which has instances left. IB/core: Avoid unnecessary return value check IB/core: Only enforce security for InfiniBand crypto: talitos - fix AEAD test failures crypto: talitos - fix memory corruption on SEC2 crypto: talitos - fix setkey to check key weakness crypto: talitos - fix AEAD for sha224 on non sha224 capable chips crypto: talitos - fix use of sg_link_tbl_len crypto: talitos - fix ctr-aes-talitos ARM: BUG if jumping to usermode address in kernel mode ARM: avoid faulting on qemu irqchip/qcom: Fix u32 comparison with value less than zero net/smc: use sk_rcvbuf as start for rmb creation kbuild: pkg: use --transform option to prefix paths in tar coccinelle: fix parallel build with CHECK=scripts/coccicheck powerpc/perf: Fix pmu_count to count only nest imc pmus apparmor: fix leak of null profile name if profile allocation fails x86/mpx/selftests: Fix up weird arrays mac80211_hwsim: Fix memory leak in hwsim_new_radio_nl() gre6: use log_ecn_error module parameter in ip6_tnl_rcv() route: also update fnhe_genid when updating a route cache route: update fnhe_expires for redirect when the fnhe exists rsi: fix memory leak on buf and usb_reg_buf drivers/rapidio/devices/rio_mport_cdev.c: fix resource leak in error handling path in 'rio_dma_transfer()' pipe: match pipe_max_size data type with procfs lib/genalloc.c: make the avail variable an atomic_long_t dynamic-debug-howto: fix optional/omitted ending line number to be LARGE instead of 0 NFS: Fix a typo in nfs_rename() sunrpc: Fix rpc_task_begin trace point nfp: inherit the max_mtu from the PF netdev nfp: fix flower offload metadata flag usage xfs: fix forgotten rcu read unlock when skipping inode reclaim dt-bindings: usb: fix reg-property port-number range block: wake up all tasks blocked in get_request() sparc64/mm: set fields in deferred pages zsmalloc: calling zs_map_object() from irq is a bug slub: fix sysfs duplicate filename creation when slub_debug=O sctp: do not free asoc when it is already dead in sctp_sendmsg sctp: use the right sk after waking up from wait_buf sleep fcntl: don't leak fd reference when fixup_compat_flock fails geneve: fix fill_info when link down bpf: fix lockdep splat clk: stm32h7: fix test of clock config clk: sunxi-ng: a83t: Fix i2c buses bits clk: qcom: common: fix legacy board-clock registration clk: uniphier: fix DAPLL2 clock rate of Pro5 clk: hi3660: fix incorrect uart3 clock freqency mailbox: mailbox-test: don't rely on rx_buffer content to signal data ready kbuild: rpm-pkg: fix jobserver unavailable warning atm: horizon: Fix irq release error jump_label: Invoke jump_label_test() via early_initcall() tls: Use kzalloc for aead_request allocation xfrm: Copy policy family in clone_policy f2fs: fix to clear FI_NO_PREALLOC bnxt_re: changing the ip address shouldn't affect new connections IB/mlx4: Increase maximal message size under UD QP IB/mlx5: Assign send CQ and recv CQ of UMR QP afs: Fix total-length calculation for multiple-page send afs: Connect up the CB.ProbeUuid Linux 4.14.6 ** Affects: linux (Ubuntu) Importance: Medium Assignee: Seth Forshee (sforshee) Status: Fix Committed ** Tags: kernel-stable-tracking-bug ** Tags added: kernel-stable-tracking-bug ** Description changed: + SRU Justification - SRU Justification + Impact: + The upstream process for stable tree updates is quite similar + in scope to the Ubuntu SRU process, e.g., each patch has to + demonstrably fix a bug, and each patch is vetted by upstream + by originating either directly from a mainline/stable Linux tree or + a minimally backported form of that patch. The v4.14.6 upstream stable + patch set is now available. It should be included in the Ubuntu + kernel as well. - Impact: - The upstream process for stable tree updates is quite similar - in scope to the Ubuntu SRU process, e.g., each patch has to - demonstrably fix a bug, and each patch is vetted by upstream - by originating either directly from a mainline/stable Linux tree or - a minimally backported form of that patch. The v4.14.6 upstream stable - patch set is now available. It should be included in the Ubuntu - kernel as well. + git://git.kernel.org/ - git://git.kernel.org/ + TEST CASE: TBD - TEST CASE: TBD + The following patches from the v4.14.6 stable release shall be + applied: - The following patches from the v4.14.6 stable release shall be - applied: + usb: gadget: udc: renesas_usb3: fix number of the pipes + usb: gadget: core: Fix ->udc_set_speed() speed handling + serdev: ttyport: add missing receive_buf sanity checks + serdev: ttyport: fix NULL-deref on hangup + serdev: ttyport: fix tty locking in close + usb: f_fs: Force Reserved1=1 in OS_DESC_EXT_COMPAT + can: mcba_usb: fix device disconnect bug + can: peak/pci: fix potential bug when probe() fails + can: flexcan: fix VF610 state transition issue + can: ti_hecc: Fix napi poll return value for repoll + can: kvaser_usb: free buf in error paths + can: kvaser_usb: Fix comparison bug in kvaser_usb_read_bulk_callback() + can: kvaser_usb: ratelimit errors if incomplete messages are received + can: kvaser_usb: cancel urb on -EPIPE and -EPROTO + can: mcba_usb: cancel urb on -EPROTO + can: ems_usb: cancel urb on -EPIPE and -EPROTO + can: esd_usb2: cancel urb on -EPIPE and -EPROTO + can: usb_8dev: cancel urb on -EPIPE and -EPROTO + can: peak/pcie_fd: fix potential bug in restarting tx queue + virtio: release virtio index when fail to device_register + iio: stm32: fix adc/trigger link error + iio: health: max30102: Temperature should be in milli Celsius + iio: adc: cpcap: fix incorrect validation + iio: adc: meson-saradc: fix the bit_idx of the adc_en clock + iio: adc: meson-saradc: initialize the bandgap correctly on older SoCs + iio: adc: meson-saradc: Meson8 and Meson8b do not have REG11 and REG13 + pinctrl: armada-37xx: Fix direction_output() callback behavior + Drivers: hv: vmbus: Fix a rescind issue + hv: kvp: Avoid reading past allocated blocks from KVP file + firmware: cleanup FIRMWARE_IN_KERNEL message + firmware: vpd: Destroy vpd sections in remove function + firmware: vpd: Tie firmware kobject to device lifetime + firmware: vpd: Fix platform driver and device registration/unregistration + isa: Prevent NULL dereference in isa_bus driver callbacks + scsi: dma-mapping: always provide dma_get_cache_alignment + scsi: use dma_get_cache_alignment() as minimum DMA alignment + scsi: libsas: align sata_device's rps_resp on a cacheline + efi: Move some sysfs files to be read-only by root + efi/esrt: Use memunmap() instead of kfree() to free the remapping + ASN.1: fix out-of-bounds read when parsing indefinite length item + ASN.1: check for error from ASN1_OP_END__ACT actions + KEYS: add missing permission check for request_key() destination + KEYS: reject NULL restriction string when type is specified + X.509: reject invalid BIT STRING for subjectPublicKey + X.509: fix comparisons of ->pkey_algo + x86/idt: Load idt early in start_secondary + x86/PCI: Make broadcom_postcore_init() check acpi_disabled + KVM: x86: fix APIC page invalidation + btrfs: fix missing error return in btrfs_drop_snapshot + btrfs: handle errors while updating refcounts in update_ref_for_cow + ALSA: hda/realtek - New codec support for ALC257 + ALSA: pcm: prevent UAF in snd_pcm_info + ALSA: seq: Remove spurious WARN_ON() at timer check + ALSA: usb-audio: Fix out-of-bound error + ALSA: usb-audio: Add check return value for usb_string() + iommu/vt-d: Fix scatterlist offset handling + smp/hotplug: Move step CPUHP_AP_SMPCFD_DYING to the correct place + s390: always save and restore all registers on context switch + s390/mm: fix off-by-one bug in 5-level page table handling + s390: fix compat system call table + KVM: s390: Fix skey emulation permission check + Revert "powerpc: Do not call ppc_md.panic in fadump panic notifier" + powerpc/64s: Initialize ISAv3 MMU registers before setting partition table + iwlwifi: mvm: mark MIC stripped MPDUs + iwlwifi: mvm: don't use transmit queue hang detection when it is not possible + iwlwifi: mvm: flush queue before deleting ROC + iwlwifi: add new cards for 9260 and 22000 series + iwlwifi: mvm: fix packet injection + iwlwifi: mvm: enable RX offloading with TKIP and WEP + brcmfmac: change driver unbind order of the sdio function devices + kdb: Fix handling of kallsyms_symbol_next() return value + md/r5cache: move mddev_lock() out of r5c_journal_mode_set() + drm/bridge: analogix dp: Fix runtime PM state in get_modes() callback + drm/exynos: gem: Drop NONCONTIG flag for buffers allocated without IOMMU + drm/i915: Fix vblank timestamp/frame counter jumps on gen2 + media: dvb: i2c transfers over usb cannot be done from stack + media: rc: sir_ir: detect presence of port + media: rc: partial revert of "media: rc: per-protocol repeat period" + arm64: KVM: fix VTTBR_BADDR_MASK BUG_ON off-by-one + arm: KVM: Fix VTTBR_BADDR_MASK BUG_ON