Bug #1812153 “CONFIG_SECURITY_SELINUX_DISABLE should be disabled...” : Cosmic (18.10) : Bugs : linux-kvm package : Ubuntu

Revision history for this message

Po-Hsu Lin (cypressyew) wrote on 2019-01-17:

#1

Dependencies.txt Edit (2.6 KiB, text/plain; charset="utf-8")
ProcCpuinfoMinimal.txt Edit (728 bytes, text/plain; charset="utf-8")
ProcEnviron.txt Edit (270 bytes, text/plain; charset="utf-8")

Po-Hsu Lin (cypressyew) on 2019-01-17

Changed in linux-kvm (Ubuntu):
assignee:	nobody → Po-Hsu Lin (cypressyew)
status:	New → In Progress

Po-Hsu Lin (cypressyew) on 2019-01-17

Changed in ubuntu-kernel-tests:
status:	New → In Progress
assignee:	nobody → Po-Hsu Lin (cypressyew)

Stefan Bader (smb) on 2019-01-21

Changed in linux-kvm (Ubuntu Bionic):
importance:	Undecided → Medium

Khaled El Mously (kmously) on 2019-01-27

Changed in linux-kvm (Ubuntu Bionic):
status:	New → Fix Committed

Revision history for this message

Launchpad Janitor (janitor) wrote on 2019-03-05:

#2

Download full text (12.0 KiB)

This bug was fixed in the package linux-kvm - 4.15.0-1030.30

---------------
linux-kvm (4.15.0-1030.30) bionic; urgency=medium

* linux-kvm: 4.15.0-1030.30 -proposed tracker (LP: #1814736)

  * CONFIG_SECURITY_SELINUX_DISABLE should be disabled on KVM kernel
    (LP: #1812153)
    - [Config]: disable CONFIG_SECURITY_SELINUX_DISABLE
    - [Config]: disable CONFIG_SECURITY_WRITABLE_HOOKS

[ Ubuntu: 4.15.0-46.49 ]

  * linux: 4.15.0-46.49 -proposed tracker (LP: #1814726)
  * mprotect fails on ext4 with dax (LP: #1799237)
    - x86/speculation/l1tf: Exempt zeroed PTEs from inversion
  * kernel BUG at /build/linux-vxxS7y/linux-4.15.0/mm/slub.c:296! (LP: #1812086)
    - iscsi target: fix session creation failure handling
    - scsi: iscsi: target: Set conn->sess to NULL when iscsi_login_set_conn_values
      fails
    - scsi: iscsi: target: Fix conn_ops double free
  * user_copy in user from ubuntu_kernel_selftests failed on KVM kernel
    (LP: #1812198)
    - selftests: user: return Kselftest Skip code for skipped tests
    - selftests: kselftest: change KSFT_SKIP=4 instead of KSFT_PASS
    - selftests: kselftest: Remove outdated comment
  * RTL8822BE WiFi Disabled in Kernel 4.18.0-12 (LP: #1806472)
    - SAUCE: staging: rtlwifi: allow RTLWIFI_DEBUG_ST to be disabled
    - [Config] CONFIG_RTLWIFI_DEBUG_ST=n
    - SAUCE: Add r8822be to signature inclusion list
  * kernel oops in bcache module (LP: #1793901)
    - SAUCE: bcache: never writeback a discard operation
  * CVE-2018-18397
    - userfaultfd: use ENOENT instead of EFAULT if the atomic copy user fails
    - userfaultfd: shmem: allocate anonymous memory for MAP_PRIVATE shmem
    - userfaultfd: shmem/hugetlbfs: only allow to register VM_MAYWRITE vmas
    - userfaultfd: shmem: add i_size checks
    - userfaultfd: shmem: UFFDIO_COPY: set the page dirty if VM_WRITE is not set
  * Ignore "incomplete report" from Elan touchpanels (LP: #1813733)
    - HID: i2c-hid: Ignore input report if there's no data present on Elan
      touchpanels
  * Vsock connect fails with ENODEV for large CID (LP: #1813934)
    - vhost/vsock: fix vhost vsock cid hashing inconsistent
  * SRU: Fix thinkpad 11e 3rd boot hang (LP: #1804604)
    - ACPI / LPSS: Force LPSS quirks on boot
  * Bionic update: upstream stable patchset 2019-01-17 (LP: #1812229)
    - scsi: sd_zbc: Fix variable type and bogus comment
    - KVM/Eventfd: Avoid crash when assign and deassign specific eventfd in
      parallel.
    - x86/apm: Don't access __preempt_count with zeroed fs
    - x86/events/intel/ds: Fix bts_interrupt_threshold alignment
    - x86/MCE: Remove min interval polling limitation
    - fat: fix memory allocation failure handling of match_strdup()
    - ALSA: hda/realtek - Add Panasonic CF-SZ6 headset jack quirk
    - ARCv2: [plat-hsdk]: Save accl reg pair by default
    - ARC: Fix CONFIG_SWAP
    - ARC: configs: Remove CONFIG_INITRAMFS_SOURCE from defconfigs
    - ARC: mm: allow mprotect to make stack mappings executable
    - mm: memcg: fix use after free in mem_cgroup_iter()
    - mm/huge_memory.c: fix data loss when splitting a file pmd
    - cpufreq: intel_pstate: Register when ACPI PCCH is present
    - vfio/pci: Fix potent...

This bug was fixed in the package linux-kvm - 4.15.0-1030.30

---------------
linux-kvm (4.15.0-1030.30) bionic; urgency=medium

* linux-kvm: 4.15.0-1030.30 -proposed tracker (LP: #1814736)

* CONFIG_SECURITY_SELINUX_DISABLE should be disabled on KVM kernel
    (LP: #1812153)
    - [Config]: disable CONFIG_SECURITY_SELINUX_DISABLE
    - [Config]: disable CONFIG_SECURITY_WRITABLE_HOOKS

[ Ubuntu: 4.15.0-46.49 ]

