Performing function level reset of AMD onboard USB and audio devices causes system lockup

Bug #1865988 reported by Bulk Adhesive on 2020-03-04
22
This bug affects 4 people
Affects Status Importance Assigned to Milestone
linux (Ubuntu)
Status tracked in Groovy
Bionic
Undecided
You-Sheng Yang
Eoan
Undecided
You-Sheng Yang
Focal
Undecided
You-Sheng Yang
Groovy
Undecided
You-Sheng Yang
linux-oem-5.6 (Ubuntu)
Status tracked in Groovy
Bionic
Undecided
Unassigned
Eoan
Undecided
Unassigned
Focal
Undecided
You-Sheng Yang
Groovy
Undecided
Unassigned
linux-oem-osp1 (Ubuntu)
Status tracked in Groovy
Bionic
Undecided
You-Sheng Yang
Eoan
Undecided
Unassigned
Focal
Undecided
Unassigned
Groovy
Undecided
Unassigned

Bug Description

[SRU Justifcation]

[Impact]

Devices affected:

* [1022:148c] USB controller [0c03]: Advanced Micro Devices, Inc. [AMD] Starship
  USB 3.0 Host Controller
* [1022:149c] USB controller [0c03]: Advanced Micro Devices, Inc. [AMD] Matisse
  USB 3.0 Host Controller
* [1022:1487] Audio device [0403]: Advanced Micro Devices, Inc. [AMD]
  Starship/Matisse HD Audio Controller

Despite advertising FLReset device capabilities, performing a function level
reset of either of these devices causes the system to lock up. This is of
particular issue where these devices appear in their own IOMMU groups and are
well suited to VFIO passthrough.

Issue was introduced in AMD's "AGESA Combo-AM4 1.0.0.4 Patch B" microcode
update, and affects dozens of motherboard models across various vendors.

Additional discussion of this issue:
https://www.reddit.com/r/VFIO/comments/eba5mh/workaround_patch_for_passing_through_usb_and/

[Fix]

Two commits currently landed in linux-pci pci/virutualization:
* 0d14f06cd665 PCI: Avoid FLR for AMD Matisse HD Audio & USB 3.0
* 5727043c73fd PCI: Avoid FLR for AMD Starship USB 3.0

[Test Case]

Peform the test on an impacted system:

* B350, B450, X370, X470, X570 motherboards (practically anything with an AM4
  socket);
* Ryzen 3000-series CPU (2000-series possibly also affected);
* BIOS/UEFI firmware that includes "AGESA Combo-AM4 1.0.0.4 Patch B" (check
  vendor release notes)

In the above case where '0000:10:00.3' is the USB controller '1022:149c', issue
a reset command:

  $ echo 1 | sudo tee /sys/bus/pci/devices/0000\:10\:00.3/reset

Impacted systems will not return successfully and become unstable, requiring a
reboot. `/var/logs/syslog` will show something resembling the following:

  xhci_hcd 0000:10:00.3: not ready 1023ms after FLR; waiting
  xhci_hcd 0000:10:00.3: not ready 2047ms after FLR; waiting
  xhci_hcd 0000:10:00.3: not ready 4095ms after FLR; waiting
  xhci_hcd 0000:10:00.3: not ready 8191ms after FLR; waiting
  xhci_hcd 0000:10:00.3: not ready 16383ms after FLR; waiting
  xhci_hcd 0000:10:00.3: not ready 32767ms after FLR; waiting
  xhci_hcd 0000:10:00.3: not ready 65535ms after FLR; giving up
  clocksource: timekeeping watchdog on CPU14: Marking clocksource 'tsc' as unstable because the skew is too large:
  clocksource: 'hpet' wd_now: f63fcfe wd_last: d468894 mask: ffffffff
  clocksource: 'tsc' cs_now: 60e67e17758 cs_last: 60d2a81ce24 mask: ffffffffffffffff
  tsc: Marking TSC unstable due to clocksource watchdog
  TSC found unstable after boot, most likely due to broken BIOS. Use 'tsc=unstable'.
  sched_clock: Marking unstable (1817664630139, 314261908)<-(1817981099530, -2209419)

[Regression Risk]
Low. These two patches affect only systems with a device needs fix.

========== Original Bug Description ==========

$ lsb_release -rd
Description: Ubuntu 19.10
Release: 19.10

[Impact]

Devices affected:

* [1022:149c] USB controller [0c03]: Advanced Micro Devices, Inc. [AMD] Matisse USB 3.0 Host Controller
* [1022:1487] Audio device [0403]: Advanced Micro Devices, Inc. [AMD] Starship/Matisse HD Audio Controller

Despite advertising FLReset device capabilities, performing a function level reset of either of these devices causes the system to lock up. This is of particular issue where these devices appear in their own IOMMU groups and are well suited to VFIO passthrough.

Issue was introduced in AMD's "AGESA Combo-AM4 1.0.0.4 Patch B" microcode update, and affects dozens of motherboard models across various vendors.