off-by-one + KVM: VMX: remove I/O port 0x80 bypass on Intel hosts + KVM: arm/arm64: Fix broken GICH_ELRSR big endian conversion + KVM: arm/arm64: vgic-irqfd: Fix MSI entry allocation + KVM: arm/arm64: vgic: Preserve the revious read from the pending table + KVM: arm/arm64: vgic-its: Check result of allocation before use + arm64: fpsimd: Prevent registers leaking from dead tasks + arm64: SW PAN: Point saved ttbr0 at the zero page when switching to init_mm + arm64: SW PAN: Update saved ttbr0 value on enter_lazy_tlb + Revert "ARM: dts: imx53: add srtc node" + bus: arm-cci: Fix use of smp_processor_id() in preemptible context + bus: arm-ccn: Check memory allocation failure + bus: arm-ccn: Fix use of smp_processor_id() in preemptible context + bus: arm-ccn: fix module unloading Error: Removing state 147 which has instances left. + IB/core: Avoid unnecessary return value check + IB/core: Only enforce security for InfiniBand + crypto: talitos - fix AEAD test failures + crypto: talitos - fix memory corruption on SEC2 + crypto: talitos - fix setkey to check key weakness + crypto: talitos - fix AEAD for sha224 on non sha224 capable chips + crypto: talitos - fix use of sg_link_tbl_len + crypto: talitos - fix ctr-aes-talitos + ARM: BUG if jumping to usermode address in kernel mode + ARM: avoid faulting on qemu + irqchip/qcom: Fix u32 comparison with value less than zero + net/smc: use sk_rcvbuf as start for rmb creation + kbuild: pkg: use --transform option to prefix paths in tar + coccinelle: fix parallel build with CHECK=scripts/coccicheck + powerpc/perf: Fix pmu_count to count only nest imc pmus + apparmor: fix leak of null profile name if profile allocation fails + x86/mpx/selftests: Fix up weird arrays + mac80211_hwsim: Fix memory leak in hwsim_new_radio_nl() + gre6: use log_ecn_error module parameter in ip6_tnl_rcv() + route: also update fnhe_genid when updating a route cache + route: update fnhe_expires for redirect when the fnhe exists + rsi: fix memory leak on buf and usb_reg_buf + drivers/rapidio/devices/rio_mport_cdev.c: fix resource leak in error handling path in 'rio_dma_transfer()' + pipe: match pipe_max_size data type with procfs + lib/genalloc.c: make the avail variable an atomic_long_t + dynamic-debug-howto: fix optional/omitted ending line number to be LARGE instead of 0 + NFS: Fix a typo in nfs_rename() + sunrpc: Fix rpc_task_begin trace point + nfp: inherit the max_mtu from the PF netdev + nfp: fix flower offload metadata flag usage + xfs: fix forgotten rcu read unlock when skipping inode reclaim + dt-bindings: usb: fix reg-property port-number range + block: wake up all tasks blocked in get_request() + sparc64/mm: set fields in deferred pages + zsmalloc: calling zs_map_object() from irq is a bug + slub: fix sysfs duplicate filename creation when slub_debug=O + sctp: do not free asoc when it is already dead in sctp_sendmsg + sctp: use the right sk after waking up from wait_buf sleep + fcntl: don't leak fd reference when fixup_compat_flock fails + geneve: fix fill_info when link down + bpf: fix lockdep splat + clk: stm32h7: fix test of clock config + clk: sunxi-ng: a83t: Fix i2c buses bits + clk: qcom: common: fix legacy board-clock registration + clk: uniphier: fix DAPLL2 clock rate of Pro5 + clk: hi3660: fix incorrect uart3 clock freqency + mailbox: mailbox-test: don't rely on rx_buffer content to signal data ready + kbuild: rpm-pkg: fix jobserver unavailable warning + atm: horizon: Fix irq release error + jump_label: Invoke jump_label_test() via early_initcall() + tls: Use kzalloc for aead_request allocation + xfrm: Copy policy family in clone_policy + f2fs: fix to clear FI_NO_PREALLOC + bnxt_re: changing the ip address shouldn't affect new connections + IB/mlx4: Increase maximal message size under UD QP + IB/mlx5: Assign send CQ and recv CQ of UMR QP + afs: Fix total-length calculation for multiple-page send + afs: Connect up the CB.ProbeUuid + Linux 4.14.6 ** Changed in: linux (Ubuntu) Importance: Undecided => Medium ** Changed in: linux (Ubuntu) Status: New => In Progress ** Changed in: linux (Ubuntu) Assignee: (unassigned) => Seth Forshee (sforshee) ** Changed in: linux (Ubuntu) Status: In Progress => Fix Committed -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1738480 Title: Bionic update to v4.14.6 stable release To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1738480/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs