Public bug reported:
SRU Justification
Impact:
The upstream process for stable tree updates is quite similar
in scope to the Ubuntu SRU process, e.g., each patch has to
demonstrably fix a bug, and each patch is vetted by upstream
by originating either directly from a mainline/stable Linux tree or
a minimally backported form of that patch. The v4.14.8 upstream stable
patch set is now available. It should be included in the Ubuntu
kernel as well.
git://git.kernel.org/
TEST CASE: TBD
The following patches from the v4.14.8 stable release shall be
applied:
mfd: fsl-imx25: Clean up irq settings during removal
crypto: algif_aead - fix reference counting of null skcipher
crypto: rsa - fix buffer overread when stripping leading zeroes
crypto: hmac - require that the underlying hash algorithm is unkeyed
crypto: salsa20 - fix blkcipher_walk API usage
crypto: af_alg - fix NULL pointer dereference in
cifs: fix NULL deref in SMB2_read
string.h: workaround for increased stack usage
autofs: fix careless error in recent commit
kernel: make groups_sort calling a responsibility group_info allocators
mm, oom_reaper: fix memory corruption
tracing: Allocate mask_str buffer dynamically
USB: uas and storage: Add US_FL_BROKEN_FUA for another JMicron JMS567 ID
USB: core: prevent malicious bNumInterfaces overflow
ovl: Pass ovl_get_nlink() parameters in right order
ovl: update ctx->pos on impure dir iteration
usbip: fix stub_rx: get_pipe() to validate endpoint number
usbip: fix stub_rx: harden CMD_SUBMIT path to handle malicious input
usbip: prevent vhci_hcd driver from leaking a socket pointer address
usbip: fix stub_send_ret_submit() vulnerability to null transfer_buffer
mmc: core: apply NO_CMD23 quirk to some specific cards
ceph: drop negative child dentries before try pruning inode's alias
usb: xhci: fix TDS for MTK xHCI1.1
xhci: Don't add a virt_dev to the devs array before it's fully allocated
IB/core: Bound check alternate path port number
IB/core: Don't enforce PKey security on SMI MADs
nfs: don't wait on commit in nfs_commit_inode() if there were no commit requests
arm64: mm: Fix pte_mkclean, pte_mkdirty semantics
arm64: Initialise high_memory global variable earlier
arm64: fix CONFIG_DEBUG_WX address reporting
scsi: core: Fix a scsi_show_rq() NULL pointer dereference
scsi: libsas: fix length error in sas_smp_handler()
sched/rt: Do not pull from current CPU if only one CPU to pull
dm: fix various targets to dm_register_target after module __init resources
created
SUNRPC: Fix a race in the receive code path
iw_cxgb4: only insert drain cqes if wq is flushed
x86/boot/compressed/64: Detect and handle 5-level paging at boot-time
x86/boot/compressed/64: Print error if 5-level paging is not supported
eeprom: at24: change nvmem stride to 1
posix-timer: Properly check sigevent->sigev_notify
dmaengine: dmatest: move callback wait queue to thread context
ext4: support fast symlinks from ext3 file systems
ext4: fix fdatasync(2) after fallocate(2) operation
ext4: add missing error check in __ext4_new_inode()
ext4: fix crash when a directory's i_size is too small
IB/mlx4: Fix RSS's QPC attributes assignments
HID: cp2112: fix broken gpio_direction_input callback
sfc: don't warn on successful change of MAC
fbdev: controlfb: Add missing modes to fix out of bounds access
video: udlfb: Fix read EDID timeout
video: fbdev: au1200fb: Release some resources if a memory allocation fails
video: fbdev: au1200fb: Return an error code if a memory allocation fails
rtc: pcf8563: fix output clock rate
scsi: aacraid: use timespec64 instead of timeval
drm/amdgpu: bypass lru touch for KIQ ring submission
PM / s2idle: Clear the events_check_enabled flag
ASoC: Intel: Skylake: Fix uuid_module memory leak in failure case
dmaengine: ti-dma-crossbar: Correct am335x/am43xx mux value type
mlxsw: spectrum: Fix error return code in mlxsw_sp_port_create()
PCI/PME: Handle invalid data when reading Root Status
powerpc/powernv/cpufreq: Fix the frequency read by /proc/cpuinfo
PCI: Do not allocate more buses than available in parent
iommu/mediatek: Fix driver name
thunderbolt: tb: fix use after free in tb_activate_pcie_devices
netfilter: ipvs: Fix inappropriate output of procfs
powerpc/opal: Fix EBUSY bug in acquiring tokens
powerpc/ipic: Fix status get and status clear
powerpc/pseries/vio: Dispose of virq mapping on vdevice unregister
platform/x86: intel_punit_ipc: Fix resource ioremap warning
target/iscsi: Detect conn_cmd_list corruption early
target/iscsi: Fix a race condition in iscsit_add_reject_from_cmd()
iscsi-target: fix memory leak in lio_target_tiqn_addtpg()
target:fix condition return in core_pr_dump_initiator_port()
target/file: Do not return error for UNMAP if length is zero
badblocks: fix wrong return value in badblocks_set if badblocks are disabled
iommu/amd: Limit the IOVA page range to the specified addresses
xfs: truncate pagecache before writeback in xfs_setattr_size()
arm-ccn: perf: Prevent module unload while PMU is in use
crypto: tcrypt - fix buffer lengths in test_aead_speed()
mm: Handle 0 flags in _calc_vm_trans() macro
net: hns3: fix for getting advertised_caps in hns3_get_link_ksettings
net: hns3: Fix a misuse to devm_free_irq
staging: rtl8188eu: Revert part of "staging: rtl8188eu: fix comments with lines
over 80 characters"
clk: mediatek: add the option for determining PLL source clock
clk: imx: imx7d: Fix parent clock for OCRAM_CLK
clk: imx6: refine hdmi_isfr's parent to make HDMI work on i.MX6 SoCs w/o VPU
media: camss-vfe: always initialize reg at vfe_set_xbar_cfg()
clk: hi6220: mark clock cs_atb_syspll as critical
blk-mq-sched: dispatch from scheduler IFF progress is made in ->dispatch
clk: tegra: Use readl_relaxed_poll_timeout_atomic() in tegra210_clock_init()
clk: tegra: Fix cclk_lp divisor register
ppp: Destroy the mutex when cleanup
ASoC: rsnd: rsnd_ssi_run_mods() needs to care ssi_parent_mod
thermal/drivers/step_wise: Fix temperature regulation misbehavior
misc: pci_endpoint_test: Fix failure path return values in probe
misc: pci_endpoint_test: Avoid triggering a BUG()
scsi: scsi_debug: write_same: fix error report
GFS2: Take inode off order_write list when setting jdata flag
media: usbtv: fix brightness and contrast controls
rpmsg: glink: Initialize the "intent_req_comp" completion variable
bcache: explicitly destroy mutex while exiting
bcache: fix wrong cache_misses statistics
Ib/hfi1: Return actual operational VLs in port info query
Bluetooth: hci_ldisc: Fix another race when closing the tty.