* linux: 4.15.0-46.49 -proposed tracker (LP: #1814726)
  * mprotect fails on ext4 with dax (LP: #1799237)
    - x86/speculation/l1tf: Exempt zeroed PTEs from inversion
  * kernel BUG at /build/linux-vxxS7y/linux-4.15.0/mm/slub.c:296! (LP: #1812086)
    - iscsi target: fix session creation failure handling
    - scsi: iscsi: target: Set conn->sess to NULL when iscsi_login_set_conn_values
      fails
    - scsi: iscsi: target: Fix conn_ops double free
  * user_copy in user from ubuntu_kernel_selftests failed on KVM kernel
    (LP: #1812198)
    - selftests: user: return Kselftest Skip code for skipped tests
    - selftests: kselftest: change KSFT_SKIP=4 instead of KSFT_PASS
    - selftests: kselftest: Remove outdated comment
  * RTL8822BE WiFi Disabled in Kernel 4.18.0-12 (LP: #1806472)
    - SAUCE: staging: rtlwifi: allow RTLWIFI_DEBUG_ST to be disabled
    - [Config] CONFIG_RTLWIFI_DEBUG_ST=n
    - SAUCE: Add r8822be to signature inclusion list
  * kernel oops in bcache module (LP: #1793901)
    - SAUCE: bcache: never writeback a discard operation
  * CVE-2018-18397
    - userfaultfd: use ENOENT instead of EFAULT if the atomic copy user fails
    - userfaultfd: shmem: allocate anonymous memory for MAP_PRIVATE shmem
    - userfaultfd: shmem/hugetlbfs: only allow to register VM_MAYWRITE vmas
    - userfaultfd: shmem: add i_size checks
    - userfaultfd: shmem: UFFDIO_COPY: set the page dirty if VM_WRITE is not set
  * Ignore "incomplete report" from Elan touchpanels (LP: #1813733)
    - HID: i2c-hid: Ignore input report if there's no data present on Elan
      touchpanels
  * Vsock connect fails with ENODEV for large CID (LP: #1813934)
    - vhost/vsock: fix vhost vsock cid hashing inconsistent
  * SRU: Fix thinkpad 11e 3rd boot hang (LP: #1804604)
    - ACPI / LPSS: Force LPSS quirks on boot
  * Bionic update: upstream stable patchset 2019-01-17 (LP: #1812229)
    - scsi: sd_zbc: Fix variable type and bogus comment
    - KVM/Eventfd: Avoid crash when assign and deassign specific eventfd in
      parallel.
    - x86/apm: Don't access __preempt_count with zeroed fs
    - x86/events/intel/ds: Fix bts_interrupt_threshold alignment
    - x86/MCE: Remove min interval polling limitation
    - fat: fix memory allocation failure handling of match_strdup()
    - ALSA: hda/realtek - Add Panasonic CF-SZ6 headset jack quirk
    - ARCv2: [plat-hsdk]: Save accl reg pair by default
    - ARC: Fix CONFIG_SWAP
    - ARC: configs: Remove CONFIG_INITRAMFS_SOURCE from defconfigs
    - ARC: mm: allow mprotect to make stack mappings executable
    - mm: memcg: fix use after free in mem_cgroup_iter()
    - mm/huge_memory.c: fix data loss when splitting a file pmd
    - cpufreq: intel_pstate: Register when ACPI PCCH is present
    - vfio/pci: Fix potential Spectre v1
    - stop_machine: Disable preemption when waking two stopper threads
    - drm/i915: Fix hotplug irq ack on i965/g4x
    - drm/nouveau: Use drm_connector_list_iter_* for iterating connectors
    - drm/nouveau: Avoid looping through fake MST connectors
    - gen_stats: Fix netlink stats dumping in the presence of padding
    - ipv4: Return EINVAL when ping_group_range sysctl doesn't map to user ns
    - ipv6: fix useless rol32 call on hash
    - ipv6: ila: select CONFIG_DST_CACHE
    - lib/rhashtable: consider param->min_size when setting initial table size
    - net: diag: Don't double-free TCP_NEW_SYN_RECV sockets in tcp_abort
    - net: Don't copy pfmemalloc flag in __copy_skb_header()
    - skbuff: Unconditionally copy pfmemalloc in __skb_clone()
    - net/ipv4: Set oif in fib_compute_spec_dst
    - net: phy: fix flag masking in __set_phy_supported
    - ptp: fix missing break in switch
    - qmi_wwan: add support for Quectel EG91
    - tg3: Add higher cpu clock for 5762.
    - hv_netvsc: Fix napi reschedule while receive completion is busy
    - net/mlx4_en: Don't reuse RX page when XDP is set
    - net: systemport: Fix CRC forwarding check for SYSTEMPORT Lite
    - ipv6: make DAD fail with enhanced DAD when nonce length differs
    - net: usb: asix: replace mii_nway_restart in resume path
    - alpha: fix osf_wait4() breakage
    - cxl_getfile(): fix double-iput() on alloc_file() failures
    - powerpc/powernv: Fix save/restore of SPRG3 on entry/exit from stop (idle)
    - xhci: Fix perceived dead host due to runtime suspend race with event handler
    - KVM: irqfd: fix race between EPOLLHUP and irq_bypass_register_consumer
    - x86/kvmclock: set pvti_cpu0_va after enabling kvmclock
    - ALSA: hda/realtek - Yet another Clevo P950 quirk entry
    - drm/amdgpu: Reserve VM root shared fence slot for command submission (v3)
    - rhashtable: add restart routine in rhashtable_free_and_destroy()
    - sch_fq_codel: zero q->flows_cnt when fq_codel_init fails
    - sctp: introduce sctp_dst_mtu
    - sctp: fix the issue that pathmtu may be set lower than MINSEGMENT
    - net: aquantia: vlan unicast address list correct handling
    - drm_mode_create_lease_ioctl(): fix open-coded filp_clone_open()
  * Bionic update: upstream stable patchset 2019-01-15 (LP: #1811877)
    - compiler-gcc.h: Add __attribute__((gnu_inline)) to all inline declarations
    - x86/asm: Add _ASM_ARG* constants for argument registers to <asm/asm.h>
    - x86/paravirt: Make native_save_fl() extern inline
    - Btrfs: fix duplicate extents after fsync of file with prealloc extents
    - cpufreq / CPPC: Set platform specific transition_delay_us
    - PCI: exynos: Fix a potential init_clk_resources NULL pointer dereference
    - alx: take rtnl before calling __alx_open from resume
    - atm: Preserve value of skb->truesize when accounting to vcc
    - atm: zatm: Fix potential Spectre v1
    - ipv6: sr: fix passing wrong flags to crypto_alloc_shash()
    - ipvlan: fix IFLA_MTU ignored on NEWLINK
    - ixgbe: split XDP_TX tail and XDP_REDIRECT map flushing
    - net: dccp: avoid crash in ccid3_hc_rx_send_feedback()
    - net: dccp: switch rx_tstamp_last_feedback to monotonic clock
    - net: fix use-after-free in GRO with ESP
    - net: macb: Fix ptp time adjustment for large negative delta
    - net/mlx5e: Avoid dealing with vport representors if not being e-switch
      manager
    - net/mlx5: E-Switch, Avoid setup attempt if not being e-switch manager
    - net/mlx5: Fix command interface race in polling mode
    - net/mlx5: Fix incorrect raw command length parsing
    - net/mlx5: Fix required capability for manipulating MPFS
    - net/mlx5: Fix wrong size allocation for QoS ETC TC regitster
    - net: mvneta: fix the Rx desc DMA address in the Rx path
    - net/packet: fix use-after-free
    - net_sched: blackhole: tell upper qdisc about dropped packets
    - net: sungem: fix rx checksum support
    - net/tcp: Fix socket lookups with SO_BINDTODEVICE
    - qede: Adverstise software timestamp caps when PHC is not available.
    - qed: Fix setting of incorrect eswitch mode.
    - qed: Fix use of incorrect size in memcpy call.
    - qed: Limit msix vectors in kdump kernel to the minimum required count.
    - r8152: napi hangup fix after disconnect
    - stmmac: fix DMA channel hang in half-duplex mode
    - strparser: Remove early eaten to fix full tcp receive buffer stall
    - tcp: fix Fast Open key endianness
    - tcp: prevent bogus FRTO undos with non-SACK flows
    - vhost_net: validate sock before trying to put its fd
    - VSOCK: fix loopback on big-endian systems
    - net: cxgb3_main: fix potential Spectre v1
    - rtlwifi: Fix kernel Oops "Fw download fail!!"
    - rtlwifi: rtl8821ae: fix firmware is not ready to run
    - net: lan78xx: Fix race in tx pending skb size calculation
    - crypto: af_alg - Initialize sg_num_bytes in error code path
    - mtd: rawnand: denali_dt: set clk_x_rate to 200 MHz unconditionally
    - PCI: hv: Disable/enable IRQs rather than BH in hv_compose_msi_msg()
    - netfilter: ebtables: reject non-bridge targets
    - reiserfs: fix buffer overflow with long warning messages
    - KEYS: DNS: fix parsing multiple options
    - tls: Stricter error checking in zerocopy sendmsg path
    - autofs: fix slab out of bounds read in getname_kernel()
    - nsh: set mac len based on inner packet
    - bdi: Fix another oops in wb_workfn()
    - rds: avoid unenecessary cong_update in loop transport
    - net/nfc: Avoid stalls when nfc_alloc_send_skb() returned NULL.
    - string: drop __must_check from strscpy() and restore strscpy() usages in
      cgroup
    - nfsd: COPY and CLONE operations require the saved filehandle to be set
    - net/sched: act_ife: fix recursive lock and idr leak
    - net/sched: act_ife: preserve the action control in case of error
    - hinic: reset irq affinity before freeing irq
    - nfp: flower: fix mpls ether type detection
    - net: macb: initialize bp->queues[0].bp for at91rm9200
    - enic: do not overwrite error code
    - virtio_net: fix memory leak in XDP_REDIRECT
    - netfilter: ipv6: nf_defrag: drop skb dst before queueing
    - ipvs: initialize tbl->entries after allocation
    - ipvs: initialize tbl->entries in ip_vs_lblc_init_svc()
    - bpf: enforce correct alignment for instructions
    - bpf, arm32: fix to use bpf_jit_binary_lock_ro api
  * Fix non-working pinctrl-intel (LP: #1811777)
    - pinctrl: intel: Implement intel_gpio_get_direction callback
    - pinctrl: intel: Do pin translation in other GPIO operations as well
  * ip6_gre: fix tunnel list corruption for x-netns (LP: #1812875)
    - ip6_gre: fix tunnel list corruption for x-netns
  * Userspace break as a result of missing patch backport (LP: #1813873)
    - tty: Don't hold ldisc lock in tty_reopen() if ldisc present
  * kvm_stat : missing python dependency (LP: #1798776)
    - tools/kvm_stat: fix python3 issues
    - tools/kvm_stat: switch to python3
  * [SRU] Fix Xorg crash with nomodeset when BIOS enable 64-bit fb addr
    (LP: #1812797)
    - vgaarb: Add support for 64-bit frame buffer address
    - vgaarb: Keep adding VGA device in queue
  * Fix non-working QCA Rome Bluetooth after S3 (LP: #1812812)
    - USB: Add new USB LPM helpers
    - USB: Consolidate LPM checks to avoid enabling LPM twice
  * ptrace-tm-spd-gpr in powerpc/ptrace from ubuntu_kerenl_selftests failed on
    Bionic P8 (LP: #1813127)
    - selftests/powerpc: Fix ptrace tm failure
  * [SRU] IO's are issued with incorrect Scatter Gather Buffer (LP: #1795453)
    - scsi: megaraid_sas: Use 63-bit DMA addressing
  * Consider enabling CONFIG_NETWORK_PHY_TIMESTAMPING (LP: #1785816)
    - [Config] Enable timestamping in network PHY devices
  * CVE-2018-19854
    - crypto: user - fix leaking uninitialized memory to userspace
  * x86/mm: Found insecure W+X mapping at address (ptrval)/0xc00a0000
    (LP: #1813532)
    - x86/mm: Do not warn about PCI BIOS W+X mappings
  * CVE-2019-6133
    - fork: record start_time late
  * Fix not working Goodix touchpad (LP: #1811929)
    - HID: i2c-hid: Disable runtime PM on Goodix touchpad
  * bluetooth controller not detected with 4.15 kernel (LP: #1810797)
    - SAUCE: btqcomsmd: introduce BT_QCOMSMD_HACK
    - [Config] arm64: snapdragon: BT_QCOMSMD_HACK=y
  * X1 Extreme: only one of the two SSDs is loaded (LP: #1811755)
    - nvme-core: rework a NQN copying operation
    - nvme: pad fake subsys NQN vid and ssvid with zeros
    - nvme: introduce NVME_QUIRK_IGNORE_DEV_SUBNQN
  * Crash on "ip link add foo type ipip" (LP: #1811803)
    - SAUCE: fan: Fix NULL pointer dereference

[ Ubuntu: 4.15.0-45.48 ]

* linux: 4.15.0-45.48 -proposed tracker (LP: #1813779)
  * External monitors does not work anymore 4.15.0-44 (LP: #1813663)
    - SAUCE: Revert "drm/i915/dp: Send DPCD ON for MST before phy_up"
  * kernel 4.15.0-44 cannot mount ext4 fs with meta_bg enabled (LP: #1813727)
    - ext4: fix false negatives *and* false positives in ext4_check_descriptors()

-- Kleber Sacilotto de Souza <kleber.souza@canonical.com>  Wed, 06 Feb 2019 11:55:04 +0000

Changed in linux-kvm (Ubuntu Bionic):
status:	Fix Committed → Fix Released
status:	Fix Committed → Fix Released

Po-Hsu Lin (cypressyew) on 2019-03-07

Changed in linux-kvm (Ubuntu Cosmic):
assignee:	nobody → Po-Hsu Lin (cypressyew)
status:	New → In Progress

Khaled El Mously (kmously) on 2019-03-08

Changed in linux-kvm (Ubuntu Cosmic):
status:	In Progress → Fix Committed

Seth Forshee (sforshee) on 2019-03-27

Changed in linux-kvm (Ubuntu Disco):
status:	In Progress → Fix Committed

Revision history for this message

Launchpad Janitor (janitor) wrote on 2019-04-02:

#4

Download full text (5.4 KiB)

This bug was fixed in the package linux-kvm - 4.18.0-1009.9

---------------
linux-kvm (4.18.0-1009.9) cosmic; urgency=medium

* linux-kvm: 4.18.0-1009.9 -proposed tracker (LP: #1819621)

  * CONFIG_SECURITY_SELINUX_DISABLE should be disabled on KVM kernel
    (LP: #1812153)
    - [Config]: disable CONFIG_SECURITY_SELINUX_DISABLE
    - [Config]: disable CONFIG_SECURITY_WRITABLE_HOOKS

  * PAGE_POISONING / PAGE_POISONING_NO_SANITY / PAGE_POISONING_ZERO option was
    expected to be set in C-KVM (LP: #1812624)
    - [Config]: enable PAGE_POISONING, PAGE_POISONING_NO_SANITY,
      PAGE_POISONING_ZERO

[ Ubuntu: 4.18.0-17.18 ]

  * linux: 4.18.0-17.18 -proposed tracker (LP: #1819624)
  * Packaging resync (LP: #1786013)
    - [Packaging] resync getabis
    - [Packaging] update helper scripts
  * C++ demangling support missing from perf (LP: #1396654)
    - [Packaging] fix a mistype
  * arm-smmu-v3 arm-smmu-v3.3.auto: CMD_SYNC timeout (LP: #1818162)
    - iommu/arm-smmu-v3: Fix unexpected CMD_SYNC timeout
  * Crash in nvme_irq_check() when using threaded interrupts (LP: #1818747)
    - nvme-pci: fix out of bounds access in nvme_cqe_pending
  * CVE-2019-9003
    - ipmi: fix use-after-free of user->release_barrier.rda
  * CVE-2019-9162
    - netfilter: nf_nat_snmp_basic: add missing length checks in ASN.1 cbs
  * CVE-2019-9213
    - mm: enforce min addr even if capable() in expand_downwards()
  * CVE-2019-3460
    - Bluetooth: Check L2CAP option sizes returned from l2cap_get_conf_opt
  * tun/tap: unable to manage carrier state from userland (LP: #1806392)
    - tun: implement carrier change
  * CVE-2019-8980
    - exec: Fix mem leak in kernel_read_file
  * [Packaging] Allow overlay of config annotations (LP: #1752072)
    - [Packaging] config-check: Add an include directive
  * amdgpu with mst WARNING on blanking (LP: #1814308)
    - drm/amd/display: Fix MST dp_blank REG_WAIT timeout
  * CVE-2019-7308
    - bpf: move {prev_,}insn_idx into verifier env
    - bpf: move tmp variable into ax register in interpreter
    - bpf: enable access to ax register also from verifier rewrite
    - bpf: restrict map value pointer arithmetic for unprivileged
    - bpf: restrict stack pointer arithmetic for unprivileged
    - bpf: restrict unknown scalars of mixed signed bounds for unprivileged
    - bpf: fix check_map_access smin_value test when pointer contains offset
    - bpf: prevent out of bounds speculation on pointer arithmetic
    - bpf: fix sanitation of alu op with pointer / scalar type from different
      paths
    - bpf: add various test cases to test_verifier
    - bpf: add various test cases to selftests
  * CVE-2017-5753
    - bpf: fix inner map masking to prevent oob under speculation
  * Use memblock quirk instead of delayed allocation for GICv3 LPI tables
    (LP: #1816425)
    - efi/arm: Revert "Defer persistent reservations until after paging_init()"
    - arm64, mm, efi: Account for GICv3 LPI tables in static memblock reserve
      table
  * efi/arm/arm64: Allow SetVirtualAddressMap() to be omitted (LP: #1814982)
    - efi/arm/arm64: Allow SetVirtualAddressMap() to be omitted
  * Update ENA driver to version 2.0.3K (LP: #1816806)
    - net: ...

