Ubuntu
linux package

[Ubuntu 20.04] Problem leading IUCV service down (on s390x)

Bug #1913442 reported by bugproxy on 2021-01-27

This bug affects 1 person

	Status	Importance	Assigned to
Ubuntu on IBM z Systems	Fix Released	High	Skipper Bug Screeners
linux (Ubuntu)	Fix Released	Undecided	Unassigned
Focal	Fix Released	Undecided	Canonical Kernel Team
Hirsute	Fix Released	Undecided	Unassigned
Impish	Fix Released	Undecided	Unassigned

Bug Description

SRU Justification:
==================

[Impact]

* Problems occur in IBM z/VM's IUCV (Inter User Communication Vehicle) environments and its communication.

* Errors like "usercopy: Kernel memory overwrite attempt detected to SLUB object 'dma-kmalloc-1 k' (offset 0, size 11)!" pop up and cause failures.

* This is because IUCV uses kmalloc() with __GFP_DMA because of memory address restrictions.

* The solution is to mark dma-kmalloc caches as usercopy caches.

[Fix]

* 49f2d2419d60a103752e5fbaf158cf8d07c0d884 49f2d2419d60 "usercopy: mark dma-kmalloc caches as usercopy caches"

* Due to changes in the context of the upstream patch,
a cherry-pick was not possible and the following backport was created:
https://bugs.launchpad.net/bugs/1913442/+attachment/5457885/+files/commit_49f2d2419d60_backport.patch

[Test Case]

* Setup Ubuntu Server 20.04 on s390x system as IBM z/VM guest aka virtual machine.

* Setup IUCV on z/VM: Setting up the (IUCV TCPIP) service machine:
https://www.ibm.com/support/knowledgecenter/linuxonibm/com.ibm.linux.z.ljdd/ljdd_t_iucv_tcpservice.html

* Set up a Linux IUCV instance: https://www.ibm.com/support/knowledgecenter/linuxonibm/com.ibm.linux.z.ljdd/ljdd_t_iucv_scen1_guest.html

* Set up an IUCV direct: https://www.ibm.com/support/knowledgecenter/linuxonibm/com.ibm.linux.z.ljdd/ljdd_c_iucv_connect.html

* Make use of IUCV, for example using ssh on a direct connection.

* Verify if the connections is stable and watch out for messages starting with "usercopy".

[Regression Potential]

* Problems could occur in case the create_kmalloc_cache call is done wrong,
for example with wrong index, wrong size or just wrong comma separations.

* Wrong size or index will probably lead to similar instability problems that exist today.

* Problems in the syntax (commas etc.) will be detected at compile time.

* But it's just a single line modification in function create_kmalloc_caches of /mm/slab_common.c,

* so the change is very limited and quite traceable.

* And it was in depth discussed here:
https://lore.kernel<email address hidden>/

* a reviewed by a lot of kernel engineers (see provenance)

* and it was already upstream accepted with kernel 5.8.

[Other]

* Since the commit is upstream accepted with 5.8, so it's already in impish and hirsute (and groovy).

* Hence this kernel SRU submission is for Focal only and covers only the above single but common code commit/patch.
__________

When I deployed a Ubuntu20.04 instance with kernel version of 5.4.0-58-generic under z/VM, I saw below messages from kernel and the iucvserv program malfunctioned. Hence it caused some devices like network device configuration failure and deployment failure.

Dec 14 22:02:26 ub2004img iucvserv: Receive OPNCLD4 0.0.0.1 pwd sent from IUCV client.
Dec 14 22:02:26 ub2004img iucvserv: /etc/iucv_authorized_userid exists, check authorization.
Dec 14 22:02:26 ub2004img iucvserv: senduserid=OPNCLD4, authuserid=OPNCLD4, len=7
Dec 14 22:02:26 ub2004img iucvserv: Current version is 0.0.0.1, upgraded version is 0.0.0.1
Dec 14 22:02:26 ub2004img iucvserv: Will execute the linux command pwd 2>&1; echo iucvcmdrc=$? sent from IUCV client.
Dec 14 22:02:26 ub2004img iucvserv: result length=14, send message length=14,#012 /#012iucvcmdrc=0
Dec 14 22:02:26 ub2004img kernel: [63084.184649] ------------[ cut here ]------------
Dec 14 22:02:26 ub2004img kernel: [63084.184654] Bad or missing usercopy whitelist? Kernel memory exposure attempt detected from SLUB object 'dma-kmalloc-1k' (offset 0, size 20)!
Dec 14 22:02:26 ub2004img kernel: [63084.184680] WARNING: CPU: 1 PID: 697 at mm/usercopy.c:75 usercopy_warn+0xa0/0xd0
Dec 14 22:02:26 ub2004img kernel: [63084.184681] Modules linked in: tcp_diag udp_diag raw_diag inet_diag unix_diag xt_CT iptable_raw ipt_REJECT nf_reject_ipv4 xt_tcpudp xt_conntrack nf_conntrack nf_defr
ag_ipv6 nf_defrag_ipv4 iptable_filter bpfilter af_iucv nls_utf8 isofs dm_multipath scsi_dh_rdac scsi_dh_emc scsi_dh_alua vmur vfio_ccw vfio_mdev mdev s390_trng vfio_iommu_type1 vfio sch_fq_codel drm drm
_panel_orientation_quirks i2c_core ip_tables x_tables btrfs zstd_compress zlib_deflate raid10 raid456 async_raid6_recov async_memcpy async_pq async_xor async_tx xor raid6_pq libcrc32c raid1 raid0 linear
pkey zcrypt crc32_vx_s390 ghash_s390 prng aes_s390 des_s390 libdes sha3_512_s390 sha3_256_s390 sha512_s390 sha256_s390 sha1_s390 sha_common dasd_fba_mod dasd_mod qeth_l2 qeth qdio ccwgroup
Dec 14 22:02:26 ub2004img kernel: [63084.184718] CPU: 1 PID: 697 Comm: iucvserv Not tainted 5.4.0-58-generic #64-Ubuntu
Dec 14 22:02:26 ub2004img kernel: [63084.184718] Hardware name: IBM 8561 LT1 400 (z/VM 7.1.0)
Dec 14 22:02:26 ub2004img kernel: [63084.184719] Krnl PSW : 0704c00180000000 00000000b3c37a60 (usercopy_warn+0xa0/0xd0)
Dec 14 22:02:26 ub2004img kernel: [63084.184721] R:0 T:1 IO:1 EX:1 Key:0 M:1 W:0 P:0 AS:3 CC:0 PM:0 RI:0 EA:3
Dec 14 22:02:26 ub2004img kernel: [63084.184722] Krnl GPRS: 0000000000000004 0000000000000006 0000000000000081 0000000000000007
Dec 14 22:02:26 ub2004img kernel: [63084.184722] 0000000000000007 00000000f2ecb400 00000000b43fdc6a 000003e000000014
Dec 14 22:02:26 ub2004img kernel: [63084.184723] 0000000000000000 0000000000000014 0000000000000000 00000000b43f01f0
Dec 14 22:02:26 ub2004img kernel: [63084.184723] 00000000aae13300 00000000e9332a00 00000000b3c37a5c 000003e000987a10
Dec 14 22:02:26 ub2004img kernel: [63084.184728] Krnl Code: 00000000b3c37a50: c020003e310f larl %r2,00000000b43fdc6e
Dec 14 22:02:26 ub2004img kernel: [63084.184728] 00000000b3c37a56: c0e5ffedbe85 brasl %r14,00000000b39ef760
Dec 14 22:02:26 ub2004img kernel: [63084.184728] #00000000b3c37a5c: a7f40001 brc 15,00000000b3c37a5e
Dec 14 22:02:26 ub2004img kernel: [63084.184728] >00000000b3c37a60: eb6ff0c00004 lmg %r6,%r15,192(%r15)
Dec 14 22:02:26 ub2004img kernel: [63084.184728] 00000000b3c37a66: 07fe bcr 15,%r14
Dec 14 22:02:26 ub2004img kernel: [63084.184728] 00000000b3c37a68: 47000700 bc 0,1792
Dec 14 22:02:26 ub2004img kernel: [63084.184728] 00000000b3c37a6c: c020003e30fa larl %r2,00000000b43fdc60
Dec 14 22:02:26 ub2004img kernel: [63084.184728] 00000000b3c37a72: a7f4ffd4 brc 15,00000000b3c37a1a
Dec 14 22:02:26 ub2004img kernel: [63084.184735] Call Trace:
Dec 14 22:02:26 ub2004img kernel: [63084.184736] ([<00000000b3c37a5c>] usercopy_warn+0x9c/0xd0)
Dec 14 22:02:26 ub2004img kernel: [63084.184740] [<00000000b3c0fcc8>] __check_heap_object+0xd8/0x150
Dec 14 22:02:26 ub2004img kernel: [63084.184741] [<00000000b3c37bc4>] __check_object_size+0x134/0x200
Dec 14 22:02:26 ub2004img kernel: [63084.184744] [<00000000b4080a7e>] simple_copy_to_iter+0x3e/0x70
Dec 14 22:02:26 ub2004img kernel: [63084.184745] [<00000000b407fe02>] __skb_datagram_iter+0x72/0x280
Dec 14 22:02:26 ub2004img kernel: [63084.184745] [<00000000b40800be>] skb_copy_datagram_iter+0x5e/0xe0
Dec 14 22:02:26 ub2004img kernel: [63084.184747] [<000003ff805014ea>] iucv_sock_recvmsg+0xaa/0x460 [af_iucv]
Dec 14 22:02:26 ub2004img kernel: [63084.184749] [<00000000b406ce36>] __sys_recvfrom+0xb6/0x140
Dec 14 22:02:26 ub2004img kernel: [63084.184750] [<00000000b406e042>] __s390x_sys_socketcall+0x222/0x350
Dec 14 22:02:26 ub2004img kernel: [63084.184753] [<00000000b4250ba2>] system_call+0x2a6/0x2c8
Dec 14 22:02:26 ub2004img kernel: [63084.184753] Last Breaking-Event-Address:
Dec 14 22:02:26 ub2004img kernel: [63084.184754] [<00000000b3c37a5c>] usercopy_warn+0x9c/0xd0
Dec 14 22:02:26 ub2004img kernel: [63084.184754] ---[ end trace b0232fe5536a773d ]---
Dec 14 22:02:26 ub2004img iucvserv: Receive OPNCLD4 0.0.0.1 ls /etc/*-release sent from IUCV client.
Dec 14 22:02:26 ub2004img iucvserv: /etc/iucv_authorized_userid exists, check authorization.
Dec 14 22:02:26 ub2004img iucvserv: senduserid=OPNCLD4, authuserid=OPNCLD4, len=7
Dec 14 22:02:26 ub2004img iucvserv: Current version is 0.0.0.1, upgraded version is 0.0.0.1
Dec 14 22:02:26 ub2004img iucvserv: Will execute the linux command ls /etc/*-release 2>&1; echo iucvcmdrc=$? sent from IUCV client.
Dec 14 22:02:26 ub2004img iucvserv: result length=45, send message length=45,#012 /etc/lsb-release#012/etc/os-release#012iucvcmdrc=0
Dec 14 22:02:26 ub2004img iucvserv: Receive OPNCLD4 0.0.0.1 cat /etc/os-release sent from IUCV client.
Dec 14 22:02:26 ub2004img iucvserv: /etc/iucv_authorized_userid exists, check authorization.
Dec 14 22:02:26 ub2004img iucvserv: senduserid=OPNCLD4, authuserid=OPNCLD4, len=7
Dec 14 22:02:26 ub2004img iucvserv: Current version is 0.0.0.1, upgraded version is 0.0.0.1

