Ubuntu
linux package

Bionic update: upstream stable patchset 2019-08-27

Bug #1841652 reported by Kamal Mostafa on 2019-08-27

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	linux (Ubuntu)	Invalid	Undecided	Unassigned
	Bionic	Fix Released	Undecided	Kamal Mostafa

Bug Description

SRU Justification

    Impact:
       The upstream process for stable tree updates is quite similar
       in scope to the Ubuntu SRU process, e.g., each patch has to
       demonstrably fix a bug, and each patch is vetted by upstream
       by originating either directly from a mainline/stable Linux tree or
       a minimally backported form of that patch. The following upstream
       stable patches should be included in the Ubuntu kernel:

upstream stable patchset 2019-08-27

Ported from the following upstream stable releases:
v4.14.140, v4.19.68

from git://git.kernel.org/

sh: kernel: hw_breakpoint: Fix missing break in switch statement
mm/usercopy: use memory range to be accessed for wraparound check
mm/memcontrol.c: fix use after free in mem_cgroup_iter()
bpf: get rid of pure_initcall dependency to enable jits
bpf: restrict access to core bpf sysctls
bpf: add bpf_jit_limit knob to restrict unpriv allocations
xtensa: add missing isync to the cpu_reset TLB code
ALSA: hda - Apply workaround for another AMD chip 1022:1487
ALSA: hda - Fix a memory leak bug
ALSA: hda - Add a generic reboot_notify
ALSA: hda - Let all conexant codec enter D3 when rebooting
HID: holtek: test for sanity of intfdata
HID: hiddev: avoid opening a disconnected device
HID: hiddev: do cleanup in failure of opening a device
Input: kbtab - sanity check for endpoint type
Input: iforce - add sanity checks
net: usb: pegasus: fix improper read if get_registers() fail
netfilter: ebtables: also count base chain policies
clk: at91: generated: Truncate divisor to GENERATED_MAX_DIV + 1
clk: renesas: cpg-mssr: Fix reset control race condition
xen/pciback: remove set but not used variable 'old_state'
irqchip/gic-v3-its: Free unused vpt_page when alloc vpe table fail
irqchip/irq-imx-gpcv2: Forward irq type to parent
perf header: Fix divide by zero error if f_header.attr_size==0
perf header: Fix use of unitialized value warning
libata: zpodd: Fix small read overflow in zpodd_get_mech_type()
drm/bridge: lvds-encoder: Fix build error while CONFIG_DRM_KMS_HELPER=m
scsi: hpsa: correct scsi command status issue after reset
scsi: qla2xxx: Fix possible fcport null-pointer dereferences
ata: libahci: do not complain in case of deferred probe
kbuild: modpost: handle KBUILD_EXTRA_SYMBOLS only for external modules
arm64/efi: fix variable 'si' set but not used
arm64: unwind: Prohibit probing on return_address()
arm64/mm: fix variable 'pud' set but not used
IB/core: Add mitigation for Spectre V1
IB/mad: Fix use-after-free in ib mad completion handling
drm: msm: Fix add_gpu_components
ocfs2: remove set but not used variable 'last_hash'
asm-generic: fix -Wtype-limits compiler warnings
UBUNTU: [Packaging] update retpoline for get_order rework
KVM: arm/arm64: Sync ICH_VMCR_EL2 back when about to block
staging: comedi: dt3000: Fix signed integer overflow 'divider * base'
staging: comedi: dt3000: Fix rounding up of timer divisor
iio: adc: max9611: Fix temperature reading in probe
USB: core: Fix races in character device registration and deregistraion
usb: gadget: udc: renesas_usb3: Fix sysfs interface of "role"
usb: cdc-acm: make sure a refcount is taken early enough
USB: CDC: fix sanity checks in CDC union parser
USB: serial: option: add D-Link DWM-222 device ID
USB: serial: option: Add support for ZTE MF871A
USB: serial: option: add the BroadMobi BM818 card
USB: serial: option: Add Motorola modem UARTs
bpf: fix bpf_jit_limit knob for PAGE_SIZE >= 64K
arm64: ftrace: Ensure module ftrace trampoline is coherent with I-side
netfilter: conntrack: Use consistent ct id hash calculation
Input: psmouse - fix build error of multiple definition
iommu/amd: Move iommu_init_pci() to .init section
bnx2x: Fix VF's VLAN reconfiguration in reload.
net/mlx4_en: fix a memory leak bug
net/packet: fix race in tpacket_snd()
sctp: fix the transport error_count check
xen/netback: Reset nr_frags before freeing skb
net/mlx5e: Only support tx/rx pause setting for port owner
net/mlx5e: Use flow keys dissector to parse packets for ARFS
team: Add vlan tx offload to hw_enc_features
bonding: Add vlan tx offload to hw_enc_features
mmc: sdhci-of-arasan: Do now show error message in case of deffered probe
xfrm: policy: remove pcpu policy cache
mm/hmm: fix bad subpage pointer in try_to_unmap_one
mm: mempolicy: make the behavior consistent when MPOL_MF_MOVE* and MPOL_MF_STRICT were specified
mm: mempolicy: handle vma with unmovable pages mapped correctly in mbind
riscv: Make __fstate_clean() work correctly.
Revert "kmemleak: allow to coexist with fault injection"
sctp: fix memleak in sctp_send_reset_streams
UBUNTU: upstream stable to v4.14.140, v4.19.68