This bug was fixed in the package linux-kvm - 4.18.0-1009.9

---------------
linux-kvm (4.18.0-1009.9) cosmic; urgency=medium

* linux-kvm: 4.18.0-1009.9 -proposed tracker (LP: #1819621)

* CONFIG_SECURITY_SELINUX_DISABLE should be disabled on KVM kernel
    (LP: #1812153)
    - [Config]: disable CONFIG_SECURITY_SELINUX_DISABLE
    - [Config]: disable CONFIG_SECURITY_WRITABLE_HOOKS

* PAGE_POISONING / PAGE_POISONING_NO_SANITY / PAGE_POISONING_ZERO option was
    expected to be set in C-KVM (LP: #1812624)
    - [Config]: enable PAGE_POISONING, PAGE_POISONING_NO_SANITY,
      PAGE_POISONING_ZERO

[ Ubuntu: 4.18.0-17.18 ]

* linux: 4.18.0-17.18 -proposed tracker (LP: #1819624)
  * Packaging resync (LP: #1786013)
    - [Packaging] resync getabis
    - [Packaging] update helper scripts
  * C++ demangling support missing from perf (LP: #1396654)
    - [Packaging] fix a mistype
  * arm-smmu-v3 arm-smmu-v3.3.auto: CMD_SYNC timeout (LP: #1818162)
    - iommu/arm-smmu-v3: Fix unexpected CMD_SYNC timeout
  * Crash in nvme_irq_check() when using threaded interrupts (LP: #1818747)
    - nvme-pci: fix out of bounds access in nvme_cqe_pending
  * CVE-2019-9003
    - ipmi: fix use-after-free of user->release_barrier.rda
  * CVE-2019-9162
    - netfilter: nf_nat_snmp_basic: add missing length checks in ASN.1 cbs
  * CVE-2019-9213
    - mm: enforce min addr even if capable() in expand_downwards()
  * CVE-2019-3460
    - Bluetooth: Check L2CAP option sizes returned from l2cap_get_conf_opt
  * tun/tap: unable to manage carrier state from userland (LP: #1806392)
    - tun: implement carrier change
  * CVE-2019-8980
    - exec: Fix mem leak in kernel_read_file
  * [Packaging] Allow overlay of config annotations (LP: #1752072)
    - [Packaging] config-check: Add an include directive
  * amdgpu with mst WARNING on blanking (LP: #1814308)
    - drm/amd/display: Fix MST dp_blank REG_WAIT timeout
  * CVE-2019-7308
    - bpf: move {prev_,}insn_idx into verifier env
    - bpf: move tmp variable into ax register in interpreter
    - bpf: enable access to ax register also from verifier rewrite
    - bpf: restrict map value pointer arithmetic for unprivileged
    - bpf: restrict stack pointer arithmetic for unprivileged
    - bpf: restrict unknown scalars of mixed signed bounds for unprivileged
    - bpf: fix check_map_access smin_value test when pointer contains offset
    - bpf: prevent out of bounds speculation on pointer arithmetic
    - bpf: fix sanitation of alu op with pointer / scalar type from different
      paths
    - bpf: add various test cases to test_verifier
    - bpf: add various test cases to selftests
  * CVE-2017-5753
    - bpf: fix inner map masking to prevent oob under speculation
  * Use memblock quirk instead of delayed allocation for GICv3 LPI tables
    (LP: #1816425)
    - efi/arm: Revert "Defer persistent reservations until after paging_init()"
    - arm64, mm, efi: Account for GICv3 LPI tables in static memblock reserve
      table
  * efi/arm/arm64: Allow SetVirtualAddressMap() to be omitted (LP: #1814982)
    - efi/arm/arm64: Allow SetVirtualAddressMap() to be omitted
  * Update ENA driver to version 2.0.3K (LP: #1816806)
    - net: ena: update driver version from 2.0.2 to 2.0.3
    - net: ena: fix race between link up and device initalization
    - net: ena: fix crash during failed resume from hibernation
  * Silent "Unknown key" message when pressing keyboard backlight hotkey
    (LP: #1817063)
    - platform/x86: dell-wmi: Ignore new keyboard backlight change event
  * CVE-2018-19824
    - ALSA: usb-audio: Fix UAF decrement if card has no live interfaces in card.c
  * CVE-2019-3459
    - Bluetooth: Verify that l2cap_get_conf_opt provides large enough buffer
  * CONFIG_TEST_BPF is disabled (LP: #1813955)
    - [Config]: Reenable TEST_BPF
  * installer does not support iSCSI iBFT (LP: #1817321)
    - d-i: add iscsi_ibft to scsi-modules
  * CVE-2019-7222
    - KVM: x86: work around leak of uninitialized stack contents (CVE-2019-7222)
  * CVE-2019-7221
    - KVM: nVMX: unconditionally cancel preemption timer in free_nested
      (CVE-2019-7221)
  * CVE-2019-6974
    - kvm: fix kvm_ioctl_create_device() reference counting (CVE-2019-6974)
  * hns3 nic speed may not match optical port speed (LP: #1817969)
    - net: hns3: Config NIC port speed same as that of optical module
  * [Hyper-V] srcu: Lock srcu_data structure in srcu_gp_start() (LP: #1802021)
    - srcu: Lock srcu_data structure in srcu_gp_start()
  * libsas disks can have non-unique by-path names (LP: #1817784)
    - scsi: libsas: Fix rphy phy_identifier for PHYs with end devices attached
  * Bluetooth not working (Intel CyclonePeak) (LP: #1817518)
    - Bluetooth: btusb: Add support for Intel bluetooth device 8087:0029
  * CVE-2019-8912
    - net: crypto set sk to NULL when af_alg_release.
    - net: socket: set sock->sk to NULL after calling proto_ops::release()
  * 4.18.0 thinkpad_acpi : thresholds for BAT1 not writable (LP: #1812099)
    - platform/x86: thinkpad_acpi: Fix multi-battery bug
  * [ALSA] [PATCH] System76 darp5 and oryp5 fixups (LP: #1815831)
    - ALSA: hda/realtek - Headset microphone support for System76 darp5
    - ALSA: hda/realtek - Headset microphone and internal speaker support for
      System76 oryp5
  * CVE-2019-8956
    - sctp: walk the list of asoc safely
  * Constant noise in the headphone on Lenovo X1 machines (LP: #1817263)
    - ALSA: hda/realtek: Disable PC beep in passthrough on alc285

-- Kleber Sacilotto de Souza <kleber.souza@canonical.com>  Thu, 14 Mar 2019 09:43:06 +0100

Changed in linux-kvm (Ubuntu Cosmic):
status:	Fix Committed → Fix Released
status:	Fix Committed → Fix Released

Revision history for this message

Launchpad Janitor (janitor) wrote on 2019-04-11:

#6

Download full text (50.2 KiB)

This bug was fixed in the package linux-kvm - 5.0.0-1002.2

---------------
linux-kvm (5.0.0-1002.2) disco; urgency=medium

* linux-kvm: 5.0.0-1002.2 -proposed tracker (LP: #1823222)

* Packaging resync (LP: #1786013)
- [Packaging] update update.conf

* Set CONFIG_RANDOM_TRUST_CPU=y (LP: #1823754)
- [Config] CONFIG_RANDOM_TRUST_CPU=y

  * CONFIG_SECURITY_SELINUX_DISABLE should be disabled on KVM kernel
    (LP: #1812153)
    - [Config]: disable CONFIG_SECURITY_SELINUX_DISABLE

  * Miscellaneous Ubuntu changes
    - [Packaging] enable nvidia dkms build
    - [Config] update configs after rebase to 5.0.0-10.11

[ Ubuntu: 5.0.0-10.11 ]

  * linux: 5.0.0-10.11 -proposed tracker (LP: #1823936)
  * Apparmor enforcement failure in lxc selftests (LP: #1823379)
    - SAUCE: apparmor: Restore Y/N in /sys for apparmor's "enabled"
  * systemd cause kernel trace "BUG: unable to handle kernel paging request at
    6db23a14" on Cosmic i386 (LP: #1813244)
    - openvswitch: fix flow actions reallocation

[ Ubuntu: 5.0.0-9.10 ]

  * linux: 5.0.0-9.10 -proposed tracker (LP: #1823228)
  * Packaging resync (LP: #1786013)
    - [Packaging] resync git-ubuntu-log
    - [Packaging] update helper scripts
    - [Packaging] resync retpoline extraction
  * Huawei Hi1822 NIC has poor performance (LP: #1820187)
    - net-next/hinic: replace disable_irq_nosync/enable_irq
  * Add uid shifting overlay filesystem (shiftfs) (LP: #1823186)
    - shiftfs: uid/gid shifting bind mount
    - shiftfs: rework and extend
    - shiftfs: support some btrfs ioctls
    - [Config] enable shiftfs
  * Cannot boot or install - have to use nomodeset (LP: #1821820)
    - Revert "drm/i915/fbdev: Actually configure untiled displays"
  * Disco update: v5.0.6 upstream stable release (LP: #1823060)
    - netfilter: nf_tables: fix set double-free in abort path
    - dccp: do not use ipv6 header for ipv4 flow
    - genetlink: Fix a memory leak on error path
    - gtp: change NET_UDP_TUNNEL dependency to select
    - ipv6: make ip6_create_rt_rcu return ip6_null_entry instead of NULL
    - mac8390: Fix mmio access size probe
    - mISDN: hfcpci: Test both vendor & device ID for Digium HFC4S
    - net: aquantia: fix rx checksum offload for UDP/TCP over IPv6
    - net: datagram: fix unbounded loop in __skb_try_recv_datagram()
    - net/packet: Set __GFP_NOWARN upon allocation in alloc_pg_vec
    - net: phy: meson-gxl: fix interrupt support
    - net: rose: fix a possible stack overflow
    - net: stmmac: fix memory corruption with large MTUs
    - net-sysfs: call dev_hold if kobject_init_and_add success
    - net: usb: aqc111: Extend HWID table by QNAP device
    - packets: Always register packet sk in the same order
    - rhashtable: Still do rehash when we get EEXIST
    - sctp: get sctphdr by offset in sctp_compute_cksum
    - sctp: use memdup_user instead of vmemdup_user
    - tcp: do not use ipv6 header for ipv4 flow
    - tipc: allow service ranges to be connect()'ed on RDM/DGRAM
    - tipc: change to check tipc_own_id to return in tipc_net_stop
    - tipc: fix cancellation of topology subscriptions
    - tun: properly test for IFF_UP
    - vrf: prevent adding upper devices
    - v...