But I didn't see such problem with kernel version 5.4.0-40-generic #44-Ubuntu when I did the same operation.

See original description

Tags:

bugproxy (bugproxy) on 2021-01-27

tags:	added: architecture-s39064 bugnameltc-191054 severity-high targetmilestone-inin---
Changed in ubuntu:
assignee:	nobody → Skipper Bug Screeners (skipper-screen-team)
affects:	ubuntu → linux (Ubuntu)

Frank Heimes (fheimes) on 2021-01-27

Changed in ubuntu-z-systems:
status:	New → Triaged
assignee:	nobody → Skipper Bug Screeners (skipper-screen-team)
Changed in linux (Ubuntu):
assignee:	Skipper Bug Screeners (skipper-screen-team) → Frank Heimes (fheimes)
Changed in ubuntu-z-systems:
importance:	Undecided → High

Revision history for this message

bugproxy (bugproxy) wrote on 2021-01-27: Comment bridged from LTC Bugzilla

------- Comment From <email address hidden> 2021-01-27 09:34 EDT-------
The solution be provided with the following git-commit.
https://github.com/torvalds/linux/commit/49f2d2419d60a103752e5fbaf158cf8d07c0d884

Frank Heimes (fheimes) on 2021-01-27

no longer affects:	linux (Ubuntu Groovy)
no longer affects:	linux (Ubuntu Hirsute)
Changed in linux (Ubuntu):
status:	New → Fix Released
Changed in linux (Ubuntu Focal):
status:	New → Triaged
Changed in linux (Ubuntu):
assignee:	Frank Heimes (fheimes) → nobody
Changed in linux (Ubuntu Focal):
assignee:	nobody → Frank Heimes (fheimes)

Revision history for this message

Frank Heimes (fheimes) wrote on 2021-01-28:

backport of upstream commit 49f2d2419d60 to focal 5.4 Edit (348 bytes, text/plain)

Revision history for this message

Frank Heimes (fheimes) wrote on 2021-02-01:

A kernel test build (binary-debs) from s390x can be found here:
https://people.canonical.com/~fheimes/lp1913442/

Cross-arch. builds (for amd64, arm64, ppc64el and amd64) can be found in this PPA:
https://launchpad.net/~fheimes/+archive/ubuntu/lp1913442

Revision history for this message

bugproxy (bugproxy) wrote on 2021-02-02: console log with the patch kernel

console log with the patch kernel Edit (23.8 KiB, text/plain)

------- Comment (attachment only) From <email address hidden> 2021-02-02 07:38 EDT-------

Revision history for this message

bugproxy (bugproxy) wrote on 2021-02-02: Comment bridged from LTC Bugzilla

------- Comment From <email address hidden> 2021-02-02 08:14 EDT-------
The latest update from Canonical is the same as the one updated last week.
During testingsted I don't see the kernel warning/error messages in the console log.
But I got a new issue.
Basically, the Nic device cannot be online via znetconfig.
I will attach the console log. That's the only thing we can get.
The guest didn't seem in emergency mode or other shell env.
So there is no way for me to check in the shell mode.
From the z/VM guest side, we saw the Nic was created and attached the vswitch.

Revision history for this message

Frank Heimes (fheimes) wrote on 2021-02-02:

Yes, the two kernel are on the same level - I did a rebuild since the above patch is common code and the kernel needed to be build on all significant architectures - that's what I did based on the PPA.

So looks like the messages/warning are gone, but that there is another issue.
I'm changing the status to Incomplete for the time being ...

