Ubuntu
linux package

NULL pointer dereference when Inserting the VIMC module

Bug #1840028 reported by Po-Hsu Lin on 2019-08-13

This bug affects 1 person

	Status	Importance	Assigned to
linux (Ubuntu)	Fix Released	Undecided	Po-Hsu Lin
Bionic	Fix Released	Undecided	Po-Hsu Lin
Disco	Fix Released	Undecided	Po-Hsu Lin
Eoan	Fix Released	Undecided	Po-Hsu Lin

Bug Description

== SRU Justification ==
When trying to insert a vimc module on a system has other devices being registered in the component framework, if the device is not necessarily a platform_device, nor have a platform_data it will trigger a NULL pointer deference issue.

Issue found on a bare metal node with config vimc enabled.

ubuntu@amaura:~$ sudo modprobe vimc
Killed

dmesg output:
[ 2855.340272] media: Linux media interface: v0.10
[ 2855.344927] Linux video capture interface: v2.00
[ 2855.346146] BUG: unable to handle kernel NULL pointer dereference at 0000000000000000
[ 2855.346172] IP: strcmp+0xe/0x30
[ 2855.346181] PGD 0 P4D 0
[ 2855.346189] Oops: 0000 [#1] SMP PTI
[ 2855.346198] Modules linked in: vimc(+) videodev media ppdev intel_rapl x86_pkg_temp_thermal intel_powerclamp coretemp kvm_intel binfmt_misc kvm irqbypass intel_cstate intel_rapl_perf ipmi_si joydev ipmi_devintf ipmi_msghandler intel_pch_thermal input_leds parport_pc lpc_ich shpchp parport mac_hid sch_fq_codel ib_iser rdma_cm iw_cm ib_cm ib_core iscsi_tcp libiscsi_tcp libiscsi scsi_transport_iscsi ip_tables x_tables autofs4 btrfs zstd_compress raid10 raid456 async_raid6_recov async_memcpy async_pq async_xor async_tx xor raid6_pq libcrc32c raid1 raid0 multipath linear hid_generic usbhid hid crct10dif_pclmul crc32_pclmul ghash_clmulni_intel pcbc i915 mgag200 ttm drm_kms_helper aesni_intel syscopyarea aes_x86_64 sysfillrect crypto_simd igb sysimgblt glue_helper fb_sys_fops cryptd dca drm i2c_algo_bit
[ 2855.346366] ahci ptp libahci pps_core video
[ 2855.346379] CPU: 4 PID: 1505 Comm: modprobe Not tainted 4.15.0-58-generic #64
[ 2855.346395] Hardware name: Intel Corporation S1200RP/S1200RP, BIOS S1200RP.86B.03.02.0003.070120151022 07/01/2015
[ 2855.346418] RIP: 0010:strcmp+0xe/0x30
[ 2855.346428] RSP: 0018:ffffb63501f93a00 EFLAGS: 00010202
[ 2855.346440] RAX: ffffffffc0c860f0 RBX: 0000000000000000 RCX: 0000000000000000
[ 2855.346456] RDX: ffffa097d85ec440 RSI: ffffffffc0c8723f RDI: 0000000000000001
[ 2855.346473] RBP: ffffb63501f93a00 R08: ffffa097e09270a0 R09: ffffa097d265ca80
[ 2855.346489] R10: ffffe84b51559600 R11: 0000000000000200 R12: ffffa097dcdbf718
[ 2855.346505] R13: ffffa097d265ca80 R14: ffffa097d2f2b380 R15: 0000000000000000
[ 2855.346521] FS: 00007fd7f4e4b540(0000) GS:ffffa097e0900000(0000) knlGS:0000000000000000
[ 2855.346539] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 2855.346553] CR2: 0000000000000000 CR3: 00000004580fc001 CR4: 00000000003606e0
[ 2855.346569] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 2855.346585] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 2855.346601] Call Trace:
[ 2855.346611] vimc_comp_compare+0x15/0x20 [vimc]
[ 2855.346624] try_to_bring_up_master+0xa3/0x260
[ 2855.346635] ? vimc_remove+0x90/0x90 [vimc]
[ 2855.346646] component_master_add_with_match+0x8b/0xd0
[ 2855.346659] vimc_probe+0x325/0x3c9 [vimc]
[ 2855.346672] ? acpi_dev_pm_attach+0x25/0xd0
[ 2855.346683] platform_drv_probe+0x3e/0xa0
[ 2855.346693] driver_probe_device+0x30c/0x490
[ 2855.346704] __driver_attach+0xa7/0xf0
[ 2855.346714] ? driver_probe_device+0x490/0x490
[ 2855.346725] bus_for_each_dev+0x70/0xc0
[ 2855.346735] driver_attach+0x1e/0x20
[ 2855.346744] bus_add_driver+0x1c7/0x270
[ 2855.346754] ? 0xffffffffc0c8b000
[ 2855.346763] driver_register+0x60/0xe0
[ 2855.346772] ? 0xffffffffc0c8b000
[ 2855.346781] __platform_driver_register+0x36/0x40
[ 2855.346793] vimc_init+0x46/0x1000 [vimc]
[ 2855.347306] do_one_initcall+0x52/0x19f
[ 2855.347810] ? __vunmap+0x8e/0xc0
[ 2855.348322] ? _cond_resched+0x19/0x40
[ 2855.348811] ? kmem_cache_alloc_trace+0x14e/0x1b0
[ 2855.349290] ? do_init_module+0x27/0x209
[ 2855.349768] do_init_module+0x5f/0x209
[ 2855.350246] load_module+0x193b/0x1f30
[ 2855.350710] ? ima_post_read_file+0x96/0xa0
[ 2855.351159] SYSC_finit_module+0xfc/0x120
[ 2855.351592] ? SYSC_finit_module+0xfc/0x120
[ 2855.352010] SyS_finit_module+0xe/0x10
[ 2855.352412] do_syscall_64+0x73/0x130
[ 2855.352797] entry_SYSCALL_64_after_hwframe+0x3d/0xa2
[ 2855.353169] RIP: 0033:0x7fd7f4959839
[ 2855.353538] RSP: 002b:00007ffd7e3fd5c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000139
[ 2855.353915] RAX: ffffffffffffffda RBX: 0000563c3b02eea0 RCX: 00007fd7f4959839
[ 2855.354286] RDX: 0000000000000000 RSI: 0000563c39de5d2e RDI: 0000000000000005
[ 2855.354647] RBP: 0000563c39de5d2e R08: 0000000000000000 R09: 0000563c3b02eea0
[ 2855.355009] R10: 0000000000000005 R11: 0000000000000246 R12: 0000000000000000
[ 2855.355369] R13: 0000563c3b02ef20 R14: 0000000000040000 R15: 0000563c3b02eea0
[ 2855.355728] Code: 01 c8 c3 c6 44 07 ff 00 eb 91 31 c0 eb c9 48 c7 c0 f9 ff ff ff c3 0f 1f 80 00 00 00 00 55 48 89 e5 eb 04 84 c0 74 18 48 83 c7 01 <0f> b6 47 ff 48 83 c6 01 3a 46 ff 74 eb 19 c0 83 c8 01 5d c3 31
[ 2855.356503] RIP: strcmp+0xe/0x30 RSP: ffffb63501f93a00
[ 2855.356885] CR2: 0000000000000000
[ 2855.357259] ---[ end trace bfba48c80f803d2d ]---

== Fix ==
* ee1c71a8 (media: vimc: fix component match compare)

This patch can be cherry-picked in to B/D/E.
VIMC support was requested to enabled on these kernels (lp:1831482).

== Test ==
Test kernels could be found here:
https://people.canonical.com/~phlin/kernel/lp-1840028-null-ptr-vimc/

Tested with node "amaura", patch works as expected, the vimc module can be inserted / removed without any issue.

== Regression Potential ==
Low, this patch is specific for vimc and we have positive test result with it.

See original description

Tags:

CVE References

2018-20976

Revision history for this message

Po-Hsu Lin (cypressyew) wrote on 2019-08-13:

Fix: https://github.com/torvalds/linux/commit/ee1c71a8e1456ab53fe667281d855849edf26a4d#diff-4764248de66b484b364df935156b7e92

description:	updated
tags:	added: bionic
Changed in linux (Ubuntu):
assignee:	nobody → Po-Hsu Lin (cypressyew)
Changed in linux (Ubuntu Bionic):
assignee:	nobody → Po-Hsu Lin (cypressyew)
status:	New → Incomplete
status:	Incomplete → In Progress

Revision history for this message

Po-Hsu Lin (cypressyew) wrote on 2019-08-13:

With the Bionic test kernel https://people.canonical.com/~phlin/kernel/lp-1840028-null-ptr-vimc/B/

This issue will gone:

ubuntu@amaura:~$ sudo modprobe vimc
ubuntu@amaura:~$

[ 10.048268] IPv6: ADDRCONF(NETDEV_CHANGE): eno1: link becomes ready
[ 127.217396] new mount options do not match the existing superblock, will be ignored
[ 142.328019] media: Linux media interface: v0.10
[ 142.332711] Linux video capture interface: v2.00
[ 142.343775] vimc vimc.0: bound vimc-sensor.1.auto (ops vimc_sen_comp_ops [vimc_sensor])
[ 142.343891] vimc vimc.0: bound vimc-sensor.2.auto (ops vimc_sen_comp_ops [vimc_sensor])
[ 142.343893] vimc vimc.0: bound vimc-debayer.3.auto (ops vimc_deb_comp_ops [vimc_debayer])
[ 142.343895] vimc vimc.0: bound vimc-debayer.4.auto (ops vimc_deb_comp_ops [vimc_debayer])
[ 142.343931] vimc vimc.0: bound vimc-capture.5.auto (ops vimc_cap_comp_ops [vimc_capture])
[ 142.343952] vimc vimc.0: bound vimc-capture.6.auto (ops vimc_cap_comp_ops [vimc_capture])
[ 142.344059] vimc vimc.0: bound vimc-sensor.7.auto (ops vimc_sen_comp_ops [vimc_sensor])
[ 142.344061] vimc vimc.0: bound vimc-scaler.8.auto (ops vimc_sca_comp_ops [vimc_scaler])
[ 142.344083] vimc vimc.0: bound vimc-capture.9.auto (ops vimc_cap_comp_ops [vimc_capture])

Revision history for this message

Ubuntu Kernel Bot (ubuntu-kernel-bot) wrote on 2019-08-13: Missing required logs.

This bug is missing log files that will aid in diagnosing the problem. While running an Ubuntu kernel (not a mainline or third-party kernel) please enter the following command in a terminal window:

apport-collect 1840028

and then change the status of the bug to 'Confirmed'.

If, due to the nature of the issue you have encountered, you are unable to run this command, please add a comment stating that fact and change the bug status to 'Confirmed'.

This change has been made by an automated script, maintained by the Ubuntu Kernel Team.

Changed in linux (Ubuntu):
status:	New → Incomplete

Revision history for this message

Po-Hsu Lin (cypressyew) wrote on 2019-08-14:

Affecting Disco as well, passed with patched kernel.

Changed in linux (Ubuntu Disco):
assignee:	nobody → Po-Hsu Lin (cypressyew)

Po-Hsu Lin (cypressyew) on 2019-08-14

description:	updated
Changed in linux (Ubuntu Disco):
status:	New → In Progress
Changed in linux (Ubuntu Eoan):
status:	Incomplete → In Progress

Po-Hsu Lin (cypressyew) on 2019-08-14

description:

updated

Po-Hsu Lin (cypressyew) on 2019-08-14

description:

updated

Revision history for this message

Po-Hsu Lin (cypressyew) wrote on 2019-08-14:

https://lists.ubuntu.com/archives/kernel-team/2019-August/103092.html

Seth Forshee (sforshee) on 2019-08-15

Changed in linux (Ubuntu Eoan):
status:	In Progress → Fix Committed

Po-Hsu Lin (cypressyew) on 2019-08-16

tags:

added: disco eoan

Revision history for this message

Launchpad Janitor (janitor) wrote on 2019-08-27:

Download full text (27.8 KiB)

This bug was fixed in the package linux - 5.2.0-13.14

---------------
linux (5.2.0-13.14) eoan; urgency=medium

* eoan/linux: 5.2.0-13.14 -proposed tracker (LP: #1840261)

* NULL pointer dereference when Inserting the VIMC module (LP: #1840028)
- media: vimc: fix component match compare

* Miscellaneous upstream changes
- selftests/bpf: remove bpf_util.h from BPF C progs

linux (5.2.0-12.13) eoan; urgency=medium

* eoan/linux: 5.2.0-12.13 -proposed tracker (LP: #1840184)

  * Eoan update: v5.2.8 upstream stable release (LP: #1840178)
    - scsi: fcoe: Embed fc_rport_priv in fcoe_rport structure
    - libnvdimm/bus: Prepare the nd_ioctl() path to be re-entrant
    - libnvdimm/bus: Fix wait_nvdimm_bus_probe_idle() ABBA deadlock
    - ALSA: usb-audio: Sanity checks for each pipe and EP types
    - ALSA: usb-audio: Fix gpf in snd_usb_pipe_sanity_check
    - HID: wacom: fix bit shift for Cintiq Companion 2
    - HID: Add quirk for HP X1200 PIXART OEM mouse
    - atm: iphase: Fix Spectre v1 vulnerability
    - bnx2x: Disable multi-cos feature.
    - drivers/net/ethernet/marvell/mvmdio.c: Fix non OF case
    - ife: error out when nla attributes are empty
    - ip6_gre: reload ipv6h in prepare_ip6gre_xmit_ipv6
    - ip6_tunnel: fix possible use-after-free on xmit
    - ipip: validate header length in ipip_tunnel_xmit
    - mlxsw: spectrum: Fix error path in mlxsw_sp_module_init()
    - mvpp2: fix panic on module removal
    - mvpp2: refactor MTU change code
    - net: bridge: delete local fdb on device init failure
    - net: bridge: mcast: don't delete permanent entries when fast leave is
      enabled
    - net: bridge: move default pvid init/deinit to NETDEV_REGISTER/UNREGISTER
    - net: fix ifindex collision during namespace removal
    - net/mlx5e: always initialize frag->last_in_page
    - net/mlx5: Use reversed order when unregister devices
    - net: phy: fixed_phy: print gpio error only if gpio node is present
    - net: phylink: don't start and stop SGMII PHYs in SFP modules twice
    - net: phylink: Fix flow control for fixed-link
    - net: phy: mscc: initialize stats array
    - net: qualcomm: rmnet: Fix incorrect UL checksum offload logic
    - net: sched: Fix a possible null-pointer dereference in dequeue_func()
    - net sched: update vlan action for batched events operations
    - net: sched: use temporary variable for actions indexes
    - net/smc: do not schedule tx_work in SMC_CLOSED state
    - net: stmmac: Use netif_tx_napi_add() for TX polling function
    - NFC: nfcmrvl: fix gpio-handling regression
    - ocelot: Cancel delayed work before wq destruction
    - tipc: compat: allow tipc commands without arguments
    - tipc: fix unitilized skb list crash
    - tun: mark small packets as owned by the tap sock
    - net/mlx5: Fix modify_cq_in alignment
    - net/mlx5e: Prevent encap flow counter update async to user query
    - r8169: don't use MSI before RTL8168d
    - bpf: fix XDP vlan selftests test_xdp_vlan.sh
    - selftests/bpf: add wrapper scripts for test_xdp_vlan.sh
    - selftests/bpf: reduce time to execute test_xdp_vlan.sh
    - net: fix bpf_xdp_adjust_head regression for generic-XDP
    - hv_sock: Fi...

This bug was fixed in the package linux - 5.2.0-13.14

---------------
linux (5.2.0-13.14) eoan; urgency=medium

* eoan/linux: 5.2.0-13.14 -proposed tracker (LP: #1840261)

* NULL pointer dereference when Inserting the VIMC module (LP: #1840028)
    - media: vimc: fix component match compare

* Miscellaneous upstream changes
    - selftests/bpf: remove bpf_util.h from BPF C progs

linux (5.2.0-12.13) eoan; urgency=medium

* eoan/linux: 5.2.0-12.13 -proposed tracker (LP: #1840184)

* Miscellaneous Ubuntu changes
    - SAUCE: selftests/bpf: do not include Kbuild.include in makefile
    - update dkms package versions

linux (5.2.0-11.12) eoan; urgency=medium

* eoan/linux: 5.2.0-11.12 -proposed tracker (LP: #1839646)

* Packaging resync (LP: #1786013)
    - [Packaging] resync getabis
    - [Packaging] update helper scripts

* Eoan update: v5.2.7 upstream stable release (LP: #1839588)
    - Revert "UBUNTU: SAUCE: Revert "loop: Don't change loop device under
      exclusive opener""
    - ARM: riscpc: fix DMA
    - ARM: dts: rockchip: Make rk3288-veyron-minnie run at hs200
    - ARM: dts: rockchip: Make rk3288-veyron-mickey's emmc work again
    - clk: meson: mpll: properly handle spread spectrum
    - ARM: dts: rockchip: Mark that the rk3288 timer might stop in suspend
    - ftrace: Enable trampoline when rec count returns back to one
    - arm64: dts: qcom: qcs404-evb: fix l3 min voltage
    - soc: qcom: rpmpd: fixup rpmpd set performance state
    - arm64: dts: marvell: mcbin: enlarge PCI memory window
    - soc: imx: soc-imx8: Correct return value of error handle
    - dmaengine: tegra-apb: Error out if DMA_PREP_INTERRUPT flag is unset
    - arm64: dts: rockchip: fix isp iommu clocks and power domain
    - kernel/module.c: Only return -EEXIST for modules that have finished loading
    - PCI: OF: Initialize dev->fwnode appropriately
    - firmware/psci: psci_checker: Park kthreads before stopping them
    - soc: imx8: Fix potential kernel dump in error path
    - arm64: qcom: qcs404: Add reset-cells to GCC node
    - swiotlb: fix phys_addr_t overflow warning
    - MIPS: lantiq: Fix bitfield masking
    - dmaengine: rcar-dmac: Reject zero-length slave DMA requests
    - ARM: exynos: Only build MCPM support if used
    - clk: tegra210: fix PLLU and PLLU_OUT1
    - fs/adfs: super: fix use-after-free bug
    - clk: sprd: Add check for return value of sprd_clk_regmap_init()
    - arm64: dts: rockchip: Fix USB3 Type-C on rk3399-sapphire
    - btrfs: tree-checker: Check if the file extent end overflows
    - btrfs: fix minimum number of chunk errors for DUP
    - btrfs: Flush before reflinking any extent to prevent NOCOW write falling
      back to COW without data reservation
    - remoteproc: copy parent dma_pfn_offset for vdev
    - btrfs: qgroup: Don't hold qgroup_ioctl_lock in btrfs_qgroup_inherit()
    - cifs: Fix a race condition with cifs_echo_request
    - ceph: fix improper use of smp_mb__before_atomic()
    - ceph: fix dir_lease_is_valid()
    - ceph: return -ERANGE if virtual xattr value didn't fit in buffer
    - virtio-mmio: add error check for platform_get_irq
    - ACPI: blacklist: fix clang warning for unused DMI table
    - scsi: zfcp: fix GCC compiler warning emitted with -Wmaybe-uninitialized
    - selftests/bpf: do not ignore clang failures
    - drm/amd/display: Expose audio inst from DC to DM
    - cifs: fix crash in cifs_dfs_do_automount
    - perf version: Fix segfault due to missing OPT_END()
    - x86: kvm: avoid constant-conversion warning
    - ACPI: fix false-positive -Wuninitialized warning
    - KVM: nVMX: Ignore segment base for VMX memory operand when segment not FS or
      GS
    - bpf: fix BTF verifier size resolution logic
    - be2net: Signal that the device cannot transmit during reconfiguration
    - mm/z3fold: don't try to use buddy slots after free
    - mm/slab_common.c: work around clang bug #42570
    - mm/memcontrol.c: keep local VM counters in sync with the hierarchical ones
    - mm/z3fold.c: reinitialize zhdr structs after migration
    - x86/apic: Silence -Wtype-limits compiler warnings
    - x86: math-emu: Hide clang warnings for 16-bit overflow
    - mm/cma.c: fail if fixed declaration can't be honored
    - lib/test_overflow.c: avoid tainting the kernel and fix wrap size
    - lib/test_string.c: avoid masking memset16/32/64 failures
    - mm/ioremap: check virtual address alignment while creating huge mappings
    - coda: add error handling for fget
    - coda: fix build using bare-metal toolchain
    - uapi linux/coda_psdev.h: move upc_req definition from uapi to kernel side
      headers
    - drivers/rapidio/devices/rio_mport_cdev.c: NUL terminate some strings
    - ipc/mqueue.c: only perform resource calculation if user valid
    - nds32: fix asm/syscall.h
    - device-dax: fix memory and resource leak if hotplug fails
    - mm/hotplug: make remove_memory() interface usable
    - stacktrace: Force USER_DS for stack_trace_save_user()
    - crypto: ccp - Fix SEV_VERSION_GREATER_OR_EQUAL
    - xen/pv: Fix a boot up hang revealed by int3 self test
    - x86/kvm: Don't call kvm_spurious_fault() from .fixup
    - x86/paravirt: Fix callee-saved function ELF sizes
    - x86, boot: Remove multiple copy of static function sanitize_boot_params()
    - bpf: Disable GCC -fgcse optimization for ___bpf_prog_run()
    - drm/nouveau: fix memory leak in nouveau_conn_reset()
    - drm/nouveau/dmem: missing mutex_lock in error path
    - kconfig: Clear "written" flag to avoid data loss
    - kbuild: initialize CLANG_FLAGS correctly in the top Makefile
    - kbuild: modpost: include .*.cmd files only when targets exist
    - tpm: Fix null pointer dereference on chip register error path
    - Btrfs: fix incremental send failure after deduplication
    - Btrfs: fix race leading to fs corruption after transaction abort
    - dax: Fix missed wakeup in put_unlocked_entry()
    - fgraph: Remove redundant ftrace_graph_notrace_addr() test
    - mmc: dw_mmc: Fix occasional hang after tuning on eMMC
    - mmc: meson-mx-sdio: Fix misuse of GENMASK macro
    - mmc: host: sdhci-sprd: Fix the missing pm_runtime_put_noidle()
    - mmc: mmc_spi: Enable stable writes
    - gpiolib: Preserve desc->flags when setting state
    - gpio: don't WARN() on NULL descs if gpiolib is disabled
    - gpiolib: fix incorrect IRQ requesting of an active-low lineevent
    - IB/hfi1: Fix Spectre v1 vulnerability
    - drm/nouveau: Only release VCPI slots on mode changes
    - mtd: rawnand: micron: handle on-die "ECC-off" devices correctly
    - eeprom: at24: make spd world-readable again
    - i2c: iproc: Fix i2c master read more than 63 bytes
    - i2c: at91: disable TXRDY interrupt after sending data
    - i2c: at91: fix clk_offset for sama5d2
    - powerpc/kasan: fix early boot failure on PPC32
    - selinux: fix memory leak in policydb_init()
    - ALSA: hda: Fix 1-minute detection delay when i915 module is not available
    - mm: vmscan: check if mem cgroup is disabled or not before calling memcg slab
      shrinker
    - mm: migrate: fix reference check race between __find_get_block() and
      migration
    - mm: compaction: avoid 100% CPU usage during compaction when a task is killed
    - ubsan: build ubsan.c more conservatively
    - mm/migrate.c: initialize pud_entry in migrate_vma()
    - loop: Fix mount(2) failure due to race with LOOP_SET_FD
    - s390/dasd: fix endless loop after read unit address configuration
    - cgroup: kselftest: relax fs_spec checks
    - parisc: Add archclean Makefile target
    - parisc: Strip debug info from kernel before creating compressed vmlinuz
    - parisc: Fix build of compressed kernel even with debug enabled
    - drivers/perf: arm_pmu: Fix failure path in PM notifier
    - arm64: compat: Allow single-byte watchpoints on all addresses
    - arm64: cpufeature: Fix feature comparison for CTR_EL0.{CWG,ERG}
    - io_uring: fix KASAN use after free in io_sq_wq_submit_work
    - clk: mediatek: mt8183: Register 13MHz clock earlier for clocksource
    - scsi: mpt3sas: Use 63-bit DMA addressing on SAS35 HBA
    - nbd: replace kill_bdev() with __invalidate_device() again
    - xen/swiotlb: fix condition for calling xen_destroy_contiguous_region()
    - xen/gntdev.c: Replace vm_map_pages() with vm_map_pages_zero()
    - RDMA/bnxt_re: Honor vlan_id in GID entry comparison
    - RDMA/devices: Do not deadlock during client removal
    - IB/mlx5: Fix unreg_umr to ignore the mkey state
    - IB/mlx5: Use direct mkey destroy command upon UMR unreg failure
    - IB/mlx5: Move MRs to a kernel PD when freeing them to the MR cache
    - IB/mlx5: Fix clean_mr() to work in the expected order
    - IB/mlx5: Fix RSS Toeplitz setup to be aligned with the HW specification
    - IB/hfi1: Check for error on call to alloc_rsm_map_table
    - IB/hfi1: Drop all TID RDMA READ RESP packets after r_next_psn
    - IB/hfi1: Field not zero-ed when allocating TID flow memory
    - drm/i915/perf: fix ICL perf register offsets
    - drm/i915/gvt: fix incorrect cache entry for guest page mapping
    - x86/cpufeatures: Carve out CQM features retrieval
    - x86/cpufeatures: Combine word 11 and 12 into a new scattered features word
    - x86/speculation: Prepare entry code for Spectre v1 swapgs mitigations
    - x86/speculation: Enable Spectre v1 swapgs mitigations
    - x86/entry/64: Use JMP instead of JMPQ
    - x86/speculation/swapgs: Exclude ATOMs from speculation through SWAPGS
    - Documentation: Add swapgs description to the Spectre v1 documentation
    - Linux 5.2.7
    - [Config] updateconfigs after v5.2.7 stable update

