Ubuntu
linux package

shiftfs: chown sets untranslated ids in lower fs

Bug #1824350 reported by Seth Forshee on 2019-04-11

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	linux (Ubuntu)	Fix Released	High	Seth Forshee

Bug Description

SRU Justification

Impact: shiftfs_setattr() creates an iattr struct with shifted ids for the lower fs, but then mistakenly passes the original iattr struct when changing the lower filesystem attributes. As a result, chown on a shiftfs filesystem sets ownership using the untranslated user and group ids.

Fix: Pass the struct containing shifted uids to notify_change().

Regression Potential: This is a simple and obvious fix, and it has been tested to confirm it fixes the issue. Therefore the risk of regressions is low.

Test Case: Within a lxd container using shiftfs, run:

# mkdir dir
# touch file
# ls -lh dir file
drwxr-xr-x 2 root root 4.0K Apr 11 13:05 dir
-rw-r--r-- 1 root root 0 Apr 11 13:05 file
# chown 500:500 dir file
# ls -lh dir file

Expected result:

drwxr-xr-x 2 500 500 4.0K Apr 11 13:05 dir
-rw-r--r-- 1 500 500 0 Apr 11 13:05 file

Result in 5.0.0-10.11:

drwxr-xr-x 2 1000500 1000500 4.0K Apr 11 12:42 dir
-rw-r--r-- 1 1000500 1000500 0 Apr 11 12:42 file

Tags:

CVE References

2019-9857

Seth Forshee (sforshee) on 2019-04-11

summary:

- chown sets wrong owner in shiftfs
+ shiftfs: chown sets untranslated ids in lower fs

Seth Forshee (sforshee) on 2019-04-11

Changed in linux (Ubuntu):
status:	In Progress → Fix Committed

Revision history for this message

Launchpad Janitor (janitor) wrote on 2019-04-13:

Download full text (50.5 KiB)

This bug was fixed in the package linux - 5.0.0-11.12

---------------
linux (5.0.0-11.12) disco; urgency=medium

* linux: 5.0.0-11.12 -proposed tracker (LP: #1824383)

  * hns3: PPU_PF_ABNORMAL_INT_ST over_8bd_no_fe found [error status=0x1]
    (LP: #1824194)
    - net: hns3: fix for not calculating tx bd num correctly

  * disco: unable to use iptables/enable ufw under -virtual kernel
    (LP: #1823862)
    - [Packaging] add bpfilter to linux-modules

* Make shiftfs a module rather than built-in (LP: #1824354)
- [Config] CONFIG_SHIFT_FS=m

* shiftfs: chown sets untranslated ids in lower fs (LP: #1824350)
- SAUCE: shiftfs: use translated ids when chaning lower fs attrs

* [Hyper-V] KVP daemon fails to start on first boot of disco VM (LP: #1820063)
- [Packaging] bind hv_kvp_daemon startup to hv_kvp device

linux (5.0.0-10.11) disco; urgency=medium

* linux: 5.0.0-10.11 -proposed tracker (LP: #1823936)

* Apparmor enforcement failure in lxc selftests (LP: #1823379)
- SAUCE: apparmor: Restore Y/N in /sys for apparmor's "enabled"

  * systemd cause kernel trace "BUG: unable to handle kernel paging request at
    6db23a14" on Cosmic i386 (LP: #1813244)
    - openvswitch: fix flow actions reallocation

linux (5.0.0-9.10) disco; urgency=medium

* linux: 5.0.0-9.10 -proposed tracker (LP: #1823228)

  * Packaging resync (LP: #1786013)
    - [Packaging] resync git-ubuntu-log
    - [Packaging] update helper scripts
    - [Packaging] resync retpoline extraction

* Huawei Hi1822 NIC has poor performance (LP: #1820187)
- net-next/hinic: replace disable_irq_nosync/enable_irq

  * Add uid shifting overlay filesystem (shiftfs) (LP: #1823186)
    - shiftfs: uid/gid shifting bind mount
    - shiftfs: rework and extend
    - shiftfs: support some btrfs ioctls
    - [Config] enable shiftfs

* Cannot boot or install - have to use nomodeset (LP: #1821820)
- Revert "drm/i915/fbdev: Actually configure untiled displays"

This bug was fixed in the package linux - 5.0.0-11.12

---------------
linux (5.0.0-11.12) disco; urgency=medium

* linux: 5.0.0-11.12 -proposed tracker (LP: #1824383)

* hns3: PPU_PF_ABNORMAL_INT_ST over_8bd_no_fe found [error status=0x1]
    (LP: #1824194)
    - net: hns3: fix for not calculating tx bd num correctly

* disco: unable to use iptables/enable ufw under -virtual kernel
    (LP: #1823862)
    - [Packaging] add bpfilter to linux-modules

* Make shiftfs a module rather than built-in (LP: #1824354)
    - [Config] CONFIG_SHIFT_FS=m

* shiftfs: chown sets untranslated ids in lower fs (LP: #1824350)
    - SAUCE: shiftfs: use translated ids when chaning lower fs attrs

* [Hyper-V] KVP daemon fails to start on first boot of disco VM (LP: #1820063)
    - [Packaging] bind hv_kvp_daemon startup to hv_kvp device

linux (5.0.0-10.11) disco; urgency=medium

* linux: 5.0.0-10.11 -proposed tracker (LP: #1823936)

* Apparmor enforcement failure in lxc selftests (LP: #1823379)
    - SAUCE: apparmor: Restore Y/N in /sys for apparmor's "enabled"

* systemd cause kernel trace "BUG: unable to handle kernel paging request at
    6db23a14" on Cosmic i386 (LP: #1813244)
    - openvswitch: fix flow actions reallocation

linux (5.0.0-9.10) disco; urgency=medium

* linux: 5.0.0-9.10 -proposed tracker (LP: #1823228)

* Packaging resync (LP: #1786013)
    - [Packaging] resync git-ubuntu-log
    - [Packaging] update helper scripts
    - [Packaging] resync retpoline extraction

* Huawei Hi1822 NIC has poor performance (LP: #1820187)
    - net-next/hinic: replace disable_irq_nosync/enable_irq

* Cannot boot or install - have to use nomodeset (LP: #1821820)
    - Revert "drm/i915/fbdev: Actually configure untiled displays"

