New Kernels released and You Must Upgrade NOW

From LinuxReviews
Jump to navigationJump to search
Tux.png

Greg Kroah-Hartman and the kernel team released new versions of all the stable kernel branches, specifically 5.1.6, 5.0.20, 5.14.123, 4.19.47 and 4.9.180, on May 31th 2019. The Greg attached statements like "All users of the 5.1 kernel series must upgrade" to ALL these releases.

This raises the obvious question Why, why Must[1] we Upgrade? We actually spent some time looking into this and the mystery remains unsolved.

Do note that the urgency is not just attached to the release of 5.1.6. It's everywhere. "All users of the 4.9 kernel series must upgrade."[2], "All users of the 4.14 kernel series must upgrade."[3]. We could go on but you get the idea: You must upgrade NOW.

It would be nice to tell you exactly why but it's not immediately apparent and obvious when looking at the changes.

The log for kernels 5.0.20 and 5.1.6 has this change:

  • ext4: wait for outstanding dio during truncate in nojournal mode

But that only affects those two kernels so that's not it.

All of them appears to have this fix:

  • ext4: do not delete unlinked inode from orphan list on failed truncate

File system corruption is a concern and that could be it but it's just a guess. The overly aggressive trimming on SSDs problem was fixed in 5.1.5 and that only affected kernel series 5.1.

There's probably some clue in the Linux Kernel Mailing List. Whatever the reason is for the urgency to upgrade it's something bad which affects all the stable-series kernels going back to 4.9.x and likely older kernels too.

Common Changes in 4.9.180 to 5.1.6

While this list is long and not at all very helpful it may be somewhat useful; the following is a list of changes present in all these new kernel releases. The new kernel releases have a lot of changes specific to their branch (4.9.x, 5.1.x, etc) but there are also many that are present in all of them. The following list is filtered by presence in all the new kernels. Thus; whatever change caused the "must upgrade" remark is in there - somewhere.

