Bug #1960875 “[UBUNTU 21.10] s390/cio: verify the driver availab...” : Bugs : linux package : Ubuntu

bugproxy (bugproxy) on 2022-02-15

tags:	added: architecture-s39064 bugnameltc-196419 severity-medium targetmilestone-inin2110
Changed in ubuntu:
assignee:	nobody → Skipper Bug Screeners (skipper-screen-team)
affects:	ubuntu → linux (Ubuntu)

Revision history for this message

bugproxy (bugproxy) wrote on 2022-02-15: Comment bridged from LTC Bugzilla

#1

------- Comment From <email address hidden> 2022-02-14 20:28 EDT-------
The root-patch which has introduced the bug is from kernel 5.11.
Therefore, Ubuntu 21.10 and higher need to be fixed.

The fix is already available in stable now:
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/drivers/s390?h=v5.17-rc4&id=dd9cb842fa9d90653a9b48aba52f89c069f3bc50

Frank Heimes (fheimes) on 2022-02-15

Changed in ubuntu-z-systems:
assignee:	nobody → Skipper Bug Screeners (skipper-screen-team)
Changed in linux (Ubuntu):
importance:	Undecided → High
Changed in ubuntu-z-systems:
importance:	Undecided → High

Revision history for this message

Krzysztof Kozlowski (krzk) wrote on 2022-02-16:

#2

Thanks! Sent a SRU for Impish and Jammy:
https://lists.ubuntu.com/archives/kernel-team/2022-February/128121.html

Changed in linux (Ubuntu Impish):
assignee:	nobody → Krzysztof Kozlowski (krzk)
Changed in linux (Ubuntu Jammy):
assignee:	Skipper Bug Screeners (skipper-screen-team) → Krzysztof Kozlowski (krzk)
Changed in linux (Ubuntu Impish):
status:	New → In Progress
Changed in linux (Ubuntu Jammy):
status:	New → In Progress

Stefan Bader (smb) on 2022-02-16

Changed in linux (Ubuntu Impish):
importance:	Undecided → High

Frank Heimes (fheimes) on 2022-02-16

Changed in ubuntu-z-systems:
status:	New → In Progress

Kleber Sacilotto de Souza (kleber-souza) on 2022-02-17

Changed in linux (Ubuntu Impish):
status:	In Progress → Fix Committed

Revision history for this message

Ubuntu Kernel Bot (ubuntu-kernel-bot) wrote on 2022-02-24:

#3

This bug is awaiting verification that the linux/5.13.0-32.35 kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-impish' to 'verification-done-impish'. If the problem still exists, change the tag 'verification-needed-impish' to 'verification-failed-impish'.

If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you!

tags:

added: verification-needed-impish

Revision history for this message

Ubuntu Kernel Bot (ubuntu-kernel-bot) wrote on 2022-03-17:

#4

This bug is awaiting verification that the linux-azure-5.13/5.13.0-1019.21~20.04.1 kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-focal' to 'verification-done-focal'. If the problem still exists, change the tag 'verification-needed-focal' to 'verification-failed-focal'.

If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you!

tags:

added: verification-needed-focal

bugproxy (bugproxy) on 2022-03-18

tags:

added: verification-done-focal verification-done-impish
removed: verification-needed-focal verification-needed-impish

Revision history for this message

Launchpad Janitor (janitor) wrote on 2022-03-21:

#5

Download full text (49.8 KiB)

This bug was fixed in the package linux - 5.13.0-37.42

---------------
linux (5.13.0-37.42) impish; urgency=medium

* impish/linux: 5.13.0-37.42 -proposed tracker (LP: #1964959)

* CVE-2022-0742
- ipv6: fix skb drops in igmp6_event_query() and igmp6_event_report()

linux (5.13.0-36.41) impish; urgency=medium

  * Packaging resync (LP: #1786013)
    - [Packaging] resync getabis
    - debian/dkms-versions -- update from kernel-versions (main/2022.02.21)

  * Broken network on some AWS instances with focal/impish kernels
    (LP: #1961968)
    - SAUCE: Revert "PCI/MSI: Mask MSI-X vectors only on success"

  * [SRU]PCI: vmd: Do not disable MSI-X remapping if interrupt remapping is
    enabled by IOMMU (LP: #1937295)
    - PCI: vmd: Do not disable MSI-X remapping if interrupt remapping is enabled
      by IOMMU

  * [UBUNTU 20.04] kernel: Add support for CPU-MF counter second version 7
    (LP: #1960182)
    - s390/cpumf: Support for CPU Measurement Facility CSVN 7
    - s390/cpumf: Support for CPU Measurement Sampling Facility LS bit

  * [UBUNTU 21.10] s390/cio: verify the driver availability for path_event call
    (LP: #1960875)
    - s390/cio: verify the driver availability for path_event call

  * Impish update: upstream stable patchset 2022-02-14 (LP: #1960861)
    - devtmpfs regression fix: reconfigure on each mount
    - orangefs: Fix the size of a memory allocation in orangefs_bufmap_alloc()
    - remoteproc: qcom: pil_info: Don't memcpy_toio more than is provided
    - perf: Protect perf_guest_cbs with RCU
    - KVM: x86: Register Processor Trace interrupt hook iff PT enabled in guest
    - KVM: s390: Clarify SIGP orders versus STOP/RESTART
    - 9p: only copy valid iattrs in 9P2000.L setattr implementation
    - video: vga16fb: Only probe for EGA and VGA 16 color graphic cards
    - media: uvcvideo: fix division by zero at stream start
    - rtlwifi: rtl8192cu: Fix WARNING when calling local_irq_restore() with
      interrupts enabled
    - firmware: qemu_fw_cfg: fix sysfs information leak
    - firmware: qemu_fw_cfg: fix NULL-pointer deref on duplicate entries
    - firmware: qemu_fw_cfg: fix kobject leak in probe error path
    - KVM: x86: remove PMU FIXED_CTR3 from msrs_to_save_all
    - ALSA: hda/realtek: Add speaker fixup for some Yoga 15ITL5 devices
    - ALSA: hda/realtek - Fix silent output on Gigabyte X570 Aorus Master after
      reboot from Windows
    - ALSA: hda: ALC287: Add Lenovo IdeaPad Slim 9i 14ITL5 speaker quirk
    - ALSA: hda/realtek: Add quirk for Legion Y9000X 2020
    - ALSA: hda/realtek: Re-order quirk entries for Lenovo
    - powerpc/pseries: Get entry and uaccess flush required bits from
      H_GET_CPU_CHARACTERISTICS
    - mtd: fixup CFI on ixp4xx
    - KVM: x86: don't print when fail to read/write pv eoi memory
    - remoteproc: qcom: pas: Add missing power-domain "mxc" for CDSP
    - perf annotate: Avoid TUI crash when navigating in the annotation of
      recursive functions
    - ALSA: hda/realtek: Use ALC285_FIXUP_HP_GPIO_LED on another HP laptop
    - ALSA: hda/tegra: Fix Tegra194 HDA reset failure

* CVE-2022-0516
- KVM: s390: Return error on SIDA memop on normal guest

* CVE-2022-04...

