Project

General

Profile

Bug #16552

Upgrade to Linux 4.19.28

Added by intrigeri 7 months ago. Updated 7 months ago.

Status:
Resolved
Priority:
Elevated
Assignee:
-
Category:
-
Target version:
Start date:
03/13/2019
Due date:
% Done:

100%

Feature Branch:
bugfix/16552-linux-4.19.28+force-all-tests
Type of work:
Code
Blueprint:
Starter:
Affected tool:

Description

linux (4.19.28-1) unstable; urgency=medium

  * New upstream stable update:
    https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.21
    - devres: Align data[] to ARCH_KMALLOC_MINALIGN
    - drm/bufs: Fix Spectre v1 vulnerability
    - drm/vgem: Fix vgem_init to get drm device available.
    - [arm*] pinctrl: bcm2835: Use raw spinlock for RT compatibility
    - [x86] ASoC: Intel: mrfld: fix uninitialized variable access
    - gpiolib: Fix possible use after free on label
    - [armhf] drm/sun4i: Initialize registers in tcon-top driver
    - genirq/affinity: Spread IRQs to all available NUMA nodes
    - [armhf] gpu: ipu-v3: image-convert: Prevent race between run and
      unprepare
    - wil6210: fix reset flow for Talyn-mb
    - wil6210: fix memory leak in wil_find_tx_bcast_2
    - ath10k: assign 'n_cipher_suites' for WCN3990
    - ath9k: dynack: use authentication messages for 'late' ack
    - scsi: lpfc: Correct LCB RJT handling
    - scsi: mpt3sas: Call sas_remove_host before removing the target devices
    - scsi: lpfc: Fix LOGO/PLOGI handling when triggerd by ABTS Timeout event
    - [armhf] 8808/1: kexec:offline panic_smp_self_stop CPU
    - [mips] clk: boston: fix possible memory leak in clk_boston_setup()
    - dlm: Don't swamp the CPU with callbacks queued during recovery
    - [x86] PCI: Fix Broadcom CNB20LE unintended sign extension (redux)
    - [powerpc] pseries: add of_node_put() in dlpar_detach_node()
    - [arm*] drm/vc4: ->x_scaling[1] should never be set to VC4_SCALING_NONE
    - ptp: check gettime64 return code in PTP_SYS_OFFSET ioctl
    - [mips] Boston: Disable EG20T prefetch
    - iwlwifi: fw: do not set sgi bits for HE connection
    - fpga: altera-cvp: Fix registration for CvP incapable devices
    - [x86] fpga: altera-cvp: fix 'bad IO access' on x86_64
    - [x86] vbox: fix link error with 'gcc -Og'
    - platform/chrome: don't report EC_MKBP_EVENT_SENSOR_FIFO as wakeup
    - i40e: prevent overlapping tx_timeout recover
    - scsi: hisi_sas: change the time of SAS SSP connection
    - usbnet: smsc95xx: fix rx packet alignment
    - [armhf,arm64] drm/rockchip: fix for mailbox read size
    - [arm*] OMAP2+: hwmod: Fix some section annotations
    - drm/amd/display: fix gamma not being applied correctly
    - drm/amd/display: calculate stream->phy_pix_clk before clock mapping
    - bpf: libbpf: retry map creation without the name
    - net/mlx5: EQ, Use the right place to store/read IRQ affinity hint
    - modpost: validate symbol names also in find_elf_symbol
    - perf tools: Add Hygon Dhyana support
    - [armhf] soc/tegra: Don't leak device tree node reference
    - media: rc: ensure close() is called on rc_unregister_device
    - media: video-i2c: avoid accessing released memory area when removing
      driver
    - [armhf] media: mtk-vcodec: Release device nodes in
      mtk_vcodec_init_enc_pm()
    - ptp: Fix pass zero to ERR_PTR() in ptp_clock_register
    - dmaengine: xilinx_dma: Remove __aligned attribute on zynqmp_dma_desc_ll
    - [powerpc] 32: Add .data..Lubsan_data*/.data..Lubsan_type* sections
      explicitly
    - media: adv*/tc358743/ths8200: fill in min width/height/pixelclock
    - ACPI: SPCR: Consider baud rate 0 as preconfigured state
    - f2fs: move dir data flush to write checkpoint process
    - f2fs: fix race between write_checkpoint and write_begin
    - f2fs: fix wrong return value of f2fs_acl_create
    - [arm64] io: Ensure calls to delay routines are ordered against prior
      readX()
    - net: aquantia: return 'err' if set MPI_DEINIT state fails
    - [sparc*] sunvdc: Do not spin in an infinite loop when vio_ldc_send()
      returns EAGAIN
    - nfsd4: fix crash on writing v4_end_grace before nfsd startup
    - drm: Clear state->acquire_ctx before leaving
      drm_atomic_helper_commit_duplicated_state()
    - [arm64] io: Ensure value passed to __iormb() is held in a 64-bit register
    - Thermal: do not clear passive state during system sleep
    - thermal: Fix locking in cooling device sysfs update cur_state
    - firmware/efi: Add NULL pointer checks in efivars API functions
    - [s390] zcrypt: improve special ap message cmd handling
    - [arm64] ftrace: don't adjust the LR value
    - [x86] fpu: Add might_fault() to user_insn()
    - usb: dwc3: Correct the logic for checking TRB full in
      __dwc3_prepare_one_trb()
    - usb: dwc2: Disable power down feature on Samsung SoCs
    - usb: hub: delay hub autosuspend if USB3 port is still link training
    - timekeeping: Use proper seqcount initializer
    - usb: mtu3: fix the issue about SetFeature(U1/U2_Enable)
    - [armhf] clk: sunxi-ng: a33: Set CLK_SET_RATE_PARENT for all audio module
      clocks
    - media: imx274: select REGMAP_I2C
    - drm/amdgpu/powerplay: fix clock stretcher limits on polaris (v2)
    - tipc: fix node keep alive interval calculation
    - driver core: Move async_synchronize_full call
    - kobject: return error code if writing /sys/.../uevent fails
    - IB/hfi1: Unreserve a reserved request when it is completed
    - usb: dwc3: trace: add missing break statement to make compiler happy
    - [mips] gpio: mt7621: report failure of devm_kasprintf()
    - [mips] gpio: mt7621: pass mediatek_gpio_bank_probe() failure up the stack
    - [x86] iommu/amd: Fix amd_iommu=force_isolation
    - [armhf] dts: Fix OMAP4430 SDP Ethernet startup
    - [mips] bpf: fix encoding bug for mm_srlv32_op
    - media: coda: fix H.264 deblocking filter controls
    - [armel] dts: Fix up the D-Link DIR-685 MTD partition info
    - watchdog: renesas_wdt: don't set divider while watchdog is running
    - [armhf] dts: imx51-zii-rdu1: Do not specify "power-gpio" for hpa1
    - usb: dwc3: gadget: Disable CSP for stream OUT ep
    - [arm64] iommu/arm-smmu-v3: Avoid memory corruption from Hisilicon MSI
      payloads
    - [arm64] iommu/arm-smmu: Add support for qcom,smmu-v2 variant
    - [arm64] iommu/arm-smmu-v3: Use explicit mb() when moving cons pointer
    - [armhf] clk: imx6sl: ensure MMDC CH0 handshake is bypassed
    - OPP: Use opp_table->regulators to verify no regulator case
    - [arm64] tee: optee: avoid possible double list_del()
    - [arm64] drm/msm/dsi: fix dsi clock names in DSI 10nm PLL driver
    - [arm64] drm/msm: dpu: Only check flush register against pending flushes
    - lightnvm: pblk: fix resubmission of overwritten write err lbas
    - lightnvm: pblk: add lock protection to list operations
    - i2c-axxia: check for error conditions first
    - [armhf] phy: sun4i-usb: add support for missing USB PHY index
    - udf: Fix BUG on corrupted inode
    - selftests/bpf: use __bpf_constant_htons in test_prog.c
    - [armel] pxa: avoid section mismatch warning
    - [armhf] ASoC: fsl: Fix SND_SOC_EUKREA_TLV320 build error on i.MX8M
    - [powerpc] KVM: Book3S: Only report KVM_CAP_SPAPR_TCE_VFIO on powernv
      machines
    - [arm*] mmc: bcm2835: Recover from MMC_SEND_EXT_CSD
    - [arm*] mmc: bcm2835: reset host on timeout
    - memstick: Prevent memstick host from getting runtime suspended during
      card detection
    - [arm64] mmc: sdhci-xenon: Fix timeout checks
    - btrfs: harden agaist duplicate fsid on scanned devices
    - serial: sh-sci: Fix locking in sci_submit_rx()
    - serial: sh-sci: Resume PIO in sci_rx_interrupt() on DMA failure
    - tty: serial: samsung: Properly set flags in autoCTS mode
    - perf test: Fix perf_event_attr test failure
    - perf dso: Fix unchecked usage of strncpy()
    - perf header: Fix unchecked usage of strncpy()
    - btrfs: use tagged writepage to mitigate livelock of snapshot
    - perf probe: Fix unchecked usage of strncpy()
    - i2c: sh_mobile: Add support for r8a774c0 (RZ/G2E)
    - bnxt_en: Disable MSIX before re-reserving NQs/CMPL rings.
    - [x86] tools/power/x86/intel_pstate_tracer: Fix non root execution for
      post processing a trace file
    - livepatch: check kzalloc return values
    - [arm64] KVM: Skip MMIO insn after emulation
    - usb: musb: dsps: fix otg state machine
    - usb: musb: dsps: fix runtime pm for peripheral mode
    - perf header: Fix up argument to ctime()
    - perf tools: Cast off_t to s64 to avoid warning on bionic libc
    - percpu: convert spin_lock_irq to spin_lock_irqsave.
    - [arm64] net: hns3: fix incomplete uninitialization of IRQ in the
      hns3_nic_uninit_vector_data()
    - drm/amd/display: Add retry to read ddc_clock pin
    - Bluetooth: hci_bcm: Handle deferred probing for the clock supply
    - drm/amd/display: fix YCbCr420 blank color
    - [powerpc] uaccess: fix warning/error with access_ok()
    - mac80211: fix radiotap vendor presence bitmap handling
    - xfrm6_tunnel: Fix spi check in __xfrm6_tunnel_alloc_spi
    - scsi: smartpqi: correct host serial num for ssa
    - scsi: smartpqi: correct volume status
    - scsi: smartpqi: increase fw status register read timeout
    - cw1200: Fix concurrency use-after-free bugs in cw1200_hw_scan()
    - [arm64] net: hns3: add max vector number check for pf
    - [powerpc] perf: Fix thresholding counter data for unknown type
    - iwlwifi: mvm: fix setting HE ppe FW config
    - [powerpc] powernv/ioda: Allocate indirect TCE levels of cached userspace
      addresses on demand
    - mlx5: update timecounter at least twice per counter overflow
    - drbd: narrow rcu_read_lock in drbd_sync_handshake
    - drbd: disconnect, if the wrong UUIDs are attached on a connected peer
    - drbd: skip spurious timeout (ping-timeo) when failing promote
    - drbd: Avoid Clang warning about pointless switch statment
