Ubuntu
linux package

Bionic update: upstream stable patchset 2020-11-04

Bug #1902943 reported by Kamal Mostafa on 2020-11-04

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	linux (Ubuntu)	Invalid	Undecided	Unassigned
	Bionic	Fix Released	Undecided	Kamal Mostafa

Bug Description

SRU Justification

    Impact:
       The upstream process for stable tree updates is quite similar
       in scope to the Ubuntu SRU process, e.g., each patch has to
       demonstrably fix a bug, and each patch is vetted by upstream
       by originating either directly from a mainline/stable Linux tree or
       a minimally backported form of that patch. The following upstream
       stable patches should be included in the Ubuntu kernel:

upstream stable patchset 2020-11-04
from git://git.kernel.org/

USB: gadget: f_ncm: Fix NDP16 datagram validation
gpio: tc35894: fix up tc35894 interrupt configuration
vsock/virtio: use RCU to avoid use-after-free on the_virtio_vsock
vsock/virtio: stop workers during the .remove()
vsock/virtio: add transport parameter to the virtio_transport_reset_no_sock()
net: virtio_vsock: Enhance connection semantics
Input: i8042 - add nopnp quirk for Acer Aspire 5 A515
ftrace: Move RCU is watching check after recursion check
drm/amdgpu: restore proper ref count in amdgpu_display_crtc_set_config
drivers/net/wan/hdlc_fr: Add needed_headroom for PVC devices
drm/sun4i: mixer: Extend regmap max_register
net: dec: de2104x: Increase receive ring size for Tulip
rndis_host: increase sleep time in the query-response loop
nvme-core: get/put ctrl and transport module in nvme_dev_open/release()
drivers/net/wan/lapbether: Make skb->protocol consistent with the header
drivers/net/wan/hdlc: Set skb->protocol before transmitting
mac80211: do not allow bigger VHT MPDUs than the hardware supports
spi: fsl-espi: Only process interrupts for expected events
nvme-fc: fail new connections to a deleted host or remote port
pinctrl: mvebu: Fix i2c sda definition for 98DX3236
nfs: Fix security label length not being reset
clk: samsung: exynos4: mark 'chipid' clock as CLK_IGNORE_UNUSED
iommu/exynos: add missing put_device() call in exynos_iommu_of_xlate()
i2c: cpm: Fix i2c_ram structure
Input: trackpoint - enable Synaptics trackpoints
random32: Restore __latent_entropy attribute on net_rand_state
epoll: do not insert into poll queues until all sanity checks are done
epoll: replace ->visited/visited_list with generation count
epoll: EPOLL_CTL_ADD: close the race in decision to take fast path
ep_create_wakeup_source(): dentry name can change under you...
netfilter: ctnetlink: add a range check for l3/l4 protonum
UBUNTU: upstream stable to v4.19.150
drm/syncobj: Fix drm_syncobj_handle_to_fd refcount leak
fbdev, newport_con: Move FONT_EXTRA_WORDS macros into linux/font.h
Fonts: Support FONT_EXTRA_WORDS macros for built-in fonts
Revert "ravb: Fixed to be able to unload modules"
fbcon: Fix global-out-of-bounds read in fbcon_get_font()
net: wireless: nl80211: fix out-of-bounds access in nl80211_del_key()
usermodehelper: reset umask to default before executing user process
platform/x86: thinkpad_acpi: initialize tp_nvram_state variable
platform/x86: thinkpad_acpi: re-initialize ACPI buffer size when reuse
driver core: Fix probe_count imbalance in really_probe()
perf top: Fix stdio interface input handling with glibc 2.28+
mtd: rawnand: sunxi: Fix the probe error path
macsec: avoid use-after-free in macsec_handle_frame()
mm/khugepaged: fix filemap page_to_pgoff(page) != offset
cifs: Fix incomplete memory allocation on setxattr path
i2c: meson: fix clock setting overwrite
sctp: fix sctp_auth_init_hmacs() error path
team: set dev->needed_headroom in team_setup_by_port()
net: team: fix memory leak in __team_options_register
openvswitch: handle DNAT tuple collision
drm/amdgpu: prevent double kfree ttm->sg
xfrm: clone XFRMA_REPLAY_ESN_VAL in xfrm_do_migrate
xfrm: clone XFRMA_SEC_CTX in xfrm_do_migrate
xfrm: clone whole liftime_cur structure in xfrm_do_migrate
net: stmmac: removed enabling eee in EEE set callback
platform/x86: fix kconfig dependency warning for FUJITSU_LAPTOP
xfrm: Use correct address family in xfrm_state_find
bonding: set dev->needed_headroom in bond_setup_by_slave()
mdio: fix mdio-thunder.c dependency & build error
net: usb: ax88179_178a: fix missing stop entry in driver_info
rxrpc: Fix rxkad token xdr encoding
rxrpc: Downgrade the BUG() for unsupported token type in rxrpc_read()
rxrpc: Fix some missing _bh annotations on locking conn->state_lock
rxrpc: Fix server keyring leak
perf: Fix task_function_call() error handling
mmc: core: don't set limits.discard_granularity as 0
mm: khugepaged: recalculate min_free_kbytes after memory hotplug as expected by khugepaged
net: usb: rtl8150: set random MAC address when set_ethernet_addr() fails
drm/nouveau/mem: guard against NULL pointer access in mem_del
i2c: i801: Exclude device from suspend direct complete optimization
nvme-core: put ctrl ref when module ref get fail
i2c: meson: fixup rate calculation with filter delay
xfrm: clone XFRMA_SET_MARK in xfrm_do_migrate
net/mlx5e: Fix VLAN cleanup flow
net/mlx5e: Fix VLAN create flow
UBUNTU: upstream stable to v4.14.201, v4.19.151

See original description

Tags:

CVE References

Kamal Mostafa (kamalmostafa) on 2020-11-04

Changed in linux (Ubuntu):
status:	New → Confirmed
tags:	added: kernel-stable-tracking-bug
Changed in linux (Ubuntu Bionic):
status:	New → In Progress
assignee:	nobody → Kamal Mostafa (kamalmostafa)
description:	updated

Ian May (ian-may) on 2020-11-05

Changed in linux (Ubuntu Bionic):
status:	In Progress → Fix Committed

Revision history for this message

Launchpad Janitor (janitor) wrote on 2020-12-02:

Download full text (33.1 KiB)

This bug was fixed in the package linux - 4.15.0-126.129

---------------
linux (4.15.0-126.129) bionic; urgency=medium

* bionic/linux: 4.15.0-126.129 -proposed tracker (LP: #1905305)

  * CVE-2020-4788
    - SAUCE: powerpc/64s: Define MASKABLE_RELON_EXCEPTION_PSERIES_OOL
    - SAUCE: powerpc/64s: move some exception handlers out of line
    - powerpc/64s: flush L1D on kernel entry
    - SAUCE: powerpc: Add a framework for user access tracking
    - powerpc: Implement user_access_begin and friends
    - powerpc: Fix __clear_user() with KUAP enabled
    - powerpc/uaccess: Evaluate macro arguments once, before user access is
      allowed
    - powerpc/64s: flush L1D after user accesses

linux (4.15.0-125.128) bionic; urgency=medium

* bionic/linux: 4.15.0-125.128 -proposed tracker (LP: #1903137)

* Update kernel packaging to support forward porting kernels (LP: #1902957)
- [Debian] Update for leader included in BACKPORT_SUFFIX

* Avoid double newline when running insertchanges (LP: #1903293)
- [Packaging] insertchanges: avoid double newline

* EFI: Fails when BootCurrent entry does not exist (LP: #1899993)
- efivarfs: Replace invalid slashes with exclamation marks in dentries.

* CVE-2020-14351
- perf/core: Fix race in the perf_mmap_close() function

  * raid10: Block discard is very slow, causing severe delays for mkfs and
    fstrim operations (LP: #1896578)
    - md: add md_submit_discard_bio() for submitting discard bio
    - md/raid10: extend r10bio devs to raid disks
    - md/raid10: pull codes that wait for blocked dev into one function
    - md/raid10: improve raid10 discard request
    - md/raid10: improve discard request for far layout

  * Bionic: btrfs: kernel BUG at /build/linux-
    eTBZpZ/linux-4.15.0/fs/btrfs/ctree.c:3233! (LP: #1902254)
    - btrfs: use offset_in_page instead of open-coding it
    - btrfs: use BUG() instead of BUG_ON(1)
    - btrfs: drop unnecessary offset_in_page in extent buffer helpers
    - btrfs: extent_io: do extra check for extent buffer read write functions
    - btrfs: extent-tree: kill BUG_ON() in __btrfs_free_extent()
    - btrfs: extent-tree: kill the BUG_ON() in insert_inline_extent_backref()
    - btrfs: ctree: check key order before merging tree blocks

This bug was fixed in the package linux - 4.15.0-126.129

---------------
linux (4.15.0-126.129) bionic; urgency=medium

* bionic/linux: 4.15.0-126.129 -proposed tracker (LP: #1905305)

linux (4.15.0-125.128) bionic; urgency=medium

* bionic/linux: 4.15.0-125.128 -proposed tracker (LP: #1903137)

* Update kernel packaging to support forward porting kernels (LP: #1902957)
    - [Debian] Update for leader included in BACKPORT_SUFFIX

* Avoid double newline when running insertchanges (LP: #1903293)
    - [Packaging] insertchanges: avoid double newline

* EFI: Fails when BootCurrent entry does not exist (LP: #1899993)
    - efivarfs: Replace invalid slashes with exclamation marks in dentries.