This bug was fixed in the package linux-kvm - 5.0.0-1002.2

---------------
linux-kvm (5.0.0-1002.2) disco; urgency=medium

* linux-kvm: 5.0.0-1002.2 -proposed tracker (LP: #1823222)

* Packaging resync (LP: #1786013)
    - [Packaging] update update.conf

* Set CONFIG_RANDOM_TRUST_CPU=y (LP: #1823754)
    - [Config] CONFIG_RANDOM_TRUST_CPU=y

* CONFIG_SECURITY_SELINUX_DISABLE should be disabled on KVM kernel
    (LP: #1812153)
    - [Config]: disable CONFIG_SECURITY_SELINUX_DISABLE

* Miscellaneous Ubuntu changes
    - [Packaging] enable nvidia dkms build
    - [Config] update configs after rebase to 5.0.0-10.11

[ Ubuntu: 5.0.0-10.11 ]

* linux: 5.0.0-10.11 -proposed tracker (LP: #1823936)
  * Apparmor enforcement failure in lxc selftests (LP: #1823379)
    - SAUCE: apparmor: Restore Y/N in /sys for apparmor's "enabled"
  * systemd cause kernel trace "BUG: unable to handle kernel paging request at
    6db23a14" on Cosmic i386 (LP: #1813244)
    - openvswitch: fix flow actions reallocation

[ Ubuntu: 5.0.0-9.10 ]

