Ubuntu
linux-bluefield package

i2c-mlxbf.c: prevent stack overflow in mlxbf_i2c_smbus_start_transaction

Bug #1934304 reported by Asmaa Mnebhi on 2021-07-01

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	linux-bluefield (Ubuntu)	Invalid	Undecided	Unassigned
	Focal	Fix Released	Medium	Asmaa Mnebhi

Bug Description

SRU Justification:

[Impact]

There could be stack overflow in mlxbf_i2c_smbus_start_transaction().
memcpy() is called in a loop while 'operation->length' upper bound is not
checked and 'data_idx' also increments.

More details:
The operation length is verified by the caller functions so it cannot exceed I2C_SMBUS_BLOCK_MAX bytes (32 bytes) for each operation that is a part of the write. Data_desc array is 128 bytes in size. So potentially a request which consists of 4 writes, 32 bytes each can trigger an off-by-one or off-by-two overflow, because the first byte of data_desc is used by addr, effectively decreasing the available data_desc buffer size by one. Functions like mlx_smbus_i2c_block_func() that prepare the request also set the length of the first write operation to one and store the command id there, so the target buffer size again decreases data_desc by one, making it two bytes less than expected.

[Fix]

* Add a check for "operation->length" and data_idx and return error if reached upper bound.

[Test Case]

* Test the i2c-mlxbf.c driver using IPMB functionality.

[Regression Potential]

This fix returns a negative value to indicate that a transaction has failed. So it will catch more transactions failures.

Tags:

CVE References

Stefan Bader (smb) on 2021-07-05

Changed in linux-bluefield (Ubuntu Focal):
assignee:	nobody → Asmaa Mnebhi (asmaam)
importance:	Undecided → Medium
status:	New → In Progress
Changed in linux-bluefield (Ubuntu):
status:	New → Invalid

Stefan Bader (smb) on 2021-07-14

Changed in linux-bluefield (Ubuntu Focal):
status:	In Progress → Fix Committed

Revision history for this message

Ubuntu Kernel Bot (ubuntu-kernel-bot) wrote on 2021-07-28:

This bug is awaiting verification that the kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-focal' to 'verification-done-focal'. If the problem still exists, change the tag 'verification-needed-focal' to 'verification-failed-focal'.

If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you!

tags:

added: verification-needed-focal

Meriton Tuli (meriton) on 2021-07-30

tags:

added: verification-done-focal
removed: verification-needed-focal

Revision history for this message

Launchpad Janitor (janitor) wrote on 2021-10-05:

Download full text (95.1 KiB)

This bug was fixed in the package linux-bluefield - 5.4.0-1019.22

---------------
linux-bluefield (5.4.0-1019.22) focal; urgency=medium

* focal/linux-bluefield: 5.4.0-1019.22 -proposed tracker (LP: #1942533)

* Focal update: v5.4.134 upstream stable release (LP: #1939440)
- [Config] bluefield: CONFIG_BATTERY_RT5033=m

  * Fix fragmentation support for TC connection tracking (LP: #1940872)
    - net/sched: act_ct: fix restore the qdisc_skb_cb after defrag
    - net/sched: act_ct: fix miss set mru for ovs after defrag in act_ct
    - net/sched: fix miss init the mru in qdisc_skb_cb
    - net/sched: act_ct: fix wild memory access when clearing fragments
    - Revert "net/sched: act_ct: Fix skb double-free in tcf_ct_handle_fragments()
      error flow"
    - net/sched: act_mirred: refactor the handle of xmit
    - net/sched: The error lable position is corrected in ct_init_module
    - net/sched: sch_frag: add generic packet fragment support.
    - ipv6: add ipv6_fragment hook in ipv6_stub

* Add the upcoming BlueField-3 device ID (LP: #1941803)
- net/mlx5: Update the list of the PCI supported devices

  * CT state not reset when packet redirected to different port (LP: #1940448)
    - Revert "UBUNTU: SAUCE: net/sched: act_mirred: Reset ct when reinserting skb
      back into queue"
    - net: sched: act_mirred: Reset ct info when mirror/redirect skb

* Export xfrm_policy_lookup_bytype function (LP: #1934313)
- SAUCE: xfrm: IPsec Export xfrm_policy_lookup_bytype function

[ Ubuntu: 5.4.0-85.95 ]

This bug was fixed in the package linux-bluefield - 5.4.0-1019.22

---------------
linux-bluefield (5.4.0-1019.22) focal; urgency=medium

* focal/linux-bluefield: 5.4.0-1019.22 -proposed tracker (LP: #1942533)

* Focal update: v5.4.134 upstream stable release (LP: #1939440)
    - [Config] bluefield: CONFIG_BATTERY_RT5033=m

*  Add the upcoming BlueField-3 device ID (LP: #1941803)
    - net/mlx5: Update the list of the PCI supported devices

* Export xfrm_policy_lookup_bytype function (LP: #1934313)
    - SAUCE: xfrm: IPsec Export xfrm_policy_lookup_bytype function

[ Ubuntu: 5.4.0-85.95 ]

* focal/linux: 5.4.0-85.95 -proposed tracker (LP: #1942557)
  * please drop virtualbox-guest-dkms virtualbox-guest-source (LP: #1933248)
    - [Config] Disable virtualbox dkms build
  * Packaging resync (LP: #1786013)
    - debian/dkms-versions -- update from kernel-versions (main/2021.09.06)
  *  LRMv5: switch primary version handling to kernel-versions data set
    (LP: #1928921)
    - [Packaging] switch to kernel-versions
  * disable “CONFIG_HISI_DMA” config for ubuntu version (LP: #1936771)
    - Disable CONFIG_HISI_DMA
    - [Config] Record hisi_dma no longer built for arm64
  * memory leaking when removing a profile (LP: #1939915)
    - apparmor: Fix memory leak of profile proxy
  * CryptoExpress EP11 cards are going offline (LP: #1939618)
    - s390/zcrypt: Support for CCA protected key block version 2
    - s390: Replace zero-length array with flexible-array member
    - s390/zcrypt: Use scnprintf() for avoiding potential buffer overflow
    - s390/zcrypt: replace snprintf/sprintf with scnprintf
    - s390/ap: Remove ap device suspend and resume callbacks
    - s390/zcrypt: use fallthrough;
    - s390/zcrypt: use kvmalloc instead of kmalloc for 256k alloc
    - s390/ap: remove power management code from ap bus and drivers
    - s390/ap: introduce new ap function ap_get_qdev()
    - s390/zcrypt: use kzalloc
    - s390/zcrypt: fix smatch warnings
    - s390/zcrypt: code beautification and struct field renames
    - s390/zcrypt: split ioctl function into smaller code units
    - s390/ap: rename and clarify ap state machine related stuff
    - s390/zcrypt: provide cex4 cca sysfs attributes for cex3
    - s390/ap: rework crypto config info and default domain code
    - s390/zcrypt: simplify cca_findcard2 loop code
    - s390/zcrypt: remove set_fs() invocation in zcrypt device driver
    - s390/ap: remove unnecessary spin_lock_init()
    - s390/zcrypt: Support for CCA APKA master keys
    - s390/zcrypt: introduce msg tracking in zcrypt functions
    - s390/ap: split ap queue state machine state from device state
    - s390/ap: add error response code field for ap queue devices
    - s390/ap: add card/queue deconfig state
    - s390/sclp: Add support for SCLP AP adapter config/deconfig
    - s390/ap: Support AP card SCLP config and deconfig operations
    - s390/ap/zcrypt: revisit ap and zcrypt error handling
    - s390/zcrypt: move ap_msg param one level up the call chain
    - s390/zcrypt: Introduce Failure Injection feature
    - s390/zcrypt: fix wrong format specifications
    - s390/ap: fix ap devices reference counting
    - s390/zcrypt: return EIO when msg retry limit reached
    - s390/zcrypt: fix zcard and zqueue hot-unplug memleak
    - s390/ap: Fix hanging ioctl caused by wrong msg counter
  * memfd from ubuntu_kernel_selftests failed to build on B-5.4 (LP: #1926142)
    - SAUCE: selftests/memfd: fix build when F_SEAL_FUTURE_WRITE is not defined
  * [SRU] Ice driver causes the kernel to crash with Ubuntu 20.04.2 with ethtool
    specific register commands (LP: #1939855)
    - ice: Fix bad register reads
  * ubunut_kernel_selftests: memory-hotplug: avoid spamming logs with
    dump_page() (LP: #1941829)
    - selftests: memory-hotplug: avoid spamming logs with dump_page(), ratio limit
      hot-remove error test
  * e1000e blocks the boot process when it tried to write checksum to its NVM
    (LP: #1936998)
    - e1000e: Do not take care about recovery NVM checksum
  * Focal update: v5.4.140 upstream stable release (LP: #1941798)
    - Revert "ACPICA: Fix memory leak caused by _CID repair function"
    - ALSA: seq: Fix racy deletion of subscriber
    - arm64: dts: ls1028a: fix node name for the sysclk
    - ARM: imx: add missing iounmap()
    - ARM: imx: add missing clk_disable_unprepare()
    - ARM: dts: imx6qdl-sr-som: Increase the PHY reset duration to 10ms
    - ARM: dts: colibri-imx6ull: limit SDIO clock to 25MHz
    - ARM: imx: fix missing 3rd argument in macro imx_mmdc_perf_init
    - ARM: dts: imx: Swap M53Menlo pinctrl_power_button/pinctrl_power_out pins
    - arm64: dts: armada-3720-turris-mox: remove mrvl,i2c-fast-mode
    - ALSA: usb-audio: fix incorrect clock source setting
    - clk: stm32f4: fix post divisor setup for I2S/SAI PLLs
    - ARM: dts: am437x-l4: fix typo in can@0 node
    - omap5-board-common: remove not physically existing vdds_1v8_main fixed-
      regulator
    - spi: imx: mx51-ecspi: Reinstate low-speed CONFIGREG delay
    - spi: imx: mx51-ecspi: Fix low-speed CONFIGREG delay calculation
    - scsi: sr: Return correct event when media event code is 3
    - media: videobuf2-core: dequeue if start_streaming fails
    - dmaengine: imx-dma: configure the generic DMA type to make it work
    - net, gro: Set inner transport header offset in tcp/udp GRO hook
    - net: dsa: sja1105: overwrite dynamic FDB entries with static ones in
      .port_fdb_add
    - net: dsa: sja1105: invalidate dynamic FDB entries learned concurrently with
      statically added ones
    - net: phy: micrel: Fix detection of ksz87xx switch
    - net: natsemi: Fix missing pci_disable_device() in probe and remove
    - gpio: tqmx86: really make IRQ optional
    - sctp: move the active_key update after sh_keys is added
    - nfp: update ethtool reporting of pauseframe control
    - net: ipv6: fix returned variable type in ip6_skb_dst_mtu
    - mips: Fix non-POSIX regexp
    - bnx2x: fix an error code in bnx2x_nic_load()
    - net: pegasus: fix uninit-value in get_interrupt_interval
    - net: fec: fix use-after-free in fec_drv_remove
    - net: vxge: fix use-after-free in vxge_device_unregister
    - blk-iolatency: error out if blk_get_queue() failed in iolatency_set_limit()
    - Bluetooth: defer cleanup of resources in hci_unregister_dev()
    - USB: usbtmc: Fix RCU stall warning
    - USB: serial: option: add Telit FD980 composition 0x1056
    - USB: serial: ch341: fix character loss at high transfer rates
    - USB: serial: ftdi_sio: add device ID for Auto-M3 OP-COM v2
    - firmware_loader: use -ETIMEDOUT instead of -EAGAIN in fw_load_sysfs_fallback
    - firmware_loader: fix use-after-free in firmware_fallback_sysfs
    - ALSA: hda/realtek: add mic quirk for Acer SF314-42
    - ALSA: usb-audio: Add registration quirk for JBL Quantum 600
    - usb: cdns3: Fixed incorrect gadget state
    - usb: gadget: f_hid: added GET_IDLE and SET_IDLE handlers
    - usb: gadget: f_hid: fixed NULL pointer dereference
    - usb: gadget: f_hid: idle uses the highest byte for duration
    - usb: otg-fsm: Fix hrtimer list corruption
    - clk: fix leak on devm_clk_bulk_get_all() unwind
    - scripts/tracing: fix the bug that can't parse raw_trace_func
    - tracing / histogram: Give calculation hist_fields a size
    - optee: Clear stale cache entries during initialization
    - tee: add tee_shm_alloc_kernel_buf()
    - optee: Fix memory leak when failing to register shm pages
    - tpm_ftpm_tee: Free and unregister TEE shared memory during kexec
    - staging: rtl8723bs: Fix a resource leak in sd_int_dpc
    - staging: rtl8712: get rid of flush_scheduled_work
    - media: rtl28xxu: fix zero-length control request
    - pipe: increase minimum default pipe size to 2 pages
    - ext4: fix potential htree corruption when growing large_dir directories
    - serial: tegra: Only print FIFO error message when an error occurs
    - serial: 8250_mtk: fix uart corruption issue when rx power off
    - serial: 8250: Mask out floating 16/32-bit bus bits
    - MIPS: Malta: Do not byte-swap accesses to the CBUS UART
    - serial: 8250_pci: Enumerate Elkhart Lake UARTs via dedicated driver
    - serial: 8250_pci: Avoid irq sharing for MSI(-X) interrupts.
    - timers: Move clearing of base::timer_running under base:: Lock
    - pcmcia: i82092: fix a null pointer dereference bug
    - md/raid10: properly indicate failure when ending a failed write request
    - KVM: x86: accept userspace interrupt only if no event is injected
    - KVM: Do not leak memory for duplicate debugfs directories
    - KVM: x86/mmu: Fix per-cpu counter corruption on 32-bit builds
    - arm64: vdso: Avoid ISB after reading from cntvct_el0
    - soc: ixp4xx: fix printing resources
    - spi: meson-spicc: fix memory leak in meson_spicc_remove
    - soc: ixp4xx/qmgr: fix invalid __iomem access
    - perf/x86/amd: Don't touch the AMD64_EVENTSEL_HOSTONLY bit inside the guest
    - bpf, selftests: Adjust few selftest result_unpriv outcomes
    - libata: fix ata_pio_sector for CONFIG_HIGHMEM
    - reiserfs: add check for root_inode in reiserfs_fill_super
    - reiserfs: check directory items on read from disk
    - virt_wifi: fix error on connect
    - alpha: Send stop IPI to send to online CPUs
    - net/qla3xxx: fix schedule while atomic in ql_wait_for_drvr_lock and
      ql_adapter_reset
    - arm64: fix compat syscall return truncation
    - Linux 5.4.140
  * Focal update: v5.4.139 upstream stable release (LP: #1941796)
    - btrfs: delete duplicated words + other fixes in comments
    - btrfs: do not commit logs and transactions during link and rename operations
    - btrfs: fix race causing unnecessary inode logging during link and rename
    - btrfs: fix lost inode on log replay after mix of fsync, rename and inode
      eviction
    - regulator: rt5033: Fix n_voltages settings for BUCK and LDO
    - spi: stm32h7: fix full duplex irq handler handling
    - ASoC: tlv320aic31xx: fix reversed bclk/wclk master bits
    - r8152: Fix potential PM refcount imbalance
    - qed: fix possible unpaired spin_{un}lock_bh in _qed_mcp_cmd_and_union()
    - net: Fix zero-copy head len calculation.
    - nvme: fix nvme_setup_command metadata trace event
    - ACPI: fix NULL pointer dereference
    - Revert "Bluetooth: Shutdown controller after workqueues are flushed or
      cancelled"
    - firmware: arm_scmi: Ensure drivers provide a probe function
    - firmware: arm_scmi: Add delayed response status check
    - bpf: Inherit expanded/patched seen count from old aux data
    - bpf: Do not mark insn as seen under speculative path verification
    - bpf: Fix leakage under speculation on mispredicted branches
    - bpf: Test_verifier, add alu32 bounds tracking tests
    - bpf, selftests: Add a verifier test for assigning 32bit reg states to 64bit
      ones
    - bpf, selftests: Adjust few selftest outcomes wrt unreachable code
    - spi: mediatek: Fix fifo transfer
    - Linux 5.4.139
  * Focal update: v5.4.138 upstream stable release (LP: #1940559)
    - net_sched: check error pointer in tcf_dump_walker()
    - x86/asm: Ensure asm/proto.h can be included stand-alone
    - btrfs: fix rw device counting in __btrfs_free_extra_devids
    - btrfs: mark compressed range uptodate only if all bio succeed
    - x86/kvm: fix vcpu-id indexed array sizes
    - KVM: add missing compat KVM_CLEAR_DIRTY_LOG
    - ocfs2: fix zero out valid data
    - ocfs2: issue zeroout to EOF blocks
    - can: j1939: j1939_xtp_rx_dat_one(): fix rxtimer value between consecutive
      TP.DT to 750ms
    - can: raw: raw_setsockopt(): fix raw_rcv panic for sock UAF
    - can: mcba_usb_start(): add missing urb->transfer_dma initialization
    - can: usb_8dev: fix memory leak
    - can: ems_usb: fix memory leak
    - can: esd_usb2: fix memory leak
    - HID: wacom: Re-enable touch by default for Cintiq 24HDT / 27QHDT
    - NIU: fix incorrect error return, missed in previous revert
    - nfc: nfcsim: fix use after free during module unload
    - cfg80211: Fix possible memory leak in function cfg80211_bss_update
    - netfilter: conntrack: adjust stop timestamp to real expiry value
    - netfilter: nft_nat: allow to specify layer 4 protocol NAT only
    - i40e: Fix logic of disabling queues
    - i40e: Fix firmware LLDP agent related warning
    - i40e: Fix queue-to-TC mapping on Tx
    - i40e: Fix log TC creation failure when max num of queues is exceeded
    - tipc: fix sleeping in tipc accept routine
    - net: Set true network header for ECN decapsulation
    - mlx4: Fix missing error code in mlx4_load_one()
    - net: llc: fix skb_over_panic
    - net/mlx5: Fix flow table chaining
    - net/mlx5e: Fix nullptr in mlx5e_hairpin_get_mdev()
    - sctp: fix return value check in __sctp_rcv_asconf_lookup
    - tulip: windbond-840: Fix missing pci_disable_device() in probe and remove
    - sis900: Fix missing pci_disable_device() in probe and remove
    - can: hi311x: fix a signedness bug in hi3110_cmd()
    - PCI: mvebu: Setup BAR0 in order to fix MSI
    - powerpc/pseries: Fix regression while building external modules
    - i40e: Add additional info to PHY type error
    - can: j1939: j1939_session_deactivate(): clarify lifetime of session object
    - Linux 5.4.138
  * Focal update: v5.4.137 upstream stable release (LP: #1940557)
    - selftest: fix build error in tools/testing/selftests/vm/userfaultfd.c
    - tools: Allow proper CC/CXX/... override with LLVM=1 in Makefile.include
    - KVM: x86: determine if an exception has an error code only when injecting
      it.
    - af_unix: fix garbage collect vs MSG_PEEK
    - workqueue: fix UAF in pwq_unbound_release_workfn()
    - cgroup1: fix leaked context root causing sporadic NULL deref in LTP
    - net/802/mrp: fix memleak in mrp_request_join()
    - net/802/garp: fix memleak in garp_request_join()
    - net: annotate data race around sk_ll_usec
    - sctp: move 198 addresses from unusable to private scope
    - ipv6: allocate enough headroom in ip6_finish_output2()
    - hfs: add missing clean-up in hfs_fill_super
    - hfs: fix high memory mapping in hfs_bnode_read
    - hfs: add lock nesting notation to hfs_find_init
    - firmware: arm_scmi: Fix possible scmi_linux_errmap buffer overflow
    - firmware: arm_scmi: Fix range check for the maximum number of pending
      messages
    - cifs: fix the out of range assignment to bit fields in
      parse_server_interfaces
    - iomap: remove the length variable in iomap_seek_data
    - iomap: remove the length variable in iomap_seek_hole
    - ARM: dts: versatile: Fix up interrupt controller node names
    - ipv6: ip6_finish_output2: set sk into newly allocated nskb
    - Linux 5.4.137
  * Focal update: v5.4.136 upstream stable release (LP: #1939899)
    - igc: Fix use-after-free error during reset
    - igb: Fix use-after-free error during reset
    - igc: change default return of igc_read_phy_reg()
    - ixgbe: Fix an error handling path in 'ixgbe_probe()'
    - igc: Prefer to use the pci_release_mem_regions method
    - igc: Fix an error handling path in 'igc_probe()'
    - igb: Fix an error handling path in 'igb_probe()'
    - fm10k: Fix an error handling path in 'fm10k_probe()'
    - e1000e: Fix an error handling path in 'e1000_probe()'
    - iavf: Fix an error handling path in 'iavf_probe()'
    - igb: Check if num of q_vectors is smaller than max before array access
    - igb: Fix position of assignment to *ring
    - gve: Fix an error handling path in 'gve_probe()'
    - ipv6: fix 'disable_policy' for fwd packets
    - selftests: icmp_redirect: remove from checking for IPv6 route get
    - selftests: icmp_redirect: IPv6 PMTU info should be cleared after redirect
    - pwm: sprd: Ensure configuring period and duty_cycle isn't wrongly skipped
    - cxgb4: fix IRQ free race during driver unload
    - nvme-pci: do not call nvme_dev_remove_admin from nvme_remove
    - perf probe: Fix dso->nsinfo refcounting
    - perf env: Fix sibling_dies memory leak
    - perf test session_topology: Delete session->evlist
    - perf test event_update: Fix memory leak of evlist
    - perf dso: Fix memory leak in dso__new_map()
    - perf script: Fix memory 'threads' and 'cpus' leaks on exit
    - perf lzma: Close lzma stream on exit
    - perf probe-file: Delete namelist in del_events() on the error path
    - perf data: Close all files in close_dir()
    - spi: imx: add a check for speed_hz before calculating the clock
    - spi: stm32: Use dma_request_chan() instead dma_request_slave_channel()
    - spi: stm32: fixes pm_runtime calls in probe/remove
    - regulator: hi6421: Use correct variable type for regmap api val argument
    - regulator: hi6421: Fix getting wrong drvdata
    - spi: mediatek: fix fifo rx mode
    - ASoC: rt5631: Fix regcache sync errors on resume
    - liquidio: Fix unintentional sign extension issue on left shift of u16
    - s390/bpf: Perform r1 range checking before accessing jit->seen_reg[r1]
    - bpf, sockmap, tcp: sk_prot needs inuse_idx set for proc stats
    - bpftool: Check malloc return value in mount_bpffs_for_pin
    - net: fix uninit-value in caif_seqpkt_sendmsg
    - efi/tpm: Differentiate missing and invalid final event log table.
    - net: decnet: Fix sleeping inside in af_decnet
    - KVM: PPC: Book3S: Fix CONFIG_TRANSACTIONAL_MEM=n crash
    - KVM: PPC: Fix kvm_arch_vcpu_ioctl vcpu_load leak
    - net: sched: fix memory leak in tcindex_partial_destroy_work
    - netrom: Decrease sock refcount when sock timers expire
    - scsi: iscsi: Fix iface sysfs attr detection
    - scsi: target: Fix protect handling in WRITE SAME(32)
    - spi: cadence: Correct initialisation of runtime PM again
    - bnxt_en: Improve bnxt_ulp_stop()/bnxt_ulp_start() call sequence.
