Bug #1883962 “apparmor reference leak causes refcount_t overflow...” : Bugs : linux package : Ubuntu

Mauricio Faria de Oliveira (mfo) on 2020-06-17

Changed in linux (Ubuntu):
importance:	Undecided → Medium
assignee:	nobody → Mauricio Faria de Oliveira (mfo)
Changed in linux (Ubuntu Groovy):
status:	New → Won't Fix
Changed in linux (Ubuntu Eoan):
status:	New → Won't Fix
Changed in linux (Ubuntu Bionic):
status:	New → In Progress
Changed in linux (Ubuntu Focal):
status:	New → In Progress
Changed in linux (Ubuntu Groovy):
importance:	Medium → Undecided
assignee:	Mauricio Faria de Oliveira (mfo) → nobody
Changed in linux (Ubuntu Focal):
importance:	Undecided → Medium
assignee:	nobody → Mauricio Faria de Oliveira (mfo)
Changed in linux (Ubuntu Bionic):
importance:	Undecided → Medium
assignee:	nobody → Mauricio Faria de Oliveira (mfo)
Changed in linux (Ubuntu):
status:	New → Fix Committed

Revision history for this message

Mauricio Faria de Oliveira (mfo) wrote on 2020-06-17:

#1

Test Case:
---------

$ cat aa-refcnt-af_alg.c
#include <stdio.h>
#include <string.h>
#include <unistd.h>
#include <sys/socket.h>
#include <linux/if_alg.h>

int main() {
int sockfd;
struct sockaddr_alg sa;

    /* Setup the crypto API socket */
    sockfd = socket(AF_ALG, SOCK_SEQPACKET, 0);
    if (sockfd < 0) {
            perror("socket");
            return 1;
    }

    memset(&sa, 0, sizeof(sa));
    sa.salg_family = AF_ALG;
    strcpy((char *) sa.salg_type, "rng");
    strcpy((char *) sa.salg_name, "stdrng");

    if (bind(sockfd, (struct sockaddr *) &sa, sizeof(sa)) < 0) {
            perror("bind");
            return 1;
    }

/* Accept a "connection" and close it; repeat. */
while (!close(accept(sockfd, NULL, 0)));

return 0;
}

$ gcc -o aa-refcnt-af_alg aa-refcnt-af_alg.c

$ ./aa-refcnt-af_alg
<a few hours later>

[ 9928.475953] refcount_t overflow at apparmor_sk_clone_security+0x37/0x70 in aa-refcnt-af_alg[1322], uid/euid: 1000/1000
...
[ 9928.507443] RIP: 0010:apparmor_sk_clone_security+0x37/0x70
...
[ 9928.514286] security_sk_clone+0x33/0x50
[ 9928.514807] af_alg_accept+0x81/0x1c0 [af_alg]
[ 9928.516091] alg_accept+0x15/0x20 [af_alg]
[ 9928.516682] SYSC_accept4+0xff/0x210
[ 9928.519609] SyS_accept+0x10/0x20
[ 9928.520190] do_syscall_64+0x73/0x130
[ 9928.520808] entry_SYSCALL_64_after_hwframe+0x3d/0xa2

Note that other messages may be seen, not just overflow, depending on
the value being incremented by kref_get(); on another run:

[ 7273.182666] refcount_t: saturated; leaking memory.
...
[ 7273.185789] refcount_t: underflow; use-after-free.

description:

updated

Revision history for this message

Mauricio Faria de Oliveira (mfo) wrote on 2020-06-18:

#2

kmod.c Edit (3.7 KiB, text/x-csrc)

kprobes module to monitor the apparmor label reference count.

Revision history for this message

Mauricio Faria de Oliveira (mfo) wrote on 2020-06-18:

#3

Download full text (3.3 KiB)

Monitoring the label reference count with the kprobes module:

- original kernel: the counter keeps increasing on every pair of accept()/release() syscalls.
- modified kernel: the counter keeps stable.

Focal:
-----

original)

$ uname -rv
5.4.0-38-generic #42-Ubuntu SMP Mon Jun 8 14:14:24 UTC 2020

$ ./aa-refcnt-af_alg &
$ sudo insmod kmod.ko
...
[ 4739.811403] accept() :: comm = aa-refcnt-af_al, pid = 1023, sk->sk_security->label->count = 0x40b395e0
[ 4739.813677] release() :: comm = aa-refcnt-af_al, pid = 1023, sk->sk_security->label->count = 0x40b395e2
[ 4739.815994] accept() :: comm = aa-refcnt-af_al, pid = 1023, sk->sk_security->label->count = 0x40b395e1
[ 4739.818274] release() :: comm = aa-refcnt-af_al, pid = 1023, sk->sk_security->label->count = 0x40b395e3
[ 4739.820555] accept() :: comm = aa-refcnt-af_al, pid = 1023, sk->sk_security->label->count = 0x40b395e2
[ 4739.822833] release() :: comm = aa-refcnt-af_al, pid = 1023, sk->sk_security->label->count = 0x40b395e4
...
$ sudo rmmod kmod

modified)

$ uname -rv
5.4.0-38-generic #42+test20200617b1 SMP Wed Jun 17 16:31:24 -03 2020

$ ./aa-refcnt-af_alg &
$ sudo insmod kmod.ko
...
[ 185.657133] accept() :: comm = aa-refcnt-af_al, pid = 1098, sk->sk_security->label->count = 0x649
[ 185.660720] release() :: comm = aa-refcnt-af_al, pid = 1098, sk->sk_security->label->count = 0x64a
[ 185.664321] accept() :: comm = aa-refcnt-af_al, pid = 1098, sk->sk_security->label->count = 0x649
[ 185.668981] release() :: comm = aa-refcnt-af_al, pid = 1098, sk->sk_security->label->count = 0x64a
[ 185.672648] accept() :: comm = aa-refcnt-af_al, pid = 1098, sk->sk_security->label->count = 0x629
[ 185.676299] release() :: comm = aa-refcnt-af_al, pid = 1098, sk->sk_security->label->count = 0x62a
...
$ sudo rmmod kmod

Bionic:
------

original)

$ uname -rv
4.15.0-107-generic #108-Ubuntu SMP Mon Jun 8 17:51:33 UTC 2020

$ ./aa-refcnt-af_alg &
$ sudo insmod kmod.ko
...
[ 4333.136581] accept() :: comm = aa-refcnt-af_al, pid = 1243, sk->sk_security->label->count = 0x449b9e85
[ 4333.139131] release() :: comm = aa-refcnt-af_al, pid = 1243, sk->sk_security->label->count = 0x449b9e87
[ 4333.141650] accept() :: comm = aa-refcnt-af_al, pid = 1243, sk->sk_security->label->count = 0x449b9e86
[ 4333.144142] release() :: comm = aa-refcnt-af_al, pid = 1243, sk->sk_security->label->count = 0x449b9e88
[ 4333.146675] accept() :: comm = aa-refcnt-af_al, pid = 1243, sk->sk_security->label->count = 0x449b9e87
[ 4333.149199] release() :: comm = aa-refcnt-af_al, pid = 1243, sk->sk_security->label->count = 0x449b9e89
...
$ sudo rmmod kmod

modified)

$ uname -rv
4.15.0-107-generic #108+test20200617b1 SMP Wed Jun 17 16:33:16 -03 2020

$ ./aa-refcnt-af_alg &
$ sudo insmod kmod.ko
...
[ 245.921217] accept() :: comm = aa-refcnt-af_al, pid = 1165, sk->sk_security->label->count = 0x608
[ 245.923456] release() :: comm = aa-refcnt-af_al, pid = 1165, sk->sk_security->label->count = 0x609
[ 245.925718] accept() :: comm = aa-refcnt-af_al, pid = 1165, sk->sk_security->label->count = 0x608
[ 245.927954] release() :: comm = aa-refcnt-af_al, pid = 1165, sk->sk_security->label->count = 0x609
[ 245.930221] accept() :: comm = aa-refcnt-af_...

After a few hours with the reproducer running on the original kernel,
the kernel errors about the reference count are observed:

Focal:
-----

$ uname -rv
5.4.0-38-generic #42-Ubuntu SMP Mon Jun 8 14:14:24 UTC 2020

$ ./aa-refcnt-af_alg
<a few hours later>

[ 9581.048189] ------------[ cut here ]------------
[ 9581.049497] refcount_t overflow at apparmor_sk_clone_security+0x35/0x70 in aa-refcnt-af_al[1023], uid/euid: 1000/1000
[ 9581.052125] WARNING: CPU: 1 PID: 1023 at kernel/panic.c:677 refcount_error_report+0x9b/0xab
[ 9581.054428] Modules linked in: ...
[ 9581.063137] CPU: 1 PID: 1023 Comm: aa-refcnt-af_al Tainted: G           OE     5.4.0-38-generic #42-Ubuntu
[ 9581.065494] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.10.2-1ubuntu1 04/01/2014
[ 9581.067693] RIP: 0010:refcount_error_report+0x9b/0xab
...
[ 9581.088358] Call Trace:
[ 9581.089083]  ex_handler_refcount+0x50/0x70
[ 9581.090147]  fixup_exception+0x4a/0x61
[ 9581.091142]  do_trap+0x4e/0xf0
[ 9581.091998]  do_error_trap+0x7c/0xc0
[ 9581.092958]  ? csum_partial_copy_generic+0x1687/0x3a10
[ 9581.094250]  do_invalid_op+0x3c/0x50
[ 9581.095210]  ? csum_partial_copy_generic+0x1687/0x3a10
[ 9581.096505]  invalid_op+0x1e/0x30
[ 9581.097413] RIP: 0010:apparmor_sk_clone_security+0x35/0x70
...
[ 9581.113048]  security_sk_clone+0x2f/0x40
[ 9581.114078]  af_alg_accept+0x7e/0x190 [af_alg]
[ 9581.115456]  alg_accept+0x15/0x20 [af_alg]
[ 9581.116549]  __sys_accept4+0x109/0x210
[ 9581.117549]  ? _cond_resched+0x19/0x30
[ 9581.118545]  __x64_sys_accept+0x1c/0x20
[ 9581.119573]  do_syscall_64+0x57/0x190
[ 9581.120551]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[ 9581.121821] RIP: 0033:0x7efc1bc390a7
...

Bionic:
------

$ uname -rv
4.15.0-107-generic #108-Ubuntu SMP Mon Jun 8 17:51:33 UTC 2020

$ ./aa-refcnt-af_alg
<a few hours later>

[ 8460.359291] ------------[ cut here ]------------
[ 8460.360638] refcount_t overflow at apparmor_sk_clone_security+0x37/0x70 in aa-refcnt-af_al[1243], uid/euid: 1000/1000
[ 8460.363332] WARNING: CPU: 1 PID: 1243 at /build/linux-oHXYZI/linux-4.15.0/kernel/panic.c:662 refcount_error_report+0x9c/0xac
[ 8460.366556] Modules linked in: ...
[ 8460.375936] CPU: 1 PID: 1243 Comm: aa-refcnt-af_al Tainted: G           OE    4.15.0-107-generic #108-Ubuntu
[ 8460.378352] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.10.2-1ubuntu1 04/01/2014
[ 8460.380598] RIP: 0010:refcount_error_report+0x9c/0xac
...
[ 8460.397294] Call Trace:
[ 8460.398331]  ex_handler_refcount+0x52/0x80
[ 8460.399432]  fixup_exception+0x3a/0x50
[ 8460.400462]  do_trap+0x8a/0x140
[ 8460.401346]  do_error_trap+0xa6/0x140
[ 8460.402355]  ? csum_partial_copy_generic+0xcfb/0x27a0
[ 8460.403671]  ? ___slab_alloc+0x204/0x4f0
[ 8460.404730]  ? ___slab_alloc+0x204/0x4f0
[ 8460.405786]  ? get_empty_filp+0x5c/0x1c0
[ 8460.406840]  do_invalid_op+0x20/0x30
[ 8460.407830]  invalid_op+0x1b/0x40
[ 8460.408755] RIP: 0010:apparmor_sk_clone_security+0x37/0x70
...
[ 8460.420262]  security_sk_clone+0x33/0x50
[ 8460.421314]  af_alg_accept+0x81/0x1c0 [af_alg]
[ 8460.422484]  ? aa_sock_accept_perm+0x25/0x30
[ 8460.423623]  alg_accept+0x15/0x20 [af_alg]
[ 8460.424725]  SYSC_accept4+0xff/0x210
[ 8460.425706]  ? mntput+0x24/0x40
[ 8460.426598]  ? __fput+0x193/0x220
[ 8460.427536]  ? _cond_resched+0x19/0x40
[ 8460.428561]  ? task_work_run+0x46/0xc0
[ 8460.429586]  SyS_accept+0x10/0x20
[ 8460.430518]  do_syscall_64+0x73/0x130
[ 8460.431522]  entry_SYSCALL_64_after_hwframe+0x41/0xa6
[ 8460.432830] RIP: 0033:0x7f0ecc0c87e4
...

description:	updated
description:	updated

Revision history for this message

Mauricio Faria de Oliveira (mfo) wrote on 2020-06-18:

#5

[B][PATCH 0/1] Fix apparmor reference leak via AF_ALG
https://lists.ubuntu.com/archives/kernel-team/2020-June/111136.html

[B][PATCH 1/1] apparmor: check/put label on apparmor_sk_clone_security()
https://lists.ubuntu.com/archives/kernel-team/2020-June/111137.html

[F][PATCH 1/1] apparmor: check/put label on apparmor_sk_clone_security()
https://lists.ubuntu.com/archives/kernel-team/2020-June/111138.html

Mauricio Faria de Oliveira (mfo) on 2020-06-18

tags:	added: sts
Changed in linux (Ubuntu Groovy):
status:	Won't Fix → Invalid

Revision history for this message

Mauricio Faria de Oliveira (mfo) wrote on 2020-06-29:

#6

It turns out that the 5.0 and 5.3 kernels should still be supported
on some custom kernels, thus sending the patch for Disco and Eoan.

[D/E][PATCH 0/1] Fix apparmor reference leak via AF_ALG
https://lists.ubuntu.com/archives/kernel-team/2020-June/111585.html

Changed in linux (Ubuntu Eoan):
status:	Won't Fix → In Progress
importance:	Undecided → Medium
assignee:	nobody → Mauricio Faria de Oliveira (mfo)

Khaled El Mously (kmously) on 2020-06-30

Changed in linux (Ubuntu Eoan):
status:	In Progress → Fix Committed

Khaled El Mously (kmously) on 2020-07-01

Changed in linux (Ubuntu Bionic):
status:	In Progress → Fix Committed
Changed in linux (Ubuntu Focal):
status:	In Progress → Fix Committed

Revision history for this message

Ubuntu Kernel Bot (ubuntu-kernel-bot) wrote on 2020-07-03:

#7

This bug is awaiting verification that the kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-eoan' to 'verification-done-eoan'. If the problem still exists, change the tag 'verification-needed-eoan' to 'verification-failed-eoan'.

If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you!

tags:

added: verification-needed-eoan

Revision history for this message

Mauricio Faria de Oliveira (mfo) wrote on 2020-07-06:

#8

Verification done on Eoan.
The apparmor label refcnt inc/dec-rements properly on accept()/release(), no leaks.

$ lsb_release -cs
eoan

$ uname -rv
5.3.0-63-generic #57-Ubuntu SMP Thu Jul 2 10:38:35 UTC 2020

$ apt-cache policy linux-image-$(uname -r)
linux-image-5.3.0-63-generic:
...
*** 5.3.0-63.57 500
500 http://archive.ubuntu.com/ubuntu eoan-proposed/main amd64 Packages
...

$ gcc -o aa-refcnt-af_alg aa-refcnt-af_alg.c
$ ./aa-refcnt-af_alg &

$ make
$ sudo insmod kmod.ko &

$ dmesg
...
[ 254.940413] accept() :: comm = aa-refcnt-af_al, pid = 1540, sk->sk_security->label->count = 0x6a4
[ 254.941665] release() :: comm = aa-refcnt-af_al, pid = 1540, sk->sk_security->label->count = 0x6a5
[ 254.942932] accept() :: comm = aa-refcnt-af_al, pid = 1540, sk->sk_security->label->count = 0x6a4
[ 254.944187] release() :: comm = aa-refcnt-af_al, pid = 1540, sk->sk_security->label->count = 0x6a5
[ 254.945484] accept() :: comm = aa-refcnt-af_al, pid = 1540, sk->sk_security->label->count = 0x6a4
[ 254.946741] release() :: comm = aa-refcnt-af_al, pid = 1540, sk->sk_security->label->count = 0x6a5
[ 254.948023] accept() :: comm = aa-refcnt-af_al, pid = 1540, sk->sk_security->label->count = 0x6a4
[ 254.949282] release() :: comm = aa-refcnt-af_al, pid = 1540, sk->sk_security->label->count = 0x6a5
[ 254.950572] accept() :: comm = aa-refcnt-af_al, pid = 1540, sk->sk_security->label->count = 0x6a4
[ 254.952526] release() :: comm = aa-refcnt-af_al, pid = 1540, sk->sk_security->label->count = 0x6a5
...

$ sudo rmmod kmod

tags:

added: verification-done-eoan
removed: verification-needed-eoan

Revision history for this message

Ubuntu SRU Bot (ubuntu-sru-bot) wrote on 2020-07-12: Autopkgtest regression report (linux-hwe-5.0/5.0.0-57.61~18.04.1)

#9

All autopkgtests for the newly accepted linux-hwe-5.0 (5.0.0-57.61~18.04.1) for bionic have finished running.
The following regressions have been reported in tests triggered by the package:

linux-hwe-5.0/5.0.0-57.61~18.04.1 (armhf)

Please visit the excuses page listed below and investigate the failures, proceeding afterwards as per the StableReleaseUpdates policy regarding autopkgtest regressions [1].

https://people.canonical.com/~ubuntu-archive/proposed-migration/bionic/update_excuses.html#linux-hwe-5.0

[1] https://wiki.ubuntu.com/StableReleaseUpdates#Autopkgtest_Regressions

Thank you!

Revision history for this message

Ubuntu SRU Bot (ubuntu-sru-bot) wrote on 2020-07-14: Autopkgtest regression report (linux-azure-5.3/5.3.0-1034.35~18.04.1)

#10

All autopkgtests for the newly accepted linux-azure-5.3 (5.3.0-1034.35~18.04.1) for bionic have finished running.
The following regressions have been reported in tests triggered by the package:

zfs-linux/0.7.5-1ubuntu16.9 (armhf)

Please visit the excuses page listed below and investigate the failures, proceeding afterwards as per the StableReleaseUpdates policy regarding autopkgtest regressions [1].

https://people.canonical.com/~ubuntu-archive/proposed-migration/bionic/update_excuses.html#linux-azure-5.3

[1] https://wiki.ubuntu.com/StableReleaseUpdates#Autopkgtest_Regressions

Thank you!

Revision history for this message

Ubuntu SRU Bot (ubuntu-sru-bot) wrote on 2020-07-15: Autopkgtest regression report (linux-aws-5.3/5.3.0-1032.34~18.04.1)

#11

All autopkgtests for the newly accepted linux-aws-5.3 (5.3.0-1032.34~18.04.1) for bionic have finished running.
The following regressions have been reported in tests triggered by the package:

zfs-linux/0.7.5-1ubuntu16.9 (arm64, amd64)

Please visit the excuses page listed below and investigate the failures, proceeding afterwards as per the StableReleaseUpdates policy regarding autopkgtest regressions [1].

https://people.canonical.com/~ubuntu-archive/proposed-migration/bionic/update_excuses.html#linux-aws-5.3

[1] https://wiki.ubuntu.com/StableReleaseUpdates#Autopkgtest_Regressions

Thank you!

Revision history for this message

Ubuntu SRU Bot (ubuntu-sru-bot) wrote on 2020-07-16: Autopkgtest regression report (linux-gcp-5.3/5.3.0-1032.34~18.04.1)

#12

All autopkgtests for the newly accepted linux-gcp-5.3 (5.3.0-1032.34~18.04.1) for bionic have finished running.
The following regressions have been reported in tests triggered by the package:

zfs-linux/0.7.5-1ubuntu16.9 (armhf)

Please visit the excuses page listed below and investigate the failures, proceeding afterwards as per the StableReleaseUpdates policy regarding autopkgtest regressions [1].

https://people.canonical.com/~ubuntu-archive/proposed-migration/bionic/update_excuses.html#linux-gcp-5.3

[1] https://wiki.ubuntu.com/StableReleaseUpdates#Autopkgtest_Regressions

Thank you!

Revision history for this message

Mauricio Faria de Oliveira (mfo) wrote on 2020-07-24:

#13

Verification done on "Disco" (linux-hwe-5.0)
---

# uname -rv
5.0.0-58-generic #62~18.04.1-Ubuntu SMP Tue Jul 14 03:37:30 UTC 2020

For some other reason the kprobes module is not picking up on accept,
only on release. This is unrelated to this patchset.

I used kprobe events instead, which is working, and reveals the ref
counter does not leak (stable increase/decrease on accept/release.)

On the example below, it varies between 0x64b and 0x64c, correctly.

# ./aa-refcnt-af_alg &

# echo 'p af_alg_accept sk=%di count=+0x0(+0x0(+0x278(%di))):x32' > /sys/kernel/debug/tracing/kprobe_events
# echo 'p af_alg_release_parent sk=%di count=+0x0(+0x0(+0x278(%di))):x32' >> /sys/kernel/debug/tracing/kprobe_events

# echo 1 > /sys/kernel/debug/tracing/events/kprobes/enable

# cat /sys/kernel/debug/tracing/trace_pipe
...
aa-refcnt-af_al-21362 [002] .... 77023.869615: p_af_alg_accept_0: (af_alg_accept+0x0/0x1c0 [af_alg]) sk=0xffff9138b54c2400 count=0x64b
aa-refcnt-af_al-21362 [002] .... 77023.869619: p_af_alg_release_parent_0: (af_alg_release_parent+0x0/0xc0 [af_alg]) sk=0xffff9138b5e27800 count=0x64c
aa-refcnt-af_al-21362 [002] .... 77023.869623: p_af_alg_accept_0: (af_alg_accept+0x0/0x1c0 [af_alg]) sk=0xffff9138b54c2400 count=0x64b
aa-refcnt-af_al-21362 [002] .... 77023.869626: p_af_alg_release_parent_0: (af_alg_release_parent+0x0/0xc0 [af_alg]) sk=0xffff9138b5e27800 count=0x64c
aa-refcnt-af_al-21362 [002] .... 77023.869630: p_af_alg_accept_0: (af_alg_accept+0x0/0x1c0 [af_alg]) sk=0xffff9138b54c2400 count=0x64b
aa-refcnt-af_al-21362 [002] .... 77023.869633: p_af_alg_release_parent_0: (af_alg_release_parent+0x0/0xc0 [af_alg]) sk=0xffff9138b5e27800 count=0x64c
...
ctrl-c

# echo 0 > /sys/kernel/debug/tracing/events/kprobes/enable
# echo > /sys/kernel/debug/tracing/kprobe_events
# killall aa-refcnt-af_alg

Details:
-------

We want this value from 'struct sock *sk': kref_read(&SK_CTX(sk)->label->count)

With:

#define SK_CTX(X) apparmor_sock(X)

static inline struct aa_sk_ctx *apparmor_sock(const struct sock *sk)
...
return sk->sk_security + apparmor_blob_sizes->lbs_sock;
...

Checking the value for lbs_sock w/ a kernel module:

[76604.268403] apparmor_blob_sizes->lbs_sock: 0

And struct member offsets:

$ pahole --hex -C sock usr/lib/debug/boot/vmlinux-5.0.0-58-generic | grep sk_security
void * sk_security; /* 0x278 0x8 */

$ pahole --hex -C aa_sk_ctx usr/lib/debug/boot/vmlinux-5.0.0-58-generic | grep -w label
struct aa_label * label; /* 0 0x8 */

$ pahole --hex -C aa_label usr/lib/debug/boot/vmlinux-5.0.0-58-generic | grep -w count
struct kref count; /* 0 0x4 */

Verification done on "Disco" (linux-hwe-5.0)
---

# uname -rv
5.0.0-58-generic #62~18.04.1-Ubuntu SMP Tue Jul 14 03:37:30 UTC 2020

For some other reason the kprobes module is not picking up on accept,
only on release. This is unrelated to this patchset.

I used kprobe events instead, which is working, and reveals the ref
counter does not leak (stable increase/decrease on accept/release.)

On the example below, it varies between 0x64b and 0x64c, correctly.

# ./aa-refcnt-af_alg &

# echo 'p af_alg_accept sk=%di count=+0x0(+0x0(+0x278(%di))):x32' > /sys/kernel/debug/tracing/kprobe_events
# echo 'p af_alg_release_parent sk=%di count=+0x0(+0x0(+0x278(%di))):x32' >> /sys/kernel/debug/tracing/kprobe_events

# echo 1 > /sys/kernel/debug/tracing/events/kprobes/enable

# cat /sys/kernel/debug/tracing/trace_pipe
...
 aa-refcnt-af_al-21362 [002] .... 77023.869615: p_af_alg_accept_0: (af_alg_accept+0x0/0x1c0 [af_alg]) sk=0xffff9138b54c2400 count=0x64b
 aa-refcnt-af_al-21362 [002] .... 77023.869619: p_af_alg_release_parent_0: (af_alg_release_parent+0x0/0xc0 [af_alg]) sk=0xffff9138b5e27800 count=0x64c
 aa-refcnt-af_al-21362 [002] .... 77023.869623: p_af_alg_accept_0: (af_alg_accept+0x0/0x1c0 [af_alg]) sk=0xffff9138b54c2400 count=0x64b
 aa-refcnt-af_al-21362 [002] .... 77023.869626: p_af_alg_release_parent_0: (af_alg_release_parent+0x0/0xc0 [af_alg]) sk=0xffff9138b5e27800 count=0x64c
 aa-refcnt-af_al-21362 [002] .... 77023.869630: p_af_alg_accept_0: (af_alg_accept+0x0/0x1c0 [af_alg]) sk=0xffff9138b54c2400 count=0x64b
 aa-refcnt-af_al-21362 [002] .... 77023.869633: p_af_alg_release_parent_0: (af_alg_release_parent+0x0/0xc0 [af_alg]) sk=0xffff9138b5e27800 count=0x64c
...
ctrl-c

# echo 0 > /sys/kernel/debug/tracing/events/kprobes/enable
# echo > /sys/kernel/debug/tracing/kprobe_events
# killall aa-refcnt-af_alg

Details:
-------

We want this value from 'struct sock *sk': kref_read(&SK_CTX(sk)->label->count)

With:

#define SK_CTX(X) apparmor_sock(X)

static inline struct aa_sk_ctx *apparmor_sock(const struct sock *sk)
	...
		return sk->sk_security + apparmor_blob_sizes->lbs_sock;
	...

Checking the value for lbs_sock w/ a kernel module:

[76604.268403] apparmor_blob_sizes->lbs_sock: 0

And struct member offsets:

$ pahole --hex -C sock usr/lib/debug/boot/vmlinux-5.0.0-58-generic | grep sk_security
		void *                     sk_security;          /* 0x278   0x8 */

$ pahole --hex -C aa_sk_ctx usr/lib/debug/boot/vmlinux-5.0.0-58-generic | grep -w label
		struct aa_label *          label;                /*     0   0x8 */

$ pahole --hex -C aa_label usr/lib/debug/boot/vmlinux-5.0.0-58-generic | grep -w count
		struct kref                count;                /*     0   0x4 */

Revision history for this message

Launchpad Janitor (janitor) wrote on 2020-07-27:

#14

Download full text (30.5 KiB)

This bug was fixed in the package linux - 5.3.0-64.58

---------------
linux (5.3.0-64.58) eoan; urgency=medium

* eoan/linux: 5.3.0-64.58 -proposed tracker (LP: #1887088)

* linux 4.15.0-109-generic network DoS regression vs -108 (LP: #1886668)
- SAUCE: Revert "netprio_cgroup: Fix unlimited memory leak of v2 cgroups"

linux (5.3.0-63.57) eoan; urgency=medium

* eoan/linux: 5.3.0-63.57 -proposed tracker (LP: #1885495)

* seccomp_bpf fails on powerpc (LP: #1885757)
- SAUCE: selftests/seccomp: fix ptrace tests on powerpc

  * The thread level parallelism would be a bottleneck when searching for the
    shared pmd by using hugetlbfs (LP: #1882039)
    - hugetlbfs: take read_lock on i_mmap for PMD sharing

  * Eoan update: upstream stable patchset 2020-06-30 (LP: #1885775)
    - ipv6: fix IPV6_ADDRFORM operation logic
    - net_failover: fixed rollback in net_failover_open()
    - bridge: Avoid infinite loop when suppressing NS messages with invalid
      options
    - vxlan: Avoid infinite loop when suppressing NS messages with invalid options
    - tun: correct header offsets in napi frags mode
    - Input: mms114 - fix handling of mms345l
    - ARM: 8977/1: ptrace: Fix mask for thumb breakpoint hook
    - sched/fair: Don't NUMA balance for kthreads
    - Input: synaptics - add a second working PNP_ID for Lenovo T470s
    - drivers/net/ibmvnic: Update VNIC protocol version reporting
    - powerpc/xive: Clear the page tables for the ESB IO mapping
    - ath9k_htc: Silence undersized packet warnings
    - RDMA/uverbs: Make the event_queue fds return POLLERR when disassociated
    - x86/cpu/amd: Make erratum #1054 a legacy erratum
    - perf probe: Accept the instance number of kretprobe event
    - mm: add kvfree_sensitive() for freeing sensitive data objects
    - aio: fix async fsync creds
    - x86_64: Fix jiffies ODR violation
    - x86/PCI: Mark Intel C620 MROMs as having non-compliant BARs
    - x86/speculation: Prevent rogue cross-process SSBD shutdown
    - x86/reboot/quirks: Add MacBook6,1 reboot quirk
    - efi/efivars: Add missing kobject_put() in sysfs entry creation error path
    - ALSA: es1688: Add the missed snd_card_free()
    - ALSA: hda/realtek - add a pintbl quirk for several Lenovo machines
    - ALSA: usb-audio: Fix inconsistent card PM state after resume
    - ALSA: usb-audio: Add vendor, product and profile name for HP Thunderbolt
      Dock
    - ACPI: sysfs: Fix reference count leak in acpi_sysfs_add_hotplug_profile()
    - ACPI: CPPC: Fix reference count leak in acpi_cppc_processor_probe()
    - ACPI: GED: add support for _Exx / _Lxx handler methods
    - ACPI: PM: Avoid using power resources if there are none for D0
    - nilfs2: fix null pointer dereference at nilfs_segctor_do_construct()
    - spi: dw: Fix controller unregister order
    - spi: bcm2835aux: Fix controller unregister order
    - spi: bcm-qspi: when tx/rx buffer is NULL set to 0
    - PM: runtime: clk: Fix clk_pm_runtime_get() error path
    - crypto: cavium/nitrox - Fix 'nitrox_get_first_device()' when ndevlist is
      fully iterated
    - ALSA: pcm: disallow linking stream to itself
    - x86/{mce,mm}: Unmap the entire page if the who...