    - drm/amd/display: validate extended dongle caps
    - md: fix raid10 hang issue caused by barrier
    - fbdev: fbmem: behave better with small rotated displays and many CPUs
    - i40e: define proper net_device::neigh_priv_len
    - ice: Do not enable NAPI on q_vectors that have no rings
    - igb: Fix an issue that PME is not enabled during runtime suspend
    - ACPI/APEI: Clear GHES block_status before panic()
    - fbdev: fbcon: Fix unregister crash when more than one framebuffer
    - [powerpc] mm: Fix reporting of kernel execute faults on the 8xx
    - [x86] KVM: svm: report MSR_IA32_MCG_EXT_CTL as unsupported
    - [powerpc] fadump: Do not allow hot-remove memory from fadump reserved
      area.
    - kvm: Change offset in kvm_write_guest_offset_cached to unsigned
    - NFS: nfs_compare_mount_options always compare auth flavors.
    - perf build: Don't unconditionally link the libbfd feature test to
      -liberty and -lz
    - hwmon: (lm80) fix a missing check of the status of SMBus read
    - hwmon: (lm80) fix a missing check of bus read in lm80 probe
    - seq_buf: Make seq_buf_puts() null-terminate the buffer
    - cifs: check ntwrk_buf_start for NULL before dereferencing it
    - f2fs: fix use-after-free issue when accessing sbi->stat_info
    - niu: fix missing checks of niu_pci_eeprom_read
    - f2fs: fix sbi->extent_list corruption issue
    - cgroup: fix parsing empty mount option string
    - perf python: Do not force closing original perf descriptor in
      evlist.get_pollfd()
    - scripts/decode_stacktrace: only strip base path when a prefix of the path
    - arch/sh/boards/mach-kfr2r09/setup.c: fix struct mtd_oob_ops build warning
    - ocfs2: don't clear bh uptodate for block read
    - ocfs2: improve ocfs2 Makefile
    - mm/page_alloc.c: don't call kasan_free_pages() at deferred mem init
    - zram: fix lockdep warning of free block handling
    - isdn: hisax: hfc_pci: Fix a possible concurrency use-after-free bug in
      HFCPCI_l1hw()
    - [m68k] block/swim3: Fix -EBUSY error when re-opening device after unmount
    - [arm*] thermal: bcm2835: enable hwmon explicitly
    - [armhf] PCI: imx: Enable MSI from downstream components
    - thermal: generic-adc: Fix adc to temp interpolation
    - [arm64] sve: ptrace: Fix SVE_PT_REGS_OFFSET definition
    - kernel/hung_task.c: break RCU locks based on jiffies
    - proc/sysctl: fix return error for proc_doulongvec_minmax()
    - kernel/hung_task.c: force console verbose before panic
    - fs/epoll: drop ovflist branch prediction
    - exec: load_script: don't blindly truncate shebang string
    - xfs: Fix xqmstats offsets in /proc/fs/xfs/xqmstat
    - xfs: cancel COW blocks before swapext
    - xfs: Fix error code in 'xfs_ioc_getbmap()'
    - xfs: fix overflow in xfs_attr3_leaf_verify
    - xfs: fix shared extent data corruption due to missing cow reservation
    - xfs: fix transient reference count error in
      xfs_buf_resubmit_failed_buffers
    - xfs: delalloc -> unwritten COW fork allocation can go wrong
    - fs/xfs: fix f_ffree value for statfs when project quota is set
    - xfs: fix PAGE_MASK usage in xfs_free_file_space
    - xfs: fix inverted return from xfs_btree_sblock_verify_crc
    - thermal: hwmon: inline helpers when CONFIG_THERMAL_HWMON is not set
    - dccp: fool proof ccid_hc_[rt]x_parse_options()
    - enic: fix checksum validation for IPv6
    - lib/test_rhashtable: Make test_insert_dup() allocate its hash table
      dynamically
    - net: dsa: Fix lockdep false positive splat
    - net: dsa: Fix NULL checking in dsa_slave_set_eee()
    - [armhf,arm64] net: dsa: mv88e6xxx: Fix counting of ATU violations
    - net: dsa: slave: Don't propagate flag changes on down slave interfaces
    - net/mlx5e: Force CHECKSUM_UNNECESSARY for short ethernet frames
    - rds: fix refcount bug in rds_sock_addref
    - Revert "net: phy: marvell: avoid pause mode on SGMII-to-Copper for
      88e151x" 
    - rxrpc: bad unlock balance in rxrpc_recvmsg
    - sctp: check and update stream->out_curr when allocating stream_out
    - sctp: walk the list of asoc safely (CVE-2019-8956)
    - skge: potential memory corruption in skge_get_regs()
    - virtio_net: Account for tx bytes and packets on sending xdp_frames
    - net/mlx5e: FPGA, fix Innova IPsec TX offload data path performance
    - xfs: eof trim writeback mapping as soon as it is cached
    - ALSA: compress: Fix stop handling on compressed capture streams
    - ALSA: usb-audio: Add support for new T+A USB DAC
    - ALSA: hda - Serialize codec registrations
    - ALSA: hda/realtek - Fix lose hp_pins for disable auto mute
    - ALSA: hda/realtek - Use a common helper for hp pin reference
    - ALSA: hda/realtek - Headset microphone support for System76 darp5
    - fuse: call pipe_buf_release() under pipe lock
    - fuse: decrement NR_WRITEBACK_TEMP on the right page
    - fuse: handle zero sized retrieve correctly
    - [arm*] dmaengine: bcm2835: Fix interrupt race on RT
    - [arm*] dmaengine: bcm2835: Fix abort of transactions
    - [armhf] dmaengine: imx-dma: fix wrong callback invoke
    - futex: Handle early deadlock return correctly
    - [arm64] irqchip/gic-v3-its: Plug allocation race for devices sharing a
      DevID
    - [armhf] usb: phy: am335x: fix race condition in _probe
    - usb: dwc3: gadget: Handle 0 xfer length for OUT EP
    - usb: gadget: udc: net2272: Fix bitwise and boolean operations
    - usb: gadget: musb: fix short isoc packets with inventra dma
    - staging: speakup: fix tty-operation NULL derefs
    - scsi: cxlflash: Prevent deadlock when adapter probe fails
    - scsi: aic94xx: fix module loading
    - cpu/hotplug: Fix "SMT disabled by BIOS" detection for KVM
    - [x86] perf/x86/intel/uncore: Add Node ID mask
    - [x86] MCE: Initialize mce.bank in the case of a fatal error in
      mce_no_way_out()
    - perf/core: Don't WARN() for impossible ring-buffer sizes
    - perf tests evsel-tp-sched: Fix bitwise operator
    - serial: fix race between flush_to_ldisc and tty_open
    - serial: 8250_pci: Make PCI class test non fatal
    - serial: sh-sci: Do not free irqs that have already been freed
    - cacheinfo: Keep the old value if of_property_read_u32 fails
    - IB/hfi1: Add limit test for RC/UC send via loopback
    - [x86] perf/x86/intel: Delay memory deallocation until x86_pmu_dead_cpu()
    - ath9k: dynack: make ewma estimation faster
    - ath9k: dynack: check da->enabled first in sampling routines
    https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.22
    - mtd: Make sure mtd->erasesize is valid even if the partition is of size 0
    - mtd: rawnand: gpmi: fix MX28 bus master lockup problem
    - libata: Add NOLPM quirk for SAMSUNG MZ7TE512HMHP-000L1 SSD
    - [armhf, arm64] iio: adc: axp288: Fix TS-pin handling
    - signal: Always notice exiting tasks
    - signal: Better detection of synchronous signals
    - [armhf, arm64] misc: vexpress: Off by one in vexpress_syscfg_exec()
    - [x86] mei: me: add ice lake point device id.
    - debugfs: fix debugfs_rename parameter checking
    - [arm64] pinctrl: sunxi: Correct number of IRQ banks on H6 main pin
      controller
    - [x86] pinctrl: cherryview: fix Strago DMI workaround
    - tracing: uprobes: Fix typo in pr_fmt string
    - [mips*] cm: reprime error cause
    - [mips*] OCTEON: don't set octeon_dma_bar_type if PCI is disabled
    - [mips*] VDSO: Use same -m%-float cflag as the kernel proper
    - [mips*] loongson64: remove unreachable(), fix loongson_poweroff().
    - [mips*] VDSO: Include $(ccflags-vdso) in o32,n32 .lds builds
    - [arm64] firmware: arm_scmi: provide the mandatory device release callback
    - [powerpc*] radix: Fix kernel crash with mremap()
    - [amd64] mic: vop: Fix use-after-free on remove
    - mac80211: ensure that mgmt tx skbs have tailroom for encryption
    - drm/modes: Prevent division by zero htotal
    - drm/amd/powerplay: Fix missing break in switch
    - [x86] drm/i915: always return something on DDI clock selection
    - [x86] drm/vmwgfx: Fix setting of dma masks
    - [x86] drm/vmwgfx: Return error code from vmw_execbuf_copy_fence_user
    - SUNRPC: Always drop the XPRT_LOCK on XPRT_CLOSE_WAIT
    - xfrm: Make set-mark default behavior backward compatible
    - Revert "ext4: use ext4_write_inode() when fsyncing w/o a journal" 
    - libceph: avoid KEEPALIVE_PENDING races in ceph_con_keepalive()
    - xfrm: refine validation of template and selector families
    - batman-adv: Avoid WARN on net_device without parent in netns
    - batman-adv: Force mac header to start of data on xmit
    - svcrdma: Reduce max_send_sges
    - svcrdma: Remove max_sge check at connect time
    https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.23
    - Revert "exec: load_script: don't blindly truncate shebang string" 
    https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.24
    - dt-bindings: eeprom: at24: add "atmel,24c2048" compatible string
    - eeprom: at24: add support for 24c2048
    - blk-mq: fix a hung issue when fsync (Closes: #913119, #913138)
    - [armel, armhf] 8789/1: signal: copy registers using __copy_to_user()
    - [armel, armhf] 8790/1: signal: always use __copy_to_user to save iwmmxt
      context
    - [armel, armhf] 8791/1: vfp: use __copy_to_user() when saving VFP state
    - [armel, armhf] 8792/1: oabi-compat: copy oabi events using
      __copy_to_user()
    - [armel, armhf] 8793/1: signal: replace __put_user_error with __put_user
    - [armel, armhf] 8794/1: uaccess: Prevent speculative use of the current
      addr_limit
    - [armel, armhf] 8795/1: spectre-v1.1: use put_user() for __put_user()
    - [armel, armhf] 8796/1: spectre-v1,v1.1: provide helpers for address
      sanitization
    - [armel, armhf] 8797/1: spectre-v1.1: harden __copy_to_user
    - [armel, armhf] 8810/1: vfp: Fix wrong assignement to ufp_exc