* Disco update: v5.0.6 upstream stable release (LP: #1823060)
    - netfilter: nf_tables: fix set double-free in abort path
    - dccp: do not use ipv6 header for ipv4 flow
    - genetlink: Fix a memory leak on error path
    - gtp: change NET_UDP_TUNNEL dependency to select
    - ipv6: make ip6_create_rt_rcu return ip6_null_entry instead of NULL
    - mac8390: Fix mmio access size probe
    - mISDN: hfcpci: Test both vendor & device ID for Digium HFC4S
    - net: aquantia: fix rx checksum offload for UDP/TCP over IPv6
    - net: datagram: fix unbounded loop in __skb_try_recv_datagram()
    - net/packet: Set __GFP_NOWARN upon allocation in alloc_pg_vec
    - net: phy: meson-gxl: fix interrupt support
    - net: rose: fix a possible stack overflow
    - net: stmmac: fix memory corruption with large MTUs
    - net-sysfs: call dev_hold if kobject_init_and_add success
    - net: usb: aqc111: Extend HWID table by QNAP device
    - packets: Always register packet sk in the same order
    - rhashtable: Still do rehash when we get EEXIST
    - sctp: get sctphdr by offset in sctp_compute_cksum
    - sctp: use memdup_user instead of vmemdup_user
    - tcp: do not use ipv6 header for ipv4 flow
    - tipc: allow service ranges to be connect()'ed on RDM/DGRAM
    - tipc: change to check tipc_own_id to return in tipc_net_stop
    - tipc: fix cancellation of topology subscriptions
    - tun: properly test for IFF_UP
    - vrf: prevent adding upper devices
    - vxlan: Don't call gro_cells_destroy() before device is unregistered
    - thunderx: enable page recycling for non-XDP case
    - thunderx: eliminate extra calls to put_page() for pages held for recycling
    - net: dsa: mv88e6xxx: fix few issues in mv88e6390x_port_set_cmode
    - net: mii: Fix PAUSE cap advertisement from linkmode_adv_to_lcl_adv_t()
      helper
    - net: phy: don't clear BMCR in genphy_soft_reset
    - r8169: fix cable re-plugging issue
    - ila: Fix rhashtable walker list corruption
    - tun: add a missing rcu_read_unlock() in error path
    - powerpc/fsl: Fix the flush of branch predictor.
    - Btrfs: fix incorrect file size after shrinking truncate and fsync
    - btrfs: remove WARN_ON in log_dir_items
    - btrfs: don't report readahead errors and don't update statistics
    - btrfs: Fix bound checking in qgroup_trace_new_subtree_blocks
    - btrfs: Avoid possible qgroup_rsv_size overflow in
      btrfs_calculate_inode_block_rsv_size
    - Btrfs: fix assertion failure on fsync with NO_HOLES enabled
    - locks: wake any locks blocked on request before deadlock check
    - tracing: initialize variable in create_dyn_event()
    - ARM: imx6q: cpuidle: fix bug that CPU might not wake up at expected time
    - powerpc: bpf: Fix generation of load/store DW instructions
    - vfio: ccw: only free cp on final interrupt
    - NFS: Fix nfs4_lock_state refcounting in nfs4_alloc_{lock,unlock}data()
    - NFS: fix mount/umount race in nlmclnt.
    - NFSv4.1 don't free interrupted slot on open
    - net: dsa: qca8k: remove leftover phy accessors
    - ALSA: rawmidi: Fix potential Spectre v1 vulnerability
    - ALSA: seq: oss: Fix Spectre v1 vulnerability
    - ALSA: pcm: Fix possible OOB access in PCM oss plugins
    - ALSA: pcm: Don't suspend stream in unrecoverable PCM state
    - ALSA: hda/realtek - Fixed Headset Mic JD not stable
    - ALSA: hda/realtek: merge alc_fixup_headset_jack to alc295_fixup_chromebook
    - ALSA: hda/realtek - Add support headset mode for DELL WYSE AIO
    - ALSA: hda/realtek - Add support headset mode for New DELL WYSE NB
    - ALSA: hda/realtek: Enable headset MIC of Acer AIO with ALC286
    - ALSA: hda/realtek: Enable headset MIC of Acer Aspire Z24-890 with ALC286
    - ALSA: hda/realtek - Add support for Acer Aspire E5-523G/ES1-432 headset mic
    - ALSA: hda/realtek: Enable ASUS X441MB and X705FD headset MIC with ALC256
    - ALSA: hda/realtek: Enable headset mic of ASUS P5440FF with ALC256
    - ALSA: hda/realtek: Enable headset MIC of ASUS X430UN and X512DK with ALC256
    - ALSA: hda/realtek - Fix speakers on Acer Predator Helios 500 Ryzen laptops
    - kbuild: modversions: Fix relative CRC byte order interpretation
    - fs/open.c: allow opening only regular files during execve()
    - ocfs2: fix inode bh swapping mixup in ocfs2_reflink_inodes_lock
    - scsi: sd: Fix a race between closing an sd device and sd I/O
    - scsi: sd: Quiesce warning if device does not report optimal I/O size
    - scsi: zfcp: fix rport unblock if deleted SCSI devices on Scsi_Host
    - scsi: zfcp: fix scsi_eh host reset with port_forced ERP for non-NPIV FCP
      devices
    - drm/rockchip: vop: reset scale mode when win is disabled
    - tty/serial: atmel: Add is_half_duplex helper
    - tty/serial: atmel: RS485 HD w/DMA: enable RX after TX is stopped
    - tty: mxs-auart: fix a potential NULL pointer dereference
    - tty: atmel_serial: fix a potential NULL pointer dereference
    - tty: serial: qcom_geni_serial: Initialize baud in qcom_geni_console_setup
    - staging: comedi: ni_mio_common: Fix divide-by-zero for DIO cmdtest
    - staging: olpc_dcon_xo_1: add missing 'const' qualifier
    - staging: speakup_soft: Fix alternate speech with other synths
    - staging: vt6655: Remove vif check from vnt_interrupt
    - staging: vt6655: Fix interrupt race condition on device start up.
    - staging: erofs: fix to handle error path of erofs_vmap()
    - staging: erofs: fix error handling when failed to read compresssed data
    - staging: erofs: keep corrupted fs from crashing kernel in erofs_readdir()
    - serial: max310x: Fix to avoid potential NULL pointer dereference
    - serial: mvebu-uart: Fix to avoid a potential NULL pointer dereference
    - serial: sh-sci: Fix setting SCSCR_TIE while transferring data
    - USB: serial: cp210x: add new device id
    - USB: serial: ftdi_sio: add additional NovaTech products
    - USB: serial: mos7720: fix mos_parport refcount imbalance on error path
    - USB: serial: option: set driver_info for SIM5218 and compatibles
    - USB: serial: option: add support for Quectel EM12
    - USB: serial: option: add Olicard 600
    - ACPI / CPPC: Fix guaranteed performance handling
    - Disable kgdboc failed by echo space to /sys/module/kgdboc/parameters/kgdboc
    - fs/proc/proc_sysctl.c: fix NULL pointer dereference in put_links
    - drivers/block/zram/zram_drv.c: fix idle/writeback string compare
    - blk-mq: fix sbitmap ws_active for shared tags
    - cpufreq: intel_pstate: Also use CPPC nominal_perf for base_frequency
    - cpufreq: scpi: Fix use after free
    - drm/vgem: fix use-after-free when drm_gem_handle_create() fails
    - drm/vkms: fix use-after-free when drm_gem_handle_create() fails
    - drm/i915: Mark AML 0x87CA as ULX
    - drm/i915/gvt: Fix MI_FLUSH_DW parsing with correct index check
    - drm/i915/icl: Fix the TRANS_DDI_FUNC_CTL2 bitfield macro
    - gpio: exar: add a check for the return value of ida_simple_get fails
    - gpio: adnp: Fix testing wrong value in adnp_gpio_direction_input
    - phy: sun4i-usb: Support set_mode to USB_HOST for non-OTG PHYs
    - usb: mtu3: fix EXTCON dependency
    - USB: gadget: f_hid: fix deadlock in f_hidg_write()
    - usb: common: Consider only available nodes for dr_mode
    - mm/memory.c: fix modifying of page protection by insert_pfn()
    - usb: host: xhci-rcar: Add XHCI_TRUST_TX_LENGTH quirk
    - xhci: Fix port resume done detection for SS ports with LPM enabled
    - usb: xhci: dbc: Don't free all memory with spinlock held
    - xhci: Don't let USB3 ports stuck in polling state prevent suspend
    - usb: cdc-acm: fix race during wakeup blocking TX traffic
    - usb: typec: tcpm: Try PD-2.0 if sink does not respond to 3.0 source-caps
    - usb: typec: Fix unchecked return value
    - mm/hotplug: fix offline undo_isolate_page_range()
    - mm: add support for kmem caches in DMA32 zone
    - iommu/io-pgtable-arm-v7s: request DMA32 memory, and improve debugging
    - mm: mempolicy: make mbind() return -EIO when MPOL_MF_STRICT is specified
    - mm/debug.c: fix __dump_page when mapping->host is not set
    - mm/memory_hotplug.c: fix notification in offline error path
    - mm/page_isolation.c: fix a wrong flag in set_migratetype_isolate()
    - mm/migrate.c: add missing flush_dcache_page for non-mapped page migrate
    - perf pmu: Fix parser error for uncore event alias
    - perf intel-pt: Fix TSC slip
    - objtool: Query pkg-config for libelf location
    - powerpc/pseries/energy: Use OF accessor functions to read ibm,drc-indexes
    - powerpc/64: Fix memcmp reading past the end of src/dest
    - powerpc/pseries/mce: Fix misleading print for TLB mutlihit
    - watchdog: Respect watchdog cpumask on CPU hotplug
    - cpu/hotplug: Prevent crash when CPU bringup fails on CONFIG_HOTPLUG_CPU=n
    - x86/smp: Enforce CONFIG_HOTPLUG_CPU when SMP=y
    - KVM: Reject device ioctls from processes other than the VM's creator
    - KVM: x86: Emulate MSR_IA32_ARCH_CAPABILITIES on AMD hosts
    - KVM: x86: update %rip after emulating IO
    - bpf: do not restore dst_reg when cur_state is freed
    - mt76x02u: use usb_bulk_msg to upload firmware
    - Linux 5.0.6

