Ubuntu
linux package

Root can lift kernel lockdown via USB/IP

Disco (19.04)
Bug #1861238

Bug #1861238 reported by Andrey Konovalov on 2020-01-29

266

This bug affects 2 people

	Status	Importance	Assigned to
linux (Ubuntu)	Fix Released	High	Tyler Hicks
Xenial	Invalid	Undecided	Unassigned
Bionic	Fix Released	High	Tyler Hicks
Disco	Won't Fix	High	Tyler Hicks
Eoan	Fix Released	High	Tyler Hicks
Focal	Fix Released	High	Tyler Hicks
linux-oem (Ubuntu)	Fix Released	Undecided	Unassigned
Bionic	Fix Released	Undecided	Unassigned

Bug Description

[Impact]

It's possible to turn off kernel lockdown by emulating a USB keyboard via USB/IP and sending an Alt+SysRq+X key combination through it.

Ubuntu's kernels have USB/IP enabled (CONFIG_USBIP_VHCI_HCD=m and CONFIG_USBIP_CORE=m) with signed usbip_core and vhci_hcd modules provided in the linux-extra-modules-* package.

See the PoC here: https://github.com/xairy/unlockdown#method-1-usbip

[Test Case]

$ git clone https://github.com/xairy/unlockdown.git
$ cd unlockdown/01-usbip/
$ sudo ./run.sh
$ dmesg

# Ensure there are no log entries talking about lifting lockdown:
sysrq: SysRq : Disabling Secure Boot restrictions
Lifting lockdown

# You should see a SysRq help log entry because the Alt+SysRq+X
# combination should be disabled
sysrq: SysRq : HELP : loglevel(0-9) reboot(b) crash(c) terminate-all-tasks(e) memory-full-oom-kill(f) kill-all-tasks(i) thaw-filesystems(j) sak(k) show-backtrace-all-active-cpus(l) show-memory-usage(m) nice-all-RT-tasks(n) poweroff(o) show-registers(p) show-all-timers(q) unraw(r) sync(s) show-task-states(t) unmount(u) force-fb(V) show-blocked-tasks(w) dump-ftrace-buffer(z)

[Regression Potential]

Some users may see a usability regression due to the Lockdown lift sysrq combination being removed. Some users are known to disable lockdown, using the sysrq combination, in order to perform some "dangerous" operation such as writing to an MSR. It is believed that this is a small number of users but it is impossible to know for sure.

Users that rely on this functionality may need to permanently disable secure boot using 'mokutil --disable-validation'.

See original description

Tags:

CVE References

Revision history for this message

Ubuntu Kernel Bot (ubuntu-kernel-bot) wrote on 2020-01-29: Missing required logs.

This bug is missing log files that will aid in diagnosing the problem. While running an Ubuntu kernel (not a mainline or third-party kernel) please enter the following command in a terminal window:

apport-collect 1861238

and then change the status of the bug to 'Confirmed'.

If, due to the nature of the issue you have encountered, you are unable to run this command, please add a comment stating that fact and change the bug status to 'Confirmed'.

This change has been made by an automated script, maintained by the Ubuntu Kernel Team.

Changed in linux (Ubuntu):
status:	New → Incomplete

Tyler Hicks (tyhicks) on 2020-01-29

information type:

Public → Public Security

Andy Whitcroft (apw) on 2020-01-29

Changed in linux (Ubuntu):
status:	Incomplete → Confirmed

Tyler Hicks (tyhicks) on 2020-02-07

description:

updated

Revision history for this message

Tyler Hicks (tyhicks) wrote on 2020-02-07:

Thanks for the report! After speaking with the security team, we've come to an agreement that removing the lockdown lift sysrq is the best thing to do. We understand that a small amount of users may rely on that sysrq today to do things like writing to an MSR but they'll still be able to achieve a lockdown free environment by running 'mokutil --disable-validation' and rebooting.

Changed in linux (Ubuntu):
assignee:	nobody → Tyler Hicks (tyhicks)
importance:	Undecided → High
status:	Confirmed → In Progress

Revision history for this message

Tyler Hicks (tyhicks) wrote on 2020-02-07:

Xenial doesn't have support for lifting lockdown features via sysrq so I'm marking its task as invalid.

Changed in linux (Ubuntu Eoan):
importance:	Undecided → High
status:	New → In Progress
Changed in linux (Ubuntu Disco):
status:	New → In Progress
importance:	Undecided → High
Changed in linux (Ubuntu Bionic):
status:	New → In Progress
importance:	Undecided → High
Changed in linux (Ubuntu Disco):
assignee:	nobody → Tyler Hicks (tyhicks)
Changed in linux (Ubuntu Bionic):
assignee:	nobody → Tyler Hicks (tyhicks)
Changed in linux (Ubuntu Eoan):
assignee:	nobody → Tyler Hicks (tyhicks)
Changed in linux (Ubuntu Xenial):
status:	New → Invalid

Revision history for this message

Tyler Hicks (tyhicks) wrote on 2020-02-07:

Proposed fixes have been sent to the kernel-team list.

Focal: https://lists.ubuntu.com/archives/kernel-team/2020-February/107324.html
Eoan: https://lists.ubuntu.com/archives/kernel-team/2020-February/107326.html
Disco: https://lists.ubuntu.com/archives/kernel-team/2020-February/107328.html
Bionic: https://lists.ubuntu.com/archives/kernel-team/2020-February/107330.html

Kleber Sacilotto de Souza (kleber-souza) on 2020-02-14

Changed in linux (Ubuntu Eoan):
status:	In Progress → Fix Committed
Changed in linux (Ubuntu Disco):
status:	In Progress → Fix Committed
Changed in linux (Ubuntu Bionic):
status:	In Progress → Fix Committed

Revision history for this message

Ubuntu Kernel Bot (ubuntu-kernel-bot) wrote on 2020-02-17:

This bug is awaiting verification that the kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-bionic' to 'verification-done-bionic'. If the problem still exists, change the tag 'verification-needed-bionic' to 'verification-failed-bionic'.

If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you!

tags:

added: verification-needed-bionic

Revision history for this message

Ubuntu Kernel Bot (ubuntu-kernel-bot) wrote on 2020-02-17:

This bug is awaiting verification that the kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-eoan' to 'verification-done-eoan'. If the problem still exists, change the tag 'verification-needed-eoan' to 'verification-failed-eoan'.

If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you!

tags:

added: verification-needed-eoan

Revision history for this message

Tyler Hicks (tyhicks) wrote on 2020-02-18:

I've verified the fix in 4.15.0-89.89-generic. The sysrq help message is printed to the kernel log when trying to lift lockdown with the proof-of-concept and when trying to lift lockdown with alt+sysrq+x.

tags:

added: verification-done-bionic
removed: verification-needed-bionic

Revision history for this message

Tyler Hicks (tyhicks) wrote on 2020-02-18:

I've also verified the fix in 5.3.0-41.33-generic.

tags:

added: verification-done-eoan
removed: verification-needed-eoan

AceLan Kao (acelankao) on 2020-02-25

no longer affects:	linux-oem (Ubuntu Xenial)
no longer affects:	linux-oem (Ubuntu Disco)
no longer affects:	linux-oem (Ubuntu Eoan)
no longer affects:	linux-oem (Ubuntu Focal)
Changed in linux-oem (Ubuntu Bionic):
status:	New → Fix Committed

Revision history for this message

Ubuntu SRU Bot (ubuntu-sru-bot) wrote on 2020-03-02: Autopkgtest regression report (linux-bluefield/5.0.0-1010.20)

All autopkgtests for the newly accepted linux-bluefield (5.0.0-1010.20) for bionic have finished running.
The following regressions have been reported in tests triggered by the package:

fsprotect/unknown (armhf)

Please visit the excuses page listed below and investigate the failures, proceeding afterwards as per the StableReleaseUpdates policy regarding autopkgtest regressions [1].

https://people.canonical.com/~ubuntu-archive/proposed-migration/bionic/update_excuses.html#linux-bluefield

[1] https://wiki.ubuntu.com/StableReleaseUpdates#Autopkgtest_Regressions

Thank you!

Revision history for this message

Ubuntu Kernel Bot (ubuntu-kernel-bot) wrote on 2020-03-12:

#10

This bug is awaiting verification that the kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-focal' to 'verification-done-focal'. If the problem still exists, change the tag 'verification-needed-focal' to 'verification-failed-focal'.

If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you!

tags:

added: verification-needed-focal

Revision history for this message

Launchpad Janitor (janitor) wrote on 2020-03-16:

#11

Download full text (48.0 KiB)

This bug was fixed in the package linux - 5.3.0-42.34

---------------
linux (5.3.0-42.34) eoan; urgency=medium

* eoan/linux: 5.3.0-42.34 -proposed tracker (LP: #1865111)

  * CVE-2020-2732
    - KVM: nVMX: Don't emulate instructions in guest mode
    - KVM: nVMX: Refactor IO bitmap checks into helper function
    - KVM: nVMX: Check IO instruction VM-exit conditions

linux (5.3.0-41.33) eoan; urgency=medium

* eoan/linux: 5.3.0-41.33 -proposed tracker (LP: #1863294)

  * CVE-2019-3016
    - x86/kvm: Be careful not to clear KVM_VCPU_FLUSH_TLB bit
    - x86/kvm: Introduce kvm_(un)map_gfn()
    - x86/kvm: Cache gfn to pfn translation
    - x86/KVM: Make sure KVM_VCPU_FLUSH_TLB flag is not missed
    - x86/KVM: Clean up host's steal time structure

  * Reduce s2idle power consumption when ethernet cable is connected on e1000e
    (LP: #1859126)
    - e1000e: Add support for S0ix

  * alsa/sof: let legacy hda driver and sof driver co-exist (LP: #1837828)
    - ASoC: Intel: Skylake: move NHLT header to common directory
    - ALSA: hda: move parts of NHLT code to new module
    - ALSA: hda: intel-nhlt: handle NHLT VENDOR_DEFINED DMIC geometry
    - ASoC: Intel: Skylake: use common NHLT module
    - ALSA: hda/intel: stop probe if DMICS are detected on Skylake+ platforms
    - [Config] Enable SND_HDA_INTEL_DETECT_DMIC

  * USB key cannot be detected by hotplug on Sunix USB Type-A 3.1 Gen 2 card
    [1b21:2142] (LP: #1858988)
    - SAUCE: PCI: Avoid ASMedia XHCI USB PME# from D0 defect

  * ipsec interfaces: fix sending with bpf_redirect() / AF_PACKET sockets
    (LP: #1860969)
    - vti[6]: fix packet tx through bpf_redirect()
    - xfrm interface: fix packet tx through bpf_redirect()

  * peripheral devices on Dell WD19TB cannot be detected after suspend resume
    (LP: #1859407)
    - PCI: irq: Introduce rearm_wake_irq()
    - ACPICA: Return u32 from acpi_dispatch_gpe()
    - ACPI: EC: Return bool from acpi_ec_dispatch_gpe()
    - ACPI: PM: Set s2idle_wakeup earlier and clear it later
    - PM: sleep: Simplify suspend-to-idle control flow
    - ACPI: EC: Rework flushing of pending work

* Dell XPS 13 (7390) Display Flickering - 19.10 (LP: #1849947)
- SAUCE: drm/i915: Disable PSR by default on all platforms

  * Root can lift kernel lockdown via USB/IP (LP: #1861238)
    - Revert "UBUNTU: SAUCE: (efi-lockdown) Add a SysRq option to lift kernel
      lockdown"

* [CML-H] Add intel_thermal_pch driver support Comet Lake -H (LP: #1853219)
- thermal: intel: intel_pch_thermal: Add Comet Lake (CML) platform support

This bug was fixed in the package linux - 5.3.0-42.34

---------------
linux (5.3.0-42.34) eoan; urgency=medium

* eoan/linux: 5.3.0-42.34 -proposed tracker (LP: #1865111)

* CVE-2020-2732
    - KVM: nVMX: Don't emulate instructions in guest mode
    - KVM: nVMX: Refactor IO bitmap checks into helper function
    - KVM: nVMX: Check IO instruction VM-exit conditions

linux (5.3.0-41.33) eoan; urgency=medium

* eoan/linux: 5.3.0-41.33 -proposed tracker (LP: #1863294)

* Reduce s2idle power consumption when ethernet cable is connected on e1000e
    (LP: #1859126)
    - e1000e: Add support for S0ix

* USB key cannot be detected by hotplug on Sunix USB Type-A 3.1 Gen 2 card
    [1b21:2142]  (LP: #1858988)
    - SAUCE: PCI: Avoid ASMedia XHCI USB PME# from D0 defect

* Dell XPS 13 (7390) Display Flickering - 19.10  (LP: #1849947)
    - SAUCE: drm/i915: Disable PSR by default on all platforms

* Root can lift kernel lockdown via USB/IP (LP: #1861238)
    - Revert "UBUNTU: SAUCE: (efi-lockdown) Add a SysRq option to lift kernel
      lockdown"

* [CML-H] Add intel_thermal_pch driver support Comet Lake -H (LP: #1853219)
    - thermal: intel: intel_pch_thermal: Add Comet Lake (CML) platform support

* Eoan update: upstream stable patchset 2020-02-07 (LP: #1862429)
    - ARM: dts: meson8: fix the size of the PMU registers
    - clk: qcom: gcc-sdm845: Add missing flag to votable GDSCs
    - dt-bindings: reset: meson8b: fix duplicate reset IDs
    - ARM: dts: imx6q-dhcom: fix rtc compatible
    - clk: Don't try to enable critical clocks if prepare failed
    - ASoC: msm8916-wcd-digital: Reset RX interpolation path after use
    - iio: buffer: align the size of scan bytes to size of the largest element
    - USB: serial: simple: Add Motorola Solutions TETRA MTP3xxx and MTP85xx
    - USB: serial: option: Add support for Quectel RM500Q
    - USB: serial: opticon: fix control-message timeouts
    - USB: serial: option: add support for Quectel RM500Q in QDL mode
    - USB: serial: suppress driver bind attributes
    - USB: serial: ch341: handle unbound port at reset_resume
    - USB: serial: io_edgeport: handle unbound ports on URB completion
    - USB: serial: io_edgeport: add missing active-port sanity check
    - USB: serial: keyspan: handle unbound ports
    - USB: serial: quatech2: handle unbound ports
    - scsi: fnic: fix invalid stack access
    - scsi: mptfusion: Fix double fetch bug in ioctl
    - ASoC: msm8916-wcd-analog: Fix selected events for MIC BIAS External1
    - ASoC: msm8916-wcd-analog: Fix MIC BIAS Internal1
    - ARM: dts: imx6q-dhcom: Fix SGTL5000 VDDIO regulator connection
    - ALSA: dice: fix fallback from protocol extension into limited functionality
    - ALSA: seq: Fix racy access for queue timer in proc read
    - ALSA: usb-audio: fix sync-ep altsetting sanity check
    - arm64: dts: allwinner: a64: olinuxino: Fix SDIO supply regulator
    - Fix built-in early-load Intel microcode alignment
    - block: fix an integer overflow in logical block size
    - ARM: dts: am571x-idk: Fix gpios property to have the correct gpio number
    - ptrace: reintroduce usage of subjective credentials in ptrace_has_cap()
    - usb: core: hub: Improved device recognition on remote wakeup
    - x86/resctrl: Fix an imbalance in domain_remove_cpu()
    - x86/CPU/AMD: Ensure clearing of SME/SEV features is maintained
    - x86/efistub: Disable paging at mixed mode entry
    - drm/i915: Add missing include file <linux/math64.h>
    - x86/resctrl: Fix potential memory leak
    - perf hists: Fix variable name's inconsistency in hists__for_each() macro
    - perf report: Fix incorrectly added dimensions as switch perf data file
    - mm/shmem.c: thp, shmem: fix conflict of above-47bit hint address and PMD
      alignment
    - mm: memcg/slab: call flush_memcg_workqueue() only if memcg workqueue is
      valid
    - btrfs: rework arguments of btrfs_unlink_subvol
    - btrfs: fix invalid removal of root ref
    - btrfs: do not delete mismatched root refs
    - btrfs: fix memory leak in qgroup accounting
    - mm/page-writeback.c: avoid potential division by zero in wb_min_max_ratio()
    - ARM: dts: imx6q-icore-mipi: Use 1.5 version of i.Core MX6DL
    - ARM: dts: imx7: Fix Toradex Colibri iMX7S 256MB NAND flash support
    - net: stmmac: 16KB buffer must be 16 byte aligned
    - net: stmmac: Enable 16KB buffer size
    - mm/huge_memory.c: thp: fix conflict of above-47bit hint address and PMD
      alignment
    - arm64: dts: agilex/stratix10: fix pmu interrupt numbers
    - bpf: Fix incorrect verifier simulation of ARSH under ALU32
    - cfg80211: fix deadlocks in autodisconnect work
    - cfg80211: fix memory leak in cfg80211_cqm_rssi_update
    - cfg80211: fix page refcount issue in A-MSDU decap
    - netfilter: fix a use-after-free in mtype_destroy()
    - netfilter: arp_tables: init netns pointer in xt_tgdtor_param struct
    - netfilter: nft_tunnel: fix null-attribute check
    - netfilter: nf_tables: remove WARN and add NLA_STRING upper limits
    - netfilter: nf_tables: store transaction list locally while requesting module
    - netfilter: nf_tables: fix flowtable list del corruption
    - NFC: pn533: fix bulk-message timeout
    - batman-adv: Fix DAT candidate selection on little endian systems
    - macvlan: use skb_reset_mac_header() in macvlan_queue_xmit()
    - hv_netvsc: Fix memory leak when removing rndis device
    - net: dsa: tag_qca: fix doubled Tx statistics
    - net: hns: fix soft lockup when there is not enough memory
    - net: usb: lan78xx: limit size of local TSO packets
    - net/wan/fsl_ucc_hdlc: fix out of bounds write on array utdm_info
    - ptp: free ptp device pin descriptors properly
    - r8152: add missing endpoint sanity check
    - tcp: fix marked lost packets not being retransmitted
    - sh_eth: check sh_eth_cpu_data::dual_port when dumping registers
    - mlxsw: spectrum: Wipe xstats.backlog of down ports
    - mlxsw: spectrum_qdisc: Include MC TCs in Qdisc counters
    - xen/blkfront: Adjust indentation in xlvbd_alloc_gendisk
    - tcp: refine rule to allow EPOLLOUT generation under mem pressure
    - irqchip: Place CONFIG_SIFIVE_PLIC into the menu
    - cw1200: Fix a signedness bug in cw1200_load_firmware()
    - arm64: dts: meson-gxl-s905x-khadas-vim: fix gpio-keys-polled node
    - cfg80211: check for set_wiphy_params
    - tick/sched: Annotate lockless access to last_jiffies_update
    - arm64: dts: marvell: Fix CP110 NAND controller node multi-line comment
      alignment
    - Revert "arm64: dts: juno: add dma-ranges property"
    - mtd: devices: fix mchp23k256 read and write
    - reiserfs: fix handling of -EOPNOTSUPP in reiserfs_for_each_xattr
    - scsi: esas2r: unlock on error in esas2r_nvram_read_direct()
    - scsi: qla4xxx: fix double free bug
    - scsi: bnx2i: fix potential use after free
    - scsi: target: core: Fix a pr_debug() argument
    - scsi: qla2xxx: Fix qla2x00_request_irqs() for MSI
    - scsi: qla2xxx: fix rports not being mark as lost in sync fabric scan
    - scsi: core: scsi_trace: Use get_unaligned_be*()
    - perf probe: Fix wrong address verification
    - clk: sprd: Use IS_ERR() to validate the return value of
      syscon_regmap_lookup_by_phandle()
    - regulator: ab8500: Remove SYSCLKREQ from enum ab8505_regulator_id
    - hwmon: (pmbus/ibm-cffps) Switch LEDs to blocking brightness call
    - arm64: dts: ls1028a: fix endian setting for dcfg
    - arm64: dts: imx8mm: Change SDMA1 ahb clock for imx8mm
    - bus: ti-sysc: Fix iterating over clocks
    - arm64: dts: imx8mq-librem5-devkit: use correct interrupt for the
      magnetometer
    - ASoC: stm32: sai: fix possible circular locking
    - ASoC: stm32: dfsdm: fix 16 bits record
    - ARM: OMAP2+: Fix ti_sysc_find_one_clockdomain to check for to_clk_hw_omap
    - ARM: dts: imx7ulp: fix reg of cpu node
    - ASoC: Intel: bytcht_es8316: Fix Irbis NB41 netbook quirk
    - ALSA: firewire-tascam: fix corruption due to spin lock without restoration
      in SoftIRQ context
    - clk: sunxi-ng: r40: Allow setting parent rate for external clock outputs
    - cpuidle: teo: Fix intervals[] array indexing bug
    - iio: adc: ad7124: Fix DT channel configuration
    - iio: imu: st_lsm6dsx: Fix selection of ST_LSM6DS3_ID
    - iio: light: vcnl4000: Fix scale for vcnl4040
    - iio: chemical: pms7003: fix unmet triggered buffer dependency
    - staging: comedi: ni_routes: fix null dereference in ni_find_route_source()
    - staging: comedi: ni_routes: allow partial routing information
    - mtd: rawnand: gpmi: Fix suspend/resume problem
    - mtd: rawnand: gpmi: Restore nfc timing setup after suspend/resume
    - cpu/SMT: Fix x86 link error without CONFIG_SYSFS
    - perf/x86/intel/uncore: Fix missing marker for
      snr_uncore_imc_freerunning_events
    - efi/earlycon: Fix write-combine mapping on x86
    - s390/setup: Fix secure ipl message
    - clk: samsung: exynos5420: Keep top G3D clocks enabled
    - mm: memcg/slab: fix percpu slab vmstats flushing
    - mm, debug_pagealloc: don't rely on static keys too early
    - btrfs: relocation: fix reloc_root lifespan and access
    - btrfs: check rw_devices, not num_devices for balance
    - Btrfs: always copy scrub arguments back to user space
    - mm/memory_hotplug: don't free usage map when removing a re-added early
      section
    - ARM: dts: imx6qdl-sabresd: Remove incorrect power supply assignment
    - ARM: dts: imx6sx-sdb: Remove incorrect power supply assignment
    - ARM: dts: imx6sl-evk: Remove incorrect power supply assignment
    - ARM: dts: imx6sll-evk: Remove incorrect power supply assignment
    - reset: Fix {of,devm}_reset_control_array_get kerneldoc return types
    - tipc: fix potential hanging after b/rcast changing
    - tipc: fix retrans failure due to wrong destination
    - drm/amd/display: Reorder detect_edp_sink_caps before link settings read.
    - bpf: Sockmap/tls, during free we may call tcp_bpf_unhash() in loop
    - bpf: Sockmap, ensure sock lock held during tear down
    - bpf: Sockmap/tls, push write_space updates through ulp updates
    - bpf: Sockmap, skmsg helper overestimates push, pull, and pop bounds
    - bpf: Sockmap/tls, msg_push_data may leave end mark in place
    - bpf: Sockmap/tls, tls_sw can create a plaintext buf > encrypt buf
    - bpf: Sockmap/tls, skmsg can have wrapped skmsg that needs extra chaining
    - bpf: Sockmap/tls, fix pop data with SK_DROP return code
    - i2c: tegra: Fix suspending in active runtime PM state
    - i2c: tegra: Properly disable runtime PM on driver's probe error
    - cfg80211: fix memory leak in nl80211_probe_mesh_link
    - bpf/sockmap: Read psock ingress_msg before sk_receive_queue
    - i2c: iop3xx: Fix memory leak in probe error path
    - netfilter: nat: fix ICMP header corruption on ICMP errors
    - netfilter: nft_tunnel: ERSPAN_VERSION must not be null
    - net: bpf: Don't leak time wait and request sockets
    - net: hns3: pad the short frame before sending to the hardware
    - net: phy: dp83867: Set FORCE_LINK_GOOD to default after reset
    - net/sched: act_ife: initalize ife->metalist earlier
    - bnxt_en: Fix NTUPLE firmware command failures.
    - bnxt_en: Fix ipv6 RFS filter matching logic.
    - bnxt_en: Do not treat DSN (Digital Serial Number) read failure as fatal.
    - net: ethernet: ave: Avoid lockdep warning
    - net: systemport: Fixed queue mapping in internal ring map
    - net: dsa: sja1105: Don't error out on disabled ports with no phy-mode
    - net: dsa: tag_gswip: fix typo in tagger name
    - net: sched: act_ctinfo: fix memory leak
    - net: dsa: bcm_sf2: Configure IMP port for 2Gb/sec
    - i40e: prevent memory leak in i40e_setup_macvlans
    - drm/amdgpu: allow direct upload save restore list for raven2
    - mlxsw: spectrum: Do not modify cloned SKBs during xmit
    - selftests: mlxsw: qos_mc_aware: Fix mausezahn invocation
    - devlink: Wait longer before warning about unset port type
    - dt-bindings: Add missing 'properties' keyword enclosing 'snps,tso'
    - arm64: dts: meson: axg: fix audio fifo reg size
    - arm64: dts: meson: g12: fix audio fifo reg size
    - arm64: dts: renesas: r8a77970: Fix PWM3
    - arm64: dts: marvell: Add AP806-dual missing CPU clocks
    - arm64: dts: qcom: sdm845-cheza: delete zap-shader
    - arm64: dts: juno: Fix UART frequency
    - ARM: dts: Fix sgx sysconfig register for omap4
    - mtd: cfi_cmdset_0002: only check errors when ready in cfi_check_err_status()
    - scsi: lpfc: fix: Coverity: lpfc_get_scsi_buf_s3(): Null pointer dereferences
    - scsi: scsi_transport_sas: Fix memory leak when removing devices
    - perf script: Allow --time with --reltime
    - clk: imx7ulp: Correct system clock source option #7
    - clk: imx7ulp: Correct DDR clock mux options
    - hwmon: (pmbus/ibm-cffps) Fix LED blink behavior
    - perf script: Fix --reltime with --time
    - upstream stable to v4.19.98, v5.4.14

* Eoan update: upstream stable patchset 2020-02-06 (LP: #1862227)
    - chardev: Avoid potential use-after-free in 'chrdev_open()'
    - i2c: fix bus recovery stop mode timing
    - usb: chipidea: host: Disable port power only if previously enabled
    - ALSA: usb-audio: Apply the sample rate quirk for Bose Companion 5
    - ALSA: hda/realtek - Add new codec supported for ALCS1200A
    - ALSA: hda/realtek - Set EAPD control to default for ALC222
    - ALSA: hda/realtek - Add quirk for the bass speaker on Lenovo Yoga X1 7th gen
    - kernel/trace: Fix do not unregister tracepoints when register
      sched_migrate_task fail
    - tracing: Have stack tracer compile when MCOUNT_INSN_SIZE is not defined
    - tracing: Change offset type to s32 in preempt/irq tracepoints
    - HID: Fix slab-out-of-bounds read in hid_field_extract
    - HID: uhid: Fix returning EPOLLOUT from uhid_char_poll
    - HID: hid-input: clear unmapped usages
    - Input: add safety guards to input_set_keycode()
    - Input: input_event - fix struct padding on sparc64
    - drm/sun4i: tcon: Set RGB DCLK min. divider based on hardware model
    - drm/fb-helper: Round up bits_per_pixel if possible
    - drm/dp_mst: correct the shifting in DP_REMOTE_I2C_READ
    - can: kvaser_usb: fix interface sanity check
    - can: gs_usb: gs_usb_probe(): use descriptors of current altsetting
    - can: mscan: mscan_rx_poll(): fix rx path lockup when returning from polling
      to irq mode
    - can: can_dropped_invalid_skb(): ensure an initialized headroom in outgoing
      CAN sk_buffs
    - gpiolib: acpi: Add Terra Pad 1061 to the run_edge_events_on_boot_blacklist
    - gpiolib: acpi: Turn dmi_system_id table into a generic quirk table
    - gpiolib: acpi: Add honor_wakeup module-option + quirk mechanism
    - staging: vt6656: set usb_set_intfdata on driver fail.
    - USB: serial: option: add ZLP support for 0x1bc7/0x9010
    - usb: musb: fix idling for suspend after disconnect interrupt
    - usb: musb: Disable pullup at init
    - usb: musb: dma: Correct parameter passed to IRQ handler
    - staging: comedi: adv_pci1710: fix AI channels 16-31 for PCI-1713
    - staging: rtl8188eu: Add device code for TP-Link TL-WN727N v5.21
    - serdev: Don't claim unsupported ACPI serial devices
    - tty: link tty and port before configuring it as console
    - tty: always relink the port
    - mwifiex: pcie: Fix memory leak in mwifiex_pcie_alloc_cmdrsp_buf
    - scsi: bfa: release allocated memory in case of error
    - rtl8xxxu: prevent leaking urb
    - HID: hiddev: fix mess in hiddev_open()
    - USB: Fix: Don't skip endpoint descriptors with maxpacket=0
    - phy: cpcap-usb: Fix error path when no host driver is loaded
    - phy: cpcap-usb: Fix flakey host idling and enumerating of devices
    - netfilter: arp_tables: init netns pointer in xt_tgchk_param struct
    - netfilter: conntrack: dccp, sctp: handle null timeout argument
    - netfilter: ipset: avoid null deref when IPSET_ATTR_LINENO is present
    - powercap: intel_rapl: add NULL pointer check to rapl_mmio_cpu_online()
    - tpm: Handle negative priv->response_len in tpm_common_read()
    - rtc: sun6i: Add support for RTC clocks on R40
    - drm/i915: Add Wa_1408615072 and Wa_1407596294 to icl,ehl
    - drm/i915: Add Wa_1407352427:icl,ehl
    - IB/hfi1: Adjust flow PSN with the correct resync_psn
    - pstore/ram: Regularize prz label allocation lifetime
    - staging: vt6656: Fix non zero logical return of, usb_control_msg
    - usb: ohci-da8xx: ensure error return on variable error is set
    - USB-PD tcpm: bad warning+size, PPS adapters
    - staging: vt6656: correct return of vnt_init_registers.
    - staging: vt6656: limit reg output to block size
    - iommu/vt-d: Fix adding non-PCI devices to Intel IOMMU
    - arm64: Move __ARCH_WANT_SYS_CLONE3 definition to uapi headers
    - arm64: Implement copy_thread_tls
    - arm: Implement copy_thread_tls
    - parisc: Implement copy_thread_tls
    - riscv: Implement copy_thread_tls
    - xtensa: Implement copy_thread_tls
    - powerpc: convert to copy_thread_tls
    - clone3: ensure copy_thread_tls is implemented
    - um: Implement copy_thread_tls
    - staging: vt6656: remove bool from vnt_radio_power_on ret
    - rpmsg: char: release allocated memory
    - hidraw: Return EPOLLOUT from hidraw_poll
    - HID: hidraw: Fix returning EPOLLOUT from hidraw_poll
    - HID: hidraw, uhid: Always report EPOLLOUT
    - iwlwifi: dbg_ini: fix memory leak in alloc_sgtable
    - iwlwifi: pcie: fix memory leaks in iwl_pcie_ctxt_info_gen3_init
    - rtc: mt6397: fix alarm register overwrite
    - RDMA/bnxt_re: Avoid freeing MR resources if dereg fails
    - RDMA/bnxt_re: Fix Send Work Entry state check while polling completions
    - ASoC: soc-core: Set dpcm_playback / dpcm_capture
    - ASoC: stm32: spdifrx: fix inconsistent lock state
    - ASoC: stm32: spdifrx: fix race condition in irq handler
    - mtd: onenand: omap2: Pass correct flags for prep_dma_memcpy
    - gpio: zynq: Fix for bug in zynq_gpio_restore_context API
    - iommu: Remove device link to group on failure
    - gpio: Fix error message on out-of-range GPIO in lookup table
    - hsr: reset network header when supervision frame is created
    - s390/qeth: Fix vnicc_is_in_use if rx_bcast not set
    - cifs: Adjust indentation in smb2_open_file
    - afs: Fix missing cell comparison in afs_test_super()
    - btrfs: simplify inode locking for RWF_NOWAIT
    - RDMA/mlx5: Return proper error value
    - RDMA/srpt: Report the SCSI residual to the initiator
    - scsi: enclosure: Fix stale device oops with hot replug
    - scsi: sd: Clear sdkp->protection_type if disk is reformatted without PI
    - platform/x86: asus-wmi: Fix keyboard brightness cannot be set to 0
    - platform/x86: GPD pocket fan: Use default values when wrong modparams are
      given
    - xprtrdma: Fix completion wait during device removal
    - crypto: virtio - implement missing support for output IVs
    - NFSv2: Fix a typo in encode_sattr()
    - NFSv4.x: Drop the slot if nfs4_delegreturn_prepare waits for layoutreturn
    - iio: imu: adis16480: assign bias value only if operation succeeded
    - mei: fix modalias documentation
    - clk: samsung: exynos5420: Preserve CPU clocks configuration during
      suspend/resume
    - pinctl: ti: iodelay: fix error checking on pinctrl_count_index_with_args
      call
    - pinctrl: lewisburg: Update pin list according to v1.1v6
    - scsi: sd: enable compat ioctls for sed-opal
    - arm64: dts: apq8096-db820c: Increase load on l21 for SDCARD
    - af_unix: add compat_ioctl support
    - compat_ioctl: handle SIOCOUTQNSD
    - PCI: dwc: Fix find_next_bit() usage
    - PCI/PTM: Remove spurious "d" from granularity message
    - powerpc/powernv: Disable native PCIe port management
    - tty: serial: imx: use the sg count from dma_map_sg
    - tty: serial: pch_uart: correct usage of dma_unmap_sg
    - media: ov6650: Fix incorrect use of JPEG colorspace
    - media: ov6650: Fix some format attributes not under control
    - media: ov6650: Fix .get_fmt() V4L2_SUBDEV_FORMAT_TRY support
    - media: rcar-vin: Fix incorrect return statement in rvin_try_format()
    - media: v4l: cadence: Fix how unsued lanes are handled in 'csi2rx_start()'
    - media: exynos4-is: Fix recursive locking in isp_video_release()
    - iommu/mediatek: Correct the flush_iotlb_all callback
    - mtd: spi-nor: fix silent truncation in spi_nor_read()
    - mtd: spi-nor: fix silent truncation in spi_nor_read_raw()
    - spi: atmel: fix handling of cs_change set on non-last xfer
    - rtlwifi: Remove unnecessary NULL check in rtl_regd_init
    - f2fs: fix potential overflow
    - rtc: msm6242: Fix reading of 10-hour digit
    - rtc: brcmstb-waketimer: add missed clk_disable_unprepare
    - gpio: mpc8xxx: Add platform device to gpiochip->parent
    - scsi: libcxgbi: fix NULL pointer dereference in cxgbi_device_destroy()
    - selftests: firmware: Fix it to do root uid check and skip
    - rseq/selftests: Turn off timeout setting
    - mips: cacheinfo: report shared CPU map
    - MIPS: Prevent link failure with kcov instrumentation
    - drm/arm/mali: make malidp_mw_connector_helper_funcs static
    - dmaengine: k3dma: Avoid null pointer traversal
    - ioat: ioat_alloc_ring() failure handling.
    - hexagon: parenthesize registers in asm predicates
    - hexagon: work around compiler crash
    - ocfs2: call journal flush to mark journal as empty after journal recovery
      when mount
    - phy: mapphone-mdm6600: Fix uninitialized status value regression
    - IB/hfi1: Don't cancel unused work item
    - mtd: rawnand: stm32_fmc2: avoid to lock the CPU bus
    - i2c: bcm2835: Store pointer to bus clock
    - ASoC: stm32: spdifrx: fix input pin state management
    - pinctrl: lochnagar: select GPIOLIB
    - netfilter: nft_flow_offload: fix underflow in flowtable reference counter
    - pinctrl: meson: Fix wrong shift value when get drive-strength
    - selftests: loopback.sh: skip this test if the driver does not support
    - iommu/vt-d: Unlink device if failed to add to group
    - bpf: cgroup: prevent out-of-order release of cgroup bpf
    - fs: move guard_bio_eod() after bio_set_op_attrs
    - scsi: mpt3sas: Fix double free in attach error handling
    - PCI: amlogic: Fix probed clock names
    - drm/tegra: Fix ordering of cleanup code
    - hsr: add hsr root debugfs directory
    - hsr: rename debugfs file when interface name is changed
    - s390/qeth: fix qdio teardown after early init error
    - s390/qeth: vnicc Fix init to default
    - s390/qeth: fix initialization on old HW
    - scsi: smartpqi: Update attribute name to `driver_version`
    - MAINTAINERS: Append missed file to the database
    - dt-bindings: reset: Fix brcmstb-reset example
    - reset: brcmstb: Remove resource checks
    - perf vendor events s390: Remove name from L1D_RO_EXCL_WRITES description
    - syscalls/x86: Wire up COMPAT_SYSCALL_DEFINE0
    - syscalls/x86: Use COMPAT_SYSCALL_DEFINE0 for IA32 (rt_)sigreturn
    - syscalls/x86: Use the correct function type for sys_ni_syscall
    - syscalls/x86: Fix function types in COND_SYSCALL
    - hsr: fix slab-out-of-bounds Read in hsr_debugfs_rename()
    - netfilter: nf_tables_offload: release flow_rule on error from commit path
    - ASoC: dt-bindings: mt8183: add missing update
    - ASoC: simple_card_utils.h: Add missing include
    - ASoC: rsnd: fix DALIGN register for SSIU
    - RDMA/hns: remove a redundant le16_to_cpu
    - RDMA/hns: Modify return value of restrack functions
    - RDMA/counter: Prevent QP counter manual binding in auto mode
    - RDMA/siw: Fix port number endianness in a debug message
    - RDMA/hns: Fix build error again
    - [Config] updateconfigs for INFINIBAND_HNS
    - RDMA/hns: Release qp resources when failed to destroy qp
    - xprtrdma: Add unique trace points for posting Local Invalidate WRs
    - xprtrdma: Connection becomes unstable after a reconnect
    - xprtrdma: Close window between waking RPC senders and posting Receives
    - RDMA/hns: Fix to support 64K page for srq
    - RDMA/hns: Bugfix for qpc/cqc timer configuration
    - rdma: Remove nes ABI header
    - uaccess: Add non-pagefault user-space write function
    - bpf: Make use of probe_user_write in probe write helper
    - bpf: skmsg, fix potential psock NULL pointer dereference
    - afs: Fix use-after-loss-of-ref
    - afs: Fix afs_lookup() to not clobber the version on a new dentry
    - keys: Fix request_key() cache
    - platform/mellanox: fix potential deadlock in the tmfifo driver
    - asm-generic/nds32: don't redefine cacheflush primitives
    - Documentation/ABI: Fix documentation inconsistency for mlxreg-io sysfs
      interfaces
    - Documentation/ABI: Add missed attribute for mlxreg-io sysfs interfaces
    - xprtrdma: Fix create_qp crash on device unload
    - dm: add dm-clone to the documentation index
    - scsi: ufs: Give an unique ID to each ufs-bsg
    - crypto: hisilicon - select NEED_SG_DMA_LENGTH in qm Kconfig
    - crypto: algif_skcipher - Use chunksize instead of blocksize
    - crypto: geode-aes - convert to skcipher API and make thread-safe
    - nfsd: v4 support requires CRYPTO_SHA256
    - NFSv4.x: Handle bad/dead sessions correctly in nfs41_sequence_process()
    - clk: meson: axg-audio: fix regmap last register
    - clk: Fix memory leak in clk_unregister()
    - clk: imx: pll14xx: Fix quick switch of S/K parameter
    - affs: fix a memory leak in affs_remount
    - pinctrl: sh-pfc: Fix PINMUX_IPSR_PHYS() to set GPSR
    - pinctrl: sh-pfc: Do not use platform_get_irq() to count interrupts
    - PCI: aardvark: Use LTSSM state to build link training flag
    - PCI: aardvark: Fix PCI_EXP_RTCTL register configuration
    - PCI: Fix missing bridge dma_ranges resource list cleanup
    - PCI/PM: Clear PCIe PME Status even for legacy power management
    - tools: PCI: Fix fd leakage
    - MIPS: PCI: remember nasid changed by set interrupt affinity
    - MIPS: Loongson: Fix return value of loongson_hwmon_init
    - MIPS: SGI-IP27: Fix crash, when CPUs are disabled via nr_cpus parameter
    - media: ov6650: Fix default format not applied on device probe
    - media: coda: fix deadlock between decoder picture run and start command
    - media: cedrus: Use correct H264 8x8 scaling list
    - media: aspeed-video: Fix memory leaks in aspeed_video_probe
    - ubifs: Fixed missed le64_to_cpu() in journal
    - ubifs: do_kill_orphans: Fix a memory leak bug
    - spi: sprd: Fix the incorrect SPI register
    - spi: pxa2xx: Set controller->max_transfer_size in dma mode
    - spi: lpspi: fix memory leak in fsl_lpspi_probe
    - iwlwifi: mvm: consider ieee80211 station max amsdu value
    - sch_cake: Add missing NLA policy entry TCA_CAKE_SPLIT_GSO
    - NFSD fixing possible null pointer derefering in copy offload
    - rtc: bd70528: Add MODULE ALIAS to autoload module
    - scsi: target/iblock: Fix protection error with blocks greater than 512B
    - riscv: export flush_icache_all to modules
    - rxrpc: Unlock new call in rxrpc_new_incoming_call() rather than the caller
    - rxrpc: Don't take call->user_mutex in rxrpc_new_incoming_call()
    - rxrpc: Fix missing security check on incoming calls
    - s390/qeth: lock the card while changing its hsuid
    - drm/amdgpu: enable gfxoff for raven1 refresh
    - media: intel-ipu3: Align struct ipu3_uapi_awb_fr_config_s to 32 bytes
    - kbuild/deb-pkg: annotate libelf-dev dependency as :native

* Eoan update: upstream stable patchset 2020-02-04 (LP: #1861929)
    - USB: dummy-hcd: use usb_urb_dir_in instead of usb_pipein
    - USB: dummy-hcd: increase max number of devices to 32
    - bpf: Fix passing modified ctx to ld/abs/ind instruction
    - regulator: fix use after free issue
    - ASoC: max98090: fix possible race conditions
    - locking/spinlock/debug: Fix various data races
    - netfilter: ctnetlink: netns exit must wait for callbacks
    - libtraceevent: Fix lib installation with O=
    - x86/efi: Update e820 with reserved EFI boot services data to fix kexec
      breakage
    - ASoC: Intel: bytcr_rt5640: Update quirk for Teclast X89
    - efi/gop: Return EFI_NOT_FOUND if there are no usable GOPs
    - efi/gop: Return EFI_SUCCESS if a usable GOP was found
    - efi/gop: Fix memory leak in __gop_query32/64()
    - ARM: dts: imx6ul: imx6ul-14x14-evk.dtsi: Fix SPI NOR probing
    - ARM: vexpress: Set-up shared OPP table instead of individual for each CPU
    - netfilter: uapi: Avoid undefined left-shift in xt_sctp.h
    - netfilter: nft_set_rbtree: bogus lookup/get on consecutive elements in named
      sets
    - netfilter: nf_tables: validate NFT_SET_ELEM_INTERVAL_END
    - netfilter: nf_tables: validate NFT_DATA_VALUE after nft_data_init()
    - ARM: dts: BCM5301X: Fix MDIO node address/size cells
    - selftests/ftrace: Fix multiple kprobe testcase
    - ARM: dts: Cygnus: Fix MDIO node address/size cells
    - spi: spi-cavium-thunderx: Add missing pci_release_regions()
    - ASoC: topology: Check return value for soc_tplg_pcm_create()
    - ARM: dts: bcm283x: Fix critical trip point
    - bpf, mips: Limit to 33 tail calls
    - spi: spi-ti-qspi: Fix a bug when accessing non default CS
    - ARM: dts: am437x-gp/epos-evm: fix panel compatible
    - samples: bpf: Replace symbol compare of trace_event
    - samples: bpf: fix syscall_tp due to unused syscall
    - powerpc: Ensure that swiotlb buffer is allocated from low memory
    - btrfs: Fix error messages in qgroup_rescan_init
    - bpf: Clear skb->tstamp in bpf_redirect when necessary
    - bnx2x: Do not handle requests from VFs after parity
    - bnx2x: Fix logic to get total no. of PFs per engine
    - cxgb4: Fix kernel panic while accessing sge_info
    - net: usb: lan78xx: Fix error message format specifier
    - parisc: add missing __init annotation
    - rfkill: Fix incorrect check to avoid NULL pointer dereference
    - ASoC: wm8962: fix lambda value
    - regulator: rn5t618: fix module aliases
    - iommu/iova: Init the struct iova to fix the possible memleak
    - kconfig: don't crash on NULL expressions in expr_eq()
    - perf/x86/intel: Fix PT PMI handling
    - fs: avoid softlockups in s_inodes iterators
    - net: stmmac: Do not accept invalid MTU values
    - net: stmmac: xgmac: Clear previous RX buffer size
    - net: stmmac: RX buffer size must be 16 byte aligned
    - net: stmmac: Always arm TX Timer at end of transmission start
    - s390/purgatory: do not build purgatory with kcov, kasan and friends
    - drm/exynos: gsc: add missed component_del
    - s390/dasd/cio: Interpret ccw_device_get_mdc return value correctly
    - s390/dasd: fix memleak in path handling error case
    - block: fix memleak when __blk_rq_map_user_iov() is failed
    - parisc: Fix compiler warnings in debug_core.c
    - llc2: Fix return statement of llc_stat_ev_rx_null_dsap_xid_c (and _test_c)
    - hv_netvsc: Fix unwanted rx_table reset
    - powerpc/vcpu: Assume dedicated processors as non-preempt
    - powerpc/spinlocks: Include correct header for static key
    - gtp: fix bad unlock balance in gtp_encap_enable_socket
    - macvlan: do not assume mac_header is set in macvlan_broadcast()
    - net: dsa: mv88e6xxx: Preserve priority when setting CPU port.
    - net: stmmac: dwmac-sun8i: Allow all RGMII modes
    - net: stmmac: dwmac-sunxi: Allow all RGMII modes
    - net: usb: lan78xx: fix possible skb leak
    - pkt_sched: fq: do not accept silly TCA_FQ_QUANTUM
    - sch_cake: avoid possible divide by zero in cake_enqueue()
    - sctp: free cmd->obj.chunk for the unprocessed SCTP_CMD_REPLY
    - tcp: fix "old stuff" D-SACK causing SACK to be treated as D-SACK
    - vxlan: fix tos value before xmit
    - vlan: fix memory leak in vlan_dev_set_egress_priority
    - vlan: vlan_changelink() should propagate errors
    - mlxsw: spectrum_qdisc: Ignore grafting of invisible FIFO
    - net: sch_prio: When ungrafting, replace with FIFO
    - usb: dwc3: gadget: Fix request complete check
    - USB: core: fix check for duplicate endpoints
    - USB: serial: option: add Telit ME910G1 0x110a composition
    - usb: missing parentheses in USE_NEW_SCHEME
    - powerpc/pmem: Fix kernel crash due to wrong range value usage in
      flush_dcache_range
    - ASoC: rt5682: fix i2c arbitration lost issue
    - spi: pxa2xx: Add support for Intel Jasper Lake
    - spi: fsl: Fix GPIO descriptor support
    - libtraceevent: Copy pkg-config file to output folder when using O=
    - regulator: core: fix regulator_register() error paths to properly release
      rdev
    - selftests: netfilter: use randomized netns names
    - efi/earlycon: Remap entire framebuffer after page initialization
    - netfilter: nf_tables_offload: return EOPNOTSUPP if rule specifies no actions
    - selftests/ftrace: Fix to check the existence of set_ftrace_filter
    - selftests/ftrace: Fix ftrace test cases to check unsupported
    - selftests/ftrace: Do not to use absolute debugfs path
    - selftests: safesetid: Move link library to LDLIBS
    - selftests: safesetid: Check the return value of setuid/setgid
    - selftests: safesetid: Fix Makefile to set correct test program
    - ARM: exynos_defconfig: Restore debugfs support
    - reset: Do not register resource data for missing resets
    - ASoC: topology: Check return value for snd_soc_add_dai_link()
    - ASoC: SOF: loader: snd_sof_fw_parse_ext_data log warning on unknown header
    - ASoC: SOF: Intel: split cht and byt debug window sizes
    - ARM: dts: am335x-sancloud-bbe: fix phy mode
    - ARM: omap2plus_defconfig: Add back DEBUG_FS
    - bpf, riscv: Limit to 33 tail calls
    - bpftool: Don't crash on missing jited insns or ksyms
    - kselftest/runner: Print new line in print of timeout log
    - kselftest: Support old perl versions
    - arm64: dts: ls1028a: fix reboot node
    - ARM: imx_v6_v7_defconfig: Explicitly restore CONFIG_DEBUG_FS
    - bus: ti-sysc: Fix missing reset delay handling
    - clk: walk orphan list on clock provider registration
    - mac80211: fix TID field in monitor mode transmit
    - cfg80211: fix double-free after changing network namespace
    - btrfs: handle error in btrfs_cache_block_group
    - ocxl: Fix potential memory leak on context creation
    - habanalabs: rate limit error msg on waiting for CS
    - habanalabs: remove variable 'val' set but not used
    - spi: nxp-fspi: Ensure width is respected in spi-mem operations
    - clk: at91: fix possible deadlock
    - staging: axis-fifo: add unspecified HAS_IOMEM dependency
    - scripts: package: mkdebian: add missing rsync dependency
    - perf/x86: Fix potential out-of-bounds access
    - sched/psi: Fix sampling error and rare div0 crashes with cgroups and high
      uptime
    - psi: Fix a division error in psi poll()
    - usb: typec: fusb302: Fix an undefined reference to 'extcon_get_state'
    - block: end bio with BLK_STS_AGAIN in case of non-mq devs and REQ_NOWAIT
    - fs: call fsnotify_sb_delete after evict_inodes
    - perf/smmuv3: Remove the leftover put_cpu() in error path
    - iommu/dma: Relax locking in iommu_dma_prepare_msi()
    - clk: Move clk_core_reparent_orphans() under CONFIG_OF
    - net: stmmac: Determine earlier the size of RX buffer
    - net/mlx5e: Fix concurrency issues between config flow and XSK
    - net/i40e: Fix concurrency issues between config flow and XSK
    - net/ixgbe: Fix concurrency issues between config flow and XSK
    - arm64: cpu_errata: Add Hisilicon TSV110 to spectre-v2 safe list
    - block: Fix a lockdep complaint triggered by request queue flushing
    - sbitmap: only queue kyber's wait callback if not already active
    - s390/qeth: handle error due to unsupported transport mode
    - s390/qeth: fix promiscuous mode after reset
    - s390/qeth: don't return -ENOTSUPP to userspace
    - selftests: pmtu: fix init mtu value in description
    - net: freescale: fec: Fix ethtool -d runtime PM
    - net: stmmac: Fixed link does not need MDIO Bus
    - macb: Don't unregister clks unconditionally
    - net/mlx5: Move devlink registration before interfaces load
    - net/mlx5e: Fix hairpin RSS table size

* Eoan update: upstream stable patchset 2020-02-03 (LP: #1861710)
    - nvme_fc: add module to ops template to allow module references
    - nvme-fc: fix double-free scenarios on hw queues
    - drm/amdgpu: add check before enabling/disabling broadcast mode
    - drm/amdgpu: add cache flush workaround to gfx8 emit_fence
    - drm/amd/display: Fixed kernel panic when booting with DP-to-HDMI dongle
    - iio: adc: max9611: Fix too short conversion time delay
    - PM / devfreq: Fix devfreq_notifier_call returning errno
    - PM / devfreq: Set scaling_max_freq to max on OPP notifier error
    - PM / devfreq: Don't fail devfreq_dev_release if not in list
    - afs: Fix afs_find_server lookups for ipv4 peers
    - afs: Fix SELinux setting security label on /afs
    - RDMA/cma: add missed unregister_pernet_subsys in init failure
    - rxe: correctly calculate iCRC for unaligned payloads
    - scsi: lpfc: Fix memory leak on lpfc_bsg_write_ebuf_set func
    - scsi: qla2xxx: Drop superfluous INIT_WORK of del_work
    - scsi: qla2xxx: Don't call qlt_async_event twice
    - scsi: qla2xxx: Fix PLOGI payload and ELS IOCB dump length
    - scsi: qla2xxx: Configure local loop for N2N target
    - scsi: qla2xxx: Send Notify ACK after N2N PLOGI
    - scsi: qla2xxx: Ignore PORT UPDATE after N2N PLOGI
    - scsi: iscsi: qla4xxx: fix double free in probe
    - drm/nouveau: Move the declaration of struct nouveau_conn_atom up a bit
    - usb: gadget: fix wrong endpoint desc
    - net: make socket read/write_iter() honor IOCB_NOWAIT
    - afs: Fix creation calls in the dynamic root to fail with EOPNOTSUPP
    - md: raid1: check rdev before reference in raid1_sync_request func
    - s390/cpum_sf: Adjust sampling interval to avoid hitting sample limits
    - s390/cpum_sf: Avoid SBD overflow condition in irq handler
    - IB/mlx4: Follow mirror sequence of device add during device removal
    - IB/mlx5: Fix steering rule of drop and count
    - xen-blkback: prevent premature module unload
    - xen/balloon: fix ballooned page accounting without hotplug enabled
    - ALSA: hda/realtek - Add Bass Speaker and fixed dac for bass speaker
    - ALSA: hda/realtek - Enable the bass speaker of ASUS UX431FLC
    - ALSA: hda - fixup for the bass speaker on Lenovo Carbon X1 7th gen
    - taskstats: fix data-race
    - netfilter: nft_tproxy: Fix port selector on Big Endian
    - ALSA: ice1724: Fix sleep-in-atomic in Infrasonic Quartet support code
    - ALSA: usb-audio: fix set_format altsetting sanity check
    - ALSA: hda/realtek - Add headset Mic no shutup for ALC283
    - drm/sun4i: hdmi: Remove duplicate cleanup calls
    - MIPS: Avoid VDSO ABI breakage due to global register variable
    - media: pulse8-cec: fix lost cec_transmit_attempt_done() call
    - media: cec: CEC 2.0-only bcast messages were ignored
    - media: cec: avoid decrementing transmit_queue_sz if it is 0
    - media: cec: check 'transmit_in_progress', not 'transmitting'
    - mm/zsmalloc.c: fix the migrated zspage statistics.
    - memcg: account security cred as well to kmemcg
    - mm: move_pages: return valid node id in status if the page is already on the
      target node
    - pstore/ram: Write new dumps to start of recycled zones
    - locks: print unsigned ino in /proc/locks
    - dmaengine: Fix access to uninitialized dma_slave_caps
    - compat_ioctl: block: handle Persistent Reservations
    - compat_ioctl: block: handle BLKREPORTZONE/BLKRESETZONE
    - ata: libahci_platform: Export again ahci_platform_<en/dis>able_phys()
    - ata: ahci_brcm: Fix AHCI resources management
    - ata: ahci_brcm: Add missing clock management during recovery
    - ata: ahci_brcm: BCM7425 AHCI requires AHCI_HFLAG_DELAY_ENGINE
    - libata: Fix retrieving of active qcs
    - gpiolib: fix up emulated open drain outputs
    - riscv: ftrace: correct the condition logic in function graph tracer
    - rseq/selftests: Fix: Namespace gettid() for compatibility with glibc 2.30
    - tracing: Fix lock inversion in trace_event_enable_tgid_record()
    - tracing: Avoid memory leak in process_system_preds()
    - tracing: Have the histogram compare functions convert to u64 first
    - tracing: Fix endianness bug in histogram trigger
    - apparmor: fix aa_xattrs_match() may sleep while holding a RCU lock
    - ALSA: cs4236: fix error return comparison of an unsigned integer
    - ALSA: firewire-motu: Correct a typo in the clock proc string
    - exit: panic before exit_mm() on global init exit
    - ftrace: Avoid potential division by zero in function profiler
    - drm/msm: include linux/sched/task.h
    - PM / devfreq: Check NULL governor in available_governors_show
    - nfsd4: fix up replay_matches_cache()
    - HID: i2c-hid: Reset ALPS touchpads on resume
    - ACPI: sysfs: Change ACPI_MASKABLE_GPE_MAX to 0x100
    - xfs: don't check for AG deadlock for realtime files in bunmapi
    - platform/x86: pmc_atom: Add Siemens CONNECT X300 to critclk_systems DMI
      table
    - Bluetooth: btusb: fix PM leak in error case of setup
    - Bluetooth: delete a stray unlock
    - Bluetooth: Fix memory leak in hci_connect_le_scan
    - media: flexcop-usb: ensure -EIO is returned on error condition
    - regulator: ab8500: Remove AB8505 USB regulator
    - media: usb: fix memory leak in af9005_identify_state
    - dt-bindings: clock: renesas: rcar-usb2-clock-sel: Fix typo in example
    - arm64: dts: meson: odroid-c2: Disable usb_otg bus to avoid power failed
      warning
    - tty: serial: msm_serial: Fix lockup for sysrq and oops
    - fix compat handling of FICLONERANGE, FIDEDUPERANGE and FS_IOC_FIEMAP
    - bdev: Factor out bdev revalidation into a common helper
    - bdev: Refresh bdev size for disks without partitioning
    - KVM: PPC: Book3S HV: use smp_mb() when setting/clearing host_ipi flag
    - tcp: annotate tp->rcv_nxt lockless reads
    - net: core: limit nested device depth
    - ath9k_htc: Modify byte order for an error message
    - ath9k_htc: Discard undersized packets
    - xfs: periodically yield scrub threads to the scheduler
    - net: add annotations on hh->hh_len lockless accesses
    - ubifs: ubifs_tnc_start_commit: Fix OOB in layout_in_gaps
    - s390/smp: fix physical to logical CPU map for SMT
    - xen/blkback: Avoid unmapping unmapped grant pages
    - perf/x86/intel/bts: Fix the use of page_private()
    - drm/mcde: dsi: Fix invalid pointer dereference if panel cannot be found
    - drm/amd/display: Map DSC resources 1-to-1 if numbers of OPPs and DSCs are
      equal
    - drm/amd/display: Change the delay time before enabling FEC
    - drm/amd/display: Reset steer fifo before unblanking the stream
    - nvme/pci: Fix write and poll queue types
    - nvme/pci: Fix read queue count
    - iio: st_accel: Fix unused variable warning
    - scsi: qla2xxx: Use explicit LOGO in target mode
    - scsi: qla2xxx: Don't defer relogin unconditonally
    - scsi: iscsi: Avoid potential deadlock in iscsi_if_rx func
    - staging/wlan-ng: add CRC32 dependency in Kconfig
    - drm/nouveau: Fix drm-core using atomic code-paths on pre-nv50 hardware
    - drm/nouveau/kms/nv50-: fix panel scaling
    - afs: Fix mountpoint parsing
    - RDMA/counter: Prevent auto-binding a QP which are not tracked with res
    - tcp: fix data-race in tcp_recvmsg()
    - shmem: pin the file in shmem_fault() if mmap_sem is dropped
    - block: add bio_truncate to fix guard_bio_eod
    - mm: drop mmap_sem before calling balance_dirty_pages() in write fault
    - ALSA: hda - Apply sync-write workaround to old Intel platforms, too
    - MIPS: BPF: Disable MIPS32 eBPF JIT
    - MIPS: BPF: eBPF JIT: check for MIPS ISA compliance in Kconfig
    - mm/memory_hotplug: shrink zones when offlining memory
    - pstore/ram: Fix error-path memory leak in persistent_ram_new() callers
    - gcc-plugins: make it possible to disable CONFIG_GCC_PLUGINS again
    - selftests/seccomp: Zero out seccomp_notif
    - samples/seccomp: Zero out members based on seccomp_notif_sizes
    - selftests/seccomp: Catch garbage on SECCOMP_IOCTL_NOTIF_RECV
    - dmaengine: dma-jz4780: Also break descriptor chains on JZ4725B
    - Btrfs: fix infinite loop during nocow writeback due to race
    - compat_ioctl: block: handle BLKGETZONESZ/BLKGETNRZONES
    - bpf: Fix precision tracking for unbounded scalars
    - gpio: xtensa: fix driver build
    - clocksource: riscv: add notrace to riscv_sched_clock
    - samples/trace_printk: Wait for IRQ work to finish
    - io_uring: use current task creds instead of allocating a new one
    - mm/gup: fix memory leak in __gup_benchmark_ioctl
    - dmaengine: virt-dma: Fix access after free in vchan_complete()
    - gen_initramfs_list.sh: fix 'bad variable name' error
    - ALSA: pcm: Yet another missing check of non-cached buffer type
    - spi: spi-fsl-dspi: Fix 16-bit word order in 32-bit XSPI mode
    - sunrpc: fix crash when cache_head become valid before update
    - arm64: dts: qcom: msm8998-clamshell: Remove retention idle state
    - powerpc: Chunk calls to flush_dcache_range in arch_*_memory
    - net/sched: annotate lockless accesses to qdisc->empty
    - kernel/module.c: wakeup processes in module_wq on module unload
    - perf callchain: Fix segfault in thread__resolve_callchain_sample()
    - iommu/vt-d: Remove incorrect PSI capability check
    - of: overlay: add_changeset_property() memory leak
    - cifs: Fix potential softlockups while refreshing DFS cache
    - firmware: arm_scmi: Avoid double free in error flow
    - watchdog: tqmx86_wdt: Fix build error
    - regulator: axp20x: Fix axp20x_set_ramp_delay
    - regulator: bd70528: Remove .set_ramp_delay for bd70528_ldo_ops
    - regulator: axp20x: Fix AXP22x ELDO2 regulator enable bitmask
    - powerpc/mm: Mark get_slice_psize() & slice_addr_is_low() as notrace
    - arm64: dts: meson-gxl-s905x-khadas-vim: fix uart_A bluetooth node
    - arm64: dts: meson-gxm-khadas-vim2: fix uart_A bluetooth node
    - cifs: Fix lookup of root ses in DFS referral cache
    - fs: cifs: Fix atime update check vs mtime
    - Btrfs: only associate the locked page with one async_chunk struct
    - mm/sparse.c: mark populate_section_memmap as __meminit
    - lib/ubsan: don't serialize UBSAN report
    - net: annotate lockless accesses to sk->sk_pacing_shift
    - hsr: avoid debugfs warning message when module is remove
    - hsr: fix error handling routine in hsr_dev_finalize()
    - hsr: fix a race condition in node list insertion and deletion
    - mm/hugetlb: defer freeing of huge pages if in non-task context

* Support Headset Mic on HP cPC (LP: #1862313)
    - ALSA: hda/realtek - Add Headset Mic supported for HP cPC
    - ALSA: hda/realtek - Fixed one of HP ALC671 platform Headset Mic supported

* test_sysctl in bpf from ubuntu_kernel_selftests make net test fails to build
    on eoan (LP: #1862263)
    - bpf: fix accessing bpf_sysctl.file_pos on s390

* shiftfs: prevent lower dentries from going negative during unlink
    (LP: #1860041)
    - SAUCE: shiftfs: prevent lower dentries from going negative during unlink

* Sometimes can't adjust brightness on Dell AIO (LP: #1862885)
    - SAUCE: platform/x86: dell-uart-backlight: increase retry times

* Prevent arm64 guest from accessing host debug registers (LP: #1860657)
    - KVM: arm64: Write arch.mdcr_el2 changes since last vcpu_load on VHE

* pty03 from pty in ubuntu_ltp failed on Eoan (LP: #1862114)
    - can, slip: Protect tty->disc_data in write_wakeup and close with RCU

-- Khalid Elmously <khalid.elmously@canonical.com>  Fri, 28 Feb 2020 00:35:03 -0500

Changed in linux (Ubuntu Eoan):
status:	Fix Committed → Fix Released

Revision history for this message

Launchpad Janitor (janitor) wrote on 2020-03-16:

#12

Download full text (44.4 KiB)

This bug was fixed in the package linux - 4.15.0-91.92

---------------
linux (4.15.0-91.92) bionic; urgency=medium

* bionic/linux: 4.15.0-91.92 -proposed tracker (LP: #1865109)

  * CVE-2020-2732
    - KVM: x86: emulate RDPID
    - KVM: nVMX: Don't emulate instructions in guest mode
    - KVM: nVMX: Refactor IO bitmap checks into helper function
    - KVM: nVMX: Check IO instruction VM-exit conditions

linux (4.15.0-90.91) bionic; urgency=medium

* bionic/linux: 4.15.0-90.91 -proposed tracker (LP: #1864753)

  * dkms artifacts may expire from the pool (LP: #1850958)
    - [Packaging] autoreconstruct -- manage executable debian files
    - [packaging] handle downloads from the librarian better

linux (4.15.0-90.90) bionic; urgency=medium

* bionic/linux: 4.15.0-90.90 -proposed tracker (LP: #1864753)

* vm-segv from ubuntu_stress_smoke_test failed on B (LP: #1864063)
- Revert "apparmor: don't try to replace stale label in ptrace access check"

linux (4.15.0-89.89) bionic; urgency=medium

* bionic/linux: 4.15.0-89.89 -proposed tracker (LP: #1863350)

  * [SRU][B/OEM-B] Fix multitouch support on some devices (LP: #1862567)
    - HID: core: move the dynamic quirks handling in core
    - HID: quirks: move the list of special devices into a quirk
    - HID: core: move the list of ignored devices in hid-quirks.c
    - HID: core: remove the absolute need of hid_have_special_driver[]

