Please trust Canonical Livepatch Service kmod signing key

Bug #1898716 reported by Dimitri John Ledkov on 2020-10-06
8
This bug affects 1 person
Affects Status Importance Assigned to Milestone
linux (Ubuntu)
Medium
Unassigned
Bionic
Medium
Unassigned
Focal
Medium
Unassigned
Groovy
Medium
Unassigned
linux-gcp (Ubuntu)
Medium
Unassigned
Bionic
Undecided
Unassigned
Focal
Medium
Unassigned
Groovy
Undecided
Unassigned
linux-kvm (Ubuntu)
Undecided
Unassigned
Bionic
Medium
Unassigned
Focal
Medium
Unassigned
Groovy
Medium
Unassigned

Bug Description

[Impact]

 * Currently Canonical Livepatch service is signing kernel modules that are not trusted by the default Ubuntu kernels

 * to make Canonical Livepatch service out of the box compatible with SecureBoot, please add Canonical Livepatch service key as trusted in the kernel by default

 * if user wants to distrust the key, they can remove it via mokx, dbx, and we can revoke it by signing revocation with 'canonical master ca'.

[Test Case]

 * Boot kernel
 * Check the built-in keyring to ensure that Livepatch key is trusted by the built-in keyring

Bad:
$ sudo keyctl list %:.builtin_trusted_keys
1 key in keyring:
204809401: ---lswrv 0 0 asymmetric: Build time autogenerated kernel key: 4182e0d0113d4a8f460783380c9e618ef1597bf5

Good:
$ sudo keyctl list %:.builtin_trusted_keys
2 keys in keyring:
637801673: ---lswrv 0 0 asymmetric: Build time autogenerated kernel key: 52f8757621e8fc6dd500b32c3ead885a3b6d3cbc
1044383508: ---lswrv 0 0 asymmetric: Canonical Ltd. Live Patch Signing: 14df34d1a87cf37625abec039ef2bf521249b969

[Regression Potential]

 * Kernel keyring size will increase by one key. And thus kernel image will too.

[Other Info]

 * Current livepatch key fingerprints

mokutil uses der format

$ openssl x509 -inform der -in /snap/canonical-livepatch/current/keys/livepatch-kmod.x509 -noout -fingerprint -sha256
SHA256 Fingerprint=A4:1E:49:06:12:DD:38:56:F9:78:82:E3:66:66:9E:95:15:78:8E:65:68:50:35:46:0F:AC:59:72:4A:5B:92:FA

kernel use pem format

$ openssl x509 -inform pem -in debian/canonical-livepatch.pem -noout -fingerprint -sha256
SHA256 Fingerprint=A4:1E:49:06:12:DD:38:56:F9:78:82:E3:66:66:9E:95:15:78:8E:65:68:50:35:46:0F:AC:59:72:4A:5B:92:FA

[Target kernels]

bionic and up, across the board, but maybe excluding fips kernels?!

[Patch]

https://lists.ubuntu.com/archives/kernel-team/2020-October/113929.html

Changed in linux (Ubuntu):
status: New → Incomplete
description: updated
Dimitri John Ledkov (xnox) wrote :
description: updated
description: updated
Changed in linux (Ubuntu):
status: Incomplete → Triaged
tags: added: patch
tags: added: fr-797
Stefan Bader (smb) on 2021-02-19
Changed in linux (Ubuntu Groovy):
importance: Undecided → Medium
status: New → In Progress
Changed in linux (Ubuntu Focal):
importance: Undecided → Medium
status: New → Triaged
Changed in linux (Ubuntu Bionic):
importance: Undecided → Medium
status: New → Triaged
Changed in linux (Ubuntu):
status: Triaged → Fix Committed
importance: Undecided → Medium
Stefan Bader (smb) on 2021-02-19
Changed in linux (Ubuntu Groovy):
status: In Progress → Fix Committed
Stefan Bader (smb) on 2021-02-19
Changed in linux (Ubuntu Focal):
status: Triaged → Fix Committed

This bug is awaiting verification that the kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-groovy' to 'verification-done-groovy'. If the problem still exists, change the tag 'verification-needed-groovy' to 'verification-failed-groovy'.

If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you!

tags: added: verification-needed-groovy
tags: added: verification-needed-focal

This bug is awaiting verification that the kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-focal' to 'verification-done-focal'. If the problem still exists, change the tag 'verification-needed-focal' to 'verification-failed-focal'.

If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you!

Tim Gardner (timg-tpi) on 2021-02-25
affects: linux (Ubuntu Groovy) → linux-kvm (Ubuntu Groovy)
Changed in linux-kvm (Ubuntu Groovy):
status: Fix Committed → Confirmed
affects: linux-kvm (Ubuntu) → linux (Ubuntu)
Changed in linux (Ubuntu Groovy):
status: Confirmed → Fix Committed
Changed in linux (Ubuntu Bionic):
status: Triaged → Fix Committed
Changed in linux-kvm (Ubuntu Groovy):
status: New → Confirmed
Changed in linux-kvm (Ubuntu Bionic):
importance: Undecided → Medium
Changed in linux-kvm (Ubuntu Focal):
importance: Undecided → Medium
Changed in linux-kvm (Ubuntu Groovy):
importance: Undecided → Medium
Changed in linux-kvm (Ubuntu Focal):
status: New → Confirmed
Changed in linux-kvm (Ubuntu Bionic):
status: New → Confirmed
Changed in linux-kvm (Ubuntu):
status: New → Confirmed
Tim Gardner (timg-tpi) on 2021-02-26
Changed in linux-gcp (Ubuntu):
status: New → Confirmed
importance: Undecided → Medium
Changed in linux-gcp (Ubuntu Focal):
importance: Undecided → Medium
status: New → Confirmed
Martin Jansa (martin-jansa) wrote :

Not sure if this is the right place to report this, but these changes seem to cause automated mainline kernel builds to fail.

e.g.
https://kernel.ubuntu.com/~kernel-ppa/mainline/v5.11.1/amd64/log
shows
make[3]: *** No rule to make target 'debian/canonical-certs.pem', needed by 'certs/x509_certificate_list'. Stop.

possibly because changes from this ticket were only partially migrated there e.g. in:

https://git.launchpad.net/~ubuntu-kernel-test/ubuntu/+source/linux/+git/mainline-crack/commit/?h=cod/mainline/v5.11.1&id=4508c61e1cf702e70308f1c1fbb0f26a45d0b853

which updated the configs, but not the rule for debian/canonical-certs.pem in debian/rules.

Martin Jansa (martin-jansa) wrote :

Mainline kernel-ppa issue is now resolved, thanks! - to unknown fixer.

Stefan Bader (smb) wrote :

$ sudo keyctl list %:.builtin_trusted_keys
3 keys in keyring:
855940452: ---lswrv 0 0 asymmetric: Build time autogenerated kernel key: 94aab4eff3692c1dc967cbf81b568f930ac61570
590144975: ---lswrv 0 0 asymmetric: Canonical Ltd. Kernel Module Signing: 88f752e560a1e0737e31163a466ad7b70a850c19
336909020: ---lswrv 0 0 asymmetric: Canonical Ltd. Live Patch Signing: 14df34d1a87cf37625abec039ef2bf521249b969

$ uname -a
Linux lamuella 5.4.0-67-generic #75-Ubuntu SMP Fri Feb 19 18:03:38 UTC 2021 x86_64 x86_64 x86_64 GNU/Linux

tags: added: verification-done-focal
removed: verification-needed-focal
Stefan Bader (smb) wrote :

root@test-g1:~# keyctl list %:.builtin_trusted_keys
3 keys in keyring:
597585625: ---lswrv 0 0 asymmetric: Build time autogenerated kernel key: 19e7aa3bef9aa4ea9350ff00809a5d081204bca9
726460248: ---lswrv 0 0 asymmetric: Canonical Ltd. Kernel Module Signing: 88f752e560a1e0737e31163a466ad7b70a850c19
1067830655: ---lswrv 0 0 asymmetric: Canonical Ltd. Live Patch Signing: 14df34d1a87cf37625abec039ef2bf521249b969

root@test-g1:~# uname -a
Linux test-g1 5.8.0-45-generic #51-Ubuntu SMP Fri Feb 19 13:24:51 UTC 2021 x86_64 x86_64 x86_64 GNU/Linux

tags: added: verification-done-groovy
removed: verification-needed-groovy
Launchpad Janitor (janitor) wrote :
Download full text (18.6 KiB)

This bug was fixed in the package linux - 5.8.0-45.51

---------------
linux (5.8.0-45.51) groovy; urgency=medium

  * groovy/linux: 5.8.0-45.51 -proposed tracker (LP: #1916143)

  * Please trust Canonical Livepatch Service kmod signing key (LP: #1898716)
    - [Config] enable CONFIG_MODVERSIONS=y
    - [Packaging] build canonical-certs.pem from branch/arch certs
    - [Config] add Canonical Livepatch Service key to SYSTEM_TRUSTED_KEYS
    - [Config] add ubuntu-drivers key to SYSTEM_TRUSTED_KEYS
    - [Config] Allow ASM_MODVERSIONS and MODULE_REL_CRCS

  * CVE-2021-20194
    - bpf, cgroup: Fix optlen WARN_ON_ONCE toctou
    - bpf, cgroup: Fix problematic bounds check

  * Missing device id for Intel TGL-H ISH [8086:43fc] in intel-ish-hid driver
    (LP: #1914543)
    - HID: intel-ish-hid: ipc: Add Tiger Lake H PCI device ID

  * Prevent thermal shutdown during boot process (LP: #1906168)
    - thermal/core: Emit a warning if the thermal zone is updated without ops
    - thermal/core: Add critical and hot ops
    - thermal/drivers/acpi: Use hot and critical ops
    - thermal/drivers/rcar: Remove notification usage
    - thermal: int340x: Fix unexpected shutdown at critical temperature
    - thermal: intel: pch: Fix unexpected shutdown at critical temperature

  * geneve overlay network on vlan interface broken with offload enabled
    (LP: #1914447)
    - net/mlx5e: Fix SWP offsets when vlan inserted by driver

  * Groovy update: upstream stable patchset 2021-02-11 (LP: #1915473)
    - net: cdc_ncm: correct overhead in delayed_ndp_size
    - net: hns3: fix the number of queues actually used by ARQ
    - net: hns3: fix a phy loopback fail issue
    - net: stmmac: dwmac-sun8i: Balance internal PHY resource references
    - net: stmmac: dwmac-sun8i: Balance internal PHY power
    - net: vlan: avoid leaks on register_vlan_dev() failures
    - net/sonic: Fix some resource leaks in error handling paths
    - net: ipv6: fib: flush exceptions when purging route
    - tools: selftests: add test for changing routes with PTMU exceptions
    - net: fix pmtu check in nopmtudisc mode
    - net: ip: always refragment ip defragmented packets
    - octeontx2-af: fix memory leak of lmac and lmac->name
    - nexthop: Fix off-by-one error in error path
    - nexthop: Unlink nexthop group entry in error path
    - s390/qeth: fix L2 header access in qeth_l3_osa_features_check()
    - net: dsa: lantiq_gswip: Exclude RMII from modes that report 1 GbE
    - net/mlx5: Use port_num 1 instead of 0 when delete a RoCE address
    - net/mlx5e: ethtool, Fix restriction of autoneg with 56G
    - chtls: Fix hardware tid leak
    - chtls: Remove invalid set_tcb call
    - chtls: Fix panic when route to peer not configured
    - chtls: Replace skb_dequeue with skb_peek
    - chtls: Added a check to avoid NULL pointer dereference
    - chtls: Fix chtls resources release sequence
    - HID: wacom: Fix memory leakage caused by kfifo_alloc
    - ARM: OMAP2+: omap_device: fix idling of devices during probe
    - i2c: sprd: use a specific timeout to avoid system hang up issue
    - dmaengine: dw-edma: Fix use after free in dw_edma_alloc_chunk()
    - can: tcan4x5x: fix bittiming const...

