← Back to team overview

group.of.nepali.translators team mailing list archive

[Bug 1861238] Re: Root can lift kernel lockdown via USB/IP

 

This bug was fixed in the package linux - 5.3.0-42.34

---------------
linux (5.3.0-42.34) eoan; urgency=medium

  * eoan/linux: 5.3.0-42.34 -proposed tracker (LP: #1865111)

  * CVE-2020-2732
    - KVM: nVMX: Don't emulate instructions in guest mode
    - KVM: nVMX: Refactor IO bitmap checks into helper function
    - KVM: nVMX: Check IO instruction VM-exit conditions

linux (5.3.0-41.33) eoan; urgency=medium

  * eoan/linux: 5.3.0-41.33 -proposed tracker (LP: #1863294)

  * CVE-2019-3016
    - x86/kvm: Be careful not to clear KVM_VCPU_FLUSH_TLB bit
    - x86/kvm: Introduce kvm_(un)map_gfn()
    - x86/kvm: Cache gfn to pfn translation
    - x86/KVM: Make sure KVM_VCPU_FLUSH_TLB flag is not missed
    - x86/KVM: Clean up host's steal time structure

  * Reduce s2idle power consumption when ethernet cable is connected on e1000e
    (LP: #1859126)
    - e1000e: Add support for S0ix

  * alsa/sof: let legacy hda driver and sof driver co-exist (LP: #1837828)
    - ASoC: Intel: Skylake: move NHLT header to common directory
    - ALSA: hda: move parts of NHLT code to new module
    - ALSA: hda: intel-nhlt: handle NHLT VENDOR_DEFINED DMIC geometry
    - ASoC: Intel: Skylake: use common NHLT module
    - ALSA: hda/intel: stop probe if DMICS are detected on Skylake+ platforms
    - [Config] Enable SND_HDA_INTEL_DETECT_DMIC

  * USB key cannot be detected by hotplug on Sunix USB Type-A 3.1 Gen 2 card
    [1b21:2142]  (LP: #1858988)
    - SAUCE: PCI: Avoid ASMedia XHCI USB PME# from D0 defect

  * ipsec interfaces: fix sending with bpf_redirect() / AF_PACKET sockets
    (LP: #1860969)
    - vti[6]: fix packet tx through bpf_redirect()
    - xfrm interface: fix packet tx through bpf_redirect()

  * peripheral devices on Dell WD19TB cannot be detected after suspend resume
    (LP: #1859407)
    - PCI: irq: Introduce rearm_wake_irq()
    - ACPICA: Return u32 from acpi_dispatch_gpe()
    - ACPI: EC: Return bool from acpi_ec_dispatch_gpe()
    - ACPI: PM: Set s2idle_wakeup earlier and clear it later
    - PM: sleep: Simplify suspend-to-idle control flow
    - ACPI: EC: Rework flushing of pending work

  * Dell XPS 13 (7390) Display Flickering - 19.10  (LP: #1849947)
    - SAUCE: drm/i915: Disable PSR by default on all platforms

  * Root can lift kernel lockdown via USB/IP (LP: #1861238)
    - Revert "UBUNTU: SAUCE: (efi-lockdown) Add a SysRq option to lift kernel
      lockdown"

  * [CML-H] Add intel_thermal_pch driver support Comet Lake -H (LP: #1853219)
    - thermal: intel: intel_pch_thermal: Add Comet Lake (CML) platform support

  * Eoan update: upstream stable patchset 2020-02-07 (LP: #1862429)
    - ARM: dts: meson8: fix the size of the PMU registers
    - clk: qcom: gcc-sdm845: Add missing flag to votable GDSCs
    - dt-bindings: reset: meson8b: fix duplicate reset IDs
    - ARM: dts: imx6q-dhcom: fix rtc compatible
    - clk: Don't try to enable critical clocks if prepare failed
    - ASoC: msm8916-wcd-digital: Reset RX interpolation path after use
    - iio: buffer: align the size of scan bytes to size of the largest element
    - USB: serial: simple: Add Motorola Solutions TETRA MTP3xxx and MTP85xx
    - USB: serial: option: Add support for Quectel RM500Q
    - USB: serial: opticon: fix control-message timeouts
    - USB: serial: option: add support for Quectel RM500Q in QDL mode
    - USB: serial: suppress driver bind attributes
    - USB: serial: ch341: handle unbound port at reset_resume
    - USB: serial: io_edgeport: handle unbound ports on URB completion
    - USB: serial: io_edgeport: add missing active-port sanity check
    - USB: serial: keyspan: handle unbound ports
    - USB: serial: quatech2: handle unbound ports
    - scsi: fnic: fix invalid stack access
    - scsi: mptfusion: Fix double fetch bug in ioctl
    - ASoC: msm8916-wcd-analog: Fix selected events for MIC BIAS External1
    - ASoC: msm8916-wcd-analog: Fix MIC BIAS Internal1
    - ARM: dts: imx6q-dhcom: Fix SGTL5000 VDDIO regulator connection
    - ALSA: dice: fix fallback from protocol extension into limited functionality
    - ALSA: seq: Fix racy access for queue timer in proc read
    - ALSA: usb-audio: fix sync-ep altsetting sanity check
    - arm64: dts: allwinner: a64: olinuxino: Fix SDIO supply regulator
    - Fix built-in early-load Intel microcode alignment
    - block: fix an integer overflow in logical block size
    - ARM: dts: am571x-idk: Fix gpios property to have the correct gpio number
    - ptrace: reintroduce usage of subjective credentials in ptrace_has_cap()
    - usb: core: hub: Improved device recognition on remote wakeup
    - x86/resctrl: Fix an imbalance in domain_remove_cpu()
    - x86/CPU/AMD: Ensure clearing of SME/SEV features is maintained
    - x86/efistub: Disable paging at mixed mode entry
    - drm/i915: Add missing include file <linux/math64.h>
    - x86/resctrl: Fix potential memory leak
    - perf hists: Fix variable name's inconsistency in hists__for_each() macro
    - perf report: Fix incorrectly added dimensions as switch perf data file
    - mm/shmem.c: thp, shmem: fix conflict of above-47bit hint address and PMD
      alignment
    - mm: memcg/slab: call flush_memcg_workqueue() only if memcg workqueue is
      valid
    - btrfs: rework arguments of btrfs_unlink_subvol
    - btrfs: fix invalid removal of root ref
    - btrfs: do not delete mismatched root refs
    - btrfs: fix memory leak in qgroup accounting
    - mm/page-writeback.c: avoid potential division by zero in wb_min_max_ratio()
    - ARM: dts: imx6q-icore-mipi: Use 1.5 version of i.Core MX6DL
    - ARM: dts: imx7: Fix Toradex Colibri iMX7S 256MB NAND flash support
    - net: stmmac: 16KB buffer must be 16 byte aligned
    - net: stmmac: Enable 16KB buffer size
    - mm/huge_memory.c: thp: fix conflict of above-47bit hint address and PMD
      alignment
    - arm64: dts: agilex/stratix10: fix pmu interrupt numbers
    - bpf: Fix incorrect verifier simulation of ARSH under ALU32
    - cfg80211: fix deadlocks in autodisconnect work
    - cfg80211: fix memory leak in cfg80211_cqm_rssi_update
    - cfg80211: fix page refcount issue in A-MSDU decap
    - netfilter: fix a use-after-free in mtype_destroy()
    - netfilter: arp_tables: init netns pointer in xt_tgdtor_param struct
    - netfilter: nft_tunnel: fix null-attribute check
    - netfilter: nf_tables: remove WARN and add NLA_STRING upper limits
    - netfilter: nf_tables: store transaction list locally while requesting module
    - netfilter: nf_tables: fix flowtable list del corruption
    - NFC: pn533: fix bulk-message timeout
    - batman-adv: Fix DAT candidate selection on little endian systems
    - macvlan: use skb_reset_mac_header() in macvlan_queue_xmit()
    - hv_netvsc: Fix memory leak when removing rndis device
    - net: dsa: tag_qca: fix doubled Tx statistics
    - net: hns: fix soft lockup when there is not enough memory
    - net: usb: lan78xx: limit size of local TSO packets
    - net/wan/fsl_ucc_hdlc: fix out of bounds write on array utdm_info
    - ptp: free ptp device pin descriptors properly
    - r8152: add missing endpoint sanity check
    - tcp: fix marked lost packets not being retransmitted
    - sh_eth: check sh_eth_cpu_data::dual_port when dumping registers
    - mlxsw: spectrum: Wipe xstats.backlog of down ports
    - mlxsw: spectrum_qdisc: Include MC TCs in Qdisc counters
    - xen/blkfront: Adjust indentation in xlvbd_alloc_gendisk
    - tcp: refine rule to allow EPOLLOUT generation under mem pressure
    - irqchip: Place CONFIG_SIFIVE_PLIC into the menu
    - cw1200: Fix a signedness bug in cw1200_load_firmware()
    - arm64: dts: meson-gxl-s905x-khadas-vim: fix gpio-keys-polled node
    - cfg80211: check for set_wiphy_params
    - tick/sched: Annotate lockless access to last_jiffies_update
    - arm64: dts: marvell: Fix CP110 NAND controller node multi-line comment
      alignment
    - Revert "arm64: dts: juno: add dma-ranges property"
    - mtd: devices: fix mchp23k256 read and write
    - reiserfs: fix handling of -EOPNOTSUPP in reiserfs_for_each_xattr
    - scsi: esas2r: unlock on error in esas2r_nvram_read_direct()
    - scsi: qla4xxx: fix double free bug
    - scsi: bnx2i: fix potential use after free
    - scsi: target: core: Fix a pr_debug() argument
    - scsi: qla2xxx: Fix qla2x00_request_irqs() for MSI
    - scsi: qla2xxx: fix rports not being mark as lost in sync fabric scan
    - scsi: core: scsi_trace: Use get_unaligned_be*()
    - perf probe: Fix wrong address verification
    - clk: sprd: Use IS_ERR() to validate the return value of
      syscon_regmap_lookup_by_phandle()
    - regulator: ab8500: Remove SYSCLKREQ from enum ab8505_regulator_id
    - hwmon: (pmbus/ibm-cffps) Switch LEDs to blocking brightness call
    - arm64: dts: ls1028a: fix endian setting for dcfg
    - arm64: dts: imx8mm: Change SDMA1 ahb clock for imx8mm
    - bus: ti-sysc: Fix iterating over clocks
    - arm64: dts: imx8mq-librem5-devkit: use correct interrupt for the
      magnetometer
    - ASoC: stm32: sai: fix possible circular locking
    - ASoC: stm32: dfsdm: fix 16 bits record
    - ARM: OMAP2+: Fix ti_sysc_find_one_clockdomain to check for to_clk_hw_omap
    - ARM: dts: imx7ulp: fix reg of cpu node
    - ASoC: Intel: bytcht_es8316: Fix Irbis NB41 netbook quirk
    - ALSA: firewire-tascam: fix corruption due to spin lock without restoration
      in SoftIRQ context
    - clk: sunxi-ng: r40: Allow setting parent rate for external clock outputs
    - cpuidle: teo: Fix intervals[] array indexing bug
    - iio: adc: ad7124: Fix DT channel configuration
    - iio: imu: st_lsm6dsx: Fix selection of ST_LSM6DS3_ID
    - iio: light: vcnl4000: Fix scale for vcnl4040
    - iio: chemical: pms7003: fix unmet triggered buffer dependency
    - staging: comedi: ni_routes: fix null dereference in ni_find_route_source()
    - staging: comedi: ni_routes: allow partial routing information
    - mtd: rawnand: gpmi: Fix suspend/resume problem
    - mtd: rawnand: gpmi: Restore nfc timing setup after suspend/resume
    - cpu/SMT: Fix x86 link error without CONFIG_SYSFS
    - perf/x86/intel/uncore: Fix missing marker for
      snr_uncore_imc_freerunning_events
    - efi/earlycon: Fix write-combine mapping on x86
    - s390/setup: Fix secure ipl message
    - clk: samsung: exynos5420: Keep top G3D clocks enabled
    - mm: memcg/slab: fix percpu slab vmstats flushing
    - mm, debug_pagealloc: don't rely on static keys too early
    - btrfs: relocation: fix reloc_root lifespan and access
    - btrfs: check rw_devices, not num_devices for balance
    - Btrfs: always copy scrub arguments back to user space
    - mm/memory_hotplug: don't free usage map when removing a re-added early
      section
    - ARM: dts: imx6qdl-sabresd: Remove incorrect power supply assignment
    - ARM: dts: imx6sx-sdb: Remove incorrect power supply assignment
    - ARM: dts: imx6sl-evk: Remove incorrect power supply assignment
    - ARM: dts: imx6sll-evk: Remove incorrect power supply assignment
    - reset: Fix {of,devm}_reset_control_array_get kerneldoc return types
    - tipc: fix potential hanging after b/rcast changing
    - tipc: fix retrans failure due to wrong destination
    - drm/amd/display: Reorder detect_edp_sink_caps before link settings read.
    - bpf: Sockmap/tls, during free we may call tcp_bpf_unhash() in loop
    - bpf: Sockmap, ensure sock lock held during tear down
    - bpf: Sockmap/tls, push write_space updates through ulp updates
    - bpf: Sockmap, skmsg helper overestimates push, pull, and pop bounds
    - bpf: Sockmap/tls, msg_push_data may leave end mark in place
    - bpf: Sockmap/tls, tls_sw can create a plaintext buf > encrypt buf
    - bpf: Sockmap/tls, skmsg can have wrapped skmsg that needs extra chaining
    - bpf: Sockmap/tls, fix pop data with SK_DROP return code
    - i2c: tegra: Fix suspending in active runtime PM state
    - i2c: tegra: Properly disable runtime PM on driver's probe error
    - cfg80211: fix memory leak in nl80211_probe_mesh_link
    - bpf/sockmap: Read psock ingress_msg before sk_receive_queue
    - i2c: iop3xx: Fix memory leak in probe error path
    - netfilter: nat: fix ICMP header corruption on ICMP errors
    - netfilter: nft_tunnel: ERSPAN_VERSION must not be null
    - net: bpf: Don't leak time wait and request sockets
    - net: hns3: pad the short frame before sending to the hardware
    - net: phy: dp83867: Set FORCE_LINK_GOOD to default after reset
    - net/sched: act_ife: initalize ife->metalist earlier
    - bnxt_en: Fix NTUPLE firmware command failures.
    - bnxt_en: Fix ipv6 RFS filter matching logic.
    - bnxt_en: Do not treat DSN (Digital Serial Number) read failure as fatal.
    - net: ethernet: ave: Avoid lockdep warning
    - net: systemport: Fixed queue mapping in internal ring map
    - net: dsa: sja1105: Don't error out on disabled ports with no phy-mode
    - net: dsa: tag_gswip: fix typo in tagger name
    - net: sched: act_ctinfo: fix memory leak
    - net: dsa: bcm_sf2: Configure IMP port for 2Gb/sec
    - i40e: prevent memory leak in i40e_setup_macvlans
    - drm/amdgpu: allow direct upload save restore list for raven2
    - mlxsw: spectrum: Do not modify cloned SKBs during xmit
    - selftests: mlxsw: qos_mc_aware: Fix mausezahn invocation
    - devlink: Wait longer before warning about unset port type
    - dt-bindings: Add missing 'properties' keyword enclosing 'snps,tso'
    - arm64: dts: meson: axg: fix audio fifo reg size
    - arm64: dts: meson: g12: fix audio fifo reg size
    - arm64: dts: renesas: r8a77970: Fix PWM3
    - arm64: dts: marvell: Add AP806-dual missing CPU clocks
    - arm64: dts: qcom: sdm845-cheza: delete zap-shader
    - arm64: dts: juno: Fix UART frequency
    - ARM: dts: Fix sgx sysconfig register for omap4
    - mtd: cfi_cmdset_0002: only check errors when ready in cfi_check_err_status()
    - scsi: lpfc: fix: Coverity: lpfc_get_scsi_buf_s3(): Null pointer dereferences
    - scsi: scsi_transport_sas: Fix memory leak when removing devices
    - perf script: Allow --time with --reltime
    - clk: imx7ulp: Correct system clock source option #7
    - clk: imx7ulp: Correct DDR clock mux options
    - hwmon: (pmbus/ibm-cffps) Fix LED blink behavior
    - perf script: Fix --reltime with --time
    - upstream stable to v4.19.98, v5.4.14

