Ubuntu
linux package

Disco update: upstream stable patchset 2019-10-10

Bug #1847663 reported by Kamal Mostafa on 2019-10-10

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	linux (Ubuntu)	Invalid	Undecided	Unassigned
	Disco	Fix Released	Undecided	Kamal Mostafa

Bug Description

SRU Justification

    Impact:
       The upstream process for stable tree updates is quite similar
       in scope to the Ubuntu SRU process, e.g., each patch has to
       demonstrably fix a bug, and each patch is vetted by upstream
       by originating either directly from a mainline/stable Linux tree or
       a minimally backported form of that patch. The following upstream
       stable patches should be included in the Ubuntu kernel:

upstream stable patchset 2019-10-10

Ported from the following upstream stable releases:
v4.19.76, v5.2.18

from git://git.kernel.org/

Revert "Bluetooth: validate BLE connection interval updates"
net/ibmvnic: free reset work of removed device from queue
powerpc/xive: Fix bogus error code returned by OPAL
drm/amd/display: readd -msse2 to prevent Clang from emitting libcalls to undefined SW FP routines
HID: prodikeys: Fix general protection fault during probe
HID: sony: Fix memory corruption issue on cleanup.
HID: logitech: Fix general protection fault caused by Logitech driver
HID: hidraw: Fix invalid read in hidraw_ioctl
HID: Add quirk for HP X500 PIXART OEM mouse
mtd: cfi_cmdset_0002: Use chip_good() to retry in do_write_oneword()
crypto: talitos - fix missing break in switch statement
CIFS: fix deadlock in cached root handling
ASoC: Intel: cht_bsw_max98090_ti: Enable codec clock once and keep it enabled
ASoC: fsl: Fix of-node refcount unbalance in fsl_ssi_probe_from_dt()
ALSA: usb-audio: Add Hiby device family to quirks for native DSD support
ALSA: usb-audio: Add DSD support for EVGA NU Audio
ALSA: dice: fix wrong packet parameter for Alesis iO26
ALSA: hda - Add laptop imic fixup for ASUS M9V laptop
ALSA: hda - Apply AMD controller workaround for Raven platform
objtool: Clobber user CFLAGS variable
irqchip/gic-v3-its: Fix LPI release for Multi-MSI devices
f2fs: check all the data segments against all node ones
PCI: hv: Avoid use of hv_pci_dev->pci_slot after freeing it
bcache: remove redundant LIST_HEAD(journal) from run_cache_set()
initramfs: don't free a non-existent initrd
Revert "f2fs: avoid out-of-range memory access"
dm zoned: fix invalid memory access
net/ibmvnic: Fix missing { in __ibmvnic_reset
f2fs: fix to do sanity check on segment bitmap of LFS curseg
drm: Flush output polling on shutdown
net: don't warn in inet diag when IPV6 is disabled
Bluetooth: btrtl: HCI reset on close for Realtek BT chip
ACPI: video: Add new hw_changes_brightness quirk, set it on PB Easynote MZ35
drm/nouveau/disp/nv50-: fix center/aspect-corrected scaling
xfs: don't crash on null attr fork xfs_bmapi_read
netfilter: nft_socket: fix erroneous socket assignment
Bluetooth: btrtl: Additional Realtek 8822CE Bluetooth devices
net_sched: check cops->tcf_block in tc_bind_tclass()
net/rds: An rds_sock is added too early to the hash table
net/rds: Check laddr_check before calling it
f2fs: use generic EFSBADCRC/EFSCORRUPTED
phy: qcom-qmp: Raise qcom_qmp_phy_enable() polling delay
drm/amd/display: Allow cursor async updates for framebuffer swaps
drm/amd/display: Skip determining update type for async updates
drm/amd/display: Don't replace the dc_state for fast updates
platform/x86: i2c-multi-instantiate: Derive the device name from parent
drm/dp: Add DP_DPCD_QUIRK_NO_SINK_COUNT
xfrm: policy: avoid warning splat when merging nodes
UBUNTU: upstream stable to v4.19.76, v5.2.18

See original description

Tags:

CVE References

Kamal Mostafa (kamalmostafa) on 2019-10-10

Changed in linux (Ubuntu):
status:	New → Confirmed
tags:	added: kernel-stable-tracking-bug
description:	updated
Changed in linux (Ubuntu Disco):
status:	New → In Progress
assignee:	nobody → Kamal Mostafa (kamalmostafa)

Kleber Sacilotto de Souza (kleber-souza) on 2019-10-16

Changed in linux (Ubuntu Disco):
status:	In Progress → Fix Committed

Revision history for this message

Launchpad Janitor (janitor) wrote on 2019-11-12:

Download full text (38.6 KiB)

This bug was fixed in the package linux - 5.0.0-35.38

---------------
linux (5.0.0-35.38) disco; urgency=medium

  * [REGRESSION] md/raid0: cannot assemble multi-zone RAID0 with default_layout
    setting (LP: #1849682)
    - SAUCE: Fix revert "md/raid0: avoid RAID0 data corruption due to layout
      confusion."

  * refcount underflow and type confusion in shiftfs (LP: #1850867) // CVE-2019-15793
    - SAUCE: shiftfs: Correct id translation for lower fs operations
    - SAUCE: shiftfs: prevent type confusion
    - SAUCE: shiftfs: Fix refcount underflow in btrfs ioctl handling

  * CVE-2018-12207
    - kvm: Convert kvm_lock to a mutex
    - kvm: x86: Do not release the page inside mmu_set_spte()
    - KVM: x86: make FNAME(fetch) and __direct_map more similar
    - KVM: x86: remove now unneeded hugepage gfn adjustment
    - KVM: x86: change kvm_mmu_page_get_gfn BUG_ON to WARN_ON
    - KVM: x86: add tracepoints around __direct_map and FNAME(fetch)
    - kvm: x86, powerpc: do not allow clearing largepages debugfs entry
    - SAUCE: KVM: vmx, svm: always run with EFER.NXE=1 when shadow paging is
      active
    - SAUCE: x86: Add ITLB_MULTIHIT bug infrastructure
    - SAUCE: kvm: mmu: ITLB_MULTIHIT mitigation
    - SAUCE: kvm: Add helper function for creating VM worker threads
    - SAUCE: kvm: x86: mmu: Recovery of shattered NX large pages
    - SAUCE: cpu/speculation: Uninline and export CPU mitigations helpers
    - SAUCE: kvm: x86: mmu: Apply global mitigations knob to ITLB_MULTIHIT

  * CVE-2019-11135
    - KVM: x86: use Intel speculation bugs and features as derived in generic x86
      code
    - x86/msr: Add the IA32_TSX_CTRL MSR
    - x86/cpu: Add a helper function x86_read_arch_cap_msr()
    - x86/cpu: Add a "tsx=" cmdline option with TSX disabled by default
    - x86/speculation/taa: Add mitigation for TSX Async Abort
    - x86/speculation/taa: Add sysfs reporting for TSX Async Abort
    - kvm/x86: Export MDS_NO=0 to guests when TSX is enabled
    - x86/tsx: Add "auto" option to the tsx= cmdline parameter
    - x86/speculation/taa: Add documentation for TSX Async Abort
    - x86/tsx: Add config options to set tsx=on|off|auto
    - SAUCE: x86/speculation/taa: Call tsx_init()
    - [Config] Disable TSX by default when possible

  * CVE-2019-0154
    - SAUCE: drm/i915: Lower RM timeout to avoid DSI hard hangs
    - SAUCE: drm/i915/gen8+: Add RC6 CTX corruption WA

  * CVE-2019-0155
    - SAUCE: drm/i915: Rename gen7 cmdparser tables
    - SAUCE: drm/i915: Disable Secure Batches for gen6+
    - SAUCE: drm/i915: Remove Master tables from cmdparser
    - SAUCE: drm/i915: Add support for mandatory cmdparsing
    - SAUCE: drm/i915: Support ro ppgtt mapped cmdparser shadow buffers
    - SAUCE: drm/i915: Allow parsing of unsized batches
    - SAUCE: drm/i915: Add gen9 BCS cmdparsing
    - SAUCE: drm/i915/cmdparser: Use explicit goto for error paths
    - SAUCE: drm/i915/cmdparser: Add support for backward jumps
    - SAUCE: drm/i915/cmdparser: Ignore Length operands during command matching

linux (5.0.0-34.36) disco; urgency=medium

* disco/linux: <version to be filled> -proposed tracker (LP: #1850574)

* [REGRESSION] md/raid0: cannot as...

This bug was fixed in the package linux - 5.0.0-35.38

---------------
linux (5.0.0-35.38) disco; urgency=medium

* [REGRESSION]  md/raid0: cannot assemble multi-zone RAID0 with default_layout
    setting (LP: #1849682)
    - SAUCE: Fix revert "md/raid0: avoid RAID0 data corruption due to layout
      confusion."

* CVE-2019-0154
    - SAUCE: drm/i915: Lower RM timeout to avoid DSI hard hangs
    - SAUCE: drm/i915/gen8+: Add RC6 CTX corruption WA

linux (5.0.0-34.36) disco; urgency=medium

* disco/linux: <version to be filled> -proposed tracker (LP: #1850574)

* [REGRESSION]  md/raid0: cannot assemble multi-zone RAID0 with default_layout
    setting (LP: #1849682)
    - Revert "md/raid0: avoid RAID0 data corruption due to layout confusion."

linux (5.0.0-33.35) disco; urgency=medium

* disco/linux: 5.0.0-33.35 -proposed tracker (LP: #1849003)

