-
linux (4.19.249-2) buster-security; urgency=medium
* swiotlb: skip swiotlb_bounce when orig_addr is zero (regression in
4.19.249)
-- Ben Hutchings <email address hidden> Thu, 30 Jun 2022 14:52:02 +0200
-
linux (4.19.235-1) buster; urgency=medium
* New upstream stable update:
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.233
- mac80211_hwsim: report NOACK frames in tx_status
- mac80211_hwsim: initialize ieee80211_tx_info at hw_scan_work
- [arm*] i2c: bcm2835: Avoid clock stretching timeouts
- [x86] ASoC: rt5682: do not block workqueue if card is unbound
- Input: clear BTN_RIGHT/MIDDLE on buttonpads
- cifs: fix double free race when mount fails in cifs_get_root()
- net: usb: cdc_mbim: avoid altsetting toggling for Telit FN990
- usb: gadget: don't release an existing dev->buf (CVE-2022-24958)
- usb: gadget: clear related members when goto fail (CVE-2022-24958)
- ata: pata_hpt37x: fix PCI clock detection
- [x86] ALSA: intel_hdmi: Fix reference to PCM buffer address
- ASoC: ops: Shift tested values in snd_soc_put_volsw() by +min
- xfrm: fix MTU regression
- netfilter: fix use-after-free in __nf_register_net_hook()
- xfrm: fix the if_id check in changelink
- xfrm: enforce validity of offload input flags
- netfilter: nf_queue: don't assume sk is full socket
- netfilter: nf_queue: fix possible use-after-free
- batman-adv: Request iflink once in batadv-on-batadv check
- batman-adv: Request iflink once in batadv_get_real_netdevice
- batman-adv: Don't expect inter-netns unique iflink indices
- net: dcb: flush lingering app table entries for unregistered devices
- net/smc: fix unexpected SMC_CLC_DECL_ERR_REGRMB error generated by client
- net/smc: fix unexpected SMC_CLC_DECL_ERR_REGRMB error cause by server
- block: Fix fsync always failed if once failed
- PCI: pciehp: Fix infinite loop in IRQ handler upon power fault
- xen/netfront: destroy queues before real_num_tx_queues is zeroed
- mac80211: fix forwarded mesh frames AC & queue selection
- [arm64,armhf] net: stmmac: fix return value of __setup handler
- net: arcnet: com20020: Fix null-ptr-deref in com20020pci_probe()
- efivars: Respect "block" flag in efivar_entry_set_safe()
- can: gs_usb: change active_channels's type from atomic_t to u8
- [armel,armhf] 9182/1: mmu: fix returns from early_param() and __setup()
functions
- net: chelsio: cxgb3: check the return value of pci_find_capability()
- nl80211: Handle nla_memdup failures in handle_nan_filter
- Input: elan_i2c - move regulator_[en|dis]able() out of
elan_[en|dis]able_power()
- Input: elan_i2c - fix regulator enable count imbalance after
suspend/resume
- HID: add mapping for KEY_ALL_APPLICATIONS
- memfd: fix F_SEAL_WRITE after shmem huge page allocated
- tracing/histogram: Fix sorting on old "cpu" value
- btrfs: add missing run of delayed items after unlink during log replay
- net: dcb: disable softirqs in dcbnl_flush_dev()
- hamradio: fix macro redefine warning
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.234
- [arm*] Provide a wrapper for SMCCC 1.1 calls
- [arm64,armhf] smccc/psci: add arm_smccc_1_1_get_conduit()
- [armhf] report Spectre v2 status through sysfs
- [armel,armhf] early traps initialisation
- [armel,armhf] use LOADADDR() to get load address of sections
- [armel,armhf] Spectre-BHB workaround
- [armel,armhf] include unprivileged BPF status in Spectre V2 reporting
- [armel,armhf] fix build error when BPF_SYSCALL is disabled
- [armel,armhf] fix co-processor register typo
- [armel,armhf] Do not use NOCROSSREFS directive with ld.lld
- [armhf] fix build warning in proc-v7-bugs.c
- xen/xenbus: don't let xenbus_grant_ring() remove grants in error case
(CVE-2022-23040, XSA-396)
- xen/grant-table: add gnttab_try_end_foreign_access() (CVE-2022-23036,
CVE-2022-23038, XSA-396)
- xen/blkfront: don't use gnttab_query_foreign_access() for mapped status
(CVE-2022-23036, XSA-396)
- xen/netfront: don't use gnttab_query_foreign_access() for mapped status
(CVE-2022-23037, XSA-396)
- xen/scsifront: don't use gnttab_query_foreign_access() for mapped status
(CVE-2022-23038, XSA-396)
- xen/gntalloc: don't use gnttab_query_foreign_access() (CVE-2022-23039,
XSA-396)
- xen: remove gnttab_query_foreign_access()
- xen/9p: use alloc/free_pages_exact() (CVE-2022-23041, XSA-396)
- xen/pvcalls: use alloc/free_pages_exact() (CVE-2022-23041, XSA-396)
- xen/gnttab: fix gnttab_end_foreign_access() without page specified
(CVE-2022-23041, XSA-396)
- xen/netfront: react properly to failing gnttab_end_foreign_access_ref()
(CVE-2022-23042, XSA-396)
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.235
- net: qlogic: check the return value of dma_alloc_coherent() in
qed_vf_hw_prepare()
- qed: return status of qed_iov_get_link
- ax25: Fix NULL pointer dereference in ax25_kill_by_device
- net/mlx5: Fix size field in bufferx_reg struct
- NFC: port100: fix use-after-free in port100_send_complete
- net: phy: DP83822: clear MISR2 register to disable interrupts
- sctp: fix kernel-infoleak for SCTP sockets
- net-sysfs: add check for netdevice being present to speed_show
- Revert "xen-netback: remove 'hotplug-status' once it has served its
purpose"
- Revert "xen-netback: Check for hotplug-status existence before watching"
- tracing: Ensure trace buffer is at least 4096 bytes large
- [arm64] net: macb: Fix lost RX packet wakeup race in NAPI receive
- virtio: unexport virtio_finalize_features
- virtio: acknowledge all features before access
- [armel,armhf] fix Thumb2 regression with Spectre BHB
- ext4: add check to prevent attempting to resize an fs with sparse_super2
- btrfs: unlock newly allocated extent buffer after error (CVE-2021-4149)
[ Salvatore Bonaccorso ]
* [rt] Add new signing key for Daniel Wagner
* [rt] Update to 4.19.233-rt105
* Bump ABI to 20
* sctp: fix the processing for INIT chunk (CVE-2021-3772)
* sctp: fix the processing for INIT_ACK chunk (CVE-2021-3772)
-- Salvatore Bonaccorso <email address hidden> Thu, 17 Mar 2022 20:48:39 +0100
-
linux (4.19.208-1) buster; urgency=medium
* New upstream stable update:
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.195
- perf/core: Fix endless multiplex timer
- net/nfc/rawsock.c: fix a permission check bug
- [x86] ASoC: Intel: bytcr_rt5640: Add quirk for the Glavey TM800A550L
tablet
- [x86] ASoC: Intel: bytcr_rt5640: Add quirk for the Lenovo Miix 3-830
tablet
- bonding: init notify_work earlier to avoid uninitialized use
- netlink: disable IRQs for netlink_lock_table()
- net: mdiobus: get rid of a BUG_ON()
- cgroup: disable controllers at parse time
- wq: handle VM suspension in stall detection
- net/qla3xxx: fix schedule while atomic in ql_sem_spinlock
- RDS tcp loopback connection can hang
- scsi: bnx2fc: Return failure if io_req is already in ABTS processing
- [x86] scsi: vmw_pvscsi: Set correct residual data length
- scsi: target: qla2xxx: Wait for stop_phase1 at WWN removal
- [arm64] net: macb: ensure the device is available before accessing GEMGXL
control registers
- nvme-fabrics: decode host pathing error for connect
- [mips*] Fix kernel hang under FUNCTION_GRAPH_TRACER and PREEMPT_TRACER
- bnx2x: Fix missing error code in bnx2x_iov_init_one()
- [powerpc*] i2c: mpc: Make use of i2c_recover_bus()
- [powerpc*] i2c: mpc: implement erratum A-004447 workaround
- drm: Fix use-after-free read in drm_getunique()
- drm: Lock pointer access in drm_master_release()
- kvm: avoid speculation-based attacks from out-of-range memslot accesses
- [arm64,x86] staging: rtl8723bs: Fix uninitialized variables
- btrfs: return value from btrfs_mark_extent_written() in case of error
- cgroup1: don't allow '\n' in renaming
- USB: f_ncm: ncm_bitrate (speed) is unsigned
- usb: f_ncm: only first packet of aggregate needs to start timer
- usb: pd: Set PD_T_SINK_WAIT_CAP to 310ms
- [arm64,armhf] usb: dwc3: ep0: fix NULL pointer exception
- [x86] usb: typec: ucsi: Clear PPM capability data in ucsi_init() error
path
- usb: gadget: f_fs: Ensure io_completion_wq is idle during unbind
- USB: serial: ftdi_sio: add NovaTech OrionMX product ID
- USB: serial: omninet: add device id for Zyxel Omni 56K Plus
- USB: serial: quatech2: fix control-request directions
- USB: serial: cp210x: fix alternate function for CP2102N QFN20
- usb: gadget: eem: fix wrong eem header operation
- usb: fix various gadgets null ptr deref on 10gbps cabling.
- usb: fix various gadget panics on 10gbps cabling
- regulator: core: resolve supply for boot-on/always-on regulators
- [arm64] regulator: max77620: Use device_set_of_node_from_dev()
- RDMA/mlx4: Do not map the core_clock page to user space unless enabled
- perf: Fix data race between pin_count increment/decrement
- sched/fair: Make sure to update tg contrib for blocked load
- IB/mlx5: Fix initializing CQ fragments buffer
- NFS: Fix a potential NULL dereference in nfs_get_client()
- NFSv4: Fix deadlock between nfs4_evict_inode() and
nfs4_opendata_get_inode()
- perf session: Correct buffer copying when peeking events
- kvm: fix previous commit for 32-bit builds
- NFS: Fix use-after-free in nfs4_init_client()
- NFSv4: Fix second deadlock in nfs4_evict_inode()
- NFSv4: nfs4_proc_set_acl needs to restore NFS_CAP_UIDGID_NOMAP on error.
- scsi: core: Fix error handling of scsi_host_alloc()
- scsi: core: Put .shost_dev in failure path if host state changes to
RUNNING
- scsi: core: Only put parent device if host state differs from
SHOST_CREATED
- ftrace: Do not blindly read the ip address in ftrace_bug()
- tracing: Correct the length check which causes memory corruption
- proc: only require mm_struct for writing
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.196
- net: ieee802154: fix null deref in parse dev addr
- HID: quirks: Set INCREMENT_USAGE_ON_DUPLICATE for Saitek X65
- HID: hid-sensor-hub: Return error for hid_set_field() failure
- HID: Add BUS_VIRTUAL to hid_connect logging
- HID: usbhid: fix info leak in hid_submit_ctrl
- gfs2: Prevent direct-I/O write fallback errors from getting lost
- gfs2: Fix use-after-free in gfs2_glock_shrink_scan
- scsi: target: core: Fix warning on realtime kernels
- ethernet: myri10ge: Fix missing error code in myri10ge_probe()
- scsi: scsi_devinfo: Add blacklist entry for HPE OPEN-V
- net: ipconfig: Don't override command-line hostnames or domains
- rtnetlink: Fix missing error code in rtnl_bridge_notify()
- net: Return the correct errno code
- fib: Return the correct errno code
- afs: Fix an IS_ERR() vs NULL check
- mm/memory-failure: make sure wait for page writeback in memory_failure
- batman-adv: Avoid WARN_ON timing related checks
- net: ipv4: fix memory leak in netlbl_cipsov4_add_std
- net: rds: fix memory leak in rds_recvmsg
- udp: fix race between close() and udp_abort()
- rtnetlink: Fix regression in bridge VLAN configuration
- net/mlx5e: Block offload of outer header csum for UDP tunnels
- netfilter: synproxy: Fix out of bounds when parsing TCP options
- sch_cake: Fix out of bounds when parsing TCP options and header
- alx: Fix an error handling path in 'alx_probe()'
- net: stmmac: dwmac1000: Fix extended MAC address registers definition
- net: add documentation to socket.c
- net: make get_net_ns return error if NET_NS is disabled
- qlcnic: Fix an error handling path in 'qlcnic_probe()'
- netxen_nic: Fix an error handling path in 'netxen_nic_probe()'
- ptp: ptp_clock: Publish scaled_ppm_to_ppb
- ptp: improve max_adj check against unreasonable values
- net: cdc_ncm: switch to eth%d interface naming
- net: usb: fix possible use-after-free in smsc75xx_bind
- [armhf] net: fec_ptp: fix issue caused by refactor the fec_devtype
- net: ipv4: fix memory leak in ip_mc_add1_src
- net/af_unix: fix a data-race in unix_dgram_sendmsg / unix_release_sock
- be2net: Fix an error handling path in 'be_probe()'
- net: hamradio: fix memory leak in mkiss_close
- net: cdc_eem: fix tx fixup skb leak
- icmp: don't send out ICMP messages with a source address of 0.0.0.0
- radeon: use memcpy_to/fromio for UVD fw upload
- hwmon: (scpi-hwmon) shows the negative temperature properly
- can: mcba_usb: fix memory leak in mcba_usb
- usb: core: hub: Disable autosuspend for Cypress CY7C65632
- tracing: Do not stop recording cmdlines when tracing is off
- tracing: Do not stop recording comms if the trace file is being read
- tracing: Do no increment trace_clock_global() by one
- PCI: Mark TI C667X to avoid bus reset
- PCI: Mark some NVIDIA GPUs to avoid bus reset
- PCI: Add ACS quirk for Broadcom BCM57414 NIC
- PCI: Work around Huawei Intelligent NIC VF FLR erratum
- [arm64,armhf] dmaengine: pl330: fix wrong usage of spinlock flags in
dma_cyclc
- net: bridge: fix vlan tunnel dst null pointer dereference
- net: bridge: fix vlan tunnel dst refcnt when egressing
- mm/slub: clarify verification reporting
- mm/slub.c: include swab.h
- [armhf] net: fec_ptp: add clock rate zero check
- [arm64,armhf] KVM: arm/arm64: Fix KVM_VGIC_V3_ADDR_TYPE_REDIST read
- can: bcm/raw/isotp: use per module netdevice notifier
- inet: use bigger hash table for IP ID generation
- [arm64,armhf] usb: dwc3: debugfs: Add and remove endpoint dirs dynamically
- [arm64,armhf] usb: dwc3: core: fix kernel panic when do reboot
- [x86] fpu: Reset state for all signal restore failures
- module: limit enabling module.sig_enforce (CVE-2021-35039)
- drm/nouveau: wait for moving fence after pinning v2
- drm/radeon: wait for moving fence after pinning
- Revert "PCI: PM: Do not read power state in pci_enable_device_flags()"
- mac80211: remove warning in ieee80211_get_sband()
- cfg80211: call cfg80211_leave_ocb when switching away from OCB
- mac80211: drop multicast fragments
- net: ethtool: clear heap allocations for ethtool function
- ping: Check return value of function 'ping_queue_rcv_skb'
- inet: annotate date races around sk->sk_txhash
- net/packet: annotate accesses to po->bind
- net/packet: annotate accesses to po->ifindex
- r8152: Avoid memcpy() over-reading of ETH_SS_STATS
- r8169: Avoid memcpy() over-reading of ETH_SS_STATS
- net: qed: Fix memcpy() overflow of qed_dcbx_params()
- [x86] PCI: Add AMD RS690 quirk to enable 64-bit DMA
- nilfs2: fix memory leak in nilfs_sysfs_delete_device_group
- i2c: robotfuzz-osif: fix control-request directions
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.197
- mm: add VM_WARN_ON_ONCE_PAGE() macro
- mm/rmap: remove unneeded semicolon in page_not_mapped()
- mm/rmap: use page_not_mapped in try_to_unmap()
- mm/thp: fix __split_huge_pmd_locked() on shmem migration entry
- mm/thp: make is_huge_zero_pmd() safe and quicker
- mm/thp: try_to_unmap() use TTU_SYNC for safe splitting
- mm/thp: fix vma_address() if virtual address below file offset
- mm/thp: fix page_address_in_vma() on file THP tails
- mm/thp: unmap_mapping_page() to fix THP truncate_cleanup_page()
- mm: thp: replace DEBUG_VM BUG with VM_WARN when unmap fails for split
- mm: page_vma_mapped_walk(): use page for pvmw->page
- mm: page_vma_mapped_walk(): settle PageHuge on entry
- mm: page_vma_mapped_walk(): use pmde for *pvmw->pmd
- mm: page_vma_mapped_walk(): prettify PVMW_MIGRATION block
- mm: page_vma_mapped_walk(): crossing page table boundary
- mm: page_vma_mapped_walk(): add a level of indentation
- mm: page_vma_mapped_walk(): use goto instead of while (1)
- mm: page_vma_mapped_walk(): get vma_address_end() earlier
- mm/thp: fix page_vma_mapped_walk() if THP mapped by ptes
- mm/thp: another PVMW_SYNC fix in page_vma_mapped_walk()
- mm, futex: fix shared futex pgoff on shmem huge page
- scsi: sr: Return appropriate error code when disk is ejected
- drm/nouveau: fix dma_address check for CPU/GPU sync
- ext4: eliminate bogus error in ext4_data_block_valid_rcu()
- kthread_worker: split code for canceling the delayed work timer
- kthread: prevent deadlock when kthread_mod_delayed_work() races with
kthread_cancel_delayed_work_sync()
- xen/events: reset active flag for lateeoi events later
- [x86] KVM: SVM: Call SEV Guest Decommission if ASID binding fails
- [armhf] OMAP: replace setup_irq() by request_irq()
- [armhf] clocksource/drivers/timer-ti-dm: Add clockevent and clocksource
support
- [armhf] clocksource/drivers/timer-ti-dm: Prepare to handle dra7 timer wrap
issue
- [armhf] clocksource/drivers/timer-ti-dm: Handle dra7 timer wrap errata
i940
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.198
- scsi: core: Retry I/O for Notify (Enable Spinup) Required error
- ALSA: usb-audio: fix rate on Ozone Z90 USB headset
- ALSA: usb-audio: Fix OOB access at proc output
- media: dvb-usb: fix wrong definition
- Input: usbtouchscreen - fix control-request directions
- net: can: ems_usb: fix use-after-free in ems_usb_disconnect()
- usb: gadget: eem: fix echo command packet response issue
- USB: cdc-acm: blacklist Heimann USB Appset device
- [arm64,armhf] usb: dwc3: Fix debugfs creation flow
- [x86] usb: typec: Add the missed altmode_id_remove() in
typec_register_altmode()
- xhci: solve a double free problem while doing s4
- iov_iter_fault_in_readable() should do nothing in xarray case
- Input: joydev - prevent use of not validated data in JSIOCSBTNMAP ioctl
(CVE-2021-3612)
- [armel,armhf] arm_pmu: Fix write counter incorrect in ARMv7 big-endian
mode
- btrfs: send: fix invalid path for unlink operations after parent
orphanization
- btrfs: clear defrag status of a root if starting transaction fails
- ext4: cleanup in-core orphan list if ext4_truncate() failed to get a
transaction handle
- ext4: fix kernel infoleak via ext4_extent_header
- ext4: return error code when ext4_fill_flex_info() fails
- ext4: correct the cache_nr in tracepoint ext4_es_shrink_exit
- ext4: remove check for zero nr_to_scan in ext4_es_scan()
- ext4: fix avefreec in find_group_orlov
- ext4: use ext4_grp_locked_error in mb_find_extent
- can: gw: synchronize rcu operations before removing gw job entry
- can: peak_pciefd: pucan_handle_status(): fix a potential starvation issue
in TX path
- SUNRPC: Fix the batch tasks count wraparound.
- SUNRPC: Should wake up the privileged task firstly.
- [s390x] cio: dont call css_wait_for_slow_path() inside a lock
- [x86] serial_cs: Add Option International GSM-Ready 56K/ISDN modem
- [x86] serial_cs: remove wrong GLOBETROTTER.cis entry
- ath9k: Fix kernel NULL pointer dereference during ath_reset_internal()
- ssb: sdio: Don't overwrite const buffer if block_write fails
- rsi: Assign beacon rate settings to the correct rate_info descriptor field
- rsi: fix AP mode with WPA failure due to encrypted EAPOL
- tracing/histograms: Fix parsing of "sym-offset" modifier
- tracepoint: Add tracepoint_probe_register_may_exist() for BPF tracing
- seq_buf: Make trace_seq_putmem_hex() support data longer than 8
- [powerpc*] stacktrace: Fix spurious "stale" traces in
raise_backtrace_ipi()
- fuse: check connected before queueing on fpq->io
- spi: Make of_register_spi_device also set the fwnode
- [i386] spi: spi-topcliff-pch: Fix potential double free in
pch_spi_process_messages()
- media: cpia2: fix memory leak in cpia2_usb_probe
- media: pvrusb2: fix warning in pvr2_i2c_core_done
- [x86] crypto: qat - check return code of qat_hal_rd_rel_reg()
- [x86] crypto: qat - remove unused macro in FW loader
- sched/fair: Fix ascii art by relpacing tabs
- media: em28xx: Fix possible memory leak of em28xx struct
- media: v4l2-core: Avoid the dangling pointer in v4l2_fh_release
- media: bt8xx: Fix a missing check bug in bt878_probe
- media: dvd_usb: memory leak in cinergyt2_fe_attach
- mmc: via-sdmmc: add a check against NULL pointer dereference
- crypto: shash - avoid comparing pointers to exported functions under CFI
- media: dvb_net: avoid speculation from net slot
- media: siano: fix device register error path
- btrfs: fix error handling in __btrfs_update_delayed_inode
- btrfs: abort transaction if we fail to update the delayed inode
- btrfs: disable build on platforms having page size 256K
- [armhf] regulator: da9052: Ensure enough delay time for
.set_voltage_time_sel
- HID: do not use down_interruptible() when unbinding devices
- ACPI: processor idle: Fix up C-state latency if not ordered
- [x86] hv_utils: Fix passing zero to 'PTR_ERR' warning
- lib: vsprintf: Fix handling of number field widths in vsscanf
- ACPI: EC: Make more Asus laptops use ECDT _GPE
- block_dump: remove block_dump feature in mark_inode_dirty()
- fs: dlm: cancel work sync othercon
- random32: Fix implicit truncation warning in prandom_seed_state()
- fs: dlm: fix memory leak when fenced
- ACPICA: Fix memory leak caused by _CID repair function
- ACPI: bus: Call kobject_put() in acpi_init() error path
- [x86] platform/x86: toshiba_acpi: Fix missing error code in
toshiba_acpi_setup_keyboard()
- clocksource: Retry clock read if long delays detected
- HID: wacom: Correct base usage for capacitive ExpressKey status bits
- [armhf] sata_highbank: fix deferred probing
- [mips*] pata_octeon_cf: avoid WARN_ON() in ata_host_activate()
- [x86] crypto: ccp - Fix a resource leak in an error handling path
- media: rc: i2c: Fix an error message
- media: gspca/gl860: fix zero-length control requests
- media: siano: Fix out-of-bounds warnings in
smscore_load_firmware_family2()
- btrfs: clear log tree recovering status if starting transaction fails
- [armhf] spi: spi-sun6i: Fix chipselect/clock bug
- ACPI: sysfs: Fix a buffer overrun problem with description_show()
- blk-wbt: introduce a new disable state to prevent false positive by
rwb_enabled()
- blk-wbt: make sure throttle is enabled properly
- ocfs2: fix snprintf() checking
- [arm64,armhf] net: mvpp2: Put fwnode in error case during ->probe()
- [i386] net: pch_gbe: Propagate error from devm_gpio_request_one()
- [arm64] drm/rockchip: cdn-dp-core: add missing clk_disable_unprepare() on
error in cdn_dp_grf_write()
- RDMA/rxe: Fix failure during driver load
- drm: qxl: ensure surf.data is ininitialized
- ieee802154: hwsim: Fix possible memory leak in hwsim_subscribe_all_others
- [arm64] wcn36xx: Move hal_buf allocation to devm_kmalloc in probe
- ssb: Fix error return code in ssb_bus_scan()
- brcmfmac: fix setting of station info chains bitmask
- brcmfmac: correctly report average RSSI in station info
- brcmsmac: mac80211_if: Fix a resource leak in an error handling path
- ath10k: Fix an error code in ath10k_add_interface()
- RDMA/mlx5: Don't add slave port to unaffiliated list
- netfilter: nft_exthdr: check for IPv6 packet before further processing
- netfilter: nft_osf: check for TCP packet before further processing
- netfilter: nft_tproxy: restrict support to TCP and UDP transport protocols
- RDMA/rxe: Fix qp reference counting for atomic ops
- pkt_sched: sch_qfq: fix qfq_change_class() error path
- vxlan: add missing rcu_read_lock() in neigh_reduce()
- net/ipv4: swap flow ports when validating source
- ieee802154: hwsim: Fix memory leak in hwsim_add_one
- ieee802154: hwsim: avoid possible crash in hwsim_del_edge_nl()
- mac80211: remove iwlwifi specific workaround NDPs of null_response
- ipv6: exthdrs: do not blindly use init_net
- bpf: Do not change gso_size during bpf_skb_change_proto()
- i40e: Fix error handling in i40e_vsi_open
- i40e: Fix autoneg disabling for non-10GBaseT links
- ipv6: fix out-of-bound access in ip6_parse_tlv()
- Bluetooth: mgmt: Fix slab-out-of-bounds in tlv_data_is_valid
- Bluetooth: Fix handling of HCI_LE_Advertising_Set_Terminated event
- writeback: fix obtain a reference to a freeing memcg css
- net: lwtunnel: handle MTU calculation in forwading
- net: sched: fix warning in tcindex_alloc_perfect_hash
- RDMA/mlx5: Don't access NULL-cleared mpi pointer
- tty: nozomi: Fix a resource leak in an error handling function
- mwifiex: re-fix for unaligned accesses
- [arm64] ASoC: hisilicon: fix missing clk_disable_unprepare() on error in
hi6210_i2s_startup()
- [x86] char: pcmcia: error out if 'num_bytes_read' is greater than 4 in
set_protocol()
- tty: nozomi: Fix the error handling path of 'nozomi_card_init()'
- scsi: FlashPoint: Rename si_flags field
- serial: 8250: Actually allow UPF_MAGIC_MULTIPLIER baud rates
- of: Fix truncation of memory sizes on 32-bit platforms
- [armhf] mtd: rawnand: marvell: add missing clk_disable_unprepare() on
error in marvell_nfc_resume()
- scsi: mpt3sas: Fix error return value in _scsih_expander_add()
- configfs: fix memleak in configfs_release_bin_file
- [powerpc*] Offline CPU in stop_this_cpu()
- [arm64] serial: mvebu-uart: correctly calculate minimal possible baudrate
- vfio/pci: Handle concurrent vma faults
- mm/huge_memory.c: don't discard hugepage if other processes are mapping it
- mmc: block: Disable CMDQ on the ioctl path
- mmc: vub3000: fix control-request direction
- drm/amd/amdgpu/sriov disable all ip hw status by default
- [i386] net: pch_gbe: Use proper accessors to BE data in pch_ptp_match()
- hugetlb: clear huge pte during flush function on mips platform
- atm: iphase: fix possible use-after-free in ia_module_exit()
- mISDN: fix possible use-after-free in HFC_cleanup()
- atm: nicstar: Fix possible use-after-free in nicstar_cleanup()
- net: Treat __napi_schedule_irqoff() as __napi_schedule() on PREEMPT_RT
- reiserfs: add check for invalid 1st journal block
- drm/virtio: Fix double free on probe failure
- udf: Fix NULL pointer dereference in udf_symlink function
- e100: handle eeprom as little endian
- [arm64,armhf] clk: tegra: Ensure that PLLU configuration is applied
properly
- ipv6: use prandom_u32() for ID generation
- RDMA/cxgb4: Fix missing error code in create_qp()
- dm space maps: don't reset space map allocation cursor when committing
- [armhf] pinctrl: mcp23s08: fix race condition in irq handler
- ice: set the value of global config lock timeout longer
- virtio_net: Remove BUG() to avoid machine dead
- [arm64,armhf] net: mvpp2: check return value after calling
platform_get_resource()
- [amd64] fjes: check return value after calling platform_get_resource()
- selinux: use __GFP_NOWARN with GFP_NOWAIT in the AVC
- xfrm: Fix error reporting in xfrm_state_construct.
- [arm64,armhf] wlcore/wl12xx: Fix wl12xx get_mac error if device is in ELP
- [arm64,armhf] wl1251: Fix possible buffer overflow in wl1251_cmd_scan
- net: fix mistake path for netdev_features_strings
- rtl8xxxu: Fix device info for RTL8192EU devices
- atm: nicstar: use 'dma_free_coherent' instead of 'kfree'
- atm: nicstar: register the interrupt handler in the right place
- vsock: notify server to shutdown when client has pending signal
- RDMA/rxe: Don't overwrite errno from ib_umem_get()
- iwlwifi: mvm: don't change band on bound PHY contexts
- iwlwifi: pcie: free IML DMA memory allocation
- sfc: avoid double pci_remove of VFs
- sfc: error code if SRIOV cannot be disabled
- wireless: wext-spy: Fix out-of-bounds warning
- net: ip: avoid OOM kills with large UDP sends over loopback
- RDMA/cma: Fix rdma_resolve_route() memory leak
- Bluetooth: Fix the HCI to MGMT status conversion table
- Bluetooth: Shutdown controller after workqueues are flushed or cancelled
- Bluetooth: btusb: fix bt fiwmare downloading failure issue for qca btsoc.
- sctp: validate from_addr_param return (CVE-2021-3655)
- sctp: add size validation when walking chunks (CVE-2021-3655)
- fscrypt: don't ignore minor_hash when hash is 0
- bdi: Do not use freezable workqueue
- [arm64] serial: mvebu-uart: clarify the baud rate derivation
- [arm64] serial: mvebu-uart: fix calculation of clock divisor
- fuse: reject internal errno
- [powerpc*] barrier: Avoid collision with clang's __lwsync macro
- usb: gadget: f_fs: Fix setting of device and driver data cross-references
- drm/radeon: Add the missed drm_gem_object_put() in
radeon_user_framebuffer_create()
- pinctrl/amd: Add device HID for new AMD GPIO controller
- [arm64] drm/msm/mdp4: Fix modifier support enabling
- mmc: sdhci: Fix warning message when accessing RPMB in HS400 mode
- mmc: core: clear flags before allowing to retune
- mmc: core: Allow UHS-I voltage switch for SDSC cards if supported
- [armhf] ata: ahci_sunxi: Disable DIPM
- cpu/hotplug: Cure the cpusets trainwreck
- [arm64,armhf] clocksource/arm_arch_timer: Improve Allwinner A64 timer
workaround
- [arm64,armhf] ASoC: tegra: Set driver_name=tegra for all machine drivers
- qemu_fw_cfg: Make fw_cfg_rev_attr a proper kobj_attribute
- ipmi/watchdog: Stop watchdog timer when the current action is 'none'
- seq_buf: Fix overflow in seq_buf_putmem_hex()
- tracing: Simplify & fix saved_tgids logic
- tracing: Resize tgid_map to pid_max, not PID_MAX_DEFAULT
- dm btree remove: assign new_root only when removal succeeds
- PCI: Leave Apple Thunderbolt controllers on for s2idle or standby
- [arm64] PCI: aardvark: Fix checking for PIO Non-posted Request
- media: subdev: disallow ioctl for saa6588/davinci
- media: dtv5100: fix control-request directions
- media: zr364xx: fix memory leak in zr364xx_start_readpipe
- media: gspca/sq905: fix control-request direction
- media: gspca/sunplus: fix zero-length control requests
- media: uvcvideo: Fix pixel format change for Elgato Cam Link 4K
- [armhf] pinctrl: mcp23s08: Fix missing unlock on error in mcp23s08_irq()
- jfs: fix GPF in diFree
- [x86] KVM: x86: Use guest MAXPHYADDR from CPUID.0x8000_0008 iff TDP is
enabled
- [x86] KVM: X86: Disable hardware breakpoints unconditionally before
kvm_x86->run()
- scsi: core: Fix bad pointer dereference when ehandler kthread is invalid
- tracing: Do not reference char * as a string in histograms
- [arm64] PCI: aardvark: Don't rely on jiffies while holding spinlock
- [arm64] PCI: aardvark: Fix kernel panic during PIO transfer
- [x86] misc/libmasm/module: Fix two use after free in ibmasm_init_one
- Revert "ALSA: bebob/oxfw: fix Kconfig entry for Mackie d.2 Pro"
- w1: ds2438: fixing bug that would always get page0
- scsi: lpfc: Fix "Unexpected timeout" error in direct attach topology
- scsi: lpfc: Fix crash when lpfc_sli4_hba_setup() fails to initialize the
SGLs
- scsi: core: Cap scsi_host cmd_per_lun at can_queue
- [x86] tty: serial: 8250: serial_cs: Fix a memory leak in error handling
path
- scsi: scsi_dh_alua: Check for negative result value
- fs/jfs: Fix missing error code in lmLogInit()
- scsi: iscsi: Add iscsi_cls_conn refcount helpers
- scsi: iscsi: Fix conn use after free during resets
- scsi: iscsi: Fix shost->max_id use
- scsi: qedi: Fix null ref during abort handling
- [armhf] mfd: da9052/stmpe: Add and modify MODULE_DEVICE_TABLE
- [s390x] sclp_vt220: fix console name to match device (Closes: #961056)
- [i386] ALSA: sb: Fix potential double-free of CSP mixer elements
- [powerpc*] ps3: Add dma_mask to ps3_dma_region
- [arm64] gpio: zynq: Check return value of pm_runtime_get_sync
- [arm64,armhf] gpio: pca953x: Add support for the On Semi pca9655
- ASoC: soc-core: Fix the error return code in
snd_soc_of_parse_audio_routing()
- ALSA: bebob: add support for ToneWeal FW66
- usb: gadget: f_hid: fix endianness issue with descriptors
- [powerpc*] boot: Fixup device-tree on little endian
- [arm64,armhf] ALSA: hda: Add IRQ check for platform_get_irq()
- [x86] intel_th: Wait until port is in reset before programming it
- i2c: core: Disable client irq on reboot/shutdown
- lib/decompress_unlz4.c: correctly handle zero-padding around initrds.
- [x86] power: supply: max17042: Do not enforce (incorrect) interrupt
trigger type
- [armel,armhf] power: reset: gpio-poweroff: add missing MODULE_DEVICE_TABLE
- [x86] watchdog: Fix possible use-after-free in wdt_startup()
- [x86] watchdog: Fix possible use-after-free by calling del_timer_sync()
- [x86] watchdog: iTCO_wdt: Account for rebooting on second timeout
- [x86] fpu: Return proper error codes from user access functions
- [arm64,armhf] PCI: tegra: Add missing MODULE_DEVICE_TABLE
- orangefs: fix orangefs df output.
- ceph: remove bogus checks and WARN_ONs from ceph_set_page_dirty
- NFS: nfs_find_open_context() may only select open files
- [arm64,armhf] pwm: tegra: Don't modify HW state in .remove callback
- [arm64] ACPI: AMBA: Fix resource name in /proc/iomem
- [x86] ACPI: video: Add quirk for the Dell Vostro 3350
- virtio-blk: Fix memory leak among suspend/resume procedure
- virtio_net: Fix error handling in virtnet_restore()
- virtio_console: Assure used length from device is limited (CVE-2021-38160)
- f2fs: add MODULE_SOFTDEP to ensure crc32 is included in the initramfs
- PCI/sysfs: Fix dsm_label_utf16s_to_utf8s() buffer overrun
- NFSv4: Initialise connection to the server in nfs4_alloc_client()
(CVE-2021-38199)
- nfs: fix acl memory leak of posix_acl_create()
- ubifs: Set/Clear I_LINKABLE under i_lock for whiteout inode
- [x86] fpu: Limit xstate copy size in xstateregs_set()
- virtio_net: move tx vq operation under tx queue lock
- [i386] ALSA: isa: Fix error return code in snd_cmi8330_probe()
- NFSv4/pNFS: Don't call _nfs4_pnfs_v3_ds_connect multiple times
- rtc: fix snprintf() checking in is_rtc_hctosys()
- [arm64,armhf] reset: bail if try_module_get() fails
- [armhf] dts: am335x: align ti,pindir-d0-out-d1-in property with dt-shema
- scsi: be2iscsi: Fix an error handling path in beiscsi_dev_probe()
- net: bridge: multicast: fix PIM hello router port marking race
- scsi: scsi_dh_alua: Fix signedness bug in alua_rtpg()
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.199
- [armhf] dts: rockchip: fix pinctrl sleep nodename for rk3036-kylin and
rk3288
- [armhf] imx: pm-imx5: Fix references to imx5_cpu_suspend_info
- [armhf] dts: rockchip: fix supply properties in io-domains nodes
- [arm64,armhf] soc/tegra: fuse: Fix Tegra234-only builds
- thermal/core: Correct function name thermal_zone_device_unregister()
- [arm64,armhf] rtc: max77686: Do not enforce (incorrect) interrupt trigger
type
- scsi: aic7xxx: Fix unintentional sign extension issue on left shift of u8
- scsi: libsas: Add LUN number check in .slave_alloc callback
- scsi: libfc: Fix array index out of bound exception
- sched/fair: Fix CFS bandwidth hrtimer expiry type
- mm: slab: fix kmem_cache_create failed when sysfs node not destroyed
- dm writecache: return the exact table values that were set
- dm writecache: fix writing beyond end of underlying device when shrinking
- [arm64,armhf] net: dsa: mv88e6xxx: enable .rmu_disable() on Topaz
- net: ipv6: fix return value of ip6_skb_dst_mtu
- netfilter: ctnetlink: suspicious RCU usage in ctnetlink_dump_helpinfo
- net: bridge: sync fdb to new unicast-filtering ports
- [arm64] net: qcom/emac: fix UAF in emac_remove
- net: ti: fix UAF in tlan_remove_one
- net: send SYNACK packet with accepted fwmark
- net: validate lwtstate->data before returning from skb_tunnel_info()
- dma-buf/sync_file: Don't leak fences on merge failure
- tcp: annotate data races around tp->mtu_info
- ipv6: tcp: drop silly ICMPv6 packet too big messages
- udp: annotate data races around unix_sk(sk)->gso_size
- net: ip_tunnel: fix mtu calculation for ETHER tunnel devices
- igb: Fix use-after-free error during reset
- ixgbe: Fix an error handling path in 'ixgbe_probe()'
- igb: Fix an error handling path in 'igb_probe()'
- e1000e: Fix an error handling path in 'e1000_probe()'
- iavf: Fix an error handling path in 'iavf_probe()'
- igb: Check if num of q_vectors is smaller than max before array access
- igb: Fix position of assignment to *ring
- ipv6: fix 'disable_policy' for fwd packets
- nvme-pci: do not call nvme_dev_remove_admin from nvme_remove
- liquidio: Fix unintentional sign extension issue on left shift of u16
- net: fix uninit-value in caif_seqpkt_sendmsg
- net: decnet: Fix sleeping inside in af_decnet
- [powerpc*] KVM: PPC: Fix kvm_arch_vcpu_ioctl vcpu_load leak
- netrom: Decrease sock refcount when sock timers expire
- scsi: iscsi: Fix iface sysfs attr detection
- scsi: target: Fix protect handling in WRITE SAME(32)
- net/tcp_fastopen: fix data races around tfo_active_disable_stamp
- net/sched: act_skbmod: Skip non-Ethernet packets
- nvme-pci: don't WARN_ON in nvme_reset_work if ctrl.state is not RESETTING
- Revert "USB: quirks: ignore remote wake-up on Fibocom L850-GL LTE modem"
- sctp: update active_key for asoc when old key is being replaced
- net: sched: cls_api: Fix the the wrong parameter
- [arm64,armhf] drm/panel: raspberrypi-touchscreen: Prevent double-free
- proc: Avoid mixing integer types in mem_rw()
- [s390x] ftrace: fix ftrace_update_ftrace_func implementation
- ALSA: usb-audio: Add registration quirk for JBL Quantum headsets
- [i386] ALSA: sb: Fix potential ABBA deadlock in CSP driver
- xhci: Fix lost USB 2 remote wake
- [powerpc*] KVM: PPC: Book3S: Fix H_RTAS rets buffer overflow
(CVE-2021-37576)
- usb: hub: Disable USB 3 device initiated lpm if exit latency is too high
- usb: hub: Fix link power management max exit latency (MEL) calculations
- USB: usb-storage: Add LaCie Rugged USB3-FW to IGNORE_UAS
- USB: serial: option: add support for u-blox LARA-R6 family
- USB: serial: cp210x: fix comments for GE CS1000
- USB: serial: cp210x: add ID for CEL EM3588 USB ZigBee stick
- [arm*] usb: dwc2: gadget: Fix sending zero length packet in DDMA mode.
- tracing: Fix bug in rb_per_cpu_empty() that might cause deadloop.
(CVE-2021-3679)
- media: ngene: Fix out-of-bounds bug in ngene_command_config_free_buf()
- ixgbe: Fix packet corruption due to missing DMA sync
- drm: Return -ENOTTY for non-drm ioctls
- KVM: do not assume PTE is writable after follow_pfn
- KVM: do not allow mapping valid but non-reference-counted pages
(CVE-2021-22543)
- KVM: Use kvm_pfn_t for local PFN variable in hva_to_pfn_remapped()
- [arm64,armhf] net: dsa: mv88e6xxx: use correct .stats_set_histogram() on
Topaz
- btrfs: compression: don't try to compress if we don't have enough pages
- PCI: Mark AMD Navi14 GPU ATS as broken
- xhci: add xhci_get_virt_ep() helper
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.200
- [x86] KVM: determine if an exception has an error code only when injecting
it.
- net: split out functions related to registering inflight socket files
- af_unix: fix garbage collect vs MSG_PEEK
- workqueue: fix UAF in pwq_unbound_release_workfn()
- net/802/mrp: fix memleak in mrp_request_join()
- net/802/garp: fix memleak in garp_request_join()
- net: annotate data race around sk_ll_usec
- sctp: move 198 addresses from unusable to private scope
- hfs: add missing clean-up in hfs_fill_super
- hfs: fix high memory mapping in hfs_bnode_read
- hfs: add lock nesting notation to hfs_find_init
- cifs: fix the out of range assignment to bit fields in
parse_server_interfaces
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.201
- virtio_net: Do not pull payload in skb->head
- gro: ensure frag0 meets IP header alignment
- [x86] asm: Ensure asm/proto.h can be included stand-alone
- btrfs: fix rw device counting in __btrfs_free_extra_devids
- [x86] kvm: fix vcpu-id indexed array sizes
- ocfs2: fix zero out valid data
- ocfs2: issue zeroout to EOF blocks
- can: raw: raw_setsockopt(): fix raw_rcv panic for sock UAF
- can: mcba_usb_start(): add missing urb->transfer_dma initialization
- can: usb_8dev: fix memory leak
- can: ems_usb: fix memory leak
- can: esd_usb2: fix memory leak
- NIU: fix incorrect error return, missed in previous revert
- nfc: nfcsim: fix use after free during module unload
- cfg80211: Fix possible memory leak in function cfg80211_bss_update
- netfilter: conntrack: adjust stop timestamp to real expiry value
- netfilter: nft_nat: allow to specify layer 4 protocol NAT only
- i40e: Fix logic of disabling queues
- i40e: Fix log TC creation failure when max num of queues is exceeded
- tipc: fix sleeping in tipc accept routine
- mlx4: Fix missing error code in mlx4_load_one()
- net: llc: fix skb_over_panic
- net/mlx5: Fix flow table chaining
- sctp: fix return value check in __sctp_rcv_asconf_lookup
- tulip: windbond-840: Fix missing pci_disable_device() in probe and remove
- sis900: Fix missing pci_disable_device() in probe and remove
- [powerpc*] pseries: Fix regression while building external modules
- i40e: Add additional info to PHY type error
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.202
- btrfs: mark compressed range uptodate only if all bio succeed
- r8152: Fix potential PM refcount imbalance
- qed: fix possible unpaired spin_{un}lock_bh in _qed_mcp_cmd_and_union()
- net: Fix zero-copy head len calculation.
- bdi: move bdi_dev_name out of line
- bdi: use bdi_dev_name() to get device name
- bdi: add a ->dev_name field to struct backing_dev_info
- Revert "Bluetooth: Shutdown controller after workqueues are flushed or
cancelled"
- [x86] Revert "watchdog: iTCO_wdt: Account for rebooting on second timeout"
- padata: validate cpumask without removed CPU during offline
- padata: add separate cpuhp node for CPUHP_PADATA_DEAD
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.203
- Revert "ACPICA: Fix memory leak caused by _CID repair function"
- ALSA: seq: Fix racy deletion of subscriber
- [armhf] imx: add missing iounmap()
- ALSA: usb-audio: fix incorrect clock source setting
- scsi: sr: Return correct event when media event code is 3
- media: videobuf2-core: dequeue if start_streaming fails
- net: natsemi: Fix missing pci_disable_device() in probe and remove
- sctp: move the active_key update after sh_keys is added
- nfp: update ethtool reporting of pauseframe control
- net: ipv6: fix returned variable type in ip6_skb_dst_mtu
- bnx2x: fix an error code in bnx2x_nic_load()
- net: pegasus: fix uninit-value in get_interrupt_interval
- [armhf] net: fec: fix use-after-free in fec_drv_remove
- net: vxge: fix use-after-free in vxge_device_unregister
- Bluetooth: defer cleanup of resources in hci_unregister_dev()
- USB: usbtmc: Fix RCU stall warning
- USB: serial: option: add Telit FD980 composition 0x1056
- USB: serial: ch341: fix character loss at high transfer rates
- USB: serial: ftdi_sio: add device ID for Auto-M3 OP-COM v2
- firmware_loader: use -ETIMEDOUT instead of -EAGAIN in
fw_load_sysfs_fallback
- firmware_loader: fix use-after-free in firmware_fallback_sysfs
- ALSA: usb-audio: Add registration quirk for JBL Quantum 600
- usb: gadget: f_hid: added GET_IDLE and SET_IDLE handlers
- usb: gadget: f_hid: fixed NULL pointer dereference
- usb: gadget: f_hid: idle uses the highest byte for duration
- tracing/histogram: Rename "cpu" to "common_cpu"
- [arm64] optee: Clear stale cache entries during initialization
- staging: rtl8723bs: Fix a resource leak in sd_int_dpc
- media: rtl28xxu: fix zero-length control request
- pipe: increase minimum default pipe size to 2 pages
- ext4: fix potential htree corruption when growing large_dir directories
- serial: 8250: Mask out floating 16/32-bit bus bits
- [mips*] Malta: Do not byte-swap accesses to the CBUS UART
- [x86] pcmcia: i82092: fix a null pointer dereference bug
- [x86] KVM: accept userspace interrupt only if no event is injected
- [x86] KVM: x86/mmu: Fix per-cpu counter corruption on 32-bit builds
- [armhf] spi: meson-spicc: fix memory leak in meson_spicc_remove
- qmi_wwan: add network device usage statistics for qmimux devices
- libata: fix ata_pio_sector for CONFIG_HIGHMEM
- reiserfs: add check for root_inode in reiserfs_fill_super
- reiserfs: check directory items on read from disk
- net/qla3xxx: fix schedule while atomic in ql_wait_for_drvr_lock and
ql_adapter_reset
- [armhf] imx: add mmdc ipg clock operation for mmdc
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.204
- [x86] KVM: SVM: Fix off-by-one indexing when nullifying last used SEV VMCB
- bpf: Inherit expanded/patched seen count from old aux data
(CVE-2021-33624)
- bpf: Do not mark insn as seen under speculative path verification
(CVE-2021-33624)
- bpf: Fix leakage under speculation on mispredicted branches
(CVE-2021-33624)
- [x86] KVM: MMU: Use the correct inherited permissions to get shadow page
(CVE-2021-38198)
- USB:ehci:fix Kunpeng920 ehci hardware problem
- ppp: Fix generating ppp unit id when ifname is not specified
- ovl: prevent private clone if bind mount is not allowed CVE-2021-3732)
- net: xilinx_emaclite: Do not print real IOMEM pointer (CVE-2021-38205)
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.205
- [x86] ASoC: intel: atom: Fix reference to PCM buffer address
- i2c: dev: zero out array used for i2c reads from userspace
- [amd64,arm64] ACPI: NFIT: Fix support for virtual SPA ranges
- ieee802154: hwsim: fix GPF in hwsim_set_edge_lqi
- ieee802154: hwsim: fix GPF in hwsim_new_edge_nl
- ppp: Fix generating ifname when empty IFLA_IFNAME is specified
- net: Fix memory leak in ieee802154_raw_deliver
- net: igmp: fix data-race in igmp_ifc_timer_expire()
- net: bridge: fix memleak in br_add_if()
- tcp_bbr: fix u32 wrap bug in round logic if bbr_init() called after 2B
packets
- net: igmp: increase size of mr_ifc_count
- xen/events: Fix race in set_evtchn_to_irq
- vsock/virtio: avoid potential deadlock when vsock device remove
- [powerpc*] kprobes: Fix kprobe Oops happens in booke
- genirq: Provide IRQCHIP_AFFINITY_PRE_STARTUP
- [x86] msi: Force affinity setup before startup
- [x86] ioapic: Force affinity setup before startup
- genirq/msi: Ensure deactivation on teardown
- PCI/MSI: Enable and mask MSI-X early
- PCI/MSI: Do not set invalid bits in MSI mask
- PCI/MSI: Correct misleading comments
- PCI/MSI: Use msi_mask_irq() in pci_msi_shutdown()
- PCI/MSI: Protect msi_desc::masked for multi-MSI
- PCI/MSI: Mask all unused MSI-X entries
- PCI/MSI: Enforce that MSI-X table entry is masked for update
- PCI/MSI: Enforce MSI[X] entry updates to be visible
- [amd64] iommu/vt-d: Fix agaw for a supported 48 bit guest address width
- mac80211: drop data frames without key on encrypted links
- [x86] KVM: nSVM: always intercept VMLOAD/VMSAVE when nested
(CVE-2021-3656)
- [x86] KVM: nSVM: avoid picking up unsupported bits from L2 in int_ctl
(CVE-2021-3653)
- [x86] fpu: Make init_fpstate correct with optimized XSAVE
- ath: Use safer key clearing with key cache entries (CVE-2020-3702)
- ath9k: Clear key cache explicitly on disabling hardware (CVE-2020-3702)
- ath: Export ath_hw_keysetmac() (CVE-2020-3702)
- ath: Modify ath_key_delete() to not need full key entry (CVE-2020-3702)
- ath9k: Postpone key cache entry deletion for TXQ frames reference it
(CVE-2020-3702)
- dmaengine: of-dma: router_xlate to return -EPROBE_DEFER if controller is
not yet available
- scsi: megaraid_mm: Fix end of loop tests for list_for_each_entry()
- scsi: scsi_dh_rdac: Avoid crash during rdac_bus_attach()
- scsi: core: Avoid printing an error if target_alloc() returns -ENXIO
- net: usb: lan78xx: don't modify phy_device state concurrently
- Bluetooth: hidp: use correct wait queue when removing ctrl_wait
- [arm64] cpufreq: armada-37xx: forbid cpufreq for 1.2 GHz variant
- vhost: Fix the calculation in vhost_overflow()
- bnxt: don't lock the tx queue from napi poll
- bnxt: disable napi before canceling DIM
- net: 6pack: fix slab-out-of-bounds in decode_data
- net: qlcnic: add missed unlock in qlcnic_83xx_flash_read32
- [arm64,armhf] net: mdio-mux: Don't ignore memory allocation errors
- [arm64,armhf] net: mdio-mux: Handle -EPROBE_DEFER correctly
- [arm64,armhf] mmc: dw_mmc: Fix hang on data CRC error
- ALSA: hda - fix the 'Capture Switch' value change notifications
- btrfs: prevent rename2 from exchanging a subvol with a directory from
different parents
- PCI: Increase D3 delay for AMD Renoir/Cezanne XHCI
- [x86] ASoC: intel: atom: Fix breakage for PCM buffer address setup
- locks: print a warning when mount fails due to lack of "mand" support
- fs: warn about impending deprecation of mandatory locks
- netfilter: nft_exthdr: fix endianness of tcp option cast
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.206
- net: qrtr: fix another OOB Read in qrtr_endpoint_post (CVE-2021-3743)
- bpf: Do not use ax register in interpreter on div/mod
- bpf: Fix 32 bit src register truncation on div/mod (CVE-2021-3600)
- bpf: Fix truncation handling for mod32 dst reg wrt zero (CVE-2021-3444)
- netfilter: conntrack: collect all entries in one cycle
- once: Fix panic when module unload
- can: usb: esd_usb2: esd_usb2_rx_event(): fix the interchange of the CAN RX
and TX error counters
- Revert "USB: serial: ch341: fix character loss at high transfer rates"
- USB: serial: option: add new VID/PID to support Fibocom FG150
- [arm64,armhf] usb: dwc3: gadget: Fix dwc3_calc_trbs_left()
- [arm64,armhf] usb: dwc3: gadget: Stop EP0 transfers during pullup disable
- [amd64] IB/hfi1: Fix possible null-pointer dereference in
_extend_sdma_tx_descs()
- e1000e: Fix the max snoop/no-snoop latency for 10M
- ip_gre: add validation for csum_start
- [arm64] xgene-v2: Fix a resource leak in the error handling path of
'xge_probe()'
- [arm64,armhf] net: marvell: fix MVNETA_TX_IN_PRGRS bit number
- [arm64] net: hns3: fix get wrong pfc_en when query PFC configuration
- usb: gadget: u_audio: fix race condition on endpoint stop
- opp: remove WARN when no valid OPPs remain
- virtio: Improve vq->broken access to avoid any compiler optimization
- virtio_pci: Support surprise removal of virtio pci device
- [amd64] vringh: Use wiov->used to check for read/write desc order
- qed: qed ll2 race condition fixes
- qed: Fix null-pointer dereference in qed_rdma_create_qp()
- drm: Copy drm_wait_vblank to user before returning
- drm/nouveau/disp: power down unused DP links during init
- net/rds: dma_map_sg is entitled to merge entries
- vt_kdsetmode: extend console locking (CVE-2021-3753)
- fbmem: add margin check to fb_check_caps()
- [x86] KVM: x86/mmu: Treat NX as used (not reserved) for all !TDP shadow
MMUs
- Revert "floppy: reintroduce O_NDELAY fix"
- net: don't unconditionally copy_from_user a struct ifreq for socket ioctls
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.207
- ext4: fix race writing to an inline_data file while its xattrs are
changing (CVE-2021-40490)
- [armhf] gpu: ipu-v3: Fix i.MX IPU-v3 offset calculations for (semi)planar
U/V formats
- qed: Fix the VF msix vectors flow
- [arm64] net: macb: Add a NULL check on desc_ptp
- qede: Fix memset corruption
- [x86] perf/x86/intel/pt: Fix mask of num_address_ranges
- [x86] perf/x86/amd/ibs: Work around erratum #1197
- [armel,armhf] 8918/2: only build return_address() if needed
- ALSA: pcm: fix divide error in snd_pcm_lib_ioctl
- clk: fix build warning for orphan_list
- media: stkwebcam: fix memory leak in stk_camera_probe
- [armhf] imx: add missing clk_disable_unprepare()
- [armhf] imx: fix missing 3rd argument in macro imx_mmdc_perf_init
- igmp: Add ip_mc_list lock in ip_check_mc_rcu
- ipv4/icmp: l3mdev: Perform icmp error route lookup on source device
routing table (v2)
- SUNRPC/nfs: Fix return value for nfs4_callback_compound()
- [powerpc*] module64: Fix comment in R_PPC64_ENTRY handling
- [powerpc*] boot: Delete unneeded .globl _zimage_start
- mm/page_alloc: speed up the iteration of max_order
- Revert "btrfs: compression: don't try to compress if we don't have enough
pages"
- ALSA: usb-audio: Add registration quirk for JBL Quantum 800
- [x86] reboot: Limit Dell Optiplex 990 quirk to early BIOS versions
- PCI: Call Max Payload Size-related fixup quirks early
- locking/mutex: Fix HANDOFF condition
- regmap: fix the offset of register error log
- sched/deadline: Fix reset_on_fork reporting of DL tasks
- power: supply: axp288_fuel_gauge: Report register-address on readb /
writeb errors
- sched/deadline: Fix missing clock update in migrate_task_rq_dl()
- hrtimer: Avoid double reprogramming in __hrtimer_start_range_ns()
- udf: Check LVID earlier
- isofs: joliet: Fix iocharset=utf8 mount option
- bcache: add proper error unwinding in bcache_device_init
- nvme-rdma: don't update queue count when failing to set io queues
- [x86] power: supply: max17042_battery: fix typo in MAx17042_TOFF
- [s390x] cio: add dev_busid sysfs entry for each subchannel
- libata: fix ata_host_start()
- [x86] crypto: qat - do not ignore errors from enable_vf2pf_comms()
- [x86] crypto: qat - handle both source of interrupt in VF ISR
- [x86] crypto: qat - fix reuse of completion variable
- [x86] crypto: qat - fix naming for init/shutdown VF to PF notifications
- [x86] crypto: qat - do not export adf_iov_putmsg()
- fcntl: fix potential deadlock for &fasync_struct.fa_lock
- udf_get_extendedattr() had no boundary checks.
- lib/mpi: use kcalloc in mpi_resize
- [x86] crypto: qat - use proper type for vf_mask
- media: dvb-usb: fix uninit-value in dvb_usb_adapter_dvb_init
- media: dvb-usb: fix uninit-value in vp702x_read_mac_addr
- media: go7007: remove redundant initialization
- Bluetooth: sco: prevent information leak in sco_conn_defer_accept()
- tcp: seq_file: Avoid skipping sk during tcp_seek_last_pos
- media: em28xx-input: fix refcount bug in em28xx_usb_disconnect
- [arm64] media: venus: venc: Fix potential null pointer dereference on
pointer fmt
- PCI: PM: Avoid forcing PCI_D0 for wakeup reasons inconsistently
- PCI: PM: Enable PME if it can be signaled from D3cold
- Bluetooth: increase BTNAMSIZ to 21 chars to fix potential buffer overflow
- [arm64] drm/msm/dpu: make dpu_hw_ctl_clear_all_blendstages clear necessary
LMs
- Bluetooth: fix repeated calls to sco_sock_kill
- [arm64] drm/msm/dsi: Fix some reference counted resource leaks
- [armhf] usb: phy: twl6030: add IRQ checks
- Bluetooth: Move shutdown callback before flushing tx and rx queue
- mac80211: Fix insufficient headroom issue for AMSDU
- Bluetooth: add timeout sanity check to hci_inquiry
- [armhf] i2c: s3c2410: fix IRQ check
- [arm64,armhf] mmc: dw_mmc: Fix issue with uninitialized dma_slave_config
- CIFS: Fix a potencially linear read overflow
- [arm*] usb: ehci-orion: Handle errors of clk_prepare_enable() in probe
- ath6kl: wmi: fix an error code in ath6kl_wmi_sync_point()
- bcma: Fix memory leak for internally-handled cores
- ipv4: make exception cache less predictible
- net: sched: Fix qdisc_rate_table refcount leak when get tcf_block failed
- ipv4: fix endianness issue in inet_rtm_getroute_build_skb()
- netns: protect netns ID lookups with RCU
- fscrypt: add fscrypt_symlink_getattr() for computing st_size
- ext4: report correct st_size for encrypted symlinks
- f2fs: report correct st_size for encrypted symlinks
- ubifs: report correct st_size for encrypted symlinks
- tty: Fix data race between tiocsti() and flush_to_ldisc()
- [x86] KVM: Update vCPU's hv_clock before back to guest when tsc_offset is
adjusted
- fbmem: don't allow too huge resolutions
- [arm64,armhf] backlight: pwm_bl: Improve bootloader/kernel device handover
- [armel] clk: kirkwood: Fix a clocking boot regression
- btrfs: reset replace target device to allocation state on close
- blk-zoned: allow zone management send operations without CAP_SYS_ADMIN
- blk-zoned: allow BLKREPORTZONE without CAP_SYS_ADMIN
- PCI/MSI: Skip masking MSI-X on Xen PV
- [powerpc*] perf/hv-gpci: Fix counter value parsing
- xen: fix setting of max_pfn in shared_info
- 9p/xen: Fix end of loop tests for list_for_each_entry
- bpf/verifier: per-register parent pointers
- bpf: correct slot_type marking logic to allow more stack slot sharing
- bpf: Support variable offset stack access from helpers
- bpf: Reject indirect var_off stack access in raw mode
- bpf: Reject indirect var_off stack access in unpriv mode
- bpf: Sanity check max value for var_off stack access
- bpf: track spill/fill of constants
- bpf: Introduce BPF nospec instruction for mitigating Spectre v4
(CVE-2021-34556, CVE-2021-35477)
- bpf: Fix leakage due to insufficient speculative store bypass mitigation
(CVE-2021-34556, CVE-2021-35477)
- bpf: verifier: Allocate idmap scratch in verifier env
- bpf: Fix pointer arithmetic mask tightening under state pruning
- [arm64] head: avoid over-mapping in map_memory
- block: bfq: fix bfq_set_next_ioprio_data()
- [x86] power: supply: max17042: handle fails of reading status register
- dm crypt: Avoid percpu_counter spinlock contention in crypt_page_alloc()
- [x86] VMCI: fix NULL pointer dereference when unmapping queue pair
- media: uvc: don't do DMA on stack
- media: rc-loopback: return number of emitters rather than error
- libata: add ATA_HORKAGE_NO_NCQ_TRIM for Samsung 860 and 870 SSDs
- PCI: Restrict ASMedia ASM1062 SATA Max Payload Size Supported
- PCI: Return ~0 data on pciconfig_read() CAP_SYS_ADMIN failure
- [arm64] PCI: xilinx-nwl: Enable the clock through CCF
- [arm64] PCI: aardvark: Increase polling delay to 1.5s while waiting for
PIO response
- [arm64] PCI: aardvark: Fix masking and unmasking legacy INTx interrupts
- HID: input: do not report stylus battery state as "full"
- RDMA/iwcm: Release resources if iw_cm module initialization fails
- docs: Fix infiniband uverbs minor number
- [armhf] pinctrl: samsung: Fix pinctrl bank pin count
- [powerpc*] stacktrace: Include linux/delay.h
- [arm64,armhf] pinctrl: single: Fix error return code in
pcs_parse_bits_in_pinctrl_entry()
- scsi: qedi: Fix error codes in qedi_alloc_global_queues()
- [x86] platform/x86: dell-smbios-wmi: Add missing kfree in error-exit from
run_smbios_call
- fscache: Fix cookie key hashing
- f2fs: fix to account missing .skipped_gc_rwsem
- f2fs: fix to unmap pages from userspace process in punch_hole()
- [mips*] Malta: fix alignment of the devicetree buffer
- userfaultfd: prevent concurrent API initialization
- media: dib8000: rewrite the init prbs logic
- PCI: Use pci_update_current_state() in pci_enable_device_flags()
- tipc: keep the skb in rcv queue until the whole data is read
- video: fbdev: kyro: fix a DoS bug by restricting user input
- netlink: Deal with ESRCH error in nlmsg_notify()
- usb: gadget: u_ether: fix a potential null pointer dereference
- usb: gadget: composite: Allow bMaxPower=0 if self-powered
- tty: serial: jsm: hold port lock when reporting modem line changes
- video: fbdev: kyro: Error out if 'pixclock' equals zero
- ipv4: ip_output.c: Fix out-of-bounds warning in ip_copy_addrs()
- flow_dissector: Fix out-of-bounds warnings
- [s390x] jump_label: print real address in a case of a jump label bug
- serial: 8250: Define RX trigger levels for OxSemi 950 devices
- serial: 8250_pci: make setup_port() parameters explicitly unsigned
- Bluetooth: skip invalid hci_sync_conn_complete_evt
- bonding: 3ad: fix the concurrency between __bond_release_one() and
bond_3ad_state_machine_handler()
- [x86] ASoC: Intel: bytcr_rt5640: Move "Platform Clock" routes to the maps
for the matching in-/output
- media: v4l2-dv-timings.c: fix wrong condition in two for-loops
- [armhf] dts: imx53-ppd: Fix ACHC entry
- [arm64] dts: qcom: sdm660: use reg value for memory node
- [arm64] net: ethernet: stmmac: Do not use unreachable() in
ipq806x_gmac_probe()
- Bluetooth: schedule SCO timeouts with delayed_work
- Bluetooth: avoid circular locks in sco_sock_connect
- gpu: drm: amd: amdgpu: amdgpu_i2c: fix possible uninitialized-variable
access in amdgpu_i2c_router_select_ddc_port()
- Bluetooth: Fix handling of LE Enhanced Connection Complete
- tcp: enable data-less, empty-cookie SYN with TFO_SERVER_COOKIE_NOT_REQD
- rpc: fix gss_svc_init cleanup on failure
- [x86] staging: rts5208: Fix get_ms_information() heap buffer size
- gfs2: Don't call dlm after protocol is unmounted
- of: Don't allow __of_attached_node_sysfs() without CONFIG_SYSFS
- [arm64] mmc: sdhci-of-arasan: Check return value of non-void funtions
- mmc: rtsx_pci: Fix long reads when clock is prescaled
- mmc: core: Return correct emmc response in case of ioctl error
- cifs: fix wrong release in sess_alloc_buffer() failed path
- Revert "USB: xhci: fix U1/U2 handling for hardware with XHCI_INTEL_HOST
quirk set"
- [armhf] usb: musb: musb_dsps: request_irq() after initializing musb
- usbip: give back URBs for unsent unlink requests during cleanup
- usbip:vhci_hcd USB port can get stuck in the disabled state
- [arm64,armhf] ASoC: rockchip: i2s: Fix regmap_ops hang
- [arm64,armhf] ASoC: rockchip: i2s: Fixup config for DAIFMT_DSP_A/B
- parport: remove non-zero check on count
- ath9k: fix OOB read ar9300_eeprom_restore_internal
- ath9k: fix sleeping in atomic context
- ovl: fix BUG_ON() in may_delete() when called from ovl_cleanup()
- [x86] scsi: BusLogic: Fix missing pr_cont() use
- scsi: qla2xxx: Sync queue idx with queue_pair_map idx
- [powerpc*] cpufreq: powernv: Fix init_chip_info initialization in numa=off
- mm/hugetlb: initialize hugetlb_usage in mm_init
- memcg: enable accounting for pids in nested pid namespaces
- [arm64,armhf] platform/chrome: cros_ec_proto: Send command again when
timeout occurs
- drm/amdgpu: Fix BUG_ON assert
- dm thin metadata: Fix use-after-free in dm_bm_set_read_only
- [x86] xen: reset legacy rtc flag for PV domU
- bnx2x: Fix enabling network interfaces without VFs
- [arm64] sve: Use correct size when reinitialising SVE state
- PM: base: power: don't try to use non-existing RTC for storing data
- PCI: Add AMD GPU multi-function power dependencies
- [x86] mm: Fix kern_addr_valid() to cope with existing but not present
entries
- tipc: fix an use-after-free issue in tipc_recvmsg
- dccp: don't duplicate ccid when cloning dccp sock (CVE-2020-16119)
- net/l2tp: Fix reference count leak in l2tp_udp_recv_core
- r6040: Restore MDIO clock frequency after MAC reset
- tipc: increase timeout in tipc_sk_enqueue()
- net/mlx5: Fix potential sleeping in atomic context
- events: Reuse value read using READ_ONCE instead of re-reading it
- net/af_unix: fix a data-race in unix_dgram_poll
- [arm64,armhf] net: dsa: destroy the phylink instance on any error in
dsa_slave_phy_setup
- tcp: fix tp->undo_retrans accounting in tcp_sacktag_one()
- qed: Handle management FW error
- [arm64] net: hns3: pad the short tunnel frame before sending to hardware
- mm/memory_hotplug: use "unsigned long" for PFN in zone_for_pfn_range()
- [s390x] KVM: index kvm->arch.idle_mask by vcpu_idx
- dt-bindings: mtd: gpmc: Fix the ECC bytes vs. OOB bytes equation
- [armhf] mfd: Don't use irq_create_mapping() to resolve a mapping
- PCI: Add ACS quirks for Cavium multi-function devices
- net: usb: cdc_mbim: avoid altsetting toggling for Telit LN920
- block, bfq: honor already-setup queue merges
- ethtool: Fix an error code in cxgb2.c
- mfd: axp20x: Update AXP288 volatile ranges
- PCI: Fix pci_dev_str_match_path() alloc while atomic bug
- [arm64] KVM: Handle PSCI resets before userspace touches vCPU state
- mtd: rawnand: cafe: Fix a resource leak in the error handling path of
'cafe_nand_probe()'
- [armhf] net: dsa: b53: Fix calculating number of switch ports
- netfilter: socket: icmp6: fix use-after-scope
- fq_codel: reject silly quantum parameters
- qlcnic: Remove redundant unlock in qlcnic_pinit_from_rom
- ip_gre: validate csum_start only on pull
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.208
- [s390x] bpf: Fix optimizing out zero-extensions
- KVM: remember position in kvm->vcpus array
- rcu: Fix missed wakeup of exp_wq waiters
- apparmor: remove duplicate macro list_entry_is_head()
- tracing/kprobe: Fix kprobe_on_func_entry() modification
- sctp: validate chunk size in __rcv_asconf_lookup (CVE-2021-3655)
- sctp: add param size validation for SCTP_PARAM_SET_PRIMARY (CVE-2021-3655)
- dmaengine: acpi: Avoid comparison GSI with Linux vIRQ
- [armhf] thermal/drivers/exynos: Fix an error code in exynos_tmu_probe()
- 9p/trans_virtio: Remove sysfs file on probe failure
- prctl: allow to setup brk for et_dyn executables
- nilfs2: use refcount_dec_and_lock() to fix potential UAF
- profiling: fix shift-out-of-bounds bugs
- drivers: base: cacheinfo: Get rid of DEFINE_SMP_CALL_CACHE_FUNCTION()
- ceph: lockdep annotations for try_nonblocking_invalidate
- nilfs2: fix memory leak in nilfs_sysfs_create_device_group
- nilfs2: fix NULL pointer in nilfs_##name##_attr_release
- nilfs2: fix memory leak in nilfs_sysfs_create_##name##_group
- nilfs2: fix memory leak in nilfs_sysfs_delete_##name##_group
- nilfs2: fix memory leak in nilfs_sysfs_create_snapshot_group
- nilfs2: fix memory leak in nilfs_sysfs_delete_snapshot_group
- [arm64,armhf] pwm: rockchip: Don't modify HW state in .remove() callback
- blk-throttle: fix UAF by deleteing timer in blk_throtl_exit()
- drm/nouveau/nvkm: Replace -ENOSYS with -ENODEV
[ Salvatore Bonaccorso ]
* [rt] Update to 4.19.195-rt82
* [rt] Update to 4.19.196-rt83
* Bump ABI to 18
* [rt] Update to 4.19.197-rt84
* Refresh "fs: Add MODULE_SOFTDEP declarations for hard-coded crypto drivers"
* [rt] Update to 4.19.198-rt85
* Refresh "scsi: hisi_sas: Create separate host attributes per HBA"
* [rt] Update to 4.19.199-rt86
* [rt] Update to 4.19.206-rt87
* [rt] Update to 4.19.207-rt88
* hso: fix bailout in error case of probe
* usb: hso: fix error handling code of hso_create_net_device (CVE-2021-37159)
* usb: hso: remove the bailout parameter
-- Salvatore Bonaccorso <email address hidden> Wed, 29 Sep 2021 20:53:57 +0200
-
linux (4.19.194-3) buster-security; urgency=high
* [x86] KVM: SVM: Periodically schedule when unregistering regions on destroy
(CVE-2020-36311)
* can: bcm: fix infoleak in struct bcm_msg_head (CVE-2021-34693)
* can: bcm: delay release of struct bcm_op after synchronize_rcu()
(CVE-2021-3609)
* seq_file: Disallow extremely large seq buffer allocations (CVE-2021-33909)
-- Salvatore Bonaccorso <email address hidden> Sun, 18 Jul 2021 08:52:00 +0200
-
linux (4.19.194-1) buster; urgency=medium
* New upstream stable update:
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.182
- [arm64] KVM: nvhe: Save the SPE context early
- [armhf] net: dsa: b53: Support setting learning on port
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.183
- ALSA: hda: generic: Fix the micmute led init state
- Revert "PM: runtime: Update device status before letting suppliers
suspend"
- vmlinux.lds.h: Create section for protection against instrumentation
- btrfs: fix race when cloning extent buffer during rewind of an old root
(CVE-2021-28964)
- btrfs: fix slab cache flags for free space tree bitmap
- [armhf] ASoC: fsl_ssi: Fix TDM slot setup for I2S mode
- nvmet: don't check iosqes,iocqes for discovery controllers
- NFSD: Repair misuse of sv_lock in 5.10.16-rt30.
- svcrdma: disable timeouts on rdma backchannel
- sunrpc: fix refcount leak for rpc auth modules
- scsi: lpfc: Fix some error codes in debugfs
- nvme-rdma: fix possible hang when failing to set io queues
- [powerpc*] Force inlining of cpu_has_feature() to avoid build failure
- usb-storage: Add quirk to defeat Kindle's automatic unload
- usbip: Fix incorrect double assignment to udc->ud.tcp_rx
- USB: replace hardcode maximum usb string length by definition
- usb: gadget: configfs: Fix KASAN use-after-free
- [arm64] iio:adc:qcom-spmi-vadc: add default scale to LR_MUX2_BAT_ID
channel
- iio: hid-sensor-prox: Fix scale not correct issue
- [powerpc*] PCI: rpadlpar: Fix potential drc_name corruption in store
functions (CVE-2021-28972)
- [x86] perf/x86/intel: Fix a crash caused by zero PEBS status
(CVE-2021-28971)
- [x86] ioapic: Ignore IRQ2 again
- kernel, fs: Introduce and use set_restart_fn() and arch_set_restart_data()
- [x86] Move TS_COMPAT back to asm/thread_info.h
- [x86] Introduce TS_COMPAT_RESTART to fix get_nr_restart_syscall()
- ext4: find old entry again if failed to rename whiteout
- ext4: do not try to set xattr into ea_inode if value is empty
- ext4: fix potential error in ext4_do_update_inode
- genirq: Disable interrupts for force threaded handlers
- [x86] apic/of: Fix CPU devicetree-node lookups
- cifs: Fix preauth hash corruption
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.184
- [armhf] net: fec: ptp: avoid register access when ipg clock is disabled
- [powerpc*] 4xx: Fix build errors from mfdcr()
- atm: eni: dont release is never initialized
- atm: lanai: dont run lanai_dev_close if not open
- Revert "r8152: adjust the settings about MAC clock speed down for RTL8153"
- ixgbe: Fix memleak in ixgbe_configure_clsu32
- net: tehuti: fix error return code in bdx_probe()
- sun/niu: fix wrong RXMAC_BC_FRM_CNT_COUNT count
- gianfar: fix jumbo packets+napi+rx overrun crash (CVE-2021-29264)
- gpiolib: acpi: Add missing IRQF_ONESHOT
- nfs: fix PNFS_FLEXFILE_LAYOUT Kconfig default
- NFS: Correct size calculation for create reply length
- [arm64] net: hisilicon: hns: fix error return code of
hns_nic_clear_all_rx_fetch()
- [x86] atm: uPD98402: fix incorrect allocation
- atm: idt77252: fix null-ptr-dereference
- u64_stats,lockdep: Fix u64_stats_init() vs lockdep
- nfs: we don't support removing system.nfs4_acl
- block: Suppress uevent for hidden device when removed
- [arm64] netsec: restore phy power state after controller reset
- [x86] platform/x86: intel-vbtn: Stop reporting SW_DOCK events
- squashfs: fix inode lookup sanity checks
- squashfs: fix xattr id and id lookup sanity checks
- dm ioctl: fix out of bounds array access when no devices
(CVE-2021-31916)
- [armhf] bus: omap_l3_noc: mark l3 irqs as IRQF_NO_THREAD
- veth: Store queue_mapping independently of XDP prog presence
- libbpf: Fix INSTALL flag order
- macvlan: macvlan_count_rx() needs to be aware of preemption
- [armhf] net: dsa: bcm_sf2: Qualify phydev->dev_flags based on port
- e1000e: add rtnl_lock() to e1000_reset_task
- e1000e: Fix error handling in e1000_set_d0_lplu_state_82571
- net/qlcnic: Fix a use after free in qlcnic_83xx_get_minidump_template
- netfilter: ctnetlink: fix dump of the expect mask attribute
- can: peak_usb: add forgotten supported devices
- [armhf] can: flexcan: flexcan_chip_freeze(): fix chip freeze for missing
bitrate
- mac80211: fix rate mask reset
- net: cdc-phonet: fix data-interface release on probe failure
- [arm64,armhf] net: stmmac: dwmac-sun8i: Provide TX and RX fifo sizes
- [arm64] drm/msm: fix shutdown hook in case GPU components failed to bind
- net/mlx5e: Fix error path for ethtool set-priv-flag
- RDMA/cxgb4: Fix adapter LE hash errors while destroying ipv6 listening
server
- bpf: Don't do bpf_cgroup_storage_set() for kuprobe/tp programs
- Revert "netfilter: x_tables: Switch synchronization to RCU"
- netfilter: x_tables: Use correct memory barriers. (CVE-2021-29650)
- Revert "netfilter: x_tables: Update remaining dereference to RCU"
- ACPI: scan: Rearrange memory allocation in acpi_device_add()
- ACPI: scan: Use unique number for instance_no
- dm verity: add root hash pkcs#7 signature verification
- scsi: qedi: Fix error return code of qedi_alloc_global_queues()
- scsi: mpt3sas: Fix error return code of mpt3sas_base_attach()
- locking/mutex: Fix non debug version of mutex_lock_io_nested()
- can: dev: Move device back to init netns on owning netns delete
- net: sched: validate stab values
- net: qrtr: fix a kernel-infoleak in qrtr_recvmsg() (CVE-2021-29647)
- mac80211: fix double free in ibss_leave
- ext4: add reclaim checks to xattr code
- can: peak_usb: Revert "can: peak_usb: add forgotten supported devices"
- xen-blkback: don't leak persistent grants from xen_blkbk_map()
(CVE-2021-28688)
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.185
- selinux: vsock: Set SID for socket returned by accept()
- tcp: relookup sock for RST+ACK packets handled by obsolete req sock
- ipv6: weaken the v4mapped source check
- ext4: fix bh ref count on error paths
- rpc: fix NULL dereference on kmalloc failure
- ASoC: rt5640: Fix dac- and adc- vol-tlv values being off by a factor of 10
- [x86] ASoC: rt5651: Fix dac- and adc- vol-tlv values being off by a factor
of 10
- [armhf] ASoC: sgtl5000: set DAP_AVC_CTRL register to correct default value
on probe
- [x86] ASoC: es8316: Simplify adc_pga_gain_tlv table
- vhost: Fix vhost_vq_reset()
- scsi: st: Fix a use after free in st_open()
- scsi: qla2xxx: Fix broken #endif placement
- [x86] staging: comedi: cb_pcidas: fix request_irq() warn
- [x86] staging: comedi: cb_pcidas64: fix request_irq() warn
- thermal/core: Add NULL pointer check before using cooling device stats
- locking/ww_mutex: Simplify use_ww_ctx & ww_ctx handling
- ext4: do not iput inode under running transaction in ext4_rename()
- brcmfmac: clear EAP/association status bits on linkdown events
- ath10k: hold RCU lock when calling ieee80211_find_sta_by_ifaddr()
- [amd64] net: ethernet: aquantia: Handle error cleanup of start on open
- appletalk: Fix skb allocation size in loopback case
- [x86] net: wan/lmc: unregister device when no matching device is found
- bpf: Remove MTU check in __bpf_skb_max_len
- ALSA: usb-audio: Apply sample rate quirk to Logitech Connect
- ALSA: hda/realtek: fix a determine_headset_type issue for a Dell AIO
- ALSA: hda/realtek: call alc_update_headset_mode() in hp_automute_hook
- PM: runtime: Fix race getting/putting suppliers at probe
- PM: runtime: Fix ordering in pm_runtime_get_suppliers()
- tracing: Fix stack trace event size
- mm: fix race by making init_zero_pfn() early_initcall
- drm/amdgpu: fix offset calculation in amdgpu_vm_bo_clear_mappings()
- drm/amdgpu: check alignment on CPU page for bo map
- reiserfs: update reiserfs_xattrs_initialized() condition
- [arm64,armhf] pinctrl: rockchip: fix restore error in resume
- extcon: Add stubs for extcon_register_notifier_all() functions
- extcon: Fix error handling in extcon_dev_register
- firewire: nosy: Fix a use-after-free bug in nosy_ioctl() (CVE-2021-3483)
- usbip: vhci_hcd fix shift out-of-bounds in vhci_hub_control()
- USB: quirks: ignore remote wake-up on Fibocom L850-GL LTE modem
- [arm64,armhf] usb: musb: Fix suspend with devices connected for a64
- cdc-acm: fix BREAK rx code path adding necessary calls
- USB: cdc-acm: untangle a circular dependency between callback and softint
- USB: cdc-acm: downgrade message to debug
- USB: cdc-acm: fix double free on probe failure
- USB: cdc-acm: fix use-after-free after probe failure
- [i386] usb: gadget: udc: amd5536udc_pci fix null-ptr-dereference
- [arm*] usb: dwc2: Fix HPRT0.PrtSusp bit setting for HiKey 960 board.
- [x86] staging: rtl8192e: Fix incorrect source in memcpy()
- staging: rtl8192e: Change state information from u16 to u8
- drivers: video: fbcon: fix NULL dereference in fbcon_cursor()
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.186
- [armhf] bus: ti-sysc: Fix warning on unbind if reset is not deasserted
- [x86] platform/x86: intel-hid: Support Lenovo ThinkPad X1 Tablet Gen 2
- mISDN: fix crash in fritzpci
- mac80211: choose first enabled channel for monitor
- [arm64] drm/msm: Ratelimit invalid-fence message
- [x86] platform/x86: thinkpad_acpi: Allow the FnLock LED to change state
- scsi: target: pscsi: Clean up after failure in pscsi_map_sg()
- cifs: revalidate mapping when we open files for SMB1 POSIX
- cifs: Silently ignore unknown oplock break handle
- [amd64] bpf, x86: Validate computation of branch displacements for x86-64
(CVE-2021-29154)
- [i386] bpf, x86: Validate computation of branch displacements for x86-32
(CVE-2021-29154)
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.187
- ALSA: aloop: Fix initialization of controls
- [x86] ASoC: intel: atom: Stop advertising non working S24LE support
- nfc: fix refcount leak in llcp_sock_bind() (CVE-2020-25670)
- nfc: fix refcount leak in llcp_sock_connect() (CVE-2020-25671)
- nfc: fix memory leak in llcp_sock_connect() (CVE-2020-25672)
- nfc: Avoid endless loops caused by repeated llcp_sock_connect()
- xen/evtchn: Change irq_info lock to raw_spinlock_t
- net: ipv6: check for validity before dereferencing cfg->fc_nlinfo.nlh
- ocfs2: fix deadlock between setattr and dio_end_io_write
- fs: direct-io: fix missing sdio->boundary
- [armhf] dts: turris-omnia: configure LED[2]/INTn pin as interrupt pin
- batman-adv: initialize "struct batadv_tvlv_tt_vlan_data"->reserved field
- ice: Increase control queue timeout
- net: hso: fix null-ptr-deref during tty device unregistration
- net: ensure mac header is set in virtio_net_hdr_to_skb()
- net: sched: sch_teql: fix null-pointer dereference
- net-ipv6: bugfix - raw & sctp - switch to ipv6_can_nonlocal_bind()
- usbip: add sysfs_lock to synchronize sysfs code paths
- usbip: stub-dev synchronize sysfs code paths
- usbip: vudc synchronize sysfs code paths
- usbip: synchronize event handler with sysfs code paths
- i2c: turn recovery error on init to debug
- virtio_net: Add XDP meta data support
- xfrm: interface: fix ipv4 pmtu check to honor ip header df
- net: xfrm: Localize sequence counter per network namespace
- i40e: Added Asym_Pause to supported link modes
- i40e: Fix kernel oops when i40e driver removes VF's
- sch_red: fix off-by-one checks in red_check_params()
- cxgb4: avoid collecting SGE_QBASE regs during traffic
- net:tipc: Fix a double free in tipc_sk_mcast_rcv
- [armhf] ASoC: sunxi: sun4i-codec: fill ASoC card owner
- clk: fix invalid usage of list cursor in register
- clk: fix invalid usage of list cursor in unregister
- workqueue: Move the position of debug_work_activate() in __queue_work()
- [s390x] cpcmd: fix inline assembly register clobbering
- net/mlx5: Fix placement of log_max_flow_counter
- net/mlx5: Fix PBMC register mapping
- RDMA/cxgb4: check for ipv6 address properly while destroying listener
- [armhf] clk: socfpga: fix iomem pointer cast on 64-bit
- net: sched: bump refcount for new action in ACT replace mode
- cfg80211: remove WARN_ON() in cfg80211_sme_connect
- net: tun: set tun->dev->addr_len during TUNSETLINK processing
- drivers: net: fix memory leak in atusb_probe
- drivers: net: fix memory leak in peak_usb_create_dev
- net: mac802154: Fix general protection fault
- net: ieee802154: nl-mac: fix check on panid
- net: ieee802154: fix nl802154 del llsec key
- net: ieee802154: fix nl802154 del llsec dev
- net: ieee802154: fix nl802154 add llsec key
- net: ieee802154: fix nl802154 del llsec devkey
- net: ieee802154: forbid monitor for set llsec params
- net: ieee802154: forbid monitor for del llsec seclevel
- net: ieee802154: stop dump llsec params for monitors
- Revert "cifs: Set CIFS_MOUNT_USE_PREFIX_PATH flag on setting
cifs_sb->prepath." (Closes: #988352)
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.188
- [arm64] KVM: Hide system instruction access to Trace registers
- [arm64] KVM: Disable guest access to trace filter controls
- [armhf] drm/imx: imx-ldb: fix out of bounds array access warning
- gfs2: report "already frozen/thawed" errors
- [arm64,armhf] drm/tegra: dc: Don't set PLL clock to 0Hz
- block: only update parent bi_status when bio fail
- net: phy: broadcom: Only advertise EEE for supported modes
- staging: m57621-mmc: delete driver from the tree. (Closes: #986949)
- netfilter: x_tables: fix compat match/target pad out-of-bound write
- driver core: Fix locking bug in deferred_probe_timeout_work_func()
- xen/events: fix setting irq affinity
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.189
- net/sctp: fix race condition in sctp_destroy_sock
- gpio: sysfs: Obey valid_mask
- neighbour: Disregard DEAD dst in neigh_update
- [arm64] drm/msm: Fix a5xx/a6xx timestamps
- scsi: scsi_transport_srp: Don't block target in SRP_PORT_LOST state
- net: ieee802154: stop dump llsec keys for monitors
- net: ieee802154: stop dump llsec devs for monitors
- net: ieee802154: forbid monitor for add llsec dev
- net: ieee802154: stop dump llsec devkeys for monitors
- net: ieee802154: forbid monitor for add llsec devkey
- net: ieee802154: stop dump llsec seclevels for monitors
- net: ieee802154: forbid monitor for add llsec seclevel
- pcnet32: Use pci_resource_len to validate PCI resource
- mac80211: clear sta->fast_rx when STA removed from 4-addr VLAN
- HID: wacom: set EV_KEY and EV_ABS only for non-HID_GENERIC type of devices
- readdir: make sure to verify directory entry for legacy interfaces too
- [arm64] fix inline asm in load_unaligned_zeropad()
- [arm64] alternatives: Move length validation in alternative_{insn, endif}
- scsi: libsas: Reset num_scatter if libata marks qc as NODATA
- netfilter: conntrack: do not print icmpv6 as unknown via /proc
- netfilter: nft_limit: avoid possible divide error in nft_limit_init
- net: sit: Unregister catch-all devices
- net: ip6_tunnel: Unregister catch-all devices
- i40e: fix the panic when running bpf in xdpdrv mode
- [armel,armhf] 9071/1: uprobes: Don't hook on thumb instructions
- net: phy: marvell: fix detection of PHY on Topaz switches
- gup: document and work around "COW can break either way" issue
(CVE-2020-29374)
- [x86] pinctrl: lewisburg: Update number of pins in community
- locking/qrwlock: Fix ordering in queued_write_lock_slowpath()
- [x86] perf/x86/intel/uncore: Remove uncore extra PCI dev HSWEP_PCI_PCU_3
- HID: alps: fix error return code in alps_input_configured()
- HID: wacom: Assign boolean values to a bool variable
- net: geneve: check skb is large enough for IPv4/IPv6 header
- [s390x] entry: save the caller of psw_idle
- xen-netback: Check for hotplug-status existence before watching
- [x86] crash: Fix crash_setup_memmap_entries() out-of-bounds access
- net: hso: fix NULL-deref on disconnect regression
- USB: CDC-ACM: fix poison/unpoison imbalance
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.190
- [x86] ACPI: tables: x86: Reserve memory occupied by ACPI tables
- [x86] ACPI: x86: Call acpi_boot_table_init() after acpi_table_upgrade()
- net: usb: ax88179_178a: initialize local variables before use
- iwlwifi: Fix softirq/hardirq disabling in iwl_pcie_enqueue_hcmd()
- [mips*] Do not include hi and lo in clobber list for R6
- bpf: Fix masking negation logic upon negative dst register
(CVE-2021-31829)
- iwlwifi: Fix softirq/hardirq disabling in iwl_pcie_gen2_enqueue_hcmd()
- ALSA: usb-audio: Add MIDI quirk for Vox ToneLab EX
- USB: Add LPM quirk for Lenovo ThinkPad USB-C Dock Gen2 Ethernet
- USB: Add reset-resume quirk for WD19's Realtek Hub
- [x86] platform/x86: thinkpad_acpi: Correct thermal sensor allocation
- ovl: allow upperdir inside lowerdir
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.191
- [s390x] disassembler: increase ebpf disasm buffer size
- ftrace: Handle commands when closing set_ftrace_filter file
- ecryptfs: fix kernel panic with null dev_name
- [armhf] spi: spi-ti-qspi: Free DMA resources
- scsi: qla2xxx: Fix crash in qla2xxx_mqueuecommand()
- mmc: sdhci-pci: Fix initialization of some SD cards for Intel BYT-based
controllers
- mmc: block: Update ext_csd.cache_ctrl if it was written
- mmc: block: Issue a cache flush only when it's enabled
- mmc: core: Do a power cycle when the CMD11 fails
- mmc: core: Set read only for SD cards with permanent write protect bit
- cifs: Return correct error code from smb2_get_enc_key
- btrfs: fix metadata extent leak after failure to create subvolume
- [x86] intel_th: pci: Add Rocket Lake CPU support
- fbdev: zero-fill colormap in fbcmap.c
- staging: wimax/i2400m: fix byte-order issue
- crypto: api - check for ERR pointers in crypto_destroy_tfm()
- usb: gadget: uvc: add bInterval checking for HS mode
- [x86] genirq/matrix: Prevent allocation counter corruption
- usb: gadget: f_uac1: validate input parameters
- [arm64,armhf] usb: dwc3: gadget: Ignore EP queue requests during bus reset
- usb: xhci: Fix port minor revision
- PCI: PM: Do not read power state in pci_enable_device_flags()
- [arm64] tee: optee: do not check memref size on return from Secure World
- [arm*] perf/arm_pmu_platform: Fix error handling
- xhci: check control context is valid before dereferencing it.