* Eoan update: v5.2.6 upstream stable release (LP: #1839587)
    - vsock: correct removal of socket from the list
    - ISDN: hfcsusb: checking idx of ep configuration
    - bpf: fix NULL deref in btf_type_is_resolve_source_only
    - media: au0828: fix null dereference in error path
    - ath10k: Change the warning message string
    - media: cpia2_usb: first wake up, then free in disconnect
    - media: pvrusb2: use a different format for warnings
    - NFS: Cleanup if nfs_match_client is interrupted
    - media: radio-raremono: change devm_k*alloc to k*alloc
    - xfrm: policy: fix bydst hlist corruption on hash rebuild
    - nvme: fix multipath crash when ANA is deactivated
    - Bluetooth: hci_uart: check for missing tty operations
    - sched/fair: Don't free p->numa_faults with concurrent readers
    - sched/fair: Use RCU accessors consistently for ->numa_group
    - /proc/<pid>/cmdline: remove all the special cases
    - /proc/<pid>/cmdline: add back the setproctitle() special case
    - drivers/pps/pps.c: clear offset flags in PPS_SETPARAMS ioctl
    - Fix allyesconfig output.
    - ceph: hold i_ceph_lock when removing caps for freeing inode
    - Linux 5.2.6

* Eoan update: v5.2.5 upstream stable release (LP: #1838539)
    - regulator: 88pm800: fix warning same module names
    - media: drivers: media: coda: fix warning same module names
    - btrfs: shut up bogus -Wmaybe-uninitialized warning
    - drm/lima: handle shared irq case for lima_pp_bcast_irq_handler
    - drm/panel: simple: Fix panel_simple_dsi_probe
    - iio: adc: stm32-dfsdm: manage the get_irq error case
    - iio: adc: stm32-dfsdm: missing error case during probe
    - drm/virtio: set seqno for dma-fence
    - staging: kpc2000: added missing clean-up to probe_core_uio.
    - ipmi_si: fix unexpected driver unregister warning
    - staging: vt6656: use meaningful error code during buffer allocation
    - drm/bochs: Fix connector leak during driver unload
    - usb: core: hub: Disable hub-initiated U1/U2
    - tty: max310x: Fix invalid baudrate divisors calculator
    - pinctrl: rockchip: fix leaked of_node references
    - tty: serial: cpm_uart - fix init when SMC is relocated
    - f2fs: fix to check layout on last valid checkpoint park
    - drm/msm/a6xx: Check for ERR or NULL before iounmap
    - ipmi_ssif: fix unexpected driver unregister warning
    - drm/amd/display: Fill prescale_params->scale for RGB565
    - drm/amd/display: fix multi display seamless boot case
    - drm/msm/a6xx: Avoid freeing gmu resources multiple times
    - drm/amd/display: Disable cursor when offscreen in negative direction
    - drm/amd/display: Fill plane attrs only for valid pxl format
    - drm/amdgpu: Reserve shared fence for eviction fence
    - f2fs: fix to avoid deadloop if data_flush is on
    - drm/amdgpu/sriov: Need to initialize the HDP_NONSURFACE_BAStE
    - drm/amd/display: Disable ABM before destroy ABM struct
    - drm/amdkfd: Fix a potential memory leak
    - drm/amdkfd: Fix sdma queue map issue
    - drm/edid: Fix a missing-check bug in drm_load_edid_firmware()
    - tools: PCI: Fix broken pcitest compilation
    - PCI: Return error if cannot probe VF
    - staging: kpc2000: report error status to spi core
    - drm/bridge: tc358767: read display_props in get_modes()
    - drm/bridge: sii902x: pixel clock unit is 10kHz instead of 1kHz
    - drm/amd/display: Reset planes for color management changes
    - drm/amd/display: CS_TFM_1D only applied post EOTF
    - drm/amd/display: Increase Backlight Gain Step Size
    - f2fs: Fix accounting for unusable blocks
    - f2fs: Lower threshold for disable_cp_again
    - gpu: host1x: Increase maximum DMA segment size
    - drm/crc-debugfs: User irqsafe spinlock in drm_crtc_add_crc_entry
    - drm/crc-debugfs: Also sprinkle irqrestore over early exits
    - drm/vkms: Forward timer right after drm_crtc_handle_vblank
    - i2c: nvidia-gpu: resume ccgx i2c client
    - mm/hmm: fix use after free with struct hmm in the mmu notifiers
    - drm/omap: don't check dispc timings for DSI
    - memstick: Fix error cleanup path of memstick_init
    - tty/serial: digicolor: Fix digicolor-usart already registered warning
    - tty: serial: msm_serial: avoid system lockup condition
    - serial: 8250: Fix TX interrupt handling condition
    - PCI: endpoint: Allocate enough space for fixed size BAR
    - drm/amd/display: Always allocate initial connector state state
    - drm/amd/display: Update link rate from DPCD 10
    - drm/virtio: Add memory barriers for capset cache.
    - drm/amd/display: set link->dongle_max_pix_clk to 0 on a disconnect
    - phy: renesas: rcar-gen2: Fix memory leak at error paths
    - drm/amd/display: fix compilation error
    - sunhv: Fix device naming inconsistency between sunhv_console and sunhv_reg
    - drm/bridge: tfp410: fix use of cancel_delayed_work_sync
    - powerpc/pseries/mobility: prevent cpu hotplug during DT update
    - dma-remap: Avoid de-referencing NULL atomic_pool
    - drm/rockchip: Properly adjust to a true clock in adjusted_mode
    - platform/x86: asus-wmi: Increase input buffer size of WMI methods
    - iio: adxl372: fix iio_triggered_buffer_{pre,post}enable positions
    - serial: imx: fix locking in set_termios()
    - serial: uartps: Use the same dynamic major number for all ports
    - tty: serial_core: Set port active bit in uart_port_activate
    - usb: gadget: Zero ffs_io_data
    - usb: dwc3: Fix core validation in probe, move after clocks are enabled
    - kvm: vmx: fix limit checking in get_vmx_mem_address()
    - mmc: sdhci: sdhci-pci-o2micro: Check if controller supports 8-bit width
    - KVM: nVMX: Intercept VMWRITEs to GUEST_{CS,SS}_AR_BYTES
    - kvm: vmx: segment limit check: use access length
    - drm/msm/adreno: Ensure that the zap shader region is big enough
    - powerpc/pci/of: Fix OF flags parsing for 64bit BARs
    - drm/msm: Depopulate platform on probe failure
    - serial: mctrl_gpio: Check if GPIO property exisits before requesting it
    - phy: renesas: rcar-gen3-usb2: fix imbalance powered flag
    - PCI: sysfs: Ignore lockdep for remove attribute
    - i2c: stm32f7: fix the get_irq error cases
    - kbuild: Add -Werror=unknown-warning-option to CLANG_FLAGS
    - genksyms: Teach parser about 128-bit built-in types
    - phy: meson-g12a-usb3-pcie: disable locking for cr_regmap
    - PCI: xilinx-nwl: Fix Multi MSI data programming
    - iio: iio-utils: Fix possible incorrect mask calculation
    - dt-bindings: backlight: lm3630a: correct schema validation
    - powerpc/cacheflush: fix variable set but not used
    - powerpc/xmon: Fix disabling tracing while in xmon
    - powerpc/rtas: retry when cpu offline races with suspend/migration
    - fixdep: check return value of printf() and putchar()
    - recordmcount: Fix spurious mcount entries on powerpc
    - mfd: cros_ec: Register cros_ec_lid_angle driver when presented
    - mfd: madera: Add missing of table registration
    - mfd: core: Set fwnode for created devices
    - mfd: arizona: Fix undefined behavior
    - mfd: hi655x-pmic: Fix missing return value check for
      devm_regmap_init_mmio_clk
    - mm/swap: fix release_pages() when releasing devmap pages
    - um: Silence lockdep complaint about mmap_sem
    - f2fs: fix is_idle() check for discard type
    - powerpc: silence a -Wcast-function-type warning in dawr_write_file_bool
    - powerpc/4xx/uic: clear pending interrupt after irq type/pol change
    - powerpc/mm: mark more tlb functions as __always_inline
    - RDMA/i40iw: Set queue pair state when being queried
    - serial: sh-sci: Terminate TX DMA during buffer flushing
    - serial: sh-sci: Fix TX DMA buffer flushing and workqueue races
    - IB/mlx5: Fixed reporting counters on 2nd port for Dual port RoCE
    - powerpc/mm: Handle page table allocation failures
    - IB/ipoib: Add child to parent list only if device initialized
    - arm64: assembler: Switch ESB-instruction with a vanilla nop if
      !ARM64_HAS_RAS
    - KVM: nVMX: Stash L1's CR3 in vmcs01.GUEST_CR3 on nested entry w/o EPT
    - PCI: mobiveil: Fix PCI base address in MEM/IO outbound windows
    - PCI: mobiveil: Fix the Class Code field
    - kallsyms: exclude kasan local symbols on s390
    - PCI: mobiveil: Initialize Primary/Secondary/Subordinate bus numbers
    - PCI: mobiveil: Use the 1st inbound window for MEM inbound transactions
    - perf test mmap-thread-lookup: Initialize variable to suppress memory
      sanitizer warning
    - perf stat: Fix use-after-freed pointer detected by the smatch tool
    - rseq/selftests: Fix Thumb mode build failure on arm32
    - perf top: Fix potential NULL pointer dereference detected by the smatch tool
    - perf trace: Fix potential NULL pointer dereference found by the smatch tool
    - perf session: Fix potential NULL pointer dereference found by the smatch
      tool
    - perf map: Fix potential NULL pointer dereference found by smatch tool
    - perf annotate: Fix dereferencing freed memory found by the smatch tool
    - perf hists browser: Fix potential NULL pointer dereference found by the
      smatch tool
    - RDMA/rxe: Fill in wc byte_len with IB_WC_RECV_RDMA_WITH_IMM
    - PCI: dwc: pci-dra7xx: Fix compilation when !CONFIG_GPIOLIB
    - perf intel-bts: Fix potential NULL pointer dereference found by the smatch
      tool
    - RDMA/core: Fix race when resolving IP address
    - nvme-pci: check for NULL return from pci_alloc_p2pmem()
    - nvme-pci: limit max_hw_sectors based on the DMA max mapping size
    - nvme-tcp: don't use sendpage for SLAB pages
    - io_uring: fix io_sq_thread_stop running in front of io_sq_thread
    - nvme-tcp: set the STABLE_WRITES flag when data digests are enabled
    - powerpc/irq: Don't WARN continuously in arch_local_irq_restore()
    - powerpc/boot: add {get, put}_unaligned_be32 to xz_config.h
    - block: init flush rq ref count to 1
    - rds: Accept peer connection reject messages due to incompatible version
    - f2fs: fix to avoid long latency during umount
    - f2fs: avoid out-of-range memory access
    - mailbox: handle failed named mailbox channel request
    - dlm: check if workqueues are NULL before flushing/destroying
    - powerpc/eeh: Handle hugepages in ioremap space
    - platform/x86: Fix PCENGINES_APU2 Kconfig warning
    - block/bio-integrity: fix a memory leak bug
    - nvme: fix NULL deref for fabrics options
    - sh: prevent warnings when using iounmap
    - mm/kmemleak.c: fix check for softirq context
    - 9p: pass the correct prototype to read_cache_page
    - mm/mincore.c: fix race between swapoff and mincore
    - mm/gup.c: mark undo_dev_pagemap as __maybe_unused
    - mm/gup.c: remove some BUG_ONs from get_gate_page()
    - memcg, fsnotify: no oom-kill for remote memcg charging
    - mm/mmu_notifier: use hlist_add_head_rcu()
    - proc: use down_read_killable mmap_sem for /proc/pid/smaps_rollup
    - proc: use down_read_killable mmap_sem for /proc/pid/pagemap
    - proc: use down_read_killable mmap_sem for /proc/pid/clear_refs
    - proc: use down_read_killable mmap_sem for /proc/pid/map_files
    - cxgb4: reduce kernel stack usage in cudbg_collect_mem_region()
    - proc: use down_read_killable mmap_sem for /proc/pid/maps
    - locking/lockdep: Fix lock used or unused stats error
    - mm: use down_read_killable for locking mmap_sem in access_remote_vm
    - mm, swap: fix race between swapoff and some swap operations
    - locking/lockdep: Hide unused 'class' variable
    - xhci: Fix crash if scatter gather is used with Immediate Data Transfer
      (IDT).
    - usb-storage: Add a limitation for blk_queue_max_hw_sectors()
    - usb: wusbcore: fix unbalanced get/put cluster_id
    - usb: pci-quirks: Correct AMD PLL quirk detection
    - Revert "usb: usb251xb: Add US lanes inversion dts-bindings"
    - Revert "usb: usb251xb: Add US port lanes inversion property"
    - usb: usb251xb: Reallow swap-dx-lanes to apply to the upstream port
    - KVM: X86: Fix fpu state crash in kvm guest
    - KVM: PPC: Book3S HV: Always save guest pmu for guest capable of nesting
    - KVM: PPC: Book3S HV: Save and restore guest visible PSSCR bits on pseries
    - KVM: PPC: Book3S HV: XIVE: fix rollback when kvmppc_xive_create fails
    - media: videodev2.h: change V4L2_PIX_FMT_BGRA444 define: fourcc was already
      in use
    - btrfs: inode: Don't compress if NODATASUM or NODATACOW set
    - selinux: check sidtab limit before adding a new entry
    - x86/sysfb_efi: Add quirks for some devices with swapped width and height
    - x86/speculation/mds: Apply more accurate check on hypervisor platform
    - x86/stacktrace: Prevent access_ok() warnings in arch_stack_walk_user()
    - binder: Set end of SG buffer area properly.
    - binder: prevent transactions to context manager from its own process.
    - fpga-manager: altera-ps-spi: Fix build error
    - mei: me: add mule creek canyon (EHL) device ids
    - eeprom: make older eeprom drivers select NVMEM_SYSFS
    - hpet: Fix division by zero in hpet_time_div()
    - drm/panel: Add support for Armadeus ST0700 Adapt
    - ALSA: ac97: Fix double free of ac97_codec_device
    - ALSA: pcm: Fix refcount_inc() on zero usage
    - ALSA: hda - Fix intermittent CORB/RIRB stall on Intel chips
    - powerpc/dma: Fix invalid DMA mmap behavior
    - powerpc/xive: Fix loop exit-condition in xive_find_target_in_mask()
    - powerpc/mm: Limit rma_size to 1TB when running without HV mode
    - powerpc/pmu: Set pmcregs_in_use in paca when running as LPAR
    - io_uring: fix the sequence comparison in io_sequence_defer
    - iommu/vt-d: Don't queue_iova() if there is no flush queue
    - iommu/iova: Remove stale cached32_node
    - iommu/iova: Fix compilation error with !CONFIG_IOMMU_IOVA
    - drivers/base: Introduce kill_device()
    - libnvdimm/bus: Prevent duplicate device_unregister() calls
    - libnvdimm/region: Register badblocks before namespaces
    - libnvdimm/bus: Stop holding nvdimm_bus_list_mutex over __nd_ioctl()
    - structleak: disable STRUCTLEAK_BYREF in combination with KASAN_STACK
    - drm/i915: Make the semaphore saturation mask global
    - access: avoid the RCU grace period for the temporary subjective credentials
    - io_uring: add a memory barrier before atomic_read
    - io_uring: ensure ->list is initialized for poll commands
    - io_uring: fix counter inc/dec mismatch in async_list
    - io_uring: don't use iov_iter_advance() for fixed buffers
    - Linux 5.2.5
    - [Config] updateconfigs after v5.2.5 stable update

* Line 6 POD HD500 driver fault (LP: #1790595) // Eoan update: v5.2.5 upstream
    stable release (LP: #1838539)
    - ALSA: line6: Fix wrong altsetting for LINE6_PODHD500_1

* bcache: bch_allocator_thread(): hung task timeout (LP: #1784665) // Tight
    timeout for bcache removal causes spurious failures (LP: #1796292)
    - SAUCE: bcache: fix deadlock in bcache_allocator

* Regressions in CMA allocation rework (LP: #1839395)
    - dma-contiguous: do not overwrite align in dma_alloc_contiguous()
    - dma-contiguous: page-align the size in dma_free_contiguous()

* please backport upstream patch to kernel 5.2 (LP: #1839154)
    - netfilter: nf_tables: fix module autoload for redir

* shiftfs: allow overlayfs (LP: #1838677)
    - SAUCE: shiftfs: enable overlayfs on shiftfs

* Miscellaneous Ubuntu changes
    - update dkms package versions

-- Seth Forshee <seth.forshee@canonical.com>  Thu, 15 Aug 2019 08:35:06 -0500

Changed in linux (Ubuntu Eoan):
status:	Fix Committed → Fix Released

Kleber Sacilotto de Souza (kleber-souza) on 2019-09-03

Changed in linux (Ubuntu Bionic):
status:	In Progress → Fix Committed
Changed in linux (Ubuntu Disco):
status:	In Progress → Fix Committed

Revision history for this message

Ubuntu Kernel Bot (ubuntu-kernel-bot) wrote on 2019-09-06:

This bug is awaiting verification that the kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-disco' to 'verification-done-disco'. If the problem still exists, change the tag 'verification-needed-disco' to 'verification-failed-disco'.

If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you!

tags:

added: verification-needed-disco

Revision history for this message

Ubuntu Kernel Bot (ubuntu-kernel-bot) wrote on 2019-09-11:

This bug is awaiting verification that the kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-bionic' to 'verification-done-bionic'. If the problem still exists, change the tag 'verification-needed-bionic' to 'verification-failed-bionic'.

If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you!

tags:

added: verification-needed-bionic

Revision history for this message

Launchpad Janitor (janitor) wrote on 2019-09-30:

Download full text (20.2 KiB)

This bug was fixed in the package linux - 4.15.0-65.74

---------------
linux (4.15.0-65.74) bionic; urgency=medium

* bionic/linux: 4.15.0-65.74 -proposed tracker (LP: #1844403)

  * arm64: large modules fail to load (LP: #1841109)
    - arm64/kernel: kaslr: reduce module randomization range to 4 GB
    - arm64/kernel: don't ban ADRP to work around Cortex-A53 erratum #843419
    - arm64: fix undefined reference to 'printk'
    - arm64/kernel: rename module_emit_adrp_veneer->module_emit_veneer_for_adrp
    - [config] Remove CONFIG_ARM64_MODULE_CMODEL_LARGE

* CVE-2018-20976
- xfs: clear sb->s_fs_info on mount failure

  * br_netfilter: namespace sysctl operations (LP: #1836910)
    - net: bridge: add bitfield for options and convert vlan opts
    - net: bridge: convert nf call options to bits
    - netfilter: bridge: port sysctls to use brnf_net
    - netfilter: bridge: namespace bridge netfilter sysctls
    - netfilter: bridge: prevent UAF in brnf_exit_net()

* tuntap: correctly set SOCKWQ_ASYNC_NOSPACE (LP: #1830756)
- tuntap: correctly set SOCKWQ_ASYNC_NOSPACE

This bug was fixed in the package linux - 4.15.0-65.74

---------------
linux (4.15.0-65.74) bionic; urgency=medium

* bionic/linux: 4.15.0-65.74 -proposed tracker (LP: #1844403)

* CVE-2018-20976
    - xfs: clear sb->s_fs_info on mount failure

* tuntap: correctly set SOCKWQ_ASYNC_NOSPACE (LP: #1830756)
    - tuntap: correctly set SOCKWQ_ASYNC_NOSPACE

* Bionic update: upstream stable patchset 2019-08-30 (LP: #1842114)
    - HID: Add 044f:b320 ThrustMaster, Inc. 2 in 1 DT
    - MIPS: kernel: only use i8253 clocksource with periodic clockevent
    - mips: fix cacheinfo
    - netfilter: ebtables: fix a memory leak bug in compat
    - ASoC: dapm: Fix handling of custom_stop_condition on DAPM graph walks
    - bonding: Force slave speed check after link state recovery for 802.3ad
    - can: dev: call netif_carrier_off() in register_candev()
    - ASoC: Fail card instantiation if DAI format setup fails
    - st21nfca_connectivity_event_received: null check the allocation
    - st_nci_hci_connectivity_event_received: null check the allocation
    - ASoC: ti: davinci-mcasp: Correct slot_width posed constraint
    - net: usb: qmi_wwan: Add the BroadMobi BM818 card
    - qed: RDMA - Fix the hw_ver returned in device attributes
    - isdn: mISDN: hfcsusb: Fix possible null-pointer dereferences in
      start_isoc_chain()
    - netfilter: ipset: Fix rename concurrency with listing
    - isdn: hfcsusb: Fix mISDN driver crash caused by transfer buffer on the stack
    - perf bench numa: Fix cpu0 binding
    - can: sja1000: force the string buffer NULL-terminated
    - can: peak_usb: force the string buffer NULL-terminated
    - net/ethernet/qlogic/qed: force the string buffer NULL-terminated
    - NFSv4: Fix a potential sleep while atomic in nfs4_do_reclaim()
    - HID: input: fix a4tech horizontal wheel custom usage
    - SMB3: Kernel oops mounting a encryptData share with CONFIG_DEBUG_VIRTUAL
    - net: cxgb3_main: Fix a resource leak in a error path in 'init_one()'
    - net: hisilicon: make hip04_tx_reclaim non-reentrant
    - net: hisilicon: fix hip04-xmit never return TX_BUSY
    - net: hisilicon: Fix dma_map_single failed on arm64
    - libata: have ata_scsi_rw_xlat() fail invalid passthrough requests
    - libata: add SG safety checks in SFF pio transfers
    - x86/lib/cpu: Address missing prototypes warning
    - drm/vmwgfx: fix memory leak when too many retries have occurred
    - perf ftrace: Fix failure to set cpumask when only one cpu is present
    - perf cpumap: Fix writing to illegal memory in handling cpumap mask
    - perf pmu-events: Fix missing "cpu_clk_unhalted.core" event
    - selftests: kvm: Adding config fragments
    - HID: wacom: correct misreported EKR ring values
    - HID: wacom: Correct distance scale for 2nd-gen Intuos devices
    - Revert "dm bufio: fix deadlock with loop device"
    - ceph: don't try fill file_lock on unsuccessful GETFILELOCK reply
    - libceph: fix PG split vs OSD (re)connect race
    - drm/nouveau: Don't retry infinitely when receiving no data on i2c over AUX
    - gpiolib: never report open-drain/source lines as 'input' to user-space
    - userfaultfd_release: always remove uffd flags and clear vm_userfaultfd_ctx
    - x86/retpoline: Don't clobber RFLAGS during CALL_NOSPEC on i386
    - x86/apic: Handle missing global clockevent gracefully
    - x86/CPU/AMD: Clear RDRAND CPUID bit on AMD family 15h/16h
    - x86/boot: Save fields explicitly, zero out everything else
    - x86/boot: Fix boot regression caused by bootparam sanitizing
    - dm kcopyd: always complete failed jobs
    - dm btree: fix order of block initialization in btree_split_beneath
    - dm space map metadata: fix missing store of apply_bops() return value
    - dm table: fix invalid memory accesses with too high sector number
    - dm zoned: improve error handling in reclaim
    - dm zoned: improve error handling in i/o map code
    - dm zoned: properly handle backing device failure
    - genirq: Properly pair kobject_del() with kobject_add()
    - mm, page_owner: handle THP splits correctly
    - mm/zsmalloc.c: migration can leave pages in ZS_EMPTY indefinitely
    - mm/zsmalloc.c: fix race condition in zs_destroy_pool
    - xfs: fix missing ILOCK unlock when xfs_setattr_nonsize fails due to EDQUOT
    - dm zoned: fix potential NULL dereference in dmz_do_reclaim()
    - powerpc: Allow flush_(inval_)dcache_range to work across ranges >4GB
    - can: mcp251x: add error check when wq alloc failed
    - netfilter: ipset: Actually allow destination MAC address for hash:ip,mac
      sets too
    - netfilter: ipset: Copy the right MAC address in bitmap:ip,mac and
      hash:ip,mac sets
    - rxrpc: Fix the lack of notification when sendmsg() fails on a DATA packet
    - net: phy: phy_led_triggers: Fix a possible null-pointer dereference in
      phy_led_trigger_change_speed()
    - NFS: Fix regression whereby fscache errors are appearing on 'nofsc' mounts
    - net: stmmac: Fix issues when number of Queues >= 4
    - KVM: arm64: Don't write junk to sysregs on reset
    - KVM: arm: Don't write junk to CP15 registers on reset
    - xfs: don't trip over uninitialized buffer on extent read of corrupted inode
    - xfs: Move fs/xfs/xfs_attr.h to fs/xfs/libxfs/xfs_attr.h
    - xfs: Add helper function xfs_attr_try_sf_addname
    - xfs: Add attibute remove and helper functions

* Bionic update: upstream stable patchset 2019-08-27 (LP: #1841652)
    - sh: kernel: hw_breakpoint: Fix missing break in switch statement
    - mm/usercopy: use memory range to be accessed for wraparound check
    - mm/memcontrol.c: fix use after free in mem_cgroup_iter()
    - bpf: get rid of pure_initcall dependency to enable jits
    - bpf: restrict access to core bpf sysctls
    - bpf: add bpf_jit_limit knob to restrict unpriv allocations
    - xtensa: add missing isync to the cpu_reset TLB code
    - ALSA: hda - Apply workaround for another AMD chip 1022:1487
    - ALSA: hda - Fix a memory leak bug
    - HID: holtek: test for sanity of intfdata
    - HID: hiddev: avoid opening a disconnected device
    - HID: hiddev: do cleanup in failure of opening a device
    - Input: kbtab - sanity check for endpoint type
    - Input: iforce - add sanity checks
    - net: usb: pegasus: fix improper read if get_registers() fail
    - netfilter: ebtables: also count base chain policies
    - clk: at91: generated: Truncate divisor to GENERATED_MAX_DIV + 1
    - clk: renesas: cpg-mssr: Fix reset control race condition
    - xen/pciback: remove set but not used variable 'old_state'
    - irqchip/gic-v3-its: Free unused vpt_page when alloc vpe table fail
    - irqchip/irq-imx-gpcv2: Forward irq type to parent
    - perf header: Fix divide by zero error if f_header.attr_size==0
    - perf header: Fix use of unitialized value warning
    - libata: zpodd: Fix small read overflow in zpodd_get_mech_type()
    - drm/bridge: lvds-encoder: Fix build error while CONFIG_DRM_KMS_HELPER=m
    - scsi: hpsa: correct scsi command status issue after reset
    - scsi: qla2xxx: Fix possible fcport null-pointer dereferences
    - ata: libahci: do not complain in case of deferred probe
    - kbuild: modpost: handle KBUILD_EXTRA_SYMBOLS only for external modules
    - arm64/efi: fix variable 'si' set but not used
    - arm64: unwind: Prohibit probing on return_address()
    - arm64/mm: fix variable 'pud' set but not used
    - IB/core: Add mitigation for Spectre V1
    - IB/mad: Fix use-after-free in ib mad completion handling
    - drm: msm: Fix add_gpu_components
    - ocfs2: remove set but not used variable 'last_hash'
    - asm-generic: fix -Wtype-limits compiler warnings
    - KVM: arm/arm64: Sync ICH_VMCR_EL2 back when about to block
    - staging: comedi: dt3000: Fix signed integer overflow 'divider * base'
    - staging: comedi: dt3000: Fix rounding up of timer divisor
    - iio: adc: max9611: Fix temperature reading in probe
    - USB: core: Fix races in character device registration and deregistraion
    - usb: gadget: udc: renesas_usb3: Fix sysfs interface of "role"
    - usb: cdc-acm: make sure a refcount is taken early enough
    - USB: CDC: fix sanity checks in CDC union parser
    - USB: serial: option: add D-Link DWM-222 device ID
    - USB: serial: option: Add support for ZTE MF871A
    - USB: serial: option: add the BroadMobi BM818 card
    - USB: serial: option: Add Motorola modem UARTs
    - bpf: fix bpf_jit_limit knob for PAGE_SIZE >= 64K
    - arm64: ftrace: Ensure module ftrace trampoline is coherent with I-side
    - netfilter: conntrack: Use consistent ct id hash calculation
    - Input: psmouse - fix build error of multiple definition
    - iommu/amd: Move iommu_init_pci() to .init section
    - bnx2x: Fix VF's VLAN reconfiguration in reload.
    - net/mlx4_en: fix a memory leak bug
    - net/packet: fix race in tpacket_snd()
    - sctp: fix the transport error_count check
    - xen/netback: Reset nr_frags before freeing skb
    - net/mlx5e: Only support tx/rx pause setting for port owner
    - net/mlx5e: Use flow keys dissector to parse packets for ARFS
    - team: Add vlan tx offload to hw_enc_features
    - bonding: Add vlan tx offload to hw_enc_features
    - mmc: sdhci-of-arasan: Do now show error message in case of deffered probe
    - xfrm: policy: remove pcpu policy cache
    - mm/hmm: fix bad subpage pointer in try_to_unmap_one
    - mm: mempolicy: make the behavior consistent when MPOL_MF_MOVE* and
      MPOL_MF_STRICT were specified
    - mm: mempolicy: handle vma with unmovable pages mapped correctly in mbind
    - riscv: Make __fstate_clean() work correctly.
    - Revert "kmemleak: allow to coexist with fault injection"
    - sctp: fix memleak in sctp_send_reset_streams

* Bionic update: upstream stable patchset 2019-08-16 (LP: #1840520)
    - iio: adc: max9611: Fix misuse of GENMASK macro
    - crypto: ccp - Fix oops by properly managing allocated structures
    - crypto: ccp - Ignore tag length when decrypting GCM ciphertext
    - usb: usbfs: fix double-free of usb memory upon submiturb error
    - usb: iowarrior: fix deadlock on disconnect
    - sound: fix a memory leak bug
    - mmc: cavium: Set the correct dma max segment size for mmc_host
    - mmc: cavium: Add the missing dma unmap when the dma has finished.
    - loop: set PF_MEMALLOC_NOIO for the worker thread
    - Input: synaptics - enable RMI mode for HP Spectre X360
    - lkdtm: support llvm-objcopy
    - crypto: ccp - Validate buffer lengths for copy operations
    - crypto: ccp - Add support for valid authsize values less than 16
    - perf annotate: Fix s390 gap between kernel end and module start
    - perf db-export: Fix thread__exec_comm()
    - perf record: Fix module size on s390
    - usb: host: xhci-rcar: Fix timeout in xhci_suspend()
    - usb: yurex: Fix use-after-free in yurex_delete
    - can: rcar_canfd: fix possible IRQ storm on high load
    - can: peak_usb: fix potential double kfree_skb()
    - netfilter: nfnetlink: avoid deadlock due to synchronous request_module
    - vfio-ccw: Set pa_nr to 0 if memory allocation fails for pa_iova_pfn
    - netfilter: Fix rpfilter dropping vrf packets by mistake
    - netfilter: nft_hash: fix symhash with modulus one
    - scripts/sphinx-pre-install: fix script for RHEL/CentOS
    - iscsi_ibft: make ISCSI_IBFT dependson ACPI instead of ISCSI_IBFT_FIND
    - mac80211: don't warn about CW params when not using them
    - hwmon: (nct6775) Fix register address and added missed tolerance for nct6106
    - drm: silence variable 'conn' set but not used
    - cpufreq/pasemi: fix use-after-free in pas_cpufreq_cpu_init()
    - s390/qdio: add sanity checks to the fast-requeue path
    - ALSA: compress: Fix regression on compressed capture streams
    - ALSA: compress: Prevent bypasses of set_params
    - ALSA: compress: Don't allow paritial drain operations on capture streams
    - ALSA: compress: Be more restrictive about when a drain is allowed
    - perf tools: Fix proper buffer size for feature processing
    - perf probe: Avoid calling freeing routine multiple times for same pointer
    - drbd: dynamically allocate shash descriptor
    - ACPI/IORT: Fix off-by-one check in iort_dev_find_its_id()
    - ARM: davinci: fix sleep.S build error on ARMv4
    - scsi: megaraid_sas: fix panic on loading firmware crashdump
    - scsi: ibmvfc: fix WARN_ON during event pool release
    - scsi: scsi_dh_alua: always use a 2 second delay before retrying RTPG
    - test_firmware: fix a memory leak bug
    - tty/ldsem, locking/rwsem: Add missing ACQUIRE to read_failed sleep loop
    - perf/core: Fix creating kernel counters for PMUs that override event->cpu
    - HID: sony: Fix race condition between rumble and device remove.
    - can: peak_usb: pcan_usb_pro: Fix info-leaks to USB devices
    - can: peak_usb: pcan_usb_fd: Fix info-leaks to USB devices
    - hwmon: (nct7802) Fix wrong detection of in4 presence
    - drm/i915: Fix wrong escape clock divisor init for GLK
    - ALSA: firewire: fix a memory leak bug
    - ALSA: hda - Don't override global PCM hw info flag
    - ALSA: hda - Workaround for crackled sound on AMD controller (1022:1457)
    - mac80211: don't WARN on short WMM parameters from AP
    - SMB3: Fix deadlock in validate negotiate hits reconnect
    - smb3: send CAP_DFS capability during session setup
    - NFSv4: Only pass the delegation to setattr if we're sending a truncate
    - NFSv4: Fix an Oops in nfs4_do_setattr
    - KVM: Fix leak vCPU's VMCS value into other pCPU
    - mwifiex: fix 802.11n/WPA detection
    - iwlwifi: don't unmap as page memory that was mapped as single
    - iwlwifi: mvm: fix an out-of-bound access
    - iwlwifi: mvm: don't send GEO_TX_POWER_LIMIT on version < 41
    - iwlwifi: mvm: fix version check for GEO_TX_POWER_LIMIT support
    - iio: cros_ec_accel_legacy: Fix incorrect channel setting
    - staging: android: ion: Bail out upon SIGKILL when allocating memory.
    - x86/purgatory: Use CFLAGS_REMOVE rather than reset KBUILD_CFLAGS
    - usb: typec: tcpm: free log buf memory when remove debug file
    - usb: typec: tcpm: remove tcpm dir if no children
    - usb: typec: tcpm: Add NULL check before dereferencing config
    - netfilter: conntrack: always store window size un-scaled
    - drm/amd/display: Wait for backlight programming completion in set backlight
      level
    - drm/amd/display: use encoder's engine id to find matched free audio device
    - drm/amd/display: Fix dc_create failure handling and 666 color depths
    - drm/amd/display: Only enable audio if speaker allocation exists
    - drm/amd/display: Increase size of audios array
    - allocate_flower_entry: should check for null deref
    - s390/dma: provide proper ARCH_ZONE_DMA_BITS value
    - ALSA: hiface: fix multiple memory leak bugs

* Bionic update: upstream stable patchset 2019-08-15 (LP: #1840378)
    - scsi: fcoe: Embed fc_rport_priv in fcoe_rport structure
    - ARM: dts: Add pinmuxing for i2c2 and i2c3 for LogicPD SOM-LV
    - ARM: dts: Add pinmuxing for i2c2 and i2c3 for LogicPD torpedo
    - HID: wacom: fix bit shift for Cintiq Companion 2
    - HID: Add quirk for HP X1200 PIXART OEM mouse
    - RDMA: Directly cast the sockaddr union to sockaddr
    - IB: directly cast the sockaddr union to aockaddr
    - atm: iphase: Fix Spectre v1 vulnerability
    - ife: error out when nla attributes are empty
    - ip6_tunnel: fix possible use-after-free on xmit
    - net: bridge: delete local fdb on device init failure
    - net: bridge: mcast: don't delete permanent entries when fast leave is
      enabled
    - net: fix ifindex collision during namespace removal
    - net/mlx5: Use reversed order when unregister devices
    - net: phylink: Fix flow control for fixed-link
    - net: sched: Fix a possible null-pointer dereference in dequeue_func()
    - NFC: nfcmrvl: fix gpio-handling regression
    - tipc: compat: allow tipc commands without arguments
    - compat_ioctl: pppoe: fix PPPOEIOCSFWD handling
    - net/mlx5e: Prevent encap flow counter update async to user query
    - tun: mark small packets as owned by the tap sock
    - mvpp2: refactor MTU change code
    - bnx2x: Disable multi-cos feature.
    - cgroup: Call cgroup_release() before __exit_signal()
    - cgroup: Implement css_task_iter_skip()
    - cgroup: Include dying leaders with live threads in PROCS iterations
    - cgroup: css_task_iter_skip()'d iterators must be advanced before accessed
    - cgroup: Fix css_task_iter_advance_css_set() cset skip condition
    - spi: bcm2835: Fix 3-wire mode if DMA is enabled
    - driver core: Establish order of operations for device_add and device_del via
      bitflag
    - drivers/base: Introduce kill_device()
    - libnvdimm/bus: Prevent duplicate device_unregister() calls
    - libnvdimm/region: Register badblocks before namespaces
    - libnvdimm/bus: Prepare the nd_ioctl() path to be re-entrant
    - libnvdimm/bus: Fix wait_nvdimm_bus_probe_idle() ABBA deadlock
    - ipip: validate header length in ipip_tunnel_xmit
    - mvpp2: fix panic on module removal
    - net/mlx5: Fix modify_cq_in alignment
    - r8169: don't use MSI before RTL8168d

* VIMC module not available (CONFIG_VIDEO_VIMC not set) (LP: #1831482)
    - [Config] Enable VIMC module

* reboot will introduce an alarm 'beep ...' during BIOS phase (LP: #1840395)
    - ALSA: hda - Let all conexant codec enter D3 when rebooting
    - ALSA: hda - Add a generic reboot_notify

* Include Sunix serial/parallel driver (LP: #1826716)
    - serial: 8250_pci: Add support for Sunix serial boards
    - parport: parport_serial: Add support for Sunix Multi I/O boards

* Intel HDMI audio print "Unable to sync register" errors (LP: #1840394)
    - ALSA: hda - Don't resume forcibly i915 HDMI/DP codec

* Support cpufreq, thermal sensors & cooling cells on iMX6Q based Nitrogen6x
    board (LP: #1840437)
    - arm: imx: Add MODULE_ALIAS for cpufreq
    - ARM: dts: imx: Add missing OPP properties for CPUs
    - ARM: dts: imx7d: use operating-points-v2 for cpu
    - ARM: dts: imx7d: remove "operating-points" property for cpu1
    - ARM: dts: imx: add cooling-cells for cpufreq cooling device
    - ARM: dts: imx6: add thermal sensor and cooling cells

* hns3: ring buffer race leads can cause corruption (LP: #1840717)
    - net: hns3: minor optimization for ring_space
    - net: hns3: fix data race between ring->next_to_clean
    - net: hns3: optimize the barrier using when cleaning TX BD

* Bionic build broken if CONFIG_MODVERSIONS enabled (LP: #1840321)
    - Revert "genksyms: Teach parser about 128-bit built-in types"

* [bionic] drm/i915: softpin broken, needs to be fixed for 32bit mesa
    (LP: #1815172)
    - SAUCE: drm/i915: Partially revert d6edad3777c28ea

* Goodix touchpad may drop first input event (LP: #1840075)
    - mfd: intel-lpss: Remove D3cold delay

* NULL pointer dereference when Inserting the VIMC module (LP: #1840028)
    - media: vimc: fix component match compare

* Fix touchpad IRQ storm after S3 (LP: #1841396)
    - pinctrl: intel: remap the pin number to gpio offset for irq enabled pin

* [SRU][B/OEM-B/OEM-OSP1/D] UBUNTU: SAUCE: enable middle button for one more
    ThinkPad (LP: #1841722)
    - SAUCE: Input: elantech - enable middle button for one more ThinkPad

* Test 391/u and 391/p from ubuntu_bpf failed on B (LP: #1841704)
    - SAUCE: Fix "bpf: improve verifier branch analysis"

* crypto/testmgr.o fails to build due to struct cipher_testvec not having data
    members: ctext, ptext, len (LP: #1841264)
    - SAUCE: Revert "crypto: testmgr - add AES-CFB tests"

* Bionic QEMU with Bionic Kernel hangs in AMD FX-8350 with cpu-host as
    passthrough (LP: #1834522)
    - KVM: SVM: install RSM intercept
    - KVM: x86: SVM: Set EMULTYPE_NO_REEXECUTE for RSM emulation

-- Kleber Sacilotto de Souza <kleber.souza@canonical.com>  Tue, 17 Sep 2019 18:12:26 +0200

Changed in linux (Ubuntu Bionic):
status:	Fix Committed → Fix Released

Revision history for this message

Launchpad Janitor (janitor) wrote on 2019-10-04:

#10

Download full text (126.4 KiB)

This bug was fixed in the package linux - 5.0.0-31.33

---------------
linux (5.0.0-31.33) disco; urgency=medium

* disco/linux: 5.0.0-31.33 -proposed tracker (LP: #1846026)

* Packaging resync (LP: #1786013)
- [Packaging] update helper scripts

  * /proc/self/maps paths missing on live session (was vlc won't start; eoan
    19.10 & bionic 18.04 ubuntu/lubuntu/kubuntu/xubuntu/ubuntu-mate dailies)
    (LP: #1842382)
    - SAUCE: Revert "UBUNTU: SAUCE: shiftfs: enable overlayfs on shiftfs"

linux (5.0.0-30.32) disco; urgency=medium

* disco/linux: 5.0.0-30.32 -proposed tracker (LP: #1844362)

This bug was fixed in the package linux - 5.0.0-31.33

---------------
linux (5.0.0-31.33) disco; urgency=medium

* disco/linux: 5.0.0-31.33 -proposed tracker (LP: #1846026)

* Packaging resync (LP: #1786013)
    - [Packaging] update helper scripts

linux (5.0.0-30.32) disco; urgency=medium

* disco/linux: 5.0.0-30.32 -proposed tracker (LP: #1844362)