arm64: prevent regressions in compressed kernel image size when upgrading to
binutils 2.27
btrfs: fix false EIO for missing device
btrfs: Explicitly handle btrfs_update_root failure
btrfs: undo writable superblocke when sprouting fails
btrfs: avoid null pointer dereference on fs_info when calling btrfs_crit
btrfs: tests: Fix a memory leak in error handling path in 'run_test()'
qtnfmac: modify full Tx queue error reporting
mtd: spi-nor: stm32-quadspi: Fix uninitialized error return code
ARM64: dts: meson-gxbb-odroidc2: fix usb1 power supply
Bluetooth: btusb: Add new NFA344A entry.
samples/bpf: adjust rlimit RLIMIT_MEMLOCK for xdp1
liquidio: fix kernel panic in VF driver
platform/x86: hp_accel: Add quirk for HP ProBook 440 G4
nvme: use kref_get_unless_zero in nvme_find_get_ns
l2tp: cleanup l2tp_tunnel_delete calls
xfs: fix log block underflow during recovery cycle verification
xfs: return a distinct error code value for IGET_INCORE cache misses
xfs: fix incorrect extent state in xfs_bmap_add_extent_unwritten_real
net: dsa: lan9303: Do not disable switch fabric port 0 at .probe
net: hns3: fix a bug in hclge_uninit_client_instance
net: hns3: add nic_client check when initialize roce base information
net: hns3: fix the bug of hns3_set_txbd_baseinfo
RDMA/cxgb4: Declare stag as __be32
PCI: Detach driver before procfs & sysfs teardown on device remove
scsi: hisi_sas: fix the risk of freeing slot twice
scsi: hpsa: cleanup sas_phy structures in sysfs when unloading
scsi: hpsa: destroy sas transport properties before scsi_host
mfd: mxs-lradc: Fix error handling in mxs_lradc_probe()
net: hns3: fix the TX/RX ring.queue_index in hns3_ring_get_cfg
net: hns3: fix the bug when map buffer fail
net: hns3: fix a bug when alloc new buffer
serdev: ttyport: enforce tty-driver open() requirement
powerpc/perf/hv-24x7: Fix incorrect comparison in memord
powerpc/xmon: Check before calling xive functions
soc: mediatek: pwrap: fix compiler errors
ipv4: ipv4_default_advmss() should use route mtu
KVM: nVMX: Fix EPT switching advertising
tty fix oops when rmmod 8250
dev/dax: fix uninitialized variable build warning
pinctrl: adi2: Fix Kconfig build problem
raid5: Set R5_Expanded on parity devices as well as data.
scsi: scsi_devinfo: Add REPORTLUN2 to EMC SYMMETRIX blacklist entry
IB/core: Fix use workqueue without WQ_MEM_RECLAIM
IB/core: Fix calculation of maximum RoCE MTU
vt6655: Fix a possible sleep-in-atomic bug in vt6655_suspend
IB/hfi1: Mask out A bit from psn trace
rtl8188eu: Fix a possible sleep-in-atomic bug in rtw_createbss_cmd
rtl8188eu: Fix a possible sleep-in-atomic bug in rtw_disassoc_cmd
ipmi_si: fix memory leak on new_smi
nullb: fix error return code in null_init()
scsi: sd: change manage_start_stop to bool in sysfs interface
scsi: sd: change allow_restart to bool in sysfs interface
scsi: bfa: integer overflow in debugfs
raid5-ppl: check recovery_offset when performing ppl recovery
md-cluster: fix wrong condition check in raid1_write_request
xprtrdma: Don't defer fencing an async RPC's chunks
udf: Avoid overflow when session starts at large offset
macvlan: Only deliver one copy of the frame to the macvlan interface
IB/core: Fix endianness annotation in rdma_is_multicast_addr()
RDMA/cma: Avoid triggering undefined behavior
IB/ipoib: Grab rtnl lock on heavy flush when calling ndo_open/stop
icmp: don't fail on fragment reassembly time exceeded
lightnvm: pblk: prevent gc kicks when gc is not operational
lightnvm: pblk: fix changing GC group list for a line
lightnvm: pblk: use right flag for GC allocation
lightnvm: pblk: initialize debug stat counter
lightnvm: pblk: fix min size for page mempool
lightnvm: pblk: protect line bitmap while submitting meta io
ath9k: fix tx99 potential info leak
ath10k: fix core PCI suspend when WoWLAN is supported but disabled
ath10k: fix build errors with !CONFIG_PM
usb: musb: da8xx: fix babble condition handling
Linux 4.14.8
The following patches from the v4.14.8 stable release had already
been applied:
Revert "exec: avoid RLIMIT_STACK races with prlimit()"
** Affects: linux (Ubuntu)
Importance: Medium
Assignee: Seth Forshee (sforshee)
Status: In Progress
** Tags: kernel-stable-tracking-bug
** Tags added: kernel-stable-tracking-bug
** Changed in: linux (Ubuntu)
Status: New => In Progress
** Changed in: linux (Ubuntu)
Assignee: (unassigned) => Seth Forshee (sforshee)
** Changed in: linux (Ubuntu)
Importance: Undecided => Medium
** Description changed:
+ SRU Justification
- SRU Justification
+ Impact:
+ The upstream process for stable tree updates is quite similar
+ in scope to the Ubuntu SRU process, e.g., each patch has to
+ demonstrably fix a bug, and each patch is vetted by upstream
+ by originating either directly from a mainline/stable Linux tree or
+ a minimally backported form of that patch. The v4.14.8 upstream stable
+ patch set is now available. It should be included in the Ubuntu
+ kernel as well.