Changed in ubuntu-z-systems:
status:	Triaged → Incomplete
Changed in linux (Ubuntu Focal):
status:	Triaged → Incomplete

Revision history for this message

bugproxy (bugproxy) wrote on 2021-02-09:

------- Comment From <email address hidden> 2021-02-09 02:56 EDT-------
In the console log I see the following error message:

5.836326? zvmguestconfigure?619?: Successfully removed device 0.0.1000 (enc1000)
? 9.973839? zvmguestconfigure?652?: Scanning for network devices...
? 10.016611? zvmguestconfigure?664?: /usr/sbin/znetconf: line 562: echo: write error: Invalid argument
? 10.016650? zvmguestconfigure?664?: znetconf: Error: Failed to make 0.0.1000 online
? 10.198654? zvmguestconfigure?681?: inactive
?

"Invalid argument" is errno EINVAL, which is different from the errno of an other problem we are aware of. So this one is something different.

@Canonical: given the backport patch that is shown in the attachment this new problem cannot be related to the patch at all. So something else must have been changed in the kernel. Any ideas, additional fixes that went in, ... ?

Revision history for this message

Frank Heimes (fheimes) wrote on 2021-02-09:

#10

Is it now a znetconf issue or still a kernel issue?
Can you manually enable the device by directly echo-ing to the sysfs entry?
(I guess the device is not in the cio ignore list or so.)
Did you also tried chzdev to enable it? (ideally with '--verbose')
(I was once told that this is the strategic tool to enable ccw devices, and since then I use this all the time).

Well, there are hundreds of patches that regularly find it's way into the focal kernel, since we continuously pick up almost everything that comes as upstream stable update.
These are handled by tickets like these:

...
Focal update: v5.4.89 upstream stable release - LP 1913486
Focal update: v5.4.90 upstream stable release - LP 1913487
Focal update: v5.4.91 upstream stable release - LP 1914654
...

There are of course some commits (just as an example, like: "s390/cio: fix use-after-free in ccw_device_destroy_console" introduced with Focal update: v5.4.86 upstream stable release (LP: #1910822)) that could have an impact.
But it's difficult to figure that out, since between the kernel you've used (5.4.0-58) and the sample build (5.4.0-66) from above, quite a lot came in.

So I went back in history (aka git log) to 5.4.0-58.64 / 6e9188016357
and patched that version with the same backport and did another test build.
You can now find kernel files with version 5.4.0-58 (in addition to 5.4.0-66) here: https://people.canonical.com/~fheimes/lp1913442/
that are worth to retry, I think.

Revision history for this message

bugproxy (bugproxy) wrote on 2021-03-16:

#11

------- Comment From <email address hidden> 2021-03-16 07:39 EDT-------
(In reply to comment #24)
> In the console log I see the following error message:
>
> 5.836326? zvmguestconfigure619?: Successfully removed device 0.0.1000
> (enc1000)
> 9.973839? zvmguestconfigure652?: Scanning for network devices...
> 10.016611? zvmguestconfigure664?: /usr/sbin/znetconf: line 562: echo:
> write error: Invalid argument
> 10.016650? zvmguestconfigure664?: znetconf: Error: Failed to make
> 0.0.1000 online
> 10.198654? zvmguestconfigure681?: inactive
>
>
> "Invalid argument" is errno EINVAL, which is different from the errno of an
> other problem we are aware of. So this one is something different.
>
> @Canonical: given the backport patch that is shown in the attachment this
> new problem cannot be related to the patch at all. So something else must
> have been changed in the kernel. Any ideas, additional fixes that went in,
> ... ?

FYI for the problem described in comment #24 a new problem was opened:
https://bugzilla.linux.ibm.com/show_bug.cgi?id=191691

Revision history for this message

Dimitri John Ledkov (xnox) wrote on 2021-03-16:

#12

191691 has not been mirrored to launchpad, thus Ubuntu developers cannot see any of that details.

Note that Ubuntu does not have access to the LTC bugzilla, instead bugproxy mirrors reports to Launchpad as needed. Please check with hws if 191691 should be mirrored across, or not.

Revision history for this message

Dimitri John Ledkov (xnox) wrote on 2021-03-16:

#13

This bug is now marked private on launchpad side. No longer visible to the public.

information type:

Public → Private

Revision history for this message

bugproxy (bugproxy) wrote on 2021-03-19:

#14

------- Comment From <email address hidden> 2021-03-19 10:59 EDT-------
With applying the provided upstream patch. This issue can be closed.
The refering other BZ is a different problem...

Revision history for this message

Frank Heimes (fheimes) wrote on 2021-03-19:

#15

Ok, so the above patch is still needed for focal.
It's not in focal, yet, in case yes we have to proceed with SRU to focal.
But I want to do that only if _really_ needed, since it affects common code...

Revision history for this message

Frank Heimes (fheimes) wrote on 2021-10-04:

#16

The commit mentioned in comment #3 is upstream with 5.8 (rc-1),
hence it's not only included in Impish, but also in Hirsute (and even in Groovy).
So if this will be SRUed, then it's an SRU to focal only.

Changed in linux (Ubuntu Hirsute):
status:	New → Fix Released

Revision history for this message

Frank Heimes (fheimes) wrote on 2021-10-05:

#17

Patch request submitted for focal:
https://lists.ubuntu.com/archives/kernel-team/2021-October/thread.html#124589
changing status to 'In Progress' for focal.

Changed in linux (Ubuntu Focal):
status:	Incomplete → In Progress
Changed in ubuntu-z-systems:
status:	Incomplete → In Progress
Changed in linux (Ubuntu Focal):
assignee:	Frank Heimes (fheimes) → Canonical Kernel Team (canonical-kernel-team)
description:	updated
information type:	Private → Public

Revision history for this message

Harald Freudenberger (freude-5) wrote on 2021-10-05:

#18

Hello Frank
hm, the output shows absolutely no relationship with AP bus or zcrypt device driver code.
Neither the kernel callstack nor the userspace iucvserv application has any relations to
my patch series.

Revision history for this message

Frank Heimes (fheimes) wrote on 2021-10-05:

#19

Hi Harald, well, I'm a bit confused - probably because I don't see the entire discussion that you may have in bugzilla.
I guess you are talking about the new/add issue that was mentioned in LP comment #7 ?
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1913442/comments/7

Well, since this is obviously not related to the original issue that was reported by this bug,
I proceeded with the patch request (SRU) to focal and just requested to add a backport of this commit:
https://github.com/torvalds/linux/commit/49f2d2419d60a103752e5fbaf158cf8d07c0d884
to focal master next (backport only because of changes in the context).

And I agree with not seeing any relationship to AP and crypt (not sure why this assumption came up)?!

Kelsey Steele (kelsey-steele) on 2021-10-13

Changed in linux (Ubuntu Focal):
status:	In Progress → Fix Committed

Frank Heimes (fheimes) on 2021-10-14

Changed in ubuntu-z-systems:
status:	In Progress → Fix Committed

Revision history for this message

bugproxy (bugproxy) wrote on 2021-10-19:

#20

------- Comment From <email address hidden> 2021-10-19 09:40 EDT-------
Is there anything else we can do for this IUCV problem? If not then I would like to close the bug. Thank you!

Revision history for this message

Frank Heimes (fheimes) wrote on 2021-10-19:

#21

Hi Karsten, no, nothing needed on top.
It's in status "Fix Committed", hence it's already available from the -proposed pocket of the Ubuntu archive, and will be migrated to -release with the next kernel update (which is a matter of days).

(What I just didn't understood was https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1913442/comments/18
maybe this was an accident ...)

Revision history for this message

bugproxy (bugproxy) wrote on 2021-10-20:

#22

------- Comment From <email address hidden> 2021-10-20 06:08 EDT-------
Hi Frank,

thanks for the summary! Closing this bug now...

Revision history for this message

Ubuntu Kernel Bot (ubuntu-kernel-bot) wrote on 2022-01-19:

#23

This bug is awaiting verification that the linux/5.4.0-97.110 kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-focal' to 'verification-done-focal'. If the problem still exists, change the tag 'verification-needed-focal' to 'verification-failed-focal'.

