Changelog
linux (4.14.7-1) unstable; urgency=medium
* New upstream stable update:
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.3
- [s390x] fix transactional execution control register handling
- [s390x] noexec: execute kexec datamover without DAT
- [s390x] runtime instrumention: fix possible memory corruption
- [s390x] guarded storage: fix possible memory corruption
- [s390x] disassembler: add missing end marker for e7 table
- [s390x] disassembler: increase show_code buffer size
- ACPI / PM: Fix acpi_pm_notifier_lock vs flush_workqueue() deadlock
- ACPI / EC: Fix regression related to triggering source of EC event
handling
- cpufreq: schedutil: Reset cached_raw_freq when not in sync with next_freq
- serdev: fix registration of second slave
- sched: Make resched_cpu() unconditional
- lib/mpi: call cond_resched() from mpi_powm() loop
- [x86] boot: Fix boot failure when SMP MP-table is based at 0
- [x86] decoder: Add new TEST instruction pattern
- [amd64] entry: Fix entry_SYSCALL_64_after_hwframe() IRQ tracing
- [x86] perf: intel: Hide TSX events when RTM is not supported
- [arm64] Implement arch-specific pte_access_permitted()
- [armhf/armmp-lpae] 8722/1: mm: make STRICT_KERNEL_RWX effective for LPAE
- [armhf/armmp-lpae] 8721/1: mm: dump: check hardware RO bit for LPAE
- uapi: fix linux/tls.h userspace compilation error
- uapi: fix linux/rxrpc.h userspace compilation errors
- [mips*/4kc-malta] cmpxchg64() and HAVE_VIRT_CPU_ACCOUNTING_GEN don't work
for 32-bit SMP
- [armhf,arm64] net: mvneta: fix handling of the Tx descriptor counter
- nbd: wait uninterruptible for the dead timeout
- nbd: don't start req until after the dead connection logic
- PM / OPP: Add missing of_node_put(np)
- PCI/ASPM: Account for downstream device's Port Common_Mode_Restore_Time
- PCI/ASPM: Use correct capability pointer to program LTR_L1.2_THRESHOLD
- [x86] PCI: hv: Use effective affinity mask
- [arm64] PCI: Set Cavium ACS capability quirk flags to assert RR/CR/SV/UF
- [arm64] PCI: Apply Cavium ThunderX ACS quirk to more Root Ports
- dm integrity: allow unaligned bv_offset
- dm cache: fix race condition in the writeback mode overwrite_bio
optimisation
- dm crypt: allow unaligned bv_offset
- dm zoned: ignore last smaller runt zone
- dm mpath: remove annoying message of 'blk_get_request() returned -11'
- dm bufio: fix integer overflow when limiting maximum cache size
- ovl: Put upperdentry if ovl_check_origin() fails
- dm: allocate struct mapped_device with kvzalloc
- sched/rt: Simplify the IPI based RT balancing logic
- dm: fix race between dm_get_from_kobject() and __dm_destroy()
- dm: discard support requires all targets in a table support discards
- [mips*] Fix odd fp register warnings with MIPS64r2
- [mips*/4kc-malta] Fix MIPS64 FP save/restore on 32-bit kernels
- [mips*] dts: remove bogus bcm96358nb4ser.dtb from dtb-y entry
- [mips*] Fix an n32 core file generation regset support regression
- [mips*] math-emu: Fix final emulation phase for certain instructions
- rt2x00usb: mark device removed when get ENOENT usb error
- mm/z3fold.c: use kref to prevent page free/compact race
- autofs: don't fail mount for transient error
- nilfs2: fix race condition that causes file system corruption
- fscrypt: lock mutex before checking for bounce page pool
- eCryptfs: use after free in ecryptfs_release_messaging()
- libceph: don't WARN() if user tries to add invalid key
- bcache: check ca->alloc_thread initialized before wake up it
- fs: guard_bio_eod() needs to consider partitions
- fanotify: fix fsnotify_prepare_user_wait() failure
- isofs: fix timestamps beyond 2027
- btrfs: change how we decide to commit transactions during flushing
- f2fs: expose some sectors to user in inline data or dentry case
- NFS: Fix typo in nomigration mount option
- NFS: Revert "NFS: Move the flock open mode check into nfs_flock()"
- nfs: Fix ugly referral attributes
- NFS: Avoid RCU usage in tracepoints
- NFS: revalidate "." etc correctly on "open".