Changed in linux (Ubuntu Groovy):
status: Fix Committed → Fix Released
Launchpad Janitor (janitor) wrote :
Download full text (18.9 KiB)

This bug was fixed in the package linux-gcp - 5.8.0-1024.25

---------------
linux-gcp (5.8.0-1024.25) groovy; urgency=medium

  * groovy/linux-gcp: 5.8.0-1024.25 -proposed tracker (LP: #1916132)

  * Please trust Canonical Livepatch Service kmod signing key (LP: #1898716)
    - gcp: [Config] enable CONFIG_MODVERSIONS=y
    - gcp: [Packaging] build canonical-certs.pem from branch/arch certs
    - gcp: [Config] Allow ASM_MODVERSIONS

  [ Ubuntu: 5.8.0-45.51 ]

  * groovy/linux: 5.8.0-45.51 -proposed tracker (LP: #1916143)
  * Please trust Canonical Livepatch Service kmod signing key (LP: #1898716)
    - [Config] enable CONFIG_MODVERSIONS=y
    - [Packaging] build canonical-certs.pem from branch/arch certs
    - [Config] add Canonical Livepatch Service key to SYSTEM_TRUSTED_KEYS
    - [Config] add ubuntu-drivers key to SYSTEM_TRUSTED_KEYS
    - [Config] Allow ASM_MODVERSIONS and MODULE_REL_CRCS
  * CVE-2021-20194
    - bpf, cgroup: Fix optlen WARN_ON_ONCE toctou
    - bpf, cgroup: Fix problematic bounds check
  * Missing device id for Intel TGL-H ISH [8086:43fc] in intel-ish-hid driver
    (LP: #1914543)
    - HID: intel-ish-hid: ipc: Add Tiger Lake H PCI device ID
  * Prevent thermal shutdown during boot process (LP: #1906168)
    - thermal/core: Emit a warning if the thermal zone is updated without ops
    - thermal/core: Add critical and hot ops
    - thermal/drivers/acpi: Use hot and critical ops
    - thermal/drivers/rcar: Remove notification usage
    - thermal: int340x: Fix unexpected shutdown at critical temperature
    - thermal: intel: pch: Fix unexpected shutdown at critical temperature
  * geneve overlay network on vlan interface broken with offload enabled
    (LP: #1914447)
    - net/mlx5e: Fix SWP offsets when vlan inserted by driver
  * Groovy update: upstream stable patchset 2021-02-11 (LP: #1915473)
    - net: cdc_ncm: correct overhead in delayed_ndp_size
    - net: hns3: fix the number of queues actually used by ARQ
    - net: hns3: fix a phy loopback fail issue
    - net: stmmac: dwmac-sun8i: Balance internal PHY resource references
    - net: stmmac: dwmac-sun8i: Balance internal PHY power
    - net: vlan: avoid leaks on register_vlan_dev() failures
    - net/sonic: Fix some resource leaks in error handling paths
    - net: ipv6: fib: flush exceptions when purging route
    - tools: selftests: add test for changing routes with PTMU exceptions
    - net: fix pmtu check in nopmtudisc mode
    - net: ip: always refragment ip defragmented packets
    - octeontx2-af: fix memory leak of lmac and lmac->name
    - nexthop: Fix off-by-one error in error path
    - nexthop: Unlink nexthop group entry in error path
    - s390/qeth: fix L2 header access in qeth_l3_osa_features_check()
    - net: dsa: lantiq_gswip: Exclude RMII from modes that report 1 GbE
    - net/mlx5: Use port_num 1 instead of 0 when delete a RoCE address
    - net/mlx5e: ethtool, Fix restriction of autoneg with 56G
    - chtls: Fix hardware tid leak
    - chtls: Remove invalid set_tcb call
    - chtls: Fix panic when route to peer not configured
    - chtls: Replace skb_dequeue with skb_peek
    - chtls: Added a check to avoid NULL pointer dereference
    - chtls: ...

Changed in linux-gcp (Ubuntu Groovy):
status: New → Fix Released
Launchpad Janitor (janitor) wrote :
Download full text (18.9 KiB)

This bug was fixed in the package linux-kvm - 5.8.0-1020.22

---------------
linux-kvm (5.8.0-1020.22) groovy; urgency=medium

  * groovy/linux-kvm: 5.8.0-1020.22 -proposed tracker (LP: #1916134)

  * Please trust Canonical Livepatch Service kmod signing key (LP: #1898716)
    - [Config] CONFIG_MODVERSIONS=y, CONFIG_SYSTEM_TRUSTED_KEYS=debian/canonical-
      certs.pem, CONFIG_ASM_MODVERSIONS=y

  [ Ubuntu: 5.8.0-45.51 ]

  * groovy/linux: 5.8.0-45.51 -proposed tracker (LP: #1916143)
  * Please trust Canonical Livepatch Service kmod signing key (LP: #1898716)
    - [Config] enable CONFIG_MODVERSIONS=y
    - [Packaging] build canonical-certs.pem from branch/arch certs
    - [Config] add Canonical Livepatch Service key to SYSTEM_TRUSTED_KEYS
    - [Config] add ubuntu-drivers key to SYSTEM_TRUSTED_KEYS
    - [Config] Allow ASM_MODVERSIONS and MODULE_REL_CRCS
  * CVE-2021-20194
    - bpf, cgroup: Fix optlen WARN_ON_ONCE toctou
    - bpf, cgroup: Fix problematic bounds check
  * Missing device id for Intel TGL-H ISH [8086:43fc] in intel-ish-hid driver
    (LP: #1914543)
    - HID: intel-ish-hid: ipc: Add Tiger Lake H PCI device ID
  * Prevent thermal shutdown during boot process (LP: #1906168)
    - thermal/core: Emit a warning if the thermal zone is updated without ops
    - thermal/core: Add critical and hot ops
    - thermal/drivers/acpi: Use hot and critical ops
    - thermal/drivers/rcar: Remove notification usage
    - thermal: int340x: Fix unexpected shutdown at critical temperature
    - thermal: intel: pch: Fix unexpected shutdown at critical temperature
  * geneve overlay network on vlan interface broken with offload enabled
    (LP: #1914447)
    - net/mlx5e: Fix SWP offsets when vlan inserted by driver
  * Groovy update: upstream stable patchset 2021-02-11 (LP: #1915473)
    - net: cdc_ncm: correct overhead in delayed_ndp_size
    - net: hns3: fix the number of queues actually used by ARQ
    - net: hns3: fix a phy loopback fail issue
    - net: stmmac: dwmac-sun8i: Balance internal PHY resource references
    - net: stmmac: dwmac-sun8i: Balance internal PHY power
    - net: vlan: avoid leaks on register_vlan_dev() failures
    - net/sonic: Fix some resource leaks in error handling paths
    - net: ipv6: fib: flush exceptions when purging route
    - tools: selftests: add test for changing routes with PTMU exceptions
    - net: fix pmtu check in nopmtudisc mode
    - net: ip: always refragment ip defragmented packets
    - octeontx2-af: fix memory leak of lmac and lmac->name
    - nexthop: Fix off-by-one error in error path
    - nexthop: Unlink nexthop group entry in error path
    - s390/qeth: fix L2 header access in qeth_l3_osa_features_check()
    - net: dsa: lantiq_gswip: Exclude RMII from modes that report 1 GbE
    - net/mlx5: Use port_num 1 instead of 0 when delete a RoCE address
    - net/mlx5e: ethtool, Fix restriction of autoneg with 56G
    - chtls: Fix hardware tid leak
    - chtls: Remove invalid set_tcb call
    - chtls: Fix panic when route to peer not configured
    - chtls: Replace skb_dequeue with skb_peek
    - chtls: Added a check to avoid NULL pointer dereference
    - chtls: Fix chtls resources release sequence
 ...