* linux: 5.0.0-9.10 -proposed tracker (LP: #1823228)
  * Packaging resync (LP: #1786013)
    - [Packaging] resync git-ubuntu-log
    - [Packaging] update helper scripts
    - [Packaging] resync retpoline extraction
  * Huawei Hi1822 NIC has poor performance (LP: #1820187)
    - net-next/hinic: replace disable_irq_nosync/enable_irq
  * Add uid shifting overlay filesystem (shiftfs) (LP: #1823186)
    - shiftfs: uid/gid shifting bind mount
    - shiftfs: rework and extend
    - shiftfs: support some btrfs ioctls
    - [Config] enable shiftfs
  * Cannot boot or install - have to use nomodeset (LP: #1821820)
    - Revert "drm/i915/fbdev: Actually configure untiled displays"
  * Disco update: v5.0.6 upstream stable release (LP: #1823060)
    - netfilter: nf_tables: fix set double-free in abort path
    - dccp: do not use ipv6 header for ipv4 flow
    - genetlink: Fix a memory leak on error path
    - gtp: change NET_UDP_TUNNEL dependency to select
    - ipv6: make ip6_create_rt_rcu return ip6_null_entry instead of NULL
    - mac8390: Fix mmio access size probe
    - mISDN: hfcpci: Test both vendor & device ID for Digium HFC4S
    - net: aquantia: fix rx checksum offload for UDP/TCP over IPv6
    - net: datagram: fix unbounded loop in __skb_try_recv_datagram()
    - net/packet: Set __GFP_NOWARN upon allocation in alloc_pg_vec
    - net: phy: meson-gxl: fix interrupt support
    - net: rose: fix a possible stack overflow
    - net: stmmac: fix memory corruption with large MTUs
    - net-sysfs: call dev_hold if kobject_init_and_add success
    - net: usb: aqc111: Extend HWID table by QNAP device
    - packets: Always register packet sk in the same order
    - rhashtable: Still do rehash when we get EEXIST
    - sctp: get sctphdr by offset in sctp_compute_cksum
    - sctp: use memdup_user instead of vmemdup_user
    - tcp: do not use ipv6 header for ipv4 flow
    - tipc: allow service ranges to be connect()'ed on RDM/DGRAM
    - tipc: change to check tipc_own_id to return in tipc_net_stop
    - tipc: fix cancellation of topology subscriptions
    - tun: properly test for IFF_UP
    - vrf: prevent adding upper devices
    - vxlan: Don't call gro_cells_destroy() before device is unregistered
    - thunderx: enable page recycling for non-XDP case
    - thunderx: eliminate extra calls to put_page() for pages held for recycling
    - net: dsa: mv88e6xxx: fix few issues in mv88e6390x_port_set_cmode
    - net: mii: Fix PAUSE cap advertisement from linkmode_adv_to_lcl_adv_t()
      helper
    - net: phy: don't clear BMCR in genphy_soft_reset
    - r8169: fix cable re-plugging issue
    - ila: Fix rhashtable walker list corruption
    - tun: add a missing rcu_read_unlock() in error path
    - powerpc/fsl: Fix the flush of branch predictor.
    - Btrfs: fix incorrect file size after shrinking truncate and fsync
    - btrfs: remove WARN_ON in log_dir_items
    - btrfs: don't report readahead errors and don't update statistics
    - btrfs: Fix bound checking in qgroup_trace_new_subtree_blocks
    - btrfs: Avoid possible qgroup_rsv_size overflow in
      btrfs_calculate_inode_block_rsv_size
    - Btrfs: fix assertion failure on fsync with NO_HOLES enabled
    - locks: wake any locks blocked on request before deadlock check
    - tracing: initialize variable in create_dyn_event()
    - ARM: imx6q: cpuidle: fix bug that CPU might not wake up at expected time
    - powerpc: bpf: Fix generation of load/store DW instructions
    - vfio: ccw: only free cp on final interrupt
    - NFS: Fix nfs4_lock_state refcounting in nfs4_alloc_{lock,unlock}data()
    - NFS: fix mount/umount race in nlmclnt.
    - NFSv4.1 don't free interrupted slot on open
    - net: dsa: qca8k: remove leftover phy accessors
    - ALSA: rawmidi: Fix potential Spectre v1 vulnerability
    - ALSA: seq: oss: Fix Spectre v1 vulnerability
    - ALSA: pcm: Fix possible OOB access in PCM oss plugins
    - ALSA: pcm: Don't suspend stream in unrecoverable PCM state
    - ALSA: hda/realtek - Fixed Headset Mic JD not stable
    - ALSA: hda/realtek: merge alc_fixup_headset_jack to alc295_fixup_chromebook
    - ALSA: hda/realtek - Add support headset mode for DELL WYSE AIO
    - ALSA: hda/realtek - Add support headset mode for New DELL WYSE NB
    - ALSA: hda/realtek: Enable headset MIC of Acer AIO with ALC286
    - ALSA: hda/realtek: Enable headset MIC of Acer Aspire Z24-890 with ALC286
    - ALSA: hda/realtek - Add support for Acer Aspire E5-523G/ES1-432 headset mic
    - ALSA: hda/realtek: Enable ASUS X441MB and X705FD headset MIC with ALC256
    - ALSA: hda/realtek: Enable headset mic of ASUS P5440FF with ALC256
    - ALSA: hda/realtek: Enable headset MIC of ASUS X430UN and X512DK with ALC256
    - ALSA: hda/realtek - Fix speakers on Acer Predator Helios 500 Ryzen laptops
    - kbuild: modversions: Fix relative CRC byte order interpretation
    - fs/open.c: allow opening only regular files during execve()
    - ocfs2: fix inode bh swapping mixup in ocfs2_reflink_inodes_lock
    - scsi: sd: Fix a race between closing an sd device and sd I/O
    - scsi: sd: Quiesce warning if device does not report optimal I/O size
    - scsi: zfcp: fix rport unblock if deleted SCSI devices on Scsi_Host
    - scsi: zfcp: fix scsi_eh host reset with port_forced ERP for non-NPIV FCP
      devices
    - drm/rockchip: vop: reset scale mode when win is disabled
    - tty/serial: atmel: Add is_half_duplex helper
    - tty/serial: atmel: RS485 HD w/DMA: enable RX after TX is stopped
    - tty: mxs-auart: fix a potential NULL pointer dereference
    - tty: atmel_serial: fix a potential NULL pointer dereference
    - tty: serial: qcom_geni_serial: Initialize baud in qcom_geni_console_setup
    - staging: comedi: ni_mio_common: Fix divide-by-zero for DIO cmdtest
    - staging: olpc_dcon_xo_1: add missing 'const' qualifier
    - staging: speakup_soft: Fix alternate speech with other synths
    - staging: vt6655: Remove vif check from vnt_interrupt
    - staging: vt6655: Fix interrupt race condition on device start up.
    - staging: erofs: fix to handle error path of erofs_vmap()
    - staging: erofs: fix error handling when failed to read compresssed data
    - staging: erofs: keep corrupted fs from crashing kernel in erofs_readdir()
    - serial: max310x: Fix to avoid potential NULL pointer dereference
    - serial: mvebu-uart: Fix to avoid a potential NULL pointer dereference
    - serial: sh-sci: Fix setting SCSCR_TIE while transferring data
    - USB: serial: cp210x: add new device id
    - USB: serial: ftdi_sio: add additional NovaTech products
    - USB: serial: mos7720: fix mos_parport refcount imbalance on error path
    - USB: serial: option: set driver_info for SIM5218 and compatibles
    - USB: serial: option: add support for Quectel EM12
    - USB: serial: option: add Olicard 600
    - ACPI / CPPC: Fix guaranteed performance handling
    - Disable kgdboc failed by echo space to /sys/module/kgdboc/parameters/kgdboc
    - fs/proc/proc_sysctl.c: fix NULL pointer dereference in put_links
    - drivers/block/zram/zram_drv.c: fix idle/writeback string compare
    - blk-mq: fix sbitmap ws_active for shared tags
    - cpufreq: intel_pstate: Also use CPPC nominal_perf for base_frequency
    - cpufreq: scpi: Fix use after free
    - drm/vgem: fix use-after-free when drm_gem_handle_create() fails
    - drm/vkms: fix use-after-free when drm_gem_handle_create() fails
    - drm/i915: Mark AML 0x87CA as ULX
    - drm/i915/gvt: Fix MI_FLUSH_DW parsing with correct index check
    - drm/i915/icl: Fix the TRANS_DDI_FUNC_CTL2 bitfield macro
    - gpio: exar: add a check for the return value of ida_simple_get fails
    - gpio: adnp: Fix testing wrong value in adnp_gpio_direction_input
    - phy: sun4i-usb: Support set_mode to USB_HOST for non-OTG PHYs
    - usb: mtu3: fix EXTCON dependency
    - USB: gadget: f_hid: fix deadlock in f_hidg_write()
    - usb: common: Consider only available nodes for dr_mode
    - mm/memory.c: fix modifying of page protection by insert_pfn()
    - usb: host: xhci-rcar: Add XHCI_TRUST_TX_LENGTH quirk
    - xhci: Fix port resume done detection for SS ports with LPM enabled
    - usb: xhci: dbc: Don't free all memory with spinlock held
    - xhci: Don't let USB3 ports stuck in polling state prevent suspend
    - usb: cdc-acm: fix race during wakeup blocking TX traffic
    - usb: typec: tcpm: Try PD-2.0 if sink does not respond to 3.0 source-caps
    - usb: typec: Fix unchecked return value
    - mm/hotplug: fix offline undo_isolate_page_range()
    - mm: add support for kmem caches in DMA32 zone
    - iommu/io-pgtable-arm-v7s: request DMA32 memory, and improve debugging
    - mm: mempolicy: make mbind() return -EIO when MPOL_MF_STRICT is specified
    - mm/debug.c: fix __dump_page when mapping->host is not set
    - mm/memory_hotplug.c: fix notification in offline error path
    - mm/page_isolation.c: fix a wrong flag in set_migratetype_isolate()
    - mm/migrate.c: add missing flush_dcache_page for non-mapped page migrate
    - perf pmu: Fix parser error for uncore event alias
    - perf intel-pt: Fix TSC slip
    - objtool: Query pkg-config for libelf location
    - powerpc/pseries/energy: Use OF accessor functions to read ibm,drc-indexes
    - powerpc/64: Fix memcmp reading past the end of src/dest
    - powerpc/pseries/mce: Fix misleading print for TLB mutlihit
    - watchdog: Respect watchdog cpumask on CPU hotplug
    - cpu/hotplug: Prevent crash when CPU bringup fails on CONFIG_HOTPLUG_CPU=n
    - x86/smp: Enforce CONFIG_HOTPLUG_CPU when SMP=y
    - KVM: Reject device ioctls from processes other than the VM's creator
    - KVM: x86: Emulate MSR_IA32_ARCH_CAPABILITIES on AMD hosts
    - KVM: x86: update %rip after emulating IO
    - bpf: do not restore dst_reg when cur_state is freed
    - mt76x02u: use usb_bulk_msg to upload firmware
    - Linux 5.0.6
  * RDMA/hns updates for disco (LP: #1822897)
    - RDMA/hns: Fix the bug with updating rq head pointer when flush cqe
    - RDMA/hns: Bugfix for the scene without receiver queue
    - RDMA/hns: Add constraint on the setting of local ACK timeout
    - RDMA/hns: Modify the pbl ba page size for hip08
    - RDMA/hns: RDMA/hns: Assign rq head pointer when enable rq record db
    - RDMA/hns: Add the process of AEQ overflow for hip08
    - RDMA/hns: Add SCC context allocation support for hip08
    - RDMA/hns: Add SCC context clr support for hip08
    - RDMA/hns: Add timer allocation support for hip08
    - RDMA/hns: Remove set but not used variable 'rst'
    - RDMA/hns: Make some function static
    - RDMA/hns: Fix the Oops during rmmod or insmod ko when reset occurs
    - RDMA/hns: Fix the chip hanging caused by sending mailbox&CMQ during reset
    - RDMA/hns: Fix the chip hanging caused by sending doorbell during reset
    - RDMA/hns: Limit minimum ROCE CQ depth to 64
    - RDMA/hns: Fix the state of rereg mr
    - RDMA/hns: Set allocated memory to zero for wrid
    - RDMA/hns: Delete useful prints for aeq subtype event
    - RDMA/hns: Configure capacity of hns device
    - RDMA/hns: Modify qp&cq&pd specification according to UM
    - RDMA/hns: Bugfix for set hem of SCC
    - RDMA/hns: Use GFP_ATOMIC in hns_roce_v2_modify_qp
  * autopkgtests run too often, too much and don't skip enough (LP: #1823056)
    - Set +x on rebuild testcase.
    - Skip rebuild test, for regression-suite deps.
    - Make ubuntu-regression-suite skippable on unbootable kernels.
    - make rebuild use skippable error codes when skipping.
    - Only run regression-suite, if requested to.
  * touchpad not working on lenovo yoga 530 (LP: #1787775)
    - Revert "UBUNTU: SAUCE: i2c:amd Depends on ACPI"
    - Revert "UBUNTU: SAUCE: i2c:amd move out pointer in union i2c_event_base"
    - i2c: add extra check to safe DMA buffer helper
    - i2c: Add drivers for the AMD PCIe MP2 I2C controller
    - [Config] Update config for AMD MP2 I2C driver
  * Detect SMP PHY control command errors (LP: #1822680)
    - scsi: libsas: Check SMP PHY control function result
  * disable a.out support (LP: #1818552)
    - [Config] Disable a.out support
    - [Config] remove binfmt_aout from abi for i386 lowlatency
  * bionic: fork out linux-snapdragon into its own topic kernel (LP: #1820868)
    - [Packaging] remove snapdragon flavour support
    - Revert "UBUNTU: SAUCE: (snapdragon) drm/msm/adv7511: wrap hacks under
      CONFIG_ADV7511_SNAPDRAGON_HACKS #ifdefs"
    - Revert "UBUNTU: SAUCE: (snapdragon) media: ov5645: skip address change if dt
      addr == default addr"
    - Revert "UBUNTU: SAUCE: (snapdragon) DT: leds: Add Qualcomm Light Pulse
      Generator binding"
    - Revert "UBUNTU: SAUCE: (snapdragon) MAINTAINERS: Add Qualcomm Camera Control
      Interface driver"
    - Revert "UBUNTU: SAUCE: (snapdragon) dt-bindings: media: Binding document for