  • spi : spi-topcliff-pch: Fix to handle empty DMA buffers
  • media: ov2659: make S_FMT succeed even if requested format doesn't match
  • USB: core: Don't unbind interfaces following device reset failure
  • media: vivid: use vfree() instead of kfree() for dev->bitmap_cap
  • mmc: core: make pwrseq_emmc (partially) support sleepy GPIO controllers
  • bio: fix improper use of smp_mb__before_atomic()
  • gfs2: Fix sign extension bug in gfs2_update_stats
  • ASoC: imx: fix fiq dependencies
  • bcache: avoid clang -Wunintialized warning
  • s390: cio: fix cio_irb declaration
  • b43: shut up clang -Wuninitialized variable warning
  • scsi: qla4xxx: avoid freeing unallocated dma memory
  • media: go7007: avoid clang frame overflow warning with KASAN
  • media: saa7146: avoid high stack usage with clang
  • ASoC: davinci-mcasp: Fix clang warning without CONFIG_PM
  • scsi: qla2xxx: Fix a qla24xx_enable_msix() error path
  • powerpc/boot: Fix missing check of lseek() return value
  • extcon: arizona: Disable mic detect if running when driver is removed
  • chardev: add additional check for minor range overlap
  • spi: Fix zero length xfer bug
  • drm: Wake up next in drm_read() chain if we are forced to putback the event
  • RDMA/cxgb4: Fix null pointer dereference on alloc_skb failure
  • bcache: return error immediately in bch_journal_replay()
  • bcache: add failure check to run_cache_set() for journal replay
  • crypto: sun4i-ss - Fix invalid calculation of hash end
  • brcm80211: potential NULL dereference in brcmf_cfg80211_vndr_cmds_dcmd_handler()
  • mwifiex: prevent an array overflow
  • media: pvrusb2: Prevent a buffer overflow
  • media: wl128x: prevent two potential buffer overflows
  • crypto: vmx - CTR: always increment IV as quadword
  • ASoC: fsl_sai: Update is_slave_mode with correct value
  • Revert "btrfs: Honour FITRIM range constraints during free space trim"
  • Btrfs: do not abort transaction at btrfs_update_root() after failure to COW path
  • Btrfs: fix race between ranged fsync and writeback of adjacent ranges
  • spi: rspi: Fix sequencer reset during initialization
  • hwmon: (vt1211) Use request_muxed_region for Super-IO accesses
  • hwmon: (smsc47m1) Use request_muxed_region for Super-IO accesses
  • hwmon: (smsc47b397) Use request_muxed_region for Super-IO accesses
  • hwmon: (pc87427) Use request_muxed_region for Super-IO accesses
  • hwmon: (f71805f) Use request_muxed_region for Super-IO accesses
  • cxgb3/l2t: Fix undefined behaviour
  • media: au0828: stop video streaming only when last user stops
  • HID: logitech-hidpp: use RAP instead of FAP to get the protocol version
  • media: m88ds3103: serialize reset messages in m88ds3103_set_frontend
  • scsi: lpfc: Fix FDMI manufacturer attribute value
  • scsi: lpfc: Fix SLI3 commands being issued on SLI4 devices
  • ext4: do not delete unlinked inode from orphan list on failed truncate
  • media: ov6650: Move v4l2_clk_get() to ov6650_video_probe() helper
  • ASoC: hdmi-codec: unlock the device on startup errors
  • x86/mm: Remove in_nmi() warning from 64-bit implementation of vmalloc_fault()
  • fbdev: fix WARNING in __alloc_pages_nodemask bug
  • iwlwifi: pcie: don't crash on invalid RX interrupt
  • scsi: libsas: Do discovery on empty PHY to update PHY info
  • net: cw1200: fix a NULL pointer dereference
  • mmc_spi: add a status check for spi_sync_locked
  • iio: hmc5843: fix potential NULL pointer dereferences
  • rtlwifi: fix a potential NULL pointer dereference
  • brcmfmac: fix missing checks for kmemdup
  • tty: ipwireless: fix missing checks for ioremap
  • x86/build: Move _etext to actual end of .text
  • x86/build: Keep local relocations with ld.lld
  • sched/core: Check quota and period overflow at usec to nsec conversion
  • sched/core: Handle overflow in cpu_shares_write_u64
  • iio: ad_sigma_delta: Properly handle SPI bus locking vs CS assertion
  • ARM: vdso: Remove dependency with the arch_timer driver internals
  • w1: fix the resume command API
  • Revert "scsi: sd: Keep disk read-only when re-reading partition"
  • iio: common: ssp_sensors: Initialize calculated_time in ssp_common_process_data
  • powerpc/numa: improve control of topology updates
  • i40e: don't allow changes to HW VLAN stripping on active port VLANs
  • dmaengine: at_xdmac: remove BUG_ON macro in tasklet
  • HID: core: move Usage Page concatenation to Main item
  • virtio_console: initialize vtermno value for ports
  • rcutorture: Fix cleanup path for invalid torture_type strings
  • rcuperf: Fix cleanup path for invalid perf_type strings
  • mm/uaccess: Use 'unsigned long' to placate UBSAN warnings on older GCC versions
  • x86/uaccess, signal: Fix AC=1 bloat
  • x86/ia32: Fix ia32_restore_sigcontext() AC leak
  • media: coda: clear error return value before picture run
  • brcmfmac: convert dev_init_lock mutex to completion
  • brcmfmac: fix race during disconnect when USB completion is in progress
  • brcmfmac: fix Oops when bringing up interface during USB disconnect
  • arm64: Fix compiler warning from pte_unmap() with -Wunused-but-set-variable
  • mmc: core: Verify SD bus width
  • gfs2: Fix lru_count going negative
  • net: ena: gcc 8: fix compilation warning
  • dmaengine: tegra210-dma: free dma controller in remove()
  • dmaengine: tegra210-adma: use devm_clk_*() helpers
  • smpboot: Place the __percpu annotation correctly
  • mac80211/cfg80211: update bss channel on channel switch
  • fbdev: fix divide error in fb_var_to_videomode
  • media: au0828: Fix NULL pointer dereference in au0828_analog_stream_enable()
  • spi: tegra114: reset controller on probe
  • scsi: ufs: Fix regulator load and icc-level configuration
  • scsi: ufs: Avoid configuring regulator with undefined voltage range
  • dmaengine: pl330: _stop: clear interrupt status
  • kvm: svm/avic: fix off-by-one in checking host APIC ID
  • rtc: 88pm860x: prevent use-after-free on device remove
  • bcache: fix failure in journal relplay
  • x86/irq/64: Limit IST stack overflow check to #DB stack
  • btrfs: sysfs: don't leak memory when failing add fsid
  • usb: core: Add PM runtime calls to usb_hcd_platform_shutdown
  • x86/mce: Fix machine_check_poll() tests for error types
  • PM / core: Propagate dev->power.wakeup_path when no callbacks
  • arm64: vdso: Fix clock_getres() for CLOCK_REALTIME
  • pinctrl: pistachio: fix leaked of_node references
  • cpufreq: ppc_cbe: fix possible object reference leak
  • cpufreq/pasemi: fix possible object reference leak
  • cpufreq: pmac32: fix possible object reference leak
  • arm64: cpu_ops: fix a leaked reference by adding missing of_node_put
  • ASoC: eukrea-tlv320: fix a leaked reference by adding missing of_node_put
  • ASoC: fsl_utils: fix a leaked reference by adding missing of_node_put
  • audit: fix a memory leak bug
  • mmc: sdhci-of-esdhc: add erratum eSDHC5 support
  • mmc: sdhci-of-esdhc: add erratum eSDHC-A001 and A-008358 support
  • media: cpia2: Fix use-after-free in cpia2_exit
  • ssb: Fix possible NULL pointer dereference in ssb_host_pcmcia_exit
  • at76c50x-usb: Don't register led_trigger if usb_register_driver failed
  • cxgb4: Fix error path in cxgb4_init_module
  • mwifiex: Fix mem leak in mwifiex_tm_cmd