This bug was fixed in the package linux - 5.13.0-37.42

---------------
linux (5.13.0-37.42) impish; urgency=medium

* impish/linux: 5.13.0-37.42 -proposed tracker (LP: #1964959)

* CVE-2022-0742
    - ipv6: fix skb drops in igmp6_event_query() and igmp6_event_report()

linux (5.13.0-36.41) impish; urgency=medium

* Packaging resync (LP: #1786013)
    - [Packaging] resync getabis
    - debian/dkms-versions -- update from kernel-versions (main/2022.02.21)

* Broken network on some AWS instances with focal/impish kernels
    (LP: #1961968)
    - SAUCE: Revert "PCI/MSI: Mask MSI-X vectors only on success"

* [SRU]PCI: vmd: Do not disable MSI-X remapping if interrupt remapping is
    enabled by IOMMU (LP: #1937295)
    - PCI: vmd: Do not disable MSI-X remapping if interrupt remapping is enabled
      by IOMMU

* [UBUNTU 20.04] kernel: Add support for CPU-MF counter second version 7
    (LP: #1960182)
    - s390/cpumf: Support for CPU Measurement Facility CSVN 7
    - s390/cpumf: Support for CPU Measurement Sampling Facility LS bit

* [UBUNTU 21.10] s390/cio: verify the driver availability for path_event call
    (LP: #1960875)
    - s390/cio: verify the driver availability for path_event call

* Impish update: upstream stable patchset 2022-02-14 (LP: #1960861)
    - devtmpfs regression fix: reconfigure on each mount
    - orangefs: Fix the size of a memory allocation in orangefs_bufmap_alloc()
    - remoteproc: qcom: pil_info: Don't memcpy_toio more than is provided
    - perf: Protect perf_guest_cbs with RCU
    - KVM: x86: Register Processor Trace interrupt hook iff PT enabled in guest
    - KVM: s390: Clarify SIGP orders versus STOP/RESTART
    - 9p: only copy valid iattrs in 9P2000.L setattr implementation
    - video: vga16fb: Only probe for EGA and VGA 16 color graphic cards
    - media: uvcvideo: fix division by zero at stream start
    - rtlwifi: rtl8192cu: Fix WARNING when calling local_irq_restore() with
      interrupts enabled
    - firmware: qemu_fw_cfg: fix sysfs information leak
    - firmware: qemu_fw_cfg: fix NULL-pointer deref on duplicate entries
    - firmware: qemu_fw_cfg: fix kobject leak in probe error path
    - KVM: x86: remove PMU FIXED_CTR3 from msrs_to_save_all
    - ALSA: hda/realtek: Add speaker fixup for some Yoga 15ITL5 devices
    - ALSA: hda/realtek - Fix silent output on Gigabyte X570 Aorus Master after
      reboot from Windows
    - ALSA: hda: ALC287: Add Lenovo IdeaPad Slim 9i 14ITL5 speaker quirk
    - ALSA: hda/realtek: Add quirk for Legion Y9000X 2020
    - ALSA: hda/realtek: Re-order quirk entries for Lenovo
    - powerpc/pseries: Get entry and uaccess flush required bits from
      H_GET_CPU_CHARACTERISTICS
    - mtd: fixup CFI on ixp4xx
    - KVM: x86: don't print when fail to read/write pv eoi memory
    - remoteproc: qcom: pas: Add missing power-domain "mxc" for CDSP
    - perf annotate: Avoid TUI crash when navigating in the annotation of
      recursive functions
    - ALSA: hda/realtek: Use ALC285_FIXUP_HP_GPIO_LED on another HP laptop
    - ALSA: hda/tegra: Fix Tegra194 HDA reset failure

* CVE-2022-0516
    - KVM: s390: Return error on SIDA memop on normal guest

* CVE-2022-0435
    - tipc: improve size validations for received domain records

* CVE-2022-0492
    - cgroup-v1: Require capabilities to set release_agent

* jammy 5.15 kernel soft lockup when zfs.ko is loaded on s390x w/ gcc >=
    11.2.0-10ubuntu1 / gcc-11 PLT regression on s390x (LP: #1954676)
    - s390/module: fix loading modules with a lot of relocations

* Impish update: upstream stable patchset 2022-02-09 (LP: #1960452)
    - workqueue: Fix unbind_workers() VS wq_worker_running() race
    - Bluetooth: btusb: fix memory leak in btusb_mtk_submit_wmt_recv_urb()
    - Bluetooth: btusb: Add two more Bluetooth parts for WCN6855
    - Bluetooth: btusb: Add support for Foxconn QCA 0xe0d0
    - Bluetooth: bfusb: fix division by zero in send path
    - ARM: dts: exynos: Fix BCM4330 Bluetooth reset polarity in I9100
    - USB: core: Fix bug in resuming hub's handling of wakeup requests
    - USB: Fix "slab-out-of-bounds Write" bug in usb_hcd_poll_rh_status
    - ath11k: Fix buffer overflow when scanning with extraie
    - mmc: sdhci-pci: Add PCI ID for Intel ADL
    - mfd: intel-lpss: Fix too early PM enablement in the ACPI ->probe()
    - can: gs_usb: fix use of uninitialized variable, detach device on reception
      of invalid USB data
    - can: isotp: convert struct tpcon::{idx,len} to unsigned int
    - can: gs_usb: gs_can_start_xmit(): zero-initialize hf->{flags,reserved}
    - random: fix data race on crng_node_pool
    - random: fix data race on crng init time
    - random: fix crash on multiple early calls to add_bootloader_randomness()
    - media: Revert "media: uvcvideo: Set unique vdev name based in type"
    - staging: wlan-ng: Avoid bitwise vs logical OR warning in
      hfa384x_usb_throttlefn()
    - drm/i915: Avoid bitwise vs logical OR warning in snb_wm_latency_quirk()
    - staging: greybus: fix stack size warning with UBSAN
    - s390/kexec: handle R_390_PLT32DBL rela in arch_kexec_apply_relocations_add()
    - Bluetooth: btusb: Add the new support ID for Realtek RTL8852A
    - Bluetooth: btusb: Add support for IMC Networks Mediatek Chip(MT7921)
    - Bbluetooth: btusb: Add another Bluetooth part for Realtek 8852AE
    - Bluetooth: btusb: Enable MSFT extension for Mediatek Chip (MT7921)
    - Bluetooth: btusb: enable Mediatek to support AOSP extension
    - Bluetooth: btusb: Add one more Bluetooth part for the Realtek RTL8852AE
    - Bluetooth: btusb: Add the new support IDs for WCN6855
    - fget: clarify and improve __fget_files() implementation
    - Bluetooth: btusb: Add one more Bluetooth part for WCN6855
    - Bluetooth: add quirk disabling LE Read Transmit Power
    - Bluetooth: btbcm: disable read tx power for some Macs with the T2 Security
      chip
    - Bluetooth: btbcm: disable read tx power for MacBook Air 8,1 and 8,2

* Impish update: upstream stable patchset 2022-01-31 (LP: #1959627)
    - selftests: x86: fix [-Wstringop-overread] warn in test_process_vm_readv()
    - tracing: Fix check for trace_percpu_buffer validity in get_trace_buf()
    - tracing: Tag trace_percpu_buffer as a percpu pointer
    - ieee802154: atusb: fix uninit value in atusb_set_extended_addr
    - i40e: Fix to not show opcode msg on unsuccessful VF MAC change
    - iavf: Fix limit of total number of queues to active queues of VF
    - RDMA/core: Don't infoleak GRH fields
    - netrom: fix copying in user data in nr_setsockopt
    - RDMA/uverbs: Check for null return of kmalloc_array
    - mac80211: initialize variable have_higher_than_11mbit
    - sfc: The RX page_ring is optional
    - i40e: fix use-after-free in i40e_sync_filters_subtask()
    - i40e: Fix for displaying message regarding NVM version
    - i40e: Fix incorrect netdev's real number of RX/TX queues
    - ftrace/samples: Add missing prototypes direct functions
    - ipv4: Check attribute length for RTA_GATEWAY in multipath route
    - ipv4: Check attribute length for RTA_FLOW in multipath route
    - ipv6: Check attribute length for RTA_GATEWAY in multipath route
    - ipv6: Check attribute length for RTA_GATEWAY when deleting multipath route
    - lwtunnel: Validate RTA_ENCAP_TYPE attribute length
    - batman-adv: mcast: don't send link-local multicast to mcast routers
    - sch_qfq: prevent shift-out-of-bounds in qfq_init_qdisc
    - net: ena: Fix undefined state when tx request id is out of bounds
    - net: ena: Fix error handling when calculating max IO queues number
    - power: supply: core: Break capacity loop
    - power: reset: ltc2952: Fix use of floating point literals
    - rndis_host: support Hytera digital radios
    - phonet: refcount leak in pep_sock_accep
    - power: bq25890: Enable continuous conversion for ADC at charging
    - ipv6: Continue processing multipath route even if gateway attribute is
      invalid
    - ipv6: Do cleanup if attribute validation fails in multipath route
    - usb: mtu3: fix interval value for intr and isoc
    - scsi: libiscsi: Fix UAF in iscsi_conn_get_param()/iscsi_conn_teardown()
    - ip6_vti: initialize __ip6_tnl_parm struct in vti6_siocdevprivate
    - net: udp: fix alignment problem in udp4_seq_show()
    - atlantic: Fix buff_ring OOB in aq_ring_rx_clean
    - mISDN: change function names to avoid conflicts
    - drm/amd/display: Added power down for DCN10
    - ipv6: raw: check passed optlen before reading
    - ARM: dts: gpio-ranges property is now required
    - Input: zinitix - make sure the IRQ is allocated before it gets enabled
    - fscache_cookie_enabled: check cookie is valid before accessing it
    - Revert "net: usb: r8152: Add MAC passthrough support for more Lenovo Docks"
    - mac80211: mesh: embedd mesh_paths and mpp_paths into ieee80211_if_mesh
    - selftests: net: udpgro_fwd.sh: explicitly checking the available ping
      feature
    - sctp: hold endpoint before calling cb in sctp_transport_lookup_process
    - net: ena: Fix wrong rx request id by resetting device
    - md/raid1: fix missing bitmap update w/o WriteMostly devices
    - cgroup: Use open-time credentials for process migraton perm checks
    - cgroup: Allocate cgroup_file_ctx for kernfs_open_file->priv
    - cgroup: Use open-time cgroup namespace for process migration perm checks
    - i2c: mpc: Avoid out of bounds memory access
    - net ticp:fix a kernel-infoleak in __tipc_sendmsg()
    - fbdev: fbmem: add a helper to determine if an aperture is used by a fw fb
    - drm/amdgpu: disable runpm if we are the primary adapter
    - auxdisplay: charlcd: checking for pointer reference before dereferencing
    - drm/amd/pm: Fix xgmi link control on aldebaran
    - drm/amd/pm: skip setting gfx cgpg in the s0ix suspend-resume
    - drm/amdgpu: always reset the asic in suspend (v2)
    - drm/amdgpu: put SMU into proper state on runpm suspending for BOCO capable
      platform
    - userfaultfd/selftests: fix hugetlb area allocations