* Disco update: upstream stable patchset 2019-08-20 (LP: #1840846)
    - Revert "e1000e: fix cyclic resets at link up with active tx"
    - e1000e: start network tx queue only when link is up
    - Input: synaptics - enable SMBUS on T480 thinkpad trackpad
    - nilfs2: do not use unexported cpu_to_le32()/le32_to_cpu() in uapi header
    - drivers: base: cacheinfo: Ensure cpu hotplug work is done before Intel RDT
    - firmware: improve LSM/IMA security behaviour
    - irqchip/gic-v3-its: Fix command queue pointer comparison bug
    - clk: ti: clkctrl: Fix returning uninitialized data
    - efi/bgrt: Drop BGRT status field reserved bits check
    - perf/core: Fix perf_sample_regs_user() mm check
    - ARM: dts: gemini Fix up DNS-313 compatible string
    - ARM: omap2: remove incorrect __init annotation
    - afs: Fix uninitialised spinlock afs_volume::cb_break_lock
    - x86/apic: Fix integer overflow on 10 bit left shift of cpu_khz
    - be2net: fix link failure after ethtool offline test
    - ppp: mppe: Add softdep to arc4
    - sis900: fix TX completion
    - ARM: dts: imx6ul: fix PWM[1-4] interrupts
    - pinctrl: mcp23s08: Fix add_data and irqchip_add_nested call order
    - dm table: don't copy from a NULL pointer in realloc_argv()
    - dm verity: use message limit for data block corruption message
    - x86/boot/64: Fix crash if kernel image crosses page table boundary
    - x86/boot/64: Add missing fixup_pointer() for next_early_pgt access
    - HID: chicony: add another quirk for PixArt mouse
    - pinctrl: mediatek: Ignore interrupts that are wake only during resume
    - cpu/hotplug: Fix out-of-bounds read when setting fail state
    - pinctrl: mediatek: Update cur_mask in mask/mask ops
    - linux/kernel.h: fix overflow for DIV_ROUND_UP_ULL
    - genirq: Delay deactivation in free_irq()
    - genirq: Fix misleading synchronize_irq() documentation
    - genirq: Add optional hardware synchronization for shutdown
    - x86/ioapic: Implement irq_get_irqchip_state() callback
    - x86/irq: Handle spurious interrupt after shutdown gracefully
    - x86/irq: Seperate unused system vectors from spurious entry again
    - ARC: hide unused function unw_hdr_alloc
    - s390: fix stfle zero padding
    - s390/qdio: (re-)initialize tiqdio list entries
    - s390/qdio: don't touch the dsci in tiqdio_add_input_queues()
    - crypto: talitos - move struct talitos_edesc into talitos.h
    - crypto: talitos - fix hash on SEC1.
    - crypto/NX: Set receive window credits to max number of CRBs in RxFIFO
    - drm/udl: introduce a macro to convert dev to udl.
    - drm/udl: move to embedding drm device inside udl device.
    - x86/entry/32: Fix ENDPROC of common_spurious
    - irqchip/irq-csky-mpintc: Support auto irq deliver to all cpus
    - arm64: dts: ls1028a: Fix CPU idle fail.
    - selftests/powerpc: Add test of fork with mapping above 512TB
    - x86/efi: fix a -Wtype-limits compilation warning
    - pinctrl: ocelot: fix gpio direction for pins after 31
    - pinctrl: ocelot: fix pinmuxing for pins after 31
    - mm/oom_kill.c: fix uninitialized oc->constraint
    - fork,memcg: alloc_thread_stack_node needs to set tsk->stack
    - MIPS: ath79: fix ar933x uart parity mode
    - MIPS: fix build on non-linux hosts
    - arm64/efi: Mark __efistub_stext_offset as an absolute symbol explicitly
    - scsi: iscsi: set auth_protocol back to NULL if CHAP_A value is not supported
    - dmaengine: imx-sdma: fix use-after-free on probe error path
    - wil6210: fix potential out-of-bounds read
    - ath10k: Do not send probe response template for mesh
    - ath9k: Check for errors when reading SREV register
    - ath6kl: add some bounds checking
    - ath10k: add peer id check in ath10k_peer_find_by_id
    - wil6210: fix spurious interrupts in 3-msi
    - ath: DFS JP domain W56 fixed pulse type 3 RADAR detection
    - regmap: debugfs: Fix memory leak in regmap_debugfs_init
    - batman-adv: fix for leaked TVLV handler.
    - media: dvb: usb: fix use after free in dvb_usb_device_exit
    - media: spi: IR LED: add missing of table registration
    - crypto: talitos - fix skcipher failure due to wrong output IV
    - media: ov7740: avoid invalid framesize setting
    - media: marvell-ccic: fix DMA s/g desc number calculation
    - media: vpss: fix a potential NULL pointer dereference
    - media: media_device_enum_links32: clean a reserved field
    - net: stmmac: dwmac1000: Clear unused address entries
    - net: stmmac: dwmac4/5: Clear unused address entries
    - qed: Set the doorbell address correctly
    - signal/pid_namespace: Fix reboot_pid_ns to use send_sig not force_sig
    - af_key: fix leaks in key_pol_get_resp and dump_sp.
    - xfrm: Fix xfrm sel prefix length validation
    - fscrypt: clean up some BUG_ON()s in block encryption/decryption
    - perf annotate TUI browser: Do not use member from variable within its own
      initialization
    - media: mc-device.c: don't memset __user pointer contents
    - media: saa7164: fix remove_proc_entry warning
    - media: staging: media: davinci_vpfe: - Fix for memory leak if decoder
      initialization fails.
    - net: phy: Check against net_device being NULL
    - crypto: talitos - properly handle split ICV.
    - crypto: talitos - Align SEC1 accesses to 32 bits boundaries.
    - tua6100: Avoid build warnings.
    - batman-adv: Fix duplicated OGMs on NETDEV_UP
    - locking/lockdep: Fix merging of hlocks with non-zero references
    - media: wl128x: Fix some error handling in fm_v4l2_init_video_device()
    - cpupower : frequency-set -r option misses the last cpu in related cpu list
    - arm64: mm: make CONFIG_ZONE_DMA32 configurable
    - perf jvmti: Address gcc string overflow warning for strncpy()
    - net: stmmac: dwmac4: fix flow control issue
    - net: stmmac: modify default value of tx-frames
    - crypto: inside-secure - do not rely on the hardware last bit for result
      descriptors
    - net: fec: Do not use netdev messages too early
    - net: axienet: Fix race condition causing TX hang
    - s390/qdio: handle PENDING state for QEBSM devices
    - RAS/CEC: Fix pfn insertion
    - net: sfp: add mutex to prevent concurrent state checks
    - ipset: Fix memory accounting for hash types on resize
    - perf cs-etm: Properly set the value of 'old' and 'head' in snapshot mode
    - perf test 6: Fix missing kvm module load for s390
    - perf report: Fix OOM error in TUI mode on s390
    - irqchip/meson-gpio: Add support for Meson-G12A SoC
    - media: uvcvideo: Fix access to uninitialized fields on probe error
    - media: fdp1: Support M3N and E3 platforms
    - iommu: Fix a leak in iommu_insert_resv_region
    - gpio: omap: fix lack of irqstatus_raw0 for OMAP4
    - gpio: omap: ensure irq is enabled before wakeup
    - regmap: fix bulk writes on paged registers
    - bpf: silence warning messages in core
    - media: s5p-mfc: fix reading min scratch buffer size on MFC v6/v7
    - selinux: fix empty write to keycreate file
    - x86/cpu: Add Ice Lake NNPI to Intel family
    - ASoC: meson: axg-tdm: fix sample clock inversion
    - rcu: Force inlining of rcu_read_lock()
    - x86/cpufeatures: Add FDP_EXCPTN_ONLY and ZERO_FCS_FDS
    - qed: iWARP - Fix tc for MPA ll2 connection
    - block: null_blk: fix race condition for null_del_dev
    - blkcg, writeback: dead memcgs shouldn't contribute to writeback ownership
      arbitration
    - xfrm: fix sa selector validation
    - sched/core: Add __sched tag for io_schedule()
    - sched/fair: Fix "runnable_avg_yN_inv" not used warnings
    - perf/x86/intel/uncore: Handle invalid event coding for free-running counter
    - x86/atomic: Fix smp_mb__{before,after}_atomic()
    - perf evsel: Make perf_evsel__name() accept a NULL argument
    - vhost_net: disable zerocopy by default
    - ipoib: correcly show a VF hardware address
    - x86/cacheinfo: Fix a -Wtype-limits warning
    - blk-iolatency: only account submitted bios
    - ACPICA: Clear status of GPEs on first direct enable
    - EDAC/sysfs: Fix memory leak when creating a csrow object
    - nvme: fix possible io failures when removing multipathed ns
    - nvme-pci: properly report state change failure in nvme_reset_work
    - nvme-pci: set the errno on ctrl state change error
    - lightnvm: pblk: fix freeing of merged pages
    - arm64: Do not enable IRQs for ct_user_exit
    - ipsec: select crypto ciphers for xfrm_algo
    - ipvs: defer hook registration to avoid leaks
    - media: s5p-mfc: Make additional clocks optional
    - media: i2c: fix warning same module names
    - [Config] rename module adv7511
    - ntp: Limit TAI-UTC offset
    - timer_list: Guard procfs specific code
    - acpi/arm64: ignore 5.1 FADTs that are reported as 5.0
    - media: coda: fix mpeg2 sequence number handling
    - media: coda: fix last buffer handling in V4L2_ENC_CMD_STOP
    - media: coda: increment sequence offset for the last returned frame
    - media: vimc: cap: check v4l2_fill_pixfmt return value
    - media: hdpvr: fix locking and a missing msleep
    - net: stmmac: sun8i: force select external PHY when no internal one
    - rtlwifi: rtl8192cu: fix error handle when usb probe failed
    - mt7601u: do not schedule rx_tasklet when the device has been disconnected
    - x86/build: Add 'set -e' to mkcapflags.sh to delete broken capflags.c
    - mt7601u: fix possible memory leak when the device is disconnected
    - ipvs: fix tinfo memory leak in start_sync_thread
    - ath10k: add missing error handling
    - ath10k: fix PCIE device wake up failed
    - perf tools: Increase MAX_NR_CPUS and MAX_CACHES
    - ASoC: Intel: hdac_hdmi: Set ops to NULL on remove
    - libata: don't request sense data on !ZAC ATA devices
    - clocksource/drivers/exynos_mct: Increase priority over ARM arch timer
    - xsk: Properly terminate assignment in xskq_produce_flush_desc
    - rslib: Fix decoding of shortened codes
    - rslib: Fix handling of of caller provided syndrome
    - ixgbe: Check DDM existence in transceiver before access
    - crypto: serpent - mark __serpent_setkey_sbox noinline
    - crypto: asymmetric_keys - select CRYPTO_HASH where needed
    - wil6210: drop old event after wmi_call timeout
    - EDAC: Fix global-out-of-bounds write when setting edac_mc_poll_msec
    - bcache: check CACHE_SET_IO_DISABLE in allocator code
    - bcache: check CACHE_SET_IO_DISABLE bit in bch_journal()
    - bcache: acquire bch_register_lock later in cached_dev_free()
    - bcache: check c->gc_thread by IS_ERR_OR_NULL in cache_set_flush()
    - bcache: fix potential deadlock in cached_def_free()
    - net: hns3: fix a -Wformat-nonliteral compile warning
    - net: hns3: add some error checking in hclge_tm module
    - ath10k: destroy sdio workqueue while remove sdio module
    - net: mvpp2: prs: Don't override the sign bit in SRAM parser shift
    - igb: clear out skb->tstamp after reading the txtime
    - iwlwifi: mvm: Drop large non sta frames
    - bpf: fix uapi bpf_prog_info fields alignment
    - perf stat: Make metric event lookup more robust
    - perf stat: Fix group lookup for metric group
    - net: usb: asix: init MAC address buffers
    - rxrpc: Fix oops in tracepoint
    - bpf, libbpf, smatch: Fix potential NULL pointer dereference
    - selftests: bpf: fix inlines in test_lwt_seg6local
    - bonding: validate ip header before check IPPROTO_IGMP
    - gpiolib: Fix references to gpiod_[gs]et_*value_cansleep() variants
    - tools: bpftool: Fix json dump crash on powerpc
    - Bluetooth: hci_bcsp: Fix memory leak in rx_skb
    - Bluetooth: Add new 13d3:3491 QCA_ROME device
    - Bluetooth: Add new 13d3:3501 QCA_ROME device
    - Bluetooth: 6lowpan: search for destination address in all peers
    - perf tests: Fix record+probe_libc_inet_pton.sh for powerpc64
    - Bluetooth: Check state in l2cap_disconnect_rsp
    - gtp: add missing gtp_encap_disable_sock() in gtp_encap_enable()
    - Bluetooth: validate BLE connection interval updates
    - gtp: fix suspicious RCU usage
    - gtp: fix Illegal context switch in RCU read-side critical section.
    - gtp: fix use-after-free in gtp_encap_destroy()
    - gtp: fix use-after-free in gtp_newlink()
    - net: mvmdio: defer probe of orion-mdio if a clock is not ready
    - iavf: fix dereference of null rx_buffer pointer
    - floppy: fix out-of-bounds read in next_valid_format
    - floppy: fix invalid pointer dereference in drive_name
    - xen: let alloc_xenballooned_pages() fail if not enough memory free
    - scsi: NCR5380: Always re-enable reselection interrupt
    - Revert "scsi: ncr5380: Increase register polling limit"
    - scsi: core: Fix race on creating sense cache
    - scsi: megaraid_sas: Fix calculation of target ID
    - scsi: mac_scsi: Increase PIO/PDMA transfer length threshold
    - scsi: mac_scsi: Fix pseudo DMA implementation, take 2
    - crypto: ghash - fix unaligned memory access in ghash_setkey()
    - crypto: ccp - Validate the the error value used to index error messages
    - crypto: arm64/sha1-ce - correct digest for empty data in finup
    - crypto: arm64/sha2-ce - correct digest for empty data in finup
    - crypto: chacha20poly1305 - fix atomic sleep when using async algorithm
    - crypto: crypto4xx - fix AES CTR blocksize value
    - crypto: crypto4xx - fix blocksize for cfb and ofb
    - crypto: crypto4xx - block ciphers should only accept complete blocks
    - crypto: ccp - memset structure fields to zero before reuse
    - crypto: ccp/gcm - use const time tag comparison.
    - crypto: crypto4xx - fix a potential double free in ppc4xx_trng_probe
    - bcache: Revert "bcache: fix high CPU occupancy during journal"
    - bcache: Revert "bcache: free heap cache_set->flush_btree in
      bch_journal_free"
    - bcache: ignore read-ahead request failure on backing device
    - bcache: fix mistaken sysfs entry for io_error counter
    - bcache: destroy dc->writeback_write_wq if failed to create
      dc->writeback_thread
    - Input: gtco - bounds check collection indent level
    - Input: synaptics - whitelist Lenovo T580 SMBus intertouch
    - regulator: s2mps11: Fix buck7 and buck8 wrong voltages
    - arm64: tegra: Update Jetson TX1 GPU regulator timings
    - iwlwifi: pcie: don't service an interrupt that was masked
    - iwlwifi: pcie: fix ALIVE interrupt handling for gen2 devices w/o MSI-X
    - iwlwifi: don't WARN when calling iwl_get_shared_mem_conf with RF-Kill
    - iwlwifi: fix RF-Kill interrupt while FW load for gen2 devices
    - NFSv4: Handle the special Linux file open access mode
    - pnfs/flexfiles: Fix PTR_ERR() dereferences in ff_layout_track_ds_error
    - pNFS: Fix a typo in pnfs_update_layout
    - pnfs: Fix a problem where we gratuitously start doing I/O through the MDS
    - lib/scatterlist: Fix mapping iterator when sg->offset is greater than
      PAGE_SIZE
    - ASoC: dapm: Adapt for debugfs API change
    - raid5-cache: Need to do start() part job after adding journal device
    - ALSA: seq: Break too long mutex context in the write loop
    - ALSA: hda/realtek - Fixed Headphone Mic can't record on Dell platform
    - media: v4l2: Test type instead of cfg->type in v4l2_ctrl_new_custom()
    - media: coda: Remove unbalanced and unneeded mutex unlock
    - media: videobuf2-core: Prevent size alignment wrapping buffer size to 0
    - media: videobuf2-dma-sg: Prevent size from overflowing
    - KVM: x86/vPMU: refine kvm_pmu err msg when event creation failed
    - arm64: tegra: Fix AGIC register range
    - fs/proc/proc_sysctl.c: fix the default values of i_uid/i_gid on /proc/sys
      inodes.
    - kconfig: fix missing choice values in auto.conf
    - drm/nouveau/i2c: Enable i2c pads & busses during preinit
    - padata: use smp_mb in padata_reorder to avoid orphaned padata jobs
    - dm zoned: fix zone state management race
    - xen/events: fix binding user event channels to cpus
    - 9p/xen: Add cleanup path in p9_trans_xen_init
    - 9p/virtio: Add cleanup path in p9_virtio_init
    - x86/boot: Fix memory leak in default_get_smp_config()
    - perf/x86/intel: Fix spurious NMI on fixed counter
    - perf/x86/amd/uncore: Do not set 'ThreadMask' and 'SliceMask' for non-L3 PMCs
    - perf/x86/amd/uncore: Set the thread mask for F17h L3 PMCs
    - drm/edid: parse CEA blocks embedded in DisplayID
    - intel_th: pci: Add Ice Lake NNPI support
    - PCI: hv: Fix a use-after-free bug in hv_eject_device_work()
    - PCI: Do not poll for PME if the device is in D3cold
    - PCI: qcom: Ensure that PERST is asserted for at least 100 ms
    - Btrfs: fix data loss after inode eviction, renaming it, and fsync it
    - Btrfs: fix fsync not persisting dentry deletions due to inode evictions
    - Btrfs: add missing inode version, ctime and mtime updates when punching hole
    - IB/mlx5: Report correctly tag matching rendezvous capability
    - HID: wacom: generic: only switch the mode on devices with LEDs
    - HID: wacom: generic: Correct pad syncing
    - HID: wacom: correct touch resolution x/y typo
    - libnvdimm/pfn: fix fsdax-mode namespace info-block zero-fields
    - coda: pass the host file in vma->vm_file on mmap
    - include/asm-generic/bug.h: fix "cut here" for WARN_ON for __WARN_TAINT
      architectures
    - xfs: don't overflow xattr listent buffer
    - xfs: rename m_inotbt_nores to m_finobt_nores
    - xfs: don't ever put nlink > 0 inodes on the unlinked list
    - xfs: reserve blocks for ifree transaction during log recovery
    - xfs: fix reporting supported extra file attributes for statx()
    - xfs: serialize unaligned dio writes against all other dio writes
    - xfs: abort unaligned nowait directio early
    - gpu: ipu-v3: ipu-ic: Fix saturation bit offset in TPMEM
    - crypto: caam - limit output IV to CBC to work around CTR mode DMA issue
    - parisc: Ensure userspace privilege for ptraced processes in regset functions
    - parisc: Fix kernel panic due invalid values in IAOQ0 or IAOQ1
    - powerpc/32s: fix suspend/resume when IBATs 4-7 are used
    - powerpc/watchpoint: Restore NV GPRs while returning from exception
    - powerpc/powernv/npu: Fix reference leak
    - powerpc/pseries: Fix oops in hotplug memory notifier
    - mmc: sdhci-msm: fix mutex while in spinlock
    - eCryptfs: fix a couple type promotion bugs
    - mtd: rawnand: mtk: Correct low level time calculation of r/w cycle
    - mtd: spinand: read returns badly if the last page has bitflips
    - intel_th: msu: Fix single mode with disabled IOMMU
    - Bluetooth: Add SMP workaround Microsoft Surface Precision Mouse bug
    - usb: Handle USB3 remote wakeup for LPM enabled devices correctly
    - blk-throttle: fix zero wait time for iops throttled group
    - blk-iolatency: clear use_delay when io.latency is set to zero
    - blkcg: update blkcg_print_stat() to handle larger outputs
    - net: mvmdio: allow up to four clocks to be specified for orion-mdio
    - dt-bindings: allow up to four clocks for orion-mdio
    - dm bufio: fix deadlock with loop device
    - ath10k: Check tx_stats before use it
    - ath10k: fix incorrect multicast/broadcast rate setting
    - spi: rockchip: turn down tx dma bursts
    - ath10k: Fix encoding for protected management frames
    - media: v4l2-core: fix use-after-free error
    - media: usb:zr364xx:Fix KASAN:null-ptr-deref Read in zr364xx_vidioc_querycap
    - locking/lockdep: Fix OOO unlock when hlocks need merging
    - media: aspeed: change irq to threaded irq
    - gpio: omap: Fix lost edge wake-up interrupts
    - media: davinci: vpif_capture: fix memory leak in vpif_probe()
    - perf/x86/intel: Disable check_msr for real HW
    - integrity: Fix __integrity_init_keyring() section mismatch
    - iavf: allow null RX descriptors
    - ASoC: rsnd: fixup mod ID calculation in rsnd_ctu_probe_
    - bpf: fix callees pruning callers
    - net: netsec: initialize tx ring on ndo_open
    - EDAC/sysfs: Drop device references properly
    - nvme-pci: adjust irq max_vector using num_possible_cpus()
    - media: mt9m111: fix fw-node refactoring
    - ASoC: soc-core: call snd_soc_unbind_card() under mutex_lock;
    - ath10k: fix fw crash by moving chip reset after napi disabled
    - netfilter: ctnetlink: Fix regression in conntrack entry deletion
    - bpf: fix BPF_ALU32 | BPF_ARSH on BE arches
    - gpio: Fix return value mismatch of function gpiod_get_from_of_node()
    - ath9k: correctly handle short radar pulses
    - ath10k: Fix memory leak in qmi
    - net: hns3: add Asym Pause support to fix autoneg problem
    - iwlwifi: dbg: fix debug monitor stop and restart delays
    - bnxt_en: Disable bus master during PCI shutdown and driver unload.
    - bnxt_en: Fix statistics context reservation logic for RDMA driver.
    - perf stat: Fix metrics with --no-merge
    - perf stat: Don't merge events in the same PMU
    - net: hns3: enable broadcast promisc mode when initializing VF
    - Bluetooth: hidp: NUL terminate a string in the compat ioctl
    - xdp: fix race on generic receive path
    - net: hns3: fix __QUEUE_STATE_STACK_XOFF not cleared issue
    - blk-iolatency: fix STS_AGAIN handling
    - scsi: NCR5380: Handle PDMA failure reliably
    - scsi: sd_zbc: Fix compilation warning
    - scsi: zfcp: fix request object use-after-free in send path causing seqno
      errors
    - scsi: zfcp: fix request object use-after-free in send path causing wrong
      traces
    - cifs: fix crash in smb2_compound_op()/smb2_set_next_command()
    - cifs: Properly handle auto disabling of serverino option
    - regulator: s2mps11: Fix ERR_PTR dereference on GPIO lookup failure
    - iwlwifi: mvm: delay GTK setting in FW in AP mode
    - iwlwifi: mvm: clear rfkill_safe_init_done when we start the firmware
    - opp: Don't use IS_ERR on invalid supplies
    - ASoC: core: Adapt for debugfs API change
    - ceph: fix end offset in truncate_inode_pages_range call
    - KVM: nVMX: Always sync GUEST_BNDCFGS when it comes from vmcs01
    - KVM: VMX: Fix handling of #MC that occurs during VM-Entry
    - KVM: VMX: check CPUID before allowing read/write of IA32_XSS
    - KVM: PPC: Book3S HV: Signed extend decrementer value if not using large
      decrementer
    - KVM: PPC: Book3S HV: Clear pending decrementer exceptions on nested guest
      entry
    - KVM: PPC: Book3S HV: Fix CR0 setting in TM emulation
    - signal/usb: Replace kill_pid_info_as_cred with kill_pid_usb_asyncio
    - signal: Correct namespace fixups of si_pid and si_uid
    - i3c: fix i2c and i3c scl rate by bus mode
    - ARM: dts: gemini: Set DIR-685 SPI CS as active low
    - rt2x00usb: fix rx queue hang
    - block: Allow mapping of vmalloc-ed buffers
    - block: Fix potential overflow in blk_report_zones()
    - RDMA/srp: Accept again source addresses that do not have a port number
    - mm/nvdimm: add is_ioremap_addr and use that to check ioremap address
    - resource: fix locking in find_next_iomem_res()
    - powerpc/powernv: Fix stale iommu table base after VFIO
    - dax: Fix missed wakeup with PMD faults
    - pstore: Fix double-free in pstore_mkfile() failure path
    - [Config] rename module adv7511

* ACPI support for the ARMv8.2 Statistical Profiling Extension (LP: #1841490)
    - ACPICA: ACPI 6.3: MADT: add support for statistical profiling in GICC
    - ACPICA: ACPI 6.3: PPTT add additional fields in Processor Structure Flags
    - ACPI/PPTT: Modify node flag detection to find last IDENTICAL
    - ACPI/PPTT: Add function to return ACPI 6.3 Identical tokens
    - arm_pmu: acpi: spe: Add initial MADT/SPE probing
    - perf: arm_spe: Enable ACPI/Platform automatic module loading

* Backport support for software count cache flush Spectre v2 mitigation. (CVE)
    (required for POWER9 DD2.3) (LP: #1822870) // QEMU -  count cache flush
    Spectre v2 mitigation (CVE) (required for POWER9 DD2.3) (LP: #1832622)
    - KVM: PPC: Book3S: Add count cache flush parameters to kvmppc_get_cpu_char()

* Additional regression in CMA allocation rework (LP: #1841483)
    - dma-direct: fix zone selection after an unaddressable CMA allocation

* [SRU][B-OEM-OSP1/D/E] reduce s2idle power consumption when BIOS uses shared
    power resources (LP: #1840882)
    - PCI / ACPI: Use cached ACPI device state to get PCI device power state
    - ACPI / PM: Introduce concept of a _PR0 dependent device
    - PCI / ACPI: Add _PR0 dependent devices

* ipv6: fix neighbour resolution with raw socket (LP: #1834465)
    - ipv6: constify rt6_nexthop()
    - ipv6: fix neighbour resolution with raw socket

* realtek r8822be kernel module fails after update to linux kernel-headers
    5.0.0-21 (LP: #1838133)
    - build_bug.h: add wrapper for _Static_assert
    - lib/vsprintf.c: move sizeof(struct printf_spec) next to its definition
    - linux/fs.h: move member alignment check next to definition of struct
      filename
    - rtw88: add license for Makefile
    - rtw88: fix subscript above array bounds compiler warning
    - rtw88: fix unassigned rssi_level in rtw_sta_info
    - rtw88: avoid circular locking between local->iflist_mtx and rtwdev->mutex
    - rtw88: Make some symbols static
    - rtw88: pci: use ieee80211_ac_numbers instead of 0-3
    - rtw88: pci: check if queue mapping exceeds size of ac_to_hwq
    - rtw88: more descriptions about LPS
    - rtw88: add fast xmit support
    - rtw88: add support for random mac scan
    - rtw88: add beacon function setting
    - rtw88: 8822c: add rf write protection when switching channel
    - rtw88: 8822c: update channel and bandwidth BB setting
    - rtw88: 8822c: disable rx clock gating before counter reset
    - rtw88: 8822c: use more accurate ofdm fa counting
    - rtw88: power on again if it was already on
    - rtw88: restore DACK results to save time
    - rtw88: rsvd page should go though management queue
    - rtw88: fix typo rtw_writ16_set
    - rtw88: resolve order of tx power setting routines
    - rtw88: do not use (void *) as argument
    - rtw88: unify prefixes for tx power setting routine
    - rtw88: remove unused variable
    - rtw88: fix incorrect tx power limit at 5G
    - rtw88: choose the lowest as world-wide power limit
    - rtw88: correct power limit selection
    - rtw88: update tx power limit table to RF v20
    - rtw88: remove all RTW_MAX_POWER_INDEX macro
    - rtw88: refine flow to get tx power index
    - rtw88: Fix misuse of GENMASK macro
    - rtw88: pci: Rearrange the memory usage for skb in RX ISR
    - rtw88: pci: Use DMA sync instead of remapping in RX ISR
    - rtw88: debug: dump tx power indexes in use
    - rtw88: use txpwr_lmt_cfg_pair struct, not arrays
    - rtw88: pci: remove set but not used variable 'ip_sel'
    - rtw88: allow c2h operation in irq context
    - rtw88: enclose c2h cmd handle with mutex
    - rtw88: add BT co-existence support
    - SAUCE: rtw88: pci: enable MSI interrupt

* Disco update: upstream stable patchset 2019-08-30 (LP: #1842128)
    - selftests/bpf: fix sendmsg6_prog on s390
    - net: mvpp2: Don't check for 3 consecutive Idle frames for 10G links
    - selftests: forwarding: gre_multipath: Enable IPv4 forwarding
    - selftests: forwarding: gre_multipath: Fix flower filters
    - can: mcp251x: add error check when wq alloc failed
    - can: gw: Fix error path of cgw_module_init
    - ASoC: rockchip: Fix mono capture
    - mac80211_hwsim: Fix possible null-pointer dereferences in
      hwsim_dump_radio_nl()
    - netfilter: ipset: Actually allow destination MAC address for hash:ip,mac
      sets too
    - netfilter: ipset: Copy the right MAC address in bitmap:ip,mac and
      hash:ip,mac sets
    - rxrpc: Fix potential deadlock
    - rxrpc: Fix the lack of notification when sendmsg() fails on a DATA packet
    - net: phy: phy_led_triggers: Fix a possible null-pointer dereference in
      phy_led_trigger_change_speed()
    - NFS: Fix regression whereby fscache errors are appearing on 'nofsc' mounts
    - HID: quirks: Set the INCREMENT_USAGE_ON_DUPLICATE quirk on Saitek X52
    - drm/rockchip: Suspend DP late
    - SMB3: Fix potential memory leak when processing compound chain
    - s390: put _stext and _etext into .text section
    - net: stmmac: Fix issues when number of Queues >= 4
    - net: stmmac: tc: Do not return a fragment entry
    - block, bfq: handle NULL return value by bfq_init_rq()
    - KVM: arm64: Don't write junk to sysregs on reset
    - KVM: arm: Don't write junk to CP15 registers on reset
    - clk: socfpga: stratix10: fix rate caclulationg for cnt_clks
    - ceph: clear page dirty before invalidate page
    - Drivers: hv: vmbus: Fix virt_to_hvpfn() for X86_PAE
    - dm integrity: fix a crash due to BUG_ON in __journal_read_write()
    - dm raid: add missing cleanup in raid_ctr()
    - xfs: don't trip over uninitialized buffer on extent read of corrupted inode
    - xfs: always rejoin held resources during defer roll
    - rxrpc: Fix local endpoint refcounting
    - rxrpc: Fix read-after-free in rxrpc_queue_local()
    - rxrpc: Fix local endpoint replacement
    - rxrpc: Fix local refcounting
    - regulator: axp20x: fix DCDCA and DCDCD for AXP806
    - regulator: axp20x: fix DCDC5 and DCDC6 for AXP803
    - HID: Add 044f:b320 ThrustMaster, Inc. 2 in 1 DT
    - MIPS: kernel: only use i8253 clocksource with periodic clockevent
    - mips: fix cacheinfo
    - netfilter: ebtables: fix a memory leak bug in compat
    - ASoC: dapm: Fix handling of custom_stop_condition on DAPM graph walks
    - spi: pxa2xx: Balance runtime PM enable/disable on error
    - bpf: sockmap, sock_map_delete needs to use xchg
    - bpf: sockmap, synchronize_rcu before free'ing map
    - bpf: sockmap, only create entry if ulp is not already enabled
    - ASoC: dapm: fix a memory leak bug
    - bonding: Force slave speed check after link state recovery for 802.3ad
    - can: dev: call netif_carrier_off() in register_candev()
    - ASoC: Fail card instantiation if DAI format setup fails
    - st21nfca_connectivity_event_received: null check the allocation
    - st_nci_hci_connectivity_event_received: null check the allocation
    - {nl,mac}80211: fix interface combinations on crypto controlled devices
    - ASoC: ti: davinci-mcasp: Fix clk PDIR handling for i2s master mode
    - ASoC: ti: davinci-mcasp: Correct slot_width posed constraint
    - net: usb: qmi_wwan: Add the BroadMobi BM818 card
    - qed: RDMA - Fix the hw_ver returned in device attributes
    - isdn: mISDN: hfcsusb: Fix possible null-pointer dereferences in
      start_isoc_chain()
    - net: stmmac: manage errors returned by of_get_mac_address()
    - netfilter: ipset: Fix rename concurrency with listing
    - nvmem: Use the same permissions for eeprom as for nvmem
    - iwlwifi: mvm: avoid races in rate init and rate perform
    - iwlwifi: dbg_ini: move iwl_dbg_tlv_load_bin out of debug override ifdef
    - iwlwifi: dbg_ini: move iwl_dbg_tlv_free outside of debugfs ifdef
    - iwlwifi: fix locking in delayed GTK setting
    - iwlwifi: mvm: send LQ command always ASYNC
    - isdn: hfcsusb: Fix mISDN driver crash caused by transfer buffer on the stack
    - perf bench numa: Fix cpu0 binding
    - spi: pxa2xx: Add support for Intel Comet Lake
    - spi: pxa2xx: Add support for Intel Tiger Lake
    - can: sja1000: force the string buffer NULL-terminated
    - can: peak_usb: force the string buffer NULL-terminated
    - net/ethernet/qlogic/qed: force the string buffer NULL-terminated
    - NFSv4: Fix a credential refcount leak in nfs41_check_delegation_stateid
    - NFSv4: When recovering state fails with EAGAIN, retry the same recovery
    - NFSv4.1: Fix open stateid recovery
    - NFSv4.1: Only reap expired delegations
    - NFSv4: Fix a potential sleep while atomic in nfs4_do_reclaim()
    - HID: input: fix a4tech horizontal wheel custom usage
    - SMB3: Kernel oops mounting a encryptData share with CONFIG_DEBUG_VIRTUAL
    - sched/deadline: Fix double accounting of rq/running bw in push & pull
    - s390/mm: fix dump_pagetables top level page table walking
    - ata: rb532_cf: Fix unused variable warning in rb532_pata_driver_probe
    - net: cxgb3_main: Fix a resource leak in a error path in 'init_one()'
    - drm/amdgpu: pin the csb buffer on hw init for gfx v8
    - net: hisilicon: make hip04_tx_reclaim non-reentrant
    - net: hisilicon: fix hip04-xmit never return TX_BUSY
    - net: hisilicon: Fix dma_map_single failed on arm64
    - NFSv4: Ensure state recovery handles ETIMEDOUT correctly
    - libata: have ata_scsi_rw_xlat() fail invalid passthrough requests
    - libata: add SG safety checks in SFF pio transfers
    - x86/lib/cpu: Address missing prototypes warning
    - drm/vmwgfx: fix memory leak when too many retries have occurred
    - block: aoe: Fix kernel crash due to atomic sleep when exiting
    - perf ftrace: Fix failure to set cpumask when only one cpu is present
    - perf cpumap: Fix writing to illegal memory in handling cpumap mask
    - perf pmu-events: Fix missing "cpu_clk_unhalted.core" event
    - selftests: kvm: Adding config fragments
    - HID: wacom: correct misreported EKR ring values
    - HID: wacom: Correct distance scale for 2nd-gen Intuos devices
    - Revert "dm bufio: fix deadlock with loop device"
    - ceph: don't try fill file_lock on unsuccessful GETFILELOCK reply
    - libceph: fix PG split vs OSD (re)connect race
    - drm/nouveau: Don't retry infinitely when receiving no data on i2c over AUX
    - gpiolib: never report open-drain/source lines as 'input' to user-space
    - userfaultfd_release: always remove uffd flags and clear vm_userfaultfd_ctx
    - x86/retpoline: Don't clobber RFLAGS during CALL_NOSPEC on i386
    - x86/apic: Handle missing global clockevent gracefully
    - x86/CPU/AMD: Clear RDRAND CPUID bit on AMD family 15h/16h
    - x86/boot: Save fields explicitly, zero out everything else
    - x86/boot: Fix boot regression caused by bootparam sanitizing
    - dm kcopyd: always complete failed jobs
    - dm btree: fix order of block initialization in btree_split_beneath
    - dm space map metadata: fix missing store of apply_bops() return value
    - dm table: fix invalid memory accesses with too high sector number
    - dm zoned: improve error handling in reclaim
    - dm zoned: improve error handling in i/o map code
    - dm zoned: properly handle backing device failure
    - genirq: Properly pair kobject_del() with kobject_add()
    - mm, page_alloc: move_freepages should not examine struct page of reserved
      memory
    - mm, page_owner: handle THP splits correctly
    - mm/zsmalloc.c: migration can leave pages in ZS_EMPTY indefinitely
    - mm/zsmalloc.c: fix race condition in zs_destroy_pool
    - mm/kasan: fix false positive invalid-free reports with
      CONFIG_KASAN_SW_TAGS=y
    - xfs: fix missing ILOCK unlock when xfs_setattr_nonsize fails due to EDQUOT
    - dm zoned: fix potential NULL dereference in dmz_do_reclaim()
    - powerpc: Allow flush_(inval_)dcache_range to work across ranges >4GB

