Ubuntu
linux-bluefield package

kernel crash with stress CT offload traffic

Bug #1922672 reported by Roi Dayan on 2021-04-06

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	linux-bluefield (Ubuntu)	Invalid	Undecided	Unassigned
	Focal	Fix Released	High	Roi Dayan

Bug Description

[SRU Justification]

= Impact =

A potential race between cancelling offloaded traffic timeouts on busy systems and those timeouts triggering could potentially crash the system.

= Fix =

Picking a patch (and its pre-req which just moves code from local code into a header) that sets sufficiently large timeout values to prevent those from accidentally triggering will solve the problem.

= Testcase =

See original description below.

= Regression Potential =

If those large timeouts never happen (from the code description those are set to days) and are not stopped by the offload functions, this could lead to stuck traffic and possibly running out of buffers/memory.

--- original description ---

Configuring CT offload with OVS and running stress http traffic that opens conns, send short data and close the conns. there is a race that could potentially crash the system.

X86 side:

/etc/init.d/openibd restart

ifconfig $1 up
ifconfig $2 up

tc qdisc del dev $1 ingress
tc qdisc del dev $2 ingress

sleep 5

tc qdisc add dev $1 ingress
tc qdisc add dev $2 ingress

tc filter add dev $1 protocol all parent ffff: flower action mirred egress redirect dev $2
tc filter add dev $2 protocol all parent ffff: flower action mirred egress redirect dev $1

ip l set dev $1 promisc on
ip l set dev $2 promisc on
arm side:

ovs-vsctl set Open_vSwitch . other_config:hw-offload=true

service openvswitch restart

for br in `ovs-vsctl list-br`;
do
ovs-vsctl del-br $br
done

ovs-vsctl add-br ovsbr1
ovs-vsctl add-port ovsbr1 p0
ovs-vsctl add-port ovsbr1 pf0hpf

ovs-vsctl add-br ovsbr2
ovs-vsctl add-port ovsbr2 p1
ovs-vsctl add-port ovsbr2 pf1hpf

ovs-ofctl del-flows ovsbr1
ovs-ofctl add-flow ovsbr1 arp,actions=normal
ovs-ofctl add-flow ovsbr1 "table=0, ip,ct_state=-trk actions=ct(table=1)"
ovs-ofctl add-flow ovsbr1 "table=1, ip,ct_state=+trk+new actions=ct(, commit),normal"
ovs-ofctl add-flow ovsbr1 "table=1, ip,ct_state=+trk+est actions=normal"

# ovs-vsctl show
9b68adbd-406b-4f72-8b4c-312d9379b8b9
    Bridge ovsbr2
        Port ovsbr2
            Interface ovsbr2
                type: internal
        Port pf1hpf
            Interface pf1hpf
        Port p1
            Interface p1
    Bridge ovsbr1
        Port p0
            Interface p0
        Port ovsbr1
            Interface ovsbr1
                type: internal
        Port pf0hpf
            Interface pf0hpf
    ovs_version: "2.14.1"
dmesg:

1285.179728] Failed to associated timeout policy `ovs_test_tp'
[ 1587.421221] Unable to handle kernel NULL pointer dereference at virtual address 000000000000004c
[ 1587.430043] Mem abort info:
[ 1587.432929] ESR = 0x96000004
[ 1587.436025] EC = 0x25: DABT (current EL), IL = 32 bits
[ 1587.421221] Unable to handle k[ 1587.441377] SET = 0, FnV = 0
ernel NULL pointer dereference a[ 1587.447279] EA = 0, S1PTW = 0
t virtual address 000000000000004[ 1587.453188] Data abort info:
c
[ 1587.458924] ISV = 0, ISS = 0x00000004
[ 1587.462977] CM = 0, WnR = 0
[ 1587.465945] user pgtable: 4k pages, 48-bit VAs, pgdp=00000003cc276000
[ 1587.472420] [000000000000004c] pgd=0000000000000000
[ 1587.430043] Mem abort info:
[ 1587.477324] Internal error: Oops: 96000004 [#1] PREEMPT SMP
[ 1587.485641] Modules linked in: act_mirred act_skbedit xt_conntrack xt_MASQUERADE nf_conntrack_netlink xt_addrtype iptable_filter iptable_nat bpfilter br_netfilter bridge xfrm_user xfrm_algo target_core_mod 8021q garp stp mrp llc ovk
[ 1587.432929] ESR = 0x96000004[ 1587.566060] CPU: 2 PID: 2212 Comm: kworker/2:3 Tainted: G OE 5.4.0-1007-bluefield #10-Ubuntu
[ 1587.578523] Hardware name: https://www.mellanox.com BlueField SoC/BlueField SoC, BIOS BlueField:3.6.0-17-gd17a51a Mar 5 2021

[ 1587.579483] Unable to handle kernel NULL pointer dereference at virtual address 000000000000006c
[ 1587.589851] Workqueue: events rht_deferred_worker
[ 1587.436025] EC = 0x25: DABT [ 1587.589856] pstate: 80000005 (Nzcv daif -PAN -UAO)
(current EL), IL = 32 bits
[ 158[ 1587.589859] pc : rhashtable_rehash_table+0xfc/0x410
7.441377] SET = 0, FnV = 0
[ 1587.447279] EA = 0, S1PTW = 0
[ 1587.453188] Data abort info:
[ 1587.458924] ISV = 0, ISS = 0x00000004
[ 1587.462977] CM = 0, WnR = 0
[ 1587.465945] user pgtable: 4k pages, 48-bit VAs, pgdp=00000003cc276000
[ 1587.472420] [000000000000004c] pgd=0000000000000000
[ 1587.477324] Internal error: Oops: 96000004 [#1] PREEMPT SMP
[ 1587.485641] Modules linked in: act_mirred act_skbedit xt_conntrack xt_MASQUERADE nf_conntrack_netlink xt_addrtype iptable_filter iptable_nat bpfilter br_netfilter bridge xfrm_user xfrm_algo target_core_mod 8021q garp stp mrp llc ovk
[ 1587.566060] CPU: 2 PID: 2212 Comm: kworker/2:3 Tainted: G OE 5.4.0-1007-bluefield #10-Ubuntu
[ 1587.578523] Hardware name: https://www.mellanox.com BlueField SoC/BlueField SoC, BIOS BlueField:3.6.0-17-gd17a51a Mar 5 2021
[ 1587.579483] Unable to handle kernel NULL pointer dereference at virtual address 000000000000006c
[ 1587.589851] Workqueue: events rht_deferred_worker
[ 1587.589856] pstate: 80000005 (Nzcv daif -PAN -UAO)
[ 1587.589859] pc : rhashtable_rehash_table+0xfc/0x410
[ 1587.589861] lr : rhashtable_rehash_table+0x2e0/0x410
[ 1587.589862] sp : ffff800013ebbcf0
[ 1587.589864] x29: ffff800013ebbcf0 x28: ffff0002cd8138b0
[ 1587.589866] x27: 000000000000004c x26: ffff0002d3c00000
[ 1587.589873] x25: ffff0002cd8138b1 x24: ffff0002cd800000
[ 1587.598798] Mem abort info:
[ 1587.603483] x23: ffff0003ebbf5700 x22: 000000000000270e
[ 1587.603486] x21: 000000000000004c x20: ffff00030cc8f400
[ 1587.603487] x19: ffff0002fabf5a28 x18: ffff800008fe8000
[ 1587.603489] x17: 000000002610869a x16: 00000000e3e01d27
[ 1587.603491] x15: 0000000000000000 x14: 06000000a46b5000
[ 1587.603492] x13: 4301001003000030 x12: 0000040000000000
[ 1587.603494] x11: 0000000000000000 x10: 0000000000000001
[ 1587.603496] x9 : 0000000020000000 x8 : 0000000000000000
[ 1587.603497] x7 : 0000000000000001 x6 : ffff0002d3c6c301
[ 1587.603499] x5 : ffff0002d3c00040 x4 : ffff00030cc8f400
[ 1587.603501] x3 : 00000000000138b0 x2 : ffff00030cc8f401
[ 1587.603503] x1 : ffff00030cc8f400 x0 : 0000000000000000
[ 1587.603505] Call trace:
[ 1587.603515] rhashtable_rehash_table+0xfc/0x410
[ 1587.603517] rht_deferred_worker+0x18c/0x298
[ 1587.603523] process_one_work+0x1c4/0x480
[ 1587.603531] worker_thread+0x54/0x430
[ 1587.603533] kthread+0x138/0x150
[ 1587.603537] ret_from_fork+0x10/0x1c
[ 1587.603542] Code: d2800014 14000003 aa1b03f4 aa1503fb (f9400375)
[ 1587.603554] ---[ end trace 8b876994a5c4b259 ]---
[ 1587.603558] Kernel panic - not syncing: Fatal exception in interrupt
[ 1587.611162] ESR = 0x96000004
[ 1587.589861] lr : rhashtable_rehash_table+0x2e0/0x410
[ 1587.589862] sp : ffff800013ebbcf0
[ 1587.589864] x29: ffff800013ebbcf0 x28: ffff0002cd8138b0
[ 1587.589866] x27: 000000000000004c x26: ffff0002d3c00000
[ 1587.589873] x25: ffff0002cd8138b1 x24: ffff0002cd800000
[ 1587.598798] Mem abort info:
[ 1587.603483] x23: ffff0003ebbf5700 x22: 000000000000270e
[ 1587.603486] x21: 000000000000004c x20: ffff00030cc8f400
[ 1587.603487] x19: ffff0002fabf5a28 x18: ffff800008fe8000
[ 1587.603489] x17: 000000002610869a x16: 00000000e3e01d27
[ 1587.603491] x15: 0000000000000000 x14: 06000000a46b5000
[ 1587.603492] x13: 4301001003000030 x12: 0000040000000000
[ 1587.603494] x11: 0000000000000000 x10: 0000000000000001
[ 1587.603496] x9 : 0000000020000000 x8 : 0000000000000000
[ 1587.603497] x7 : 0000000000000001 x6 : ffff0002d3c6c301
[ 1587.603499] x5 : ffff0002d3c00040 x4 : ffff00030cc8f400
[ 1587.603501] x3 : 00000000000138b0 x2 : ffff00030cc8f401
[ 1587.603503] x1 : ffff00030cc8f400 x0 : 0000000000000000
[ 1587.603505] Call trace:
[ 1587.603515] rhashtable_rehash_table+0xfc/0x410
[ 1587.603517] rht_deferred_worker+0x18c/0x298
[ 1587.603523] process_one_work+0x1c4/0x480
[ 1587.603531] worker_thread+0x54/0x430
[ 1587.603533] kthread+0x138/0x150
[ 1587.603537] ret_from_fork+0x10/0x1c
[ 1587.603542] Code: d2800014 14000003 aa1b03f4 aa1503fb (f9400375)
[ 1587.603554] ---[ end trace 8b876994a5c4b259 ]---
[ 1587.603558] Kernel panic - not syncing: Fatal exception in interrupt
[ 1587.611162] ESR = 0x96000004
[ 1587.911485] SMP: stopping secondary CPUs
[ 1587.911541] Kernel Offset: disabled
[ 1587.911545] CPU features: 0x0002,20006008
[ 1587.911547] Memory Limit: none
[ 1588.062206] ---[ end Kernel panic - not syncing: Fatal exception in interrupt ]---

See original description

Tags:

CVE References

2021-29650

Revision history for this message

Roi Dayan (roidayan) wrote on 2021-04-06:

there is already a patch in upstream kernel solving this. was tested. will submit.
07f8edbfd279 netfilter: flowtable: Set offload timeout when adding flow

Stefan Bader (smb) on 2021-04-09

Changed in linux-bluefield (Ubuntu Focal):
importance:	Undecided → High
status:	New → Triaged
Changed in linux-bluefield (Ubuntu):
status:	New → Invalid

Stefan Bader (smb) on 2021-04-20

description:	updated
Changed in linux-bluefield (Ubuntu Focal):
assignee:	nobody → Roi Dayan (roidayan)
status:	Triaged → In Progress

Stefan Bader (smb) on 2021-04-20

Changed in linux-bluefield (Ubuntu Focal):
status:	In Progress → Fix Committed

Revision history for this message

Ubuntu Kernel Bot (ubuntu-kernel-bot) wrote on 2021-04-24:

This bug is awaiting verification that the kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-focal' to 'verification-done-focal'. If the problem still exists, change the tag 'verification-needed-focal' to 'verification-failed-focal'.

If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you!

tags:

added: verification-needed-focal

Roi Dayan (roidayan) on 2021-04-28

tags:

added: verification-done-focal
removed: verification-needed-focal

Revision history for this message

Launchpad Janitor (janitor) wrote on 2021-05-10:

Download full text (42.0 KiB)

This bug was fixed in the package linux-bluefield - 5.4.0-1011.14

---------------
linux-bluefield (5.4.0-1011.14) focal; urgency=medium

* focal/linux-bluefield: 5.4.0-1011.14 -proposed tracker (LP: #1923761)

  * kernel crash with stress CT offload traffic (LP: #1922672)
    - netfilter: conntrack: Move nf_ct_offload_timeout to header file
    - netfilter: flowtable: Set offload timeout when adding flow

  * support offloading of ct_state flags invalid and reply (LP: #1922682)
    - net/sched: cls_flower add CT_FLAGS_INVALID flag support
    - net/sched: act_api: fix miss set post_ct for ovs after do conntrack in
      act_ct
    - net/sched: act_ct: clear post_ct if doing ct_clear
    - net/sched: cls_flower: Add match on the ct_state reply flag
    - net: flow_offload: Add original direction flag to ct_metadata

  * netfilter offload could bloat up memory (LP: #1922678)
    - netfilter: flowtable: separate replace, destroy and stats to different
      workqueues
    - SAUCE: netfilter: nf_flow_table_offload: Limit work entries on offload add
      wq

  * TLS fixes (LP: #1916508)
    - net/tls: Add asynchronous resync
    - net/tls: fix sign extension issue when left shifting u16 value
    - net/tls: Fix wrong record sn in async mode of device resync

* ipmb_host.c: Fix slow transactions (LP: #1922393)
- SAUCE: ipmb_host.c: Fix slow transactions

* i2c-mlx.c: sync up with upstream (LP: #1921506)
- SAUCE: Syncup i2c-mlx driver with upstreamed version

[ Ubuntu: 5.4.0-73.82 ]

This bug was fixed in the package linux-bluefield - 5.4.0-1011.14

---------------
linux-bluefield (5.4.0-1011.14) focal; urgency=medium

* focal/linux-bluefield: 5.4.0-1011.14 -proposed tracker (LP: #1923761)

* kernel crash with stress CT offload traffic (LP: #1922672)
    - netfilter: conntrack: Move nf_ct_offload_timeout to header file
    - netfilter: flowtable: Set offload timeout when adding flow

* ipmb_host.c: Fix slow transactions (LP: #1922393)
    - SAUCE: ipmb_host.c: Fix slow transactions

* i2c-mlx.c: sync up with upstream (LP: #1921506)
    - SAUCE: Syncup i2c-mlx driver with upstreamed version

[ Ubuntu: 5.4.0-73.82 ]