* Disco update: upstream stable patchset 2019-10-18 (LP: #1848817)
    - tpm: use tpm_try_get_ops() in tpm-sysfs.c.
    - drm/bridge: tc358767: Increase AUX transfer length limit
    - drm/panel: simple: fix AUO g185han01 horizontal blanking
    - video: ssd1307fb: Start page range at page_offset
    - drm/stm: attach gem fence to atomic state
    - drm/panel: check failure cases in the probe func
    - drm/rockchip: Check for fast link training before enabling psr
    - drm/radeon: Fix EEH during kexec
    - gpu: drm: radeon: Fix a possible null-pointer dereference in
      radeon_connector_set_property()
    - PCI: rpaphp: Avoid a sometimes-uninitialized warning
    - ipmi_si: Only schedule continuously in the thread in maintenance mode
    - clk: qoriq: Fix -Wunused-const-variable
    - clk: sunxi-ng: v3s: add missing clock slices for MMC2 module clocks
    - drm/amd/display: fix issue where 252-255 values are clipped
    - drm/amd/display: reprogram VM config when system resume
    - powerpc/powernv/ioda2: Allocate TCE table levels on demand for default DMA
      window
    - clk: actions: Don't reference clk_init_data after registration
    - clk: sirf: Don't reference clk_init_data after registration
    - clk: sprd: Don't reference clk_init_data after registration
    - clk: zx296718: Don't reference clk_init_data after registration
    - powerpc/xmon: Check for HV mode when dumping XIVE info from OPAL
    - powerpc/rtas: use device model APIs and serialization during LPM
    - powerpc/futex: Fix warning: 'oldval' may be used uninitialized in this
      function
    - powerpc/pseries/mobility: use cond_resched when updating device tree
    - pinctrl: tegra: Fix write barrier placement in pmx_writel
    - powerpc/eeh: Clear stale EEH_DEV_NO_HANDLER flag
    - vfio_pci: Restore original state on release
    - drm/nouveau/volt: Fix for some cards having 0 maximum voltage
    - pinctrl: amd: disable spurious-firing GPIO IRQs
    - clk: renesas: mstp: Set GENPD_FLAG_ALWAYS_ON for clock domain
    - clk: renesas: cpg-mssr: Set GENPD_FLAG_ALWAYS_ON for clock domain
    - drm/amd/display: support spdif
    - drm/amdgpu/si: fix ASIC tests
    - powerpc/64s/exception: machine check use correct cfar for late handler
    - pstore: fs superblock limits
    - clk: qcom: gcc-sdm845: Use floor ops for sdcc clks
    - powerpc/pseries: correctly track irq state in default idle
    - pinctrl: meson-gxbb: Fix wrong pinning definition for uart_c
    - arm64: fix unreachable code issue with cmpxchg
    - clk: at91: select parent if main oscillator or bypass is enabled
    - powerpc: dump kernel log before carrying out fadump or kdump
    - mbox: qcom: add APCS child device for QCS404
    - clk: sprd: add missing kfree
    - scsi: core: Reduce memory required for SCSI logging
    - dma-buf/sw_sync: Synchronize signal vs syncpt free
    - ext4: fix potential use after free after remounting with noblock_validity
    - MIPS: Ingenic: Disable broken BTB lookup optimization.
    - MIPS: tlbex: Explicitly cast _PAGE_NO_EXEC to a boolean
    - i2c-cht-wc: Fix lockdep warning
    - PCI: tegra: Fix OF node reference leak
    - HID: wacom: Fix several minor compiler warnings
    - livepatch: Nullify obj->mod in klp_module_coming()'s error path
    - ARM: 8898/1: mm: Don't treat faults reported from cache maintenance as
      writes
    - soundwire: intel: fix channel number reported by hardware
    - ARM: 8875/1: Kconfig: default to AEABI w/ Clang
    - rtc: snvs: fix possible race condition
    - rtc: pcf85363/pcf85263: fix regmap error in set_time
    - HID: apple: Fix stuck function keys when using FN
    - PCI: rockchip: Propagate errors for optional regulators
    - PCI: histb: Propagate errors for optional regulators
    - PCI: imx6: Propagate errors for optional regulators
    - PCI: exynos: Propagate errors for optional PHYs
    - security: smack: Fix possible null-pointer dereferences in
      smack_socket_sock_rcv_skb()
    - ARM: 8903/1: ensure that usable memory in bank 0 starts from a PMD-aligned
      address
    - fat: work around race with userspace's read via blockdev while mounting
    - pktcdvd: remove warning on attempting to register non-passthrough dev
    - hypfs: Fix error number left in struct pointer member
    - crypto: hisilicon - Fix double free in sec_free_hw_sgl()
    - kbuild: clean compressed initramfs image
    - ocfs2: wait for recovering done after direct unlock request
    - kmemleak: increase DEBUG_KMEMLEAK_EARLY_LOG_SIZE default to 16K
    - arm64: consider stack randomization for mmap base only when necessary
    - mips: properly account for stack randomization and stack guard gap
    - arm: properly account for stack randomization and stack guard gap
    - arm: use STACK_TOP when computing mmap base address
    - bpf: fix use after free in prog symbol exposure
    - cxgb4:Fix out-of-bounds MSI-X info array access
    - erspan: remove the incorrect mtu limit for erspan
    - hso: fix NULL-deref on tty open
    - ipv6: drop incoming packets having a v4mapped source address
    - ipv6: Handle missing host route in __ipv6_ifa_notify
    - net: ipv4: avoid mixed n_redirects and rate_tokens usage
    - net: qlogic: Fix memory leak in ql_alloc_large_buffers
    - net: Unpublish sk from sk_reuseport_cb before call_rcu
    - nfc: fix memory leak in llcp_sock_bind()
    - qmi_wwan: add support for Cinterion CLS8 devices
    - rxrpc: Fix rxrpc_recvmsg tracepoint
    - sch_dsmark: fix potential NULL deref in dsmark_init()
    - udp: fix gso_segs calculations
    - vsock: Fix a lockdep warning in __vsock_release()
    - net: dsa: rtl8366: Check VLAN ID and not ports
    - udp: only do GSO if # of segs > 1
    - net/rds: Fix error handling in rds_ib_add_one()
    - xen-netfront: do not use ~0U as error return value for xennet_fill_frags()
    - tipc: fix unlimited bundling of small messages
    - sch_cbq: validate TCA_CBQ_WRROPT to avoid crash
    - soundwire: Kconfig: fix help format
    - soundwire: fix regmap dependencies and align with other serial links
    - Smack: Don't ignore other bprm->unsafe flags if LSM_UNSAFE_PTRACE is set
    - smack: use GFP_NOFS while holding inode_smack::smk_lock
    - NFC: fix attrs checks in netlink interface
    - kexec: bail out upon SIGKILL when allocating memory.
    - 9p/cache.c: Fix memory leak in v9fs_cache_session_get_cookie
    - drm/vkms: Fix crc worker races
    - drm/vkms: Avoid assigning 0 for possible_crtc
    - drm/amd/display: add monitor patch to add T7 delay
    - drm/tinydrm/Kconfig: drivers: Select BACKLIGHT_CLASS_DEVICE
    - clk: imx8mq: Mark AHB clock as critical
    - drm/amd/display: Fix frames_to_insert math
    - clk: meson: axg-audio: Don't reference clk_init_data after registration
    - powerpc/64s/radix: Fix memory hotplug section page table creation
    - selftests/powerpc: Retry on host facility unavailable
    - powerpc/eeh: Clean up EEH PEs after recovery finishes
    - mailbox: mediatek: cmdq: clear the event in cmdq initial flow
    - clk: Make clk_bulk_get_all() return a valid "id"
    - f2fs: fix to drop meta/node pages during umount
    - MIPS: Don't use bc_false uninitialized in __mm_isBranchInstr
    - PCI: pci-hyperv: Fix build errors on non-SYSFS config
    - PCI: Add pci_info_ratelimited() to ratelimit PCI separately
    - PCI: Use static const struct, not const static struct
    - ARM: 8905/1: Emit __gnu_mcount_nc when using Clang 10.0.0 or newer
    - KVM: hyperv: Fix Direct Synthetic timers assert an interrupt w/o
      lapic_in_kernel
    - clk: ingenic/jz4740: Fix "pll half" divider not read/written properly
    - clk: sunxi: Don't call clk_hw_get_name() on a hw that isn't registered
    - ARM: dts: dir685: Drop spi-cpol from the display
    - mm: add dummy can_do_mlock() helper
    - [Config] updateconfigs for SOUNDWIRE

* [CML] New device IDs for CML-U (LP: #1843774)
    - spi-nor: intel-spi: Add support for Intel Comet Lake SPI serial flash

* [CML-U] Comet lake platform need ISH driver support (LP: #1843775)
    - HID: intel-ish-hid: Add Comet Lake PCI device ID

* CVE-2019-17666
    - SAUCE: rtlwifi: rtl8822b: Fix potential overflow on P2P code
    - SAUCE: rtlwifi: Fix potential overflow on P2P code

* md raid0/linear doesn't show error state if an array member is removed and
    allows successful writes (LP: #1847773)
    - md raid0/linear: Mark array as 'broken' and fail BIOs if a member is gone

