[ubuntu/bionic-security] linux-snapdragon 4.15.0-1069.76 (Accepted)

Andy Whitcroft apw at canonical.com
Tue Dec 3 11:25:13 UTC 2019


linux-snapdragon (4.15.0-1069.76) bionic; urgency=medium

  * bionic/linux-snapdragon: 4.15.0-1069.76 -proposed tracker (LP: #1854013)

  [ Ubuntu: 4.15.0-72.81 ]

  * bionic/linux: 4.15.0-72.81 -proposed tracker (LP: #1854027)
  * [Regression] Bionic kernel 4.15.0-71.80 can not boot on ThunderX
    (LP: #1853326)
    - Revert "arm64: Use firmware to detect CPUs that are not affected by
      Spectre-v2"
    - Revert "arm64: Get rid of __smccc_workaround_1_hvc_*"
  * [Regression] Bionic kernel 4.15.0-71.80 can not boot on ThunderX2 and
    Kunpeng920 (LP: #1852723)
    - SAUCE: arm64: capabilities: Move setup_boot_cpu_capabilities() call to
      correct place

linux-snapdragon (4.15.0-1068.75) bionic; urgency=medium

  * bionic/linux-snapdragon: 4.15.0-1068.75 -proposed tracker (LP: #1852264)

  * Disco update: upstream stable patchset 2019-10-31 (LP: #1850870)
    - snapdragon: [Config] CONFIG_GENERIC_CPU_VULNERABILITIES=y

  * Disco update: upstream stable patchset 2019-11-01 (LP: #1850974)
    - snapdragon: [Config] Remove the rio500 driver

  [ Ubuntu: 4.15.0-71.80 ]