* focal/linux: 5.4.0-73.82 -proposed tracker (LP: #1923781)
  * Packaging resync (LP: #1786013)
    - update dkms package versions
  * CIFS DFS entries not accessible with 5.4.0-71.74-generic (LP: #1923670)
    - Revert "cifs: Set CIFS_MOUNT_USE_PREFIX_PATH flag on setting
      cifs_sb->prepath."
  * CVE-2021-29650
    - Revert "netfilter: x_tables: Update remaining dereference to RCU"
    - Revert "netfilter: x_tables: Switch synchronization to RCU"
    - netfilter: x_tables: Use correct memory barriers.
  * LRMv4: switch to signing nvidia modules via the Ubuntu Modules signing key
    (LP: #1918134)
    - [Packaging] dkms-build{,--nvidia-N} sync back from LRMv4
  * 5.4 kernel: when iommu is on crashdump fails (LP: #1922738)
    - iommu/vt-d: Refactor find_domain() helper
    - iommu/vt-d: Add attach_deferred() helper
    - iommu/vt-d: Move deferred device attachment into helper function
    - iommu/vt-d: Do deferred attachment in iommu_need_mapping()
    - iommu/vt-d: Remove deferred_attach_domain()
    - iommu/vt-d: Simplify check in identity_mapping()
  * Backport mlx5e fix for tunnel offload (LP: #1921769)
    - net/mlx5e: Check tunnel offload is required before setting SWP
  * Bcache bypasse writeback on caching device with fragmentation (LP: #1900438)
    - bcache: consider the fragmentation when update the writeback rate
  * Fix implicit declaration warnings for kselftests/memfd test on newer
    releases (LP: #1910323)
    - selftests/memfd: Fix implicit declaration warnings
  * net/mlx5e: Add missing capability check for uplink follow (LP: #1921104)
    - net/mlx5e: Add missing capability check for uplink follow
  * [UBUNUT 21.04] s390/vtime: fix increased steal time accounting
    (LP: #1921498)
    - s390/vtime: fix increased steal time accounting
  * Mute/Mic-mute LEDs are not work on HP 850/840/440 G8 Laptops (LP: #1920030)
    - ALSA: hda/realtek: fix mute/micmute LEDs for HP 840 G8
    - ALSA: hda/realtek: fix mute/micmute LEDs for HP 440 G8
    - ALSA: hda/realtek: fix mute/micmute LEDs for HP 850 G8
  * Focal update: v5.4.106 upstream stable release (LP: #1920246)
    - uapi: nfnetlink_cthelper.h: fix userspace compilation error
    - powerpc/pseries: Don't enforce MSI affinity with kdump
    - ath9k: fix transmitting to stations in dynamic SMPS mode
    - net: Fix gro aggregation for udp encaps with zero csum
    - net: check if protocol extracted by virtio_net_hdr_set_proto is correct
    - net: avoid infinite loop in mpls_gso_segment when mpls_hlen == 0
    - sh_eth: fix TRSCER mask for SH771x
    - can: skb: can_skb_set_owner(): fix ref counting if socket was closed before
      setting skb ownership
    - can: flexcan: assert FRZ bit in flexcan_chip_freeze()
    - can: flexcan: enable RX FIFO after FRZ/HALT valid
    - can: flexcan: invoke flexcan_chip_freeze() to enter freeze mode
    - can: tcan4x5x: tcan4x5x_init(): fix initialization - clear MRAM before
      entering Normal Mode
    - tcp: add sanity tests to TCP_QUEUE_SEQ
    - netfilter: nf_nat: undo erroneous tcp edemux lookup
    - netfilter: x_tables: gpf inside xt_find_revision()
    - selftests/bpf: No need to drop the packet when there is no geneve opt
    - selftests/bpf: Mask bpf_csum_diff() return value to 16 bits in test_verifier
    - samples, bpf: Add missing munmap in xdpsock
    - ibmvnic: always store valid MAC address
    - mt76: dma: do not report truncated frames to mac80211
    - powerpc/603: Fix protection of user pages mapped with PROT_NONE
    - mount: fix mounting of detached mounts onto targets that reside on shared
      mounts
    - cifs: return proper error code in statfs(2)
    - Revert "mm, slub: consider rest of partial list if acquire_slab() fails"
    - net: enetc: don't overwrite the RSS indirection table when initializing
    - net/mlx4_en: update moderation when config reset
    - net: stmmac: fix incorrect DMA channel intr enable setting of EQoS v4.10
    - nexthop: Do not flush blackhole nexthops when loopback goes down
    - net: sched: avoid duplicates in classes dump
    - net: usb: qmi_wwan: allow qmimux add/del with master up
    - netdevsim: init u64 stats for 32bit hardware
    - cipso,calipso: resolve a number of problems with the DOI refcounts
    - net: lapbether: Remove netif_start_queue / netif_stop_queue
    - net: davicom: Fix regulator not turned off on failed probe
    - net: davicom: Fix regulator not turned off on driver removal
    - net: qrtr: fix error return code of qrtr_sendmsg()
    - ixgbe: fail to create xfrm offload of IPsec tunnel mode SA
    - net: stmmac: stop each tx channel independently
    - net: stmmac: fix watchdog timeout during suspend/resume stress test
    - selftests: forwarding: Fix race condition in mirror installation
    - perf traceevent: Ensure read cmdlines are null terminated.
    - net: hns3: fix query vlan mask value error for flow director
    - net: hns3: fix bug when calculating the TCAM table info
    - s390/cio: return -EFAULT if copy_to_user() fails again
    - bnxt_en: reliably allocate IRQ table on reset to avoid crash
    - drm/compat: Clear bounce structures
    - drm/shmem-helper: Check for purged buffers in fault handler
    - drm/shmem-helper: Don't remove the offset in vm_area_struct pgoff
    - drm: meson_drv add shutdown function
    - s390/cio: return -EFAULT if copy_to_user() fails
    - s390/crypto: return -EFAULT if copy_to_user() fails
    - qxl: Fix uninitialised struct field head.surface_id
    - sh_eth: fix TRSCER mask for R7S9210
    - media: usbtv: Fix deadlock on suspend
    - media: v4l: vsp1: Fix uif null pointer access
    - media: v4l: vsp1: Fix bru null pointer access
    - media: rc: compile rc-cec.c into rc-core
    - [Config] update abi for rc-cec
    - net: hns3: fix error mask definition of flow director
    - net: enetc: initialize RFS/RSS memories for unused ports too
    - net: phy: fix save wrong speed and duplex problem if autoneg is on
    - i2c: rcar: faster irq code to minimize HW race condition
    - i2c: rcar: optimize cacheline to minimize HW race condition
    - udf: fix silent AED tagLocation corruption
    - mmc: mxs-mmc: Fix a resource leak in an error handling path in
      'mxs_mmc_probe()'
    - mmc: mediatek: fix race condition between msdc_request_timeout and irq
    - Platform: OLPC: Fix probe error handling
    - powerpc/pci: Add ppc_md.discover_phbs()
    - spi: stm32: make spurious and overrun interrupts visible
    - powerpc: improve handling of unrecoverable system reset
    - powerpc/perf: Record counter overflow always if SAMPLE_IP is unset
    - HID: logitech-dj: add support for the new lightspeed connection iteration
    - powerpc/64: Fix stack trace not displaying final frame
    - iommu/amd: Fix performance counter initialization
    - sparc32: Limit memblock allocation to low memory
    - sparc64: Use arch_validate_flags() to validate ADI flag
    - Input: applespi - don't wait for responses to commands indefinitely.
