Bug #1945180 “vrf: fix refcnt leak with vxlan slaves” : Bugs : linux package : Ubuntu

Revision history for this message

Nicolas Dichtel (nicolas-dichtel) wrote on 2021-09-27:

#1

Backport of the upstream patch on Ubuntu-hwe-5.4-5.4.0-87.98_18.04.1 Edit (4.1 KiB, text/plain)

Revision history for this message

Ubuntu Kernel Bot (ubuntu-kernel-bot) wrote on 2021-09-27: Missing required logs.

#2

This bug is missing log files that will aid in diagnosing the problem. While running an Ubuntu kernel (not a mainline or third-party kernel) please enter the following command in a terminal window:

apport-collect 1945180

and then change the status of the bug to 'Confirmed'.

If, due to the nature of the issue you have encountered, you are unable to run this command, please add a comment stating that fact and change the bug status to 'Confirmed'.

This change has been made by an automated script, maintained by the Ubuntu Kernel Team.

Changed in linux (Ubuntu):
status:	New → Incomplete

Ubuntu Foundations Team Bug Bot (crichton) on 2021-09-27

tags:

added: patch

Stefan Bader (smb) on 2021-09-28

Changed in linux (Ubuntu Focal):
importance:	Undecided → Medium
status:	New → Triaged
Changed in linux (Ubuntu):
status:	Incomplete → Fix Released
Changed in linux (Ubuntu Bionic):
importance:	Undecided → Medium
status:	New → Triaged

Kleber Sacilotto de Souza (kleber-souza) on 2021-10-07

Changed in linux (Ubuntu Bionic):
status:	Triaged → In Progress
Changed in linux (Ubuntu Focal):
status:	Triaged → In Progress

Kelsey Steele (kelsey-steele) on 2021-10-12

Changed in linux (Ubuntu Bionic):
status:	In Progress → Fix Committed
Changed in linux (Ubuntu Focal):
status:	In Progress → Confirmed
status:	Confirmed → Fix Committed

Revision history for this message

Ubuntu Kernel Bot (ubuntu-kernel-bot) wrote on 2021-10-19:

#3

This bug is awaiting verification that the linux/5.4.0-90.101 kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-focal' to 'verification-done-focal'. If the problem still exists, change the tag 'verification-needed-focal' to 'verification-failed-focal'.

If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you!

tags:

added: verification-needed-focal

Samuel Gauthier (sgauthier) on 2021-10-19

tags:

added: verification-done-focal
removed: verification-needed-focal

Revision history for this message

Ubuntu Kernel Bot (ubuntu-kernel-bot) wrote on 2021-10-20:

#4

This bug is awaiting verification that the linux/4.15.0-162.170 kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-bionic' to 'verification-done-bionic'. If the problem still exists, change the tag 'verification-needed-bionic' to 'verification-failed-bionic'.

If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you!

tags:

added: verification-needed-bionic

Revision history for this message

Kelsey Steele (kelsey-steele) wrote on 2021-10-29:

#5

Hi Nicolas or Samuel, may you please verify the Bionic kernel in -proposed resolves this bug? You can find more instructions in comment #4. Thank you!

Revision history for this message

Samuel Gauthier (sgauthier) wrote on 2021-10-29:

#6

Hi Kelsey, sorry, I missed the notification, I'll take care of it right away.

Samuel Gauthier (sgauthier) on 2021-10-29

tags:

added: verification-done-bionic
removed: verification-needed-bionic

Luke Nowakowski-Krijger (lukenow) on 2021-10-29

Changed in linux (Ubuntu):
assignee:	nobody → Luke Nowakowski-Krijger (lukenow)
assignee:	Luke Nowakowski-Krijger (lukenow) → nobody

Revision history for this message

Kelsey Steele (kelsey-steele) wrote on 2021-11-02:

#7

Thank you, Samuel! :)

Revision history for this message

Launchpad Janitor (janitor) wrote on 2021-11-08:

#8

Download full text (18.4 KiB)

This bug was fixed in the package linux - 4.15.0-162.170

---------------
linux (4.15.0-162.170) bionic; urgency=medium

* bionic/linux: 4.15.0-162.170 -proposed tracker (LP: #1947293)

* Add final-checks to check certificates (LP: #1947174)
- [Packaging] Add system trusted and revocation keys final check

  * CVE-2020-36385
    - RDMA/cma: Add missing locking to rdma_accept()
    - RDMA/ucma: Fix the locking of ctx->file
    - RDMA/ucma: Rework ucma_migrate_id() to avoid races with destroy

* CVE-2021-28950
- fuse: fix live lock in fuse_iget()

* CVE-2020-36322
- fuse: fix bad inode

  * Bionic update: upstream stable patchset 2021-10-13 (LP: #1947011)
    - rcu: Fix missed wakeup of exp_wq waiters
    - apparmor: remove duplicate macro list_entry_is_head()
    - crypto: talitos - fix max key size for sha384 and sha512
    - sctp: validate chunk size in __rcv_asconf_lookup
    - sctp: add param size validation for SCTP_PARAM_SET_PRIMARY
    - dmaengine: acpi: Avoid comparison GSI with Linux vIRQ
    - thermal/drivers/exynos: Fix an error code in exynos_tmu_probe()
    - 9p/trans_virtio: Remove sysfs file on probe failure
    - prctl: allow to setup brk for et_dyn executables
    - profiling: fix shift-out-of-bounds bugs
    - pwm: lpc32xx: Don't modify HW state in .probe() after the PWM chip was
      registered
    - Kconfig.debug: drop selecting non-existing HARDLOCKUP_DETECTOR_ARCH
    - parisc: Move pci_dev_is_behind_card_dino to where it is used
    - dmaengine: ioat: depends on !UML
    - dmaengine: xilinx_dma: Set DMA mask for coherent APIs
    - ceph: lockdep annotations for try_nonblocking_invalidate
    - nilfs2: fix memory leak in nilfs_sysfs_create_device_group
    - nilfs2: fix NULL pointer in nilfs_##name##_attr_release
    - nilfs2: fix memory leak in nilfs_sysfs_create_##name##_group
    - nilfs2: fix memory leak in nilfs_sysfs_delete_##name##_group
    - nilfs2: fix memory leak in nilfs_sysfs_create_snapshot_group
    - nilfs2: fix memory leak in nilfs_sysfs_delete_snapshot_group
    - pwm: rockchip: Don't modify HW state in .remove() callback
    - blk-throttle: fix UAF by deleteing timer in blk_throtl_exit()
    - drm/nouveau/nvkm: Replace -ENOSYS with -ENODEV
    - nilfs2: use refcount_dec_and_lock() to fix potential UAF
    - drivers: base: cacheinfo: Get rid of DEFINE_SMP_CALL_CACHE_FUNCTION()

* Invalid backport to v4.15: missing pgtable_l5_enabled (LP: #1946464)
- SAUCE: Revert "x86/mm: Don't free P4D table when it is folded at runtime"

* CVE-2021-38199
- NFSv4: Initialise connection to the server in nfs4_alloc_client()

  * CVE-2019-19449
    - f2fs: fix wrong total_sections check and fsmeta check
    - f2fs: fix to do sanity check on segment/section count

* vrf: fix refcnt leak with vxlan slaves (LP: #1945180)
- ipv4: Fix device used for dst_alloc with local routes

  * Check for changes relevant for security certifications (LP: #1945989)
    - [Packaging] Add a new fips-checks script
    - [Packaging] Add fips-checks as part of finalchecks

* CVE-2021-3759
- memcg: enable accounting of ipc resources

* Bionic update: upstream stable patchset 2021-09-27 (LP: #1945224)
...