Changed in linux-kvm (Ubuntu Groovy):
status: Confirmed → Fix Released
Launchpad Janitor (janitor) wrote :
Download full text (28.5 KiB)

This bug was fixed in the package linux - 5.4.0-67.75

---------------
linux (5.4.0-67.75) focal; urgency=medium

  * focal/linux: 5.4.0-67.75 -proposed tracker (LP: #1916169)

  * Please trust Canonical Livepatch Service kmod signing key (LP: #1898716)
    - [Config] enable CONFIG_MODVERSIONS=y
    - [Packaging] build canonical-certs.pem from branch/arch certs
    - [Config] add Canonical Livepatch Service key to SYSTEM_TRUSTED_KEYS
    - [Config] add ubuntu-drivers key to SYSTEM_TRUSTED_KEYS
    - [Config] Allow ASM_MODVERSIONS and MODULE_REL_CRCS

  * geneve overlay network on vlan interface broken with offload enabled
    (LP: #1914447)
    - net/mlx5e: Fix SWP offsets when vlan inserted by driver

  * Add support for selective build of special drivers (LP: #1912789)
    - [Packaging] Fix ODM support in actual build

  * devlink: don't do reporter recovery if the state is healthy (LP: #1915403)
    - devlink: don't do reporter recovery if the state is healthy

  * Missing device id for Intel TGL-H ISH [8086:43fc] in intel-ish-hid driver
    (LP: #1914543)
    - HID: intel-ish-hid: ipc: Add Tiger Lake H PCI device ID

  * Focal update: v5.4.94 upstream stable release (LP: #1915200)
    - gpio: mvebu: fix pwm .get_state period calculation
    - futex: Ensure the correct return value from futex_lock_pi()
    - futex: Replace pointless printk in fixup_owner()
    - futex: Provide and use pi_state_update_owner()
    - rtmutex: Remove unused argument from rt_mutex_proxy_unlock()
    - futex: Use pi_state_update_owner() in put_pi_state()
    - futex: Simplify fixup_pi_state_owner()
    - futex: Handle faults correctly for PI futexes
    - HID: wacom: Correct NULL dereference on AES pen proximity
    - io_uring: Fix current->fs handling in io_sq_wq_submit_work()
    - tracing: Fix race in trace_open and buffer resize call
    - arm64: mm: use single quantity to represent the PA to VA translation
    - SMB3.1.1: do not log warning message if server doesn't populate salt
    - tools: Factor HOSTCC, HOSTLD, HOSTAR definitions
    - dm integrity: conditionally disable "recalculate" feature
    - writeback: Drop I_DIRTY_TIME_EXPIRE
    - fs: fix lazytime expiration handling in __writeback_single_inode()
    - Linux 5.4.94

  * Focal update: v5.4.93 upstream stable release (LP: #1915195)
    - i2c: bpmp-tegra: Ignore unknown I2C_M flags
    - platform/x86: ideapad-laptop: Disable touchpad_switch for ELAN0634
    - ALSA: seq: oss: Fix missing error check in snd_seq_oss_synth_make_info()
    - ALSA: hda/via: Add minimum mute flag
    - ACPI: scan: Make acpi_bus_get_device() clear return pointer on error
    - btrfs: don't get an EINTR during drop_snapshot for reloc
    - btrfs: fix lockdep splat in btrfs_recover_relocation
    - btrfs: don't clear ret in btrfs_start_dirty_block_groups
    - btrfs: send: fix invalid clone operations when cloning from the same file
      and root
    - mmc: core: don't initialize block size from ext_csd if not present
    - mmc: sdhci-xenon: fix 1.8v regulator stabilization
    - dm: avoid filesystem lookup in dm_get_dev_t()
    - dm integrity: fix a crash if "recalculate" used without "internal_hash"
    - drm/atomic: put...

Changed in linux (Ubuntu Focal):
status: Fix Committed → Fix Released
Launchpad Janitor (janitor) wrote :
Download full text (28.7 KiB)

This bug was fixed in the package linux-gcp - 5.4.0-1038.41

---------------
linux-gcp (5.4.0-1038.41) focal; urgency=medium

  * focal/linux-gcp: 5.4.0-1038.41 -proposed tracker (LP: #1916153)

  * Please trust Canonical Livepatch Service kmod signing key (LP: #1898716)
    - [Config] CONFIG_MODVERSIONS=y, CONFIG_SYSTEM_TRUSTED_KEYS=debian/canonical-
      certs.pem, CONFIG_ASM_MODVERSIONS=y

  [ Ubuntu: 5.4.0-67.75 ]

  * focal/linux: 5.4.0-67.75 -proposed tracker (LP: #1916169)
  * Please trust Canonical Livepatch Service kmod signing key (LP: #1898716)
    - [Config] enable CONFIG_MODVERSIONS=y
    - [Packaging] build canonical-certs.pem from branch/arch certs
    - [Config] add Canonical Livepatch Service key to SYSTEM_TRUSTED_KEYS
    - [Config] add ubuntu-drivers key to SYSTEM_TRUSTED_KEYS
    - [Config] Allow ASM_MODVERSIONS and MODULE_REL_CRCS
  * geneve overlay network on vlan interface broken with offload enabled
    (LP: #1914447)
    - net/mlx5e: Fix SWP offsets when vlan inserted by driver
  * Add support for selective build of special drivers (LP: #1912789)
    - [Packaging] Fix ODM support in actual build
  * devlink: don't do reporter recovery if the state is healthy (LP: #1915403)
    - devlink: don't do reporter recovery if the state is healthy
  * Missing device id for Intel TGL-H ISH [8086:43fc] in intel-ish-hid driver
    (LP: #1914543)
    - HID: intel-ish-hid: ipc: Add Tiger Lake H PCI device ID
  * Focal update: v5.4.94 upstream stable release (LP: #1915200)
    - gpio: mvebu: fix pwm .get_state period calculation
    - futex: Ensure the correct return value from futex_lock_pi()
    - futex: Replace pointless printk in fixup_owner()
    - futex: Provide and use pi_state_update_owner()
    - rtmutex: Remove unused argument from rt_mutex_proxy_unlock()
    - futex: Use pi_state_update_owner() in put_pi_state()
    - futex: Simplify fixup_pi_state_owner()
    - futex: Handle faults correctly for PI futexes
    - HID: wacom: Correct NULL dereference on AES pen proximity
    - io_uring: Fix current->fs handling in io_sq_wq_submit_work()
    - tracing: Fix race in trace_open and buffer resize call
    - arm64: mm: use single quantity to represent the PA to VA translation
    - SMB3.1.1: do not log warning message if server doesn't populate salt
    - tools: Factor HOSTCC, HOSTLD, HOSTAR definitions
    - dm integrity: conditionally disable "recalculate" feature
    - writeback: Drop I_DIRTY_TIME_EXPIRE
    - fs: fix lazytime expiration handling in __writeback_single_inode()
    - Linux 5.4.94
  * Focal update: v5.4.93 upstream stable release (LP: #1915195)
    - i2c: bpmp-tegra: Ignore unknown I2C_M flags
    - platform/x86: ideapad-laptop: Disable touchpad_switch for ELAN0634
    - ALSA: seq: oss: Fix missing error check in snd_seq_oss_synth_make_info()
    - ALSA: hda/via: Add minimum mute flag
    - ACPI: scan: Make acpi_bus_get_device() clear return pointer on error
    - btrfs: don't get an EINTR during drop_snapshot for reloc
    - btrfs: fix lockdep splat in btrfs_recover_relocation
    - btrfs: don't clear ret in btrfs_start_dirty_block_groups
    - btrfs: send: fix invalid clone operations when cloning from the sam...

Changed in linux-gcp (Ubuntu Focal):
status: Confirmed → Fix Released
Launchpad Janitor (janitor) wrote :
Download full text (28.8 KiB)

This bug was fixed in the package linux-kvm - 5.4.0-1034.35

---------------
linux-kvm (5.4.0-1034.35) focal; urgency=medium

  * focal/linux-kvm: 5.4.0-1034.35 -proposed tracker (LP: #1916159)

  * Please trust Canonical Livepatch Service kmod signing key (LP: #1898716)
    - [Config] kvm: enable CONFIG_MODVERSIONS=y
    - [Config] kvm: enable CONFIG_ASM_MODVERSIONS
    - [Packaging] kvm: build canonical-certs.pem from branch/arch certs

  [ Ubuntu: 5.4.0-67.75 ]

  * focal/linux: 5.4.0-67.75 -proposed tracker (LP: #1916169)
  * Please trust Canonical Livepatch Service kmod signing key (LP: #1898716)
    - [Config] enable CONFIG_MODVERSIONS=y
    - [Packaging] build canonical-certs.pem from branch/arch certs
    - [Config] add Canonical Livepatch Service key to SYSTEM_TRUSTED_KEYS
    - [Config] add ubuntu-drivers key to SYSTEM_TRUSTED_KEYS
    - [Config] Allow ASM_MODVERSIONS and MODULE_REL_CRCS
  * geneve overlay network on vlan interface broken with offload enabled
    (LP: #1914447)
    - net/mlx5e: Fix SWP offsets when vlan inserted by driver
  * Add support for selective build of special drivers (LP: #1912789)
    - [Packaging] Fix ODM support in actual build
  * devlink: don't do reporter recovery if the state is healthy (LP: #1915403)
    - devlink: don't do reporter recovery if the state is healthy
  * Missing device id for Intel TGL-H ISH [8086:43fc] in intel-ish-hid driver
    (LP: #1914543)
    - HID: intel-ish-hid: ipc: Add Tiger Lake H PCI device ID
  * Focal update: v5.4.94 upstream stable release (LP: #1915200)
    - gpio: mvebu: fix pwm .get_state period calculation
    - futex: Ensure the correct return value from futex_lock_pi()
    - futex: Replace pointless printk in fixup_owner()
    - futex: Provide and use pi_state_update_owner()
    - rtmutex: Remove unused argument from rt_mutex_proxy_unlock()
    - futex: Use pi_state_update_owner() in put_pi_state()
    - futex: Simplify fixup_pi_state_owner()
    - futex: Handle faults correctly for PI futexes
    - HID: wacom: Correct NULL dereference on AES pen proximity
    - io_uring: Fix current->fs handling in io_sq_wq_submit_work()
    - tracing: Fix race in trace_open and buffer resize call
    - arm64: mm: use single quantity to represent the PA to VA translation
    - SMB3.1.1: do not log warning message if server doesn't populate salt
    - tools: Factor HOSTCC, HOSTLD, HOSTAR definitions
    - dm integrity: conditionally disable "recalculate" feature
    - writeback: Drop I_DIRTY_TIME_EXPIRE
    - fs: fix lazytime expiration handling in __writeback_single_inode()
    - Linux 5.4.94
  * Focal update: v5.4.93 upstream stable release (LP: #1915195)
    - i2c: bpmp-tegra: Ignore unknown I2C_M flags
    - platform/x86: ideapad-laptop: Disable touchpad_switch for ELAN0634
    - ALSA: seq: oss: Fix missing error check in snd_seq_oss_synth_make_info()
    - ALSA: hda/via: Add minimum mute flag
    - ACPI: scan: Make acpi_bus_get_device() clear return pointer on error
    - btrfs: don't get an EINTR during drop_snapshot for reloc
    - btrfs: fix lockdep splat in btrfs_recover_relocation
    - btrfs: don't clear ret in btrfs_start_dirty_block_groups
    - btrfs: send: fix inva...

Changed in linux-kvm (Ubuntu Focal):
status: Confirmed → Fix Released
Launchpad Janitor (janitor) wrote :
Download full text (149.0 KiB)

This bug was fixed in the package linux-kvm - 5.8.0-1020.22+21.04.1

---------------
linux-kvm (5.8.0-1020.22+21.04.1) hirsute; urgency=medium

  * hirsute/linux-kvm: 5.8.0-1020.22+21.04.1 -proposed tracker (LP: #1916133)

  * Packaging resync (LP: #1786013)
    - update dkms package versions

  [ Ubuntu: 5.8.0-1020.22 ]

  * groovy/linux-kvm: 5.8.0-1020.22 -proposed tracker (LP: #1916134)
  * Please trust Canonical Livepatch Service kmod signing key (LP: #1898716)
    - [Config] CONFIG_MODVERSIONS=y, CONFIG_SYSTEM_TRUSTED_KEYS=debian/canonical-
      certs.pem, CONFIG_ASM_MODVERSIONS=y
  * groovy/linux: 5.8.0-45.51 -proposed tracker (LP: #1916143)
  * Please trust Canonical Livepatch Service kmod signing key (LP: #1898716)
    - [Config] enable CONFIG_MODVERSIONS=y
    - [Packaging] build canonical-certs.pem from branch/arch certs
    - [Config] add Canonical Livepatch Service key to SYSTEM_TRUSTED_KEYS
    - [Config] add ubuntu-drivers key to SYSTEM_TRUSTED_KEYS
    - [Config] Allow ASM_MODVERSIONS and MODULE_REL_CRCS
  * CVE-2021-20194
    - bpf, cgroup: Fix optlen WARN_ON_ONCE toctou
    - bpf, cgroup: Fix problematic bounds check
  * Missing device id for Intel TGL-H ISH [8086:43fc] in intel-ish-hid driver
    (LP: #1914543)
    - HID: intel-ish-hid: ipc: Add Tiger Lake H PCI device ID
  * Prevent thermal shutdown during boot process (LP: #1906168)
    - thermal/core: Emit a warning if the thermal zone is updated without ops
    - thermal/core: Add critical and hot ops
    - thermal/drivers/acpi: Use hot and critical ops
    - thermal/drivers/rcar: Remove notification usage
    - thermal: int340x: Fix unexpected shutdown at critical temperature
    - thermal: intel: pch: Fix unexpected shutdown at critical temperature
  * geneve overlay network on vlan interface broken with offload enabled
    (LP: #1914447)
    - net/mlx5e: Fix SWP offsets when vlan inserted by driver
  * Groovy update: upstream stable patchset 2021-02-11 (LP: #1915473)
    - net: cdc_ncm: correct overhead in delayed_ndp_size
    - net: hns3: fix the number of queues actually used by ARQ
    - net: hns3: fix a phy loopback fail issue
    - net: stmmac: dwmac-sun8i: Balance internal PHY resource references
    - net: stmmac: dwmac-sun8i: Balance internal PHY power
    - net: vlan: avoid leaks on register_vlan_dev() failures
    - net/sonic: Fix some resource leaks in error handling paths
    - net: ipv6: fib: flush exceptions when purging route
    - tools: selftests: add test for changing routes with PTMU exceptions
    - net: fix pmtu check in nopmtudisc mode
    - net: ip: always refragment ip defragmented packets
    - octeontx2-af: fix memory leak of lmac and lmac->name
    - nexthop: Fix off-by-one error in error path
    - nexthop: Unlink nexthop group entry in error path
    - s390/qeth: fix L2 header access in qeth_l3_osa_features_check()
    - net: dsa: lantiq_gswip: Exclude RMII from modes that report 1 GbE
    - net/mlx5: Use port_num 1 instead of 0 when delete a RoCE address
    - net/mlx5e: ethtool, Fix restriction of autoneg with 56G
    - chtls: Fix hardware tid leak
    - chtls: Remove invalid set_tcb call
    - chtls: Fix panic when route to peer not co...

Changed in linux-kvm (Ubuntu):
status: Confirmed → Fix Released
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package linux - 5.11.0-11.12

---------------
linux (5.11.0-11.12) hirsute; urgency=medium

  * hirsute/linux: 5.11.0-11.12 -proposed tracker (LP: #1917335)

  * Packaging resync (LP: #1786013)
    - update dkms package versions
    - [Packaging] update variants

  * Support no udeb profile (LP: #1916095)
    - [Packaging] replace custom filter script with dctrl-tools
    - [Packaging] correctly implement noudeb build profiles.

  * Miscellaneous Ubuntu changes
    - [Packaging] dkms-versions -- remove nvidia-graphics-drivers-440-server
    - [Debian] run ubuntu-regression-suite for linux-unstable
    - [Packaging] remove Provides: aufs-dkms
    - [Packaging] Change source package name to linux
    - [Config] update gcc version in config due to toolchain update

  * Miscellaneous upstream changes
    - Revert "UBUNTU: [Config] disable nvidia and nvidia_server builds"
    - Xen/x86: don't bail early from clear_foreign_p2m_mapping()
    - Xen/x86: also check kernel mapping in set_foreign_p2m_mapping()
    - Xen/gntdev: correct dev_bus_addr handling in gntdev_map_grant_pages()
    - Xen/gntdev: correct error checking in gntdev_map_grant_pages()
    - xen/arm: don't ignore return errors from set_phys_to_machine
    - xen-blkback: don't "handle" error by BUG()
    - xen-netback: don't "handle" error by BUG()
    - xen-scsiback: don't "handle" error by BUG()
    - xen-blkback: fix error handling in xen_blkbk_map()
    - tty: protect tty_write from odd low-level tty disciplines
    - Bluetooth: btusb: Always fallback to alt 1 for WBS
    - media: pwc: Use correct device for DMA
    - bpf: Fix truncation handling for mod32 dst reg wrt zero
    - HID: make arrays usage and value to be the same
    - USB: quirks: sort quirk entries
    - usb: quirks: add quirk to start video capture on ELMO L-12F document camera
      reliable
    - ntfs: check for valid standard information attribute
    - Bluetooth: btusb: Some Qualcomm Bluetooth adapters stop working
    - arm64: tegra: Add power-domain for Tegra210 HDA
    - hwmon: (dell-smm) Add XPS 15 L502X to fan control blacklist
    - KVM: x86: Zap the oldest MMU pages, not the newest
    - KVM: do not assume PTE is writable after follow_pfn
    - mm: provide a saner PTE walking API for modules
    - KVM: Use kvm_pfn_t for local PFN variable in hva_to_pfn_remapped()