* Impish update: upstream stable patchset 2022-01-26 (LP: #1959134)
    - Input: i8042 - add deferred probe support
    - Input: i8042 - enable deferred probe quirk for ASUS UM325UA
    - tomoyo: Check exceeded quota early in tomoyo_domain_quota_is_ok().
    - tomoyo: use hwight16() in tomoyo_domain_quota_is_ok()
    - parisc: Clear stale IIR value on instruction access rights trap
    - platform/x86: apple-gmux: use resource_size() with res
    - memblock: fix memblock_phys_alloc() section mismatch error
    - recordmcount.pl: fix typo in s390 mcount regex
    - selinux: initialize proto variable in selinux_ip_postroute_compat()
    - scsi: lpfc: Terminate string in lpfc_debugfs_nvmeio_trc_write()
    - net/mlx5: DR, Fix NULL vs IS_ERR checking in dr_domain_init_resources
    - net/mlx5e: Wrap the tx reporter dump callback to extract the sq
    - net/mlx5e: Fix interoperability between XSK and ICOSQ recovery flow
    - net/mlx5e: Fix ICOSQ recovery flow for XSK
    - udp: using datalen to cap ipv6 udp max gso segments
    - selftests: Calculate udpgso segment count without header adjustment
    - sctp: use call_rcu to free endpoint
    - net/smc: fix using of uninitialized completions
    - net: usb: pegasus: Do not drop long Ethernet frames
    - net: ag71xx: Fix a potential double free in error handling paths
    - net: lantiq_xrx200: fix statistics of received bytes
    - NFC: st21nfca: Fix memory leak in device probe and remove
    - net/smc: don't send CDC/LLC message if link not ready
    - net/smc: fix kernel panic caused by race of smc_sock
    - igc: Fix TX timestamp support for non-MSI-X platforms
    - ionic: Initialize the 'lif->dbid_inuse' bitmap
    - net/mlx5e: Fix wrong features assignment in case of error
    - selftests/net: udpgso_bench_tx: fix dst ip argument
    - net/ncsi: check for error return from call to nla_put_u32
    - fsl/fman: Fix missing put_device() call in fman_port_probe
    - i2c: validate user data in compat ioctl
    - nfc: uapi: use kernel size_t to fix user-space builds
    - uapi: fix linux/nfc.h userspace compilation errors
    - drm/amdgpu: When the VCN(1.0) block is suspended, powergating is explicitly
      enabled
    - drm/amdgpu: add support for IP discovery gc_info table v2
    - xhci: Fresco FL1100 controller should not have BROKEN_MSI quirk set.
    - usb: gadget: f_fs: Clear ffs_eventfd in ffs_data_clear.
    - usb: mtu3: add memory barrier before set GPD's HWO
    - usb: mtu3: fix list_head check warning
    - usb: mtu3: set interval of FS intr and isoc endpoint
    - binder: fix async_free_space accounting for empty parcels
    - scsi: vmw_pvscsi: Set residual data length conditionally
    - Input: appletouch - initialize work before device registration
    - Input: spaceball - fix parsing of movement data packets
    - net: fix use-after-free in tw_timer_handler
    - perf script: Fix CPU filtering of a script's switch events
    - net/sched: Extend qdisc control block with tc control block
    - platform/mellanox: mlxbf-pmc: Fix an IS_ERR() vs NULL bug in
      mlxbf_pmc_map_counters
    - net/mlx5: Fix SF health recovery flow
    - net/mlx5: Fix tc max supported prio for nic mode
    - selftests: net: Fix a typo in udpgro_fwd.sh
    - selftests: net: using ping6 for IPv6 in udpgro_fwd.sh
    - fs/mount_setattr: always cleanup mount_kattr