      Qualcomm Camera Control Interface driver"
    - Revert "UBUNTU: SAUCE: (snapdragon) leds: Add driver for Qualcomm LPG"
    - Revert "UBUNTU: SAUCE: (snapdragon) HACK: drm/msm/adv7511: Don't rely on
      interrupts for EDID parsing"
    - Revert "UBUNTU: SAUCE: (snapdragon) drm/bridge/adv7511: Delay clearing of
      HPD interrupt status"
    - Revert "UBUNTU: SAUCE: (snapdragon) media: ov5645: Fix I2C address"
    - Revert "UBUNTU: SAUCE: (snapdragon) i2c-qcom-cci: Fix I2C address bug"
    - Revert "UBUNTU: SAUCE: (snapdragon) i2c-qcom-cci: Fix run queue completion
      timeout"
    - Revert "UBUNTU: SAUCE: (snapdragon) camss: Do not register if no cameras are
      present"
    - Revert "UBUNTU: SAUCE: (snapdragon) i2c: Add Qualcomm Camera Control
      Interface driver"
    - Revert "UBUNTU: SAUCE: (snapdragon) ov5645: I2C address change"
    - Revert "UBUNTU: SAUCE: (snapdragon) regulator: smd: Allow
      REGULATOR_QCOM_SMD_RPM=m"
    - Revert "UBUNTU: SAUCE: (snapdragon) cpufreq: Add apq8016 to cpufreq-dt-
      platdev blacklist"
    - Revert "UBUNTU: SAUCE: (snapdragon) PM / OPP: Add a helper to get an opp
      regulator for device"
    - Revert "UBUNTU: SAUCE: (snapdragon) PM / OPP: HACK: Allow to set regulator
      without opp_list"
    - Revert "UBUNTU: SAUCE: (snapdragon) PM / OPP: Drop RCU usage in
      dev_pm_opp_adjust_voltage()"
    - Revert "UBUNTU: SAUCE: (snapdragon) PM / OPP: Support adjusting OPP voltages
      at runtime"
    - Revert "UBUNTU: SAUCE: (snapdragon) regulator: smd: Add floor and corner
      operations"
    - Revert "UBUNTU: SAUCE: (snapdragon) power: avs: cpr: Register with cpufreq-
      dt"
    - Revert "UBUNTU: SAUCE: (snapdragon) power: avs: cpr: fix with new
      reg_sequence structures"
    - Revert "UBUNTU: SAUCE: (snapdragon) power: avs: cpr: Use raw mem access for
      qfprom"
    - Revert "UBUNTU: SAUCE: (snapdragon) power: avs: Add support for CPR (Core
      Power Reduction)"
    - Revert "UBUNTU: SAUCE: (snapdragon) HACK: drm/msm/iommu: Remove runtime_put
      calls in map/unmap"
    - Revert "UBUNTU: SAUCE: (snapdragon) arm64: defconfig: enable LEDS_QCOM_LPG"
    - Revert "UBUNTU: SAUCE: (snapdragon) kernel: distro.config: enable 'BBR' TCP
      congestion algorithm"
    - Revert "UBUNTU: SAUCE: (snapdragon) kernel: distro.config: enable 'fq' and
      'fq_codel' qdiscs"
    - Revert "UBUNTU: SAUCE: (snapdragon) kernel: distro.config: enable
      'schedutil' CPUfreq governor"
    - Revert "UBUNTU: SAUCE: (snapdragon) kernel: configs: set USB_CONFIG_F_FS in
      distro.config"
    - Revert "UBUNTU: SAUCE: (snapdragon) arm64: defconfig: enable
      CONFIG_USB_CONFIGFS_F_FS by default"
    - Revert "UBUNTU: SAUCE: (snapdragon) kernel: configs: add freq stat to sysfs"
    - Revert "UBUNTU: SAUCE: (snapdragon) arm64: configs: Enable camera drivers"
    - Revert "UBUNTU: SAUCE: (snapdragon) arm64: defconfig: disable ANALOG_TV and
      DIGITAL_TV"
    - Revert "UBUNTU: SAUCE: (snapdragon) kernel: configs: add more USB net
      drivers"
    - Revert "UBUNTU: SAUCE: (snapdragon) arm64: configs: enable BT_QCOMSMD"
    - Revert "UBUNTU: SAUCE: (snapdragon) arm64: defconfig: enable
      CFG80211_DEFAULT_PS by default"
    - Revert "UBUNTU: SAUCE: (snapdragon) Force the SMD regulator driver to be
      compiled-in"
    - Revert "UBUNTU: SAUCE: (snapdragon) kernel: configs: enable dm_mod and
      dm_crypt"
    - Revert "UBUNTU: SAUCE: (snapdragon) arm64: defconfig: Enable a53/apcs and
      avs"
    - Revert "UBUNTU: SAUCE: (snapdragon) arm64: configs: enable QCOM Venus"
    - Revert "UBUNTU: SAUCE: (snapdragon) kernel: distro.config: enable debug
      friendly USB network adpater"
    - Revert "UBUNTU: SAUCE: (snapdragon) arm64: configs: enable WCN36xx"
    - Revert "UBUNTU: SAUCE: (snapdragon) kernel: configs; add distro.config"
    - Revert "UBUNTU: SAUCE: (snapdragon) arm64: defconfig: enable QCOM audio
      drivers for APQ8016 and DB410c"
    - Revert "UBUNTU: SAUCE: (snapdragon) arm64: defconfig: enable REMOTEPROC"
    - [Config] fix abi for remove i2c-qcom-cci module
    - [Config] update annotations
    - [Config] update configs following snapdragon removal
  * Disco update: v5.0.5 upstream stable release (LP: #1822671)
    - Revert "ALSA: hda - Enforces runtime_resume after S3 and S4 for each codec"
    - ALSA: hda - add Lenovo IdeaCentre B550 to the power_save_blacklist
    - ALSA: firewire-motu: use 'version' field of unit directory to identify model
    - mmc: pxamci: fix enum type confusion
    - mmc: alcor: fix DMA reads
    - mmc: mxcmmc: "Revert mmc: mxcmmc: handle highmem pages"
    - mmc: renesas_sdhi: limit block count to 16 bit for old revisions
    - drm/amdgpu: fix invalid use of change_bit
    - drm/vmwgfx: Don't double-free the mode stored in par->set_mode
    - drm/vmwgfx: Return 0 when gmrid::get_node runs out of ID's
    - iommu/amd: fix sg->dma_address for sg->offset bigger than PAGE_SIZE
    - iommu/iova: Fix tracking of recently failed iova address
    - libceph: wait for latest osdmap in ceph_monc_blacklist_add()
    - udf: Fix crash on IO error during truncate
    - mips: loongson64: lemote-2f: Add IRQF_NO_SUSPEND to "cascade" irqaction.
    - MIPS: Ensure ELF appended dtb is relocated
    - MIPS: Fix kernel crash for R6 in jump label branch function
    - powerpc/vdso64: Fix CLOCK_MONOTONIC inconsistencies across Y2038
    - powerpc/security: Fix spectre_v2 reporting
    - net/mlx5: Fix DCT creation bad flow
    - scsi: core: Avoid that a kernel warning appears during system resume
    - scsi: qla2xxx: Fix FC-AL connection target discovery
    - scsi: ibmvscsi: Protect ibmvscsi_head from concurrent modificaiton
    - scsi: ibmvscsi: Fix empty event pool access during host removal
    - futex: Ensure that futex address is aligned in handle_futex_death()
    - perf probe: Fix getting the kernel map
    - objtool: Move objtool_file struct off the stack
    - irqchip/gic-v3-its: Fix comparison logic in lpi_range_cmp
    - clocksource/drivers/riscv: Fix clocksource mask
    - ALSA: ac97: Fix of-node refcount unbalance
    - ext4: fix NULL pointer dereference while journal is aborted
    - ext4: fix data corruption caused by unaligned direct AIO
    - ext4: brelse all indirect buffer in ext4_ind_remove_space()
    - media: v4l2-ctrls.c/uvc: zero v4l2_event
    - Bluetooth: hci_uart: Check if socket buffer is ERR_PTR in h4_recv_buf()
    - Bluetooth: Fix decrementing reference count twice in releasing socket
    - Bluetooth: hci_ldisc: Initialize hci_dev before open()
    - Bluetooth: hci_ldisc: Postpone HCI_UART_PROTO_READY bit set in
      hci_uart_set_proto()
    - drm/vkms: Fix flush_work() without INIT_WORK().
    - RDMA/cma: Rollback source IP address if failing to acquire device
    - f2fs: fix to avoid deadlock of atomic file operations
    - aio: simplify - and fix - fget/fput for io_submit()
    - netfilter: ebtables: remove BUGPRINT messages
    - loop: access lo_backing_file only when the loop device is Lo_bound
    - x86/unwind: Handle NULL pointer calls better in frame unwinder
    - x86/unwind: Add hardcoded ORC entry for NULL
    - locking/lockdep: Add debug_locks check in __lock_downgrade()
    - ALSA: hda - Record the current power state before suspend/resume calls
    - ALSA: hda - Enforces runtime_resume after S3 and S4 for each codec
    - Linux 5.0.5
  * hisi_sas updates for disco (LP: #1822385)
    - scsi: hisi_sas: send primitive NOTIFY to SSP situation only
    - scsi: hisi_sas: shutdown axi bus to avoid exception CQ returned
    - scsi: hisi_sas: remove the check of sas_dev status in
      hisi_sas_I_T_nexus_reset()
    - scsi: hisi_sas: Remove unused parameter of function hisi_sas_alloc()
    - scsi: hisi_sas: Reject setting programmed minimum linkrate > 1.5G
    - scsi: hisi_sas: Fix losing directly attached disk when hot-plug
    - scsi: hisi_sas: Correct memory allocation size for DQ debugfs
    - scsi: hisi_sas: Some misc tidy-up
    - scsi: hisi_sas: Fix to only call scsi_get_prot_op() for non-NULL scsi_cmnd
    - scsi: hisi_sas: Add missing seq_printf() call in hisi_sas_show_row_32()
    - scsi: hisi_sas: Add support for DIX feature for v3 hw
    - scsi: hisi_sas: Add manual trigger for debugfs dump
    - scsi: hisi_sas: change queue depth from 512 to 4096
    - scsi: hisi_sas: Issue internal abort on all relevant queues
    - scsi: hisi_sas: Use pci_irq_get_affinity() for v3 hw as experimental
    - scsi: hisi_sas: Do some more tidy-up
    - scsi: hisi_sas: Change return variable type in phy_up_v3_hw()
    - scsi: hisi_sas: Fix a timeout race of driver internal and SMP IO
    - scsi: hisi_sas: print PHY RX errors count for later revision of v3 hw
    - scsi: hisi_sas: Set PHY linkrate when disconnected
    - scsi: hisi_sas: Send HARD RESET to clear the previous affiliation of STP
      target port
    - scsi: hisi_sas: Change SERDES_CFG init value to increase reliability of
      HiLink
    - scsi: hisi_sas: Add softreset in hisi_sas_I_T_nexus_reset()
  * [Patch][Raven 2] kernel 5.0.0 cannot boot because of psp response
    (LP: #1822267)
    - drm/amdgpu/psp: Fix can't detect psp INVOKE command failed
    - drm/amdgpu/psp: ignore psp response status
  * 3b080b2564287be91605bfd1d5ee985696e61d3c in ubuntu_btrfs_kernel_fixes
    triggers system hang on i386 (LP: #1812845)
    - btrfs: raid56: properly unmap parity page in finish_parity_scrub()
  * enable CONFIG_DRM_BOCHS (LP: #1795857)
    - [Config] Reenable DRM_BOCHS as module
  * [Dell Precision 7530/5530 with Nvidia Quadro P1000] Live USB freezes or
    cannot complete install when nouveau driver is loaded (crashing in GP100
    code) (LP: #1822026)
    - SAUCE: drm/nouveau: Disable nouveau driver by default
  * Need to add Intel CML related pci-id's (LP: #1821863)
    - drm/i915/cml: Add CML PCI IDS
    - drm/i915/cml: Introduce Comet Lake PCH
  * ARM: Add support for the SDEI interface (LP: #1822005)
    - ACPI / APEI: Don't wait to serialise with oops messages when panic()ing
    - ACPI / APEI: Remove silent flag from ghes_read_estatus()
    - ACPI / APEI: Switch estatus pool to use vmalloc memory
    - ACPI / APEI: Make hest.c manage the estatus memory pool
    - ACPI / APEI: Make estatus pool allocation a static size
    - ACPI / APEI: Don't store CPER records physical address in struct ghes
    - ACPI / APEI: Remove spurious GHES_TO_CLEAR check
    - ACPI / APEI: Don't update struct ghes' flags in read/clear estatus
    - ACPI / APEI: Generalise the estatus queue's notify code
    - ACPI / APEI: Don't allow ghes_ack_error() to mask earlier errors
    - ACPI / APEI: Move NOTIFY_SEA between the estatus-queue and NOTIFY_NMI
    - ACPI / APEI: Switch NOTIFY_SEA to use the estatus queue
    - KVM: arm/arm64: Add kvm_ras.h to collect kvm specific RAS plumbing
    - arm64: KVM/mm: Move SEA handling behind a single 'claim' interface
    - ACPI / APEI: Move locking to the notification helper
    - ACPI / APEI: Let the notification helper specify the fixmap slot
    - ACPI / APEI: Pass ghes and estatus separately to avoid a later copy
    - ACPI / APEI: Make GHES estatus header validation more user friendly
    - ACPI / APEI: Split ghes_read_estatus() to allow a peek at the CPER length
    - ACPI / APEI: Only use queued estatus entry during in_nmi_queue_one_entry()
    - ACPI / APEI: Use separate fixmap pages for arm64 NMI-like notifications
    - firmware: arm_sdei: Add ACPI GHES registration helper
    - ACPI / APEI: Add support for the SDEI GHES Notification type
  * CVE-2019-9857
    - inotify: Fix fsnotify_mark refcount leak in inotify_update_existing_watch()
  * scsi: libsas: Support SATA PHY connection rate unmatch fixing during
    discovery (LP: #1821408)
    - scsi: libsas: Support SATA PHY connection rate unmatch fixing during
      discovery
  * Qualcomm Atheros QCA9377 wireless does not work (LP: #1818204)
    - platform/x86: ideapad-laptop: Add Ideapad 530S-14ARR to no_hw_rfkill list
  * Lenovo ideapad 330-15ICH Wifi rfkill hard blocked (LP: #1811815)
    - platform/x86: ideapad: Add ideapad 330-15ICH to no_hw_rfkill
  * hid-sensor-hub spamming dmesg in 4.20 (LP: #1818547)
    - HID: Increase maximum report size allowed by hid_field_extract()
  * [disco] [5.0.0-7.8] can't mount guest cifs share (LP: #1821053)
    - cifs: allow guest mounts to work for smb3.11
    - SMB3: Fix SMB3.1.1 guest mounts to Samba
  * Add HiSilicon SoC quirk for cpufreq (LP: #1821620)
    - ACPI / CPPC: Add a helper to get desired performance
    - cpufreq / cppc: Work around for Hisilicon CPPC cpufreq
  * Disco update: v5.0.4 upstream stable release (LP: #1821607)
    - 9p: use inode->i_lock to protect i_size_write() under 32-bit
    - 9p/net: fix memory leak in p9_client_create
    - ASoC: fsl_esai: fix register setting issue in RIGHT_J mode
    - ASoC: codecs: pcm186x: fix wrong usage of DECLARE_TLV_DB_SCALE()
    - ASoC: codecs: pcm186x: Fix energysense SLEEP bit
    - iio: adc: exynos-adc: Fix NULL pointer exception on unbind
    - iio: adc: exynos-adc: Use proper number of channels for Exynos4x12
    - mei: hbm: clean the feature flags on link reset
    - mei: bus: move hw module get/put to probe/release
    - stm class: Prevent division by zero
    - stm class: Fix an endless loop in channel allocation
    - crypto: caam - fix hash context DMA unmap size
    - crypto: ccree - fix missing break in switch statement
    - crypto: caam - fixed handling of sg list
    - crypto: caam - fix DMA mapping of stack memory
    - crypto: ccree - fix free of unallocated mlli buffer
    - crypto: ccree - unmap buffer before copying IV
    - crypto: ccree - don't copy zero size ciphertext
    - crypto: cfb - add missing 'chunksize' property
    - crypto: cfb - remove bogus memcpy() with src == dest
    - crypto: ofb - fix handling partial blocks and make thread-safe
    - crypto: ahash - fix another early termination in hash walk
    - crypto: rockchip - fix scatterlist nents error
    - crypto: rockchip - update new iv to device in multiple operations
    - dax: Flush partial PMDs correctly
    - nfit: Fix nfit_intel_shutdown_status() command submission
    - nfit: acpi_nfit_ctl(): Check out_obj->type in the right place
    - acpi/nfit: Fix bus command validation
    - nfit/ars: Attempt a short-ARS whenever the ARS state is idle at boot
    - nfit/ars: Attempt short-ARS even in the no_init_ars case
    - libnvdimm/label: Clear 'updating' flag after label-set update
    - libnvdimm, pfn: Fix over-trim in trim_pfn_device()
    - libnvdimm/pmem: Honor force_raw for legacy pmem regions
    - libnvdimm: Fix altmap reservation size calculation
    - fix cgroup_do_mount() handling of failure exits
    - crypto: aead - set CRYPTO_TFM_NEED_KEY if ->setkey() fails
    - crypto: aegis - fix handling chunked inputs
    - crypto: arm/crct10dif - revert to C code for short inputs
    - crypto: arm64/aes-neonbs - fix returning final keystream block
    - crypto: arm64/crct10dif - revert to C code for short inputs
    - crypto: hash - set CRYPTO_TFM_NEED_KEY if ->setkey() fails
    - crypto: morus - fix handling chunked inputs
    - crypto: pcbc - remove bogus memcpy()s with src == dest
    - crypto: skcipher - set CRYPTO_TFM_NEED_KEY if ->setkey() fails
    - crypto: testmgr - skip crc32c context test for ahash algorithms
    - crypto: x86/aegis - fix handling chunked inputs and MAY_SLEEP
    - crypto: x86/aesni-gcm - fix crash on empty plaintext
    - crypto: x86/morus - fix handling chunked inputs and MAY_SLEEP
    - crypto: arm64/aes-ccm - fix logical bug in AAD MAC handling
    - crypto: arm64/aes-ccm - fix bugs in non-NEON fallback routine
    - CIFS: Fix leaking locked VFS cache pages in writeback retry
    - CIFS: Do not reset lease state to NONE on lease break
    - CIFS: Do not skip SMB2 message IDs on send failures
    - CIFS: Fix read after write for files with read caching
    - smb3: make default i/o size for smb3 mounts larger
    - tracing: Use strncpy instead of memcpy for string keys in hist triggers
    - tracing: Do not free iter->trace in fail path of tracing_open_pipe()
    - tracing/perf: Use strndup_user() instead of buggy open-coded version
    - vmw_balloon: release lock on error in vmballoon_reset()
    - xen: fix dom0 boot on huge systems
    - ACPI / device_sysfs: Avoid OF modalias creation for removed device
    - mmc: sdhci-esdhc-imx: fix HS400 timing issue
    - mmc: renesas_sdhi: Fix card initialization failure in high speed mode
    - mmc:fix a bug when max_discard is 0
    - spi: ti-qspi: Fix mmap read when more than one CS in use
    - spi: pxa2xx: Setup maximum supported DMA transfer length
    - spi: omap2-mcspi: Fix DMA and FIFO event trigger size mismatch
    - spi: spi-gpio: fix SPI_CS_HIGH capability
    - regulator: s2mps11: Fix steps for buck7, buck8 and LDO35
    - regulator: max77620: Initialize values for DT properties
    - regulator: s2mpa01: Fix step values for some LDOs
    - mt76: fix corrupted software generated tx CCMP PN
    - clocksource/drivers/exynos_mct: Move one-shot check from tick clear to ISR
    - clocksource/drivers/exynos_mct: Clear timer interrupt when shutdown
    - clocksource/drivers/arch_timer: Workaround for Allwinner A64 timer
      instability
    - s390: vfio_ap: link the vfio_ap devices to the vfio_ap bus subsystem
    - s390/setup: fix early warning messages
    - s390/virtio: handle find on invalid queue gracefully
    - scsi: virtio_scsi: don't send sc payload with tmfs
    - scsi: aacraid: Fix performance issue on logical drives
    - scsi: sd: Optimal I/O size should be a multiple of physical block size
    - scsi: target/iscsi: Avoid iscsit_release_commands_from_conn() deadlock
    - scsi: qla2xxx: Fix LUN discovery if loop id is not assigned yet by firmware
    - scsi: qla2xxx: Avoid PCI IRQ affinity mapping when multiqueue is not
      supported
    - scsi: qla2xxx: Use complete switch scan for RSCN events
    - fs/devpts: always delete dcache dentry-s in dput()
    - splice: don't merge into linked buffers
    - ovl: During copy up, first copy up data and then xattrs
    - ovl: Do not lose security.capability xattr over metadata file copy-up
    - m68k: Add -ffreestanding to CFLAGS
    - Btrfs: setup a nofs context for memory allocation at btrfs_create_tree()
    - Btrfs: setup a nofs context for memory allocation at __btrfs_set_acl
    - btrfs: scrub: fix circular locking dependency warning
    - btrfs: drop the lock on error in btrfs_dev_replace_cancel
    - btrfs: ensure that a DUP or RAID1 block group has exactly two stripes
    - btrfs: init csum_list before possible free
    - Btrfs: fix corruption reading shared and compressed extents after hole
      punching
    - Btrfs: fix deadlock between clone/dedupe and rename
    - soc: qcom: rpmh: Avoid accessing freed memory from batch API
    - libertas_tf: don't set URB_ZERO_PACKET on IN USB transfer
    - irqchip/gic-v3-its: Avoid parsing _indirect_ twice for Device table
    - irqchip/brcmstb-l2: Use _irqsave locking variants in non-interrupt code
    - x86/kprobes: Prohibit probing on optprobe template code
    - cpufreq: kryo: Release OPP tables on module removal
    - cpufreq: tegra124: add missing of_node_put()
    - cpufreq: pxa2xx: remove incorrect __init annotation
    - ext4: fix check of inode in swap_inode_boot_loader
    - ext4: cleanup pagecache before swap i_data
    - mm: hwpoison: fix thp split handing in soft_offline_in_use_page()
    - mm/vmalloc: fix size check for remap_vmalloc_range_partial()
    - mm/memory.c: do_fault: avoid usage of stale vm_area_struct
    - kernel/sysctl.c: add missing range check in do_proc_dointvec_minmax_conv
    - nvmem: core: don't check the return value of notifier chain call
    - device property: Fix the length used in PROPERTY_ENTRY_STRING()
    - intel_th: Don't reference unassigned outputs
    - parport_pc: fix find_superio io compare code, should use equal test.
    - i2c: tegra: fix maximum transfer size
    - i2c: tegra: update maximum transfer size
    - media: i2c: ov5640: Fix post-reset delay
    - gpio: pca953x: Fix dereference of irq data in shutdown
    - ext4: update quota information while swapping boot loader inode
    - ext4: add mask of ext4 flags to swap
    - ext4: fix crash during online resizing
    - dma: Introduce dma_max_mapping_size()
    - swiotlb: Introduce swiotlb_max_mapping_size()
    - swiotlb: Add is_swiotlb_active() function
    - PCI/ASPM: Use LTR if already enabled by platform
    - PCI/DPC: Fix print AER status in DPC event handling
    - PCI: qcom: Don't deassert reset GPIO during probe
    - PCI: dwc: skip MSI init if MSIs have been explicitly disabled
    - PCI: pci-bridge-emul: Create per-bridge copy of register behavior
    - PCI: pci-bridge-emul: Extend pci_bridge_emul_init() with flags
    - IB/hfi1: Close race condition on user context disable and close
    - IB/rdmavt: Fix loopback send with invalidate ordering
    - IB/rdmavt: Fix concurrency panics in QP post_send and modify to error
    - cxl: Wrap iterations over afu slices inside 'afu_list_lock'
    - ext2: Fix underflow in ext2_max_size()
    - clk: uniphier: Fix update register for CPU-gear
    - clk: clk-twl6040: Fix imprecise external abort for pdmclk
    - clk: samsung: exynos5: Fix possible NULL pointer exception on
      platform_device_alloc() failure
    - clk: samsung: exynos5: Fix kfree() of const memory on setting
      driver_override
    - clk: ingenic: Fix round_rate misbehaving with non-integer dividers
    - clk: ingenic: Fix doc of ingenic_cgu_div_info
    - usb: chipidea: tegra: Fix missed ci_hdrc_remove_device()
    - usb: typec: tps6598x: handle block writes separately with plain-I2C adapters
    - dmaengine: usb-dmac: Make DMAC system sleep callbacks explicit
    - serial: uartps: Fix stuck ISR if RX disabled with non-empty FIFO
    - serial: 8250_of: assume reg-shift of 2 for mrvl,mmp-uart
    - serial: 8250_pci: Fix number of ports for ACCES serial cards
    - serial: 8250_pci: Have ACCES cards that use the four port Pericom PI7C9X7954
      chip use the pci_pericom_setup()
    - jbd2: clear dirty flag when revoking a buffer from an older transaction
    - jbd2: fix compile warning when using JBUFFER_TRACE
    - selinux: add the missing walk_size + len check in selinux_sctp_bind_connect
    - security/selinux: fix SECURITY_LSM_NATIVE_LABELS on reused superblock
    - powerpc/32: Clear on-stack exception marker upon exception return
    - powerpc/wii: properly disable use of BATs when requested.
    - powerpc/powernv: Make opal log only readable by root
    - powerpc/83xx: Also save/restore SPRG4-7 during suspend
    - powerpc/kvm: Save and restore host AMR/IAMR/UAMOR
    - powerpc/powernv: Don't reprogram SLW image on every KVM guest entry/exit
    - powerpc/64s/hash: Fix assert_slb_presence() use of the slbfee. instruction
    - powerpc: Fix 32-bit KVM-PR lockup and host crash with MacOS guest
    - powerpc/ptrace: Simplify vr_get/set() to avoid GCC warning
    - powerpc/hugetlb: Don't do runtime allocation of 16G pages in LPAR
      configuration
    - powerpc/smp: Fix NMI IPI timeout
    - powerpc/smp: Fix NMI IPI xmon timeout
    - powerpc/traps: fix recoverability of machine check handling on book3s/32
    - powerpc/traps: Fix the message printed when stack overflows
    - ARM: s3c24xx: Fix boolean expressions in osiris_dvs_notify
    - arm64: Fix HCR.TGE status for NMI contexts
    - arm64: debug: Don't propagate UNKNOWN FAR into si_code for debug signals
    - arm64: debug: Ensure debug handlers check triggering exception level
    - arm64: KVM: Fix architecturally invalid reset value for FPEXC32_EL2
    - Revert "KVM/MMU: Flush tlb directly in the kvm_zap_gfn_range()"
    - ipmi_si: Fix crash when using hard-coded device
    - ipmi_si: fix use-after-free of resource->name
    - dm: fix to_sector() for 32bit
    - dm integrity: limit the rate of error messages
    - media: cx25840: mark pad sig_types to fix cx231xx init
    - mfd: sm501: Fix potential NULL pointer dereference
    - cpcap-charger: generate events for userspace
    - cpuidle: governor: Add new governors to cpuidle_governors again
    - NFS: Fix I/O request leakages
    - NFS: Fix an I/O request leakage in nfs_do_recoalesce
    - NFS: Don't recoalesce on error in nfs_pageio_complete_mirror()
    - nfsd: fix performance-limiting session calculation
    - nfsd: fix memory corruption caused by readdir
    - nfsd: fix wrong check in write_v4_end_grace()
    - NFSv4.1: Reinitialise sequence results before retransmitting a request
    - svcrpc: fix UDP on servers with lots of threads
    - PM / wakeup: Rework wakeup source timer cancellation
    - PM / OPP: Update performance state when freq == old_freq
    - bcache: treat stale && dirty keys as bad keys
    - bcache: use (REQ_META|REQ_PRIO) to indicate bio for metadata
    - stable-kernel-rules.rst: add link to networking patch queue
    - vt: perform safe console erase in the right order
    - x86/unwind/orc: Fix ORC unwind table alignment
    - perf intel-pt: Fix CYC timestamp calculation after OVF
    - perf tools: Fix split_kallsyms_for_kcore() for trampoline symbols
    - perf auxtrace: Define auxtrace record alignment
    - perf intel-pt: Fix overlap calculation for padding
    - perf/x86/intel/uncore: Fix client IMC events return huge result
    - perf intel-pt: Fix divide by zero when TSC is not available
    - md: Fix failed allocation of md_register_thread
    - x86/kvmclock: set offset for kvm unstable clock
