[ubuntu/disco-updates] linux 5.0.0-35.38 (Accepted)

Andy Whitcroft apw at canonical.com
Tue Nov 12 22:23:20 UTC 2019


linux (5.0.0-35.38) disco; urgency=medium

  * [REGRESSION]  md/raid0: cannot assemble multi-zone RAID0 with default_layout
    setting (LP: #1849682)
    - SAUCE: Fix revert "md/raid0: avoid RAID0 data corruption due to layout
      confusion."

  * refcount underflow and type confusion in shiftfs (LP: #1850867) // CVE-2019-15793
    - SAUCE: shiftfs: Correct id translation for lower fs operations
    - SAUCE: shiftfs: prevent type confusion
    - SAUCE: shiftfs: Fix refcount underflow in btrfs ioctl handling

  * CVE-2018-12207
    - kvm: Convert kvm_lock to a mutex
    - kvm: x86: Do not release the page inside mmu_set_spte()
    - KVM: x86: make FNAME(fetch) and __direct_map more similar
    - KVM: x86: remove now unneeded hugepage gfn adjustment
    - KVM: x86: change kvm_mmu_page_get_gfn BUG_ON to WARN_ON
    - KVM: x86: add tracepoints around __direct_map and FNAME(fetch)
    - kvm: x86, powerpc: do not allow clearing largepages debugfs entry
    - SAUCE: KVM: vmx, svm: always run with EFER.NXE=1 when shadow paging is
      active
    - SAUCE: x86: Add ITLB_MULTIHIT bug infrastructure
    - SAUCE: kvm: mmu: ITLB_MULTIHIT mitigation
    - SAUCE: kvm: Add helper function for creating VM worker threads
    - SAUCE: kvm: x86: mmu: Recovery of shattered NX large pages
    - SAUCE: cpu/speculation: Uninline and export CPU mitigations helpers
    - SAUCE: kvm: x86: mmu: Apply global mitigations knob to ITLB_MULTIHIT

  * CVE-2019-11135
    - KVM: x86: use Intel speculation bugs and features as derived in generic x86
      code
    - x86/msr: Add the IA32_TSX_CTRL MSR
    - x86/cpu: Add a helper function x86_read_arch_cap_msr()
    - x86/cpu: Add a "tsx=" cmdline option with TSX disabled by default
    - x86/speculation/taa: Add mitigation for TSX Async Abort
    - x86/speculation/taa: Add sysfs reporting for TSX Async Abort
    - kvm/x86: Export MDS_NO=0 to guests when TSX is enabled
    - x86/tsx: Add "auto" option to the tsx= cmdline parameter
    - x86/speculation/taa: Add documentation for TSX Async Abort
    - x86/tsx: Add config options to set tsx=on|off|auto
    - SAUCE: x86/speculation/taa: Call tsx_init()
    - [Config] Disable TSX by default when possible

  * CVE-2019-0154
    - SAUCE: drm/i915: Lower RM timeout to avoid DSI hard hangs
    - SAUCE: drm/i915/gen8+: Add RC6 CTX corruption WA

  * CVE-2019-0155
    - SAUCE: drm/i915: Rename gen7 cmdparser tables
    - SAUCE: drm/i915: Disable Secure Batches for gen6+
    - SAUCE: drm/i915: Remove Master tables from cmdparser
    - SAUCE: drm/i915: Add support for mandatory cmdparsing
    - SAUCE: drm/i915: Support ro ppgtt mapped cmdparser shadow buffers
    - SAUCE: drm/i915: Allow parsing of unsized batches
    - SAUCE: drm/i915: Add gen9 BCS cmdparsing
    - SAUCE: drm/i915/cmdparser: Use explicit goto for error paths
    - SAUCE: drm/i915/cmdparser: Add support for backward jumps
    - SAUCE: drm/i915/cmdparser: Ignore Length operands during command matching

linux (5.0.0-34.36) disco; urgency=medium

  * disco/linux: <version to be filled> -proposed tracker (LP: #1850574)

  * [REGRESSION]  md/raid0: cannot assemble multi-zone RAID0 with default_layout
    setting (LP: #1849682)
    - Revert "md/raid0: avoid RAID0 data corruption due to layout confusion."

linux (5.0.0-33.35) disco; urgency=medium

  * disco/linux: 5.0.0-33.35 -proposed tracker (LP: #1849003)