See original description

Tags:

CVE References

2018-20976

Kamal Mostafa (kamalmostafa) on 2019-08-27

Changed in linux (Ubuntu):
status:	New → Confirmed
tags:	added: kernel-stable-tracking-bug
Changed in linux (Ubuntu Bionic):
status:	New → In Progress
assignee:	nobody → Kamal Mostafa (kamalmostafa)
description:	updated

Kleber Sacilotto de Souza (kleber-souza) on 2019-09-03

Changed in linux (Ubuntu Bionic):
status:	In Progress → Fix Committed

Revision history for this message

Launchpad Janitor (janitor) wrote on 2019-09-30:

Download full text (20.2 KiB)

This bug was fixed in the package linux - 4.15.0-65.74

---------------
linux (4.15.0-65.74) bionic; urgency=medium

* bionic/linux: 4.15.0-65.74 -proposed tracker (LP: #1844403)

  * arm64: large modules fail to load (LP: #1841109)
    - arm64/kernel: kaslr: reduce module randomization range to 4 GB
    - arm64/kernel: don't ban ADRP to work around Cortex-A53 erratum #843419
    - arm64: fix undefined reference to 'printk'
    - arm64/kernel: rename module_emit_adrp_veneer->module_emit_veneer_for_adrp
    - [config] Remove CONFIG_ARM64_MODULE_CMODEL_LARGE

* CVE-2018-20976
- xfs: clear sb->s_fs_info on mount failure

  * br_netfilter: namespace sysctl operations (LP: #1836910)
    - net: bridge: add bitfield for options and convert vlan opts
    - net: bridge: convert nf call options to bits
    - netfilter: bridge: port sysctls to use brnf_net
    - netfilter: bridge: namespace bridge netfilter sysctls
    - netfilter: bridge: prevent UAF in brnf_exit_net()

* tuntap: correctly set SOCKWQ_ASYNC_NOSPACE (LP: #1830756)
- tuntap: correctly set SOCKWQ_ASYNC_NOSPACE

This bug was fixed in the package linux - 4.15.0-65.74

---------------
linux (4.15.0-65.74) bionic; urgency=medium

* bionic/linux: 4.15.0-65.74 -proposed tracker (LP: #1844403)

* CVE-2018-20976
    - xfs: clear sb->s_fs_info on mount failure

* tuntap: correctly set SOCKWQ_ASYNC_NOSPACE (LP: #1830756)
    - tuntap: correctly set SOCKWQ_ASYNC_NOSPACE