Additional discussion of this issue:
https://www.reddit.com/r/VFIO/comments/eba5mh/workaround_patch_for_passing_through_usb_and/

[Fix]

Add a quirk to disable FLR on these devices. Sample patch attached.

[Test Case]

Peform the test on an impacted system:

* B350, B450, X370, X470, X570 motherboards (practically anything with an AM4 socket);
* Ryzen 3000-series CPU (2000-series possibly also affected);
* BIOS/UEFI firmware that includes "AGESA Combo-AM4 1.0.0.4 Patch B" (check vendor release notes)

In the above case where '0000:10:00.3' is the USB controller '1022:149c', issue a reset command

  $ echo 1 | sudo tee /sys/bus/pci/devices/0000\:10\:00.3/reset

Impacted systems will not return successfully and become unstable, requiring a reboot. `/var/logs/syslog` will show something resembling the following

  Mar 4 14:51:26 bunty kernel: [ 1745.043914] xhci_hcd 0000:10:00.3: not ready 1023ms after FLR; waiting
  Mar 4 14:51:28 bunty kernel: [ 1747.091910] xhci_hcd 0000:10:00.3: not ready 2047ms after FLR; waiting
  Mar 4 14:51:32 bunty kernel: [ 1750.163972] xhci_hcd 0000:10:00.3: not ready 4095ms after FLR; waiting
  Mar 4 14:51:37 bunty kernel: [ 1755.283933] xhci_hcd 0000:10:00.3: not ready 8191ms after FLR; waiting
  Mar 4 14:51:46 bunty kernel: [ 1764.499943] xhci_hcd 0000:10:00.3: not ready 16383ms after FLR; waiting
  Mar 4 14:52:04 bunty kernel: [ 1782.164126] xhci_hcd 0000:10:00.3: not ready 32767ms after FLR; waiting
  Mar 4 14:52:39 bunty kernel: [ 1816.979432] xhci_hcd 0000:10:00.3: not ready 65535ms after FLR; giving up
  Mar 4 14:52:39 bunty kernel: [ 1817.978790] clocksource: timekeeping watchdog on CPU14: Marking clocksource 'tsc' as unstable because the skew is too large:
  Mar 4 14:52:39 bunty kernel: [ 1817.978806] clocksource: 'hpet' wd_now: f63fcfe wd_last: d468894 mask: ffffffff
  Mar 4 14:52:39 bunty kernel: [ 1817.978809] clocksource: 'tsc' cs_now: 60e67e17758 cs_last: 60d2a81ce24 mask: ffffffffffffffff
  Mar 4 14:52:39 bunty kernel: [ 1817.978818] tsc: Marking TSC unstable due to clocksource watchdog
  Mar 4 14:52:40 bunty kernel: [ 1817.978892] TSC found unstable after boot, most likely due to broken BIOS. Use 'tsc=unstable'.
  Mar 4 14:52:40 bunty kernel: [ 1817.978894] sched_clock: Marking unstable (1817664630139, 314261908)<-(1817981099530, -2209419)

[Regression Risk]

Unknown
---
ProblemType: Bug
ApportVersion: 2.20.11-0ubuntu8.2
Architecture: amd64
AudioDevicesInUse: Error: command ['fuser', '-v', '/dev/snd/controlC0', '/dev/snd/hwC0D0', '/dev/snd/pcmC0D7p', '/dev/snd/pcmC0D3p', '/dev/snd/by-path', '/dev/snd/controlC1', '/dev/snd/hwC1D0', '/dev/snd/pcmC1D2c', '/dev/snd/pcmC1D1p', '/dev/snd/pcmC1D0c', '/dev/snd/pcmC1D0p', '/dev/snd/seq', '/dev/snd/timer'] failed with exit code 1:
DistroRelease: Ubuntu 19.10
MachineType: To Be Filled By O.E.M. To Be Filled By O.E.M.
NonfreeKernelModules: zfs zunicode zavl icp zcommon znvpair nvidia_modeset nvidia
Package: linux (not installed)
ProcFB: 0 EFI VGA
ProcKernelCmdLine: BOOT_IMAGE=/boot/vmlinuz-5.3.0-40+amdnoflr-generic root=UUID=f2f3748c-f017-47ae-aa38-943e5f5189e0 ro amd_iommu=on
ProcVersionSignature: Ubuntu 5.3.0-40.32+amdnoflr-generic 5.3.18
RelatedPackageVersions:
 linux-restricted-modules-5.3.0-40+amdnoflr-generic N/A
 linux-backports-modules-5.3.0-40+amdnoflr-generic N/A
 linux-firmware 1.183.3
Tags: eoan
Uname: Linux 5.3.0-40+amdnoflr-generic x86_64
UnreportableReason: This report is about a package that is not installed.
UpgradeStatus: No upgrade log present (probably fresh install)
UserGroups: adm cdrom dip libvirt lpadmin lxd plugdev sambashare sudo
_MarkForUpload: False
dmi.bios.date: 11/14/2019
dmi.bios.vendor: American Megatrends Inc.
dmi.bios.version: L3.77
dmi.board.name: X470 Taichi
dmi.board.vendor: ASRock
dmi.chassis.asset.tag: To Be Filled By O.E.M.
dmi.chassis.type: 3
dmi.chassis.vendor: To Be Filled By O.E.M.
dmi.chassis.version: To Be Filled By O.E.M.
dmi.modalias: dmi:bvnAmericanMegatrendsInc.:bvrL3.77:bd11/14/2019:svnToBeFilledByO.E.M.:pnToBeFilledByO.E.M.:pvrToBeFilledByO.E.M.:rvnASRock:rnX470Taichi:rvr:cvnToBeFilledByO.E.M.:ct3:cvrToBeFilledByO.E.M.:
dmi.product.family: To Be Filled By O.E.M.
dmi.product.name: To Be Filled By O.E.M.
dmi.product.sku: To Be Filled By O.E.M.
dmi.product.version: To Be Filled By O.E.M.
dmi.sys.vendor: To Be Filled By O.E.M.