 -- Andrea Righi <email address hidden> Mon, 01 Mar 2021 18:17:45 +0100

Changed in linux (Ubuntu):
status: Fix Committed → Fix Released
Launchpad Janitor (janitor) wrote :
Download full text (149.1 KiB)

This bug was fixed in the package linux-gcp - 5.8.0-1024.25+21.04.1

---------------
linux-gcp (5.8.0-1024.25+21.04.1) hirsute; urgency=medium

  * hirsute/linux-gcp: 5.8.0-1024.25+21.04.1 -proposed tracker (LP: #1916131)

  * Packaging resync (LP: #1786013)
    - update dkms package versions

  [ Ubuntu: 5.8.0-1024.25 ]

  * groovy/linux-gcp: 5.8.0-1024.25 -proposed tracker (LP: #1916132)
  * Please trust Canonical Livepatch Service kmod signing key (LP: #1898716)
    - gcp: [Config] enable CONFIG_MODVERSIONS=y
    - gcp: [Packaging] build canonical-certs.pem from branch/arch certs
    - gcp: [Config] Allow ASM_MODVERSIONS
  * groovy/linux: 5.8.0-45.51 -proposed tracker (LP: #1916143)
  * Please trust Canonical Livepatch Service kmod signing key (LP: #1898716)
    - [Config] enable CONFIG_MODVERSIONS=y
    - [Packaging] build canonical-certs.pem from branch/arch certs
    - [Config] add Canonical Livepatch Service key to SYSTEM_TRUSTED_KEYS
    - [Config] add ubuntu-drivers key to SYSTEM_TRUSTED_KEYS
    - [Config] Allow ASM_MODVERSIONS and MODULE_REL_CRCS
  * CVE-2021-20194
    - bpf, cgroup: Fix optlen WARN_ON_ONCE toctou
    - bpf, cgroup: Fix problematic bounds check
  * Missing device id for Intel TGL-H ISH [8086:43fc] in intel-ish-hid driver
    (LP: #1914543)
    - HID: intel-ish-hid: ipc: Add Tiger Lake H PCI device ID
  * Prevent thermal shutdown during boot process (LP: #1906168)
    - thermal/core: Emit a warning if the thermal zone is updated without ops
    - thermal/core: Add critical and hot ops
    - thermal/drivers/acpi: Use hot and critical ops
    - thermal/drivers/rcar: Remove notification usage
    - thermal: int340x: Fix unexpected shutdown at critical temperature
    - thermal: intel: pch: Fix unexpected shutdown at critical temperature
  * geneve overlay network on vlan interface broken with offload enabled
    (LP: #1914447)
    - net/mlx5e: Fix SWP offsets when vlan inserted by driver
  * Groovy update: upstream stable patchset 2021-02-11 (LP: #1915473)
    - net: cdc_ncm: correct overhead in delayed_ndp_size
    - net: hns3: fix the number of queues actually used by ARQ
    - net: hns3: fix a phy loopback fail issue
    - net: stmmac: dwmac-sun8i: Balance internal PHY resource references
    - net: stmmac: dwmac-sun8i: Balance internal PHY power
    - net: vlan: avoid leaks on register_vlan_dev() failures
    - net/sonic: Fix some resource leaks in error handling paths
    - net: ipv6: fib: flush exceptions when purging route
    - tools: selftests: add test for changing routes with PTMU exceptions
    - net: fix pmtu check in nopmtudisc mode
    - net: ip: always refragment ip defragmented packets
    - octeontx2-af: fix memory leak of lmac and lmac->name
    - nexthop: Fix off-by-one error in error path
    - nexthop: Unlink nexthop group entry in error path
    - s390/qeth: fix L2 header access in qeth_l3_osa_features_check()
    - net: dsa: lantiq_gswip: Exclude RMII from modes that report 1 GbE
    - net/mlx5: Use port_num 1 instead of 0 when delete a RoCE address
    - net/mlx5e: ethtool, Fix restriction of autoneg with 56G
    - chtls: Fix hardware tid leak
    - chtls: Remove invalid set_tcb call
    - chtl...

Changed in linux-gcp (Ubuntu):
status: Confirmed → Fix Released

This bug is awaiting verification that the kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-bionic' to 'verification-done-bionic'. If the problem still exists, change the tag 'verification-needed-bionic' to 'verification-failed-bionic'.

If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you!

tags: added: verification-needed-bionic
Stefan Bader (smb) wrote :

ubuntu@test-b1:~$ uname -a
Linux test-b1 4.15.0-141-generic #145-Ubuntu SMP Wed Mar 24 18:08:07 UTC 2021 x86_64 x86_64 x86_64 GNU/Linux

ubuntu@test-b1:~$ sudo keyctl list %:.builtin_trusted_keys
3 keys in keyring:
335785479: ---lswrv 0 0 asymmetric: Build time autogenerated kernel key: 94c1dbbf9057c249d34783f9fbd868815acc6f0a
743718234: ---lswrv 0 0 asymmetric: Canonical Ltd. Kernel Module Signing: 88f752e560a1e0737e31163a466ad7b70a850c19
190144923: ---lswrv 0 0 asymmetric: Canonical Ltd. Live Patch Signing: 14df34d1a87cf37625abec039ef2bf521249b969

tags: added: verification-done-bionic
removed: verification-needed-bionic
Launchpad Janitor (janitor) wrote :
Download full text (11.4 KiB)

This bug was fixed in the package linux - 4.15.0-141.145

---------------
linux (4.15.0-141.145) bionic; urgency=medium

  * bionic/linux: 4.15.0-141.145 -proposed tracker (LP: #1919536)

  * binary assembly failures with CONFIG_MODVERSIONS present (LP: #1919315)
    - [Packaging] quiet (nomially) benign errors in BUILD script

  * selftests: bpf verifier fails after sanitize_ptr_alu fixes (LP: #1920995)
    - bpf: Simplify alu_limit masking for pointer arithmetic
    - bpf: Add sanity check for upper ptr_limit
    - bpf, selftests: Fix up some test_verifier cases for unprivileged

  * Packaging resync (LP: #1786013)
    - update dkms package versions

  * CVE-2018-13095
    - xfs: More robust inode extent count validation

  * i40e PF reset due to incorrect MDD event (LP: #1772675)
    - i40e: change behavior on PF in response to MDD event

  * Bionic update: upstream stable patchset 2021-03-09 (LP: #1918330)
    - ACPI: sysfs: Prefer "compatible" modalias
    - ARM: dts: imx6qdl-gw52xx: fix duplicate regulator naming
    - wext: fix NULL-ptr-dereference with cfg80211's lack of commit()
    - net: usb: qmi_wwan: added support for Thales Cinterion PLSx3 modem family
    - drivers: soc: atmel: Avoid calling at91_soc_init on non AT91 SoCs
    - drivers: soc: atmel: add null entry at the end of at91_soc_allowed_list[]
    - KVM: x86/pmu: Fix HW_REF_CPU_CYCLES event pseudo-encoding in
      intel_arch_events[]
    - KVM: x86: get smi pending status correctly
    - xen: Fix XenStore initialisation for XS_LOCAL
    - leds: trigger: fix potential deadlock with libata
    - mt7601u: fix kernel crash unplugging the device
    - mt7601u: fix rx buffer refcounting
    - xen-blkfront: allow discard-* nodes to be optional
    - ARM: imx: build suspend-imx6.S with arm instruction set
    - netfilter: nft_dynset: add timeout extension to template
    - xfrm: Fix oops in xfrm_replay_advance_bmp
    - RDMA/cxgb4: Fix the reported max_recv_sge value
    - iwlwifi: pcie: use jiffies for memory read spin time limit
    - iwlwifi: pcie: reschedule in long-running memory reads
    - mac80211: pause TX while changing interface type
    - can: dev: prevent potential information leak in can_fill_info()
    - x86/entry/64/compat: Preserve r8-r11 in int $0x80
    - x86/entry/64/compat: Fix "x86/entry/64/compat: Preserve r8-r11 in int $0x80"
    - iommu/vt-d: Gracefully handle DMAR units with no supported address widths
    - iommu/vt-d: Don't dereference iommu_device if IOMMU_API is not built
    - NFC: fix resource leak when target index is invalid
    - NFC: fix possible resource leak
    - team: protect features update by RCU to avoid deadlock
    - tcp: fix TLP timer not set when CA_STATE changes from DISORDER to OPEN
    - kernel: kexec: remove the lock operation of system_transition_mutex
    - PM: hibernate: flush swap writer after marking
    - pNFS/NFSv4: Fix a layout segment leak in pnfs_layout_process()
    - net/mlx5: Fix memory leak on flow table creation error flow
    - rxrpc: Fix memory leak in rxrpc_lookup_local
    - net: dsa: bcm_sf2: put device node before return
    - ibmvnic: Ensure that CRQ entry read are correctly ordered
    - ACPI: thermal: Do...

Changed in linux (Ubuntu Bionic):
status: Fix Committed → Fix Released
Launchpad Janitor (janitor) wrote :
Download full text (11.5 KiB)

This bug was fixed in the package linux-kvm - 4.15.0-1089.91

---------------
linux-kvm (4.15.0-1089.91) bionic; urgency=medium

  * bionic/linux-kvm: 4.15.0-1089.91 -proposed tracker (LP: #1919527)

  [ Ubuntu: 4.15.0-141.145 ]

  * bionic/linux: 4.15.0-141.145 -proposed tracker (LP: #1919536)
  * binary assembly failures with CONFIG_MODVERSIONS present (LP: #1919315)
    - [Packaging] quiet (nomially) benign errors in BUILD script
  * selftests: bpf verifier fails after sanitize_ptr_alu fixes (LP: #1920995)
    - bpf: Simplify alu_limit masking for pointer arithmetic
    - bpf: Add sanity check for upper ptr_limit
    - bpf, selftests: Fix up some test_verifier cases for unprivileged
  * Packaging resync (LP: #1786013)
    - update dkms package versions
  * CVE-2018-13095
    - xfs: More robust inode extent count validation
  * i40e PF reset due to incorrect MDD event (LP: #1772675)
    - i40e: change behavior on PF in response to MDD event
  * Bionic update: upstream stable patchset 2021-03-09 (LP: #1918330)
    - ACPI: sysfs: Prefer "compatible" modalias
    - ARM: dts: imx6qdl-gw52xx: fix duplicate regulator naming
    - wext: fix NULL-ptr-dereference with cfg80211's lack of commit()
    - net: usb: qmi_wwan: added support for Thales Cinterion PLSx3 modem family
    - drivers: soc: atmel: Avoid calling at91_soc_init on non AT91 SoCs
    - drivers: soc: atmel: add null entry at the end of at91_soc_allowed_list[]
    - KVM: x86/pmu: Fix HW_REF_CPU_CYCLES event pseudo-encoding in
      intel_arch_events[]
    - KVM: x86: get smi pending status correctly
    - xen: Fix XenStore initialisation for XS_LOCAL
    - leds: trigger: fix potential deadlock with libata
    - mt7601u: fix kernel crash unplugging the device
    - mt7601u: fix rx buffer refcounting
    - xen-blkfront: allow discard-* nodes to be optional
    - ARM: imx: build suspend-imx6.S with arm instruction set
    - netfilter: nft_dynset: add timeout extension to template
    - xfrm: Fix oops in xfrm_replay_advance_bmp
    - RDMA/cxgb4: Fix the reported max_recv_sge value
    - iwlwifi: pcie: use jiffies for memory read spin time limit
    - iwlwifi: pcie: reschedule in long-running memory reads
    - mac80211: pause TX while changing interface type
    - can: dev: prevent potential information leak in can_fill_info()
    - x86/entry/64/compat: Preserve r8-r11 in int $0x80
    - x86/entry/64/compat: Fix "x86/entry/64/compat: Preserve r8-r11 in int $0x80"
    - iommu/vt-d: Gracefully handle DMAR units with no supported address widths
    - iommu/vt-d: Don't dereference iommu_device if IOMMU_API is not built
    - NFC: fix resource leak when target index is invalid
    - NFC: fix possible resource leak
    - team: protect features update by RCU to avoid deadlock
    - tcp: fix TLP timer not set when CA_STATE changes from DISORDER to OPEN
    - kernel: kexec: remove the lock operation of system_transition_mutex
    - PM: hibernate: flush swap writer after marking
    - pNFS/NFSv4: Fix a layout segment leak in pnfs_layout_process()
    - net/mlx5: Fix memory leak on flow table creation error flow
    - rxrpc: Fix memory leak in rxrpc_lookup_local
    - net: dsa: bcm_sf2: put device nod...

Changed in linux-kvm (Ubuntu Bionic):
status: Confirmed → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers