Package "linux"

  linux (4.15.0-47.50) bionic; urgency=medium

  * linux: 4.15.0-47.50 -proposed tracker (LP: #1819716)

  * Packaging resync (LP: #1786013)
    - [Packaging] resync getabis
    - [Packaging] update helper scripts
    - [Packaging] resync retpoline extraction

  * C++ demangling support missing from perf (LP: #1396654)
    - [Packaging] fix a mistype

  * arm-smmu-v3 arm-smmu-v3.3.auto: CMD_SYNC timeout (LP: #1818162)
    - iommu/arm-smmu-v3: Fix unexpected CMD_SYNC timeout

  * Crash in nvme_irq_check() when using threaded interrupts (LP: #1818747)
    - nvme-pci: fix out of bounds access in nvme_cqe_pending

  * CVE-2019-9213
    - mm: enforce min addr even if capable() in expand_downwards()

  * CVE-2019-3460
    - Bluetooth: Check L2CAP option sizes returned from l2cap_get_conf_opt

  * amdgpu with mst WARNING on blanking (LP: #1814308)
    - drm/amd/display: Don't use dc_link in link_encoder
    - drm/amd/display: Move wait for hpd ready out from edp power control.
    - drm/amd/display: eDP sequence BL off first then DP blank.
    - drm/amd/display: Fix unused variable compilation error
    - drm/amd/display: Fix warning about misaligned code
    - drm/amd/display: Fix MST dp_blank REG_WAIT timeout

  * tun/tap: unable to manage carrier state from userland (LP: #1806392)
    - tun: implement carrier change

  * CVE-2019-8980
    - exec: Fix mem leak in kernel_read_file

  * raw_skew in timer from the ubuntu_kernel_selftests failed on Bionic
    (LP: #1811194)
    - selftest: timers: Tweak raw_skew to SKIP when ADJ_OFFSET/other clock
      adjustments are in progress

  * [Packaging] Allow overlay of config annotations (LP: #1752072)
    - [Packaging] config-check: Add an include directive

  * CVE-2019-7308
    - bpf: move {prev_,}insn_idx into verifier env
    - bpf: move tmp variable into ax register in interpreter
    - bpf: enable access to ax register also from verifier rewrite
    - bpf: restrict map value pointer arithmetic for unprivileged
    - bpf: restrict stack pointer arithmetic for unprivileged
    - bpf: restrict unknown scalars of mixed signed bounds for unprivileged
    - bpf: fix check_map_access smin_value test when pointer contains offset
    - bpf: prevent out of bounds speculation on pointer arithmetic
    - bpf: fix sanitation of alu op with pointer / scalar type from different
      paths
    - bpf: add various test cases to selftests

  * CVE-2017-5753
    - bpf: properly enforce index mask to prevent out-of-bounds speculation
    - bpf: fix inner map masking to prevent oob under speculation

  * BPF: kernel pointer leak to unprivileged userspace (LP: #1815259)
    - bpf/verifier: disallow pointer subtraction

  * squashfs hardening (LP: #1816756)
    - squashfs: more metadata hardening
    - squashfs metadata 2: electric boogaloo
    - squashfs: more metadata hardening
    - Squashfs: Compute expected length from inode size rather than block length

  * efi/arm/arm64: Allow SetVirtualAddressMap() to be omitted (LP: #1814982)
    - efi/arm/arm64: Allow SetVirtualAddressMap() to be omitted

  * Update ENA driver to version 2.0.3K (LP: #1816806)
    - net: ena: update driver version from 2.0.2 to 2.0.3
    - net: ena: fix race between link up and device initalization
    - net: ena: fix crash during failed resume from hibernation

  * ipset kernel error: 4.15.0-43-generic (LP: #1811394)
    - netfilter: ipset: Fix wraparound in hash:*net* types

  * Silent "Unknown key" message when pressing keyboard backlight hotkey
    (LP: #1817063)
    - platform/x86: dell-wmi: Ignore new keyboard backlight change event