* Impish update: upstream stable patchset 2022-01-21 (LP: #1958672)
    - arm64: vdso32: require CROSS_COMPILE_COMPAT for gcc+bfd
    - net: usb: lan78xx: add Allied Telesis AT29M2-AF
    - ext4: prevent partial update of the extent blocks
    - ext4: check for out-of-order index extents in ext4_valid_extent_entries()
    - ext4: check for inconsistent extents between index and leaf block
    - HID: holtek: fix mouse probing
    - HID: potential dereference of null pointer
    - arm64: dts: allwinner: orangepi-zero-plus: fix PHY mode
    - spi: change clk_disable_unprepare to clk_unprepare
    - ASoC: meson: aiu: fifo: Add missing dma_coerce_mask_and_coherent()
    - IB/qib: Fix memory leak in qib_user_sdma_queue_pkts()
    - RDMA/hns: Replace kfree() with kvfree()
    - netfilter: fix regression in looped (broad|multi)cast's MAC handling
    - ARM: dts: imx6qdl-wandboard: Fix Ethernet support
    - net: marvell: prestera: fix incorrect return of port_find
    - qlcnic: potential dereference null pointer of rx_queue->page_ring
    - net: accept UFOv6 packages in virtio_net_hdr_to_skb
    - net: skip virtio_net_hdr_set_proto if protocol already set
    - igb: fix deadlock caused by taking RTNL in RPM resume path
    - ipmi: Fix UAF when uninstall ipmi_si and ipmi_msghandler module
    - bonding: fix ad_actor_system option setting to default
    - fjes: Check for error irq
    - drivers: net: smc911x: Check for error irq
    - net: ks8851: Check for error irq
    - sfc: Check null pointer of rx_queue->page_ring
    - sfc: falcon: Check null pointer of rx_queue->page_ring
    - pinctrl: bcm2835: Change init order for gpio hogs
    - hwmon: (lm90) Fix usage of CONFIG2 register in detect function
    - hwmon: (lm90) Add basic support for TI TMP461
    - hwmon: (lm90) Introduce flag indicating extended temperature support
    - hwmon: (lm90) Drop critical attribute support for MAX6654
    - ALSA: jack: Check the return value of kstrdup()
    - ALSA: drivers: opl3: Fix incorrect use of vp->state
    - ALSA: hda/realtek: Amp init fixup for HP ZBook 15 G6
    - ALSA: hda/realtek: Add new alc285-hp-amp-init model
    - ALSA: hda/realtek: Fix quirk for Clevo NJ51CU
    - ASoC: meson: aiu: Move AIU_I2S_MISC hold setting to aiu-fifo-i2s
    - Input: atmel_mxt_ts - fix double free in mxt_read_info_block
    - ipmi: bail out if init_srcu_struct fails
    - ipmi: ssif: initialize ssif_info->client early
    - ipmi: fix initialization when workqueue allocation fails
    - parisc: Correct completer in lws start
    - parisc: Fix mask used to select futex spinlock
    - tee: handle lookup of shm with reference count 0
    - x86/pkey: Fix undefined behaviour with PKRU_WD_BIT
    - platform/x86: intel_pmc_core: fix memleak on registration failure
    - KVM: VMX: Wake vCPU when delivering posted IRQ even if vCPU == this vCPU
    - pinctrl: stm32: consider the GPIO offset to expose all the GPIO lines
    - gpio: dln2: Fix interrupts when replugging the device
    - mmc: sdhci-tegra: Fix switch to HS400ES mode
    - mmc: meson-mx-sdhc: Set MANUAL_STOP for multi-block SDIO commands
    - mmc: core: Disable card detect during shutdown
    - mmc: mmci: stm32: clear DLYB_CR after sending tuning command
    - ARM: 9169/1: entry: fix Thumb2 bug in iWMMXt exception handling
    - mac80211: fix locking in ieee80211_start_ap error path
    - mm/hwpoison: clear MF_COUNT_INCREASED before retrying get_any_page()
    - tee: optee: Fix incorrect page free bug
    - f2fs: fix to do sanity check on last xattr entry in __f2fs_setxattr()
    - usb: gadget: u_ether: fix race in setting MAC address in setup phase
    - KVM: VMX: Fix stale docs for kvm-intel.emulate_invalid_guest_state
    - mm: mempolicy: fix THP allocations escaping mempolicy restrictions
    - Input: elants_i2c - do not check Remark ID on eKTH3900/eKTH5312
    - Input: goodix - add id->model mapping for the "9111" model
    - ASoC: tas2770: Fix setting of high sample rates
    - ASoC: rt5682: fix the wrong jack type detected
    - pinctrl: mediatek: fix global-out-of-bounds issue
    - hwmom: (lm90) Fix citical alarm status for MAX6680/MAX6681
    - hwmon: (lm90) Do not report 'busy' status bit as alarm
    - ax25: NPD bug when detaching AX25 device
    - hamradio: defer ax25 kfree after unregister_netdev
    - hamradio: improve the incomplete fix to avoid NPD
    - phonet/pep: refuse to enable an unbound pipe
    - selftests: KVM: Fix non-x86 compiling
    - NFSD: Fix READDIR buffer overflow
    - PM: sleep: Fix error handling in dpm_prepare()
    - bus: sunxi-rsb: Fix shutdown
    - netfilter: nf_tables: fix use-after-free in nft_set_catchall_destroy()
    - ice: Use xdp_buf instead of rx_buf for xsk zero-copy
    - ice: xsk: return xsk buffers back to pool when cleaning the ring
    - tcp: move inet->rx_dst_ifindex to sk->sk_rx_dst_ifindex
    - ipv6: move inet6_sk(sk)->rx_dst_cookie to sk->sk_rx_dst_cookie
    - inet: fully convert sk->sk_rx_dst to RCU rules
    - io_uring: zero iocb->ki_pos for stream file types
    - veth: ensure skb entering GRO are not cloned.
    - net: bridge: Use array_size() helper in copy_to_user()
    - r8152: fix the force speed doesn't work for RTL8156
    - net: stmmac: dwmac-visconti: Fix value of ETHER_CLK_SEL_FREQ_SEL_2P5M
    - ARM: 9160/1: NOMMU: Reload __secondary_data after PROCINFO_INITFUNC
    - uapi: Fix undefined __always_inline on non-glibc systems
    - Revert "x86/boot: Pull up cmdline preparation and early param parsing"
    - x86/boot: Move EFI range reservation after cmdline parsing
    - ALSA: hda/hdmi: Disable silent stream on GLK
    - platform/x86: amd-pmc: only use callbacks for suspend
    - KVM: x86: Always set kvm_run->if_flag
    - KVM: x86/mmu: Don't advance iterator after restart due to yielding
    - KVM: nVMX: Synthesize TRIPLE_FAULT for L2 if emulation is required
    - mm, hwpoison: fix condition in free hugetlb page path
    - netfs: fix parameter of cleanup()
    - arm64: dts: lx2160a: fix scl-gpios property name
    - kfence: fix memory leak when cat kfence objects
    - Input: iqs626a - prohibit inlining of channel parsing functions
    - ASoC: SOF: Intel: pci-tgl: add ADL-M support
    - ASoC: SOF: Intel: pci-tgl: add new ADL-P variant
    - ASoC: SOF: Intel: pci-tgl: add ADL-N support
    - r8152: sync ocp base
    - tun: avoid double free in tun_free_netdev