* Bionic update: upstream stable patchset 2019-08-30 (LP: #1842114)
    - HID: Add 044f:b320 ThrustMaster, Inc. 2 in 1 DT
    - MIPS: kernel: only use i8253 clocksource with periodic clockevent
    - mips: fix cacheinfo
    - netfilter: ebtables: fix a memory leak bug in compat
    - ASoC: dapm: Fix handling of custom_stop_condition on DAPM graph walks
    - bonding: Force slave speed check after link state recovery for 802.3ad
    - can: dev: call netif_carrier_off() in register_candev()
    - ASoC: Fail card instantiation if DAI format setup fails
    - st21nfca_connectivity_event_received: null check the allocation
    - st_nci_hci_connectivity_event_received: null check the allocation
    - ASoC: ti: davinci-mcasp: Correct slot_width posed constraint
    - net: usb: qmi_wwan: Add the BroadMobi BM818 card
    - qed: RDMA - Fix the hw_ver returned in device attributes
    - isdn: mISDN: hfcsusb: Fix possible null-pointer dereferences in
      start_isoc_chain()
    - netfilter: ipset: Fix rename concurrency with listing
    - isdn: hfcsusb: Fix mISDN driver crash caused by transfer buffer on the stack
    - perf bench numa: Fix cpu0 binding
    - can: sja1000: force the string buffer NULL-terminated
    - can: peak_usb: force the string buffer NULL-terminated
    - net/ethernet/qlogic/qed: force the string buffer NULL-terminated
    - NFSv4: Fix a potential sleep while atomic in nfs4_do_reclaim()
    - HID: input: fix a4tech horizontal wheel custom usage
    - SMB3: Kernel oops mounting a encryptData share with CONFIG_DEBUG_VIRTUAL
    - net: cxgb3_main: Fix a resource leak in a error path in 'init_one()'
    - net: hisilicon: make hip04_tx_reclaim non-reentrant
    - net: hisilicon: fix hip04-xmit never return TX_BUSY
    - net: hisilicon: Fix dma_map_single failed on arm64
    - libata: have ata_scsi_rw_xlat() fail invalid passthrough requests
    - libata: add SG safety checks in SFF pio transfers
    - x86/lib/cpu: Address missing prototypes warning
    - drm/vmwgfx: fix memory leak when too many retries have occurred
    - perf ftrace: Fix failure to set cpumask when only one cpu is present
    - perf cpumap: Fix writing to illegal memory in handling cpumap mask
    - perf pmu-events: Fix missing "cpu_clk_unhalted.core" event
    - selftests: kvm: Adding config fragments
    - HID: wacom: correct misreported EKR ring values
    - HID: wacom: Correct distance scale for 2nd-gen Intuos devices
    - Revert "dm bufio: fix deadlock with loop device"
    - ceph: don't try fill file_lock on unsuccessful GETFILELOCK reply
    - libceph: fix PG split vs OSD (re)connect race
    - drm/nouveau: Don't retry infinitely when receiving no data on i2c over AUX
    - gpiolib: never report open-drain/source lines as 'input' to user-space
    - userfaultfd_release: always remove uffd flags and clear vm_userfaultfd_ctx
    - x86/retpoline: Don't clobber RFLAGS during CALL_NOSPEC on i386
    - x86/apic: Handle missing global clockevent gracefully
    - x86/CPU/AMD: Clear RDRAND CPUID bit on AMD family 15h/16h
    - x86/boot: Save fields explicitly, zero out everything else
    - x86/boot: Fix boot regression caused by bootparam sanitizing
    - dm kcopyd: always complete failed jobs
    - dm btree: fix order of block initialization in btree_split_beneath
    - dm space map metadata: fix missing store of apply_bops() return value
    - dm table: fix invalid memory accesses with too high sector number
    - dm zoned: improve error handling in reclaim
    - dm zoned: improve error handling in i/o map code
    - dm zoned: properly handle backing device failure
    - genirq: Properly pair kobject_del() with kobject_add()
    - mm, page_owner: handle THP splits correctly
    - mm/zsmalloc.c: migration can leave pages in ZS_EMPTY indefinitely
    - mm/zsmalloc.c: fix race condition in zs_destroy_pool
    - xfs: fix missing ILOCK unlock when xfs_setattr_nonsize fails due to EDQUOT
    - dm zoned: fix potential NULL dereference in dmz_do_reclaim()
    - powerpc: Allow flush_(inval_)dcache_range to work across ranges >4GB
    - can: mcp251x: add error check when wq alloc failed
    - netfilter: ipset: Actually allow destination MAC address for hash:ip,mac
      sets too
    - netfilter: ipset: Copy the right MAC address in bitmap:ip,mac and
      hash:ip,mac sets
    - rxrpc: Fix the lack of notification when sendmsg() fails on a DATA packet
    - net: phy: phy_led_triggers: Fix a possible null-pointer dereference in
      phy_led_trigger_change_speed()
    - NFS: Fix regression whereby fscache errors are appearing on 'nofsc' mounts
    - net: stmmac: Fix issues when number of Queues >= 4
    - KVM: arm64: Don't write junk to sysregs on reset
    - KVM: arm: Don't write junk to CP15 registers on reset
    - xfs: don't trip over uninitialized buffer on extent read of corrupted inode
    - xfs: Move fs/xfs/xfs_attr.h to fs/xfs/libxfs/xfs_attr.h
    - xfs: Add helper function xfs_attr_try_sf_addname
    - xfs: Add attibute remove and helper functions