* RDMA/hns updates for disco (LP: #1822897)
    - RDMA/hns: Fix the bug with updating rq head pointer when flush cqe
    - RDMA/hns: Bugfix for the scene without receiver queue
    - RDMA/hns: Add constraint on the setting of local ACK timeout
    - RDMA/hns: Modify the pbl ba page size for hip08
    - RDMA/hns: RDMA/hns: Assign rq head pointer when enable rq record db
    - RDMA/hns: Add the process of AEQ overflow for hip08
    - RDMA/hns: Add SCC context allocation support for hip08
    - RDMA/hns: Add SCC context clr support for hip08
    - RDMA/hns: Add timer allocation support for hip08
    - RDMA/hns: Remove set but not used variable 'rst'
    - RDMA/hns: Make some function static
    - RDMA/hns: Fix the Oops during rmmod or insmod ko when reset occurs
    - RDMA/hns: Fix the chip hanging caused by sending mailbox&CMQ during reset
    - RDMA/hns: Fix the chip hanging caused by sending doorbell during reset
    - RDMA/hns: Limit minimum ROCE CQ depth to 64
    - RDMA/hns: Fix the state of rereg mr
    - RDMA/hns: Set allocated memory to zero for wrid
    - RDMA/hns: Delete useful prints for aeq subtype event
    - RDMA/hns: Configure capacity of hns device
    - RDMA/hns: Modify qp&cq&pd specification according to UM
    - RDMA/hns: Bugfix for set hem of SCC
    - RDMA/hns: Use GFP_ATOMIC in hns_roce_v2_modify_qp

* autopkgtests run too often, too much and don't skip enough (LP: #1823056)
    - Set +x on rebuild testcase.
    - Skip rebuild test, for regression-suite deps.
    - Make ubuntu-regression-suite skippable on unbootable kernels.
    - make rebuild use skippable error codes when skipping.
    - Only run regression-suite, if requested to.

* touchpad not working on lenovo yoga 530 (LP: #1787775)
    - Revert "UBUNTU: SAUCE: i2c:amd Depends on ACPI"
    - Revert "UBUNTU: SAUCE: i2c:amd move out pointer in union i2c_event_base"
    - i2c: add extra check to safe DMA buffer helper
    - i2c: Add drivers for the AMD PCIe MP2 I2C controller
    - [Config] Update config for AMD MP2 I2C driver

* Detect SMP PHY control command errors (LP: #1822680)
    - scsi: libsas: Check SMP PHY control function result

* disable a.out support (LP: #1818552)
    - [Config] Disable a.out support
    - [Config] remove binfmt_aout from abi for i386 lowlatency

* bionic: fork out linux-snapdragon into its own topic kernel (LP: #1820868)
    - [Packaging] remove snapdragon flavour support
    - Revert "UBUNTU: SAUCE: (snapdragon) drm/msm/adv7511: wrap hacks under
      CONFIG_ADV7511_SNAPDRAGON_HACKS #ifdefs"
    - Revert "UBUNTU: SAUCE: (snapdragon) media: ov5645: skip address change if dt
      addr == default addr"
    - Revert "UBUNTU: SAUCE: (snapdragon) DT: leds: Add Qualcomm Light Pulse
      Generator binding"
    - Revert "UBUNTU: SAUCE: (snapdragon) MAINTAINERS: Add Qualcomm Camera Control
      Interface driver"
    - Revert "UBUNTU: SAUCE: (snapdragon) dt-bindings: media: Binding document for
      Qualcomm Camera Control Interface driver"
    - Revert "UBUNTU: SAUCE: (snapdragon) leds: Add driver for Qualcomm LPG"
    - Revert "UBUNTU: SAUCE: (snapdragon) HACK: drm/msm/adv7511: Don't rely on
      interrupts for EDID parsing"
    - Revert "UBUNTU: SAUCE: (snapdragon) drm/bridge/adv7511: Delay clearing of
      HPD interrupt status"
    - Revert "UBUNTU: SAUCE: (snapdragon) media: ov5645: Fix I2C address"
    - Revert "UBUNTU: SAUCE: (snapdragon) i2c-qcom-cci: Fix I2C address bug"
    - Revert "UBUNTU: SAUCE: (snapdragon) i2c-qcom-cci: Fix run queue completion
      timeout"
    - Revert "UBUNTU: SAUCE: (snapdragon) camss: Do not register if no cameras are
      present"
    - Revert "UBUNTU: SAUCE: (snapdragon) i2c: Add Qualcomm Camera Control
      Interface driver"
    - Revert "UBUNTU: SAUCE: (snapdragon) ov5645: I2C address change"
    - Revert "UBUNTU: SAUCE: (snapdragon) regulator: smd: Allow
      REGULATOR_QCOM_SMD_RPM=m"
    - Revert "UBUNTU: SAUCE: (snapdragon) cpufreq: Add apq8016 to cpufreq-dt-
      platdev blacklist"
    - Revert "UBUNTU: SAUCE: (snapdragon) PM / OPP: Add a helper to get an opp
      regulator for device"
    - Revert "UBUNTU: SAUCE: (snapdragon) PM / OPP: HACK: Allow to set regulator
      without opp_list"
    - Revert "UBUNTU: SAUCE: (snapdragon) PM / OPP: Drop RCU usage in
      dev_pm_opp_adjust_voltage()"
    - Revert "UBUNTU: SAUCE: (snapdragon) PM / OPP: Support adjusting OPP voltages
      at runtime"
    - Revert "UBUNTU: SAUCE: (snapdragon) regulator: smd: Add floor and corner
      operations"
    - Revert "UBUNTU: SAUCE: (snapdragon) power: avs: cpr: Register with cpufreq-
      dt"
    - Revert "UBUNTU: SAUCE: (snapdragon) power: avs: cpr: fix with new
      reg_sequence structures"
    - Revert "UBUNTU: SAUCE: (snapdragon) power: avs: cpr: Use raw mem access for
      qfprom"
    - Revert "UBUNTU: SAUCE: (snapdragon) power: avs: Add support for CPR (Core
      Power Reduction)"
    - Revert "UBUNTU: SAUCE: (snapdragon) HACK: drm/msm/iommu: Remove runtime_put
      calls in map/unmap"
    - Revert "UBUNTU: SAUCE: (snapdragon) arm64: defconfig: enable LEDS_QCOM_LPG"
    - Revert "UBUNTU: SAUCE: (snapdragon) kernel: distro.config: enable 'BBR' TCP
      congestion algorithm"
    - Revert "UBUNTU: SAUCE: (snapdragon) kernel: distro.config: enable 'fq' and
      'fq_codel' qdiscs"
    - Revert "UBUNTU: SAUCE: (snapdragon) kernel: distro.config: enable
      'schedutil' CPUfreq governor"
    - Revert "UBUNTU: SAUCE: (snapdragon) kernel: configs: set USB_CONFIG_F_FS in
      distro.config"
    - Revert "UBUNTU: SAUCE: (snapdragon) arm64: defconfig: enable
      CONFIG_USB_CONFIGFS_F_FS by default"
    - Revert "UBUNTU: SAUCE: (snapdragon) kernel: configs: add freq stat to sysfs"
    - Revert "UBUNTU: SAUCE: (snapdragon) arm64: configs: Enable camera drivers"
    - Revert "UBUNTU: SAUCE: (snapdragon) arm64: defconfig: disable ANALOG_TV and
      DIGITAL_TV"
    - Revert "UBUNTU: SAUCE: (snapdragon) kernel: configs: add more USB net
      drivers"
    - Revert "UBUNTU: SAUCE: (snapdragon) arm64: configs: enable BT_QCOMSMD"
    - Revert "UBUNTU: SAUCE: (snapdragon) arm64: defconfig: enable
      CFG80211_DEFAULT_PS by default"
    - Revert "UBUNTU: SAUCE: (snapdragon) Force the SMD regulator driver to be
      compiled-in"
    - Revert "UBUNTU: SAUCE: (snapdragon) kernel: configs: enable dm_mod and
      dm_crypt"
    - Revert "UBUNTU: SAUCE: (snapdragon) arm64: defconfig: Enable a53/apcs and
      avs"
    - Revert "UBUNTU: SAUCE: (snapdragon) arm64: configs: enable QCOM Venus"
    - Revert "UBUNTU: SAUCE: (snapdragon) kernel: distro.config: enable debug
      friendly USB network adpater"
    - Revert "UBUNTU: SAUCE: (snapdragon) arm64: configs: enable WCN36xx"
    - Revert "UBUNTU: SAUCE: (snapdragon) kernel: configs; add distro.config"
    - Revert "UBUNTU: SAUCE: (snapdragon) arm64: defconfig: enable QCOM audio
      drivers for APQ8016 and DB410c"
    - Revert "UBUNTU: SAUCE: (snapdragon) arm64: defconfig: enable REMOTEPROC"
    - [Config] fix abi for remove i2c-qcom-cci module
    - [Config] update annotations
    - [Config] update configs following snapdragon removal

* Disco update: v5.0.5 upstream stable release (LP: #1822671)
    - Revert "ALSA: hda - Enforces runtime_resume after S3 and S4 for each codec"
    - ALSA: hda - add Lenovo IdeaCentre B550 to the power_save_blacklist
    - ALSA: firewire-motu: use 'version' field of unit directory to identify model
    - mmc: pxamci: fix enum type confusion
    - mmc: alcor: fix DMA reads
    - mmc: mxcmmc: "Revert mmc: mxcmmc: handle highmem pages"
    - mmc: renesas_sdhi: limit block count to 16 bit for old revisions
    - drm/amdgpu: fix invalid use of change_bit
    - drm/vmwgfx: Don't double-free the mode stored in par->set_mode
    - drm/vmwgfx: Return 0 when gmrid::get_node runs out of ID's
    - iommu/amd: fix sg->dma_address for sg->offset bigger than PAGE_SIZE
    - iommu/iova: Fix tracking of recently failed iova address
    - libceph: wait for latest osdmap in ceph_monc_blacklist_add()
    - udf: Fix crash on IO error during truncate
    - mips: loongson64: lemote-2f: Add IRQF_NO_SUSPEND to "cascade" irqaction.
    - MIPS: Ensure ELF appended dtb is relocated
    - MIPS: Fix kernel crash for R6 in jump label branch function
    - powerpc/vdso64: Fix CLOCK_MONOTONIC inconsistencies across Y2038
    - powerpc/security: Fix spectre_v2 reporting
    - net/mlx5: Fix DCT creation bad flow
    - scsi: core: Avoid that a kernel warning appears during system resume
    - scsi: qla2xxx: Fix FC-AL connection target discovery
    - scsi: ibmvscsi: Protect ibmvscsi_head from concurrent modificaiton
    - scsi: ibmvscsi: Fix empty event pool access during host removal
    - futex: Ensure that futex address is aligned in handle_futex_death()
    - perf probe: Fix getting the kernel map
    - objtool: Move objtool_file struct off the stack
    - irqchip/gic-v3-its: Fix comparison logic in lpi_range_cmp
    - clocksource/drivers/riscv: Fix clocksource mask
    - ALSA: ac97: Fix of-node refcount unbalance
    - ext4: fix NULL pointer dereference while journal is aborted
    - ext4: fix data corruption caused by unaligned direct AIO
    - ext4: brelse all indirect buffer in ext4_ind_remove_space()
    - media: v4l2-ctrls.c/uvc: zero v4l2_event
    - Bluetooth: hci_uart: Check if socket buffer is ERR_PTR in h4_recv_buf()
    - Bluetooth: Fix decrementing reference count twice in releasing socket
    - Bluetooth: hci_ldisc: Initialize hci_dev before open()
    - Bluetooth: hci_ldisc: Postpone HCI_UART_PROTO_READY bit set in
      hci_uart_set_proto()
    - drm/vkms: Fix flush_work() without INIT_WORK().
    - RDMA/cma: Rollback source IP address if failing to acquire device
    - f2fs: fix to avoid deadlock of atomic file operations
    - aio: simplify - and fix - fget/fput for io_submit()
    - netfilter: ebtables: remove BUGPRINT messages
    - loop: access lo_backing_file only when the loop device is Lo_bound
    - x86/unwind: Handle NULL pointer calls better in frame unwinder
    - x86/unwind: Add hardcoded ORC entry for NULL
    - locking/lockdep: Add debug_locks check in __lock_downgrade()
    - ALSA: hda - Record the current power state before suspend/resume calls
    - ALSA: hda - Enforces runtime_resume after S3 and S4 for each codec
    - Linux 5.0.5

* hisi_sas updates for disco (LP: #1822385)
    - scsi: hisi_sas: send primitive NOTIFY to SSP situation only
    - scsi: hisi_sas: shutdown axi bus to avoid exception CQ returned
    - scsi: hisi_sas: remove the check of sas_dev status in
      hisi_sas_I_T_nexus_reset()
    - scsi: hisi_sas: Remove unused parameter of function hisi_sas_alloc()
    - scsi: hisi_sas: Reject setting programmed minimum linkrate > 1.5G
    - scsi: hisi_sas: Fix losing directly attached disk when hot-plug
    - scsi: hisi_sas: Correct memory allocation size for DQ debugfs
    - scsi: hisi_sas: Some misc tidy-up
    - scsi: hisi_sas: Fix to only call scsi_get_prot_op() for non-NULL scsi_cmnd
    - scsi: hisi_sas: Add missing seq_printf() call in hisi_sas_show_row_32()
    - scsi: hisi_sas: Add support for DIX feature for v3 hw
    - scsi: hisi_sas: Add manual trigger for debugfs dump
    - scsi: hisi_sas: change queue depth from 512 to 4096
    - scsi: hisi_sas: Issue internal abort on all relevant queues
    - scsi: hisi_sas: Use pci_irq_get_affinity() for v3 hw as experimental
    - scsi: hisi_sas: Do some more tidy-up
    - scsi: hisi_sas: Change return variable type in phy_up_v3_hw()
    - scsi: hisi_sas: Fix a timeout race of driver internal and SMP IO
    - scsi: hisi_sas: print PHY RX errors count for later revision of v3 hw
    - scsi: hisi_sas: Set PHY linkrate when disconnected
    - scsi: hisi_sas: Send HARD RESET to clear the previous affiliation of STP
      target port
    - scsi: hisi_sas: Change SERDES_CFG init value to increase reliability of
      HiLink
    - scsi: hisi_sas: Add softreset in hisi_sas_I_T_nexus_reset()

* [Patch][Raven 2] kernel 5.0.0 cannot boot because of psp response
    (LP: #1822267)
    - drm/amdgpu/psp: Fix can't detect psp INVOKE command failed
    - drm/amdgpu/psp: ignore psp response status

* 3b080b2564287be91605bfd1d5ee985696e61d3c in ubuntu_btrfs_kernel_fixes
    triggers system hang on i386 (LP: #1812845)
    - btrfs: raid56: properly unmap parity page in finish_parity_scrub()

* enable CONFIG_DRM_BOCHS (LP: #1795857)
    - [Config] Reenable DRM_BOCHS as module

* [Dell Precision 7530/5530 with Nvidia Quadro P1000] Live USB freezes or
    cannot complete install when nouveau driver is loaded (crashing in GP100
    code) (LP: #1822026)
    - SAUCE: drm/nouveau: Disable nouveau driver by default

* Need to add Intel CML related pci-id's (LP: #1821863)
    - drm/i915/cml: Add CML PCI IDS
    - drm/i915/cml: Introduce Comet Lake PCH

* ARM: Add support for the SDEI interface (LP: #1822005)
    - ACPI / APEI: Don't wait to serialise with oops messages when panic()ing
    - ACPI / APEI: Remove silent flag from ghes_read_estatus()
    - ACPI / APEI: Switch estatus pool to use vmalloc memory
    - ACPI / APEI: Make hest.c manage the estatus memory pool
    - ACPI / APEI: Make estatus pool allocation a static size
    - ACPI / APEI: Don't store CPER records physical address in struct ghes
    - ACPI / APEI: Remove spurious GHES_TO_CLEAR check
    - ACPI / APEI: Don't update struct ghes' flags in read/clear estatus
    - ACPI / APEI: Generalise the estatus queue's notify code
    - ACPI / APEI: Don't allow ghes_ack_error() to mask earlier errors
    - ACPI / APEI: Move NOTIFY_SEA between the estatus-queue and NOTIFY_NMI
    - ACPI / APEI: Switch NOTIFY_SEA to use the estatus queue
    - KVM: arm/arm64: Add kvm_ras.h to collect kvm specific RAS plumbing
    - arm64: KVM/mm: Move SEA handling behind a single 'claim' interface
    - ACPI / APEI: Move locking to the notification helper
    - ACPI / APEI: Let the notification helper specify the fixmap slot
    - ACPI / APEI: Pass ghes and estatus separately to avoid a later copy
    - ACPI / APEI: Make GHES estatus header validation more user friendly
    - ACPI / APEI: Split ghes_read_estatus() to allow a peek at the CPER length
    - ACPI / APEI: Only use queued estatus entry during in_nmi_queue_one_entry()
    - ACPI / APEI: Use separate fixmap pages for arm64 NMI-like notifications
    - firmware: arm_sdei: Add ACPI GHES registration helper
    - ACPI / APEI: Add support for the SDEI GHES Notification type

* CVE-2019-9857
    - inotify: Fix fsnotify_mark refcount leak in inotify_update_existing_watch()

* scsi: libsas: Support SATA PHY connection rate unmatch fixing during
    discovery (LP: #1821408)
    - scsi: libsas: Support SATA PHY connection rate unmatch fixing during
      discovery

* Qualcomm Atheros QCA9377 wireless does not work (LP: #1818204)
    - platform/x86: ideapad-laptop: Add Ideapad 530S-14ARR to no_hw_rfkill list

* Lenovo ideapad 330-15ICH Wifi rfkill hard blocked (LP: #1811815)
    - platform/x86: ideapad: Add ideapad 330-15ICH to no_hw_rfkill

* hid-sensor-hub spamming dmesg in 4.20 (LP: #1818547)
    - HID: Increase maximum report size allowed by hid_field_extract()

* [disco] [5.0.0-7.8] can't mount guest cifs share (LP: #1821053)
    - cifs: allow guest mounts to work for smb3.11
    - SMB3: Fix SMB3.1.1 guest mounts to Samba

* Add HiSilicon SoC quirk for cpufreq (LP: #1821620)
    - ACPI / CPPC: Add a helper to get desired performance
    - cpufreq / cppc: Work around for Hisilicon CPPC cpufreq

