[ubuntu/xenial-updates] linux-aws 4.4.0-1090.101 (Accepted)
Andy Whitcroft
apw at canonical.com
Tue Aug 13 12:05:43 UTC 2019
linux-aws (4.4.0-1090.101) xenial; urgency=medium
[ Ubuntu: 4.4.0-159.187 ]
* CVE-2019-1125
- x86/cpufeatures: Carve out CQM features retrieval
- x86/cpufeatures: Combine word 11 and 12 into a new scattered features word
- x86/speculation: Prepare entry code for Spectre v1 swapgs mitigations
- x86/speculation: Enable Spectre v1 swapgs mitigations
- x86/entry/64: Use JMP instead of JMPQ
- x86/speculation/swapgs: Exclude ATOMs from speculation through SWAPGS
linux-aws (4.4.0-1089.100) xenial; urgency=medium
* xenial/linux-aws: 4.4.0-1089.100 -proposed tracker (LP: #1837588)
* CVE-2018-5383
- [Config] aws: CRYPTO_ECDH=m
* linux-aws builds modules which are not shipped (LP: #1836706)
- [Packaging] Start shipping modules-extra
[ Ubuntu: 4.4.0-158.186 ]
* xenial/linux: 4.4.0-158.186 -proposed tracker (LP: #1837609)
* Packaging resync (LP: #1786013)
- [Packaging] resync git-ubuntu-log
- [Packaging] update helper scripts
* ixgbe{vf} - Physical Function gets IRQ when VF checks link state
(LP: #1836760)
- ixgbevf: Use cached link state instead of re-reading the value for ethtool
* CVE-2018-5383
- crypto: kpp - Key-agreement Protocol Primitives API (KPP)
- crypto: dh - Add DH software implementation
- crypto: ecdh - Add ECDH software support
- crypto: ecdh - make ecdh_shared_secret unique
- crypto: doc - add KPP documentation
- crypto: kpp, (ec)dh - fix typos
- crypto: ecc - remove unused function arguments
- crypto: ecc - remove unnecessary casts
- crypto: ecc - rename ecdh_make_pub_key()
- crypto: ecdh - add privkey generation support
- crypto: ecc - Fix NULL pointer deref. on no default_rng
- [Config] CRYPTO_ECDH=m
- Bluetooth: convert smp and selftest to crypto kpp API
- crypto: ecdh - add public key verification test
* Xenial update: 4.4.185 upstream stable release (LP: #1836668)
- fs/binfmt_flat.c: make load_flat_shared_library() work
- scsi: vmw_pscsi: Fix use-after-free in pvscsi_queue_lck()
- tracing: Silence GCC 9 array bounds warning
- gcc-9: silence 'address-of-packed-member' warning
- usb: chipidea: udc: workaround for endpoint conflict issue
- Input: uinput - add compat ioctl number translation for UI_*_FF_UPLOAD
- apparmor: enforce nullbyte at end of tag string
- parport: Fix mem leak in parport_register_dev_model
- parisc: Fix compiler warnings in float emulation code
- IB/hfi1: Insure freeze_work work_struct is canceled on shutdown
- MIPS: uprobes: remove set but not used variable 'epc'
- net: hns: Fix loopback test failed at copper ports
- sparc: perf: fix updated event period in response to PERF_EVENT_IOC_PERIOD
- scripts/checkstack.pl: Fix arm64 wrong or unknown architecture
- scsi: ufs: Check that space was properly alloced in copy_query_response
- s390/qeth: fix VLAN attribute in bridge_hostnotify udev event
- hwmon: (pmbus/core) Treat parameters as paged if on multiple pages
- Btrfs: fix race between readahead and device replace/removal
- btrfs: start readahead also in seed devices
- can: flexcan: fix timeout when set small bitrate
- can: purge socket error queue on sock destruct
- ARM: imx: cpuidle-imx6sx: Restrict the SW2ISO increase to i.MX6SX
- Bluetooth: Align minimum encryption key size for LE and BR/EDR connections
- Bluetooth: Fix regression with minimum encryption key size alignment
- SMB3: retry on STATUS_INSUFFICIENT_RESOURCES instead of failing write
- cfg80211: fix memory leak of wiphy device name
- mac80211: drop robust management frames from unknown TA
- perf ui helpline: Use strlcpy() as a shorter form of strncpy() + explicit
set nul
- perf help: Remove needless use of strncpy()
- 9p/rdma: do not disconnect on down_interruptible EAGAIN
- 9p: acl: fix uninitialized iattr access
- 9p/rdma: remove useless check in cm_event_handler
- 9p: p9dirent_read: check network-provided name length
- net/9p: include trans_common.h to fix missing prototype warning.