* seccomp: add SECCOMP_USER_NOTIF_FLAG_CONTINUE    (LP: #1847744)
    - SAUCE: seccomp: add SECCOMP_USER_NOTIF_FLAG_CONTINUE
    - SAUCE: seccomp: test SECCOMP_USER_NOTIF_FLAG_CONTINUE

* Change Config Option CONFIG_MEMORY_HOTPLUG_DEFAULT_ONLINE for s390x from yes
    to no (LP: #1848492)
    - [Config] Change Config Option CONFIG_MEMORY_HOTPLUG_DEFAULT_ONLINE for s390x
      from yes to no

* fdatasync performance regression on 5.0 kernels (LP: #1847641)
    - blk-wbt: fix performance regression in wbt scale_up/scale_down

* bcache: Performance degradation when querying priority_stats (LP: #1840043)
    - bcache: add cond_resched() in __bch_cache_cmp()

* Add installer support for iwlmvm adapters (LP: #1848236)
    - d-i: Add iwlmvm to nic-modules

* Check for CPU Measurement sampling (LP: #1847590)
    - s390/cpumsf: Check for CPU Measurement sampling

* Disco update: upstream stable patchset 2019-10-16 (LP: #1848367)
    - arcnet: provide a buffer big enough to actually receive packets
    - cdc_ncm: fix divide-by-zero caused by invalid wMaxPacketSize
    - macsec: drop skb sk before calling gro_cells_receive
    - net/phy: fix DP83865 10 Mbps HDX loopback disable function
    - net: qrtr: Stop rx_worker before freeing node
    - net/sched: act_sample: don't push mac header on ip6gre ingress
    - net_sched: add max len check for TCA_KIND
    - nfp: flower: fix memory leak in nfp_flower_spawn_vnic_reprs
    - openvswitch: change type of UPCALL_PID attribute to NLA_UNSPEC
    - ppp: Fix memory leak in ppp_write
    - sch_netem: fix a divide by zero in tabledist()
    - skge: fix checksum byte order
    - usbnet: ignore endpoints with invalid wMaxPacketSize
    - usbnet: sanity checking of packet sizes and device mtu
    - net: sched: fix possible crash in tcf_action_destroy()
    - tcp: better handle TCP_USER_TIMEOUT in SYN_SENT state
    - net/mlx5: Add device ID of upcoming BlueField-2
    - nfp: flower: prevent memory leak in nfp_flower_spawn_phy_reprs
    - ALSA: hda: Flush interrupts on disabling
    - regulator: lm363x: Fix off-by-one n_voltages for lm3632 ldo_vpos/ldo_vneg
    - ASoC: tlv320aic31xx: suppress error message for EPROBE_DEFER
    - ASoC: sgtl5000: Fix of unmute outputs on probe
    - ASoC: sgtl5000: Fix charge pump source assignment
    - firmware: qcom_scm: Use proper types for dma mappings
    - dmaengine: bcm2835: Print error in case setting DMA mask fails
    - leds: leds-lp5562 allow firmware files up to the maximum length
    - media: dib0700: fix link error for dibx000_i2c_set_speed
    - media: mtk-cir: lower de-glitch counter for rc-mm protocol
    - media: exynos4-is: fix leaked of_node references
    - media: hdpvr: Add device num check and handling
    - media: i2c: ov5640: Check for devm_gpiod_get_optional() error
    - time/tick-broadcast: Fix tick_broadcast_offline() lockdep complaint
    - sched/fair: Fix imbalance due to CPU affinity
    - sched/core: Fix CPU controller for !RT_GROUP_SCHED
    - x86/apic: Make apic_pending_intr_clear() more robust
    - sched/deadline: Fix bandwidth accounting at all levels after offline
      migration
    - x86/reboot: Always use NMI fallback when shutdown via reboot vector IPI
      fails
    - x86/apic: Soft disable APIC before initializing it
    - ALSA: hda - Show the fatal CORB/RIRB error more clearly
    - ALSA: i2c: ak4xxx-adda: Fix a possible null pointer dereference in
      build_adc_controls()
    - EDAC/mc: Fix grain_bits calculation
    - media: iguanair: add sanity checks
    - base: soc: Export soc_device_register/unregister APIs
    - ALSA: usb-audio: Skip bSynchAddress endpoint check if it is invalid
    - ia64:unwind: fix double free for mod->arch.init_unw_table
    - EDAC/altera: Use the proper type for the IRQ status bits
    - ASoC: rsnd: don't call clk_get_rate() under atomic context
    - arm64/prefetch: fix a -Wtype-limits warning
    - md/raid1: end bio when the device faulty
    - md: don't call spare_active in md_reap_sync_thread if all member devices
      can't work
    - md: don't set In_sync if array is frozen
    - media: media/platform: fsl-viu.c: fix build for MICROBLAZE
    - ACPI / processor: don't print errors for processorIDs == 0xff
    - loop: Add LOOP_SET_DIRECT_IO to compat ioctl
    - EDAC, pnd2: Fix ioremap() size in dnv_rd_reg()
    - efi: cper: print AER info of PCIe fatal error
    - firmware: arm_scmi: Check if platform has released shmem before using
    - sched/fair: Use rq_lock/unlock in online_fair_sched_group
    - idle: Prevent late-arriving interrupts from disrupting offline
    - media: gspca: zero usb_buf on error
    - perf config: Honour $PERF_CONFIG env var to specify alternate .perfconfig
    - perf test vfs_getname: Disable ~/.perfconfig to get default output
    - media: mtk-mdp: fix reference count on old device tree
    - media: fdp1: Reduce FCP not found message level to debug
    - media: em28xx: modules workqueue not inited for 2nd device
    - media: rc: imon: Allow iMON RC protocol for ffdc 7e device
    - dmaengine: iop-adma: use correct printk format strings
    - perf record: Support aarch64 random socket_id assignment
    - media: vsp1: fix memory leak of dl on error return path
    - media: i2c: ov5645: Fix power sequence
    - media: omap3isp: Don't set streaming state on random subdevs
    - media: imx: mipi csi-2: Don't fail if initial state times-out
    - net: lpc-enet: fix printk format strings
    - m68k: Prevent some compiler warnings in Coldfire builds
    - ARM: dts: imx7d: cl-som-imx7: make ethernet work again