* Disco update: v5.0.4 upstream stable release (LP: #1821607)
    - 9p: use inode->i_lock to protect i_size_write() under 32-bit
    - 9p/net: fix memory leak in p9_client_create
    - ASoC: fsl_esai: fix register setting issue in RIGHT_J mode
    - ASoC: codecs: pcm186x: fix wrong usage of DECLARE_TLV_DB_SCALE()
    - ASoC: codecs: pcm186x: Fix energysense SLEEP bit
    - iio: adc: exynos-adc: Fix NULL pointer exception on unbind
    - iio: adc: exynos-adc: Use proper number of channels for Exynos4x12
    - mei: hbm: clean the feature flags on link reset
    - mei: bus: move hw module get/put to probe/release
    - stm class: Prevent division by zero
    - stm class: Fix an endless loop in channel allocation
    - crypto: caam - fix hash context DMA unmap size
    - crypto: ccree - fix missing break in switch statement
    - crypto: caam - fixed handling of sg list
    - crypto: caam - fix DMA mapping of stack memory
    - crypto: ccree - fix free of unallocated mlli buffer
    - crypto: ccree - unmap buffer before copying IV
    - crypto: ccree - don't copy zero size ciphertext
    - crypto: cfb - add missing 'chunksize' property
    - crypto: cfb - remove bogus memcpy() with src == dest
    - crypto: ofb - fix handling partial blocks and make thread-safe
    - crypto: ahash - fix another early termination in hash walk
    - crypto: rockchip - fix scatterlist nents error
    - crypto: rockchip - update new iv to device in multiple operations
    - dax: Flush partial PMDs correctly
    - nfit: Fix nfit_intel_shutdown_status() command submission
    - nfit: acpi_nfit_ctl(): Check out_obj->type in the right place
    - acpi/nfit: Fix bus command validation
    - nfit/ars: Attempt a short-ARS whenever the ARS state is idle at boot
    - nfit/ars: Attempt short-ARS even in the no_init_ars case
    - libnvdimm/label: Clear 'updating' flag after label-set update
    - libnvdimm, pfn: Fix over-trim in trim_pfn_device()
    - libnvdimm/pmem: Honor force_raw for legacy pmem regions
    - libnvdimm: Fix altmap reservation size calculation
    - fix cgroup_do_mount() handling of failure exits
    - crypto: aead - set CRYPTO_TFM_NEED_KEY if ->setkey() fails
    - crypto: aegis - fix handling chunked inputs
    - crypto: arm/crct10dif - revert to C code for short inputs
    - crypto: arm64/aes-neonbs - fix returning final keystream block
    - crypto: arm64/crct10dif - revert to C code for short inputs
    - crypto: hash - set CRYPTO_TFM_NEED_KEY if ->setkey() fails
    - crypto: morus - fix handling chunked inputs
    - crypto: pcbc - remove bogus memcpy()s with src == dest
    - crypto: skcipher - set CRYPTO_TFM_NEED_KEY if ->setkey() fails
    - crypto: testmgr - skip crc32c context test for ahash algorithms
    - crypto: x86/aegis - fix handling chunked inputs and MAY_SLEEP
    - crypto: x86/aesni-gcm - fix crash on empty plaintext
    - crypto: x86/morus - fix handling chunked inputs and MAY_SLEEP
    - crypto: arm64/aes-ccm - fix logical bug in AAD MAC handling
    - crypto: arm64/aes-ccm - fix bugs in non-NEON fallback routine
    - CIFS: Fix leaking locked VFS cache pages in writeback retry
    - CIFS: Do not reset lease state to NONE on lease break
    - CIFS: Do not skip SMB2 message IDs on send failures
    - CIFS: Fix read after write for files with read caching
    - smb3: make default i/o size for smb3 mounts larger
    - tracing: Use strncpy instead of memcpy for string keys in hist triggers
    - tracing: Do not free iter->trace in fail path of tracing_open_pipe()
    - tracing/perf: Use strndup_user() instead of buggy open-coded version
    - vmw_balloon: release lock on error in vmballoon_reset()
    - xen: fix dom0 boot on huge systems
    - ACPI / device_sysfs: Avoid OF modalias creation for removed device
    - mmc: sdhci-esdhc-imx: fix HS400 timing issue
    - mmc: renesas_sdhi: Fix card initialization failure in high speed mode
    - mmc:fix a bug when max_discard is 0
    - spi: ti-qspi: Fix mmap read when more than one CS in use
    - spi: pxa2xx: Setup maximum supported DMA transfer length
    - spi: omap2-mcspi: Fix DMA and FIFO event trigger size mismatch
    - spi: spi-gpio: fix SPI_CS_HIGH capability
    - regulator: s2mps11: Fix steps for buck7, buck8 and LDO35
    - regulator: max77620: Initialize values for DT properties
    - regulator: s2mpa01: Fix step values for some LDOs
    - mt76: fix corrupted software generated tx CCMP PN
    - clocksource/drivers/exynos_mct: Move one-shot check from tick clear to ISR
    - clocksource/drivers/exynos_mct: Clear timer interrupt when shutdown
    - clocksource/drivers/arch_timer: Workaround for Allwinner A64 timer
      instability
    - s390: vfio_ap: link the vfio_ap devices to the vfio_ap bus subsystem
    - s390/setup: fix early warning messages
    - s390/virtio: handle find on invalid queue gracefully
    - scsi: virtio_scsi: don't send sc payload with tmfs
    - scsi: aacraid: Fix performance issue on logical drives
    - scsi: sd: Optimal I/O size should be a multiple of physical block size
    - scsi: target/iscsi: Avoid iscsit_release_commands_from_conn() deadlock
    - scsi: qla2xxx: Fix LUN discovery if loop id is not assigned yet by firmware
    - scsi: qla2xxx: Avoid PCI IRQ affinity mapping when multiqueue is not
      supported
    - scsi: qla2xxx: Use complete switch scan for RSCN events
    - fs/devpts: always delete dcache dentry-s in dput()
    - splice: don't merge into linked buffers
    - ovl: During copy up, first copy up data and then xattrs
    - ovl: Do not lose security.capability xattr over metadata file copy-up
    - m68k: Add -ffreestanding to CFLAGS
    - Btrfs: setup a nofs context for memory allocation at btrfs_create_tree()
    - Btrfs: setup a nofs context for memory allocation at __btrfs_set_acl
    - btrfs: scrub: fix circular locking dependency warning
    - btrfs: drop the lock on error in btrfs_dev_replace_cancel
    - btrfs: ensure that a DUP or RAID1 block group has exactly two stripes
    - btrfs: init csum_list before possible free
    - Btrfs: fix corruption reading shared and compressed extents after hole
      punching
    - Btrfs: fix deadlock between clone/dedupe and rename
    - soc: qcom: rpmh: Avoid accessing freed memory from batch API
    - libertas_tf: don't set URB_ZERO_PACKET on IN USB transfer
    - irqchip/gic-v3-its: Avoid parsing _indirect_ twice for Device table
    - irqchip/brcmstb-l2: Use _irqsave locking variants in non-interrupt code
    - x86/kprobes: Prohibit probing on optprobe template code
    - cpufreq: kryo: Release OPP tables on module removal
    - cpufreq: tegra124: add missing of_node_put()
    - cpufreq: pxa2xx: remove incorrect __init annotation
    - ext4: fix check of inode in swap_inode_boot_loader
    - ext4: cleanup pagecache before swap i_data
    - mm: hwpoison: fix thp split handing in soft_offline_in_use_page()
    - mm/vmalloc: fix size check for remap_vmalloc_range_partial()
    - mm/memory.c: do_fault: avoid usage of stale vm_area_struct
    - kernel/sysctl.c: add missing range check in do_proc_dointvec_minmax_conv
    - nvmem: core: don't check the return value of notifier chain call
    - device property: Fix the length used in PROPERTY_ENTRY_STRING()
    - intel_th: Don't reference unassigned outputs
    - parport_pc: fix find_superio io compare code, should use equal test.
    - i2c: tegra: fix maximum transfer size
    - i2c: tegra: update maximum transfer size
    - media: i2c: ov5640: Fix post-reset delay
    - gpio: pca953x: Fix dereference of irq data in shutdown
    - ext4: update quota information while swapping boot loader inode
    - ext4: add mask of ext4 flags to swap
    - ext4: fix crash during online resizing
    - dma: Introduce dma_max_mapping_size()
    - swiotlb: Introduce swiotlb_max_mapping_size()
    - swiotlb: Add is_swiotlb_active() function
    - PCI/ASPM: Use LTR if already enabled by platform
    - PCI/DPC: Fix print AER status in DPC event handling
    - PCI: qcom: Don't deassert reset GPIO during probe
    - PCI: dwc: skip MSI init if MSIs have been explicitly disabled
    - PCI: pci-bridge-emul: Create per-bridge copy of register behavior
    - PCI: pci-bridge-emul: Extend pci_bridge_emul_init() with flags
    - IB/hfi1: Close race condition on user context disable and close
    - IB/rdmavt: Fix loopback send with invalidate ordering
    - IB/rdmavt: Fix concurrency panics in QP post_send and modify to error
    - cxl: Wrap iterations over afu slices inside 'afu_list_lock'
    - ext2: Fix underflow in ext2_max_size()
    - clk: uniphier: Fix update register for CPU-gear
    - clk: clk-twl6040: Fix imprecise external abort for pdmclk
    - clk: samsung: exynos5: Fix possible NULL pointer exception on
      platform_device_alloc() failure
    - clk: samsung: exynos5: Fix kfree() of const memory on setting
      driver_override
    - clk: ingenic: Fix round_rate misbehaving with non-integer dividers
    - clk: ingenic: Fix doc of ingenic_cgu_div_info
    - usb: chipidea: tegra: Fix missed ci_hdrc_remove_device()
    - usb: typec: tps6598x: handle block writes separately with plain-I2C adapters
    - dmaengine: usb-dmac: Make DMAC system sleep callbacks explicit
    - serial: uartps: Fix stuck ISR if RX disabled with non-empty FIFO
    - serial: 8250_of: assume reg-shift of 2 for mrvl,mmp-uart
    - serial: 8250_pci: Fix number of ports for ACCES serial cards
    - serial: 8250_pci: Have ACCES cards that use the four port Pericom PI7C9X7954
      chip use the pci_pericom_setup()
    - jbd2: clear dirty flag when revoking a buffer from an older transaction
    - jbd2: fix compile warning when using JBUFFER_TRACE
    - selinux: add the missing walk_size + len check in selinux_sctp_bind_connect
    - security/selinux: fix SECURITY_LSM_NATIVE_LABELS on reused superblock
    - powerpc/32: Clear on-stack exception marker upon exception return
    - powerpc/wii: properly disable use of BATs when requested.
    - powerpc/powernv: Make opal log only readable by root
    - powerpc/83xx: Also save/restore SPRG4-7 during suspend
    - powerpc/kvm: Save and restore host AMR/IAMR/UAMOR
    - powerpc/powernv: Don't reprogram SLW image on every KVM guest entry/exit
    - powerpc/64s/hash: Fix assert_slb_presence() use of the slbfee. instruction
    - powerpc: Fix 32-bit KVM-PR lockup and host crash with MacOS guest
    - powerpc/ptrace: Simplify vr_get/set() to avoid GCC warning
    - powerpc/hugetlb: Don't do runtime allocation of 16G pages in LPAR
      configuration
    - powerpc/smp: Fix NMI IPI timeout
    - powerpc/smp: Fix NMI IPI xmon timeout
    - powerpc/traps: fix recoverability of machine check handling on book3s/32
    - powerpc/traps: Fix the message printed when stack overflows
    - ARM: s3c24xx: Fix boolean expressions in osiris_dvs_notify
    - arm64: Fix HCR.TGE status for NMI contexts
    - arm64: debug: Don't propagate UNKNOWN FAR into si_code for debug signals
    - arm64: debug: Ensure debug handlers check triggering exception level
    - arm64: KVM: Fix architecturally invalid reset value for FPEXC32_EL2
    - Revert "KVM/MMU: Flush tlb directly in the kvm_zap_gfn_range()"
    - ipmi_si: Fix crash when using hard-coded device
    - ipmi_si: fix use-after-free of resource->name
    - dm: fix to_sector() for 32bit
    - dm integrity: limit the rate of error messages
    - media: cx25840: mark pad sig_types to fix cx231xx init
    - mfd: sm501: Fix potential NULL pointer dereference
    - cpcap-charger: generate events for userspace
    - cpuidle: governor: Add new governors to cpuidle_governors again
    - NFS: Fix I/O request leakages
    - NFS: Fix an I/O request leakage in nfs_do_recoalesce
    - NFS: Don't recoalesce on error in nfs_pageio_complete_mirror()
    - nfsd: fix performance-limiting session calculation
    - nfsd: fix memory corruption caused by readdir
    - nfsd: fix wrong check in write_v4_end_grace()
    - NFSv4.1: Reinitialise sequence results before retransmitting a request
    - svcrpc: fix UDP on servers with lots of threads
    - PM / wakeup: Rework wakeup source timer cancellation
    - PM / OPP: Update performance state when freq == old_freq
    - bcache: treat stale && dirty keys as bad keys
    - bcache: use (REQ_META|REQ_PRIO) to indicate bio for metadata
    - stable-kernel-rules.rst: add link to networking patch queue
    - vt: perform safe console erase in the right order
    - x86/unwind/orc: Fix ORC unwind table alignment
    - perf intel-pt: Fix CYC timestamp calculation after OVF
    - perf tools: Fix split_kallsyms_for_kcore() for trampoline symbols
    - perf auxtrace: Define auxtrace record alignment
    - perf intel-pt: Fix overlap calculation for padding
    - perf/x86/intel/uncore: Fix client IMC events return huge result
    - perf intel-pt: Fix divide by zero when TSC is not available
    - md: Fix failed allocation of md_register_thread
    - x86/kvmclock: set offset for kvm unstable clock
    - x86/ftrace: Fix warning and considate ftrace_jmp_replace() and
      ftrace_call_replace()
    - tpm/tpm_crb: Avoid unaligned reads in crb_recv()
    - tpm: Unify the send callback behaviour
    - rcu: Do RCU GP kthread self-wakeup from softirq and interrupt
    - media: imx: prpencvf: Stop upstream before disabling IDMA channel
    - media: lgdt330x: fix lock status reporting
    - media: sun6i: Fix CSI regmap's max_register
    - media: uvcvideo: Avoid NULL pointer dereference at the end of streaming
    - media: vimc: Add vimc-streamer for stream control
    - media: imx-csi: Input connections to CSI should be optional
    - media: imx: csi: Disable CSI immediately after last EOF
    - media: imx: csi: Stop upstream before disabling IDMA channel
    - drm/fb-helper: generic: Fix drm_fbdev_client_restore()
    - drm/radeon/evergreen_cs: fix missing break in switch statement
    - drm/amd/powerplay: correct power reading on fiji
    - drm/amd/display: don't call dm_pp_ function from an fpu block
    - KVM: Call kvm_arch_memslots_updated() before updating memslots
    - KVM: VMX: Compare only a single byte for VMCS' "launched" in vCPU-run
    - KVM: VMX: Zero out *all* general purpose registers after VM-Exit
    - KVM: x86/mmu: Detect MMIO generation wrap in any address space
    - KVM: x86/mmu: Do not cache MMIO accesses while memslots are in flux
    - KVM: nVMX: Sign extend displacements of VMX instr's mem operands
    - KVM: nVMX: Apply addr size mask to effective address for VMX instructions
    - KVM: nVMX: Ignore limit checks on VMX instructions using flat segments
    - KVM: nVMX: Check a single byte for VMCS "launched" in nested early checks
    - net: dsa: lantiq_gswip: fix use-after-free on failed probe
    - net: dsa: lantiq_gswip: fix OF child-node lookups
    - s390/setup: fix boot crash for machine without EDAT-1
    - SUNRPC: Prevent thundering herd when the socket is not connected
    - SUNRPC: Fix up RPC back channel transmission
    - SUNRPC: Respect RPC call timeouts when retrying transmission
    - Linux 5.0.4
    - [Config] update configs for 5.0.4 stable update

* New Intel Wireless-AC 9260 [8086:2526] card not correctly probed in Ubuntu
    system (LP: #1821271)
    - iwlwifi: add new card for 9260 series

* [CONFIG] please enable highdpi font FONT_TER16x32 (LP: #1819881)
    - [Config]: enable highdpi Terminus 16x32 font support

* [SRU][B/B-OEM/C/D] Fix AMD IOMMU NULL dereference (LP: #1820990)
    - iommu/amd: Fix NULL dereference bug in match_hid_uid

* some codecs stop working after S3 (LP: #1820930)
    - ALSA: hda - Enforces runtime_resume after S3 and S4 for each codec
    - ALSA: hda - Don't trigger jackpoll_work in azx_resume

* tcm_loop.ko: move from modules-extra into main modules package
    (LP: #1817786)
    - [Packaging] move tcm_loop.lo to main linux-modules package

* C++ demangling support missing from perf (LP: #1396654)
    - [Packaging] fix a mistype

* r8169 doesn't get woken up by ethernet cable plugging, no PME generated
    (LP: #1817676)
    - PCI: pciehp: Disable Data Link Layer State Changed event on suspend

* Disco update: v5.0.3 upstream stable release (LP: #1821074)
    - connector: fix unsafe usage of ->real_parent
    - fou, fou6: avoid uninit-value in gue_err() and gue6_err()
    - gro_cells: make sure device is up in gro_cells_receive()
    - ipv4/route: fail early when inet dev is missing
    - l2tp: fix infoleak in l2tp_ip6_recvmsg()
    - lan743x: Fix RX Kernel Panic
    - lan743x: Fix TX Stall Issue
    - net: hsr: fix memory leak in hsr_dev_finalize()
    - net/hsr: fix possible crash in add_timer()
    - net: sit: fix UBSAN Undefined behaviour in check_6rd
    - net/x25: fix use-after-free in x25_device_event()
    - net/x25: reset state in x25_connect()
    - pptp: dst_release sk_dst_cache in pptp_sock_destruct
    - ravb: Decrease TxFIFO depth of Q3 and Q2 to one
    - route: set the deleted fnhe fnhe_daddr to 0 in ip_del_fnhe to fix a race
    - rxrpc: Fix client call queueing, waiting for channel
    - sctp: remove sched init from sctp_stream_init
    - tcp: do not report TCP_CM_INQ of 0 for closed connections
    - tcp: Don't access TCP_SKB_CB before initializing it
    - tcp: handle inet_csk_reqsk_queue_add() failures
    - vxlan: Fix GRO cells race condition between receive and link delete
    - vxlan: test dev->flags & IFF_UP before calling gro_cells_receive()
    - net/mlx4_core: Fix reset flow when in command polling mode
    - net/mlx4_core: Fix locking in SRIOV mode when switching between events and
      polling
    - net/mlx4_core: Fix qp mtt size calculation
    - net: dsa: mv88e6xxx: Set correct interface mode for CPU/DSA ports
    - vsock/virtio: fix kernel panic from virtio_transport_reset_no_sock
    - net: sched: flower: insert new filter to idr after setting its mask
    - f2fs: wait on atomic writes to count F2FS_CP_WB_DATA
    - perf/x86: Fixup typo in stub functions
    - ALSA: bebob: use more identical mod_alias for Saffire Pro 10 I/O against
      Liquid Saffire 56
    - ALSA: firewire-motu: fix construction of PCM frame for capture direction
    - ALSA: hda: Extend i915 component bind timeout
    - ALSA: hda - add more quirks for HP Z2 G4 and HP Z240
    - ALSA: hda/realtek: Enable audio jacks of ASUS UX362FA with ALC294
    - ALSA: hda/realtek - Reduce click noise on Dell Precision 5820 headphone
    - ALSA: hda/realtek: Enable headset MIC of Acer TravelMate X514-51T with
      ALC255
    - perf/x86/intel: Fix memory corruption
    - perf/x86/intel: Make dev_attr_allow_tsx_force_abort static
    - It's wrong to add len to sector_nr in raid10 reshape twice
    - drm: Block fb changes for async plane updates
    - Linux 5.0.3