    - [armel, armhfl armhf] make lookup_processor_type() non-__init
    - [armel, armhf] split out processor lookup
    - [armel, armhf] clean up per-processor check_bugs method call
    - [armel, armhf] add PROC_VTABLE and PROC_TABLE macros
    - [armel, armhf] spectre-v2: per-CPU vtables to work around big.Little
      systems
    - [armel, armhf] ensure that processor vtables is not lost after boot
    - [armel, armhf] fix the cockup in the previous patch
    - drm/amdgpu/sriov:Correct pfvf exchange logic
    - [i386] ACPI: NUMA: Use correct type for printing addresses on i386-PAE
    - perf report: Fix wrong iteration count in --branch-history
    - perf test shell: Use a fallback to get the pathname in vfs_getname
    - [riscv64] riscv: fix trace_sys_exit hook
    - cpufreq: check if policy is inactive early in __cpufreq_get()
    - nvme-pci: use the same attributes when freeing host_mem_desc_bufs.
    - nvme-pci: fix out of bounds access in nvme_cqe_pending
    - nvme-multipath: zero out ANA log buffer
    - nvme: pad fake subsys NQN vid and ssvid with zeros
    - drm/amdgpu: set WRITE_BURST_LENGTH to 64B to workaround SDMA1 hang
    - [armel] dts: kirkwood: Fix polarity of GPIO fan lines
    - [armel, armhf] gpio: pl061: handle failed allocations
    - drm/nouveau: Don't disable polling in fallback mode
    - drm/nouveau/falcon: avoid touching registers if engine is off
    - cifs: Limit memory used by lock request calls to a page
    - [x86] kvm: sev: Fail KVM_SEV_INIT if already initialized
    - CIFS: Do not assume one credit for async responses
    - [arm*] gpio: mxc: move gpio noirq suspend/resume to syscore phase
    - [x86] Revert "Input: elan_i2c - add ACPI ID for touchpad in ASUS Aspire
      F5-573G" 
    - [x86] Input: elan_i2c - add ACPI ID for touchpad in Lenovo V330-15ISK
    - [armhf] OMAP5+: Fix inverted nirq pin interrupts with irq_set_type
    - perf/core: Fix impossible ring-buffer sizes warning
    - [x86] perf: Add check_period PMU callback
    - [x86] ALSA: hda - Add quirk for HP EliteBook 840 G5
    - ALSA: usb-audio: Fix implicit fb endpoint setup by quirk
    - ASoC: hdmi-codec: fix oops on re-probe
    - [alpha] tools uapi: fix Alpha support
    - [riscv64] Add pte bit to distinguish swap from invalid
    - [x86] kvm/nVMX: read from MSR_IA32_VMX_PROCBASED_CTLS2 only when it is
      available
    - [x86] kvm: vmx: Fix entry number check for add_atomic_switch_msr()
    - [arm*] mmc: sunxi: Filter out unsupported modes declared in the device
      tree
    - mmc: block: handle complete_work on separate workqueue
    - [x86] Input: elantech - enable 3rd button support on Fujitsu CELSIUS H780
    - Revert "nfsd4: return default lease period" 
    - Revert "mm: don't reclaim inodes with many attached pages" 
    - Revert "mm: slowly shrink slabs with a relatively small number of
      objects" 
    - [alpha] fix page fault handling for r16-r18 targets
    - [alpha] Fix Eiger NR_IRQS to 128
    - [s390*] zcrypt: fix specification exception on z196 during ap probe
    - tracing/uprobes: Fix output for multiple string arguments
    - [x86] platform/UV: Use efi_runtime_lock to serialise BIOS calls
    - scsi: sd: fix entropy gathering for most rotational disks
    - signal: Restore the stop PTRACE_EVENT_EXIT
    - md/raid1: don't clear bitmap bits on interrupted recovery.
    - [x86] a.out: Clear the dump structure initially
    - dm crypt: don't overallocate the integrity tag space
    - dm thin: fix bug where bio that overwrites thin block ignores FUA
    - drm: Use array_size() when creating lease
    - [x86] drm/i915: Block fbdev HPD processing during suspend
    - [x86] drm/i915: Prevent a race during I915_GEM_MMAP ioctl with WC set
    - mm: proc: smaps_rollup: fix pss_locked calculation
    https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.25
    - af_packet: fix raw sockets over 6in4 tunnel
    - [arm64, armhf] dsa: mv88e6xxx: Ensure all pending interrupts are handled
      prior to exit
    - net: crypto set sk to NULL when af_alg_release. (CVE-2019-8912)
    - net: Fix for_each_netdev_feature on Big endian
    - net: fix IPv6 prefix route residue
    - net: ip6_gre: initialize erspan_ver just for erspan tunnels
    - net: ipv4: use a dedicated counter for icmp_v4 redirect packets
    - net: phy: xgmiitorgmii: Support generic PHY status read
    - net: stmmac: Fix a race in EEE enable callback
    - net: stmmac: handle endianness in dwmac4_get_timestamp
    - sky2: Increase D3 delay again
    - vhost: correctly check the return value of translate_desc() in log_used()
    - vsock: cope with memory allocation failure at socket creation time
    - vxlan: test dev->flags & IFF_UP before calling netif_rx()
    - net: Add header for usage of fls64()
    - tcp: clear icsk_backoff in tcp_write_queue_purge()
    - tcp: tcp_v4_err() should be more careful
    - net: Do not allocate page fragments that are not skb aligned
    - hwmon: (lm80) Fix missing unlock on error in set_fan_div()
    - scsi: target/core: Use kmem_cache_free() instead of kfree()
    - PCI: Fix __initdata issue with "pci=disable_acs_redir" parameter
    - sunrpc: fix 4 more call sites that were using stack memory with a
      scatterlist
    - netfilter: nf_nat_snmp_basic: add missing length checks in ASN.1 cbs
      (CVE-2019-9162)
    - net/x25: do not hold the cpu too long in x25_new_lci()
    - ax25: fix possible use-after-free
    https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.26
    - [armel armhf] 8834/1: Fix: kprobes: optimized kprobes illegal instruction
    - tracing: Fix number of entries in trace header
    - [mips*] eBPF: Always return sign extended 32b values
    - mac80211: Restore vif beacon interval if start ap fails
    - mac80211: Use linked list instead of rhashtable walk for mesh tables
    - mac80211: Free mpath object when rhashtable insertion fails
    - libceph: handle an empty authorize reply
    - ceph: avoid repeatedly adding inode to mdsc->snap_flush_list
    - numa: change get_mempolicy() to use nr_node_ids instead of MAX_NUMNODES
    - proc, oom: do not report alien mms when setting oom_score_adj
    - [x86] ALSA: hda/realtek - Headset microphone and internal speaker
      support for System76 oryp5
    - [x86] ALSA: hda/realtek: Disable PC beep in passthrough on alc285
    - KEYS: allow reaching the keys quotas exactly
    - [armhf,arm64] backlight: pwm_bl: Fix devicetree parsing with auto-
      generated brightness tables
    - [armhf] mfd: ti_am335x_tscadc: Use PLATFORM_DEVID_AUTO while registering
      mfd cells
    - [armhf] mfd: twl-core: Fix section annotations on {,un}protect_pm_master
    - [arm64] mfd: qcom_rpm: write fw_version to CTRL_REG
    - mfd: axp20x: Add AC power supply cell for AXP813
    - mfd: axp20x: Re-align MFD cell entries
    - mfd: axp20x: Add supported cells for AXP803
    - mfd: cros_ec_dev: Add missing mfd_remove_devices() call in remove
      probe()
    - [armhf] mfd: mc13xxx: Fix a missing check of a register-read failure
    - qed: Fix qed_chain_set_prod() for PBL chains with non power of 2 page
      count
    - qed: Fix qed_ll2_post_rx_buffer_notify_fw() by adding a write memory
      barrier
    - [arm64] net: hns: Fix use after free identified by SLUB debug
    - bpf: Fix [::] -> [::1] rewrite in sys_sendmsg
    - selftests/bpf: Test [::] -> [::1] rewrite in sys_sendmsg in
      test_sock_addr
    - net/mlx4: Get rid of page operation after dma_alloc_coherent
    - xprtrdma: Double free in rpcrdma_sendctxs_create()
    - selftests: forwarding: Add a test for VLAN deletion
    - netfilter: nf_tables: fix leaking object reference count
    - scsi: qla4xxx: check return code of qla4xxx_copy_from_fwddb_param
    - scsi: isci: initialize shost fully before calling scsi_add_host()
    - include/linux/compiler*.h: fix OPTIMIZER_HIDE_VAR
    - netfilter: nft_flow_offload: Fix reverse route lookup
    - bpf: correctly set initial window on active Fast Open sender
    - bpf: fix panic in stack_map_get_build_id() on i386 and arm32
    - netfilter: nft_flow_offload: fix interaction with vrf slave device
    - RDMA/mthca: Clear QP objects during their allocation
    - [powerpcspe] 8xx: fix setting of pagetable for Abatron BDI debug tool.
    - acpi/nfit: Fix race accessing memdev in nfit_get_smbios_id()
    - net: stmmac: Fix PCI module removal leak
    - net: stmmac: dwxgmac2: Only clear interrupts that are active
    - net: stmmac: Check if CBS is supported before configuring
    - net: stmmac: Fix the logic of checking if RX Watchdog must be enabled
    - net: stmmac: Prevent RX starvation in stmmac_napi_poll()
    - scsi: tcmu: avoid cmd/qfull timers updated whenever a new cmd comes
    - scsi: ufs: Fix system suspend status
    - scsi: qedi: Add ep_state for login completion on un-reachable targets
    - scsi: ufs: Fix geometry descriptor size
    - scsi: cxgb4i: add wait_for_completion()
    - netfilter: nft_flow_offload: fix checking method of conntrack helper
    - always clear the X2APIC_ENABLE bit for PV guest
    - [armhf, arm64] drm/meson: add missing of_node_put
    - drm/amdkfd: Don't assign dGPUs to APU topology devices
    - drm/amd/display: fix PME notification not working in RV desktop
    - vhost: return EINVAL if iovecs size does not match the message size
    - [armhf, arm64] drm/sun4i: backend: add missing of_node_puts
    - bpf: don't assume build-id length is always 20 bytes
    - bpf: zero out build_id for BPF_STACK_BUILD_ID_IP
    - atm: he: fix sign-extension overflow on large shift
    - hwmon: (tmp421) Correct the misspelling of the tmp442 compatible
      attribute in OF device ID table
    - [armhf] leds: lp5523: fix a missing check of return value of lp55xx_read
    - bpf: bpf_setsockopt: reset sock dst on SO_MARK changes
    - net: bridge: Mark FDB entries that were added by user as such
    - net/mlx5e: Fix wrong (zero) TX drop counter indication for representor
    - isdn: avm: Fix string plus integer warning from Clang
    - batman-adv: fix uninit-value in batadv_interface_tx()
    - inet_diag: fix reporting cgroup classid and fallback to priority
    - ipv6: propagate genlmsg_reply return code
    - net: ena: fix race between link up and device initalization
    - net/mlx4_en: Force CHECKSUM_NONE for short ethernet frames
    - net/mlx5e: Don't overwrite pedit action when multiple pedit used
    - net/packet: fix 4gb buffer limit due to overflow check
    - net: sfp: do not probe SFP module before we're attached
    - sctp: call gso_reset_checksum when computing checksum in sctp_gso_segment
    - sctp: set stream ext to NULL after freeing it in sctp_stream_outq_migrate
    - team: avoid complex list operations in team_nl_cmd_options_set()
    - Revert "socket: fix struct ifreq size in compat ioctl" 
    - Revert "kill dev_ifsioc()" 
    - net: socket: fix SIOCGIFNAME in compat
    - net: socket: make bond ioctls go through compat_ifreq_ioctl()
    - geneve: should not call rt6_lookup() when ipv6 was disabled
    - sit: check if IPv6 enabled before calling ip6_err_gen_icmpv6_unreach()
    - net_sched: fix a race condition in tcindex_destroy() (Closes: #921542)
    - net_sched: fix a memory leak in cls_tcindex
    - net_sched: fix two more memory leaks in cls_tcindex
    - net/mlx5e: XDP, fix redirect resources availability check
    - RDMA/srp: Rework SCSI device reset handling
    - KEYS: user: Align the payload buffer
    - KEYS: always initialize keyring_index_key::desc_len
    - drm/amdgpu: Set DPM_FLAG_NEVER_SKIP when enabling PM-runtime
    - gpu: drm: radeon: Set DPM_FLAG_NEVER_SKIP when enabling PM-runtime
    - [x86] drm/i915/fbdev: Actually configure untiled displays
    - drm/amd/display: Fix MST reboot/poweroff sequence
    - mac80211: allocate tailroom for forwarded mesh packets
    - [x86] kvm: Return LA57 feature based on hardware capability
    - net: validate untrusted gso packets without csum offload
    - net: avoid false positives in untrusted gso validation
    - Revert "bridge: do not add port to router list when receives query with
      source 0.0.0.0" 
    - netfilter: nf_tables: fix flush after rule deletion in the same batch
    - netfilter: nft_compat: use-after-free when deleting targets
    - netfilter: ipv6: Don't preserve original oif for loopback address
    - netfilter: nfnetlink_osf: add missing fmatch check
    - netfilter: ipt_CLUSTERIP: fix sleep-in-atomic bug in
      clusterip_config_entry_put()
    - udlfb: handle unplug properly
    - [armhf arm64] pinctrl: max77620: Use define directive for
      max77620_pinconf_param values
    - net: phylink: avoid resolving link state too early
    https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.27
    - irq/matrix: Split out the CPU selection code into a helper
    - irq/matrix: Spread managed interrupts on allocation
    - genirq/matrix: Improve target CPU selection for managed interrupts
      (Closes: #922182)
    - mac80211: Change default tx_sk_pacing_shift to 7
    - scsi: libsas: Fix rphy phy_identifier for PHYs with end devices attached
    - [arm64] drm/msm: Unblock writer if reader closes file
    - [x86] ASoC: Intel: Haswell/Broadwell: fix setting for .dynamic field
    - [armhf] clk: tegra: dfll: Fix a potential Oop in remove()
    - [x86] thermal: int340x_thermal: Fix a NULL vs IS_ERR() check
    - [arm64, armhf] usb: dwc3: gadget: synchronize_irq dwc irq in suspend
    - [arm64, armhf] usb: dwc3: gadget: Fix the uninitialized link_state when
      udc starts
    - genirq: Make sure the initial affinity is not empty
    - [arm64, armel, x86, armhf] ASoC: dapm: change snprintf to scnprintf for
      possible overflow
    - [x86] drivers: thermal: int340x_thermal: Fix sysfs race condition
    - mac80211: fix miscounting of ttl-dropped frames
    - sched/wait: Fix rcuwait_wake_up() ordering
    - sched/wake_q: Fix wakeup ordering for wake_q
    - futex: Fix (possible) missed wakeup
    - drm/amd/powerplay: OD setting fix on Vega10
    - [armhf] drm/sun4i: hdmi: Fix usage of TMDS clock
    - direct-io: allow direct writes to empty inodes
    - writeback: synchronize sync(2) against cgroup writeback membership
      switches
    - scsi: lpfc: nvme: avoid hang / use-after-free when destroying localport
    - scsi: lpfc: nvmet: avoid hang / use-after-free when destroying targetport
    - scsi: csiostor: fix NULL pointer dereference in csio_vport_set_state()
    - [x86] hv_netvsc: Fix ethtool change hash key error
    - [x86] hv_netvsc: Refactor assignments of struct netvsc_device_info
    - [x86] hv_netvsc: Fix hash key value reset after other ops
    - nvme-rdma: fix timeout handler
    - nvme-multipath: drop optimization for static ANA group IDs
    - [arm64] drm/msm: Fix A6XX support for opp-level
    - net: usb: asix: ax88772_bind return error when hw_reset fail
    - net: dev_is_mac_header_xmit() true for ARPHRD_RAWIP
    - [powerpc*] ibmveth: Do not process frames after calling napi_reschedule
    - mac80211: don't initiate TDLS connection if station is not associated to
      AP
    - mac80211: Add attribute aligned(2) to struct 'action'
    - cfg80211: extend range deviation for DMG
    - [x86] svm: Fix AVIC incomplete IPI emulation
    - [x86] KVM: nSVM: clear events pending from svm_complete_interrupts() when
      exiting to L1
    - [arm64, armhf] mmc: spi: Fix card detection during probe
    - mmc: core: Fix NULL ptr crash from mmc_should_fail_request
    - [armhf] mmc: sdhci-esdhc-imx: correct the fix of ERR004536
    - mm: enforce min addr even if capable() in expand_downwards()
      (CVE-2019-9213)
    - hugetlbfs: fix races and page leaks during migration
    - [mips*] fix truncation in __cmpxchg_small for short values
    - [x86] uaccess: Don't leak the AC flag into __put_user() value evaluation
    https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.28
    - cpufreq: Use struct kobj_attribute instead of struct global_attr
    - staging: erofs: fix mis-acted TAIL merging behavior
    - USB: serial: option: add Telit ME910 ECM composition
    - USB: serial: cp210x: add ID for Ingenico 3070
    - USB: serial: ftdi_sio: add ID for Hjelmslund Electronics USB485
    - [x86] staging: comedi: ni_660x: fix missing break in switch statement
    - [x86, arm64, armhf] staging: android: ashmem: Don't call fallocate() with
      ashmem_mutex held.
    - [x86, arm64, armhf] staging: android: ashmem: Avoid range_alloc()
      allocation with ashmem_mutex held.
    - ip6mr: Do not call __IP6_INC_STATS() from preemptible context
    - [arm64, armhf] net: dsa: mv88e6xxx: handle unknown duplex modes gracefully
      in mv88e6xxx_port_set_duplex
    - [arm64, armhf] net: dsa: mv88e6xxx: fix number of internal PHYs for
      88E6x90 family
    - net: sched: put back q.qlen into a single location
    - net-sysfs: Fix mem leak in netdev_register_kobject
    - qmi_wwan: Add support for Quectel EG12/EM12
    - sctp: call iov_iter_revert() after sending ABORT
    - sky2: Disable MSI on Dell Inspiron 1545 and Gateway P-79
    - team: Free BPF filter when unregistering netdev
    - tipc: fix RDM/DGRAM connect() regression
    - bnxt_en: Drop oversize TX packets to prevent errors.
    - geneve: correctly handle ipv6.disable module parameter
    - [x86] hv_netvsc: Fix IP header checksum for coalesced packets
    - ipv4: Add ICMPv6 support when parse route ipproto
    - lan743x: Fix TX Stall Issue
    - [arm64, armhf] net: dsa: mv88e6xxx: Fix statistics on mv88e6161
    - [arm64, armhf] net: dsa: mv88e6xxx: Fix u64 statistics
    - net: netem: fix skb length BUG_ON in __skb_to_sgvec
    - net: nfc: Fix NULL dereference on nfc_llcp_build_tlv fails
    - net: phy: Micrel KSZ8061: link failure after cable connect
    - [arm64, armhf] net: phy: phylink: fix uninitialized variable in
      phylink_get_mac_state
    - net: sit: fix memory leak in sit_init_net()
    - net: socket: set sock->sk to NULL after calling proto_ops::release()
    - tipc: fix race condition causing hung sendto
    - tun: fix blocking read
    - [x86, arm64, armhf] xen-netback: don't populate the hash cache on XenBus
      disconnect
    - [x86, arm64, armhf] xen-netback: fix occasional leak of grant ref mappings
      under memory pressure
    - tun: remove unnecessary memory barrier
    - net: Add __icmp_send helper.
    - ipv4: Return error for RTA_VIA attribute
    - ipv6: Return error for RTA_VIA attribute
    - mpls: Return error for RTA_GATEWAY attribute
    - ipv4: Pass original device to ip_rcv_finish_core
    - [arm64, armhf] net: dsa: mv88e6xxx: power serdes on/off for 10G interfaces
      on 6390X
    - [arm64, armhf] net: dsa: mv88e6xxx: prevent interrupt storm caused by
      mv88e6390x_port_set_cmode
    - net/sched: act_ipt: fix refcount leak when replace fails
    - net/sched: act_skbedit: fix refcount leak when replace fails
    - net: sched: act_tunnel_key: fix NULL pointer dereference during init
    - [x86] CPU/AMD: Set the CPB bit unconditionally on F17h
    - [x86] boot/compressed/64: Do not read legacy ROM on EFI system
    - tracing: Fix event filters and triggers to handle negative numbers
    - usb: xhci: Fix for Enabling USB ROLE SWITCH QUIRK on
      INTEL_SUNRISEPOINT_LP_XHCI
    - [x86, powerpc*] applicom: Fix potential Spectre v1 vulnerabilities
    - [mips*] irq: Allocate accurate order pages for irq stack
    - aio: Fix locking in aio_poll()
    - xtensa: fix get_wchan
    - gnss: sirf: fix premature wakeup interrupt enable
    - USB: serial: cp210x: fix GPIO in autosuspend
    - Bluetooth: btrtl: Restore old logic to assume firmware is already loaded
    - Bluetooth: Fix locking in bt_accept_enqueue() for BH context
    - exec: Fix mem leak in kernel_read_file (CVE-2019-8980)
    - scsi: core: reset host byte in DID_NEXUS_FAILURE case
    - bpf: fix sanitation rewrite in case of non-pointers

  [ Ben Hutchings ]
  * [sparc64] udeb: Use standard module list in nic-modules; add i2c-modules
    and nic-shared-modules to avoid duplication
  * mt76: Use the correct hweight8() function (fixes FTBFS on ia64)
  * [armel] udeb: Add mmc-core-modules
  * udeb: Make nic-wireless-modules depend on mmc-core-modules, not
    mmc-modules; move crc7 to crc-modules to avoid duplication
  * [powerpc*] udeb: Add i2c-modules, mmc-core-modules, nic-wireless-modules
  * [arm64,armhf] udeb: Add mmc-core-modules to Provides of kernel-image
  * udeb: Add fb-modules and include drm and drm_kms_helper on most
    architecures
  * udeb: Move basic PV modules from {hyperv,virtio}-modules to kernel-image
  * udeb: Move drivers from {hyperv,virtio}-modules to
    {fb,input,nic,scsi}-modules
  * debian/bin/gencontrol.py: Add rules to build debian/build/config.*
  * certs: Replace test signing certificate with production signing certificate
  * debian/bin/gencontrol_signed.py: Put all files.json fields under "packages" 
  * Bump ABI to 4

  [ Wookey ]
  * linux-perf: Enable coresight trace (libopencsd) support in perf
    (Closes: #895131)