This bug was fixed in the package linux - 4.15.0-162.170

---------------
linux (4.15.0-162.170) bionic; urgency=medium

* bionic/linux: 4.15.0-162.170 -proposed tracker (LP: #1947293)

* Add final-checks to check certificates (LP: #1947174)
    - [Packaging] Add system trusted and revocation keys final check

* CVE-2020-36385
    - RDMA/cma: Add missing locking to rdma_accept()
    - RDMA/ucma: Fix the locking of ctx->file
    - RDMA/ucma: Rework ucma_migrate_id() to avoid races with destroy

* CVE-2021-28950
    - fuse: fix live lock in fuse_iget()

* CVE-2020-36322
    - fuse: fix bad inode

* Bionic update: upstream stable patchset 2021-10-13 (LP: #1947011)
    - rcu: Fix missed wakeup of exp_wq waiters
    - apparmor: remove duplicate macro list_entry_is_head()
    - crypto: talitos - fix max key size for sha384 and sha512
    - sctp: validate chunk size in __rcv_asconf_lookup
    - sctp: add param size validation for SCTP_PARAM_SET_PRIMARY
    - dmaengine: acpi: Avoid comparison GSI with Linux vIRQ
    - thermal/drivers/exynos: Fix an error code in exynos_tmu_probe()
    - 9p/trans_virtio: Remove sysfs file on probe failure
    - prctl: allow to setup brk for et_dyn executables
    - profiling: fix shift-out-of-bounds bugs
    - pwm: lpc32xx: Don't modify HW state in .probe() after the PWM chip was
      registered
    - Kconfig.debug: drop selecting non-existing HARDLOCKUP_DETECTOR_ARCH
    - parisc: Move pci_dev_is_behind_card_dino to where it is used
    - dmaengine: ioat: depends on !UML
    - dmaengine: xilinx_dma: Set DMA mask for coherent APIs
    - ceph: lockdep annotations for try_nonblocking_invalidate
    - nilfs2: fix memory leak in nilfs_sysfs_create_device_group
    - nilfs2: fix NULL pointer in nilfs_##name##_attr_release
    - nilfs2: fix memory leak in nilfs_sysfs_create_##name##_group
    - nilfs2: fix memory leak in nilfs_sysfs_delete_##name##_group
    - nilfs2: fix memory leak in nilfs_sysfs_create_snapshot_group
    - nilfs2: fix memory leak in nilfs_sysfs_delete_snapshot_group
    - pwm: rockchip: Don't modify HW state in .remove() callback
    - blk-throttle: fix UAF by deleteing timer in blk_throtl_exit()
    - drm/nouveau/nvkm: Replace -ENOSYS with -ENODEV
    - nilfs2: use refcount_dec_and_lock() to fix potential UAF
    - drivers: base: cacheinfo: Get rid of DEFINE_SMP_CALL_CACHE_FUNCTION()

* Invalid backport to v4.15: missing pgtable_l5_enabled (LP: #1946464)
    - SAUCE: Revert "x86/mm: Don't free P4D table when it is folded at runtime"

* CVE-2021-38199
    - NFSv4: Initialise connection to the server in nfs4_alloc_client()

* CVE-2019-19449
    - f2fs: fix wrong total_sections check and fsmeta check
    - f2fs: fix to do sanity check on segment/section count

* vrf: fix refcnt leak with vxlan slaves (LP: #1945180)
    - ipv4: Fix device used for dst_alloc with local routes

* Check for changes relevant for security certifications (LP: #1945989)
    - [Packaging] Add a new fips-checks script
    - [Packaging] Add fips-checks as part of finalchecks

* CVE-2021-3759
    - memcg: enable accounting of ipc resources

* Bionic update: upstream stable patchset 2021-09-27 (LP: #1945224)
    - ARC: Fix CONFIG_STACKDEPOT
    - can: usb: esd_usb2: esd_usb2_rx_event(): fix the interchange of the CAN RX
      and TX error counters
    - Revert "USB: serial: ch341: fix character loss at high transfer rates"
    - USB: serial: option: add new VID/PID to support Fibocom FG150
    - usb: dwc3: gadget: Fix dwc3_calc_trbs_left()
    - usb: dwc3: gadget: Stop EP0 transfers during pullup disable
    - IB/hfi1: Fix possible null-pointer dereference in _extend_sdma_tx_descs()
    - e1000e: Fix the max snoop/no-snoop latency for 10M
    - ip_gre: add validation for csum_start
    - xgene-v2: Fix a resource leak in the error handling path of 'xge_probe()'
    - net: marvell: fix MVNETA_TX_IN_PRGRS bit number
    - usb: gadget: u_audio: fix race condition on endpoint stop
    - opp: remove WARN when no valid OPPs remain
    - virtio: Improve vq->broken access to avoid any compiler optimization
    - vringh: Use wiov->used to check for read/write desc order
    - drm: Copy drm_wait_vblank to user before returning
    - drm/nouveau/disp: power down unused DP links during init
    - net/rds: dma_map_sg is entitled to merge entries
    - vt_kdsetmode: extend console locking
    - fbmem: add margin check to fb_check_caps()
    - KVM: x86/mmu: Treat NX as used (not reserved) for all !TDP shadow MMUs
    - Revert "floppy: reintroduce O_NDELAY fix"
    - net: qrtr: fix another OOB Read in qrtr_endpoint_post
    - net: hns3: fix get wrong pfc_en when query PFC configuration
    - xtensa: fix kconfig unmet dependency warning for HAVE_FUTEX_CMPXCHG
    - qed: Fix the VF msix vectors flow
    - net: macb: Add a NULL check on desc_ptp
    - qede: Fix memset corruption
    - perf/x86/intel/pt: Fix mask of num_address_ranges
    - perf/x86/amd/ibs: Work around erratum #1197
    - cryptoloop: add a deprecation warning
    - ARM: 8918/2: only build return_address() if needed
    - ALSA: pcm: fix divide error in snd_pcm_lib_ioctl
    - clk: fix build warning for orphan_list
    - media: stkwebcam: fix memory leak in stk_camera_probe
    - igmp: Add ip_mc_list lock in ip_check_mc_rcu
    - USB: serial: mos7720: improve OOM-handling in read_mos_reg()
    - f2fs: fix potential overflow
    - ath10k: fix recent bandwidth conversion bug
    - ipv4/icmp: l3mdev: Perform icmp error route lookup on source device routing
      table (v2)
    - crypto: talitos - reduce max key size for SEC1
    - powerpc/module64: Fix comment in R_PPC64_ENTRY handling
    - powerpc/boot: Delete unneeded .globl _zimage_start
    - net: ll_temac: Remove left-over debug message
    - mm/page_alloc: speed up the iteration of max_order
    - Revert "btrfs: compression: don't try to compress if we don't have enough
      pages"
    - usb: host: xhci-rcar: Don't reload firmware after the completion
    - x86/reboot: Limit Dell Optiplex 990 quirk to early BIOS versions
    - PCI: Call Max Payload Size-related fixup quirks early
    - regmap: fix the offset of register error log
    - crypto: mxs-dcp - Check for DMA mapping errors
    - power: supply: axp288_fuel_gauge: Report register-address on readb / writeb
      errors
    - crypto: omap-sham - clear dma flags only after omap_sham_update_dma_stop()
    - udf: Check LVID earlier
    - isofs: joliet: Fix iocharset=utf8 mount option
    - nvme-rdma: don't update queue count when failing to set io queues
    - power: supply: max17042_battery: fix typo in MAx17042_TOFF
    - s390/cio: add dev_busid sysfs entry for each subchannel
    - libata: fix ata_host_start()
    - crypto: qat - do not ignore errors from enable_vf2pf_comms()
    - crypto: qat - handle both source of interrupt in VF ISR
    - crypto: qat - fix reuse of completion variable
    - crypto: qat - fix naming for init/shutdown VF to PF notifications
    - crypto: qat - do not export adf_iov_putmsg()
    - udf_get_extendedattr() had no boundary checks.
    - m68k: emu: Fix invalid free in nfeth_cleanup()
    - spi: spi-fsl-dspi: Fix issue with uninitialized dma_slave_config
    - spi: spi-pic32: Fix issue with uninitialized dma_slave_config
    - clocksource/drivers/sh_cmt: Fix wrong setting if don't request IRQ for clock
      source channel
    - crypto: qat - use proper type for vf_mask
    - certs: Trigger creation of RSA module signing key if it's not an RSA key
    - soc: rockchip: ROCKCHIP_GRF should not default to y, unconditionally
    - media: dvb-usb: fix uninit-value in dvb_usb_adapter_dvb_init
    - media: dvb-usb: fix uninit-value in vp702x_read_mac_addr
    - media: go7007: remove redundant initialization
    - Bluetooth: sco: prevent information leak in sco_conn_defer_accept()
    - tcp: seq_file: Avoid skipping sk during tcp_seek_last_pos
    - net: cipso: fix warnings in netlbl_cipsov4_add_std
    - i2c: highlander: add IRQ check
    - media: em28xx-input: fix refcount bug in em28xx_usb_disconnect
    - PCI: PM: Avoid forcing PCI_D0 for wakeup reasons inconsistently
    - PCI: PM: Enable PME if it can be signaled from D3cold
    - soc: qcom: smsm: Fix missed interrupts if state changes while masked
    - Bluetooth: increase BTNAMSIZ to 21 chars to fix potential buffer overflow
    - arm64: dts: exynos: correct GIC CPU interfaces address range on Exynos7
    - Bluetooth: fix repeated calls to sco_sock_kill
    - drm/msm/dsi: Fix some reference counted resource leaks
    - usb: gadget: udc: at91: add IRQ check
    - usb: phy: fsl-usb: add IRQ check
    - usb: phy: twl6030: add IRQ checks
    - Bluetooth: Move shutdown callback before flushing tx and rx queue
    - usb: host: ohci-tmio: add IRQ check
    - usb: phy: tahvo: add IRQ check
    - mac80211: Fix insufficient headroom issue for AMSDU
    - usb: gadget: mv_u3d: request_irq() after initializing UDC
    - Bluetooth: add timeout sanity check to hci_inquiry
    - i2c: iop3xx: fix deferred probing
    - i2c: s3c2410: fix IRQ check
    - mmc: dw_mmc: Fix issue with uninitialized dma_slave_config
    - mmc: moxart: Fix issue with uninitialized dma_slave_config
    - CIFS: Fix a potencially linear read overflow
    - i2c: mt65xx: fix IRQ check
    - usb: ehci-orion: Handle errors of clk_prepare_enable() in probe
    - usb: bdc: Fix an error handling path in 'bdc_probe()' when no suitable DMA
      config is available
    - tty: serial: fsl_lpuart: fix the wrong mapbase value
    - ath6kl: wmi: fix an error code in ath6kl_wmi_sync_point()
    - bcma: Fix memory leak for internally-handled cores
    - ipv4: make exception cache less predictible
    - net: sched: Fix qdisc_rate_table refcount leak when get tcf_block failed
    - net: qualcomm: fix QCA7000 checksum handling
    - netns: protect netns ID lookups with RCU
    - tty: Fix data race between tiocsti() and flush_to_ldisc()
    - x86/resctrl: Fix a maybe-uninitialized build warning treated as error
    - KVM: x86: Update vCPU's hv_clock before back to guest when tsc_offset is
      adjusted
    - IMA: remove -Wmissing-prototypes warning
    - backlight: pwm_bl: Improve bootloader/kernel device handover
    - clk: kirkwood: Fix a clocking boot regression
    - fbmem: don't allow too huge resolutions
    - rtc: tps65910: Correct driver module alias
    - blk-zoned: allow zone management send operations without CAP_SYS_ADMIN
    - blk-zoned: allow BLKREPORTZONE without CAP_SYS_ADMIN
    - PCI/MSI: Skip masking MSI-X on Xen PV
    - powerpc/perf/hv-gpci: Fix counter value parsing
    - xen: fix setting of max_pfn in shared_info
    - include/linux/list.h: add a macro to test if entry is pointing to the head
    - 9p/xen: Fix end of loop tests for list_for_each_entry
    - soc: aspeed: lpc-ctrl: Fix boundary check for mmap
    - crypto: public_key: fix overflow during implicit conversion
    - block: bfq: fix bfq_set_next_ioprio_data()
    - power: supply: max17042: handle fails of reading status register
    - dm crypt: Avoid percpu_counter spinlock contention in crypt_page_alloc()
    - VMCI: fix NULL pointer dereference when unmapping queue pair
    - media: uvc: don't do DMA on stack
    - media: rc-loopback: return number of emitters rather than error
    - libata: add ATA_HORKAGE_NO_NCQ_TRIM for Samsung 860 and 870 SSDs
    - ARM: 9105/1: atags_to_fdt: don't warn about stack size
    - PCI: Restrict ASMedia ASM1062 SATA Max Payload Size Supported
    - PCI: Return ~0 data on pciconfig_read() CAP_SYS_ADMIN failure
    - PCI: xilinx-nwl: Enable the clock through CCF
    - PCI: aardvark: Increase polling delay to 1.5s while waiting for PIO response
    - PCI: aardvark: Fix masking and unmasking legacy INTx interrupts
    - HID: input: do not report stylus battery state as "full"
    - RDMA/iwcm: Release resources if iw_cm module initialization fails
    - docs: Fix infiniband uverbs minor number
    - pinctrl: samsung: Fix pinctrl bank pin count
    - vfio: Use config not menuconfig for VFIO_NOIOMMU
    - openrisc: don't printk() unconditionally
    - pinctrl: single: Fix error return code in pcs_parse_bits_in_pinctrl_entry()
    - scsi: qedi: Fix error codes in qedi_alloc_global_queues()
    - MIPS: Malta: fix alignment of the devicetree buffer
    - media: dib8000: rewrite the init prbs logic
    - crypto: mxs-dcp - Use sg_mapping_iter to copy data
    - PCI: Use pci_update_current_state() in pci_enable_device_flags()
    - iio: dac: ad5624r: Fix incorrect handling of an optional regulator.
    - ARM: dts: qcom: apq8064: correct clock names
    - video: fbdev: kyro: fix a DoS bug by restricting user input
    - netlink: Deal with ESRCH error in nlmsg_notify()
    - Smack: Fix wrong semantics in smk_access_entry()
    - usb: host: fotg210: fix the endpoint's transactional opportunities
      calculation
    - usb: host: fotg210: fix the actual_length of an iso packet
    - usb: gadget: u_ether: fix a potential null pointer dereference
    - usb: gadget: composite: Allow bMaxPower=0 if self-powered
    - staging: board: Fix uninitialized spinlock when attaching genpd
    - tty: serial: jsm: hold port lock when reporting modem line changes
    - bpf/tests: Fix copy-and-paste error in double word test
    - bpf/tests: Do not PASS tests without actually testing the result
    - video: fbdev: asiliantfb: Error out if 'pixclock' equals zero
    - video: fbdev: kyro: Error out if 'pixclock' equals zero
    - video: fbdev: riva: Error out if 'pixclock' equals zero
    - ipv4: ip_output.c: Fix out-of-bounds warning in ip_copy_addrs()
    - flow_dissector: Fix out-of-bounds warnings
    - s390/jump_label: print real address in a case of a jump label bug
    - serial: 8250: Define RX trigger levels for OxSemi 950 devices
    - xtensa: ISS: don't panic in rs_init
    - hvsi: don't panic on tty_register_driver failure
    - serial: 8250_pci: make setup_port() parameters explicitly unsigned
    - staging: ks7010: Fix the initialization of the 'sleep_status' structure
    - ata: sata_dwc_460ex: No need to call phy_exit() befre phy_init()
    - Bluetooth: skip invalid hci_sync_conn_complete_evt
    - ASoC: Intel: bytcr_rt5640: Move "Platform Clock" routes to the maps for the
      matching in-/output
    - media: v4l2-dv-timings.c: fix wrong condition in two for-loops
    - arm64: dts: qcom: sdm660: use reg value for memory node
    - net: ethernet: stmmac: Do not use unreachable() in ipq806x_gmac_probe()
    - Bluetooth: avoid circular locks in sco_sock_connect
    - gpu: drm: amd: amdgpu: amdgpu_i2c: fix possible uninitialized-variable
      access in amdgpu_i2c_router_select_ddc_port()
    - ARM: tegra: tamonten: Fix UART pad setting
    - rpc: fix gss_svc_init cleanup on failure
    - staging: rts5208: Fix get_ms_information() heap buffer size
    - gfs2: Don't call dlm after protocol is unmounted
    - mmc: sdhci-of-arasan: Check return value of non-void funtions
    - mmc: rtsx_pci: Fix long reads when clock is prescaled
    - selftests/bpf: Enlarge select() timeout for test_maps
    - cifs: fix wrong release in sess_alloc_buffer() failed path
    - Revert "USB: xhci: fix U1/U2 handling for hardware with XHCI_INTEL_HOST
      quirk set"
    - usb: musb: musb_dsps: request_irq() after initializing musb
    - usbip: give back URBs for unsent unlink requests during cleanup
    - usbip:vhci_hcd USB port can get stuck in the disabled state
    - ASoC: rockchip: i2s: Fix regmap_ops hang
    - ASoC: rockchip: i2s: Fixup config for DAIFMT_DSP_A/B
    - parport: remove non-zero check on count
    - ath9k: fix OOB read ar9300_eeprom_restore_internal
    - ath9k: fix sleeping in atomic context
    - net: fix NULL pointer reference in cipso_v4_doi_free
    - net: w5100: check return value after calling platform_get_resource()
    - parisc: fix crash with signals and alloca
    - scsi: BusLogic: Fix missing pr_cont() use
    - scsi: qla2xxx: Sync queue idx with queue_pair_map idx
    - cpufreq: powernv: Fix init_chip_info initialization in numa=off
    - mm/hugetlb: initialize hugetlb_usage in mm_init
    - memcg: enable accounting for pids in nested pid namespaces
    - platform/chrome: cros_ec_proto: Send command again when timeout occurs
    - xen: reset legacy rtc flag for PV domU
    - bnx2x: Fix enabling network interfaces without VFs
    - PM: base: power: don't try to use non-existing RTC for storing data
    - x86/mm: Fix kern_addr_valid() to cope with existing but not present entries
    - net-caif: avoid user-triggerable WARN_ON(1)
    - ptp: dp83640: don't define PAGE0
    - net/l2tp: Fix reference count leak in l2tp_udp_recv_core
    - r6040: Restore MDIO clock frequency after MAC reset
    - tipc: increase timeout in tipc_sk_enqueue()
    - events: Reuse value read using READ_ONCE instead of re-reading it
    - net/af_unix: fix a data-race in unix_dgram_poll
    - tcp: fix tp->undo_retrans accounting in tcp_sacktag_one()
    - mm/memory_hotplug: use "unsigned long" for PFN in zone_for_pfn_range()
    - dt-bindings: mtd: gpmc: Fix the ECC bytes vs. OOB bytes equation
    - mfd: Don't use irq_create_mapping() to resolve a mapping
    - PCI: Add ACS quirks for Cavium multi-function devices
    - net: usb: cdc_mbim: avoid altsetting toggling for Telit LN920
    - ethtool: Fix an error code in cxgb2.c
    - PCI: Sync __pci_register_driver() stub for CONFIG_PCI=n
    - mtd: rawnand: cafe: Fix a resource leak in the error handling path of
      'cafe_nand_probe()'
    - ARC: export clear_user_page() for modules
    - net: dsa: b53: Fix calculating number of switch ports
    - netfilter: socket: icmp6: fix use-after-scope
    - qlcnic: Remove redundant unlock in qlcnic_pinit_from_rom
    - net: renesas: sh_eth: Fix freeing wrong tx descriptor
    - SUNRPC/nfs: Fix return value for nfs4_callback_compound()
    - usb: mtu3: use @mult for HS isoc or intr
    - usb: mtu3: fix the wrong HS mult value
    - lib/mpi: use kcalloc in mpi_resize
    - media: venus: venc: Fix potential null pointer dereference on pointer fmt
    - platform/x86: dell-smbios-wmi: Add missing kfree in error-exit from
      run_smbios_call
    - f2fs: fix to unmap pages from userspace process in punch_hole()
    - userfaultfd: prevent concurrent API initialization
    - arm64/sve: Use correct size when reinitialising SVE state
    - perf machine: Initialize srcline string member in add_location struct
    - net/mlx5: Fix potential sleeping in atomic context
    - net: hns3: pad the short tunnel frame before sending to hardware
    - mfd: axp20x: Update AXP288 volatile ranges
    - KVM: arm64: Handle PSCI resets before userspace touches vCPU state
    - ip_gre: validate csum_start only on pull

-- Kleber Sacilotto de Souza <kleber.souza@canonical.com>  Mon, 18 Oct 2021 12:35:58 +0200

Changed in linux (Ubuntu Bionic):
status:	Fix Committed → Fix Released

Revision history for this message

Launchpad Janitor (janitor) wrote on 2021-11-08:

#9

Download full text (32.6 KiB)

This bug was fixed in the package linux - 5.4.0-90.101

---------------
linux (5.4.0-90.101) focal; urgency=medium

* focal/linux: 5.4.0-90.101 -proposed tracker (LP: #1947260)

* Packaging resync (LP: #1786013)
- debian/dkms-versions -- update from kernel-versions (main/2021.10.18)

* Add final-checks to check certificates (LP: #1947174)
- [Packaging] Add system trusted and revocation keys final check

  * No sound on Lenovo laptop models Legion 15IMHG05, Yoga 7 14ITL5, and 13s
    Gen2 (LP: #1939052)
    - ALSA: hda/realtek: Quirks to enable speaker output for Lenovo Legion 7i
      15IMHG05, Yoga 7i 14ITL5/15ITL5, and 13s Gen2 laptops.
    - ALSA: hda/realtek: Fix for quirk to enable speaker output on the Lenovo 13s
      Gen2

  * CVE-2020-36385
    - RDMA/cma: Add missing locking to rdma_accept()
    - RDMA/ucma: Fix the locking of ctx->file
    - RDMA/ucma: Rework ucma_migrate_id() to avoid races with destroy

  * Focal update: v5.4.148 upstream stable release (LP: #1946802)
    - rtc: tps65910: Correct driver module alias
    - btrfs: wake up async_delalloc_pages waiters after submit
    - btrfs: reset replace target device to allocation state on close
    - blk-zoned: allow zone management send operations without CAP_SYS_ADMIN
    - blk-zoned: allow BLKREPORTZONE without CAP_SYS_ADMIN
    - PCI/MSI: Skip masking MSI-X on Xen PV
    - powerpc/perf/hv-gpci: Fix counter value parsing
    - xen: fix setting of max_pfn in shared_info
    - include/linux/list.h: add a macro to test if entry is pointing to the head
    - 9p/xen: Fix end of loop tests for list_for_each_entry
    - tools/thermal/tmon: Add cross compiling support
    - pinctrl: stmfx: Fix hazardous u8[] to unsigned long cast
    - pinctrl: ingenic: Fix incorrect pull up/down info
    - soc: qcom: aoss: Fix the out of bound usage of cooling_devs
    - soc: aspeed: lpc-ctrl: Fix boundary check for mmap
    - soc: aspeed: p2a-ctrl: Fix boundary check for mmap
    - arm64: head: avoid over-mapping in map_memory
    - crypto: public_key: fix overflow during implicit conversion
    - block: bfq: fix bfq_set_next_ioprio_data()
    - power: supply: max17042: handle fails of reading status register
    - dm crypt: Avoid percpu_counter spinlock contention in crypt_page_alloc()
    - VMCI: fix NULL pointer dereference when unmapping queue pair
    - media: uvc: don't do DMA on stack
    - media: rc-loopback: return number of emitters rather than error
    - Revert "dmaengine: imx-sdma: refine to load context only once"
    - dmaengine: imx-sdma: remove duplicated sdma_load_context
    - libata: add ATA_HORKAGE_NO_NCQ_TRIM for Samsung 860 and 870 SSDs
    - ARM: 9105/1: atags_to_fdt: don't warn about stack size
    - PCI/portdrv: Enable Bandwidth Notification only if port supports it
    - PCI: Restrict ASMedia ASM1062 SATA Max Payload Size Supported
    - PCI: Return ~0 data on pciconfig_read() CAP_SYS_ADMIN failure
    - PCI: xilinx-nwl: Enable the clock through CCF
    - PCI: aardvark: Fix checking for PIO status
    - PCI: aardvark: Increase polling delay to 1.5s while waiting for PIO response
    - PCI: aardvark: Fix masking and unmasking legacy INTx interrupts
    - HID...

This bug was fixed in the package linux - 5.4.0-90.101

---------------
linux (5.4.0-90.101) focal; urgency=medium

* focal/linux: 5.4.0-90.101 -proposed tracker (LP: #1947260)

* Packaging resync (LP: #1786013)
    - debian/dkms-versions -- update from kernel-versions (main/2021.10.18)

* Add final-checks to check certificates (LP: #1947174)
    - [Packaging] Add system trusted and revocation keys final check

* No sound on Lenovo laptop models Legion 15IMHG05, Yoga 7 14ITL5, and 13s
    Gen2 (LP: #1939052)
    - ALSA: hda/realtek: Quirks to enable speaker output for Lenovo Legion 7i
      15IMHG05, Yoga 7i 14ITL5/15ITL5, and 13s Gen2 laptops.
    - ALSA: hda/realtek: Fix for quirk to enable speaker output on the Lenovo 13s
      Gen2

* CVE-2020-36385
    - RDMA/cma: Add missing locking to rdma_accept()
    - RDMA/ucma: Fix the locking of ctx->file
    - RDMA/ucma: Rework ucma_migrate_id() to avoid races with destroy

* Focal update: v5.4.148 upstream stable release (LP: #1946802)
    - rtc: tps65910: Correct driver module alias
    - btrfs: wake up async_delalloc_pages waiters after submit
    - btrfs: reset replace target device to allocation state on close
    - blk-zoned: allow zone management send operations without CAP_SYS_ADMIN
    - blk-zoned: allow BLKREPORTZONE without CAP_SYS_ADMIN
    - PCI/MSI: Skip masking MSI-X on Xen PV
    - powerpc/perf/hv-gpci: Fix counter value parsing
    - xen: fix setting of max_pfn in shared_info
    - include/linux/list.h: add a macro to test if entry is pointing to the head
    - 9p/xen: Fix end of loop tests for list_for_each_entry
    - tools/thermal/tmon: Add cross compiling support
    - pinctrl: stmfx: Fix hazardous u8[] to unsigned long cast
    - pinctrl: ingenic: Fix incorrect pull up/down info
    - soc: qcom: aoss: Fix the out of bound usage of cooling_devs
    - soc: aspeed: lpc-ctrl: Fix boundary check for mmap
    - soc: aspeed: p2a-ctrl: Fix boundary check for mmap
    - arm64: head: avoid over-mapping in map_memory
    - crypto: public_key: fix overflow during implicit conversion
    - block: bfq: fix bfq_set_next_ioprio_data()
    - power: supply: max17042: handle fails of reading status register
    - dm crypt: Avoid percpu_counter spinlock contention in crypt_page_alloc()
    - VMCI: fix NULL pointer dereference when unmapping queue pair
    - media: uvc: don't do DMA on stack
    - media: rc-loopback: return number of emitters rather than error
    - Revert "dmaengine: imx-sdma: refine to load context only once"
    - dmaengine: imx-sdma: remove duplicated sdma_load_context
    - libata: add ATA_HORKAGE_NO_NCQ_TRIM for Samsung 860 and 870 SSDs
    - ARM: 9105/1: atags_to_fdt: don't warn about stack size
    - PCI/portdrv: Enable Bandwidth Notification only if port supports it
    - PCI: Restrict ASMedia ASM1062 SATA Max Payload Size Supported
    - PCI: Return ~0 data on pciconfig_read() CAP_SYS_ADMIN failure
    - PCI: xilinx-nwl: Enable the clock through CCF
    - PCI: aardvark: Fix checking for PIO status
    - PCI: aardvark: Increase polling delay to 1.5s while waiting for PIO response
    - PCI: aardvark: Fix masking and unmasking legacy INTx interrupts
    - HID: input: do not report stylus battery state as "full"
    - f2fs: quota: fix potential deadlock
    - scsi: bsg: Remove support for SCSI_IOCTL_SEND_COMMAND
    - IB/hfi1: Adjust pkey entry in index 0
    - RDMA/iwcm: Release resources if iw_cm module initialization fails
    - docs: Fix infiniband uverbs minor number
    - pinctrl: samsung: Fix pinctrl bank pin count
    - vfio: Use config not menuconfig for VFIO_NOIOMMU
    - powerpc/stacktrace: Include linux/delay.h
    - RDMA/efa: Remove double QP type assignment
    - f2fs: show f2fs instance in printk_ratelimited
    - f2fs: reduce the scope of setting fsck tag when de->name_len is zero
    - openrisc: don't printk() unconditionally
    - dma-debug: fix debugfs initialization order
    - SUNRPC: Fix potential memory corruption
    - scsi: fdomain: Fix error return code in fdomain_probe()
    - pinctrl: single: Fix error return code in pcs_parse_bits_in_pinctrl_entry()
    - scsi: smartpqi: Fix an error code in pqi_get_raid_map()
    - scsi: qedi: Fix error codes in qedi_alloc_global_queues()
    - scsi: qedf: Fix error codes in qedf_alloc_global_queues()
    - powerpc/config: Renable MTD_PHYSMAP_OF
    - scsi: target: avoid per-loop XCOPY buffer allocations
    - HID: i2c-hid: Fix Elan touchpad regression
    - KVM: PPC: Book3S HV Nested: Reflect guest PMU in-use to L0 when guest SPRs
      are live
    - platform/x86: dell-smbios-wmi: Add missing kfree in error-exit from
      run_smbios_call
    - fscache: Fix cookie key hashing
    - clk: at91: sam9x60: Don't use audio PLL
    - clk: at91: clk-generated: pass the id of changeable parent at registration
    - clk: at91: clk-generated: Limit the requested rate to our range
    - KVM: PPC: Fix clearing never mapped TCEs in realmode
    - f2fs: fix to account missing .skipped_gc_rwsem
    - f2fs: fix unexpected ENOENT comes from f2fs_map_blocks()
    - f2fs: fix to unmap pages from userspace process in punch_hole()
    - MIPS: Malta: fix alignment of the devicetree buffer
    - kbuild: Fix 'no symbols' warning when CONFIG_TRIM_UNUSD_KSYMS=y
    - userfaultfd: prevent concurrent API initialization
    - drm/amdgpu: Fix amdgpu_ras_eeprom_init()
    - ASoC: atmel: ATMEL drivers don't need HAS_DMA
    - media: dib8000: rewrite the init prbs logic
    - crypto: mxs-dcp - Use sg_mapping_iter to copy data
    - PCI: Use pci_update_current_state() in pci_enable_device_flags()
    - tipc: keep the skb in rcv queue until the whole data is read
    - iio: dac: ad5624r: Fix incorrect handling of an optional regulator.
    - iavf: do not override the adapter state in the watchdog task
    - iavf: fix locking of critical sections
    - ARM: dts: qcom: apq8064: correct clock names
    - video: fbdev: kyro: fix a DoS bug by restricting user input
    - netlink: Deal with ESRCH error in nlmsg_notify()
    - Smack: Fix wrong semantics in smk_access_entry()
    - drm: avoid blocking in drm_clients_info's rcu section
    - igc: Check if num of q_vectors is smaller than max before array access
    - usb: host: fotg210: fix the endpoint's transactional opportunities
      calculation
    - usb: host: fotg210: fix the actual_length of an iso packet
    - usb: gadget: u_ether: fix a potential null pointer dereference
    - USB: EHCI: ehci-mv: improve error handling in mv_ehci_enable()
    - usb: gadget: composite: Allow bMaxPower=0 if self-powered
    - staging: board: Fix uninitialized spinlock when attaching genpd
    - tty: serial: jsm: hold port lock when reporting modem line changes
    - drm/amd/display: Fix timer_per_pixel unit error
    - drm/amd/amdgpu: Update debugfs link_settings output link_rate field in hex
    - bpf/tests: Fix copy-and-paste error in double word test
    - bpf/tests: Do not PASS tests without actually testing the result
    - video: fbdev: asiliantfb: Error out if 'pixclock' equals zero
    - video: fbdev: kyro: Error out if 'pixclock' equals zero
    - video: fbdev: riva: Error out if 'pixclock' equals zero
    - ipv4: ip_output.c: Fix out-of-bounds warning in ip_copy_addrs()
    - flow_dissector: Fix out-of-bounds warnings
    - s390/jump_label: print real address in a case of a jump label bug
    - s390: make PCI mio support a machine flag
    - serial: 8250: Define RX trigger levels for OxSemi 950 devices
    - xtensa: ISS: don't panic in rs_init
    - hvsi: don't panic on tty_register_driver failure
    - serial: 8250_pci: make setup_port() parameters explicitly unsigned
    - staging: ks7010: Fix the initialization of the 'sleep_status' structure
    - samples: bpf: Fix tracex7 error raised on the missing argument
    - ata: sata_dwc_460ex: No need to call phy_exit() befre phy_init()
    - Bluetooth: skip invalid hci_sync_conn_complete_evt
    - workqueue: Fix possible memory leaks in wq_numa_init()
    - bonding: 3ad: fix the concurrency between __bond_release_one() and
      bond_3ad_state_machine_handler()
    - arm64: tegra: Fix Tegra194 PCIe EP compatible string
    - ASoC: Intel: bytcr_rt5640: Move "Platform Clock" routes to the maps for the
      matching in-/output
    - media: imx258: Rectify mismatch of VTS value
    - media: imx258: Limit the max analogue gain to 480
    - media: v4l2-dv-timings.c: fix wrong condition in two for-loops
    - media: TDA1997x: fix tda1997x_query_dv_timings() return value
    - media: tegra-cec: Handle errors of clk_prepare_enable()
    - ARM: dts: imx53-ppd: Fix ACHC entry
    - arm64: dts: qcom: sdm660: use reg value for memory node
    - net: ethernet: stmmac: Do not use unreachable() in ipq806x_gmac_probe()
    - drm/msm: mdp4: drop vblank get/put from prepare/complete_commit
    - selftests/bpf: Fix xdp_tx.c prog section name
    - Bluetooth: schedule SCO timeouts with delayed_work
    - Bluetooth: avoid circular locks in sco_sock_connect
    - net/mlx5: Fix variable type to match 64bit
    - gpu: drm: amd: amdgpu: amdgpu_i2c: fix possible uninitialized-variable
      access in amdgpu_i2c_router_select_ddc_port()
    - drm/display: fix possible null-pointer dereference in dcn10_set_clock()
    - mac80211: Fix monitor MTU limit so that A-MSDUs get through
    - ARM: tegra: tamonten: Fix UART pad setting
    - arm64: tegra: Fix compatible string for Tegra132 CPUs
    - arm64: dts: ls1046a: fix eeprom entries
    - nvme-tcp: don't check blk_mq_tag_to_rq when receiving pdu data
    - Bluetooth: Fix handling of LE Enhanced Connection Complete
    - opp: Don't print an error if required-opps is missing
    - serial: sh-sci: fix break handling for sysrq
    - tcp: enable data-less, empty-cookie SYN with TFO_SERVER_COOKIE_NOT_REQD
    - rpc: fix gss_svc_init cleanup on failure
    - staging: rts5208: Fix get_ms_information() heap buffer size
    - gfs2: Don't call dlm after protocol is unmounted
    - usb: chipidea: host: fix port index underflow and UBSAN complains
    - lockd: lockd server-side shouldn't set fl_ops
    - drm/exynos: Always initialize mapping in exynos_drm_register_dma()
    - m68knommu: only set CONFIG_ISA_DMA_API for ColdFire sub-arch
    - btrfs: tree-log: check btrfs_lookup_data_extent return value
    - ASoC: Intel: Skylake: Fix module configuration for KPB and MIXER
    - ASoC: Intel: Skylake: Fix passing loadable flag for module
    - of: Don't allow __of_attached_node_sysfs() without CONFIG_SYSFS
    - mmc: sdhci-of-arasan: Check return value of non-void funtions
    - mmc: rtsx_pci: Fix long reads when clock is prescaled
    - selftests/bpf: Enlarge select() timeout for test_maps
    - mmc: core: Return correct emmc response in case of ioctl error
    - cifs: fix wrong release in sess_alloc_buffer() failed path
    - Revert "USB: xhci: fix U1/U2 handling for hardware with XHCI_INTEL_HOST
      quirk set"
    - usb: musb: musb_dsps: request_irq() after initializing musb
    - usbip: give back URBs for unsent unlink requests during cleanup
    - usbip:vhci_hcd USB port can get stuck in the disabled state
    - ASoC: rockchip: i2s: Fix regmap_ops hang
    - ASoC: rockchip: i2s: Fixup config for DAIFMT_DSP_A/B
    - drm/amdkfd: Account for SH/SE count when setting up cu masks.
    - iwlwifi: mvm: fix a memory leak in iwl_mvm_mac_ctxt_beacon_changed
    - iwlwifi: mvm: avoid static queue number aliasing
    - iwlwifi: mvm: fix access to BSS elements
    - net/mlx5: DR, Enable QP retransmission
    - parport: remove non-zero check on count
    - ath9k: fix OOB read ar9300_eeprom_restore_internal
    - ath9k: fix sleeping in atomic context
    - net: fix NULL pointer reference in cipso_v4_doi_free
    - fix array-index-out-of-bounds in taprio_change
    - net: w5100: check return value after calling platform_get_resource()
    - parisc: fix crash with signals and alloca
    - ovl: fix BUG_ON() in may_delete() when called from ovl_cleanup()
    - scsi: BusLogic: Fix missing pr_cont() use
    - scsi: qla2xxx: Changes to support kdump kernel
    - scsi: qla2xxx: Sync queue idx with queue_pair_map idx
    - cpufreq: powernv: Fix init_chip_info initialization in numa=off
    - s390/pv: fix the forcing of the swiotlb
    - mm/hugetlb: initialize hugetlb_usage in mm_init
    - mm,vmscan: fix divide by zero in get_scan_count
    - memcg: enable accounting for pids in nested pid namespaces
    - platform/chrome: cros_ec_proto: Send command again when timeout occurs
    - lib/test_stackinit: Fix static initializer test
    - net: dsa: lantiq_gswip: fix maximum frame length
    - drm/msi/mdp4: populate priv->kms in mdp4_kms_init
    - drm/amdgpu: Fix BUG_ON assert
    - drm/panfrost: Simplify lock_region calculation
    - drm/panfrost: Use u64 for size in lock_region
    - drm/panfrost: Clamp lock region to Bifrost minimum
    - btrfs: fix upper limit for max_inline for page size 64K
    - xen: reset legacy rtc flag for PV domU
    - bnx2x: Fix enabling network interfaces without VFs
    - arm64/sve: Use correct size when reinitialising SVE state
    - PM: base: power: don't try to use non-existing RTC for storing data
    - PCI: Add AMD GPU multi-function power dependencies
    - drm/amd/amdgpu: Increase HWIP_MAX_INSTANCE to 10
    - drm/etnaviv: return context from etnaviv_iommu_context_get
    - drm/etnaviv: put submit prev MMU context when it exists
    - drm/etnaviv: stop abusing mmu_context as FE running marker
    - drm/etnaviv: keep MMU context across runtime suspend/resume
    - drm/etnaviv: exec and MMU state is lost when resetting the GPU
    - drm/etnaviv: fix MMU context leak on GPU reset
    - drm/etnaviv: reference MMU context when setting up hardware state
    - drm/etnaviv: add missing MMU context put when reaping MMU mapping
    - s390/sclp: fix Secure-IPL facility detection
    - x86/mm: Fix kern_addr_valid() to cope with existing but not present entries
    - tipc: fix an use-after-free issue in tipc_recvmsg
    - net-caif: avoid user-triggerable WARN_ON(1)
    - ptp: dp83640: don't define PAGE0
    - net/l2tp: Fix reference count leak in l2tp_udp_recv_core
    - r6040: Restore MDIO clock frequency after MAC reset
    - tipc: increase timeout in tipc_sk_enqueue()
    - perf machine: Initialize srcline string member in add_location struct
    - net/mlx5: FWTrace, cancel work on alloc pd error flow
    - net/mlx5: Fix potential sleeping in atomic context
    - events: Reuse value read using READ_ONCE instead of re-reading it
    - vhost_net: fix OoB on sendmsg() failure.
    - net/af_unix: fix a data-race in unix_dgram_poll
    - net: dsa: destroy the phylink instance on any error in dsa_slave_phy_setup
    - tcp: fix tp->undo_retrans accounting in tcp_sacktag_one()
    - qed: Handle management FW error
    - dt-bindings: arm: Fix Toradex compatible typo
    - ibmvnic: check failover_pending in login response
    - KVM: PPC: Book3S HV: Tolerate treclaim. in fake-suspend mode changing
      registers
    - net: hns3: pad the short tunnel frame before sending to hardware
    - net: hns3: change affinity_mask to numa node range
    - net: hns3: disable mac in flr process
    - net: hns3: fix the timing issue of VF clearing interrupt sources
    - mm/memory_hotplug: use "unsigned long" for PFN in zone_for_pfn_range()
    - dt-bindings: mtd: gpmc: Fix the ECC bytes vs. OOB bytes equation
    - mfd: db8500-prcmu: Adjust map to reality
    - PCI: Add ACS quirks for NXP LX2xx0 and LX2xx2 platforms
    - fuse: fix use after free in fuse_read_interrupt()
    - mfd: Don't use irq_create_mapping() to resolve a mapping
    - tracing/probes: Reject events which have the same name of existing one
    - PCI: Add ACS quirks for Cavium multi-function devices
    - Set fc_nlinfo in nh_create_ipv4, nh_create_ipv6
    - net: usb: cdc_mbim: avoid altsetting toggling for Telit LN920
    - PCI: ibmphp: Fix double unmap of io_mem
    - ethtool: Fix an error code in cxgb2.c
    - NTB: Fix an error code in ntb_msit_probe()
    - NTB: perf: Fix an error code in perf_setup_inbuf()
    - mfd: axp20x: Update AXP288 volatile ranges
    - PCI: Fix pci_dev_str_match_path() alloc while atomic bug
    - mfd: tqmx86: Clear GPIO IRQ resource when no IRQ is set
    - KVM: arm64: Handle PSCI resets before userspace touches vCPU state
    - PCI: Sync __pci_register_driver() stub for CONFIG_PCI=n
    - mtd: rawnand: cafe: Fix a resource leak in the error handling path of
      'cafe_nand_probe()'
    - ARC: export clear_user_page() for modules
    - perf unwind: Do not overwrite FEATURE_CHECK_LDFLAGS-libunwind-{x86,aarch64}
    - net: dsa: b53: Fix calculating number of switch ports
    - netfilter: socket: icmp6: fix use-after-scope
    - fq_codel: reject silly quantum parameters
    - qlcnic: Remove redundant unlock in qlcnic_pinit_from_rom
    - ip_gre: validate csum_start only on pull
    - net: renesas: sh_eth: Fix freeing wrong tx descriptor
    - Linux 5.4.148