* Bionic update: upstream stable patchset 2019-08-27 (LP: #1841652)
    - sh: kernel: hw_breakpoint: Fix missing break in switch statement
    - mm/usercopy: use memory range to be accessed for wraparound check
    - mm/memcontrol.c: fix use after free in mem_cgroup_iter()
    - bpf: get rid of pure_initcall dependency to enable jits
    - bpf: restrict access to core bpf sysctls
    - bpf: add bpf_jit_limit knob to restrict unpriv allocations
    - xtensa: add missing isync to the cpu_reset TLB code
    - ALSA: hda - Apply workaround for another AMD chip 1022:1487
    - ALSA: hda - Fix a memory leak bug
    - HID: holtek: test for sanity of intfdata
    - HID: hiddev: avoid opening a disconnected device
    - HID: hiddev: do cleanup in failure of opening a device
    - Input: kbtab - sanity check for endpoint type
    - Input: iforce - add sanity checks
    - net: usb: pegasus: fix improper read if get_registers() fail
    - netfilter: ebtables: also count base chain policies
    - clk: at91: generated: Truncate divisor to GENERATED_MAX_DIV + 1
    - clk: renesas: cpg-mssr: Fix reset control race condition
    - xen/pciback: remove set but not used variable 'old_state'
    - irqchip/gic-v3-its: Free unused vpt_page when alloc vpe table fail
    - irqchip/irq-imx-gpcv2: Forward irq type to parent
    - perf header: Fix divide by zero error if f_header.attr_size==0
    - perf header: Fix use of unitialized value warning
    - libata: zpodd: Fix small read overflow in zpodd_get_mech_type()
    - drm/bridge: lvds-encoder: Fix build error while CONFIG_DRM_KMS_HELPER=m
    - scsi: hpsa: correct scsi command status issue after reset
    - scsi: qla2xxx: Fix possible fcport null-pointer dereferences
    - ata: libahci: do not complain in case of deferred probe
    - kbuild: modpost: handle KBUILD_EXTRA_SYMBOLS only for external modules
    - arm64/efi: fix variable 'si' set but not used
    - arm64: unwind: Prohibit probing on return_address()
    - arm64/mm: fix variable 'pud' set but not used
    - IB/core: Add mitigation for Spectre V1
    - IB/mad: Fix use-after-free in ib mad completion handling
    - drm: msm: Fix add_gpu_components
    - ocfs2: remove set but not used variable 'last_hash'
    - asm-generic: fix -Wtype-limits compiler warnings
    - KVM: arm/arm64: Sync ICH_VMCR_EL2 back when about to block
    - staging: comedi: dt3000: Fix signed integer overflow 'divider * base'
    - staging: comedi: dt3000: Fix rounding up of timer divisor
    - iio: adc: max9611: Fix temperature reading in probe
    - USB: core: Fix races in character device registration and deregistraion
    - usb: gadget: udc: renesas_usb3: Fix sysfs interface of "role"
    - usb: cdc-acm: make sure a refcount is taken early enough
    - USB: CDC: fix sanity checks in CDC union parser
    - USB: serial: option: add D-Link DWM-222 device ID
    - USB: serial: option: Add support for ZTE MF871A
    - USB: serial: option: add the BroadMobi BM818 card
    - USB: serial: option: Add Motorola modem UARTs
    - bpf: fix bpf_jit_limit knob for PAGE_SIZE >= 64K
    - arm64: ftrace: Ensure module ftrace trampoline is coherent with I-side
    - netfilter: conntrack: Use consistent ct id hash calculation
    - Input: psmouse - fix build error of multiple definition
    - iommu/amd: Move iommu_init_pci() to .init section
    - bnx2x: Fix VF's VLAN reconfiguration in reload.
    - net/mlx4_en: fix a memory leak bug
    - net/packet: fix race in tpacket_snd()
    - sctp: fix the transport error_count check
    - xen/netback: Reset nr_frags before freeing skb
    - net/mlx5e: Only support tx/rx pause setting for port owner
    - net/mlx5e: Use flow keys dissector to parse packets for ARFS
    - team: Add vlan tx offload to hw_enc_features
    - bonding: Add vlan tx offload to hw_enc_features
    - mmc: sdhci-of-arasan: Do now show error message in case of deffered probe
    - xfrm: policy: remove pcpu policy cache
    - mm/hmm: fix bad subpage pointer in try_to_unmap_one
    - mm: mempolicy: make the behavior consistent when MPOL_MF_MOVE* and
      MPOL_MF_STRICT were specified
    - mm: mempolicy: handle vma with unmovable pages mapped correctly in mbind
    - riscv: Make __fstate_clean() work correctly.
    - Revert "kmemleak: allow to coexist with fault injection"
    - sctp: fix memleak in sctp_send_reset_streams

