Accepted linux-4.9 4.9.144-3.1~deb8u1 (all source) into oldstable
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Thu, 14 Mar 2019 21:40:04 +0000
Source: linux-4.9
Binary: linux-doc-4.9 linux-headers-4.9.0-0.bpo.8-common linux-headers-4.9.0-0.bpo.8-common-rt linux-manual-4.9 linux-source-4.9 linux-support-4.9.0-0.bpo.8
linux-headers-4.9.0-0.bpo.8-armmp linux-image-4.9.0-0.bpo.8-armmp-lpae linux-headers-4.9.0-0.bpo.8-armmp-lpae linux-headers-4.9.0-0.bpo.8-all-hppa linux-image-4.9.0-0.bpo.8-parisc linux-headers-4.9.0-0.bpo.8-parisc linux-image-4.9.0-0.bpo.8-parisc64-smp linux-headers-4.9.0-0.bpo.8-parisc64-smp linux-headers-4.9.0-0.bpo.8-all-i386 linux-image-4.9.0-0.bpo.8-686 linux-headers-4.9.0-0.bpo.8-686 linux-image-4.9.0-0.bpo.8-686-pae linux-headers-4.9.0-0.bpo.8-686-pae linux-image-4.9.0-0.bpo.8-686-pae-dbg linux-image-4.9.0-0.bpo.8-rt-686-pae linux-headers-4.9.0-0.bpo.8-rt-686-pae linux-image-4.9.0-0.bpo.8-rt-686-pae-dbg linux-headers-4.9.0-0.bpo.8-all-m68k linux-image-4.9.0-0.bpo.8-m68k linux-headers-4.9.0-0.bpo.8-m68k linux-headers-4.9.0-0.bpo.8-all-mips linux-image-4.9.0-0.bpo.8-4kc-malta linux-headers-4.9.0-0.bpo.8-4kc-malta linux-image-4.9.0-0.bpo.8-5kc-malta linux-headers-4.9.0-0.bpo.8-5kc-malta linux-image-4.9.0-0.bpo.8-octeon linux-headers-4.9.0-0.bpo.8-octeon
linux-headers-4.9.0-0.bpo.8-all-mipsel linux-image-4.9.0-0.bpo.8-loongson-3 linux-headers-4.9.0-0.bpo.8-loongson-3 linux-headers-4.9.0-0.bpo.8-all-mips64 linux-headers-4.9.0-0.bpo.8-all-mips64el linux-headers-4.9.0-0.bpo.8-all-powerpc linux-image-4.9.0-0.bpo.8-powerpc linux-headers-4.9.0-0.bpo.8-powerpc linux-image-4.9.0-0.bpo.8-powerpc-smp linux-headers-4.9.0-0.bpo.8-powerpc-smp linux-image-4.9.0-0.bpo.8-powerpc64 linux-headers-4.9.0-0.bpo.8-powerpc64 linux-headers-4.9.0-0.bpo.8-all-powerpcspe linux-image-4.9.0-0.bpo.8-powerpcspe linux-headers-4.9.0-0.bpo.8-powerpcspe linux-headers-4.9.0-0.bpo.8-all-ppc64 linux-headers-4.9.0-0.bpo.8-all-ppc64el linux-image-4.9.0-0.bpo.8-powerpc64le linux-headers-4.9.0-0.bpo.8-powerpc64le linux-headers-4.9.0-0.bpo.8-all-s390x linux-image-4.9.0-0.bpo.8-s390x linux-headers-4.9.0-0.bpo.8-s390x linux-image-4.9.0-0.bpo.8-s390x-dbg linux-headers-4.9.0-0.bpo.8-all-sh4 linux-image-4.9.0-0.bpo.8-sh7751r linux-headers-4.9.0-0.bpo.8-sh7751r
linux-image-4.9.0-0.bpo.8-sh7785lcr linux-headers-4.9.0-0.bpo.8-sh7785lcr linux-headers-4.9.0-0.bpo.8-all-sparc64 linux-image-4.9.0-0.bpo.8-sparc64 linux-headers-4.9.0-0.bpo.8-sparc64 linux-image-4.9.0-0.bpo.8-sparc64-smp linux-headers-4.9.0-0.bpo.8-sparc64-smp linux-compiler-gcc-4.9-arm
linux-compiler-gcc-4.9-s390
Architecture: all source
Version: 4.9.144-3.1~deb8u1
Distribution: jessie-security
Urgency: high
Maintainer: Debian Kernel Team <debian-kernel@lists.debian.org>
Changed-By: Ben Hutchings <ben@decadent.org.uk>
Closes: 890034 896911 907581 911421 914556 915229 915231 922478
Description:
linux-doc-4.9 - Linux kernel specific documentation for version 4.9
linux-headers-4.9.0-0.bpo.8-common - Common header files for Linux 4.9.0-0.bpo.8
linux-headers-4.9.0-0.bpo.8-common-rt - Common header files for Linux 4.9.0-0.bpo.8-rt
linux-manual-4.9 - Linux kernel API manual pages for version 4.9
linux-source-4.9 - Linux kernel source for version 4.9 with Debian patches
linux-support-4.9.0-0.bpo.8 - Support files for Linux 4.9
Changes:
linux-4.9 (4.9.144-3.1~deb8u1) jessie-security; urgency=medium
.
* Backport to jessie; no further changes required
.
linux (4.9.144-3.1) stretch; urgency=high
.
* Non-maintainer upload.
* Fix boot breakage on 32-bit arm (closes: #922478). Thanks to Adrian Bunk
for spotting the mistake.
.
linux (4.9.144-3) stretch; urgency=medium
.
* libceph: fix CEPH_FEATURE_CEPHX_V2 check in calc_signature()
(regression in 4.9.144)
.
linux (4.9.144-2) stretch; urgency=medium
.
* [mips*] inst: Avoid ABI change in 4.9.136 (fixes FTBFS)
* efi/libstub: Unify command line param parsing (fixes FTBFS on arm64)
.
linux (4.9.144-1) stretch; urgency=medium
.
* New upstream stable update:
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.136
- xfrm: Validate address prefix lengths in the xfrm selector.
- xfrm6: call kfree_skb when skb is toobig
- mac80211: Always report TX status
- cfg80211: reg: Init wiphy_idx in regulatory_hint_core()
- mac80211: fix pending queue hang due to TX_DROP
- cfg80211: Address some corner cases in scan result channel updating
- mac80211: TDLS: fix skb queue/priority assignment
- [armel,armhf] 8799/1: mm: fix pci_ioremap_io() offset check
- xfrm: validate template mode
- nl80211: Fix possible Spectre-v1 for NL80211_TXRATE_HT
- mac80211_hwsim: do not omit multicast announce of first added radio
- Bluetooth: SMP: fix crash in unpairing
- qed: Avoid implicit enum conversion in qed_roce_mode_to_flavor
- qed: Avoid constant logical operation warning in qed_vf_pf_acquire
- asix: Check for supported Wake-on-LAN modes
- ax88179_178a: Check for supported Wake-on-LAN modes
- lan78xx: Check for supported Wake-on-LAN modes
- sr9800: Check for supported Wake-on-LAN modes
- r8152: Check for supported Wake-on-LAN Modes
- smsc75xx: Check for Wake-on-LAN modes
- smsc95xx: Check for Wake-on-LAN modes
- perf/ring_buffer: Prevent concurent ring buffer access
- [x86] perf/x86/intel/uncore: Fix PCI BDF address of M3UPI on SKX
- [armhf] net: fec: fix rare tx timeout
- net: cxgb3_main: fix a missing-check bug
- perf symbols: Fix memory corruption because of zero length symbols
- mm/memory_hotplug.c: fix overflow in test_pages_in_a_zone()
- [mips*] microMIPS: Fix decoding of swsp16 instruction
- [mips*] Handle non word sized instructions when examining frame
- scsi: aacraid: Fix typo in blink status
- f2fs: fix multiple f2fs_add_link() having same name for inline dentry
- igb: Remove superfluous reset to PHY and page 0 selection
- ACPI: sysfs: Make ACPI GPE mask kernel parameter cover all GPEs
- PCI: Disable MSI for HiSilicon Hip06/Hip07 only in Root Port mode
- [arm64,armhf] i2c: bcm2835: Avoid possible NULL ptr dereference
- efi/fb: Correct PCI_STD_RESOURCE_END usage
- ipv6: set rt6i_protocol properly in the route when it is installed
- [x86] platform: acer-wmi: setup accelerometer when ACPI device was found
- IB/ipoib: Do not warn if IPoIB debugfs doesn't exist
- IB/core: Fix the validations of a multicast LID in attach or detach
operations
- rxe: Fix a sleep-in-atomic bug in post_one_send
- nvme-pci: fix CMB sysfs file removal in reset path
- net: phy: marvell: Limit 88m1101 autoneg errata to 88E1145 as well.
- net/mlx5: Fix command completion after timeout access invalid structure
- tipc: Fix tipc_sk_reinit handling of -EAGAIN
- tipc: fix a race condition of releasing subscriber object
- bnxt_en: Don't use rtnl lock to protect link change logic in workqueue.
- [armhf] dts: bcm283x: Reserve first page for firmware
- btrfs: fiemap: Cache and merge fiemap extent before submit it to user
- [arm64] reset: hi6220: Set module license so that it can be loaded
- [x86] ASoC: Intel: Skylake: Fix to parse consecutive string tkns in
manifest
- mac80211: fix TX aggregation start/stop callback race
- libata: fix error checking in in ata_parse_force_one()
- [armhf] net: ethernet: stmmac: Fix altr_tse_pcs SGMII Initialization
- [i386] x86/cpu/cyrix: Add alternative Device ID of Geode GX1 SoC
- [armhf] gpu: ipu-v3: Fix CSI selection for VDIC
- [arm64,armhf] net: stmmac: ensure jumbo_frm error return is correctly
checked for -ve value
- Btrfs: clear EXTENT_DEFRAG bits in finish_ordered_io
- ufs: we need to sync inode before freeing it
- net/mlx5e: Fix fixpoint divide exception in mlx5e_am_stats_compare
- ip6_tunnel: Correct tos value in collect_md mode
- net/mlx5: Fix driver load error flow when firmware is stuck
- perf evsel: Fix probing of precise_ip level for default cycles event
- perf probe: Fix probe definition for inlined functions
- net/mlx5: Fix health work queue spin lock to IRQ safe
- [armhf] usb: dwc3: omap: remove IRQ_NOAUTOEN used with shared irq
- [armhf] clk: samsung: Fix m2m scaler clock on Exynos542x
- rds: ib: Fix missing call to rds_ib_dev_put in rds_ib_setup_qp
- qed: Warn PTT usage by wrong hw-function
- ocfs2: fix deadlock caused by recursive locking in xattr
- net: cdc_ncm: GetNtbFormat endian fix
- sctp: use right member as the param of list_for_each_entry
- ALSA: hda - No loopback on ALC299 codec
- ath10k: convert warning about non-existent OTP board id to debug message
- ipv6: fix cleanup ordering for ip6_mr failure
- IB/ipoib: Fix lockdep issue found on ipoib_ib_dev_heavy_flush
- IB/rxe: put the pool on allocation failure
- nbd: only set MSG_MORE when we have more to send
- mm/frame_vector.c: release a semaphore in 'get_vaddr_frames()'
- IB/mlx5: Avoid passing an invalid QP type to firmware
- scsi: qla2xxx: Avoid double completion of abort command
- drm: bochs: Don't remove uninitialized fbdev framebuffer
- i40e: avoid NVM acquire deadlock during NVM update
- Revert "IB/ipoib: Update broadcast object if PKey value was changed in
index 0"
- Btrfs: incremental send, fix invalid memory access
- [arm64] drm/msm: Fix possible null dereference on failure of get_pages()
- l2tp: remove configurable payload offset
- macsec: fix memory leaks when skb_to_sgvec fails
- perf/core: Fix locking for children siblings group read
- cifs: Use ULL suffix for 64-bit constant
- futex: futex_wake_op, do not fail on invalid op
- ALSA: hda - Fix incorrect usage of IS_REACHABLE()
- enic: do not overwrite error code
- bonding: ratelimit failed speed/duplex update warning
- nvmet: fix space padding in serial number
- iio: buffer: fix the function signature to match implementation
- [x86] paravirt: Fix some warning messages
- IB/mlx4: Fix an error handling path in 'mlx4_ib_rereg_user_mr()'
- libertas: call into generic suspend code before turning off power
- xhci: Fix USB3 NULL pointer dereference at logical disconnect.
- [armhf] dts: imx53-qsb: disable 1.2GHz OPP
- rxrpc: Don't check RXRPC_CALL_TX_LAST after calling
rxrpc_rotate_tx_window()
- rxrpc: Only take the rwind and mtu values from latest ACK
- [x86] net: ena: fix NULL dereference due to untimely napi initialization
- fs/fat/fatent.c: add cond_resched() to fat_count_free_clusters()
- mtd: spi-nor: Add support for is25wp series chips
- Revert "netfilter: ipv6: nf_defrag: drop skb dst before queueing"
- bridge: do not add port to router list when receives query with source
0.0.0.0
- net: bridge: remove ipv6 zero address check in mcast queries
- ipv6: mcast: fix a use-after-free in inet6_mc_check
- ipv6/ndisc: Preserve IPv6 control buffer if protocol error handlers are
called
- llc: set SOCK_RCU_FREE in llc_sap_add_socket()
- net/ipv6: Fix index counter for unicast addresses in in6_dump_addrs
- net: sched: gred: pass the right attribute to gred_change_table_def()
- net: socket: fix a missing-check bug
- [arm64,armhf] net: stmmac: Fix stmmac_mdio_reset() when building stmmac
as modules
- net: udp: fix handling of CHECKSUM_COMPLETE packets
- r8169: fix NAPI handling under high load
- sctp: fix race on sctp_id2asoc
- vhost: Fix Spectre V1 vulnerability
- ethtool: fix a privilege escalation bug
- bonding: fix length of actor system
- net: drop skb on failure in ip_check_defrag()
- net: fix pskb_trim_rcsum_slow() with odd trim offset
- rtnetlink: Disallow FDB configuration for non-Ethernet device
- ip6_tunnel: Fix encapsulation layout
- crypto: shash - Fix a sleep-in-atomic bug in shash_setkey_unaligned
- ahci: don't ignore result code of ahci_reset_controller()
- xfs: truncate transaction does not modify the inobt
- cachefiles: fix the race between cachefiles_bury_object() and rmdir(2)
- ptp: fix Spectre v1 vulnerability
- drm/edid: Add 6 bpc quirk for BOE panel in HP Pavilion 15-n233sl
- RDMA/ucma: Fix Spectre v1 vulnerability
- IB/ucm: Fix Spectre v1 vulnerability
- cdc-acm: correct counting of UART states in serial state notification
- usb: gadget: storage: Fix Spectre v1 vulnerability
- USB: fix the usbfs flag sanitization for control transfers
- Input: elan_i2c - add ACPI ID for Lenovo IdeaPad 330-15IGM
- sched/fair: Fix throttle_list starvation with low CFS quota
- [x86] percpu: Fix this_cpu_read()
- [x86] time: Correct the attribute on jiffies' definition
- posix-timers: Sanitize overrun handling (CVE-2018-12896)
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.137
- bcache: fix miss key refill->end in writeback
- jffs2: free jffs2_sb_info through jffs2_kill_sb()
- pcmcia: Implement CLKRUN protocol disabling for Ricoh bridges
- [arm64] ipmi: Fix timer race with module unload
- [hppa/parisc] Fix address in HPMC IVA
- [hppa/parisc] Fix map_pages() to not overwrite existing pte entries
- ALSA: hda - Add quirk for ASUS G751 laptop
- ALSA: hda - Fix headphone pin config for ASUS G751
- ALSA: hda - Add mic quirk for the Lenovo G50-30 (17aa:3905)
- ALSA: ca0106: Disable IZD on SB0570 DAC to fix audio pops
- [x86] speculation: Enable cross-hyperthread spectre v2 STIBP mitigation
- [x86] corruption-check: Fix panic in memory_corruption_check() when boot
option without value is provided
- [x86] speculation: Support Enhanced IBRS on future CPUs
- Revert "perf tools: Fix PMU term format max value calculation"
- xfrm: policy: use hlist rcu variants on insert
- sched/fair: Fix the min_vruntime update logic in dequeue_entity()
- perf cpu_map: Align cpu map synthesized events properly.
