[ubuntu/disco-security] linux-kvm 5.0.0-1013.14 (Accepted)
Andy Whitcroft
apw at canonical.com
Wed Aug 14 05:18:04 UTC 2019
linux-kvm (5.0.0-1013.14) disco; urgency=medium
[ Ubuntu: 5.0.0-25.26 ]
* CVE-2019-1125
- x86/cpufeatures: Carve out CQM features retrieval
- x86/cpufeatures: Combine word 11 and 12 into a new scattered features word
- x86/speculation: Prepare entry code for Spectre v1 swapgs mitigations
- x86/speculation: Enable Spectre v1 swapgs mitigations
- x86/entry/64: Use JMP instead of JMPQ
- x86/speculation/swapgs: Exclude ATOMs from speculation through SWAPGS
[ Ubuntu: 5.0.0-24.25 ]
* disco/linux: 5.0.0-24.25 -proposed tracker (LP: #1838395)
* Packaging resync (LP: #1786013)
- [Packaging] resync git-ubuntu-log
* hibmc-drm Causes Unreadable Display for Huawei amd64 Servers (LP: #1762940)
- [Config] Set CONFIG_DRM_HISI_HIBMC to arm64 only
- SAUCE: Make CONFIG_DRM_HISI_HIBMC depend on ARM64
* [18.04 FEAT] zKVM: Add hardware CPU Model - kernel part (LP: #1836153)
- KVM: s390: add debug logging for cpu model subfunctions
- KVM: s390: implement subfunction processor calls
- KVM: s390: add vector enhancements facility 2 to cpumodel
- KVM: s390: add vector BCD enhancements facility to cpumodel
- KVM: s390: add MSA9 to cpumodel
- KVM: s390: provide query function for instructions returning 32 byte
- KVM: s390: add enhanced sort facilty to cpu model
- KVM: s390: add deflate conversion facilty to cpu model
- KVM: s390: enable MSA9 keywrapping functions depending on cpu model
* bcache: risk of data loss on I/O errors in backing or caching devices
(LP: #1829563)
- Revert "bcache: set CACHE_SET_IO_DISABLE in bch_cached_dev_error()"
* Intel ethernet I219 has slow RX speed (LP: #1836152)
- SAUCE: e1000e: add workaround for possible stalled packet
- SAUCE: e1000e: disable force K1-off feature
* Intel ethernet I219 may wrongly detect connection speed as 10Mbps
(LP: #1836177)
- SAUCE: e1000e: Make watchdog use delayed work
* Unhide Nvidia HDA audio controller (LP: #1836308)
- PCI: Enable NVIDIA HDA controllers
* Enable Armada SOCs and MVPP2 NIC driver for disco/generic arm64
(LP: #1835054)
- [Config] Enable Armada SOCs and MVPP2 NIC driver for disco/generic arm64
* ixgbe{vf} - Physical Function gets IRQ when VF checks link state
(LP: #1836760)
- ixgbevf: Use cached link state instead of re-reading the value for ethtool
* Two crashes on raid0 error path (during a member device removal)
(LP: #1836806)
- block: Fix a NULL pointer dereference in generic_make_request()
- md/raid0: Do not bypass blocking queue entered for raid0 bios
* CVE-2019-13233
- x86/insn-eval: Fix use-after-free access to LDT entry
* cifs set_oplock buffer overflow in strcat (LP: #1824981)
- cifs: fix strcat buffer overflow and reduce raciness in
smb21_set_oplock_level()
* CVE-2019-13272
- ptrace: Fix ->ptracer_cred handling for PTRACE_TRACEME
* hda/realtek: can't detect external mic on a Dell machine (LP: #1836755)
- ALSA: hda/realtek: apply ALC891 headset fixup to one Dell machine
* CVE-2019-12614
- powerpc/pseries/dlpar: Fix a missing check in dlpar_parse_cc_property()
* bnx2x driver causes 100% CPU load (LP: #1832082)
- bnx2x: Prevent ptp_task to be rescheduled indefinitely
* Sometimes touchpad detected as mouse(i2c designware fails to get adapter
number) (LP: #1835150)
- i2c: i2c-designware-platdrv: Cleanup setting of the adapter number
- i2c: i2c-designware-platdrv: Always use a dynamic adapter number
* Disco update: 5.0.18 upstream stable release (LP: #1836614)
- locking/rwsem: Prevent decrement of reader count before increment
- x86/speculation/mds: Revert CPU buffer clear on double fault exit
- x86/speculation/mds: Improve CPU buffer clear documentation
- objtool: Fix function fallthrough detection
- arm64: dts: rockchip: fix IO domain voltage setting of APIO5 on rockpro64
- arm64: dts: rockchip: Disable DCMDs on RK3399's eMMC controller.
- ARM: dts: qcom: ipq4019: enlarge PCIe BAR range
- ARM: dts: exynos: Fix interrupt for shared EINTs on Exynos5260
- ARM: dts: exynos: Fix audio (microphone) routing on Odroid XU3
- mmc: sdhci-of-arasan: Add DTS property to disable DCMDs.
- ARM: exynos: Fix a leaked reference by adding missing of_node_put
- power: supply: axp288_charger: Fix unchecked return value
- power: supply: axp288_fuel_gauge: Add ACEPC T8 and T11 mini PCs to the
blacklist
- arm64: mmap: Ensure file offset is treated as unsigned
- arm64: arch_timer: Ensure counter register reads occur with seqlock held
- arm64: compat: Reduce address limit
- arm64: Clear OSDLR_EL1 on CPU boot
- arm64: Save and restore OSDLR_EL1 across suspend/resume
- sched/x86: Save [ER]FLAGS on context switch
- x86/MCE: Add an MCE-record filtering function
- x86/MCE/AMD: Turn off MC4_MISC thresholding on all family 0x15 models
- x86/MCE/AMD: Carve out the MC4_MISC thresholding quirk
- x86/MCE: Group AMD function prototypes in <asm/mce.h>
- x86/MCE/AMD: Don't report L1 BTB MCA errors on some family 17h models
- crypto: crypto4xx - fix ctr-aes missing output IV
- crypto: crypto4xx - fix cfb and ofb "overran dst buffer" issues
- crypto: salsa20 - don't access already-freed walk.iv
- crypto: lrw - don't access already-freed walk.iv
- crypto: chacha-generic - fix use as arm64 no-NEON fallback
- crypto: chacha20poly1305 - set cra_name correctly
- crypto: ccp - Do not free psp_master when PLATFORM_INIT fails
- crypto: vmx - fix copy-paste error in CTR mode
- crypto: skcipher - don't WARN on unprocessed data after slow walk step
- crypto: crct10dif-generic - fix use via crypto_shash_digest()
- crypto: x86/crct10dif-pcl - fix use via crypto_shash_digest()
- crypto: arm64/gcm-aes-ce - fix no-NEON fallback code
- crypto: gcm - fix incompatibility between "gcm" and "gcm_base"
- crypto: rockchip - update IV buffer to contain the next IV
- crypto: caam/qi2 - fix zero-length buffer DMA mapping
- crypto: caam/qi2 - fix DMA mapping of stack memory
- crypto: caam/qi2 - generate hash keys in-place
- crypto: arm/aes-neonbs - don't access already-freed walk.iv
- crypto: arm64/aes-neonbs - don't access already-freed walk.iv
- mmc: tegra: fix ddr signaling for non-ddr modes
- mmc: core: Fix tag set memory leak
- mmc: sdhci-pci: Fix BYT OCP setting
- ALSA: line6: toneport: Fix broken usage of timer for delayed execution
- ALSA: usb-audio: Fix a memory leak bug
- ALSA: hda/realtek - EAPD turn on later
- ASoC: max98090: Fix restore of DAPM Muxes
- ASoC: RT5677-SPI: Disable 16Bit SPI Transfers
- ASoC: fsl_esai: Fix missing break in switch statement
- ASoC: codec: hdac_hdmi add device_link to card device
- bpf, arm64: remove prefetch insn in xadd mapping
- crypto: ccree - remove special handling of chained sg
- crypto: ccree - fix mem leak on error path
- crypto: ccree - don't map MAC key on stack
- crypto: ccree - use correct internal state sizes for export
- crypto: ccree - don't map AEAD key and IV on stack
- crypto: ccree - pm resume first enable the source clk
- crypto: ccree - HOST_POWER_DOWN_EN should be the last CC access during
suspend
- crypto: ccree - add function to handle cryptocell tee fips error
- crypto: ccree - handle tee fips error during power management resume
- mm/mincore.c: make mincore() more conservative
- mm/huge_memory: fix vmf_insert_pfn_{pmd, pud}() crash, handle unaligned
addresses
- mm/hugetlb.c: don't put_page in lock of hugetlb_lock
- hugetlb: use same fault hash key for shared and private mappings
- ocfs2: fix ocfs2 read inode data panic in ocfs2_iget
- userfaultfd: use RCU to free the task struct when fork fails
- ACPI: PM: Set enable_for_wake for wakeup GPEs during suspend-to-idle
- mfd: da9063: Fix OTP control register names to match datasheets for
DA9063/63L
- mfd: max77620: Fix swapped FPS_PERIOD_MAX_US values
- mtd: spi-nor: intel-spi: Avoid crossing 4K address boundary on read/write
- mtd: maps: physmap: Store gpio_values correctly
- mtd: maps: Allow MTD_PHYSMAP with MTD_RAM
- tty: vt.c: Fix TIOCL_BLANKSCREEN console blanking if blankinterval == 0
- tty/vt: fix write/write race in ioctl(KDSKBSENT) handler
- jbd2: check superblock mapped prior to committing
- ext4: make sanity check in mballoc more strict
- ext4: ignore e_value_offs for xattrs with value-in-ea-inode
- ext4: avoid drop reference to iloc.bh twice
- ext4: fix use-after-free race with debug_want_extra_isize
- ext4: actually request zeroing of inode table after grow
- ext4: fix ext4_show_options for file systems w/o journal
- btrfs: Check the first key and level for cached extent buffer
- btrfs: Correctly free extent buffer in case btree_read_extent_buffer_pages
fails
- btrfs: Honour FITRIM range constraints during free space trim
- Btrfs: send, flush dellaloc in order to avoid data loss
- Btrfs: do not start a transaction during fiemap
- Btrfs: do not start a transaction at iterate_extent_inodes()
- Btrfs: fix race between send and deduplication that lead to failures and
crashes
- bcache: fix a race between cache register and cacheset unregister
- bcache: never set KEY_PTRS of journal key to 0 in journal_reclaim()
- ipmi:ssif: compare block number correctly for multi-part return messages
- crypto: ccm - fix incompatibility between "ccm" and "ccm_base"
- fs/writeback.c: use rcu_barrier() to wait for inflight wb switches going
into workqueue when umount
- tty: Don't force RISCV SBI console as preferred console
- ext4: fix data corruption caused by overlapping unaligned and aligned IO
- ext4: fix use-after-free in dx_release()
- ext4: avoid panic during forced reboot due to aborted journal
- ALSA: hda/realtek - Fix for Lenovo B50-70 inverted internal microphone bug
- jbd2: fix potential double free
- KVM: Fix the bitmap range to copy during clear dirty
- KVM: x86: Skip EFER vs. guest CPUID checks for host-initiated writes
- KVM: lapic: Busy wait for timer to expire when using hv_timer
- kbuild: turn auto.conf.cmd into a mandatory include file
- xen/pvh: set xen_domain_type to HVM in xen_pvh_init
- xen/pvh: correctly setup the PV EFI interface for dom0
- libnvdimm/namespace: Fix label tracking error
- iov_iter: optimize page_copy_sane()
- mm/gup: Remove the 'write' parameter from gup_fast_permitted()
- s390/mm: make the pxd_offset functions more robust
- s390/mm: convert to the generic get_user_pages_fast code
- ext4: fix compile error when using BUFFER_TRACE
- ext4: don't update s_rev_level if not required
- Linux 5.0.18
* Disco update: 5.0.17 upstream stable release (LP: #1836577)
- bfq: update internal depth state when queue depth changes
- platform/x86: sony-laptop: Fix unintentional fall-through
- platform/x86: thinkpad_acpi: Disable Bluetooth for some machines
- platform/x86: dell-laptop: fix rfkill functionality
- hwmon: (pwm-fan) Disable PWM if fetching cooling data fails
- hwmon: (occ) Fix extended status bits
- selftests/seccomp: Handle namespace failures gracefully
- kernfs: fix barrier usage in __kernfs_new_node()
- virt: vbox: Sanity-check parameter types for hgcm-calls coming from
userspace
- USB: serial: fix unthrottle races
- iio: adc: xilinx: fix potential use-after-free on remove
- iio: adc: xilinx: fix potential use-after-free on probe
- iio: adc: xilinx: prevent touching unclocked h/w on remove
- acpi/nfit: Always dump _DSM output payload
- libnvdimm/namespace: Fix a potential NULL pointer dereference
- HID: input: add mapping for Expose/Overview key
- HID: input: add mapping for keyboard Brightness Up/Down/Toggle keys
- HID: input: add mapping for "Toggle Display" key
- libnvdimm/btt: Fix a kmemdup failure check
- s390/dasd: Fix capacity calculation for large volumes
- mac80211: fix unaligned access in mesh table hash function
- mac80211: Increase MAX_MSG_LEN
- cfg80211: Handle WMM rules in regulatory domain intersection
- mac80211: fix memory accounting with A-MSDU aggregation
- nl80211: Add NL80211_FLAG_CLEAR_SKB flag for other NL commands
- libnvdimm/security: provide fix for secure-erase to use zero-key
- libnvdimm/pmem: fix a possible OOB access when read and write pmem
- tools/testing/nvdimm: Retain security state after overwrite
- s390/3270: fix lockdep false positive on view->lock
- drm/ttm: fix dma_fence refcount imbalance on error path
- drm/amd/display: extending AUX SW Timeout
- clocksource/drivers/npcm: select TIMER_OF
- clocksource/drivers/oxnas: Fix OX820 compatible
- selftests: fib_tests: Fix 'Command line is not complete' errors
- drm/amdgpu: shadow in shadow_list without tbo.mem.start cause page fault in
sriov TDR
- mISDN: Check address length before reading address family
- vxge: fix return of a free'd memblock on a failed dma mapping
- qede: fix write to free'd pointer error and double free of ptp
- afs: Unlock pages for __pagevec_release()
- afs: Fix in-progess ops to ignore server-level callback invalidation
- qed: Delete redundant doorbell recovery types
- qed: Fix the doorbell address sanity check
- qed: Fix missing DORQ attentions
- qed: Fix the DORQ's attentions handling
- drm/amd/display: If one stream full updates, full update all planes
- s390/pkey: add one more argument space for debug feature entry
- x86/build/lto: Fix truncated .bss with -fdata-sections
- x86/mm: Prevent bogus warnings with "noexec=off"
- x86/reboot, efi: Use EFI reboot for Acer TravelMate X514-51T
- KVM: nVMX: always use early vmcs check when EPT is disabled
- KVM: fix spectrev1 gadgets
- KVM: x86: avoid misreporting level-triggered irqs as edge-triggered in
tracing
- tools lib traceevent: Fix missing equality check for strcmp
- perf top: Always sample time to satisfy needs of use of ordered queuing
- ipmi: ipmi_si_hardcode.c: init si_type array to fix a crash
- ocelot: Don't sleep in atomic context (irqs_disabled())
- perf tools: Fix map reference counting
- scsi: aic7xxx: fix EISA support
- slab: store tagged freelist for off-slab slabmgmt
- mm/hotplug: treat CMA pages as unmovable
- mm: fix inactive list balancing between NUMA nodes and cgroups
- init: initialize jump labels before command line option parsing
- drm: bridge: dw-hdmi: Fix overflow workaround for Rockchip SoCs
- selftests: netfilter: check icmp pkttoobig errors are set as related
- ipvs: do not schedule icmp errors from tunnels
- netfilter: ctnetlink: don't use conntrack/expect object addresses as id
- netfilter: nf_tables: prevent shift wrap in nft_chain_parse_hook()
- netfilter: nat: fix icmp id randomization
- MIPS: perf: ath79: Fix perfcount IRQ assignment
- IB/mlx5: Fix scatter to CQE in DCT QP creation
- s390: ctcm: fix ctcm_new_device error return code
- drm/sun4i: Set device driver data at bind time for use in unbind
- drm/sun4i: Fix component unbinding and component master deletion
- of_net: Fix residues after of_get_nvmem_mac_address removal
- selftests/net: correct the return value for run_afpackettests
- netfilter: never get/set skb->tstamp
- netfilter: fix nf_l4proto_log_invalid to log invalid packets
- dmaengine: bcm2835: Avoid GFP_KERNEL in device_prep_slave_sg
- gpu: ipu-v3: dp: fix CSC handling
- drm/imx: don't skip DP channel disable for background plane
- ARM: fix function graph tracer and unwinder dependencies
- ARM: 8856/1: NOMMU: Fix CCR register faulty initialization when MPU is
disabled
- spi: Micrel eth switch: declare missing of table
- spi: ST ST95HF NFC: declare missing of table
- ceph: handle the case where a dentry has been renamed on outstanding req
- Revert "drm/virtio: drop prime import/export callbacks"
- drm/sun4i: Unbind components before releasing DRM and memory
- Input: snvs_pwrkey - make it depend on ARCH_MXC
- Input: synaptics-rmi4 - fix possible double free
- net: vrf: Fix operation not supported when set vrf mac
- gpio: Fix gpiochip_add_data_with_key() error path
- mm/memory_hotplug.c: drop memory device reference after find_memory_block()
- mm/page_alloc.c: avoid potential NULL pointer dereference
- bpf: only test gso type on gso packets
- net: sched: fix cleanup NULL pointer exception in act_mirr
- net: mvpp2: fix validate for PPv2.1
- drm/rockchip: fix for mailbox read validation.
- cw1200: fix missing unlock on error in cw1200_hw_scan()
- mwl8k: Fix rate_idx underflow
- rtlwifi: rtl8723ae: Fix missing break in switch statement
- Don't jump to compute_result state from check_result state
- bonding: fix arp_validate toggling in active-backup mode
- bridge: Fix error path for kobject_init_and_add()
- dpaa_eth: fix SG frame cleanup
- fib_rules: return 0 directly if an exactly same rule exists when NLM_F_EXCL
not supplied
- ipv4: Fix raw socket lookup for local traffic
- net: dsa: Fix error cleanup path in dsa_init_module
- net: ethernet: stmmac: dwmac-sun8i: enable support of unicast filtering
- net: macb: Change interrupt and napi enable order in open
- net: seeq: fix crash caused by not set dev.parent
- net: ucc_geth - fix Oops when changing number of buffers in the ring
- packet: Fix error path in packet_init
- selinux: do not report error on connect(AF_UNSPEC)
- tipc: fix hanging clients using poll with EPOLLOUT flag
- vlan: disable SIOCSHWTSTAMP in container
- vrf: sit mtu should not be updated when vrf netdev is the link
- tuntap: fix dividing by zero in ebpf queue selection
- tuntap: synchronize through tfiles array instead of tun->numqueues
- net: phy: fix phy_validate_pause
- flow_dissector: disable preemption around BPF calls
- isdn: bas_gigaset: use usb_fill_int_urb() properly
- drivers/virt/fsl_hypervisor.c: dereferencing error pointers in ioctl
- drivers/virt/fsl_hypervisor.c: prevent integer overflow in ioctl
- powerpc/book3s/64: check for NULL pointer in pgd_alloc()
- powerpc/powernv/idle: Restore IAMR after idle
- powerpc/booke64: set RI in default MSR
- virtio_ring: Fix potential mem leak in virtqueue_add_indirect_packed
- PCI: hv: Fix a memory leak in hv_eject_device_work()
- PCI: hv: Add hv_pci_remove_slots() when we unload the driver
- PCI: hv: Add pci_destroy_slot() in pci_devices_present_work(), if necessary
- f2fs: Fix use of number of devices
- Linux 5.0.17
- [Config] update configs after update to 5.0.17
* Disco update: 5.0.16 upstream stable release (LP: #1835580)
- Linux 5.0.16
* CVE-2019-10126
- mwifiex: Fix heap overflow in mwifiex_uap_parse_tail_ies()
* CVE-2019-3846
- mwifiex: Fix possible buffer overflows at parsing bss descriptor
* CVE-2019-12984
- nfc: Ensure presence of required attributes in the deactivate_target handler
* Sometimes touchpad(goodix) can't use tap function (LP: #1836020)
- SAUCE: i2c: designware: add Inpiron/Vostro 7590 into i2c quirk
* proc_thermal flooding dmesg (LP: #1824690)
- drivers: thermal: processor_thermal: Downgrade error message
[ Ubuntu: 5.0.0-23.24 ]
* disco/linux: 5.0.0-23.24 -proposed tracker (LP: #1838271)
* linux hwe i386 kernel 5.0.0-21.22~18.04.1 crashes on Lenovo x220
(LP: #1838115)
- x86/mm: Check for pfn instead of page in vmalloc_sync_one()
- x86/mm: Sync also unmappings in vmalloc_sync_all()
- mm/vmalloc.c: add priority threshold to __purge_vmap_area_lazy()
- mm/vmalloc: Sync unmappings in __purge_vmap_area_lazy()
Date: 2019-08-02 08:54:13.159809+00:00
Changed-By: Kleber Sacilotto de Souza <kleber.souza at canonical.com>
Signed-By: Andy Whitcroft <apw at canonical.com>
https://launchpad.net/ubuntu/+source/linux-kvm/5.0.0-1013.14
-------------- next part --------------
Sorry, changesfile not available.
More information about the Disco-changes
mailing list