- ovl: modify ovl_permission() to do checks on two inodes
- x86/speculation: Allow guests to use SSBD even if host does not
- cpu/speculation: Warn on unsupported mitigations= parameter
- sctp: change to hold sk after auth shkey is created successfully
- tipc: change to use register_pernet_device
- tipc: check msg->req data len in tipc_nl_compat_bearer_disable
- team: Always enable vlan tx offload
- ipv4: Use return value of inet_iif() for __raw_v4_lookup in the while loop
- bonding: Always enable vlan tx offload
- net: check before dereferencing netdev_ops during busy poll
- Bluetooth: Fix faulty expression for minimum encryption key size check
- um: Compile with modern headers
- ASoC : cs4265 : readable register too low
- spi: bitbang: Fix NULL pointer dereference in spi_unregister_master
- ASoC: max98090: remove 24-bit format support if RJ is 0
- usb: gadget: fusb300_udc: Fix memory leak of fusb300->ep[i]
- usb: gadget: udc: lpc32xx: allocate descriptor with GFP_ATOMIC
- scsi: hpsa: correct ioaccel2 chaining
- ARC: Assume multiplier is always present
- ARC: fix build warning in elf.h
- MIPS: math-emu: do not use bools for arithmetic
- mfd: omap-usb-tll: Fix register offsets
- swiotlb: Make linux/swiotlb.h standalone includible
- bug.h: work around GCC PR82365 in BUG()
- MIPS: Workaround GCC __builtin_unreachable reordering bug
- ptrace: Fix ->ptracer_cred handling for PTRACE_TRACEME
- crypto: user - prevent operating on larval algorithms
- ALSA: seq: fix incorrect order of dest_client/dest_ports arguments
- ALSA: firewire-lib/fireworks: fix miss detection of received MIDI messages
- ALSA: usb-audio: fix sign unintended sign extension on left shifts
- lib/mpi: Fix karactx leak in mpi_powm
- btrfs: Ensure replaced device doesn't have pending chunk allocation
- tty: rocket: fix incorrect forward declaration of 'rp_init()'
- ARC: handle gcc generated __builtin_trap for older compiler
- arm64, vdso: Define vdso_{start,end} as array
- KVM: x86: degrade WARN to pr_warn_ratelimited
- dmaengine: imx-sdma: remove BD_INTR for channel0
- Linux 4.4.185
* Xenial update: 4.4.184 upstream stable release (LP: #1836667)
- Linux 4.4.184
* Xenial update: 4.4.183 upstream stable release (LP: #1836666)
- fs/fat/file.c: issue flush after the writeback of FAT
- sysctl: return -EINVAL if val violates minmax
- ipc: prevent lockup on alloc_msg and free_msg
- hugetlbfs: on restore reserve error path retain subpool reservation
- mm/cma.c: fix crash on CMA allocation if bitmap allocation fails
- mm/cma_debug.c: fix the break condition in cma_maxchunk_get()
- kernel/sys.c: prctl: fix false positive in validate_prctl_map()
- mfd: intel-lpss: Set the device in reset state when init
- mfd: twl6040: Fix device init errors for ACCCTL register
- perf/x86/intel: Allow PEBS multi-entry in watermark mode
- drm/bridge: adv7511: Fix low refresh rate selection
- ntp: Allow TAI-UTC offset to be set to zero
- f2fs: fix to avoid panic in do_recover_data()
- f2fs: fix to do sanity check on valid block count of segment
- iommu/vt-d: Set intel_iommu_gfx_mapped correctly
- ALSA: hda - Register irq handler after the chip initialization
- nvmem: core: fix read buffer in place
- fuse: retrieve: cap requested size to negotiated max_write
- nfsd: allow fh_want_write to be called twice
- x86/PCI: Fix PCI IRQ routing table memory leak
- platform/chrome: cros_ec_proto: check for NULL transfer function
- soc: mediatek: pwrap: Zero initialize rdata in pwrap_init_cipher
- clk: rockchip: Turn on "aclk_dmac1" for suspend on rk3288
- ARM: dts: imx6sx: Specify IMX6SX_CLK_IPG as "ahb" clock to SDMA
- ARM: dts: imx6sx: Specify IMX6SX_CLK_IPG as "ipg" clock to SDMA
- ARM: dts: imx6qdl: Specify IMX6QDL_CLK_IPG as "ipg" clock to SDMA
- PCI: rpadlpar: Fix leaked device_node references in add/remove paths
- PCI: rcar: Fix a potential NULL pointer dereference
- video: hgafb: fix potential NULL pointer dereference
- video: imsttfb: fix potential NULL pointer dereferences
- PCI: xilinx: Check for __get_free_pages() failure
- gpio: gpio-omap: add check for off wake capable gpios
- dmaengine: idma64: Use actual device for DMA transfers
- pwm: tiehrpwm: Update shadow register for disabling PWMs
- ARM: dts: exynos: Always enable necessary APIO_1V8 and ABB_1V8 regulators on
Arndale Octa
- pwm: Fix deadlock warning when removing PWM device
- ARM: exynos: Fix undefined instruction during Exynos5422 resume
- futex: Fix futex lock the wrong page
- ALSA: seq: Cover unsubscribe_port() in list_mutex
- libata: Extend quirks for the ST1000LM024 drives with NOLPM quirk
- mm/list_lru.c: fix memory leak in __memcg_init_list_lru_node
- fs/ocfs2: fix race in ocfs2_dentry_attach_lock()
- signal/ptrace: Don't leak unitialized kernel memory with PTRACE_PEEK_SIGINFO
- ptrace: restore smp_rmb() in __ptrace_may_access()
- i2c: acorn: fix i2c warning
- bcache: fix stack corruption by PRECEDING_KEY()
- cgroup: Use css_tryget() instead of css_tryget_online() in task_get_css()
- ASoC: cs42xx8: Add regcache mask dirty
- Drivers: misc: fix out-of-bounds access in function param_set_kgdbts_var
- scsi: lpfc: add check for loss of ndlp when sending RRQ
- scsi: bnx2fc: fix incorrect cast to u64 on shift operation
- usbnet: ipheth: fix racing condition
- KVM: x86/pmu: do not mask the value that is written to fixed PMUs
- KVM: s390: fix memory slot handling for KVM_SET_USER_MEMORY_REGION
- drm/vmwgfx: integer underflow in vmw_cmd_dx_set_shader() leading to an
invalid read
- drm/vmwgfx: NULL pointer dereference from vmw_cmd_dx_view_define()
- USB: Fix chipmunk-like voice when using Logitech C270 for recording audio.
- USB: usb-storage: Add new ID to ums-realtek
- USB: serial: pl2303: add Allied Telesis VT-Kit3
- USB: serial: option: add support for Simcom SIM7500/SIM7600 RNDIS mode
- USB: serial: option: add Telit 0x1260 and 0x1261 compositions
- ax25: fix inconsistent lock state in ax25_destroy_timer
- be2net: Fix number of Rx queues used for flow hashing
- ipv6: flowlabel: fl6_sock_lookup() must use atomic_inc_not_zero
- lapb: fixed leak of control-blocks.
- neigh: fix use-after-free read in pneigh_get_next
- sunhv: Fix device naming inconsistency between sunhv_console and sunhv_reg
- mISDN: make sure device name is NUL terminated
- x86/CPU/AMD: Don't force the CPB cap when running under a hypervisor
- perf/ring_buffer: Fix exposing a temporarily decreased data_head
- perf/ring_buffer: Add ordering to rb->nest increment
- gpio: fix gpio-adp5588 build errors
- net: tulip: de4x5: Drop redundant MODULE_DEVICE_TABLE()
- i2c: dev: fix potential memory leak in i2cdev_ioctl_rdwr
- configfs: Fix use-after-free when accessing sd->s_dentry
- ia64: fix build errors by exporting paddr_to_nid()
- KVM: PPC: Book3S: Use new mutex to synchronize access to rtas token list
- net: sh_eth: fix mdio access in sh_eth_close() for R-Car Gen2 and RZ/A1 SoCs
- scsi: libcxgbi: add a check for NULL pointer in cxgbi_check_route()
- scsi: libsas: delete sas port if expander discover failed
- Revert "crypto: crypto4xx - properly set IV after de- and encrypt"
- coredump: fix race condition between mmget_not_zero()/get_task_mm() and core
dumping
- Abort file_remove_privs() for non-reg. files
- Linux 4.4.183
* CVE-2019-12614
- powerpc/pseries/dlpar: Fix a missing check in dlpar_parse_cc_property()
* bnx2x driver causes 100% CPU load (LP: #1832082)
- bnx2x: Prevent ptp_task to be rescheduled indefinitely
* Xenial update: 4.4.182 upstream stable release (LP: #1836665)
- Linux 4.4.182
* Xenial kernel 4.4.0-155.182 fails to build perf with libnuma (LP: #1836585)
- Revert "UBUNTU: SAUCE: perf/bench: Drop definition of BIT in numa.c"
* CVE-2019-10126
- mwifiex: Fix heap overflow in mwifiex_uap_parse_tail_ies()
* CVE-2019-3846
- mwifiex: Fix possible buffer overflows at parsing bss descriptor
[ Ubuntu: 4.4.0-157.185 ]
* linux: 4.4.0-157.185 -proposed tracker (LP: #1837476)
* systemd 229-4ubuntu21.22 ADT test failure with linux 4.4.0-156.183 (storage)
(LP: #1837235)
- Revert "block/bio: Do not zero user pages"
- Revert "block: Clear kernel memory before copying to user"
- Revert "bio_copy_from_iter(): get rid of copying iov_iter"
[ Ubuntu: 4.4.0-156.183 ]
* linux: 4.4.0-156.183 -proposed tracker (LP: #1836880)
* BCM43602 802.11ac Wireless regression - PCI ID 14e4:43ba (LP: #1836801)
- brcmfmac: add eth_type_trans back for PCIe full dongle
[ Ubuntu: 4.4.0-155.182 ]
* linux: 4.4.0-155.182 -proposed tracker (LP: #1834918)
* Geneve tunnels don't work when ipv6 is disabled (LP: #1794232)
- geneve: correctly handle ipv6.disable module parameter
* Kernel modules generated incorrectly when system is localized to a non-
English language (LP: #1828084)
- scripts: override locale from environment when running recordmcount.pl
* Handle overflow in proc_get_long of sysctl (LP: #1833935)
- sysctl: handle overflow in proc_get_long
* Xenial update: 4.4.181 upstream stable release (LP: #1832661)
- x86/speculation/mds: Revert CPU buffer clear on double fault exit
- x86/speculation/mds: Improve CPU buffer clear documentation
- ARM: exynos: Fix a leaked reference by adding missing of_node_put
- crypto: vmx - fix copy-paste error in CTR mode
- crypto: crct10dif-generic - fix use via crypto_shash_digest()
- crypto: x86/crct10dif-pcl - fix use via crypto_shash_digest()
- ALSA: usb-audio: Fix a memory leak bug
- ALSA: hda/hdmi - Consider eld_valid when reporting jack event
- ALSA: hda/realtek - EAPD turn on later
- ASoC: max98090: Fix restore of DAPM Muxes
- ASoC: RT5677-SPI: Disable 16Bit SPI Transfers
- mm/mincore.c: make mincore() more conservative
- ocfs2: fix ocfs2 read inode data panic in ocfs2_iget
- mfd: da9063: Fix OTP control register names to match datasheets for
DA9063/63L
- tty/vt: fix write/write race in ioctl(KDSKBSENT) handler
- ext4: actually request zeroing of inode table after grow
- ext4: fix ext4_show_options for file systems w/o journal
- Btrfs: do not start a transaction at iterate_extent_inodes()
- bcache: fix a race between cache register and cacheset unregister
- bcache: never set KEY_PTRS of journal key to 0 in journal_reclaim()
- ipmi:ssif: compare block number correctly for multi-part return messages
- crypto: gcm - Fix error return code in crypto_gcm_create_common()
- crypto: gcm - fix incompatibility between "gcm" and "gcm_base"
- crypto: chacha20poly1305 - set cra_name correctly
- crypto: salsa20 - don't access already-freed walk.iv
- crypto: arm/aes-neonbs - don't access already-freed walk.iv
- writeback: synchronize sync(2) against cgroup writeback membership switches
- fs/writeback.c: use rcu_barrier() to wait for inflight wb switches going
into workqueue when umount
- ALSA: hda/realtek - Fix for Lenovo B50-70 inverted internal microphone bug
- KVM: x86: Skip EFER vs. guest CPUID checks for host-initiated writes
- net: avoid weird emergency message
- net/mlx4_core: Change the error print to info print
- ppp: deflate: Fix possible crash in deflate_init
- tipc: switch order of device registration to fix a crash
- tipc: fix modprobe tipc failed after switch order of device registration
- stm class: Fix channel free in stm output free path
- md: add mddev->pers to avoid potential NULL pointer dereference
- intel_th: msu: Fix single mode with IOMMU
- of: fix clang -Wunsequenced for be32_to_cpu()
- cifs: fix strcat buffer overflow and reduce raciness in
smb21_set_oplock_level()
- media: ov6650: Fix sensor possibly not detected on probe
- NFS4: Fix v4.0 client state corruption when mount
- clk: tegra: Fix PLLM programming on Tegra124+ when PMC overrides divider