  * Disco update: upstream stable patchset 2019-10-18 (LP: #1848817)
    - tpm: use tpm_try_get_ops() in tpm-sysfs.c.
    - drm/bridge: tc358767: Increase AUX transfer length limit
    - drm/panel: simple: fix AUO g185han01 horizontal blanking
    - video: ssd1307fb: Start page range at page_offset
    - drm/stm: attach gem fence to atomic state
    - drm/panel: check failure cases in the probe func
    - drm/rockchip: Check for fast link training before enabling psr
    - drm/radeon: Fix EEH during kexec
    - gpu: drm: radeon: Fix a possible null-pointer dereference in
      radeon_connector_set_property()
    - PCI: rpaphp: Avoid a sometimes-uninitialized warning
    - ipmi_si: Only schedule continuously in the thread in maintenance mode
    - clk: qoriq: Fix -Wunused-const-variable
    - clk: sunxi-ng: v3s: add missing clock slices for MMC2 module clocks
    - drm/amd/display: fix issue where 252-255 values are clipped
    - drm/amd/display: reprogram VM config when system resume
    - powerpc/powernv/ioda2: Allocate TCE table levels on demand for default DMA
      window
    - clk: actions: Don't reference clk_init_data after registration
    - clk: sirf: Don't reference clk_init_data after registration
    - clk: sprd: Don't reference clk_init_data after registration
    - clk: zx296718: Don't reference clk_init_data after registration
    - powerpc/xmon: Check for HV mode when dumping XIVE info from OPAL
    - powerpc/rtas: use device model APIs and serialization during LPM
    - powerpc/futex: Fix warning: 'oldval' may be used uninitialized in this
      function
    - powerpc/pseries/mobility: use cond_resched when updating device tree
    - pinctrl: tegra: Fix write barrier placement in pmx_writel
    - powerpc/eeh: Clear stale EEH_DEV_NO_HANDLER flag
    - vfio_pci: Restore original state on release
    - drm/nouveau/volt: Fix for some cards having 0 maximum voltage
    - pinctrl: amd: disable spurious-firing GPIO IRQs
    - clk: renesas: mstp: Set GENPD_FLAG_ALWAYS_ON for clock domain
    - clk: renesas: cpg-mssr: Set GENPD_FLAG_ALWAYS_ON for clock domain
    - drm/amd/display: support spdif
    - drm/amdgpu/si: fix ASIC tests
    - powerpc/64s/exception: machine check use correct cfar for late handler
    - pstore: fs superblock limits
    - clk: qcom: gcc-sdm845: Use floor ops for sdcc clks
    - powerpc/pseries: correctly track irq state in default idle
    - pinctrl: meson-gxbb: Fix wrong pinning definition for uart_c
    - arm64: fix unreachable code issue with cmpxchg
    - clk: at91: select parent if main oscillator or bypass is enabled
    - powerpc: dump kernel log before carrying out fadump or kdump
    - mbox: qcom: add APCS child device for QCS404
    - clk: sprd: add missing kfree
    - scsi: core: Reduce memory required for SCSI logging
    - dma-buf/sw_sync: Synchronize signal vs syncpt free
    - ext4: fix potential use after free after remounting with noblock_validity
    - MIPS: Ingenic: Disable broken BTB lookup optimization.
    - MIPS: tlbex: Explicitly cast _PAGE_NO_EXEC to a boolean
    - i2c-cht-wc: Fix lockdep warning
    - PCI: tegra: Fix OF node reference leak
    - HID: wacom: Fix several minor compiler warnings
    - livepatch: Nullify obj->mod in klp_module_coming()'s error path
    - ARM: 8898/1: mm: Don't treat faults reported from cache maintenance as
      writes
    - soundwire: intel: fix channel number reported by hardware
    - ARM: 8875/1: Kconfig: default to AEABI w/ Clang
    - rtc: snvs: fix possible race condition
    - rtc: pcf85363/pcf85263: fix regmap error in set_time
    - HID: apple: Fix stuck function keys when using FN
    - PCI: rockchip: Propagate errors for optional regulators
    - PCI: histb: Propagate errors for optional regulators
    - PCI: imx6: Propagate errors for optional regulators
    - PCI: exynos: Propagate errors for optional PHYs
    - security: smack: Fix possible null-pointer dereferences in
      smack_socket_sock_rcv_skb()
    - ARM: 8903/1: ensure that usable memory in bank 0 starts from a PMD-aligned
      address
    - fat: work around race with userspace's read via blockdev while mounting
    - pktcdvd: remove warning on attempting to register non-passthrough dev
    - hypfs: Fix error number left in struct pointer member
    - crypto: hisilicon - Fix double free in sec_free_hw_sgl()
    - kbuild: clean compressed initramfs image
    - ocfs2: wait for recovering done after direct unlock request
    - kmemleak: increase DEBUG_KMEMLEAK_EARLY_LOG_SIZE default to 16K
    - arm64: consider stack randomization for mmap base only when necessary
    - mips: properly account for stack randomization and stack guard gap
    - arm: properly account for stack randomization and stack guard gap
    - arm: use STACK_TOP when computing mmap base address
    - bpf: fix use after free in prog symbol exposure
    - cxgb4:Fix out-of-bounds MSI-X info array access
    - erspan: remove the incorrect mtu limit for erspan
    - hso: fix NULL-deref on tty open
    - ipv6: drop incoming packets having a v4mapped source address
    - ipv6: Handle missing host route in __ipv6_ifa_notify
    - net: ipv4: avoid mixed n_redirects and rate_tokens usage
    - net: qlogic: Fix memory leak in ql_alloc_large_buffers
    - net: Unpublish sk from sk_reuseport_cb before call_rcu
    - nfc: fix memory leak in llcp_sock_bind()
    - qmi_wwan: add support for Cinterion CLS8 devices
    - rxrpc: Fix rxrpc_recvmsg tracepoint
    - sch_dsmark: fix potential NULL deref in dsmark_init()
    - udp: fix gso_segs calculations
    - vsock: Fix a lockdep warning in __vsock_release()
    - net: dsa: rtl8366: Check VLAN ID and not ports
    - udp: only do GSO if # of segs > 1
    - net/rds: Fix error handling in rds_ib_add_one()
    - xen-netfront: do not use ~0U as error return value for xennet_fill_frags()
    - tipc: fix unlimited bundling of small messages
    - sch_cbq: validate TCA_CBQ_WRROPT to avoid crash
    - soundwire: Kconfig: fix help format
    - soundwire: fix regmap dependencies and align with other serial links
    - Smack: Don't ignore other bprm->unsafe flags if LSM_UNSAFE_PTRACE is set
    - smack: use GFP_NOFS while holding inode_smack::smk_lock
    - NFC: fix attrs checks in netlink interface
    - kexec: bail out upon SIGKILL when allocating memory.
    - 9p/cache.c: Fix memory leak in v9fs_cache_session_get_cookie
    - drm/vkms: Fix crc worker races
    - drm/vkms: Avoid assigning 0 for possible_crtc
    - drm/amd/display: add monitor patch to add T7 delay
    - drm/tinydrm/Kconfig: drivers: Select BACKLIGHT_CLASS_DEVICE
    - clk: imx8mq: Mark AHB clock as critical
    - drm/amd/display: Fix frames_to_insert math
    - clk: meson: axg-audio: Don't reference clk_init_data after registration
    - powerpc/64s/radix: Fix memory hotplug section page table creation
    - selftests/powerpc: Retry on host facility unavailable
    - powerpc/eeh: Clean up EEH PEs after recovery finishes
    - mailbox: mediatek: cmdq: clear the event in cmdq initial flow
    - clk: Make clk_bulk_get_all() return a valid "id"
    - f2fs: fix to drop meta/node pages during umount
    - MIPS: Don't use bc_false uninitialized in __mm_isBranchInstr
    - PCI: pci-hyperv: Fix build errors on non-SYSFS config
    - PCI: Add pci_info_ratelimited() to ratelimit PCI separately
    - PCI: Use static const struct, not const static struct
    - ARM: 8905/1: Emit __gnu_mcount_nc when using Clang 10.0.0 or newer
    - KVM: hyperv: Fix Direct Synthetic timers assert an interrupt w/o
      lapic_in_kernel
    - clk: ingenic/jz4740: Fix "pll half" divider not read/written properly
    - clk: sunxi: Don't call clk_hw_get_name() on a hw that isn't registered
    - ARM: dts: dir685: Drop spi-cpol from the display
    - mm: add dummy can_do_mlock() helper
    - [Config] updateconfigs for SOUNDWIRE

