[ubuntu/disco-security] linux 5.0.0-37.40 (Accepted)

Andy Whitcroft apw at canonical.com
Tue Dec 3 09:58:20 UTC 2019


linux (5.0.0-37.40) disco; urgency=medium

  * disco/linux: 5.0.0-37.40 -proposed tracker (LP: #1852253)

  * System hangs at early boot (LP: #1851216)
    - x86/timer: Skip PIT initialization on modern chipsets

  * drm/i915: Add support for another CMP-H PCH (LP: #1848491)
    - drm/i915/cml: Add second PCH ID for CMP

  * Some EFI systems fail to boot in efi_init() when booted via maas
    (LP: #1851810)
    - efi: efi_get_memory_map -- increase map headroom

  * seccomp: fix SECCOMP_USER_NOTIF_FLAG_CONTINUE test (LP: #1849281)
    - SAUCE: seccomp: avoid overflow in implicit constant conversion
    - SAUCE: seccomp: rework define for SECCOMP_USER_NOTIF_FLAG_CONTINUE
    - SAUCE: seccomp: fix SECCOMP_USER_NOTIF_FLAG_CONTINUE test

  * dkms artifacts may expire from the pool (LP: #1850958)
    - [Packaging] dkms -- try launchpad librarian for pool downloads
    - [Packaging] dkms -- dkms-build quieten wget verbiage

  * update ENA driver to version 2.1.0 (LP: #1850175)
    - net: ena: fix swapped parameters when calling
      ena_com_indirect_table_fill_entry
    - net: ena: fix: Free napi resources when ena_up() fails
    - net: ena: fix incorrect test of supported hash function
    - net: ena: fix return value of ena_com_config_llq_info()
    - net: ena: improve latency by disabling adaptive interrupt moderation by
      default
    - net: ena: fix ena_com_fill_hash_function() implementation
    - net: ena: add handling of llq max tx burst size
    - net: ena: ethtool: add extra properties retrieval via get_priv_flags
    - net: ena: replace free_tx/rx_ids union with single free_ids field in
      ena_ring
    - net: ena: arrange ena_probe() function variables in reverse christmas tree
    - net: ena: add newline at the end of pr_err prints
    - net: ena: documentation: update ena.txt
    - net: ena: allow automatic fallback to polling mode
    - net: ena: add support for changing max_header_size in LLQ mode
    - net: ena: optimise calculations for CQ doorbell
    - net: ena: add good checksum counter
    - net: ena: use dev_info_once instead of static variable
    - net: ena: add MAX_QUEUES_EXT get feature admin command
    - net: ena: enable negotiating larger Rx ring size
    - net: ena: make ethtool show correct current and max queue sizes
    - net: ena: allow queue allocation backoff when low on memory
    - net: ena: add ethtool function for changing io queue sizes
    - net: ena: remove inline keyword from functions in *.c
    - net: ena: update driver version from 2.0.3 to 2.1.0
    - net: ena: Fix bug where ring allocation backoff stopped too late
    - Revert "net: ena: ethtool: add extra properties retrieval via
      get_priv_flags"
    - net: ena: don't wake up tx queue when down
    - net: ena: clean up indentation issue

  * Add Intel Comet Lake ethernet support (LP: #1848555)
    - SAUCE: e1000e: Add support for Comet Lake

  * Intel Wireless AC 3168 on Eoan complaints FW error in SYNC CMD
    GEO_TX_POWER_LIMIT (LP: #1846016)
    - iwlwifi: exclude GEO SAR support for 3168

  * tsc marked unstable after entered PC10 on Intel CoffeeLake (LP: #1840239)
    - SAUCE: x86/intel: Disable HPET on Intel Coffe Lake platforms
    - SAUCE: x86/intel: Disable HPET on Intel Ice Lake platforms

  * cloudimg: no iavf/i40evf module so no network available with SR-IOV enabled
    cloud (LP: #1848481)
    - [Packaging] include iavf/i40evf in generic

  * High power consumption using 5.0.0-25-generic (LP: #1840835)
    - PCI: Add a helper to check Power Resource Requirements _PR3 existence
    - ALSA: hda: Allow HDA to be runtime suspended when dGPU is not bound to a
      driver
    - PCI: Fix missing inline for pci_pr3_present()

  * CML CPUIDs (LP: #1843794)
    - x86/cpu: Add Comet Lake to the Intel CPU models header