Let us know in the comment section below if you happen to know what important change in all these kernels caused this urgent encouragement to upgrade now.

notes


published 2019-06-01last edited 2019-06-17


avatar

Anonymous user #1

2 months ago
Score 0 You
"Fix undefined behaviour" doesn't that sound sort of suspicious?
avatar

Yuri

2 months ago
Score 0++
Yes, it does. But if you look at it, "cxgb3/l2t: Fix undefined behaviour" means that the Ethernet driver cxgb3 for Chelsio had a problem with undefined behavior. That's hardly a reason to demand that everyone upgrades their kernel; at best 0.01% of all Linux-users are using that particular driver. Something else is going on here.
avatar

Anonymous user #1

2 months ago
Score 0 You

The "ext4: do not delete unlinked inode from orphan list on failed truncate" issue is not a filesystem corruption concern. See the note below from the mailing list.

The "all users must upgrade" language on the announcement is also part of almost every kernel release. It does not indicate something uniquely urgent about this kernel.

Next time, please do your research instead of spreading misinformation.

From: Jan Kara <jack@suse.cz>

commit ee0ed02ca93ef1ecf8963ad96638795d55af2c14 upstream.

It is possible that unlinked inode enters ext4_setattr() (e.g. if somebody calls ftruncate(2) on unlinked but still open file). In such case we should not delete the inode from the orphan list if truncate fails. Note that this is mostly a theoretical concern as filesystem is corrupted if we reach this path anyway but let's be consistent in our

orphan handling.
Add your comment
LinuxReviews welcomes all comments. If you do not want to be anonymous, register or log in. It is free.

latest kernel news: