This bug was fixed in the package linux-snapdragon - 5.0.0-1018.19 --------------- linux-snapdragon (5.0.0-1018.19) disco; urgency=medium * disco/linux-snapdragon: 5.0.0-1018.19 -proposed tracker (LP: #1837573) * Packaging resync (LP: #1786013) - [Packaging] update helper scripts [ Ubuntu: 5.0.0-22.23 ] * disco/linux: 5.0.0-22.23 -proposed tracker (LP: #1837576) * Packaging resync (LP: #1786013) - [Packaging] resync git-ubuntu-log * hibmc-drm Causes Unreadable Display for Huawei amd64 Servers (LP: #1762940) - [Config] Set CONFIG_DRM_HISI_HIBMC to arm64 only - SAUCE: Make CONFIG_DRM_HISI_HIBMC depend on ARM64 * [18.04 FEAT] zKVM: Add hardware CPU Model - kernel part (LP: #1836153) - KVM: s390: add debug logging for cpu model subfunctions - KVM: s390: implement subfunction processor calls - KVM: s390: add vector enhancements facility 2 to cpumodel - KVM: s390: add vector BCD enhancements facility to cpumodel - KVM: s390: add MSA9 to cpumodel - KVM: s390: provide query function for instructions returning 32 byte - KVM: s390: add enhanced sort facilty to cpu model - KVM: s390: add deflate conversion facilty to cpu model - KVM: s390: enable MSA9 keywrapping functions depending on cpu model * bcache: risk of data loss on I/O errors in backing or caching devices (LP: #1829563) - Revert "bcache: set CACHE_SET_IO_DISABLE in bch_cached_dev_error()" * Intel ethernet I219 has slow RX speed (LP: #1836152) - SAUCE: e1000e: add workaround for possible stalled packet - SAUCE: e1000e: disable force K1-off feature * Intel ethernet I219 may wrongly detect connection speed as 10Mbps (LP: #1836177) - SAUCE: e1000e: Make watchdog use delayed work * Unhide Nvidia HDA audio controller (LP: #1836308) - PCI: Enable NVIDIA HDA controllers * Enable Armada SOCs and MVPP2 NIC driver for disco/generic arm64 (LP: #1835054) - [Config] Enable Armada SOCs and MVPP2 NIC driver for disco/generic arm64 * ixgbe{vf} - Physical Function gets IRQ when VF checks link state (LP: #1836760) - ixgbevf: Use cached link state instead of re-reading the value for ethtool * Two crashes on raid0 error path (during a member device removal) (LP: #1836806) - block: Fix a NULL pointer dereference in generic_make_request() - md/raid0: Do not bypass blocking queue entered for raid0 bios * CVE-2019-13233 - x86/insn-eval: Fix use-after-free access to LDT entry * cifs set_oplock buffer overflow in strcat (LP: #1824981) - cifs: fix strcat buffer overflow and reduce raciness in smb21_set_oplock_level() * CVE-2019-13272 - ptrace: Fix ->ptracer_cred handling for PTRACE_TRACEME * hda/realtek: can't detect external mic on a Dell machine (LP: #1836755) - ALSA: hda/realtek: apply ALC891 headset fixup to one Dell machine * CVE-2019-12614 - powerpc/pseries/dlpar: Fix a missing check in dlpar_parse_cc_property() * bnx2x driver causes 100% CPU load (LP: #1832082) - bnx2x: Prevent ptp_task to be rescheduled indefinitely * Sometimes touchpad detected as mouse(i2c designware fails to get adapter number) (LP: #1835150) - i2c: i2c-designware-platdrv: Cleanup setting of the adapter number - i2c: i2c-designware-platdrv: Always use a dynamic adapter number * Disco update: 5.0.18 upstream stable release (LP: #1836614) - locking/rwsem: Prevent decrement of reader count before increment - x86/speculation/mds: Revert CPU buffer clear on double fault exit - x86/speculation/mds: Improve CPU buffer clear documentation - objtool: Fix function fallthrough detection - arm64: dts: rockchip: fix IO domain voltage setting of APIO5 on rockpro64 - arm64: dts: rockchip: Disable DCMDs on RK3399's eMMC controller. - ARM: dts: qcom: ipq4019: enlarge PCIe BAR range - ARM: dts: exynos: Fix interrupt for shared EINTs on Exynos5260 - ARM: dts: exynos: Fix audio (microphone) routing on Odroid XU3 - mmc: sdhci-of-arasan: Add DTS property to disable DCMDs. - ARM: exynos: Fix a leaked reference by adding missing of_node_put - power: supply: axp288_charger: Fix unchecked return value - power: supply: axp288_fuel_gauge: Add ACEPC T8 and T11 mini PCs to the blacklist - arm64: mmap: Ensure file offset is treated as unsigned - arm64: arch_timer: Ensure counter register reads occur with seqlock held - arm64: compat: Reduce address limit - arm64: Clear OSDLR_EL1 on CPU boot - arm64: Save and restore OSDLR_EL1 across suspend/resume - sched/x86: Save [ER]FLAGS on context switch - x86/MCE: Add an MCE-record filtering function - x86/MCE/AMD: Turn off MC4_MISC thresholding on all family 0x15 models - x86/MCE/AMD: Carve out the MC4_MISC thresholding quirk - x86/MCE: Group AMD function prototypes in - x86/MCE/AMD: Don't report L1 BTB MCA errors on some family 17h models - crypto: crypto4xx - fix ctr-aes missing output IV - crypto: crypto4xx - fix cfb and ofb "overran dst buffer" issues - crypto: salsa20 - don't access already-freed walk.iv - crypto: lrw - don't access already-freed walk.iv - crypto: chacha-generic - fix use as arm64 no-NEON fallback - crypto: chacha20poly1305 - set cra_name correctly - crypto: ccp - Do not free psp_master when PLATFORM_INIT fails - crypto: vmx - fix copy-paste error in CTR mode - crypto: skcipher - don't WARN on unprocessed data after slow walk step - crypto: crct10dif-generic - fix use via crypto_shash_digest() - crypto: x86/crct10dif-pcl - fix use via crypto_shash_digest() - crypto: arm64/gcm-aes-ce - fix no-NEON fallback code - crypto: gcm - fix incompatibility between "gcm" and "gcm_base" - crypto: rockchip - update IV buffer to contain the next IV - crypto: caam/qi2 - fix zero-length buffer DMA mapping - crypto: caam/qi2 - fix DMA mapping of stack memory - crypto: caam/qi2 - generate hash keys in-place - crypto: arm/aes-neonbs - don't access already-freed walk.iv - crypto: arm64/aes-neonbs - don't access already-freed walk.iv - mmc: tegra: fix ddr signaling for non-ddr modes - mmc: core: Fix tag set memory leak - mmc: sdhci-pci: Fix BYT OCP setting - ALSA: line6: toneport: Fix broken usage of timer for delayed execution - ALSA: usb-audio: Fix a memory leak bug - ALSA: hda/realtek - EAPD turn on later - ASoC: max98090: Fix restore of DAPM Muxes - ASoC: RT5677-SPI: Disable 16Bit SPI Transfers - ASoC: fsl_esai: Fix missing break in switch statement - ASoC: codec: hdac_hdmi add device_link to card device - bpf, arm64: remove prefetch insn in xadd mapping - crypto: ccree - remove special handling of chained sg - crypto: ccree - fix mem leak on error path - crypto: ccree - don't map MAC key on stack - crypto: ccree - use correct internal state sizes for export - crypto: ccree - don't map AEAD key and IV on stack - crypto: ccree - pm resume first enable the source clk - crypto: ccree - HOST_POWER_DOWN_EN should be the last CC access during suspend - crypto: ccree - add function to handle cryptocell tee fips error - crypto: ccree - handle tee fips error during power management resume - mm/mincore.c: make mincore() more conservative - mm/huge_memory: fix vmf_insert_pfn_{pmd, pud}() crash, handle unaligned addresses - mm/hugetlb.c: don't put_page in lock of hugetlb_lock - hugetlb: use same fault hash key for shared and private mappings - ocfs2: fix ocfs2 read inode data panic in ocfs2_iget - userfaultfd: use RCU to free the task struct when fork fails - ACPI: PM: Set enable_for_wake for wakeup GPEs during suspend-to-idle - mfd: da9063: Fix OTP control register names to match datasheets for DA9063/63L - mfd: max77620: Fix swapped FPS_PERIOD_MAX_US values - mtd: spi-nor: intel-spi: Avoid crossing 4K address boundary on read/write - mtd: maps: physmap: Store gpio_values correctly - mtd: maps: Allow MTD_PHYSMAP with MTD_RAM - tty: vt.c: Fix TIOCL_BLANKSCREEN console blanking if blankinterval == 0 - tty/vt: fix write/write race in ioctl(KDSKBSENT) handler - jbd2: check superblock mapped prior to committing - ext4: make sanity check in mballoc more strict - ext4: ignore e_value_offs for xattrs with value-in-ea-inode - ext4: avoid drop reference to iloc.bh twice - ext4: fix use-after-free race with debug_want_extra_isize - ext4: actually request zeroing of inode table after grow - ext4: fix ext4_show_options for file systems w/o journal - btrfs: Check the first key and level for cached extent buffer - btrfs: Correctly free extent buffer in case btree_read_extent_buffer_pages fails - btrfs: Honour FITRIM range constraints during free space trim - Btrfs: send, flush dellaloc in order to avoid data loss - Btrfs: do not start a transaction during fiemap - Btrfs: do not start a transaction at iterate_extent_inodes() - Btrfs: fix race between send and deduplication that lead to failures and crashes - bcache: fix a race between cache register and cacheset unregister - bcache: never set KEY_PTRS of journal key to 0 in journal_reclaim() - ipmi:ssif: compare block number correctly for multi-part return messages - crypto: ccm - fix incompatibility between "ccm" and "ccm_base" - fs/writeback.c: use rcu_barrier() to wait for inflight wb switches going into workqueue when umount - tty: Don't force RISCV SBI console as preferred console - ext4: fix data corruption caused by overlapping unaligned and aligned IO - ext4: fix use-after-free in dx_release() - ext4: avoid panic during forced reboot due to aborted journal - ALSA: hda/realtek - Fix for Lenovo B50-70 inverted internal microphone bug - jbd2: fix potential double free - KVM: Fix the bitmap range to copy during clear dirty - KVM: x86: Skip EFER vs. guest CPUID checks for host-initiated writes - KVM: lapic: Busy wait for timer to expire when using hv_timer - kbuild: turn auto.conf.cmd into a mandatory include file - xen/pvh: set xen_domain_type to HVM in xen_pvh_init - xen/pvh: correctly setup the PV EFI interface for dom0 - libnvdimm/namespace: Fix label tracking error - iov_iter: optimize page_copy_sane() - mm/gup: Remove the 'write' parameter from gup_fast_permitted() - s390/mm: make the pxd_offset functions more robust - s390/mm: convert to the generic get_user_pages_fast code - ext4: fix compile error when using BUFFER_TRACE - ext4: don't update s_rev_level if not required - Linux 5.0.18 * Disco update: 5.0.17 upstream stable release (LP: #1836577) - bfq: update internal depth state when queue depth changes - platform/x86: sony-laptop: Fix unintentional fall-through - platform/x86: thinkpad_acpi: Disable Bluetooth for some machines - platform/x86: dell-laptop: fix rfkill functionality - hwmon: (pwm-fan) Disable PWM if fetching cooling data fails - hwmon: (occ) Fix extended status bits - selftests/seccomp: Handle namespace failures gracefully - kernfs: fix barrier usage in __kernfs_new_node() - virt: vbox: Sanity-check parameter types for hgcm-calls coming from userspace - USB: serial: fix unthrottle races - iio: adc: xilinx: fix potential use-after-free on remove - iio: adc: xilinx: fix potential use-after-free on probe - iio: adc: xilinx: prevent touching unclocked h/w on remove - acpi/nfit: Always dump _DSM output payload - libnvdimm/namespace: Fix a potential NULL pointer dereference - HID: input: add mapping for Expose/Overview key - HID: input: add mapping for keyboard Brightness Up/Down/Toggle keys - HID: input: add mapping for "Toggle Display" key - libnvdimm/btt: Fix a kmemdup failure check - s390/dasd: Fix capacity calculation for large volumes - mac80211: fix unaligned access in mesh table hash function - mac80211: Increase MAX_MSG_LEN - cfg80211: Handle WMM rules in regulatory domain intersection - mac80211: fix memory accounting with A-MSDU aggregation - nl80211: Add NL80211_FLAG_CLEAR_SKB flag for other NL commands - libnvdimm/security: provide fix for secure-erase to use zero-key - libnvdimm/pmem: fix a possible OOB access when read and write pmem - tools/testing/nvdimm: Retain security state after overwrite - s390/3270: fix lockdep false positive on view->lock - drm/ttm: fix dma_fence refcount imbalance on error path - drm/amd/display: extending AUX SW Timeout - clocksource/drivers/npcm: select TIMER_OF - clocksource/drivers/oxnas: Fix OX820 compatible - selftests: fib_tests: Fix 'Command line is not complete' errors - drm/amdgpu: shadow in shadow_list without tbo.mem.start cause page fault in sriov TDR - mISDN: Check address length before reading address family - vxge: fix return of a free'd memblock on a failed dma mapping - qede: fix write to free'd pointer error and double free of ptp - afs: Unlock pages for __pagevec_release() - afs: Fix in-progess ops to ignore server-level callback invalidation - qed: Delete redundant doorbell recovery types - qed: Fix the doorbell address sanity check - qed: Fix missing DORQ attentions - qed: Fix the DORQ's attentions handling - drm/amd/display: If one stream full updates, full update all planes - s390/pkey: add one more argument space for debug feature entry - x86/build/lto: Fix truncated .bss with -fdata-sections - x86/mm: Prevent bogus warnings with "noexec=off" - x86/reboot, efi: Use EFI reboot for Acer TravelMate X514-51T - KVM: nVMX: always use early vmcs check when EPT is disabled - KVM: fix spectrev1 gadgets - KVM: x86: avoid misreporting level-triggered irqs as edge-triggered in tracing - tools lib traceevent: Fix missing equality check for strcmp - perf top: Always sample time to satisfy needs of use of ordered queuing - ipmi: ipmi_si_hardcode.c: init si_type array to fix a crash - ocelot: Don't sleep in atomic context (irqs_disabled()) - perf tools: Fix map reference counting - scsi: aic7xxx: fix EISA support - slab: store tagged freelist for off-slab slabmgmt - mm/hotplug: treat CMA pages as unmovable - mm: fix inactive list balancing between NUMA nodes and cgroups - init: initialize jump labels before command line option parsing - drm: bridge: dw-hdmi: Fix overflow workaround for Rockchip SoCs - selftests: netfilter: check icmp pkttoobig errors are set as related - ipvs: do not schedule icmp errors from tunnels - netfilter: ctnetlink: don't use conntrack/expect object addresses as id - netfilter: nf_tables: prevent shift wrap in nft_chain_parse_hook() - netfilter: nat: fix icmp id randomization - MIPS: perf: ath79: Fix perfcount IRQ assignment - IB/mlx5: Fix scatter to CQE in DCT QP creation - s390: ctcm: fix ctcm_new_device error return code - drm/sun4i: Set device driver data at bind time for use in unbind - drm/sun4i: Fix component unbinding and component master deletion - of_net: Fix residues after of_get_nvmem_mac_address removal - selftests/net: correct the return value for run_afpackettests - netfilter: never get/set skb->tstamp - netfilter: fix nf_l4proto_log_invalid to log invalid packets - dmaengine: bcm2835: Avoid GFP_KERNEL in device_prep_slave_sg - gpu: ipu-v3: dp: fix CSC handling - drm/imx: don't skip DP channel disable for background plane - ARM: fix function graph tracer and unwinder dependencies - ARM: 8856/1: NOMMU: Fix CCR register faulty initialization when MPU is disabled - spi: Micrel eth switch: declare missing of table - spi: ST ST95HF NFC: declare missing of table - ceph: handle the case where a dentry has been renamed on outstanding req - Revert "drm/virtio: drop prime import/export callbacks" - drm/sun4i: Unbind components before releasing DRM and memory - Input: snvs_pwrkey - make it depend on ARCH_MXC - Input: synaptics-rmi4 - fix possible double free - net: vrf: Fix operation not supported when set vrf mac - gpio: Fix gpiochip_add_data_with_key() error path - mm/memory_hotplug.c: drop memory device reference after find_memory_block() - mm/page_alloc.c: avoid potential NULL pointer dereference - bpf: only test gso type on gso packets - net: sched: fix cleanup NULL pointer exception in act_mirr - net: mvpp2: fix validate for PPv2.1 - drm/rockchip: fix for mailbox read validation. - cw1200: fix missing unlock on error in cw1200_hw_scan() - mwl8k: Fix rate_idx underflow - rtlwifi: rtl8723ae: Fix missing break in switch statement - Don't jump to compute_result state from check_result state - bonding: fix arp_validate toggling in active-backup mode - bridge: Fix error path for kobject_init_and_add() - dpaa_eth: fix SG frame cleanup - fib_rules: return 0 directly if an exactly same rule exists when NLM_F_EXCL not supplied - ipv4: Fix raw socket lookup for local traffic - net: dsa: Fix error cleanup path in dsa_init_module - net: ethernet: stmmac: dwmac-sun8i: enable support of unicast filtering - net: macb: Change interrupt and napi enable order in open - net: seeq: fix crash caused by not set dev.parent - net: ucc_geth - fix Oops when changing number of buffers in the ring - packet: Fix error path in packet_init - selinux: do not report error on connect(AF_UNSPEC) - tipc: fix hanging clients using poll with EPOLLOUT flag - vlan: disable SIOCSHWTSTAMP in container - vrf: sit mtu should not be updated when vrf netdev is the link - tuntap: fix dividing by zero in ebpf queue selection - tuntap: synchronize through tfiles array instead of tun->numqueues - net: phy: fix phy_validate_pause - flow_dissector: disable preemption around BPF calls - isdn: bas_gigaset: use usb_fill_int_urb() properly - drivers/virt/fsl_hypervisor.c: dereferencing error pointers in ioctl - drivers/virt/fsl_hypervisor.c: prevent integer overflow in ioctl - powerpc/book3s/64: check for NULL pointer in pgd_alloc() - powerpc/powernv/idle: Restore IAMR after idle - powerpc/booke64: set RI in default MSR - virtio_ring: Fix potential mem leak in virtqueue_add_indirect_packed - PCI: hv: Fix a memory leak in hv_eject_device_work() - PCI: hv: Add hv_pci_remove_slots() when we unload the driver - PCI: hv: Add pci_destroy_slot() in pci_devices_present_work(), if necessary - f2fs: Fix use of number of devices - Linux 5.0.17 - [Config] update configs after update to 5.0.17 * Disco update: 5.0.16 upstream stable release (LP: #1835580) - Linux 5.0.16 * CVE-2019-10126 - mwifiex: Fix heap overflow in mwifiex_uap_parse_tail_ies() * CVE-2019-3846 - mwifiex: Fix possible buffer overflows at parsing bss descriptor * CVE-2019-12984 - nfc: Ensure presence of required attributes in the deactivate_target handler * Sometimes touchpad(goodix) can't use tap function (LP: #1836020) - SAUCE: i2c: designware: add Inpiron/Vostro 7590 into i2c quirk * proc_thermal flooding dmesg (LP: #1824690) - drivers: thermal: processor_thermal: Downgrade error message -- Wen-chien Jesse Sung