- xhci: fix potential array out of bounds with several interrupters
- [x86] intel_th: Consistency and off-by-one fix
- [armhf] phy: phy-twl4030-usb: Fix possible use-after-free in
twl4030_usb_remove()
- btrfs: convert logic BUG_ON()'s in replace_path to ASSERT()'s
- scsi: lpfc: Fix incorrect dbde assignment when building target abts wqe
- scsi: lpfc: Fix pt2pt connection does not recover after LOGO
- scsi: target: pscsi: Fix warning in pscsi_complete_cmd()
- [x86] media: ite-cir: check for receive overflow
- power: supply: bq27xxx: fix power_avg for newer ICs
- media: media/saa7164: fix saa7164_encoder_register() memory leak bugs
- media: gspca/sq905.c: fix uninitialized variable
- drm/amdgpu : Fix asic reset regression issue introduce by 8f211fe8ac7c4f
- scsi: qla2xxx: Always check the return value of qla24xx_get_isp_stats()
- scsi: qla2xxx: Fix use after free in bsg
- scsi: scsi_dh_alua: Remove check for ASC 24h in alua_rtpg()
- media: em28xx: fix memory leak
- media: vivid: update EDID
- [armhf] clk: socfpga: arria10: Fix memory leak of socfpga_clk on error
return
- media: dvb-usb: fix memory leak in dvb_usb_adapter_init
- media: gscpa/stv06xx: fix memory leak
- [arm64] drm/msm/mdp5: Configure PP_SYNC_HEIGHT to double the vtotal
- drm/amdgpu: fix NULL pointer dereference
- scsi: lpfc: Fix crash when a REG_RPI mailbox fails triggering a LOGO
response
- scsi: lpfc: Remove unsupported mbox PORT_CAPABILITIES logic
- scsi: libfc: Fix a format specifier
- [s390x] archrandom: add parameter check for s390_arch_random_generate
- [i386] ALSA: emu8000: Fix a use after free in snd_emu8000_create_mixer
- ALSA: hda/conexant: Re-order CX5066 quirk table entries
- [i386] ALSA: sb: Fix two use after free in snd_sb_qsound_build
- ALSA: usb-audio: Explicitly set up the clock selector
- ALSA: usb-audio: More constifications
- ALSA: usb-audio: Add dB range mapping for Sennheiser Communications
Headset PC 8
- ALSA: hda/realtek: Add quirk for Intel Clevo PCx0Dx
- btrfs: fix race when picking most recent mod log operation for an old root
- [arm64] vdso: Discard .note.gnu.property sections in vDSO
- ubifs: Only check replay with inode type to judge if inode linked
- f2fs: fix to avoid out-of-bounds memory access (CVE-2021-3506)
- openvswitch: fix stack OOB read while fragmenting IPv4 packets
- [arm64] ACPI: GTDT: Don't corrupt interrupt mappings on watchdow probe
failure
- NFS: Don't discard pNFS layout segments that are marked for return
- NFSv4: Don't discard segments marked for return in _pnfs_return_layout()
- jffs2: Fix kasan slab-out-of-bounds problem
- [powerpc*] eeh: Fix EEH handling for hugepages in ioremap space.
- [x86] intel_th: pci: Add Alder Lake-M support
- [arm64,x86] tpm: vtpm_proxy: Avoid reading host log when using a virtual
device
- md/raid1: properly indicate failure when ending a failed write request
- dm raid: fix inconclusive reshape layout on fast raid4/5/6 table reload
sequences
- security: commoncap: fix -Wstringop-overread warning
- jffs2: check the validity of dstlen in jffs2_zlib_compress()
- Revert 337f13046ff0 ("futex: Allow FUTEX_CLOCK_REALTIME with FUTEX_WAIT
op")
- posix-timers: Preserve return value in clock_adjtime32()
- [arm64] vdso: remove commas between macro name and arguments
- ext4: fix check to prevent false positive report of incorrect used inodes
- ext4: do not set SB_ACTIVE in ext4_orphan_cleanup()
- ext4: fix error code in ext4_commit_super
- media: dvbdev: Fix memory leak in dvb_media_device_free()
- usb: gadget: Fix double free of device descriptor pointers
- usb: gadget/function/f_fs string table fix for multiple languages
- [arm64,armhf] usb: dwc3: gadget: Fix START_TRANSFER link state check
- [arm*] usb: dwc2: Fix session request interrupt handler
- tty: fix memory leak in vc_deallocate
- tracing: Map all PIDs to command lines
- tracing: Restructure trace_clock_global() to never block
- dm space map common: fix division bug in sm_ll_find_free_block()
- dm rq: fix double free of blk_mq_tag_set in dev remove after table load
fails
- modules: mark ref_module static
- modules: mark find_symbol static
- modules: mark each_symbol_section static
- modules: unexport __module_text_address
- modules: unexport __module_address
- modules: rename the licence field in struct symsearch to license
- modules: return licensing information from find_symbol
- modules: inherit TAINT_PROPRIETARY_MODULE
- Bluetooth: verify AMP hci_chan before amp_destroy (CVE-2021-33034)
- bluetooth: eliminate the potential race condition when removing the HCI
controller (CVE-2021-32399)
- net/nfc: fix use-after-free llcp_sock_bind/connect (CVE-2021-23134)
- FDDI: defxx: Bail out gracefully with unassigned PCI resource for CSR
- misc: lis3lv02d: Fix false-positive WARN on various HP models
- [x86] misc: vmw_vmci: explicitly initialize vmci_notify_bm_set_msg struct
- [x86] misc: vmw_vmci: explicitly initialize vmci_datagram payload
- md/bitmap: wait for external bitmap writes to complete during tear down
- md-cluster: fix use-after-free issue when removing rdev
- md: split mddev_find
- md: factor out a mddev_find_locked helper from mddev_find
- md: md_open returns -EBUSY when entering racing area
- md: Fix missing unused status line of /proc/mdstat
- ipw2x00: potential buffer overflow in libipw_wx_set_encodeext()
- cfg80211: scan: drop entry from hidden_list on overflow
- drm/radeon: fix copy of uninitialized variable back to userspace
- ALSA: hda/realtek: Re-order ALC882 Acer quirk table entries
- ALSA: hda/realtek: Re-order ALC882 Sony quirk table entries
- ALSA: hda/realtek: Re-order ALC882 Clevo quirk table entries
- ALSA: hda/realtek: Re-order ALC269 HP quirk table entries
- ALSA: hda/realtek: Re-order ALC269 Dell quirk table entries
- ALSA: hda/realtek: Re-order ALC269 Sony quirk table entries
- ALSA: hda/realtek: Re-order ALC269 Lenovo quirk table entries
- ALSA: hda/realtek: Remove redundant entry for ALC861 Haier/Uniwill devices
- [x86] cpu: Initialize MSR_TSC_AUX if RDTSCP *or* RDPID is supported
- [s390x] KVM: split kvm_s390_logical_to_effective
- [s390x] KVM: fix guarded storage control register handling
- [s390x] KVM: split kvm_s390_real_to_abs
- ovl: fix missing revert_creds() on error path
- [x86] usb: gadget: pch_udc: Revert d3cb25a12138 completely
- [armhf] memory: gpmc: fix out of bounds read and dereference on gpmc_cs[]
- [armhf] dts: exynos: correct PMIC interrupt trigger level on SMDK5250
- regmap: set debugfs_name to NULL after it is freed
- mtd: Handle possible -EPROBE_DEFER from parse_mtd_partitions()
- [x86] microcode: Check for offline CPUs before requesting new microcode
- [x86] usb: gadget: pch_udc: Replace cpu_to_le32() by lower_32_bits()
- [x86] usb: gadget: pch_udc: Check if driver is present before calling
->setup()
- [x86] usb: gadget: pch_udc: Check for DMA mapping error
- [x86] crypto: qat - don't release uninitialized resources
- [x86] crypto: qat - ADF_STATUS_PF_RUNNING should be set after adf_dev_init
- mtd: require write permissions for locking and badblock ioctls
- [arm64] bus: qcom: Put child node before return
- [x86] crypto: qat - fix error path in adf_isr_resource_alloc()
- [armhf] mtd: rawnand: gpmi: Fix a double free in gpmi_nand_init
- [arm64,armhf] irqchip/gic-v3: Fix OF_BAD_ADDR error handling
- [x86] staging: rtl8192u: Fix potential infinite loop
- spi: Fix use-after-free with devm_spi_alloc_*
- [arm64] soc: qcom: mdt_loader: Validate that p_filesz < p_memsz
- [arm64] soc: qcom: mdt_loader: Detect truncated read of segments
- [amd64,arm64] ACPI: CPPC: Replace cppc_attr with kobj_attribute
- [x86] crypto: qat - Fix a double free in adf_create_ring
- [arm64] cpufreq: armada-37xx: Fix setting TBG parent for load levels
- [arm64] clk: mvebu: armada-37xx-periph: remove .set_parent method for CPU
PM clock
- [arm64] cpufreq: armada-37xx: Fix the AVS value for load L1
- [arm64] clk: mvebu: armada-37xx-periph: Fix switching CPU freq from 250
Mhz to 1 GHz
- [arm64] clk: mvebu: armada-37xx-periph: Fix workaround for switching from
L1 to L0
- [arm64] cpufreq: armada-37xx: Fix driver cleanup when registration failed
- [arm64] cpufreq: armada-37xx: Fix determining base CPU frequency
- USB: cdc-acm: fix unprivileged TIOCCSERIAL
- tty: actually undefine superseded ASYNC flags
- tty: fix return value for unsupported ioctls
- usbip: vudc: fix missing unlock on error in usbip_sockfd_store()
- [x86] platform/x86: pmc_atom: Match all Beckhoff Automation baytrail
boards with critclk_systems DMI table
- [x86] Drivers: hv: vmbus: Increase wait time for VMbus unload
- [arm*] usb: dwc2: Fix host mode hibernation exit with remote wakeup flow.
- [arm*] usb: dwc2: Fix hibernation between host and device modes.
- ttyprintk: Add TTY hangup callback.
- media: vivid: fix assignment of dev->fbuf_out_flags
- media: m88rs6000t: avoid potential out-of-bounds reads on arrays
- [x86] kprobes: Fix to check non boostable prefixes correctly
- sata_mv: add IRQ checks
- ata: libahci_platform: fix IRQ check
- nvme: retrigger ANA log update if group descriptor isn't found
- [arm64] clk: qcom: a53-pll: Add missing MODULE_DEVICE_TABLE
- [powerpc*] scsi: ibmvfc: Fix invalid state machine BUG_ON()
- [armhf] HSI: core: fix resource leaks in hsi_add_client_from_dt()
- [amd64] x86/events/amd/iommu: Fix sysfs type mismatch
- sched/debug: Fix cgroup_path[] serialization
- drivers/block/null_blk/main: Fix a double free in null_init.
- HID: plantronics: Workaround for double volume key presses
- [powerpc*] prom: Mark identical_pvr_fixup as __init
- ALSA: core: remove redundant spin_lock pair in snd_card_disconnect
- bug: Remove redundant condition check in report_bug
- nfc: pn533: prevent potential memory corruption
- [arm64] net: hns3: Limiting the scope of vector_ring_chain variable
- ALSA: usb-audio: Add error checks for usb_driver_claim_interface() calls
- [powerpc*] 64s: Fix pte update for kernel memory on radix
- [powerpc*] perf: Fix PMU constraint check for EBB events
- mac80211: bail out if cipher schemes are invalid
- mt7601u: fix always true expression
- [amd64] IB/hfi1: Fix error return code in parse_platform_config()
- [arm64] net: thunderx: Fix unintentional sign extension issue
- RDMA/srpt: Fix error return code in srpt_cm_req_recv()
- [mips*] pci-legacy: stop using of_pci_range_to_resource
- [powerpc*] pseries: extract host bridge from pci_bus prior to bus removal
- rtlwifi: 8821ae: upgrade PHY and RF parameters
- mwl8k: Fix a double Free in mwl8k_probe_hw
- [x86] vsock/vmci: log once the failed queue pair allocation
- RDMA/i40iw: Fix error unwinding when i40iw_hmc_sd_one fails
- ALSA: usb: midi: don't return -ENOMEM when usb_urb_ep_type_check fails
- [armhf] net: davinci_emac: Fix incorrect masking of tx and rx error
channel
- ath9k: Fix error check in ath9k_hw_read_revisions() for PCI devices
- ath10k: Fix ath10k_wmi_tlv_op_pull_peer_stats_info() unlock without lock
- bnxt_en: fix ternary sign extension bug in bnxt_show_temp()
- net: geneve: modify IP header check in geneve6_xmit_skb and
geneve_xmit_skb
- [arm64] net:emac/emac-mac: Fix a use after free in emac_mac_tx_buf_send
- net:nfc:digital: Fix a double free in digital_tg_recv_dep_req
- mm/sparse: add the missing sparse_buffer_fini() in error branch
- mm/memory-failure: unnecessary amount of unmapping
- net: Only allow init netns to set default tcp cong to a restricted algo
- smp: Fix smp_call_function_single_async prototype
- Revert "net/sctp: fix race condition in sctp_destroy_sock"
- sctp: delay auto_asconf init until binding the first addr (CVE-2021-23133)
- Revert "of/fdt: Make sure no-map does not remove already reserved regions"
- Revert "fdt: Properly handle "no-map" field in the memory region"
- [arm64,x86] tpm: fix error return code in tpm2_get_cc_attrs_tbl()
- fs: dlm: fix debugfs dump
- tipc: convert dest node's address to network order
- [x86] ASoC: Intel: bytcr_rt5640: Enable jack-detect support on Asus
T100TAF
- [arm64] net: stmmac: Set FIFO sizes for ipq806x
- i2c: bail out early when RDWR parameters are wrong
- ALSA: hdsp: don't disable if not enabled
- ALSA: hdspm: don't disable if not enabled
- ALSA: rme9652: don't disable if not enabled
- Bluetooth: Set CONF_NOT_COMPLETE as l2cap_chan default
- Bluetooth: initialize skb_queue_head at l2cap_chan_create()
- net: bridge: when suppression is enabled exclude RARP packets
- Bluetooth: check for zapped sk before connecting
- ip6_vti: proper dev_{hold|put} in ndo_[un]init methods
- [x86] ASoC: Intel: bytcr_rt5640: Add quirk for the Chuwi Hi8 tablet
- i2c: Add I2C_AQ_NO_REP_START adapter quirk
- mac80211: clear the beacon's CRC after channel switch
- [armhf] pinctrl: samsung: use 'int' for register masks in Exynos
- cuse: prevent clone
- sctp: Fix out-of-bounds warning in sctp_process_asconf_param()
- [powerpc*] smp: Set numa node before updating mask
- [x86] ASoC: rt286: Generalize support for ALC3263 codec
- ethtool: ioctl: Fix out-of-bounds warning in
store_link_ksettings_for_user()
- [powerpc*] pseries: Stop calling printk in rtas_stop_self()
- [x86] wl3501_cs: Fix out-of-bounds warnings in wl3501_send_pkt
- [x86] wl3501_cs: Fix out-of-bounds warnings in wl3501_mgmt_join
- [powerpc*] iommu: Annotate nested lock for lockdep
- [x86] ASoC: rt286: Make RT286_SET_GPIO_* readable and writable
- f2fs: fix a redundant call to f2fs_balance_fs if an error occurs
- PCI: Release OF node in pci_scan_device()'s error path
- [armel,armhf] 9064/1: hw_breakpoint: Do not directly check the event's
overflow_handler hook
- [arm64] rpmsg: qcom_glink_native: fix error return code of
qcom_glink_rx_data()
- NFSv4.2: Always flush out writes in nfs42_proc_fallocate()
- NFS: Deal correctly with attribute generation counter overflow
- pNFS/flexfiles: fix incorrect size check in decode_nfs_fh()
- NFSv4.2 fix handling of sr_eof in SEEK's reply
- rtc: ds1307: Fix wday settings for rx8130
- [arm64] net: hns3: disable phy loopback setting in hclge_mac_start_phy
- sctp: do asoc update earlier in sctp_sf_do_dupcook_a
- ethernet:enic: Fix a use after free bug in enic_hard_start_xmit
- sctp: fix a SCTP_MIB_CURRESTAB leak in sctp_sf_do_dupcook_b
- netfilter: xt_SECMARK: add new revision to fix structure layout
- drm/radeon: Fix off-by-one power_state index heap overwrite
- drm/radeon: Avoid power table parsing memory leaks
- khugepaged: fix wrong result value for
trace_mm_collapse_huge_page_isolate()
- mm/hugeltb: handle the error case in hugetlb_fix_reserve_counts()
- ksm: fix potential missing rmap_item for stable_node
- net: fix nla_strcmp to handle more then one trailing null character
- smc: disallow TCP_ULP in smc_setsockopt()
- netfilter: nfnetlink_osf: Fix a missing skb_header_pointer() NULL check
- sched/fair: Fix unfairness caused by missing load decay
- [amd64] kernel: kexec_file: fix error return code of
kexec_calculate_store_digests()
- netfilter: nftables: avoid overflows in nft_hash_buckets()
- i40e: Fix use-after-free in i40e_client_subtask()
- [powerpc*] 64s: Fix crashes when toggling stf barrier
- [powerpc*] 64s: Fix crashes when toggling entry flush barrier
- hfsplus: prevent corruption in shrinking truncate
- squashfs: fix divide error in calculate_skip()
- userfaultfd: release page in error path to avoid BUG_ON
- drm/radeon/dpm: Disable sclk switching on Oland when two 4K 60Hz monitors
are connected
- [arm64,x86] ACPI: scan: Fix a memory leak in an error handling path
- blk-mq: Swap two calls in blk_mq_exit_queue()
- [armhf] usb: dwc3: omap: improve extcon initialization
- [arm64] usb: dwc3: pci: Enable usb2-gadget-lpm-disable for Intel
Merrifield
- [arm*] usb: dwc2: Fix gadget DMA unmap direction
- usb: core: hub: fix race condition about TRSMRCY of resume
- [arm64,armhf] usb: dwc3: gadget: Return success always for kick transfer
in ep queue
- xhci: Do not use GFP_KERNEL in (potentially) atomic context
- xhci: Add reset resume quirk for AMD xhci controller.
- [x86] iio: tsl2583: Fix division by a zero lux_val
- cdc-wdm: untangle a circular dependency between callback and softint
- [x86] KVM: Cancel pvclock_gtod_work on module removal
- thermal/core/fair share: Lock the thermal zone while looping over
instances
- kobject_uevent: remove warning in init_uevent_argv()
- netfilter: conntrack: Make global sysctls readonly in non-init netns
- nvme: do not try to reconfigure APST when the controller is not live
- [x86] msr: Fix wr/rdmsr_safe_regs_on_cpu() prototypes
- usb: sl811-hcd: improve misleading indentation
- cxgb4: Fix the -Wmisleading-indentation warning
- isdn: capi: fix mismatched prototypes
- [arm64] PCI: thunder: Fix compile testing
- [armel,armhf] 9066/1: ftrace: pause/unpause function graph tracer in
cpu_suspend()
- [arm64,x86] ACPI / hotplug / PCI: Fix reference count leak in
enable_slot()
- [arm64] Input: elants_i2c - do not bind to i2c-hid compatible ACPI
instantiated devices
- [armel,armhf] 9075/1: kernel: Fix interrupted SMC calls
- ceph: fix fscache invalidation
- scsi: target: tcmu: Return from tcmu_handle_completions() if cmd_id not
found
- [arm64,x86] gpiolib: acpi: Add quirk to ignore EC wakeups on Dell Venue 10
Pro 5055
- ALSA: hda: generic: change the DAC ctl name for LO+SPK or LO+HP
- block: reexpand iov_iter after read/write
- [arm64,armhf] net: stmmac: Do not enable RX FIFO overflow interrupts
- ip6_gre: proper dev_{hold|put} in ndo_[un]init methods
- sit: proper dev_{hold|put} in ndo_[un]init methods
- ip6_tunnel: sit: proper dev_{hold|put} in ndo_[un]init methods
- ipv6: remove extra dev_hold() for fallback tunnels
- iomap: fix sub-page uptodate handling
- [arm64] KVM: Initialize VCPU mdcr_el2 before loading it
- tweewide: Fix most Shebang lines
- scripts: switch explicitly to Python 3
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.192
- RDMA/rxe: Clear all QP fields if creation failed
- scsi: qla2xxx: Fix error return code in qla82xx_write_flash_dword()
- RDMA/mlx5: Recover from fatal event in dual port mode
- [x86] platform/x86: dell-smbios-wmi: Fix oops on rmmod dell_smbios
- ptrace: make ptrace() fail if the tracee changed its pid unexpectedly
- nvmet: seset ns->file when open fails
- locking/mutex: clear MUTEX_FLAGS if wait_list is empty due to signal
- cifs: fix memory leak in smb2_copychunk_range
- ALSA: dice: fix stream format for TC Electronic Konnekt Live at high
sampling transfer frequency
- ALSA: line6: Fix racy initialization of LINE6 MIDI
- ALSA: dice: fix stream format at middle sampling rate for Alesis iO 26
- ALSA: usb-audio: Validate MS endpoint descriptors
- ALSA: bebob/oxfw: fix Kconfig entry for Mackie d.2 Pro
- [i386] Revert "ALSA: sb8: add a check for request_region"
- ALSA: hda/realtek: reset eapd coeff to default value for alc287
- ALSA: hda/realtek: Add some CLOVE SSIDs of ALC293
- [arm64] Revert "serial: mvebu-uart: Fix to avoid a potential NULL pointer
dereference"
- [x86] xen-pciback: reconfigure also from backend watch handler
- dm snapshot: fix crash with transient storage and zero chunk size
- [x86] Revert "video: hgafb: fix potential NULL pointer dereference"
- [arm64,armhf] Revert "net: stmicro: fix a missing check of clk_prepare"
- [armhf] Revert "leds: lp5523: fix a missing check of return value of
lp55xx_read"
- Revert "hwmon: (lm80) fix a missing check of bus read in lm80 probe"
- Revert "ecryptfs: replace BUG_ON with error handling code"
- Revert "rtlwifi: fix a potential NULL pointer dereference"
- Revert "qlcnic: Avoid potential NULL pointer dereference"
- Revert "niu: fix missing checks of niu_pci_eeprom_read"
- ethernet: sun: niu: fix missing checks of niu_pci_eeprom_read()
- [arm64,armhf] net: stmicro: handle clk_prepare() failure during init
- net: rtlwifi: properly check for alloc_workqueue() failure
- [armhf] leds: lp5523: check return value of lp5xx_read and jump to cleanup
code
- qlcnic: Add null check after calling netdev_alloc_skb
- [x86] video: hgafb: fix potential NULL pointer dereference
- vgacon: Record video mode changes with VT_RESIZEX
- vt: Fix character height handling with VT_RESIZEX
- tty: vt: always invoke vc->vc_sw->con_resize callback
- [x86] video: hgafb: correctly handle card detect failure during probe
- Bluetooth: SMP: Fail if remote and local public keys are identical
(CVE-2020-26558, CVE-2021-0129)
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.193
- mm, vmstat: drop zone->lock in /proc/pagetypeinfo
- [arm64,armhf] usb: dwc3: gadget: Enable suspend events
- NFC: nci: fix memory leak in nci_allocate_device
- cifs: set server->cipher_type to AES-128-CCM for SMB3.0
- NFSv4: Fix a NULL pointer dereference in pnfs_mark_matching_lsegs_return()
- [amd64] iommu/vt-d: Fix sysfs leak in alloc_iommu()
- proc: Check /proc/$pid/attr/ writes against file opener
- net: hso: fix control-request directions
- mac80211: assure all fragments are encrypted (CVE-2020-26147)
- mac80211: prevent mixed key and fragment cache attacks (CVE-2020-24586,
CVE-2020-24587)
- mac80211: properly handle A-MSDUs that start with an RFC 1042 header
- cfg80211: mitigate A-MSDU aggregation attacks (CVE-2020-24588)
- mac80211: drop A-MSDUs on old ciphers (CVE-2020-24588)
- mac80211: add fragment cache to sta_info
- mac80211: check defrag PN against current frame
- mac80211: prevent attacks on TKIP/WEP as well
- mac80211: do not accept/forward invalid EAPOL frames (CVE-2020-26139)
- mac80211: extend protection against mixed key and fragment cache attacks
(CVE-2020-24586, CVE-2020-24587)
- ath10k: Validate first subframe of A-MSDU before processing the list
- dm snapshot: properly fix a crash when an origin has no snapshots
- misc/uss720: fix memory leak in uss720_probe
- [x86] thunderbolt: dma_port: Fix NVM read buffer bounds and offset issue
- [x86] mei: request autosuspend after sending rx flow control
- USB: trancevibrator: fix control-request direction
- USB: usbfs: Don't WARN about excessively large memory allocations
- serial: rp2: use 'request_firmware' instead of 'request_firmware_nowait'
- USB: serial: ti_usb_3410_5052: add startech.com device id
- USB: serial: option: add Telit LE910-S1 compositions 0x7010, 0x7011
- USB: serial: ftdi_sio: add IDs for IDS GmbH Products
- USB: serial: pl2303: add device id for ADLINK ND-6530 GC
- [arm64,armhf] usb: dwc3: gadget: Properly track pending and queued SG
- net: usb: fix memory leak in smsc75xx_bind
- bpf: extend is_branch_taken to registers
- bpf: Test_verifier, bpf_get_stack return value add <0
- bpf, test_verifier: switch bpf_get_stack's 0 s> r8 test
- bpf: Move off_reg into sanitize_ptr_alu (CVE-2021-29155)
- bpf: Ensure off_reg has no mixed signed bounds for all types
(CVE-2021-29155)
- bpf: Rework ptr_limit into alu_limit and add common error path
(CVE-2021-29155)
- bpf: Improve verifier error messages for users (CVE-2021-29155)
- bpf: Refactor and streamline bounds check into helper (CVE-2021-29155)
- bpf: Move sanitize_val_alu out of op switch (CVE-2021-29155)
- bpf: Tighten speculative pointer arithmetic mask (CVE-2021-29155)
- bpf: Update selftests to reflect new error states
- bpf: Fix leakage of uninitialized bpf stack under speculation
(CVE-2021-31829)
- bpf: Wrap aux data inside bpf_sanitize_info container
- bpf: Fix mask direction swap upon off reg sign change
- bpf: No need to simulate speculative domain for immediates
- [armhf] spi: gpio: Don't leak SPI master in probe error path
- Bluetooth: cmtp: fix file refcount when cmtp_attach_device fails
- NFS: fix an incorrect limit in filelayout_decode_layout()
- NFS: Don't corrupt the value of pg_bytes_written in nfs_do_recoalesce()
- NFSv4: Fix v4.0/v4.1 SEEK_DATA return -ENOTSUPP when set NFS_V4_2 config
- [arm64] drm/meson: fix shutdown crash when component not probed
- net/mlx4: Fix EEPROM dump support
- Revert "net:tipc: Fix a double free in tipc_sk_mcast_rcv"
- tipc: skb_linearize the head skb when reassembling msgs
- [arm64,armhf] net: dsa: fix a crash if ->get_sset_count() fails
- [armhf] i2c: s3c2410: fix possible NULL pointer deref on read message
after write
- [x86] i2c: i801: Don't generate an interrupt on bus reset
- [x86] platform/x86: hp_accel: Avoid invoking _INI to speed up resume
- [x86] net: fujitsu: fix potential null-ptr-deref
- [x86] char: hpet: add checks after calling ioremap
- isdn: mISDNinfineon: check/cleanup ioremap failure correctly in setup_io
- [arm64] dmaengine: qcom_hidma: comment platform_driver_register call
- libertas: register sysfs groups properly
- media: dvb: Add check on sp8870_readreg return
- media: gspca: properly check for errors in po1030_probe()
- [x86] scsi: BusLogic: Fix 64-bit system enumeration error for Buslogic
- btrfs: do not BUG_ON in link_to_fixup_dir
- [x86] platform/x86: hp-wireless: add AMD's hardware id to the supported
list
- SMB3: incorrect file id in requests compounded with open
- drm/amd/amdgpu: fix refcount leak
- drm/amdgpu: Fix a use-after-free
- [arm64,armhf] net: dsa: fix error code getting shifted with 4 in
dsa_slave_get_sset_count
- [armhf] net: fec: fix the potential memory leak in fec_enet_init()
- [arm64] net: mdio: thunder: Fix a double free issue in the .remove
function
- [mips*] net: mdio: octeon: Fix some double free issues
- openvswitch: meter: fix race when getting now_ms.
- net: bnx2: Fix error return code in bnx2_init_board()
- mld: fix panic in mld_newpack()
- bpf: Set mac_len in bpf_skb_change_head
- ixgbe: fix large MTU request from VF
- scsi: libsas: Use _safe() loop in sas_resume_port()
- ipv6: record frag_max_size in atomic fragments in input path
- sch_dsmark: fix a NULL deref in qdisc_reset()
- hugetlbfs: hugetlb_fault_mutex_hash() cleanup
- drivers/net/ethernet: clean up unused assignments
- [arm64] net: hns3: check the return of skb_checksum_help()
- usb: core: reduce power-on-good delay time of root hub
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.194
- net: usb: cdc_ncm: don't spew notifications (Closes: #989451)
- ALSA: usb: update old-style static const declaration
- nl80211: validate key indexes for cfg80211_registered_device
- efi: Allow EFI_MEMORY_XP and EFI_MEMORY_RO both to be cleared
- [arm64,x86] efi: cper: fix snprintf() use in cper_dimm_err_location()
- vfio/pci: Fix error return code in vfio_ecap_init()
- ipvs: ignore IP_VS_SVC_F_HASHED flag when adding service
- HID: pidff: fix error return code in hid_pidff_init()
- [arm64,x86] HID: i2c-hid: fix format string mismatch
- netfilter: nfnetlink_cthelper: hit EBUSY on updates if size mismatches
- ieee802154: fix error return code in ieee802154_add_iface()
- ieee802154: fix error return code in ieee802154_llsec_getparams()
- ixgbevf: add correct exception tracing for XDP
- tipc: add extack messages for bearer/media failure
- tipc: fix unique bearer names sanity check
- Bluetooth: fix the erroneous flush_work() order (CVE-2021-3564)
- Bluetooth: use correct lock to prevent UAF of hdev object (CVE-2021-3573)
- HID: multitouch: require Finger field to mark Win8 reports as MT
- ALSA: timer: Fix master timer notification
- ALSA: hda: Fix for mute key LED for HP Pavilion 15-CK0xx
- ext4: fix bug on in ext4_es_cache_extent as ext4_split_extent_at failed
- [arm*] usb: dwc2: Fix build in periphal-only mode
- pid: take a reference when initializing `cad_pid`
- ocfs2: fix data corruption by fallocate
- nfc: fix NULL ptr dereference in llcp_sock_getname() after failed connect
(CVE-2021-3587)
- [x86] apic: Mark _all_ legacy interrupts when IO/APIC is missing
- btrfs: mark ordered extent and inode with error if we fail to finish
- btrfs: fix error handling in btrfs_del_csums
- btrfs: return errors from btrfs_del_csums in cleanup_ref_head
- btrfs: fixup error handling in fixup_inode_link_counts
- mm, hugetlb: fix simple resv_huge_pages underflow on UFFDIO_COPY
- bpf: Add BPF_F_ANY_ALIGNMENT.
- bnxt_en: Remove the setting of dev_port.
- perf/cgroups: Don't rotate events for cgroups unnecessarily
- perf/core: Fix corner case in perf_rotate_context()
- btrfs: fix unmountable seed device after fstrim
- [x86] KVM: SVM: Truncate GPR value for DR and CR accesses in !64-bit mode
- [arm64] KVM: Fix debug register indexing
- [arm64,x86] ACPI: probe ECDT before loading AML tables regardless of
module-level code flag
- [arm64,x86] ACPI: EC: Look for ECDT EC after calling acpi_load_tables()
- sched/fair: Optimize select_idle_cpu
- [x86] xen-pciback: redo VF placement in the virtual topology
[ Salvatore Bonaccorso ]
* [rt] Update to 4.19.182-rt74
* [rt] Add new signing key for Clark Williams
* [rt] Update to 4.19.184-rt75
* Bump ABI to 17
* [rt] Refresh "workqueue: Use normal rcu"
* [rt] Refresh "workqueue: Use local irq lock instead of irq disable"
* [rt] Refresh "workqueue: rework"
* [rt] Update to 4.19.188-rt77
* [rt] Update to 4.19.190-rt79
* [rt] Refresh "ptrace: fix ptrace vs tasklist_lock race"
* [rt] Update to 4.19.193-rt81
* [rt] Refresh "kernel: sched: Provide a pointer to the valid CPU mask"
-- Salvatore Bonaccorso <email address hidden> Thu, 10 Jun 2021 20:49:34 +0200
-
linux (4.19.181-1) buster; urgency=medium
* New upstream stable update:
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.178
- HID: make arrays usage and value to be the same
- USB: quirks: sort quirk entries
- usb: quirks: add quirk to start video capture on ELMO L-12F document
camera reliable
- block: add helper for checking if queue is registered
- block: split .sysfs_lock into two locks
- block: fix race between switching elevator and removing queues
- block: don't release queue's sysfs lock during switching elevator
- NET: usb: qmi_wwan: Adding support for Cinterion MV31
- cifs: Set CIFS_MOUNT_USE_PREFIX_PATH flag on setting cifs_sb->prepath.
- jump_label/lockdep: Assert we hold the hotplug lock for _cpuslocked()
operations
- locking/static_key: Fix false positive warnings on concurrent dec/inc
- vmlinux.lds.h: add DWARF v5 sections
- [arm64] PCI: qcom: Use PHY_REFCLK_USE_PAD only for ipq8064
- bfq: Avoid false bfq queue merging
- ALSA: usb-audio: Fix PCM buffer allocation in non-vmalloc mode
- [mips*] vmlinux.lds.S: add missing PAGE_ALIGNED_DATA() section
- random: fix the RNDRESEEDCRNG ioctl
- [arm64] Bluetooth: btqcomsmd: Fix a resource leak in error handling
paths in the probe function
- Bluetooth: Fix initializing response id after clearing struct
- [armhf] dts: exynos: correct PMIC interrupt trigger level on Spring
- [armhf] dts: exynos: correct PMIC interrupt trigger level on Arndale Octa
- bpf: Avoid warning when re-casting __bpf_call_base into
__bpf_call_base_args
- [arm64] dts: allwinner: A64: properly connect USB PHY to port 0
- [arm64] dts: allwinner: A64: Limit MMC2 bus frequency to 150 MHz
- ACPICA: Fix exception code class checks
- usb: gadget: u_audio: Free requests only after callback
- Bluetooth: drop HCI device reference before return
- Bluetooth: Put HCI device if inquiry procedure interrupts
- [arm*] usb: dwc2: Do not update data length if it is 0 on inbound
transfers
- [arm*] usb: dwc2: Abort transaction after errors with unknown reason
- [arm*] usb: dwc2: Make "trimming xfer length" a debug message
- staging: rtl8723bs: wifi_regd.c: Fix incorrect number of regulatory
rules
- [armhf] dts: armada388-helios4: assign pinctrl to LEDs
- [armhf] dts: armada388-helios4: assign pinctrl to each fan
- bpf_lru_list: Read double-checked variable once without lock
- bnxt_en: reverse order of TX disable and carrier off
- xen/netback: fix spurious event detection for common event case
- mac80211: fix potential overflow when multiplying to u32 integers
- bpf: Fix bpf_fib_lookup helper MTU check for SKB ctx
- tcp: fix SO_RCVLOWAT related hangs under mem pressure
- cxgb4/chtls/cxgbit: Keeping the max ofld immediate data size same in
cxgb4 and ulds
- b43: N-PHY: Fix the update of coef for the PHY revision >= 3case
- [amd64,arm64] net: amd-xgbe: Reset the PHY rx data path when mailbox
command timeout
- [amd64,arm64] net: amd-xgbe: Fix NETDEV WATCHDOG transmit queue timeout
warning
- [amd64,arm64] net: amd-xgbe: Reset link when the link never comes back
- [amd64,arm64] net: amd-xgbe: Fix network fluctuations when using 1G
BELFUSE SFP
- [arm64,armhf] net: mvneta: Remove per-cpu queue mapping for Armada 3700
- [x86] drm/gma500: Fix error return code in psb_driver_load()
- [x86] gma500: clean up error handling in init
- [armhf] crypto: sun4i-ss - fix kmap usage
- [mips*] c-r4k: Fix section mismatch for loongson2_sc_init
- media: em28xx: Fix use-after-free in em28xx_alloc_urbs
- media: media/pci: Fix memleak in empress_init
- [x86] media: tm6000: Fix memleak in tm6000_start_stream
- media: lmedm04: Fix misuse of comma
- media: qm1d1c0042: fix error return code in qm1d1c0042_init()
- media: uvcvideo: Accept invalid bFormatIndex and bFrameIndex values
- f2fs: fix to avoid inconsistent quota data
- drm/amdgpu: Prevent shift wrapping in amdgpu_read_mask()
- [x86] Drivers: hv: vmbus: Avoid use-after-free in
vmbus_onoffer_rescind()
- btrfs: clarify error returns values in __load_free_space_cache
- crypto: ecdh_helper - Ensure 'len >= secret.len' in decode_key()
- fs/jfs: fix potential integer overflow on shift of a int
- jffs2: fix use after free in jffs2_sum_write_data()
- capabilities: Don't allow writing ambiguous v3 file capabilities
- [arm64,armhf] clk: meson: clk-pll: fix initializing the old rate
(fallback) for a PLL
- quota: Fix memory leak when handling corrupted quota file
- [arm64] clk: sunxi-ng: h6: Fix CEC clock
- HID: core: detect and skip invalid inputs to snto32()
- fdt: Properly handle "no-map" field in the memory region
- of/fdt: Make sure no-map does not remove already reserved regions
- RDMA/mlx5: Use the correct obj_id upon DEVX TIR creation
- [arm64] clk: sunxi-ng: h6: Fix clock divider range on some clocks
- [arm64,armhf] regulator: axp20x: Fix reference cout leak
- certs: Fix blacklist flag type confusion
- [armhf] regulator: s5m8767: Drop regulators OF node reference
- isofs: release buffer head before return
- IB/umad: Return EIO in case of when device disassociated
- IB/umad: Return EPOLLERR in case of when device disassociated
- [ppc64el] KVM: Make the VMX instruction emulation routines static
- [armel,armhf] 9046/1: decompressor: Do not clear SCTLR.nTLSMD for ARMv7+
cores
- [arm*] amba: Fix resource leak for drivers without .remove
- tracepoint: Do not fail unregistering a probe due to memory failure
- perf tools: Fix DSO filtering when not finding a map for a sampled
address
- RDMA/rxe: Fix coding error in rxe_recv.c
- RDMA/rxe: Correct skb on loopback path
- [powerpc*] pseries/dlpar: handle ibm, configure-connector delay status
- [amd64] spi: pxa2xx: Fix the controller numbering for Wildcat Point
- Input: sur40 - fix an error code in sur40_probe()
- perf intel-pt: Fix missing CYC processing in PSB
- Input: elo - fix an error code in elo_connect()
- [arm64,armhf] pwm: rockchip: rockchip_pwm_probe(): Remove superfluous
clk_unprepare()
- [x86] VMCI: Use set_page_dirty_lock() when unregistering guest memory
- PCI: Align checking of syscall user config accessors
- [arm64] drm/msm/dsi: Correct io_start for MSM8994 (20nm PHY)
- ext4: fix potential htree index checksum corruption
- i40e: Fix flow for IPv6 next header (extension header)
- i40e: Add zero-initialization of AQ command structures
- i40e: Fix overwriting flow control settings during driver loading
- i40e: Fix VFs not created
- i40e: Fix add TC filter for IPv6
- net/mlx4_core: Add missed mlx4_free_cmd_mailbox()
- vxlan: move debug check after netdev unregister
- ocfs2: fix a use after free on error
- mm/memory.c: fix potential pte_unmap_unlock pte error
- mm/hugetlb: fix potential double free in hugetlb_register_node() error
path
- r8169: fix jumbo packet handling on RTL8168e
- [arm64] Add missing ISB after invalidating TLB in __primary_switch
- mm/rmap: fix potential pte_unmap on an not mapped pte
- blk-settings: align max_sectors on "logical_block_size" boundary
- ACPI: property: Fix fwnode string properties matching
- HID: wacom: Ignore attempts to overwrite the touch_max value from HID
- Input: xpad - add support for PowerA Enhanced Wired Controller for Xbox
Series X|S
- Input: joydev - prevent potential read overflow in ioctl
- USB: serial: option: update interface mapping for ZTE P685M
- [arm64,armhf] usb: musb: Fix runtime PM race in musb_queue_resume_work
- [arm64,armhf] usb: dwc3: gadget: Fix setting of DEPCFG.bInterval_m1
- [arm64,armhf] usb: dwc3: gadget: Fix dep->interval for fullspeed
interrupt
- USB: serial: ftdi_sio: fix FTX sub-integer prescaler
- USB: serial: mos7840: fix error code in mos7840_write()
- USB: serial: mos7720: fix error code in mos7720_write()
- ALSA: hda/realtek: modify EAPD in the ALC886
- tpm_tis: Fix check_locality for correct locality acquisition
- tpm_tis: Clean up locality release
- KEYS: trusted: Fix migratable=1 failing
- btrfs: abort the transaction if we fail to inc ref in btrfs_copy_root
- btrfs: fix reloc root leak with 0 ref reloc roots on recovery
- btrfs: fix extent buffer leak on failure to copy root
- [arm64] crypto: arm64/sha - add missing module aliases
- [armhf] crypto: sun4i-ss - checking sg length is not sufficient
- [armhf] crypto: sun4i-ss - handle BigEndian for cipher
- seccomp: Add missing return in non-void function
- misc: rtsx: init of rts522a add OCP power off when no card is present
- [x86] drivers/misc/vmw_vmci: restrict too big queue size in
qp_host_alloc_queue
- staging: rtl8188eu: Add Edimax EW-7811UN V2 to device table
- [x86] reboot: Force all cpus to exit VMX root if VMX is supported
- floppy: reintroduce O_NDELAY fix
- [arm64] uprobe: Return EOPNOTSUPP for AARCH32 instruction probing
- [x86] watchdog: mei_wdt: request stop on unregister
- [arm64] mtd: spi-nor: hisi-sfc: Put child node np on error path
- fs/affs: release old buffer head on error path
- seq_file: document how per-entry resources are managed.
- [x86] fix seq_file iteration for pat/memtype.c
- hugetlb: fix copy_huge_page_from_user contig page struct assumption
- libnvdimm/dimm: Avoid race between probe and available_slots_show()
- [arm64] Extend workaround for erratum 1024718 to all versions of
Cortex-A55
- module: Ignore _GLOBAL_OFFSET_TABLE_ when warning for undefined symbols
- [armhf] mmc: sdhci-esdhc-imx: fix kernel panic when remove module
- [armhf] gpio: pcf857x: Fix missing first interrupt
- printk: fix deadlock when kernel panic
- [x86] cpufreq: intel_pstate: Get per-CPU max freq via
MSR_HWP_CAPABILITIES if available
- f2fs: fix out-of-repair __setattr_copy()
- gfs2: Don't skip dlm unlock if glock has an lvb
- dm: fix deadlock when swapping to encrypted device
- dm era: Recover committed writeset after crash
- dm era: Verify the data block size hasn't changed
- dm era: Fix bitset memory leaks
- dm era: Use correct value size in equality function of writeset tree
- dm era: Reinitialize bitset cache before digesting a new writeset
- dm era: only resize metadata in preresume
- icmp: introduce helper for nat'd source address in network device
context
- icmp: allow icmpv6_ndo_send to work with CONFIG_IPV6=n
- gtp: use icmp_ndo_send helper
- xfrm: interface: use icmp_ndo_send helper
- ipv6: icmp6: avoid indirect call for icmpv6_send()
- ipv6: silence compilation warning for non-IPV6 builds
- net: icmp: pass zeroed opts from icmp{,v6}_ndo_send before sending
- dm era: Update in-core bitset after committing the metadata
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.179
- net: usb: qmi_wwan: support ZTE P685M modem
- hugetlb: fix update_and_free_page contig page struct assumption
- drm/virtio: use kvmalloc for large allocations
- [s390x] virtio/s390: implement virtio-ccw revision 2 correctly
- [arm64] module: set plt* section addresses to 0x0
- [arm64] Avoid redundant type conversions in xchg() and cmpxchg()
- [arm64] cmpxchg: Use "K" instead of "L" for ll/sc immediate constraint
- [arm64] Use correct ll/sc atomic constraints
- JFS: more checks for invalid superblock
- udlfb: Fix memory leak in dlfb_usb_probe
- media: mceusb: sanity check for prescaler value
- xfs: Fix assert failure in xfs_setattr_size()
- net: fix up truesize of cloned skb in skb_prepare_for_shift()
- mm/hugetlb.c: fix unnecessary address expansion of pmd sharing
- net: bridge: use switchdev for port flags set through sysfs too
- dt-bindings: net: btusb: DT fix s/interrupt-name/interrupt-names/
- rsi: Fix TX EAPOL packet handling against iwlwifi AP
- rsi: Move card interrupt handling to RX thread
- [x86] reboot: Add Zotac ZBOX CI327 nano PCI reboot quirk
- vt/consolemap: do font sum unsigned
- [arm64,armhf] wlcore: Fix command execute failure 19 for wl12xx
- Bluetooth: hci_h5: Set HCI_QUIRK_SIMULTANEOUS_DISCOVERY for btrtl
- pktgen: fix misuse of BUG_ON() in pktgen_thread_worker()
- ath10k: fix wmi mgmt tx queue full due to race condition
- [x86] build: Treat R_386_PLT32 relocation as R_386_PC32
- Bluetooth: Fix null pointer dereference in amp_read_loc_assoc_final_data
- crypto: tcrypt - avoid signed overflow in byte count
- PCI: Add a REBAR size quirk for Sapphire RX 5600 XT Pulse
- media: uvcvideo: Allow entities with no pads
- f2fs: handle unallocated section and zone on pinned/atgc
- f2fs: fix to set/clear I_LINKABLE under i_lock
- btrfs: fix error handling in commit_fs_roots
- [x86] ASoC: Intel: bytcr_rt5640: Add quirk for the Estar Beauty HD MID
7316R tablet
- [x86] ASoC: Intel: bytcr_rt5640: Add quirk for the Voyo Winpad A15
tablet
- [x86] ASoC: Intel: bytcr_rt5640: Add quirk for the Acer One S1002 tablet
- scsi: iscsi: Restrict sessions and handles to admin capabilities
(CVE-2021-27363, CVE-2021-27364)
- sysfs: Add sysfs_emit and sysfs_emit_at to format sysfs output
- scsi: iscsi: Ensure sysfs attributes are limited to PAGE_SIZE
(CVE-2021-27365)
- scsi: iscsi: Verify lengths on passthrough PDUs (CVE-2021-27365)
- Xen/gnttab: handle p2m update errors on a per-slot basis
(CVE-2021-28038)
- xen-netback: respect gnttab_map_refs()'s return value (CVE-2021-28038)
- zsmalloc: account the number of compacted pages correctly
- swap: fix swapfile read/write offset
- media: v4l: ioctl: Fix memory leak in video_usercopy
- ALSA: hda/realtek: Add quirk for Clevo NH55RZQ
- ALSA: hda/realtek: Apply dual codec quirks for MSI Godlike X570 board
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.180
- btrfs: raid56: simplify tracking of Q stripe presence
- btrfs: fix raid6 qstripe kmap
- btrfs: validate qgroup inherit for SNAP_CREATE_V2 ioctl
- btrfs: free correct amount of space in
btrfs_delayed_inode_reserve_metadata
- btrfs: unlock extents in btrfs_zero_range in case of quota reservation
errors
- PM: runtime: Update device status before letting suppliers suspend
- dm bufio: subtract the number of initial sectors in
dm_bufio_get_device_size
- drm/amdgpu: fix parameter error of RREG32_PCIE() in amdgpu_regs_pcie
- usbip: tools: fix build error for multiple definition
- Revert "zram: close udev startup race condition as default groups"
- block: genhd: add 'groups' argument to device_add_disk
- nvme: register ns_id attributes as default sysfs groups
- aoe: register default groups with device_add_disk()
- zram: register default groups with device_add_disk()
- virtio-blk: modernize sysfs attribute creation
- ALSA: ctxfi: cthw20k2: fix mask on conf to allow 4 bits
- rsxx: Return -EFAULT if copy_to_user() fails
- r8169: fix resuming from suspend on RTL8105e if machine runs on battery
- [arm64,armhf] net: dsa: add GRO support via gro_cells
- dm table: fix iterate_devices based device capability checks
- dm table: fix DAX iterate_devices based device capability checks
- dm table: fix zoned iterate_devices based device capability checks
- [amd64] iommu/amd: Fix sleeping in atomic in increase_address_space()
- mwifiex: pcie: skip cancel_work_sync() on reset failure path
- [x86] platform/x86: acer-wmi: Cleanup ACER_CAP_FOO defines
- [x86] platform/x86: acer-wmi: Cleanup accelerometer device handling
- [x86] platform/x86: acer-wmi: Add new force_caps module parameter
- [x86] platform/x86: acer-wmi: Add ACER_CAP_SET_FUNCTION_MODE capability
flag
- [x86] platform/x86: acer-wmi: Add support for SW_TABLET_MODE on Switch
devices
- [x86] platform/x86: acer-wmi: Add ACER_CAP_KBD_DOCK quirk for the Aspire
Switch 10E SW3-016
- HID: mf: add support for 0079:1846 Mayflash/Dragonrise USB Gamecube
Adapter
- media: cx23885: add more quirks for reset DMA on some AMD IOMMU
- [x86] ASoC: Intel: bytcr_rt5640: Add quirk for ARCHOS Cesium 140
- PCI: Add function 1 DMA alias quirk for Marvell 9215 SATA controller
- misc: eeprom_93xx46: Add quirk to support Microchip 93LC46B eeprom
- [arm64] drm/msm/a5xx: Remove overwriting A5XX_PC_DBG_ECO_CNTL register
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.181
- uapi: nfnetlink_cthelper.h: fix userspace compilation error
- ethernet: alx: fix order of calls on resume (Closes: #983595)
- ath9k: fix transmitting to stations in dynamic SMPS mode
- net: Fix gro aggregation for udp encaps with zero csum
- net: Introduce parse_protocol header_ops callback
- can: skb: can_skb_set_owner(): fix ref counting if socket was closed
before setting skb ownership
- [armhf] can: flexcan: assert FRZ bit in flexcan_chip_freeze()
- [armhf] can: flexcan: enable RX FIFO after FRZ/HALT valid
- netfilter: x_tables: gpf inside xt_find_revision()
- mt76: dma: do not report truncated frames to mac80211
- tcp: annotate tp->copied_seq lockless reads
- tcp: annotate tp->write_seq lockless reads
- tcp: add sanity tests to TCP_QUEUE_SEQ
- cifs: return proper error code in statfs(2)
- scripts/recordmcount.{c,pl}: support -ffunction-sections .text.* section
names
- Revert "mm, slub: consider rest of partial list if acquire_slab() fails"
- net: check if protocol extracted by virtio_net_hdr_set_proto is correct
- net: avoid infinite loop in mpls_gso_segment when mpls_hlen == 0
- net/mlx4_en: update moderation when config reset
- [arm64,armhf] net: stmmac: fix incorrect DMA channel intr enable setting
of EQoS v4.10
- net: sched: avoid duplicates in classes dump
- net: usb: qmi_wwan: allow qmimux add/del with master up
- [arm64,armhf] net: stmmac: stop each tx channel independently
- [arm64,armhf] net: stmmac: fix watchdog timeout during suspend/resume
stress test
- drm/compat: Clear bounce structures
- [arm64] drm: meson_drv add shutdown function
- media: usbtv: Fix deadlock on suspend
- net: phy: fix save wrong speed and duplex problem if autoneg is on
- udf: fix silent AED tagLocation corruption
- [powerpc*] pci: Add ppc_md.discover_phbs()
- [powerpc*] improve handling of unrecoverable system reset
- [powerpc*] perf: Record counter overflow always if SAMPLE_IP is unset
- [arm64] PCI: xgene-msi: Fix race in installing chained irq handler
- PCI: Fix pci_register_io_range() memory leak
- i40e: Fix memory leak in i40e_probe
- [s390x] smp: __smp_rescan_cpus() - move cpumask away from stack
- scsi: libiscsi: Fix iscsi_prep_scsi_cmd_pdu() error handling
- scsi: target: core: Add cmd length set before cmd complete
- scsi: target: core: Prevent underflow for service actions
- ALSA: usb: Add Plantronics C320-M USB ctrl msg delay quirk
- ALSA: hda/hdmi: Cancel pending works before suspend
- ALSA: hda: Drop the BATCH workaround for AMD controllers
- ALSA: hda: Avoid spurious unsol event handling during S3/S4
- ALSA: usb-audio: Fix "cannot get freq eq" errors on Dell AE515 sound bar
- ALSA: usb-audio: Apply the control quirk to Plantronics headsets
- Revert 95ebabde382c ("capabilities: Don't allow writing ambiguous v3 file
capabilities")
- [s390x] dasd: fix hanging DASD driver unbind
- [s390x] dasd: fix hanging IO request during DASD driver unbind
- mmc: core: Fix partition switch time for eMMC
- mmc: cqhci: Fix random crash when remove mmc module/card
- Goodix Fingerprint device is not a modem
- USB: gadget: u_ether: Fix a configfs return code
- usb: gadget: f_uac2: always increase endpoint max_packet_size by one audio
slot
- usb: gadget: f_uac1: stop playback on function disable
- [arm64] usb: dwc3: qcom: Honor wakeup enabled/disabled state
- USB: usblp: fix a hang in poll() if disconnected
- xhci: Improve detection of device initiated wake signal.
- usb: xhci: Fix ASMedia ASM1042A and ASM3242 DMA addressing
- USB: serial: io_edgeport: fix memory leak in edge_startup
- USB: serial: ch341: add new Product ID
- USB: serial: cp210x: add ID for Acuity Brands nLight Air Adapter
- USB: serial: cp210x: add some more GE USB IDs
- usbip: fix stub_dev to check for stream socket
- usbip: fix vhci_hcd to check for stream socket
- usbip: fix vudc to check for stream socket
- usbip: fix stub_dev usbip_sockfd_store() races leading to gpf
- usbip: fix vhci_hcd attach_store() races leading to gpf
- usbip: fix vudc usbip_sockfd_store races leading to gpf
- [x86] staging: rtl8192u: fix ->ssid overflow in r8192_wx_set_scan()
- staging: rtl8188eu: prevent ->ssid overflow in rtw_wx_set_scan()
(CVE-2021-28660)
- staging: rtl8712: unterminated string leads to read overflow
- staging: rtl8188eu: fix potential memory corruption in
rtw_check_beacon_data()
- staging: rtl8712: Fix possible buffer overflow in r8712_sitesurvey_cmd
- [x86] staging: rtl8192e: Fix possible buffer overflow in
_rtl92e_wx_set_scan
- [x86] staging: comedi: addi_apci_1032: Fix endian problem for COS sample
- [x86] staging: comedi: addi_apci_1500: Fix endian problem for command
sample
- [x86] staging: comedi: adv_pci1710: Fix endian problem for AI command data
- [i386] staging: comedi: das6402: Fix endian problem for AI command data
- [i386] staging: comedi: das800: Fix endian problem for AI command data
- [i386] staging: comedi: dmm32at: Fix endian problem for AI command data
- [x86] staging: comedi: me4000: Fix endian problem for AI command data
- [i386] staging: comedi: pcl711: Fix endian problem for AI command data
- [i386] staging: comedi: pcl818: Fix endian problem for AI command data
- NFSv4.2: fix return value of _nfs4_get_security_label()
- block: rsxx: fix error return code of rsxx_pci_probe()
- configfs: fix a use-after-free in __configfs_open_file
- hrtimer: Update softirq_expires_next correctly after
__hrtimer_get_next_event()
- stop_machine: mark helpers __always_inline
- include/linux/sched/mm.h: use rcu_dereference in in_vfork()
- [powerpc*] 64s: Fix instruction encoding for lis in ppc_function_entry()
- binfmt_misc: fix possible deadlock in bm_register_write
- [amd64] x86/unwind/orc: Disable KASAN checking in the ORC unwinder, part 2
- hwmon: (lm90) Fix max6658 sporadic wrong temperature reading
- [arm64] KVM: Fix exclusive limit for IPA size
- xen/events: reset affinity of 2-level event when tearing it down
- xen/events: don't unmask an event channel when an eoi is pending
- xen/events: avoid handling the same event on two cpus at the same time
[ Salvatore Bonaccorso ]
* Bump ABI to 16
* ext4: check journal inode extents more carefully (CVE-2021-3428)
* bpf: Prohibit alu ops for pointer types not defining ptr_limit
(CVE-2020-27170)
* bpf: Fix off-by-one for area size in creating mask to left
(CVE-2020-27171)
* bpf: Simplify alu_limit masking for pointer arithmetic
* bpf: Add sanity check for upper ptr_limit
-- Salvatore Bonaccorso <email address hidden> Fri, 19 Mar 2021 15:29:57 +0100
-
linux (4.19.171-2) buster-security; urgency=high
* xen: Fix XenStore initialisation for XS_LOCAL
-- Salvatore Bonaccorso <email address hidden> Sat, 30 Jan 2021 10:35:46 +0100
-
linux (4.19.160-2) buster; urgency=medium
* net: Disable MLX5_ESWITCH on mips and mipsel (Fixes FTBFS)
-- Salvatore Bonaccorso <email address hidden> Sat, 28 Nov 2020 08:47:24 +0100
-
linux (4.19.146-1) buster; urgency=medium
* New upstream stable update:
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.133
- [s390x] KVM: s390: reduce number of IO pins to 1
- regmap: fix alignment issue
- [arm64,armhf] drm/tegra: hub: Do not enable orphaned window group
- [arm64,armhf] gpu: host1x: Detach driver on unregister
- spi: spidev: fix a race between spidev_release and spidev_remove
- spi: spidev: fix a potential use-after-free in spidev_release()
- ixgbe: protect ring accesses with READ- and WRITE_ONCE
- i40e: protect ring accesses with READ- and WRITE_ONCE
- [x86] drm: panel-orientation-quirks: Add quirk for Asus T101HA panel
- [x86] drm: panel-orientation-quirks: Use generic orientation-data for
Acer S1003
- cifs: update ctime and mtime during truncate
- [armhf] imx6: add missing put_device() call in imx6q_suspend_init()
- scsi: mptscsih: Fix read sense data size
- [arm64] usb: dwc3: pci: Fix reference count leak in dwc3_pci_resume_work
- block: release bip in a right way in error path
- nvme-rdma: assign completion vector correctly
- [x86] entry: Increase entry_stack size to a full page
- net: cxgb4: fix return error value in t4_prep_fw
- smsc95xx: check return value of smsc95xx_reset
- smsc95xx: avoid memory leak in smsc95xx_bind
- [arm64] net: hns3: fix use-after-free when doing self test
- [x86] ALSA: compress: fix partial_drain completion state
- nbd: Fix memory leak in nbd_add_socket
- cxgb4: fix all-mask IP address comparison
- bnxt_en: fix NULL dereference in case SR-IOV configuration fails
- [arm64] net: macb: mark device wake capable when "magic-packet" property
present
- ALSA: opl3: fix infoleak in opl3
- ALSA: hda - let hs_mic be picked ahead of hp_mic
- ALSA: usb-audio: add quirk for MacroSilicon MS2109
- [arm64] KVM: Fix definition of PAGE_HYP_DEVICE
- [arm64] KVM: Stop clobbering x0 for HVC_SOFT_RESTART
- [x86] KVM: bit 8 of non-leaf PDPEs is not reserved
- [x86] KVM: Inject #GP if guest attempts to toggle CR4.LA57 in 64-bit
mode
- [x86] KVM: Mark CR4.TSD as being possibly owned by the guest
- kallsyms: Refactor kallsyms_show_value() to take cred
- kernel: module: Use struct_size() helper
- module: Refactor section attr into bin attribute
- module: Do not expose section addresses to non-CAP_SYSLOG
- kprobes: Do not expose probe addresses to non-CAP_SYSLOG
- bpf: Check correct cred for CAP_SYSLOG in bpf_dump_raw_ok()
- btrfs: fix fatal extent_buffer readahead vs releasepage race
- drm/radeon: fix double free
- dm: use noio when sending kobject event
- [s390x] mm: fix huge pte soft dirty copying
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.134
- perf: Make perf able to build with latest libbfd
- genetlink: remove genl_bind
- ipv4: fill fl4_icmp_{type,code} in ping_v4_sendmsg
- l2tp: remove skb_dst_set() from l2tp_xmit_skb()
- llc: make sure applications use ARPHRD_ETHER
- net: Added pointer check for dst->ops->neigh_lookup in
dst_neigh_lookup_skb
- net_sched: fix a memory leak in atm_tc_init()
- net: usb: qmi_wwan: add support for Quectel EG95 LTE modem
- tcp: fix SO_RCVLOWAT possible hangs under high mem pressure
- tcp: make sure listeners don't initialize congestion-control state
- tcp: md5: add missing memory barriers in
tcp_md5_do_add()/tcp_md5_hash_key()
- tcp: md5: do not send silly options in SYNCOOKIES
- tcp: md5: refine tcp_md5_do_add()/tcp_md5_hash_key() barriers
- tcp: md5: allow changing MD5 keys in all socket states
- cgroup: fix cgroup_sk_alloc() for sk_clone_lock() (CVE-2020-14356)
(Closes: #966846)
- cgroup: Fix sock_cgroup_data on big-endian.
- sched: consistently handle layer3 header accesses in the presence of
VLANs
- vlan: consolidate VLAN parsing code and limit max parsing depth
- [arm64] drm/msm: fix potential memleak in error branch
- [arm64] alternatives: use subsections for replacement sequences
- [arm64,x86] tpm_tis: extra chip->ops check on error path in
tpm_tis_core_init
- gfs2: read-only mounts should grab the sd_freeze_gl glock
- [i386] i2c: eg20t: Load module automatically if ID matches
- [arm64] alternatives: don't patch up internal branches
- [armhf] iio: mma8452: Add missed iio_device_unregister() call in
mma8452_probe()
- [armhf] net: dsa: bcm_sf2: Fix node reference count
- of: of_mdio: Correct loop scanning logic
- Revert "usb/ohci-platform: Fix a warning when hibernating"
- [arm64,armhf] Revert "usb/xhci-plat: Set PM runtime as active on resume"
- Revert "usb/ehci-platform: Set PM runtime as active on resume"
- [arm64,armhf] net: sfp: add support for module quirks
- [arm64,armhf] net: sfp: add some quirks for GPON modules
- HID: quirks: Remove ITE 8595 entry from hid_have_special_driver
- ALSA: usb-audio: Create a registration quirk for Kingston HyperX Amp
(0951:16d8)
- mmc: sdhci: do not enable card detect interrupt for gpio cd type
- ALSA: usb-audio: Rewrite registration quirk handling
- [x86] ACPI: video: Use native backlight on Acer Aspire 5783z
- ALSA: usb-audio: Add registration quirk for Kingston HyperX Cloud Alpha
S
- [x86] ACPI: video: Use native backlight on Acer TravelMate 5735Z
- ALSA: usb-audio: Add registration quirk for Kingston HyperX Cloud Flight
S
- [arm64,armhf] phy: sun4i-usb: fix dereference of pointer phy0 before it
is null checked
- [armhf] spi: spi-sun6i: sun6i_spi_transfer_one(): fix setting of clock
rate
- [x86] staging: comedi: verify array index is correct before using it
- regmap: debugfs: Don't sleep while atomic for fast_io regmaps
- [x86] copy_xstate_to_kernel: Fix typo which caused GDB regression
- apparmor: ensure that dfa state tables have entries
- perf stat: Zero all the 'ena' and 'run' array slot stats for interval
mode
- [armhf] mtd: rawnand: marvell: Use nand_cleanup() when the device is not
yet registered
- [armhf] mtd: rawnand: marvell: Fix probe error path
- mtd: rawnand: timings: Fix default tR_max and tCCS_min timings
- HID: magicmouse: do not set up autorepeat
- HID: quirks: Always poll Obins Anne Pro 2 keyboard
- HID: quirks: Ignore Simply Automated UPB PIM
- ALSA: line6: Perform sanity check for each URB creation
- ALSA: line6: Sync the pending work cancel at disconnection
- ALSA: usb-audio: Fix race against the error recovery URB submission
- [x86] ALSA: hda/realtek - change to suitable link model for ASUS platform
- [x86] ALSA: hda/realtek - Enable Speaker for ASUS UX533 and UX534
- [arm*] usb: dwc2: Fix shutdown callback in platform
- [arm64,armhf] usb: chipidea: core: add wakeup support for extcon
- USB: serial: iuu_phoenix: fix memory corruption
- USB: serial: cypress_m8: enable Simply Automated UPB PIM
- USB: serial: ch341: add new Product ID for CH340
- USB: serial: option: add GosunCn GM500 series
- USB: serial: option: add Quectel EG95 LTE modem
- [x86] virt: vbox: Fix VBGL_IOCTL_VMMDEV_REQUEST_BIG and _LOG req numbers
to match upstream
- [x86] virt: vbox: Fix guest capabilities mask check
- [arm64] virtio: virtio_console: add missing MODULE_DEVICE_TABLE() for
rproc serial
- ovl: inode reference leak in ovl_is_inuse true case.
- ovl: relax WARN_ON() when decoding lower directory file handle
- ovl: fix unneeded call to ovl_change_flags()
- fuse: Fix parameter for FS_IOC_{GET,SET}FLAGS
- Revert "zram: convert remaining CLASS_ATTR() to CLASS_ATTR_RO()"
(CVE-2020-10781)
- [x86] mei: bus: don't clean driver pointer
- timer: Prevent base->clk from moving backward
- timer: Fix wheel index calculation on last level
- [mips*] Fix build for LTS kernel caused by backporting lpj adjustment
- hwmon: (emc2103) fix unable to change fan pwm1_enable attribute
- [powerpc*] book3s64/pkeys: Fix pkey_access_permitted() for execute
disable pkey
- [x86] intel_th: pci: Add Jasper Lake CPU support
- [x86] intel_th: pci: Add Tiger Lake PCH-H support
- [x86] intel_th: pci: Add Emmitsburg PCH support
- [x86] intel_th: Fix a NULL dereference when hub driver is not loaded
- [arm*] thermal/drivers/cpufreq_cooling: Fix wrong frequency converted
from power
- [arm64] ptrace: Override SPSR.SS when single-stepping is enabled
- [arm64] ptrace: Consistently use pseudo-singlestep exceptions
- [arm64] compat: Ensure upper 32 bits of x0 are zero on syscall return
- sched: Fix unreliable rseq cpu_id for new tasks
- sched/fair: handle case of task_h_load() returning 0
- genirq/affinity: Handle affinity setting on inactive interrupts
correctly
- printk: queue wake_up_klogd irq_work only if per-CPU areas are ready
- libceph: don't omit recovery_deletes in target_copy()
- rxrpc: Fix trace string
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.135
- mac80211: allow rx of mesh eapol frames with default rx key
- scsi: scsi_transport_spi: Fix function pointer check
- net: sky2: initialize return of gm_phy_read
- drm/nouveau/i2c/g94-: increase NV_PMGR_DP_AUXCTL_TRANSACTREQ timeout
- fuse: fix weird page warning
- [x86] irqdomain/treewide: Keep firmware node unconditionally allocated
- SUNRPC reverting d03727b248d0 ("NFSv4 fix CLOSE not waiting for direct
IO compeletion")
- tipc: clean up skb list lock handling on send path
- IB/umem: fix reference count leak in ib_umem_odp_get()
- uprobes: Change handle_swbp() to send SIGTRAP with si_code=SI_KERNEL, to
fix GDB regression
- ALSA: info: Drop WARN_ON() from buffer NULL sanity check
- btrfs: fix double free on ulist after backref resolution failure
- btrfs: fix mount failure caused by race with umount
- btrfs: fix page leaks after failure to lock page for delalloc
- bnxt_en: Fix race when modifying pause settings.
- [x86] hippi: Fix a size used in a 'pci_free_consistent()' in an error
handling path
- ax88172a: fix ax88172a_unbind() failures
- ieee802154: fix one possible memleak in adf7242_probe
- [arm64,armhf] drm: sun4i: hdmi: Fix inverted HPD result
- [arm64,armhf] net: smc91x: Fix possible memory leak in smc_drv_probe()
- bonding: check error value of register_netdevice() immediately
- qed: suppress "don't support RoCE & iWARP" flooding on HW init
- ipvs: fix the connection sync failed in some cases
- bonding: check return value of register_netdevice() in bond_newlink()
- serial: exar: Fix GPIO configuration for Sealevel cards based on
XR17V35X
- [arm64,x86] HID: i2c-hid: add Mediacom FlexBook edge13 to descriptor
override
- HID: alps: support devices with report id 2
- HID: steam: fixes race in handling device list.
- HID: apple: Disable Fn-key key-re-mapping on clone keyboards
- [arm64] dmaengine: tegra210-adma: Fix runtime PM imbalance on error
- Input: add `SW_MACHINE_COVER`
- regmap: dev_get_regmap_match(): fix string comparison
- hwmon: (aspeed-pwm-tacho) Avoid possible buffer overflow
- [amd64] dmaengine: ioat setting ioat timeout as module parameter
- [x86] Input: synaptics - enable InterTouch for ThinkPad X1E 1st gen
- [arm64] Use test_tsk_thread_flag() for checking TIF_SINGLESTEP
- [arm*] binder: Don't use mmput() from shrinker function.
- usb: xhci: Fix ASM2142/ASM3142 DMA addressing
- Revert "cifs: Fix the target file was deleted when rename failed."
(Closes: #966917)
- [x86] staging: wlan-ng: properly check endpoint types
- [x86] staging: comedi: addi_apci_1032: check INSN_CONFIG_DIGITAL_TRIG
shift
- [x86] staging: comedi: ni_6527: fix INSN_CONFIG_DIGITAL_TRIG support
- [x86] staging: comedi: addi_apci_1500: check INSN_CONFIG_DIGITAL_TRIG
shift
- [x86] staging: comedi: addi_apci_1564: check INSN_CONFIG_DIGITAL_TRIG
shift
- serial: 8250: fix null-ptr-deref in serial8250_start_tx()
- fbdev: Detect integer underflow at "struct fbcon_ops"->clear_margins.
- vt: Reject zero-sized screen buffer size.
- mm/memcg: fix refcount error while moving and swapping
- mm: memcg/slab: synchronize access to kmem_cache dying flag using a
spinlock
- mm: memcg/slab: fix memory leak at non-root kmem_cache destroy
- io-mapping: indicate mapping failure
- drm/amdgpu: Fix NULL dereference in dpm sysfs handlers
- [x86] vmlinux.lds: Page-align end of ..page_aligned sections
- [x86] ASoC: rt5670: Add new gpio1_is_ext_spk_en quirk and enable it on
the Lenovo Miix 2 10
- dm integrity: fix integrity recalculation that is improperly skipped
- ath9k: Fix general protection fault in ath9k_hif_usb_rx_cb
- ath9k: Fix regression with Atheros 9271
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.136
- AX.25: Fix out-of-bounds read in ax25_connect()
- AX.25: Prevent out-of-bounds read in ax25_sendmsg()
- dev: Defer free of skbs in flush_backlog
- ip6_gre: fix null-ptr-deref in ip6gre_init_net()
- net-sysfs: add a newline when printing 'tx_timeout' by sysfs
- net: udp: Fix wrong clean up for IS_UDPLITE macro
- rxrpc: Fix sendmsg() returning EPIPE due to recvmsg() returning ENODATA
- tcp: allow at most one TLP probe per flight
- AX.25: Prevent integer overflows in connect and sendmsg
- sctp: shrink stream outq only when new outcnt < old outcnt
- sctp: shrink stream outq when fails to do addstream reconf
- udp: Copy has_conns in reuseport_grow().
- udp: Improve load balancing for SO_REUSEPORT.
- rtnetlink: Fix memory(net_device) leak when ->newlink fails
- regmap: debugfs: check count when read regmap file
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.137
- [x86] crypto: ccp - Release all allocated memory if sha type is invalid
(CVE-2019-18808)
- media: rc: prevent memory leak in cx23888_ir_probe (CVE-2019-19054)
- iio: imu: adis16400: fix memory leak (CVE-2019-19061)
- [x86] drm/amdgpu: fix multiple memory leaks in acp_hw_init
(CVE-2019-19067)
- tracing: Have error path in predicate_parse() free its allocated memory
(CVE-2019-19072)
- ath9k_htc: release allocated buffer if timed out (CVE-2019-19073)
- ath9k: release allocated buffer if timed out (CVE-2019-19074)
- drm/amd/display: prevent memory leak (CVE-2019-19082)
- btrfs: inode: Verify inode mode to avoid NULL pointer dereference
(CVE-2019-19813, CVE-2019-19816)
- sctp: implement memory accounting on tx path (CVE-2019-3874)
- Btrfs: fix selftests failure due to uninitialized i_mode in test inodes
- PCI/ASPM: Disable ASPM on ASMedia ASM1083/1085 PCIe-to-PCI bridge
- 9p/trans_fd: Fix concurrency del of req_list in
p9_fd_cancelled/p9_read_work
- wireless: Use offsetof instead of custom macro.
- [armel,armhf] 8986/1: hw_breakpoint: Don't invoke overflow handler on
uaccess watchpoints
- Revert "drm/amdgpu: Fix NULL dereference in dpm sysfs handlers"
- drm/amdgpu: Prevent kernel-infoleak in amdgpu_info_ioctl()
- drm: hold gem reference until object is no longer accessed
- rds: Prevent kernel-infoleak in rds_notify_queue_get()
- xfs: fix missed wakeup on l_flush_wait
- xfrm: Fix crash when the hold queue is used.
- net/mlx5: Verify Hardware supports requested ptp function on a given pin
- net: lan78xx: add missing endpoint sanity check
- net: lan78xx: fix transfer-buffer memory leak
- mlx4: disable device on shutdown
- bpf: Fix map leak in HASH_OF_MAPS map
- mac80211: mesh: Free ie data when leaving mesh
- mac80211: mesh: Free pending skb when destroying a mpath
- [arm64] alternatives: move length validation inside the subsection
- [arm64] csum: Fix handling of bad packets
- Bluetooth: fix kernel oops in store_pending_adv_report
- net/mlx5e: fix bpf_prog reference count leaks in mlx5e_alloc_rq
- qed: Disable "MFW indication via attention" SPAM every 5 minutes
- [amd64] x86/unwind/orc: Fix ORC for newly forked tasks
- cxgb4: add missing release on skb in uld_send()
- xen-netfront: fix potential deadlock in xennet_remove()
- [x86] KVM: LAPIC: Prevent setting the tscdeadline timer if the lapic is
hw disabled
- [x86] i8259: Use printk_deferred() to prevent deadlock
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.138
- random32: update the net random state on interrupt and activity
(CVE-2020-16166)
- [armel] ARM: percpu.h: fix build error
- random: fix circular include dependency on arm64 after addition of
percpu.h
- random32: remove net_rand_state from the latent entropy gcc plugin
- random32: move the pseudo-random 32-bit definitions to prandom.h
- ext4: fix direct I/O read error
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.139
- USB: serial: qcserial: add EM7305 QDL product ID
- USB: iowarrior: fix up report size handling for some devices
- usb: xhci: define IDs for various ASMedia host controllers
- usb: xhci: Fix ASMedia ASM1142 DMA addressing
- Revert "ALSA: hda: call runtime_allow() for all hda controllers"
- [arm*] staging: android: ashmem: Fix lockdep warning for write operation
- Bluetooth: Fix slab-out-of-bounds read in
hci_extended_inquiry_result_evt()
- Bluetooth: Prevent out-of-bounds read in hci_inquiry_result_evt()
- Bluetooth: Prevent out-of-bounds read in
hci_inquiry_result_with_rssi_evt()
- [arm*] binder: Prevent context manager from incrementing ref 0
- vgacon: Fix for missing check in scrollback handling (CVE-2020-14331)
- mtd: properly check all write ioctls for permissions
- net/9p: validate fds in p9_fd_open
- drm/nouveau/fbcon: fix module unload when fbcon init has failed for some
reason
- drm/nouveau/fbcon: zero-initialise the mode_cmd2 structure
- usb: hso: check for return value in hso_serial_common_create()
- firmware: Fix a reference count leak.
- cfg80211: check vendor command doit pointer before use
- igb: reinit_locked() should be called with rtnl_lock
- atm: fix atm_dev refcnt leaks in atmtcp_remove_persistent
- tools lib traceevent: Fix memory leak in process_dynamic_array_len
- [x86] Drivers: hv: vmbus: Ignore CHANNELMSG_TL_CONNECT_RESULT(23)
- xattr: break delegations in {set,remove}xattr
- ipv4: Silence suspicious RCU usage warning
- ipv6: fix memory leaks on IPV6_ADDRFORM path
- vxlan: Ensure FDB dump is performed under RCU
- net: lan78xx: replace bogus endpoint lookup
- [x86] hv_netvsc: do not use VF device if link is down
- net: gre: recompute gre csum for sctp over gre tunnels
- [arm64] net: thunderx: use spin_lock_bh in nicvf_set_rx_mode_task()
- openvswitch: Prevent kernel-infoleak in ovs_ct_put_key()
- Revert "vxlan: fix tos value before xmit"
- rxrpc: Fix race between recvmsg and sendmsg on immediate call failure
- i40e: add num_vectors checker in iwarp handler
- i40e: Wrong truncation from u16 to u8
- i40e: Fix of memory leak and integer truncation in i40e_virtchnl.c
- i40e: Memory leak in i40e_config_iwarp_qvlist
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.140
- tracepoint: Mark __tracepoint_string's __used
- HID: input: Fix devices that return multiple bytes in battery report
- cgroup: add missing skcd->no_refcnt check in cgroup_sk_clone()
- [x86] mce/inject: Fix a wrong assignment of i_mce.status
- sched/fair: Fix NOHZ next idle balance
- sched: correct SD_flags returned by tl->sd_flags()
- EDAC: Fix reference count leaks
- [x86] platform/x86: intel-hid: Fix return value check in
check_acpi_dev()
- [x86] platform/x86: intel-vbtn: Fix return value check in
check_acpi_dev()
- [armhf] drm/tilcdc: fix leak & null ref in panel_connector_get_modes
- Bluetooth: add a mutex lock to avoid UAF in do_enale_set
- loop: be paranoid on exit and prevent new additions / removals
- fs/btrfs: Add cond_resched() for try_release_extent_mapping() stalls
- drm/amdgpu: avoid dereferencing a NULL pointer
- drm/radeon: Fix reference count leaks caused by pm_runtime_get_sync
- [x86] crypto: aesni - Fix build with LLVM_IAS=1
- video: fbdev: neofb: fix memory leak in neo_scan_monitor()
- md-cluster: fix wild pointer of unlock_all_bitmaps()
- [arm64] dts: hisilicon: hikey: fixes to comply with adi, adv7533 DT
binding
- [armhf] drm/etnaviv: fix ref count leak via pm_runtime_get_sync
- drm/nouveau: fix multiple instances of reference count leaks
- drm/debugfs: fix plain echo to connector "force" attribute
- drm/radeon: disable AGP by default
- mm/mmap.c: Add cond_resched() for exit_mmap() CPU stalls
- brcmfmac: keep SDIO watchdog running when console_interval is non-zero
- brcmfmac: To fix Bss Info flag definition Bug
- brcmfmac: set state of hanger slot to FREE when flushing PSQ
- iwlegacy: Check the return value of pcie_capability_read_*()
- [arm64,armhf] gpu: host1x: debug: Fix multiple channels emitting
messages simultaneously
- usb: gadget: net2280: fix memory leak on probe error handling paths
- dyndbg: fix a BUG_ON in ddebug_describe_flags
- bcache: fix super block seq numbers comparision in register_cache_set()
- [arm64,x86] ACPICA: Do not increment operation_region reference counts
for field units
- [arm64] drm/msm: ratelimit crtc event overflow error
- [x86] agp/intel: Fix a memory leak on module initialisation failure
- ath10k: Acquire tx_lock in tx error paths
- [armhf] drm/etnaviv: Fix error path on failure to enable bus clk
- [arm64] drm/arm: fix unintentional integer overflow on left shift
- drm/mipi: use dcs write for mipi_dsi_dcs_set_tear_scanline
- [powerpc*] cxl: Fix kobject memleak
- drm/radeon: fix array out-of-bounds read and write issues
- ipvs: allow connection reuse for unconfirmed conntrack
- xfs: don't eat an EIO/ENOSPC writeback error when scrubbing data fork
- xfs: fix reflink quota reservation accounting error
- RDMA/rxe: Skip dgid check in loopback mode
- PCI: Fix pci_cfg_wait queue locking problem
- leds: core: Flush scheduled work for system suspend
- [arm64,armhf] drm: panel: simple: Fix bpc for LG LB070WV8 panel
- [armhf] phy: exynos5-usbdrd: Calibrating makes sense only for USB2.0 PHY
- scsi: scsi_debug: Add check for sdebug_max_queue during module init
- mwifiex: Prevent memory corruption handling keys
- [powerpc*] vdso: Fix vdso cpu truncation
- RDMA/qedr: SRQ's bug fixes
- RDMA/rxe: Prevent access to wr->next ptr afrer wr is posted to send
queue
- [x86] staging: rtl8192u: fix a dubious looking mask before a shift
- PCI/ASPM: Add missing newline in sysfs 'policy'
- [powerpc*] book3s64/pkeys: Use PVR check instead of cpu feature
- USB: serial: iuu_phoenix: fix led-activity helpers
- usb: core: fix quirks_param_set() writing to a const pointer
- [armhf] thermal: ti-soc-thermal: Fix reversed condition in
ti_thermal_expose_sensor()
- [mips*] OCTEON: add missing put_device() call in
dwc3_octeon_device_init()
- [arm*] usb: dwc2: Fix error path in gadget registration
- [arm64,armhf] net: dsa: mv88e6xxx: MV88E6097 does not support jumbo
configuration
- RDMA/core: Fix return error value in _ib_modify_qp() to negative
- Bluetooth: hci_h5: Set HCI_UART_RESET_ON_INIT to correct flags
- Bluetooth: hci_serdev: Only unregister device if it was registered
- [x86] PCI: Release IVRS table in AMD ACS quirk
- [s390x] qeth: don't process empty bridge port events
- [arm64,armhf] wl1251: fix always return 0 error
- [amd64] net: ethernet: aquantia: Fix wrong return value
- liquidio: Fix wrong return value in cn23xx_get_pf_num()
- dlm: Fix kobject memleak
- ocfs2: fix unbalanced locking
- [arm64,armhf] pinctrl-single: fix pcs_parse_pinconf() return value
- svcrdma: Fix page leak in svc_rdma_recv_read_chunk()
- [x86] fsgsbase/64: Fix NULL deref in 86_fsgsbase_read_task
- [amd64] crypto: aesni - add compatibility with IAS
- af_packet: TPACKET_V3: fix fill status rwlock imbalance
- net/nfc/rawsock.c: add CAP_NET_RAW check.
- net: Set fput_needed iff FDPUT_FPUT is set
- net: refactor bind_bucket fastreuse into helper
- net: initialize fastreuse on inet_inherit_port
- USB: serial: cp210x: re-enable auto-RTS on open
- USB: serial: cp210x: enable usb generic throttle/unthrottle
- [x86] ALSA: hda - fix the micmute led status for Lenovo ThinkCentre AIO
- ALSA: usb-audio: Creative USB X-Fi Pro SB1095 volume knob support
- ALSA: usb-audio: fix overeager device match for MacroSilicon MS2109
- ALSA: usb-audio: work around streaming quirk for MacroSilicon MS2109
- [x86] crypto: qat - fix double free in qat_uclo_create_batch_init_list
- [x86] crypto: ccp - Fix use of merged scatterlists
- [arm64] crypto: cpt - don't sleep of CRYPTO_TFM_REQ_MAY_SLEEP was not
specified
- bitfield.h: don't compile-time validate _val in FIELD_FIT
- fs/minix: check return value of sb_getblk()
- fs/minix: don't allow getting deleted inodes
- fs/minix: reject too-large maximum file size
- ALSA: usb-audio: add quirk for Pioneer DDJ-RB
- 9p: Fix memory leak in v9fs_mount
- drm/ttm/nouveau: don't call tt destroy callback on alloc failure.
- NFS: Don't move layouts to plh_return_segs list while in use
- NFS: Don't return layout segments that are in use
- [arm64] cpufreq: dt: fix oops on armada37xx
- include/asm-generic/vmlinux.lds.h: align ro_after_init
- spi: spidev: Align buffers for DMA
- [x86] irqdomain/treewide: Free firmware node after domain removal
- xen/balloon: fix accounting in alloc_xenballooned_pages error path
- xen/balloon: make the balloon wait interruptible
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.141
- smb3: warn on confusing error scenario with sec=krb5
- genirq/affinity: Make affinity setting if activated opt-in
- [arm64,x86] PCI: hotplug: ACPI: Fix context refcounting in
acpiphp_grab_context()
- PCI: Mark AMD Navi10 GPU rev 0x00 ATS as broken
- PCI: Add device even if driver attach failed
- [arm64] PCI: qcom: Define some PARF params needed for ipq8064 SoC
- [arm64] PCI: qcom: Add support for tx term offset for rev 2.1.0
- PCI: Probe bridge window attributes once at enumeration-time
- btrfs: free anon block device right after subvolume deletion
- btrfs: don't allocate anonymous block device for user invisible roots
- btrfs: ref-verify: fix memory leak in add_block_entry
- btrfs: don't traverse into the seed devices in show_devname
- btrfs: open device without device_list_mutex
- btrfs: fix messages after changing compression level by remount
- btrfs: only search for left_info if there is no right_info in
try_merge_free_space (CVE-2019-19448)
- btrfs: fix memory leaks after failure to lookup checksums during inode
logging
- btrfs: fix return value mixup in btrfs_get_extent
- cifs: Fix leak when handling lease break for cached root fid
- [powerpc*] Allow 4224 bytes of stack expansion for the signal frame
- [powerpc*] Fix circular dependency between percpu.h and mmu.h
- [arm64] net: ethernet: stmmac: Disable hardware multicast filter
- [arm64,armhf] net: stmmac: dwmac1000: provide multicast filter fallback
- net/compat: Add missing sock updates for SCM_RIGHTS
- md/raid5: Fix Force reconstruct-write io stuck in degraded raid5
- bcache: allocate meta data pages as compound pages
- bcache: fix overflow in offset_to_stripe()
- mac80211: fix misplaced while instead of if
- driver core: Avoid binding drivers to dead devices
- [mips*] CPU#0 is not hotpluggable
- ocfs2: change slot number type s16 to u16
- mm/page_counter.c: fix protection usage propagation
- ftrace: Setup correct FTRACE_FL_REGS flags for module
- kprobes: Fix NULL pointer dereference at kprobe_ftrace_handler
- tracing/hwlat: Honor the tracing_cpumask
- tracing: Use trace_sched_process_free() instead of exit() for pid
tracing
- [x86] watchdog: f71808e_wdt: indicate WDIOF_CARDRESET support in
watchdog_info.options
- [x86] watchdog: f71808e_wdt: remove use of wrong watchdog_info option
- [x86] watchdog: f71808e_wdt: clear watchdog timeout occurred flag
- [powerpc*] pseries: Fix 64 bit logical memory block panic
- module: Correctly truncate sysfs sections output
- [armhf] drm/imx: imx-ldb: Disable both channels for split mode in
enc->disable()
- RDMA/ipoib: Return void from ipoib_ib_dev_stop()
- RDMA/ipoib: Fix ABBA deadlock with ipoib_reap_ah()
- USB: serial: ftdi_sio: make process-packet buffer unsigned
- USB: serial: ftdi_sio: clean up receive processing
- [armhf] gpu: ipu-v3: image-convert: Combine rotate/no-rotate irq
handlers
- dm rq: don't call blk_mq_queue_stopped() in dm_stop_queue()
- [amd64] iommu/vt-d: Enforce PASID devTLB field mask
- scsi: lpfc: nvmet: Avoid hang / use-after-free again when destroying
targetport
- watchdog: initialize device before misc_register
- Input: sentelic - fix error return when fsp_reg_write fails
- [x86] drm/vmwgfx: Use correct vmw_legacy_display_unit pointer
- [x86] drm/vmwgfx: Fix two list_for_each loop exit tests
- [arm64] net: qcom/emac: add missed clk_disable_unprepare in error path
of emac_clks_phase1_init
- nfs: Fix getxattr kernel panic and memory overflow (CVE-2020-25212)
- fs/minix: set s_maxbytes correctly
- fs/minix: fix block limit check for V1 filesystems
- fs/minix: remove expected error message in block_to_path()
- fs/ufs: avoid potential u32 multiplication overflow
- khugepaged: retract_page_tables() remember to test exit
- [arm64] dts: marvell: espressobin: add ethernet alias
- [x86] drm: Added orientation quirk for ASUS tablet model T103HAF
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.142
- drm/vgem: Replace opencoded version of drm_gem_dumb_map_offset()
- perf probe: Fix memory leakage when the probe point is not found
- khugepaged: khugepaged_test_exit() check mmget_still_valid()
- khugepaged: adjust VM_BUG_ON_MM() in __khugepaged_enter()
- btrfs: export helpers for subvolume name/id resolution
- btrfs: don't show full path of bind mounts in subvol=
- btrfs: Move free_pages_out label in inline extent handling branch in
compress_file_range
- btrfs: inode: fix NULL pointer dereference if inode doesn't need
compression
- btrfs: sysfs: use NOFS for device creation
- romfs: fix uninitialized memory leak in romfs_dev_read()
- kernel/relay.c: fix memleak on destroy relay channel
- mm: include CMA pages in lowmem_reserve at boot
- mm, page_alloc: fix core hung in free_pcppages_bulk()
- ext4: fix checking of directory entry validity for inline directories
- jbd2: add the missing unlock_buffer() in the error path of
jbd2_write_superblock()
- [s390x] scsi: zfcp: Fix use-after-free in request timeout handlers
- kthread: Do not preempt current task if it is going to call schedule()
- spi: Prevent adding devices below an unregistering controller
- scsi: ufs: Add DELAY_BEFORE_LPM quirk for Micron devices
- [arm*] scsi: target: tcmu: Fix crash in tcmu_flush_dcache_range on ARM
- media: budget-core: Improve exception handling in budget_register()
- Input: psmouse - add a newline when printing 'proto' by sysfs
- svcrdma: Fix another Receive buffer leak
- xfs: fix inode quota reservation checks
- jffs2: fix UAF problem
- ceph: fix use-after-free for fsc->mdsc
- [x86] cpufreq: intel_pstate: Fix cpuinfo_max_freq when
MSR_TURBO_RATIO_LIMIT is 0
- scsi: libfc: Free skb in fc_disc_gpn_id_resp() for valid cases
- virtio_ring: Avoid loop when vq is broken in virtqueue_poll
- xfs: Fix UBSAN null-ptr-deref in xfs_sysfs_init
- fs/signalfd.c: fix inconsistent return codes for signalfd4
- ext4: fix potential negative array index in do_split() (CVE-2020-14314)
- ext4: don't allow overlapping system zones
- i40e: Set RX_ONLY mode for unicast promiscuous on VLAN
- i40e: Fix crash during removing i40e driver
- [armhf] net: fec: correct the error path for regulator disable in probe
- bonding: show saner speed for broadcast mode
- bonding: fix a potential double-unregister
- [s390x] runtime_instrumentation: fix storage key handling
- [s390x] ptrace: fix storage key handling
- [x86] ASoC: intel: Fix memleak in sst_media_open
- [amd64,arm64] vfio/type1: Add proper error unwind for
vfio_iommu_replay()
- [x86] kvm: Toggling CR4.SMAP does not load PDPTEs in PAE mode
- [x86] kvm: Toggling CR4.PKE does not load PDPTEs in PAE mode
- efi: avoid error message when booting under Xen
- afs: Fix NULL deref in afs_dynroot_depopulate()
- bonding: fix active-backup failover for current ARP slave
- net: ena: Prevent reset after device destruction
- [x86] hv_netvsc: Fix the queue_mapping in netvsc_vf_xmit()
- [armhf] net: dsa: b53: check for timeout
- [powerpc*] pseries: Do not initiate shutdown when system is running on
UPS
- efi: add missed destroy_workqueue when efisubsys_init fails
- epoll: Keep a reference on files added to the check list
- do_epoll_ctl(): clean the failure exits up a bit
- mm/hugetlb: fix calculation of adjust_range_if_pmd_sharing_possible
- xen: don't reschedule in preemption off sections
- clk: Evict unregistered clks from parent caches
- KVM: Pass MMU notifier range flags to kvm_unmap_hva_range()
- [arm64] KVM: Only reschedule if MMU_NOTIFIER_RANGE_BLOCKABLE is not set
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.143
- [powerpc*] 64s: Don't init FSCR_DSCR in __init_FSCR()
- gre6: Fix reception with IP6_TNL_F_RCV_DSCP_COPY
- net: Fix potential wrong skb->protocol in skb_vlan_untag()
- net/smc: Prevent kernel-infoleak in __smc_diag_dump()
- tipc: fix uninit skb->data in tipc_nl_compat_dumpit()
- net: ena: Make missed_tx stat incremental
- ipvlan: fix device features
- [x86] mfd: intel-lpss: Add Intel Emmitsburg PCH PCI IDs
- [powerpc*] xive: Ignore kmemleak false positives
- media: pci: ttpci: av7110: fix possible buffer overflow caused by bad
DMA value in debiirq()
- blktrace: ensure our debugfs dir exists
- scsi: target: tcmu: Fix crash on ARM during cmd completion
- [arm*] iommu/iova: Don't BUG on invalid PFNs
- [amd64] drm/amdkfd: Fix reference count leaks.
- drm/radeon: fix multiple reference count leak
- drm/amdgpu: fix ref count leak in amdgpu_driver_open_kms
- drm/amd/display: fix ref count leak in amdgpu_drm_ioctl
- drm/amdgpu: fix ref count leak in amdgpu_display_crtc_set_config
- drm/amdgpu/display: fix ref count leak when pm_runtime_get_sync fails
- scsi: lpfc: Fix shost refcount mismatch when deleting vport
- xfs: Don't allow logging of XFS_ISTALE inodes
- f2fs: fix error path in do_recover_data()
- PCI: Fix pci_create_slot() reference count leak
- rtlwifi: rtl8192cu: Prevent leaking urb
- [mips*] vdso: Fix resource leaks in genvdso.c
- cec-api: prevent leaking memory through hole in structure
- HID: quirks: add NOGET quirk for Logitech GROUP
- f2fs: fix use-after-free issue
- drm/nouveau/drm/noveau: fix reference count leak in nouveau_fbcon_open
- drm/nouveau: fix reference count leak in nv50_disp_atomic_commit
- drm/nouveau: Fix reference count leak in nouveau_connector_detect
- btrfs: file: reserve qgroup space after the hole punch range is locked
- scsi: iscsi: Do not put host in iscsi_set_flashnode_param()
- ceph: fix potential mdsc use-after-free crash
- scsi: fcoe: Memory leak fix in fcoe_sysfs_fcf_del()
- [x86] EDAC/ie31200: Fallback if host bridge device is already
initialized
- [arm64] KVM: Fix symbol dependency in __hyp_call_panic_nvhe
- USB: sisusbvga: Fix a potential UB casued by left shifting a negative
value
- [arm64] drm/msm/adreno: fix updating ring fence
- nvme-fc: Fix wrong return value in __nvme_fc_init_request()
- null_blk: fix passing of REQ_FUA flag in null_handle_rq
- jbd2: make sure jh have b_transaction set in refile/unfile_buffer
- ext4: don't BUG on inconsistent journal feature
- ext4: handle read only external journal device
- jbd2: abort journal if free a async write error metadata buffer
- ext4: handle option set by mount flags correctly
- ext4: handle error of ext4_setup_system_zone() on remount
- ext4: correctly restore system zone info when remount fails
- fs: prevent BUG_ON in submit_bh_wbc()
- [s390x] cio: add cond_resched() in the slow_eval_known_fn() loop
- scsi: fcoe: Fix I/O path allocation
- scsi: ufs: Fix possible infinite loop in ufshcd_hold
- scsi: ufs: Improve interrupt handling for shared interrupts
- scsi: ufs: Clean up completed request without interrupt notification
- scsi: qla2xxx: Check if FW supports MQ before enabling
- scsi: qla2xxx: Fix null pointer access during disconnect from subsystem
- Revert "scsi: qla2xxx: Fix crash on qla2x00_mailbox_command"
- macvlan: validate setting of multiple remote source MAC addresses
- [powerpc*] perf: Fix soft lockups due to missed interrupt accounting
- block: loop: set discard granularity and alignment for block device
backed loop
- [arm64,x86] HID: i2c-hid: Always sleep 60ms after I2C_HID_PWR_ON
commands
- blk-mq: order adding requests to hctx->dispatch and checking
SCHED_RESTART
- btrfs: reset compression level for lzo on remount
- btrfs: fix space cache memory leak after transaction abort
- fbcon: prevent user font height or width change from causing potential
out-of-bounds access
- vt: defer kfree() of vc_screenbuf in vc_do_resize()
- vt_ioctl: change VT_RESIZEX ioctl to check for error return from
vc_resize()
- [armhf] serial: samsung: Removes the IRQ not found warning
- [arm*] serial: pl011: Fix oops on -EPROBE_DEFER
- [arm*] serial: pl011: Don't leak amba_ports entry on driver register
error
- serial: 8250_exar: Fix number of ports for Commtech PCIe cards
- serial: 8250: change lock order in serial8250_do_startup()
- writeback: Protect inode->i_io_list with inode->i_lock
- writeback: Avoid skipping inode writeback
- writeback: Fix sync livelock due to b_dirty_time processing
- XEN uses irqdesc::irq_data_common::handler_data to store a per interrupt
XEN data pointer which contains XEN specific information.
- usb: host: xhci: fix ep context print mismatch in debugfs
- xhci: Do warm-reset when both CAS and XDEV_RESUME are set
- xhci: Always restore EP_SOFT_CLEAR_TOGGLE even if ep reset failed
- PM: sleep: core: Fix the handling of pending runtime resume requests
- device property: Fix the secondary firmware node handling in
set_primary_fwnode()
- [x86] genirq/matrix: Deal with the sillyness of for_each_cpu() on UP
- drm/amdgpu: Fix buffer overflow in INFO ioctl
- USB: yurex: Fix bad gfp argument
- USB: quirks: Add no-lpm quirk for another Raydium touchscreen
- USB: quirks: Ignore duplicate endpoint on Sound Devices MixPre-D
- [armhf] usb: host: ohci-exynos: Fix error handling in
exynos_ohci_probe()
- USB: gadget: f_ncm: add bounds checks to ncm_unwrap_ntb()
- USB: cdc-acm: rework notification_buffer resizing
- btrfs: check the right error variable in btrfs_del_dir_entries_in_log
- [arm64,armhf] usb: dwc3: gadget: Don't setup more than requested
- [arm64,armhf] usb: dwc3: gadget: Fix handling ZLP
- [arm64,armhf] usb: dwc3: gadget: Handle ZLP for sg requests
- [arm64,x86] tpm: Unify the mismatching TPM space buffer sizes
- HID: hiddev: Fix slab-out-of-bounds write in hiddev_ioctl_usage()
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.144
- HID: core: Correctly handle ReportSize being zero
- HID: core: Sanitize event code and type when mapping input
- scsi: target: tcmu: Fix size in calls to tcmu_flush_dcache_range
- scsi: target: tcmu: Optimize use of flush_dcache_page
- [arm64] drm/msm: add shutdown support for display platform_driver
- [x86] hwmon: (applesmc) check status earlier.
- nvmet: Disable keep-alive timer when kato is cleared to 0h
- [arm64] drm/msm/a6xx: fix gmu start on newer firmware
- ceph: don't allow setlease on cephfs
- cpuidle: Fixup IRQ state
- [s390x] don't trace preemption in percpu macros
- xen/xenbus: Fix granting of vmalloc'd memory
- dmaengine: of-dma: Fix of_dma_router_xlate's of_dma_xlate handling
- batman-adv: Avoid uninitialized chaddr when handling DHCP
- batman-adv: bla: use netif_rx_ni when not in interrupt context
- [mips*] mm: BMIPS5000 has inclusive physical caches
- netfilter: nf_tables: add NFTA_SET_USERDATA if not null
- netfilter: nf_tables: incorrect enum nft_list_attributes definition
- netfilter: nf_tables: fix destination register zeroing
- [arm64] net: hns: Fix memleak in hns_nic_dev_probe
- [arm64,armhf] dmaengine: pl330: Fix burst length if burst size is
smaller than bus width
- gtp: add GTPA_LINK info to msg sent to userspace
- bnxt_en: Don't query FW when netif_running() is false.
- bnxt_en: Check for zero dir entries in NVRAM.
- bnxt_en: Fix PCI AER error recovery flow
- bnxt_en: fix HWRM error when querying VF temperature
- xfs: fix boundary test in xfs_attr_shortform_verify (CVE-2020-14385)
- bnxt: don't enable NAPI until rings are ready
- netfilter: nfnetlink: nfnetlink_unicast() reports EAGAIN instead of
ENOBUFS
- nvmet-fc: Fix a missed _irqsave version of spin_lock in
'nvmet_fc_fod_op_done()'
- net: ethernet: mlx4: Fix memory allocation in mlx4_buddy_init()
- fix regression in "epoll: Keep a reference on files added to the check
list"
- xfs: fix xfs_bmap_validate_extent_raw when checking attr fork of rt
files
- tg3: Fix soft lockup when tg3_reset_task() fails.
- [amd64] x86, fakenuma: Fix invalid starting node ID
- [amd64] iommu/vt-d: Serialize IOMMU GCMD register modifications
- [armhf] thermal: ti-soc-thermal: Fix bogus thermal shutdowns for
omap4430
- xfs: don't update mtime on COW faults
- btrfs: drop path before adding new uuid tree entry
- vfio/type1: Support faulting PFNMAP vmas
- vfio-pci: Fault mmaps to enable vma tracking
- vfio-pci: Invalidate mmaps and block MMIO access on disabled memory
(CVE-2020-12888)
- btrfs: Remove redundant extent_buffer_get in get_old_root
- btrfs: Remove extraneous extent_buffer_get from tree_mod_log_rewind
- btrfs: set the lockdep class for log tree extent buffers
- uaccess: Add non-pagefault user-space read functions
- uaccess: Add non-pagefault user-space write function
- btrfs: fix potential deadlock in the search ioctl
- net: usb: qmi_wwan: add Telit 0x1050 composition
- usb: qmi_wwan: add D-Link DWM-222 A2 device ID
- ALSA: ca0106: fix error code handling
- ALSA: pcm: oss: Remove superfluous WARN_ON() for mulaw sanity check
- [x86] ALSA: hda/hdmi: always check pin power status in i915 pin fixup
- ALSA: firewire-digi00x: exclude Avid Adrenaline from detection
- [x86] ALSA: hda - Fix silent audio output and corrupted input on MSI
X570-A PRO
- media: rc: do not access device via sysfs after rc_unregister_device()
- media: rc: uevent sysfs file races with rc_unregister_device()
- affs: fix basic permission bits to actually work
- block: allow for_each_bvec to support zero len bvec
- libata: implement ATA_HORKAGE_MAX_TRIM_128M and apply to Sandisks
- dm writecache: handle DAX to partitions on persistent memory correctly
- dm cache metadata: Avoid returning cmd->bm wild pointer on error
- dm thin metadata: Avoid returning cmd->bm wild pointer on error
- mm: slub: fix conversion of freelist_corrupted()
- [arm64] KVM: Add kvm_extable for vaxorcism code
- [arm64] KVM: Defer guest entry when an asynchronous exception is pending
- [arm64] KVM: Survive synchronous exceptions caused by AT instructions
- [arm64] KVM: Set HCR_EL2.PTW to prevent AT taking synchronous exception
- vfio/pci: Fix SR-IOV VF handling with MMIO blocking
- checkpatch: fix the usage of capture group ( ... )
- mm/hugetlb: fix a race between hugetlb sysctl handlers (CVE-2020-25285)
- cfg80211: regulatory: reject invalid hints
- net: usb: Fix uninit-was-stored issue in asix_read_phy_addr()
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.145
- ALSA; firewire-tascam: exclude Tascam FE-8 from detection
- block: ensure bdi->io_pages is always initialized
- net: usb: dm9601: Add USB ID of Keenetic Plus DSL
- sctp: not disable bh in the whole sctp_get_port_local()
- tipc: fix shutdown() of connectionless socket
- net: disable netpoll on fresh napis
- [arm64,armhf] net/mlx5e: Don't support phys switch id if not in
switchdev mode
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.146
- RDMA/rxe: Fix memleak in rxe_mem_init_user
- RDMA/rxe: Drop pointless checks in rxe_init_ports
- [armhf] drm/sun4i: Fix dsi dcs long write function
- scsi: libsas: Set data_dir as DMA_NONE if libata marks qc as NODATA
- RDMA/core: Fix reported speed and width
- [arm64] mmc: sdhci-msm: Add retries when all tuning phases are found
valid
- [arm64,x86] dmaengine: acpi: Put the CSRT table after using it
- netfilter: conntrack: allow sctp hearbeat after connection re-use
- [x86] firestream: Fix memleak in fs_open
- [arm64,armhf] ALSA: hda: Fix 2 channel swapping for Tegra
- xfs: initialize the shortform attr header padding entry
- nvme-fabrics: don't check state NVME_CTRL_NEW for request acceptance
- nvme-rdma: serialize controller teardown sequences
- HID: quirks: Set INCREMENT_USAGE_ON_DUPLICATE for all Saitek X52 devices
- [ppc64el,x86] drivers/net/wan/hdlc_cisco: Add hard_header_len
- HID: elan: Fix memleak in elan_input_configured
- [x86] cpufreq: intel_pstate: Refuse to turn off with HWP enabled
- [x86] cpufreq: intel_pstate: Fix intel_pstate_get_hwp_max() for turbo
disabled
- ALSA: hda: fix a runtime pm issue in SOF when integrated GPU is disabled
- [amd64] iommu/amd: Do not use IOMMUv2 functionality when SME is active
- [x86] iio:accel:bmc150-accel: Fix timestamp alignment and prevent data
leak.
- [x86] iio:magnetometer:ak8975 Fix alignment and data leak issues.
- [armhf] iio:accel:mma8452: Fix timestamp alignment and prevent data
leak.
- [x86] staging: wlan-ng: fix out of bounds read in prism2sta_probe_usb()
- btrfs: require only sector size alignment for parent eb bytenr
- btrfs: fix lockdep splat in add_missing_dev
- btrfs: fix wrong address when faulting in pages in the search ioctl
- regulator: push allocation in set_consumer_device_supply() out of lock
- scsi: target: iscsi: Fix data digest calculation
- scsi: target: iscsi: Fix hang in iscsit_access_np() when getting
tpg->np_login_sem
- [arm64] drm/msm: Disable preemption on all 5xx targets
- rbd: require global CAP_SYS_ADMIN for mapping and unmapping
(CVE-2020-25284)
- RDMA/rxe: Fix the parent sysfs read when the interface has 15 chars
- vgacon: remove software scrollback support
- fbcon: remove soft scrollback code (CVE-2020-14390)
- fbcon: remove now unusued 'softback_lines' cursor() argument
- [x86] KVM: VMX: Don't freeze guest when event delivery causes an
APIC-access exit
- [x86] video: fbdev: fix OOB read in vga_8planes_imageblit()
- [arm64] phy: qcom-qmp: Use correct values for ipq8074 PCIe Gen2 PHY init
- usb: core: fix slab-out-of-bounds Read in read_descriptors
- USB: serial: ftdi_sio: add IDs for Xsens Mti USB converter
- USB: serial: option: support dynamic Quectel USB compositions
- USB: serial: option: add support for SIM7070/SIM7080/SIM7090 modules
- usb: Fix out of sync data toggle if a configured device is reconfigured
- [x86] usb: typec: ucsi: acpi: Check the _DEP dependencies
[ Salvatore Bonaccorso ]
* Bump ABI to 11
* Drop 'Revert "mips: Add udelay lpj numbers adjustment"'
* [rt] Update to 4.19.135-rt60
* [rt] Refresh "net: Use skbufhead with raw lock" for context changes in
4.19.136
* [rt] Refresh "timers: Prepare for full preemption" for context changes in
4.19.138
* [rt] Refresh "timers: Redo the notification of canceling timers on -RT"
for context changes in 4.19.138
* [rt] Refresh "watchdog: prevent deferral of watchdogd wakeup on RT" for
context changes in 4.19.141
* Refresh "net: ena: fix crash during ena_remove()" for context changes in
4.19.142
* [rt] Refresh "Split IRQ-off and zone->lock while freeing pages from PCP
list #1" for context changes in 4.19.142
* ACPI: configfs: Disallow loading ACPI tables when locked down
(CVE-2020-15780)
* [rt] Update to 4.19.142-rt63
* net/packet: fix overflow in tpacket_rcv (CVE-2020-14386)
* debian/tests/python: pycodestyle: Increase max-line-length to 100.
* gfs2: initialize transaction tr_ailX_lists earlier (Closes: #968567)
-- Salvatore Bonaccorso <email address hidden> Thu, 17 Sep 2020 23:42:03 +0200
-
linux (4.19.132-1) buster; urgency=medium
* New upstream stable update:
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.132
- btrfs: fix a block group ref counter leak after failure to remove block
group
- mm: fix swap cache node allocation mask
- [x86] EDAC/amd64: Read back the scrub rate PCI register on F15h
- usbnet: smsc95xx: Fix use-after-free after removal
- mm/slub.c: fix corrupted freechain in deactivate_slab()
- mm/slub: fix stack overruns with SLUB_STATS
- [s390x] debug: avoid kernel warning on too large number of pages
- nvme-multipath: set bdi capabilities once
- nvme-multipath: fix deadlock between ana_work and scan_work
- crypto: af_alg - fix use-after-free in af_alg_accept() due to
bh_lock_sock()
- [arm64] drm/msm/dpu: fix error return code in dpu_encoder_init
- cxgb4: use unaligned conversion for fetching timestamp
- cxgb4: parse TC-U32 key values and masks natively
- cxgb4: use correct type for all-mask IP address comparison
- cxgb4: fix SGE queue dump destination buffer context
- [x86] hwmon: (acpi_power_meter) Fix potential memory leak in
acpi_power_meter_add()
- [arm64,armhf] drm: sun4i: hdmi: Remove extra HPD polling
- virtio-blk: free vblk-vqs in error path of virtblk_probe()
- SMB3: Honor 'posix' flag for multiuser mounts
- nvme: fix a crash in nvme_mpath_add_disk
- i2c: algo-pca: Add 0x78 as SCL stuck low status for PCA9665
- Revert "ALSA: usb-audio: Improve frames size computation"
- SMB3: Honor 'seal' flag for multiuser mounts
- SMB3: Honor persistent/resilient handle flags for multiuser mounts
- SMB3: Honor lease disabling for multiuser mounts
- cifs: Fix the target file was deleted when rename failed.
- [mips*] Add missing EHB in mtc0 -> mfc0 sequence for DSPen
- [arm64,armhf] irqchip/gic: Atomically update affinity
- dm zoned: assign max_io_len correctly
- efi: Make it possible to disable efivar_ssdt entirely
[ Salvatore Bonaccorso ]
* [rt] Update to 4.19.132-rt59
* Revert "ath9k: Fix general protection fault in ath9k_hif_usb_rx_cb"
(Closes: #964153, #964480)
* efi: Restrict efivar_ssdt_load when the kernel is locked down
(CVE-2019-20908)
* certs: Rotate to use the Debian Secure Boot Signer 2020 certificate
* e1000e: Add support for Comet Lake (Closes: #965365)
-- Salvatore Bonaccorso <email address hidden> Fri, 24 Jul 2020 20:46:18 +0200
-
linux (4.19.118-2+deb10u1) buster-security; urgency=high
[ Salvatore Bonaccorso ]
* selinux: properly handle multiple messages in selinux_netlink_send()
(CVE-2020-10751)
* fs/namespace.c: fix mountpoint reference counter race (CVE-2020-12114)
* USB: core: Fix free-while-in-use bug in the USB S-Glibrary
(CVE-2020-12464)
* [x86] KVM: SVM: Fix potential memory leak in svm_cpu_init()
(CVE-2020-12768)
* scsi: sg: add sg_remove_request in sg_write (CVE-2020-12770)
* USB: gadget: fix illegal array access in binding with UDC (CVE-2020-13143)
* netlabel: cope with NULL catmap (CVE-2020-10711)
* fs/binfmt_elf.c: allocate initialized memory in fill_thread_core_info()
(CVE-2020-10732)
* kernel/relay.c: handle alloc_percpu returning NULL in relay_open
(CVE-2019-19462)
* mm: Fix mremap not considering huge pmd devmap (CVE-2020-10757)
* [x86] KVM: nVMX: Always sync GUEST_BNDCFGS when it comes from vmcs01
* KVM: Introduce a new guest mapping API
* [arm64] kvm: fix compilation on aarch64
* [s390x] kvm: fix compilation on s390
* [s390x] kvm: fix compile on s390 part 2
* KVM: Properly check if "page" is valid in kvm_vcpu_unmap
* [x86] kvm: Introduce kvm_(un)map_gfn() (CVE-2019-3016)
* [x86] kvm: Cache gfn to pfn translation (CVE-2019-3016)
* [x86] KVM: Make sure KVM_VCPU_FLUSH_TLB flag is not missed (CVE-2019-3016)
* [x86] KVM: Clean up host's steal time structure (CVE-2019-3016)
* include/uapi/linux/swab.h: fix userspace breakage, use __BITS_PER_LONG for
swap (Closes: #960271)
[ Ben Hutchings ]
* propagate_one(): mnt_set_mountpoint() needs mount_lock
* [x86] Add support for mitigation of Special Register Buffer Data Sampling
(SRBDS) (CVE-2020-0543):
- x86/cpu: Add 'table' argument to cpu_matches()
- x86/speculation: Add Special Register Buffer Data Sampling (SRBDS)
mitigation
- x86/speculation: Add SRBDS vulnerability and mitigation documentation
- x86/speculation: Add Ivy Bridge to affected list
* [x86] speculation: Do not match steppings, to avoid an ABI change
-- Salvatore Bonaccorso <email address hidden> Sun, 07 Jun 2020 17:42:22 +0200
-
linux (4.19.118-2) buster; urgency=medium
* Merge changes from 4.19.67-2+deb10u2 to include all security fixes from
DSA 4667-1.
-- Salvatore Bonaccorso <email address hidden> Wed, 29 Apr 2020 11:38:41 +0200
-
linux (4.19.98-1) buster; urgency=medium
* New upstream stable update:
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.88
- [arm64] clk: meson: gxbb: let sar_adc_clk_div set the parent clock rate
- ASoC: compress: fix unsigned integer overflow check
- reset: Fix memory leak in reset_control_array_put()
- [armhf] clk: samsung: exynos5433: Fix error paths
- [armel/marvell,armhf] ASoC: kirkwood: fix external clock probe defer
- [armel/marvell,armhf] ASoC: kirkwood: fix device remove ordering
- [armhf] clk: samsung: exynos5420: Preserve PLL configuration during
suspend/resume
- [x86] pinctrl: cherryview: Allocate IRQ chip dynamic
- [armhf] dts: imx6qdl-sabreauto: Fix storm of accelerometer interrupts
- reset: fix reset_control_ops kerneldoc comment
- [armhf,arm64] clk: sunxi: Fix operator precedence in sunxi_divs_clk_setup
- [armhf] clk: sunxi-ng: a80: fix the zero'ing of bits 16 and 18
- [armhf] dts: sun8i-a83t-tbs-a711: Fix WiFi resume from suspend
- [ppc64el] bpf: Fix tail call implementation
- idr: Fix integer overflow in idr_for_each_entry
- idr: Fix idr_alloc_u32 on 32-bit systems
- [x86] resctrl: Prevent NULL pointer dereference when reading mondata
- [armhf] clk: ti: dra7-atl-clock: Remove ti_clk_add_alias call
- [armhf] clk: ti: clkctrl: Fix failed to enable error with double udelay
timeout
- bridge: ebtables: don't crash when using dnat target in output chains
- can: peak_usb: report bus recovery as well
- can: rx-offload: can_rx_offload_queue_tail(): fix error handling, avoid
skb mem leak
- can: rx-offload: can_rx_offload_offload_one(): do not increase the
skb_queue beyond skb_queue_len_max
- can: rx-offload: can_rx_offload_offload_one(): increment rx_fifo_errors
on queue overflow or OOM
- can: rx-offload: can_rx_offload_offload_one(): use ERR_PTR() to
propagate error value in case of errors
- can: rx-offload: can_rx_offload_irq_offload_timestamp(): continue on
error
- can: rx-offload: can_rx_offload_irq_offload_fifo(): continue on error
- [armhf] can: flexcan: increase error counters if skb enqueueing via
can_rx_offload_queue_sorted() fails
- [arm64] watchdog: meson: Fix the wrong value of left time
- ceph: return -EINVAL if given fsc mount option on kernel w/o support
- net/fq_impl: Switch to kvmalloc() for memory allocation
- mac80211: fix station inactive_time shortly after boot
- block: drbd: remove a stray unlock in __drbd_send_protocol()
- scsi: target/tcmu: Fix queue_cmd_ring() declaration
- scsi: lpfc: Fix kernel Oops due to null pring pointers
- scsi: lpfc: Fix dif and first burst use in write commands
- tracing: Lock event_mutex before synth_event_mutex
- [armhf] dts: imx*: Fix memory node duplication
- [armhf] dts: Fix hsi gdd range for omap4
- [arm64] mm: Prevent mismatched 52-bit VA support
- [arm64] smp: Handle errors reported by the firmware
- [armhf] bus: ti-sysc: Check for no-reset and no-idle flags at the child
level
- [arm64] RDMA/hns: Fix the bug while use multi-hop of pbl
- [x86] RDMA/vmw_pvrdma: Use atomic memory allocation in create AH
- [armhf] PM / AVS: SmartReflex: NULL check before some freeing functions
is not needed
- xfs: zero length symlinks are not valid
- ACPI / LPSS: Ignore acpi_device_fix_up_power() return value
- scsi: lpfc: Enable Management features for IF_TYPE=6
- scsi: qla2xxx: Fix NPIV handling for FC-NVMe
- scsi: qla2xxx: Fix for FC-NVMe discovery for NPIV port
- nvme: provide fallback for discard alloc failure
- [s390x] zcrypt: make sysfs reset attribute trigger queue reset
- crypto: user - support incremental algorithm dumps
- mwifiex: fix potential NULL dereference and use after free
- mwifiex: debugfs: correct histogram spacing, formatting
- brcmfmac: set F2 watermark to 256 for 4373
- brcmfmac: set SDIO F1 MesBusyCtrl for CYW4373
- rtl818x: fix potential use after free
- bcache: do not check if debug dentry is ERR or NULL explicitly on remove
- bcache: do not mark writeback_running too early
- xfs: require both realtime inodes to mount
- nvme: fix kernel paging oops
- ubifs: Fix default compression selection in ubifs
- ubi: Put MTD device after it is not used
- ubi: Do not drop UBI device reference before using
- iwlwifi: move iwl_nvm_check_version() into dvm
- iwlwifi: mvm: force TCM re-evaluation on TCM resume
- iwlwifi: pcie: fix erroneous print
- iwlwifi: pcie: set cmd_len in the correct place
- [armhf,arm64] gpio: pca953x: Fix AI overflow on PCAL6524
- gpiolib: Fix return value of gpio_to_desc() stub if !GPIOLIB
- [x86] kvm: vmx: Set IA32_TSC_AUX for legacy mode guests
- [x86] Revert "KVM: nVMX: reset cache/shadows when switching loaded VMCS"
- [x86] Revert "KVM: nVMX: move check_vmentry_postreqs() call to
nested_vmx_enter_non_root_mode()"
- VSOCK: bind to random port for VMADDR_PORT_ANY
- [amd64] mmc: meson-gx: make sure the descriptor is stopped on errors
- [armhf] mtd: rawnand: sunxi: Write pageprog related opcodes to WCMD_SET
- [armhf] usb: ehci-omap: Fix deferred probe for phy handling
- btrfs: Check for missing device before bio submission in btrfs_map_bio
- btrfs: fix ncopies raid_attr for RAID56
- btrfs: dev-replace: set result code of cancel by status of scrub
- Btrfs: allow clear_extent_dirty() to receive a cached extent state
record
- btrfs: only track ref_heads in delayed_ref_updates
- [x86] HID: intel-ish-hid: fixes incorrect error handling
- serial: 8250: Rate limit serial port rx interrupts during input overruns
- [x86] kprobes/xen: blacklist non-attachable xen interrupt functions
- xen/pciback: Check dev_data before using it
- kprobes: Blacklist symbols in arch-defined prohibited area
- [amd64] kprobes: Show x86-64 specific blacklisted symbols correctly
- [armhf] memory: omap-gpmc: Get the header of the enum
- net/mlx5: Continue driver initialization despite debugfs failure
- netfilter: nf_nat_sip: fix RTP/RTCP source port translations
- exofs_mount(): fix leaks on failure exits
- bnxt_en: Return linux standard errors in bnxt_ethtool.c
- bnxt_en: Save ring statistics before reset.
- bnxt_en: query force speeds before disabling autoneg mode.
- [s390x] KVM: unregister debug feature on failing arch init
- dm flakey: Properly corrupt multi-page bios.
- gfs2: take jdata unstuff into account in do_grow
- dm raid: fix false -EBUSY when handling check/repair message
- xfs: Align compat attrlist_by_handle with native implementation.
- xfs: Fix bulkstat compat ioctls on x32 userspace.
- IB/qib: Fix an error code in qib_sdma_verbs_send()
- vxlan: Fix error path in __vxlan_dev_create()
- [ppc64el] xmon: fix dump_segments()
- drivers/regulator: fix a missing check of return value
- Bluetooth: hci_bcm: Handle specific unknown packets after firmware
loading
- RDMA/srp: Propagate ib_post_send() failures to the SCSI mid-layer
- scsi: qla2xxx: deadlock by configfs_depend_item
- scsi: csiostor: fix incorrect dma device in case of vport
- brcmfmac: Fix access point mode
- ath6kl: Only use match sets when firmware supports it
- ath6kl: Fix off by one error in scan completion
- [ppc64el] perf: Fix unit_sel/cache_sel checks
- [ppc64el] prom: fix early DEBUG messages
- [ppc64el] mm: Make NULL pointer deferences explicit on bad page faults.
- [ppc64el] vfio/spapr_tce: Get rid of possible infinite loop
- [ppc64el] powernv/eeh/npu: Fix uninitialized variables in
opal_pci_eeh_freeze_status
- drbd: ignore "all zero" peer volume sizes in handshake
- drbd: reject attach of unsuitable uuids even if connected
- drbd: do not block when adjusting "disk-options" while IO is frozen
- drbd: fix print_st_err()'s prototype to match the definition
- IB/rxe: Make counters thread safe
- bpf/cpumap: make sure frame_size for build_skb is aligned if headroom
isn't
- [armhf] regulator: tps65910: fix a missing check of return value
- [ppc64el] powerpc/pseries: Fix node leak in
update_lmb_associativity_index()
- net/netlink_compat: Fix a missing check of nla_parse_nested
- net/net_namespace: Check the return value of register_pernet_subsys()
- f2fs: fix block address for __check_sit_bitmap
- f2fs: fix to dirty inode synchronously
- [armhf] net: dsa: bcm_sf2: Propagate error value from mdio_write
- atl1e: checking the status of atl1e_write_phy_reg
- tipc: fix a missing check of genlmsg_put
- net: marvell: fix a missing check of acpi_match_device
- ocfs2: clear journal dirty flag after shutdown journal
- vmscan: return NODE_RECLAIM_NOSCAN in node_reclaim() when CONFIG_NUMA is
n
- mm/page_alloc.c: free order-0 pages through PCP in page_frag_free()
- mm/page_alloc.c: use a single function to free page
- mm/page_alloc.c: deduplicate __memblock_free_early() and memblock_free()
- netfilter: nf_tables: fix a missing check of nla_put_failure
- xprtrdma: Prevent leak of rpcrdma_rep objects
- infiniband/qedr: Potential null ptr dereference of qp
- lib/genalloc.c: fix allocation of aligned buffer from non-aligned chunk
- lib/genalloc.c: use vzalloc_node() to allocate the bitmap
- drivers/base/platform.c: kmemleak ignore a known leak
- lib/genalloc.c: include vmalloc.h
- mtd: Check add_mtd_device() ret code
- tipc: fix memory leak in tipc_nl_compat_publ_dump
- net/core/neighbour: tell kmemleak about hash tables
- [armhf,arm64] ata: ahci: mvebu: do Armada 38x configuration only on
relevant SoCs
- PCI/MSI: Return -ENOSPC from pci_alloc_irq_vectors_affinity()
- net/core/neighbour: fix kmemleak minimal reference count for hash tables
- serial: 8250: Fix serial8250 initialization crash
- [armhf] gpu: ipu-v3: pre: don't trigger update if buffer address doesn't
change
- sfc: suppress duplicate nvmem partition types in efx_ef10_mtd_probe
- ip_tunnel: Make none-tunnel-dst tunnel port work with lwtunnel
- decnet: fix DN_IFREQ_SIZE
- net/smc: prevent races between smc_lgr_terminate() and smc_conn_free()
- net/smc: don't wait for send buffer space when data was already sent
- mm/hotplug: invalid PFNs from pfn_to_online_page()
- xfs: end sync buffer I/O properly on shutdown error
- net/smc: fix sender_free computation
- blktrace: Show requests without sector
- net/smc: fix byte_order for rx_curs_confirmed
- tipc: fix skb may be leaky in tipc_link_input
- sfc: initialise found bitmap in efx_ef10_mtd_probe
- geneve: change NET_UDP_TUNNEL dependency to select
- net: fix possible overflow in __sk_mem_raise_allocated()
- net: ip_gre: do not report erspan_ver for gre or gretap
- net: ip6_gre: do not report erspan_ver for ip6gre or ip6gretap
- sctp: don't compare hb_timer expire date before starting it
- bpf: decrease usercnt if bpf_map_new_fd() fails in
bpf_map_get_fd_by_id()
- mmc: core: align max segment size with logical block size
- net: dev: Use unsigned integer as an argument to left-shift
- kvm: properly check debugfs dentry before using it
- bpf: drop refcount if bpf_map_new_fd() fails in map_create()
- [arm64] net: hns3: Change fw error code NOT_EXEC to NOT_SUPPORTED
- [arm64] net: hns3: fix PFC not setting problem for DCB module
- [arm64] net: hns3: fix an issue for hclgevf_ae_get_hdev
- [arm64] net: hns3: fix an issue for hns3_update_new_int_gl
- [x86] iommu/amd: Fix NULL dereference bug in match_hid_uid
- apparmor: delete the dentry in aafs_remove() to avoid a leak
- scsi: libsas: Support SATA PHY connection rate unmatch fixing during
discovery
- ACPI / APEI: Don't wait to serialise with oops messages when panic()ing
- ACPI / APEI: Switch estatus pool to use vmalloc memory
- [arm64] scsi: hisi_sas: shutdown axi bus to avoid exception CQ returned
- scsi: libsas: Check SMP PHY control function result
- [arm64] RDMA/hns: Fix the bug with updating rq head pointer when flush cqe
- [arm64] RDMA/hns: Bugfix for the scene without receiver queue
- [arm64] RDMA/hns: Fix the state of rereg mr
- [arm64] RDMA/hns: Use GFP_ATOMIC in hns_roce_v2_modify_qp
- ASoC: rt5645: Headphone Jack sense inverts on the LattePanda board
- [ppc64el] pseries/dlpar: Fix a missing check in dlpar_parse_cc_property()
(CVE-2019-12614)
- xdp: fix cpumap redirect SKB creation bug
- mtd: Remove a debug trace in mtdpart.c
- [s390x] mm, gup: add missing refcount overflow checks on s390
- [armhf,arm64] usb: dwc2: use a longer core rest timeout in
dwc2_core_reset()
- staging: rtl8192e: fix potential use after free
- staging: rtl8723bs: Drop ACPI device ids
- staging: rtl8723bs: Add 024c:0525 to the list of SDIO device-ids
- USB: serial: ftdi_sio: add device IDs for U-Blox C099-F9P
- [x86] mei: bus: prefix device names on bus with the bus name
- [x86] mei: me: add comet point V device id
- thunderbolt: Power cycle the router if NVM authentication fails
- xfrm: Fix memleak on xfrm state destroy
- media: v4l2-ctrl: fix flags for DO_WHITE_BALANCE
- [arm64] net: macb: fix error format in dev_err()
- pwm: Clear chip_data in pwm_put()
- macvlan: schedule bc_work even if error
- net: psample: fix skb_over_panic
- openvswitch: fix flow command message size
- sctp: Fix memory leak in sctp_sf_do_5_2_4_dupcook
- slip: Fix use-after-free Read in slip_open
- openvswitch: drop unneeded BUG_ON() in ovs_flow_cmd_build_info()
- openvswitch: remove another BUG_ON()
- tipc: fix link name length check
- sctp: cache netns in sctp_ep_common
- net: sched: fix `tc -s class show` no bstats on class with nolock
subqueues
- [arm64] net: macb: add missed tasklet_kill
- ext4: add more paranoia checking in ext4_expand_extra_isize handling
(CVE-2019-19767)
- [arm64] net: macb: Fix SUBNS increment and increase resolution
- [arm64] net: macb driver, check for SKBTX_HW_TSTAMP
- mtd: spi-nor: cast to u64 to avoid uint overflows
- tcp: exit if nothing to retransmit on RTO timeout
- HID: core: check whether Usage Page item is after Usage ID items
- [x86] platform: hp-wmi: Fix ACPI errors caused by too small buffer
- [x86] platform: hp-wmi: Fix ACPI errors caused by passing 0 as input size
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.89
- rsi: release skb if rsi_prepare_beacon fails (CVE-2019-19071)
- [arm64] tegra: Fix 'active-low' warning for Jetson TX1 regulator
- usb: gadget: u_serial: add missing port entry locking
- [arm64] tty: serial: msm_serial: Fix flow control
- [armhf,arm64] serial: pl011: Fix DMA ->flush_buffer()
- serial: serial_core: Perform NULL checks for break_ctl ops
- autofs: fix a leak in autofs_expire_indirect()
- [arm64] RDMA/hns: Correct the value of HNS_ROCE_HEM_CHUNK_LEN
- iwlwifi: pcie: don't consider IV len in A-MSDU
- exportfs_decode_fh(): negative pinned may become positive without the
parent locked
- audit_get_nd(): don't unlock parent too early
- xfrm: release device reference for invalid state
- sched/core: Avoid spurious lock dependencies
- perf/core: Consistently fail fork on allocation failures
- ALSA: pcm: Fix stream lock usage in snd_pcm_period_elapsed()
- [armhf,arm64] drm/sun4i: tcon: Set min division of TCON0_DCLK to 1.
- rsxx: add missed destroy_workqueue calls in remove
- i2c: core: fix use after free in of_i2c_notify
- serial: core: Allow processing sysrq at port unlock time
- cxgb4vf: fix memleak in mac_hlist initialization
- iwlwifi: mvm: synchronize TID queue removal
- iwlwifi: trans: Clear persistence bit when starting the FW
- iwlwifi: mvm: Send non offchannel traffic via AP sta
- [armhf] 8813/1: Make aligned 2-byte getuser()/putuser() atomic on ARMv6+
- audit: Embed key into chunk
- netfilter: nf_tables: don't use position attribute on rule replacement
- net/mlx5: Release resource on error flow
- [arm64] clk: sunxi-ng: a64: Fix gate bit of DSI DPHY
- ice: Fix NVM mask defines
- dlm: fix possible call to kfree() for non-initialized pointer
- [armhf] dts: exynos: Fix LDO13 min values on Odroid XU3/XU4/HC1
- [armhf,arm64] rtc: max77686: Fix the returned value in case of error in
'max77686_rtc_read_time()'
- i40e: don't restart nway if autoneg not supported
- virtchnl: Fix off by one error
- [armhf] clk: rockchip: fix rk3188 sclk_smc gate data
- [armhf] clk: rockchip: fix rk3188 sclk_mac_lbtest parameter ordering
- [armhf] dts: rockchip: Fix rk3288-rock2 vcc_flash name
- dlm: fix missing idr_destroy for recover_idr
- [armhf,arm64] net: dsa: mv88e6xxx: Work around mv886e6161 SERDES missing
MII_PHYSID2
- [s390x] scsi: zfcp: update kernel message for invalid FCP_CMND length,
it's not the CDB
- [s390x] scsi: zfcp: drop default switch case which might paper over
missing case
- [armhf] bus: ti-sysc: Fix getting optional clocks in clock_roles
- [armhf] dts: imx6: RDU2: fix eGalax touchscreen node
- crypto: ecc - check for invalid values in the key verification test
- crypto: bcm - fix normal/non key hash algorithm failure
- [arm64] dts: zynqmp: Fix node names which contain "_"
- [arm64] pinctrl: qcom: ssbi-gpio: fix gpio-hog related boot issues
- [arm*] firmware: raspberrypi: Fix firmware calls with large buffers
- mm/vmstat.c: fix NUMA statistics updates
- [arm64] clk: rockchip: fix I2S1 clock gate register for rk3328
- [arm64] clk: rockchip: fix ID of 8ch clock of I2S1 for rk3328
- sctp: count sk_wmem_alloc by skb truesize in sctp_packet_transmit
- regulator: Fix return value of _set_load() stub
- USB: serial: f81534: fix reading old/new IC config
- xfs: extent shifting doesn't fully invalidate page cache
- net-next/hinic:fix a bug in set mac address
- net-next/hinic: fix a bug in rx data flow
- ice: Fix return value from NAPI poll
- ice: Fix possible NULL pointer de-reference
- iomap: FUA is wrong for DIO O_DSYNC writes into unwritten extents
- iomap: sub-block dio needs to zeroout beyond EOF
- iomap: dio data corruption and spurious errors when pipes fill
- iomap: readpages doesn't zero page tail beyond EOF
- iw_cxgb4: only reconnect with MPAv1 if the peer aborts
- [mips*/octeon] octeon-platform: fix typing
- net/smc: use after free fix in smc_wr_tx_put_slot()
- [armhf] dts: exynos: Use Samsung SoC specific compatible for DWC2 module
- media: pulse8-cec: return 0 when invalidating the logical address
- media: cec: report Vendor ID after initialization
- iwlwifi: fix cfg structs for 22000 with different RF modules
- net/ipv6: re-do dad when interface has IFF_NOARP flag change
- [x86] dmaengine: dw-dmac: implement dma protection control setting
- [armhf,arm64] usb: dwc3: debugfs: Properly print/set link state for HS
- [armhf,arm64] usb: dwc3: don't log probe deferrals; but do log other
error codes
- ACPI: fix acpi_find_child_device() invocation in acpi_preset_companion()
- f2fs: fix to account preflush command for noflush_merge mode
- f2fs: fix count of seg_freed to make sec_freed correct
- f2fs: change segment to section in f2fs_ioc_gc_range
- [armhf] dts: rockchip: Fix the PMU interrupt number for rv1108
- [armhf] dts: rockchip: Assign the proper GPIO clocks for rv1108
- f2fs: fix to allow node segment for GC by ioctl path
- nvme: Free ctrl device name on init failure
- dma-mapping: fix return type of dma_set_max_seg_size()
- [armhf] serial: imx: fix error handling in console_setup
- [armhf] i2c: imx: don't print error message on probe defer
- [arm64] clk: meson: Fix GXL HDMI PLL fractional bits width
- [armhf,arm64] gpu: host1x: Fix syncpoint ID field size on Tegra186
- lockd: fix decoding of TEST results
- sctp: increase sk_wmem_alloc when head->truesize is increased
- [x86] iommu/amd: Fix line-break in error log reporting
- [armhf] dts: sun8i: a23/a33: Fix OPP DTC warnings
- [armhf] dts: sun8i: v3s: Change pinctrl nodes to avoid warning
- nfsd: fix a warning in __cld_pipe_upcall()
- bpf: btf: implement btf_name_valid_identifier()
- bpf: btf: check name validity for various types
- [armhf] OMAP1/2: fix SoC name printing
- [arm64] dts: meson-gxl-libretech-cc: fix GPIO lines names
- [arm64] dts: meson-gxbb-nanopi-k2: fix GPIO lines names
- [arm64] dts: meson-gxbb-odroidc2: fix GPIO lines names
- [arm64] dts: meson-gxl-khadas-vim: fix GPIO lines names
- net/x25: fix called/calling length calculation in x25_parse_address_block
- net/x25: fix null_x25_address handling
- tcp: make tcp_space() aware of socket backlog
- tcp: fix off-by-one bug on aborting window-probing socket
- tcp: fix SNMP under-estimation on failed retransmission
- tcp: fix SNMP TCP timeout under-estimation
- kbuild: fix single target build for external module
- mtd: fix mtd_oobavail() incoherent returned value
- [arm64] clk: meson: meson8b: fix the offset of vid_pll_dco's N value
- [armhf,arm64] clk: sunxi-ng: h3/h5: Fix CSI_MCLK parent
- [arm64] clk: qcom: Fix MSM8998 resets
- dlm: fix invalid cluster name warning
- net/mlx4_core: Fix return codes of unsupported operations
- pstore/ram: Avoid NULL deref in ftrace merging failure path
- [mips*/octeon] cvmx_pko_mem_debug8: use oldest forward compatible
definition
- nfsd: Return EPERM, not EACCES, in some SETATTR cases
- media: uvcvideo: Abstract streaming object lifetime
- [armhf] dts: sun8i: h3: Fix the system-control register range
- tty: Don't block on IO when ldisc change is pending
- media: stkwebcam: Bugfix for wrong return values
- sctp: frag_point sanity check
- IB/hfi1: Ignore LNI errors before DC8051 transitions to Polling state
- IB/hfi1: Close VNIC sdma_progress sleep window
- mlx4: Use snprintf instead of complicated strcpy
- [armhf] dts: sunxi: Fix PMU compatible strings
- [armhf] dts: am335x-pdu001: Fix polarity of card detection input
- net: aquantia: fix RSS table and key sizes
- sched/fair: Scale bandwidth quota and period without losing quota/period
ratio precision
- fuse: verify nlink
- fuse: verify attributes
- [x86] ALSA: hda/realtek - Enable internal speaker of ASUS UX431FLC
- [x86] ALSA: hda/realtek - Enable the headset-mic on a Xiaomi's laptop
- [x86] ALSA: hda/realtek - Dell headphone has noise on unmute for ALC236
- ALSA: pcm: oss: Avoid potential buffer overflows
- [x86] ALSA: hda - Add mute led support for HP ProBook 645 G4
- [x86] Input: synaptics - switch another X1 Carbon 6 to RMI/SMbus
- [x86] Input: synaptics-rmi4 - re-enable IRQs in f34v7_do_reflash
- [x86] Input: synaptics-rmi4 - don't increment rmiaddr for SMBus transfers
- [x86] Input: goodix - add upside-down quirk for Teclast X89 tablet
- Input: Fix memory leak in psxpad_spi_probe
- [i386] mm: Sync only to VMALLOC_END in vmalloc_sync_all()
- [x86] PCI: Avoid AMD FCH XHCI USB PME# from D0 defect
- xfrm interface: fix memory leak on creation
- xfrm interface: avoid corruption on changelink
- xfrm interface: fix list corruption for x-netns
- xfrm interface: fix management of phydev
- CIFS: Fix NULL-pointer dereference in smb2_push_mandatory_locks
- CIFS: Fix SMB2 oplock break processing
- tty: vt: keyboard: reject invalid keycodes
- can: slcan: Fix use-after-free Read in slcan_open
- kernfs: fix ino wrap-around detection
- jbd2: Fix possible overflow in jbd2_log_space_left()
- [arm64] drm/msm: fix memleak on release
- [i386] drm/i810: Prevent underflow in ioctl
- [armhf,arm64] KVM: vgic: Don't rely on the wrong pending table
- [x86] KVM: do not modify masked bits of shared MSRs
- [x86] KVM: fix presentation of TSX feature in ARCH_CAPABILITIES
- [x86] KVM: Grab KVM's srcu lock when setting nested state
- crypto: af_alg - cast ki_complete ternary op to int
- [x86] crypto: ccp - fix uninitialized list head
- crypto: ecdh - fix big endian bug in ECC library
- crypto: user - fix memory leak in crypto_report (CVE-2019-19062)
- mwifiex: update set_mac_address logic
- can: ucan: fix non-atomic allocation in completion handler
- RDMA/qib: Validate ->show()/store() callbacks before calling them
- iomap: Fix pipe page leakage during splicing
- thermal: Fix deadlock in thermal thermal_zone_device_check
- vcs: prevent write access to vcsu devices (CVE-2019-19252)
- binder: Fix race between mmap() and binder_alloc_print_pages()
- binder: Handle start==NULL in binder_update_page_range()
- ALSA: hda - Fix pending unsol events at shutdown
- perf script: Fix invalid LBR/binary mismatch error
- splice: don't read more than available pipe space
- iomap: partially revert 4721a601099 (simulated directio short read on
EFAULT)
- xfs: add missing error check in xfs_prepare_shift()
- ASoC: rsnd: fixup MIX kctrl registration
- [x86] KVM: fix out-of-bounds write in KVM_GET_EMULATED_CPUID
(CVE-2019-19332)
- net: qrtr: fix memort leak in qrtr_tun_write_iter (CVE-2019-19079)
- appletalk: Fix potential NULL pointer dereference in
unregister_snap_client (CVE-2019-19227)
- appletalk: Set error code if register_snap_client failed
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.90
- usb: gadget: configfs: Fix missing spin_lock_init()
- [x86] usb: gadget: pch_udc: fix use after free
- scsi: qla2xxx: Fix driver unload hang
- [arm64] media: venus: remove invalid compat_ioctl32 handler
- USB: uas: honor flag to avoid CAPACITY16
- USB: uas: heed CAPACITY_HEURISTICS
- usb: Allow USB device to be warm reset in suspended state
- staging: rtl8188eu: fix interface sanity check
- staging: rtl8712: fix interface sanity check
- staging: gigaset: fix general protection fault on probe
- staging: gigaset: fix illegal free on probe errors
- staging: gigaset: add endpoint-type sanity check
- usb: xhci: only set D3hot for pci device
- xhci: Fix memory leak in xhci_add_in_port()
- xhci: Increase STS_HALT timeout in xhci_suspend()
- xhci: handle some XHCI_TRUST_TX_LENGTH quirks cases as default behaviour.
- [armhf] dts: pandora-common: define wl1251 as child node of mmc3
- [x86] iio: imu: inv_mpu6050: fix temperature reporting using bad unit
- USB: atm: ueagle-atm: add missing endpoint check
- USB: idmouse: fix interface sanity checks
- USB: serial: io_edgeport: fix epic endpoint lookup
- usb: roles: fix a potential use after free
- USB: adutux: fix interface sanity check
- usb: core: urb: fix URB structure initialization function
- usb: mon: Fix a deadlock in usbmon between mmap and read
- tpm: add check after commands attribs tab allocation
- virtio-balloon: fix managed page counts when migrating pages between
zones
- [armhf,arm64] usb: dwc3: gadget: Fix logical condition
- [armhf,arm64] usb: dwc3: ep0: Clear started flag on completion
- btrfs: check page->mapping when loading free space cache
- btrfs: use refcount_inc_not_zero in kill_all_nodes
- Btrfs: fix metadata space leak on fixup worker failure to set range as
delalloc
- Btrfs: fix negative subv_writers counter and data space leak after
buffered write
- btrfs: Avoid getting stuck during cyclic writebacks
- btrfs: Remove btrfs_bio::flags member
- Btrfs: send, skip backreference walking for extents with many references
- btrfs: record all roots for rename exchange on a subvol
- rtlwifi: rtl8192de: Fix missing code to retrieve RX buffer address
- rtlwifi: rtl8192de: Fix missing callback that tests for hw release of
buffer
- rtlwifi: rtl8192de: Fix missing enable interrupt flag
- ovl: fix corner case of non-unique st_dev;st_ino
- ovl: relax WARN_ON() on rename to self
- [armhf] hwrng: omap - Fix RNG wait loop timeout
- dm writecache: handle REQ_FUA
- dm zoned: reduce overhead of backing device checks
- workqueue: Fix spurious sanity check failures in destroy_workqueue()
- workqueue: Fix pwq ref leak in rescuer_thread()
- ASoC: rt5645: Fixed buddy jack support.
- ASoC: rt5645: Fixed typo for buddy jack support.
- ASoC: Jack: Fix NULL pointer dereference in snd_soc_jack_report
- md: improve handling of bio with REQ_PREFLUSH in md_flush_request()
- blk-mq: avoid sysfs buffer overflow with too many CPU cores
- cgroup: pids: use atomic64_t for pids->limit
- ar5523: check NULL before memcpy() in ar5523_cmd()
- [s390x] mm: properly clear _PAGE_NOEXEC bit when it is not supported
- media: cec.h: CEC_OP_REC_FLAG_ values were swapped
- cpuidle: Do not unset the driver if it is there already
- erofs: zero out when listxattr is called with no xattr
- [x86] intel_th: Fix a double put_device() in error path
- [x86] intel_th: pci: Add Ice Lake CPU support
- [x86] intel_th: pci: Add Tiger Lake CPU support
- PM / devfreq: Lock devfreq in trans_stat_show
- [ppc64el] cpufreq: powernv: fix stack bloat and hard limit on number of
CPUs
- ACPI / hotplug / PCI: Allocate resources directly under the non-hotplug
bridge
- ACPI: OSL: only free map once in osl.c
- ACPI: bus: Fix NULL pointer check in acpi_bus_get_private_data()
- ACPI: PM: Avoid attaching ACPI PM domain to certain devices
- [arm64] pinctrl: armada-37xx: Fix irq mask access in
armada_37xx_irq_set_type()
- [armhf] pinctrl: samsung: Add of_node_put() before return in error path
- [armhf] pinctrl: samsung: Fix device node refcount leaks in Exynos wakeup
controller init
- [armhf] pinctrl: samsung: Fix device node refcount leaks in init code
- [armhf] mmc: host: omap_hsmmc: add code for special init of wl1251 to get
rid of pandora_wl1251_init_card
- [armhf] dts: omap3-tao3530: Fix incorrect MMC card detection GPIO
polarity
- ppdev: fix PPGETTIME/PPSETTIME ioctls
- [ppc64el] Allow 64bit VDSO __kernel_sync_dicache to work across ranges
>4GB
- [ppc64el] xive: Prevent page fault issues in the machine crash handler
- [ppc64el] Allow flush_icache_range to work across ranges >4GB
- [ppc64el] xive: Skip ioremap() of ESB pages for LSI interrupts
- video/hdmi: Fix AVI bar unpack
- quota: Check that quota is not dirty before release
- ext2: check err when partial != NULL
- quota: fix livelock in dquot_writeback_dquots
- ext4: Fix credit estimate for final inode freeing
- reiserfs: fix extended attributes on the root directory
- block: fix single range discard merge
- [s390x] scsi: zfcp: trace channel log even for FCP command responses
- scsi: qla2xxx: Fix DMA unmap leak
- scsi: qla2xxx: Fix hang in fcport delete path
- scsi: qla2xxx: Fix session lookup in qlt_abort_work()
- scsi: qla2xxx: Fix qla24xx_process_bidir_cmd()
- scsi: qla2xxx: Always check the qla2x00_wait_for_hba_online() return value
- scsi: qla2xxx: Fix message indicating vectors used by driver
- scsi: qla2xxx: Fix SRB leak on switch command timeout
- xhci: make sure interrupts are restored to correct state
- usb: typec: fix use after free in typec_register_port()
- [armhf] omap: pdata-quirks: remove openpandora quirks for mmc3 and wl1251
- scsi: lpfc: Cap NPIV vports to 256
- scsi: lpfc: Correct code setting non existent bits in sli4 ABORT WQE
- scsi: lpfc: Correct topology type reporting on G7 adapters
- sch_cake: Correctly update parent qlen when splitting GSO packets
- net/smc: do not wait under send_lock
- [arm64] net: hns3: clear pci private data when unload hns3 driver
- [arm64] net: hns3: change hnae3_register_ae_dev() to int
- [arm64] net: hns3: Check variable is valid before assigning it to another
- [arm64] scsi: hisi_sas: send primitive NOTIFY to SSP situation only
- [arm64] scsi: hisi_sas: Reject setting programmed minimum linkrate > 1.5G
- [x86] MCE/AMD: Turn off MC4_MISC thresholding on all family 0x15 models
- [x86] MCE/AMD: Carve out the MC4_MISC thresholding quirk
- ath10k: fix fw crash by moving chip reset after napi disabled
- [ppc64el] Fix vDSO clock_getres()
- ext4: work around deleting a file with i_nlink == 0 safely
(CVE-2019-19447)
- mm/shmem.c: cast the type of unmap_start to u64
- rtc: disable uie before setting time and enable after
- splice: only read in as much information as there is pipe buffer space
- ext4: fix a bug in ext4_wait_for_tail_page_commit
- [armhf,arm64] mfd: rk808: Fix RK818 ID template
- mm, thp, proc: report THP eligibility for each vma
- [s390x] smp,vdso: fix ASCE handling
- blk-mq: make sure that line break can be printed
- workqueue: Fix missing kfree(rescuer) in destroy_workqueue()
- perf callchain: Fix segfault in thread__resolve_callchain_sample()
- gre: refetch erspan header from skb->data after pskb_may_pull()
- sunrpc: fix crash when cache_head become valid before update
- net/mlx5e: Fix SFF 8472 eeprom length
- leds: trigger: netdev: fix handling on interface rename
- gfs2: fix glock reference problem in gfs2_trans_remove_revoke
- of: overlay: add_changeset_property() memory leak
- kernel/module.c: wakeup processes in module_wq on module unload
- cifs: Fix potential softlockups while refreshing DFS cache
- [x86] gpiolib: acpi: Add Terra Pad 1061 to the
run_edge_events_on_boot_blacklist
- raid5: need to set STRIPE_HANDLE for batch head
- scsi: qla2xxx: Change discovery state before PLOGI
- [x86] iio: imu: mpu6050: add missing available scan masks
- idr: Fix idr_get_next_ul race with idr_remove
- of: unittest: fix memory leak in attach_node_and_children
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.91
- inet: protect against too small mtu values.
- mqprio: Fix out-of-bounds access in mqprio_dump
- net: bridge: deny dev_set_mac_address() when unregistering
- net: dsa: fix flow dissection on Tx path
- net: ethernet: ti: cpsw: fix extra rx interrupt
- net: sched: fix dump qlen for sch_mq/sch_mqprio with NOLOCK subqueues
- [arm64] net: thunderx: start phy before starting autonegotiation
- openvswitch: support asymmetric conntrack
- tcp: md5: fix potential overestimation of TCP option space
- tipc: fix ordering of tipc module init and exit routine
- net/mlx5e: Query global pause state before setting prio2buffer
- tcp: fix rejected syncookies due to stale timestamps
- tcp: tighten acceptance of ACKs not matching a child socket
- tcp: Protect accesses to .ts_recent_stamp with {READ,WRITE}_ONCE()
- [arm64] Revert "arm64: preempt: Fix big-endian when checking preempt
count in assembly"
- mmc: block: Make card_busy_detect() a bit more generic
- mmc: block: Add CMD13 polling for MMC IOCTLS with R1B response
- PCI/PM: Always return devices to D0 when thawing
- PCI: pciehp: Avoid returning prematurely from sysfs requests
- [x86] PCI: Fix Intel ACS quirk UPDCR register address
- PCI/MSI: Fix incorrect MSI-X masking on resume
- [arm64] PCI: Apply Cavium ACS quirk to ThunderX2 and ThunderX3
- [arm64] rpmsg: glink: Set tail pointer to 0 at end of FIFO
- [arm64] rpmsg: glink: Fix reuse intents memory leak issue
- [arm64] rpmsg: glink: Fix use after free in open_ack TIMEOUT case
- [arm64] rpmsg: glink: Put an extra reference during cleanup
- [arm64] rpmsg: glink: Fix rpmsg_register_device err handling
- [arm64] rpmsg: glink: Don't send pending rx_done during remove
- [arm64] rpmsg: glink: Free pending deferred work on remove
- cifs: smbd: Return -EAGAIN when transport is reconnecting
- cifs: smbd: Add messages on RDMA session destroy and reconnection
- cifs: smbd: Return -EINVAL when the number of iovs exceeds
SMBDIRECT_MAX_SGE
- cifs: Don't display RDMA transport on reconnect
- CIFS: Respect O_SYNC and O_DIRECT flags during reconnect
- CIFS: Close open handle after interrupted close
- [armhf] tegra: Fix FLOW_CTLR_HALT register clobbering by tegra_resume()
- vfio/pci: call irq_bypass_unregister_producer() before freeing irq
- dma-buf: Fix memory leak in sync_file_merge()
- [arm64] drm: meson: venc: cvbs: fix CVBS mode matching
- dm mpath: remove harmful bio-based optimization
- dm btree: increase rebalance threshold in __rebalance2()
- scsi: iscsi: Fix a potential deadlock in the timeout handler
- scsi: qla2xxx: Change discovery state before PLOGI
- drm/radeon: fix r1xx/r2xx register checker for POT textures
- xhci: fix USB3 device initiated resume race with roothub autosuspend
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.92
- af_packet: set defaule value for tmo
- [amd64] fjes: fix missed check in fjes_acpi_add
- [arm64] net: hisilicon: Fix a BUG trigered by wrong bytes_compl
- net: qlogic: Fix error paths in ql_alloc_large_buffers()
- net: usb: lan78xx: Fix suspend/resume PHY register access error
- qede: Disable hardware gro when xdp prog is installed
- qede: Fix multicast mac configuration
- sctp: fully initialize v4 addr in some functions
- btrfs: don't double lock the subvol_sem for rename exchange
- btrfs: do not call synchronize_srcu() in inode_tree_del
- Btrfs: fix missing data checksums after replaying a log tree
- btrfs: send: remove WARN_ON for readonly mount
- btrfs: abort transaction after failed inode updates in create_subvol
- btrfs: skip log replay on orphaned roots
- btrfs: do not leak reloc root if we fail to read the fs root
- btrfs: handle ENOENT in btrfs_uuid_tree_iterate
- Btrfs: fix removal logic of the tree mod log that leads to
use-after-free issues
- ALSA: pcm: Avoid possible info leaks from PCM stream buffers
- ALSA: hda/ca0132 - Keep power on during processing DSP response
- ALSA: hda/ca0132 - Avoid endless loop
- ALSA: hda/ca0132 - Fix work handling in delayed HP detection
- [arm64,armhf] drm/panel: Add missing drm_panel_init() in panel drivers
- drm/amdgpu: grab the id mgr lock while accessing passid_mapping
- spi: Add call to spi_slave_abort() function when spidev driver is
released
- [x86] staging: rtl8192u: fix multiple memory leaks on error path
- staging: rtl8188eu: fix possible null dereference
- rtlwifi: prevent memory leak in rtl_usb_probe (CVE-2019-19063)
- libertas: fix a potential NULL pointer dereference
- ath10k: fix backtrace on coredump
- IB/iser: bound protection_sg size by data_sg size
- [arm64] media: venus: core: Fix msm8996 frequency table
- ath10k: fix offchannel tx failure when no ath10k_mac_tx_frm_has_freq
- pinctrl: devicetree: Avoid taking direct reference to device name string
- [amd64] drm/amdkfd: fix a potential NULL pointer dereference
- [arm64] media: venus: Fix occasionally failures to suspend
- [armhf] hwrng: omap3-rom - Call clk_disable_unprepare() on exit only if
not idled
- media: flexcop-usb: fix NULL-ptr deref in flexcop_usb_transfer_init()
- [arm64,armhf] drm/bridge: dw-hdmi: Refuse DDC/CI transfers on the
internal I2C controller
- block: Fix writeback throttling W=1 compiler warnings
- mwifiex: pcie: Fix memory leak in mwifiex_pcie_init_evt_ring
(CVE-2019-19057)
- drm/drm_vblank: Change EINVAL by the correct errno
- media: cx88: Fix some error handling path in 'cx8800_initdev()'
- [armhf] media: ti-vpe: vpe: Fix Motion Vector vpdma stride
- [armhf] media: ti-vpe: vpe: fix a v4l2-compliance warning about invalid
pixel format
- [armhf] media: ti-vpe: vpe: fix a v4l2-compliance failure about frame
sequence number
- [armhf] media: ti-vpe: vpe: Make sure YUYV is set as default format
- [armhf] media: ti-vpe: vpe: fix a v4l2-compliance failure causing a
kernel panic
- [armhf] media: ti-vpe: vpe: ensure buffers are cleaned up properly in
abort cases
- [armhf] media: ti-vpe: vpe: fix a v4l2-compliance failure about invalid
sizeimage
- [x86] syscalls/x86: Use the correct function type in SYSCALL_DEFINE0
- [x86] mm: Use the correct function type for native_set_fixmap()
- ath10k: Correct error handling of dma_map_single()
- [arm64,armhf] drm/bridge: dw-hdmi: Restore audio when setting a mode
- perf report: Add warning when libunwind not compiled in
- usb: usbfs: Suppress problematic bind and unbind uevents.
- Bluetooth: missed cpu_to_le16 conversion in hci_init4_req
- Bluetooth: Workaround directed advertising bug in Broadcom controllers
- Bluetooth: hci_core: fix init for HCI_USER_CHANNEL
- [x86] mce: Lower throttling MCE messages' priority to warning
- [x86] drm/gma500: fix memory disclosures due to uninitialized bytes
- rtl8xxxu: fix RTL8723BU connection failure issue after warm reboot
- ipmi: Don't allow device module unload when in use
- [x86] ioapic: Prevent inconsistent state when moving an interrupt
- md/bitmap: avoid race window between md_bitmap_resize and
bitmap_file_clear_bit
- [arm64] psci: Reduce the waiting time for cpu_psci_cpu_kill()
- i40e: initialize ITRN registers with correct values
- net: phy: dp83867: enable robust auto-mdix
- [arm64,armhf] drm/tegra: sor: Use correct SOR index on Tegra210
- ACPI: button: Add DMI quirk for Medion Akoya E2215T
- RDMA/qedr: Fix memory leak in user qp and mr
- [arm64,armhf] gpu: host1x: Allocate gather copy for host1x
- [arm64,armhf] net: dsa: LAN9303: select REGMAP when LAN9303 enable
- [arm64] phy: qcom-usb-hs: Fix extcon double register after power cycle
- [s390x] time: ensure get_clock_monotonic() returns monotonic values
- [s390x] mm: add mm_pxd_folded() checks to pxd_free()
- [arm64] net: hns3: add struct netdev_queue debug info for TX timeout
- libata: Ensure ata_port probe has completed before detach
- loop: fix no-unmap write-zeroes request behavior
- Bluetooth: Fix advertising duplicated flags
- pinctrl: amd: fix __iomem annotation in amd_gpio_irq_handler()
- ixgbe: protect TX timestamping from API misuse
- media: rcar_drif: fix a memory disclosure (CVE-2019-18786)
- media: v4l2-core: fix touch support in v4l_g_fmt
- rfkill: allocate static minor
- bnx2x: Fix PF-VF communication over multi-cos queues.
- ALSA: timer: Limit max amount of slave instances
- rtlwifi: fix memory leak in rtl92c_set_fw_rsvdpagepkt()
- perf probe: Fix to find range-only function instance
- perf probe: Fix to list probe event with correct line number
- perf jevents: Fix resource leak in process_mapfile() and main()
- perf probe: Walk function lines in lexical blocks
- perf probe: Fix to probe an inline function which has no entry pc
- perf probe: Fix to show ranges of variables in functions without
entry_pc
- perf probe: Fix to show inlined function callsite without entry_pc
- perf probe: Fix to probe a function which has no entry pc
- perf tools: Splice events onto evlist even on error
- perf parse: If pmu configuration fails free terms
- perf probe: Skip overlapped location on searching variables
- perf probe: Return a better scope DIE if there is no best scope
- perf probe: Fix to show calling lines of inlined functions
- perf probe: Skip end-of-sequence and non statement lines
- perf probe: Filter out instances except for inlined subroutine and
subprogram
- ath10k: fix get invalid tx rate for Mesh metric
- media: pvrusb2: Fix oops on tear-down when radio support is not present
- ice: delay less
- [amd64] spi: pxa2xx: Add missed security checks
- ASoC: rt5677: Mark reg RT5677_PWR_ANLG2 as volatile
- iio: dac: ad5446: Add support for new AD5600 DAC
- [x86] ASoC: Intel: kbl_rt5663_rt5514_max98927: Add dmic format
constraint
- [s390x] disassembler: don't hide instruction addresses
- nvme: Discard workaround for non-conformant devices
- parport: load lowlevel driver if ports not found
- bcache: fix static checker warning in bcache_device_free()
- cpufreq: Register drivers only after CPU devices have been registered
- tracing: use kvcalloc for tgid_map array allocation
- tracing/kprobe: Check whether the non-suffixed symbol is notrace
- bcache: fix deadlock in bcache_allocator
- iwlwifi: mvm: fix unaligned read of rx_pkt_status
- [arm64] spi: tegra20-slink: add missed clk_unprepare
- tun: fix data-race in gro_normal_list()
- crypto: virtio - deal with unsupported input sizes
- btrfs: don't prematurely free work in end_workqueue_fn()
- btrfs: don't prematurely free work in run_ordered_work()
- [x86] ASoC: Intel: bytcr_rt5640: Update quirk for Acer Switch 10 SW5-012
2-in-1
- [x86] insn: Add some Intel instructions to the opcode map
- brcmfmac: remove monitor interface when detaching
- iwlwifi: check kasprintf() return value
- [armhf] net: ethernet: ti: ale: clean ale tbl on init and intf restart
- [armhf] crypto: sun4i-ss - Fix 64-bit size_t warnings
- [armhf] crypto: sun4i-ss - Fix 64-bit size_t warnings on sun4i-ss-hash.c
- mac80211: consider QoS Null frames for STA_NULLFUNC_ACKED
- net: phy: initialise phydev speed and duplex sanely
- btrfs: don't prematurely free work in reada_start_machine_worker()
- btrfs: don't prematurely free work in scrub_missing_raid56_worker()
- Revert "mmc: sdhci: Fix incorrect switch to HS mode"
- can: kvaser_usb: kvaser_usb_leaf: Fix some info-leaks to USB devices
(CVE-2019-19947)
- usb: xhci: Fix build warning seen with CONFIG_PM=n
- [s390x] ftrace: fix endless recursion in function_graph tracer
- btrfs: return error pointer from alloc_test_extent_buffer
- usbip: Fix receive error in vhci-hcd when using scatter-gather
- usbip: Fix error path of vhci_recv_ret_submit()
- cpufreq: Avoid leaving stale IRQ work items during CPU offline
- [x86] intel_th: pci: Add Comet Lake PCH-V support
- [x86] intel_th: pci: Add Elkhart Lake SOC support
- [x86] platform/x86: hp-wmi: Make buffer for HPWMI_FEATURE2_QUERY 128
bytes
- [x86] staging: comedi: gsc_hpdi: check dma_alloc_coherent() return value
- ext4: fix ext4_empty_dir() for directories with holes (CVE-2019-19037)
- ext4: check for directory entries too close to block end
- ext4: unlock on error in ext4_expand_extra_isize()
- [arm64] KVM: Ensure 'params' is initialised when looking up sys register
- [x86] MCE/AMD: Do not use rdmsr_safe_on_cpu() in smca_configure()
- [x86] MCE/AMD: Allow Reserved types to be overwritten in smca_banks[]
- [powerpc*] irq: fix stack overflow verification
- [arm64] mmc: sdhci-msm: Correct the offset and value for DDR_CONFIG
register
- mmc: sdhci: Update the tuning failed messages to pr_debug level
- mmc: sdhci: Workaround broken command queuing on Intel GLK
- mmc: sdhci: Add a quirk for broken command queuing
- nbd: fix shutdown and recv work deadlock
- perf probe: Fix to show function entry line as probe-able
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.93
- scsi: lpfc: Fix discovery failures when target device connectivity
bounces
- scsi: mpt3sas: Fix clear pending bit in ioctl status
- scsi: lpfc: Fix locking on mailbox command completion
- Input: atmel_mxt_ts - disable IRQ across suspend
- f2fs: fix to update time in lazytime mode
- [arm64,armhf] iommu: rockchip: Free domain on .domain_free
- [arm64,armhf] iommu/tegra-smmu: Fix page tables in > 4 GiB memory
- scsi: target: compare full CHAP_A Algorithm strings
- scsi: lpfc: Fix SLI3 hba in loop mode not discovering devices
- scsi: csiostor: Don't enable IRQs too early
- [arm64] scsi: hisi_sas: Replace in_softirq() check in
hisi_sas_task_exec()
- [ppc64el] pseries: Mark accumulate_stolen_time() as notrace
- [ppc64el] pseries: Don't fail hash page table insert for bolted mapping
- clocksource/drivers/timer-of: Use unique device name instead of timer
- [ppc64el] security/book3s64: Report L1TF status in sysfs
- [ppc64el] book3s64/hash: Add cond_resched to avoid soft lockup warning
- ext4: update direct I/O read lock pattern for IOCB_NOWAIT
- ext4: iomap that extends beyond EOF should be marked dirty
- jbd2: Fix statistics for the number of logged blocks
- scsi: tracing: Fix handling of TRANSFER LENGTH == 0 for READ(6) and
WRITE(6)
- scsi: lpfc: Fix duplicate unreg_rpi error in port offline flow
- f2fs: fix to update dir's i_pino during cross_rename
- [arm64] clk: qcom: Allow constant ratio freq tables for rcg
- clk: clk-gpio: propagate rate change to parent
- fs/quota: handle overflows of sysctl fs.quota.* and report as unsigned
long
- scsi: lpfc: fix: Coverity: lpfc_cmpl_els_rsp(): Null pointer
dereferences
- [ppc64el] PCI: rpaphp: Fix up pointer to first drc-info entry
- scsi: ufs: fix potential bug which ends in system hang
- [ppc64el] PCI: rpaphp: Don't rely on firmware feature to imply drc-info
support
- [ppc64el] PCI: rpaphp: Annotate and correctly byte swap DRC properties
- [ppc64el] PCI: rpaphp: Correctly match ibm, my-drc-index to drc-name
when using drc-info
- [ppc64el] powerpc/security: Fix wrong message when RFI Flush is disable
- bcache: at least try to shrink 1 node in bch_mca_scan()
- HID: quirks: Add quirk for HP MSU1465 PIXART OEM mouse
- HID: logitech-hidpp: Silence intermittent get_battery_capacity errors
- [armhf] 8937/1: spectre-v2: remove Brahma-B53 from hardening
- libnvdimm/btt: fix variable 'rc' set but not used
- HID: Improve Windows Precision Touchpad detection.
- HID: rmi: Check that the RMI_STARTED bit is set before unregistering the
RMI transport device
- watchdog: Fix the race between the release of watchdog_core_data and
cdev
- scsi: pm80xx: Fix for SATA device discovery
- scsi: ufs: Fix error handing during hibern8 enter
- scsi: scsi_debug: num_tgts must be >= 0
- scsi: iscsi: Don't send data to unbound connection
- scsi: target: iscsi: Wait for all commands to finish before freeing a
session
- apparmor: fix unsigned len comparison with less than zero
- scripts/kallsyms: fix definitely-lost memory leak
- cdrom: respect device capabilities during opening action
- perf script: Fix brstackinsn for AUXTRACE
- perf regs: Make perf_reg_name() return "unknown" instead of NULL
- [s390x] zcrypt: handle new reply code FILTERED_BY_HYPERVISOR
- [s390x] cpum_sf: Check for SDBT and SDB consistency
- ocfs2: fix passing zero to 'PTR_ERR' warning
- kernel: sysctl: make drop_caches write-only
- userfaultfd: require CAP_SYS_PTRACE for UFFD_FEATURE_EVENT_FORK
- [x86] mce: Fix possibly incorrect severity calculation on AMD
- net, sysctl: Fix compiler warning when only cBPF is present
- netfilter: nf_queue: enqueue skbs with NULL dst
- ALSA: hda - Downgrade error message for single-cmd fallback
- bonding: fix active-backup transition after link failure
- perf strbuf: Remove redundant va_end() in strbuf_addv()
- Make filldir[64]() verify the directory entry filename is valid
(CVE-2019-10220)
- filldir[64]: remove WARN_ON_ONCE() for bad directory entries
(CVE-2019-10220)
- netfilter: ebtables: compat: reject all padding in matches/watchers
- 6pack,mkiss: fix possible deadlock
- netfilter: bridge: make sure to pull arp header in br_nf_forward_arp()
- inetpeer: fix data-race in inet_putpeer / inet_putpeer
- net: add a READ_ONCE() in skb_peek_tail()
- net: icmp: fix data-race in cmp_global_allow()
- hrtimer: Annotate lockless access to timer->state
- net: ena: fix napi handler misbehavior when the napi budget is zero
- net/mlxfw: Fix out-of-memory error in mfa2 flash burning
- [arm64,armhf] net: stmmac: dwmac-meson8b: Fix the RGMII TX delay on
Meson8b/8m2 SoCs
- ptp: fix the race between the release of ptp_clock and cdev
- tcp: Fix highest_sack and highest_sack_seq
- udp: fix integer overflow while computing available space in sk_rcvbuf
- vhost/vsock: accept only packets with the right dst_cid
- net: add bool confirm_neigh parameter for dst_ops.update_pmtu
- ip6_gre: do not confirm neighbor when do pmtu update
- gtp: do not confirm neighbor when do pmtu update
- net/dst: add new function skb_dst_update_pmtu_no_confirm
- tunnel: do not confirm neighbor when do pmtu update
- vti: do not confirm neighbor when do pmtu update
- sit: do not confirm neighbor when do pmtu update
- net/dst: do not confirm neighbor for vxlan and geneve pmtu update
- gtp: do not allow adding duplicate tid and ms_addr pdp context
- [arm64,armhf] net: marvell: mvpp2: phylink requires the link interrupt
- tcp/dccp: fix possible race __inet_lookup_established()
- tcp: do not send empty skb from tcp_write_xmit()
- gtp: fix wrong condition in gtp_genl_dump_pdp()
- gtp: fix an use-after-free in ipv4_pdp_find()
- gtp: avoid zero size hashtable
- [arm64,armhf] pinctrl: baytrail: Really serialize all register accesses
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.94
- nvme_fc: add module to ops template to allow module references
- nvme-fc: fix double-free scenarios on hw queues
- drm/amdgpu: add check before enabling/disabling broadcast mode
- drm/amdgpu: add cache flush workaround to gfx8 emit_fence
- PM / devfreq: Fix devfreq_notifier_call returning errno
- PM / devfreq: Set scaling_max_freq to max on OPP notifier error
- PM / devfreq: Don't fail devfreq_dev_release if not in list
- afs: Fix afs_find_server lookups for ipv4 peers
- afs: Fix SELinux setting security label on /afs
- RDMA/cma: add missed unregister_pernet_subsys in init failure
- rxe: correctly calculate iCRC for unaligned payloads
- scsi: lpfc: Fix memory leak on lpfc_bsg_write_ebuf_set func
- scsi: qla2xxx: Drop superfluous INIT_WORK of del_work
- scsi: qla2xxx: Don't call qlt_async_event twice
- scsi: qla2xxx: Fix PLOGI payload and ELS IOCB dump length
- scsi: qla2xxx: Configure local loop for N2N target
- scsi: qla2xxx: Send Notify ACK after N2N PLOGI
- scsi: qla2xxx: Ignore PORT UPDATE after N2N PLOGI
- scsi: iscsi: qla4xxx: fix double free in probe
- scsi: libsas: stop discovering if oob mode is disconnected
(CVE-2019-19965)
- drm/nouveau: Move the declaration of struct nouveau_conn_atom up a bit
- usb: gadget: fix wrong endpoint desc
- net: make socket read/write_iter() honor IOCB_NOWAIT
- afs: Fix creation calls in the dynamic root to fail with EOPNOTSUPP
- md: raid1: check rdev before reference in raid1_sync_request func
- [s390x] cpum_sf: Adjust sampling interval to avoid hitting sample limits
- [s390x] cpum_sf: Avoid SBD overflow condition in irq handler
- IB/mlx4: Follow mirror sequence of device add during device removal
- IB/mlx5: Fix steering rule of drop and count
- xen-blkback: prevent premature module unload
- xen/balloon: fix ballooned page accounting without hotplug enabled
- PM / hibernate: memory_bm_find_bit(): Tighten node optimisation
- ALSA: hda/realtek - Add Bass Speaker and fixed dac for bass speaker
- ALSA: hda/realtek - Enable the bass speaker of ASUS UX431FLC
- ALSA: hda - fixup for the bass speaker on Lenovo Carbon X1 7th gen
- xfs: fix mount failure crash on invalid iclog memory access
- taskstats: fix data-race
- drm: limit to INT_MAX in create_blob ioctl
- netfilter: nft_tproxy: Fix port selector on Big Endian
- ALSA: ice1724: Fix sleep-in-atomic in Infrasonic Quartet support code
- ALSA: usb-audio: fix set_format altsetting sanity check
- ALSA: usb-audio: set the interface format after resume on Dell WD19
- ALSA: hda/realtek - Add headset Mic no shutup for ALC283
- [arm64,armhf] drm/sun4i: hdmi: Remove duplicate cleanup calls
- [mips*] Avoid VDSO ABI breakage due to global register variable
- media: pulse8-cec: fix lost cec_transmit_attempt_done() call
- media: cec: CEC 2.0-only bcast messages were ignored
- media: cec: avoid decrementing transmit_queue_sz if it is 0
- media: cec: check 'transmit_in_progress', not 'transmitting'
- mm/zsmalloc.c: fix the migrated zspage statistics.