- fuse: fix writepages on 32bit
- fuse: honor RLIMIT_FSIZE in fuse_file_fallocate
- iommu/tegra-smmu: Fix invalid ASID bits on Tegra30/114
- ceph: flush dirty inodes before proceeding with remount
- tracing: Fix partial reading of trace event's id file
- memory: tegra: Fix integer overflow on tick value calculation
- perf intel-pt: Fix instructions sampling rate
- perf intel-pt: Fix improved sample timestamp
- perf intel-pt: Fix sample timestamp wrt non-taken branches
- fbdev: sm712fb: fix brightness control on reboot, don't set SR30
- fbdev: sm712fb: fix VRAM detection, don't set SR70/71/74/75
- fbdev: sm712fb: fix white screen of death on reboot, don't set CR3B-CR3F
- fbdev: sm712fb: fix boot screen glitch when sm712fb replaces VGA
- fbdev: sm712fb: fix crashes during framebuffer writes by correctly mapping
VRAM
- fbdev: sm712fb: fix support for 1024x768-16 mode
- fbdev: sm712fb: use 1024x768 by default on non-MIPS, fix garbled display
- fbdev: sm712fb: fix crashes and garbled display during DPMS modesetting
- PCI: Mark Atheros AR9462 to avoid bus reset
- dm delay: fix a crash when invalid device is specified
- xfrm: policy: Fix out-of-bound array accesses in __xfrm_policy_unlink
- xfrm6_tunnel: Fix potential panic when unloading xfrm6_tunnel module
- vti4: ipip tunnel deregistration fixes.
- xfrm4: Fix uninitialized memory read in _decode_session4
- KVM: arm/arm64: Ensure vcpu target is unset on reset failure
- power: supply: sysfs: prevent endless uevent loop with
CONFIG_POWER_SUPPLY_DEBUG
- ufs: fix braino in ufs_get_inode_gid() for solaris UFS flavour
- perf bench numa: Add define for RUSAGE_THREAD if not present
- Revert "Don't jump to compute_result state from check_result state"
- md/raid: raid5 preserve the writeback action after the parity check
- btrfs: Honour FITRIM range constraints during free space trim
- fbdev: sm712fb: fix memory frequency by avoiding a switch/case fallthrough
- ext4: do not delete unlinked inode from orphan list on failed truncate
- KVM: x86: fix return value for reserved EFER
- bio: fix improper use of smp_mb__before_atomic()
- Revert "scsi: sd: Keep disk read-only when re-reading partition"
- crypto: vmx - CTR: always increment IV as quadword
- gfs2: Fix sign extension bug in gfs2_update_stats
- Btrfs: fix race between ranged fsync and writeback of adjacent ranges
- btrfs: sysfs: don't leak memory when failing add fsid
- fbdev: fix divide error in fb_var_to_videomode
- hugetlb: use same fault hash key for shared and private mappings
- fbdev: fix WARNING in __alloc_pages_nodemask bug
- media: cpia2: Fix use-after-free in cpia2_exit
- media: vivid: use vfree() instead of kfree() for dev->bitmap_cap
- ssb: Fix possible NULL pointer dereference in ssb_host_pcmcia_exit
- at76c50x-usb: Don't register led_trigger if usb_register_driver failed
- perf tools: No need to include bitops.h in util.h
- gfs2: Fix lru_count going negative
- cxgb4: Fix error path in cxgb4_init_module
- mmc: core: Verify SD bus width
- powerpc/boot: Fix missing check of lseek() return value
- ASoC: imx: fix fiq dependencies
- spi: pxa2xx: fix SCR (divisor) calculation
- brcm80211: potential NULL dereference in
brcmf_cfg80211_vndr_cmds_dcmd_handler()
- rtc: 88pm860x: prevent use-after-free on device remove
- w1: fix the resume command API
- dmaengine: pl330: _stop: clear interrupt status
- mac80211/cfg80211: update bss channel on channel switch
- ASoC: fsl_sai: Update is_slave_mode with correct value
- mwifiex: prevent an array overflow
- net: cw1200: fix a NULL pointer dereference
- bcache: return error immediately in bch_journal_replay()
- bcache: fix failure in journal relplay
- bcache: add failure check to run_cache_set() for journal replay
- bcache: avoid clang -Wunintialized warning
- x86/build: Move _etext to actual end of .text
- smpboot: Place the __percpu annotation correctly
- x86/mm: Remove in_nmi() warning from 64-bit implementation of
vmalloc_fault()
- mm/uaccess: Use 'unsigned long' to placate UBSAN warnings on older GCC
versions
- HID: logitech-hidpp: use RAP instead of FAP to get the protocol version
- pinctrl: pistachio: fix leaked of_node references
- dmaengine: at_xdmac: remove BUG_ON macro in tasklet
- media: coda: clear error return value before picture run
- media: ov6650: Move v4l2_clk_get() to ov6650_video_probe() helper
- media: au0828: stop video streaming only when last user stops
- media: ov2659: make S_FMT succeed even if requested format doesn't match
- audit: fix a memory leak bug
- media: au0828: Fix NULL pointer dereference in au0828_analog_stream_enable()
- media: pvrusb2: Prevent a buffer overflow
- powerpc/numa: improve control of topology updates
- sched/core: Check quota and period overflow at usec to nsec conversion
- sched/core: Handle overflow in cpu_shares_write_u64
- USB: core: Don't unbind interfaces following device reset failure
- x86/irq/64: Limit IST stack overflow check to #DB stack
- i40e: don't allow changes to HW VLAN stripping on active port VLANs
- RDMA/cxgb4: Fix null pointer dereference on alloc_skb failure
- hwmon: (vt1211) Use request_muxed_region for Super-IO accesses
- hwmon: (smsc47m1) Use request_muxed_region for Super-IO accesses
- hwmon: (smsc47b397) Use request_muxed_region for Super-IO accesses
- hwmon: (pc87427) Use request_muxed_region for Super-IO accesses
- hwmon: (f71805f) Use request_muxed_region for Super-IO accesses
- scsi: libsas: Do discovery on empty PHY to update PHY info
- mmc_spi: add a status check for spi_sync_locked
- mmc: sdhci-of-esdhc: add erratum eSDHC5 support
- mmc: sdhci-of-esdhc: add erratum eSDHC-A001 and A-008358 support
- PM / core: Propagate dev->power.wakeup_path when no callbacks
- extcon: arizona: Disable mic detect if running when driver is removed
- s390: cio: fix cio_irb declaration
- cpufreq: ppc_cbe: fix possible object reference leak
- cpufreq/pasemi: fix possible object reference leak
- cpufreq: pmac32: fix possible object reference leak
- x86/build: Keep local relocations with ld.lld
- iio: ad_sigma_delta: Properly handle SPI bus locking vs CS assertion
- iio: hmc5843: fix potential NULL pointer dereferences
- iio: common: ssp_sensors: Initialize calculated_time in
ssp_common_process_data
- rtlwifi: fix a potential NULL pointer dereference
- brcmfmac: fix missing checks for kmemdup
- b43: shut up clang -Wuninitialized variable warning
- brcmfmac: convert dev_init_lock mutex to completion
- brcmfmac: fix race during disconnect when USB completion is in progress
- scsi: ufs: Fix regulator load and icc-level configuration
- scsi: ufs: Avoid configuring regulator with undefined voltage range
- arm64: cpu_ops: fix a leaked reference by adding missing of_node_put
- x86/ia32: Fix ia32_restore_sigcontext() AC leak
- chardev: add additional check for minor range overlap
- HID: core: move Usage Page concatenation to Main item
- ASoC: eukrea-tlv320: fix a leaked reference by adding missing of_node_put
- ASoC: fsl_utils: fix a leaked reference by adding missing of_node_put
- cxgb3/l2t: Fix undefined behaviour
- spi: tegra114: reset controller on probe
- media: wl128x: prevent two potential buffer overflows
- virtio_console: initialize vtermno value for ports
- tty: ipwireless: fix missing checks for ioremap
- rcutorture: Fix cleanup path for invalid torture_type strings
- usb: core: Add PM runtime calls to usb_hcd_platform_shutdown
- scsi: qla4xxx: avoid freeing unallocated dma memory
- media: m88ds3103: serialize reset messages in m88ds3103_set_frontend
- media: go7007: avoid clang frame overflow warning with KASAN
- media: saa7146: avoid high stack usage with clang
- scsi: lpfc: Fix SLI3 commands being issued on SLI4 devices
- spi : spi-topcliff-pch: Fix to handle empty DMA buffers
- spi: rspi: Fix sequencer reset during initialization
- spi: Fix zero length xfer bug
- ASoC: davinci-mcasp: Fix clang warning without CONFIG_PM
- ipv6: Consider sk_bound_dev_if when binding a raw socket to an address
- llc: fix skb leak in llc_build_and_send_ui_pkt()
- net-gro: fix use-after-free read in napi_gro_frags()
- net: stmmac: fix reset gpio free missing
- usbnet: fix kernel crash after disconnect
- tipc: Avoid copying bytes beyond the supplied data
- bnxt_en: Fix aggregation buffer leak under OOM condition.
- net: mvpp2: fix bad MVPP2_TXQ_SCHED_TOKEN_CNTR_REG queue value
- crypto: vmx - ghash: do nosimd fallback manually
- xen/pciback: Don't disable PCI_COMMAND on PCI device reset.
- Revert "tipc: fix modprobe tipc failed after switch order of device
registration"
- tipc: fix modprobe tipc failed after switch order of device registration -v2
- sparc64: Fix regression in non-hypervisor TLB flush xcall
- include/linux/bitops.h: sanitize rotate primitives
- xhci: Convert xhci_handshake() to use readl_poll_timeout_atomic()
- usb: xhci: avoid null pointer deref when bos field is NULL
- USB: Fix slab-out-of-bounds write in usb_get_bos_descriptor
- USB: sisusbvga: fix oops in error path of sisusb_probe
- USB: Add LPM quirk for Surface Dock GigE adapter
- USB: rio500: refuse more than one device at a time
- USB: rio500: fix memory leak in close after disconnect
- media: usb: siano: Fix general protection fault in smsusb
- media: usb: siano: Fix false-positive "uninitialized variable" warning
- media: smsusb: better handle optional alignment
- scsi: zfcp: fix missing zfcp_port reference put on -EBUSY from port_remove
- scsi: zfcp: fix to prevent port_remove with pure auto scan LUNs (only sdevs)
- Btrfs: fix race updating log root item during fsync
- ALSA: hda/realtek - Set default power save node to 0
- drm/nouveau/i2c: Disable i2c bus access after ->fini()
- tty: serial: msm_serial: Fix XON/XOFF
- tty: max310x: Fix external crystal register setup
- memcg: make it work on sparse non-0-node systems
- kernel/signal.c: trace_signal_deliver when signal_group_exit
- CIFS: cifs_read_allocate_pages: don't iterate through whole page array on
ENOMEM
- binder: Replace "%p" with "%pK" for stable
- binder: replace "%p" with "%pK"
- brcmfmac: Add length checks on firmware events
- brcmfmac: screening firmware event packet
- brcmfmac: revise handling events in receive path
- brcmfmac: fix incorrect event channel deduction
- brcmfmac: add length checks in scheduled scan result handler
- brcmfmac: add subtype check for event handling in data path
- userfaultfd: don't pin the user memory in userfaultfd_file_create()
- Revert "x86/build: Move _etext to actual end of .text"
- net: cdc_ncm: GetNtbFormat endian fix
- usb: gadget: fix request length error for isoc transfer
- media: uvcvideo: Fix uvc_alloc_entity() allocation alignment
- ethtool: fix potential userspace buffer overflow
- neighbor: Call __ipv4_neigh_lookup_noref in neigh_xmit
- net/mlx4_en: ethtool, Remove unsupported SFP EEPROM high pages query
- net: rds: fix memory leak in rds_ib_flush_mr_pool
- pktgen: do not sleep with the thread lock held.
- rcu: locking and unlocking need to always be at least barriers
- parisc: Use implicit space register selection for loading the coherence
index of I/O pdirs
- fuse: fallocate: fix return with locked inode
- MIPS: pistachio: Build uImage.gz by default
- genwqe: Prevent an integer overflow in the ioctl
- drm/gma500/cdv: Check vbt config bits when detecting lvds panels
- fs: stream_open - opener for stream-like files so that read and write can
run simultaneously without deadlock
- fuse: Add FOPEN_STREAM to use stream_open()
- ipv4: Define __ipv4_neigh_lookup_noref when CONFIG_INET is disabled
- ethtool: check the return value of get_regs_len
- Linux 4.4.181
* CVE-2019-2054
- arm/ptrace: run seccomp after ptrace
* CVE-2018-12126 // CVE-2018-12127 // CVE-2018-12130
- x86/speculation: Remove redundant arch_smt_update() invocation
* Revert x86/vdso linker changes from #1830890 as this causes glibc
2.29-0ubuntu3 FTBFS on eoan (LP: #1834315)
- Revert "x86/vdso: Pass --eh-frame-hdr to the linker"
- Revert "x86: vdso: Use $LD instead of $CC to link"
* CONFIG_LOG_BUF_SHIFT set to 14 is too low on arm64 (LP: #1824864)
- [Config] CONFIG_LOG_BUF_SHIFT=18 on all 64bit arches
* CVE-2019-11833
- ext4: zero out the unused memory region in the extent tree block
* idle-page oopses when accessing page frames that are out of range
(LP: #1833410)
- mm/page_idle.c: fix oops because end_pfn is larger than max_pfn
* Performance degradation when copying from LVM snapshot backed by NVMe disk
(LP: #1833319)
- NVMe: Allow request merges
* Bluetooth regressions with Xenial kernel 4.4.0-152.179 (LP: #1833698)
- Revert "Bluetooth: Align minimum encryption key size for LE and BR/EDR
connections"
* 4.4.0-145-generic Kernel Panic ip6_expire_frag_queue (LP: #1824687)
- SAUCE: ipv6: frags: fix skb extraction in ip6_expire_frag_queue()
* [Xenial] Customer can not SSH to Linux VM due to "VSC State Unhealthy"
(LP: #1826416)
- vmbus: fix missing signaling in hv_signal_on_read()
* Xenial update: 4.4.180 upstream stable release (LP: #1830176)
- kbuild: simplify ld-option implementation
- KVM: fail KVM_SET_VCPU_EVENTS with invalid exception number
- cifs: do not attempt cifs operation on smb2+ rename error
- MIPS: scall64-o32: Fix indirect syscall number load
- trace: Fix preempt_enable_no_resched() abuse
- sched/numa: Fix a possible divide-by-zero
- ceph: ensure d_name stability in ceph_dentry_hash()
- ceph: fix ci->i_head_snapc leak
- nfsd: Don't release the callback slot unless it was actually held
- sunrpc: don't mark uninitialised items as VALID.
- USB: Add new USB LPM helpers
- USB: Consolidate LPM checks to avoid enabling LPM twice
- powerpc/xmon: Add RFI flush related fields to paca dump
- powerpc/64s: Improve RFI L1-D cache flush fallback
- powerpc/64s: Fix section mismatch warnings from setup_rfi_flush()
- Revert "UBUNTU: SAUCE: powerpc/64s: Add support for a store forwarding
barrier at kernel entry/exit"
- powerpc/64s: Add support for a store forwarding barrier at kernel entry/exit
- powerpc/64s: Add barrier_nospec
- powerpc/64s: Add support for ori barrier_nospec patching
- powerpc/64s: Patch barrier_nospec in modules
- powerpc/64s: Enable barrier_nospec based on firmware settings
- powerpc/64: Use barrier_nospec in syscall entry
- powerpc: Use barrier_nospec in copy_from_user()
- powerpc/64s: Enhance the information in cpu_show_spectre_v1()
- powerpc64s: Show ori31 availability in spectre_v1 sysfs file not v2
- powerpc/64: Disable the speculation barrier from the command line
- powerpc/64: Make stf barrier PPC_BOOK3S_64 specific.
- powerpc/64: Add CONFIG_PPC_BARRIER_NOSPEC
- powerpc/64: Call setup_barrier_nospec() from setup_arch()
- powerpc/64: Make meltdown reporting Book3S 64 specific
- powerpc/fsl: Add barrier_nospec implementation for NXP PowerPC Book3E
- powerpc/asm: Add a patch_site macro & helpers for patching instructions
- powerpc/64s: Add new security feature flags for count cache flush
- powerpc/64s: Add support for software count cache flush
- powerpc/pseries: Query hypervisor for count cache flush settings
- powerpc/powernv: Query firmware for count cache flush settings
- powerpc: Avoid code patching freed init sections
- powerpc/fsl: Add infrastructure to fixup branch predictor flush
- powerpc/fsl: Add macro to flush the branch predictor
- powerpc/fsl: Fix spectre_v2 mitigations reporting
- powerpc/fsl: Add nospectre_v2 command line argument
- powerpc/fsl: Flush the branch predictor at each kernel entry (64bit)
- powerpc/fsl: Update Spectre v2 reporting
- powerpc/security: Fix spectre_v2 reporting
- powerpc/fsl: Fix the flush of branch predictor.
- tipc: handle the err returned from cmd header function
- slip: make slhc_free() silently accept an error pointer
- intel_th: gth: Fix an off-by-one in output unassigning
- fs/proc/proc_sysctl.c: Fix a NULL pointer dereference
- NFS: Forbid setting AF_INET6 to "struct sockaddr_in"->sin_family.
- netfilter: ebtables: CONFIG_COMPAT: drop a bogus WARN_ON
- tipc: check bearer name with right length in tipc_nl_compat_bearer_enable
- tipc: check link name with right length in tipc_nl_compat_link_set
- bpf: reject wrong sized filters earlier
- Revert "block/loop: Use global lock for ioctl() operation."
- ipv4: add sanity checks in ipv4_link_failure()
- team: fix possible recursive locking when add slaves
- net: stmmac: move stmmac_check_ether_addr() to driver probe
- ipv4: set the tcp_min_rtt_wlen range from 0 to one day
- powerpc/fsl: Enable runtime patching if nospectre_v2 boot arg is used
- powerpc/fsl: Flush branch predictor when entering KVM
- powerpc/fsl: Emulate SPRN_BUCSR register
- powerpc/fsl: Flush the branch predictor at each kernel entry (32 bit)
- powerpc/fsl: Sanitize the syscall table for NXP PowerPC 32 bit platforms
- powerpc/fsl: Fixed warning: orphan section `__btb_flush_fixup'
- powerpc/fsl: Add FSL_PPC_BOOK3E as supported arch for nospectre_v2 boot arg
- Documentation: Add nospectre_v1 parameter
- usbnet: ipheth: prevent TX queue timeouts when device not ready
- usbnet: ipheth: fix potential null pointer dereference in ipheth_carrier_set
- qlcnic: Avoid potential NULL pointer dereference
- netfilter: bridge: set skb transport_header before entering
NF_INET_PRE_ROUTING
- sc16is7xx: missing unregister/delete driver on error in sc16is7xx_init()
- usb: gadget: net2280: Fix overrun of OUT messages
- usb: gadget: net2280: Fix net2280_dequeue()
- usb: gadget: net2272: Fix net2272_dequeue()
- ARM: dts: pfla02: increase phy reset duration
- net: ks8851: Dequeue RX packets explicitly
- net: ks8851: Reassert reset pin if chip ID check fails
- net: ks8851: Delay requesting IRQ until opened
- net: ks8851: Set initial carrier state to down
- net: xilinx: fix possible object reference leak
- net: ibm: fix possible object reference leak
- net: ethernet: ti: fix possible object reference leak
- scsi: qla4xxx: fix a potential NULL pointer dereference
- usb: u132-hcd: fix resource leak
- ceph: fix use-after-free on symlink traversal
- scsi: zfcp: reduce flood of fcrscn1 trace records on multi-element RSCN
- libata: fix using DMA buffers on stack
- kconfig/[mn]conf: handle backspace (^H) key
- ALSA: line6: use dynamic buffers
- ipv4: ip_do_fragment: Preserve skb_iif during fragmentation
- ipv6/flowlabel: wait rcu grace period before put_pid()
- ipv6: invert flowlabel sharing check in process and user mode
- bnxt_en: Improve multicast address setup logic.
- packet: validate msg_namelen in send directly
- USB: yurex: Fix protection fault after device removal
- USB: w1 ds2490: Fix bug caused by improper use of altsetting array
- USB: core: Fix unterminated string returned by usb_string()
- USB: core: Fix bug caused by duplicate interface PM usage counter
- HID: debug: fix race condition with between rdesc_show() and device removal
- rtc: sh: Fix invalid alarm warning for non-enabled alarm
- bonding: show full hw address in sysfs for slave entries
- jffs2: fix use-after-free on symlink traversal
- debugfs: fix use-after-free on symlink traversal
- rtc: da9063: set uie_unsupported when relevant
- vfio/pci: use correct format characters
- scsi: storvsc: Fix calculation of sub-channel count
- net: hns: Use NAPI_POLL_WEIGHT for hns driver
- net: hns: Fix WARNING when remove HNS driver with SMMU enabled
- hugetlbfs: fix memory leak for resv_map
- xsysace: Fix error handling in ace_setup
- ARM: orion: don't use using 64-bit DMA masks
- ARM: iop: don't use using 64-bit DMA masks
- usb: usbip: fix isoc packet num validation in get_pipe
- staging: iio: adt7316: allow adt751x to use internal vref for all dacs
- staging: iio: adt7316: fix the dac read calculation
- staging: iio: adt7316: fix the dac write calculation
- Input: snvs_pwrkey - initialize necessary driver data before enabling IRQ
- selinux: never allow relabeling on context mounts
- x86/mce: Improve error message when kernel cannot recover, p2
- media: v4l2: i2c: ov7670: Fix PLL bypass register values
- scsi: libsas: fix a race condition when smp task timeout
- ASoC:soc-pcm:fix a codec fixup issue in TDM case
- ASoC: cs4270: Set auto-increment bit for register writes
- ASoC: tlv320aic32x4: Fix Common Pins
- perf/x86/intel: Fix handling of wakeup_events for multi-entry PEBS
- scsi: csiostor: fix missing data copy in csio_scsi_err_handler()
- iommu/amd: Set exclusion range correctly
- genirq: Prevent use-after-free and work list corruption
- usb: dwc3: Fix default lpm_nyet_threshold value
- scsi: qla2xxx: Fix incorrect region-size setting in optrom SYSFS routines
- Bluetooth: hidp: fix buffer overflow
- Bluetooth: Align minimum encryption key size for LE and BR/EDR connections
- UAS: fix alignment of scatter/gather segments
- ipv6: fix a potential deadlock in do_ipv6_setsockopt()
- ASoC: Intel: avoid Oops if DMA setup fails
- timer/debug: Change /proc/timer_stats from 0644 to 0600
- netfilter: compat: initialize all fields in xt_init
- platform/x86: sony-laptop: Fix unintentional fall-through
- iio: adc: xilinx: fix potential use-after-free on remove
- HID: input: add mapping for Expose/Overview key
- HID: input: add mapping for keyboard Brightness Up/Down/Toggle keys
- libnvdimm/btt: Fix a kmemdup failure check
- s390/dasd: Fix capacity calculation for large volumes
- s390/3270: fix lockdep false positive on view->lock
- KVM: x86: avoid misreporting level-triggered irqs as edge-triggered in
tracing
- tools lib traceevent: Fix missing equality check for strcmp
- init: initialize jump labels before command line option parsing
- ipvs: do not schedule icmp errors from tunnels
- s390: ctcm: fix ctcm_new_device error return code
- gpu: ipu-v3: dp: fix CSC handling
- cw1200: fix missing unlock on error in cw1200_hw_scan()
- Don't jump to compute_result state from check_result state
- x86/microcode/intel: Add a helper which gives the microcode revision
- x86: stop exporting msr-index.h to userland
- x86/microcode/intel: Check microcode revision before updating sibling
threads
- x86/MCE: Save microcode revision in machine check records
- x86/bugs: Add AMD's variant of SSB_NO
- x86/bugs: Add AMD's SPEC_CTRL MSR usage
- x86/bugs: Switch the selection of mitigation from CPU vendor to CPU features
- x86/bugs: Fix the AMD SSBD usage of the SPEC_CTRL MSR
- x86/microcode: Make sure boot_cpu_data.microcode is up-to-date
- x86/microcode: Update the new microcode revision unconditionally
- x86/mm: Use WRITE_ONCE() when setting PTEs
- x86/speculation: Apply IBPB more strictly to avoid cross-process data leak
- x86/speculation: Enable cross-hyperthread spectre v2 STIBP mitigation
- x86/speculation: Propagate information about RSB filling mitigation to sysfs
- x86/speculation: Update the TIF_SSBD comment
- x86/speculation: Clean up spectre_v2_parse_cmdline()
- x86/speculation: Move STIPB/IBPB string conditionals out of
cpu_show_common()
- x86/speculation: Disable STIBP when enhanced IBRS is in use
- x86/speculation: Rename SSBD update functions
- x86/speculation: Reorganize speculation control MSRs update
- x86/Kconfig: Select SCHED_SMT if SMP enabled
- x86/speculation: Mark string arrays const correctly
- x86/speculataion: Mark command line parser data __initdata
- x86/speculation: Add command line control for indirect branch speculation
- x86/speculation: Prepare for per task indirect branch speculation control
- x86/process: Consolidate and simplify switch_to_xtra() code
- x86/speculation: Avoid __switch_to_xtra() calls
- x86/speculation: Prepare for conditional IBPB in switch_mm()
- x86/speculation: Split out TIF update
- x86/speculation: Prepare arch_smt_update() for PRCTL mode
- x86/speculation: Prevent stale SPEC_CTRL msr content
- x86/speculation: Add prctl() control for indirect branch speculation
- x86/speculation: Enable prctl mode for spectre_v2_user
- x86/speculation: Add seccomp Spectre v2 user space protection mode
- x86/speculation: Provide IBPB always command line options
- x86/cpu/bugs: Use __initconst for 'const' init data
- USB: serial: use variable for status
- USB: serial: fix unthrottle races
- bridge: Fix error path for kobject_init_and_add()
- net: ucc_geth - fix Oops when changing number of buffers in the ring
- packet: Fix error path in packet_init
- vlan: disable SIOCSHWTSTAMP in container
- vrf: sit mtu should not be updated when vrf netdev is the link
- ipv4: Fix raw socket lookup for local traffic
- bonding: fix arp_validate toggling in active-backup mode
- drivers/virt/fsl_hypervisor.c: dereferencing error pointers in ioctl
- drivers/virt/fsl_hypervisor.c: prevent integer overflow in ioctl
- powerpc/booke64: set RI in default MSR
- powerpc/lib: fix book3s/32 boot failure due to code patching
- Linux 4.4.180
- SAUCE: Clarify IBRS/IBPB runtime state change messages
- SAUCE: x86/speculation: Move STIBP hunks
- SAUCE: powerpc/speculation: Support 'mitigations=' cmdline option
- SAUCE: x86/speculation: Update 'mitigations=' documentation
- SAUCE: Show 'pti' instead of 'kaiser' in /proc/cpuinfo
- SAUCE: perf/bench: Drop definition of BIT in numa.c
- SAUCE: x86/speculation: Fix SSB command line documentation
* CVE-2018-12126 // CVE-2018-12127 // CVE-2018-12130 // CVE-2019-11091
- SAUCE: Synchronize MDS mitigations with upstream
- Documentation: Correct the possible MDS sysfs values
- x86/speculation/mds: Fix documentation typo
* CVE-2019-11091
- x86/mds: Add MDSUM variant to the MDS documentation
Date: 2019-08-02 15:06:16.460805+00:00
Changed-By: Kleber Sacilotto de Souza <kleber.souza at canonical.com>
Signed-By: Andy Whitcroft <apw at canonical.com>
https://launchpad.net/ubuntu/+source/linux-aws/4.4.0-1090.101
-------------- next part --------------
Sorry, changesfile not available.
More information about the Xenial-changes
mailing list