Bug #1812159 “q-r-t security test wants SCHED_STACK_END_CHECK to...” : Bionic (18.04) : Bugs : linux-kvm package : Ubuntu

Revision history for this message

Po-Hsu Lin (cypressyew) wrote on 2019-01-17:

#1

Dependencies.txt Edit (2.6 KiB, text/plain; charset="utf-8")
ProcCpuinfoMinimal.txt Edit (728 bytes, text/plain; charset="utf-8")
ProcEnviron.txt Edit (270 bytes, text/plain; charset="utf-8")

Revision history for this message

Po-Hsu Lin (cypressyew) wrote on 2019-01-17:

#2

This option checks for a stack overrun on calls to schedule(). If the stack end location is found to be over written always panic as the content of the corrupted region can no longer be trusted. This is to ensure no erroneous behaviour occurs which could result in data corruption or a sporadic crash at a later stage once the region is examined. The runtime overhead introduced is minimal.

Ref: https://cateee.net/lkddb/web-lkddb/SCHED_STACK_END_CHECK.html

Looks like this is debug related, not sure if we want this on KVM kernels.

Revision history for this message

Kleber Sacilotto de Souza (kleber-souza) wrote on 2019-01-31:

#3

This testcase also fails on linux-kvm for Cosmic.

Revision history for this message

Po-Hsu Lin (cypressyew) wrote on 2019-05-06:

#4

Found on X-KVM as well.

tags:	added: cosmic xenial
summary:	- SCHED_STACK_END_CHECK should be enabled in B-kvm + q-r-t security test says SCHED_STACK_END_CHECK should be enabled in + B-kvm
summary:	- q-r-t security test says SCHED_STACK_END_CHECK should be enabled in - B-kvm + q-r-t security test wants SCHED_STACK_END_CHECK to be enabled in KVM + kernels

Po-Hsu Lin (cypressyew) on 2019-06-06

Changed in ubuntu-kernel-tests:
assignee:	nobody → Po-Hsu Lin (cypressyew)
Changed in linux-kvm (Ubuntu):
assignee:	nobody → Po-Hsu Lin (cypressyew)
Changed in linux-kvm (Ubuntu Xenial):
assignee:	nobody → Po-Hsu Lin (cypressyew)
Changed in linux-kvm (Ubuntu Bionic):
assignee:	nobody → Po-Hsu Lin (cypressyew)
Changed in linux-kvm (Ubuntu Cosmic):
assignee:	nobody → Po-Hsu Lin (cypressyew)
Changed in linux-kvm (Ubuntu Disco):
assignee:	nobody → Po-Hsu Lin (cypressyew)
Changed in linux-kvm (Ubuntu Xenial):
status:	New → In Progress
Changed in linux-kvm (Ubuntu Bionic):
status:	New → In Progress
Changed in ubuntu-kernel-tests:
status:	New → In Progress
Changed in linux-kvm (Ubuntu Cosmic):
status:	New → In Progress
Changed in linux-kvm (Ubuntu Disco):
status:	New → In Progress
Changed in linux-kvm (Ubuntu):
status:	New → In Progress

Po-Hsu Lin (cypressyew) on 2019-06-06

description:

updated

Po-Hsu Lin (cypressyew) on 2019-06-06

description:

updated

Revision history for this message

Po-Hsu Lin (cypressyew) wrote on 2019-06-06:

#5

https://lists.ubuntu.com/archives/kernel-team/2019-June/101176.html

Po-Hsu Lin (cypressyew) on 2019-06-24

tags:	added: ubuntu-qrt-kernel-security
tags:	added: linux-kvm

Khaled El Mously (kmously) on 2019-06-28

Changed in linux-kvm (Ubuntu Xenial):
status:	In Progress → Fix Committed
Changed in linux-kvm (Ubuntu Bionic):
status:	In Progress → Fix Committed
Changed in linux-kvm (Ubuntu Cosmic):
status:	In Progress → Fix Committed
Changed in linux-kvm (Ubuntu Disco):
status:	In Progress → Fix Committed

Revision history for this message

Steve Beattie (sbeattie) wrote on 2019-07-16:

#6

I can confirm that the SCHED_STACK_END_CHECK config option has been enabled in the linux-kvm kernel 4.4.0-1052.59 for xenial, 4.15.0-1039.39 for bionic, and 5.0.0-1011.12 for disco. Thanks!

tags:	added: verification-done-bionic verification-done-disco verification-failed-xenial
tags:	added: verification-done-xenial removed: verification-failed-xenial

Po-Hsu Lin (cypressyew) on 2019-07-19

Changed in ubuntu-kernel-tests:
status:	In Progress → Fix Released

Revision history for this message

Launchpad Janitor (janitor) wrote on 2019-07-22:

#7

Download full text (11.6 KiB)

This bug was fixed in the package linux-kvm - 4.15.0-1039.39

---------------
linux-kvm (4.15.0-1039.39) bionic; urgency=medium

* linux-kvm: 4.15.0-1039.39 -proposed tracker (LP: #1834940)

  * q-r-t security test wants SCHED_STACK_END_CHECK to be enabled in KVM kernels
    (LP: #1812159)
    - [Config]: enable SCHED_STACK_END_CHECK

  * test_410_config_lock_down_kernel in ubuntu_kernel_security test failed on
    B/C/D KVM (LP: #1811981)
    - [Config]: enable CONFIG_LOCK_DOWN_KERNEL

[ Ubuntu: 4.15.0-55.60 ]

  * linux: 4.15.0-55.60 -proposed tracker (LP: #1834954)
  * Request backport of ceph commits into bionic (LP: #1834235)
    - ceph: use atomic_t for ceph_inode_info::i_shared_gen
    - ceph: define argument structure for handle_cap_grant
    - ceph: flush pending works before shutdown super
    - ceph: send cap releases more aggressively
    - ceph: single workqueue for inode related works
    - ceph: avoid dereferencing invalid pointer during cached readdir
    - ceph: quota: add initial infrastructure to support cephfs quotas
    - ceph: quota: support for ceph.quota.max_files
    - ceph: quota: don't allow cross-quota renames
    - ceph: fix root quota realm check
    - ceph: quota: support for ceph.quota.max_bytes
    - ceph: quota: update MDS when max_bytes is approaching
    - ceph: quota: add counter for snaprealms with quota
    - ceph: avoid iput_final() while holding mutex or in dispatch thread
  * QCA9377 isn't being recognized sometimes (LP: #1757218)
    - SAUCE: USB: Disable USB2 LPM at shutdown
  * hns: fix ICMP6 neighbor solicitation messages discard problem (LP: #1833140)
    - net: hns: fix ICMP6 neighbor solicitation messages discard problem
    - net: hns: fix unsigned comparison to less than zero
  * Fix occasional boot time crash in hns driver (LP: #1833138)
    - net: hns: Fix probabilistic memory overwrite when HNS driver initialized
  * use-after-free in hns_nic_net_xmit_hw (LP: #1833136)
    - net: hns: fix KASAN: use-after-free in hns_nic_net_xmit_hw()
  * hns: attempt to restart autoneg when disabled should report error
    (LP: #1833147)
    - net: hns: Restart autoneg need return failed when autoneg off
  * systemd 237-3ubuntu10.14 ADT test failure on Bionic ppc64el (test-seccomp)
    (LP: #1821625)
    - powerpc: sys_pkey_alloc() and sys_pkey_free() system calls
    - powerpc: sys_pkey_mprotect() system call
  * [UBUNTU] pkey: Indicate old mkvp only if old and curr. mkvp are different
    (LP: #1832625)
    - pkey: Indicate old mkvp only if old and current mkvp are different
  * [UBUNTU] kernel: Fix gcm-aes-s390 wrong scatter-gather list processing
    (LP: #1832623)
    - s390/crypto: fix gcm-aes-s390 selftest failures
  * System crashes on hot adding a core with drmgr command (4.15.0-48-generic)
    (LP: #1833716)
    - powerpc/numa: improve control of topology updates
    - powerpc/numa: document topology_updates_enabled, disable by default
  * Kernel modules generated incorrectly when system is localized to a non-
    English language (LP: #1828084)
    - scripts: override locale from environment when running recordmcount.pl
  * [UBUNTU] kernel: Fix wrong dispatching for control domain CPRBs
  ...

This bug was fixed in the package linux-kvm - 4.15.0-1039.39

---------------
linux-kvm (4.15.0-1039.39) bionic; urgency=medium

* linux-kvm: 4.15.0-1039.39 -proposed tracker (LP: #1834940)

* q-r-t security test wants SCHED_STACK_END_CHECK to be enabled in KVM kernels
    (LP: #1812159)
    - [Config]: enable SCHED_STACK_END_CHECK

* test_410_config_lock_down_kernel in ubuntu_kernel_security test failed on
    B/C/D KVM (LP: #1811981)
    - [Config]: enable CONFIG_LOCK_DOWN_KERNEL

[ Ubuntu: 4.15.0-55.60 ]

* linux: 4.15.0-55.60 -proposed tracker (LP: #1834954)
  * Request backport of ceph commits into bionic (LP: #1834235)
    - ceph: use atomic_t for ceph_inode_info::i_shared_gen
    - ceph: define argument structure for handle_cap_grant
    - ceph: flush pending works before shutdown super
    - ceph: send cap releases more aggressively
    - ceph: single workqueue for inode related works
    - ceph: avoid dereferencing invalid pointer during cached readdir
    - ceph: quota: add initial infrastructure to support cephfs quotas
    - ceph: quota: support for ceph.quota.max_files
    - ceph: quota: don't allow cross-quota renames
    - ceph: fix root quota realm check
    - ceph: quota: support for ceph.quota.max_bytes
    - ceph: quota: update MDS when max_bytes is approaching
    - ceph: quota: add counter for snaprealms with quota
    - ceph: avoid iput_final() while holding mutex or in dispatch thread
  * QCA9377 isn't being recognized sometimes (LP: #1757218)
    - SAUCE: USB: Disable USB2 LPM at shutdown
  * hns: fix ICMP6 neighbor solicitation messages discard problem (LP: #1833140)
    - net: hns: fix ICMP6 neighbor solicitation messages discard problem
    - net: hns: fix unsigned comparison to less than zero
  * Fix occasional boot time crash in hns driver (LP: #1833138)
    - net: hns: Fix probabilistic memory overwrite when HNS driver initialized
  *  use-after-free in hns_nic_net_xmit_hw (LP: #1833136)
    - net: hns: fix KASAN: use-after-free in hns_nic_net_xmit_hw()
  * hns: attempt to restart autoneg when disabled should report error
    (LP: #1833147)
    - net: hns: Restart autoneg need return failed when autoneg off
  * systemd 237-3ubuntu10.14 ADT test failure on Bionic ppc64el (test-seccomp)
    (LP: #1821625)
    - powerpc: sys_pkey_alloc() and sys_pkey_free() system calls
    - powerpc: sys_pkey_mprotect() system call
  * [UBUNTU] pkey: Indicate old mkvp only if old and curr. mkvp are different
    (LP: #1832625)
    - pkey: Indicate old mkvp only if old and current mkvp are different
  * [UBUNTU] kernel: Fix gcm-aes-s390 wrong scatter-gather list processing
    (LP: #1832623)
    - s390/crypto: fix gcm-aes-s390 selftest failures
  * System crashes on hot adding a core with drmgr command (4.15.0-48-generic)
    (LP: #1833716)
    - powerpc/numa: improve control of topology updates
    - powerpc/numa: document topology_updates_enabled, disable by default
  * Kernel modules generated incorrectly when system is localized to a non-
    English language (LP: #1828084)
    - scripts: override locale from environment when running recordmcount.pl
  * [UBUNTU] kernel: Fix wrong dispatching for control domain CPRBs
    (LP: #1832624)
    - s390/zcrypt: Fix wrong dispatching for control domain CPRBs
  * CVE-2019-11815
    - net: rds: force to destroy connection if t_sock is NULL in
      rds_tcp_kill_sock().
  * Sound device not detected after resume from hibernate (LP: #1826868)
    - drm/i915: Force 2*96 MHz cdclk on glk/cnl when audio power is enabled
    - drm/i915: Save the old CDCLK atomic state
    - drm/i915: Remove redundant store of logical CDCLK state
    - drm/i915: Skip modeset for cdclk changes if possible
  * Handle overflow in proc_get_long of sysctl (LP: #1833935)
    - sysctl: handle overflow in proc_get_long
  * Dell XPS 13 (9370) defaults to s2idle sleep/suspend instead of deep, NVMe
    drains lots of power under s2idle (LP: #1808957)
    - Revert "UBUNTU: SAUCE: pci/nvme: prevent WDC PC SN720 NVMe from entering D3
      and being disabled"
    - Revert "UBUNTU: SAUCE: nvme: add quirk to not call disable function when
      suspending"
    - Revert "UBUNTU: SAUCE: pci: prevent Intel NVMe SSDPEKKF from entering D3"
    - Revert "SAUCE: nvme: add quirk to not call disable function when suspending"
    - Revert "SAUCE: pci: prevent sk hynix nvme from entering D3"
    - PCI: PM: Avoid possible suspend-to-idle issue
    - PCI: PM: Skip devices in D0 for suspend-to-idle
    - nvme-pci: Sync queues on reset
    - nvme: Export get and set features
    - nvme-pci: Use host managed power state for suspend
  * linux v4.15 ftbfs on a newer host kernel (e.g. hwe) (LP: #1823429)
    - selinux: use kernel linux/socket.h for genheaders and mdp
  * 32-bit x86 kernel 4.15.0-50 crash in vmalloc_sync_all (LP: #1830433)
    - x86/mm/pat: Disable preemption around __flush_tlb_all()
    - x86/mm: Drop usage of __flush_tlb_all() in kernel_physical_mapping_init()
    - x86/mm: Disable ioremap free page handling on x86-PAE
    - ioremap: Update pgtable free interfaces with addr
    - x86/mm: Add TLB purge to free pmd/pte page interfaces
    - x86/init: fix build with CONFIG_SWAP=n
    - x86/mm: provide pmdp_establish() helper
    - x86/mm: Use WRITE_ONCE() when setting PTEs
  * hinic: fix oops due to race in set_rx_mode (LP: #1832048)
    - hinic: fix a bug in set rx mode
  * ubuntu 18.04 flickering screen with Radeon X1600 (LP: #1791312)
    - drm/radeon: prefer lower reference dividers
  * Login screen never appears on vmwgfx using bionic kernel 4.15 (LP: #1832138)
    - drm/vmwgfx: use monotonic event timestamps
  * [linux-azure] Block Layer Commits Requested in Azure Kernels (LP: #1834499)
    - block: Clear kernel memory before copying to user
    - block/bio: Do not zero user pages
  * CONFIG_LOG_BUF_SHIFT set to 14 is too low on arm64 (LP: #1824864)
    - [Config] CONFIG_LOG_BUF_SHIFT=18 on all 64bit arches
  * Handle overflow for file-max (LP: #1834310)
    - sysctl: handle overflow for file-max
    - kernel/sysctl.c: fix out-of-bounds access when setting file-max
  * [ALSA] [PATCH] Headset fixup for System76 Gazelle (gaze14) (LP: #1827555)
    - ALSA: hda/realtek - Headset fixup for System76 Gazelle (gaze14)
    - ALSA: hda/realtek - Corrected fixup for System76 Gazelle (gaze14)
  * crashdump fails on HiSilicon D06 (LP: #1828868)
    - iommu/arm-smmu-v3: Abort all transactions if SMMU is enabled in kdump kernel
    - iommu/arm-smmu-v3: Don't disable SMMU in kdump kernel
  * CVE-2019-11833
    - ext4: zero out the unused memory region in the extent tree block
  * zfs 0.7.9 fixes a bug (https://github.com/zfsonlinux/zfs/pull/7343) that
    hangs the system completely (LP: #1772412)
    - SAUCE: (noup) Update zfs to 0.7.5-1ubuntu16.6
  * does not detect headphone when there is no other output devices
    (LP: #1831065)
    - ALSA: hda/realtek - Fixed hp_pin no value
    - ALSA: hda/realtek - Use a common helper for hp pin reference
  * kernel crash : net_sched  race condition in tcindex_destroy() (LP: #1825942)
    - net_sched: fix NULL pointer dereference when delete tcindex filter
    - RCU, workqueue: Implement rcu_work
    - net_sched: switch to rcu_work
    - net_sched: fix a race condition in tcindex_destroy()
    - net_sched: fix a memory leak in cls_tcindex
    - net_sched: initialize net pointer inside tcf_exts_init()
    - net_sched: fix two more memory leaks in cls_tcindex
  * Support new ums-realtek device (LP: #1831840)
    - USB: usb-storage: Add new ID to ums-realtek
  * amd_iommu possible data corruption (LP: #1823037)
    - iommu/amd: Reserve exclusion range in iova-domain
    - iommu/amd: Set exclusion range correctly
  * Add new sound card PCIID into the alsa driver (LP: #1832299)
    - ALSA: hda: Add Icelake PCI ID
    - ALSA: hda/intel: add CometLake PCI IDs
  * sky2 ethernet card doesn't work after returning from suspend
    (LP: #1807259) // sky2 ethernet card link not up after suspend
    (LP: #1809843)
    - sky2: Disable MSI on Dell Inspiron 1545 and Gateway P-79
  * idle-page oopses when accessing page frames that are out of range
    (LP: #1833410)
    - mm/page_idle.c: fix oops because end_pfn is larger than max_pfn
  * Add pointstick support on HP ZBook 17 G5 (LP: #1833387)
    - Revert "HID: multitouch: Support ALPS PTP stick with pid 0x120A"
    - SAUCE: HID: multitouch: Add pointstick support for ALPS Touchpad
  * [SRU][B/B-OEM/B-OEM-OSP-1/C/D/E] Add trackpoint middle button support of 2
    new thinpads (LP: #1833637)
    - Input: elantech - enable middle button support on 2 ThinkPads
  * CVE-2019-11085
    - drm/i915/gvt: Fix mmap range check
    - drm/i915: make mappable struct resource centric
    - drm/i915/gvt: Fix aperture read/write emulation when enable x-no-mmap=on
  * CVE-2019-11884
    - Bluetooth: hidp: fix buffer overflow
  * af_alg06 test from crypto test suite in LTP failed with kernel oops on B/C
    (LP: #1829725)
    - crypto: authenc - fix parsing key with misaligned rta_len
  * CVE-2018-12126 // CVE-2018-12127 // CVE-2018-12130 // CVE-2019-11091
    - SAUCE: Synchronize MDS mitigations with upstream
    - Documentation: Correct the possible MDS sysfs values
    - x86/speculation/mds: Fix documentation typo
  * CVE-2019-11091
    - x86/mds: Add MDSUM variant to the MDS documentation
  * alignment test in powerpc from ubuntu_kernel_selftests failed on B/C Power9
    (LP: #1813118)
    - selftests/powerpc: Remove Power9 copy_unaligned test
  * TRACE_syscall.ptrace_syscall_dropped in seccomp from ubuntu_kernel_selftests
    failed on B/C PowerPC (LP: #1812796)
    - selftests/seccomp: Enhance per-arch ptrace syscall skip tests
  * Add powerpc/alignment_handler test for selftests (LP: #1828935)
    - selftests/powerpc: Add alignment handler selftest
    - selftests/powerpc: Fix to use ucontext_t instead of struct ucontext
  * Cannot build kernel 4.15.0-48.51 due to an in-source-tree ZFS module.
    (LP: #1828763)
    - SAUCE: (noup) Update zfs to 0.7.5-1ubuntu16.5
  * Eletrical noise occurred when external headset enter powersaving mode on a
    DEll machine (LP: #1828798)
    - ALSA: hda/realtek - Reduce click noise on Dell Precision 5820 headphone
    - ALSA: hda/realtek - Fixup headphone noise via runtime suspend
  * [18.04/18.10] File libperf-jvmti.so is missing in linux-tools-common deb on
    Ubuntu (LP: #1761379)
    - [Packaging] Support building libperf-jvmti.so
  * TCP : race condition on socket ownership in tcp_close() (LP: #1830813)
    - tcp: do not release socket ownership in tcp_close()
  * bionic: netlink: potential shift overflow in netlink_bind() (LP: #1831103)
    - netlink: Don't shift on 64 for ngroups
  * Add support to Comet Lake LPSS (LP: #1830175)
    - mfd: intel-lpss: Add Intel Comet Lake PCI IDs
  * Reduce NAPI weight in hns driver from 256 to 64 (LP: #1830587)
    - net: hns: Use NAPI_POLL_WEIGHT for hns driver
  * x86: add support for AMD Rome (LP: #1819485)
    - x86: irq_remapping: Move irq remapping mode enum
    - iommu/amd: Add support for higher 64-bit IOMMU Control Register
    - iommu/amd: Add support for IOMMU XT mode
    - hwmon/k10temp, x86/amd_nb: Consolidate shared device IDs
    - hwmon/k10temp: Add support for AMD family 17h, model 30h CPUs
    - x86/amd_nb: Add PCI device IDs for family 17h, model 30h
    - x86/MCE/AMD: Fix the thresholding machinery initialization order
    - x86/amd_nb: Add support for newer PCI topologies
  * nx842 - CRB request time out (-110) when uninstall NX modules and initiate
    NX request (LP: #1827755)
    - crypto/nx: Initialize 842 high and normal RxFIFO control registers
  * Require improved hypervisor detection patch in Ubuntu 18.04 (LP: #1829972)
    - s390/early: improve machine detection