- Impact:
- The upstream process for stable tree updates is quite similar
- in scope to the Ubuntu SRU process, e.g., each patch has to
- demonstrably fix a bug, and each patch is vetted by upstream
- by originating either directly from a mainline/stable Linux tree or
- a minimally backported form of that patch. The v4.14.8 upstream stable
- patch set is now available. It should be included in the Ubuntu
- kernel as well.
+ git://git.kernel.org/
- git://git.kernel.org/
+ TEST CASE: TBD
- TEST CASE: TBD
+ The following patches from the v4.14.8 stable release shall be
+ applied:
- The following patches from the v4.14.8 stable release shall be
- applied:
+ mfd: fsl-imx25: Clean up irq settings during removal
+ crypto: algif_aead - fix reference counting of null skcipher
+ crypto: rsa - fix buffer overread when stripping leading zeroes
+ crypto: hmac - require that the underlying hash algorithm is unkeyed
+ crypto: salsa20 - fix blkcipher_walk API usage
+ crypto: af_alg - fix NULL pointer dereference in
+ cifs: fix NULL deref in SMB2_read
+ string.h: workaround for increased stack usage
+ autofs: fix careless error in recent commit
+ kernel: make groups_sort calling a responsibility group_info allocators
+ mm, oom_reaper: fix memory corruption
+ tracing: Allocate mask_str buffer dynamically
+ USB: uas and storage: Add US_FL_BROKEN_FUA for another JMicron JMS567 ID
+ USB: core: prevent malicious bNumInterfaces overflow
+ ovl: Pass ovl_get_nlink() parameters in right order
+ ovl: update ctx->pos on impure dir iteration
+ usbip: fix stub_rx: get_pipe() to validate endpoint number
+ usbip: fix stub_rx: harden CMD_SUBMIT path to handle malicious input
+ usbip: prevent vhci_hcd driver from leaking a socket pointer address
+ usbip: fix stub_send_ret_submit() vulnerability to null transfer_buffer
+ mmc: core: apply NO_CMD23 quirk to some specific cards
+ ceph: drop negative child dentries before try pruning inode's alias
+ usb: xhci: fix TDS for MTK xHCI1.1
+ xhci: Don't add a virt_dev to the devs array before it's fully allocated
+ IB/core: Bound check alternate path port number
+ IB/core: Don't enforce PKey security on SMI MADs
+ nfs: don't wait on commit in nfs_commit_inode() if there were no commit
requests
+ arm64: mm: Fix pte_mkclean, pte_mkdirty semantics
+ arm64: Initialise high_memory global variable earlier
+ arm64: fix CONFIG_DEBUG_WX address reporting
+ scsi: core: Fix a scsi_show_rq() NULL pointer dereference
+ scsi: libsas: fix length error in sas_smp_handler()
+ sched/rt: Do not pull from current CPU if only one CPU to pull
+ dm: fix various targets to dm_register_target after module __init resources
created
+ SUNRPC: Fix a race in the receive code path
+ iw_cxgb4: only insert drain cqes if wq is flushed
+ x86/boot/compressed/64: Detect and handle 5-level paging at boot-time
+ x86/boot/compressed/64: Print error if 5-level paging is not supported
+ eeprom: at24: change nvmem stride to 1
+ posix-timer: Properly check sigevent->sigev_notify
+ dmaengine: dmatest: move callback wait queue to thread context
+ Revert "exec: avoid RLIMIT_STACK races with prlimit()"
+ ext4: support fast symlinks from ext3 file systems
+ ext4: fix fdatasync(2) after fallocate(2) operation
+ ext4: add missing error check in __ext4_new_inode()
+ ext4: fix crash when a directory's i_size is too small
+ IB/mlx4: Fix RSS's QPC attributes assignments
+ HID: cp2112: fix broken gpio_direction_input callback
+ sfc: don't warn on successful change of MAC
+ fbdev: controlfb: Add missing modes to fix out of bounds access
+ video: udlfb: Fix read EDID timeout
+ video: fbdev: au1200fb: Release some resources if a memory allocation fails
+ video: fbdev: au1200fb: Return an error code if a memory allocation fails
+ rtc: pcf8563: fix output clock rate
+ scsi: aacraid: use timespec64 instead of timeval
+ drm/amdgpu: bypass lru touch for KIQ ring submission
+ PM / s2idle: Clear the events_check_enabled flag
+ ASoC: Intel: Skylake: Fix uuid_module memory leak in failure case
+ dmaengine: ti-dma-crossbar: Correct am335x/am43xx mux value type
+ mlxsw: spectrum: Fix error return code in mlxsw_sp_port_create()
+ PCI/PME: Handle invalid data when reading Root Status
+ powerpc/powernv/cpufreq: Fix the frequency read by /proc/cpuinfo
+ PCI: Do not allocate more buses than available in parent
+ iommu/mediatek: Fix driver name
+ thunderbolt: tb: fix use after free in tb_activate_pcie_devices
+ netfilter: ipvs: Fix inappropriate output of procfs
+ powerpc/opal: Fix EBUSY bug in acquiring tokens
+ powerpc/ipic: Fix status get and status clear
+ powerpc/pseries/vio: Dispose of virq mapping on vdevice unregister
+ platform/x86: intel_punit_ipc: Fix resource ioremap warning
+ target/iscsi: Detect conn_cmd_list corruption early
+ target/iscsi: Fix a race condition in iscsit_add_reject_from_cmd()
+ iscsi-target: fix memory leak in lio_target_tiqn_addtpg()
+ target:fix condition return in core_pr_dump_initiator_port()
+ target/file: Do not return error for UNMAP if length is zero
+ badblocks: fix wrong return value in badblocks_set if badblocks are disabled
+ iommu/amd: Limit the IOVA page range to the specified addresses
+ xfs: truncate pagecache before writeback in xfs_setattr_size()
+ arm-ccn: perf: Prevent module unload while PMU is in use
+ crypto: tcrypt - fix buffer lengths in test_aead_speed()
+ mm: Handle 0 flags in _calc_vm_trans() macro
+ net: hns3: fix for getting advertised_caps in hns3_get_link_ksettings
+ net: hns3: Fix a misuse to devm_free_irq
+ staging: rtl8188eu: Revert part of "staging: rtl8188eu: fix comments with
lines over 80 characters"
+ clk: mediatek: add the option for determining PLL source clock
+ clk: imx: imx7d: Fix parent clock for OCRAM_CLK
+ clk: imx6: refine hdmi_isfr's parent to make HDMI work on i.MX6 SoCs w/o VPU
+ media: camss-vfe: always initialize reg at vfe_set_xbar_cfg()
+ clk: hi6220: mark clock cs_atb_syspll as critical
+ blk-mq-sched: dispatch from scheduler IFF progress is made in ->dispatch
+ clk: tegra: Use readl_relaxed_poll_timeout_atomic() in tegra210_clock_init()
+ clk: tegra: Fix cclk_lp divisor register
+ ppp: Destroy the mutex when cleanup
+ ASoC: rsnd: rsnd_ssi_run_mods() needs to care ssi_parent_mod
+ thermal/drivers/step_wise: Fix temperature regulation misbehavior
+ misc: pci_endpoint_test: Fix failure path return values in probe
+ misc: pci_endpoint_test: Avoid triggering a BUG()
+ scsi: scsi_debug: write_same: fix error report
+ GFS2: Take inode off order_write list when setting jdata flag
+ media: usbtv: fix brightness and contrast controls
+ rpmsg: glink: Initialize the "intent_req_comp" completion variable
+ bcache: explicitly destroy mutex while exiting
+ bcache: fix wrong cache_misses statistics
+ Ib/hfi1: Return actual operational VLs in port info query
+ Bluetooth: hci_ldisc: Fix another race when closing the tty.
+ arm64: prevent regressions in compressed kernel image size when upgrading to
binutils 2.27
+ btrfs: fix false EIO for missing device
+ btrfs: Explicitly handle btrfs_update_root failure
+ btrfs: undo writable superblocke when sprouting fails
+ btrfs: avoid null pointer dereference on fs_info when calling btrfs_crit
+ btrfs: tests: Fix a memory leak in error handling path in 'run_test()'
+ qtnfmac: modify full Tx queue error reporting
+ mtd: spi-nor: stm32-quadspi: Fix uninitialized error return code
+ ARM64: dts: meson-gxbb-odroidc2: fix usb1 power supply
+ Bluetooth: btusb: Add new NFA344A entry.
+ samples/bpf: adjust rlimit RLIMIT_MEMLOCK for xdp1
+ liquidio: fix kernel panic in VF driver
+ platform/x86: hp_accel: Add quirk for HP ProBook 440 G4
+ nvme: use kref_get_unless_zero in nvme_find_get_ns
+ l2tp: cleanup l2tp_tunnel_delete calls
+ xfs: fix log block underflow during recovery cycle verification
+ xfs: return a distinct error code value for IGET_INCORE cache misses
+ xfs: fix incorrect extent state in xfs_bmap_add_extent_unwritten_real
+ net: dsa: lan9303: Do not disable switch fabric port 0 at .probe
+ net: hns3: fix a bug in hclge_uninit_client_instance
+ net: hns3: add nic_client check when initialize roce base information
+ net: hns3: fix the bug of hns3_set_txbd_baseinfo
+ RDMA/cxgb4: Declare stag as __be32
+ PCI: Detach driver before procfs & sysfs teardown on device remove
+ scsi: hisi_sas: fix the risk of freeing slot twice
+ scsi: hpsa: cleanup sas_phy structures in sysfs when unloading
+ scsi: hpsa: destroy sas transport properties before scsi_host
+ mfd: mxs-lradc: Fix error handling in mxs_lradc_probe()
+ net: hns3: fix the TX/RX ring.queue_index in hns3_ring_get_cfg
+ net: hns3: fix the bug when map buffer fail
+ net: hns3: fix a bug when alloc new buffer
+ serdev: ttyport: enforce tty-driver open() requirement
+ powerpc/perf/hv-24x7: Fix incorrect comparison in memord
+ powerpc/xmon: Check before calling xive functions
+ soc: mediatek: pwrap: fix compiler errors
+ ipv4: ipv4_default_advmss() should use route mtu
+ KVM: nVMX: Fix EPT switching advertising
+ tty fix oops when rmmod 8250
+ dev/dax: fix uninitialized variable build warning
+ pinctrl: adi2: Fix Kconfig build problem
+ raid5: Set R5_Expanded on parity devices as well as data.
+ scsi: scsi_devinfo: Add REPORTLUN2 to EMC SYMMETRIX blacklist entry
+ IB/core: Fix use workqueue without WQ_MEM_RECLAIM
+ IB/core: Fix calculation of maximum RoCE MTU
+ vt6655: Fix a possible sleep-in-atomic bug in vt6655_suspend
+ IB/hfi1: Mask out A bit from psn trace
+ rtl8188eu: Fix a possible sleep-in-atomic bug in rtw_createbss_cmd
+ rtl8188eu: Fix a possible sleep-in-atomic bug in rtw_disassoc_cmd
+ ipmi_si: fix memory leak on new_smi
+ nullb: fix error return code in null_init()
+ scsi: sd: change manage_start_stop to bool in sysfs interface
+ scsi: sd: change allow_restart to bool in sysfs interface
+ scsi: bfa: integer overflow in debugfs
+ raid5-ppl: check recovery_offset when performing ppl recovery
+ md-cluster: fix wrong condition check in raid1_write_request
+ xprtrdma: Don't defer fencing an async RPC's chunks
+ udf: Avoid overflow when session starts at large offset
+ macvlan: Only deliver one copy of the frame to the macvlan interface
+ IB/core: Fix endianness annotation in rdma_is_multicast_addr()
+ RDMA/cma: Avoid triggering undefined behavior
+ IB/ipoib: Grab rtnl lock on heavy flush when calling ndo_open/stop
+ icmp: don't fail on fragment reassembly time exceeded
+ lightnvm: pblk: prevent gc kicks when gc is not operational
+ lightnvm: pblk: fix changing GC group list for a line
+ lightnvm: pblk: use right flag for GC allocation
+ lightnvm: pblk: initialize debug stat counter
+ lightnvm: pblk: fix min size for page mempool
+ lightnvm: pblk: protect line bitmap while submitting meta io
+ ath9k: fix tx99 potential info leak
+ ath10k: fix core PCI suspend when WoWLAN is supported but disabled
+ ath10k: fix build errors with !CONFIG_PM
+ usb: musb: da8xx: fix babble condition handling
+ Linux 4.14.8
** Description changed:
SRU Justification
Impact:
The upstream process for stable tree updates is quite similar
in scope to the Ubuntu SRU process, e.g., each patch has to
demonstrably fix a bug, and each patch is vetted by upstream
by originating either directly from a mainline/stable Linux tree or
a minimally backported form of that patch. The v4.14.8 upstream stable
patch set is now available. It should be included in the Ubuntu
kernel as well.