This bug was fixed in the package linux - 5.3.0-64.58

---------------
linux (5.3.0-64.58) eoan; urgency=medium

* eoan/linux: 5.3.0-64.58 -proposed tracker (LP: #1887088)

* linux 4.15.0-109-generic network DoS regression vs -108 (LP: #1886668)
    - SAUCE: Revert "netprio_cgroup: Fix unlimited memory leak of v2 cgroups"

linux (5.3.0-63.57) eoan; urgency=medium

* eoan/linux: 5.3.0-63.57 -proposed tracker (LP: #1885495)

* seccomp_bpf fails on powerpc (LP: #1885757)
    - SAUCE: selftests/seccomp: fix ptrace tests on powerpc

* The thread level parallelism would be a bottleneck when searching for the
    shared pmd by using hugetlbfs (LP: #1882039)
    - hugetlbfs: take read_lock on i_mmap for PMD sharing

* Eoan update: upstream stable patchset 2020-06-30 (LP: #1885775)
    - ipv6: fix IPV6_ADDRFORM operation logic
    - net_failover: fixed rollback in net_failover_open()
    - bridge: Avoid infinite loop when suppressing NS messages with invalid
      options
    - vxlan: Avoid infinite loop when suppressing NS messages with invalid options
    - tun: correct header offsets in napi frags mode
    - Input: mms114 - fix handling of mms345l
    - ARM: 8977/1: ptrace: Fix mask for thumb breakpoint hook
    - sched/fair: Don't NUMA balance for kthreads
    - Input: synaptics - add a second working PNP_ID for Lenovo T470s
    - drivers/net/ibmvnic: Update VNIC protocol version reporting
    - powerpc/xive: Clear the page tables for the ESB IO mapping
    - ath9k_htc: Silence undersized packet warnings
    - RDMA/uverbs: Make the event_queue fds return POLLERR when disassociated
    - x86/cpu/amd: Make erratum #1054 a legacy erratum
    - perf probe: Accept the instance number of kretprobe event
    - mm: add kvfree_sensitive() for freeing sensitive data objects
    - aio: fix async fsync creds
    - x86_64: Fix jiffies ODR violation
    - x86/PCI: Mark Intel C620 MROMs as having non-compliant BARs
    - x86/speculation: Prevent rogue cross-process SSBD shutdown
    - x86/reboot/quirks: Add MacBook6,1 reboot quirk
    - efi/efivars: Add missing kobject_put() in sysfs entry creation error path
    - ALSA: es1688: Add the missed snd_card_free()
    - ALSA: hda/realtek - add a pintbl quirk for several Lenovo machines
    - ALSA: usb-audio: Fix inconsistent card PM state after resume
    - ALSA: usb-audio: Add vendor, product and profile name for HP Thunderbolt
      Dock
    - ACPI: sysfs: Fix reference count leak in acpi_sysfs_add_hotplug_profile()
    - ACPI: CPPC: Fix reference count leak in acpi_cppc_processor_probe()
    - ACPI: GED: add support for _Exx / _Lxx handler methods
    - ACPI: PM: Avoid using power resources if there are none for D0
    - nilfs2: fix null pointer dereference at nilfs_segctor_do_construct()
    - spi: dw: Fix controller unregister order
    - spi: bcm2835aux: Fix controller unregister order
    - spi: bcm-qspi: when tx/rx buffer is NULL set to 0
    - PM: runtime: clk: Fix clk_pm_runtime_get() error path
    - crypto: cavium/nitrox - Fix 'nitrox_get_first_device()' when ndevlist is
      fully iterated
    - ALSA: pcm: disallow linking stream to itself
    - x86/{mce,mm}: Unmap the entire page if the whole page is affected and
      poisoned
    - KVM: x86: Fix APIC page invalidation race
    - KVM: x86/mmu: Consolidate "is MMIO SPTE" code
    - KVM: x86: only do L1TF workaround on affected processors
    - x86/speculation: Avoid force-disabling IBPB based on STIBP and enhanced
      IBRS.
    - x86/speculation: PR_SPEC_FORCE_DISABLE enforcement for indirect branches.
    - spi: Fix controller unregister order
    - spi: pxa2xx: Fix controller unregister order
    - spi: bcm2835: Fix controller unregister order
    - spi: pxa2xx: Fix runtime PM ref imbalance on probe error
    - crypto: virtio: Fix use-after-free in virtio_crypto_skcipher_finalize_req()
    - crypto: virtio: Fix src/dst scatterlist calculation in
      __virtio_crypto_skcipher_do_req()
    - crypto: virtio: Fix dest length calculation in
      __virtio_crypto_skcipher_do_req()
    - selftests/net: in rxtimestamp getopt_long needs terminating null entry
    - ovl: initialize error in ovl_copy_xattr
    - proc: Use new_inode not new_inode_pseudo
    - video: fbdev: w100fb: Fix a potential double free.
    - KVM: nSVM: fix condition for filtering async PF
    - KVM: nSVM: leave ASID aside in copy_vmcb_control_area
    - KVM: nVMX: Consult only the "basic" exit reason when routing nested exit
    - KVM: MIPS: Define KVM_ENTRYHI_ASID to cpu_asid_mask(&boot_cpu_data)
    - KVM: MIPS: Fix VPN2_MASK definition for variable cpu_vmbits
    - KVM: arm64: Make vcpu_cp1x() work on Big Endian hosts
    - scsi: megaraid_sas: TM command refire leads to controller firmware crash
    - ath9k: Fix use-after-free Read in ath9k_wmi_ctrl_rx
    - ath9k: Fix use-after-free Write in ath9k_htc_rx_msg
    - ath9x: Fix stack-out-of-bounds Write in ath9k_hif_usb_rx_cb
    - ath9k: Fix general protection fault in ath9k_hif_usb_rx_cb
    - Smack: slab-out-of-bounds in vsscanf
    - drm/vkms: Hold gem object while still in-use
    - mm/slub: fix a memory leak in sysfs_slab_add()
    - fat: don't allow to mount if the FAT length == 0
    - perf: Add cond_resched() to task_function_call()
    - agp/intel: Reinforce the barrier after GTT updates
    - mmc: sdhci-msm: Clear tuning done flag while hs400 tuning
    - ARM: dts: at91: sama5d2_ptc_ek: fix sdmmc0 node description
    - mmc: sdio: Fix potential NULL pointer error in mmc_sdio_init_card()
    - xen/pvcalls-back: test for errors when calling backend_connect()
    - KVM: arm64: Synchronize sysreg state on injecting an AArch32 exception
    - ACPI: GED: use correct trigger type field in _Exx / _Lxx handling
    - drm: bridge: adv7511: Extend list of audio sample rates
    - crypto: ccp -- don't "select" CONFIG_DMADEVICES
    - media: si2157: Better check for running tuner in init
    - objtool: Ignore empty alternatives
    - spi: pxa2xx: Apply CS clk quirk to BXT
    - net: atlantic: make hw_get_regs optional
    - net: ena: fix error returning in ena_com_get_hash_function()
    - efi/libstub/x86: Work around LLVM ELF quirk build regression
    - arm64: cacheflush: Fix KGDB trap detection
    - spi: dw: Zero DMA Tx and Rx configurations on stack
    - arm64: insn: Fix two bugs in encoding 32-bit logical immediates
    - ixgbe: Fix XDP redirect on archs with PAGE_SIZE above 4K
    - MIPS: Loongson: Build ATI Radeon GPU driver as module
    - Bluetooth: Add SCO fallback for invalid LMP parameters error
    - kgdb: Disable WARN_CONSOLE_UNLOCKED for all kgdb
    - kgdb: Prevent infinite recursive entries to the debugger
    - spi: dw: Enable interrupts in accordance with DMA xfer mode
    - clocksource: dw_apb_timer: Make CPU-affiliation being optional
    - clocksource: dw_apb_timer_of: Fix missing clockevent timers
    - btrfs: do not ignore error from btrfs_next_leaf() when inserting checksums
    - ARM: 8978/1: mm: make act_mm() respect THREAD_SIZE
    - batman-adv: Revert "disable ethtool link speed detection when auto
      negotiation off"
    - mmc: meson-mx-sdio: trigger a soft reset after a timeout or CRC error
    - spi: dw: Fix Rx-only DMA transfers
    - x86/kvm/hyper-v: Explicitly align hcall param for kvm_hyperv_exit
    - net: vmxnet3: fix possible buffer overflow caused by bad DMA value in
      vmxnet3_get_rss()
    - staging: android: ion: use vmap instead of vm_map_ram
    - brcmfmac: fix wrong location to get firmware feature
    - tools api fs: Make xxx__mountpoint() more scalable
    - e1000: Distribute switch variables for initialization
    - dt-bindings: display: mediatek: control dpi pins mode to avoid leakage
    - audit: fix a net reference leak in audit_send_reply()
    - media: dvb: return -EREMOTEIO on i2c transfer failure.
    - media: platform: fcp: Set appropriate DMA parameters
    - MIPS: Make sparse_init() using top-down allocation
    - Bluetooth: btbcm: Add 2 missing models to subver tables
    - audit: fix a net reference leak in audit_list_rules_send()
    - netfilter: nft_nat: return EOPNOTSUPP if type or flags are not supported
    - selftests/bpf: Fix memory leak in extract_build_id()
    - net: bcmgenet: set Rx mode before starting netif
    - lib/mpi: Fix 64-bit MIPS build with Clang
    - exit: Move preemption fixup up, move blocking operations down
    - sched/core: Fix illegal RCU from offline CPUs
    - drivers/perf: hisi: Fix typo in events attribute array
    - net: lpc-enet: fix error return code in lpc_mii_init()
    - media: cec: silence shift wrapping warning in __cec_s_log_addrs()
    - net: allwinner: Fix use correct return type for ndo_start_xmit()
    - powerpc/spufs: fix copy_to_user while atomic
    - xfs: clean up the error handling in xfs_swap_extents
    - Crypto/chcr: fix for ccm(aes) failed test
    - MIPS: Truncate link address into 32bit for 32bit kernel
    - mips: cm: Fix an invalid error code of INTVN_*_ERR
    - kgdb: Fix spurious true from in_dbg_master()
    - xfs: reset buffer write failure state on successful completion
    - xfs: fix duplicate verification from xfs_qm_dqflush()
    - platform/x86: intel-vbtn: Use acpi_evaluate_integer()
    - platform/x86: intel-vbtn: Split keymap into buttons and switches parts
    - platform/x86: intel-vbtn: Do not advertise switches to userspace if they are
      not there
    - platform/x86: intel-vbtn: Also handle tablet-mode switch on "Detachable" and
      "Portable" chassis-types
    - nvme: refine the Qemu Identify CNS quirk
    - ath10k: Remove msdu from idr when management pkt send fails
    - wcn36xx: Fix error handling path in 'wcn36xx_probe()'
    - net: qed*: Reduce RX and TX default ring count when running inside kdump
      kernel
    - mt76: avoid rx reorder buffer overflow
    - md: don't flush workqueue unconditionally in md_open
    - veth: Adjust hard_start offset on redirect XDP frames
    - net/mlx5e: IPoIB, Drop multicast packets that this interface sent
    - rtlwifi: Fix a double free in _rtl_usb_tx_urb_setup()
    - mwifiex: Fix memory corruption in dump_station
    - x86/boot: Correct relocation destination on old linkers
    - mips: MAAR: Use more precise address mask
    - mips: Add udelay lpj numbers adjustment
    - crypto: stm32/crc32 - fix ext4 chksum BUG_ON()
    - crypto: stm32/crc32 - fix run-time self test issue.
    - crypto: stm32/crc32 - fix multi-instance
    - x86/mm: Stop printing BRK addresses
    - m68k: mac: Don't call via_flush_cache() on Mac IIfx
    - btrfs: qgroup: mark qgroup inconsistent if we're inherting snapshot to a new
      qgroup
    - macvlan: Skip loopback packets in RX handler
    - PCI: Don't disable decoding when mmio_always_on is set
    - MIPS: Fix IRQ tracing when call handle_fpe() and handle_msa_fpe()
    - bcache: fix refcount underflow in bcache_device_free()
    - mmc: sdhci-msm: Set SDHCI_QUIRK_MULTIBLOCK_READ_ACMD12 quirk
    - staging: greybus: sdio: Respect the cmd->busy_timeout from the mmc core
    - mmc: via-sdmmc: Respect the cmd->busy_timeout from the mmc core
    - ixgbe: fix signed-integer-overflow warning
    - mmc: sdhci-esdhc-imx: fix the mask for tuning start point
    - spi: dw: Return any value retrieved from the dma_transfer callback
    - cpuidle: Fix three reference count leaks
    - platform/x86: hp-wmi: Convert simple_strtoul() to kstrtou32()
    - platform/x86: intel-hid: Add a quirk to support HP Spectre X2 (2015)
    - platform/x86: intel-vbtn: Only blacklist SW_TABLET_MODE on the 9 / "Laptop"
      chasis-type
    - string.h: fix incompatibility between FORTIFY_SOURCE and KASAN
    - btrfs: include non-missing as a qualifier for the latest_bdev
    - btrfs: send: emit file capabilities after chown
    - mm: thp: make the THP mapcount atomic against __split_huge_pmd_locked()
    - mm: initialize deferred pages with interrupts enabled
    - ima: Fix ima digest hash table key calculation
    - ima: Directly assign the ima_default_policy pointer to ima_rules
    - evm: Fix possible memory leak in evm_calc_hmac_or_hash()
    - ext4: fix EXT_MAX_EXTENT/INDEX to check for zeroed eh_max
    - ext4: fix error pointer dereference
    - ext4: fix race between ext4_sync_parent() and rename()
    - PCI: Avoid Pericom USB controller OHCI/EHCI PME# defect
    - PCI: Add ACS quirk for iProc PAXB
    - PCI: Add ACS quirk for Intel Root Complex Integrated Endpoints
    - PCI: mediatek: Add controller support for MT7629
    - ALSA: lx6464es - add support for LX6464ESe pci express variant
    - PCI: Add Genesys Logic, Inc. Vendor ID
    - PCI: Add Amazon's Annapurna Labs vendor ID
    - PCI: vmd: Add device id for VMD device 8086:9A0B
    - x86/amd_nb: Add Family 19h PCI IDs
    - PCI: Add Loongson vendor ID
    - serial: 8250_pci: Move Pericom IDs to pci_ids.h
    - btrfs: fix error handling when submitting direct I/O bio
    - btrfs: fix wrong file range cleanup after an error filling dealloc range
    - ima: Call ima_calc_boot_aggregate() in ima_eventdigest_init()
    - PCI: Program MPS for RCiEP devices
    - e1000e: Relax condition to trigger reset for ME workaround
    - carl9170: remove P2P_GO support
    - media: go7007: fix a miss of snd_card_free
    - Bluetooth: hci_bcm: fix freeing not-requested IRQ
    - b43legacy: Fix case where channel status is corrupted
    - b43: Fix connection problem with WPA3
    - b43_legacy: Fix connection problem with WPA3
    - media: ov5640: fix use of destroyed mutex
    - igb: Report speed and duplex as unknown when device is runtime suspended
    - power: vexpress: add suppress_bind_attrs to true
    - pinctrl: samsung: Correct setting of eint wakeup mask on s5pv210
    - pinctrl: samsung: Save/restore eint_mask over suspend for EINT_TYPE GPIOs
    - gnss: sirf: fix error return code in sirf_probe()
    - sparc32: fix register window handling in genregs32_[gs]et()
    - sparc64: fix misuses of access_process_vm() in genregs32_[sg]et()
    - dm crypt: avoid truncating the logical block size
    - alpha: fix memory barriers so that they conform to the specification
    - kernel/cpu_pm: Fix uninitted local in cpu_pm
    - ARM: tegra: Correct PL310 Auxiliary Control Register initialization
    - ARM: dts: exynos: Fix GPIO polarity for thr GalaxyS3 CM36651 sensor's bus
    - ARM: dts: at91: sama5d2_ptc_ek: fix vbus pin
    - ARM: dts: s5pv210: Set keep-power-in-suspend for SDHCI1 on Aries
    - drivers/macintosh: Fix memleak in windfarm_pm112 driver
    - powerpc/64s: Don't let DT CPU features set FSCR_DSCR
    - powerpc/64s: Save FSCR to init_task.thread.fscr after feature init
    - kbuild: force to build vmlinux if CONFIG_MODVERSION=y
    - sunrpc: svcauth_gss_register_pseudoflavor must reject duplicate
      registrations.
    - sunrpc: clean up properly in gss_mech_unregister()
    - mtd: rawnand: brcmnand: fix hamming oob layout
    - mtd: rawnand: pasemi: Fix the probe error path
    - w1: omap-hdq: cleanup to add missing newline for some dev_dbg
    - perf probe: Do not show the skipped events
    - perf probe: Fix to check blacklist address correctly
    - perf probe: Check address correctness by map instead of _etext
    - perf symbols: Fix debuginfo search for Ubuntu
    - mlxsw: core: Use different get_trend() callbacks for different thermal zones
    - elfnote: mark all .note sections SHF_ALLOC
    - csky: Fixup abiv2 syscall_trace break a4 & a5
    - gfs2: Even more gfs2_find_jhead fixes
    - spi: dw: Fix native CS being unset
    - s390/pci: Log new handle in clp_disable_fh()
    - PCI/PM: Adjust pcie_wait_for_link_delay() for caller delay
    - selftests: fix flower parent qdisc
    - fanotify: fix ignore mask logic for events on child and on dir
    - perf/x86/intel: Add more available bits for OFFCORE_RESPONSE of Intel
      Tremont
    - KVM: x86: respect singlestep when emulating instruction
    - powerpc/ptdump: Properly handle non standard page size
    - ASoC: max9867: fix volume controls
    - io_uring: use kvfree() in io_sqe_buffer_register()
    - smb3: fix incorrect number of credits when ioctl MaxOutputResponse > 64K
    - smb3: add indatalen that can be a non-zero value to calculation of credit
      charge in smb2 ioctl
    - watchdog: imx_sc_wdt: Fix reboot on crash
    - ALSA: fireface: fix configuration error for nominal sampling transfer
      frequency
    - ALSA: pcm: fix snd_pcm_link() lockdep splat
    - arm64: acpi: fix UBSAN warning
    - lib/lzo: fix ambiguous encoding bug in lzo-rle
    - spi: bcm-qspi: Handle clock probe deferral
    - gup: document and work around "COW can break either way" issue
    - crypto: algapi - Avoid spurious modprobe on LOADED
    - crypto: drbg - fix error return code in drbg_alloc_state()
    - firmware: imx: warn on unexpected RX
    - firmware: imx-scu: Support one TX and one RX
    - firmware: imx: scu: Fix corruption of header
    - dccp: Fix possible memleak in dccp_init and dccp_fini
    - net/mlx5: drain health workqueue in case of driver load error
    - net/mlx5: Fix fatal error handling during device load
    - net/mlx5e: Fix repeated XSK usage on one channel
    - remoteproc: Fall back to using parent memory pool if no dedicated available
    - remoteproc: Fix and restore the parenting hierarchy for vdev
    - cpufreq: Fix up cpufreq_boost_set_sw()
    - EDAC/skx: Use the mcmtr register to retrieve close_pg/bank_xor_enable
    - video: vt8500lcdfb: fix fallthrough warning
    - KVM: nVMX: Skip IBPB when switching between vmcs01 and vmcs02
    - KVM: arm64: Stop writing aarch32's CSSELR into ACTLR
    - selftests/ftrace: Return unsupported if no error_log file
    - mmc: mmci_sdmmc: fix DMA API warning overlapping mappings
    - mmc: tmio: Further fixup runtime PM management at remove
    - mmc: uniphier-sd: call devm_request_irq() after tmio_mmc_host_probe()
    - mmc: sdio: Fix several potential memory leaks in mmc_sdio_init_card()
    - block/floppy: fix contended case in floppy_queue_rq()
    - KVM: arm64: Save the host's PtrAuth keys in non-preemptible context

* Eoan update: upstream stable patchset 2020-06-24 (LP: #1885011)
    - devinet: fix memleak in inetdev_init()
    - l2tp: add sk_family checks to l2tp_validate_socket
    - l2tp: do not use inet_hash()/inet_unhash()
    - net: usb: qmi_wwan: add Telit LE910C1-EUX composition
    - NFC: st21nfca: add missed kfree_skb() in an error path
    - vsock: fix timeout in vsock_accept()
    - net: check untrusted gso_size at kernel entry
    - USB: serial: qcserial: add DW5816e QDL support
    - USB: serial: usb_wwan: do not resubmit rx urb on fatal errors
    - USB: serial: option: add Telit LE910C1-EUX compositions
    - iio: vcnl4000: Fix i2c swapped word reading.
    - usb: musb: start session in resume for host port
    - usb: musb: Fix runtime PM imbalance on error
    - vt: keyboard: avoid signed integer overflow in k_ascii
    - tty: hvc_console, fix crashes on parallel open/close
    - staging: rtl8712: Fix IEEE80211_ADDBA_PARAM_BUF_SIZE_MASK
    - CDC-ACM: heed quirk also in error handling
    - nvmem: qfprom: remove incorrect write support
    - uprobes: ensure that uprobe->offset and ->ref_ctr_offset are properly
      aligned
    - Revert "net/mlx5: Annotate mutex destroy for root ns"
    - net/mlx5: Fix crash upon suspend/resume
    - net: stmmac: enable timestamp snapshot for required PTP packets in dwmac
      v5.10a
    - nfp: flower: fix used time of merge flow statistics
    - net: be more gentle about silly gso requests coming from user
    - USB: serial: ch341: add basis for quirk detection
    - iio:chemical:sps30: Fix timestamp alignment
    - iio:chemical:pms7003: Fix timestamp alignment and prevent data leak.
    - iio: adc: stm32-adc: fix a wrong error message when probing interrupts

* Eoan update: upstream stable patchset 2020-06-19 (LP: #1884296)
    - Revert "cgroup: Add memory barriers to plug cgroup_rstat_updated() race
      window"
    - HID: sony: Fix for broken buttons on DS3 USB dongles
    - HID: i2c-hid: add Schneider SCL142ALM to descriptor override
    - p54usb: add AirVasT USB stick device-id
    - mmc: fix compilation of user API
    - scsi: ufs: Release clock if DMA map fails
    - net: dsa: mt7530: set CPU port to fallback mode
    - airo: Fix read overflows sending packets
    - powerpc/powernv: Avoid re-registration of imc debugfs directory
    - s390/ftrace: save traced function caller
    - ARC: Fix ICCM & DCCM runtime size checks
    - ARC: [plat-eznps]: Restrict to CONFIG_ISA_ARCOMPACT
    - evm: Fix RCU list related warnings
    - i2c: altera: Fix race between xfer_msg and isr thread
    - x86/mmiotrace: Use cpumask_available() for cpumask_var_t variables
    - net: bmac: Fix read of MAC address from ROM
    - drm/edid: Add Oculus Rift S to non-desktop list
    - s390/mm: fix set_huge_pte_at() for empty ptes
    - null_blk: return error for invalid zone size
    - net/ethernet/freescale: rework quiesce/activate for ucc_geth
    - net: ethernet: stmmac: Enable interface clocks on probe for IPQ806x
    - net: smsc911x: Fix runtime PM imbalance on error
    - HID: multitouch: add support for the Smart Tech panel
    - HID: multitouch: enable multi-input as a quirk for some devices
    - mt76: mt76x02u: Add support for newer versions of the XBox One wifi adapter
    - media: Revert "staging: imgu: Address a compiler warning on alignment"
    - media: staging: ipu3-imgu: Move alignment attribute to field
    - ASoC: intel - fix the card names
    - RDMA/qedr: Fix qpids xarray api used
    - RDMA/qedr: Fix synchronization methods and memory leaks in qedr
    - io_uring: initialize ctx->sqo_wait earlier
    - selftests: mlxsw: qos_mc_aware: Specify arping timeout as an integer

* Eoan update: upstream stable patchset 2020-06-09 (LP: #1882831)
    - ax25: fix setsockopt(SO_BINDTODEVICE)
    - dpaa_eth: fix usage as DSA master, try 3
    - net: dsa: mt7530: fix roaming from DSA user ports
    - __netif_receive_skb_core: pass skb by reference
    - net: inet_csk: Fix so_reuseport bind-address cache in tb->fast*
    - net: ipip: fix wrong address family in init error path
    - net/mlx5: Add command entry handling completion
    - net: qrtr: Fix passing invalid reference to qrtr_local_enqueue()
    - net: revert "net: get rid of an signed integer overflow in
      ip_idents_reserve()"
    - net sched: fix reporting the first-time use timestamp
    - r8152: support additional Microsoft Surface Ethernet Adapter variant
    - sctp: Don't add the shutdown timer if its already been added
    - sctp: Start shutdown on association restart if in SHUTDOWN-SENT state and
      socket is closed
    - net/mlx5e: Update netdev txq on completions during closure
    - net/mlx5: Annotate mutex destroy for root ns
    - net: sun: fix missing release regions in cas_init_one().
    - net/mlx4_core: fix a memory leak bug.
    - mlxsw: spectrum: Fix use-after-free of split/unsplit/type_set in case reload
      fails
    - ARM: dts: rockchip: fix phy nodename for rk3228-evb
    - arm64: dts: rockchip: fix status for &gmac2phy in rk3328-evb.dts
    - arm64: dts: rockchip: swap interrupts interrupt-names rk3399 gpu node
    - ARM: dts: rockchip: swap clock-names of gpu nodes
    - ARM: dts: rockchip: fix pinctrl sub nodename for spi in rk322x.dtsi
    - gpio: tegra: mask GPIO IRQs during IRQ shutdown
    - ALSA: usb-audio: add mapping for ASRock TRX40 Creator
    - net: microchip: encx24j600: add missed kthread_stop
    - gfs2: move privileged user check to gfs2_quota_lock_check
    - cachefiles: Fix race between read_waiter and read_copier involving op->to_do
    - usb: dwc3: pci: Enable extcon driver for Intel Merrifield
    - usb: gadget: legacy: fix redundant initialization warnings
    - net: freescale: select CONFIG_FIXED_PHY where needed
    - IB/i40iw: Remove bogus call to netdev_master_upper_dev_get()
    - riscv: stacktrace: Fix undefined reference to `walk_stackframe'
    - cifs: Fix null pointer check in cifs_read
    - samples: bpf: Fix build error
    - Input: usbtouchscreen - add support for BonXeon TP
    - Input: evdev - call input_flush_device() on release(), not flush()
    - Input: xpad - add custom init packet for Xbox One S controllers
    - Input: dlink-dir685-touchkeys - fix a typo in driver name
    - Input: i8042 - add ThinkPad S230u to i8042 reset list
    - Input: synaptics-rmi4 - really fix attn_data use-after-free
    - Input: synaptics-rmi4 - fix error return code in rmi_driver_probe()
    - ARM: 8970/1: decompressor: increase tag size
    - ARM: uaccess: consolidate uaccess asm to asm/uaccess-asm.h
    - ARM: uaccess: integrate uaccess_save and uaccess_restore
    - ARM: uaccess: fix DACR mismatch with nested exceptions
    - gpio: exar: Fix bad handling for ida_simple_get error path
    - IB/qib: Call kobject_put() when kobject_init_and_add() fails
    - ARM: dts/imx6q-bx50v3: Set display interface clock parents
    - ARM: dts: bcm2835-rpi-zero-w: Fix led polarity
    - ARM: dts: bcm: HR2: Fix PPI interrupt types
    - mmc: block: Fix use-after-free issue for rpmb
    - RDMA/pvrdma: Fix missing pci disable in pvrdma_pci_probe()
    - ALSA: hwdep: fix a left shifting 1 by 31 UB bug
    - ALSA: hda/realtek - Add a model for Thinkpad T570 without DAC workaround
    - ALSA: usb-audio: mixer: volume quirk for ESS Technology Asus USB DAC
    - exec: Always set cap_ambient in cap_bprm_set_creds
    - ALSA: usb-audio: Quirks for Gigabyte TRX40 Aorus Master onboard audio
    - ALSA: hda/realtek - Add new codec supported for ALC287
    - libceph: ignore pool overlay and cache logic on redirects
    - IB/ipoib: Fix double free of skb in case of multicast traffic in CM mode
    - mm: remove VM_BUG_ON(PageSlab()) from page_mapcount()
    - fs/binfmt_elf.c: allocate initialized memory in fill_thread_core_info()
    - include/asm-generic/topology.h: guard cpumask_of_node() macro argument
    - iommu: Fix reference count leak in iommu_group_alloc.
    - parisc: Fix kernel panic in mem_init()
    - RDMA/core: Fix double destruction of uobject
    - mac80211: mesh: fix discovery timer re-arming issue / crash
    - x86/dma: Fix max PFN arithmetic overflow on 32 bit systems
    - copy_xstate_to_kernel(): don't leave parts of destination uninitialized
    - xfrm: allow to accept packets with ipv6 NEXTHDR_HOP in xfrm_input
    - xfrm: call xfrm_output_gso when inner_protocol is set in xfrm_output
    - xfrm interface: fix oops when deleting a x-netns interface
    - xfrm: fix a warning in xfrm_policy_insert_list
    - xfrm: fix a NULL-ptr deref in xfrm_local_error
    - xfrm: fix error in comment
    - ip_vti: receive ipip packet by calling ip_tunnel_rcv
    - netfilter: nft_reject_bridge: enable reject with bridge vlan
    - netfilter: ipset: Fix subcounter update skip
    - netfilter: nfnetlink_cthelper: unbreak userspace helper support
    - netfilter: nf_conntrack_pptp: prevent buffer overflows in debug code
    - esp6: get the right proto for transport mode in esp6_gso_encap
    - bnxt_en: Fix accumulation of bp->net_stats_prev.
    - xsk: Add overflow check for u64 division, stored into u32
    - qlcnic: fix missing release in qlcnic_83xx_interrupt_test.
    - crypto: chelsio/chtls: properly set tp->lsndtime
    - bonding: Fix reference count leak in bond_sysfs_slave_add.
    - netfilter: nf_conntrack_pptp: fix compilation warning with W=1 build
    - net: don't return invalid table id error when we fall back to PF_UNSPEC
    - net: ethernet: ti: cpsw: fix ASSERT_RTNL() warning during suspend
    - net: mvpp2: fix RX hashing for non-10G ports
    - net: nlmsg_cancel() if put fails for nhmsg
    - net/tls: fix race condition causing kernel panic
    - nexthop: Fix attribute checking for groups
    - tipc: block BH before using dst_cache
    - net/mlx5e: kTLS, Destroy key object after destroying the TIS
    - net/mlx5e: Fix inner tirs handling
    - net/mlx5: Fix memory leak in mlx5_events_init
    - net/mlx5: Fix error flow in case of function_setup failure
    - net/tls: fix encryption error checking
    - net/tls: free record only on encryption error
    - gfs2: Grab glock reference sooner in gfs2_add_revoke
    - drm/amd/powerplay: perform PG ungate prior to CG ungate
    - usb: phy: twl6030-usb: Fix a resource leak in an error handling path in
      'twl6030_usb_probe()'
    - clk: ti: am33xx: fix RTC clock parent
    - csky: Fixup msa highest 3 bits mask
    - csky: Fixup perf callchain unwind
    - csky: Fixup remove duplicate irq_disable
    - csky: Fixup raw_copy_from_user()
    - arm64: dts: mt8173: fix vcodec-enc clock
    - soc: mediatek: cmdq: return send msg error code
    - gpu/drm: Ingenic: Fix opaque pointer casted to wrong type
    - gpio: pxa: Fix return value of pxa_gpio_probe()
    - gpio: bcm-kona: Fix return value of bcm_kona_gpio_probe()
    - ceph: flush release queue when handling caps for unknown inode
    - drm/amd/display: drop cursor position check in atomic test
    - Revert "block: end bio with BLK_STS_AGAIN in case of non-mq devs and
      REQ_NOWAIT"
    - gpio: fix locking open drain IRQ lines
    - xfrm: do pskb_pull properly in __xfrm_transport_prep
    - xfrm: remove the xfrm_state_put call becofe going to out_reset
    - netfilter: conntrack: make conntrack userspace helpers work again
    - ieee80211: Fix incorrect mask for default PE duration
    - nexthops: Move code from remove_nexthop_from_groups to remove_nh_grp_entry
    - nexthops: don't modify published nexthop groups
    - nexthop: Expand nexthop_is_multipath in a few places
    - ipv4: nexthop version of fib_info_nh_uses_dev
    - netfilter: conntrack: comparison of unsigned in cthelper confirmation
    - netfilter: conntrack: Pass value of ctinfo to __nf_conntrack_update
    - perf: Make perf able to build with latest libbfd

* shiftfs: O_TMPFILE reports ESTALE (LP: #1872757)
    - SAUCE: shiftfs: prevent ESTALE for LOOKUP_JUMP lookups

* shiftfs: fix btrfs regression (LP: #1884767)
    - SAUCE: Revert "UBUNTU: SAUCE: shiftfs: fix dentry revalidation"

* Update lockdown patches (LP: #1884159)
    - efi/efi_test: Lock down /dev/efi_test and require CAP_SYS_ADMIN
    - efi: Restrict efivar_ssdt_load when the kernel is locked down
    - powerpc/xmon: Restrict when kernel is locked down
    - SAUCE: acpi: disallow loading configfs acpi tables when locked down

* ip_defrag.sh in net from ubuntu_kernel_selftests failed with 5.0 / 5.3 / 5.4
    kernel (LP: #1826848)
    - SAUCE: selftests: net: ip_defrag: limit packet to 1000 fragments
    - selftests: net: ip_defrag: ignore EPERM

* CVE-2020-10757
    - mm: Fix mremap not considering huge pmd devmap

* CVE-2020-11935
    - SAUCE: aufs: do not call i_readcount_inc()
    - SAUCE: aufs: bugfix, IMA i_readcount

* apparmor reference leak causes refcount_t overflow with af_alg_accept()
    (LP: #1883962)
    - apparmor: check/put label on apparmor_sk_clone_security()

* CVE-2019-16089
    - SAUCE: nbd_genl_status: null check for nla_nest_start

* CVE-2019-19642
    - kernel/relay.c: handle alloc_percpu returning NULL in relay_open

-- Khalid Elmously <khalid.elmously@canonical.com>  Fri, 10 Jul 2020 15:22:34 -0400

Changed in linux (Ubuntu Eoan):
status:	Fix Committed → Fix Released

Revision history for this message

Ubuntu Kernel Bot (ubuntu-kernel-bot) wrote on 2020-08-10:

#15

This bug is awaiting verification that the kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-focal' to 'verification-done-focal'. If the problem still exists, change the tag 'verification-needed-focal' to 'verification-failed-focal'.