- [x86] fpu: Remove second definition of fpu in __fpu__restore_sig()
- net: qla3xxx: Remove overflowing shift statement
- locking/lockdep: Fix debug_locks off performance problem
- tun: Consistently configure generic netdev params via rtnetlink
- [s390x] sthyi: Fix machine name validity indication
- [armhf] hwmon: (pwm-fan) Set fan speed to 0 on suspend
- perf tools: Free temporary 'sys' string in read_event_files()
- perf tools: Cleanup trace-event-info 'tdata' leak
- perf strbuf: Match va_{add,copy} with va_end
- mmc: sdhci-pci-o2micro: Add quirk for O2 Micro dev 0x8620 rev 0x01
- iwlwifi: pcie: avoid empty free RB queue
- [i386] x86/olpc: Indicate that legacy PC XO-1 platform should not
register RTC
- [arm64,armhf] cpufreq: dt: Try freeing static OPPs only if we have added
them
- Bluetooth: btbcm: Add entry for BCM4335C0 UART bluetooth
- [arm64] pinctrl: qcom: spmi-mpp: Fix err handling of pmic_mpp_set_mux
- brcmfmac: fix for proper support of 160MHz bandwidth
- kprobes: Return error if we fail to reuse kprobe instead of BUG_ON()
- ACPI / LPSS: Add alternative ACPI HIDs for Cherry Trail DMA controllers
- [arm64] pinctrl: qcom: spmi-mpp: Fix drive strength setting
- [arm64] pinctrl: spmi-mpp: Fix pmic_mpp_config_get() to be compliant
- [arm64] pinctrl: ssbi-gpio: Fix pm8xxx_pin_config_get() to be compliant
- ixgbevf: VF2VF TCP RSS
- ath10k: schedule hardware restart if WMI command times out
- cgroup, netclassid: add a preemption point to write_classid
- scsi: esp_scsi: Track residual for PIO transfers
- scsi: megaraid_sas: fix a missing-check bug
- RDMA/core: Do not expose unsupported counters
- IB/ipoib: Clear IPCB before icmp_send
- tpm: suppress transmit cmd error logs when TPM 1.2 is
disabled/deactivated
- [x86] VMCI: Resource wildcard match fixed
- ext4: fix argument checking in EXT4_IOC_MOVE_EXT
- MD: fix invalid stored role for a disk
- PCI/MSI: Warn and return error if driver enables MSI/MSI-X twice
- [arm64,armhf] usb: chipidea: Prevent unbalanced IRQ disable
- [amd64] driver/dma/ioat: Call del_timer_sync() without holding prep_lock
- uio: ensure class is registered before devices
- scsi: lpfc: Correct soft lockup when running mds diagnostics
- signal: Always deliver the kernel's SIGKILL and SIGSTOP to a pid
namespace init
- ALSA: hda: Check the non-cached stream buffers more explicitly
- [armhf] dts: exynos: Remove "cooling-{min|max}-level" for CPU nodes
- [armhf] dts: exynos: Add missing cooling device properties for CPUs
- [armhf] dts: exynos: Convert exynos5250.dtsi to opp-v2 bindings
- [armhf] dts: exynos: Mark 1 GHz CPU OPP as suspend OPP on Exynos5250
- xen-swiotlb: use actually allocated size on check physical continuous
- [x86] tpm: Restore functionality to xen vtpm driver.
- xen/blkfront: avoid NULL blkfront_info dereference on device removal
- [x86] xen: fix race in xen_qlock_wait()
- [x86] xen: make xen_qlock_wait() nestable
- libertas: don't set URB_ZERO_PACKET on IN USB transfer
- [x86] usbip:vudc: BUG kmalloc-2048 (Not tainted): Poison overwritten
- iwlwifi: mvm: check return value of rs_rate_from_ucode_rate()
- [x86] libnvdimm: Hold reference on parent while scheduling async init
- [x86] ASoC: intel: skylake: Add missing break in skl_tplg_get_token()
- jbd2: fix use after free in jbd2_log_do_checkpoint()
- gfs2_meta: ->mount() can get NULL dev_name
- ext4: initialize retries variable in ext4_da_write_inline_data_begin()
- ext4: propagate error from dquot_initialize() in EXT4_IOC_FSSETXATTR
- HID: hiddev: fix potential Spectre v1
- EDAC, {i7core,sb,skx}_edac: Fix uncorrected error counting
- [amd64] EDAC, skx_edac: Fix logical channel intermediate decoding
- PCI: Add Device IDs for Intel GPU "spurious interrupt" quirk
- [ppc64el] signal/GenWQE: Fix sending of SIGKILL
- crypto: lrw - Fix out-of bounds access on counter overflow
- crypto: tcrypt - fix ghash-generic speed test
- ima: fix showing large 'violations' or 'runtime_measurements_count'
- hugetlbfs: dirty pages as they are added to pagecache
- [armhf] w1: omap-hdq: fix missing bus unregister at removal
- smb3: allow stats which track session and share reconnects to be reset
- smb3: do not attempt cifs operation in smb3 query info error path
- smb3: on kerberos mount if server doesn't specify auth type use krb5
- printk: Fix panic caused by passing log_buf_len to command line
- genirq: Fix race on spurious interrupt detection
- NFSv4.1: Fix the r/wsize checking
- nfsd: Fix an Oops in free_session()
- lockd: fix access beyond unterminated strings in prints
- dm ioctl: harden copy_params()'s copy_from_user() from malicious users
- [powerpc*] msi: Fix compile error on mpc83xx
- [mips*] OCTEON: fix out of bounds array access on CN68XX
- media: v4l2-tpg: fix kernel oops when enabling HFLIP and OSD
- [x86] xen: fix xen_qlock_wait()
- media: em28xx: use a default format if TRY_FMT fails
- media: tvp5150: avoid going past array on v4l2_querymenu()
- media: em28xx: fix input name for Terratec AV 350
- media: em28xx: make v4l2-compliance happier by starting sequence on zero
- [arm64] lse: remove -fcall-used-x0 flag
- rpmsg: smd: fix memory leak on channel create
- Cramfs: fix abad comparison when wrap-arounds occur
- [arm64,armhf] soc/tegra: pmc: Fix child-node lookup
- btrfs: Handle owner mismatch gracefully when walking up tree
- btrfs: locking: Add extra check in btrfs_init_new_buffer() to avoid
deadlock
- btrfs: fix error handling in free_log_tree
- btrfs: iterate all devices during trim, instead of
fs_devices::alloc_list
- btrfs: don't attempt to trim devices that don't support it
- btrfs: wait on caching when putting the bg cache
- btrfs: reset max_extent_size on clear in a bitmap
- btrfs: make sure we create all new block groups
- Btrfs: fix wrong dentries after fsync of file that got its parent
replaced
- btrfs: qgroup: Dirty all qgroups before rescan
- Btrfs: fix null pointer dereference on compressed write path error
- btrfs: set max_extent_size properly
- MD: fix invalid stored role for a disk - try2
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.138
- [powerpc*] powerpc/eeh: Fix possible null deref in eeh_dump_dev_log()
- tty: check name length in tty_find_polling_driver()
- [powerpc*] nohash: fix undefined behaviour when testing page size
support
- [armhf] drm/omap: fix memory barrier bug in DMM driver
- media: pci: cx23885: handle adding to list failure
- [mips*] kexec: Mark CPU offline before disabling local IRQ
- [powerpc*] boot: Ensure _zimage_start is a weak symbol
- [mips*] PCI: Call pcie_bus_configure_settings() to set MPS/MRRS
- media: tvp5150: fix width alignment during set_selection()
- 9p locks: fix glock.client_id leak in do_lock
- 9p: clear dangling pointers in p9stat_free
- cdrom: fix improper type cast, which can leat to information leak.
(CVE-2018-18710)
- scsi: qla2xxx: Fix incorrect port speed being set for FC adapters
- scsi: qla2xxx: shutdown chip if reset fail
- fuse: Fix use-after-free in fuse_dev_do_read()
- fuse: Fix use-after-free in fuse_dev_do_write()
- fuse: fix blocked_waitq wakeup
- fuse: set FR_SENT while locked
- mm: do not bug_on on incorrect length in __mm_populate()
- e1000: avoid null pointer dereference on invalid stat type
- e1000: fix race condition between e1000_down() and e1000_watchdog
- bna: ethtool: Avoid reading past end of buffer
- [hppa/parisc] Align os_hpmc_size on word boundary
- [hppa/parisc] Fix HPMC handler by increasing size to multiple of 16
bytes
- [hppa/parisc] Fix exported address of os_hpmc handler
- [mips64el,mipsel] Loongson-3: Fix CPU UART irq delivery problem
- [mips64le,mipsel] Loongson-3: Fix BRIDGE irq delivery problem
- [armhf] clk: s2mps11: Fix matching when built as module and DT node
contains compatible
- [armhf] clk: rockchip: Fix static checker warning in
rockchip_ddrclk_get_parent call
- libceph: bump CEPH_MSG_MAX_DATA_LEN
- Revert "ceph: fix dentry leak in splice_dentry()"
- mach64: fix display corruption on big endian machines
- mach64: fix image corruption due to reading accelerator registers
- [arm64] reset: hisilicon: fix potential NULL pointer dereference
- vhost/scsi: truncate T10 PI iov_iter to prot_bytes
- ocfs2: fix a misuse a of brelse after failing ocfs2_check_dir_entry
- mm: thp: relax __GFP_THISNODE for MADV_HUGEPAGE mappings
- netfilter: conntrack: fix calculation of next bucket number in
early_drop
- termios, tty/tty_baudrate.c: fix buffer overrun
- Btrfs: fix cur_offset in the error case for nocow
- Btrfs: fix data corruption due to cloning of eof block
- clockevents/drivers/i8253: Add support for PIT shutdown quirk
- ext4: add missing brelse() update_backups()'s error path
- ext4: add missing brelse() in set_flexbg_block_bitmap()'s error path
- ext4: add missing brelse() add_new_gdb_meta_bg()'s error path
- ext4: avoid potential extra brelse in setup_new_flex_group_blocks()
- ext4: fix possible inode leak in the retry loop of ext4_resize_fs()
- ext4: avoid buffer leak in ext4_orphan_add() after prior errors
- ext4: fix missing cleanup if ext4_alloc_flex_bg_array() fails while
resizing
- ext4: avoid possible double brelse() in add_new_gdb() on error path
- ext4: fix possible leak of sbi->s_group_desc_leak in error path
- ext4: fix possible leak of s_journal_flag_rwsem in error path
- ext4: release bs.bh before re-using in ext4_xattr_block_find()
- ext4: fix buffer leak in ext4_xattr_move_to_block() on error path
- ext4: fix buffer leak in __ext4_read_dirblock() on error path
- mount: Retest MNT_LOCKED in do_umount
- mount: Don't allow copying MNT_UNBINDABLE|MNT_LOCKED mounts
- mount: Prevent MNT_DETACH from disconnecting locked mounts
- sunrpc: correct the computation for page_ptr when truncating
- nfsd: COPY and CLONE operations require the saved filehandle to be set
- rtc: hctosys: Add missing range error reporting
- fuse: fix use-after-free in fuse_direct_IO()
- fuse: fix leaked notify reply
- configfs: replace strncpy with memcpy
- lib/ubsan.c: don't mark __ubsan_handle_builtin_unreachable as noreturn
- hugetlbfs: fix kernel BUG at fs/hugetlbfs/inode.c:444!
- mm: migration: fix migration of huge PMD shared pages
- [armhf] drm/rockchip: Allow driver to be shutdown on reboot/kexec
- drm/dp_mst: Check if primary mstb is null
- [x86] drm/i915/hdmi: Add HDMI 2.0 audio clock recovery N values
- [x86] drm/i915/execlists: Force write serialisation into context image
vs execution
- [arm64] KVM: Fix caching of host MDCR_EL2 value
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.139
- flow_dissector: do not dissect l4 ports for fragments
- ip_tunnel: don't force DF when MTU is locked
- net-gro: reset skb->pkt_type in napi_reuse_skb()
- sctp: not allow to set asoc prsctp_enable by sockopt
- tg3: Add PHY reset for 5717/5719/5720 in change ring and flow control
paths
- usbnet: smsc95xx: disable carrier check while suspending
- inet: frags: better deal with smp races
- ipv6: Fix PMTU updates for UDP/raw sockets in presence of VRF
- kbuild: Add better clang cross build support
- kbuild: clang: add -no-integrated-as to KBUILD_[AC]FLAGS
- kbuild: Consolidate header generation from ASM offset information
- kbuild: consolidate redundant sed script ASM offset generation
- kbuild: fix asm-offset generation to work with clang
- kbuild: drop -Wno-unknown-warning-option from clang options
- kbuild, LLVMLinux: Add -Werror to cc-option to support clang
- kbuild: use -Oz instead of -Os when using clang
- kbuild: Add support to generate LLVM assembly files
- modules: mark __inittest/__exittest as __maybe_unused
- [x86] kbuild: Use cc-option to enable -falign-{jumps/loops}
- [amd64] crypto, x86: aesni - fix token pasting for clang
- kbuild: Add __cc-option macro
- [x86] build: Use __cc-option for boot code compiler options
- [x86] build: Specify stack alignment for clang
- kbuild: clang: Disable 'address-of-packed-member' warning
- [arm64] crypto: arm64/sha - avoid non-standard inline asm tricks
- [x86] boot: #undef memcpy() et al in string.c
- [arm64] efi/libstub/arm64: Use hidden attribute for struct screen_info
reference
- [arm64] efi/libstub/arm64: Force 'hidden' visibility for section markers
- efi/libstub: Preserve .debug sections after absolute relocation check
- [arm64] efi/libstub/arm64: Set -fpie when building the EFI stub
- [x86] build: Fix stack alignment for CLang
- [x86] build: Use cc-option to validate stack alignment parameter
- Kbuild: use -fshort-wchar globally
- [arm64] uaccess: suppress spurious clang warning
- [armel,armhf] add more CPU part numbers for Cortex and Brahma B15 CPUs
- [armel,armhf] bugs: prepare processor bug infrastructure
- [armel,armhf] bugs: hook processor bug checking into SMP and suspend
paths
- [armel,armhf] bugs: add support for per-processor bug checking
- [armel,armhf] spectre: add Kconfig symbol for CPUs vulnerable to Spectre
- [armel,armhf] spectre-v2: harden branch predictor on context switches
- [armel,armhf] spectre-v2: add Cortex A8 and A15 validation of the IBE
bit
- [armel,armhf] spectre-v2: harden user aborts in kernel space
- [armel,armhf] spectre-v2: add firmware based hardening
- [armel,armhf] spectre-v2: warn about incorrect context switching
functions
- [armel,armhf] KVM: invalidate BTB on guest exit for Cortex-A12/A17
- [armel,armhf] KVM: invalidate icache on guest exit for Cortex-A15
- [armel,armhf] spectre-v2: KVM: invalidate icache on guest exit for
Brahma B15
- [armel,armhf] KVM: Add SMCCC_ARCH_WORKAROUND_1 fast handling
- [armel,armhf] KVM: report support for SMCCC_ARCH_WORKAROUND_1
- [armel,armhf] spectre-v1: add speculation barrier (csdb) macros
- [armel,armhf] spectre-v1: add array_index_mask_nospec() implementation
- [armel,armhf] spectre-v1: fix syscall entry
- [armel,armhf] signal: copy registers using __copy_from_user()
- [armel,armhf] vfp: use __copy_from_user() when restoring VFP state
- [armel,armhf] oabi-compat: copy semops using __copy_from_user()
- [armel,armhf] use __inttype() in get_user()
- [armel,armhf] spectre-v1: use get_user() for __get_user()
- [armel,armhf] spectre-v1: mitigate user accesses
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.140
- Revert "x86/speculation: Enable cross-hyperthread spectre v2 STIBP
mitigation"
- Revert "ipv6: set rt6i_protocol properly in the route when it is
installed"
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.141
- cifs: don't dereference smb_file_target before null check
- reiserfs: propagate errors from fill_with_dentries() properly
- hfs: prevent btree data loss on root split
- hfsplus: prevent btree data loss on root split
- drm/edid: Add 6 bpc quirk for BOE panel.
- clk: fixed-rate: fix of_node_get-put imbalance
- fs/exofs: fix potential memory leak in mount option parsing
- [armhf] clk: samsung: exynos5420: Enable PERIS clocks for suspend
- [x86] platform/x86: acerhdf: Add BIOS entry for Gateway LT31 v1.3307
- [arm64] percpu: Initialize ret in the default case
- netfilter: ipset: actually allow allowable CIDR 0 in hash:net,port,net
- netfilter: ipset: Correct rcu_dereference() call in ip_set_put_comment()
- netfilter: xt_IDLETIMER: add sysfs filename checking routine
- [s390x] qeth: fix HiperSockets sniffer
- [ppc64el] hwmon: (ibmpowernv) Remove bogus __init annotations
- clk: fixed-factor: fix of_node_get-put imbalance
- qed: Fix memory/entry leak in qed_init_sp_request()
- qed: Fix blocking/unlimited SPQ entries leak
- zram: close udev startup race condition as default groups
- SUNRPC: drop pointless static qualifier in xdr_get_next_encode_buffer()
- gfs2: Put bitmap buffers in put_super
- btrfs: Enhance btrfs_trim_fs function to handle error better
- btrfs: Ensure btrfs_trim_fs can trim the whole filesystem
- btrfs: fix pinned underflow after transaction aborted
- Revert "media: videobuf2-core: don't call memop 'finish' when queueing"
- Revert "Bluetooth: h5: Fix missing dependency on BT_HCIUART_SERDEV"
- media: v4l: event: Add subscription to list before calling "add"
operation
- uio: Fix an Oops on load
- usb: cdc-acm: add entry for Hiro (Conexant) modem
- USB: quirks: Add no-lpm quirk for Raydium touchscreens
- usb: quirks: Add delay-init quirk for Corsair K70 LUX RGB
- USB: misc: appledisplay: add 20" Apple Cinema Display
- [x86] ACPI / platform: Add SMB0001 HID to forbidden_id_list
- HID: uhid: forbid UHID_CREATE under KERNEL_DS or elevated privileges
- libceph: fall back to sendmsg for slab pages
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.142
- usb: core: Fix hub port connection events lost
- [arm64,armhf] usb: dwc3: core: Clean up ULPI device
- usb: xhci: fix timeout for transition from RExit to U0
- MAINTAINERS: Add Sasha as a stable branch maintainer
- gpio: don't free unallocated ida on gpiochip_add_data_with_key() error
path
- iwlwifi: mvm: support sta_statistics() even on older firmware
- iwlwifi: mvm: fix regulatory domain update when the firmware starts
- brcmfmac: fix reporting support for 160 MHz channels
- tools/power/cpupower: fix compilation with STATIC=true
- v9fs_dir_readdir: fix double-free on p9stat_read error
- selinux: Add __GFP_NOWARN to allocation at str_read()
- bfs: add sanity check at bfs_fill_super()
- sctp: clear the transport of some out_chunk_list chunks in
sctp_assoc_rm_peer
- gfs2: Don't leave s_fs_info pointing to freed memory in init_sbd
- llc: do not use sk_eat_skb()
- mm: don't warn about large allocations for slab
- drm/ast: change resolution may cause screen blurred
- drm/ast: fixed cursor may disappear sometimes
- drm/ast: Remove existing framebuffers before loading driver
- can: dev: can_get_echo_skb(): factor out non sending code to
__can_get_echo_skb()
- can: dev: __can_get_echo_skb(): replace struct can_frame by canfd_frame
to access frame length
- can: dev: __can_get_echo_skb(): Don't crash the kernel if
can_priv::echo_skb is accessed out of bounds
- can: dev: __can_get_echo_skb(): print error message, if trying to echo
non existing skb
- IB/core: Fix for core panic
- [amd64] IB/hfi1: Eliminate races in the SDMA send error path
- usb: xhci: Prevent bus suspend if a port connect change or polling state
is detected
- [arm64] pinctrl: meson: fix pinconf bias disable
- [armhf] cpufreq: imx6q: add return value check for voltage scale
- floppy: fix race condition in __floppy_read_block_0()
- [powerpc*] io: Fix the IO workarounds code to work with Radix
- [x86] perf/x86/intel/uncore: Add more IMC PCI IDs for KabyLake and
CoffeeLake CPUs
- SUNRPC: Fix a bogus get/put in generic_key_to_expire()
- [powerpc*] numa: Suppress "VPHN is not supported" messages
- [arm64,armhf] efi/arm: Revert deferred unmap of early memmap mapping
- tmpfs: make lseek(SEEK_DATA/SEK_HOLE) return ENXIO with a negative
offset
- of: add helper to lookup compatible child node
- ath10k: fix kernel panic due to race in accessing arvif list
- Input: xpad - add product ID for Xbox One S pad
- Input: xpad - fix Xbox One rumble stopping after 2.5 secs
- Input: xpad - correctly sort vendor id's
- Input: xpad - move reporting xbox one home button to common function
- Input: xpad - simplify error condition in init_output
- Input: xpad - don't depend on endpoint order
- Input: xpad - fix stuck mode button on Xbox One S pad
- Input: xpad - restore LED state after device resume
- Input: xpad - support some quirky Xbox One pads
- Input: xpad - sort supported devices by USB ID
- Input: xpad - sync supported devices with xboxdrv
- Input: xpad - add USB IDs for Mad Catz Brawlstick and Razer Sabertooth
- Input: xpad - sync supported devices with 360Controller
- Input: xpad - sync supported devices with XBCD
- Input: xpad - constify usb_device_id
- Input: xpad - fix PowerA init quirk for some gamepad models
- Input: xpad - validate USB endpoint type during probe
- Input: xpad - add support for PDP Xbox One controllers
- Input: xpad - add PDP device id 0x02a4
- Input: xpad - fix some coding style issues
- Input: xpad - avoid using __set_bit() for capabilities
- Input: xpad - add GPD Win 2 Controller USB IDs
- Input: xpad - fix GPD Win 2 controller name
- Input: xpad - add support for Xbox1 PDP Camo series gamepad
- mwifiex: prevent register accesses after host is sleeping
- mwifiex: report error to PCIe for suspend failure
- mwifiex: Fix NULL pointer dereference in skb_dequeue()
- mwifiex: fix p2p device doesn't find in scan problem
- scsi: ufs: fix bugs related to null pointer access and array size
- scsi: ufshcd: Fix race between clk scaling and ungate work
- scsi: ufs: fix race between clock gating and devfreq scaling work
- scsi: ufshcd: release resources if probe fails
- tty: wipe buffer.
- tty: wipe buffer if not echoing data
- usb: xhci: fix uninitialized completion when USB3 port got wrong status
- sched/core: Allow __sched_setscheduler() in interrupts when PI is not
used
- namei: allow restricted O_CREAT of FIFOs and regular files
- lan78xx: Read MAC address from DT if present
- [s390x] mm: Check for valid vma before zapping in gmap_discard
- net: ieee802154: 6lowpan: fix frag reassembly
- Revert "evm: Translate user/group ids relative to s_user_ns when
computing HMAC"
- ima: always measure and audit files in policy
- ima: re-introduce own integrity cache lock
- ima: re-initialize iint->atomic_flags
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.143
- mm/huge_memory: rename freeze_page() to unmap_page()
- mm/huge_memory.c: reorder operations in __split_huge_page_tail()
- mm/huge_memory: splitting set mapping+index before unfreeze
- mm/huge_memory: fix lockdep complaint on 32-bit i_size_read()
- mm/khugepaged: collapse_shmem() stop if punched or truncated
- shmem: shmem_charge: verify max_block is not exceeded before inode
update
- shmem: introduce shmem_inode_acct_block
- mm/khugepaged: fix crashes due to misaccounted holes
- mm/khugepaged: collapse_shmem() remember to clear holes
- mm/khugepaged: minor reorderings in collapse_shmem()
- mm/khugepaged: collapse_shmem() without freezing new_page
- mm/khugepaged: collapse_shmem() do not crash on Compound
- media: em28xx: Fix use-after-free when disconnecting
- [arm64,armhf] Revert "wlcore: Add missing PM call for
wlcore_cmd_wait_for_event_or_timeout()"
- net: skb_scrub_packet(): Scrub offload_fwd_mark
- [s390x] qeth: fix length check in SNMP processing
- usbnet: ipheth: fix potential recvmsg bug and recvmsg bug 2
- [x86] kvm: mmu: Fix race in emulated page table writes
- [x86] kvm: svm: Ensure an IBPB on all affected CPUs when freeing a vmcb
- [x86] KVM: Fix scan ioapic use-before-initialization (CVE-2018-19407)
- Btrfs: ensure path name is null terminated at btrfs_control_ioctl
- [x86] perf/x86/intel: Move branch tracing setup to the Intel-specific
source file
- [x86] perf/x86/intel: Add generic branch tracing check to
intel_pmu_has_bts()
- fs: fix lost error code in dio_complete
- [i386] ALSA: wss: Fix invalid snd_free_pages() at error path
- ALSA: ac97: Fix incorrect bit shift at AC97-SPSA control write
- ALSA: control: Fix race between adding and removing a user element
- [sparc] ALSA: sparc: Fix invalid snd_free_pages() at error path
- ext2: fix potential use after free
- btrfs: release metadata before running delayed refs
- USB: usb-storage: Add new IDs to ums-realtek
- usb: core: quirks: add RESET_RESUME quirk for Cherry G230 Stream series
- Revert "usb: dwc3: gadget: skip Set/Clear Halt when invalid"
- mm: use swp_offset as key in shmem_replace_page()
- [x86] Drivers: hv: vmbus: check the creation_status in
vmbus_establish_gpadl()
- [amd64] misc: mic/scif: fix copy-paste error in
scif_create_remote_lookup
- [armhf] bus: arm-cci: remove unnecessary unreachable()
- [armhf] trusted_foundations: do not use naked function
- [x86] efi/libstub: Make file I/O chunking x86-specific
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.144
- kernfs: Replace strncpy with memcpy
- ip_tunnel: Fix name string concatenate in __ip_tunnel_create()
- scsi: bfa: convert to strlcpy/strlcat
- [x86] staging: rts5208: fix gcc-8 logic error warning
- [amd64] x86/power/64: Use char arrays for asm function names
- iser: set sector for ambiguous mr status errors
- uprobes: Fix handle_swbp() vs. unregister() + register() race once more
- [mips*] fix mips_get_syscall_arg o32 check
- IB/mlx5: Avoid load failure due to unknown link width
- drm/ast: Fix incorrect free on ioregs
- drm: set is_master to 0 upon drm_new_set_master() failure
- scsi: scsi_devinfo: cleanly zero-pad devinfo strings
- scsi: csiostor: Avoid content leaks and casts
- [x86] svm: Add mutex_lock to protect apic_access_page_done on AMD
systems
- Input: xpad - quirk all PDP Xbox One gamepads
- Input: elan_i2c - add ELAN0620 to the ACPI table
- Input: elan_i2c - add ACPI ID for Lenovo IdeaPad 330-15ARR
- Input: elan_i2c - add support for ELAN0621 touchpad
- btrfs: Always try all copies when reading extent buffers
- Btrfs: fix use-after-free when dumping free space
- udf: Allow mounting volumes with incorrect identification strings
- [arm64,armhf] reset: make optional functions really optional
- [arm64,armhf] reset: core: fix reset_control_put
- reset: fix optional reset_control_get stubs to return NULL
- [arm64,armhf] reset: add exported __reset_control_get, return NULL if
optional
- [arm64,armhf] reset: make device_reset_optional() really optional
- reset: remove remaining WARN_ON() in <linux/reset.h>
- mm: cleancache: fix corruption on missed inode invalidation
(CVE-2018-16862)
- net: qed: use correct strncpy() size
- tipc: use destination length for copy string
- libceph: drop len argument of *verify_authorizer_reply()
- libceph: no need to drop con->mutex for ->get_authorizer()
- libceph: store ceph_auth_handshake pointer in ceph_connection
- libceph: factor out __prepare_write_connect()
- libceph: factor out __ceph_x_decrypt()
- libceph: factor out encrypt_authorizer()
- libceph: add authorizer challenge (CVE-2018-1128)
- libceph: implement CEPHX_V2 calculation mode (CVE-2018-1129)
- libceph: weaken sizeof check in ceph_x_verify_authorizer_reply()
- libceph: check authorizer reply/challenge length before reading
- bpf: Prevent memory disambiguation attack (CVE-2018-3639)
- wil6210: missing length check in wmi_set_ie (CVE-2018-5848)
- btrfs: validate type when reading a chunk (CVE-2018-14611)
- btrfs: Verify that every chunk has corresponding block group at mount
time (CVE-2018-14612)
- btrfs: Refactor check_leaf function for later expansion
- btrfs: Check if item pointer overlaps with the item itself
- btrfs: Add sanity check for EXTENT_DATA when reading out leaf
- btrfs: Add checker for EXTENT_CSUM
- btrfs: Move leaf and node validation checker to tree-checker.c
- btrfs: struct-funcs, constify readers
- btrfs: tree-checker: Enhance btrfs_check_node output
- btrfs: tree-checker: Fix false panic for sanity test
- btrfs: tree-checker: Add checker for dir item
- btrfs: tree-checker: use %zu format string for size_t
- btrfs: tree-check: reduce stack consumption in check_dir_item
- btrfs: tree-checker: Verify block_group_item (CVE-2018-14613)
- btrfs: tree-checker: Detect invalid and empty essential trees
(CVE-2018-14612)
- btrfs: Check that each block group has corresponding chunk at mount time
(CVE-2018-14610)
- btrfs: tree-checker: Check level for leaves and nodes
- btrfs: tree-checker: Fix misleading group system information
- f2fs: fix race condition in between free nid allocator/initializer
(CVE-2017-18249)
- f2fs: detect wrong layout
- f2fs: return error during fill_super
- f2fs: check blkaddr more accuratly before issue a bio
- f2fs: sanity check on sit entry
- f2fs: enhance sanity_check_raw_super() to avoid potential overflow
- f2fs: clean up with is_valid_blkaddr()
- f2fs: introduce and spread verify_blkaddr
- f2fs: fix to do sanity check with secs_per_zone (CVE-2018-13100)
- f2fs: fix to do sanity check with user_block_count (CVE-2018-13097)
- f2fs: Add sanity_check_inode() function
- f2fs: fix to do sanity check with node footer and iblocks
(CVE-2018-13096)
- f2fs: fix to do sanity check with block address in main area
- f2fs: fix missing up_read
- f2fs: fix to do sanity check with block address in main area v2
(CVE-2018-14616)
- f2fs: free meta pages if sanity check for ckpt is failed
- f2fs: fix to do sanity check with cp_pack_start_sum (CVE-2018-14614)
- xfs: don't fail when converting shortform attr to long form during
ATTR_REPLACE (CVE-2018-18690)
- hugetlbfs: fix bug in pgoff overflow checking
.
[ Ben Hutchings ]
* drivers/net/ethernet: Ignore ABI changes (fixes FTBFS on arm64;
Closes: #914556)
* libcpupower: Hide private function and drop it from .symbols file
* Revert "elevator: fix truncation of icq_cache_name" to avoid ABI change
* reset: Avoid ABI changes in 4.9.144
* esp_scsi: Ignore ABI changes
* snd-hda: Ignore ABI changes
* posix-timers: Avoid ABI change in 4.9.136
* sched: Avoid ABI change in 4.9.136
* [armel,armhf] Avoid ABI change in 4.9.139
.
[ Noah Meyerhans ]
* [arm64] PCI: Enable HOTPLUG_PCI and HOTPLUG_PCI_ACPI (Closes: #915231)
* drivers/net/ethernet/amazon: Backport ENA 2.0.2 network driver
(Closes: #915229)
.
[ Salvatore Bonaccorso ]
* [rt] Refresh
0159-genirq-Allow-disabling-of-softirq-processing-in-irq-.patch for
context changes in 4.9.137
* Refresh mips-loongson-3-support-irq_set_affinity-in-i8259-ch.patch for
context changes in 4.9.138
* Refresh kbuild-use-nostdinc-in-compile-tests.patch for context changes in
4.9.139
* Refresh inet-frags-avoid-abi-change-in-4.9.134.patch for context changes
in 4.9.139
* scripts/mod: Update modpost wrapper for 4.9.139.
Upstream commit cf0c3e68aa81 "kbuild: fix asm-offset generation to work
with clang" changed the macros used by devicetable-offsets.c. Copy the
new sed code from upstream scripts/Makefile.lib.
Originates from the same change for 4.12 done by Ben Hutchings.
* Refresh media-v4l-avoid-abi-change-in-4.9.131.patch for context changes in
4.9.141
* Refresh fs-enable-link-security-restrictions-by-default.patch for context
changes in 4.9.142
* Refresh inet-frags-avoid-abi-change-in-4.9.134.patch for context changes
in 4.9.142
.
[ Michal Simek ]
* [arm64] Enable Xilinx ZynqMP SoC and drivers
.
linux (4.9.135-1) stretch; urgency=medium
.
* New upstream stable update:
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.131
- crypto: skcipher - Fix -Wstringop-truncation warnings
- tsl2550: fix lux1_input error in low light
- [x86] vmci: type promotion bug in qp_host_get_user_memory()
- [amd64] numa_emulation: Fix emulated-to-physical node mapping
- [x86] staging: rts5208: fix missing error check on call to
rtsx_write_register
- uwb: hwa-rc: fix memory leak at probe
- [arm64,armhf] power: vexpress: fix corruption in notifier registration
- [amd64] iommu/amd: make sure TLB to be flushed before IOVA freed
- Bluetooth: Add a new Realtek 8723DE ID 0bda:b009
- USB: serial: kobil_sct: fix modem-status error handling
- 6lowpan: iphc: reset mac_header after decompress to fix panic
- [s390x] mm: correct allocate_pgste proc_handler callback
- power: remove possible deadlock when unregistering power_supply
- IB/core: type promotion bug in rdma_rw_init_one_mr()
- [powerpc*] kdump: Handle crashkernel memory reservation failure
- [x86] tsc: Add missing header to tsc_msr.c
- [armhf] hwmod: RTC: Don't assume lock/unlock will be called with irq
enabled
- [x86] entry/64: Add two more instruction suffixes
- scsi: target/iscsi: Make iscsit_ta_authentication() respect the output
buffer size
- scsi: klist: Make it safe to use klists in atomic context
- [powerpc/powerpc64,ppc64*] scsi: ibmvscsi: Improve strings handling
- usb: wusbcore: security: cast sizeof to int for comparison
- [ppc64el] powerpc/powernv/ioda2: Reduce upper limit for DMA window size
- alarmtimer: Prevent overflow for relative nanosleep (CVE-2018-13053)
- [s390x] extmem: fix gcc 8 stringop-overflow warning
- [armhf] media: omap3isp: zero-initialize the isp cam_xclk{a,b} initial
data
- drivers/tty: add error handling for pcmcia_loop_config
- [x86] media: tm6000: add error handling for dvb_register_adapter
- ALSA: hda: Add AZX_DCAPS_PM_RUNTIME for AMD Raven Ridge
- ath10k: protect ath10k_htt_rx_ring_free with rx_ring.lock
- rndis_wlan: potential buffer overflow in rndis_wlan_auth_indication()
- [arm64,armhf] wlcore: Add missing PM call for
wlcore_cmd_wait_for_event_or_timeout()
- [armhf] mvebu: declare asm symbols as character arrays in pmsu.c
- HID: hid-ntrig: add error handling for sysfs_create_group
- [x86] perf/x86/intel/lbr: Fix incomplete LBR call stack
- scsi: bnx2i: add error handling for ioremap_nocache
- scsi: megaraid_sas: Update controller info during resume
- [x86] EDAC, i7core: Fix memleaks and use-after-free on probe and remove
- ASoC: dapm: Fix potential DAI widget pointer deref when linking DAIs
- nfsd: fix corrupted reply to badly ordered compound
- EDAC: Fix memleak in module init error path
- [armhf] dts: dra7: fix DCAN node addresses
- [arm64] spi: tegra20-slink: explicitly enable/disable clock
- [arm*] regulator: fix crash caused by null driver data
- USB: fix error handling in usb_driver_claim_interface()
- USB: handle NULL config in usb_find_alt_setting()
- slub: make ->cpu_partial unsigned int
- media: uvcvideo: Support realtek's UVC 1.5 device
- USB: usbdevfs: sanitize flags more
- USB: usbdevfs: restore warning for nonsensical flags
- Revert "usb: cdc-wdm: Fix a sleep-in-atomic-context bug in
service_outstanding_interrupt()"
- USB: remove LPM management from usb_driver_claim_interface()
- Input: elantech - enable middle button of touchpad on ThinkPad P72
- IB/srp: Avoid that sg_reset -d ${srp_device} triggers an infinite loop
- [amd64] IB/hfi1: Invalid user input can result in crash
- [amd64] IB/hfi1: Fix context recovery when PBC has an UnsupportedVL
- scsi: target: iscsi: Use bin2hex instead of a re-implementation
- [armhf] serial: imx: restore handshaking irq for imx1
- [amd64] IB/hfi1: Fix SL array bounds check
- qed: Wait for ready indication before rereading the shmem
- qed: Wait for MCP halt and resume commands to take place
- [arm*] thermal: of-thermal: disable passive polling when thermal zone is
disabled
- [arm64] net: hns: fix length and page_offset overflow when
CONFIG_ARM64_64K_PAGES
- [arm64] net: hns: fix skb->truesize underestimation
- e1000: check on netif_running() before calling e1000_up()
- e1000: ensure to free old tx/rx rings in set_ringparam()
- hwmon: (adt7475) Make adt7475_read_word() return errors
- [x86] drm/amdgpu: Enable/disable gfx PG feature in rlc safe mode
- [arm*] smccc-1.1: Make return values unsigned long
- [arm*] smccc-1.1: Handle function result as parameters
- [x86] i2c: i801: Allow ACPI AML access I/O ports not reserved for SMBus
- media: v4l: event: Prevent freeing event subscriptions while accessed
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.132
- [arm64] serial: mvebu-uart: Fix reporting of effective CSIZE to
userspace
- time: Introduce jiffies64_to_nsecs()
- mac80211: Run TXQ teardown code before de-registering interfaces
- [ppc64el] KVM: PPC: Book3S HV: Don't truncate HPTE index in xlate
function
- mac80211: correct use of IEEE80211_VHT_CAP_RXSTBC_X
- mac80211_hwsim: correct use of IEEE80211_VHT_CAP_RXSTBC_X
- mac80211: mesh: fix HWMP sequence numbering to follow standard
- [arm64] net: hns: add netif_carrier_off before change speed and duplex
- cfg80211: nl80211_update_ft_ies() to validate NL80211_ATTR_IE
- gpio: Fix crash due to registration race
- RAID10 BUG_ON in raise_barrier when force is true and conf->barrier is 0
- fs/cifs: don't translate SFM_SLASH (U+F026) to backslash
- cfg80211: fix a type issue in ieee80211_chandef_to_operating_class()
- mac80211: fix a race between restart and CSA flows
- mac80211: Fix station bandwidth setting after channel switch
- mac80211: don't Tx a deauth frame if the AP forbade Tx
- mac80211: shorten the IBSS debug messages
- mm: madvise(MADV_DODUMP): allow hugetlbfs pages
- HID: add support for Apple Magic Keyboards
- HID: hid-saitek: Add device ID for RAT 7 Contagion
- perf evsel: Fix potential null pointer dereference in
perf_evsel__new_idx()
- [ppc64el] perf probe powerpc: Ignore SyS symbols irrespective of
endianness
- RDMA/ucma: check fd type in ucma_migrate_id()
- USB: yurex: Check for truncation in yurex_read()
- nvmet-rdma: fix possible bogus dereference under heavy load
- net/mlx5: Consider PCI domain in search for next dev
- drm/nouveau/TBDdevinit: don't fail when PMU/PRE_OS is missing from VBIOS
- dm raid: fix rebuild of specific devices by updating superblock
- fs/cifs: suppress a string overflow warning
- [x86] net: ena: fix driver when PAGE_SIZE == 64kB
- [x86] perf/x86/intel: Add support/quirk for the MISPREDICT bit on
Knights Landing CPUs
- dm thin metadata: try to avoid ever aborting transactions
- [arm64] jump_label.h: use asm_volatile_goto macro instead of "asm goto"
- r8169: Clear RTL_FLAG_TASK_*_PENDING when clearing RTL_FLAG_TASK_ENABLED
- [s390x] qeth: use vzalloc for QUERY OAT buffer
- [s390x] qeth: don't dump past end of unknown HW header
- cifs: read overflow in is_valid_oplock_break()
- xen/manage: don't complain about an empty value in control/sysrq node
- xen: avoid crash in disable_hotplug_cpu
- xen: fix GCC warning and remove duplicate EVTCHN_ROW/EVTCHN_COL usage
- sysfs: Do not return POSIX ACL xattrs via listxattr
- smb2: fix missing files in root share directory listing
- ALSA: hda/realtek - Cannot adjust speaker's volume on Dell XPS 27 7760
- [x86] crypto: qat - Fix KASAN stack-out-of-bounds bug in adf_probe()
- gpiolib: Free the last requested descriptor
- proc: restrict kernel stack dumps to root (CVE-2018-17972)
- ocfs2: fix locking for res->tracking and dlm->tracking_list
- dm thin metadata: fix __udivdi3 undefined on 32-bit
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.133
- mm/vmstat.c: skip NR_TLB_REMOTE_FLUSH* properly
- [amd64] x86/vdso: Fix asm constraints on vDSO syscall fallbacks
- [amd64] x86/vdso: Fix vDSO syscall fallback asm constraint regression
- PCI: Reprogram bridge prefetch registers on resume
- mac80211: fix setting IEEE80211_KEY_FLAG_RX_MGMT for AP mode keys
- PM / core: Clear the direct_complete flag on errors
- dm cache metadata: ignore hints array being too small during resize
- dm cache: fix resize crash if user doesn't reload cache table
- xhci: Add missing CAS workaround for Intel Sunrise Point xHCI
- USB: serial: simple: add Motorola Tetra MTP6550 id
- tty: Drop tty->count on tty_reopen() failure
- cgroup: Fix deadlock in cpu hotplug path
- ath10k: fix use-after-free in ath10k_wmi_cmd_send_nowait
- ath10k: fix kernel panic issue during pci probe
- f2fs: fix invalid memory access
- ucma: fix a use-after-free in ucma_resolve_ip()
- ubifs: Check for name being NULL while mounting
- ath10k: fix scan crash due to incorrect length calculation
- ebtables: arpreply: Add the standard target sanity check
- [x86] fpu: Remove use_eager_fpu()
- [x86] fpu: Remove struct fpu::counter
- Revert "perf: sync up x86/.../cpufeatures.h"
- [x86] fpu: Finish excising 'eagerfpu'
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.134
- [armhf] mfd: omap-usb-host: Fix dts probe of children
- scsi: iscsi: target: Don't use stack buffer for scatterlist
- scsi: qla2xxx: Fix an endian bug in fcpcmd_is_corrupted()
- sound: enable interrupt after dma buffer initialization
- [arm64,armhf] stmmac: fix valid numbers of unicast filter entries
- [x86] kvm/lapic: always disable MMIO interface in x2APIC mode
- ext4: Fix error code in ext4_xattr_set_entry()
- mm/vmstat.c: fix outdated vmstat_text
- mach64: detect the dot clock divider correctly on sparc
- [x86] i2c: i2c-scmi: fix for i2c_smbus_write_block_data
- xhci: Don't print a warning when setting link state for disabled ports
- bnxt_en: Fix TX timeout during netpoll.
- bonding: avoid possible dead-lock
- ip6_tunnel: be careful when accessing the inner header
- ip_tunnel: be careful when accessing the inner header
- ipv4: fix use-after-free in ip_cmsg_recv_dstaddr()
- ipv6: take rcu lock in rawv6_send_hdrinc()
- [armhf] net: dsa: bcm_sf2: Call setup during switch resume
- ]arm64] net: hns: fix for unmapping problem when SMMU is on
- net: ipv4: update fnhe_pmtu when first hop's MTU changes
- net/ipv6: Display all addresses in output of /proc/net/if_inet6
- net/usb: cancel pending work when unbinding smsc75xx
- qlcnic: fix Tx descriptor corruption on 82xx devices
- qmi_wwan: Added support for Gemalto's Cinterion ALASxx WWAN interface
- team: Forbid enslaving team device to itself
- [armhf] net: dsa: bcm_sf2: Fix unbind ordering
- [armhf] net: mvpp2: Extract the correct ethtype from the skb for tx csum
offload
- rtnl: limit IFLA_NUM_TX_QUEUES and IFLA_NUM_RX_QUEUES to 4096
- tcp/dccp: fix lockdep issue when SYN is backlogged
- inet: make sure to grab rcu_read_lock before using ireq->ireq_opt
- inet: frags: change inet_frags_init_net() return value
- inet: frags: add a pointer to struct netns_frags
- inet: frags: refactor ipfrag_init()
- inet: frags: refactor ipv6_frag_init()
- inet: frags: refactor lowpan_net_frag_init()
- ipv6: export ip6 fragments sysctl to unprivileged users
- rhashtable: add schedule points
- inet: frags: use rhashtables for reassembly units
- inet: frags: remove some helpers
- inet: frags: get rif of inet_frag_evicting()
- inet: frags: remove inet_frag_maybe_warn_overflow()
- inet: frags: do not clone skb in ip_expire()
- ipv6: frags: rewrite ip6_expire_frag_queue()
- inet: frags: get rid of ipfrag_skb_cb/FRAG_CB
- ip: discard IPv4 datagrams with overlapping segments.
- net: speed up skb_rbtree_purge()
- net: modify skb_rbtree_purge to return the truesize of all purged skbs.
- ipv6: defrag: drop non-last frags smaller than min mtu
- net: pskb_trim_rcsum() and CHECKSUM_COMPLETE are friends
- net: add rb_to_skb() and other rb tree helpers
- ip: use rb trees for IP frag queue.
- ip: add helpers to process in-order fragments faster.
- ip: process in-order fragments efficiently
- ip: frags: fix crash in ip_do_fragment()
- ipv4: frags: precedence bug in ip_expire()
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.135
- media: af9035: prevent buffer overflow on write
- batman-adv: Fix segfault when writing to throughput_override
- batman-adv: Fix segfault when writing to sysfs elp_interval
- batman-adv: Prevent duplicated nc_node entry
- batman-adv: Prevent duplicated softif_vlan entry
- batman-adv: Prevent duplicated global TT entry
- batman-adv: Prevent duplicated tvlv handler
- batman-adv: fix backbone_gw refcount on queue_work() failure
- batman-adv: fix hardif_neigh refcount on queue_work() failure
- [armhf] clocksource/drivers/ti-32k: Add CLOCK_SOURCE_SUSPEND_NONSTOP
flag for non-am43 SoCs
- [powerpc*/*64*] scsi: ibmvscsis: Fix a stringop-overflow warning
- [powerpc*/*64*] scsi: ibmvscsis: Ensure partition name is properly NUL
terminated
- [arm64] drm: mali-dp: Call drm_crtc_vblank_reset on device init
- scsi: sd: don't crash the host on invalid commands
- net/mlx4: Use cpumask_available for eq->affinity_mask
- [powerpc*] tm: Fix userspace r13 corruption
- [powerpc*] tm: Avoid possible userspace r1 corruption on reclaim
- [amd64] iommu/amd: Return devid as alias for ACPI HID devices
- mremap: properly flush TLB before releasing the page (CVE-2018-18281)
- mm: Preserve _PAGE_DEVMAP across mprotect() calls
- netfilter: check for seqadj ext existence before adding it in
nf_nat_setup_info
- HID: quirks: fix support for Apple Magic Keyboards
- usb: gadget: serial: fix oops when data rx'd after close
- sched/cputime: Convert kcpustat to nsecs
- sched/cputime: Increment kcpustat directly on irqtime account
- sched/cputime: Fix ksoftirqd cputime accounting regression
- [x86] HV: properly delay KVP packets when negotiation is in progress
.
[ Ben Hutchings ]
* Resolve ABI changes caused by upstream fix for CVE-2018-5391:
- Revert "inet: frags: fix ip6frag_low_thresh boundary"
- Revert "inet: frags: reorganize struct netns_frags"
- Revert "rhashtable: reorganize struct rhashtable layout"
- Revert "inet: frags: break the 2GB limit for frags storage"
- inet: frags: Avoid ABI change in 4.9.134
- sk_buff: Avoid ABI change in 4.9.134
- snmp: Remove the ReasmOverlaps statistic
- ipv6: Ignore ABI changes in fragment reassembly functions
* [x86] fpu: Avoid ABI change in 4.9.133
* power: Avoid ABI change in 4.9.131
* slub: Avoid ABI change in 4.9.131
* media: v4l: Avoid ABI change in 4.9.131
* netdev: Hide netdev_notifier_info_ext from modules
* [x86] Revert "x86/mm: Expand static page table for fixmap space"
* Revert "tracing: Use strlcpy() instead of strcpy() in
__trace_find_cmdline()", which does not fix a real security issue
.
linux (4.9.130-2) stretch; urgency=medium
.
[ Salvatore Bonaccorso ]
* Ignore ABI change for return_address.
Fixes "FTBFS on armel/armhf: ABI change for return_address".
Modules will use their own inline copy.
Thanks to Cyril Brulebois for the analysis (Closes: #911421)
.
linux (4.9.130-1) stretch; urgency=medium
.
* New upstream stable update:
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.111
- [x86] spectre_v1: Disable compiler optimizations over
array_index_mask_nospec()
- [x86] mce: Improve error message when kernel cannot recover
- [x86] mce: Check for alternate indication of machine check recovery on
Skylake
- [x86] mce: Fix incorrect "Machine check from unknown source" message
- [x86] mce: Do not overwrite MCi_STATUS in mce_no_way_out()
- [x86] Call fixup_exception() before notify_die() in math_error()
- [m68k] mm: Adjust VM area to be unmapped by gap size for __iounmap()
- [sh4] serial: sh-sci: Use spin_{try}lock_irqsave instead of open coding
version
- usb: do not reset if a low-speed or full-speed device timed out
- 1wire: family module autoload fails because of upper/lower case
mismatch.
- ASoC: dapm: delete dapm_kcontrol_data paths list before freeing it
- lib/vsprintf: Remove atomic-unsafe support for %pCr
- [mips*] ftrace: fix static function graph tracing
- branch-check: fix long->int truncation when profiling branches
- ipmi:bt: Set the timeout before doing a capabilities check
- Bluetooth: hci_qca: Avoid missing rampatch failure with userspace fw
loader
- fuse: atomic_o_trunc should truncate pagecache
- fuse: don't keep dead fuse_conn at fuse_fill_super().
- fuse: fix control dir setup and teardown
- [powerpc*] mm/hash: Add missing isync prior to kernel stack SLB switch
- [powerpc*] ptrace: Fix setting 512B aligned breakpoints with
PTRACE_SET_DEBUGREG
- [powerpc*] /ptrace: Fix enforcement of DAWR constraints
- [powerpc*] powernv/ioda2: Remove redundant free of TCE pages
- [poewrpc*] cpuidle: powernv: Fix promotion from snooze if next state
disabled
- [powerpc*] fadump: Unregister fadump on kexec down path.
- [arm*] 8764/1: kgdb: fix NUMREGBYTES so that gdb_regs[] is the correct
size
- [arm64] kpti: Use early_param for kpti= command-line option
- [arm64] mm: Ensure writes to swapper are ordered wrt subsequent cache
maintenance
- IB/qib: Fix DMA api warning with debug kernel
- IB/{hfi1, qib}: Add handling of kernel restart
- IB/mlx5: Fetch soft WQE's on fatal error state
- IB/isert: Fix for lib/dma_debug check_sync warning
- IB/isert: fix T10-pi check mask setting
- RDMA/mlx4: Discard unknown SQP work requests
- mtd: cfi_cmdset_0002: Change write buffer to check correct value
- mtd: cfi_cmdset_0002: Use right chip in do_ppb_xxlock()
- mtd: cfi_cmdset_0002: fix SEGV unlocking multiple chips
- mtd: cfi_cmdset_0002: Fix unlocking requests crossing a chip boudary
- mtd: cfi_cmdset_0002: Avoid walking all chips when unlocking.
- PCI: Add ACS quirk for Intel 7th & 8th Gen mobile
- PCI: Add ACS quirk for Intel 300 series
- PCI: pciehp: Clear Presence Detect and Data Link Layer Status Changed on
resume
- printk: fix possible reuse of va_list variable
- [mips*] io: Add barrier after register read in inX()
- time: Make sure jiffies_to_msecs() preserves non-zero time periods
- Btrfs: fix return value on rename exchange failure
- Btrfs: fix unexpected cow in run_delalloc_nocow
- iio:buffer: make length types match kfifo types
- scsi: qla2xxx: Fix setting lower transfer speed if GPSC fails
- [s390x] scsi: zfcp: fix missing SCSI trace for result of
eh_host_reset_handler
- [s390x] scsi: zfcp: fix missing SCSI trace for retry of abort / scsi_eh
TMF
- [s390x] scsi: zfcp: fix misleading REC trigger trace where erp_action
setup failed
- [s390x] scsi: zfcp: fix missing REC trigger trace on terminate_rport_io
early return
- [s390x] scsi: zfcp: fix missing REC trigger trace on terminate_rport_io
for ERP_FAILED
- [s390x] scsi: zfcp: fix missing REC trigger trace for all objects in
ERP_FAILED
- [s390x] scsi: zfcp: fix missing REC trigger trace on enqueue without ERP
thread
- linvdimm, pmem: Preserve read-only setting for pmem devices
- md: fix two problems with setting the "re-add" device state.
- ubi: fastmap: Cancel work upon detach
- ubi: fastmap: Correctly handle interrupted erasures in EBA
- UBIFS: Fix potential integer overflow in allocation
- [x86] mfd: intel-lpss: Program REMAP register in PIO mode
- perf tools: Fix symbol and object code resolution for vdso32 and vdsox32
- perf intel-pt: Fix sync_switch INTEL_PT_SS_NOT_TRACING
- perf intel-pt: Fix decoding to accept CBR between FUP and corresponding
TIP
- perf intel-pt: Fix MTC timing after overflow
- perf intel-pt: Fix "Unexpected indirect branch" error
- perf intel-pt: Fix packet decoding of CYC packets
- media: v4l2-compat-ioctl32: prevent go past max size
- media: cx231xx: Add support for AverMedia DVD EZMaker 7
- media: dvb_frontend: fix locking issues at dvb_frontend_get_event()
- nfsd: restrict rd_maxcount to svc_max_payload in nfsd_encode_readdir
- NFSv4: Fix possible 1-byte stack overflow in
nfs_idmap_read_and_verify_message
- NFSv4: Revert commit 5f83d86cf531d ("NFSv4.x: Fix wraparound issues..")
- video: uvesafb: Fix integer overflow in allocation (CVE-2018-13406)
- Input: elan_i2c - add ELAN0618 (Lenovo v330 15IKB) ACPI ID
- pwm: lpss: platform: Save/restore the ctrl register over a
suspend/resume
- rbd: flush rbd_dev->watch_dwork after watch is unregistered
- [x86] mm: fix devmem_is_allowed() for sub-page System RAM intersections
- xen: Remove unnecessary BUG_ON from __unbind_from_irq()
- udf: Detect incorrect directory size
- Input: elan_i2c_smbus - fix more potential stack buffer overflows
- Input: elantech - enable middle button of touchpads on ThinkPad P52
- Input: elantech - fix V4 report decoding for module with middle key
- ALSA: hda/realtek - Fix pop noise on Lenovo P50 & co
- ALSA: hda/realtek - Add a quirk for FSC ESPRIMO U9210
- block: Fix transfer when chunk sectors exceeds max
- dm thin: handle running out of data space vs concurrent discard
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.112
- usb: cdc_acm: Add quirk for Uniden UBC125 scanner
- USB: serial: cp210x: add CESINEL device ids
- USB: serial: cp210x: add Silicon Labs IDs for Windows Update
- [arm64,armhf] usb: dwc2: fix the incorrect bitmaps for the ports of
multi_tt hub
- n_tty: Fix stall at n_tty_receive_char_special().
- n_tty: Access echo_* variables carefully.
- vt: prevent leaking uninitialized data to userspace via /dev/vcs*
- ipv4: Fix error return value in fib_convert_metrics()
- [x86] kprobes: Do not modify singlestep buffer while resuming
- netfilter: nf_tables: use WARN_ON_ONCE instead of BUG_ON in
nft_do_chain()
- net: phy: micrel: fix crash when statistic requested for KSZ9031 phy
- [armhf] dts: imx6q: Use correct SDMA script for SPI5 core
- IB/hfi1: Fix user context tail allocation for DMA_RTAIL
- mm: hugetlb: yield when prepping struct pages
- tracing: Fix missing return symbol in function_graph output
- scsi: sg: mitigate read/write abuse
- [s390x] Correct register corruption in critical section cleanup
- drbd: fix access after free
- cifs: Fix infinite loop when using hard mount option
- drm/udl: fix display corruption of the last line
- ext4: include the illegal physical block in the bad map ext4_error msg
- ext4: add more mount time checks of the superblock
- ext4: check superblock mapped prior to committing
- mlxsw: spectrum: Forbid linking of VLAN devices to devices that have
uppers
- [x86] HID: i2c-hid: Fix "incomplete report" noise
- HID: hiddev: fix potential Spectre v1
- HID: debug: check length before copy_to_user() (CVE-2018-9516)
- PM / OPP: Update voltage in case freq == old_freq
- Kbuild: fix # escaping in .cmd files for future Make
- media: cx25840: Use subdev host data for PLL override
- mm, page_alloc: do not break __GFP_THISNODE by zonelist reset
- dm bufio: avoid sleeping while holding the dm_bufio lock
- dm bufio: drop the lock when doing GFP_NOIO allocation
- [armhf] mtd: rawnand: mxc: set spare area size register explicitly
- dm bufio: don't take the lock in dm_bufio_shrink_count
- mtd: cfi_cmdset_0002: Change definition naming to retry write operation
- mtd: cfi_cmdset_0002: Change erase functions to retry for error
- mtd: cfi_cmdset_0002: Change erase functions to check chip good only
- netfilter: nf_log: don't hold nf_log_mutex during user access
- [x86] staging: comedi: quatech_daqp_cs: fix no-op loop
daqp_ao_insn_write()
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.113
- nvme: validate admin queue before unquiesce
- [mips*] Call dump_stack() from show_regs()
- [mips*] Fix ioremap() RAM check
- mmc: dw_mmc: fix card threshold control configuration
- [x86] ibmasm: don't write out of bounds in read handler
- ata: Fix ZBC_OUT command block check
- ata: Fix ZBC_OUT all bit handling
- vmw_balloon: fix inflation with batching
- ahci: Disable LPM on Lenovo 50 series laptops with a too old BIOS
- USB: serial: ch341: fix type promotion bug in ch341_control_in()
- USB: serial: cp210x: add another USB ID for Qivicon ZigBee stick
- USB: serial: keyspan_pda: fix modem-status error handling
- USB: yurex: fix out-of-bounds uaccess in read handler (CVE-2018-16276)
- USB: serial: mos7840: fix status-register error handling
- usb: quirks: add delay quirks for Corsair Strafe
- xhci: xhci-mem: off by one in xhci_stream_id_to_ring()
- HID: usbhid: add quirk for innomedia INNEX GENESIS/ATARI adapter
- ALSA: hda - Handle pm failure during hotplug
- fs, elf: make sure to page align bss in load_elf_library
- tools build: fix # escaping in .cmd files for future Make
- [arm64,armhf] i2c: tegra: Fix NACK error handling
- iw_cxgb4: correctly enforce the max reg_mr depth
- nvme-pci: Remap CMB SQ entries on every controller reset
- [x86] uprobes: Remove incorrect WARN_ON() in uprobe_init_insn()
- netfilter: nf_queue: augment nfqa_cfg_policy
- netfilter: x_tables: initialise match/target check parameter struct
- loop: add recursion validation to LOOP_CHANGE_FD
- PM / hibernate: Fix oops at snapshot_write()
- loop: remember whether sysfs_create_group() was done
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.114
- [mips*] Use async IPIs for arch_trigger_cpumask_backtrace()
- compiler-gcc.h: Add __attribute__((gnu_inline)) to all inline
declarations
- [x86] asm: Add _ASM_ARG* constants for argument registers to <asm/asm.h>
- [x86] paravirt: Make native_save_fl() extern inline
- mtd: m25p80: consider max message size in m25p80_read
- atm: zatm: Fix potential Spectre v1
- ipvlan: fix IFLA_MTU ignored on NEWLINK
- net: dccp: avoid crash in ccid3_hc_rx_send_feedback()
- net: dccp: switch rx_tstamp_last_feedback to monotonic clock
- net/mlx5: Fix incorrect raw command length parsing
- net/mlx5: Fix wrong size allocation for QoS ETC TC regitster
- net_sched: blackhole: tell upper qdisc about dropped packets
- net: sungem: fix rx checksum support
- qed: Fix use of incorrect size in memcpy call.
- qed: Limit msix vectors in kdump kernel to the minimum required count.
- qmi_wwan: add support for the Dell Wireless 5821e module
- r8152: napi hangup fix after disconnect
- tcp: fix Fast Open key endianness
- tcp: prevent bogus FRTO undos with non-SACK flows
- vhost_net: validate sock before trying to put its fd
- net/packet: fix use-after-free
- net/mlx5: Fix command interface race in polling mode
- net: cxgb3_main: fix potential Spectre v1
- rtlwifi: rtl8821ae: fix firmware is not ready to run
- net: lan78xx: Fix race in tx pending skb size calculation
- netfilter: ebtables: reject non-bridge targets
- reiserfs: fix buffer overflow with long warning messages
- KEYS: DNS: fix parsing multiple options
- netfilter: ipv6: nf_defrag: drop skb dst before queueing
- rds: avoid unenecessary cong_update in loop transport
- net/nfc: Avoid stalls when nfc_alloc_send_skb() returned NULL.
- [arm64] assembler: introduce ldr_this_cpu
- [arm64] KVM: Store vcpu on the stack during __guest_enter()
- [arm*] KVM: Convert kvm_host_cpu_state to a static per-cpu allocation
- [arm64] KVM: Change hyp_panic()s dependency on tpidr_el2
- [arm64] alternatives: use tpidr_el2 on VHE hosts
- [arm64] KVM: Stop save/restoring host tpidr_el1 on VHE
- [arm64] alternatives: Add dynamic patching feature
- [arm*] KVM: Do not use kern_hyp_va() with kvm_vgic_global_state
- [arm64] KVM: Avoid storing the vcpu pointer on the stack
- [arm*] smccc: Add SMCCC-specific return codes
- [arm64] Call ARCH_WORKAROUND_2 on transitions between EL0 and EL1
- [arm64] Add per-cpu infrastructure to call ARCH_WORKAROUND_2
- [arm64] Add ARCH_WORKAROUND_2 probing
- [arm64] Add 'ssbd' command-line option
- [arm64] ssbd: Add global mitigation state accessor
- [arm64] ssbd: Skip apply_ssbd if not using dynamic mitigation
- [arm64] ssbd: Restore mitigation status on CPU resume
- [arm64] ssbd: Introduce thread flag to control userspace mitigation
- [arm64] ssbd: Add prctl interface for per-thread mitigation
- [arm64] KVM: Add HYP per-cpu accessors
- [arm64] KVM: Add ARCH_WORKAROUND_2 support for guests
- [arm64] KVM: Handle guest's ARCH_WORKAROUND_2 requests
- [arm64] KVM: Add ARCH_WORKAROUND_2 discovery through
ARCH_FEATURES_FUNC_ID
- string: drop __must_check from strscpy() and restore strscpy() usages in
cgroup
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.115
- KVM/Eventfd: Avoid crash when assign and deassign specific eventfd in
parallel.
- [x86] apm: Don't access __preempt_count with zeroed fs
- [x86] MCE: Remove min interval polling limitation
- fat: fix memory allocation failure handling of match_strdup()
- ALSA: rawmidi: Change resized buffers atomically (CVE-2018-10902)
- mm: memcg: fix use after free in mem_cgroup_iter()
- mm/huge_memory.c: fix data loss when splitting a file pmd
- vfio/pci: Fix potential Spectre v1
- [x86] drm/i915: Fix hotplug irq ack on i965/g4x
- gen_stats: Fix netlink stats dumping in the presence of padding
- ipv4: Return EINVAL when ping_group_range sysctl doesn't map to user ns
- ipv6: fix useless rol32 call on hash
- lib/rhashtable: consider param->min_size when setting initial table size
- net: diag: Don't double-free TCP_NEW_SYN_RECV sockets in tcp_abort
- net/ipv4: Set oif in fib_compute_spec_dst
- net: phy: fix flag masking in __set_phy_supported
- ptp: fix missing break in switch
- qmi_wwan: add support for Quectel EG91
- tg3: Add higher cpu clock for 5762.
- net: usb: asix: replace mii_nway_restart in resume path
- net: Don't copy pfmemalloc flag in __copy_skb_header()
- skbuff: Unconditionally copy pfmemalloc in __skb_clone()
- xhci: Fix perceived dead host due to runtime suspend race with event
handler
- xprtrdma: Return -ENOBUFS when no pages are available
- block: do not use interruptible wait anywhere
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.116
- [mips*] Fix off-by-one in pci_resource_to_user()
- ip: hash fragments consistently
- ip: in cmsg IP(V6)_ORIGDSTADDR call pskb_may_pull
- net/mlx4_core: Save the qpn from the input modifier in RST2INIT wrapper
- net: skb_segment() should not return NULL
- net/mlx5: Adjust clock overflow work period
- net/mlx5e: Don't allow aRFS for encapsulated packets
- net/mlx5e: Fix quota counting in aRFS expire flow
- multicast: do not restore deleted record source filter mode to new one
- net: phy: consider PHY_IGNORE_INTERRUPT in phy_start_aneg_priv
- rtnetlink: add rtnl_link_state check in rtnl_configure_link
- tcp: fix dctcp delayed ACK schedule
- tcp: helpers to send special DCTCP ack
- tcp: do not cancel delay-AcK on DCTCP special ACK
- tcp: do not delay ACK in DCTCP upon CE status change
- usb: cdc_acm: Add quirk for Castles VEGA3000
- usb: core: handle hub C_PORT_OVER_CURRENT condition
- usb: gadget: f_fs: Only return delayed status when len is 0
- driver core: Partially revert "driver core: correct device's shutdown
order"
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.117
- Input: elan_i2c - add ACPI ID for lenovo ideapad 330
- Input: i8042 - add Lenovo LaVie Z to the i8042 reset list
- Input: elan_i2c - add another ACPI ID for Lenovo Ideapad 330-15AST
- [x86] kvm, mm: account shadow page tables to kmemcg
- tracing: Fix double free of event_trigger_data
- tracing: Fix possible double free in event_enable_trigger_func()
- kthread, tracing: Don't expose half-written comm when creating kthreads
- tracing/kprobes: Fix trace_probe flags on enable_trace_kprobe() failure
- tracing: Quiet gcc warning about maybe unused link variable
- [arm64] fix vmemmap BUILD_BUG_ON() triggering on !vmemmap setups
- [arm64,armhf] usb: dwc2: Fix DMA alignment to start at allocated
boundary
- kcov: ensure irq code sees a valid area
- xen/netfront: raise max number of slots in xennet_get_responses()
- ALSA: emu10k1: add error handling for snd_ctl_add
- ALSA: fm801: add error handling for snd_ctl_add
- nfsd: fix potential use-after-free in nfsd4_decode_getdeviceinfo
- mm: vmalloc: avoid racy handling of debugobjects in vunmap
- mm/slub.c: add __printf verification to slab_err()
- rtc: ensure rtc_set_alarm fails when alarms are not supported
- perf tools: Fix pmu events parsing rule
- netfilter: ipset: List timing out entries with "timeout 1" instead of
zero
- infiniband: fix a possible use-after-free bug (CVE-2018-14734)
- [powerpc*] powerpc/eeh: Fix use-after-release of EEH driver
- hvc_opal: don't set tb_ticks_per_usec in udbg_init_opal_common()
- [powerpc*] powerpc/64s: Fix compiler store ordering to SLB shadow area
- RDMA/mad: Convert BUG_ONs to error flows
- netfilter: nf_tables: check msg_type before nft_trans_set(trans)
- pnfs: Don't release the sequence slot until we've processed layoutget on
open
- disable loading f2fs module on PAGE_SIZE > 4KB
- f2fs: fix error path of move_data_page
- f2fs: fix to don't trigger writeback during recovery
- f2fs: fix to wait page writeback during revoking atomic write
- f2fs: Fix deadlock in shutdown ioctl
- f2fs: fix race in between GC and atomic open
- usbip: usbip_detach: Fix memory, udev context and udev leak
- [x86] perf/x86/intel/uncore: Correct fixed counter index check in
generic code
- [x86] perf/x86/intel/uncore: Correct fixed counter index check for NHM
- iwlwifi: pcie: fix race in Rx buffer allocator
- Bluetooth: hci_qca: Fix "Sleep inside atomic section" warning
- Bluetooth: btusb: Add a new Realtek 8723DE ID 2ff8:b011
- ASoC: dpcm: fix BE dai not hw_free and shutdown
- [arm64,armhf] mfd: cros_ec: Fail early if we cannot identify the EC
- mwifiex: handle race during mwifiex_usb_disconnect
- wlcore: sdio: check for valid platform device data before suspend
- media: tw686x: Fix incorrect vb2_mem_ops GFP flags
- media: videobuf2-core: don't call memop 'finish' when queueing
- btrfs: add barriers to btrfs_sync_log before log_commit_wait wakeups
- btrfs: qgroup: Finish rescan when hit the last leaf of extent tree
- PCI: Prevent sysfs disable of device while driver is attached
- ath: Add regulatory mapping for FCC3_ETSIC
- ath: Add regulatory mapping for ETSI8_WORLD
- ath: Add regulatory mapping for APL13_WORLD
- ath: Add regulatory mapping for APL2_FCCA
- ath: Add regulatory mapping for Uganda
- ath: Add regulatory mapping for Tanzania
- ath: Add regulatory mapping for Serbia
- ath: Add regulatory mapping for Bermuda
- ath: Add regulatory mapping for Bahamas
- [powerpc*] chrp/time: Make some functions static, add missing header
include
- [powerpc*] powermac: Add missing prototype for note_bootable_part()
- [powerpc*] powermac: Mark variable x as unused
- [powerpc*] 8xx: fix invalid register expression in head_8xx.S
- [powerpc*] bpf: powerpc64: pad function address loads with NOPs
- PCI: pciehp: Request control of native hotplug only if supported
- mwifiex: correct histogram data with appropriate index
- ima: based on policy verify firmware signatures (pre-allocated buffer)
- fscrypt: use unbound workqueue for decryption
- scsi: ufs: fix exception event handling
- ALSA: emu10k1: Rate-limit error messages about page errors
- [armhf] regulator: pfuze100: add .is_enable() for
pfuze100_swb_regulator_ops
- md: fix NULL dereference of mddev->pers in remove_and_add_spares()
- ixgbevf: fix MAC address changes through ixgbevf_set_mac()
- ALSA: usb-audio: Apply rate limit to warning messages in URB complete
callback
- [arm64] cmpwait: Clear event register before arming exclusive monitor
- HID: hid-plantronics: Re-resend Update to map button for PTT products
- drm/radeon: fix mode_valid's return type
- [powerpc*] embedded6xx/hlwd-pic: Prevent interrupts from being handled
by Starlet
- HID: i2c-hid: check if device is there before really probing
- nvmem: properly handle returned value nvmem_reg_read
- tty: Fix data race in tty_insert_flip_string_fixed_flag
- dma-iommu: Fix compilation when !CONFIG_IOMMU_DMA
- libata: Fix command retry decision
- media: media-device: fix ioctl function types
- media: saa7164: Fix driver name in debug output
- brcmfmac: Add support for bcm43364 wireless chipset
- [s390x] cpum_sf: Add data entry sizes to sampling trailer entry
- perf: fix invalid bit in diagnostic entry
- bnxt_en: Check unsupported speeds in bnxt_update_link() on PF only.
- scsi: 3w-9xxx: fix a missing-check bug
- scsi: 3w-xxxx: fix a missing-check bug
- scsi: megaraid: silence a static checker bug
- [x86] staging: lustre: o2iblnd: fix race at kiblnd_connect_peer
- [armhf] thermal: exynos: fix setting rising_threshold for Exynos5433
- bpf: fix references to free_bpf_prog_info() in comments
- media: siano: get rid of __le32/__le16 cast warnings
- drm/atomic: Handling the case when setting old crtc for plane
- ALSA: hda/ca0132: fix build failure when a local macro is defined
- mmc: dw_mmc: update actual clock for mmc debugfs
- mmc: pwrseq: Use kmalloc_array instead of stack VLA
- dt-bindings: pinctrl: meson: add support for the Meson8m2 SoC
- dt-bindings: net: meson-dwmac: new compatible name for AXG SoC
- stop_machine: Use raw spinlocks
- [arm64,armhf] memory: tegra: Do not handle spurious interrupts
- [arm64,armhf] memory: tegra: Apply interrupts mask per SoC
- [x86] drm/gma500: fix psb_intel_lvds_mode_valid()'s return type
- ipconfig: Correctly initialise ic_nameservers
- rsi: Fix 'invalid vdd' warning in mmc
- audit: allow not equal op for audit by executable
- [x86] staging: lustre: llite: correct removexattr detection
- [x86] staging: lustre: ldlm: free resource when ldlm_lock_create()
fails.
- serial: core: Make sure compiler barfs for 16-byte earlycon names
- usb: hub: Don't wait for connect state at resume for powered-off ports
- crypto: authencesn - don't leak pointers to authenc keys
- crypto: authenc - don't leak pointers to authenc keys
- [armhf] media: omap3isp: fix unbalanced dma_iommu_mapping
- scsi: scsi_dh: replace too broad "TP9" string with the exact models
- scsi: megaraid_sas: Increase timeout by 1 sec for non-RAID fastpath IOs
- media: si470x: fix __be16 annotations
- drm: Add DP PSR2 sink enable bit
- random: mix rdrand with entropy sent in from userspace
- squashfs: be more careful about metadata corruption
- ext4: fix inline data updates with checksums enabled
- ext4: check for allocation block validity with block group locked
- RDMA/uverbs: Protect from attempts to create flows on unsupported QP
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.118
- ipv4: remove BUG_ON() from fib_compute_spec_dst
- net: ena: Fix use of uninitialized DMA address bits field
- [arm64] net: fix amd-xgbe flow-control issue
- net: lan78xx: fix rx handling before first packet is send
- NET: stmmac: align DMA stuff to largest cache line length
- tcp_bbr: fix bw probing to raise in-flight data for very small BDPs
- xen-netfront: wait xenbus state change when load module manually
- tcp: do not force quickack when receiving out-of-order packets
- tcp: add max_quickacks param to tcp_incr_quickack and
tcp_enter_quickack_mode
- tcp: do not aggressively quick ack after ECN events
- tcp: refactor tcp_ecn_check_ce to remove sk type cast
- tcp: add one more quick ack after after ECN events
- [x86] pinctrl: intel: Read back TX buffer state
- sched/wait: Remove the lockless swait_active() check in swake_up*()
- bonding: avoid lockdep confusion in bond_get_stats()
- inet: frag: enforce memory limits earlier
- ipv4: frags: handle possible skb truesize change
- net: dsa: Do not suspend/resume closed slave_dev
- netlink: Fix spectre v1 gadget in netlink_create()
- net: stmmac: Fix WoL for PCI-based setups
- squashfs: more metadata hardening
- squashfs: more metadata hardenings
- can: ems_usb: Fix memory leak on ems_usb_disconnect()
- net: socket: fix potential spectre v1 gadget in socketcall
- virtio_balloon: fix another race between migration and ballooning
- [x86] kvm: vmx: fix vpid leak
- [x86] crypto: padlock-aes - Fix Nano workaround data corruption
- drm/vc4: Reset ->{x, y}_scaling[1] when dealing with uniplanar formats
- scsi: sg: fix minor memory leak in error path
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.119
- scsi: qla2xxx: Fix ISP recovery on unload
- scsi: qla2xxx: Return error when TMF returns
- genirq: Make force irq threading setup more robust
- nohz: Fix local_timer_softirq_pending()
- netlink: Do not subscribe to non-existent groups
- netlink: Don't shift with UB on nlk->ngroups
- netlink: Don't shift on 64 for ngroups
- ACPI / PCI: Bail early in acpi_pci_add_bus() if there is no ACPI handle
- ring_buffer: tracing: Inherit the tracing setting to next ring buffer
- [armhf] i2c: imx: Fix reinit_completion() use
- Btrfs: fix file data corruption after cloning a range and fsync
- tcp: add tcp_ooo_try_coalesce() helper
- kmemleak: clear stale pointers from task stacks
- fork: unconditionally clear stack on fork
- IB/hfi1: Fix incorrect mixing of ERR_PTR and NULL return values
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.120
- ext4: fix check to prevent initializing reserved inodes
- [x86] tpm: fix race condition in tpm_common_write()
- [hppa/parisc] Enable CONFIG_MLONGCALLS by default
- [hppa/parisc] Define mb() and add memory barriers to assembler unlock
sequences
- Mark HI and TASKLET softirq synchronous
- xen/netfront: don't cache skb_shinfo()
- ACPI / LPSS: Add missing prv_offset setting for byt/cht PWM devices
- scsi: sr: Avoid that opening a CD-ROM hangs with runtime power
management enabled
- root dentries need RCU-delayed freeing
- make sure that __dentry_kill() always invalidates d_seq, unhashed or not
- fix mntput/mntput race
- fix __legitimize_mnt()/mntput() race
- IB/core: Make testing MR flags for writability a static inline function
- IB/mlx4: Mark user MR as writable if actual virtual memory is writable
- IB/ocrdma: fix out of bounds access to local buffer
- [x86] paravirt: Fix spectre-v2 mitigations for paravirt guests
(CVE-2018-15594)
- [x86] speculation: Protect against userspace-userspace spectreRSB
CVE-2018-15572)
- [x86] kprobes Fix %p uses in error messages
- [x86] irqflags: Provide a declaration for native_save_fl
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.121
- [i386] mm: Disable ioremap free page handling on x86-PAE
- kbuild: verify that $DEPMOD is installed
- crypto: vmac - require a block cipher with 128-bit block size
- crypto: vmac - separate tfm and request context
- Bluetooth: hidp: buffer overflow in hidp_process_report (CVE-2018-9363)
- ioremap: Update pgtable free interfaces with addr
- [x86] mm: Add TLB purge to free pmd/pte page interfaces
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.122
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.123
- dccp: fix undefined behavior with 'cwnd' shift in ccid2_cwnd_restart()
- l2tp: use sk_dst_check() to avoid race on sk->sk_dst_cache
- llc: use refcount_inc_not_zero() for llc_sap_find()
- vsock: split dwork to avoid reinitializations
- ip6_tunnel: use the right value for ipv4 min mtu check in ip6_tnl_xmit
- net_sched: Fix missing res info when create new tc_index filter
- net_sched: fix NULL pointer dereference when delete tcindex filter
- ALSA: hda - Sleep for 10ms after entering D3 on Conexant codecs
- ALSA: hda - Turn CX8200 into D3 as well upon reboot
- ALSA: vx222: Fix invalid endian conversions
- ALSA: virmidi: Fix too long output trigger loop
- ALSA: cs5535audio: Fix invalid endian conversion
- ALSA: hda: Correct Asrock B85M-ITX power_save blacklist entry
- ALSA: memalloc: Don't exceed over the requested size
- ALSA: vxpocket: Fix invalid endian conversions
- cls_matchall: fix tcf_unbind_filter missing
- USB: serial: sierra: fix potential deadlock at close
- USB: option: add support for DW5821e
- ACPI / PM: save NVS memory for ASUS 1025C laptop
- tty: serial: 8250: Revert NXP SC16C2552 workaround
- serial: 8250_dw: always set baud rate in dw8250_set_termios
- serial: 8250_dw: Add ACPI support for uart on Broadcom SoC
- [x86] mm: Simplify p[g4um]d_page() macros
- Bluetooth: avoid killing an already killed socket
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.124
- [x86] entry/64: Remove %ebx handling from error_entry/exit
(CVE-2018-14678)
- [arm64,armhf] usb: dwc3: of-simple: fix use-after-free on remove
- [arm64] dts: ns2: Fix I2C controller interrupt type
- [arm64] drm: mali-dp: Enable Global SE interrupts mask for DP500
- IB/rxe: Fix missing completion for mem_reg work requests
- libahci: Fix possible Spectre-v1 pmp indexing in ahci_led_store()
- [arm64,armhf] usb: dwc2: fix isoc split in transfer with no data
- usb: gadget: composite: fix delayed_status race condition when
set_interface
- [arm64,armhf] usb: gadget: dwc2: fix memory leak in gadget_init()
- xen: add error handling for xenbus_printf
- scsi: xen-scsifront: add error handling for xenbus_printf
- xen/scsiback: add error handling for xenbus_printf
- [arm64] make secondary_start_kernel() notrace
- qed: Add sanity check for SIMD fastpath handler.
- enic: initialize enic->rfs_h.lock in enic_probe
- net: hamradio: use eth_broadcast_addr
- net: propagate dev_get_valid_name return code
- [armhf] net: stmmac: socfpga: add additional ocp reset line for
Stratix10
- nvmet: reset keep alive timer in controller enable
- [armhf] net: davinci_emac: match the mdio device against its compatible
if possible
- [arm64,armhf] KVM: Drop resource size check for GICV window
- locking/lockdep: Do not record IRQ state within lockdep code
- ipv6: mcast: fix unsolicited report interval after receiving querys
- Smack: Mark inode instant in smack_task_to_inode
- batman-adv: Fix bat_ogm_iv best gw refcnt after netlink dump
- batman-adv: Fix bat_v best gw refcnt after netlink dump
- cxgb4: when disabling dcb set txq dcb priority to 0
- [x86] iio: pressure: bmp280: fix relative humidity unit
- brcmfmac: stop watchdog before detach and free everything
- ALSA: seq: Fix UBSAN warning at SNDRV_SEQ_IOCTL_QUERY_NEXT_CLIENT ioctl
- [arm64,armhf] usb: xhci: remove the code build warning
- usb: xhci: increase CRS timeout value
- NFC: pn533: Fix wrong GFP flag usage
- perf test session topology: Fix test on s390
- perf report powerpc: Fix crash if callchain is empty
- perf bench: Fix numa report output code
- netfilter: nf_log: fix uninit read in nf_log_proc_dostring
- ceph: fix dentry leak in splice_dentry()
- [armhf] dmaengine: pl330: report BURST residue granularity
- [arm64] dmaengine: k3dma: Off by one in k3_of_dma_simple_xlate()
- md/raid10: fix that replacement cannot complete recovery after
reassemble
- nl80211: relax ht operation checks for mesh
- [s390x] bpf, s390: fix potential memleak when later bpf_jit_prog fails
- bnx2x: Fix receiving tx-timeout in error or recovery state.
- acpi/nfit: fix cmd_rc for acpi_nfit_ctl to always return a value
- ipvlan: call dev_change_flags when ipvlan mode is reset
- HID: wacom: Correct touch maximum XY of 2nd-gen Intuos
- tracing: Use __printf markup to silence compiler
- smsc75xx: Add workaround for gigabit link up hardware errata.
- ieee802154: 6lowpan: set IFLA_LINK
- netfilter: x_tables: set module owner for icmp(6) matches
- ipv6: make ipv6_renew_options() interrupt/kernel safe
- [arm*] pxa: irq: fix handling of ICMR registers in suspend/resume
- net/sched: act_tunnel_key: fix NULL dereference when 'goto chain' is
used
- ieee802154: at86rf230: switch from BUG_ON() to WARN_ON() on problem
- ieee802154: at86rf230: use __func__ macro for debug messages
- ieee802154: fakelb: switch from BUG_ON() to WARN_ON() on problem
- netfilter: nf_conntrack: Fix possible possible crash on module loading.
- bnxt_en: Always set output parameters in bnxt_get_max_rings().
- bnxt_en: Fix for system hang if request_irq fails
- nfit: fix unchecked dereference in acpi_nfit_ctl
- RDMA/mlx5: Fix memory leak in mlx5_ib_create_srq() error path
- [arm*] 8780/1: ftrace: Only set kernel memory back to read-only after
boot
- [armhf] DRA7/OMAP5: Enable ACTLR[0] (Enable invalidates of BTB) for
secondary cores
- [armhf] dts: am3517.dtsi: Disable reference to OMAP3 OTG controller
- ixgbe: Be more careful when modifying MAC filters
- packet: reset network header if packet shorter than ll reserved space
- qlogic: check kstrtoul() for errors
- tcp: remove DELAYED ACK events in DCTCP
- drm/nouveau/gem: off by one bugs in nouveau_gem_pushbuf_reloc_apply()
- net: usb: rtl8150: demote allmulti message to dev_dbg()
- tcp: identify cryptic messages as TCP seq # bugs
- KVM: irqfd: fix race between EPOLLHUP and irq_bypass_register_consumer
- ext4: fix spectre gadget in ext4_mb_regular_allocator()
- [hppa/parisc] Remove ordered stores from syscall.S
- xfrm_user: prevent leaking 2 bytes of kernel memory
- netfilter: conntrack: dccp: treat SYNC/SYNCACK as invalid if no prior
state
- packet: refine ring v3 block size test to hold one frame
- [hppa/parisc] Remove unnecessary barriers from spinlock.h
- PCI: hotplug: Don't leak pci_slot on registration failure
- PCI: Skip MPS logic for Virtual Functions (VFs)
- PCI: pciehp: Fix use-after-free on unplug
- PCI: pciehp: Fix unprotected list iteration in IRQ handler
- [armhf] i2c: imx: Fix race condition in dma read
- reiserfs: fix broken xattr handling (heap corruption, bad retval)
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.125
- vti6: fix PMTU caching and reporting on xmit
- xfrm: fix missing dst_release() after policy blocking lbcast and
multicast
- xfrm: free skb if nlsk pointer is NULL
- mac80211: add stations tied to AP_VLANs during hw reconfig
- nl80211: Add a missing break in parse_station_flags
- [arm64] drm/bridge: adv7511: Reset registers on hotplug
- scsi: libiscsi: fix possible NULL pointer dereference in case of TMF
- [armhf] drm/imx: imx-ldb: disable LDB on driver bind
- [armhf] drm/imx: imx-ldb: check if channel is enabled before printing
warning
- usb: gadget: f_uac2: fix endianness of 'struct cntrl_*_lay3'
- [ppc64el] bpf, ppc64: fix unexpected r0=0 exit path inside bpf_xadd
- [x86] tools/power turbostat: fix -S on UP systems
- qed: Fix possible race for the link state value.
- qed: Correct Multicast API to reflect existence of 256 approximate
buckets.
- atl1c: reserve min skb headroom
- [x86] perf/x86/amd/ibs: Don't access non-started event
- bnx2x: Fix invalid memory access in rss hash config path.
- qmi_wwan: fix interface number for DW5821e production firmware
- [x86] boot: Fix if_changed build flip/flop bug
- fscache: Allow cancelled operations to be enqueued
- cachefiles: Fix refcounting bug in backing-file read monitoring
- cachefiles: Wait rather than BUG'ing on "Unexpected object collision"
- zswap: re-check zswap_is_full() after do zswap_shrink()
- [x86] tools/power turbostat: Read extended processor family from CPUID
- enic: handle mtu change for vf properly
- squashfs metadata 2: electric boogaloo
- Squashfs: Compute expected length from inode size rather than block
length
- drivers: net: lmc: fix case value for target abort error
- memcg: remove memcg_cgroup::id from IDR on mem_cgroup_css_alloc()
failure
- scsi: fcoe: drop frames in ELS LOGO error path
- scsi: fcoe: clear FC_RP_STARTED flags when receiving a LOGO
- [x86] scsi: vmw_pvscsi: Return DID_RESET for status
SAM_STAT_COMMAND_TERMINATED
- mm/memory.c: check return value of ioremap_prot
- sched/sysctl: Check user input value of sysctl_sched_time_avg
- Cipso: cipso_v4_optptr enter infinite loop (CVE-2018-10938)
- [x86] mei: don't update offset in write
- cifs: add missing debug entries for kconfig options
- cifs: check kmalloc before use
- smb3: enumerating snapshots was leaving part of the data off end
- smb3: Do not send SMB3 SET_INFO if nothing changed
- smb3: don't request leases in symlink creation and query
- [arm64] kprobes: Fix %p uses in error messages
- [arm64] mm: check for upper PAGE_SHIFT bits in pfn_valid()
- [s390x] kvm: fix deadlock when killed by oom
- ext4: check for NUL characters in extended attribute's name
- ext4: sysfs: print ext4_super_block fields as little-endian
- ext4: reset error code in ext4_find_entry in fallback
- [arm64,armhf] KVM: Skip updating PTE entry if no change
- [arm64,armhf] KVM: Skip updating PMD entry if no change
- [x86] speculation/l1tf: Fix overflow in l1tf_pfn_limit() on 32bit
- [x86] speculation/l1tf: Fix off-by-one error when warning that system
has too much RAM (Closes: #907581)
- [x86] speculation/l1tf: Suggest what to do on systems with too much RAM
- [x86] process: Re-export start_thread()
- [x86] KVM: SVM: Call x86_spec_ctrl_set_guest/host() with interrupts
disabled
- [x86] kvm/vmx: Remove duplicate l1d flush definitions
- fuse: Don't access pipe->buffers without pipe_lock()
- fuse: fix initial parallel dirops
- fuse: fix double request_end()
- fuse: fix unlocked access to processing queue
- fuse: umount should wait for all requests
- fuse: Fix oops at process_init_reply()
- fuse: Add missed unlock_page() to fuse_readpages_fill()
- udl-kms: change down_interruptible to down
- udl-kms: handle allocation failure
- udl-kms: fix crash due to uninitialized memory
- b43legacy/leds: Ensure NUL-termination of LED name string
- b43/leds: Ensure NUL-termination of LED name string
- ASoC: dpcm: don't merge format from invalid codec dai
- ASoC: sirf: Fix potential NULL pointer dereference
- [x86] irqflags: Mark native_restore_fl extern inline
- [x86] spectre: Add missing family 6 check to microcode check
- [x86] speculation/l1tf: Increase l1tf memory limit for Nehalem+
(Closes: #907581)
- [x86] entry/64: Wipe KASAN stack shadow before rewind_stack_do_exit()
- [s390x] qdio: reset old sbal_state flags
- [s390x] pci: fix out of bounds access during irq setup
- kprobes: Make list and blacklist root user read only
- [mips*] lib: Provide MIPS64r6 __multi3() for GCC < 7
- scsi: sysfs: Introduce sysfs_{un,}break_active_protection()
- scsi: core: Avoid that SCSI device removal through sysfs triggers a
deadlock
- iscsi target: fix session creation failure handling
- [armhf] clk: rockchip: fix clk_i2sout parent selection bits on rk3399
- PM / clk: signedness bug in of_pm_clk_add_clks()
- cdrom: Fix info leak/OOB read in cdrom_ioctl_drive_status
(CVE-2018-16658)
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.126
- net: 6lowpan: fix reserved space for single frames
- net: mac802154: tx: expand tailroom if necessary
- 9p/net: Fix zero-copy path in the 9p virtio transport
- [x86] drm/i915/userptr: reject zero user_size
- libertas: fix suspend and resume for SDIO connected cards
- [arm64] mailbox: xgene-slimpro: Fix potential NULL pointer dereference
- [ppc64el] powerpc/pseries: Fix endianness while restoring of r3 in MCE
handler.
- PCI: Add wrappers for dev_printk()
- [ppc64el] powerpc/powernv/pci: Work around races in PCI bridge enabling
- [ppc64el] cxl: Fix wrong comparison in cxl_adapter_context_get()
- ib_srpt: Fix a use-after-free in srpt_close_ch()
- RDMA/rxe: Set wqe->status correctly if an unexpected response is
received
- fs/9p/xattr.c: catch the error of p9_client_clunk when setting xattr
failed
- 9p/virtio: fix off-by-one error in sg list bounds check
- net/9p/client.c: version pointer uninitialized
- net/9p/trans_fd.c: fix race-condition by flushing workqueue before the
kfree()
- dm thin: stop no_space_timeout worker when switching to write-mode
- dm cache metadata: save in-core policy_hint_size to on-disk superblock
- uart: fix race between uart_put_char() and uart_shutdown()
- [x86] vmw_balloon: fix inflation of 64-bit GFNs
- [x86] vmw_balloon: do not use 2MB without batching
- [x86] vmw_balloon: VMCI_DOORBELL_SET does not check status
- [x86] vmw_balloon: fix VMCI use when balloon built into kernel
- [armhf] rtc: omap: fix potential crash on power off
- tracing: Do not call start/stop() functions when tracing_on does not
change
- tracing/blktrace: Fix to allow setting same value
- uprobes: Use synchronize_rcu() not synchronize_sched()
- [arm64] mfd: hi655x: Fix regmap area declared size for hi655x
- 9p: fix multiple NULL-pointer-dereferences
- PM / sleep: wakeup: Fix build error caused by missing SRCU support
- [x86] KVM: VMX: fixes for vmentry_l1d_flush module parameter
- pnfs/blocklayout: off by one in bl_map_stripe()
- NFSv4 client live hangs after live data migration recovery
- Replace magic for trusting the secondary keyring with #define
- [amd64] Fix kexec forbidding kernels signed with keys in the secondary
keyring to boot
- mm/tlb: Remove tlb_remove_table() non-concurrent condition
- [x86] iommu/vt-d: Add definitions for PFSID
- [x86] iommu/vt-d: Fix dev iotlb pfsid use
- userns: move user access out of the mutex
- ubifs: Fix memory leak in lprobs self-check
- Revert "UBIFS: Fix potential integer overflow in allocation"
- ubifs: Check data node size before truncate
- ubifs: Fix synced_i_size calculation for xattr inodes
- [armhf] pwm: tiehrpwm: Fix disabling of output of PWMs
- fb: fix lost console when the user unplugs a USB adapter
- udlfb: set optimal write delay
- getxattr: use correct xattr length
- [x86] libnvdimm: fix ars_status output length calculation
- printk/tracing: Do not trace printk_nmi_enter()
- bcache: release dc->writeback_lock properly in bch_writeback_thread()
- perf auxtrace: Fix queue resize
- [ppc64el] crypto: vmx - Fix sleep-in-atomic bugs
- fs/quota: Fix spectre gadget in do_quotactl
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.127
- [i386] speculation/l1tf: Fix up pte->pfn conversion for PAE
- act_ife: fix a potential use-after-free
- ipv4: tcp: send zero IPID for RST and ACK sent in SYN-RECV and TIME-WAIT
state
- net: sched: Fix memory exposure from short TCA_U32_SEL
- qlge: Fix netdev features configuration.
- r8169: add support for NCube 8168 network card
- tcp: do not restart timewait timer on rst reception
- vti6: remove !skb->ignore_df check from vti6_xmit()
- sctp: hold transport before accessing its asoc in
sctp_transport_get_next
- vhost: correctly check the iova range when waking virtqueue
- [x86] hv_netvsc: ignore devices that are not PCI
- act_ife: move tcfa_lock down to where necessary
- act_ife: fix a potential deadlock
- net: sched: action_ife: take reference to meta module
- cifs: check if SMB2 PDU size has been padded and suppress the warning
- hfsplus: don't return 0 when fill_super() failed
- hfs: prevent crash on exit from failed search
- sunrpc: Don't use stack buffer with scatterlist
- fork: don't copy inconsistent signal handler state to child
- reiserfs: change j_timestamp type to time64_t
- hfsplus: fix NULL dereference in hfsplus_lookup() (CVE-2018-14617)
- fat: validate ->i_start before using
- scripts: modpost: check memory allocation results
- virtio: pci-legacy: Validate queue pfn
- mm/fadvise.c: fix signed overflow UBSAN complaint
- fs/dcache.c: fix kmemcheck splat at take_dentry_name_snapshot()
- ipvs: fix race between ip_vs_conn_new() and ip_vs_del_dest()
- [mips*] mfd: sm501: Set coherent_dma_mask when creating subdevices
- [x86] platform/x86: asus-nb-wmi: Add keymap entry for lid flip action on
UX360
- net/9p/trans_fd.c: fix race by holding the lock
- net/9p: fix error path of p9_virtio_probe
- [ppc64el] perf probe powerpc: Fix trace event post-processing
- block: bvec_nr_vecs() returns value for wrong slab
- [s390x] dasd: fix hanging offline processing due to canceled worker
- [s390x] dasd: fix panic for failed online processing
- [x86] ACPI / scan: Initialize status to ACPI_STA_DEFAULT
- scsi: aic94xx: fix an error code in aic94xx_init()
- [armel,armhf] PCI: mvebu: Fix I/O space end address calculation
- dm kcopyd: avoid softlockup in run_complete_job
- RDS: IB: fix 'passing zero to ERR_PTR()' warning
- smb3: fix reset of bytes read and written stats
- SMB3: Number of requests sent should be displayed for SMB3 not just CIFS
- [ppc64el] powerpc/pseries: Avoid using the size greater than
RTAS_ERROR_LOG_MAX.
- [armhf] clk: rockchip: Add pclk_rkpwm_pmu to PMU critical clocks in
rk3399
- btrfs: replace: Reset on-disk dev stats value after replace
- btrfs: relocation: Only remove reloc rb_trees if reloc control has been
initialized (CVE-2018-14609)
- btrfs: Don't remove block group that still has pinned down bytes
- [arm64] rockchip: Force CONFIG_PM on Rockchip systems
- [arm*] rockchip: Force CONFIG_PM on Rockchip systems
- drm/edid: Add 6 bpc quirk for SDC panel in Lenovo B50-80
- tcp: Revert "tcp: tcp_probe: use spin_lock_bh()"
- [i386] pae: use 64 bit atomic xchg function in native_ptep_get_and_clear
- irda: Fix memory leak caused by repeated binds of irda socket
(CVE-2018-6554)
- irda: Only insert new objects into the global database via setsockopt
(CVE-2018-6555)
- enic: do not call enic_change_mtu in enic_probe
- Fix backport of "mm: numa: avoid waiting on freed migrated pages"
- sch_htb: fix crash on init failure
- sch_multiq: fix double free on init failure
- sch_hhf: fix null pointer dereference on init failure
- sch_netem: avoid null pointer deref on init failure
- sch_tbf: fix two null pointer dereferences on init failure
- [x86] mei: me: allow runtime pm for platform with D0i3
- [s390x] lib: use expoline for all bcr instructions
- btrfs: use correct compare function of dirty_metadata_bytes
- [arm64] Fix mismatched cache line size detection
- [arm64] Handle mismatched cache type
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.128
- [x86] i2c: i801: fix DNV's SMBCTRL register offset
- [s390x] KVM: s390: vsie: copy wrapping keys to right place
- ALSA: hda - Fix cancel_work_sync() stall from jackpoll work
- cfq: Give a chance for arming slice idle timer in case of group_idle
- kthread: Fix use-after-free if kthread fork fails
- [mips*] kthread: fix boot hang (regression) on MIPS/OpenRISC
- [x86] staging: rt5208: Fix a sleep-in-atomic bug in xd_copy_page
- [x86] staging/rts5208: Fix read overflow in memcpy
- IB/rxe: do not copy extra stack memory to skb
- block,blkcg: use __GFP_NOWARN for best-effort allocations in blkcg
- nl80211: fix null-ptr dereference on invalid mesh configuration
- locking/rwsem-xadd: Fix missed wakeup due to reordering of load
- selinux: use GFP_NOWAIT in the AVC kmem_caches
- locking/osq_lock: Fix osq_lock queue corruption
- mm, vmscan: clear PGDAT_WRITEBACK when zone is balanced
- mm: remove seemingly spurious reclaimability check from laptop_mode
gating
- [amd64] misc: mic: SCIF Fix scif_get_new_port() error handling
- Bluetooth: h5: Fix missing dependency on BT_HCIUART_SERDEV
- [arm64,armhf] gpio: tegra: Move driver registration to subsys_init level
- scsi: target: fix __transport_register_session locking
- md/raid5: fix data corruption of replacements after originals dropped
- timers: Clear timer_base::must_forward_clk with timer_base::lock held
- [arm64,armhf] misc: ti-st: Fix memory leak in the error path of probe()
- uio: potential double frees if __uio_register_device() fails
- [x86] tty: rocket: Fix possible buffer overwrite on register_PCI
- f2fs: do not set free of current section
- perf tools: Allow overriding MAX_NR_CPUS at compile time
- NFSv4.0 fix client reference leak in callback
- ath9k: report tx status on EOSP
- ath9k_hw: fix channel maximum power level test
- ath10k: prevent active scans on potential unusable channels
- [arm64,armhf] wlcore: Set rx_status boottime_ns field on rx
- [mips*] Fix ISA virt/bus conversion for non-zero PHYS_OFFSET
- ata: libahci: Correct setting of DEVSLP register
- scsi: 3ware: fix return 0 on the error path of probe
- ath10k: disable bundle mgmt tx completion event support
- Bluetooth: hidp: Fix handling of strncpy for hid->name information
- [x86] mm: Remove in_nmi() warning from vmalloc_fault()
- [x86] gpio: ml-ioh: Fix buffer underwrite on probe error path
- [armhf] net: mvneta: fix mtu change on port without link
- f2fs: try grabbing node page lock aggressively in sync scenario
- f2fs: fix to skip GC if type in SSA and SIT is inconsistent
- [x86] tpm/tpm_i2c_infineon: switch to i2c_lock_bus(...,
I2C_LOCK_SEGMENT)
- f2fs: fix to do sanity check with reserved blkaddr of inline inode
(CVE-2018-13099)
- [mips*] Octeon: add missing of_node_put()
- [mips*] generic: fix missing of_node_put()
- net: dcb: For wild-card lookups, use priority -1, not 0
- Input: atmel_mxt_ts - only use first T9 instance
- [ppc64el] partitions/aix: append null character to print data from disk
- [ppc64el] partitions/aix: fix usage of uninitialized lv_info and lvname
structures
- f2fs: Fix uninitialized return in f2fs_ioc_shutdown()
- [armhf] mfd: ti_am335x_tscadc: Fix struct clk memory leak
- f2fs: fix to do sanity check with {sit,nat}_ver_bitmap_bytesize
- NFSv4.1: Fix a potential layoutget/layoutrecall deadlock
- [mips*] WARN_ON invalid DMA cache maintenance, not BUG_ON
- RDMA/cma: Do not ignore net namespace for unbound cm_id
- xhci: Fix use-after-free in xhci_free_virt_device
- netfilter: x_tables: avoid stack-out-of-bounds read in
xt_copy_counters_from_user
- mtd: ubi: wl: Fix error return code in ubi_wl_init()
- autofs: fix autofs_sbi() does not check super block type
- mm: get rid of vmacache_flush_all() entirely (CVE-2018-17182)
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.129
- be2net: Fix memory leak in be_cmd_get_profile_config()
- rds: fix two RCU related problems
- net/mlx5: Fix use-after-free in self-healing flow
- net/mlx5: Fix debugfs cleanup in the device init/remove flow
- [arm64] iommu/arm-smmu-v3: sync the OVACKFLG to PRIQ consumer register
- [i386] ALSA: msnd: Fix the default sample sizes
- ALSA: usb-audio: Fix multiple definitions in AU0828_DEVICE() macro
- xfrm: fix 'passing zero to ERR_PTR()' warning
- gfs2: Special-case rindex for gfs2_grow
- clk: clk-fixed-factor: Clear OF_POPULATED flag in case of failure
- media: tw686x: Fix oops on buffer alloc failure
- [armhf] dmaengine: pl330: fix irq race with terminate_all
- media: videobuf2-core: check for q->error in vb2_core_qbuf()
- IB/rxe: Drop QP0 silently
- gfs2: Don't reject a supposedly full bitmap if we have blocks reserved
- fbdev: Distinguish between interlaced and progressive modes
- [ppc64el] powerpc/powernv: opal_put_chars partial write fix
- mac80211: restrict delayed tailroom needed decrement
- Smack: Fix handling of IPv4 traffic received by PF_INET6 sockets
- [arm64,armhf] efi/arm: preserve early mapping of UEFI memory map longer
for BGRT
- nfp: avoid buffer leak when FW communication fails
- xen-netfront: fix queue name setting
- [arm64] dts: qcom: db410c: Fix Bluetooth LED trigger
- [arm64] dts: qcom: msm8974-hammerhead: increase load on l20 for sdhci
- [s390x] qeth: fix race in used-buffer accounting
- [s390x] qeth: reset layer2 attribute on layer switch
- [arm64,armhf] KVM: arm/arm64: Fix vgic init race
- drivers/base: stop new probing during shutdown
- [arm64] dmaengine: mv_xor_v2: kill the tasklets upon exit
- xen-netfront: fix warn message as irq device name has '/'
- RDMA/cma: Protect cma dev list with lock
- [x86] pstore: Fix incorrect persistent ram buffer mapping
- xen/netfront: fix waiting for xenbus state change
- [armhf] mmc: omap_hsmmc: fix wakeirq handling on removal
- misc: hmc6352: fix potential Spectre v1
- usb: Don't die twice if PCI xhci host is not responding in resume
- [x86] mei: ignore not found client in the enumeration
- USB: Add quirk to support DJI CineSSD
- usb: uas: add support for more quirk flags
- usb: Avoid use-after-free by flushing endpoints early in
usb_set_interface()
- usb: host: u132-hcd: Fix a sleep-in-atomic-context bug in
u132_get_frame()
- USB: add quirk for WORLDE Controller KS49 or Prodipe MIDI 49C USB
controller
- USB: net2280: Fix erroneous synchronization change
- USB: serial: io_ti: fix array underflow in completion handler
- usb: misc: uss720: Fix two sleep-in-atomic-context bugs
- USB: serial: ti_usb_3410_5052: fix array underflow in completion handler
- USB: yurex: Fix buffer over-read in yurex_write()
- usb: cdc-wdm: Fix a sleep-in-atomic-context bug in
service_outstanding_interrupt()
- Revert "cdc-acm: implement put_char() and flush_chars()"
- cifs: prevent integer overflow in nxt_dir_entry()
- CIFS: fix wrapping bugs in num_entries()
- perf/core: Force USER_DS when recording user stack data
- NFSv4.1 fix infinite loop on I/O.