git://git.kernel.org/
TEST CASE: TBD
The following patches from the v4.14.8 stable release shall be
applied:
mfd: fsl-imx25: Clean up irq settings during removal
crypto: algif_aead - fix reference counting of null skcipher
crypto: rsa - fix buffer overread when stripping leading zeroes
crypto: hmac - require that the underlying hash algorithm is unkeyed
crypto: salsa20 - fix blkcipher_walk API usage
crypto: af_alg - fix NULL pointer dereference in
cifs: fix NULL deref in SMB2_read
string.h: workaround for increased stack usage
autofs: fix careless error in recent commit
kernel: make groups_sort calling a responsibility group_info allocators
mm, oom_reaper: fix memory corruption
tracing: Allocate mask_str buffer dynamically
USB: uas and storage: Add US_FL_BROKEN_FUA for another JMicron JMS567 ID
USB: core: prevent malicious bNumInterfaces overflow
ovl: Pass ovl_get_nlink() parameters in right order
ovl: update ctx->pos on impure dir iteration
usbip: fix stub_rx: get_pipe() to validate endpoint number
usbip: fix stub_rx: harden CMD_SUBMIT path to handle malicious input
usbip: prevent vhci_hcd driver from leaking a socket pointer address
usbip: fix stub_send_ret_submit() vulnerability to null transfer_buffer
mmc: core: apply NO_CMD23 quirk to some specific cards
ceph: drop negative child dentries before try pruning inode's alias
usb: xhci: fix TDS for MTK xHCI1.1
xhci: Don't add a virt_dev to the devs array before it's fully allocated
IB/core: Bound check alternate path port number
IB/core: Don't enforce PKey security on SMI MADs
nfs: don't wait on commit in nfs_commit_inode() if there were no commit
requests
arm64: mm: Fix pte_mkclean, pte_mkdirty semantics
arm64: Initialise high_memory global variable earlier
arm64: fix CONFIG_DEBUG_WX address reporting
scsi: core: Fix a scsi_show_rq() NULL pointer dereference
scsi: libsas: fix length error in sas_smp_handler()
sched/rt: Do not pull from current CPU if only one CPU to pull
dm: fix various targets to dm_register_target after module __init resources
created
SUNRPC: Fix a race in the receive code path
iw_cxgb4: only insert drain cqes if wq is flushed
x86/boot/compressed/64: Detect and handle 5-level paging at boot-time
x86/boot/compressed/64: Print error if 5-level paging is not supported
eeprom: at24: change nvmem stride to 1
posix-timer: Properly check sigevent->sigev_notify
dmaengine: dmatest: move callback wait queue to thread context
- Revert "exec: avoid RLIMIT_STACK races with prlimit()"
ext4: support fast symlinks from ext3 file systems
ext4: fix fdatasync(2) after fallocate(2) operation
ext4: add missing error check in __ext4_new_inode()
ext4: fix crash when a directory's i_size is too small
IB/mlx4: Fix RSS's QPC attributes assignments
HID: cp2112: fix broken gpio_direction_input callback
sfc: don't warn on successful change of MAC
fbdev: controlfb: Add missing modes to fix out of bounds access
video: udlfb: Fix read EDID timeout
video: fbdev: au1200fb: Release some resources if a memory allocation fails
video: fbdev: au1200fb: Return an error code if a memory allocation fails
rtc: pcf8563: fix output clock rate
scsi: aacraid: use timespec64 instead of timeval
drm/amdgpu: bypass lru touch for KIQ ring submission
PM / s2idle: Clear the events_check_enabled flag
ASoC: Intel: Skylake: Fix uuid_module memory leak in failure case
dmaengine: ti-dma-crossbar: Correct am335x/am43xx mux value type
mlxsw: spectrum: Fix error return code in mlxsw_sp_port_create()
PCI/PME: Handle invalid data when reading Root Status
powerpc/powernv/cpufreq: Fix the frequency read by /proc/cpuinfo
PCI: Do not allocate more buses than available in parent
iommu/mediatek: Fix driver name
thunderbolt: tb: fix use after free in tb_activate_pcie_devices
netfilter: ipvs: Fix inappropriate output of procfs
powerpc/opal: Fix EBUSY bug in acquiring tokens
powerpc/ipic: Fix status get and status clear
powerpc/pseries/vio: Dispose of virq mapping on vdevice unregister
platform/x86: intel_punit_ipc: Fix resource ioremap warning
target/iscsi: Detect conn_cmd_list corruption early
target/iscsi: Fix a race condition in iscsit_add_reject_from_cmd()
iscsi-target: fix memory leak in lio_target_tiqn_addtpg()
target:fix condition return in core_pr_dump_initiator_port()
target/file: Do not return error for UNMAP if length is zero
badblocks: fix wrong return value in badblocks_set if badblocks are disabled
iommu/amd: Limit the IOVA page range to the specified addresses
xfs: truncate pagecache before writeback in xfs_setattr_size()
arm-ccn: perf: Prevent module unload while PMU is in use
crypto: tcrypt - fix buffer lengths in test_aead_speed()
mm: Handle 0 flags in _calc_vm_trans() macro
net: hns3: fix for getting advertised_caps in hns3_get_link_ksettings
net: hns3: Fix a misuse to devm_free_irq
staging: rtl8188eu: Revert part of "staging: rtl8188eu: fix comments with
lines over 80 characters"
clk: mediatek: add the option for determining PLL source clock
clk: imx: imx7d: Fix parent clock for OCRAM_CLK
clk: imx6: refine hdmi_isfr's parent to make HDMI work on i.MX6 SoCs w/o VPU
media: camss-vfe: always initialize reg at vfe_set_xbar_cfg()
clk: hi6220: mark clock cs_atb_syspll as critical
blk-mq-sched: dispatch from scheduler IFF progress is made in ->dispatch
clk: tegra: Use readl_relaxed_poll_timeout_atomic() in tegra210_clock_init()
clk: tegra: Fix cclk_lp divisor register
ppp: Destroy the mutex when cleanup
ASoC: rsnd: rsnd_ssi_run_mods() needs to care ssi_parent_mod
thermal/drivers/step_wise: Fix temperature regulation misbehavior
misc: pci_endpoint_test: Fix failure path return values in probe
misc: pci_endpoint_test: Avoid triggering a BUG()
scsi: scsi_debug: write_same: fix error report
GFS2: Take inode off order_write list when setting jdata flag
media: usbtv: fix brightness and contrast controls
rpmsg: glink: Initialize the "intent_req_comp" completion variable
bcache: explicitly destroy mutex while exiting
bcache: fix wrong cache_misses statistics
Ib/hfi1: Return actual operational VLs in port info query
Bluetooth: hci_ldisc: Fix another race when closing the tty.