    - bnxt_en: Refresh RoCE capabilities in bnxt_ulp_probe()
    - bnxt_en: Add missing check for BNXT_STATE_ABORT_ERR in bnxt_fw_rset_task()
    - bnxt_en: Check abort error state in bnxt_half_open_nic()
    - net: hisilicon: rename CACHE_LINE_MASK to avoid redefinition
    - net/tcp_fastopen: fix data races around tfo_active_disable_stamp
    - net: hns3: fix rx VLAN offload state inconsistent issue
    - net/sched: act_skbmod: Skip non-Ethernet packets
    - ipv6: fix another slab-out-of-bounds in fib6_nh_flush_exceptions
    - nvme-pci: don't WARN_ON in nvme_reset_work if ctrl.state is not RESETTING
    - Revert "USB: quirks: ignore remote wake-up on Fibocom L850-GL LTE modem"
    - afs: Fix tracepoint string placement with built-in AFS
    - r8169: Avoid duplicate sysfs entry creation error
    - nvme: set the PRACT bit when using Write Zeroes with T10 PI
    - sctp: update active_key for asoc when old key is being replaced
    - net: sched: cls_api: Fix the the wrong parameter
    - drm/panel: raspberrypi-touchscreen: Prevent double-free
    - proc: Avoid mixing integer types in mem_rw()
    - s390/ftrace: fix ftrace_update_ftrace_func implementation
    - s390/boot: fix use of expolines in the DMA code
    - ALSA: usb-audio: Add missing proc text entry for BESPOKEN type
    - ALSA: usb-audio: Add registration quirk for JBL Quantum headsets
    - ALSA: sb: Fix potential ABBA deadlock in CSP driver
    - ALSA: hdmi: Expose all pins on MSI MS-7C94 board
    - xhci: Fix lost USB 2 remote wake
    - KVM: PPC: Book3S: Fix H_RTAS rets buffer overflow
    - KVM: PPC: Book3S HV Nested: Sanitise H_ENTER_NESTED TM state
    - usb: hub: Disable USB 3 device initiated lpm if exit latency is too high
    - usb: hub: Fix link power management max exit latency (MEL) calculations
    - USB: usb-storage: Add LaCie Rugged USB3-FW to IGNORE_UAS
    - usb: max-3421: Prevent corruption of freed memory
    - usb: renesas_usbhs: Fix superfluous irqs happen after usb_pkt_pop()
    - USB: serial: option: add support for u-blox LARA-R6 family
    - USB: serial: cp210x: fix comments for GE CS1000
    - USB: serial: cp210x: add ID for CEL EM3588 USB ZigBee stick
    - usb: dwc2: gadget: Fix sending zero length packet in DDMA mode.
    - firmware/efi: Tell memblock about EFI iomem reservations
    - tracing/histogram: Rename "cpu" to "common_cpu"
    - tracing: Fix bug in rb_per_cpu_empty() that might cause deadloop.
    - btrfs: check for missing device in btrfs_trim_fs
    - media: ngene: Fix out-of-bounds bug in ngene_command_config_free_buf()
    - ixgbe: Fix packet corruption due to missing DMA sync
    - selftest: use mmap instead of posix_memalign to allocate memory
    - userfaultfd: do not untag user pointers
    - hugetlbfs: fix mount mode command line processing
    - rbd: don't hold lock_rwsem while running_list is being drained
    - rbd: always kick acquire on "acquired" and "released" notifications
    - nds32: fix up stack guard gap
    - drm: Return -ENOTTY for non-drm ioctls
    - net: dsa: mv88e6xxx: use correct .stats_set_histogram() on Topaz
    - net: bcmgenet: ensure EXT_ENERGY_DET_MASK is clear
    - iio: accel: bma180: Use explicit member assignment
    - iio: accel: bma180: Fix BMA25x bandwidth register values
    - btrfs: compression: don't try to compress if we don't have enough pages
    - PCI: Mark AMD Navi14 GPU ATS as broken
    - perf inject: Close inject.output on exit
    - xhci: add xhci_get_virt_ep() helper
    - Linux 5.4.136
  * Focal update: v5.4.135 upstream stable release (LP: #1939442)
    - ARM: dts: gemini: rename mdio to the right name
    - ARM: dts: gemini: add device_type on pci
    - ARM: dts: rockchip: fix pinctrl sleep nodename for rk3036-kylin and rk3288
    - arm64: dts: rockchip: fix pinctrl sleep nodename for rk3399.dtsi
    - ARM: dts: rockchip: Fix the timer clocks order
    - ARM: dts: rockchip: Fix IOMMU nodes properties on rk322x
    - ARM: dts: rockchip: Fix power-controller node names for rk3066a
    - ARM: dts: rockchip: Fix power-controller node names for rk3188
    - ARM: dts: rockchip: Fix power-controller node names for rk3288
    - arm64: dts: rockchip: Fix power-controller node names for px30
    - arm64: dts: rockchip: Fix power-controller node names for rk3328
    - reset: ti-syscon: fix to_ti_syscon_reset_data macro
    - ARM: brcmstb: dts: fix NAND nodes names
    - ARM: Cygnus: dts: fix NAND nodes names
    - ARM: NSP: dts: fix NAND nodes names
    - ARM: dts: BCM63xx: Fix NAND nodes names
    - ARM: dts: Hurricane 2: Fix NAND nodes names
    - ARM: dts: imx6: phyFLEX: Fix UART hardware flow control
    - ARM: imx: pm-imx5: Fix references to imx5_cpu_suspend_info
    - rtc: mxc_v2: add missing MODULE_DEVICE_TABLE
    - kbuild: sink stdout from cmd for silent build
    - ARM: dts: am57xx-cl-som-am57x: fix ti,no-reset-on-init flag for gpios
    - ARM: dts: am437x-gp-evm: fix ti,no-reset-on-init flag for gpios
    - ARM: dts: stm32: fix gpio-keys node on STM32 MCU boards
    - ARM: dts: stm32: fix RCC node name on stm32f429 MCU
    - ARM: dts: stm32: fix timer nodes on STM32 MCU to prevent warnings
    - arm64: dts: juno: Update SCPI nodes as per the YAML schema
    - ARM: dts: rockchip: fix supply properties in io-domains nodes
    - ARM: dts: stm32: fix i2c node name on stm32f746 to prevent warnings
    - ARM: dts: stm32: move stmmac axi config in ethernet node on stm32mp15
    - soc/tegra: fuse: Fix Tegra234-only builds
    - firmware: tegra: bpmp: Fix Tegra234-only builds
    - arm64: dts: ls208xa: remove bus-num from dspi node
    - arm64: dts: imx8mq: assign PCIe clocks
    - thermal/core: Correct function name thermal_zone_device_unregister()
    - kbuild: mkcompile_h: consider timestamp if KBUILD_BUILD_TIMESTAMP is set
    - rtc: max77686: Do not enforce (incorrect) interrupt trigger type
    - scsi: aic7xxx: Fix unintentional sign extension issue on left shift of u8
    - scsi: libsas: Add LUN number check in .slave_alloc callback
    - scsi: libfc: Fix array index out of bound exception
    - scsi: qedf: Add check to synchronize abort and flush
    - sched/fair: Fix CFS bandwidth hrtimer expiry type
    - s390: introduce proper type handling call_on_stack() macro
    - cifs: prevent NULL deref in cifs_compose_mount_options()
    - arm64: dts: armada-3720-turris-mox: add firmware node
    - firmware: turris-mox-rwtm: add marvell,armada-3700-rwtm-firmware compatible
      string
    - arm64: dts: marvell: armada-37xx: move firmware node to generic dtsi file
    - f2fs: Show casefolding support only when supported
    - usb: cdns3: Enable TDL_CHK only for OUT ep
    - Revert "UBUNTU: SAUCE: Revert "mm: memcg/slab: fix memory leak at non-root
      kmem_cache destroy""
    - mm: slab: fix kmem_cache_create failed when sysfs node not destroyed
    - dm writecache: return the exact table values that were set
    - net: dsa: mv88e6xxx: enable .port_set_policy() on Topaz
    - net: dsa: mv88e6xxx: enable .rmu_disable() on Topaz
    - net: ipv6: fix return value of ip6_skb_dst_mtu
    - netfilter: ctnetlink: suspicious RCU usage in ctnetlink_dump_helpinfo
    - net/sched: act_ct: fix err check for nf_conntrack_confirm
    - net: bridge: sync fdb to new unicast-filtering ports
    - net: bcmgenet: Ensure all TX/RX queues DMAs are disabled
    - net: ip_tunnel: fix mtu calculation for ETHER tunnel devices
    - net: moxa: fix UAF in moxart_mac_probe
    - net: qcom/emac: fix UAF in emac_remove
    - net: ti: fix UAF in tlan_remove_one
    - net: send SYNACK packet with accepted fwmark
    - net: validate lwtstate->data before returning from skb_tunnel_info()
    - net: fddi: fix UAF in fza_probe
    - dma-buf/sync_file: Don't leak fences on merge failure
    - tcp: annotate data races around tp->mtu_info
    - ipv6: tcp: drop silly ICMPv6 packet too big messages
    - bpftool: Properly close va_list 'ap' by va_end() on error
    - perf test bpf: Free obj_buf
    - udp: annotate data races around unix_sk(sk)->gso_size
    - Linux 5.4.135
  * Focal update: v5.4.134 upstream stable release (LP: #1939440)
    - KVM: mmio: Fix use-after-free Read in kvm_vm_ioctl_unregister_coalesced_mmio
    - KVM: x86: Use guest MAXPHYADDR from CPUID.0x8000_0008 iff TDP is enabled
    - KVM: X86: Disable hardware breakpoints unconditionally before kvm_x86->run()
    - scsi: core: Fix bad pointer dereference when ehandler kthread is invalid
    - tracing: Do not reference char * as a string in histograms
    - cgroup: verify that source is a string
    - fbmem: Do not delete the mode that is still in use
    - net: moxa: Use devm_platform_get_and_ioremap_resource()
    - dmaengine: fsl-qdma: check dma_set_mask return value
    - srcu: Fix broken node geometry after early ssp init
    - tty: serial: fsl_lpuart: fix the potential risk of division or modulo by
      zero
    - misc/libmasm/module: Fix two use after free in ibmasm_init_one
    - misc: alcor_pci: fix null-ptr-deref when there is no PCI bridge
    - iio: gyro: fxa21002c: Balance runtime pm + use pm_runtime_resume_and_get().
    - iio: magn: bmc150: Balance runtime pm + use pm_runtime_resume_and_get()
    - ALSA: usx2y: Don't call free_pages_exact() with NULL address
    - Revert "ALSA: bebob/oxfw: fix Kconfig entry for Mackie d.2 Pro"
    - w1: ds2438: fixing bug that would always get page0
    - scsi: hisi_sas: Propagate errors in interrupt_init_v1_hw()
    - scsi: lpfc: Fix "Unexpected timeout" error in direct attach topology
    - scsi: lpfc: Fix crash when lpfc_sli4_hba_setup() fails to initialize the
      SGLs
    - scsi: core: Cap scsi_host cmd_per_lun at can_queue
    - ALSA: ac97: fix PM reference leak in ac97_bus_remove()
    - tty: serial: 8250: serial_cs: Fix a memory leak in error handling path
    - scsi: scsi_dh_alua: Check for negative result value
    - fs/jfs: Fix missing error code in lmLogInit()
    - scsi: megaraid_sas: Fix resource leak in case of probe failure
    - scsi: megaraid_sas: Early detection of VD deletion through RaidMap update
    - scsi: megaraid_sas: Handle missing interrupts while re-enabling IRQs
    - scsi: iscsi: Add iscsi_cls_conn refcount helpers
    - scsi: iscsi: Fix conn use after free during resets
    - scsi: iscsi: Fix shost->max_id use
    - scsi: qedi: Fix null ref during abort handling
    - mfd: da9052/stmpe: Add and modify MODULE_DEVICE_TABLE
    - mfd: cpcap: Fix cpcap dmamask not set warnings
    - ASoC: img: Fix PM reference leak in img_i2s_in_probe()
    - serial: tty: uartlite: fix console setup
    - s390/sclp_vt220: fix console name to match device
    - ALSA: sb: Fix potential double-free of CSP mixer elements
    - powerpc/ps3: Add dma_mask to ps3_dma_region
    - iommu/arm-smmu: Fix arm_smmu_device refcount leak when arm_smmu_rpm_get
      fails
    - iommu/arm-smmu: Fix arm_smmu_device refcount leak in address translation
    - gpio: zynq: Check return value of pm_runtime_get_sync
    - ALSA: ppc: fix error return code in snd_pmac_probe()
    - selftests/powerpc: Fix "no_handler" EBB selftest
    - gpio: pca953x: Add support for the On Semi pca9655
    - ASoC: soc-core: Fix the error return code in
      snd_soc_of_parse_audio_routing()
    - s390/processor: always inline stap() and __load_psw_mask()
    - s390/ipl_parm: fix program check new psw handling
    - s390/mem_detect: fix diag260() program check new psw handling
    - s390/mem_detect: fix tprot() program check new psw handling
    - Input: hideep - fix the uninitialized use in hideep_nvm_unlock()
    - ALSA: bebob: add support for ToneWeal FW66
    - ALSA: usb-audio: scarlett2: Fix 18i8 Gen 2 PCM Input count
    - ALSA: usb-audio: scarlett2: Fix data_mutex lock
    - ALSA: usb-audio: scarlett2: Fix scarlett2_*_ctl_put() return values
    - usb: gadget: f_hid: fix endianness issue with descriptors
    - usb: gadget: hid: fix error return code in hid_bind()
    - powerpc/boot: Fixup device-tree on little endian
    - ASoC: Intel: kbl_da7219_max98357a: shrink platform_id below 20 characters
    - backlight: lm3630a: Fix return code of .update_status() callback
    - ALSA: hda: Add IRQ check for platform_get_irq()
    - ALSA: usb-audio: scarlett2: Fix 6i6 Gen 2 line out descriptions
    - staging: rtl8723bs: fix macro value for 2.4Ghz only device
    - intel_th: Wait until port is in reset before programming it
    - i2c: core: Disable client irq on reboot/shutdown
    - power: supply: sc27xx: Add missing MODULE_DEVICE_TABLE
    - power: supply: sc2731_charger: Add missing MODULE_DEVICE_TABLE
    - pwm: spear: Don't modify HW state in .remove callback
    - power: supply: ab8500: Avoid NULL pointers
    - power: supply: max17042: Do not enforce (incorrect) interrupt trigger type
    - power: reset: gpio-poweroff: add missing MODULE_DEVICE_TABLE
    - ARM: 9087/1: kprobes: test-thumb: fix for LLVM_IAS=1
    - PCI/P2PDMA: Avoid pci_get_slot(), which may sleep
    - watchdog: Fix possible use-after-free in wdt_startup()
    - watchdog: sc520_wdt: Fix possible use-after-free in wdt_turnoff()
    - watchdog: Fix possible use-after-free by calling del_timer_sync()
    - watchdog: imx_sc_wdt: fix pretimeout
    - x86/fpu: Return proper error codes from user access functions
    - PCI: tegra: Add missing MODULE_DEVICE_TABLE
    - orangefs: fix orangefs df output.
    - ceph: remove bogus checks and WARN_ONs from ceph_set_page_dirty
    - NFS: nfs_find_open_context() may only select open files
    - power: supply: charger-manager: add missing MODULE_DEVICE_TABLE
    - power: supply: ab8500: add missing MODULE_DEVICE_TABLE
    - pwm: img: Fix PM reference leak in img_pwm_enable()
    - pwm: tegra: Don't modify HW state in .remove callback
    - ACPI: AMBA: Fix resource name in /proc/iomem
    - ACPI: video: Add quirk for the Dell Vostro 3350
    - virtio-blk: Fix memory leak among suspend/resume procedure
    - virtio_net: Fix error handling in virtnet_restore()
    - virtio_console: Assure used length from device is limited
    - x86/signal: Detect and prevent an alternate signal stack overflow
    - f2fs: add MODULE_SOFTDEP to ensure crc32 is included in the initramfs
    - PCI/sysfs: Fix dsm_label_utf16s_to_utf8s() buffer overrun
    - power: supply: rt5033_battery: Fix device tree enumeration
    - NFSv4: Initialise connection to the server in nfs4_alloc_client()
    - um: fix error return code in slip_open()
    - um: fix error return code in winch_tramp()
    - watchdog: aspeed: fix hardware timeout calculation
    - nfs: fix acl memory leak of posix_acl_create()
    - ubifs: Set/Clear I_LINKABLE under i_lock for whiteout inode
    - PCI: iproc: Fix multi-MSI base vector number allocation
    - PCI: iproc: Support multi-MSI only on uniprocessor kernel
    - x86/fpu: Limit xstate copy size in xstateregs_set()
    - pwm: imx1: Don't disable clocks at device remove time
    - virtio_net: move tx vq operation under tx queue lock
    - nvme-tcp: can't set sk_user_data without write_lock
    - ALSA: isa: Fix error return code in snd_cmi8330_probe()
    - NFSv4/pNFS: Don't call _nfs4_pnfs_v3_ds_connect multiple times
    - hexagon: use common DISCARDS macro
    - ARM: dts: gemini-rut1xx: remove duplicate ethernet node
    - reset: a10sr: add missing of_match_table reference
    - ARM: exynos: add missing of_node_put for loop iteration
    - ARM: dts: exynos: fix PWM LED max brightness on Odroid XU/XU3
    - ARM: dts: exynos: fix PWM LED max brightness on Odroid HC1
    - ARM: dts: exynos: fix PWM LED max brightness on Odroid XU4
    - memory: atmel-ebi: add missing of_node_put for loop iteration
    - reset: brcmstb: Add missing MODULE_DEVICE_TABLE
    - memory: pl353: Fix error return code in pl353_smc_probe()
    - rtc: fix snprintf() checking in is_rtc_hctosys()
    - arm64: dts: renesas: v3msk: Fix memory size
    - ARM: dts: r8a7779, marzen: Fix DU clock names
    - firmware: tegra: Fix error return code in tegra210_bpmp_init()
    - firmware: arm_scmi: Reset Rx buffer to max size during async commands
    - ARM: dts: BCM5301X: Fixup SPI binding
    - reset: bail if try_module_get() fails
    - memory: fsl_ifc: fix leak of IO mapping on probe failure
    - memory: fsl_ifc: fix leak of private memory on probe failure
    - ARM: dts: am335x: align ti,pindir-d0-out-d1-in property with dt-shema
    - ARM: dts: am437x: align ti,pindir-d0-out-d1-in property with dt-shema
    - ARM: dts: imx6q-dhcom: Fix ethernet reset time properties
    - ARM: dts: imx6q-dhcom: Fix ethernet plugin detection problems
    - ARM: dts: imx6q-dhcom: Add gpios pinctrl for i2c bus recovery
    - thermal/drivers/rcar_gen3_thermal: Fix coefficient calculations
    - firmware: turris-mox-rwtm: fix reply status decoding function
    - firmware: turris-mox-rwtm: report failures better
    - firmware: turris-mox-rwtm: fail probing when firmware does not support hwrng
    - scsi: be2iscsi: Fix an error handling path in beiscsi_dev_probe()
    - mips: always link byteswap helpers into decompressor
    - mips: disable branch profiling in boot/decompress.o
    - MIPS: vdso: Invalid GIC access through VDSO
    - scsi: scsi_dh_alua: Fix signedness bug in alua_rtpg()
    - misc: alcor_pci: fix inverted branch condition
    - Linux 5.4.134