  * [CML] New device IDs for CML-U (LP: #1843774)
    - spi-nor: intel-spi: Add support for Intel Comet Lake SPI serial flash

  * [CML-U] Comet lake platform need ISH driver support (LP: #1843775)
    - HID: intel-ish-hid: Add Comet Lake PCI device ID

  * CVE-2019-17666
    - SAUCE: rtlwifi: rtl8822b: Fix potential overflow on P2P code
    - SAUCE: rtlwifi: Fix potential overflow on P2P code

  * md raid0/linear doesn't show error state if an array member is removed and
    allows successful writes (LP: #1847773)
    - md raid0/linear: Mark array as 'broken' and fail BIOs if a member is gone

  * seccomp: add SECCOMP_USER_NOTIF_FLAG_CONTINUE    (LP: #1847744)
    - SAUCE: seccomp: add SECCOMP_USER_NOTIF_FLAG_CONTINUE
    - SAUCE: seccomp: test SECCOMP_USER_NOTIF_FLAG_CONTINUE

  * Change Config Option CONFIG_MEMORY_HOTPLUG_DEFAULT_ONLINE for s390x from yes
    to no (LP: #1848492)
    - [Config] Change Config Option CONFIG_MEMORY_HOTPLUG_DEFAULT_ONLINE for s390x
      from yes to no

  * fdatasync performance regression on 5.0 kernels (LP: #1847641)
    - blk-wbt: fix performance regression in wbt scale_up/scale_down

  * bcache: Performance degradation when querying priority_stats (LP: #1840043)
    - bcache: add cond_resched() in __bch_cache_cmp()

  * Add installer support for iwlmvm adapters (LP: #1848236)
    - d-i: Add iwlmvm to nic-modules

  * Check for CPU Measurement sampling (LP: #1847590)
    - s390/cpumsf: Check for CPU Measurement sampling