- memcg: account security cred as well to kmemcg
- mm: move_pages: return valid node id in status if the page is already on
the target node
- [x86,arm64] pstore/ram: Write new dumps to start of recycled zones
- locks: print unsigned ino in /proc/locks
- compat_ioctl: block: handle Persistent Reservations
- compat_ioctl: block: handle BLKREPORTZONE/BLKRESETZONE
- ata: libahci_platform: Export again ahci_platform_<en/dis>able_phys()
- libata: Fix retrieving of active qcs
- gpiolib: fix up emulated open drain outputs
- tracing: Fix lock inversion in trace_event_enable_tgid_record()
- tracing: Avoid memory leak in process_system_preds()
- tracing: Have the histogram compare functions convert to u64 first
- tracing: Fix endianness bug in histogram trigger
- apparmor: fix aa_xattrs_match() may sleep while holding a RCU lock
- [i386] ALSA: cs4236: fix error return comparison of an unsigned integer
- ALSA: firewire-motu: Correct a typo in the clock proc string
- exit: panic before exit_mm() on global init exit
- [arm64] Revert support for execute-only user mappings
- ftrace: Avoid potential division by zero in function profiler
- [arm64] drm/msm: include linux/sched/task.h
- PM / devfreq: Check NULL governor in available_governors_show
- nfsd4: fix up replay_matches_cache()
- [x86,arm64] HID: i2c-hid: Reset ALPS touchpads on resume
- ACPI: sysfs: Change ACPI_MASKABLE_GPE_MAX to 0x100
- xfs: don't check for AG deadlock for realtime files in bunmapi
- [x86] platform/x86: pmc_atom: Add Siemens CONNECT X300 to
critclk_systems DMI table
- Bluetooth: btusb: fix PM leak in error case of setup
- Bluetooth: delete a stray unlock
- Bluetooth: Fix memory leak in hci_connect_le_scan
- media: flexcop-usb: ensure -EIO is returned on error condition
- media: usb: fix memory leak in af9005_identify_state (CVE-2019-18809)
- [arm64] dts: meson: odroid-c2: Disable usb_otg bus to avoid power failed
warning
- [arm64] tty: serial: msm_serial: Fix lockup for sysrq and oops
- fix compat handling of FICLONERANGE, FIDEDUPERANGE and FS_IOC_FIEMAP
- bdev: Factor out bdev revalidation into a common helper
- bdev: Refresh bdev size for disks without partitioning
- scsi: qedf: Do not retry ELS request if qedf_alloc_cmd fails
- drm/mst: Fix MST sideband up-reply failure handling
- [ppc64el] pseries/hvconsole: Fix stack overread via udbg
- [ppc64el] KVM: PPC: Book3S HV: use smp_mb() when setting/clearing
host_ipi flag
- rxrpc: Fix possible NULL pointer access in ICMP handling
- tcp: annotate tp->rcv_nxt lockless reads
- net: core: limit nested device depth
- ath9k_htc: Modify byte order for an error message
- ath9k_htc: Discard undersized packets
- xfs: periodically yield scrub threads to the scheduler
- net: add annotations on hh->hh_len lockless accesses
- ubifs: ubifs_tnc_start_commit: Fix OOB in layout_in_gaps
- [s390x] smp: fix physical to logical CPU map for SMT
- xen/blkback: Avoid unmapping unmapped grant pages
- [x86] perf/x86/intel/bts: Fix the use of page_private()
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.95
- bpf: Fix passing modified ctx to ld/abs/ind instruction
- regulator: fix use after free issue
- ASoC: max98090: fix possible race conditions
- netfilter: ctnetlink: netns exit must wait for callbacks
- mwifiex: Fix heap overflow in mmwifiex_process_tdls_action_frame()
(CVE-2019-14901)
- [x86] efi: Update e820 with reserved EFI boot services data to fix kexec
breakage
- [x86] ASoC: Intel: bytcr_rt5640: Update quirk for Teclast X89
- efi/gop: Return EFI_NOT_FOUND if there are no usable GOPs
- efi/gop: Return EFI_SUCCESS if a usable GOP was found
- efi/gop: Fix memory leak in __gop_query32/64()
- netfilter: uapi: Avoid undefined left-shift in xt_sctp.h
- netfilter: nft_set_rbtree: bogus lookup/get on consecutive elements in
named sets
- netfilter: nf_tables: validate NFT_SET_ELEM_INTERVAL_END
- netfilter: nf_tables: validate NFT_DATA_VALUE after nft_data_init()
- [arm64] spi: spi-cavium-thunderx: Add missing pci_release_regions()
- ASoC: topology: Check return value for soc_tplg_pcm_create()
- bnxt_en: Return error if FW returns more data than dump length
- [mips*] bpf, mips: Limit to 33 tail calls
- [armhf] spi: spi-ti-qspi: Fix a bug when accessing non default CS
- [powerpc*] Ensure that swiotlb buffer is allocated from low memory
- btrfs: Fix error messages in qgroup_rescan_init
- bpf: Clear skb->tstamp in bpf_redirect when necessary
- bnx2x: Do not handle requests from VFs after parity
- bnx2x: Fix logic to get total no. of PFs per engine
- cxgb4: Fix kernel panic while accessing sge_info
- net: usb: lan78xx: Fix error message format specifier
- rfkill: Fix incorrect check to avoid NULL pointer dereference
- iommu/iova: Init the struct iova to fix the possible memleak
- [x86] perf/x86/intel: Fix PT PMI handling
- fs: avoid softlockups in s_inodes iterators
- [arm64,armhf] net: stmmac: Do not accept invalid MTU values
- [arm64,armhf] net: stmmac: xgmac: Clear previous RX buffer size
- [arm64,armhf] net: stmmac: RX buffer size must be 16 byte aligned
- [arm64,armhf] net: stmmac: Always arm TX Timer at end of transmission
start
- [s390x] dasd/cio: Interpret ccw_device_get_mdc return value correctly
- [s390x] dasd: fix memleak in path handling error case
- block: fix memleak when __blk_rq_map_user_iov() is failed
- llc2: Fix return statement of llc_stat_ev_rx_null_dsap_xid_c (and
_test_c)
- [x86] hv_netvsc: Fix unwanted rx_table reset
- [powerpc*] vcpu: Assume dedicated processors as non-preempt
- [powerpc*] spinlocks: Include correct header for static key
- [armhf] cpufreq: imx6q: read OCOTP through nvmem for imx6ul/imx6ull
- gtp: fix bad unlock balance in gtp_encap_enable_socket
- macvlan: do not assume mac_header is set in macvlan_broadcast()
- [arm64,armhf] net: dsa: mv88e6xxx: Preserve priority when setting CPU
port.
- [arm64,armhf] net: stmmac: dwmac-sun8i: Allow all RGMII modes
- [arm64,armhf] net: stmmac: dwmac-sunxi: Allow all RGMII modes
- net: usb: lan78xx: fix possible skb leak
- pkt_sched: fq: do not accept silly TCA_FQ_QUANTUM
- sch_cake: avoid possible divide by zero in cake_enqueue()
- sctp: free cmd->obj.chunk for the unprocessed SCTP_CMD_REPLY
- tcp: fix "old stuff" D-SACK causing SACK to be treated as D-SACK
- vxlan: fix tos value before xmit
- vlan: fix memory leak in vlan_dev_set_egress_priority
- vlan: vlan_changelink() should propagate errors
- net: sch_prio: When ungrafting, replace with FIFO
- [arm64,armhf] usb: dwc3: gadget: Fix request complete check
- USB: core: fix check for duplicate endpoints
- USB: serial: option: add Telit ME910G1 0x110a composition
- usb: missing parentheses in USE_NEW_SCHEME
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.96
- chardev: Avoid potential use-after-free in 'chrdev_open()'
- i2c: fix bus recovery stop mode timing
- [arm64,armhf] usb: chipidea: host: Disable port power only if previously
enabled
- ALSA: usb-audio: Apply the sample rate quirk for Bose Companion 5
- ALSA: hda/realtek - Add new codec supported for ALCS1200A
- ALSA: hda/realtek - Set EAPD control to default for ALC222
- [x86] ALSA: hda/realtek - Add quirk for the bass speaker on Lenovo Yoga
X1 7th gen
- kernel/trace: Fix do not unregister tracepoints when register
sched_migrate_task fail
- tracing: Have stack tracer compile when MCOUNT_INSN_SIZE is not defined
- tracing: Change offset type to s32 in preempt/irq tracepoints
- HID: Fix slab-out-of-bounds read in hid_field_extract
- HID: uhid: Fix returning EPOLLOUT from uhid_char_poll
- HID: hid-input: clear unmapped usages
- Input: add safety guards to input_set_keycode()
- [arm64,armhf] drm/sun4i: tcon: Set RGB DCLK min. divider based on
hardware model
- drm/fb-helper: Round up bits_per_pixel if possible
- drm/dp_mst: correct the shifting in DP_REMOTE_I2C_READ
- can: kvaser_usb: fix interface sanity check
- can: gs_usb: gs_usb_probe(): use descriptors of current altsetting
- can: can_dropped_invalid_skb(): ensure an initialized headroom in
outgoing CAN sk_buffs
- gpiolib: acpi: Turn dmi_system_id table into a generic quirk table
- gpiolib: acpi: Add honor_wakeup module-option + quirk mechanism
- [x86] staging: vt6656: set usb_set_intfdata on driver fail.
- USB: serial: option: add ZLP support for 0x1bc7/0x9010
- [arm64,armhf] usb: musb: fix idling for suspend after disconnect
interrupt
- [arm64,armhf] usb: musb: Disable pullup at init
- [arm64,armhf] usb: musb: dma: Correct parameter passed to IRQ handler
- [x86] staging: comedi: adv_pci1710: fix AI channels 16-31 for PCI-1713
- staging: rtl8188eu: Add device code for TP-Link TL-WN727N v5.21
- serdev: Don't claim unsupported ACPI serial devices
- tty: link tty and port before configuring it as console
- tty: always relink the port
- mwifiex: fix possible heap overflow in mwifiex_process_country_ie()
(CVE-2019-14895)
- mwifiex: pcie: Fix memory leak in mwifiex_pcie_alloc_cmdrsp_buf
(CVE-2019-19056)
- scsi: bfa: release allocated memory in case of error (CVE-2019-19066)
- rtl8xxxu: prevent leaking urb (CVE-2019-19068)
- ath10k: fix memory leak (CVE-2019-19078)
- HID: hiddev: fix mess in hiddev_open()
- USB: Fix: Don't skip endpoint descriptors with maxpacket=0
- netfilter: arp_tables: init netns pointer in xt_tgchk_param struct
- netfilter: conntrack: dccp, sctp: handle null timeout argument
- netfilter: ipset: avoid null deref when IPSET_ATTR_LINENO is present
- [x86] drm/i915/gen9: Clear residual context state on context switch
(CVE-2019-14615)
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.97
- hidraw: Return EPOLLOUT from hidraw_poll
- HID: hidraw: Fix returning EPOLLOUT from hidraw_poll
- HID: hidraw, uhid: Always report EPOLLOUT
- cfg80211/mac80211: make ieee80211_send_layer2_update a public function
- mac80211: Do not send Layer 2 Update frame before authorization
(CVE-2019-5108)
- f2fs: Move err variable to function scope in f2fs_fill_dentries()
- f2fs: check memory boundary by insane namelen
- f2fs: check if file namelen exceeds max value (CVE-2019-9445)
- media: usb:zr364xx:Fix KASAN:null-ptr-deref Read in
zr364xx_vidioc_querycap (CVE-2019-15217)
- iwlwifi: dbg_ini: fix memory leak in alloc_sgtable (CVE-2019-19058)
- iwlwifi: pcie: fix memory leaks in iwl_pcie_ctxt_info_gen3_init
(CVE-2019-19059)
- RDMA: Fix goto target to release the allocated memory (CVE-2019-19077)
- dccp: Fix memleak in __feat_register_sp (CVE-2019-20096)
- [x86] drm/i915: Fix use-after-free when destroying GEM context
- ASoC: soc-core: Set dpcm_playback / dpcm_capture
- [armhf] mtd: onenand: omap2: Pass correct flags for prep_dma_memcpy
- [arm64] gpio: zynq: Fix for bug in zynq_gpio_restore_context API
- iommu: Remove device link to group on failure
- gpio: Fix error message on out-of-range GPIO in lookup table
- [s390x] qeth: fix false reporting of VNIC CHAR config failure
- [s390x] qeth: Fix vnicc_is_in_use if rx_bcast not set
- cifs: Adjust indentation in smb2_open_file
- afs: Fix missing cell comparison in afs_test_super()
- drm/ttm: fix start page for huge page check in ttm_put_pages()
(CVE-2019-19927)
- drm/ttm: fix incrementing the page pointer for huge pages
(CVE-2019-19927)
- btrfs: simplify inode locking for RWF_NOWAIT
- RDMA/mlx5: Return proper error value
- RDMA/srpt: Report the SCSI residual to the initiator
- scsi: enclosure: Fix stale device oops with hot replug
- scsi: sd: Clear sdkp->protection_type if disk is reformatted without PI
- [x86] platform/x86: asus-wmi: Fix keyboard brightness cannot be set to 0
- [x86] platform/x86: GPD pocket fan: Use default values when wrong
modparams are given
- xprtrdma: Fix completion wait during device removal
- crypto: virtio - implement missing support for output IVs
- NFSv2: Fix a typo in encode_sattr()
- NFSv4.x: Drop the slot if nfs4_delegreturn_prepare waits for
layoutreturn
- mei: fix modalias documentation
- [armhf] clk: samsung: exynos5420: Preserve CPU clocks configuration
during suspend/resume
- [armhf] pinctl: ti: iodelay: fix error checking on
pinctrl_count_index_with_args call
- [x86] pinctrl: lewisburg: Update pin list according to v1.1v6
- scsi: sd: enable compat ioctls for sed-opal
- af_unix: add compat_ioctl support
- compat_ioctl: handle SIOCOUTQNSD
- [arm64,armhf] PCI: dwc: Fix find_next_bit() usage
- PCI/PTM: Remove spurious "d" from granularity message
- [powerpc*] powernv: Disable native PCIe port management
- [armhf] tty: serial: imx: use the sg count from dma_map_sg
- [i386] tty: serial: pch_uart: correct usage of dma_unmap_sg
- mtd: spi-nor: fix silent truncation in spi_nor_read()
- mtd: spi-nor: fix silent truncation in spi_nor_read_raw()
- rtlwifi: Remove unnecessary NULL check in rtl_regd_init
- f2fs: fix potential overflow
- scsi: libcxgbi: fix NULL pointer dereference in cxgbi_device_destroy()
- [mips*] cacheinfo: report shared CPU map
- [arm64] drm/arm/mali: make malidp_mw_connector_helper_funcs static
- [arm64] dmaengine: k3dma: Avoid null pointer traversal
- [amd64] ioat: ioat_alloc_ring() failure handling.
- ocfs2: call journal flush to mark journal as empty after journal
recovery when mount
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.98
- clk: Don't try to enable critical clocks if prepare failed
- iio: buffer: align the size of scan bytes to size of the largest element
- USB: serial: simple: Add Motorola Solutions TETRA MTP3xxx and MTP85xx
- USB: serial: option: Add support for Quectel RM500Q
- USB: serial: opticon: fix control-message timeouts
- USB: serial: option: add support for Quectel RM500Q in QDL mode
- USB: serial: suppress driver bind attributes
- USB: serial: ch341: handle unbound port at reset_resume
- USB: serial: io_edgeport: handle unbound ports on URB completion
- USB: serial: io_edgeport: add missing active-port sanity check
- USB: serial: keyspan: handle unbound ports
- USB: serial: quatech2: handle unbound ports
- [x86] scsi: fnic: fix invalid stack access
- scsi: mptfusion: Fix double fetch bug in ioctl
- [armhf] dts: imx6q-dhcom: Fix SGTL5000 VDDIO regulator connection
- ALSA: dice: fix fallback from protocol extension into limited
functionality
- ALSA: seq: Fix racy access for queue timer in proc read
- ALSA: usb-audio: fix sync-ep altsetting sanity check
- [arm64] dts: allwinner: a64: olinuxino: Fix SDIO supply regulator
- block: fix an integer overflow in logical block size
- [armhf] dts: am571x-idk: Fix gpios property to have the correct gpio
number
- LSM: generalize flag passing to security_capable
- ptrace: reintroduce usage of subjective credentials in ptrace_has_cap()
- usb: core: hub: Improved device recognition on remote wakeup
- [x86] resctrl: Fix an imbalance in domain_remove_cpu()
- [x86] CPU/AMD: Ensure clearing of SME/SEV features is maintained
- [amd64] x86/efistub: Disable paging at mixed mode entry
- [x86] resctrl: Fix potential memory leak
- perf hists: Fix variable name's inconsistency in hists__for_each() macro
- perf report: Fix incorrectly added dimensions as switch perf data file
- mm/shmem.c: thp, shmem: fix conflict of above-47bit hint address and PMD
alignment
- mm: memcg/slab: call flush_memcg_workqueue() only if memcg workqueue is
valid
- btrfs: rework arguments of btrfs_unlink_subvol
- btrfs: fix invalid removal of root ref
- btrfs: do not delete mismatched root refs
- btrfs: fix memory leak in qgroup accounting
- mm/page-writeback.c: avoid potential division by zero in
wb_min_max_ratio()
- [armhf] dts: imx6qdl: Add Engicam i.Core 1.5 MX6
- [armhf] dts: imx6q-icore-mipi: Use 1.5 version of i.Core MX6DL
- [arm64,armhf] net: stmmac: 16KB buffer must be 16 byte aligned
- [arm64,armhf] net: stmmac: Enable 16KB buffer size
- mm/huge_memory.c: make __thp_get_unmapped_area static
- mm/huge_memory.c: thp: fix conflict of above-47bit hint address and PMD
alignment
- bpf: Fix incorrect verifier simulation of ARSH under ALU32
- cfg80211: fix deadlocks in autodisconnect work
- cfg80211: fix memory leak in cfg80211_cqm_rssi_update
- cfg80211: fix page refcount issue in A-MSDU decap
- netfilter: fix a use-after-free in mtype_destroy()
- netfilter: arp_tables: init netns pointer in xt_tgdtor_param struct
- netfilter: nft_tunnel: fix null-attribute check
- netfilter: nf_tables: remove WARN and add NLA_STRING upper limits
- netfilter: nf_tables: store transaction list locally while requesting
module
- netfilter: nf_tables: fix flowtable list del corruption
- NFC: pn533: fix bulk-message timeout
- batman-adv: Fix DAT candidate selection on little endian systems
- macvlan: use skb_reset_mac_header() in macvlan_queue_xmit()
- [x86] hv_netvsc: Fix memory leak when removing rndis device
- [arm64] net: hns: fix soft lockup when there is not enough memory
- net: usb: lan78xx: limit size of local TSO packets
- ptp: free ptp device pin descriptors properly
- r8152: add missing endpoint sanity check
- tcp: fix marked lost packets not being retransmitted
- xen/blkfront: Adjust indentation in xlvbd_alloc_gendisk
- tcp: refine rule to allow EPOLLOUT generation under mem pressure
- [arm64] dts: meson-gxl-s905x-khadas-vim: fix gpio-keys-polled node
- cfg80211: check for set_wiphy_params
- tick/sched: Annotate lockless access to last_jiffies_update
- drm/nouveau/bar/nv50: check bar1 vmm return value
- drm/nouveau/bar/gf100: ensure BAR is mapped
- drm/nouveau/mmu: qualify vmm during dtor
- reiserfs: fix handling of -EOPNOTSUPP in reiserfs_for_each_xattr
- scsi: esas2r: unlock on error in esas2r_nvram_read_direct()
- scsi: qla4xxx: fix double free bug
- scsi: bnx2i: fix potential use after free
- scsi: target: core: Fix a pr_debug() argument
- scsi: qla2xxx: Fix qla2x00_request_irqs() for MSI
- scsi: qla2xxx: fix rports not being mark as lost in sync fabric scan
- scsi: core: scsi_trace: Use get_unaligned_be*()
- perf probe: Fix wrong address verification
[ Joe Richey ]
* [cloud-amd64] tpm: Enable TPM drivers for Cloud (Closes: #946237)
[ Salvatore Bonaccorso ]
* Refresh powerpc-fix-mcpu-options-for-spe-only-compiler.patch (Context
changes in 4.19.88)
* Drop 0027-RDMA-hns-Fix-the-bug-with-updating-rq-head-pointer-w.patch
* Drop 0028-RDMA-hns-Bugfix-for-the-scene-without-receiver-queue.patch
* [rt] Refresh 0199-net-move-xmit_recursion-to-per-task-variable-on-RT.patch
(Context changes in 4.19.88)
* [rt] Update to 4.19.90-rt35:
- Update "workqueue: rework" for workqueue changes in 4.19.90
* [rt] Drop 0245-Revert-arm64-preempt-Fix-big-endian-when-checking-pr.patch
* Refresh 0013-scsi-hisi_sas-Relocate-some-codes-to-avoid-an-unused.patch
for context changes in 4.19.93.
* [rt] Refresh
0253-watchdog-prevent-deferral-of-watchdogd-wakeup-on-RT.patch (Context
changes in 4.19.93)
* [rt] Refresh 0199-net-move-xmit_recursion-to-per-task-variable-on-RT.patch
(Context changes in 4.19.97)
[ Ben Hutchings ]
* [rt] Update to 4.19.94-rt38:
- Refresh "x86/ioapic: Don't let setaffinity unmask threaded EOI interrupt
too early" which was partly included in 4.19.92
* aufs: Update support patchset to aufs4.19.63+ 20200113; no functional
changes
* Bump ABI to 8
* libertas: Fix two buffer overflows at parsing bss descriptor
(CVE-2019-14896, CVE-2019-14897)
* wimax: i2400: fix memory leak (CVE-2019-19051)
* wimax: i2400: Fix memory leak in i2400m_op_rfkill_sw_toggle
(CVE-2019-19051)
* [amd64/cloud-amd64] hwrandom: Enable HW_RANDOM_VIRTIO (Closes: #914511)
[ Noah Meyerhans ]
* random: try to actively add entropy rather than passively wait for it
(Closes: #948519)
[ Aurelien Jarno ]
* [mips*/malta] Enable POWER_RESET_PIIX4_POWEROFF.
-- Salvatore Bonaccorso <email address hidden> Sun, 26 Jan 2020 21:01:13 +0100
-
linux (4.19.67-2+deb10u1) buster-security; urgency=high
[ Romain Perier ]
* ALSA: usb-audio: Fix an OOB bug in parse_audio_mixer_unit (CVE-2019-15117)
* ALSA: usb-audio: Fix a stack buffer overflow bug in check_input_term
(CVE-2019-15118)
[ Salvatore Bonaccorso ]
* vhost: make sure log_num < in_num (CVE-2019-14835)
* [x86] ptrace: fix up botched merge of spectrev1 fix (CVE-2019-15902)
* KVM: coalesced_mmio: add bounds checking (CVE-2019-14821)
-- Salvatore Bonaccorso <email address hidden> Fri, 20 Sep 2019 12:51:55 +0200
-
linux (4.19.67-2) buster; urgency=medium
[ Salvatore Bonaccorso ]
* dm: disable DISCARD if the underlying storage no longer supports it
(Closes: #934331)
* xfs: fix missing ILOCK unlock when xfs_setattr_nonsize fails due to EDQUOT
(CVE-2019-15538)
[ Ben Hutchings ]
* KVM: Ignore ABI changes
* [ppc64el] Disable PPC_TRANSACTIONAL_MEM (Closes: #866122)
* [ppc64el] Avoid ABI change for disabling TM
* netfilter: conntrack: Use consistent ct id hash calculation
(fixes regression in 4.19.44)
[ Cyril Brulebois ]
* [arm] Backport DTB support for Rasperry Pi Compute Module 3.
* [arm64] Backport DTB support for Rasperry Pi Compute Module 3.
-- Salvatore Bonaccorso <email address hidden> Wed, 28 Aug 2019 06:20:22 +0200
-
linux (4.19.37-5) unstable; urgency=medium
[ Romain Perier ]
* [sparc64] Fix device naming inconsistency between sunhv_console and
sunhv_reg (Closes: #926539)
[ Ben Hutchings ]
* tcp: Avoid ABI change for DoS fixes (Closes: #930743)
* Add ABI reference for 4.19.0-5
-- Ben Hutchings <email address hidden> Wed, 19 Jun 2019 23:16:58 +0100
-
linux (4.19.37-3) unstable; urgency=medium
* [powerpc*] 64s: Include cpu header (fixes FTBFS)
-- Ben Hutchings <email address hidden> Wed, 15 May 2019 23:07:16 +0100
-
linux (4.19.28-2) unstable; urgency=medium
[ Ben Hutchings ]
* [x86,alpha,m68k] binfmt: Disable BINFMT_AOUT, IA32_AOUT, OSF4_COMPAT
* [x86] Drop fix for #865303, which no longer affects Debian's OpenJDK
* udeb: Make serial_cs optional in serial-modules
* [ppc64el] Disable PCMCIA (fixes FTBFS)
[ Vagrant Cascadian ]
* [arm64] Enable DRM_SUN4I and DRM_SUN8I_DW_HDMI as modules.
* [arm64] Enable I2C_GPIO as a module.
* [arm64] Enable MESON_EFUSE as a module.
[ Yves-Alexis Perez ]
* certs: include both root CA and direct signing certificate.
closes: #924545
-- Ben Hutchings <email address hidden> Fri, 15 Mar 2019 02:16:04 +0000
-
linux (4.19.20-1) unstable; urgency=medium
* New upstream stable update:
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.17
- tty/ldsem: Wake up readers after timed out down_write()
- tty: Hold tty_ldisc_lock() during tty_reopen()
- tty: Simplify tty->count math in tty_reopen()
- tty: Don't hold ldisc lock in tty_reopen() if ldisc present
- can: gw: ensure DLC boundaries after CAN frame modification
(CVE-2019-3701)
- netfilter: nf_conncount: don't skip eviction when age is negative
- netfilter: nf_conncount: split gc in two phases
- netfilter: nf_conncount: restart search when nodes have been erased
(Closes: #921616)
- netfilter: nf_conncount: merge lookup and add functions
- netfilter: nf_conncount: move all list iterations under spinlock
- netfilter: nf_conncount: speculative garbage collection on empty lists
- netfilter: nf_conncount: fix argument order to find_next_bit
- [arm64] mmc: sdhci-msm: Disable CDR function on TX
- Revert "scsi: target: iscsi: cxgbit: fix csk leak"
- scsi: target: iscsi: cxgbit: fix csk leak
- scsi: target: iscsi: cxgbit: fix csk leak
- [arm64] kvm: consistently handle host HCR_EL2 flags
- [arm64] Don't trap host pointer auth use to EL2
- ipv6: fix kernel-infoleak in ipv6_local_error()
- net: bridge: fix a bug on using a neighbour cache entry without checking
its state
- packet: Do not leak dev refcounts on error exit
- tcp: change txhash on SYN-data timeout
- tun: publish tfile after it's fully initialized
- r8169: don't try to read counters if chip is in a PCI power-save state
- bonding: update nest level on unlink
- ip: on queued skb use skb_header_pointer instead of pskb_may_pull
- r8169: load Realtek PHY driver module before r8169
- crypto: authencesn - Avoid twice completion call in decrypt path
- crypto: authenc - fix parsing key with misaligned rta_len
- [x86] xen: Fix x86 sched_clock() interface for xen
- Revert "btrfs: balance dirty metadata pages in btrfs_finish_ordered_io"
- btrfs: wait on ordered extents on abort cleanup
- Yama: Check for pid death before checking ancestry
- scsi: core: Synchronize request queue PM status only on successful resume
- [x86] scsi: sd: Fix cache_type_store()
- [mips*] fix n32 compat_ipc_parse_version
- [mips*] BCM47XX: Setup struct device for the SoC
- [mips*] lantiq: Fix IPI interrupt handling
- of: properties: add missing of_node_put
- RDMA/nldev: Don't expose unsafe global rkey to regular user
- [arm64] kaslr: ensure randomized quantities are clean to the PoC
- [arm64] dts: marvell: armada-ap806: reserve PSCI area
- [mips*] Disable MSI also when pcie-octeon.pcie_disable on
- fix int_sqrt64() for very large numbers
- media: vivid: fix error handling of kthread_run
- media: vivid: set min width/height to a value > 0
- bpf: in __bpf_redirect_no_mac pull mac only if present
- ipv6: make icmp6_send() robust against null skb->dev
- LSM: Check for NULL cred-security on free
- netfilter: ebtables: account ebt_table_info to kmemcg
- block: use rcu_work instead of call_rcu to avoid sleep in softirq
- selinux: fix GPF on invalid policy
- blockdev: Fix livelocks on loop device
- sctp: allocate sctp_sockaddr_entry with kzalloc
- tipc: fix uninit-value in in tipc_conn_rcv_sub
- tipc: fix uninit-value in tipc_nl_compat_link_reset_stats
- tipc: fix uninit-value in tipc_nl_compat_bearer_enable
- tipc: fix uninit-value in tipc_nl_compat_link_set
- tipc: fix uninit-value in tipc_nl_compat_name_table_dump
- tipc: fix uninit-value in tipc_nl_compat_doit
- block/loop: Don't grab "struct file" for vfs_getattr() operation.
- block/loop: Use global lock for ioctl() operation.
- loop: Fold __loop_release into loop_release
- loop: Get rid of loop_index_mutex
- loop: Push lo_ctl_mutex down into individual ioctls
- loop: Split setting of lo_state from loop_clr_fd
- loop: Push loop_ctl_mutex down into loop_clr_fd()
- loop: Push loop_ctl_mutex down to loop_get_status()
- loop: Push loop_ctl_mutex down to loop_set_status()
- loop: Push loop_ctl_mutex down to loop_set_fd()
- loop: Push loop_ctl_mutex down to loop_change_fd()
- loop: Move special partition reread handling in loop_clr_fd()
- loop: Move loop_reread_partitions() out of loop_ctl_mutex
- loop: Fix deadlock when calling blkdev_reread_part()
- loop: Avoid circular locking dependency between loop_ctl_mutex and
bd_mutex
- loop: Get rid of 'nested' acquisition of loop_ctl_mutex
- loop: Fix double mutex_unlock(&loop_ctl_mutex) in loop_control_ioctl()
- loop: drop caches if offset or block_size are changed
- drm/fb-helper: Ignore the value of fb_var_screeninfo.pixclock
- nbd: Use set_blocksize() to set device blocksize
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.18
- ipv6: Consider sk_bound_dev_if when binding a socket to a v4 mapped
address
- [armhf, arm64 net: dsa: mv88x6xxx: mv88e6390 errata
- net, skbuff: do not prefer skb allocation fails early
- qmi_wwan: add MTU default to qmap network interface
- r8169: Add support for new Realtek Ethernet
- ipv6: Take rcu_read_lock in __inet6_bind for mapped addresses
- net: clear skb->tstamp in bridge forwarding path
- netfilter: ipset: Allow matching on destination MAC address for mac and
ipmac sets
- [arm64] gpio: pl061: Move irq_chip definition inside struct pl061
- drm/amd/display: Guard against null stream_state in set_crc_source
- [x86] drm/amdkfd: fix interrupt spin lock
- ixgbe: allow IPsec Tx offload in VEPA mode
- [x86] platform: asus-wmi: Tell the EC the OS will handle the display
off hotkey
- e1000e: allow non-monotonic SYSTIM readings
- [x86] usb: typec: tcpm: Do not disconnect link for self powered devices
- of: overlay: add missing of_node_put() after add new node to changeset
- writeback: don't decrement wb->refcnt if !wb->bdi
- serial: set suppress_bind_attrs flag only if builtin
- bpf: Allow narrow loads with offset > 0
- ALSA: oxfw: add support for APOGEE duet FireWire
- [x86] mce: Fix -Wmissing-prototypes warnings
- [mips] SiByte: Enable swiotlb for SWARM, LittleSur and BigSur
- [arm64] perf: set suppress_bind_attrs flag to true
- drm/atomic-helper: Complete fake_commit->flip_done potentially earlier
- [arm64] clk: meson: meson8b: fix incorrect divider mapping in
cpu_scale_table
- samples: bpf: fix: error handling regarding kprobe_events
- usb: gadget: udc: renesas_usb3: add a safety connection way for
forced_b_device
- fpga: altera-cvp: fix probing for multiple FPGAs on the bus
- selinux: always allow mounting submounts
- ASoC: pcm3168a: Don't disable pcm3168a when CONFIG_PM defined
- scsi: qedi: Check for session online before getting iSCSI TLV data.
- drm/amdgpu: Reorder uvd ring init before uvd resume
- rxe: IB_WR_REG_MR does not capture MR's iova field
- efi/libstub: Disable some warnings for x86{,_64}
- jffs2: Fix use of uninitialized delayed_work, lockdep breakage
- clk: imx: make mux parent strings const
- pstore/ram: Do not treat empty buffers as valid
- media: uvcvideo: Refactor teardown of uvc on USB disconnect
- powerpc/xmon: Fix invocation inside lock region
- powerpc/pseries/cpuidle: Fix preempt warning
- media: firewire: Fix app_info parameter type in avc_ca{,_app}_info
- ASoC: use dma_ops of parent device for acp_audio_dma
- media: venus: core: Set dma maximum segment size
- staging: erofs: fix use-after-free of on-stack `z_erofs_vle_unzip_io'
- net: call sk_dst_reset when set SO_DONTROUTE
- scsi: target: use consistent left-aligned ASCII INQUIRY data
- scsi: target/core: Make sure that target_wait_for_sess_cmds() waits long
enough
- [arm64] kasan: Increase stack size for KASAN_EXTRA
- clk: imx6q: reset exclusive gates on init
- [arm64] Fix minor issues with the dcache_by_line_op macro
- bpf: relax verifier restriction on BPF_MOV | BPF_ALU
- mmc: atmel-mci: do not assume idle after atmci_request_end
- btrfs: volumes: Make sure there is no overlap of dev extents at mount
time
- btrfs: alloc_chunk: fix more DUP stripe size handling
- btrfs: fix use-after-free due to race between replace start and cancel
- btrfs: improve error handling of btrfs_add_link
- tty/serial: do not free trasnmit buffer page under port lock
- perf intel-pt: Fix error with config term "pt=0"
- perf tests ARM: Disable breakpoint tests 32-bit
- perf svghelper: Fix unchecked usage of strncpy()
- perf parse-events: Fix unchecked usage of strncpy()
- perf vendor events intel: Fix Load_Miss_Real_Latency on SKL/SKX
- netfilter: ipt_CLUSTERIP: check MAC address when duplicate config is set
- netfilter: ipt_CLUSTERIP: remove wrong WARN_ON_ONCE in netns exit routine
- netfilter: ipt_CLUSTERIP: fix deadlock in netns exit routine
- [x86] topology: Use total_cpus for max logical packages calculation
- dm crypt: use u64 instead of sector_t to store iv_offset
- dm kcopyd: Fix bug causing workqueue stalls
- perf stat: Avoid segfaults caused by negated options
- tools lib subcmd: Don't add the kernel sources to the include path
- dm snapshot: Fix excessive memory usage and workqueue stalls
- perf cs-etm: Correct packets swapping in cs_etm__flush()
- perf tools: Add missing sigqueue() prototype for systems lacking it
- perf tools: Add missing open_memstream() prototype for systems lacking it
- quota: Lock s_umount in exclusive mode for Q_XQUOTA{ON,OFF} quotactls.
- clocksource/drivers/integrator-ap: Add missing of_node_put()
- dm: Check for device sector overflow if CONFIG_LBDAF is not set
- Bluetooth: btusb: Add support for Intel bluetooth device 8087:0029
- ALSA: bebob: fix model-id of unit for Apogee Ensemble
- sysfs: Disable lockdep for driver bind/unbind files
- IB/usnic: Fix potential deadlock
- scsi: mpt3sas: fix memory ordering on 64bit writes
- scsi: smartpqi: correct lun reset issues
- ath10k: fix peer stats null pointer dereference
- scsi: smartpqi: call pqi_free_interrupts() in pqi_shutdown()
- scsi: megaraid: fix out-of-bound array accesses
- iomap: don't search past page end in iomap_is_partially_uptodate
- ocfs2: fix panic due to unrecovered local alloc
- mm/page-writeback.c: don't break integrity writeback on ->writepage()
error
- mm/swap: use nr_node_ids for avail_lists in swap_info_struct
- userfaultfd: clear flag if remap event not enabled
- mm, proc: be more verbose about unstable VMA flags in /proc/<pid>/smaps
- iwlwifi: mvm: Send LQ command as async when necessary
- Bluetooth: Fix unnecessary error message for HCI request completion
- ipmi: fix use-after-free of user->release_barrier.rda
- ipmi: msghandler: Fix potential Spectre v1 vulnerabilities
- ipmi: Prevent use-after-free in deliver_response
- ipmi:ssif: Fix handling of multi-part return messages
- ipmi: Don't initialize anything in the core until something uses it
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.19
- amd-xgbe: Fix mdio access for non-zero ports and clause 45 PHYs
- net: bridge: Fix ethernet header pointer before check skb forwardable
- net: Fix usage of pskb_trim_rcsum
- net: phy: marvell: Errata for mv88e6390 internal PHYs
- net: phy: mdio_bus: add missing device_del() in mdiobus_register() error
handling
- net/sched: act_tunnel_key: fix memory leak in case of action replace
- net_sched: refetch skb protocol for each filter
- openvswitch: Avoid OOB read when parsing flow nlattrs
- vhost: log dirty page correctly
- net: ipv4: Fix memory leak in network namespace dismantle
- net/sched: cls_flower: allocate mask dynamically in fl_change()
- udp: with udp_segment release on error path
- ip6_gre: fix tunnel list corruption for x-netns
- erspan: build the header with the right proto according to erspan_ver
- net: phy: marvell: Fix deadlock from wrong locking
- ip6_gre: update version related info when changing link
- tcp: allow MSG_ZEROCOPY transmission also in CLOSE_WAIT state
- mei: me: mark LBG devices as having dma support
- mei: me: add denverton innovation engine device IDs
- USB: leds: fix regression in usbport led trigger
- USB: serial: simple: add Motorola Tetra TPG2200 device id
- USB: serial: pl2303: add new PID to support PL2303TB
- ceph: clear inode pointer when snap realm gets dropped by its inode
- ASoC: atom: fix a missing check of snd_pcm_lib_malloc_pages
- ASoC: rt5514-spi: Fix potential NULL pointer dereference
- ASoC: tlv320aic32x4: Kernel OOPS while entering DAPM standby mode
- clk: socfpga: stratix10: fix rate calculation for pll clocks
- clk: socfpga: stratix10: fix naming convention for the fixed-clocks
- inotify: Fix fd refcount leak in inotify_add_watch().
- ALSA: hda/realtek - Fix typo for ALC225 model
- ALSA: hda - Add mute LED support for HP ProBook 470 G5
- ARCv2: lib: memeset: fix doing prefetchw outside of buffer
- ARC: adjust memblock_reserve of kernel memory
- ARC: perf: map generic branches to correct hardware condition
- s390/mm: always force a load of the primary ASCE on context switch
- s390/early: improve machine detection
- s390/smp: fix CPU hotplug deadlock with CPU rescan
- misc: ibmvsm: Fix potential NULL pointer dereference
- char/mwave: fix potential Spectre v1 vulnerability
- [arm64] mmc: dw_mmc-bluefield: : Fix the license information
- [arm64] mmc: meson-gx: Free irq in release() callback
- staging: rtl8188eu: Add device code for D-Link DWA-121 rev B1
- tty: Handle problem if line discipline does not have receive_buf
- uart: Fix crash in uart_write and uart_put_char
- tty/n_hdlc: fix __might_sleep warning
- hv_balloon: avoid touching uninitialized struct page during tail onlining
- Drivers: hv: vmbus: Check for ring when getting debug info
- vgacon: unconfuse vc_origin when using soft scrollback
- CIFS: Fix possible hang during async MTU reads and writes
- CIFS: Fix credits calculations for reads with errors
- CIFS: Fix credit calculation for encrypted reads with errors
- CIFS: Do not reconnect TCP session in add_credits()
- smb3: add credits we receive from oplock/break PDUs
- Input: xpad - add support for SteelSeries Stratus Duo
- Input: input_event - provide override for sparc64
- Input: uinput - fix undefined behavior in uinput_validate_absinfo()
- acpi/nfit: Block function zero DSMs
- acpi/nfit: Fix command-supported detection
- scsi: ufs: Use explicit access size in ufshcd_dump_regs
- dm thin: fix passdown_double_checking_shared_status()
- dm crypt: fix parsing of extended IV arguments
- [x86] drm/amdgpu: Add APTX quirk for Lenovo laptop
- [x86] KVM: Fix single-step debugging
- [x86] KVM: Fix PV IPIs for 32-bit KVM host
- [x86] KVM: WARN_ONCE if sending a PV IPI returns a fatal error
- [x86] kvm: vmx: Use kzalloc for cached_vmcs12
- [x86] KVM/nVMX: Do not validate that posted_intr_desc_addr is page
aligned
- [x86] pkeys: Properly copy pkey state at fork()
- [x86] selftests/pkeys: Fork() to check for state being preserved
- [x86] kaslr: Fix incorrect i8254 outb() parameters
- [x86] entry/64/compat: Fix stack switching for XEN PV
- [arm64] irqchip/gic-v3-its: Align PCI Multi-MSI allocation on their size
- can: dev: __can_get_echo_skb(): fix bogous check for non-existing skb by
removing it
- can: bcm: check timer values before ktime conversion
- can: flexcan: fix NULL pointer exception during bringup
- vt: make vt_console_print() compatible with the unicode screen buffer
- vt: always call notifier with the console lock held
- vt: invoke notifier on screen size change
- [arm64] drm/meson: Fix atomic mode switching regression
- bpf: improve verifier branch analysis
- bpf: add per-insn complexity limit
- bpf: move {prev_,}insn_idx into verifier env
- bpf: move tmp variable into ax register in interpreter
- bpf: enable access to ax register also from verifier rewrite
- bpf: restrict map value pointer arithmetic for unprivileged
- bpf: restrict stack pointer arithmetic for unprivileged
- bpf: restrict unknown scalars of mixed signed bounds for unprivileged
- bpf: fix check_map_access smin_value test when pointer contains offset
- bpf: prevent out of bounds speculation on pointer arithmetic
(CVE-2019-7308)
- bpf: fix sanitation of alu op with pointer / scalar type from different
paths (CVE-2019-7308)
- bpf: fix inner map masking to prevent oob under speculation
- [s390*] smp: Fix calling smp_call_ipl_cpu() from ipl CPU
- nvmet-rdma: Add unlikely for response allocated check
- nvmet-rdma: fix null dereference under heavy load
- Revert "mm, memory_hotplug: initialize struct pages for the full memory
section"
- usb: dwc3: gadget: Clear req->needs_extra_trb flag on cleanup
- ide: fix a typo in the settings proc file name
- Input: input_event - fix the CONFIG_SPARC64 mixup
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.20
- Fix "net: ipv4: do not handle duplicate fragments as overlapping"
- ipv6: sr: clear IP6CB(skb) on SRH ip4ip6 encapsulation
- ipvlan, l3mdev: fix broken l3s mode wrt local routes
- l2tp: copy 4 more bytes to linear part if necessary
- l2tp: fix reading optional fields of L2TPv3
- net: ip_gre: always reports o_key to userspace
- net: ip_gre: use erspan key field for tunnel lookup
- net/mlx4_core: Add masking for a few queries on HCA caps
- netrom: switch to sock timer API
- net/rose: fix NULL ax25_cb kernel panic
- net: set default network namespace in init_dummy_netdev()
- sctp: improve the events for sctp stream reset
- tun: move the call to tun_set_real_num_queues
- vhost: fix OOB in get_rx_bufs()
(CVE-2018-16880)
- net: ip6_gre: always reports o_key to userspace
- sctp: improve the events for sctp stream adding
- net/mlx5e: Allow MAC invalidation while spoofchk is ON
- ip6mr: Fix notifiers call on mroute_clean_tables()
- sctp: set chunk transport correctly when it's a new asoc
- sctp: set flow sport from saddr only when it's 0
- virtio_net: Don't enable NAPI when interface is down
- virtio_net: Don't call free_old_xmit_skbs for xdp_frames
- virtio_net: Fix not restoring real_num_rx_queues
- virtio_net: Fix out of bounds access of sq
- virtio_net: Don't process redirected XDP frames when XDP is disabled
- virtio_net: Use xdp_return_frame to free xdp_frames on destroying vqs
- virtio_net: Differentiate sk_buff and xdp_frame on freeing
- CIFS: Do not count -ENODATA as failure for query directory
- CIFS: Fix trace command logging for SMB2 reads and writes
- CIFS: Do not consider -ENODATA as stat failure for reads
- fs/dcache: Fix incorrect nr_dentry_unused accounting in
shrink_dcache_sb()
- iommu/vt-d: Fix memory leak in intel_iommu_put_resv_regions()
- NFS: Fix up return value on fatal errors in nfs_page_async_flush()
- [arm64] kaslr: ensure randomized quantities are clean also when kaslr is
off
- [arm64] Do not issue IPIs for user executable ptes
- [arm64] hyp-stub: Forbid kprobing of the hyp-stub
- [arm64] hibernate: Clean the __hyp_text to PoC after resume
- gpiolib: fix line event timestamps for nested irqs
- gpio: pcf857x: Fix interrupts on multiple instances
- gfs2: Revert "Fix loop in gfs2_rbm_find"
- [arm*] mmc: bcm2835: Fix DMA channel leak on probe error
- mmc: mediatek: fix incorrect register setting of hs400_cmd_int_delay
- ALSA: usb-audio: Add Opus #3 to quirks for native DSD support
- ALSA: hda/realtek - Fixed hp_pin no value
- IB/hfi1: Remove overly conservative VM_EXEC flag check
- [x86] platform: asus-nb-wmi: Map 0x35 to KEY_SCREENLOCK
- [x86] platform: asus-nb-wmi: Drop mapping of 0x33 and 0x34 scan codes
- mmc: sdhci-iproc: handle mmc_of_parse() errors during probe
- Btrfs: fix deadlock when allocating tree block during leaf/node split
- btrfs: On error always free subvol_name in btrfs_mount
- kernel/exit.c: release ptraced tasks before zap_pid_ns_processes
- mm/hugetlb.c: teach follow_hugetlb_page() to handle FOLL_NOWAIT
- oom, oom_reaper: do not enqueue same task twice
- mm,memory_hotplug: fix scan_movable_pages() for gigantic hugepages
- mm, oom: fix use-after-free in oom_kill_process
- mm: hwpoison: use do_send_sig_info() instead of force_sig()
- mm: migrate: don't rely on __PageMovable() of newpage after unlocking it
- of: Convert to using %pOFn instead of device_node.name
- of: overlay: add tests to validate kfrees from overlay removal
- of: overlay: add missing of_node_get() in __of_attach_node_sysfs
- of: overlay: use prop add changeset entry for property in new nodes
- of: overlay: do not duplicate properties from overlay for new nodes
- md/raid5: fix 'out of memory' during raid cache recovery
- cifs: Always resolve hostname before reconnecting
[ Luca Boccassi ]
* Do not generate linux-source-$ver stanza in debian/control if
source is set to disabled in debian/config/defines.
* linux-perf: explicitly disable the jvmti feature and shared library.
* Document pkg.linux.nosource in debian/README.source.
* [amd64] enable UIO_HV_GENERIC for Azure's VMBus access.
* [cloud-amd64] enable UIO for Azure's VMBus access, and VFIO for guests
running on an hypervisor that exposes a vIOMMU.
[ Ben Hutchings ]
* debian/rules.d, debian/rules.real: Restore build of userland headers for
tools
* debian/rules.d: Delete now-unused recursive makefiles
* debian/rules.d/tools/perf/Makefile: Delete redundant arch/profile checks
* debian/control: Add !pkg.linux.nokernel to qualification for compiler
build-deps
* [i386] debian/control: Fix cross-compiler build-dependency
* debian/README.source: Document how to run kconfigeditor2
* [armhf,arm64] serial: 8250: Disable SERIAL_8250_DEPRECATED_OPTIONS
* percpu: convert spin_lock_irq to spin_lock_irqsave (fixes boot failure with
alpha-generic flavour)
* debian/tests/python: Fix spurious failure due to misuse of stderr
* Update "Revert "objtool: Fix CONFIG_STACK_VALIDATION=y warning for ..."
to not duplicate the conditional warning/error
* Bump ABI to 3
* drivers/firmware: Enable FW_CFG_SYSFS as module (Closes: #882208)
* [arm64,armhf,ia64,riscv64,sparc64] udeb: Add usb-serial-modules
(Closes: #903824)
* [powerpc*,sparc64] udeb: Add nic-usb-modules
* [armhf,riscv64,s390x] udeb: Add cdrom-core-modules
* 9p: Enable NET_9P_XEN as module
* ACPI: Enable ACPI_TAD as module
* amd-xgbe: Enable AMD_XGBE_DCB
* ath9k: Enable ATH9K_CHANNEL_CONTEXT
* block: Enable BLK_DEV_ZONED (except armel/marvell)
* bluetooth: Enable BT_HCIUART_RTL; BT_HCIUART_NOKIA, BT_MTKUART as modules
* bnxt: Enable BNXT_DCB
* ethernet: Enable HINIC, ICE, LAN743X, LIQUIDIO_VF as modules
* can: Enable CAN_VXCAN, CAN_MCBA_USB, CAN_UCAN as modules
* dm: Enable DM_UNSTRIPED, DM_WRITECACHE, DM_ZONED as modules
* [arm64,armhf] drm: Enable DRM_PANEL_RASPBERRYPI_TOUCHSCREEN as module
* dvb-usb-v2: Enable DVB_USB_ZD1301 as module
* gnss: Enable GNSS, GNSS_SIRF_SERIAL, GNSS_UBX_SERIAL as modules
* gpio: Enable GPIO_EXAR, GPIO_PCI_IDIO_16, GPIO_PCIE_IDIO_24 as modules
* HID: Enable HID_ACCUTOUCH, HID_COUGAR, HID_ELAN, HID_ITE, HID_JABRA,
HID_MAYFLASH, HID_REDRAGON, HID_RETRODE, HID_STEAM, HID_UDRAW_PS3 as
modules
* [x86] i2c: Enable I2C_DESIGNWARE_BAYTRAIL
* IB: Enable CGROUP_RDMA (except armel/marvell)
* ieee802154: Enable IEEE802154_HWSIM as module
* inet: Enable INET_RAW_DIAG as module
* input: Enable INPUT_AXP20X_PEK as module
* IPMI: Enable IPMI_SSIF as module
* joystick: Enable JOYSTICK_PXRC as module
* media/rc: Enable IR_IMON_DECODER, IR_IMON_RAW as modules
* [x86] mfd: Enable INTEL_SOC_PMIC_BXTWC, INTEL_SOC_PMIC_CHTDC_TI as modules
* mlx5: Enable MLX5_FPGA, MLX5_CORE_IPOIB; MLXFW as module
* net: Enable BPF_STREAM_PARSER, XDP_SOCKETS (except armel/marvell)
(Closes: #908860); NET_FAILOVER, SMC, SMC_DIAG, VSOCKMON as modules
* net/phy: Enable LED_TRIGGER_PHY; CORTINA_PHY, DP83822_PHY, DP83TC811_PHY,
MARVELL_10G_PHY, MICROCHIP_T1_PHY, RENESAS_PHY, ROCKCHIP_PHY as modules
* net/sched: Enable NET_SCH_CBS, NET_SCH_ETF, NET_SCH_SKBPRIO, NET_EMATCH_IPT
as modules
* PCMCIA: Enable SCR24X as module
* [x86] pinctrl: Enable PINCTRL_CANNONLAKE, PINCTRL_CEDARFORK,
PINCTRL_DENVERTON, PINCTRL_GEMINILAKE, PINCTRL_ICELAKE, PINCTRL_LEWISBURG
* [x86] rmi4: Re-enable RMI4_CORE, RMI4_SMB as modules (Closes: #875621);
RMI4_F03, RMI4_F11, RMI4_F12, RMI4_F30, RMI4_F34, RMI4_F55
* xfrm: Enable XFRM_INTERFACE as module
* PCI: Enable PCI_PF_STUB as module
* ptp: Change PTP_1588_CLOCK_KVM from built-in to module
* random: Enable RANDOM_TRUST_CPU. This can be reverted using the kernel
parameter: random.trust_cpu=off
* SCSI: Enable QEDF, QEDI as modules
* serial: Enable SERIAL_8250_EXAR, USB_SERIAL_F8153X, USB_SERIAL_UPD78F0730
as modules
* sound: Enable SND_FIREWIRE_MOTU, SND_FIREFACE, SND_XEN_FRONTEND as modules
* [x86] sound: Enable SND_SOC_AMD_CZ_DA7219MX98357_MACH,
SND_SOC_AMD_CZ_RT5645_MACH, SND_SOC_INTEL_CHT_BSW_NAU8824_MACH,
SND_SOC_INTEL_BYT_CHT_DA7213_MACH, SND_SOC_INTEL_KBL_RT5663_MAX98927_MACH,
SND_SOC_INTEL_KBL_RT5663_RT5514_MAX98927_MACH,
SND_SOC_INTEL_KBL_DA7219_MAX98357A_MACH,
SND_SOC_INTEL_GLK_RT5682_MAX98357A_MACH as modules
* thermal: Enable DEVFREQ_THERMAL, THERMAL_STATISTICS
* tpm: Enable TCG_TIS_SPI, TCG_VTPM_PROXY as modules
* usbtouchscreen: Enable TOUCHSCREEN_USB_EASYTOUCH
* watchdog: Enable WATCHDOG_PRETIMEOUT_GOV, WATCHDOG_PRETIMEOUT_GOV_NOOP,
WATCHDOG_PRETIMEOUT_DEFAULT_GOV_NOOP; WATCHDOG_PRETIMEOUT_GOV_PANIC,
WDAT_WDT as modules
* [x86] watchdog: Enable INTEL_MEI_WDT, NI903X_WDT, NIC7018_WDT as modules
* wireless: Enable MT76x0U, MT76x2E, MT76x2U, QTNFMAC_PEARL_PCIE as modules
(Closes: #918331)
* zram: Enable ZRAM_WRITEBACK, ZRAM_MEMORY_TRACKING
* udeb: Add scsi-nic-modules containing Chelsio and Qlogic iSCSI/FC drivers
[ Marcin Juszkiewicz ]
* [arm64] enable ARM_CCI_PMU so ARM_CCI400_PMU and ARM_CCI5xx_PMU options
get really enabled.
* [arm64] enable PCI_PRI, PCI_PASID as PCI can be behind IOMMU in servers.
* udeb: Add virtio-gpu into d-i to get graphical output in VM instances.
* [arm64] Enable ARM64_ERRATUM_843419 (Closes: #920866)
[ Salvatore Bonaccorso ]
* [x86] kvmclock: set offset for kvm unstable clock (Closes: #918036)
* kvm: fix kvm_ioctl_create_device() reference counting (CVE-2019-6974)
* [x86] KVM: work around leak of uninitialized stack contents
(CVE-2019-7222)
* [x86] KVM: nVMX: unconditionally cancel preemption timer in free_nested
(CVE-2019-7221)
* HID: debug: fix the ring buffer implementation (CVE-2019-3819)
[ Hideki Yamane ]
* [x86] Enable Touchpad support on Gemini Lake via CONFIG_PINCTRL_GEMINILAKE
(Closes: #917388)
* [x86] Enable SND_SOC_ES8316 and Baytrail & Cherrytrail with ES8316 codec,
too (Closes: #918589)
* hwmon: Enable CONFIG_SENSORS_NCT7802,NCT7904,NPCM7XX,ASPEED and W83773G
to use HWMON hardware (Closes: #912597)
* net: can: Enable CONFIG_CAN_PEAK_PCIEFD for a PCI express CAN Bus adapter
(Closes: #920809)
* [armhf] Enable CONFIG_SENSORS_LM75 for armhf (Closes: #918114)
* [armhf] Enable CONFIG_IMX_THERMAL for armhf (Closes: #883023)
* [arm64] Enable CONFIG_ARM_ARMADA_37XX_CPUFREQ for arm64 (Closes: #917939)
[ Vagrant Cascadian ]
* [armhf] Enable CONFIG_MMC_SDHCI_OMAP=m, used on DRA7 and related SoCs.
[ Uwe Kleine-König ]
* [armel] add spi-orion to mtd.udeb to be able to access spi flash on e.g.
qnap ts-21x. (Closes: #920607)
-- Ben Hutchings <email address hidden> Mon, 11 Feb 2019 16:55:59 +0000
-
linux (4.19.16-1) unstable; urgency=medium
* New upstream stable update:
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.14
- ax25: fix a use-after-free in ax25_fillin_cb()
- gro_cell: add napi_disable in gro_cells_destroy
- ip6mr: Fix potential Spectre v1 vulnerability
- ipv4: Fix potential Spectre v1 vulnerability
- ipv6: explicitly initialize udp6_addr in udp_sock_create6()
- ipv6: tunnels: fix two use-after-free
- ip: validate header length on virtual device xmit
- isdn: fix kernel-infoleak in capi_unlocked_ioctl
- net/wan: fix a double free in x25_asy_open_tty()
- packet: validate address length
- packet: validate address length if non-zero
- ptr_ring: wrap back ->producer in __ptr_ring_swap_queue()
- sctp: initialize sin6_flowinfo for ipv6 addrs in sctp_inet6addr_event
- tipc: compare remote and local protocols in tipc_udp_enable()
- tipc: fix a double free in tipc_enable_bearer()
- tipc: fix a double kfree_skb()
- ipv6: frags: Fix bogus skb->sk in reassembled packets
- ipv6: route: Fix return value of ip6_neigh_lookup() on neigh_create()
error
- ALSA: rme9652: Fix potential Spectre v1 vulnerability
- ALSA: emu10k1: Fix potential Spectre v1 vulnerabilities
- ALSA: pcm: Fix potential Spectre v1 vulnerability
- ALSA: emux: Fix potential Spectre v1 vulnerabilities
- powerpc/fsl: Fix spectre_v2 mitigations reporting
- usb: r8a66597: Fix a possible concurrency use-after-free bug in
r8a66597_endpoint_disable()
- [s390x] s390/pci: fix sleeping in atomic during hotplug
- [x86] x86/speculation/l1tf: Drop the swap storage limit restriction when
l1tf=off
- [x86] x86/mm: Drop usage of __flush_tlb_all() in
kernel_physical_mapping_init()
- [x86] KVM: x86: Use jmp to invoke kvm_spurious_fault() from .fixup
- [arm64] arm64: KVM: Make VHE Stage-2 TLB invalidation operations
non-interruptible
- perf pmu: Suppress potential format-truncation warning
- perf env: Also consider env->arch == NULL as local operation
- ext4: fix possible use after free in ext4_quota_enable
- ext4: missing unlock/put_page() in ext4_try_to_write_inline_data()
- ext4: include terminating u32 in size of xattr entries when expanding
inodes
- ext4: force inode writes when nfsd calls commit_metadata()
- ext4: check for shutdown and r/o file system in ext4_write_inode()
- [armhf,arm64] spi: bcm2835: Fix race on DMA termination
- [armhf,arm64] spi: bcm2835: Fix book-keeping of DMA termination
- [armhf,arm64] spi: bcm2835: Avoid finishing transfer prematurely in IRQ
mode
- btrfs: dev-replace: go back to suspended state if target device is missing
- btrfs: dev-replace: go back to suspend state if another EXCL_OP is running
- btrfs: skip file_extent generation check for free_space_inode in
run_delalloc_nocow
- Btrfs: fix fsync of files with multiple hard links in new directories
- btrfs: run delayed items before dropping the snapshot
- Btrfs: send, fix race with transaction commits that create snapshots
- brcmfmac: Fix out of bounds memory access during fw load
- dax: Don't access a freed inode
- f2fs: read page index before freeing
- f2fs: sanity check of xattr entry size
- media: imx274: fix stack corruption in imx274_read_reg
- media: v4l2-tpg: array index could become negative
- tools lib traceevent: Fix processing of dereferenced args in bprintk
events
- [mips*] MIPS: math-emu: Write-protect delay slot emulation pages
- [mips*] MIPS: Ensure pmd_present() returns false after pmd_mknotpresent()
- [mips*] MIPS: Align kernel load address to 64KB
- [mips*] MIPS: Expand MIPS32 ASIDs to 64 bits
- CIFS: Fix error mapping for SMB2_LOCK command which caused OFD lock
problem
- smb3: fix large reads on encrypted connections
- [arm*] KVM: arm/arm64: vgic: Cap SPIs to the VM-defined maximum
- [arm*] KVM: arm/arm64: vgic-v2: Set active_source to 0 when restoring
state
- [arm*] KVM: arm/arm64: vgic: Fix off-by-one bug in vgic_get_irq()
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.15
- IB/core: Fix oops in netdev_next_upper_dev_rcu()
- xfrm: Fix NULL pointer dereference in xfrm_input when skb_dst_force
clears the dst_entry.
- ieee802154: hwsim: fix off-by-one in parse nested
- netfilter: seqadj: re-load tcp header pointer after possible head
reallocation
- scsi: bnx2fc: Fix NULL dereference in error handling
- [ppc64el] ibmvnic: Convert reset work item mutex to spin lock
- [ppc64el] ibmvnic: Fix non-atomic memory allocation in IRQ context
- [x86] x86/mm: Fix guard hole handling
- i40e: fix mac filter delete when setting mac address
- ixgbe: Fix race when the VF driver does a reset
- netfilter: nat: can't use dst_hold on noref dst
- bnx2x: Clear fip MAC when fcoe offload support is disabled
- bnx2x: Remove configured vlans as part of unload sequence.
- bnx2x: Send update-svid ramrod with retry/poll flags enabled
- mt76: fix potential NULL pointer dereference in mt76_stop_tx_queues
- [x86] x86, hyperv: remove PCI dependency
- [arm64] net: hns: All ports can not work when insmod hns ko after rmmod.
- [arm64] net: hns: Fixed bug that netdev was opened twice
- [arm64] net: hns: Clean rx fbd when ae stopped.
- [arm64] net: hns: Avoid net reset caused by pause frames storm
- [arm64] net: hns: Add mac pcs config when enable|disable mac
- [arm64] net: hns: Fix ping failed when use net bridge and send multicast
- mac80211: fix a kernel panic when TXing after TXQ teardown
- [arm64,riscv64] net: macb: fix random memory corruption on RX with
64-bit DMA
- [arm64.risvv64] net: macb: fix dropped RX frames due to a race
- lan78xx: Resolve issue with changing MAC address
- [s390x] scsi: zfcp: fix posting too many status read buffers leading to
adapter shutdown
- fork: record start_time late
- zram: fix double free backing device
- hwpoison, memory_hotplug: allow hwpoisoned pages to be offlined
- mm, devm_memremap_pages: kill mapping "System RAM" support
- memcg, oom: notify on oom killer invocation from the charge path
- mt76x0: init hw capabilities
- [amd64] media: cx23885: only reset DMA on problematic CPUs
- ALSA: cs46xx: Potential NULL dereference in probe
- ALSA: usb-audio: Avoid access before bLength check in
build_audio_procunit()
- ALSA: usb-audio: Check mixer unit descriptors more strictly
- ALSA: usb-audio: Fix an out-of-bound read in create_composite_quirks
- ALSA: usb-audio: Always check descriptor sizes in parser code
- Fix failure path in alloc_pid()
- block: deactivate blk_stat timer in wbt_disable_default()
- gfs2: Get rid of potential double-freeing in gfs2_create_inode
- gfs2: Fix loop in gfs2_rbm_find
- b43: Fix error in cordic routine
- nfsd4: zero-length WRITE should succeed
- [ppc*] powerpc/tm: Set MSR[TS] just prior to recheckpoint
- RDMA/srpt: Fix a use-after-free in the channel release code
- sched/fair: Fix infinite loop in update_blocked_averages() by reverting
a9e7f6544b9c
- [s390x] genwqe: Fix size check
- [x86] intel_th: msu: Fix an off-by-one in attribute store
- [armhf,arm64] drm/rockchip: psr: do not dereference encoder before it is
null checked.
- bnx2x: Fix NULL pointer dereference in bnx2x_del_all_vlans() on some hw
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.16
- Btrfs: fix deadlock when using free space tree due to block group
creation
- staging: rtl8188eu: Fix module loading from tasklet for CCMP encryption
- staging: rtl8188eu: Fix module loading from tasklet for WEP encryption
- cpufreq: scmi: Fix frequency invariance in slow path
- [x86] modpost: Replace last remnants of RETPOLINE with CONFIG_RETPOLINE
- ALSA: hda/realtek - Support Dell headset mode for New AIO platform
- ALSA: hda/realtek - Add unplug function into unplug state of Headset Mode
for ALC225
- ALSA: hda/realtek - Disable headset Mic VREF for headset mode of ALC225
- CIFS: Fix adjustment of credits for MTU requests
- CIFS: Do not set credits to 1 if the server didn't grant anything
- CIFS: Do not hide EINTR after sending network packets
- CIFS: Fix credit computation for compounded requests
- cifs: Fix potential OOB access of lock element array
- usb: cdc-acm: send ZLP for Telit 3G Intel based modems
- USB: storage: don't insert sane sense for SPC3+ when bad sense specified
- USB: storage: add quirk for SMI SM3350
- USB: Add USB_QUIRK_DELAY_CTRL_MSG quirk for Corsair K70 RGB
- slab: alien caches must not be initialized if the allocation of the alien
cache failed
- mm/usercopy.c: no check page span for stack objects
- mm, memcg: fix reclaim deadlock with writeback
- ACPI: power: Skip duplicate power resource references in _PRx
- ACPI / PMIC: xpower: Fix TS-pin current-source handling
- ACPI/IORT: Fix rc_dma_get_range()
- i2c: dev: prevent adapter retries and timeout being set as minus value
- vfio/type1: Fix unmap overflow off-by-one
- drm/amdgpu: Add new VegaM pci id
- PCI: dwc: Use interrupt masking instead of disabling
- PCI: dwc: Take lock when ACKing an interrupt
- PCI: dwc: Move interrupt acking into the proper callback
- drm/amd/display: Fix MST dp_blank REG_WAIT timeout
- drm/fb_helper: Allow leaking fbdev smem_start
- drm/fb-helper: Partially bring back workaround for bugs of SDL 1.2
- [x86] drm/i915: Unwind failure on pinning the gen7 ppgtt
- drm/amdgpu: Don't ignore rc from drm_dp_mst_topology_mgr_resume()
- drm/amdgpu: Don't fail resume process if resuming atomic state fails
- rbd: don't return 0 on unmap if RBD_DEV_FLAG_REMOVING is set
- ext4: make sure enough credits are reserved for dioread_nolock writes
- ext4: fix a potential fiemap/page fault deadlock w/ inline_data
- ext4: avoid kernel warning when writing the superblock to a dead device
- ext4: use ext4_write_inode() when fsyncing w/o a journal
- ext4: track writeback errors using the generic tracking infrastructure
- ext4: fix special inode number checks in __ext4_iget()
- mm: page_mapped: don't assume compound page is huge or THP
- sunrpc: use-after-free in svc_process_common()
- [armhf,arm64] KVM: Fix VMID alloc race by reverting to lock-less
- [arm64] compat: Don't pull syscall number from regs in arm_compat_syscall
- Btrfs: fix access to available allocation bits when starting balance
- Btrfs: fix deadlock when enabling quotas due to concurrent snapshot
creation
- Btrfs: use nofs context when initializing security xattrs to avoid
deadlock
[ John Paul Adrian Glaubitz ]
* [m68k] Add patch to build with -ffreestanding to fix FTBFS
[ Ben Hutchings ]
* [ia64,m68k] libbpf: Really don't build on architectures without perf events
* Use dh_listpackages to determine which packages to build
* Add pkg.linux.nokernel build profile that excludes kernel image and header
packages
[ Yves-Alexis Perez ]
* Bump ABI to 2 because of changes in struct sock_common from 60f05dddf1eb
* [rt] Update to 4.19.15-rt12
- rtmutex/rwlock: preserve state like a sleeping lock
[ Salvatore Bonaccorso ]
* ipv6: Consider sk_bound_dev_if when binding a socket to an address
(Closes: #918103)
* posix-cpu-timers: Unbreak timer rearming (Closes: #919019, #919049)
[ Michal Simek ]
* [arm64] Enable Xilinx ZynqMP SoC and drivers
[ YunQiang Su ]
* [mipsel, mips64el] Enable DRM_AST and FB_SM750 for loongson-3
install ast and sm750fb to loongson-3's fb-modules
[ Romain Perier ]
* [rt] Update to 4.19.13-rt10
[ Luigi Baldoni ]
* [x86] Enable LEDS_APU to support leds on PC Engines
APU SBC series
-- Ben Hutchings <email address hidden> Thu, 17 Jan 2019 18:56:17 +0000
-
linux (4.19.13-1) unstable; urgency=medium
* New upstream stable update:
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.13
- Revert "vfs: Allow userns root to call mknod on owned filesystems."
- USB: hso: Fix OOB memory access in hso_probe/hso_get_config_data
(CVE-2018-19985)
- xhci: Don't prevent USB2 bus suspend in state check intended for USB3
only
- USB: xhci: fix 'broken_suspend' placement in struct xchi_hcd
- USB: serial: option: add GosunCn ZTE WeLink ME3630
- USB: serial: option: add HP lt4132
- USB: serial: option: add Simcom SIM7500/SIM7600 (MBIM mode)
- USB: serial: option: add Fibocom NL668 series
- USB: serial: option: add Telit LN940 series
- ubifs: Handle re-linking of inodes correctly while recovery
- scsi: t10-pi: Return correct ref tag when queue has no integrity profile
- scsi: sd: use mempool for discard special page
- mmc: core: Reset HPI enabled state during re-init and in case of errors
- mmc: core: Allow BKOPS and CACHE ctrl even if no HPI support
- mmc: core: Use a minimum 1600ms timeout when enabling CACHE ctrl
- [armhf] mmc: omap_hsmmc: fix DMA API warning
- gpiolib-acpi: Only defer request_irq for GpioInt ACPI event handlers
- posix-timers: Fix division by zero bug
- [x86] KVM: Fix NULL deref in vcpu_scan_ioapic
- [x86] kvm: Add AMD's EX_CFG to the list of ignored MSRs
- [x86] KVM: Fix UAF in nested posted interrupt processing
- [x86] Drivers: hv: vmbus: Return -EINVAL for the sys files for unopened
channels
- futex: Cure exit race
- [x86] mtrr: Don't copy uninitialized gentry fields back to userspace
- [x86] mm: Fix decoy address handling vs 32-bit builds (Closes: #917569)
- [x86] vdso: Pass --eh-frame-hdr to the linker
- panic: avoid deadlocks in re-entrant console drivers
- mm: add mm_pxd_folded checks to pgtable_bytes accounting functions
- mm: make the __PAGETABLE_PxD_FOLDED defines non-empty
- mm: introduce mm_[p4d|pud|pmd]_folded
- xfrm_user: fix freeing of xfrm states on acquire
- rtlwifi: Fix leak of skb when processing C2H_BT_INFO
- iwlwifi: mvm: don't send GEO_TX_POWER_LIMIT to old firmwares
- Revert "mwifiex: restructure rx_reorder_tbl_lock usage"
- iwlwifi: add new cards for 9560, 9462, 9461 and killer series
- mm, memory_hotplug: initialize struct pages for the full memory section
- mm: thp: fix flags for pmd migration when split
- mm, page_alloc: fix has_unmovable_pages for HugePages
- mm: don't miss the last page because of round-off error
- Input: elantech - disable elan-i2c for P52 and P72
- proc/sysctl: don't return ENOMEM on lookup when a table is unregistering
- drm/ioctl: Fix Spectre v1 vulnerabilities
[ Uwe Kleine-König ]
* [armhf] enable some kconfig items for Allwinner SoCs (SUNXI_CCU=y,
SUN8I_DE2_CCU=y, DRM_SUN8I_DW_HDMI=m, SND_SUN8I_CODEC=m,
SND_SUN8I_CODEC_ANALOG=m). (Closes: #915899)
[ Ben Hutchings ]
* linux-image-*-unsigned: Remove Provides field (Closes: #916927)
* [ia64,m68k] libbpf: Don't build on architectures without performance events
* [riscv64] tools uapi: fix RISC-V 64-bit support
* [powerpc,powerpcspe,ppc64] linux-config: Eliminate config.*_bootwrapper.gz
files
* [powerpcspe] Fix -mcpu= options for SPE-only compiler
* debian/lib/python/debian_linux/debian.py: Fix deprecated import of
MutableSet
* Fix pycodestyle "line break after binary operator" warnings
* Fix pycodestyle "inalid escape sequence" warnings
[ Romain Perier ]
* [rt] Update to 4.19.10-rt8
-- Salvatore Bonaccorso <email address hidden> Sun, 30 Dec 2018 10:04:03 +0100
-
linux (4.19.12-1) unstable; urgency=medium
* New upstream stable update:
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.10
- ipv4: ipv6: netfilter: Adjust the frag mem limit when truesize changes
- ipv6: Check available headroom in ip6_xmit() even without options
- ipv6: sr: properly initialize flowi6 prior passing to ip6_route_output
- [arm64, hppa, powerpc, x86, alpha, armhf, mips*] net: 8139cp: fix a BUG
triggered by changing mtu with network traffic
- net: phy: don't allow __set_phy_supported to add unsupported modes
- net: Prevent invalid access to skb->prev in __qdisc_drop_all
- net: use skb_list_del_init() to remove from RX sublists
- Revert "net/ibm/emac: wrong bit is used for STA control"
- rtnetlink: ndo_dflt_fdb_dump() only work for ARPHRD_ETHER devices
- sctp: kfree_rcu asoc
- tcp: Do not underestimate rwnd_limited
- tcp: fix NULL ref in tail loss probe
- tun: forbid iface creation with rtnl ops
- virtio-net: keep vnet header zeroed after processing XDP
- net: phy: sfp: correct store of detected link modes
- sctp: update frag_point when stream_interleave is set
- net: restore call to netdev_queue_numa_node_write when resetting XPS
- net: fix XPS static_key accounting
- [armhf] OMAP2+: prm44xx: Fix section annotation on
omap44xx_prm_enable_io_wakeup
- [arm64, x86] staging: rtl8723bs: Fix the return value in case of error in
'rtw_wx_read32()'
- [armhf] dts: am3517: Fix pinmuxing for CD on MMC1
- [armhf] dts: LogicPD Torpedo: Fix mmc3_dat1 interrupt
- [armhf] dts: logicpd-somlv: Fix interrupt on mmc3_dat1
- [armhf] dts: am3517-som: Fix WL127x Wifi interrupt
- tools: bpftool: prevent infinite loop in get_fdinfo()
- [arm64] dts: sdm845-mtp: Reserve reserved gpios
- sysv: return 'err' instead of 0 in __sysv_write_inode
- netfilter: nf_tables: don't skip inactive chains during update
- perf tools: Fix crash on synthesizing the unit
- netfilter: xt_RATEEST: remove netns exit routine
- netfilter: nf_tables: fix use-after-free when deleting compat expressions
- [armhf] ASoC: rockchip: add missing slave_config setting for I2S
- s390/cpum_cf: Reject request for sampling in event initialization
- [arm64, armel, x86, armhf] ASoC: dapm: Recalculate audio map forcely when
card instantiated
- [armhf] spi: omap2-mcspi: Add missing suspend and resume calls
- bpf: allocate local storage buffers using GFP_ATOMIC
- aio: fix failure to put the file pointer
- netfilter: xt_hashlimit: fix a possible memory leak in htable_create()
- hwmon: (w83795) temp4_type has writable permission
- perf tools: Restore proper cwd on return from mnt namespace
- [armhf] PCI: imx6: Fix link training status detection in link up check
- objtool: Fix double-free in .cold detection error path
- objtool: Fix segfault in .cold detection with -ffunction-sections
- [arm64] phy: qcom-qusb2: Use HSTX_TRIM fused value as is
- [arm64] phy: qcom-qusb2: Fix HSTX_TRIM tuning with fused value for SDM845
- Btrfs: send, fix infinite loop due to directory rename dependencies
- RDMA/mlx5: Fix fence type for IB_WR_LOCAL_INV WR
- RDMA/core: Add GIDs while changing MAC addr only for registered ndev
- RDMA/rdmavt: Fix rvt_create_ah function signature
- tools: bpftool: fix potential NULL pointer dereference in do_load
- ipvs: call ip_vs_dst_notifier earlier than ipv6_dev_notf
- [x86] thunderbolt: Prevent root port runtime suspend during NVM upgrade
- [arm64] drm/meson: add support for 1080p25 mode
- netfilter: ipv6: Preserve link scope traffic original oif
- IB/mlx5: Fix page fault handling for MW
- netfilter: add missing error handling code for register functions
- [x86] KVM: VMX: Update shared MSRs to be saved/restored on MSR_EFER.LMA
changes
- [x86] kvm/vmx: fix old-style function declaration
- [arm64] net: thunderx: fix NULL pointer dereference in nic_remove
- netfilter: nf_tables: deactivate expressions in rule replecement routine
- ALSA: usb-audio: Add vendor and product name for Dell WD19 Dock
- cachefiles: Fix an assertion failure when trying to update a failed object
- fscache: Fix race in fscache_op_complete() due to split atomic_sub & read
- cachefiles: Fix page leak in cachefiles_read_backing_file while vmscan is
active
- igb: fix uninitialized variables
- ixgbe: recognize 1000BaseLX SFP modules as 1Gbps
- [arm64] net: hisilicon: remove unexpected free_netdev
- drm/amdgpu: Add delay after enable RLC ucode
- [arm64, powerpc, x86] drm/ast: fixed reading monitor EDID not stable issue
- Revert "xen/balloon: Mark unallocated host memory as UNUSABLE"
- afs: Fix validation/callback interaction
- fscache: fix race between enablement and dropping of object
- cachefiles: Explicitly cast enumerated type in put_object
- fscache, cachefiles: remove redundant variable 'cache'
- nvme: warn when finding multi-port subsystems without multipathing enabled
- ocfs2: fix deadlock caused by ocfs2_defrag_extent()
- mm/page_alloc.c: fix calculation of pgdat->nr_zones
- hfs: do not free node before using
- hfsplus: do not free node before using
- initramfs: clean old path before creating a hardlink
- ocfs2: fix potential use after free
- dax: Check page->mapping isn't NULL
- ALSA: hda/realtek - Fixed headphone issue for ALC700
- ALSA: hda/realtek: ALC294 mic and headset-mode fixups for ASUS X542UN
- ALSA: hda/realtek: Enable audio jacks of ASUS UX533FD with ALC294
- ALSA: hda/realtek: Enable audio jacks of ASUS UX433FN/UX333FA with ALC294
- ALSA: hda/realtek - Fix the mute LED regresion on Lenovo X1 Carbon
- IB/hfi1: Fix an out-of-bounds access in get_hw_stats
- bpf: fix off-by-one error in adjust_subprog_starts
- tcp: lack of available data can also cause TSO defer
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.11
- sched/pelt: Fix warning and clean up IRQ PELT config
- scsi: raid_attrs: fix unused variable warning
- [i386] staging: olpc_dcon: add a missing dependency
- [arm64] dts: qcom-apq8064-arrow-sd-600eval fix graph_endpoint warning
- [arm64] drm/msm: fix address space warning
- aio: fix spectre gadget in lookup_ioctx
- fs/iomap.c: get/put the page in iomap_page_create/release()
- userfaultfd: check VM_MAYWRITE was set after verifying the uffd is
registered
- [arm64] dma-mapping: Fix FORCE_CONTIGUOUS buffer clearing
- block/bio: Do not zero user pages
- ovl: fix decode of dir file handle with multi lower layers
- ovl: fix missing override creds in link of a metacopy upper
- [armhf] MMC: OMAP: fix broken MMC on OMAP15XX/OMAP5910/OMAP310
- mmc: core: use mrq->sbc when sending CMD23 for RPMB
- mmc: sdhci: fix the timeout check window for clock and reset
- fuse: continue to send FUSE_RELEASEDIR when FUSE_OPEN returns ENOSYS
- [arm] mmp/mmp2: fix cpu_is_mmp2() on mmp2-dt
- [arm] dts: bcm2837: Fix polarity of wifi reset GPIOs (Closes: #911443)
- dm thin: send event about thin-pool state change _after_ making it
- dm cache metadata: verify cache has blocks in
blocks_are_clean_separate_dirty()
- dm: call blk_queue_split() to impose device limits on bios
- tracing: Fix memory leak of instance function hash filters
- [powerpc*] msi: Fix NULL pointer access in teardown code
- drm/nouveau/kms: Fix memory leak in nv50_mstm_del()
- drm/nouveau/kms/nv50-: also flush fb writes when rewinding push buffer
- Revert "drm/rockchip: Allow driver to be shutdown on reboot/kexec"
- [x86] drm/i915/execlists: Apply a full mb before execution for Braswell
- [amd64] drm/amdkfd: add new vega10 pci ids
- drm/amdgpu: add some additional vega10 pci ids
- drm/amdgpu: update smu firmware images for VI variants (v2)
- drm/amdgpu: update SMC firmware image for polaris10 variants
- [x86] build: Fix compiler support check for CONFIG_RETPOLINE
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.12
- locking/qspinlock: Re-order code
- [x86] locking/qspinlock, x86: Provide liveness guarantee
- [amd64] IB/hfi1: Remove race conditions in user_sdma send path
- mac80211_hwsim: fix module init error paths for netlink
- [x86] Input: hyper-v - fix wakeup from suspend-to-idle
- scsi: libiscsi: Fix NULL pointer dereference in iscsi_eh_session_reset
- [x86] scsi: vmw_pscsi: Rearrange code to avoid multiple calls to
free_irq during unload
- [x86] earlyprintk/efi: Fix infinite loop on some screen widths
- [arm64] drm/msm: Fix task dump in gpu recovery
- [arm64] drm/msm/gpu: Fix a couple memory leaks in debugfs
- [arm64] drm/msm: fix handling of cmdstream offset
- [arm64] drm/msm/dsi: configure VCO rate for 10nm PLL driver
- [arm64] drm/msm: Grab a vblank reference when waiting for commit_done
- drm/ttm: fix LRU handling in ttm_buffer_object_transfer
- drm/amdgpu: wait for IB test on first device open
- [arm64,armhf] net: stmmac: Move debugfs init/exit to
->probe()/->remove()
- [amd64] net: aquantia: fix rx checksum offload bits
- bonding: fix 802.3ad state sent to partner when unbinding slave
- liquidio: read sc->iq_no before release sc
- nfs: don't dirty kernel pages read by direct-io
- SUNRPC: Fix a potential race in xprt_connect()
- [sparc64] sbus: char: add of_node_put()
- [sparc64] drivers/sbus/char: add of_node_put()
- [sparc64] drivers/tty: add missing of_node_put()
- [arm64] drm/msm/hdmi: Enable HPD after HDMI IRQ is set up
- [amr64] drm/msm: dpu: Don't set legacy plane->crtc pointer
- [arm64] drm/msm: dpu: Fix "WARNING: invalid free of devm_ allocated
data"
- [arm64] drm/msm: Fix error return checking
- [arm64] clk: mvebu: Off by one bugs in cp110_of_clk_get()
- Input: synaptics - enable SMBus for HP 15-ay000
- [armhf] Input: omap-keypad - fix keyboard debounce configuration
- libata: whitelist all SAMSUNG MZ7KM* solid-state disks
- macvlan: return correct error value
- [arm64,armhf] mv88e6060: disable hardware level MAC learning
- net/mlx4_en: Fix build break when CONFIG_INET is off
- bpf: check pending signals while verifying programs
- [arm*] 8814/1: mm: improve/fix ARM v7_dma_inv_range() unaligned address
handling
- [arm*] 8815/1: V7M: align v7m_dma_inv_range() with v7 counterpart
- [arm*] 8816/1: dma-mapping: fix potential uninitialized return
- [arm64,armhf] thermal: armada: fix legacy validity test sense
- [arm64,armhf] net: mvpp2: fix detection of 10G SFP modules
- [arm64,armhf] net: mvpp2: fix phylink handling of invalid PHY modes
- drm/amdgpu/vcn: Update vcn.cur_state during suspend
- [amd64,arm64] acpi/nfit: Fix user-initiated ARS to be "ARS-long" rather
than "ARS-short"
- drm/ast: Fix connector leak during driver unload
- cifs: In Kconfig CONFIG_CIFS_POSIX needs depends on legacy (insecure
cifs)
- vhost/vsock: fix reset orphans race with close timeout
- [x86] i2c: scmi: Fix probe error on devices with an empty SMB0001 ACPI
device node
- nvme: validate controller state before rescheduling keep alive
- nvmet-rdma: fix response use after free
- Btrfs: fix missing delayed iputs on unmount
[ Uwe Kleine-König ]
* [arm] Fix probing of 3rd gpio device on Armada 370.
[ Ben Hutchings ]
* linux-perf: Fix build-time check for unversioned files
* linux-perf: Fix installation directories for BPF headers and examples
(Closes: #916774)
[ Noah Meyerhans ]
* drivers/net/ethernet/amazon: Backport v2.0.2 from Linux 4.20
[ Bastian Blank ]
* Ignore various ABI changes.
[ Salvatore Bonaccorso ]
* iomap: Revert "fs/iomap.c: get/put the page in
iomap_page_create/release()"
-- Salvatore Bonaccorso <email address hidden> Sat, 22 Dec 2018 09:06:45 +0100
-
linux (4.18.20-2) unstable; urgency=medium
* linux-kbuild: Include scripts/subarch.include (Closes: #910348)
-- Ben Hutchings <email address hidden> Fri, 23 Nov 2018 19:15:55 +0000
-
linux (4.18.10-2) unstable; urgency=medium
[ Ben Hutchings ]
* [rt][arm64,armhf] Fix build failure after rebasing onto 4.18.10
* xen-netback: fix input validation in xenvif_set_hash_mapping()
(CVE-2018-15471)
* Revert "uapi/linux/keyctl.h: don't use C++ reserved keyword as a struct
member name" (Closes: #909813)
[ Salvatore Bonaccorso ]
* [arm64] KVM: Tighten guest core register access from userspace
(CVE-2018-18021)
* [arm64] KVM: Sanitize PSTATE.M when being set from userspace
(CVE-2018-18021)
-- Ben Hutchings <email address hidden> Sun, 07 Oct 2018 21:57:06 +0100
-
linux (4.18.6-1) unstable; urgency=medium
* New upstream stable update:
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.18.6
- scsi: libsas: dynamically allocate and free ata host
- xprtrdma: Fix disconnect regression
- mei: don't update offset in write
- cifs: add missing support for ACLs in SMB 3.11
- cifs: fix uninitialized ptr deref in smb2 signing
- cifs: add missing debug entries for kconfig options
- cifs: use a refcount to protect open/closing the cached file handle
- cifs: check kmalloc before use
- smb3: enumerating snapshots was leaving part of the data off end
- smb3: Do not send SMB3 SET_INFO if nothing changed
- smb3: don't request leases in symlink creation and query
- smb3: fill in statfs fsid and correct namelen
- btrfs: use correct compare function of dirty_metadata_bytes
- btrfs: don't leak ret from do_chunk_alloc
- Btrfs: fix mount failure after fsync due to hard link recreation
- Btrfs: fix btrfs_write_inode vs delayed iput deadlock
- Btrfs: fix send failure when root has deleted files still open
- Btrfs: send, fix incorrect file layout after hole punching beyond eof
- hwmon: (k10temp) 27C Offset needed for Threadripper2
- [armhf] bpf: fix stack var offset in jit
- [armhf, arm64] iommu/arm-smmu: Error out only if not enough context
interrupts
- printk: Split the code for storing a message into the log buffer
- printk: Create helper function to queue deferred console handling
- printk/nmi: Prevent deadlock when accessing the main log buffer in NMI
- [arm64] kprobes: Fix %p uses in error messages
- [arm64] Fix mismatched cache line size detection
- [arm64] Handle mismatched cache type
- [arm64] mm: check for upper PAGE_SHIFT bits in pfn_valid()
- [arm64] dts: rockchip: corrected uart1 clock-names for rk3328
- [armhf, arm64] KVM: Fix potential loss of ptimer interrupts
- [armhf, arm64] KVM: Fix lost IRQs from emulated physcial timer when
blocked
- [armhf, arm64] KVM: Skip updating PMD entry if no change
- [armhf, arm64] KVM: Skip updating PTE entry if no change
- [s390x] kvm: fix deadlock when killed by oom
- [s390x] perf kvm: Fix subcommands on s390
- stop_machine: Reflow cpu_stop_queue_two_works()
- stop_machine: Atomically queue and wake stopper threads
- ext4: check for NUL characters in extended attribute's name
- ext4: use ext4_warning() for sb_getblk failure
- ext4: sysfs: print ext4_super_block fields as little-endian
- ext4: reset error code in ext4_find_entry in fallback
- ext4: fix race when setting the bitmap corrupted flag
- nvme-pci: add a memory barrier to nvme_dbbuf_update_and_check_event
- [x86] gpu: reserve ICL's graphics stolen memory
- [x86] platform: wmi: Do not mix pages and kmalloc
- [x86] platform: ideapad-laptop: Apply no_hw_rfkill to Y20-15IKBM, too
- mm: move tlb_table_flush to tlb_flush_mmu_free
- [x86] mm/tlb, mm: Support invalidating TLB caches for RCU_TABLE_FREE
- [x86] speculation/l1tf: Fix overflow in l1tf_pfn_limit() on 32bit
- [x86] speculation/l1tf: Fix off-by-one error when warning that system has
too much RAM (Closes: #907581)
- [x86] speculation/l1tf: Suggest what to do on systems with too much RAM
- [x86] vdso: Fix vDSO build if a retpoline is emitted
- [x86] process: Re-export start_thread()
- [x86] KVM: ensure all MSRs can always be KVM_GET/SET_MSR'd
- [x86] KVM: SVM: Call x86_spec_ctrl_set_guest/host() with interrupts
disabled
- fuse: Don't access pipe->buffers without pipe_lock()
- fuse: fix initial parallel dirops
- fuse: fix double request_end()
- fuse: fix unlocked access to processing queue
- fuse: umount should wait for all requests
- fuse: Fix oops at process_init_reply()
- fuse: Add missed unlock_page() to fuse_readpages_fill()
- lib/vsprintf: Do not handle %pO[^F] as %px
- udl-kms: change down_interruptible to down
- udl-kms: handle allocation failure
- udl-kms: fix crash due to uninitialized memory
- udl-kms: avoid division
- b43legacy/leds: Ensure NUL-termination of LED name string
- b43/leds: Ensure NUL-termination of LED name string
- ASoC: dpcm: don't merge format from invalid codec dai
- ASoC: zte: Fix incorrect PCM format bit usages
- ASoC: sirf: Fix potential NULL pointer dereference
- ASoC: wm_adsp: Correct DSP pointer for preloader control
- [armhf] pinctrl: freescale: off by one in imx1_pinconf_group_dbg_show()
- scsi: qla2xxx: Fix stalled relogin
- [x86] vdso: Fix lsl operand order
- [x86 ]nmi: Fix NMI uaccess race against CR3 switching
- [x86] irqflags: Mark native_restore_fl extern inline
- [x86] spectre: Add missing family 6 check to microcode check
- [x86] speculation/l1tf: Increase l1tf memory limit for Nehalem+
(Closes: #907581)
- hwmon: (nct6775) Fix potential Spectre v1
- [x86] entry/64: Wipe KASAN stack shadow before rewind_stack_do_exit()
- [x86] Allow generating user-space headers without a compiler
- [s390x] mm: fix addressing exception after suspend/resume
- [s390x] lib: use expoline for all bcr instructions
- [s390x] fix br_r1_trampoline for machines without exrl
- [s390x] qdio: reset old sbal_state flags
- [s390x] numa: move initial setup of node_to_cpumask_map
- [s390x] pci: fix out of bounds access during irq setup
- [s390x] purgatory: Fix crash with expoline enabled
- [s390x] purgatory: Add missing FORCE to Makefile targets
- kprobes: Show blacklist addresses as same as kallsyms does
- kprobes: Replace %p with other pointer types
- kprobes/arm: Fix %p uses in error messages
- kprobes: Make list and blacklist root user read only
- [mips*] Correct the 64-bit DSP accumulator register size
- [mips*] memset.S: Fix byte_fixup for MIPSr6
- [mips*] Always use -march=<arch>, not -<arch> shortcuts
- [mips*] Change definition of cpu_relax() for Loongson-3
- [mips*] lib: Provide MIPS64r6 __multi3() for GCC < 7
- tpm: Return the actual size when receiving an unsupported command
- tpm: separate cmd_ready/go_idle from runtime_pm
- scsi: mpt3sas: Fix calltrace observed while running IO & reset
- scsi: mpt3sas: Fix _transport_smp_handler() error path
- scsi: sysfs: Introduce sysfs_{un,}break_active_protection()
- scsi: core: Avoid that SCSI device removal through sysfs triggers a
deadlock
- iscsi target: fix session creation failure handling
- mtd: rawnand: hynix: Use ->exec_op() in hynix_nand_reg_write_op()
- mtd: rawnand: fsmc: Stop using chip->read_buf()
- mtd: rawnand: marvell: add suspend and resume hooks
- mtd: rawnand: qcom: wait for desc completion in all BAM channels
- [arm64] clk: rockchip: fix clk_i2sout parent selection bits on rk3399
- PM / clk: signedness bug in of_pm_clk_add_clks()
- power: generic-adc-battery: fix out-of-bounds write when copying channel
properties
- power: generic-adc-battery: check for duplicate properties copied from
iio channels
- watchdog: Mark watchdog touch functions as notrace
- cdrom: Fix info leak/OOB read in cdrom_ioctl_drive_status
- [x86] dumpstack: Don't dump kernel memory based on usermode RIP
[ Ben Hutchings ]
* Set ABI to 1
* [x86,arm64] Disable code signing for upload to unstable
* [rt] Re-enable PREEMPT_RT
* aufs: Update support patchset to aufs4.18-20180827 (no functional change)
* netfilter: Enable NF_TABLES_SET as module, replacing the multiple set
type modules that were enabled before 4.18
* [powerpc,powerpcspe,ppc64] Build-Depend on updated kernel-wedge to fix
broken symlinks in kernel-image udeb
[ Romain Perier ]
* [rt] Update to 4.18.5-rt3
-- Ben Hutchings <email address hidden> Thu, 06 Sep 2018 15:32:14 +0100
-
linux (4.17.17-1) unstable; urgency=medium
* New upstream stable update:
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.17.16
- [x86] platform/UV: Mark memblock related init code and data correctly
- [x86] mm/pti: Clear Global bit more aggressively
- [x86] xen/pv: Call get_cpu_address_sizes to set x86_virt/phys_bits
- [x86] mm: Disable ioremap free page handling on x86-PAE
- kbuild: verify that $DEPMOD is installed
- [x86] crypto: ccp - Check for NULL PSP pointer at module unload
- [x86] crypto: ccp - Fix command completion detection race
- crypto: vmac - require a block cipher with 128-bit block size
- crypto: vmac - separate tfm and request context
- crypto: blkcipher - fix crash flushing dcache in error path
- crypto: ablkcipher - fix crash flushing dcache in error path
- crypto: skcipher - fix aligning block size in skcipher_copy_iv()
- crypto: skcipher - fix crash flushing dcache in error path
- ioremap: Update pgtable free interfaces with addr
- [x86] mm: Add TLB purge to free pmd/pte page interfaces
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.17.17
- [x86] speculation/l1tf: Exempt zeroed PTEs from inversion
-- Salvatore Bonaccorso <email address hidden> Sat, 18 Aug 2018 14:02:58 +0200
-
linux (4.17.14-1) unstable; urgency=high
* New upstream stable update:
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.17.9
- compiler-gcc.h: Add __attribute__((gnu_inline)) to all inline declarations
- [x86] asm: Add _ASM_ARG* constants for argument registers to <asm/asm.h>
- [x86] paravirt: Make native_save_fl() extern inline
- alx: take rtnl before calling __alx_open from resume
- atm: Preserve value of skb->truesize when accounting to vcc
- atm: zatm: Fix potential Spectre v1
- [x86] hv_netvsc: split sub-channel setup into async and sync
- ipv6: sr: fix passing wrong flags to crypto_alloc_shash()
- ipvlan: fix IFLA_MTU ignored on NEWLINK
- ixgbe: split XDP_TX tail and XDP_REDIRECT map flushing
- net: dccp: avoid crash in ccid3_hc_rx_send_feedback()
- net: dccp: switch rx_tstamp_last_feedback to monotonic clock
- net: fix use-after-free in GRO with ESP
- net/mlx5e: Avoid dealing with vport representors if not being e-switch
manager
- net/mlx5e: Don't attempt to dereference the ppriv struct if not being
eswitch manager
- net/mlx5: E-Switch, Avoid setup attempt if not being e-switch manager
- net/mlx5: Fix command interface race in polling mode
- net/mlx5: Fix incorrect raw command length parsing
- net/mlx5: Fix required capability for manipulating MPFS
- net/mlx5: Fix wrong size allocation for QoS ETC TC regitster
- [armhf, arm64] net: mvneta: fix the Rx desc DMA address in the Rx path
- net/packet: fix use-after-free
- net/sched: act_ife: fix recursive lock and idr leak
- net/sched: act_ife: preserve the action control in case of error
- net_sched: blackhole: tell upper qdisc about dropped packets
- net: sungem: fix rx checksum support
- net/tcp: Fix socket lookups with SO_BINDTODEVICE
- qede: Adverstise software timestamp caps when PHC is not available.
- qed: Fix setting of incorrect eswitch mode.
- qed: Fix use of incorrect size in memcpy call.
- qed: Limit msix vectors in kdump kernel to the minimum required count.
- qmi_wwan: add support for the Dell Wireless 5821e module
- r8152: napi hangup fix after disconnect
- [s390x] qeth: don't clobber buffer on async TX completion
- [armhf, arm64] stmmac: fix DMA channel hang in half-duplex mode
- tcp: fix Fast Open key endianness
- tcp: prevent bogus FRTO undos with non-SACK flows
- vhost_net: validate sock before trying to put its fd
- VSOCK: fix loopback on big-endian systems
- nfp: flower: fix mpls ether type detection
- net: use dev_change_tx_queue_len() for SIOCSIFTXQLEN
- nfp: reject binding to shared blocks
- xen-netfront: Fix mismatched rtnl_unlock
- xen-netfront: Update features after registering netdev
- enic: do not overwrite error code
- i40e: split XDP_TX tail and XDP_REDIRECT map flushing
- IB/mlx5: Avoid dealing with vport representors if not being e-switch
manager
- [s390x] Revert "s390/qeth: use Read device to query hypervisor for MAC"
- [s390x] qeth: avoid using is_multicast_ether_addr_64bits on (u8 *)[6]
- [s390x] qeth: fix race when setting MAC address
- sfc: correctly initialise filter rwsem for farch
- virtio_net: split XDP_TX kick and XDP_REDIRECT map flushing
- [x86] kvm/Kconfig: Ensure CRYPTO_DEV_CCP_DD state at minimum matches
KVM_AMD
- net: cxgb3_main: fix potential Spectre v1
- net: lan78xx: Fix race in tx pending skb size calculation
- [x86] PCI: hv: Disable/enable IRQs rather than BH in hv_compose_msi_msg()
- netfilter: ebtables: reject non-bridge targets
- reiserfs: fix buffer overflow with long warning messages
- KEYS: DNS: fix parsing multiple options
- tls: Stricter error checking in zerocopy sendmsg path
- autofs: fix slab out of bounds read in getname_kernel()
- netfilter: ipv6: nf_defrag: drop skb dst before queueing
- bpf: reject any prog that failed read-only lock
- rds: avoid unenecessary cong_update in loop transport
- block: don't use blocking queue entered for recursive bio submits
- bpf: sockmap, fix crash when ipv6 sock is added
- bpf: sockmap, consume_skb in close path
- bpf: don't leave partial mangled prog in jit_subprogs error path
- net/nfc: Avoid stalls when nfc_alloc_send_skb() returned NULL.
- ipvs: initialize tbl->entries after allocation
- ipvs: initialize tbl->entries in ip_vs_lblc_init_svc()
- [armhf, arm64] smccc: Add SMCCC-specific return codes
- [arm64] Add 'ssbd' command-line option
- [arm64] ssbd: Add global mitigation state accessor
- [arm64] ssbd: Skip apply_ssbd if not using dynamic mitigation
- [arm64] ssbd: Restore mitigation status on CPU resume
- [arm64] ssbd: Introduce thread flag to control userspace mitigation
- [arm64] ssbd: Add prctl interface for per-thread mitigation
- [arm64] KVM: Add HYP per-cpu accessors
ARCH_FEATURES_FUNC_ID
- bpf: enforce correct alignment for instructions
- [armhf] bpf: fix to use bpf_jit_binary_lock_ro api
- bpf: undo prog rejection on read-only lock failure
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.17.10
- scsi: sd_zbc: Fix variable type and bogus comment
- scsi: qla2xxx: Fix inconsistent DMA mem alloc/free
- scsi: qla2xxx: Fix kernel crash due to late workqueue allocation
- scsi: qla2xxx: Fix NULL pointer dereference for fcport search
- KVM/Eventfd: Avoid crash when assign and deassign specific eventfd in
parallel.
- KVM: irqfd: fix race between EPOLLHUP and irq_bypass_register_consumer
- [x86] KVM: VMX: Mark VMXArea with revision_id of physical CPU even when
eVMCS enabled
- [x86] kvm/vmx: don't read current->thread.{fs,gs}base of legacy tasks
- [x86] kvmclock: set pvti_cpu0_va after enabling kvmclock
- [x86] apm: Don't access __preempt_count with zeroed fs
- [x86] events/intel/ds: Fix bts_interrupt_threshold alignment
- [x86] MCE: Remove min interval polling limitation
- fat: fix memory allocation failure handling of match_strdup()
- ALSA: rawmidi: Change resized buffers atomically
- [x86] ALSA: hda/realtek - Add Panasonic CF-SZ6 headset jack quirk
- [x86] ALSA: hda/realtek - Yet another Clevo P950 quirk entry
- [x86] ALSA: hda: add mute led support for HP ProBook 455 G5
- mm: memcg: fix use after free in mem_cgroup_iter()
- mm/huge_memory.c: fix data loss when splitting a file pmd
- [x86] cpufreq: intel_pstate: Register when ACPI PCCH is present
- [x86, arm64, powerpc*] vfio/pci: Fix potential Spectre v1
- stop_machine: Disable preemption when waking two stopper threads
- [powerpc*] powerpc/powernv: Fix save/restore of SPRG3 on entry/exit from
stop (idle)
- drm/amdgpu: Reserve VM root shared fence slot for command submission (v3)
- [x86] drm/i915: Fix hotplug irq ack on i965/g4x
- Revert "drm/amd/display: Don't return ddc result and read_bytes in same
return value"
- [x86] drm/nouveau: Remove bogus crtc check in pmops_runtime_idle
- [x86] drm/nouveau: Use drm_connector_list_iter_* for iterating connectors
- [x86] drm/nouveau: Avoid looping through fake MST connectors
- gen_stats: Fix netlink stats dumping in the presence of padding
- ipv4: Return EINVAL when ping_group_range sysctl doesn't map to user ns
- ipv6: fix useless rol32 call on hash
- ipv6: ila: select CONFIG_DST_CACHE
- lib/rhashtable: consider param->min_size when setting initial table size
- net: diag: Don't double-free TCP_NEW_SYN_RECV sockets in tcp_abort
- net: Don't copy pfmemalloc flag in __copy_skb_header()
- skbuff: Unconditionally copy pfmemalloc in __skb_clone()
- net/ipv4: Set oif in fib_compute_spec_dst
- net/ipv6: Do not allow device only routes via the multipath API
- net: phy: fix flag masking in __set_phy_supported
- qmi_wwan: add support for Quectel EG91
- rhashtable: add restart routine in rhashtable_free_and_destroy()
- sch_fq_codel: zero q->flows_cnt when fq_codel_init fails
- tg3: Add higher cpu clock for 5762.
- net: ip6_gre: get ipv6hdr after skb_cow_head()
- sctp: introduce sctp_dst_mtu
- sctp: fix the issue that pathmtu may be set lower than MINSEGMENT
- [x86] hv_netvsc: Fix napi reschedule while receive completion is busy
- net: aquantia: vlan unicast address list correct handling
- net/mlx4_en: Don't reuse RX page when XDP is set
- ipv6: make DAD fail with enhanced DAD when nonce length differs
- net: usb: asix: replace mii_nway_restart in resume path
- [alpha] fix osf_wait4() breakage
- drm_mode_create_lease_ioctl(): fix open-coded filp_clone_open()
- xhci: Fix perceived dead host due to runtime suspend race with event
handler
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.17.11
- [x86] KVM: VMX: support MSR_IA32_ARCH_CAPABILITIES as a feature MSR
- [x86] Revert "iommu/intel-iommu: Enable CONFIG_DMA_DIRECT_OPS=y and clean
up intel_{alloc,free}_coherent()"
- [mips*] Fix off-by-one in pci_resource_to_user()
- [arm64] clk: mvebu: armada-37xx-periph: Fix switching CPU rate from 300Mhz
to 1.2GHz
- [x86] xen/PVH: Set up GS segment for stack canary
- [x86] drm/nouveau: Fix runtime PM leak in nv50_disp_atomic_commit()
- [x86] drm/nouveau: Set DRIVER_ATOMIC cap earlier to fix debugfs
- [arm64] clk: meson-gxbb: set fclk_div2 as CLK_IS_CRITICAL
- bonding: set default miimon value for non-arp modes if not set
- ip: hash fragments consistently
- ip: in cmsg IP(V6)_ORIGDSTADDR call pskb_may_pull
- net: dsa: mv88e6xxx: fix races between lock and irq freeing
- net/mlx4_core: Save the qpn from the input modifier in RST2INIT wrapper
- net-next/hinic: fix a problem in hinic_xmit_frame()
- net: skb_segment() should not return NULL
- tcp: fix dctcp delayed ACK schedule
- tcp: helpers to send special DCTCP ack
- tcp: do not cancel delay-AcK on DCTCP special ACK
- tcp: do not delay ACK in DCTCP upon CE status change
- net/mlx5: E-Switch, UBSAN fix undefined behavior in mlx5_eswitch_mode
- r8169: restore previous behavior to accept BIOS WoL settings
- tls: check RCV_SHUTDOWN in tls_wait_data
- net/mlx5e: Add ingress/egress indication for offloaded TC flows
- net/mlx5e: Only allow offloading decap egress (egdev) flows
- net/mlx5e: Refine ets validation function
- nfp: flower: ensure dead neighbour entries are not offloaded
- sock: fix sg page frag coalescing in sk_alloc_sg
- net: phy: consider PHY_IGNORE_INTERRUPT in phy_start_aneg_priv
- multicast: do not restore deleted record source filter mode to new one
- net/ipv6: Fix linklocal to global address with VRF
- net/mlx5e: Don't allow aRFS for encapsulated packets
- net/mlx5e: Fix quota counting in aRFS expire flow
- net/mlx5: Adjust clock overflow work period
- rtnetlink: add rtnl_link_state check in rtnl_configure_link
- vxlan: add new fdb alloc and create helpers
- vxlan: make netlink notify in vxlan_fdb_destroy optional
- vxlan: fix default fdb entry netlink notify ordering during netdev create
- tcp: free batches of packets in tcp_prune_ofo_queue()
CVE-2018-5390
- tcp: avoid collapses in tcp_prune_queue() if possible
- tcp: detect malicious patterns in tcp_collapse_ofo_queue()
- tcp: call tcp_drop() from tcp_data_queue_ofo()
- tcp: add tcp_ooo_try_coalesce() helper
- Revert "staging:r8188eu: Use lib80211 to support TKIP"
- staging: speakup: fix wraparound in uaccess length check
- usb: cdc_acm: Add quirk for Castles VEGA3000
- usb: core: handle hub C_PORT_OVER_CURRENT condition
- [armhf, arm64] usb: dwc2: Fix DMA alignment to start at allocated boundary
- [armhf, arm64] usb: xhci: Fix memory leak in xhci_endpoint_reset()
- [x86, arm64] ACPICA: AML Parser: ignore dispatcher error status during
table load
- driver core: Partially revert "driver core: correct device's shutdown
order"
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.17.12
- Input: elan_i2c - add ACPI ID for lenovo ideapad 330
- Input: i8042 - add Lenovo LaVie Z to the i8042 reset list
- Input: elan_i2c - add another ACPI ID for Lenovo Ideapad 330-15AST
- mm: disallow mappings that conflict for devm_memremap_pages()
- kvm, mm: account shadow page tables to kmemcg
- delayacct: fix crash in delayacct_blkio_end() after delayacct init failure
- tracing: Fix double free of event_trigger_data
- tracing: Fix possible double free in event_enable_trigger_func()
- kthread, tracing: Don't expose half-written comm when creating kthreads
- tracing/kprobes: Fix trace_probe flags on enable_trace_kprobe() failure
- tracing: Quiet gcc warning about maybe unused link variable
- [arm64] fix vmemmap BUILD_BUG_ON() triggering on !vmemmap setups
- [x86] drm/i915/glk: Add Quirk for GLK NUC HDMI port issues.
- kcov: ensure irq code sees a valid area
- mm: check for SIGKILL inside dup_mmap() loop
- drm/amd/powerplay: Set higher SCLK&MCLK frequency than dpm7 in OD (v2)
- xen/netfront: raise max number of slots in xennet_get_responses()
- [x86] hv_netvsc: fix network namespace issues with VF support
- skip LAYOUTRETURN if layout is invalid
- ixgbe: Fix setting of TC configuration for macvlan case
- ALSA: emu10k1: add error handling for snd_ctl_add
- ALSA: fm801: add error handling for snd_ctl_add
- NFSv4.1: Fix the client behaviour on NFS4ERR_SEQ_FALSE_RETRY
- nfsd: fix error handling in nfs4_set_delegation()
- nfsd: fix potential use-after-free in nfsd4_decode_getdeviceinfo
- vfio: platform: Fix reset module leak in error path
- vfio/mdev: Check globally for duplicate devices
- vfio/type1: Fix task tracking for QEMU vCPU hotplug
- kernel/hung_task.c: show all hung tasks before panic
- mem_cgroup: make sure moving_account, move_lock_task and stat_cpu in the
same cacheline
- mm: /proc/pid/pagemap: hide swap entries from unprivileged users
- mm: vmalloc: avoid racy handling of debugobjects in vunmap
- mm/slub.c: add __printf verification to slab_err()
- rtc: ensure rtc_set_alarm fails when alarms are not supported
- rxrpc: Fix terminal retransmission connection ID to include the channel
- [arm64] net: hns3: Fix for VF mailbox cannot receiving PF response
- perf tools: Fix pmu events parsing rule
- netfilter: ipset: forbid family for hash:mac sets
- netfilter: ipset: List timing out entries with "timeout 1" instead of zero
- printk: drop in_nmi check from printk_safe_flush_on_panic()
- [armhf] bpf: fix inconsistent naming about emit_a32_lsr_{r64,i64}
- ceph: fix alignment of rasize
- ceph: fix use-after-free in ceph_statfs()
- e1000e: Ignore TSYNCRXCTL when getting I219 clock attributes
- infiniband: fix a possible use-after-free bug (CVE-2018-14734)
- [powerpc*] lib: Adjust .balign inside string functions for PPC32
- [powerpc*] 64s: Add barrier_nospec
- [powerpc*] eeh: Fix use-after-release of EEH driver
- [powerpc*] 64s: Fix compiler store ordering to SLB shadow area
- [arm64] net: hns3: Fix for phy not link up problem after resetting
- [arm64] net: hns3: Fix for service_task not running problem after
resetting
- RDMA/mad: Convert BUG_ONs to error flows
- lightnvm: fix partial read error path
- lightnvm: proper error handling for pblk_bio_add_pages
- lightnvm: pblk: warn in case of corrupted write buffer
- netfilter: nf_tables: check msg_type before nft_trans_set(trans)
- pnfs: Don't release the sequence slot until we've processed layoutget on
open
- NFS: Fix up nfs_post_op_update_inode() to force ctime updates
- disable loading f2fs module on PAGE_SIZE > 4KB
- f2fs: fix error path of move_data_page
- f2fs: don't drop dentry pages after fs shutdown
- f2fs: fix to don't trigger writeback during recovery
- f2fs: fix to wait page writeback during revoking atomic write
- f2fs: Fix deadlock in shutdown ioctl
- f2fs: fix missing clear FI_NO_PREALLOC in some error case
- f2fs: fix to detect failure of dquot_initialize
- f2fs: fix race in between GC and atomic open
- block, bfq: remove wrong lock in bfq_requests_merged
- usbip: usbip_detach: Fix memory, udev context and udev leak
- usbip: dynamically allocate idev by nports found in sysfs
- [x86] perf/x86/intel/uncore: Correct fixed counter index check in
generic code
- [x86] perf/x86/intel/uncore: Correct fixed counter index check for NHM
- PCI: Fix devm_pci_alloc_host_bridge() memory leak
- btrfs: balance dirty metadata pages in btrfs_finish_ordered_io
- iwlwifi: pcie: fix race in Rx buffer allocator
- iwlwifi: mvm: open BA session only when sta is authorized
- Bluetooth: hci_qca: Fix "Sleep inside atomic section" warning
- drm/amd/display: Do not program interrupt status on disabled crtc
- Bluetooth: btusb: Add a new Realtek 8723DE ID 2ff8:b011
- ASoC: dpcm: fix BE dai not hw_free and shutdown
- mfd: cros_ec: Fail early if we cannot identify the EC
- mwifiex: handle race during mwifiex_usb_disconnect
- wlcore: sdio: check for valid platform device data before suspend
- [arm64] net: hns3: Fixes initalization of RoCE handle and makes it
conditional
- [arm64] net: hns3: Fixes the init of the VALID BD info in the descriptor
- media: tw686x: Fix incorrect vb2_mem_ops GFP flags
- media: cec-pin-error-inj: avoid a false-positive Spectre detection
- media: videobuf2-core: don't call memop 'finish' when queueing
- Btrfs: don't return ino to ino cache if inode item removal fails
- Btrfs: don't BUG_ON() in btrfs_truncate_inode_items()
- btrfs: add barriers to btrfs_sync_log before log_commit_wait wakeups
- btrfs: qgroup: Finish rescan when hit the last leaf of extent tree
- [x86] microcode: Make the late update update_lock a raw lock for RT
- PM / wakeup: Make s2idle_lock a RAW_SPINLOCK
- PCI: Prevent sysfs disable of device while driver is attached
- [arm64] soc: qcom: qmi: fix a buffer sizing bug
- [arm64] soc: qcom: smem: fix qcom_smem_set_global_partition()
- [arm64] soc: qcom: smem: byte swap values properly
- nvme-rdma: stop admin queue before freeing it
- nvme-pci: Fix AER reset handling
- ath: Add regulatory mapping for : FCC3_ETSIC, ETSI8_WORLD, APL13_WORLD,
APL2_FCCA, Uganda, Tanzania, Serbia, Bermuda and Bahamas
- sched/cpufreq: Modify aggregate utilization to always include blocked FAIR
utilization
- [powerpc*] Add a missing include header
- [powerpc*] chrp/time: Make some functions static, add missing header
include
- [powerpc*] powermac: Add missing prototype for note_bootable_part()
- [powerpc*] powermac: Mark variable x as unused
- powerpc: Add __printf verification to prom_printf
- [x86] KVM: prevent integer overflows in KVM_MEMORY_ENCRYPT_REG_REGION
- [powerpc*] 8xx: fix invalid register expression in head_8xx.S
- [arm64] pinctrl: msm: fix gpio-hog related boot issues
- bpf: fix multi-function JITed dump obtained via syscall
- [powerpc*] bpf: pad function address loads with NOPs
- PCI: pciehp: Request control of native hotplug only if supported
- mwifiex: correct histogram data with appropriate index
- ima: based on policy verify firmware signatures (pre-allocated buffer)
- spi: Add missing pm_runtime_put_noidle() after failed get
- [arm64] net: hns3: Fix for CMDQ and Misc. interrupt init order problem
- [arm64] net: hns3: Fix the missing client list node initialization
- [arm64] net: hns3: Fix for hns3 module is loaded multiple times problem
- fscrypt: use unbound workqueue for decryption
- [armhf, arm64] net: mvpp2: Add missing VLAN tag detection
- scsi: ufs: ufshcd: fix possible unclocked register access
- scsi: ufs: fix exception event handling
- [s390x] scsi: zfcp: assert that the ERP lock is held when tracing a
recovery trigger
- drm/nouveau: remove fence wait code from deferred client work handler
- drm/nouveau/gem: lookup VMAs for buffers referenced by pushbuf ioctl
- drm/nouveau/fifo/gk104-: poll for runlist update completion
- Bluetooth: btusb: add ID for LiteOn 04ca:301a
- rtc: tps6586x: fix possible race condition
- rtc: vr41xx: fix possible race condition
- rtc: tps65910: fix possible race condition
- ALSA: emu10k1: Rate-limit error messages about page errors
- regulator: pfuze100: add .is_enable() for pfuze100_swb_regulator_ops
- md/raid1: add error handling of read error from FailFast device
- md: fix NULL dereference of mddev->pers in remove_and_add_spares()
- ixgbevf: fix MAC address changes through ixgbevf_set_mac()
- gpu: host1x: Acquire a reference to the IOVA cache
- media: smiapp: fix timeout checking in smiapp_read_nvm
- PCI/DPC: Clear interrupt status in interrupt handler top half
- clocksource: Move inline keyword to the beginning of function declarations
- net: ethernet: ti: cpsw-phy-sel: check bus_find_device() ret value
- ALSA: usb-audio: Apply rate limit to warning messages in URB complete
callback
- [arm64] net: hns3: Fix for fiber link up problem
- media: atomisp: ov2680: don't declare unused vars
- media: staging: atomisp: Comment out several unused sensor resolutions
- [arm64] cmpwait: Clear event register before arming exclusive monitor
- HID: hid-plantronics: Re-resend Update to map button for PTT products
- drm/amd/display: remove need of modeset flag for overlay planes (V2)
- drm/radeon: fix mode_valid's return type
- drm/amdgpu: Remove VRAM from shared bo domains.
- drm/amd/display: Fix dim display on DCE11
- IB: Fix RDMA_RXE and INFINIBAND_RDMAVT dependencies for DMA_VIRT_OPS
- [powerpc*] embedded6xx/hlwd-pic: Prevent interrupts from being handled by
Starlet
- HID: i2c-hid: check if device is there before really probing
- rsi: Add null check for virtual interfaces in wowlan config
- nvmem: properly handle returned value nvmem_reg_read
- [armhf] ARM: dts: imx53: Fix LDB OF graph warning
- i40e: free the skb after clearing the bitlock
- tty: Fix data race in tty_insert_flip_string_fixed_flag
- dma-iommu: Fix compilation when !CONFIG_IOMMU_DMA
- net: phy: phylink: Release link GPIO
- media: rcar_jpu: Add missing clk_disable_unprepare() on error in
jpu_open()
- libata: Fix command retry decision
- ACPI / LPSS: Only call pwm_add_table() for Bay Trail PWM if PMIC HRV is 2
- media: media-device: fix ioctl function types
- media: saa7164: Fix driver name in debug output
- media: em28xx: Fix DualHD broken second tuner
- mtd: rawnand: fsl_ifc: fix FSL NAND driver to read all ONFI parameter
pages
- brcmfmac: Add support for bcm43364 wireless chipset
- [s390x] cpum_sf: Add data entry sizes to sampling trailer entry
- perf: fix invalid bit in diagnostic entry
- net: phy: sfp: handle cases where neither BR, min nor BR, max is given
- bnxt_en: Check unsupported speeds in bnxt_update_link() on PF only.
- bnxt_en: Always forward VF MAC address to the PF.
- mm, powerpc, x86: define VM_PKEY_BITx bits if CONFIG_ARCH_HAS_PKEYS is
enabled
- staging: most: cdev: fix chrdev_region leak
- scsi: 3w-9xxx: fix a missing-check bug
- scsi: 3w-xxxx: fix a missing-check bug
- scsi: megaraid: silence a static checker bug
- scsi: hisi_sas: config ATA de-reset as an constrained command for v3 hw
- soc/tegra: pmc: Don't allocate struct tegra_powergate on stack
- scsi: qedf: Set the UNLOADING flag when removing a vport
- dma-direct: try reallocation with GFP_DMA32 if possible
- staging: lustre: o2iblnd: fix race at kiblnd_connect_peer
- staging: lustre: o2iblnd: Fix FastReg map/unmap for MLX5
- thermal: exynos: fix setting rising_threshold for Exynos5433
- regulator: add dummy function of_find_regulator_by_node
- bpf: fix references to free_bpf_prog_info() in comments
- f2fs: avoid fsync() failure caused by EAGAIN in writepage()
- media: em28xx: fix a regression with HVR-950
- media: siano: get rid of __le32/__le16 cast warnings
- mt76x2: fix avg_rssi estimation
- drm/atomic: Handling the case when setting old crtc for plane
- mmc: sdhci-omap: Fix when capabilities are obtained from
SDHCI_CAPABILITIES reg
- f2fs: check cap_resource only for data blocks
- mlxsw: spectrum_router: Return an error for non-default FIB rules
- ALSA: hda/ca0132: fix build failure when a local macro is defined
- mmc: dw_mmc: update actual clock for mmc debugfs
- mmc: pwrseq: Use kmalloc_array instead of stack VLA
- [arm64] dt-bindings: pinctrl: meson: add support for the Meson8m2 SoC
- [armhf] spi: meson-spicc: Fix error handling in meson_spicc_probe()
- [arm64] net: hns3: Fixes the out of bounds access in hclge_map_tqp
- dt-bindings: net: meson-dwmac: new compatible name for AXG SoC
- i40e: Add advertising 10G LR mode
- i40e: avoid overflow in i40e_ptp_adjfreq()
- mt76: add rcu locking around tx scheduling
- backlight: pwm_bl: Don't use GPIOF_* with gpiod_get_direction
- stop_machine: Use raw spinlocks
- delayacct: Use raw_spinlocks
- ath10k: fix kernel panic while reading tpc_stats
- memory: tegra: Do not handle spurious interrupts
- memory: tegra: Apply interrupts mask per SoC
- nvme: lightnvm: add granby support
- ASoC: fsl_ssi: Use u32 variable type when using regmap_read()
- ASoC: compress: Only call free for components which have been opened
- igb: Fix queue selection on MAC filters on i210
- qtnfmac: pearl: pcie: fix memory leak in qtnf_fw_work_handler
- drm/gma500: fix psb_intel_lvds_mode_valid()'s return type
- ipconfig: Correctly initialise ic_nameservers
- rsi: Fix 'invalid vdd' warning in mmc
- rsi: fix nommu_map_sg overflow kernel panic
- audit: allow not equal op for audit by executable
- [armhf, arm64] drm/rockchip: analogix_dp: Do not call Analogix code before
bind
- [x86] platform/x86: dell-smbios: Match on www.dell.com in OEM strings too
- staging: vchiq_core: Fix missing semaphore release in error case
- staging: lustre: llite: correct removexattr detection
- staging: lustre: ldlm: free resource when ldlm_lock_create() fails.
- staging: ks7010: fix error handling in ks7010_upload_firmware
- serial: core: Make sure compiler barfs for 16-byte earlycon names
- soc: imx: gpcv2: Do not pass static memory as platform data
- microblaze: Fix simpleImage format generation
- usb: hub: Don't wait for connect state at resume for powered-off ports
- crypto: authencesn - don't leak pointers to authenc keys
- crypto: authenc - don't leak pointers to authenc keys
- y2038: ipc: Use ktime_get_real_seconds consistently
- media: rc: mce_kbd decoder: low timeout values cause double keydowns
- media: omap3isp: fix unbalanced dma_iommu_mapping
- regulator: Don't return or expect -errno from of_map_mode()
- ath10k: search all IEs for variant before falling back
- drm/stm: ltdc: fix warning in ltdc_crtc_update_clut()
- scsi: scsi_dh: replace too broad "TP9" string with the exact models
- scsi: megaraid_sas: Increase timeout by 1 sec for non-RAID fastpath IOs
- scsi: cxlflash: Synchronize reset and remove ops
- scsi: cxlflash: Avoid clobbering context control register value
- PCI/ASPM: Disable ASPM L1.2 Substate if we don't have LTR
- media: atomisp: compat32: fix __user annotations
- media: cec: fix smatch error
- media: si470x: fix __be16 annotations
- net: socionext: reset hardware in ndo_stop
- ASoC: topology: Fix bclk and fsync inversion in set_link_hw_format()
- ASoC: topology: Add missing clock gating parameter when parsing hw_configs
- [armhf] ARM: dts: imx6qdl-wandboard: Let the codec control MCLK pinctrl
- drm: Add DP PSR2 sink enable bit
- drm/atomic-helper: Drop plane->fb references only for
drm_atomic_helper_shutdown()
- drm/dp/mst: Fix off-by-one typo when dump payload table
- drm/amdgpu: Avoid reclaim while holding locks taken in MMU notifier
- block: bio_iov_iter_get_pages: fix size of last iovec
- blkdev: __blkdev_direct_IO_simple: fix leak in error case
- block: reset bi_iter.bi_done after splitting bio
- nvmet-fc: fix target sgl list on large transfers
- i2c: rcar: handle RXDMA HW behaviour on Gen3
- random: mix rdrand with entropy sent in from userspace
- squashfs: be more careful about metadata corruption
- ext4: fix false negatives *and* false positives in
ext4_check_descriptors()
- ext4: fix inline data updates with checksums enabled
- ext4: check for allocation block validity with block group locked
- ext4: fix check to prevent initializing reserved inodes
- gpio: of: Handle fixed regulator flags properly
- gpio: uniphier: set legitimate irq trigger type in .to_irq hook
- RDMA/uverbs: Protect from attempts to create flows on unsupported QP
- net: dsa: qca8k: Force CPU port to its highest bandwidth
- net: dsa: qca8k: Enable RXMAC when bringing up a port
- net: dsa: qca8k: Add QCA8334 binding documentation
- net: dsa: qca8k: Allow overwriting CPU port setting
- ipv4: remove BUG_ON() from fib_compute_spec_dst
- netdevsim: don't leak devlink resources
- net: ena: Fix use of uninitialized DMA address bits field
- net: fix amd-xgbe flow-control issue
- net: lan78xx: fix rx handling before first packet is send
- net: mdio-mux: bcm-iproc: fix wrong getter and setter pair
- NET: stmmac: align DMA stuff to largest cache line length
- RDS: RDMA: Fix the NULL-ptr deref in rds_ib_get_mr
- tcp_bbr: fix bw probing to raise in-flight data for very small BDPs
- virtio_net: Fix incosistent received bytes counter
- xen-netfront: wait xenbus state change when load module manually
- cxgb4: Added missing break in ndo_udp_tunnel_{add/del}
- net: rollback orig value on failure of dev_qdisc_change_tx_queue_len
- netlink: Do not subscribe to non-existent groups
- netlink: Don't shift with UB on nlk->ngroups
- tcp: do not force quickack when receiving out-of-order packets
- tcp: add max_quickacks param to tcp_incr_quickack and
tcp_enter_quickack_mode
- tcp: do not aggressively quick ack after ECN events
- tcp: refactor tcp_ecn_check_ce to remove sk type cast
- tcp: add one more quick ack after after ECN events
- tcp: ack immediately when a cwr packet arrives
- ACPI / LPSS: Avoid PM quirks on suspend and resume from hibernation
- [x86, arm64] ACPICA: AML Parser: ignore control method status in
module-level code
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.17.13
- bonding: avoid lockdep confusion in bond_get_stats()
- inet: frag: enforce memory limits earlier
- ipv4: frags: handle possible skb truesize change
- net: dsa: Do not suspend/resume closed slave_dev
- netlink: Fix spectre v1 gadget in netlink_create()
- [armhf, arm64] net: stmmac: Fix WoL for PCI-based setups
- rxrpc: Fix user call ID check in rxrpc_service_prealloc_one
- net/mlx5e: E-Switch, Initialize eswitch only if eswitch manager
- net/mlx5e: Set port trust mode to PCP as default
- net/mlx5e: IPoIB, Set the netdevice sw mtu in ipoib enhanced flow
- squashfs: more metadata hardening
- can: ems_usb: Fix memory leak on ems_usb_disconnect()
- net: socket: fix potential spectre v1 gadget in socketcall
- net: socket: Fix potential spectre v1 gadget in sock_is_registered
- virtio_balloon: fix another race between migration and ballooning
- [x86] efi: Access EFI MMIO data as unencrypted when SEV is active
- [x86] apic: Future-proof the TSC_DEADLINE quirk for SKX
- [x86] entry/64: Remove %ebx handling from error_entry/exit
- [86] kvm: x86: vmx: fix vpid leak
- audit: fix potential null dereference 'context->module.name'
- ipc/shm.c add ->pagesize function to shm_vm_ops
- userfaultfd: remove uffd flags from vma->vm_flags if UFFD_EVENT_FORK fails
- iwlwifi: add more card IDs for 9000 series
- brcmfmac: fix regression in parsing NVRAM for multiple devices
- RDMA/uverbs: Expand primary and alt AV port checks
- [x86] crypto: padlock-aes - Fix Nano workaround data corruption
- [armhf, arm64] drm/vc4: Reset ->{x, y}_scaling[1] when dealing with
uniplanar formats
- drm/atomic: Check old_plane_state->crtc in drm_atomic_helper_async_check()
- drm/atomic: Initialize variables in drm_atomic_helper_async_check() to
make gcc happy
- scsi: sg: fix minor memory leak in error path
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.17.14
- scsi: qla2xxx: Fix unintialized List head crash
- scsi: qla2xxx: Fix NPIV deletion by calling wait_for_sess_deletion
- scsi: qla2xxx: Fix driver unload by shutting down chip
- scsi: qla2xxx: Fix ISP recovery on unload
- scsi: qla2xxx: Return error when TMF returns
- jfs: Fix usercopy whitelist for inline inode data
- genirq: Make force irq threading setup more robust
- [x86] perf/x86/intel/uncore: Fix hardcoded index of Broadwell extra PCI
devices
- nohz: Fix local_timer_softirq_pending()
- nohz: Fix missing tick reprogram when interrupting an inline softirq
- netlink: Don't shift on 64 for ngroups
- ring_buffer: tracing: Inherit the tracing setting to next ring buffer
- i2c: imx: Fix reinit_completion() use
- Btrfs: fix file data corruption after cloning a range and fsync
- Partially revert "block: fail op_is_write() requests to read-only
partitions" (Closes: #900442)
- xfs: don't call xfs_da_shrink_inode with NULL bp
- xfs: validate cached inodes are free when allocated
- jfs: Fix inconsistency between memory allocation and ea_buf->max_size
[ Ben Hutchings ]
* [armhf] gpu: host1x: Drop my build fix in favour of upstream fix:
- Revert "Revert "gpu: host1x: Add IOMMU support""
- gpu: host1x: Fix compiler errors by converting to dma_addr_t
* [ia64] sched: Disable SCHED_STACK_END_CHECK (Closes: #905461)
* mtd: powernv_flash: set of_node in mtd's dev (Closes: #904380)
* block: really disable runtime-pm for blk-mq (Closes: #904441)
[ Bastian Blank ]
* Bump ABI to 2
-- Bastian Blank <email address hidden> Mon, 13 Aug 2018 15:33:58 +0200
-
linux (4.17.8-1) unstable; urgency=medium
* New upstream stable update:
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.17.7
- bpf: reject passing modified ctx to helper functions
- [mips*] Call dump_stack() from show_regs()
- [mips*] Use async IPIs for arch_trigger_cpumask_backtrace()
- [mips*] Fix ioremap() RAM check
- [armhf] drm/etnaviv: Check for platform_device_register_simple() failure
- [armhf] drm/etnaviv: Fix driver unregistering
- [armhf] drm/etnaviv: bring back progress check in job timeout handler
- ACPICA: Clear status of all events when entering S5
- [armhf] mmc: sdhci-esdhc-imx: allow 1.8V modes without 100/200MHz
pinctrl states
- [armhf] mmc: dw_mmc: fix card threshold control configuration
- [x86] ibmasm: don't write out of bounds in read handler
- [arm64,x86] staging: rtl8723bs: Prevent an underflow in
rtw_check_beacon_data().
- ata: Fix ZBC_OUT command block check
- ata: Fix ZBC_OUT all bit handling
- [x86] mei: discard messages from not connected client during power down.
- mtd: spi-nor: cadence-quadspi: Fix direct mode write timeouts
- tracing/kprobe: Release kprobe print_fmt properly
- vmw_balloon: fix inflation with batching
- ahci: Add Intel Ice Lake LP PCI ID
- ahci: Disable LPM on Lenovo 50 series laptops with a too old BIOS
- [x86] thunderbolt: Notify userspace when boot_acl is changed
- USB: serial: ch341: fix type promotion bug in ch341_control_in()
- USB: serial: cp210x: add another USB ID for Qivicon ZigBee stick
- USB: serial: keyspan_pda: fix modem-status error handling
- USB: yurex: fix out-of-bounds uaccess in read handler
- USB: serial: mos7840: fix status-register error handling
- usb: quirks: add delay quirks for Corsair Strafe
- xhci: xhci-mem: off by one in xhci_stream_id_to_ring()
- mm: zero unavailable pages before memmap init
- ALSA: hda/realtek - two more lenovo models need fixup of
MIC_LOCATION
- ALSA: hda - Handle pm failure during hotplug
- mm: do not drop unused pages when userfaultd is running
- fs/proc/task_mmu.c: fix Locked field in /proc/pid/smaps*
- x86/purgatory: add missing FORCE to Makefile target
- fs, elf: make sure to page align bss in load_elf_library
- mm: do not bug_on on incorrect length in __mm_populate()
- tracing: Reorder display of TGID to be after PID
- kbuild: delete INSTALL_FW_PATH from kbuild documentation
- acpi, nfit: Fix scrub idle detection
- [arm64] neon: Fix function may_use_simd() return error status
- tools build: fix # escaping in .cmd files for future Make
- IB/hfi1: Fix incorrect mixing of ERR_PTR and NULL return values
- [arm64,armhf] i2c: tegra: Fix NACK error handling
- i2c: recovery: if possible send STOP with recovery pulses
- iw_cxgb4: correctly enforce the max reg_mr depth
- [x86] xen: remove global bit from __default_kernel_pte_mask for pv
guests
- [x86] xen: setup pv irq ops vector earlier
- bsg: fix bogus EINVAL on non-data commands
- [x86] uprobes/x86: Remove incorrect WARN_ON() in uprobe_init_insn()
- netfilter: nf_queue: augment nfqa_cfg_policy
- crypto: don't optimize keccakf()
- netfilter: x_tables: initialise match/target check parameter
struct
- loop: add recursion validation to LOOP_CHANGE_FD
- xfs: fix inobt magic number check
- PM / hibernate: Fix oops at snapshot_write()
- RDMA/ucm: Mark UCM interface as BROKEN
- loop: remember whether sysfs_create_group() was done
- [x86] kvm: vmx: Nested VM-entry prereqs for event inj.
- f2fs: give message and set need_fsck given broken node id
- f2fs: avoid bug_on on corrupted inode
- f2fs: sanity check on sit entry
- f2fs: sanity check for total valid node blocks
- [armhf] dts: armada-38x: use the new thermal binding
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.17.8
- mm: don't do zero_resv_unavail if memmap is not allocated
[ Ben Hutchings ]
* ext4: fix false negatives *and* false positives in ext4_check_descriptors()
(Closes: #903838)
* Fix remaining build failures with gcc 8 (Closes: #897802):
- tools/lib/api/fs/fs.c: Fix misuse of strncpy()
- usbip: Fix misuse of strncpy()
[ Salvatore Bonaccorso ]
* Ignore ABI changes for acpi_nfit_desc_init and acpi_nfit_init
* Ignore ABI changes for loop_register_transfer
-- Salvatore Bonaccorso <email address hidden> Fri, 20 Jul 2018 23:08:27 +0200
-
linux (4.16.16-2) unstable; urgency=medium
* [powerpc*] Ignore further ABI changes in cxl.
* [ia64] Add compress-modules udeb.
-- Bastian Blank <email address hidden> Fri, 22 Jun 2018 11:50:22 +0200
-
linux (4.16.12-1) unstable; urgency=medium
* New upstream stable update:
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.16.6
- Revert "pinctrl: intel: Initialize GPIO properly when used through
irqchip"
- [armhf] drm: bridge: dw-hdmi: Fix overflow workaround for Amlogic Meson
GX SoCs
- i40e: Fix attach VF to VM issue
- tpm: cmd_ready command can be issued only after granting locality
- tpm: tpm-interface: fix tpm_transmit/_cmd kdoc
- tpm: add retry logic
- Revert "ath10k: send (re)assoc peer command when NSS changed"
- bonding: do not set slave_dev npinfo before slave_enable_netpoll in
bond_enslave
- docs: ip-sysctl.txt: fix name of some ipv6 variables
- ipv6: add RTA_TABLE and RTA_PREFSRC to rtm_ipv6_policy
- ipv6: sr: fix NULL pointer dereference in seg6_do_srh_encap()- v4 pkts
- KEYS: DNS: limit the length of option strings
- l2tp: check sockaddr length in pppol2tp_connect()
- llc: delete timers synchronously in llc_sk_free()
- net: af_packet: fix race in PACKET_{R|T}X_RING
- net: fix deadlock while clearing neighbor proxy table
- [arm64,armhf] net: mvpp2: Fix DMA address mask size
- net: qmi_wwan: add Wistron Neweb D19Q1
- net/smc: fix shutdown in state SMC_LISTEN
- net: stmmac: Disable ACS Feature for GMAC >= 4
- packet: fix bitfield update race
- pppoe: check sockaddr length in pppoe_connect()
- Revert "macsec: missing dev_put() on error in macsec_newlink()"
- sctp: do not check port in sctp_inet6_cmp_addr
- strparser: Do not call mod_delayed_work with a timeout of LONG_MAX
- strparser: Fix incorrect strp->need_bytes value.
- tcp: clear tp->packets_out when purging write queue
- tcp: don't read out-of-bounds opsize
- tcp: md5: reject TCP_MD5SIG or TCP_MD5SIG_EXT on established sockets
- team: avoid adding twice the same option to the event list
- team: fix netconsole setup over team
- tipc: add policy for TIPC_NLA_NET_ADDR
- vlan: Fix reading memory beyond skb->tail in skb_vlan_tagged_multi
- vmxnet3: fix incorrect dereference when rxvlan is disabled
- [amd64,arm64] amd-xgbe: Add pre/post auto-negotiation phy hooks
- [amd64,arm64] amd-xgbe: Improve KR auto-negotiation and training
- [amd64,arm64] amd-xgbe: Only use the SFP supported transceiver signals
- net: sched: ife: signal not finding metaid
- net: sched: ife: handle malformed tlv length
- net: sched: ife: check on metadata length
- l2tp: hold reference on tunnels in netlink dumps
- l2tp: hold reference on tunnels printed in pppol2tp proc file
- l2tp: hold reference on tunnels printed in l2tp/tunnels debugfs file
- l2tp: fix {pppol2tp, l2tp_dfs}_seq_stop() in case of seq_file overflow
- llc: hold llc_sap before release_sock()
- llc: fix NULL pointer deref for SOCK_ZAPPED
- [s390x] qeth: fix error handling in adapter command callbacks
- [s390x] qeth: avoid control IO completion stalls
- [s390x] qeth: handle failure on workqueue creation
- [armhf] net: ethernet: ti: cpsw: fix tx vlan priority mapping
- net: validate attribute sizes in neigh_dump_table()
- bnxt_en: Fix memory fault in bnxt_ethtool_init()
- virtio-net: add missing virtqueue kick when flushing packets
- VSOCK: make af_vsock.ko removable again
- net: aquantia: Regression on reset with 1.x firmware
- tun: fix vlan packet truncation
- net: aquantia: oops when shutdown on already stopped device
- virtio_net: split out ctrl buffer
- virtio_net: fix adding vids on big-endian
- Revert "mm/hmm: fix header file if/else/endif maze"
- commoncap: Handle memory allocation failure.
- scsi: mptsas: Disable WRITE SAME
- cdrom: information leak in cdrom_ioctl_media_changed() (CVE-2018-10940)
- fsnotify: Fix fsnotify_mark_connector race
- [m68k] mac: Don't remap SWIM MMIO region
- [m68k] block/swim: Check drive type
- [m68k] block/swim: Don't log an error message for an invalid ioctl
- [m68k] block/swim: Remove extra put_disk() call from error path
- [m68k] block/swim: Rename macros to avoid inconsistent inverted logic
- [m68k] block/swim: Select appropriate drive on device open
- [m68k] block/swim: Fix array bounds check
- [m68k] block/swim: Fix IO error at end of medium
- tracing: Fix missing tab for hwlat_detector print format
- hwmon: (k10temp) Add temperature offset for Ryzen 2700X
- hwmon: (k10temp) Add support for AMD Ryzen w/ Vega graphics
- [s390x] cio: update chpid descriptor after resource accessibility event
- [s390x] dasd: fix IO error for newly defined devices
- [s390x] uprobes: implement arch_uretprobe_is_alive()
- [s390x] cpum_cf: rename IBM z13/z14 counter names
- kprobes: Fix random address output of blacklist file
- ACPI / video: Only default only_lcd to true on Win8-ready _desktops_
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.16.7
- ext4: prevent right-shifting extents beyond EXT_MAX_BLOCKS
- ext4: set h_journal if there is a failure starting a reserved handle
- ext4: add MODULE_SOFTDEP to ensure crc32c is included in the initramfs
- random: set up the NUMA crng instances after the CRNG is fully
initialized
- random: fix possible sleeping allocation from irq context
- random: rate limit unseeded randomness warnings
- usbip: usbip_event: fix to not print kernel pointer address
- usbip: usbip_host: fix to hold parent lock for device_attach() calls
- usbip: vhci_hcd: Fix usb device and sockfd leaks
- usbip: vhci_hcd: check rhport before using in vhci_hub_control()
- Revert "xhci: plat: Register shutdown for xhci_plat"
- xhci: Fix USB ports for Dell Inspiron 5775
- USB: serial: simple: add libtransistor console
- USB: serial: ftdi_sio: use jtag quirk for Arrow USB Blaster
- USB: serial: cp210x: add ID for NI USB serial console
- [arm64] serial: mvebu-uart: Fix local flags handling on termios update
- usb: typec: ucsi: Increase command completion timeout value
- usb: core: Add quirk for HP v222w 16GB Mini
- USB: Increment wakeup count on remote wakeup.
- ALSA: usb-audio: Skip broken EU on Dell dock USB-audio
- virtio: add ability to iterate over vqs
- virtio_console: don't tie bufs to a vq
- virtio_console: free buffers after reset
- virtio_console: drop custom control queue cleanup
- virtio_console: move removal code
- virtio_console: reset on out of memory
- drm/virtio: fix vq wait_event condition
- tty: Don't call panic() at tty_ldisc_init()
- tty: n_gsm: Fix long delays with control frame timeouts in ADM mode
- tty: n_gsm: Fix DLCI handling for ADM mode if debug & 2 is not set
- tty: Avoid possible error pointer dereference at tty_ldisc_restore().
- tty: Use __GFP_NOFAIL for tty_ldisc_get()
- ALSA: dice: fix OUI for TC group
- ALSA: dice: fix error path to destroy initialized stream data
- ALSA: hda - Skip jack and others for non-existing PCM streams
- ALSA: opl3: Hardening for potential Spectre v1
- ALSA: asihpi: Hardening for potential Spectre v1
- ALSA: hdspm: Hardening for potential Spectre v1
- ALSA: rme9652: Hardening for potential Spectre v1
- ALSA: control: Hardening for potential Spectre v1
- ALSA: pcm: Return negative delays from SNDRV_PCM_IOCTL_DELAY.
- ALSA: core: Report audio_tstamp in snd_pcm_sync_ptr
- ALSA: seq: oss: Fix unbalanced use lock for synth MIDI device
- ALSA: seq: oss: Hardening for potential Spectre v1
- ALSA: hda: Hardening for potential Spectre v1
- ALSA: hda/realtek - Add some fixes for ALC233
- ALSA: hda/realtek - Update ALC255 depop optimize
- ALSA: hda/realtek - change the location for one of two front mics
- mtd: spi-nor: cadence-quadspi: Fix page fault kernel panic
- mtd: cfi: cmdset_0001: Do not allow read/write to suspend erase block.
- mtd: cfi: cmdset_0001: Workaround Micron Erase suspend bug.
- mtd: cfi: cmdset_0002: Do not allow read/write to suspend erase block.
- mtd: rawnand: tango: Fix struct clk memory leak
- mtd: rawnand: marvell: fix the chip-select DT parsing logic
- kobject: don't use WARN for registration failures
- scsi: sd_zbc: Avoid that resetting a zone fails sporadically
- scsi: sd: Defer spinning up drive while SANITIZE is in progress
- blk-mq: start request gstate with gen 1
- bfq-iosched: ensure to clear bic/bfqq pointers when preparing request
- block: do not use interruptible wait anywhere
- [s390x] vfio: ccw: process ssch with interrupts disabled
- [arm64] PCI: aardvark: Fix logic in advk_pcie_{rd,wr}_conf()
- [arm64] PCI: aardvark: Set PIO_ADDR_LS correctly in advk_pcie_rd_conf()
- [arm64] PCI: aardvark: Use ISR1 instead of ISR0 interrupt in legacy irq
mode
- [arm64] PCI: aardvark: Fix PCIe Max Read Request Size setting
- [armhf,arm64] KVM: Close VMID generation race
- [powerpc*] mm: Flush cache on memory hot(un)plug
- [powerpc*] mce: Fix a bug where mce loops on memory UE.
- [powerpc*] powernv/npu: Do a PID GPU TLB flush when invalidating a large
address range
- crypto: drbg - set freed buffers to NULL
- libceph: un-backoff on tick when we have a authenticated session
- libceph: reschedule a tick in finish_hunting()
- libceph: validate con->state at the top of try_write()
- PCI / PM: Do not clear state_saved in pci_pm_freeze() when smart suspend
is set
- module: Fix display of wrong module .text address
- earlycon: Use a pointer table to fix __earlycon_table stride
- [powerpc*] cpufreq: powernv: Fix hardlockup due to synchronous smp_call
in timer interrupt
- [powerpc*] rtc: opal: Fix OPAL RTC driver OPAL_BUSY loops
- drm/edid: Reset more of the display info
- drm/amdgpu: set COMPUTE_PGM_RSRC1 for SGPR/VGPR clearing shaders
- [x86] drm/i915/fbdev: Enable late fbdev initial configuration
- [x86] drm/i915/audio: set minimum CD clock to twice the BCLK
- [x86] drm/i915: Enable display WA#1183 from its correct spot
- drm/amd/display: Fix deadlock when flushing irq
- drm/amd/display: Don't read EDID in atomic_check
- drm/amd/display: Disallow enabling CRTC without primary plane with FB
- objtool, perf: Fix GCC 8 -Wrestrict error
- [x86] ipc: Fix x32 version of shmid64_ds and msqid64_ds
- [x86] smpboot: Don't use mwait_play_dead() on AMD systems
- [x86] microcode/intel: Save microcode patch unconditionally
- [x86] microcode: Do not exit early from __reload_late()
- tick/sched: Do not mess with an enqueued hrtimer
- [x86] crypto: ccp - add check to get PSP master only when PSP is
detected
- [armhf,arm64] KVM: Add PSCI version selection API
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.16.8
- ACPI / button: make module loadable when booted in non-ACPI mode
- [arm64] Add work around for Arm Cortex-A55 Erratum 1024718
- ALSA: hda - Fix incorrect usage of IS_REACHABLE()
- ALSA: pcm: Check PCM state at xfern compat ioctl
- ALSA: seq: Fix races at MIDI encoding in snd_virmidi_output_trigger()
- ALSA: dice: fix kernel NULL pointer dereference due to invalid
calculation for array index
- ALSA: aloop: Mark paused device as inactive
- ALSA: aloop: Add missing cable lock to ctl API callbacks
- errseq: Always report a writeback error once
- tracepoint: Do not warn on ENOMEM
- scsi: target: Fix fortify_panic kernel exception
- Input: leds - fix out of bound access
- Input: atmel_mxt_ts - add touchpad button mapping for Samsung Chromebook
Pro
- swiotlb: fix inversed DMA_ATTR_NO_WARN test
- rtlwifi: cleanup 8723be ant_sel definition
- xfs: prevent creating negative-sized file via INSERT_RANGE
- RDMA/cxgb4: release hw resources on device removal
- RDMA/ucma: Allow resolving address w/o specifying source address
- RDMA/mlx5: Fix multiple NULL-ptr deref errors in rereg_mr flow
- RDMA/mlx4: Add missed RSS hash inner header flag
- RDMA/mlx5: Protect from shift operand overflow
- NET: usb: qmi_wwan: add support for ublox R410M PID 0x90b2
- IB/mlx5: Use unlimited rate when static rate is not supported
- infiniband: mlx5: fix build errors when INFINIBAND_USER_ACCESS=m
- IB/hfi1: Fix handling of FECN marked multicast packet
- IB/hfi1: Fix loss of BECN with AHG
- IB/hfi1: Fix NULL pointer dereference when invalid num_vls is used
- iw_cxgb4: Atomically flush per QP HW CQEs
- btrfs: Take trans lock before access running trans in check_delayed_ref
- [arm64,armhf] drm/vc4: Make sure vc4_bo_{inc,dec}_usecnt() calls are
balanced
- [x86] drm/vmwgfx: Fix a buffer object leak
- drm/bridge: vga-dac: Fix edid memory leak
- xhci: Fix use-after-free in xhci_free_virt_device
- USB: serial: visor: handle potential invalid device configuration
- [arm64,armhf] usb: dwc3: gadget: Fix list_del corruption in
dwc3_ep_dequeue
- USB: Accept bulk endpoints with 1024-byte maxpacket
- USB: serial: option: reimplement interface masking
- USB: serial: option: adding support for ublox R410M
- [arm64,armhf] usb: musb: host: fix potential NULL pointer dereference
- [arm64, armhf] usb: musb: trace: fix NULL pointer dereference in
musb_g_tx()
- [x86] platform/x86: asus-wireless: Fix NULL pointer dereference
- [x86] platform/x86: Kconfig: Fix dell-laptop dependency chain.
- [x86] KVM: remove APIC Timer periodic/oneshot spikes
- [x86] tsc: Always unregister clocksource_tsc_early
- [x86] tsc: Fix mark_tsc_unstable()
- [arm64] irqchip/qcom: Fix check for spurious interrupts
- clocksource: Allow clocksource_mark_unstable() on unregistered
clocksources
- clocksource: Initialize cs->wd_list
- clocksource: Consistent de-rate when marking unstable
- tracing: Fix bad use of igrab in trace_uprobe.c
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.16.9
- ipvs: fix rtnl_lock lockups caused by start_sync_thread
- netfilter: ebtables: don't attempt to allocate 0-sized compat array
- clk: ti: fix flag space conflict with clkctrl clocks
- rds: tcp: must use spin_lock_irq* and not spin_lock_bh with
rds_tcp_conn_lock
- crypto: af_alg - fix possible uninit-value in alg_bind()
- netlink: fix uninit-value in netlink_sendmsg
- net: fix rtnh_ok()
- net: initialize skb->peeked when cloning
- net: fix uninit-value in __hw_addr_add_ex()
- dccp: initialize ireq->ir_mark
- ipv4: fix uninit-value in ip_route_output_key_hash_rcu()
- soreuseport: initialise timewait reuseport field
- inetpeer: fix uninit-value in inet_getpeer
- bpf/tracing: fix a deadlock in perf_event_detach_bpf_prog
- memcg: fix per_node_info cleanup
- perf: Remove superfluous allocation error check
- i2c: dev: prevent ZERO_SIZE_PTR deref in i2cdev_ioctl_rdwr()
- tcp: fix TCP_REPAIR_QUEUE bound checking
- bdi: wake up concurrent wb_shutdown() callers.
- bdi: Fix use after free bug in debugfs_remove()
- bdi: Fix oops in wb_workfn()
- compat: fix 4-byte infoleak via uninitialized struct field
- gpioib: do not free unrequested descriptors
- gpio: fix error path in lineevent_create
- rfkill: gpio: fix memory leak in probe error path
- libata: Apply NOLPM quirk for SanDisk SD7UB3Q*G1001 SSDs
- dm integrity: use kvfree for kvmalloc'd memory
- tracing: Fix regex_match_front() to not over compare the test string
- mm: sections are not offlined during memory hotremove
- mm, oom: fix concurrent munlock and oom reaper unmap (CVE-2018-1000200)
- ceph: fix rsize/wsize capping in ceph_direct_read_write()
- can: kvaser_usb: Increase correct stats counter in kvaser_usb_rx_can_msg()
- [armhf,arm64] drm/vc4: Fix scaling of uni-planar formats
- drm/ttm: Use GFP_TRANSHUGE_LIGHT for allocating huge pages
- [x86] drm/i915: Fix drm:intel_enable_lvds ERROR message in kernel log
- [x86] drm/i915: Adjust eDP's logical vco in a reliable place.
- drm/nouveau: Fix deadlock in nv50_mstm_register_connector()
(Closes: #898825)
- drm/nouveau/ttm: don't dereference nvbo::cli, it can outlive client
- drm/atomic: Clean old_state/new_state in drm_atomic_state_default_clear()
- drm/atomic: Clean private obj old_state/new_state in
drm_atomic_state_default_clear()
- net: atm: Fix potential Spectre v1
- atm: zatm: Fix potential Spectre v1
- PCI / PM: Always check PME wakeup capability for runtime wakeup support
- PCI / PM: Check device_may_wakeup() in pci_enable_wake()
- cpufreq: schedutil: Avoid using invalid next_freq
- Revert "Bluetooth: btusb: Fix quirk for Atheros 1525/QCA6174"
- [x86] Bluetooth: btusb: Add Dell XPS 13 9360 to
btusb_needs_reset_resume_table
- Bluetooth: btusb: Only check needs_reset_resume DMI table for QCA rome
chipsets
- [armhf] thermal: exynos: Reading temperature makes sense only when TMU is
turned on
- [armhf] thermal: exynos: Propagate error value from tmu_read()
- nvme: add quirk to force medium priority for SQ creation
- nvme: Fix sync controller reset return
- smb3: directory sync should not return an error
- swiotlb: silent unwanted warning "buffer is full"
- sched/core: Fix possible Spectre-v1 indexing for sched_prio_to_weight[]
- sched/autogroup: Fix possible Spectre-v1 indexing for
sched_prio_to_weight[]
- tracing/uprobe_event: Fix strncpy corner case
- [x86] perf: Fix possible Spectre-v1 indexing for hw_perf_event cache_*
- [x86] perf/cstate: Fix possible Spectre-v1 indexing for pkg_msr
- [x86] perf/msr: Fix possible Spectre-v1 indexing in the MSR driver
- perf/core: Fix possible Spectre-v1 indexing for ->aux_pages[]
- [x86] perf: Fix possible Spectre-v1 indexing for x86_pmu::event_map()
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.16.10
- 8139too: Use disable_irq_nosync() in rtl8139_poll_controller()
- bridge: check iface upper dev when setting master via ioctl
- dccp: fix tasklet usage
- ipv4: fix fnhe usage by non-cached routes
- ipv4: fix memory leaks in udp_sendmsg, ping_v4_sendmsg
- llc: better deal with too small mtu
- net: ethernet: sun: niu set correct packet size in skb
- [armhf] net: ethernet: ti: cpsw: fix packet leaking in dual_mac mode
- net/mlx4_en: Fix an error handling path in 'mlx4_en_init_netdev()'
- net/mlx4_en: Verify coalescing parameters are in range
- net/mlx5e: Err if asked to offload TC match on frag being first
- net/mlx5: E-Switch, Include VF RDMA stats in vport statistics
- net sched actions: fix refcnt leak in skbmod
- net_sched: fq: take care of throttled flows before reuse
- net: support compat 64-bit time in {s,g}etsockopt
- openvswitch: Don't swap table in nlattr_set() after OVS_ATTR_NESTED is
found
- qmi_wwan: do not steal interfaces from class drivers
- r8169: fix powering up RTL8168h
- rds: do not leak kernel memory to user land
- sctp: delay the authentication for the duplicated cookie-echo chunk
- sctp: fix the issue that the cookie-ack with auth can't get processed
- sctp: handle two v4 addrs comparison in sctp_inet6_cmp_addr
- sctp: remove sctp_chunk_put from fail_mark err path in
sctp_ulpevent_make_rcvmsg
- sctp: use the old asoc when making the cookie-ack chunk in dupcook_d
- tcp_bbr: fix to zero idle_restart only upon S/ACKed data
- tcp: ignore Fast Open on repair mode
- tg3: Fix vunmap() BUG_ON() triggered from tg3_free_consistent().
- bonding: do not allow rlb updates to invalid mac
- bonding: send learning packets for vlans on slave
- net: sched: fix error path in tcf_proto_create() when modules are not
configured
- net/mlx5e: TX, Use correct counter in dma_map error flow
- net/mlx5: Avoid cleaning flow steering table twice during error flow
- [x86] hv_netvsc: set master device
- ipv6: fix uninit-value in ip6_multipath_l3_keys()
- net/mlx5e: Allow offloading ipv4 header re-write for icmp
- udp: fix SO_BINDTODEVICE
- net/mlx5e: DCBNL fix min inline header size for dscp
- sctp: clear the new asoc's stream outcnt in sctp_stream_update
- tcp: restore autocorking
- tipc: fix one byte leak in tipc_sk_set_orig_addr()
- [x86] hv_netvsc: Fix net device attach on older Windows hosts
- ipv4: reset fnhe_mtu_locked after cache route flushed
- net/mlx5: Fix mlx5_get_vector_affinity function
- net: phy: sfp: fix the BR,min computation
- net/smc: keep clcsock reference in smc_tcp_listen_work()
- scsi: aacraid: Correct hba_send to include iu_type
- proc: do not access cmdline nor environ from file-backed areas
(CVE-2018-1120)
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.16.11
- xhci: Fix USB3 NULL pointer dereference at logical disconnect.
- usbip: usbip_host: refine probe and disconnect debug msgs to be useful
- usbip: usbip_host: delete device from busid_table after rebind
- usbip: usbip_host: run rebind from exit when module is removed
- usbip: usbip_host: fix NULL-ptr deref and use-after-free errors
- usbip: usbip_host: fix bad unlock balance during stub_probe()
- ALSA: usb: mixer: volume quirk for CM102-A+/102S+
- ALSA: hda/realtek - Clevo P950ER ALC1220 Fixup
- ALSA: hda: Add Lenovo C50 All in one to the power_save blacklist
- ALSA: control: fix a redundant-copy issue
- [amd64] spi: pxa2xx: Allow 64-bit DMA
- KVM: vmx: update sec exec controls for UMIP iff emulating UMIP
- [armhf,arm64] KVM: Properly protect VGIC locks from IRQs
- [armhf,arm64] KVM: VGIC/ITS: Promote irq_lock() in update_affinity
- [armhf,arm64] KVM: VGIC/ITS save/restore: protect kvm_read_guest() calls
- [armhf,arm64] KVM: VGIC/ITS: protect kvm_read_guest() calls with SRCU
lock
- hwmon: (k10temp) Fix reading critical temperature register
- hwmon: (k10temp) Use API function to access System Management Network
- [s390x] vfio: ccw: fix cleanup if cp_prefetch fails
- tracing/x86/xen: Remove zero data size trace events
trace_xen_mmu_flush_tlb{_all}
- vsprintf: Replace memory barrier with static_key for random_ptr_key
update
- [x86] amd_nb: Add support for Raven Ridge CPUs
- [arm64] tee: shm: fix use-after-free via temporarily dropped reference
- netfilter: nf_tables: free set name in error path
- netfilter: nf_tables: can't fail after linking rule into active rule
list
- netfilter: nf_tables: nf_tables_obj_lookup_byhandle() can be static
- [arm64] dts: marvell: armada-cp110: Add clocks for the xmdio node
- [arm64] dts: marvell: armada-cp110: Add mg_core_clk for ethernet node
- i2c: designware: fix poll-after-enable regression
- mtd: rawnand: marvell: Fix read logic for layouts with ->nchunks > 2
- [powerpc*] powerpc/powernv: Fix NVRAM sleep in invalid context when
crashing
- drm: Match sysfs name in link removal to link creation
- radix tree: fix multi-order iteration race
- mm: don't allow deferred pages with NEED_PER_CPU_KM
- [x86] drm/i915/gen9: Add WaClearHIZ_WM_CHICKEN3 for bxt and glk
- [s390x] qdio: fix access to uninitialized qdio_q fields
- [s390x] cpum_sf: ensure sample frequency of perf event attributes is
non-zero
- [s390x] qdio: don't release memory in qdio_setup_irq()
- [s390x] remove indirect branch from do_softirq_own_stack
- bcache: return 0 from bch_debug_init() if CONFIG_DEBUG_FS=n
- [x86] pkeys: Override pkey when moving away from PROT_EXEC
- [x86] pkeys: Do not special case protection key 0
- efi: Avoid potential crashes, fix the 'struct efi_pci_io_protocol_32'
definition for mixed mode
- [arm*] 8771/1: kprobes: Prohibit kprobes on do_undefinstr
- [x86] apic/x2apic: Initialize cluster ID properly
- [x86] mm: Drop TS_COMPAT on 64-bit exec() syscall
- tick/broadcast: Use for_each_cpu() specially on UP kernels
- [arm*] 8769/1: kprobes: Fix to use get_kprobe_ctlblk after irq-disabed
- [arm*] 8770/1: kprobes: Prohibit probing on optimized_callback
- [arm*] 8772/1: kprobes: Prohibit kprobes on get_user functions
- Btrfs: fix xattr loss after power failure
- Btrfs: send, fix invalid access to commit roots due to concurrent
snapshotting
- btrfs: property: Set incompat flag if lzo/zstd compression is set
- btrfs: fix crash when trying to resume balance without the resume flag
- btrfs: Split btrfs_del_delalloc_inode into 2 functions
- btrfs: Fix delalloc inodes invalidation during transaction abort
- btrfs: fix reading stale metadata blocks after degraded raid1 mounts
- x86/nospec: Simplify alternative_msr_write()
- x86/bugs: Concentrate bug detection into a separate function
- x86/bugs: Concentrate bug reporting into a separate function
- x86/bugs: Read SPEC_CTRL MSR during boot and re-use reserved bits
- x86/bugs, KVM: Support the combination of guest and host IBRS
- x86/bugs: Expose /sys/../spec_store_bypass
- x86/cpufeatures: Add X86_FEATURE_RDS
- x86/bugs: Provide boot parameters for the spec_store_bypass_disable
mitigation
- x86/bugs/intel: Set proper CPU features and setup RDS
- x86/bugs: Whitelist allowed SPEC_CTRL MSR values
- x86/bugs/AMD: Add support to disable RDS on Fam[15,16,17]h if requested
- x86/KVM/VMX: Expose SPEC_CTRL Bit(2) to the guest
- x86/speculation: Create spec-ctrl.h to avoid include hell
- prctl: Add speculation control prctls
- x86/process: Allow runtime control of Speculative Store Bypass
- x86/speculation: Add prctl for Speculative Store Bypass mitigation
- nospec: Allow getting/setting on non-current task
- proc: Provide details on speculation flaw mitigations
- seccomp: Enable speculation flaw mitigations
- x86/bugs: Make boot modes __ro_after_init
- prctl: Add force disable speculation
- seccomp: Use PR_SPEC_FORCE_DISABLE
- seccomp: Add filter flag to opt-out of SSB mitigation
- seccomp: Move speculation migitation control to arch code
- x86/speculation: Make "seccomp" the default mode for Speculative Store
Bypass
- x86/bugs: Rename _RDS to _SSBD
- proc: Use underscores for SSBD in 'status'
- Documentation/spec_ctrl: Do some minor cleanups
- x86/bugs: Fix __ssb_select_mitigation() return type
- x86/bugs: Make cpu_show_common() static
- x86/bugs: Fix the parameters alignment and missing void
- x86/cpu: Make alternative_msr_write work for 32-bit code
- KVM: SVM: Move spec control call after restore of GS
- x86/speculation: Use synthetic bits for IBRS/IBPB/STIBP
- x86/cpufeatures: Disentangle MSR_SPEC_CTRL enumeration from IBRS
- x86/cpufeatures: Disentangle SSBD enumeration
- x86/cpufeatures: Add FEATURE_ZEN
- x86/speculation: Handle HT correctly on AMD
- x86/bugs, KVM: Extend speculation control for VIRT_SPEC_CTRL
- x86/speculation: Add virtualized speculative store bypass disable
support
- x86/speculation: Rework speculative_store_bypass_update()
- x86/bugs: Unify x86_spec_ctrl_{set_guest,restore_host}
- x86/bugs: Expose x86_spec_ctrl_base directly
- x86/bugs: Remove x86_spec_ctrl_set()
- x86/bugs: Rework spec_ctrl base and mask logic
- x86/speculation, KVM: Implement support for VIRT_SPEC_CTRL/LS_CFG
- KVM: SVM: Implement VIRT_SPEC_CTRL support for SSBD
- x86/bugs: Rename SSBD_NO to SSB_NO
- bpf: Prevent memory disambiguation attack
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.16.12
- net/mlx5: Fix build break when CONFIG_SMP=n
- net: Fix a bug in removing queues from XPS map
- net/mlx4_core: Fix error handling in mlx4_init_port_info.
- net/sched: fix refcnt leak in the error path of tcf_vlan_init()
- net: sched: red: avoid hashing NULL child
- net/smc: check for missing nlattrs in SMC_PNETID messages
- net: test tailroom before appending to linear skb
- packet: in packet_snd start writing at link layer allocation
- sock_diag: fix use-after-free read in __sk_free
- tcp: purge write queue in tcp_connect_init()
- tun: fix use after free for ptr_ring
- tuntap: fix use after free during release
- cxgb4: Correct ntuple mask validation for hash filters
- [armhf] net: dsa: bcm_sf2: Fix RX_CLS_LOC_ANY overwrite for last rule
- net: dsa: Do not register devlink for unused ports
- [armhf] net: dsa: bcm_sf2: Fix IPv6 rules and chain ID
- [armhf] net: dsa: bcm_sf2: Fix IPv6 rule half deletion
- 3c59x: convert to generic DMA API
- cxgb4: fix offset in collecting TX rate limit info
- vmxnet3: set the DMA mask before the first DMA map operation
- vmxnet3: use DMA memory barriers where required
- net: ip6_gre: Request headroom in __gre6_xmit()
- net: ip6_gre: Fix headroom request in ip6erspan_tunnel_xmit()
- net: ip6_gre: Split up ip6gre_tnl_link_config()
- net: ip6_gre: Split up ip6gre_tnl_change()
- net: ip6_gre: Split up ip6gre_newlink()
- net: ip6_gre: Split up ip6gre_changelink()
- net: ip6_gre: Fix ip6erspan hlen calculation
- net: ip6_gre: fix tunnel metadata device sharing.
- [sparc*]: vio: use put_device() instead of kfree()
- ext2: fix a block leak
- [powerpc*] rfi-flush: Always enable fallback flush on pseries
- [powerpc*] Add security feature flags for Spectre/Meltdown
- [powerpc*] pseries: Add new H_GET_CPU_CHARACTERISTICS flags
- [powerpc*] pseries: Set or clear security feature flags
- [powerpc*] powerpc/powernv: Set or clear security feature flags
- [powerpc*] powerpc/64s: Move cpu_show_meltdown()
- [powerpc*] powerpc/64s: Enhance the information in cpu_show_meltdown()
- [powerpc*] powerpc/powernv: Use the security flags in
pnv_setup_rfi_flush()
- [powerpc*] powerpc/pseries: Use the security flags in
pseries_setup_rfi_flush()
- [powerpc*] powerpc/64s: Wire up cpu_show_spectre_v1()
- [powerpc*] powerpc/64s: Wire up cpu_show_spectre_v2()
- [powerpc*] powerpc/pseries: Fix clearing of security feature flags
- [powerpc*] powerpc: Move default security feature flags
- [powerpc*] powerpc/64s: Add support for a store forwarding barrier at
kernel entry/exit
- [s390x] move nobp parameter functions to nospec-branch.c
- [s390x] add automatic detection of the spectre defense
- [s390x] report spectre mitigation via syslog
- [s390x] add sysfs attributes for spectre
- [s390x] add assembler macros for CPU alternatives
- [s390x] correct nospec auto detection init order
- [s390x] correct module section names for expoline code revert
- [s390x] move expoline assembler macros to a header
- [s390x] crc32-vx: use expoline for indirect branches
- [s390x] lib: use expoline for indirect branches
- [s390x] ftrace: use expoline for indirect branches
- [s390x] kernel: use expoline for indirect branches
- [s390x] move spectre sysfs attribute code
- [s390x] extend expoline to BC instructions
- [s390x] use expoline thunks in the BPF JIT
- scsi: sg: allocate with __GFP_ZERO in sg_build_indirect()
- [s390x] scsi: zfcp: fix infinite iteration on ERP ready list
- Bluetooth: btusb: Add USB ID 7392:a611 for Edimax EW-7611ULB
- ALSA: usb-audio: Add native DSD support for Luxman DA-06
- [arm64,armhf] usb: dwc3: Add SoftReset PHY synchonization delay
- [arm64,armhf] usb: dwc3: Update DWC_usb31 GTXFIFOSIZ reg fields
- [arm64,armhf] usb: dwc3: Makefile: fix link error on randconfig
- xhci: zero usb device slot_id member when disabling and freeing a xhci slot
- [arm64,armhf] usb: dwc2: Fix interval type issue
- [arm64,armhf] usb: dwc2: hcd: Fix host channel halt flow
- [arm64,armhf] usb: dwc2: host: Fix transaction errors in host mode
- usbip: Correct maximum value of CONFIG_USBIP_VHCI_HC_PORTS
- media: em28xx: USB bulk packet size fix
- Bluetooth: btusb: Add device ID for RTL8822BE
- Bluetooth: btusb: Add support for Intel Bluetooth device 22560
[8087:0026]
- xhci: Show what USB release number the xHC supports from protocol
capablity
- loop: don't call into filesystem while holding lo_ctl_mutex
- loop: fix LOOP_GET_STATUS lock imbalance
- cfg80211: limit wiphy names to 128 bytes
- hfsplus: stop workqueue when fill_super() failed
- [x86] kexec: Avoid double free_page() upon do_kexec_load() failure
- staging: bcm2835-audio: Release resources on module_exit()
- staging: lustre: fix bug in osc_enter_cache_try
- [x86] staging: rtl8192u: return -ENOMEM on failed allocation of
priv->oldaddr
- staging: lustre: lmv: correctly iput lmo_root
- [arm64] crypto: inside-secure - move the digest to the request context
- [arm64] crypto: inside-secure - wait for the request to complete if in
the backlog
- [x86] crypto: ccp - don't disable interrupts while setting up debugfs
- [arm64] crypto: inside-secure - do not process request if no command was
issued
- [arm64] crypto: inside-secure - fix the cache_len computation
- [arm64] crypto: inside-secure - fix the extra cache computation
- [arm64] crypto: inside-secure - do not overwrite the threshold value
- [armhf] crypto: sunxi-ss - Add MODULE_ALIAS to sun4i-ss
- [arm64] crypto: inside-secure - fix the invalidation step during
cra_exit
- scsi: aacraid: Insure command thread is not recursively stopped
- scsi: devinfo: add HP DISK-SUBSYSTEM device, for HP XP arrays
- scsi: lpfc: Fix NVME Initiator FirstBurst
- scsi: core: Make SCSI Status CONDITION MET equivalent to GOOD
- scsi: mvsas: fix wrong endianness of sgpio api
- scsi: lpfc: Fix issue_lip if link is disabled
- scsi: lpfc: Fix nonrecovery of NVME controller after cable swap.
- scsi: lpfc: Fix soft lockup in lpfc worker thread during LIP testing
- scsi: lpfc: Fix IO failure during hba reset testing with nvme io.
- scsi: lpfc: Fix frequency of Release WQE CQEs
- [armhf] clk: rockchip: Fix wrong parent for SDMMC phase clock for rk3228
- clk: Don't show the incorrect clock phase
- clk: hisilicon: mark wdt_mux_p[] as const
- [arm64,armhf] clk: tegra: Fix pll_u rate configuration
- [armhf] clk: rockchip: Prevent calculating mmc phase if clock rate is
zero
- [armhf] clk: samsung: s3c2410: Fix PLL rates
- [armhf] clk: samsung: exynos7: Fix PLL rates
- [armhf] clk: samsung: exynos5260: Fix PLL rates
- [armhf] clk: samsung: exynos5433: Fix PLL rates
- [armhf] clk: samsung: exynos5250: Fix PLL rates
- [armhf] clk: samsung: exynos3250: Fix PLL rates
- clk: meson: axg: fix the od shift of the sys_pll
- clk: meson: axg: add the fractional part of the fixed_pll
- media: cx23885: Override 888 ImpactVCBe crystal frequency
- media: cx23885: Set subdev host data to clk_freq pointer
- media: em28xx: Add Hauppauge SoloHD/DualHD bulk models
- media: v4l: vsp1: Fix display stalls when requesting too many inputs
- media: i2c: adv748x: fix HDMI field heights
- media: vb2: Fix videobuf2 to map correct area
- media: vivid: fix incorrect capabilities for radio
- media: cx25821: prevent out-of-bounds read on array card
- [arm64] serial: mvebu-uart: fix tx lost characters
- [sh4] serial: sh-sci: Fix out-of-bounds access through DT alias
- [armhf] serial: samsung: Fix out-of-bounds access through serial port
index
- [armhf] serial: imx: Fix out-of-bounds access through serial port index
- [armhf] serial: arc_uart: Fix out-of-bounds access through DT alias
- [arm*] serial: 8250: Don't service RX FIFO if interrupts are disabled
- [armhf] rtc: snvs: Fix usage of snvs_rtc_enable
- rtc: hctosys: Ensure system time doesn't overflow time_t
- [arm64,armhf] rtc: rk808: fix possible race condition
- [armel/marvell] rtc: m41t80: fix race conditions
- [m68k] rtc: rp5c01: fix possible race condition
[ Romain Perier ]
* [armhf] DRM: Enable DW_HDMI_AHB_AUDIO and DW_HDMI_CEC (Closes: #897204)
* [armhf] MFD: Enable MFD_TPS65217 (Closes: #897590)
[ Ben Hutchings ]
* kbuild: use -fmacro-prefix-map to make __FILE__ a relative path
* Bump ABI to 2
* [rt] Update to 4.16.8-rt3
* [x86] KVM: VMX: Expose SSBD properly to guests.