linux-bluefield (5.4.0-1018.21) focal; urgency=medium

* focal/linux-bluefield: 5.4.0-1018.21 -proposed tracker (LP: #1939776)

* Focal update: v5.4.129 upstream stable release (LP: #1936242)
    - [Config] bluefield: enable CONFIG_SYSTEM_REVOCATION_LIST

* Add support for packet-per-second policing (LP: #1938818)
    - net: qos: add tc police offloading action with max frame size limit
    - net: qos: police action add index for tc flower offloading
    - net: sched: refactor police action helpers to require tcf_lock
    - net:qos: police action offloading parameter 'burst' change to the original
      value
    - flow_offload: add support for packet-per-second policing
    - flow_offload: reject configuration of packet-per-second policing in offload
      drivers
    - net/sched: act_police: add support for packet-per-second policing

* Sync up mlxbf-gige driver with upstreamed version (LP: #1934923)
    - Revert "UBUNTU: SAUCE: mlxbf_gige: syncup with v1.23 content"
    - Revert "UBUNTU: SAUCE: mlxbf_gige: syncup with v1.21 content"
    - Revert "UBUNTU: SAUCE: Automate soft reset of BlueField ARM via GPIO7"
    - Revert "UBUNTU: SAUCE: Syncup with the latest gpio-mlxbf2 and mlxbf-gige
      drivers"
    - Revert "Revert "UBUNTU: SAUCE: Fix intermittent OOB link up issue""
    - Revert "UBUNTU: SAUCE: Fix intermittent OOB link up issue"
    - Revert "UBUNTU: SAUCE: mlxbf_gige_mdio.c: Support PHY interrupt on
      Bluesphere"
    - Revert "UBUNTU: SAUCE: mlxbf_gige_main.c: Fix OOB PHY interrupt"
    - Revert "UBUNTU: SAUCE: mlxbf_gige: use streaming DMA mapping for packet
      buffers"
    - Revert "UBUNTU: SAUCE: mlxbf_gige: address upstream comments on RX and TX"
    - Revert "UBUNTU: SAUCE: mlxbf-gige: remove gpio interrupt coalesce resources"
    - Revert "UBUNTU: SAUCE: mlxbf_gige: add support for ndo_get_stats64"
    - Revert "UBUNTU: SAUCE: mlxbf_gige: address some general upstream comments"
    - Revert "UBUNTU: SAUCE: Address upstream comments from patch v6 for PHY
      driver"
    - Revert "UBUNTU: SAUCE: mlxbf-gige: cleanups from review"
    - Revert "UBUNTU: SAUCE: mlxbf-gige: v5 patch cleanup and napi_schedule"
    - Revert "UBUNTU: SAUCE: mlxbf_gige_main.c: Fix OOB's ethtool command"
    - Revert "UBUNTU: SAUCE: mlxbf_gige_main.c: Support ethtool options"
    - Revert "UBUNTU: SAUCE: mlxbf-gige: multiple fixes for stability"
    - Revert "UBUNTU: SAUCE: Remove built-in tests from mlxbf_gige driver"
    - Revert "UBUNTU: SAUCE: Add Mellanox BlueField Gigabit Ethernet driver"
    - Add Mellanox BlueField Gigabit Ethernet driver
    - SAUCE: mlxbf-gige: add driver version
    - SAUCE: mlxbf-gige: add ethtool mlxbf_gige_set_ringparam
    - SAUCE: gpio-mlxbf2: Cleanup and use generic gpio_irq_chip struct
    - SAUCE: gpio-mlxbf2.c: remove phy interrupt
    - SAUCE: gpio-mlxbf2.c: Fix setting the gpio direction to output

[ Ubuntu: 5.4.0-84.94 ]

* focal/linux: 5.4.0-84.94 -proposed tracker (LP: #1941767)
  * Server boot failure after adding checks for ACPI IRQ override (LP: #1941657)
    - Revert "ACPI: resources: Add checks for ACPI IRQ override"

[ Ubuntu: 5.4.0-83.93 ]

* focal/linux: 5.4.0-83.93 -proposed tracker (LP: #1940159)
  * fails to launch linux L2 guests on AMD (LP: #1940134) // CVE-2021-3653
    - KVM: nSVM: avoid picking up unsupported bits from L2 in int_ctl
      (CVE-2021-3653)
  * fails to launch linux L2 guests on AMD (LP: #1940134)
    - SAUCE: Revert "UBUNTU: SAUCE: KVM: nSVM: avoid picking up unsupported bits
      from L2 in int_ctl"

[ Ubuntu: 5.4.0-82.92 ]

