[ubuntu/bionic-security] linux-azure-4.15 4.15.0-1082.92 (Accepted)

Andy Whitcroft apw at canonical.com
Wed Apr 29 14:50:31 UTC 2020


linux-azure-4.15 (4.15.0-1082.92) bionic; urgency=medium

  * bionic/linux-azure-4.15: 4.15.0-1082.92 -proposed tracker (LP: #1870673)

  * Commits to resolve high network latency (LP: #1864233)
    - hv_netvsc: Fix tx_table init in rndis_set_subchannel()
    - hv_netvsc: simplify function args in receive status path
    - hv_netvsc: simplify receive side calling arguments
    - hv_netvsc: Fix offset usage in netvsc_send_table()
    - hv_netvsc: Add NetVSP v6 and v6.1 into version negotiation
    - hv_netvsc: Fix send_table offset in case of a host bug

  * [linux-azure] overlayfs regression - internal getxattr operations without
    sepolicy checking (LP: #1864669)
    - SAUCE: overlayfs: internal getxattr operations without sepolicy checking

  [ Ubuntu: 4.15.0-97.98 ]

  * bionic/linux: 4.15.0-97.98 -proposed tracker (LP: #1871312)
  * All PS/2 ports on PS/2 Serial add-in bracket are not working after S3
    (LP: #1866734)
    - SAUCE: Input: i8042 - fix the selftest retry logic
  * Bionic update: upstream stable patchset 2020-04-03 (LP: #1870604)
    - spi: qup: call spi_qup_pm_resume_runtime before suspending
    - powerpc: Include .BTF section
    - ARM: dts: dra7: Add "dma-ranges" property to PCIe RC DT nodes
    - spi: pxa2xx: Add CS control clock quirk
    - spi/zynqmp: remove entry that causes a cs glitch
    - drm/exynos: dsi: propagate error value and silence meaningless warning
    - drm/exynos: dsi: fix workaround for the legacy clock name
    - drivers/perf: arm_pmu_acpi: Fix incorrect checking of gicc pointer
    - altera-stapl: altera_get_note: prevent write beyond end of 'key'
    - dm bio record: save/restore bi_end_io and bi_integrity
    - xenbus: req->body should be updated before req->state
    - xenbus: req->err should be updated before req->state
    - block, bfq: fix overwrite of bfq_group pointer in bfq_find_set_group()
    - parse-maintainers: Mark as executable
    - USB: Disable LPM on WD19's Realtek Hub
    - usb: quirks: add NO_LPM quirk for RTL8153 based ethernet adapters
    - USB: serial: option: add ME910G1 ECM composition 0x110b
    - usb: host: xhci-plat: add a shutdown
    - USB: serial: pl2303: add device-id for HP LD381
    - usb: xhci: apply XHCI_SUSPEND_DELAY to AMD XHCI controller 1022:145c
    - ALSA: line6: Fix endless MIDI read loop
    - ALSA: seq: virmidi: Fix running status after receiving sysex
    - ALSA: seq: oss: Fix running status after receiving sysex
    - ALSA: pcm: oss: Avoid plugin buffer overflow
    - ALSA: pcm: oss: Remove WARNING from snd_pcm_plug_alloc() checks
    - iio: trigger: stm32-timer: disable master mode when stopping
    - iio: magnetometer: ak8974: Fix negative raw values in sysfs
    - mmc: sdhci-of-at91: fix cd-gpios for SAMA5D2
    - staging: rtl8188eu: Add device id for MERCUSYS MW150US v2
    - staging/speakup: fix get_word non-space look-ahead
    - intel_th: Fix user-visible error codes
    - intel_th: pci: Add Elkhart Lake CPU support
    - rtc: max8907: add missing select REGMAP_IRQ
    - xhci: Do not open code __print_symbolic() in xhci trace events
    - memcg: fix NULL pointer dereference in __mem_cgroup_usage_unregister_event
    - mm: slub: be more careful about the double cmpxchg of freelist
    - mm, slub: prevent kmalloc_node crashes and memory leaks
    - page-flags: fix a crash at SetPageError(THP_SWAP)
    - x86/mm: split vmalloc_sync_all()
    - USB: cdc-acm: fix close_delay and closing_wait units in TIOCSSERIAL
    - USB: cdc-acm: fix rounding error in TIOCSSERIAL
    - iio: adc: at91-sama5d2_adc: fix channel configuration for differential
      channels
    - iio: adc: at91-sama5d2_adc: fix differential channels in triggered mode
    - kbuild: Disable -Wpointer-to-enum-cast
    - futex: Fix inode life-time issue
    - futex: Unbreak futex hashing
    - Revert "vrf: mark skb for multicast or link-local as enslaved to VRF"
    - Revert "ipv6: Fix handling of LLA with VRF and sockets bound to VRF"
    - arm64: smp: fix smp_send_stop() behaviour
    - arm64: smp: fix crash_smp_send_stop() behaviour
    - drm/bridge: dw-hdmi: fix AVI frame colorimetry
    - staging: greybus: loopback_test: fix potential path truncation
    - staging: greybus: loopback_test: fix potential path truncations
    - Revert "drm/dp_mst: Skip validating ports during destruction, just ref"
    - hsr: fix general protection fault in hsr_addr_is_self()
    - macsec: restrict to ethernet devices
    - net: dsa: Fix duplicate frames flooded by learning
    - net: mvneta: Fix the case where the last poll did not process all rx
    - net/packet: tpacket_rcv: avoid a producer race condition
    - net: qmi_wwan: add support for ASKEY WWHC050
    - net_sched: cls_route: remove the right filter from hashtable
    - net_sched: keep alloc_hash updated after hash allocation
    - net: stmmac: dwmac-rk: fix error path in rk_gmac_probe
    - NFC: fdp: Fix a signedness bug in fdp_nci_send_patch()
    - slcan: not call free_netdev before rtnl_unlock in slcan_open
    - bnxt_en: fix memory leaks in bnxt_dcbnl_ieee_getets()
    - net: dsa: mt7530: Change the LINK bit to reflect the link status
    - vxlan: check return value of gro_cells_init()
    - hsr: use rcu_read_lock() in hsr_get_node_{list/status}()
    - hsr: add restart routine into hsr_get_node_list()
    - hsr: set .netnsok flag
    - cgroup-v1: cgroup_pidlist_next should update position index
    - cpupower: avoid multiple definition with gcc -fno-common
    - drivers/of/of_mdio.c:fix of_mdiobus_register()
    - cgroup1: don't call release_agent when it is ""