If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you!

tags:

added: verification-needed-focal

Revision history for this message

Frank Heimes (fheimes) wrote on 2022-01-19:

#24

I could validate this, didn't noticed any 'usercopy' messages - same behavior like impish, hence updating tags...

tags:

added: verification-done-focal
removed: verification-needed-focal

Revision history for this message

Launchpad Janitor (janitor) wrote on 2022-01-31:

#25

Download full text (31.9 KiB)

This bug was fixed in the package linux - 5.4.0-97.110

---------------
linux (5.4.0-97.110) focal; urgency=medium

  * icmp_redirect from selftests fails on F/kvm (unary operator expected)
    (LP: #1938964)
    - selftests: icmp_redirect: pass xfail=0 to log_test()

  * Focal: CIFS stable updates (LP: #1954926)
    - cifs: use the expiry output of dns_query to schedule next resolution
    - cifs: set a minimum of 120s for next dns resolution
    - cifs: To match file servers, make sure the server hostname matches

  * seccomp_bpf in seccomp from ubuntu_kernel_selftests failed to build on B-5.4
    (LP: #1896420)
    - SAUCE: selftests/seccomp: fix "storage size of 'md' isn't known" build issue
    - SAUCE: selftests/seccomp: Fix s390x regs not defined issue

  * system crash when removing ipmi_msghandler module (LP: #1950666)
    - ipmi: Move remove_work to dedicated workqueue
    - ipmi: msghandler: Make symbol 'remove_work_wq' static

  * zcrypt DD: Toleration for new IBM Z Crypto Hardware - (Backport to Ubuntu
    20.04) (LP: #1954680)
    - s390/AP: support new dynamic AP bus size limit

  * [UBUNTU 20.04] KVM hardware diagnose data improvements for guest kernel -
    kernel part (LP: #1953334)
    - s390/setup: diag 318: refactor struct
    - s390/kvm: diagnose 0x318 sync and reset
    - KVM: s390: remove diag318 reset code
    - KVM: s390: add debug statement for diag 318 CPNC data

* Updates to ib_peer_memory requested by Nvidia (LP: #1947206)
- SAUCE: RDMA/core: Updated ib_peer_memory

  * Include Infiniband Peer Memory interface (LP: #1923104)
    - IB: Allow calls to ib_umem_get from kernel ULPs
    - SAUCE: RDMA/core: Introduce peer memory interface

This bug was fixed in the package linux - 5.4.0-97.110

---------------
linux (5.4.0-97.110) focal; urgency=medium

* icmp_redirect from selftests fails on F/kvm (unary operator expected)
    (LP: #1938964)
    - selftests: icmp_redirect: pass xfail=0 to log_test()

* system crash when removing ipmi_msghandler module (LP: #1950666)
    - ipmi: Move remove_work to dedicated workqueue
    - ipmi: msghandler: Make symbol 'remove_work_wq' static

* zcrypt DD: Toleration for new IBM Z Crypto Hardware - (Backport to Ubuntu
    20.04) (LP: #1954680)
    - s390/AP: support new dynamic AP bus size limit

* Updates to ib_peer_memory requested by Nvidia (LP: #1947206)
    - SAUCE: RDMA/core: Updated ib_peer_memory

* Include Infiniband Peer Memory interface (LP: #1923104)
    - IB: Allow calls to ib_umem_get from kernel ULPs
    - SAUCE: RDMA/core: Introduce peer memory interface

* Focal update: v5.4.162 upstream stable release (LP: #1954834)
    - arm64: zynqmp: Do not duplicate flash partition label property
    - arm64: zynqmp: Fix serial compatible string
    - ARM: dts: NSP: Fix mpcore, mmc node names
    - scsi: lpfc: Fix list_add() corruption in lpfc_drain_txq()
    - arm64: dts: hisilicon: fix arm,sp805 compatible string
    - RDMA/bnxt_re: Check if the vlan is valid before reporting
    - usb: musb: tusb6010: check return value after calling
      platform_get_resource()
    - usb: typec: tipd: Remove WARN_ON in tps6598x_block_read
    - arm64: dts: qcom: msm8998: Fix CPU/L2 idle state latency and residency
    - arm64: dts: freescale: fix arm,sp805 compatible string
    - ASoC: SOF: Intel: hda-dai: fix potential locking issue
    - clk: imx: imx6ul: Move csi_sel mux to correct base register
    - ASoC: nau8824: Add DMI quirk mechanism for active-high jack-detect
    - scsi: advansys: Fix kernel pointer leak
    - firmware_loader: fix pre-allocated buf built-in firmware use
    - ARM: dts: omap: fix gpmc,mux-add-data type
    - usb: host: ohci-tmio: check return value after calling
      platform_get_resource()
    - ARM: dts: ls1021a: move thermal-zones node out of soc/
    - ARM: dts: ls1021a-tsn: use generic "jedec,spi-nor" compatible for flash
    - ALSA: ISA: not for M68K
    - tty: tty_buffer: Fix the softlockup issue in flush_to_ldisc
    - MIPS: sni: Fix the build
    - scsi: target: Fix ordered tag handling
    - scsi: target: Fix alua_tg_pt_gps_count tracking
    - iio: imu: st_lsm6dsx: Avoid potential array overflow in st_lsm6dsx_set_odr()
    - powerpc/5200: dts: fix memory node unit name
    - ALSA: gus: fix null pointer dereference on pointer block
    - powerpc/dcr: Use cmplwi instead of 3-argument cmpli
    - sh: check return code of request_irq
    - maple: fix wrong return value of maple_bus_init().
    - f2fs: fix up f2fs_lookup tracepoints
    - sh: fix kconfig unmet dependency warning for FRAME_POINTER
    - sh: math-emu: drop unused functions
    - sh: define __BIG_ENDIAN for math-emu
    - clk: ingenic: Fix bugs with divided dividers
    - clk/ast2600: Fix soc revision for AHB
    - clk: qcom: gcc-msm8996: Drop (again) gcc_aggre1_pnoc_ahb_clk
    - mips: BCM63XX: ensure that CPU_SUPPORTS_32BIT_KERNEL is set
    - sched/core: Mitigate race cpus_share_cache()/update_top_cache_domain()
    - tracing: Save normal string variables
    - tracing/histogram: Do not copy the fixed-size char array field over the
      field size
    - RDMA/netlink: Add __maybe_unused to static inline in C file
    - perf bpf: Avoid memory leak from perf_env__insert_btf()
    - perf bench futex: Fix memory leak of perf_cpu_map__new()
    - perf tests: Remove bash construct from record+zstd_comp_decomp.sh
    - net: bnx2x: fix variable dereferenced before check
    - iavf: check for null in iavf_fix_features
    - iavf: free q_vectors before queues in iavf_disable_vf
    - iavf: Fix failure to exit out from last all-multicast mode
    - iavf: prevent accidental free of filter structure
    - iavf: validate pointers
    - iavf: Fix for the false positive ASQ/ARQ errors while issuing VF reset
    - MIPS: generic/yamon-dt: fix uninitialized variable error
    - mips: bcm63xx: add support for clk_get_parent()
    - mips: lantiq: add support for clk_get_parent()
    - platform/x86: hp_accel: Fix an error handling path in 'lis3lv02d_probe()'
    - scsi: core: sysfs: Fix hang when device state is set via sysfs
    - net: sched: act_mirred: drop dst for the direction from egress to ingress
    - net: dpaa2-eth: fix use-after-free in dpaa2_eth_remove
    - net: virtio_net_hdr_to_skb: count transport header in UFO
    - i40e: Fix correct max_pkt_size on VF RX queue
    - i40e: Fix NULL ptr dereference on VSI filter sync
    - i40e: Fix changing previously set num_queue_pairs for PFs
    - i40e: Fix ping is lost after configuring ADq on VF
    - i40e: Fix creation of first queue by omitting it if is not power of two
    - i40e: Fix display error code in dmesg
    - NFC: reorganize the functions in nci_request
    - drm/nouveau: hdmigv100.c: fix corrupted HDMI Vendor InfoFrame
    - NFC: reorder the logic in nfc_{un,}register_device
    - KVM: PPC: Book3S HV: Use GLOBAL_TOC for kvmppc_h_set_dabr/xdabr()
    - perf/x86/intel/uncore: Fix filter_tid mask for CHA events on Skylake Server
    - perf/x86/intel/uncore: Fix IIO event constraints for Skylake Server
    - s390/kexec: fix return code handling
    - arm64: vdso32: suppress error message for 'make mrproper'
    - tun: fix bonding active backup with arp monitoring
    - hexagon: export raw I/O routines for modules
    - ipc: WARN if trying to remove ipc object which is absent
    - mm: kmemleak: slob: respect SLAB_NOLEAKTRACE flag
    - x86/hyperv: Fix NULL deref in set_hv_tscchange_cb() if Hyper-V setup fails
    - s390/kexec: fix memory leak of ipl report buffer
    - udf: Fix crash after seekdir
    - btrfs: fix memory ordering between normal and ordered work functions
    - parisc/sticon: fix reverse colors
    - cfg80211: call cfg80211_stop_ap when switch from P2P_GO type
    - drm/udl: fix control-message timeout
    - drm/nouveau: use drm_dev_unplug() during device removal
    - drm/i915/dp: Ensure sink rate values are always valid
    - drm/amdgpu: fix set scaling mode Full/Full aspect/Center not works on vga
      and dvi connectors
    - Revert "net: mvpp2: disable force link UP during port init procedure"
    - perf/core: Avoid put_page() when GUP fails
    - batman-adv: Consider fragmentation for needed_headroom
    - batman-adv: Reserve needed_*room for fragments
    - batman-adv: Don't always reallocate the fragmentation skb head
    - ASoC: DAPM: Cover regression by kctl change notification fix
    - usb: max-3421: Use driver data instead of maintaining a list of bound
      devices
    - ice: Delete always true check of PF pointer
    - ALSA: hda: hdac_ext_stream: fix potential locking issues
    - ALSA: hda: hdac_stream: fix potential locking issue in
      snd_hdac_stream_assign()
    - Linux 5.4.162

* Focal update: v5.4.161 upstream stable release (LP: #1954828)
    - scsi: ufs: Fix interrupt error message for shared interrupts
    - MIPS: Fix assembly error from MIPSr2 code used within MIPS_ISA_ARCH_LEVEL
    - ext4: fix lazy initialization next schedule time computation in more
      granular unit
    - scsi: ufs: Fix tm request when non-fatal error happens
    - fortify: Explicitly disable Clang support
    - parisc/entry: fix trace test in syscall exit path
    - PCI/MSI: Destroy sysfs before freeing entries
    - PCI/MSI: Deal with devices lying about their MSI mask capability
    - PCI: Add MSI masking quirk for Nvidia ION AHCI
    - erofs: remove the occupied parameter from z_erofs_pagevec_enqueue()
    - erofs: fix unsafe pagevec reuse of hooked pclusters
    - Linux 5.4.161

* Focal update: v5.4.160 upstream stable release (LP: #1953387)
    - xhci: Fix USB 3.1 enumeration issues by increasing roothub power-on-good
      delay
    - usb: xhci: Enable runtime-pm by default on AMD Yellow Carp platform
    - binder: use euid from cred instead of using task
    - binder: use cred instead of task for selinux checks
    - binder: use cred instead of task for getsecid
    - Input: iforce - fix control-message timeout
    - Input: elantench - fix misreporting trackpoint coordinates
    - Input: i8042 - Add quirk for Fujitsu Lifebook T725
    - libata: fix read log timeout value
    - ocfs2: fix data corruption on truncate
    - scsi: qla2xxx: Fix kernel crash when accessing port_speed sysfs file
    - scsi: qla2xxx: Fix use after free in eh_abort path
    - mmc: dw_mmc: Dont wait for DRTO on Write RSP error
    - parisc: Fix ptrace check on syscall return
    - tpm: Check for integer overflow in tpm2_map_response_body()
    - firmware/psci: fix application of sizeof to pointer
    - crypto: s5p-sss - Add error handling in s5p_aes_probe()
    - media: ite-cir: IR receiver stop working after receive overflow
    - media: ir-kbd-i2c: improve responsiveness of hauppauge zilog receivers
    - media: v4l2-ioctl: Fix check_ext_ctrls
    - ALSA: hda/realtek: Add quirk for Clevo PC70HS
    - ALSA: hda/realtek: Add a quirk for Acer Spin SP513-54N
    - ALSA: hda/realtek: Add quirk for ASUS UX550VE
    - ALSA: hda/realtek: Add quirk for HP EliteBook 840 G7 mute LED
    - ALSA: ua101: fix division by zero at probe
    - ALSA: 6fire: fix control and bulk message timeouts
    - ALSA: line6: fix control and interrupt message timeouts
    - ALSA: usb-audio: Add registration quirk for JBL Quantum 400
    - ALSA: synth: missing check for possible NULL after the call to kstrdup
    - ALSA: timer: Fix use-after-free problem
    - ALSA: timer: Unconditionally unlink slave instances, too
    - fuse: fix page stealing
    - x86/sme: Use #define USE_EARLY_PGTABLE_L5 in mem_encrypt_identity.c
    - x86/cpu: Fix migration safety with X86_BUG_NULL_SEL
    - x86/irq: Ensure PI wakeup handler is unregistered before module unload
    - cavium: Return negative value when pci_alloc_irq_vectors() fails
    - scsi: qla2xxx: Return -ENOMEM if kzalloc() fails
    - scsi: qla2xxx: Fix unmap of already freed sgl
    - cavium: Fix return values of the probe function
    - sfc: Don't use netif_info before net_device setup
    - hyperv/vmbus: include linux/bitops.h
    - ARM: dts: sun7i: A20-olinuxino-lime2: Fix ethernet phy-mode
    - reset: socfpga: add empty driver allowing consumers to probe
    - mmc: winbond: don't build on M68K
    - drm: panel-orientation-quirks: Add quirk for Aya Neo 2021
    - bpf: Define bpf_jit_alloc_exec_limit for arm64 JIT
    - bpf: Prevent increasing bpf_jit_limit above max
    - xen/netfront: stop tx queues during live migration
    - nvmet-tcp: fix a memory leak when releasing a queue
    - spi: spl022: fix Microwire full duplex mode
    - net: multicast: calculate csum of looped-back and forwarded packets
    - watchdog: Fix OMAP watchdog early handling
    - drm: panel-orientation-quirks: Add quirk for GPD Win3
    - nvmet-tcp: fix header digest verification
    - r8169: Add device 10ec:8162 to driver r8169
    - vmxnet3: do not stop tx queues after netif_device_detach()
    - nfp: bpf: relax prog rejection for mtu check through max_pkt_offset
    - net/smc: Correct spelling mistake to TCPF_SYN_RECV
    - btrfs: clear MISSING device status bit in btrfs_close_one_device
    - btrfs: fix lost error handling when replaying directory deletes
    - btrfs: call btrfs_check_rw_degradable only if there is a missing device
    - ia64: kprobes: Fix to pass correct trampoline address to the handler
    - hwmon: (pmbus/lm25066) Add offset coefficients
    - regulator: s5m8767: do not use reset value as DVS voltage if GPIO DVS is
      disabled
    - regulator: dt-bindings: samsung,s5m8767: correct s5m8767,pmic-buck-default-
      dvs-idx property
    - EDAC/sb_edac: Fix top-of-high-memory value for Broadwell/Haswell
    - mwifiex: fix division by zero in fw download path
    - ath6kl: fix division by zero in send path
    - ath6kl: fix control-message timeout
    - ath10k: fix control-message timeout
    - ath10k: fix division by zero in send path
    - PCI: Mark Atheros QCA6174 to avoid bus reset
    - rtl8187: fix control-message timeouts
    - evm: mark evm_fixmode as __ro_after_init
    - wcn36xx: Fix HT40 capability for 2Ghz band
    - mwifiex: Read a PCI register after writing the TX ring write pointer
    - libata: fix checking of DMA state
    - wcn36xx: handle connection loss indication
    - rsi: fix occasional initialisation failure with BT coex
    - rsi: fix key enabled check causing unwanted encryption for vap_id > 0
    - rsi: fix rate mask set leading to P2P failure
    - rsi: Fix module dev_oper_mode parameter description
    - RDMA/qedr: Fix NULL deref for query_qp on the GSI QP
    - signal: Remove the bogus sigkill_pending in ptrace_stop
    - signal/mips: Update (_save|_restore)_fp_context to fail with -EFAULT
    - power: supply: max17042_battery: Prevent int underflow in set_soc_threshold
    - power: supply: max17042_battery: use VFSOC for capacity when no rsns
    - KVM: nVMX: Query current VMCS when determining if MSR bitmaps are in use
    - can: j1939: j1939_tp_cmd_recv(): ignore abort message in the BAM transport
    - can: j1939: j1939_can_recv(): ignore messages with invalid source address
    - powerpc/85xx: Fix oops when mpc85xx_smp_guts_ids node cannot be found
    - serial: core: Fix initializing and restoring termios speed
    - ALSA: mixer: oss: Fix racy access to slots
    - ALSA: mixer: fix deadlock in snd_mixer_oss_set_volume
    - xen/balloon: add late_initcall_sync() for initial ballooning done
    - PCI: pci-bridge-emul: Fix emulation of W1C bits
    - PCI: aardvark: Do not clear status bits of masked interrupts
    - PCI: aardvark: Fix checking for link up via LTSSM state
    - PCI: aardvark: Do not unmask unused interrupts
    - PCI: aardvark: Fix reporting Data Link Layer Link Active
    - PCI: aardvark: Fix return value of MSI domain .alloc() method
    - PCI: aardvark: Read all 16-bits from PCIE_MSI_PAYLOAD_REG
    - quota: check block number when reading the block in quota file
    - quota: correct error number in free_dqentry()
    - pinctrl: core: fix possible memory leak in pinctrl_enable()
    - iio: dac: ad5446: Fix ad5622_write() return value
    - USB: serial: keyspan: fix memleak on probe errors
    - USB: iowarrior: fix control-message timeouts
    - USB: chipidea: fix interrupt deadlock
    - dma-buf: WARN on dmabuf release with pending attachments
    - drm: panel-orientation-quirks: Update the Lenovo Ideapad D330 quirk (v2)