* focal/linux: 5.4.0-82.92 -proposed tracker (LP: #1939799)
  * Packaging resync (LP: #1786013)
    - debian/dkms-versions -- update from kernel-versions (main/2021.08.16)
  * CVE-2021-3656
    - SAUCE: KVM: nSVM: always intercept VMLOAD/VMSAVE when nested
  * CVE-2021-3653
    - SAUCE: KVM: nSVM: avoid picking up unsupported bits from L2 in int_ctl
  * [regression] USB device is not detected during boot (LP: #1939638)
    - SAUCE: Revert "usb: core: reduce power-on-good delay time of root hub"
  * dev_forward_skb: do not scrub skb mark within the same name space
    (LP: #1935040)
    - dev_forward_skb: do not scrub skb mark within the same name space
  * XPS 9510 (TGL) Screen Brightness could not be changed (LP: #1933566)
    - SAUCE: drm/i915: Force DPCD backlight mode for Dell XPS 9510(TGL)
  * Acer Aspire 5 sound driver issues (LP: #1930188)
    - ALSA: hda/realtek: headphone and mic don't work on an Acer laptop
  * Sony Dualshock 4 usb dongle crashes the whole system (LP: #1935846)
    - HID: sony: Workaround for DS4 dongle hotplug kernel crash.
  * [21.10 FEAT] KVM: Provide a secure guest indication (LP: #1933173)
    - s390/uv: add prot virt guest/host indication files
    - s390/uv: fix prot virt host indication compilation
  * Skip rtcpie test in kselftests/timers if the default RTC device does not
    exist (LP: #1937991)
    - selftests: timers: rtcpie: skip test if default RTC device does not exist
  * Focal update: v5.4.133 upstream stable release (LP: #1938713)
    - drm/mxsfb: Don't select DRM_KMS_FB_HELPER
    - drm/zte: Don't select DRM_KMS_FB_HELPER
    - drm/amd/amdgpu/sriov disable all ip hw status by default
    - drm/vc4: fix argument ordering in vc4_crtc_get_margins()
    - net: pch_gbe: Use proper accessors to BE data in pch_ptp_match()
    - drm/amd/display: fix use_max_lb flag for 420 pixel formats
    - hugetlb: clear huge pte during flush function on mips platform
    - atm: iphase: fix possible use-after-free in ia_module_exit()
    - mISDN: fix possible use-after-free in HFC_cleanup()
    - atm: nicstar: Fix possible use-after-free in nicstar_cleanup()
    - net: Treat __napi_schedule_irqoff() as __napi_schedule() on PREEMPT_RT
    - drm/mediatek: Fix PM reference leak in mtk_crtc_ddp_hw_init()
    - reiserfs: add check for invalid 1st journal block
    - drm/virtio: Fix double free on probe failure
    - drm/sched: Avoid data corruptions
    - udf: Fix NULL pointer dereference in udf_symlink function
    - e100: handle eeprom as little endian
    - igb: handle vlan types with checker enabled
    - drm/bridge: cdns: Fix PM reference leak in cdns_dsi_transfer()
    - clk: renesas: r8a77995: Add ZA2 clock
    - clk: tegra: Ensure that PLLU configuration is applied properly
    - ipv6: use prandom_u32() for ID generation
    - RDMA/cxgb4: Fix missing error code in create_qp()
    - dm space maps: don't reset space map allocation cursor when committing
    - pinctrl: mcp23s08: fix race condition in irq handler
    - ice: set the value of global config lock timeout longer
    - virtio_net: Remove BUG() to avoid machine dead
    - net: bcmgenet: check return value after calling platform_get_resource()
    - net: mvpp2: check return value after calling platform_get_resource()
    - net: micrel: check return value after calling platform_get_resource()
    - drm/amd/display: Update scaling settings on modeset
    - drm/amd/display: Release MST resources on switch from MST to SST
    - drm/amd/display: Set DISPCLK_MAX_ERRDET_CYCLES to 7
    - drm/amdkfd: use allowed domain for vmbo validation
    - fjes: check return value after calling platform_get_resource()
    - selinux: use __GFP_NOWARN with GFP_NOWAIT in the AVC
    - r8169: avoid link-up interrupt issue on RTL8106e if user enables ASPM
    - drm/amd/display: Verify Gamma & Degamma LUT sizes in amdgpu_dm_atomic_check
    - xfrm: Fix error reporting in xfrm_state_construct.
    - wlcore/wl12xx: Fix wl12xx get_mac error if device is in ELP
    - wl1251: Fix possible buffer overflow in wl1251_cmd_scan
    - cw1200: add missing MODULE_DEVICE_TABLE
    - bpf: Fix up register-based shifts in interpreter to silence KUBSAN
    - mt76: mt7615: fix fixed-rate tx status reporting
    - net: fix mistake path for netdev_features_strings
    - net: sched: fix error return code in tcf_del_walker()
    - drm/amdkfd: Walk through list with dqm lock hold
    - rtl8xxxu: Fix device info for RTL8192EU devices
    - atm: nicstar: use 'dma_free_coherent' instead of 'kfree'
    - atm: nicstar: register the interrupt handler in the right place
    - vsock: notify server to shutdown when client has pending signal
    - RDMA/rxe: Don't overwrite errno from ib_umem_get()
    - iwlwifi: mvm: don't change band on bound PHY contexts
    - iwlwifi: pcie: free IML DMA memory allocation
    - iwlwifi: pcie: fix context info freeing
    - sfc: avoid double pci_remove of VFs
    - sfc: error code if SRIOV cannot be disabled
    - wireless: wext-spy: Fix out-of-bounds warning
    - media, bpf: Do not copy more entries than user space requested
    - net: ip: avoid OOM kills with large UDP sends over loopback
    - RDMA/cma: Fix rdma_resolve_route() memory leak
    - Bluetooth: btusb: Fixed too many in-token issue for Mediatek Chip.
    - Bluetooth: Fix the HCI to MGMT status conversion table
    - Bluetooth: Shutdown controller after workqueues are flushed or cancelled
    - Bluetooth: btusb: fix bt fiwmare downloading failure issue for qca btsoc.
    - sctp: validate from_addr_param return
    - sctp: add size validation when walking chunks
    - MIPS: loongsoon64: Reserve memory below starting pfn to prevent Oops
    - MIPS: set mips32r5 for virt extensions
    - fscrypt: don't ignore minor_hash when hash is 0
    - crypto: ccp - Annotate SEV Firmware file names
    - perf bench: Fix 2 memory sanitizer warnings
    - powerpc/mm: Fix lockup on kernel exec fault
    - powerpc/barrier: Avoid collision with clang's __lwsync macro
    - drm/amdgpu: Update NV SIMD-per-CU to 2
    - drm/radeon: Add the missed drm_gem_object_put() in
      radeon_user_framebuffer_create()
    - drm/rockchip: dsi: remove extra component_del() call
    - drm/amd/display: fix incorrrect valid irq check
    - pinctrl/amd: Add device HID for new AMD GPIO controller
    - drm/tegra: Don't set allow_fb_modifiers explicitly
    - drm/msm/mdp4: Fix modifier support enabling
    - drm/arm/malidp: Always list modifiers
    - mmc: sdhci: Fix warning message when accessing RPMB in HS400 mode
    - mmc: core: clear flags before allowing to retune
    - mmc: core: Allow UHS-I voltage switch for SDSC cards if supported
    - ata: ahci_sunxi: Disable DIPM
    - cpu/hotplug: Cure the cpusets trainwreck
    - clocksource/arm_arch_timer: Improve Allwinner A64 timer workaround
    - fpga: stratix10-soc: Add missing fpga_mgr_free() call
    - MIPS: fix "mipsel-linux-ld: decompress.c:undefined reference to `memmove'"
    - ASoC: tegra: Set driver_name=tegra for all machine drivers
    - qemu_fw_cfg: Make fw_cfg_rev_attr a proper kobj_attribute
    - ipmi/watchdog: Stop watchdog timer when the current action is 'none'
    - thermal/drivers/int340x/processor_thermal: Fix tcc setting
    - ubifs: Fix races between xattr_{set|get} and listxattr operations
    - power: supply: ab8500: Fix an old bug
    - nvmem: core: add a missing of_node_put
    - extcon: intel-mrfld: Sync hardware and software state on init
    - seq_buf: Fix overflow in seq_buf_putmem_hex()
    - rq-qos: fix missed wake-ups in rq_qos_throttle try two
    - tracing: Simplify & fix saved_tgids logic
    - tracing: Resize tgid_map to pid_max, not PID_MAX_DEFAULT
    - ipack/carriers/tpci200: Fix a double free in tpci200_pci_probe
    - coresight: tmc-etf: Fix global-out-of-bounds in tmc_update_etf_buffer()
    - dm btree remove: assign new_root only when removal succeeds
    - PCI: Leave Apple Thunderbolt controllers on for s2idle or standby
    - PCI: aardvark: Fix checking for PIO Non-posted Request
    - PCI: aardvark: Implement workaround for the readback value of VEND_ID
    - media: subdev: disallow ioctl for saa6588/davinci
    - media: dtv5100: fix control-request directions
    - media: zr364xx: fix memory leak in zr364xx_start_readpipe
    - media: gspca/sq905: fix control-request direction
    - media: gspca/sunplus: fix zero-length control requests
    - pinctrl: mcp23s08: Fix missing unlock on error in mcp23s08_irq()
    - jfs: fix GPF in diFree
    - smackfs: restrict bytes count in smk_set_cipso()
    - Linux 5.4.133
  * Focal update: v5.4.132 upstream stable release (LP: #1938199)
    - ALSA: usb-audio: fix rate on Ozone Z90 USB headset
    - ALSA: usb-audio: Fix OOB access at proc output
    - ALSA: usb-audio: scarlett2: Fix wrong resume call
    - ALSA: intel8x0: Fix breakage at ac97 clock measurement
    - ALSA: hda/realtek: Add another ALC236 variant support
    - ALSA: hda/realtek: Improve fixup for HP Spectre x360 15-df0xxx
    - ALSA: hda/realtek: Fix bass speaker DAC mapping for Asus UM431D
    - ALSA: hda/realtek: Apply LED fixup for HP Dragonfly G1, too
    - media: dvb-usb: fix wrong definition
    - Input: usbtouchscreen - fix control-request directions
    - net: can: ems_usb: fix use-after-free in ems_usb_disconnect()
    - usb: gadget: eem: fix echo command packet response issue
    - USB: cdc-acm: blacklist Heimann USB Appset device
    - usb: dwc3: Fix debugfs creation flow
    - usb: typec: Add the missed altmode_id_remove() in typec_register_altmode()
    - xhci: solve a double free problem while doing s4
    - ntfs: fix validity check for file name attribute
    - copy_page_to_iter(): fix ITER_DISCARD case
    - iov_iter_fault_in_readable() should do nothing in xarray case
    - Input: joydev - prevent use of not validated data in JSIOCSBTNMAP ioctl
    - arm_pmu: Fix write counter incorrect in ARMv7 big-endian mode
    - ARM: dts: at91: sama5d4: fix pinctrl muxing
    - btrfs: send: fix invalid path for unlink operations after parent
      orphanization
    - btrfs: clear defrag status of a root if starting transaction fails
    - ext4: cleanup in-core orphan list if ext4_truncate() failed to get a
      transaction handle
    - ext4: fix kernel infoleak via ext4_extent_header
    - ext4: return error code when ext4_fill_flex_info() fails
    - ext4: correct the cache_nr in tracepoint ext4_es_shrink_exit
    - ext4: remove check for zero nr_to_scan in ext4_es_scan()
    - ext4: fix avefreec in find_group_orlov
    - ext4: use ext4_grp_locked_error in mb_find_extent
    - can: gw: synchronize rcu operations before removing gw job entry
    - can: j1939: j1939_sk_init(): set SOCK_RCU_FREE to call sk_destruct() after
      RCU is done
    - can: peak_pciefd: pucan_handle_status(): fix a potential starvation issue in
      TX path
    - mac80211: remove iwlwifi specific workaround that broke sta NDP tx
    - SUNRPC: Fix the batch tasks count wraparound.
    - SUNRPC: Should wake up the privileged task firstly.
    - perf/smmuv3: Don't trample existing events with global filter
    - KVM: PPC: Book3S HV: Workaround high stack usage with clang
    - s390/cio: dont call css_wait_for_slow_path() inside a lock
    - rtc: stm32: Fix unbalanced clk_disable_unprepare() on probe error path
    - iio: light: tcs3472: do not free unallocated IRQ
    - iio: ltr501: mark register holding upper 8 bits of ALS_DATA{0,1} and PS_DATA
      as volatile, too
    - iio: ltr501: ltr559: fix initialization of LTR501_ALS_CONTR
    - iio: ltr501: ltr501_read_ps(): add missing endianness conversion
    - serial: mvebu-uart: fix calculation of clock divisor
    - serial: sh-sci: Stop dmaengine transfer in sci_stop_tx()
    - serial_cs: Add Option International GSM-Ready 56K/ISDN modem
    - serial_cs: remove wrong GLOBETROTTER.cis entry
    - ath9k: Fix kernel NULL pointer dereference during ath_reset_internal()
    - ssb: sdio: Don't overwrite const buffer if block_write fails
    - rsi: Assign beacon rate settings to the correct rate_info descriptor field
    - rsi: fix AP mode with WPA failure due to encrypted EAPOL
    - tracing/histograms: Fix parsing of "sym-offset" modifier
    - tracepoint: Add tracepoint_probe_register_may_exist() for BPF tracing
    - seq_buf: Make trace_seq_putmem_hex() support data longer than 8
    - powerpc/stacktrace: Fix spurious "stale" traces in raise_backtrace_ipi()
    - evm: Execute evm_inode_init_security() only when an HMAC key is loaded
    - evm: Refuse EVM_ALLOW_METADATA_WRITES only if an HMAC key is loaded
    - fuse: ignore PG_workingset after stealing
    - fuse: check connected before queueing on fpq->io
    - fuse: reject internal errno
    - spi: Make of_register_spi_device also set the fwnode
    - media: mdk-mdp: fix pm_runtime_get_sync() usage count
    - media: s5p: fix pm_runtime_get_sync() usage count
    - media: sh_vou: fix pm_runtime_get_sync() usage count
    - media: mtk-vcodec: fix PM runtime get logic
    - media: s5p-jpeg: fix pm_runtime_get_sync() usage count
    - media: sti/bdisp: fix pm_runtime_get_sync() usage count
    - media: exynos-gsc: fix pm_runtime_get_sync() usage count
    - spi: spi-loopback-test: Fix 'tx_buf' might be 'rx_buf'
    - spi: spi-topcliff-pch: Fix potential double free in
      pch_spi_process_messages()
    - spi: omap-100k: Fix the length judgment problem
    - regulator: uniphier: Add missing MODULE_DEVICE_TABLE
    - hwrng: exynos - Fix runtime PM imbalance on error
    - crypto: nx - add missing MODULE_DEVICE_TABLE
    - media: sti: fix obj-$(config) targets
    - media: cpia2: fix memory leak in cpia2_usb_probe
    - media: cobalt: fix race condition in setting HPD
    - media: pvrusb2: fix warning in pvr2_i2c_core_done
    - media: imx: imx7_mipi_csis: Fix logging of only error event counters
    - crypto: qat - check return code of qat_hal_rd_rel_reg()
    - crypto: qat - remove unused macro in FW loader
    - sched/fair: Fix ascii art by relpacing tabs
    - media: em28xx: Fix possible memory leak of em28xx struct
    - media: v4l2-core: Avoid the dangling pointer in v4l2_fh_release
    - media: bt8xx: Fix a missing check bug in bt878_probe
    - media: st-hva: Fix potential NULL pointer dereferences
    - Makefile: fix GDB warning with CONFIG_RELR
    - media: dvd_usb: memory leak in cinergyt2_fe_attach
    - memstick: rtsx_usb_ms: fix UAF
    - mmc: sdhci-sprd: use sdhci_sprd_writew
    - mmc: via-sdmmc: add a check against NULL pointer dereference
    - crypto: shash - avoid comparing pointers to exported functions under CFI
    - media: dvb_net: avoid speculation from net slot
    - media: siano: fix device register error path
    - media: imx-csi: Skip first few frames from a BT.656 source
    - hwmon: (max31790) Report correct current pwm duty cycles
    - hwmon: (max31790) Fix pwmX_enable attributes
    - drivers/perf: fix the missed ida_simple_remove() in ddr_perf_probe()
    - KVM: PPC: Book3S HV: Fix TLB management on SMT8 POWER9 and POWER10
      processors
    - btrfs: fix error handling in __btrfs_update_delayed_inode
    - btrfs: abort transaction if we fail to update the delayed inode
    - btrfs: disable build on platforms having page size 256K
    - locking/lockdep: Fix the dep path printing for backwards BFS
    - lockding/lockdep: Avoid to find wrong lock dep path in check_irq_usage()
    - KVM: s390: get rid of register asm usage
    - regulator: mt6358: Fix vdram2 .vsel_mask
    - regulator: da9052: Ensure enough delay time for .set_voltage_time_sel
    - media: Fix Media Controller API config checks
    - HID: do not use down_interruptible() when unbinding devices
    - EDAC/ti: Add missing MODULE_DEVICE_TABLE
    - ACPI: processor idle: Fix up C-state latency if not ordered
    - hv_utils: Fix passing zero to 'PTR_ERR' warning
    - lib: vsprintf: Fix handling of number field widths in vsscanf
    - ACPI: EC: Make more Asus laptops use ECDT _GPE
    - block_dump: remove block_dump feature in mark_inode_dirty()
    - fs: dlm: cancel work sync othercon
    - random32: Fix implicit truncation warning in prandom_seed_state()
    - fs: dlm: fix memory leak when fenced
    - ACPICA: Fix memory leak caused by _CID repair function
    - ACPI: bus: Call kobject_put() in acpi_init() error path
    - block: fix race between adding/removing rq qos and normal IO
    - platform/x86: toshiba_acpi: Fix missing error code in
      toshiba_acpi_setup_keyboard()
    - nvmet-fc: do not check for invalid target port in nvmet_fc_handle_fcp_rqst()
    - EDAC/Intel: Do not load EDAC driver when running as a guest
    - PCI: hv: Add check for hyperv_initialized in init_hv_pci_drv()
    - clocksource: Retry clock read if long delays detected
    - ACPI: tables: Add custom DSDT file as makefile prerequisite
    - HID: wacom: Correct base usage for capacitive ExpressKey status bits
    - cifs: fix missing spinlock around update to ses->status
    - block: fix discard request merge
    - kthread_worker: fix return value when kthread_mod_delayed_work() races with
      kthread_cancel_delayed_work_sync()
    - ia64: mca_drv: fix incorrect array size calculation
    - writeback, cgroup: increment isw_nr_in_flight before grabbing an inode
    - media: s5p_cec: decrement usage count if disabled
    - crypto: ixp4xx - dma_unmap the correct address
    - crypto: ux500 - Fix error return code in hash_hw_final()
    - sata_highbank: fix deferred probing
    - pata_rb532_cf: fix deferred probing
    - media: I2C: change 'RST' to "RSET" to fix multiple build errors
    - sched/uclamp: Fix wrong implementation of cpu.uclamp.min
    - sched/uclamp: Fix locking around cpu_util_update_eff()
    - kbuild: run the checker after the compiler
    - kbuild: Fix objtool dependency for 'OBJECT_FILES_NON_STANDARD_<obj> := n'
    - pata_octeon_cf: avoid WARN_ON() in ata_host_activate()
    - evm: fix writing <securityfs>/evm overflow
    - crypto: ccp - Fix a resource leak in an error handling path
    - media: rc: i2c: Fix an error message
    - pata_ep93xx: fix deferred probing
    - media: exynos4-is: Fix a use after free in isp_video_release
    - media: au0828: fix a NULL vs IS_ERR() check
    - media: tc358743: Fix error return code in tc358743_probe_of()
    - media: gspca/gl860: fix zero-length control requests