    - updateconfigs for DPAA_ERRATUM_A050385
    - dt-bindings: net: FMan erratum A050385
    - arm64: dts: ls1043a: FMan erratum A050385
    - fsl/fman: detect FMan erratum A050385
    - scsi: ipr: Fix softlockup when rescanning devices in petitboot
    - mac80211: Do not send mesh HWMP PREQ if HWMP is disabled
    - dpaa_eth: Remove unnecessary boolean expression in dpaa_get_headroom
    - sxgbe: Fix off by one in samsung driver strncpy size arg
    - arm64: ptrace: map SPSR_ELx<->PSR for compat tasks
    - arm64: compat: map SPSR_ELx<->PSR for signals
    - ftrace/x86: Anotate text_mutex split between
      ftrace_arch_code_modify_post_process() and ftrace_arch_code_modify_prepare()
    - i2c: hix5hd2: add missed clk_disable_unprepare in remove
    - Input: synaptics - enable RMI on HP Envy 13-ad105ng
    - Input: avoid BIT() macro usage in the serio.h UAPI header
    - ARM: dts: dra7: Add bus_dma_limit for L3 bus
    - ARM: dts: omap5: Add bus_dma_limit for L3 bus
    - perf probe: Do not depend on dwfl_module_addrsym()
    - tools: Let O= makes handle a relative path with -C option
    - scripts/dtc: Remove redundant YYLOC global declaration
    - scsi: sd: Fix optimal I/O size for devices that change reported values
    - mac80211: mark station unauthorized before key removal
    - gpiolib: acpi: Correct comment for HP x2 10 honor_wakeup quirk
    - gpiolib: acpi: Rework honor_wakeup option into an ignore_wake option
    - gpiolib: acpi: Add quirk to ignore EC wakeups on HP x2 10 BYT + AXP288 model
    - RDMA/core: Ensure security pkey modify is not lost
    - genirq: Fix reference leaks on irq affinity notifiers
    - xfrm: handle NETDEV_UNREGISTER for xfrm device
    - vti[6]: fix packet tx through bpf_redirect() in XinY cases
    - RDMA/mlx5: Block delay drop to unprivileged users
    - xfrm: fix uctx len check in verify_sec_ctx_len
    - xfrm: add the missing verify_sec_ctx_len check in xfrm_add_acquire
    - xfrm: policy: Fix doulbe free in xfrm_policy_timer
    - netfilter: nft_fwd_netdev: validate family and chain type
    - vti6: Fix memory leak of skb if input policy check fails
    - Input: raydium_i2c_ts - use true and false for boolean values
    - Input: raydium_i2c_ts - fix error codes in raydium_i2c_boot_trigger()
    - afs: Fix some tracing details
    - USB: serial: option: add support for ASKEY WWHC050
    - USB: serial: option: add BroadMobi BM806U
    - USB: serial: option: add Wistron Neweb D19Q1
    - USB: cdc-acm: restore capability check order
    - USB: serial: io_edgeport: fix slab-out-of-bounds read in
      edge_interrupt_callback
    - usb: musb: fix crash with highmen PIO and usbmon
    - media: flexcop-usb: fix endpoint sanity check
    - media: usbtv: fix control-message timeouts
    - staging: rtl8188eu: Add ASUS USB-N10 Nano B1 to device table
    - staging: wlan-ng: fix ODEBUG bug in prism2sta_disconnect_usb
    - staging: wlan-ng: fix use-after-free Read in hfa384x_usbin_callback
    - libfs: fix infoleak in simple_attr_read()
    - media: ov519: add missing endpoint sanity checks
    - media: dib0700: fix rc endpoint lookup
    - media: stv06xx: add missing descriptor sanity checks
    - media: xirlink_cit: add missing descriptor sanity checks
    - mac80211: Check port authorization in the ieee80211_tx_dequeue() case
    - mac80211: fix authentication with iwlwifi/mvm
    - vt: selection, introduce vc_is_sel
    - vt: ioctl, switch VT_IS_IN_USE and VT_BUSY to inlines
    - vt: switch vt_dont_switch to bool
    - vt: vt_ioctl: remove unnecessary console allocation checks
    - vt: vt_ioctl: fix VT_DISALLOCATE freeing in-use virtual console
    - vt: vt_ioctl: fix use-after-free in vt_in_use()
    - platform/x86: pmc_atom: Add Lex 2I385SW to critclk_systems DMI table
    - bpf: Explicitly memset the bpf_attr structure
    - bpf: Explicitly memset some bpf info structures declared on the stack
    - gpiolib: acpi: Add quirk to ignore EC wakeups on HP x2 10 CHT + AXP288 model
    - net: ks8851-ml: Fix IO operations, again
    - arm64: alternative: fix build with clang integrated assembler
    - perf map: Fix off by one in strncpy() size argument
    - ARM: dts: oxnas: Fix clear-mask property
    - ARM: bcm2835-rpi-zero-w: Add missing pinctrl name
    - arm64: dts: ls1043a-rdb: correct RGMII delay mode to rgmii-id
    - arm64: dts: ls1046ardb: set RGMII interfaces to RGMII_ID mode
    - dm integrity: use dm_bio_record and dm_bio_restore
    - riscv: avoid the PIC offset of static percpu data in module beyond 2G limits
    - drm/amd/display: Clear link settings on MST disable connector
    - mmc: rtsx_pci: Fix support for speed-modes that relies on tuning
    - drm/lease: fix WARNING in idr_destroy
    - mmc: core: Allow host controllers to require R1B for CMD6
    - mmc: core: Respect MMC_CAP_NEED_RSP_BUSY for erase/trim/discard
    - mmc: core: Respect MMC_CAP_NEED_RSP_BUSY for eMMC sleep command
    - mmc: sdhci-tegra: Fix busy detection by enabling MMC_CAP_NEED_RSP_BUSY
    - mlxsw: spectrum_mr: Fix list iteration in error path
    - bnxt_en: Reset rings if ring reservation fails during open()
    - net: ip_gre: Separate ERSPAN newlink / changelink callbacks
    - net: ip_gre: Accept IFLA_INFO_DATA-less configuration
    - tcp: repair: fix TCP_QUEUE_SEQ implementation
    - s390/qeth: handle error when backing RX buffer
    - ahci: Add Intel Comet Lake H RAID PCI ID
  * Pop sound from build-in speaker during cold boot and resume from S3
    (LP: #1866357) // Bionic update: upstream stable patchset 2020-04-03
    (LP: #1870604)
    - ALSA: hda/realtek: Fix pop noise on ALC225
  * Bionic update: upstream stable patchset 2020-03-30 (LP: #1869732)
    - phy: Revert toggling reset changes.