  * Eoan update: upstream stable patchset 2020-02-06 (LP: #1862227)
    - chardev: Avoid potential use-after-free in 'chrdev_open()'
    - i2c: fix bus recovery stop mode timing
    - usb: chipidea: host: Disable port power only if previously enabled
    - ALSA: usb-audio: Apply the sample rate quirk for Bose Companion 5
    - ALSA: hda/realtek - Add new codec supported for ALCS1200A
    - ALSA: hda/realtek - Set EAPD control to default for ALC222
    - ALSA: hda/realtek - Add quirk for the bass speaker on Lenovo Yoga X1 7th gen
    - kernel/trace: Fix do not unregister tracepoints when register
      sched_migrate_task fail
    - tracing: Have stack tracer compile when MCOUNT_INSN_SIZE is not defined
    - tracing: Change offset type to s32 in preempt/irq tracepoints
    - HID: Fix slab-out-of-bounds read in hid_field_extract
    - HID: uhid: Fix returning EPOLLOUT from uhid_char_poll
    - HID: hid-input: clear unmapped usages
    - Input: add safety guards to input_set_keycode()
    - Input: input_event - fix struct padding on sparc64
    - drm/sun4i: tcon: Set RGB DCLK min. divider based on hardware model
    - drm/fb-helper: Round up bits_per_pixel if possible
    - drm/dp_mst: correct the shifting in DP_REMOTE_I2C_READ
    - can: kvaser_usb: fix interface sanity check
    - can: gs_usb: gs_usb_probe(): use descriptors of current altsetting
    - can: mscan: mscan_rx_poll(): fix rx path lockup when returning from polling
      to irq mode
    - can: can_dropped_invalid_skb(): ensure an initialized headroom in outgoing
      CAN sk_buffs
    - gpiolib: acpi: Add Terra Pad 1061 to the run_edge_events_on_boot_blacklist
    - gpiolib: acpi: Turn dmi_system_id table into a generic quirk table
    - gpiolib: acpi: Add honor_wakeup module-option + quirk mechanism
    - staging: vt6656: set usb_set_intfdata on driver fail.
    - USB: serial: option: add ZLP support for 0x1bc7/0x9010
    - usb: musb: fix idling for suspend after disconnect interrupt
    - usb: musb: Disable pullup at init
    - usb: musb: dma: Correct parameter passed to IRQ handler
    - staging: comedi: adv_pci1710: fix AI channels 16-31 for PCI-1713
    - staging: rtl8188eu: Add device code for TP-Link TL-WN727N v5.21
    - serdev: Don't claim unsupported ACPI serial devices
    - tty: link tty and port before configuring it as console
    - tty: always relink the port
    - mwifiex: pcie: Fix memory leak in mwifiex_pcie_alloc_cmdrsp_buf
    - scsi: bfa: release allocated memory in case of error
    - rtl8xxxu: prevent leaking urb
    - HID: hiddev: fix mess in hiddev_open()
    - USB: Fix: Don't skip endpoint descriptors with maxpacket=0
    - phy: cpcap-usb: Fix error path when no host driver is loaded
    - phy: cpcap-usb: Fix flakey host idling and enumerating of devices
    - netfilter: arp_tables: init netns pointer in xt_tgchk_param struct
    - netfilter: conntrack: dccp, sctp: handle null timeout argument
    - netfilter: ipset: avoid null deref when IPSET_ATTR_LINENO is present
    - powercap: intel_rapl: add NULL pointer check to rapl_mmio_cpu_online()
    - tpm: Handle negative priv->response_len in tpm_common_read()
    - rtc: sun6i: Add support for RTC clocks on R40
    - drm/i915: Add Wa_1408615072 and Wa_1407596294 to icl,ehl
    - drm/i915: Add Wa_1407352427:icl,ehl
    - IB/hfi1: Adjust flow PSN with the correct resync_psn
    - pstore/ram: Regularize prz label allocation lifetime
    - staging: vt6656: Fix non zero logical return of, usb_control_msg
    - usb: ohci-da8xx: ensure error return on variable error is set
    - USB-PD tcpm: bad warning+size, PPS adapters
    - staging: vt6656: correct return of vnt_init_registers.
    - staging: vt6656: limit reg output to block size
    - iommu/vt-d: Fix adding non-PCI devices to Intel IOMMU
    - arm64: Move __ARCH_WANT_SYS_CLONE3 definition to uapi headers
    - arm64: Implement copy_thread_tls
    - arm: Implement copy_thread_tls
    - parisc: Implement copy_thread_tls
    - riscv: Implement copy_thread_tls
    - xtensa: Implement copy_thread_tls
    - powerpc: convert to copy_thread_tls
    - clone3: ensure copy_thread_tls is implemented
    - um: Implement copy_thread_tls
    - staging: vt6656: remove bool from vnt_radio_power_on ret
    - rpmsg: char: release allocated memory
    - hidraw: Return EPOLLOUT from hidraw_poll
    - HID: hidraw: Fix returning EPOLLOUT from hidraw_poll
    - HID: hidraw, uhid: Always report EPOLLOUT
    - iwlwifi: dbg_ini: fix memory leak in alloc_sgtable
    - iwlwifi: pcie: fix memory leaks in iwl_pcie_ctxt_info_gen3_init
    - rtc: mt6397: fix alarm register overwrite
    - RDMA/bnxt_re: Avoid freeing MR resources if dereg fails
    - RDMA/bnxt_re: Fix Send Work Entry state check while polling completions
    - ASoC: soc-core: Set dpcm_playback / dpcm_capture
    - ASoC: stm32: spdifrx: fix inconsistent lock state
    - ASoC: stm32: spdifrx: fix race condition in irq handler
    - mtd: onenand: omap2: Pass correct flags for prep_dma_memcpy
    - gpio: zynq: Fix for bug in zynq_gpio_restore_context API
    - iommu: Remove device link to group on failure
    - gpio: Fix error message on out-of-range GPIO in lookup table
    - hsr: reset network header when supervision frame is created
    - s390/qeth: Fix vnicc_is_in_use if rx_bcast not set
    - cifs: Adjust indentation in smb2_open_file
    - afs: Fix missing cell comparison in afs_test_super()
    - btrfs: simplify inode locking for RWF_NOWAIT
    - RDMA/mlx5: Return proper error value
    - RDMA/srpt: Report the SCSI residual to the initiator
    - scsi: enclosure: Fix stale device oops with hot replug
    - scsi: sd: Clear sdkp->protection_type if disk is reformatted without PI
    - platform/x86: asus-wmi: Fix keyboard brightness cannot be set to 0
    - platform/x86: GPD pocket fan: Use default values when wrong modparams are
      given
    - xprtrdma: Fix completion wait during device removal
    - crypto: virtio - implement missing support for output IVs
    - NFSv2: Fix a typo in encode_sattr()
    - NFSv4.x: Drop the slot if nfs4_delegreturn_prepare waits for layoutreturn
    - iio: imu: adis16480: assign bias value only if operation succeeded
    - mei: fix modalias documentation
    - clk: samsung: exynos5420: Preserve CPU clocks configuration during
      suspend/resume
    - pinctl: ti: iodelay: fix error checking on pinctrl_count_index_with_args
      call
    - pinctrl: lewisburg: Update pin list according to v1.1v6
    - scsi: sd: enable compat ioctls for sed-opal
    - arm64: dts: apq8096-db820c: Increase load on l21 for SDCARD
    - af_unix: add compat_ioctl support
    - compat_ioctl: handle SIOCOUTQNSD
    - PCI: dwc: Fix find_next_bit() usage
    - PCI/PTM: Remove spurious "d" from granularity message
    - powerpc/powernv: Disable native PCIe port management
    - tty: serial: imx: use the sg count from dma_map_sg
    - tty: serial: pch_uart: correct usage of dma_unmap_sg
    - media: ov6650: Fix incorrect use of JPEG colorspace
    - media: ov6650: Fix some format attributes not under control
    - media: ov6650: Fix .get_fmt() V4L2_SUBDEV_FORMAT_TRY support
    - media: rcar-vin: Fix incorrect return statement in rvin_try_format()
    - media: v4l: cadence: Fix how unsued lanes are handled in 'csi2rx_start()'
    - media: exynos4-is: Fix recursive locking in isp_video_release()
    - iommu/mediatek: Correct the flush_iotlb_all callback
    - mtd: spi-nor: fix silent truncation in spi_nor_read()
    - mtd: spi-nor: fix silent truncation in spi_nor_read_raw()
    - spi: atmel: fix handling of cs_change set on non-last xfer
    - rtlwifi: Remove unnecessary NULL check in rtl_regd_init
    - f2fs: fix potential overflow
    - rtc: msm6242: Fix reading of 10-hour digit
    - rtc: brcmstb-waketimer: add missed clk_disable_unprepare
    - gpio: mpc8xxx: Add platform device to gpiochip->parent
    - scsi: libcxgbi: fix NULL pointer dereference in cxgbi_device_destroy()
    - selftests: firmware: Fix it to do root uid check and skip
    - rseq/selftests: Turn off timeout setting
    - mips: cacheinfo: report shared CPU map
    - MIPS: Prevent link failure with kcov instrumentation
    - drm/arm/mali: make malidp_mw_connector_helper_funcs static
    - dmaengine: k3dma: Avoid null pointer traversal
    - ioat: ioat_alloc_ring() failure handling.
    - hexagon: parenthesize registers in asm predicates
    - hexagon: work around compiler crash
    - ocfs2: call journal flush to mark journal as empty after journal recovery
      when mount
    - phy: mapphone-mdm6600: Fix uninitialized status value regression
    - IB/hfi1: Don't cancel unused work item
    - mtd: rawnand: stm32_fmc2: avoid to lock the CPU bus
    - i2c: bcm2835: Store pointer to bus clock
    - ASoC: stm32: spdifrx: fix input pin state management
    - pinctrl: lochnagar: select GPIOLIB
    - netfilter: nft_flow_offload: fix underflow in flowtable reference counter
    - pinctrl: meson: Fix wrong shift value when get drive-strength
    - selftests: loopback.sh: skip this test if the driver does not support
    - iommu/vt-d: Unlink device if failed to add to group
    - bpf: cgroup: prevent out-of-order release of cgroup bpf
    - fs: move guard_bio_eod() after bio_set_op_attrs
    - scsi: mpt3sas: Fix double free in attach error handling
    - PCI: amlogic: Fix probed clock names
    - drm/tegra: Fix ordering of cleanup code
    - hsr: add hsr root debugfs directory
    - hsr: rename debugfs file when interface name is changed
    - s390/qeth: fix qdio teardown after early init error
    - s390/qeth: vnicc Fix init to default
    - s390/qeth: fix initialization on old HW
    - scsi: smartpqi: Update attribute name to `driver_version`
    - MAINTAINERS: Append missed file to the database
    - dt-bindings: reset: Fix brcmstb-reset example
    - reset: brcmstb: Remove resource checks
    - perf vendor events s390: Remove name from L1D_RO_EXCL_WRITES description
    - syscalls/x86: Wire up COMPAT_SYSCALL_DEFINE0
    - syscalls/x86: Use COMPAT_SYSCALL_DEFINE0 for IA32 (rt_)sigreturn
    - syscalls/x86: Use the correct function type for sys_ni_syscall
    - syscalls/x86: Fix function types in COND_SYSCALL
    - hsr: fix slab-out-of-bounds Read in hsr_debugfs_rename()
    - netfilter: nf_tables_offload: release flow_rule on error from commit path
    - ASoC: dt-bindings: mt8183: add missing update
    - ASoC: simple_card_utils.h: Add missing include
    - ASoC: rsnd: fix DALIGN register for SSIU
    - RDMA/hns: remove a redundant le16_to_cpu
    - RDMA/hns: Modify return value of restrack functions
    - RDMA/counter: Prevent QP counter manual binding in auto mode
    - RDMA/siw: Fix port number endianness in a debug message
    - RDMA/hns: Fix build error again
    - [Config] updateconfigs for INFINIBAND_HNS
    - RDMA/hns: Release qp resources when failed to destroy qp
    - xprtrdma: Add unique trace points for posting Local Invalidate WRs
    - xprtrdma: Connection becomes unstable after a reconnect
    - xprtrdma: Close window between waking RPC senders and posting Receives
    - RDMA/hns: Fix to support 64K page for srq
    - RDMA/hns: Bugfix for qpc/cqc timer configuration
    - rdma: Remove nes ABI header
    - uaccess: Add non-pagefault user-space write function
    - bpf: Make use of probe_user_write in probe write helper
    - bpf: skmsg, fix potential psock NULL pointer dereference
    - afs: Fix use-after-loss-of-ref
    - afs: Fix afs_lookup() to not clobber the version on a new dentry
    - keys: Fix request_key() cache
    - platform/mellanox: fix potential deadlock in the tmfifo driver
    - asm-generic/nds32: don't redefine cacheflush primitives
    - Documentation/ABI: Fix documentation inconsistency for mlxreg-io sysfs
      interfaces
    - Documentation/ABI: Add missed attribute for mlxreg-io sysfs interfaces
    - xprtrdma: Fix create_qp crash on device unload
    - dm: add dm-clone to the documentation index
    - scsi: ufs: Give an unique ID to each ufs-bsg
    - crypto: hisilicon - select NEED_SG_DMA_LENGTH in qm Kconfig
    - crypto: algif_skcipher - Use chunksize instead of blocksize
    - crypto: geode-aes - convert to skcipher API and make thread-safe
    - nfsd: v4 support requires CRYPTO_SHA256
    - NFSv4.x: Handle bad/dead sessions correctly in nfs41_sequence_process()
    - clk: meson: axg-audio: fix regmap last register
    - clk: Fix memory leak in clk_unregister()
    - clk: imx: pll14xx: Fix quick switch of S/K parameter
    - affs: fix a memory leak in affs_remount
    - pinctrl: sh-pfc: Fix PINMUX_IPSR_PHYS() to set GPSR
    - pinctrl: sh-pfc: Do not use platform_get_irq() to count interrupts
    - PCI: aardvark: Use LTSSM state to build link training flag
    - PCI: aardvark: Fix PCI_EXP_RTCTL register configuration
    - PCI: Fix missing bridge dma_ranges resource list cleanup
    - PCI/PM: Clear PCIe PME Status even for legacy power management
    - tools: PCI: Fix fd leakage
    - MIPS: PCI: remember nasid changed by set interrupt affinity
    - MIPS: Loongson: Fix return value of loongson_hwmon_init
    - MIPS: SGI-IP27: Fix crash, when CPUs are disabled via nr_cpus parameter
    - media: ov6650: Fix default format not applied on device probe
    - media: coda: fix deadlock between decoder picture run and start command
    - media: cedrus: Use correct H264 8x8 scaling list
    - media: aspeed-video: Fix memory leaks in aspeed_video_probe
    - ubifs: Fixed missed le64_to_cpu() in journal
    - ubifs: do_kill_orphans: Fix a memory leak bug
    - spi: sprd: Fix the incorrect SPI register
    - spi: pxa2xx: Set controller->max_transfer_size in dma mode
    - spi: lpspi: fix memory leak in fsl_lpspi_probe
    - iwlwifi: mvm: consider ieee80211 station max amsdu value
    - sch_cake: Add missing NLA policy entry TCA_CAKE_SPLIT_GSO
    - NFSD fixing possible null pointer derefering in copy offload
    - rtc: bd70528: Add MODULE ALIAS to autoload module
    - scsi: target/iblock: Fix protection error with blocks greater than 512B
    - riscv: export flush_icache_all to modules
    - rxrpc: Unlock new call in rxrpc_new_incoming_call() rather than the caller
    - rxrpc: Don't take call->user_mutex in rxrpc_new_incoming_call()
    - rxrpc: Fix missing security check on incoming calls
    - s390/qeth: lock the card while changing its hsuid
    - drm/amdgpu: enable gfxoff for raven1 refresh
    - media: intel-ipu3: Align struct ipu3_uapi_awb_fr_config_s to 32 bytes
    - kbuild/deb-pkg: annotate libelf-dev dependency as :native

  * Eoan update: upstream stable patchset 2020-02-04 (LP: #1861929)
    - USB: dummy-hcd: use usb_urb_dir_in instead of usb_pipein
    - USB: dummy-hcd: increase max number of devices to 32
    - bpf: Fix passing modified ctx to ld/abs/ind instruction
    - regulator: fix use after free issue
    - ASoC: max98090: fix possible race conditions
    - locking/spinlock/debug: Fix various data races
    - netfilter: ctnetlink: netns exit must wait for callbacks
    - libtraceevent: Fix lib installation with O=
    - x86/efi: Update e820 with reserved EFI boot services data to fix kexec
      breakage
    - ASoC: Intel: bytcr_rt5640: Update quirk for Teclast X89
    - efi/gop: Return EFI_NOT_FOUND if there are no usable GOPs
    - efi/gop: Return EFI_SUCCESS if a usable GOP was found
    - efi/gop: Fix memory leak in __gop_query32/64()
    - ARM: dts: imx6ul: imx6ul-14x14-evk.dtsi: Fix SPI NOR probing
    - ARM: vexpress: Set-up shared OPP table instead of individual for each CPU
    - netfilter: uapi: Avoid undefined left-shift in xt_sctp.h
    - netfilter: nft_set_rbtree: bogus lookup/get on consecutive elements in named
      sets
    - netfilter: nf_tables: validate NFT_SET_ELEM_INTERVAL_END
    - netfilter: nf_tables: validate NFT_DATA_VALUE after nft_data_init()
    - ARM: dts: BCM5301X: Fix MDIO node address/size cells
    - selftests/ftrace: Fix multiple kprobe testcase
    - ARM: dts: Cygnus: Fix MDIO node address/size cells
    - spi: spi-cavium-thunderx: Add missing pci_release_regions()
    - ASoC: topology: Check return value for soc_tplg_pcm_create()
    - ARM: dts: bcm283x: Fix critical trip point
    - bpf, mips: Limit to 33 tail calls
    - spi: spi-ti-qspi: Fix a bug when accessing non default CS
    - ARM: dts: am437x-gp/epos-evm: fix panel compatible
    - samples: bpf: Replace symbol compare of trace_event
    - samples: bpf: fix syscall_tp due to unused syscall
    - powerpc: Ensure that swiotlb buffer is allocated from low memory
    - btrfs: Fix error messages in qgroup_rescan_init
    - bpf: Clear skb->tstamp in bpf_redirect when necessary
    - bnx2x: Do not handle requests from VFs after parity
    - bnx2x: Fix logic to get total no. of PFs per engine
    - cxgb4: Fix kernel panic while accessing sge_info
    - net: usb: lan78xx: Fix error message format specifier
    - parisc: add missing __init annotation
    - rfkill: Fix incorrect check to avoid NULL pointer dereference
    - ASoC: wm8962: fix lambda value
    - regulator: rn5t618: fix module aliases
    - iommu/iova: Init the struct iova to fix the possible memleak
    - kconfig: don't crash on NULL expressions in expr_eq()
    - perf/x86/intel: Fix PT PMI handling
    - fs: avoid softlockups in s_inodes iterators
    - net: stmmac: Do not accept invalid MTU values
    - net: stmmac: xgmac: Clear previous RX buffer size
    - net: stmmac: RX buffer size must be 16 byte aligned
    - net: stmmac: Always arm TX Timer at end of transmission start
    - s390/purgatory: do not build purgatory with kcov, kasan and friends
    - drm/exynos: gsc: add missed component_del
    - s390/dasd/cio: Interpret ccw_device_get_mdc return value correctly
    - s390/dasd: fix memleak in path handling error case
    - block: fix memleak when __blk_rq_map_user_iov() is failed
    - parisc: Fix compiler warnings in debug_core.c
    - llc2: Fix return statement of llc_stat_ev_rx_null_dsap_xid_c (and _test_c)
    - hv_netvsc: Fix unwanted rx_table reset
    - powerpc/vcpu: Assume dedicated processors as non-preempt
    - powerpc/spinlocks: Include correct header for static key
    - gtp: fix bad unlock balance in gtp_encap_enable_socket
    - macvlan: do not assume mac_header is set in macvlan_broadcast()
    - net: dsa: mv88e6xxx: Preserve priority when setting CPU port.
    - net: stmmac: dwmac-sun8i: Allow all RGMII modes
    - net: stmmac: dwmac-sunxi: Allow all RGMII modes
    - net: usb: lan78xx: fix possible skb leak
    - pkt_sched: fq: do not accept silly TCA_FQ_QUANTUM
    - sch_cake: avoid possible divide by zero in cake_enqueue()
    - sctp: free cmd->obj.chunk for the unprocessed SCTP_CMD_REPLY
    - tcp: fix "old stuff" D-SACK causing SACK to be treated as D-SACK
    - vxlan: fix tos value before xmit
    - vlan: fix memory leak in vlan_dev_set_egress_priority
    - vlan: vlan_changelink() should propagate errors
    - mlxsw: spectrum_qdisc: Ignore grafting of invisible FIFO
    - net: sch_prio: When ungrafting, replace with FIFO
    - usb: dwc3: gadget: Fix request complete check
    - USB: core: fix check for duplicate endpoints
    - USB: serial: option: add Telit ME910G1 0x110a composition
    - usb: missing parentheses in USE_NEW_SCHEME
    - powerpc/pmem: Fix kernel crash due to wrong range value usage in
      flush_dcache_range
    - ASoC: rt5682: fix i2c arbitration lost issue
    - spi: pxa2xx: Add support for Intel Jasper Lake
    - spi: fsl: Fix GPIO descriptor support
    - libtraceevent: Copy pkg-config file to output folder when using O=
    - regulator: core: fix regulator_register() error paths to properly release
      rdev
    - selftests: netfilter: use randomized netns names
    - efi/earlycon: Remap entire framebuffer after page initialization
    - netfilter: nf_tables_offload: return EOPNOTSUPP if rule specifies no actions
    - selftests/ftrace: Fix to check the existence of set_ftrace_filter
    - selftests/ftrace: Fix ftrace test cases to check unsupported
    - selftests/ftrace: Do not to use absolute debugfs path
    - selftests: safesetid: Move link library to LDLIBS
    - selftests: safesetid: Check the return value of setuid/setgid
    - selftests: safesetid: Fix Makefile to set correct test program
    - ARM: exynos_defconfig: Restore debugfs support
    - reset: Do not register resource data for missing resets
    - ASoC: topology: Check return value for snd_soc_add_dai_link()
    - ASoC: SOF: loader: snd_sof_fw_parse_ext_data log warning on unknown header
    - ASoC: SOF: Intel: split cht and byt debug window sizes
    - ARM: dts: am335x-sancloud-bbe: fix phy mode
    - ARM: omap2plus_defconfig: Add back DEBUG_FS
    - bpf, riscv: Limit to 33 tail calls
    - bpftool: Don't crash on missing jited insns or ksyms
    - kselftest/runner: Print new line in print of timeout log
    - kselftest: Support old perl versions
    - arm64: dts: ls1028a: fix reboot node
    - ARM: imx_v6_v7_defconfig: Explicitly restore CONFIG_DEBUG_FS
    - bus: ti-sysc: Fix missing reset delay handling
    - clk: walk orphan list on clock provider registration
    - mac80211: fix TID field in monitor mode transmit
    - cfg80211: fix double-free after changing network namespace
    - btrfs: handle error in btrfs_cache_block_group
    - ocxl: Fix potential memory leak on context creation
    - habanalabs: rate limit error msg on waiting for CS
    - habanalabs: remove variable 'val' set but not used
    - spi: nxp-fspi: Ensure width is respected in spi-mem operations
    - clk: at91: fix possible deadlock
    - staging: axis-fifo: add unspecified HAS_IOMEM dependency
    - scripts: package: mkdebian: add missing rsync dependency
    - perf/x86: Fix potential out-of-bounds access
    - sched/psi: Fix sampling error and rare div0 crashes with cgroups and high
      uptime
    - psi: Fix a division error in psi poll()
    - usb: typec: fusb302: Fix an undefined reference to 'extcon_get_state'
    - block: end bio with BLK_STS_AGAIN in case of non-mq devs and REQ_NOWAIT
    - fs: call fsnotify_sb_delete after evict_inodes
    - perf/smmuv3: Remove the leftover put_cpu() in error path
    - iommu/dma: Relax locking in iommu_dma_prepare_msi()
    - clk: Move clk_core_reparent_orphans() under CONFIG_OF
    - net: stmmac: Determine earlier the size of RX buffer
    - net/mlx5e: Fix concurrency issues between config flow and XSK
    - net/i40e: Fix concurrency issues between config flow and XSK
    - net/ixgbe: Fix concurrency issues between config flow and XSK
    - arm64: cpu_errata: Add Hisilicon TSV110 to spectre-v2 safe list
    - block: Fix a lockdep complaint triggered by request queue flushing
    - sbitmap: only queue kyber's wait callback if not already active
    - s390/qeth: handle error due to unsupported transport mode
    - s390/qeth: fix promiscuous mode after reset
    - s390/qeth: don't return -ENOTSUPP to userspace
    - selftests: pmtu: fix init mtu value in description
    - net: freescale: fec: Fix ethtool -d runtime PM
    - net: stmmac: Fixed link does not need MDIO Bus
    - macb: Don't unregister clks unconditionally
    - net/mlx5: Move devlink registration before interfaces load
    - net/mlx5e: Fix hairpin RSS table size