* Impish update: upstream stable patchset 2022-01-18 (LP: #1958287)
    - netfilter: selftest: conntrack_vrf.sh: fix file permission
    - nfc: fix segfault in nfc_genl_dump_devices_done
    - drm/msm/dsi: set default num_data_lanes
    - KVM: arm64: Save PSTATE early on exit
    - s390/test_unwind: use raw opcode instead of invalid instruction
    - Revert "tty: serial: fsl_lpuart: drop earlycon entry for i.MX8QXP"
    - net/mlx4_en: Update reported link modes for 1/10G
    - ALSA: hda: Add Intel DG2 PCI ID and HDMI codec vid
    - ALSA: hda/hdmi: fix HDA codec entry table order for ADL-P
    - parisc/agp: Annotate parisc agp init functions with __init
    - i2c: rk3x: Handle a spurious start completion interrupt flag
    - net: netlink: af_netlink: Prevent empty skb by adding a check on len.
    - drm/amd/display: Fix for the no Audio bug with Tiled Displays
    - drm/amd/display: add connector type check for CRC source set
    - tracing: Fix a kmemleak false positive in tracing_map
    - staging: most: dim2: use device release method
    - fuse: make sure reclaim doesn't write the inode
    - hwmon: (dell-smm) Fix warning on /proc/i8k creation error
    - ethtool: do not perform operations on net devices being unregistered
    - perf inject: Fix itrace space allowed for new attributes
    - memblock: free_unused_memmap: use pageblock units instead of MAX_ORDER
    - memblock: align freed memory map on pageblock boundaries with SPARSEMEM
    - memblock: ensure there is no overflow in memblock_overlaps_region()
    - arm: extend pfn_valid to take into account freed memory map alignment
    - arm: ioremap: don't abuse pfn_valid() to check if pfn is in RAM
    - hwmon: (corsair-psu) fix plain integer used as NULL pointer
    - perf bpf_skel: Do not use typedef to avoid error on old clang
    - netfs: Fix lockdep warning from taking sb_writers whilst holding mmap_lock
    - ice: fix FDIR init missing when reset VF
    - drm/msm/dp: Avoid unpowered AUX xfers that caused crashes
    - KVM: selftests: Make sure kvm_create_max_vcpus test won't hit RLIMIT_NOFILE
    - KVM: downgrade two BUG_ONs to WARN_ON_ONCE
    - mac80211: fix regression in SSN handling of addba tx
    - mac80211: mark TX-during-stop for TX in in_reconfig
    - mac80211: send ADDBA requests using the tid/queue of the aggregation session
    - mac80211: validate extended element ID is present
    - firmware: arm_scpi: Fix string overflow in SCPI genpd driver
    - bpf: Fix signed bounds propagation after mov32
    - bpf: Make 32->64 bounds propagation slightly more robust
    - bpf, selftests: Add test case trying to taint map value pointer
    - virtio_ring: Fix querying of maximum DMA mapping size for virtio device
    - vdpa: check that offsets are within bounds
    - recordmcount.pl: look for jgnop instruction as well as bcrl on s390
    - dm btree remove: fix use after free in rebalance_children()
    - audit: improve robustness of the audit queue handling
    - arm64: dts: rockchip: remove mmc-hs400-enhanced-strobe from rk3399-khadas-
      edge
    - arm64: dts: rockchip: fix rk3308-roc-cc vcc-sd supply
    - arm64: dts: rockchip: fix rk3399-leez-p710 vcc3v3-lan supply
    - arm64: dts: rockchip: fix audio-supply for Rock Pi 4
    - mac80211: track only QoS data frames for admission control
    - tee: amdtee: fix an IS_ERR() vs NULL bug
    - ceph: fix duplicate increment of opened_inodes metric
    - ceph: initialize pathlen variable in reconnect_caps_cb
    - ARM: socfpga: dts: fix qspi node compatible
    - clk: Don't parent clks until the parent is fully registered
    - soc: imx: Register SoC device only on i.MX boards
    - virtio/vsock: fix the transport to work with VMADDR_CID_ANY
    - selftests: net: Correct ping6 expected rc from 2 to 1
    - s390/kexec_file: fix error handling when applying relocations
    - sch_cake: do not call cake_destroy() from cake_init()
    - inet_diag: fix kernel-infoleak for UDP sockets
    - net: hns3: fix use-after-free bug in hclgevf_send_mbx_msg
    - selftests: Add duplicate config only for MD5 VRF tests
    - selftests: Fix raw socket bind tests with VRF
    - selftests: Fix IPv6 address bind tests
    - dmaengine: st_fdma: fix MODULE_ALIAS
    - selftest/net/forwarding: declare NETIFS p9 p10
    - drm/ast: potential dereference of null pointer
    - mac80211: agg-tx: don't schedule_and_wake_txq() under sta->lock
    - mac80211: fix lookup when adding AddBA extension element
    - flow_offload: return EOPNOTSUPP for the unsupported mpls action type
    - rds: memory leak in __rds_conn_create()
    - drm/amd/pm: fix a potential gpu_metrics_table memory leak
    - mptcp: clear 'kern' flag from fallback sockets
    - soc/tegra: fuse: Fix bitwise vs. logical OR warning
    - igb: Fix removal of unicast MAC filters of VFs
    - igbvf: fix double free in `igbvf_probe`
    - igc: Fix typo in i225 LTR functions
    - ixgbe: Document how to enable NBASE-T support
    - ixgbe: set X550 MDIO speed before talking to PHY
    - netdevsim: Zero-initialize memory for new map's value in function
      nsim_bpf_map_alloc
    - sfc_ef100: potential dereference of null pointer
    - net: Fix double 0x prefix print in SKB dump
    - net/smc: Prevent smc_release() from long blocking
    - net: systemport: Add global locking for descriptor lifecycle
    - sit: do not call ipip6_dev_free() from sit_init_net()
    - bpf, selftests: Fix racing issue in btf_skc_cls_ingress test
    - powerpc/85xx: Fix oops when CONFIG_FSL_PMC=n
    - USB: gadget: bRequestType is a bitfield, not a enum
    - Revert "usb: early: convert to readl_poll_timeout_atomic()"
    - KVM: x86: Drop guest CPUID check for host initiated writes to
      MSR_IA32_PERF_CAPABILITIES
    - tty: n_hdlc: make n_hdlc_tty_wakeup() asynchronous
    - USB: NO_LPM quirk Lenovo USB-C to Ethernet Adapher(RTL8153-04)
    - usb: dwc2: fix STM ID/VBUS detection startup delay in dwc2_driver_probe
    - PCI/MSI: Clear PCI_MSIX_FLAGS_MASKALL on error
    - PCI/MSI: Mask MSI-X vectors only on success
    - usb: xhci: Extend support for runtime power management for AMD's Yellow
      carp.
    - USB: serial: cp210x: fix CP2105 GPIO registration
    - USB: serial: option: add Telit FN990 compositions
    - btrfs: fix memory leak in __add_inode_ref()
    - btrfs: fix double free of anon_dev after failure to create subvolume
    - zonefs: add MODULE_ALIAS_FS
    - iocost: Fix divide-by-zero on donation from low hweight cgroup
    - serial: 8250_fintek: Fix garbled text for console
    - timekeeping: Really make sure wall_to_monotonic isn't positive
    - libata: if T_LENGTH is zero, dma direction should be DMA_NONE
    - drm/amdgpu: correct register access for RLC_JUMP_TABLE_RESTORE
    - Input: touchscreen - avoid bitwise vs logical OR warning
    - ARM: dts: imx6ull-pinfunc: Fix CSI_DATA07__ESAI_TX0 pad name
    - media: mxl111sf: change mutex_init() location
    - fuse: annotate lock in fuse_reverse_inval_entry()
    - ovl: fix warning in ovl_create_real()
    - scsi: scsi_debug: Don't call kcalloc() if size arg is zero
    - scsi: scsi_debug: Fix type in min_t to avoid stack OOB
    - scsi: scsi_debug: Sanity check block descriptor length in resp_mode_select()
    - rcu: Mark accesses to rcu_state.n_force_qs
    - bus: ti-sysc: Fix variable set but not used warning for reinit_modules
    - xen/blkfront: harden blkfront against event channel storms
    - xen/netfront: harden netfront against event channel storms
    - xen/console: harden hvc_xen against event channel storms
    - xen/netback: fix rx queue stall detection
    - xen/netback: don't queue unlimited number of packages
    - KVM: VMX: clear vmx_x86_ops.sync_pir_to_irr if APICv is disabled
    - x86/kvm: remove unused ack_notifier callbacks
    - bpf: Fix kernel address leakage in atomic fetch
    - bpf, selftests: Add test case for atomic fetch on spilled pointer
    - bpf: Fix kernel address leakage in atomic cmpxchg's r0 aux reg
    - bpf, selftests: Update test case for atomic cmpxchg on r0 with pointer
    - s390/entry: fix duplicate tracking of irq nesting level
    - ceph: fix up non-directory creation in SGID directories
    - btrfs: convert latest_bdev type to btrfs_device and rename
    - btrfs: use latest_dev in btrfs_show_devname
    - btrfs: update latest_dev when we create a sprout device
    - btrfs: remove stale comment about the btrfs_show_devname
    - drm/i915/hdmi: convert intel_hdmi_to_dev to intel_hdmi_to_i915
    - drm/i915/hdmi: Turn DP++ TMDS output buffers back on in encoder->shutdown()
    - pinctrl: amd: Fix wakeups when IRQ is shared with SCI
    - arm64: dts: rockchip: fix poweroff on helios64
    - dmaengine: idxd: add halt interrupt support
    - dmaengine: idxd: fix calling wq quiesce inside spinlock
    - arm64: dts: imx8mq: remove interconnect property from lcdif
    - iwlwifi: mvm: don't crash on invalid rate w/o STA
    - vdpa: Consider device id larger than 31
    - netdevsim: don't overwrite read only ethtool parms
    - dmaengine: idxd: fix missed completion on abort path
    - net: dsa: mv88e6xxx: Unforce speed & duplex in mac_link_down()
    - mptcp: never allow the PM to close a listener subflow
    - cfg80211: Acquire wiphy mutex on regulatory work
    - net: stmmac: fix tc flower deletion for VLAN priority Rx steering
    - mptcp: remove tcp ulp setsockopt support
    - mptcp: fix deadlock in __mptcp_push_pending()
    - dsa: mv88e6xxx: fix debug print for SPEED_UNFORCED
    - arm64: kexec: Fix missing error code 'ret' warning in load_other_segments()
    - bpf: Fix extable fixup offset.
    - usb: cdnsp: Fix incorrect status for control request
    - usb: cdnsp: Fix incorrect calling of cdnsp_died function
    - usb: cdnsp: Fix issue in cdnsp_log_ep trace event
    - usb: cdnsp: Fix lack of spin_lock_irqsave/spin_lock_restore
    - usb: typec: tcpm: fix tcpm unregister port but leave a pending timer
    - selinux: fix sleeping function called from invalid context
    - btrfs: check WRITE_ERR when trying to read an extent buffer
    - btrfs: fix missing blkdev_put() call in btrfs_scan_one_device()
    - cifs: sanitize multiple delimiters in prepath
    - riscv: dts: unleashed: Add gpio card detect to mmc-spi-slot
    - riscv: dts: unmatched: Add gpio card detect to mmc-spi-slot
    - drm/amdgpu: don't override default ECO_BITs setting
    - drm/amd/pm: fix reading SMU FW version from amdgpu_firmware_info on YC
    - can: m_can: make custom bittiming fields const
    - can: m_can: pci: use custom bit timings for Elkhart Lake
    - mptcp: add missing documented NL params
    - USB: core: Make do_proc_control() and do_proc_bulk() killable