  * bionic/linux: 4.15.0-71.80 -proposed tracker (LP: #1852289)
  * Bionic update: upstream stable patchset 2019-10-29 (LP: #1850541)
    - panic: ensure preemption is disabled during panic()
    - f2fs: use EINVAL for superblock with invalid magic
    - [Config] updateconfigs for USB_RIO500
    - USB: rio500: Remove Rio 500 kernel driver
    - USB: yurex: Don't retry on unexpected errors
    - USB: yurex: fix NULL-derefs on disconnect
    - USB: usb-skeleton: fix runtime PM after driver unbind
    - USB: usb-skeleton: fix NULL-deref on disconnect
    - xhci: Fix false warning message about wrong bounce buffer write length
    - xhci: Prevent device initiated U1/U2 link pm if exit latency is too long
    - xhci: Check all endpoints for LPM timeout
    - usb: xhci: wait for CNR controller not ready bit in xhci resume
    - USB: adutux: fix use-after-free on disconnect
    - USB: adutux: fix NULL-derefs on disconnect
    - USB: adutux: fix use-after-free on release
    - USB: iowarrior: fix use-after-free on disconnect
    - USB: iowarrior: fix use-after-free on release
    - USB: iowarrior: fix use-after-free after driver unbind
    - USB: usblp: fix runtime PM after driver unbind
    - USB: chaoskey: fix use-after-free on release
    - USB: ldusb: fix NULL-derefs on driver unbind
    - serial: uartlite: fix exit path null pointer
    - USB: serial: keyspan: fix NULL-derefs on open() and write()
    - USB: serial: ftdi_sio: add device IDs for Sienna and Echelon PL-20
    - USB: serial: option: add Telit FN980 compositions
    - USB: serial: option: add support for Cinterion CLS8 devices
    - USB: serial: fix runtime PM after driver unbind
    - USB: usblcd: fix I/O after disconnect
    - USB: microtek: fix info-leak at probe
    - USB: dummy-hcd: fix power budget for SuperSpeed mode
    - usb: renesas_usbhs: gadget: Do not discard queues in
      usb_ep_set_{halt,wedge}()
    - usb: renesas_usbhs: gadget: Fix usb_ep_set_{halt,wedge}() behavior
    - USB: legousbtower: fix slab info leak at probe
    - USB: legousbtower: fix deadlock on disconnect
    - USB: legousbtower: fix potential NULL-deref on disconnect
    - USB: legousbtower: fix open after failed reset request
    - USB: legousbtower: fix use-after-free on release
    - staging: vt6655: Fix memory leak in vt6655_probe
    - iio: adc: ad799x: fix probe error handling
    - iio: adc: axp288: Override TS pin bias current for some models
    - iio: light: opt3001: fix mutex unlock race
    - efivar/ssdt: Don't iterate over EFI vars if no SSDT override was specified
    - perf llvm: Don't access out-of-scope array
    - perf inject jit: Fix JIT_CODE_MOVE filename
    - CIFS: Gracefully handle QueryInfo errors during open
    - CIFS: Force revalidate inode when dentry is stale
    - CIFS: Force reval dentry if LOOKUP_REVAL flag is set
    - kernel/sysctl.c: do not override max_threads provided by userspace
    - firmware: google: increment VPD key_len properly
    - gpiolib: don't clear FLAG_IS_OUT when emulating open-drain/open-source
    - Staging: fbtft: fix memory leak in fbtft_framebuffer_alloc
    - iio: hx711: add delay until DOUT is ready
    - iio: adc: hx711: fix bug in sampling of data
    - btrfs: fix incorrect updating of log root tree
    - NFS: Fix O_DIRECT accounting of number of bytes read/written
    - MIPS: Disable Loongson MMI instructions for kernel build
    - Fix the locking in dcache_readdir() and friends
    - media: stkwebcam: fix runtime PM after driver unbind
    - tracing/hwlat: Report total time spent in all NMIs during the sample
    - tracing/hwlat: Don't ignore outer-loop duration when calculating max_latency
    - ftrace: Get a reference counter for the trace_array on filter files
    - tracing: Get trace_array reference for available_tracers files
    - x86/asm: Fix MWAITX C-state hint value
    - iio: adc: stm32-adc: fix a race when using several adcs with dma and irq
    - cifs: use cifsInodeInfo->open_file_lock while iterating to avoid a panic
    - btrfs: fix uninitialized ret in ref-verify
    - arm64/sve: Fix wrong free for task->thread.sve_state
    - [Config] updateconfigs for USB_RIO500
  * Bionic update: upstream stable patchset 2019-11-13 (LP: #1852492)
    - zram: fix race between backing_dev_show and backing_dev_store
    - dm snapshot: use mutex instead of rw_semaphore
    - dm snapshot: introduce account_start_copy() and account_end_copy()
    - dm snapshot: rework COW throttling to fix deadlock
    - dm: Use kzalloc for all structs with embedded biosets/mempools
    - f2fs: flush quota blocks after turnning it off
    - scsi: lpfc: Fix a duplicate 0711 log message number.
    - sc16is7xx: Fix for "Unexpected interrupt: 8"
    - powerpc/powernv: hold device_hotplug_lock when calling
      memtrace_offline_pages()
    - HID: i2c-hid: add Direkt-Tek DTLAPY133-1 to descriptor override
    - x86/cpu: Add Atom Tremont (Jacobsville)
    - HID: i2c-hid: Add Odys Winbook 13 to descriptor override
    - clk: boston: unregister clks on failure in clk_boston_setup()
    - scripts/setlocalversion: Improve -dirty check with git-status --no-optional-
      locks
    - HID: Add ASUS T100CHI keyboard dock battery quirks
    - usb: handle warm-reset port requests on hub resume
    - rtc: pcf8523: set xtal load capacitance from DT
    - mlxsw: spectrum: Set LAG port collector only when active
    - ALSA: hda/realtek - Apply ALC294 hp init also for S4 resume
    - media: vimc: Remove unused but set variables
    - exec: load_script: Do not exec truncated interpreter path
    - PCI/PME: Fix possible use-after-free on remove
    - power: supply: max14656: fix potential use-after-free
    - iio: adc: meson_saradc: Fix memory allocation order
    - iio: fix center temperature of bmc150-accel-core
    - libsubcmd: Make _FORTIFY_SOURCE defines dependent on the feature
    - perf tests: Avoid raising SEGV using an obvious NULL dereference
    - perf map: Fix overlapped map handling
    - perf jevents: Fix period for Intel fixed counters
    - staging: rtl8188eu: fix null dereference when kzalloc fails
    - RDMA/hfi1: Prevent memory leak in sdma_init
    - RDMA/iwcm: Fix a lock inversion issue
    - HID: hyperv: Use in-place iterator API in the channel callback
    - nfs: Fix nfsi->nrequests count error on nfs_inode_remove_request
    - arm64: ftrace: Ensure synchronisation in PLT setup for Neoverse-N1 #1542419
    - tty: serial: owl: Fix the link time qualifier of 'owl_uart_exit()'
    - tty: n_hdlc: fix build on SPARC
    - gpio: max77620: Use correct unit for debounce times
    - fs: cifs: mute -Wunused-const-variable message
    - serial: mctrl_gpio: Check for NULL pointer
    - efi/cper: Fix endianness of PCIe class code
    - efi/x86: Do not clean dummy variable in kexec path
    - MIPS: include: Mark __cmpxchg as __always_inline
    - x86/xen: Return from panic notifier
    - ocfs2: clear zero in unaligned direct IO
    - fs: ocfs2: fix possible null-pointer dereferences in
      ocfs2_xa_prepare_entry()
    - fs: ocfs2: fix a possible null-pointer dereference in
      ocfs2_write_end_nolock()
    - fs: ocfs2: fix a possible null-pointer dereference in
      ocfs2_info_scan_inode_alloc()
    - sched/vtime: Fix guest/system mis-accounting on task switch
    - perf/x86/amd: Change/fix NMI latency mitigation to use a timestamp
    - MIPS: include: Mark __xchg as __always_inline
    - MIPS: fw: sni: Fix out of bounds init of o32 stack
    - nbd: fix possible sysfs duplicate warning
    - NFSv4: Fix leak of clp->cl_acceptor string
    - s390/uaccess: avoid (false positive) compiler warnings
    - tracing: Initialize iter->seq after zeroing in tracing_read_pipe()
    - nbd: verify socket is supported during setup
    - USB: legousbtower: fix a signedness bug in tower_probe()
    - thunderbolt: Use 32-bit writes when writing ring producer/consumer
    - fuse: flush dirty data/metadata before non-truncate setattr
    - fuse: truncate pending writes on O_TRUNC
    - ALSA: bebob: Fix prototype of helper function to return negative value
    - UAS: Revert commit 3ae62a42090f ("UAS: fix alignment of scatter/gather
      segments")
    - USB: gadget: Reject endpoints with 0 maxpacket value
    - usb-storage: Revert commit 747668dbc061 ("usb-storage: Set
      virt_boundary_mask to avoid SG overflows")
    - USB: ldusb: fix ring-buffer locking
    - USB: ldusb: fix control-message timeout
    - USB: serial: whiteheat: fix potential slab corruption
    - USB: serial: whiteheat: fix line-speed endianness
    - scsi: target: cxgbit: Fix cxgbit_fw4_ack()
    - HID: i2c-hid: add Trekstor Primebook C11B to descriptor override
    - HID: Fix assumption that devices have inputs
    - HID: fix error message in hid_open_report()
    - nl80211: fix validation of mesh path nexthop
    - s390/cmm: fix information leak in cmm_timeout_handler()
    - s390/idle: fix cpu idle time calculation
    - arm64: Ensure VM_WRITE|VM_SHARED ptes are clean by default
    - dmaengine: cppi41: Fix cppi41_dma_prep_slave_sg() when idle
    - llc: fix sk_buff leak in llc_sap_state_process()
    - llc: fix sk_buff leak in llc_conn_service()
    - rxrpc: Fix call ref leak
    - NFC: pn533: fix use-after-free and memleaks
    - bonding: fix potential NULL deref in bond_update_slave_arr
    - net: usb: sr9800: fix uninitialized local variable
    - sch_netem: fix rcu splat in netem_enqueue()
    - sctp: fix the issue that flags are ignored when using kernel_connect
    - sctp: not bind the socket in sctp_connect