* Focal update: v5.4.147 upstream stable release (LP: #1946795)
    - Linux 5.4.147
    - upstream stable to v5.4.147

* CVE-2021-3428
    - ext4: save the error code which triggered an ext4_error() in the superblock
    - ext4: simulate various I/O and checksum errors when reading metadata
    - ext4: save all error info in save_error_info() and drop ext4_set_errno()
    - ext4: check journal inode extents more carefully

* ip6gretap / erspan / ip6erspan in rtnetlink.sh from net of
    ubuntu_kernel_selftests failed on B-5.4-aws / B-5.4-gke / B-5.4-oracle /
    B-5.4-azure / B-5.4 (LP: #1896448)
    - SAUCE: selftests: rtnetlink: fixes for older iproute2

* CVE-2019-19449
    - f2fs: fix wrong total_sections check and fsmeta check
    - f2fs: fix to do sanity check on segment/section count

* kernel bug found when disconnecting one fiber channel interface on Cisco
    Chassis with fnic DRV_VERSION "1.6.0.47" (LP: #1944586)
    - scsi: fnic: Do not call 'scsi_done()' for unhandled commands

* memfd from ubuntu_kernel_selftests failed to build on B-5.4 (unknown type
    name ‘__u64’) (LP: #1944613)
    - SAUCE: selftests/memfd: fix __u64 not defined build issue

* Medion Notebook Keyboard not working (LP: #1909814)
    - ACPI: resources: Add DMI-based legacy IRQ override quirk

* vrf: fix refcnt leak with vxlan slaves (LP: #1945180)
    - ipv4: Fix device used for dst_alloc with local routes

* Check for changes relevant for security certifications (LP: #1945989)
    - [Packaging] Add a new fips-checks script
    - [Packaging] Add fips-checks as part of finalchecks

* Fix cold plugged USB device on certain PCIe USB cards (LP: #1945211)
    - Revert "UBUNTU: SAUCE: Revert "usb: core: reduce power-on-good delay time of
      root hub""
    - usb: core: hcd: Add support for deferring roothub registration
    - xhci: Set HCD flag to defer primary roothub registration
    - usb: core: hcd: Modularize HCD stop configuration in usb_stop_hcd()

* CVE-2021-3759
    - memcg: enable accounting of ipc resources

* Focal update: v5.4.146 upstream stable release (LP: #1946024)
    - locking/mutex: Fix HANDOFF condition
    - regmap: fix the offset of register error log
    - crypto: mxs-dcp - Check for DMA mapping errors
    - sched/deadline: Fix reset_on_fork reporting of DL tasks
    - power: supply: axp288_fuel_gauge: Report register-address on readb / writeb
      errors
    - crypto: omap-sham - clear dma flags only after omap_sham_update_dma_stop()
    - sched/deadline: Fix missing clock update in migrate_task_rq_dl()
    - rcu/tree: Handle VM stoppage in stall detection
    - hrtimer: Avoid double reprogramming in __hrtimer_start_range_ns()
    - hrtimer: Ensure timerfd notification for HIGHRES=n
    - udf: Check LVID earlier
    - udf: Fix iocharset=utf8 mount option
    - isofs: joliet: Fix iocharset=utf8 mount option
    - bcache: add proper error unwinding in bcache_device_init
    - nvme-tcp: don't update queue count when failing to set io queues
    - nvme-rdma: don't update queue count when failing to set io queues
    - nvmet: pass back cntlid on successful completion
    - power: supply: max17042_battery: fix typo in MAx17042_TOFF
    - s390/cio: add dev_busid sysfs entry for each subchannel
    - libata: fix ata_host_start()
    - crypto: qat - do not ignore errors from enable_vf2pf_comms()
    - crypto: qat - handle both source of interrupt in VF ISR
    - crypto: qat - fix reuse of completion variable
    - crypto: qat - fix naming for init/shutdown VF to PF notifications
    - crypto: qat - do not export adf_iov_putmsg()
    - fcntl: fix potential deadlock for &fasync_struct.fa_lock
    - udf_get_extendedattr() had no boundary checks.
    - s390/kasan: fix large PMD pages address alignment check
    - s390/debug: fix debug area life cycle
    - m68k: emu: Fix invalid free in nfeth_cleanup()
    - sched: Fix UCLAMP_FLAG_IDLE setting
    - spi: spi-fsl-dspi: Fix issue with uninitialized dma_slave_config
    - spi: spi-pic32: Fix issue with uninitialized dma_slave_config
    - genirq/timings: Fix error return code in irq_timings_test_irqs()
    - lib/mpi: use kcalloc in mpi_resize
    - clocksource/drivers/sh_cmt: Fix wrong setting if don't request IRQ for clock
      source channel
    - crypto: qat - use proper type for vf_mask
    - certs: Trigger creation of RSA module signing key if it's not an RSA key
    - regulator: vctrl: Use locked regulator_get_voltage in probe path
    - regulator: vctrl: Avoid lockdep warning in enable/disable ops
    - spi: sprd: Fix the wrong WDG_LOAD_VAL
    - spi: spi-zynq-qspi: use wait_for_completion_timeout to make
      zynq_qspi_exec_mem_op not interruptible
    - EDAC/i10nm: Fix NVDIMM detection
    - drm/panfrost: Fix missing clk_disable_unprepare() on error in
      panfrost_clk_init()
    - media: TDA1997x: enable EDID support
    - soc: rockchip: ROCKCHIP_GRF should not default to y, unconditionally
    - media: cxd2880-spi: Fix an error handling path
    - bpf: Fix a typo of reuseport map in bpf.h.
    - bpf: Fix potential memleak and UAF in the verifier.
    - ARM: dts: aspeed-g6: Fix HVI3C function-group in pinctrl dtsi
    - arm64: dts: renesas: r8a77995: draak: Remove bogus adv7511w properties
    - soc: qcom: rpmhpd: Use corner in power_off
    - media: dvb-usb: fix uninit-value in dvb_usb_adapter_dvb_init
    - media: dvb-usb: fix uninit-value in vp702x_read_mac_addr
    - media: dvb-usb: Fix error handling in dvb_usb_i2c_init
    - media: go7007: remove redundant initialization
    - media: coda: fix frame_mem_ctrl for YUV420 and YVU420 formats
    - Bluetooth: sco: prevent information leak in sco_conn_defer_accept()
    - 6lowpan: iphc: Fix an off-by-one check of array index
    - netns: protect netns ID lookups with RCU
    - tcp: seq_file: Avoid skipping sk during tcp_seek_last_pos
    - ARM: dts: meson8: Use a higher default GPU clock frequency
    - ARM: dts: meson8b: odroidc1: Fix the pwm regulator supply properties
    - ARM: dts: meson8b: mxq: Fix the pwm regulator supply properties
    - ARM: dts: meson8b: ec100: Fix the pwm regulator supply properties
    - net/mlx5e: Prohibit inner indir TIRs in IPoIB
    - cgroup/cpuset: Fix a partition bug with hotplug
    - net: cipso: fix warnings in netlbl_cipsov4_add_std
    - i2c: highlander: add IRQ check
    - leds: lt3593: Put fwnode in any case during ->probe()
    - leds: trigger: audio: Add an activate callback to ensure the initial
      brightness is set
    - media: em28xx-input: fix refcount bug in em28xx_usb_disconnect
    - media: venus: venc: Fix potential null pointer dereference on pointer fmt
    - PCI: PM: Avoid forcing PCI_D0 for wakeup reasons inconsistently
    - PCI: PM: Enable PME if it can be signaled from D3cold
    - soc: qcom: smsm: Fix missed interrupts if state changes while masked
    - debugfs: Return error during {full/open}_proxy_open() on rmmod
    - Bluetooth: increase BTNAMSIZ to 21 chars to fix potential buffer overflow
    - PM: EM: Increase energy calculation precision
    - drm/msm/dpu: make dpu_hw_ctl_clear_all_blendstages clear necessary LMs
    - arm64: dts: exynos: correct GIC CPU interfaces address range on Exynos7
    - counter: 104-quad-8: Return error when invalid mode during ceiling_write
    - Bluetooth: fix repeated calls to sco_sock_kill
    - drm/msm/dsi: Fix some reference counted resource leaks
    - usb: gadget: udc: at91: add IRQ check
    - usb: phy: fsl-usb: add IRQ check
    - usb: phy: twl6030: add IRQ checks
    - usb: gadget: udc: renesas_usb3: Fix soc_device_match() abuse
    - usb: host: ohci-tmio: add IRQ check
    - usb: phy: tahvo: add IRQ check
    - mac80211: Fix insufficient headroom issue for AMSDU
    - lockd: Fix invalid lockowner cast after vfs_test_lock
    - nfsd4: Fix forced-expiry locking
    - usb: gadget: mv_u3d: request_irq() after initializing UDC
    - mm/swap: consider max pages in iomap_swapfile_add_extent
    - Bluetooth: add timeout sanity check to hci_inquiry
    - i2c: iop3xx: fix deferred probing
    - i2c: s3c2410: fix IRQ check
    - rsi: fix error code in rsi_load_9116_firmware()
    - rsi: fix an error code in rsi_probe()
    - ASoC: Intel: Skylake: Leave data as is when invoking TLV IPCs
    - ASoC: Intel: Skylake: Fix module resource and format selection
    - mmc: dw_mmc: Fix issue with uninitialized dma_slave_config
    - mmc: moxart: Fix issue with uninitialized dma_slave_config
    - bpf: Fix possible out of bound write in narrow load handling
    - CIFS: Fix a potencially linear read overflow
    - i2c: mt65xx: fix IRQ check
    - usb: ehci-orion: Handle errors of clk_prepare_enable() in probe
    - usb: bdc: Fix an error handling path in 'bdc_probe()' when no suitable DMA
      config is available
    - tty: serial: fsl_lpuart: fix the wrong mapbase value
    - ASoC: wcd9335: Fix a double irq free in the remove function
    - ASoC: wcd9335: Fix a memory leak in the error handling path of the probe
      function
    - ASoC: wcd9335: Disable irq on slave ports in the remove function
    - ath6kl: wmi: fix an error code in ath6kl_wmi_sync_point()
    - bcma: Fix memory leak for internally-handled cores
    - brcmfmac: pcie: fix oops on failure to resume and reprobe
    - ipv6: make exception cache less predictible
    - ipv4: make exception cache less predictible
    - net: sched: Fix qdisc_rate_table refcount leak when get tcf_block failed
    - net: qualcomm: fix QCA7000 checksum handling
    - octeontx2-af: Fix loop in free and unmap counter
    - ipv4: fix endianness issue in inet_rtm_getroute_build_skb()
    - bpf: Introduce BPF nospec instruction for mitigating Spectre v4
    - bpf: Fix leakage due to insufficient speculative store bypass mitigation
    - bpf: verifier: Allocate idmap scratch in verifier env
    - bpf: Fix pointer arithmetic mask tightening under state pruning
    - tty: Fix data race between tiocsti() and flush_to_ldisc()
    - perf/x86/amd/ibs: Extend PERF_PMU_CAP_NO_EXCLUDE to IBS Op
    - x86/resctrl: Fix a maybe-uninitialized build warning treated as error
    - KVM: s390: index kvm->arch.idle_mask by vcpu_idx
    - KVM: x86: Update vCPU's hv_clock before back to guest when tsc_offset is
      adjusted
    - KVM: nVMX: Unconditionally clear nested.pi_pending on nested VM-Enter
    - fuse: truncate pagecache on atomic_o_trunc
    - fuse: flush extending writes
    - IMA: remove -Wmissing-prototypes warning
    - IMA: remove the dependency on CRYPTO_MD5
    - fbmem: don't allow too huge resolutions
    - backlight: pwm_bl: Improve bootloader/kernel device handover
    - clk: kirkwood: Fix a clocking boot regression
    - Linux 5.4.146