Bulk Adhesive (bulkadhesive) wrote :
description: updated
description: updated

This bug is missing log files that will aid in diagnosing the problem. While running an Ubuntu kernel (not a mainline or third-party kernel) please enter the following command in a terminal window:

apport-collect 1865988

and then change the status of the bug to 'Confirmed'.

If, due to the nature of the issue you have encountered, you are unable to run this command, please add a comment stating that fact and change the bug status to 'Confirmed'.

This change has been made by an automated script, maintained by the Ubuntu Kernel Team.

Changed in linux (Ubuntu):
status: New → Incomplete
tags: added: eoan
tags: added: patch

apport information

tags: added: apport-collected
description: updated

apport information

apport information

apport information

apport information

apport information

apport information

apport information

apport information

apport information

apport information

apport information

apport information

apport information

Bulk Adhesive (bulkadhesive) wrote :

Logs added

Changed in linux (Ubuntu):
status: Incomplete → Confirmed
Kai-Heng Feng (kaihengfeng) wrote :

Please send the patch to upstream.
Instead of adding a new function, reuse quirk_intel_no_flr() and generalize its name can be a better approach.

Bulk Adhesive (bulkadhesive) wrote :

Thanks for the suggestions. I agree that that this patch would benefit the wider community, but I was hoping this particular fix would make it into 20.04.

Is there a pathway for getting this patch into the kernel that ultimately ships with 20.04? If so, what does that path look like?

You-Sheng Yang (vicamo) wrote :

20.04 is a LTS and will be maintained until 2030, so you really don't have to worry about whether it will be shipped with 20.04 ultimately once it makes its way into mainline kernel.

Marcos (marcos-scriven) wrote :

@kaihengfeng and @vicamo

I've got a similar patch applied to upstream: https://kernel.googlesource.com/pub/scm/linux/kernel/git/helgaas/pci/+/efaa35873d66bf4a4903f757333692766e34e448

What's the process please to get this backported to Ubuntu's 5.4-x please?

Bulk Adhesive (bulkadhesive) wrote :

@marcos-scriven thanks for going through the process of putting together an upstream patch. I'm still manually applying the patch and building a kernel from Ubuntu (git) sources each time a new kernel becomes available. So hopefully this makes is into Ubuntu's 5.4 kernel (and potentially kernels in other currently supported releases) soon.

You-Sheng Yang (vicamo) wrote :

@Marcos, awesome!

If you're interested, Ubuntu SRU process is documented at:
https://wiki.ubuntu.com/StableReleaseUpdates
For kernel SRU patch format:
https://wiki.ubuntu.com/Kernel/Dev/KernelPatches
https://wiki.ubuntu.com/Kernel/Dev/StablePatchFormat

We're also more than happy to help here if you feel otherwise.

Marcos (marcos-scriven) wrote :

Thanks @vicamo

I had a look at those documents.

If I understand correctly I’d need to either:

1. Ask for a cherry pick by commit hash
2. Provide the patch as a git diff myself - on the basis it’s been accepted upstream.

I’ve also heard that lots of fixes are backported anyway to the various vanilla kernel branches.

If you could recommend which approach is preferable, I’m happy to have a go.

You-Sheng Yang (vicamo) wrote :

@Marcos,

I think it would be a wonderful experience if you already hold the chance to submit a patch to Ubuntu kernel yourself.