    - xfs: Correctly invert xfs_buftarg LRU isolation logic
    - ALSA: timer: Simplify error path in snd_timer_open()
    - ALSA: timer: Fix mutex deadlock at releasing card
    - Revert "ALSA: hda: Flush interrupts on disabling"
    - Btrfs: fix inode cache block reserve leak on failure to allocate data space
    - Btrfs: fix memory leak due to concurrent append writes with fiemap
    - tools/power turbostat: fix goldmont C-state limit decoding
    - bcache: fix input overflow to writeback_rate_minimum
    - netfilter: ipset: Make invalid MAC address checks consistent
    - platform/x86: Add the VLV ISP PCI ID to atomisp2_pm
    - platform/x86: Fix config space access for intel_atomisp2_pm
    - NFSv4: Ensure that the state manager exits the loop on SIGKILL
    - ALSA: usb-audio: Cleanup DSD whitelist
    - arm64: Add MIDR encoding for HiSilicon Taishan CPUs
    - arm64: kpti: Whitelist HiSilicon Taishan v110 CPUs
    - scsi: lpfc: Correct localport timeout duration error
    - ext4: disallow files with EXT4_JOURNAL_DATA_FL from EXT4_IOC_SWAP_BOOT
    - net: dsa: mv88e6xxx: Release lock while requesting IRQ
    - drm/amd/display: fix odm combine pipe reset
    - perf script brstackinsn: Fix recovery from LBR/binary mismatch
    - perf tools: Propagate get_cpuid() error
    - perf annotate: Propagate perf_env__arch() error
    - perf annotate: Fix the signedness of failure returns
    - arm64: armv8_deprecated: Checking return value for memory allocation
    - x86/cpu: Add Comet Lake to the Intel CPU models header
    - iio: imu: adis16400: release allocated memory on failure
    - usb: xhci: fix __le32/__le64 accessors in debugfs code
    - dmaengine: qcom: bam_dma: Fix resource leak
    - NFS: Fix an RCU lock leak in nfs4_refresh_delegation_stateid()
    - batman-adv: Avoid free/alloc race when handling OGM buffer
    - powerpc/powernv: Fix CPU idle to be called with IRQs disabled
  * Dell XPS 13 9350/9360 headphone audio hiss (LP: #1654448) // [XPS 13 9360,
    Realtek ALC3246, Black Headphone Out, Front] High noise floor
    (LP: #1845810) // Bionic update: upstream stable patchset 2019-11-13
    (LP: #1852492)
    - ALSA: hda/realtek: Reduce the Headphone static noise on XPS 9350/9360
  * Add GeminiLake support on Intel int340x thermal device (LP: #1851506)
    - thermal: int340x: processor_thermal: Add GeminiLake support
  * System hangs at early boot (LP: #1851216)
    - x86/timer: Skip PIT initialization on modern chipsets
  * Some EFI systems fail to boot in efi_init() when booted via maas
    (LP: #1851810)
    - efi: efi_get_memory_map -- increase map headroom
  * dkms artifacts may expire from the pool (LP: #1850958)
    - [Packaging] dkms -- try launchpad librarian for pool downloads
    - [Packaging] dkms -- dkms-build quieten wget verbiage
  * update ENA driver to version 2.1.0 (LP: #1850175)
    - net: ena: fix: set freed objects to NULL to avoid failing future allocations
    - net: ena: fix swapped parameters when calling
      ena_com_indirect_table_fill_entry
    - net: ena: fix: Free napi resources when ena_up() fails
    - net: ena: fix incorrect test of supported hash function
    - net: ena: fix return value of ena_com_config_llq_info()
    - net: ena: improve latency by disabling adaptive interrupt moderation by
      default
    - net: ena: fix ena_com_fill_hash_function() implementation
    - net: ena: add handling of llq max tx burst size
    - net: ena: ethtool: add extra properties retrieval via get_priv_flags
    - net: ena: replace free_tx/rx_ids union with single free_ids field in
      ena_ring
    - net: ena: arrange ena_probe() function variables in reverse christmas tree
    - net: ena: add newline at the end of pr_err prints
    - net: ena: documentation: update ena.txt
    - net: ena: allow automatic fallback to polling mode
    - net: ena: add support for changing max_header_size in LLQ mode
    - net: ena: optimise calculations for CQ doorbell
    - net: ena: add good checksum counter
    - net: ena: use dev_info_once instead of static variable
    - net: ena: add MAX_QUEUES_EXT get feature admin command
    - net: ena: enable negotiating larger Rx ring size
    - net: ena: make ethtool show correct current and max queue sizes
    - net: ena: allow queue allocation backoff when low on memory
    - net: ena: add ethtool function for changing io queue sizes
    - net: ena: remove inline keyword from functions in *.c
    - net: ena: update driver version from 2.0.3 to 2.1.0
    - net: ena: Fix bug where ring allocation backoff stopped too late
    - Revert "net: ena: ethtool: add extra properties retrieval via
      get_priv_flags"
    - net: ena: don't wake up tx queue when down
    - net: ena: clean up indentation issue