    - drm: panel-orientation-quirks: Add quirk for KD Kurio Smart C15200 2-in-1
    - drm: panel-orientation-quirks: Add quirk for the Samsung Galaxy Book 10.6
    - Bluetooth: sco: Fix lock_sock() blockage by memcpy_from_msg()
    - Bluetooth: fix use-after-free error in lock_sock_nested()
    - drm/panel-orientation-quirks: add Valve Steam Deck
    - platform/x86: wmi: do not fail if disabling fails
    - MIPS: lantiq: dma: add small delay after reset
    - MIPS: lantiq: dma: reset correct number of channel
    - locking/lockdep: Avoid RCU-induced noinstr fail
    - net: sched: update default qdisc visibility after Tx queue cnt changes
    - smackfs: Fix use-after-free in netlbl_catmap_walk()
    - x86: Increase exception stack sizes
    - mwifiex: Run SET_BSS_MODE when changing from P2P to STATION vif-type
    - mwifiex: Properly initialize private structure on interface type changes
    - ath10k: high latency fixes for beacon buffer
    - media: mt9p031: Fix corrupted frame after restarting stream
    - media: netup_unidvb: handle interrupt properly according to the firmware
    - media: stm32: Potential NULL pointer dereference in dcmi_irq_thread()
    - media: uvcvideo: Set capability in s_param
    - media: uvcvideo: Return -EIO for control errors
    - media: uvcvideo: Set unique vdev name based in type
    - media: s5p-mfc: fix possible null-pointer dereference in s5p_mfc_probe()
    - media: s5p-mfc: Add checking to s5p_mfc_probe().
    - media: imx: set a media_device bus_info string
    - media: mceusb: return without resubmitting URB in case of -EPROTO error.
    - ia64: don't do IA64_CMPXCHG_DEBUG without CONFIG_PRINTK
    - brcmfmac: Add DMI nvram filename quirk for Cyberbook T116 tablet
    - media: rcar-csi2: Add checking to rcsi2_start_receiver()
    - ipmi: Disable some operations during a panic
    - ACPICA: Avoid evaluating methods too early during system resume
    - media: ipu3-imgu: imgu_fmt: Handle properly try
    - media: ipu3-imgu: VIDIOC_QUERYCAP: Fix bus_info
    - media: usb: dvd-usb: fix uninit-value bug in dibusb_read_eeprom_byte()
    - net-sysfs: try not to restart the syscall if it will fail eventually
    - tracefs: Have tracefs directories not set OTH permission bits by default
    - ath: dfs_pattern_detector: Fix possible null-pointer dereference in
      channel_detector_create()
    - iov_iter: Fix iov_iter_get_pages{,_alloc} page fault return value
    - ACPI: battery: Accept charges over the design capacity as full
    - leaking_addresses: Always print a trailing newline
    - memstick: r592: Fix a UAF bug when removing the driver
    - lib/xz: Avoid overlapping memcpy() with invalid input with in-place
      decompression
    - lib/xz: Validate the value before assigning it to an enum variable
    - workqueue: make sysfs of unbound kworker cpumask more clever
    - tracing/cfi: Fix cmp_entries_* functions signature mismatch
    - mwl8k: Fix use-after-free in mwl8k_fw_state_machine()
    - block: remove inaccurate requeue check
    - nvmet: fix use-after-free when a port is removed
    - nvmet-tcp: fix use-after-free when a port is removed
    - nvme: drop scan_lock and always kick requeue list when removing namespaces
    - PM: hibernate: Get block device exclusively in swsusp_check()
    - selftests: kvm: fix mismatched fclose() after popen()
    - iwlwifi: mvm: disable RX-diversity in powersave
    - smackfs: use __GFP_NOFAIL for smk_cipso_doi()
    - ARM: clang: Do not rely on lr register for stacktrace
    - gre/sit: Don't generate link-local addr if addr_gen_mode is
      IN6_ADDR_GEN_MODE_NONE
    - ARM: 9136/1: ARMv7-M uses BE-8, not BE-32
    - vrf: run conntrack only in context of lower/physdev for locally generated
      packets
    - net: annotate data-race in neigh_output()
    - btrfs: do not take the uuid_mutex in btrfs_rm_device
    - spi: bcm-qspi: Fix missing clk_disable_unprepare() on error in
      bcm_qspi_probe()
    - x86/hyperv: Protect set_hv_tscchange_cb() against getting preempted
    - parisc: fix warning in flush_tlb_all
    - task_stack: Fix end_of_stack() for architectures with upwards-growing stack
    - parisc/unwind: fix unwinder when CONFIG_64BIT is enabled
    - parisc/kgdb: add kgdb_roundup() to make kgdb work with idle polling
    - netfilter: conntrack: set on IPS_ASSURED if flows enters internal stream
      state
    - selftests/bpf: Fix strobemeta selftest regression
    - Bluetooth: fix init and cleanup of sco_conn.timeout_work
    - rcu: Fix existing exp request check in sync_sched_exp_online_cleanup()
    - drm/v3d: fix wait for TMU write combiner flush
    - virtio-gpu: fix possible memory allocation failure
    - net: net_namespace: Fix undefined member in key_remove_domain()
    - cgroup: Make rebind_subsystems() disable v2 controllers all at once
    - wilc1000: fix possible memory leak in cfg_scan_result()
    - Bluetooth: btmtkuart: fix a memleak in mtk_hci_wmt_sync
    - crypto: caam - disable pkc for non-E SoCs
    - rxrpc: Fix _usecs_to_jiffies() by using usecs_to_jiffies()
    - net: dsa: rtl8366rb: Fix off-by-one bug
    - ath10k: Fix missing frame timestamp for beacon/probe-resp
    - drm/amdgpu: fix warning for overflow check
    - media: em28xx: add missing em28xx_close_extension
    - media: cxd2880-spi: Fix a null pointer dereference on error handling path
    - media: dvb-usb: fix ununit-value in az6027_rc_query
    - media: TDA1997x: handle short reads of hdmi info frame.
    - media: mtk-vpu: Fix a resource leak in the error handling path of
      'mtk_vpu_probe()'
    - media: radio-wl1273: Avoid card name truncation
    - media: si470x: Avoid card name truncation
    - media: tm6000: Avoid card name truncation
    - media: cx23885: Fix snd_card_free call on null card pointer
    - kprobes: Do not use local variable when creating debugfs file
    - crypto: ecc - fix CRYPTO_DEFAULT_RNG dependency
    - cpuidle: Fix kobject memory leaks in error paths
    - media: em28xx: Don't use ops->suspend if it is NULL
    - ath9k: Fix potential interrupt storm on queue reset
    - EDAC/amd64: Handle three rank interleaving mode
    - netfilter: nft_dynset: relax superfluous check on set updates
    - media: dvb-frontends: mn88443x: Handle errors of clk_prepare_enable()
    - crypto: qat - detect PFVF collision after ACK
    - crypto: qat - disregard spurious PFVF interrupts
    - hwrng: mtk - Force runtime pm ops for sleep ops
    - b43legacy: fix a lower bounds test
    - b43: fix a lower bounds test
    - mmc: sdhci-omap: Fix NULL pointer exception if regulator is not configured
    - memstick: avoid out-of-range warning
    - memstick: jmb38x_ms: use appropriate free function in jmb38x_ms_alloc_host()
    - net, neigh: Fix NTF_EXT_LEARNED in combination with NTF_USE
    - hwmon: Fix possible memleak in __hwmon_device_register()
    - hwmon: (pmbus/lm25066) Let compiler determine outer dimension of
      lm25066_coeff
    - ath10k: fix max antenna gain unit
    - drm/msm: uninitialized variable in msm_gem_import()
    - net: stream: don't purge sk_error_queue in sk_stream_kill_queues()
    - mmc: mxs-mmc: disable regulator on error and in the remove function
    - block: ataflop: fix breakage introduced at blk-mq refactoring
    - platform/x86: thinkpad_acpi: Fix bitwise vs. logical warning
    - mt76: mt76x02: fix endianness warnings in mt76x02_mac.c
    - rsi: stop thread firstly in rsi_91x_init() error handling
    - mwifiex: Send DELBA requests according to spec
    - phy: micrel: ksz8041nl: do not use power down mode
    - nvme-rdma: fix error code in nvme_rdma_setup_ctrl
    - PM: hibernate: fix sparse warnings