* Disco update: upstream stable patchset 2019-08-29 (LP: #1841994)
    - scsi: fcoe: Embed fc_rport_priv in fcoe_rport structure
    - gcc-9: don't warn about uninitialized variable
    - driver core: Establish order of operations for device_add and device_del via
      bitflag
    - drivers/base: Introduce kill_device()
    - libnvdimm/bus: Prevent duplicate device_unregister() calls
    - libnvdimm/bus: Prepare the nd_ioctl() path to be re-entrant
    - libnvdimm/bus: Fix wait_nvdimm_bus_probe_idle() ABBA deadlock
    - HID: wacom: fix bit shift for Cintiq Companion 2
    - HID: Add quirk for HP X1200 PIXART OEM mouse
    - atm: iphase: Fix Spectre v1 vulnerability
    - bnx2x: Disable multi-cos feature.
    - ife: error out when nla attributes are empty
    - ip6_gre: reload ipv6h in prepare_ip6gre_xmit_ipv6
    - ip6_tunnel: fix possible use-after-free on xmit
    - ipip: validate header length in ipip_tunnel_xmit
    - mlxsw: spectrum: Fix error path in mlxsw_sp_module_init()
    - mvpp2: fix panic on module removal
    - mvpp2: refactor MTU change code
    - net: bridge: delete local fdb on device init failure
    - net: bridge: mcast: don't delete permanent entries when fast leave is
      enabled
    - net: fix ifindex collision during namespace removal
    - net/mlx5e: always initialize frag->last_in_page
    - net/mlx5: Use reversed order when unregister devices
    - net: phylink: Fix flow control for fixed-link
    - net: qualcomm: rmnet: Fix incorrect UL checksum offload logic
    - net: sched: Fix a possible null-pointer dereference in dequeue_func()
    - net sched: update vlan action for batched events operations
    - net: sched: use temporary variable for actions indexes
    - net/smc: do not schedule tx_work in SMC_CLOSED state
    - NFC: nfcmrvl: fix gpio-handling regression
    - ocelot: Cancel delayed work before wq destruction
    - tipc: compat: allow tipc commands without arguments
    - tun: mark small packets as owned by the tap sock
    - net/mlx5: Fix modify_cq_in alignment
    - net/mlx5e: Prevent encap flow counter update async to user query
    - r8169: don't use MSI before RTL8168d
    - compat_ioctl: pppoe: fix PPPOEIOCSFWD handling
    - cgroup: Call cgroup_release() before __exit_signal()
    - cgroup: Implement css_task_iter_skip()
    - cgroup: Include dying leaders with live threads in PROCS iterations
    - cgroup: css_task_iter_skip()'d iterators must be advanced before accessed
    - cgroup: Fix css_task_iter_advance_css_set() cset skip condition
    - spi: bcm2835: Fix 3-wire mode if DMA is enabled
    - ALSA: usb-audio: Sanity checks for each pipe and EP types
    - ALSA: usb-audio: Fix gpf in snd_usb_pipe_sanity_check
    - drivers/net/ethernet/marvell/mvmdio.c: Fix non OF case
    - net: phylink: don't start and stop SGMII PHYs in SFP modules twice
    - net: phy: mscc: initialize stats array
    - bpf: fix XDP vlan selftests test_xdp_vlan.sh
    - selftests/bpf: add wrapper scripts for test_xdp_vlan.sh
    - selftests/bpf: reduce time to execute test_xdp_vlan.sh
    - net: fix bpf_xdp_adjust_head regression for generic-XDP
    - hv_sock: Fix hang when a connection is closed
    - iio: cros_ec_accel_legacy: Fix incorrect channel setting
    - iio: adc: max9611: Fix misuse of GENMASK macro
    - staging: gasket: apex: fix copy-paste typo
    - staging: android: ion: Bail out upon SIGKILL when allocating memory.
    - crypto: ccp - Fix oops by properly managing allocated structures
    - crypto: ccp - Add support for valid authsize values less than 16
    - crypto: ccp - Ignore tag length when decrypting GCM ciphertext
    - usb: usbfs: fix double-free of usb memory upon submiturb error
    - usb: iowarrior: fix deadlock on disconnect
    - sound: fix a memory leak bug
    - mmc: cavium: Set the correct dma max segment size for mmc_host
    - mmc: cavium: Add the missing dma unmap when the dma has finished.
    - loop: set PF_MEMALLOC_NOIO for the worker thread
    - Input: usbtouchscreen - initialize PM mutex before using it
    - Input: elantech - enable SMBus on new (2018+) systems
    - Input: synaptics - enable RMI mode for HP Spectre X360
    - perf annotate: Fix s390 gap between kernel end and module start
    - perf db-export: Fix thread__exec_comm()
    - perf record: Fix module size on s390
    - x86/purgatory: Use CFLAGS_REMOVE rather than reset KBUILD_CFLAGS
    - gfs2: gfs2_walk_metadata fix
    - usb: host: xhci-rcar: Fix timeout in xhci_suspend()
    - usb: yurex: Fix use-after-free in yurex_delete
    - usb: typec: tcpm: free log buf memory when remove debug file
    - usb: typec: tcpm: remove tcpm dir if no children
    - usb: typec: tcpm: Add NULL check before dereferencing config
    - usb: typec: tcpm: Ignore unsupported/unknown alternate mode requests
    - can: rcar_canfd: fix possible IRQ storm on high load
    - can: peak_usb: fix potential double kfree_skb()
    - netfilter: nfnetlink: avoid deadlock due to synchronous request_module
    - vfio-ccw: Set pa_nr to 0 if memory allocation fails for pa_iova_pfn
    - netfilter: Fix rpfilter dropping vrf packets by mistake
    - netfilter: conntrack: always store window size un-scaled
    - netfilter: nft_hash: fix symhash with modulus one
    - scripts/sphinx-pre-install: fix script for RHEL/CentOS
    - drm/amd/display: Wait for backlight programming completion in set backlight
      level
    - drm/amd/display: use encoder's engine id to find matched free audio device
    - drm/amd/display: Fix dc_create failure handling and 666 color depths
    - drm/amd/display: Only enable audio if speaker allocation exists
    - drm/amd/display: Increase size of audios array
    - iscsi_ibft: make ISCSI_IBFT dependson ACPI instead of ISCSI_IBFT_FIND
    - nl80211: fix NL80211_HE_MAX_CAPABILITY_LEN
    - mac80211: don't warn about CW params when not using them
    - allocate_flower_entry: should check for null deref
    - hwmon: (nct6775) Fix register address and added missed tolerance for nct6106
    - drm: silence variable 'conn' set but not used
    - cpufreq/pasemi: fix use-after-free in pas_cpufreq_cpu_init()
    - s390/qdio: add sanity checks to the fast-requeue path
    - ALSA: compress: Fix regression on compressed capture streams
    - ALSA: compress: Prevent bypasses of set_params
    - ALSA: compress: Don't allow paritial drain operations on capture streams
    - ALSA: compress: Be more restrictive about when a drain is allowed
    - perf tools: Fix proper buffer size for feature processing
    - perf probe: Avoid calling freeing routine multiple times for same pointer
    - drbd: dynamically allocate shash descriptor
    - ACPI/IORT: Fix off-by-one check in iort_dev_find_its_id()
    - ARM: davinci: fix sleep.S build error on ARMv4
    - ARM: dts: bcm: bcm47094: add missing #cells for mdio-bus-mux
    - scsi: megaraid_sas: fix panic on loading firmware crashdump
    - scsi: ibmvfc: fix WARN_ON during event pool release
    - scsi: scsi_dh_alua: always use a 2 second delay before retrying RTPG
    - test_firmware: fix a memory leak bug
    - tty/ldsem, locking/rwsem: Add missing ACQUIRE to read_failed sleep loop
    - perf/core: Fix creating kernel counters for PMUs that override event->cpu
    - s390/dma: provide proper ARCH_ZONE_DMA_BITS value
    - HID: sony: Fix race condition between rumble and device remove.
    - x86/purgatory: Do not use __builtin_memcpy and __builtin_memset
    - ALSA: usb-audio: fix a memory leak bug
    - can: peak_usb: pcan_usb_pro: Fix info-leaks to USB devices
    - can: peak_usb: pcan_usb_fd: Fix info-leaks to USB devices
    - hwmon: (nct7802) Fix wrong detection of in4 presence
    - drm/i915: Fix wrong escape clock divisor init for GLK
    - ALSA: firewire: fix a memory leak bug
    - ALSA: hiface: fix multiple memory leak bugs
    - ALSA: hda - Don't override global PCM hw info flag
    - ALSA: hda - Workaround for crackled sound on AMD controller (1022:1457)
    - mac80211: don't WARN on short WMM parameters from AP
    - dax: dax_layout_busy_page() should not unmap cow pages
    - SMB3: Fix deadlock in validate negotiate hits reconnect
    - smb3: send CAP_DFS capability during session setup
    - NFSv4: Fix an Oops in nfs4_do_setattr
    - KVM: Fix leak vCPU's VMCS value into other pCPU
    - mwifiex: fix 802.11n/WPA detection
    - iwlwifi: don't unmap as page memory that was mapped as single
    - iwlwifi: mvm: fix an out-of-bound access
    - iwlwifi: mvm: don't send GEO_TX_POWER_LIMIT on version < 41
    - iwlwifi: mvm: fix version check for GEO_TX_POWER_LIMIT support
    - iio: adc: gyroadc: fix uninitialized return code
    - staging: wilc1000: flush the workqueue before deinit the host
    - can: flexcan: fix stop mode acknowledgment
    - can: flexcan: fix an use-after-free in flexcan_setup_stop_mode()
    - powerpc: fix off by one in max_zone_pfn initialization for ZONE_DMA
    - scripts/sphinx-pre-install: don't use LaTeX with CentOS 7
    - rq-qos: don't reset has_sleepers on spurious wakeups
    - rq-qos: set ourself TASK_UNINTERRUPTIBLE after we schedule
    - rq-qos: use a mb for got_token
    - drm/amd/display: Clock does not lower in Updateplanes
    - drm/amd/display: fix DMCU hang when going into Modern Standby
    - drm/amd/display: allocate 4 ddc engines for RV2
    - mac80211: fix possible memory leak in ieee80211_assign_beacon
    - hwmon: (occ) Fix division by zero issue
    - ARM: dts: imx6ul: fix clock frequency property name of I2C buses
    - powerpc/papr_scm: Force a scm-unbind if initial scm-bind fails
    - arm64: Force SSBS on context switch
    - arm64: entry: SP Alignment Fault doesn't write to FAR_EL1
    - drm/msm/dpu: Correct dpu encoder spinlock initialization
    - perf script: Fix off by one in brstackinsn IPC computation
    - perf stat: Fix segfault for event group in repeat mode
    - nvme: ignore subnqn for ADATA SX6000LNP
    - nvme: fix memory leak caused by incorrect subsystem free
    - perf/x86: Apply more accurate check on hypervisor platform
    - gen_compile_commands: lower the entry count threshold
    - NFSv4: Fix delegation state recovery
    - NFSv4: Check the return value of update_open_stateid()
    - KVM: arm/arm64: Sync ICH_VMCR_EL2 back when about to block
    - iwlwifi: mvm: fix a use-after-free bug in iwl_mvm_tx_tso_segment
    - sh: kernel: hw_breakpoint: Fix missing break in switch statement
    - seq_file: fix problem when seeking mid-record
    - mm/hmm: fix bad subpage pointer in try_to_unmap_one
    - mm: mempolicy: make the behavior consistent when MPOL_MF_MOVE* and
      MPOL_MF_STRICT were specified
    - mm: mempolicy: handle vma with unmovable pages mapped correctly in mbind
    - mm/memcontrol.c: fix use after free in mem_cgroup_iter()
    - mm/usercopy: use memory range to be accessed for wraparound check
    - cpufreq: schedutil: Don't skip freq update when limits change
    - xtensa: add missing isync to the cpu_reset TLB code
    - ALSA: hda/realtek - Add quirk for HP Envy x360
    - ALSA: usb-audio: Fix a stack buffer overflow bug in check_input_term
    - ALSA: usb-audio: Fix an OOB bug in parse_audio_mixer_unit
    - ALSA: hda - Apply workaround for another AMD chip 1022:1487
    - ALSA: hda - Fix a memory leak bug
    - HID: holtek: test for sanity of intfdata
    - HID: hiddev: avoid opening a disconnected device
    - HID: hiddev: do cleanup in failure of opening a device
    - Input: kbtab - sanity check for endpoint type
    - Input: iforce - add sanity checks
    - net: usb: pegasus: fix improper read if get_registers() fail
    - netfilter: ebtables: also count base chain policies
    - riscv: Make __fstate_clean() work correctly.
    - clk: at91: generated: Truncate divisor to GENERATED_MAX_DIV + 1
    - clk: sprd: Select REGMAP_MMIO to avoid compile errors
    - clk: renesas: cpg-mssr: Fix reset control race condition
    - xen/pciback: remove set but not used variable 'old_state'
    - irqchip/gic-v3-its: Free unused vpt_page when alloc vpe table fail
    - irqchip/irq-imx-gpcv2: Forward irq type to parent
    - perf header: Fix divide by zero error if f_header.attr_size==0
    - perf header: Fix use of unitialized value warning
    - libata: zpodd: Fix small read overflow in zpodd_get_mech_type()
    - drm/bridge: lvds-encoder: Fix build error while CONFIG_DRM_KMS_HELPER=m
    - Btrfs: fix deadlock between fiemap and transaction commits
    - scsi: hpsa: correct scsi command status issue after reset
    - scsi: qla2xxx: Fix possible fcport null-pointer dereferences
    - drm/amdgpu: fix a potential information leaking bug
    - ata: libahci: do not complain in case of deferred probe
    - kbuild: modpost: handle KBUILD_EXTRA_SYMBOLS only for external modules
    - kbuild: Check for unknown options with cc-option usage in Kconfig and clang
    - arm64/efi: fix variable 'si' set but not used
    - arm64: unwind: Prohibit probing on return_address()
    - arm64/mm: fix variable 'pud' set but not used
    - IB/core: Add mitigation for Spectre V1
    - IB/mlx5: Fix MR registration flow to use UMR properly
    - IB/mad: Fix use-after-free in ib mad completion handling
    - drm: msm: Fix add_gpu_components
    - drm/exynos: fix missing decrement of retry counter
    - Revert "kmemleak: allow to coexist with fault injection"
    - ocfs2: remove set but not used variable 'last_hash'
    - asm-generic: fix -Wtype-limits compiler warnings
    - arm64: KVM: regmap: Fix unexpected switch fall-through
    - staging: comedi: dt3000: Fix signed integer overflow 'divider * base'
    - staging: comedi: dt3000: Fix rounding up of timer divisor
    - iio: adc: max9611: Fix temperature reading in probe
    - USB: core: Fix races in character device registration and deregistraion
    - usb: gadget: udc: renesas_usb3: Fix sysfs interface of "role"
    - usb: cdc-acm: make sure a refcount is taken early enough
    - USB: CDC: fix sanity checks in CDC union parser
    - USB: serial: option: add D-Link DWM-222 device ID
    - USB: serial: option: Add support for ZTE MF871A
    - USB: serial: option: add the BroadMobi BM818 card
    - USB: serial: option: Add Motorola modem UARTs
    - arm64: ftrace: Ensure module ftrace trampoline is coherent with I-side
    - netfilter: conntrack: Use consistent ct id hash calculation
    - Input: psmouse - fix build error of multiple definition
    - bnx2x: Fix VF's VLAN reconfiguration in reload.
    - bonding: Add vlan tx offload to hw_enc_features
    - net: dsa: Check existence of .port_mdb_add callback before calling it
    - net/mlx4_en: fix a memory leak bug
    - net/packet: fix race in tpacket_snd()
    - sctp: fix memleak in sctp_send_reset_streams
    - sctp: fix the transport error_count check
    - team: Add vlan tx offload to hw_enc_features
    - tipc: initialise addr_trail_end when setting node addresses
    - xen/netback: Reset nr_frags before freeing skb
    - net/mlx5e: Only support tx/rx pause setting for port owner
    - net/mlx5e: Use flow keys dissector to parse packets for ARFS
    - mm/z3fold.c: fix z3fold_destroy_pool() ordering
    - mm, vmscan: do not special-case slab reclaim when watermarks are boosted
    - drm/amdgpu: fix gfx9 soft recovery
    - riscv: Correct the initialized flow of FP register
    - blk-mq: move cancel of requeue_work to the front of blk_exit_queue
    - IB/mlx5: Replace kfree with kvfree
    - dma-mapping: check pfn validity in dma_common_{mmap,get_sgtable}
    - f2fs: fix to read source block before invalidating it
    - tools perf beauty: Fix usbdevfs_ioctl table generator to handle _IOC()
    - ALSA: pcm: fix lost wakeup event scenarios in snd_pcm_drain
    - drm/bridge: tc358764: Fix build error
    - tracing: Fix header include guards in trace event headers
    - drm/amdkfd: Fix byte align on VegaM
    - RDMA/restrack: Track driver QP types in resource tracker
    - RDMA/mlx5: Release locks during notifier unregister
    - arm64: kprobes: Recover pstate.D in single-step exception handler
    - arm64: Make debug exception handlers visible from RCU
    - page flags: prioritize kasan bits over last-cpuid
    - bnxt_en: Fix VNIC clearing logic for 57500 chips.
    - bnxt_en: Improve RX doorbell sequence.
    - bnxt_en: Fix handling FRAG_ERR when NVM_INSTALL_UPDATE cmd fails
    - bnxt_en: Suppress HWRM errors for HWRM_NVM_GET_VARIABLE command
    - bnxt_en: Use correct src_fid to determine direction of the flow
    - bnxt_en: Fix to include flow direction in L2 key
    - net sched: update skbedit action for batched events operations
    - tc-testing: updated skbedit action tests with batch create/delete

* Disco update: upstream stable patchset 2019-08-27 (LP: #1841681)
    - hv_sock: Add support for delayed close
    - vsock: correct removal of socket from the list
    - ISDN: hfcsusb: checking idx of ep configuration
    - media: au0828: fix null dereference in error path
    - ath10k: Change the warning message string
    - media: cpia2_usb: first wake up, then free in disconnect
    - media: pvrusb2: use a different format for warnings
    - NFS: Cleanup if nfs_match_client is interrupted
    - media: radio-raremono: change devm_k*alloc to k*alloc
    - Bluetooth: hci_uart: check for missing tty operations
    - sched/fair: Don't free p->numa_faults with concurrent readers
    - sched/fair: Use RCU accessors consistently for ->numa_group
    - /proc/<pid>/cmdline: remove all the special cases
    - /proc/<pid>/cmdline: add back the setproctitle() special case
    - drivers/pps/pps.c: clear offset flags in PPS_SETPARAMS ioctl
    - Fix allyesconfig output.
    - ceph: hold i_ceph_lock when removing caps for freeing inode
    - ip_tunnel: allow not to count pkts on tstats by setting skb's dev to NULL
    - xfrm: policy: fix bydst hlist corruption on hash rebuild
    - nvme: fix multipath crash when ANA is deactivated
    - ARM: riscpc: fix DMA
    - ARM: dts: rockchip: Make rk3288-veyron-minnie run at hs200
    - ARM: dts: rockchip: Make rk3288-veyron-mickey's emmc work again
    - ARM: dts: rockchip: Mark that the rk3288 timer might stop in suspend
    - ftrace: Enable trampoline when rec count returns back to one
    - dmaengine: tegra-apb: Error out if DMA_PREP_INTERRUPT flag is unset
    - arm64: dts: rockchip: fix isp iommu clocks and power domain
    - kernel/module.c: Only return -EEXIST for modules that have finished loading
    - firmware/psci: psci_checker: Park kthreads before stopping them
    - MIPS: lantiq: Fix bitfield masking
    - dmaengine: rcar-dmac: Reject zero-length slave DMA requests
    - clk: tegra210: fix PLLU and PLLU_OUT1
    - fs/adfs: super: fix use-after-free bug
    - clk: sprd: Add check for return value of sprd_clk_regmap_init()
    - btrfs: fix minimum number of chunk errors for DUP
    - btrfs: qgroup: Don't hold qgroup_ioctl_lock in btrfs_qgroup_inherit()
    - cifs: Fix a race condition with cifs_echo_request
    - ceph: fix improper use of smp_mb__before_atomic()
    - ceph: return -ERANGE if virtual xattr value didn't fit in buffer
    - ACPI: blacklist: fix clang warning for unused DMI table
    - scsi: zfcp: fix GCC compiler warning emitted with -Wmaybe-uninitialized
    - perf version: Fix segfault due to missing OPT_END()
    - x86: kvm: avoid constant-conversion warning
    - ACPI: fix false-positive -Wuninitialized warning
    - be2net: Signal that the device cannot transmit during reconfiguration
    - x86/apic: Silence -Wtype-limits compiler warnings
    - x86: math-emu: Hide clang warnings for 16-bit overflow
    - mm/cma.c: fail if fixed declaration can't be honored
    - lib/test_overflow.c: avoid tainting the kernel and fix wrap size
    - lib/test_string.c: avoid masking memset16/32/64 failures
    - coda: add error handling for fget
    - coda: fix build using bare-metal toolchain
    - uapi linux/coda_psdev.h: move upc_req definition from uapi to kernel side
      headers
    - drivers/rapidio/devices/rio_mport_cdev.c: NUL terminate some strings
    - ipc/mqueue.c: only perform resource calculation if user valid
    - xen/pv: Fix a boot up hang revealed by int3 self test
    - x86/kvm: Don't call kvm_spurious_fault() from .fixup
    - x86/paravirt: Fix callee-saved function ELF sizes
    - x86, boot: Remove multiple copy of static function sanitize_boot_params()
    - drm/nouveau: fix memory leak in nouveau_conn_reset()
    - kconfig: Clear "written" flag to avoid data loss
    - kbuild: initialize CLANG_FLAGS correctly in the top Makefile
    - Btrfs: fix incremental send failure after deduplication
    - Btrfs: fix race leading to fs corruption after transaction abort
    - mmc: dw_mmc: Fix occasional hang after tuning on eMMC
    - mmc: meson-mx-sdio: Fix misuse of GENMASK macro
    - gpiolib: fix incorrect IRQ requesting of an active-low lineevent
    - IB/hfi1: Fix Spectre v1 vulnerability
    - mtd: rawnand: micron: handle on-die "ECC-off" devices correctly
    - selinux: fix memory leak in policydb_init()
    - ALSA: hda: Fix 1-minute detection delay when i915 module is not available
    - mm: vmscan: check if mem cgroup is disabled or not before calling memcg slab
      shrinker
    - s390/dasd: fix endless loop after read unit address configuration
    - cgroup: kselftest: relax fs_spec checks
    - parisc: Fix build of compressed kernel even with debug enabled
    - drivers/perf: arm_pmu: Fix failure path in PM notifier
    - arm64: compat: Allow single-byte watchpoints on all addresses
    - arm64: cpufeature: Fix feature comparison for CTR_EL0.{CWG,ERG}
    - nbd: replace kill_bdev() with __invalidate_device() again
    - xen/swiotlb: fix condition for calling xen_destroy_contiguous_region()
    - IB/mlx5: Fix unreg_umr to ignore the mkey state
    - IB/mlx5: Use direct mkey destroy command upon UMR unreg failure
    - IB/mlx5: Move MRs to a kernel PD when freeing them to the MR cache
    - IB/mlx5: Fix clean_mr() to work in the expected order
    - IB/mlx5: Fix RSS Toeplitz setup to be aligned with the HW specification
    - IB/hfi1: Check for error on call to alloc_rsm_map_table
    - drm/i915/gvt: fix incorrect cache entry for guest page mapping
    - eeprom: at24: make spd world-readable again
    - gcc-9: properly declare the {pv,hv}clock_page storage
    - scsi: mpt3sas: Use 63-bit DMA addressing on SAS35 HBA
    - Documentation: Add swapgs description to the Spectre v1 documentation
    - arm64: dts: marvell: mcbin: enlarge PCI memory window
    - PCI: OF: Initialize dev->fwnode appropriately
    - arm64: qcom: qcs404: Add reset-cells to GCC node
    - swiotlb: fix phys_addr_t overflow warning
    - arm64: dts: rockchip: Fix USB3 Type-C on rk3399-sapphire
    - btrfs: Flush before reflinking any extent to prevent NOCOW write falling
      back to COW without data reservation
    - virtio-mmio: add error check for platform_get_irq
    - cifs: fix crash in cifs_dfs_do_automount
    - KVM: nVMX: Ignore segment base for VMX memory operand when segment not FS or
      GS
    - bpf: fix BTF verifier size resolution logic
    - mm/slab_common.c: work around clang bug #42570
    - mm/ioremap: check virtual address alignment while creating huge mappings
    - nds32: fix asm/syscall.h
    - mm/hotplug: make remove_memory() interface usable
    - crypto: ccp - Fix SEV_VERSION_GREATER_OR_EQUAL
    - bpf: Disable GCC -fgcse optimization for ___bpf_prog_run()
    - kbuild: modpost: include .*.cmd files only when targets exist
    - dax: Fix missed wakeup in put_unlocked_entry()
    - fgraph: Remove redundant ftrace_graph_notrace_addr() test
    - mmc: host: sdhci-sprd: Fix the missing pm_runtime_put_noidle()
    - mmc: mmc_spi: Enable stable writes
    - gpiolib: Preserve desc->flags when setting state
    - gpio: don't WARN() on NULL descs if gpiolib is disabled
    - i2c: at91: disable TXRDY interrupt after sending data
    - i2c: at91: fix clk_offset for sama5d2
    - mm: migrate: fix reference check race between __find_get_block() and
      migration
    - mm/migrate.c: initialize pud_entry in migrate_vma()
    - parisc: Add archclean Makefile target
    - parisc: Strip debug info from kernel before creating compressed vmlinuz
    - RDMA/bnxt_re: Honor vlan_id in GID entry comparison
    - drm/i915/perf: fix ICL perf register offsets

* Disco update: upstream stable patchset 2019-08-22 (LP: #1841121)
    - hvsock: fix epollout hang from race condition
    - drm/panel: simple: Fix panel_simple_dsi_probe
    - iio: adc: stm32-dfsdm: manage the get_irq error case
    - iio: adc: stm32-dfsdm: missing error case during probe
    - staging: vt6656: use meaningful error code during buffer allocation
    - usb: core: hub: Disable hub-initiated U1/U2
    - tty: max310x: Fix invalid baudrate divisors calculator
    - pinctrl: rockchip: fix leaked of_node references
    - tty: serial: cpm_uart - fix init when SMC is relocated
    - drm/amd/display: Fill prescale_params->scale for RGB565
    - drm/amdgpu/sriov: Need to initialize the HDP_NONSURFACE_BAStE
    - drm/amd/display: Disable ABM before destroy ABM struct
    - drm/amdkfd: Fix a potential memory leak
    - drm/amdkfd: Fix sdma queue map issue
    - drm/edid: Fix a missing-check bug in drm_load_edid_firmware()
    - PCI: Return error if cannot probe VF
    - drm/bridge: tc358767: read display_props in get_modes()
    - drm/bridge: sii902x: pixel clock unit is 10kHz instead of 1kHz
    - gpu: host1x: Increase maximum DMA segment size
    - drm/crc-debugfs: User irqsafe spinlock in drm_crtc_add_crc_entry
    - drm/crc-debugfs: Also sprinkle irqrestore over early exits
    - memstick: Fix error cleanup path of memstick_init
    - tty/serial: digicolor: Fix digicolor-usart already registered warning
    - tty: serial: msm_serial: avoid system lockup condition
    - serial: 8250: Fix TX interrupt handling condition
    - drm/amd/display: Always allocate initial connector state state
    - drm/virtio: Add memory barriers for capset cache.
    - phy: renesas: rcar-gen2: Fix memory leak at error paths
    - drm/amd/display: fix compilation error
    - powerpc/pseries/mobility: prevent cpu hotplug during DT update
    - drm/rockchip: Properly adjust to a true clock in adjusted_mode
    - serial: imx: fix locking in set_termios()
    - tty: serial_core: Set port active bit in uart_port_activate
    - usb: gadget: Zero ffs_io_data
    - mmc: sdhci: sdhci-pci-o2micro: Check if controller supports 8-bit width
    - powerpc/pci/of: Fix OF flags parsing for 64bit BARs
    - drm/msm: Depopulate platform on probe failure
    - serial: mctrl_gpio: Check if GPIO property exisits before requesting it
    - PCI: sysfs: Ignore lockdep for remove attribute
    - i2c: stm32f7: fix the get_irq error cases
    - kbuild: Add -Werror=unknown-warning-option to CLANG_FLAGS
    - genksyms: Teach parser about 128-bit built-in types
    - PCI: xilinx-nwl: Fix Multi MSI data programming
    - iio: iio-utils: Fix possible incorrect mask calculation
    - powerpc/cacheflush: fix variable set but not used
    - powerpc/xmon: Fix disabling tracing while in xmon
    - recordmcount: Fix spurious mcount entries on powerpc
    - mfd: madera: Add missing of table registration
    - mfd: core: Set fwnode for created devices
    - mfd: arizona: Fix undefined behavior
    - mfd: hi655x-pmic: Fix missing return value check for
      devm_regmap_init_mmio_clk
    - mm/swap: fix release_pages() when releasing devmap pages
    - um: Silence lockdep complaint about mmap_sem
    - powerpc/4xx/uic: clear pending interrupt after irq type/pol change
    - RDMA/i40iw: Set queue pair state when being queried
    - serial: sh-sci: Terminate TX DMA during buffer flushing
    - serial: sh-sci: Fix TX DMA buffer flushing and workqueue races
    - IB/mlx5: Fixed reporting counters on 2nd port for Dual port RoCE
    - powerpc/mm: Handle page table allocation failures
    - IB/ipoib: Add child to parent list only if device initialized
    - arm64: assembler: Switch ESB-instruction with a vanilla nop if
      !ARM64_HAS_RAS
    - PCI: mobiveil: Fix PCI base address in MEM/IO outbound windows
    - PCI: mobiveil: Fix the Class Code field
    - kallsyms: exclude kasan local symbols on s390
    - PCI: mobiveil: Initialize Primary/Secondary/Subordinate bus numbers
    - PCI: mobiveil: Use the 1st inbound window for MEM inbound transactions
    - perf test mmap-thread-lookup: Initialize variable to suppress memory
      sanitizer warning
    - perf stat: Fix use-after-freed pointer detected by the smatch tool
    - perf top: Fix potential NULL pointer dereference detected by the smatch tool
    - perf session: Fix potential NULL pointer dereference found by the smatch
      tool
    - perf annotate: Fix dereferencing freed memory found by the smatch tool
    - perf hists browser: Fix potential NULL pointer dereference found by the
      smatch tool
    - RDMA/rxe: Fill in wc byte_len with IB_WC_RECV_RDMA_WITH_IMM
    - PCI: dwc: pci-dra7xx: Fix compilation when !CONFIG_GPIOLIB
    - powerpc/boot: add {get, put}_unaligned_be32 to xz_config.h
    - block: init flush rq ref count to 1
    - f2fs: avoid out-of-range memory access
    - mailbox: handle failed named mailbox channel request
    - dlm: check if workqueues are NULL before flushing/destroying
    - powerpc/eeh: Handle hugepages in ioremap space
    - block/bio-integrity: fix a memory leak bug
    - sh: prevent warnings when using iounmap
    - mm/kmemleak.c: fix check for softirq context
    - 9p: pass the correct prototype to read_cache_page
    - mm/gup.c: mark undo_dev_pagemap as __maybe_unused
    - mm/gup.c: remove some BUG_ONs from get_gate_page()
    - memcg, fsnotify: no oom-kill for remote memcg charging
    - mm/mmu_notifier: use hlist_add_head_rcu()
    - proc: use down_read_killable mmap_sem for /proc/pid/smaps_rollup
    - proc: use down_read_killable mmap_sem for /proc/pid/pagemap
    - proc: use down_read_killable mmap_sem for /proc/pid/clear_refs
    - proc: use down_read_killable mmap_sem for /proc/pid/map_files
    - cxgb4: reduce kernel stack usage in cudbg_collect_mem_region()
    - proc: use down_read_killable mmap_sem for /proc/pid/maps
    - locking/lockdep: Fix lock used or unused stats error
    - mm: use down_read_killable for locking mmap_sem in access_remote_vm
    - locking/lockdep: Hide unused 'class' variable
    - usb: wusbcore: fix unbalanced get/put cluster_id
    - usb: pci-quirks: Correct AMD PLL quirk detection
    - btrfs: inode: Don't compress if NODATASUM or NODATACOW set
    - x86/sysfb_efi: Add quirks for some devices with swapped width and height
    - x86/speculation/mds: Apply more accurate check on hypervisor platform
    - binder: prevent transactions to context manager from its own process.
    - fpga-manager: altera-ps-spi: Fix build error
    - mei: me: add mule creek canyon (EHL) device ids
    - hpet: Fix division by zero in hpet_time_div()
    - ALSA: ac97: Fix double free of ac97_codec_device
    - powerpc/xive: Fix loop exit-condition in xive_find_target_in_mask()
    - libnvdimm/bus: Stop holding nvdimm_bus_list_mutex over __nd_ioctl()
    - access: avoid the RCU grace period for the temporary subjective credentials
    - regulator: 88pm800: fix warning same module names
    - media: drivers: media: coda: fix warning same module names
    - btrfs: shut up bogus -Wmaybe-uninitialized warning
    - drm/virtio: set seqno for dma-fence
    - ipmi_si: fix unexpected driver unregister warning
    - drm/bochs: Fix connector leak during driver unload
    - drm/msm/a6xx: Check for ERR or NULL before iounmap
    - ipmi:ssif: Only unregister the platform driver if it was registered
    - ipmi_ssif: fix unexpected driver unregister warning
    - drm/amd/display: Disable cursor when offscreen in negative direction
    - drm/amdgpu: Reserve shared fence for eviction fence
    - f2fs: fix to avoid deadloop if data_flush is on
    - tools: PCI: Fix broken pcitest compilation
    - drm/amd/display: Increase Backlight Gain Step Size
    - f2fs: Fix accounting for unusable blocks
    - f2fs: Lower threshold for disable_cp_again
    - drm/vkms: Forward timer right after drm_crtc_handle_vblank
    - i2c: nvidia-gpu: resume ccgx i2c client
    - PCI: endpoint: Allocate enough space for fixed size BAR
    - dma-remap: Avoid de-referencing NULL atomic_pool
    - platform/x86: asus-wmi: Increase input buffer size of WMI methods
    - iio: adxl372: fix iio_triggered_buffer_{pre,post}enable positions
    - serial: uartps: Use the same dynamic major number for all ports
    - kvm: vmx: fix limit checking in get_vmx_mem_address()
    - KVM: nVMX: Intercept VMWRITEs to GUEST_{CS,SS}_AR_BYTES
    - kvm: vmx: segment limit check: use access length
    - powerpc/rtas: retry when cpu offline races with suspend/migration
    - fixdep: check return value of printf() and putchar()
    - KVM: nVMX: Stash L1's CR3 in vmcs01.GUEST_CR3 on nested entry w/o EPT
    - perf trace: Fix potential NULL pointer dereference found by the smatch tool
    - perf map: Fix potential NULL pointer dereference found by smatch tool
    - perf intel-bts: Fix potential NULL pointer dereference found by the smatch
      tool
    - RDMA/core: Fix race when resolving IP address
    - nvme-pci: check for NULL return from pci_alloc_p2pmem()
    - nvme-pci: limit max_hw_sectors based on the DMA max mapping size
    - nvme-tcp: don't use sendpage for SLAB pages
    - nvme-tcp: set the STABLE_WRITES flag when data digests are enabled
    - powerpc/irq: Don't WARN continuously in arch_local_irq_restore()
    - nvme: fix NULL deref for fabrics options
    - mm/mincore.c: fix race between swapoff and mincore
    - mm, swap: fix race between swapoff and some swap operations
    - usb-storage: Add a limitation for blk_queue_max_hw_sectors()
    - KVM: PPC: Book3S HV: Always save guest pmu for guest capable of nesting
    - KVM: PPC: Book3S HV: Save and restore guest visible PSSCR bits on pseries
    - selinux: check sidtab limit before adding a new entry
    - x86/stacktrace: Prevent access_ok() warnings in arch_stack_walk_user()
    - eeprom: make older eeprom drivers select NVMEM_SYSFS
    - drm/panel: Add support for Armadeus ST0700 Adapt
    - ALSA: hda - Fix intermittent CORB/RIRB stall on Intel chips
    - powerpc/mm: Limit rma_size to 1TB when running without HV mode
    - powerpc/pmu: Set pmcregs_in_use in paca when running as LPAR
    - iommu/vt-d: Don't queue_iova() if there is no flush queue
    - iommu/iova: Remove stale cached32_node
    - iommu/iova: Fix compilation error with !CONFIG_IOMMU_IOVA
    - libnvdimm/region: Register badblocks before namespaces

* Line 6 POD HD500 driver fault (LP: #1790595) // Disco update: upstream
    stable patchset 2019-08-22 (LP: #1841121)
    - ALSA: line6: Fix wrong altsetting for LINE6_PODHD500_1

* Disco update: upstream stable patchset 2019-08-21 (LP: #1840961)
    - bnx2x: Prevent load reordering in tx completion processing
    - caif-hsi: fix possible deadlock in cfhsi_exit_module()
    - hv_netvsc: Fix extra rcu_read_unlock in netvsc_recv_callback()
    - igmp: fix memory leak in igmpv3_del_delrec()
    - ipv4: don't set IPv6 only flags to IPv4 addresses
    - ipv6: rt6_check should return NULL if 'from' is NULL
    - ipv6: Unlink sibling route in case of failure
    - net: bcmgenet: use promisc for unsupported filters
    - net: dsa: mv88e6xxx: wait after reset deactivation
    - net: make skb_dst_force return true when dst is refcounted
    - net: neigh: fix multiple neigh timer scheduling
    - net: openvswitch: fix csum updates for MPLS actions
    - net: phy: sfp: hwmon: Fix scaling of RX power
    - net: stmmac: Re-work the queue selection for TSO packets
    - nfc: fix potential illegal memory access
    - r8169: fix issue with confused RX unit after PHY power-down on RTL8411b
    - rxrpc: Fix send on a connected, but unbound socket
    - sctp: fix error handling on stream scheduler initialization
    - sky2: Disable MSI on ASUS P6T
    - tcp: be more careful in tcp_fragment()
    - tcp: fix tcp_set_congestion_control() use from bpf hook
    - tcp: Reset bytes_acked and bytes_received when disconnecting
    - vrf: make sure skb->data contains ip header to make routing
    - net/mlx5e: IPoIB, Add error path in mlx5_rdma_setup_rn
    - macsec: fix use-after-free of skb during RX
    - macsec: fix checksumming after decryption
    - netrom: fix a memory leak in nr_rx_frame()
    - netrom: hold sock when setting skb->destructor
    - net_sched: unset TCQ_F_CAN_BYPASS when adding filters
    - net/tls: make sure offload also gets the keys wiped
    - sctp: not bind the socket in sctp_connect
    - net: bridge: mcast: fix stale nsrcs pointer in igmp3/mld2 report handling
    - net: bridge: mcast: fix stale ipv6 hdr pointer when handling v6 query
    - net: bridge: don't cache ether dest pointer on input
    - net: bridge: stp: don't cache eth dest pointer before skb pull
    - dma-buf: balance refcount inbalance
    - dma-buf: Discard old fence_excl on retrying get_fences_rcu for realloc
    - gpio: davinci: silence error prints in case of EPROBE_DEFER
    - MIPS: lb60: Fix pin mappings
    - perf/core: Fix exclusive events' grouping
    - perf/core: Fix race between close() and fork()
    - ext4: don't allow any modifications to an immutable file
    - ext4: enforce the immutable flag on open files
    - mm: add filemap_fdatawait_range_keep_errors()
    - jbd2: introduce jbd2_inode dirty range scoping
    - ext4: use jbd2_inode dirty range scoping
    - ext4: allow directory holes
    - KVM: nVMX: do not use dangling shadow VMCS after guest reset
    - KVM: nVMX: Clear pending KVM_REQ_GET_VMCS12_PAGES when leaving nested
    - mm: vmscan: scan anonymous pages on file refaults
    - net: sched: verify that q!=NULL before setting q->flags
    - selftests: txring_overwrite: fix incorrect test of mmap() return value
    - net/tls: reject offload of TLS 1.3
    - net/mlx5e: Rx, Fix checksum calculation for new hardware
    - gpiolib: of: fix a memory leak in of_gpio_flags_quirks()
    - sd_zbc: Fix report zones buffer allocation
    - block: Limit zone array allocation size
    - bnxt_en: Fix VNIC accounting when enabling aRFS on 57500 chips.
    - mlxsw: spectrum_dcb: Configure DSCP map as the last rule is removed
    - mlxsw: spectrum: Do not process learned records with a dummy FID
    - Revert "kvm: x86: Use task structs fpu field for user"

* Disco update: upstream stable patchset 2019-08-19 (LP: #1840718)
    - Bluetooth: Align minimum encryption key size for LE and BR/EDR connections
    - Bluetooth: Fix regression with minimum encryption key size alignment
    - Bluetooth: Fix faulty expression for minimum encryption key size check
    - netfilter: nf_flow_table: ignore DF bit setting
    - netfilter: nft_flow_offload: set liberal tracking mode for tcp
    - netfilter: nft_flow_offload: don't offload when sequence numbers need
      adjustment
    - netfilter: nft_flow_offload: IPCB is only valid for ipv4 family
    - ASoC : cs4265 : readable register too low
    - ASoC: ak4458: add return value for ak4458_probe
    - ASoC: soc-pcm: BE dai needs prepare when pause release after resume
    - ASoC: ak4458: rstn_control - return a non-zero on error only
    - spi: bitbang: Fix NULL pointer dereference in spi_unregister_master
    - drm/mediatek: fix unbind functions
    - drm/mediatek: unbind components in mtk_drm_unbind()
    - drm/mediatek: call drm_atomic_helper_shutdown() when unbinding driver
    - drm/mediatek: clear num_pipes when unbind driver
    - drm/mediatek: call mtk_dsi_stop() after mtk_drm_crtc_atomic_disable()
    - ASoC: max98090: remove 24-bit format support if RJ is 0
    - ASoC: sun4i-i2s: Fix sun8i tx channel offset mask
    - ASoC: sun4i-i2s: Add offset to RX channel select
    - x86/CPU: Add more Icelake model numbers
    - usb: gadget: fusb300_udc: Fix memory leak of fusb300->ep[i]
    - usb: gadget: udc: lpc32xx: allocate descriptor with GFP_ATOMIC
    - ALSA: hdac: fix memory release for SST and SOF drivers
    - SoC: rt274: Fix internal jack assignment in set_jack callback
    - scsi: hpsa: correct ioaccel2 chaining
    - drm: panel-orientation-quirks: Add quirk for GPD pocket2
    - drm: panel-orientation-quirks: Add quirk for GPD MicroPC
    - platform/x86: intel-vbtn: Report switch events when event wakes device
    - platform/x86: mlx-platform: Fix parent device in i2c-mux-reg device
      registration
    - platform/mellanox: mlxreg-hotplug: Add devm_free_irq call to remove flow
    - i2c: pca-platform: Fix GPIO lookup code
    - cpuset: restore sanity to cpuset_cpus_allowed_fallback()
    - scripts/decode_stacktrace.sh: prefix addr2line with $CROSS_COMPILE
    - mm/mlock.c: change count_mm_mlocked_page_nr return type
    - tracing: avoid build warning with HAVE_NOP_MCOUNT
    - module: Fix livepatch/ftrace module text permissions race
    - ftrace: Fix NULL pointer dereference in free_ftrace_func_mapper()
    - crypto: user - prevent operating on larval algorithms
    - crypto: cryptd - Fix skcipher instance memory leak
    - ALSA: seq: fix incorrect order of dest_client/dest_ports arguments
    - ALSA: firewire-lib/fireworks: fix miss detection of received MIDI messages
    - ALSA: line6: Fix write on zero-sized buffer
    - ALSA: usb-audio: fix sign unintended sign extension on left shifts
    - ALSA: hda/realtek: Add quirks for several Clevo notebook barebones
    - ALSA: hda/realtek - Change front mic location for Lenovo M710q
    - lib/mpi: Fix karactx leak in mpi_powm
    - fs/userfaultfd.c: disable irqs for fault_pending and event locks
    - tracing/snapshot: Resize spare buffer if size changed
    - ARM: dts: armada-xp-98dx3236: Switch to armada-38x-uart serial node
    - arm64: kaslr: keep modules inside module region when KASAN is enabled
    - drm/amd/powerplay: use hardware fan control if no powerplay fan table
    - drm/amdgpu/gfx9: use reset default for PA_SC_FIFO_SIZE
    - drm/etnaviv: add missing failure path to destroy suballoc
    - drm/imx: notify drm core before sending event during crtc disable
    - drm/imx: only send event on crtc disable if kept disabled
    - ftrace/x86: Remove possible deadlock between register_kprobe() and
      ftrace_run_update_code()
    - mm/vmscan.c: prevent useless kswapd loops
    - btrfs: Ensure replaced device doesn't have pending chunk allocation
    - tty: rocket: fix incorrect forward declaration of 'rp_init()'
    - net/smc: move unhash before release of clcsock
    - media: s5p-mfc: fix incorrect bus assignment in virtual child device
    - drm/fb-helper: generic: Don't take module ref for fbcon
    - f2fs: don't access node/meta inode mapping after iput
    - ALSA: hda: Initialize power_state field properly
    - ip6: fix skb leak in ip6frag_expire_frag_queue()
    - net: IP defrag: encapsulate rbtree defrag code into callable functions
    - net: IP6 defrag: use rbtrees for IPv6 defrag
    - net: IP6 defrag: use rbtrees in nf_conntrack_reasm.c
    - netfilter: ipv6: nf_defrag: fix leakage of unqueued fragments
    - sc16is7xx: move label 'err_spi' to correct section
    - netfilter: ipv6: nf_defrag: accept duplicate fragments again
    - KVM: x86: degrade WARN to pr_warn_ratelimited
    - KVM: LAPIC: Fix pending interrupt in IRR blocked by software disable LAPIC
    - nfsd: Fix overflow causing non-working mounts on 1 TB machines
    - svcrdma: Ignore source port when computing DRC hash
    - MIPS: Fix bounds check virt_addr_valid
    - MIPS: Add missing EHB in mtc0 -> mfc0 sequence.
    - MIPS: have "plain" make calls build dtbs for selected platforms
    - dmaengine: qcom: bam_dma: Fix completed descriptors count
    - dmaengine: imx-sdma: remove BD_INTR for channel0
    - signal: remove the wrong signal_pending() check in restore_user_sigmask()
    - idr: Fix idr_get_next race with idr_remove
    - ASoC: core: lock client_mutex while removing link components
    - iommu/vt-d: Set the right field for Page Walk Snoop
    - HID: a4tech: fix horizontal scrolling
    - ASoC: hda: fix unbalanced codec dev refcount for HDA_DEV_ASOC
    - gpio: pca953x: hack to fix 24 bit gpio expanders
    - ASoC: Intel: sst: fix kmalloc call with wrong flags
    - arm64: tlbflush: Ensure start/end of address range are aligned to stride
    - dax: Fix xarray entry association for mixed mappings
    - swap_readpage(): avoid blk_wake_io_task() if !synchronous
    - drm/virtio: move drm_connector_update_edid_property() call
    - s390/mm: fix pxd_bad with folded page tables
    - dmaengine: jz4780: Fix an endian bug in IRQ handler
    - scsi: target/iblock: Fix overrun in WRITE SAME emulation
    - crypto: talitos - rename alternative AEAD algos.
    - soc: brcmstb: Fix error path for unsupported CPUs
    - soc: bcm: brcmstb: biuctrl: Register writes require a barrier
    - samples, bpf: fix to change the buffer size for read()
    - samples, bpf: suppress compiler warning
    - mac80211: fix rate reporting inside cfg80211_calculate_bitrate_he()
    - bpf: sockmap, fix use after free from sleep in psock backlog workqueue
    - soundwire: stream: fix out of boundary access on port properties
    - staging:iio:ad7150: fix threshold mode config bit
    - mac80211: mesh: fix RCU warning
    - mac80211: free peer keys before vif down in mesh
    - iwlwifi: Fix double-free problems in iwl_req_fw_callback()
    - soundwire: intel: set dai min and max channels correctly
    - dt-bindings: can: mcp251x: add mcp25625 support
    - can: mcp251x: add support for mcp25625
    - can: m_can: implement errata "Needless activation of MRAF irq"
    - can: af_can: Fix error path of can_init()
    - ibmvnic: Do not close unopened driver during reset
    - ibmvnic: Refresh device multicast list after reset
    - ibmvnic: Fix unchecked return codes of memory allocations
    - ARM: dts: am335x phytec boards: Fix cd-gpios active level
    - s390/boot: disable address-of-packed-member warning
    - drm/vmwgfx: Honor the sg list segment size limitation
    - drm/vmwgfx: fix a warning due to missing dma_parms
    - riscv: Fix udelay in RV32.
    - Input: imx_keypad - make sure keyboard can always wake up system
    - KVM: arm/arm64: vgic: Fix kvm_device leak in vgic_its_destroy
    - mlxsw: spectrum: Disallow prio-tagged packets when PVID is removed
    - ARM: davinci: da850-evm: call regulator_has_full_constraints()
    - ARM: davinci: da8xx: specify dma_coherent_mask for lcdc
    - mac80211: only warn once on chanctx_conf being NULL
    - mac80211: do not start any work during reconfigure flow
    - bpf, devmap: Fix premature entry free on destroying map
    - bpf, devmap: Add missing bulk queue free
    - bpf, devmap: Add missing RCU read lock on flush
    - bpf, x64: fix stack layout of JITed bpf code
    - qmi_wwan: add support for QMAP padding in the RX path
    - qmi_wwan: avoid RCU stalls on device disconnect when in QMAP mode
    - qmi_wwan: extend permitted QMAP mux_id value range
    - mmc: core: complete HS400 before checking status
    - md: fix for divide error in status_resync
    - bnx2x: Check if transceiver implements DDM before access
    - drm: return -EFAULT if copy_to_user() fails
    - ip6_tunnel: allow not to count pkts on tstats by passing dev as NULL
    - net: lio_core: fix potential sign-extension overflow on large shift
    - scsi: qedi: Check targetname while finding boot target information
    - quota: fix a problem about transfer quota
    - net: dsa: mv88e6xxx: fix shift of FID bits in mv88e6185_g1_vtu_loadpurge()
    - NFS4: Only set creation opendata if O_CREAT
    - net :sunrpc :clnt :Fix xps refcount imbalance on the error path
    - fscrypt: don't set policy for a dead directory
    - udf: Fix incorrect final NOT_ALLOCATED (hole) extent length
    - media: stv0297: fix frequency range limit
    - ALSA: usb-audio: Fix parse of UAC2 Extension Units
    - ALSA: hda/realtek - Headphone Mic can't record after S3
    - block, bfq: NULL out the bic when it's no longer valid
    - perf pmu: Fix uncore PMU alias list for ARM64
    - x86/ptrace: Fix possible spectre-v1 in ptrace_get_debugreg()
    - x86/tls: Fix possible spectre-v1 in do_get_thread_area()
    - Documentation: Add section about CPU vulnerabilities for Spectre
    - Documentation/admin: Remove the vsyscall=native documentation
    - mwifiex: Abort at too short BSS descriptor element
    - mwifiex: Don't abort on small, spec-compliant vendor IEs
    - USB: serial: ftdi_sio: add ID for isodebug v1
    - USB: serial: option: add support for GosunCn ME3630 RNDIS mode
    - Revert "serial: 8250: Don't service RX FIFO if interrupts are disabled"
    - p54usb: Fix race between disconnect and firmware loading
    - usb: gadget: ether: Fix race between gether_disconnect and rx_submit
    - usb: dwc2: use a longer AHB idle timeout in dwc2_core_reset()
    - usb: renesas_usbhs: add a workaround for a race condition of workqueue
    - drivers/usb/typec/tps6598x.c: fix portinfo width
    - drivers/usb/typec/tps6598x.c: fix 4CC cmd write
    - staging: comedi: dt282x: fix a null pointer deref on interrupt
    - staging: comedi: amplc_pci230: fix null pointer deref on interrupt
    - HID: Add another Primax PIXART OEM mouse quirk
    - lkdtm: support llvm-objcopy
    - binder: fix memory leak in error path
    - carl9170: fix misuse of device driver API
    - VMCI: Fix integer overflow in VMCI handle arrays
    - staging: fsl-dpaa2/ethsw: fix memory leak of switchdev_work
    - staging: bcm2835-camera: Replace spinlock protecting context_map with mutex
    - staging: bcm2835-camera: Ensure all buffers are returned on disable
    - staging: bcm2835-camera: Remove check of the number of buffers supplied
    - staging: bcm2835-camera: Handle empty EOS buffers whilst streaming
    - staging: rtl8712: reduce stack usage, again
    - crypto: lrw - use correct alignmask
    - bpf: sockmap, restore sk_write_space when psock gets dropped
    - ARM: dts: Drop bogus CLKSEL for timer12 on dra7
    - iwlwifi: fix load in rfkill flow for unified firmware
    - tools: bpftool: Fix JSON output when lookup fails
    - soundwire: stream: fix bad unlock balance
    - can: flexcan: Remove unneeded registration message
    - RISC-V: defconfig: enable clocks, serial console
    - xdp: check device pointer before clearing
    - KVM: nVMX: use correct clean fields when copying from eVMCS
    - gpu: ipu-v3: image-convert: Fix input bytesperline width/height align
    - gpu: ipu-v3: image-convert: Fix input bytesperline for packed formats
    - gpu: ipu-v3: image-convert: Fix image downsize coefficients
    - cfg80211: util: fix bit count off by one
    - cfg80211: report measurement start TSF correctly
    - IB/hfi1: Create inline to get extended headers
    - IB/hfi1: Wakeup QPs orphaned on wait list after flush
    - IB/hfi1: Handle wakeup of orphaned QPs for pio
    - IB/hfi1: Handle port down properly in pio
    - powerpc: enable a 30-bit ZONE_DMA for 32-bit pmac
    - tpm: Actually fail on TPM errors during "get random"
    - tpm: Fix TPM 1.2 Shutdown sequence to prevent future TPM operations
    - perf intel-pt: Fix itrace defaults for perf script
    - perf auxtrace: Fix itrace defaults for perf script
    - perf intel-pt: Fix itrace defaults for perf script intel-pt documentation
    - perf header: Assign proper ff->ph in perf_event__synthesize_features()
    - usb: gadget: f_fs: data_len used before properly set
    - staging: wilc1000: fix error path cleanup in wilc_wlan_initialize()
    - staging: mt7621-pci: fix PCIE_FTS_NUM_LO macro
    - iio: adc: stm32-adc: add missing vdda-supply
    - staging: vchiq_2835_arm: revert "quit using custom down_interruptible()"
    - staging: vchiq: revert "switch to wait_for_completion_killable"
    - staging: vchiq: make wait events interruptible