- binfmt_elf: Respect error return from `regset->active'
- audit: fix use-after-free in audit_add_watch
- mtdchar: fix overflows in adjustment of `count`
- configfs: fix registered group removal
- efi/esrt: Only call efi_mem_reserve() for boot services memory
- [armhf] gpu: ipu-v3: csi: pass back mbus_code_to_bus_cfg error codes
- [arm64,armhf] mmc: tegra: prevent HS200 on Tegra 3
- mmc: sdhci: do not try to use 3.3V signaling if not supported
- drm/nouveau: tegra: Detach from ARM DMA/IOMMU mapping
- [amd64] drm/amdkfd: Fix error codes in kfd_get_process
- ALSA: pcm: Fix snd_interval_refine first/last with open min/max
- [arm64] pinctrl: qcom: spmi-gpio: Fix pmic_gpio_config_get() to be
compliant
- [x86] mei: bus: type promotion bug in mei_nfc_if_version()
- [mips*] VDSO: Match data page cache colouring when D$ aliases
- Fix link state change interrupts identification (Closes: #896911)
+ e1000e: Remove Other from EIAC
+ Partial revert "e1000e: Avoid receiver overrun interrupt bursts"
+ e1000e: Fix queue interrupt re-raising in Other interrupt
+ e1000e: Avoid missed interrupts following ICR read
+ Revert "e1000e: Separate signaling for link check/link up"
+ e1000e: Fix link check race condition
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.130
- [x86] NFC: Fix possible memory corruption when handling SHDLC I-Frame
commands
- NFC: Fix the number of pipes
- ALSA: bebob: fix memory leak for M-Audio FW1814 and ProjectMix I/O at
error path
- ALSA: bebob: use address returned by kmalloc() instead of kernel stack
for streaming DMA mapping
- ALSA: emu10k1: fix possible info leak to userspace on
SNDRV_EMU10K1_IOCTL_INFO
- ALSA: firewire-digi00x: fix memory leak of private data
- ALSA: firewire-tascam: fix memory leak of private data
- ALSA: fireworks: fix memory leak of response buffer at error path
- ALSA: oxfw: fix memory leak for model-dependent data at error path
- ALSA: oxfw: fix memory leak of discovered stream formats at error path
- ALSA: oxfw: fix memory leak of private data
- [x86] platform/x86: alienware-wmi: Correct a memory leak
- xen/netfront: don't bug in case of too many frags
- [x86] xen/x86/vpmu: Zero struct pt_regs before calling into sample
handling code
- Revert "PCI: Add ACS quirk for Intel 300 series"
- ring-buffer: Allow for rescheduling when removing pages
- mm: shmem.c: Correctly annotate new inodes for lockdep
- gso_segment: Reset skb->mac_len after modifying network header
- ipv6: fix possible use-after-free in ip6_xmit()
- net/appletalk: fix minor pointer leak to userspace in SIOCFINDIPDDPRT
- [x86] net: hp100: fix always-true check for link up state
- udp4: fix IP_CMSG_CHECKSUM for connected sockets
- neighbour: confirm neigh entries when ARP packet is received
- ocfs2: fix ocfs2 read block panic
- drm/nouveau/drm/nouveau: Fix bogus drm_kms_helper_poll_enable()
placement
- drm/nouveau/drm/nouveau: Use pm_runtime_get_noresume() in
connector_detect()
- drm/nouveau/drm/nouveau: Prevent handling ACPI HPD events too early
- [arm64,armhf] drm/vc4: Fix the "no scaling" case on multi-planar YUV
formats
- tty: vt_ioctl: fix potential Spectre v1
- ext4: check to make sure the rename(2)'s destination is not freed
- ext4: avoid divide by zero fault when deleting corrupted inline
directories
- ext4: recalucate superblock checksum after updating free blocks/inodes
- ext4: fix online resize's handling of a too-small final block group
- ext4: fix online resizing for bigalloc file systems with a 1k block size
- ext4: don't mark mmp buffer head dirty
- ext4: show test_dummy_encryption mount option in /proc/mounts
- sched/fair: Fix vruntime_normalized() for remote non-migration wakeup
- HID: sony: Update device ids
- HID: sony: Support DS4 dongle
- [arm64] PCI: aardvark: Size bridges before resources allocation
- vmw_balloon: include asm/io.h
- iw_cxgb4: only allow 1 flush on user qps
.
[ Salvatore Bonaccorso ]
* [rt] Update to 4.9.115-rt93
* [rt] Drop 0145-stop_machine-Use-raw-spinlocks.patch patch
* [rt] Drop 0144-stop_machine-convert-stop_machine_run-to-PREEMPT_RT.patch
patch
* [rt] Refresh 0225-fs-dcache-use-swait_queue-instead-of-waitqueue.patch
patch
* [rt] Refresh 0156-softirq-Split-softirq-locks.patch patch for context
changes in 4.9.120
* [rt] Refresh 0161-softirq-wake-the-timer-softirq-if-needed.patch for
context changes in 4.9.120
* [rt] Refresh 0001-timer-make-the-base-lock-raw.patch for context changes
in 4.9.128
* [rt] Refresh 0162-timers-Don-t-wake-ktimersoftd-on-every-tick.patch for
context changes in 4.9.128
* [rt] Refresh 0163-Revert-timers-Don-t-wake-ktimersoftd-on-every-tick.patch
for context changes in 4.9.128
* [rt] Refresh 0246-irqwork-push-most-work-into-softirq-context.patch for
context changes in 4.9.128
* [rt] Refresh 0247-irqwork-Move-irq-safe-work-to-irq-context.patch for
context changes in 4.9.128
* NFC: Ignore ABI changes
.
[ Ben Hutchings ]
* [arm64] cpucaps: Avoid ABI changes in 4.9.114
* iio: Avoid ABI change in 4.9.111
* exec: Avoid ABI change in 4.9.116
* net: Avoid ABI change in 4.9.115
* Revert "netfilter: ipv6: nf_defrag: reduce struct net memory waste" to
avoid an ABI change
* Revert core changes in "tcp: remove DELAYED ACK events in DCTCP" to
avoid an ABI change
* string: Avoid ABI change in 4.9.114
* Revert "proc/sysctl: prune stale dentries during unregistering" etc.
to avoid an ABI change
* tcp: Avoid ABI change in 4.9.116
* vmw_vsock: Ignore ABI changes
* loop: Ignore ABI changes
* KVM: Ignore ABI changes on all architectures
* xen: Ignore ABI changes
* [x86] cpu: Avoid ABI change in 4.9.125
* [mips*] Revert "MIPS: Correct the 64-bit DSP accumulator register size"
temporarily to avoid an ABI change
* debian/control: Point Vcs URLs to Salsa
* README.Debian: Update URLs that were pointing to Alioth
* mm: Avoid ABI change in 4.9.128
.
[ Moritz Muehlenhoff ]
* megaraid_sas: Add support for Perc 740P/840 (Closes: #890034)
.
linux (4.9.110-3+deb9u6) stretch-security; urgency=high
.
* [arm64] KVM: Tighten guest core register access from userspace
(CVE-2018-18021)
* [arm64] KVM: Sanitize PSTATE.M when being set from userspace
(CVE-2018-18021)
* xen-netback: fix input validation in xenvif_set_hash_mapping()
(CVE-2018-15471)
Checksums-Sha1:
ca9cd361c4e46579226e6fc2485cff71b00e1e43 15561 linux-4.9_4.9.144-3.1~deb8u1.dsc
cf741d03158de4659f501b45dbab7bc9379532d8 94735088 linux-4.9_4.9.144.orig.tar.xz
be71edac46c8964b74323757a0c546a4d261a06e 1201240 linux-4.9_4.9.144-3.1~deb8u1.debian.tar.xz
8807684ca88b2f7472607f498d592248dde24bc5 7647636 linux-headers-4.9.0-0.bpo.8-common_4.9.144-3.1~deb8u1_all.deb
2cbf70f95ca17f1da4d2772d1f8f614fa48fe484 5706730 linux-headers-4.9.0-0.bpo.8-common-rt_4.9.144-3.1~deb8u1_all.deb
ccb29cfa784e1ede66830537e129de93743b3d01 656960 linux-support-4.9.0-0.bpo.8_4.9.144-3.1~deb8u1_all.deb
552b1b2460fbaebff6e8e8136e4fe8971987f24a 11379136 linux-doc-4.9_4.9.144-3.1~deb8u1_all.deb
80dc70951bdabb86e425eec8043d35200fa6d7a8 3200352 linux-manual-4.9_4.9.144-3.1~deb8u1_all.deb
b0d3de20af1899bb1bb6450d2c382c1805017e59 96766640 linux-source-4.9_4.9.144-3.1~deb8u1_all.deb
Checksums-Sha256:
3d383d013bb57c22405699bfbef436322132c99d1b89f387e2225a53f2e65f01 15561 linux-4.9_4.9.144-3.1~deb8u1.dsc
f786fb268ffc8b888d35df68a3a67656662e4f24f7397b3db492ed3d8dc918e3 94735088 linux-4.9_4.9.144.orig.tar.xz
23f811db2fb9e4db0a763a4380ba77fc5a79c64ed70fbf7c61cdf7c52511413f 1201240 linux-4.9_4.9.144-3.1~deb8u1.debian.tar.xz
a9d1b5f33f91cceeab17f5f0258f806d18db24efc0e2f916bbc7de832fde1f09 7647636 linux-headers-4.9.0-0.bpo.8-common_4.9.144-3.1~deb8u1_all.deb
ebd9faa3c2a6b182798d43aada21228db11e97e73e6a91fc8980b010522a202f 5706730 linux-headers-4.9.0-0.bpo.8-common-rt_4.9.144-3.1~deb8u1_all.deb
066f9743834845eb419a05036a7c7b1aa46cb056a62f28c00199d2f90711de6b 656960 linux-support-4.9.0-0.bpo.8_4.9.144-3.1~deb8u1_all.deb
81d15476b868c0e4f65c856bcbbc2d38e8cf47cef29af7900fea552966de1fa0 11379136 linux-doc-4.9_4.9.144-3.1~deb8u1_all.deb
616accdf0bc76967cb2f5b023016e1969c428df8af4c3ce4e5512def54b07fef 3200352 linux-manual-4.9_4.9.144-3.1~deb8u1_all.deb
af57a3a037abadf8650bd991131879a04b528af8746be52098492ab557231649 96766640 linux-source-4.9_4.9.144-3.1~deb8u1_all.deb
Files:
09447b61eba0619f06b487157d55da6e 15561 kernel optional linux-4.9_4.9.144-3.1~deb8u1.dsc
cbc38f254bc0b681cbd9bf81fd528f3c 94735088 kernel optional linux-4.9_4.9.144.orig.tar.xz
af145c6743deb0fe8959c34fe879c952 1201240 kernel optional linux-4.9_4.9.144-3.1~deb8u1.debian.tar.xz
fa833a983476d41b85ceca8b70034b3e 7647636 kernel optional linux-headers-4.9.0-0.bpo.8-common_4.9.144-3.1~deb8u1_all.deb
22149fb2e9d1a63e8cca49f27789be0c 5706730 kernel optional linux-headers-4.9.0-0.bpo.8-common-rt_4.9.144-3.1~deb8u1_all.deb
28203eef6ca7a6b73c4deb01f1d85a83 656960 devel optional linux-support-4.9.0-0.bpo.8_4.9.144-3.1~deb8u1_all.deb
fca9f3e920ae1cd1fa14c21dd9ec40eb 11379136 doc optional linux-doc-4.9_4.9.144-3.1~deb8u1_all.deb
5570e344dad900fda81d814791f20d85 3200352 doc optional linux-manual-4.9_4.9.144-3.1~deb8u1_all.deb
31eefa1b1a9b7ebf54ba73af46535def 96766640 kernel optional linux-source-4.9_4.9.144-3.1~deb8u1_all.deb
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEErCspvTSmr92z9o8157/I7JWGEQkFAlyLoz0ACgkQ57/I7JWG
EQkrAw//XtKGmBqvwr5C4F1yHgFQ4yGcHY06LfrhGj4FwsX5nZl72YOP1ed36p7+
Tft0J8BZj4Q8ydYJDsU5YR8tOiD46aOkSC6nmLb9AiDOo3vQiSw6IabmcPkvLi9+
LBO8OyNRUPdVAXVyHMNZdL8iec12s68rjBwMPSHjZtnV5ZWN9bQPVcCFILOW1k0f
fI9Q3Tw6xFYVZxbZByk7CqQuxi9iUDKryCS72bjvtGdLuQsZvpmscRykzD68yFY3
yvbPo6dlmjSm+HGqNPmix3xszWBtEov+TAM3Idf0CSRsmVsLITSswRMlOzfeK9Uo
m+GKxYwmHHCDDl6yBP4Bl1Uv9AYHXEHWsaBkfrw6XhZBZRXZQAW7yuLNakCgo928
tHpSfTn3qopGfpJdPvdcoDM4uclYbJPuQ4z+nIbolh0Q7VmzIJkJo9TsCweRq4Q1
E9i8GVbMUU0j/kh6asm6mUZfX4UfgagbLDhUqc22ivFbq62Bkm4GZtSRcgJYZVYg
HiwUzM9CJohovzaqxRPqfGW0BvvM+pea482mv0fsEufeJE+lZRjf8FyQwuGWZ/v+
VJMwYI6sgiVt83kHqLE1+MK4kEucUaZhtYurdtED4nWqVZ0DjfnuWnhAnHphT6bA
JBAHjrgVxukqYBUBq9UNpAr88yJeI3PqqLoSTIZ1kJs2WSmA3mg=
=RlPQ
-----END PGP SIGNATURE-----