    - ARM: dts: imx7-colibri: disable HS400
    - media: radio/si470x: kill urb on error
    - media: hdpvr: add terminating 0 at end of string
    - ASoC: uniphier: Fix double reset assersion when transitioning to suspend
      state
    - tools headers: Fixup bitsperlong per arch includes
    - ASoC: sun4i-i2s: Don't use the oversample to calculate BCLK
    - led: triggers: Fix a memory leak bug
    - nbd: add missing config put
    - media: mceusb: fix (eliminate) TX IR signal length limit
    - media: dvb-frontends: use ida for pll number
    - posix-cpu-timers: Sanitize bogus WARNONS
    - media: dvb-core: fix a memory leak bug
    - libperf: Fix alignment trap with xyarray contents in 'perf stat'
    - EDAC/amd64: Recognize DRAM device type ECC capability
    - EDAC/amd64: Decode syndrome before translating address
    - PM / devfreq: passive: Use non-devm notifiers
    - PM / devfreq: exynos-bus: Correct clock enable sequence
    - media: cec-notifier: clear cec_adap in cec_notifier_unregister
    - media: saa7146: add cleanup in hexium_attach()
    - media: cpia2_usb: fix memory leaks
    - media: saa7134: fix terminology around saa7134_i2c_eeprom_md7134_gate()
    - perf trace beauty ioctl: Fix off-by-one error in cmd->string table
    - media: ov9650: add a sanity check
    - ASoC: es8316: fix headphone mixer volume table
    - ACPI / CPPC: do not require the _PSD method
    - sched/cpufreq: Align trace event behavior of fast switching
    - x86/apic/vector: Warn when vector space exhaustion breaks affinity
    - arm64: kpti: ensure patched kernel text is fetched from PoU
    - x86/mm/pti: Do not invoke PTI functions when PTI is disabled
    - ASoC: fsl_ssi: Fix clock control issue in master mode
    - x86/mm/pti: Handle unaligned address gracefully in pti_clone_pagetable()
    - nvmet: fix data units read and written counters in SMART log
    - nvme-multipath: fix ana log nsid lookup when nsid is not found
    - ALSA: firewire-motu: add support for MOTU 4pre
    - iommu/amd: Silence warnings under memory pressure
    - libata/ahci: Drop PCS quirk for Denverton and beyond
    - iommu/iova: Avoid false sharing on fq_timer_on
    - libtraceevent: Change users plugin directory
    - ARM: dts: exynos: Mark LDO10 as always-on on Peach Pit/Pi Chromebooks
    - ACPI: custom_method: fix memory leaks
    - ACPI / PCI: fix acpi_pci_irq_enable() memory leak
    - closures: fix a race on wakeup from closure_sync
    - hwmon: (acpi_power_meter) Change log level for 'unsafe software power cap'
    - md/raid1: fail run raid1 array when active disk less than one
    - dmaengine: ti: edma: Do not reset reserved paRAM slots
    - kprobes: Prohibit probing on BUG() and WARN() address
    - s390/crypto: xts-aes-s390 fix extra run-time crypto self tests finding
    - x86/cpu: Add Tiger Lake to Intel family
    - platform/x86: intel_pmc_core: Do not ioremap RAM
    - ASoC: dmaengine: Make the pcm->name equal to pcm->id if the name is not set
    - raid5: don't set STRIPE_HANDLE to stripe which is in batch list
    - mmc: core: Clarify sdio_irq_pending flag for MMC_CAP2_SDIO_IRQ_NOTHREAD
    - mmc: sdhci: Fix incorrect switch to HS mode
    - mmc: core: Add helper function to indicate if SDIO IRQs is enabled
    - mmc: dw_mmc: Re-store SDIO IRQs mask at system resume
    - raid5: don't increment read_errors on EILSEQ return
    - libertas: Add missing sentinel at end of if_usb.c fw_table
    - ALSA: hda - Drop unsol event handler for Intel HDMI codecs
    - drm/amd/powerplay/smu7: enforce minimal VBITimeout (v2)
    - media: ttusb-dec: Fix info-leak in ttusb_dec_send_command()
    - ALSA: hda/realtek - Blacklist PC beep for Lenovo ThinkCentre M73/93
    - btrfs: extent-tree: Make sure we only allocate extents from block groups
      with the same type
    - media: omap3isp: Set device on omap3isp subdevs
    - PM / devfreq: passive: fix compiler warning
    - iwlwifi: fw: don't send GEO_TX_POWER_LIMIT command to FW version 36
    - ALSA: firewire-tascam: handle error code when getting current source of
      clock
    - ALSA: firewire-tascam: check intermediate state of clock status and retry
    - scsi: scsi_dh_rdac: zero cdb in send_mode_select()
    - scsi: qla2xxx: Fix Relogin to prevent modifying scan_state flag
    - printk: Do not lose last line in kmsg buffer dump
    - IB/mlx5: Free mpi in mp_slave mode
    - IB/hfi1: Define variables as unsigned long to fix KASAN warning
    - randstruct: Check member structs in is_pure_ops_struct()
    - Revert "ceph: use ceph_evict_inode to cleanup inode's resource"
    - ceph: use ceph_evict_inode to cleanup inode's resource
    - ALSA: hda/realtek - PCI quirk for Medion E4254
    - blk-mq: add callback of .cleanup_rq
    - scsi: implement .cleanup_rq callback
    - powerpc/imc: Dont create debugfs files for cpu-less nodes
    - fuse: fix missing unlock_page in fuse_writepage()
    - parisc: Disable HP HSC-PCI Cards to prevent kernel crash
    - KVM: x86: always stop emulation on page fault
    - KVM: x86: set ctxt->have_exception in x86_decode_insn()
    - KVM: x86: Manually calculate reserved bits when loading PDPTRS
    - media: sn9c20x: Add MSI MS-1039 laptop to flip_dmi_table
    - media: don't drop front-end reference count for ->detach
    - binfmt_elf: Do not move brk for INTERP-less ET_EXEC
    - ASoC: Intel: NHLT: Fix debug print format
    - ASoC: Intel: Skylake: Use correct function to access iomem space
    - ASoC: Intel: Fix use of potentially uninitialized variable
    - ARM: samsung: Fix system restart on S3C6410
    - ARM: zynq: Use memcpy_toio instead of memcpy on smp bring-up
    - arm64: tlb: Ensure we execute an ISB following walk cache invalidation
    - arm64: dts: rockchip: limit clock rate of MMC controllers for RK3328
    - alarmtimer: Use EOPNOTSUPP instead of ENOTSUPP
    - regulator: Defer init completion for a while after late_initcall
    - efifb: BGRT: Improve efifb_bgrt_sanity_check
    - gfs2: clear buf_in_tr when ending a transaction in sweep_bh_for_rgrps
    - memcg, oom: don't require __GFP_FS when invoking memcg OOM killer
    - memcg, kmem: do not fail __GFP_NOFAIL charges
    - i40e: check __I40E_VF_DISABLE bit in i40e_sync_filters_subtask
    - block: fix null pointer dereference in blk_mq_rq_timed_out()
    - smb3: allow disabling requesting leases
    - ovl: Fix dereferencing possible ERR_PTR()
    - ovl: filter of trusted xattr results in audit
    - btrfs: fix allocation of free space cache v1 bitmap pages
    - Btrfs: fix use-after-free when using the tree modification log
    - btrfs: Relinquish CPUs in btrfs_compare_trees
    - btrfs: qgroup: Fix the wrong target io_tree when freeing reserved data space
    - btrfs: qgroup: Fix reserved data space leak if we have multiple reserve
      calls
    - Btrfs: fix race setting up and completing qgroup rescan workers
    - md/raid6: Set R5_ReadError when there is read failure on parity disk
    - md: don't report active array_state until after revalidate_disk() completes.
    - md: only call set_in_sync() when it is expected to succeed.
    - cfg80211: Purge frame registrations on iftype change
    - /dev/mem: Bail out upon SIGKILL.
    - ext4: fix warning inside ext4_convert_unwritten_extents_endio
    - ext4: fix punch hole for inline_data file systems
    - quota: fix wrong condition in is_quota_modification()
    - hwrng: core - don't wait on add_early_randomness()
    - i2c: riic: Clear NACK in tend isr
    - CIFS: fix max ea value size
    - CIFS: Fix oplock handling for SMB 2.1+ protocols
    - md/raid0: avoid RAID0 data corruption due to layout confusion.
    - fuse: fix deadlock with aio poll and fuse_iqueue::waitq.lock
    - mm/compaction.c: clear total_{migrate,free}_scanned before scanning a new
      zone
    - drm/amd/display: Restore backlight brightness after system resume
    - selftests: Update fib_tests to handle missing ping6
    - vrf: Do not attempt to create IPv6 mcast rule if IPv6 is disabled
    - net/mlx5e: Fix traffic duplication in ethtool steering
    - media: vivid:add sanity check to avoid divide error and set value to 1 if 0.
    - media: vb2: reorder checks in vb2_poll()
    - media: vivid: work around high stack usage with clang
    - rcu/tree: Call setschedule() gp ktread to SCHED_FIFO outside of atomic
      region
    - arm64: mm: free the initrd reserved memblock in a aligned manner
    - soc: amlogic: meson-clk-measure: protect measure with a mutex
    - RAS: Build debugfs.o only when enabled in Kconfig
    - ASoC: hdac_hda: fix page fault issue by removing race
    - perf tools: Fix paths in include statements
    - blk-mq: Fix memory leak in blk_mq_init_allocated_queue error handling
    - media: i2c: tda1997x: prevent potential NULL pointer access
    - arm64/efi: Move variable assignments after SECTIONS
    - ARM: xscale: fix multi-cpu compilation
    - kasan/arm64: fix CONFIG_KASAN_SW_TAGS && KASAN_INLINE
    - x86/platform/intel/iosf_mbi Rewrite locking
    - powerpc/Makefile: Always pass --synthetic to nm if supported
    - ACPI / APEI: Release resources if gen_pool_add() fails
    - ARM: at91: move platform-specific asm-offset.h to arch/arm/mach-at91
    - soc: renesas: rmobile-sysc: Set GENPD_FLAG_ALWAYS_ON for always-on domain
    - soc: renesas: Enable ARM_ERRATA_754322 for affected Cortex-A9
    - PM / devfreq: Fix kernel oops on governor module load
    - media: aspeed-video: address a protential usage of an unitialized var
    - ASoC: Intel: Haswell: Adjust machine device private context
    - x86/amd_nb: Add PCI device IDs for family 17h, model 70h
    - hwmon: (k10temp) Add support for AMD family 17h, model 70h CPUs
    - block: make rq sector size accessible for block stats
    - mmc: mtk-sd: Re-store SDIO IRQs mask at system resume
    - drm: fix module name in edid_firmware log message
    - zd1211rw: remove false assertion from zd_mac_clear()
    - btrfs: delayed-inode: Kill the BUG_ON() in btrfs_delete_delayed_dir_index()
    - kvm: Nested KVM MMUs need PAE root too
    - ARM: dts: logicpd-torpedo-baseboard: Fix missing video
    - ARM: omap2plus_defconfig: Fix missing video
    - ARM: dts: am3517-evm: Fix missing video
    - rcu/tree: Fix SCHED_FIFO params
    - fuse: fix beyond-end-of-page access in fuse_parse_cache()
    - KVM: x86: Disable posted interrupts for non-standard IRQs delivery modes
    - spi: spi-fsl-dspi: Exit the ISR with IRQ_NONE when it's not ours
    - iommu/arm-smmu-v3: Disable detection of ATS and PRI
    - mt76: round up length on mt76_wr_copy
    - ath10k: fix channel info parsing for non tlv target
    - block: mq-deadline: Fix queue restart handling
    - btrfs: adjust dirty_metadata_bytes after writeback failure of extent buffer
    - SUNRPC: Fix buffer handling of GSS MIC without slack
    - ACPI / LPSS: Save/restore LPSS private registers also on Lynxpoint
    - fs: Export generic_fadvise()
    - mm: Handle MADV_WILLNEED through vfs_fadvise()
    - xfs: Fix stale data exposure when readahead races with hole punch
    - ipmi: move message error checking to avoid deadlock

* ELAN469D touch pad not working (LP: #1795292) // Ubuntu won't boot on Dell
    Inspiron 7375 (LP: #1837688) // Disco update: upstream stable patchset
    2019-10-16 (LP: #1848367)
    - iommu/amd: Override wrong IVRS IOAPIC on Raven Ridge systems

* intel-lpss driver conflicts with write-combining MTRR region (LP: #1845584)
    - SAUCE: mfd: intel-lpss: add quirk for Dell XPS 13 7390 2-in-1

* Fix non-working Realtek USB ethernet after system resume (LP: #1847063)
    - r8152: remove extra action copying ethernet address
    - r8152: Refresh MAC address during USBDEVFS_RESET
    - r8152: Set macpassthru in reset_resume callback

* overlayfs: allow with shiftfs as underlay (LP: #1846272)
    - SAUCE: overlayfs: allow with shiftfs as underlay

* [regression] NoNewPrivileges incompatible with Apparmor (LP: #1844186)
    - SAUCE: apparmor: fix nnp subset test for unconfined

* PM / hibernate: fix potential memory corruption (LP: #1847118)
    - PM / hibernate: memory_bm_find_bit(): Tighten node optimisation

* xHCI on AMD Stoney Ridge cannot detect USB 2.0 or 1.1 devices.
    (LP: #1846470)
    - x86/PCI: Avoid AMD FCH XHCI USB PME# from D0 defect

* CVE-2019-17056
    - nfc: enforce CAP_NET_RAW for raw sockets

* CVE-2019-17055
    - mISDN: enforce CAP_NET_RAW for raw sockets

* CVE-2019-17054
    - appletalk: enforce CAP_NET_RAW for raw sockets

* CVE-2019-17053
    - ieee802154: enforce CAP_NET_RAW for raw sockets

* CVE-2019-17052
    - ax25: enforce CAP_NET_RAW for raw sockets

* CVE-2019-15098
    - ath6kl: fix a NULL-ptr-deref bug in ath6kl_usb_alloc_urb_from_pipe()

* Disco update: upstream stable patchset 2019-10-10 (LP: #1847663)
    - Revert "Bluetooth: validate BLE connection interval updates"
    - net/ibmvnic: free reset work of removed device from queue
    - powerpc/xive: Fix bogus error code returned by OPAL
    - drm/amd/display: readd -msse2 to prevent Clang from emitting libcalls to
      undefined SW FP routines
    - HID: prodikeys: Fix general protection fault during probe
    - HID: sony: Fix memory corruption issue on cleanup.
    - HID: logitech: Fix general protection fault caused by Logitech driver
    - HID: hidraw: Fix invalid read in hidraw_ioctl
    - HID: Add quirk for HP X500 PIXART OEM mouse
    - mtd: cfi_cmdset_0002: Use chip_good() to retry in do_write_oneword()
    - crypto: talitos - fix missing break in switch statement
    - CIFS: fix deadlock in cached root handling
    - ASoC: Intel: cht_bsw_max98090_ti: Enable codec clock once and keep it
      enabled
    - ASoC: fsl: Fix of-node refcount unbalance in fsl_ssi_probe_from_dt()
    - ALSA: usb-audio: Add Hiby device family to quirks for native DSD support
    - ALSA: usb-audio: Add DSD support for EVGA NU Audio
    - ALSA: dice: fix wrong packet parameter for Alesis iO26
    - ALSA: hda - Add laptop imic fixup for ASUS M9V laptop
    - ALSA: hda - Apply AMD controller workaround for Raven platform
    - objtool: Clobber user CFLAGS variable
    - irqchip/gic-v3-its: Fix LPI release for Multi-MSI devices
    - f2fs: check all the data segments against all node ones
    - PCI: hv: Avoid use of hv_pci_dev->pci_slot after freeing it
    - bcache: remove redundant LIST_HEAD(journal) from run_cache_set()
    - initramfs: don't free a non-existent initrd
    - Revert "f2fs: avoid out-of-range memory access"
    - dm zoned: fix invalid memory access
    - net/ibmvnic: Fix missing { in __ibmvnic_reset
    - f2fs: fix to do sanity check on segment bitmap of LFS curseg
    - drm: Flush output polling on shutdown
    - net: don't warn in inet diag when IPV6 is disabled
    - Bluetooth: btrtl: HCI reset on close for Realtek BT chip
    - ACPI: video: Add new hw_changes_brightness quirk, set it on PB Easynote MZ35
    - drm/nouveau/disp/nv50-: fix center/aspect-corrected scaling
    - xfs: don't crash on null attr fork xfs_bmapi_read
    - netfilter: nft_socket: fix erroneous socket assignment
    - Bluetooth: btrtl: Additional Realtek 8822CE Bluetooth devices
    - net_sched: check cops->tcf_block in tc_bind_tclass()
    - net/rds: An rds_sock is added too early to the hash table
    - net/rds: Check laddr_check before calling it
    - f2fs: use generic EFSBADCRC/EFSCORRUPTED
    - phy: qcom-qmp: Raise qcom_qmp_phy_enable() polling delay
    - drm/amd/display: Allow cursor async updates for framebuffer swaps
    - drm/amd/display: Skip determining update type for async updates
    - drm/amd/display: Don't replace the dc_state for fast updates
    - platform/x86: i2c-multi-instantiate: Derive the device name from parent
    - drm/dp: Add DP_DPCD_QUIRK_NO_SINK_COUNT
    - xfrm: policy: avoid warning splat when merging nodes