* Bionic update: upstream stable patchset 2019-08-16 (LP: #1840520)
    - iio: adc: max9611: Fix misuse of GENMASK macro
    - crypto: ccp - Fix oops by properly managing allocated structures
    - crypto: ccp - Ignore tag length when decrypting GCM ciphertext
    - usb: usbfs: fix double-free of usb memory upon submiturb error
    - usb: iowarrior: fix deadlock on disconnect
    - sound: fix a memory leak bug
    - mmc: cavium: Set the correct dma max segment size for mmc_host
    - mmc: cavium: Add the missing dma unmap when the dma has finished.
    - loop: set PF_MEMALLOC_NOIO for the worker thread
    - Input: synaptics - enable RMI mode for HP Spectre X360
    - lkdtm: support llvm-objcopy
    - crypto: ccp - Validate buffer lengths for copy operations
    - crypto: ccp - Add support for valid authsize values less than 16
    - perf annotate: Fix s390 gap between kernel end and module start
    - perf db-export: Fix thread__exec_comm()
    - perf record: Fix module size on s390
    - usb: host: xhci-rcar: Fix timeout in xhci_suspend()
    - usb: yurex: Fix use-after-free in yurex_delete
    - can: rcar_canfd: fix possible IRQ storm on high load
    - can: peak_usb: fix potential double kfree_skb()
    - netfilter: nfnetlink: avoid deadlock due to synchronous request_module
    - vfio-ccw: Set pa_nr to 0 if memory allocation fails for pa_iova_pfn
    - netfilter: Fix rpfilter dropping vrf packets by mistake
    - netfilter: nft_hash: fix symhash with modulus one
    - scripts/sphinx-pre-install: fix script for RHEL/CentOS
    - iscsi_ibft: make ISCSI_IBFT dependson ACPI instead of ISCSI_IBFT_FIND
    - mac80211: don't warn about CW params when not using them
    - hwmon: (nct6775) Fix register address and added missed tolerance for nct6106
    - drm: silence variable 'conn' set but not used
    - cpufreq/pasemi: fix use-after-free in pas_cpufreq_cpu_init()
    - s390/qdio: add sanity checks to the fast-requeue path
    - ALSA: compress: Fix regression on compressed capture streams
    - ALSA: compress: Prevent bypasses of set_params
    - ALSA: compress: Don't allow paritial drain operations on capture streams
    - ALSA: compress: Be more restrictive about when a drain is allowed
    - perf tools: Fix proper buffer size for feature processing
    - perf probe: Avoid calling freeing routine multiple times for same pointer
    - drbd: dynamically allocate shash descriptor
    - ACPI/IORT: Fix off-by-one check in iort_dev_find_its_id()
    - ARM: davinci: fix sleep.S build error on ARMv4
    - scsi: megaraid_sas: fix panic on loading firmware crashdump
    - scsi: ibmvfc: fix WARN_ON during event pool release
    - scsi: scsi_dh_alua: always use a 2 second delay before retrying RTPG
    - test_firmware: fix a memory leak bug
    - tty/ldsem, locking/rwsem: Add missing ACQUIRE to read_failed sleep loop
    - perf/core: Fix creating kernel counters for PMUs that override event->cpu
    - HID: sony: Fix race condition between rumble and device remove.
    - can: peak_usb: pcan_usb_pro: Fix info-leaks to USB devices
    - can: peak_usb: pcan_usb_fd: Fix info-leaks to USB devices
    - hwmon: (nct7802) Fix wrong detection of in4 presence
    - drm/i915: Fix wrong escape clock divisor init for GLK
    - ALSA: firewire: fix a memory leak bug
    - ALSA: hda - Don't override global PCM hw info flag
    - ALSA: hda - Workaround for crackled sound on AMD controller (1022:1457)
    - mac80211: don't WARN on short WMM parameters from AP
    - SMB3: Fix deadlock in validate negotiate hits reconnect
    - smb3: send CAP_DFS capability during session setup
    - NFSv4: Only pass the delegation to setattr if we're sending a truncate
    - NFSv4: Fix an Oops in nfs4_do_setattr
    - KVM: Fix leak vCPU's VMCS value into other pCPU
    - mwifiex: fix 802.11n/WPA detection
    - iwlwifi: don't unmap as page memory that was mapped as single
    - iwlwifi: mvm: fix an out-of-bound access
    - iwlwifi: mvm: don't send GEO_TX_POWER_LIMIT on version < 41
    - iwlwifi: mvm: fix version check for GEO_TX_POWER_LIMIT support
    - iio: cros_ec_accel_legacy: Fix incorrect channel setting
    - staging: android: ion: Bail out upon SIGKILL when allocating memory.
    - x86/purgatory: Use CFLAGS_REMOVE rather than reset KBUILD_CFLAGS
    - usb: typec: tcpm: free log buf memory when remove debug file
    - usb: typec: tcpm: remove tcpm dir if no children
    - usb: typec: tcpm: Add NULL check before dereferencing config
    - netfilter: conntrack: always store window size un-scaled
    - drm/amd/display: Wait for backlight programming completion in set backlight
      level
    - drm/amd/display: use encoder's engine id to find matched free audio device
    - drm/amd/display: Fix dc_create failure handling and 666 color depths
    - drm/amd/display: Only enable audio if speaker allocation exists
    - drm/amd/display: Increase size of audios array
    - allocate_flower_entry: should check for null deref
    - s390/dma: provide proper ARCH_ZONE_DMA_BITS value
    - ALSA: hiface: fix multiple memory leak bugs