  * shiftfs: prevent exceeding project quotas (LP: #1849483)
    - SAUCE: shiftfs: drop CAP_SYS_RESOURCE from effective capabilities

  * shiftfs: fix fallocate() (LP: #1849482)
    - SAUCE: shiftfs: setup correct s_maxbytes limit

  * Bluetooth: hidp: Fix assumptions on the return value of hidp_send_message
    (LP: #1850443)
    - Bluetooth: hidp: Fix assumptions on the return value of hidp_send_message

  * [SRU][B/OEM-B/OEM-OSP1/D/E] UBUNTU: SAUCE: add rtl623 codec support and fix
    mic issues (LP: #1850599)
    - SAUCE: ALSA: hda/realtek - Add support for ALC623
    - SAUCE: ALSA: hda/realtek - Fix 2 front mics of codec 0x623

  * NFSv4.1: Interrupted connections cause high bandwidth RPC ping-pong between
    client and server (LP: #1828978)
    - NFSv4.1: Avoid false retries when RPC calls are interrupted

  * SUNRPC: Use after free when GSSD credentials are invalid causes oops
    (LP: #1842037)
    - SUNRPC: Clean up
    - SUNRPC: Fix a use after free when a server rejects the RPCSEC_GSS credential

  * Suppress "hid_field_extract() called with n (192) > 32!" message floods
    (LP: #1850600)
    - HID: core: reformat and reduce hid_printk macros
    - HID: core: Add printk_once variants to hid_warn() etc
    - HID: core: fix dmesg flooding if report field larger than 32bit

  * ubuntu-aufs-modified mmap_region() breaks refcounting in overlayfs/shiftfs
    error path (LP: #1850994) // CVE-2019-15794
    - SAUCE: shiftfs: Restore vm_file value when lower fs mmap fails
    - SAUCE: ovl: Restore vm_file value when lower fs mmap fails

  * s_iflags overlap prevents unprivileged overlayfs mounts (LP: #1851677)
    - SAUCE: fs: Move SB_I_NOSUID to the top of s_iflags

  * root can lift kernel lockdown (LP: #1851380)
    - SAUCE: (efi-lockdown) Really don't allow lifting lockdown from userspace

  * Disco update: upstream stable patchset 2019-11-01 (LP: #1850974)
    - panic: ensure preemption is disabled during panic()
    - f2fs: use EINVAL for superblock with invalid magic
    - [Config] updateconfigs for USB_RIO500
    - USB: rio500: Remove Rio 500 kernel driver
    - USB: yurex: Don't retry on unexpected errors
    - USB: yurex: fix NULL-derefs on disconnect
    - USB: usb-skeleton: fix runtime PM after driver unbind
    - USB: usb-skeleton: fix NULL-deref on disconnect
    - xhci: Fix false warning message about wrong bounce buffer write length
    - xhci: Prevent device initiated U1/U2 link pm if exit latency is too long
    - xhci: Check all endpoints for LPM timeout
    - xhci: Fix USB 3.1 capability detection on early xHCI 1.1 spec based hosts
    - usb: xhci: wait for CNR controller not ready bit in xhci resume
    - xhci: Prevent deadlock when xhci adapter breaks during init
    - USB: adutux: fix use-after-free on disconnect
    - USB: adutux: fix NULL-derefs on disconnect
    - USB: adutux: fix use-after-free on release
    - USB: iowarrior: fix use-after-free on disconnect
    - USB: iowarrior: fix use-after-free on release
    - USB: iowarrior: fix use-after-free after driver unbind
    - USB: usblp: fix runtime PM after driver unbind
    - USB: chaoskey: fix use-after-free on release
    - USB: ldusb: fix NULL-derefs on driver unbind
    - serial: uartlite: fix exit path null pointer
    - USB: serial: keyspan: fix NULL-derefs on open() and write()
    - USB: serial: ftdi_sio: add device IDs for Sienna and Echelon PL-20
    - USB: serial: option: add Telit FN980 compositions
    - USB: serial: option: add support for Cinterion CLS8 devices
    - USB: serial: fix runtime PM after driver unbind
    - USB: usblcd: fix I/O after disconnect
    - USB: microtek: fix info-leak at probe
    - USB: dummy-hcd: fix power budget for SuperSpeed mode
    - usb: renesas_usbhs: gadget: Do not discard queues in
      usb_ep_set_{halt,wedge}()
    - usb: renesas_usbhs: gadget: Fix usb_ep_set_{halt,wedge}() behavior
    - USB: legousbtower: fix slab info leak at probe
    - USB: legousbtower: fix deadlock on disconnect
    - USB: legousbtower: fix potential NULL-deref on disconnect
    - USB: legousbtower: fix open after failed reset request
    - USB: legousbtower: fix use-after-free on release
    - mei: me: add comet point (lake) LP device ids
    - mei: avoid FW version request on Ibex Peak and earlier
    - gpio: eic: sprd: Fix the incorrect EIC offset when toggling
    - Staging: fbtft: fix memory leak in fbtft_framebuffer_alloc
    - staging: vt6655: Fix memory leak in vt6655_probe
    - iio: adc: hx711: fix bug in sampling of data
    - iio: adc: ad799x: fix probe error handling
    - iio: adc: axp288: Override TS pin bias current for some models
    - iio: light: opt3001: fix mutex unlock race
    - efivar/ssdt: Don't iterate over EFI vars if no SSDT override was specified
    - perf llvm: Don't access out-of-scope array
    - perf inject jit: Fix JIT_CODE_MOVE filename
    - CIFS: Gracefully handle QueryInfo errors during open
    - CIFS: Force revalidate inode when dentry is stale
    - CIFS: Force reval dentry if LOOKUP_REVAL flag is set
    - kernel/sysctl.c: do not override max_threads provided by userspace
    - mm/vmpressure.c: fix a signedness bug in vmpressure_register_event()
    - firmware: google: increment VPD key_len properly
    - gpiolib: don't clear FLAG_IS_OUT when emulating open-drain/open-source
    - iio: adc: stm32-adc: move registers definitions
    - iio: adc: stm32-adc: fix a race when using several adcs with dma and irq
    - cifs: use cifsInodeInfo->open_file_lock while iterating to avoid a panic
    - btrfs: fix incorrect updating of log root tree
    - btrfs: fix uninitialized ret in ref-verify
    - NFS: Fix O_DIRECT accounting of number of bytes read/written
    - MIPS: Disable Loongson MMI instructions for kernel build
    - MIPS: elf_hwcap: Export userspace ASEs
    - ACPI/PPTT: Add support for ACPI 6.3 thread flag
    - arm64: topology: Use PPTT to determine if PE is a thread
    - Fix the locking in dcache_readdir() and friends
    - media: stkwebcam: fix runtime PM after driver unbind
    - arm64/sve: Fix wrong free for task->thread.sve_state
    - tracing/hwlat: Report total time spent in all NMIs during the sample
    - tracing/hwlat: Don't ignore outer-loop duration when calculating max_latency
    - ftrace: Get a reference counter for the trace_array on filter files
    - tracing: Get trace_array reference for available_tracers files
    - hwmon: Fix HWMON_P_MIN_ALARM mask
    - x86/asm: Fix MWAITX C-state hint value
    - perf/hw_breakpoint: Fix arch_hw_breakpoint use-before-initialization
    - serial: uartps: Fix uartps_major handling
    - usb: typec: tcpm: usb: typec: tcpm: Fix a signedness bug in
      tcpm_fw_get_caps()
    - staging: bcm2835-audio: Fix draining behavior regression
    - staging: rtl8188eu: fix HighestRate check in odm_ARFBRefresh_8188E()
    - iio: accel: adxl372: Fix/remove limitation for FIFO samples
    - iio: accel: adxl372: Fix push to buffers lost samples
    - iio: accel: adxl372: Perform a reset at start up
    - selinux: fix context string corruption in convert_context()
    - mm/z3fold.c: claim page in the beginning of free
    - mm/page_alloc.c: fix a crash in free_pages_prepare()
    - gpio: fix getting nonexclusive gpiods from DT
    - btrfs: fix balance convert to single on 32-bit host CPUs
    - Btrfs: fix memory leak due to concurrent append writes with fiemap
    - RDMA/vmw_pvrdma: Free SRQ only once
    - drm/i915: Whitelist COMMON_SLICE_CHICKEN2
    - mtd: rawnand: au1550nd: Fix au_read_buf16() prototype

  * Suspend stopped working from 4.4.0-157 onwards (LP: #1844021) // Disco
    update: upstream stable patchset 2019-11-01 (LP: #1850974)
    - xhci: Increase STS_SAVE timeout in xhci_suspend()

  * Disco update: upstream stable patchset 2019-10-31 (LP: #1850870)
    - s390/process: avoid potential reading of freed stack
    - KVM: s390: Test for bad access register and size at the start of S390_MEM_OP
    - s390/topology: avoid firing events before kobjs are created
    - s390/cio: exclude subchannels with no parent from pseudo check
    - KVM: PPC: Book3S HV: Fix race in re-enabling XIVE escalation interrupts
    - KVM: PPC: Book3S HV: Check for MMU ready on piggybacked virtual cores
    - KVM: PPC: Book3S HV: Don't lose pending doorbell request on migration on P9
    - KVM: X86: Fix userspace set invalid CR4
    - nbd: fix max number of supported devs
    - PM / devfreq: tegra: Fix kHz to Hz conversion
    - ASoC: Define a set of DAPM pre/post-up events
    - ASoC: sgtl5000: Improve VAG power and mute control
    - powerpc/mce: Fix MCE handling for huge pages
    - powerpc/mce: Schedule work from irq_work
    - powerpc/powernv: Restrict OPAL symbol map to only be readable by root
    - powerpc/powernv/ioda: Fix race in TCE level allocation
    - powerpc/book3s64/mm: Don't do tlbie fixup for some hardware revisions
    - can: mcp251x: mcp251x_hw_reset(): allow more time after a reset
    - tools lib traceevent: Fix "robust" test of do_generate_dynamic_list_file
    - crypto: qat - Silence smp_processor_id() warning
    - crypto: skcipher - Unmap pages after an external error
    - crypto: cavium/zip - Add missing single_release()
    - crypto: caam - fix concurrency issue in givencrypt descriptor
    - crypto: ccree - account for TEE not ready to report
    - crypto: ccree - use the full crypt length value
    - MIPS: Treat Loongson Extensions as ASEs
    - power: supply: sbs-battery: use correct flags field
    - power: supply: sbs-battery: only return health when battery present
    - tracing: Make sure variable reference alias has correct var_ref_idx
    - usercopy: Avoid HIGHMEM pfn warning
    - timer: Read jiffies once when forwarding base clk
    - PCI: vmd: Fix shadow offsets to reflect spec changes
    - watchdog: imx2_wdt: fix min() calculation in imx2_wdt_set_timeout
    - perf stat: Fix a segmentation fault when using repeat forever
    - drm/omap: fix max fclk divider for omap36xx
    - drm/msm/dsi: Fix return value check for clk_get_parent
    - drm/nouveau/kms/nv50-: Don't create MSTMs for eDP connectors
    - drm/i915/gvt: update vgpu workload head pointer correctly
    - mmc: sdhci: improve ADMA error reporting
    - mmc: sdhci-of-esdhc: set DMA snooping based on DMA coherence
    - Revert "locking/pvqspinlock: Don't wait if vCPU is preempted"
    - xen/xenbus: fix self-deadlock after killing user process
    - ieee802154: atusb: fix use-after-free at disconnect
    - s390/cio: avoid calling strlen on null pointer
    - cfg80211: initialize on-stack chandefs
    - ima: always return negative code for error
    - ima: fix freeing ongoing ahash_request
    - fs: nfs: Fix possible null-pointer dereferences in encode_attrs()
    - 9p: Transport error uninitialized
    - 9p: avoid attaching writeback_fid on mmap with type PRIVATE
    - xen/pci: reserve MCFG areas earlier
    - ceph: fix directories inode i_blkbits initialization
    - ceph: reconnect connection if session hang in opening state
    - watchdog: aspeed: Add support for AST2600
    - netfilter: nf_tables: allow lookups in dynamic sets
    - drm/amdgpu: Fix KFD-related kernel oops on Hawaii
    - drm/amdgpu: Check for valid number of registers to read
    - pNFS: Ensure we do clear the return-on-close layout stateid on fatal errors
    - pwm: stm32-lp: Add check in case requested period cannot be achieved
    - x86/purgatory: Disable the stackleak GCC plugin for the purgatory
    - ntb: point to right memory window index
    - thermal: Fix use-after-free when unregistering thermal zone device
    - thermal_hwmon: Sanitize thermal_zone type
    - libnvdimm/region: Initialize bad block for volatile namespaces
    - fuse: fix memleak in cuse_channel_open
    - libnvdimm/nfit_test: Fix acpi_handle redefinition
    - sched/membarrier: Call sync_core only before usermode for same mm
    - sched/membarrier: Fix private expedited registration check