* [linux] Patch to prevent possible data corruption (LP: #1848739)
- blk-mq: silence false positive warnings in hctx_unlock()

  * Add bpftool to linux-tools-common (LP: #1774815)
    - tools/bpftool: fix bpftool build with bintutils >= 2.9
    - bpftool: make libbfd optional
    - [Debian] Remove binutils-dev build dependency
    - [Debian] package bpftool in linux-tools-common

  * Root can lift kernel lockdown via USB/IP (LP: #1861238)
    - Revert "UBUNTU: SAUCE: (efi-lockdown) Add a SysRq option to lift kernel
      lockdown"

  * [Bionic] i915 incomplete fix for CVE-2019-14615 (LP: #1862840) //
    CVE-2020-8832
    - drm/i915: Use same test for eviction and submitting kernel context
    - drm/i915: Define an engine class enum for the uABI
    - drm/i915: Force the switch to the i915->kernel_context
    - drm/i915: Move GT powersaving init to i915_gem_init()
    - drm/i915: Move intel_init_clock_gating() to i915_gem_init()
    - drm/i915: Inline intel_modeset_gem_init()
    - drm/i915: Mark the context state as dirty/written
    - drm/i915: Record the default hw state after reset upon load

This bug was fixed in the package linux - 4.15.0-91.92

---------------
linux (4.15.0-91.92) bionic; urgency=medium

* bionic/linux: 4.15.0-91.92 -proposed tracker (LP: #1865109)

linux (4.15.0-90.91) bionic; urgency=medium

* bionic/linux: 4.15.0-90.91 -proposed tracker (LP: #1864753)

* dkms artifacts may expire from the pool (LP: #1850958)
    - [Packaging] autoreconstruct -- manage executable debian files
    - [packaging] handle downloads from the librarian better

linux (4.15.0-90.90) bionic; urgency=medium

* bionic/linux: 4.15.0-90.90 -proposed tracker (LP: #1864753)

* vm-segv from ubuntu_stress_smoke_test failed on B (LP: #1864063)
    - Revert "apparmor: don't try to replace stale label in ptrace access check"

linux (4.15.0-89.89) bionic; urgency=medium

* bionic/linux: 4.15.0-89.89 -proposed tracker (LP: #1863350)

* [linux] Patch to prevent possible data corruption (LP: #1848739)
    - blk-mq: silence false positive warnings in hctx_unlock()

* Root can lift kernel lockdown via USB/IP (LP: #1861238)
    - Revert "UBUNTU: SAUCE: (efi-lockdown) Add a SysRq option to lift kernel
      lockdown"

* Bionic update: upstream stable patchset 2020-02-12 (LP: #1863019)
    - xfs: Sanity check flags of Q_XQUOTARM call
    - mfd: intel-lpss: Add default I2C device properties for Gemini Lake
    - powerpc/archrandom: fix arch_get_random_seed_int()
    - tipc: fix wrong timeout input for tipc_wait_for_cond()
    - mt7601u: fix bbp version check in mt7601u_wait_bbp_ready
    - crypto: sun4i-ss - fix big endian issues
    - drm/sti: do not remove the drm_bridge that was never added
    - drm/virtio: fix bounds check in virtio_gpu_cmd_get_capset()
    - ALSA: hda: fix unused variable warning
    - apparmor: don't try to replace stale label in ptrace access check
    - PCI: iproc: Remove PAXC slot check to allow VF support
    - drm/hisilicon: hibmc: Don't overwrite fb helper surface depth
    - IB/rxe: replace kvfree with vfree
    - IB/hfi1: Add mtu check for operational data VLs
    - ALSA: usb-audio: update quirk for B&W PX to remove microphone
    - staging: comedi: ni_mio_common: protect register write overflow
    - pwm: lpss: Release runtime-pm reference from the driver's remove callback
    - drm/sun4i: hdmi: Fix double flag assignation
    - mlxsw: reg: QEEC: Add minimum shaper fields
    - NTB: ntb_hw_idt: replace IS_ERR_OR_NULL with regular NULL checks
    - pcrypt: use format specifier in kobject_add
    - exportfs: fix 'passing zero to ERR_PTR()' warning
    - drm/dp_mst: Skip validating ports during destruction, just ref
    - net: phy: Fix not to call phy_resume() if PHY is not attached
    - IB/rxe: Fix incorrect cache cleanup in error flow
    - staging: bcm2835-camera: Abort probe if there is no camera
    - switchtec: Remove immediate status check after submitting MRPC command
    - pinctrl: sh-pfc: r8a7740: Add missing REF125CK pin to gether_gmii group
    - pinctrl: sh-pfc: r8a7740: Add missing LCD0 marks to lcd0_data24_1 group
    - pinctrl: sh-pfc: r8a7791: Remove bogus ctrl marks from qspi_data4_b group
    - pinctrl: sh-pfc: r8a7791: Remove bogus marks from vin1_b_data18 group
    - pinctrl: sh-pfc: sh73a0: Add missing TO pin to tpu4_to3 group
    - pinctrl: sh-pfc: r8a7794: Remove bogus IPSR9 field
    - pinctrl: sh-pfc: sh7734: Add missing IPSR11 field
    - pinctrl: sh-pfc: r8a77995: Remove bogus SEL_PWM[0-3]_3 configurations
    - pinctrl: sh-pfc: sh7269: Add missing PCIOR0 field
    - pinctrl: sh-pfc: sh7734: Remove bogus IPSR10 value
    - vxlan: changelink: Fix handling of default remotes
    - Input: nomadik-ske-keypad - fix a loop timeout test
    - clk: highbank: fix refcount leak in hb_clk_init()
    - clk: qoriq: fix refcount leak in clockgen_init()
    - clk: socfpga: fix refcount leak
    - clk: samsung: exynos4: fix refcount leak in exynos4_get_xom()
    - clk: imx6q: fix refcount leak in imx6q_clocks_init()
    - clk: imx6sx: fix refcount leak in imx6sx_clocks_init()
    - clk: imx7d: fix refcount leak in imx7d_clocks_init()
    - clk: vf610: fix refcount leak in vf610_clocks_init()
    - clk: armada-370: fix refcount leak in a370_clk_init()
    - clk: kirkwood: fix refcount leak in kirkwood_clk_init()
    - clk: armada-xp: fix refcount leak in axp_clk_init()
    - clk: mv98dx3236: fix refcount leak in mv98dx3236_clk_init()
    - clk: dove: fix refcount leak in dove_clk_init()
    - MIPS: BCM63XX: drop unused and broken DSP platform device
    - IB/usnic: Fix out of bounds index check in query pkey
    - RDMA/ocrdma: Fix out of bounds index check in query pkey
    - RDMA/qedr: Fix out of bounds index check in query pkey
    - drm/shmob: Fix return value check in shmob_drm_probe
    - arm64: dts: apq8016-sbc: Increase load on l11 for SDCARD
    - spi: cadence: Correct initialisation of runtime PM
    - RDMA/iw_cxgb4: Fix the unchecked ep dereference
    - drm/etnaviv: NULL vs IS_ERR() buf in etnaviv_core_dump()
    - media: s5p-jpeg: Correct step and max values for
      V4L2_CID_JPEG_RESTART_INTERVAL
    - kbuild: mark prepare0 as PHONY to fix external module build
    - crypto: brcm - Fix some set-but-not-used warning
    - crypto: tgr192 - fix unaligned memory access
    - ASoC: imx-sgtl5000: put of nodes if finding codec fails
    - IB/iser: Pass the correct number of entries for dma mapped SGL
    - rtc: cmos: ignore bogus century byte
    - spi/topcliff_pch: Fix potential NULL dereference on allocation error
    - clk: sunxi-ng: sun8i-a23: Enable PLL-MIPI LDOs when ungating it
    - iwlwifi: mvm: avoid possible access out of array.
    - net/mlx5: Take lock with IRQs disabled to avoid deadlock
    - iwlwifi: mvm: fix A-MPDU reference assignment
    - tty: ipwireless: Fix potential NULL pointer dereference
    - driver: uio: fix possible memory leak in __uio_register_device
    - driver: uio: fix possible use-after-free in __uio_register_device
    - crypto: crypto4xx - Fix wrong ppc4xx_trng_probe()/ppc4xx_trng_remove()
      arguments
    - driver core: Do not resume suppliers under device_links_write_lock()
    - ARM: dts: lpc32xx: add required clocks property to keypad device node
    - ARM: dts: lpc32xx: reparent keypad controller to SIC1
    - ARM: dts: lpc32xx: fix ARM PrimeCell LCD controller variant
    - ARM: dts: lpc32xx: fix ARM PrimeCell LCD controller clocks property
    - ARM: dts: lpc32xx: phy3250: fix SD card regulator voltage
    - iwlwifi: mvm: fix RSS config command
    - staging: most: cdev: add missing check for cdev_add failure
    - rtc: ds1672: fix unintended sign extension
    - thermal: mediatek: fix register index error
    - net: phy: fixed_phy: Fix fixed_phy not checking GPIO
    - rtc: ds1307: rx8130: Fix alarm handling
    - rtc: 88pm860x: fix unintended sign extension
    - rtc: 88pm80x: fix unintended sign extension
    - rtc: pm8xxx: fix unintended sign extension
    - fbdev: chipsfb: remove set but not used variable 'size'
    - iw_cxgb4: use tos when importing the endpoint
    - iw_cxgb4: use tos when finding ipv6 routes
    - drm/etnaviv: potential NULL dereference
    - pinctrl: sh-pfc: emev2: Add missing pinmux functions
    - pinctrl: sh-pfc: r8a7791: Fix scifb2_data_c pin group
    - pinctrl: sh-pfc: r8a7792: Fix vin1_data18_b pin group
    - pinctrl: sh-pfc: sh73a0: Fix fsic_spdif pin groups
    - PCI: endpoint: functions: Use memcpy_fromio()/memcpy_toio()
    - usb: phy: twl6030-usb: fix possible use-after-free on remove
    - block: don't use bio->bi_vcnt to figure out segment number
    - keys: Timestamp new keys
    - vfio_pci: Enable memory accesses before calling pci_map_rom
    - hwmon: (pmbus/tps53679) Fix driver info initialization in probe routine
    - KVM: PPC: Release all hardware TCE tables attached to a group
    - staging: r8822be: check kzalloc return or bail
    - dmaengine: mv_xor: Use correct device for DMA API
    - cdc-wdm: pass return value of recover_from_urb_loss
    - regulator: pv88060: Fix array out-of-bounds access
    - regulator: pv88080: Fix array out-of-bounds access
    - regulator: pv88090: Fix array out-of-bounds access
    - net: dsa: qca8k: Enable delay for RGMII_ID mode
    - drm/nouveau/bios/ramcfg: fix missing parentheses when calculating RON
    - drm/nouveau/pmu: don't print reply values if exec is false
    - ASoC: qcom: Fix of-node refcount unbalance in apq8016_sbc_parse_of()
    - fs/nfs: Fix nfs_parse_devname to not modify it's argument
    - staging: rtlwifi: Use proper enum for return in halmac_parse_psd_data_88xx
    - powerpc/64s: Fix logic when handling unknown CPU features
    - NFS: Fix a soft lockup in the delegation recovery code
    - clocksource/drivers/sun5i: Fail gracefully when clock rate is unavailable
    - clocksource/drivers/exynos_mct: Fix error path in timer resources
      initialization
    - platform/x86: wmi: fix potential null pointer dereference
    - NFS/pnfs: Bulk destroy of layouts needs to be safe w.r.t. umount
    - mmc: sdhci-brcmstb: handle mmc_of_parse() errors during probe
    - ARM: 8847/1: pm: fix HYP/SVC mode mismatch when MCPM is used
    - ARM: 8848/1: virt: Align GIC version check with arm64 counterpart
    - regulator: wm831x-dcdc: Fix list of wm831x_dcdc_ilim from mA to uA
    - netfilter: nft_set_hash: fix lookups with fixed size hash on big endian
    - NFSv4/flexfiles: Fix invalid deref in FF_LAYOUT_DEVID_NODE()
    - net: aquantia: fixed instack structure overflow
    - powerpc/mm: Check secondary hash page table
    - nios2: ksyms: Add missing symbol exports
    - x86/mm: Remove unused variable 'cpu'
    - scsi: megaraid_sas: reduce module load time
    - drivers/rapidio/rio_cm.c: fix potential oops in riocm_ch_listen()
    - xen, cpu_hotplug: Prevent an out of bounds access
    - net: sh_eth: fix a missing check of of_get_phy_mode
    - regulator: lp87565: Fix missing register for LP87565_BUCK_0
    - media: ivtv: update *pos correctly in ivtv_read_pos()
    - media: cx18: update *pos correctly in cx18_read_pos()
    - media: wl128x: Fix an error code in fm_download_firmware()
    - media: cx23885: check allocation return
    - regulator: tps65086: Fix tps65086_ldoa1_ranges for selector 0xB
    - jfs: fix bogus variable self-initialization
    - tipc: tipc clang warning
    - m68k: mac: Fix VIA timer counter accesses
    - arm64: dts: allwinner: a64: Add missing PIO clocks
    - ARM: OMAP2+: Fix potentially uninitialized return value for _setup_reset()
    - media: davinci-isif: avoid uninitialized variable use
    - media: tw5864: Fix possible NULL pointer dereference in tw5864_handle_frame
    - spi: tegra114: clear packed bit for unpacked mode
    - spi: tegra114: fix for unpacked mode transfers
    - spi: tegra114: terminate dma and reset on transfer timeout
    - spi: tegra114: flush fifos
    - spi: tegra114: configure dma burst size to fifo trig level
    - soc/fsl/qe: Fix an error code in qe_pin_request()
    - spi: bcm2835aux: fix driver to not allow 65535 (=-1) cs-gpios
    - ehea: Fix a copy-paste err in ehea_init_port_res
    - scsi: qla2xxx: Unregister chrdev if module initialization fails
    - scsi: target/core: Fix a race condition in the LUN lookup code
    - ARM: pxa: ssp: Fix "WARNING: invalid free of devm_ allocated data"
    - net: hns3: fix for vport->bw_limit overflow problem
    - hwmon: (w83627hf) Use request_muxed_region for Super-IO accesses
    - platform/x86: alienware-wmi: fix kfree on potentially uninitialized pointer
    - tipc: set sysctl_tipc_rmem and named_timeout right range
    - selftests/ipc: Fix msgque compiler warnings
    - powerpc: vdso: Make vdso32 installation conditional in vdso_install
    - ARM: dts: ls1021: Fix SGMII PCS link remaining down after PHY disconnect
    - media: ov2659: fix unbalanced mutex_lock/unlock
    - 6lowpan: Off by one handling ->nexthdr
    - dmaengine: axi-dmac: Don't check the number of frames for alignment
    - ALSA: usb-audio: Handle the error from snd_usb_mixer_apply_create_quirk()
    - NFS: Don't interrupt file writeout due to fatal errors
    - irqchip/gic-v3-its: fix some definitions of inner cacheability attributes
    - scsi: qla2xxx: Fix a format specifier
    - scsi: qla2xxx: Avoid that qlt_send_resp_ctio() corrupts memory
    - packet: in recvmsg msg_name return at least sizeof sockaddr_ll
    - ASoC: fix valid stream condition
    - usb: gadget: fsl: fix link error against usb-gadget module
    - dwc2: gadget: Fix completed transfer size calculation in DDMA
    - IB/mlx5: Add missing XRC options to QP optional params mask
    - iommu/vt-d: Make kernel parameter igfx_off work with vIOMMU
    - dmaengine: tegra210-adma: restore channel status
    - mmc: core: fix possible use after free of host
    - lightnvm: pblk: fix lock order in pblk_rb_tear_down_check
    - afs: Fix the afs.cell and afs.volume xattr handlers
    - vfio/mdev: Avoid release parent reference during error path
    - vfio/mdev: Fix aborting mdev child device removal if one fails
    - l2tp: Fix possible NULL pointer dereference
    - media: omap_vout: potential buffer overflow in vidioc_dqbuf()
    - media: davinci/vpbe: array underflow in vpbe_enum_outputs()
    - platform/x86: alienware-wmi: printing the wrong error code
    - crypto: caam - fix caam_dump_sg that iterates through scatterlist
    - netfilter: ebtables: CONFIG_COMPAT: reject trailing data after last rule
    - pwm: meson: Consider 128 a valid pre-divider
    - pwm: meson: Don't disable PWM when setting duty repeatedly
    - ARM: riscpc: fix lack of keyboard interrupts after irq conversion
    - kdb: do a sanity check on the cpu in kdb_per_cpu()
    - backlight: lm3630a: Return 0 on success in update_status functions
    - thermal: cpu_cooling: Actually trace CPU load in thermal_power_cpu_get_power
    - EDAC/mc: Fix edac_mc_find() in case no device is found
    - ARM: dts: sun8i-h3: Fix wifi in Beelink X2 DT
    - dmaengine: tegra210-adma: Fix crash during probe
    - arm64: dts: meson: libretech-cc: set eMMC as removable
    - RDMA/qedr: Fix incorrect device rate.
    - spi: spi-fsl-spi: call spi_finalize_current_message() at the end
    - crypto: ccp - fix AES CFB error exposed by new test vectors
    - crypto: ccp - Fix 3DES complaint from ccp-crypto module
    - serial: stm32: fix rx error handling
    - serial: stm32: fix transmit_chars when tx is stopped
    - serial: stm32: Add support of TC bit status check
    - serial: stm32: fix wakeup source initialization
    - misc: sgi-xp: Properly initialize buf in xpc_get_rsvd_page_pa
    - iommu: Use right function to get group for device
    - signal/cifs: Fix cifs_put_tcp_session to call send_sig instead of force_sig
    - inet: frags: call inet_frags_fini() after unregister_pernet_subsys()
    - netvsc: unshare skb in VF rx handler
    - cpufreq: brcmstb-avs-cpufreq: Fix initial command check
    - cpufreq: brcmstb-avs-cpufreq: Fix types for voltage/frequency
    - media: vivid: fix incorrect assignment operation when setting video mode
    - mpls: fix warning with multi-label encap
    - iommu/vt-d: Duplicate iommu_resv_region objects per device list
    - qed: iWARP - Use READ_ONCE and smp_store_release to access ep->state
    - powerpc/cacheinfo: add cacheinfo_teardown, cacheinfo_rebuild
    - powerpc/pseries/mobility: rebuild cacheinfo hierarchy post-migration
    - drm/msm/mdp5: Fix mdp5_cfg_init error return
    - net: netem: fix backlog accounting for corrupted GSO frames
    - net/af_iucv: always register net_device notifier
    - ASoC: ti: davinci-mcasp: Fix slot mask settings when using multiple AXRs
    - rtc: pcf8563: Fix interrupt trigger method
    - rtc: pcf8563: Clear event flags and disable interrupts before requesting irq
    - drm/msm/a3xx: remove TPL1 regs from snapshot
    - perf/ioctl: Add check for the sample_period value
    - dmaengine: hsu: Revert "set HSU_CH_MTSR to memory width"
    - clk: qcom: Fix -Wunused-const-variable
    - nvmem: imx-ocotp: Ensure WAIT bits are preserved when setting timing
    - bnxt_en: Fix ethtool selftest crash under error conditions.
    - iommu/amd: Make iommu_disable safer
    - mfd: intel-lpss: Release IDA resources
    - rxrpc: Fix uninitialized error code in rxrpc_send_data_packet()
    - devres: allow const resource arguments
    - net: pasemi: fix an use-after-free in pasemi_mac_phy_init()
    - scsi: libfc: fix null pointer dereference on a null lport
    - clk: sunxi-ng: v3s: add the missing PLL_DDR1
    - PM: sleep: Fix possible overflow in pm_system_cancel_wakeup()
    - libertas_tf: Use correct channel range in lbtf_geo_init
    - qed: reduce maximum stack frame size
    - usb: host: xhci-hub: fix extra endianness conversion
    - mic: avoid statically declaring a 'struct device'.
    - x86/kgbd: Use NMI_VECTOR not APIC_DM_NMI
    - crypto: ccp - Reduce maximum stack usage
    - ALSA: aoa: onyx: always initialize register read value
    - tipc: reduce risk of wakeup queue starvation
    - ARM: dts: stm32: add missing vdda-supply to adc on stm32h743i-eval
    - net/mlx5: Fix mlx5_ifc_query_lag_out_bits
    - cifs: fix rmmod regression in cifs.ko caused by force_sig changes
    - crypto: caam - free resources in case caam_rng registration failed
    - ext4: set error return correctly when ext4_htree_store_dirent fails
    - ASoC: es8328: Fix copy-paste error in es8328_right_line_controls
    - ASoC: cs4349: Use PM ops 'cs4349_runtime_pm'
    - ASoC: wm8737: Fix copy-paste error in wm8737_snd_controls
    - net/rds: Add a few missing rds_stat_names entries
    - bnxt_en: Fix handling FRAG_ERR when NVM_INSTALL_UPDATE cmd fails
    - signal: Allow cifs and drbd to receive their terminating signals
    - ASoC: sun4i-i2s: RX and TX counter registers are swapped
    - dmaengine: dw: platform: Switch to acpi_dma_controller_register()
    - mac80211: minstrel_ht: fix per-group max throughput rate initialization
    - media: atmel: atmel-isi: fix timeout value for stop streaming
    - rtc: pcf2127: bugfix: read rtc disables watchdog
    - mips: avoid explicit UB in assignment of mips_io_port_base
    - iommu/mediatek: Fix iova_to_phys PA start for 4GB mode
    - ahci: Do not export local variable ahci_em_messages
    - Partially revert "kfifo: fix kfifo_alloc() and kfifo_init()"
    - hwmon: (lm75) Fix write operations for negative temperatures
    - power: supply: Init device wakeup after device_add()
    - x86, perf: Fix the dependency of the x86 insn decoder selftest
    - staging: greybus: light: fix a couple double frees
    - irqdomain: Add the missing assignment of domain->fwnode for named fwnode
    - bcma: fix incorrect update of BCMA_CORE_PCI_MDIO_DATA
    - iio: dac: ad5380: fix incorrect assignment to val
    - ath9k: dynack: fix possible deadlock in ath_dynack_node_{de}init
    - tty: serial: fsl_lpuart: Use appropriate lpuart32_* I/O funcs
    - net: sonic: return NETDEV_TX_OK if failed to map buffer
    - scsi: fnic: fix msix interrupt allocation
    - Btrfs: fix hang when loading existing inode cache off disk
    - Btrfs: fix inode cache waiters hanging on failure to start caching thread
    - Btrfs: fix inode cache waiters hanging on path allocation failure
    - btrfs: use correct count in btrfs_file_write_iter()
    - ixgbe: sync the first fragment unconditionally
    - hwmon: (shtc1) fix shtc1 and shtw1 id mask
    - net: sonic: replace dev_kfree_skb in sonic_send_packet
    - pinctrl: iproc-gpio: Fix incorrect pinconf configurations
    - ath10k: adjust skb length in ath10k_sdio_mbox_rx_packet
    - RDMA/cma: Fix false error message
    - net/rds: Fix 'ib_evt_handler_call' element in 'rds_ib_stat_names'
    - iommu/amd: Wait for completion of IOTLB flush in attach_device
    - net: aquantia: Fix aq_vec_isr_legacy() return value
    - net: hisilicon: Fix signedness bug in hix5hd2_dev_probe()
    - net: broadcom/bcmsysport: Fix signedness in bcm_sysport_probe()
    - net: stmmac: dwmac-meson8b: Fix signedness bug in probe
    - net: axienet: fix a signedness bug in probe
    - of: mdio: Fix a signedness bug in of_phy_get_and_connect()
    - net: ethernet: stmmac: Fix signedness bug in ipq806x_gmac_of_parse()
    - nvme: retain split access workaround for capability reads
    - net: stmmac: gmac4+: Not all Unicast addresses may be available
    - mac80211: accept deauth frames in IBSS mode
    - llc: fix another potential sk_buff leak in llc_ui_sendmsg()
    - llc: fix sk_buff refcounting in llc_conn_state_process()
    - net: stmmac: fix length of PTP clock's name string
    - act_mirred: Fix mirred_init_module error handling
    - net: avoid possible false sharing in sk_leave_memory_pressure()
    - net: add {READ|WRITE}_ONCE() annotations on ->rskq_accept_head
    - tcp: annotate lockless access to tcp_memory_pressure
    - drm/msm/dsi: Implement reset correctly
    - dmaengine: imx-sdma: fix size check for sdma script_number
    - net: netem: fix error path for corrupted GSO frames
    - net: netem: correct the parent's backlog when corrupted packet was dropped
    - net: qca_spi: Move reset_count to struct qcaspi
    - afs: Fix large file support
    - MIPS: Loongson: Fix return value of loongson_hwmon_init
    - hv_netvsc: flag software created hash value
    - net: neigh: use long type to store jiffies delta
    - packet: fix data-race in fanout_flow_is_huge()
    - mmc: sdio: fix wl1251 vendor id
    - mmc: core: fix wl1251 sdio quirks
    - affs: fix a memory leak in affs_remount
    - dmaengine: ti: edma: fix missed failure handling
    - drm/radeon: fix bad DMA from INTERRUPT_CNTL2
    - arm64: dts: juno: Fix UART frequency
    - IB/iser: Fix dma_nents type definition
    - serial: stm32: fix clearing interrupt error flags
    - m68k: Call timer_interrupt() with interrupts disabled
    - SUNRPC: Fix svcauth_gss_proxy_init()
    - perf map: No need to adjust the long name of modules
    - ipmi: Fix memory leak in __ipmi_bmc_register
    - apparmor: Fix network performance issue in aa_label_sk_perm
    - firmware: coreboot: Let OF core populate platform device
    - bridge: br_arp_nd_proxy: set icmp6_router if neigh has NTF_ROUTER
    - signal/ia64: Use the generic force_sigsegv in setup_frame
    - ASoC: wm9712: fix unused variable warning
    - genirq/debugfs: Reinstate full OF path for domain name
    - usb: gadget: fsl_udc_core: check allocation return value and cleanup on
      failure
    - cfg80211: regulatory: make initialization more robust
    - net: socionext: Add dummy PHY register read in phy_write()
    - mlxsw: spectrum: Set minimum shaper on MC TCs
    - pinctrl: meson-gxl: remove invalid GPIOX tsin_a pins
    - drm: rcar-du: Fix vblank initialization
    - arm64: dts: meson-gx: Add hdmi_5v regulator as hdmi tx supply
    - IB/hfi1: Correctly process FECN and BECN in packets
    - OPP: Fix missing debugfs supply directory for OPPs
    - staging: bcm2835-camera: fix module autoloading
    - fork,memcg: fix crash in free_thread_stack on memcg charge fail
    - arm64: defconfig: Re-enable bcm2835-thermal driver
    - remoteproc: qcom: q6v5-mss: Add missing clocks for MSM8996
    - remoteproc: qcom: q6v5-mss: Add missing regulator for MSM8996
    - drm: Fix error handling in drm_legacy_addctx
    - ARM: dts: r8a7743: Remove generic compatible string from iic3
    - drm/etnaviv: fix some off by one bugs
    - fork, memcg: fix cached_stacks case
    - net: hns3: fix wrong combined count returned by ethtool -l
    - net: hns3: fix bug of ethtool_ops.get_channels for VF
    - ARM: dts: sun8i-a23-a33: Move NAND controller device node to sort by address
    - clk: ingenic: jz4740: Fix gating of UDC clock
    - ntb_hw_switchtec: NT req id mapping table register entry number should be
      512
    - net: dsa: b53: Fix default VLAN ID
    - net: dsa: b53: Properly account for VLAN filtering
    - net: dsa: b53: Do not program CPU port's PVID
    - drm/nouveau: fix missing break in switch statement
    - net: dsa: fix unintended change of bridge interface STP state
    - perf: Copy parent's address filter offsets on clone
    - netfilter: nft_set_hash: bogus element self comparison from deactivation
      path
    - iommu/vt-d: Fix NULL pointer reference in intel_svm_bind_mm()
    - NFS: Add missing encode / decode sequence_maxsz to v4.2 operations
    - ARM: dts: sun8i: a33: Reintroduce default pinctrl muxing
    - ARM: dts: sun9i: optimus: Fix fixed-regulators
    - bus: ti-sysc: Fix sysc_unprepare() when no clocks have been allocated
    - arm64/vdso: don't leak kernel addresses
    - rtc: mt6397: Don't call irq_dispose_mapping.
    - bpf: Add missed newline in verifier verbose log
    - ACPI: button: reinitialize button state upon resume
    - soc: amlogic: meson-gx-pwrc-vpu: Fix power on/off register bitmask
    - net: hns3: fix loop condition of hns3_get_tx_timeo_queue_info()
    - afs: Fix AFS file locking to allow fine grained locks
    - afs: Further fix file locking
    - scsi: qla2xxx: Fix error handling in qlt_alloc_qfull_cmd()
    - KVM: PPC: Book3S HV: Fix lockdep warning when entering the guest
    - vfio/mdev: Follow correct remove sequence
    - ALSA: aica: Fix a long-time build breakage
    - nfp: bpf: fix static check error through tightening shift amount adjustment
    - thermal: rcar_gen3_thermal: fix interrupt type
    - afs: Fix lock-wait/callback-break double locking
    - afs: Fix double inc of vnode->cb_break
    - clk: meson: gxbb: no spread spectrum on mpll0
    - serial: stm32: fix word length configuration
    - serial: stm32: fix rx data length when parity enabled
    - net: hns3: fix a memory leak issue for hclge_map_unmap_ring_to_vf_vector
    - crypto: talitos - fix AEAD processing.
    - net: don't clear sock->sk early to avoid trouble in strparser
    - crypto: inside-secure - fix zeroing of the request in ahash_exit_inv
    - arm64: dts: meson-gxm-khadas-vim2: fix gpio-keys-polled node
    - arm64: dts: meson-gxm-khadas-vim2: fix Bluetooth support
    - phy: usb: phy-brcm-usb: Remove sysfs attributes upon driver removal
    - qed: iWARP - fix uninitialized callback
    - IB/hfi1: Handle port down properly in pio
    - net/af_iucv: build proper skbs for HiperTransport
    - ARM: dts: iwg20d-q7-common: Fix SDHI1 VccQ regularor
    - ip6_fib: Don't discard nodes with valid routing information in
      fib6_locate_1()
    - nvmem: imx-ocotp: Change TIMING calculation to u-boot algorithm
    - fork,memcg: alloc_thread_stack_node needs to set tsk->stack
    - PM: ACPI/PCI: Resume all devices during hibernation
    - ACPI: PM: Simplify and fix PM domain hibernation callbacks
    - ACPI: PM: Introduce "poweroff" callbacks for ACPI PM domain and LPSS
    - drm/panel: make drm_panel.h self-contained
    - cxgb4: smt: Add lock for atomic_dec_and_test
    - powerpc/64s/radix: Fix memory hot-unplug page table split
    - rtc: rv3029: revert error handling patch to rv3029_eeprom_write()
    - i40e: reduce stack usage in i40e_set_fc
    - ARM: 8896/1: VDSO: Don't leak kernel addresses
    - rxrpc: Fix lack of conn cleanup when local endpoint is cleaned up [ver #2]
    - usb: typec: tps6598x: Fix build error without CONFIG_REGMAP_I2C
    - bcache: Fix an error code in bch_dump_read()
    - ARM: dts: aspeed-g5: Fixe gpio-ranges upper limit
    - net: hns3: fix error VF index when setting VLAN offload
    - mailbox: qcom-apcs: fix max_register value
    - powerpc/mm/mce: Keep irqs disabled during lockless page table walk
    - net: netsec: Fix signedness bug in netsec_probe()
    - s390/qeth: Fix error handling during VNICC initialization
    - s390/qeth: Fix initialization of vnicc cmd masks during set online
    - vhost/test: stop device before reset
    - arm64: hibernate: check pgd table allocation
    - afs: Fix missing timeout reset
    - hwrng: omap3-rom - Fix missing clock by probing with device tree
    - arm64: dts: meson-gxm-khadas-vim2: fix uart_A bluetooth node