  * CVE-2018-18021
    - arm64: KVM: Tighten guest core register access from userspace
    - KVM: arm/arm64: Introduce vcpu_el1_is_32bit
    - arm64: KVM: Sanitize PSTATE.M when being set from userspace

  * CVE-2018-14678
    - x86/entry/64: Remove %ebx handling from error_entry/exit

  * CVE-2018-19824
    - ALSA: usb-audio: Fix UAF decrement if card has no live interfaces in card.c

  * CVE-2019-3459
    - Bluetooth: Verify that l2cap_get_conf_opt provides large enough buffer

  * Bionic update: upstream stable patchset 2019-02-08 (LP: #1815234)
    - fork: unconditionally clear stack on fork
    - spi: spi-s3c64xx: Fix system resume support
    - Input: elan_i2c - add ACPI ID for lenovo ideapad 330
    - Input: i8042 - add Lenovo LaVie Z to the i8042 reset list
    - Input: elan_i2c - add another ACPI ID for Lenovo Ideapad 330-15AST
    - kvm, mm: account shadow page tables to kmemcg
    - delayacct: fix crash in delayacct_blkio_end() after delayacct init failure
    - tracing: Fix double free of event_trigger_data
    - tracing: Fix possible double free in event_enable_trigger_func()
    - kthread, tracing: Don't expose half-written comm when creating kthreads
    - tracing/kprobes: Fix trace_probe flags on enable_trace_kprobe() failure
    - tracing: Quiet gcc warning about maybe unused link variable
    - arm64: fix vmemmap BUILD_BUG_ON() triggering on !vmemmap setups
    - mlxsw: spectrum_switchdev: Fix port_vlan refcounting
    - kcov: ensure irq code sees a valid area
    - xen/netfront: raise max number of slots in xennet_get_responses()
    - skip LAYOUTRETURN if layout is invalid
    - ALSA: emu10k1: add error handling for snd_ctl_add
    - ALSA: fm801: add error handling for snd_ctl_add
    - NFSv4.1: Fix the client behaviour on NFS4ERR_SEQ_FALSE_RETRY
    - nfsd: fix potential use-after-free in nfsd4_decode_getdeviceinfo
    - vfio: platform: Fix reset module leak in error path
    - vfio/mdev: Check globally for duplicate devices
    - vfio/type1: Fix task tracking for QEMU vCPU hotplug
    - kernel/hung_task.c: show all hung tasks before panic
    - mm: /proc/pid/pagemap: hide swap entries from unprivileged users
    - mm: vmalloc: avoid racy handling of debugobjects in vunmap
    - mm/slub.c: add __printf verification to slab_err()
    - rtc: ensure rtc_set_alarm fails when alarms are not supported
    - perf tools: Fix pmu events parsin

  linux (4.15.0-46.49) bionic; urgency=medium

  * linux: 4.15.0-46.49 -proposed tracker (LP: #1814726)

  * mprotect fails on ext4 with dax (LP: #1799237)
    - x86/speculation/l1tf: Exempt zeroed PTEs from inversion

  * kernel BUG at /build/linux-vxxS7y/linux-4.15.0/mm/slub.c:296! (LP: #1812086)
    - iscsi target: fix session creation failure handling
    - scsi: iscsi: target: Set conn->sess to NULL when iscsi_login_set_conn_values
      fails
    - scsi: iscsi: target: Fix conn_ops double free

  * user_copy in user from ubuntu_kernel_selftests failed on KVM kernel
    (LP: #1812198)
    - selftests: user: return Kselftest Skip code for skipped tests
    - selftests: kselftest: change KSFT_SKIP=4 instead of KSFT_PASS
    - selftests: kselftest: Remove outdated comment

  * RTL8822BE WiFi Disabled in Kernel 4.18.0-12 (LP: #1806472)
    - SAUCE: staging: rtlwifi: allow RTLWIFI_DEBUG_ST to be disabled
    - [Config] CONFIG_RTLWIFI_DEBUG_ST=n
    - SAUCE: Add r8822be to signature inclusion list

  * kernel oops in bcache module (LP: #1793901)
    - SAUCE: bcache: never writeback a discard operation

  * CVE-2018-18397
    - userfaultfd: use ENOENT instead of EFAULT if the atomic copy user fails
    - userfaultfd: shmem: allocate anonymous memory for MAP_PRIVATE shmem
    - userfaultfd: shmem/hugetlbfs: only allow to register VM_MAYWRITE vmas
    - userfaultfd: shmem: add i_size checks
    - userfaultfd: shmem: UFFDIO_COPY: set the page dirty if VM_WRITE is not set

  * Ignore "incomplete report" from Elan touchpanels (LP: #1813733)
    - HID: i2c-hid: Ignore input report if there's no data present on Elan
      touchpanels

  * Vsock connect fails with ENODEV for large CID (LP: #1813934)
    - vhost/vsock: fix vhost vsock cid hashing inconsistent

  * SRU: Fix thinkpad 11e 3rd boot hang (LP: #1804604)
    - ACPI / LPSS: Force LPSS quirks on boot

  * Bionic update: upstream stable patchset 2019-01-17 (LP: #1812229)
    - scsi: sd_zbc: Fix variable type and bogus comment
    - KVM/Eventfd: Avoid crash when assign and deassign specific eventfd in
      parallel.
    - x86/apm: Don't access __preempt_count with zeroed fs
    - x86/events/intel/ds: Fix bts_interrupt_threshold alignment
    - x86/MCE: Remove min interval polling limitation
    - fat: fix memory allocation failure handling of match_strdup()
    - ALSA: hda/realtek - Add Panasonic CF-SZ6 headset jack quirk
    - ARCv2: [plat-hsdk]: Save accl reg pair by default
    - ARC: Fix CONFIG_SWAP
    - ARC: configs: Remove CONFIG_INITRAMFS_SOURCE from defconfigs
    - ARC: mm: allow mprotect to make stack mappings executable
    - mm: memcg: fix use after free in mem_cgroup_iter()
    - mm/huge_memory.c: fix data loss when splitting a file pmd
    - cpufreq: intel_pstate: Register when ACPI PCCH is present
    - vfio/pci: Fix potential Spectre v1
    - stop_machine: Disable preemption when waking two stopper threads
    - drm/i915: Fix hotplug irq ack on i965/g4x
    - drm/nouveau: Use drm_connector_list_iter_* for iterating connectors
    - drm/nouveau: Avoid looping through fake MST connectors
    - gen_stats: Fix netlink stats dumping in the presence of padding
    - ipv4: Return EINVAL when ping_group_range sysctl doesn't map to user ns
    - ipv6: fix useless rol32 call on hash
    - ipv6: ila: select CONFIG_DST_CACHE
    - lib/rhashtable: consider param->min_size when setting initial table size
    - net: diag: Don't double-free TCP_NEW_SYN_RECV sockets in tcp_abort
    - net: Don't copy pfmemalloc flag in __copy_skb_header()
    - skbuff: Unconditionally copy pfmemalloc in __skb_clone()
    - net/ipv4: Set oif in fib_compute_spec_dst
    - net: phy: fix flag masking in __set_phy_supported
    - ptp: fix missing break in switch
    - qmi_wwan: add support for Quectel EG91
    - tg3: Add higher cpu clock for 5762.
    - hv_netvsc: Fix napi reschedule while receive completion is busy
    - net/mlx4_en: Don't reuse RX page when XDP is set
    - net: systemport: Fix CRC forwarding check for SYSTEMPORT Lite
    - ipv6: make DAD fail with enhanced DAD when nonce length differs
    - net: usb: asix: replace mii_nway_restart in resume path
    - alpha: fix osf_wait4() breakage
    - cxl_getfile(): fix double-iput() on alloc_file() failures
    - powerpc/powernv: Fix save/restore of SPRG3 on entry/exit from stop (idle)
    - xhci: Fix perceived dead host due to runtime suspend race with event handler
    - KVM: irqfd: fix race between EPOLLHUP and irq_bypass_register_consumer
    - x86/kvmclock: set pvti_cpu0_va after enabling kvmclock
    - ALSA: hda/realtek - Yet another Clevo P950 quirk entry
    - drm/amdgpu: Reserve VM root shared fence slot for command submission (v3)
    - rhashtable: add restart routine in rhashtable_free_and_destroy()
    - sch_fq_codel: zero q->flows_cnt when fq_codel_init fails
    - sctp: introduce sctp_dst_mtu
    - sctp: fix the issue that pathmtu may be set lower than MINSEGMENT
    - net: aquantia: vlan unicast address list correct handling
    - drm_mode_create_lease_ioctl(): fix open-coded filp_clone_open()

  * Bionic update: upstream stable patchset 2019-01-15 (LP: #1811877)
    - compiler-gcc.h: Add __attribute__((gnu_inline)) to all inline declarations
    - x86/asm: Add _ASM_ARG* constants for argument registers to <asm/asm.h>
    - x86/paravirt: Make native_save_fl() extern inline
    - Btrfs: fix duplicate extents after fsync of file with prealloc extents
    - cpufreq / CPPC: Set platform specific transition_delay_us
    - PCI: exynos: Fix a potential init_clk_resources NULL pointer dereference
    - alx: take rtnl before calling __alx_open from resume
    - atm: Preserve value of skb->truesize when accounting to vcc
    - atm: zatm: Fix potential Spectre v1
    - ipv6: sr: fix passing wrong flags to crypto_alloc_shash()
    - ipvlan: fix IFLA_MTU ignored on NEWLINK
    - ixgbe: split XDP_TX tail and XDP_REDIRECT map flushing
    - net: dccp: avoid crash in ccid3_hc_rx_send_fee

  linux (4.15.0-45.48) bionic; urgency=medium

  * linux: 4.15.0-45.48 -proposed tracker (LP: #1813779)

  * External monitors does not work anymore 4.15.0-44 (LP: #1813663)
    - SAUCE: Revert "drm/i915/dp: Send DPCD ON for MST before phy_up"

  * kernel 4.15.0-44 cannot mount ext4 fs with meta_bg enabled (LP: #1813727)
    - ext4: fix false negatives *and* false positives in ext4_check_descriptors()

 -- Stefan Bader <email address hidden> Tue, 29 Jan 2019 16:39:15 +0100

  linux (4.15.0-44.47) bionic; urgency=medium

  * linux: 4.15.0-44.47 -proposed tracker (LP: #1811419)

  * Packaging resync (LP: #1786013)
    - [Packaging] update helper scripts

  * CPU hard lockup with rigorous writes to NVMe drive (LP: #1810998)
    - blk-wbt: pass in enum wbt_flags to get_rq_wait()
    - blk-wbt: Avoid lock contention and thundering herd issue in wbt_wait
    - blk-wbt: move disable check into get_limit()
    - blk-wbt: use wq_has_sleeper() for wq active check
    - blk-wbt: fix has-sleeper queueing check
    - blk-wbt: abstract out end IO completion handler
    - blk-wbt: improve waking of tasks

  * To reduce the Realtek USB cardreader power consumption (LP: #1811337)
    - mmc: sdhci: Disable 1.8v modes (HS200/HS400/UHS) if controller can't support
      1.8v
    - mmc: core: Introduce MMC_CAP_SYNC_RUNTIME_PM
    - mmc: rtsx_usb_sdmmc: Don't runtime resume the device while changing led
    - mmc: rtsx_usb: Use MMC_CAP2_NO_SDIO
    - mmc: rtsx_usb: Enable MMC_CAP_ERASE to allow erase/discard/trim requests
    - mmc: rtsx_usb_sdmmc: Re-work runtime PM support
    - mmc: rtsx_usb_sdmmc: Re-work card detection/removal support
    - memstick: rtsx_usb_ms: Add missing pm_runtime_disable() in probe function
    - misc: rtsx_usb: Use USB remote wakeup signaling for card insertion detection
    - memstick: Prevent memstick host from getting runtime suspended during card
      detection
    - memstick: rtsx_usb_ms: Use ms_dev() helper
    - memstick: rtsx_usb_ms: Support runtime power management

  * Support non-strict iommu mode on arm64 (LP: #1806488)
    - iommu/io-pgtable-arm: Fix race handling in split_blk_unmap()
    - iommu/arm-smmu-v3: Implement flush_iotlb_all hook
    - iommu/dma: Add support for non-strict mode
    - iommu: Add "iommu.strict" command line option
    - iommu/io-pgtable-arm: Add support for non-strict mode
    - iommu/arm-smmu-v3: Add support for non-strict mode
    - iommu/io-pgtable-arm-v7s: Add support for non-strict mode
    - iommu/arm-smmu: Support non-strict mode

  * ELAN900C:00 04F3:2844 touchscreen doesn't work (LP: #1811335)
    - pinctrl: cannonlake: Fix community ordering for H variant
    - pinctrl: cannonlake: Fix HOSTSW_OWN register offset of H variant

  * Add Cavium ThunderX2 SoC UNCORE PMU driver (LP: #1811200)
    - perf: Export perf_event_update_userpage
    - Documentation: perf: Add documentation for ThunderX2 PMU uncore driver
    - drivers/perf: Add Cavium ThunderX2 SoC UNCORE PMU driver
    - [Config] New config CONFIG_THUNDERX2_PMU=m

  * Update hisilicon SoC-specific drivers (LP: #1810457)
    - SAUCE: Revert "net: hns3: Updates RX packet info fetch in case of multi BD"
    - Revert "UBUNTU: SAUCE: {topost} net: hns3: separate roce from nic when
      resetting"
    - Revert "UBUNTU: SAUCE: {topost} net: hns3: Use roce handle when calling roce
      callback function"
    - Revert "UBUNTU: SAUCE: {topost} net: hns3: Add calling roce callback
      function when link status change"
    - Revert "UBUNTU: SAUCE: {topost} net: hns3: optimize the process of notifying
      roce client"
    - Revert "UBUNTU: SAUCE: {topost} net: hns3: Add pf reset for hip08 RoCE"
    - scsi: hisi_sas: Remove depends on HAS_DMA in case of platform dependency
    - ethernet: hisilicon: hns: hns_dsaf_mac: Use generic eth_broadcast_addr
    - scsi: hisi_sas: consolidate command check in hisi_sas_get_ata_protocol()
    - scsi: hisi_sas: remove some unneeded structure members
    - scsi: hisi_sas: Introduce hisi_sas_phy_set_linkrate()
    - net: hns: Fix the process of adding broadcast addresses to tcam
    - net: hns3: remove redundant variable 'protocol'
    - scsi: hisi_sas: Drop hisi_sas_slot_abort()
    - net: hns: Make many functions static
    - net: hns: make hns_dsaf_roce_reset non static
    - net: hisilicon: hns: Replace mdelay() with msleep()
    - net: hns3: fix return value error while hclge_cmd_csq_clean failed
    - net: hns: remove redundant variables 'max_frm' and 'tmp_mac_key'
    - net: hns: Mark expected switch fall-through
    - net: hns3: Mark expected switch fall-through
    - net: hns3: Remove tx ring BD len register in hns3_enet
    - net: hns: modify variable type in hns_nic_reuse_page
    - net: hns: use eth_get_headlen interface instead of hns_nic_get_headlen
    - net: hns3: modify variable type in hns3_nic_reuse_page
    - net: hns3: Fix for vf vlan delete failed problem
    - net: hns3: Fix for multicast failure
    - net: hns3: Fix error of checking used vlan id
    - net: hns3: Implement shutdown ops in hns3 pci driver
    - net: hns3: Fix for loopback selftest failed problem
    - net: hns3: Fix ping exited problem when doing lp selftest
    - net: hns3: Preserve vlan 0 in hardware table
    - net: hns3: Only update mac configuation when necessary
    - net: hns3: Change the dst mac addr of loopback packet
    - net: hns3: Remove redundant codes of query advertised flow control abilitiy
    - net: hns3: Refine hns3_get_link_ksettings()
    - net: hns: make function hns_gmac_wait_fifo_clean() static
    - net: hns3: Add default irq affinity
    - net: hns3: Add unlikely for buf_num check
    - net: hns3: Remove tx budget to clean more TX descriptors in a napi
    - net: hns3: Remove packet statistics of public
    - net: hns3: Add support for hns3_nic_netdev_ops.ndo_do_ioctl
    - net: hns3: Set STATE_DOWN bit of hdev state when stopping net
    - net: hns3: Check hdev state when getting link status
    - net: hns3: Fix for setting speed for phy failed problem
    - net: hns3: Fix cmdq registers initialization issue for vf
    - net: hns3: Clear client pointer when initialize client failed or unintialize
      finished
    - net: hns3: Fix client initialize state issue when roce client initialize
      failed
    - net: hns3: Fix parameter type for q_id in hclge_tm_q_to_qs_map_cfg()
    - net: hns3: Fix ets validate issue
    - net: hns3: Unify the type convert for desc.data
    - net: hns3: Adjust prefix of tx/r

  linux (4.15.0-43.46) bionic; urgency=medium

  * linux: 4.15.0-43.46 -proposed tracker (LP: #1806659)

  * System randomly hangs during suspend when mei_wdt is loaded (LP: #1803942)
    - SAUCE: base/dd: limit release function changes to vfio driver only

  * Workaround CSS timeout on AMD SNPS 3.0 xHC (LP: #1806838)
    - xhci: Allow more than 32 quirks
    - xhci: workaround CSS timeout on AMD SNPS 3.0 xHC

  * linux-buildinfo: pull out ABI information into its own package
    (LP: #1806380)
    - [Packaging] limit preparation to linux-libc-dev in headers
    - [Packaging] commonise debhelper invocation
    - [Packaging] ABI -- accumulate abi information at the end of the build
    - [Packaging] buildinfo -- add basic build information
    - [Packaging] buildinfo -- add firmware information to the flavour ABI
    - [Packaging] buildinfo -- add compiler information to the flavour ABI
    - [Packaging] buildinfo -- add buildinfo support to getabis
    - [Config] buildinfo -- add retpoline version markers

  * linux packages should own /usr/lib/linux/triggers (LP: #1770256)
    - [Packaging] own /usr/lib/linux/triggers

  * CVE-2018-12896
    - posix-timers: Sanitize overrun handling

  * CVE-2018-16276
    - USB: yurex: fix out-of-bounds uaccess in read handler

  * CVE-2018-10902
    - ALSA: rawmidi: Change resized buffers atomically

  * CVE-2018-18710
    - cdrom: fix improper type cast, which can leat to information leak.

  * CVE-2018-18690
    - xfs: don't fail when converting shortform attr to long form during
      ATTR_REPLACE

  * CVE-2018-14734
    - infiniband: fix a possible use-after-free bug

  * CVE-2018-18445
    - bpf: 32-bit RSH verification must truncate input before the ALU op

  * Packaging resync (LP: #1786013)
    - [Packaging] update helper scripts

 -- Kleber Sacilotto de Souza <email address hidden> Thu, 06 Dec 2018 13:52:12 +0000