  * Disco update: upstream stable patchset 2019-10-16 (LP: #1848367)
    - arcnet: provide a buffer big enough to actually receive packets
    - cdc_ncm: fix divide-by-zero caused by invalid wMaxPacketSize
    - macsec: drop skb sk before calling gro_cells_receive
    - net/phy: fix DP83865 10 Mbps HDX loopback disable function
    - net: qrtr: Stop rx_worker before freeing node
    - net/sched: act_sample: don't push mac header on ip6gre ingress
    - net_sched: add max len check for TCA_KIND
    - nfp: flower: fix memory leak in nfp_flower_spawn_vnic_reprs
    - openvswitch: change type of UPCALL_PID attribute to NLA_UNSPEC
    - ppp: Fix memory leak in ppp_write
    - sch_netem: fix a divide by zero in tabledist()
    - skge: fix checksum byte order
    - usbnet: ignore endpoints with invalid wMaxPacketSize
    - usbnet: sanity checking of packet sizes and device mtu
    - net: sched: fix possible crash in tcf_action_destroy()
    - tcp: better handle TCP_USER_TIMEOUT in SYN_SENT state
    - net/mlx5: Add device ID of upcoming BlueField-2
    - nfp: flower: prevent memory leak in nfp_flower_spawn_phy_reprs
    - ALSA: hda: Flush interrupts on disabling
    - regulator: lm363x: Fix off-by-one n_voltages for lm3632 ldo_vpos/ldo_vneg
    - ASoC: tlv320aic31xx: suppress error message for EPROBE_DEFER
    - ASoC: sgtl5000: Fix of unmute outputs on probe
    - ASoC: sgtl5000: Fix charge pump source assignment
    - firmware: qcom_scm: Use proper types for dma mappings
    - dmaengine: bcm2835: Print error in case setting DMA mask fails
    - leds: leds-lp5562 allow firmware files up to the maximum length
    - media: dib0700: fix link error for dibx000_i2c_set_speed
    - media: mtk-cir: lower de-glitch counter for rc-mm protocol
    - media: exynos4-is: fix leaked of_node references
    - media: hdpvr: Add device num check and handling
    - media: i2c: ov5640: Check for devm_gpiod_get_optional() error
    - time/tick-broadcast: Fix tick_broadcast_offline() lockdep complaint
    - sched/fair: Fix imbalance due to CPU affinity
    - sched/core: Fix CPU controller for !RT_GROUP_SCHED
    - x86/apic: Make apic_pending_intr_clear() more robust
    - sched/deadline: Fix bandwidth accounting at all levels after offline
      migration
    - x86/reboot: Always use NMI fallback when shutdown via reboot vector IPI
      fails
    - x86/apic: Soft disable APIC before initializing it
    - ALSA: hda - Show the fatal CORB/RIRB error more clearly
    - ALSA: i2c: ak4xxx-adda: Fix a possible null pointer dereference in
      build_adc_controls()
    - EDAC/mc: Fix grain_bits calculation
    - media: iguanair: add sanity checks
    - base: soc: Export soc_device_register/unregister APIs
    - ALSA: usb-audio: Skip bSynchAddress endpoint check if it is invalid
    - ia64:unwind: fix double free for mod->arch.init_unw_table
    - EDAC/altera: Use the proper type for the IRQ status bits
    - ASoC: rsnd: don't call clk_get_rate() under atomic context
    - arm64/prefetch: fix a -Wtype-limits warning
    - md/raid1: end bio when the device faulty
    - md: don't call spare_active in md_reap_sync_thread if all member devices
      can't work
    - md: don't set In_sync if array is frozen
    - media: media/platform: fsl-viu.c: fix build for MICROBLAZE
    - ACPI / processor: don't print errors for processorIDs == 0xff
    - loop: Add LOOP_SET_DIRECT_IO to compat ioctl
    - EDAC, pnd2: Fix ioremap() size in dnv_rd_reg()
    - efi: cper: print AER info of PCIe fatal error
    - firmware: arm_scmi: Check if platform has released shmem before using
    - sched/fair: Use rq_lock/unlock in online_fair_sched_group
    - idle: Prevent late-arriving interrupts from disrupting offline
    - media: gspca: zero usb_buf on error
    - perf config: Honour $PERF_CONFIG env var to specify alternate .perfconfig
    - perf test vfs_getname: Disable ~/.perfconfig to get default output
    - media: mtk-mdp: fix reference count on old device tree
    - media: fdp1: Reduce FCP not found message level to debug
    - media: em28xx: modules workqueue not inited for 2nd device
    - media: rc: imon: Allow iMON RC protocol for ffdc 7e device
    - dmaengine: iop-adma: use correct printk format strings
    - perf record: Support aarch64 random socket_id assignment
    - media: vsp1: fix memory leak of dl on error return path
    - media: i2c: ov5645: Fix power sequence
    - media: omap3isp: Don't set streaming state on random subdevs
    - media: imx: mipi csi-2: Don't fail if initial state times-out
    - net: lpc-enet: fix printk format strings
    - m68k: Prevent some compiler warnings in Coldfire builds
    - ARM: dts: imx7d: cl-som-imx7: make ethernet work again
    - ARM: dts: imx7-colibri: disable HS400
    - media: radio/si470x: kill urb on error
    - media: hdpvr: add terminating 0 at end of string
    - ASoC: uniphier: Fix double reset assersion when transitioning to suspend
      state
    - tools headers: Fixup bitsperlong per arch includes
    - ASoC: sun4i-i2s: Don't use the oversample to calculate BCLK
    - led: triggers: Fix a memory leak bug
    - nbd: add missing config put
    - media: mceusb: fix (eliminate) TX IR signal length limit
    - media: dvb-frontends: use ida for pll number
    - posix-cpu-timers: Sanitize bogus WARNONS
    - media: dvb-core: fix a memory leak bug
    - libperf: Fix alignment trap with xyarray contents in 'perf stat'
    - EDAC/amd64: Recognize DRAM device type ECC capability
    - EDAC/amd64: Decode syndrome before translating address
    - PM / devfreq: passive: Use non-devm notifiers
    - PM / devfreq: exynos-bus: Correct clock enable sequence
    - media: cec-notifier: clear cec_adap in cec_notifier_unregister
    - media: saa7146: add cleanup in hexium_attach()
    - media: cpia2_usb: fix memory leaks
    - media: saa7134: fix terminology around saa7134_i2c_eeprom_md7134_gate()
    - perf trace beauty ioctl: Fix off-by-one error in cmd->string table
    - media: ov9650: add a sanity check
    - ASoC: es8316: fix headphone mixer volume table
    - ACPI / CPPC: do not require the _PSD method
    - sched/cpufreq: Align trace event behavior of fast switching
    - x86/apic/vector: Warn when vector space exhaustion breaks affinity
    - arm64: kpti: ensure patched kernel text is fetched from PoU
    - x86/mm/pti: Do not invoke PTI functions when PTI is disabled
    - ASoC: fsl_ssi: Fix clock control issue in master mode
    - x86/mm/pti: Handle unaligned address gracefully in pti_clone_pagetable()
    - nvmet: fix data units read and written counters in SMART log
    - nvme-multipath: fix ana log nsid lookup when nsid is not found
    - ALSA: firewire-motu: add support for MOTU 4pre
    - iommu/amd: Silence warnings under memory pressure
    - libata/ahci: Drop PCS quirk for Denverton and beyond
    - iommu/iova: Avoid false sharing on fq_timer_on
    - libtraceevent: Change users plugin directory
    - ARM: dts: exynos: Mark LDO10 as always-on on Peach Pit/Pi Chromebooks
    - ACPI: custom_method: fix memory leaks
    - ACPI / PCI: fix acpi_pci_irq_enable() memory leak
    - closures: fix a race on wakeup from closure_sync
    - hwmon: (acpi_power_meter) Change log level for 'unsafe software power cap'
    - md/raid1: fail run raid1 array when active disk less than one
    - dmaengine: ti: edma: Do not reset reserved paRAM slots
    - kprobes: Prohibit probing on BUG() and WARN() address
    - s390/crypto: xts-aes-s390 fix extra run-time crypto self tests finding
    - x86/cpu: Add Tiger Lake to Intel family
    - platform/x86: intel_pmc_core: Do not ioremap RAM
    - ASoC: dmaengine: Make the pcm->name equal to pcm->id if the name is not set
    - raid5: don't set STRIPE_HANDLE to stripe which is in batch list
    - mmc: core: Clarify sdio_irq_pending flag for MMC_CAP2_SDIO_IRQ_NOTHREAD
    - mmc: sdhci: Fix incorrect switch to HS mode