- nfsd: deal with revoked delegations appropriately
- rtlwifi: rtl8192ee: Fix memory leak when loading firmware
- rtlwifi: fix uninitialized rtlhal->last_suspend_sec time
- iwlwifi: fix firmware names for 9000 and A000 series hw
- md: fix deadlock error in recent patch.
- md: don't check MD_SB_CHANGE_CLEAN in md_allow_write
- Bluetooth: btqcomsmd: Add support for BD address setup
- md/bitmap: revert a patch
- fsnotify: clean up fsnotify_prepare/finish_user_wait()
- fsnotify: pin both inode and vfsmount mark
- fsnotify: fix pinning group in fsnotify_prepare_user_wait()
- ata: fixes kernel crash while tracing ata_eh_link_autopsy event
- ext4: fix interaction between i_size, fallocate, and delalloc after a
crash
- ext4: prevent data corruption with inline data + DAX
- ext4: prevent data corruption with journaling + DAX
- ALSA: pcm: update tstamp only if audio_tstamp changed
- ALSA: usb-audio: Add sanity checks to FE parser
- ALSA: usb-audio: Fix potential out-of-bound access at parsing SU
- ALSA: usb-audio: Add sanity checks in v2 clock parsers
- ALSA: timer: Remove kernel warning at compat ioctl error paths
- ALSA: hda/realtek - Fix ALC275 no sound issue
- ALSA: hda: Fix too short HDMI/DP chmap reporting
- ALSA: hda - Fix yet remaining issue with vmaster 0dB initialization
- ALSA: hda/realtek - Fix ALC700 family no sound issue
- [x86] mfd: lpc_ich: Avoton/Rangeley uses SPI_BYT method
- fix a page leak in vhost_scsi_iov_to_sgl() error recovery
- 9p: Fix missing commas in mount options
- fs/9p: Compare qid.path in v9fs_test_inode
- net/9p: Switch to wait_event_killable()
- scsi: qla2xxx: Suppress a kernel complaint in qla_init_base_qpair()
- scsi: sd_zbc: Fix sd_zbc_read_zoned_characteristics()
- scsi: lpfc: fix pci hot plug crash in timer management routines
- scsi: lpfc: fix pci hot plug crash in list_add call
- scsi: lpfc: Fix crash receiving ELS while detaching driver
- scsi: lpfc: Fix FCP hba_wqidx assignment
- scsi: lpfc: Fix oops if nvmet_fc_register_targetport fails
- iscsi-target: Make TASK_REASSIGN use proper se_cmd->cmd_kref
- iscsi-target: Fix non-immediate TMR reference leak
- target: fix null pointer regression in core_tmr_drain_tmr_list
- target: fix buffer offset in core_scsi3_pri_read_full_status
- target: Fix QUEUE_FULL + SCSI task attribute handling
- target: Fix caw_sem leak in transport_generic_request_failure
- target: Fix quiese during transport_write_pending_qf endless loop
- target: Avoid early CMD_T_PRE_EXECUTE failures during ABORT_TASK
- mtd: Avoid probe failures when mtd->dbg.dfs_dir is invalid
- mtd: nand: atmel: Actually use the PM ops
- mtd: nand: omap2: Fix subpage write
- mtd: nand: Fix writing mtdoops to nand flash.
- mtd: nand: mtk: fix infinite ECC decode IRQ issue
- p54: don't unregister leds when they are not initialized
- block: Fix a race between blk_cleanup_queue() and timeout handling
- raid1: prevent freeze_array/wait_all_barriers deadlock
- genirq: Track whether the trigger type has been set
- [armhf,arm64] irqchip/gic-v3: Fix ppi-partitions lookup
- lockd: double unregister of inetaddr notifiers
- [powerpc*] KVM: Book3S HV: Don't call real-mode XICS hypercall handlers
if not enabled
- [x86] KVM: nVMX: set IDTR and GDTR limits when loading L1 host state
- [x86] KVM: SVM: obey guest PAT
- [x86] kvm: vmx: Reinstate support for CPUs without virtual NMI
(Closes: #884482)
- dax: fix PMD faults on zero-length files
- dax: fix general protection fault in dax_alloc_inode
- SUNRPC: Fix tracepoint storage issues with svc_recv and svc_rqst_status
- [armhf] clk: ti: dra7-atl-clock: fix child-node lookups
- libnvdimm, dimm: clear 'locked' status on successful DIMM enable
- libnvdimm, pfn: make 'resource' attribute only readable by root
- libnvdimm, namespace: fix label initialization to use valid seq numbers
- libnvdimm, region : make 'resource' attribute only readable by root
- libnvdimm, namespace: make 'resource' attribute only readable by root
- svcrdma: Preserve CB send buffer across retransmits
- IB/srpt: Do not accept invalid initiator port names
- IB/cm: Fix memory corruption in handling CM request
- IB/hfi1: Fix incorrect available receive user context count
- IB/srp: Avoid that a cable pull can trigger a kernel crash
- IB/core: Avoid crash on pkey enforcement failed in received MADs
- IB/core: Only maintain real QPs in the security lists
- NFC: fix device-allocation error return
- spi-nor: intel-spi: Fix broken software sequencing codes
- fm10k,i40e,i40evf,igb,igbvf,ixgbe,ixgbevf: Use smp_rmb rather than
read_barrier_depends
- [hppa] Fix validity check of pointer size argument in new CAS
implementation
- [powerpc*] Fix boot on BOOK3S_32 with CONFIG_STRICT_KERNEL_RWX
- [powerpc*] mm/radix: Fix crashes on Power9 DD1 with radix MMU and
STRICT_RWX
- [powerpc*] perf/imc: Use cpu_to_node() not topology_physical_package_id()
- [powerpc*] signal: Properly handle return value from uprobe_deny_signal()
- [powerpc*] 64s: Fix masking of SRR1 bits on instruction fault
- [powerpc*] 64s/radix: Fix 128TB-512TB virtual address boundary case
allocation
- [powerpc*] 64s/hash: Fix 512T hint detection to use >= 128T
- [powerpc*] 64s/hash: Fix 128TB-512TB virtual address boundary case
allocation
- [powerpc*] 64s/hash: Fix fork() with 512TB process address space
- [powerpc*] 64s/hash: Allow MAP_FIXED allocations to cross 128TB boundary
- media: Don't do DMA on stack for firmware upload in the AS102 driver
- media: rc: check for integer overflow
- media: rc: nec decoder should not send both repeat and keycode
- media: v4l2-ctrl: Fix flags field on Control events
- [arm64] media: venus: fix wrong size on dma_free
- [arm64] media: venus: venc: fix bytesused v4l2_plane field
- [arm64] media: venus: reimplement decoder stop command
- [arm64] dts: meson-gxl: Add alternate ARM Trusted Firmware reserved
memory zone
- iwlwifi: fix wrong struct for a000 device
- iwlwifi: fix PCI IDs and configuration mapping for 9000 series
- iwlwifi: mvm: support version 7 of the SCAN_REQ_UMAC FW command
- e1000e: Fix error path in link detection
- e1000e: Fix return value test
- e1000e: Separate signaling for link check/link up
- e1000e: Avoid receiver overrun interrupt bursts
- e1000e: fix buffer overrun while the I219 is processing DMA transactions
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.4
- [x86]: platform: hp-wmi: Fix tablet mode detection for convertibles
- mm, memory_hotplug: do not back off draining pcp free pages from kworker
context
- mm, oom_reaper: gather each vma to prevent leaking TLB entry
- [armhf,arm64] mm/cma: fix alloc_contig_range ret code/potential leak
- mm: fix device-dax pud write-faults triggered by get_user_pages()
- mm, hugetlbfs: introduce ->split() to vm_operations_struct
- device-dax: implement ->split() to catch invalid munmap attempts
- mm: introduce get_user_pages_longterm
- mm: fail get_vaddr_frames() for filesystem-dax mappings
- v4l2: disable filesystem-dax mapping support