    - PCI: xgene-msi: Fix race in installing chained irq handler
    - PCI: mediatek: Add missing of_node_put() to fix reference leak
    - kbuild: clamp SUBLEVEL to 255
    - PCI: Fix pci_register_io_range() memory leak
    - i40e: Fix memory leak in i40e_probe
    - s390/smp: __smp_rescan_cpus() - move cpumask away from stack
    - sysctl.c: fix underflow value setting risk in vm_table
    - scsi: libiscsi: Fix iscsi_prep_scsi_cmd_pdu() error handling
    - scsi: target: core: Add cmd length set before cmd complete
    - scsi: target: core: Prevent underflow for service actions
    - ALSA: usb: Add Plantronics C320-M USB ctrl msg delay quirk
    - ALSA: hda/hdmi: Cancel pending works before suspend
    - ALSA: hda/ca0132: Add Sound BlasterX AE-5 Plus support
    - ALSA: hda: Drop the BATCH workaround for AMD controllers
    - ALSA: hda: Flush pending unsolicited events before suspend
    - ALSA: hda: Avoid spurious unsol event handling during S3/S4
    - ALSA: usb-audio: Fix "cannot get freq eq" errors on Dell AE515 sound bar
    - ALSA: usb-audio: Apply the control quirk to Plantronics headsets
    - Revert 95ebabde382c ("capabilities: Don't allow writing ambiguous v3 file
      capabilities")
    - arm64: kasan: fix page_alloc tagging with DEBUG_VIRTUAL
    - s390/dasd: fix hanging DASD driver unbind
    - s390/dasd: fix hanging IO request during DASD driver unbind
    - software node: Fix node registration
    - mmc: core: Fix partition switch time for eMMC
    - mmc: cqhci: Fix random crash when remove mmc module/card
    - Goodix Fingerprint device is not a modem
    - USB: gadget: u_ether: Fix a configfs return code
    - usb: gadget: f_uac2: always increase endpoint max_packet_size by one audio
      slot
    - usb: gadget: f_uac1: stop playback on function disable
    - usb: dwc3: qcom: Add missing DWC3 OF node refcount decrement
    - usb: dwc3: qcom: Honor wakeup enabled/disabled state
    - USB: usblp: fix a hang in poll() if disconnected
    - usb: renesas_usbhs: Clear PIPECFG for re-enabling pipe with other EPNUM
    - usb: xhci: do not perform Soft Retry for some xHCI hosts
    - xhci: Improve detection of device initiated wake signal.
    - usb: xhci: Fix ASMedia ASM1042A and ASM3242 DMA addressing
    - xhci: Fix repeated xhci wake after suspend due to uncleared internal wake
      state
    - USB: serial: io_edgeport: fix memory leak in edge_startup
    - USB: serial: ch341: add new Product ID
    - USB: serial: cp210x: add ID for Acuity Brands nLight Air Adapter
    - USB: serial: cp210x: add some more GE USB IDs
    - usbip: fix stub_dev to check for stream socket
    - usbip: fix vhci_hcd to check for stream socket
    - usbip: fix vudc to check for stream socket
    - usbip: fix stub_dev usbip_sockfd_store() races leading to gpf
    - usbip: fix vhci_hcd attach_store() races leading to gpf
    - usbip: fix vudc usbip_sockfd_store races leading to gpf
    - misc/pvpanic: Export module FDT device table
    - misc: fastrpc: restrict user apps from sending kernel RPC messages
    - staging: rtl8192u: fix ->ssid overflow in r8192_wx_set_scan()
    - staging: rtl8188eu: prevent ->ssid overflow in rtw_wx_set_scan()
    - staging: rtl8712: unterminated string leads to read overflow
    - staging: rtl8188eu: fix potential memory corruption in
      rtw_check_beacon_data()
    - staging: ks7010: prevent buffer overflow in ks_wlan_set_scan()
    - staging: rtl8712: Fix possible buffer overflow in r8712_sitesurvey_cmd
    - staging: rtl8192e: Fix possible buffer overflow in _rtl92e_wx_set_scan
    - staging: comedi: addi_apci_1032: Fix endian problem for COS sample
    - staging: comedi: addi_apci_1500: Fix endian problem for command sample
    - staging: comedi: adv_pci1710: Fix endian problem for AI command data
    - staging: comedi: das6402: Fix endian problem for AI command data
    - staging: comedi: das800: Fix endian problem for AI command data
    - staging: comedi: dmm32at: Fix endian problem for AI command data
    - staging: comedi: me4000: Fix endian problem for AI command data
    - staging: comedi: pcl711: Fix endian problem for AI command data
    - staging: comedi: pcl818: Fix endian problem for AI command data
    - sh_eth: fix TRSCER mask for R7S72100
    - arm64/mm: Fix pfn_valid() for ZONE_DEVICE based memory
    - SUNRPC: Set memalloc_nofs_save() for sync tasks
    - NFS: Don't revalidate the directory permissions on a lookup failure
    - NFS: Don't gratuitously clear the inode cache when lookup failed
    - NFSv4.2: fix return value of _nfs4_get_security_label()
    - block: rsxx: fix error return code of rsxx_pci_probe()
    - configfs: fix a use-after-free in __configfs_open_file
    - arm64: mm: use a 48-bit ID map when possible on 52-bit VA builds
    - hrtimer: Update softirq_expires_next correctly after
      __hrtimer_get_next_event()
    - stop_machine: mark helpers __always_inline
    - include/linux/sched/mm.h: use rcu_dereference in in_vfork()
    - zram: fix return value on writeback_store
    - sched/membarrier: fix missing local execution of ipi_sync_rq_state()
    - powerpc/64s: Fix instruction encoding for lis in ppc_function_entry()
    - binfmt_misc: fix possible deadlock in bm_register_write
    - x86/unwind/orc: Disable KASAN checking in the ORC unwinder, part 2
    - KVM: arm64: Fix exclusive limit for IPA size
    - nvme: unlink head after removing last namespace
    - nvme: release namespace head reference on error
    - KVM: arm64: Ensure I-cache isolation between vcpus of a same VM
    - KVM: arm64: Reject VM creation when the default IPA size is unsupported
    - xen/events: reset affinity of 2-level event when tearing it down
    - xen/events: don't unmask an event channel when an eoi is pending
    - xen/events: avoid handling the same event on two cpus at the same time
    - Linux 5.4.106
  * Focal update: v5.4.105 upstream stable release (LP: #1920244)
    - net: dsa: add GRO support via gro_cells
    - dm table: fix iterate_devices based device capability checks
    - dm table: fix DAX iterate_devices based device capability checks
    - dm table: fix zoned iterate_devices based device capability checks
    - ACPICA: Fix race in generic_serial_bus (I2C) and GPIO op_region parameter
      handling
    - iommu/amd: Fix sleeping in atomic in increase_address_space()
    - mwifiex: pcie: skip cancel_work_sync() on reset failure path
    - platform/x86: acer-wmi: Cleanup ACER_CAP_FOO defines
    - platform/x86: acer-wmi: Cleanup accelerometer device handling
    - platform/x86: acer-wmi: Add new force_caps module parameter
    - platform/x86: acer-wmi: Add ACER_CAP_SET_FUNCTION_MODE capability flag
    - platform/x86: acer-wmi: Add support for SW_TABLET_MODE on Switch devices
    - platform/x86: acer-wmi: Add ACER_CAP_KBD_DOCK quirk for the Aspire Switch
      10E SW3-016
    - HID: mf: add support for 0079:1846 Mayflash/Dragonrise USB Gamecube Adapter
    - media: cx23885: add more quirks for reset DMA on some AMD IOMMU
    - ACPI: video: Add DMI quirk for GIGABYTE GB-BXBT-2807
    - ASoC: Intel: bytcr_rt5640: Add quirk for ARCHOS Cesium 140
    - PCI: Add function 1 DMA alias quirk for Marvell 9215 SATA controller
    - misc: eeprom_93xx46: Add quirk to support Microchip 93LC46B eeprom
    - drm/msm/a5xx: Remove overwriting A5XX_PC_DBG_ECO_CNTL register
    - mmc: sdhci-of-dwcmshc: set SDHCI_QUIRK2_PRESET_VALUE_BROKEN
    - HID: i2c-hid: Add I2C_HID_QUIRK_NO_IRQ_AFTER_RESET for ITE8568 EC on Voyo
      Winpad A15
    - nvme-pci: mark Seagate Nytro XM1440 as QUIRK_NO_NS_DESC_LIST.
    - nvme-pci: add quirks for Lexar 256GB SSD
    - Linux 5.4.105
  * Focal update: v5.4.104 upstream stable release (LP: #1920238)
    - tpm, tpm_tis: Decorate tpm_tis_gen_interrupt() with request_locality()
    - tpm, tpm_tis: Decorate tpm_get_timeouts() with request_locality()
    - btrfs: raid56: simplify tracking of Q stripe presence
    - btrfs: fix raid6 qstripe kmap
    - btrfs: validate qgroup inherit for SNAP_CREATE_V2 ioctl
    - btrfs: free correct amount of space in btrfs_delayed_inode_reserve_metadata
    - btrfs: unlock extents in btrfs_zero_range in case of quota reservation
      errors
    - btrfs: fix warning when creating a directory with smack enabled
    - PM: runtime: Update device status before letting suppliers suspend
    - dm bufio: subtract the number of initial sectors in dm_bufio_get_device_size
    - dm verity: fix FEC for RS roots unaligned to block size
    - drm/amdgpu: fix parameter error of RREG32_PCIE() in amdgpu_regs_pcie
    - arm64: ptrace: Fix seccomp of traced syscall -1 (NO_SYSCALL)
    - crypto - shash: reduce minimum alignment of shash_desc structure
    - usbip: tools: fix build error for multiple definition
    - ALSA: ctxfi: cthw20k2: fix mask on conf to allow 4 bits
    - RDMA/rxe: Fix missing kconfig dependency on CRYPTO
    - IB/mlx5: Add missing error code
    - ALSA: hda: intel-nhlt: verify config type
    - ftrace: Have recordmcount use w8 to read relp->r_info in
      arm64_is_fake_mcount
    - rsxx: Return -EFAULT if copy_to_user() fails
    - r8169: fix resuming from suspend on RTL8105e if machine runs on battery
    - Linux 5.4.104
  * Focal update: v5.4.103 upstream stable release (LP: #1920235)
    - net: usb: qmi_wwan: support ZTE P685M modem
    - nvme-pci: refactor nvme_unmap_data
    - nvme-pci: fix error unwind in nvme_map_data
    - arm64 module: set plt* section addresses to 0x0
    - MIPS: VDSO: Use CLANG_FLAGS instead of filtering out '--target='
    - JFS: more checks for invalid superblock
    - udlfb: Fix memory leak in dlfb_usb_probe
    - media: mceusb: sanity check for prescaler value
    - erofs: fix shift-out-of-bounds of blkszbits
    - media: v4l2-ctrls.c: fix shift-out-of-bounds in std_validate
    - xfs: Fix assert failure in xfs_setattr_size()
    - net/af_iucv: remove WARN_ONCE on malformed RX packets
    - smackfs: restrict bytes count in smackfs write functions
    - net: fix up truesize of cloned skb in skb_prepare_for_shift()
    - nbd: handle device refs for DESTROY_ON_DISCONNECT properly
    - mm/hugetlb.c: fix unnecessary address expansion of pmd sharing
    - net: bridge: use switchdev for port flags set through sysfs too
    - net: ag71xx: remove unnecessary MTU reservation
    - net: fix dev_ifsioc_locked() race condition
    - dt-bindings: ethernet-controller: fix fixed-link specification
    - dt-bindings: net: btusb: DT fix s/interrupt-name/interrupt-names/
    - MIPS: Drop 32-bit asm string functions
    - drm/virtio: use kvmalloc for large allocations
    - rsi: Fix TX EAPOL packet handling against iwlwifi AP
    - rsi: Move card interrupt handling to RX thread
    - staging: fwserial: Fix error handling in fwserial_create
    - x86/reboot: Add Zotac ZBOX CI327 nano PCI reboot quirk
    - vt/consolemap: do font sum unsigned
    - wlcore: Fix command execute failure 19 for wl12xx
    - Bluetooth: hci_h5: Set HCI_QUIRK_SIMULTANEOUS_DISCOVERY for btrtl
    - pktgen: fix misuse of BUG_ON() in pktgen_thread_worker()
    - ath10k: fix wmi mgmt tx queue full due to race condition
    - x86/build: Treat R_386_PLT32 relocation as R_386_PC32
    - Bluetooth: Fix null pointer dereference in amp_read_loc_assoc_final_data
    - staging: most: sound: add sanity check for function argument
    - staging: bcm2835-audio: Replace unsafe strcpy() with strscpy()
    - brcmfmac: Add DMI nvram filename quirk for Predia Basic tablet
    - brcmfmac: Add DMI nvram filename quirk for Voyo winpad A15 tablet
    - drm/hisilicon: Fix use-after-free
    - crypto: tcrypt - avoid signed overflow in byte count
    - drm/amdgpu: Add check to prevent IH overflow
    - PCI: Add a REBAR size quirk for Sapphire RX 5600 XT Pulse
    - drm/amd/display: Guard against NULL pointer deref when get_i2c_info fails
    - media: uvcvideo: Allow entities with no pads
    - f2fs: handle unallocated section and zone on pinned/atgc
    - f2fs: fix to set/clear I_LINKABLE under i_lock
    - nvme-core: add cancel tagset helpers
    - nvme-rdma: add clean action for failed reconnection
    - nvme-tcp: add clean action for failed reconnection
    - ASoC: Intel: Add DMI quirk table to soc_intel_is_byt_cr()
    - btrfs: fix error handling in commit_fs_roots
    - perf/x86/kvm: Add Cascade Lake Xeon steppings to isolation_ucodes[]
    - parisc: Bump 64-bit IRQ stack size to 64 KB
    - sched/features: Fix hrtick reprogramming
    - ASoC: Intel: bytcr_rt5640: Add quirk for the Estar Beauty HD MID 7316R
      tablet
    - ASoC: Intel: bytcr_rt5640: Add quirk for the Voyo Winpad A15 tablet
    - ASoC: Intel: bytcr_rt5651: Add quirk for the Jumper EZpad 7 tablet
    - ASoC: Intel: bytcr_rt5640: Add quirk for the Acer One S1002 tablet
    - Xen/gnttab: handle p2m update errors on a per-slot basis
    - xen-netback: respect gnttab_map_refs()'s return value
    - zsmalloc: account the number of compacted pages correctly
    - swap: fix swapfile read/write offset
    - media: v4l: ioctl: Fix memory leak in video_usercopy
    - ALSA: hda/realtek: Add quirk for Clevo NH55RZQ
    - ALSA: hda/realtek: Add quirk for Intel NUC 10
    - ALSA: hda/realtek: Apply dual codec quirks for MSI Godlike X570 board
    - Linux 5.4.103
  * Focal update: v5.4.102 upstream stable release (LP: #1918974)
    - vmlinux.lds.h: add DWARF v5 sections
    - kvm: x86: replace kvm_spec_ctrl_test_value with runtime test on the host
    - debugfs: be more robust at handling improper input in debugfs_lookup()
    - debugfs: do not attempt to create a new file before the filesystem is
      initalized
    - kdb: Make memory allocations more robust
    - PCI: qcom: Use PHY_REFCLK_USE_PAD only for ipq8064
    - PCI: Decline to resize resources if boot config must be preserved
    - virt: vbox: Do not use wait_event_interruptible when called from kernel
      context
    - bfq: Avoid false bfq queue merging