* Touchpad not detecting in Linux (LP: #1825718) // Disco update: upstream
    stable patchset 2019-08-19 (LP: #1840718)
    - HID: i2c-hid: add iBall Aer3 to descriptor override

* Disco update: upstream stable patchset 2019-08-16 (LP: #1840521)
    - arm64: Don't unconditionally add -Wno-psabi to KBUILD_CFLAGS
    - Revert "x86/uaccess, ftrace: Fix ftrace_likely_update() vs. SMAP"
    - qmi_wwan: Fix out-of-bounds read
    - fs/proc/array.c: allow reporting eip/esp for all coredumping threads
    - mm/mempolicy.c: fix an incorrect rebind node in mpol_rebind_nodemask
    - fs/binfmt_flat.c: make load_flat_shared_library() work
    - clk: socfpga: stratix10: fix divider entry for the emac clocks
    - mm: soft-offline: return -EBUSY if set_hwpoison_free_buddy_page() fails
    - mm: hugetlb: soft-offline: dissolve_free_huge_page() return zero on
      !PageHuge
    - dm log writes: make sure super sector log updates are written in order
    - scsi: vmw_pscsi: Fix use-after-free in pvscsi_queue_lck()
    - x86/speculation: Allow guests to use SSBD even if host does not
    - x86/microcode: Fix the microcode load on CPU hotplug for real
    - x86/resctrl: Prevent possible overrun during bitmap operations
    - NFS/flexfiles: Use the correct TCP timeout for flexfiles I/O
    - cpu/speculation: Warn on unsupported mitigations= parameter
    - irqchip/mips-gic: Use the correct local interrupt map registers
    - af_packet: Block execution of tasks waiting for transmit to complete in
      AF_PACKET
    - bonding: Always enable vlan tx offload
    - ipv4: Use return value of inet_iif() for __raw_v4_lookup in the while loop
    - net/packet: fix memory leak in packet_set_ring()
    - net: remove duplicate fetch in sock_getsockopt
    - net: stmmac: fixed new system time seconds value calculation
    - net: stmmac: set IC bit when transmitting frames with HW timestamp
    - sctp: change to hold sk after auth shkey is created successfully
    - team: Always enable vlan tx offload
    - tipc: change to use register_pernet_device
    - tipc: check msg->req data len in tipc_nl_compat_bearer_disable
    - tun: wake up waitqueues after IFF_UP is set
    - bpf: simplify definition of BPF_FIB_LOOKUP related flags
    - bpf: lpm_trie: check left child of last leftmost node for NULL
    - bpf: fix nested bpf tracepoints with per-cpu data
    - bpf: fix unconnected udp hooks
    - bpf: udp: Avoid calling reuseport's bpf_prog from udp_gro
    - bpf: udp: ipv6: Avoid running reuseport's bpf_prog from __udp6_lib_err
    - arm64: futex: Avoid copying out uninitialised stack in failed cmpxchg()
    - bpf, arm64: use more scalable stadd over ldxr / stxr loop in xadd
    - futex: Update comments and docs about return values of arch futex code
    - RDMA: Directly cast the sockaddr union to sockaddr
    - tipc: pass tunnel dev as NULL to udp_tunnel(6)_xmit_skb
    - arm64: insn: Fix ldadd instruction encoding
    - clk: tegra210: Fix default rates for HDA clocks
    - mm, swap: fix THP swap out
    - mm: fix page cache convergence regression
    - efi/memreserve: deal with memreserve entries in unmapped memory
    - net: aquantia: fix vlans not working over bridged network

* Disco update: upstream stable patchset 2019-08-15 (LP: #1840373)
    - tracing: Silence GCC 9 array bounds warning
    - gcc-9: silence 'address-of-packed-member' warning
    - ovl: support the FS_IOC_FS[SG]ETXATTR ioctls
    - ovl: fix wrong flags check in FS_IOC_FS[SG]ETXATTR ioctls
    - ovl: make i_ino consistent with st_ino in more cases
    - ovl: detect overlapping layers
    - ovl: don't fail with disconnected lower NFS
    - ovl: fix bogus -Wmaybe-unitialized warning
    - mmc: sdhci: sdhci-pci-o2micro: Correctly set bus width when tuning
    - mmc: core: API to temporarily disable retuning for SDIO CRC errors
    - mmc: core: Add sdio_retune_hold_now() and sdio_retune_release()
    - mmc: core: Prevent processing SDIO IRQs when the card is suspended
    - scsi: ufs: Avoid runtime suspend possibly being blocked forever
    - usb: chipidea: udc: workaround for endpoint conflict issue
    - xhci: detect USB 3.2 capable host controllers correctly
    - usb: xhci: Don't try to recover an endpoint if port is in error state.
    - IB/hfi1: Validate fault injection opcode user input
    - IB/hfi1: Silence txreq allocation warnings
    - iio: temperature: mlx90632 Relax the compatibility check
    - Input: synaptics - enable SMBus on ThinkPad E480 and E580
    - Input: uinput - add compat ioctl number translation for UI_*_FF_UPLOAD
    - Input: silead - add MSSL0017 to acpi_device_id
    - apparmor: enforce nullbyte at end of tag string
    - brcmfmac: sdio: Disable auto-tuning around commands expected to fail
    - brcmfmac: sdio: Don't tune while the card is off
    - ARC: fix build warnings
    - dmaengine: dw-axi-dmac: fix null dereference when pointer first is null
    - dmaengine: sprd: Fix block length overflow
    - ARC: [plat-hsdk]: Add missing multicast filter bins number to GMAC node
    - ARC: [plat-hsdk]: Add missing FIFO size entry in GMAC node
    - fpga: dfl: afu: Pass the correct device to dma_mapping_error()
    - fpga: dfl: Add lockdep classes for pdata->lock
    - parport: Fix mem leak in parport_register_dev_model
    - parisc: Fix compiler warnings in float emulation code
    - IB/rdmavt: Fix alloc_qpn() WARN_ON()
    - IB/hfi1: Insure freeze_work work_struct is canceled on shutdown
    - IB/{qib, hfi1, rdmavt}: Correct ibv_devinfo max_mr value
    - IB/hfi1: Validate page aligned for a given virtual address
    - MIPS: uprobes: remove set but not used variable 'epc'
    - xtensa: Fix section mismatch between memblock_reserve and mem_reserve
    - kselftest/cgroup: fix unexpected testing failure on test_memcontrol
    - kselftest/cgroup: fix unexpected testing failure on test_core
    - kselftest/cgroup: fix incorrect test_core skip
    - selftests: vm: install test_vmalloc.sh for run_vmtests
    - net: dsa: mv88e6xxx: avoid error message on remove from VLAN 0
    - mdesc: fix a missing-check bug in get_vdev_port_node_info()
    - sparc: perf: fix updated event period in response to PERF_EVENT_IOC_PERIOD
    - net: ethernet: mediatek: Use hw_feature to judge if HWLRO is supported
    - net: ethernet: mediatek: Use NET_IP_ALIGN to judge if HW RX_2BYTE_OFFSET is
      enabled
    - drm/arm/mali-dp: Add a loop around the second set CVAL and try 5 times
    - drm/arm/hdlcd: Actually validate CRTC modes
    - drm/arm/hdlcd: Allow a bit of clock tolerance
    - nvmet: fix data_len to 0 for bdev-backed write_zeroes
    - scripts/checkstack.pl: Fix arm64 wrong or unknown architecture
    - scsi: ufs: Check that space was properly alloced in copy_query_response
    - scsi: smartpqi: unlock on error in pqi_submit_raid_request_synchronous()
    - net: ipvlan: Fix ipvlan device tso disabled while NETIF_F_IP_CSUM is set
    - s390/qeth: fix VLAN attribute in bridge_hostnotify udev event
    - hwmon: (core) add thermal sensors only if dev->of_node is present
    - hwmon: (pmbus/core) Treat parameters as paged if on multiple pages
    - arm64: Silence gcc warnings about arch ABI drift
    - nvme: Fix u32 overflow in the number of namespace list calculation
    - btrfs: start readahead also in seed devices
    - can: xilinx_can: use correct bittiming_const for CAN FD core
    - can: flexcan: fix timeout when set small bitrate
    - can: purge socket error queue on sock destruct
    - riscv: mm: synchronize MMU after pte change
    - powerpc/bpf: use unsigned division instruction for 64-bit operations
    - ARM: imx: cpuidle-imx6sx: Restrict the SW2ISO increase to i.MX6SX
    - ARM: dts: dra76x: Update MMC2_HS200_MANUAL1 iodelay values
    - ARM: dts: am57xx-idk: Remove support for voltage switching for SD card
    - arm64/sve: <uapi/asm/ptrace.h> should not depend on <uapi/linux/prctl.h>
    - arm64: ssbd: explicitly depend on <linux/prctl.h>
    - drm/vmwgfx: Use the backdoor port if the HB port is not available
    - staging: erofs: add requirements field in superblock
    - SMB3: retry on STATUS_INSUFFICIENT_RESOURCES instead of failing write
    - cfg80211: fix memory leak of wiphy device name
    - mac80211: drop robust management frames from unknown TA
    - {nl,mac}80211: allow 4addr AP operation on crypto controlled devices
    - mac80211: handle deauthentication/disassociation from TDLS peer
    - nl80211: fix station_info pertid memory leak
    - mac80211: Do not use stack memory with scatterlist for GMAC
    - x86/resctrl: Don't stop walking closids when a locksetup group is found
    - mmc: sdhi: disallow HS400 for M3-W ES1.2, RZ/G2M, and V3H
    - mmc: mediatek: fix SDIO IRQ interrupt handle flow
    - mmc: mediatek: fix SDIO IRQ detection issue
    - cifs: fix GlobalMid_Lock bug in cifs_reconnect
    - IB/hfi1: Close PSM sdma_progress sleep window
    - IB/hfi1: Avoid hardlockup with flushlist_lock
    - IB/hfi1: Correct tid qp rcd to match verbs context
    - iio: imu: st_lsm6dsx: fix PM support for st_lsm6dsx i2c controller
    - apparmor: reset pos on failure to unpack for various functions
    - Revert "brcmfmac: disable command decode in sdio_aos"
    - lkdtm/usercopy: Moves the KERNEL_DS test to non-canonical
    - dmaengine: jz4780: Fix transfers being ACKed too soon
    - dmaengine: mediatek-cqdma: sleeping in atomic context
    - dmaengine: sprd: Fix the possible crash when getting descriptor status
    - dmaengine: sprd: Add validation of current descriptor in irq handler
    - dmaengine: sprd: Fix the incorrect start for 2-stage destination channels
    - dmaengine: sprd: Fix the right place to configure 2-stage transfer
    - fpga: stratix10-soc: fix use-after-free on s10_init()
    - crypto: hmac - fix memory leak in hmac_init_tfm()
    - userfaultfd: selftest: fix compiler warning
    - selftests: set sysctl bc_forwarding properly in router_broadcast.sh
    - kbuild: tar-pkg: enable communication with jobserver
    - net: phylink: avoid reducing support mask
    - udmabuf: actually unmap the scatterlist
    - s390/qeth: handle limited IPv4 broadcast in L3 TX path
    - s390/qeth: check dst entry before use
    - ARM: mvebu_v7_defconfig: fix Ethernet on Clearfog
    - KVM: x86/mmu: Allocate PAE root array when using SVM's 32-bit NPT
    - binder: fix possible UAF when freeing buffer
    - x86/vdso: Prevent segfaults due to hoisted vclock reads

* VIMC module not available (CONFIG_VIDEO_VIMC not set) (LP: #1831482)
    - [Config] Enable VIMC module

* reboot will introduce an alarm 'beep ...' during BIOS phase (LP: #1840395)
    - ALSA: hda - Let all conexant codec enter D3 when rebooting
    - ALSA: hda - Add a generic reboot_notify

* Include Sunix serial/parallel driver (LP: #1826716)
    - serial: 8250_pci: Add support for Sunix serial boards
    - parport: parport_serial: Add support for Sunix Multi I/O boards

* Intel HDMI audio print "Unable to sync register" errors (LP: #1840394)
    - ALSA: hda - Don't resume forcibly i915 HDMI/DP codec

* UBUNTU: SAUCE: shiftfs: pass correct point down (LP: #1837231)
    - SAUCE: shiftfs: pass correct point down

* shiftfs: add O_DIRECT support (LP: #1837223)
    - SAUCE: shiftfs: add O_DIRECT support

* p54usb module in linux-modules-extra-5.0.0-23-generic does not work
    (LP: #1839693)
    - p54: fix crash during initialization

* Goodix touchpad may drop first input event (LP: #1840075)
    - Revert "UBUNTU: SAUCE: i2c: designware: add Inpiron/Vostro 7590 into i2c
      quirk"
    - Revert "UBUNTU: SAUCE: i2c: designware: Add disable runtime pm quirk"
    - mfd: intel-lpss: Remove D3cold delay

* NULL pointer dereference when Inserting the VIMC module (LP: #1840028)
    - media: vimc: fix component match compare

* Fix touchpad IRQ storm after S3 (LP: #1841396)
    - pinctrl: intel: remap the pin number to gpio offset for irq enabled pin

* [SRU][B/OEM-B/OEM-OSP1/D] UBUNTU: SAUCE: enable middle button for one more
    ThinkPad (LP: #1841722)
    - SAUCE: Input: elantech - enable middle button for one more ThinkPad

* Disco update: upstream stable patchset 2019-08-13 (LP: #1840076)
    - [Config] updateconfigs for CONFIG_NOUVEAU_LEGACY_CTX_SUPPORT
    - drm/nouveau: add kconfig option to turn off nouveau legacy contexts. (v3)
    - nouveau: Fix build with CONFIG_NOUVEAU_LEGACY_CTX_SUPPORT disabled
    - HID: multitouch: handle faulty Elo touch device
    - HID: wacom: Don't set tool type until we're in range
    - HID: wacom: Don't report anything prior to the tool entering range
    - HID: wacom: Send BTN_TOUCH in response to INTUOSP2_BT eraser contact
    - HID: wacom: Correct button numbering 2nd-gen Intuos Pro over Bluetooth
    - HID: wacom: Sync INTUOSP2_BT touch state after each frame if necessary
    - ALSA: oxfw: allow PCM capture for Stanton SCS.1m
    - ALSA: hda/realtek - Update headset mode for ALC256
    - ALSA: firewire-motu: fix destruction of data for isochronous resources
    - libata: Extend quirks for the ST1000LM024 drives with NOLPM quirk
    - mm/list_lru.c: fix memory leak in __memcg_init_list_lru_node
    - fs/ocfs2: fix race in ocfs2_dentry_attach_lock()
    - mm/vmscan.c: fix trying to reclaim unevictable LRU page
    - signal/ptrace: Don't leak unitialized kernel memory with PTRACE_PEEK_SIGINFO
    - ptrace: restore smp_rmb() in __ptrace_may_access()
    - iommu/arm-smmu: Avoid constant zero in TLBI writes
    - i2c: acorn: fix i2c warning
    - bcache: fix stack corruption by PRECEDING_KEY()
    - cgroup: Use css_tryget() instead of css_tryget_online() in task_get_css()
    - ASoC: cs42xx8: Add regcache mask dirty
    - ASoC: fsl_asrc: Fix the issue about unsupported rate
    - drm/i915/sdvo: Implement proper HDMI audio support for SDVO
    - x86/uaccess, kcov: Disable stack protector
    - ALSA: seq: Protect in-kernel ioctl calls with mutex
    - ALSA: seq: Fix race of get-subscription call vs port-delete ioctls
    - Revert "ALSA: seq: Protect in-kernel ioctl calls with mutex"
    - s390/kasan: fix strncpy_from_user kasan checks
    - Drivers: misc: fix out-of-bounds access in function param_set_kgdbts_var
    - f2fs: fix to avoid accessing xattr across the boundary
    - scsi: qedi: remove memset/memcpy to nfunc and use func instead
    - scsi: qedi: remove set but not used variables 'cdev' and 'udev'
    - scsi: lpfc: correct rcu unlock issue in lpfc_nvme_info_show
    - scsi: lpfc: add check for loss of ndlp when sending RRQ
    - arm64/mm: Inhibit huge-vmap with ptdump
    - nvme: fix srcu locking on error return in nvme_get_ns_from_disk
    - nvme: remove the ifdef around nvme_nvm_ioctl
    - nvme: merge nvme_ns_ioctl into nvme_ioctl
    - nvme: release namespace SRCU protection before performing controller ioctls
    - nvme: fix memory leak for power latency tolerance
    - platform/x86: pmc_atom: Add Lex 3I380D industrial PC to critclk_systems DMI
      table
    - platform/x86: pmc_atom: Add several Beckhoff Automation boards to
      critclk_systems DMI table
    - scsi: bnx2fc: fix incorrect cast to u64 on shift operation
    - libnvdimm: Fix compilation warnings with W=1
    - selftests/timers: Add missing fflush(stdout) calls
    - tracing: Prevent hist_field_var_ref() from accessing NULL tracing_map_elts
    - usbnet: ipheth: fix racing condition
    - KVM: arm/arm64: Move cc/it checks under hyp's Makefile to avoid
      instrumentation
    - KVM: x86/pmu: mask the result of rdpmc according to the width of the
      counters
    - KVM: x86/pmu: do not mask the value that is written to fixed PMUs
    - KVM: s390: fix memory slot handling for KVM_SET_USER_MEMORY_REGION
    - tools/kvm_stat: fix fields filter for child events
    - drm/vmwgfx: integer underflow in vmw_cmd_dx_set_shader() leading to an
      invalid read
    - drm/vmwgfx: NULL pointer dereference from vmw_cmd_dx_view_define()
    - usb: dwc2: Fix DMA cache alignment issues
    - usb: dwc2: host: Fix wMaxPacketSize handling (fix webcam regression)
    - USB: Fix chipmunk-like voice when using Logitech C270 for recording audio.
    - USB: serial: pl2303: add Allied Telesis VT-Kit3
    - USB: serial: option: add support for Simcom SIM7500/SIM7600 RNDIS mode
    - USB: serial: option: add Telit 0x1260 and 0x1261 compositions
    - timekeeping: Repair ktime_get_coarse*() granularity
    - RAS/CEC: Convert the timer callback to a workqueue
    - RAS/CEC: Fix binary search function
    - x86/microcode, cpuhotplug: Add a microcode loader CPU hotplug callback
    - x86/kasan: Fix boot with 5-level paging and KASAN
    - x86/mm/KASLR: Compute the size of the vmemmap section properly
    - x86/resctrl: Prevent NULL pointer dereference when local MBM is disabled
    - drm/edid: abstract override/firmware EDID retrieval
    - drm: add fallback override/firmware EDID modes workaround
    - HID: input: make sure the wheel high resolution multiplier is set
    - HID: input: fix assignment of .value
    - Revert "HID: Increase maximum report size allowed by hid_field_extract()"
    - selinux: fix a missing-check bug in selinux_add_mnt_opt( )
    - selinux: fix a missing-check bug in selinux_sb_eat_lsm_opts()
    - media: dvb: warning about dvb frequency limits produces too much noise
    - drm/amdgpu/{uvd,vcn}: fetch ring's read_ptr after alloc
    - drm/i915/dsi: Use a fuzzy check for burst mode clock check
    - drm/i915: Fix per-pixel alpha with CCS
    - drm/i915/dmc: protect against reading random memory
    - drivers/perf: arm_spe: Don't error on high-order pages for aux buf
    - bpf: sockmap, only stop/flush strp if it was enabled at some point
    - bpf: sockmap remove duplicate queue free
    - bpf: sockmap fix msg->sg.size account on ingress skb
    - scsi: qla2xxx: Add cleanup for PCI EEH recovery
    - scsi: lpfc: resolve lockdep warnings
    - arm64: Print physical address of page table base in show_pte()
    - net: macb: fix error format in dev_err()
    - bpf, tcp: correctly handle DONT_WAIT flags and timeo == 0
    - tools/bpftool: move set_max_rlimit() before __bpf_object__open_xattr()
    - nvme-pci: Fix controller freeze wait disabling
    - scsi: myrs: Fix uninitialized variable
    - nvme-pci: use blk-mq mapping for unmanaged irqs
    - KVM: nVMX: really fix the size checks on KVM_SET_NESTED_STATE
    - KVM: selftests: Fix a condition in test_hv_cpuid()
    - kvm: vmx: Fix -Wmissing-prototypes warnings
    - KVM: LAPIC: Fix lapic_timer_advance_ns parameter overflow
    - KVM: x86: do not spam dmesg with VMCS/VMCB dumps
    - kvm: selftests: aarch64: dirty_log_test: fix unaligned memslot size
    - kvm: selftests: aarch64: fix default vm mode
    - tracing/uprobe: Fix NULL pointer dereference in trace_uprobe_create()
    - powerpc: Fix kexec failure on book3s/32
    - powerpc/64s: Fix THP PMD collapse serialisation
    - ax25: fix inconsistent lock state in ax25_destroy_timer
    - be2net: Fix number of Rx queues used for flow hashing
    - hv_netvsc: Set probe mode to sync
    - ipv6: flowlabel: fl6_sock_lookup() must use atomic_inc_not_zero
    - lapb: fixed leak of control-blocks.
    - neigh: fix use-after-free read in pneigh_get_next
    - net: dsa: rtl8366: Fix up VLAN filtering
    - net: openvswitch: do not free vport if register_netdevice() is failed.
    - sctp: Free cookie before we memdup a new one
    - sunhv: Fix device naming inconsistency between sunhv_console and sunhv_reg
    - tipc: purge deferredq list for each grp member in tipc_group_delete
    - vsock/virtio: set SOCK_DONE on peer shutdown
    - net/mlx5: Avoid reloading already removed devices
    - net: mvpp2: prs: Fix parser range for VID filtering
    - net: mvpp2: prs: Use the correct helpers when removing all VID filters
    - Staging: vc04_services: Fix a couple error codes
    - perf/x86/intel/ds: Fix EVENT vs. UEVENT PEBS constraints
    - netfilter: nf_queue: fix reinject verdict handling
    - ipvs: Fix use-after-free in ip_vs_in
    - selftests: netfilter: missing error check when setting up veth interface
    - clk: ti: clkctrl: Fix clkdm_clk handling
    - powerpc/powernv: Return for invalid IMC domain
    - usb: xhci: Fix a potential null pointer dereference in
      xhci_debugfs_create_endpoint()
    - mISDN: make sure device name is NUL terminated
    - x86/CPU/AMD: Don't force the CPB cap when running under a hypervisor
    - perf/ring_buffer: Fix exposing a temporarily decreased data_head
    - perf/ring_buffer: Add ordering to rb->nest increment
    - perf/ring-buffer: Always use {READ,WRITE}_ONCE() for rb->user_page data
    - gpio: fix gpio-adp5588 build errors
    - net: stmmac: update rx tail pointer register to fix rx dma hang issue.
    - net: tulip: de4x5: Drop redundant MODULE_DEVICE_TABLE()
    - ACPI/PCI: PM: Add missing wakeup.flags.valid checks
    - drm/etnaviv: lock MMU while dumping core
    - net: aquantia: tx clean budget logic error
    - net: aquantia: fix LRO with FCS error
    - i2c: dev: fix potential memory leak in i2cdev_ioctl_rdwr
    - ALSA: hda - Force polling mode on CNL for fixing codec communication
    - configfs: Fix use-after-free when accessing sd->s_dentry
    - perf data: Fix 'strncat may truncate' build failure with recent gcc
    - perf namespace: Protect reading thread's namespace
    - perf record: Fix s390 missing module symbol and warning for non-root users
    - ia64: fix build errors by exporting paddr_to_nid()
    - xen/pvcalls: Remove set but not used variable
    - xenbus: Avoid deadlock during suspend due to open transactions
    - KVM: PPC: Book3S: Use new mutex to synchronize access to rtas token list
    - KVM: PPC: Book3S HV: Don't take kvm->lock around kvm_for_each_vcpu
    - arm64: fix syscall_fn_t type
    - arm64: use the correct function type in SYSCALL_DEFINE0
    - arm64: use the correct function type for __arm64_sys_ni_syscall
    - net: sh_eth: fix mdio access in sh_eth_close() for R-Car Gen2 and RZ/A1 SoCs
    - net: phylink: ensure consistent phy interface mode
    - net: phy: dp83867: Set up RGMII TX delay
    - scsi: libcxgbi: add a check for NULL pointer in cxgbi_check_route()
    - scsi: smartpqi: properly set both the DMA mask and the coherent DMA mask
    - scsi: scsi_dh_alua: Fix possible null-ptr-deref
    - mlxsw: spectrum: Prevent force of 56G
    - ocfs2: fix error path kobject memory leak
    - coredump: fix race condition between collapse_huge_page() and core dumping
    - Abort file_remove_privs() for non-reg. files
    - net: tls, correctly account for copied bytes with multiple sk_msgs
    - vxlan: Don't assume linear buffers in error handler
    - geneve: Don't assume linear buffers in error handler
    - net/mlx5: Update pci error handler entries and command translation
    - mlxsw: spectrum_router: Refresh nexthop neighbour when it becomes dead
    - net/mlx5e: Add ndo_set_feature for uplink representor
    - mlxsw: spectrum_flower: Fix TOS matching
    - net/mlx5e: Support tagged tunnel over bond
    - net: correct udp zerocopy refcnt also when zerocopy only on append
    - net/mlx5e: Avoid detaching non-existing netdev under switchdev mode
    - staging: erofs: set sb->s_root to NULL when failing from __getname()
    - staging: wilc1000: Fix some double unlock bugs in wilc_wlan_cleanup()
    - pinctrl: intel: Clear interrupt status in mask/unmask callback
    - netfilter: nf_tables: fix oops during rule dump
    - netfilter: nft_fib: Fix existence check support
    - net: stmmac: dwmac-mediatek: modify csr_clk value to fix mdio read/write
      fail
    - dpaa2-eth: Fix potential spectre issue
    - dpaa2-eth: Use PTR_ERR_OR_ZERO where appropriate
    - dpaa_eth: use only online CPU portals
    - dfs_cache: fix a wrong use of kfree in flush_cache_ent()
    - KVM: PPC: Book3S HV: Use new mutex to synchronize MMU setup
    - blk-mq: Fix memory leak in error handling
    - mm: mmu_gather: remove __tlb_reset_range() for force flush
    - nvme-tcp: rename function to have nvme_tcp prefix
    - nvme-tcp: fix possible null deref on a timed out io queue connect
    - nvme-tcp: fix queue mapping when queue count is limited

* Disco update: upstream stable patchset 2019-08-12 (LP: #1839887)
    - selftests/tls: test for lowat overshoot with multiple records
    - selftests/tls: add test for sleeping even though there is data
    - sparc64: Fix regression in non-hypervisor TLB flush xcall
    - include/linux/bitops.h: sanitize rotate primitives
    - xhci: update bounce buffer with correct sg num
    - xhci: Use %zu for printing size_t type
    - xhci: Convert xhci_handshake() to use readl_poll_timeout_atomic()
    - usb: xhci: avoid null pointer deref when bos field is NULL
    - usbip: usbip_host: fix BUG: sleeping function called from invalid context
    - usbip: usbip_host: fix stub_dev lock context imbalance regression
    - USB: Fix slab-out-of-bounds write in usb_get_bos_descriptor
    - USB: sisusbvga: fix oops in error path of sisusb_probe
    - USB: Add LPM quirk for Surface Dock GigE adapter
    - USB: rio500: refuse more than one device at a time
    - USB: rio500: fix memory leak in close after disconnect
    - media: usb: siano: Fix general protection fault in smsusb
    - media: usb: siano: Fix false-positive "uninitialized variable" warning
    - media: smsusb: better handle optional alignment
    - brcmfmac: fix NULL pointer derefence during USB disconnect
    - scsi: zfcp: fix missing zfcp_port reference put on -EBUSY from port_remove
    - scsi: zfcp: fix to prevent port_remove with pure auto scan LUNs (only sdevs)
    - tracing: Avoid memory leak in predicate_parse()
    - Btrfs: fix wrong ctime and mtime of a directory after log replay
    - Btrfs: fix race updating log root item during fsync
    - Btrfs: fix fsync not persisting changed attributes of a directory
    - Btrfs: incremental send, fix file corruption when no-holes feature is
      enabled
    - iio: dac: ds4422/ds4424 fix chip verification
    - iio: adc: ti-ads8688: fix timestamp is not updated in buffer
    - s390/crypto: fix possible sleep during spinlock aquired
    - KVM: PPC: Book3S HV: XIVE: Do not clear IRQ data of passthrough interrupts
    - powerpc/perf: Fix MMCRA corruption by bhrb_filter
    - ALSA: line6: Assure canceling delayed work at disconnection
    - ALSA: hda/realtek - Set default power save node to 0
    - KVM: s390: Do not report unusabled IDs via KVM_CAP_MAX_VCPU_ID
    - drm/nouveau/i2c: Disable i2c bus access after ->fini()
    - i2c: mlxcpld: Fix wrong initialization order in probe
    - i2c: synquacer: fix synquacer_i2c_doxfer() return value
    - tty: serial: msm_serial: Fix XON/XOFF
    - tty: max310x: Fix external crystal register setup
    - memcg: make it work on sparse non-0-node systems
    - kernel/signal.c: trace_signal_deliver when signal_group_exit
    - arm64: Fix the arm64_personality() syscall wrapper redirection
    - docs: Fix conf.py for Sphinx 2.0
    - doc: Cope with the deprecation of AutoReporter
    - doc: Cope with Sphinx logging deprecations
    - ima: show rules with IMA_INMASK correctly
    - evm: check hash algorithm passed to init_desc()
    - vt/fbcon: deinitialize resources in visual_init() after failed memory
      allocation
    - serial: sh-sci: disable DMA for uart_console
    - staging: vc04_services: prevent integer overflow in create_pagelist()
    - staging: wlan-ng: fix adapter initialization failure
    - cifs: fix memory leak of pneg_inbuf on -EOPNOTSUPP ioctl case
    - CIFS: cifs_read_allocate_pages: don't iterate through whole page array on
      ENOMEM
    - Revert "lockd: Show pid of lockd for remote locks"
    - gcc-plugins: Fix build failures under Darwin host
    - drm/tegra: gem: Fix CPU-cache maintenance for BO's allocated using
      get_pages()
    - drm/vmwgfx: Don't send drm sysfs hotplug events on initial master set
    - drm/sun4i: Fix sun8i HDMI PHY clock initialization
    - drm/sun4i: Fix sun8i HDMI PHY configuration for > 148.5 MHz
    - drm/rockchip: shutdown drm subsystem on shutdown
    - drm/lease: Make sure implicit planes are leased
    - Revert "x86/build: Move _etext to actual end of .text"
    - scsi: lpfc: Fix backport of faf5a744f4f8 ("scsi: lpfc: avoid uninitialized
      variable warning")
    - KVM: PPC: Book3S HV: Fix lockdep warning when entering guest on POWER9
    - KVM: PPC: Book3S HV: Restore SPRG3 in kvmhv_p9_guest_entry()
    - powerpc/kexec: Fix loading of kernel + initramfs with kexec_file_load()
    - kasan: initialize tag to 0xff in __kasan_kmalloc
    - signal/arm64: Use force_sig not force_sig_fault for SIGKILL
    - x86/ima: Check EFI_RUNTIME_SERVICES before using
    - ima: fix wrong signed policy requirement when not appraising
    - drm/vmwgfx: Fix user space handle equal to zero
    - drm/vmwgfx: Fix compat mode shader operation
    - drm/atomic: Wire file_priv through for property changes
    - drm: Expose "FB_DAMAGE_CLIPS" property to atomic aware user-space only
    - drm/cma-helper: Fix drm_gem_cma_free_object()
    - ethtool: fix potential userspace buffer overflow
    - Fix memory leak in sctp_process_init
    - ipv4: not do cache for local delivery if bc_forwarding is enabled
    - ipv6: fix the check before getting the cookie in rt6_get_cookie
    - neighbor: Call __ipv4_neigh_lookup_noref in neigh_xmit
    - net: ethernet: ti: cpsw_ethtool: fix ethtool ring param set
    - net/mlx4_en: ethtool, Remove unsupported SFP EEPROM high pages query
    - net: mvpp2: Use strscpy to handle stat strings
    - net: rds: fix memory leak in rds_ib_flush_mr_pool
    - net: sfp: read eeprom in maximum 16 byte increments
    - net/tls: replace the sleeping lock around RX resync with a bit lock
    - packet: unconditionally free po->rollover
    - pktgen: do not sleep with the thread lock held.
    - Revert "fib_rules: return 0 directly if an exactly same rule exists when
      NLM_F_EXCL not supplied"
    - ipv6: use READ_ONCE() for inet->hdrincl as in ipv4
    - ipv6: fix EFAULT on sendto with icmpv6 and hdrincl
    - mtd: spinand: macronix: Fix ECC Status Read
    - rcu: locking and unlocking need to always be at least barriers
    - parisc: Use implicit space register selection for loading the coherence
      index of I/O pdirs
    - NFSv4.1: Again fix a race where CB_NOTIFY_LOCK fails to wake a waiter
    - NFSv4.1: Fix bug only first CB_NOTIFY_LOCK is handled
    - fuse: fallocate: fix return with locked inode
    - pstore: Set tfm to NULL on free_buf_for_compression
    - pstore/ram: Run without kernel crash dump region
    - x86/power: Fix 'nosmt' vs hibernation triple fault during resume
    - i2c: xiic: Add max_read_len quirk
    - s390/mm: fix address space detection in exception handling
    - xen-blkfront: switch kcalloc to kvcalloc for large array allocation
    - MIPS: Bounds check virt_addr_valid
    - MIPS: pistachio: Build uImage.gz by default
    - Revert "MIPS: perf: ath79: Fix perfcount IRQ assignment"
    - genwqe: Prevent an integer overflow in the ioctl
    - test_firmware: Use correct snprintf() limit
    - drm/gma500/cdv: Check vbt config bits when detecting lvds panels
    - drm/msm: fix fb references in async update
    - drm: add non-desktop quirk for Valve HMDs
    - drm: add non-desktop quirks to Sensics and OSVR headsets.
    - drm/amdgpu/psp: move psp version specific function pointers to early_init
    - drm/amdgpu: remove ATPX_DGPU_REQ_POWER_FOR_DISPLAYS check when hotplug-in
    - drm/i915: Fix I915_EXEC_RING_MASK
    - drm/i915/fbc: disable framebuffer compression on GeminiLake
    - drm/i915: Maintain consistent documentation subsection ordering
    - drm: don't block fb changes for async plane updates
    - drm/i915/gvt: Initialize intel_gvt_gtt_entry in stack
    - TTY: serial_core, add ->install
    - ipv4: Define __ipv4_neigh_lookup_noref when CONFIG_INET is disabled
    - udp: only choose unbound UDP socket for multicast when not in a VRF
    - neighbor: Reset gc_entries counter if new entry is released before insert
    - cls_matchall: avoid panic when receiving a packet before filter set
    - ipmr_base: Do not reset index in mr_table_dump
    - ARC: mm: SIGSEGV userspace trying to access kernel virtual memory
    - parisc: Fix crash due alternative coding for NP iopdir_fdc bit
    - SUNRPC fix regression in umount of a secure mount
    - fuse: fix copy_file_range() in the writeback case
    - memstick: mspro_block: Fix an error code in mspro_block_issue_req()
    - mmc: tmio: fix SCC error handling to avoid false positive CRC error
    - mmc: sdhci_am654: Fix SLOTTYPE write
    - nvme-rdma: fix queue mapping when queue count is limited
    - drm/vc4: fix fb references in async update
    - drm: Fix timestamp docs for variable refresh properties.
    - drm/amd/display: Add ASICREV_IS_PICASSO
    - drm/amdgpu: fix ring test failure issue during s3 in vce 3.0 (V2)
    - drm/amd: fix fb references in async update
    - rapidio: fix a NULL pointer dereference when create_workqueue() fails
    - fs/fat/file.c: issue flush after the writeback of FAT
    - sysctl: return -EINVAL if val violates minmax
    - ipc: prevent lockup on alloc_msg and free_msg
    - drm/pl111: Initialize clock spinlock early
    - ARM: prevent tracing IPI_CPU_BACKTRACE
    - mm/hmm: select mmu notifier when selecting HMM
    - hugetlbfs: on restore reserve error path retain subpool reservation
    - mem-hotplug: fix node spanned pages when we have a node with only
      ZONE_MOVABLE
    - mm/cma.c: fix crash on CMA allocation if bitmap allocation fails
    - initramfs: free initrd memory if opening /initrd.image fails
    - mm/cma.c: fix the bitmap status to show failed allocation reason
    - mm: page_mkclean vs MADV_DONTNEED race
    - mm/cma_debug.c: fix the break condition in cma_maxchunk_get()
    - mm/slab.c: fix an infinite loop in leaks_show()
    - kernel/sys.c: prctl: fix false positive in validate_prctl_map()
    - thermal: rcar_gen3_thermal: disable interrupt in .remove
    - drivers: thermal: tsens: Don't print error message on -EPROBE_DEFER
    - mfd: tps65912-spi: Add missing of table registration
    - mfd: intel-lpss: Set the device in reset state when init
    - drm/nouveau/disp/dp: respect sink limits when selecting failsafe link
      configuration
    - mfd: twl6040: Fix device init errors for ACCCTL register
    - perf/x86/intel: Allow PEBS multi-entry in watermark mode
    - drm/nouveau/kms/gf119-gp10x: push HeadSetControlOutputResource() mthd when
      encoders change
    - drm/bridge: adv7511: Fix low refresh rate selection
    - objtool: Don't use ignore flag for fake jumps
    - drm/nouveau/kms/gv100-: fix spurious window immediate interlocks
    - bpf: fix undefined behavior in narrow load handling
    - EDAC/mpc85xx: Prevent building as a module
    - pwm: meson: Use the spin-lock only to protect register modifications
    - mailbox: stm32-ipcc: check invalid irq
    - ntp: Allow TAI-UTC offset to be set to zero
    - f2fs: fix to avoid panic in do_recover_data()
    - f2fs: fix to avoid panic in f2fs_inplace_write_data()
    - f2fs: fix to avoid panic in f2fs_remove_inode_page()
    - f2fs: fix to do sanity check on free nid
    - f2fs: fix to clear dirty inode in error path of f2fs_iget()
    - f2fs: fix to avoid panic in dec_valid_block_count()
    - f2fs: fix to use inline space only if inline_xattr is enable
    - f2fs: fix to do sanity check on valid block count of segment
    - f2fs: fix to do checksum even if inode page is uptodate
    - percpu: remove spurious lock dependency between percpu and sched
    - configfs: fix possible use-after-free in configfs_register_group
    - uml: fix a boot splat wrt use of cpu_all_mask
    - PCI: dwc: Free MSI in dw_pcie_host_init() error path
    - PCI: dwc: Free MSI IRQ page in dw_pcie_free_msi()
    - mmc: mmci: Prevent polling for busy detection in IRQ context
    - netfilter: nf_flow_table: fix missing error check for rhashtable_insert_fast
    - netfilter: nf_conntrack_h323: restore boundary check correctness
    - mips: Make sure dt memory regions are valid
    - netfilter: nf_tables: fix base chain stat rcu_dereference usage
    - watchdog: imx2_wdt: Fix set_timeout for big timeout values
    - watchdog: fix compile time error of pretimeout governors
    - blk-mq: move cancel of requeue_work into blk_mq_release
    - iommu/vt-d: Set intel_iommu_gfx_mapped correctly
    - misc: pci_endpoint_test: Fix test_reg_bar to be updated in pci_endpoint_test
    - PCI: designware-ep: Use aligned ATU window for raising MSI interrupts
    - nvme-pci: unquiesce admin queue on shutdown
    - nvme-pci: shutdown on timeout during deletion
    - netfilter: nf_flow_table: check ttl value in flow offload data path
    - netfilter: nf_flow_table: fix netdev refcnt leak
    - ALSA: hda - Register irq handler after the chip initialization
    - nvmem: core: fix read buffer in place
    - nvmem: sunxi_sid: Support SID on A83T and H5
    - fuse: retrieve: cap requested size to negotiated max_write
    - nfsd: allow fh_want_write to be called twice
    - nfsd: avoid uninitialized variable warning
    - vfio: Fix WARNING "do not call blocking ops when !TASK_RUNNING"
    - switchtec: Fix unintended mask of MRPC event
    - net: thunderbolt: Unregister ThunderboltIP protocol handler when suspending
    - x86/PCI: Fix PCI IRQ routing table memory leak
    - i40e: Queues are reserved despite "Invalid argument" error
    - platform/chrome: cros_ec_proto: check for NULL transfer function
    - PCI: keystone: Prevent ARM32 specific code to be compiled for ARM64
    - soc: mediatek: pwrap: Zero initialize rdata in pwrap_init_cipher
    - clk: rockchip: Turn on "aclk_dmac1" for suspend on rk3288
    - soc: rockchip: Set the proper PWM for rk3288
    - ARM: dts: imx51: Specify IMX5_CLK_IPG as "ahb" clock to SDMA
    - ARM: dts: imx50: Specify IMX5_CLK_IPG as "ahb" clock to SDMA
    - ARM: dts: imx53: Specify IMX5_CLK_IPG as "ahb" clock to SDMA
    - ARM: dts: imx6sx: Specify IMX6SX_CLK_IPG as "ahb" clock to SDMA
    - ARM: dts: imx6sll: Specify IMX6SLL_CLK_IPG as "ipg" clock to SDMA
    - ARM: dts: imx7d: Specify IMX7D_CLK_IPG as "ipg" clock to SDMA
    - ARM: dts: imx6ul: Specify IMX6UL_CLK_IPG as "ipg" clock to SDMA
    - ARM: dts: imx6sx: Specify IMX6SX_CLK_IPG as "ipg" clock to SDMA
    - ARM: dts: imx6qdl: Specify IMX6QDL_CLK_IPG as "ipg" clock to SDMA
    - PCI: rpadlpar: Fix leaked device_node references in add/remove paths
    - drm/amd/display: Use plane->color_space for dpp if specified
    - ARM: OMAP2+: pm33xx-core: Do not Turn OFF CEFUSE as PPA may be using it
    - platform/x86: intel_pmc_ipc: adding error handling
    - power: supply: max14656: fix potential use-before-alloc
    - PCI: rcar: Fix a potential NULL pointer dereference
    - PCI: rcar: Fix 64bit MSI message address handling
    - scsi: qla2xxx: Reset the FCF_ASYNC_{SENT|ACTIVE} flags
    - video: hgafb: fix potential NULL pointer dereference
    - video: imsttfb: fix potential NULL pointer dereferences
    - block, bfq: increase idling for weight-raised queues
    - PCI: xilinx: Check for __get_free_pages() failure
    - gpio: gpio-omap: add check for off wake capable gpios
    - ice: Add missing case in print_link_msg for printing flow control
    - dmaengine: idma64: Use actual device for DMA transfers
    - pwm: tiehrpwm: Update shadow register for disabling PWMs
    - ARM: dts: exynos: Always enable necessary APIO_1V8 and ABB_1V8 regulators on
      Arndale Octa
    - pwm: Fix deadlock warning when removing PWM device
    - ARM: exynos: Fix undefined instruction during Exynos5422 resume
    - usb: typec: fusb302: Check vconn is off when we start toggling
    - soc: renesas: Identify R-Car M3-W ES1.3
    - gpio: vf610: Do not share irq_chip
    - percpu: do not search past bitmap when allocating an area
    - ovl: check the capability before cred overridden
    - ovl: support stacked SEEK_HOLE/SEEK_DATA
    - ALSA: seq: Cover unsubscribe_port() in list_mutex
    - media: rockchip/vpu: Fix/re-order probe-error/remove path
    - media: rockchip/vpu: Add missing dont_use_autosuspend() calls
    - drm/msm: correct attempted NULL pointer dereference in debugfs
    - mm/memory_hotplug: release memory resource after arch_remove_memory()
    - mm/memory_hotplug.c: fix the wrong usage of N_HIGH_MEMORY
    - drm/nouveau: fix duplication of nv50_head_atom struct
    - f2fs: fix error path of recovery
    - f2fs: fix to avoid panic in dec_valid_node_count()
    - f2fs: fix to avoid deadloop in foreground GC
    - f2fs: fix to retrieve inline xattr space
    - media: atmel: atmel-isc: fix asd memory allocation
    - vfio-pci/nvlink2: Fix potential VMA leak
    - powerpc/pseries: Track LMB nid instead of using device tree
    - arm64: defconfig: Update UFSHCD for Hi3660 soc
    - iommu/vt-d: Don't request page request irq under dmar_global_lock
    - soc/tegra: pmc: Remove reset sysfs entries on error
    - power: supply: cpcap-battery: Fix signed counter sample register
    - PCI: keystone: Invoke phy_reset() API before enabling PHY
    - iommu/vt-d: Flush IOTLB for untrusted device in time
    - arm64: dts: imx8mq: Mark iomuxc_gpr as i.MX6Q compatible
    - pinctrl: pinctrl-intel: move gpio suspend/resume to noirq phase
    - f2fs: fix potential recursive call when enabling data_flush
    - arm64: dts: qcom: qcs404: Fix regulator supply names
    - gpio: gpio-omap: limit errata 1.101 handling to wkup domain gpios only
    - media: v4l2-ctrl: v4l2_ctrl_request_setup returns with error upon failure
    - batman-adv: Adjust name for batadv_dat_send_data
    - ice: Enable LAN_EN for the right recipes
    - ice: Do not set LB_EN for prune switch rules
    - media: v4l2-fwnode: Defaults may not override endpoint configuration in
      firmware
    - ARM: shmobile: porter: enable R-Car Gen2 regulator quirk

-- Khalid Elmously <khalid.elmously@canonical.com>  Mon, 30 Sep 2019 14:30:53 -0400

Changed in linux (Ubuntu Disco):
status:	Fix Committed → Fix Released

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.

Ubuntulinux package

NULL pointer dereference when Inserting the VIMC module

Bug Description

CVE References

Other bug subscribers

Remote bug watches

Ubuntu
linux package