  * Skip frame when buffer overflow on UVC camera (LP: #1849871)
    - media: uvcvideo: Mark buffer error where overflow
  * Handle the skip return code in kernel_selftests on Bionic (LP: #1812352)
    - selftests: lib.mk set KSFT_TAP_LEVEL to prevent nested TAP headers
    - selftests: Fix lib.mk run_tests target shell script
    - selftests: lib.mk: cleanup RUN_TESTS define and make it readable
    - selftests: lib.mk: add SKIP handling to RUN_TESTS define
  * Intel Wireless AC 3168 on Eoan complaints FW error in SYNC CMD
    GEO_TX_POWER_LIMIT (LP: #1846016)
    - iwlwifi: exclude GEO SAR support for 3168
  * tsc marked unstable after entered PC10 on Intel CoffeeLake (LP: #1840239)
    - SAUCE: x86/intel: Disable HPET on Intel Coffe Lake platforms
    - SAUCE: x86/intel: Disable HPET on Intel Ice Lake platforms
  * Bionic update: upstream stable patchset 2019-11-08 (LP: #1851876)
    - scsi: ufs: skip shutdown if hba is not powered
    - scsi: megaraid: disable device when probe failed after enabled device
    - scsi: qla2xxx: Fix unbound sleep in fcport delete path.
    - ARM: OMAP2+: Fix missing reset done flag for am3 and am43
    - ieee802154: ca8210: prevent memory leak
    - ARM: dts: am4372: Set memory bandwidth limit for DISPC
    - net: dsa: qca8k: Use up to 7 ports for all operations
    - MIPS: dts: ar9331: fix interrupt-controller size
    - xen/efi: Set nonblocking callbacks
    - nl80211: fix null pointer dereference
    - mac80211: fix txq null pointer dereference
    - mips: Loongson: Fix the link time qualifier of 'serial_exit()'
    - net: hisilicon: Fix usage of uninitialized variable in function
      mdio_sc_cfg_reg_write()
    - namespace: fix namespace.pl script to support relative paths
    - Revert "drm/radeon: Fix EEH during kexec"
    - ocfs2: fix panic due to ocfs2_wq is null
    - ipv4: Return -ENETUNREACH if we can't create route but saddr is valid
    - net: bcmgenet: Fix RGMII_MODE_EN value for GENET v1/2/3
    - net: bcmgenet: Set phydev->dev_flags only for internal PHYs
    - net: i82596: fix dma_alloc_attr for sni_82596
    - net: stmmac: disable/enable ptp_ref_clk in suspend/resume flow
    - sctp: change sctp_prot .no_autobind with true
    - net: avoid potential infinite loop in tc_ctl_action()
    - memfd: Fix locking when tagging pins
    - USB: legousbtower: fix memleak on disconnect
    - ALSA: hda/realtek - Add support for ALC711
    - usb: udc: lpc32xx: fix bad bit shift operation
    - USB: serial: ti_usb_3410_5052: fix port-close races
    - USB: ldusb: fix memleak on disconnect
    - USB: usblp: fix use-after-free on disconnect
    - USB: ldusb: fix read info leaks
    - arm64: v8.4: Support for new floating point multiplication instructions
    - arm64: Documentation: cpu-feature-registers: Remove RES0 fields
    - arm64: Expose Arm v8.4 features
    - arm64: move SCTLR_EL{1,2} assertions to <asm/sysreg.h>
    - arm64: add PSR_AA32_* definitions
    - arm64: Introduce sysreg_clear_set()
    - arm64: capabilities: Update prototype for enable call back
    - arm64: capabilities: Move errata work around check on boot CPU
    - arm64: capabilities: Move errata processing code
    - arm64: capabilities: Prepare for fine grained capabilities
    - arm64: capabilities: Add flags to handle the conflicts on late CPU
    - arm64: capabilities: Unify the verification
    - arm64: capabilities: Filter the entries based on a given mask
    - arm64: capabilities: Prepare for grouping features and errata work arounds
    - arm64: capabilities: Split the processing of errata work arounds
    - arm64: capabilities: Allow features based on local CPU scope
    - arm64: capabilities: Group handling of features and errata workarounds
    - arm64: capabilities: Introduce weak features based on local CPU
    - arm64: capabilities: Restrict KPTI detection to boot-time CPUs
    - arm64: capabilities: Add support for features enabled early
    - arm64: capabilities: Change scope of VHE to Boot CPU feature
    - arm64: capabilities: Clean up midr range helpers
    - arm64: Add helpers for checking CPU MIDR against a range
    - arm64: Add MIDR encoding for Arm Cortex-A55 and Cortex-A35
    - arm64: capabilities: Add support for checks based on a list of MIDRs
    - arm64: KVM: Use SMCCC_ARCH_WORKAROUND_1 for Falkor BP hardening
    - arm64: don't zero DIT on signal return
    - arm64: Get rid of __smccc_workaround_1_hvc_*
    - arm64: cpufeature: Detect SSBS and advertise to userspace
    - arm64: ssbd: Add support for PSTATE.SSBS rather than trapping to EL3
    - KVM: arm64: Set SCTLR_EL2.DSSBS if SSBD is forcefully disabled and !vhe
    - arm64: fix SSBS sanitization
    - arm64: Add sysfs vulnerability show for spectre-v1