    - m68k: atari: Fix ATARI_KBD_CORE kconfig unmet dependency warning
    - media: siano: Fix out-of-bounds warnings in smscore_load_firmware_family2()
    - crypto: nitrox - fix unchecked variable in nitrox_register_interrupts
    - crypto: omap-sham - Fix PM reference leak in omap sham ops
    - mmc: usdhi6rol0: fix error return code in usdhi6_probe()
    - arm64: consistently use reserved_pg_dir
    - arm64/mm: Fix ttbr0 values stored in struct thread_info for software-pan
    - media: s5p-g2d: Fix a memory leak on ctx->fh.m2m_ctx
    - hwmon: (max31722) Remove non-standard ACPI device IDs
    - hwmon: (max31790) Fix fan speed reporting for fan7..12
    - KVM: nVMX: Ensure 64-bit shift when checking VMFUNC bitmap
    - regulator: hi655x: Fix pass wrong pointer to config.driver_data
    - btrfs: clear log tree recovering status if starting transaction fails
    - sched/rt: Fix RT utilization tracking during policy change
    - sched/rt: Fix Deadline utilization tracking during policy change
    - sched/uclamp: Fix uclamp_tg_restrict()
    - spi: spi-sun6i: Fix chipselect/clock bug
    - crypto: nx - Fix RCU warning in nx842_OF_upd_status
    - ACPI: sysfs: Fix a buffer overrun problem with description_show()
    - extcon: extcon-max8997: Fix IRQ freeing at error path
    - blk-wbt: introduce a new disable state to prevent false positive by
      rwb_enabled()
    - blk-wbt: make sure throttle is enabled properly
    - ACPI: Use DEVICE_ATTR_<RW|RO|WO> macros
    - ACPI: bgrt: Fix CFI violation
    - cpufreq: Make cpufreq_online() call driver->offline() on errors
    - ocfs2: fix snprintf() checking
    - dax: fix ENOMEM handling in grab_mapping_entry()
    - xfrm: xfrm_state_mtu should return at least 1280 for ipv6
    - video: fbdev: imxfb: Fix an error message
    - net: mvpp2: Put fwnode in error case during ->probe()
    - net: pch_gbe: Propagate error from devm_gpio_request_one()
    - pinctrl: renesas: r8a7796: Add missing bias for PRESET# pin
    - pinctrl: renesas: r8a77990: JTAG pins do not have pull-down capabilities
    - clk: meson: g12a: fix gp0 and hifi ranges
    - net: ftgmac100: add missing error return code in ftgmac100_probe()
    - drm/rockchip: cdn-dp-core: add missing clk_disable_unprepare() on error in
      cdn_dp_grf_write()
    - drm/rockchip: dsi: move all lane config except LCDC mux to bind()
    - ehea: fix error return code in ehea_restart_qps()
    - net/sched: act_vlan: Fix modify to allow 0
    - RDMA/core: Sanitize WQ state received from the userspace
    - RDMA/rxe: Fix failure during driver load
    - drm: qxl: ensure surf.data is ininitialized
    - tools/bpftool: Fix error return code in do_batch()
    - ath10k: go to path err_unsupported when chip id is not supported
    - ath10k: add missing error return code in ath10k_pci_probe()
    - wireless: carl9170: fix LEDS build errors & warnings
    - ieee802154: hwsim: Fix possible memory leak in hwsim_subscribe_all_others
    - wcn36xx: Move hal_buf allocation to devm_kmalloc in probe
    - ssb: Fix error return code in ssb_bus_scan()
    - brcmfmac: fix setting of station info chains bitmask
    - brcmfmac: correctly report average RSSI in station info
    - brcmsmac: mac80211_if: Fix a resource leak in an error handling path
    - ath10k: Fix an error code in ath10k_add_interface()
    - netlabel: Fix memory leak in netlbl_mgmt_add_common
    - RDMA/mlx5: Don't add slave port to unaffiliated list
    - netfilter: nft_exthdr: check for IPv6 packet before further processing
    - netfilter: nft_osf: check for TCP packet before further processing
    - netfilter: nft_tproxy: restrict support to TCP and UDP transport protocols
    - RDMA/rxe: Fix qp reference counting for atomic ops
    - samples/bpf: Fix the error return code of xdp_redirect's main()
    - net: ethernet: aeroflex: fix UAF in greth_of_remove
    - net: ethernet: ezchip: fix UAF in nps_enet_remove
    - net: ethernet: ezchip: fix error handling
    - vrf: do not push non-ND strict packets with a source LLA through packet taps
      again
    - net: sched: add barrier to ensure correct ordering for lockless qdisc
    - tls: prevent oversized sendfile() hangs by ignoring MSG_MORE
    - pkt_sched: sch_qfq: fix qfq_change_class() error path
    - vxlan: add missing rcu_read_lock() in neigh_reduce()
    - net/ipv4: swap flow ports when validating source
    - tc-testing: fix list handling
    - ieee802154: hwsim: Fix memory leak in hwsim_add_one
    - ieee802154: hwsim: avoid possible crash in hwsim_del_edge_nl()
    - mac80211: remove iwlwifi specific workaround NDPs of null_response
    - net: bcmgenet: Fix attaching to PYH failed on RPi 4B
    - ipv6: exthdrs: do not blindly use init_net
    - bpf: Do not change gso_size during bpf_skb_change_proto()
    - i40e: Fix error handling in i40e_vsi_open
    - i40e: Fix autoneg disabling for non-10GBaseT links
    - Revert "ibmvnic: remove duplicate napi_schedule call in open function"
    - ibmvnic: free tx_pool if tso_pool alloc fails
    - ipv6: fix out-of-bound access in ip6_parse_tlv()
    - e1000e: Check the PCIm state
    - bpfilter: Specify the log level for the kmsg message
    - gve: Fix swapped vars when fetching max queues
    - Revert "be2net: disable bh with spin_lock in be_process_mcc"
    - Bluetooth: mgmt: Fix slab-out-of-bounds in tlv_data_is_valid
    - Bluetooth: Fix handling of HCI_LE_Advertising_Set_Terminated event
    - clk: actions: Fix UART clock dividers on Owl S500 SoC
    - clk: actions: Fix SD clocks factor table on Owl S500 SoC
    - clk: actions: Fix bisp_factor_table based clocks on Owl S500 SoC
    - clk: si5341: Avoid divide errors due to bogus register contents
    - clk: si5341: Update initialization magic
    - writeback: fix obtain a reference to a freeing memcg css
    - net: lwtunnel: handle MTU calculation in forwading
    - net: sched: fix warning in tcindex_alloc_perfect_hash
    - RDMA/mlx5: Don't access NULL-cleared mpi pointer
    - MIPS: Fix PKMAP with 32-bit MIPS huge page support
    - staging: fbtft: Rectify GPIO handling
    - rcu: Invoke rcu_spawn_core_kthreads() from rcu_spawn_gp_kthread()
    - tty: nozomi: Fix a resource leak in an error handling function
    - mwifiex: re-fix for unaligned accesses
    - iio: adis_buffer: do not return ints in irq handlers
    - iio: adis16400: do not return ints in irq handlers
    - iio: accel: bma180: Fix buffer alignment in
      iio_push_to_buffers_with_timestamp()
    - iio: accel: bma220: Fix buffer alignment in
      iio_push_to_buffers_with_timestamp()
    - iio: accel: hid: Fix buffer alignment in
      iio_push_to_buffers_with_timestamp()
    - iio: accel: kxcjk-1013: Fix buffer alignment in
      iio_push_to_buffers_with_timestamp()
    - iio:accel:mxc4005: Drop unnecessary explicit casts in regmap_bulk_read calls
    - iio: accel: mxc4005: Fix overread of data and alignment issue.
    - iio: accel: stk8312: Fix buffer alignment in
      iio_push_to_buffers_with_timestamp()
    - iio: accel: stk8ba50: Fix buffer alignment in
      iio_push_to_buffers_with_timestamp()
    - iio: adc: ti-ads1015: Fix buffer alignment in
      iio_push_to_buffers_with_timestamp()
    - iio: adc: vf610: Fix buffer alignment in
      iio_push_to_buffers_with_timestamp()
    - iio: gyro: bmg160: Fix buffer alignment in
      iio_push_to_buffers_with_timestamp()
    - iio: humidity: am2315: Fix buffer alignment in
      iio_push_to_buffers_with_timestamp()
    - iio: prox: srf08: Fix buffer alignment in
      iio_push_to_buffers_with_timestamp()
    - iio: prox: pulsed-light: Fix buffer alignment in
      iio_push_to_buffers_with_timestamp()
    - iio: prox: as3935: Fix buffer alignment in
      iio_push_to_buffers_with_timestamp()
    - iio: magn: hmc5843: Fix buffer alignment in
      iio_push_to_buffers_with_timestamp()
    - iio: magn: bmc150: Fix buffer alignment in
      iio_push_to_buffers_with_timestamp()
    - iio: light: isl29125: Fix buffer alignment in
      iio_push_to_buffers_with_timestamp()
    - iio: light: tcs3414: Fix buffer alignment in
      iio_push_to_buffers_with_timestamp()
    - iio: light: tcs3472: Fix buffer alignment in
      iio_push_to_buffers_with_timestamp()
    - iio: cros_ec_sensors: Fix alignment of buffer in
      iio_push_to_buffers_with_timestamp()
    - iio: potentiostat: lmp91000: Fix alignment of buffer in
      iio_push_to_buffers_with_timestamp()
    - ASoC: rk3328: fix missing clk_disable_unprepare() on error in
      rk3328_platform_probe()
    - ASoC: hisilicon: fix missing clk_disable_unprepare() on error in
      hi6210_i2s_startup()
    - backlight: lm3630a_bl: Put fwnode in error case during ->probe()
    - ASoC: rsnd: tidyup loop on rsnd_adg_clk_query()
    - Input: hil_kbd - fix error return code in hil_dev_connect()
    - mtd: partitions: redboot: seek fis-index-block in the right node
    - char: pcmcia: error out if 'num_bytes_read' is greater than 4 in
      set_protocol()
    - firmware: stratix10-svc: Fix a resource leak in an error handling path
    - tty: nozomi: Fix the error handling path of 'nozomi_card_init()'
    - leds: lm3532: select regmap I2C API
    - leds: lm36274: cosmetic: rename lm36274_data to chip
    - leds: lm3692x: Put fwnode in any case during ->probe()
    - scsi: FlashPoint: Rename si_flags field
    - fsi: core: Fix return of error values on failures
    - fsi: scom: Reset the FSI2PIB engine for any error
    - fsi: occ: Don't accept response from un-initialized OCC
    - fsi/sbefifo: Clean up correct FIFO when receiving reset request from SBE
    - fsi/sbefifo: Fix reset timeout
    - visorbus: fix error return code in visorchipset_init()
    - s390: appldata depends on PROC_SYSCTL
    - iommu/dma: Fix IOVA reserve dma ranges
    - ASoC: mediatek: mtk-btcvsd: Fix an error handling path in
      'mtk_btcvsd_snd_probe()'
    - usb: gadget: f_fs: Fix setting of device and driver data cross-references
    - usb: dwc2: Don't reset the core after setting turnaround time
    - eeprom: idt_89hpesx: Put fwnode in matching case during ->probe()
    - eeprom: idt_89hpesx: Restore printing the unsupported fwnode name
    - iio: at91-sama5d2_adc: remove usage of iio_priv_to_dev() helper
    - iio: adc: at91-sama5d2: Fix buffer alignment in
      iio_push_to_buffers_with_timestamp()
    - iio: adc: hx711: Fix buffer alignment in
      iio_push_to_buffers_with_timestamp()
    - iio: adc: mxs-lradc: Fix buffer alignment in
      iio_push_to_buffers_with_timestamp()
    - iio: adc: ti-ads8688: Fix alignment of buffer in
      iio_push_to_buffers_with_timestamp()
    - iio: magn: rm3100: Fix alignment of buffer in
      iio_push_to_buffers_with_timestamp()
    - staging: gdm724x: check for buffer overflow in gdm_lte_multi_sdu_pkt()
    - staging: gdm724x: check for overflow in gdm_lte_netif_rx()
    - staging: rtl8712: remove redundant check in r871xu_drv_init
    - staging: rtl8712: fix memory leak in rtl871x_load_fw_cb
    - staging: mt7621-dts: fix pci address for PCI memory range
    - serial: 8250: Actually allow UPF_MAGIC_MULTIPLIER baud rates
    - iio: light: vcnl4035: Fix buffer alignment in
      iio_push_to_buffers_with_timestamp()
    - iio: prox: isl29501: Fix buffer alignment in
      iio_push_to_buffers_with_timestamp()
    - ASoC: cs42l42: Correct definition of CS42L42_ADC_PDN_MASK
    - of: Fix truncation of memory sizes on 32-bit platforms
    - mtd: rawnand: marvell: add missing clk_disable_unprepare() on error in
      marvell_nfc_resume()
    - scsi: mpt3sas: Fix error return value in _scsih_expander_add()
    - soundwire: stream: Fix test for DP prepare complete
    - phy: uniphier-pcie: Fix updating phy parameters
    - phy: ti: dm816x: Fix the error handling path in 'dm816x_usb_phy_probe()
    - extcon: sm5502: Drop invalid register write in sm5502_reg_data
    - extcon: max8997: Add missing modalias string
    - ASoC: atmel-i2s: Fix usage of capture and playback at the same time
    - configfs: fix memleak in configfs_release_bin_file
    - leds: as3645a: Fix error return code in as3645a_parse_node()
    - leds: ktd2692: Fix an error handling path
    - powerpc: Offline CPU in stop_this_cpu()
    - serial: mvebu-uart: do not allow changing baudrate when uartclk is not
      available
    - serial: mvebu-uart: correctly calculate minimal possible baudrate
    - arm64: dts: marvell: armada-37xx: Fix reg for standard variant of UART
    - vfio/pci: Handle concurrent vma faults
    - mm/huge_memory.c: don't discard hugepage if other processes are mapping it
    - mm/z3fold: fix potential memory leak in z3fold_destroy_pool()
    - selftests/vm/pkeys: fix alloc_random_pkey() to make it really, really random
    - perf llvm: Return -ENOMEM when asprintf() fails
    - scsi: target: cxgbit: Unmap DMA buffer before calling target_execute_cmd()
    - mmc: block: Disable CMDQ on the ioctl path
    - mmc: vub3000: fix control-request direction
    - scsi: core: Retry I/O for Notify (Enable Spinup) Required error
    - iommu/dma: Fix compile warning in 32-bit builds
    - Linux 5.4.132
  * Keyboard not working (LP: #1909814) // Focal update: v5.4.132 upstream
    stable release (LP: #1938199)
    - ACPI: resources: Add checks for ACPI IRQ override
  * Focal update: v5.4.131 upstream stable release (LP: #1936245)
    - KVM: SVM: Periodically schedule when unregistering regions on destroy
    - s390/stack: fix possible register corruption with stack switch helper
    - KVM: SVM: Call SEV Guest Decommission if ASID binding fails
    - xen/events: reset active flag for lateeoi events later
    - Linux 5.4.131
  * Focal update: v5.4.130 upstream stable release (LP: #1936244)
    - scsi: sr: Return appropriate error code when disk is ejected
    - drm/nouveau: fix dma_address check for CPU/GPU sync
    - gpio: AMD8111 and TQMX86 require HAS_IOPORT_MAP
    - RDMA/mlx5: Block FDB rules when not in switchdev mode
    - Linux 5.4.130
  * Focal update: v5.4.129 upstream stable release (LP: #1936242)
    - module: limit enabling module.sig_enforce
    - drm/nouveau: wait for moving fence after pinning v2
    - drm/radeon: wait for moving fence after pinning
    - ARM: 9081/1: fix gcc-10 thumb2-kernel regression
    - mmc: meson-gx: use memcpy_to/fromio for dram-access-quirk
    - kbuild: add CONFIG_LD_IS_LLD
    - arm64: link with -z norelro for LLD or aarch64-elf
    - MIPS: generic: Update node names to avoid unit addresses
    - spi: spi-nxp-fspi: move the register operation after the clock enable
    - Revert "PCI: PM: Do not read power state in pci_enable_device_flags()"
    - dmaengine: zynqmp_dma: Fix PM reference leak in
      zynqmp_dma_alloc_chan_resourc()
    - mac80211: remove warning in ieee80211_get_sband()
    - mac80211_hwsim: drop pending frames on stop
    - cfg80211: call cfg80211_leave_ocb when switching away from OCB
    - dmaengine: rcar-dmac: Fix PM reference leak in rcar_dmac_probe()
    - dmaengine: mediatek: free the proper desc in desc_free handler
    - dmaengine: mediatek: do not issue a new desc if one is still current
    - dmaengine: mediatek: use GFP_NOWAIT instead of GFP_ATOMIC in prep_dma
    - net: ipv4: Remove unneed BUG() function
    - mac80211: drop multicast fragments
    - net: ethtool: clear heap allocations for ethtool function
    - ping: Check return value of function 'ping_queue_rcv_skb'
    - inet: annotate date races around sk->sk_txhash
    - net: phy: dp83867: perform soft reset and retain established link
    - net: caif: fix memory leak in ldisc_open
    - net/packet: annotate accesses to po->bind
    - net/packet: annotate accesses to po->ifindex
    - r8152: Avoid memcpy() over-reading of ETH_SS_STATS
    - sh_eth: Avoid memcpy() over-reading of ETH_SS_STATS
    - r8169: Avoid memcpy() over-reading of ETH_SS_STATS
    - KVM: selftests: Fix kvm_check_cap() assertion
    - net: qed: Fix memcpy() overflow of qed_dcbx_params()
    - recordmcount: Correct st_shndx handling
    - PCI: Add AMD RS690 quirk to enable 64-bit DMA
    - net: ll_temac: Add memory-barriers for TX BD access
    - net: ll_temac: Avoid ndo_start_xmit returning NETDEV_TX_BUSY
    - pinctrl: stm32: fix the reported number of GPIO lines per bank
    - nilfs2: fix memory leak in nilfs_sysfs_delete_device_group
    - KVM: do not allow mapping valid but non-reference-counted pages
    - i2c: robotfuzz-osif: fix control-request directions
    - kthread_worker: split code for canceling the delayed work timer
    - kthread: prevent deadlock when kthread_mod_delayed_work() races with
      kthread_cancel_delayed_work_sync()
    - mm: add VM_WARN_ON_ONCE_PAGE() macro
    - mm/rmap: remove unneeded semicolon in page_not_mapped()
    - mm/rmap: use page_not_mapped in try_to_unmap()
    - mm, thp: use head page in __migration_entry_wait()
    - mm/thp: fix __split_huge_pmd_locked() on shmem migration entry
    - mm/thp: make is_huge_zero_pmd() safe and quicker
    - mm/thp: try_to_unmap() use TTU_SYNC for safe splitting
    - mm/thp: fix vma_address() if virtual address below file offset
    - mm/thp: fix page_address_in_vma() on file THP tails
    - mm/thp: unmap_mapping_page() to fix THP truncate_cleanup_page()
    - mm: thp: replace DEBUG_VM BUG with VM_WARN when unmap fails for split
    - mm: page_vma_mapped_walk(): use page for pvmw->page
    - mm: page_vma_mapped_walk(): settle PageHuge on entry
    - mm: page_vma_mapped_walk(): use pmde for *pvmw->pmd
    - mm: page_vma_mapped_walk(): prettify PVMW_MIGRATION block
    - mm: page_vma_mapped_walk(): crossing page table boundary
    - mm: page_vma_mapped_walk(): add a level of indentation
    - mm: page_vma_mapped_walk(): use goto instead of while (1)
    - mm: page_vma_mapped_walk(): get vma_address_end() earlier
    - mm/thp: fix page_vma_mapped_walk() if THP mapped by ptes
    - mm/thp: another PVMW_SYNC fix in page_vma_mapped_walk()
    - mm, futex: fix shared futex pgoff on shmem huge page
    - [Config] enable CONFIG_SYSTEM_REVOCATION_LIST
    - certs: Add EFI_CERT_X509_GUID support for dbx entries
    - certs: Move load_system_certificate_list to a common function
    - Linux 5.4.129
  * Patch To Fix Bug in the Linux Block Layer Responsible For  Merging BIOs
    (LP: #1931497)
    - block: return the correct bvec when checking for gaps

linux-bluefield (5.4.0-1017.20) focal; urgency=medium

* focal/linux-bluefield: 5.4.0-1017.20 -proposed tracker (LP: #1936516)

* Update mlx-bootctl to access new fields in EEPROM MFG (LP: #1931843)
    - SAUCE: mlx-bootctl: Fix exclusion issues around arm_smccc_smc
    - SAUCE: mlx-bootctl: Fix potential buffer overflow
    - SAUCE: mlx-bootctl: Support VPD info in EEPROM MFG
    - SAUCE: mlx-bootctl: Update license and version info

* Fix err check for nf_conntrack_confirm (LP: #1934819)
    - net/sched: act_ct: fix err check for nf_conntrack_confirm

* Possible memory leak of flow_block_cb (LP: #1934822)
    - net/sched: act_ct: remove and free nf_table callbacks

* Fix host to pod traffic with ovn cluster using ovs internal port and tc
    offload (LP: #1935584)
    - SAUCE: net/sched: act_mirred: Reset ct when reinserting skb back into queue

* Control netfilter flow table timeouts via sysctl (LP: #1934401)
    - Revert "UBUNTU: SAUCE: net/sched: Add module parameter to set CT age out
      time"
    - Revert "UBUNTU: SAUCE: netfilter: flowtable: Control flow timeout interval"
    - netfilter: conntrack: Introduce tcp offload timeout configuration
    - netfilter: conntrack: Introduce udp offload timeout configuration
    - netfilter: flowtable: Set offload timeouts according to proto values

* i2c-mlxbf.c: prevent stack overflow in mlxbf_i2c_smbus_start_transaction
    (LP: #1934304)
    - SAUCE: i2c-mlxbf.c: prevent stack overflow in
      mlxbf_i2c_smbus_start_transaction()

* New BPF helpers to query conntrack and to generate/validate SYN cookies
    (LP: #1934499)
    - xdp: Add frame size to xdp_buff
    - net: XDP-generic determining XDP frame size
    - xdp: Xdp_frame add member frame_sz and handle in convert_to_xdp_frame
    - xdp: Cpumap redirect use frame_sz and increase skb_tailroom
    - veth: Xdp using frame_sz in veth driver
    - tun: Add XDP frame size
    - vhost_net: Also populate XDP frame size
    - virtio_net: Add XDP frame size in two code paths
    - xdp: For Intel AF_XDP drivers add XDP frame_sz
    - mlx5: Rx queue setup time determine frame_sz for XDP
    - xdp: Allow bpf_xdp_adjust_tail() to grow packet size
    - xdp: Clear grow memory in bpf_xdp_adjust_tail()
    - bpf: Add xdp.frame_sz in bpf_prog_test_run_xdp().
    - xdp: Handle frame_sz in xdp_convert_zc_to_xdp_frame()
    - xsk: Fix xsk_umem_xdp_frame_sz()
    - bpf: Fix too large copy from user in bpf_test_init
    - SAUCE: bpf: Add a helper to query TCP conntrack information in XDP
    - SAUCE: bpf: Add helpers to issue and check SYN cookies in XDP
    - SAUCE: bpf: Add a helper to issue timestamp cookies in XDP

[ Ubuntu: 5.4.0-81.91 ]

* Packaging resync (LP: #1786013)
    - update dkms package versions
  * large_dir in ext4 broken (LP: #1933074)
    - SAUCE: ext4: fix directory index node split corruption
  * Some test in kselftest/net on focal source tree were not tested at all
    (LP: #1934282)
    - selftests/net: add missing tests to Makefile
  * curtin: install flash-kernel in arm64 UEFI unexpected (LP: #1918427)
    - [Packaging] Allow grub-efi-arm* to satisfy recommends on ARM
  * Add l2tp.sh in net from ubuntu_kernel_selftests back (LP: #1934293)
    - Revert "UBUNTU: SAUCE: selftests/net -- disable l2tp.sh test"
  * icmp_redirect.sh in net from ubuntu_kernel_selftests failed on F-OEM-5.6 /
    F-OEM-5.10 / F-OEM-5.13 / F / G / H (LP: #1880645)
    - selftests: icmp_redirect: support expected failures
  * Focal update: v5.4.128 upstream stable release (LP: #1934179)
    - dmaengine: ALTERA_MSGDMA depends on HAS_IOMEM
    - dmaengine: QCOM_HIDMA_MGMT depends on HAS_IOMEM
    - dmaengine: stedma40: add missing iounmap() on error in d40_probe()
    - afs: Fix an IS_ERR() vs NULL check
    - mm/memory-failure: make sure wait for page writeback in memory_failure
    - kvm: LAPIC: Restore guard to prevent illegal APIC register access
    - batman-adv: Avoid WARN_ON timing related checks
    - net: ipv4: fix memory leak in netlbl_cipsov4_add_std
    - vrf: fix maximum MTU
    - net: rds: fix memory leak in rds_recvmsg
    - net: lantiq: disable interrupt before sheduling NAPI
    - udp: fix race between close() and udp_abort()
    - rtnetlink: Fix regression in bridge VLAN configuration
    - net/sched: act_ct: handle DNAT tuple collision
    - net/mlx5e: Remove dependency in IPsec initialization flows
    - net/mlx5e: Fix page reclaim for dead peer hairpin
    - net/mlx5: Consider RoCE cap before init RDMA resources
    - net/mlx5e: allow TSO on VXLAN over VLAN topologies
    - net/mlx5e: Block offload of outer header csum for UDP tunnels
    - netfilter: synproxy: Fix out of bounds when parsing TCP options
    - sch_cake: Fix out of bounds when parsing TCP options and header
    - alx: Fix an error handling path in 'alx_probe()'
    - net: stmmac: dwmac1000: Fix extended MAC address registers definition
    - net: make get_net_ns return error if NET_NS is disabled
    - qlcnic: Fix an error handling path in 'qlcnic_probe()'
    - netxen_nic: Fix an error handling path in 'netxen_nic_probe()'
    - net: qrtr: fix OOB Read in qrtr_endpoint_post
    - ptp: improve max_adj check against unreasonable values
    - net: cdc_ncm: switch to eth%d interface naming
    - lantiq: net: fix duplicated skb in rx descriptor ring
    - net: usb: fix possible use-after-free in smsc75xx_bind
    - net: fec_ptp: fix issue caused by refactor the fec_devtype
    - net: ipv4: fix memory leak in ip_mc_add1_src
    - net/af_unix: fix a data-race in unix_dgram_sendmsg / unix_release_sock
    - be2net: Fix an error handling path in 'be_probe()'
    - net: hamradio: fix memory leak in mkiss_close
    - net: cdc_eem: fix tx fixup skb leak
    - cxgb4: fix wrong shift.
    - bnxt_en: Rediscover PHY capabilities after firmware reset
    - bnxt_en: Call bnxt_ethtool_free() in bnxt_init_one() error path
    - icmp: don't send out ICMP messages with a source address of 0.0.0.0
    - net: ethernet: fix potential use-after-free in ec_bhf_remove
    - regulator: bd70528: Fix off-by-one for buck123 .n_voltages setting
    - ASoC: rt5659: Fix the lost powers for the HDA header
    - spi: stm32-qspi: Always wait BUSY bit to be cleared in stm32_qspi_wait_cmd()
    - pinctrl: ralink: rt2880: avoid to error in calls is pin is already enabled
    - radeon: use memcpy_to/fromio for UVD fw upload
    - hwmon: (scpi-hwmon) shows the negative temperature properly
    - can: bcm: fix infoleak in struct bcm_msg_head
    - can: bcm/raw/isotp: use per module netdevice notifier
    - can: j1939: fix Use-after-Free, hold skb ref while in use
    - can: mcba_usb: fix memory leak in mcba_usb
    - usb: core: hub: Disable autosuspend for Cypress CY7C65632
    - tracing: Do not stop recording cmdlines when tracing is off
    - tracing: Do not stop recording comms if the trace file is being read
    - tracing: Do no increment trace_clock_global() by one
    - PCI: Mark TI C667X to avoid bus reset
    - PCI: Mark some NVIDIA GPUs to avoid bus reset
    - PCI: aardvark: Don't rely on jiffies while holding spinlock
    - PCI: aardvark: Fix kernel panic during PIO transfer
    - PCI: Add ACS quirk for Broadcom BCM57414 NIC
    - PCI: Work around Huawei Intelligent NIC VF FLR erratum
    - KVM: x86: Immediately reset the MMU context when the SMM flag is cleared
    - ARCv2: save ABI registers across signal handling
    - x86/process: Check PF_KTHREAD and not current->mm for kernel threads
    - x86/pkru: Write hardware init value to PKRU when xstate is init
    - x86/fpu: Reset state for all signal restore failures
    - dmaengine: pl330: fix wrong usage of spinlock flags in dma_cyclc
    - cfg80211: make certificate generation more robust
    - cfg80211: avoid double free of PMSR request
    - net: ll_temac: Make sure to free skb when it is completely used
    - net: ll_temac: Fix TX BD buffer overwrite
    - net: bridge: fix vlan tunnel dst null pointer dereference
    - net: bridge: fix vlan tunnel dst refcnt when egressing
    - mm/slub: clarify verification reporting
    - mm/slub: fix redzoning for small allocations
    - mm/slub.c: include swab.h
    - net: stmmac: disable clocks in stmmac_remove_config_dt()
    - net: fec_ptp: add clock rate zero check
    - tools headers UAPI: Sync linux/in.h copy with the kernel sources
    - KVM: arm/arm64: Fix KVM_VGIC_V3_ADDR_TYPE_REDIST read
    - ARM: OMAP: replace setup_irq() by request_irq()
    - clocksource/drivers/timer-ti-dm: Add clockevent and clocksource support
    - clocksource/drivers/timer-ti-dm: Prepare to handle dra7 timer wrap issue
    - clocksource/drivers/timer-ti-dm: Handle dra7 timer wrap errata i940
    - usb: dwc3: debugfs: Add and remove endpoint dirs dynamically
    - usb: dwc3: core: fix kernel panic when do reboot
    - Linux 5.4.128
  * linux-azure CIFS DFS oops (LP: #1935833)
    - cifs: get rid of unused parameter in reconn_setup_dfs_targets()
    - cifs: handle empty list of targets in cifs_reconnect()
  * pmtu.sh from net in ubuntu_kernel_selftests failed with no error message
    (LP: #1887661)
    - selftests: pmtu.sh: improve the test result processing
  * cifs: On cifs_reconnect, resolve the hostname again (LP: #1929831)
    - cifs: rename reconn_inval_dfs_target()
    - cifs: Simplify reconnect code when dfs upcall is enabled
    - cifs: Avoid error pointer dereference
    - cifs: On cifs_reconnect, resolve the hostname again.
  * Pixel format change broken for Elgato Cam Link 4K (LP: #1932367)
    - (upstream) media: uvcvideo: Fix pixel format change for Elgato Cam Link 4K
  * Focal update: v5.4.127 upstream stable release (LP: #1933851)
    - net: ieee802154: fix null deref in parse dev addr
    - HID: quirks: Set INCREMENT_USAGE_ON_DUPLICATE for Saitek X65
    - HID: hid-input: add mapping for emoji picker key
    - HID: hid-sensor-hub: Return error for hid_set_field() failure
    - HID: quirks: Add quirk for Lenovo optical mouse
    - HID: multitouch: set Stylus suffix for Stylus-application devices, too
    - HID: Add BUS_VIRTUAL to hid_connect logging
    - HID: usbhid: fix info leak in hid_submit_ctrl
    - drm/tegra: sor: Do not leak runtime PM reference
    - ARM: OMAP2+: Fix build warning when mmc_omap is not built
    - gfs2: Prevent direct-I/O write fallback errors from getting lost
    - HID: gt683r: add missing MODULE_DEVICE_TABLE
    - riscv: Use -mno-relax when using lld linker
    - gfs2: Fix use-after-free in gfs2_glock_shrink_scan
    - scsi: target: core: Fix warning on realtime kernels
    - ethernet: myri10ge: Fix missing error code in myri10ge_probe()
    - scsi: qedf: Do not put host in qedf_vport_create() unconditionally
    - scsi: scsi_devinfo: Add blacklist entry for HPE OPEN-V
    - nvme-loop: reset queue count to 1 in nvme_loop_destroy_io_queues()
    - nvme-loop: clear NVME_LOOP_Q_LIVE when nvme_loop_configure_admin_queue()
      fails
    - nvme-loop: check for NVME_LOOP_Q_LIVE in nvme_loop_destroy_admin_queue()
    - net: ipconfig: Don't override command-line hostnames or domains
    - drm/amd/display: Allow bandwidth validation for 0 streams.
    - rtnetlink: Fix missing error code in rtnl_bridge_notify()
    - net/x25: Return the correct errno code
    - net: Return the correct errno code
    - fib: Return the correct errno code
    - Linux 5.4.127
  * Focal update: v5.4.126 upstream stable release (LP: #1933369)
    - proc: Check /proc/$pid/attr/ writes against file opener
    - proc: Track /proc/$pid/attr/ opener mm_struct
    - ASoC: max98088: fix ni clock divider calculation
    - spi: Fix spi device unregister flow
    - net/nfc/rawsock.c: fix a permission check bug
    - usb: cdns3: Fix runtime PM imbalance on error
    - ASoC: Intel: bytcr_rt5640: Add quirk for the Glavey TM800A550L tablet
    - ASoC: Intel: bytcr_rt5640: Add quirk for the Lenovo Miix 3-830 tablet
    - vfio-ccw: Serialize FSM IDLE state with I/O completion
    - ASoC: sti-sas: add missing MODULE_DEVICE_TABLE
    - spi: sprd: Add missing MODULE_DEVICE_TABLE
    - isdn: mISDN: netjet: Fix crash in nj_probe:
    - bonding: init notify_work earlier to avoid uninitialized use
    - netlink: disable IRQs for netlink_lock_table()
    - net: mdiobus: get rid of a BUG_ON()
    - cgroup: disable controllers at parse time
    - wq: handle VM suspension in stall detection
    - net/qla3xxx: fix schedule while atomic in ql_sem_spinlock
    - RDS tcp loopback connection can hang
    - scsi: bnx2fc: Return failure if io_req is already in ABTS processing
    - scsi: vmw_pvscsi: Set correct residual data length
    - scsi: hisi_sas: Drop free_irq() of devm_request_irq() allocated irq
    - scsi: target: qla2xxx: Wait for stop_phase1 at WWN removal
    - net: macb: ensure the device is available before accessing GEMGXL control
      registers
    - net: appletalk: cops: Fix data race in cops_probe1
    - net: dsa: microchip: enable phy errata workaround on 9567
    - nvme-fabrics: decode host pathing error for connect
    - MIPS: Fix kernel hang under FUNCTION_GRAPH_TRACER and PREEMPT_TRACER
    - dm verity: fix require_signatures module_param permissions
    - bnx2x: Fix missing error code in bnx2x_iov_init_one()
    - nvme-tcp: remove incorrect Kconfig dep in BLK_DEV_NVME
    - powerpc/fsl: set fsl,i2c-erratum-a004447 flag for P2041 i2c controllers
    - powerpc/fsl: set fsl,i2c-erratum-a004447 flag for P1010 i2c controllers
    - spi: Don't have controller clean up spi device before driver unbind
    - spi: Cleanup on failure of initial setup
    - i2c: mpc: Make use of i2c_recover_bus()
    - i2c: mpc: implement erratum A-004447 workaround
    - x86/boot: Add .text.* to setup.ld
    - spi: bcm2835: Fix out-of-bounds access with more than 4 slaves
    - drm: Fix use-after-free read in drm_getunique()
    - drm: Lock pointer access in drm_master_release()
    - kvm: avoid speculation-based attacks from out-of-range memslot accesses
    - staging: rtl8723bs: Fix uninitialized variables
    - btrfs: return value from btrfs_mark_extent_written() in case of error
    - btrfs: promote debugging asserts to full-fledged checks in validate_super
    - cgroup1: don't allow '\n' in renaming
    - USB: f_ncm: ncm_bitrate (speed) is unsigned
    - usb: f_ncm: only first packet of aggregate needs to start timer
    - usb: pd: Set PD_T_SINK_WAIT_CAP to 310ms
    - usb: dwc3: ep0: fix NULL pointer exception
    - usb: musb: fix MUSB_QUIRK_B_DISCONNECT_99 handling
    - usb: typec: wcove: Use LE to CPU conversion when accessing msg->header
    - usb: typec: ucsi: Clear PPM capability data in ucsi_init() error path
    - usb: gadget: f_fs: Ensure io_completion_wq is idle during unbind
    - USB: serial: ftdi_sio: add NovaTech OrionMX product ID
    - USB: serial: omninet: add device id for Zyxel Omni 56K Plus
    - USB: serial: quatech2: fix control-request directions
    - USB: serial: cp210x: fix alternate function for CP2102N QFN20
    - usb: gadget: eem: fix wrong eem header operation
    - usb: fix various gadgets null ptr deref on 10gbps cabling.
    - usb: fix various gadget panics on 10gbps cabling
    - regulator: core: resolve supply for boot-on/always-on regulators
    - regulator: max77620: Use device_set_of_node_from_dev()
    - usb: typec: mux: Fix copy-paste mistake in typec_mux_match
    - RDMA/ipoib: Fix warning caused by destroying non-initial netns
    - RDMA/mlx4: Do not map the core_clock page to user space unless enabled
    - vmlinux.lds.h: Avoid orphan section with !SMP
    - perf: Fix data race between pin_count increment/decrement
    - sched/fair: Make sure to update tg contrib for blocked load
    - KVM: x86: Ensure liveliness of nested VM-Enter fail tracepoint message
    - IB/mlx5: Fix initializing CQ fragments buffer
    - NFS: Fix a potential NULL dereference in nfs_get_client()
    - NFSv4: Fix deadlock between nfs4_evict_inode() and nfs4_opendata_get_inode()
    - perf session: Correct buffer copying when peeking events
    - kvm: fix previous commit for 32-bit builds
    - NFS: Fix use-after-free in nfs4_init_client()
    - NFSv4: Fix second deadlock in nfs4_evict_inode()
    - NFSv4: nfs4_proc_set_acl needs to restore NFS_CAP_UIDGID_NOMAP on error.
    - scsi: core: Fix error handling of scsi_host_alloc()
    - scsi: core: Fix failure handling of scsi_add_host_with_dma()
    - scsi: core: Put .shost_dev in failure path if host state changes to RUNNING
    - scsi: core: Only put parent device if host state differs from SHOST_CREATED
    - ftrace: Do not blindly read the ip address in ftrace_bug()
    - tracing: Correct the length check which causes memory corruption
    - proc: only require mm_struct for writing
    - Linux 5.4.126
  * Focal update: v5.4.125 upstream stable release (LP: #1932957)
    - btrfs: tree-checker: do not error out if extent ref hash doesn't match
    - net: usb: cdc_ncm: don't spew notifications
    - ALSA: usb: update old-style static const declaration
    - nl80211: validate key indexes for cfg80211_registered_device
    - hwmon: (dell-smm-hwmon) Fix index values
    - netfilter: conntrack: unregister ipv4 sockopts on error unwind
    - efi: Allow EFI_MEMORY_XP and EFI_MEMORY_RO both to be cleared
    - efi: cper: fix snprintf() use in cper_dimm_err_location()
    - vfio/pci: Fix error return code in vfio_ecap_init()
    - vfio/pci: zap_vma_ptes() needs MMU
    - samples: vfio-mdev: fix error handing in mdpy_fb_probe()
    - vfio/platform: fix module_put call in error flow
    - ipvs: ignore IP_VS_SVC_F_HASHED flag when adding service
    - HID: pidff: fix error return code in hid_pidff_init()
    - HID: i2c-hid: fix format string mismatch
    - net/sched: act_ct: Fix ct template allocation for zone 0
    - ACPICA: Clean up context mutex during object deletion
    - netfilter: nft_ct: skip expectations for confirmed conntrack
    - netfilter: nfnetlink_cthelper: hit EBUSY on updates if size mismatches
    - ieee802154: fix error return code in ieee802154_add_iface()
    - ieee802154: fix error return code in ieee802154_llsec_getparams()
    - ixgbevf: add correct exception tracing for XDP
    - ipv6: Fix KASAN: slab-out-of-bounds Read in fib6_nh_flush_exceptions
    - ice: write register with correct offset
    - ice: Fix VFR issues for AVF drivers that expect ATQLEN cleared
    - ice: Allow all LLDP packets from PF to Tx
    - i2c: qcom-geni: Add shutdown callback for i2c
    - i40e: optimize for XDP_REDIRECT in xsk path
    - i40e: add correct exception tracing for XDP
    - arm64: dts: ls1028a: fix memory node
    - arm64: dts: zii-ultra: fix 12V_MAIN voltage
    - ARM: dts: imx7d-meerkat96: Fix the 'tuning-step' property
    - ARM: dts: imx7d-pico: Fix the 'tuning-step' property
    - ARM: dts: imx: emcon-avari: Fix nxp,pca8574 #gpio-cells
    - bus: ti-sysc: Fix flakey idling of uarts and stop using swsup_sidle_act
    - tipc: add extack messages for bearer/media failure
    - tipc: fix unique bearer names sanity check
    - Bluetooth: fix the erroneous flush_work() order
    - Bluetooth: use correct lock to prevent UAF of hdev object
    - net: caif: added cfserl_release function
    - net: caif: add proper error handling
    - net: caif: fix memory leak in caif_device_notify
    - net: caif: fix memory leak in cfusbl_device_notify
    - HID: i2c-hid: Skip ELAN power-on command after reset
    - HID: magicmouse: fix NULL-deref on disconnect
    - HID: multitouch: require Finger field to mark Win8 reports as MT
    - ALSA: timer: Fix master timer notification
    - ALSA: hda: Fix for mute key LED for HP Pavilion 15-CK0xx
    - ARM: dts: imx6dl-yapp4: Fix RGMII connection to QCA8334 switch
    - ARM: dts: imx6q-dhcom: Add PU,VDD1P1,VDD2P5 regulators
    - ext4: fix bug on in ext4_es_cache_extent as ext4_split_extent_at failed
    - usb: dwc2: Fix build in periphal-only mode
    - pid: take a reference when initializing `cad_pid`
    - ocfs2: fix data corruption by fallocate
    - nfc: fix NULL ptr dereference in llcp_sock_getname() after failed connect
    - drm/amdgpu: Don't query CE and UE errors
    - drm/amdgpu: make sure we unpin the UVD BO
    - x86/apic: Mark _all_ legacy interrupts when IO/APIC is missing
    - btrfs: mark ordered extent and inode with error if we fail to finish
    - btrfs: fix error handling in btrfs_del_csums
    - btrfs: return errors from btrfs_del_csums in cleanup_ref_head
    - btrfs: fixup error handling in fixup_inode_link_counts
    - mm, hugetlb: fix simple resv_huge_pages underflow on UFFDIO_COPY
    - bnxt_en: Remove the setting of dev_port.
    - mm: add thp_order
    - XArray: add xa_get_order
    - XArray: add xas_split
    - mm/filemap: fix storing to a THP shadow entry
    - btrfs: fix unmountable seed device after fstrim
    - KVM: SVM: Truncate GPR value for DR and CR accesses in !64-bit mode
    - KVM: arm64: Fix debug register indexing
    - lib/lz4: explicitly support in-place decompression
    - xen-pciback: redo VF placement in the virtual topology
    - i2c: qcom-geni: Suspend and resume the bus during SYSTEM_SLEEP_PM ops
    - neighbour: allow NUD_NOARP entries to be forced GCed
    - Linux 5.4.125

-- Kelsey Skunberg <kelsey.skunberg@canonical.com>  Tue, 21 Sep 2021 15:48:43 -0600

Changed in linux-bluefield (Ubuntu Focal):
status:	Fix Committed → Fix Released

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.

Ubuntulinux-bluefield package