You may try following steps to send your patch:

1. `git clone -o focal https://git.launchpad.net/~ubuntu-kernel/ubuntu/+source/linux/+git/focal`

2. `git checkout focal/master-next`

3. `git cherry-pick -s -x efaa35873d66`

   Here you also need to edit your cherry-pick line to append the origin since it's not already in mainline: "(cherry picked from commit efaa35873d66bf4a4903f757333692766e34e448 helgaas/pci pci/virtualization)"

4. `git format-patch --cover-letter HEAD^`

5. Follow https://wiki.ubuntu.com/StableReleaseUpdates#SRU_Bug_Template to fill the body in the cover letter,

6. Add a BugLink line to both cover letter and the patch

7. Update subject to include tags "[SRU][Focal]" in both cover letter and the patch

8. Send them as a thread to <email address hidden>

Marcos (marcos-scriven) wrote :

Thanks so much for the guidance @vicamo

I've done as you suggested - though my email(s) have not appeared in the archive: https://lists.ubuntu.com/archives/kernel-team/2020-May/thread.html

Do I have to subscribe to <email address hidden> before posting?

You-Sheng Yang (vicamo) wrote :

Per offline discuss, we will help SRU this patch so that it won't miss current release cycle.

Marcos (marcos-scriven) wrote :

Thanks @vicamo again for your help.

You-Sheng Yang (vicamo) on 2020-05-29
Changed in linux (Ubuntu):
assignee: nobody → You-Sheng Yang (vicamo)
You-Sheng Yang (vicamo) on 2020-05-29
Changed in linux-oem-osp1 (Ubuntu Eoan):
status: New → Invalid
Changed in linux-oem-osp1 (Ubuntu Focal):
status: New → Invalid
Changed in linux-oem-osp1 (Ubuntu Groovy):
status: New → Invalid
Changed in linux-oem-5.6 (Ubuntu Bionic):
status: New → Invalid
Changed in linux-oem-5.6 (Ubuntu Eoan):
status: New → Invalid
Changed in linux-oem-5.6 (Ubuntu Groovy):
status: New → Invalid
Changed in linux (Ubuntu Bionic):
assignee: nobody → You-Sheng Yang (vicamo)
status: New → In Progress
Changed in linux (Ubuntu Eoan):
assignee: nobody → You-Sheng Yang (vicamo)
status: New → In Progress
Changed in linux (Ubuntu Focal):
assignee: nobody → You-Sheng Yang (vicamo)
status: New → In Progress
Changed in linux (Ubuntu Groovy):
status: Confirmed → In Progress
Changed in linux-oem-5.6 (Ubuntu Focal):
assignee: nobody → You-Sheng Yang (vicamo)
status: New → In Progress
Changed in linux-oem-osp1 (Ubuntu Bionic):
assignee: nobody → You-Sheng Yang (vicamo)
status: New → In Progress
You-Sheng Yang (vicamo) on 2020-05-29
description: updated
Changed in linux (Ubuntu Bionic):
status: In Progress → Fix Committed
Changed in linux (Ubuntu Eoan):
status: In Progress → Fix Committed
Changed in linux (Ubuntu Focal):
status: In Progress → Fix Committed

This bug is awaiting verification that the kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-focal' to 'verification-done-focal'. If the problem still exists, change the tag 'verification-needed-focal' to 'verification-failed-focal'.

If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you!

tags: added: verification-needed-focal
tags: added: verification-needed-eoan

This bug is awaiting verification that the kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-eoan' to 'verification-done-eoan'. If the problem still exists, change the tag 'verification-needed-eoan' to 'verification-failed-eoan'.

If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you!

tags: added: verification-needed-bionic

This bug is awaiting verification that the kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-bionic' to 'verification-done-bionic'. If the problem still exists, change the tag 'verification-needed-bionic' to 'verification-failed-bionic'.

If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you!

Bulk Adhesive (bulkadhesive) wrote :

I have tested the proposed update under 19.10 and can confirm that it resolves the reset issue for affected devices in my system.

tags: added: verification-done-eoan
removed: verification-needed-eoan
Timo Aaltonen (tjaalton) on 2020-06-12
Changed in linux-oem-5.6 (Ubuntu Focal):
status: In Progress → Fix Committed
AceLan Kao (acelankao) on 2020-06-12
Changed in linux-oem-osp1 (Ubuntu Bionic):
status: In Progress → Fix Committed
Bulk Adhesive (bulkadhesive) wrote :

The fix is also working for me under Focal. My system does not have a '1022:148c' USB device, but I can't see a good reason why it wouldn't work exactly the same as the other two devices. Additional verification is welcome.

tags: added: verification-done-focal
removed: verification-needed-focal
Marcos (marcos-scriven) wrote :

I see this is now packaged and available at https://packages.ubuntu.com/focal-updates/amd64/linux-image-5.4.0-39-generic/download

However, the apt index doesn't seem to have been updated yet: http://gb.archive.ubuntu.com/ubuntu/dists/focal-updates/main/signed/linux-amd64/

Is there any guidance as to when that will happen please?

Marcos (marcos-scriven) wrote :

Scrap that - not sure why I thought it was in 5.4.0.39.

I followed the guidance at x and installed 5.4.0-40-generic

Works perfectly for me.

Like @bulkadhesive I don't have the Starship (aka Threadripper) device.

All autopkgtests for the newly accepted linux-oracle-5.4 (5.4.0-1019.19~18.04.1) for bionic have finished running.
The following regressions have been reported in tests triggered by the package:

zfs-linux/unknown (armhf)

Please visit the excuses page listed below and investigate the failures, proceeding afterwards as per the StableReleaseUpdates policy regarding autopkgtest regressions [1].

https://people.canonical.com/~ubuntu-archive/proposed-migration/bionic/update_excuses.html#linux-oracle-5.4

[1] https://wiki.ubuntu.com/StableReleaseUpdates#Autopkgtest_Regressions

Thank you!

Launchpad Janitor (janitor) wrote :
Download full text (30.0 KiB)

This bug was fixed in the package linux - 5.4.0-40.44

---------------
linux (5.4.0-40.44) focal; urgency=medium

  * linux-oem-5.6-tools-common and -tools-host should be dropped (LP: #1881120)
    - [Packaging] Add Conflicts/Replaces to remove linux-oem-5.6-tools-common and
      -tools-host

  * Packaging resync (LP: #1786013)
    - [Packaging] update helper scripts

  * Slow send speed with Intel I219-V on Ubuntu 18.04.1 (LP: #1802691)
    - e1000e: Disable TSO for buffer overrun workaround

  * CVE-2020-0543
    - UBUNTU/SAUCE: x86/speculation/srbds: do not try to turn mitigation off when
      not supported

  * Realtek 8723DE [10ec:d723] subsystem [10ec:d738] disconnects unsolicitedly
    when Bluetooth is paired: Reason: 23=IEEE8021X_FAILED (LP: #1878147)
    - SAUCE: Revert "UBUNTU: SAUCE: rtw88: Move driver IQK to set channel before
      association for 11N chip"
    - SAUCE: Revert "UBUNTU: SAUCE: rtw88: fix rate for a while after being
      connected"
    - SAUCE: Revert "UBUNTU: SAUCE: rtw88: No retry and report for auth and assoc"
    - SAUCE: Revert "UBUNTU: SAUCE: rtw88: 8723d: Add coex support"
    - rtw88: add a debugfs entry to dump coex's info
    - rtw88: add a debugfs entry to enable/disable coex mechanism
    - rtw88: 8723d: Add coex support
    - SAUCE: rtw88: coex: 8723d: set antanna control owner
    - SAUCE: rtw88: coex: 8723d: handle BT inquiry cases
    - SAUCE: rtw88: fix EAPOL 4-way failure by finish IQK earlier

  * CPU stress test fails with focal kernel (LP: #1867900)
    - [Config] Disable hisi_sec2 temporarily

  * Enforce all config annotations (LP: #1879327)
    - [Config]: do not enforce CONFIG_VERSION_SIGNATURE
    - [Config]: prepare to enforce all
    - [Config]: enforce all config options

  * Focal update: v5.4.44 upstream stable release (LP: #1881927)
    - ax25: fix setsockopt(SO_BINDTODEVICE)
    - dpaa_eth: fix usage as DSA master, try 3
    - net: don't return invalid table id error when we fall back to PF_UNSPEC
    - net: dsa: mt7530: fix roaming from DSA user ports
    - net: ethernet: ti: cpsw: fix ASSERT_RTNL() warning during suspend
    - __netif_receive_skb_core: pass skb by reference
    - net: inet_csk: Fix so_reuseport bind-address cache in tb->fast*
    - net: ipip: fix wrong address family in init error path
    - net/mlx5: Add command entry handling completion
    - net: mvpp2: fix RX hashing for non-10G ports
    - net: nlmsg_cancel() if put fails for nhmsg
    - net: qrtr: Fix passing invalid reference to qrtr_local_enqueue()
    - net: revert "net: get rid of an signed integer overflow in
      ip_idents_reserve()"
    - net sched: fix reporting the first-time use timestamp
    - net/tls: fix race condition causing kernel panic
    - nexthop: Fix attribute checking for groups
    - r8152: support additional Microsoft Surface Ethernet Adapter variant
    - sctp: Don't add the shutdown timer if its already been added
    - sctp: Start shutdown on association restart if in SHUTDOWN-SENT state and
      socket is closed
    - tipc: block BH before using dst_cache
    - net/mlx5e: kTLS, Destroy key object after destroying the TIS
    - net/mlx5e: Fix inner tirs handling
    - net/m...