    - arm64: add sysfs vulnerability show for meltdown
    - arm64: enable generic CPU vulnerabilites support
    - arm64: Always enable ssb vulnerability detection
    - arm64: Provide a command line to disable spectre_v2 mitigation
    - arm64: Advertise mitigation of Spectre-v2, or lack thereof
    - arm64: Always enable spectre-v2 vulnerability detection
    - arm64: add sysfs vulnerability show for spectre-v2
    - arm64: add sysfs vulnerability show for speculative store bypass
    - arm64: ssbs: Don't treat CPUs with SSBS as unaffected by SSB
    - arm64: Force SSBS on context switch
    - arm64: Use firmware to detect CPUs that are not affected by Spectre-v2
    - arm64/speculation: Support 'mitigations=' cmdline option
    - MIPS: tlbex: Fix build_restore_pagemask KScratch restore
    - staging: wlan-ng: fix exit return when sme->key_idx >= NUM_WEPKEYS
    - scsi: sd: Ignore a failure to sync cache due to lack of authorization
    - scsi: core: save/restore command resid for error handling
    - scsi: core: try to get module before removing device
    - scsi: ch: Make it possible to open a ch device multiple times again
    - Input: da9063 - fix capability and drop KEY_SLEEP
    - Input: synaptics-rmi4 - avoid processing unknown IRQs
    - ASoC: rsnd: Reinitialize bit clock inversion flag for every format setting
    - cfg80211: wext: avoid copying malformed SSIDs
    - mac80211: Reject malformed SSID elements
    - drm/amdgpu: Bail earlier when amdgpu.cik_/si_support is not set to 1
    - drivers/base/memory.c: don't access uninitialized memmaps in
      soft_offline_page_store()
    - fs/proc/page.c: don't access uninitialized memmaps in fs/proc/page.c
    - scsi: zfcp: fix reaction on bit error threshold notification
    - mm/slub: fix a deadlock in show_slab_objects()
    - mm/page_owner: don't access uninitialized memmaps when reading
      /proc/pagetypeinfo
    - hugetlbfs: don't access uninitialized memmaps in pfn_range_valid_gigantic()
    - xtensa: drop EXPORT_SYMBOL for outs*/ins*
    - parisc: Fix vmap memory leak in ioremap()/iounmap()
    - CIFS: avoid using MID 0xFFFF
    - x86/boot/64: Make level2_kernel_pgt pages invalid outside kernel area
    - pinctrl: armada-37xx: fix control of pins 32 and up
    - pinctrl: armada-37xx: swap polarity on LED group
    - btrfs: block-group: Fix a memory leak due to missing btrfs_put_block_group()
    - memstick: jmb38x_ms: Fix an error handling path in 'jmb38x_ms_probe()'
    - cpufreq: Avoid cpufreq_suspend() deadlock on system shutdown
    - xen/netback: fix error path of xenvif_connect_data()
    - PCI: PM: Fix pci_power_up()
    - KVM: X86: introduce invalidate_gpa argument to tlb flush
    - kvm: vmx: Introduce lapic_mode enumeration
    - kvm: vmx: Basic APIC virtualization controls have three settings
    - RDMA/cxgb4: Do not dma memory off of the stack
    - ARM: OMAP2+: Fix warnings with broken omap2_set_init_voltage()
    - libata/ahci: Fix PCS quirk application
    - ipv4: fix race condition between route lookup and invalidation
    - ALSA: hda/realtek - Enable headset mic on Asus MJ401TA
    - ALSA: hda - Force runtime PM on Nvidia HDMI codecs
    - ACPI: CPPC: Set pcc_data[pcc_ss_id] to NULL in acpi_cppc_processor_exit()
    - EDAC/ghes: Fix Use after free in ghes_edac remove path
    - arm64: Enable workaround for Cavium TX2 erratum 219 when running SMT
    - CIFS: Fix use after free of file info structures
    - perf/aux: Fix AUX output stopping
    - dm cache: fix bugs when a GFP_NOWAIT allocation fails
    - x86/apic/x2apic: Fix a NULL pointer deref when handling a dying cpu
    - Btrfs: add missing extents release on file extent cluster relocation error
  * Colour banding in Lenovo G50-80 laptop display (i915) (LP: #1819968) //
    Bionic update: upstream stable patchset 2019-11-08 (LP: #1851876)
    - drm/edid: Add 6 bpc quirk for SDC panel in Lenovo G50
  * cloudimg: no iavf/i40evf module so no network available with SR-IOV enabled
    cloud (LP: #1848481)
    - [Debian]: include i40evf in generic
  * [SRU][B/OEM-B/OEM-OSP1/D/E] UBUNTU: SAUCE: add rtl623 codec support and fix
    mic issues (LP: #1850599)
    - SAUCE: ALSA: hda/realtek - Add support for ALC623
    - SAUCE: ALSA: hda/realtek - Fix 2 front mics of codec 0x623
  * Add Intel Comet Lake ethernet support (LP: #1848555)
    - e1000e: Add support for Comet Lake
  * Suppress "hid_field_extract() called with n (192) > 32!" message floods
    (LP: #1850600)
    - HID: core: reformat and reduce hid_printk macros
    - HID: core: Add printk_once variants to hid_warn() etc
    - HID: core: fix dmesg flooding if report field larger than 32bit
  * AMD Prairie Falcon platform failed to boot up (LP: #1850572)
    - drm/amdgpu: re-enable CGCG on CZ and disable on ST