If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you!

tags:

added: verification-needed-focal

Revision history for this message

Ubuntu Kernel Bot (ubuntu-kernel-bot) wrote on 2020-08-10:

#16

This bug is awaiting verification that the kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-bionic' to 'verification-done-bionic'. If the problem still exists, change the tag 'verification-needed-bionic' to 'verification-failed-bionic'.

If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you!

tags:

added: verification-needed-bionic

Revision history for this message

Mauricio Faria de Oliveira (mfo) wrote on 2020-08-12:

#17

Verification done for Bionic.

$ uname -rv
4.15.0-113-generic #114-Ubuntu SMP Sun Aug 9 07:27:58 UTC 2020

$ ./aa-refcnt-af_alg &
$ sudo insmod kmod.ko
...
[ 335.387236] release() :: comm = aa-refcnt-af_al, pid = 5764, sk->sk_security->label->count = 0x582
[ 335.388370] accept() :: comm = aa-refcnt-af_al, pid = 5764, sk->sk_security->label->count = 0x581
[ 335.389376] release() :: comm = aa-refcnt-af_al, pid = 5764, sk->sk_security->label->count = 0x582
[ 335.390558] accept() :: comm = aa-refcnt-af_al, pid = 5764, sk->sk_security->label->count = 0x581
[ 335.391521] release() :: comm = aa-refcnt-af_al, pid = 5764, sk->sk_security->label->count = 0x582

tags:

added: verification-done-bionic
removed: verification-needed-bionic

Revision history for this message

Mauricio Faria de Oliveira (mfo) wrote on 2020-08-12:

#18

Verification done for Focal.

$ uname -rv
5.4.0-43-generic #47-Ubuntu SMP Sat Aug 8 06:34:35 UTC 2020

$ ./aa-refcnt-af_alg &
$ sudo insmod kmod.ko
...
[ 171.672847] accept() :: comm = aa-refcnt-af_al, pid = 1600, sk->sk_security->label->count = 0x583
[ 171.674249] release() :: comm = aa-refcnt-af_al, pid = 1600, sk->sk_security->label->count = 0x584
[ 171.675676] accept() :: comm = aa-refcnt-af_al, pid = 1600, sk->sk_security->label->count = 0x583
[ 171.676932] release() :: comm = aa-refcnt-af_al, pid = 1600, sk->sk_security->label->count = 0x584
[ 171.678154] accept() :: comm = aa-refcnt-af_al, pid = 1600, sk->sk_security->label->count = 0x583
[ 171.679617] release() :: comm = aa-refcnt-af_al, pid = 1600, sk->sk_security->label->count = 0x584

tags:

added: verification-done-focal
removed: verification-needed-focal

Revision history for this message

Launchpad Janitor (janitor) wrote on 2020-08-31:

#19

Download full text (97.9 KiB)

This bug was fixed in the package linux - 5.4.0-45.49

---------------
linux (5.4.0-45.49) focal; urgency=medium

* focal/linux: 5.4.0-45.49 -proposed tracker (LP: #1893050)

  * [Potential Regression] dscr_inherit_exec_test from powerpc in
    ubuntu_kernel_selftests failed on B/E/F (LP: #1888332)
    - powerpc/64s: Don't init FSCR_DSCR in __init_FSCR()

linux (5.4.0-44.48) focal; urgency=medium

* focal/linux: 5.4.0-44.48 -proposed tracker (LP: #1891049)

* Packaging resync (LP: #1786013)
- [Packaging] update helper scripts

* ipsec: policy priority management is broken (LP: #1890796)
- xfrm: policy: match with both mark and mask on user interfaces

linux (5.4.0-43.47) focal; urgency=medium

* focal/linux: 5.4.0-43.47 -proposed tracker (LP: #1890746)

* Packaging resync (LP: #1786013)
- update dkms package versions

  * Devlink - add RoCE disable kernel support (LP: #1877270)
    - devlink: Add new "enable_roce" generic device param
    - net/mlx5: Document flow_steering_mode devlink param
    - net/mlx5: Handle "enable_roce" devlink param
    - IB/mlx5: Rename profile and init methods
    - IB/mlx5: Load profile according to RoCE enablement state
    - net/mlx5: Remove unneeded variable in mlx5_unload_one
    - net/mlx5: Add devlink reload
    - IB/mlx5: Do reverse sequence during device removal

* msg_zerocopy.sh in net from ubuntu_kernel_selftests failed (LP: #1812620)
- selftests/net: relax cpu affinity requirement in msg_zerocopy test

  * Enlarge hisi_sec2 capability (LP: #1890222)
    - Revert "UBUNTU: [Config] Disable hisi_sec2 temporarily"
    - crypto: hisilicon - update SEC driver module parameter

* Fix missing HDMI/DP Audio on an HP Desktop (LP: #1890441)
- ALSA: hda/hdmi: Add quirk to force connectivity

* Fix IOMMU error on AMD Radeon Pro W5700 (LP: #1890306)
- PCI: Mark AMD Navi10 GPU rev 0x00 ATS as broken

  * ASoC:amd:renoir: the dmic can't record sound after suspend and resume
    (LP: #1890220)
    - SAUCE: ASoC: amd: renoir: restore two more registers during resume

  * No sound, Dummy output on Acer Swift 3 SF314-57G with Ice Lake core-i7 CPU
    (LP: #1877757)
    - ASoC: SOF: Intel: hda: fix generic hda codec support

* Fix right speaker of HP laptop (LP: #1889375)
- SAUCE: hda/realtek: Fix right speaker of HP laptop

* blk_update_request error when mount nvme partition (LP: #1872383)
- SAUCE: nvme-pci: prevent SK hynix PC400 from using Write Zeroes command

  * soc/amd/renoir: detect dmic from acpi table (LP: #1887734)
    - ASoC: amd: add logic to check dmic hardware runtime
    - ASoC: amd: add ACPI dependency check
    - ASoC: amd: fixed kernel warnings

  * soc/amd/renoir: change the module name to make it work with ucm3
    (LP: #1888166)
    - AsoC: amd: add missing snd- module prefix to the acp3x-rn driver kernel
      module
    - SAUCE: remove a kernel module since its name is changed

  * Focal update: v5.4.55 upstream stable release (LP: #1890343)
    - AX.25: Fix out-of-bounds read in ax25_connect()
    - AX.25: Prevent out-of-bounds read in ax25_sendmsg()
    - dev: Defer free of skbs in flush_backlog
    - drivers/net/wan/x25_asy: Fix to make i...

This bug was fixed in the package linux - 5.4.0-45.49

---------------
linux (5.4.0-45.49) focal; urgency=medium

* focal/linux: 5.4.0-45.49 -proposed tracker (LP: #1893050)

* [Potential Regression] dscr_inherit_exec_test from powerpc in
    ubuntu_kernel_selftests failed on B/E/F (LP: #1888332)
    - powerpc/64s: Don't init FSCR_DSCR in __init_FSCR()

linux (5.4.0-44.48) focal; urgency=medium

* focal/linux: 5.4.0-44.48 -proposed tracker (LP: #1891049)

* Packaging resync (LP: #1786013)
    - [Packaging] update helper scripts

* ipsec: policy priority management is broken (LP: #1890796)
    - xfrm: policy: match with both mark and mask on user interfaces

linux (5.4.0-43.47) focal; urgency=medium

* focal/linux: 5.4.0-43.47 -proposed tracker (LP: #1890746)

* Packaging resync (LP: #1786013)
    - update dkms package versions

* Devlink -  add RoCE disable kernel support  (LP: #1877270)
    - devlink: Add new "enable_roce" generic device param
    - net/mlx5: Document flow_steering_mode devlink param
    - net/mlx5: Handle "enable_roce" devlink param
    - IB/mlx5: Rename profile and init methods
    - IB/mlx5: Load profile according to RoCE enablement state
    - net/mlx5: Remove unneeded variable in mlx5_unload_one
    - net/mlx5: Add devlink reload
    - IB/mlx5: Do reverse sequence during device removal

* msg_zerocopy.sh in net from ubuntu_kernel_selftests failed (LP: #1812620)
    - selftests/net: relax cpu affinity requirement in msg_zerocopy test

* Enlarge hisi_sec2 capability (LP: #1890222)
    - Revert "UBUNTU: [Config] Disable hisi_sec2 temporarily"
    - crypto: hisilicon - update SEC driver module parameter

* Fix missing HDMI/DP Audio on an HP Desktop (LP: #1890441)
    - ALSA: hda/hdmi: Add quirk to force connectivity

* Fix IOMMU error on AMD Radeon Pro W5700 (LP: #1890306)
    - PCI: Mark AMD Navi10 GPU rev 0x00 ATS as broken

* ASoC:amd:renoir:  the dmic can't record sound after suspend and resume
    (LP: #1890220)
    - SAUCE: ASoC: amd: renoir: restore two more registers during resume

* No sound, Dummy output on Acer Swift 3 SF314-57G with Ice Lake core-i7  CPU
    (LP: #1877757)
    - ASoC: SOF: Intel: hda: fix generic hda codec support

* Fix right speaker of HP laptop (LP: #1889375)
    - SAUCE: hda/realtek: Fix right speaker of HP laptop

* blk_update_request error when mount nvme partition (LP: #1872383)
    - SAUCE: nvme-pci: prevent SK hynix PC400 from using Write Zeroes command

* soc/amd/renoir: detect dmic from acpi table (LP: #1887734)
    - ASoC: amd: add logic to check dmic hardware runtime
    - ASoC: amd: add ACPI dependency check
    - ASoC: amd: fixed kernel warnings

* soc/amd/renoir: change the module name to make it work with ucm3
    (LP: #1888166)
    - AsoC: amd: add missing snd- module prefix to the acp3x-rn driver kernel
      module
    - SAUCE: remove a kernel module since its name is changed

* Focal update: v5.4.55 upstream stable release (LP: #1890343)
    - AX.25: Fix out-of-bounds read in ax25_connect()
    - AX.25: Prevent out-of-bounds read in ax25_sendmsg()
    - dev: Defer free of skbs in flush_backlog
    - drivers/net/wan/x25_asy: Fix to make it work
    - ip6_gre: fix null-ptr-deref in ip6gre_init_net()
    - net-sysfs: add a newline when printing 'tx_timeout' by sysfs
    - net: udp: Fix wrong clean up for IS_UDPLITE macro
    - qrtr: orphan socket in qrtr_release()
    - rtnetlink: Fix memory(net_device) leak when ->newlink fails
    - rxrpc: Fix sendmsg() returning EPIPE due to recvmsg() returning ENODATA
    - tcp: allow at most one TLP probe per flight
    - AX.25: Prevent integer overflows in connect and sendmsg
    - sctp: shrink stream outq only when new outcnt < old outcnt
    - sctp: shrink stream outq when fails to do addstream reconf
    - udp: Copy has_conns in reuseport_grow().
    - udp: Improve load balancing for SO_REUSEPORT.
    - regmap: debugfs: check count when read regmap file
    - PM: wakeup: Show statistics for deleted wakeup sources again
    - Revert "dpaa_eth: fix usage as DSA master, try 3"
    - Linux 5.4.55

* Add support for Atlantic NIC firmware v4 (LP: #1886908)
    - net: atlantic: simplify hw_get_fw_version() usage
    - net: atlantic: align return value of ver_match function with function name
    - net: atlantic: add support for FW 4.x

* perf vendor events s390: Add new deflate counters for IBM z15 (LP: #1888551)
    - perf vendor events s390: Add new deflate counters for IBM z15

* Focal update: v5.4.54 upstream stable release (LP: #1889669)
    - soc: qcom: rpmh: Dirt can only make you dirtier, not cleaner
    - gpio: arizona: handle pm_runtime_get_sync failure case
    - gpio: arizona: put pm_runtime in case of failure
    - pinctrl: amd: fix npins for uart0 in kerncz_groups
    - mac80211: allow rx of mesh eapol frames with default rx key
    - scsi: scsi_transport_spi: Fix function pointer check
    - xtensa: fix __sync_fetch_and_{and,or}_4 declarations
    - xtensa: update *pos in cpuinfo_op.next
    - scsi: mpt3sas: Fix unlock imbalance
    - drivers/net/wan/lapbether: Fixed the value of hard_header_len
    - ALSA: hda/hdmi: fix failures at PCM open on Intel ICL and later
    - net: sky2: initialize return of gm_phy_read
    - drm/nouveau/i2c/g94-: increase NV_PMGR_DP_AUXCTL_TRANSACTREQ timeout
    - scsi: mpt3sas: Fix error returns in BRM_status_show
    - scsi: dh: Add Fujitsu device to devinfo and dh lists
    - dm: use bio_uninit instead of bio_disassociate_blkg
    - drivers/firmware/psci: Fix memory leakage in alloc_init_cpu_groups()
    - fuse: fix weird page warning
    - irqdomain/treewide: Keep firmware node unconditionally allocated
    - ARM: dts: imx6qdl-gw551x: Do not use 'simple-audio-card,dai-link'
    - ARM: dts: imx6qdl-gw551x: fix audio SSI
    - dmabuf: use spinlock to access dmabuf->name
    - drm/amd/display: Check DMCU Exists Before Loading
    - SUNRPC reverting d03727b248d0 ("NFSv4 fix CLOSE not waiting for direct IO
      compeletion")
    - btrfs: reloc: fix reloc root leak and NULL pointer dereference
    - btrfs: reloc: clear DEAD_RELOC_TREE bit for orphan roots to prevent runaway
      balance
    - uprobes: Change handle_swbp() to send SIGTRAP with si_code=SI_KERNEL, to fix
      GDB regression
    - ALSA: hda/realtek: Fixed ALC298 sound bug by adding quirk for Samsung
      Notebook Pen S
    - ALSA: info: Drop WARN_ON() from buffer NULL sanity check
    - ASoC: rt5670: Correct RT5670_LDO_SEL_MASK
    - btrfs: fix double free on ulist after backref resolution failure
    - btrfs: fix mount failure caused by race with umount
    - btrfs: fix page leaks after failure to lock page for delalloc
    - bnxt_en: Fix race when modifying pause settings.
    - bnxt_en: Fix completion ring sizing with TPA enabled.
    - fpga: dfl: pci: reduce the scope of variable 'ret'
    - fpga: dfl: fix bug in port reset handshake
    - hippi: Fix a size used in a 'pci_free_consistent()' in an error handling
      path
    - vsock/virtio: annotate 'the_virtio_vsock' RCU pointer
    - ax88172a: fix ax88172a_unbind() failures
    - RDMA/mlx5: Use xa_lock_irq when access to SRQ table
    - ASoC: Intel: bytcht_es8316: Add missed put_device()
    - net: dp83640: fix SIOCSHWTSTAMP to update the struct with actual
      configuration
    - ieee802154: fix one possible memleak in adf7242_probe
    - drm: sun4i: hdmi: Fix inverted HPD result
    - net: smc91x: Fix possible memory leak in smc_drv_probe()
    - bonding: check error value of register_netdevice() immediately
    - mlxsw: destroy workqueue when trap_register in mlxsw_emad_init
    - ionic: use offset for ethtool regs data
    - ionic: fix up filter locks and debug msgs
    - net: ag71xx: add missed clk_disable_unprepare in error path of probe
    - net: hns3: fix error handling for desc filling
    - net: dsa: microchip: call phy_remove_link_mode during probe
    - netdevsim: fix unbalaced locking in nsim_create()
    - qed: suppress "don't support RoCE & iWARP" flooding on HW init
    - qed: suppress false-positives interrupt error messages on HW init
    - ipvs: fix the connection sync failed in some cases
    - net: ethernet: ave: Fix error returns in ave_init
    - Revert "PCI/PM: Assume ports without DLL Link Active train links in 100 ms"
    - nfsd4: fix NULL dereference in nfsd/clients display code
    - enetc: Remove the mdio bus on PF probe bailout
    - i2c: rcar: always clear ICSAR to avoid side effects
    - i2c: i2c-qcom-geni: Fix DMA transfer race
    - bonding: check return value of register_netdevice() in bond_newlink()
    - geneve: fix an uninitialized value in geneve_changelink()
    - serial: exar: Fix GPIO configuration for Sealevel cards based on XR17V35X
    - scripts/decode_stacktrace: strip basepath from all paths
    - scripts/gdb: fix lx-symbols 'gdb.error' while loading modules
    - HID: i2c-hid: add Mediacom FlexBook edge13 to descriptor override
    - HID: alps: support devices with report id 2
    - HID: steam: fixes race in handling device list.
    - HID: apple: Disable Fn-key key-re-mapping on clone keyboards
    - dmaengine: tegra210-adma: Fix runtime PM imbalance on error
    - Input: add `SW_MACHINE_COVER`
    - ARM: dts: n900: remove mmc1 card detect gpio
    - spi: mediatek: use correct SPI_CFG2_REG MACRO
    - regmap: dev_get_regmap_match(): fix string comparison
    - hwmon: (aspeed-pwm-tacho) Avoid possible buffer overflow
    - dmaengine: fsl-edma: fix wrong tcd endianness for big-endian cpu
    - dmaengine: ioat setting ioat timeout as module parameter
    - Input: synaptics - enable InterTouch for ThinkPad X1E 1st gen
    - Input: elan_i2c - only increment wakeup count on touch
    - usb: dwc3: pci: add support for the Intel Tiger Lake PCH -H variant
    - usb: dwc3: pci: add support for the Intel Jasper Lake
    - usb: gadget: udc: gr_udc: fix memleak on error handling path in gr_ep_init()
    - usb: cdns3: ep0: fix some endian issues
    - usb: cdns3: trace: fix some endian issues
    - hwmon: (adm1275) Make sure we are reading enough data for different chips
    - drm/amdgpu/gfx10: fix race condition for kiq
    - drm/amdgpu: fix preemption unit test
    - hwmon: (nct6775) Accept PECI Calibration as temperature source for NCT6798D
    - platform/x86: ISST: Add new PCI device ids
    - platform/x86: asus-wmi: allow BAT1 battery name
    - hwmon: (scmi) Fix potential buffer overflow in scmi_hwmon_probe()
    - ALSA: hda/realtek - fixup for yet another Intel reference board
    - drivers/perf: Fix kernel panic when rmmod PMU modules during perf sampling
    - arm64: Use test_tsk_thread_flag() for checking TIF_SINGLESTEP
    - x86: math-emu: Fix up 'cmp' insn for clang ias
    - asm-generic/mmiowb: Allow mmiowb_set_pending() when preemptible()
    - drivers/perf: Prevent forced unbinding of PMU drivers
    - RISC-V: Upgrade smp_mb__after_spinlock() to iorw,iorw
    - binder: Don't use mmput() from shrinker function.
    - usb: xhci-mtk: fix the failure of bandwidth allocation
    - usb: xhci: Fix ASM2142/ASM3142 DMA addressing
    - Revert "cifs: Fix the target file was deleted when rename failed."
    - iwlwifi: mvm: don't call iwl_mvm_free_inactive_queue() under RCU
    - tty: xilinx_uartps: Really fix id assignment
    - staging: wlan-ng: properly check endpoint types
    - staging: comedi: addi_apci_1032: check INSN_CONFIG_DIGITAL_TRIG shift
    - staging: comedi: ni_6527: fix INSN_CONFIG_DIGITAL_TRIG support
    - staging: comedi: addi_apci_1500: check INSN_CONFIG_DIGITAL_TRIG shift
    - staging: comedi: addi_apci_1564: check INSN_CONFIG_DIGITAL_TRIG shift
    - serial: tegra: fix CREAD handling for PIO
    - serial: 8250: fix null-ptr-deref in serial8250_start_tx()
    - serial: 8250_mtk: Fix high-speed baud rates clamping
    - /dev/mem: Add missing memory barriers for devmem_inode
    - fbdev: Detect integer underflow at "struct fbcon_ops"->clear_margins.
    - vt: Reject zero-sized screen buffer size.
    - Makefile: Fix GCC_TOOLCHAIN_DIR prefix for Clang cross compilation
    - mm/mmap.c: close race between munmap() and expand_upwards()/downwards()
    - mm/memcg: fix refcount error while moving and swapping
    - mm: memcg/slab: fix memory leak at non-root kmem_cache destroy
    - khugepaged: fix null-pointer dereference due to race
    - io-mapping: indicate mapping failure
    - mmc: sdhci-of-aspeed: Fix clock divider calculation
    - drm/amdgpu: Fix NULL dereference in dpm sysfs handlers
    - drm/amd/powerplay: fix a crash when overclocking Vega M
    - parisc: Add atomic64_set_release() define to avoid CPU soft lockups
    - x86, vmlinux.lds: Page-align end of ..page_aligned sections
    - ASoC: rt5670: Add new gpio1_is_ext_spk_en quirk and enable it on the Lenovo
      Miix 2 10
    - ASoC: qcom: Drop HAS_DMA dependency to fix link failure
    - ASoC: topology: fix kernel oops on route addition error
    - ASoC: topology: fix tlvs in error handling for widget_dmixer
    - dm integrity: fix integrity recalculation that is improperly skipped
    - ath9k: Fix regression with Atheros 9271
    - Linux 5.4.54