* Bionic update: upstream stable patchset 2019-08-15 (LP: #1840378)
    - scsi: fcoe: Embed fc_rport_priv in fcoe_rport structure
    - ARM: dts: Add pinmuxing for i2c2 and i2c3 for LogicPD SOM-LV
    - ARM: dts: Add pinmuxing for i2c2 and i2c3 for LogicPD torpedo
    - HID: wacom: fix bit shift for Cintiq Companion 2
    - HID: Add quirk for HP X1200 PIXART OEM mouse
    - RDMA: Directly cast the sockaddr union to sockaddr
    - IB: directly cast the sockaddr union to aockaddr
    - atm: iphase: Fix Spectre v1 vulnerability
    - ife: error out when nla attributes are empty
    - ip6_tunnel: fix possible use-after-free on xmit
    - net: bridge: delete local fdb on device init failure
    - net: bridge: mcast: don't delete permanent entries when fast leave is
      enabled
    - net: fix ifindex collision during namespace removal
    - net/mlx5: Use reversed order when unregister devices
    - net: phylink: Fix flow control for fixed-link
    - net: sched: Fix a possible null-pointer dereference in dequeue_func()
    - NFC: nfcmrvl: fix gpio-handling regression
    - tipc: compat: allow tipc commands without arguments
    - compat_ioctl: pppoe: fix PPPOEIOCSFWD handling
    - net/mlx5e: Prevent encap flow counter update async to user query
    - tun: mark small packets as owned by the tap sock
    - mvpp2: refactor MTU change code
    - bnx2x: Disable multi-cos feature.
    - cgroup: Call cgroup_release() before __exit_signal()
    - cgroup: Implement css_task_iter_skip()
    - cgroup: Include dying leaders with live threads in PROCS iterations
    - cgroup: css_task_iter_skip()'d iterators must be advanced before accessed
    - cgroup: Fix css_task_iter_advance_css_set() cset skip condition
    - spi: bcm2835: Fix 3-wire mode if DMA is enabled
    - driver core: Establish order of operations for device_add and device_del via
      bitflag
    - drivers/base: Introduce kill_device()
    - libnvdimm/bus: Prevent duplicate device_unregister() calls
    - libnvdimm/region: Register badblocks before namespaces
    - libnvdimm/bus: Prepare the nd_ioctl() path to be re-entrant
    - libnvdimm/bus: Fix wait_nvdimm_bus_probe_idle() ABBA deadlock
    - ipip: validate header length in ipip_tunnel_xmit
    - mvpp2: fix panic on module removal
    - net/mlx5: Fix modify_cq_in alignment
    - r8169: don't use MSI before RTL8168d