  * UIO: mutex used in interrupt handler causes crash (LP: #1843487)
    - Revert "uio: use request_threaded_irq instead"
  * root can lift kernel lockdown (LP: #1851380)
    - SAUCE: (efi-lockdown) Really don't allow lifting lockdown from userspace
  * Suspend stopped working from 4.4.0-157 onwards (LP: #1844021) // Bionic
    update: upstream stable patchset 2019-10-29 (LP: #1850541)
    - xhci: Increase STS_SAVE timeout in xhci_suspend()
  * Bionic update: upstream stable patchset 2019-10-23 (LP: #1849576)
    - s390/process: avoid potential reading of freed stack
    - KVM: s390: Test for bad access register and size at the start of S390_MEM_OP
    - s390/topology: avoid firing events before kobjs are created
    - s390/cio: avoid calling strlen on null pointer
    - s390/cio: exclude subchannels with no parent from pseudo check
    - KVM: PPC: Book3S HV: Don't lose pending doorbell request on migration on P9
    - PM / devfreq: tegra: Fix kHz to Hz conversion
    - ASoC: Define a set of DAPM pre/post-up events
    - powerpc/powernv: Restrict OPAL symbol map to only be readable by root
    - can: mcp251x: mcp251x_hw_reset(): allow more time after a reset
    - tools lib traceevent: Fix "robust" test of do_generate_dynamic_list_file
    - crypto: qat - Silence smp_processor_id() warning
    - crypto: skcipher - Unmap pages after an external error
    - crypto: cavium/zip - Add missing single_release()
    - crypto: caam - fix concurrency issue in givencrypt descriptor
    - usercopy: Avoid HIGHMEM pfn warning
    - timer: Read jiffies once when forwarding base clk
    - watchdog: imx2_wdt: fix min() calculation in imx2_wdt_set_timeout
    - drm/omap: fix max fclk divider for omap36xx
    - mmc: sdhci: improve ADMA error reporting
    - mmc: sdhci-of-esdhc: set DMA snooping based on DMA coherence
    - Revert "locking/pvqspinlock: Don't wait if vCPU is preempted"
    - xen/xenbus: fix self-deadlock after killing user process
    - ieee802154: atusb: fix use-after-free at disconnect
    - cfg80211: initialize on-stack chandefs
    - ima: always return negative code for error
    - fs: nfs: Fix possible null-pointer dereferences in encode_attrs()
    - 9p: avoid attaching writeback_fid on mmap with type PRIVATE
    - xen/pci: reserve MCFG areas earlier
    - ceph: fix directories inode i_blkbits initialization
    - ceph: reconnect connection if session hang in opening state
    - watchdog: aspeed: Add support for AST2600
    - netfilter: nf_tables: allow lookups in dynamic sets
    - drm/amdgpu: Check for valid number of registers to read
    - pNFS: Ensure we do clear the return-on-close layout stateid on fatal errors
    - pwm: stm32-lp: Add check in case requested period cannot be achieved
    - thermal: Fix use-after-free when unregistering thermal zone device
    - fuse: fix memleak in cuse_channel_open
    - sched/core: Fix migration to invalid CPU in __set_cpus_allowed_ptr()
    - perf build: Add detection of java-11-openjdk-devel package
    - kernel/elfcore.c: include proper prototypes
    - perf unwind: Fix libunwind build failure on i386 systems
    - KVM: PPC: Book3S HV: XIVE: Free escalation interrupts before disabling the
      VP
    - nbd: fix crash when the blksize is zero
    - block/ndb: add WQ_UNBOUND to the knbd-recv workqueue
    - nbd: fix max number of supported devs
    - powerpc/pseries: Fix cpu_hotplug_lock acquisition in resize_hpt()
    - tools lib traceevent: Do not free tep->cmdlines in add_new_comm() on failure
    - tick: broadcast-hrtimer: Fix a race in bc_set_next
    - perf tools: Fix segfault in cpu_cache_level__read()
    - perf stat: Fix a segmentation fault when using repeat forever
    - perf stat: Reset previous counts on repeat with interval
    - vfs: Fix EOVERFLOW testing in put_compat_statfs64
    - coresight: etm4x: Use explicit barriers on enable/disable
    - cfg80211: add and use strongly typed element iteration macros
    - cfg80211: Use const more consistently in for_each_element macros
    - nl80211: validate beacon head
    - ASoC: sgtl5000: Improve VAG power and mute control
    - KVM: PPC: Book3S HV: Check for MMU ready on piggybacked virtual cores
    - powerpc/mce: Fix MCE handling for huge pages
    - powerpc/mce: Schedule work from irq_work
    - MIPS: Treat Loongson Extensions as ASEs
    - PCI: Restore Resizable BAR size bits correctly for 1MB BARs
    - drm/msm/dsi: Fix return value check for clk_get_parent
    - ima: fix freeing ongoing ahash_request
    - x86/purgatory: Disable the stackleak GCC plugin for the purgatory
    - thermal_hwmon: Sanitize thermal_zone type
    - libnvdimm/region: Initialize bad block for volatile namespaces
    - drm/radeon: Bail earlier when radeon.cik_/si_support=0 is passed