* Focal update: v5.4.53 upstream stable release (LP: #1888560)
    - crypto: atmel - Fix selection of CRYPTO_AUTHENC
    - crypto: atmel - Fix build error of CRYPTO_AUTHENC
    - net: atlantic: fix ip dst and ipv6 address filters
    - net: rmnet: fix lower interface leak
    - bridge: mcast: Fix MLD2 Report IPv6 payload length check
    - genetlink: remove genl_bind
    - ipv4: fill fl4_icmp_{type,code} in ping_v4_sendmsg
    - ipv6: fib6_select_path can not use out path for nexthop objects
    - ipv6: Fix use of anycast address with loopback
    - l2tp: remove skb_dst_set() from l2tp_xmit_skb()
    - llc: make sure applications use ARPHRD_ETHER
    - net: Added pointer check for dst->ops->neigh_lookup in dst_neigh_lookup_skb
    - net_sched: fix a memory leak in atm_tc_init()
    - sched: consistently handle layer3 header accesses in the presence of VLANs
    - tcp: fix SO_RCVLOWAT possible hangs under high mem pressure
    - tcp: make sure listeners don't initialize congestion-control state
    - tcp: md5: add missing memory barriers in tcp_md5_do_add()/tcp_md5_hash_key()
    - tcp: md5: do not send silly options in SYNCOOKIES
    - vlan: consolidate VLAN parsing code and limit max parsing depth
    - tcp: md5: refine tcp_md5_do_add()/tcp_md5_hash_key() barriers
    - tcp: md5: allow changing MD5 keys in all socket states
    - cgroup: fix cgroup_sk_alloc() for sk_clone_lock()
    - cgroup: Fix sock_cgroup_data on big-endian.
    - ip: Fix SO_MARK in RST, ACK and ICMP packets
    - arm64: Introduce a way to disable the 32bit vdso
    - arm64: arch_timer: Allow an workaround descriptor to disable compat vdso
    - arm64: arch_timer: Disable the compat vdso for cores affected by
      ARM64_WORKAROUND_1418040
    - drm/msm: fix potential memleak in error branch
    - drm/msm/dpu: allow initialization of encoder locks during encoder init
    - drm/exynos: Properly propagate return value in drm_iommu_attach_device()
    - drm/exynos: fix ref count leak in mic_pre_enable
    - x86/fpu: Reset MXCSR to default in kernel_fpu_begin()
    - thermal/drivers: imx: Fix missing of_node_put() at probe time
    - blk-mq-debugfs: update blk_queue_flag_name[] accordingly for new flags
    - m68k: nommu: register start of the memory with memblock
    - m68k: mm: fix node memblock init
    - dt-bindings: mailbox: zynqmp_ipi: fix unit address
    - cifs: prevent truncation from long to int in wait_for_free_credits
    - arm64/alternatives: use subsections for replacement sequences
    - tpm_tis: extra chip->ops check on error path in tpm_tis_core_init
    - gfs2: read-only mounts should grab the sd_freeze_gl glock
    - i2c: eg20t: Load module automatically if ID matches
    - arm64/alternatives: don't patch up internal branches
    - iio:magnetometer:ak8974: Fix alignment and data leak issues
    - iio:humidity:hdc100x Fix alignment and data leak issues
    - iio: magnetometer: ak8974: Fix runtime PM imbalance on error
    - iio: core: add missing IIO_MOD_H2/ETHANOL string identifiers
    - iio: mma8452: Add missed iio_device_unregister() call in mma8452_probe()
    - iio: pressure: zpa2326: handle pm_runtime_get_sync failure
    - iio:humidity:hts221 Fix alignment and data leak issues
    - iio:pressure:ms5611 Fix buffer element alignment
    - iio:health:afe4403 Fix timestamp alignment and prevent data leak.
    - spi: spi-fsl-dspi: Fix lockup if device is shutdown during SPI transfer
    - net: dsa: bcm_sf2: Fix node reference count
    - of: of_mdio: Correct loop scanning logic
    - net: macb: call pm_runtime_put_sync on failure path
    - net: ethernet: mvneta: Do not error out in non serdes modes
    - net: ethernet: mvneta: Add back interface mode validation
    - Revert "usb/ohci-platform: Fix a warning when hibernating"
    - Revert "usb/ehci-platform: Set PM runtime as active on resume"
    - Revert "usb/xhci-plat: Set PM runtime as active on resume"
    - net: sfp: add support for module quirks
    - net: sfp: add some quirks for GPON modules
    - ARM: OMAP4+: remove pdata quirks for omap4+ iommus
    - ARM: OMAP2+: Add workaround for DRA7 DSP MStandby errata i879
    - ARM: OMAP2+: use separate IOMMU pdata to fix DRA7 IPU1 boot
    - mmc: mmci: Support any block sizes for ux500v2 and qcom variant
    - HID: quirks: Remove ITE 8595 entry from hid_have_special_driver
    - ARM: at91: pm: add quirk for sam9x60's ulp1
    - drm/sun4i: tcon: Separate quirks for tcon0 and tcon1 on A20
    - scsi: sr: remove references to BLK_DEV_SR_VENDOR, leave it enabled
    - [Config] updateconfigs for BLK_DEV_SR_VENDOR
    - bus: ti-sysc: Rename clk related quirks to pre_reset and post_reset quirks
    - bus: ti-sysc: Consider non-existing registers too when matching quirks
    - bus: ti-sysc: Handle module unlock quirk needed for some RTC
    - bus: ti-sysc: Detect display subsystem related devices
    - arm64: dts: g12-common: add parkmode_disable_ss_quirk on DWC3 controller
    - bus: ti-sysc: Detect EDMA and set quirk flags for tptc
    - ALSA: usb-audio: Add support for MOTU MicroBook IIc
    - Input: goodix - fix touch coordinates on Cube I15-TC
    - ALSA: usb-audio: Create a registration quirk for Kingston HyperX Amp
      (0951:16d8)
    - doc: dt: bindings: usb: dwc3: Update entries for disabling SS instances in
      park mode
    - mmc: sdhci: do not enable card detect interrupt for gpio cd type
    - ALSA: usb-audio: Rewrite registration quirk handling
    - ACPI: video: Use native backlight on Acer Aspire 5783z
    - ALSA: usb-audio: Add registration quirk for Kingston HyperX Cloud Alpha S
    - ALSA: usb-audio: Add quirk for Focusrite Scarlett 2i2
    - Input: mms114 - add extra compatible for mms345l
    - ACPI: video: Use native backlight on Acer TravelMate 5735Z
    - bus: ti-sysc: Use optional clocks on for enable and wait for softreset bit
    - ALSA: usb-audio: Add registration quirk for Kingston HyperX Cloud Flight S
    - iio:health:afe4404 Fix timestamp alignment and prevent data leak.
    - soundwire: intel: fix memory leak with devm_kasprintf
    - dmaengine: sh: usb-dmac: set tx_result parameters
    - phy: sun4i-usb: fix dereference of pointer phy0 before it is null checked
    - arm64: dts: meson: add missing gxl rng clock
    - arm64: dts: meson-gxl-s805x: reduce initial Mali450 core frequency
    - bus: ti-sysc: Fix wakeirq sleeping function called from invalid context
    - bus: ti-sysc: Fix sleeping function called from invalid context for RTC
      quirk
    - bus: ti-sysc: Do not disable on suspend for no-idle
    - iio: adc: ad7780: Fix a resource handling path in 'ad7780_probe()'
    - dmaengine: dw: Initialize channel before each transfer
    - dmaengine: dmatest: stop completed threads when running without set channel
    - spi: spi-sun6i: sun6i_spi_transfer_one(): fix setting of clock rate
    - usb: gadget: udc: atmel: fix uninitialized read in debug printk
    - staging: comedi: verify array index is correct before using it
    - clk: mvebu: ARMADA_AP_CPU_CLK needs to select ARMADA_AP_CP_HELPER
    - clk: AST2600: Add mux for EMMC clock
    - NFS: Fix interrupted slots by sending a solo SEQUENCE operation
    - fuse: don't ignore errors from fuse_writepages_fill()
    - ARM: dts: Fix dcan driver probe failed on am437x platform
    - Revert "thermal: mediatek: fix register index error"
    - xprtrdma: fix incorrect header size calculations
    - ARM: dts: socfpga: Align L2 cache-controller nodename with dtschema
    - arm64: dts: spcfpga: Align GIC, NAND and UART nodenames with dtschema
    - keys: asymmetric: fix error return code in software_key_query()
    - regmap: debugfs: Don't sleep while atomic for fast_io regmaps
    - copy_xstate_to_kernel: Fix typo which caused GDB regression
    - arm: dts: mt7623: add phy-mode property for gmac2
    - soc: qcom: socinfo: add missing soc_id sysfs entry
    - habanalabs: Align protection bits configuration of all TPCs
    - PCI/PM: Call .bridge_d3() hook only if non-NULL
    - perf stat: Zero all the 'ena' and 'run' array slot stats for interval mode
    - soc: qcom: rpmh: Update dirty flag only when data changes
    - soc: qcom: rpmh: Invalidate SLEEP and WAKE TCSes before flushing new data
    - soc: qcom: rpmh-rsc: Clear active mode configuration for wake TCS
    - soc: qcom: rpmh-rsc: Allow using free WAKE TCS for active request
    - RDMA/mlx5: Verify that QP is created with RQ or SQ
    - mtd: rawnand: marvell: Fix the condition on a return code
    - mtd: rawnand: marvell: Use nand_cleanup() when the device is not yet
      registered
    - mtd: rawnand: marvell: Fix probe error path
    - mtd: rawnand: timings: Fix default tR_max and tCCS_min timings
    - mtd: rawnand: brcmnand: correctly verify erased pages
    - mtd: rawnand: brcmnand: fix CS0 layout
    - mtd: rawnand: oxnas: Keep track of registered devices
    - mtd: rawnand: oxnas: Unregister all devices on error
    - mtd: rawnand: oxnas: Release all devices in the _remove() path
    - clk: qcom: gcc: Add GPU and NPU clocks for SM8150
    - clk: qcom: gcc: Add missing UFS clocks for SM8150
    - slimbus: core: Fix mismatch in of_node_get/put
    - HID: logitech-hidpp: avoid repeated "multiplier = " log messages
    - HID: magicmouse: do not set up autorepeat
    - HID: quirks: Always poll Obins Anne Pro 2 keyboard
    - HID: quirks: Ignore Simply Automated UPB PIM
    - ALSA: line6: Perform sanity check for each URB creation
    - ALSA: line6: Sync the pending work cancel at disconnection
    - ALSA: usb-audio: Fix race against the error recovery URB submission
    - ALSA: hda/realtek - change to suitable link model for ASUS platform
    - ALSA: hda/realtek: enable headset mic of ASUS ROG Zephyrus G14(G401) series
      with ALC289
    - ALSA: hda/realtek: Enable headset mic of Acer TravelMate B311R-31 with
      ALC256
    - ALSA: hda/realtek - Enable Speaker for ASUS UX533 and UX534
    - ALSA: hda/realtek - Enable Speaker for ASUS UX563
    - USB: c67x00: fix use after free in c67x00_giveback_urb
    - usb: dwc2: Fix shutdown callback in platform
    - usb: chipidea: core: add wakeup support for extcon
    - usb: gadget: function: fix missing spinlock in f_uac1_legacy
    - USB: serial: iuu_phoenix: fix memory corruption
    - USB: serial: cypress_m8: enable Simply Automated UPB PIM
    - USB: serial: ch341: add new Product ID for CH340
    - USB: serial: option: add GosunCn GM500 series
    - virt: vbox: Fix VBGL_IOCTL_VMMDEV_REQUEST_BIG and _LOG req numbers to match
      upstream
    - virt: vbox: Fix guest capabilities mask check
    - Revert "tty: xilinx_uartps: Fix missing id assignment to the console"
    - virtio: virtio_console: add missing MODULE_DEVICE_TABLE() for rproc serial
    - serial: mxs-auart: add missed iounmap() in probe failure and remove
    - ovl: fix regression with re-formatted lower squashfs
    - ovl: inode reference leak in ovl_is_inuse true case.
    - ovl: relax WARN_ON() when decoding lower directory file handle
    - ovl: fix unneeded call to ovl_change_flags()
    - fuse: ignore 'data' argument of mount(..., MS_REMOUNT)
    - fuse: use ->reconfigure() instead of ->remount_fs()
    - fuse: Fix parameter for FS_IOC_{GET,SET}FLAGS
    - Revert "zram: convert remaining CLASS_ATTR() to CLASS_ATTR_RO()"
    - mei: bus: don't clean driver pointer
    - Input: i8042 - add Lenovo XiaoXin Air 12 to i8042 nomux list
    - uio_pdrv_genirq: Remove warning when irq is not specified
    - uio_pdrv_genirq: fix use without device tree and no interrupt
    - scsi: megaraid_sas: Remove undefined ENABLE_IRQ_POLL macro
    - timer: Prevent base->clk from moving backward
    - timer: Fix wheel index calculation on last level
    - riscv: use 16KB kernel stack on 64-bit
    - hwmon: (emc2103) fix unable to change fan pwm1_enable attribute
    - powerpc/book3s64/pkeys: Fix pkey_access_permitted() for execute disable pkey
    - powerpc/pseries/svm: Fix incorrect check for shared_lppaca_size
    - intel_th: pci: Add Jasper Lake CPU support
    - intel_th: pci: Add Tiger Lake PCH-H support
    - intel_th: pci: Add Emmitsburg PCH support
    - intel_th: Fix a NULL dereference when hub driver is not loaded
    - dmaengine: fsl-edma: Fix NULL pointer exception in fsl_edma_tx_handler
    - dmaengine: mcf-edma: Fix NULL pointer exception in mcf_edma_tx_handler
    - dmaengine: fsl-edma-common: correct DSIZE_32BYTE
    - misc: atmel-ssc: lock with mutex instead of spinlock
    - thermal: int3403_thermal: Downgrade error message
    - thermal/drivers/cpufreq_cooling: Fix wrong frequency converted from power
    - arm64: ptrace: Override SPSR.SS when single-stepping is enabled
    - arm64: ptrace: Consistently use pseudo-singlestep exceptions
    - arm64: compat: Ensure upper 32 bits of x0 are zero on syscall return
    - sched: Fix unreliable rseq cpu_id for new tasks
    - sched/fair: handle case of task_h_load() returning 0
    - genirq/affinity: Handle affinity setting on inactive interrupts correctly
    - drm/amdgpu/sdma5: fix wptr overwritten in ->get_wptr()
    - drm/i915/gt: Ignore irq enabling on the virtual engines
    - block: fix splitting segments on boundary masks
    - block: fix get_max_segment_size() overflow on 32bit arch
    - libceph: don't omit recovery_deletes in target_copy()
    - rxrpc: Fix trace string
    - spi: sprd: switch the sequence of setting WDG_LOAD_LOW and _HIGH
    - ionic: export features for vlans to use
    - iommu/vt-d: Make Intel SVM code 64-bit only
    - drm/i915/gvt: Fix two CFL MMIO handling caused by regression.
    - gpio: pca953x: disable regmap locking for automatic address incrementing
    - Linux 5.4.53

* linux-libc-dev broken for crossbuilding, Multi-Arch:same violation
    (LP: #1886188)
    - [Packaging] Produce linux-libc-dev package for riscv64
    - [Debian] Disallow building linux-libc-dev from linux-riscv

* [UBUNTU 20.04] DIF and DIX support in zfcp (s390x) is broken and the kernel
    crashes unconditionally (LP: #1887124)
    - scsi: zfcp: signal incomplete or error for sync exchange config/port data
    - scsi: zfcp: diagnostics buffer caching and use for exchange port data
    - scsi: zfcp: add diagnostics buffer for exchange config data
    - scsi: zfcp: support retrieval of SFP Data via Exchange Port Data
    - scsi: zfcp: introduce sysfs interface for diagnostics of local SFP
      transceiver
    - scsi: zfcp: implicitly refresh port-data diagnostics when reading sysfs
    - scsi: zfcp: introduce sysfs interface to read the local B2B-Credit
    - scsi: zfcp: implicitly refresh config-data diagnostics when reading sysfs
    - scsi: zfcp: move maximum age of diagnostic buffers into a per-adapter
      variable
    - scsi: zfcp: proper indentation to reduce confusion in zfcp_erp_required_act
    - scsi: zfcp: fix wrong data and display format of SFP+ temperature
    - scsi: zfcp: expose fabric name as common fc_host sysfs attribute
    - scsi: zfcp: wire previously driver-specific sysfs attributes also to fc_host
    - scsi: zfcp: fix fc_host attributes that should be unknown on local link down
    - scsi: zfcp: auto variables for dereferenced structs in open port handler
    - scsi: zfcp: report FC Endpoint Security in sysfs
    - scsi: zfcp: log FC Endpoint Security of connections
    - scsi: zfcp: trace FC Endpoint Security of FCP devices and connections
    - scsi: zfcp: enhance handling of FC Endpoint Security errors
    - scsi: zfcp: log FC Endpoint Security errors
    - scsi: zfcp: use fallthrough;
    - scsi: zfcp: Move shost modification after QDIO (re-)open into fenced
      function
    - scsi: zfcp: Move shost updates during xconfig data handling into fenced
      function
    - scsi: zfcp: Move fc_host updates during xport data handling into fenced
      function
    - scsi: zfcp: Fence fc_host updates during link-down handling
    - scsi: zfcp: Move p-t-p port allocation to after xport data
    - scsi: zfcp: Fence adapter status propagation for common statuses
    - scsi: zfcp: Fence early sysfs interfaces for accesses of shost objects
    - scsi: zfcp: Move allocation of the shost object to after xconf- and xport-
      data

* Enable Quectel EG95 LTE modem [2c7c:0195]  (LP: #1886744)
    - net: usb: qmi_wwan: add support for Quectel EG95 LTE modem
    - USB: serial: option: add Quectel EG95 LTE modem

* Kernel Regression between 5.4.0-26 and 5.4.0-40 causes laptop internal audio
    devices to fail to load w/o unacceptable workaround (Lenovo IdeaPad 5
    15IIL05) (LP: #1886341)
    - ASoC: SOF: intel: hda: Modify signature for hda_codec_probe_bus()
    - ASoC: SOF: Intel: drop HDA codec upon probe failure
    - ASoC: SOF: Intel: hda: move i915 init earlier

* [UBUNTU 20.04] smc: SMC connections hang with later-level implementations
    (LP: #1882088)
    - net/smc: tolerate future SMCD versions

* zfs: backport AES-GCM performance accelleration (LP: #1881107)
    - debian/dkms-versions: update ZFS dkms package version (LP: #1881107)

* Regression in kernel 4.15.0-91 causes kernel panic with Bcache
    (LP: #1867916)
    - bcache: check and adjust logical block size for backing devices

* [SRU][OEM-5.6/U] Fix r8117 firmware base issue (LP: #1885072)
    - r8169: add helper r8168g_phy_param
    - r8169: add support for RTL8117
    - r8169: load firmware for RTL8168fp/RTL8117
    - r8169: fix OCP access on RTL8117
    - r8169: fix firmware not resetting tp->ocp_base

* [UBUNTU 20.04] Deflate counters reported by lscpumf are not valid or
    available with perf (LP: #1881096)
    - s390/cpum_cf: Add new extended counters for IBM z15

* shiftfs: O_TMPFILE reports ESTALE (LP: #1872757)
    - SAUCE: shiftfs: prevent ESTALE for LOOKUP_JUMP lookups

* shiftfs: fix btrfs regression (LP: #1884767)
    - SAUCE: Revert "UBUNTU: SAUCE: shiftfs: fix dentry revalidation"

* Focal update: v5.4.52 upstream stable release (LP: #1887853)
    - KVM: s390: reduce number of IO pins to 1
    - spi: spi-fsl-dspi: Adding shutdown hook
    - spi: spi-fsl-dspi: Fix lockup if device is removed during SPI transfer
    - regmap: fix alignment issue
    - perf/x86/rapl: Move RAPL support to common x86 code
    - perf/x86/rapl: Fix RAPL config variable bug
    - [Packaging] module intel-rapl-perf rename
    - ARM: dts: omap4-droid4: Fix spi configuration and increase rate
    - drm/ttm: Fix dma_fence refcnt leak when adding move fence
    - drm/tegra: hub: Do not enable orphaned window group
    - gpu: host1x: Detach driver on unregister
    - drm: mcde: Fix display initialization problem
    - ASoC: SOF: Intel: add PCI ID for CometLake-S
    - ALSA: hda: Intel: add missing PCI IDs for ICL-H, TGL-H and EKL
    - spi: spidev: fix a race between spidev_release and spidev_remove
    - spi: spidev: fix a potential use-after-free in spidev_release()
    - net: ethernet: mvneta: Fix Serdes configuration for SoCs without comphy
    - net: ethernet: mvneta: Add 2500BaseX support for SoCs without comphy
    - ixgbe: protect ring accesses with READ- and WRITE_ONCE
    - i40e: protect ring accesses with READ- and WRITE_ONCE
    - ibmvnic: continue to init in CRQ reset returns H_CLOSED
    - powerpc/kvm/book3s64: Fix kernel crash with nested kvm & DEBUG_VIRTUAL
    - iommu/vt-d: Don't apply gfx quirks to untrusted devices
    - drm: panel-orientation-quirks: Add quirk for Asus T101HA panel
    - drm: panel-orientation-quirks: Use generic orientation-data for Acer S1003
    - s390/kasan: fix early pgm check handler execution
    - cifs: update ctime and mtime during truncate
    - ARM: imx6: add missing put_device() call in imx6q_suspend_init()
    - scsi: mptscsih: Fix read sense data size
    - usb: dwc3: pci: Fix reference count leak in dwc3_pci_resume_work
    - block: release bip in a right way in error path
    - nvme-rdma: assign completion vector correctly
    - x86/entry: Increase entry_stack size to a full page
    - sched/core: Check cpus_mask, not cpus_ptr in __set_cpus_allowed_ptr(), to
      fix mask corruption
    - net: qrtr: Fix an out of bounds read qrtr_endpoint_post()
    - gpio: pca953x: Override IRQ for one of the expanders on Galileo Gen 2
    - gpio: pca953x: Fix GPIO resource leak on Intel Galileo Gen 2
    - nl80211: don't return err unconditionally in nl80211_start_ap()
    - drm/mediatek: Check plane visibility in atomic_update
    - bpf, sockmap: RCU splat with redirect and strparser error or TLS
    - bpf, sockmap: RCU dereferenced psock may be used outside RCU block
    - netfilter: ipset: call ip_set_free() instead of kfree()
    - net: mvneta: fix use of state->speed
    - net: cxgb4: fix return error value in t4_prep_fw
    - IB/sa: Resolv use-after-free in ib_nl_make_request()
    - net: dsa: microchip: set the correct number of ports
    - netfilter: conntrack: refetch conntrack after nf_conntrack_update()
    - perf report TUI: Fix segmentation fault in perf_evsel__hists_browse()
    - perf intel-pt: Fix recording PEBS-via-PT with registers
    - perf intel-pt: Fix PEBS sample for XMM registers
    - smsc95xx: check return value of smsc95xx_reset
    - smsc95xx: avoid memory leak in smsc95xx_bind
    - net: hns3: add a missing uninit debugfs when unload driver
    - net: hns3: fix use-after-free when doing self test
    - ALSA: compress: fix partial_drain completion state
    - RDMA/siw: Fix reporting vendor_part_id
    - arm64: kgdb: Fix single-step exception handling oops
    - nbd: Fix memory leak in nbd_add_socket
    - cxgb4: fix all-mask IP address comparison
    - IB/mlx5: Fix 50G per lane indication
    - qed: Populate nvm-file attributes while reading nvm config partition.
    - net/mlx5: Fix eeprom support for SFP module
    - net/mlx5e: Fix 50G per lane indication
    - bnxt_en: fix NULL dereference in case SR-IOV configuration fails
    - net: macb: fix wakeup test in runtime suspend/resume routines
    - net: macb: mark device wake capable when "magic-packet" property present
    - net: macb: fix call to pm_runtime in the suspend/resume functions
    - mlxsw: spectrum_router: Remove inappropriate usage of WARN_ON()
    - mlxsw: pci: Fix use-after-free in case of failed devlink reload
    - IB/hfi1: Do not destroy hfi1_wq when the device is shut down
    - IB/hfi1: Do not destroy link_wq when the device is shut down
    - ALSA: opl3: fix infoleak in opl3
    - ALSA: hda - let hs_mic be picked ahead of hp_mic
    - ALSA: usb-audio: add quirk for MacroSilicon MS2109
    - ALSA: usb-audio: Add implicit feedback quirk for RTX6001
    - ALSA: hda/realtek - Fix Lenovo Thinkpad X1 Carbon 7th quirk subdevice id
    - ALSA: hda/realtek - Enable audio jacks of Acer vCopperbox with ALC269VC
    - ALSA: hda/realtek: Enable headset mic of Acer C20-820 with ALC269VC
    - ALSA: hda/realtek: Enable headset mic of Acer Veriton N4660G with ALC269VC
    - KVM: arm64: Fix definition of PAGE_HYP_DEVICE
    - KVM: arm64: Stop clobbering x0 for HVC_SOFT_RESTART
    - KVM: arm64: Annotate hyp NMI-related functions as __always_inline
    - KVM: x86: bit 8 of non-leaf PDPEs is not reserved
    - KVM: x86: Inject #GP if guest attempts to toggle CR4.LA57 in 64-bit mode
    - KVM: x86: Mark CR4.TSD as being possibly owned by the guest
    - KVM: arm64: Fix kvm_reset_vcpu() return code being incorrect with SVE
    - kallsyms: Refactor kallsyms_show_value() to take cred
    - module: Refactor section attr into bin attribute
    - module: Do not expose section addresses to non-CAP_SYSLOG
    - kprobes: Do not expose probe addresses to non-CAP_SYSLOG
    - bpf: Check correct cred for CAP_SYSLOG in bpf_dump_raw_ok()
    - btrfs: fix fatal extent_buffer readahead vs releasepage race
    - btrfs: fix double put of block group with nocow
    - drm/radeon: fix double free
    - drm/amdgpu: don't do soft recovery if gpu_recovery=0
    - dm: use noio when sending kobject event
    - mmc: meson-gx: limit segments to 1 when dram-access-quirk is needed
    - ARC: entry: fix potential EFA clobber when TIF_SYSCALL_TRACE
    - ARC: elf: use right ELF_ARCH
    - s390/setup: init jump labels before command line parsing
    - s390/mm: fix huge pte soft dirty copying
    - blk-mq: consider non-idle request as "inflight" in blk_mq_rq_inflight()
    - dm writecache: reject asynchronous pmem devices
    - perf scripts python: export-to-postgresql.py: Fix struct.pack() int argument
    - perf scripts python: exported-sql-viewer.py: Fix zero id in call graph
      'Find' result
    - perf scripts python: exported-sql-viewer.py: Fix zero id in call tree 'Find'
      result
    - perf scripts python: exported-sql-viewer.py: Fix unexpanded 'Find' result
    - pwm: jz4740: Fix build failure
    - s390: Change s390_kernel_write() return type to match memcpy()
    - s390/maccess: add no DAT mode to kernel_write
    - Linux 5.4.52

* Focal update: v5.4.45 upstream stable release (LP: #1882802) // Focal
    update: v5.4.52 upstream stable release (LP: #1887853)
    - Revert "cgroup: Add memory barriers to plug cgroup_rstat_updated() race
      window"

* Focal update: v5.4.51 upstream stable release (LP: #1886995)
    - io_uring: make sure async workqueue is canceled on exit
    - mm: fix swap cache node allocation mask
    - EDAC/amd64: Read back the scrub rate PCI register on F15h
    - usbnet: smsc95xx: Fix use-after-free after removal
    - sched/debug: Make sd->flags sysctl read-only
    - mm/slub.c: fix corrupted freechain in deactivate_slab()
    - mm/slub: fix stack overruns with SLUB_STATS
    - rxrpc: Fix race between incoming ACK parser and retransmitter
    - usb: usbtest: fix missing kfree(dev->buf) in usbtest_disconnect
    - tools lib traceevent: Add append() function helper for appending strings
    - tools lib traceevent: Handle __attribute__((user)) in field names
    - s390/debug: avoid kernel warning on too large number of pages
    - nvme-multipath: set bdi capabilities once
    - nvme-multipath: fix deadlock between ana_work and scan_work
    - nvme-multipath: fix deadlock due to head->lock
    - nvme-multipath: fix bogus request queue reference put
    - kgdb: Avoid suspicious RCU usage warning
    - selftests: tpm: Use /bin/sh instead of /bin/bash
    - crypto: af_alg - fix use-after-free in af_alg_accept() due to bh_lock_sock()
    - drm/msm/dpu: fix error return code in dpu_encoder_init
    - rxrpc: Fix afs large storage transmission performance drop
    - RDMA/counter: Query a counter before release
    - cxgb4: use unaligned conversion for fetching timestamp
    - cxgb4: parse TC-U32 key values and masks natively
    - cxgb4: fix endian conversions for L4 ports in filters
    - cxgb4: use correct type for all-mask IP address comparison
    - cxgb4: fix SGE queue dump destination buffer context
    - hwmon: (max6697) Make sure the OVERT mask is set correctly
    - hwmon: (acpi_power_meter) Fix potential memory leak in
      acpi_power_meter_add()
    - thermal/drivers/mediatek: Fix bank number settings on mt8183
    - thermal/drivers/rcar_gen3: Fix undefined temperature if negative
    - nfsd4: fix nfsdfs reference count loop
    - nfsd: fix nfsdfs inode reference count leak
    - drm: sun4i: hdmi: Remove extra HPD polling
    - virtio-blk: free vblk-vqs in error path of virtblk_probe()
    - SMB3: Honor 'posix' flag for multiuser mounts
    - nvme: fix identify error status silent ignore
    - nvme: fix a crash in nvme_mpath_add_disk
    - samples/vfs: avoid warning in statx override
    - i2c: algo-pca: Add 0x78 as SCL stuck low status for PCA9665
    - i2c: mlxcpld: check correct size of maximum RECV_LEN packet
    - spi: spi-fsl-dspi: Fix external abort on interrupt in resume or exit paths
    - nfsd: apply umask on fs without ACL support
    - Revert "ALSA: usb-audio: Improve frames size computation"
    - SMB3: Honor 'seal' flag for multiuser mounts
    - SMB3: Honor persistent/resilient handle flags for multiuser mounts
    - SMB3: Honor lease disabling for multiuser mounts
    - SMB3: Honor 'handletimeout' flag for multiuser mounts
    - cifs: Fix the target file was deleted when rename failed.
    - MIPS: lantiq: xway: sysctrl: fix the GPHY clock alias names
    - MIPS: Add missing EHB in mtc0 -> mfc0 sequence for DSPen
    - drm/amd/display: Only revalidate bandwidth on medium and fast updates
    - drm/amdgpu: use %u rather than %d for sclk/mclk
    - drm/amdgpu/atomfirmware: fix vram_info fetching for renoir
    - dma-buf: Move dma_buf_release() from fops to dentry_ops
    - irqchip/gic: Atomically update affinity
    - mm, compaction: fully assume capture is not NULL in compact_zone_order()
    - mm, compaction: make capture control handling safe wrt interrupts
    - x86/resctrl: Fix memory bandwidth counter width for AMD
    - dm zoned: assign max_io_len correctly
    - [Config] updateconfigs for EFI_CUSTOM_SSDT_OVERLAYS
    - efi: Make it possible to disable efivar_ssdt entirely
    - Linux 5.4.51

* Focal update: v5.4.50 upstream stable release (LP: #1885942)
    - block/bio-integrity: don't free 'buf' if bio_integrity_add_page() failed
    - enetc: Fix tx rings bitmap iteration range, irq handling
    - geneve: allow changing DF behavior after creation
    - ibmveth: Fix max MTU limit
    - mld: fix memory leak in ipv6_mc_destroy_dev()
    - mvpp2: ethtool rxtx stats fix
    - net: bridge: enfore alignment for ethernet address
    - net: core: reduce recursion limit value
    - net: Do not clear the sock TX queue in sk_set_socket()
    - net: fix memleak in register_netdevice()
    - net: Fix the arp error in some cases
    - net: increment xmit_recursion level in dev_direct_xmit()
    - net: usb: ax88179_178a: fix packet alignment padding
    - openvswitch: take into account de-fragmentation/gso_size in
      execute_check_pkt_len
    - rocker: fix incorrect error handling in dma_rings_init
    - rxrpc: Fix notification call on completion of discarded calls
    - sctp: Don't advertise IPv4 addresses if ipv6only is set on the socket
    - tcp: don't ignore ECN CWR on pure ACK
    - tcp: grow window for OOO packets only for SACK flows
    - tg3: driver sleeps indefinitely when EEH errors exceed eeh_max_freezes
    - ip6_gre: fix use-after-free in ip6gre_tunnel_lookup()
    - net: phy: Check harder for errors in get_phy_id()
    - ip_tunnel: fix use-after-free in ip_tunnel_lookup()
    - sch_cake: don't try to reallocate or unshare skb unconditionally
    - sch_cake: don't call diffserv parsing code when it is not needed
    - sch_cake: fix a few style nits
    - tcp_cubic: fix spurious HYSTART_DELAY exit upon drop in min RTT
    - Revert "i2c: tegra: Fix suspending in active runtime PM state"
    - btrfs: fix a block group ref counter leak after failure to remove block
      group
    - net: sched: export __netdev_watchdog_up()
    - fix a braino in "sparc32: fix register window handling in
      genregs32_[gs]et()"
    - ALSA: usb-audio: Fix potential use-after-free of streams
    - binder: fix null deref of proc->context
    - USB: ohci-sm501: Add missed iounmap() in remove
    - usb: dwc2: Postponed gadget registration to the udc class driver
    - usb: add USB_QUIRK_DELAY_INIT for Logitech C922
    - USB: ehci: reopen solution for Synopsys HC bug
    - usb: host: xhci-mtk: avoid runtime suspend when removing hcd
    - xhci: Poll for U0 after disabling USB2 LPM
    - usb: host: ehci-exynos: Fix error check in exynos_ehci_probe()
    - usb: typec: tcpci_rt1711h: avoid screaming irq causing boot hangs
    - ALSA: usb-audio: Add implicit feedback quirk for SSL2+.
    - ALSA: usb-audio: add quirk for Denon DCD-1500RE
    - ALSA: usb-audio: add quirk for Samsung USBC Headset (AKG)
    - ALSA: usb-audio: Fix OOB access of mixer element list
    - usb: cdns3: trace: using correct dir value
    - usb: cdns3: ep0: fix the test mode set incorrectly
    - usb: cdns3: ep0: add spinlock for cdns3_check_new_setup
    - scsi: qla2xxx: Keep initiator ports after RSCN
    - scsi: zfcp: Fix panic on ERP timeout for previously dismissed ERP action
    - cifs: Fix cached_fid refcnt leak in open_shroot
    - cifs/smb3: Fix data inconsistent when punch hole
    - cifs/smb3: Fix data inconsistent when zero file range
    - xhci: Fix incorrect EP_STATE_MASK
    - xhci: Fix enumeration issue when setting max packet size for FS devices.
    - xhci: Return if xHCI doesn't support LPM
    - cdc-acm: Add DISABLE_ECHO quirk for Microchip/SMSC chip
    - loop: replace kill_bdev with invalidate_bdev
    - IB/mad: Fix use after free when destroying MAD agent
    - IB/hfi1: Fix module use count flaw due to leftover module put calls
    - bus: ti-sysc: Flush posted write on enable and disable
    - bus: ti-sysc: Ignore clockactivity unless specified as a quirk
    - ARM: OMAP2+: Fix legacy mode dss_reset
    - xfrm: Fix double ESP trailer insertion in IPsec crypto offload.
    - ASoC: q6asm: handle EOS correctly
    - efi/tpm: Verify event log header before parsing
    - efi/esrt: Fix reference count leak in esre_create_sysfs_entry.
    - ASoc: q6afe: add support to get port direction
    - ASoC: qcom: common: set correct directions for dailinks
    - regualtor: pfuze100: correct sw1a/sw2 on pfuze3000
    - RDMA/siw: Fix pointer-to-int-cast warning in siw_rx_pbl()
    - ASoC: fsl_ssi: Fix bclk calculation for mono channel
    - samples/bpf: xdp_redirect_cpu: Set MAX_CPUS according to NR_CPUS
    - bpf, xdp, samples: Fix null pointer dereference in *_user code
    - ARM: dts: am335x-pocketbeagle: Fix mmc0 Write Protect
    - ARM: dts: Fix duovero smsc interrupt for suspend
    - x86/resctrl: Fix a NULL vs IS_ERR() static checker warning in
      rdt_cdp_peer_get()
    - regmap: Fix memory leak from regmap_register_patch
    - devmap: Use bpf_map_area_alloc() for allocating hash buckets
    - bpf: Don't return EINVAL from {get,set}sockopt when optlen > PAGE_SIZE
    - ARM: dts: NSP: Correct FA2 mailbox node
    - rxrpc: Fix handling of rwind from an ACK packet
    - RDMA/rvt: Fix potential memory leak caused by rvt_alloc_rq
    - RDMA/qedr: Fix KASAN: use-after-free in ucma_event_handler+0x532
    - RDMA/cma: Protect bind_list and listen_list while finding matching cm id
    - ASoC: rockchip: Fix a reference count leak.
    - s390/qeth: fix error handling for isolation mode cmds
    - RDMA/mad: Fix possible memory leak in ib_mad_post_receive_mads()
    - selftests/net: report etf errors correctly
    - iommu/vt-d: Enable PCI ACS for platform opt in hint
    - iommu/vt-d: Update scalable mode paging structure coherency
    - net: qed: fix left elements count calculation
    - net: qed: fix async event callbacks unregistering
    - net: qede: stop adding events on an already destroyed workqueue
    - net: qed: fix NVMe login fails over VFs
    - net: qed: fix excessive QM ILT lines consumption
    - net: qede: fix PTP initialization on recovery
    - net: qede: fix use-after-free on recovery and AER handling
    - cxgb4: move handling L2T ARP failures to caller
    - ARM: imx5: add missing put_device() call in imx_suspend_alloc_ocram()
    - scsi: lpfc: Avoid another null dereference in lpfc_sli4_hba_unset()
    - usb: gadget: udc: Potential Oops in error handling code
    - usb: renesas_usbhs: getting residue from callback_result
    - nvme: don't protect ns mutation with ns->head->lock
    - netfilter: ipset: fix unaligned atomic access
    - net: bcmgenet: use hardware padding of runt frames
    - clk: sifive: allocate sufficient memory for struct __prci_data
    - i2c: fsi: Fix the port number field in status register
    - i2c: core: check returned size of emulated smbus block read
    - afs: Fix storage of cell names
    - sched/deadline: Initialize ->dl_boosted
    - sched/core: Fix PI boosting between RT and DEADLINE tasks
    - sata_rcar: handle pm_runtime_get_sync failure cases
    - ata/libata: Fix usage of page address by page_address in
      ata_scsi_mode_select_xlat function
    - drm/amd/display: Use kfree() to free rgb_user in
      calculate_user_regamma_ramp()
    - riscv/atomic: Fix sign extension for RV64I
    - hwrng: ks-sa - Fix runtime PM imbalance on error
    - ibmvnic: Harden device login requests
    - net: alx: fix race condition in alx_remove
    - test_objagg: Fix potential memory leak in error handling
    - pinctrl: qcom: spmi-gpio: fix warning about irq chip reusage
    - pinctrl: tegra: Use noirq suspend/resume callbacks
    - s390/ptrace: pass invalid syscall numbers to tracing
    - s390/ptrace: fix setting syscall number
    - s390/vdso: Use $(LD) instead of $(CC) to link vDSO
    - s390/vdso: fix vDSO clock_getres()
    - arm64: sve: Fix build failure when ARM64_SVE=y and SYSCTL=n
    - kbuild: improve cc-option to clean up all temporary files
    - recordmcount: support >64k sections
    - kprobes: Suppress the suspicious RCU warning on kprobes
    - blktrace: break out of blktrace setup on concurrent calls
    - block: update hctx map when use multiple maps
    - RISC-V: Don't allow write+exec only page mapping request in mmap
    - ALSA: hda: Add NVIDIA codec IDs 9a & 9d through a0 to patch table
    - ALSA: hda/realtek - Add quirk for MSI GE63 laptop
    - ACPI: sysfs: Fix pm_profile_attr type
    - erofs: fix partially uninitialized misuse in z_erofs_onlinepage_fixup
    - KVM: X86: Fix MSR range of APIC registers in X2APIC mode
    - KVM: nVMX: Plumb L2 GPA through to PML emulation
    - KVM: VMX: Stop context switching MSR_IA32_UMWAIT_CONTROL
    - x86/cpu: Use pinning mask for CR4 bits needing to be 0
    - x86/asm/64: Align start of __clear_user() loop to 16-bytes
    - btrfs: fix bytes_may_use underflow when running balance and scrub in
      parallel
    - btrfs: fix data block group relocation failure due to concurrent scrub
    - btrfs: check if a log root exists before locking the log_mutex on unlink
    - btrfs: fix failure of RWF_NOWAIT write into prealloc extent beyond eof
    - mm/slab: use memzero_explicit() in kzfree()
    - ocfs2: avoid inode removal while nfsd is accessing it
    - ocfs2: load global_inode_alloc
    - ocfs2: fix value of OCFS2_INVALID_SLOT
    - ocfs2: fix panic on nfs server over ocfs2
    - mm/memcontrol.c: add missed css_put()
    - arm64: perf: Report the PC value in REGS_ABI_32 mode
    - arm64: dts: imx8mm-evk: correct ldo1/ldo2 voltage range
    - arm64: dts: imx8mn-ddr4-evk: correct ldo1/ldo2 voltage range
    - tracing: Fix event trigger to accept redundant spaces
    - ring-buffer: Zero out time extend if it is nested and not absolute
    - drm/amd: fix potential memleak in err branch
    - drm: rcar-du: Fix build error
    - drm/radeon: fix fb_div check in ni_init_smc_spll_table()
    - drm/amdgpu: add fw release for sdma v5_0
    - Staging: rtl8723bs: prevent buffer overflow in update_sta_support_rate()
    - sunrpc: fixed rollback in rpc_gssd_dummy_populate()
    - SUNRPC: Properly set the @subbuf parameter of xdr_buf_subsegment()
    - pNFS/flexfiles: Fix list corruption if the mirror count changes
    - NFSv4 fix CLOSE not waiting for direct IO compeletion
    - xprtrdma: Fix handling of RDMA_ERROR replies
    - dm writecache: correct uncommitted_block when discarding uncommitted entry
    - dm writecache: add cond_resched to loop in persistent_memory_claim()
    - xfs: add agf freeblocks verify in xfs_agf_verify
    - Revert "tty: hvc: Fix data abort due to race in hvc_open"
    - Linux 5.4.50

* Focal update: v5.4.49 upstream stable release (LP: #1885322)
    - power: supply: bq24257_charger: Replace depends on REGMAP_I2C with select
    - clk: sunxi: Fix incorrect usage of round_down()
    - ASoC: tegra: tegra_wm8903: Support nvidia, headset property
    - i2c: piix4: Detect secondary SMBus controller on AMD AM4 chipsets
    - ASoC: SOF: imx8: Fix randbuild error
    - iio: pressure: bmp280: Tolerate IRQ before registering
    - remoteproc: Fix IDR initialisation in rproc_alloc()
    - clk: qcom: msm8916: Fix the address location of pll->config_reg
    - ASoC: fsl_esai: Disable exception interrupt before scheduling tasklet
    - backlight: lp855x: Ensure regulators are disabled on probe failure
    - ARM: dts: renesas: Fix IOMMU device node names
    - ASoC: davinci-mcasp: Fix dma_chan refcnt leak when getting dma type
    - ARM: integrator: Add some Kconfig selections
    - ARM: dts: stm32: Add missing ethernet PHY reset on AV96
    - scsi: core: free sgtables in case command setup fails
    - scsi: qedi: Check for buffer overflow in qedi_set_path()
    - arm64: dts: meson: fixup SCP sram nodes
    - ALSA: isa/wavefront: prevent out of bounds write in ioctl
    - PCI: Allow pci_resize_resource() for devices on root bus
    - scsi: qla2xxx: Fix issue with adapter's stopping state
    - Input: edt-ft5x06 - fix get_default register write access
    - powerpc/kasan: Fix stack overflow by increasing THREAD_SHIFT
    - rtc: mc13xxx: fix a double-unlock issue
    - iio: bmp280: fix compensation of humidity
    - f2fs: report delalloc reserve as non-free in statfs for project quota
    - i2c: pxa: clear all master action bits in i2c_pxa_stop_message()
    - remoteproc: qcom_q6v5_mss: map/unmap mpss segments before/after use
    - clk: samsung: Mark top ISP and CAM clocks on Exynos542x as critical
    - usblp: poison URBs upon disconnect
    - serial: 8250: Fix max baud limit in generic 8250 port
    - misc: fastrpc: Fix an incomplete memory release in fastrpc_rpmsg_probe()
    - misc: fastrpc: fix potential fastrpc_invoke_ctx leak
    - dm mpath: switch paths in dm_blk_ioctl() code path
    - arm64: dts: armada-3720-turris-mox: forbid SDR104 on SDIO for FCC purposes
    - arm64: dts: armada-3720-turris-mox: fix SFP binding
    - arm64: dts: juno: Fix GIC child nodes
    - pinctrl: ocelot: Fix GPIO interrupt decoding on Jaguar2
    - clk: renesas: cpg-mssr: Fix STBCR suspend/resume handling
    - ASoC: SOF: Do nothing when DSP PM callbacks are not set
    - arm64: dts: fvp: Fix GIC child nodes
    - PCI: aardvark: Don't blindly enable ASPM L0s and don't write to read-only
      register
    - ps3disk: use the default segment boundary
    - arm64: dts: fvp/juno: Fix node address fields
    - vfio/pci: fix memory leaks in alloc_perm_bits()
    - coresight: tmc: Fix TMC mode read in tmc_read_prepare_etb()
    - RDMA/mlx5: Add init2init as a modify command
    - scsi: hisi_sas: Do not reset phy timer to wait for stray phy up
    - PCI: pci-bridge-emul: Fix PCIe bit conflicts
    - m68k/PCI: Fix a memory leak in an error handling path
    - gpio: dwapb: Call acpi_gpiochip_free_interrupts() on GPIO chip de-
      registration
    - usb: gadget: core: sync interrupt before unbind the udc
    - powerpc/ptdump: Add _PAGE_COHERENT flag
    - mfd: wm8994: Fix driver operation if loaded as modules
    - scsi: cxgb3i: Fix some leaks in init_act_open()
    - clk: zynqmp: fix memory leak in zynqmp_register_clocks
    - scsi: lpfc: Fix lpfc_nodelist leak when processing unsolicited event
    - scsi: vhost: Notify TCM about the maximum sg entries supported per command
    - clk: clk-flexgen: fix clock-critical handling
    - IB/mlx5: Fix DEVX support for MLX5_CMD_OP_INIT2INIT_QP command
    - powerpc/perf/hv-24x7: Fix inconsistent output values incase multiple hv-24x7
      events run
    - nfsd: Fix svc_xprt refcnt leak when setup callback client failed
    - PCI: vmd: Filter resource type bits from shadow register
    - RDMA/core: Fix several reference count leaks.
    - cifs: set up next DFS target before generic_ip_connect()
    - ASoC: qcom: q6asm-dai: kCFI fix
    - powerpc/crashkernel: Take "mem=" option into account
    - pwm: img: Call pm_runtime_put() in pm_runtime_get_sync() failed case
    - sparc32: mm: Don't try to free page-table pages if ctor() fails
    - yam: fix possible memory leak in yam_init_driver
    - NTB: ntb_pingpong: Choose doorbells based on port number
    - NTB: Fix the default port and peer numbers for legacy drivers
    - mksysmap: Fix the mismatch of '.L' symbols in System.map
    - apparmor: fix introspection of of task mode for unconfined tasks
    - net: dsa: lantiq_gswip: fix and improve the unsupported interface error
    - f2fs: handle readonly filesystem in f2fs_ioc_shutdown()
    - ASoC: meson: add missing free_irq() in error path
    - bpf, sockhash: Fix memory leak when unlinking sockets in sock_hash_free
    - scsi: sr: Fix sr_probe() missing deallocate of device minor
    - scsi: ibmvscsi: Don't send host info in adapter info MAD after LPM
    - x86/purgatory: Disable various profiling and sanitizing options
    - staging: greybus: fix a missing-check bug in gb_lights_light_config()
    - arm64: dts: mt8173: fix unit name warnings
    - scsi: qedi: Do not flush offload work if ARP not resolved
    - arm64: dts: qcom: msm8916: remove unit name for thermal trip points
    - ARM: dts: sun8i-h2-plus-bananapi-m2-zero: Fix led polarity
    - RDMA/mlx5: Fix udata response upon SRQ creation
    - gpio: dwapb: Append MODULE_ALIAS for platform driver
    - scsi: qedf: Fix crash when MFW calls for protocol stats while function is
      still probing
    - pinctrl: rza1: Fix wrong array assignment of rza1l_swio_entries
    - virtiofs: schedule blocking async replies in separate worker
    - arm64: dts: qcom: fix pm8150 gpio interrupts
    - firmware: qcom_scm: fix bogous abuse of dma-direct internals
    - staging: gasket: Fix mapping refcnt leak when put attribute fails
    - staging: gasket: Fix mapping refcnt leak when register/store fails
    - ALSA: usb-audio: Improve frames size computation
    - ALSA: usb-audio: Fix racy list management in output queue
    - s390/qdio: put thinint indicator after early error
    - tty: hvc: Fix data abort due to race in hvc_open
    - slimbus: ngd: get drvdata from correct device
    - clk: meson: meson8b: Fix the first parent of vid_pll_in_sel
    - clk: meson: meson8b: Fix the polarity of the RESET_N lines
    - clk: meson: meson8b: Fix the vclk_div{1, 2, 4, 6, 12}_en gate bits
    - gpio: pca953x: fix handling of automatic address incrementing
    - thermal/drivers/ti-soc-thermal: Avoid dereferencing ERR_PTR
    - clk: meson: meson8b: Don't rely on u-boot to init all GP_PLL registers
    - ASoC: max98373: reorder max98373_reset() in resume
    - soundwire: slave: don't init debugfs on device registration error
    - HID: intel-ish-hid: avoid bogus uninitialized-variable warning
    - usb: dwc3: gadget: Properly handle ClearFeature(halt)
    - usb: dwc3: gadget: Properly handle failed kick_transfer
    - staging: wilc1000: Increase the size of wid_list array
    - staging: sm750fb: add missing case while setting FB_VISUAL
    - PCI: v3-semi: Fix a memory leak in v3_pci_probe() error handling paths
    - i2c: pxa: fix i2c_pxa_scream_blue_murder() debug output
    - serial: amba-pl011: Make sure we initialize the port.lock spinlock
    - drivers: base: Fix NULL pointer exception in __platform_driver_probe() if a
      driver developer is foolish
    - PCI: rcar: Fix incorrect programming of OB windows
    - PCI/ASPM: Allow ASPM on links to PCIe-to-PCI/PCI-X Bridges
    - scsi: qla2xxx: Fix warning after FC target reset
    - ALSA: firewire-lib: fix invalid assignment to union data for directional
      parameter
    - power: supply: lp8788: Fix an error handling path in
      'lp8788_charger_probe()'
    - power: supply: smb347-charger: IRQSTAT_D is volatile
    - ASoC: SOF: core: fix error return code in sof_probe_continue()
    - arm64: dts: msm8996: Fix CSI IRQ types
    - scsi: target: loopback: Fix READ with data and sensebytes
    - scsi: mpt3sas: Fix double free warnings
    - SoC: rsnd: add interrupt support for SSI BUSIF buffer
    - ASoC: ux500: mop500: Fix some refcounted resources issues
    - ASoC: ti: omap-mcbsp: Fix an error handling path in 'asoc_mcbsp_probe()'
    - pinctrl: rockchip: fix memleak in rockchip_dt_node_to_map
    - dlm: remove BUG() before panic()
    - USB: ohci-sm501: fix error return code in ohci_hcd_sm501_drv_probe()
    - clk: ti: composite: fix memory leak
    - PCI: Fix pci_register_host_bridge() device_register() error handling
    - powerpc/64: Don't initialise init_task->thread.regs
    - tty: n_gsm: Fix SOF skipping
    - tty: n_gsm: Fix waking up upper tty layer when room available
    - ALSA: usb-audio: Add duplex sound support for USB devices using implicit
      feedback
    - HID: Add quirks for Trust Panora Graphic Tablet
    - PCI/PM: Assume ports without DLL Link Active train links in 100 ms
    - habanalabs: increase timeout during reset
    - ipmi: use vzalloc instead of kmalloc for user creation
    - powerpc/64s/exception: Fix machine check no-loss idle wakeup
    - powerpc/pseries/ras: Fix FWNMI_VALID off by one
    - drivers: phy: sr-usb: do not use internal fsm for USB2 phy init
    - powerpc/ps3: Fix kexec shutdown hang
    - vfio-pci: Mask cap zero
    - usb/ohci-platform: Fix a warning when hibernating
    - drm/msm/mdp5: Fix mdp5_init error path for failed mdp5_kms allocation
    - ASoC: Intel: bytcr_rt5640: Add quirk for Toshiba Encore WT8-A tablet
    - USB: host: ehci-mxc: Add error handling in ehci_mxc_drv_probe()
    - tty: n_gsm: Fix bogus i++ in gsm_data_kick
    - fpga: dfl: afu: Corrected error handling levels
    - clk: samsung: exynos5433: Add IGNORE_UNUSED flag to sclk_i2s1
    - RDMA/hns: Bugfix for querying qkey
    - RDMA/hns: Fix cmdq parameter of querying pf timer resource
    - scsi: target: tcmu: Userspace must not complete queued commands
    - firmware: imx: scu: Fix possible memory leak in imx_scu_probe()
    - fuse: fix copy_file_range cache issues
    - fuse: copy_file_range should truncate cache
    - arm64: tegra: Fix ethernet phy-mode for Jetson Xavier
    - arm64: tegra: Fix flag for 64-bit resources in 'ranges' property
    - powerpc/64s/pgtable: fix an undefined behaviour
    - dm zoned: return NULL if dmz_get_zone_for_reclaim() fails to find a zone
    - PCI/PTM: Inherit Switch Downstream Port PTM settings from Upstream Port
    - PCI: dwc: Fix inner MSI IRQ domain registration
    - PCI: amlogic: meson: Don't use FAST_LINK_MODE to set up link
    - IB/cma: Fix ports memory leak in cma_configfs
    - watchdog: da9062: No need to ping manually before setting timeout
    - usb: dwc2: gadget: move gadget resume after the core is in L0 state
    - USB: gadget: udc: s3c2410_udc: Remove pointless NULL check in
      s3c2410_udc_nuke
    - usb: gadget: lpc32xx_udc: don't dereference ep pointer before null check
    - usb: gadget: fix potential double-free in m66592_probe.
    - usb: gadget: Fix issue with config_ep_by_speed function
    - scripts: headers_install: Exit with error on config leak
    - RDMA/iw_cxgb4: cleanup device debugfs entries on ULD remove
    - x86/apic: Make TSC deadline timer detection message visible
    - mfd: stmfx: Reset chip on resume as supply was disabled
    - mfd: stmfx: Fix stmfx_irq_init error path
    - mfd: stmfx: Disable IRQ in suspend to avoid spurious interrupt
    - powerpc/32s: Don't warn when mapping RO data ROX.
    - ASoC: fix incomplete error-handling in img_i2s_in_probe.
    - scsi: target: tcmu: Fix a use after free in tcmu_check_expired_queue_cmd()
    - clk: bcm2835: Fix return type of bcm2835_register_gate
    - scsi: ufs-qcom: Fix scheduling while atomic issue
    - KVM: PPC: Book3S HV: Ignore kmemleak false positives
    - KVM: PPC: Book3S: Fix some RCU-list locks
    - clk: sprd: return correct type of value for _sprd_pll_recalc_rate
    - clk: ast2600: Fix AHB clock divider for A1
    - misc: xilinx-sdfec: improve get_user_pages_fast() error handling
    - /dev/mem: Revoke mappings when a driver claims the region
    - net: sunrpc: Fix off-by-one issues in 'rpc_ntop6'
    - NFSv4.1 fix rpc_call_done assignment for BIND_CONN_TO_SESSION
    - of: Fix a refcounting bug in __of_attach_node_sysfs()
    - input: i8042 - Remove special PowerPC handling
    - powerpc/4xx: Don't unmap NULL mbase
    - extcon: adc-jack: Fix an error handling path in 'adc_jack_probe()'
    - ASoC: fsl_asrc_dma: Fix dma_chan leak when config DMA channel failed
    - vfio/mdev: Fix reference count leak in add_mdev_supported_type
    - rtc: rv3028: Add missed check for devm_regmap_init_i2c()
    - mailbox: zynqmp-ipi: Fix NULL vs IS_ERR() check in zynqmp_ipi_mbox_probe()
    - rxrpc: Adjust /proc/net/rxrpc/calls to display call->debug_id not user_ID
    - openrisc: Fix issue with argument clobbering for clone/fork
    - drm/nouveau/disp/gm200-: fix NV_PDISP_SOR_HDMI2_CTRL(n) selection
    - ceph: don't return -ESTALE if there's still an open file
    - nfsd4: make drc_slab global, not per-net
    - gfs2: Allow lock_nolock mount to specify jid=X
    - scsi: iscsi: Fix reference count leak in iscsi_boot_create_kobj
    - scsi: ufs: Don't update urgent bkops level when toggling auto bkops
    - pinctrl: imxl: Fix an error handling path in 'imx1_pinctrl_core_probe()'
    - pinctrl: freescale: imx: Fix an error handling path in 'imx_pinctrl_probe()'
    - nfsd: safer handling of corrupted c_type
    - drm/amd/display: Revalidate bandwidth before commiting DC updates
    - crypto: omap-sham - add proper load balancing support for multicore
    - geneve: change from tx_error to tx_dropped on missing metadata
    - lib/zlib: remove outdated and incorrect pre-increment optimization
    - include/linux/bitops.h: avoid clang shift-count-overflow warnings
    - selftests/vm/pkeys: fix alloc_random_pkey() to make it really random
    - blktrace: use errno instead of bi_status
    - blktrace: fix endianness in get_pdu_int()
    - blktrace: fix endianness for blk_log_remap()
    - gfs2: fix use-after-free on transaction ail lists
    - net: marvell: Fix OF_MDIO config check
    - ntb_perf: pass correct struct device to dma_alloc_coherent
    - ntb_tool: pass correct struct device to dma_alloc_coherent
    - NTB: ntb_tool: reading the link file should not end in a NULL byte
    - NTB: Revert the change to use the NTB device dev for DMA allocations
    - NTB: perf: Don't require one more memory window than number of peers
    - NTB: perf: Fix support for hardware that doesn't have port numbers
    - NTB: perf: Fix race condition when run with ntb_test
    - NTB: ntb_test: Fix bug when counting remote files
    - i2c: icy: Fix build with CONFIG_AMIGA_PCMCIA=n
    - drivers/perf: hisi: Fix wrong value for all counters enable
    - selftests/net: in timestamping, strncpy needs to preserve null byte
    - f2fs: don't return vmalloc() memory from f2fs_kmalloc()
    - afs: Fix memory leak in afs_put_sysnames()
    - ASoC: core: only convert non DPCM link to DPCM link
    - ASoC: SOF: nocodec: conditionally set dpcm_capture/dpcm_playback flags
    - ASoC: Intel: bytcr_rt5640: Add quirk for Toshiba Encore WT10-A tablet
    - ASoC: rt5645: Add platform-data for Asus T101HA
    - bpf/sockmap: Fix kernel panic at __tcp_bpf_recvmsg
    - bpf, sockhash: Synchronize delete from bucket list on map free
    - tracing/probe: Fix bpf_task_fd_query() for kprobes and uprobes
    - drm/sun4i: hdmi ddc clk: Fix size of m divider
    - libbpf: Handle GCC noreturn-turned-volatile quirk
    - scsi: acornscsi: Fix an error handling path in acornscsi_probe()
    - x86/idt: Keep spurious entries unset in system_vectors
    - net/filter: Permit reading NET in load_bytes_relative when MAC not set
    - nvme-pci: use simple suspend when a HMB is enabled
    - nfs: set invalid blocks after NFSv4 writes
    - xdp: Fix xsk_generic_xmit errno
    - iavf: fix speed reporting over virtchnl
    - bpf: Fix memlock accounting for sock_hash
    - usb/xhci-plat: Set PM runtime as active on resume
    - usb: host: ehci-platform: add a quirk to avoid stuck
    - usb/ehci-platform: Set PM runtime as active on resume
    - perf report: Fix NULL pointer dereference in
      hists__fprintf_nr_sample_events()
    - perf stat: Fix NULL pointer dereference
    - ext4: stop overwrite the errcode in ext4_setup_super
    - bcache: fix potential deadlock problem in btree_gc_coalesce
    - powerpc: Fix kernel crash in show_instructions() w/DEBUG_VIRTUAL
    - afs: Fix non-setting of mtime when writing into mmap
    - afs: afs_write_end() should change i_size under the right lock
    - afs: Fix EOF corruption
    - afs: Always include dir in bulk status fetch from afs_do_lookup()
    - afs: Set error flag rather than return error from file status decode
    - afs: Fix the mapping of the UAEOVERFLOW abort code
    - bnxt_en: Return from timer if interface is not in open state.
    - scsi: ufs-bsg: Fix runtime PM imbalance on error
    - block: Fix use-after-free in blkdev_get()
    - mvpp2: remove module bugfix
    - arm64: hw_breakpoint: Don't invoke overflow handler on uaccess watchpoints
    - drm: encoder_slave: fix refcouting error for modules
    - ext4: fix partial cluster initialization when splitting extent
    - ext4: avoid utf8_strncasecmp() with unstable name
    - drm/dp_mst: Reformat drm_dp_check_act_status() a bit
    - drm/qxl: Use correct notify port address when creating cursor ring
    - drm/amdgpu: Replace invalid device ID with a valid device ID
    - selinux: fix double free
    - jbd2: clean __jbd2_journal_abort_hard() and __journal_abort_soft()
    - ext4: avoid race conditions when remounting with options that change dax
    - drm/dp_mst: Increase ACT retry timeout to 3s
    - drm/amd/display: Use swap() where appropriate
    - x86/boot/compressed: Relax sed symbol type regex for LLVM ld.lld
    - block: nr_sects_write(): Disable preemption on seqcount write
    - net/mlx5: DR, Fix freeing in dr_create_rc_qp()
    - f2fs: split f2fs_d_compare() from f2fs_match_name()
    - f2fs: avoid utf8_strncasecmp() with unstable name
    - s390: fix syscall_get_error for compat processes
    - drm/i915: Fix AUX power domain toggling across TypeC mode resets
    - drm/msm: Check for powered down HW in the devfreq callbacks
    - drm/i915/gem: Avoid iterating an empty list
    - drm/i915: Whitelist context-local timestamp in the gen9 cmdparser
    - drm/connector: notify userspace on hotplug after register complete
    - drm/amd/display: Use kvfree() to free coeff in build_regamma()
    - drm/i915/icl+: Fix hotplug interrupt disabling after storm detection
    - Revert "drm/amd/display: disable dcn20 abm feature for bring up"
    - crypto: algif_skcipher - Cap recv SG list at ctx->used
    - crypto: algboss - don't wait during notifier callback
    - tracing/probe: Fix memleak in fetch_op_data operations
    - kprobes: Fix to protect kick_kprobe_optimizer() by kprobe_mutex
    - kretprobe: Prevent triggering kretprobe from within kprobe_flush_task
    - e1000e: Do not wake up the system via WOL if device wakeup is disabled
    - net: octeon: mgmt: Repair filling of RX ring
    - pwm: jz4740: Enhance precision in calculation of duty cycle
    - sched/rt, net: Use CONFIG_PREEMPTION.patch
    - net: core: device_rename: Use rwsem instead of a seqcount
    - Linux 5.4.49

* Computer is frozen after suspend (LP: #1867983) // Focal update: v5.4.49
    upstream stable release (LP: #1885322)
    - libata: Use per port sync for detach

* Focal update: v5.4.48 upstream stable release (LP: #1885023)
    - ACPI: GED: use correct trigger type field in _Exx / _Lxx handling
    - drm/amdgpu: fix and cleanup amdgpu_gem_object_close v4
    - ath10k: Fix the race condition in firmware dump work queue
    - drm: bridge: adv7511: Extend list of audio sample rates
    - media: staging: imgu: do not hold spinlock during freeing mmu page table
    - media: imx: imx7-mipi-csis: Cleanup and fix subdev pad format handling
    - crypto: ccp -- don't "select" CONFIG_DMADEVICES
    - media: vicodec: Fix error codes in probe function
    - media: si2157: Better check for running tuner in init
    - objtool: Ignore empty alternatives
    - spi: spi-mem: Fix Dual/Quad modes on Octal-capable devices
    - drm/amdgpu: Init data to avoid oops while reading pp_num_states.
    - arm64/kernel: Fix range on invalidating dcache for boot page tables
    - libbpf: Fix memory leak and possible double-free in hashmap__clear
    - spi: pxa2xx: Apply CS clk quirk to BXT
    - x86,smap: Fix smap_{save,restore}() alternatives
    - sched/fair: Refill bandwidth before scaling
    - net: atlantic: make hw_get_regs optional
    - net: ena: fix error returning in ena_com_get_hash_function()
    - efi/libstub/x86: Work around LLVM ELF quirk build regression
    - ath10k: remove the max_sched_scan_reqs value
    - arm64: cacheflush: Fix KGDB trap detection
    - media: staging: ipu3: Fix stale list entries on parameter queue failure
    - rtw88: fix an issue about leak system resources
    - spi: dw: Zero DMA Tx and Rx configurations on stack
    - ACPICA: Dispatcher: add status checks
    - block: alloc map and request for new hardware queue
    - arm64: insn: Fix two bugs in encoding 32-bit logical immediates
    - block: reset mapping if failed to update hardware queue count
    - drm: rcar-du: Set primary plane zpos immutably at initializing
    - lockdown: Allow unprivileged users to see lockdown status
    - ixgbe: Fix XDP redirect on archs with PAGE_SIZE above 4K
    - platform/x86: dell-laptop: don't register micmute LED if there is no token
    - MIPS: Loongson: Build ATI Radeon GPU driver as module
    - Bluetooth: Add SCO fallback for invalid LMP parameters error
    - kgdb: Disable WARN_CONSOLE_UNLOCKED for all kgdb
    - kgdb: Prevent infinite recursive entries to the debugger
    - pmu/smmuv3: Clear IRQ affinity hint on device removal
    - ACPI/IORT: Fix PMCG node single ID mapping handling
    - mips: Fix cpu_has_mips64r1/2 activation for MIPS32 CPUs
    - spi: dw: Enable interrupts in accordance with DMA xfer mode
    - clocksource: dw_apb_timer: Make CPU-affiliation being optional
    - clocksource: dw_apb_timer_of: Fix missing clockevent timers
    - media: dvbdev: Fix tuner->demod media controller link
    - btrfs: account for trans_block_rsv in may_commit_transaction
    - btrfs: do not ignore error from btrfs_next_leaf() when inserting checksums
    - ARM: 8978/1: mm: make act_mm() respect THREAD_SIZE
    - batman-adv: Revert "disable ethtool link speed detection when auto
      negotiation off"
    - ice: Fix memory leak
    - ice: Fix for memory leaks and modify ICE_FREE_CQ_BUFS
    - mmc: meson-mx-sdio: trigger a soft reset after a timeout or CRC error
    - Bluetooth: btmtkuart: Improve exception handling in btmtuart_probe()
    - spi: dw: Fix Rx-only DMA transfers
    - x86/kvm/hyper-v: Explicitly align hcall param for kvm_hyperv_exit
    - net: vmxnet3: fix possible buffer overflow caused by bad DMA value in
      vmxnet3_get_rss()
    - x86: fix vmap arguments in map_irq_stack
    - staging: android: ion: use vmap instead of vm_map_ram
    - ath10k: fix kernel null pointer dereference
    - media: staging/intel-ipu3: Implement lock for stream on/off operations
    - spi: Respect DataBitLength field of SpiSerialBusV2() ACPI resource
    - brcmfmac: fix wrong location to get firmware feature
    - regulator: qcom-rpmh: Fix typos in pm8150 and pm8150l
    - tools api fs: Make xxx__mountpoint() more scalable
    - e1000: Distribute switch variables for initialization
    - dt-bindings: display: mediatek: control dpi pins mode to avoid leakage
    - drm/mediatek: set dpi pin mode to gpio low to avoid leakage current
    - audit: fix a net reference leak in audit_send_reply()
    - media: dvb: return -EREMOTEIO on i2c transfer failure.
    - media: platform: fcp: Set appropriate DMA parameters
    - MIPS: Make sparse_init() using top-down allocation
    - ath10k: add flush tx packets for SDIO chip
    - Bluetooth: btbcm: Add 2 missing models to subver tables
    - audit: fix a net reference leak in audit_list_rules_send()
    - Drivers: hv: vmbus: Always handle the VMBus messages on CPU0
    - dpaa2-eth: fix return codes used in ndo_setup_tc
    - netfilter: nft_nat: return EOPNOTSUPP if type or flags are not supported
    - selftests/bpf: Fix memory leak in extract_build_id()
    - net: bcmgenet: set Rx mode before starting netif
    - net: bcmgenet: Fix WoL with password after deep sleep
    - lib/mpi: Fix 64-bit MIPS build with Clang
    - exit: Move preemption fixup up, move blocking operations down
    - sched/core: Fix illegal RCU from offline CPUs
    - drivers/perf: hisi: Fix typo in events attribute array
    - iocost_monitor: drop string wrap around numbers when outputting json
    - net: lpc-enet: fix error return code in lpc_mii_init()
    - selinux: fix error return code in policydb_read()
    - drivers: net: davinci_mdio: fix potential NULL dereference in
      davinci_mdio_probe()
    - media: cec: silence shift wrapping warning in __cec_s_log_addrs()
    - net: allwinner: Fix use correct return type for ndo_start_xmit()
    - powerpc/spufs: fix copy_to_user while atomic
    - libertas_tf: avoid a null dereference in pointer priv
    - xfs: clean up the error handling in xfs_swap_extents
    - Crypto/chcr: fix for ccm(aes) failed test
    - MIPS: Truncate link address into 32bit for 32bit kernel
    - mips: cm: Fix an invalid error code of INTVN_*_ERR
    - kgdb: Fix spurious true from in_dbg_master()
    - xfs: reset buffer write failure state on successful completion
    - xfs: fix duplicate verification from xfs_qm_dqflush()
    - platform/x86: intel-vbtn: Use acpi_evaluate_integer()
    - platform/x86: intel-vbtn: Split keymap into buttons and switches parts
    - platform/x86: intel-vbtn: Do not advertise switches to userspace if they are
      not there
    - platform/x86: intel-vbtn: Also handle tablet-mode switch on "Detachable" and
      "Portable" chassis-types
    - iwlwifi: avoid debug max amsdu config overwriting itself
    - nvme: refine the Qemu Identify CNS quirk
    - nvme-pci: align io queue count with allocted nvme_queue in nvme_probe
    - nvme-tcp: use bh_lock in data_ready
    - ath10k: Remove msdu from idr when management pkt send fails
    - wcn36xx: Fix error handling path in 'wcn36xx_probe()'
    - net: qed*: Reduce RX and TX default ring count when running inside kdump
      kernel
    - drm/mcde: dsi: Fix return value check in mcde_dsi_bind()
    - mt76: avoid rx reorder buffer overflow
    - md: don't flush workqueue unconditionally in md_open
    - raid5: remove gfp flags from scribble_alloc()
    - iocost: don't let vrate run wild while there's no saturation signal
    - veth: Adjust hard_start offset on redirect XDP frames
    - net/mlx5e: IPoIB, Drop multicast packets that this interface sent
    - rtlwifi: Fix a double free in _rtl_usb_tx_urb_setup()
    - mwifiex: Fix memory corruption in dump_station
    - kgdboc: Use a platform device to handle tty drivers showing up late
    - x86/boot: Correct relocation destination on old linkers
    - sched: Defend cfs and rt bandwidth quota against overflow
    - mips: MAAR: Use more precise address mask
    - mips: Add udelay lpj numbers adjustment
    - crypto: stm32/crc32 - fix ext4 chksum BUG_ON()
    - crypto: stm32/crc32 - fix run-time self test issue.
    - crypto: stm32/crc32 - fix multi-instance
    - drm/amd/powerpay: Disable gfxoff when setting manual mode on picasso and
      raven
    - drm/amdgpu: Sync with VM root BO when switching VM to CPU update mode
    - selftests/bpf: CONFIG_IPV6_SEG6_BPF required for test_seg6_loop.o
    - x86/mm: Stop printing BRK addresses
    - MIPS: tools: Fix resource leak in elf-entry.c
    - m68k: mac: Don't call via_flush_cache() on Mac IIfx
    - btrfs: improve global reserve stealing logic
    - btrfs: qgroup: mark qgroup inconsistent if we're inherting snapshot to a new
      qgroup
    - macvlan: Skip loopback packets in RX handler
    - PCI: Don't disable decoding when mmio_always_on is set
    - MIPS: Fix IRQ tracing when call handle_fpe() and handle_msa_fpe()
    - bcache: fix refcount underflow in bcache_device_free()
    - mmc: sdhci-msm: Set SDHCI_QUIRK_MULTIBLOCK_READ_ACMD12 quirk
    - staging: greybus: sdio: Respect the cmd->busy_timeout from the mmc core
    - mmc: via-sdmmc: Respect the cmd->busy_timeout from the mmc core
    - ice: fix potential double free in probe unrolling
    - ixgbe: fix signed-integer-overflow warning
    - iwlwifi: mvm: fix aux station leak
    - mmc: sdhci-esdhc-imx: fix the mask for tuning start point
    - spi: dw: Return any value retrieved from the dma_transfer callback
    - cpuidle: Fix three reference count leaks
    - platform/x86: hp-wmi: Convert simple_strtoul() to kstrtou32()
    - platform/x86: intel-hid: Add a quirk to support HP Spectre X2 (2015)
    - platform/x86: intel-vbtn: Only blacklist SW_TABLET_MODE on the 9 / "Laptop"
      chasis-type
    - platform/x86: asus_wmi: Reserve more space for struct bias_args
    - libbpf: Fix perf_buffer__free() API for sparse allocs
    - bpf: Fix map permissions check
    - bpf: Refactor sockmap redirect code so its easy to reuse
    - bpf: Fix running sk_skb program types with ktls
    - selftests/bpf, flow_dissector: Close TAP device FD after the test
    - kasan: stop tests being eliminated as dead code with FORTIFY_SOURCE
    - string.h: fix incompatibility between FORTIFY_SOURCE and KASAN
    - btrfs: free alien device after device add
    - btrfs: include non-missing as a qualifier for the latest_bdev
    - btrfs: send: emit file capabilities after chown
    - btrfs: force chunk allocation if our global rsv is larger than metadata
    - btrfs: fix error handling when submitting direct I/O bio
    - btrfs: fix wrong file range cleanup after an error filling dealloc range
    - btrfs: fix space_info bytes_may_use underflow after nocow buffered write
    - btrfs: fix space_info bytes_may_use underflow during space cache writeout
    - powerpc/mm: Fix conditions to perform MMU specific management by blocks on
      PPC32.
    - mm: thp: make the THP mapcount atomic against __split_huge_pmd_locked()
    - mm: initialize deferred pages with interrupts enabled
    - mm/pagealloc.c: call touch_nmi_watchdog() on max order boundaries in
      deferred init
    - mm: call cond_resched() from deferred_init_memmap()
    - ima: Fix ima digest hash table key calculation
    - ima: Switch to ima_hash_algo for boot aggregate
    - ima: Evaluate error in init_ima()
    - ima: Directly assign the ima_default_policy pointer to ima_rules
    - ima: Call ima_calc_boot_aggregate() in ima_eventdigest_init()
    - ima: Remove __init annotation from ima_pcrread()
    - evm: Fix possible memory leak in evm_calc_hmac_or_hash()
    - ext4: fix EXT_MAX_EXTENT/INDEX to check for zeroed eh_max
    - ext4: fix error pointer dereference
    - ext4: fix race between ext4_sync_parent() and rename()
    - PCI: Add ACS quirk for Intel Root Complex Integrated Endpoints
    - PCI: Add Loongson vendor ID
    - x86/amd_nb: Add AMD family 17h model 60h PCI IDs
    - ima: Remove redundant policy rule set in add_rules()
    - ima: Set again build_ima_appraise variable
    - PCI: Program MPS for RCiEP devices
    - e1000e: Relax condition to trigger reset for ME workaround
    - carl9170: remove P2P_GO support
    - media: go7007: fix a miss of snd_card_free
    - media: cedrus: Program output format during each run
    - serial: 8250: Avoid error message on reprobe
    - Bluetooth: hci_bcm: fix freeing not-requested IRQ
    - b43legacy: Fix case where channel status is corrupted
    - b43: Fix connection problem with WPA3
    - b43_legacy: Fix connection problem with WPA3
    - media: ov5640: fix use of destroyed mutex
    - clk: mediatek: assign the initial value to clk_init_data of mtk_mux
    - hwmon: (k10temp) Add AMD family 17h model 60h PCI match
    - EDAC/amd64: Add AMD family 17h model 60h PCI IDs
    - power: vexpress: add suppress_bind_attrs to true
    - power: supply: core: fix HWMON temperature labels
    - power: supply: core: fix memory leak in HWMON error path
    - pinctrl: samsung: Correct setting of eint wakeup mask on s5pv210
    - pinctrl: samsung: Save/restore eint_mask over suspend for EINT_TYPE GPIOs
    - gnss: sirf: fix error return code in sirf_probe()
    - sparc32: fix register window handling in genregs32_[gs]et()
    - sparc64: fix misuses of access_process_vm() in genregs32_[sg]et()
    - dm crypt: avoid truncating the logical block size
    - alpha: fix memory barriers so that they conform to the specification
    - powerpc/fadump: use static allocation for reserved memory ranges
    - powerpc/fadump: consider reserved ranges while reserving memory
    - powerpc/fadump: Account for memory_limit while reserving memory
    - kernel/cpu_pm: Fix uninitted local in cpu_pm
    - ARM: tegra: Correct PL310 Auxiliary Control Register initialization
    - soc/tegra: pmc: Select GENERIC_PINCONF
    - ARM: dts: exynos: Fix GPIO polarity for thr GalaxyS3 CM36651 sensor's bus
    - ARM: dts: at91: sama5d2_ptc_ek: fix vbus pin
    - ARM: dts: s5pv210: Set keep-power-in-suspend for SDHCI1 on Aries
    - drivers/macintosh: Fix memleak in windfarm_pm112 driver
    - powerpc/32s: Fix another build failure with CONFIG_PPC_KUAP_DEBUG
    - powerpc/kasan: Fix issues by lowering KASAN_SHADOW_END
    - powerpc/kasan: Fix shadow pages allocation failure
    - powerpc/32: Disable KASAN with pages bigger than 16k
    - powerpc/64s: Don't let DT CPU features set FSCR_DSCR
    - powerpc/64s: Save FSCR to init_task.thread.fscr after feature init
    - kbuild: force to build vmlinux if CONFIG_MODVERSION=y
    - sunrpc: svcauth_gss_register_pseudoflavor must reject duplicate
      registrations.
    - sunrpc: clean up properly in gss_mech_unregister()
    - mtd: rawnand: Fix nand_gpio_waitrdy()
    - mtd: rawnand: onfi: Fix redundancy detection check
    - mtd: rawnand: brcmnand: fix hamming oob layout
    - mtd: rawnand: diskonchip: Fix the probe error path
    - mtd: rawnand: sharpsl: Fix the probe error path
    - mtd: rawnand: ingenic: Fix the probe error path
    - mtd: rawnand: xway: Fix the probe error path
    - mtd: rawnand: orion: Fix the probe error path
    - mtd: rawnand: socrates: Fix the probe error path
    - mtd: rawnand: oxnas: Fix the probe error path
    - mtd: rawnand: sunxi: Fix the probe error path
    - mtd: rawnand: plat_nand: Fix the probe error path
    - mtd: rawnand: pasemi: Fix the probe error path
    - mtd: rawnand: mtk: Fix the probe error path
    - mtd: rawnand: tmio: Fix the probe error path
    - w1: omap-hdq: cleanup to add missing newline for some dev_dbg
    - f2fs: fix checkpoint=disable:%u%%
    - perf probe: Do not show the skipped events
    - perf probe: Fix to check blacklist address correctly
    - perf probe: Check address correctness by map instead of _etext
    - perf symbols: Fix debuginfo search for Ubuntu
    - perf symbols: Fix kernel maps for kcore and eBPF
    - Linux 5.4.48

* The thread level parallelism would be a bottleneck when searching for the
    shared pmd by using hugetlbfs (LP: #1882039)
    - hugetlbfs: take read_lock on i_mmap for PMD sharing

* Support Audio Mute LED for two new HP laptops (LP: #1884251)
    - ALSA: hda/realtek: Add mute LED and micmute LED support for HP systems

* Focal update: v5.4.47 upstream stable release (LP: #1884089)
    - ipv6: fix IPV6_ADDRFORM operation logic
    - mlxsw: core: Use different get_trend() callbacks for different thermal zones
    - net_failover: fixed rollback in net_failover_open()
    - tun: correct header offsets in napi frags mode
    - bridge: Avoid infinite loop when suppressing NS messages with invalid
      options
    - vxlan: Avoid infinite loop when suppressing NS messages with invalid options
    - bpf: Support llvm-objcopy for vmlinux BTF
    - elfnote: mark all .note sections SHF_ALLOC
    - Input: mms114 - fix handling of mms345l
    - ARM: 8977/1: ptrace: Fix mask for thumb breakpoint hook
    - sched/fair: Don't NUMA balance for kthreads
    - Input: synaptics - add a second working PNP_ID for Lenovo T470s
    - csky: Fixup abiv2 syscall_trace break a4 & a5
    - gfs2: Even more gfs2_find_jhead fixes
    - drivers/net/ibmvnic: Update VNIC protocol version reporting
    - powerpc/xive: Clear the page tables for the ESB IO mapping
    - spi: dw: Fix native CS being unset
    - ath9k_htc: Silence undersized packet warnings
    - smack: avoid unused 'sip' variable warning
    - RDMA/uverbs: Make the event_queue fds return POLLERR when disassociated
    - padata: add separate cpuhp node for CPUHP_PADATA_DEAD
    - s390/pci: Log new handle in clp_disable_fh()
    - x86/cpu/amd: Make erratum #1054 a legacy erratum
    - KVM: x86: only do L1TF workaround on affected processors
    - PCI/PM: Adjust pcie_wait_for_link_delay() for caller delay
    - perf probe: Accept the instance number of kretprobe event
    - mm: add kvfree_sensitive() for freeing sensitive data objects
    - selftests: fix flower parent qdisc
    - fanotify: fix ignore mask logic for events on child and on dir
    - aio: fix async fsync creds
    - ipv4: fix a RCU-list lock in fib_triestat_seq_show
    - iwlwifi: mvm: fix NVM check for 3168 devices
    - sctp: fix possibly using a bad saddr with a given dst
    - sctp: fix refcount bug in sctp_wfree
    - x86_64: Fix jiffies ODR violation
    - x86/PCI: Mark Intel C620 MROMs as having non-compliant BARs
    - x86/speculation: Prevent rogue cross-process SSBD shutdown
    - x86/speculation: Avoid force-disabling IBPB based on STIBP and enhanced
      IBRS.
    - x86/speculation: PR_SPEC_FORCE_DISABLE enforcement for indirect branches.
    - x86/reboot/quirks: Add MacBook6,1 reboot quirk
    - perf/x86/intel: Add more available bits for OFFCORE_RESPONSE of Intel
      Tremont
    - KVM: x86/mmu: Set mmio_value to '0' if reserved #PF can't be generated
    - KVM: x86: respect singlestep when emulating instruction
    - KVM: x86: Fix APIC page invalidation race
    - powerpc/ptdump: Properly handle non standard page size
    - ASoC: max9867: fix volume controls
    - io_uring: use kvfree() in io_sqe_buffer_register()
    - efi/efivars: Add missing kobject_put() in sysfs entry creation error path
    - smb3: fix incorrect number of credits when ioctl MaxOutputResponse > 64K
    - smb3: add indatalen that can be a non-zero value to calculation of credit
      charge in smb2 ioctl
    - watchdog: imx_sc_wdt: Fix reboot on crash
    - ALSA: es1688: Add the missed snd_card_free()
    - ALSA: fireface: fix configuration error for nominal sampling transfer
      frequency
    - ALSA: hda/realtek - add a pintbl quirk for several Lenovo machines
    - ALSA: pcm: disallow linking stream to itself
    - ALSA: pcm: fix snd_pcm_link() lockdep splat
    - ALSA: usb-audio: Fix inconsistent card PM state after resume
    - ALSA: usb-audio: Add vendor, product and profile name for HP Thunderbolt
      Dock
    - ACPI: sysfs: Fix reference count leak in acpi_sysfs_add_hotplug_profile()
    - ACPI: CPPC: Fix reference count leak in acpi_cppc_processor_probe()
    - ACPI: GED: add support for _Exx / _Lxx handler methods
    - ACPI: PM: Avoid using power resources if there are none for D0
    - arm64: acpi: fix UBSAN warning
    - lib/lzo: fix ambiguous encoding bug in lzo-rle
    - nilfs2: fix null pointer dereference at nilfs_segctor_do_construct()
    - spi: dw: Fix controller unregister order
    - spi: Fix controller unregister order
    - spi: pxa2xx: Fix controller unregister order
    - spi: pxa2xx: Fix runtime PM ref imbalance on probe error
    - spi: bcm2835: Fix controller unregister order
    - spi: bcm2835aux: Fix controller unregister order
    - spi: bcm-qspi: Handle clock probe deferral
    - spi: bcm-qspi: when tx/rx buffer is NULL set to 0
    - PM: runtime: clk: Fix clk_pm_runtime_get() error path
    - gup: document and work around "COW can break either way" issue
    - crypto: cavium/nitrox - Fix 'nitrox_get_first_device()' when ndevlist is
      fully iterated
    - crypto: algapi - Avoid spurious modprobe on LOADED
    - crypto: drbg - fix error return code in drbg_alloc_state()
    - x86/{mce,mm}: Unmap the entire page if the whole page is affected and
      poisoned
    - firmware: imx: warn on unexpected RX
    - firmware: imx-scu: Support one TX and one RX
    - firmware: imx: scu: Fix corruption of header
    - crypto: virtio: Fix use-after-free in virtio_crypto_skcipher_finalize_req()
    - crypto: virtio: Fix src/dst scatterlist calculation in
      __virtio_crypto_skcipher_do_req()
    - crypto: virtio: Fix dest length calculation in
      __virtio_crypto_skcipher_do_req()
    - dccp: Fix possible memleak in dccp_init and dccp_fini
    - selftests/net: in rxtimestamp getopt_long needs terminating null entry
    - net/mlx5: drain health workqueue in case of driver load error
    - net/mlx5: Fix fatal error handling during device load
    - net/mlx5e: Fix repeated XSK usage on one channel
    - ovl: initialize error in ovl_copy_xattr
    - proc: Use new_inode not new_inode_pseudo
    - remoteproc: Fall back to using parent memory pool if no dedicated available
    - remoteproc: Fix and restore the parenting hierarchy for vdev
    - cpufreq: Fix up cpufreq_boost_set_sw()
    - EDAC/skx: Use the mcmtr register to retrieve close_pg/bank_xor_enable
    - video: vt8500lcdfb: fix fallthrough warning
    - video: fbdev: w100fb: Fix a potential double free.
    - KVM: nVMX: Skip IBPB when switching between vmcs01 and vmcs02
    - KVM: nSVM: fix condition for filtering async PF
    - KVM: nSVM: leave ASID aside in copy_vmcb_control_area
    - KVM: nVMX: Consult only the "basic" exit reason when routing nested exit
    - KVM: MIPS: Define KVM_ENTRYHI_ASID to cpu_asid_mask(&boot_cpu_data)
    - KVM: MIPS: Fix VPN2_MASK definition for variable cpu_vmbits
    - KVM: arm64: Stop writing aarch32's CSSELR into ACTLR
    - KVM: arm64: Make vcpu_cp1x() work on Big Endian hosts
    - scsi: megaraid_sas: TM command refire leads to controller firmware crash
    - scsi: lpfc: Fix negation of else clause in lpfc_prep_node_fc4type
    - selftests/ftrace: Return unsupported if no error_log file
    - ath9k: Fix use-after-free Read in htc_connect_service
    - ath9k: Fix use-after-free Read in ath9k_wmi_ctrl_rx
    - ath9k: Fix use-after-free Write in ath9k_htc_rx_msg
    - ath9x: Fix stack-out-of-bounds Write in ath9k_hif_usb_rx_cb
    - ath9k: Fix general protection fault in ath9k_hif_usb_rx_cb
    - Smack: slab-out-of-bounds in vsscanf
    - drm/vkms: Hold gem object while still in-use
    - mm/slub: fix a memory leak in sysfs_slab_add()
    - fat: don't allow to mount if the FAT length == 0
    - perf: Add cond_resched() to task_function_call()
    - agp/intel: Reinforce the barrier after GTT updates
    - mmc: sdhci-msm: Clear tuning done flag while hs400 tuning
    - mmc: mmci_sdmmc: fix DMA API warning overlapping mappings
    - mmc: tmio: Further fixup runtime PM management at remove
    - mmc: uniphier-sd: call devm_request_irq() after tmio_mmc_host_probe()
    - ARM: dts: at91: sama5d2_ptc_ek: fix sdmmc0 node description
    - mmc: sdio: Fix potential NULL pointer error in mmc_sdio_init_card()
    - mmc: sdio: Fix several potential memory leaks in mmc_sdio_init_card()
    - block/floppy: fix contended case in floppy_queue_rq()
    - xen/pvcalls-back: test for errors when calling backend_connect()
    - KVM: arm64: Synchronize sysreg state on injecting an AArch32 exception
    - KVM: arm64: Save the host's PtrAuth keys in non-preemptible context
    - Linux 5.4.47

* apparmor reference leak causes refcount_t overflow with af_alg_accept()
    (LP: #1883962)
    - apparmor: check/put label on apparmor_sk_clone_security()

* Focal update: v5.4.46 upstream stable release (LP: #1883184)
    - devinet: fix memleak in inetdev_init()
    - l2tp: add sk_family checks to l2tp_validate_socket
    - l2tp: do not use inet_hash()/inet_unhash()
    - net/mlx5: Fix crash upon suspend/resume
    - net: stmmac: enable timestamp snapshot for required PTP packets in dwmac
      v5.10a
    - net: usb: qmi_wwan: add Telit LE910C1-EUX composition
    - NFC: st21nfca: add missed kfree_skb() in an error path
    - nfp: flower: fix used time of merge flow statistics
    - vsock: fix timeout in vsock_accept()
    - net: check untrusted gso_size at kernel entry
    - net: be more gentle about silly gso requests coming from user
    - USB: serial: qcserial: add DW5816e QDL support
    - USB: serial: usb_wwan: do not resubmit rx urb on fatal errors
    - USB: serial: option: add Telit LE910C1-EUX compositions
    - USB: serial: ch341: add basis for quirk detection
    - iio:chemical:sps30: Fix timestamp alignment
    - iio: vcnl4000: Fix i2c swapped word reading.
    - iio:chemical:pms7003: Fix timestamp alignment and prevent data leak.
    - iio: adc: stm32-adc: fix a wrong error message when probing interrupts
    - usb: musb: start session in resume for host port
    - usb: musb: Fix runtime PM imbalance on error
    - vt: keyboard: avoid signed integer overflow in k_ascii
    - tty: hvc_console, fix crashes on parallel open/close
    - staging: rtl8712: Fix IEEE80211_ADDBA_PARAM_BUF_SIZE_MASK
    - CDC-ACM: heed quirk also in error handling
    - nvmem: qfprom: remove incorrect write support
    - uprobes: ensure that uprobe->offset and ->ref_ctr_offset are properly
      aligned
    - Revert "net/mlx5: Annotate mutex destroy for root ns"
    - Linux 5.4.46

* Focal update: v5.4.45 upstream stable release (LP: #1882802)
    - mm: Fix mremap not considering huge pmd devmap
    - HID: sony: Fix for broken buttons on DS3 USB dongles
    - HID: multitouch: enable multi-input as a quirk for some devices
    - HID: i2c-hid: add Schneider SCL142ALM to descriptor override
    - p54usb: add AirVasT USB stick device-id
    - mt76: mt76x02u: Add support for newer versions of the XBox One wifi adapter
    - mmc: fix compilation of user API
    - media: Revert "staging: imgu: Address a compiler warning on alignment"
    - media: staging: ipu3-imgu: Move alignment attribute to field
    - scsi: ufs: Release clock if DMA map fails
    - net: dsa: mt7530: set CPU port to fallback mode
    - airo: Fix read overflows sending packets
    - RDMA/qedr: Fix qpids xarray api used
    - RDMA/qedr: Fix synchronization methods and memory leaks in qedr
    - ARC: Fix ICCM & DCCM runtime size checks
    - ARC: [plat-eznps]: Restrict to CONFIG_ISA_ARCOMPACT
    - evm: Fix RCU list related warnings
    - scsi: pm: Balance pm_only counter of request queue during system resume
    - i2c: altera: Fix race between xfer_msg and isr thread
    - io_uring: initialize ctx->sqo_wait earlier
    - x86/mmiotrace: Use cpumask_available() for cpumask_var_t variables
    - net: bmac: Fix read of MAC address from ROM
    - drm/edid: Add Oculus Rift S to non-desktop list
    - s390/mm: fix set_huge_pte_at() for empty ptes
    - null_blk: return error for invalid zone size
    - net/ethernet/freescale: rework quiesce/activate for ucc_geth
    - net: ethernet: stmmac: Enable interface clocks on probe for IPQ806x
    - selftests: mlxsw: qos_mc_aware: Specify arping timeout as an integer
    - net: smsc911x: Fix runtime PM imbalance on error
    - Linux 5.4.45

-- Stefan Bader <stefan.bader@canonical.com>  Wed, 26 Aug 2020 15:15:45 +0200

Changed in linux (Ubuntu Focal):
status:	Fix Committed → Fix Released

Revision history for this message

Launchpad Janitor (janitor) wrote on 2020-09-01:

#20

Download full text (55.0 KiB)

This bug was fixed in the package linux - 4.15.0-115.116

---------------
linux (4.15.0-115.116) bionic; urgency=medium

* bionic/linux: 4.15.0-115.116 -proposed tracker (LP: #1893055)

  * [Potential Regression] dscr_inherit_exec_test from powerpc in
    ubuntu_kernel_selftests failed on B/E/F (LP: #1888332)
    - powerpc/64s: Don't init FSCR_DSCR in __init_FSCR()

linux (4.15.0-114.115) bionic; urgency=medium

* bionic/linux: 4.15.0-114.115 -proposed tracker (LP: #1891052)

* ipsec: policy priority management is broken (LP: #1890796)
- xfrm: policy: match with both mark and mask on user interfaces

linux (4.15.0-113.114) bionic; urgency=medium

* bionic/linux: 4.15.0-113.114 -proposed tracker (LP: #1890705)

* Packaging resync (LP: #1786013)
- update dkms package versions

* Reapply "usb: handle warm-reset port requests on hub resume" (LP: #1859873)
- usb: handle warm-reset port requests on hub resume

  * Bionic update: upstream stable patchset 2020-07-29 (LP: #1889474)
    - gpio: arizona: handle pm_runtime_get_sync failure case
    - gpio: arizona: put pm_runtime in case of failure
    - pinctrl: amd: fix npins for uart0 in kerncz_groups
    - mac80211: allow rx of mesh eapol frames with default rx key
    - scsi: scsi_transport_spi: Fix function pointer check
    - xtensa: fix __sync_fetch_and_{and,or}_4 declarations
    - xtensa: update *pos in cpuinfo_op.next
    - drivers/net/wan/lapbether: Fixed the value of hard_header_len
    - net: sky2: initialize return of gm_phy_read
    - drm/nouveau/i2c/g94-: increase NV_PMGR_DP_AUXCTL_TRANSACTREQ timeout
    - irqdomain/treewide: Keep firmware node unconditionally allocated
    - SUNRPC reverting d03727b248d0 ("NFSv4 fix CLOSE not waiting for direct IO
      compeletion")
    - spi: spi-fsl-dspi: Exit the ISR with IRQ_NONE when it's not ours
    - IB/umem: fix reference count leak in ib_umem_odp_get()
    - uprobes: Change handle_swbp() to send SIGTRAP with si_code=SI_KERNEL, to fix
      GDB regression
    - ALSA: info: Drop WARN_ON() from buffer NULL sanity check
    - ASoC: rt5670: Correct RT5670_LDO_SEL_MASK
    - btrfs: fix double free on ulist after backref resolution failure
    - btrfs: fix mount failure caused by race with umount
    - btrfs: fix page leaks after failure to lock page for delalloc
    - bnxt_en: Fix race when modifying pause settings.
    - hippi: Fix a size used in a 'pci_free_consistent()' in an error handling
      path
    - ax88172a: fix ax88172a_unbind() failures
    - net: dp83640: fix SIOCSHWTSTAMP to update the struct with actual
      configuration
    - drm: sun4i: hdmi: Fix inverted HPD result
    - net: smc91x: Fix possible memory leak in smc_drv_probe()
    - bonding: check error value of register_netdevice() immediately
    - mlxsw: destroy workqueue when trap_register in mlxsw_emad_init
    - ipvs: fix the connection sync failed in some cases
    - i2c: rcar: always clear ICSAR to avoid side effects
    - bonding: check return value of register_netdevice() in bond_newlink()
    - serial: exar: Fix GPIO configuration for Sealevel cards based on XR17V35X
    - scripts/decode_stacktrace: strip basepath from all paths
    - HID: i...

This bug was fixed in the package linux - 4.15.0-115.116

---------------
linux (4.15.0-115.116) bionic; urgency=medium

* bionic/linux: 4.15.0-115.116 -proposed tracker (LP: #1893055)

* [Potential Regression] dscr_inherit_exec_test from powerpc in
    ubuntu_kernel_selftests failed on B/E/F (LP: #1888332)
    - powerpc/64s: Don't init FSCR_DSCR in __init_FSCR()

linux (4.15.0-114.115) bionic; urgency=medium

* bionic/linux: 4.15.0-114.115 -proposed tracker (LP: #1891052)

* ipsec: policy priority management is broken (LP: #1890796)
    - xfrm: policy: match with both mark and mask on user interfaces

linux (4.15.0-113.114) bionic; urgency=medium

* bionic/linux: 4.15.0-113.114 -proposed tracker (LP: #1890705)

* Packaging resync (LP: #1786013)
    - update dkms package versions

* Reapply "usb: handle warm-reset port requests on hub resume" (LP: #1859873)
    - usb: handle warm-reset port requests on hub resume

* Bionic update: upstream stable patchset 2020-07-29 (LP: #1889474)
    - gpio: arizona: handle pm_runtime_get_sync failure case
    - gpio: arizona: put pm_runtime in case of failure
    - pinctrl: amd: fix npins for uart0 in kerncz_groups
    - mac80211: allow rx of mesh eapol frames with default rx key
    - scsi: scsi_transport_spi: Fix function pointer check
    - xtensa: fix __sync_fetch_and_{and,or}_4 declarations
    - xtensa: update *pos in cpuinfo_op.next
    - drivers/net/wan/lapbether: Fixed the value of hard_header_len
    - net: sky2: initialize return of gm_phy_read
    - drm/nouveau/i2c/g94-: increase NV_PMGR_DP_AUXCTL_TRANSACTREQ timeout
    - irqdomain/treewide: Keep firmware node unconditionally allocated
    - SUNRPC reverting d03727b248d0 ("NFSv4 fix CLOSE not waiting for direct IO
      compeletion")
    - spi: spi-fsl-dspi: Exit the ISR with IRQ_NONE when it's not ours
    - IB/umem: fix reference count leak in ib_umem_odp_get()
    - uprobes: Change handle_swbp() to send SIGTRAP with si_code=SI_KERNEL, to fix
      GDB regression
    - ALSA: info: Drop WARN_ON() from buffer NULL sanity check
    - ASoC: rt5670: Correct RT5670_LDO_SEL_MASK
    - btrfs: fix double free on ulist after backref resolution failure
    - btrfs: fix mount failure caused by race with umount
    - btrfs: fix page leaks after failure to lock page for delalloc
    - bnxt_en: Fix race when modifying pause settings.
    - hippi: Fix a size used in a 'pci_free_consistent()' in an error handling
      path
    - ax88172a: fix ax88172a_unbind() failures
    - net: dp83640: fix SIOCSHWTSTAMP to update the struct with actual
      configuration
    - drm: sun4i: hdmi: Fix inverted HPD result
    - net: smc91x: Fix possible memory leak in smc_drv_probe()
    - bonding: check error value of register_netdevice() immediately
    - mlxsw: destroy workqueue when trap_register in mlxsw_emad_init
    - ipvs: fix the connection sync failed in some cases
    - i2c: rcar: always clear ICSAR to avoid side effects
    - bonding: check return value of register_netdevice() in bond_newlink()
    - serial: exar: Fix GPIO configuration for Sealevel cards based on XR17V35X
    - scripts/decode_stacktrace: strip basepath from all paths
    - HID: i2c-hid: add Mediacom FlexBook edge13 to descriptor override
    - HID: apple: Disable Fn-key key-re-mapping on clone keyboards
    - dmaengine: tegra210-adma: Fix runtime PM imbalance on error
    - Input: add `SW_MACHINE_COVER`
    - spi: mediatek: use correct SPI_CFG2_REG MACRO
    - regmap: dev_get_regmap_match(): fix string comparison
    - hwmon: (aspeed-pwm-tacho) Avoid possible buffer overflow
    - dmaengine: ioat setting ioat timeout as module parameter
    - Input: synaptics - enable InterTouch for ThinkPad X1E 1st gen
    - usb: gadget: udc: gr_udc: fix memleak on error handling path in gr_ep_init()
    - arm64: Use test_tsk_thread_flag() for checking TIF_SINGLESTEP
    - x86: math-emu: Fix up 'cmp' insn for clang ias
    - binder: Don't use mmput() from shrinker function.
    - usb: xhci-mtk: fix the failure of bandwidth allocation
    - usb: xhci: Fix ASM2142/ASM3142 DMA addressing
    - Revert "cifs: Fix the target file was deleted when rename failed."
    - staging: wlan-ng: properly check endpoint types
    - staging: comedi: addi_apci_1032: check INSN_CONFIG_DIGITAL_TRIG shift
    - staging: comedi: ni_6527: fix INSN_CONFIG_DIGITAL_TRIG support
    - staging: comedi: addi_apci_1500: check INSN_CONFIG_DIGITAL_TRIG shift
    - staging: comedi: addi_apci_1564: check INSN_CONFIG_DIGITAL_TRIG shift
    - serial: 8250: fix null-ptr-deref in serial8250_start_tx()
    - serial: 8250_mtk: Fix high-speed baud rates clamping
    - fbdev: Detect integer underflow at "struct fbcon_ops"->clear_margins.
    - vt: Reject zero-sized screen buffer size.
    - Makefile: Fix GCC_TOOLCHAIN_DIR prefix for Clang cross compilation
    - mm/memcg: fix refcount error while moving and swapping
    - io-mapping: indicate mapping failure
    - parisc: Add atomic64_set_release() define to avoid CPU soft lockups
    - ath9k: Fix regression with Atheros 9271
    - fuse: fix weird page warning
    - qed: suppress "don't support RoCE & iWARP" flooding on HW init
    - scripts/gdb: fix lx-symbols 'gdb.error' while loading modules
    - HID: alps: support devices with report id 2
    - RISC-V: Upgrade smp_mb__after_spinlock() to iorw,iorw
    - x86, vmlinux.lds: Page-align end of ..page_aligned sections
    - ASoC: rt5670: Add new gpio1_is_ext_spk_en quirk and enable it on the Lenovo
      Miix 2 10

* Bionic update: upstream stable patchset 2020-07-24 (LP: #1888907)
    - KVM: s390: reduce number of IO pins to 1
    - spi: spi-fsl-dspi: Adding shutdown hook
    - spi: spi-fsl-dspi: Fix lockup if device is removed during SPI transfer
    - spi: spi-fsl-dspi: use IRQF_SHARED mode to request IRQ
    - spi: spi-fsl-dspi: Fix external abort on interrupt in resume or exit paths
    - ARM: dts: omap4-droid4: Fix spi configuration and increase rate
    - gpu: host1x: Detach driver on unregister
    - spi: spidev: fix a race between spidev_release and spidev_remove
    - spi: spidev: fix a potential use-after-free in spidev_release()
    - ixgbe: protect ring accesses with READ- and WRITE_ONCE
    - s390/kasan: fix early pgm check handler execution
    - cifs: update ctime and mtime during truncate
    - ARM: imx6: add missing put_device() call in imx6q_suspend_init()
    - scsi: mptscsih: Fix read sense data size
    - nvme-rdma: assign completion vector correctly
    - x86/entry: Increase entry_stack size to a full page
    - net: cxgb4: fix return error value in t4_prep_fw
    - smsc95xx: check return value of smsc95xx_reset
    - smsc95xx: avoid memory leak in smsc95xx_bind
    - ALSA: compress: fix partial_drain completion state
    - arm64: kgdb: Fix single-step exception handling oops
    - nbd: Fix memory leak in nbd_add_socket
    - bnxt_en: fix NULL dereference in case SR-IOV configuration fails
    - net: macb: mark device wake capable when "magic-packet" property present
    - mlxsw: spectrum_router: Remove inappropriate usage of WARN_ON()
    - ALSA: opl3: fix infoleak in opl3
    - ALSA: hda - let hs_mic be picked ahead of hp_mic
    - ALSA: usb-audio: add quirk for MacroSilicon MS2109
    - KVM: arm64: Fix definition of PAGE_HYP_DEVICE
    - KVM: arm64: Stop clobbering x0 for HVC_SOFT_RESTART
    - KVM: x86: bit 8 of non-leaf PDPEs is not reserved
    - KVM: x86: Inject #GP if guest attempts to toggle CR4.LA57 in 64-bit mode
    - KVM: x86: Mark CR4.TSD as being possibly owned by the guest
    - btrfs: fix fatal extent_buffer readahead vs releasepage race
    - drm/radeon: fix double free
    - dm: use noio when sending kobject event
    - ARC: entry: fix potential EFA clobber when TIF_SYSCALL_TRACE
    - ARC: elf: use right ELF_ARCH
    - s390/mm: fix huge pte soft dirty copying
    - genetlink: remove genl_bind
    - ipv4: fill fl4_icmp_{type,code} in ping_v4_sendmsg
    - l2tp: remove skb_dst_set() from l2tp_xmit_skb()
    - llc: make sure applications use ARPHRD_ETHER
    - net: Added pointer check for dst->ops->neigh_lookup in dst_neigh_lookup_skb
    - tcp: md5: add missing memory barriers in tcp_md5_do_add()/tcp_md5_hash_key()
    - tcp: md5: refine tcp_md5_do_add()/tcp_md5_hash_key() barriers
    - tcp: md5: allow changing MD5 keys in all socket states
    - net_sched: fix a memory leak in atm_tc_init()
    - tcp: make sure listeners don't initialize congestion-control state
    - tcp: md5: do not send silly options in SYNCOOKIES
    - cgroup: fix cgroup_sk_alloc() for sk_clone_lock()
    - cgroup: Fix sock_cgroup_data on big-endian.
    - drm/exynos: fix ref count leak in mic_pre_enable
    - arm64/alternatives: use subsections for replacement sequences
    - tpm_tis: extra chip->ops check on error path in tpm_tis_core_init
    - gfs2: read-only mounts should grab the sd_freeze_gl glock
    - i2c: eg20t: Load module automatically if ID matches
    - arm64: alternative: Use true and false for boolean values
    - arm64/alternatives: don't patch up internal branches
    - iio:magnetometer:ak8974: Fix alignment and data leak issues
    - iio:humidity:hdc100x Fix alignment and data leak issues
    - iio: magnetometer: ak8974: Fix runtime PM imbalance on error
    - iio: mma8452: Add missed iio_device_unregister() call in mma8452_probe()
    - iio: pressure: zpa2326: handle pm_runtime_get_sync failure
    - iio:pressure:ms5611 Fix buffer element alignment
    - iio:health:afe4403 Fix timestamp alignment and prevent data leak.
    - spi: spi-fsl-dspi: Fix lockup if device is shutdown during SPI transfer
    - spi: fix initial SPI_SR value in spi-fsl-dspi
    - net: dsa: bcm_sf2: Fix node reference count
    - of: of_mdio: Correct loop scanning logic
    - Revert "usb/ohci-platform: Fix a warning when hibernating"
    - Revert "usb/ehci-platform: Set PM runtime as active on resume"
    - Revert "usb/xhci-plat: Set PM runtime as active on resume"
    - doc: dt: bindings: usb: dwc3: Update entries for disabling SS instances in
      park mode
    - mmc: sdhci: do not enable card detect interrupt for gpio cd type
    - ACPI: video: Use native backlight on Acer Aspire 5783z
    - ACPI: video: Use native backlight on Acer TravelMate 5735Z
    - iio:health:afe4404 Fix timestamp alignment and prevent data leak.
    - phy: sun4i-usb: fix dereference of pointer phy0 before it is null checked
    - arm64: dts: meson: add missing gxl rng clock
    - spi: spi-sun6i: sun6i_spi_transfer_one(): fix setting of clock rate
    - usb: gadget: udc: atmel: fix uninitialized read in debug printk
    - staging: comedi: verify array index is correct before using it
    - Revert "thermal: mediatek: fix register index error"
    - ARM: dts: socfpga: Align L2 cache-controller nodename with dtschema
    - copy_xstate_to_kernel: Fix typo which caused GDB regression
    - perf stat: Zero all the 'ena' and 'run' array slot stats for interval mode
    - mtd: rawnand: brcmnand: fix CS0 layout
    - mtd: rawnand: oxnas: Keep track of registered devices
    - mtd: rawnand: oxnas: Unregister all devices on error
    - mtd: rawnand: oxnas: Release all devices in the _remove() path
    - HID: magicmouse: do not set up autorepeat
    - ALSA: line6: Perform sanity check for each URB creation
    - ALSA: usb-audio: Fix race against the error recovery URB submission
    - USB: c67x00: fix use after free in c67x00_giveback_urb
    - usb: dwc2: Fix shutdown callback in platform
    - usb: chipidea: core: add wakeup support for extcon
    - usb: gadget: function: fix missing spinlock in f_uac1_legacy
    - USB: serial: iuu_phoenix: fix memory corruption
    - USB: serial: cypress_m8: enable Simply Automated UPB PIM
    - USB: serial: ch341: add new Product ID for CH340
    - USB: serial: option: add GosunCn GM500 series
    - virtio: virtio_console: add missing MODULE_DEVICE_TABLE() for rproc serial
    - fuse: Fix parameter for FS_IOC_{GET,SET}FLAGS
    - Revert "zram: convert remaining CLASS_ATTR() to CLASS_ATTR_RO()"
    - mei: bus: don't clean driver pointer
    - Input: i8042 - add Lenovo XiaoXin Air 12 to i8042 nomux list
    - uio_pdrv_genirq: fix use without device tree and no interrupt
    - timer: Fix wheel index calculation on last level
    - MIPS: Fix build for LTS kernel caused by backporting lpj adjustment
    - hwmon: (emc2103) fix unable to change fan pwm1_enable attribute
    - intel_th: pci: Add Jasper Lake CPU support
    - intel_th: pci: Add Tiger Lake PCH-H support
    - intel_th: pci: Add Emmitsburg PCH support
    - dmaengine: fsl-edma: Fix NULL pointer exception in fsl_edma_tx_handler
    - misc: atmel-ssc: lock with mutex instead of spinlock
    - thermal/drivers/cpufreq_cooling: Fix wrong frequency converted from power
    - arm64: ptrace: Override SPSR.SS when single-stepping is enabled
    - sched/fair: handle case of task_h_load() returning 0
    - libceph: don't omit recovery_deletes in target_copy()
    - rxrpc: Fix trace string
    - regmap: fix alignment issue
    - i40e: protect ring accesses with READ- and WRITE_ONCE
    - usb: dwc3: pci: Fix reference count leak in dwc3_pci_resume_work
    - net: qrtr: Fix an out of bounds read qrtr_endpoint_post()
    - drm/mediatek: Check plane visibility in atomic_update
    - net: hns3: fix use-after-free when doing self test
    - cxgb4: fix all-mask IP address comparison
    - perf: Make perf able to build with latest libbfd
    - drm/msm: fix potential memleak in error branch
    - HID: quirks: Remove ITE 8595 entry from hid_have_special_driver
    - scsi: sr: remove references to BLK_DEV_SR_VENDOR, leave it enabled
    - [Config] updateconfigs for BLK_DEV_SR_VENDOR
    - ALSA: usb-audio: Create a registration quirk for Kingston HyperX Amp
      (0951:16d8)
    - ALSA: usb-audio: Rewrite registration quirk handling
    - ALSA: usb-audio: Add registration quirk for Kingston HyperX Cloud Alpha S
    - ALSA: usb-audio: Add registration quirk for Kingston HyperX Cloud Flight S
    - regmap: debugfs: Don't sleep while atomic for fast_io regmaps
    - HID: quirks: Always poll Obins Anne Pro 2 keyboard
    - HID: quirks: Ignore Simply Automated UPB PIM
    - ALSA: line6: Sync the pending work cancel at disconnection
    - ALSA: hda/realtek - change to suitable link model for ASUS platform
    - ALSA: hda/realtek - Enable Speaker for ASUS UX533 and UX534
    - timer: Prevent base->clk from moving backward
    - riscv: use 16KB kernel stack on 64-bit
    - intel_th: Fix a NULL dereference when hub driver is not loaded
    - genirq/affinity: Handle affinity setting on inactive interrupts correctly

* NFSv4.1: Interrupted connections cause high bandwidth RPC ping-pong between
    client and server (LP: #1887607)
    - NFSv4.1: Avoid false retries when RPC calls are interrupted
    - NFSv4.x: Handle bad/dead sessions correctly in nfs41_sequence_process()
    - NFS: Fix interrupted slots by sending a solo SEQUENCE operation

* tap: use after free (LP: #1889735)
    - tap: fix use-after-free

* Bionic update: upstream stable patchset 2020-07-17 (LP: #1887990)
    - btrfs: fix a block group ref counter leak after failure to remove block
      group
    - btrfs: cow_file_range() num_bytes and disk_num_bytes are same
    - btrfs: fix data block group relocation failure due to concurrent scrub
    - mm: fix swap cache node allocation mask
    - EDAC/amd64: Read back the scrub rate PCI register on F15h
    - usbnet: smsc95xx: Fix use-after-free after removal
    - mm/slub.c: fix corrupted freechain in deactivate_slab()
    - mm/slub: fix stack overruns with SLUB_STATS
    - usb: usbtest: fix missing kfree(dev->buf) in usbtest_disconnect
    - kgdb: Avoid suspicious RCU usage warning
    - cxgb4: use unaligned conversion for fetching timestamp
    - cxgb4: parse TC-U32 key values and masks natively
    - hwmon: (max6697) Make sure the OVERT mask is set correctly
    - hwmon: (acpi_power_meter) Fix potential memory leak in
      acpi_power_meter_add()
    - drm: sun4i: hdmi: Remove extra HPD polling
    - virtio-blk: free vblk-vqs in error path of virtblk_probe()
    - i2c: algo-pca: Add 0x78 as SCL stuck low status for PCA9665
    - nfsd: apply umask on fs without ACL support
    - Revert "ALSA: usb-audio: Improve frames size computation"
    - SMB3: Honor 'seal' flag for multiuser mounts
    - SMB3: Honor persistent/resilient handle flags for multiuser mounts
    - cifs: Fix the target file was deleted when rename failed.
    - MIPS: Add missing EHB in mtc0 -> mfc0 sequence for DSPen
    - irqchip/gic: Atomically update affinity
    - dm zoned: assign max_io_len correctly
    - [Config] updateconfigs for EFI_CUSTOM_SSDT_OVERLAYS
    - efi: Make it possible to disable efivar_ssdt entirely
    - s390/debug: avoid kernel warning on too large number of pages
    - cxgb4: use correct type for all-mask IP address comparison
    - SMB3: Honor lease disabling for multiuser mounts

* Enable Quectel EG95 LTE modem [2c7c:0195]  (LP: #1886744)
    - net: usb: qmi_wwan: add support for Quectel EG95 LTE modem
    - USB: serial: option: add Quectel EG95 LTE modem

* kernel oops xr-usb-serial (LP: #1885271)
    - SAUCE: Revert "xr-usb-serial: fix kbuild"
    - SAUCE: Revert "xr-usb-serial: Changes to support updates in struct
      gpio_chip"
    - SAUCE: Revert "xr-usb-serial: re-initialise baudrate after resume from
      S3/S4"
    - SAUCE: Revert "xr-usb-serial: Update driver for Exar USB serial ports"

* [hns3-0115] add 8 BD limit for tx flow  (LP: #1859756)
    - net: hns3: add 8 BD limit for tx flow
    - net: hns3: avoid mult + div op in critical data path
    - net: hns3: remove some ops in struct hns3_nic_ops
    - net: hns3: fix for not calculating tx bd num correctly
    - net: hns3: unify maybe_stop_tx for TSO and non-TSO case
    - net: hns3: add check for max TX BD num for tso and non-tso case
    - net: hns3: fix for TX queue not restarted problem
    - net: hns3: fix a use after free problem in hns3_nic_maybe_stop_tx()

* Regression in kernel 4.15.0-91 causes kernel panic with Bcache
    (LP: #1867916)
    - bcache: check and adjust logical block size for backing devices

* use-after-free in af_alg_accept() due to bh_lock_sock() (LP: #1884766)
    - crypto: af_alg - fix use-after-free in af_alg_accept() due to bh_lock_sock()

* Bionic update: upstream stable patchset 2020-07-15 (LP: #1887715)
    - net: be more gentle about silly gso requests coming from user
    - block/bio-integrity: don't free 'buf' if bio_integrity_add_page() failed
    - net: sched: export __netdev_watchdog_up()
    - fix a braino in "sparc32: fix register window handling in
      genregs32_[gs]et()"
    - apparmor: don't try to replace stale label in ptraceme check
    - ibmveth: Fix max MTU limit
    - mld: fix memory leak in ipv6_mc_destroy_dev()
    - net: bridge: enfore alignment for ethernet address
    - net: fix memleak in register_netdevice()
    - net: usb: ax88179_178a: fix packet alignment padding
    - rocker: fix incorrect error handling in dma_rings_init
    - rxrpc: Fix notification call on completion of discarded calls
    - sctp: Don't advertise IPv4 addresses if ipv6only is set on the socket
    - tcp: grow window for OOO packets only for SACK flows
    - tg3: driver sleeps indefinitely when EEH errors exceed eeh_max_freezes
    - ip_tunnel: fix use-after-free in ip_tunnel_lookup()
    - tcp_cubic: fix spurious HYSTART_DELAY exit upon drop in min RTT
    - ip6_gre: fix use-after-free in ip6gre_tunnel_lookup()
    - net: Fix the arp error in some cases
    - net: Do not clear the sock TX queue in sk_set_socket()
    - net: core: reduce recursion limit value
    - USB: ohci-sm501: Add missed iounmap() in remove
    - usb: dwc2: Postponed gadget registration to the udc class driver
    - usb: add USB_QUIRK_DELAY_INIT for Logitech C922
    - USB: ehci: reopen solution for Synopsys HC bug
    - usb: host: xhci-mtk: avoid runtime suspend when removing hcd
    - usb: host: ehci-exynos: Fix error check in exynos_ehci_probe()
    - ALSA: usb-audio: add quirk for Denon DCD-1500RE
    - xhci: Fix incorrect EP_STATE_MASK
    - xhci: Fix enumeration issue when setting max packet size for FS devices.
    - cdc-acm: Add DISABLE_ECHO quirk for Microchip/SMSC chip
    - loop: replace kill_bdev with invalidate_bdev
    - ALSA: usb-audio: Clean up mixer element list traverse
    - ALSA: usb-audio: Fix OOB access of mixer element list
    - xhci: Poll for U0 after disabling USB2 LPM
    - cifs/smb3: Fix data inconsistent when punch hole
    - cifs/smb3: Fix data inconsistent when zero file range
    - efi/esrt: Fix reference count leak in esre_create_sysfs_entry.
    - ARM: dts: NSP: Correct FA2 mailbox node
    - rxrpc: Fix handling of rwind from an ACK packet
    - RDMA/cma: Protect bind_list and listen_list while finding matching cm id
    - ASoC: rockchip: Fix a reference count leak.
    - RDMA/mad: Fix possible memory leak in ib_mad_post_receive_mads()
    - net: qed: fix left elements count calculation
    - net: qed: fix NVMe login fails over VFs
    - net: qed: fix excessive QM ILT lines consumption
    - ARM: imx5: add missing put_device() call in imx_suspend_alloc_ocram()
    - usb: gadget: udc: Potential Oops in error handling code
    - netfilter: ipset: fix unaligned atomic access
    - net: bcmgenet: use hardware padding of runt frames
    - sched/core: Fix PI boosting between RT and DEADLINE tasks
    - ata/libata: Fix usage of page address by page_address in
      ata_scsi_mode_select_xlat function
    - net: alx: fix race condition in alx_remove
    - s390/ptrace: fix setting syscall number
    - kbuild: improve cc-option to clean up all temporary files
    - blktrace: break out of blktrace setup on concurrent calls
    - ALSA: hda: Add NVIDIA codec IDs 9a & 9d through a0 to patch table
    - ACPI: sysfs: Fix pm_profile_attr type
    - KVM: X86: Fix MSR range of APIC registers in X2APIC mode
    - KVM: nVMX: Plumb L2 GPA through to PML emulation
    - btrfs: fix failure of RWF_NOWAIT write into prealloc extent beyond eof
    - mm/slab: use memzero_explicit() in kzfree()
    - ocfs2: load global_inode_alloc
    - ocfs2: fix value of OCFS2_INVALID_SLOT
    - ocfs2: fix panic on nfs server over ocfs2
    - arm64: perf: Report the PC value in REGS_ABI_32 mode
    - tracing: Fix event trigger to accept redundant spaces
    - drm/radeon: fix fb_div check in ni_init_smc_spll_table()
    - Staging: rtl8723bs: prevent buffer overflow in update_sta_support_rate()
    - sunrpc: fixed rollback in rpc_gssd_dummy_populate()
    - SUNRPC: Properly set the @subbuf parameter of xdr_buf_subsegment()
    - pNFS/flexfiles: Fix list corruption if the mirror count changes
    - NFSv4 fix CLOSE not waiting for direct IO compeletion
    - xfs: add agf freeblocks verify in xfs_agf_verify
    - net: bcmgenet: remove HFB_CTRL access
    - EDAC/amd64: Add Family 17h Model 30h PCI IDs
    - i2c: tegra: Cleanup kerneldoc comments
    - i2c: tegra: Add missing kerneldoc for some fields
    - net: phy: Check harder for errors in get_phy_id()
    - ALSA: usb-audio: add quirk for Samsung USBC Headset (AKG)
    - scsi: zfcp: Fix panic on ERP timeout for previously dismissed ERP action
    - xhci: Return if xHCI doesn't support LPM
    - IB/mad: Fix use after free when destroying MAD agent
    - regmap: Fix memory leak from regmap_register_patch
    - RDMA/qedr: Fix KASAN: use-after-free in ucma_event_handler+0x532
    - cxgb4: move handling L2T ARP failures to caller
    - sched/deadline: Initialize ->dl_boosted
    - s390/vdso: fix vDSO clock_getres()
    - arm64: sve: Fix build failure when ARM64_SVE=y and SYSCTL=n
    - ALSA: hda/realtek - Add quirk for MSI GE63 laptop

* Bionic update: upstream stable patchset 2020-07-07 (LP: #1886710)
    - s390: fix syscall_get_error for compat processes
    - drm/i915: Whitelist context-local timestamp in the gen9 cmdparser
    - power: supply: bq24257_charger: Replace depends on REGMAP_I2C with select
    - clk: sunxi: Fix incorrect usage of round_down()
    - i2c: piix4: Detect secondary SMBus controller on AMD AM4 chipsets
    - iio: pressure: bmp280: Tolerate IRQ before registering
    - remoteproc: Fix IDR initialisation in rproc_alloc()
    - clk: qcom: msm8916: Fix the address location of pll->config_reg
    - backlight: lp855x: Ensure regulators are disabled on probe failure
    - ASoC: davinci-mcasp: Fix dma_chan refcnt leak when getting dma type
    - ARM: integrator: Add some Kconfig selections
    - scsi: qedi: Check for buffer overflow in qedi_set_path()
    - ALSA: isa/wavefront: prevent out of bounds write in ioctl
    - scsi: qla2xxx: Fix issue with adapter's stopping state
    - iio: bmp280: fix compensation of humidity
    - f2fs: report delalloc reserve as non-free in statfs for project quota
    - i2c: pxa: clear all master action bits in i2c_pxa_stop_message()
    - usblp: poison URBs upon disconnect
    - dm mpath: switch paths in dm_blk_ioctl() code path
    - PCI: aardvark: Don't blindly enable ASPM L0s and don't write to read-only
      register
    - ps3disk: use the default segment boundary
    - vfio/pci: fix memory leaks in alloc_perm_bits()
    - m68k/PCI: Fix a memory leak in an error handling path
    - mfd: wm8994: Fix driver operation if loaded as modules
    - scsi: lpfc: Fix lpfc_nodelist leak when processing unsolicited event
    - clk: clk-flexgen: fix clock-critical handling
    - powerpc/perf/hv-24x7: Fix inconsistent output values incase multiple hv-24x7
      events run
    - nfsd: Fix svc_xprt refcnt leak when setup callback client failed
    - powerpc/crashkernel: Take "mem=" option into account
    - yam: fix possible memory leak in yam_init_driver
    - NTB: Fix the default port and peer numbers for legacy drivers
    - mksysmap: Fix the mismatch of '.L' symbols in System.map
    - apparmor: fix introspection of of task mode for unconfined tasks
    - scsi: sr: Fix sr_probe() missing deallocate of device minor
    - scsi: ibmvscsi: Don't send host info in adapter info MAD after LPM
    - staging: greybus: fix a missing-check bug in gb_lights_light_config()
    - scsi: qedi: Do not flush offload work if ARP not resolved
    - ALSA: usb-audio: Improve frames size computation
    - s390/qdio: put thinint indicator after early error
    - thermal/drivers/ti-soc-thermal: Avoid dereferencing ERR_PTR
    - staging: sm750fb: add missing case while setting FB_VISUAL
    - i2c: pxa: fix i2c_pxa_scream_blue_murder() debug output
    - serial: amba-pl011: Make sure we initialize the port.lock spinlock
    - drivers: base: Fix NULL pointer exception in __platform_driver_probe() if a
      driver developer is foolish
    - PCI: rcar: Fix incorrect programming of OB windows
    - PCI/ASPM: Allow ASPM on links to PCIe-to-PCI/PCI-X Bridges
    - scsi: qla2xxx: Fix warning after FC target reset
    - power: supply: lp8788: Fix an error handling path in
      'lp8788_charger_probe()'
    - power: supply: smb347-charger: IRQSTAT_D is volatile
    - scsi: mpt3sas: Fix double free warnings
    - dlm: remove BUG() before panic()
    - clk: ti: composite: fix memory leak
    - PCI: Fix pci_register_host_bridge() device_register() error handling
    - tty: n_gsm: Fix SOF skipping
    - tty: n_gsm: Fix waking up upper tty layer when room available
    - powerpc/pseries/ras: Fix FWNMI_VALID off by one
    - powerpc/ps3: Fix kexec shutdown hang
    - vfio-pci: Mask cap zero
    - usb/ohci-platform: Fix a warning when hibernating
    - drm/msm/mdp5: Fix mdp5_init error path for failed mdp5_kms allocation
    - USB: host: ehci-mxc: Add error handling in ehci_mxc_drv_probe()
    - tty: n_gsm: Fix bogus i++ in gsm_data_kick
    - clk: samsung: exynos5433: Add IGNORE_UNUSED flag to sclk_i2s1
    - powerpc/64s/pgtable: fix an undefined behaviour
    - dm zoned: return NULL if dmz_get_zone_for_reclaim() fails to find a zone
    - PCI/PTM: Inherit Switch Downstream Port PTM settings from Upstream Port
    - IB/cma: Fix ports memory leak in cma_configfs
    - watchdog: da9062: No need to ping manually before setting timeout
    - usb: dwc2: gadget: move gadget resume after the core is in L0 state
    - USB: gadget: udc: s3c2410_udc: Remove pointless NULL check in
      s3c2410_udc_nuke
    - usb: gadget: lpc32xx_udc: don't dereference ep pointer before null check
    - usb: gadget: fix potential double-free in m66592_probe.
    - usb: gadget: Fix issue with config_ep_by_speed function
    - x86/apic: Make TSC deadline timer detection message visible
    - clk: bcm2835: Fix return type of bcm2835_register_gate
    - scsi: ufs-qcom: Fix scheduling while atomic issue
    - net: sunrpc: Fix off-by-one issues in 'rpc_ntop6'
    - NFSv4.1 fix rpc_call_done assignment for BIND_CONN_TO_SESSION
    - powerpc/4xx: Don't unmap NULL mbase
    - extcon: adc-jack: Fix an error handling path in 'adc_jack_probe()'
    - ASoC: fsl_asrc_dma: Fix dma_chan leak when config DMA channel failed
    - vfio/mdev: Fix reference count leak in add_mdev_supported_type
    - openrisc: Fix issue with argument clobbering for clone/fork
    - gfs2: Allow lock_nolock mount to specify jid=X
    - scsi: iscsi: Fix reference count leak in iscsi_boot_create_kobj
    - scsi: ufs: Don't update urgent bkops level when toggling auto bkops
    - pinctrl: imxl: Fix an error handling path in 'imx1_pinctrl_core_probe()'
    - pinctrl: freescale: imx: Fix an error handling path in 'imx_pinctrl_probe()'
    - crypto: omap-sham - add proper load balancing support for multicore
    - geneve: change from tx_error to tx_dropped on missing metadata
    - lib/zlib: remove outdated and incorrect pre-increment optimization
    - include/linux/bitops.h: avoid clang shift-count-overflow warnings
    - elfnote: mark all .note sections SHF_ALLOC
    - selftests/vm/pkeys: fix alloc_random_pkey() to make it really random
    - blktrace: use errno instead of bi_status
    - blktrace: fix endianness in get_pdu_int()
    - blktrace: fix endianness for blk_log_remap()
    - gfs2: fix use-after-free on transaction ail lists
    - selftests/net: in timestamping, strncpy needs to preserve null byte
    - drm/sun4i: hdmi ddc clk: Fix size of m divider
    - scsi: acornscsi: Fix an error handling path in acornscsi_probe()
    - usb/xhci-plat: Set PM runtime as active on resume
    - usb/ehci-platform: Set PM runtime as active on resume
    - perf report: Fix NULL pointer dereference in
      hists__fprintf_nr_sample_events()
    - bcache: fix potential deadlock problem in btree_gc_coalesce
    - block: Fix use-after-free in blkdev_get()
    - arm64: hw_breakpoint: Don't invoke overflow handler on uaccess watchpoints
    - drm: encoder_slave: fix refcouting error for modules
    - drm/dp_mst: Reformat drm_dp_check_act_status() a bit
    - drm/qxl: Use correct notify port address when creating cursor ring
    - selinux: fix double free
    - ext4: fix partial cluster initialization when splitting extent
    - drm/dp_mst: Increase ACT retry timeout to 3s
    - x86/boot/compressed: Relax sed symbol type regex for LLVM ld.lld
    - block: nr_sects_write(): Disable preemption on seqcount write
    - mtd: rawnand: Pass a nand_chip object to nand_release()
    - mtd: rawnand: diskonchip: Fix the probe error path
    - mtd: rawnand: sharpsl: Fix the probe error path
    - mtd: rawnand: xway: Fix the probe error path
    - mtd: rawnand: orion: Fix the probe error path
    - mtd: rawnand: oxnas: Add of_node_put()
    - mtd: rawnand: oxnas: Fix the probe error path
    - mtd: rawnand: socrates: Fix the probe error path
    - mtd: rawnand: plat_nand: Fix the probe error path
    - mtd: rawnand: mtk: Fix the probe error path
    - mtd: rawnand: tmio: Fix the probe error path
    - crypto: algif_skcipher - Cap recv SG list at ctx->used
    - crypto: algboss - don't wait during notifier callback
    - kprobes: Fix to protect kick_kprobe_optimizer() by kprobe_mutex
    - e1000e: Do not wake up the system via WOL if device wakeup is disabled
    - kretprobe: Prevent triggering kretprobe from within kprobe_flush_task
    - sched/rt, net: Use CONFIG_PREEMPTION.patch
    - net: core: device_rename: Use rwsem instead of a seqcount
    - kvm: x86: Move kvm_set_mmio_spte_mask() from x86.c to mmu.c
    - kvm: x86: Fix reserved bits related calculation errors caused by MKTME
    - KVM: x86/mmu: Set mmio_value to '0' if reserved #PF can't be generated
    - ASoC: tegra: tegra_wm8903: Support nvidia, headset property
    - PCI: Allow pci_resize_resource() for devices on root bus
    - clk: samsung: Mark top ISP and CAM clocks on Exynos542x as critical
    - serial: 8250: Fix max baud limit in generic 8250 port
    - gpio: dwapb: Call acpi_gpiochip_free_interrupts() on GPIO chip de-
      registration
    - pwm: img: Call pm_runtime_put() in pm_runtime_get_sync() failed case
    - x86/purgatory: Disable various profiling and sanitizing options
    - arm64: dts: mt8173: fix unit name warnings
    - gpio: dwapb: Append MODULE_ALIAS for platform driver
    - pinctrl: rza1: Fix wrong array assignment of rza1l_swio_entries
    - ALSA: usb-audio: Fix racy list management in output queue
    - PCI: v3-semi: Fix a memory leak in v3_pci_probe() error handling paths
    - pinctrl: rockchip: fix memleak in rockchip_dt_node_to_map
    - powerpc/64: Don't initialise init_task->thread.regs
    - HID: Add quirks for Trust Panora Graphic Tablet
    - RDMA/iw_cxgb4: cleanup device debugfs entries on ULD remove
    - ASoC: fix incomplete error-handling in img_i2s_in_probe.
    - of: Fix a refcounting bug in __of_attach_node_sysfs()
    - NTB: Revert the change to use the NTB device dev for DMA allocations
    - drivers/perf: hisi: Fix wrong value for all counters enable
    - x86/idt: Keep spurious entries unset in system_vectors
    - usb: host: ehci-platform: add a quirk to avoid stuck
    - afs: Fix non-setting of mtime when writing into mmap
    - afs: afs_write_end() should change i_size under the right lock
    - drm/amdgpu: Replace invalid device ID with a valid device ID
    - ext4: avoid race conditions when remounting with options that change dax
    - net: octeon: mgmt: Repair filling of RX ring
    - Revert "dpaa_eth: fix usage as DSA master, try 3"

* Computer is frozen after suspend (LP: #1867983) // Bionic update: upstream
    stable patchset 2020-07-07 (LP: #1886710)
    - libata: Use per port sync for detach

* The thread level parallelism would be a bottleneck when searching for the
    shared pmd by using hugetlbfs (LP: #1882039)
    - hugetlbfs: take read_lock on i_mmap for PMD sharing

* Bionic update: upstream stable patchset 2020-06-25 (LP: #1885176)
    - ipv6: fix IPV6_ADDRFORM operation logic
    - vxlan: Avoid infinite loop when suppressing NS messages with invalid options
    - make 'user_access_begin()' do 'access_ok()'
    - Fix 'acccess_ok()' on alpha and SH
    - arch/openrisc: Fix issues with access_ok()
    - x86: uaccess: Inhibit speculation past access_ok() in user_access_begin()
    - lib: Reduce user_access_begin() boundaries in strncpy_from_user() and
      strnlen_user()
    - serial: imx: Fix handling of TC irq in combination with DMA
    - crypto: talitos - fix ECB and CBC algs ivsize
    - ARM: 8977/1: ptrace: Fix mask for thumb breakpoint hook
    - sched/fair: Don't NUMA balance for kthreads
    - Input: synaptics - add a second working PNP_ID for Lenovo T470s
    - drivers/net/ibmvnic: Update VNIC protocol version reporting
    - powerpc/xive: Clear the page tables for the ESB IO mapping
    - ath9k_htc: Silence undersized packet warnings
    - perf probe: Accept the instance number of kretprobe event
    - mm: add kvfree_sensitive() for freeing sensitive data objects
    - x86_64: Fix jiffies ODR violation
    - x86/PCI: Mark Intel C620 MROMs as having non-compliant BARs
    - x86/speculation: Prevent rogue cross-process SSBD shutdown
    - x86/reboot/quirks: Add MacBook6,1 reboot quirk
    - efi/efivars: Add missing kobject_put() in sysfs entry creation error path
    - ALSA: es1688: Add the missed snd_card_free()
    - ALSA: hda/realtek - add a pintbl quirk for several Lenovo machines
    - ALSA: usb-audio: Fix inconsistent card PM state after resume
    - ACPI: sysfs: Fix reference count leak in acpi_sysfs_add_hotplug_profile()
    - ACPI: CPPC: Fix reference count leak in acpi_cppc_processor_probe()
    - ACPI: GED: add support for _Exx / _Lxx handler methods
    - ACPI: PM: Avoid using power resources if there are none for D0
    - cgroup, blkcg: Prepare some symbols for module and !CONFIG_CGROUP usages
    - nilfs2: fix null pointer dereference at nilfs_segctor_do_construct()
    - spi: bcm2835aux: Fix controller unregister order
    - spi: bcm-qspi: when tx/rx buffer is NULL set to 0
    - crypto: cavium/nitrox - Fix 'nitrox_get_first_device()' when ndevlist is
      fully iterated
    - ALSA: pcm: disallow linking stream to itself
    - kvm: x86: Fix L1TF mitigation for shadow MMU
    - KVM: x86/mmu: Consolidate "is MMIO SPTE" code
    - KVM: x86: only do L1TF workaround on affected processors
    - x86/speculation: Avoid force-disabling IBPB based on STIBP and enhanced
      IBRS.
    - x86/speculation: PR_SPEC_FORCE_DISABLE enforcement for indirect branches.
    - spi: dw: Fix controller unregister order
    - spi: No need to assign dummy value in spi_unregister_controller()
    - spi: Fix controller unregister order
    - spi: pxa2xx: Fix controller unregister order
    - spi: bcm2835: Fix controller unregister order
    - crypto: virtio: Fix use-after-free in virtio_crypto_skcipher_finalize_req()
    - crypto: virtio: Fix src/dst scatterlist calculation in
      __virtio_crypto_skcipher_do_req()
    - crypto: virtio: Fix dest length calculation in
      __virtio_crypto_skcipher_do_req()
    - selftests/net: in rxtimestamp getopt_long needs terminating null entry
    - ovl: initialize error in ovl_copy_xattr
    - proc: Use new_inode not new_inode_pseudo
    - video: fbdev: w100fb: Fix a potential double free.
    - KVM: nSVM: fix condition for filtering async PF
    - KVM: nSVM: leave ASID aside in copy_vmcb_control_area
    - KVM: nVMX: Consult only the "basic" exit reason when routing nested exit
    - KVM: MIPS: Define KVM_ENTRYHI_ASID to cpu_asid_mask(&boot_cpu_data)
    - KVM: MIPS: Fix VPN2_MASK definition for variable cpu_vmbits
    - KVM: arm64: Make vcpu_cp1x() work on Big Endian hosts
    - ath9k: Fix use-after-free Read in ath9k_wmi_ctrl_rx
    - ath9k: Fix use-after-free Write in ath9k_htc_rx_msg
    - ath9x: Fix stack-out-of-bounds Write in ath9k_hif_usb_rx_cb
    - ath9k: Fix general protection fault in ath9k_hif_usb_rx_cb
    - Smack: slab-out-of-bounds in vsscanf
    - mm/slub: fix a memory leak in sysfs_slab_add()
    - fat: don't allow to mount if the FAT length == 0
    - perf: Add cond_resched() to task_function_call()
    - agp/intel: Reinforce the barrier after GTT updates
    - mmc: sdhci-msm: Clear tuning done flag while hs400 tuning
    - mmc: sdio: Fix potential NULL pointer error in mmc_sdio_init_card()
    - can: kvaser_usb: kvaser_usb_leaf: Fix some info-leaks to USB devices
    - xen/pvcalls-back: test for errors when calling backend_connect()
    - ACPI: GED: use correct trigger type field in _Exx / _Lxx handling
    - drm: bridge: adv7511: Extend list of audio sample rates
    - crypto: ccp -- don't "select" CONFIG_DMADEVICES
    - media: si2157: Better check for running tuner in init
    - objtool: Ignore empty alternatives
    - spi: pxa2xx: Apply CS clk quirk to BXT
    - net: ena: fix error returning in ena_com_get_hash_function()
    - spi: dw: Zero DMA Tx and Rx configurations on stack
    - ixgbe: Fix XDP redirect on archs with PAGE_SIZE above 4K
    - MIPS: Loongson: Build ATI Radeon GPU driver as module
    - Bluetooth: Add SCO fallback for invalid LMP parameters error
    - kgdb: Prevent infinite recursive entries to the debugger
    - spi: dw: Enable interrupts in accordance with DMA xfer mode
    - clocksource: dw_apb_timer: Make CPU-affiliation being optional
    - clocksource: dw_apb_timer_of: Fix missing clockevent timers
    - btrfs: do not ignore error from btrfs_next_leaf() when inserting checksums
    - ARM: 8978/1: mm: make act_mm() respect THREAD_SIZE
    - spi: dw: Fix Rx-only DMA transfers
    - x86/kvm/hyper-v: Explicitly align hcall param for kvm_hyperv_exit
    - net: vmxnet3: fix possible buffer overflow caused by bad DMA value in
      vmxnet3_get_rss()
    - staging: android: ion: use vmap instead of vm_map_ram
    - brcmfmac: fix wrong location to get firmware feature
    - tools api fs: Make xxx__mountpoint() more scalable
    - e1000: Distribute switch variables for initialization
    - dt-bindings: display: mediatek: control dpi pins mode to avoid leakage
    - audit: fix a net reference leak in audit_send_reply()
    - media: dvb: return -EREMOTEIO on i2c transfer failure.
    - media: platform: fcp: Set appropriate DMA parameters
    - MIPS: Make sparse_init() using top-down allocation
    - audit: fix a net reference leak in audit_list_rules_send()
    - netfilter: nft_nat: return EOPNOTSUPP if type or flags are not supported
    - net: bcmgenet: set Rx mode before starting netif
    - lib/mpi: Fix 64-bit MIPS build with Clang
    - exit: Move preemption fixup up, move blocking operations down
    - net: lpc-enet: fix error return code in lpc_mii_init()
    - media: cec: silence shift wrapping warning in __cec_s_log_addrs()
    - net: allwinner: Fix use correct return type for ndo_start_xmit()
    - powerpc/spufs: fix copy_to_user while atomic
    - Crypto/chcr: fix for ccm(aes) failed test
    - MIPS: Truncate link address into 32bit for 32bit kernel
    - mips: cm: Fix an invalid error code of INTVN_*_ERR
    - kgdb: Fix spurious true from in_dbg_master()
    - nvme: refine the Qemu Identify CNS quirk
    - wcn36xx: Fix error handling path in 'wcn36xx_probe()'
    - net: qed*: Reduce RX and TX default ring count when running inside kdump
      kernel
    - md: don't flush workqueue unconditionally in md_open
    - rtlwifi: Fix a double free in _rtl_usb_tx_urb_setup()
    - mwifiex: Fix memory corruption in dump_station
    - x86/boot: Correct relocation destination on old linkers
    - mips: MAAR: Use more precise address mask
    - mips: Add udelay lpj numbers adjustment
    - x86/mm: Stop printing BRK addresses
    - m68k: mac: Don't call via_flush_cache() on Mac IIfx
    - macvlan: Skip loopback packets in RX handler
    - PCI: Don't disable decoding when mmio_always_on is set
    - MIPS: Fix IRQ tracing when call handle_fpe() and handle_msa_fpe()
    - mmc: sdhci-msm: Set SDHCI_QUIRK_MULTIBLOCK_READ_ACMD12 quirk
    - staging: greybus: sdio: Respect the cmd->busy_timeout from the mmc core
    - mmc: via-sdmmc: Respect the cmd->busy_timeout from the mmc core
    - ixgbe: fix signed-integer-overflow warning
    - mmc: sdhci-esdhc-imx: fix the mask for tuning start point
    - spi: dw: Return any value retrieved from the dma_transfer callback
    - cpuidle: Fix three reference count leaks
    - platform/x86: hp-wmi: Convert simple_strtoul() to kstrtou32()
    - string.h: fix incompatibility between FORTIFY_SOURCE and KASAN
    - btrfs: send: emit file capabilities after chown
    - mm: thp: make the THP mapcount atomic against __split_huge_pmd_locked()
    - ima: Fix ima digest hash table key calculation
    - ima: Directly assign the ima_default_policy pointer to ima_rules
    - evm: Fix possible memory leak in evm_calc_hmac_or_hash()
    - ext4: fix EXT_MAX_EXTENT/INDEX to check for zeroed eh_max
    - ext4: fix error pointer dereference
    - ext4: fix race between ext4_sync_parent() and rename()
    - PCI: Add ACS quirk for iProc PAXB
    - PCI: Add ACS quirk for Ampere root ports
    - PCI: Make ACS quirk implementations more uniform
    - vga_switcheroo: Deduplicate power state tracking
    - vga_switcheroo: Use device link for HDA controller
    - PCI: Generalize multi-function power dependency device links
    - PCI: Add ACS quirk for Intel Root Complex Integrated Endpoints
    - PCI: Unify ACS quirk desired vs provided checking
    - btrfs: fix error handling when submitting direct I/O bio
    - btrfs: fix wrong file range cleanup after an error filling dealloc range
    - blk-mq: move _blk_mq_update_nr_hw_queues synchronize_rcu call
    - PCI: Program MPS for RCiEP devices
    - e1000e: Relax condition to trigger reset for ME workaround
    - carl9170: remove P2P_GO support
    - media: go7007: fix a miss of snd_card_free
    - b43legacy: Fix case where channel status is corrupted
    - b43: Fix connection problem with WPA3
    - b43_legacy: Fix connection problem with WPA3
    - media: ov5640: fix use of destroyed mutex
    - igb: Report speed and duplex as unknown when device is runtime suspended
    - power: vexpress: add suppress_bind_attrs to true
    - pinctrl: samsung: Save/restore eint_mask over suspend for EINT_TYPE GPIOs
    - sparc32: fix register window handling in genregs32_[gs]et()
    - sparc64: fix misuses of access_process_vm() in genregs32_[sg]et()
    - dm crypt: avoid truncating the logical block size
    - kernel/cpu_pm: Fix uninitted local in cpu_pm
    - ARM: tegra: Correct PL310 Auxiliary Control Register initialization
    - drivers/macintosh: Fix memleak in windfarm_pm112 driver
    - powerpc/64s: Don't let DT CPU features set FSCR_DSCR
    - powerpc/64s: Save FSCR to init_task.thread.fscr after feature init
    - kbuild: force to build vmlinux if CONFIG_MODVERSION=y
    - sunrpc: svcauth_gss_register_pseudoflavor must reject duplicate
      registrations.
    - sunrpc: clean up properly in gss_mech_unregister()
    - mtd: rawnand: brcmnand: fix hamming oob layout
    - mtd: rawnand: pasemi: Fix the probe error path
    - w1: omap-hdq: cleanup to add missing newline for some dev_dbg
    - perf probe: Do not show the skipped events
    - perf probe: Fix to check blacklist address correctly
    - perf symbols: Fix debuginfo search for Ubuntu
    - bridge: Avoid infinite loop when suppressing NS messages with invalid
      options
    - tun: correct header offsets in napi frags mode
    - Input: mms114 - fix handling of mms345l
    - x86/cpu/amd: Make erratum #1054 a legacy erratum
    - ALSA: usb-audio: Add vendor, product and profile name for HP Thunderbolt
      Dock
    - PM: runtime: clk: Fix clk_pm_runtime_get() error path
    - net: atlantic: make hw_get_regs optional
    - efi/libstub/x86: Work around LLVM ELF quirk build regression
    - mmc: meson-mx-sdio: trigger a soft reset after a timeout or CRC error
    - Bluetooth: btbcm: Add 2 missing models to subver tables
    - sched/core: Fix illegal RCU from offline CPUs
    - drivers/perf: hisi: Fix typo in events attribute array
    - xfs: reset buffer write failure state on successful completion
    - net/mlx5e: IPoIB, Drop multicast packets that this interface sent
    - crypto: stm32/crc32 - fix ext4 chksum BUG_ON()
    - crypto: stm32/crc32 - fix run-time self test issue.
    - crypto: stm32/crc32 - fix multi-instance
    - btrfs: qgroup: mark qgroup inconsistent if we're inherting snapshot to a new
      qgroup
    - bcache: fix refcount underflow in bcache_device_free()
    - PCI: Avoid Pericom USB controller OHCI/EHCI PME# defect
    - PCI: Remove unused NFP32xx IDs
    - PCI: add USR vendor id and use it in r8169 and w6692 driver
    - PCI: Move Rohm Vendor ID to generic list
    - misc: pci_endpoint_test: Add the layerscape EP device support
    - misc: pci_endpoint_test: Add support to test PCI EP in AM654x
    - x86/amd_nb: Add PCI device IDs for family 17h, model 70h
    - ALSA: lx6464es - add support for LX6464ESe pci express variant
    - PCI: Add Genesys Logic, Inc. Vendor ID
    - PCI: Add Amazon's Annapurna Labs vendor ID
    - x86/amd_nb: Add Family 19h PCI IDs
    - PCI: Add Loongson vendor ID
    - serial: 8250_pci: Move Pericom IDs to pci_ids.h
    - alpha: fix memory barriers so that they conform to the specification
    - perf probe: Check address correctness by map instead of _etext

* Bionic update: upstream stable patchset 2020-06-12 (LP: #1883314)
    - libnvdimm: Fix endian conversion issues
    - spi: dw: use "smp_mb()" to avoid sending spi data error
    - s390/ftrace: save traced function caller
    - ARC: Fix ICCM & DCCM runtime size checks
    - ARC: [plat-eznps]: Restrict to CONFIG_ISA_ARCOMPACT
    - i2c: altera: Fix race between xfer_msg and isr thread
    - x86/mmiotrace: Use cpumask_available() for cpumask_var_t variables
    - net: bmac: Fix read of MAC address from ROM
    - net/ethernet/freescale: rework quiesce/activate for ucc_geth
    - net: ethernet: stmmac: Enable interface clocks on probe for IPQ806x
    - net: smsc911x: Fix runtime PM imbalance on error
    - HID: sony: Fix for broken buttons on DS3 USB dongles
    - HID: i2c-hid: add Schneider SCL142ALM to descriptor override
    - p54usb: add AirVasT USB stick device-id
    - mmc: fix compilation of user API
    - scsi: ufs: Release clock if DMA map fails
    - airo: Fix read overflows sending packets
    - devinet: fix memleak in inetdev_init()
    - l2tp: do not use inet_hash()/inet_unhash()
    - net: usb: qmi_wwan: add Telit LE910C1-EUX composition
    - NFC: st21nfca: add missed kfree_skb() in an error path
    - vsock: fix timeout in vsock_accept()
    - net: check untrusted gso_size at kernel entry
    - l2tp: add sk_family checks to l2tp_validate_socket
    - USB: serial: qcserial: add DW5816e QDL support
    - USB: serial: usb_wwan: do not resubmit rx urb on fatal errors
    - USB: serial: option: add Telit LE910C1-EUX compositions
    - usb: musb: start session in resume for host port
    - usb: musb: Fix runtime PM imbalance on error
    - vt: keyboard: avoid signed integer overflow in k_ascii
    - tty: hvc_console, fix crashes on parallel open/close
    - staging: rtl8712: Fix IEEE80211_ADDBA_PARAM_BUF_SIZE_MASK
    - CDC-ACM: heed quirk also in error handling
    - nvmem: qfprom: remove incorrect write support
    - iio: vcnl4000: Fix i2c swapped word reading.
    - uprobes: ensure that uprobe->offset and ->ref_ctr_offset are properly
      aligned
    - drm/i915: fix port checks for MST support on gen >= 11
    - s390/mm: fix set_huge_pte_at() for empty ptes

* Bionic update: upstream stable patchset 2020-06-11 (LP: #1883167)
    - ax25: fix setsockopt(SO_BINDTODEVICE)
    - net: ipip: fix wrong address family in init error path
    - net/mlx5: Add command entry handling completion
    - net: revert "net: get rid of an signed integer overflow in
      ip_idents_reserve()"
    - net sched: fix reporting the first-time use timestamp
    - r8152: support additional Microsoft Surface Ethernet Adapter variant
    - sctp: Start shutdown on association restart if in SHUTDOWN-SENT state and
      socket is closed
    - net/mlx5e: Update netdev txq on completions during closure
    - net: qrtr: Fix passing invalid reference to qrtr_local_enqueue()
    - net: sun: fix missing release regions in cas_init_one().
    - net/mlx4_core: fix a memory leak bug.
    - ARM: dts: rockchip: fix phy nodename for rk3228-evb
    - arm64: dts: rockchip: swap interrupts interrupt-names rk3399 gpu node
    - ARM: dts: rockchip: fix pinctrl sub nodename for spi in rk322x.dtsi
    - gpio: tegra: mask GPIO IRQs during IRQ shutdown
    - net: microchip: encx24j600: add missed kthread_stop
    - gfs2: move privileged user check to gfs2_quota_lock_check
    - cachefiles: Fix race between read_waiter and read_copier involving op->to_do
    - usb: gadget: legacy: fix redundant initialization warnings
    - net: freescale: select CONFIG_FIXED_PHY where needed
    - cifs: Fix null pointer check in cifs_read
    - samples: bpf: Fix build error
    - Input: usbtouchscreen - add support for BonXeon TP
    - Input: evdev - call input_flush_device() on release(), not flush()
    - Input: xpad - add custom init packet for Xbox One S controllers
    - Input: dlink-dir685-touchkeys - fix a typo in driver name
    - Input: i8042 - add ThinkPad S230u to i8042 reset list
    - Input: synaptics-rmi4 - really fix attn_data use-after-free
    - Input: synaptics-rmi4 - fix error return code in rmi_driver_probe()
    - ARM: 8843/1: use unified assembler in headers
    - ARM: uaccess: consolidate uaccess asm to asm/uaccess-asm.h
    - ARM: uaccess: integrate uaccess_save and uaccess_restore
    - ARM: uaccess: fix DACR mismatch with nested exceptions
    - gpio: exar: Fix bad handling for ida_simple_get error path
    - IB/qib: Call kobject_put() when kobject_init_and_add() fails
    - ARM: dts: imx6q-bx50v3: Add internal switch
    - ARM: dts/imx6q-bx50v3: Set display interface clock parents
    - ARM: dts: bcm2835-rpi-zero-w: Fix led polarity
    - mmc: block: Fix use-after-free issue for rpmb
    - RDMA/pvrdma: Fix missing pci disable in pvrdma_pci_probe()
    - ALSA: hwdep: fix a left shifting 1 by 31 UB bug
    - ALSA: usb-audio: mixer: volume quirk for ESS Technology Asus USB DAC
    - exec: Always set cap_ambient in cap_bprm_set_creds
    - ALSA: hda/realtek - Add new codec supported for ALC287
    - libceph: ignore pool overlay and cache logic on redirects
    - mm: remove VM_BUG_ON(PageSlab()) from page_mapcount()
    - fs/binfmt_elf.c: allocate initialized memory in fill_thread_core_info()
    - include/asm-generic/topology.h: guard cpumask_of_node() macro argument
    - iommu: Fix reference count leak in iommu_group_alloc.
    - parisc: Fix kernel panic in mem_init()
    - mac80211: mesh: fix discovery timer re-arming issue / crash
    - x86/dma: Fix max PFN arithmetic overflow on 32 bit systems
    - copy_xstate_to_kernel(): don't leave parts of destination uninitialized
    - xfrm: allow to accept packets with ipv6 NEXTHDR_HOP in xfrm_input
    - xfrm: call xfrm_output_gso when inner_protocol is set in xfrm_output
    - xfrm: fix a warning in xfrm_policy_insert_list
    - xfrm: fix a NULL-ptr deref in xfrm_local_error
    - xfrm: fix error in comment
    - vti4: eliminated some duplicate code.
    - ip_vti: receive ipip packet by calling ip_tunnel_rcv
    - netfilter: nft_reject_bridge: enable reject with bridge vlan
    - netfilter: ipset: Fix subcounter update skip
    - netfilter: nfnetlink_cthelper: unbreak userspace helper support
    - netfilter: nf_conntrack_pptp: prevent buffer overflows in debug code
    - esp6: get the right proto for transport mode in esp6_gso_encap
    - qlcnic: fix missing release in qlcnic_83xx_interrupt_test.
    - bonding: Fix reference count leak in bond_sysfs_slave_add.
    - netfilter: nf_conntrack_pptp: fix compilation warning with W=1 build
    - mm/vmalloc.c: don't dereference possible NULL pointer in __vunmap()
    - KVM: VMX: check for existence of secondary exec controls before accessing
    - dpaa_eth: fix usage as DSA master, try 3
    - net: dsa: mt7530: fix roaming from DSA user ports
    - net: inet_csk: Fix so_reuseport bind-address cache in tb->fast*
    - sctp: Don't add the shutdown timer if its already been added
    - arm64: dts: rockchip: fix status for &gmac2phy in rk3328-evb.dts
    - ARM: dts: rockchip: swap clock-names of gpu nodes
    - IB/i40iw: Remove bogus call to netdev_master_upper_dev_get()
    - riscv: stacktrace: Fix undefined reference to `walk_stackframe'
    - ARM: 8970/1: decompressor: increase tag size
    - ARM: dts: bcm: HR2: Fix PPI interrupt types
    - ALSA: hda/realtek - Add a model for Thinkpad T570 without DAC workaround
    - ALSA: usb-audio: Quirks for Gigabyte TRX40 Aorus Master onboard audio
    - IB/ipoib: Fix double free of skb in case of multicast traffic in CM mode
    - bnxt_en: Fix accumulation of bp->net_stats_prev.

* apparmor reference leak causes refcount_t overflow with af_alg_accept()
    (LP: #1883962)
    - apparmor: check/put label on apparmor_sk_clone_security()

* Freezing on boot since kernel 4.15.0-72-generic release (LP: #1856387)
    - x86/timer: Don't skip PIT setup when APIC is disabled or in legacy mode

* smpboot: don't call topology_sane() when Sub-NUMA-Clustering is enabled
    (LP: #1882478)
    - x86, sched: Allow topologies where NUMA nodes share an LLC

-- Stefan Bader <stefan.bader@canonical.com>  Wed, 26 Aug 2020 15:45:29 +0200

Changed in linux (Ubuntu Bionic):
status:	Fix Committed → Fix Released

Mauricio Faria de Oliveira (mfo) on 2022-09-14

Changed in linux (Ubuntu):
status:	Fix Committed → Fix Released

Ubuntu
linux package

apparmor reference leak causes refcount_t overflow with af_alg_accept()

Bug Description

CVE References

Other bug subscribers

Bug attachments

Remote bug watches

	Status	Importance	Assigned to
linux (Ubuntu)	Fix Released	Medium	Mauricio Faria de Oliveira
Bionic	Fix Released	Medium	Mauricio Faria de Oliveira
Eoan	Fix Released	Medium	Mauricio Faria de Oliveira
Focal	Fix Released	Medium	Mauricio Faria de Oliveira
Groovy	Invalid	Undecided	Unassigned

Ubuntulinux package

apparmor reference leak causes refcount_t overflow with af_alg_accept()

Bug Description

CVE References

Other bug subscribers

Bug attachments

Remote bug watches

Ubuntu
linux package