    - clocksource/drivers/timer-ti-dm: Select TIMER_OF
    - drm/msm: Fix potential NULL dereference in DPU SSPP
    - smackfs: use netlbl_cfg_cipsov4_del() for deleting cipso_v4_doi
    - libbpf: Fix BTF data layout checks and allow empty BTF
    - s390/gmap: don't unconditionally call pte_unmap_unlock() in __gmap_zap()
    - irq: mips: avoid nested irq_enter()
    - tcp: don't free a FIN sk_buff in tcp_remove_empty_skb()
    - samples/kretprobes: Fix return value if register_kretprobe() failed
    - KVM: s390: Fix handle_sske page fault handling
    - libertas_tf: Fix possible memory leak in probe and disconnect
    - libertas: Fix possible memory leak in probe and disconnect
    - wcn36xx: add proper DMA memory barriers in rx path
    - drm/amdgpu/gmc6: fix DMA mask from 44 to 40 bits
    - net: amd-xgbe: Toggle PLL settings during rate change
    - net: phylink: avoid mvneta warning when setting pause parameters
    - crypto: pcrypt - Delay write to padata->info
    - selftests/bpf: Fix fclose/pclose mismatch in test_progs
    - udp6: allow SO_MARK ctrl msg to affect routing
    - ibmvnic: don't stop queue in xmit
    - ibmvnic: Process crqs after enabling interrupts
    - RDMA/rxe: Fix wrong port_cap_flags
    - clk: mvebu: ap-cpu-clk: Fix a memory leak in error handling paths
    - ARM: s3c: irq-s3c24xx: Fix return value check for s3c24xx_init_intc()
    - arm64: dts: rockchip: Fix GPU register width for RK3328
    - ARM: dts: qcom: msm8974: Add xo_board reference clock to DSI0 PHY
    - RDMA/bnxt_re: Fix query SRQ failure
    - arm64: dts: meson-g12a: Fix the pwm regulator supply properties
    - ARM: dts: at91: tse850: the emac<->phy interface is rmii
    - scsi: dc395: Fix error case unwinding
    - MIPS: loongson64: make CPU_LOONGSON64 depends on MIPS_FP_SUPPORT
    - JFS: fix memleak in jfs_mount
    - ALSA: hda: Reduce udelay() at SKL+ position reporting
    - arm: dts: omap3-gta04a4: accelerometer irq fix
    - soc/tegra: Fix an error handling path in tegra_powergate_power_up()
    - memory: fsl_ifc: fix leak of irq and nand_irq in fsl_ifc_ctrl_probe
    - clk: at91: check pmc node status before registering syscore ops
    - video: fbdev: chipsfb: use memset_io() instead of memset()
    - serial: 8250_dw: Drop wrong use of ACPI_PTR()
    - usb: gadget: hid: fix error code in do_config()
    - power: supply: rt5033_battery: Change voltage values to µV
    - scsi: csiostor: Uninitialized data in csio_ln_vnp_read_cbfn()
    - RDMA/mlx4: Return missed an error if device doesn't support steering
    - staging: ks7010: select CRYPTO_HASH/CRYPTO_MICHAEL_MIC
    - ARM: dts: stm32: fix SAI sub nodes register range
    - ASoC: cs42l42: Correct some register default values
    - ASoC: cs42l42: Defer probe if request_threaded_irq() returns EPROBE_DEFER
    - phy: qcom-qusb2: Fix a memory leak on probe
    - serial: xilinx_uartps: Fix race condition causing stuck TX
    - HID: u2fzero: clarify error check and length calculations
    - HID: u2fzero: properly handle timeouts in usb_submit_urb
    - powerpc/44x/fsp2: add missing of_node_put
    - mips: cm: Convert to bitfield API to fix out-of-bounds access
    - power: supply: bq27xxx: Fix kernel crash on IRQ handler register error
    - apparmor: fix error check
    - rpmsg: Fix rpmsg_create_ept return when RPMSG config is not defined
    - pnfs/flexfiles: Fix misplaced barrier in nfs4_ff_layout_prepare_ds
    - drm/plane-helper: fix uninitialized variable reference
    - PCI: aardvark: Don't spam about PIO Response Status
    - PCI: aardvark: Fix preserving PCI_EXP_RTCTL_CRSSVE flag on emulated bridge
    - opp: Fix return in _opp_add_static_v2()
    - NFS: Fix deadlocks in nfs_scan_commit_list()
    - fs: orangefs: fix error return code of orangefs_revalidate_lookup()
    - mtd: spi-nor: hisi-sfc: Remove excessive clk_disable_unprepare()
    - mtd: core: don't remove debugfs directory if device is in use
    - dmaengine: at_xdmac: fix AT_XDMAC_CC_PERID() macro
    - auxdisplay: img-ascii-lcd: Fix lock-up when displaying empty string
    - auxdisplay: ht16k33: Connect backlight to fbdev
    - auxdisplay: ht16k33: Fix frame buffer device blanking
    - soc: fsl: dpaa2-console: free buffer before returning from
      dpaa2_console_read
    - netfilter: nfnetlink_queue: fix OOB when mac header was cleared
    - dmaengine: dmaengine_desc_callback_valid(): Check for `callback_result`
    - signal/sh: Use force_sig(SIGKILL) instead of do_group_exit(SIGKILL)
    - m68k: set a default value for MEMORY_RESERVE
    - watchdog: f71808e_wdt: fix inaccurate report in WDIOC_GETTIMEOUT
    - ar7: fix kernel builds for compiler test
    - scsi: qla2xxx: Fix gnl list corruption
    - scsi: qla2xxx: Turn off target reset during issue_lip
    - NFSv4: Fix a regression in nfs_set_open_stateid_locked()
    - i2c: xlr: Fix a resource leak in the error handling path of
      'xlr_i2c_probe()'
    - xen-pciback: Fix return in pm_ctrl_init()
    - net: davinci_emac: Fix interrupt pacing disable
    - net: vlan: fix a UAF in vlan_dev_real_dev()
    - ACPI: PMIC: Fix intel_pmic_regs_handler() read accesses
    - bonding: Fix a use-after-free problem when bond_sysfs_slave_add() failed
    - mm/zsmalloc.c: close race window between zs_pool_dec_isolated() and
      zs_unregister_migration()
    - zram: off by one in read_block_state()
    - perf bpf: Add missing free to bpf_event__print_bpf_prog_info()
    - llc: fix out-of-bound array index in llc_sk_dev_hash()
    - nfc: pn533: Fix double free when pn533_fill_fragment_skbs() fails
    - arm64: pgtable: make __pte_to_phys/__phys_to_pte_val inline functions
    - bpf: sockmap, strparser, and tls are reusing qdisc_skb_cb and colliding
    - net/sched: sch_taprio: fix undefined behavior in ktime_mono_to_any
    - net: hns3: allow configure ETS bandwidth of all TCs
    - vsock: prevent unnecessary refcnt inc for nonblocking connect
    - net/smc: fix sk_refcnt underflow on linkdown and fallback
    - cxgb4: fix eeprom len when diagnostics not implemented
    - selftests/net: udpgso_bench_rx: fix port argument
    - ARM: 9155/1: fix early early_iounmap()
    - ARM: 9156/1: drop cc-option fallbacks for architecture selection
    - parisc: Fix set_fixmap() on PA1.x CPUs
    - irqchip/sifive-plic: Fixup EOI failed when masked
    - f2fs: should use GFP_NOFS for directory inodes
    - net, neigh: Enable state migration between NUD_PERMANENT and NTF_USE
    - 9p/net: fix missing error check in p9_check_errors
    - ovl: fix deadlock in splice write
    - powerpc/lib: Add helper to check if offset is within conditional branch
      range
    - powerpc/bpf: Validate branch ranges
    - powerpc/bpf: Fix BPF_SUB when imm == 0x80000000
    - powerpc/security: Add a helper to query stf_barrier type
    - powerpc/bpf: Emit stf barrier instruction sequences for BPF_NOSPEC
    - mm, oom: pagefault_out_of_memory: don't force global OOM for dying tasks
    - mm, oom: do not trigger out_of_memory from the #PF
    - video: backlight: Drop maximum brightness override for brightness zero
    - s390/cio: check the subchannel validity for dev_busid
    - s390/tape: fix timer initialization in tape_std_assign()
    - s390/cio: make ccw_device_dma_* more robust
    - powerpc/powernv/prd: Unregister OPAL_MSG_PRD2 notifier during module unload
    - PCI: Add PCI_EXP_DEVCTL_PAYLOAD_* macros
    - SUNRPC: Partial revert of commit 6f9f17287e78
    - ath10k: fix invalid dma_addr_t token assignment
    - selftests/bpf: Fix also no-alu32 strobemeta selftest
    - Linux 5.4.160
    - soc/tegra: pmc: Fix imbalanced clock disabling in error code path

* Focal update: v5.4.159 upstream stable release (LP: #1953071)
    - Revert "x86/kvm: fix vcpu-id indexed array sizes"
    - usb: ehci: handshake CMD_RUN instead of STS_HALT
    - usb: gadget: Mark USB_FSL_QE broken on 64-bit
    - usb: musb: Balance list entry in musb_gadget_queue
    - usb-storage: Add compatibility quirk flags for iODD 2531/2541
    - binder: don't detect sender/target during buffer cleanup
    - printk/console: Allow to disable console output by using console="" or
      console=null
    - isofs: Fix out of bound access for corrupted isofs image
    - comedi: dt9812: fix DMA buffers on stack
    - comedi: ni_usb6501: fix NULL-deref in command paths
    - comedi: vmk80xx: fix transfer-buffer overflows
    - comedi: vmk80xx: fix bulk-buffer overflow
    - comedi: vmk80xx: fix bulk and interrupt message timeouts
    - staging: r8712u: fix control-message timeout
    - staging: rtl8192u: fix control-message timeouts
    - media: staging/intel-ipu3: css: Fix wrong size comparison imgu_css_fw_init
    - rsi: fix control-message timeout
    - Linux 5.4.159

* Focal update: v5.4.158 upstream stable release (LP: #1953066)
    - scsi: core: Put LLD module refcnt after SCSI device is released
    - vrf: Revert "Reset skb conntrack connection..."
    - net: ethernet: microchip: lan743x: Fix skb allocation failure
    - media: firewire: firedtv-avc: fix a buffer overflow in avc_ca_pmt()
    - Revert "xhci: Set HCD flag to defer primary roothub registration"
    - Revert "usb: core: hcd: Add support for deferring roothub registration"
    - sfc: Fix reading non-legacy supported link modes
    - ARM: 9120/1: Revert "amba: make use of -1 IRQs warn"
    - Linux 5.4.158

* [Ubuntu 20.04] Problem leading IUCV service down (on s390x) (LP: #1913442)
    - usercopy: mark dma-kmalloc caches as usercopy caches

-- Kleber Sacilotto de Souza <kleber.souza@canonical.com>  Thu, 13 Jan 2022 19:00:41 +0100

Changed in linux (Ubuntu Focal):
status:	Fix Committed → Fix Released

Frank Heimes (fheimes) on 2022-01-31

Changed in ubuntu-z-systems:
status:	Fix Committed → Fix Released

Revision history for this message

Ubuntu Kernel Bot (ubuntu-kernel-bot) wrote on 2022-02-07:

#26

This bug is awaiting verification that the linux-ibm-5.4/5.4.0-1014.15~18.04.1 kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-bionic' to 'verification-done-bionic'. If the problem still exists, change the tag 'verification-needed-bionic' to 'verification-failed-bionic'.

If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you!

tags:

added: verification-needed-bionic

Revision history for this message

Frank Heimes (fheimes) wrote on 2022-02-07:

#27

This bug was for 20.04 GA kernel plain Ubuntu - hence verification on linux-ibm-5.4/5.4.0-1014 does not apply here.
However, I'm updating the tags to verification-done-bionic, just to unblock the process.

tags:

added: verification-done-bionic
removed: verification-needed-bionic