arm64: prevent regressions in compressed kernel image size when upgrading to
binutils 2.27
btrfs: fix false EIO for missing device
btrfs: Explicitly handle btrfs_update_root failure
btrfs: undo writable superblocke when sprouting fails
btrfs: avoid null pointer dereference on fs_info when calling btrfs_crit
btrfs: tests: Fix a memory leak in error handling path in 'run_test()'
qtnfmac: modify full Tx queue error reporting
mtd: spi-nor: stm32-quadspi: Fix uninitialized error return code
ARM64: dts: meson-gxbb-odroidc2: fix usb1 power supply
Bluetooth: btusb: Add new NFA344A entry.
samples/bpf: adjust rlimit RLIMIT_MEMLOCK for xdp1
liquidio: fix kernel panic in VF driver
platform/x86: hp_accel: Add quirk for HP ProBook 440 G4
nvme: use kref_get_unless_zero in nvme_find_get_ns
l2tp: cleanup l2tp_tunnel_delete calls
xfs: fix log block underflow during recovery cycle verification
xfs: return a distinct error code value for IGET_INCORE cache misses
xfs: fix incorrect extent state in xfs_bmap_add_extent_unwritten_real
net: dsa: lan9303: Do not disable switch fabric port 0 at .probe
net: hns3: fix a bug in hclge_uninit_client_instance
net: hns3: add nic_client check when initialize roce base information
net: hns3: fix the bug of hns3_set_txbd_baseinfo
RDMA/cxgb4: Declare stag as __be32
PCI: Detach driver before procfs & sysfs teardown on device remove
scsi: hisi_sas: fix the risk of freeing slot twice
scsi: hpsa: cleanup sas_phy structures in sysfs when unloading
scsi: hpsa: destroy sas transport properties before scsi_host
mfd: mxs-lradc: Fix error handling in mxs_lradc_probe()
net: hns3: fix the TX/RX ring.queue_index in hns3_ring_get_cfg
net: hns3: fix the bug when map buffer fail
net: hns3: fix a bug when alloc new buffer
serdev: ttyport: enforce tty-driver open() requirement
powerpc/perf/hv-24x7: Fix incorrect comparison in memord
powerpc/xmon: Check before calling xive functions
soc: mediatek: pwrap: fix compiler errors
ipv4: ipv4_default_advmss() should use route mtu
KVM: nVMX: Fix EPT switching advertising
tty fix oops when rmmod 8250
dev/dax: fix uninitialized variable build warning
pinctrl: adi2: Fix Kconfig build problem
raid5: Set R5_Expanded on parity devices as well as data.
scsi: scsi_devinfo: Add REPORTLUN2 to EMC SYMMETRIX blacklist entry
IB/core: Fix use workqueue without WQ_MEM_RECLAIM
IB/core: Fix calculation of maximum RoCE MTU
vt6655: Fix a possible sleep-in-atomic bug in vt6655_suspend
IB/hfi1: Mask out A bit from psn trace
rtl8188eu: Fix a possible sleep-in-atomic bug in rtw_createbss_cmd
rtl8188eu: Fix a possible sleep-in-atomic bug in rtw_disassoc_cmd
ipmi_si: fix memory leak on new_smi
nullb: fix error return code in null_init()
scsi: sd: change manage_start_stop to bool in sysfs interface
scsi: sd: change allow_restart to bool in sysfs interface
scsi: bfa: integer overflow in debugfs
raid5-ppl: check recovery_offset when performing ppl recovery
md-cluster: fix wrong condition check in raid1_write_request
xprtrdma: Don't defer fencing an async RPC's chunks
udf: Avoid overflow when session starts at large offset
macvlan: Only deliver one copy of the frame to the macvlan interface
IB/core: Fix endianness annotation in rdma_is_multicast_addr()
RDMA/cma: Avoid triggering undefined behavior
IB/ipoib: Grab rtnl lock on heavy flush when calling ndo_open/stop
icmp: don't fail on fragment reassembly time exceeded
lightnvm: pblk: prevent gc kicks when gc is not operational
lightnvm: pblk: fix changing GC group list for a line
lightnvm: pblk: use right flag for GC allocation
lightnvm: pblk: initialize debug stat counter
lightnvm: pblk: fix min size for page mempool
lightnvm: pblk: protect line bitmap while submitting meta io
ath9k: fix tx99 potential info leak
ath10k: fix core PCI suspend when WoWLAN is supported but disabled
ath10k: fix build errors with !CONFIG_PM
usb: musb: da8xx: fix babble condition handling
Linux 4.14.8
+
+ The following patches from the v4.14.8 stable release had already
+ been applied:
+
+ Revert "exec: avoid RLIMIT_STACK races with prlimit()"
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1740871
Title:
Bionic update to v4.14.8 stable release
Status in linux package in Ubuntu:
In Progress
Bug description:
SRU Justification
Impact:
The upstream process for stable tree updates is quite similar
in scope to the Ubuntu SRU process, e.g., each patch has to
demonstrably fix a bug, and each patch is vetted by upstream
by originating either directly from a mainline/stable Linux tree or
a minimally backported form of that patch. The v4.14.8 upstream stable
patch set is now available. It should be included in the Ubuntu
kernel as well.