* Disco update: upstream stable patchset 2019-10-01 (LP: #1846277)
    - netfilter: nf_flow_table: set default timeout after successful insertion
    - HID: wacom: generic: read HID_DG_CONTACTMAX from any feature report
    - Input: elan_i2c - remove Lenovo Legion Y7000 PnpID
    - powerpc/mm/radix: Use the right page size for vmemmap mapping
    - USB: usbcore: Fix slab-out-of-bounds bug during device reset
    - media: tm6000: double free if usb disconnect while streaming
    - phy: renesas: rcar-gen3-usb2: Disable clearing VBUS in over-current
    - ip6_gre: fix a dst leak in ip6erspan_tunnel_xmit
    - udp: correct reuseport selection with connected sockets
    - xen-netfront: do not assume sk_buff_head list is empty in error handling
    - net_sched: let qdisc_put() accept NULL pointer
    - firmware: google: check if size is valid when decoding VPD data
    - serial: sprd: correct the wrong sequence of arguments
    - tty/serial: atmel: reschedule TX after RX was started
    - nl80211: Fix possible Spectre-v1 for CQM RSSI thresholds
    - ieee802154: hwsim: Fix error handle path in hwsim_init_module
    - ieee802154: hwsim: unregister hw while hwsim_subscribe_all_others fails
    - ARM: dts: am57xx: Disable voltage switching for SD card
    - ARM: OMAP2+: Fix missing SYSC_HAS_RESET_STATUS for dra7 epwmss
    - bus: ti-sysc: Fix using configured sysc mask value
    - s390/bpf: fix lcgr instruction encoding
    - ARM: OMAP2+: Fix omap4 errata warning on other SoCs
    - ARM: dts: dra74x: Fix iodelay configuration for mmc3
    - ARM: OMAP1: ams-delta-fiq: Fix missing irq_ack
    - bus: ti-sysc: Simplify cleanup upon failures in sysc_probe()
    - s390/bpf: use 32-bit index for tail calls
    - selftests/bpf: fix "bind{4, 6} deny specific IP & port" on s390
    - tools: bpftool: close prog FD before exit on showing a single program
    - fpga: altera-ps-spi: Fix getting of optional confd gpio
    - netfilter: ebtables: Fix argument order to ADD_COUNTER
    - netfilter: nft_flow_offload: missing netlink attribute policy
    - netfilter: xt_nfacct: Fix alignment mismatch in xt_nfacct_match_info
    - NFSv4: Fix return values for nfs4_file_open()
    - NFSv4: Fix return value in nfs_finish_open()
    - NFS: Fix initialisation of I/O result struct in nfs_pgio_rpcsetup
    - Kconfig: Fix the reference to the IDT77105 Phy driver in the description of
      ATM_NICSTAR_USE_IDT77105
    - xdp: unpin xdp umem pages in error path
    - qed: Add cleanup in qed_slowpath_start()
    - ARM: 8874/1: mm: only adjust sections of valid mm structures
    - batman-adv: Only read OGM2 tvlv_len after buffer len check
    - bpf: allow narrow loads of some sk_reuseport_md fields with offset > 0
    - r8152: Set memory to all 0xFFs on failed reg reads
    - x86/apic: Fix arch_dynirq_lower_bound() bug for DT enabled machines
    - netfilter: xt_physdev: Fix spurious error message in physdev_mt_check
    - netfilter: nf_conntrack_ftp: Fix debug output
    - NFSv2: Fix eof handling
    - NFSv2: Fix write regression
    - kallsyms: Don't let kallsyms_lookup_size_offset() fail on retrieving the
      first symbol
    - cifs: set domainName when a domain-key is used in multiuser
    - cifs: Use kzfree() to zero out the password
    - usb: host: xhci-tegra: Set DMA mask correctly
    - ARM: 8901/1: add a criteria for pfn_valid of arm
    - ibmvnic: Do not process reset during or after device removal
    - sky2: Disable MSI on yet another ASUS boards (P6Xxxx)
    - i2c: designware: Synchronize IRQs when unregistering slave client
    - perf/x86/intel: Restrict period on Nehalem
    - perf/x86/amd/ibs: Fix sample bias for dispatched micro-ops
    - amd-xgbe: Fix error path in xgbe_mod_init()
    - tools/power x86_energy_perf_policy: Fix "uninitialized variable" warnings at
      -O2
    - tools/power x86_energy_perf_policy: Fix argument parsing
    - tools/power turbostat: fix buffer overrun
    - net: aquantia: fix out of memory condition on rx side
    - net: seeq: Fix the function used to release some memory in an error handling
      path
    - dmaengine: ti: dma-crossbar: Fix a memory leak bug
    - dmaengine: ti: omap-dma: Add cleanup in omap_dma_probe()
    - x86/uaccess: Don't leak the AC flags into __get_user() argument evaluation
    - x86/hyper-v: Fix overflow bug in fill_gva_list()
    - keys: Fix missing null pointer check in request_key_auth_describe()
    - iommu/amd: Flush old domains in kdump kernel
    - iommu/amd: Fix race in increase_address_space()
    - ovl: fix regression caused by overlapping layers detection
    - floppy: fix usercopy direction
    - binfmt_elf: move brk out of mmap when doing direct loader exec
    - SUNRPC: Handle connection breakages correctly in call_status()
    - nfs: disable client side deduplication
    - net: aquantia: fix limit of vlan filters
    - net: dsa: Fix load order between DSA drivers and taggers
    - ARM: dts: Fix flags for gpio7
    - bus: ti-sysc: Handle devices with no control registers
    - ARM: dts: Fix incorrect dcan register mapping for am3, am4 and dra7
    - ARM: dts: am335x: Fix UARTs length
    - ARM: dts: Fix incomplete dts data for am3 and am4 mmc
    - selftests/bpf: fix test_cgroup_storage on s390
    - flow_dissector: Fix potential use-after-free on BPF_PROG_DETACH
    - drm/amdgpu: fix dma_fence_wait without reference
    - netfilter: conntrack: make sysctls per-namespace again
    - drm/amd/powerplay: correct Vega20 dpm level related settings
    - libceph: don't call crypto_free_sync_skcipher() on a NULL tfm
    - i2c: iproc: Stop advertising support of SMBUS quick cmd
    - netfilter: nf_flow_table: clear skb tstamp before xmit
    - tools/power turbostat: Fix Haswell Core systems
    - net: aquantia: fix removal of vlan 0
    - net: aquantia: reapply vlan filters on up
    - arm64: dts: renesas: r8a77995: draak: Fix backlight regulator name
    - dmaengine: sprd: Fix the DMA link-list configuration
    - dmaengine: rcar-dmac: Fix DMACHCLR handling if iommu is mapped
    - Revert "arm64: Remove unnecessary ISBs from set_{pte,pmd,pud}"

-- Stefan Bader <stefan.bader@canonical.com>  Sat, 09 Nov 2019 17:31:21 +0100

Changed in linux (Ubuntu Disco):
status:	Fix Committed → Fix Released

Po-Hsu Lin (cypressyew) on 2020-01-08

Changed in linux (Ubuntu):
status:	Confirmed → Invalid

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.

Ubuntulinux package