  [ Vagrant Cascadian ]
  * [armhf] Add patch from upstream fixing stability issues when cpufreq
    is enabled on Orange Pi Plus.
  * [armhf] Enable REGULATOR_SY8106A as module.
  * [arm64] Add patch working around A64 timer issues.

  [ dann frazier ]
  * arm64: lockdown: Move init_lockdown() call after uefi_init()

  [ Salvatore Bonaccorso ]
  * Btrfs: fix corruption reading shared and compressed extents after hole
    punching (Closes: #922306)

  [ Vagrant Cascadian ]
  * [arm64] Add patch from v4.20 to enable device-tree for Pine64-LTS.

  [ Romain Perier ]
  * [rt] Update to 4.19.25-rt16:
    - Add zram_slot_trylock() to "drivers/block/zram: Replace bit spinlocks
      with rtmutex for -rt" 
    - Refresh "futex: workaround migrate_disable/enable in different context" 
    - softirq: Avoid "local_softirq_pending" messages if ksoftirqd is blocked
    - softirq: Avoid "local_softirq_pending" messages if task is in cpu_chill()
    - hrtimer: Don't lose state in cpu_chill()
    - hrtimer: cpu_chill(): save task state in ->saved_state()
    - [x86] lazy-preempt: properly check against preempt-mask
    - [i386] lazy-preempt: use proper return label on 32bit-x86
  * [armel/rpi] Add flavour for Raspberry Pi and Raspberry Pi Zero
  * [armel, armhf] Enable CRASH_DUMP
  * Enable STRICT_MODULE_RWX

  [ Marcin Juszkiewicz ]
  * [arm64] udeb: Use generic ata-modules
  * [arm64] udeb: Remove redundant lines from nic-modules

  [ YunQiang Su ]
  * [mips r6] Disable JUMP_LABEL for now: it will cause Reserved Instruction.
    Enable SERIAL_OF_PLATFORM, if not, userland shows nothing.
    Enable CPU_HAS_MSA, HIGHMEM, CRYPTO_CRC32_MIPS, and NR_CPUS to 16.
    Support some boston drivers: IMG_ASCII_LCD, I2C_EG20T, PCH_PHUB, MMC,
      PCIE_XILINX, RTC_DRV_M41T80, SPI_TOPCLIFF_PCH.
  * [mipsel/mips64el] Backport MIPS: Loongson: Introduce and use
    loongson_llsc_mb()

 -- Ben Hutchings <ben@decadent.org.uk>  Tue, 12 Mar 2019 05:06:28 +0000

Related issues

Related to Tails - Bug #16447: Gather information about regression on some Intel GPU (Braswell, Kaby Lake) In Progress 02/08/2019
Blocks Tails - Feature #15507: Core work 2019Q1: Foundations Team Resolved 04/08/2018

Associated revisions

Revision 1317b49b (diff)
Added by intrigeri 7 months ago

Bump APT snapshot of the 'debian' archive to 2019031401 (refs: #16552)

Revision b7a53b8d (diff)
Added by intrigeri 7 months ago

Upgrade Linux to 4.19.0-4 from sid, currently at 4.19.28-1 (refs: #16552)

Revision 9967d920 (diff)
Added by intrigeri 7 months ago

Stick to systemd v240 (refs: #16552)

I see serious test suite failures with v241, e.g. the network interface
and NetworkManager are not always disabled when MAC address spoofing fails.
Let's not take any risk of regression in this area for Tails 3.13.