- IB/core: disable memory registration of filesystem-dax vmas
- exec: avoid RLIMIT_STACK races with prlimit()
- mm/madvise.c: fix madvise() infinite loop under special circumstances
- mm: migrate: fix an incorrect call of prep_transhuge_page()
- mm, memcg: fix mem_cgroup_swapout() for THPs
- fs/fat/inode.c: fix sb_rdonly() change
- autofs: revert "autofs: take more care to not update last_used on path
walk"
- autofs: revert "autofs: fix AT_NO_AUTOMOUNT not being honored"
- mm/hugetlb: fix NULL-pointer dereference on 5-level paging machine
- btrfs: clear space cache inode generation always
- nfsd: Fix stateid races between OPEN and CLOSE
- nfsd: Fix another OPEN stateid race
- nfsd: fix panic in posix_unblock_lock called from nfs4_laundromat
- crypto: algif_aead - skip SGL entries with NULL page
- crypto: af_alg - remove locking in async callback
- crypto: skcipher - Fix skcipher_walk_aead_common
- lockd: lost rollback of set_grace_period() in lockd_down_net()
- [s390x] revert ELF_ET_DYN_BASE base changes
- [armhf] drm: omapdrm: Fix DPI on platforms using the DSI VDDS
- [armhf] omapdrm: hdmi4: Correct the SoC revision matching
- [arm64] module-plts: factor out PLT generation code for ftrace
- [arm64] ftrace: emit ftrace-mod.o contents through code
- [powerpc*] powernv: Fix kexec crashes caused by tlbie tracing
- [powerpc*] kexec: Fix kexec/kdump in P9 guest kernels
- [x86] KVM: pvclock: Handle first-time write to pvclock-page contains
random junk
- [x86] KVM: Exit to user-mode on #UD intercept when emulator requires
- [x86] KVM: inject exceptions produced by x86_decode_insn
- [x86] KVM: lapic: Split out x2apic ldr calculation
- [x86] KVM: lapic: Fixup LDR on load in x2apic
- mmc: sdhci: Avoid swiotlb buffer being full
- mmc: block: Fix missing blk_put_request()
- mmc: block: Check return value of blk_get_request()
- mmc: core: Do not leave the block driver in a suspended state
- mmc: block: Ensure that debugfs files are removed
- mmc: core: prepend 0x to pre_eol_info entry in sysfs
- mmc: core: prepend 0x to OCR entry in sysfs
- ACPI / EC: Fix regression related to PM ops support in ECDT device
- eeprom: at24: fix reading from 24MAC402/24MAC602
- eeprom: at24: correctly set the size for at24mac402
- eeprom: at24: check at24_read/write arguments
- [alpha,x86] i2c: i801: Fix Failed to allocate irq -2147483648 error
- bcache: Fix building error on MIPS
- bcache: only permit to recovery read error when cache device is clean
- bcache: recover data from backing when data is clean
- hwmon: (jc42) optionally try to disable the SMBUS timeout
- nvme-pci: add quirk for delay before CHK RDY for WDC SN200
- Revert "drm/radeon: dont switch vt on suspend"
- drm/amdgpu: potential uninitialized variable in amdgpu_vce_ring_parse_cs()
- drm/amdgpu: Potential uninitialized variable in
amdgpu_vm_update_directories()
- drm/amdgpu: correct reference clock value on vega10
- drm/amdgpu: fix error handling in amdgpu_bo_do_create
- drm/amdgpu: Properly allocate VM invalidate eng v2
- drm/amdgpu: Remove check which is not valid for certain VBIOS
- drm/ttm: fix ttm_bo_cleanup_refs_or_queue once more
- dma-buf: make reservation_object_copy_fences rcu save
- drm/amdgpu: reserve root PD while releasing it
- drm/ttm: Always and only destroy bo->ttm_resv in ttm_bo_release_list
- drm/vblank: Fix flip event vblank count
- drm/vblank: Tune drm_crtc_accurate_vblank_count() WARN down to a debug
- drm/tilcdc: Precalculate total frametime in tilcdc_crtc_set_mode()
- drm/radeon: fix atombios on big endian
- drm/panel: simple: Add missing panel_simple_unprepare() calls
- [arm64] drm/hisilicon: Ensure LDI regs are properly configured.
- drm/ttm: once more fix ttm_buffer_object_transfer
- drm/amd/pp: fix typecast error in powerplay.
- drm/fb_helper: Disable all crtc's when initial setup fails.
- drm/edid: Don't send non-zero YQ in AVI infoframe for HDMI 1.x sinks
- drm/amdgpu: move UVD/VCE and VCN structure out from union
- drm/amdgpu: Set adev->vcn.irq.num_types for VCN
- IB/core: Do not warn on lid conversions for OPA
- IB/hfi1: Do not warn on lid conversions for OPA
- e1000e: fix the use of magic numbers for buffer overrun issue
- md: forbid a RAID5 from having both a bitmap and a journal.