* VIMC module not available (CONFIG_VIDEO_VIMC not set) (LP: #1831482)
    - [Config] Enable VIMC module

* reboot will introduce an alarm 'beep ...' during BIOS phase (LP: #1840395)
    - ALSA: hda - Let all conexant codec enter D3 when rebooting
    - ALSA: hda - Add a generic reboot_notify

* Include Sunix serial/parallel driver (LP: #1826716)
    - serial: 8250_pci: Add support for Sunix serial boards
    - parport: parport_serial: Add support for Sunix Multi I/O boards

* Intel HDMI audio print "Unable to sync register" errors (LP: #1840394)
    - ALSA: hda - Don't resume forcibly i915 HDMI/DP codec

* Support cpufreq, thermal sensors & cooling cells on iMX6Q based Nitrogen6x
    board (LP: #1840437)
    - arm: imx: Add MODULE_ALIAS for cpufreq
    - ARM: dts: imx: Add missing OPP properties for CPUs
    - ARM: dts: imx7d: use operating-points-v2 for cpu
    - ARM: dts: imx7d: remove "operating-points" property for cpu1
    - ARM: dts: imx: add cooling-cells for cpufreq cooling device
    - ARM: dts: imx6: add thermal sensor and cooling cells

* hns3: ring buffer race leads can cause corruption (LP: #1840717)
    - net: hns3: minor optimization for ring_space
    - net: hns3: fix data race between ring->next_to_clean
    - net: hns3: optimize the barrier using when cleaning TX BD

* Bionic build broken if CONFIG_MODVERSIONS enabled (LP: #1840321)
    - Revert "genksyms: Teach parser about 128-bit built-in types"

* [bionic] drm/i915: softpin broken, needs to be fixed for 32bit mesa
    (LP: #1815172)
    - SAUCE: drm/i915: Partially revert d6edad3777c28ea

* Goodix touchpad may drop first input event (LP: #1840075)
    - mfd: intel-lpss: Remove D3cold delay

* NULL pointer dereference when Inserting the VIMC module (LP: #1840028)
    - media: vimc: fix component match compare

* Fix touchpad IRQ storm after S3 (LP: #1841396)
    - pinctrl: intel: remap the pin number to gpio offset for irq enabled pin

* [SRU][B/OEM-B/OEM-OSP1/D] UBUNTU: SAUCE: enable middle button for one more
    ThinkPad (LP: #1841722)
    - SAUCE: Input: elantech - enable middle button for one more ThinkPad

* Test 391/u and 391/p from ubuntu_bpf failed on B (LP: #1841704)
    - SAUCE: Fix "bpf: improve verifier branch analysis"

* crypto/testmgr.o fails to build due to struct cipher_testvec not having data
    members: ctext, ptext, len (LP: #1841264)
    - SAUCE: Revert "crypto: testmgr - add AES-CFB tests"

* Bionic QEMU with Bionic Kernel hangs in AMD FX-8350 with cpu-host as
    passthrough (LP: #1834522)
    - KVM: SVM: install RSM intercept
    - KVM: x86: SVM: Set EMULTYPE_NO_REEXECUTE for RSM emulation

-- Kleber Sacilotto de Souza <kleber.souza@canonical.com>  Tue, 17 Sep 2019 18:12:26 +0200

Changed in linux (Ubuntu Bionic):
status:	Fix Committed → Fix Released

Po-Hsu Lin (cypressyew) on 2019-10-03

Changed in linux (Ubuntu):
status:	Confirmed → Invalid

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.

Ubuntulinux package