Revision 7862efe6 (diff)
Added by intrigeri 7 months ago

Bump APT snapshot of the 'debian' archive to 2019031601 (refs: #16552)

It's the first snapshot that has Linux 4.19.28-2, which fixes
the https://bugs.debian.org/924545 regression.

Revision 58ab8204
Added by intrigeri 7 months ago

Merge branch 'bugfix/16552-linux-4.19.28+force-all-tests' into stable (Fix-committed: #16552)

History

#1 Updated by intrigeri 7 months ago

#2 Updated by intrigeri 7 months ago

  • Description updated (diff)

#3 Updated by intrigeri 7 months ago

  • Status changed from Confirmed to In Progress

Reasons not to upgrade

This kernel upgrade is available merely 5 days before we build Tails 3.13. It's very late in our dev cycle so let's be careful.

https://bugs.debian.org/cgi-bin/pkgreport.cgi?repeatmerged=no&src=linux gives me "500 Internal Server Error" which won't help spotting regressions. We'll need to use the archive of the mailing list where new Linux bug reports are sent. It will probably take a few days before we can draw any conclusion from that anyway.

Reasons to upgrade

Graphics card support fixes

Loooots of them. Mostly on the AMD front but the 2 other major drivers (NVIDIA, Intel) are not left aside. There's a small chance it fixes the #16447 regression.

Full list:

  • drm/vgem: Fix vgem_init to get drm device available.
  • drm/amd/display: fix gamma not being applied correctly
  • drm/amd/display: calculate stream->phy_pix_clk before clock mapping
  • drm: Clear state->acquire_ctx before leaving drm_atomic_helper_commit_duplicated_state()
  • drm/amdgpu/powerplay: fix clock stretcher limits on polaris (v2)
  • drm/amd/display: Add retry to read ddc_clock pin
  • drm/amd/display: fix YCbCr420 blank color
  • drm/amd/display: validate extended dongle caps
  • drm/modes: Prevent division by zero htotal
  • drm/amd/powerplay: Fix missing break in switch
  • [x86] drm/i915: always return something on DDI clock selection
  • [x86] drm/vmwgfx: Fix setting of dma masks
  • [x86] drm/vmwgfx: Return error code from vmw_execbuf_copy_fence_user
  • drm/amdgpu/sriov:Correct pfvf exchange logic
  • drm/amdgpu: set WRITE_BURST_LENGTH to 64B to workaround SDMA1 hang
  • drm/nouveau: Don't disable polling in fallback mode
  • drm/nouveau/falcon: avoid touching registers if engine is off
  • drm: Use array_size() when creating lease
  • [x86] drm/i915: Block fbdev HPD processing during suspend
  • [x86] drm/i915: Prevent a race during I915_GEM_MMAP ioctl with WC set
  • drm/amdkfd: Don't assign dGPUs to APU topology devices
  • drm/amd/display: fix PME notification not working in RV desktop
  • drm/amdgpu: Set DPM_FLAG_NEVER_SKIP when enabling PM-runtime
  • gpu: drm: radeon: Set DPM_FLAG_NEVER_SKIP when enabling PM-runtime
  • [x86] drm/i915/fbdev: Actually configure untiled displays
  • drm/amd/display: Fix MST reboot/poweroff sequence
  • drm/amd/powerplay: OD setting fix on Vega10

Security fixes

sctp: walk the list of asoc safely (CVE-2019-8956)

Not applicable: we disable loading the sctp module. Yay for security in depth! :)

net: crypto set sk to NULL when af_alg_release. (CVE-2019-8912)

LPE, CVSS v3.0 severity is high. Ubuntu is fixing it in their LTS.

netfilter: nf_nat_snmp_basic: add missing length checks in ASN.1 cbs (CVE-2019-9162)

LPE, CVSS v3.0 severity is high. Ubuntu is fixing it in their affected release.

Presumably we could disable loading the nf_nat_snmp_basic module to workaround this (and future) problems: SNMP is not particularly relevant in the context of Tails.

mm: enforce min addr even if capable() in expand_downwards() (CVE-2019-9213)

"makes it easier for attackers to exploit kernel NULL pointer dereferences on non-SMAP platform" (https://en.wikipedia.org/wiki/Supervisor_Mode_Access_Prevention). CVSS v3.0 severity is medium.

exec: Fix mem leak in kernel_read_file (CVE-2019-8980)

Remote DOS, CVSS v3.0 severity is high.

Balancing pros & cons

The couple LPEs and the bunch of graphics hardware support fixes make it worth considering this upgrade seriously.
In order to gather more data that can inform our decision, today I'll prepare a branch that applies this upgrade and will send a call for testing on tails-testers@, then ask help desk to gather data about whether it fixes #16447.
Then, depending on this data and on regressions reported in Debian, we can make a decision for 3.13 on Saturday or Sunday.

#4 Updated by intrigeri 7 months ago

  • Related to Bug #16447: Gather information about regression on some Intel GPU (Braswell, Kaby Lake) added

#5 Updated by intrigeri 7 months ago

  • Priority changed from Normal to Elevated

(Due to the LPEs.)

#6 Updated by intrigeri 7 months ago

  • Feature Branch set to bugfix/16552-linux-4.19.28+force-all-tests

#7 Updated by intrigeri 7 months ago

The simplest way to upgrade on stable (bumping the APT snapshot of the 'debian' archive) pulls systemd 241-1~bpo9+1, while Tails 3.12.1 ships 240-4~bpo9+0tails1. Given v240 was a "jinxed" release (#16352) this can be seen as a good thing. systemd v241 was uploaded to sid 3 weeks ago and its maintainers deemed it good enough to upload to stretch-backports, which is reassuring. Still, like any change, it increases the risk of introducing regressions. If we prefer to stick to v240 we can do that with a one-line change in our APT pinning.

This snapshot bump also upgrades webext-ublock-origin from 1.18.4+dfsg-1 to 1.18.4+dfsg-2 (which only removes an obsolete conffile).

#8 Updated by intrigeri 7 months ago

ThinkPad X200 and HP EliteBook 840 G1: boots, connects to Wi-Fi, and unplugging the USB stick triggers emergency shutdown.

Sent call for testing.

#9 Updated by intrigeri 7 months ago

  • % Done changed from 0 to 20

Test suite results on Jenkins look good.

#10 Updated by intrigeri 7 months ago

No regression reported to Debian so far except a minor issue (useless error messages on boot: https://bugs.debian.org/924545).

#11 Updated by lamby 7 months ago

I'm torn. I mean, we are days away from 3.13 and only "a small chance it fixes the #16447 regression" on the one hand, but the fact that it just works for Debian (so far) is quite a big weight on the other side of the equation.

Hypothethical scenario: We upgrade and this breaks $something. People ask us why. We reply with "we changed kernel 2 days before release". They look at us like we are crazy. :)

#12 Updated by intrigeri 7 months ago

  • Assignee changed from intrigeri to CyrilBrulebois
  • QA Check set to Ready for QA

I'm torn.

@lamby, me too.

I mean, we are days away from 3.13 and only "a small chance it fixes the #16447 regression" on the one hand, but the fact that it just works for Debian (so far) is quite a big weight on the other side of the equation.

Yep. The couple local privilege escalation fixed in this version matter quite a lot too.

New/updated info:

  • I've just checked and there's been no new regression reported to Debian. The only (minor) one I've mentioned above was fixed in a newer upload (4.19.28-2) ⇒ I'm testing this locally.
  • One person (alienpup) nicely answered my call for testing: they tested the candidate image on 3 different systems and observed no regression.
  • There's a big chance we have to publish a Tails 3.13.1 emergency release in the last week of March, "thanks" to Pwn2Own. So if we screw things up here, this time we probably have a much better chance than usual to fix it up a week later, with very little additional cost & stress.

Hypothethical scenario: We upgrade and this breaks $something. People ask us why. We reply with "we changed kernel 2 days before release". They look at us like we are crazy. :)

I see what you mean. Last time we did that, we introduced the biggest hardware support regression we had for a long while (the issue was known in the Debian BTS before we merged but due to many factors, none of us actually checked that time). This does contribute to making me feel wary.

OTOH (devil advocate speaking):

  • Whatever we merge into our stable branch gets so little testing (at least on bare metal) anyway that upgrading the kernel 2 or 20 days before the release does not make a big different in practice.
  • If people ask us why we released with two high severity LPEs that were fixed in Debian a week before our release, we look somewhat irresponsible.

@CyrilBrulebois, happy to let you make the final decision. At this point, I only need to know whether you would be fine with shipping this upgrade in 3.13. No need to review & merge yet: the code changes are totally trivial and I'll only have CI results about 4.19.28-2 around 20:00 CET today.

#13 Updated by CyrilBrulebois 7 months ago

  • Assignee changed from CyrilBrulebois to intrigeri

@intrigeri: Thanks for double checking (at various points) what landed in the BTS (and yes, 500/ISE on the linux BTS page has been around for many years… :/). 4.19.28-[12] are indeed quite new, and also bring some changes regarding Secure Boot (which shouldn't impact us but as noted above can trigger error messages in some crypto-handling areas), but the load of security fixes we would otherwise be missing makes me want to get that merged rather than not.

I think I'll grab the ISO built on Jenkins and USB-test it on both a Thinkpad Edge E320 and an HP EliteBook Folio 1040 G3 (unfortunately close-ish to the HP EliteBook 840 G1 mentioned above). I might also be able to bring back an old, slooow Acer/Asus (not sure which) laptop from storage to get more coverage, if that's deemed desirable.

Given the very bad experience feeling with that Intel regression, I might commit to testing further kernel upgrades on the above range of HW (provided I can get my hands on it, which depends on travels, other plans, etc., in a timely manner to provide feedback).

#14 Updated by intrigeri 7 months ago

@intrigeri: Thanks for double checking (at various points) what landed in the BTS (and yes, 500/ISE on the linux BTS page has been around for many years… :/). 4.19.28-[12] are indeed quite new, and also bring some changes regarding Secure Boot (which shouldn't impact us but as noted above can trigger error messages in some crypto-handling areas), but the load of security fixes we would otherwise be missing makes me want to get that merged rather than not.

@CyrilBrulebois, thanks a lot for your input. I'm now also leaning towards merging. I'm also ready to put in the extra testing effort to reassure ourselves.

I think I'll grab the ISO built on Jenkins and USB-test it on both a Thinkpad Edge E320 and an HP EliteBook Folio 1040 G3 (unfortunately close-ish to the HP EliteBook 840 G1 mentioned above). I might also be able to bring back an old, slooow Acer/Asus (not sure which) laptop from storage to get more coverage, if that's deemed desirable.

I'll sum up on this ticket tomorrow the list of GPUs this image was successfully tested on already (alienpup's 3 systems + my 2 ones). I'll also test on a third machine I have handy.

#15 Updated by CyrilBrulebois 7 months ago

Boot, Wi-Fi, emergency shutdown OK on both Thinkpad Edge E320 and on HP EliteBook Folio 1040 G3.

The former has switchable graphics (Intel & AMD), renderer string in glxinfo said Sandybridge; Wireless is iwlwifi-based.

03:00.0 Network controller: Intel Corporation Centrino Wireless-N 1000 [Condor Peak]
    Subsystem: Intel Corporation Centrino Wireless-N 1000 BGN
[…]
00:02.0 VGA compatible controller: Intel Corporation 2nd Generation Core Processor Family Integrated Graphics Controller (rev 09) (prog-if 00 [VGA controller])
    Subsystem: Lenovo 2nd Generation Core Processor Family Integrated Graphics Controller
[…]
01:00.0 VGA compatible controller: Advanced Micro Devices, Inc. [AMD/ATI] Whistler [Radeon HD 6630M/6650M/6750M/7670M/7690M] (prog-if 00 [VGA controller])
    Subsystem: Lenovo Whistler [Radeon HD 6630M/6650M/6750M/7670M/7690M]

The latter is equipped with:

00:02.0 VGA compatible controller: Intel Corporation HD Graphics 520 (rev 07) (prog-if 00 [VGA controller])
        Subsystem: Hewlett-Packard Company HD Graphics 520
[…]
01:00.0 Network controller: Intel Corporation Wireless 8260 (rev 3a)
        Subsystem: Intel Corporation Dual Band Wireless-AC 8260

Old laptop(s) are deep into storage, and fetching them back would be a little cumbersome/too time-consuming for 3.13. That should be doable for further releases though.

#16 Updated by intrigeri 7 months ago

  • Assignee changed from intrigeri to CyrilBrulebois

Boot, Wi-Fi, emergency shutdown OK on both Thinkpad Edge E320 and on HP EliteBook Folio 1040 G3.

Great!

tl;dr aka. my conclusion after writing everything that follows

@CyrilBrulebois, I think we're good to go. I now feel comfortable enough to ask you to review'n'merge this branch. Boom!

Debian

No new regression reported.

CI results

  • Tests look good on my local Jenkins. On our shared Jenkins, among the last 3 runs, the only tests that fail more than once are well-known to be fragile.
  • Builds reproducibly.

alienpup's reported success with 4.19.28-1

Only Intel network controllers; 2 different Intel graphics generations; one AMD/ATI Radeon.

Compulab Mintbox Mini (original)

00:01.0 VGA compatible controller [0300]: Advanced Micro Devices, Inc. [AMD/ATI] Mullins [Radeon R3E Graphics] [1002:9854] (rev 02)
01:00.0 Ethernet controller [0200]: Intel Corporation I211 Gigabit Network Connection [8086:1539] (rev 03)

Lenovo Thinkpad T410

00:02.0 VGA compatible controller [0300]: Intel Corporation Core Processor Integrated Graphics Controller [8086:0046] (rev 02)
03:00.0 Network controller [0280]: Intel Corporation Centrino Wireless-N 1000 [Condor Peak] [8086:0084]

HP Pavilion dm4

00:02.0 VGA compatible controller [0300]: Intel Corporation 2nd Generation Core Processor Family Integrated Graphics Controller [8086:0116] (rev 09)
01:00.0 Network controller [0280]: Intel Corporation Centrino Wireless-N + WiMAX 6150 [8086:0886] (rev 67)

Success with 4.19.28-2

Boots, connects to Wi-Fi, unplugging USB stick triggers emergency shutdown that successfully powers off the system.

ThinkPad X1 Carbon 6th gen

00:02.0 VGA compatible controller [0300]: Intel Corporation UHD Graphics 620 [8086:5917] (rev 07)
02:00.0 Network controller [0280]: Intel Corporation Wireless 8265 / 8275 [8086:24fd] (rev 78)

HP EliteBook 840 G1 and ThinkPad X200

Too lazy to retrieve the lspci info; whatever. Both have Intel GPU and Wi-Fi controllers.

#17 Updated by intrigeri 7 months ago

  • Subject changed from Consider upgrading to Linux 4.19.28 to Upgrade to Linux 4.19.28
  • % Done changed from 20 to 50
  • Type of work changed from Research to Code

#18 Updated by CyrilBrulebois 7 months ago

  • Assignee changed from CyrilBrulebois to intrigeri
  • QA Check changed from Ready for QA to Pass

The code changes LGTM; https://tails.boum.org/contribute/Linux_kernel/ doesn't seem to mention anything specific regarding reviewing so I haven't tested anything in particular (except HW tests done in advance of course). Please shout if I missed something.

#19 Updated by intrigeri 7 months ago

  • Status changed from In Progress to Fix committed
  • % Done changed from 50 to 100

#20 Updated by intrigeri 7 months ago

  • Assignee deleted (intrigeri)

#21 Updated by CyrilBrulebois 7 months ago

  • Status changed from Fix committed to Resolved

Also available in: Atom PDF