git://git.kernel.org/
TEST CASE: TBD
The following patches from the v4.14.8 stable release shall be
applied:
mfd: fsl-imx25: Clean up irq settings during removal
crypto: algif_aead - fix reference counting of null skcipher
crypto: rsa - fix buffer overread when stripping leading zeroes
crypto: hmac - require that the underlying hash algorithm is unkeyed
crypto: salsa20 - fix blkcipher_walk API usage
crypto: af_alg - fix NULL pointer dereference in
cifs: fix NULL deref in SMB2_read
string.h: workaround for increased stack usage
autofs: fix careless error in recent commit
kernel: make groups_sort calling a responsibility group_info allocators
mm, oom_reaper: fix memory corruption
tracing: Allocate mask_str buffer dynamically
USB: uas and storage: Add US_FL_BROKEN_FUA for another JMicron JMS567 ID
USB: core: prevent malicious bNumInterfaces overflow
ovl: Pass ovl_get_nlink() parameters in right order
ovl: update ctx->pos on impure dir iteration
usbip: fix stub_rx: get_pipe() to validate endpoint number
usbip: fix stub_rx: harden CMD_SUBMIT path to handle malicious input
usbip: prevent vhci_hcd driver from leaking a socket pointer address
usbip: fix stub_send_ret_submit() vulnerability to null transfer_buffer
mmc: core: apply NO_CMD23 quirk to some specific cards
ceph: drop negative child dentries before try pruning inode's alias
usb: xhci: fix TDS for MTK xHCI1.1
xhci: Don't add a virt_dev to the devs array before it's fully allocated
IB/core: Bound check alternate path port number
IB/core: Don't enforce PKey security on SMI MADs
nfs: don't wait on commit in nfs_commit_inode() if there were no commit
requests
arm64: mm: Fix pte_mkclean, pte_mkdirty semantics
arm64: Initialise high_memory global variable earlier
arm64: fix CONFIG_DEBUG_WX address reporting
scsi: core: Fix a scsi_show_rq() NULL pointer dereference
scsi: libsas: fix length error in sas_smp_handler()
sched/rt: Do not pull from current CPU if only one CPU to pull
dm: fix various targets to dm_register_target after module __init resources
created
SUNRPC: Fix a race in the receive code path
iw_cxgb4: only insert drain cqes if wq is flushed
x86/boot/compressed/64: Detect and handle 5-level paging at boot-time
x86/boot/compressed/64: Print error if 5-level paging is not supported
eeprom: at24: change nvmem stride to 1
posix-timer: Properly check sigevent->sigev_notify
dmaengine: dmatest: move callback wait queue to thread context
ext4: support fast symlinks from ext3 file systems
ext4: fix fdatasync(2) after fallocate(2) operation
ext4: add missing error check in __ext4_new_inode()
ext4: fix crash when a directory's i_size is too small
IB/mlx4: Fix RSS's QPC attributes assignments
HID: cp2112: fix broken gpio_direction_input callback
sfc: don't warn on successful change of MAC
fbdev: controlfb: Add missing modes to fix out of bounds access
video: udlfb: Fix read EDID timeout
video: fbdev: au1200fb: Release some resources if a memory allocation fails
video: fbdev: au1200fb: Return an error code if a memory allocation fails
rtc: pcf8563: fix output clock rate
scsi: aacraid: use timespec64 instead of timeval
drm/amdgpu: bypass lru touch for KIQ ring submission
PM / s2idle: Clear the events_check_enabled flag
ASoC: Intel: Skylake: Fix uuid_module memory leak in failure case
dmaengine: ti-dma-crossbar: Correct am335x/am43xx mux value type
mlxsw: spectrum: Fix error return code in mlxsw_sp_port_create()
PCI/PME: Handle invalid data when reading Root Status
powerpc/powernv/cpufreq: Fix the frequency read by /proc/cpuinfo
PCI: Do not allocate more buses than available in parent
iommu/mediatek: Fix driver name
thunderbolt: tb: fix use after free in tb_activate_pcie_devices
netfilter: ipvs: Fix inappropriate output of procfs
powerpc/opal: Fix EBUSY bug in acquiring tokens
powerpc/ipic: Fix status get and status clear
powerpc/pseries/vio: Dispose of virq mapping on vdevice unregister
platform/x86: intel_punit_ipc: Fix resource ioremap warning
target/iscsi: Detect conn_cmd_list corruption early
target/iscsi: Fix a race condition in iscsit_add_reject_from_cmd()
iscsi-target: fix memory leak in lio_target_tiqn_addtpg()
target:fix condition return in core_pr_dump_initiator_port()
target/file: Do not return error for UNMAP if length is zero
badblocks: fix wrong return value in badblocks_set if badblocks are disabled
iommu/amd: Limit the IOVA page range to the specified addresses
xfs: truncate pagecache before writeback in xfs_setattr_size()
arm-ccn: perf: Prevent module unload while PMU is in use
crypto: tcrypt - fix buffer lengths in test_aead_speed()
mm: Handle 0 flags in _calc_vm_trans() macro
net: hns3: fix for getting advertised_caps in hns3_get_link_ksettings
net: hns3: Fix a misuse to devm_free_irq
staging: rtl8188eu: Revert part of "staging: rtl8188eu: fix comments with
lines over 80 characters"
clk: mediatek: add the option for determining PLL source clock
clk: imx: imx7d: Fix parent clock for OCRAM_CLK
clk: imx6: refine hdmi_isfr's parent to make HDMI work on i.MX6 SoCs w/o VPU
media: camss-vfe: always initialize reg at vfe_set_xbar_cfg()
clk: hi6220: mark clock cs_atb_syspll as critical
blk-mq-sched: dispatch from scheduler IFF progress is made in ->dispatch
clk: tegra: Use readl_relaxed_poll_timeout_atomic() in tegra210_clock_init()
clk: tegra: Fix cclk_lp divisor register
ppp: Destroy the mutex when cleanup
ASoC: rsnd: rsnd_ssi_run_mods() needs to care ssi_parent_mod
thermal/drivers/step_wise: Fix temperature regulation misbehavior
misc: pci_endpoint_test: Fix failure path return values in probe
misc: pci_endpoint_test: Avoid triggering a BUG()
scsi: scsi_debug: write_same: fix error report
GFS2: Take inode off order_write list when setting jdata flag
media: usbtv: fix brightness and contrast controls
rpmsg: glink: Initialize the "intent_req_comp" completion variable
bcache: explicitly destroy mutex while exiting
bcache: fix wrong cache_misses statistics
Ib/hfi1: Return actual operational VLs in port info query
Bluetooth: hci_ldisc: Fix another race when closing the tty.
arm64: prevent regressions in compressed kernel image size when upgrading to
binutils 2.27
btrfs: fix false EIO for missing device
btrfs: Explicitly handle btrfs_update_root failure
btrfs: undo writable superblocke when sprouting fails
btrfs: avoid null pointer dereference on fs_info when calling btrfs_crit
btrfs: tests: Fix a memory leak in error handling path in 'run_test()'
qtnfmac: modify full Tx queue error reporting
mtd: spi-nor: stm32-quadspi: Fix uninitialized error return code
ARM64: dts: meson-gxbb-odroidc2: fix usb1 power supply
Bluetooth: btusb: Add new NFA344A entry.
samples/bpf: adjust rlimit RLIMIT_MEMLOCK for xdp1
liquidio: fix kernel panic in VF driver
platform/x86: hp_accel: Add quirk for HP ProBook 440 G4
nvme: use kref_get_unless_zero in nvme_find_get_ns
l2tp: cleanup l2tp_tunnel_delete calls
xfs: fix log block underflow during recovery cycle verification
xfs: return a distinct error code value for IGET_INCORE cache misses
xfs: fix incorrect extent state in xfs_bmap_add_extent_unwritten_real
net: dsa: lan9303: Do not disable switch fabric port 0 at .probe
net: hns3: fix a bug in hclge_uninit_client_instance
net: hns3: add nic_client check when initialize roce base information
net: hns3: fix the bug of hns3_set_txbd_baseinfo
RDMA/cxgb4: Declare stag as __be32
PCI: Detach driver before procfs & sysfs teardown on device remove
scsi: hisi_sas: fix the risk of freeing slot twice
scsi: hpsa: cleanup sas_phy structures in sysfs when unloading
scsi: hpsa: destroy sas transport properties before scsi_host
mfd: mxs-lradc: Fix error handling in mxs_lradc_probe()
net: hns3: fix the TX/RX ring.queue_index in hns3_ring_get_cfg
net: hns3: fix the bug when map buffer fail
net: hns3: fix a bug when alloc new buffer
serdev: ttyport: enforce tty-driver open() requirement
powerpc/perf/hv-24x7: Fix incorrect comparison in memord
powerpc/xmon: Check before calling xive functions
soc: mediatek: pwrap: fix compiler errors
ipv4: ipv4_default_advmss() should use route mtu
KVM: nVMX: Fix EPT switching advertising
tty fix oops when rmmod 8250
dev/dax: fix uninitialized variable build warning
pinctrl: adi2: Fix Kconfig build problem
raid5: Set R5_Expanded on parity devices as well as data.
scsi: scsi_devinfo: Add REPORTLUN2 to EMC SYMMETRIX blacklist entry
IB/core: Fix use workqueue without WQ_MEM_RECLAIM
IB/core: Fix calculation of maximum RoCE MTU
vt6655: Fix a possible sleep-in-atomic bug in vt6655_suspend
IB/hfi1: Mask out A bit from psn trace
rtl8188eu: Fix a possible sleep-in-atomic bug in rtw_createbss_cmd
rtl8188eu: Fix a possible sleep-in-atomic bug in rtw_disassoc_cmd
ipmi_si: fix memory leak on new_smi
nullb: fix error return code in null_init()
scsi: sd: change manage_start_stop to bool in sysfs interface
scsi: sd: change allow_restart to bool in sysfs interface
scsi: bfa: integer overflow in debugfs
raid5-ppl: check recovery_offset when performing ppl recovery
md-cluster: fix wrong condition check in raid1_write_request
xprtrdma: Don't defer fencing an async RPC's chunks
udf: Avoid overflow when session starts at large offset
macvlan: Only deliver one copy of the frame to the macvlan interface
IB/core: Fix endianness annotation in rdma_is_multicast_addr()
RDMA/cma: Avoid triggering undefined behavior
IB/ipoib: Grab rtnl lock on heavy flush when calling ndo_open/stop
icmp: don't fail on fragment reassembly time exceeded
lightnvm: pblk: prevent gc kicks when gc is not operational
lightnvm: pblk: fix changing GC group list for a line
lightnvm: pblk: use right flag for GC allocation
lightnvm: pblk: initialize debug stat counter
lightnvm: pblk: fix min size for page mempool
lightnvm: pblk: protect line bitmap while submitting meta io
ath9k: fix tx99 potential info leak
ath10k: fix core PCI suspend when WoWLAN is supported but disabled
ath10k: fix build errors with !CONFIG_PM
usb: musb: da8xx: fix babble condition handling
Linux 4.14.8
The following patches from the v4.14.8 stable release had
already been applied:
Revert "exec: avoid RLIMIT_STACK races with prlimit()"
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1740871/+subscriptions
--
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help : https://help.launchpad.net/ListHelp