  [ Ubuntu: 4.15.0-70.79 ]

  * Ubuntu-5.0.0-33.35 introduces KVM regression with old Intel CPUs and Linux
    guests (LP: #1851709)
    - Revert "KVM: x86: Manually calculate reserved bits when loading PDPTRS"
  * Incomplete i915 fix for 64-bit x86 kernels (LP: #1852141) // CVE-2019-0155
    - SAUCE: drm/i915/cmdparser: Fix jump whitelist clearing

  [ Ubuntu: 4.15.0-69.78 ]

  * KVM NULL pointer deref (LP: #1851205)
    - KVM: nVMX: handle page fault in vmread fix
  * CVE-2018-12207
    - KVM: MMU: drop vcpu param in gpte_access
    - kvm: Convert kvm_lock to a mutex
    - kvm: x86: Do not release the page inside mmu_set_spte()
    - KVM: x86: make FNAME(fetch) and __direct_map more similar
    - KVM: x86: remove now unneeded hugepage gfn adjustment
    - KVM: x86: change kvm_mmu_page_get_gfn BUG_ON to WARN_ON
    - KVM: x86: add tracepoints around __direct_map and FNAME(fetch)
    - kvm: x86, powerpc: do not allow clearing largepages debugfs entry
    - SAUCE: KVM: vmx, svm: always run with EFER.NXE=1 when shadow paging is
      active
    - SAUCE: x86: Add ITLB_MULTIHIT bug infrastructure
    - SAUCE: kvm: mmu: ITLB_MULTIHIT mitigation
    - SAUCE: kvm: Add helper function for creating VM worker threads
    - SAUCE: kvm: x86: mmu: Recovery of shattered NX large pages
    - SAUCE: cpu/speculation: Uninline and export CPU mitigations helpers
    - SAUCE: kvm: x86: mmu: Apply global mitigations knob to ITLB_MULTIHIT
  * CVE-2019-11135
    - KVM: x86: use Intel speculation bugs and features as derived in generic x86
      code
    - x86/msr: Add the IA32_TSX_CTRL MSR
    - x86/cpu: Add a helper function x86_read_arch_cap_msr()
    - x86/cpu: Add a "tsx=" cmdline option with TSX disabled by default
    - x86/speculation/taa: Add mitigation for TSX Async Abort
    - x86/speculation/taa: Add sysfs reporting for TSX Async Abort
    - kvm/x86: Export MDS_NO=0 to guests when TSX is enabled
    - x86/tsx: Add "auto" option to the tsx= cmdline parameter
    - x86/speculation/taa: Add documentation for TSX Async Abort
    - x86/tsx: Add config options to set tsx=on|off|auto
    - SAUCE: x86/speculation/taa: Call tsx_init()
    - SAUCE: x86/cpu: Include cpu header from bugs.c
    - [Config] Disable TSX by default when possible
  * CVE-2019-0154
    - SAUCE: drm/i915: Lower RM timeout to avoid DSI hard hangs
    - SAUCE: drm/i915/gen8+: Add RC6 CTX corruption WA
  * CVE-2019-0155
    - drm/i915/gtt: Add read only pages to gen8_pte_encode
    - drm/i915/gtt: Read-only pages for insert_entries on bdw+
    - drm/i915/gtt: Disable read-only support under GVT
    - drm/i915: Prevent writing into a read-only object via a GGTT mmap
    - drm/i915/cmdparser: Check reg_table_count before derefencing.
    - drm/i915/cmdparser: Do not check past the cmd length.
    - drm/i915: Silence smatch for cmdparser
    - drm/i915: Move engine->needs_cmd_parser to engine->flags
    - SAUCE: drm/i915: Rename gen7 cmdparser tables
    - SAUCE: drm/i915: Disable Secure Batches for gen6+
    - SAUCE: drm/i915: Remove Master tables from cmdparser
    - SAUCE: drm/i915: Add support for mandatory cmdparsing
    - SAUCE: drm/i915: Support ro ppgtt mapped cmdparser shadow buffers
    - SAUCE: drm/i915: Allow parsing of unsized batches
    - SAUCE: drm/i915: Add gen9 BCS cmdparsing
    - SAUCE: drm/i915/cmdparser: Use explicit goto for error paths
    - SAUCE: drm/i915/cmdparser: Add support for backward jumps
    - SAUCE: drm/i915/cmdparser: Ignore Length operands during command matching

  [ Ubuntu: 4.15.0-68.77 ]

  * bionic/linux: 4.15.0-68.77 -proposed tracker (LP: #1849855)
  * [REGRESSION]  md/raid0: cannot assemble multi-zone RAID0 with default_layout
    setting (LP: #1849682)
    - Revert "md/raid0: avoid RAID0 data corruption due to layout confusion."

Date: 2019-11-26 16:03:14.602674+00:00
Changed-By: Stefan Bader <stefan.bader at canonical.com>
Signed-By: Andy Whitcroft <apw at canonical.com>
https://launchpad.net/ubuntu/+source/linux-snapdragon/4.15.0-1069.76
-------------- next part --------------
Sorry, changesfile not available.


More information about the Bionic-changes mailing list