* Impish update: upstream stable patchset 2022-01-13 (LP: #1957832)
    - usb: gadget: uvc: fix multiple opens
    - HID: quirks: Add quirk for the Microsoft Surface 3 type-cover
    - HID: google: add eel USB id
    - HID: add hid_is_usb() function to make it simpler for USB detection
    - HID: add USB_HID dependancy to hid-prodikeys
    - HID: add USB_HID dependancy to hid-chicony
    - HID: add USB_HID dependancy on some USB HID drivers
    - HID: bigbenff: prevent null pointer dereference
    - HID: wacom: fix problems when device is not a valid USB device
    - HID: check for valid USB device for many HID drivers
    - nft_set_pipapo: Fix bucket load in AVX2 lookup routine for six 8-bit groups
    - IB/hfi1: Insure use of smp_processor_id() is preempt disabled
    - IB/hfi1: Fix early init panic
    - IB/hfi1: Fix leak of rcvhdrtail_dummy_kvaddr
    - can: kvaser_usb: get CAN clock frequency from device
    - can: kvaser_pciefd: kvaser_pciefd_rx_error_frame(): increase correct
      stats->{rx,tx}_errors counter
    - can: sja1000: fix use after free in ems_pcmcia_add_card()
    - x86/sme: Explicitly map new EFI memmap table as encrypted
    - nfc: fix potential NULL pointer deref in nfc_genl_dump_ses_done
    - selftests: netfilter: add a vrf+conntrack testcase
    - vrf: don't run conntrack on vrf with !dflt qdisc
    - bpf, x86: Fix "no previous prototype" warning
    - bpf: Fix the off-by-two error in range markings
    - ice: ignore dropped packets during init
    - bonding: make tx_rebalance_counter an atomic
    - nfp: Fix memory leak in nfp_cpp_area_cache_add()
    - seg6: fix the iif in the IPv6 socket control block
    - udp: using datalen to cap max gso segments
    - netfilter: conntrack: annotate data-races around ct->timeout
    - iavf: restore MSI state on reset
    - iavf: Fix reporting when setting descriptor count
    - IB/hfi1: Correct guard on eager buffer deallocation
    - devlink: fix netns refcount leak in devlink_nl_cmd_reload()
    - net/sched: fq_pie: prevent dismantle issue
    - KVM: x86: Wait for IPIs to be delivered when handling Hyper-V TLB flush
      hypercall
    - mm: bdi: initialize bdi_min_ratio when bdi is unregistered
    - ALSA: ctl: Fix copy of updated id with element read/write
    - ALSA: hda/realtek - Add headset Mic support for Lenovo ALC897 platform
    - ALSA: hda/realtek: Fix quirk for TongFang PHxTxX1
    - ALSA: pcm: oss: Fix negative period/buffer sizes
    - ALSA: pcm: oss: Limit the period size to 16MB
    - ALSA: pcm: oss: Handle missing errors in snd_pcm_oss_change_params*()
    - scsi: qla2xxx: Format log strings only if needed
    - btrfs: clear extent buffer uptodate when we fail to write it
    - btrfs: replace the BUG_ON in btrfs_del_root_ref with proper error handling
    - md: fix update super 1.0 on rdev size change
    - nfsd: fix use-after-free due to delegation race
    - nfsd: Fix nsfd startup race (again)
    - tracefs: Have new files inherit the ownership of their parent
    - mmc: renesas_sdhi: initialize variable properly when tuning
    - clk: qcom: regmap-mux: fix parent clock lookup
    - drm/syncobj: Deal with signalled fences in drm_syncobj_find_fence.
    - can: pch_can: pch_can_rx_normal: fix use after free
    - can: m_can: Disable and ignore ELO interrupt
    - libata: add horkage for ASMedia 1092
    - wait: add wake_up_pollfree()
    - SAUCE: binder: export __wake_up_pollfree for binder module
    - binder: use wake_up_pollfree()
    - signalfd: use wake_up_pollfree()
    - aio: keep poll requests on waitqueue until completed
    - aio: fix use-after-free due to missing POLLFREE handling
    - net: mvpp2: fix XDP rx queues registering
    - tracefs: Set all files to the same group ownership as the mount option
    - block: fix ioprio_get(IOPRIO_WHO_PGRP) vs setuid(2)
    - scsi: pm80xx: Do not call scsi_remove_host() in pm8001_alloc()
    - scsi: scsi_debug: Fix buffer size of REPORT ZONES command
    - qede: validate non LSO skb length
    - PM: runtime: Fix pm_runtime_active() kerneldoc comment
    - ASoC: rt5682: Fix crash due to out of scope stack vars
    - ASoC: qdsp6: q6routing: Fix return value from msm_routing_put_audio_mixer
    - ASoC: codecs: wsa881x: fix return values from kcontrol put
    - ASoC: codecs: wcd934x: handle channel mappping list correctly
    - ASoC: codecs: wcd934x: return correct value from mixer put
    - RDMA/hns: Do not halt commands during reset until later
    - RDMA/hns: Do not destroy QP resources in the hw resetting phase
    - clk: imx: use module_platform_driver
    - i40e: Fix failed opcode appearing if handling messages from VF
    - i40e: Fix pre-set max number of queues for VF
    - mtd: rawnand: fsmc: Take instruction delay into account
    - mtd: rawnand: fsmc: Fix timing computation
    - i40e: Fix NULL pointer dereference in i40e_dbg_dump_desc
    - Revert "PCI: aardvark: Fix support for PCI_ROM_ADDRESS1 on emulated bridge"
    - perf tools: Fix SMT detection fast read path
    - Documentation/locking/locktypes: Update migrate_disable() bits.
    - dt-bindings: net: Reintroduce PHY no lane swap binding
    - tools build: Remove needless libpython-version feature check that breaks
      test-all fast path
    - net: cdc_ncm: Allow for dwNtbOutMaxSize to be unset or zero
    - net: altera: set a couple error code in probe()
    - net: fec: only clear interrupt of handling queue in fec_enet_rx_queue()
    - net, neigh: clear whole pneigh_entry at alloc time
    - net/qla3xxx: fix an error code in ql_adapter_up()
    - Revert "UBUNTU: SAUCE: selftests: fib_tests: assign address to dummy1 for
      rp_filter tests"
    - selftests/fib_tests: Rework fib_rp_filter_test()
    - USB: gadget: detect too-big endpoint 0 requests
    - USB: gadget: zero allocate endpoint 0 buffers
    - usb: core: config: fix validation of wMaxPacketValue entries
    - xhci: Remove CONFIG_USB_DEFAULT_PERSIST to prevent xHCI from runtime
      suspending
    - usb: core: config: using bit mask instead of individual bits
    - xhci: avoid race between disable slot command and host runtime suspend
    - iio: gyro: adxrs290: fix data signedness
    - iio: trigger: Fix reference counting
    - iio: trigger: stm32-timer: fix MODULE_ALIAS
    - iio: stk3310: Don't return error code in interrupt handler
    - iio: mma8452: Fix trigger reference couting
    - iio: ltr501: Don't return error code in trigger handler
    - iio: kxsd9: Don't return error code in trigger handler
    - iio: itg3200: Call iio_trigger_notify_done() on error
    - iio: dln2-adc: Fix lockdep complaint
    - iio: dln2: Check return value of devm_iio_trigger_register()
    - iio: at91-sama5d2: Fix incorrect sign extension
    - iio: adc: stm32: fix a current leak by resetting pcsel before disabling vdda
    - iio: adc: axp20x_adc: fix charging current reporting on AXP22x
    - iio: ad7768-1: Call iio_trigger_notify_done() on error
    - iio: accel: kxcjk-1013: Fix possible memory leak in probe and remove
    - csky: fix typo of fpu config macro
    - irqchip/aspeed-scu: Replace update_bits with write_bits.
    - irqchip/armada-370-xp: Fix return value of armada_370_xp_msi_alloc()
    - irqchip/armada-370-xp: Fix support for Multi-MSI interrupts
    - irqchip/irq-gic-v3-its.c: Force synchronisation when issuing INVALL
    - irqchip: nvic: Fix offset for Interrupt Priority Offsets
    - misc: fastrpc: fix improper packet size calculation
    - bpf: Add selftests to cover packet access corner cases
    - HID: intel-ish-hid: ipc: only enable IRQ wakeup when requested
    - mmc: spi: Add device-tree SPI IDs
    - HID: Ignore battery for Elan touchscreen on Asus UX550VE
    - can: m_can: pci: fix incorrect reference clock rate
    - net: dsa: mv88e6xxx: fix "don't use PHY_DETECT on internal PHY's"
    - net: dsa: mv88e6xxx: allow use of PHYs on CPU and DSA ports
    - bpf: Make sure bpf_disable_instrumentation() is safe vs preemption.
    - netfilter: nft_exthdr: break evaluation if setting TCP option fails
    - net: bcm4908: Handle dma_set_coherent_mask error codes
    - net: dsa: mv88e6xxx: error handling for serdes_power functions
    - net: dsa: felix: Fix memory leak in felix_setup_mmio_filtering
    - KVM: x86: Don't WARN if userspace mucks with RCX during string I/O exit
    - KVM: x86: Ignore sparse banks size for an "all CPUs", non-sparse IPI req
    - timers: implement usleep_idle_range()
    - btrfs: fix re-dirty process of tree-log nodes
    - btrfs: free exchange changeset on failures
    - perf intel-pt: Fix some PGE (packet generation enable/control flow packets)
      usage
    - perf intel-pt: Fix sync state when a PSB (synchronization) packet is found
    - perf intel-pt: Fix intel_pt_fup_event() assumptions about setting state type
    - perf intel-pt: Fix state setting when receiving overflow (OVF) packet
    - perf intel-pt: Fix next 'err' value, walking trace
    - perf intel-pt: Fix missing 'instruction' events with 'q' option
    - perf intel-pt: Fix error timestamp setting on the decoder error path
    - selftests: KVM: avoid failures due to reserved HyperTransport region
    - hwmon: (pwm-fan) Ensure the fan going on in .probe()
    - thermal: int340x: Fix VCoRefLow MMIO bit offset for TGL
    - i2c: mpc: Use atomic read and fix break condition
    - ALSA: usb-audio: Reorder snd_djm_devices[] entries
    - clk: qcom: clk-alpha-pll: Don't reconfigure running Trion
    - misc: rtsx: Avoid mangling IRQ during runtime PM
    - bus: mhi: pci_generic: Fix device recovery failed issue
    - bus: mhi: core: Add support for forced PM resume
    - clocksource/drivers/dw_apb_timer_of: Fix probe failure