    - net: phy: Avoid multiple suspends
    - cgroup, netclassid: periodically release file_lock on classid updating
    - gre: fix uninit-value in __iptunnel_pull_header
    - ipv6/addrconf: call ipv6_mc_up() for non-Ethernet interface
    - ipvlan: add cond_resched_rcu() while processing muticast backlog
    - ipvlan: do not use cond_resched_rcu() in ipvlan_process_multicast()
    - netlink: Use netlink header as base to calculate bad attribute offset
    - net: macsec: update SCI upon MAC address change.
    - net: nfc: fix bounds checking bugs on "pipe"
    - net/packet: tpacket_rcv: do not increment ring index on drop
    - sfc: detach from cb_page in efx_copy_channel()
    - bnxt_en: reinitialize IRQs when MTU is modified
    - cgroup: memcg: net: do not associate sock with unrelated cgroup
    - net: memcg: late association of sock to memcg
    - net: memcg: fix lockdep splat in inet_csk_accept()
    - fib: add missing attribute validation for tun_id
    - nl802154: add missing attribute validation
    - nl802154: add missing attribute validation for dev_type
    - can: add missing attribute validation for termination
    - macsec: add missing attribute validation for port
    - net: fq: add missing attribute validation for orphan mask
    - team: add missing attribute validation for port ifindex
    - team: add missing attribute validation for array index
    - nfc: add missing attribute validation for SE API
    - nfc: add missing attribute validation for vendor subcommand
    - net: phy: fix MDIO bus PM PHY resuming
    - bonding/alb: make sure arp header is pulled before accessing it
    - slip: make slhc_compress() more robust against malicious packets
    - net: fec: validate the new settings in fec_enet_set_coalesce()
    - macvlan: add cond_resched() during multicast processing
    - inet_diag: return classid for all socket types
    - ipvlan: do not add hardware address of master to its unicast filter list
    - ipvlan: egress mcast packets are not exceptional
    - ipvlan: don't deref eth hdr before checking it's set
    - cgroup: cgroup_procs_next should increase position index
    - cgroup: Iterate tasks that did not finish do_exit()
    - virtio-blk: fix hw_queue stopped on arbitrary error
    - iommu/vt-d: quirk_ioat_snb_local_iommu: replace WARN_TAINT with pr_warn +
      add_taint
    - workqueue: don't use wq_select_unbound_cpu() for bound works
    - drm/amd/display: remove duplicated assignment to grph_obj_type
    - ktest: Add timeout for ssh sync testing
    - cifs_atomic_open(): fix double-put on late allocation failure
    - gfs2_atomic_open(): fix O_EXCL|O_CREAT handling on cold dcache
    - KVM: x86: clear stale x86_emulate_ctxt->intercept value
    - ARC: define __ALIGN_STR and __ALIGN symbols for ARC
    - efi: Fix a race and a buffer overflow while reading efivars via sysfs
    - x86/mce: Fix logic and comments around MSR_PPIN_CTL
    - iommu/dma: Fix MSI reservation allocation
    - iommu/vt-d: dmar: replace WARN_TAINT with pr_warn + add_taint
    - iommu/vt-d: Fix a bug in intel_iommu_iova_to_phys() for huge page
    - pinctrl: meson-gxl: fix GPIOX sdio pins
    - pinctrl: core: Remove extra kref_get which blocks hogs being freed
    - nl80211: add missing attribute validation for critical protocol indication
    - nl80211: add missing attribute validation for beacon report scanning
    - nl80211: add missing attribute validation for channel switch
    - netfilter: cthelper: add missing attribute validation for cthelper
    - netfilter: nft_payload: add missing attribute validation for payload csum
      flags
    - iommu/vt-d: Fix the wrong printing in RHSA parsing
    - iommu/vt-d: Ignore devices with out-of-spec domain number
    - i2c: acpi: put device when verifying client fails
    - ipv6: restrict IPV6_ADDRFORM operation
    - net/smc: check for valid ib_client_data
    - efi: Add a sanity check to efivar_store_raw()
    - batman-adv: Fix internal interface indices types
    - batman-adv: update data pointers after skb_cow()
    - batman-adv: Avoid race in TT TVLV allocator helper
    - batman-adv: Fix TT sync flags for intermediate TT responses
    - batman-adv: prevent TT request storms by not sending inconsistent TT TLVLs
    - batman-adv: Avoid free/alloc race when handling OGM2 buffer
    - batman-adv: Don't schedule OGM for disabled interface
    - perf/amd/uncore: Replace manual sampling check with CAP_NO_INTERRUPT flag
    - ACPI: watchdog: Allow disabling WDAT at boot
    - HID: apple: Add support for recent firmware on Magic Keyboards
    - cfg80211: check reg_rule for NULL in handle_channel_custom()
    - scsi: libfc: free response frame from GPN_ID
    - net: usb: qmi_wwan: restore mtu min/max values after raw_ip switch
    - net: ks8851-ml: Fix IRQ handling and locking
    - mac80211: rx: avoid RCU list traversal under mutex
    - signal: avoid double atomic counter increments for user accounting
    - slip: not call free_netdev before rtnl_unlock in slip_open
    - hinic: fix a bug of setting hw_ioctxt
    - net: rmnet: fix NULL pointer dereference in rmnet_newlink()
    - jbd2: fix data races at struct journal_head