* Bionic update: upstream stable patchset 2020-02-06 (LP: #1862259)
    - dt-bindings: reset: meson8b: fix duplicate reset IDs
    - clk: Don't try to enable critical clocks if prepare failed
    - ASoC: msm8916-wcd-analog: Fix selected events for MIC BIAS External1
    - ALSA: seq: Fix racy access for queue timer in proc read
    - Fix built-in early-load Intel microcode alignment
    - block: fix an integer overflow in logical block size
    - ARM: dts: am571x-idk: Fix gpios property to have the correct gpio number
    - iio: buffer: align the size of scan bytes to size of the largest element
    - USB: serial: simple: Add Motorola Solutions TETRA MTP3xxx and MTP85xx
    - USB: serial: option: Add support for Quectel RM500Q
    - USB: serial: opticon: fix control-message timeouts
    - USB: serial: option: add support for Quectel RM500Q in QDL mode
    - USB: serial: suppress driver bind attributes
    - USB: serial: ch341: handle unbound port at reset_resume
    - USB: serial: io_edgeport: add missing active-port sanity check
    - USB: serial: keyspan: handle unbound ports
    - USB: serial: quatech2: handle unbound ports
    - scsi: fnic: fix invalid stack access
    - scsi: mptfusion: Fix double fetch bug in ioctl
    - ptrace: reintroduce usage of subjective credentials in ptrace_has_cap()
    - usb: core: hub: Improved device recognition on remote wakeup
    - x86/resctrl: Fix an imbalance in domain_remove_cpu()
    - x86/efistub: Disable paging at mixed mode entry
    - perf hists: Fix variable name's inconsistency in hists__for_each() macro
    - perf report: Fix incorrectly added dimensions as switch perf data file
    - mm/shmem.c: thp, shmem: fix conflict of above-47bit hint address and PMD
      alignment
    - btrfs: fix memory leak in qgroup accounting
    - mm/page-writeback.c: avoid potential division by zero in wb_min_max_ratio()
    - net: stmmac: 16KB buffer must be 16 byte aligned
    - net: stmmac: Enable 16KB buffer size
    - USB: serial: io_edgeport: use irqsave() in USB's complete callback
    - USB: serial: io_edgeport: handle unbound ports on URB completion
    - mm/huge_memory.c: make __thp_get_unmapped_area static
    - mm/huge_memory.c: thp: fix conflict of above-47bit hint address and PMD
      alignment
    - arm64: dts: agilex/stratix10: fix pmu interrupt numbers
    - cfg80211: fix page refcount issue in A-MSDU decap
    - netfilter: fix a use-after-free in mtype_destroy()
    - netfilter: arp_tables: init netns pointer in xt_tgdtor_param struct
    - NFC: pn533: fix bulk-message timeout
    - batman-adv: Fix DAT candidate selection on little endian systems
    - macvlan: use skb_reset_mac_header() in macvlan_queue_xmit()
    - hv_netvsc: Fix memory leak when removing rndis device
    - net: dsa: tag_qca: fix doubled Tx statistics
    - net: hns: fix soft lockup when there is not enough memory
    - net: usb: lan78xx: limit size of local TSO packets
    - net/wan/fsl_ucc_hdlc: fix out of bounds write on array utdm_info
    - ptp: free ptp device pin descriptors properly
    - r8152: add missing endpoint sanity check
    - tcp: fix marked lost packets not being retransmitted
    - xen/blkfront: Adjust indentation in xlvbd_alloc_gendisk
    - cw1200: Fix a signedness bug in cw1200_load_firmware()
    - arm64: dts: meson-gxl-s905x-khadas-vim: fix gpio-keys-polled node
    - cfg80211: check for set_wiphy_params
    - tick/sched: Annotate lockless access to last_jiffies_update
    - Revert "arm64: dts: juno: add dma-ranges property"
    - reiserfs: fix handling of -EOPNOTSUPP in reiserfs_for_each_xattr
    - scsi: esas2r: unlock on error in esas2r_nvram_read_direct()
    - scsi: qla4xxx: fix double free bug
    - scsi: bnx2i: fix potential use after free
    - scsi: target: core: Fix a pr_debug() argument
    - scsi: qla2xxx: Fix qla2x00_request_irqs() for MSI
    - scsi: qla2xxx: fix rports not being mark as lost in sync fabric scan
    - scsi: core: scsi_trace: Use get_unaligned_be*()
    - perf probe: Fix wrong address verification
    - regulator: ab8500: Remove SYSCLKREQ from enum ab8505_regulator_id
    - ARM: dts: meson8: fix the size of the PMU registers
    - LSM: generalize flag passing to security_capable
    - drm/i915: Add missing include file <linux/math64.h>
    - btrfs: do not delete mismatched root refs
    - ARM: dts: imx6qdl: Add Engicam i.Core 1.5 MX6
    - ARM: dts: imx7: Fix Toradex Colibri iMX7S 256MB NAND flash support
    - mlxsw: spectrum: Wipe xstats.backlog of down ports
    - tcp: refine rule to allow EPOLLOUT generation under mem pressure
    - mtd: devices: fix mchp23k256 read and write
    - drm/nouveau/bar/nv50: check bar1 vmm return value
    - drm/nouveau/bar/gf100: ensure BAR is mapped
    - drm/nouveau/mmu: qualify vmm during dtor

* Bionic update: upstream stable patchset 2020-02-04 (LP: #1861934)
    - chardev: Avoid potential use-after-free in 'chrdev_open()'
    - usb: chipidea: host: Disable port power only if previously enabled
    - ALSA: usb-audio: Apply the sample rate quirk for Bose Companion 5
    - ALSA: hda/realtek - Add new codec supported for ALCS1200A
    - ALSA: hda/realtek - Set EAPD control to default for ALC222
    - kernel/trace: Fix do not unregister tracepoints when register
      sched_migrate_task fail
    - tracing: Have stack tracer compile when MCOUNT_INSN_SIZE is not defined
    - HID: Fix slab-out-of-bounds read in hid_field_extract
    - HID: uhid: Fix returning EPOLLOUT from uhid_char_poll
    - can: gs_usb: gs_usb_probe(): use descriptors of current altsetting
    - can: mscan: mscan_rx_poll(): fix rx path lockup when returning from polling
      to irq mode
    - can: can_dropped_invalid_skb(): ensure an initialized headroom in outgoing
      CAN sk_buffs
    - gpiolib: acpi: Turn dmi_system_id table into a generic quirk table
    - gpiolib: acpi: Add honor_wakeup module-option + quirk mechanism
    - staging: vt6656: set usb_set_intfdata on driver fail.
    - USB: serial: option: add ZLP support for 0x1bc7/0x9010
    - usb: musb: fix idling for suspend after disconnect interrupt
    - usb: musb: Disable pullup at init
    - usb: musb: dma: Correct parameter passed to IRQ handler
    - staging: comedi: adv_pci1710: fix AI channels 16-31 for PCI-1713
    - HID: hid-input: clear unmapped usages
    - Input: add safety guards to input_set_keycode()
    - drm/fb-helper: Round up bits_per_pixel if possible
    - drm/dp_mst: correct the shifting in DP_REMOTE_I2C_READ
    - staging: rtl8188eu: Add device code for TP-Link TL-WN727N v5.21
    - tty: link tty and port before configuring it as console
    - tty: always relink the port
    - mwifiex: pcie: Fix memory leak in mwifiex_pcie_alloc_cmdrsp_buf
    - scsi: bfa: release allocated memory in case of error
    - rtl8xxxu: prevent leaking urb
    - arm64: cpufeature: Avoid warnings due to unused symbols
    - HID: hiddev: fix mess in hiddev_open()
    - USB: Fix: Don't skip endpoint descriptors with maxpacket=0
    - phy: cpcap-usb: Fix error path when no host driver is loaded
    - phy: cpcap-usb: Fix flakey host idling and enumerating of devices
    - netfilter: arp_tables: init netns pointer in xt_tgchk_param struct
    - netfilter: ipset: avoid null deref when IPSET_ATTR_LINENO is present
    - ALSA: hda/realtek - Add quirk for the bass speaker on Lenovo Yoga X1 7th gen
    - tracing: Change offset type to s32 in preempt/irq tracepoints
    - serdev: Don't claim unsupported ACPI serial devices
    - netfilter: conntrack: dccp, sctp: handle null timeout argument
    - hidraw: Return EPOLLOUT from hidraw_poll
    - HID: hidraw: Fix returning EPOLLOUT from hidraw_poll
    - HID: hidraw, uhid: Always report EPOLLOUT
    - ethtool: reduce stack usage with clang
    - fs/select: avoid clang stack usage warning
    - arm64: don't open code page table entry creation
    - arm64: mm: Change page table pointer name in p[md]_set_huge()
    - arm64: Enforce BBM for huge IO/VMAP mappings
    - arm64: Make sure permission updates happen for pmd/pud
    - media: usb:zr364xx:Fix KASAN:null-ptr-deref Read in zr364xx_vidioc_querycap
    - wimax: i2400: fix memory leak
    - wimax: i2400: Fix memory leak in i2400m_op_rfkill_sw_toggle
    - iwlwifi: dbg_ini: fix memory leak in alloc_sgtable
    - rtc: mt6397: fix alarm register overwrite
    - RDMA/bnxt_re: Fix Send Work Entry state check while polling completions
    - ASoC: stm32: spdifrx: fix inconsistent lock state
    - ASoC: stm32: spdifrx: fix race condition in irq handler
    - gpio: zynq: Fix for bug in zynq_gpio_restore_context API
    - iommu: Remove device link to group on failure
    - gpio: Fix error message on out-of-range GPIO in lookup table
    - hsr: reset network header when supervision frame is created
    - cifs: Adjust indentation in smb2_open_file
    - btrfs: simplify inode locking for RWF_NOWAIT
    - RDMA/mlx5: Return proper error value
    - RDMA/srpt: Report the SCSI residual to the initiator
    - scsi: enclosure: Fix stale device oops with hot replug
    - scsi: sd: Clear sdkp->protection_type if disk is reformatted without PI
    - platform/x86: asus-wmi: Fix keyboard brightness cannot be set to 0
    - xprtrdma: Fix completion wait during device removal
    - NFSv4.x: Drop the slot if nfs4_delegreturn_prepare waits for layoutreturn
    - iio: imu: adis16480: assign bias value only if operation succeeded
    - mei: fix modalias documentation
    - clk: samsung: exynos5420: Preserve CPU clocks configuration during
      suspend/resume
    - pinctl: ti: iodelay: fix error checking on pinctrl_count_index_with_args
      call
    - pinctrl: lewisburg: Update pin list according to v1.1v6
    - scsi: sd: enable compat ioctls for sed-opal
    - arm64: dts: apq8096-db820c: Increase load on l21 for SDCARD
    - af_unix: add compat_ioctl support
    - compat_ioctl: handle SIOCOUTQNSD
    - PCI/PTM: Remove spurious "d" from granularity message
    - powerpc/powernv: Disable native PCIe port management
    - tty: serial: imx: use the sg count from dma_map_sg
    - tty: serial: pch_uart: correct usage of dma_unmap_sg
    - media: ov6650: Fix incorrect use of JPEG colorspace
    - media: ov6650: Fix some format attributes not under control
    - media: ov6650: Fix .get_fmt() V4L2_SUBDEV_FORMAT_TRY support
    - media: exynos4-is: Fix recursive locking in isp_video_release()
    - mtd: spi-nor: fix silent truncation in spi_nor_read()
    - mtd: spi-nor: fix silent truncation in spi_nor_read_raw()
    - spi: atmel: fix handling of cs_change set on non-last xfer
    - rtlwifi: Remove unnecessary NULL check in rtl_regd_init
    - f2fs: fix potential overflow
    - rtc: msm6242: Fix reading of 10-hour digit
    - gpio: mpc8xxx: Add platform device to gpiochip->parent
    - scsi: libcxgbi: fix NULL pointer dereference in cxgbi_device_destroy()
    - rseq/selftests: Turn off timeout setting
    - mips: cacheinfo: report shared CPU map
    - MIPS: Prevent link failure with kcov instrumentation
    - dmaengine: k3dma: Avoid null pointer traversal
    - ioat: ioat_alloc_ring() failure handling.
    - hexagon: parenthesize registers in asm predicates
    - hexagon: work around compiler crash
    - ocfs2: call journal flush to mark journal as empty after journal recovery
      when mount
    - s390/qeth: Fix vnicc_is_in_use if rx_bcast not set
    - drm/ttm: fix start page for huge page check in ttm_put_pages()
    - drm/ttm: fix incrementing the page pointer for huge pages
    - crypto: virtio - implement missing support for output IVs
    - iommu/mediatek: Correct the flush_iotlb_all callback
    - rtc: brcmstb-waketimer: add missed clk_disable_unprepare

* Bionic update: upstream stable patchset 2020-02-03 (LP: #1861739)
    - USB: dummy-hcd: use usb_urb_dir_in instead of usb_pipein
    - USB: dummy-hcd: increase max number of devices to 32
    - locking/spinlock/debug: Fix various data races
    - netfilter: ctnetlink: netns exit must wait for callbacks
    - libtraceevent: Fix lib installation with O=
    - x86/efi: Update e820 with reserved EFI boot services data to fix kexec
      breakage
    - efi/gop: Return EFI_NOT_FOUND if there are no usable GOPs
    - efi/gop: Return EFI_SUCCESS if a usable GOP was found
    - efi/gop: Fix memory leak in __gop_query32/64()
    - ARM: vexpress: Set-up shared OPP table instead of individual for each CPU
    - netfilter: uapi: Avoid undefined left-shift in xt_sctp.h
    - netfilter: nf_tables: validate NFT_SET_ELEM_INTERVAL_END
    - ARM: dts: Cygnus: Fix MDIO node address/size cells
    - spi: spi-cavium-thunderx: Add missing pci_release_regions()
    - ASoC: topology: Check return value for soc_tplg_pcm_create()
    - ARM: dts: bcm283x: Fix critical trip point
    - bpf, mips: Limit to 33 tail calls
    - ARM: dts: am437x-gp/epos-evm: fix panel compatible
    - samples: bpf: Replace symbol compare of trace_event
    - samples: bpf: fix syscall_tp due to unused syscall
    - powerpc: Ensure that swiotlb buffer is allocated from low memory
    - bnx2x: Do not handle requests from VFs after parity
    - bnx2x: Fix logic to get total no. of PFs per engine
    - net: usb: lan78xx: Fix error message format specifier
    - rfkill: Fix incorrect check to avoid NULL pointer dereference
    - ASoC: wm8962: fix lambda value
    - regulator: rn5t618: fix module aliases
    - kconfig: don't crash on NULL expressions in expr_eq()
    - perf/x86/intel: Fix PT PMI handling
    - fs: avoid softlockups in s_inodes iterators
    - net: stmmac: Do not accept invalid MTU values
    - net: stmmac: RX buffer size must be 16 byte aligned
    - s390/dasd/cio: Interpret ccw_device_get_mdc return value correctly
    - s390/dasd: fix memleak in path handling error case
    - block: fix memleak when __blk_rq_map_user_iov() is failed
    - parisc: Fix compiler warnings in debug_core.c
    - llc2: Fix return statement of llc_stat_ev_rx_null_dsap_xid_c (and _test_c)
    - hv_netvsc: Fix unwanted rx_table reset
    - bpf: Fix passing modified ctx to ld/abs/ind instruction
    - PCI/switchtec: Read all 64 bits of part_event_bitmap
    - gtp: fix bad unlock balance in gtp_encap_enable_socket
    - macvlan: do not assume mac_header is set in macvlan_broadcast()
    - net: dsa: mv88e6xxx: Preserve priority when setting CPU port.
    - net: stmmac: dwmac-sun8i: Allow all RGMII modes
    - net: stmmac: dwmac-sunxi: Allow all RGMII modes
    - net: usb: lan78xx: fix possible skb leak
    - pkt_sched: fq: do not accept silly TCA_FQ_QUANTUM
    - USB: core: fix check for duplicate endpoints
    - USB: serial: option: add Telit ME910G1 0x110a composition
    - sctp: free cmd->obj.chunk for the unprocessed SCTP_CMD_REPLY
    - tcp: fix "old stuff" D-SACK causing SACK to be treated as D-SACK
    - vxlan: fix tos value before xmit
    - vlan: vlan_changelink() should propagate errors
    - net: sch_prio: When ungrafting, replace with FIFO
    - vlan: fix memory leak in vlan_dev_set_egress_priority
    - regulator: fix use after free issue
    - ASoC: max98090: fix possible race conditions
    - netfilter: nf_tables: validate NFT_DATA_VALUE after nft_data_init()
    - ARM: dts: BCM5301X: Fix MDIO node address/size cells
    - bpf: Clear skb->tstamp in bpf_redirect when necessary
    - parisc: add missing __init annotation
    - iommu/iova: Init the struct iova to fix the possible memleak
    - powerpc/spinlocks: Include correct header for static key
    - ARM: dts: imx6ul: use nvmem-cells for cpu speed grading

* Sometimes can't adjust brightness on Dell AIO (LP: #1862885)
    - SAUCE: platform/x86: dell-uart-backlight: increase retry times

* 4.15 kernel hard lockup about once a week (LP: #1799497)
    - zram: correct flag name of ZRAM_ACCESS
    - zram: fix lockdep warning of free block handling

* Prevent arm64 guest from accessing host debug registers (LP: #1860657)
    - KVM: arm64: Write arch.mdcr_el2 changes since last vcpu_load on VHE

* pty03 from pty in ubuntu_ltp failed on Eoan (LP: #1862114)
    - can, slip: Protect tty->disc_data in write_wakeup and close with RCU

-- Kleber Sacilotto de Souza <kleber.souza@canonical.com>  Fri, 28 Feb 2020 11:45:02 +0100

Changed in linux (Ubuntu Bionic):
status:	Fix Committed → Fix Released

Revision history for this message

Launchpad Janitor (janitor) wrote on 2020-03-16:

#13

Download full text (81.5 KiB)

This bug was fixed in the package linux - 5.4.0-18.22

---------------
linux (5.4.0-18.22) focal; urgency=medium

* focal/linux: 5.4.0-18.22 -proposed tracker (LP: #1866488)

  * Packaging resync (LP: #1786013)
    - [Packaging] resync getabis
    - [Packaging] update helper scripts

* Add sysfs attribute to show remapped NVMe (LP: #1863621)
- SAUCE: ata: ahci: Add sysfs attribute to show remapped NVMe device count

  * [20.04 FEAT] Compression improvements in Linux kernel (LP: #1830208)
    - lib/zlib: add s390 hardware support for kernel zlib_deflate
    - s390/boot: rename HEAP_SIZE due to name collision
    - lib/zlib: add s390 hardware support for kernel zlib_inflate
    - s390/boot: add dfltcc= kernel command line parameter
    - lib/zlib: add zlib_deflate_dfltcc_enabled() function
    - btrfs: use larger zlib buffer for s390 hardware compression
    - [Config] Introducing s390x specific kernel config option CONFIG_ZLIB_DFLTCC

  * [UBUNTU 20.04] s390x/pci: increase CONFIG_PCI_NR_FUNCTIONS to 512 in kernel
    config (LP: #1866056)
    - [Config] Increase CONFIG_PCI_NR_FUNCTIONS from 64 to 512 starting with focal
      on s390x

* CONFIG_IP_MROUTE_MULTIPLE_TABLES is not set (LP: #1865332)
- [Config] CONFIG_IP_MROUTE_MULTIPLE_TABLES=y

  * Dell XPS 13 9300 Intel 1650S wifi [34f0:1651] fails to load firmware
    (LP: #1865962)
    - iwlwifi: remove IWL_DEVICE_22560/IWL_DEVICE_FAMILY_22560
    - iwlwifi: 22000: fix some indentation
    - iwlwifi: pcie: rx: use rxq queue_size instead of constant
    - iwlwifi: allocate more receive buffers for HE devices
    - iwlwifi: remove some outdated iwl22000 configurations
    - iwlwifi: assume the driver_data is a trans_cfg, but allow full cfg

  * [FOCAL][REGRESSION] Intel Gen 9 brightness cannot be controlled
    (LP: #1861521)
    - Revert "USUNTU: SAUCE: drm/i915: Force DPCD backlight mode on Dell Precision
      4K sku"
    - Revert "UBUNTU: SAUCE: drm/i915: Force DPCD backlight mode on X1 Extreme 2nd
      Gen 4K AMOLED panel"
    - SAUCE: drm/dp: Introduce EDID-based quirks
    - SAUCE: drm/i915: Force DPCD backlight mode on X1 Extreme 2nd Gen 4K AMOLED
      panel
    - SAUCE: drm/i915: Force DPCD backlight mode for some Dell CML 2020 panels

  * [20.04 FEAT] Enable proper kprobes on ftrace support (LP: #1865858)
    - s390/ftrace: save traced function caller
    - s390: support KPROBES_ON_FTRACE

  * alsa/sof: load different firmware on different platforms (LP: #1857409)
    - ASoC: SOF: Intel: hda: use fallback for firmware name
    - ASoC: Intel: acpi-match: split CNL tables in three
    - ASoC: SOF: Intel: Fix CFL and CML FW nocodec binary names.

  * [UBUNTU 20.04] Enable CONFIG_NET_SWITCHDEV in kernel config for s390x
    starting with focal (LP: #1865452)
    - [Config] Enable CONFIG_NET_SWITCHDEV in kernel config for s390x starting
      with focal

This bug was fixed in the package linux - 5.4.0-18.22

---------------
linux (5.4.0-18.22) focal; urgency=medium

* focal/linux: 5.4.0-18.22 -proposed tracker (LP: #1866488)

* Packaging resync (LP: #1786013)
    - [Packaging] resync getabis
    - [Packaging] update helper scripts

* Add sysfs attribute to show remapped NVMe (LP: #1863621)
    - SAUCE: ata: ahci: Add sysfs attribute to show remapped NVMe device count

* CONFIG_IP_MROUTE_MULTIPLE_TABLES is not set (LP: #1865332)
    - [Config] CONFIG_IP_MROUTE_MULTIPLE_TABLES=y

* [20.04 FEAT] Enable proper kprobes on ftrace support (LP: #1865858)
    - s390/ftrace: save traced function caller
    - s390: support KPROBES_ON_FTRACE

* Focal update: v5.4.24 upstream stable release (LP: #1866333)
    - io_uring: grab ->fs as part of async offload
    - EDAC: skx_common: downgrade message importance on missing PCI device
    - net: dsa: b53: Ensure the default VID is untagged
    - net: fib_rules: Correctly set table field when table number exceeds 8 bits
    - net: macb: ensure interface is not suspended on at91rm9200
    - net: mscc: fix in frame extraction
    - net: phy: restore mdio regs in the iproc mdio driver
    - net: sched: correct flower port blocking
    - net/tls: Fix to avoid gettig invalid tls record
    - nfc: pn544: Fix occasional HW initialization failure
    - qede: Fix race between rdma destroy workqueue and link change event
    - Revert "net: dev: introduce support for sch BYPASS for lockless qdisc"
    - udp: rehash on disconnect
    - sctp: move the format error check out of __sctp_sf_do_9_1_abort
    - bnxt_en: Improve device shutdown method.
    - bnxt_en: Issue PCIe FLR in kdump kernel to cleanup pending DMAs.
    - bonding: add missing netdev_update_lockdep_key()
    - net: export netdev_next_lower_dev_rcu()
    - bonding: fix lockdep warning in bond_get_stats()
    - ipv6: Fix route replacement with dev-only route
    - ipv6: Fix nlmsg_flags when splitting a multipath route
    - ipmi:ssif: Handle a possible NULL pointer reference
    - drm/msm: Set dma maximum segment size for mdss
    - sched/core: Don't skip remote tick for idle CPUs
    - timers/nohz: Update NOHZ load in remote tick
    - sched/fair: Prevent unlimited runtime on throttled group
    - dax: pass NOWAIT flag to iomap_apply
    - mac80211: consider more elements in parsing CRC
    - cfg80211: check wiphy driver existence for drvinfo report
    - s390/zcrypt: fix card and queue total counter wrap
    - qmi_wwan: re-add DW5821e pre-production variant
    - qmi_wwan: unconditionally reject 2 ep interfaces
    - NFSv4: Fix races between open and dentry revalidation
    - perf/smmuv3: Use platform_get_irq_optional() for wired interrupt
    - perf/x86/intel: Add Elkhart Lake support
    - perf/x86/cstate: Add Tremont support
    - perf/x86/msr: Add Tremont support
    - ceph: do not execute direct write in parallel if O_APPEND is specified
    - ARM: dts: sti: fixup sound frame-inversion for stihxxx-b2120.dtsi
    - drm/amd/display: Do not set optimized_require to false after plane disable
    - RDMA/siw: Remove unwanted WARN_ON in siw_cm_llp_data_ready()
    - drm/amd/display: Check engine is not NULL before acquiring
    - drm/amd/display: Limit minimum DPPCLK to 100MHz.
    - drm/amd/display: Add initialitions for PLL2 clock source
    - amdgpu: Prevent build errors regarding soft/hard-float FP ABI tags
    - soc/tegra: fuse: Fix build with Tegra194 configuration
    - i40e: Fix the conditional for i40e_vc_validate_vqs_bitmaps
    - net: ena: fix potential crash when rxfh key is NULL
    - net: ena: fix uses of round_jiffies()
    - net: ena: add missing ethtool TX timestamping indication
    - net: ena: fix incorrect default RSS key
    - net: ena: rss: do not allocate key when not supported
    - net: ena: rss: fix failure to get indirection table
    - net: ena: rss: store hash function as values and not bits
    - net: ena: fix incorrectly saving queue numbers when setting RSS indirection
      table
    - net: ena: fix corruption of dev_idx_to_host_tbl
    - net: ena: ethtool: use correct value for crc32 hash
    - net: ena: ena-com.c: prevent NULL pointer dereference
    - ice: update Unit Load Status bitmask to check after reset
    - cifs: Fix mode output in debugging statements
    - cfg80211: add missing policy for NL80211_ATTR_STATUS_CODE
    - mac80211: fix wrong 160/80+80 MHz setting
    - nvme/tcp: fix bug on double requeue when send fails
    - nvme: prevent warning triggered by nvme_stop_keep_alive
    - nvme/pci: move cqe check after device shutdown
    - ext4: potential crash on allocation error in ext4_alloc_flex_bg_array()
    - audit: fix error handling in audit_data_to_entry()
    - audit: always check the netlink payload length in audit_receive_msg()
    - ACPICA: Introduce ACPI_ACCESS_BYTE_WIDTH() macro
    - ACPI: watchdog: Fix gas->access_width usage
    - KVM: VMX: check descriptor table exits on instruction emulation
    - HID: ite: Only bind to keyboard USB interface on Acer SW5-012 keyboard dock
    - HID: core: fix off-by-one memset in hid_report_raw_event()
    - HID: core: increase HID report buffer size to 8KiB
    - drm/amdgpu: Drop DRIVER_USE_AGP
    - drm/radeon: Inline drm_get_pci_dev
    - macintosh: therm_windtunnel: fix regression when instantiating devices
    - tracing: Disable trace_printk() on post poned tests
    - Revert "PM / devfreq: Modify the device name as devfreq(X) for sysfs"
    - amdgpu/gmc_v9: save/restore sdpif regs during S3
    - cpufreq: Fix policy initialization for internal governor drivers
    - io_uring: fix 32-bit compatability with sendmsg/recvmsg
    - netfilter: ipset: Fix "INFO: rcu detected stall in hash_xxx" reports
    - net/smc: transfer fasync_list in case of fallback
    - vhost: Check docket sk_family instead of call getname
    - netfilter: ipset: Fix forceadd evaluation path
    - netfilter: xt_hashlimit: reduce hashlimit_mutex scope for htable_put()
    - HID: alps: Fix an error handling path in 'alps_input_configured()'
    - HID: hiddev: Fix race in in hiddev_disconnect()
    - MIPS: VPE: Fix a double free and a memory leak in 'release_vpe()'
    - i2c: altera: Fix potential integer overflow
    - i2c: jz4780: silence log flood on txabrt
    - drm/i915/gvt: Fix orphan vgpu dmabuf_objs' lifetime
    - drm/i915/gvt: Separate display reset from ALL_ENGINES reset
    - nl80211: fix potential leak in AP start
    - mac80211: Remove a redundant mutex unlock
    - kbuild: fix DT binding schema rule to detect command line changes
    - hv_netvsc: Fix unwanted wakeup in netvsc_attach()
    - usb: charger: assign specific number for enum value
    - nvme-pci: Hold cq_poll_lock while completing CQEs
    - s390/qeth: vnicc Fix EOPNOTSUPP precedence
    - net: netlink: cap max groups which will be considered in netlink_bind()
    - net: atlantic: fix use after free kasan warn
    - net: atlantic: fix potential error handling
    - net: atlantic: fix out of range usage of active_vlans array
    - net/smc: no peer ID in CLC decline for SMCD
    - net: ena: make ena rxfh support ETH_RSS_HASH_NO_CHANGE
    - selftests: Install settings files to fix TIMEOUT failures
    - kbuild: remove header compile test
    - kbuild: move headers_check rule to usr/include/Makefile
    - kbuild: remove unneeded variable, single-all
    - kbuild: make single target builds even faster
    - namei: only return -ECHILD from follow_dotdot_rcu()
    - mwifiex: drop most magic numbers from mwifiex_process_tdls_action_frame()
    - mwifiex: delete unused mwifiex_get_intf_num()
    - KVM: SVM: Override default MMIO mask if memory encryption is enabled
    - KVM: Check for a bad hva before dropping into the ghc slow path
    - sched/fair: Optimize select_idle_cpu
    - f2fs: fix to add swap extent correctly
    - RDMA/hns: Simplify the calculation and usage of wqe idx for post verbs
    - RDMA/hns: Bugfix for posting a wqe with sge
    - drivers: net: xgene: Fix the order of the arguments of
      'alloc_etherdev_mqs()'
    - ima: ima/lsm policy rule loading logic bug fixes
    - kprobes: Set unoptimized flag after unoptimizing code
    - lib/vdso: Make __arch_update_vdso_data() logic understandable
    - lib/vdso: Update coarse timekeeper unconditionally
    - pwm: omap-dmtimer: put_device() after of_find_device_by_node()
    - perf hists browser: Restore ESC as "Zoom out" of DSO/thread/etc
    - perf ui gtk: Add missing zalloc object
    - x86/resctrl: Check monitoring static key in the MBM overflow handler
    - KVM: x86: Remove spurious kvm_mmu_unload() from vcpu destruction path
    - KVM: x86: Remove spurious clearing of async #PF MSR
    - rcu: Allow only one expedited GP to run concurrently with wakeups
    - ubifs: Fix ino_t format warnings in orphan_delete()
    - thermal: db8500: Depromote debug print
    - thermal: brcmstb_thermal: Do not use DT coefficients
    - netfilter: nft_tunnel: no need to call htons() when dumping ports
    - netfilter: nf_flowtable: fix documentation
    - bus: tegra-aconnect: Remove PM_CLK dependency
    - xfs: clear kernel only flags in XFS_IOC_ATTRMULTI_BY_HANDLE
    - locking/lockdep: Fix lockdep_stats indentation problem
    - mm/debug.c: always print flags in dump_page()
    - mm/gup: allow FOLL_FORCE for get_user_pages_fast()
    - mm/huge_memory.c: use head to check huge zero page
    - mm, thp: fix defrag setting if newline is not used
    - kvm: nVMX: VMWRITE checks VMCS-link pointer before VMCS field
    - kvm: nVMX: VMWRITE checks unsupported field before read-only field
    - blktrace: Protect q->blk_trace with RCU
    - Linux 5.4.24

* Focal update: v5.4.23 upstream stable release (LP: #1866165)
    - iommu/qcom: Fix bogus detach logic
    - ALSA: hda: Use scnprintf() for printing texts for sysfs/procfs
    - ALSA: hda/realtek - Apply quirk for MSI GP63, too
    - ALSA: hda/realtek - Apply quirk for yet another MSI laptop
    - ASoC: codec2codec: avoid invalid/double-free of pcm runtime
    - ASoC: sun8i-codec: Fix setting DAI data format
    - tpm: Initialize crypto_id of allocated_banks to HASH_ALGO__LAST
    - ecryptfs: fix a memory leak bug in parse_tag_1_packet()
    - ecryptfs: fix a memory leak bug in ecryptfs_init_messaging()
    - btrfs: handle logged extent failure properly
    - thunderbolt: Prevent crash if non-active NVMem file is read
    - USB: misc: iowarrior: add support for 2 OEMed devices
    - USB: misc: iowarrior: add support for the 28 and 28L devices
    - USB: misc: iowarrior: add support for the 100 device
    - e1000e: Use rtnl_lock to prevent race conditions between net and pci/pm
    - floppy: check FDC index for errors before assigning it
    - vt: fix scrollback flushing on background consoles
    - vt: selection, handle pending signals in paste_selection
    - vt: vt_ioctl: fix race in VT_RESIZEX
    - staging: android: ashmem: Disallow ashmem memory from being remapped
    - staging: vt6656: fix sign of rx_dbm to bb_pre_ed_rssi.
    - xhci: Force Maximum Packet size for Full-speed bulk devices to valid range.
    - xhci: fix runtime pm enabling for quirky Intel hosts
    - xhci: apply XHCI_PME_STUCK_QUIRK to Intel Comet Lake platforms
    - xhci: Fix memory leak when caching protocol extended capability PSI tables -
      take 2
    - usb: host: xhci: update event ring dequeue pointer on purpose
    - USB: core: add endpoint-blacklist quirk
    - USB: quirks: blacklist duplicate ep on Sound Devices USBPre2
    - usb: uas: fix a plug & unplug racing
    - USB: Fix novation SourceControl XL after suspend
    - USB: hub: Don't record a connect-change event during reset-resume
    - USB: hub: Fix the broken detection of USB3 device in SMSC hub
    - usb: dwc2: Fix SET/CLEAR_FEATURE and GET_STATUS flows
    - usb: dwc3: gadget: Check for IOC/LST bit in TRB->ctrl fields
    - usb: dwc3: debug: fix string position formatting mixup with ret and len
    - scsi: Revert "target/core: Inline transport_lun_remove_cmd()"
    - staging: rtl8188eu: Fix potential security hole
    - staging: rtl8188eu: Fix potential overuse of kernel memory
    - staging: rtl8723bs: Fix potential security hole
    - staging: rtl8723bs: Fix potential overuse of kernel memory
    - drm/panfrost: perfcnt: Reserve/use the AS attached to the perfcnt MMU
      context
    - powerpc/8xx: Fix clearing of bits 20-23 in ITLB miss
    - powerpc/eeh: Fix deadlock handling dead PHB
    - powerpc/tm: Fix clearing MSR[TS] in current when reclaiming on signal
      delivery
    - powerpc/entry: Fix an #if which should be an #ifdef in entry_32.S
    - powerpc/hugetlb: Fix 512k hugepages on 8xx with 16k page size
    - powerpc/hugetlb: Fix 8M hugepages on 8xx
    - arm64: memory: Add missing brackets to untagged_addr() macro
    - jbd2: fix ocfs2 corrupt when clearing block group bits
    - x86/ima: use correct identifier for SetupMode variable
    - x86/mce/amd: Publish the bank pointer only after setup has succeeded
    - x86/mce/amd: Fix kobject lifetime
    - x86/cpu/amd: Enable the fixed Instructions Retired counter IRPERF
    - serial: 8250: Check UPF_IRQ_SHARED in advance
    - tty/serial: atmel: manage shutdown in case of RS485 or ISO7816 mode
    - tty: serial: imx: setup the correct sg entry for tx dma
    - tty: serial: qcom_geni_serial: Fix RX cancel command failure
    - serdev: ttyport: restore client ops on deregistration
    - MAINTAINERS: Update drm/i915 bug filing URL
    - ACPI: PM: s2idle: Check fixed wakeup events in acpi_s2idle_wake()
    - mm/memcontrol.c: lost css_put in memcg_expand_shrinker_maps()
    - nvme-multipath: Fix memory leak with ana_log_buf
    - genirq/irqdomain: Make sure all irq domain flags are distinct
    - mm/vmscan.c: don't round up scan size for online memory cgroup
    - mm/sparsemem: pfn_to_page is not valid yet on SPARSEMEM
    - lib/stackdepot.c: fix global out-of-bounds in stack_slabs
    - mm: Avoid creating virtual address aliases in brk()/mmap()/mremap()
    - drm/amdgpu/soc15: fix xclk for raven
    - drm/amdgpu/gfx9: disable gfxoff when reading rlc clock
    - drm/amdgpu/gfx10: disable gfxoff when reading rlc clock
    - drm/nouveau/kms/gv100-: Re-set LUT after clearing for modesets
    - drm/i915: Wean off drm_pci_alloc/drm_pci_free
    - drm/i915: Update drm/i915 bug filing URL
    - sched/psi: Fix OOB write when writing 0 bytes to PSI files
    - KVM: nVMX: Don't emulate instructions in guest mode
    - KVM: x86: don't notify userspace IOAPIC on edge-triggered interrupt EOI
    - ext4: fix a data race in EXT4_I(inode)->i_disksize
    - ext4: add cond_resched() to __ext4_find_entry()
    - ext4: fix potential race between online resizing and write operations
    - ext4: fix potential race between s_group_info online resizing and access
    - ext4: fix potential race between s_flex_groups online resizing and access
    - ext4: fix mount failure with quota configured as module
    - ext4: rename s_journal_flag_rwsem to s_writepages_rwsem
    - ext4: fix race between writepages and enabling EXT4_EXTENTS_FL
    - KVM: nVMX: Refactor IO bitmap checks into helper function
    - KVM: nVMX: Check IO instruction VM-exit conditions
    - KVM: nVMX: clear PIN_BASED_POSTED_INTR from nested pinbased_ctls only when
      apicv is globally disabled
    - KVM: nVMX: handle nested posted interrupts when apicv is disabled for L1
    - KVM: apic: avoid calculating pending eoi from an uninitialized val
    - btrfs: destroy qgroup extent records on transaction abort
    - btrfs: fix bytes_may_use underflow in prealloc error condtition
    - btrfs: reset fs_root to NULL on error in open_ctree
    - btrfs: do not check delayed items are empty for single transaction cleanup
    - Btrfs: fix btrfs_wait_ordered_range() so that it waits for all ordered
      extents
    - Btrfs: fix race between shrinking truncate and fiemap
    - btrfs: don't set path->leave_spinning for truncate
    - Btrfs: fix deadlock during fast fsync when logging prealloc extents beyond
      eof
    - Revert "dmaengine: imx-sdma: Fix memory leak"
    - drm/i915/gvt: more locking for ppgtt mm LRU list
    - drm/bridge: tc358767: fix poll timeouts
    - drm/i915/gt: Protect defer_request() from new waiters
    - drm/msm/dpu: fix BGR565 vs RGB565 confusion
    - scsi: Revert "RDMA/isert: Fix a recently introduced regression related to
      logout"
    - scsi: Revert "target: iscsi: Wait for all commands to finish before freeing
      a session"
    - usb: gadget: composite: Fix bMaxPower for SuperSpeedPlus
    - usb: dwc2: Fix in ISOC request length checking
    - staging: rtl8723bs: fix copy of overlapping memory
    - staging: greybus: use after free in gb_audio_manager_remove_all()
    - ASoC: atmel: fix atmel_ssc_set_audio link failure
    - ASoC: fsl_sai: Fix exiting path on probing failure
    - ecryptfs: replace BUG_ON with error handling code
    - iommu/vt-d: Fix compile warning from intel-svm.h
    - crypto: rename sm3-256 to sm3 in hash_algo_name
    - genirq/proc: Reject invalid affinity masks (again)
    - bpf, offload: Replace bitwise AND by logical AND in
      bpf_prog_offload_info_fill
    - arm64: lse: Fix LSE atomics with LLVM
    - io_uring: fix __io_iopoll_check deadlock in io_sq_thread
    - ALSA: rawmidi: Avoid bit fields for state flags
    - ALSA: seq: Avoid concurrent access to queue flags
    - ALSA: seq: Fix concurrent access to queue current tick/time
    - netfilter: xt_hashlimit: limit the max size of hashtable
    - rxrpc: Fix call RCU cleanup using non-bh-safe locks
    - io_uring: prevent sq_thread from spinning when it should stop
    - ata: ahci: Add shutdown to freeze hardware resources of ahci
    - xen: Enable interrupts when calling _cond_resched()
    - net/mlx5e: Reset RQ doorbell counter before moving RQ state from RST to RDY
    - net/mlx5: Fix sleep while atomic in mlx5_eswitch_get_vepa
    - net/mlx5e: Fix crash in recovery flow without devlink reporter
    - s390/kaslr: Fix casts in get_random
    - s390/mm: Explicitly compare PAGE_DEFAULT_KEY against zero in
      storage_key_init_range
    - bpf: Selftests build error in sockmap_basic.c
    - ASoC: SOF: Intel: hda: Add iDisp4 DAI
    - Linux 5.4.23

* Miscellaneous Ubuntu changes
    - SAUCE: selftests/net -- disable timeout
    - SAUCE: selftests/net -- disable l2tp.sh test
    - SAUCE: selftests/ftrace: Use printf instead of echo in kprobe syntax error
      tests
    - SAUCE: selftests/powerpc -- Disable timeout for benchmark and tm tests
    - SAUCE: selftests/ftrace: Escape additional strings in kprobe syntax error
      tests
    - SAUCE: Revert "UBUNTU: SAUCE: blk/core: Gracefully handle unset
      make_request_fn"
    - [Packaging] prevent duplicated entries in modules.ignore
    - update dkms package versions

linux (5.4.0-17.21) focal; urgency=medium

* focal/linux: 5.4.0-17.20 -proposed tracker (LP: #1865025)

* Packaging resync (LP: #1786013)
    - [Packaging] update helper scripts

* Miscellaneous Ubuntu changes
    - SAUCE: drm/i915/execlists: fix off by one in execlists_update_context()

linux (5.4.0-16.19) focal; urgency=medium

* focal/linux: 5.4.0-16.19 -proposed tracker (LP: #1864889)

* system hang: i915 Resetting rcs0 for hang on rcs0 (LP: #1861395)
    - drm/i915/execlists: Always force a context reload when rewinding RING_TAIL

* nsleep-lat / set-timer-lat / inconsistency-check / raw_skew from timer in
    ubuntu_kernel_selftests timeout on 5.3 / 5.4 (LP: #1864626)
    - selftests/timers: Turn off timeout setting

* [sfc-0121]enable the HiSilicon v3xx SFC driver (LP: #1860401)
    - spi: Add HiSilicon v3xx SPI NOR flash controller driver
    - MAINTAINERS: Add a maintainer for the HiSilicon v3xx SFC driver
    - [Config] CONFIG_SPI_HISI_SFC_V3XX=m

* [hns3-0217]sync mainline kernel 5.6rc1 hns3 patchset into ubuntu HWE kernel
    branch (LP: #1863575)
    - net: hns3: add management table after IMP reset
    - net: hns3: fix VF bandwidth does not take effect in some case
    - net: hns3: fix a copying IPv6 address error in hclge_fd_get_flow_tuples()

* [hns3-0111]sync mainline kernel 5.5rc6 hns3 patchset into ubuntu HWE kernel
    branch Edit (LP: #1859261)
    - net: hns3: schedule hclgevf_service by using delayed workqueue
    - net: hns3: remove mailbox and reset work in hclge_main
    - net: hns3: remove unnecessary work in hclgevf_main
    - net: hns3: allocate WQ with WQ_MEM_RECLAIM flag
    - net: hns3: do not schedule the periodic task when reset fail
    - net: hns3: check FE bit before calling hns3_add_frag()
    - net: hns3: remove useless mutex vport_cfg_mutex in the struct hclge_dev
    - net: hns3: optimization for CMDQ uninitialization
    - net: hns3: get FD rules location before dump in debugfs
    - net: hns3: implement ndo_features_check ops for hns3 driver
    - net: hns3: add some VF VLAN information for command "ip link show"
    - net: hns3: add a log for getting chain failure in
      hns3_nic_uninit_vector_data()
    - net: hns3: only print misc interrupt status when handling fails
    - net: hns3: add trace event support for HNS3 driver
    - net: hns3: re-organize vector handle
    - net: hns3: modify the IRQ name of TQP vector
    - net: hns3: modify an unsuitable log in hclge_map_ring_to_vector()
    - net: hns3: modify the IRQ name of misc vectors
    - net: hns3: add protection when get SFP speed as 0
    - net: hns3: replace an unsuitable variable type in
      hclge_inform_reset_assert_to_vf()
    - net: hns3: modify an unsuitable reset level for hardware error
    - net: hns3: split hclge_reset() into preparing and rebuilding part
    - net: hns3: split hclgevf_reset() into preparing and rebuilding part
    - net: hns3: refactor the precedure of PF FLR
    - net: hns3: refactor the procedure of VF FLR
    - net: hns3: enlarge HCLGE_RESET_WAIT_CNT
    - net: hns3: modify hclge_func_reset_sync_vf()'s return type to void
    - net: hns3: refactor the notification scheme of PF reset

* alsa/hda/realtek: fix a mute led regression on Lenovo X1 Carbon
    (LP: #1864576)
    - SAUCE: ALSA: hda/realtek - Fix a regression for mute led on Lenovo Carbon X1

* ipc/sem.c : process loops infinitely in exit_sem() (LP: #1858834)
    - Revert "ipc, sem: remove uneeded sem_undo_list lock usage in exit_sem()"

* r8152 init may take up to 40 seconds at initialization with Dell WD19/WD19DC
    during hotplug (LP: #1864284)
    - UBUNTU SAUCE: r8151: check disconnect status after long sleep

* Update kernel options CONFIG_NR_CPUS and CONFIG_NUMA_EMU for focal
    (LP: #1864198)
    - Ubuntu: [Config] Update kernel options CONFIG_NR_CPUS and CONFIG_NUMA_EMU

* ftrace test in ubuntu_kernel_selftests will timeout randomly (LP: #1864172)
    - tracing/selftests: Turn off timeout setting

* Another Dell AIO backlight issue (LP: #1863880)
    - SAUCE: platform/x86: dell-uart-backlight: move retry block

* Backport GetFB2 ioctl (LP: #1863874)
    - SAUCE: drm: Add getfb2 ioctl

* [20.04] Allow to reset an opencapi adapter (LP: #1862121)
    - powerpc/powernv/ioda: Fix ref count for devices with their own PE
    - powerpc/powernv/ioda: Protect PE list
    - powerpc/powernv/ioda: set up PE on opencapi device when enabling
    - powerpc/powernv/ioda: Release opencapi device
    - powerpc/powernv/ioda: Find opencapi slot for a device node
    - pci/hotplug/pnv-php: Remove erroneous warning
    - pci/hotplug/pnv-php: Improve error msg on power state change failure
    - pci/hotplug/pnv-php: Register opencapi slots
    - pci/hotplug/pnv-php: Relax check when disabling slot
    - pci/hotplug/pnv-php: Wrap warnings in macro
    - ocxl: Add PCI hotplug dependency to Kconfig

* alsa/asoc: export the number of dmic to userspace to work with the latest
    ucm2 (focal) (LP: #1864400)
    - ASoC: add control components management
    - ASoC: intel/skl/hda - export number of digital microphones via control
      components

* alsa/sof: let sof driver work with topology with volume and led control
    (focal) (LP: #1864398)
    - ASoC: SOF: enable dual control for pga
    - AsoC: SOF: refactor control load code
    - ASoC: SOF: acpi led support for switch controls
    - ASoC: SOF: topology: check errors when parsing LED tokens

* machine doesn't come up after suspend and re-opening the lid (LP: #1861837)
    - ASoC: SOF: trace: fix unconditional free in trace release

* 5.3.0-23-generic causes fans to spin when idle (LP: #1853044)
    - drm/i915/gt: Close race between engine_park and intel_gt_retire_requests
    - drm/i915/gt: Adapt engine_park synchronisation rules for engine_retire
    - drm/i915/gt: Schedule request retirement when timeline idles

* Focal update: 5.4.22 upstream stable release (LP: #1864488)
    - core: Don't skip generic XDP program execution for cloned SKBs
    - enic: prevent waking up stopped tx queues over watchdog reset
    - net/smc: fix leak of kernel memory to user space
    - net: dsa: tag_qca: Make sure there is headroom for tag
    - net/sched: matchall: add missing validation of TCA_MATCHALL_FLAGS
    - net/sched: flower: add missing validation of TCA_FLOWER_FLAGS
    - drm/gma500: Fixup fbdev stolen size usage evaluation
    - ath10k: Fix qmi init error handling
    - wil6210: fix break that is never reached because of zero'ing of a retry
      counter
    - drm/qxl: Complete exception handling in qxl_device_init()
    - rcu/nocb: Fix dump_tree hierarchy print always active
    - rcu: Fix missed wakeup of exp_wq waiters
    - rcu: Fix data-race due to atomic_t copy-by-value
    - f2fs: preallocate DIO blocks when forcing buffered_io
    - f2fs: call f2fs_balance_fs outside of locked page
    - media: meson: add missing allocation failure check on new_buf
    - clk: meson: pll: Fix by 0 division in __pll_params_to_rate()
    - cpu/hotplug, stop_machine: Fix stop_machine vs hotplug order
    - brcmfmac: Fix memory leak in brcmf_p2p_create_p2pdev()
    - brcmfmac: Fix use after free in brcmf_sdio_readframes()
    - PCI: Fix pci_add_dma_alias() bitmask size
    - drm/amd/display: Map ODM memory correctly when doing ODM combine
    - leds: pca963x: Fix open-drain initialization
    - ext4: fix ext4_dax_read/write inode locking sequence for IOCB_NOWAIT
    - ALSA: ctl: allow TLV read operation for callback type of element in locked
      case
    - gianfar: Fix TX timestamping with a stacked DSA driver
    - pinctrl: sh-pfc: sh7264: Fix CAN function GPIOs
    - printk: fix exclusive_console replaying
    - drm/mipi_dbi: Fix off-by-one bugs in mipi_dbi_blank()
    - drm/msm/adreno: fix zap vs no-zap handling
    - pxa168fb: Fix the function used to release some memory in an error handling
      path
    - media: ov5640: Fix check for PLL1 exceeding max allowed rate
    - media: i2c: mt9v032: fix enum mbus codes and frame sizes
    - media: sun4i-csi: Deal with DRAM offset
    - media: sun4i-csi: Fix data sampling polarity handling
    - media: sun4i-csi: Fix [HV]sync polarity handling
    - clk: at91: sam9x60: fix programmable clock prescaler
    - powerpc/powernv/iov: Ensure the pdn for VFs always contains a valid PE
      number
    - clk: meson: meson8b: make the CCF use the glitch-free mali mux
    - gpio: gpio-grgpio: fix possible sleep-in-atomic-context bugs in
      grgpio_irq_map/unmap()
    - iommu/vt-d: Fix off-by-one in PASID allocation
    - x86/fpu: Deactivate FPU state after failure during state load
    - char/random: silence a lockdep splat with printk()
    - media: sti: bdisp: fix a possible sleep-in-atomic-context bug in
      bdisp_device_run()
    - kernel/module: Fix memleak in module_add_modinfo_attrs()
    - IB/core: Let IB core distribute cache update events
    - pinctrl: baytrail: Do not clear IRQ flags on direct-irq enabled pins
    - efi/x86: Map the entire EFI vendor string before copying it
    - MIPS: Loongson: Fix potential NULL dereference in loongson3_platform_init()
    - sparc: Add .exit.data section.
    - net: ethernet: ixp4xx: Standard module init
    - raid6/test: fix a compilation error
    - uio: fix a sleep-in-atomic-context bug in uio_dmem_genirq_irqcontrol()
    - drm/amdgpu/sriov: workaround on rev_id for Navi12 under sriov
    - spi: fsl-lpspi: fix only one cs-gpio working
    - drm/nouveau/nouveau: fix incorrect sizeof on args.src an args.dst
    - usb: gadget: udc: fix possible sleep-in-atomic-context bugs in gr_probe()
    - usb: dwc2: Fix IN FIFO allocation
    - clocksource/drivers/bcm2835_timer: Fix memory leak of timer
    - drm/amd/display: Clear state after exiting fixed active VRR state
    - kselftest: Minimise dependency of get_size on C library interfaces
    - jbd2: clear JBD2_ABORT flag before journal_reset to update log tail info
      when load journal
    - ext4: fix deadlock allocating bio_post_read_ctx from mempool
    - clk: ti: dra7: fix parent for gmac_clkctrl
    - x86/sysfb: Fix check for bad VRAM size
    - pwm: omap-dmtimer: Simplify error handling
    - udf: Allow writing to 'Rewritable' partitions
    - dmaengine: fsl-qdma: fix duplicated argument to &&
    - wan/hdlc_x25: fix skb handling
    - powerpc/iov: Move VF pdev fixup into pcibios_fixup_iov()
    - tracing: Fix tracing_stat return values in error handling paths
    - tracing: Fix very unlikely race of registering two stat tracers
    - ARM: 8952/1: Disable kmemleak on XIP kernels
    - ext4, jbd2: ensure panic when aborting with zero errno
    - ath10k: Correct the DMA direction for management tx buffers
    - rtw88: fix rate mask for 1SS chip
    - brcmfmac: sdio: Fix OOB interrupt initialization on brcm43362
    - selftests: settings: tests can be in subsubdirs
    - rtc: i2c/spi: Avoid inclusion of REGMAP support when not needed
    - drm/amd/display: Retrain dongles when SINK_COUNT becomes non-zero
    - tracing: Simplify assignment parsing for hist triggers
    - nbd: add a flush_workqueue in nbd_start_device
    - KVM: s390: ENOTSUPP -> EOPNOTSUPP fixups
    - Btrfs: keep pages dirty when using btrfs_writepage_fixup_worker
    - drivers/block/zram/zram_drv.c: fix error return codes not being returned in
      writeback_store
    - block, bfq: do not plug I/O for bfq_queues with no proc refs
    - kconfig: fix broken dependency in randconfig-generated .config
    - clk: qcom: Don't overwrite 'cfg' in clk_rcg2_dfs_populate_freq()
    - clk: qcom: rcg2: Don't crash if our parent can't be found; return an error
    - drm/amdkfd: Fix a bug in SDMA RLC queue counting under HWS mode
    - bpf, sockhash: Synchronize_rcu before free'ing map
    - drm/amdgpu: remove 4 set but not used variable in
      amdgpu_atombios_get_connector_info_from_object_table
    - ath10k: correct the tlv len of ath10k_wmi_tlv_op_gen_config_pno_start
    - drm/amdgpu: Ensure ret is always initialized when using SOC15_WAIT_ON_RREG
    - drm/panel: simple: Add Logic PD Type 28 display support
    - arm64: dts: rockchip: Fix NanoPC-T4 cooling maps
    - modules: lockdep: Suppress suspicious RCU usage warning
    - ASoC: intel: sof_rt5682: Add quirk for number of HDMI DAI's
    - ASoC: intel: sof_rt5682: Add support for tgl-max98357a-rt5682
    - regulator: rk808: Lower log level on optional GPIOs being not available
    - net/wan/fsl_ucc_hdlc: reject muram offsets above 64K
    - NFC: port100: Convert cpu_to_le16(le16_to_cpu(E1) + E2) to use
      le16_add_cpu().
    - arm64: dts: allwinner: H6: Add PMU mode
    - arm64: dts: allwinner: H5: Add PMU node
    - arm: dts: allwinner: H3: Add PMU node
    - opp: Free static OPPs on errors while adding them
    - selinux: ensure we cleanup the internal AVC counters on error in
      avc_insert()
    - arm64: dts: qcom: msm8996: Disable USB2 PHY suspend by core
    - padata: validate cpumask without removed CPU during offline
    - clk: imx: Add correct failure handling for clk based helpers
    - ARM: exynos_defconfig: Bring back explicitly wanted options
    - ARM: dts: imx6: rdu2: Disable WP for USDHC2 and USDHC3
    - ARM: dts: imx6: rdu2: Limit USBH1 to Full Speed
    - bus: ti-sysc: Implement quirk handling for CLKDM_NOAUTO
    - PCI: iproc: Apply quirk_paxc_bridge() for module as well as built-in
    - media: cx23885: Add support for AVerMedia CE310B
    - PCI: Add generic quirk for increasing D3hot delay
    - PCI: Increase D3 delay for AMD Ryzen5/7 XHCI controllers
    - gpu/drm: ingenic: Avoid null pointer deference in plane atomic update
    - selftests/net: make so_txtime more robust to timer variance
    - media: v4l2-device.h: Explicitly compare grp{id,mask} to zero in v4l2_device
      macros
    - reiserfs: Fix spurious unlock in reiserfs_fill_super() error handling
    - samples/bpf: Set -fno-stack-protector when building BPF programs
    - r8169: check that Realtek PHY driver module is loaded
    - fore200e: Fix incorrect checks of NULL pointer dereference
    - netfilter: nft_tunnel: add the missing ERSPAN_VERSION nla_policy
    - ALSA: usx2y: Adjust indentation in snd_usX2Y_hwdep_dsp_status
    - PCI: Add nr_devfns parameter to pci_add_dma_alias()
    - PCI: Add DMA alias quirk for PLX PEX NTB
    - b43legacy: Fix -Wcast-function-type
    - ipw2x00: Fix -Wcast-function-type
    - iwlegacy: Fix -Wcast-function-type
    - rtlwifi: rtl_pci: Fix -Wcast-function-type
    - orinoco: avoid assertion in case of NULL pointer
    - drm/amdgpu: fix KIQ ring test fail in TDR of SRIOV
    - clk: qcom: smd: Add missing bimc clock
    - ACPICA: Disassembler: create buffer fields in ACPI_PARSE_LOAD_PASS1
    - nfsd: Clone should commit src file metadata too
    - scsi: ufs: Complete pending requests in host reset and restore path
    - scsi: aic7xxx: Adjust indentation in ahc_find_syncrate
    - crypto: inside-secure - add unspecified HAS_IOMEM dependency
    - drm/mediatek: handle events when enabling/disabling crtc
    - clk: renesas: rcar-gen3: Allow changing the RPC[D2] clocks
    - ARM: dts: r8a7779: Add device node for ARM global timer
    - selinux: ensure we cleanup the internal AVC counters on error in
      avc_update()
    - scsi: lpfc: Fix: Rework setting of fdmi symbolic node name registration
    - arm64: dts: qcom: db845c: Enable ath10k 8bit host-cap quirk
    - iommu/amd: Check feature support bit before accessing MSI capability
      registers
    - iommu/amd: Only support x2APIC with IVHD type 11h/40h
    - iommu/iova: Silence warnings under memory pressure
    - clk: actually call the clock init before any other callback of the clock
    - dmaengine: Store module owner in dma_device struct
    - dmaengine: imx-sdma: Fix memory leak
    - bpf: Print error message for bpftool cgroup show
    - net: phy: realtek: add logging for the RGMII TX delay configuration
    - crypto: chtls - Fixed memory leak
    - x86/vdso: Provide missing include file
    - PM / devfreq: exynos-ppmu: Fix excessive stack usage
    - PM / devfreq: rk3399_dmc: Add COMPILE_TEST and HAVE_ARM_SMCCC dependency
    - drm/fbdev: Fallback to non tiled mode if all tiles not present
    - pinctrl: sh-pfc: sh7269: Fix CAN function GPIOs
    - reset: uniphier: Add SCSSI reset control for each channel
    - ASoC: soc-topology: fix endianness issues
    - fbdev: fix numbering of fbcon options
    - RDMA/rxe: Fix error type of mmap_offset
    - clk: sunxi-ng: add mux and pll notifiers for A64 CPU clock
    - ALSA: sh: Fix unused variable warnings
    - clk: Use parent node pointer during registration if necessary
    - clk: uniphier: Add SCSSI clock gate for each channel
    - ALSA: hda/realtek - Apply mic mute LED quirk for Dell E7xx laptops, too
    - ALSA: sh: Fix compile warning wrt const
    - net: phy: fixed_phy: fix use-after-free when checking link GPIO
    - tools lib api fs: Fix gcc9 stringop-truncation compilation error
    - vfio/spapr/nvlink2: Skip unpinning pages on error exit
    - ASoC: Intel: sof_rt5682: Ignore the speaker amp when there isn't one.
    - ACPI: button: Add DMI quirk for Razer Blade Stealth 13 late 2019 lid switch
    - iommu/vt-d: Match CPU and IOMMU paging mode
    - iommu/vt-d: Avoid sending invalid page response
    - drm/amdkfd: Fix permissions of hang_hws
    - mlx5: work around high stack usage with gcc
    - RDMA/hns: Avoid printing address of mtt page
    - drm: remove the newline for CRC source name.
    - usb: dwc3: use proper initializers for property entries
    - ARM: dts: stm32: Add power-supply for DSI panel on stm32f469-disco
    - usbip: Fix unsafe unaligned pointer usage
    - udf: Fix free space reporting for metadata and virtual partitions
    - drm/mediatek: Add gamma property according to hardware capability
    - staging: rtl8188: avoid excessive stack usage
    - IB/hfi1: Add software counter for ctxt0 seq drop
    - IB/hfi1: Add RcvShortLengthErrCnt to hfi1stats
    - soc/tegra: fuse: Correct straps' address for older Tegra124 device trees
    - efi/x86: Don't panic or BUG() on non-critical error conditions
    - rcu: Use WRITE_ONCE() for assignments to ->pprev for hlist_nulls
    - Input: edt-ft5x06 - work around first register access error
    - bnxt: Detach page from page pool before sending up the stack
    - x86/nmi: Remove irq_work from the long duration NMI handler
    - wan: ixp4xx_hss: fix compile-testing on 64-bit
    - clocksource: davinci: only enable clockevents once tim34 is initialized
    - arm64: dts: rockchip: fix dwmmc clock name for px30
    - arm64: dts: rockchip: add reg property to brcmf sub-nodes
    - ARM: dts: rockchip: add reg property to brcmf sub node for
      rk3188-bqedison2qc
    - ALSA: usb-audio: Add boot quirk for MOTU M Series
    - ASoC: atmel: fix build error with CONFIG_SND_ATMEL_SOC_DMA=m
    - raid6/test: fix a compilation warning
    - tty: synclinkmp: Adjust indentation in several functions
    - tty: synclink_gt: Adjust indentation in several functions
    - misc: xilinx_sdfec: fix xsdfec_poll()'s return type
    - visorbus: fix uninitialized variable access
    - driver core: platform: Prevent resouce overflow from causing infinite loops
    - driver core: Print device when resources present in really_probe()
    - ASoC: SOF: Intel: hda-dai: fix compilation warning in pcm_prepare
    - bpf: Return -EBADRQC for invalid map type in __bpf_tx_xdp_map
    - vme: bridges: reduce stack usage
    - drm/nouveau/secboot/gm20b: initialize pointer in gm20b_secboot_new()
    - drm/nouveau/gr/gk20a,gm200-: add terminators to method lists read from fw
    - drm/nouveau: Fix copy-paste error in nouveau_fence_wait_uevent_handler
    - drm/nouveau/drm/ttm: Remove set but not used variable 'mem'
    - drm/nouveau/fault/gv100-: fix memory leak on module unload
    - dm thin: don't allow changing data device during thin-pool reload
    - gpiolib: Set lockdep class for hierarchical irq domains
    - drm/vmwgfx: prevent memory leak in vmw_cmdbuf_res_add
    - perf/imx_ddr: Fix cpu hotplug state cleanup
    - usb: musb: omap2430: Get rid of musb .set_vbus for omap2430 glue
    - kbuild: remove *.tmp file when filechk fails
    - iommu/arm-smmu-v3: Use WRITE_ONCE() when changing validity of an STE
    - ALSA: usb-audio: unlock on error in probe
    - f2fs: set I_LINKABLE early to avoid wrong access by vfs
    - f2fs: free sysfs kobject
    - scsi: ufs: pass device information to apply_dev_quirks
    - scsi: ufs-mediatek: add apply_dev_quirks variant operation
    - scsi: iscsi: Don't destroy session if there are outstanding connections
    - crypto: essiv - fix AEAD capitalization and preposition use in help text
    - ALSA: usb-audio: add implicit fb quirk for MOTU M Series
    - RDMA/mlx5: Don't fake udata for kernel path
    - arm64: lse: fix LSE atomics with LLVM's integrated assembler
    - arm64: fix alternatives with LLVM's integrated assembler
    - drm/amd/display: fixup DML dependencies
    - EDAC/sifive: Fix return value check in ecc_register()
    - KVM: PPC: Remove set but not used variable 'ra', 'rs', 'rt'
    - arm64: dts: ti: k3-j721e-main: Add missing power-domains for smmu
    - sched/core: Fix size of rq::uclamp initialization
    - sched/topology: Assert non-NUMA topology masks don't (partially) overlap
    - perf/x86/amd: Constrain Large Increment per Cycle events
    - watchdog/softlockup: Enforce that timestamp is valid on boot
    - debugobjects: Fix various data races
    - ASoC: SOF: Intel: hda: Fix SKL dai count
    - regulator: vctrl-regulator: Avoid deadlock getting and setting the voltage
    - f2fs: fix memleak of kobject
    - x86/mm: Fix NX bit clearing issue in kernel_map_pages_in_pgd
    - pwm: omap-dmtimer: Remove PWM chip in .remove before making it unfunctional
    - cmd64x: potential buffer overflow in cmd64x_program_timings()
    - ide: serverworks: potential overflow in svwks_set_pio_mode()
    - pwm: Remove set but not set variable 'pwm'
    - btrfs: fix possible NULL-pointer dereference in integrity checks
    - btrfs: safely advance counter when looking up bio csums
    - btrfs: device stats, log when stats are zeroed
    - module: avoid setting info->name early in case we can fall back to
      info->mod->name
    - remoteproc: Initialize rproc_class before use
    - regulator: core: Fix exported symbols to the exported GPL version
    - irqchip/mbigen: Set driver .suppress_bind_attrs to avoid remove problems
    - ALSA: hda/hdmi - add retry logic to parse_intel_hdmi()
    - spi: spi-fsl-qspi: Ensure width is respected in spi-mem operations
    - kbuild: use -S instead of -E for precise cc-option test in Kconfig
    - objtool: Fix ARCH=x86_64 build error
    - x86/decoder: Add TEST opcode to Group3-2
    - s390: adjust -mpacked-stack support check for clang 10
    - s390/ftrace: generate traced function stack frame
    - driver core: platform: fix u32 greater or equal to zero comparison
    - bpf, btf: Always output invariant hit in pahole DWARF to BTF transform
    - ALSA: hda - Add docking station support for Lenovo Thinkpad T420s
    - sunrpc: Fix potential leaks in sunrpc_cache_unhash()
    - drm/nouveau/mmu: fix comptag memory leak
    - powerpc/sriov: Remove VF eeh_dev state when disabling SR-IOV
    - media: uvcvideo: Add a quirk to force GEO GC6500 Camera bits-per-pixel value
    - btrfs: separate definition of assertion failure handlers
    - btrfs: Fix split-brain handling when changing FSID to metadata uuid
    - bcache: cached_dev_free needs to put the sb page
    - bcache: rework error unwinding in register_bcache
    - bcache: fix use-after-free in register_bcache()
    - iommu/vt-d: Remove unnecessary WARN_ON_ONCE()
    - alarmtimer: Make alarmtimer platform device child of RTC device
    - selftests: bpf: Reset global state between reuseport test runs
    - jbd2: switch to use jbd2_journal_abort() when failed to submit the commit
      record
    - jbd2: make sure ESHUTDOWN to be recorded in the journal superblock
    - powerpc/pseries/lparcfg: Fix display of Maximum Memory
    - selftests/eeh: Bump EEH wait time to 60s
    - ARM: 8951/1: Fix Kexec compilation issue.
    - ALSA: usb-audio: add quirks for Line6 Helix devices fw>=2.82
    - hostap: Adjust indentation in prism2_hostapd_add_sta
    - rtw88: fix potential NULL skb access in TX ISR
    - iwlegacy: ensure loop counter addr does not wrap and cause an infinite loop
    - cifs: fix unitialized variable poential problem with network I/O cache lock
      patch
    - cifs: Fix mount options set in automount
    - cifs: fix NULL dereference in match_prepath
    - bpf: map_seq_next should always increase position index
    - powerpc/mm: Don't log user reads to 0xffffffff
    - ceph: check availability of mds cluster on mount after wait timeout
    - rbd: work around -Wuninitialized warning
    - drm/amd/display: do not allocate display_mode_lib unnecessarily
    - irqchip/gic-v3: Only provision redistributors that are enabled in ACPI
    - drm/nouveau/disp/nv50-: prevent oops when no channel method map provided
    - char: hpet: Fix out-of-bounds read bug
    - ftrace: fpid_next() should increase position index
    - trigger_next should increase position index
    - radeon: insert 10ms sleep in dce5_crtc_load_lut
    - powerpc: Do not consider weak unresolved symbol relocations as bad
    - btrfs: do not do delalloc reservation under page lock
    - ocfs2: make local header paths relative to C files
    - ocfs2: fix a NULL pointer dereference when call
      ocfs2_update_inode_fsync_trans()
    - lib/scatterlist.c: adjust indentation in __sg_alloc_table
    - reiserfs: prevent NULL pointer dereference in reiserfs_insert_item()
    - bcache: fix memory corruption in bch_cache_accounting_clear()
    - bcache: explicity type cast in bset_bkey_last()
    - bcache: fix incorrect data type usage in btree_flush_write()
    - irqchip/gic-v3-its: Reference to its_invall_cmd descriptor when building
      INVALL
    - nvmet: Pass lockdep expression to RCU lists
    - nvme-pci: remove nvmeq->tags
    - iwlwifi: mvm: Fix thermal zone registration
    - iwlwifi: mvm: Check the sta is not NULL in iwl_mvm_cfg_he_sta()
    - asm-generic/tlb: add missing CONFIG symbol
    - microblaze: Prevent the overflow of the start
    - brd: check and limit max_part par
    - drm/amdgpu/smu10: fix smu10_get_clock_by_type_with_latency
    - drm/amdgpu/smu10: fix smu10_get_clock_by_type_with_voltage
    - NFS: Fix memory leaks
    - help_next should increase position index
    - i40e: Relax i40e_xsk_wakeup's return value when PF is busy
    - cifs: log warning message (once) if out of disk space
    - virtio_balloon: prevent pfn array overflow
    - fuse: don't overflow LLONG_MAX with end offset
    - mlxsw: spectrum_dpipe: Add missing error path
    - drm/amdgpu/display: handle multiple numbers of fclks in dcn_calcs.c (v2)
    - bcache: properly initialize 'path' and 'err' in register_bcache()
    - rtc: Kconfig: select REGMAP_I2C when necessary
    - Linux 5.4.22

* Focal update: 5.4.22 upstream stable release (LP: #1864488) //
    CVE-2019-19076.
    - Revert "nfp: abm: fix memory leak in nfp_abm_u32_knode_replace"

* Miscellaneous Ubuntu changes
    - [Debian] Revert "UBUNTU: [Debian] Update linux source package name in
      debian/tests/*"
    - SAUCE: selftests: fix undefined lable cleanup build error
    - SAUCE: selftests: fix undefined macro RET_IF() build error
    - [Packaging] Include modules.builtin.modinfo in linux-modules
    - update dkms package versions
    - Revert "UBUNTU: [Debian] Update package name in getabis repo list"

* Miscellaneous upstream changes
    - libbpf: Extract and generalize CPU mask parsing logic

linux (5.4.0-15.18) focal; urgency=medium

* focal/linux: 5.4.0-15.18 -proposed tracker (LP: #1864085)

* Focal update: v5.4.21 upstream stable release (LP: #1864046)
    - Input: synaptics - switch T470s to RMI4 by default
    - Input: synaptics - enable SMBus on ThinkPad L470
    - Input: synaptics - remove the LEN0049 dmi id from topbuttonpad list
    - ALSA: usb-audio: Fix UAC2/3 effect unit parsing
    - ALSA: hda/realtek - Add more codec supported Headset Button
    - ALSA: hda/realtek - Fix silent output on MSI-GL73
    - ALSA: usb-audio: Apply sample rate quirk for Audioengine D1
    - ACPI: EC: Fix flushing of pending work
    - ACPI: PM: s2idle: Avoid possible race related to the EC GPE
    - ACPICA: Introduce acpi_any_gpe_status_set()
    - ACPI: PM: s2idle: Prevent spurious SCIs from waking up the system
    - ALSA: usb-audio: sound: usb: usb true/false for bool return type
    - ALSA: usb-audio: Add clock validity quirk for Denon MC7000/MCX8000
    - ext4: don't assume that mmp_nodename/bdevname have NUL
    - ext4: fix support for inode sizes > 1024 bytes
    - ext4: fix checksum errors with indexed dirs
    - ext4: add cond_resched() to ext4_protect_reserved_inode
    - ext4: improve explanation of a mount failure caused by a misconfigured
      kernel
    - Btrfs: fix race between using extent maps and merging them
    - btrfs: ref-verify: fix memory leaks
    - btrfs: print message when tree-log replay starts
    - btrfs: log message when rw remount is attempted with unclean tree-log
    - ARM: npcm: Bring back GPIOLIB support
    - gpio: xilinx: Fix bug where the wrong GPIO register is written to
    - arm64: ssbs: Fix context-switch when SSBS is present on all CPUs
    - xprtrdma: Fix DMA scatter-gather list mapping imbalance
    - cifs: make sure we do not overflow the max EA buffer size
    - EDAC/sysfs: Remove csrow objects on errors
    - EDAC/mc: Fix use-after-free and memleaks during device removal
    - KVM: nVMX: Use correct root level for nested EPT shadow page tables
    - perf/x86/amd: Add missing L2 misses event spec to AMD Family 17h's event map
    - s390/pkey: fix missing length of protected key on return
    - s390/uv: Fix handling of length extensions
    - drm/vgem: Close use-after-free race in vgem_gem_create
    - drm/panfrost: Make sure the shrinker does not reclaim referenced BOs
    - bus: moxtet: fix potential stack buffer overflow
    - nvme: fix the parameter order for nvme_get_log in nvme_get_fw_slot_info
    - drivers: ipmi: fix off-by-one bounds check that leads to a out-of-bounds
      write
    - IB/mlx5: Return failure when rts2rts_qp_counters_set_id is not supported
    - IB/hfi1: Acquire lock to release TID entries when user file is closed
    - IB/hfi1: Close window for pq and request coliding
    - IB/rdmavt: Reset all QPs when the device is shut down
    - IB/umad: Fix kernel crash while unloading ib_umad
    - RDMA/core: Fix invalid memory access in spec_filter_size
    - RDMA/iw_cxgb4: initiate CLOSE when entering TERM
    - RDMA/hfi1: Fix memory leak in _dev_comp_vect_mappings_create
    - RDMA/rxe: Fix soft lockup problem due to using tasklets in softirq
    - RDMA/core: Fix protection fault in get_pkey_idx_qp_list
    - s390/time: Fix clk type in get_tod_clock
    - sched/uclamp: Reject negative values in cpu_uclamp_write()
    - spmi: pmic-arb: Set lockdep class for hierarchical irq domains
    - perf/x86/intel: Fix inaccurate period in context switch for auto-reload
    - hwmon: (pmbus/ltc2978) Fix PMBus polling of MFR_COMMON definitions.
    - mac80211: fix quiet mode activation in action frames
    - cifs: fix mount option display for sec=krb5i
    - arm64: dts: fast models: Fix FVP PCI interrupt-map property
    - KVM: x86: Mask off reserved bit from #DB exception payload
    - perf stat: Don't report a null stalled cycles per insn metric
    - NFSv4.1 make cachethis=no for writes
    - Revert "drm/sun4i: drv: Allow framebuffer modifiers in mode config"
    - jbd2: move the clearing of b_modified flag to the journal_unmap_buffer()
    - jbd2: do not clear the BH_Mapped flag when forgetting a metadata buffer
    - ext4: choose hardlimit when softlimit is larger than hardlimit in
      ext4_statfs_project()
    - KVM: x86/mmu: Fix struct guest_walker arrays for 5-level paging
    - gpio: add gpiod_toggle_active_low()
    - mmc: core: Rework wp-gpio handling
    - Linux 5.4.21

* Fix AMD Stoney Ridge screen flickering under 4K resolution (LP: #1864005)
    - iommu/amd: Disable IOMMU on Stoney Ridge systems

* Focal Fossa (20.04) feature request - Enable CONFIG_X86_UV (LP: #1863810)
    - [Config] CONFIG_X86_UV=y

* [UBUNTU 20.04] Enable proper reset/recovery of s390x/pci functions in error
    state (LP: #1863768)
    - s390/pci: Recover handle in clp_set_pci_fn()
    - s390/pci: Fix possible deadlock in recover_store()

* [20.04 FEAT] Enhanced handling of secure keys and protected keys
    (LP: #1853303)
    - s390/zcrypt: enable card/domain autoselect on ep11 cprbs
    - s390/zcrypt: ep11 structs rework, export zcrypt_send_ep11_cprb
    - s390/zcrypt: add new low level ep11 functions support file
    - s390/zcrypt: extend EP11 card and queue sysfs attributes
    - s390/pkey/zcrypt: Support EP11 AES secure keys

* [20.04 FEAT] paes self test (LP: #1854948)
    - s390/pkey: use memdup_user() to simplify code
    - s390/pkey: Add support for key blob with clear key value
    - s390/crypto: Rework on paes implementation
    - s390/crypto: enable clear key values for paes ciphers
    - crypto/testmgr: enable selftests for paes-s390 ciphers

* Sometimes can't adjust brightness on Dell AIO (LP: #1862885)
    - SAUCE: platform/x86: dell-uart-backlight: increase retry times

* change the ASoC card name and card longname to meet the requirement of alsa-
    lib-1.2.1 (Focal) (LP: #1862712)
    - ASoC: improve the DMI long card code in asoc-core
    - ASoC: DMI long name - avoid to add board name if matches with product name
    - ASoC: intel - fix the card names

* Support Headset Mic on HP cPC (LP: #1862313)
    - ALSA: hda/realtek - Add Headset Mic supported for HP cPC
    - ALSA: hda/realtek - Fixed one of HP ALC671 platform Headset Mic supported

* [hns3-0205]sync mainline kernel 5.5rc7 hns3 patchset into ubuntu HWE kernel
    branch (LP: #1861972)
    - net: hns3: replace snprintf with scnprintf in hns3_dbg_cmd_read
    - net: hns3: replace snprintf with scnprintf in hns3_update_strings
    - net: hns3: limit the error logging in the hns3_clean_tx_ring()
    - net: hns3: do not reuse pfmemalloc pages
    - net: hns3: set VF's default reset_type to HNAE3_NONE_RESET
    - net: hns3: move duplicated macro definition into header
    - net: hns3: refine the input parameter 'size' for snprintf()
    - net: hns3: rewrite a log in hclge_put_vector()
    - net: hns3: delete unnecessary blank line and space for cleanup
    - net: hns3: remove redundant print on ENOMEM

* [acc-0205]sync mainline kernel 5.5rc6 acc patchset into ubuntu HWE kernel
    branch (LP: #1861976)
    - crypto: hisilicon/sec2 - Use atomics instead of __sync
    - crypto: hisilicon - still no need to check return value of debugfs_create
      functions
    - crypto: hisilicon - Update debugfs usage of SEC V2
    - crypto: hisilicon - fix print/comment of SEC V2
    - crypto: hisilicon - Update some names on SEC V2
    - crypto: hisilicon - Update QP resources of SEC V2
    - crypto: hisilicon - Adjust some inner logic
    - crypto: hisilicon - Add callback error check
    - crypto: hisilicon - Add branch prediction macro
    - crypto: hisilicon - redefine skcipher initiation
    - crypto: hisilicon - Add aead support on SEC2
    - crypto: hisilicon - Bugfixed tfm leak
    - crypto: hisilicon - Fixed some tiny bugs of HPRE
    - crypto: hisilicon - adjust hpre_crt_para_get
    - crypto: hisilicon - add branch prediction macro
    - crypto: hisilicon - fix spelling mistake "disgest" -> "digest"

* [spi-0115]spi: dw: use "smp_mb()" to avoid sending spi data error
    (LP: #1859744)
    - spi: dw: use "smp_mb()" to avoid sending spi data error

* [tpm-0115]EFI/stub: tpm: enable tpm eventlog function for ARM64 platform
    (LP: #1859743)
    - efi: libstub/tpm: enable tpm eventlog function for ARM platforms

* Restrict xmon to read-only-mode if kernel is locked down (LP: #1863562)
    - powerpc/xmon: Restrict when kernel is locked down

* [CML-H] Add intel_thermal_pch driver support Comet Lake -H (LP: #1853219)
    - thermal: intel: intel_pch_thermal: Add Comet Lake (CML) platform support

* Root can lift kernel lockdown via USB/IP (LP: #1861238)
    - Revert "UBUNTU: SAUCE: (lockdown) Add a SysRq option to lift kernel
      lockdown"

* Dell XPS 13 (7390) Display Flickering - 19.10  (LP: #1849947)
    - SAUCE: drm/i915: Disable PSR by default on all platforms

* Focal update: v5.4.20 upstream stable release (LP: #1863589)
    - ASoC: pcm: update FE/BE trigger order based on the command
    - hv_sock: Remove the accept port restriction
    - IB/mlx4: Fix memory leak in add_gid error flow
    - IB/srp: Never use immediate data if it is disabled by a user
    - IB/mlx4: Fix leak in id_map_find_del
    - RDMA/netlink: Do not always generate an ACK for some netlink operations
    - RDMA/i40iw: fix a potential NULL pointer dereference
    - RDMA/core: Fix locking in ib_uverbs_event_read
    - RDMA/uverbs: Verify MR access flags
    - RDMA/cma: Fix unbalanced cm_id reference count during address resolve
    - RDMA/umem: Fix ib_umem_find_best_pgsz()
    - scsi: ufs: Fix ufshcd_probe_hba() reture value in case
      ufshcd_scsi_add_wlus() fails
    - PCI/IOV: Fix memory leak in pci_iov_add_virtfn()
    - ath10k: pci: Only dump ATH10K_MEM_REGION_TYPE_IOREG when safe
    - PCI/switchtec: Use dma_set_mask_and_coherent()
    - PCI/switchtec: Fix vep_vector_number ioread width
    - PCI: tegra: Fix afi_pex2_ctrl reg offset for Tegra30
    - PCI: Don't disable bridge BARs when assigning bus resources
    - PCI/AER: Initialize aer_fifo
    - iwlwifi: mvm: avoid use after free for pmsr request
    - bpftool: Don't crash on missing xlated program instructions
    - bpf, sockmap: Don't sleep while holding RCU lock on tear-down
    - bpf, sockhash: Synchronize_rcu before free'ing map
    - selftests/bpf: Test freeing sockmap/sockhash with a socket in it
    - bpf: Improve bucket_log calculation logic
    - bpf, sockmap: Check update requirements after locking
    - nfs: NFS_SWAP should depend on SWAP
    - NFS: Revalidate the file size on a fatal write error
    - NFS/pnfs: Fix pnfs_generic_prepare_to_resend_writes()
    - NFS: Fix fix of show_nfs_errors
    - NFSv4: pnfs_roc() must use cred_fscmp() to compare creds
    - NFSv4: try lease recovery on NFS4ERR_EXPIRED
    - NFSv4.0: nfs4_do_fsinfo() should not do implicit lease renewals
    - x86/boot: Handle malformed SRAT tables during early ACPI parsing
    - rtc: hym8563: Return -EINVAL if the time is known to be invalid
    - rtc: cmos: Stop using shared IRQ
    - watchdog: qcom: Use platform_get_irq_optional() for bark irq
    - ARC: [plat-axs10x]: Add missing multicast filter number to GMAC node
    - platform/x86: intel_mid_powerbtn: Take a copy of ddata
    - arm64: dts: qcom: msm8998: Fix tcsr syscon size
    - arm64: dts: uDPU: fix broken ethernet
    - ARM: dts: at91: Reenable UART TX pull-ups
    - ARM: dts: am43xx: add support for clkout1 clock
    - arm64: dts: renesas: r8a77990: ebisu: Remove clkout-lr-synchronous from
      sound
    - arm64: dts: marvell: clearfog-gt-8k: fix switch cpu port node
    - ARM: dts: meson8: use the actual frequency for the GPU's 182.1MHz OPP
    - ARM: dts: meson8b: use the actual frequency for the GPU's 364MHz OPP
    - ARM: dts: at91: sama5d3: fix maximum peripheral clock rates
    - ARM: dts: at91: sama5d3: define clock rate range for tcb1
    - tools/power/acpi: fix compilation error
    - soc: qcom: rpmhpd: Set 'active_only' for active only power domains
    - Revert "powerpc/pseries/iommu: Don't use dma_iommu_ops on secure guests"
    - powerpc/ptdump: Fix W+X verification call in mark_rodata_ro()
    - powerpc/ptdump: Only enable PPC_CHECK_WX with STRICT_KERNEL_RWX
    - powerpc/papr_scm: Fix leaking 'bus_desc.provider_name' in some paths
    - powerpc/pseries/vio: Fix iommu_table use-after-free refcount warning
    - powerpc/pseries: Allow not having ibm, hypertas-functions::hcall-multi-tce
      for DDW
    - iommu/arm-smmu-v3: Populate VMID field for CMDQ_OP_TLBI_NH_VA
    - ARM: at91: pm: use SAM9X60 PMC's compatible
    - ARM: at91: pm: use of_device_id array to find the proper shdwc node
    - KVM: arm/arm64: vgic-its: Fix restoration of unmapped collections
    - ARM: 8949/1: mm: mark free_memmap as __init
    - sched/uclamp: Fix a bug in propagating uclamp value in new cgroups
    - arm64: cpufeature: Fix the type of no FP/SIMD capability
    - arm64: cpufeature: Set the FP/SIMD compat HWCAP bits properly
    - arm64: ptrace: nofpsimd: Fail FP/SIMD regset operations
    - KVM: arm/arm64: Fix young bit from mmu notifier
    - KVM: arm: Fix DFSR setting for non-LPAE aarch32 guests
    - KVM: arm: Make inject_abt32() inject an external abort instead
    - KVM: arm64: pmu: Don't increment SW_INCR if PMCR.E is unset
    - KVM: arm64: pmu: Fix chained SW_INCR counters
    - KVM: arm64: Treat emulated TVAL TimerValue as a signed 32-bit integer
    - arm64: nofpsmid: Handle TIF_FOREIGN_FPSTATE flag cleanly
    - mtd: onenand_base: Adjust indentation in onenand_read_ops_nolock
    - mtd: sharpslpart: Fix unsigned comparison to zero
    - crypto: testmgr - don't try to decrypt uninitialized buffers
    - crypto: artpec6 - return correct error code for failed setkey()
    - crypto: atmel-sha - fix error handling when setting hmac key
    - crypto: caam/qi2 - fix typo in algorithm's driver name
    - drivers: watchdog: stm32_iwdg: set WDOG_HW_RUNNING at probe
    - media: i2c: adv748x: Fix unsafe macros
    - dt-bindings: iio: adc: ad7606: Fix wrong maxItems value
    - bcache: avoid unnecessary btree nodes flushing in btree_flush_write()
    - selinux: revert "stop passing MAY_NOT_BLOCK to the AVC upon follow_link"
    - selinux: fix regression introduced by move_mount(2) syscall
    - pinctrl: sh-pfc: r8a77965: Fix DU_DOTCLKIN3 drive/bias control
    - pinctrl: sh-pfc: r8a7778: Fix duplicate SDSELF_B and SD1_CLK_B
    - regmap: fix writes to non incrementing registers
    - mfd: max77650: Select REGMAP_IRQ in Kconfig
    - clk: meson: g12a: fix missing uart2 in regmap table
    - dmaengine: axi-dmac: add a check for devm_regmap_init_mmio
    - mwifiex: Fix possible buffer overflows in mwifiex_ret_wmm_get_status()
    - mwifiex: Fix possible buffer overflows in mwifiex_cmd_append_vsie_tlv()
    - libertas: don't exit from lbs_ibss_join_existing() with RCU read lock held
    - libertas: make lbs_ibss_join_existing() return error code on rates overflow
    - selinux: fall back to ref-walk if audit is required
    - Linux 5.4.20

* Focal update: v5.4.19 upstream stable release (LP: #1863588)
    - sparc32: fix struct ipc64_perm type definition
    - bnxt_en: Move devlink_register before registering netdev
    - cls_rsvp: fix rsvp_policy
    - gtp: use __GFP_NOWARN to avoid memalloc warning
    - l2tp: Allow duplicate session creation with UDP
    - net: hsr: fix possible NULL deref in hsr_handle_frame()
    - net_sched: fix an OOB access in cls_tcindex
    - net: stmmac: Delete txtimer in suspend()
    - bnxt_en: Fix TC queue mapping.
    - rxrpc: Fix use-after-free in rxrpc_put_local()
    - rxrpc: Fix insufficient receive notification generation
    - rxrpc: Fix missing active use pinning of rxrpc_local object
    - rxrpc: Fix NULL pointer deref due to call->conn being cleared on disconnect
    - tcp: clear tp->total_retrans in tcp_disconnect()
    - tcp: clear tp->delivered in tcp_disconnect()
    - tcp: clear tp->data_segs{in|out} in tcp_disconnect()
    - tcp: clear tp->segs_{in|out} in tcp_disconnect()
    - ionic: fix rxq comp packet type mask
    - MAINTAINERS: correct entries for ISDN/mISDN section
    - netdevsim: fix stack-out-of-bounds in nsim_dev_debugfs_init()
    - bnxt_en: Fix logic that disables Bus Master during firmware reset.
    - media: uvcvideo: Avoid cyclic entity chains due to malformed USB descriptors
    - mfd: dln2: More sanity checking for endpoints
    - netfilter: ipset: fix suspicious RCU usage in find_set_and_id
    - ipc/msg.c: consolidate all xxxctl_down() functions
    - tracing/kprobes: Have uname use __get_str() in print_fmt
    - tracing: Fix sched switch start/stop refcount racy updates
    - rcu: Use *_ONCE() to protect lockless ->expmask accesses
    - rcu: Avoid data-race in rcu_gp_fqs_check_wake()
    - srcu: Apply *_ONCE() to ->srcu_last_gp_end
    - rcu: Use READ_ONCE() for ->expmask in rcu_read_unlock_special()
    - nvmet: Fix error print message at nvmet_install_queue function
    - nvmet: Fix controller use after free
    - Bluetooth: btusb: fix memory leak on fw
    - Bluetooth: btusb: Disable runtime suspend on Realtek devices
    - brcmfmac: Fix memory leak in brcmf_usbdev_qinit
    - usb: dwc3: gadget: Check END_TRANSFER completion
    - usb: dwc3: gadget: Delay starting transfer
    - usb: typec: tcpci: mask event interrupts when remove driver
    - objtool: Silence build output
    - usb: gadget: f_fs: set req->num_sgs as 0 for non-sg transfer
    - usb: gadget: legacy: set max_speed to super-speed
    - usb: gadget: f_ncm: Use atomic_t to track in-flight request
    - usb: gadget: f_ecm: Use atomic_t to track in-flight request
    - ALSA: usb-audio: Fix endianess in descriptor validation
    - ALSA: usb-audio: Annotate endianess in Scarlett gen2 quirk
    - ALSA: dummy: Fix PCM format loop in proc output
    - memcg: fix a crash in wb_workfn when a device disappears
    - mm/sparse.c: reset section's mem_map when fully deactivated
    - mmc: sdhci-pci: Make function amd_sdhci_reset static
    - utimes: Clamp the timestamps in notify_change()
    - mm/memory_hotplug: fix remove_memory() lockdep splat
    - mm: thp: don't need care deferred split queue in memcg charge move path
    - mm: move_pages: report the number of non-attempted pages
    - media/v4l2-core: set pages dirty upon releasing DMA buffers
    - media: v4l2-core: compat: ignore native command codes
    - media: v4l2-rect.h: fix v4l2_rect_map_inside() top/left adjustments
    - lib/test_kasan.c: fix memory leak in kmalloc_oob_krealloc_more()
    - irqdomain: Fix a memory leak in irq_domain_push_irq()
    - x86/cpu: Update cached HLE state on write to TSX_CTRL_CPUID_CLEAR
    - platform/x86: intel_scu_ipc: Fix interrupt support
    - ALSA: hda: Apply aligned MMIO access only conditionally
    - ALSA: hda: Add Clevo W65_67SB the power_save blacklist
    - ALSA: hda: Add JasperLake PCI ID and codec vid
    - arm64: acpi: fix DAIF manipulation with pNMI
    - KVM: arm64: Correct PSTATE on exception entry
    - KVM: arm/arm64: Correct CPSR on exception entry
    - KVM: arm/arm64: Correct AArch32 SPSR on exception entry
    - KVM: arm64: Only sign-extend MMIO up to register width
    - MIPS: syscalls: fix indentation of the 'SYSNR' message
    - MIPS: fix indentation of the 'RELOCS' message
    - MIPS: boot: fix typo in 'vmlinux.lzma.its' target
    - s390/mm: fix dynamic pagetable upgrade for hugetlbfs
    - powerpc/mmu_gather: enable RCU_TABLE_FREE even for !SMP case
    - powerpc/ptdump: Fix W+X verification
    - powerpc/xmon: don't access ASDR in VMs
    - powerpc/pseries: Advance pfn if section is not present in lmb_is_removable()
    - powerpc/32s: Fix bad_kuap_fault()
    - powerpc/32s: Fix CPU wake-up from sleep mode
    - tracing: Fix now invalid var_ref_vals assumption in trace action
    - PCI: tegra: Fix return value check of pm_runtime_get_sync()
    - PCI: keystone: Fix outbound region mapping
    - PCI: keystone: Fix link training retries initiation
    - PCI: keystone: Fix error handling when "num-viewport" DT property is not
      populated
    - mmc: spi: Toggle SPI polarity, do not hardcode it
    - ACPI: video: Do not export a non working backlight interface on MSI MS-7721
      boards
    - ACPI / battery: Deal with design or full capacity being reported as -1
    - ACPI / battery: Use design-cap for capacity calculations if full-cap is not
      available
    - ACPI / battery: Deal better with neither design nor full capacity not being
      reported
    - alarmtimer: Unregister wakeup source when module get fails
    - fscrypt: don't print name of busy file when removing key
    - ubifs: don't trigger assertion on invalid no-key filename
    - ubifs: Fix wrong memory allocation
    - ubifs: Fix FS_IOC_SETFLAGS unexpectedly clearing encrypt flag
    - ubifs: Fix deadlock in concurrent bulk-read and writepage
    - mmc: sdhci-of-at91: fix memleak on clk_get failure
    - ASoC: SOF: core: free trace on errors
    - hv_balloon: Balloon up according to request page number
    - mfd: axp20x: Mark AXP20X_VBUS_IPSOUT_MGMT as volatile
    - nvmem: core: fix memory abort in cleanup path
    - crypto: api - Check spawn->alg under lock in crypto_drop_spawn
    - crypto: ccree - fix backlog memory leak
    - crypto: ccree - fix AEAD decrypt auth fail
    - crypto: ccree - fix pm wrongful error reporting
    - crypto: ccree - fix FDE descriptor sequence
    - crypto: ccree - fix PM race condition
    - padata: Remove broken queue flushing
    - fs: allow deduplication of eof block into the end of the destination file
    - scripts/find-unused-docs: Fix massive false positives
    - erofs: fix out-of-bound read for shifted uncompressed block
    - scsi: megaraid_sas: Do not initiate OCR if controller is not in ready state
    - scsi: qla2xxx: Fix mtcp dump collection failure
    - cpupower: Revert library ABI changes from commit ae2917093fb60bdc1ed3e
    - power: supply: axp20x_ac_power: Fix reporting online status
    - power: supply: ltc2941-battery-gauge: fix use-after-free
    - ovl: fix wrong WARN_ON() in ovl_cache_update_ino()
    - ovl: fix lseek overflow on 32bit
    - f2fs: choose hardlimit when softlimit is larger than hardlimit in
      f2fs_statfs_project()
    - f2fs: fix miscounted block limit in f2fs_statfs_project()
    - f2fs: code cleanup for f2fs_statfs_project()
    - f2fs: fix dcache lookup of !casefolded directories
    - f2fs: fix race conditions in ->d_compare() and ->d_hash()
    - PM: core: Fix handling of devices deleted during system-wide resume
    - cpufreq: Avoid creating excessively large stack frames
    - of: Add OF_DMA_DEFAULT_COHERENT & select it on powerpc
    - ARM: dma-api: fix max_pfn off-by-one error in __dma_supported()
    - dm zoned: support zone sizes smaller than 128MiB
    - dm space map common: fix to ensure new block isn't already in use
    - dm writecache: fix incorrect flush sequence when doing SSD mode commit
    - dm crypt: fix GFP flags passed to skcipher_request_alloc()
    - dm crypt: fix benbi IV constructor crash if used in authenticated mode
    - dm thin metadata: use pool locking at end of dm_pool_metadata_close
    - scsi: qla2xxx: Fix stuck login session using prli_pend_timer
    - ASoC: SOF: Introduce state machine for FW boot
    - ASoC: SOF: core: release resources on errors in probe_continue
    - tracing: Annotate ftrace_graph_hash pointer with __rcu
    - tracing: Annotate ftrace_graph_notrace_hash pointer with __rcu
    - ftrace: Add comment to why rcu_dereference_sched() is open coded
    - ftrace: Protect ftrace_graph_hash with ftrace_sync
    - crypto: pcrypt - Avoid deadlock by using per-instance padata queues
    - btrfs: fix improper setting of scanned for range cyclic write cache pages
    - btrfs: Handle another split brain scenario with metadata uuid feature
    - riscv, bpf: Fix broken BPF tail calls
    - selftests/bpf: Fix perf_buffer test on systems w/ offline CPUs
    - bpf, devmap: Pass lockdep expression to RCU lists
    - libbpf: Fix realloc usage in bpf_core_find_cands
    - tc-testing: fix eBPF tests failure on linux fresh clones
    - samples/bpf: Don't try to remove user's homedir on clean
    - samples/bpf: Xdp_redirect_cpu fix missing tracepoint attach
    - selftests/bpf: Fix test_attach_probe
    - selftests/bpf: Skip perf hw events test if the setup disabled it
    - selftests: bpf: Use a temporary file in test_sockmap
    - selftests: bpf: Ignore FIN packets for reuseport tests
    - crypto: api - fix unexpectedly getting generic implementation
    - crypto: hisilicon - Use the offset fields in sqe to avoid need to split
      scatterlists
    - crypto: ccp - set max RSA modulus size for v3 platform devices as well
    - crypto: arm64/ghash-neon - bump priority to 150
    - crypto: pcrypt - Do not clear MAY_SLEEP flag in original request
    - crypto: atmel-aes - Fix counter overflow in CTR mode
    - crypto: api - Fix race condition in crypto_spawn_alg
    - crypto: picoxcell - adjust the position of tasklet_init and fix missed
      tasklet_kill
    - powerpc/futex: Fix incorrect user access blocking
    - scsi: qla2xxx: Fix unbound NVME response length
    - NFS: Fix memory leaks and corruption in readdir
    - NFS: Directory page cache pages need to be locked when read
    - nfsd: fix filecache lookup
    - jbd2_seq_info_next should increase position index
    - ext4: fix deadlock allocating crypto bounce page from mempool
    - ext4: fix race conditions in ->d_compare() and ->d_hash()
    - Btrfs: fix missing hole after hole punching and fsync when using NO_HOLES
    - Btrfs: make deduplication with range including the last block work
    - Btrfs: fix infinite loop during fsync after rename operations
    - btrfs: set trans->drity in btrfs_commit_transaction
    - btrfs: drop log root for dropped roots
    - Btrfs: fix race between adding and putting tree mod seq elements and nodes
    - btrfs: flush write bio if we loop in extent_write_cache_pages
    - btrfs: Correctly handle empty trees in find_first_clear_extent_bit
    - ARM: tegra: Enable PLLP bypass during Tegra124 LP1
    - iwlwifi: don't throw error when trying to remove IGTK
    - mwifiex: fix unbalanced locking in mwifiex_process_country_ie()
    - sunrpc: expiry_time should be seconds not timeval
    - gfs2: fix gfs2_find_jhead that returns uninitialized jhead with seq 0
    - gfs2: move setting current->backing_dev_info
    - gfs2: fix O_SYNC write handling
    - drm: atmel-hlcdc: use double rate for pixel clock only if supported
    - drm: atmel-hlcdc: enable clock before configuring timing engine
    - drm: atmel-hlcdc: prefer a lower pixel-clock than requested
    - drm/rect: Avoid division by zero
    - media: iguanair: fix endpoint sanity check
    - media: rc: ensure lirc is initialized before registering input device
    - tools/kvm_stat: Fix kvm_exit filter name
    - xen/balloon: Support xend-based toolstack take two
    - watchdog: fix UAF in reboot notifier handling in watchdog core code
    - bcache: add readahead cache policy options via sysfs interface
    - eventfd: track eventfd_signal() recursion depth
    - aio: prevent potential eventfd recursion on poll
    - KVM: x86: Refactor picdev_write() to prevent Spectre-v1/L1TF attacks
    - KVM: x86: Refactor prefix decoding to prevent Spectre-v1/L1TF attacks
    - KVM: x86: Protect pmu_intel.c from Spectre-v1/L1TF attacks
    - KVM: x86: Protect DR-based index computations from Spectre-v1/L1TF attacks
    - KVM: x86: Protect kvm_lapic_reg_write() from Spectre-v1/L1TF attacks
    - KVM: x86: Protect kvm_hv_msr_[get|set]_crash_data() from Spectre-v1/L1TF
      attacks
    - KVM: x86: Protect ioapic_write_indirect() from Spectre-v1/L1TF attacks
    - KVM: x86: Protect MSR-based index computations in pmu.h from Spectre-v1/L1TF
      attacks
    - KVM: x86: Protect ioapic_read_indirect() from Spectre-v1/L1TF attacks
    - KVM: x86: Protect MSR-based index computations from Spectre-v1/L1TF attacks
      in x86.c
    - KVM: x86: Protect x86_decode_insn from Spectre-v1/L1TF attacks
    - KVM: x86: Protect MSR-based index computations in fixed_msr_to_seg_unit()
      from Spectre-v1/L1TF attacks
    - KVM: x86: Fix potential put_fpu() w/o load_fpu() on MPX platform
    - KVM: PPC: Book3S HV: Uninit vCPU if vcore creation fails
    - KVM: PPC: Book3S PR: Free shared page if mmu initialization fails
    - kvm/svm: PKU not currently supported
    - KVM: VMX: Add non-canonical check on writes to RTIT address MSRs
    - KVM: x86: Don't let userspace set host-reserved cr4 bits
    - KVM: x86: Free wbinvd_dirty_mask if vCPU creation fails
    - KVM: x86: Handle TIF_NEED_FPU_LOAD in kvm_{load,put}_guest_fpu()
    - KVM: x86: Ensure guest's FPU state is loaded when accessing for emulation
    - KVM: x86: Revert "KVM: X86: Fix fpu state crash in kvm guest"
    - KVM: s390: do not clobber registers during guest reset/store status
    - ocfs2: fix oops when writing cloned file
    - mm/page_alloc.c: fix uninitialized memmaps on a partially populated last
      section
    - arm64: dts: qcom: qcs404-evb: Set vdd_apc regulator in high power mode
    - mm/mmu_gather: invalidate TLB correctly on batch allocation failure and
      flush
    - clk: tegra: Mark fuse clock as critical
    - drm/amd/dm/mst: Ignore payload update failures
    - virtio-balloon: initialize all vq callbacks
    - virtio-pci: check name when counting MSI-X vectors
    - fix up iter on short count in fuse_direct_io()
    - broken ping to ipv6 linklocal addresses on debian buster
    - percpu: Separate decrypted varaibles anytime encryption can be enabled
    - ASoC: meson: axg-fifo: fix fifo threshold setup
    - scsi: qla2xxx: Fix the endianness of the qla82xx_get_fw_size() return type
    - scsi: csiostor: Adjust indentation in csio_device_reset
    - scsi: qla4xxx: Adjust indentation in qla4xxx_mem_free
    - scsi: ufs: Recheck bkops level if bkops is disabled
    - mtd: spi-nor: Split mt25qu512a (n25q512a) entry into two
    - phy: qualcomm: Adjust indentation in read_poll_timeout
    - ext2: Adjust indentation in ext2_fill_super
    - powerpc/44x: Adjust indentation in ibm4xx_denali_fixup_memsize
    - drm: msm: mdp4: Adjust indentation in mdp4_dsi_encoder_enable
    - NFC: pn544: Adjust indentation in pn544_hci_check_presence
    - ppp: Adjust indentation into ppp_async_input
    - net: smc911x: Adjust indentation in smc911x_phy_configure
    - net: tulip: Adjust indentation in {dmfe, uli526x}_init_module
    - IB/mlx5: Fix outstanding_pi index for GSI qps
    - IB/core: Fix ODP get user pages flow
    - nfsd: fix delay timer on 32-bit architectures
    - nfsd: fix jiffies/time_t mixup in LRU list
    - nfsd: Return the correct number of bytes written to the file
    - virtio-balloon: Fix memory leak when unloading while hinting is in progress
    - virtio_balloon: Fix memory leaks on errors in virtballoon_probe()
    - ubi: fastmap: Fix inverted logic in seen selfcheck
    - ubi: Fix an error pointer dereference in error handling code
    - ubifs: Fix memory leak from c->sup_node
    - regulator: core: Add regulator_is_equal() helper
    - ASoC: sgtl5000: Fix VDDA and VDDIO comparison
    - bonding/alb: properly access headers in bond_alb_xmit()
    - devlink: report 0 after hitting end in region read
    - dpaa_eth: support all modes with rate adapting PHYs
    - net: dsa: b53: Always use dev->vlan_enabled in b53_configure_vlan()
    - net: dsa: bcm_sf2: Only 7278 supports 2Gb/sec IMP port
    - net: dsa: microchip: enable module autoprobe
    - net: mvneta: move rx_dropped and rx_errors in per-cpu stats
    - net_sched: fix a resource leak in tcindex_set_parms()
    - net: stmmac: fix a possible endless loop
    - net: systemport: Avoid RBUF stuck in Wake-on-LAN mode
    - net/mlx5: IPsec, Fix esp modify function attribute
    - net/mlx5: IPsec, fix memory leak at mlx5_fpga_ipsec_delete_sa_ctx
    - net: macb: Remove unnecessary alignment check for TSO
    - net: macb: Limit maximum GEM TX length in TSO
    - taprio: Fix enabling offload with wrong number of traffic classes
    - taprio: Fix still allowing changing the flags during runtime
    - taprio: Add missing policy validation for flags
    - taprio: Use taprio_reset_tc() to reset Traffic Classes configuration
    - taprio: Fix dropping packets when using taprio + ETF offloading
    - ipv6/addrconf: fix potential NULL deref in inet6_set_link_af()
    - qed: Fix timestamping issue for L2 unicast ptp packets.
    - drop_monitor: Do not cancel uninitialized work item
    - net/mlx5: Fix deadlock in fs_core
    - net/mlx5: Deprecate usage of generic TLS HW capability bit
    - ASoC: Intel: skl_hda_dsp_common: Fix global-out-of-bounds bug
    - mfd: da9062: Fix watchdog compatible string
    - mfd: rn5t618: Mark ADC control register volatile
    - mfd: bd70528: Fix hour register mask
    - x86/timer: Don't skip PIT setup when APIC is disabled or in legacy mode
    - btrfs: use bool argument in free_root_pointers()
    - btrfs: free block groups after free'ing fs trees
    - drm/dp_mst: Remove VCPI while disabling topology mgr
    - KVM: x86/mmu: Apply max PA check for MMIO sptes to 32-bit KVM
    - KVM: x86: use CPUID to locate host page table reserved bits
    - KVM: x86: Use gpa_t for cr2/gpa to fix TDP support on 32-bit KVM
    - KVM: x86: fix overlap between SPTE_MMIO_MASK and generation
    - KVM: nVMX: vmread should not set rflags to specify success in case of #PF
    - KVM: Use vcpu-specific gva->hva translation when querying host page size
    - KVM: Play nice with read-only memslots when querying host page size
    - cifs: fail i/o on soft mounts if sessionsetup errors out
    - x86/apic/msi: Plug non-maskable MSI affinity race
    - clocksource: Prevent double add_timer_on() for watchdog_timer
    - perf/core: Fix mlock accounting in perf_mmap()
    - rxrpc: Fix service call disconnection
    - regulator fix for "regulator: core: Add regulator_is_equal() helper"
    - powerpc/kuap: Fix set direction in allow/prevent_user_access()
    - Linux 5.4.19
    - [Config] updateconfigs following v5.4.19 stable update

* 5.4.0-11 crash on cryptsetup open (LP: #1860231) // Focal update: v5.4.19
    upstream stable release (LP: #1863588)
    - dm: fix potential for q->make_request_fn NULL pointer

* Miscellaneous Ubuntu changes
    - update dkms package versions
    - [debian] ignore missing wireguard module
    - debian: remove snapdragon config, rules and flavour
    - [Config] updateconfigs following snapdragon removal
    - remove snapdragon abi files

-- Seth Forshee <seth.forshee@canonical.com>  Sat, 07 Mar 2020 10:23:40 -0600

Changed in linux (Ubuntu Focal):
status:	In Progress → Fix Released

Revision history for this message

Launchpad Janitor (janitor) wrote on 2020-03-17:

#14

Download full text (45.6 KiB)

This bug was fixed in the package linux-oem - 4.15.0-1076.86

---------------
linux-oem (4.15.0-1076.86) bionic; urgency=medium

* bionic/linux-oem: 4.15.0-1076.86 -proposed tracker (LP: #1865200)

[ Ubuntu: 4.15.0-91.92 ]

  * bionic/linux: 4.15.0-91.92 -proposed tracker (LP: #1865109)
  * CVE-2020-2732
    - KVM: x86: emulate RDPID
    - KVM: nVMX: Don't emulate instructions in guest mode
    - KVM: nVMX: Refactor IO bitmap checks into helper function
    - KVM: nVMX: Check IO instruction VM-exit conditions

linux-oem (4.15.0-1075.85) bionic; urgency=medium

* bionic/linux-oem: 4.15.0-1075.85 -proposed tracker (LP: #1864730)

* Packaging resync (LP: #1786013)
- [Packaging] resync dkms-build and family

[ Ubuntu: 4.15.0-90.91 ]

  * bionic/linux: 4.15.0-90.91 -proposed tracker (LP: #1864753)
  * dkms artifacts may expire from the pool (LP: #1850958)
    - [Packaging] autoreconstruct -- manage executable debian files
    - [packaging] handle downloads from the librarian better

[ Ubuntu: 4.15.0-90.90 ]

  * bionic/linux: 4.15.0-90.90 -proposed tracker (LP: #1864753)
  * vm-segv from ubuntu_stress_smoke_test failed on B (LP: #1864063)
    - Revert "apparmor: don't try to replace stale label in ptrace access check"

linux-oem (4.15.0-1074.84) bionic; urgency=medium

* bionic/linux-oem: 4.15.0-1074.84 -proposed tracker (LP: #1863312)

  * Root can lift kernel lockdown via USB/IP (LP: #1861238)
    - Revert "UBUNTU: SAUCE: (efi-lockdown) Add a SysRq option to lift kernel
      lockdown"

  * r8152 init may take up to 40 seconds at initialization with Dell WD19/WD19DC
    during hotplug (LP: #1864284)
    - SAUCE: r8151: check disconnect status after long sleep

  * alsa/hda/realtek: fix a mute led regression on Lenovo X1 Carbon
    (LP: #1864576)
    - SAUCE: ALSA: hda/realtek - Fix a regression for mute led on Lenovo Carbon X1

[ Ubuntu: 4.15.0-89.89 ]

This bug was fixed in the package linux-oem - 4.15.0-1076.86

---------------
linux-oem (4.15.0-1076.86) bionic; urgency=medium

* bionic/linux-oem: 4.15.0-1076.86 -proposed tracker (LP: #1865200)

[ Ubuntu: 4.15.0-91.92 ]

linux-oem (4.15.0-1075.85) bionic; urgency=medium

* bionic/linux-oem: 4.15.0-1075.85 -proposed tracker (LP: #1864730)

* Packaging resync (LP: #1786013)
    - [Packaging] resync dkms-build and family

[ Ubuntu: 4.15.0-90.91 ]

[ Ubuntu: 4.15.0-90.90 ]

linux-oem (4.15.0-1074.84) bionic; urgency=medium

* bionic/linux-oem: 4.15.0-1074.84 -proposed tracker (LP: #1863312)

* Root can lift kernel lockdown via USB/IP (LP: #1861238)
    - Revert "UBUNTU: SAUCE: (efi-lockdown) Add a SysRq option to lift kernel
      lockdown"

* r8152 init may take up to 40 seconds at initialization with Dell WD19/WD19DC
    during hotplug (LP: #1864284)
    - SAUCE: r8151: check disconnect status after long sleep

* alsa/hda/realtek: fix a mute led regression on Lenovo X1 Carbon
    (LP: #1864576)
    - SAUCE: ALSA: hda/realtek - Fix a regression for mute led on Lenovo Carbon X1

[ Ubuntu: 4.15.0-89.89 ]

* bionic/linux: 4.15.0-89.89 -proposed tracker (LP: #1863350)
  * [SRU][B/OEM-B] Fix multitouch support on some devices (LP: #1862567)
    - HID: core: move the dynamic quirks handling in core
    - HID: quirks: move the list of special devices into a quirk
    - HID: core: move the list of ignored devices in hid-quirks.c
    - HID: core: remove the absolute need of hid_have_special_driver[]
  * [linux] Patch to prevent possible data corruption (LP: #1848739)
    - blk-mq: silence false positive warnings in hctx_unlock()
  * Add bpftool to linux-tools-common (LP: #1774815)
    - tools/bpftool: fix bpftool build with bintutils >= 2.9
    - bpftool: make libbfd optional
    - [Debian] Remove binutils-dev build dependency
    - [Debian] package bpftool in linux-tools-common
  * Root can lift kernel lockdown via USB/IP (LP: #1861238)
    - Revert "UBUNTU: SAUCE: (efi-lockdown) Add a SysRq option to lift kernel
      lockdown"
  * [Bionic] i915 incomplete fix for CVE-2019-14615 (LP: #1862840) //
    CVE-2020-8832
    - drm/i915: Use same test for eviction and submitting kernel context
    - drm/i915: Define an engine class enum for the uABI
    - drm/i915: Force the switch to the i915->kernel_context
    - drm/i915: Move GT powersaving init to i915_gem_init()
    - drm/i915: Move intel_init_clock_gating() to i915_gem_init()
    - drm/i915: Inline intel_modeset_gem_init()
    - drm/i915: Mark the context state as dirty/written
    - drm/i915: Record the default hw state after reset upon load
  * Bionic update: upstream stable patchset 2020-02-12 (LP: #1863019)
    - xfs: Sanity check flags of Q_XQUOTARM call
    - mfd: intel-lpss: Add default I2C device properties for Gemini Lake
    - powerpc/archrandom: fix arch_get_random_seed_int()
    - tipc: fix wrong timeout input for tipc_wait_for_cond()
    - mt7601u: fix bbp version check in mt7601u_wait_bbp_ready
    - crypto: sun4i-ss - fix big endian issues
    - drm/sti: do not remove the drm_bridge that was never added
    - drm/virtio: fix bounds check in virtio_gpu_cmd_get_capset()
    - ALSA: hda: fix unused variable warning
    - apparmor: don't try to replace stale label in ptrace access check
    - PCI: iproc: Remove PAXC slot check to allow VF support
    - drm/hisilicon: hibmc: Don't overwrite fb helper surface depth
    - IB/rxe: replace kvfree with vfree
    - IB/hfi1: Add mtu check for operational data VLs
    - ALSA: usb-audio: update quirk for B&W PX to remove microphone
    - staging: comedi: ni_mio_common: protect register write overflow
    - pwm: lpss: Release runtime-pm reference from the driver's remove callback
    - drm/sun4i: hdmi: Fix double flag assignation
    - mlxsw: reg: QEEC: Add minimum shaper fields
    - NTB: ntb_hw_idt: replace IS_ERR_OR_NULL with regular NULL checks
    - pcrypt: use format specifier in kobject_add
    - exportfs: fix 'passing zero to ERR_PTR()' warning
    - drm/dp_mst: Skip validating ports during destruction, just ref
    - net: phy: Fix not to call phy_resume() if PHY is not attached
    - IB/rxe: Fix incorrect cache cleanup in error flow
    - staging: bcm2835-camera: Abort probe if there is no camera
    - switchtec: Remove immediate status check after submitting MRPC command
    - pinctrl: sh-pfc: r8a7740: Add missing REF125CK pin to gether_gmii group
    - pinctrl: sh-pfc: r8a7740: Add missing LCD0 marks to lcd0_data24_1 group
    - pinctrl: sh-pfc: r8a7791: Remove bogus ctrl marks from qspi_data4_b group
    - pinctrl: sh-pfc: r8a7791: Remove bogus marks from vin1_b_data18 group
    - pinctrl: sh-pfc: sh73a0: Add missing TO pin to tpu4_to3 group
    - pinctrl: sh-pfc: r8a7794: Remove bogus IPSR9 field
    - pinctrl: sh-pfc: sh7734: Add missing IPSR11 field
    - pinctrl: sh-pfc: r8a77995: Remove bogus SEL_PWM[0-3]_3 configurations
    - pinctrl: sh-pfc: sh7269: Add missing PCIOR0 field
    - pinctrl: sh-pfc: sh7734: Remove bogus IPSR10 value
    - vxlan: changelink: Fix handling of default remotes
    - Input: nomadik-ske-keypad - fix a loop timeout test
    - clk: highbank: fix refcount leak in hb_clk_init()
    - clk: qoriq: fix refcount leak in clockgen_init()
    - clk: socfpga: fix refcount leak
    - clk: samsung: exynos4: fix refcount leak in exynos4_get_xom()
    - clk: imx6q: fix refcount leak in imx6q_clocks_init()
    - clk: imx6sx: fix refcount leak in imx6sx_clocks_init()
    - clk: imx7d: fix refcount leak in imx7d_clocks_init()
    - clk: vf610: fix refcount leak in vf610_clocks_init()
    - clk: armada-370: fix refcount leak in a370_clk_init()
    - clk: kirkwood: fix refcount leak in kirkwood_clk_init()
    - clk: armada-xp: fix refcount leak in axp_clk_init()
    - clk: mv98dx3236: fix refcount leak in mv98dx3236_clk_init()
    - clk: dove: fix refcount leak in dove_clk_init()
    - MIPS: BCM63XX: drop unused and broken DSP platform device
    - IB/usnic: Fix out of bounds index check in query pkey
    - RDMA/ocrdma: Fix out of bounds index check in query pkey
    - RDMA/qedr: Fix out of bounds index check in query pkey
    - drm/shmob: Fix return value check in shmob_drm_probe
    - arm64: dts: apq8016-sbc: Increase load on l11 for SDCARD
    - spi: cadence: Correct initialisation of runtime PM
    - RDMA/iw_cxgb4: Fix the unchecked ep dereference
    - drm/etnaviv: NULL vs IS_ERR() buf in etnaviv_core_dump()
    - media: s5p-jpeg: Correct step and max values for
      V4L2_CID_JPEG_RESTART_INTERVAL
    - kbuild: mark prepare0 as PHONY to fix external module build
    - crypto: brcm - Fix some set-but-not-used warning
    - crypto: tgr192 - fix unaligned memory access
    - ASoC: imx-sgtl5000: put of nodes if finding codec fails
    - IB/iser: Pass the correct number of entries for dma mapped SGL
    - rtc: cmos: ignore bogus century byte
    - spi/topcliff_pch: Fix potential NULL dereference on allocation error
    - clk: sunxi-ng: sun8i-a23: Enable PLL-MIPI LDOs when ungating it
    - iwlwifi: mvm: avoid possible access out of array.
    - net/mlx5: Take lock with IRQs disabled to avoid deadlock
    - iwlwifi: mvm: fix A-MPDU reference assignment
    - tty: ipwireless: Fix potential NULL pointer dereference
    - driver: uio: fix possible memory leak in __uio_register_device
    - driver: uio: fix possible use-after-free in __uio_register_device
    - crypto: crypto4xx - Fix wrong ppc4xx_trng_probe()/ppc4xx_trng_remove()
      arguments
    - driver core: Do not resume suppliers under device_links_write_lock()
    - ARM: dts: lpc32xx: add required clocks property to keypad device node
    - ARM: dts: lpc32xx: reparent keypad controller to SIC1
    - ARM: dts: lpc32xx: fix ARM PrimeCell LCD controller variant
    - ARM: dts: lpc32xx: fix ARM PrimeCell LCD controller clocks property
    - ARM: dts: lpc32xx: phy3250: fix SD card regulator voltage
    - iwlwifi: mvm: fix RSS config command
    - staging: most: cdev: add missing check for cdev_add failure
    - rtc: ds1672: fix unintended sign extension
    - thermal: mediatek: fix register index error
    - net: phy: fixed_phy: Fix fixed_phy not checking GPIO
    - rtc: ds1307: rx8130: Fix alarm handling
    - rtc: 88pm860x: fix unintended sign extension
    - rtc: 88pm80x: fix unintended sign extension
    - rtc: pm8xxx: fix unintended sign extension
    - fbdev: chipsfb: remove set but not used variable 'size'
    - iw_cxgb4: use tos when importing the endpoint
    - iw_cxgb4: use tos when finding ipv6 routes
    - drm/etnaviv: potential NULL dereference
    - pinctrl: sh-pfc: emev2: Add missing pinmux functions
    - pinctrl: sh-pfc: r8a7791: Fix scifb2_data_c pin group
    - pinctrl: sh-pfc: r8a7792: Fix vin1_data18_b pin group
    - pinctrl: sh-pfc: sh73a0: Fix fsic_spdif pin groups
    - PCI: endpoint: functions: Use memcpy_fromio()/memcpy_toio()
    - usb: phy: twl6030-usb: fix possible use-after-free on remove
    - block: don't use bio->bi_vcnt to figure out segment number
    - keys: Timestamp new keys
    - vfio_pci: Enable memory accesses before calling pci_map_rom
    - hwmon: (pmbus/tps53679) Fix driver info initialization in probe routine
    - KVM: PPC: Release all hardware TCE tables attached to a group
    - staging: r8822be: check kzalloc return or bail
    - dmaengine: mv_xor: Use correct device for DMA API
    - cdc-wdm: pass return value of recover_from_urb_loss
    - regulator: pv88060: Fix array out-of-bounds access
    - regulator: pv88080: Fix array out-of-bounds access
    - regulator: pv88090: Fix array out-of-bounds access
    - net: dsa: qca8k: Enable delay for RGMII_ID mode
    - drm/nouveau/bios/ramcfg: fix missing parentheses when calculating RON
    - drm/nouveau/pmu: don't print reply values if exec is false
    - ASoC: qcom: Fix of-node refcount unbalance in apq8016_sbc_parse_of()
    - fs/nfs: Fix nfs_parse_devname to not modify it's argument
    - staging: rtlwifi: Use proper enum for return in halmac_parse_psd_data_88xx
    - powerpc/64s: Fix logic when handling unknown CPU features
    - NFS: Fix a soft lockup in the delegation recovery code
    - clocksource/drivers/sun5i: Fail gracefully when clock rate is unavailable
    - clocksource/drivers/exynos_mct: Fix error path in timer resources
      initialization
    - platform/x86: wmi: fix potential null pointer dereference
    - NFS/pnfs: Bulk destroy of layouts needs to be safe w.r.t. umount
    - mmc: sdhci-brcmstb: handle mmc_of_parse() errors during probe
    - ARM: 8847/1: pm: fix HYP/SVC mode mismatch when MCPM is used
    - ARM: 8848/1: virt: Align GIC version check with arm64 counterpart
    - regulator: wm831x-dcdc: Fix list of wm831x_dcdc_ilim from mA to uA
    - netfilter: nft_set_hash: fix lookups with fixed size hash on big endian
    - NFSv4/flexfiles: Fix invalid deref in FF_LAYOUT_DEVID_NODE()
    - net: aquantia: fixed instack structure overflow
    - powerpc/mm: Check secondary hash page table
    - nios2: ksyms: Add missing symbol exports
    - x86/mm: Remove unused variable 'cpu'
    - scsi: megaraid_sas: reduce module load time
    - drivers/rapidio/rio_cm.c: fix potential oops in riocm_ch_listen()
    - xen, cpu_hotplug: Prevent an out of bounds access
    - net: sh_eth: fix a missing check of of_get_phy_mode
    - regulator: lp87565: Fix missing register for LP87565_BUCK_0
    - media: ivtv: update *pos correctly in ivtv_read_pos()
    - media: cx18: update *pos correctly in cx18_read_pos()
    - media: wl128x: Fix an error code in fm_download_firmware()
    - media: cx23885: check allocation return
    - regulator: tps65086: Fix tps65086_ldoa1_ranges for selector 0xB
    - jfs: fix bogus variable self-initialization
    - tipc: tipc clang warning
    - m68k: mac: Fix VIA timer counter accesses
    - arm64: dts: allwinner: a64: Add missing PIO clocks
    - ARM: OMAP2+: Fix potentially uninitialized return value for _setup_reset()
    - media: davinci-isif: avoid uninitialized variable use
    - media: tw5864: Fix possible NULL pointer dereference in tw5864_handle_frame
    - spi: tegra114: clear packed bit for unpacked mode
    - spi: tegra114: fix for unpacked mode transfers
    - spi: tegra114: terminate dma and reset on transfer timeout
    - spi: tegra114: flush fifos
    - spi: tegra114: configure dma burst size to fifo trig level
    - soc/fsl/qe: Fix an error code in qe_pin_request()
    - spi: bcm2835aux: fix driver to not allow 65535 (=-1) cs-gpios
    - ehea: Fix a copy-paste err in ehea_init_port_res
    - scsi: qla2xxx: Unregister chrdev if module initialization fails
    - scsi: target/core: Fix a race condition in the LUN lookup code
    - ARM: pxa: ssp: Fix "WARNING: invalid free of devm_ allocated data"
    - net: hns3: fix for vport->bw_limit overflow problem
    - hwmon: (w83627hf) Use request_muxed_region for Super-IO accesses
    - platform/x86: alienware-wmi: fix kfree on potentially uninitialized pointer
    - tipc: set sysctl_tipc_rmem and named_timeout right range
    - selftests/ipc: Fix msgque compiler warnings
    - powerpc: vdso: Make vdso32 installation conditional in vdso_install
    - ARM: dts: ls1021: Fix SGMII PCS link remaining down after PHY disconnect
    - media: ov2659: fix unbalanced mutex_lock/unlock
    - 6lowpan: Off by one handling ->nexthdr
    - dmaengine: axi-dmac: Don't check the number of frames for alignment
    - ALSA: usb-audio: Handle the error from snd_usb_mixer_apply_create_quirk()
    - NFS: Don't interrupt file writeout due to fatal errors
    - irqchip/gic-v3-its: fix some definitions of inner cacheability attributes
    - scsi: qla2xxx: Fix a format specifier
    - scsi: qla2xxx: Avoid that qlt_send_resp_ctio() corrupts memory
    - packet: in recvmsg msg_name return at least sizeof sockaddr_ll
    - ASoC: fix valid stream condition
    - usb: gadget: fsl: fix link error against usb-gadget module
    - dwc2: gadget: Fix completed transfer size calculation in DDMA
    - IB/mlx5: Add missing XRC options to QP optional params mask
    - iommu/vt-d: Make kernel parameter igfx_off work with vIOMMU
    - dmaengine: tegra210-adma: restore channel status
    - mmc: core: fix possible use after free of host
    - lightnvm: pblk: fix lock order in pblk_rb_tear_down_check
    - afs: Fix the afs.cell and afs.volume xattr handlers
    - vfio/mdev: Avoid release parent reference during error path
    - vfio/mdev: Fix aborting mdev child device removal if one fails
    - l2tp: Fix possible NULL pointer dereference
    - media: omap_vout: potential buffer overflow in vidioc_dqbuf()
    - media: davinci/vpbe: array underflow in vpbe_enum_outputs()
    - platform/x86: alienware-wmi: printing the wrong error code
    - crypto: caam - fix caam_dump_sg that iterates through scatterlist
    - netfilter: ebtables: CONFIG_COMPAT: reject trailing data after last rule
    - pwm: meson: Consider 128 a valid pre-divider
    - pwm: meson: Don't disable PWM when setting duty repeatedly
    - ARM: riscpc: fix lack of keyboard interrupts after irq conversion
    - kdb: do a sanity check on the cpu in kdb_per_cpu()
    - backlight: lm3630a: Return 0 on success in update_status functions
    - thermal: cpu_cooling: Actually trace CPU load in thermal_power_cpu_get_power
    - EDAC/mc: Fix edac_mc_find() in case no device is found
    - ARM: dts: sun8i-h3: Fix wifi in Beelink X2 DT
    - dmaengine: tegra210-adma: Fix crash during probe
    - arm64: dts: meson: libretech-cc: set eMMC as removable
    - RDMA/qedr: Fix incorrect device rate.
    - spi: spi-fsl-spi: call spi_finalize_current_message() at the end
    - crypto: ccp - fix AES CFB error exposed by new test vectors
    - crypto: ccp - Fix 3DES complaint from ccp-crypto module
    - serial: stm32: fix rx error handling
    - serial: stm32: fix transmit_chars when tx is stopped
    - serial: stm32: Add support of TC bit status check
    - serial: stm32: fix wakeup source initialization
    - misc: sgi-xp: Properly initialize buf in xpc_get_rsvd_page_pa
    - iommu: Use right function to get group for device
    - signal/cifs: Fix cifs_put_tcp_session to call send_sig instead of force_sig
    - inet: frags: call inet_frags_fini() after unregister_pernet_subsys()
    - netvsc: unshare skb in VF rx handler
    - cpufreq: brcmstb-avs-cpufreq: Fix initial command check
    - cpufreq: brcmstb-avs-cpufreq: Fix types for voltage/frequency
    - media: vivid: fix incorrect assignment operation when setting video mode
    - mpls: fix warning with multi-label encap
    - iommu/vt-d: Duplicate iommu_resv_region objects per device list
    - qed: iWARP - Use READ_ONCE and smp_store_release to access ep->state
    - powerpc/cacheinfo: add cacheinfo_teardown, cacheinfo_rebuild
    - powerpc/pseries/mobility: rebuild cacheinfo hierarchy post-migration
    - drm/msm/mdp5: Fix mdp5_cfg_init error return
    - net: netem: fix backlog accounting for corrupted GSO frames
    - net/af_iucv: always register net_device notifier
    - ASoC: ti: davinci-mcasp: Fix slot mask settings when using multiple AXRs
    - rtc: pcf8563: Fix interrupt trigger method
    - rtc: pcf8563: Clear event flags and disable interrupts before requesting irq
    - drm/msm/a3xx: remove TPL1 regs from snapshot
    - perf/ioctl: Add check for the sample_period value
    - dmaengine: hsu: Revert "set HSU_CH_MTSR to memory width"
    - clk: qcom: Fix -Wunused-const-variable
    - nvmem: imx-ocotp: Ensure WAIT bits are preserved when setting timing
    - bnxt_en: Fix ethtool selftest crash under error conditions.
    - iommu/amd: Make iommu_disable safer
    - mfd: intel-lpss: Release IDA resources
    - rxrpc: Fix uninitialized error code in rxrpc_send_data_packet()
    - devres: allow const resource arguments
    - net: pasemi: fix an use-after-free in pasemi_mac_phy_init()
    - scsi: libfc: fix null pointer dereference on a null lport
    - clk: sunxi-ng: v3s: add the missing PLL_DDR1
    - PM: sleep: Fix possible overflow in pm_system_cancel_wakeup()
    - libertas_tf: Use correct channel range in lbtf_geo_init
    - qed: reduce maximum stack frame size
    - usb: host: xhci-hub: fix extra endianness conversion
    - mic: avoid statically declaring a 'struct device'.
    - x86/kgbd: Use NMI_VECTOR not APIC_DM_NMI
    - crypto: ccp - Reduce maximum stack usage
    - ALSA: aoa: onyx: always initialize register read value
    - tipc: reduce risk of wakeup queue starvation
    - ARM: dts: stm32: add missing vdda-supply to adc on stm32h743i-eval
    - net/mlx5: Fix mlx5_ifc_query_lag_out_bits
    - cifs: fix rmmod regression in cifs.ko caused by force_sig changes
    - crypto: caam - free resources in case caam_rng registration failed
    - ext4: set error return correctly when ext4_htree_store_dirent fails
    - ASoC: es8328: Fix copy-paste error in es8328_right_line_controls
    - ASoC: cs4349: Use PM ops 'cs4349_runtime_pm'
    - ASoC: wm8737: Fix copy-paste error in wm8737_snd_controls
    - net/rds: Add a few missing rds_stat_names entries
    - bnxt_en: Fix handling FRAG_ERR when NVM_INSTALL_UPDATE cmd fails
    - signal: Allow cifs and drbd to receive their terminating signals
    - ASoC: sun4i-i2s: RX and TX counter registers are swapped
    - dmaengine: dw: platform: Switch to acpi_dma_controller_register()
    - mac80211: minstrel_ht: fix per-group max throughput rate initialization
    - media: atmel: atmel-isi: fix timeout value for stop streaming
    - rtc: pcf2127: bugfix: read rtc disables watchdog
    - mips: avoid explicit UB in assignment of mips_io_port_base
    - iommu/mediatek: Fix iova_to_phys PA start for 4GB mode
    - ahci: Do not export local variable ahci_em_messages
    - Partially revert "kfifo: fix kfifo_alloc() and kfifo_init()"
    - hwmon: (lm75) Fix write operations for negative temperatures
    - power: supply: Init device wakeup after device_add()
    - x86, perf: Fix the dependency of the x86 insn decoder selftest
    - staging: greybus: light: fix a couple double frees
    - irqdomain: Add the missing assignment of domain->fwnode for named fwnode
    - bcma: fix incorrect update of BCMA_CORE_PCI_MDIO_DATA
    - iio: dac: ad5380: fix incorrect assignment to val
    - ath9k: dynack: fix possible deadlock in ath_dynack_node_{de}init
    - tty: serial: fsl_lpuart: Use appropriate lpuart32_* I/O funcs
    - net: sonic: return NETDEV_TX_OK if failed to map buffer
    - scsi: fnic: fix msix interrupt allocation
    - Btrfs: fix hang when loading existing inode cache off disk
    - Btrfs: fix inode cache waiters hanging on failure to start caching thread
    - Btrfs: fix inode cache waiters hanging on path allocation failure
    - btrfs: use correct count in btrfs_file_write_iter()
    - ixgbe: sync the first fragment unconditionally
    - hwmon: (shtc1) fix shtc1 and shtw1 id mask
    - net: sonic: replace dev_kfree_skb in sonic_send_packet
    - pinctrl: iproc-gpio: Fix incorrect pinconf configurations
    - ath10k: adjust skb length in ath10k_sdio_mbox_rx_packet
    - RDMA/cma: Fix false error message
    - net/rds: Fix 'ib_evt_handler_call' element in 'rds_ib_stat_names'
    - iommu/amd: Wait for completion of IOTLB flush in attach_device
    - net: aquantia: Fix aq_vec_isr_legacy() return value
    - net: hisilicon: Fix signedness bug in hix5hd2_dev_probe()
    - net: broadcom/bcmsysport: Fix signedness in bcm_sysport_probe()
    - net: stmmac: dwmac-meson8b: Fix signedness bug in probe
    - net: axienet: fix a signedness bug in probe
    - of: mdio: Fix a signedness bug in of_phy_get_and_connect()
    - net: ethernet: stmmac: Fix signedness bug in ipq806x_gmac_of_parse()
    - nvme: retain split access workaround for capability reads
    - net: stmmac: gmac4+: Not all Unicast addresses may be available
    - mac80211: accept deauth frames in IBSS mode
    - llc: fix another potential sk_buff leak in llc_ui_sendmsg()
    - llc: fix sk_buff refcounting in llc_conn_state_process()
    - net: stmmac: fix length of PTP clock's name string
    - act_mirred: Fix mirred_init_module error handling
    - net: avoid possible false sharing in sk_leave_memory_pressure()
    - net: add {READ|WRITE}_ONCE() annotations on ->rskq_accept_head
    - tcp: annotate lockless access to tcp_memory_pressure
    - drm/msm/dsi: Implement reset correctly
    - dmaengine: imx-sdma: fix size check for sdma script_number
    - net: netem: fix error path for corrupted GSO frames
    - net: netem: correct the parent's backlog when corrupted packet was dropped
    - net: qca_spi: Move reset_count to struct qcaspi
    - afs: Fix large file support
    - MIPS: Loongson: Fix return value of loongson_hwmon_init
    - hv_netvsc: flag software created hash value
    - net: neigh: use long type to store jiffies delta
    - packet: fix data-race in fanout_flow_is_huge()
    - mmc: sdio: fix wl1251 vendor id
    - mmc: core: fix wl1251 sdio quirks
    - affs: fix a memory leak in affs_remount
    - dmaengine: ti: edma: fix missed failure handling
    - drm/radeon: fix bad DMA from INTERRUPT_CNTL2
    - arm64: dts: juno: Fix UART frequency
    - IB/iser: Fix dma_nents type definition
    - serial: stm32: fix clearing interrupt error flags
    - m68k: Call timer_interrupt() with interrupts disabled
    - SUNRPC: Fix svcauth_gss_proxy_init()
    - perf map: No need to adjust the long name of modules
    - ipmi: Fix memory leak in __ipmi_bmc_register
    - apparmor: Fix network performance issue in aa_label_sk_perm
    - firmware: coreboot: Let OF core populate platform device
    - bridge: br_arp_nd_proxy: set icmp6_router if neigh has NTF_ROUTER
    - signal/ia64: Use the generic force_sigsegv in setup_frame
    - ASoC: wm9712: fix unused variable warning
    - genirq/debugfs: Reinstate full OF path for domain name
    - usb: gadget: fsl_udc_core: check allocation return value and cleanup on
      failure
    - cfg80211: regulatory: make initialization more robust
    - net: socionext: Add dummy PHY register read in phy_write()
    - mlxsw: spectrum: Set minimum shaper on MC TCs
    - pinctrl: meson-gxl: remove invalid GPIOX tsin_a pins
    - drm: rcar-du: Fix vblank initialization
    - arm64: dts: meson-gx: Add hdmi_5v regulator as hdmi tx supply
    - IB/hfi1: Correctly process FECN and BECN in packets
    - OPP: Fix missing debugfs supply directory for OPPs
    - staging: bcm2835-camera: fix module autoloading
    - fork,memcg: fix crash in free_thread_stack on memcg charge fail
    - arm64: defconfig: Re-enable bcm2835-thermal driver
    - remoteproc: qcom: q6v5-mss: Add missing clocks for MSM8996
    - remoteproc: qcom: q6v5-mss: Add missing regulator for MSM8996
    - drm: Fix error handling in drm_legacy_addctx
    - ARM: dts: r8a7743: Remove generic compatible string from iic3
    - drm/etnaviv: fix some off by one bugs
    - fork, memcg: fix cached_stacks case
    - net: hns3: fix wrong combined count returned by ethtool -l
    - net: hns3: fix bug of ethtool_ops.get_channels for VF
    - ARM: dts: sun8i-a23-a33: Move NAND controller device node to sort by address
    - clk: ingenic: jz4740: Fix gating of UDC clock
    - ntb_hw_switchtec: NT req id mapping table register entry number should be
      512
    - net: dsa: b53: Fix default VLAN ID
    - net: dsa: b53: Properly account for VLAN filtering
    - net: dsa: b53: Do not program CPU port's PVID
    - drm/nouveau: fix missing break in switch statement
    - net: dsa: fix unintended change of bridge interface STP state
    - perf: Copy parent's address filter offsets on clone
    - netfilter: nft_set_hash: bogus element self comparison from deactivation
      path
    - iommu/vt-d: Fix NULL pointer reference in intel_svm_bind_mm()
    - NFS: Add missing encode / decode sequence_maxsz to v4.2 operations
    - ARM: dts: sun8i: a33: Reintroduce default pinctrl muxing
    - ARM: dts: sun9i: optimus: Fix fixed-regulators
    - bus: ti-sysc: Fix sysc_unprepare() when no clocks have been allocated
    - arm64/vdso: don't leak kernel addresses
    - rtc: mt6397: Don't call irq_dispose_mapping.
    - bpf: Add missed newline in verifier verbose log
    - ACPI: button: reinitialize button state upon resume
    - soc: amlogic: meson-gx-pwrc-vpu: Fix power on/off register bitmask
    - net: hns3: fix loop condition of hns3_get_tx_timeo_queue_info()
    - afs: Fix AFS file locking to allow fine grained locks
    - afs: Further fix file locking
    - scsi: qla2xxx: Fix error handling in qlt_alloc_qfull_cmd()
    - KVM: PPC: Book3S HV: Fix lockdep warning when entering the guest
    - vfio/mdev: Follow correct remove sequence
    - ALSA: aica: Fix a long-time build breakage
    - nfp: bpf: fix static check error through tightening shift amount adjustment
    - thermal: rcar_gen3_thermal: fix interrupt type
    - afs: Fix lock-wait/callback-break double locking
    - afs: Fix double inc of vnode->cb_break
    - clk: meson: gxbb: no spread spectrum on mpll0
    - serial: stm32: fix word length configuration
    - serial: stm32: fix rx data length when parity enabled
    - net: hns3: fix a memory leak issue for hclge_map_unmap_ring_to_vf_vector
    - crypto: talitos - fix AEAD processing.
    - net: don't clear sock->sk early to avoid trouble in strparser
    - crypto: inside-secure - fix zeroing of the request in ahash_exit_inv
    - arm64: dts: meson-gxm-khadas-vim2: fix gpio-keys-polled node
    - arm64: dts: meson-gxm-khadas-vim2: fix Bluetooth support
    - phy: usb: phy-brcm-usb: Remove sysfs attributes upon driver removal
    - qed: iWARP - fix uninitialized callback
    - IB/hfi1: Handle port down properly in pio
    - net/af_iucv: build proper skbs for HiperTransport
    - ARM: dts: iwg20d-q7-common: Fix SDHI1 VccQ regularor
    - ip6_fib: Don't discard nodes with valid routing information in
      fib6_locate_1()
    - nvmem: imx-ocotp: Change TIMING calculation to u-boot algorithm
    - fork,memcg: alloc_thread_stack_node needs to set tsk->stack
    - PM: ACPI/PCI: Resume all devices during hibernation
    - ACPI: PM: Simplify and fix PM domain hibernation callbacks
    - ACPI: PM: Introduce "poweroff" callbacks for ACPI PM domain and LPSS
    - drm/panel: make drm_panel.h self-contained
    - cxgb4: smt: Add lock for atomic_dec_and_test
    - powerpc/64s/radix: Fix memory hot-unplug page table split
    - rtc: rv3029: revert error handling patch to rv3029_eeprom_write()
    - i40e: reduce stack usage in i40e_set_fc
    - ARM: 8896/1: VDSO: Don't leak kernel addresses
    - rxrpc: Fix lack of conn cleanup when local endpoint is cleaned up [ver #2]
    - usb: typec: tps6598x: Fix build error without CONFIG_REGMAP_I2C
    - bcache: Fix an error code in bch_dump_read()
    - ARM: dts: aspeed-g5: Fixe gpio-ranges upper limit
    - net: hns3: fix error VF index when setting VLAN offload
    - mailbox: qcom-apcs: fix max_register value
    - powerpc/mm/mce: Keep irqs disabled during lockless page table walk
    - net: netsec: Fix signedness bug in netsec_probe()
    - s390/qeth: Fix error handling during VNICC initialization
    - s390/qeth: Fix initialization of vnicc cmd masks during set online
    - vhost/test: stop device before reset
    - arm64: hibernate: check pgd table allocation
    - afs: Fix missing timeout reset
    - hwrng: omap3-rom - Fix missing clock by probing with device tree
    - arm64: dts: meson-gxm-khadas-vim2: fix uart_A bluetooth node
  * Bionic update: upstream stable patchset 2020-02-06 (LP: #1862259)
    - dt-bindings: reset: meson8b: fix duplicate reset IDs
    - clk: Don't try to enable critical clocks if prepare failed
    - ASoC: msm8916-wcd-analog: Fix selected events for MIC BIAS External1
    - ALSA: seq: Fix racy access for queue timer in proc read
    - Fix built-in early-load Intel microcode alignment
    - block: fix an integer overflow in logical block size
    - ARM: dts: am571x-idk: Fix gpios property to have the correct gpio number
    - iio: buffer: align the size of scan bytes to size of the largest element
    - USB: serial: simple: Add Motorola Solutions TETRA MTP3xxx and MTP85xx
    - USB: serial: option: Add support for Quectel RM500Q
    - USB: serial: opticon: fix control-message timeouts
    - USB: serial: option: add support for Quectel RM500Q in QDL mode
    - USB: serial: suppress driver bind attributes
    - USB: serial: ch341: handle unbound port at reset_resume
    - USB: serial: io_edgeport: add missing active-port sanity check
    - USB: serial: keyspan: handle unbound ports
    - USB: serial: quatech2: handle unbound ports
    - scsi: fnic: fix invalid stack access
    - scsi: mptfusion: Fix double fetch bug in ioctl
    - ptrace: reintroduce usage of subjective credentials in ptrace_has_cap()
    - usb: core: hub: Improved device recognition on remote wakeup
    - x86/resctrl: Fix an imbalance in domain_remove_cpu()
    - x86/efistub: Disable paging at mixed mode entry
    - perf hists: Fix variable name's inconsistency in hists__for_each() macro
    - perf report: Fix incorrectly added dimensions as switch perf data file
    - mm/shmem.c: thp, shmem: fix conflict of above-47bit hint address and PMD
      alignment
    - btrfs: fix memory leak in qgroup accounting
    - mm/page-writeback.c: avoid potential division by zero in wb_min_max_ratio()
    - net: stmmac: 16KB buffer must be 16 byte aligned
    - net: stmmac: Enable 16KB buffer size
    - USB: serial: io_edgeport: use irqsave() in USB's complete callback
    - USB: serial: io_edgeport: handle unbound ports on URB completion
    - mm/huge_memory.c: make __thp_get_unmapped_area static
    - mm/huge_memory.c: thp: fix conflict of above-47bit hint address and PMD
      alignment
    - arm64: dts: agilex/stratix10: fix pmu interrupt numbers
    - cfg80211: fix page refcount issue in A-MSDU decap
    - netfilter: fix a use-after-free in mtype_destroy()
    - netfilter: arp_tables: init netns pointer in xt_tgdtor_param struct
    - NFC: pn533: fix bulk-message timeout
    - batman-adv: Fix DAT candidate selection on little endian systems
    - macvlan: use skb_reset_mac_header() in macvlan_queue_xmit()
    - hv_netvsc: Fix memory leak when removing rndis device
    - net: dsa: tag_qca: fix doubled Tx statistics
    - net: hns: fix soft lockup when there is not enough memory
    - net: usb: lan78xx: limit size of local TSO packets
    - net/wan/fsl_ucc_hdlc: fix out of bounds write on array utdm_info
    - ptp: free ptp device pin descriptors properly
    - r8152: add missing endpoint sanity check
    - tcp: fix marked lost packets not being retransmitted
    - xen/blkfront: Adjust indentation in xlvbd_alloc_gendisk
    - cw1200: Fix a signedness bug in cw1200_load_firmware()
    - arm64: dts: meson-gxl-s905x-khadas-vim: fix gpio-keys-polled node
    - cfg80211: check for set_wiphy_params
    - tick/sched: Annotate lockless access to last_jiffies_update
    - Revert "arm64: dts: juno: add dma-ranges property"
    - reiserfs: fix handling of -EOPNOTSUPP in reiserfs_for_each_xattr
    - scsi: esas2r: unlock on error in esas2r_nvram_read_direct()
    - scsi: qla4xxx: fix double free bug
    - scsi: bnx2i: fix potential use after free
    - scsi: target: core: Fix a pr_debug() argument
    - scsi: qla2xxx: Fix qla2x00_request_irqs() for MSI
    - scsi: qla2xxx: fix rports not being mark as lost in sync fabric scan
    - scsi: core: scsi_trace: Use get_unaligned_be*()
    - perf probe: Fix wrong address verification
    - regulator: ab8500: Remove SYSCLKREQ from enum ab8505_regulator_id
    - ARM: dts: meson8: fix the size of the PMU registers
    - LSM: generalize flag passing to security_capable
    - drm/i915: Add missing include file <linux/math64.h>
    - btrfs: do not delete mismatched root refs
    - ARM: dts: imx6qdl: Add Engicam i.Core 1.5 MX6
    - ARM: dts: imx7: Fix Toradex Colibri iMX7S 256MB NAND flash support
    - mlxsw: spectrum: Wipe xstats.backlog of down ports
    - tcp: refine rule to allow EPOLLOUT generation under mem pressure
    - mtd: devices: fix mchp23k256 read and write
    - drm/nouveau/bar/nv50: check bar1 vmm return value
    - drm/nouveau/bar/gf100: ensure BAR is mapped
    - drm/nouveau/mmu: qualify vmm during dtor
  * Bionic update: upstream stable patchset 2020-02-04 (LP: #1861934)
    - chardev: Avoid potential use-after-free in 'chrdev_open()'
    - usb: chipidea: host: Disable port power only if previously enabled
    - ALSA: usb-audio: Apply the sample rate quirk for Bose Companion 5
    - ALSA: hda/realtek - Add new codec supported for ALCS1200A
    - ALSA: hda/realtek - Set EAPD control to default for ALC222
    - kernel/trace: Fix do not unregister tracepoints when register
      sched_migrate_task fail
    - tracing: Have stack tracer compile when MCOUNT_INSN_SIZE is not defined
    - HID: Fix slab-out-of-bounds read in hid_field_extract
    - HID: uhid: Fix returning EPOLLOUT from uhid_char_poll
    - can: gs_usb: gs_usb_probe(): use descriptors of current altsetting
    - can: mscan: mscan_rx_poll(): fix rx path lockup when returning from polling
      to irq mode
    - can: can_dropped_invalid_skb(): ensure an initialized headroom in outgoing
      CAN sk_buffs
    - gpiolib: acpi: Turn dmi_system_id table into a generic quirk table
    - gpiolib: acpi: Add honor_wakeup module-option + quirk mechanism
    - staging: vt6656: set usb_set_intfdata on driver fail.
    - USB: serial: option: add ZLP support for 0x1bc7/0x9010
    - usb: musb: fix idling for suspend after disconnect interrupt
    - usb: musb: Disable pullup at init
    - usb: musb: dma: Correct parameter passed to IRQ handler
    - staging: comedi: adv_pci1710: fix AI channels 16-31 for PCI-1713
    - HID: hid-input: clear unmapped usages
    - Input: add safety guards to input_set_keycode()
    - drm/fb-helper: Round up bits_per_pixel if possible
    - drm/dp_mst: correct the shifting in DP_REMOTE_I2C_READ
    - staging: rtl8188eu: Add device code for TP-Link TL-WN727N v5.21
    - tty: link tty and port before configuring it as console
    - tty: always relink the port
    - mwifiex: pcie: Fix memory leak in mwifiex_pcie_alloc_cmdrsp_buf
    - scsi: bfa: release allocated memory in case of error
    - rtl8xxxu: prevent leaking urb
    - arm64: cpufeature: Avoid warnings due to unused symbols
    - HID: hiddev: fix mess in hiddev_open()
    - USB: Fix: Don't skip endpoint descriptors with maxpacket=0
    - phy: cpcap-usb: Fix error path when no host driver is loaded
    - phy: cpcap-usb: Fix flakey host idling and enumerating of devices
    - netfilter: arp_tables: init netns pointer in xt_tgchk_param struct
    - netfilter: ipset: avoid null deref when IPSET_ATTR_LINENO is present
    - ALSA: hda/realtek - Add quirk for the bass speaker on Lenovo Yoga X1 7th gen
    - tracing: Change offset type to s32 in preempt/irq tracepoints
    - serdev: Don't claim unsupported ACPI serial devices
    - netfilter: conntrack: dccp, sctp: handle null timeout argument
    - hidraw: Return EPOLLOUT from hidraw_poll
    - HID: hidraw: Fix returning EPOLLOUT from hidraw_poll
    - HID: hidraw, uhid: Always report EPOLLOUT
    - ethtool: reduce stack usage with clang
    - fs/select: avoid clang stack usage warning
    - arm64: don't open code page table entry creation
    - arm64: mm: Change page table pointer name in p[md]_set_huge()
    - arm64: Enforce BBM for huge IO/VMAP mappings
    - arm64: Make sure permission updates happen for pmd/pud
    - media: usb:zr364xx:Fix KASAN:null-ptr-deref Read in zr364xx_vidioc_querycap
    - wimax: i2400: fix memory leak
    - wimax: i2400: Fix memory leak in i2400m_op_rfkill_sw_toggle
    - iwlwifi: dbg_ini: fix memory leak in alloc_sgtable
    - rtc: mt6397: fix alarm register overwrite
    - RDMA/bnxt_re: Fix Send Work Entry state check while polling completions
    - ASoC: stm32: spdifrx: fix inconsistent lock state
    - ASoC: stm32: spdifrx: fix race condition in irq handler
    - gpio: zynq: Fix for bug in zynq_gpio_restore_context API
    - iommu: Remove device link to group on failure
    - gpio: Fix error message on out-of-range GPIO in lookup table
    - hsr: reset network header when supervision frame is created
    - cifs: Adjust indentation in smb2_open_file
    - btrfs: simplify inode locking for RWF_NOWAIT
    - RDMA/mlx5: Return proper error value
    - RDMA/srpt: Report the SCSI residual to the initiator
    - scsi: enclosure: Fix stale device oops with hot replug
    - scsi: sd: Clear sdkp->protection_type if disk is reformatted without PI
    - platform/x86: asus-wmi: Fix keyboard brightness cannot be set to 0
    - xprtrdma: Fix completion wait during device removal
    - NFSv4.x: Drop the slot if nfs4_delegreturn_prepare waits for layoutreturn
    - iio: imu: adis16480: assign bias value only if operation succeeded
    - mei: fix modalias documentation
    - clk: samsung: exynos5420: Preserve CPU clocks configuration during
      suspend/resume
    - pinctl: ti: iodelay: fix error checking on pinctrl_count_index_with_args
      call
    - pinctrl: lewisburg: Update pin list according to v1.1v6
    - scsi: sd: enable compat ioctls for sed-opal
    - arm64: dts: apq8096-db820c: Increase load on l21 for SDCARD
    - af_unix: add compat_ioctl support
    - compat_ioctl: handle SIOCOUTQNSD
    - PCI/PTM: Remove spurious "d" from granularity message
    - powerpc/powernv: Disable native PCIe port management
    - tty: serial: imx: use the sg count from dma_map_sg
    - tty: serial: pch_uart: correct usage of dma_unmap_sg
    - media: ov6650: Fix incorrect use of JPEG colorspace
    - media: ov6650: Fix some format attributes not under control
    - media: ov6650: Fix .get_fmt() V4L2_SUBDEV_FORMAT_TRY support
    - media: exynos4-is: Fix recursive locking in isp_video_release()
    - mtd: spi-nor: fix silent truncation in spi_nor_read()
    - mtd: spi-nor: fix silent truncation in spi_nor_read_raw()
    - spi: atmel: fix handling of cs_change set on non-last xfer
    - rtlwifi: Remove unnecessary NULL check in rtl_regd_init
    - f2fs: fix potential overflow
    - rtc: msm6242: Fix reading of 10-hour digit
    - gpio: mpc8xxx: Add platform device to gpiochip->parent
    - scsi: libcxgbi: fix NULL pointer dereference in cxgbi_device_destroy()
    - rseq/selftests: Turn off timeout setting
    - mips: cacheinfo: report shared CPU map
    - MIPS: Prevent link failure with kcov instrumentation
    - dmaengine: k3dma: Avoid null pointer traversal
    - ioat: ioat_alloc_ring() failure handling.
    - hexagon: parenthesize registers in asm predicates
    - hexagon: work around compiler crash
    - ocfs2: call journal flush to mark journal as empty after journal recovery
      when mount
    - s390/qeth: Fix vnicc_is_in_use if rx_bcast not set
    - drm/ttm: fix start page for huge page check in ttm_put_pages()
    - drm/ttm: fix incrementing the page pointer for huge pages
    - crypto: virtio - implement missing support for output IVs
    - iommu/mediatek: Correct the flush_iotlb_all callback
    - rtc: brcmstb-waketimer: add missed clk_disable_unprepare
  * Bionic update: upstream stable patchset 2020-02-03 (LP: #1861739)
    - USB: dummy-hcd: use usb_urb_dir_in instead of usb_pipein
    - USB: dummy-hcd: increase max number of devices to 32
    - locking/spinlock/debug: Fix various data races
    - netfilter: ctnetlink: netns exit must wait for callbacks
    - libtraceevent: Fix lib installation with O=
    - x86/efi: Update e820 with reserved EFI boot services data to fix kexec
      breakage
    - efi/gop: Return EFI_NOT_FOUND if there are no usable GOPs
    - efi/gop: Return EFI_SUCCESS if a usable GOP was found
    - efi/gop: Fix memory leak in __gop_query32/64()
    - ARM: vexpress: Set-up shared OPP table instead of individual for each CPU
    - netfilter: uapi: Avoid undefined left-shift in xt_sctp.h
    - netfilter: nf_tables: validate NFT_SET_ELEM_INTERVAL_END
    - ARM: dts: Cygnus: Fix MDIO node address/size cells
    - spi: spi-cavium-thunderx: Add missing pci_release_regions()
    - ASoC: topology: Check return value for soc_tplg_pcm_create()
    - ARM: dts: bcm283x: Fix critical trip point
    - bpf, mips: Limit to 33 tail calls
    - ARM: dts: am437x-gp/epos-evm: fix panel compatible
    - samples: bpf: Replace symbol compare of trace_event
    - samples: bpf: fix syscall_tp due to unused syscall
    - powerpc: Ensure that swiotlb buffer is allocated from low memory
    - bnx2x: Do not handle requests from VFs after parity
    - bnx2x: Fix logic to get total no. of PFs per engine
    - net: usb: lan78xx: Fix error message format specifier
    - rfkill: Fix incorrect check to avoid NULL pointer dereference
    - ASoC: wm8962: fix lambda value
    - regulator: rn5t618: fix module aliases
    - kconfig: don't crash on NULL expressions in expr_eq()
    - perf/x86/intel: Fix PT PMI handling
    - fs: avoid softlockups in s_inodes iterators
    - net: stmmac: Do not accept invalid MTU values
    - net: stmmac: RX buffer size must be 16 byte aligned
    - s390/dasd/cio: Interpret ccw_device_get_mdc return value correctly
    - s390/dasd: fix memleak in path handling error case
    - block: fix memleak when __blk_rq_map_user_iov() is failed
    - parisc: Fix compiler warnings in debug_core.c
    - llc2: Fix return statement of llc_stat_ev_rx_null_dsap_xid_c (and _test_c)
    - hv_netvsc: Fix unwanted rx_table reset
    - bpf: Fix passing modified ctx to ld/abs/ind instruction
    - PCI/switchtec: Read all 64 bits of part_event_bitmap
    - gtp: fix bad unlock balance in gtp_encap_enable_socket
    - macvlan: do not assume mac_header is set in macvlan_broadcast()
    - net: dsa: mv88e6xxx: Preserve priority when setting CPU port.
    - net: stmmac: dwmac-sun8i: Allow all RGMII modes
    - net: stmmac: dwmac-sunxi: Allow all RGMII modes
    - net: usb: lan78xx: fix possible skb leak
    - pkt_sched: fq: do not accept silly TCA_FQ_QUANTUM
    - USB: core: fix check for duplicate endpoints
    - USB: serial: option: add Telit ME910G1 0x110a composition
    - sctp: free cmd->obj.chunk for the unprocessed SCTP_CMD_REPLY
    - tcp: fix "old stuff" D-SACK causing SACK to be treated as D-SACK
    - vxlan: fix tos value before xmit
    - vlan: vlan_changelink() should propagate errors
    - net: sch_prio: When ungrafting, replace with FIFO
    - vlan: fix memory leak in vlan_dev_set_egress_priority
    - regulator: fix use after free issue
    - ASoC: max98090: fix possible race conditions
    - netfilter: nf_tables: validate NFT_DATA_VALUE after nft_data_init()
    - ARM: dts: BCM5301X: Fix MDIO node address/size cells
    - bpf: Clear skb->tstamp in bpf_redirect when necessary
    - parisc: add missing __init annotation
    - iommu/iova: Init the struct iova to fix the possible memleak
    - powerpc/spinlocks: Include correct header for static key
    - ARM: dts: imx6ul: use nvmem-cells for cpu speed grading
  * Sometimes can't adjust brightness on Dell AIO (LP: #1862885)
    - SAUCE: platform/x86: dell-uart-backlight: increase retry times
  * 4.15 kernel hard lockup about once a week (LP: #1799497)
    - zram: correct flag name of ZRAM_ACCESS
    - zram: fix lockdep warning of free block handling
  * Prevent arm64 guest from accessing host debug registers (LP: #1860657)
    - KVM: arm64: Write arch.mdcr_el2 changes since last vcpu_load on VHE
  * pty03 from pty in ubuntu_ltp failed on Eoan (LP: #1862114)
    - can, slip: Protect tty->disc_data in write_wakeup and close with RCU

[ Ubuntu: 4.15.0-88.88 ]

* bionic/linux: 4.15.0-88.88 -proposed tracker (LP: #1862824)
  * Segmentation fault (kernel oops) with memory-hotplug in
    ubuntu_kernel_selftests on Bionic kernel (LP: #1862312)
    - Revert "mm/memory_hotplug: fix online/offline_pages called w.o.
      mem_hotplug_lock"
    - mm/memory_hotplug: fix online/offline_pages called w.o. mem_hotplug_lock

-- Sultan Alsawaf <sultan.alsawaf@canonical.com>  Fri, 28 Feb 2020 14:54:40 -0800

Changed in linux-oem (Ubuntu Bionic):
status:	Fix Committed → Fix Released

Launchpad Janitor (janitor) on 2020-03-18

Changed in linux-oem (Ubuntu):
status:	New → Fix Released

Revision history for this message

Ubuntu SRU Bot (ubuntu-sru-bot) wrote on 2020-03-19:

#16

All autopkgtests for the newly accepted linux-bluefield (5.0.0-1010.20) for bionic have finished running.
The following regressions have been reported in tests triggered by the package:

fsprotect/unknown (armhf)

Please visit the excuses page listed below and investigate the failures, proceeding afterwards as per the StableReleaseUpdates policy regarding autopkgtest regressions [1].

https://people.canonical.com/~ubuntu-archive/proposed-migration/bionic/update_excuses.html#linux-bluefield

[1] https://wiki.ubuntu.com/StableReleaseUpdates#Autopkgtest_Regressions

Thank you!

Steve Langasek (vorlon) on 2020-07-02

Changed in linux (Ubuntu Disco):
status:	Fix Committed → Won't Fix

Report a bug

This report contains Public Security information

Everyone can see this security related information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.

Ubuntulinux package

Root can lift kernel lockdown via USB/IP

Bug Description

CVE References

Other bug subscribers

Remote bug watches

Ubuntu
linux package