* AMD A8-7680 (amdgpu): broken Xorg acceleration and hibernation
    (LP: #1920674) // Focal update: v5.4.146 upstream stable release
    (LP: #1946024)
    - drm/amdgpu/acp: Make PM domain really work

* Focal update: v5.4.145 upstream stable release (LP: #1945517)
    - fscrypt: add fscrypt_symlink_getattr() for computing st_size
    - ext4: report correct st_size for encrypted symlinks
    - f2fs: report correct st_size for encrypted symlinks
    - ubifs: report correct st_size for encrypted symlinks
    - kthread: Fix PF_KTHREAD vs to_kthread() race
    - xtensa: fix kconfig unmet dependency warning for HAVE_FUTEX_CMPXCHG
    - gpu: ipu-v3: Fix i.MX IPU-v3 offset calculations for (semi)planar U/V
      formats
    - reset: reset-zynqmp: Fixed the argument data type
    - qed: Fix the VF msix vectors flow
    - net: macb: Add a NULL check on desc_ptp
    - qede: Fix memset corruption
    - perf/x86/intel/pt: Fix mask of num_address_ranges
    - perf/x86/amd/ibs: Work around erratum #1197
    - perf/x86/amd/power: Assign pmu.module
    - cryptoloop: add a deprecation warning
    - ARM: 8918/2: only build return_address() if needed
    - ALSA: hda/realtek: Workaround for conflicting SSID on ASUS ROG Strix G17
    - ALSA: pcm: fix divide error in snd_pcm_lib_ioctl
    - ARC: wireup clone3 syscall
    - media: stkwebcam: fix memory leak in stk_camera_probe
    - igmp: Add ip_mc_list lock in ip_check_mc_rcu
    - USB: serial: mos7720: improve OOM-handling in read_mos_reg()
    - ipv4/icmp: l3mdev: Perform icmp error route lookup on source device routing
      table (v2)
    - powerpc/boot: Delete unneeded .globl _zimage_start
    - net: ll_temac: Remove left-over debug message
    - mm/page_alloc: speed up the iteration of max_order
    - Revert "r8169: avoid link-up interrupt issue on RTL8106e if user enables
      ASPM"
    - x86/events/amd/iommu: Fix invalid Perf result due to IOMMU PMC power-gating
    - Revert "btrfs: compression: don't try to compress if we don't have enough
      pages"
    - ALSA: usb-audio: Add registration quirk for JBL Quantum 800
    - usb: host: xhci-rcar: Don't reload firmware after the completion
    - usb: mtu3: use @mult for HS isoc or intr
    - usb: mtu3: fix the wrong HS mult value
    - xhci: fix unsafe memory usage in xhci tracing
    - x86/reboot: Limit Dell Optiplex 990 quirk to early BIOS versions
    - PCI: Call Max Payload Size-related fixup quirks early
    - Linux 5.4.145

* Focal update: v5.4.144 upstream stable release (LP: #1944756)
    - net: qrtr: fix another OOB Read in qrtr_endpoint_post
    - ARC: Fix CONFIG_STACKDEPOT
    - netfilter: conntrack: collect all entries in one cycle
    - once: Fix panic when module unload
    - ovl: fix uninitialized pointer read in ovl_lookup_real_one()
    - mmc: sdhci-msm: Update the software timeout value for sdhc
    - mm, oom: make the calculation of oom badness more accurate
    - can: usb: esd_usb2: esd_usb2_rx_event(): fix the interchange of the CAN RX
      and TX error counters
    - Revert "USB: serial: ch341: fix character loss at high transfer rates"
    - USB: serial: option: add new VID/PID to support Fibocom FG150
    - usb: dwc3: gadget: Fix dwc3_calc_trbs_left()
    - usb: dwc3: gadget: Stop EP0 transfers during pullup disable
    - scsi: core: Fix hang of freezing queue between blocking and running device
    - RDMA/bnxt_re: Add missing spin lock initialization
    - IB/hfi1: Fix possible null-pointer dereference in _extend_sdma_tx_descs()
    - e1000e: Fix the max snoop/no-snoop latency for 10M
    - RDMA/efa: Free IRQ vectors on error flow
    - ip_gre: add validation for csum_start
    - xgene-v2: Fix a resource leak in the error handling path of 'xge_probe()'
    - net: marvell: fix MVNETA_TX_IN_PRGRS bit number
    - rtnetlink: Return correct error on changing device netns
    - net: hns3: clear hardware resource when loading driver
    - net: hns3: fix duplicate node in VLAN list
    - net: hns3: fix get wrong pfc_en when query PFC configuration
    - drm/i915: Fix syncmap memory leak
    - usb: gadget: u_audio: fix race condition on endpoint stop
    - perf/x86/intel/uncore: Fix integer overflow on 23 bit left shift of a u32
    - opp: remove WARN when no valid OPPs remain
    - virtio: Improve vq->broken access to avoid any compiler optimization
    - virtio_pci: Support surprise removal of virtio pci device
    - vringh: Use wiov->used to check for read/write desc order
    - qed: qed ll2 race condition fixes
    - qed: Fix null-pointer dereference in qed_rdma_create_qp()
    - drm: Copy drm_wait_vblank to user before returning
    - drm/nouveau/disp: power down unused DP links during init
    - net/rds: dma_map_sg is entitled to merge entries
    - btrfs: fix race between marking inode needs to be logged and log syncing
    - vt_kdsetmode: extend console locking
    - bpf: Track contents of read-only maps as scalars
    - bpf: Fix cast to pointer from integer of different size warning
    - net: dsa: mt7530: fix VLAN traffic leaks again
    - KVM: x86/mmu: Treat NX as used (not reserved) for all !TDP shadow MMUs
    - arm64: dts: qcom: msm8994-angler: Fix gpio-reserved-ranges 85-88
    - btrfs: fix NULL pointer dereference when deleting device by invalid id
    - Revert "floppy: reintroduce O_NDELAY fix"
    - Revert "parisc: Add assembly implementations for memset, strlen, strcpy,
      strncpy and strcat"
    - net: don't unconditionally copy_from_user a struct ifreq for socket ioctls
    - audit: move put_tree() to avoid trim_trees refcount underflow and UAF
    - Linux 5.4.144

-- Kelsey Skunberg <kelsey.skunberg@canonical.com>  Fri, 15 Oct 2021 11:56:24 -0600

Changed in linux (Ubuntu Focal):
status:	Fix Committed → Fix Released

Ubuntu
linux package

vrf: fix refcnt leak with vxlan slaves

Bug Description

CVE References

Other bug subscribers

Patches

Remote bug watches

	Status	Importance	Assigned to
linux (Ubuntu)	Fix Released	Undecided	Unassigned
Bionic	Fix Released	Medium	Unassigned
Focal	Fix Released	Medium	Unassigned

Ubuntulinux package

vrf: fix refcnt leak with vxlan slaves

Bug Description

CVE References

Other bug subscribers

Patches

Remote bug watches

Ubuntu
linux package