    - ARM: 8957/1: VDSO: Match ARMv8 timer in cntvct_functional()
    - ARM: 8958/1: rename missed uaccess .fixup section
    - mm: slub: add missing TID bump in kmem_cache_alloc_bulk()
    - ipv4: ensure rcu_read_lock() in cipso_v4_error()
    - nfc: add missing attribute validation for deactivate target
    - netfilter: nf_conntrack: ct_cpu_seq_next should increase position index
    - netfilter: synproxy: synproxy_cpu_seq_next should increase position index
    - netfilter: xt_recent: recent_seq_next should increase position index
    - macintosh: windfarm: fix MODINFO regression
    - i2c: gpio: suppress error on probe defer
    - net/smc: cancel event worker during device removal
    - hinic: fix a irq affinity bug
    - net: rmnet: fix suspicious RCU usage
    - net: rmnet: remove rcu_read_lock in rmnet_force_unassociate_device()
    - net: rmnet: fix packet forwarding in rmnet bridge mode
    - sfc: fix timestamp reconstruction at 16-bit rollover points
    - driver core: Fix adding device links to probing suppliers
    - net: qrtr: fix len of skb_put_padto in qrtr_node_enqueue
  * This laptop contains a touchpadwhich is not recognized. (LP: #1858299) //
    Bionic update: upstream stable patchset 2020-03-30 (LP: #1869732)
    - HID: i2c-hid: add Trekstor Surfbook E11B to descriptor override
  * Bionic update: upstream stable patchset 2020-03-23 (LP: #1868623)
    - iwlwifi: pcie: fix rb_allocator workqueue allocation
    - ext4: fix potential race between online resizing and write operations
    - ext4: fix potential race between s_flex_groups online resizing and access
    - ext4: fix potential race between s_group_info online resizing and access
    - ipmi:ssif: Handle a possible NULL pointer reference
    - drm/msm: Set dma maximum segment size for mdss
    - dax: pass NOWAIT flag to iomap_apply
    - mac80211: consider more elements in parsing CRC
    - cfg80211: check wiphy driver existence for drvinfo report
    - qmi_wwan: re-add DW5821e pre-production variant
    - qmi_wwan: unconditionally reject 2 ep interfaces
    - net: ena: fix potential crash when rxfh key is NULL
    - net: ena: fix uses of round_jiffies()
    - net: ena: add missing ethtool TX timestamping indication
    - net: ena: fix incorrect default RSS key
    - net: ena: rss: fix failure to get indirection table
    - net: ena: rss: store hash function as values and not bits
    - net: ena: fix incorrectly saving queue numbers when setting RSS indirection
      table
    - net: ena: ethtool: use correct value for crc32 hash
    - net: ena: ena-com.c: prevent NULL pointer dereference
    - cifs: Fix mode output in debugging statements
    - cfg80211: add missing policy for NL80211_ATTR_STATUS_CODE
    - sysrq: Restore original console_loglevel when sysrq disabled
    - sysrq: Remove duplicated sysrq message
    - net: fib_rules: Correctly set table field when table number exceeds 8 bits
    - net: phy: restore mdio regs in the iproc mdio driver
    - nfc: pn544: Fix occasional HW initialization failure
    - sctp: move the format error check out of __sctp_sf_do_9_1_abort
    - ipv6: Fix nlmsg_flags when splitting a multipath route
    - ipv6: Fix route replacement with dev-only route
    - qede: Fix race between rdma destroy workqueue and link change event
    - net: sched: correct flower port blocking
    - ext4: potential crash on allocation error in ext4_alloc_flex_bg_array()
    - audit: fix error handling in audit_data_to_entry()
    - ACPICA: Introduce ACPI_ACCESS_BYTE_WIDTH() macro
    - ACPI: watchdog: Fix gas->access_width usage
    - KVM: VMX: check descriptor table exits on instruction emulation
    - HID: ite: Only bind to keyboard USB interface on Acer SW5-012 keyboard dock
    - HID: core: fix off-by-one memset in hid_report_raw_event()
    - HID: core: increase HID report buffer size to 8KiB
    - tracing: Disable trace_printk() on post poned tests
    - Revert "PM / devfreq: Modify the device name as devfreq(X) for sysfs"
    - HID: hiddev: Fix race in in hiddev_disconnect()
    - MIPS: VPE: Fix a double free and a memory leak in 'release_vpe()'
    - i2c: altera: Fix potential integer overflow
    - i2c: jz4780: silence log flood on txabrt
    - drm/i915/gvt: Separate display reset from ALL_ENGINES reset
    - usb: charger: assign specific number for enum value
    - ecryptfs: Fix up bad backport of fe2e082f5da5b4a0a92ae32978f81507ef37ec66
    - net: netlink: cap max groups which will be considered in netlink_bind()
    - net: atlantic: fix potential error handling
    - net: ena: make ena rxfh support ETH_RSS_HASH_NO_CHANGE
    - namei: only return -ECHILD from follow_dotdot_rcu()
    - mwifiex: drop most magic numbers from mwifiex_process_tdls_action_frame()
    - KVM: SVM: Override default MMIO mask if memory encryption is enabled
    - KVM: Check for a bad hva before dropping into the ghc slow path
    - drivers: net: xgene: Fix the order of the arguments of
      'alloc_etherdev_mqs()'
    - kprobes: Set unoptimized flag after unoptimizing code
    - perf hists browser: Restore ESC as "Zoom out" of DSO/thread/etc
    - mm/huge_memory.c: use head to check huge zero page
    - mm, thp: fix defrag setting if newline is not used
    - audit: always check the netlink payload length in audit_receive_msg()
    - vhost: Check docket sk_family instead of call getname
    - EDAC/amd64: Set grain per DIMM
    - net: dsa: bcm_sf2: Forcibly configure IMP port for 1Gb/sec
    - RDMA/core: Fix pkey and port assignment in get_new_pps
    - RDMA/core: Fix use of logical OR in get_new_pps
    - kprobes: Fix optimize_kprobe()/unoptimize_kprobe() cancellation logic
    - serial: ar933x_uart: set UART_CS_{RX,TX}_READY_ORIDE
    - selftests: fix too long argument
    - usb: gadget: composite: Support more than 500mA MaxPower
    - usb: gadget: ffs: ffs_aio_cancel(): Save/restore IRQ flags
    - usb: gadget: serial: fix Tx stall after buffer overflow
    - drm/msm/mdp5: rate limit pp done timeout warnings
    - drm: msm: Fix return type of dsi_mgr_connector_mode_valid for kCFI
    - drm/msm/dsi: save pll state before dsi host is powered off
    - net: ks8851-ml: Remove 8-bit bus accessors
    - net: ks8851-ml: Fix 16-bit data access
    - net: ks8851-ml: Fix 16-bit IO operation
    - watchdog: da9062: do not ping the hw during stop()
    - s390/cio: cio_ignore_proc_seq_next should increase position index
    - x86/boot/compressed: Don't declare __force_order in kaslr_64.c
    - nvme: Fix uninitialized-variable warning
    - x86/xen: Distribute switch variables for initialization
    - net: thunderx: workaround BGX TX Underflow issue
    - cifs: don't leak -EAGAIN for stat() during reconnect
    - usb: storage: Add quirk for Samsung Fit flash
    - usb: quirks: add NO_LPM quirk for Logitech Screen Share
    - usb: core: hub: fix unhandled return by employing a void function
    - usb: core: hub: do error out if usb_autopm_get_interface() fails
    - usb: core: port: do error out if usb_autopm_get_interface() fails
    - vgacon: Fix a UAF in vgacon_invert_region
    - mm, numa: fix bad pmd by atomically check for pmd_trans_huge when marking
      page tables prot_numa
    - fat: fix uninit-memory access for partial initialized inode
    - arm: dts: dra76x: Fix mmc3 max-frequency
    - tty:serial:mvebu-uart:fix a wrong return
    - serial: 8250_exar: add support for ACCES cards
    - vt: selection, close sel_buffer race
    - vt: selection, push console lock down
    - vt: selection, push sel_lock up
    - x86/pkeys: Manually set X86_FEATURE_OSPKE to preserve existing changes
    - dmaengine: tegra-apb: Fix use-after-free
    - dmaengine: tegra-apb: Prevent race conditions of tasklet vs free list
    - dm cache: fix a crash due to incorrect work item cancelling
    - ARM: dts: ls1021a: Restore MDIO compatible to gianfar
    - ASoC: topology: Fix memleak in soc_tplg_link_elems_load()
    - ASoC: intel: skl: Fix pin debug prints
    - ASoC: intel: skl: Fix possible buffer overflow in debug outputs
    - ASoC: pcm: Fix possible buffer overflow in dpcm state sysfs output
    - ASoC: pcm512x: Fix unbalanced regulator enable call in probe error path
    - ASoC: dapm: Correct DAPM handling of active widgets during shutdown
    - RDMA/iwcm: Fix iwcm work deallocation
    - RMDA/cm: Fix missing ib_cm_destroy_id() in ib_cm_insert_listen()
    - IB/hfi1, qib: Ensure RCU is locked when accessing list
    - ARM: imx: build v7_cpu_resume() unconditionally
    - hwmon: (adt7462) Fix an error return in ADT7462_REG_VOLT()
    - dmaengine: coh901318: Fix a double lock bug in dma_tc_handle()
    - powerpc: fix hardware PMU exception bug on PowerVM compatibility mode
      systems
    - dm integrity: fix a deadlock due to offloading to an incorrect workqueue
    - xhci: handle port status events for removed USB3 hcd
    - ASoC: topology: Fix memleak in soc_tplg_manifest_load()
    - ALSA: hda/realtek - Apply quirk for MSI GP63, too
    - ALSA: hda/realtek - Apply quirk for yet another MSI laptop
    - USB: core: add endpoint-blacklist quirk
    - USB: quirks: blacklist duplicate ep on Sound Devices USBPre2
    - powerpc/tm: Fix clearing MSR[TS] in current when reclaiming on signal
      delivery
    - jbd2: fix ocfs2 corrupt when clearing block group bits
    - x86/cpu/amd: Enable the fixed Instructions Retired counter IRPERF
    - genirq/irqdomain: Make sure all irq domain flags are distinct
    - btrfs: reset fs_root to NULL on error in open_ctree
    - usb: dwc2: Fix in ISOC request length checking
    - rxrpc: Fix call RCU cleanup using non-bh-safe locks
    - s390/zcrypt: fix card and queue total counter wrap
    - ARM: dts: sti: fixup sound frame-inversion for stihxxx-b2120.dtsi
    - macintosh: therm_windtunnel: fix regression when instantiating devices
    - HID: alps: Fix an error handling path in 'alps_input_configured()'
    - hv_netvsc: Fix unwanted wakeup in netvsc_attach()
    - s390/qeth: vnicc Fix EOPNOTSUPP precedence
    - net: atlantic: fix use after free kasan warn
    - sched/fair: Optimize update_blocked_averages()
    - sched/fair: Fix O(nr_cgroups) in the load balancing path
    - KVM: x86: Remove spurious kvm_mmu_unload() from vcpu destruction path
    - KVM: x86: Remove spurious clearing of async #PF MSR
    - thermal: brcmstb_thermal: Do not use DT coefficients
    - scsi: megaraid_sas: silence a warning
    - net: dsa: b53: Ensure the default VID is untagged
    - s390: make 'install' not depend on vmlinux
    - s390/qdio: fill SL with absolute addresses
    - ALSA: hda/realtek - Fix silent output on Gigabyte X570 Aorus Master
    - efi/x86: Align GUIDs to their size in the mixed mode runtime wrapper
    - efi/x86: Handle by-ref arguments covering multiple pages in mixed mode
    - scsi: pm80xx: Fixed kernel panic during error recovery for SATA drive
  * Bionic update: upstream stable patchset 2020-03-17 (LP: #1867837)
    - iommu/qcom: Fix bogus detach logic
    - ALSA: hda: Use scnprintf() for printing texts for sysfs/procfs
    - ASoC: sun8i-codec: Fix setting DAI data format
    - ecryptfs: fix a memory leak bug in parse_tag_1_packet()
    - ecryptfs: fix a memory leak bug in ecryptfs_init_messaging()
    - arm64: nofpsimd: Handle TIF_FOREIGN_FPSTATE flag cleanly
    - ARM: 8723/2: always assume the "unified" syntax for assembly code
    - serial: imx: ensure that RX irqs are off if RX is off
    - serial: imx: Only handle irqs that are actually enabled
    - KVM: nVMX: Use correct root level for nested EPT shadow page tables
    - drm/gma500: Fixup fbdev stolen size usage evaluation
    - cpu/hotplug, stop_machine: Fix stop_machine vs hotplug order
    - brcmfmac: Fix use after free in brcmf_sdio_readframes()
    - leds: pca963x: Fix open-drain initialization
    - ext4: fix ext4_dax_read/write inode locking sequence for IOCB_NOWAIT
    - ALSA: ctl: allow TLV read operation for callback type of element in locked
      case
    - gianfar: Fix TX timestamping with a stacked DSA driver
    - pinctrl: sh-pfc: sh7264: Fix CAN function GPIOs
    - pxa168fb: Fix the function used to release some memory in an error handling
      path
    - media: i2c: mt9v032: fix enum mbus codes and frame sizes
    - powerpc/powernv/iov: Ensure the pdn for VFs always contains a valid PE
      number
    - gpio: gpio-grgpio: fix possible sleep-in-atomic-context bugs in
      grgpio_irq_map/unmap()
    - media: sti: bdisp: fix a possible sleep-in-atomic-context bug in
      bdisp_device_run()
    - pinctrl: baytrail: Do not clear IRQ flags on direct-irq enabled pins
    - efi/x86: Map the entire EFI vendor string before copying it
    - MIPS: Loongson: Fix potential NULL dereference in loongson3_platform_init()
    - sparc: Add .exit.data section.
    - uio: fix a sleep-in-atomic-context bug in uio_dmem_genirq_irqcontrol()
    - usb: gadget: udc: fix possible sleep-in-atomic-context bugs in gr_probe()
    - usb: dwc2: Fix IN FIFO allocation
    - clocksource/drivers/bcm2835_timer: Fix memory leak of timer
    - kselftest: Minimise dependency of get_size on C library interfaces
    - jbd2: clear JBD2_ABORT flag before journal_reset to update log tail info
      when load journal
    - x86/sysfb: Fix check for bad VRAM size
    - tracing: Fix tracing_stat return values in error handling paths
    - tracing: Fix very unlikely race of registering two stat tracers
    - ext4, jbd2: ensure panic when aborting with zero errno
    - nbd: add a flush_workqueue in nbd_start_device
    - KVM: s390: ENOTSUPP -> EOPNOTSUPP fixups
    - kconfig: fix broken dependency in randconfig-generated .config
    - clk: qcom: rcg2: Don't crash if our parent can't be found; return an error
    - drm/amdgpu: remove 4 set but not used variable in
      amdgpu_atombios_get_connector_info_from_object_table
    - regulator: rk808: Lower log level on optional GPIOs being not available
    - net/wan/fsl_ucc_hdlc: reject muram offsets above 64K
    - PCI/IOV: Fix memory leak in pci_iov_add_virtfn()
    - NFC: port100: Convert cpu_to_le16(le16_to_cpu(E1) + E2) to use
      le16_add_cpu().
    - arm64: dts: qcom: msm8996: Disable USB2 PHY suspend by core
    - ARM: dts: imx6: rdu2: Disable WP for USDHC2 and USDHC3
    - media: v4l2-device.h: Explicitly compare grp{id,mask} to zero in v4l2_device
      macros
    - reiserfs: Fix spurious unlock in reiserfs_fill_super() error handling
    - fore200e: Fix incorrect checks of NULL pointer dereference
    - ALSA: usx2y: Adjust indentation in snd_usX2Y_hwdep_dsp_status
    - b43legacy: Fix -Wcast-function-type
    - ipw2x00: Fix -Wcast-function-type
    - iwlegacy: Fix -Wcast-function-type
    - rtlwifi: rtl_pci: Fix -Wcast-function-type
    - orinoco: avoid assertion in case of NULL pointer
    - ACPICA: Disassembler: create buffer fields in ACPI_PARSE_LOAD_PASS1
    - scsi: ufs: Complete pending requests in host reset and restore path
    - scsi: aic7xxx: Adjust indentation in ahc_find_syncrate
    - drm/mediatek: handle events when enabling/disabling crtc
    - ARM: dts: r8a7779: Add device node for ARM global timer
    - dmaengine: Store module owner in dma_device struct
    - x86/vdso: Provide missing include file
    - PM / devfreq: rk3399_dmc: Add COMPILE_TEST and HAVE_ARM_SMCCC dependency
    - pinctrl: sh-pfc: sh7269: Fix CAN function GPIOs
    - RDMA/rxe: Fix error type of mmap_offset
    - clk: sunxi-ng: add mux and pll notifiers for A64 CPU clock
    - ALSA: sh: Fix unused variable warnings
    - ALSA: sh: Fix compile warning wrt const
    - tools lib api fs: Fix gcc9 stringop-truncation compilation error
    - drm: remove the newline for CRC source name.
    - usbip: Fix unsafe unaligned pointer usage
    - udf: Fix free space reporting for metadata and virtual partitions
    - IB/hfi1: Add software counter for ctxt0 seq drop
    - soc/tegra: fuse: Correct straps' address for older Tegra124 device trees
    - efi/x86: Don't panic or BUG() on non-critical error conditions
    - rcu: Use WRITE_ONCE() for assignments to ->pprev for hlist_nulls
    - Input: edt-ft5x06 - work around first register access error
    - wan: ixp4xx_hss: fix compile-testing on 64-bit
    - ASoC: atmel: fix build error with CONFIG_SND_ATMEL_SOC_DMA=m
    - tty: synclinkmp: Adjust indentation in several functions
    - tty: synclink_gt: Adjust indentation in several functions
    - driver core: platform: Prevent resouce overflow from causing infinite loops
    - driver core: Print device when resources present in really_probe()
    - vme: bridges: reduce stack usage
    - drm/nouveau/secboot/gm20b: initialize pointer in gm20b_secboot_new()
    - drm/nouveau/gr/gk20a,gm200-: add terminators to method lists read from fw
    - drm/nouveau: Fix copy-paste error in nouveau_fence_wait_uevent_handler
    - drm/vmwgfx: prevent memory leak in vmw_cmdbuf_res_add
    - usb: musb: omap2430: Get rid of musb .set_vbus for omap2430 glue
    - iommu/arm-smmu-v3: Use WRITE_ONCE() when changing validity of an STE
    - f2fs: free sysfs kobject
    - scsi: iscsi: Don't destroy session if there are outstanding connections
    - arm64: fix alternatives with LLVM's integrated assembler
    - watchdog/softlockup: Enforce that timestamp is valid on boot
    - f2fs: fix memleak of kobject
    - x86/mm: Fix NX bit clearing issue in kernel_map_pages_in_pgd
    - pwm: omap-dmtimer: Remove PWM chip in .remove before making it unfunctional
    - cmd64x: potential buffer overflow in cmd64x_program_timings()
    - ide: serverworks: potential overflow in svwks_set_pio_mode()
    - pwm: Remove set but not set variable 'pwm'
    - btrfs: fix possible NULL-pointer dereference in integrity checks
    - btrfs: safely advance counter when looking up bio csums
    - btrfs: device stats, log when stats are zeroed
    - remoteproc: Initialize rproc_class before use
    - irqchip/mbigen: Set driver .suppress_bind_attrs to avoid remove problems
    - ALSA: hda/hdmi - add retry logic to parse_intel_hdmi()
    - x86/decoder: Add TEST opcode to Group3-2
    - s390/ftrace: generate traced function stack frame
    - driver core: platform: fix u32 greater or equal to zero comparison
    - ALSA: hda - Add docking station support for Lenovo Thinkpad T420s
    - powerpc/sriov: Remove VF eeh_dev state when disabling SR-IOV
    - jbd2: switch to use jbd2_journal_abort() when failed to submit the commit
      record
    - jbd2: make sure ESHUTDOWN to be recorded in the journal superblock
    - ARM: 8951/1: Fix Kexec compilation issue.
    - hostap: Adjust indentation in prism2_hostapd_add_sta
    - iwlegacy: ensure loop counter addr does not wrap and cause an infinite loop
    - cifs: fix NULL dereference in match_prepath
    - ceph: check availability of mds cluster on mount after wait timeout
    - irqchip/gic-v3: Only provision redistributors that are enabled in ACPI
    - drm/nouveau/disp/nv50-: prevent oops when no channel method map provided
    - ftrace: fpid_next() should increase position index
    - trigger_next should increase position index
    - radeon: insert 10ms sleep in dce5_crtc_load_lut
    - ocfs2: fix a NULL pointer dereference when call
      ocfs2_update_inode_fsync_trans()
    - lib/scatterlist.c: adjust indentation in __sg_alloc_table
    - reiserfs: prevent NULL pointer dereference in reiserfs_insert_item()
    - bcache: explicity type cast in bset_bkey_last()
    - irqchip/gic-v3-its: Reference to its_invall_cmd descriptor when building
      INVALL
    - iwlwifi: mvm: Fix thermal zone registration
    - microblaze: Prevent the overflow of the start
    - brd: check and limit max_part par
    - help_next should increase position index
    - virtio_balloon: prevent pfn array overflow
    - mlxsw: spectrum_dpipe: Add missing error path
    - selinux: ensure we cleanup the internal AVC counters on error in
      avc_update()
    - enic: prevent waking up stopped tx queues over watchdog reset
    - net: dsa: tag_qca: Make sure there is headroom for tag
    - net/sched: matchall: add missing validation of TCA_MATCHALL_FLAGS
    - net/sched: flower: add missing validation of TCA_FLOWER_FLAGS
    - net/smc: fix leak of kernel memory to user space
    - thunderbolt: Prevent crash if non-active NVMem file is read
    - USB: misc: iowarrior: add support for 2 OEMed devices
    - USB: misc: iowarrior: add support for the 28 and 28L devices
    - USB: misc: iowarrior: add support for the 100 device
    - floppy: check FDC index for errors before assigning it
    - vt: selection, handle pending signals in paste_selection
    - staging: android: ashmem: Disallow ashmem memory from being remapped
    - staging: vt6656: fix sign of rx_dbm to bb_pre_ed_rssi.
    - xhci: Force Maximum Packet size for Full-speed bulk devices to valid range.
    - xhci: fix runtime pm enabling for quirky Intel hosts
    - usb: host: xhci: update event ring dequeue pointer on purpose
    - usb: uas: fix a plug & unplug racing
    - USB: Fix novation SourceControl XL after suspend
    - USB: hub: Don't record a connect-change event during reset-resume
    - USB: hub: Fix the broken detection of USB3 device in SMSC hub
    - staging: rtl8188eu: Fix potential security hole
    - staging: rtl8188eu: Fix potential overuse of kernel memory
    - staging: rtl8723bs: Fix potential security hole
    - staging: rtl8723bs: Fix potential overuse of kernel memory
    - x86/mce/amd: Publish the bank pointer only after setup has succeeded
    - x86/mce/amd: Fix kobject lifetime
    - tty/serial: atmel: manage shutdown in case of RS485 or ISO7816 mode
    - tty: serial: imx: setup the correct sg entry for tx dma
    - serdev: ttyport: restore client ops on deregistration
    - MAINTAINERS: Update drm/i915 bug filing URL
    - mm/vmscan.c: don't round up scan size for online memory cgroup
    - drm/amdgpu/soc15: fix xclk for raven
    - KVM: x86: don't notify userspace IOAPIC on edge-triggered interrupt EOI
    - xhci: apply XHCI_PME_STUCK_QUIRK to Intel Comet Lake platforms
    - vt: vt_ioctl: fix race in VT_RESIZEX
    - serial: 8250: Check UPF_IRQ_SHARED in advance
    - lib/stackdepot.c: fix global out-of-bounds in stack_slabs
    - ext4: fix a data race in EXT4_I(inode)->i_disksize
    - ext4: add cond_resched() to __ext4_find_entry()
    - ext4: rename s_journal_flag_rwsem to s_writepages_rwsem
    - ext4: fix race between writepages and enabling EXT4_EXTENTS_FL
    - KVM: nVMX: handle nested posted interrupts when apicv is disabled for L1
    - KVM: apic: avoid calculating pending eoi from an uninitialized val
    - btrfs: fix bytes_may_use underflow in prealloc error condtition
    - btrfs: do not check delayed items are empty for single transaction cleanup
    - Btrfs: fix btrfs_wait_ordered_range() so that it waits for all ordered
      extents
    - scsi: Revert "RDMA/isert: Fix a recently introduced regression related to
      logout"
    - scsi: Revert "target: iscsi: Wait for all commands to finish before freeing
      a session"
    - usb: gadget: composite: Fix bMaxPower for SuperSpeedPlus
    - staging: rtl8723bs: fix copy of overlapping memory
    - staging: greybus: use after free in gb_audio_manager_remove_all()
    - ecryptfs: replace BUG_ON with error handling code
    - iommu/vt-d: Fix compile warning from intel-svm.h
    - genirq/proc: Reject invalid affinity masks (again)
    - ALSA: rawmidi: Avoid bit fields for state flags
    - ALSA: seq: Avoid concurrent access to queue flags
    - ALSA: seq: Fix concurrent access to queue current tick/time
    - netfilter: xt_hashlimit: limit the max size of hashtable
    - ata: ahci: Add shutdown to freeze hardware resources of ahci
    - xen: Enable interrupts when calling _cond_resched()
    - s390/mm: Explicitly compare PAGE_DEFAULT_KEY against zero in
      storage_key_init_range
    - arm: dts: allwinner: H3: Add PMU node
    - ARM: dts: imx6: rdu2: Limit USBH1 to Full Speed
    - PCI: iproc: Apply quirk_paxc_bridge() for module as well as built-in
    - media: cx23885: Add support for AVerMedia CE310B
    - staging: rtl8188: avoid excessive stack usage
    - x86/nmi: Remove irq_work from the long duration NMI handler
    - visorbus: fix uninitialized variable access
    - drm/nouveau/drm/ttm: Remove set but not used variable 'mem'
    - f2fs: set I_LINKABLE early to avoid wrong access by vfs
    - s390: adjust -mpacked-stack support check for clang 10
    - drm/nouveau/mmu: fix comptag memory leak
  * Multiple Kexec in AWS Nitro instances fail (LP: #1869948)
    - net: ena: Add PCI shutdown handler to allow safe kexec
  * Support SMO8840 as LIS2DH12 (LP: #1869694)
    - iio: st_sensors: remap SMO8840 to LIS2DH12
  * CVE-2019-19768
    - blktrace: Protect q->blk_trace with RCU
    - blktrace: fix dereference after null check
  * No audio output from Dell WD19 HDMI/DP after resumed from S3 or s2idle
    (LP: #1869642)
    - PM / runtime: Rework pm_runtime_force_suspend/resume()
  * reuseport_bpf_numa in net from ubuntu_kernel_selftests failed on i386
    (LP: #1812638)
    - selftests: net: reuseport_bpf_numa: don't fail if no numa support
  * Sys oopsed with sysfs test in ubuntu_stress_smoke_test on X-hwe ARM64
    (LP: #1866772)
    - SAUCE: ACPI: sysfs: copy ACPI data using io memory copying
  * update-version-dkms doesn't add a BugLink (LP: #1867790)
    - [Packaging] Add BugLink to update-version-dkms commit
  * Packaging resync (LP: #1786013)
    - update dkms package versions

  [ Ubuntu: 4.15.0-96.97 ]

  * CVE-2020-8834
    - KVM: PPC: Book3S HV: Factor fake-suspend handling out of
      kvmppc_save/restore_tm
    - KVM: PPC: Book3S PR: Move kvmppc_save_tm/kvmppc_restore_tm to separate file
    - KVM: PPC: Book3S PR: Add guest MSR parameter for
      kvmppc_save_tm()/kvmppc_restore_tm()

Date: 2020-04-14 17:05:27.679133+00:00
Changed-By: Marcelo Cerri <marcelo.cerri at canonical.com>
Signed-By: Andy Whitcroft <apw at canonical.com>
https://launchpad.net/ubuntu/+source/linux-azure-4.15/4.15.0-1082.92
-------------- next part --------------
Sorry, changesfile not available.


More information about the Bionic-changes mailing list