-- Khalid Elmously <khalid.elmously@canonical.com>  Wed, 03 Jul 2019 00:48:13 -0400

Changed in linux-kvm (Ubuntu Bionic):
status:	Fix Committed → Fix Released

Revision history for this message

Launchpad Janitor (janitor) wrote on 2019-07-22:

#8

Download full text (58.0 KiB)

This bug was fixed in the package linux-kvm - 5.0.0-1011.12

---------------
linux-kvm (5.0.0-1011.12) disco; urgency=medium

* linux-kvm: 5.0.0-1011.12 -proposed tracker (LP: #1834892)

  * q-r-t security test wants SCHED_STACK_END_CHECK to be enabled in KVM kernels
    (LP: #1812159)
    - [Config]: enable SCHED_STACK_END_CHECK

  * PAGE_POISONING / PAGE_POISONING_NO_SANITY / PAGE_POISONING_ZERO option was
    expected to be set in C-KVM (LP: #1812624)
    - [Config]: enable PAGE_POISONING, PAGE_POISONING_NO_SANITY,
      PAGE_POISONING_ZERO

  * test_410_config_lock_down_kernel in ubuntu_kernel_security test failed on
    B/C/D KVM (LP: #1811981)
    - [Config]: enable CONFIG_LOCK_DOWN_KERNEL

[ Ubuntu: 5.0.0-21.22 ]

  * linux: 5.0.0-21.22 -proposed tracker (LP: #1834902)
  * Disco update: 5.0.15 upstream stable release (LP: #1834529)
    - net: stmmac: Use bfsize1 in ndesc_init_rx_desc
    - Drivers: hv: vmbus: Remove the undesired put_cpu_ptr() in hv_synic_cleanup()
    - ubsan: Fix nasty -Wbuiltin-declaration-mismatch GCC-9 warnings
    - staging: greybus: power_supply: fix prop-descriptor request size
    - staging: wilc1000: Avoid GFP_KERNEL allocation from atomic context.
    - staging: most: cdev: fix chrdev_region leak in mod_exit
    - staging: most: sound: pass correct device when creating a sound card
    - ASoC: tlv320aic3x: fix reset gpio reference counting
    - ASoC: hdmi-codec: fix S/PDIF DAI
    - ASoC: stm32: sai: fix iec958 controls indexation
    - ASoC: stm32: sai: fix exposed capabilities in spdif mode
    - ASoC: stm32: sai: fix race condition in irq handler
    - ASoC:soc-pcm:fix a codec fixup issue in TDM case
    - ASoC:hdac_hda:use correct format to setup hda codec
    - ASoC:intel:skl:fix a simultaneous playback & capture issue on hda platform
    - ASoC: dpcm: prevent snd_soc_dpcm use after free
    - ASoC: nau8824: fix the issue of the widget with prefix name
    - ASoC: nau8810: fix the issue of widget with prefixed name
    - ASoC: samsung: odroid: Fix clock configuration for 44100 sample rate
    - ASoC: rt5682: Check JD status when system resume
    - ASoC: rt5682: fix jack type detection issue
    - ASoC: rt5682: recording has no sound after booting
    - ASoC: wm_adsp: Add locking to wm_adsp2_bus_error
    - clk: meson-gxbb: round the vdec dividers to closest
    - ASoC: stm32: dfsdm: manage multiple prepare
    - ASoC: stm32: dfsdm: fix debugfs warnings on entry creation
    - ASoC: cs4270: Set auto-increment bit for register writes
    - ASoC: dapm: Fix NULL pointer dereference in snd_soc_dapm_free_kcontrol
    - drm/omap: hdmi4_cec: Fix CEC clock handling for PM
    - IB/hfi1: Clear the IOWAIT pending bits when QP is put into error state
    - IB/hfi1: Eliminate opcode tests on mr deref
    - IB/hfi1: Fix the allocation of RSM table
    - MIPS: KGDB: fix kgdb support for SMP platforms.
    - ASoC: tlv320aic32x4: Fix Common Pins
    - drm/mediatek: Fix an error code in mtk_hdmi_dt_parse_pdata()
    - perf/x86/intel: Fix handling of wakeup_events for multi-entry PEBS
    - perf/x86/intel: Initialize TFA MSR
    - linux/kernel.h: Use parentheses around argument in u64_to_user_ptr()
    - iov_iter: F...

This bug was fixed in the package linux-kvm - 5.0.0-1011.12

---------------
linux-kvm (5.0.0-1011.12) disco; urgency=medium

* linux-kvm: 5.0.0-1011.12 -proposed tracker (LP: #1834892)

* q-r-t security test wants SCHED_STACK_END_CHECK to be enabled in KVM kernels
    (LP: #1812159)
    - [Config]: enable SCHED_STACK_END_CHECK

* PAGE_POISONING / PAGE_POISONING_NO_SANITY / PAGE_POISONING_ZERO option was
    expected to be set in C-KVM (LP: #1812624)
    - [Config]: enable PAGE_POISONING, PAGE_POISONING_NO_SANITY,
      PAGE_POISONING_ZERO

* test_410_config_lock_down_kernel in ubuntu_kernel_security test failed on
    B/C/D KVM (LP: #1811981)
    - [Config]: enable CONFIG_LOCK_DOWN_KERNEL

[ Ubuntu: 5.0.0-21.22 ]

* linux: 5.0.0-21.22 -proposed tracker (LP: #1834902)
  * Disco update: 5.0.15 upstream stable release (LP: #1834529)
    - net: stmmac: Use bfsize1 in ndesc_init_rx_desc
    - Drivers: hv: vmbus: Remove the undesired put_cpu_ptr() in hv_synic_cleanup()
    - ubsan: Fix nasty -Wbuiltin-declaration-mismatch GCC-9 warnings
    - staging: greybus: power_supply: fix prop-descriptor request size
    - staging: wilc1000: Avoid GFP_KERNEL allocation from atomic context.
    - staging: most: cdev: fix chrdev_region leak in mod_exit
    - staging: most: sound: pass correct device when creating a sound card
    - ASoC: tlv320aic3x: fix reset gpio reference counting
    - ASoC: hdmi-codec: fix S/PDIF DAI
    - ASoC: stm32: sai: fix iec958 controls indexation
    - ASoC: stm32: sai: fix exposed capabilities in spdif mode
    - ASoC: stm32: sai: fix race condition in irq handler
    - ASoC:soc-pcm:fix a codec fixup issue in TDM case
    - ASoC:hdac_hda:use correct format to setup hda codec
    - ASoC:intel:skl:fix a simultaneous playback & capture issue on hda platform
    - ASoC: dpcm: prevent snd_soc_dpcm use after free
    - ASoC: nau8824: fix the issue of the widget with prefix name
    - ASoC: nau8810: fix the issue of widget with prefixed name
    - ASoC: samsung: odroid: Fix clock configuration for 44100 sample rate
    - ASoC: rt5682: Check JD status when system resume
    - ASoC: rt5682: fix jack type detection issue
    - ASoC: rt5682: recording has no sound after booting
    - ASoC: wm_adsp: Add locking to wm_adsp2_bus_error
    - clk: meson-gxbb: round the vdec dividers to closest
    - ASoC: stm32: dfsdm: manage multiple prepare
    - ASoC: stm32: dfsdm: fix debugfs warnings on entry creation
    - ASoC: cs4270: Set auto-increment bit for register writes
    - ASoC: dapm: Fix NULL pointer dereference in snd_soc_dapm_free_kcontrol
    - drm/omap: hdmi4_cec: Fix CEC clock handling for PM
    - IB/hfi1: Clear the IOWAIT pending bits when QP is put into error state
    - IB/hfi1: Eliminate opcode tests on mr deref
    - IB/hfi1: Fix the allocation of RSM table
    - MIPS: KGDB: fix kgdb support for SMP platforms.
    - ASoC: tlv320aic32x4: Fix Common Pins
    - drm/mediatek: Fix an error code in mtk_hdmi_dt_parse_pdata()
    - perf/x86/intel: Fix handling of wakeup_events for multi-entry PEBS
    - perf/x86/intel: Initialize TFA MSR
    - linux/kernel.h: Use parentheses around argument in u64_to_user_ptr()
    - iov_iter: Fix build error without CONFIG_CRYPTO
    - xtensa: fix initialization of pt_regs::syscall in start_thread
    - ASoC: rockchip: pdm: fix regmap_ops hang issue
    - drm/amdkfd: Add picasso pci id
    - drm/amdgpu: Adjust IB test timeout for XGMI configuration
    - drm/amdgpu: amdgpu_device_recover_vram always failed if only one node in
      shadow_list
    - drm/amd/display: fix cursor black issue
    - ASoC: cs35l35: Disable regulators on driver removal
    - objtool: Add rewind_stack_do_exit() to the noreturn list
    - slab: fix a crash by reading /proc/slab_allocators
    - drm/sun4i: tcon top: Fix NULL/invalid pointer dereference in
      sun8i_tcon_top_un/bind
    - virtio_pci: fix a NULL pointer reference in vp_del_vqs
    - RDMA/vmw_pvrdma: Fix memory leak on pvrdma_pci_remove
    - RDMA/hns: Fix bug that caused srq creation to fail
    - KEYS: trusted: fix -Wvarags warning
    - scsi: csiostor: fix missing data copy in csio_scsi_err_handler()
    - drm/mediatek: fix possible object reference leak
    - drm/mediatek: fix the rate and divder of hdmi phy for MT2701
    - drm/mediatek: make implementation of recalc_rate() for MT2701 hdmi phy
    - drm/mediatek: remove flag CLK_SET_RATE_PARENT for MT2701 hdmi phy
    - drm/mediatek: using new factor for tvdpll for MT2701 hdmi phy
    - drm/mediatek: no change parent rate in round_rate() for MT2701 hdmi phy
    - ASoC: Intel: kbl: fix wrong number of channels
    - ASoC: stm32: sai: fix master clock management
    - ALSA: hda: Fix racy display power access
    - virtio-blk: limit number of hw queues by nr_cpu_ids
    - blk-mq: introduce blk_mq_complete_request_sync()
    - nvme: cancel request synchronously
    - nvme-fc: correct csn initialization and increments on error
    - nvmet: fix discover log page when offsets are used
    - platform/x86: pmc_atom: Drop __initconst on dmi table
    - NFSv4.1 fix incorrect return value in copy_file_range
    - perf/core: Fix perf_event_disable_inatomic() race
    - genirq: Prevent use-after-free and work list corruption
    - usb: dwc3: Allow building USB_DWC3_QCOM without EXTCON
    - usb: dwc3: Fix default lpm_nyet_threshold value
    - USB: serial: f81232: fix interrupt worker not stop
    - USB: cdc-acm: fix unthrottle races
    - usb-storage: Set virt_boundary_mask to avoid SG overflows
    - intel_th: pci: Add Comet Lake support
    - iio: adc: qcom-spmi-adc5: Fix of-based module autoloading
    - cpufreq: armada-37xx: fix frequency calculation for opp
    - ACPI / LPSS: Use acpi_lpss_* instead of acpi_subsys_* functions for
      hibernate
    - soc: sunxi: Fix missing dependency on REGMAP_MMIO
    - scsi: lpfc: change snprintf to scnprintf for possible overflow
    - scsi: qla2xxx: Fix incorrect region-size setting in optrom SYSFS routines
    - scsi: qla2xxx: Fix device staying in blocked state
    - Bluetooth: Align minimum encryption key size for LE and BR/EDR connections
    - Bluetooth: Fix not initializing L2CAP tx_credits
    - Bluetooth: hci_bcm: Fix empty regulator supplies for Intel Macs
    - UAS: fix alignment of scatter/gather segments
    - ASoC: Intel: avoid Oops if DMA setup fails
    - i3c: Fix a shift wrap bug in i3c_bus_set_addr_slot_status()
    - locking/futex: Allow low-level atomic operations to return -EAGAIN
    - arm64: futex: Bound number of LDXR/STXR loops in FUTEX_WAKE_OP
    - Linux 5.0.15
    - Revert "Bluetooth: Align minimum encryption key size for LE and BR/EDR
      connections"
  * QCA9377 isn't being recognized sometimes (LP: #1757218)
    - SAUCE: USB: Disable USB2 LPM at shutdown
  * Cache line contention prevents scaling of 100Gbps performance (LP: #1832909)
    - iommu/iova: Separate atomic variables to improve performance
  * net: hns: Fix loopback test failed at copper ports (LP: #1833132)
    - net: hns: Fix loopback test failed at copper ports
  * hns: fix ICMP6 neighbor solicitation messages discard problem (LP: #1833140)
    - net: hns: fix unsigned comparison to less than zero
  * [UBUNTU] pkey: Indicate old mkvp only if old and curr. mkvp are different
    (LP: #1832625)
    - pkey: Indicate old mkvp only if old and current mkvp are different
  * [UBUNTU] kernel: Fix gcm-aes-s390 wrong scatter-gather list processing
    (LP: #1832623)
    - s390/crypto: fix gcm-aes-s390 selftest failures
  * AX88772A USB to Ethernet dongle doesn't work (LP: #1834114)
    - net: phy: rename Asix Electronics PHY driver
    - [Config] update configs and annotations for ASIX renamed
  * Add nvidia-418 dkms build support to disco (LP: #1834476)
    - add nvidia-418 dkms build
  * depmod may prefer unsigned l-r-m nvidia modules to signed modules
    (LP: #1834479)
    - [Packaging] dkms-build--nvidia-N -- clean up unsigned ko files
  * Hi1620 driver updates from upstream 5.2 merge window (LP: #1830815)
    - ethtool: Added support for 50Gbps per lane link modes
    - net: hns3: Make hclgevf_update_link_mode static
    - net: hns3: Make hclge_destroy_cmd_queue static
    - RDMA/hns: Only assign the relatived fields of psn if IB_QP_SQ_PSN is set
    - RDMA/hns: Only assign the fields of the rq psn if IB_QP_RQ_PSN is set
    - RDMA/hns: Update the range of raq_psn field of qp context
    - RDMA/hns: Only assgin some fields if the relatived attr_mask is set
    - RDMA/hns: Hide error print information with roce vf device
    - RDMA/hns: Bugfix for sending with invalidate
    - RDMA/hns: Delete unused variable in hns_roce_v2_modify_qp function
    - RDMA/hns: Limit scope of hns_roce_cmq_send()
    - RDMA/hns: Convert cq_table to XArray
    - RDMA/hns: Convert qp_table_tree to XArray
    - RDMA/hns: Fix bad endianess of port_pd variable
    - net: hns3: check 1000M half for hns3_ethtool_ops.set_link_ksettings
    - net: hns3: reduce resources use in kdump kernel
    - net: hns3: modify the VF network port media type acquisition method
    - net: hns3: return 0 and print warning when hit duplicate MAC
    - net: hns3: minor optimization for ring_space
    - net: hns3: minor optimization for datapath
    - net: hns3: simplify hclgevf_cmd_csq_clean
    - net: hns3: add protect when handling mac addr list
    - net: hns3: check resetting status in hns3_get_stats()
    - net: hns3: prevent change MTU when resetting
    - net: hns3: modify HNS3_NIC_STATE_INITED flag in
      hns3_reset_notify_uninit_enet
    - net: hns3: split function hnae3_match_n_instantiate()
    - RDMA/hns: Dump detailed driver-specific CQ
    - RDMA/hns: Support to create 1M srq queue
    - RDMA/hns: Bugfix for SCC hem free
    - net: hns3: set vport alive state to default while resetting
    - net: hns3: set up the vport alive state while reinitializing
    - net: hns3: not reset vport who not alive when PF reset
    - net: hns3: adjust the timing of hns3_client_stop when unloading
    - net: hns3: deactive the reset timer when reset successfully
    - net: hns3: ignore lower-level new coming reset
    - net: hns3: do not request reset when hardware resetting
    - net: hns3: handle pending reset while reset fail
    - net: hns3: stop mailbox handling when command queue need re-init
    - net: hns3: add error handler for initializing command queue
    - net: hns3: remove resetting check in hclgevf_reset_task_schedule
    - net: hns3: fix keep_alive_timer not stop problem
    - scsi: hisi_sas: add host reset interface for test
    - scsi: hisi_sas: Remedy inconsistent PHY down state in software
    - scsi: hisi_sas: Fix for setting the PHY linkrate when disconnected
    - scsi: hisi_sas: Adjust the printk format of functions hisi_sas_init_device()
    - scsi: hisi_sas: allocate different SAS address for directly attached
      situation
    - scsi: hisi_sas: Support all RAS events with MSI interrupts
    - scsi: hisi_sas: Don't hard reset disk during controller reset
    - scsi: hisi_sas: Don't fail IT nexus reset for Open Reject timeout
    - scsi: hisi_sas: Some misc tidy-up
    - net: hns3: modify VLAN initialization to be compatible with port based VLAN
    - net: hns3: fix VLAN offload handle for VLAN inserted by port
    - net: hns3: fix set port based VLAN for PF
    - net: hns3: fix set port based VLAN issue for VF
    - net: hns3: minor refactor for hns3_rx_checksum
    - net: hns3: add hns3_gro_complete for HW GRO process
    - net: hns3: always assume no drop TC for performance reason
    - net: hns3: divide shared buffer between TC
    - net: hns3: set dividual reset level for all RAS and MSI-X errors
    - net: hns3: do not initialize MDIO bus when PHY is inexistent
    - net: hns3: free the pending skb when clean RX ring
    - net: hns3: code optimization for command queue' spin lock
    - net: hns3: fix sparse: warning when calling hclge_set_vlan_filter_hw()
    - net: hns3: fix for vport->bw_limit overflow problem
    - net: hns3: add reset statistics info for PF
    - net: hns3: add reset statistics for VF
    - net: hns3: add some debug information for hclge_check_event_cause
    - net: hns3: add some debug info for hclgevf_get_mbx_resp()
    - net: hns3: refine tx timeout count handle
    - net: hns3: fix loop condition of hns3_get_tx_timeo_queue_info()
    - net: hns3: dump more information when tx timeout happens
    - net: hns3: Add support for netif message level settings
    - net: hns3: add support for dump ncl config by debugfs
    - net: hns3: Add handling of MAC tunnel interruption
    - net: hns3: add queue's statistics update to service task
    - net: hns3: add function type check for debugfs help information
    - RDMA/hns: Bugfix for mapping user db
    - net: hns3: fix data race between ring->next_to_clean
    - net: hns3: fix for TX clean num when cleaning TX BD
    - net: hns3: handle the BD info on the last BD of the packet
    - net: hns3: stop sending keep alive msg when VF command queue needs reinit
    - net: hns3: use atomic_t replace u32 for arq's count
    - net: hns3: use a reserved byte to identify need_resp flag
    - net: hns3: not reset TQP in the DOWN while VF resetting
    - net: hns3: fix pause configure fail problem
    - net: hns3: extend the loopback state acquisition time
    - net: hns3: prevent double free in hns3_put_ring_config()
    - net: hns3: remove reset after command send failed
    - net: hns3: add support for multiple media type
    - net: hns3: add autoneg and change speed support for fibre port
    - net: hns3: add support for FEC encoding control
    - net: hns3: unify maybe_stop_tx for TSO and non-TSO case
    - net: hns3: use napi_schedule_irqoff in hard interrupts handlers
    - net: hns3: add counter for times RX pages gets allocated
    - net: hns3: add linearizing checking for TSO case
    - net: hns3: fix for tunnel type handling in hns3_rx_checksum
    - net: hns3: refactor BD filling for l2l3l4 info
    - net: hns3: combine len and checksum handling for inner and outer header.
    - net: hns3: fix error handling for desc filling
    - net: hns3: optimize the barrier using when cleaning TX BD
    - net: hns3: unify the page reusing for page size 4K and 64K
    - net: hns3: some cleanup for struct hns3_enet_ring
    - net: hns3: use devm_kcalloc when allocating desc_cb
    - net: hns3: remove redundant assignment of l2_hdr to itself
    - net: hns3: initialize CPU reverse mapping
    - net: hns3: refine the flow director handle
    - net: hns3: add aRFS support for PF
    - net: hns3: fix for FEC configuration
    - RDMA/hns: Remove unnecessary print message in aeq
    - RDMA/hns: Update CQE specifications
    - RDMA/hns: Move spin_lock_irqsave to the correct place
    - RDMA/hns: Remove jiffies operation in disable interrupt context
    - RDMA/hns: Replace magic numbers with #defines
    - net: hns3: fix compile warning without CONFIG_RFS_ACCEL
    - net: hns3: fix for HNS3_RXD_GRO_SIZE_M macro
    - net: hns3: add support for dump firmware statistics by debugfs
    - net: hns3: use HCLGE_STATE_NIC_REGISTERED to indicate PF NIC client has
      registered
    - net: hns3: use HCLGE_STATE_ROCE_REGISTERED to indicate PF ROCE client has
      registered
    - net: hns3: use HCLGEVF_STATE_NIC_REGISTERED to indicate VF NIC client has
      registered
    - net: hns3: modify hclge_init_client_instance()
    - net: hns3: modify hclgevf_init_client_instance()
    - net: hns3: add handshake with hardware while doing reset
    - net: hns3: stop schedule reset service while unloading driver
    - net: hns3: adjust hns3_uninit_phy()'s location in the hns3_client_uninit()
    - net: hns3: fix a memory leak issue for hclge_map_unmap_ring_to_vf_vector
    - RDMA/hns: Bugfix for posting multiple srq work request
    - net: hns3: remove redundant core reset
    - net: hns3: don't configure new VLAN ID into VF VLAN table when it's full
    - net: hns3: fix VLAN filter restore issue after reset
    - net: hns3: set the port shaper according to MAC speed
    - net: hns3: add a check to pointer in error_detected and slot_reset
    - net: hns3: set ops to null when unregister ad_dev
    - net: hns3: add handling of two bits in MAC tunnel interrupts
    - net: hns3: remove setting bit of reset_requests when handling mac tunnel
      interrupts
    - net: hns3: add opcode about query and clear RAS & MSI-X to special opcode
    - net: hns3: delay and separate enabling of NIC and ROCE HW errors
    - RDMA/hns: fix inverted logic of readl read and shift
    - RDMA/hns: Bugfix for filling the sge of srq
    - net: hns3: log detail error info of ROCEE ECC and AXI errors
    - net: hns3: fix wrong size of mailbox responding data
    - net: hns3: make HW GRO handling compliant with SW GRO
    - net: hns3: replace numa_node_id with numa_mem_id for buffer reusing
    - net: hns3: refactor hns3_get_new_int_gl function
    - net: hns3: trigger VF reset if a VF has an over_8bd_nfe_err
    - net: hns3: delete the redundant user NIC codes
    - net: hns3: small changes for magic numbers
    - net: hns3: use macros instead of magic numbers
    - net: hns3: refactor PF/VF RSS hash key configuration
    - net: hns3: some modifications to simplify and optimize code
    - net: hns3: fix some coding style issues
    - net: hns3: delay setting of reset level for hw errors until slot_reset is
      called
    - net: hns3: fix avoid unnecessary resetting for the H/W errors which do not
      require reset
    - net: hns3: process H/W errors occurred before HNS dev initialization
    - net: hns3: add recovery for the H/W errors occurred before the HNS dev
      initialization
    - net: hns3: some changes of MSI-X bits in PPU(RCB)
    - net: hns3: extract handling of mpf/pf msi-x errors into functions
    - net: hns3: clear restting state when initializing HW device
    - net: hns3: free irq when exit from abnormal branch
    - net: hns3: fix for dereferencing before null checking
    - net: hns3: fix for skb leak when doing selftest
    - net: hns3: delay ring buffer clearing during reset
    - net: hns3: some variable modification
    - net: hns3: fix dereference of ae_dev before it is null checked
    - scsi: hisi_sas: Delete PHY timers when rmmod or probe failed
    - scsi: hisi_sas: Fix the issue of argument mismatch of printing ecc errors
    - scsi: hisi_sas: Reduce HISI_SAS_SGE_PAGE_CNT in size
    - scsi: hisi_sas: Change the type of some numbers to unsigned
    - scsi: hisi_sas: Ignore the error code between phy down to phy up
    - scsi: hisi_sas: Disable stash for v3 hw
    - net: hns3: Add missing newline at end of file
    - net: hns3: Fix inconsistent indenting
    - RDMa/hns: Don't stuck in endless timeout loop
  * Kernel modules generated incorrectly when system is localized to a non-
    English language (LP: #1828084)
    - scripts: override locale from environment when running recordmcount.pl
  * [UBUNTU] kernel: Fix wrong dispatching for control domain CPRBs
    (LP: #1832624)
    - s390/zcrypt: Fix wrong dispatching for control domain CPRBs
  * shiftfs: allow changing ro/rw for subvolumes (LP: #1832316)
    - SAUCE: shiftfs: allow changing ro/rw for subvolumes
  * Sound device not detected after resume from hibernate (LP: #1826868)
    - drm/i915: Force 2*96 MHz cdclk on glk/cnl when audio power is enabled
    - drm/i915: Save the old CDCLK atomic state
    - drm/i915: Remove redundant store of logical CDCLK state
    - drm/i915: Skip modeset for cdclk changes if possible
  * [raven] fix screen corruption on modprobe (LP: #1831846)
    - drm/amdgpu: keep stolen memory on picasso
    - drm/amdgpu: reserve stollen vram for raven series
  * Handle overflow in proc_get_long of sysctl (LP: #1833935)
    - sysctl: handle overflow in proc_get_long
  * Oops during sas expander hotplugging (LP: #1831799)
    - scsi: libsas: delete sas port if expander discover failed
  * [SRU][B/B-OEM/C/D/OEM-OSP1] Add RTL8822 wifi driver rtw88 (LP: #1831828)
    - rtw88: new Realtek 802.11ac driver
    - rtw88: fix shift of more than 32 bits of a integer
    - rtw88: phy: mark expected switch fall-throughs
    - rtw88: Make RA_MASK macros ULL
    - [Config] Add realtek wifi RTW88 support
  * Dell XPS 13 (9370) defaults to s2idle sleep/suspend instead of deep, NVMe
    drains lots of power under s2idle (LP: #1808957)
    - Revert "UBUNTU: SAUCE: pci/nvme: prevent WDC PC SN720 NVMe from entering D3
      and being disabled"
    - Revert "UBUNTU: SAUCE: nvme: add quirk to not call disable function when
      suspending"
    - Revert "UBUTU: SAUCE: pci: prevent Intel NVMe SSDPEKKF from entering D3"
    - Revert "UBUNTU: SAUCE: nvme: add quirk to not call disable function when
      suspending"
    - Revert "UBUNTU: SAUCE: pci: prevent sk hynix nvme from entering D3"
    - PCI: PM: Avoid possible suspend-to-idle issue
    - PCI: PM: Skip devices in D0 for suspend-to-idle
    - nvme-pci: Sync queues on reset
    - nvme: Export get and set features
    - nvme-pci: Use host managed power state for suspend
  * arm64: cma_alloc errors at boot (LP: #1823753)
    - [Config] Bump CMA_SIZE_MBYTES to 32 on arm64
    - dma-contiguous: add dma_{alloc, free}_contiguous() helpers
    - dma-contiguous: use fallback alloc_pages for single pages
    - dma-contiguous: fix !CONFIG_DMA_CMA version of dma_{alloc,
      free}_contiguous()
  * libsas: old linkrate advertised after phy disabled (LP: #1830435)
    - scsi: libsas: Inject revalidate event for root port event
    - scsi: libsas: Do discovery on empty PHY to update PHY info
  * fanotify06 from ubuntu_ltp_syscalls failed (LP: #1833028)
    - ovl: do not generate duplicate fsnotify events for "fake" path
  * hinic: fix oops due to race in set_rx_mode (LP: #1832048)
    - hinic: fix a bug in set rx mode
  * ubuntu 18.04 flickering screen with Radeon X1600 (LP: #1791312)
    - drm/radeon: prefer lower reference dividers
  * [ALSA] [PATCH] Headset fixup for System76 Gazelle (gaze14) (LP: #1827555)
    - ALSA: hda/realtek - Headset fixup for System76 Gazelle (gaze14)
    - ALSA: hda/realtek - Corrected fixup for System76 Gazelle (gaze14)
  * ftrace in ubuntu_kernel_selftests complains "Illegal number" because of the
    absence of tput (LP: #1828989)
    - selftests/ftrace: Handle the absence of tput
  * CVE-2019-11833
    - ext4: zero out the unused memory region in the extent tree block
  * Disco update: 5.0.14 upstream stable release (LP: #1832775)
    - selftests/seccomp: Prepare for exclusive seccomp flags
    - seccomp: Make NEW_LISTENER and TSYNC flags exclusive
    - ARC: memset: fix build with L1_CACHE_SHIFT != 6
    - iwlwifi: fix driver operation for 5350
    - mwifiex: Make resume actually do something useful again on SDIO cards
    - mtd: rawnand: marvell: Clean the controller state before each operation
    - mac80211: don't attempt to rename ERR_PTR() debugfs dirs
    - i2c: synquacer: fix enumeration of slave devices
    - i2c: imx: correct the method of getting private data in notifier_call
    - i2c: Prevent runtime suspend of adapter when Host Notify is required
    - ALSA: hda/realtek - Add new Dell platform for headset mode
    - USB: yurex: Fix protection fault after device removal
    - USB: w1 ds2490: Fix bug caused by improper use of altsetting array
    - USB: dummy-hcd: Fix failure to give back unlinked URBs
    - usb: usbip: fix isoc packet num validation in get_pipe
    - USB: core: Fix unterminated string returned by usb_string()
    - USB: core: Fix bug caused by duplicate interface PM usage counter
    - KVM: lapic: Disable timer advancement if adaptive tuning goes haywire
    - KVM: x86: Consider LAPIC TSC-Deadline timer expired if deadline too short
    - KVM: lapic: Track lapic timer advance per vCPU
    - KVM: lapic: Allow user to disable adaptive tuning of timer advancement
    - KVM: lapic: Convert guest TSC to host time domain if necessary
    - arm64: dts: rockchip: fix rk3328-roc-cc gmac2io tx/rx_delay
    - HID: logitech: check the return value of create_singlethread_workqueue
    - HID: debug: fix race condition with between rdesc_show() and device removal
    - rtc: cros-ec: Fail suspend/resume if wake IRQ can't be configured
    - rtc: sh: Fix invalid alarm warning for non-enabled alarm
    - ARM: OMAP2+: add missing of_node_put after of_device_is_available
    - batman-adv: Reduce claim hash refcnt only for removed entry
    - batman-adv: Reduce tt_local hash refcnt only for removed entry
    - batman-adv: Reduce tt_global hash refcnt only for removed entry
    - batman-adv: fix warning in function batadv_v_elp_get_throughput
    - ARM: dts: rockchip: Fix gpu opp node names for rk3288
    - reset: meson-audio-arb: Fix missing .owner setting of reset_controller_dev
    - ARM: dts: Fix dcan clkctrl clock for am3
    - i40e: fix i40e_ptp_adjtime when given a negative delta
    - ixgbe: fix mdio bus registration
    - i40e: fix WoL support check
    - riscv: fix accessing 8-byte variable from RV32
    - HID: quirks: Fix keyboard + touchpad on Lenovo Miix 630
    - net: hns3: fix compile error
    - xdp: fix cpumap redirect SKB creation bug
    - net/mlx5: E-Switch, Protect from invalid memory access in offload fdb table
    - net/mlx5: E-Switch, Fix esw manager vport indication for more vport commands
    - bonding: show full hw address in sysfs for slave entries
    - net: stmmac: use correct DMA buffer size in the RX descriptor
    - net: stmmac: ratelimit RX error logs
    - net: stmmac: don't stop NAPI processing when dropping a packet
    - net: stmmac: don't overwrite discard_frame status
    - net: stmmac: fix dropping of multi-descriptor RX frames
    - net: stmmac: don't log oversized frames
    - jffs2: fix use-after-free on symlink traversal
    - debugfs: fix use-after-free on symlink traversal
    - mfd: twl-core: Disable IRQ while suspended
    - block: use blk_free_flush_queue() to free hctx->fq in blk_mq_init_hctx
    - rtc: da9063: set uie_unsupported when relevant
    - HID: input: add mapping for Assistant key
    - vfio/pci: use correct format characters
    - scsi: core: add new RDAC LENOVO/DE_Series device
    - scsi: storvsc: Fix calculation of sub-channel count
    - arm/mach-at91/pm : fix possible object reference leak
    - blk-mq: do not reset plug->rq_count before the list is sorted
    - arm64: fix wrong check of on_sdei_stack in nmi context
    - net: hns: fix KASAN: use-after-free in hns_nic_net_xmit_hw()
    - net: hns: Fix probabilistic memory overwrite when HNS driver initialized
    - net: hns: fix ICMP6 neighbor solicitation messages discard problem
    - net: hns: Fix WARNING when remove HNS driver with SMMU enabled
    - libcxgb: fix incorrect ppmax calculation
    - KVM: SVM: prevent DBG_DECRYPT and DBG_ENCRYPT overflow
    - kmemleak: powerpc: skip scanning holes in the .bss section
    - hugetlbfs: fix memory leak for resv_map
    - sh: fix multiple function definition build errors
    - null_blk: prevent crash from bad home_node value
    - xsysace: Fix error handling in ace_setup
    - fs: stream_open - opener for stream-like files so that read and write can
      run simultaneously without deadlock
    - ARM: orion: don't use using 64-bit DMA masks
    - ARM: iop: don't use using 64-bit DMA masks
    - perf/x86/amd: Update generic hardware cache events for Family 17h
    - Bluetooth: btusb: request wake pin with NOAUTOEN
    - Bluetooth: mediatek: fix up an error path to restore bdev->tx_state
    - clk: qcom: Add missing freq for usb30_master_clk on 8998
    - usb: dwc3: Reset num_trbs after skipping
    - staging: iio: adt7316: allow adt751x to use internal vref for all dacs
    - staging: iio: adt7316: fix the dac read calculation
    - staging: iio: adt7316: fix handling of dac high resolution option
    - staging: iio: adt7316: fix the dac write calculation
    - scsi: RDMA/srpt: Fix a credit leak for aborted commands
    - ASoC: Intel: bytcr_rt5651: Revert "Fix DMIC map headsetmic mapping"
    - ASoC: rsnd: gen: fix SSI9 4/5/6/7 busif related register address
    - ASoC: sunxi: sun50i-codec-analog: Rename hpvcc regulator supply to cpvdd
    - ASoC: wm_adsp: Correct handling of compressed streams that restart
    - ASoC: dpcm: skip missing substream while applying symmetry
    - ASoC: stm32: fix sai driver name initialisation
    - KVM: VMX: Save RSI to an unused output in the vCPU-run asm blob
    - KVM: nVMX: Remove a rogue "rax" clobber from nested_vmx_check_vmentry_hw()
    - kvm: vmx: Fix typos in vmentry/vmexit control setting
    - KVM: lapic: Check for in-kernel LAPIC before deferencing apic pointer
    - platform/x86: intel_pmc_core: Fix PCH IP name
    - platform/x86: intel_pmc_core: Handle CFL regmap properly
    - IB/core: Unregister notifier before freeing MAD security
    - IB/core: Fix potential memory leak while creating MAD agents
    - IB/core: Destroy QP if XRC QP fails
    - Input: snvs_pwrkey - initialize necessary driver data before enabling IRQ
    - Input: stmfts - acknowledge that setting brightness is a blocking call
    - gpio: mxc: add check to return defer probe if clock tree NOT ready
    - selinux: avoid silent denials in permissive mode under RCU walk
    - selinux: never allow relabeling on context mounts
    - mac80211: Honor SW_CRYPTO_CONTROL for unicast keys in AP VLAN mode
    - powerpc/mm/hash: Handle mmap_min_addr correctly in get_unmapped_area topdown
      search
    - x86/mce: Improve error message when kernel cannot recover, p2
    - clk: x86: Add system specific quirk to mark clocks as critical
    - x86/mm/KASLR: Fix the size of the direct mapping section
    - x86/mm: Fix a crash with kmemleak_scan()
    - x86/mm/tlb: Revert "x86/mm: Align TLB invalidation info"
    - i2c: i2c-stm32f7: Fix SDADEL minimum formula
    - media: v4l2: i2c: ov7670: Fix PLL bypass register values
    - ASoC: wm_adsp: Check for buffer in trigger stop
    - mm/kmemleak.c: fix unused-function warning
    - Linux 5.0.14
  * [ZenBook S UX391UA, Realtek ALC294, Mic, Internal] No sound at all
    (LP: #1784485) // Disco update: 5.0.14 upstream stable release
    (LP: #1832775)
    - ALSA: hda/realtek - Apply the fixup for ASUS Q325UAR
  * Support new ums-realtek device (LP: #1831840)
    - USB: usb-storage: Add new ID to ums-realtek
  * amd_iommu possible data corruption (LP: #1823037)
    - iommu/amd: Set exclusion range correctly
  * Add new sound card PCIID into the alsa driver (LP: #1832299)
    - ALSA: hda/intel: add CometLake PCI IDs
  * idle-page oopses when accessing page frames that are out of range
    (LP: #1833410)
    - mm/page_idle.c: fix oops because end_pfn is larger than max_pfn
  * Sometimes touchpad automatically trigger double click (LP: #1833484)
    - SAUCE: i2c: designware: Add disable runtime pm quirk
  * Disco update: 5.0.13 upstream stable release (LP: #1832749)
    - ipv4: ip_do_fragment: Preserve skb_iif during fragmentation
    - ipv6: A few fixes on dereferencing rt->from
    - ipv6: fix races in ip6_dst_destroy()
    - ipv6/flowlabel: wait rcu grace period before put_pid()
    - ipv6: invert flowlabel sharing check in process and user mode
    - l2ip: fix possible use-after-free
    - l2tp: use rcu_dereference_sk_user_data() in l2tp_udp_encap_recv()
    - net: dsa: bcm_sf2: fix buffer overflow doing set_rxnfc
    - net: phy: marvell: Fix buffer overrun with stats counters
    - net/tls: avoid NULL pointer deref on nskb->sk in fallback
    - rxrpc: Fix net namespace cleanup
    - sctp: avoid running the sctp state machine recursively
    - selftests: fib_rule_tests: print the result and return 1 if any tests failed
    - packet: validate msg_namelen in send directly
    - packet: in recvmsg msg_name return at least sizeof sockaddr_ll
    - selftests: fib_rule_tests: Fix icmp proto with ipv6
    - tcp: add sanity tests in tcp_add_backlog()
    - udp: fix GRO reception in case of length mismatch
    - udp: fix GRO packet of death
    - bnxt_en: Improve multicast address setup logic.
    - bnxt_en: Free short FW command HWRM memory in error path in bnxt_init_one()
    - bnxt_en: Fix possible crash in bnxt_hwrm_ring_free() under error conditions.
    - bnxt_en: Pass correct extended TX port statistics size to firmware.
    - bnxt_en: Fix statistics context reservation logic.
    - bnxt_en: Fix uninitialized variable usage in bnxt_rx_pkt().
    - net/tls: don't copy negative amounts of data in reencrypt
    - net/tls: fix copy to fragments in reencrypt
    - KVM: x86: Whitelist port 0x7e for pre-incrementing %rip
    - KVM: nVMX: Fix size checks in vmx_set_nested_state
    - ALSA: line6: use dynamic buffers
    - iwlwifi: mvm: properly check debugfs dentry before using it
    - ath10k: Drop WARN_ON()s that always trigger during system resume
    - Linux 5.0.13
  * Add pointstick support on HP ZBook 17 G5 (LP: #1833387)
    - Revert "HID: multitouch: Support ALPS PTP stick with pid 0x120A"
    - SAUCE: HID: multitouch: Add pointstick support for ALPS Touchpad
  * [SRU][B/B-OEM/B-OEM-OSP-1/C/D/E] Add trackpoint middle button support of 2
    new thinpads (LP: #1833637)
    - Input: elantech - enable middle button support on 2 ThinkPads
  * Kernel panic upon resetting ixgbe SR-IOV VFIO virtual function using 5.0
    kernel (LP: #1829652)
    - SAUCE: ixgbe: Avoid NULL pointer dereference with VF on non-IPsec hw
  * CVE-2019-11884
    - Bluetooth: hidp: fix buffer overflow
  * TPM module can not initial (LP: #1826142)
    - spi: Optionally use GPIO descriptors for CS GPIOs
    - spi: dw: Convert to use CS GPIO descriptors
    - spi: dw: fix warning unused variable 'ret'
    - spi: Support high CS when using descriptors
    - spi: dw: Fix default polarity of native chipselect
    - gpio: of: Fix logic inversion
    - spi: Add missing error handling for CS GPIOs
  * CVE-2018-12126 // CVE-2018-12127 // CVE-2018-12130 // CVE-2019-11091
    - SAUCE: Synchronize MDS mitigations with upstream
    - Documentation: Correct the possible MDS sysfs values
    - x86/speculation/mds: Fix documentation typo
  * CVE-2019-11091
    - x86/mds: Add MDSUM variant to the MDS documentation
  * Regression for ubuntu_kernel_selftests [net] ubuntu_bpf test case fails to
    build on disco (LP: #1829812)
    - tools: bpftool: add basic probe capability, probe syscall availability
    - tools: bpftool: add probes for eBPF program types
  * POSIX fix for ftrace test in ubuntu_kernel_selftests (LP: #1828995)
    - selftests/ftrace: Replace \e with \033
    - selftests/ftrace: Replace echo -e with printf
  * Disco update: 5.0.12 upstream stable release (LP: #1830934)
    - selinux: use kernel linux/socket.h for genheaders and mdp
    - Revert "ACPICA: Clear status of GPEs before enabling them"
    - drm/i915: Do not enable FEC without DSC
    - mm: make page ref count overflow check tighter and more explicit
    - mm: add 'try_get_page()' helper function
    - mm: prevent get_user_pages() from overflowing page refcount
    - fs: prevent page refcount overflow in pipe_buf_get
    - arm64: dts: renesas: r8a77990: Fix SCIF5 DMA channels
    - ARM: dts: bcm283x: Fix hdmi hpd gpio pull
    - s390: limit brk randomization to 32MB
    - mt76x02: fix hdr pointer in write txwi for USB
    - mt76: mt76x2: fix external LNA gain settings
    - mt76: mt76x2: fix 2.4 GHz channel gain settings
    - net: ieee802154: fix a potential NULL pointer dereference
    - ieee802154: hwsim: propagate genlmsg_reply return code
    - Btrfs: fix file corruption after snapshotting due to mix of buffered/DIO
      writes
    - net: stmmac: don't set own bit too early for jumbo frames
    - net: stmmac: fix jumbo frame sending with non-linear skbs
    - qlcnic: Avoid potential NULL pointer dereference
    - xsk: fix umem memory leak on cleanup
    - staging: axis-fifo: add CONFIG_OF dependency
    - staging, mt7621-pci: fix build without pci support
    - netfilter: nft_set_rbtree: check for inactive element after flag mismatch
    - netfilter: bridge: set skb transport_header before entering
      NF_INET_PRE_ROUTING
    - netfilter: fix NETFILTER_XT_TARGET_TEE dependencies
    - netfilter: ip6t_srh: fix NULL pointer dereferences
    - s390/qeth: fix race when initializing the IP address table
    - ARM: imx51: fix a leaked reference by adding missing of_node_put
    - sc16is7xx: missing unregister/delete driver on error in sc16is7xx_init()
    - serial: ar933x_uart: Fix build failure with disabled console
    - KVM: arm64: Reset the PMU in preemptible context
    - arm64: KVM: Always set ICH_HCR_EL2.EN if GICv4 is enabled
    - KVM: arm/arm64: vgic-its: Take the srcu lock when writing to guest memory
    - KVM: arm/arm64: vgic-its: Take the srcu lock when parsing the memslots
    - usb: dwc3: pci: add support for Comet Lake PCH ID
    - usb: gadget: net2280: Fix overrun of OUT messages
    - usb: gadget: net2280: Fix net2280_dequeue()
    - usb: gadget: net2272: Fix net2272_dequeue()
    - ARM: dts: pfla02: increase phy reset duration
    - i2c: i801: Add support for Intel Comet Lake
    - KVM: arm/arm64: Fix handling of stage2 huge mappings
    - net: ks8851: Dequeue RX packets explicitly
    - net: ks8851: Reassert reset pin if chip ID check fails
    - net: ks8851: Delay requesting IRQ until opened
    - net: ks8851: Set initial carrier state to down
    - staging: rtl8188eu: Fix potential NULL pointer dereference of kcalloc
    - staging: rtlwifi: rtl8822b: fix to avoid potential NULL pointer dereference
    - staging: rtl8712: uninitialized memory in read_bbreg_hdl()
    - staging: rtlwifi: Fix potential NULL pointer dereference of kzalloc
    - net: phy: Add DP83825I to the DP83822 driver
    - net: macb: Add null check for PCLK and HCLK
    - net/sched: don't dereference a->goto_chain to read the chain index
    - ARM: dts: imx6qdl: Fix typo in imx6qdl-icore-rqs.dtsi
    - drm/tegra: hub: Fix dereference before check
    - NFS: Fix a typo in nfs_init_timeout_values()
    - net: xilinx: fix possible object reference leak
    - net: ibm: fix possible object reference leak
    - net: ethernet: ti: fix possible object reference leak
    - drm: Fix drm_release() and device unplug
    - gpio: aspeed: fix a potential NULL pointer dereference
    - drm/meson: Fix invalid pointer in meson_drv_unbind()
    - drm/meson: Uninstall IRQ handler
    - ARM: davinci: fix build failure with allnoconfig
    - sbitmap: order READ/WRITE freed instance and setting clear bit
    - staging: vc04_services: Fix an error code in vchiq_probe()
    - scsi: mpt3sas: Fix kernel panic during expander reset
    - scsi: aacraid: Insure we don't access PCIe space during AER/EEH
    - scsi: qla4xxx: fix a potential NULL pointer dereference
    - usb: usb251xb: fix to avoid potential NULL pointer dereference
    - leds: trigger: netdev: fix refcnt leak on interface rename
    - SUNRPC: fix uninitialized variable warning
    - x86/realmode: Don't leak the trampoline kernel address
    - usb: u132-hcd: fix resource leak
    - ceph: fix use-after-free on symlink traversal
    - scsi: zfcp: reduce flood of fcrscn1 trace records on multi-element RSCN
    - x86/mm: Don't exceed the valid physical address space
    - libata: fix using DMA buffers on stack
    - kbuild: skip parsing pre sub-make code for recursion
    - afs: Fix StoreData op marshalling
    - gpio: of: Check propname before applying "cs-gpios" quirks
    - gpio: of: Check for "spi-cs-high" in child instead of parent node
    - KVM: nVMX: Do not inherit quadrant and invalid for the root shadow EPT
    - KVM: SVM: Workaround errata#1096 (insn_len maybe zero on SMAP violation)
    - kvm/x86: Move MSR_IA32_ARCH_CAPABILITIES to array emulated_msrs
    - x86/kvm/hyper-v: avoid spurious pending stimer on vCPU init
    - KVM: selftests: assert on exit reason in CR4/cpuid sync test
    - KVM: selftests: explicitly disable PIE for tests
    - KVM: selftests: disable stack protector for all KVM tests
    - KVM: selftests: complete IO before migrating guest state
    - gpio: of: Fix of_gpiochip_add() error path
    - nvme-multipath: relax ANA state check
    - nvmet: fix building bvec from sg list
    - nvmet: fix error flow during ns enable
    - perf cs-etm: Add missing case value
    - perf machine: Update kernel map address and re-order properly
    - kconfig/[mn]conf: handle backspace (^H) key
    - iommu/amd: Reserve exclusion range in iova-domain
    - kasan: fix variable 'tag' set but not used warning
    - ptrace: take into account saved_sigmask in PTRACE{GET,SET}SIGMASK
    - leds: pca9532: fix a potential NULL pointer dereference
    - leds: trigger: netdev: use memcpy in device_name_store
    - Linux 5.0.12
    - [Config] Document drop of axis-fifo for amd64/i386
  * Disco update: 5.0.11 upstream stable release (LP: #1830929)
    - netfilter: nf_tables: bogus EBUSY when deleting set after flush
    - netfilter: nf_tables: bogus EBUSY in helper removal from transaction
    - intel_th: gth: Fix an off-by-one in output unassigning
    - powerpc/vdso32: fix CLOCK_MONOTONIC on PPC64
    - ALSA: hda/realtek - Move to ACT_INIT state
    - fs/proc/proc_sysctl.c: Fix a NULL pointer dereference
    - block, bfq: fix use after free in bfq_bfqq_expire
    - cifs: fix memory leak in SMB2_read
    - cifs: fix page reference leak with readv/writev
    - cifs: do not attempt cifs operation on smb2+ rename error
    - tracing: Fix a memory leak by early error exit in trace_pid_write()
    - tracing: Fix buffer_ref pipe ops
    - crypto: xts - Fix atomic sleep when walking skcipher
    - crypto: lrw - Fix atomic sleep when walking skcipher
    - gpio: eic: sprd: Fix incorrect irq type setting for the sync EIC
    - zram: pass down the bvec we need to read into in the work struct
    - lib/Kconfig.debug: fix build error without CONFIG_BLOCK
    - MIPS: scall64-o32: Fix indirect syscall number load
    - trace: Fix preempt_enable_no_resched() abuse
    - mm: do not boost watermarks to avoid fragmentation for the DISCONTIG memory
      model
    - arm64: mm: Ensure tail of unaligned initrd is reserved
    - IB/rdmavt: Fix frwr memory registration
    - RDMA/mlx5: Do not allow the user to write to the clock page
    - RDMA/mlx5: Use rdma_user_map_io for mapping BAR pages
    - RDMA/ucontext: Fix regression with disassociate
    - sched/numa: Fix a possible divide-by-zero
    - ceph: only use d_name directly when parent is locked
    - ceph: ensure d_name stability in ceph_dentry_hash()
    - ceph: fix ci->i_head_snapc leak
    - nfsd: Don't release the callback slot unless it was actually held
    - nfsd: wake waiters blocked on file_lock before deleting it
    - nfsd: wake blocked file lock waiters before sending callback
    - sunrpc: don't mark uninitialised items as VALID.
    - perf/x86/intel: Update KBL Package C-state events to also include
      PC8/PC9/PC10 counters
    - Input: synaptics-rmi4 - write config register values to the right offset
    - dmaengine: sh: rcar-dmac: With cyclic DMA residue 0 is valid
    - dmaengine: sh: rcar-dmac: Fix glitch in dmaengine_tx_status
    - dmaengine: mediatek-cqdma: fix wrong register usage in mtk_cqdma_start
    - ARM: 8857/1: efi: enable CP15 DMB instructions before cleaning the cache
    - powerpc/mm/radix: Make Radix require HUGETLB_PAGE
    - drm/vc4: Fix memory leak during gpu reset.
    - drm/ttm: fix re-init of global structures
    - drm/vc4: Fix compilation error reported by kbuild test bot
    - ext4: fix some error pointer dereferences
    - loop: do not print warn message if partition scan is successful
    - tipc: handle the err returned from cmd header function
    - slip: make slhc_free() silently accept an error pointer
    - workqueue: Try to catch flush_work() without INIT_WORK().
    - sched/deadline: Correctly handle active 0-lag timers
    - mac80211_hwsim: calculate if_combination.max_interfaces
    - NFS: Forbid setting AF_INET6 to "struct sockaddr_in"->sin_family.
    - netfilter: ebtables: CONFIG_COMPAT: drop a bogus WARN_ON
    - fm10k: Fix a potential NULL pointer dereference
    - tipc: check bearer name with right length in tipc_nl_compat_bearer_enable
    - tipc: check link name with right length in tipc_nl_compat_link_set
    - net: netrom: Fix error cleanup path of nr_proto_init
    - net/rds: Check address length before reading address family
    - rxrpc: fix race condition in rxrpc_input_packet()
    - pin iocb through aio.
    - aio: fold lookup_kiocb() into its sole caller
    - aio: keep io_event in aio_kiocb
    - aio: store event at final iocb_put()
    - Fix aio_poll() races
    - x86, retpolines: Raise limit for generating indirect calls from switch-case
    - x86/retpolines: Disable switch jump tables when retpolines are enabled
    - rdma: fix build errors on s390 and MIPS due to bad ZERO_PAGE use
    - ipv4: add sanity checks in ipv4_link_failure()
    - ipv4: set the tcp_min_rtt_wlen range from 0 to one day
    - mlxsw: spectrum: Fix autoneg status in ethtool
    - net/mlx5e: ethtool, Remove unsupported SFP EEPROM high pages query
    - net: rds: exchange of 8K and 1M pool
    - net/rose: fix unbound loop in rose_loopback_timer()
    - net: stmmac: move stmmac_check_ether_addr() to driver probe
    - net/tls: fix refcount adjustment in fallback
    - stmmac: pci: Adjust IOT2000 matching
    - team: fix possible recursive locking when add slaves
    - net: socionext: replace napi_alloc_frag with the netdev variant on init
    - net/ncsi: handle overflow when incrementing mac address
    - mlxsw: pci: Reincrease PCI reset timeout
    - mlxsw: spectrum: Put MC TCs into DWRR mode
    - net/mlx5e: Fix the max MTU check in case of XDP
    - net/mlx5e: Fix use-after-free after xdp_return_frame
    - net/tls: avoid potential deadlock in tls_set_device_offload_rx()
    - net/tls: don't leak IV and record seq when offload fails
    - Linux 5.0.11
  * Disco update: 5.0.10 upstream stable release (LP: #1830922)
    - bonding: fix event handling for stacked bonds
    - failover: allow name change on IFF_UP slave interfaces
    - net: atm: Fix potential Spectre v1 vulnerabilities
    - net: bridge: fix per-port af_packet sockets
    - net: bridge: multicast: use rcu to access port list from
      br_multicast_start_querier
    - net: fec: manage ahb clock in runtime pm
    - net: Fix missing meta data in skb with vlan packet
    - net: fou: do not use guehdr after iptunnel_pull_offloads in gue_udp_recv
    - tcp: tcp_grow_window() needs to respect tcp_space()
    - team: set slave to promisc if team is already in promisc mode
    - tipc: missing entries in name table of publications
    - vhost: reject zero size iova range
    - ipv4: recompile ip options in ipv4_link_failure
    - ipv4: ensure rcu_read_lock() in ipv4_link_failure()
    - mlxsw: spectrum_switchdev: Add MDB entries in prepare phase
    - mlxsw: core: Do not use WQ_MEM_RECLAIM for EMAD workqueue
    - mlxsw: core: Do not use WQ_MEM_RECLAIM for mlxsw ordered workqueue
    - mlxsw: core: Do not use WQ_MEM_RECLAIM for mlxsw workqueue
    - mlxsw: spectrum_router: Do not check VRF MAC address
    - net: thunderx: raise XDP MTU to 1508
    - net: thunderx: don't allow jumbo frames with XDP
    - net/tls: fix the IV leaks
    - net/tls: don't leak partially sent record in device mode
    - net: strparser: partially revert "strparser: Call skb_unclone conditionally"
    - net/tls: fix build without CONFIG_TLS_DEVICE
    - net: bridge: fix netlink export of vlan_stats_per_port option
    - net/mlx5e: XDP, Avoid checksum complete when XDP prog is loaded
    - net/mlx5e: Protect against non-uplink representor for encap
    - net/mlx5e: Switch to Toeplitz RSS hash by default
    - net/mlx5e: Rx, Fixup skb checksum for packets with tail padding
    - net/mlx5e: Rx, Check ip headers sanity
    - Revert "net/mlx5e: Enable reporting checksum unnecessary also for L3
      packets"
    - net/mlx5: FPGA, tls, hold rcu read lock a bit longer
    - net/tls: prevent bad memory access in tls_is_sk_tx_device_offloaded()
    - net/mlx5: FPGA, tls, idr remove on flow delete
    - route: Avoid crash from dereferencing NULL rt->from
    - nfp: flower: replace CFI with vlan present
    - nfp: flower: remove vlan CFI bit from push vlan action
    - sch_cake: Use tc_skb_protocol() helper for getting packet protocol
    - sch_cake: Make sure we can write the IP header before changing DSCP bits
    - NFC: nci: Add some bounds checking in nci_hci_cmd_received()
    - nfc: nci: Potential off by one in ->pipes[] array
    - sch_cake: Simplify logic in cake_select_tin()
    - CIFS: keep FileInfo handle live during oplock break
    - cifs: Fix lease buffer length error
    - cifs: Fix use-after-free in SMB2_write
    - cifs: Fix use-after-free in SMB2_read
    - cifs: fix handle leak in smb2_query_symlink()
    - fs/dax: Deposit pagetable even when installing zero page
    - KVM: x86: Don't clear EFER during SMM transitions for 32-bit vCPU
    - KVM: x86: svm: make sure NMI is injected after nmi_singlestep
    - Staging: iio: meter: fixed typo
    - staging: iio: ad7192: Fix ad7193 channel address
    - iio: gyro: mpu3050: fix chip ID reading
    - iio/gyro/bmg160: Use millidegrees for temperature scale
    - iio:chemical:bme680: Fix, report temperature in millidegrees
    - iio:chemical:bme680: Fix SPI read interface
    - iio: cros_ec: Fix the maths for gyro scale calculation
    - iio: ad_sigma_delta: select channel when reading register
    - iio: dac: mcp4725: add missing powerdown bits in store eeprom
    - iio: Fix scan mask selection
    - iio: adc: at91: disable adc channel interrupt in timeout case
    - iio: core: fix a possible circular locking dependency
    - io: accel: kxcjk1013: restore the range after resume.
    - staging: most: core: use device description as name
    - staging: comedi: vmk80xx: Fix use of uninitialized semaphore
    - staging: comedi: vmk80xx: Fix possible double-free of ->usb_rx_buf
    - staging: comedi: ni_usb6501: Fix use of uninitialized mutex
    - staging: comedi: ni_usb6501: Fix possible double-free of ->usb_rx_buf
    - ALSA: core: Fix card races between register and disconnect
    - Input: elan_i2c - add hardware ID for multiple Lenovo laptops
    - serial: sh-sci: Fix HSCIF RX sampling point adjustment
    - serial: sh-sci: Fix HSCIF RX sampling point calculation
    - vt: fix cursor when clearing the screen
    - scsi: core: set result when the command cannot be dispatched
    - Revert "scsi: fcoe: clear FC_RP_STARTED flags when receiving a LOGO"
    - i3c: dw: Fix dw_i3c_master_disable controller by using correct mask
    - i3c: Fix the verification of random PID
    - Revert "svm: Fix AVIC incomplete IPI emulation"
    - coredump: fix race condition between mmget_not_zero()/get_task_mm() and core
      dumping
    - x86/kvm: move kvm_load/put_guest_xcr0 into atomic context
    - ipmi: fix sleep-in-atomic in free_user at cleanup SRCU user->release_barrier
    - crypto: x86/poly1305 - fix overflow during partial reduction
    - drm/ttm: fix out-of-bounds read in ttm_put_pages() v2
    - arm64: futex: Restore oldval initialization to work around buggy compilers
    - x86/kprobes: Verify stack frame on kretprobe
    - kprobes: Mark ftrace mcount handler functions nokprobe
    - x86/kprobes: Avoid kretprobe recursion bug
    - kprobes: Fix error check when reusing optimized probes
    - rt2x00: do not increment sequence number while re-transmitting
    - mac80211: do not call driver wake_tx_queue op during reconfig
    - s390/mem_detect: Use IS_ENABLED(CONFIG_BLK_DEV_INITRD)
    - drm/amdgpu/gmc9: fix VM_L2_CNTL3 programming
    - perf/x86/amd: Add event map for AMD Family 17h
    - x86/cpu/bugs: Use __initconst for 'const' init data
    - perf/x86: Fix incorrect PEBS_REGS
    - x86/speculation: Prevent deadlock on ssb_state::lock
    - timers/sched_clock: Prevent generic sched_clock wrap caused by tick_freeze()
    - nfit/ars: Remove ars_start_flags
    - nfit/ars: Introduce scrub_flags
    - nfit/ars: Allow root to busy-poll the ARS state machine
    - nfit/ars: Avoid stale ARS results
    - tpm/tpm_i2c_atmel: Return -E2BIG when the transfer is incomplete
    - tpm: Fix the type of the return value in calc_tpm2_event_size()
    - Revert "kbuild: use -Oz instead of -Os when using clang"
    - sched/fair: Limit sched_cfs_period_timer() loop to avoid hard lockup
    - tpm: fix an invalid condition in tpm_common_poll
    - mt76x02: avoid status_list.lock and sta->rate_ctrl_lock dependency
    - device_cgroup: fix RCU imbalance in error case
    - perf/ring_buffer: Fix AUX record suppression
    - mm/memory_hotplug: do not unlock after failing to take the
      device_hotplug_lock
    - mm/vmstat.c: fix /proc/vmstat format for CONFIG_DEBUG_TLBFLUSH=y
      CONFIG_SMP=n
    - ALSA: info: Fix racy addition/deletion of nodes
    - percpu: stop printing kernel addresses
    - kernel/sysctl.c: fix out-of-bounds access when setting file-max
    - Linux 5.0.10
  * Disco update: 5.0.9 upstream stable release (LP: #1830906)
    - ARC: u-boot args: check that magic number is correct
    - arc: hsdk_defconfig: Enable CONFIG_BLK_DEV_RAM
    - perf/core: Restore mmap record type correctly
    - mips: bcm47xx: Enable USB power on Netgear WNDR3400v2
    - ext4: avoid panic during forced reboot
    - ext4: add missing brelse() in add_new_gdb_meta_bg()
    - ext4: report real fs size after failed resize
    - ALSA: echoaudio: add a check for ioremap_nocache
    - ALSA: sb8: add a check for request_region
    - auxdisplay: hd44780: Fix memory leak on ->remove()
    - drm/udl: use drm_gem_object_put_unlocked.
    - IB/mlx4: Fix race condition between catas error reset and aliasguid flows
    - i40iw: Avoid panic when handling the inetdev event
    - mmc: davinci: remove extraneous __init annotation
    - ALSA: opl3: fix mismatch between snd_opl3_drum_switch definition and
      declaration
    - paride/pf: cleanup queues when detection fails
    - paride/pcd: cleanup queues when detection fails
    - thermal/intel_powerclamp: fix __percpu declaration of worker_data
    - thermal: samsung: Fix incorrect check after code merge
    - thermal: bcm2835: Fix crash in bcm2835_thermal_debugfs
    - thermal/int340x_thermal: Add additional UUIDs
    - thermal/int340x_thermal: fix mode setting
    - thermal/intel_powerclamp: fix truncated kthread name
    - scsi: iscsi: flush running unbind operations when removing a session
    - sched/cpufreq: Fix 32-bit math overflow
    - sched/core: Fix buffer overflow in cgroup2 property cpu.max
    - x86/mm: Don't leak kernel addresses
    - tools/power turbostat: return the exit status of a command
    - scsi: core: Also call destroy_rcu_head() for passthrough requests
    - scsi: qla2xxx: Fix NULL pointer crash due to stale CPUID
    - perf stat: Fix --no-scale
    - perf list: Don't forget to drop the reference to the allocated thread_map
    - perf tools: Fix errors under optimization level '-Og'
    - perf config: Fix an error in the config template documentation
    - perf config: Fix a memory leak in collect_config()
    - perf build-id: Fix memory leak in print_sdt_events()
    - perf top: Fix error handling in cmd_top()
    - perf hist: Add missing map__put() in error case
    - perf map: Remove map from 'names' tree in __maps__remove()
    - perf maps: Purge all maps from the 'names' tree
    - perf top: Fix global-buffer-overflow issue
    - perf evsel: Free evsel->counts in perf_evsel__exit()
    - perf tests: Fix a memory leak of cpu_map object in the
      openat_syscall_event_on_all_cpus test
    - perf tests: Fix memory leak by expr__find_other() in test__expr()
    - perf tests: Fix a memory leak in test__perf_evsel__tp_sched_test()
    - ACPI / utils: Drop reference in test for device presence
    - PM / Domains: Avoid a potential deadlock
    - blk-iolatency: #include "blk.h"
    - drm/exynos/mixer: fix MIXER shadow registry synchronisation code
    - irqchip/stm32: Don't clear rising/falling config registers at init
    - irqchip/stm32: Don't set rising configuration registers at init
    - irqchip/mbigen: Don't clear eventid when freeing an MSI
    - x86/hpet: Prevent potential NULL pointer dereference
    - x86/hyperv: Prevent potential NULL pointer dereference
    - x86/cpu/cyrix: Use correct macros for Cyrix calls on Geode processors
    - drm/nouveau/debugfs: Fix check of pm_runtime_get_sync failure
    - iommu/vt-d: Check capability before disabling protected memory
    - iommu/vt-d: Save the right domain ID used by hardware
    - x86/hw_breakpoints: Make default case in hw_breakpoint_arch_parse() return
      an error
    - cifs: fix that return -EINVAL when do dedupe operation
    - fix incorrect error code mapping for OBJECTID_NOT_FOUND
    - cifs: Fix slab-out-of-bounds when tracing SMB tcon
    - x86/gart: Exclude GART aperture from kcore
    - ext4: prohibit fstrim in norecovery mode
    - lkdtm: Print real addresses
    - lkdtm: Add tests for NULL pointer dereference
    - drm/amdgpu: psp_ring_destroy cause psp->km_ring.ring_mem NULL
    - drm/panel: panel-innolux: set display off in innolux_panel_unprepare
    - crypto: axis - fix for recursive locking from bottom half
    - Revert "ACPI / EC: Remove old CLEAR_ON_RESUME quirk"
    - coresight: cpu-debug: Support for CA73 CPUs
    - PCI: Blacklist power management of Gigabyte X299 DESIGNARE EX PCIe ports
    - PCI/ASPM: Save LTR Capability for suspend/resume
    - f2fs: sync filesystem after roll-forward recovery
    - drm/nouveau/volt/gf117: fix speedo readout register
    - platform/x86: intel_pmc_core: Quirk to ignore XTAL shutdown
    - ARM: 8839/1: kprobe: make patch_lock a raw_spinlock_t
    - drm/amdkfd: use init_mqd function to allocate object for hid_mqd (CI)
    - appletalk: Fix use-after-free in atalk_proc_exit
    - cifs: return -ENODATA when deleting an xattr that does not exist
    - lib/div64.c: off by one in shift
    - rxrpc: Fix client call connect/disconnect race
    - f2fs: fix to dirty inode for i_mode recovery
    - f2fs: fix to use kvfree instead of kzfree
    - f2fs: fix to add refcount once page is tagged PG_private
    - include/linux/swap.h: use offsetof() instead of custom __swapoffset macro
    - bpf: fix use after free in bpf_evict_inode
    - IB/hfi1: Failed to drain send queue when QP is put into error state
    - paride/pf: Fix potential NULL pointer dereference
    - paride/pcd: Fix potential NULL pointer dereference and mem leak
    - Linux 5.0.9
  * crashdump fails on HiSilicon D06 (LP: #1828868)
    - iommu/arm-smmu-v3: Don't disable SMMU in kdump kernel
  * Eletrical noise occurred when external headset enter powersaving mode on a
    DEll machine (LP: #1828798)
    - ALSA: hda/realtek - Fixup headphone noise via runtime suspend
  * [18.04/18.10] File libperf-jvmti.so is missing in linux-tools-common deb on
    Ubuntu (LP: #1761379)
    - [Packaging] Support building libperf-jvmti.so
  * ethtool identify command doesn't blink LED on Hi1620 NICs (LP: #1829306)
    - net: phy: marvell: add new default led configure for m88e151x
  * Add support to Comet Lake LPSS (LP: #1830175)
    - mfd: intel-lpss: Add Intel Comet Lake PCI IDs
  * Reduce NAPI weight in hns driver from 256 to 64 (LP: #1830587)
    - net: hns: Use NAPI_POLL_WEIGHT for hns driver

-- Connor Kuehl <connor.kuehl@canonical.com>  Tue, 02 Jul 2019 14:21:39 -0700

Changed in linux-kvm (Ubuntu Disco):
status:	Fix Committed → Fix Released

Launchpad Janitor (janitor) on 2019-07-23

Changed in linux-kvm (Ubuntu):
status:	In Progress → Fix Released

Revision history for this message

Launchpad Janitor (janitor) wrote on 2019-07-24:

#10

Download full text (30.5 KiB)

This bug was fixed in the package linux-kvm - 4.4.0-1052.59

---------------
linux-kvm (4.4.0-1052.59) xenial; urgency=medium

* linux-kvm: 4.4.0-1052.59 -proposed tracker (LP: #1834909)

* Xenial update: 4.4.180 upstream stable release (LP: #1830176)
- [Config]: enable CONFIG_SCHED_SMT

  * q-r-t security test wants SCHED_STACK_END_CHECK to be enabled in KVM kernels
    (LP: #1812159)
    - [Config]: enable SCHED_STACK_END_CHECK

[ Ubuntu: 4.4.0-155.182 ]

  * linux: 4.4.0-155.182 -proposed tracker (LP: #1834918)
  * Geneve tunnels don't work when ipv6 is disabled (LP: #1794232)
    - geneve: correctly handle ipv6.disable module parameter
  * Kernel modules generated incorrectly when system is localized to a non-
    English language (LP: #1828084)
    - scripts: override locale from environment when running recordmcount.pl
  * Handle overflow in proc_get_long of sysctl (LP: #1833935)
    - sysctl: handle overflow in proc_get_long
  * Xenial update: 4.4.181 upstream stable release (LP: #1832661)
    - x86/speculation/mds: Revert CPU buffer clear on double fault exit
    - x86/speculation/mds: Improve CPU buffer clear documentation
    - ARM: exynos: Fix a leaked reference by adding missing of_node_put
    - crypto: vmx - fix copy-paste error in CTR mode
    - crypto: crct10dif-generic - fix use via crypto_shash_digest()
    - crypto: x86/crct10dif-pcl - fix use via crypto_shash_digest()
    - ALSA: usb-audio: Fix a memory leak bug
    - ALSA: hda/hdmi - Consider eld_valid when reporting jack event
    - ALSA: hda/realtek - EAPD turn on later
    - ASoC: max98090: Fix restore of DAPM Muxes
    - ASoC: RT5677-SPI: Disable 16Bit SPI Transfers
    - mm/mincore.c: make mincore() more conservative
    - ocfs2: fix ocfs2 read inode data panic in ocfs2_iget
    - mfd: da9063: Fix OTP control register names to match datasheets for
      DA9063/63L
    - tty/vt: fix write/write race in ioctl(KDSKBSENT) handler
    - ext4: actually request zeroing of inode table after grow
    - ext4: fix ext4_show_options for file systems w/o journal
    - Btrfs: do not start a transaction at iterate_extent_inodes()
    - bcache: fix a race between cache register and cacheset unregister
    - bcache: never set KEY_PTRS of journal key to 0 in journal_reclaim()
    - ipmi:ssif: compare block number correctly for multi-part return messages
    - crypto: gcm - Fix error return code in crypto_gcm_create_common()
    - crypto: gcm - fix incompatibility between "gcm" and "gcm_base"
    - crypto: chacha20poly1305 - set cra_name correctly
    - crypto: salsa20 - don't access already-freed walk.iv
    - crypto: arm/aes-neonbs - don't access already-freed walk.iv
    - writeback: synchronize sync(2) against cgroup writeback membership switches
    - fs/writeback.c: use rcu_barrier() to wait for inflight wb switches going
      into workqueue when umount
    - ALSA: hda/realtek - Fix for Lenovo B50-70 inverted internal microphone bug
    - KVM: x86: Skip EFER vs. guest CPUID checks for host-initiated writes
    - net: avoid weird emergency message
    - net/mlx4_core: Change the error print to info print
    - ppp: deflate: Fix possible crash in deflate_init
    - tipc:...

This bug was fixed in the package linux-kvm - 4.4.0-1052.59

---------------
linux-kvm (4.4.0-1052.59) xenial; urgency=medium

* linux-kvm: 4.4.0-1052.59 -proposed tracker (LP: #1834909)

* Xenial update: 4.4.180 upstream stable release (LP: #1830176)
    - [Config]: enable CONFIG_SCHED_SMT

* q-r-t security test wants SCHED_STACK_END_CHECK to be enabled in KVM kernels
    (LP: #1812159)
    - [Config]: enable SCHED_STACK_END_CHECK

[ Ubuntu: 4.4.0-155.182 ]

* linux: 4.4.0-155.182 -proposed tracker (LP: #1834918)
  * Geneve tunnels don't work when ipv6 is disabled (LP: #1794232)
    - geneve: correctly handle ipv6.disable module parameter
  * Kernel modules generated incorrectly when system is localized to a non-
    English language (LP: #1828084)
    - scripts: override locale from environment when running recordmcount.pl
  * Handle overflow in proc_get_long of sysctl (LP: #1833935)
    - sysctl: handle overflow in proc_get_long
  * Xenial update: 4.4.181 upstream stable release (LP: #1832661)
    - x86/speculation/mds: Revert CPU buffer clear on double fault exit
    - x86/speculation/mds: Improve CPU buffer clear documentation
    - ARM: exynos: Fix a leaked reference by adding missing of_node_put
    - crypto: vmx - fix copy-paste error in CTR mode
    - crypto: crct10dif-generic - fix use via crypto_shash_digest()
    - crypto: x86/crct10dif-pcl - fix use via crypto_shash_digest()
    - ALSA: usb-audio: Fix a memory leak bug
    - ALSA: hda/hdmi - Consider eld_valid when reporting jack event
    - ALSA: hda/realtek - EAPD turn on later
    - ASoC: max98090: Fix restore of DAPM Muxes
    - ASoC: RT5677-SPI: Disable 16Bit SPI Transfers
    - mm/mincore.c: make mincore() more conservative
    - ocfs2: fix ocfs2 read inode data panic in ocfs2_iget
    - mfd: da9063: Fix OTP control register names to match datasheets for
      DA9063/63L
    - tty/vt: fix write/write race in ioctl(KDSKBSENT) handler
    - ext4: actually request zeroing of inode table after grow
    - ext4: fix ext4_show_options for file systems w/o journal
    - Btrfs: do not start a transaction at iterate_extent_inodes()
    - bcache: fix a race between cache register and cacheset unregister
    - bcache: never set KEY_PTRS of journal key to 0 in journal_reclaim()
    - ipmi:ssif: compare block number correctly for multi-part return messages
    - crypto: gcm - Fix error return code in crypto_gcm_create_common()
    - crypto: gcm - fix incompatibility between "gcm" and "gcm_base"
    - crypto: chacha20poly1305 - set cra_name correctly
    - crypto: salsa20 - don't access already-freed walk.iv
    - crypto: arm/aes-neonbs - don't access already-freed walk.iv
    - writeback: synchronize sync(2) against cgroup writeback membership switches
    - fs/writeback.c: use rcu_barrier() to wait for inflight wb switches going
      into workqueue when umount
    - ALSA: hda/realtek - Fix for Lenovo B50-70 inverted internal microphone bug
    - KVM: x86: Skip EFER vs. guest CPUID checks for host-initiated writes
    - net: avoid weird emergency message
    - net/mlx4_core: Change the error print to info print
    - ppp: deflate: Fix possible crash in deflate_init
    - tipc: switch order of device registration to fix a crash
    - tipc: fix modprobe tipc failed after switch order of device registration
    - stm class: Fix channel free in stm output free path
    - md: add mddev->pers to avoid potential NULL pointer dereference
    - intel_th: msu: Fix single mode with IOMMU
    - of: fix clang -Wunsequenced for be32_to_cpu()
    - cifs: fix strcat buffer overflow and reduce raciness in
      smb21_set_oplock_level()
    - media: ov6650: Fix sensor possibly not detected on probe
    - NFS4: Fix v4.0 client state corruption when mount
    - clk: tegra: Fix PLLM programming on Tegra124+ when PMC overrides divider
    - fuse: fix writepages on 32bit
    - fuse: honor RLIMIT_FSIZE in fuse_file_fallocate
    - iommu/tegra-smmu: Fix invalid ASID bits on Tegra30/114
    - ceph: flush dirty inodes before proceeding with remount
    - tracing: Fix partial reading of trace event's id file
    - memory: tegra: Fix integer overflow on tick value calculation
    - perf intel-pt: Fix instructions sampling rate
    - perf intel-pt: Fix improved sample timestamp
    - perf intel-pt: Fix sample timestamp wrt non-taken branches
    - fbdev: sm712fb: fix brightness control on reboot, don't set SR30
    - fbdev: sm712fb: fix VRAM detection, don't set SR70/71/74/75
    - fbdev: sm712fb: fix white screen of death on reboot, don't set CR3B-CR3F
    - fbdev: sm712fb: fix boot screen glitch when sm712fb replaces VGA
    - fbdev: sm712fb: fix crashes during framebuffer writes by correctly mapping
      VRAM
    - fbdev: sm712fb: fix support for 1024x768-16 mode
    - fbdev: sm712fb: use 1024x768 by default on non-MIPS, fix garbled display
    - fbdev: sm712fb: fix crashes and garbled display during DPMS modesetting
    - PCI: Mark Atheros AR9462 to avoid bus reset
    - dm delay: fix a crash when invalid device is specified
    - xfrm: policy: Fix out-of-bound array accesses in __xfrm_policy_unlink
    - xfrm6_tunnel: Fix potential panic when unloading xfrm6_tunnel module
    - vti4: ipip tunnel deregistration fixes.
    - xfrm4: Fix uninitialized memory read in _decode_session4
    - KVM: arm/arm64: Ensure vcpu target is unset on reset failure
    - power: supply: sysfs: prevent endless uevent loop with
      CONFIG_POWER_SUPPLY_DEBUG
    - ufs: fix braino in ufs_get_inode_gid() for solaris UFS flavour
    - perf bench numa: Add define for RUSAGE_THREAD if not present
    - Revert "Don't jump to compute_result state from check_result state"
    - md/raid: raid5 preserve the writeback action after the parity check
    - btrfs: Honour FITRIM range constraints during free space trim
    - fbdev: sm712fb: fix memory frequency by avoiding a switch/case fallthrough
    - ext4: do not delete unlinked inode from orphan list on failed truncate
    - KVM: x86: fix return value for reserved EFER
    - bio: fix improper use of smp_mb__before_atomic()
    - Revert "scsi: sd: Keep disk read-only when re-reading partition"
    - crypto: vmx - CTR: always increment IV as quadword
    - gfs2: Fix sign extension bug in gfs2_update_stats
    - Btrfs: fix race between ranged fsync and writeback of adjacent ranges
    - btrfs: sysfs: don't leak memory when failing add fsid
    - fbdev: fix divide error in fb_var_to_videomode
    - hugetlb: use same fault hash key for shared and private mappings
    - fbdev: fix WARNING in __alloc_pages_nodemask bug
    - media: cpia2: Fix use-after-free in cpia2_exit
    - media: vivid: use vfree() instead of kfree() for dev->bitmap_cap
    - ssb: Fix possible NULL pointer dereference in ssb_host_pcmcia_exit
    - at76c50x-usb: Don't register led_trigger if usb_register_driver failed
    - perf tools: No need to include bitops.h in util.h
    - gfs2: Fix lru_count going negative
    - cxgb4: Fix error path in cxgb4_init_module
    - mmc: core: Verify SD bus width
    - powerpc/boot: Fix missing check of lseek() return value
    - ASoC: imx: fix fiq dependencies
    - spi: pxa2xx: fix SCR (divisor) calculation
    - brcm80211: potential NULL dereference in
      brcmf_cfg80211_vndr_cmds_dcmd_handler()
    - rtc: 88pm860x: prevent use-after-free on device remove
    - w1: fix the resume command API
    - dmaengine: pl330: _stop: clear interrupt status
    - mac80211/cfg80211: update bss channel on channel switch
    - ASoC: fsl_sai: Update is_slave_mode with correct value
    - mwifiex: prevent an array overflow
    - net: cw1200: fix a NULL pointer dereference
    - bcache: return error immediately in bch_journal_replay()
    - bcache: fix failure in journal relplay
    - bcache: add failure check to run_cache_set() for journal replay
    - bcache: avoid clang -Wunintialized warning
    - x86/build: Move _etext to actual end of .text
    - smpboot: Place the __percpu annotation correctly
    - x86/mm: Remove in_nmi() warning from 64-bit implementation of
      vmalloc_fault()
    - mm/uaccess: Use 'unsigned long' to placate UBSAN warnings on older GCC
      versions
    - HID: logitech-hidpp: use RAP instead of FAP to get the protocol version
    - pinctrl: pistachio: fix leaked of_node references
    - dmaengine: at_xdmac: remove BUG_ON macro in tasklet
    - media: coda: clear error return value before picture run
    - media: ov6650: Move v4l2_clk_get() to ov6650_video_probe() helper
    - media: au0828: stop video streaming only when last user stops
    - media: ov2659: make S_FMT succeed even if requested format doesn't match
    - audit: fix a memory leak bug
    - media: au0828: Fix NULL pointer dereference in au0828_analog_stream_enable()
    - media: pvrusb2: Prevent a buffer overflow
    - powerpc/numa: improve control of topology updates
    - sched/core: Check quota and period overflow at usec to nsec conversion
    - sched/core: Handle overflow in cpu_shares_write_u64
    - USB: core: Don't unbind interfaces following device reset failure
    - x86/irq/64: Limit IST stack overflow check to #DB stack
    - i40e: don't allow changes to HW VLAN stripping on active port VLANs
    - RDMA/cxgb4: Fix null pointer dereference on alloc_skb failure
    - hwmon: (vt1211) Use request_muxed_region for Super-IO accesses
    - hwmon: (smsc47m1) Use request_muxed_region for Super-IO accesses
    - hwmon: (smsc47b397) Use request_muxed_region for Super-IO accesses
    - hwmon: (pc87427) Use request_muxed_region for Super-IO accesses
    - hwmon: (f71805f) Use request_muxed_region for Super-IO accesses
    - scsi: libsas: Do discovery on empty PHY to update PHY info
    - mmc_spi: add a status check for spi_sync_locked
    - mmc: sdhci-of-esdhc: add erratum eSDHC5 support
    - mmc: sdhci-of-esdhc: add erratum eSDHC-A001 and A-008358 support
    - PM / core: Propagate dev->power.wakeup_path when no callbacks
    - extcon: arizona: Disable mic detect if running when driver is removed
    - s390: cio: fix cio_irb declaration
    - cpufreq: ppc_cbe: fix possible object reference leak
    - cpufreq/pasemi: fix possible object reference leak
    - cpufreq: pmac32: fix possible object reference leak
    - x86/build: Keep local relocations with ld.lld
    - iio: ad_sigma_delta: Properly handle SPI bus locking vs CS assertion
    - iio: hmc5843: fix potential NULL pointer dereferences
    - iio: common: ssp_sensors: Initialize calculated_time in
      ssp_common_process_data
    - rtlwifi: fix a potential NULL pointer dereference
    - brcmfmac: fix missing checks for kmemdup
    - b43: shut up clang -Wuninitialized variable warning
    - brcmfmac: convert dev_init_lock mutex to completion
    - brcmfmac: fix race during disconnect when USB completion is in progress
    - scsi: ufs: Fix regulator load and icc-level configuration
    - scsi: ufs: Avoid configuring regulator with undefined voltage range
    - arm64: cpu_ops: fix a leaked reference by adding missing of_node_put
    - x86/ia32: Fix ia32_restore_sigcontext() AC leak
    - chardev: add additional check for minor range overlap
    - HID: core: move Usage Page concatenation to Main item
    - ASoC: eukrea-tlv320: fix a leaked reference by adding missing of_node_put
    - ASoC: fsl_utils: fix a leaked reference by adding missing of_node_put
    - cxgb3/l2t: Fix undefined behaviour
    - spi: tegra114: reset controller on probe
    - media: wl128x: prevent two potential buffer overflows
    - virtio_console: initialize vtermno value for ports
    - tty: ipwireless: fix missing checks for ioremap
    - rcutorture: Fix cleanup path for invalid torture_type strings
    - usb: core: Add PM runtime calls to usb_hcd_platform_shutdown
    - scsi: qla4xxx: avoid freeing unallocated dma memory
    - media: m88ds3103: serialize reset messages in m88ds3103_set_frontend
    - media: go7007: avoid clang frame overflow warning with KASAN
    - media: saa7146: avoid high stack usage with clang
    - scsi: lpfc: Fix SLI3 commands being issued on SLI4 devices
    - spi : spi-topcliff-pch: Fix to handle empty DMA buffers
    - spi: rspi: Fix sequencer reset during initialization
    - spi: Fix zero length xfer bug
    - ASoC: davinci-mcasp: Fix clang warning without CONFIG_PM
    - ipv6: Consider sk_bound_dev_if when binding a raw socket to an address
    - llc: fix skb leak in llc_build_and_send_ui_pkt()
    - net-gro: fix use-after-free read in napi_gro_frags()
    - net: stmmac: fix reset gpio free missing
    - usbnet: fix kernel crash after disconnect
    - tipc: Avoid copying bytes beyond the supplied data
    - bnxt_en: Fix aggregation buffer leak under OOM condition.
    - net: mvpp2: fix bad MVPP2_TXQ_SCHED_TOKEN_CNTR_REG queue value
    - crypto: vmx - ghash: do nosimd fallback manually
    - xen/pciback: Don't disable PCI_COMMAND on PCI device reset.
    - Revert "tipc: fix modprobe tipc failed after switch order of device
      registration"
    - tipc: fix modprobe tipc failed after switch order of device registration -v2
    - sparc64: Fix regression in non-hypervisor TLB flush xcall
    - include/linux/bitops.h: sanitize rotate primitives
    - xhci: Convert xhci_handshake() to use readl_poll_timeout_atomic()
    - usb: xhci: avoid null pointer deref when bos field is NULL
    - USB: Fix slab-out-of-bounds write in usb_get_bos_descriptor
    - USB: sisusbvga: fix oops in error path of sisusb_probe
    - USB: Add LPM quirk for Surface Dock GigE adapter
    - USB: rio500: refuse more than one device at a time
    - USB: rio500: fix memory leak in close after disconnect
    - media: usb: siano: Fix general protection fault in smsusb
    - media: usb: siano: Fix false-positive "uninitialized variable" warning
    - media: smsusb: better handle optional alignment
    - scsi: zfcp: fix missing zfcp_port reference put on -EBUSY from port_remove
    - scsi: zfcp: fix to prevent port_remove with pure auto scan LUNs (only sdevs)
    - Btrfs: fix race updating log root item during fsync
    - ALSA: hda/realtek - Set default power save node to 0
    - drm/nouveau/i2c: Disable i2c bus access after ->fini()
    - tty: serial: msm_serial: Fix XON/XOFF
    - tty: max310x: Fix external crystal register setup
    - memcg: make it work on sparse non-0-node systems
    - kernel/signal.c: trace_signal_deliver when signal_group_exit
    - CIFS: cifs_read_allocate_pages: don't iterate through whole page array on
      ENOMEM
    - binder: Replace "%p" with "%pK" for stable
    - binder: replace "%p" with "%pK"
    - brcmfmac: Add length checks on firmware events
    - brcmfmac: screening firmware event packet
    - brcmfmac: revise handling events in receive path
    - brcmfmac: fix incorrect event channel deduction
    - brcmfmac: add length checks in scheduled scan result handler
    - brcmfmac: add subtype check for event handling in data path
    - userfaultfd: don't pin the user memory in userfaultfd_file_create()
    - Revert "x86/build: Move _etext to actual end of .text"
    - net: cdc_ncm: GetNtbFormat endian fix
    - usb: gadget: fix request length error for isoc transfer
    - media: uvcvideo: Fix uvc_alloc_entity() allocation alignment
    - ethtool: fix potential userspace buffer overflow
    - neighbor: Call __ipv4_neigh_lookup_noref in neigh_xmit
    - net/mlx4_en: ethtool, Remove unsupported SFP EEPROM high pages query
    - net: rds: fix memory leak in rds_ib_flush_mr_pool
    - pktgen: do not sleep with the thread lock held.
    - rcu: locking and unlocking need to always be at least barriers
    - parisc: Use implicit space register selection for loading the coherence
      index of I/O pdirs
    - fuse: fallocate: fix return with locked inode
    - MIPS: pistachio: Build uImage.gz by default
    - genwqe: Prevent an integer overflow in the ioctl
    - drm/gma500/cdv: Check vbt config bits when detecting lvds panels
    - fs: stream_open - opener for stream-like files so that read and write can
      run simultaneously without deadlock
    - fuse: Add FOPEN_STREAM to use stream_open()
    - ipv4: Define __ipv4_neigh_lookup_noref when CONFIG_INET is disabled
    - ethtool: check the return value of get_regs_len
    - Linux 4.4.181
  * CVE-2019-2054
    - arm/ptrace: run seccomp after ptrace
  * CVE-2018-12126 // CVE-2018-12127 // CVE-2018-12130
    - x86/speculation: Remove redundant arch_smt_update() invocation
  * Revert x86/vdso linker changes from #1830890 as this causes glibc
    2.29-0ubuntu3 FTBFS on eoan (LP: #1834315)
    - Revert "x86/vdso: Pass --eh-frame-hdr to the linker"
    - Revert "x86: vdso: Use $LD instead of $CC to link"
  * [linux-azure] Block Layer Commits Requested in Azure Kernels (LP: #1834499)
    - bio_copy_from_iter(): get rid of copying iov_iter
    - block: Clear kernel memory before copying to user
    - block/bio: Do not zero user pages
  * CONFIG_LOG_BUF_SHIFT set to 14 is too low on arm64 (LP: #1824864)
    - [Config] CONFIG_LOG_BUF_SHIFT=18 on all 64bit arches
  * CVE-2019-11833
    - ext4: zero out the unused memory region in the extent tree block
  * idle-page oopses when accessing page frames that are out of range
    (LP: #1833410)
    - mm/page_idle.c: fix oops because end_pfn is larger than max_pfn
  * Performance degradation when copying from LVM snapshot backed by NVMe disk
    (LP: #1833319)
    - NVMe: Allow request merges
  * Bluetooth regressions with Xenial kernel 4.4.0-152.179 (LP: #1833698)
    - Revert "Bluetooth: Align minimum encryption key size for LE and BR/EDR
      connections"
  * 4.4.0-145-generic Kernel Panic  ip6_expire_frag_queue (LP: #1824687)
    - SAUCE: ipv6: frags: fix skb extraction in ip6_expire_frag_queue()
  * [Xenial] Customer can not SSH to Linux VM due to "VSC State Unhealthy"
    (LP: #1826416)
    - vmbus: fix missing signaling in hv_signal_on_read()
  * Xenial update: 4.4.180 upstream stable release (LP: #1830176)
    - kbuild: simplify ld-option implementation
    - KVM: fail KVM_SET_VCPU_EVENTS with invalid exception number
    - cifs: do not attempt cifs operation on smb2+ rename error
    - MIPS: scall64-o32: Fix indirect syscall number load
    - trace: Fix preempt_enable_no_resched() abuse
    - sched/numa: Fix a possible divide-by-zero
    - ceph: ensure d_name stability in ceph_dentry_hash()
    - ceph: fix ci->i_head_snapc leak
    - nfsd: Don't release the callback slot unless it was actually held
    - sunrpc: don't mark uninitialised items as VALID.
    - USB: Add new USB LPM helpers
    - USB: Consolidate LPM checks to avoid enabling LPM twice
    - powerpc/xmon: Add RFI flush related fields to paca dump
    - powerpc/64s: Improve RFI L1-D cache flush fallback
    - powerpc/64s: Fix section mismatch warnings from setup_rfi_flush()
    - Revert "UBUNTU: SAUCE: powerpc/64s: Add support for a store forwarding
      barrier at kernel entry/exit"
    - powerpc/64s: Add support for a store forwarding barrier at kernel entry/exit
    - powerpc/64s: Add barrier_nospec
    - powerpc/64s: Add support for ori barrier_nospec patching
    - powerpc/64s: Patch barrier_nospec in modules
    - powerpc/64s: Enable barrier_nospec based on firmware settings
    - powerpc/64: Use barrier_nospec in syscall entry
    - powerpc: Use barrier_nospec in copy_from_user()
    - powerpc/64s: Enhance the information in cpu_show_spectre_v1()
    - powerpc64s: Show ori31 availability in spectre_v1 sysfs file not v2
    - powerpc/64: Disable the speculation barrier from the command line
    - powerpc/64: Make stf barrier PPC_BOOK3S_64 specific.
    - powerpc/64: Add CONFIG_PPC_BARRIER_NOSPEC
    - powerpc/64: Call setup_barrier_nospec() from setup_arch()
    - powerpc/64: Make meltdown reporting Book3S 64 specific
    - powerpc/fsl: Add barrier_nospec implementation for NXP PowerPC Book3E
    - powerpc/asm: Add a patch_site macro & helpers for patching instructions
    - powerpc/64s: Add new security feature flags for count cache flush
    - powerpc/64s: Add support for software count cache flush
    - powerpc/pseries: Query hypervisor for count cache flush settings
    - powerpc/powernv: Query firmware for count cache flush settings
    - powerpc: Avoid code patching freed init sections
    - powerpc/fsl: Add infrastructure to fixup branch predictor flush
    - powerpc/fsl: Add macro to flush the branch predictor
    - powerpc/fsl: Fix spectre_v2 mitigations reporting
    - powerpc/fsl: Add nospectre_v2 command line argument
    - powerpc/fsl: Flush the branch predictor at each kernel entry (64bit)
    - powerpc/fsl: Update Spectre v2 reporting
    - powerpc/security: Fix spectre_v2 reporting
    - powerpc/fsl: Fix the flush of branch predictor.
    - tipc: handle the err returned from cmd header function
    - slip: make slhc_free() silently accept an error pointer
    - intel_th: gth: Fix an off-by-one in output unassigning
    - fs/proc/proc_sysctl.c: Fix a NULL pointer dereference
    - NFS: Forbid setting AF_INET6 to "struct sockaddr_in"->sin_family.
    - netfilter: ebtables: CONFIG_COMPAT: drop a bogus WARN_ON
    - tipc: check bearer name with right length in tipc_nl_compat_bearer_enable
    - tipc: check link name with right length in tipc_nl_compat_link_set
    - bpf: reject wrong sized filters earlier
    - Revert "block/loop: Use global lock for ioctl() operation."
    - ipv4: add sanity checks in ipv4_link_failure()
    - team: fix possible recursive locking when add slaves
    - net: stmmac: move stmmac_check_ether_addr() to driver probe
    - ipv4: set the tcp_min_rtt_wlen range from 0 to one day
    - powerpc/fsl: Enable runtime patching if nospectre_v2 boot arg is used
    - powerpc/fsl: Flush branch predictor when entering KVM
    - powerpc/fsl: Emulate SPRN_BUCSR register
    - powerpc/fsl: Flush the branch predictor at each kernel entry (32 bit)
    - powerpc/fsl: Sanitize the syscall table for NXP PowerPC 32 bit platforms
    - powerpc/fsl: Fixed warning: orphan section `__btb_flush_fixup'
    - powerpc/fsl: Add FSL_PPC_BOOK3E as supported arch for nospectre_v2 boot arg
    - Documentation: Add nospectre_v1 parameter
    - usbnet: ipheth: prevent TX queue timeouts when device not ready
    - usbnet: ipheth: fix potential null pointer dereference in ipheth_carrier_set
    - qlcnic: Avoid potential NULL pointer dereference
    - netfilter: bridge: set skb transport_header before entering
      NF_INET_PRE_ROUTING
    - sc16is7xx: missing unregister/delete driver on error in sc16is7xx_init()
    - usb: gadget: net2280: Fix overrun of OUT messages
    - usb: gadget: net2280: Fix net2280_dequeue()
    - usb: gadget: net2272: Fix net2272_dequeue()
    - ARM: dts: pfla02: increase phy reset duration
    - net: ks8851: Dequeue RX packets explicitly
    - net: ks8851: Reassert reset pin if chip ID check fails
    - net: ks8851: Delay requesting IRQ until opened
    - net: ks8851: Set initial carrier state to down
    - net: xilinx: fix possible object reference leak
    - net: ibm: fix possible object reference leak
    - net: ethernet: ti: fix possible object reference leak
    - scsi: qla4xxx: fix a potential NULL pointer dereference
    - usb: u132-hcd: fix resource leak
    - ceph: fix use-after-free on symlink traversal
    - scsi: zfcp: reduce flood of fcrscn1 trace records on multi-element RSCN
    - libata: fix using DMA buffers on stack
    - kconfig/[mn]conf: handle backspace (^H) key
    - ALSA: line6: use dynamic buffers
    - ipv4: ip_do_fragment: Preserve skb_iif during fragmentation
    - ipv6/flowlabel: wait rcu grace period before put_pid()
    - ipv6: invert flowlabel sharing check in process and user mode
    - bnxt_en: Improve multicast address setup logic.
    - packet: validate msg_namelen in send directly
    - USB: yurex: Fix protection fault after device removal
    - USB: w1 ds2490: Fix bug caused by improper use of altsetting array
    - USB: core: Fix unterminated string returned by usb_string()
    - USB: core: Fix bug caused by duplicate interface PM usage counter
    - HID: debug: fix race condition with between rdesc_show() and device removal
    - rtc: sh: Fix invalid alarm warning for non-enabled alarm
    - bonding: show full hw address in sysfs for slave entries
    - jffs2: fix use-after-free on symlink traversal
    - debugfs: fix use-after-free on symlink traversal
    - rtc: da9063: set uie_unsupported when relevant
    - vfio/pci: use correct format characters
    - scsi: storvsc: Fix calculation of sub-channel count
    - net: hns: Use NAPI_POLL_WEIGHT for hns driver
    - net: hns: Fix WARNING when remove HNS driver with SMMU enabled
    - hugetlbfs: fix memory leak for resv_map
    - xsysace: Fix error handling in ace_setup
    - ARM: orion: don't use using 64-bit DMA masks
    - ARM: iop: don't use using 64-bit DMA masks
    - usb: usbip: fix isoc packet num validation in get_pipe
    - staging: iio: adt7316: allow adt751x to use internal vref for all dacs
    - staging: iio: adt7316: fix the dac read calculation
    - staging: iio: adt7316: fix the dac write calculation
    - Input: snvs_pwrkey - initialize necessary driver data before enabling IRQ
    - selinux: never allow relabeling on context mounts
    - x86/mce: Improve error message when kernel cannot recover, p2
    - media: v4l2: i2c: ov7670: Fix PLL bypass register values
    - scsi: libsas: fix a race condition when smp task timeout
    - ASoC:soc-pcm:fix a codec fixup issue in TDM case
    - ASoC: cs4270: Set auto-increment bit for register writes
    - ASoC: tlv320aic32x4: Fix Common Pins
    - perf/x86/intel: Fix handling of wakeup_events for multi-entry PEBS
    - scsi: csiostor: fix missing data copy in csio_scsi_err_handler()
    - iommu/amd: Set exclusion range correctly
    - genirq: Prevent use-after-free and work list corruption
    - usb: dwc3: Fix default lpm_nyet_threshold value
    - scsi: qla2xxx: Fix incorrect region-size setting in optrom SYSFS routines
    - Bluetooth: hidp: fix buffer overflow
    - Bluetooth: Align minimum encryption key size for LE and BR/EDR connections
    - UAS: fix alignment of scatter/gather segments
    - ipv6: fix a potential deadlock in do_ipv6_setsockopt()
    - ASoC: Intel: avoid Oops if DMA setup fails
    - timer/debug: Change /proc/timer_stats from 0644 to 0600
    - netfilter: compat: initialize all fields in xt_init
    - platform/x86: sony-laptop: Fix unintentional fall-through
    - iio: adc: xilinx: fix potential use-after-free on remove
    - HID: input: add mapping for Expose/Overview key
    - HID: input: add mapping for keyboard Brightness Up/Down/Toggle keys
    - libnvdimm/btt: Fix a kmemdup failure check
    - s390/dasd: Fix capacity calculation for large volumes
    - s390/3270: fix lockdep false positive on view->lock
    - KVM: x86: avoid misreporting level-triggered irqs as edge-triggered in
      tracing
    - tools lib traceevent: Fix missing equality check for strcmp
    - init: initialize jump labels before command line option parsing
    - ipvs: do not schedule icmp errors from tunnels
    - s390: ctcm: fix ctcm_new_device error return code
    - gpu: ipu-v3: dp: fix CSC handling
    - cw1200: fix missing unlock on error in cw1200_hw_scan()
    - Don't jump to compute_result state from check_result state
    - x86/microcode/intel: Add a helper which gives the microcode revision
    - x86: stop exporting msr-index.h to userland
    - x86/microcode/intel: Check microcode revision before updating sibling
      threads
    - x86/MCE: Save microcode revision in machine check records
    - x86/bugs: Add AMD's variant of SSB_NO
    - x86/bugs: Add AMD's SPEC_CTRL MSR usage
    - x86/bugs: Switch the selection of mitigation from CPU vendor to CPU features
    - x86/bugs: Fix the AMD SSBD usage of the SPEC_CTRL MSR
    - x86/microcode: Make sure boot_cpu_data.microcode is up-to-date
    - x86/microcode: Update the new microcode revision unconditionally
    - x86/mm: Use WRITE_ONCE() when setting PTEs
    - x86/speculation: Apply IBPB more strictly to avoid cross-process data leak
    - x86/speculation: Enable cross-hyperthread spectre v2 STIBP mitigation
    - x86/speculation: Propagate information about RSB filling mitigation to sysfs
    - x86/speculation: Update the TIF_SSBD comment
    - x86/speculation: Clean up spectre_v2_parse_cmdline()
    - x86/speculation: Move STIPB/IBPB string conditionals out of
      cpu_show_common()
    - x86/speculation: Disable STIBP when enhanced IBRS is in use
    - x86/speculation: Rename SSBD update functions
    - x86/speculation: Reorganize speculation control MSRs update
    - x86/Kconfig: Select SCHED_SMT if SMP enabled
    - x86/speculation: Mark string arrays const correctly
    - x86/speculataion: Mark command line parser data __initdata
    - x86/speculation: Add command line control for indirect branch speculation
    - x86/speculation: Prepare for per task indirect branch speculation control
    - x86/process: Consolidate and simplify switch_to_xtra() code
    - x86/speculation: Avoid __switch_to_xtra() calls
    - x86/speculation: Prepare for conditional IBPB in switch_mm()
    - x86/speculation: Split out TIF update
    - x86/speculation: Prepare arch_smt_update() for PRCTL mode
    - x86/speculation: Prevent stale SPEC_CTRL msr content
    - x86/speculation: Add prctl() control for indirect branch speculation
    - x86/speculation: Enable prctl mode for spectre_v2_user
    - x86/speculation: Add seccomp Spectre v2 user space protection mode
    - x86/speculation: Provide IBPB always command line options
    - x86/cpu/bugs: Use __initconst for 'const' init data
    - USB: serial: use variable for status
    - USB: serial: fix unthrottle races
    - bridge: Fix error path for kobject_init_and_add()
    - net: ucc_geth - fix Oops when changing number of buffers in the ring
    - packet: Fix error path in packet_init
    - vlan: disable SIOCSHWTSTAMP in container
    - vrf: sit mtu should not be updated when vrf netdev is the link
    - ipv4: Fix raw socket lookup for local traffic
    - bonding: fix arp_validate toggling in active-backup mode
    - drivers/virt/fsl_hypervisor.c: dereferencing error pointers in ioctl
    - drivers/virt/fsl_hypervisor.c: prevent integer overflow in ioctl
    - powerpc/booke64: set RI in default MSR
    - powerpc/lib: fix book3s/32 boot failure due to code patching
    - Linux 4.4.180
    - SAUCE: Clarify IBRS/IBPB runtime state change messages
    - SAUCE: x86/speculation: Move STIBP hunks
    - SAUCE: powerpc/speculation: Support 'mitigations=' cmdline option
    - SAUCE: x86/speculation: Update 'mitigations=' documentation
    - SAUCE: Show 'pti' instead of 'kaiser' in /proc/cpuinfo
    - SAUCE: perf/bench: Drop definition of BIT in numa.c
    - SAUCE: x86/speculation: Fix SSB command line documentation
  * CVE-2018-12126 // CVE-2018-12127 // CVE-2018-12130 // CVE-2019-11091
    - SAUCE: Synchronize MDS mitigations with upstream
    - Documentation: Correct the possible MDS sysfs values
    - x86/speculation/mds: Fix documentation typo
  * CVE-2019-11091
    - x86/mds: Add MDSUM variant to the MDS documentation

-- Andrea Righi <andrea.righi@canonical.com>  Thu, 04 Jul 2019 10:47:32 +0200

Changed in linux-kvm (Ubuntu Xenial):
status:	Fix Committed → Fix Released

Po-Hsu Lin (cypressyew) on 2021-03-12

Changed in linux-kvm (Ubuntu Cosmic):
status:	Fix Committed → Won't Fix

Ubuntu
linux-kvm package

q-r-t security test wants SCHED_STACK_END_CHECK to be enabled in KVM kernels

Bug Description

CVE References

Other bug subscribers

Bug attachments

Remote bug watches

	Status	Importance	Assigned to
ubuntu-kernel-tests	Fix Released	Undecided	Po-Hsu Lin
linux-kvm (Ubuntu)	Fix Released	Undecided	Po-Hsu Lin
Xenial	Fix Released	Undecided	Po-Hsu Lin
Bionic	Fix Released	Undecided	Po-Hsu Lin
Cosmic	Won't Fix	Undecided	Po-Hsu Lin
Disco	Fix Released	Undecided	Po-Hsu Lin

Ubuntulinux-kvm package

q-r-t security test wants SCHED_STACK_END_CHECK to be enabled in KVM kernels

Bug Description

CVE References

Other bug subscribers

Bug attachments

Remote bug watches

Ubuntu
linux-kvm package