[ Salvatore Bonaccorso ]
* [rt] Update to 4.16.7-rt1 and reenable
* [rt] certs: Reference certificate for test key used in Debian signing
service
-- Salvatore Bonaccorso <email address hidden> Sun, 27 May 2018 14:05:03 +0200
-
linux (4.16.5-1) unstable; urgency=medium
* New upstream stable update:
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.16.1
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.16.2
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.16.3
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.16.4
- ext4: limit xattr size to INT_MAX (CVE-2018-1095)
- random: fix crng_ready() test (CVE-2018-1108)
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.16.5
[ Ben Hutchings ]
* aufs: gen-patch: Fix Subject generation to skip SPDX-License-Identifier
* aufs: Update support patchset to aufs4.16-20180409 (no functional change)
* wireless: Add Debian wireless-regdb certificates (see #892229)
* Add support for compilers installed outside the default PATH
* linux-headers: Change linux-kbuild dependency to be versioned
* Set ABI to 1
* [x86,arm64] Disable code signing for upload to unstable
* debian/lib/python/debian_linux/debian.py: Fix binNMU changelog parsing
* debian/lib/python/debian_linux/debian.py: Fix binNMU revision parsing
* xfs: enhance dinode verifier (CVE-2018-10322)
* xfs: set format back to extents if xfs_bmap_extents_to_btree
(CVE-2018-10323)
* udeb: Add algif_skcipher to crypto-modules (Closes: #896968)
* ext4: fix bitmap position validation (fixes regression in 4.15.17-1)
* debian/lib/python/debian_linux/gencontrol.py: Allow uploads to *-security
with a simple revision
[ Vagrant Cascadian ]
* [arm64] Add patches to support SATA on Tegra210/Jetson-TX1.
[ James Clarke ]
* [ia64] Drop nic-modules Depends overrides (fixes FTBFS)
[ Vagrant Cascadian ]
* [arm64] Enable features to support Pinebook and other A64 systems:
CONFIG_USB_MUSB_HDRC, CONFIG_USB_MUSB_SUNXI, CONFIG_SUN8I_DE2_CCU,
CONFIG_DMA_SUN6I
* [arm64] Add patch enabling simplefb LCD on A64.
[ Roger Shimizu ]
* [armel] Add dependency of udeb modules (fixes FTBFS):
- Add lzo_decompress to lzo-modules.
- Add cmdlinepart to mtd-modules.
* [armel] Add dependency of udeb packages (fixes FTBFS):
- Add package dependency of mtd-modules to jffs2-modules.
- Add package dependency of lzo-modules to squashfs-modules.
[ Helge Deller ]
* [hppa] Switch to self-decompressing kernel to save disk space in /boot
[ Uwe Kleine-König ]
* [amd64] enable AMD 10GbE Ethernet driver (CONFIG_AMD_XGBE=m)
-- Ben Hutchings <email address hidden> Sun, 29 Apr 2018 17:09:14 +0100
-
linux (4.15.17-1) unstable; urgency=medium
* New upstream stable update:
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.15.12
- [i386] vm86: Fix POPF emulation
- [i386] speculation, objtool: Annotate indirect calls/jumps for objtool on
32-bit kernels
- [x86] speculation: Remove Skylake C2 from Speculation Control microcode
blacklist
- [x86] KVM: Fix device passthrough when SME is active
- [x86] mm: Fix vmalloc_fault to use pXd_large
- [hppa] Handle case where flush_cache_range is called with no context
- ALSA: pcm: Fix UAF in snd_pcm_oss_get_formats()
- ALSA: hda - Revert power_save option default value
- ALSA: seq: Fix possible UAF in snd_seq_check_queue()
- ALSA: seq: Clear client entry before deleting else at closing
- drm/nouveau/bl: Fix oops on driver unbind
- drm/nouveau/mmu: ALIGN_DOWN correct variable (Closes: #895750)
- drm/amdgpu: fix prime teardown order
- drm/radeon: fix prime teardown order
- drm/amdgpu/dce: Don't turn off DP sink when disconnected
- fs: Teach path_connected to handle nfs filesystems with multiple roots.
- [armhf,arm64] KVM: Reduce verbosity of KVM init log
- [armhf,arm64] KVM: Reset mapped IRQs on VM reset
- [armhf,arm64] kvm: vgic-v3: Tighten synchronization for guests using v2
on v3
- [armhf.arm64] KVM: vgic: Don't populate multiple LRs with the same vintid
- lock_parent() needs to recheck if dentry got __dentry_kill'ed under it
- fs/aio: Add explicit RCU grace period when freeing kioctx
- fs/aio: Use RCU accessors for kioctx_table->table[]
- RDMAVT: Fix synchronization around percpu_ref
- [armhf.arm64] irqchip/gic-v3-its: Ensure nr_ites >= nr_lpis
- nvme: fix subsystem multiple controllers support check
- xfs: preserve i_rdev when recycling a reclaimable inode
- btrfs: Fix NULL pointer exception in find_bio_stripe
- btrfs: add missing initialization in btrfs_check_shared
- btrfs: alloc_chunk: fix DUP stripe size handling
- btrfs: Fix use-after-free when cleaning up fs_devs with a single stale
device
- btrfs: remove spurious WARN_ON(ref->count < 0) in find_parent_nodes
- btrfs: Fix memory barriers usage with device stats counters
- scsi: qla2xxx: Fix smatch warning in qla25xx_delete_{rsp|req}_que
- scsi: qla2xxx: Fix NULL pointer access for fcport structure
- scsi: qla2xxx: Fix logo flag for qlt_free_session_done()
- scsi: qla2xxx: Fix crashes in qla2x00_probe_one on probe failure
- usb: dwc2: fix STM32F7 USB OTG HS compatible
- USB: gadget: udc: Add missing platform_device_put() on error in
bdc_pci_probe()
- usb: dwc3: Fix GDBGFIFOSPACE_TYPE values
- usb: dwc3: core: Power-off core/PHYs on system_suspend in host mode
- usb: dwc3: of-simple: fix oops by unbalanced clk disable call
- usb: gadget: udc: renesas_usb3: fix oops in renesas_usb3_remove()
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.15.13
- scsi: megaraid_sas: Do not use 32-bit atomic request descriptor for
Ventura controllers
- drm/amdgpu: use polling mem to set SDMA3 wptr for VF
- Bluetooth: hci_qca: Avoid setup failure on missing rampatch
- [arm64] Bluetooth: btqcomsmd: Fix skb double free corruption
- [x86] cpufreq: longhaul: Revert transition_delay_us to 200 ms
- [arm64] drm/msm: fix leak in failed get_pages
- IB/ipoib: Warn when one port fails to initialize
- RDMA/iwpm: Fix uninitialized error code in iwpm_send_mapinfo()
- [x86] hv_netvsc: Fix the receive buffer size limit
- [x86] hv_netvsc: Fix the TX/RX buffer default sizes
- tcp: allow TLP in ECN CWR
- libbpf: prefer global symbols as bpf program name source
- rtlwifi: rtl_pci: Fix the bug when inactiveps is enabled.
- rtlwifi: always initialize variables given to RT_TRACE()
- media: bt8xx: Fix err 'bt878_probe()'
- ath10k: handling qos at STA side based on AP WMM enable/disable
- media: dvb-frontends: Add delay to Si2168 restart
- qmi_wwan: set FLAG_SEND_ZLP to avoid network initiated disconnect
- serial: 8250_dw: Disable clock on error
- [armhf,arm64] cros_ec: fix nul-termination for firmware build info
- watchdog: Fix potential kref imbalance when opening watchdog
- watchdog: Fix kref imbalance seen if handle_boot_enabled=0
- platform/chrome: Use proper protocol transfer function
- [armhf] drm/tilcdc: ensure nonatomic iowrite64 is not used
- mmc: avoid removing non-removable hosts during suspend
- mmc: block: fix logical error to avoid memory leak
- /dev/mem: Add bounce buffer for copy-out
- [arm64] net: phy: meson-gxl: check phy_write return value
- IB/ipoib: Avoid memory leak if the SA returns a different DGID
- RDMA/cma: Use correct size when writing netlink stats
- IB/umem: Fix use of npages/nmap fields
- iser-target: avoid reinitializing rdma contexts for isert commands
- bpf/cgroup: fix a verification error for a CGROUP_DEVICE type prog
- PCI/ASPM: Calculate LTR_L1.2_THRESHOLD from device characteristics
- vgacon: Set VGA struct resource types
- [armhf] omapdrm: panel: fix compatible vendor string for td028ttec1
- [arm64] mmc: sdhci-xenon: wait 5ms after set 1.8V signal enable
- [armhf] drm/omap: DMM: Check for DMM readiness after successful
transaction commit
- pty: cancel pty slave port buf's work in tty_release
- clk: check ops pointer on clock register
- clk: use round rate to bail out early in set_rate
- pinctrl: Really force states during suspend/resume
- [armhf,arm64] pinctrl: rockchip: enable clock when reading pin direction
register
- [x86] iommu/vt-d: clean up pr_irq if request_threaded_irq fails
- ip6_vti: adjust vti mtu according to mtu of lower device
- ip_gre: fix error path when erspan_rcv failed
- ip_gre: fix potential memory leak in erspan_rcv
- [arm64] soc: qcom: smsm: fix child-node lookup
- scsi: lpfc: Fix SCSI LUN discovery when SCSI and NVME enabled
- scsi: lpfc: Fix issues connecting with nvme initiator
- RDMA/ocrdma: Fix permissions for OCRDMA_RESET_STATS
- nfsd4: permit layoutget of executable-only files
- clk: Don't touch hardware when reparenting during registration
- hwrng: core - Clean up RNG list when last hwrng is unregistered
- [armhf] dmaengine: ti-dma-crossbar: Fix event mapping for
TPCC_EVT_MUX_60_63
- IB/mlx5: Fix integer overflows in mlx5_ib_create_srq
- IB/mlx5: Fix out-of-bounds read in create_raw_packet_qp_rq
- [x86] RDMA/vmw_pvrdma: Fix usage of user response structures in ABI file
- serial: 8250_pci: Don't fail on multiport card class
- RDMA/core: Do not use invalid destination in determining port reuse
- clk: migrate the count of orphaned clocks at init
- RDMA/ucma: Fix access to non-initialized CM_ID object
- RDMA/ucma: Don't allow join attempts for unsupported AF family
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.15.14
- [armhf] iio: st_pressure: st_accel: pass correct platform data to init
- [arm64] iio: adc: meson-saradc: unlock on error in meson_sar_adc_lock()
- ALSA: usb-audio: Fix parsing descriptor of UAC2 processing unit
- ALSA: aloop: Sync stale timer before release
- ALSA: aloop: Fix access to not-yet-ready substream via cable
- ALSA: hda - Force polling mode on CFL for fixing codec communication
- ALSA: hda/realtek - Fix speaker no sound after system resume
- ALSA: hda/realtek - Fix Dell headset Mic can't record
- ALSA: hda/realtek - Always immediately update mute LED with pin VREF
- mmc: core: Fix tracepoint print of blk_addr and blksz
- mmc: core: Disable HPI for certain Micron (Numonyx) eMMC cards
- mmc: block: fix updating ext_csd caches on ioctl call
- [armhf] mmc: dw_mmc: Fix the DTO/CTO timeout overflow calculation for
32-bit systems
- [armhf] mmc: dw_mmc: exynos: fix the suspend/resume issue for exynos5433
- [armhf,arm64] mmc: dw_mmc: fix falling from idmac to PIO mode when
dw_mci_reset occurs
- PCI: Add function 1 DMA alias quirk for Highpoint RocketRAID 644L
- lockdep: fix fs_reclaim warning
- [armhf,arm64] clk: bcm2835: Fix ana->maskX definitions
- [armhf,arm64] clk: bcm2835: Protect sections updating shared registers
- [armhf,arm64] clk: sunxi-ng: a31: Fix CLK_OUT_* clock ops
- RDMA/mlx5: Fix crash while accessing garbage pointer and freed memory
- [x86] Drivers: hv: vmbus: Fix ring buffer signaling
- [armhf] pinctrl: samsung: Validate alias coming from DT
- Bluetooth: btusb: Remove Yoga 920 from the btusb_needs_reset_resume_table
- Bluetooth: btusb: Add Dell OptiPlex 3060 to btusb_needs_reset_resume_table
- Bluetooth: btusb: Fix quirk for Atheros 1525/QCA6174
- libata: fix length validation of ATAPI-relayed SCSI commands
- libata: remove WARN() for DMA or PIO command without data
- libata: don't try to pass through NCQ commands to non-NCQ devices
- libata: Apply NOLPM quirk to Crucial MX100 512GB SSDs
- libata: disable LPM for Crucial BX100 SSD 500GB drive
- libata: Enable queued TRIM for Samsung SSD 860
- libata: Apply NOLPM quirk to Crucial M500 480 and 960GB SSDs
- libata: Make Crucial BX100 500GB LPM quirk apply to all firmware versions
- libata: Modify quirks for MX100 to limit NCQ_TRIM quirk to MU01 version
- sched, cgroup: Don't reject lower cpu.max on ancestors
- cgroup: fix rule checking for threaded mode switching
- nfsd: remove blocked locks on client teardown
- hugetlbfs: check for pgoff value overflow (CVE-2018-7740)
- [x86] mm: implement free pmd/pte page interfaces
- mm/khugepaged.c: convert VM_BUG_ON() to collapse fail
- mm/thp: do not wait for lock_page() in deferred_split_scan()
- mm/shmem: do not wait for lock_page() in shmem_unused_huge_shrink()
- Revert "mm: page_alloc: skip over regions of invalid pfns where possible"
- [x86] drm/vmwgfx: Fix black screen and device errors when running without
fbdev
- [x86] drm/vmwgfx: Fix a destoy-while-held mutex problem.
- drm/radeon: Don't turn off DP sink when disconnected
- drm/amd/display: We shouldn't set format_default on plane as atomic driver
- drm/amd/display: Add one to EDID's audio channel count when passing to DC
- drm: Reject getfb for multi-plane framebuffers
- drm: udl: Properly check framebuffer mmap offsets
- mm/vmscan: wake up flushers for legacy cgroups too
- module: propagate error in modules_open()
- acpi, numa: fix pxm to online numa node associations
- ACPI / watchdog: Fix off-by-one error at resource assignment
- libnvdimm, {btt, blk}: do integrity setup before add_disk()
- brcmfmac: fix P2P_DEVICE ethernet address generation
- rtlwifi: rtl8723be: Fix loss of signal
- tracing: probeevent: Fix to support minus offset from symbol
- mtdchar: fix usage of mtd_ooblayout_ecc()
- staging: ncpfs: memory corruption in ncp_read_kernel() (CVE-2018-8822)
- [i386] can: cc770: Fix stalls on rt-linux, remove redundant IRQ ack
- [i386] can: cc770: Fix queue stall & dropped RTR reply
- [i386] can: cc770: Fix use after free in cc770_tx_interrupt()
- tty: vt: fix up tabstops properly
- [amd64] entry: Don't use IST entry for #BP stack
- [amd64] vsyscall: Use proper accessor to update P4D entry
- [x86] efi: Free efi_pgd with free_pages()
- posix-timers: Protect posix clock array access against speculation
- [x86] kvm: fix icebp instruction handling
- [amd64] build: Force the linker to use 2MB page size
- [amd64] boot: Verify alignment of the LOAD segment
- [x86] hwmon: (k10temp) Only apply temperature offset if result is positive
- [x86] hwmon: (k10temp) Add temperature offset for Ryzen 1900X
- [x86] perf/intel/uncore: Fix Skylake UPI event format
- perf stat: Fix CVS output format for non-supported counters
- perf/core: Fix ctx_event_type in ctx_resched()
- trace/bpf: remove helper bpf_perf_prog_read_value from tracepoint type
programs
- [x86] perf/intel: Don't accidentally clear high bits in bdw_limit_period()
- [x86] perf/intel/uncore: Fix multi-domain PCI CHA enumeration bug on
Skylake servers
- iio: ABI: Fix name of timestamp sysfs file
- bpf: skip unnecessary capability check
- [amd64] bpf: increase number of passes
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.15.15
- net: dsa: Fix dsa_is_user_port() test inversion
- openvswitch: meter: fix the incorrect calculation of max delta_t
- qed: Fix MPA unalign flow in case header is split across two packets.
- tcp: purge write queue upon aborting the connection
- qed: Fix non TCP packets should be dropped on iWARP ll2 connection
- net: phy: relax error checking when creating sysfs link netdev->phydev
- devlink: Remove redundant free on error path
- macvlan: filter out unsupported feature flags
- net: ipv6: keep sk status consistent after datagram connect failure
- ipv6: old_dport should be a __be16 in __ip6_datagram_connect()
- ipv6: sr: fix NULL pointer dereference when setting encap source address
- ipv6: sr: fix scheduling in RCU when creating seg6 lwtunnel state
- net: phy: Tell caller result of phy_change()
- ipv6: Reflect MTU changes on PMTU of exceptions for MTU-less routes
- net sched actions: return explicit error when tunnel_key mode is not
specified
- ppp: avoid loop in xmit recursion detection code
- rhashtable: Fix rhlist duplicates insertion
- sch_netem: fix skb leak in netem_enqueue()
- ieee802154: 6lowpan: fix possible NULL deref in lowpan_device_event()
- net: use skb_to_full_sk() in skb_update_prio()
- net: Fix hlist corruptions in inet_evict_bucket()
- [s390x] qeth: free netdevice when removing a card
- [s390x] qeth: when thread completes, wake up all waiters
- [s390x] qeth: lock read device while queueing next buffer
- [s390x] qeth: on channel error, reject further cmd requests
- dccp: check sk for closed state in dccp_sendmsg()
- ipv6: fix access to non-linear packet in ndisc_fill_redirect_hdr_option()
- l2tp: do not accept arbitrary sockets
- [armhf] net: ethernet: ti: cpsw: add check for in-band mode setting with
RGMII PHY interface
- [armhf] net: fec: Fix unbalanced PM runtime calls
- [s390x] net/iucv: Free memory obtained by kzalloc
- netlink: avoid a double skb free in genlmsg_mcast()
- net: Only honor ifindex in IP_PKTINFO if non-0
- net: systemport: Rewrite __bcm_sysport_tx_reclaim()
- qede: Fix qedr link update
- skbuff: Fix not waking applications when errors are enqueued
- team: Fix double free in error path
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.15.16
- [armhf] OMAP: Fix SRAM W+X mapping
- [armhf] 8746/1: vfp: Go back to clearing vfp_current_hw_state[]
- [armhf] dts: sun6i: a31s: bpi-m2: improve pmic properties
- [armhf] dts: sun6i: a31s: bpi-m2: add missing regulators
- mtd: jedec_probe: Fix crash in jedec_read_mfr()
- ALSA: usb-audio: Add native DSD support for TEAC UD-301
- ALSA: pcm: Use dma_bytes as size parameter in dma_mmap_coherent()
- ALSA: pcm: potential uninitialized return values
- perf/hwbp: Simplify the perf-hwbp code, fix documentation
- ceph: only dirty ITER_IOVEC pages for direct read
- ipc/shm.c: add split function to shm_vm_ops
- [powerpc*] mm: Add tracking of the number of coprocessors using a context
- [powerpc*] mm: Workaround Nest MMU bug with TLB invalidations
- [powerpc*] 64s: Fix lost pending interrupt due to race causing lost
update to irq_happened
- [powerpc*] 64s: Fix i-side SLB miss bad address handler saving
nonvolatile GPRs
- partitions/msdos: Unable to mount UFS 44bsd partitions
- xfrm_user: uncoditionally validate esn replay attribute struct
- RDMA/ucma: Check AF family prior resolving address
- RDMA/ucma: Fix use-after-free access in ucma_close
- RDMA/ucma: Ensure that CM_ID exists prior to access it
- RDMA/rdma_cm: Fix use after free race with process_one_req
- RDMA/ucma: Check that device is connected prior to access it
- RDMA/ucma: Check that device exists prior to accessing it
- RDMA/ucma: Introduce safer rdma_addr_size() variants
- ipv6: fix possible deadlock in rt6_age_examine_exception()
- net: xfrm: use preempt-safe this_cpu_read() in ipcomp_alloc_tfms()
- xfrm: Refuse to insert 32 bit userspace socket policies on 64 bit systems
- percpu: add __GFP_NORETRY semantics to the percpu balancing path
- netfilter: x_tables: make allocation less aggressive
- netfilter: bridge: ebt_among: add more missing match size checks
- l2tp: fix races with ipv4-mapped ipv6 addresses
- netfilter: drop template ct when conntrack is skipped.
- netfilter: x_tables: add and use xt_check_proc_name
- [arm64] phy: qcom-ufs: add MODULE_LICENSE tag
- Bluetooth: Fix missing encryption refresh on Security Request
- [x86] drm/i915/dp: Write to SET_POWER dpcd to enable MST hub.
- bitmap: fix memset optimization on big-endian systems
- [x86] mei: remove dev_err message on an unsupported ioctl
- /dev/mem: Avoid overwriting "err" in read_mem()
- media: usbtv: prevent double free in error case (CVE-2017-17975)
- crypto: lrw - Free rctx->ext with kzfree
- [arm64] crypto: inside-secure - fix clock management
- crypto: testmgr - Fix incorrect values in PKCS#1 test vector
- crypto: ahash - Fix early termination in hash walk
- [x86] crypto: ccp - return an actual key size from RSA max_size callback
- [arm*] crypto - Fix random regeneration of S_shipped
- [x86] crypto: cast5-avx - fix ECB encryption when long sg follows short
one
- Btrfs: fix unexpected cow in run_delalloc_nocow
- [x86] staging: comedi: ni_mio_common: ack ai fifo error interrupts.
- Revert "base: arch_topology: fix section mismatch build warnings"
- [x86] Input: ALPS - fix TrackStick detection on Thinkpad L570 and
Latitude 7370
- [x86] Input: i8042 - add Lenovo ThinkPad L460 to i8042 reset list
- [x86] Input: i8042 - enable MUX on Sony VAIO VGN-CS series to fix touchpad
- vt: change SGR 21 to follow the standards
- [arm64] net: hns: Fix ethtool private flags (CVE-2017-18222)
- Fix slab name "biovec-(1<<(21-12))"
- [armhf] Revert "ARM: dts: am335x-pepper: Fix the audio CODEC's reset pin"
- [armhf] Revert "ARM: dts: omap3-n900: Fix the audio CODEC's reset pin"
- Revert "cpufreq: Fix governor module removal race"
- Revert "ip6_vti: adjust vti mtu according to mtu of lower device"
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.15.17
- i40iw: Fix sequence number for the first partial FPDU
- i40iw: Correct Q1/XF object count equation
- i40iw: Validate correct IRD/ORD connection parameters
- [arm64] clk: meson: mpll: use 64-bit maths in params_from_rate
- ipv6: Reinject IPv6 packets if IPsec policy matches after SNAT
- thermal: power_allocator: fix one race condition issue for
thermal_instances list
- perf probe: Find versioned symbols from map
- perf probe: Add warning message if there is unexpected event name
- perf evsel: Fix swap for samples with raw data
- perf evsel: Enable ignore_missing_thread for pid option
- l2tp: fix missing print session offset info
- rds; Reset rs->rs_bound_addr in rds_add_bound() failure path
- [x86] ACPI / video: Default lcd_only to true on Win8-ready and newer
machines
- net/mlx4_en: Change default QoS settings
- IB/mlx5: Report inner RSS capability
- VFS: close race between getcwd() and d_move()
- [armhf,arm64] watchdog: dw_wdt: add stop watchdog operation
- clk: divider: fix incorrect usage of container_of
- PM / devfreq: Fix potential NULL pointer dereference in governor_store
- gpiolib: don't dereference a desc before validation
- net_sch: red: Fix the new offload indication
- [arm64] thermal/drivers/hisi: Remove bogus const from function return type
- RDMA/cma: Mark end of CMA ID messages
- f2fs: fix lock dependency in between dio_rwsem & i_mmap_sem
- [armhf] clk: sunxi-ng: a83t: Add M divider to TCON1 clock
- media: videobuf2-core: don't go out of the buffer range
- [x86] ASoC: Intel: Skylake: Disable clock gating during firmware and
library download
- [x86] ASoC: Intel: cht_bsw_rt5645: Analog Mic support
- [arm64] drm/msm: Fix NULL deref in adreno_load_gpu
- IB/ipoib: Fix for notify send CQ failure messages
- scsi: libiscsi: Allow sd_shutdown on bad transport
- scsi: mpt3sas: Proper handling of set/clear of "ATA command pending" flag.
- [armhf,arm64] irqchip/gic-v3: Fix the driver probe() fail due to disabled
GICC entry
- ACPI: EC: Fix debugfs_create_*() usage
- mac80211: Fix setting TX power on monitor interfaces
- vfb: fix video mode and line_length being set when loaded
- gpio: label descriptors using the device name
- [arm64] asid: Do not replace active_asids if already 0
- [powerpc*] powernv-cpufreq: Add helper to extract pstate from PMSR
- IB/rdmavt: Allocate CQ memory on the correct node
- blk-mq: avoid to map CPU into stale hw queue
- blk-mq: fix race between updating nr_hw_queues and switching io sched
- nvme-fabrics: protect against module unload during create_ctrl
- nvme-fabrics: don't check for non-NULL module in nvmf_register_transport
- [x86] pinctrl: baytrail: Enable glitch filter for GPIOs used as interrupts
- nvme_fcloop: disassocate local port structs
- nvme_fcloop: fix abort race condition
- tpm: return a TPM_RC_COMMAND_CODE response if command is not implemented
- perf report: Fix a no annotate browser displayed issue
- [x86] staging: lustre: disable preempt while sampling processor id.
- [x86] ASoC: Intel: sst: Fix the return value o
'sst_send_byte_stream_mrfld()'
- [armhf] power: supply: axp288_charger: Properly stop work on probe-error
/ remove
- rt2x00: do not pause queue unconditionally on error path
- wl1251: check return from call to wl1251_acx_arp_ip_filter
- net/mlx5: Fix race for multiple RoCE enable
- bcache: ret IOERR when read meets metadata error
- bcache: stop writeback thread after detaching
- bcache: segregate flash only volume write streams
- scsi: libsas: Use dynamic alloced work to avoid sas event lost
- net: Fix netdev_WARN_ONCE macro
- scsi: libsas: fix memory leak in sas_smp_get_phy_events() (CVE-2018-7757)
- scsi: libsas: fix error when getting phy events
- scsi: libsas: initialize sas_phy status according to response of DISCOVER
- net/mlx5e: IPoIB, Use correct timestamp in child receive flow
- blk-mq: fix kernel oops in blk_mq_tag_idle()
- tty: n_gsm: Allow ADM response in addition to UA for control dlci
- block, bfq: put async queues for root bfq groups too
- serdev: Fix serdev_uevent failure on ACPI enumerated serdev-controllers
- i40evf: don't rely on netif_running() outside rtnl_lock()
- drm/amd/powerplay: fix memory leakage when reload (v2)
- cxgb4vf: Fix SGE FL buffer initialization logic for 64K pages
- PM / domains: Don't skip driver's ->suspend|resume_noirq() callbacks
- scsi: megaraid_sas: Error handling for invalid ldcount provided by
firmware in RAID map
- scsi: megaraid_sas: unload flag should be set after scsi_remove_host is
called
- RDMA/cma: Fix rdma_cm path querying for RoCE
- [x86] gart: Exclude GART aperture from vmcore
- sdhci: Advertise 2.0v supply on SDIO host controller
- Input: goodix - disable IRQs while suspended
- mtd: mtd_oobtest: Handle bitflips during reads
- crypto: aes-generic - build with -Os on gcc-7+
- perf tools: Fix copyfile_offset update of output offset
- tcmu: release blocks for partially setup cmds
- [x86] thermal: int3400_thermal: fix error handling in
int3400_thermal_probe()
- [x86] drm/i915/cnp: Ignore VBT request for know invalid DDC pin.
- [x86] drm/i915/cnp: Properly handle VBT ddc pin out of bounds.
- [x86] microcode: Propagate return value from updating functions
- [x86] CPU: Add a microcode loader callback
- [x86] CPU: Check CPU feature bits after microcode upgrade
- [x86] microcode: Get rid of struct apply_microcode_ctx
- [x86] microcode/intel: Check microcode revision before updating sibling
threads
- [x86] microcode/intel: Writeback and invalidate caches before updating
microcode
- [x86] microcode: Do not upload microcode if CPUs are offline
- [x86] microcode/intel: Look into the patch cache first
- [x86] microcode: Request microcode on the BSP
- [x86] microcode: Synchronize late microcode loading
- [x86] microcode: Attempt late loading only when new microcode is present
- [x86] microcode: Fix CPU synchronization routine
- arp: fix arp_filter on l3slave devices
- ipv6: the entire IPv6 header chain must fit the first fragment
- lan78xx: Crash in lan78xx_writ_reg (Workqueue: events
lan78xx_deferred_multicast_write)
- net: dsa: Discard frames from unused ports
- net: fix possible out-of-bound read in skb_network_protocol()
- net/ipv6: Fix route leaking between VRFs
- net/ipv6: Increment OUTxxx counters after netfilter hook
- netlink: make sure nladdr has correct size in netlink_connect()
- net/mlx5e: Verify coalescing parameters in range
- net sched actions: fix dumping which requires several messages to user
space
- net/sched: fix NULL dereference in the error path of tcf_bpf_init()
- pptp: remove a buggy dst release in pptp_connect()
- r8169: fix setting driver_data after register_netdev
- sctp: do not leak kernel memory to user space
- sctp: sctp_sockaddr_af must check minimal addr length for AF_INET6
- sky2: Increase D3 delay to sky2 stops working after suspend
- vhost: correctly remove wait queue during poll failure
- vlan: also check phy_driver ts_info for vlan's real device
- vrf: Fix use after free and double free in vrf_finish_output
- bonding: fix the err path for dev hwaddr sync in bond_enslave
- bonding: move dev_mc_sync after master_upper_dev_link in bond_enslave
- bonding: process the err returned by dev_set_allmulti properly in
bond_enslave
- net: fool proof dev_valid_name()
- ip_tunnel: better validate user provided tunnel names
- ipv6: sit: better validate user provided tunnel names
- ip6_gre: better validate user provided tunnel names
- ip6_tunnel: better validate user provided tunnel names
- vti6: better validate user provided tunnel names
- net/mlx5e: Set EQE based as default TX interrupt moderation mode
- net_sched: fix a missing idr_remove() in u32_delete_key()
- net/sched: fix NULL dereference in the error path of tcf_vlan_init()
- net/mlx5e: Avoid using the ipv6 stub in the TC offload neigh update path
- net/mlx5e: Fix memory usage issues in offloading TC flows
- net/sched: fix NULL dereference in the error path of tcf_sample_init()
- nfp: use full 40 bits of the NSP buffer address
- ipv6: sr: fix seg6 encap performances with TSO enabled
- net/mlx5e: Don't override vport admin link state in switchdev mode
- net/mlx5e: Sync netdev vxlan ports at open
- net/sched: fix NULL dereference in the error path of tunnel_key_init()
- net/sched: fix NULL dereference on the error path of tcf_skbmod_init()
- strparser: Fix sign of err codes
- net/mlx4_en: Fix mixed PFC and Global pause user control requests
- net/mlx5e: Fix traffic being dropped on VF representor
- vhost: validate log when IOTLB is enabled
- route: check sysctl_fib_multipath_use_neigh earlier than hash
- team: move dev_mc_sync after master_upper_dev_link in team_port_add
- vhost_net: add missing lock nesting notation
- net/mlx4_core: Fix memory leak while delete slave's resources
[ Roger Shimizu ]
* [armel] Bring back armel build by reverting two commits that disabled
armel previously:
- [2ed70eb] "Add empty featuresets for armel to help abiupdate script"
- [5f62872] "(Temporarily) disable armel kernel image build"
* [armel] Reduce armel image size by:
- Set CONFIG_CRYPTO_MANAGER_DISABLE_TESTS=y
- Change MTD, MTD_CMDLINE_PARTS, RTC_DRV_MV, and SPI_ORION from
built-in to module.
- Disable VT, ZSWAP, RD_BZIP2, and RD_LZMA.
Thanks to Leigh Brown <email address hidden> for his idea to disable VT.
* [armel] Add dependency of udeb modules (fixes FTBFS):
- Add lzo_decompress to lzo-modules.
- Add cmdlinepart to mtd-modules.
* [armel] Add dependency of udeb packages (fixes FTBFS):
- Add package dependency of mtd-modules to jffs2-modules.
- Add package dependency of lzo-modules to squashfs-modules.
[ Ben Hutchings ]
* wireless: Disable regulatory.db direct loading (see #892229)
* Bump ABI to 3
* scsi: libsas: direct call probe and destruct (CVE-2017-18232)
* ext4: fail ext4_iget for root directory if unallocated (CVE-2018-1092)
* ext4: add validity checks for bitmap block numbers (CVE-2018-1093)
* ext4: always initialize the crc32c checksum driver (CVE-2018-1094)
* scsi: libsas: defer ata device eh commands to libata (CVE-2018-10021)
* [armel/marvell] linux-image: Replace supported model list with wiki link
* [armhf] udeb: Add i2c-exynos5 to i2c-modules (Closes: #895976)
* [arm*] iio: Enable DHT11 as module (Closes: #873176)
* udeb: Move arc4 and ecb from nic-wireless-modules to crypto-modules
(Closes: #895362)
* SCSI: Enable SCSI_SYM53C8XX_2 as module on all architectures
(Closes: #895532)
* [x86] Enable MFD_AXP20X_I2C, AXP288_FUEL_GAUGE as modules (Closes: #895129)
* w1: Enable all "slave" device drivers (Closes: #895340)
* [arm64] net/phy: Enable MDIO_BUS_MUX_MMIOREG as module (Closes: #894336)
* [x86] net: Enable THUNDERBOLT_NET as module (Closes: #894310)
* [x86] platform: Enable DELL_SMBIOS_SMM, DELL_SMBIOS_WMI as modules
(closes: #893976)
* ath9k_htc: Fix regression in 4.15, thanks to Ben Caradoc-Davies
(Closes: #891060)
- mac80211: add ieee80211_hw flag for QoS NDP support
- ath9k_htc: use non-QoS NDP for AP probing
* squashfs: Enable SQUASHFS_ZSTD (Closes: #883410)
* block: Enable BLK_SED_OPAL (except on armel)
* [arm64] Enable ARCH_SYNQUACER and related driver modules (Closes: #891787)
* [arm64] PCI: Enable PCI_TEGRA (Closes: #888817)
* [amd64] net: Enable AQTION as module
* udeb: Rename lzo-modules to compress-modules
* udeb: Add zstd_decompress to compress-modules and make squashfs-modules
depend on it
[ Vagrant Cascadian ]
* [armhf] Add patch to fix loading of imx6q-cpufreq module.
-- Ben Hutchings <email address hidden> Thu, 19 Apr 2018 11:13:03 +0100
-
linux (4.15.11-1) unstable; urgency=medium
* New upstream stable update:
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.15.5
- IB/umad: Fix use of unprotected device pointer
- IB/qib: Fix comparison error with qperf compare/swap test
- IB/mlx4: Fix incorrectly releasing steerable UD QPs when have only ETH
ports
- IB/core: Fix two kernel warnings triggered by rxe registration
- IB/core: Fix ib_wc structure size to remain in 64 bytes boundary
- IB/core: Avoid a potential OOPs for an unused optional parameter
- RDMA/rxe: Fix a race condition related to the QP error state
- RDMA/rxe: Fix a race condition in rxe_requester()
- RDMA/rxe: Fix rxe_qp_cleanup()
- [powerpc*] cpufreq: powernv: Dont assume distinct pstate values for
nominal and pmin
- swiotlb: suppress warning when __GFP_NOWARN is set
- PM / devfreq: Propagate error from devfreq_add_device()
- mwifiex: resolve reset vs. remove()/shutdown() deadlocks
- ocfs2: try a blocking lock before return AOP_TRUNCATED_PAGE
- trace_uprobe: Display correct offset in uprobe_events
- [powerpc*] radix: Remove trace_tlbie call from radix__flush_tlb_all
- [powerpc*] kernel: Block interrupts when updating TIDR
- [powerpc*] vas: Don't set uses_vas for kernel windows
- [powerpc*] numa: Invalidate numa_cpu_lookup_table on cpu remove
- [powerpc*] mm: Flush radix process translations when setting MMU type
- [powerpc*] xive: Use hw CPU ids when configuring the CPU queues
- dma-buf: fix reservation_object_wait_timeout_rcu once more v2
- [s390x] fix handling of -1 in set{,fs}[gu]id16 syscalls
- [arm64] dts: msm8916: Correct ipc references for smsm
- [x86] gpu: add CFL to early quirks
- [x86] kexec: Make kexec (mostly) work in 5-level paging mode
- [x86] xen: init %gs very early to avoid page faults with stack protector
- [x86] PM: Make APM idle driver initialize polling state
- mm, memory_hotplug: fix memmap initialization
- [amd64] entry: Clear extra registers beyond syscall arguments, to reduce
speculation attack surface
- [amd64] entry/compat: Clear registers for compat syscalls, to reduce
speculation attack surface
- [armhf] crypto: sun4i_ss_prng - fix return value of sun4i_ss_prng_generate
- [armhf] crypto: sun4i_ss_prng - convert lock to _bh in
sun4i_ss_prng_generate
- [powerpc*] mm/radix: Split linear mapping on hot-unplug
- [x86] speculation: Update Speculation Control microcode blacklist
- [x86] speculation: Correct Speculation Control microcode blacklist again
- [x86] Revert "x86/speculation: Simplify
indirect_branch_prediction_barrier()"
- [x86] KVM: Reduce retpoline performance impact in
slot_handle_level_range(), by always inlining iterator helper methods
- [X86] nVMX: Properly set spec_ctrl and pred_cmd before merging MSRs
- [x86] KVM/nVMX: Set the CPU_BASED_USE_MSR_BITMAPS if we have a valid L02
MSR bitmap
- [x86] speculation: Clean up various Spectre related details
- PM / runtime: Update links_count also if !CONFIG_SRCU
- PM: cpuidle: Fix cpuidle_poll_state_init() prototype
- [x86] platform: wmi: fix off-by-one write in wmi_dev_probe()
- [amd64] entry: Clear registers for exceptions/interrupts, to reduce
speculation attack surface
- [amd64] entry: Merge SAVE_C_REGS and SAVE_EXTRA_REGS, remove unused
extensions
- [amd64] entry: Merge the POP_C_REGS and POP_EXTRA_REGS macros into a
single POP_REGS macro
- [amd64] entry: Interleave XOR register clearing with PUSH instructions
- [amd64] entry: Introduce the PUSH_AND_CLEAN_REGS macro
- [amd64] entry: Use PUSH_AND_CLEAN_REGS in more cases
- [amd64] entry: Get rid of the ALLOC_PT_GPREGS_ON_STACK and
SAVE_AND_CLEAR_REGS macros
- [amd64] entry: Indent PUSH_AND_CLEAR_REGS and POP_REGS properly
- [amd64] entry: Fix paranoid_entry() frame pointer warning
- [amd64] entry: Remove the unused 'icebp' macro
- gfs2: Fixes to "Implement iomap for block_map"
- objtool: Fix segfault in ignore_unreachable_insn()
- [x86] debug, objtool: Annotate WARN()-related UD2 as reachable
- [x86] debug: Use UD2 for WARN()
- [x86] speculation: Fix up array_index_nospec_mask() asm constraint
- nospec: Move array_index_nospec() parameter checking into separate macro
- [x86] speculation: Add <asm/msr-index.h> dependency
- [x86] mm: Rename flush_tlb_single() and flush_tlb_one() to
__flush_tlb_one_[user|kernel]()
- [x86] cpu: Rename cpu_data.x86_mask to cpu_data.x86_stepping
- [x86] spectre: Fix an error message
- [x86] cpu: Change type of x86_cache_size variable to unsigned int
- [amd64] entry: Fix CR3 restore in paranoid_exit()
- drm/ttm: Don't add swapped BOs to swap-LRU list
- drm/ttm: Fix 'buf' pointer update in ttm_bo_vm_access_kmap() (v2)
- drm/qxl: unref cursor bo when finished with it
- drm/qxl: reapply cursor after resetting primary
- drm/amd/powerplay: Fix smu_table_entry.handle type
- drm/ast: Load lut in crtc_commit
- drm: Check for lessee in DROP_MASTER ioctl
- [arm64] Add missing Falkor part number for branch predictor hardening
- drm/radeon: Add dpm quirk for Jet PRO (v2)
- drm/radeon: adjust tested variable
- [x86] smpboot: Fix uncore_pci_remove() indexing bug when hot-removing a
physical CPU
- [powerpc*] rtc-opal: Fix handling of firmware error codes, prevent busy
loops
- mbcache: initialize entry->e_referenced in mb_cache_entry_create()
- mmc: sdhci: Implement an SDHCI-specific bounce buffer
- [armhf,arm64] mmc: bcm2835: Don't overwrite max frequency unconditionally
- [arm64] Revert "mmc: meson-gx: include tx phase in the tuning process"
- mlx5: fix mlx5_get_vector_affinity to start from completion vector 0
- [x86] Revert "apple-gmux: lock iGP IO to protect from vgaarb changes"
- ext4: fix a race in the ext4 shutdown path
- ext4: save error to disk in __ext4_grp_locked_error()
- ext4: correct documentation for grpid mount option
- mm: Fix memory size alignment in devm_memremap_pages_release()
- [mips*] Fix typo BIG_ENDIAN to CPU_BIG_ENDIAN
- [mips*] CPS: Fix MIPS_ISA_LEVEL_RAW fallout
- [mips*] Fix incorrect mem=X@Y handling
- [arm64] PCI: Disable MSI for HiSilicon Hip06/Hip07 only in Root Port mode
- [armhf,arm64] PCI: iproc: Fix NULL pointer dereference for BCMA
- [x86] PCI: pciehp: Assume NoCompl+ for Thunderbolt ports
- console/dummy: leave .con_font_get set to NULL
- rbd: whitelist RBD_FEATURE_OPERATIONS feature bit
- xen: Fix {set,clear}_foreign_p2m_mapping on autotranslating guests
- xenbus: track caller request id
- seq_file: fix incomplete reset on read from zero offset
- tracing: Fix parsing of globs with a wildcard at the beginning
- mpls, nospec: Sanitize array index in mpls_label_ok() (CVE-2017-5753)
- rtlwifi: rtl8821ae: Fix connection lost problem correctly
- [arm64] proc: Set PTE_NG for table entries to avoid traversing them twice
- xprtrdma: Fix calculation of ri_max_send_sges
- xprtrdma: Fix BUG after a device removal
- blk-wbt: account flush requests correctly
- target/iscsi: avoid NULL dereference in CHAP auth error path
- iscsi-target: make sure to wake up sleeping login worker
- dm: correctly handle chained bios in dec_pending()
- Btrfs: fix deadlock in run_delalloc_nocow
- Btrfs: fix crash due to not cleaning up tree log block's dirty bits
- Btrfs: fix extent state leak from tree log
- Btrfs: fix btrfs_evict_inode to handle abnormal inodes correctly
- Btrfs: fix use-after-free on root->orphan_block_rsv
- Btrfs: fix unexpected -EEXIST when creating new inode
- 9p/trans_virtio: discard zero-length reply
- mtd: nand: vf610: set correct ooblayout
- ALSA: hda - Fix headset mic detection problem for two Dell machines
- ALSA: usb-audio: Fix UAC2 get_ctl request with a RANGE attribute
- ALSA: hda/realtek - Add headset mode support for Dell laptop
- ALSA: hda/realtek - Enable Thinkpad Dock device for ALC298 platform
- ALSA: hda/realtek: PCI quirk for Fujitsu U7x7
- ALSA: usb-audio: add implicit fb quirk for Behringer UFX1204
- ALSA: usb: add more device quirks for USB DSD devices
- ALSA: seq: Fix racy pool initializations (CVE-2018-7566)
- [armhf,arm64] mvpp2: fix multicast address filter
- usb: Move USB_UHCI_BIG_ENDIAN_* out of USB_SUPPORT
- [x86] mm, mm/hwpoison: Don't unconditionally unmap kernel 1:1 pages
- [armhf] dts: exynos: fix RTC interrupt for exynos5410
- [arm64] dts: msm8916: Add missing #phy-cells
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.15.6
- tun: fix tun_napi_alloc_frags() frag allocator
- ptr_ring: fail early if queue occupies more than KMALLOC_MAX_SIZE
- ptr_ring: try vmalloc() when kmalloc() fails
- selinux: ensure the context is NUL terminated in
security_context_to_sid_core()
- selinux: skip bounded transition processing if the policy isn't loaded
- media: pvrusb2: properly check endpoint types
- [x86] crypto: twofish-3way - Fix %rbp usage
- blk_rq_map_user_iov: fix error override
- [x86] KVM: fix escape of guest dr6 to the host
- kcov: detect double association with a single task
- netfilter: x_tables: fix int overflow in xt_alloc_table_info()
- netfilter: x_tables: avoid out-of-bounds reads in
xt_request_find_{match|target}
- netfilter: ipt_CLUSTERIP: fix out-of-bounds accesses in
clusterip_tg_check()
- netfilter: on sockopt() acquire sock lock only in the required scope
- netfilter: xt_cgroup: initialize info->priv in cgroup_mt_check_v1()
- netfilter: xt_RATEEST: acquire xt_rateest_mutex for hash insert
- rds: tcp: correctly sequence cleanup on netns deletion.
- rds: tcp: atomically purge entries from rds_tcp_conn_list during netns
delete
- net: avoid skb_warn_bad_offload on IS_ERR
- net_sched: gen_estimator: fix lockdep splat
- [arm64] dts: add #cooling-cells to CPU nodes
- dn_getsockoptdecnet: move nf_{get/set}sockopt outside sock lock
- xhci: Fix NULL pointer in xhci debugfs
- xhci: Fix xhci debugfs devices node disappearance after hibernation
- xhci: xhci debugfs device nodes weren't removed after device plugged out
- xhci: fix xhci debugfs errors in xhci_stop
- usbip: keep usbip_device sockfd state in sync with tcp_socket
- [x86] mei: me: add cannon point device ids
- [x86] mei: me: add cannon point device ids for 4th device
- vmalloc: fix __GFP_HIGHMEM usage for vmalloc_32 on 32b systems
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.15.7
- netfilter: drop outermost socket lock in getsockopt()
- [arm64] mm: don't write garbage into TTBR1_EL1 register
- kconfig.h: Include compiler types to avoid missed struct attributes
- scsi: ibmvfc: fix misdefined reserved field in ibmvfc_fcp_rsp_info
- [mips*] Drop spurious __unused in struct compat_flock
- cfg80211: fix cfg80211_beacon_dup
- i2c: designware: must wait for enable
- [armhf,arm64] i2c: bcm2835: Set up the rising/falling edge delays
- X.509: fix BUG_ON() when hash algorithm is unsupported
- X.509: fix NULL dereference when restricting key with unsupported_sig
- PKCS#7: fix certificate chain verification
- PKCS#7: fix certificate blacklisting
- [x86] genirq/matrix: Handle CPU offlining proper
- RDMA/uverbs: Protect from races between lookup and destroy of uobjects
- RDMA/uverbs: Protect from command mask overflow
- RDMA/uverbs: Fix bad unlock balance in ib_uverbs_close_xrcd
- RDMA/uverbs: Fix circular locking dependency
- RDMA/uverbs: Sanitize user entered port numbers prior to access it
- iio: buffer: check if a buffer has been set up when poll is called
- Kbuild: always define endianess in kconfig.h
- [x86] apic/vector: Handle vector release on CPU unplug correctly
- mm, swap, frontswap: fix THP swap if frontswap enabled
- mm: don't defer struct page initialization for Xen pv guests
- uapi/if_ether.h: move __UAPI_DEF_ETHHDR libc define
- [armhf,arm64] irqchip/gic-v3: Use wmb() instead of smb_wmb() in
gic_raise_softirq()
- [mips*] irqchip/mips-gic: Avoid spuriously handling masked interrupts
- PCI/cxgb4: Extend T3 PCI quirk to T4+ devices
- [x86] net: thunderbolt: Tear down connection properly on suspend
- [x86] net: thunderbolt: Run disconnect flow asynchronously when logout is
received
- ohci-hcd: Fix race condition caused by ohci_urb_enqueue() and
io_watchdog_func()
- usb: ohci: Proper handling of ed_rm_list to handle race condition between
usb_kill_urb() and finish_unlinks()
- [arm64] Remove unimplemented syscall log message
- [arm64] Disable unhandled signal log messages by default
- [arm64] cpufeature: Fix CTR_EL0 field definitions
- USB: Add delay-init quirk for Corsair K70 RGB keyboards
- drm/edid: Add 6 bpc quirk for CPT panel in Asus UX303LA
- usb: host: ehci: use correct device pointer for dma ops
- usb: dwc3: gadget: Set maxpacket size for ep0 IN
- usb: dwc3: ep0: Reset TRB counter for ep0 IN
- usb: ldusb: add PIDs for new CASSY devices supported by this driver
- Revert "usb: musb: host: don't start next rx urb if current one failed"
- usb: gadget: f_fs: Process all descriptors during bind
- usb: gadget: f_fs: Use config_ep_by_speed()
- drm/cirrus: Load lut in crtc_commit
- drm/atomic: Fix memleak on ERESTARTSYS during non-blocking commits
- drm: Handle unexpected holes in color-eviction
- drm/amdgpu: disable MMHUB power gating on raven
- drm/amdgpu: fix VA hole handling on Vega10 v3
- drm/amdgpu: Add dpm quirk for Jet PRO (v2)
- drm/amdgpu: only check mmBIF_IOV_FUNC_IDENTIFIER on tonga/fiji
- drm/amdgpu: add atpx quirk handling (v2)
- drm/amdgpu: Avoid leaking PM domain on driver unbind (v2)
- drm/amdgpu: add new device to use atpx quirk
- [arm64] __show_regs: Only resolve kernel symbols when running at EL1
- [x86] drm/i915/breadcrumbs: Ignore unsubmitted signalers
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.15.8
- vsprintf: avoid misleading "(null)" for %px
- hrtimer: Ensure POSIX compliance (relative CLOCK_REALTIME hrtimers)
- ipmi_si: Fix error handling of platform device
- [x86] platform: dell-laptop: Allocate buffer on heap rather than globally
- [powerpc*] pseries: Enable RAS hotplug events later
- Bluetooth: btusb: Use DMI matching for QCA reset_resume quirking
- ixgbe: fix crash in build_skb Rx code path
- [x86] tpm: st33zp24: fix potential buffer overruns caused by bit glitches
on the bus
- tpm: fix potential buffer overruns caused by bit glitches on the bus
- [x86] tpm_i2c_infineon: fix potential buffer overruns caused by bit
glitches on the bus
- [x86] tpm_i2c_nuvoton: fix potential buffer overruns caused by bit
glitches on the bus
- [x86] tpm_tis: fix potential buffer overruns caused by bit glitches on
the bus
- ALSA: usb-audio: Add a quirck for B&W PX headphones
- ALSA: control: Fix memory corruption risk in snd_ctl_elem_read
- [x86] ALSA: x86: Fix missing spinlock and mutex initializations
- ALSA: hda: Add a power_save blacklist
- ALSA: hda - Fix pincfg at resume on Lenovo T470 dock
- mmc: sdhci-pci: Fix S0i3 for Intel BYT-based controllers
- [armhf,arm64] mmc: dw_mmc-k3: Fix out-of-bounds access through DT alias
- [armhf,arm64] mmc: dw_mmc: Avoid accessing registers in runtime suspended
state
- [armhf,arm64] mmc: dw_mmc: Factor out dw_mci_init_slot_caps
- [armhf,arm64] mmc: dw_mmc: Fix out-of-bounds access for slot's caps
- timers: Forward timer base before migrating timers
- [hppa] Use cr16 interval timers unconditionally on qemu
- [hppa] Reduce irq overhead when run in qemu
- [hppa] Fix ordering of cache and TLB flushes
- [hppa] Hide virtual kernel memory layout
- btrfs: use proper endianness accessors for super_copy
- block: fix the count of PGPGOUT for WRITE_SAME
- block: kyber: fix domain token leak during requeue
- block: pass inclusive 'lend' parameter to truncate_inode_pages_range
- vfio: disable filesystem-dax page pinning
- dax: fix vma_is_fsdax() helper
- direct-io: Fix sleep in atomic due to sync AIO
- [x86] xen: Zero MSR_IA32_SPEC_CTRL before suspend
- [x86] cpu_entry_area: Sync cpu_entry_area to initial_page_table
- bridge: check brport attr show in brport_show
- fib_semantics: Don't match route with mismatching tclassid
- hdlc_ppp: carrier detect ok, don't turn off negotiation
- [arm64] net: amd-xgbe: fix comparison to bitshift when dealing with a mask
- [armhf] net: ethernet: ti: cpsw: fix net watchdog timeout
- net: fix race on decreasing number of TX queues
- net: ipv4: don't allow setting net.ipv4.route.min_pmtu below 68
- netlink: ensure to loop over all netns in genlmsg_multicast_allns()
- net: sched: report if filter is too large to dump
- ppp: prevent unregistered channels from connecting to PPP units
- sctp: verify size of a new chunk in _sctp_make_chunk() (CVE-2018-5803)
- udplite: fix partial checksum initialization
- net/mlx5e: Fix TCP checksum in LRO buffers
- sctp: fix dst refcnt leak in sctp_v4_get_dst
- net/mlx5e: Specify numa node when allocating drop rq
- net: phy: fix phy_start to consider PHY_IGNORE_INTERRUPT
- tcp: Honor the eor bit in tcp_mtu_probe
- rxrpc: Fix send in rxrpc_send_data_packet()
- tcp_bbr: better deal with suboptimal GSO
- doc: Change the min default value of tcp_wmem/tcp_rmem.
- net/mlx5e: Fix loopback self test when GRO is off
- net_sched: gen_estimator: fix broken estimators based on percpu stats
- net/sched: cls_u32: fix cls_u32 on filter replace
- sctp: do not pr_err for the duplicated node in transport rhlist
- net: ipv4: Set addr_type in hash_keys for forwarded case
- sctp: fix dst refcnt leak in sctp_v6_get_dst()
- bridge: Fix VLAN reference count problem
- net/mlx5e: Verify inline header size do not exceed SKB linear size
- tls: Use correct sk->sk_prot for IPV6
- [arm64] amd-xgbe: Restore PCI interrupt enablement setting on resume
- cls_u32: fix use after free in u32_destroy_key()
- netlink: put module reference if dump start fails
- tcp: purge write queue upon RST
- tuntap: correctly add the missing XDP flush
- tuntap: disable preemption during XDP processing
- virtio-net: disable NAPI only when enabled during XDP set
- cxgb4: fix trailing zero in CIM LA dump
- net/mlx5: Fix error handling when adding flow rules
- net: phy: Restore phy_resume() locking assumption
- tcp: tracepoint: only call trace_tcp_send_reset with full socket
- l2tp: don't use inet_shutdown on tunnel destroy
- l2tp: don't use inet_shutdown on ppp session destroy
- l2tp: fix races with tunnel socket close
- l2tp: fix race in pppol2tp_release with session object destroy
- l2tp: fix tunnel lookup use-after-free race
- [s390x] qeth: fix underestimated count of buffer elements
- [s390x] qeth: fix SETIP command handling
- [s390x] qeth: fix overestimated count of buffer elements
- [s390x] qeth: fix IP removal on offline cards
- [s390x] qeth: fix double-free on IP add/remove race
- [s390x] Revert "s390/qeth: fix using of ref counter for rxip addresses"
- [s390x] qeth: fix IP address lookup for L3 devices
- [s390x] qeth: fix IPA command submission race
- tcp: revert F-RTO middle-box workaround
- tcp: revert F-RTO extension to detect more spurious timeouts
- blk-mq: don't call io sched's .requeue_request when requeueing rq to
->dispatch
- media: m88ds3103: don't call a non-initalized function
- [x86] EDAC, sb_edac: Fix out of bound writes during DIMM configuration on
KNL
- [s390x] KVM: take care of clock-comparator sign control
- [s390x] KVM: provide only a single function for setting the tod (fix SCK)
- [s390x] KVM: consider epoch index on hotplugged CPUs
- [s390x] KVM: consider epoch index on TOD clock syncs
- nospec: Allow index argument to have const-qualified type
- [x86] mm: Fix {pmd,pud}_{set,clear}_flags()
- [armhf] orion: fix orion_ge00_switch_board_info initialization
- [armhf] dts: rockchip: Remove 1.8 GHz operation point from phycore som
- [armhf] mvebu: Fix broken PL310_ERRATA_753970 selects
- [x86] KVM: Fix SMRAM accessing even if VM is shutdown
- KVM: mmu: Fix overlap between public and private memslots
- [x86] KVM: Remove indirect MSR op calls from SPEC_CTRL
- [x86] KVM: move LAPIC initialization after VMCS creation
- [x86] KVM/VMX: Optimize vmx_vcpu_run() and svm_vcpu_run() by marking the
RDMSR path as unlikely()
- [x86] KVM: fix vcpu initialization with userspace lapic
- [x86] KVM: remove WARN_ON() for when vm_munmap() fails
- [x86] ACPI / bus: Parse tables as term_list for Dell XPS 9570 and
Precision M5530
- [armhf] dts: LogicPD SOM-LV: Fix I2C1 pinmux
- [armhf] dts: LogicPD Torpedo: Fix I2C1 pinmux
- [powerpc*] 64s/radix: Boot-time NULL pointer protection using a guard-PID
- md: only allow remove_and_add_spares when no sync_thread running.
- [x86] platform: dell-laptop: fix kbd_get_state's request value
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.15.9
- bpf: fix mlock precharge on arraymaps
- bpf: fix memory leak in lpm_trie map_free callback function
- bpf: fix rcu lockdep warning for lpm_trie map_free callback
- [amd64] bpf: implement retpoline for tail call (CVE-2017-5715)
- [arm64] bpf: fix out of bounds access in tail call
- bpf: add schedule points in percpu arrays management
- bpf: allow xadd only on aligned memory
- [powerpc*] bpf, ppc64: fix out of bounds access in tail call
- scsi: mpt3sas: fix oops in error handlers after shutdown/unload
- scsi: mpt3sas: wait for and flush running commands on shutdown/unload
- [x86] KVM: fix backward migration with async_PF
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.15.10
- RDMA/ucma: Limit possible option size
- RDMA/ucma: Check that user doesn't overflow QP state
- RDMA/mlx5: Fix integer overflow while resizing CQ
- bpf: cpumap: use GFP_KERNEL instead of GFP_ATOMIC in
__cpu_map_entry_alloc()
- IB/uverbs: Improve lockdep_check
- mac80211_hwsim: don't use WQ_MEM_RECLAIM
- [x86] drm/i915: Check for fused or unused pipes
- [x86] drm/i915/audio: fix check for av_enc_map overflow
- [x86] drm/i915: Fix rsvd2 mask when out-fence is returned
- [x86] drm/i915: Clear the in-use marker on execbuf failure
- [x86] drm/i915: Disable DC states around GMBUS on GLK
- [x86] drm/i915: Update watermark state correctly in sanitize_watermarks
- [x86] drm/i915: Try EDID bitbanging on HDMI after failed read
- [x86] drm/i915/perf: fix perf stream opening lock
- scsi: core: Avoid that ATA error handling can trigger a kernel hang or
oops (Closes: #891467)
- scsi: qla2xxx: Fix NULL pointer crash due to active timer for ABTS
- [x86] drm/i915: Always call to intel_display_set_init_power() in
resume_early.
- workqueue: Allow retrieval of current task's work struct
- drm: Allow determining if current task is output poll worker
- drm/nouveau: Fix deadlock on runtime suspend
- drm/radeon: Fix deadlock on runtime suspend
- drm/amdgpu: Fix deadlock on runtime suspend
- drm/nouveau: prefer XBGR2101010 for addfb ioctl
- drm/amd/powerplay/smu7: allow mclk switching with no displays
- drm/amd/powerplay/vega10: allow mclk switching with no displays
- Revert "drm/radeon/pm: autoswitch power state when in balanced mode"
- drm/amd/display: check for ipp before calling cursor operations
- drm/radeon: insist on 32-bit DMA for Cedar on PPC64/PPC64LE
- drm/amd/powerplay: fix power over limit on Fiji
- drm/amd/display: Default HDMI6G support to true. Log VBIOS table error.
- drm/amdgpu: used cached pcie gen info for SI (v2)
- drm/amdgpu: Notify sbios device ready before send request
- drm/radeon: fix KV harvesting
- drm/amdgpu: fix KV harvesting
- drm/amdgpu:Correct max uvd handles
- drm/amdgpu:Always save uvd vcpu_bo in VM Mode
- ovl: redirect_dir=nofollow should not follow redirect for opaque lower
- [mips*/octeon] irq: Check for null return on kzalloc allocation
- PCI: dwc: Fix enumeration end when reaching root subordinate
- Revert "Input: synaptics - Lenovo Thinkpad T460p devices should use RMI"
- bug: use %pB in BUG and stack protector failure
- lib/bug.c: exclude non-BUG/WARN exceptions from report_bug()
- mm/memblock.c: hardcode the end_pfn being -1
- Documentation/sphinx: Fix Directive import error
- loop: Fix lost writes caused by missing flag
- virtio_ring: fix num_free handling in error case
- [x390x] KVM: fix memory overwrites when not using SCA entries
- [arm64] mm: fix thinko in non-global page table attribute check
- IB/core: Fix missing RDMA cgroups release in case of failure to register
device
- Revert "nvme: create 'slaves' and 'holders' entries for hidden
controllers"
- kbuild: Handle builtin dtb file names containing hyphens
- dm bufio: avoid false-positive Wmaybe-uninitialized warning
- IB/mlx5: Fix incorrect size of klms in the memory region
- bcache: fix crashes in duplicate cache device register
- bcache: don't attach backing with duplicate UUID
- [x86] MCE: Save microcode revision in machine check records
- [x86] MCE: Serialize sysfs changes (CVE-2018-7995)
- perf tools: Fix trigger class trigger_on()
- [x86] spectre_v2: Don't check microcode versions when running under
hypervisors
- ALSA: hda/realtek - Add support headset mode for DELL WYSE
- ALSA: hda/realtek - Add headset mode support for Dell laptop
- ALSA: hda/realtek: Limit mic boost on T480
- ALSA: hda/realtek - Fix dock line-out volume on Dell Precision 7520
- ALSA: hda/realtek - Make dock sound work on ThinkPad L570
- ALSA: seq: Don't allow resizing pool in use
- ALSA: seq: More protection for concurrent write and ioctl races
- ALSA: hda - Fix a wrong FIXUP for alc289 on Dell machines
- ALSA: hda: add dock and led support for HP EliteBook 820 G3
- ALSA: hda: add dock and led support for HP ProBook 640 G2
- scsi: qla2xxx: Fix NULL pointer crash due to probe failure
- scsi: qla2xxx: Fix recursion while sending terminate exchange
- dt-bindings: Document mti,mips-cpc binding
- nospec: Kill array_index_nospec_mask_check()
- nospec: Include <asm/barrier.h> dependency
- [x86] entry: Reduce the code footprint of the 'idtentry' macro
- [x86] entry/64: Use 'xorl' for faster register clearing
- [x86] mm: Remove stale comment about KMEMCHECK
- [x86] asm: Improve how GEN_*_SUFFIXED_RMWcc() specify clobbers
- [x86] IO-APIC: Avoid warning in 32-bit builds
- [x86] LDT: Avoid warning in 32-bit builds with older gcc
- x86-64/realmode: Add instruction suffix
- Revert "x86/retpoline: Simplify vmexit_fill_RSB()"
- [x86] speculation: Use IBRS if available before calling into firmware
- [x86] retpoline: Support retpoline builds with Clang
- [x86] speculation, objtool: Annotate indirect calls/jumps for objtool
- [x86] speculation: Move firmware_restrict_branch_speculation_*() from C
to CPP
- [x86] paravirt, objtool: Annotate indirect calls
- [x86] boot, objtool: Annotate indirect jump in secondary_startup_64()
- [x86] mm/sme, objtool: Annotate indirect call in sme_encrypt_execute()
- objtool: Use existing global variables for options
- objtool: Add retpoline validation
- objtool: Add module specific retpoline rules
- objtool, retpolines: Integrate objtool with retpoline support more
closely
- objtool: Fix another switch table detection issue
- objtool: Fix 32-bit build
- [x86] kprobes: Fix kernel crash when probing .entry_trampoline code
- watchdog: hpwdt: SMBIOS check
- watchdog: hpwdt: Check source of NMI
- watchdog: hpwdt: fix unused variable warning
- watchdog: hpwdt: Remove legacy NMI sourcing.
- netfilter: add back stackpointer size checks (CVE-2018-1065)
- netfilter: ipt_CLUSTERIP: fix a race condition of proc file creation
- netfilter: xt_hashlimit: fix lock imbalance
- netfilter: x_tables: fix missing timer initialization in xt_LED
- netfilter: nat: cope with negative port range
- netfilter: IDLETIMER: be syzkaller friendly
- netfilter: ebtables: CONFIG_COMPAT: don't trust userland offsets
(CVE-2018-1068)
- netfilter: bridge: ebt_among: add missing match size checks
- netfilter: ipv6: fix use-after-free Write in nf_nat_ipv6_manip_pkt
- netfilter: use skb_to_full_sk in ip6_route_me_harder
- tpm_tis: Move ilb_base_addr to tpm_tis_data
- tpm: Keep CLKRUN enabled throughout the duration of transmit_cmd()
- tpm: delete the TPM_TIS_CLK_ENABLE flag
- tpm: remove unused variables
- tpm: only attempt to disable the LPC CLKRUN if is already enabled
- [x86] xen: Calculate __max_logical_packages on PV domains
- scsi: qla2xxx: Fix system crash for Notify ack timeout handling
- scsi: qla2xxx: Fix gpnid error processing
- scsi: qla2xxx: Move session delete to driver work queue
- scsi: qla2xxx: Skip IRQ affinity for Target QPairs
- scsi: qla2xxx: Fix re-login for Nport Handle in use
- scsi: qla2xxx: Retry switch command on time out
- scsi: qla2xxx: Serialize GPNID for multiple RSCN
- scsi: qla2xxx: Fix login state machine stuck at GPDB
- scsi: qla2xxx: Fix NPIV host cleanup in target mode
- scsi: qla2xxx: Relogin to target port on a cable swap
- scsi: qla2xxx: Fix Relogin being triggered too fast
- scsi: qla2xxx: Fix PRLI state check
- scsi: qla2xxx: Fix abort command deadlock due to spinlock
- scsi: qla2xxx: Replace fcport alloc with qla2x00_alloc_fcport
- scsi: qla2xxx: Fix scan state field for fcport
- scsi: qla2xxx: Clear loop id after delete
- scsi: qla2xxx: Defer processing of GS IOCB calls
- scsi: qla2xxx: Remove aborting ELS IOCB call issued as part of timeout.
- scsi: qla2xxx: Fix system crash in qlt_plogi_ack_unref
- scsi: qla2xxx: Fix memory leak in dual/target mode
- NFS: Fix an incorrect type in struct nfs_direct_req
- pNFS: Prevent the layout header refcount going to zero in pnfs_roc()
- NFS: Fix unstable write completion
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.15.11
- [x86] Treat R_X86_64_PLT32 as R_X86_64_PC32
- usb: host: xhci-rcar: add support for r8a77965
- xhci: Fix front USB ports on ASUS PRIME B350M-A
- xhci: fix endpoint context tracer output
- [sh4] serial: sh-sci: prevent lockup on full TTY buffers
- tty/serial: atmel: add new version check for usart
- uas: fix comparison for error code
- [x86] staging: comedi: fix comedi_nsamples_left.
- USB: storage: Add JMicron bridge 152d:2567 to unusual_devs.h
- usbip: vudc: fix null pointer dereference on udc->lock
- usb: quirks: add control message delay for 1b1c:1b20
- usb: usbmon: Read text within supplied buffer size
- usb: gadget: f_fs: Fix use-after-free in ffs_fs_kill_sb()
- [arm64,armhf] usb: dwc3: Fix lock-up on ID change during system
suspend/resume
- serial: 8250_pci: Add Brainboxes UC-260 4 port serial device
- serial: core: mark port as initialized in autoconfig
- earlycon: add reg-offset to physical address before mapping
- dm mpath: fix passing integrity data
- Revert "btrfs: use proper endianness accessors for super_copy"
- gfs2: Clean up {lookup,fillup}_metapath
- gfs2: Fixes to "Implement iomap for block_map" (2)
- [armhf] spi: imx: Fix failure path leak on GPIO request error correctly
- HID: multitouch: Only look at non touch fields in first packet of a
frame
- [powerpc*] KVM: Book3S HV: Avoid shifts by negative amounts
- drm/edid: set ELD connector type in drm_edid_to_eld()
- dma-buf/fence: Fix lock inversion within dma-fence-array
- video/hdmi: Allow "empty" HDMI infoframes
- [powerpc*] KVM: Book3S HV: Fix typo in kvmppc_hv_get_dirty_log_radix()
- HID: elo: clear BTN_LEFT mapping
- iwlwifi: mvm: rs: don't override the rate history in the search cycle
- [armhf] dts: exynos: Correct Trats2 panel reset line
- drm/amdgpu: fix get_max_engine_clock_in_mhz
- USB: ledtrig-usbport: fix of-node leak
- dt-bindings: serial: Add common rs485 binding for RTS polarity
- sched: Stop switched_to_rt() from sending IPIs to offline CPUs
- sched: Stop resched_cpu() from sending IPIs to offline CPUs
- crypto: chelsio - Fix an error code in chcr_hash_dma_map()
- crypto: keywrap - Add missing ULL suffixes for 64-bit constants
- crypto: cavium - fix memory leak on info
- test_firmware: fix setting old custom fw path back on exit
- drm/vblank: Fix vblank timestamp debugs
- net: ieee802154: adf7242: Fix bug if defined DEBUG
- perf report: Fix -D output for user metadata events
- net: xfrm: allow clearing socket xfrm policies.
- gpiolib: don't allow OPEN_DRAIN & OPEN_SOURCE flags simultaneously
- mtd: nand: fix interpretation of NAND_CMD_NONE in nand_command[_lp]()
- [arm64] net: thunderx: Set max queue count taking XDP_TX into account
- [armhf] dts: am335x-pepper: Fix the audio CODEC's reset pin
- [armhf] dts: omap3-n900: Fix the audio CODEC's reset pin
- mtd: nand: ifc: update bufnum mask for ver >= 2.0.0
- userns: Don't fail follow_automount based on s_user_ns
- xfrm: Fix xfrm_replay_overflow_offload_esn
- leds: pm8058: Silence pointer to integer size warning
- bpf: fix stack state printing in verifier log
- [armhf] drm/etnaviv: make THERMAL selectable
- ath10k: update tdls teardown state to target
- cpufreq: Fix governor module removal race
- [x86] KVM: Restart the guest when insn_len is zero and SEV is enabled
- drm/amdgpu:fix random missing of FLR NOTIFY
- scsi: lpfc: Fix crash during driver unload with running nvme traffic
- scsi: ses: don't ask for diagnostic pages repeatedly during probe
- [armhf] drm/sun4i: Fix format mask in DE2 driver
- [s390x] perf annotate: Fix unnecessary memory allocation for s390x
- perf annotate: Fix objdump comment parsing for Intel mov dissassembly
- iwlwifi: mvm: avoid dumping assert log when device is stopped
- drm/amdgpu:fix virtual dce bug
- drm/amdgpu: fix amdgpu_sync_resv v2
- bnxt_en: Uninitialized variable in bnxt_tc_parse_actions()
- [arm64] clk: qcom: msm8916: fix mnd_width for codec_digcodec
- mwifiex: cfg80211: do not change virtual interface during scan
processing
- ath10k: fix invalid STS_CAP_OFFSET_MASK
- tools/usbip: fixes build with musl libc toolchain
- [armhf] spi: sun6i: disable/unprepare clocks on remove
- bnxt_en: Don't print "Link speed -1 no longer supported" messages.
- scsi: core: scsi_get_device_flags_keyed(): Always return device flags
- scsi: devinfo: apply to HP XP the same flags as Hitachi VSP
- scsi: dh: add new rdac devices
- media: vsp1: Prevent suspending and resuming DRM pipelines
- dm raid: fix raid set size revalidation
- media: cpia2: Fix a couple off by one bugs
- [arm*] media: davinci: vpif_capture: add NULL check on devm_kzalloc
return value
- virtio_net: Disable interrupts if napi_complete_done rescheduled napi
- net: sched: drop qdisc_reset from dev_graft_qdisc
- veth: set peer GSO values
- [x86] drm/amdkfd: Fix memory leaks in kfd topology
- [powerpc*] modules: Don't try to restore r2 after a sibling call
- [powerpc/powerpc64,ppc64*] Don't trace irqs-off at interrupt return to
soft-disabled context
- [arm64] dts: renesas: salvator-common: Add EthernetAVB PHY reset
- agp/intel: Flush all chipset writes after updating the GGTT
- mac80211_hwsim: enforce PS_MANUAL_POLL to be set after PS_ENABLED
- mac80211: remove BUG() when interface type is invalid
- crypto: caam/qi - use correct print specifier for size_t
- mmc: mmc_test: Ensure command queue is disabled for testing
- Fix misannotated out-of-line _copy_to_user()
- ipvlan: add L2 check for packets arriving via virtual devices
- locking/locktorture: Fix num reader/writer corner cases
- ima: relax requiring a file signature for new files with zero length
- IB/mlx5: revisit -Wmaybe-uninitialized warning
- [arm64] dmaengine: qcom_hidma: check pending interrupts
- [x86] drm/i915/glk: Disable Guc and HuC on GLK
[ Ben Hutchings ]
* aufs: gen-patch: Fix Subject generation to skip SPDX-License-Identifier
* aufs: Update support patchset to aufs4.15-20180219 (no functional change)
* debian/control: Point Vcs URLs to Salsa
* [x86] sound/soc/intel: Enable SND_SOC_INTEL_SST_TOPLEVEL,
SND_SOC_INTEL_HASWELL, SND_SOC_INTEL_BAYTRAIL, SND_SST_ATOM_HIFI2_PLATFORM,
SND_SOC_INTEL_SKYLAKE as modules; re-enable dependent board drivers
(Closes: #892629)
* firmware_class: Refer to Debian wiki page when logging missing firmware
(Closes: #888405)
* amdgpu: Abort probing if firmware is not installed, as we do in radeon
* Bump ABI to 2
* [amd64] udeb: Add vmd to scsi-modules, required for NVMe on some systems
(Closes: #891482)
* udeb: Update patterns for PHY modules included in usb-modules
(Closes: #893154)
[ Uwe Kleine-König ]
* netfilter: enable NFT_FIB_NETDEV as module
[ Thadeu Lima de Souza Cascardo ]
* [powerpc,ppc64el,ppc64] Enable CRASH_DUMP (Closes: #883432)
[ Bastian Blank ]
* Drop note about Xen from long descriptions.
[ Vagrant Cascadian ]
* [arm64] Enable ROCKCHIP_IODOMAIN as a module, to enable PCIe reset.
* [arm64] Enable REGULATOR_FAN53555 as a module, enabling cpufreq to
work on rk3399 A72 cores.
* [arm64] Apply patch from linux-next to fix eMMC corruption on
Odroid-C2 (Closes: #879072).
[ Salvatore Bonaccorso ]
* mac80211_hwsim: fix possible memory leak in hwsim_new_radio_nl()
(CVE-2018-8087)
-- Salvatore Bonaccorso <email address hidden> Tue, 20 Mar 2018 09:31:07 +0100
-
linux (4.15.4-1) unstable; urgency=medium
* New upstream release: https://kernelnewbies.org/Linux_4.15
* New upstream stable update:
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.15.1
- Bluetooth: hci_serdev: Init hci_uart proto_lock to avoid oops
- tools/gpio: Fix build error with musl libc
- gpio: stmpe: i2c transfer are forbiden in atomic context
- gpio: Fix kernel stack leak to userspace
- scsi: storvsc: missing error code in storvsc_probe()
- staging: lustre: separate a connection destroy from free struct kib_conn
- staging: ccree: NULLify backup_info when unused
- staging: ccree: fix fips event irq handling build
- usb: option: Add support for FS040U modem
- serial: 8250_dw: Revert "Improve clock rate setting"
* New upstream stable update:
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.15.2
- [x86] KVM: Make indirect calls in emulator speculation safe
- [x86] KVM: VMX: Make indirect call speculation safe
- module/retpoline: Warn about missing retpoline in module
- [x86] cpufeatures: Add CPUID_7_EDX CPUID leaf
- [x86] cpufeatures: Add Intel feature bits for Speculation Control
- [x86] cpufeatures: Add AMD feature bits for Speculation Control
- [x86] msr: Add definitions for new speculation control MSRs
- [x86] pti: Do not enable PTI on CPUs which are not vulnerable to
Meltdown
- [x86] cpufeature: Blacklist SPEC_CTRL/PRED_CMD on early Spectre v2
microcodes
- [x86] speculation: Add basic IBPB (Indirect Branch Prediction Barrier)
support
- [x86] alternative: Print unadorned pointers
- [x86] nospec: Fix header guards names
- [x86] bugs: Drop one "mitigation" from dmesg
- [x86] cpu/bugs: Make retpoline module warning conditional
- [x86] cpufeatures: Clean up Spectre v2 related CPUID flags
- [x86] retpoline: Simplify vmexit_fill_RSB()
- [x86] speculation: Simplify indirect_branch_prediction_barrier()
- [x86] KVM: nVMX: Eliminate vmcs02 pool
- [x86] KVM: VMX: introduce alloc_loaded_vmcs
- objtool: Improve retpoline alternative handling
- objtool: Add support for alternatives at the end of a section
- objtool: Warn on stripped section symbol
- [x86] mm: Fix overlap of i386 CPU_ENTRY_AREA with FIX_BTMAP
- [x86] spectre: Check CONFIG_RETPOLINE in command line parser
- [x86] entry/64: Remove the SYSCALL64 fast path
- [x86] entry/64: Push extra regs right away
- [x86] asm: Move 'status' from thread_struct to thread_info
- Documentation: Document array_index_nospec
- array_index_nospec: Sanitize speculative array de-references
- [x86] Implement array_index_mask_nospec
- [x86] Introduce barrier_nospec
- [x86] Introduce __uaccess_begin_nospec() and uaccess_try_nospec
- [x86] usercopy: Replace open coded stac/clac with __uaccess_{begin, end}
- [x86] uaccess: Use __uaccess_begin_nospec() and uaccess_try_nospec
- [x86] get_user: Use pointer masking to limit speculation
- [x86] syscall: Sanitize syscall table de-references under speculation
- vfs, fdtable: Prevent bounds-check bypass via speculative execution
- nl80211: Sanitize array index in parse_txq_params
- [x86] spectre: Report get_user mitigation for spectre_v1
- [x86] spectre: Fix spelling mistake: "vunerable"-> "vulnerable"
- [x86] cpuid: Fix up "virtual" IBRS/IBPB/STIBP feature bits on Intel
- [x86] speculation: Use Indirect Branch Prediction Barrier in context
switch
- [x86] paravirt: Remove 'noreplace-paravirt' cmdline option
- [x86] KVM: VMX: make MSR bitmaps per-VCPU
- [x86] kvm: Update spectre-v1 mitigation
- [x86] retpoline: Avoid retpolines for built-in __init functions
- [x86] spectre: Simplify spectre_v2 command line parsing
- [x86] pti: Mark constant arrays as __initconst
- [x86] speculation: Fix typo IBRS_ATT, which should be IBRS_ALL
- [x86] KVM: Update the reverse_cpuid list to include CPUID_7_EDX
- [x86] KVM: Add IBPB support
- [x86] KVM/VMX: Emulate MSR_IA32_ARCH_CAPABILITIES
- [x86] KVM/VMX: Allow direct access to MSR_IA32_SPEC_CTRL
- [x86] KVM/SVM: Allow direct access to MSR_IA32_SPEC_CTRL
- serial: core: mark port as initialized after successful IRQ change
- fpga: region: release of_parse_phandle nodes after use
* New upstream stable update:
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.15.3
- ip6mr: fix stale iterator
- net: igmp: add a missing rcu locking section
- qlcnic: fix deadlock bug
- qmi_wwan: Add support for Quectel EP06
- r8169: fix RTL8168EP take too long to complete driver initialization.
- tcp: release sk_frag.page in tcp_disconnect
- vhost_net: stop device during reset owner
- ipv6: addrconf: break critical section in addrconf_verify_rtnl()
- ipv6: change route cache aging logic
- Revert "defer call to mem_cgroup_sk_alloc()"
- net: ipv6: send unsolicited NA after DAD
- rocker: fix possible null pointer dereference in
rocker_router_fib_event_work
- tcp_bbr: fix pacing_gain to always be unity when using lt_bw
- cls_u32: add missing RCU annotation.
- ipv6: Fix SO_REUSEPORT UDP socket with implicit sk_ipv6only
- soreuseport: fix mem leak in reuseport_add_sock()
- net_sched: get rid of rcu_barrier() in tcf_block_put_ext()
- net: sched: fix use-after-free in tcf_block_put_ext
- crypto: tcrypt - fix S/G table for test_aead_speed()
* New upstream stable update:
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.15.4
- cifs: Fix missing put_xid in cifs_file_strict_mmap
- cifs: Fix autonegotiate security settings mismatch
- CIFS: zero sensitive data when freeing
- cpufreq: mediatek: add mediatek related projects into blacklist
- [arm64] watchdog: gpio_wdt: set WDOG_HW_RUNNING in gpio_wdt_stop
- Revert "drm/i915: mark all device info struct with __initconst"
- sched/rt: Use container_of() to get root domain in
rto_push_irq_work_func()
- sched/rt: Up the root domain ref count when passing it around via IPIs
- [arm64] mm: Use non-global mappings for kernel space
- [arm64] mm: Temporarily disable ARM64_SW_TTBR0_PAN
- [arm64] mm: Move ASID from TTBR0 to TTBR1
- [arm64] mm: Remove pre_ttbr0_update_workaround for Falkor erratum #E1003
- [arm64] mm: Rename post_ttbr0_update_workaround
- [arm64] mm: Fix and re-enable ARM64_SW_TTBR0_PAN
- [arm64] mm: Allocate ASIDs in pairs
- [arm64] mm: Add arm64_kernel_unmapped_at_el0 helper
- [arm64] mm: Invalidate both kernel and user ASIDs when performing TLBI
- [arm64] entry: Add exception trampoline page for exceptions from EL0
- [arm64] mm: Map entry trampoline into trampoline and kernel page tables
- [arm64] entry: Explicitly pass exception level to kernel_ventry macro
- [arm64] entry: Hook up entry trampoline to exception vectors
- [arm64] erratum: Work around Falkor erratum #E1003 in trampoline code
- [arm64] cpu_errata: Add Kryo to Falkor 1003 errata
- [arm64] tls: Avoid unconditional zeroing of tpidrro_el0 for native tasks
- [arm64] entry: Add fake CPU feature for unmapping the kernel at EL0
- [arm64] kaslr: Put kernel vectors address in separate data page
- [arm64] use RET instruction for exiting the trampoline
- [arm64] Kconfig: Add CONFIG_UNMAP_KERNEL_AT_EL0
- [arm64] Kconfig: Reword UNMAP_KERNEL_AT_EL0 kconfig entry
- [arm64] Take into account ID_AA64PFR0_EL1.CSV3
- [arm64] capabilities: Handle duplicate entries for a capability
- [arm64] mm: Introduce TTBR_ASID_MASK for getting at the ASID in the TTBR
- [arm64] kpti: Fix the interaction between ASID switching and software PAN
- [arm64] cputype: Add MIDR values for Cavium ThunderX2 CPUs
- [arm64] Turn on KPTI only on CPUs that need it
- [arm64] kpti: Make use of nG dependent on arm64_kernel_unmapped_at_el0()
- [arm64] mm: Permit transitioning from Global to Non-Global without BBM
- [arm64] kpti: Add ->enable callback to remap swapper using nG mappings
- [arm64] Force KPTI to be disabled on Cavium ThunderX
- [arm64] entry: Reword comment about post_ttbr_update_workaround
- [arm64] idmap: Use "awx" flags for .idmap.text .pushsection directives
- [arm64] barrier: Add CSDB macros to control data-value prediction
- [arm64] Implement array_index_mask_nospec()
- [arm64] Make USER_DS an inclusive limit
- [arm64] Use pointer masking to limit uaccess speculation
- [arm64] entry: Ensure branch through syscall table is bounded under
speculation
- [arm64] uaccess: Prevent speculative use of the current addr_limit
- [arm64] uaccess: Don't bother eliding access_ok checks in __{get,
put}_user
- [arm64] uaccess: Mask __user pointers for __arch_{clear, copy_*}_user
- [arm64] futex: Mask __user pointers prior to dereference
- [arm64] cpufeature: __this_cpu_has_cap() shouldn't stop early
- [arm64] Run enable method for errata work arounds on late CPUs
- [arm64] cpufeature: Pass capability structure to ->enable callback
- drivers/firmware: Expose psci_get_version through psci_ops structure
- [arm64] Move post_ttbr_update_workaround to C code
- [arm64] Add skeleton to harden the branch predictor against aliasing
attacks
- [arm64] Move BP hardening to check_and_switch_context
- [arm64] KVM: Use per-CPU vector when BP hardening is enabled
- [arm64] entry: Apply BP hardening for high-priority synchronous
exceptions
- [arm64] entry: Apply BP hardening for suspicious interrupts from EL0
- [arm64] cputype: Add missing MIDR values for Cortex-A72 and Cortex-A75
- [arm64] Implement branch predictor hardening for affected Cortex-A CPUs
- [arm64] Implement branch predictor hardening for Falkor
- [arm64] Branch predictor hardening for Cavium ThunderX2
- [arm64] KVM: Increment PC after handling an SMC trap
- [armhf,arm64] KVM: Consolidate the PSCI include files
- [armhf,arm64] KVM: Add PSCI_VERSION helper
- [armhf,arm64] KVM: Add smccc accessors to PSCI code
- [armhf,arm64] KVM: Implement PSCI 1.0 support
- [armhf,arm64] KVM: Advertise SMCCC v1.1
- [arm64] KVM: Make PSCI_VERSION a fast path
- [armhf,arm64] KVM: Turn kvm_psci_version into a static inline
- [arm64] KVM: Report SMCCC_ARCH_WORKAROUND_1 BP hardening support
- [arm64] KVM: Add SMCCC_ARCH_WORKAROUND_1 fast handling
- firmware/psci: Expose PSCI conduit
- firmware/psci: Expose SMCCC version through psci_ops
- arm/arm64: smccc: Make function identifiers an unsigned quantity
- arm/arm64: smccc: Implement SMCCC v1.1 inline primitive
- [arm64] Add ARM_SMCCC_ARCH_WORKAROUND_1 BP hardening support
- [arm64] Kill PSCI_GET_VERSION as a variant-2 workaround
- mtd: cfi: convert inline functions to macros
- mtd: nand: brcmnand: Disable prefetch by default
- mtd: nand: Fix nand_do_read_oob() return value
- mtd: nand: sunxi: Fix ECC strength choice
- ubi: Fix race condition between ubi volume creation and udev
- ubi: fastmap: Erase outdated anchor PEBs during attach
- ubi: block: Fix locking for idr_alloc/idr_remove
- ubifs: free the encrypted symlink target
- nfs/pnfs: fix nfs_direct_req ref leak when i/o falls back to the mds
- nfs41: do not return ENOMEM on LAYOUTUNAVAILABLE
- NFS: Add a cond_resched() to nfs_commit_release_pages()
- NFS: Fix nfsstat breakage due to LOOKUPP
- NFS: commit direct writes even if they fail partially
- NFS: reject request for id_legacy key without auxdata
- NFS: Fix a race between mmap() and O_DIRECT
- nfsd: Detect unhashed stids in nfsd4_verify_open_stid()
- kernfs: fix regression in kernfs_fop_write caused by wrong type
- ahci: Annotate PCI ids for mobile Intel chipsets as such
- ahci: Add PCI ids for Intel Bay Trail, Cherry Trail and Apollo Lake AHCI
- ahci: Add Intel Cannon Lake PCH-H PCI ID
- crypto: hash - introduce crypto_hash_alg_has_setkey()
- crypto: cryptd - pass through absence of ->setkey()
- crypto: mcryptd - pass through absence of ->setkey()
- crypto: poly1305 - remove ->setkey() method
- crypto: hash - annotate algorithms taking optional key
- crypto: hash - prevent using keyed hashes without setting key
- media: v4l2-ioctl.c: use check_fmt for enum/g/s/try_fmt
- media: v4l2-ioctl.c: don't copy back the result for -ENOTTY
- media: v4l2-compat-ioctl32.c: add missing VIDIOC_PREPARE_BUF
- media: v4l2-compat-ioctl32.c: fix the indentation
- media: v4l2-compat-ioctl32.c: move 'helper' functions to __get/put_v4l2_format32
- media: v4l2-compat-ioctl32.c: avoid sizeof(type)
- media: v4l2-compat-ioctl32.c: copy m.userptr in put_v4l2_plane32
- media: v4l2-compat-ioctl32.c: fix ctrl_is_pointer
- media: v4l2-compat-ioctl32.c: copy clip list in put_v4l2_window32
- media: v4l2-compat-ioctl32.c: drop pr_info for unknown buffer type
- media: v4l2-compat-ioctl32.c: don't copy back the result for certain errors
- media: v4l2-compat-ioctl32.c: refactor compat ioctl32 logic
- media: v4l2-compat-ioctl32.c: make ctrl_is_pointer work for subdevs
- crypto: caam - fix endless loop when DECO acquire fails
- crypto: sha512-mb - initialize pending lengths correctly
- crypto: talitos - fix Kernel Oops on hashing an empty file
- [armhf,arm64 KVM: Fix SMCCC handling of unimplemented SMC/HVC calls
- [x86] KVM: nVMX: Fix races when sending nested PI while dest
enters/leaves L2
- [x86] KVM: nVMX: Fix bug of injecting L2 exception into L1
- [powerpc*] KVM: PPC: Book3S HV: Make sure we don't re-enter guest
without XIVE loaded
- [powerpc*] KVM: PPC: Book3S HV: Drop locks before reading guest memory
- [armhf,arm64] KVM: Handle CPU_PM_ENTER_FAILED
- [powerpc*] KVM: PPC: Book3S PR: Fix broken select due to misspelling
- watchdog: imx2_wdt: restore previous timeout after suspend+resume
- afs: Add missing afs_put_cell()
- afs: Need to clear responded flag in addr cursor
- afs: Fix missing cursor clearance
- afs: Fix server list handling
- btrfs: Handle btrfs_set_extent_delalloc failure in fixup worker
- Btrfs: raid56: iterate raid56 internal bio with bio_for_each_segment_all
- kasan: don't emit builtin calls when sanitization is off
- kasan: rework Kconfig settings
- media: dvb_frontend: be sure to init dvb_frontend_handle_ioctl() return
code
- media: dvb-frontends: fix i2c access helpers for KASAN
- media: dt-bindings/media/cec-gpio.txt: mention the CEC/HPD max voltages
- media: ts2020: avoid integer overflows on 32 bit machines
- media: vivid: fix module load error when enabling fb and no_error_inj=1
- media: cxusb, dib0700: ignore XC2028_I2C_FLUSH
- fs/proc/kcore.c: use probe_kernel_read() instead of memcpy()
- kernel/async.c: revert "async: simplify lowest_in_progress()"
- kernel/relay.c: revert "kernel/relay.c: fix potential memory leak"
- pipe: actually allow root to exceed the pipe buffer limits
- pipe: fix off-by-one error when checking buffer limits
- HID: quirks: Fix keyboard + touchpad on Toshiba Click Mini not working
- Bluetooth: btsdio: Do not bind to non-removable BCM43341
- Revert "Bluetooth: btusb: fix QCA Rome suspend/resume"
- Bluetooth: btusb: Restore QCA Rome suspend/resume fix with a "rewritten"
version
- ipmi: use dynamic memory for DMI driver override
- signal/openrisc: Fix do_unaligned_access to send the proper signal
- signal/sh: Ensure si_signo is initialized in do_divide_error
- alpha: fix crash if pthread_create races with signal delivery
- alpha: osf_sys.c: fix put_tv32 regression
- alpha: Fix mixed up args in EXC macro in futex operations
- alpha: fix reboot on Avanti platform
- alpha: fix formating of stack content
- xtensa: fix futex_atomic_cmpxchg_inatomic
- EDAC, octeon: Fix an uninitialized variable warning
- genirq: Make legacy autoprobing work again
- pinctrl: intel: Initialize GPIO properly when used through irqchip
- pinctrl: mcp23s08: fix irq setup order
- pinctrl: sx150x: Unregister the pinctrl on release
- pinctrl: sx150x: Register pinctrl before adding the gpiochip
- pinctrl: sx150x: Add a static gpio/pinctrl pin range mapping
- pktcdvd: Fix pkt_setup_dev() error path
- pktcdvd: Fix a recently introduced NULL pointer dereference
- blk-mq: quiesce queue before freeing queue
- clocksource/drivers/stm32: Fix kernel panic with multiple timers
- lib/ubsan.c: s/missaligned/misaligned/
- lib/ubsan: add type mismatch handler for new GCC/Clang
- objtool: Fix switch-table detection
- [arm64] dts: marvell: add Ethernet aliases
- drm/i915: Avoid PPS HW/SW state mismatch due to rounding
- ACPI: sbshc: remove raw pointer from printk() message (CVE-2018-5750)
- acpi, nfit: fix register dimm error handling
- ovl: force r/o mount when index dir creation fails
- ovl: fix failure to fsync lower dir
- ovl: take mnt_want_write() for work/index dir setup
- ovl: take mnt_want_write() for removing impure xattr
- ovl: hash directory inodes for fsnotify
- devpts: fix error handling in devpts_mntget()
- ftrace: Remove incorrect setting of glob search field
- scsi: core: Ensure that the SCSI error handler gets woken up
- scsi: lpfc: Fix crash after bad bar setup on driver attachment
- scsi: cxlflash: Reset command ioasc
- rcu: Export init_rcu_head() and destroy_rcu_head() to GPL modules
[ Bastian Blank ]
* Add cloud-amd64 kernel flavour.
- Support Microsoft Azure.
- Support Amazon EC2.
- Support Google Compute Engine.
* Enable NUMA_BALANCING_DEFAULT_ENABLED, enabled by all others.
* Enable INET_ESP_OFFLOAD, INET6_ESP_OFFLOAD, IPV6_SEG6_LWTUNNEL,
IPV6_SEG6_HMAC, NF_LOG_NETDEV, IP_SET_HASH_IPMAC, NET_ACT_SAMPLE,
IPVTAP, VIRTIO_MMIO, CRYPTO_RSA, CRYPTO_DH, CRYPTO_ECDH.
* x86: Enable SCHED_MC_PRIO, HYPERV_VSOCKETS.
* Enable NVME_MULTIPATH, NVME_FC, NVME_TARGET_FC, move nvme module into
scsi-modules installer udeb.
* Switch to SLUB as kernel allocator. (Closes: #862718)
- Enable SLUB_DEBUG, SLAB_FREELIST_HARDENED except on armel/marvell.
(Closes: #883069)
* Fix building of liblockdep.
[ Uwe Kleine-König ]
* [arm64] enable I2C_PXA for espressobin (Closes: #886983)
[ Ben Hutchings ]
* Enable CGROUP_BPF (except for armel) (Closes: #872560)
* usb: Enable USBIP_CORE, USBIP_VHCI_HCD, USBIP_HOST, USBIP_VUDC as
modules on all architectures (Closes: #888042)
* [x86] Rewrite "Make x32 syscall support conditional on a kernel parameter"
to use a static key
[ Salvatore Bonaccorso ]
* (Temporarily) disable armel kernel image build.
The armel/marvell kernel size is growing to large and the compressed
image is over the limit.
Given the armel architecture will most likely not be part of Buster,
disable the image build.
Cf. https://lists.debian.org/debian-kernel/2018/01/msg00278.html
* Set ABI to 1
-- Salvatore Bonaccorso <email address hidden> Sun, 18 Feb 2018 09:36:49 +0100
-
linux (4.14.17-1) unstable; urgency=medium
* New upstream stable update:
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.14
- dm bufio: fix shrinker scans when (nr_to_scan < retain_target)
- can: gs_usb: fix return value of the "set_bittiming" callback
- IB/srpt: Disable RDMA access by the initiator
- IB/srpt: Fix ACL lookup during login
- [mips*] Validate PR_SET_FP_MODE prctl(2) requests against the ABI of the
task
- [mips*] Factor out NT_PRFPREG regset access helpers
- [mips*] Guard against any partial write attempt with PTRACE_SETREGSET
- [mips*] Consistently handle buffer counter with PTRACE_SETREGSET
- [mips*] Fix an FCSR access API regression with NT_PRFPREG and MSA
- [mips*] Also verify sizeof `elf_fpreg_t' with PTRACE_SETREGSET
- [mips*] Disallow outsized PTRACE_SETREGSET NT_PRFPREG regset accesses
- cgroup: fix css_task_iter crash on CSS_TASK_ITER_PROC (Closes: #888954)
- [x86] kvm: vmx: Scrub hardware GPRs at VM-exit (partial mitigation of
CVE-2017-5715, CVE-2017-5753)
- [x86] platform: wmi: Call acpi_wmi_init() later
- iw_cxgb4: only call the cq comp_handler when the cq is armed
- iw_cxgb4: atomically flush the qp
- iw_cxgb4: only clear the ARMED bit if a notification is needed
- iw_cxgb4: reflect the original WR opcode in drain cqes
- iw_cxgb4: when flushing, complete all wrs in a chain
- [x86] acpi: Handle SCI interrupts above legacy space gracefully
- ALSA: pcm: Remove incorrect snd_BUG_ON() usages
- ALSA: pcm: Workaround for weird PulseAudio behavior on rewind error
- ALSA: pcm: Add missing error checks in OSS emulation plugin builder
- ALSA: pcm: Abort properly at pending signal in OSS read/write loops
- ALSA: pcm: Allow aborting mutex lock at OSS read/write loops
- ALSA: aloop: Release cable upon open error path
- ALSA: aloop: Fix inconsistent format due to incomplete rule
- ALSA: aloop: Fix racy hw constraints adjustment
- [x86] acpi: Reduce code duplication in mp_override_legacy_irq()
- 8021q: fix a memory leak for VLAN 0 device
- ip6_tunnel: disable dst caching if tunnel is dual-stack
- net: core: fix module type in sock_diag_bind
- RDS: Heap OOB write in rds_message_alloc_sgs() (CVE-2018-5332)
- RDS: null pointer dereference in rds_atomic_free_op (CVE-2018-5333)
- net: fec: restore dev_id in the cases of probe error
- net: fec: defer probe if regulator is not ready
- net: fec: free/restore resource in related probe error pathes
- sctp: do not retransmit upon FragNeeded if PMTU discovery is disabled
- sctp: fix the handling of ICMP Frag Needed for too small MTUs
- [arm64, armhf] net: stmmac: enable EEE in MII, GMII or RGMII only
- ipv6: fix possible mem leaks in ipv6_make_skb()
- net/sched: Fix update of lastuse in act modules implementing
stats_update
- ipv6: sr: fix TLVs not being copied using setsockopt
- sfp: fix sfp-bus oops when removing socket/upstream
- membarrier: Disable preemption when calling smp_call_function_many()
- crypto: algapi - fix NULL dereference in crypto_remove_spawns()
- rbd: reacquire lock should update lock owner client id
- rbd: set max_segments to USHRT_MAX
- iwlwifi: pcie: fix DMA memory mapping / unmapping
- [x86] microcode/intel: Extend BDW late-loading with a revision check
- [x86] KVM: Add memory barrier on vmcs field lookup
- [powerpc*] KVM: Book3S PR: Fix WIMG handling under pHyp
- [powerpc*] KVM: Book3S HV: Drop prepare_done from struct kvm_resize_hpt
- [powerpc*] KVM: Book3S HV: Fix use after free in case of multiple resize
requests
- [powerpc*] KVM: Book3S HV: Always flush TLB in kvmppc_alloc_reset_hpt()
- [x86] drm/vmwgfx: Don't cache framebuffer maps
- [x86] drm/vmwgfx: Potential off by one in vmw_view_add()
- [x86] drm/i915/gvt: Clear the shadow page table entry after post-sync
- [x86] drm/i915: Whitelist SLICE_COMMON_ECO_CHICKEN1 on Geminilake.
- [x86] drm/i915: Move init_clock_gating() back to where it was
- [x86] drm/i915: Fix init_clock_gating for resume
- bpf: prevent out-of-bounds speculation (partial mitigation of
CVE-2017-5753)
- bpf, array: fix overflow in max_entries and undefined behavior in
index_mask
- bpf: arsh is not supported in 32 bit alu thus reject it
- [arm64, armhf] usb: misc: usb3503: make sure reset is low for at least
100us
- USB: fix usbmon BUG trigger
- USB: UDC core: fix double-free in usb_add_gadget_udc_release
- usbip: remove kernel addresses from usb device and urb debug msgs
- usbip: fix vudc_rx: harden CMD_SUBMIT path to handle malicious input
- usbip: vudc_tx: fix v_send_ret_submit() vulnerability to null xfer
buffer
- staging: android: ashmem: fix a race condition in ASHMEM_SET_SIZE ioctl
(CVE-2017-13216)
- mux: core: fix double get_device()
- kdump: write correct address of mem_section into vmcoreinfo
- apparmor: fix ptrace label match when matching stacked labels
- [x86] pti: Unbreak EFI old_memmap
- [x86] Documentation: Add PTI description
- [x86] cpufeatures: Add X86_BUG_SPECTRE_V[12]
- sysfs/cpu: Add vulnerability folder
- [x86] cpu: Implement CPU vulnerabilites sysfs functions
- [x86] tboot: Unbreak tboot with PTI enabled
- [x86] mm/pti: Remove dead logic in pti_user_pagetable_walk*()
- [x86] cpu/AMD: Make LFENCE a serializing instruction
- [x86] cpu/AMD: Use LFENCE_RDTSC in preference to MFENCE_RDTSC
- [x86] alternatives: Fix optimize_nops() checking
- [x86] pti: Make unpoison of pgd for trusted boot work for real
- [x86] retpoline: Add initial retpoline support (partial mitigation of
CVE-2017-5715)
- [x86] spectre: Add boot time option to select Spectre v2 mitigation
- [x86] retpoline/crypto: Convert crypto assembler indirect jumps
- [x86] retpoline/entry: Convert entry assembler indirect jumps
- [x86] retpoline/ftrace: Convert ftrace assembler indirect jumps
- [x86] retpoline/hyperv: Convert assembler indirect jumps
- [x86] retpoline/xen: Convert Xen hypercall indirect jumps
- [x86] retpoline/checksum32: Convert assembler indirect jumps
- [x86] retpoline/irq32: Convert assembler indirect jumps
- [x86] retpoline: Fill return stack buffer on vmexit
- [x86] pti: Fix !PCID and sanitize defines
- [x86] perf: Disable intel_bts when PTI
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.15
- tools/objtool/Makefile: don't assume sync-check.sh is executable
- objtool: Fix seg fault with clang-compiled objects
- objtool: Fix Clang enum conversion warning
- objtool: Fix seg fault caused by missing parameter
- [powerpc*] pseries: Add H_GET_CPU_CHARACTERISTICS flags & wrapper
- [powerpc*] 64: Add macros for annotating the destination of rfid/hrfid
- [powerpc*] 64s: Simple RFI macro conversions
- [powerpc*] 64: Convert the syscall exit path to use RFI_TO_USER/KERNEL
- [powerpc*] 64: Convert fast_exception_return to use RFI_TO_USER/KERNEL
- [powerpc*] 64s: Convert slb_miss_common to use RFI_TO_USER/KERNEL
- [powerpc*] 64s: Add support for RFI flush of L1-D cache
- [powerpc*] 64s: Support disabling RFI flush with no_rfi_flush and nopti
- [powerpc*] pseries: Query hypervisor for RFI flush settings
- [powerpc*] powernv: Check device-tree for RFI flush settings
- futex: Avoid violating the 10th rule of futex
- futex: Prevent overflow by strengthen input validation (CVE-2018-6927)
- ALSA: seq: Make ioctls race-free (CVE-2018-1000004)
- ALSA: pcm: Remove yet superfluous WARN_ON()
- ALSA: hda - Apply headphone noise quirk for another Dell XPS 13 variant
- ALSA: hda - Apply the existing quirk to iMac 14,1
- IB/hfi1: Prevent a NULL dereference
- RDMA/mlx5: Fix out-of-bound access while querying AH
- timers: Unconditionally check deferrable base
- af_key: fix buffer overread in verify_address_len()
- af_key: fix buffer overread in parse_exthdrs()
- iser-target: Fix possible use-after-free in connection establishment
error
- delayacct: Account blkio completion on the correct task
- objtool: Fix seg fault with gold linker
- [armhf] mmc: sdhci-esdhc-imx: Fix i.MX53 eSDHCv3 clock
- [x86] kasan: Panic if there is not enough memory to boot
- [x86] retpoline: Fill RSB on context switch for affected CPUs
- [x86] retpoline: Add LFENCE to the retpoline/RSB filling RSB macros
- objtool: Improve error message for bad file argument
- [x86] cpufeature: Move processor tracing out of scattered features
- [x86] intel_rdt/cqm: Prevent use after free
- [x86] mm/pkeys: Fix fill_sig_info_pkey
- [x86] idt: Mark IDT tables __initconst
- [x86] tsc: Future-proof native_calibrate_tsc()
- [x86] tsc: Fix erroneous TSC rate on Skylake Xeon
- pipe: avoid round_pipe_size() nr_pages overflow on 32-bit
- [x86] apic/vector: Fix off by one in error path
- [x86] mm: Clean up register saving in the __enc_copy() assembly code
- [x86] mm: Use a struct to reduce parameters for SME PGD mapping
- [x86] mm: Centralize PMD flags in sme_encrypt_kernel()
- [x86] mm: Prepare sme_encrypt_kernel() for PAGE aligned encryption
- [armhf] OMAP3: hwmod_data: add missing module_offs for MMC3
- [x86] mm: Encrypt the initrd earlier for BSP microcode update
- Input: ALPS - fix multi-touch decoding on SS4 plus touchpads
- Input: synaptics-rmi4 - prevent UAF reported by KASAN
- [armhf] Input: twl6040-vibra - fix child-node lookup
- [armhf] Input: twl4030-vibra - fix sibling-node lookup
- tracing: Fix converting enum's from the map in trace_event_eval_update()
- phy: work around 'phys' references to usb-nop-xceiv devices
- [arm64] dts: marvell: armada-cp110: Fix clock resources for various node
- [armhf] sunxi_defconfig: Enable CMA
- [armel] dts: kirkwood: fix pin-muxing of MPP7 on OpenBlocks A7
- can: peak: fix potential bug in packet fragmentation
- can: af_can: can_rcv(): replace WARN_ONCE by pr_warn_once
- can: af_can: canfd_rcv(): replace WARN_ONCE by pr_warn_once
- i2c: core-smbus: prevent stack corruption on read I2C_BLOCK_DATA
- proc: fix coredump vs read /proc/*/stat race
- libata: apply MAX_SEC_1024 to all LITEON EP1 series devices
- workqueue: avoid hard lockups in show_workqueue_state()
- [x86] drm/vmwgfx: fix memory corruption with legacy/sou connectors
- dm btree: fix serious bug in btree_split_beneath()
- dm thin metadata: THIN_MAX_CONCURRENT_LOCKS should be 6
- dm integrity: don't store cipher request on the stack
- dm crypt: fix crash by adding missing check for auth key size
- dm crypt: wipe kernel key copy after IV initialization
- dm crypt: fix error return code in crypt_ctr()
- [x86] x86: Use __nostackprotect for sme_encrypt_kernel
- [alpha] PCI: Fix noname IRQ level detection
- [mips*] CM: Drop WARN_ON(vp != 0)
- [arm*] KVM: Check pagesize when allocating a hugepage at Stage 2
- [arm64] KVM: Fix SMCCC handling of unimplemented SMC/HVC calls
- [x86] mce: Make machine check speculation protected
- retpoline: Introduce start/end markers of indirect thunk
- [x86] kprobes: Blacklist indirect thunk functions for kprobes
- [x86] kprobes: Disable optimizing on the function jumps to indirect
thunk
- [x86] retpoline: Optimize inline assembler for vmexit_fill_RSB
- [x86] mm: Rework wbinvd, hlt operation in stop_this_cpu()
- mm, page_vma_mapped: Drop faulty pointer arithmetics in check_pte()
- [arm64, armhf] net: mvpp2: do not disable GMAC padding
- [mips]: AR7: ensure the port type's FCR value is used
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.16
- mm, page_alloc: fix potential false positive in __zone_watermark_ok
- xfrm: Fix a race in the xdst pcpu cache.
- Input: xpad - add support for PDP Xbox One controllers
- Input: trackpoint - force 3 buttons if 0 button is reported
- Input: trackpoint - only expose supported controls for Elan, ALPS and
NXP
- Btrfs: fix stale entries in readdir
- [s390x] KVM: add proper locking for CMMA migration bitmap
- [arm*] net: bpf: avoid 'bx' instruction on non-Thumb capable CPUs
- [arm*] net: bpf: fix tail call jumps
- [arm*] net: bpf: fix stack alignment
- [arm*] net: bpf: move stack documentation
- [arm*] net: bpf: correct stack layout documentation
- [arm*] net: bpf: fix register saving
- [arm*] net: bpf: fix LDX instructions
- [arm*] net: bpf: clarify tail_call index
- [arm64,armhf] drm/vc4: Fix NULL pointer dereference in
vc4_save_hang_state()
- net: Allow neigh contructor functions ability to modify the primary_key
- ipv4: Make neigh lookup keys for loopback/point-to-point devices be
INADDR_ANY
- dccp: don't restart ccid2_hc_tx_rto_expire() if sk in closed state
- ipv6: Fix getsockopt() for sockets with default IPV6_AUTOFLOWLABEL
- ipv6: fix udpv6 sendmsg crash caused by too small MTU
- ipv6: ip6_make_skb() needs to clear cork.base.dst
- lan78xx: Fix failure in USB Full Speed
- net: igmp: fix source address check for IGMPv3 reports
- net: qdisc_pkt_len_init() should be more robust
- net: tcp: close sock if net namespace is exiting
- net/tls: Fix inverted error codes to avoid endless loop
- net: vrf: Add support for sends to local broadcast address
- pppoe: take ->needed_headroom of lower device into account on xmit
- r8169: fix memory corruption on retrieval of hardware statistics.
- sctp: do not allow the v4 socket to bind a v4mapped v6 address
- sctp: return error if the asoc has been peeled off in
sctp_wait_for_sndbuf
- tipc: fix a memory leak in tipc_nl_node_get_link()
- {net,ib}/mlx5: Don't disable local loopback multicast traffic when
needed
- net/mlx5: Fix get vector affinity helper function
- ppp: unlock all_ppp_mutex before registering device
- be2net: restore properly promisc mode after queues reconfiguration
- ip6_gre: init dev->mtu and dev->hard_header_len correctly
- gso: validate gso_type in GSO handlers
- tun: fix a memory leak for tfile->tx_array
- flow_dissector: properly cap thoff field
- sctp: reinit stream if stream outcnt has been change by sinit in sendmsg
- netlink: extack needs to be reset each time through loop
- net/mlx5e: Fix fixpoint divide exception in mlx5e_am_stats_compare
- nfp: use the correct index for link speed table
- netlink: reset extack earlier in netlink_rcv_skb
- net/tls: Only attach to sockets in ESTABLISHED state
- tls: fix sw_ctx leak
- tls: return -EBUSY if crypto_info is already set
- tls: reset crypto_info when do_tls_setsockopt_tx fails
- net: ipv4: Make "ip route get" match iif lo rules again.
- vmxnet3: repair memory leak
- perf/x86/amd/power: Do not load AMD power module on !AMD platforms
- [x86] microcode/intel: Extend BDW late-loading further with LLC size
check
- [x86] microcode: Fix again accessing initrd after having been freed
- [x86] mm/64: Fix vmapped stack syncing on very-large-memory 4-level
systems
- hrtimer: Reset hrtimer cpu base proper on CPU hotplug
- bpf: introduce BPF_JIT_ALWAYS_ON config
- bpf: fix divides by zero
- bpf: fix 32-bit divide by zero
- bpf: reject stores into ctx via st and xadd
- [arm64] bpf: fix stack_depth tracking in combination with tail calls
- cpufreq: governor: Ensure sufficiently large sampling intervals
- nfsd: auth: Fix gid sorting when rootsquash enabled (CVE-2018-1000028)
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.17
- futex: Fix OWNER_DEAD fixup
- loop: fix concurrent lo_open/lo_release (CVE-2018-5344)
- [x86] KVM: Fix CPUID function for word 6 (80000001_ECX)
- gpio: Fix kernel stack leak to userspace
- ALSA: hda - Reduce the suspend time consumption for ALC256
- crypto: ecdh - fix typo in KPP dependency of CRYPTO_ECDH
- [x86] crypto: aesni - handle zero length dst buffer
- [x86] crypto: aesni - fix typo in generic_gcmaes_decrypt
- crypto: gcm - add GCM IV size constant
- [x86] crypto: aesni - Use GCM IV size constant
- [x86] crypto: aesni - add wrapper for generic gcm(aes)
- [x86] crypto: aesni - Fix out-of-bounds access of the data buffer in
generic-gcm-aesni
- [x86] crypto: aesni - Fix out-of-bounds access of the AAD buffer in
generic-gcm-aesni
- [arm64] crypto: inside-secure - fix hash when length is a multiple of a
block
- [arm64] crypto: inside-secure - avoid unmapping DMA memory that was not
mapped
- crypto: sha3-generic - fixes for alignment and big endian operation
- crypto: af_alg - whitelist mask and type
- HID: wacom: EKR: ensure devres groups at higher indexes are released
- HID: wacom: Fix reporting of touch toggle (WACOM_HID_WD_MUTE_DEVICE)
events
- igb: Free IRQs when device is hotplugged
- ima/policy: fix parsing of fsuuid
- scsi: aacraid: Fix udev inquiry race condition
- scsi: aacraid: Fix hang in kdump
- VFS: Handle lazytime in do_mount()
- [arm64,armhf] drm/vc4: Account for interrupts in flight
- btrfs: Fix transaction abort during failure in btrfs_rm_dev_item
- Btrfs: bail out gracefully rather than BUG_ON
- cpupowerutils: bench - Fix cpu online check
- cpupower : Fix cpupower working when cpu0 is offline
- [x86] KVM: nVMX/nSVM: Don't intercept #UD when running L2
- [x86] KVM: emulator: Return to user-mode on L1 CPL=0 emulation failure
- [x86] KVM: Don't re-execute instruction when not passing CR2 value
- [x86] KVM: Fix operand/address-size during instruction decoding
- [x86] KVM: nVMX: Fix mmu context after VMLAUNCH/VMRESUME failure
- [x86] KVM: fix em_fxstor() sleeping while in atomic
- [x86] KVM: ioapic: Fix level-triggered EOI and IOAPIC reconfigure race
- [x86] KVM: ioapic: Clear Remote IRR when entry is switched to
edge-triggered
- [x86] KVM: ioapic: Preserve read-only values in the redirection table
- [x86] KVM: nVMX: Fix vmx_check_nested_events() return value in case an
event was reinjected to L2
- nvme-fabrics: introduce init command check for a queue that is not alive
- nvme-fc: check if queue is ready in queue_rq
- nvme-loop: check if queue is ready in queue_rq
- nvme-pci: disable APST on Samsung SSD 960 EVO + ASUS PRIME B350M-A
- nvme-pci: avoid hmb desc array idx out-of-bound when hmmaxd set.
- nvmet-fc: correct ref counting error when deferred rcv used
- [s390x] topology: fix compile error in file arch/s390/kernel/smp.c
- [s390x] zcrypt: Fix wrong comparison leading to strange load balancing
- ACPI / bus: Leave modalias empty for devices which are not present
- null_blk: fix dev->badblocks leak
- [s390x] fix alloc_pgste check in init_new_context again
- rxrpc: The mutex lock returned by rxrpc_accept_call() needs releasing
- rxrpc: Provide a different lockdep key for call->user_mutex for kernel
calls
- rxrpc: Fix service endpoint expiry
- bcache: check return value of register_shrinker
- drm/amdgpu: Fix SDMA load/unload sequence on HWS disabled mode
- [x86] drm/amdkfd: Fix SDMA ring buffer size calculation
- [x86] drm/amdkfd: Fix SDMA oversubsription handling
- uapi: fix linux/kfd_ioctl.h userspace compilation errors
- nvme-rdma: don't complete requests before a send work request has
completed
- openvswitch: fix the incorrect flow action alloc size
- [armhf] drm/rockchip: dw-mipi-dsi: fix possible un-balanced runtime PM
enable
- mac80211: use QoS NDP for AP probing
- mac80211: fix the update of path metric for RANN frame
- btrfs: fix deadlock when writing out space cache
- sctp: only allow the asoc reset when the asoc outq is empty
- sctp: avoid flushing unsent queue when doing asoc reset
- sctp: set sender next_tsn for the old result with ctsn_ack_point plus 1
- reiserfs: remove unneeded i_version bump
- [x86] KVM: Fix softlockup when get the current kvmclock
- [x86] KVM: VMX: Fix rflags cache during vCPU reset
- Btrfs: fix list_add corruption and soft lockups in fsync
- KVM: Let KVM_SET_SIGNAL_MASK work as advertised
- xfs: always free inline data before resetting inode fork during ifree
- xfs: log recovery should replay deferred ops in order
- xen-netfront: remove warning when unloading module
- nfsd: CLOSE SHOULD return the invalid special stateid for NFSv4.x (x>0)
- nfsd: Ensure we check stateid validity in the seqid operation checks
- grace: replace BUG_ON by WARN_ONCE in exit_net hook
- nfsd: check for use of the closed special stateid
- race of lockd inetaddr notifiers vs nlmsvc_rqst change
- lockd: fix "list_add double add" caused by legacy signal interface
- quota: propagate error from __dquot_initialize
- [arm64,armhf] net: mvpp2: fix the txq_init error path
- [arm64] net: phy: marvell10g: fix the PHY id mask
- bnxt_en: Fix an error handling path in 'bnxt_get_module_eeprom()'
- Btrfs: incremental send, fix wrong unlink path after renaming file
- nvme-pci: fix NULL pointer dereference in nvme_free_host_mem()
- xfs: fortify xfs_alloc_buftarg error handling
- drm/amdgpu: don't try to move pinned BOs
- quota: Check for register_shrinker() failure.
- SUNRPC: Allow connect to return EHOSTUNREACH
- kmemleak: add scheduling point to kmemleak_scan()
- [armhf] drm/omap: Fix error handling path in 'omap_dmm_probe()'
- [armhf] drm/omap: displays: panel-dpi: add backlight dependency
- xfs: ubsan fixes
- xfs: Properly retry failed dquot items in case of error during buffer
writeback
- perf/core: Fix memory leak triggered by perf --namespace
- scsi: aacraid: Prevent crash in case of free interrupt during scsi EH
path
- scsi: ufs: ufshcd: fix potential NULL pointer dereference in
ufshcd_config_vreg
- iwlwifi: mvm: fix the TX queue hang timeout for MONITOR vif type
- iwlwifi: fix access to prph when transport is stopped
- [arm*] dts: NSP: Disable AHCI controller for HR NSP boards
- [arm*] ARM: dts: NSP: Fix PPI interrupt types
- media: usbtv: add a new usbid
- [x86] xen: Support early interrupts in xen pv guests
- usb: gadget: don't dereference g until after it has been null checked
- staging: rtl8188eu: Fix incorrect response to SIOCGIWESSID
- [arm64,armhf] drm/vc4: Move IRQ enable to PM path
- [x86] KVM: emulate #UD while in guest mode
- [x86] staging: lustre: separate a connection destroy from free struct
kib_conn
- tty: fix data race between tty_init_dev and flush of buf
- USB: serial: pl2303: new device id for Chilitag
- USB: cdc-acm: Do not log urb submission errors on disconnect
- CDC-ACM: apply quirk for card reader
- USB: serial: io_edgeport: fix possible sleep-in-atomic
- usbip: prevent bind loops on devices attached to vhci_hcd
- usbip: list: don't list devices attached to vhci_hcd
- USB: serial: simple: add Motorola Tetra driver
- usb: f_fs: Prevent gadget unbind if it is already unbound
- usb: uas: unconditionally bring back host after reset
- usb/gadget: Fix "high bandwidth" check in usb_gadget_ep_match_desc()
- [x86] mei: me: allow runtime pm for platform with D0i3
- serial: 8250_of: fix return code when probe function fails to get reset
- serial: 8250_uniphier: fix error return code in uniphier_uart_probe()
- [armhf] serial: imx: Only wakeup via RTSDEN bit if the system has
RTS/CTS
- [armhf] spi: imx: do not access registers while clocks disabled
- iio: adc: stm32: fix scan of multiple channels with DMA
- iio: chemical: ccs811: Fix output of IIO_CONCENTRATION channels
- test_firmware: fix missing unlock on error in
config_num_requests_store()
- Input: synaptics-rmi4 - unmask F03 interrupts when port is opened
- Input: synaptics-rmi4 - do not delete interrupt memory too early
- [x86] efi: Clarify that reset attack mitigation needs appropriate
userspace
[ Salvatore Bonaccorso ]
* [rt] Update to 4.14.15-rt11
* [rt] Update to 4.14.15-rt13
* crypto: ecc - Fix NULL pointer deref. on no default_rng (Closes: #886556)
* mac80211: Avoid ABI change in 4.14.17
* rxrpc: Avoid ABI change in 4.14.17
[ Ben Hutchings ]
* bpf: Avoid ABI change in 4.14.14
* usbip: Reduce USBIP_VHCI_HC_PORTS to 15, the maximum allowed for SuperSpeed
hubs (Closes: #878866)
* [x86] Add versioned build-dependency on gcc-7 for retpoline support
* [x86] linux-compiler-gcc-7-x86: Add versioned dependency on gcc-7 for
retpoline support
* linux-compiler-gcc-7-{arm,s390,x86}: Remove specific (and wrong) compiler
version from description (Closes: #883363)
* [x86] linux-headers: Depend on updated linux-compiler-gcc-7-x86
[ Riku Voipio ]
* [arm64] build in reset drivers
* [arm64] enable COMMON_CLK_HI655X so wifi and bluetooth work on Hikey
-- Salvatore Bonaccorso <email address hidden> Wed, 14 Feb 2018 06:56:06 +0100
-
linux (4.14.13-1) unstable; urgency=medium
* New upstream stable update:
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.13
- [x86] mm: Set MODULES_END to 0xffffffffff000000
- [x86] mm: Map cpu_entry_area at the same place on 4/5 level
- [x86] kaslr: Fix the vaddr_end mess
- [x86] events/intel/ds: Use the proper cache flush method for mapping ds
buffers
- [x86] alternatives: Add missing '\n' at end of ALTERNATIVE inline asm
- [x86] pti: Rename BUG_CPU_INSECURE to BUG_CPU_MELTDOWN
- kernel/acct.c: fix the acct->needcheck check in check_free_space()
- mm/mprotect: add a cond_resched() inside change_pmd_range()
- mm/sparse.c: wrong allocation for mem_section
- userfaultfd: clear the vma->vm_userfaultfd_ctx if UFFD_EVENT_FORK fails
- btrfs: fix refcount_t usage when deleting btrfs_delayed_nodes
- efi/capsule-loader: Reinstate virtual capsule mapping
- [sparc*] crypto: n2 - cure use after free
- crypto: chacha20poly1305 - validate the digest size
- crypto: pcrypt - fix freeing pcrypt instances
- crypto: chelsio - select CRYPTO_GF128MUL
- [x86] drm/i915: Disable DC states around GMBUS on GLK
- [x86] drm/i915: Apply Display WA #1183 on skl, kbl, and cfl
- fscache: Fix the default for fscache_maybe_release_page()
- [x86] CPU: Avoid unnecessary IPIs in arch_freq_get_on_cpu()
- [x86] CPU: Always show current CPU frequency in /proc/cpuinfo
- kernel/signal.c: protect the traced SIGNAL_UNKILLABLE tasks from SIGKILL
- kernel/signal.c: protect the SIGNAL_UNKILLABLE tasks from
!sig_kernel_only() signals
- kernel/signal.c: remove the no longer needed SIGNAL_UNKILLABLE check in
complete_signal()
- [arm64] iommu/arm-smmu-v3: Don't free page table ops twice
- [arm64] iommu/arm-smmu-v3: Cope with duplicated Stream IDs
- [powerpc* ]mm: Fix SEGV on mapped region to return SEGV_ACCERR
- Input: elantech - add new icbody type 15
- [x86] microcode/AMD: Add support for fam17h microcode loading
- apparmor: fix regression in mount mediation when feature set is pinned
- [hppa/parisc] Fix alignment of pa_tlb_lock in assembly on 32-bit SMP
kernel
- [hppa/parisc] qemu idle sleep support
- mtd: nand: pxa3xx: Fix READOOB implementation
- [s390x] KVM: fix cmma migration for multiple memory slots
- [s390x] KVM: prevent buffer overrun on memory hotplug during migration
[ Salvatore Bonaccorso ]
* libsas: Disable asynchronous aborts for SATA devices
* drm/nouveau/disp/gf119: add missing drive vfunc ptr (Closes: #880660)
[ Riku Voipio ]
* [arm64] disable CONFIG_HW_RANDOM_OMAP until the IRQ storm bug is fixed
[ Ben Hutchings ]
* abiupdate.py: Add support for security mirrors
* Fix dependencies related to objtool (Closes: #886474):
- linux-headers: Add versioned dependency on linux-kbuild
- Revert "objtool: Fix CONFIG_STACK_VALIDATION=y warning for out-of-tree
modules"
-- Ben Hutchings <email address hidden> Sun, 14 Jan 2018 19:45:05 +0000
-
linux (4.14.12-2) unstable; urgency=medium
[ Ben Hutchings ]
* linux-kbuild: Add objtool
* linux-headers: Add symlink to linux-kbuild tools directory for objtool
[ Salvatore Bonaccorso ]
* linux-headers: Add symlink to linux-kbuild tools directory for objtool in
architecture-specific headers package.
Thanks to Luca Boccassi (Closes: #886366)
-- Salvatore Bonaccorso <email address hidden> Sat, 06 Jan 2018 09:08:42 +0100
-
linux (4.14.7-1) unstable; urgency=medium
* New upstream stable update:
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.3
- [s390x] fix transactional execution control register handling
- [s390x] noexec: execute kexec datamover without DAT
- [s390x] runtime instrumention: fix possible memory corruption
- [s390x] guarded storage: fix possible memory corruption
- [s390x] disassembler: add missing end marker for e7 table
- [s390x] disassembler: increase show_code buffer size
- ACPI / PM: Fix acpi_pm_notifier_lock vs flush_workqueue() deadlock
- ACPI / EC: Fix regression related to triggering source of EC event
handling
- cpufreq: schedutil: Reset cached_raw_freq when not in sync with next_freq
- serdev: fix registration of second slave
- sched: Make resched_cpu() unconditional
- lib/mpi: call cond_resched() from mpi_powm() loop
- [x86] boot: Fix boot failure when SMP MP-table is based at 0
- [x86] decoder: Add new TEST instruction pattern
- [amd64] entry: Fix entry_SYSCALL_64_after_hwframe() IRQ tracing
- [x86] perf: intel: Hide TSX events when RTM is not supported
- [arm64] Implement arch-specific pte_access_permitted()
- [armhf/armmp-lpae] 8722/1: mm: make STRICT_KERNEL_RWX effective for LPAE
- [armhf/armmp-lpae] 8721/1: mm: dump: check hardware RO bit for LPAE
- uapi: fix linux/tls.h userspace compilation error
- uapi: fix linux/rxrpc.h userspace compilation errors
- [mips*/4kc-malta] cmpxchg64() and HAVE_VIRT_CPU_ACCOUNTING_GEN don't work
for 32-bit SMP
- [armhf,arm64] net: mvneta: fix handling of the Tx descriptor counter
- nbd: wait uninterruptible for the dead timeout
- nbd: don't start req until after the dead connection logic
- PM / OPP: Add missing of_node_put(np)
- PCI/ASPM: Account for downstream device's Port Common_Mode_Restore_Time
- PCI/ASPM: Use correct capability pointer to program LTR_L1.2_THRESHOLD
- [x86] PCI: hv: Use effective affinity mask
- [arm64] PCI: Set Cavium ACS capability quirk flags to assert RR/CR/SV/UF
- [arm64] PCI: Apply Cavium ThunderX ACS quirk to more Root Ports
- dm integrity: allow unaligned bv_offset
- dm cache: fix race condition in the writeback mode overwrite_bio
optimisation
- dm crypt: allow unaligned bv_offset
- dm zoned: ignore last smaller runt zone
- dm mpath: remove annoying message of 'blk_get_request() returned -11'
- dm bufio: fix integer overflow when limiting maximum cache size
- ovl: Put upperdentry if ovl_check_origin() fails
- dm: allocate struct mapped_device with kvzalloc
- sched/rt: Simplify the IPI based RT balancing logic
- dm: fix race between dm_get_from_kobject() and __dm_destroy()
- dm: discard support requires all targets in a table support discards
- [mips*] Fix odd fp register warnings with MIPS64r2
- [mips*/4kc-malta] Fix MIPS64 FP save/restore on 32-bit kernels
- [mips*] dts: remove bogus bcm96358nb4ser.dtb from dtb-y entry
- [mips*] Fix an n32 core file generation regset support regression
- [mips*] math-emu: Fix final emulation phase for certain instructions
- rt2x00usb: mark device removed when get ENOENT usb error
- mm/z3fold.c: use kref to prevent page free/compact race
- autofs: don't fail mount for transient error
- nilfs2: fix race condition that causes file system corruption
- fscrypt: lock mutex before checking for bounce page pool
- eCryptfs: use after free in ecryptfs_release_messaging()
- libceph: don't WARN() if user tries to add invalid key
- bcache: check ca->alloc_thread initialized before wake up it
- fs: guard_bio_eod() needs to consider partitions
- fanotify: fix fsnotify_prepare_user_wait() failure
- isofs: fix timestamps beyond 2027
- btrfs: change how we decide to commit transactions during flushing
- f2fs: expose some sectors to user in inline data or dentry case
- NFS: Fix typo in nomigration mount option
- NFS: Revert "NFS: Move the flock open mode check into nfs_flock()"
- nfs: Fix ugly referral attributes
- NFS: Avoid RCU usage in tracepoints
- NFS: revalidate "." etc correctly on "open".
- nfsd: deal with revoked delegations appropriately
- rtlwifi: rtl8192ee: Fix memory leak when loading firmware
- rtlwifi: fix uninitialized rtlhal->last_suspend_sec time
- iwlwifi: fix firmware names for 9000 and A000 series hw
- md: fix deadlock error in recent patch.
- md: don't check MD_SB_CHANGE_CLEAN in md_allow_write
- Bluetooth: btqcomsmd: Add support for BD address setup
- md/bitmap: revert a patch
- fsnotify: clean up fsnotify_prepare/finish_user_wait()
- fsnotify: pin both inode and vfsmount mark
- fsnotify: fix pinning group in fsnotify_prepare_user_wait()
- ata: fixes kernel crash while tracing ata_eh_link_autopsy event
- ext4: fix interaction between i_size, fallocate, and delalloc after a
crash
- ext4: prevent data corruption with inline data + DAX
- ext4: prevent data corruption with journaling + DAX
- ALSA: pcm: update tstamp only if audio_tstamp changed
- ALSA: usb-audio: Add sanity checks to FE parser
- ALSA: usb-audio: Fix potential out-of-bound access at parsing SU
- ALSA: usb-audio: Add sanity checks in v2 clock parsers
- ALSA: timer: Remove kernel warning at compat ioctl error paths
- ALSA: hda/realtek - Fix ALC275 no sound issue
- ALSA: hda: Fix too short HDMI/DP chmap reporting
- ALSA: hda - Fix yet remaining issue with vmaster 0dB initialization
- ALSA: hda/realtek - Fix ALC700 family no sound issue
- [x86] mfd: lpc_ich: Avoton/Rangeley uses SPI_BYT method
- fix a page leak in vhost_scsi_iov_to_sgl() error recovery
- 9p: Fix missing commas in mount options
- fs/9p: Compare qid.path in v9fs_test_inode
- net/9p: Switch to wait_event_killable()
- scsi: qla2xxx: Suppress a kernel complaint in qla_init_base_qpair()
- scsi: sd_zbc: Fix sd_zbc_read_zoned_characteristics()
- scsi: lpfc: fix pci hot plug crash in timer management routines
- scsi: lpfc: fix pci hot plug crash in list_add call
- scsi: lpfc: Fix crash receiving ELS while detaching driver
- scsi: lpfc: Fix FCP hba_wqidx assignment
- scsi: lpfc: Fix oops if nvmet_fc_register_targetport fails
- iscsi-target: Make TASK_REASSIGN use proper se_cmd->cmd_kref
- iscsi-target: Fix non-immediate TMR reference leak
- target: fix null pointer regression in core_tmr_drain_tmr_list
- target: fix buffer offset in core_scsi3_pri_read_full_status
- target: Fix QUEUE_FULL + SCSI task attribute handling
- target: Fix caw_sem leak in transport_generic_request_failure
- target: Fix quiese during transport_write_pending_qf endless loop
- target: Avoid early CMD_T_PRE_EXECUTE failures during ABORT_TASK
- mtd: Avoid probe failures when mtd->dbg.dfs_dir is invalid
- mtd: nand: atmel: Actually use the PM ops
- mtd: nand: omap2: Fix subpage write
- mtd: nand: Fix writing mtdoops to nand flash.
- mtd: nand: mtk: fix infinite ECC decode IRQ issue
- p54: don't unregister leds when they are not initialized
- block: Fix a race between blk_cleanup_queue() and timeout handling
- raid1: prevent freeze_array/wait_all_barriers deadlock
- genirq: Track whether the trigger type has been set
- [armhf,arm64] irqchip/gic-v3: Fix ppi-partitions lookup
- lockd: double unregister of inetaddr notifiers
- [powerpc*] KVM: Book3S HV: Don't call real-mode XICS hypercall handlers
if not enabled
- [x86] KVM: nVMX: set IDTR and GDTR limits when loading L1 host state
- [x86] KVM: SVM: obey guest PAT
- [x86] kvm: vmx: Reinstate support for CPUs without virtual NMI
(Closes: #884482)
- dax: fix PMD faults on zero-length files
- dax: fix general protection fault in dax_alloc_inode
- SUNRPC: Fix tracepoint storage issues with svc_recv and svc_rqst_status
- [armhf] clk: ti: dra7-atl-clock: fix child-node lookups
- libnvdimm, dimm: clear 'locked' status on successful DIMM enable
- libnvdimm, pfn: make 'resource' attribute only readable by root
- libnvdimm, namespace: fix label initialization to use valid seq numbers
- libnvdimm, region : make 'resource' attribute only readable by root
- libnvdimm, namespace: make 'resource' attribute only readable by root
- svcrdma: Preserve CB send buffer across retransmits
- IB/srpt: Do not accept invalid initiator port names
- IB/cm: Fix memory corruption in handling CM request
- IB/hfi1: Fix incorrect available receive user context count
- IB/srp: Avoid that a cable pull can trigger a kernel crash
- IB/core: Avoid crash on pkey enforcement failed in received MADs
- IB/core: Only maintain real QPs in the security lists
- NFC: fix device-allocation error return
- spi-nor: intel-spi: Fix broken software sequencing codes
- fm10k,i40e,i40evf,igb,igbvf,ixgbe,ixgbevf: Use smp_rmb rather than
read_barrier_depends
- [hppa] Fix validity check of pointer size argument in new CAS
implementation
- [powerpc*] Fix boot on BOOK3S_32 with CONFIG_STRICT_KERNEL_RWX
- [powerpc*] mm/radix: Fix crashes on Power9 DD1 with radix MMU and
STRICT_RWX
- [powerpc*] perf/imc: Use cpu_to_node() not topology_physical_package_id()
- [powerpc*] signal: Properly handle return value from uprobe_deny_signal()
- [powerpc*] 64s: Fix masking of SRR1 bits on instruction fault
- [powerpc*] 64s/radix: Fix 128TB-512TB virtual address boundary case
allocation
- [powerpc*] 64s/hash: Fix 512T hint detection to use >= 128T
- [powerpc*] 64s/hash: Fix 128TB-512TB virtual address boundary case
allocation
- [powerpc*] 64s/hash: Fix fork() with 512TB process address space
- [powerpc*] 64s/hash: Allow MAP_FIXED allocations to cross 128TB boundary
- media: Don't do DMA on stack for firmware upload in the AS102 driver
- media: rc: check for integer overflow
- media: rc: nec decoder should not send both repeat and keycode
- media: v4l2-ctrl: Fix flags field on Control events
- [arm64] media: venus: fix wrong size on dma_free
- [arm64] media: venus: venc: fix bytesused v4l2_plane field
- [arm64] media: venus: reimplement decoder stop command
- [arm64] dts: meson-gxl: Add alternate ARM Trusted Firmware reserved
memory zone
- iwlwifi: fix wrong struct for a000 device
- iwlwifi: fix PCI IDs and configuration mapping for 9000 series
- iwlwifi: mvm: support version 7 of the SCAN_REQ_UMAC FW command
- e1000e: Fix error path in link detection
- e1000e: Fix return value test
- e1000e: Separate signaling for link check/link up
- e1000e: Avoid receiver overrun interrupt bursts
- e1000e: fix buffer overrun while the I219 is processing DMA transactions
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.4
- [x86]: platform: hp-wmi: Fix tablet mode detection for convertibles
- mm, memory_hotplug: do not back off draining pcp free pages from kworker
context
- mm, oom_reaper: gather each vma to prevent leaking TLB entry
- [armhf,arm64] mm/cma: fix alloc_contig_range ret code/potential leak
- mm: fix device-dax pud write-faults triggered by get_user_pages()
- mm, hugetlbfs: introduce ->split() to vm_operations_struct
- device-dax: implement ->split() to catch invalid munmap attempts
- mm: introduce get_user_pages_longterm
- mm: fail get_vaddr_frames() for filesystem-dax mappings
- v4l2: disable filesystem-dax mapping support
- IB/core: disable memory registration of filesystem-dax vmas
- exec: avoid RLIMIT_STACK races with prlimit()
- mm/madvise.c: fix madvise() infinite loop under special circumstances
- mm: migrate: fix an incorrect call of prep_transhuge_page()
- mm, memcg: fix mem_cgroup_swapout() for THPs
- fs/fat/inode.c: fix sb_rdonly() change
- autofs: revert "autofs: take more care to not update last_used on path
walk"
- autofs: revert "autofs: fix AT_NO_AUTOMOUNT not being honored"
- mm/hugetlb: fix NULL-pointer dereference on 5-level paging machine
- btrfs: clear space cache inode generation always
- nfsd: Fix stateid races between OPEN and CLOSE
- nfsd: Fix another OPEN stateid race
- nfsd: fix panic in posix_unblock_lock called from nfs4_laundromat
- crypto: algif_aead - skip SGL entries with NULL page
- crypto: af_alg - remove locking in async callback
- crypto: skcipher - Fix skcipher_walk_aead_common
- lockd: lost rollback of set_grace_period() in lockd_down_net()
- [s390x] revert ELF_ET_DYN_BASE base changes
- [armhf] drm: omapdrm: Fix DPI on platforms using the DSI VDDS
- [armhf] omapdrm: hdmi4: Correct the SoC revision matching
- [arm64] module-plts: factor out PLT generation code for ftrace
- [arm64] ftrace: emit ftrace-mod.o contents through code
- [powerpc*] powernv: Fix kexec crashes caused by tlbie tracing
- [powerpc*] kexec: Fix kexec/kdump in P9 guest kernels
- [x86] KVM: pvclock: Handle first-time write to pvclock-page contains
random junk
- [x86] KVM: Exit to user-mode on #UD intercept when emulator requires
- [x86] KVM: inject exceptions produced by x86_decode_insn
- [x86] KVM: lapic: Split out x2apic ldr calculation
- [x86] KVM: lapic: Fixup LDR on load in x2apic
- mmc: sdhci: Avoid swiotlb buffer being full
- mmc: block: Fix missing blk_put_request()
- mmc: block: Check return value of blk_get_request()
- mmc: core: Do not leave the block driver in a suspended state
- mmc: block: Ensure that debugfs files are removed
- mmc: core: prepend 0x to pre_eol_info entry in sysfs
- mmc: core: prepend 0x to OCR entry in sysfs
- ACPI / EC: Fix regression related to PM ops support in ECDT device
- eeprom: at24: fix reading from 24MAC402/24MAC602
- eeprom: at24: correctly set the size for at24mac402
- eeprom: at24: check at24_read/write arguments
- [alpha,x86] i2c: i801: Fix Failed to allocate irq -2147483648 error
- bcache: Fix building error on MIPS
- bcache: only permit to recovery read error when cache device is clean
- bcache: recover data from backing when data is clean
- hwmon: (jc42) optionally try to disable the SMBUS timeout
- nvme-pci: add quirk for delay before CHK RDY for WDC SN200
- Revert "drm/radeon: dont switch vt on suspend"
- drm/amdgpu: potential uninitialized variable in amdgpu_vce_ring_parse_cs()
- drm/amdgpu: Potential uninitialized variable in
amdgpu_vm_update_directories()
- drm/amdgpu: correct reference clock value on vega10
- drm/amdgpu: fix error handling in amdgpu_bo_do_create
- drm/amdgpu: Properly allocate VM invalidate eng v2
- drm/amdgpu: Remove check which is not valid for certain VBIOS
- drm/ttm: fix ttm_bo_cleanup_refs_or_queue once more
- dma-buf: make reservation_object_copy_fences rcu save
- drm/amdgpu: reserve root PD while releasing it
- drm/ttm: Always and only destroy bo->ttm_resv in ttm_bo_release_list
- drm/vblank: Fix flip event vblank count
- drm/vblank: Tune drm_crtc_accurate_vblank_count() WARN down to a debug
- drm/tilcdc: Precalculate total frametime in tilcdc_crtc_set_mode()
- drm/radeon: fix atombios on big endian
- drm/panel: simple: Add missing panel_simple_unprepare() calls
- [arm64] drm/hisilicon: Ensure LDI regs are properly configured.
- drm/ttm: once more fix ttm_buffer_object_transfer
- drm/amd/pp: fix typecast error in powerplay.
- drm/fb_helper: Disable all crtc's when initial setup fails.
- drm/edid: Don't send non-zero YQ in AVI infoframe for HDMI 1.x sinks
- drm/amdgpu: move UVD/VCE and VCN structure out from union
- drm/amdgpu: Set adev->vcn.irq.num_types for VCN
- IB/core: Do not warn on lid conversions for OPA
- IB/hfi1: Do not warn on lid conversions for OPA
- e1000e: fix the use of magic numbers for buffer overrun issue
- md: forbid a RAID5 from having both a bitmap and a journal.
- [x86] drm/i915: Fix false-positive assert_rpm_wakelock_held in
i915_pmic_bus_access_notifier v2
- [x86] drm/i915: Re-register PMIC bus access notifier on runtime resume
- [x86] drm/i915/fbdev: Serialise early hotplug events with async fbdev
config
- [x86] drm/i915/gvt: Correct ADDR_4K/2M/1G_MASK definition
- [x86] drm/i915: Don't try indexed reads to alternate slave addresses
- [x86] drm/i915: Prevent zero length "index" write
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.5
- drm/amdgpu: Use unsigned ring indices in amdgpu_queue_mgr_map
- [s390x] runtime instrumentation: simplify task exit handling
- usbip: fix usbip attach to find a port that matches the requested speed
- usbip: Fix USB device hang due to wrong enabling of scatter-gather
- uas: Always apply US_FL_NO_ATA_1X quirk to Seagate devices
- usb: quirks: Add no-lpm quirk for KY-688 USB 3.1 Type-C Hub
- serial: 8250_early: Only set divisor if valid clk & baud
- [mips*] Add custom serial.h with BASE_BAUD override for generic kernel
- ima: fix hash algorithm initialization
- [s390x] vfio-ccw: Do not attempt to free no-op, test and tic cda.
- PM / Domains: Fix genpd to deal with drivers returning 1 from ->prepare()
- [s390x] pci: do not require AIS facility
- serial: 8250_fintek: Fix rs485 disablement on invalid ioctl()
- staging: rtl8188eu: avoid a null dereference on pmlmepriv
- [arm64] mmc: sdhci-msm: fix issue with power irq
- hwmon: (pmbus/core) Prevent unintentional setting of page to 0xFF
- perf/core: Fix __perf_read_group_add() locking
- [armhf] PCI: dra7xx: Create functional dependency between PCIe and PHY
- [x86] intel_rdt: Initialize bitmask of shareable resource if CDP enabled
- [x86] intel_rdt: Fix potential deadlock during resctrl mount
- serial: 8250: Preserve DLD[7:4] for PORT_XR17V35X
- kprobes: Use synchronize_rcu_tasks() for optprobe with CONFIG_PREEMPT=y
- [x86] entry: Use SYSCALL_DEFINE() macros for sys_modify_ldt()
- [armhf,arm64] clocksource/drivers/arm_arch_timer: Validate CNTFRQ after
enabling frame
- [x86] EDAC, sb_edac: Fix missing break in switch
- [arm64] cpuidle: Correct driver unregistration if init fails
- usb: xhci: Return error when host is dead in xhci_disable_slot()
- [armel,armhf] sysrq : fix Show Regs call trace on ARM
- [sh4] serial: sh-sci: suppress warning for ports without dma channels
- [armhf] serial: imx: Update cached mctrl value when changing RTS
- [x86] kprobes: Disable preemption in ftrace-based jprobes
- [x86] locking/refcounts, asm: Use unique .text section for refcount
exceptions
- [s390x] ptrace: fix guarded storage regset handling
- perf tools: Fix leaking rec_argv in error cases
- mm, x86/mm: Fix performance regression in get_user_pages_fast()
- iio: adc: ti-ads1015: add 10% to conversion wait time
- iio: multiplexer: add NULL check on devm_kzalloc() and devm_kmemdup()
return values
- [x86] locking/refcounts, asm: Enable CONFIG_ARCH_HAS_REFCOUNT
- [powerpc*] jprobes: Disable preemption when triggered through ftrace
- [powerpc*] kprobes: Disable preemption before invoking probe handler for
optprobes
- usb: hub: Cycle HUB power when initialization fails
- [armhf,arm64] USB: ulpi: fix bus-node lookup
- xhci: Don't show incorrect WARN message about events for empty rings
- usb: xhci: fix panic in xhci_free_virt_devices_depth_first
- USB: core: Add type-specific length check of BOS descriptors
- USB: usbfs: Filter flags passed in from user space
- usb: host: fix incorrect updating of offset
- locking/refcounts: Do not force refcount_t usage as GPL-only export
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.6
- usb: gadget: core: Fix ->udc_set_speed() speed handling
- serdev: ttyport: add missing receive_buf sanity checks
- serdev: ttyport: fix NULL-deref on hangup
- serdev: ttyport: fix tty locking in close
- usb: f_fs: Force Reserved1=1 in OS_DESC_EXT_COMPAT
- can: peak/pci: fix potential bug when probe() fails
- can: kvaser_usb: free buf in error paths
- can: kvaser_usb: Fix comparison bug in kvaser_usb_read_bulk_callback()
- can: kvaser_usb: ratelimit errors if incomplete messages are received
- can: kvaser_usb: cancel urb on -EPIPE and -EPROTO
- can: ems_usb: cancel urb on -EPIPE and -EPROTO
- can: esd_usb2: cancel urb on -EPIPE and -EPROTO
- can: usb_8dev: cancel urb on -EPIPE and -EPROTO
- can: peak/pcie_fd: fix potential bug in restarting tx queue
- virtio: release virtio index when fail to device_register
- [arm64] pinctrl: armada-37xx: Fix direction_output() callback behavior
- [x86] Drivers: hv: vmbus: Fix a rescind issue
- [x86] hv: kvp: Avoid reading past allocated blocks from KVP file
- firmware: vpd: Destroy vpd sections in remove function
- firmware: vpd: Tie firmware kobject to device lifetime
- firmware: vpd: Fix platform driver and device registration/unregistration
- scsi: dma-mapping: always provide dma_get_cache_alignment
- scsi: use dma_get_cache_alignment() as minimum DMA alignment
- scsi: libsas: align sata_device's rps_resp on a cacheline
- efi: Move some sysfs files to be read-only by root
- efi/esrt: Use memunmap() instead of kfree() to free the remapping
- ASN.1: fix out-of-bounds read when parsing indefinite length item
- ASN.1: check for error from ASN1_OP_END__ACT actions
- KEYS: add missing permission check for request_key() destination
(CVE-2017-17807)
- KEYS: reject NULL restriction string when type is specified
- X.509: reject invalid BIT STRING for subjectPublicKey
- X.509: fix comparisons of ->pkey_algo
- [x86] idt: Load idt early in start_secondary
- [x86] PCI: Make broadcom_postcore_init() check acpi_disabled
- [x86] KVM: fix APIC page invalidation
- btrfs: fix missing error return in btrfs_drop_snapshot
- btrfs: handle errors while updating refcounts in update_ref_for_cow
- ALSA: pcm: prevent UAF in snd_pcm_info
- ALSA: seq: Remove spurious WARN_ON() at timer check
- ALSA: usb-audio: Fix out-of-bound error
- ALSA: usb-audio: Add check return value for usb_string()
- [x86] iommu/vt-d: Fix scatterlist offset handling
- smp/hotplug: Move step CPUHP_AP_SMPCFD_DYING to the correct place
- [s390x] always save and restore all registers on context switch
- [s390x] mm: fix off-by-one bug in 5-level page table handling
- [s390x] fix compat system call table
- [s390x] KVM: Fix skey emulation permission check
- [powerpc*] Revert "powerpc: Do not call ppc_md.panic in fadump panic
notifier"
- [powerpc*] 64s: Initialize ISAv3 MMU registers before setting partition
table
- iwlwifi: mvm: mark MIC stripped MPDUs
- iwlwifi: mvm: don't use transmit queue hang detection when it is not
possible
- iwlwifi: mvm: flush queue before deleting ROC
- iwlwifi: mvm: fix packet injection
- iwlwifi: mvm: enable RX offloading with TKIP and WEP
- brcmfmac: change driver unbind order of the sdio function devices
- md/r5cache: move mddev_lock() out of r5c_journal_mode_set()
- [armhf] drm/bridge: analogix dp: Fix runtime PM state in get_modes()
callback
- [armhf] drm/exynos: gem: Drop NONCONTIG flag for buffers allocated
without IOMMU
- [x86] drm/i915: Fix vblank timestamp/frame counter jumps on gen2
- media: dvb: i2c transfers over usb cannot be done from stack
- media: rc: sir_ir: detect presence of port
- media: rc: partial revert of "media: rc: per-protocol repeat period"
- [arm64] KVM: fix VTTBR_BADDR_MASK BUG_ON off-by-one
- [armhf] KVM: Fix VTTBR_BADDR_MASK BUG_ON off-by-one
- [x86] KVM: VMX: remove I/O port 0x80 bypass on Intel hosts
(CVE-2017-1000407)
- [armhf,arm64] KVM: Fix broken GICH_ELRSR big endian conversion
- [armhf,arm64] KVM: vgic-irqfd: Fix MSI entry allocation
- [armhf,arm64] KVM: vgic: Preserve the revious read from the pending table
- [armhf,arm64] KVM: vgic-its: Check result of allocation before use
- [arm64] fpsimd: Prevent registers leaking from dead tasks
- [arm64] SW PAN: Point saved ttbr0 at the zero page when switching to
init_mm
- [arm64] SW PAN: Update saved ttbr0 value on enter_lazy_tlb
- [armhf] Revert "ARM: dts: imx53: add srtc node"
- [armhf] bus: arm-cci: Fix use of smp_processor_id() in preemptible context
- IB/core: Only enforce security for InfiniBand
- [armel,armhf] BUG if jumping to usermode address in kernel mode
- [armel,armhf] avoid faulting on qemu
- [arm64] irqchip/qcom: Fix u32 comparison with value less than zero
- [powerpc*] perf: Fix pmu_count to count only nest imc pmus
- apparmor: fix leak of null profile name if profile allocation fails
- mac80211_hwsim: Fix memory leak in hwsim_new_radio_nl()
- gre6: use log_ecn_error module parameter in ip6_tnl_rcv()
- route: also update fnhe_genid when updating a route cache
- route: update fnhe_expires for redirect when the fnhe exists
- rsi: fix memory leak on buf and usb_reg_buf
- pipe: match pipe_max_size data type with procfs
- lib/genalloc.c: make the avail variable an atomic_long_t
- NFS: Fix a typo in nfs_rename()
- sunrpc: Fix rpc_task_begin trace point
- nfp: inherit the max_mtu from the PF netdev
- nfp: fix flower offload metadata flag usage
- xfs: fix forgotten rcu read unlock when skipping inode reclaim
- block: wake up all tasks blocked in get_request()
- [sparc64] mm: set fields in deferred pages
- zsmalloc: calling zs_map_object() from irq is a bug
- slub: fix sysfs duplicate filename creation when slub_debug=O
- sctp: do not free asoc when it is already dead in sctp_sendmsg
- sctp: use the right sk after waking up from wait_buf sleep
- fcntl: don't leak fd reference when fixup_compat_flock fails
- geneve: fix fill_info when link down
- bpf: fix lockdep splat
- [arm64] clk: qcom: common: fix legacy board-clock registration
- [arm64] clk: hi3660: fix incorrect uart3 clock freqency
- atm: horizon: Fix irq release error
- xfrm: Copy policy family in clone_policy
- f2fs: fix to clear FI_NO_PREALLOC
- bnxt_re: changing the ip address shouldn't affect new connections
- IB/mlx4: Increase maximal message size under UD QP
- IB/mlx5: Assign send CQ and recv CQ of UMR QP
- afs: Fix total-length calculation for multiple-page send
- afs: Connect up the CB.ProbeUuid
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.7
- net: realtek: r8169: implement set_link_ksettings()
- [s390x] qeth: fix early exit from error path
- tipc: fix memory leak in tipc_accept_from_sock()
- vhost: fix skb leak in handle_rx()
- rds: Fix NULL pointer dereference in __rds_rdma_map
- sit: update frag_off info
- tcp: add tcp_v4_fill_cb()/tcp_v4_restore_cb()
- packet: fix crash in fanout_demux_rollover()
- net/packet: fix a race in packet_bind() and packet_notifier()
- tcp: remove buggy call to tcp_v6_restore_cb()
- usbnet: fix alignment for frames with no ethernet header
- net: remove hlist_nulls_add_tail_rcu()
- stmmac: reset last TSO segment size after device open
- tcp/dccp: block bh before arming time_wait timer
- [s390x] qeth: build max size GSO skbs on L2 devices
- [s390x] qeth: fix thinko in IPv4 multicast address tracking
- [s390x] qeth: fix GSO throughput regression
- tcp: use IPCB instead of TCP_SKB_CB in inet_exact_dif_match()
- tipc: call tipc_rcv() only if bearer is up in tipc_udp_recv()
- tcp: use current time in tcp_rcv_space_adjust()
- net: sched: cbq: create block for q->link.block
- tap: free skb if flags error
- tcp: when scheduling TLP, time of RTO should account for current ACK
- tun: free skb in early errors
- net: ipv6: Fixup device for anycast routes during copy
- tun: fix rcu_read_lock imbalance in tun_build_skb
- net: accept UFO datagrams from tuntap and packet
- net: openvswitch: datapath: fix data type in queue_gso_packets
- cls_bpf: don't decrement net's refcount when offload fails
- sctp: use right member as the param of list_for_each_entry
- ipmi: Stop timers before cleaning up the module
- usb: gadget: ffs: Forbid usb_ep_alloc_request from sleeping
- fcntl: don't cap l_start and l_end values for F_GETLK64 in compat syscall
- fix kcm_clone()
- [armhf,arm64] KVM: vgic-its: Preserve the revious read from the pending
table
- kbuild: do not call cc-option before KBUILD_CFLAGS initialization
- [powerpc*] powernv/idle: Round up latency and residency values
- ipvlan: fix ipv6 outbound device
- blk-mq: Avoid that request queue removal can trigger list corruption
- nvmet-rdma: update queue list during ib_device removal
- audit: Allow auditd to set pid to 0 to end auditing
- audit: ensure that 'audit=1' actually enables audit for PID 1
- dm raid: fix panic when attempting to force a raid to sync
- md: free unused memory after bitmap resize
- RDMA/cxgb4: Annotate r2 and stag as __be32
- [x86] intel_rdt: Fix potential deadlock during resctrl unmount
[ Salvatore Bonaccorso ]
* Add ABI reference for 4.14.0-1
* xen/time: do not decrease steal time after live migration on xen
(Closes: #871608)
* crypto: salsa20 - fix blkcipher_walk API usage (CVE-2017-17805)
* crypto: hmac - require that the underlying hash algorithm is unkeyed
(CVE-2017-17806)
[ Vagrant Cascadian ]
* [armhf, arm64] Backport patches from 4.15.x to support dwmac-sun8i.
[ Ben Hutchings ]
* [rt] Update to 4.14.6-rt7:
- hrtimer: account for migrated timers
- crypto: mcryptd: protect the per-CPU queue with a lock
- tracing: Update inter-event hist trigger support to v7:
+ Rename virtual "$common_timestamp" field to "common_timestamp"
+ Fix use-after-free in trigger removal
- mm/slub: close possible memory-leak in kmem_cache_alloc_bulk()
- crypto: limit more FPU-enabled sections
* dccp: CVE-2017-8824: use-after-free in DCCP code
* netfilter: nfnetlink_cthelper: Add missing permission checks
(CVE-2017-17448)
* netlink: Add netns check on taps (CVE-2017-17449)
* netfilter: xt_osf: Add missing permission checks (CVE-2017-17450)
* USB: core: prevent malicious bNumInterfaces overflow (CVE-2017-17558)
* net: ipv4: fix for a race condition in raw_sendmsg (CVE-2017-17712)
* media: dvb-usb-v2: lmedm04: Improve logic checking of warm start
(CVE-2017-16538)
* media: dvb-usb-v2: lmedm04: move ts2020 attach to dm04_lme2510_tuner
(CVE-2017-16538)
* media: hdpvr: Fix an error handling path in hdpvr_probe() (CVE-2017-16644)
* [armhf,arm64,x86] KVM: Fix stack-out-of-bounds read in write_mmio
(CVE-2017-17741)
* bluetooth: Prevent stack info leak from the EFS element.
(CVE-2017-1000410)
* bpf/verifier: Fix multiple security issues (Closes: #883558):
- encapsulate verifier log state into a structure
- move global verifier log into verifier environment
- fix branch pruning logic
- fix bounds calculation on BPF_RSH
- fix incorrect sign extension in check_alu_op() (CVE-2017-16995)
- fix incorrect tracking of register size truncation (CVE-2017-16996)
- fix 32-bit ALU op verification
- fix missing error return in check_stack_boundary()
- force strict alignment checks for stack pointers
- don't prune branches when a scalar is replaced with a pointer
- fix integer overflows
* Bump ABI to 2
-- Ben Hutchings <email address hidden> Fri, 22 Dec 2017 14:12:23 +0000
-
linux (4.14.2-1) unstable; urgency=medium
* New upstream stable update:
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.1
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.2
- mm/pagewalk.c: report holes in hugetlb ranges (CVE-2017-16994)
[ Ben Hutchings ]
* [rt] Update to 4.14-rt1 and reenable (Closes: #882192)
* i40e: Build for 32-bit targets again
- i40e/i40evf: organize and re-number feature flags
- i40e: fix flags declaration
- Revert "i40e: Build for 64-bit targets only"
* aufs: Update support patchset to aufs4.14-20171120
* [armel] Change configuration to reduce image size (fixes FTBFS):
- Change CONNECTOR from built-in to module, and disable PROC_EVENTS
- Disable INTEGRITY and dependent options
- video: Disable USB_APPLEDISPLAY, BACKLIGHT_CLASS_DEVICE
* apparmor: fix oops in audit_signal_cb hook (regression in 4.14)
* leds: Enable LEDS_BRIGHTNESS_HW_CHANGED (Closes: #872862)
* [rt] Add new signing subkey for Steven Rostedt
* [rt] Update to 4.14.1-rt3
* Set ABI to 1
* mmap: Remember the MAP_FIXED flag as VM_FIXED
* [x86] mmap: Add an exception to the stack gap for Hotspot JVM compatibility
(Closes: #865303)
[ Salvatore Bonaccorso ]
* mm, thp: Do not make page table dirty unconditionally in touch_p[mu]d()
(CVE-2017-1000405)
-- Ben Hutchings <email address hidden> Thu, 30 Nov 2017 12:33:47 +0000
-
linux (4.13.13-1) unstable; urgency=medium
* New upstream stable update:
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.13.11
- workqueue: replace pool->manager_arb mutex with a flag
- [x86] ALSA: hda/realtek - Add support for ALC236/ALC3204
- [x86] ALSA: hda - fix headset mic problem for Dell machines with alc236
- ceph: unlock dangling spinlock in try_flush_caps()
- [powerpc*] KVM: PPC: Fix oops when checking KVM_CAP_PPC_HTM
(CVE-2017-15306)
- [powerpc*] KVM: PPC: Book3S HV: POWER9 more doorbell fixes
- [powerpc*] KVM: PPC: Book3S: Protect kvmppc_gpa_to_ua() with SRCU
- [s390x] kvm: fix detection of guest machine checks
- nbd: handle interrupted sendmsg with a sndtimeo set
- spi: uapi: spidev: add missing ioctl header
- spi: a3700: Return correct value on timeout detection
- spi: bcm-qspi: Fix use after free in bcm_qspi_probe() in error path
- spi: armada-3700: Fix failing commands with quad-SPI
- ovl: add NULL check in ovl_alloc_inode
- ovl: fix EIO from lookup of non-indexed upper
- ovl: handle ENOENT on index lookup
- ovl: do not cleanup unsupported index entries
- fuse: fix READDIRPLUS skipping an entry
- xen/gntdev: avoid out of bounds access in case of partial gntdev_mmap()
- xen: fix booting ballooned down hvm guest
- cifs: Select all required crypto modules
- CIFS: Fix NULL pointer deref on SMB2_tcon() failure
- Input: elan_i2c - add ELAN0611 to the ACPI table
- Input: gtco - fix potential out-of-bound access (CVE-2017-16643)
- Fix encryption labels and lengths for SMB3.1.1
- SMB3: Validate negotiate request must always be signed
- assoc_array: Fix a buggy node-splitting case (CVE-2017-12193)
- [s390x] scsi: zfcp: fix erp_action use-before-initialize in REC action
trace
- scsi: aacraid: Fix controller initialization failure
- scsi: qla2xxx: Initialize Work element before requesting IRQs
- scsi: sg: Re-fix off by one in sg_fill_request_table()
- [x86] cpu/AMD: Apply the Erratum 688 fix when the BIOS doesn't
- [x86] drm/amd/powerplay: fix uninitialized variable
- [x86] drm/i915/perf: fix perf enable/disable ioctls with 32bits
userspace
- [armhf] can: sun4i: fix loopback mode
- can: kvaser_usb: Correct return value in printout
- can: kvaser_usb: Ignore CMD_FLUSH_QUEUE_REPLY messages
- cfg80211: fix connect/disconnect edge cases
- ipsec: Fix aborted xfrm policy dump crash
- [armhf] regulator: fan53555: fix I2C device ids (Closes: #879768)
- [powerpc*] xive: Fix the size of the cpumask used in
xive_find_target_in_mask()
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.13.12
- ALSA: timer: Add missing mutex lock for compat ioctls
- ALSA: seq: Fix nested rwsem annotation for lockdep splat
- cifs: check MaxPathNameComponentLength != 0 before using it
(Closes: #880504)
- KEYS: return full count in keyring_read() if buffer is too small
- KEYS: trusted: fix writing past end of buffer in trusted_read()
- KEYS: fix out-of-bounds read during ASN.1 parsing
- ASoC: adau17x1: Workaround for noise bug in ADC
- virtio_blk: Fix an SG_IO regression
- [arm64] ensure __dump_instr() checks addr_limit
- [arm64] KVM: its: Fix missing dynamic allocation check in scan_its_table
- [armhf, arm64] KVM: set right LR register value for 32 bit guest when
inject abort
- [armhf,arm64] kvm: Disable branch profiling in HYP code
- [armhf] dts: mvebu: pl310-cache disable double-linefill
- drm/amdgpu: return -ENOENT from uvd 6.0 early init for harvesting
- drm/amdgpu: allow harvesting check for Polaris VCE
- userfaultfd: hugetlbfs: prevent UFFDIO_COPY to fill beyond the end of
i_size
- ocfs2: fstrim: Fix start offset of first cluster group during fstrim
- fs/hugetlbfs/inode.c: fix hwpoison reserve accounting
- mm, swap: fix race between swap count continuation operations
- [x86] drm/i915: Do not rely on wm preservation for ILK watermarks
- [x86] drm/i915/edp: read edp display control registers unconditionally
- [mips*] bpf: Fix a typo in build_one_insn()
- [mips*] smp-cmp: Use right include for task_struct
- [mips*] SMP: Fix deadlock & online race
- Revert "x86: do not use cpufreq_quick_get() for /proc/cpuinfo "cpu MHz""
- [powerpc*] kprobes: Dereference function pointers only if the address
does not belong to kernel text
- futex: Fix more put_pi_state() vs. exit_pi_state_list() races
- perf/cgroup: Fix perf cgroup hierarchy support
- [x86] mcelog: Get rid of RCU remnants
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.13.13
- netfilter: nat: Revert "netfilter: nat: convert nat bysrc hash to
rhashtable"
- netfilter: nft_set_hash: disable fast_ops for 2-len keys (Closes: #880145)
- workqueue: Fix NULL pointer dereference
- crypto: ccm - preserve the IV buffer
- [x86] crypto: sha1-mb - fix panic due to unaligned access
- [x86] crypto: sha256-mb - fix panic due to unaligned access
- KEYS: fix NULL pointer dereference during ASN.1 parsing [ver #2]
- [x86] ACPI / PM: Blacklist Low Power S0 Idle _DSM for Dell XPS13 9360
- ACPICA: Dispatch active GPEs at init time
- ACPICA: Make it possible to enable runtime GPEs earlier
- ACPI / scan: Enable GPEs before scanning the namespace
- [armel,armhf] 8720/1: ensure dump_instr() checks addr_limit
- ALSA: timer: Limit max instances per timer
- ALSA: usb-audio: support new Amanero Combo384 firmware version
- [x86] ALSA: hda - fix headset mic problem for Dell machines with alc274
- ALSA: seq: Fix OSS sysex delivery in OSS emulation
- ALSA: seq: Avoid invalid lockdep class warning
- [mips*] Fix CM region target definitions
- [powerpc*] KVM: Book3S HV: Fix exclusion between HPT resizing and other
HPT updates
- Input: elan_i2c - add ELAN060C to the ACPI table
- rbd: use GFP_NOIO for parent stat and data requests
- [x86] drm/vmwgfx: Fix Ubuntu 17.10 Wayland black screen issue
- [armhf] can: sun4i: handle overrun in RX FIFO
- can: peak: Add support for new PCIe/M2 CAN FD interfaces
- [x86] debug: Handle warnings before the notifier chain, to fix KGDB crash
- [x86] smpboot: Make optimization of delay calibration work correctly
- [x86] oprofile/ppro: Do not use __this_cpu*() in preemptible context
[ Salvatore Bonaccorso ]
* mac80211: accept key reinstall without changing anything (CVE-2017-13080)
* sctp: do not peel off an assoc from one netns to another one
(CVE-2017-15115)
[ Ben Hutchings ]
* linux-image: Recommend apparmor, as systemd units with an AppArmor
profile will fail without it (Closes: #880441)
* [powerpc*] kvm: Ignore ABI change in 4.13.6 (fixes FTBFS)
* swap: Avoid ABI change in 4.13.12
* mac80211: use constant time comparison with keys
* mac80211: don't compare TKIP TX MIC key in reinstall prevention
* usb: usbtest: fix NULL pointer dereference (CVE-2017-16532)
* media: cx231xx-cards: fix NULL-deref on missing association descriptor
(CVE-2017-16536)
* media: imon: Fix null-ptr-deref in imon_probe (CVE-2017-16537)
* media: dib0700: fix invalid dvb_detach argument (CVE-2017-16646)
* net: usb: asix: fill null-ptr-deref in asix_suspend (CVE-2017-16647)
* net: cdc_ether: fix divide by 0 on bad descriptors (CVE-2017-16649)
* net: qmi_wwan: fix divide by 0 on bad descriptors (CVE-2017-16650)
* nftables: Enable NFT_RT, NFT_SET_BITMAP, NFT_OBJREF as modules
(Closes: #881931)
* [powerpc*/*64*] drm: Enable DRM_AMDGPU as module (Closes: #881593)
* amdgpu: Enable DRM_AMDGPU_USERPTR on all architectures
* amdgpu: Enable DRM_AMDGPU_SI, CONFIG_DRM_AMDGPU_CIK (Closes: #847570)
* [arm64,x86] net/wireless: Enable RTL8723BS as module (Closes: #881568)
* [arm64] nvmem: Enable NVMEM_SUNXI_SID as module (Closes: #881567)
* [x86] rmi4: Disable RMI4_SMB (Closes: #880471)
* ALSA: timer: Avoid ABI change in 4.13.13
* netfilter: nat: Avoid ABI change in 4.13.13
-- Ben Hutchings <email address hidden> Thu, 16 Nov 2017 21:04:10 +0000
-
linux (4.13.10-1) unstable; urgency=medium
* New upstream stable update:
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.13.5
- cifs: check rsp for NULL before dereferencing in SMB2_open
- cifs: release cifs root_cred after exit_cifs
- cifs: release auth_key.response for reconnect.
- nvme-pci: fix host memory buffer allocation fallback
- nvme-pci: use appropriate initial chunk size for HMB allocation
- nvme-pci: propagate (some) errors from host memory buffer setup
- dax: remove the pmem_dax_ops->flush abstraction
- dm integrity: do not check integrity for failed read operations
- mmc: block: Fix incorrectly initialized requests
- fs/proc: Report eip/esp in /prod/PID/stat for coredumping
- scsi: scsi_transport_fc: fix NULL pointer dereference in
fc_bsg_job_timeout
- cifs: SMB3: Add support for multidialect negotiate (SMB2.1 and later)
- mac80211: fix VLAN handling with TXQs
- mac80211_hwsim: Use proper TX power
- mac80211: flush hw_roc_start work before cancelling the ROC
- genirq: Make sparse_irq_lock protect what it should protect
- genirq/msi: Fix populating multiple interrupts
- genirq: Fix cpumask check in __irq_startup_managed()
- [powerpc*] KVM: Book3S HV: Hold kvm->lock around call to
kvmppc_update_lpcr
- [powerpc*] KVM: Book3S HV: Fix bug causing host SLB to be restored
incorrectly
- [powerpc*] KVM: PPC: Book3S HV: Don't access XIVE PIPR register using
byte accesses
- tracing: Fix trace_pipe behavior for instance traces
- tracing: Erase irqsoff trace with empty write
- tracing: Remove RCU work arounds from stack tracer
- md/raid5: fix a race condition in stripe batch
- md/raid5: preserve STRIPE_ON_UNPLUG_LIST in break_stripe_batch_list
- scsi: aacraid: Fix 2T+ drives on SmartIOC-2000
- scsi: aacraid: Add a small delay after IOP reset
- [armhf] drm/exynos: Fix locking in the suspend/resume paths
- [x86] drm/i915/gvt: Fix incorrect PCI BARs reporting
- Revert "drm/i915/bxt: Disable device ready before shutdown command"
- drm/amdgpu: revert tile table update for oland
- drm/radeon: disable hard reset in hibernate for APUs
- crypto: drbg - fix freeing of resources
- security/keys: properly zero out sensitive key material in big_key
- security/keys: rewrite all of big_key crypto
- KEYS: fix writing past end of user-supplied buffer in keyring_read()
- KEYS: prevent creating a different user's keyrings
- [x86] libnvdimm, namespace: fix btt claim class crash
- [powerpc*] eeh: Create PHB PEs after EEH is initialized
- [powerpc*] pseries: Fix parent_dn reference leak in add_dt_node()
- [powerpc*] tm: Flush TM only if CPU has TM feature
- [mips*] Fix perf event init
- [s390x] perf: fix bug when creating per-thread event
- [s390x] mm: make pmdp_invalidate() do invalidation only
- [s390x] mm: fix write access check in gup_huge_pmd()
- PM: core: Fix device_pm_check_callbacks()
- Revert "IB/ipoib: Update broadcast object if PKey value was changed in
index 0"
- cifs: Fix SMB3.1.1 guest authentication to Samba
- cifs: SMB3: Fix endian warning
- cifs: SMB3: Warn user if trying to sign connection that authenticated as
guest
- cifs: SMB: Validate negotiate (to protect against downgrade) even if
signing off
- cifs: SMB3: handle new statx fields
- cifs: SMB3: Don't ignore O_SYNC/O_DSYNC and O_DIRECT flags
- vfs: Return -ENXIO for negative SEEK_HOLE / SEEK_DATA offsets
- libceph: don't allow bidirectional swap of pg-upmap-items
- brd: fix overflow in __brd_direct_access
- gfs2: Fix debugfs glocks dump
- bsg-lib: don't free job in bsg_prepare_job
- iw_cxgb4: drop listen destroy replies if no ep found
- iw_cxgb4: remove the stid on listen create failure
- iw_cxgb4: put ep reference in pass_accept_req()
- rcu: Allow for page faults in NMI handlers
- mmc: sdhci-pci: Fix voltage switch for some Intel host controllers
- extable: Consolidate *kernel_text_address() functions
- extable: Enable RCU if it is not watching in kernel_text_address()
- seccomp: fix the usage of get/put_seccomp_filter() in seccomp_get_filter()
- [arm64] Make sure SPsel is always set
- [arm64] mm: Use READ_ONCE when dereferencing pointer to pte table
- [arm64] fault: Route pte translation faults via do_translation_fault
- [x86] KVM: VMX: extract __pi_post_block
- [x86] KVM: VMX: avoid double list add with VT-d posted interrupts
- [x86] KVM: VMX: simplify and fix vmx_vcpu_pi_load
- [x86] KVM: nVMX: fix HOST_CR3/HOST_CR4 cache
- [x86] kvm: Handle async PF in RCU read-side critical sections
- xfs: validate bdev support for DAX inode flag
- sched/sysctl: Check user input value of sysctl_sched_time_avg
- irq/generic-chip: Don't replace domain's name
- mtd: Fix partition alignment check on multi-erasesize devices
- [armhf] etnaviv: fix submit error path
- [armhf] etnaviv: fix gem object list corruption
- futex: Fix pi_state->owner serialization
- md: fix a race condition for flush request handling
- md: separate request handling
- PCI: Fix race condition with driver_override
- btrfs: fix NULL pointer dereference from free_reloc_roots()
- btrfs: clear ordered flag on cleaning up ordered extents
- btrfs: finish ordered extent cleaning if no progress is found
- btrfs: propagate error to btrfs_cmp_data_prepare caller
- btrfs: prevent to set invalid default subvolid
- [x86] platform: fujitsu-laptop: Don't oops when FUJ02E3 is not presnt
- PM / OPP: Call notifier without holding opp_table->lock
- [x86] mm: Fix fault error path using unsafe vma pointer
- [x86] fpu: Don't let userspace set bogus xcomp_bv (CVE-2017-15537)
- [x86] KVM: VMX: do not change SN bit in vmx_update_pi_irte()
- [x86] KVM: VMX: remove WARN_ON_ONCE in kvm_vcpu_trigger_posted_interrupt
- [x86] KVM: VMX: use cmpxchg64
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.13.6
- [armhf,arm64] usb: dwc3: ep0: fix DMA starvation by assigning req->trb on
ep0
- mlxsw: spectrum: Fix EEPROM access in case of SFP/SFP+
- net: bonding: Fix transmit load balancing in balance-alb mode if
specified by sysfs
- openvswitch: Fix an error handling path in
'ovs_nla_init_match_and_action()'
- net: bonding: fix tlb_dynamic_lb default value
- net_sched: gen_estimator: fix scaling error in bytes/packets samples
- net: sched: fix use-after-free in tcf_action_destroy and tcf_del_walker
- sctp: potential read out of bounds in sctp_ulpevent_type_enabled()
- tcp: update skb->skb_mstamp more carefully
- bpf/verifier: reject BPF_ALU64|BPF_END
- tcp: fix data delivery rate
- udpv6: Fix the checksum computation when HW checksum does not apply
- ip6_gre: skb_push ipv6hdr before packing the header in ip6gre_header
- net: phy: Fix mask value write on gmii2rgmii converter speed register
- ip6_tunnel: do not allow loading ip6_tunnel if ipv6 is disabled in cmdline
- net/sched: cls_matchall: fix crash when used with classful qdisc
- 8139too: revisit napi_complete_done() usage
- bpf: do not disable/enable BH in bpf_map_free_id()
- tcp: fastopen: fix on syn-data transmit failure
- [powerpc*] net: emac: Fix napi poll list corruption
- net: ipv6: fix regression of no RTM_DELADDR sent after DAD failure
- packet: hold bind lock when rebinding to fanout hook (CVE-2017-15649)
- net: change skb->mac_header when Generic XDP calls adjust_head
- net_sched: always reset qdisc backlog in qdisc_reset()
- [armhf,arm64] net: stmmac: Cocci spatch "of_table"
- [arm64] net: qcom/emac: specify the correct size when mapping a DMA buffer
- vti: fix use after free in vti_tunnel_xmit/vti6_tnl_xmit
- l2tp: fix race condition in l2tp_tunnel_delete
- tun: bail out from tun_get_user() if the skb is empty
- [armhf,arm64] net: dsa: mv88e6xxx: Allow dsa and cpu ports in multiple
vlans
- [armhf,arm64] net: dsa: Fix network device registration order
- packet: in packet_do_bind, test fanout with bind_lock held (CVE-2017-15649)
- packet: only test po->has_vnet_hdr once in packet_snd
- [armhf,arm64] net: dsa: mv88e6xxx: lock mutex when freeing IRQs
- net: Set sk_prot_creator when cloning sockets to the right proto
- net/mlx5e: IPoIB, Fix access to invalid memory address
- netlink: do not proceed if dump's start() errs
- ip6_gre: ip6gre_tap device should keep dst
- ip6_tunnel: update mtu properly for ARPHRD_ETHER tunnel device in tx path
- IPv4: early demux can return an error code
- tipc: use only positive error codes in messages
- l2tp: fix l2tp_eth module loading
- socket, bpf: fix possible use after free
- net: rtnetlink: fix info leak in RTM_GETSTATS call
- [amd64] bpf: fix bpf_tail_call() x64 JIT
- usb: gadget: core: fix ->udc_set_speed() logic
- USB: gadgetfs: Fix crash caused by inadequate synchronization
- USB: gadgetfs: fix copy_to_user while holding spinlock
- usb: gadget: udc: atmel: set vbus irqflags explicitly
- usb-storage: unusual_devs entry to fix write-access regression for
Seagate external drives
- usb-storage: fix bogus hardware error messages for ATA pass-thru devices
- ALSA: usb-audio: Check out-of-bounds access by corrupted buffer descriptor
- usb: pci-quirks.c: Corrected timeout values used in handshake
- USB: cdc-wdm: ignore -EPIPE from GetEncapsulatedResponse
- USB: dummy-hcd: fix connection failures (wrong speed)
- USB: dummy-hcd: fix infinite-loop resubmission bug
- USB: dummy-hcd: Fix erroneous synchronization change
- USB: devio: Prevent integer overflow in proc_do_submiturb()
- USB: g_mass_storage: Fix deadlock when driver is unbound
- USB: uas: fix bug in handling of alternate settings
- USB: core: harden cdc_parse_cdc_header
- usb: Increase quirk delay for USB devices
- USB: fix out-of-bounds in usb_set_configuration
- usb: xhci: Free the right ring in xhci_add_endpoint()
- xhci: fix finding correct bus_state structure for USB 3.1 hosts
- xhci: fix wrong endpoint ESIT value shown in tracing
- usb: host: xhci-plat: allow sysdev to inherit from ACPI
- xhci: Fix sleeping with spin_lock_irq() held in ASmedia 1042A workaround
- xhci: set missing SuperSpeedPlus Link Protocol bit in roothub descriptor
- [x86] Revert "xhci: Limit USB2 port wake support for AMD Promontory hosts"
- [armhf] iio: adc: twl4030: Fix an error handling path in
'twl4030_madc_probe()'
- [armhf] iio: adc: twl4030: Disable the vusb3v1 rugulator in the error
handling path of 'twl4030_madc_probe()'
- iio: core: Return error for failed read_reg
- uwb: properly check kthread_run return value
- uwb: ensure that endpoint is interrupt
- ksm: fix unlocked iteration over vmas in cmp_and_merge_page()
- mm, hugetlb, soft_offline: save compound page order before page migration
- mm, oom_reaper: skip mm structs with mmu notifiers
- mm: fix RODATA_TEST failure "rodata_test: test data was not read only"
- mm: avoid marking swap cached page as lazyfree
- mm: fix data corruption caused by lazyfree page
- userfaultfd: non-cooperative: fix fork use after free
- ALSA: compress: Remove unused variable
- Revert "ALSA: echoaudio: purge contradictions between dimension matrix
members and total number of members"
- ALSA: usx2y: Suppress kernel warning at page allocation failures
- [powerpc*] powernv: Increase memory block size to 1GB on radix
- [powerpc*] Fix action argument for cpufeatures-based TLB flush
- percpu: make this_cpu_generic_read() atomic w.r.t. interrupts
- [x86] intel_th: pci: Add Lewisburg PCH support
- driver core: platform: Don't read past the end of "driver_override" buffer
- cgroup: Reinit cgroup_taskset structure before cgroup_migrate_execute()
returns
- [x86] Drivers: hv: fcopy: restore correct transfer length
- [x86] vmbus: don't acquire the mutex in vmbus_hvsock_device_unregister()
- ftrace: Fix kmemleak in unregister_ftrace_graph
- ovl: fix error value printed in ovl_lookup_index()
- ovl: fix dput() of ERR_PTR in ovl_cleanup_index()
- ovl: fix dentry leak in ovl_indexdir_cleanup()
- ovl: fix missing unlock_rename() in ovl_do_copy_up()
- ovl: fix regression caused by exclusive upper/work dir protection
- [arm64] dt marvell: Fix AP806 system controller size
- [arm64] Ensure the instruction emulation is ready for userspace
- HID: rmi: Make sure the HID device is opened on resume
- HID: i2c-hid: allocate hid buffers for real worst case
- HID: wacom: leds: Don't try to control the EKR's read-only LEDs
- HID: wacom: Properly report negative values from Intuos Pro 2 Bluetooth
- HID: wacom: Correct coordinate system of touchring and pen twist
- HID: wacom: generic: Send MSC_SERIAL and ABS_MISC when leaving prox
- HID: wacom: generic: Clear ABS_MISC when tool leaves proximity
- HID: wacom: Always increment hdev refcount within wacom_get_hdev_data
- HID: wacom: bits shifted too much for 9th and 10th buttons
- btrfs: avoid overflow when sector_t is 32 bit
- Btrfs: fix overlap of fs_info::flags values
- dm crypt: reject sector_size feature if device length is not aligned to it
- dm ioctl: fix alignment of event number in the device list
- dm crypt: fix memory leak in crypt_ctr_cipher_old()
- [powerpc*] KVM: Book3S: Fix server always zero from kvmppc_xive_get_xive()
- [x86] kvm: Avoid async PF preempting the kernel incorrectly
- iwlwifi: mvm: use IWL_HCMD_NOCOPY for MCAST_FILTER_CMD
- scsi: sd: Implement blacklist option for WRITE SAME w/ UNMAP
- scsi: sd: Do not override max_sectors_kb sysfs setting
- brcmfmac: setup passive scan if requested by user-space
- [x86] drm/i915: always update ELD connector type after get modes
- [x86] drm/i915/bios: ignore HDMI on port A
- bsg-lib: fix use-after-free under memory-pressure
- nvme-pci: Use PCI bus address for data/queues in CMB
- mmc: core: add driver strength selection when selecting hs400es
- nl80211: Define policy for packet pattern attributes
- [armhf] clk: samsung: exynos4: Enable VPLL and EPLL clocks for
suspend/resume cycle
- udp: perform source validation for mcast early demux
- udp: fix bcast packet reception
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.13.7
- watchdog: Revert "iTCO_wdt: all versions count down twice"
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.13.8
- USB: dummy-hcd: Fix deadlock caused by disconnect detection
- [mips*] math-emu: Remove pr_err() calls from fpu_emu()
- [mips*] bpf: Fix uninitialised target compiler error
- [x86] mei: always use domain runtime pm callbacks.
- [armhf] dmaengine: edma: Align the memcpy acnt array size with the
transfer
- [armhf] dmaengine: ti-dma-crossbar: Fix possible race condition with
dma_inuse
- NFS: Fix uninitialized rpc_wait_queue
- nfs/filelayout: fix oops when freeing filelayout segment
- HID: usbhid: fix out-of-bounds bug
- crypto: skcipher - Fix crash on zero-length input
- crypto: shash - Fix zero-length shash ahash digest crash
- [x86] KVM: nVMX: fix guest CR4 loading when emulating L2 to L1 exit
- [x86] pinctrl/amd: Fix build dependency on pinmux code
- [x86] iommu/amd: Finish TLB flush in amd_iommu_unmap()
- device property: Track owner device of device property
- Revert "vmalloc: back off when the current task is killed"
- fs/mpage.c: fix mpage_writepage() for pages with buffers
- ALSA: usb-audio: Kill stray URB at exiting
- ALSA: seq: Fix copy_from_user() call inside lock
- ALSA: caiaq: Fix stray URB at probe error path
- ALSA: line6: Fix NULL dereference at podhd_disconnect()
- ALSA: line6: Fix missing initialization before error path
- ALSA: line6: Fix leftover URB at error-path during probe
- drm/atomic: Unref duplicated drm_atomic_state in
drm_atomic_helper_resume()
- [x86] drm/i915/edp: Get the Panel Power Off timestamp after panel is off
- [x86] drm/i915: Read timings from the correct transcoder in
intel_crtc_mode_get()
- [x86] drm/i915/bios: parse DDI ports also for CHV for HDMI DDC pin and DP
AUX channel
- [x86] drm/i915: Use crtc_state_is_legacy_gamma in intel_color_check
- usb: gadget: configfs: Fix memory leak of interface directory data
- usb: gadget: composite: Fix use-after-free in
usb_composite_overwrite_options
- [arm64] PCI: aardvark: Move to struct pci_host_bridge IRQ mapping
functions
- [armhf,armhf] Revert "PCI: tegra: Do not allocate MSI target memory"
- direct-io: Prevent NULL pointer access in submit_page_section
- fix unbalanced page refcounting in bio_map_user_iov (CVE-2017-12190)
- more bio_map_user_iov() leak fixes
- bio_copy_user_iov(): don't ignore ->iov_offset
- perf script: Add missing separator for "-F ip,brstack" (and brstackoff)
- genirq/cpuhotplug: Enforce affinity setting on startup of managed irqs
- genirq/cpuhotplug: Add sanity check for effective affinity mask
- USB: serial: cp210x: fix partnum regression
- USB: serial: console: fix use-after-free on disconnect
- USB: serial: console: fix use-after-free after failed setup
- RAS/CEC: Use the right length for "cec_disable"
- [x86] alternatives: Fix alt_max_short macro to really be a max()
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.13.9
- [x86] apic: Silence "FW_BUG TSC_DEADLINE disabled due to Errata" on CPUs
without the feature
- [x86] apic: Silence "FW_BUG TSC_DEADLINE disabled due to Errata" on
hypervisors
- [armhf,arm64] perf pmu: Unbreak perf record for arm/arm64 with events
with explicit PMU
- mm: page_vma_mapped: ensure pmd is loaded with READ_ONCE outside of lock
- HID: hid-elecom: extend to fix descriptor for HUGE trackball
- [x86] Drivers: hv: vmbus: Fix rescind handling issues
- [x86] Drivers: hv: vmbus: Fix bugs in rescind handling
- [x86] vmbus: simplify hv_ringbuffer_read
- [x86] vmbus: refactor hv_signal_on_read
- [x86] vmbus: eliminate duplicate cached index
- [x86] vmbus: more host signalling avoidance
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.13.10
- USB: core: fix out-of-bounds access bug in usb_get_bos_descriptor()
- usb: hub: Allow reset retry for USB2 devices on connect bounce
- ALSA: usb-audio: Add native DSD support for Pro-Ject Pre Box S2 Digital
- can: gs_usb: fix busy loop if no more TX context is available
- scsi: qla2xxx: Fix uninitialized work element
- nbd: don't set the device size until we're connected
- [s390x] cputime: fix guest/irq/softirq times after CPU hotplug
- [hppa/parisc] Fix double-word compare and exchange in LWS code on 32-bit
kernels
- [hppa] Fix detection of nonsynchronous cr16 cycle counters
- iio: dummy: events: Add missing break
- [armhf] usb: musb: sunxi: Explicitly release USB PHY on exit
- [armhf] USB: musb: fix session-bit runtime-PM quirk
- [armhf] USB: musb: fix late external abort on suspend
- [armhf] usb: musb: musb_cppi41: Fix the address of teardown and autoreq
registers
- [armhf] usb: musb: musb_cppi41: Fix cppi41_set_dma_mode() for DA8xx
- [armhf] usb: musb: musb_cppi41: Configure the number of channels for DA8xx
- [armhf] usb: musb: Check for host-mode using is_host_active() on reset
interrupt
- xhci: Identify USB 3.1 capable hosts by their port protocol capability
- xhci: Cleanup current_cmd in xhci_cleanup_command_queue()
- usb: xhci: Reset halted endpoint if trb is noop
- usb: xhci: Handle error condition in xhci_stop_device()
- can: esd_usb2: Fix can_dlc value for received RTR, frames
- can: af_can: can_pernet_init(): add missing error handling for kzalloc
returning NULL
- KEYS: encrypted: fix dereference of NULL user_key_payload
- mmc: sdhci-pci: Fix default d3_retune for Intel host controllers
- [x86] drm/i915: Use bdw_ddi_translations_fdi for Broadwell
- drm/nouveau/kms/nv50: fix oops during DP IRQ handling on non-MST boards
- drm/nouveau/bsp/g92: disable by default
- drm/nouveau/mmu: flush tlbs before deleting page tables
- media: cec: Respond to unregistered initiators, when applicable
- media: dvb: i2c transfers over usb cannot be done from stack
- ALSA: seq: Enable 'use' locking in all configurations
- ALSA: hda: Remove superfluous '-' added by printk conversion
- ALSA: hda: Abort capability probe at invalid register read
- [x86] i2c: ismt: Separate I2C block read from SMBus block read
- [x86] i2c: piix4: Fix SMBus port selection for AMD Family 17h chips
- Revert "tools/power turbostat: stop migrating, unless '-m'"
- brcmfmac: Add check for short event packets
- brcmsmac: make some local variables 'static const' to reduce stack size
- [armhf] dts: sun6i: Fix endpoint IDs in second display pipeline
- [i386] clockevents/drivers/cs5535: Improve resilience to spurious
interrupts
- rtlwifi: rtl8821ae: Fix connection lost problem
- [x86] microcode/intel: Disable late loading on model 79
- lib/digsig: fix dereference of NULL user_key_payload
- fscrypt: fix dereference of NULL user_key_payload
- ecryptfs: fix dereference of NULL user_key_payload
- KEYS: Fix race between updating and finding a negative key
(CVE-2017-15951)
- FS-Cache: fix dereference of NULL user_key_payload
- KEYS: don't let add_key() update an uninstantiated key (CVE-2017-15299)
- pkcs7: Prevent NULL pointer dereference, since sinfo is not always set.
- [arm64] dts: rockchip: correct vqmmc voltage for rk3399 platforms
- ALSA: hda - Fix incorrect TLV callback check introduced during set_fs()
removal
- iomap_dio_rw: Allocate AIO completion queue before submitting dio
- xfs: don't unconditionally clear the reflink flag on zero-block files
- xfs: evict CoW fork extents when performing finsert/fcollapse
- fs/xfs: Use %pS printk format for direct addresses
- xfs: report zeroed or not correctly in xfs_zero_range()
- xfs: update i_size after unwritten conversion in dio completion
- xfs: perag initialization should only touch m_ag_max_usable for AG 0
- xfs: Capture state of the right inode in xfs_iflush_done
- xfs: always swap the cow forks when swapping extents
- xfs: handle racy AIO in xfs_reflink_end_cow
- xfs: Don't log uninitialised fields in inode structures
- xfs: move more RT specific code under CONFIG_XFS_RT
- xfs: don't change inode mode if ACL update fails
- xfs: reinit btree pointer on attr tree inactivation walk
- xfs: handle error if xfs_btree_get_bufs fails
- xfs: cancel dirty pages on invalidation
- xfs: trim writepage mapping to within eof
- xfs: move two more RT specific functions into CONFIG_XFS_RT
[ Ben Hutchings ]
* [arm64] brcmfmac: Enable BRCMFMAC_SDIO (Closes: #877911)
* Update build dependencies on libbabeltrace[,-ctf}-dev
* linux-kbuild: Include scripts/ld-version.sh, needed for powerpc 64-bit
modules
* dax: Avoid most ABI changes in 4.13.5
* SCSI: Avoid ABI change in 4.13.6
* [x86] kvm: Ignore ABI change in 4.13.6
* inet, l2tp, snd-seq, usb/gadget: Ignore ABI changes
* [armel,armhf] mbus: Ignore ABI change in 4.13.10
* Revert "bpf: one perf event close won't free bpf program attached ..."
to avoid an ABI change
* [armel] security: Enable SECURITY_APPARMOR and disable SECURITY_SELINUX
* security: Enable DEFAULT_SECURITY_APPARMOR
* mac80211: Avoid ABI change in 4.13.5
* [x86] rmi4: Enable RMI4_SMB as module (Closes: #875621)
* KEYS: Limit ABI change in 4.13.10
-- Ben Hutchings <email address hidden> Mon, 30 Oct 2017 15:32:11 +0000
-
linux (4.13.4-2) unstable; urgency=medium
[ Ben Hutchings ]
* [armhf,arm64] thermal: Enable BCM2835_THERMAL as module (Closes: #877699)
[ Salvatore Bonaccorso ]
* brcmfmac: add length check in brcmf_cfg80211_escan_handler()
(CVE-2017-0786)
* [powerpc*] Use emergency stack for kernel TM Bad Thing program
(CVE-2017-1000255)
* [powerpc*] Fix illegal TM state in signal handler
* mac80211: fix deadlock in driver-managed RX BA session start.
Thanks to Eric Côté (Closes: #878092)
* KEYS: prevent KEYCTL_READ on negative key (CVE-2017-12192)
* waitid(): Add missing access_ok() checks (CVE-2017-5123)
* ALSA: seq: Fix use-after-free at creating a port (CVE-2017-15265)
* [x86] KVM: nVMX: update last_nonleaf_level when initializing nested EPT
(CVE-2017-12188)
* [x86] KVM: MMU: always terminate page walks at level 1 (CVE-2017-12188)
-- Salvatore Bonaccorso <email address hidden> Sun, 15 Oct 2017 08:57:36 +0200
-
linux (4.13.4-1) unstable; urgency=medium
* New upstream stable update:
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.13.3
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.13.4
[ Ben Hutchings ]
* [armhf,arm64] mmc: Enable MMC_BCM2835 (Closes: #845422)
* [arm64ilp32] Build a linux-libc-dev package (Closes: #874536)
* [mips*r6*] Re-enable these architectures, now that dak knows about them
(Closes: #825024)
* [x86] Enable INTEL_CHT_INT33FE as module (Closes: #873164)
* [armhf] Enable AXP20X_ADC, CHARGER_AXP20X, BATTERY_AXP20X, GPIO_AXP209,
AXP288_CHARGER, AXP288_FUEL_GAUGE, EXTCON_AXP288, AXP288_ADC as modules
(Closes: #873038)
* thp: Enable TRANSPARENT_HUGEPAGE_ALWAYS instead of
TRANSPARENT_HUGEPAGE_MADVISE
* ALSA: Enable SND_OSSEMUL, a new dependency of SND_{MIXER,PCM}_OSS
* [armel] rtc: Disable RTC_NVMEM
* [x86] hyperv-daemons: Use pid file name in init script status operation
* Update policy version to 4.1.1:
- linux-doc: Build an empty package when the nodoc profile is used
- [x86] hyperv-daemons: Create pid files under /run, not /var/run
- Change all binary packages with priority: extra to priority: optional
- Install copyright file (and some other documentation) when the nodoc
profile is used
* debian/control: Move many build dependencies to Build-Depends-Arch field
* debian/control: Remove obsolete workarounds and alternate build deps
* usbip: Stop building broken libusbip-dev package
* Rename lintian-overrides template files to be consistent
* linux-image-dbg: Override lintian errors binary-from-other-architecture and
shlib-without-PT_GNU_STACK-section for vDSOs
* [armhf] dts: exynos: Add dwc3 SUSPHY quirk (Closes: #843448)
* liblockdep: Make missing function declarations fatal errors, to catch use
of missing kernel APIs
* liblockdep: Define pr_cont()
* Set ABI to 1
[ Uwe Kleine-König ]
* [arm64] really enable NET_DSA_MV88E6XXX for Espressobin
[ John Paul Adrian Glaubitz ]
* [m68k] Enable CONFIG_PATA_FALCON as module.
[ Salvatore Bonaccorso ]
* fix infoleak in waitid(2) (CVE-2017-14954)
-- Ben Hutchings <email address hidden> Sun, 01 Oct 2017 15:52:09 +0100
-
linux (4.12.13-1) unstable; urgency=medium
* New upstream stable update:
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.12.13
- mtd: nand: make Samsung SLC NAND usable again
- mtd: nand: hynix: add support for 20nm NAND chips
- [armhf] mtd: nand: mxc: Fix mxc_v1 ooblayout
- nvme-fabrics: generate spec-compliant UUID NQNs
- btrfs: resume qgroup rescan on rw remount
- rtlwifi: btcoexist: Fix breakage of ant_sel for rtl8723be
- radix-tree: must check __radix_tree_preload() return value
- mm: kvfree the swap cluster info if the swap file is unsatisfactory
- mm/swapfile.c: fix swapon frontswap_map memory leak on error
- mm/memory.c: fix mem_cgroup_oom_disable() call missing
- [i386] ALSA: msnd: Optimize / harden DSP and MIDI loops
- [x86] KVM: SVM: Limit PFERR_NESTED_GUEST_PAGE error_code check to L1 guest
- rt2800: fix TX_PIN_CFG setting for non MT7620 chips
- Bluetooth: Properly check L2CAP config option output buffer length
(CVE-2017-1000251) (Closes: #875881)
- [arm64] dts: marvell: armada-37xx: Fix GIC maintenance interrupt
- [armel,armhf] 8692/1: mm: abort uaccess retries upon fatal signal
- NFS: Fix 2 use after free issues in the I/O code
- NFS: Sync the correct byte range during synchronous writes
- NFSv4: Fix up mirror allocation
- xfs: XFS_IS_REALTIME_INODE() should be false if no rt device present
(CVE-2017-14340)
[ Salvatore Bonaccorso ]
* sctp: Avoid out-of-bounds reads from address storage (CVE-2017-7558)
* scsi: qla2xxx: Fix an integer overflow in sysfs code (CVE-2017-14051)
* Add ABI reference for 4.12.0-2
[ Ben Hutchings ]
* nl80211: check for the required netlink attributes presence (CVE-2017-12153)
* [x86] kvm: nVMX: Don't allow L2 to access the hardware CR8 (CVE-2017-12154)
* video: fbdev: aty: do not leak uninitialized padding in clk to userspace
(CVE-2017-14156)
* scsi: fix the issue that iscsi_if_rx doesn't parse nlmsg properly
(CVE-2017-14489)
* packet: Don't write vnet header beyond end of buffer (CVE-2017-14497)
* [x86] KVM: VMX: Do not BUG() on out-of-bounds guest IRQ (CVE-2017-1000252)
* nfs: Ignore ABI change
-- Ben Hutchings <email address hidden> Tue, 19 Sep 2017 01:59:17 +0100
-
linux (4.12.12-2) unstable; urgency=medium
* debian/source/lintian-overrides: Override license-problem-gfdl-invariants
error triggered by a ReSTified copy of the GFDL
-- Ben Hutchings <email address hidden> Mon, 11 Sep 2017 04:35:28 +0100
-
linux (4.12.6-1) unstable; urgency=medium
* New upstream stable update:
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.12.3
- brcmfmac: fix possible buffer overflow in brcmf_cfg80211_mgmt_tx()
(CVE-2017-7541)
- [sparc64] Adding asm-prototypes.h for genksyms to generate crc
- [sparc64] sed regex in Makefile.build requires line break between
exported symbols
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.12.4
- f2fs: sanity check checkpoint segno and blkoff (CVE-2017-10663)
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.12.5
- dentry name snapshots (CVE-2017-7533)
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.12.6
- saa7164: fix double fetch PCIe access condition (CVE-2017-8831)
- ipv6: avoid overflow of offset in ip6_find_1stfragopt (CVE-2017-7542)
[ Ben Hutchings ]
* media: Enable USB_RAINSHADOW_CEC as module (see #868511)
* Clean up symbol version fixes for symbols exported from asm
(fixes FTBFS on sparc64):
- [alpha] Un-revert "alpha: move exports to actual definitions"
- [alpha] Restore symbol versions for symbols exported from assembly
- [m68k] Un-revert "m68k: move exports to definitions"
- [sparc64] Un-revert "sparc: move exports to definitions"
* [mips*/octeon] Fix broken EDAC driver (fixes FTBFS)
* [armhf] Revert "gpu: host1x: Add IOMMU support"
* [armhf] udeb: Replace imx-ipuv3-crtc with imxdrm in fb-modules
* [i386] perf tools: Fix unwind build (fixes FTBFS)
* debian/control: Fix version in dependencies on arch-independent
linux-headers-*-common* (Closes: #869511)
* xfrm: policy: check policy direction value (CVE-2017-11600)
* rtlwifi: Fix memory leak when firmware request fails
* rtlwifi: Fix fallback firmware loading (Closes: #869084)
* [arm64] video: Enable FRAMEBUFFER_CONSOLE (Closes: #870071)
* integrity: Enable INTEGRITY_SIGNATURE, INTEGRITY_ASYMMETRIC_KEYS
(Closes: #869565)
* [x86] sound: Enable SND_X86; enable HDMI_LPE_AUDIO as module
(Closes: #869372)
* blk-mq: Change MQ_IOSCHED_KYBER from built-in to module
* blk-mq: Enable IOSCHED_BFQ as module (Closes: #869028); enable
BFQ_GROUP_IOSCHED
* bfq: Enable auto-loading when built as a module
* netfilter: Enable NFT_FIB_IPV4, NFT_FIB_IPV6, NFT_FIB_INET as modules
(Closes: #868803)
* [amd64,arm64] mm: Revert x86_64 and arm64 ELF_ET_DYN_BASE base
(Closes: #869090)
[ Salvatore Bonaccorso ]
* packet: fix tp_reserve race in packet_set_ring (CVE-2017-1000111)
* udp: consistently apply ufo or fragmentation (CVE-2017-1000112)
* Set ABI to 1
[ Uwe Kleine-König ]
* [arm64] enable MMC_SDHCI_XENON and MVNETA for Espressobin and enable
respective device in its device tree (Closes: #871049)
[ Roger Shimizu ]
* [armel] Change NAND related stuff to modules (fixes FTBFS)
-- Ben Hutchings <email address hidden> Sat, 12 Aug 2017 23:09:26 +0100
-
linux (4.11.11-1) unstable; urgency=medium
* New upstream stable update:
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.11.7
- fs: pass on flags in compat_writev
- configfs: Fix race between create_link and configfs_rmdir
- can: gs_usb: fix memory leak in gs_cmd_reset()
- ila_xlat: add missing hash secret initialization
- cpufreq: conservative: Allow down_threshold to take values from 1 to 10
- vb2: Fix an off by one error in 'vb2_plane_vaddr'
- cec: race fix: don't return -ENONET in cec_receive()
- selinux: fix double free in selinux_parse_opts_str()
- mac80211: don't look at the PM bit of BAR frames
- mac80211/wpa: use constant time memory comparison for MACs
- [x86] drm/amdgpu: Fix overflow of watermark calcs at > 4k resolutions.
- [x86] drm/i915: Fix GVT-g PVINFO version compatibility check
- [x86] drm/i915: Fix scaling check for 90/270 degree plane rotation
- [x86] drm/i915: Do not sync RCU during shrinking
- mac80211: fix IBSS presp allocation size
- mac80211: strictly check mesh address extension mode
- mac80211: fix dropped counter in multiqueue RX
- mac80211: don't send SMPS action frame in AP mode when not needed
- [arm64, armhf] drm/vc4: Fix OOPSes from trying to cache a partially
constructed BO.
- serial: 8250_lpss: Unconditionally set PCI master for Quark
- [sh4] serial: sh-sci: Fix (AUTO)RTS in sci_init_pins()
- [sh4] serial: sh-sci: Fix late enablement of AUTORTS
- [x86] mm/32: Set the '__vmalloc_start_set' flag in initmem_init()
- [armhf] mfd: axp20x: Add support for dts property "xpowers,master-mode"
- [armhf] dt-bindings: mfd: axp20x: Add "xpowers,master-mode" property for
AXP806 PMICs
- [powerpc] mm: Add physical address to Linux page table dump
- staging: rtl8188eu: prevent an underflow in rtw_check_beacon_data()
- [armhf] iio: adc: ti_am335x_adc: allocating too much in probe
- [x86] ALSA: hda: Add Geminilake id to SKL_PLUS
- ALSA: usb-audio: fix Amanero Combo384 quirk on big-endian hosts
- USB: hub: fix SS max number of ports
- usb: core: fix potential memory leak in error path during hcd creation
- [x86] USB: usbip: fix nonconforming hub descriptor
- [arm64, armhf] usb: dwc3: gadget: Fix ISO transfer performance
- pvrusb2: reduce stack usage pvr2_eeprom_analyze()
- USB: gadget: dummy_hcd: fix hub-descriptor removable fields
- coda: restore original firmware locations
- usb: xhci: Fix USB 3.1 supported protocol parsing
- usb: xhci: ASMedia ASM1042A chipset need shorts TX quirk
- USB: gadget: fix GPF in gadgetfs
- USB: gadgetfs, dummy-hcd, net2280: fix locking for callbacks
- mm/memory-failure.c: use compound_head() flags for huge pages
- swap: cond_resched in swap_cgroup_prepare()
- mm: numa: avoid waiting on freed migrated pages
- userfaultfd: shmem: handle coredumping in handle_userfault()
- sched/core: Idle_task_exit() shouldn't use switch_mm_irqs_off()
- genirq: Release resources in __setup_irq() error path
- alarmtimer: Prevent overflow of relative timers
- alarmtimer: Rate limit periodic intervals
- virtio_balloon: disable VIOMMU support
- [mips*] Fix bnezc/jialc return address calculation
- [mips*] .its targets depend on vmlinux
- [sparc*] crypto: Work around deallocated stack frame reference gcc bug
on sparc.
- [armhf] dts: am335x-sl50: Fix card detect pin for mmc1
- [armhf] dts: am335x-sl50: Fix cannot claim requested pins for spi0
- mm: larger stack guard gap, between vmas
- Allow stack to grow up to address space limit
- mm: fix new crash in unmapped_area_topdown()
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.11.8
- [armhf] clk: sunxi-ng: a31: Correct lcd1-ch1 clock register offset
- [armhf] clk: sunxi-ng: v3s: Fix usb otg device reset bit
- [armhf] clk: sunxi-ng: sun5i: Fix ahb_bist_clk definition
- xen/blkback: fix disconnect while I/Os in flight
- xen-blkback: don't leak stack data via response ring (XSA-216,
CVE-2017-10911)
- ALSA: firewire-lib: Fix stall of process context at packet error
- ALSA: pcm: Don't treat NULL chmap as a fatal error
- ALSA: hda - Add Coffelake PCI ID
- ALSA: hda - Apply quirks to Broxton-T, too
- fs/exec.c: account for argv/envp pointers (CVE-2017-1000365)
- [powerpc] perf: Fix oops when kthread execs user process
- autofs: sanity check status reported with AUTOFS_DEV_IOCTL_FAIL
- fs/dax.c: fix inefficiency in dax_writeback_mapping_range()
- lib/cmdline.c: fix get_options() overflow while parsing ranges
- [x86] perf/x86/intel: Add 1G DTLB load/store miss support for SKL
- perf probe: Fix probe definition for inlined functions
- [x86] KVM: fix singlestepping over syscall (CVE-2017-7518)
- [s390x] KVM gaccess: fix real-space designation asce handling for gmap
shadows
- [powerpc*] KVM: Book3S HV: Cope with host using large decrementer mode
- [powerpc*] KVM: Book3S HV: Preserve userspace HTM state properly
- [powerpc*] KVM: Book3S HV: Ignore timebase offset on POWER9 DD1
- [powerpc*] KVM: Book3S HV: Context-switch EBB registers properly
- [powerpc*] KVM: Book3S HV: Restore critical SPRs to host values on guest
exit
- [powerpc*] KVM: Book3S HV: Save/restore host values of debug registers
- CIFS: Improve readdir verbosity
- CIFS: Fix some return values in case of error in 'crypt_message'
- cxgb4: notify uP to route ctrlq compl to rdma rspq
- HID: Add quirk for Dell PIXART OEM mouse
- random: silence compiler warnings and fix race
- signal: Only reschedule timers on signals timers have sent
- [powerpc] kprobes: Pause function_graph tracing during jprobes handling
- ]powerpc*] 64s: Handle data breakpoints in Radix mode
- Input: i8042 - add Fujitsu Lifebook AH544 to notimeout list
- brcmfmac: add parameter to pass error code in firmware callback
- brcmfmac: use firmware callback upon failure to load
- brcmfmac: unbind all devices upon failure in firmware callback
- time: Fix clock->read(clock) race around clocksource changes
- time: Fix CLOCK_MONOTONIC_RAW sub-nanosecond accounting
- [arm64] vdso: Fix nsec handling for CLOCK_MONOTONIC_RAW
- target: Fix kref->refcount underflow in transport_cmd_finish_abort
- iscsi-target: Fix delayed logout processing greater than
SECONDS_FOR_LOGOUT_COMP
- iscsi-target: Reject immediate data underflow larger than SCSI transfer
length
- drm/radeon: add a PX quirk for another K53TK variant
- drm/radeon: add a quirk for Toshiba Satellite L20-183
- [x86] drm/amdgpu/atom: fix ps allocation size for EnableDispPowerGating
- [x86] drm/amdgpu: adjust default display clock
- [x86] drm/amdgpu: add Polaris12 DID
- ACPI / scan: Apply default enumeration to devices with ACPI drivers
- ACPI / scan: Fix enumeration for special SPI and I2C devices
- rxrpc: Fix several cases where a padded len isn't checked in ticket
decode (CVE-2017-7482)
- drm: Fix GETCONNECTOR regression
- usb: gadget: f_fs: avoid out of bounds access on comp_desc
- spi: double time out tolerance
- net: phy: fix marvell phy status reading
- netfilter: xtables: zero padding in data_to_user
- netfilter: xtables: fix build failure from COMPAT_XT_ALIGN outside
CONFIG_COMPAT
- brcmfmac: fix uninitialized warning in brcmf_usb_probe_phase2()
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.11.9
- net: don't call strlen on non-terminated string in dev_set_alias()
- net: Fix inconsistent teardown and release of private netdev state.
- [s390x] net: fix up for "Fix inconsistent teardown and release of
private netdev state"
- mac80211: free netdev on dev_alloc_name() error
- decnet: dn_rtmsg: Improve input length sanitization in
dnrmg_receive_user_skb
- net: Zero ifla_vf_info in rtnl_fill_vfinfo()
- net: ipv6: Release route when device is unregistering
- net: vrf: Make add_fib_rules per network namespace flag
- af_unix: Add sockaddr length checks before accessing sa_family in bind
and connect handlers
- Fix an intermittent pr_emerg warning about lo becoming free.
- sctp: disable BH in sctp_for_each_endpoint
- net: caif: Fix a sleep-in-atomic bug in cfpkt_create_pfx
- net: tipc: Fix a sleep-in-atomic bug in tipc_msg_reverse
- net/mlx5: Remove several module events out of ethtool stats
- net/mlx5e: Added BW check for DIM decision mechanism
- net/mlx5e: Fix wrong indications in DIM due to counter wraparound
- net/mlx5: Enable 4K UAR only when page size is bigger than 4K
- proc: snmp6: Use correct type in memset
- igmp: acquire pmc lock for ip_mc_clear_src()
- igmp: add a missing spin_lock_init()
- qmi_wwan: new Telewell and Sierra device IDs
- net: don't global ICMP rate limit packets originating from loopback
- ipv6: fix calling in6_ifa_hold incorrectly for dad work
- sctp: return next obj by passing pos + 1 into sctp_transport_get_idx
- net/mlx5e: Fix min inline value for VF rep SQs
- net/mlx5e: Avoid doing a cleanup call if the profile doesn't have it
- net/mlx5: Wait for FW readiness before initializing command interface
- net/mlx5e: Fix timestamping capabilities reporting
- decnet: always not take dst->__refcnt when inserting dst into hash table
- net: 8021q: Fix one possible panic caused by BUG_ON in free_netdev
- ipv6: Do not leak throw route references
- rtnetlink: add IFLA_GROUP to ifla_policy
- netfilter: synproxy: fix conntrackd interaction
- NFSv4.x/callback: Create the callback service through svc_create_pooled
- xen/blkback: don't use xen_blkif_get() in xen-blkback kthread
- [mips*] head: Reorder instructions missing a delay slot
- [mips*] Avoid accidental raw backtrace
- [mips*] pm-cps: Drop manual cache-line alignment of ready_count
- [mips*] Fix IRQ tracing & lockdep when rescheduling
- ALSA: hda - Fix endless loop of codec configure
- ALSA: hda - set input_path bitmap to zero after moving it to new place
- NFSv4.2: Don't send mode again in post-EXCLUSIVE4_1 SETATTR with umask
- NFSv4.1: Fix a race in nfs4_proc_layoutget
- Revert "NFS: nfs_rename() handle -ERESTARTSYS dentry left behind"
- ovl: copy-up: don't unlock between lookup and link
- gpiolib: fix filtering out unwanted events
- [x86] intel_rdt: Fix memory leak on mount failure
- [x86] perf/x86/intel/uncore: Fix wrong box pointer check
- [x86] drm/vmwgfx: Free hash table allocated by cmdbuf managed res mgr
- dm thin: do not queue freed thin mapping for next stage processing
- [x86] mm: Fix boot crash caused by incorrect loop count calculation in
sync_global_pgds()
- [arm64] pinctrl/amd: Use regular interrupt instead of chained
- mm/vmalloc.c: huge-vmap: fail gracefully on unexpected huge vmap
mappings
- xen/blkback: don't free be structure too early
- xfrm6: Fix IPv6 payload_len in xfrm6_transport_finish
- xfrm: move xfrm_garbage_collect out of xfrm_policy_flush
- xfrm: fix stack access out of bounds with CONFIG_XFRM_SUB_POLICY
- xfrm: NULL dereference on allocation failure
- xfrm: Oops on error in pfkey_msg2xfrm_state()
- [arm64] PCI: Fix struct acpi_pci_root_ops allocation failure path
- [arm64] ACPI: Fix BAD_MADT_GICC_ENTRY() macro implementation
- [arm*] 8685/1: ensure memblock-limit is pmd-aligned
- [arm*] davinci: PM: Free resources in error handling path in
'davinci_pm_init'
- [arm*] davinci: PM: Do not free useful resources in normal path in
'davinci_pm_init'
- Revert "x86/entry: Fix the end of the stack for newly forked tasks"
- [x86] boot/KASLR: Fix kexec crash due to 'virt_addr' calculation bug
- [x86] perf: Fix spurious NMI with PEBS Load Latency event
- [x86] mpx: Correctly report do_mpx_bt_fault() failures to user-space
- [x86] mm: Fix flush_tlb_page() on Xen
- ocfs2: o2hb: revert hb threshold to keep compatible
- ocfs2: fix deadlock caused by recursive locking in xattr
- iommu/dma: Don't reserve PCI I/O windows
- [amd64] iommu/amd: Fix incorrect error handling in
amd_iommu_bind_pasid()
- [amd64] iommu/amd: Fix interrupt remapping when disable guest_mode
- mtd: nand: brcmnand: Check flash #WP pin status before nand
erase/program
- mtd: nand: fsmc: fix NAND width handling
- [x86] KVM: fix emulation of RSM and IRET instructions
- [x86] KVM: vPMU: fix undefined shift in intel_pmu_refresh()
- [x86] KVM: zero base3 of unusable segments
- KVM: nVMX: Fix exception injection
- esp4: Fix udpencap for local TCP packets.
- [armhf] hsi: Fix build regression due to netdev destructor fix.
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.11.10
- fs: completely ignore unknown open flags
- driver core: platform: fix race condition with driver_override
- RDMA/uverbs: Check port number supplied by user verbs cmds
- ceph: choose readdir frag based on previous readdir reply
- tracing/kprobes: Allow to create probe with a module name starting with a
digit
- drm/virtio: don't leak bo on drm_gem_object_init failure (CVE-2017-10810)
- usb: dwc3: replace %p with %pK
- Add USB quirk for HVR-950q to avoid intermittent device resets
- usb: usbip: set buffer pointers to NULL after free
- usb: Fix typo in the definition of Endpoint[out]Request
- USB: core: fix device node leak
- [armhf] pinctrl: meson: meson8b: fix the NAND DQS pins
- [armhf,arm64] pinctrl: sunxi: Fix SPDIF function name for A83T
- pinctrl: core: Fix warning by removing bogus code
- [x86] xhci: Limit USB2 port wake support for AMD Promontory hosts
- gfs2: Fix glock rhashtable rcu bug
- Add "shutdown" to "struct class".
- tpm: Issue a TPM2_Shutdown for TPM2 devices.
- tpm: fix a kernel memory leak in tpm-sysfs.c
- [x86] uaccess: Optimize copy_user_enhanced_fast_string() for short strings
- xen: avoid deadlock in xenbus driver
- crypto: drbg - Fixes panic in wait_for_completion call
- [x86] rt286: add Thinkpad Helix 2 to force_combo_jack_table
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.11.11
- mqueue: fix a use-after-free in sys_mq_notify() (CVE-2017-11176)
- proc: Fix proc_sys_prune_dcache to hold a sb reference
- locking/rwsem-spinlock: Fix EINTR branch in __down_write_common()
- [x86] staging: comedi: fix clean-up of comedi_class in comedi_init()
- crypto: rsa-pkcs1pad - use constant time memory comparison for MACs
- ext4: check return value of kstrtoull correctly in reserved_clusters_store
- [x86] mm/pat: Don't report PAT on CPUs that don't support it
[ Ben Hutchings ]
* [m68k] udeb: Use only the common module list for nic-shared-modules
(fixes FTBFS)
* [sparc64] Update "Revert "sparc: move exports to definitions"" for the
addition of __multi3 (fixes FTBFS)
* binfmt_elf: use ELF_ET_DYN_BASE only for PIE (CVE-2017-1000370,
CVE-2017-1000371)
* [rt] Update to 4.11.9-rt7:
- smp/hotplug: Move unparking of percpu threads to the control CPU
- cpu_pm: replace raw_notifier to atomic_notifier
* media: Enable MEDIA_CEC_SUPPORT, VIDEO_VIVID_CEC; USB_PULSE8_CEC as module
(Closes: #868511)
* [armhf] udeb: Add sunxi_wdt to kernel-image (Closes: #866130)
* crypto: Enable CRYPTO_USER, CRYPTO_USER_API_RNG as modules (Closes: #868291)
* udeb: Add dm-raid to md-modules (Closes: #868251)
* [arm64] sound: Enable SND_HDA_INTEL as module (Closes: #867611)
* aufs: Update support patchset to aufs4.11.7+-20170703 (Closes: #867257)
* [x86] ideapad-laptop: Add various IdeaPad models to no_hw_rfkill list
(Closes: #866706)
* firmware: dmi: Add DMI_PRODUCT_FAMILY identification string
* [x86] pinctrl: cherryview: Extend the Chromebook DMI quirk to Intel_Strago
systems (Closes: #862723)
* [armhf] Add ARM Mali Midgard device tree bindings and gpu node for rk3288
(thanks to Guillaume Tucker) (Closes: #865646)
[ Uwe Kleine-König ]
* [arm64] enable FB_SIMPLE
[ Vagrant Cascadian ]
* [arm64] Enable support for Rockchip systems (Closes: #860976).
[ Salvatore Bonaccorso ]
* Bump ABI to 2
* [rt] Update to 4.11.8-rt5
[ Cyril Brulebois ]
* [arm64,armhf] udeb: Ship usb3503 module in usb-modules, needed for
e.g. Arndale development boards, thanks to Wei Liu (Closes: #865645).
-- Ben Hutchings <email address hidden> Mon, 17 Jul 2017 03:01:21 +0100
-
linux (4.11.6-1) unstable; urgency=medium
* New upstream stable update:
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.11.4
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.11.5
- [x86] drm/vmwgfx: limit the number of mip levels in
vmw_gb_surface_define_ioctl() (CVE-2017-7346)
- [x86] drm/vmwgfx: Make sure backup_handle is always valid (CVE-2017-9605)
- ALSA: timer: Fix race between read and ioctl (CVE-2017-1000380)
- ALSA: timer: Fix missing queue indices reset at SNDRV_TIMER_IOCTL_SELECT
(CVE-2017-1000380)
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.11.6
[ John Paul Adrian Glaubitz ]
* [m68k] udeb: Build affs-modules package
* [m68k] udeb: Build hfs-modules package
* [m68k] udeb: Build nic-modules package
* [m68k] udeb: Build pata-modules package
* [m68k] udeb: Build scsi-core-modules package
* [m68k] udeb: Move non-shared modules from nic-shared-modules to nic-modules
* [m68k] udeb: Add buddha, falconide, gayle, macide, q40ide to pata-modules
* [m68k] udeb: Add atari_scsi, mac_esp, mac_scsi to scsi-modules
[ Ben Hutchings ]
* [x86] Enable SERIAL_8250_MID as built-in (Closes: #864368)
* Set ABI to 1
* debian/rules.real: Include rules.defs before using architecture variables
(Closes: #862842)
* [rt] Update to 4.11.5-rt1 and reenable
* fs: Reenable HPFS_FS as module (Closes: #864878)
* USB: serial: option: add two Longcheer device ids (Closes: #864604)
* [armhf] PCI: Enable PCI_HOST_GENERIC (Closes: #864726)
* mm: larger stack guard gap, between vmas (CVE-2017-1000364)
-- Ben Hutchings <email address hidden> Tue, 20 Jun 2017 00:25:45 +0100
-
linux (4.9.130-2) stretch; urgency=medium
[ Salvatore Bonaccorso ]
* Ignore ABI change for return_address.
Fixes "FTBFS on armel/armhf: ABI change for return_address".
Modules will use their own inline copy.
Thanks to Cyril Brulebois for the analysis (Closes: #911421)
-- Ben Hutchings <email address hidden> Sat, 27 Oct 2018 19:46:16 +0100
-
linux (4.9.110-1) stretch; urgency=medium
* New upstream stable update:
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.108
- tpm: do not suspend/resume if power stays on
- tpm: self test failure should not cause suspend to fail
- mmap: introduce sane default mmap limits
- mmap: relax file size limit for regular files
- btrfs: define SUPER_FLAG_METADUMP_V2
- drm: set FMODE_UNSIGNED_OFFSET for drm files
- bnx2x: use the right constant
- dccp: don't free ccid2_hc_tx_sock struct in dccp_disconnect()
- enic: set DMA mask to 47 bit
- ip6mr: only set ip6mr_table from setsockopt when ip6mr_new_table succeeds
- ipv4: remove warning in ip_recv_error
- isdn: eicon: fix a missing-check bug
- net/packet: refine check for priv area size
- net: usb: cdc_mbim: add flag FLAG_SEND_ZLP
- packet: fix reserve calculation
- qed: Fix mask for physical address in ILT entry
- sctp: not allow transport timeout value less than HZ/5 for hb_timer
- team: use netdev_features_t instead of u32
- vhost: synchronize IOTLB message with dev cleanup
- vrf: check the original netdevice for generating redirect
- net/mlx4: Fix irq-unsafe spinlock usage
- rtnetlink: validate attributes in do_setlink()
- net: phy: broadcom: Fix bcm_write_exp()
- net: metrics: add proper netlink validation
- dm bufio: avoid false-positive Wmaybe-uninitialized warning
- objtool: complete e390f9a port for v4.9.106
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.109
- [x86] fpu: Hard-disable lazy FPU mode
- bonding: correctly update link status during mii-commit phase
- bonding: fix active-backup transition
- bonding: require speed/duplex only for 802.3ad, alb and tlb
- nvme-pci: initialize queue memory before interrupts
- af_key: Always verify length of provided sadb_key
- [x86] crypto, x86/fpu: Remove X86_FEATURE_EAGER_FPU #ifdef from the
crc32c code
- nvmet: Move serial number from controller to subsystem
- nvmet: don't report 0-bytes in serial number
- nvmet: don't overwrite identify sn/fr with 0-bytes
- gpio: No NULL owner
- [x86] KVM: introduce linear_{read,write}_system
- [x86] KVM: pass kvm_vcpu to kvm_read_guest_virt and
kvm_write_guest_virt_system
- usbip: vhci_sysfs: fix potential Spectre v1 (CVE-2017-5753)
- [armhf] serial: samsung: fix maxburst parameter for DMA transactions
- [armhf] serial: 8250: omap: Fix idling of clocks for unused uarts
- [x86] vmw_balloon: fixing double free when batching mode is off
- [armhf,arm64] tty: pl011: Avoid spuriously stuck-off interrupts
- [x86] kvm: use correct privilege level for sgdt/sidt/fxsave/fxrstor
access (CVE-2018-10853)
- [powerpc*] crypto: vmx - Remove overly verbose printk from AES init
routines
- [armhf] crypto: omap-sham - fix memleak
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.110
- xfrm6: avoid potential infinite loop in _decode_session6()
- netfilter: ebtables: handle string from userspace with care
- ipvs: fix buffer overflow with sync daemon and service
- iwlwifi: pcie: compare with number of IRQs requested for, not number of
CPUs
- atm: zatm: fix memcmp casting
- [x86] platform: asus-wmi: Fix NULL pointer dereference
- Revert "Btrfs: fix scrub to repair raid6 corruption"
- tcp: do not overshoot window_clamp in tcp_rcv_space_adjust()
- Btrfs: make raid6 rebuild retry more
- [armhf] usb: musb: fix remote wakeup racing with suspend
- bonding: re-evaluate force_primary when the primary slave name changes
- ipv6: allow PMTU exceptions to local routes
- net/sched: act_simple: fix parsing of TCA_DEF_DATA
- tcp: verify the checksum of the first data segment in a new connection
- ext4: fix hole length detection in ext4_ind_map_blocks()
- ext4: update mtime in ext4_punch_hole even if no blocks are released
- ext4: fix fencepost error in check for inode count overflow during resize
- driver core: Don't ignore class_dir_create_and_add() failure.
- Btrfs: fix clone vs chattr NODATASUM race
- Btrfs: fix memory and mount leak in btrfs_ioctl_rm_dev_v2()
- btrfs: scrub: Don't use inode pages for device replace
- ALSA: hda - Handle kzalloc() failure in snd_hda_attach_pcm_stream()
- smb3: on reconnect set PreviousSessionId field
- cpufreq: Fix new policy initialization during limits updates via sysfs
- libata: zpodd: make arrays cdb static, reduces object code size
- libata: zpodd: small read overflow in eject_tray()
- libata: Drop SanDisk SD7UB3Q*G1001 NOLPM quirk
- [x86] HID: intel_ish-hid: ipc: register more pm callbacks to support
hibernation
- vhost: fix info leak due to uninitialized memory (CVE-2018-1118)
- fs/binfmt_misc.c: do not allow offset overflow
[ Ben Hutchings ]
* netfilter: xt_hashlimit: Fix integer divide round to zero.
(Closes: #872907)
* [arm64,powerpc*,x86] drm/ast: Add support for new chips and boards
(Closes: #860900):
- drm/ast: const'ify mode setting tables
- drm/ast: Remove spurrious include
- drm/ast: Fix calculation of MCLK
- drm/ast: Base support for AST2500
- drm/ast: Fixed vram size incorrect issue on POWER
- drm/ast: Factor mmc_test code in POST code
- drm/ast: Rename ast_init_dram_2300 to ast_post_chip_2300
- drm/ast: POST code for the new AST2500
* ext4: add corruption check in ext4_xattr_set_entry() (CVE-2018-10879)
* ext4: always verify the magic number in xattr blocks (CVE-2018-10879)
* ext4: always check block group bounds in ext4_init_block_bitmap()
(CVE-2018-10878)
* ext4: make sure bitmaps and the inode table don't overlap with bg
descriptors (CVE-2018-10878)
* ext4: only look at the bg_flags field if it is valid (CVE-2018-10876)
* ext4: verify the depth of extent tree in ext4_find_extent()
(CVE-2018-10877)
* ext4: clear i_data in ext4_inode_info when removing inline data
(CVE-2018-10881)
* ext4: never move the system.data xattr out of the inode body
(CVE-2018-10880)
* jbd2: don't mark block as modified if the handle is out of credits
(CVE-2018-10883)
* ext4: avoid running out of journal credits when appending to an inline file
(CVE-2018-10883)
* ext4: add more inode number paranoia checks (CVE-2018-10882)
* sr: pass down correctly sized SCSI sense buffer (CVE-2018-11506)
* nvme: Ignore ABI changes
* tpm: Ignore ABI changes
[ Romain Perier ]
* jfs: Fix inconsistency between memory allocation and ea_buf->max_size
(CVE-2018-12233)
-- Ben Hutchings <email address hidden> Thu, 05 Jul 2018 02:29:30 +0100
-
linux (4.9.82-1+deb9u3) stretch-security; urgency=medium
* [powerpc] Backport more RFI flush related patches from 4.9.84. Closes:
#891249.
* [powerpc] Ignore ABI change in paca.
-- Aurelien Jarno <email address hidden> Fri, 02 Mar 2018 08:52:22 +0100
-
linux (4.9.65-3) stretch; urgency=medium
[ Salvatore Bonaccorso ]
* xen/time: do not decrease steal time after live migration on xen
(Closes: #871608)
-- Ben Hutchings <email address hidden> Sun, 03 Dec 2017 19:41:55 +0000
-
linux (4.9.51-1) stretch; urgency=medium
* New upstream stable update:
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.48
- [x86] i2c: ismt: Don't duplicate the receive length for block reads
- [x86] i2c: ismt: Return EMSGSIZE for block reads with bogus length
- crypto: algif_skcipher - only call put_page on referenced and used pages
- mm, uprobes: fix multiple free of ->uprobes_state.xol_area
- mm, madvise: ensure poisoned pages are removed from per-cpu lists
- ceph: fix readpage from fscache
- cpumask: fix spurious cpumask_of_node() on non-NUMA multi-node configs
- cpuset: Fix incorrect memory_pressure control file mapping
- CIFS: Fix maximum SMB2 header size
- lib/mpi: kunmap after finishing accessing buffer
- drm/ttm: Fix accounting error when fail to get pages for pool
- [armhf,arm64] kvm: Force reading uncached stage2 PGD
- epoll: fix race between ep_poll_callback(POLLFREE) and
ep_free()/ep_remove()
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.49
- usb:xhci:Fix regression when ATI chipsets detected
- [armhf] USB: musb: fix external abort on suspend
- USB: core: Avoid race of async_completed() w/ usbdev_release()
- [x86] staging/rts5208: fix incorrect shift to extract upper nybble
- driver core: bus: Fix a potential double free
- ath10k: fix memory leak in rx ring buffer allocation
- Input: trackpoint - assume 3 buttons when buttons detection fails
- rtlwifi: rtl_pci_probe: Fix fail path of _rtl_pci_find_adapter
- dlm: avoid double-free on error path in dlm_device_{register,unregister}
- mwifiex: correct channel stat buffer overflows
- [s390x] mm: avoid empty zero pages for KVM guests to avoid postcopy hangs
- drm/nouveau/pci/msi: disable MSI on big-endian platforms by default
- scsi: sg: protect against races between mmap() and SG_SET_RESERVED_SIZE
- scsi: sg: recheck MMAP_IO request length with lock held
- [arm64] drm/bridge: adv7511: Use work_struct to defer hotplug handing to
out of irq context
- [arm64] drm/bridge: adv7511: Switch to using
drm_kms_helper_hotplug_event()
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.50
- [armhf] mtd: nand: mxc: Fix mxc_v1 ooblayout
- nvme-fabrics: generate spec-compliant UUID NQNs
- btrfs: resume qgroup rescan on rw remount
- mm/memory.c: fix mem_cgroup_oom_disable() call missing
- ALSA: msnd: Optimize / harden DSP and MIDI loops
- [arm64] dts: marvell: armada-37xx: Fix GIC maintenance interrupt
- [armhf] 8692/1: mm: abort uaccess retries upon fatal signal
- NFS: Fix 2 use after free issues in the I/O code
- NFS: Sync the correct byte range during synchronous writes
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.51
- ipv6: accept 64k - 1 packet length in ip6_find_1stfragopt()
- ipv6: add rcu grace period before freeing fib6_node
- macsec: add genl family module alias
- udp: on peeking bad csum, drop packets even if not at head
- qlge: avoid memcpy buffer overflow
- [x86] netvsc: fix deadlock betwen link status and removal
- cxgb4: Fix stack out-of-bounds read due to wrong size to t4_record_mbox()
- kcm: do not attach PF_KCM sockets to avoid deadlock
- Revert "net: phy: Correctly process PHY_HALTED in phy_stop_machine()"
- bridge: switchdev: Clear forward mark when transmitting packet
- Revert "net: use lib/percpu_counter API for fragmentation mem accounting"
- Revert "net: fix percpu memory leaks"
- gianfar: Fix Tx flow control deactivation
- vhost_net: correctly check tx avail during rx busy polling
- ip6_gre: update mtu properly in ip6gre_err
- ipv6: fix memory leak with multiple tables during netns destruction
- ipv6: fix typo in fib6_net_exit()
- sctp: fix missing wake ups in some situations
- ip_tunnel: fix setting ttl and tos value in collect_md mode
- f2fs: let fill_super handle roll-forward errors
- f2fs: check hot_data for roll-forward recovery
- [amd64] fsgsbase: Fully initialize FS and GS state in start_thread_common
- [amd64] fsgsbase: Report FSBASE and GSBASE correctly in core dumps
- [amd64] switch_to: Rewrite FS/GS switching yet again to fix AMD CPUs
- xfs: fix spurious spin_is_locked() assert failures on non-smp kernels
- xfs: push buffer of flush locked dquot to avoid quotacheck deadlock
- xfs: try to avoid blowing out the transaction reservation when bunmaping
a shared extent
- xfs: release bli from transaction properly on fs shutdown
- xfs: remove bli from AIL before release on transaction abort
- xfs: don't allow bmap on rt files
- xfs: free uncommitted transactions during log recovery
- xfs: free cowblocks and retry on buffered write ENOSPC
- xfs: don't crash on unexpected holes in dir/attr btrees
- xfs: check _btree_check_block value
- xfs: set firstfsb to NULLFSBLOCK before feeding it to _bmapi_write
- xfs: check _alloc_read_agf buffer pointer before using
- xfs: fix quotacheck dquot id overflow infinite loop
- xfs: fix multi-AG deadlock in xfs_bunmapi
- xfs: Fix per-inode DAX flag inheritance
- xfs: fix inobt inode allocation search optimization
- xfs: clear MS_ACTIVE after finishing log recovery
- xfs: don't leak quotacheck dquots when cow recovery
- iomap: fix integer truncation issues in the zeroing and dirtying helpers
- xfs: write unmount record for ro mounts
- xfs: toggle readonly state around xfs_log_mount_finish
- xfs: Properly retry failed inode items in case of error during buffer
writeback
- xfs: fix recovery failure when log record header wraps log end
- xfs: always verify the log tail during recovery
- xfs: fix log recovery corruption error due to tail overwrite
- xfs: handle -EFSCORRUPTED during head/tail verification
- xfs: stop searching for free slots in an inode chunk when there are none
- xfs: evict all inodes involved with log redo item
- xfs: check for race with xfs_reclaim_inode() in xfs_ifree_cluster()
- xfs: don't log dirty ranges for ordered buffers
- xfs: skip bmbt block ino validation during owner change
- xfs: move bmbt owner change to last step of extent swap
- xfs: disallow marking previously dirty buffers as ordered
- xfs: relog dirty buffers during swapext bmbt owner change
- xfs: disable per-inode DAX flag
- xfs: fix incorrect log_flushed on fsync
- xfs: don't set v3 xflags for v2 inodes
- xfs: open code end_buffer_async_write in xfs_finish_page_writeback
- md/raid5: release/flush io in raid5_do_work()
- ipv6: Fix may be used uninitialized warning in rt6_check
[ Ben Hutchings ]
* Fix regressions caused by fix for CVE-2016-7097 (Closes: #873026):
- ext4: preserve i_mode if __ext4_set_acl() fails
- ext4: Don't clear SGID when inheriting ACLs
* [mips{,64}el/loongson-3] Add support for Loongson-3A/B 3000 CPUs, thanks to
YunQiang Su (Closes: #871701):
- Add Loongson-3A R3 basic support
- Add NMI handler support
- Support 4 packages in CPU Hwmon driver
- IRQ balancing for PCI devices
- support irq_set_affinity() in i8259 chip
- Make enum loongson_cpu_type more clear
* [ppc64el] Invalidate ERAT on powersave wakeup for POWER9, thanks to
Michael Neuling (Closes: #868887)
* ip6_fib: Avoid ABI change in 4.9.51
* inet_frag: Limit ABI change in 4.9.51
* nfs: Ignore ABI change in 4.9.50
-- Ben Hutchings <email address hidden> Thu, 28 Sep 2017 19:27:56 +0200
-
linux (4.9.30-2+deb9u2) stretch-security; urgency=high
* Revert changes in version 4.9.30-2+deb9u1 (Closes: #865303)
* mm: larger stack guard gap, between vmas (CVE-2017-1000364)
* mm: fix new crash in unmapped_area_topdown()
-- Ben Hutchings <email address hidden> Mon, 26 Jun 2017 16:27:47 +0100
-
linux (4.9.30-2) unstable; urgency=high
* [x86] Enable SERIAL_8250_MID as built-in (Closes: #864368)
* Fix bugs introduced by original fix for CVE-2017-9074:
- ipv6: Check ip6_find_1stfragopt() return value properly.
- ipv6: xfrm: Handle errors reported by xfrm6_find_1stfragopt()
- ipv6: Fix leak in ipv6_gso_segment().
* Revert "uapi: fix linux/if.h userspace compilation errors" (see #864269)
* [armhf] udeb: Add axp20x_usb_power to kernel-image; add i2c-modules
package including i2c-mv64xxx and i2c-rk3x (thanks to Karsten Merker)
(Closes: #856111)
* NFSv4.x/callback: Create the callback service through svc_create_pooled
(Closes: #862357)
-- Ben Hutchings <email address hidden> Mon, 12 Jun 2017 16:24:30 +0100
-
linux (4.9.25-1) unstable; urgency=medium
* New upstream stable update:
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.19
- net/openvswitch: Set the ipv6 source tunnel key address attribute
correctly
- net: properly release sk_frag.page
- [arm64] amd-xgbe: Fix jumbo MTU processing on newer hardware
- openvswitch: Add missing case OVS_TUNNEL_KEY_ATTR_PAD
- net: unix: properly re-increment inflight counter of GC discarded
candidates
- net: vrf: Reset rt6i_idev in local dst after put
- net/mlx5: Add missing entries for set/query rate limit commands
- net/mlx5e: Use the proper UAPI values when offloading TC vlan actions
- net/mlx5: Increase number of max QPs in default profile
- net/mlx5e: Count GSO/LRO packets correctly
- ipv6: make sure to initialize sockc.tsflags before first use
- ipv4: provide stronger user input validation in nl_fib_input()
- socket, bpf: fix sk_filter use after free in sk_clone_lock
- tcp: initialize icsk_ack.lrcvtime at session start time
- Input: iforce,ims-pcu,hanwang,yealink,cm109,kbtab,sur40 - validate
number of endpoints before using them
- ALSA: seq: Fix racy cell insertions during snd_seq_pool_done()
- ALSA: ctxfi: Fix the incorrect check of dma_set_mask() call
- ALSA: hda - Adding a group of pin definition to fix headset problem
- ACM gadget: fix endianness in notifications
- usb: gadget: f_uvc: Fix SuperSpeed companion descriptor's
wBytesPerInterval
- USB: uss720,idmouse,wusbcore: fix NULL-deref at probe
- usb: musb: cppi41: don't check early-TX-interrupt for Isoch transfer
- usb: hub: Fix crash after failure to read BOS descriptor
- USB: usbtmc: add missing endpoint sanity check
- USB: usbtmc: fix probe error path
- uwb: i1480-dfu: fix NULL-deref at probe
- mmc: ushc: fix NULL-deref at probe
- [armhf[ iio: adc: ti_am335x_adc: fix fifo overrun recovery
- iio: sw-device: Fix config group initialization
- iio: hid-sensor-trigger: Change get poll value function order to avoid
sensor properties losing after resume from S3
- parport: fix attempt to write duplicate procfiles
- ext4: mark inode dirty after converting inline directory
- ext4: lock the xattr block before checksuming it
- [powerpc*/*64*] Fix idle wakeup potential to clobber registers
- mmc: sdhci: Do not disable interrupts while waiting for clock
- mmc: sdhci-pci: Do not disable interrupts in sdhci_intel_set_power
- [x86] hwrng: amd - Revert managed API changes
- [x86] hwrng: geode - Revert managed API changes
- [armhf] clk: sunxi-ng: sun6i: Fix enable bit offset for hdmi-ddc module
clock
- [armhf] clk: sunxi-ng: mp: Adjust parent rate for pre-dividers
- mwifiex: pcie: don't leak DMA buffers when removing
- [x86] crypto: ccp - Assign DMA commands to the channel's CCP
- xen/acpi: upload PM state from init-domain to Xen
- [x86] iommu/vt-d: Fix NULL pointer dereference in device_to_iommu
- [arm64] kaslr: Fix up the kernel image alignment
- cpufreq: Restore policy min/max limits on CPU online
- cgroup, net_cls: iterate the fds of only the tasks which are being
migrated
- blk-mq: don't complete un-started request in timeout handler
- [x86] drm/amdgpu: reinstate oland workaround for sclk
- jbd2: don't leak memory if setting up journal fails
- [x86] intel_th: Don't leak module refcount on failure to activate
- [x86] Drivers: hv: vmbus: Don't leak channel ids
- [x86] Drivers: hv: vmbus: Don't leak memory when a channel is rescinded
- libceph: don't set weight to IN when OSD is destroyed
- [x86] device-dax: fix pmd/pte fault fallback handling
- [armhf] drm/bridge: analogix dp: Fix runtime PM state on driver bind
- nl80211: fix dumpit error path RTNL deadlocks
- drm: reference count event->completion
- fbcon: Fix vc attr at deinit
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.20
- xfrm: policy: init locks early
- [x86] KVM: cleanup the page tracking SRCU instance
- virtio_balloon: init 1st buffer in stats vq
- [mips*] ptrace: Preserve previous registers for short regset write
- [sparc64] ptrace: Preserve previous registers for short regset write
- fscrypt: remove broken support for detecting keyring key revocation
(CVE-2017-7374)
- sched/rt: Add a missing rescheduling point
- [armhf] usb: musb: fix possible spinlock deadlock
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.21
- libceph: force GFP_NOIO for socket allocations
- xen/setup: Don't relocate p2m over existing one
- xfs: only update mount/resv fields on success in __xfs_ag_resv_init
- xfs: use per-AG reservations for the finobt
- xfs: pull up iolock from xfs_free_eofblocks()
- xfs: sync eofblocks scans under iolock are livelock prone
- xfs: fix eofblocks race with file extending async dio writes
- xfs: fix toctou race when locking an inode to access the data map
- xfs: fail _dir_open when readahead fails
- xfs: filter out obviously bad btree pointers
- xfs: check for obviously bad level values in the bmbt root
- xfs: verify free block header fields
- xfs: allow unwritten extents in the CoW fork
- xfs: mark speculative prealloc CoW fork extents unwritten
- xfs: reset b_first_retry_time when clear the retry status of xfs_buf_t
- xfs: update ctime and mtime on clone destinatation inodes
- xfs: reject all unaligned direct writes to reflinked files
- xfs: don't fail xfs_extent_busy allocation
- xfs: handle indlen shortage on delalloc extent merge
- xfs: split indlen reservations fairly when under reserved
- xfs: fix uninitialized variable in _reflink_convert_cow
- xfs: don't reserve blocks for right shift transactions
- xfs: Use xfs_icluster_size_fsb() to calculate inode chunk alignment
- xfs: tune down agno asserts in the bmap code
- xfs: only reclaim unwritten COW extents periodically
- xfs: fix and streamline error handling in xfs_end_io
- xfs: Use xfs_icluster_size_fsb() to calculate inode alignment mask
- xfs: use iomap new flag for newly allocated delalloc blocks
- xfs: try any AG when allocating the first btree block when reflinking
- scsi: libsas: fix ata xfer length
- scsi: scsi_dh_alua: Check scsi_device_get() return value
- scsi: scsi_dh_alua: Ensure that alua_activate() calls the completion
function
- ALSA: seq: Fix race during FIFO resize
- ALSA: hda - fix a problem for lineout on a Dell AIO machine
- [x86] ASoC: Intel: Skylake: fix invalid memory access due to wrong
reference of pointer
- HID: wacom: Don't add ghost interface as shared data
- mmc: sdhci: Disable runtime pm when the sdio_irq is enabled
- NFSv4.1 fix infinite loop on IO BAD_STATEID error
- nfsd: map the ENOKEY to nfserr_perm for avoiding warning
- [hppa] Clean up fixup routines for get_user()/put_user()
- [hppa] Avoid stalled CPU warnings after system shutdown
- [hppa] Fix access fault handling in pa_memcpy()
- ACPI: Fix incompatibility with mcount-based function graph tracing
- ACPI: Do not create a platform_device for IOAPIC/IOxAPIC
- USB: fix linked-list corruption in rh_call_control()
- [x86] KVM: clear bus pointer when destroyed
- KVM: kvm_io_bus_unregister_dev() should never fail
- drm/radeon: Override fpfn for all VRAM placements in radeon_evict_flags
- [armhf,arm64] drm/vc4: Allocate the right amount of space for boot-time
CRTC state.
- [armhf] drm/etnaviv: (re-)protect fence allocation with GPU mutex
- [x86] mm/KASLR: Exclude EFI region from KASLR VA space randomization
- [x86] mce: Fix copy/paste error in exception table entries
- lib/syscall: Clear return values when no stack
- mm: rmap: fix huge file mmap accounting in the memcg stats
- mm, hugetlb: use pte_present() instead of pmd_present() in
follow_huge_pmd()
- qla2xxx: Allow vref count to timeout on vport delete.
- mm: workingset: fix premature shadow node shrinking with cgroups
- blk: improve order of bio handling in generic_make_request()
- blk: Ensure users for current->bio_list can see the full list.
- padata: avoid race in reordering
- nvme/core: Fix race kicking freed request_queue
- nvme/pci: Disable on removal when disconnected
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.22
- ppdev: check before attaching port
- ppdev: fix registering same device name
- [x86] drm/vmwgfx: Type-check lookups of fence objects
- [x86] drm/vmwgfx: avoid calling vzalloc with a 0 size in
vmw_get_cap_3d_ioctl()
- drm/ttm, drm/vmwgfx: Relax permission checking when opening surfaces
- [x86] drm/vmwgfx: Remove getparam error message
- sysfs: be careful of error returns from ops->show()
- [armhf,arm64] KVM: Take mmap_sem in stage2_unmap_vm
- [armhf,arm64] KVM: Take mmap_sem in kvm_arch_prepare_memory_region
- [armhf,arm64] kvm: Fix locking for kvm_free_stage2_pgd
- [x86] iio: bmg160: reset chip when probing
- [arm64] mm: unaligned access by user-land should be received as SIGBUS
- cfg80211: check rdev resume callback only for registered wiphy
- CIFS: Reset TreeId to zero on SMB2 TREE_CONNECT
- mm/page_alloc.c: fix print order in show_free_areas()
- ptrace: fix PTRACE_LISTEN race corrupting task->state
- dm verity fec: limit error correction recursion
- dm verity fec: fix bufio leaks
- ACPI / gpio: do not fall back to parsing _CRS when we get a deferral
- xfs: Honor FALLOC_FL_KEEP_SIZE when punching ends of files
- ring-buffer: Fix return value check in test_ringbuffer()
- mac80211: unconditionally start new netdev queues with iTXQ support
- brcmfmac: use local iftype avoiding use-after-free of virtual interface
- [powerpc*] Disable HFSCR[TM] if TM is not supported
- [powerpc*] mm: Add missing global TLB invalidate if cxl is active
- [powerpc*/*64*]: Fix flush_(d|i)cache_range() called from modules
- [powerpc*] Don't try to fix up misaligned load-with-reservation
instructions
- [powerpc*] crypto/crc32c-vpmsum: Fix missing preempt_disable()
- dm raid: fix NULL pointer dereference for raid1 without bitmap
- [s390x] decompressor: fix initrd corruption caused by bss clear
- [s390x] uaccess: get_user() should zero on failure (again)
- [mips*el/loongson-3] Check TLB before handle_ri_rdhwr() for Loongson-3
- [mips*el/loongson-3] Add MIPS_CPU_FTLB for Loongson-3A R2
- [mips*el/loongson-3] Flush wrong invalid FTLB entry for huge page
- [mips*el/loongson-3] c-r4k: Fix Loongson-3's vcache/scache waysize
calculation
- mm/mempolicy.c: fix error handling in set_mempolicy and mbind
(CVE-2017-7616)
- random: use chacha20 for get_random_int/long
- [armhf] drm/sun4i: tcon: Move SoC specific quirks to a DT matched data
structure
- [armhf] drm/sun4i: Add compatible strings for A31/A31s display pipelines
- [armhf] drm/sun4i: Add compatible string for A31/A31s TCON (timing
controller)
- HID: i2c-hid: add a simple quirk to fix device defects
- usb: dwc3: gadget: delay unmap of bounced requests
- [x86] ASoC: Intel: bytct_rt5640: change default capture settings
- [armhf,arm64] clocksource/drivers/arm_arch_timer: Don't assume clock runs
in suspend
- scsi: ufs: introduce UFSHCD_QUIRK_PRDT_BYTE_GRAN quirk
- HID: multitouch: do not retrieve all reports for all devices
- [arm64] mmc: sdhci-msm: Enable few quirks
- scsi: ufs: ensure that host pa_tactivate is higher than device
- svcauth_gss: Close connection when dropping an incoming message
- scsi: ufs: add quirk to increase host PA_SaveConfigTime
- [x86] platform: acer-wmi: Only supports AMW0_GUID1 on acer family
- nvme: simplify stripe quirk
- ACPI / sysfs: Provide quirk mechanism to prevent GPE flooding
- HID: usbhid: Add quirk for the Futaba TOSD-5711BB VFD
- [x86] drm/i915: actually drive the BDW reserved IDs
- scsi: ufs: issue link starup 2 times if device isn't active
- [armhf] serial: 8250_omap: Add OMAP_DMA_TX_KICK quirk for AM437x
- ACPI / button: Change default behavior to lid_init_state=open
- [x86] ACPI: save NVS memory for Lenovo G50-45
- HID: wacom: don't apply generic settings to old devices
- [arm64] firmware: qcom: scm: Fix interrupted SCM calls
- [armhf] watchdog: s3c2410: Fix infinite interrupt in soft mode
- [x86] platform: asus-wmi: Set specified XUSB2PR value for X550LB
- [x86] platform: asus-wmi: Detect quirk_no_rfkill from the DSDT
- [x86] reboot/quirks: Add ASUS EeeBook X205TA reboot quirk
- [x86] reboot/quirks: Add ASUS EeeBook X205TA/W reboot quirk
- usb-storage: Add ignore-residue quirk for Initio INIC-3619
- [x86] reboot/quirks: Fix typo in ASUS EeeBook X205TA reboot quirk
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.23
- [x86] drm/i915/gen9: Increase PCODE request timeout to 50ms
- [x86] drm/i915: Nuke debug messages from the pipe update critical section
- [x86] drm/i915: Avoid tweaking evaluation thresholds on Baytrail v3
- [x86] drm/i915: Only enable hotplug interrupts if the display interrupts
are enabled
- [x86] drm/i915: Drop support for I915_EXEC_CONSTANTS_* execbuf parameters.
- [x86] drm/i915: Stop using RP_DOWN_EI on Baytrail
- [x86] drm/i915: Avoid rcu_barrier() from reclaim paths (shrinker)
- [armhf,arm64] i2c: bcm2835: Fix hang for writing messages larger than 16
bytes
- rt2x00usb: fix anchor initialization
- rt2x00usb: do not anchor rx and tx urb's
- [mips*] Introduce irq_stack
- [mips*] Stack unwinding while on IRQ stack
- [mips*] Only change $28 to thread_info if coming from user mode
- [mips*] Switch to the irq_stack in interrupts
- [mips*] Select HAVE_IRQ_EXIT_ON_IRQ_STACK
- [mips*] IRQ Stack: Fix erroneous jal to plat_irq_dispatch
- [x86] Revert "drm/i915/execlists: Reset RING registers upon resume"
- blk-mq: Avoid memory reclaim when remapping queues
- usb: hub: Wait for connection to be reestablished after port reset
- net/mlx4_en: Fix bad WQE issue
- net/mlx4_core: Fix racy CQ (Completion Queue) free
- net/mlx4_core: Fix when to save some qp context flags for dynamic VST to
VGT transitions
- dma-buf: add support for compat ioctl
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.24
- cgroup, kthread: close race window where new kthreads can be migrated to
non-root cgroups
- thp: fix MADV_DONTNEED vs. MADV_FREE race
- thp: fix MADV_DONTNEED vs clear soft dirty race
- zsmalloc: expand class bit
- drm/nouveau/mpeg: mthd returns true on success now
- drm/nouveau/mmu/nv4a: use nv04 mmu rather than the nv44 one
- [armhf] drm/etnaviv: fix missing unlock on error in etnaviv_gpu_submit()
- CIFS: reconnect thread reschedule itself
- CIFS: store results of cifs_reopen_file to avoid infinite wait
- Input: xpad - add support for Razer Wildcat gamepad
- [x86] perf: Avoid exposing wrong/stale data in intel_pmu_lbr_read_32()
- [x86] efi: Don't try to reserve runtime regions
- [x86] signals: Fix lower/upper bound reporting in compat siginfo
- [x86] pmem: fix broken __copy_user_nocache cache-bypass assumptions
- [x86] vdso: Ensure vdso32_enabled gets set to valid values only
- [x86] vdso: Plug race between mapping and ELF header setup
- [x86] acpi, nfit, libnvdimm: fix interleave set cookie calculation
(64-bit comparison)
- ACPI / scan: Set the visited flag for all enumerated devices
- [hppa] fix bugs in pa_memcpy
- efi/libstub: Skip GOP with PIXEL_BLT_ONLY format
- efi/fb: Avoid reconfiguration of BAR that covers the framebuffer
- iscsi-target: Fix TMR reference leak during session shutdown
- iscsi-target: Drop work-around for legacy GlobalSAN initiator
- scsi: sr: Sanity check returned mode data
- scsi: sd: Consider max_xfer_blocks if opt_xfer_blocks is unusable
- scsi: qla2xxx: Add fix to read correct register value for ISP82xx.
- scsi: sd: Fix capacity calculation with 32-bit sector_t
- target: Avoid mappedlun symlink creation during lun shutdown
- xen, fbfront: fix connecting to backend
- new privimitive: iov_iter_revert()
- make skb_copy_datagram_msg() et.al. preserve ->msg_iter on error
- [x86] libnvdimm: fix blk free space accounting
- [x86] libnvdimm: fix reconfig_mutex, mmap_sem, and jbd2_handle lockdep
splat
- [armhf] pwm: rockchip: State of PWM clock should synchronize with PWM
enabled state
- cpufreq: Bring CPUs up even if cpufreq_online() failed
- [armhf] irqchip/irq-imx-gpcv2: Fix spinlock initialization
- ftrace: Fix removing of second function probe
- zram: do not use copy_page with non-page aligned address
- ftrace: Fix function pid filter on instances
- crypto: algif_aead - Fix bogus request dereference in completion function
- crypto: ahash - Fix EINPROGRESS notification callback (CVE-2017-7618)
- [hppa] Fix get_user() for 64-bit value on 32-bit kernel
- dvb-usb-v2: avoid use-after-free (CVE-2017-8064)
- drm/nouveau/disp/mcp7x: disable dptmds workaround (Closes: #850219)
- [x86] mm: Tighten x86 /dev/mem with zeroing reads (CVE-2017-7889)
- dvb-usb-firmware: don't do DMA on stack (CVE-2017-8061)
- cxusb: Use a dma capable buffer also for reading (CVE-2017-8063)
- virtio-console: avoid DMA from stack (CVE-2017-8067)
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.25
- KEYS: Disallow keyrings beginning with '.' to be joined as session
keyrings (CVE-2016-9604)
- KEYS: Change the name of the dead type to ".dead" to prevent user access
(CVE-2017-6951)
- KEYS: fix keyctl_set_reqkey_keyring() to not leak thread keyrings
(CVE-2017-7472)
- tracing: Allocate the snapshot buffer before enabling probe
- ring-buffer: Have ring_buffer_iter_empty() return true when empty
- mm: prevent NR_ISOLATE_* stats from going negative
- cifs: Do not send echoes before Negotiate is complete (Closes: #856843)
- CIFS: remove bad_network_name flag
- [s390x] mm: fix CMMA vs KSM vs others
- Input: elantech - add Fujitsu Lifebook E547 to force crc_enabled
- ACPI / power: Avoid maybe-uninitialized warning
- [armhf] mmc: sdhci-esdhc-imx: increase the pad I/O drive strength for
DDR50 card
- ubifs: Fix RENAME_WHITEOUT support
- ubifs: Fix O_TMPFILE corner case in ubifs_link()
- mac80211: reject ToDS broadcast data frames
- mac80211: fix MU-MIMO follow-MAC mode
- ubi/upd: Always flush after prepared for an update
- [powerpc*] kprobe: Fix oops when kprobed on 'stdu' instruction
- [x86] mce/AMD: Give a name to MCA bank 3 when accessed with legacy MSRs
- [x86] mce: Make the MCE notifier a blocking one
- device-dax: switch to srcu, fix rcu_read_lock() vs pte allocation
[ Ben Hutchings ]
* w1: Really enable W1_MASTER_GPIO as module (Closes: #858975)
* debian/rules.real: Undefine $LANGUAGE, which can break debug symbols for
vDSOs (Closes: #859807)
* Bump ABI to 3
* [s390x] Set NR_CPUS=256 (Closes: #858731)
* [x86] usbip: Increase USBIP_VHCI_NR_HCS to 8 and USBIP_VHCI_HC_PORTS to 31
(Closes: #859641)
* [powerpc/powerpc64,ppc64*] target: Enable SCSI_IBMVSCSIS as module
* cpupower: Fix turbo frequency reporting for pre-Sandy Bridge cores
(Closes: #859978)
* udeb: Include all AHCI drivers in sata-modules (Closes: #860335)
* [powerpc/powerpc64,ppc64] Set NR_CPUS=2048, matching ppc64el
* [powerpc*/*64*] Enable CPUMASK_OFFSTACK to reduce stack usage
* [mips*el/loongson-3] Set NR_CPUS=16 to allow for Loongson 3B2000
* [mips*/octeon] Set NR_CPUS=64 to allow for Cavium CN7890
* [arm64] Set NR_CPUS=256 to allow for multi-SoC systems (Closes: #861209)
* [powerpc/powerpc-smp,powerpcspe] Explicitly set NR_CPUS=4
* Move debug symbols back to the main archive, to avoid problems with the
current handling in dak
* linux-image: Disable signing until it's supported in dak
* [rt] Update to 4.9.20-rt16:
- rtmutex: Make lock_killable work
- rtmutex: Provide rt_mutex_lock_state()
- rtmutex: Provide locked slowpath
- rwsem/rt: Lift single reader restriction
* PCI: Enable PCIE_PTM (except on armel/marvell)
* 6lowpan: Enable Generic Header Compression modules
* net/sched: Enable NET_ACT_SKBMOD as module
* ethernet: Enable NFP_NETVF as module
* net/phy: Enable MICROSEMI_PHY as module
* input/tablet: Enable TABLET_USB_PEGASUS as module
* [x86] input/touchscreen: Enable TOUCHSCREEN_SURFACE3_SPI as module
* serial/8250: Enable SERIAL_8250_MOXA as module
* [x86] gpio: Enable GPIO_AMDPT as module
* [x86] thermal: Enable INT3406_THERMAL as module
* watchdog: Enable WATCHDOG_SYSFS
* integrity: Enable IMA, IMA_DEFAULT_HASH_SHA256, IMA_APPRAISE,
IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY, IMA_BLACKLIST_KEYRING
(except on armel/marvell) (Closes: #788290)
* media: Enable VIDEO_TW5864, VIDEO_TW686X as modules
* [x86] amdgpu,sound/soc: Enable DRM_AMD_ACP; enable SND_SOC_AMD_ACP as module
* hda: Set SND_HDA_PREALLOC_SIZE=2048 as recommended for PulseAudio
* HID: Enable HID_SENSOR_CUSTOM_SENSOR as module
* leds,USB: Enable USB_LEDS_TRIGGER_USBPORT as module
* usbip: Enable USBIP_VUDC as module
* USB/misc: Enable UCSI as module
* leds: Enable LEDS_TRIGGER_DISK, LEDS_TRIGGER_MTD, LEDS_TRIGGER_PANIC
* IB: Enable INFINIBAND_HFI1, INFINIBAND_I40IW, INFINIBAND_QEDR, RDMA_RXE
as modules
* [amd64] EDAC: Enable EDAC_SKX as module
* [x86] comedi: Enable COMEDI_ADV_PCI1720, COMEDI_ADV_PCI1760 as modules
* [x86] platform: Enable INTEL_HID_EVENT as module
* [x86] hwtracing: Enable INTEL_TH, INTEL_TH_PCI, INTEL_TH_GTH, INTEL_TH_MSU,
INTEL_TH_PTI as modules
* [rt] tracing: Enable HWLAT_TRACER
* [x86] crypto: Enable CRYPTO_DEV_QAT_C3XXX, CRYPTO_DEV_QAT_C62X,
CRYPTO_DEV_QAT_C3XXXVF, CRYPTO_DEV_QAT_C62XVF as modules
* crypto: Enable CRYPTO_DEV_CHELSIO as module
* [arm64] Enable ARMV8_DEPRECATED, SWP_EMULATION, CP15_BARRIER_EMULATION,
SETEND_EMULATION (Closes: #861384)
* udeb: Add tifm_7xx1 to mmc-modules (Closes: #861195)
* leds: Enable LEDS_GPIO as module for all configurations with GPIOs
(Closes: #860569)
* selinux: Set SECURITY_SELINUX_CHECKREQPROT_VALUE=0, per default.
This may break some old applications if SELinux is enabled, and can be
reverted using the kernel parameter: checkreqprot=1
* udeb: Move mfd-core to kernel-image, as both input-modules and
mmc-modules need it
* crypto: Change CRYPTO_SHA256 from module to built-in, as required by IMA
[ Salvatore Bonaccorso ]
* ping: implement proper locking (CVE-2017-2671)
* macsec: avoid heap overflow in skb_to_sgvec (CVE-2017-7477)
* macsec: dynamically allocate space for sglist
* nfsd: check for oversized NFSv2/v3 arguments (CVE-2017-7645)
* nfsd4: minor NFSv2/v3 write decoding cleanup
* nfsd: stricter decoding of write-like NFSv2/v3 ops (CVE-2017-7895)
[ Aurelien Jarno ]
* [mips*/octeon] Drop obsolete patch adding support for the UBNT E200
board.
* [mips*el/loongson-3] Disable PAGE_EXTENSION and PAGE_POISONING.
[ John Paul Adrian Glaubitz ]
* [m68k] udeb: Enable suffix for kernel-image (Closes: #859366)
-- Ben Hutchings <email address hidden> Tue, 02 May 2017 16:21:44 +0100