* Impish update: upstream stable patchset 2022-01-07 (LP: #1956791)
    - can: j1939: j1939_tp_cmd_recv(): check the dst address of TP.CM_BAM
    - gfs2: release iopen glock early in evict
    - gfs2: Fix length of holes reported at end-of-file
    - powerpc/pseries/ddw: Revert "Extend upper limit for huge DMA window for
      persistent memory"
    - drm/sun4i: fix unmet dependency on RESET_CONTROLLER for PHY_SUN6I_MIPI_DPHY
    - mac80211: do not access the IV when it was stripped
    - net/smc: Transfer remaining wait queue entries during fallback
    - atlantic: Fix OOB read and write in hw_atl_utils_fw_rpc_wait
    - net: return correct error code
    - platform/x86: thinkpad_acpi: Add support for dual fan control
    - platform/x86: thinkpad_acpi: Fix WWAN device disabled issue after S3 deep
    - s390/setup: avoid using memblock_enforce_memory_limit
    - btrfs: check-integrity: fix a warning on write caching disabled disk
    - thermal: core: Reset previous low and high trip during thermal zone init
    - scsi: iscsi: Unblock session then wake up error handler
    - drm/amd/amdkfd: Fix kernel panic when reset failed and been triggered again
    - drm/amd/amdgpu: fix potential memleak
    - ata: ahci: Add Green Sardine vendor ID as board_ahci_mobile
    - ethernet: hisilicon: hns: hns_dsaf_misc: fix a possible array overflow in
      hns_dsaf_ge_srst_by_port()
    - ipv6: check return value of ipv6_skip_exthdr
    - net: tulip: de4x5: fix the problem that the array 'lp->phy[8]' may be out of
      bound
    - net: ethernet: dec: tulip: de4x5: fix possible array overflows in
      type3_infoblock()
    - perf inject: Fix ARM SPE handling
    - perf hist: Fix memory leak of a perf_hpp_fmt
    - perf report: Fix memory leaks around perf_tip()
    - net/smc: Avoid warning of possible recursive locking
    - ACPI: Add stubs for wakeup handler functions
    - vrf: Reset IPCB/IP6CB when processing outbound pkts in vrf dev xmit
    - kprobes: Limit max data_size of the kretprobe instances
    - rt2x00: do not mark device gone on EPROTO errors during start
    - cpufreq: Fix get_cpu_device() failure in add_cpu_dev_symlink()
    - s390/pci: move pseudo-MMIO to prevent MIO overlap
    - sata_fsl: fix UAF in sata_fsl_port_stop when rmmod sata_fsl
    - sata_fsl: fix warning in remove_proc_entry when rmmod sata_fsl
    - ipv6: fix memory leak in fib6_rule_suppress
    - drm/amd/display: Allow DSC on supported MST branch devices
    - KVM: Disallow user memslot with size that exceeds "unsigned long"
    - KVM: nVMX: Flush current VPID (L1 vs. L2) for KVM_REQ_TLB_FLUSH_GUEST
    - KVM: x86: Use a stable condition around all VT-d PI paths
    - KVM: arm64: Avoid setting the upper 32 bits of TCR_EL2 and CPTR_EL2 to 1
    - KVM: X86: Use vcpu->arch.walk_mmu for kvm_mmu_invlpg()
    - tracing/histograms: String compares should not care about signed values
    - wireguard: selftests: increase default dmesg log size
    - wireguard: allowedips: add missing __rcu annotation to satisfy sparse
    - wireguard: selftests: actually test for routing loops
    - wireguard: selftests: rename DEBUG_PI_LIST to DEBUG_PLIST
    - wireguard: device: reset peer src endpoint when netns exits
    - wireguard: receive: use ring buffer for incoming handshakes
    - wireguard: receive: drop handshakes if queue lock is contended
    - wireguard: ratelimiter: use kvcalloc() instead of kvzalloc()
    - i2c: stm32f7: flush TX FIFO upon transfer errors
    - i2c: stm32f7: recover the bus on access timeout
    - i2c: stm32f7: stop dma transfer in case of NACK
    - i2c: cbus-gpio: set atomic transfer callback
    - natsemi: xtensa: fix section mismatch warnings
    - tcp: fix page frag corruption on page fault
    - net: qlogic: qlcnic: Fix a NULL pointer dereference in
      qlcnic_83xx_add_rings()
    - net: mpls: Fix notifications when deleting a device
    - siphash: use _unaligned version by default
    - arm64: ftrace: add missing BTIs
    - net/mlx4_en: Fix an use-after-free bug in mlx4_en_try_alloc_resources()
    - selftests: net: Correct case name
    - mt76: mt7915: fix NULL pointer dereference in mt7915_get_phy_mode
    - ASoC: tegra: Fix wrong value type in ADMAIF
    - ASoC: tegra: Fix wrong value type in I2S
    - ASoC: tegra: Fix wrong value type in DMIC
    - ASoC: tegra: Fix wrong value type in DSPK
    - ASoC: tegra: Fix kcontrol put callback in ADMAIF
    - ASoC: tegra: Fix kcontrol put callback in I2S
    - ASoC: tegra: Fix kcontrol put callback in DMIC
    - ASoC: tegra: Fix kcontrol put callback in DSPK
    - ASoC: tegra: Fix kcontrol put callback in AHUB
    - rxrpc: Fix rxrpc_peer leak in rxrpc_look_up_bundle()
    - rxrpc: Fix rxrpc_local leak in rxrpc_lookup_peer()
    - ALSA: intel-dsp-config: add quirk for CML devices based on ES8336 codec
    - net: usb: lan78xx: lan78xx_phy_init(): use PHY_POLL instead of "0" if no IRQ
      is available
    - net: marvell: mvpp2: Fix the computation of shared CPUs
    - dpaa2-eth: destroy workqueue at the end of remove function
    - net: annotate data-races on txq->xmit_lock_owner
    - ipv4: convert fib_num_tclassid_users to atomic_t
    - net/smc: fix wrong list_del in smc_lgr_cleanup_early
    - net/rds: correct socket tunable error in rds_tcp_tune()
    - drm/msm/a6xx: Allocate enough space for GMU registers
    - drm/msm: Do hw_init() before capturing GPU state
    - atlantic: Increase delay for fw transactions
    - atlatnic: enable Nbase-t speeds with base-t
    - atlantic: Fix to display FW bundle version instead of FW mac version.
    - atlantic: Add missing DIDs and fix 115c.
    - Remove Half duplex mode speed capabilities.
    - atlantic: Fix statistics logic for production hardware
    - atlantic: Remove warn trace message.
    - KVM: x86/pmu: Fix reserved bits for AMD PerfEvtSeln register
    - KVM: VMX: Set failure code in prepare_vmcs02()
    - x86/sev: Fix SEV-ES INS/OUTS instructions for word, dword, and qword
    - x86/entry: Use the correct fence macro after swapgs in kernel CR3
    - x86/xen: Add xenpv_restore_regs_and_return_to_usermode()
    - sched/uclamp: Fix rq->uclamp_max not set on first enqueue
    - x86/entry: Add a fence for kernel entry SWAPGS in paranoid_entry()
    - parisc: Fix KBUILD_IMAGE for self-extracting kernel
    - parisc: Fix "make install" on newer debian releases
    - vgacon: Propagate console boot parameters before calling `vc_resize'
    - xhci: Fix commad ring abort, write all 64 bits to CRCR register.
    - USB: NO_LPM quirk Lenovo Powered USB-C Travel Hub
    - usb: typec: tcpm: Wait in SNK_DEBOUNCED until disconnect
    - x86/tsc: Add a timer to make sure TSC_adjust is always checked
    - x86/tsc: Disable clocksource watchdog for TSC on qualified platorms
    - x86/64/mm: Map all kernel memory into trampoline_pgd
    - tty: serial: msm_serial: Deactivate RX DMA for polling support
    - serial: pl011: Add ACPI SBSA UART match id
    - serial: tegra: Change lower tolerance baud rate limit for tegra20 and
      tegra30
    - serial: core: fix transmit-buffer reset and memleak
    - serial: 8250_pci: Fix ACCES entries in pci_serial_quirks array
    - serial: 8250_pci: rewrite pericom_do_set_divisor()
    - serial: 8250: Fix RTS modem control while in rs485 mode
    - iwlwifi: mvm: retry init flow if failed
    - parisc: Mark cr16 CPU clocksource unstable on all SMP machines
    - net/tls: Fix authentication failure in CCM mode
    - ALSA: usb-audio: Restrict rates for the shared clocks
    - ALSA: usb-audio: Check available frames for the next packet size
    - ALSA: usb-audio: Add spinlock to stop_urbs()
    - ALSA: usb-audio: Avoid killing in-flight URBs during draining
    - mac80211: fix throughput LED trigger
    - x86/hyperv: Move required MSRs check to initial platform probing
    - platform/x86: dell-wmi-descriptor: disable by default
    - btrfs: silence lockdep when reading chunk tree during mount
    - drm/amd/pm: Remove artificial freq level on Navi1x
    - perf sort: Fix the 'weight' sort key behavior
    - perf sort: Fix the 'ins_lat' sort key behavior
    - perf sort: Fix the 'p_stage_cyc' sort key behavior
    - tracing: Don't use out-of-sync va_list in event printing
    - dma-buf: system_heap: Use 'for_each_sgtable_sg' in pages free flow
    - drm/i915/dp: Perform 30ms delay after source OUI write
    - KVM: SVM: move check for kvm_vcpu_apicv_active outside of
      avic_vcpu_{put|load}
    - KVM: fix avic_set_running for preemptable kernels
    - KVM: x86/mmu: Fix TDP MMU page table level
    - KVM: x86/mmu: Fix TLB flush range when handling disconnected pt
    - KVM: x86: ignore APICv if LAPIC is not enabled
    - KVM: nVMX: Abide to KVM_REQ_TLB_FLUSH_GUEST request on nested vmentry/vmexit
    - KVM: x86: check PIR even for vCPUs with disabled APICv
    - net: dsa: mv88e6xxx: Fix application of erratum 4.8 for 88E6393X
    - net: dsa: mv88e6xxx: Drop unnecessary check in
      mv88e6393x_serdes_erratum_4_6()
    - net: dsa: mv88e6xxx: Save power by disabling SerDes trasmitter and receiver
    - net: dsa: mv88e6xxx: Add fix for erratum 5.2 of 88E6393X family
    - net: dsa: mv88e6xxx: Fix inband AN for 2500base-x on 88E6393X family
    - net: dsa: mv88e6xxx: Link in pcs_get_state() if AN is bypassed
    - iwlwifi: fix warnings produced by kernel debug options
    - net: stmmac: Avoid DMA_CHAN_CONTROL write if no Split Header support
    - octeontx2-af: Fix a memleak bug in rvu_mbox_init()
    - drm/vc4: kms: Wait for the commit before increasing our clock rate
    - drm/vc4: kms: Fix return code check
    - drm/vc4: kms: Add missing drm_crtc_commit_put
    - drm/vc4: kms: Clear the HVS FIFO commit pointer once done
    - drm/vc4: kms: Don't duplicate pending commit
    - drm/vc4: kms: Fix previous HVS commit wait
    - KVM: x86/mmu: Skip tlb flush if it has been done in zap_gfn_range()
    - KVM: SEV: initialize regions_list of a mirror VM
    - preempt/dynamic: Fix setup_preempt_mode() return value
    - KVM: SEV: Return appropriate error codes if SEV-ES scratch setup fails
    - serial: 8250_bcm7271: UART errors after resuming from S2
    - usb: cdns3: gadget: fix new urb never complete if ep cancel previous
      requests
    - usb: cdnsp: Fix a NULL pointer dereference in cdnsp_endpoint_init()
    - serial: liteuart: Fix NULL pointer dereference in ->remove()
    - serial: liteuart: fix use-after-free and memleak on unbind
    - serial: liteuart: fix minor-number leak on probe errors

* CVE-2022-23222
    - bpf: Fix out of bounds access from invalid *_or_null type verification
    - bpf: Don't promote bogus looking registers after null check.
    - bpf, selftests: Add verifier test for mem_or_null register with offset.

-- Kleber Sacilotto de Souza <kleber.souza@canonical.com>  Tue, 15 Mar 2022 14:58:20 +0100

Changed in linux (Ubuntu Impish):
status:	Fix Committed → Fix Released

Revision history for this message

Frank Heimes (fheimes) wrote on 2022-03-21:

#6

Meanwhile this also landed in jammy:
linux-generic | 5.15.0.23.25 | jammy
hence updating the "affects jammy" entry to Fix Released,
and with that the project entry becomes Fix Released, too.

Changed in linux (Ubuntu Jammy):
status:	In Progress → Fix Released
Changed in ubuntu-z-systems:
status:	In Progress → Fix Released

Revision history for this message

bugproxy (bugproxy) wrote on 2022-03-30:

#7

------- Comment From <email address hidden> 2022-03-30 11:40 EDT-------
With the fix being available for focal, impish and jammy, we can close the bug.
Changing IBM BZ status to: ==> CLOSED

Ubuntu
linux package

[UBUNTU 21.10] s390/cio: verify the driver availability for path_event call

Bug Description

CVE References

Other bug subscribers

Remote bug watches

	Status	Importance	Assigned to
Ubuntu on IBM z Systems	Fix Released	High	Skipper Bug Screeners
linux (Ubuntu)	Fix Released	High	Krzysztof Kozlowski
Impish	Fix Released	High	Krzysztof Kozlowski
Jammy	Fix Released	High	Krzysztof Kozlowski

Ubuntulinux package

[UBUNTU 21.10] s390/cio: verify the driver availability for path_event call

Bug Description

CVE References

Other bug subscribers

Remote bug watches

Ubuntu
linux package