- [x86] drm/i915: Fix false-positive assert_rpm_wakelock_held in
i915_pmic_bus_access_notifier v2
- [x86] drm/i915: Re-register PMIC bus access notifier on runtime resume
- [x86] drm/i915/fbdev: Serialise early hotplug events with async fbdev
config
- [x86] drm/i915/gvt: Correct ADDR_4K/2M/1G_MASK definition
- [x86] drm/i915: Don't try indexed reads to alternate slave addresses
- [x86] drm/i915: Prevent zero length "index" write
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.5
- drm/amdgpu: Use unsigned ring indices in amdgpu_queue_mgr_map
- [s390x] runtime instrumentation: simplify task exit handling
- usbip: fix usbip attach to find a port that matches the requested speed
- usbip: Fix USB device hang due to wrong enabling of scatter-gather
- uas: Always apply US_FL_NO_ATA_1X quirk to Seagate devices
- usb: quirks: Add no-lpm quirk for KY-688 USB 3.1 Type-C Hub
- serial: 8250_early: Only set divisor if valid clk & baud
- [mips*] Add custom serial.h with BASE_BAUD override for generic kernel
- ima: fix hash algorithm initialization
- [s390x] vfio-ccw: Do not attempt to free no-op, test and tic cda.
- PM / Domains: Fix genpd to deal with drivers returning 1 from ->prepare()
- [s390x] pci: do not require AIS facility
- serial: 8250_fintek: Fix rs485 disablement on invalid ioctl()
- staging: rtl8188eu: avoid a null dereference on pmlmepriv
- [arm64] mmc: sdhci-msm: fix issue with power irq
- hwmon: (pmbus/core) Prevent unintentional setting of page to 0xFF
- perf/core: Fix __perf_read_group_add() locking
- [armhf] PCI: dra7xx: Create functional dependency between PCIe and PHY
- [x86] intel_rdt: Initialize bitmask of shareable resource if CDP enabled
- [x86] intel_rdt: Fix potential deadlock during resctrl mount
- serial: 8250: Preserve DLD[7:4] for PORT_XR17V35X
- kprobes: Use synchronize_rcu_tasks() for optprobe with CONFIG_PREEMPT=y
- [x86] entry: Use SYSCALL_DEFINE() macros for sys_modify_ldt()
- [armhf,arm64] clocksource/drivers/arm_arch_timer: Validate CNTFRQ after
enabling frame
- [x86] EDAC, sb_edac: Fix missing break in switch
- [arm64] cpuidle: Correct driver unregistration if init fails
- usb: xhci: Return error when host is dead in xhci_disable_slot()
- [armel,armhf] sysrq : fix Show Regs call trace on ARM
- [sh4] serial: sh-sci: suppress warning for ports without dma channels
- [armhf] serial: imx: Update cached mctrl value when changing RTS
- [x86] kprobes: Disable preemption in ftrace-based jprobes
- [x86] locking/refcounts, asm: Use unique .text section for refcount
exceptions
- [s390x] ptrace: fix guarded storage regset handling
- perf tools: Fix leaking rec_argv in error cases
- mm, x86/mm: Fix performance regression in get_user_pages_fast()
- iio: adc: ti-ads1015: add 10% to conversion wait time
- iio: multiplexer: add NULL check on devm_kzalloc() and devm_kmemdup()
return values
- [x86] locking/refcounts, asm: Enable CONFIG_ARCH_HAS_REFCOUNT
- [powerpc*] jprobes: Disable preemption when triggered through ftrace
- [powerpc*] kprobes: Disable preemption before invoking probe handler for
optprobes
- usb: hub: Cycle HUB power when initialization fails
- [armhf,arm64] USB: ulpi: fix bus-node lookup
- xhci: Don't show incorrect WARN message about events for empty rings
- usb: xhci: fix panic in xhci_free_virt_devices_depth_first
- USB: core: Add type-specific length check of BOS descriptors
- USB: usbfs: Filter flags passed in from user space
- usb: host: fix incorrect updating of offset
- locking/refcounts: Do not force refcount_t usage as GPL-only export
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.6
- usb: gadget: core: Fix ->udc_set_speed() speed handling
- serdev: ttyport: add missing receive_buf sanity checks
- serdev: ttyport: fix NULL-deref on hangup
- serdev: ttyport: fix tty locking in close
- usb: f_fs: Force Reserved1=1 in OS_DESC_EXT_COMPAT
- can: peak/pci: fix potential bug when probe() fails
- can: kvaser_usb: free buf in error paths
- can: kvaser_usb: Fix comparison bug in kvaser_usb_read_bulk_callback()
- can: kvaser_usb: ratelimit errors if incomplete messages are received
- can: kvaser_usb: cancel urb on -EPIPE and -EPROTO
- can: ems_usb: cancel urb on -EPIPE and -EPROTO
- can: esd_usb2: cancel urb on -EPIPE and -EPROTO
- can: usb_8dev: cancel urb on -EPIPE and -EPROTO
- can: peak/pcie_fd: fix potential bug in restarting tx queue
- virtio: release virtio index when fail to device_register
- [arm64] pinctrl: armada-37xx: Fix direction_output() callback behavior
- [x86] Drivers: hv: vmbus: Fix a rescind issue
- [x86] hv: kvp: Avoid reading past allocated blocks from KVP file
- firmware: vpd: Destroy vpd sections in remove function
- firmware: vpd: Tie firmware kobject to device lifetime
- firmware: vpd: Fix platform driver and device registration/unregistration
- scsi: dma-mapping: always provide dma_get_cache_alignment
- scsi: use dma_get_cache_alignment() as minimum DMA alignment
- scsi: libsas: align sata_device's rps_resp on a cacheline
- efi: Move some sysfs files to be read-only by root
- efi/esrt: Use memunmap() instead of kfree() to free the remapping
- ASN.1: fix out-of-bounds read when parsing indefinite length item
- ASN.1: check for error from ASN1_OP_END__ACT actions
- KEYS: add missing permission check for request_key() destination
(CVE-2017-17807)
- KEYS: reject NULL restriction string when type is specified
- X.509: reject invalid BIT STRING for subjectPublicKey
- X.509: fix comparisons of ->pkey_algo
- [x86] idt: Load idt early in start_secondary
- [x86] PCI: Make broadcom_postcore_init() check acpi_disabled
- [x86] KVM: fix APIC page invalidation
- btrfs: fix missing error return in btrfs_drop_snapshot
- btrfs: handle errors while updating refcounts in update_ref_for_cow
- ALSA: pcm: prevent UAF in snd_pcm_info
- ALSA: seq: Remove spurious WARN_ON() at timer check
- ALSA: usb-audio: Fix out-of-bound error
- ALSA: usb-audio: Add check return value for usb_string()
- [x86] iommu/vt-d: Fix scatterlist offset handling
- smp/hotplug: Move step CPUHP_AP_SMPCFD_DYING to the correct place
- [s390x] always save and restore all registers on context switch
- [s390x] mm: fix off-by-one bug in 5-level page table handling
- [s390x] fix compat system call table
- [s390x] KVM: Fix skey emulation permission check
- [powerpc*] Revert "powerpc: Do not call ppc_md.panic in fadump panic
notifier"
- [powerpc*] 64s: Initialize ISAv3 MMU registers before setting partition
table
- iwlwifi: mvm: mark MIC stripped MPDUs
- iwlwifi: mvm: don't use transmit queue hang detection when it is not
possible
- iwlwifi: mvm: flush queue before deleting ROC
- iwlwifi: mvm: fix packet injection
- iwlwifi: mvm: enable RX offloading with TKIP and WEP
- brcmfmac: change driver unbind order of the sdio function devices
- md/r5cache: move mddev_lock() out of r5c_journal_mode_set()
- [armhf] drm/bridge: analogix dp: Fix runtime PM state in get_modes()
callback
- [armhf] drm/exynos: gem: Drop NONCONTIG flag for buffers allocated
without IOMMU
- [x86] drm/i915: Fix vblank timestamp/frame counter jumps on gen2
- media: dvb: i2c transfers over usb cannot be done from stack
- media: rc: sir_ir: detect presence of port
- media: rc: partial revert of "media: rc: per-protocol repeat period"
- [arm64] KVM: fix VTTBR_BADDR_MASK BUG_ON off-by-one
- [armhf] KVM: Fix VTTBR_BADDR_MASK BUG_ON off-by-one
- [x86] KVM: VMX: remove I/O port 0x80 bypass on Intel hosts
(CVE-2017-1000407)
- [armhf,arm64] KVM: Fix broken GICH_ELRSR big endian conversion
- [armhf,arm64] KVM: vgic-irqfd: Fix MSI entry allocation
- [armhf,arm64] KVM: vgic: Preserve the revious read from the pending table
- [armhf,arm64] KVM: vgic-its: Check result of allocation before use
- [arm64] fpsimd: Prevent registers leaking from dead tasks
- [arm64] SW PAN: Point saved ttbr0 at the zero page when switching to
init_mm
- [arm64] SW PAN: Update saved ttbr0 value on enter_lazy_tlb
- [armhf] Revert "ARM: dts: imx53: add srtc node"
- [armhf] bus: arm-cci: Fix use of smp_processor_id() in preemptible context
- IB/core: Only enforce security for InfiniBand
- [armel,armhf] BUG if jumping to usermode address in kernel mode
- [armel,armhf] avoid faulting on qemu
- [arm64] irqchip/qcom: Fix u32 comparison with value less than zero
- [powerpc*] perf: Fix pmu_count to count only nest imc pmus
- apparmor: fix leak of null profile name if profile allocation fails
- mac80211_hwsim: Fix memory leak in hwsim_new_radio_nl()
- gre6: use log_ecn_error module parameter in ip6_tnl_rcv()
- route: also update fnhe_genid when updating a route cache
- route: update fnhe_expires for redirect when the fnhe exists
- rsi: fix memory leak on buf and usb_reg_buf
- pipe: match pipe_max_size data type with procfs
- lib/genalloc.c: make the avail variable an atomic_long_t
- NFS: Fix a typo in nfs_rename()
- sunrpc: Fix rpc_task_begin trace point
- nfp: inherit the max_mtu from the PF netdev
- nfp: fix flower offload metadata flag usage
- xfs: fix forgotten rcu read unlock when skipping inode reclaim
- block: wake up all tasks blocked in get_request()
- [sparc64] mm: set fields in deferred pages
- zsmalloc: calling zs_map_object() from irq is a bug
- slub: fix sysfs duplicate filename creation when slub_debug=O
- sctp: do not free asoc when it is already dead in sctp_sendmsg
- sctp: use the right sk after waking up from wait_buf sleep
- fcntl: don't leak fd reference when fixup_compat_flock fails
- geneve: fix fill_info when link down
- bpf: fix lockdep splat
- [arm64] clk: qcom: common: fix legacy board-clock registration
- [arm64] clk: hi3660: fix incorrect uart3 clock freqency
- atm: horizon: Fix irq release error
- xfrm: Copy policy family in clone_policy
- f2fs: fix to clear FI_NO_PREALLOC
- bnxt_re: changing the ip address shouldn't affect new connections
- IB/mlx4: Increase maximal message size under UD QP
- IB/mlx5: Assign send CQ and recv CQ of UMR QP
- afs: Fix total-length calculation for multiple-page send
- afs: Connect up the CB.ProbeUuid
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.7
- net: realtek: r8169: implement set_link_ksettings()
- [s390x] qeth: fix early exit from error path
- tipc: fix memory leak in tipc_accept_from_sock()
- vhost: fix skb leak in handle_rx()
- rds: Fix NULL pointer dereference in __rds_rdma_map
- sit: update frag_off info
- tcp: add tcp_v4_fill_cb()/tcp_v4_restore_cb()
- packet: fix crash in fanout_demux_rollover()
- net/packet: fix a race in packet_bind() and packet_notifier()
- tcp: remove buggy call to tcp_v6_restore_cb()
- usbnet: fix alignment for frames with no ethernet header
- net: remove hlist_nulls_add_tail_rcu()
- stmmac: reset last TSO segment size after device open
- tcp/dccp: block bh before arming time_wait timer
- [s390x] qeth: build max size GSO skbs on L2 devices
- [s390x] qeth: fix thinko in IPv4 multicast address tracking
- [s390x] qeth: fix GSO throughput regression
- tcp: use IPCB instead of TCP_SKB_CB in inet_exact_dif_match()
- tipc: call tipc_rcv() only if bearer is up in tipc_udp_recv()
- tcp: use current time in tcp_rcv_space_adjust()
- net: sched: cbq: create block for q->link.block
- tap: free skb if flags error
- tcp: when scheduling TLP, time of RTO should account for current ACK
- tun: free skb in early errors
- net: ipv6: Fixup device for anycast routes during copy
- tun: fix rcu_read_lock imbalance in tun_build_skb
- net: accept UFO datagrams from tuntap and packet
- net: openvswitch: datapath: fix data type in queue_gso_packets
- cls_bpf: don't decrement net's refcount when offload fails
- sctp: use right member as the param of list_for_each_entry
- ipmi: Stop timers before cleaning up the module
- usb: gadget: ffs: Forbid usb_ep_alloc_request from sleeping
- fcntl: don't cap l_start and l_end values for F_GETLK64 in compat syscall
- fix kcm_clone()
- [armhf,arm64] KVM: vgic-its: Preserve the revious read from the pending
table
- kbuild: do not call cc-option before KBUILD_CFLAGS initialization
- [powerpc*] powernv/idle: Round up latency and residency values
- ipvlan: fix ipv6 outbound device
- blk-mq: Avoid that request queue removal can trigger list corruption
- nvmet-rdma: update queue list during ib_device removal
- audit: Allow auditd to set pid to 0 to end auditing
- audit: ensure that 'audit=1' actually enables audit for PID 1
- dm raid: fix panic when attempting to force a raid to sync
- md: free unused memory after bitmap resize
- RDMA/cxgb4: Annotate r2 and stag as __be32
- [x86] intel_rdt: Fix potential deadlock during resctrl unmount
[ Salvatore Bonaccorso ]
* Add ABI reference for 4.14.0-1
* xen/time: do not decrease steal time after live migration on xen
(Closes: #871608)
* crypto: salsa20 - fix blkcipher_walk API usage (CVE-2017-17805)
* crypto: hmac - require that the underlying hash algorithm is unkeyed
(CVE-2017-17806)
[ Vagrant Cascadian ]
* [armhf, arm64] Backport patches from 4.15.x to support dwmac-sun8i.
[ Ben Hutchings ]
* [rt] Update to 4.14.6-rt7:
- hrtimer: account for migrated timers
- crypto: mcryptd: protect the per-CPU queue with a lock
- tracing: Update inter-event hist trigger support to v7:
+ Rename virtual "$common_timestamp" field to "common_timestamp"
+ Fix use-after-free in trigger removal
- mm/slub: close possible memory-leak in kmem_cache_alloc_bulk()
- crypto: limit more FPU-enabled sections
* dccp: CVE-2017-8824: use-after-free in DCCP code
* netfilter: nfnetlink_cthelper: Add missing permission checks
(CVE-2017-17448)
* netlink: Add netns check on taps (CVE-2017-17449)
* netfilter: xt_osf: Add missing permission checks (CVE-2017-17450)
* USB: core: prevent malicious bNumInterfaces overflow (CVE-2017-17558)
* net: ipv4: fix for a race condition in raw_sendmsg (CVE-2017-17712)
* media: dvb-usb-v2: lmedm04: Improve logic checking of warm start
(CVE-2017-16538)
* media: dvb-usb-v2: lmedm04: move ts2020 attach to dm04_lme2510_tuner
(CVE-2017-16538)
* media: hdpvr: Fix an error handling path in hdpvr_probe() (CVE-2017-16644)
* [armhf,arm64,x86] KVM: Fix stack-out-of-bounds read in write_mmio
(CVE-2017-17741)
* bluetooth: Prevent stack info leak from the EFS element.
(CVE-2017-1000410)
* bpf/verifier: Fix multiple security issues (Closes: #883558):
- encapsulate verifier log state into a structure
- move global verifier log into verifier environment
- fix branch pruning logic
- fix bounds calculation on BPF_RSH
- fix incorrect sign extension in check_alu_op() (CVE-2017-16995)
- fix incorrect tracking of register size truncation (CVE-2017-16996)
- fix 32-bit ALU op verification
- fix missing error return in check_stack_boundary()
- force strict alignment checks for stack pointers
- don't prune branches when a scalar is replaced with a pointer
- fix integer overflows
* Bump ABI to 2
-- Ben Hutchings <email address hidden> Fri, 22 Dec 2017 14:12:23 +0000