Changed in linux (Ubuntu Focal):
status: Fix Committed → Fix Released
Launchpad Janitor (janitor) wrote :
Download full text (30.4 KiB)

This bug was fixed in the package linux-oem-5.6 - 5.6.0-1018.18

---------------
linux-oem-5.6 (5.6.0-1018.18) focal; urgency=medium

  * focal/linux-oem-5.6: 5.6.0-1018.18 -proposed tracker (LP: #1884496)

  * Focal update: v5.6.18 upstream stable release (LP: #1883304)
    - devinet: fix memleak in inetdev_init()
    - l2tp: add sk_family checks to l2tp_validate_socket
    - l2tp: do not use inet_hash()/inet_unhash()
    - net: check untrusted gso_size at kernel entry
    - net/mlx5: Fix crash upon suspend/resume
    - net: stmmac: enable timestamp snapshot for required PTP packets in dwmac
      v5.10a
    - net: usb: qmi_wwan: add Telit LE910C1-EUX composition
    - NFC: st21nfca: add missed kfree_skb() in an error path
    - nfp: flower: fix used time of merge flow statistics
    - sctp: check assoc before SCTP_ADDR_{MADE_PRIM, ADDED} event
    - virtio_vsock: Fix race condition in virtio_transport_recv_pkt
    - vsock: fix timeout in vsock_accept()
    - net: be more gentle about silly gso requests coming from user
    - net: dsa: felix: send VLANs on CPU port as egress-tagged
    - mptcp: fix unblocking connect()
    - net/sched: fix infinite loop in sch_fq_pie
    - net/mlx5e: replace EINVAL in mlx5e_flower_parse_meta()
    - USB: serial: qcserial: add DW5816e QDL support
    - USB: serial: usb_wwan: do not resubmit rx urb on fatal errors
    - USB: serial: option: add Telit LE910C1-EUX compositions
    - USB: serial: ch341: add basis for quirk detection
    - USB: serial: ch341: fix lockup of devices with limited prescaler
    - iio:chemical:sps30: Fix timestamp alignment
    - iio: vcnl4000: Fix i2c swapped word reading.
    - iio:chemical:pms7003: Fix timestamp alignment and prevent data leak.
    - iio: adc: stm32-adc: fix a wrong error message when probing interrupts
    - usb: musb: start session in resume for host port
    - usb: musb: Fix runtime PM imbalance on error
    - serial: 8250: Enable 16550A variants by default on non-x86
    - vt: keyboard: avoid signed integer overflow in k_ascii
    - tty: hvc_console, fix crashes on parallel open/close
    - staging: rtl8712: Fix IEEE80211_ADDBA_PARAM_BUF_SIZE_MASK
    - CDC-ACM: heed quirk also in error handling
    - nvmem: qfprom: remove incorrect write support
    - x86/cpu: Add a steppings field to struct x86_cpu_id
    - x86/cpu: Add 'table' argument to cpu_matches()
    - x86/speculation: Add Special Register Buffer Data Sampling (SRBDS)
      mitigation
    - x86/speculation: Add SRBDS vulnerability and mitigation documentation
    - x86/speculation: Add Ivy Bridge to affected list
    - uprobes: ensure that uprobe->offset and ->ref_ctr_offset are properly
      aligned
    - Revert "net/mlx5: Annotate mutex destroy for root ns"
    - Linux 5.6.18

  * NULL pointer dereference in nvme reset work-queue when VMD raid mode and
    SecureBoot turned on simultaneously on TigerLake (LP: #1876707)
    - iommu: Use C99 flexible array in fwspec
    - iommu: Define dev_iommu_fwspec_get() for !CONFIG_IOMMU_API
    - ACPI/IORT: Remove direct access of dev->iommu_fwspec
    - drm/msm/mdp5: Remove direct access of dev->iommu_fwspec
    - iommu/tegra-gart: Remove direct access of dev->i...

Changed in linux-oem-5.6 (Ubuntu Focal):
status: Fix Committed → Fix Released
Launchpad Janitor (janitor) wrote :
Download full text (32.7 KiB)

This bug was fixed in the package linux - 5.3.0-62.56

---------------
linux (5.3.0-62.56) eoan; urgency=medium

  * CVE-2020-0543
    - UBUNTU/SAUCE: x86/speculation/srbds: do not try to turn mitigation off when
      not supported