* Disco update: v5.0.2 upstream stable release (LP: #1820318)
    - media: uvcvideo: Fix 'type' check leading to overflow
    - Input: wacom_serial4 - add support for Wacom ArtPad II tablet
    - Input: elan_i2c - add id for touchpad found in Lenovo s21e-20
    - iscsi_ibft: Fix missing break in switch statement
    - scsi: aacraid: Fix missing break in switch statement
    - x86/PCI: Fixup RTIT_BAR of Intel Denverton Trace Hub
    - arm64: dts: zcu100-revC: Give wifi some time after power-on
    - arm64: dts: hikey: Give wifi some time after power-on
    - arm64: dts: hikey: Revert "Enable HS200 mode on eMMC"
    - ARM: dts: exynos: Fix pinctrl definition for eMMC RTSN line on Odroid X2/U3
    - ARM: dts: exynos: Add minimal clkout parameters to Exynos3250 PMU
    - ARM: dts: exynos: Fix max voltage for buck8 regulator on Odroid XU3/XU4
    - drm: disable uncached DMA optimization for ARM and arm64
    - media: Revert "media: rc: some events are dropped by userspace"
    - Revert "PCI/PME: Implement runtime PM callbacks"
    - bpf: Stop the psock parser before canceling its work
    - gfs2: Fix missed wakeups in find_insert_glock
    - staging: erofs: keep corrupted fs from crashing kernel in erofs_namei()
    - staging: erofs: compressed_pages should not be accessed again after freed
    - scripts/gdb: replace flags (MS_xyz -> SB_xyz)
    - ath9k: Avoid OF no-EEPROM quirks without qca,no-eeprom
    - perf/x86/intel: Make cpuc allocations consistent
    - perf/x86/intel: Generalize dynamic constraint creation
    - x86: Add TSX Force Abort CPUID/MSR
    - perf/x86/intel: Implement support for TSX Force Abort
    - Linux 5.0.2

* Linux security module stacking support
    - LSM: Introduce LSM_FLAG_LEGACY_MAJOR
    - LSM: Provide separate ordered initialization
    - LSM: Plumb visibility into optional "enabled" state
    - LSM: Lift LSM selection out of individual LSMs
    - LSM: Build ordered list of LSMs to initialize
    - LSM: Introduce CONFIG_LSM
    - LSM: Introduce "lsm=" for boottime LSM selection
    - LSM: Tie enabling logic to presence in ordered list
    - LSM: Prepare for reorganizing "security=" logic
    - LSM: Refactor "security=" in terms of enable/disable
    - LSM: Separate idea of "major" LSM from "exclusive" LSM
    - apparmor: Remove SECURITY_APPARMOR_BOOTPARAM_VALUE
    - selinux: Remove SECURITY_SELINUX_BOOTPARAM_VALUE
    - LSM: Add all exclusive LSMs to ordered initialization
    - LSM: Split LSM preparation from initialization
    - LoadPin: Initialize as ordered LSM
    - Yama: Initialize as ordered LSM
    - LSM: Introduce enum lsm_order
    - capability: Initialize as LSM_ORDER_FIRST
    - procfs: add smack subdir to attrs
    - Smack: Abstract use of cred security blob
    - SELinux: Abstract use of cred security blob
    - SELinux: Remove cred security blob poisoning
    - SELinux: Remove unused selinux_is_enabled
    - AppArmor: Abstract use of cred security blob
    - TOMOYO: Abstract use of cred security blob
    - Infrastructure management of the cred security blob
    - SELinux: Abstract use of file security blob
    - Smack: Abstract use of file security blob
    - LSM: Infrastructure management of the file security
    - SELinux: Abstract use of inode security blob
    - Smack: Abstract use of inode security blob
    - LSM: Infrastructure management of the inode security
    - LSM: Infrastructure management of the task security
    - SELinux: Abstract use of ipc security blobs
    - Smack: Abstract use of ipc security blobs
    - LSM: Infrastructure management of the ipc security blob
    - TOMOYO: Update LSM flags to no longer be exclusive
    - LSM: generalize flag passing to security_capable
    - LSM: Make lsm_early_cred() and lsm_early_task() local functions.
    - LSM: Make some functions static
    - apparmor: Adjust offset when accessing task blob.
    - LSM: Ignore "security=" when "lsm=" is specified
    - LSM: Update list of SECURITYFS users in Kconfig
    - apparmor: delete the dentry in aafs_remove() to avoid a leak
    - apparmor: fix double free when unpack of secmark rules fails
    - SAUCE: LSM: Infrastructure management of the sock security
    - SAUCE: LSM: Limit calls to certain module hooks
    - SAUCE: LSM: Special handling for secctx lsm hooks
    - SAUCE: LSM: Specify which LSM to display with /proc/self/attr/display
    - SAUCE: Fix-up af_unix mediation for sock infrastructure management
    - SAUCE: Revert "apparmor: Fix warning about unused function
      apparmor_ipv6_postroute"
    - SAUCE: Revert "apparmor: fix checkpatch error in Parse secmark policy"
    - SAUCE: Revert "apparmor: add #ifdef checks for secmark filtering"
    - SAUCE: Revert "apparmor: Allow filtering based on secmark policy"
    - SAUCE: Revert "apparmor: Parse secmark policy"
    - SAUCE: Revert "apparmor: Add a wildcard secid"
    - SAUCE: Revert "apparmor: fix bad debug check in apparmor_secid_to_secctx()"
    - SAUCE: Revert "apparmor: fixup secid map conversion to using IDR"
    - SAUCE: Revert "apparmor: Use an IDR to allocate apparmor secids"
    - SAUCE: Revert "apparmor: Fix memory leak of rule on error exit path"
    - SAUCE: Revert "apparmor: modify audit rule support to support profile
      stacks"
    - SAUCE: Revert "apparmor: Add support for audit rule filtering"
    - SAUCE: Revert "apparmor: add the ability to get a task's secid"
    - SAUCE: Revert "apparmor: add support for mapping secids and using secctxes"
    - SAUCE: apparmor: add proc subdir to attrs
    - SAUCE: apparmor: add an apparmorfs entry to access current attrs
    - SAUCE: apparmor: update flags to no longer be exclusive
    - SAUCE: update configs and annotations for LSM stacking

* Miscellaneous Ubuntu changes
    - [Config] CONFIG_EARLY_PRINTK_USB_XDBC=y
    - SAUCE: (efi-lockdown) bpf: Restrict kernel image access functions when the
      kernel is locked down
    - [Config] CONFIG_RANDOM_TRUST_CPU=y
    - [Config] refresh annotations for recent config changes
    - ubuntu: vbox -- update to 6.0.4-dfsg-7
    - Revert "UBUNTU: SAUCE: i2c:amd I2C Driver based on PCI Interface for
      upcoming platform"

-- Seth Forshee <seth.forshee@canonical.com>  Thu, 11 Apr 2019 10:17:19 -0500

Changed in linux (Ubuntu):
status:	Fix Committed → Fix Released

Brad Figg (brad-figg) on 2019-07-24

tags:

added: cscc

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.

Ubuntulinux package