    - mmc: core: Add helper function to indicate if SDIO IRQs is enabled
    - mmc: dw_mmc: Re-store SDIO IRQs mask at system resume
    - raid5: don't increment read_errors on EILSEQ return
    - libertas: Add missing sentinel at end of if_usb.c fw_table
    - ALSA: hda - Drop unsol event handler for Intel HDMI codecs
    - drm/amd/powerplay/smu7: enforce minimal VBITimeout (v2)
    - media: ttusb-dec: Fix info-leak in ttusb_dec_send_command()
    - ALSA: hda/realtek - Blacklist PC beep for Lenovo ThinkCentre M73/93
    - btrfs: extent-tree: Make sure we only allocate extents from block groups
      with the same type
    - media: omap3isp: Set device on omap3isp subdevs
    - PM / devfreq: passive: fix compiler warning
    - iwlwifi: fw: don't send GEO_TX_POWER_LIMIT command to FW version 36
    - ALSA: firewire-tascam: handle error code when getting current source of
      clock
    - ALSA: firewire-tascam: check intermediate state of clock status and retry
    - scsi: scsi_dh_rdac: zero cdb in send_mode_select()
    - scsi: qla2xxx: Fix Relogin to prevent modifying scan_state flag
    - printk: Do not lose last line in kmsg buffer dump
    - IB/mlx5: Free mpi in mp_slave mode
    - IB/hfi1: Define variables as unsigned long to fix KASAN warning
    - randstruct: Check member structs in is_pure_ops_struct()
    - Revert "ceph: use ceph_evict_inode to cleanup inode's resource"
    - ceph: use ceph_evict_inode to cleanup inode's resource
    - ALSA: hda/realtek - PCI quirk for Medion E4254
    - blk-mq: add callback of .cleanup_rq
    - scsi: implement .cleanup_rq callback
    - powerpc/imc: Dont create debugfs files for cpu-less nodes
    - fuse: fix missing unlock_page in fuse_writepage()
    - parisc: Disable HP HSC-PCI Cards to prevent kernel crash
    - KVM: x86: always stop emulation on page fault
    - KVM: x86: set ctxt->have_exception in x86_decode_insn()
    - KVM: x86: Manually calculate reserved bits when loading PDPTRS
    - media: sn9c20x: Add MSI MS-1039 laptop to flip_dmi_table
    - media: don't drop front-end reference count for ->detach
    - binfmt_elf: Do not move brk for INTERP-less ET_EXEC
    - ASoC: Intel: NHLT: Fix debug print format
    - ASoC: Intel: Skylake: Use correct function to access iomem space
    - ASoC: Intel: Fix use of potentially uninitialized variable
    - ARM: samsung: Fix system restart on S3C6410
    - ARM: zynq: Use memcpy_toio instead of memcpy on smp bring-up
    - arm64: tlb: Ensure we execute an ISB following walk cache invalidation
    - arm64: dts: rockchip: limit clock rate of MMC controllers for RK3328
    - alarmtimer: Use EOPNOTSUPP instead of ENOTSUPP
    - regulator: Defer init completion for a while after late_initcall
    - efifb: BGRT: Improve efifb_bgrt_sanity_check
    - gfs2: clear buf_in_tr when ending a transaction in sweep_bh_for_rgrps
    - memcg, oom: don't require __GFP_FS when invoking memcg OOM killer
    - memcg, kmem: do not fail __GFP_NOFAIL charges
    - i40e: check __I40E_VF_DISABLE bit in i40e_sync_filters_subtask
    - block: fix null pointer dereference in blk_mq_rq_timed_out()
    - smb3: allow disabling requesting leases
    - ovl: Fix dereferencing possible ERR_PTR()
    - ovl: filter of trusted xattr results in audit
    - btrfs: fix allocation of free space cache v1 bitmap pages
    - Btrfs: fix use-after-free when using the tree modification log
    - btrfs: Relinquish CPUs in btrfs_compare_trees
    - btrfs: qgroup: Fix the wrong target io_tree when freeing reserved data space
    - btrfs: qgroup: Fix reserved data space leak if we have multiple reserve
      calls
    - Btrfs: fix race setting up and completing qgroup rescan workers
    - md/raid6: Set R5_ReadError when there is read failure on parity disk
    - md: don't report active array_state until after revalidate_disk() completes.
    - md: only call set_in_sync() when it is expected to succeed.
    - cfg80211: Purge frame registrations on iftype change
    - /dev/mem: Bail out upon SIGKILL.
    - ext4: fix warning inside ext4_convert_unwritten_extents_endio
    - ext4: fix punch hole for inline_data file systems
    - quota: fix wrong condition in is_quota_modification()
    - hwrng: core - don't wait on add_early_randomness()
    - i2c: riic: Clear NACK in tend isr
    - CIFS: fix max ea value size
    - CIFS: Fix oplock handling for SMB 2.1+ protocols
    - md/raid0: avoid RAID0 data corruption due to layout confusion.
    - fuse: fix deadlock with aio poll and fuse_iqueue::waitq.lock
    - mm/compaction.c: clear total_{migrate,free}_scanned before scanning a new
      zone
    - drm/amd/display: Restore backlight brightness after system resume
    - selftests: Update fib_tests to handle missing ping6
    - vrf: Do not attempt to create IPv6 mcast rule if IPv6 is disabled
    - net/mlx5e: Fix traffic duplication in ethtool steering
    - media: vivid:add sanity check to avoid divide error and set value to 1 if 0.
    - media: vb2: reorder checks in vb2_poll()
    - media: vivid: work around high stack usage with clang
    - rcu/tree: Call setschedule() gp ktread to SCHED_FIFO outside of atomic
      region
    - arm64: mm: free the initrd reserved memblock in a aligned manner
    - soc: amlogic: meson-clk-measure: protect measure with a mutex
    - RAS: Build debugfs.o only when enabled in Kconfig
    - ASoC: hdac_hda: fix page fault issue by removing race
    - perf tools: Fix paths in include statements
    - blk-mq: Fix memory leak in blk_mq_init_allocated_queue error handling
    - media: i2c: tda1997x: prevent potential NULL pointer access
    - arm64/efi: Move variable assignments after SECTIONS
    - ARM: xscale: fix multi-cpu compilation
    - kasan/arm64: fix CONFIG_KASAN_SW_TAGS && KASAN_INLINE
    - x86/platform/intel/iosf_mbi Rewrite locking
    - powerpc/Makefile: Always pass --synthetic to nm if supported
    - ACPI / APEI: Release resources if gen_pool_add() fails
    - ARM: at91: move platform-specific asm-offset.h to arch/arm/mach-at91
    - soc: renesas: rmobile-sysc: Set GENPD_FLAG_ALWAYS_ON for always-on domain
    - soc: renesas: Enable ARM_ERRATA_754322 for affected Cortex-A9
    - PM / devfreq: Fix kernel oops on governor module load
    - media: aspeed-video: address a protential usage of an unitialized var
    - ASoC: Intel: Haswell: Adjust machine device private context
    - x86/amd_nb: Add PCI device IDs for family 17h, model 70h
    - hwmon: (k10temp) Add support for AMD family 17h, model 70h CPUs
    - block: make rq sector size accessible for block stats
    - mmc: mtk-sd: Re-store SDIO IRQs mask at system resume
    - drm: fix module name in edid_firmware log message
    - zd1211rw: remove false assertion from zd_mac_clear()
    - btrfs: delayed-inode: Kill the BUG_ON() in btrfs_delete_delayed_dir_index()
    - kvm: Nested KVM MMUs need PAE root too
    - ARM: dts: logicpd-torpedo-baseboard: Fix missing video
    - ARM: omap2plus_defconfig: Fix missing video
    - ARM: dts: am3517-evm: Fix missing video
    - rcu/tree: Fix SCHED_FIFO params
    - fuse: fix beyond-end-of-page access in fuse_parse_cache()
    - KVM: x86: Disable posted interrupts for non-standard IRQs delivery modes
    - spi: spi-fsl-dspi: Exit the ISR with IRQ_NONE when it's not ours
    - iommu/arm-smmu-v3: Disable detection of ATS and PRI
    - mt76: round up length on mt76_wr_copy
    - ath10k: fix channel info parsing for non tlv target
    - block: mq-deadline: Fix queue restart handling
    - btrfs: adjust dirty_metadata_bytes after writeback failure of extent buffer
    - SUNRPC: Fix buffer handling of GSS MIC without slack
    - ACPI / LPSS: Save/restore LPSS private registers also on Lynxpoint
    - fs: Export generic_fadvise()
    - mm: Handle MADV_WILLNEED through vfs_fadvise()
    - xfs: Fix stale data exposure when readahead races with hole punch
    - ipmi: move message error checking to avoid deadlock