  * Packaging resync (LP: #1786013)
    - [Packaging] update helper scripts

  * Eoan update: upstream stable patchset 2020-06-05 (LP: #1882303)
    - i2c: dev: Fix the race between the release of i2c_dev and cdev
    - KVM: SVM: Fix potential memory leak in svm_cpu_init()
    - ima: Set file->f_mode instead of file->f_flags in ima_calc_file_hash()
    - evm: Check also if *tfm is an error pointer in init_desc()
    - ima: Fix return value of ima_write_policy()
    - mtd: spinand: Propagate ECC information to the MTD structure
    - fix multiplication overflow in copy_fdtable()
    - ubifs: remove broken lazytime support
    - iommu/amd: Fix over-read of ACPI UID from IVRS table
    - i2c: mux: demux-pinctrl: Fix an error handling path in
      'i2c_demux_pinctrl_probe()'
    - ubi: Fix seq_file usage in detailed_erase_block_info debugfs file
    - gcc-common.h: Update for GCC 10
    - HID: multitouch: add eGalaxTouch P80H84 support
    - HID: alps: Add AUI1657 device ID
    - HID: alps: ALPS_1657 is too specific; use U1_UNICORN_LEGACY instead
    - scsi: qla2xxx: Fix hang when issuing nvme disconnect-all in NPIV
    - scsi: qla2xxx: Delete all sessions before unregister local nvme port
    - configfs: fix config_item refcnt leak in configfs_rmdir()
    - vhost/vsock: fix packet delivery order to monitoring devices
    - aquantia: Fix the media type of AQC100 ethernet controller in the driver
    - component: Silence bind error on -EPROBE_DEFER
    - scsi: ibmvscsi: Fix WARN_ON during event pool release
    - HID: i2c-hid: reset Synaptics SYNA2393 on resume
    - x86/apic: Move TSC deadline timer debug printk
    - gtp: set NLM_F_MULTI flag in gtp_genl_dump_pdp()
    - HID: quirks: Add HID_QUIRK_NO_INIT_REPORTS quirk for Dell K12A keyboard-dock
    - ceph: fix double unlock in handle_cap_export()
    - stmmac: fix pointer check after utilization in stmmac_interrupt
    - USB: core: Fix misleading driver bug report
    - platform/x86: asus-nb-wmi: Do not load on Asus T100TA and T200TA
    - ARM: futex: Address build warning
    - padata: Replace delayed timer with immediate workqueue in padata_reorder
    - padata: initialize pd->cpu with effective cpumask
    - padata: purge get_cpu and reorder_via_wq from padata_do_serial
    - ALSA: iec1712: Initialize STDSP24 properly when using the model=staudio
      option
    - ALSA: pcm: fix incorrect hw_base increase
    - ALSA: hda/realtek - Fix silent output on Gigabyte X570 Aorus Xtreme
    - ALSA: hda/realtek - Add more fixup entries for Clevo machines
    - drm/etnaviv: fix perfmon domain interation
    - apparmor: fix potential label refcnt leak in aa_change_profile
    - apparmor: Fix aa_label refcnt leak in policy_update
    - dmaengine: tegra210-adma: Fix an error handling path in 'tegra_adma_probe()'
    - dmaengine: owl: Use correct lock in owl_dma_get_pchan()
    - drm/i915/gvt: Init DPLL/DDI vreg for virtual display instead of inheritance.
    - powerpc: Rem...

Changed in linux (Ubuntu Eoan):
status: Fix Committed → Fix Released
Launchpad Janitor (janitor) wrote :
Download full text (17.7 KiB)

This bug was fixed in the package linux - 4.15.0-109.110

---------------
linux (4.15.0-109.110) bionic; urgency=medium

  * Packaging resync (LP: #1786013)
    - [Packaging] update helper scripts
    - update dkms package versions

  * Build and ship a signed wireguard.ko (LP: #1861284)
    - [Packaging] wireguard -- add support for building signed .ko

  * CVE-2019-16089
    - SAUCE: nbd_genl_status: null check for nla_nest_start

  * CVE-2019-19642
    - kernel/relay.c: handle alloc_percpu returning NULL in relay_open

  * CVE-2019-12380
    - efi/x86/Add missing error handling to old_memmap 1:1 mapping code

  * CVE-2019-19039 // CVE-2019-19377
    - btrfs: sink flush_fn to extent_write_cache_pages
    - btrfs: extent_io: Move the BUG_ON() in flush_write_bio() one level up
    - btrfs: Don't submit any btree write bio if the fs has errors

  * CVE-2019-19036
    - btrfs: volumes: Use more straightforward way to calculate map length
    - btrfs: tree-checker: Try to detect missing INODE_ITEM
    - Btrfs: tree-checker: detect file extent items with overlapping ranges
    - Btrfs: make tree checker detect checksum items with overlapping ranges
    - btrfs: harden agaist duplicate fsid on scanned devices
    - Btrfs: fix missing data checksums after replaying a log tree
    - btrfs: reloc: fix reloc root leak and NULL pointer dereference
    - btrfs: Validate child tree block's level and first key
    - btrfs: Detect unbalanced tree with empty leaf before crashing btree
      operations

  * CVE-2019-19318
    - btrfs: tree-checker: Replace root parameter with fs_info
    - btrfs: tree-checker: Check level for leaves and nodes
    - btrfs: tree-checker: get fs_info from eb in generic_err
    - btrfs: tree-checker: get fs_info from eb in file_extent_err
    - btrfs: tree-checker: get fs_info from eb in check_csum_item
    - btrfs: tree-checker: get fs_info from eb in dir_item_err
    - btrfs: tree-checker: get fs_info from eb in check_dir_item
    - btrfs: tree-checker: get fs_info from eb in block_group_err
    - btrfs: tree-checker: get fs_info from eb in check_block_group_item
    - btrfs: tree-checker: get fs_info from eb in check_extent_data_item
    - btrfs: tree-checker: get fs_info from eb in check_leaf_item
    - btrfs: tree-checker: get fs_info from eb in check_leaf
    - btrfs: tree-checker: get fs_info from eb in chunk_err
    - btrfs: tree-checker: get fs_info from eb in dev_item_err
    - btrfs: tree-checker: get fs_info from eb in check_dev_item
    - btrfs: tree-checker: get fs_info from eb in check_inode_item
    - btrfs: tree-checker: Add ROOT_ITEM check
    - btrfs: tree-checker: Add EXTENT_ITEM and METADATA_ITEM check
    - btrfs: tree-checker: Add simple keyed refs check
    - btrfs: tree-checker: Add EXTENT_DATA_REF check
    - btrfs: tree-checker: Fix wrong check on max devid
    - Btrfs: fix selftests failure due to uninitialized i_mode in test inodes