  * Eoan update: upstream stable patchset 2020-02-03 (LP: #1861710)
    - nvme_fc: add module to ops template to allow module references
    - nvme-fc: fix double-free scenarios on hw queues
    - drm/amdgpu: add check before enabling/disabling broadcast mode
    - drm/amdgpu: add cache flush workaround to gfx8 emit_fence
    - drm/amd/display: Fixed kernel panic when booting with DP-to-HDMI dongle
    - iio: adc: max9611: Fix too short conversion time delay
    - PM / devfreq: Fix devfreq_notifier_call returning errno
    - PM / devfreq: Set scaling_max_freq to max on OPP notifier error
    - PM / devfreq: Don't fail devfreq_dev_release if not in list
    - afs: Fix afs_find_server lookups for ipv4 peers
    - afs: Fix SELinux setting security label on /afs
    - RDMA/cma: add missed unregister_pernet_subsys in init failure
    - rxe: correctly calculate iCRC for unaligned payloads
    - scsi: lpfc: Fix memory leak on lpfc_bsg_write_ebuf_set func
    - scsi: qla2xxx: Drop superfluous INIT_WORK of del_work
    - scsi: qla2xxx: Don't call qlt_async_event twice
    - scsi: qla2xxx: Fix PLOGI payload and ELS IOCB dump length
    - scsi: qla2xxx: Configure local loop for N2N target
    - scsi: qla2xxx: Send Notify ACK after N2N PLOGI
    - scsi: qla2xxx: Ignore PORT UPDATE after N2N PLOGI
    - scsi: iscsi: qla4xxx: fix double free in probe
    - drm/nouveau: Move the declaration of struct nouveau_conn_atom up a bit
    - usb: gadget: fix wrong endpoint desc
    - net: make socket read/write_iter() honor IOCB_NOWAIT
    - afs: Fix creation calls in the dynamic root to fail with EOPNOTSUPP
    - md: raid1: check rdev before reference in raid1_sync_request func
    - s390/cpum_sf: Adjust sampling interval to avoid hitting sample limits
    - s390/cpum_sf: Avoid SBD overflow condition in irq handler
    - IB/mlx4: Follow mirror sequence of device add during device removal
    - IB/mlx5: Fix steering rule of drop and count
    - xen-blkback: prevent premature module unload
    - xen/balloon: fix ballooned page accounting without hotplug enabled
    - ALSA: hda/realtek - Add Bass Speaker and fixed dac for bass speaker
    - ALSA: hda/realtek - Enable the bass speaker of ASUS UX431FLC
    - ALSA: hda - fixup for the bass speaker on Lenovo Carbon X1 7th gen
    - taskstats: fix data-race
    - netfilter: nft_tproxy: Fix port selector on Big Endian
    - ALSA: ice1724: Fix sleep-in-atomic in Infrasonic Quartet support code
    - ALSA: usb-audio: fix set_format altsetting sanity check
    - ALSA: hda/realtek - Add headset Mic no shutup for ALC283
    - drm/sun4i: hdmi: Remove duplicate cleanup calls
    - MIPS: Avoid VDSO ABI breakage due to global register variable
    - media: pulse8-cec: fix lost cec_transmit_attempt_done() call
    - media: cec: CEC 2.0-only bcast messages were ignored
    - media: cec: avoid decrementing transmit_queue_sz if it is 0
    - media: cec: check 'transmit_in_progress', not 'transmitting'
    - mm/zsmalloc.c: fix the migrated zspage statistics.
    - memcg: account security cred as well to kmemcg
    - mm: move_pages: return valid node id in status if the page is already on the
      target node
    - pstore/ram: Write new dumps to start of recycled zones
    - locks: print unsigned ino in /proc/locks
    - dmaengine: Fix access to uninitialized dma_slave_caps
    - compat_ioctl: block: handle Persistent Reservations
    - compat_ioctl: block: handle BLKREPORTZONE/BLKRESETZONE
    - ata: libahci_platform: Export again ahci_platform_<en/dis>able_phys()
    - ata: ahci_brcm: Fix AHCI resources management
    - ata: ahci_brcm: Add missing clock management during recovery
    - ata: ahci_brcm: BCM7425 AHCI requires AHCI_HFLAG_DELAY_ENGINE
    - libata: Fix retrieving of active qcs
    - gpiolib: fix up emulated open drain outputs
    - riscv: ftrace: correct the condition logic in function graph tracer
    - rseq/selftests: Fix: Namespace gettid() for compatibility with glibc 2.30
    - tracing: Fix lock inversion in trace_event_enable_tgid_record()
    - tracing: Avoid memory leak in process_system_preds()
    - tracing: Have the histogram compare functions convert to u64 first
    - tracing: Fix endianness bug in histogram trigger
    - apparmor: fix aa_xattrs_match() may sleep while holding a RCU lock
    - ALSA: cs4236: fix error return comparison of an unsigned integer
    - ALSA: firewire-motu: Correct a typo in the clock proc string
    - exit: panic before exit_mm() on global init exit
    - ftrace: Avoid potential division by zero in function profiler
    - drm/msm: include linux/sched/task.h
    - PM / devfreq: Check NULL governor in available_governors_show
    - nfsd4: fix up replay_matches_cache()
    - HID: i2c-hid: Reset ALPS touchpads on resume
    - ACPI: sysfs: Change ACPI_MASKABLE_GPE_MAX to 0x100
    - xfs: don't check for AG deadlock for realtime files in bunmapi
    - platform/x86: pmc_atom: Add Siemens CONNECT X300 to critclk_systems DMI
      table
    - Bluetooth: btusb: fix PM leak in error case of setup
    - Bluetooth: delete a stray unlock
    - Bluetooth: Fix memory leak in hci_connect_le_scan
    - media: flexcop-usb: ensure -EIO is returned on error condition
    - regulator: ab8500: Remove AB8505 USB regulator
    - media: usb: fix memory leak in af9005_identify_state
    - dt-bindings: clock: renesas: rcar-usb2-clock-sel: Fix typo in example
    - arm64: dts: meson: odroid-c2: Disable usb_otg bus to avoid power failed
      warning
    - tty: serial: msm_serial: Fix lockup for sysrq and oops
    - fix compat handling of FICLONERANGE, FIDEDUPERANGE and FS_IOC_FIEMAP
    - bdev: Factor out bdev revalidation into a common helper
    - bdev: Refresh bdev size for disks without partitioning
    - KVM: PPC: Book3S HV: use smp_mb() when setting/clearing host_ipi flag
    - tcp: annotate tp->rcv_nxt lockless reads
    - net: core: limit nested device depth
    - ath9k_htc: Modify byte order for an error message
    - ath9k_htc: Discard undersized packets
    - xfs: periodically yield scrub threads to the scheduler
    - net: add annotations on hh->hh_len lockless accesses
    - ubifs: ubifs_tnc_start_commit: Fix OOB in layout_in_gaps
    - s390/smp: fix physical to logical CPU map for SMT
    - xen/blkback: Avoid unmapping unmapped grant pages
    - perf/x86/intel/bts: Fix the use of page_private()
    - drm/mcde: dsi: Fix invalid pointer dereference if panel cannot be found
    - drm/amd/display: Map DSC resources 1-to-1 if numbers of OPPs and DSCs are
      equal
    - drm/amd/display: Change the delay time before enabling FEC
    - drm/amd/display: Reset steer fifo before unblanking the stream
    - nvme/pci: Fix write and poll queue types
    - nvme/pci: Fix read queue count
    - iio: st_accel: Fix unused variable warning
    - scsi: qla2xxx: Use explicit LOGO in target mode
    - scsi: qla2xxx: Don't defer relogin unconditonally
    - scsi: iscsi: Avoid potential deadlock in iscsi_if_rx func
    - staging/wlan-ng: add CRC32 dependency in Kconfig
    - drm/nouveau: Fix drm-core using atomic code-paths on pre-nv50 hardware
    - drm/nouveau/kms/nv50-: fix panel scaling
    - afs: Fix mountpoint parsing
    - RDMA/counter: Prevent auto-binding a QP which are not tracked with res
    - tcp: fix data-race in tcp_recvmsg()
    - shmem: pin the file in shmem_fault() if mmap_sem is dropped
    - block: add bio_truncate to fix guard_bio_eod
    - mm: drop mmap_sem before calling balance_dirty_pages() in write fault
    - ALSA: hda - Apply sync-write workaround to old Intel platforms, too
    - MIPS: BPF: Disable MIPS32 eBPF JIT
    - MIPS: BPF: eBPF JIT: check for MIPS ISA compliance in Kconfig
    - mm/memory_hotplug: shrink zones when offlining memory
    - pstore/ram: Fix error-path memory leak in persistent_ram_new() callers
    - gcc-plugins: make it possible to disable CONFIG_GCC_PLUGINS again
    - selftests/seccomp: Zero out seccomp_notif
    - samples/seccomp: Zero out members based on seccomp_notif_sizes
    - selftests/seccomp: Catch garbage on SECCOMP_IOCTL_NOTIF_RECV
    - dmaengine: dma-jz4780: Also break descriptor chains on JZ4725B
    - Btrfs: fix infinite loop during nocow writeback due to race
    - compat_ioctl: block: handle BLKGETZONESZ/BLKGETNRZONES
    - bpf: Fix precision tracking for unbounded scalars
    - gpio: xtensa: fix driver build
    - clocksource: riscv: add notrace to riscv_sched_clock
    - samples/trace_printk: Wait for IRQ work to finish
    - io_uring: use current task creds instead of allocating a new one
    - mm/gup: fix memory leak in __gup_benchmark_ioctl
    - dmaengine: virt-dma: Fix access after free in vchan_complete()
    - gen_initramfs_list.sh: fix 'bad variable name' error
    - ALSA: pcm: Yet another missing check of non-cached buffer type
    - spi: spi-fsl-dspi: Fix 16-bit word order in 32-bit XSPI mode
    - sunrpc: fix crash when cache_head become valid before update
    - arm64: dts: qcom: msm8998-clamshell: Remove retention idle state
    - powerpc: Chunk calls to flush_dcache_range in arch_*_memory
    - net/sched: annotate lockless accesses to qdisc->empty
    - kernel/module.c: wakeup processes in module_wq on module unload
    - perf callchain: Fix segfault in thread__resolve_callchain_sample()
    - iommu/vt-d: Remove incorrect PSI capability check
    - of: overlay: add_changeset_property() memory leak
    - cifs: Fix potential softlockups while refreshing DFS cache
    - firmware: arm_scmi: Avoid double free in error flow
    - watchdog: tqmx86_wdt: Fix build error
    - regulator: axp20x: Fix axp20x_set_ramp_delay
    - regulator: bd70528: Remove .set_ramp_delay for bd70528_ldo_ops
    - regulator: axp20x: Fix AXP22x ELDO2 regulator enable bitmask
    - powerpc/mm: Mark get_slice_psize() & slice_addr_is_low() as notrace
    - arm64: dts: meson-gxl-s905x-khadas-vim: fix uart_A bluetooth node
    - arm64: dts: meson-gxm-khadas-vim2: fix uart_A bluetooth node
    - cifs: Fix lookup of root ses in DFS referral cache
    - fs: cifs: Fix atime update check vs mtime
    - Btrfs: only associate the locked page with one async_chunk struct
    - mm/sparse.c: mark populate_section_memmap as __meminit
    - lib/ubsan: don't serialize UBSAN report
    - net: annotate lockless accesses to sk->sk_pacing_shift
    - hsr: avoid debugfs warning message when module is remove
    - hsr: fix error handling routine in hsr_dev_finalize()
    - hsr: fix a race condition in node list insertion and deletion
    - mm/hugetlb: defer freeing of huge pages if in non-task context

  * Support Headset Mic on HP cPC (LP: #1862313)
    - ALSA: hda/realtek - Add Headset Mic supported for HP cPC
    - ALSA: hda/realtek - Fixed one of HP ALC671 platform Headset Mic supported

  * test_sysctl in bpf from ubuntu_kernel_selftests make net test fails to build
    on eoan (LP: #1862263)
    - bpf: fix accessing bpf_sysctl.file_pos on s390

  * shiftfs: prevent lower dentries from going negative during unlink
    (LP: #1860041)
    - SAUCE: shiftfs: prevent lower dentries from going negative during unlink

  * Sometimes can't adjust brightness on Dell AIO (LP: #1862885)
    - SAUCE: platform/x86: dell-uart-backlight: increase retry times

  * Prevent arm64 guest from accessing host debug registers (LP: #1860657)
    - KVM: arm64: Write arch.mdcr_el2 changes since last vcpu_load on VHE

  * pty03 from pty in ubuntu_ltp failed on Eoan (LP: #1862114)
    - can, slip: Protect tty->disc_data in write_wakeup and close with RCU

 -- Khalid Elmously <khalid.elmously@xxxxxxxxxxxxx>  Fri, 28 Feb 2020
00:35:03 -0500

** Changed in: linux (Ubuntu Eoan)
       Status: Fix Committed => Fix Released

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2019-3016

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2020-2732

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1861238

Title:
  Root can lift kernel lockdown via USB/IP

Status in linux package in Ubuntu:
  In Progress
Status in linux-oem package in Ubuntu:
  New
Status in linux source package in Xenial:
  Invalid
Status in linux source package in Bionic:
  Fix Committed
Status in linux-oem source package in Bionic:
  Fix Committed
Status in linux source package in Disco:
  Fix Committed
Status in linux source package in Eoan:
  Fix Released
Status in linux source package in Focal:
  In Progress

Bug description:
  [Impact]

  It's possible to turn off kernel lockdown by emulating a USB keyboard
  via USB/IP and sending an Alt+SysRq+X key combination through it.

  Ubuntu's kernels have USB/IP enabled (CONFIG_USBIP_VHCI_HCD=m and
  CONFIG_USBIP_CORE=m) with signed usbip_core and vhci_hcd modules
  provided in the linux-extra-modules-* package.

  See the PoC here: https://github.com/xairy/unlockdown#method-1-usbip

  [Test Case]

  $ git clone https://github.com/xairy/unlockdown.git
  $ cd unlockdown/01-usbip/
  $ sudo ./run.sh
  $ dmesg

  # Ensure there are no log entries talking about lifting lockdown:
  sysrq: SysRq : Disabling Secure Boot restrictions
  Lifting lockdown

  # You should see a SysRq help log entry because the Alt+SysRq+X
  # combination should be disabled
  sysrq: SysRq : HELP : loglevel(0-9) reboot(b) crash(c) terminate-all-tasks(e) memory-full-oom-kill(f) kill-all-tasks(i) thaw-filesystems(j) sak(k) show-backtrace-all-active-cpus(l) show-memory-usage(m) nice-all-RT-tasks(n) poweroff(o) show-registers(p) show-all-timers(q) unraw(r) sync(s) show-task-states(t) unmount(u) force-fb(V) show-blocked-tasks(w) dump-ftrace-buffer(z)

  [Regression Potential]

  Some users may see a usability regression due to the Lockdown lift
  sysrq combination being removed. Some users are known to disable
  lockdown, using the sysrq combination, in order to perform some
  "dangerous" operation such as writing to an MSR. It is believed that
  this is a small number of users but it is impossible to know for sure.

  Users that rely on this functionality may need to permanently disable
  secure boot using 'mokutil --disable-validation'.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1861238/+subscriptions