  * ELAN469D touch pad not working (LP: #1795292) // Ubuntu won't boot on Dell
    Inspiron 7375 (LP: #1837688) // Disco update: upstream stable patchset
    2019-10-16 (LP: #1848367)
    - iommu/amd: Override wrong IVRS IOAPIC on Raven Ridge systems

  * intel-lpss driver conflicts with write-combining MTRR region (LP: #1845584)
    - SAUCE: mfd: intel-lpss: add quirk for Dell XPS 13 7390 2-in-1

  * Fix non-working Realtek USB ethernet after system resume (LP: #1847063)
    - r8152: remove extra action copying ethernet address
    - r8152: Refresh MAC address during USBDEVFS_RESET
    - r8152: Set macpassthru in reset_resume callback

  * overlayfs: allow with shiftfs as underlay (LP: #1846272)
    - SAUCE: overlayfs: allow with shiftfs as underlay

  * [regression] NoNewPrivileges incompatible with Apparmor (LP: #1844186)
    - SAUCE: apparmor: fix nnp subset test for unconfined

  * PM / hibernate: fix potential memory corruption (LP: #1847118)
    - PM / hibernate: memory_bm_find_bit(): Tighten node optimisation

  * xHCI on AMD Stoney Ridge cannot detect USB 2.0 or 1.1 devices.
    (LP: #1846470)
    - x86/PCI: Avoid AMD FCH XHCI USB PME# from D0 defect

  * CVE-2019-17056
    - nfc: enforce CAP_NET_RAW for raw sockets

  * CVE-2019-17055
    - mISDN: enforce CAP_NET_RAW for raw sockets

  * CVE-2019-17054
    - appletalk: enforce CAP_NET_RAW for raw sockets

  * CVE-2019-17053
    - ieee802154: enforce CAP_NET_RAW for raw sockets

  * CVE-2019-17052
    - ax25: enforce CAP_NET_RAW for raw sockets

  * CVE-2019-15098
    - ath6kl: fix a NULL-ptr-deref bug in ath6kl_usb_alloc_urb_from_pipe()

  * Disco update: upstream stable patchset 2019-10-10 (LP: #1847663)
    - Revert "Bluetooth: validate BLE connection interval updates"
    - net/ibmvnic: free reset work of removed device from queue
    - powerpc/xive: Fix bogus error code returned by OPAL
    - drm/amd/display: readd -msse2 to prevent Clang from emitting libcalls to
      undefined SW FP routines
    - HID: prodikeys: Fix general protection fault during probe
    - HID: sony: Fix memory corruption issue on cleanup.
    - HID: logitech: Fix general protection fault caused by Logitech driver
    - HID: hidraw: Fix invalid read in hidraw_ioctl
    - HID: Add quirk for HP X500 PIXART OEM mouse
    - mtd: cfi_cmdset_0002: Use chip_good() to retry in do_write_oneword()
    - crypto: talitos - fix missing break in switch statement
    - CIFS: fix deadlock in cached root handling
    - ASoC: Intel: cht_bsw_max98090_ti: Enable codec clock once and keep it
      enabled
    - ASoC: fsl: Fix of-node refcount unbalance in fsl_ssi_probe_from_dt()
    - ALSA: usb-audio: Add Hiby device family to quirks for native DSD support
    - ALSA: usb-audio: Add DSD support for EVGA NU Audio
    - ALSA: dice: fix wrong packet parameter for Alesis iO26
    - ALSA: hda - Add laptop imic fixup for ASUS M9V laptop
    - ALSA: hda - Apply AMD controller workaround for Raven platform
    - objtool: Clobber user CFLAGS variable
    - irqchip/gic-v3-its: Fix LPI release for Multi-MSI devices
    - f2fs: check all the data segments against all node ones
    - PCI: hv: Avoid use of hv_pci_dev->pci_slot after freeing it
    - bcache: remove redundant LIST_HEAD(journal) from run_cache_set()
    - initramfs: don't free a non-existent initrd
    - Revert "f2fs: avoid out-of-range memory access"
    - dm zoned: fix invalid memory access
    - net/ibmvnic: Fix missing { in __ibmvnic_reset
    - f2fs: fix to do sanity check on segment bitmap of LFS curseg
    - drm: Flush output polling on shutdown
    - net: don't warn in inet diag when IPV6 is disabled
    - Bluetooth: btrtl: HCI reset on close for Realtek BT chip
    - ACPI: video: Add new hw_changes_brightness quirk, set it on PB Easynote MZ35
    - drm/nouveau/disp/nv50-: fix center/aspect-corrected scaling
    - xfs: don't crash on null attr fork xfs_bmapi_read
    - netfilter: nft_socket: fix erroneous socket assignment
    - Bluetooth: btrtl: Additional Realtek 8822CE Bluetooth devices
    - net_sched: check cops->tcf_block in tc_bind_tclass()
    - net/rds: An rds_sock is added too early to the hash table
    - net/rds: Check laddr_check before calling it
    - f2fs: use generic EFSBADCRC/EFSCORRUPTED
    - phy: qcom-qmp: Raise qcom_qmp_phy_enable() polling delay
    - drm/amd/display: Allow cursor async updates for framebuffer swaps
    - drm/amd/display: Skip determining update type for async updates
    - drm/amd/display: Don't replace the dc_state for fast updates
    - platform/x86: i2c-multi-instantiate: Derive the device name from parent
    - drm/dp: Add DP_DPCD_QUIRK_NO_SINK_COUNT
    - xfrm: policy: avoid warning splat when merging nodes