    - sched/core: Fix migration to invalid CPU in __set_cpus_allowed_ptr()
    - perf build: Add detection of java-11-openjdk-devel package
    - kernel/elfcore.c: include proper prototypes
    - perf unwind: Fix libunwind build failure on i386 systems
    - nfp: flower: fix memory leak in nfp_flower_spawn_vnic_reprs
    - drm/radeon: Bail earlier when radeon.cik_/si_support=0 is passed
    - KVM: PPC: Book3S HV: XIVE: Free escalation interrupts before disabling the
      VP
    - KVM: nVMX: Fix consistency check on injected exception error code
    - nbd: fix crash when the blksize is zero
    - powerpc/pseries: Fix cpu_hotplug_lock acquisition in resize_hpt()
    - powerpc/book3s64/radix: Rename CPU_FTR_P9_TLBIE_BUG feature flag
    - tools lib traceevent: Do not free tep->cmdlines in add_new_comm() on failure
    - tick: broadcast-hrtimer: Fix a race in bc_set_next
    - perf tools: Fix segfault in cpu_cache_level__read()
    - perf stat: Reset previous counts on repeat with interval
    - riscv: Avoid interrupts being erroneously enabled in handle_exception()
    - arm64: Add sysfs vulnerability show for spectre-v1
    - arm64: add sysfs vulnerability show for meltdown
    - arm64: enable generic CPU vulnerabilites support
    - arm64: Always enable ssb vulnerability detection
    - arm64: Provide a command line to disable spectre_v2 mitigation
    - arm64: Advertise mitigation of Spectre-v2, or lack thereof
    - arm64: Always enable spectre-v2 vulnerability detection
    - arm64: add sysfs vulnerability show for spectre-v2
    - arm64: add sysfs vulnerability show for speculative store bypass
    - arm64: ssbs: Don't treat CPUs with SSBS as unaffected by SSB
    - arm64: Use firmware to detect CPUs that are not affected by Spectre-v2
    - arm64/speculation: Support 'mitigations=' cmdline option
    - vfs: Fix EOVERFLOW testing in put_compat_statfs64
    - coresight: etm4x: Use explicit barriers on enable/disable
    - staging: erofs: fix an error handling in erofs_readdir()
    - staging: erofs: some compressed cluster should be submitted for corrupted
      images
    - staging: erofs: add two missing erofs_workgroup_put for corrupted images
    - staging: erofs: detect potential multiref due to corrupted images
    - cfg80211: add and use strongly typed element iteration macros
    - cfg80211: Use const more consistently in for_each_element macros
    - nl80211: validate beacon head
    - KVM: s390: fix __insn32_query() inline assembly
    - crypto: caam/qi - fix error handling in ERN handler
    - PCI: vmd: Fix config addressing when using bus offsets
    - drm/atomic: Reject FLIP_ASYNC unconditionally
    - drm/atomic: Take the atomic toys away from X
    - drm/i915: to make vgpu ppgtt notificaiton as atomic operation
    - mac80211: keep BHs disabled while calling drv_tx_wake_queue()
    - mmc: tegra: Implement ->set_dma_mask()
    - mmc: sdhci: Let drivers define their DMA mask
    - libnvdimm/altmap: Track namespace boundaries in altmap
    - DTS: ARM: gta04: introduce legacy spi-cs-high to make display work again
    - xprtrdma: Toggle XPRT_CONGESTED in xprtrdma's slot methods
    - fuse: fix request limit
    - ceph: fetch cap_gen under spinlock in ceph_add_cap
    - perf probe: Fix to clear tev->nargs in clear_probe_trace_event()
    - selftests/seccomp: fix build on older kernels
    - iommu/amd: Fix downgrading default page-sizes in alloc_pte()
    - bpf: Fix bpf_event_output re-entry issue
    - i2c: qcom-geni: Disable DMA processing on the Lenovo Yoga C630
    - mlxsw: spectrum_flower: Fail in case user specifies multiple mirror actions
    - nfp: abm: fix memory leak in nfp_abm_u32_knode_replace
    - Btrfs: fix selftests failure due to uninitialized i_mode in test inodes
    - libnvdimm: prevent nvdimm from requesting key when security is disabled

Date: 2019-11-14 00:07:35.255705+00:00
Changed-By: Connor Kuehl <connor.kuehl at canonical.com>
Signed-By: Andy Whitcroft <apw at canonical.com>
https://launchpad.net/ubuntu/+source/linux/5.0.0-37.40
-------------- next part --------------
Sorry, changesfile not available.


More information about the Disco-changes mailing list