    - ALSA: usb-audio: Fix PCM buffer allocation in non-vmalloc mode
    - MIPS: vmlinux.lds.S: add missing PAGE_ALIGNED_DATA() section
    - random: fix the RNDRESEEDCRNG ioctl
    - ath10k: Fix error handling in case of CE pipe init failure
    - Bluetooth: btqcomsmd: Fix a resource leak in error handling paths in the
      probe function
    - Bluetooth: hci_uart: Fix a race for write_work scheduling
    - Bluetooth: Fix initializing response id after clearing struct
    - ARM: dts: exynos: correct PMIC interrupt trigger level on Artik 5
    - ARM: dts: exynos: correct PMIC interrupt trigger level on Monk
    - ARM: dts: exynos: correct PMIC interrupt trigger level on Rinato
    - ARM: dts: exynos: correct PMIC interrupt trigger level on Spring
    - ARM: dts: exynos: correct PMIC interrupt trigger level on Arndale Octa
    - ARM: dts: exynos: correct PMIC interrupt trigger level on Odroid XU3 family
    - arm64: dts: exynos: correct PMIC interrupt trigger level on TM2
    - arm64: dts: exynos: correct PMIC interrupt trigger level on Espresso
    - memory: mtk-smi: Fix PM usage counter unbalance in mtk_smi ops
    - bpf: Add bpf_patch_call_args prototype to include/linux/bpf.h
    - bpf: Avoid warning when re-casting __bpf_call_base into __bpf_call_base_args
    - arm64: dts: allwinner: A64: properly connect USB PHY to port 0
    - arm64: dts: allwinner: H6: properly connect USB PHY to port 0
    - arm64: dts: allwinner: Drop non-removable from SoPine/LTS SD card
    - arm64: dts: allwinner: H6: Allow up to 150 MHz MMC bus frequency
    - arm64: dts: allwinner: A64: Limit MMC2 bus frequency to 150 MHz
    - cpufreq: brcmstb-avs-cpufreq: Free resources in error path
    - cpufreq: brcmstb-avs-cpufreq: Fix resource leaks in ->remove()
    - ACPICA: Fix exception code class checks
    - usb: gadget: u_audio: Free requests only after callback
    - Bluetooth: drop HCI device reference before return
    - Bluetooth: Put HCI device if inquiry procedure interrupts
    - memory: ti-aemif: Drop child node when jumping out loop
    - ARM: dts: Configure missing thermal interrupt for 4430
    - usb: dwc2: Do not update data length if it is 0 on inbound transfers
    - usb: dwc2: Abort transaction after errors with unknown reason
    - usb: dwc2: Make "trimming xfer length" a debug message
    - staging: rtl8723bs: wifi_regd.c: Fix incorrect number of regulatory rules
    - ARM: dts: armada388-helios4: assign pinctrl to LEDs
    - ARM: dts: armada388-helios4: assign pinctrl to each fan
    - arm64: dts: armada-3720-turris-mox: rename u-boot mtd partition to
      a53-firmware
    - Bluetooth: btusb: Fix memory leak in btusb_mtk_wmt_recv
    - arm64: dts: msm8916: Fix reserved and rfsa nodes unit address
    - ARM: s3c: fix fiq for clang IAS
    - soc: aspeed: snoop: Add clock control logic
    - bpf_lru_list: Read double-checked variable once without lock
    - ath9k: fix data bus crash when setting nf_override via debugfs
    - ibmvnic: Set to CLOSED state even on error
    - bnxt_en: reverse order of TX disable and carrier off
    - xen/netback: fix spurious event detection for common event case
    - mac80211: fix potential overflow when multiplying to u32 integers
    - bpf: Fix bpf_fib_lookup helper MTU check for SKB ctx
    - tcp: fix SO_RCVLOWAT related hangs under mem pressure
    - net: axienet: Handle deferred probe on clock properly
    - cxgb4/chtls/cxgbit: Keeping the max ofld immediate data size same in cxgb4
      and ulds
    - b43: N-PHY: Fix the update of coef for the PHY revision >= 3case
    - ibmvnic: add memory barrier to protect long term buffer
    - ibmvnic: skip send_request_unmap for timeout reset
    - net: amd-xgbe: Reset the PHY rx data path when mailbox command timeout
    - net: amd-xgbe: Fix NETDEV WATCHDOG transmit queue timeout warning
    - net: amd-xgbe: Reset link when the link never comes back
    - net: amd-xgbe: Fix network fluctuations when using 1G BELFUSE SFP
    - net: mvneta: Remove per-cpu queue mapping for Armada 3700
    - fbdev: aty: SPARC64 requires FB_ATY_CT
    - drm/gma500: Fix error return code in psb_driver_load()
    - gma500: clean up error handling in init
    - drm/fb-helper: Add missed unlocks in setcmap_legacy()
    - crypto: sun4i-ss - linearize buffers content must be kept
    - crypto: sun4i-ss - fix kmap usage
    - crypto: arm64/aes-ce - really hide slower algos when faster ones are enabled
    - drm/amdgpu: Fix macro name _AMDGPU_TRACE_H_ in preprocessor if condition
    - MIPS: c-r4k: Fix section mismatch for loongson2_sc_init
    - MIPS: lantiq: Explicitly compare LTQ_EBU_PCC_ISTAT against 0
    - media: i2c: ov5670: Fix PIXEL_RATE minimum value
    - media: imx: Unregister csc/scaler only if registered
    - media: imx: Fix csc/scaler unregister
    - media: camss: missing error code in msm_video_register()
    - media: vsp1: Fix an error handling path in the probe function
    - media: em28xx: Fix use-after-free in em28xx_alloc_urbs
    - media: media/pci: Fix memleak in empress_init
    - media: tm6000: Fix memleak in tm6000_start_stream
    - media: aspeed: fix error return code in aspeed_video_setup_video()
    - ASoC: cs42l56: fix up error handling in probe
    - evm: Fix memleak in init_desc
    - crypto: bcm - Rename struct device_private to bcm_device_private
    - drm/sun4i: tcon: fix inverted DCLK polarity
    - MIPS: properly stop .eh_frame generation
    - bsg: free the request before return error code
    - drm/amd/display: Fix 10/12 bpc setup in DCE output bit depth reduction.
    - drm/amd/display: Fix HDMI deep color output for DCE 6-11.
    - media: software_node: Fix refcounts in software_node_get_next_child()
    - media: lmedm04: Fix misuse of comma
    - media: qm1d1c0042: fix error return code in qm1d1c0042_init()
    - media: cx25821: Fix a bug when reallocating some dma memory
    - media: pxa_camera: declare variable when DEBUG is defined
    - media: uvcvideo: Accept invalid bFormatIndex and bFrameIndex values
    - sched/eas: Don't update misfit status if the task is pinned
    - mtd: parser: imagetag: fix error codes in
      bcm963xx_parse_imagetag_partitions()
    - crypto: talitos - Work around SEC6 ERRATA (AES-CTR mode data size error)
    - drm/nouveau: bail out of nouveau_channel_new if channel init fails
    - ata: ahci_brcm: Add back regulators management
    - ASoC: cpcap: fix microphone timeslot mask
    - mtd: parsers: afs: Fix freeing the part name memory in failure
    - f2fs: fix to avoid inconsistent quota data
    - drm/amdgpu: Prevent shift wrapping in amdgpu_read_mask()
    - f2fs: fix a wrong condition in __submit_bio
    - Drivers: hv: vmbus: Avoid use-after-free in vmbus_onoffer_rescind()
    - ASoC: SOF: debug: Fix a potential issue on string buffer termination
    - btrfs: clarify error returns values in __load_free_space_cache
    - hwrng: timeriomem - Fix cooldown period calculation
    - crypto: ecdh_helper - Ensure 'len >= secret.len' in decode_key()
    - ima: Free IMA measurement buffer on error
    - ima: Free IMA measurement buffer after kexec syscall
    - ASoC: simple-card-utils: Fix device module clock
    - fs/jfs: fix potential integer overflow on shift of a int
    - jffs2: fix use after free in jffs2_sum_write_data()
    - ubifs: Fix memleak in ubifs_init_authentication
    - ubifs: Fix error return code in alloc_wbufs()
    - capabilities: Don't allow writing ambiguous v3 file capabilities
    - HSI: Fix PM usage counter unbalance in ssi_hw_init
    - clk: meson: clk-pll: fix initializing the old rate (fallback) for a PLL
    - clk: meson: clk-pll: make "ret" a signed integer
    - clk: meson: clk-pll: propagate the error from meson_clk_pll_set_rate()
    - quota: Fix memory leak when handling corrupted quota file
    - i2c: iproc: handle only slave interrupts which are enabled
    - i2c: iproc: update slave isr mask (ISR_MASK_SLAVE)
    - i2c: iproc: handle master read request
    - spi: cadence-quadspi: Abort read if dummy cycles required are too many
    - clk: sunxi-ng: h6: Fix CEC clock
    - HID: core: detect and skip invalid inputs to snto32()
    - RDMA/siw: Fix handling of zero-sized Read and Receive Queues.
    - dmaengine: fsldma: Fix a resource leak in the remove function
    - dmaengine: fsldma: Fix a resource leak in an error handling path of the
      probe function
    - dmaengine: owl-dma: Fix a resource leak in the remove function
    - dmaengine: hsu: disable spurious interrupt
    - mfd: bd9571mwv: Use devm_mfd_add_devices()
    - fdt: Properly handle "no-map" field in the memory region
    - of/fdt: Make sure no-map does not remove already reserved regions
    - power: reset: at91-sama5d2_shdwc: fix wkupdbc mask
    - rtc: s5m: select REGMAP_I2C
    - clocksource/drivers/ixp4xx: Select TIMER_OF when needed
    - clocksource/drivers/mxs_timer: Add missing semicolon when DEBUG is defined
    - RDMA/mlx5: Use the correct obj_id upon DEVX TIR creation
    - clk: sunxi-ng: h6: Fix clock divider range on some clocks
    - regulator: axp20x: Fix reference cout leak
    - certs: Fix blacklist flag type confusion
    - regulator: s5m8767: Fix reference count leak
    - spi: atmel: Put allocated master before return
    - regulator: s5m8767: Drop regulators OF node reference
    - regulator: core: Avoid debugfs: Directory ... already present! error
    - isofs: release buffer head before return
    - auxdisplay: ht16k33: Fix refresh rate handling
    - objtool: Fix error handling for STD/CLD warnings
    - objtool: Fix ".cold" section suffix check for newer versions of GCC
    - IB/umad: Return EIO in case of when device disassociated
    - IB/umad: Return EPOLLERR in case of when device disassociated
    - KVM: PPC: Make the VMX instruction emulation routines static
    - powerpc/47x: Disable 256k page size
    - mmc: sdhci-sprd: Fix some resource leaks in the remove function
    - mmc: usdhi6rol0: Fix a resource leak in the error handling path of the probe
    - mmc: renesas_sdhi_internal_dmac: Fix DMA buffer alignment from 8 to
      128-bytes
    - ARM: 9046/1: decompressor: Do not clear SCTLR.nTLSMD for ARMv7+ cores
    - i2c: qcom-geni: Store DMA mapping data in geni_i2c_dev struct
    - amba: Fix resource leak for drivers without .remove
    - IB/mlx5: Return appropriate error code instead of ENOMEM
    - IB/cm: Avoid a loop when device has 255 ports
    - tracepoint: Do not fail unregistering a probe due to memory failure
    - perf tools: Fix DSO filtering when not finding a map for a sampled address
    - perf vendor events arm64: Fix Ampere eMag event typo
    - RDMA/rxe: Fix coding error in rxe_recv.c
    - RDMA/rxe: Fix coding error in rxe_rcv_mcast_pkt
    - RDMA/rxe: Correct skb on loopback path
    - spi: stm32: properly handle 0 byte transfer
    - mfd: wm831x-auxadc: Prevent use after free in wm831x_auxadc_read_irq()
    - powerpc/pseries/dlpar: handle ibm, configure-connector delay status
    - powerpc/8xx: Fix software emulation interrupt
    - clk: qcom: gcc-msm8998: Fix Alpha PLL type for all GPLLs
    - RDMA/hns: Fixed wrong judgments in the goto branch
    - RDMA/siw: Fix calculation of tx_valid_cpus size
    - RDMA/hns: Fix type of sq_signal_bits
    - spi: pxa2xx: Fix the controller numbering for Wildcat Point
    - regulator: qcom-rpmh: fix pm8009 ldo7
    - clk: aspeed: Fix APLL calculate formula from ast2600-A2
    - nfsd: register pernet ops last, unregister first
    - RDMA/hns: Fixes missing error code of CMDQ
    - Input: sur40 - fix an error code in sur40_probe()
    - perf intel-pt: Fix missing CYC processing in PSB
    - perf intel-pt: Fix premature IPC
    - perf test: Fix unaligned access in sample parsing test
    - Input: elo - fix an error code in elo_connect()
    - sparc64: only select COMPAT_BINFMT_ELF if BINFMT_ELF is set
    - misc: eeprom_93xx46: Fix module alias to enable module autoprobe
    - phy: rockchip-emmc: emmc_phy_init() always return 0
    - misc: eeprom_93xx46: Add module alias to avoid breaking support for non
      device tree users
    - soundwire: cadence: fix ACK/NAK handling
    - pwm: rockchip: rockchip_pwm_probe(): Remove superfluous clk_unprepare()
    - VMCI: Use set_page_dirty_lock() when unregistering guest memory
    - PCI: Align checking of syscall user config accessors
    - mei: hbm: call mei_set_devstate() on hbm stop response
    - drm/msm/dsi: Correct io_start for MSM8994 (20nm PHY)
    - drm/msm/mdp5: Fix wait-for-commit for cmd panels
    - vfio/iommu_type1: Fix some sanity checks in detach group
    - ext4: fix potential htree index checksum corruption
    - nvmem: core: Fix a resource leak on error in nvmem_add_cells_from_of()
    - nvmem: core: skip child nodes not matching binding
    - regmap: sdw: use _no_pm functions in regmap_read/write
    - i40e: Fix flow for IPv6 next header (extension header)
    - i40e: Add zero-initialization of AQ command structures
    - i40e: Fix overwriting flow control settings during driver loading
    - i40e: Fix addition of RX filters after enabling FW LLDP agent
    - i40e: Fix VFs not created
    - i40e: Fix add TC filter for IPv6
    - vfio/type1: Use follow_pte()
    - net/mlx4_core: Add missed mlx4_free_cmd_mailbox()
    - vxlan: move debug check after netdev unregister
    - ocfs2: fix a use after free on error
    - mm/memory.c: fix potential pte_unmap_unlock pte error
    - mm/hugetlb: fix potential double free in hugetlb_register_node() error path
    - mm/compaction: fix misbehaviors of fast_find_migrateblock()
    - r8169: fix jumbo packet handling on RTL8168e
    - arm64: Add missing ISB after invalidating TLB in __primary_switch
    - i2c: brcmstb: Fix brcmstd_send_i2c_cmd condition
    - mm/rmap: fix potential pte_unmap on an not mapped pte
    - scsi: bnx2fc: Fix Kconfig warning & CNIC build errors
    - blk-settings: align max_sectors on "logical_block_size" boundary
    - ACPI: property: Fix fwnode string properties matching
    - ACPI: configfs: add missing check after configfs_register_default_group()
    - HID: logitech-dj: add support for keyboard events in eQUAD step 4 Gaming
    - HID: wacom: Ignore attempts to overwrite the touch_max value from HID
    - Input: raydium_ts_i2c - do not send zero length
    - Input: xpad - add support for PowerA Enhanced Wired Controller for Xbox
      Series X|S
    - Input: joydev - prevent potential read overflow in ioctl
    - Input: i8042 - add ASUS Zenbook Flip to noselftest list
    - media: mceusb: Fix potential out-of-bounds shift
    - USB: serial: option: update interface mapping for ZTE P685M
    - usb: musb: Fix runtime PM race in musb_queue_resume_work
    - usb: dwc3: gadget: Fix setting of DEPCFG.bInterval_m1
    - usb: dwc3: gadget: Fix dep->interval for fullspeed interrupt
    - USB: serial: ftdi_sio: fix FTX sub-integer prescaler
    - USB: serial: mos7840: fix error code in mos7840_write()
    - USB: serial: mos7720: fix error code in mos7720_write()
    - ALSA: hda: Add another CometLake-H PCI ID
    - ALSA: hda/realtek: modify EAPD in the ALC886
    - Revert "bcache: Kill btree_io_wq"
    - bcache: Give btree_io_wq correct semantics again
    - bcache: Move journal work to new flush wq
    - drm/amd/display: Add vupdate_no_lock interrupts for DCN2.1
    - drm/amdgpu: Set reference clock to 100Mhz on Renoir (v2)
    - drm/nouveau/kms: handle mDP connectors
    - drm/sched: Cancel and flush all outstanding jobs before finish.
    - erofs: initialized fields can only be observed after bit is set
    - tpm_tis: Fix check_locality for correct locality acquisition
    - tpm_tis: Clean up locality release
    - KEYS: trusted: Fix migratable=1 failing
    - btrfs: abort the transaction if we fail to inc ref in btrfs_copy_root
    - btrfs: fix reloc root leak with 0 ref reloc roots on recovery
    - btrfs: splice remaining dirty_bg's onto the transaction dirty bg list
    - btrfs: fix extent buffer leak on failure to copy root
    - crypto: arm64/sha - add missing module aliases
    - crypto: aesni - prevent misaligned buffers on the stack
    - crypto: sun4i-ss - checking sg length is not sufficient
    - crypto: sun4i-ss - handle BigEndian for cipher
    - crypto: sun4i-ss - initialize need_fallback
    - seccomp: Add missing return in non-void function
    - misc: rtsx: init of rts522a add OCP power off when no card is present
    - drivers/misc/vmw_vmci: restrict too big queue size in qp_host_alloc_queue
    - pstore: Fix typo in compression option name
    - dts64: mt7622: fix slow sd card access
    - staging/mt7621-dma: mtk-hsdma.c->hsdma-mt7621.c
    - staging: gdm724x: Fix DMA from stack
    - staging: rtl8188eu: Add Edimax EW-7811UN V2 to device table
    - media: ipu3-cio2: Fix mbus_code processing in cio2_subdev_set_fmt()
    - x86/virt: Eat faults on VMXOFF in reboot flows
    - x86/reboot: Force all cpus to exit VMX root if VMX is supported
    - powerpc/prom: Fix "ibm,arch-vec-5-platform-support" scan
    - rcu: Pull deferred rcuog wake up to rcu_eqs_enter() callers
    - rcu/nocb: Perform deferred wake up before last idle's need_resched() check
    - floppy: reintroduce O_NDELAY fix
    - arm64: kexec_file: fix memory leakage in create_dtb() when fdt_open_into()
      fails
    - arm64: uprobe: Return EOPNOTSUPP for AARCH32 instruction probing
    - watchdog: qcom: Remove incorrect usage of QCOM_WDT_ENABLE_IRQ
    - watchdog: mei_wdt: request stop on unregister
    - mtd: spi-nor: sfdp: Fix last erase region marking
    - mtd: spi-nor: sfdp: Fix wrong erase type bitmask for overlaid region
    - mtd: spi-nor: core: Fix erase type discovery for overlaid region
    - mtd: spi-nor: core: Add erase size check for erase command initialization
    - mtd: spi-nor: hisi-sfc: Put child node np on error path
    - fs/affs: release old buffer head on error path
    - seq_file: document how per-entry resources are managed.
    - x86: fix seq_file iteration for pat/memtype.c
    - hugetlb: fix update_and_free_page contig page struct assumption
    - hugetlb: fix copy_huge_page_from_user contig page struct assumption
    - arm64: Extend workaround for erratum 1024718 to all versions of Cortex-A55
    - media: smipcie: fix interrupt handling and IR timeout
    - module: Ignore _GLOBAL_OFFSET_TABLE_ when warning for undefined symbols
    - mmc: sdhci-esdhc-imx: fix kernel panic when remove module
    - powerpc/32s: Add missing call to kuep_lock on syscall entry
    - spmi: spmi-pmic-arb: Fix hw_irq overflow
    - gpio: pcf857x: Fix missing first interrupt
    - printk: fix deadlock when kernel panic
    - cpufreq: intel_pstate: Get per-CPU max freq via MSR_HWP_CAPABILITIES if
      available
    - s390/vtime: fix inline assembly clobber list
    - virtio/s390: implement virtio-ccw revision 2 correctly
    - um: mm: check more comprehensively for stub changes
    - f2fs: fix out-of-repair __setattr_copy()
    - sparc32: fix a user-triggerable oops in clear_user()
    - spi: spi-synquacer: fix set_cs handling
    - gfs2: Don't skip dlm unlock if glock has an lvb
    - gfs2: Recursive gfs2_quota_hold in gfs2_iomap_end
    - dm: fix deadlock when swapping to encrypted device
    - dm writecache: fix writing beyond end of underlying device when shrinking
    - dm era: Recover committed writeset after crash
    - dm era: Verify the data block size hasn't changed
    - dm era: Fix bitset memory leaks
    - dm era: Use correct value size in equality function of writeset tree
    - dm era: Reinitialize bitset cache before digesting a new writeset
    - dm era: only resize metadata in preresume
    - drm/i915: Reject 446-480MHz HDMI clock on GLK
    - icmp: introduce helper for nat'd source address in network device context
    - icmp: allow icmpv6_ndo_send to work with CONFIG_IPV6=n
    - gtp: use icmp_ndo_send helper
    - sunvnet: use icmp_ndo_send helper
    - xfrm: interface: use icmp_ndo_send helper
    - ipv6: icmp6: avoid indirect call for icmpv6_send()
    - ipv6: silence compilation warning for non-IPV6 builds
    - net: icmp: pass zeroed opts from icmp{,v6}_ndo_send before sending
    - net: sched: fix police ext initialization
    - dm era: Update in-core bitset after committing the metadata
    - net: qrtr: Fix memory leak in qrtr_tun_open
    - ARM: dts: aspeed: Add LCLK to lpc-snoop
    - Linux 5.4.102
  * eeh-basic.sh from powerpc in ubuntu_kernel_selftests failed with unexpected
    operator on F-5.8 (LP: #1909428)
    - selftests/powerpc: Make the test check in eeh-basic.sh posix compliant

-- Stefan Bader <stefan.bader@canonical.com>  Tue, 20 Apr 2021 16:49:32 +0200

Changed in linux-bluefield (Ubuntu Focal):
status:	Fix Committed → Fix Released

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.

Ubuntulinux-bluefield package

kernel crash with stress CT offload traffic

Bug Description

CVE References

Other bug subscribers

Remote bug watches

Ubuntu
linux-bluefield package