    - x86/ftrace: Fix warning and considate ftrace_jmp_replace() and
      ftrace_call_replace()
    - tpm/tpm_crb: Avoid unaligned reads in crb_recv()
    - tpm: Unify the send callback behaviour
    - rcu: Do RCU GP kthread self-wakeup from softirq and interrupt
    - media: imx: prpencvf: Stop upstream before disabling IDMA channel
    - media: lgdt330x: fix lock status reporting
    - media: sun6i: Fix CSI regmap's max_register
    - media: uvcvideo: Avoid NULL pointer dereference at the end of streaming
    - media: vimc: Add vimc-streamer for stream control
    - media: imx-csi: Input connections to CSI should be optional
    - media: imx: csi: Disable CSI immediately after last EOF
    - media: imx: csi: Stop upstream before disabling IDMA channel
    - drm/fb-helper: generic: Fix drm_fbdev_client_restore()
    - drm/radeon/evergreen_cs: fix missing break in switch statement
    - drm/amd/powerplay: correct power reading on fiji
    - drm/amd/display: don't call dm_pp_ function from an fpu block
    - KVM: Call kvm_arch_memslots_updated() before updating memslots
    - KVM: VMX: Compare only a single byte for VMCS' "launched" in vCPU-run
    - KVM: VMX: Zero out *all* general purpose registers after VM-Exit
    - KVM: x86/mmu: Detect MMIO generation wrap in any address space
    - KVM: x86/mmu: Do not cache MMIO accesses while memslots are in flux
    - KVM: nVMX: Sign extend displacements of VMX instr's mem operands
    - KVM: nVMX: Apply addr size mask to effective address for VMX instructions
    - KVM: nVMX: Ignore limit checks on VMX instructions using flat segments
    - KVM: nVMX: Check a single byte for VMCS "launched" in nested early checks
    - net: dsa: lantiq_gswip: fix use-after-free on failed probe
    - net: dsa: lantiq_gswip: fix OF child-node lookups
    - s390/setup: fix boot crash for machine without EDAT-1
    - SUNRPC: Prevent thundering herd when the socket is not connected
    - SUNRPC: Fix up RPC back channel transmission
    - SUNRPC: Respect RPC call timeouts when retrying transmission
    - Linux 5.0.4
    - [Config] update configs for 5.0.4 stable update
  * New Intel Wireless-AC 9260 [8086:2526] card not correctly probed in Ubuntu
    system (LP: #1821271)
    - iwlwifi: add new card for 9260 series
  * [CONFIG] please enable highdpi font FONT_TER16x32 (LP: #1819881)
    - [Config]: enable highdpi Terminus 16x32 font support
  * [SRU][B/B-OEM/C/D] Fix AMD IOMMU NULL dereference (LP: #1820990)
    - iommu/amd: Fix NULL dereference bug in match_hid_uid
  * some codecs stop working after S3 (LP: #1820930)
    - ALSA: hda - Enforces runtime_resume after S3 and S4 for each codec
    - ALSA: hda - Don't trigger jackpoll_work in azx_resume
  * tcm_loop.ko: move from modules-extra into main modules package
    (LP: #1817786)
    - [Packaging] move tcm_loop.lo to main linux-modules package
  * C++ demangling support missing from perf (LP: #1396654)
    - [Packaging] fix a mistype
  * r8169 doesn't get woken up by ethernet cable plugging, no PME generated
    (LP: #1817676)
    - PCI: pciehp: Disable Data Link Layer State Changed event on suspend
  * Disco update: v5.0.3 upstream stable release (LP: #1821074)
    - connector: fix unsafe usage of ->real_parent
    - fou, fou6: avoid uninit-value in gue_err() and gue6_err()
    - gro_cells: make sure device is up in gro_cells_receive()
    - ipv4/route: fail early when inet dev is missing
    - l2tp: fix infoleak in l2tp_ip6_recvmsg()
    - lan743x: Fix RX Kernel Panic
    - lan743x: Fix TX Stall Issue
    - net: hsr: fix memory leak in hsr_dev_finalize()
    - net/hsr: fix possible crash in add_timer()
    - net: sit: fix UBSAN Undefined behaviour in check_6rd
    - net/x25: fix use-after-free in x25_device_event()
    - net/x25: reset state in x25_connect()
    - pptp: dst_release sk_dst_cache in pptp_sock_destruct
    - ravb: Decrease TxFIFO depth of Q3 and Q2 to one
    - route: set the deleted fnhe fnhe_daddr to 0 in ip_del_fnhe to fix a race
    - rxrpc: Fix client call queueing, waiting for channel
    - sctp: remove sched init from sctp_stream_init
    - tcp: do not report TCP_CM_INQ of 0 for closed connections
    - tcp: Don't access TCP_SKB_CB before initializing it
    - tcp: handle inet_csk_reqsk_queue_add() failures
    - vxlan: Fix GRO cells race condition between receive and link delete
    - vxlan: test dev->flags & IFF_UP before calling gro_cells_receive()
    - net/mlx4_core: Fix reset flow when in command polling mode
    - net/mlx4_core: Fix locking in SRIOV mode when switching between events and
      polling
    - net/mlx4_core: Fix qp mtt size calculation
    - net: dsa: mv88e6xxx: Set correct interface mode for CPU/DSA ports
    - vsock/virtio: fix kernel panic from virtio_transport_reset_no_sock
    - net: sched: flower: insert new filter to idr after setting its mask
    - f2fs: wait on atomic writes to count F2FS_CP_WB_DATA
    - perf/x86: Fixup typo in stub functions
    - ALSA: bebob: use more identical mod_alias for Saffire Pro 10 I/O against
      Liquid Saffire 56
    - ALSA: firewire-motu: fix construction of PCM frame for capture direction
    - ALSA: hda: Extend i915 component bind timeout
    - ALSA: hda - add more quirks for HP Z2 G4 and HP Z240
    - ALSA: hda/realtek: Enable audio jacks of ASUS UX362FA with ALC294
    - ALSA: hda/realtek - Reduce click noise on Dell Precision 5820 headphone
    - ALSA: hda/realtek: Enable headset MIC of Acer TravelMate X514-51T with
      ALC255
    - perf/x86/intel: Fix memory corruption
    - perf/x86/intel: Make dev_attr_allow_tsx_force_abort static
    - It's wrong to add len to sector_nr in raid10 reshape twice
    - drm: Block fb changes for async plane updates
    - Linux 5.0.3
  * Disco update: v5.0.2 upstream stable release (LP: #1820318)
    - media: uvcvideo: Fix 'type' check leading to overflow
    - Input: wacom_serial4 - add support for Wacom ArtPad II tablet
    - Input: elan_i2c - add id for touchpad found in Lenovo s21e-20
    - iscsi_ibft: Fix missing break in switch statement
    - scsi: aacraid: Fix missing break in switch statement
    - x86/PCI: Fixup RTIT_BAR of Intel Denverton Trace Hub
    - arm64: dts: zcu100-revC: Give wifi some time after power-on
    - arm64: dts: hikey: Give wifi some time after power-on
    - arm64: dts: hikey: Revert "Enable HS200 mode on eMMC"
    - ARM: dts: exynos: Fix pinctrl definition for eMMC RTSN line on Odroid X2/U3
    - ARM: dts: exynos: Add minimal clkout parameters to Exynos3250 PMU
    - ARM: dts: exynos: Fix max voltage for buck8 regulator on Odroid XU3/XU4
    - drm: disable uncached DMA optimization for ARM and arm64
    - media: Revert "media: rc: some events are dropped by userspace"
    - Revert "PCI/PME: Implement runtime PM callbacks"
    - bpf: Stop the psock parser before canceling its work
    - gfs2: Fix missed wakeups in find_insert_glock
    - staging: erofs: keep corrupted fs from crashing kernel in erofs_namei()
    - staging: erofs: compressed_pages should not be accessed again after freed
    - scripts/gdb: replace flags (MS_xyz -> SB_xyz)
    - ath9k: Avoid OF no-EEPROM quirks without qca,no-eeprom
    - perf/x86/intel: Make cpuc allocations consistent
    - perf/x86/intel: Generalize dynamic constraint creation
    - x86: Add TSX Force Abort CPUID/MSR
    - perf/x86/intel: Implement support for TSX Force Abort
    - Linux 5.0.2
  * Linux security module stacking support
    - LSM: Introduce LSM_FLAG_LEGACY_MAJOR
    - LSM: Provide separate ordered initialization
    - LSM: Plumb visibility into optional "enabled" state
    - LSM: Lift LSM selection out of individual LSMs
    - LSM: Build ordered list of LSMs to initialize
    - LSM: Introduce CONFIG_LSM
    - LSM: Introduce "lsm=" for boottime LSM selection
    - LSM: Tie enabling logic to presence in ordered list
    - LSM: Prepare for reorganizing "security=" logic
    - LSM: Refactor "security=" in terms of enable/disable
    - LSM: Separate idea of "major" LSM from "exclusive" LSM
    - apparmor: Remove SECURITY_APPARMOR_BOOTPARAM_VALUE
    - selinux: Remove SECURITY_SELINUX_BOOTPARAM_VALUE
    - LSM: Add all exclusive LSMs to ordered initialization
    - LSM: Split LSM preparation from initialization
    - LoadPin: Initialize as ordered LSM
    - Yama: Initialize as ordered LSM
    - LSM: Introduce enum lsm_order
    - capability: Initialize as LSM_ORDER_FIRST
    - procfs: add smack subdir to attrs
    - Smack: Abstract use of cred security blob
    - SELinux: Abstract use of cred security blob
    - SELinux: Remove cred security blob poisoning
    - SELinux: Remove unused selinux_is_enabled
    - AppArmor: Abstract use of cred security blob
    - TOMOYO: Abstract use of cred security blob
    - Infrastructure management of the cred security blob
    - SELinux: Abstract use of file security blob
    - Smack: Abstract use of file security blob
    - LSM: Infrastructure management of the file security
    - SELinux: Abstract use of inode security blob
    - Smack: Abstract use of inode security blob
    - LSM: Infrastructure management of the inode security
    - LSM: Infrastructure management of the task security
    - SELinux: Abstract use of ipc security blobs
    - Smack: Abstract use of ipc security blobs
    - LSM: Infrastructure management of the ipc security blob
    - TOMOYO: Update LSM flags to no longer be exclusive
    - LSM: generalize flag passing to security_capable
    - LSM: Make lsm_early_cred() and lsm_early_task() local functions.
    - LSM: Make some functions static
    - apparmor: Adjust offset when accessing task blob.
    - LSM: Ignore "security=" when "lsm=" is specified
    - LSM: Update list of SECURITYFS users in Kconfig
    - apparmor: delete the dentry in aafs_remove() to avoid a leak
    - apparmor: fix double free when unpack of secmark rules fails
    - SAUCE: LSM: Infrastructure management of the sock security
    - SAUCE: LSM: Limit calls to certain module hooks
    - SAUCE: LSM: Special handling for secctx lsm hooks
    - SAUCE: LSM: Specify which LSM to display with /proc/self/attr/display
    - SAUCE: Fix-up af_unix mediation for sock infrastructure management
    - SAUCE: Revert "apparmor: Fix warning about unused function
      apparmor_ipv6_postroute"
    - SAUCE: Revert "apparmor: fix checkpatch error in Parse secmark policy"
    - SAUCE: Revert "apparmor: add #ifdef checks for secmark filtering"
    - SAUCE: Revert "apparmor: Allow filtering based on secmark policy"
    - SAUCE: Revert "apparmor: Parse secmark policy"
    - SAUCE: Revert "apparmor: Add a wildcard secid"
    - SAUCE: Revert "apparmor: fix bad debug check in apparmor_secid_to_secctx()"
    - SAUCE: Revert "apparmor: fixup secid map conversion to using IDR"
    - SAUCE: Revert "apparmor: Use an IDR to allocate apparmor secids"
    - SAUCE: Revert "apparmor: Fix memory leak of rule on error exit path"
    - SAUCE: Revert "apparmor: modify audit rule support to support profile
      stacks"
    - SAUCE: Revert "apparmor: Add support for audit rule filtering"
    - SAUCE: Revert "apparmor: add the ability to get a task's secid"
    - SAUCE: Revert "apparmor: add support for mapping secids and using secctxes"
    - SAUCE: apparmor: add proc subdir to attrs
    - SAUCE: apparmor: add an apparmorfs entry to access current attrs
    - SAUCE: apparmor: update flags to no longer be exclusive
    - SAUCE: update configs and annotations for LSM stacking
  * Miscellaneous Ubuntu changes
    - [Config] CONFIG_EARLY_PRINTK_USB_XDBC=y
    - SAUCE: (efi-lockdown) bpf: Restrict kernel image access functions when the
      kernel is locked down
    - [Config] CONFIG_RANDOM_TRUST_CPU=y
    - [Config] refresh annotations for recent config changes
    - ubuntu: vbox -- update to 6.0.4-dfsg-7
    - Revert "UBUNTU: SAUCE: i2c:amd I2C Driver based on PCI Interface for
      upcoming platform"

-- Seth Forshee <seth.forshee@canonical.com>  Tue, 09 Apr 2019 15:21:15 -0500

Changed in linux-kvm (Ubuntu Disco):
status:	Fix Committed → Fix Released

Po-Hsu Lin (cypressyew) on 2019-04-12

Changed in ubuntu-kernel-tests:
status:	In Progress → Fix Released

Ubuntu
linux-kvm package

CONFIG_SECURITY_SELINUX_DISABLE should be disabled on KVM kernel

Bug Description

CVE References

Other bug subscribers

Bug attachments

Remote bug watches

	Status	Importance	Assigned to
ubuntu-kernel-tests	Fix Released	Undecided	Po-Hsu Lin
linux-kvm (Ubuntu)	Fix Released	Undecided	Po-Hsu Lin
Bionic	Fix Released	Medium	Unassigned
Cosmic	Fix Released	Undecided	Po-Hsu Lin
Disco	Fix Released	Undecided	Po-Hsu Lin

Ubuntulinux-kvm package

CONFIG_SECURITY_SELINUX_DISABLE should be disabled on KVM kernel

Bug Description

CVE References

Other bug subscribers

Bug attachments

Remote bug watches

Ubuntu
linux-kvm package