  * CVE-2019-19813 // CVE-2019-19816
    - btrfs: Refactor parameter of BTRFS_MAX_DEVS() from root to fs_info
    - btrfs: Move btrfs_check_chunk_valid() to tree-check.[ch] and export it
    - btrfs: tree-checker: Make chunk item checker messages more readable
    - btrfs...

Changed in linux (Ubuntu Bionic):
status: Fix Committed → Fix Released
Launchpad Janitor (janitor) wrote :
Download full text (24.3 KiB)

This bug was fixed in the package linux-oem-osp1 - 5.0.0-1063.68

---------------
linux-oem-osp1 (5.0.0-1063.68) bionic; urgency=medium

  * bionic/linux-oem-osp1: 5.0.0-1060.65 -proposed tracker (LP: #1882719)

  * bionic/linux-oem-osp1: 5.0.0-1063.68 -proposed tracker (LP: #1884983)

  * kernel NULL pointer dereference when plugging/unpluggin USB-c (power or hub)
    (LP: #1878544)
    - usb: typec: altmode: Fix typec_altmode_get_partner sometimes returning an
      invalid pointer

  * audio card disappeared after suspend device during audio playback Edit
    (LP: #1882035)
    - ASoC: SOF: topology: set trigger order for FE DAI link

  * tpm: fix TIS locality timeout problems (LP: #1881710)
    - SAUCE: tpm: fix TIS locality timeout problems

  * Performing function level reset of AMD onboard USB and audio devices causes
    system lockup (LP: #1865988)
    - SAUCE: PCI: Avoid FLR for AMD Matisse HD Audio & USB 3.0
    - SAUCE: PCI: Avoid FLR for AMD Starship USB 3.0

  * Realtek 8723DE [10ec:d723] subsystem [10ec:d738] disconnects unsolicitedly
    when Bluetooth is paired: Reason: 23=IEEE8021X_FAILED (LP: #1878147)
    - SAUCE: Revert "UBUNTU: SAUCE: rtw88: Move driver IQK to set channel before
      association for 11N chip"
    - SAUCE: Revert "UBUNTU: SAUCE: rtw88: fix rate for a while after being
      connected"
    - SAUCE: Revert "UBUNTU: SAUCE: rtw88: No retry and report for auth and assoc"
    - SAUCE: Revert "UBUNTU: SAUCE: rtw88: 8723d: Add coex support"
    - rtw88: add rtw_read8_mask and rtw_read16_mask
    - rtw88: add a debugfs entry to dump coex's info
    - rtw88: add a debugfs entry to enable/disable coex mechanism
    - rtw88: configure TX queue EDCA parameters
    - rtw88: 8723d: Add coex support
    - SAUCE: rtw88: coex: 8723d: set antanna control owner
    - SAUCE: rtw88: coex: 8723d: handle BT inquiry cases
    - SAUCE: rtw88: fix EAPOL 4-way failure by finish IQK earlier

  * Fix incorrect speed/duplex when I210 device is runtime suspended
    (LP: #1880656)
    - igb: Report speed and duplex as unknown when device is runtime suspended

  [ Ubuntu: 5.0.0-56.60 ]

  * disco/linux: 5.0.0-56.60 -proposed tracker (LP: #1884984)
  * Packaging resync (LP: #1786013)
    - [Packaging] update helper scripts
  * bpf_get_stack from test_verifier in ubuntu_bpf failed on Bionic 5.0
    (LP: #1881263)
    - Revert "bpf: fix buggy r0 retval refinement for tracing helpers"
  * CVE-2020-0543
    - UBUNTU/SAUCE: x86/speculation/srbds: do not try to turn mitigation off when
      not supported
  * Disco update: upstream stable patchset 2020-06-04 (LP: #1882128)
    - x86/uaccess, ubsan: Fix UBSAN vs. SMAP
    - ubsan: build ubsan.c more conservatively
    - i2c: dev: Fix the race between the release of i2c_dev and cdev
    - KVM: SVM: Fix potential memory leak in svm_cpu_init()
    - riscv: set max_pfn to the PFN of the last page
    - ima: Set file->f_mode instead of file->f_flags in ima_calc_file_hash()
    - evm: Check also if *tfm is an error pointer in init_desc()
    - ima: Fix return value of ima_write_policy()
    - mtd: spinand: Propagate ECC information to the MTD structure
    - fix multiplication overflow in copy_fdtab...

Changed in linux-oem-osp1 (Ubuntu Bionic):
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers