Public bug reported:
SRU Justification
Impact:
The upstream process for stable tree updates is quite similar
in scope to the Ubuntu SRU process, e.g., each patch has to
demonstrably fix a bug, and each patch is vetted by upstream
by originating either directly from a mainline/stable Linux tree or
a minimally backported form of that patch. The v4.14.6 upstream stable
patch set is now available. It should be included in the Ubuntu
kernel as well.
git://git.kernel.org/
TEST CASE: TBD
The following patches from the v4.14.6 stable release shall be
applied:
usb: gadget: udc: renesas_usb3: fix number of the pipes
usb: gadget: core: Fix ->udc_set_speed() speed handling
serdev: ttyport: add missing receive_buf sanity checks
serdev: ttyport: fix NULL-deref on hangup
serdev: ttyport: fix tty locking in close
usb: f_fs: Force Reserved1=1 in OS_DESC_EXT_COMPAT
can: mcba_usb: fix device disconnect bug
can: peak/pci: fix potential bug when probe() fails
can: flexcan: fix VF610 state transition issue
can: ti_hecc: Fix napi poll return value for repoll
can: kvaser_usb: free buf in error paths
can: kvaser_usb: Fix comparison bug in kvaser_usb_read_bulk_callback()
can: kvaser_usb: ratelimit errors if incomplete messages are received
can: kvaser_usb: cancel urb on -EPIPE and -EPROTO
can: mcba_usb: cancel urb on -EPROTO
can: ems_usb: cancel urb on -EPIPE and -EPROTO
can: esd_usb2: cancel urb on -EPIPE and -EPROTO
can: usb_8dev: cancel urb on -EPIPE and -EPROTO
can: peak/pcie_fd: fix potential bug in restarting tx queue
virtio: release virtio index when fail to device_register
iio: stm32: fix adc/trigger link error
iio: health: max30102: Temperature should be in milli Celsius
iio: adc: cpcap: fix incorrect validation
iio: adc: meson-saradc: fix the bit_idx of the adc_en clock
iio: adc: meson-saradc: initialize the bandgap correctly on older SoCs
iio: adc: meson-saradc: Meson8 and Meson8b do not have REG11 and REG13
pinctrl: armada-37xx: Fix direction_output() callback behavior
Drivers: hv: vmbus: Fix a rescind issue
hv: kvp: Avoid reading past allocated blocks from KVP file
firmware: cleanup FIRMWARE_IN_KERNEL message
firmware: vpd: Destroy vpd sections in remove function
firmware: vpd: Tie firmware kobject to device lifetime
firmware: vpd: Fix platform driver and device registration/unregistration
isa: Prevent NULL dereference in isa_bus driver callbacks
scsi: dma-mapping: always provide dma_get_cache_alignment
scsi: use dma_get_cache_alignment() as minimum DMA alignment
scsi: libsas: align sata_device's rps_resp on a cacheline
efi: Move some sysfs files to be read-only by root
efi/esrt: Use memunmap() instead of kfree() to free the remapping
ASN.1: fix out-of-bounds read when parsing indefinite length item
ASN.1: check for error from ASN1_OP_END__ACT actions
KEYS: add missing permission check for request_key() destination
KEYS: reject NULL restriction string when type is specified
X.509: reject invalid BIT STRING for subjectPublicKey
X.509: fix comparisons of ->pkey_algo
x86/idt: Load idt early in start_secondary
x86/PCI: Make broadcom_postcore_init() check acpi_disabled
KVM: x86: fix APIC page invalidation
btrfs: fix missing error return in btrfs_drop_snapshot
btrfs: handle errors while updating refcounts in update_ref_for_cow
ALSA: hda/realtek - New codec support for ALC257
ALSA: pcm: prevent UAF in snd_pcm_info
ALSA: seq: Remove spurious WARN_ON() at timer check
ALSA: usb-audio: Fix out-of-bound error
ALSA: usb-audio: Add check return value for usb_string()
iommu/vt-d: Fix scatterlist offset handling
smp/hotplug: Move step CPUHP_AP_SMPCFD_DYING to the correct place
s390: always save and restore all registers on context switch
s390/mm: fix off-by-one bug in 5-level page table handling
s390: fix compat system call table
KVM: s390: Fix skey emulation permission check
Revert "powerpc: Do not call ppc_md.panic in fadump panic notifier"
powerpc/64s: Initialize ISAv3 MMU registers before setting partition table
iwlwifi: mvm: mark MIC stripped MPDUs
iwlwifi: mvm: don't use transmit queue hang detection when it is not possible
iwlwifi: mvm: flush queue before deleting ROC
iwlwifi: add new cards for 9260 and 22000 series
iwlwifi: mvm: fix packet injection
iwlwifi: mvm: enable RX offloading with TKIP and WEP
brcmfmac: change driver unbind order of the sdio function devices
kdb: Fix handling of kallsyms_symbol_next() return value
md/r5cache: move mddev_lock() out of r5c_journal_mode_set()
drm/bridge: analogix dp: Fix runtime PM state in get_modes() callback
drm/exynos: gem: Drop NONCONTIG flag for buffers allocated without IOMMU
drm/i915: Fix vblank timestamp/frame counter jumps on gen2
media: dvb: i2c transfers over usb cannot be done from stack
media: rc: sir_ir: detect presence of port
media: rc: partial revert of "media: rc: per-protocol repeat period"
arm64: KVM: fix VTTBR_BADDR_MASK BUG_ON off-by-one
arm: KVM: Fix VTTBR_BADDR_MASK BUG_ON off-by-one
KVM: VMX: remove I/O port 0x80 bypass on Intel hosts
KVM: arm/arm64: Fix broken GICH_ELRSR big endian conversion
KVM: arm/arm64: vgic-irqfd: Fix MSI entry allocation
KVM: arm/arm64: vgic: Preserve the revious read from the pending table
KVM: arm/arm64: vgic-its: Check result of allocation before use
arm64: fpsimd: Prevent registers leaking from dead tasks
arm64: SW PAN: Point saved ttbr0 at the zero page when switching to init_mm
arm64: SW PAN: Update saved ttbr0 value on enter_lazy_tlb
Revert "ARM: dts: imx53: add srtc node"
bus: arm-cci: Fix use of smp_processor_id() in preemptible context
bus: arm-ccn: Check memory allocation failure
bus: arm-ccn: Fix use of smp_processor_id() in preemptible context
bus: arm-ccn: fix module unloading Error: Removing state 147 which has
instances left.
IB/core: Avoid unnecessary return value check
IB/core: Only enforce security for InfiniBand
crypto: talitos - fix AEAD test failures
crypto: talitos - fix memory corruption on SEC2
crypto: talitos - fix setkey to check key weakness
crypto: talitos - fix AEAD for sha224 on non sha224 capable chips
crypto: talitos - fix use of sg_link_tbl_len
crypto: talitos - fix ctr-aes-talitos
ARM: BUG if jumping to usermode address in kernel mode
ARM: avoid faulting on qemu
irqchip/qcom: Fix u32 comparison with value less than zero
net/smc: use sk_rcvbuf as start for rmb creation
kbuild: pkg: use --transform option to prefix paths in tar
coccinelle: fix parallel build with CHECK=scripts/coccicheck
powerpc/perf: Fix pmu_count to count only nest imc pmus
apparmor: fix leak of null profile name if profile allocation fails
x86/mpx/selftests: Fix up weird arrays
mac80211_hwsim: Fix memory leak in hwsim_new_radio_nl()
gre6: use log_ecn_error module parameter in ip6_tnl_rcv()
route: also update fnhe_genid when updating a route cache
route: update fnhe_expires for redirect when the fnhe exists
rsi: fix memory leak on buf and usb_reg_buf
drivers/rapidio/devices/rio_mport_cdev.c: fix resource leak in error handling
path in 'rio_dma_transfer()'
pipe: match pipe_max_size data type with procfs
lib/genalloc.c: make the avail variable an atomic_long_t
dynamic-debug-howto: fix optional/omitted ending line number to be LARGE
instead of 0
NFS: Fix a typo in nfs_rename()
sunrpc: Fix rpc_task_begin trace point
nfp: inherit the max_mtu from the PF netdev
nfp: fix flower offload metadata flag usage
xfs: fix forgotten rcu read unlock when skipping inode reclaim
dt-bindings: usb: fix reg-property port-number range
block: wake up all tasks blocked in get_request()
sparc64/mm: set fields in deferred pages
zsmalloc: calling zs_map_object() from irq is a bug
slub: fix sysfs duplicate filename creation when slub_debug=O
sctp: do not free asoc when it is already dead in sctp_sendmsg
sctp: use the right sk after waking up from wait_buf sleep
fcntl: don't leak fd reference when fixup_compat_flock fails
geneve: fix fill_info when link down
bpf: fix lockdep splat
clk: stm32h7: fix test of clock config
clk: sunxi-ng: a83t: Fix i2c buses bits
clk: qcom: common: fix legacy board-clock registration
clk: uniphier: fix DAPLL2 clock rate of Pro5
clk: hi3660: fix incorrect uart3 clock freqency
mailbox: mailbox-test: don't rely on rx_buffer content to signal data ready
kbuild: rpm-pkg: fix jobserver unavailable warning
atm: horizon: Fix irq release error
jump_label: Invoke jump_label_test() via early_initcall()
tls: Use kzalloc for aead_request allocation
xfrm: Copy policy family in clone_policy
f2fs: fix to clear FI_NO_PREALLOC
bnxt_re: changing the ip address shouldn't affect new connections
IB/mlx4: Increase maximal message size under UD QP
IB/mlx5: Assign send CQ and recv CQ of UMR QP
afs: Fix total-length calculation for multiple-page send
afs: Connect up the CB.ProbeUuid
Linux 4.14.6
** Affects: linux (Ubuntu)
Importance: Medium
Assignee: Seth Forshee (sforshee)
Status: Fix Committed
** Tags: kernel-stable-tracking-bug
** Tags added: kernel-stable-tracking-bug
** Description changed:
+ SRU Justification
- SRU Justification
+ Impact:
+ The upstream process for stable tree updates is quite similar
+ in scope to the Ubuntu SRU process, e.g., each patch has to
+ demonstrably fix a bug, and each patch is vetted by upstream
+ by originating either directly from a mainline/stable Linux tree or
+ a minimally backported form of that patch. The v4.14.6 upstream stable
+ patch set is now available. It should be included in the Ubuntu
+ kernel as well.
- Impact:
- The upstream process for stable tree updates is quite similar
- in scope to the Ubuntu SRU process, e.g., each patch has to
- demonstrably fix a bug, and each patch is vetted by upstream
- by originating either directly from a mainline/stable Linux tree or
- a minimally backported form of that patch. The v4.14.6 upstream stable
- patch set is now available. It should be included in the Ubuntu
- kernel as well.
+ git://git.kernel.org/
- git://git.kernel.org/
+ TEST CASE: TBD
- TEST CASE: TBD
+ The following patches from the v4.14.6 stable release shall be
+ applied:
- The following patches from the v4.14.6 stable release shall be
- applied:
+ usb: gadget: udc: renesas_usb3: fix number of the pipes
+ usb: gadget: core: Fix ->udc_set_speed() speed handling
+ serdev: ttyport: add missing receive_buf sanity checks
+ serdev: ttyport: fix NULL-deref on hangup
+ serdev: ttyport: fix tty locking in close
+ usb: f_fs: Force Reserved1=1 in OS_DESC_EXT_COMPAT
+ can: mcba_usb: fix device disconnect bug
+ can: peak/pci: fix potential bug when probe() fails
+ can: flexcan: fix VF610 state transition issue
+ can: ti_hecc: Fix napi poll return value for repoll
+ can: kvaser_usb: free buf in error paths
+ can: kvaser_usb: Fix comparison bug in kvaser_usb_read_bulk_callback()
+ can: kvaser_usb: ratelimit errors if incomplete messages are received
+ can: kvaser_usb: cancel urb on -EPIPE and -EPROTO
+ can: mcba_usb: cancel urb on -EPROTO
+ can: ems_usb: cancel urb on -EPIPE and -EPROTO
+ can: esd_usb2: cancel urb on -EPIPE and -EPROTO
+ can: usb_8dev: cancel urb on -EPIPE and -EPROTO
+ can: peak/pcie_fd: fix potential bug in restarting tx queue
+ virtio: release virtio index when fail to device_register
+ iio: stm32: fix adc/trigger link error
+ iio: health: max30102: Temperature should be in milli Celsius
+ iio: adc: cpcap: fix incorrect validation
+ iio: adc: meson-saradc: fix the bit_idx of the adc_en clock
+ iio: adc: meson-saradc: initialize the bandgap correctly on older SoCs
+ iio: adc: meson-saradc: Meson8 and Meson8b do not have REG11 and REG13
+ pinctrl: armada-37xx: Fix direction_output() callback behavior
+ Drivers: hv: vmbus: Fix a rescind issue
+ hv: kvp: Avoid reading past allocated blocks from KVP file
+ firmware: cleanup FIRMWARE_IN_KERNEL message
+ firmware: vpd: Destroy vpd sections in remove function
+ firmware: vpd: Tie firmware kobject to device lifetime
+ firmware: vpd: Fix platform driver and device registration/unregistration
+ isa: Prevent NULL dereference in isa_bus driver callbacks
+ scsi: dma-mapping: always provide dma_get_cache_alignment
+ scsi: use dma_get_cache_alignment() as minimum DMA alignment
+ scsi: libsas: align sata_device's rps_resp on a cacheline
+ efi: Move some sysfs files to be read-only by root
+ efi/esrt: Use memunmap() instead of kfree() to free the remapping
+ ASN.1: fix out-of-bounds read when parsing indefinite length item
+ ASN.1: check for error from ASN1_OP_END__ACT actions
+ KEYS: add missing permission check for request_key() destination
+ KEYS: reject NULL restriction string when type is specified
+ X.509: reject invalid BIT STRING for subjectPublicKey
+ X.509: fix comparisons of ->pkey_algo
+ x86/idt: Load idt early in start_secondary
+ x86/PCI: Make broadcom_postcore_init() check acpi_disabled
+ KVM: x86: fix APIC page invalidation
+ btrfs: fix missing error return in btrfs_drop_snapshot
+ btrfs: handle errors while updating refcounts in update_ref_for_cow
+ ALSA: hda/realtek - New codec support for ALC257
+ ALSA: pcm: prevent UAF in snd_pcm_info
+ ALSA: seq: Remove spurious WARN_ON() at timer check
+ ALSA: usb-audio: Fix out-of-bound error
+ ALSA: usb-audio: Add check return value for usb_string()
+ iommu/vt-d: Fix scatterlist offset handling
+ smp/hotplug: Move step CPUHP_AP_SMPCFD_DYING to the correct place
+ s390: always save and restore all registers on context switch
+ s390/mm: fix off-by-one bug in 5-level page table handling
+ s390: fix compat system call table
+ KVM: s390: Fix skey emulation permission check
+ Revert "powerpc: Do not call ppc_md.panic in fadump panic notifier"
+ powerpc/64s: Initialize ISAv3 MMU registers before setting partition table
+ iwlwifi: mvm: mark MIC stripped MPDUs
+ iwlwifi: mvm: don't use transmit queue hang detection when it is not possible
+ iwlwifi: mvm: flush queue before deleting ROC
+ iwlwifi: add new cards for 9260 and 22000 series
+ iwlwifi: mvm: fix packet injection
+ iwlwifi: mvm: enable RX offloading with TKIP and WEP
+ brcmfmac: change driver unbind order of the sdio function devices
+ kdb: Fix handling of kallsyms_symbol_next() return value
+ md/r5cache: move mddev_lock() out of r5c_journal_mode_set()
+ drm/bridge: analogix dp: Fix runtime PM state in get_modes() callback
+ drm/exynos: gem: Drop NONCONTIG flag for buffers allocated without IOMMU
+ drm/i915: Fix vblank timestamp/frame counter jumps on gen2
+ media: dvb: i2c transfers over usb cannot be done from stack
+ media: rc: sir_ir: detect presence of port
+ media: rc: partial revert of "media: rc: per-protocol repeat period"
+ arm64: KVM: fix VTTBR_BADDR_MASK BUG_ON off-by-one
+ arm: KVM: Fix VTTBR_BADDR_MASK BUG_ON off-by-one
+ KVM: VMX: remove I/O port 0x80 bypass on Intel hosts
+ KVM: arm/arm64: Fix broken GICH_ELRSR big endian conversion
+ KVM: arm/arm64: vgic-irqfd: Fix MSI entry allocation
+ KVM: arm/arm64: vgic: Preserve the revious read from the pending table
+ KVM: arm/arm64: vgic-its: Check result of allocation before use
+ arm64: fpsimd: Prevent registers leaking from dead tasks
+ arm64: SW PAN: Point saved ttbr0 at the zero page when switching to init_mm
+ arm64: SW PAN: Update saved ttbr0 value on enter_lazy_tlb
+ Revert "ARM: dts: imx53: add srtc node"
+ bus: arm-cci: Fix use of smp_processor_id() in preemptible context
+ bus: arm-ccn: Check memory allocation failure
+ bus: arm-ccn: Fix use of smp_processor_id() in preemptible context
+ bus: arm-ccn: fix module unloading Error: Removing state 147 which has
instances left.
+ IB/core: Avoid unnecessary return value check
+ IB/core: Only enforce security for InfiniBand
+ crypto: talitos - fix AEAD test failures
+ crypto: talitos - fix memory corruption on SEC2
+ crypto: talitos - fix setkey to check key weakness
+ crypto: talitos - fix AEAD for sha224 on non sha224 capable chips
+ crypto: talitos - fix use of sg_link_tbl_len
+ crypto: talitos - fix ctr-aes-talitos
+ ARM: BUG if jumping to usermode address in kernel mode
+ ARM: avoid faulting on qemu
+ irqchip/qcom: Fix u32 comparison with value less than zero
+ net/smc: use sk_rcvbuf as start for rmb creation
+ kbuild: pkg: use --transform option to prefix paths in tar
+ coccinelle: fix parallel build with CHECK=scripts/coccicheck
+ powerpc/perf: Fix pmu_count to count only nest imc pmus
+ apparmor: fix leak of null profile name if profile allocation fails
+ x86/mpx/selftests: Fix up weird arrays
+ mac80211_hwsim: Fix memory leak in hwsim_new_radio_nl()
+ gre6: use log_ecn_error module parameter in ip6_tnl_rcv()
+ route: also update fnhe_genid when updating a route cache
+ route: update fnhe_expires for redirect when the fnhe exists
+ rsi: fix memory leak on buf and usb_reg_buf
+ drivers/rapidio/devices/rio_mport_cdev.c: fix resource leak in error handling
path in 'rio_dma_transfer()'
+ pipe: match pipe_max_size data type with procfs
+ lib/genalloc.c: make the avail variable an atomic_long_t
+ dynamic-debug-howto: fix optional/omitted ending line number to be LARGE
instead of 0
+ NFS: Fix a typo in nfs_rename()
+ sunrpc: Fix rpc_task_begin trace point
+ nfp: inherit the max_mtu from the PF netdev
+ nfp: fix flower offload metadata flag usage
+ xfs: fix forgotten rcu read unlock when skipping inode reclaim
+ dt-bindings: usb: fix reg-property port-number range
+ block: wake up all tasks blocked in get_request()
+ sparc64/mm: set fields in deferred pages
+ zsmalloc: calling zs_map_object() from irq is a bug
+ slub: fix sysfs duplicate filename creation when slub_debug=O
+ sctp: do not free asoc when it is already dead in sctp_sendmsg
+ sctp: use the right sk after waking up from wait_buf sleep
+ fcntl: don't leak fd reference when fixup_compat_flock fails
+ geneve: fix fill_info when link down
+ bpf: fix lockdep splat
+ clk: stm32h7: fix test of clock config
+ clk: sunxi-ng: a83t: Fix i2c buses bits
+ clk: qcom: common: fix legacy board-clock registration
+ clk: uniphier: fix DAPLL2 clock rate of Pro5
+ clk: hi3660: fix incorrect uart3 clock freqency
+ mailbox: mailbox-test: don't rely on rx_buffer content to signal data ready
+ kbuild: rpm-pkg: fix jobserver unavailable warning
+ atm: horizon: Fix irq release error
+ jump_label: Invoke jump_label_test() via early_initcall()
+ tls: Use kzalloc for aead_request allocation
+ xfrm: Copy policy family in clone_policy
+ f2fs: fix to clear FI_NO_PREALLOC
+ bnxt_re: changing the ip address shouldn't affect new connections
+ IB/mlx4: Increase maximal message size under UD QP
+ IB/mlx5: Assign send CQ and recv CQ of UMR QP
+ afs: Fix total-length calculation for multiple-page send
+ afs: Connect up the CB.ProbeUuid
+ Linux 4.14.6
** Changed in: linux (Ubuntu)
Importance: Undecided => Medium
** Changed in: linux (Ubuntu)
Status: New => In Progress
** Changed in: linux (Ubuntu)
Assignee: (unassigned) => Seth Forshee (sforshee)
** Changed in: linux (Ubuntu)
Status: In Progress => Fix Committed
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1738480
Title:
Bionic update to v4.14.6 stable release
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1738480/+subscriptions
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