  * Disco update: upstream stable patchset 2019-10-01 (LP: #1846277)
    - netfilter: nf_flow_table: set default timeout after successful insertion
    - HID: wacom: generic: read HID_DG_CONTACTMAX from any feature report
    - Input: elan_i2c - remove Lenovo Legion Y7000 PnpID
    - powerpc/mm/radix: Use the right page size for vmemmap mapping
    - USB: usbcore: Fix slab-out-of-bounds bug during device reset
    - media: tm6000: double free if usb disconnect while streaming
    - phy: renesas: rcar-gen3-usb2: Disable clearing VBUS in over-current
    - ip6_gre: fix a dst leak in ip6erspan_tunnel_xmit
    - udp: correct reuseport selection with connected sockets
    - xen-netfront: do not assume sk_buff_head list is empty in error handling
    - net_sched: let qdisc_put() accept NULL pointer
    - firmware: google: check if size is valid when decoding VPD data
    - serial: sprd: correct the wrong sequence of arguments
    - tty/serial: atmel: reschedule TX after RX was started
    - nl80211: Fix possible Spectre-v1 for CQM RSSI thresholds
    - ieee802154: hwsim: Fix error handle path in hwsim_init_module
    - ieee802154: hwsim: unregister hw while hwsim_subscribe_all_others fails
    - ARM: dts: am57xx: Disable voltage switching for SD card
    - ARM: OMAP2+: Fix missing SYSC_HAS_RESET_STATUS for dra7 epwmss
    - bus: ti-sysc: Fix using configured sysc mask value
    - s390/bpf: fix lcgr instruction encoding
    - ARM: OMAP2+: Fix omap4 errata warning on other SoCs
    - ARM: dts: dra74x: Fix iodelay configuration for mmc3
    - ARM: OMAP1: ams-delta-fiq: Fix missing irq_ack
    - bus: ti-sysc: Simplify cleanup upon failures in sysc_probe()
    - s390/bpf: use 32-bit index for tail calls
    - selftests/bpf: fix "bind{4, 6} deny specific IP & port" on s390
    - tools: bpftool: close prog FD before exit on showing a single program
    - fpga: altera-ps-spi: Fix getting of optional confd gpio
    - netfilter: ebtables: Fix argument order to ADD_COUNTER
    - netfilter: nft_flow_offload: missing netlink attribute policy
    - netfilter: xt_nfacct: Fix alignment mismatch in xt_nfacct_match_info
    - NFSv4: Fix return values for nfs4_file_open()
    - NFSv4: Fix return value in nfs_finish_open()
    - NFS: Fix initialisation of I/O result struct in nfs_pgio_rpcsetup
    - Kconfig: Fix the reference to the IDT77105 Phy driver in the description of
      ATM_NICSTAR_USE_IDT77105
    - xdp: unpin xdp umem pages in error path
    - qed: Add cleanup in qed_slowpath_start()
    - ARM: 8874/1: mm: only adjust sections of valid mm structures
    - batman-adv: Only read OGM2 tvlv_len after buffer len check
    - bpf: allow narrow loads of some sk_reuseport_md fields with offset > 0
    - r8152: Set memory to all 0xFFs on failed reg reads
    - x86/apic: Fix arch_dynirq_lower_bound() bug for DT enabled machines
    - netfilter: xt_physdev: Fix spurious error message in physdev_mt_check
    - netfilter: nf_conntrack_ftp: Fix debug output
    - NFSv2: Fix eof handling
    - NFSv2: Fix write regression
    - kallsyms: Don't let kallsyms_lookup_size_offset() fail on retrieving the
      first symbol
    - cifs: set domainName when a domain-key is used in multiuser
    - cifs: Use kzfree() to zero out the password
    - usb: host: xhci-tegra: Set DMA mask correctly
    - ARM: 8901/1: add a criteria for pfn_valid of arm
    - ibmvnic: Do not process reset during or after device removal
    - sky2: Disable MSI on yet another ASUS boards (P6Xxxx)
    - i2c: designware: Synchronize IRQs when unregistering slave client
    - perf/x86/intel: Restrict period on Nehalem
    - perf/x86/amd/ibs: Fix sample bias for dispatched micro-ops
    - amd-xgbe: Fix error path in xgbe_mod_init()
    - tools/power x86_energy_perf_policy: Fix "uninitialized variable" warnings at
      -O2
    - tools/power x86_energy_perf_policy: Fix argument parsing
    - tools/power turbostat: fix buffer overrun
    - net: aquantia: fix out of memory condition on rx side
    - net: seeq: Fix the function used to release some memory in an error handling
      path
    - dmaengine: ti: dma-crossbar: Fix a memory leak bug
    - dmaengine: ti: omap-dma: Add cleanup in omap_dma_probe()
    - x86/uaccess: Don't leak the AC flags into __get_user() argument evaluation
    - x86/hyper-v: Fix overflow bug in fill_gva_list()
    - keys: Fix missing null pointer check in request_key_auth_describe()
    - iommu/amd: Flush old domains in kdump kernel
    - iommu/amd: Fix race in increase_address_space()
    - ovl: fix regression caused by overlapping layers detection
    - floppy: fix usercopy direction
    - binfmt_elf: move brk out of mmap when doing direct loader exec
    - SUNRPC: Handle connection breakages correctly in call_status()
    - nfs: disable client side deduplication
    - net: aquantia: fix limit of vlan filters
    - net: dsa: Fix load order between DSA drivers and taggers
    - ARM: dts: Fix flags for gpio7
    - bus: ti-sysc: Handle devices with no control registers
    - ARM: dts: Fix incorrect dcan register mapping for am3, am4 and dra7
    - ARM: dts: am335x: Fix UARTs length
    - ARM: dts: Fix incomplete dts data for am3 and am4 mmc
    - selftests/bpf: fix test_cgroup_storage on s390
    - flow_dissector: Fix potential use-after-free on BPF_PROG_DETACH
    - drm/amdgpu: fix dma_fence_wait without reference
    - netfilter: conntrack: make sysctls per-namespace again
    - drm/amd/powerplay: correct Vega20 dpm level related settings
    - libceph: don't call crypto_free_sync_skcipher() on a NULL tfm
    - i2c: iproc: Stop advertising support of SMBUS quick cmd
    - netfilter: nf_flow_table: clear skb tstamp before xmit
    - tools/power turbostat: Fix Haswell Core systems
    - net: aquantia: fix removal of vlan 0
    - net: aquantia: reapply vlan filters on up
    - arm64: dts: renesas: r8a77995: draak: Fix backlight regulator name
    - dmaengine: sprd: Fix the DMA link-list configuration
    - dmaengine: rcar-dmac: Fix DMACHCLR handling if iommu is mapped
    - Revert "arm64: Remove unnecessary ISBs from set_{pte,pmd,pud}"

Date: 2019-11-09 17:35:17.755180+00:00
Changed-By: Stefan Bader <stefan.bader at canonical.com>
Signed-By: Andy Whitcroft <apw at canonical.com>
https://launchpad.net/ubuntu/+source/linux/5.0.0-35.38
-------------- next part --------------
Sorry, changesfile not available.


More information about the Disco-changes mailing list