From 561dac67f343002dbd74b3ff796d0d1edbe6b718 Mon Sep 17 00:00:00 2001 From: Ben Hutchings Date: Wed, 21 Nov 2018 19:15:00 +0000 Subject: [PATCH] Update to 4.18.20 * Drop patches applied upstream * Refresh "arm64: add kernel config option to lock down when in Secure Boot mode" --- debian/changelog | 796 +++++++++++++++++- ...er-type-cast-which-can-leat-to-infor.patch | 34 - ...-flush-TLB-before-releasing-the-page.patch | 175 ---- ...le-swiotlb-for-4GiG-RAM-on-32-bit-ke.patch | 50 -- ...rnel-config-option-to-lock-down-when.patch | 14 +- debian/patches/series | 3 - 6 files changed, 802 insertions(+), 270 deletions(-) delete mode 100644 debian/patches/bugfix/all/cdrom-fix-improper-type-cast-which-can-leat-to-infor.patch delete mode 100644 debian/patches/bugfix/all/mremap-properly-flush-TLB-before-releasing-the-page.patch delete mode 100644 debian/patches/bugfix/x86/x86-swiotlb-Enable-swiotlb-for-4GiG-RAM-on-32-bit-ke.patch diff --git a/debian/changelog b/debian/changelog index 717f8c53b..99cdd7295 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,4 +1,4 @@ -linux (4.18.14-1) UNRELEASED; urgency=medium +linux (4.18.20-1) UNRELEASED; urgency=medium * New upstream stable update: https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.18.11 @@ -426,6 +426,800 @@ linux (4.18.14-1) UNRELEASED; urgency=medium - ubifs: Check for name being NULL while mounting - rds: rds_ib_recv_alloc_cache() should call alloc_percpu_gfp() instead - ath10k: fix scan crash due to incorrect length calculation + https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.18.15 + - bnxt_en: Fix TX timeout during netpoll. + - bnxt_en: free hwrm resources, if driver probe fails. + - bonding: avoid possible dead-lock + - ip6_tunnel: be careful when accessing the inner header + - ip_tunnel: be careful when accessing the inner header + - ipv4: fix use-after-free in ip_cmsg_recv_dstaddr() + - ipv6: take rcu lock in rawv6_send_hdrinc() + - [armhf] net: dsa: bcm_sf2: Call setup during switch resume + - [arm64] net: hns: fix for unmapping problem when SMMU is on + - net: ipv4: update fnhe_pmtu when first hop's MTU changes + - net/ipv6: Display all addresses in output of /proc/net/if_inet6 + - netlabel: check for IPV4MASK in addrinfo_get + - [armhf,arm64] net: mvpp2: Extract the correct ethtype from the skb for + tx csum offload + - [armhf,arm64] net: mvpp2: fix a txq_done race condition + - net: sched: Add policy validation for tc attributes + - net: sched: cls_u32: fix hnode refcounting + - net/usb: cancel pending work when unbinding smsc75xx + - qlcnic: fix Tx descriptor corruption on 82xx devices + - qmi_wwan: Added support for Gemalto's Cinterion ALASxx WWAN interface + - rtnetlink: fix rtnl_fdb_dump() for ndmsg header + - rtnl: limit IFLA_NUM_TX_QUEUES and IFLA_NUM_RX_QUEUES to 4096 + - sctp: update dst pmtu with the correct daddr + - team: Forbid enslaving team device to itself + - tipc: fix flow control accounting for implicit connect + - udp: Unbreak modules that rely on external __skb_recv_udp() availability + - tun: remove unused parameters + - tun: initialize napi_mutex unconditionally + - tun: napi flags belong to tfile + - [armhf,arm64] net: stmmac: Fixup the tail addr setting in xmit path + - net/packet: fix packet drop as of virtio gso + - [armhf] net: dsa: bcm_sf2: Fix unbind ordering + - net/mlx5e: Set vlan masks for all offloaded TC rules + - net: aquantia: memory corruption on jumbo frames + - net/mlx5: E-Switch, Fix out of bound access when setting vport rate + - bonding: pass link-local packets to bonding master also. + - bonding: fix warning message + - [armhf,arm64] net: stmmac: Rework coalesce timer and fix multi-queue + races + - nfp: avoid soft lockups under control message storm + - bnxt_en: don't try to offload VLAN 'modify' action + - net-ethtool: ETHTOOL_GUFO did not and should not require CAP_NET_ADMIN + - net: phy: phylink: fix SFP interface autodetection + - sfp: fix oops with ethtool -m + - tcp/dccp: fix lockdep issue when SYN is backlogged + - inet: make sure to grab rcu_read_lock before using ireq->ireq_opt + - [armhf] net: dsa: b53: Keep CPU port as tagged in all VLANs + - rtnetlink: Fail dump if target netnsid is invalid + - bnxt_en: Fix VNIC reservations on the PF. + - net: ipv4: don't let PMTU updates increase route MTU + - net/mlx5: Check for SQ and not RQ state when modifying hairpin SQ + - bnxt_en: Fix enables field in HWRM_QUEUE_COS2BW_CFG request + - bnxt_en: get the reduced max_irqs by the ones used by RDMA + - net/ipv6: Remove extra call to ip6_convert_metrics for multipath case + - net/ipv6: stop leaking percpu memory in fib6 info + - qed: Fix shmem structure inconsistency between driver and the mfw. + - r8169: fix network stalls due to missing bit TXCFG_AUTO_FIFO + - r8169: set RX_MULTI_EN bit in RxConfig for 8168F-family chips + - vxlan: fill ttl inherit info + - ASoC: dapm: Fix NULL pointer deference on CODEC to CODEC DAIs + - hwmon: (nct6775) Fix access to fan pulse registers + - [x86] ASoC: AMD: Ensure reset bit is cleared before configuring + - Bluetooth: SMP: Fix trying to use non-existent local OOB data + - Bluetooth: Use correct tfm to generate OOB data + - Bluetooth: hci_ldisc: Free rw_semaphore on close + - [armhf] mfd: omap-usb-host: Fix dts probe of children + - [powerpc*] KVM: Book3S HV: Don't use compound_order to determine host + mapping size + - scsi: iscsi: target: Don't use stack buffer for scatterlist + - scsi: qla2xxx: Fix an endian bug in fcpcmd_is_corrupted() + - sound: enable interrupt after dma buffer initialization + - sound: don't call skl_init_chip() to reset intel skl soc + - bpf: btf: Fix end boundary calculation for type section + - bpf: use __GFP_COMP while allocating page + - hwmon: (nct6775) Fix virtual temperature sources for NCT6796D + - hwmon: (nct6775) Fix RPM output for fan7 on NCT6796D + - [armhf,arm64] stmmac: fix valid numbers of unicast filter entries + - hwmon: (nct6775) Use different register to get fan RPM for fan7 + - [x86] PCI: hv: support reporting serial number as slot information + - [x86] clk: add "ether_clk" alias for Bay Trail / Cherry Trail + - [x86] clk: Stop marking clocks as CLK_IS_CRITICAL + - [x86] pinctrl: cannonlake: Fix gpio base for GPP-E + - [x86] kvm/lapic: always disable MMIO interface in x2APIC mode + - drm/amdgpu: Fix SDMA HQD destroy error on gfx_v7 + - drm/amdkfd: Change the control stack MTYPE from UC to NC on GFX9 + - drm/amdkfd: Fix ATS capablity was not reported correctly on some APUs + - mm/vmstat.c: fix outdated vmstat_text + - afs: Fix afs_server struct leak + - afs: Fix clearance of reply + - [mips*] Fix CONFIG_CMDLINE handling + - [mips*] VDSO: Always map near top of user memory + - [sparc64] mach64: detect the dot clock divider correctly on sparc + - vsprintf: Fix off-by-one bug in bstr_printf() processing dereferenced + pointers + - percpu: stop leaking bitmap metadata blocks + - perf script python: Fix export-to-postgresql.py occasional failure + - perf script python: Fix export-to-sqlite.py sample columns + - [s390x] cio: Fix how vfio-ccw checks pinned pages + - dm cache: destroy migration_cache if cache target registration failed + - dm: fix report zone remapping to account for partition offset + - dm linear: eliminate linear_end_io call if CONFIG_DM_ZONED disabled + - dm linear: fix linear_end_io conditional definition + - cgroup: Fix dom_cgrp propagation when enabling threaded mode + - drm/nouveau/drm/nouveau: Grab runtime PM ref in nv50_mstc_detect() + - mmc: block: avoid multiblock reads for the last sector in SPI mode + - [armhf] pinctrl: mcp23s08: fix irq and irqchip setup order + - [arm64] perf: Reject stand-alone CHAIN events for PMUv3 + - mm/mmap.c: don't clobber partially overlapping VMA with + MAP_FIXED_NOREPLACE + - mm/thp: fix call to mmu_notifier in set_pmd_migration_entry() v2 + - filesystem-dax: Fix dax_layout_busy_page() livelock + - mm: Preserve _PAGE_DEVMAP across mprotect() calls + - [x86] i2c: i2c-scmi: fix for i2c_smbus_write_block_data + - [powerpc*] KVM: Book3S HV: Avoid crash from THP collapse during radix + page fault + https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.18.16 + - media: af9035: prevent buffer overflow on write + - spi: gpio: Fix copy-and-paste error + - batman-adv: Avoid probe ELP information leak + - batman-adv: Fix segfault when writing to throughput_override + - batman-adv: Fix segfault when writing to sysfs elp_interval + - batman-adv: Prevent duplicated gateway_node entry + - batman-adv: Prevent duplicated nc_node entry + - batman-adv: Prevent duplicated softif_vlan entry + - batman-adv: Prevent duplicated global TT entry + - batman-adv: Prevent duplicated tvlv handler + - batman-adv: fix backbone_gw refcount on queue_work() failure + - batman-adv: fix hardif_neigh refcount on queue_work() failure + - cxgb4: fix abort_req_rss6 struct + - [armhf] clocksource/drivers/ti-32k: Add CLOCK_SOURCE_SUSPEND_NONSTOP flag + for non-am43 SoCs + - [powerpc*] scsi: ibmvscsis: Fix a stringop-overflow warning + - [powerpc*] scsi: ibmvscsis: Ensure partition name is properly NUL + terminated + - [x86] intel_th: pci: Add Ice Lake PCH support + - [m68k] Input: atakbd - fix Atari keymap + - [m68k] Input: atakbd - fix Atari CapsLock behaviour + - [powerpc*] net: emac: fix fixed-link setup for the RTL8363SB switch + - qed: Fix populating the invalid stag value in multi function mode. + - qed: Do not add VLAN 0 tag to untagged frames in multi-function mode. + - [armhf,arm64] PCI: dwc: Fix scheduling while atomic issues + - RDMA/uverbs: Fix validity check for modify QP + - scsi: lpfc: Synchronize access to remoteport via rport + - [arm64] drm: mali-dp: Call drm_crtc_vblank_reset on device init + - scsi: ipr: System hung while dlpar adding primary ipr adapter back + - scsi: sd: don't crash the host on invalid commands + - bpf: sockmap only allow ESTABLISHED sock state + - bpf: sockmap, fix transition through disconnect without close + - bpf: test_maps, only support ESTABLISHED socks + - net/mlx4: Use cpumask_available for eq->affinity_mask + - clocksource/drivers/fttmr010: Fix set_next_event handler + - RDMA/bnxt_re: Fix system crash during RDMA resource initialization + - [armhf,arm64] iommu/rockchip: Free irqs in shutdown handler + - [x86] pinctrl/amd: poll InterruptEnable bits in amd_gpio_irq_set_type + - [powerpc*] tm: Fix userspace r13 corruption + - [powerpc*] tm: Avoid possible userspace r1 corruption on reclaim + - [powerpc*] numa: Use associativity if VPHN hcall is successful + - [x86] iommu/amd: Return devid as alias for ACPI HID devices + - [x86] boot: Fix kexec booting failure in the SEV bit detection code + - Revert "vfs: fix freeze protection in mnt_want_write_file() for + overlayfs" + - mremap: properly flush TLB before releasing the page + https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.18.17 + - xfrm: Validate address prefix lengths in the xfrm selector. + - xfrm6: call kfree_skb when skb is toobig + - xfrm: reset transport header back to network header after all input + transforms ahave been applied + - xfrm: reset crypto_done when iterating over multiple input xfrms + - mac80211: Always report TX status + - cfg80211: reg: Init wiphy_idx in regulatory_hint_core() + - mac80211: fix pending queue hang due to TX_DROP + - cfg80211: Address some corner cases in scan result channel updating + - mac80211: TDLS: fix skb queue/priority assignment + - mac80211: fix TX status reporting for ieee80211s + - xfrm: Fix NULL pointer dereference when skb_dst_force clears the + dst_entry. + - [armel,armhf] 8799/1: mm: fix pci_ioremap_io() offset check + - xfrm: validate template mode + - netfilter: bridge: Don't sabotage nf_hook calls from an l3mdev + - netfilter: conntrack: get rid of double sizeof + - [arm64] hugetlb: Fix handling of young ptes + - nl80211: Fix possible Spectre-v1 for NL80211_TXRATE_HT + - mac80211_hwsim: fix locking when iterating radios during ns exit + - mac80211_hwsim: fix race in radio destruction from netlink notifier + - mac80211_hwsim: do not omit multicast announce of first added radio + - Bluetooth: SMP: fix crash in unpairing + - qed: Avoid implicit enum conversion in qed_set_tunn_cls_info + - qed: Fix mask parameter in qed_vf_prep_tunn_req_tlv + - qed: Avoid implicit enum conversion in qed_roce_mode_to_flavor + - qed: Avoid constant logical operation warning in qed_vf_pf_acquire + - qed: Avoid implicit enum conversion in qed_iwarp_parse_rx_pkt + - nl80211: Fix possible Spectre-v1 for CQM RSSI thresholds + - scsi: qedi: Initialize the stats mutex lock + - rxrpc: Fix checks as to whether we should set up a new call + - rxrpc: Fix RTT gathering + - rxrpc: Fix transport sockopts to get IPv4 errors on an IPv6 socket + - rxrpc: Fix error distribution + - netfilter: nft_set_rbtree: add missing rb_erase() in GC routine + - netfilter: avoid erronous array bounds warning + - asix: Check for supported Wake-on-LAN modes + - ax88179_178a: Check for supported Wake-on-LAN modes + - lan78xx: Check for supported Wake-on-LAN modes + - sr9800: Check for supported Wake-on-LAN modes + - r8152: Check for supported Wake-on-LAN Modes + - smsc75xx: Check for Wake-on-LAN modes + - smsc95xx: Check for Wake-on-LAN modes + - cfg80211: fix use-after-free in reg_process_hint() + - [x86] KVM: nVMX: Do not expose MPX VMX controls when guest MPX disabled + - [x86] KVM: Do not use kvm_x86_ops->mpx_supported() directly + - [x86] KVM: nVMX: Fix emulation of VM_ENTRY_LOAD_BNDCFGS + - perf/core: Fix perf_pmu_unregister() locking + - [x86] perf/intel/uncore: Use boot_cpu_data.phys_proc_id instead of + hardcorded physical package ID 0 + - perf/ring_buffer: Prevent concurent ring buffer access + - [x86] perf/intel/uncore: Fix PCI BDF address of M3UPI on SKX + - [x86] perf/amd/uncore: Set ThreadMask and SliceMask for L3 Cache perf + events + - thunderbolt: Do not handle ICM events after domain is stopped + - thunderbolt: Initialize after IOMMUs + - Revert "serial: 8250_dw: Fix runtime PM handling" + - locking/ww_mutex: Fix runtime warning in the WW mutex selftest + - drm/amd/display: Signal hw_done() after waiting for flip_done() + - be2net: don't flip hw_features when VXLANs are added/deleted + - [powerpc*] numa: Skip onlining a offline node in kdump path + - net: cxgb3_main: fix a missing-check bug + - yam: fix a missing-check bug + - ocfs2: fix crash in ocfs2_duplicate_clusters_by_page() + - mm/gup_benchmark: fix unsigned comparison to zero in __gup_benchmark_ioctl + - mm/migrate.c: split only transparent huge pages when allocation fails + - [x86] paravirt: Fix some warning messages + - [arm64] clk: mvebu: armada-37xx-periph: Remove unused var num_parents + - libertas: call into generic suspend code before turning off power + - perf report: Don't try to map ip to invalid map + - HID: i2c-hid: Remove RESEND_REPORT_DESCR quirk and its handling + - [armhf] dts: imx53-qsb: disable 1.2GHz OPP + - perf record: Use unmapped IP for inline callchain cursors + - rxrpc: Don't check RXRPC_CALL_TX_LAST after calling + rxrpc_rotate_tx_window() + - rxrpc: Carry call state out of locked section in rxrpc_rotate_tx_window() + - rxrpc: Only take the rwind and mtu values from latest ACK + - rxrpc: Fix connection-level abort handling + - [x86] net: ena: fix warning in rmmod caused by double iounmap + - [x86] net: ena: fix rare bug when failed restart/resume is followed by + driver removal + - [x86] net: ena: fix NULL dereference due to untimely napi initialization + - gpio: Assign gpio_irq_chip::parents to non-stack pointer + - IB/mlx5: Unmap DMA addr from HCA before IOMMU + - rds: RDS (tcp) hangs on sendto() to unresponding address + - afs: Fix cell proc list + - fs/fat/fatent.c: add cond_resched() to fat_count_free_clusters() + - Revert "netfilter: ipv6: nf_defrag: drop skb dst before queueing" + - bridge: do not add port to router list when receives query with source + 0.0.0.0 + - ipv6: mcast: fix a use-after-free in inet6_mc_check + - ipv6/ndisc: Preserve IPv6 control buffer if protocol error handlers are + called + - ipv6: rate-limit probes for neighbourless routes + - llc: set SOCK_RCU_FREE in llc_sap_add_socket() + - net: fec: don't dump RX FIFO register when not available + - net/ipv6: Fix index counter for unicast addresses in in6_dump_addrs + - net/mlx5e: fix csum adjustments caused by RXFCS + - net: sched: gred: pass the right attribute to gred_change_table_def() + - net: socket: fix a missing-check bug + - [armhf,arm64] net: stmmac: Fix stmmac_mdio_reset() when building stmmac + as modules + - net: udp: fix handling of CHECKSUM_COMPLETE packets + - r8169: fix NAPI handling under high load + - rtnetlink: Disallow FDB configuration for non-Ethernet device + - sctp: fix race on sctp_id2asoc + - tipc: fix unsafe rcu locking when accessing publication list + - udp6: fix encap return code for resubmitting + - vhost: Fix Spectre V1 vulnerability + - virtio_net: avoid using netif_tx_disable() for serializing tx routine + - ethtool: fix a privilege escalation bug + - bonding: fix length of actor system + - ip6_tunnel: Fix encapsulation layout + - openvswitch: Fix push/pop ethernet validation + - net: ipmr: fix unresolved entry dumps + - net/mlx5: Take only bit 24-26 of wqe.pftype_wq for page fault type + - net: sched: Fix for duplicate class dump + - net/sched: cls_api: add missing validation of netlink attributes + - net/ipv6: Allow onlink routes to have a device mismatch if it is the + default route + - sctp: fix the data size calculation in sctp_data_size + - sctp: not free the new asoc when sctp_wait_for_connect returns err + - net/mlx5: Fix memory leak when setting fpga ipsec caps + - net: bpfilter: use get_pid_task instead of pid_task + - net: drop skb on failure in ip_check_defrag() + - net: fix pskb_trim_rcsum_slow() with odd trim offset + - net/mlx5: WQ, fixes for fragmented WQ buffers API + - [sparc64] Make corrupted user stacks more debuggable. + - [sparc64] Set %l4 properly on trap return after handling signals. + - [sparc64] Wire up compat getpeername and getsockname. + - [sparc64] Fix single-pcr perf event counter management. + - [sparc64] Fix syscall fallback bugs in VDSO. + - [sparc64] Throttle perf events properly. + - net: bridge: remove ipv6 zero address check in mcast queries + https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.18.18 + - vfs: swap names of {do,vfs}_clone_file_range() + - bpf: fix partial copy of map_ptr when dst is scalar + - [armhf,arm64] clk: sunxi-ng: sun4i: Set VCO and PLL bias current to + lowest setting + - fscache: Fix incomplete initialisation of inline key space + - cachefiles: fix the race between cachefiles_bury_object() and rmdir(2) + - fscache: Fix out of bound read in long cookie keys + - ptp: fix Spectre v1 vulnerability + - drm/edid: VSDB yCBCr420 Deep Color mode bit definitions + - drm: fb-helper: Reject all pixel format changing requests + - RDMA/ucma: Fix Spectre v1 vulnerability (CVE-2017-5753) + - IB/ucm: Fix Spectre v1 vulnerability (CVE-2017-5753) + - cdc-acm: do not reset notification buffer index upon urb unlinking + - cdc-acm: correct counting of UART states in serial state notification + - cdc-acm: fix race between reset and control messaging + - usb: usbip: Fix BUG: KASAN: slab-out-of-bounds in vhci_hub_control() + - usb: gadget: storage: Fix Spectre v1 vulnerability + - usb: roles: intel_xhci: Fix Unbalanced pm_runtime_enable + - usb: xhci: pci: Enable Intel USB role mux on Apollo Lake platforms + - USB: fix the usbfs flag sanitization for control transfers + - tracing: Fix synthetic event to accept unsigned modifier + - tracing: Fix synthetic event to allow semicolon at end + - [armhf] drm/sun4i: Fix an ulong overflow in the dotclock driver + - sched/fair: Fix throttle_list starvation with low CFS quota + - [x86] tsc: Force inlining of cyc2ns bits + - [x86] hibernate: Fix nosave_regions setup for hibernation + - [x86] percpu: Fix this_cpu_read() + - [x86] time: Correct the attribute on jiffies' definition + https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.18.19 + - [armhf] mtd: rawnand: marvell: fix the IRQ handler complete() condition + - spi: spi-mem: Adjust op len based on message/transfer size limitations + - bcache: trace missed reading by cache_missed + - bcache: correct dirty data statistics + - bcache: fix miss key refill->end in writeback + - hwmon: (pmbus) Fix page count auto-detection. + - jffs2: free jffs2_sb_info through jffs2_kill_sb() + - block: setup bounce bio_sets properly + - block: don't deal with discard limit in blkdev_issue_discard() + - block: make sure discard bio is aligned with logical block size + - block: make sure writesame bio is aligned with logical block size + - cpufreq: conservative: Take limits changes into account properly + - dma-mapping: fix panic caused by passing empty cma command line argument + - pcmcia: Implement CLKRUN protocol disabling for Ricoh bridges + - ACPI / OSL: Use 'jiffies' as the time bassis for acpi_os_get_timer() + - ACPICA: AML Parser: fix parse loop to correctly skip erroneous extended + opcodes + - [x86] kprobes: Use preempt_enable() in optimized_callback() + - ipmi: Fix timer race with module unload + - acpi, nfit: Fix Address Range Scrub completion tracking + - [hppa] Fix address in HPMC IVA + - [hppa] Fix map_pages() to not overwrite existing pte entries + - [hppa] Fix exported address of os_hpmc handler + - [x86] ALSA: hda - Add quirk for ASUS G751 laptop + - [x86] ALSA: hda - Fix headphone pin config for ASUS G751 + - [x86] ALSA: hda/realtek - Fix the problem of the front MIC on the Lenovo + M715 + - [x86] ALSA: hda - Add mic quirk for the Lenovo G50-30 (17aa:3905) + - ALSA: hda: Add 2 more models to the power_save blacklist + - ALSA: ca0106: Disable IZD on SB0570 DAC to fix audio pops + - [x86] speculation: Enable cross-hyperthread spectre v2 STIBP mitigation + (CVE-2017-5715) + - [x86] xen: Fix boot loader version reported for PVH guests + - [x86] corruption-check: Fix panic in memory_corruption_check() when boot + option without value is provided + - [x86] mm/pat: Disable preemption around __flush_tlb_all() + - [x86] speculation: Support Enhanced IBRS on future CPUs (CVE-2017-5715) + - [armhf] dts: exynos: Disable pull control for MAX8997 interrupts on + Origen + - drm: fix use of freed memory in drm_mode_setcrtc + - bpf: do not blindly change rlimit in reuseport net selftest + - nvme: remove ns sibling before clearing path + - Revert "perf tools: Fix PMU term format max value calculation" + - xsk: do not call synchronize_net() under RCU read lock + - xfrm: policy: use hlist rcu variants on insert + - [x86] perf vendor events intel: Fix wrong filter_band* values for uncore + events + - r8169: Enable MSI-X on RTL8106e + - nfp: flower: fix pedit set actions for multiple partial masks + - nfp: flower: use offsets provided by pedit instead of index for ipv6 + - sched/fair: Fix the min_vruntime update logic in dequeue_entity() + - perf evsel: Store ids for events with their own cpus + perf_event__synthesize_event_update_cpus + - perf tools: Fix use of alternatives to find JDIR + - perf cpu_map: Align cpu map synthesized events properly. + - perf report: Don't crash on invalid inline debug information + - [x86] fpu: Remove second definition of fpu in __fpu__restore_sig() + - net: qla3xxx: Remove overflowing shift statement + - r8169: re-enable MSI-X on RTL8168g + - drm: Get ref on CRTC commit object when waiting for flip_done + - [arm64] net: socionext: Reset tx queue in ndo_stop + - netfilter: xt_nat: fix DNAT target for shifted portmap ranges + - [m68k] ataflop: fix error handling during setup + - [m68k] swim: fix cleanup on setup error + - [arm64] cpufeature: ctr: Fix cpu capability check for late CPUs + - nfp: devlink port split support for 1x100G CXP NIC + - tun: Consistently configure generic netdev params via rtnetlink + - [s390x] sthyi: Fix machine name validity indication + - hwmon: (pwm-fan) Set fan speed to 0 on suspend + - lightnvm: pblk: fix race on sysfs line state + - lightnvm: pblk: fix two sleep-in-atomic-context bugs + - lightnvm: pblk: fix race condition on metadata I/O + - perf tools: Free temporary 'sys' string in read_event_files() + - perf tools: Cleanup trace-event-info 'tdata' leak + - perf strbuf: Match va_{add,copy} with va_end + - [x86] cpupower: Fix coredump on VMWare + - bcache: Populate writeback_rate_minimum attribute + - mmc: sdhci-pci-o2micro: Add quirk for O2 Micro dev 0x8620 rev 0x01 + - sdhci: acpi: add free_slot callback + - iwlwifi: pcie: avoid empty free RB queue + - iwlwifi: mvm: clear HW_RESTART_REQUESTED when stopping the interface + - iwlwifi: mvm: check for n_profiles validity in EWRD ACPI + - [i386] olpc: Indicate that legacy PC XO-1 platform should not register + RTC + - ACPI/PPTT: Handle architecturally unknown cache types + - ACPI / PM: LPIT: Register sysfs attributes based on FADT + - ACPI / processor: Fix the return value of acpi_processor_ids_walk() + - cpufreq: dt: Try freeing static OPPs only if we have added them + - [x86] intel_rdt: Show missing resctrl mount options + - [arm64] signal: Introduce COMPAT_SIGMINSTKSZ for use in + compat_sys_sigaltstack + - [arm64] net: hns3: Fix for packet buffer setting bug + - [x86] boot: Fix EFI stub alignment + - [arm64] net: hns3: Add nic state check before calling netif_tx_wake_queue + - [arm64] net: hns3: Fix ets validate issue + - [armhf,arm64] pinctrl: sunxi: fix 'pctrl->functions' allocation in + sunxi_pinctrl_build_state + - [arm64] pinctrl: qcom: spmi-mpp: Fix err handling of pmic_mpp_set_mux + - brcmfmac: fix for proper support of 160MHz bandwidth + - [arm64] net: hns3: Check hdev state when getting link status + - [arm64] net: hns3: Set STATE_DOWN bit of hdev state when stopping net + - net: phy: phylink: ensure the carrier is off when starting phylink + - block, bfq: correctly charge and reset entity service in all cases + - [arm64] entry: Allow handling of undefined instructions from EL1 + - kprobes: Return error if we fail to reuse kprobe instead of BUG_ON() + - spi: gpio: No MISO does not imply no RX + - ACPI / LPSS: Add alternative ACPI HIDs for Cherry Trail DMA controllers + - [arm64] pinctrl: qcom: spmi-mpp: Fix drive strength setting + - bpf/verifier: fix verifier instability + - failover: Add missing check to validate 'slave_dev' in + net_failover_slave_unregister + - perf tests: Fix record+probe_libc_inet_pton.sh without ping's debuginfo + - [arm64] pinctrl: spmi-mpp: Fix pmic_mpp_config_get() to be compliant + - [arm64] pinctrl: ssbi-gpio: Fix pm8xxx_pin_config_get() to be compliant + - [arm64] net: hns3: Preserve vlan 0 in hardware table + - [arm64] net: hns3: Fix ping exited problem when doing lp selftest + - [arm64] net: hns3: Fix for vf vlan delete failed problem + - [armhf,arm64] net: dsa: mv88e6xxx: Fix writing to a PHY page. + - rsi: fix memory alignment issue in ARM32 platforms + - iwlwifi: mvm: fix BAR seq ctrl reporting + - ixgbe: disallow IPsec Tx offload when in SR-IOV mode + - ixgbevf: VF2VF TCP RSS + - ath10k: schedule hardware restart if WMI command times out + - libata: Apply NOLPM quirk for SAMSUNG MZ7TD256HAFV-000L9 + - cgroup, netclassid: add a preemption point to write_classid + - [armhf,arm64] net: stmmac: dwmac-sun8i: fix OF child-node lookup + - f2fs: fix to account IO correctly for cgroup writeback + - MD: Memory leak when flush bio size is zero + - md: fix memleak for mempool + - scsi: esp_scsi: Track residual for PIO transfers + - scsi: ufs: Schedule clk gating work on correct queue + - UAPI: ndctl: Fix g++-unsupported initialisation in headers + - [x86] KVM: nVMX: Clear reserved bits of #DB exit qualification + - scsi: megaraid_sas: fix a missing-check bug + - RDMA/core: Do not expose unsupported counters + - IB/ipoib: Clear IPCB before icmp_send + - usb: host: ohci-at91: fix request of irq for optional gpio + - usb: typec: tcpm: Report back negotiated PPS voltage and current + - tpm: suppress transmit cmd error logs when TPM 1.2 is disabled/ + deactivated + - f2fs: clear PageError on the read path + - [x86] Drivers: hv: vmbus: Use cpumask_var_t for on-stack cpu mask + - [x86] VMCI: Resource wildcard match fixed + - PCI / ACPI: Enable wake automatically for power managed bridges + - xprtrdma: Reset credit grant properly after a disconnect + - irqchip/pdc: Setup all edge interrupts as rising edge at GIC + - [armhf,arm64] usb: dwc2: fix a race with external vbus supply + - ext4: fix argument checking in EXT4_IOC_MOVE_EXT + - MD: fix invalid stored role for a disk + - nvmem: check the return value of nvmem_add_cells() + - xhci: Avoid USB autosuspend when resuming USB2 ports. + - f2fs: fix to recover inode's crtime during POR + - f2fs: fix to recover inode's i_flags during POR + - PCI/MSI: Warn and return error if driver enables MSI/MSI-X twice + - [armhf.arm64] usb: chipidea: Prevent unbalanced IRQ disable + - [x86] driver/dma/ioat: Call del_timer_sync() without holding prep_lock + - IB/mlx5: Allow transition of DCI QP to reset + - uio: ensure class is registered before devices + - scsi: lpfc: Correct soft lockup when running mds diagnostics + - scsi: lpfc: Correct race with abort on completion path + - f2fs: avoid sleeping under spin_lock + - f2fs: report error if quota off error during umount + - signal: Always deliver the kernel's SIGKILL and SIGSTOP to a pid + namespace init + - IB/rxe: fix for duplicate request processing and ack psns + - ALSA: hda: Check the non-cached stream buffers more explicitly + - [x86] cpupower: Fix AMD Family 0x17 msr_pstate size + - Revert "f2fs: fix to clear PG_checked flag in set_page_dirty()" + - f2fs: fix to recover cold bit of inode block during POR + - f2fs: fix to account IO correctly + - OPP: Free OPP table properly on performance state irregularities + - [armhf] dts: exynos: Add missing cooling device properties for CPUs + - [armhf] dts: exynos: Convert exynos5250.dtsi to opp-v2 bindings + - [armhf] dts: exynos: Mark 1 GHz CPU OPP as suspend OPP on Exynos5250 + - xen-swiotlb: use actually allocated size on check physical continuous + - tpm: Restore functionality to xen vtpm driver. + - xen/blkfront: avoid NULL blkfront_info dereference on device removal + - xen/balloon: Support xend-based toolstack + - xen: fix race in xen_qlock_wait() + - xen: make xen_qlock_wait() nestable + - xen/pvh: increase early stack size + - xen/pvh: don't try to unplug emulated devices + - libertas: don't set URB_ZERO_PACKET on IN USB transfer + - usbip:vudc: BUG kmalloc-2048 (Not tainted): Poison overwritten + - usb: typec: tcpm: Fix APDO PPS order checking to be based on voltage + - mt76: mt76x2: fix multi-interface beacon configuration + - iwlwifi: mvm: check return value of rs_rate_from_ucode_rate() + - net/ipv4: defensive cipso option parsing + - libnvdimm: Hold reference on parent while scheduling async init + - libnvdimm, region: Fail badblocks listing for inactive regions + - libnvdimm, pmem: Fix badblocks population for 'raw' namespaces + - [x86] ASoC: intel: skylake: Add missing break in skl_tplg_get_token() + - IB/mlx5: Fix MR cache initialization + - IB/rxe: Revise the ib_wr_opcode enum + - jbd2: fix use after free in jbd2_log_do_checkpoint() + - gfs2_meta: ->mount() can get NULL dev_name + - ext4: fix EXT4_IOC_SWAP_BOOT + - ext4: initialize retries variable in ext4_da_write_inline_data_begin() + - ext4: fix setattr project check in fssetxattr ioctl + - ext4: propagate error from dquot_initialize() in EXT4_IOC_FSSETXATTR + - ext4: fix use-after-free race in ext4_remount()'s error path + - selinux: fix mounting of cgroup2 under older policies + - HID: wacom: Work around HID descriptor bug in DTK-2451 and DTH-2452 + - HID: hiddev: fix potential Spectre v1 + - [x86] EDAC, amd64: Add Family 17h, models 10h-2fh support + - [x86] EDAC, {i7core,sb,skx}_edac: Fix uncorrected error counting + - [x86] EDAC, skx_edac: Fix logical channel intermediate decoding + - PCI/ASPM: Fix link_state teardown on device removal + - [x86] PCI: vmd: White list for fast interrupt handlers + - [powerpc*] signal/GenWQE: Fix sending of SIGKILL + - signal: Guard against negative signal numbers in copy_siginfo_from_user32 + - crypto: lrw - Fix out-of bounds access on counter overflow + - crypto: tcrypt - fix ghash-generic speed test + - [x86] crypto: aesni - don't use GFP_ATOMIC allocation if the request + doesn't cross a page in gcm + - mm: /proc/pid/smaps_rollup: fix NULL pointer deref in smaps_pte_range() + - ima: fix showing large 'violations' or 'runtime_measurements_count' + - hugetlbfs: dirty pages as they are added to pagecache + - mm/rmap: map_pte() was not handling private ZONE_DEVICE page properly + - mm/hmm: fix race between hmm_mirror_unregister() and mmu_notifier callback + - [armhf,arm64] KVM: Ensure only THP is candidate for adjustment + - [arm64] KVM: Fix caching of host MDCR_EL2 value + - [armhf] w1: omap-hdq: fix missing bus unregister at removal + - smb3: allow stats which track session and share reconnects to be reset + - smb3: do not attempt cifs operation in smb3 query info error path + - smb3: on kerberos mount if server doesn't specify auth type use krb5 + - printk: Fix panic caused by passing log_buf_len to command line + - genirq: Fix race on spurious interrupt detection + - NFSv4.1: Fix the r/wsize checking + - nfs: Fix a missed page unlock after pg_doio() + - nfsd: correctly decrement odstate refcount in error path + - nfsd: Fix an Oops in free_session() + - lockd: fix access beyond unterminated strings in prints + - dm ioctl: harden copy_params()'s copy_from_user() from malicious users + - dm zoned: fix metadata block ref counting + - dm zoned: fix various dmz_get_mblock() issues + - media: ov7670: make "xclk" clock optional + - fsnotify: Fix busy inodes during unmount + - [powerpc*] msi: Fix compile error on mpc83xx + - [powerpc*] tm: Fix HFSCR bit for no suspend case + - [powerpc*] 4s/hash: Do not use PPC_INVALIDATE_ERAT on CPUs before POWER9 + - [mips*] memset: Fix CPU_DADDI_WORKAROUNDS `small_fixup' regression + - [mips*/octeon] fix out of bounds array access on CN68XX + - rtc: ds1307: fix ds1339 wakealarm support + - rtc: cmos: Fix non-ACPI undefined reference to `hpet_rtc_interrupt' + - rtc: cmos: Remove the `use_acpi_alarm' module parameter for !ACPI + - [armhf] power: supply: twl4030-charger: fix OF sibling-node lookup + - [armhf,arm64] iommu/arm-smmu: Ensure that page-table updates are visible + before TLBI + - media: v4l2-tpg: fix kernel oops when enabling HFLIP and OSD + - Revert "media: dvbsky: use just one mutex for serializing device R/W ops" + - media: cec: make cec_get_edid_spa_location() an inline function + - media: cec: integrate cec_validate_phys_addr() in cec-api.c + - xen: fix xen_qlock_wait() + - xen: remove size limit of privcmd-buf mapping interface + - xen-blkfront: fix kernel panic with negotiate_mq error path + - media: cec: add new tx/rx status bits to detect aborts/timeouts + - media: cec: fix the Signal Free Time calculation + - media: cec: forgot to cancel delayed work + - media: em28xx: use a default format if TRY_FMT fails + - media: tvp5150: avoid going past array on v4l2_querymenu() + - media: em28xx: fix input name for Terratec AV 350 + - media: em28xx: make v4l2-compliance happier by starting sequence on zero + - media: em28xx: fix handler for vidioc_s_input() + - media: media colorspaces*.rst: rename AdobeRGB to opRGB + - media: replace ADOBERGB by OPRGB + - media: hdmi.h: rename ADOBE_RGB to OPRGB and ADOBE_YCC to OPYCC + - [arm64] lse: remove -fcall-used-x0 flag + - [arm64] rpmsg: smd: fix memory leak on channel create + - Cramfs: fix abad comparison when wrap-arounds occur + - [armhf,arm64] soc/tegra: pmc: Fix child-node lookup + - tracing: Return -ENOENT if there is no target synthetic event + - btrfs: qgroup: Avoid calling qgroup functions if qgroup is not enabled + - btrfs: Handle owner mismatch gracefully when walking up tree + - btrfs: locking: Add extra check in btrfs_init_new_buffer() to avoid + deadlock + - btrfs: fix error handling in free_log_tree + - btrfs: fix error handling in btrfs_dev_replace_start + - btrfs: Enhance btrfs_trim_fs function to handle error better + - btrfs: Ensure btrfs_trim_fs can trim the whole filesystem + - btrfs: iterate all devices during trim, instead of fs_devices::alloc_list + - btrfs: don't attempt to trim devices that don't support it + - btrfs: keep trim from interfering with transaction commits + - btrfs: wait on caching when putting the bg cache + - Btrfs: don't clean dirty pages during buffered writes + - btrfs: release metadata before running delayed refs + - btrfs: protect space cache inode alloc with GFP_NOFS + - btrfs: reset max_extent_size on clear in a bitmap + - btrfs: make sure we create all new block groups + - Btrfs: fix warning when replaying log after fsync of a tmpfile + - Btrfs: fix wrong dentries after fsync of file that got its parent + replaced + - btrfs: qgroup: Dirty all qgroups before rescan + - Btrfs: fix null pointer dereference on compressed write path error + - Btrfs: fix assertion on fsync of regular file when using no-holes feature + - Btrfs: fix deadlock when writing out free space caches + - btrfs: reset max_extent_size properly + - btrfs: set max_extent_size properly + - btrfs: don't use ctl->free_space for max_extent_size + - btrfs: only free reserved extent if we didn't insert it + - btrfs: fix insert_reserved error handling + - btrfs: don't run delayed_iputs in commit + - btrfs: move the dio_sem higher up the callchain + - Btrfs: fix use-after-free during inode eviction + - Btrfs: fix use-after-free when dumping free space + - net: sched: Remove TCA_OPTIONS from policy + - userns: also map extents in the reverse map to kernel IDs + - bpf: wait for running BPF programs when updating map-in-map + - MD: fix invalid stored role for a disk - try2 + https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.18.20 + - [powerpc*] traps: restore recoverability of machine_check interrupts + - [powerpc*] 64/module: REL32 relocation range check + - [powerpc*] mm: Fix page table dump to work on Radix + - [powerpc*] mm: fix always true/false warning in slice.c + - drm/amd/display: fix bug of accessing invalid memory + - Input: wm97xx-ts - fix exit path + - [powerpc*] eeh: Fix possible null deref in eeh_dump_dev_log() + - tty: check name length in tty_find_polling_driver() + - tracing/kprobes: Check the probe on unloaded module correctly + - drm/amdgpu/powerplay: fix missing break in switch statements + - [powerpc*] nohash: fix undefined behaviour when testing page size support + - [powerpc*] mm: Don't report hugepage tables as memory leaks when using + kmemleak + - [armhf] drm/omap: fix memory barrier bug in DMM driver + - drm/amd/display: fix gamma not being applied + - [arm64] drm/hisilicon: hibmc: Do not carry error code in HiBMC + framebuffer pointer + - media: pci: cx23885: handle adding to list failure + - [mips*] kexec: Mark CPU offline before disabling local IRQ + - [powerpc*] memtrace: Remove memory in chunks + - [mips*] PCI: Call pcie_bus_configure_settings() to set MPS/MRRS + - media: tvp5150: fix width alignment during set_selection() + - drm/amdgpu: Fix SDMA TO after GPU reset v3 + - 9p locks: fix glock.client_id leak in do_lock + - udf: Prevent write-unsupported filesystem to be remounted read-write + - 9p: clear dangling pointers in p9stat_free + - cdrom: fix improper type cast, which can leat to information leak. + - ovl: fix error handling in ovl_verify_set_fh() + - ovl: check whiteout in ovl_create_over_whiteout() + - [sh4] serial: sh-sci: Fix could not remove dev_attr_rx_fifo_timeout + - scsi: qla2xxx: Fix incorrect port speed being set for FC adapters + - scsi: qla2xxx: Fix process response queue for ISP26XX and above + - scsi: qla2xxx: Remove stale debug trace message from tcm_qla2xxx + - scsi: qla2xxx: shutdown chip if reset fail + - scsi: qla2xxx: Fix duplicate switch database entries + - scsi: qla2xxx: Fix driver hang when FC-NVMe LUNs are configured + - fuse: Fix use-after-free in fuse_dev_do_read() + - fuse: Fix use-after-free in fuse_dev_do_write() + - fuse: fix blocked_waitq wakeup + - fuse: set FR_SENT while locked + - ovl: fix recursive oi->lock in ovl_link() + - scsi: qla2xxx: Fix re-using LoopID when handle is in use + - scsi: qla2xxx: Fix NVMe session hang on unload + - [arm64] clk: meson-gxbb: set fclk_div3 as CLK_IS_CRITICAL + - [arm64] clk: meson: axg: mark fdiv2 and fdiv3 as critical + - zram: close udev startup race condition as default groups + - [mips*el/loonsgon-3] Fix CPU UART irq delivery problem + - [mips*el/loongson-3] Fix BRIDGE irq delivery problem + - [armhf] clk: s2mps11: Fix matching when built as module and DT node + contains compatible + - [armhf,arm64] clk: sunxi-ng: h6: fix bus clocks' divider position + - [arm64] clk: rockchip: fix wrong mmc sample phase shift for rk3328 + - [armhf,arm64] clk: rockchip: Fix static checker warning in + rockchip_ddrclk_get_parent call + - libceph: bump CEPH_MSG_MAX_DATA_LEN + - Revert "ceph: fix dentry leak in splice_dentry()" + - thermal: core: Fix use-after-free in thermal_cooling_device_destroy_sysfs + - mach64: fix display corruption on big endian machines + - mach64: fix image corruption due to reading accelerator registers + - acpi/nfit, x86/mce: Handle only uncorrectable machine checks + - acpi/nfit, x86/mce: Validate a MCE's address before using it + - acpi, nfit: Fix ARS overflow continuation + - [arm64] reset: hisilicon: fix potential NULL pointer dereference + - vhost/scsi: truncate T10 PI iov_iter to prot_bytes + - scsi: qla2xxx: Initialize port speed to avoid setting lower speed + - SCSI: fix queue cleanup race before queue initialization is done + - [powerpc*] Revert "powerpc/8xx: Use L1 entry APG to handle _PAGE_ACCESSED + for CONFIG_SWAP" + - ocfs2: fix a misuse a of brelse after failing ocfs2_check_dir_entry + - ocfs2: free up write context when direct IO failed + - mm: thp: relax __GFP_THISNODE for MADV_HUGEPAGE mappings + - memory_hotplug: cond_resched in __remove_pages + - netfilter: conntrack: fix calculation of next bucket number in early_drop + - [armhf] 8809/1: proc-v7: fix Thumb annotation of cpu_v7_hvc_switch_mm + - bonding/802.3ad: fix link_failure_count tracking + - mtd: nand: Fix nanddev_neraseblocks() + - mtd: docg3: don't set conflicting BCH_CONST_PARAMS option + - hwmon: (core) Fix double-free in __hwmon_device_register() + - perf stat: Handle different PMU names with common prefix + - of, numa: Validate some distance map rules + - [x86] hyper-v: Enable PIT shutdown quirk + - termios, tty/tty_baudrate.c: fix buffer overrun + - watchdog/core: Add missing prototypes for weak functions + - btrfs: fix pinned underflow after transaction aborted + - Btrfs: fix cur_offset in the error case for nocow + - Btrfs: fix infinite loop on inode eviction after deduplication of eof + block + - Btrfs: fix data corruption due to cloning of eof block + - clockevents/drivers/i8253: Add support for PIT shutdown quirk + - ext4: add missing brelse() update_backups()'s error path + - ext4: add missing brelse() in set_flexbg_block_bitmap()'s error path + - ext4: add missing brelse() add_new_gdb_meta_bg()'s error path + - ext4: avoid potential extra brelse in setup_new_flex_group_blocks() + - ext4: missing !bh check in ext4_xattr_inode_write() + - ext4: fix possible inode leak in the retry loop of ext4_resize_fs() + - ext4: avoid buffer leak on shutdown in ext4_mark_iloc_dirty() + - ext4: avoid buffer leak in ext4_orphan_add() after prior errors + - ext4: fix missing cleanup if ext4_alloc_flex_bg_array() fails while + resizing + - ext4: avoid possible double brelse() in add_new_gdb() on error path + - ext4: fix possible leak of sbi->s_group_desc_leak in error path + - ext4: fix possible leak of s_journal_flag_rwsem in error path + - ext4: fix buffer leak in ext4_xattr_get_block() on error path + - ext4: release bs.bh before re-using in ext4_xattr_block_find() + - ext4: fix buffer leak in ext4_xattr_move_to_block() on error path + - ext4: fix buffer leak in ext4_expand_extra_isize_ea() on error path + - ext4: fix buffer leak in __ext4_read_dirblock() on error path + - mount: Retest MNT_LOCKED in do_umount + - mount: Don't allow copying MNT_UNBINDABLE|MNT_LOCKED mounts + - mount: Prevent MNT_DETACH from disconnecting locked mounts + - mnt: fix __detach_mounts infinite loop + - sunrpc: correct the computation for page_ptr when truncating + - NFSv4: Don't exit the state manager without clearing + NFS4CLNT_MANAGER_RUNNING + - nfsd: COPY and CLONE operations require the saved filehandle to be set + - rtc: hctosys: Add missing range error reporting + - fuse: fix use-after-free in fuse_direct_IO() + - fuse: fix leaked notify reply + - selinux: check length properly in SCTP bind hook + - configfs: replace strncpy with memcpy + - gfs2: Put bitmap buffers in put_super + - gfs2: Fix metadata read-ahead during truncate (2) + - libata: blacklist SAMSUNG MZ7TD256HAFV-000L9 SSD + - crypto: user - fix leaking uninitialized memory to userspace + - hugetlbfs: fix kernel BUG at fs/hugetlbfs/inode.c:444! + - mm/swapfile.c: use kvzalloc for swap_info_struct allocation + - [armhf,arm64] efi/libstub: Pack FDT after populating it + - [armhf,arm64] drm/rockchip: Allow driver to be shutdown on reboot/kexec + - [arm64] drm/msm: fix OF child-node lookup + - drm/amdgpu: Fix typo in amdgpu_vmid_mgr_init + - drm/amdgpu: add missing CHIP_HAINAN in amdgpu_ucode_get_load_type + - drm/nouveau: Check backlight IDs are >= 0, not > 0 + - drm/nouveau: Fix nv50_mstc->best_encoder() + - drm/amd/powerplay: Enable/Disable NBPSTATE on On/OFF of UVD + - [armhf] drm/etnaviv: fix bogus fence complete check in timeout handler + - drm/dp_mst: Check if primary mstb is null + - drm: panel-orientation-quirks: Add quirk for Acer One 10 (S1003) + - [x86] drm/i915/dp: Link train Fallback on eDP only if fallback link BW + can fit panel's native mode + - [x86] drm/i915: Restore vblank interrupts earlier + - [x86] drm/i915: Don't unset intel_connector->mst_port + - [x86] drm/i915: Skip vcpi allocation for MSTB ports that are gone + - [x86] drm/i915: Large page offsets for pread/pwrite + - [x86] drm/i915/dp: Fix link retraining comment in intel_dp_long_pulse() + - [x86] drm/i915/dp: Restrict link retrain workaround to external monitors + - [x86] drm/i915/hdmi: Add HDMI 2.0 audio clock recovery N values + - [x86] drm/i915: Fix error handling for the NV12 fb dimensions check + - [x86] drm/i915: Fix ilk+ watermarks when disabling pipes + - [x86] drm/i915: Compare user's 64b GTT offset even on 32b + - [x86] drm/i915: Don't oops during modeset shutdown after lpe audio deinit + - [x86] drm/i915: Mark pin flags as u64 + - [x86] drm/i915/ringbuffer: Delay after EMIT_INVALIDATE for gen4/gen5 + - [x86] drm/i915/execlists: Force write serialisation into context image vs + execution + - [x86] drm/i915: Fix possible race in intel_dp_add_mst_connector() + - [armhf,arm64] CONFIG_XEN_PV breaks xen_create_contiguous_region on ARM [ Ben Hutchings ] * linux-perf: Fix BPF feature detection diff --git a/debian/patches/bugfix/all/cdrom-fix-improper-type-cast-which-can-leat-to-infor.patch b/debian/patches/bugfix/all/cdrom-fix-improper-type-cast-which-can-leat-to-infor.patch deleted file mode 100644 index c85d51cc4..000000000 --- a/debian/patches/bugfix/all/cdrom-fix-improper-type-cast-which-can-leat-to-infor.patch +++ /dev/null @@ -1,34 +0,0 @@ -From: Young_X -Date: Wed, 3 Oct 2018 12:54:29 +0000 -Subject: cdrom: fix improper type cast, which can leat to information leak. -Origin: https://git.kernel.org/linus/e4f3aa2e1e67bb48dfbaaf1cad59013d5a5bc276 -Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2018-18710 - -There is another cast from unsigned long to int which causes -a bounds check to fail with specially crafted input. The value is -then used as an index in the slot array in cdrom_slot_status(). - -This issue is similar to CVE-2018-16658 and CVE-2018-10940. - -Signed-off-by: Young_X -Signed-off-by: Jens Axboe ---- - drivers/cdrom/cdrom.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/drivers/cdrom/cdrom.c b/drivers/cdrom/cdrom.c -index a5d5a96479bf..10802d1fc554 100644 ---- a/drivers/cdrom/cdrom.c -+++ b/drivers/cdrom/cdrom.c -@@ -2445,7 +2445,7 @@ static int cdrom_ioctl_select_disc(struct cdrom_device_info *cdi, - return -ENOSYS; - - if (arg != CDSL_CURRENT && arg != CDSL_NONE) { -- if ((int)arg >= cdi->capacity) -+ if (arg >= cdi->capacity) - return -EINVAL; - } - --- -2.11.0 - diff --git a/debian/patches/bugfix/all/mremap-properly-flush-TLB-before-releasing-the-page.patch b/debian/patches/bugfix/all/mremap-properly-flush-TLB-before-releasing-the-page.patch deleted file mode 100644 index 68131a77f..000000000 --- a/debian/patches/bugfix/all/mremap-properly-flush-TLB-before-releasing-the-page.patch +++ /dev/null @@ -1,175 +0,0 @@ -From: Linus Torvalds -Date: Fri, 12 Oct 2018 15:22:59 -0700 -Subject: mremap: properly flush TLB before releasing the page -Origin: https://git.kernel.org/linus/eb66ae030829605d61fbef1909ce310e29f78821 -Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2018-18281 -Bug: https://bugs.chromium.org/p/project-zero/issues/detail?id=1695 - -Jann Horn points out that our TLB flushing was subtly wrong for the -mremap() case. What makes mremap() special is that we don't follow the -usual "add page to list of pages to be freed, then flush tlb, and then -free pages". No, mremap() obviously just _moves_ the page from one page -table location to another. - -That matters, because mremap() thus doesn't directly control the -lifetime of the moved page with a freelist: instead, the lifetime of the -page is controlled by the page table locking, that serializes access to -the entry. - -As a result, we need to flush the TLB not just before releasing the lock -for the source location (to avoid any concurrent accesses to the entry), -but also before we release the destination page table lock (to avoid the -TLB being flushed after somebody else has already done something to that -page). - -This also makes the whole "need_flush" logic unnecessary, since we now -always end up flushing the TLB for every valid entry. - -Reported-and-tested-by: Jann Horn -Acked-by: Will Deacon -Tested-by: Ingo Molnar -Acked-by: Peter Zijlstra (Intel) -Signed-off-by: Linus Torvalds -Signed-off-by: Greg Kroah-Hartman ---- - include/linux/huge_mm.h | 2 +- - mm/huge_memory.c | 10 ++++------ - mm/mremap.c | 30 +++++++++++++----------------- - 3 files changed, 18 insertions(+), 24 deletions(-) - -diff --git a/include/linux/huge_mm.h b/include/linux/huge_mm.h -index 99c19b06d9a4..fdcb45999b26 100644 ---- a/include/linux/huge_mm.h -+++ b/include/linux/huge_mm.h -@@ -43,7 +43,7 @@ extern int mincore_huge_pmd(struct vm_area_struct *vma, pmd_t *pmd, - unsigned char *vec); - extern bool move_huge_pmd(struct vm_area_struct *vma, unsigned long old_addr, - unsigned long new_addr, unsigned long old_end, -- pmd_t *old_pmd, pmd_t *new_pmd, bool *need_flush); -+ pmd_t *old_pmd, pmd_t *new_pmd); - extern int change_huge_pmd(struct vm_area_struct *vma, pmd_t *pmd, - unsigned long addr, pgprot_t newprot, - int prot_numa); -diff --git a/mm/huge_memory.c b/mm/huge_memory.c -index 58269f8ba7c4..deed97fba979 100644 ---- a/mm/huge_memory.c -+++ b/mm/huge_memory.c -@@ -1780,7 +1780,7 @@ static pmd_t move_soft_dirty_pmd(pmd_t pmd) - - bool move_huge_pmd(struct vm_area_struct *vma, unsigned long old_addr, - unsigned long new_addr, unsigned long old_end, -- pmd_t *old_pmd, pmd_t *new_pmd, bool *need_flush) -+ pmd_t *old_pmd, pmd_t *new_pmd) - { - spinlock_t *old_ptl, *new_ptl; - pmd_t pmd; -@@ -1811,7 +1811,7 @@ bool move_huge_pmd(struct vm_area_struct *vma, unsigned long old_addr, - if (new_ptl != old_ptl) - spin_lock_nested(new_ptl, SINGLE_DEPTH_NESTING); - pmd = pmdp_huge_get_and_clear(mm, old_addr, old_pmd); -- if (pmd_present(pmd) && pmd_dirty(pmd)) -+ if (pmd_present(pmd)) - force_flush = true; - VM_BUG_ON(!pmd_none(*new_pmd)); - -@@ -1822,12 +1822,10 @@ bool move_huge_pmd(struct vm_area_struct *vma, unsigned long old_addr, - } - pmd = move_soft_dirty_pmd(pmd); - set_pmd_at(mm, new_addr, new_pmd, pmd); -- if (new_ptl != old_ptl) -- spin_unlock(new_ptl); - if (force_flush) - flush_tlb_range(vma, old_addr, old_addr + PMD_SIZE); -- else -- *need_flush = true; -+ if (new_ptl != old_ptl) -+ spin_unlock(new_ptl); - spin_unlock(old_ptl); - return true; - } -diff --git a/mm/mremap.c b/mm/mremap.c -index 5c2e18505f75..a9617e72e6b7 100644 ---- a/mm/mremap.c -+++ b/mm/mremap.c -@@ -115,7 +115,7 @@ static pte_t move_soft_dirty_pte(pte_t pte) - static void move_ptes(struct vm_area_struct *vma, pmd_t *old_pmd, - unsigned long old_addr, unsigned long old_end, - struct vm_area_struct *new_vma, pmd_t *new_pmd, -- unsigned long new_addr, bool need_rmap_locks, bool *need_flush) -+ unsigned long new_addr, bool need_rmap_locks) - { - struct mm_struct *mm = vma->vm_mm; - pte_t *old_pte, *new_pte, pte; -@@ -163,15 +163,17 @@ static void move_ptes(struct vm_area_struct *vma, pmd_t *old_pmd, - - pte = ptep_get_and_clear(mm, old_addr, old_pte); - /* -- * If we are remapping a dirty PTE, make sure -+ * If we are remapping a valid PTE, make sure - * to flush TLB before we drop the PTL for the -- * old PTE or we may race with page_mkclean(). -+ * PTE. - * -- * This check has to be done after we removed the -- * old PTE from page tables or another thread may -- * dirty it after the check and before the removal. -+ * NOTE! Both old and new PTL matter: the old one -+ * for racing with page_mkclean(), the new one to -+ * make sure the physical page stays valid until -+ * the TLB entry for the old mapping has been -+ * flushed. - */ -- if (pte_present(pte) && pte_dirty(pte)) -+ if (pte_present(pte)) - force_flush = true; - pte = move_pte(pte, new_vma->vm_page_prot, old_addr, new_addr); - pte = move_soft_dirty_pte(pte); -@@ -179,13 +181,11 @@ static void move_ptes(struct vm_area_struct *vma, pmd_t *old_pmd, - } - - arch_leave_lazy_mmu_mode(); -+ if (force_flush) -+ flush_tlb_range(vma, old_end - len, old_end); - if (new_ptl != old_ptl) - spin_unlock(new_ptl); - pte_unmap(new_pte - 1); -- if (force_flush) -- flush_tlb_range(vma, old_end - len, old_end); -- else -- *need_flush = true; - pte_unmap_unlock(old_pte - 1, old_ptl); - if (need_rmap_locks) - drop_rmap_locks(vma); -@@ -198,7 +198,6 @@ unsigned long move_page_tables(struct vm_area_struct *vma, - { - unsigned long extent, next, old_end; - pmd_t *old_pmd, *new_pmd; -- bool need_flush = false; - unsigned long mmun_start; /* For mmu_notifiers */ - unsigned long mmun_end; /* For mmu_notifiers */ - -@@ -229,8 +228,7 @@ unsigned long move_page_tables(struct vm_area_struct *vma, - if (need_rmap_locks) - take_rmap_locks(vma); - moved = move_huge_pmd(vma, old_addr, new_addr, -- old_end, old_pmd, new_pmd, -- &need_flush); -+ old_end, old_pmd, new_pmd); - if (need_rmap_locks) - drop_rmap_locks(vma); - if (moved) -@@ -246,10 +244,8 @@ unsigned long move_page_tables(struct vm_area_struct *vma, - if (extent > next - new_addr) - extent = next - new_addr; - move_ptes(vma, old_pmd, old_addr, old_addr + extent, new_vma, -- new_pmd, new_addr, need_rmap_locks, &need_flush); -+ new_pmd, new_addr, need_rmap_locks); - } -- if (need_flush) -- flush_tlb_range(vma, old_end-len, old_addr); - - mmu_notifier_invalidate_range_end(vma->vm_mm, mmun_start, mmun_end); - --- -2.11.0 - diff --git a/debian/patches/bugfix/x86/x86-swiotlb-Enable-swiotlb-for-4GiG-RAM-on-32-bit-ke.patch b/debian/patches/bugfix/x86/x86-swiotlb-Enable-swiotlb-for-4GiG-RAM-on-32-bit-ke.patch deleted file mode 100644 index 570c0cf96..000000000 --- a/debian/patches/bugfix/x86/x86-swiotlb-Enable-swiotlb-for-4GiG-RAM-on-32-bit-ke.patch +++ /dev/null @@ -1,50 +0,0 @@ -From: Christoph Hellwig -Date: Sun, 14 Oct 2018 09:52:08 +0200 -Subject: x86/swiotlb: Enable swiotlb for > 4GiG RAM on 32-bit kernels -Origin: https://git.kernel.org/linus/485734f3fc77c1eb77ffe138c027b9a4bf0178f3 -Bug-Debian: https://bugs.debian.org/908924 -Bug: https://bugzilla.kernel.org/show_bug.cgi?id=200709 - -We already build the swiotlb code for 32-bit kernels with PAE support, -but the code to actually use swiotlb has only been enabled for 64-bit -kernels for an unknown reason. - -Before Linux v4.18 we paper over this fact because the networking code, -the SCSI layer and some random block drivers implemented their own -bounce buffering scheme. - -[ mingo: Changelog fixes. ] - -Fixes: 21e07dba9fb1 ("scsi: reduce use of block bounce buffers") -Fixes: ab74cfebafa3 ("net: remove the PCI_DMA_BUS_IS_PHYS check in illegal_highdma") -Reported-by: Matthew Whitehead -Signed-off-by: Christoph Hellwig -Signed-off-by: Thomas Gleixner -Tested-by: Matthew Whitehead -Cc: konrad.wilk@oracle.com -Cc: iommu@lists.linux-foundation.org -Cc: stable@vger.kernel.org -Link: https://lkml.kernel.org/r/20181014075208.2715-1-hch@lst.de -Signed-off-by: Ingo Molnar ---- - arch/x86/kernel/pci-swiotlb.c | 2 -- - 1 file changed, 2 deletions(-) - -diff --git a/arch/x86/kernel/pci-swiotlb.c b/arch/x86/kernel/pci-swiotlb.c -index 661583662430..71c0b01d93b1 100644 ---- a/arch/x86/kernel/pci-swiotlb.c -+++ b/arch/x86/kernel/pci-swiotlb.c -@@ -42,10 +42,8 @@ IOMMU_INIT_FINISH(pci_swiotlb_detect_override, - int __init pci_swiotlb_detect_4gb(void) - { - /* don't initialize swiotlb if iommu=off (no_iommu=1) */ --#ifdef CONFIG_X86_64 - if (!no_iommu && max_possible_pfn > MAX_DMA32_PFN) - swiotlb = 1; --#endif - - /* - * If SME is active then swiotlb will be set to 1 so that bounce --- -2.19.1 - diff --git a/debian/patches/features/all/lockdown/arm64-add-kernel-config-option-to-lock-down-when.patch b/debian/patches/features/all/lockdown/arm64-add-kernel-config-option-to-lock-down-when.patch index e9ede65b8..1e22a173f 100644 --- a/debian/patches/features/all/lockdown/arm64-add-kernel-config-option-to-lock-down-when.patch +++ b/debian/patches/features/all/lockdown/arm64-add-kernel-config-option-to-lock-down-when.patch @@ -18,6 +18,7 @@ Signed-off-by: Linn Crosetto - Pass result of efi_get_secureboot() in stub through to efi_set_secure_boot() in main kernel - Use lockdown API and naming] +[bwh: Forward-ported to 4.18.20: adjust context in update_fdt()] --- arch/arm64/Kconfig | 13 +++++++++++++ drivers/firmware/efi/arm-init.c | 7 +++++++ @@ -50,7 +51,7 @@ Signed-off-by: Linn Crosetto return; --- a/drivers/firmware/efi/efi.c +++ b/drivers/firmware/efi/efi.c -@@ -635,7 +635,8 @@ static __initdata struct params fdt_para +@@ -648,7 +648,8 @@ static __initdata struct params fdt_para UEFI_PARAM("MemMap Address", "linux,uefi-mmap-start", mmap), UEFI_PARAM("MemMap Size", "linux,uefi-mmap-size", mmap_size), UEFI_PARAM("MemMap Desc. Size", "linux,uefi-mmap-desc-size", desc_size), @@ -62,23 +63,22 @@ Signed-off-by: Linn Crosetto static __initdata struct params xen_fdt_params[] = { --- a/drivers/firmware/efi/libstub/fdt.c +++ b/drivers/firmware/efi/libstub/fdt.c -@@ -158,6 +158,13 @@ static efi_status_t update_fdt(efi_syste - return efi_status; +@@ -159,6 +159,12 @@ static efi_status_t update_fdt(efi_syste } } -+ + + fdt_val32 = cpu_to_fdt32(efi_get_secureboot(sys_table)); + status = fdt_setprop(fdt, node, "linux,uefi-secure-boot", + &fdt_val32, sizeof(fdt_val32)); + if (status) + goto fdt_set_fail; + - return EFI_SUCCESS; + /* shrink the FDT back to its minimum size */ + fdt_pack(fdt); - fdt_set_fail: --- a/include/linux/efi.h +++ b/include/linux/efi.h -@@ -749,6 +749,7 @@ struct efi_fdt_params { +@@ -786,6 +786,7 @@ struct efi_fdt_params { u32 mmap_size; u32 desc_size; u32 desc_ver; diff --git a/debian/patches/series b/debian/patches/series index f29ef21d5..bd216f4bd 100644 --- a/debian/patches/series +++ b/debian/patches/series @@ -100,7 +100,6 @@ bugfix/all/partially-revert-usb-kconfig-using-select-for-usb_co.patch bugfix/all/kbuild-include-addtree-remove-quotes-before-matching-path.patch debian/revert-objtool-fix-config_stack_validation-y-warning.patch bugfix/all/netfilter-ipvs-Fix-invalid-bytes-in-IP_VS_MH_TAB_IND.patch -bugfix/x86/x86-swiotlb-Enable-swiotlb-for-4GiG-RAM-on-32-bit-ke.patch # Miscellaneous features features/all/kbuild-add-build-salt-to-the-kernel-and-modules.patch @@ -145,8 +144,6 @@ features/all/lockdown/arm64-add-kernel-config-option-to-lock-down-when.patch # Security fixes debian/i386-686-pae-pci-set-pci-nobios-by-default.patch bugfix/all/Revert-net-increase-fragment-memory-usage-limits.patch -bugfix/all/mremap-properly-flush-TLB-before-releasing-the-page.patch -bugfix/all/cdrom-fix-improper-type-cast-which-can-leat-to-infor.patch # Fix exported symbol versions bugfix/all/module-disable-matching-missing-version-crc.patch