* CVE-2020-14351
    - perf/core: Fix race in the perf_mmap_close() function

* Bionic update: upstream stable patchset 2020-11-04 (LP: #1902943)
    - USB: gadget: f_ncm: Fix NDP16 datagram validation
    - gpio: tc35894: fix up tc35894 interrupt configuration
    - vsock/virtio: use RCU to avoid use-after-free on the_virtio_vsock
    - vsock/virtio: stop workers during the .remove()
    - vsock/virtio: add transport parameter to the
      virtio_transport_reset_no_sock()
    - net: virtio_vsock: Enhance connection semantics
    - Input: i8042 - add nopnp quirk for Acer Aspire 5 A515
    - ftrace: Move RCU is watching check after recursion check
    - drm/amdgpu: restore proper ref count in amdgpu_display_crtc_set_config
    - drivers/net/wan/hdlc_fr: Add needed_headroom for PVC devices
    - drm/sun4i: mixer: Extend regmap max_register
    - net: dec: de2104x: Increase receive ring size for Tulip
    - rndis_host: increase sleep time in the query-response loop
    - nvme-core: get/put ctrl and transport module in nvme_dev_open/release()
    - drivers/net/wan/lapbether: Make skb->protocol consistent with the header
    - drivers/net/wan/hdlc: Set skb->protocol before transmitting
    - mac80211: do not allow bigger VHT MPDUs than the hardware supports
    - spi: fsl-espi: Only process interrupts for expected events
    - nvme-fc: fail new connections to a deleted host or remote port
    - pinctrl: mvebu: Fix i2c sda definition for 98DX3236
    - nfs: Fix security label length not being reset
    - clk: samsung: exynos4: mark 'chipid' clock as CLK_IGNORE_UNUSED
    - iommu/exynos: add missing put_device() call in exynos_iommu_of_xlate()
    - i2c: cpm: Fix i2c_ram structure
    - Input: trackpoint - enable Synaptics trackpoints
    - random32: Restore __latent_entropy attribute on net_rand_state
    - epoll: do not insert into poll queues until all sanity checks are done
    - epoll: replace ->visited/visited_list with generation count
    - epoll: EPOLL_CTL_ADD: close the race in decision to take fast path
    - ep_create_wakeup_source(): dentry name can change under you...
    - netfilter: ctnetlink: add a range check for l3/l4 protonum
    - drm/syncobj: Fix drm_syncobj_handle_to_fd refcount leak
    - fbdev, newport_con: Move FONT_EXTRA_WORDS macros into linux/font.h
    - Fonts: Support FONT_EXTRA_WORDS macros for built-in fonts
    - Revert "ravb: Fixed to be able to unload modules"
    - fbcon: Fix global-out-of-bounds read in fbcon_get_font()
    - net: wireless: nl80211: fix out-of-bounds access in nl80211_del_key()
    - usermodehelper: reset umask to default before executing user process
    - platform/x86: thinkpad_acpi: initialize tp_nvram_state variable
    - platform/x86: thinkpad_acpi: re-initialize ACPI buffer size when reuse
    - driver core: Fix probe_count imbalance in really_probe()
    - perf top: Fix stdio interface input handling with glibc 2.28+
    - mtd: rawnand: sunxi: Fix the probe error path
    - macsec: avoid use-after-free in macsec_handle_frame()
    - mm/khugepaged: fix filemap page_to_pgoff(page) != offset
    - cifs: Fix incomplete memory allocation on setxattr path
    - i2c: meson: fix clock setting overwrite
    - sctp: fix sctp_auth_init_hmacs() error path
    - team: set dev->needed_headroom in team_setup_by_port()
    - net: team: fix memory leak in __team_options_register
    - openvswitch: handle DNAT tuple collision
    - drm/amdgpu: prevent double kfree ttm->sg
    - xfrm: clone XFRMA_REPLAY_ESN_VAL in xfrm_do_migrate
    - xfrm: clone XFRMA_SEC_CTX in xfrm_do_migrate
    - xfrm: clone whole liftime_cur structure in xfrm_do_migrate
    - net: stmmac: removed enabling eee in EEE set callback
    - platform/x86: fix kconfig dependency warning for FUJITSU_LAPTOP
    - xfrm: Use correct address family in xfrm_state_find
    - bonding: set dev->needed_headroom in bond_setup_by_slave()
    - mdio: fix mdio-thunder.c dependency & build error
    - net: usb: ax88179_178a: fix missing stop entry in driver_info
    - rxrpc: Fix rxkad token xdr encoding
    - rxrpc: Downgrade the BUG() for unsupported token type in rxrpc_read()
    - rxrpc: Fix some missing _bh annotations on locking conn->state_lock
    - rxrpc: Fix server keyring leak
    - perf: Fix task_function_call() error handling
    - mmc: core: don't set limits.discard_granularity as 0
    - mm: khugepaged: recalculate min_free_kbytes after memory hotplug as expected
      by khugepaged
    - net: usb: rtl8150: set random MAC address when set_ethernet_addr() fails
    - drm/nouveau/mem: guard against NULL pointer access in mem_del
    - i2c: i801: Exclude device from suspend direct complete optimization
    - nvme-core: put ctrl ref when module ref get fail
    - i2c: meson: fixup rate calculation with filter delay
    - xfrm: clone XFRMA_SET_MARK in xfrm_do_migrate
    - net/mlx5e: Fix VLAN cleanup flow
    - net/mlx5e: Fix VLAN create flow

* kci_test_encap_fou() in rtnetlink.sh from kselftests/net failed with "FAIL:
    can't add fou port 7777, skipping test" (LP: #1891421)
    - selftests: rtnetlink: load fou module for kci_test_encap_fou() test

* Bionic update: upstream stable patchset 2020-10-23 (LP: #1901257)
    - af_key: pfkey_dump needs parameter validation
    - KVM: fix memory leak in kvm_io_bus_unregister_dev()
    - kprobes: fix kill kprobe which has been marked as gone
    - mm/thp: fix __split_huge_pmd_locked() for migration PMD
    - cxgb4: Fix offset when clearing filter byte counters
    - geneve: add transport ports in route lookup for geneve
    - hdlc_ppp: add range checks in ppp_cp_parse_cr()
    - ip: fix tos reflection in ack and reset packets
    - net: ipv6: fix kconfig dependency warning for IPV6_SEG6_HMAC
    - nfp: use correct define to return NONE fec
    - tipc: Fix memory leak in tipc_group_create_member()
    - tipc: fix shutdown() of connection oriented socket
    - tipc: use skb_unshare() instead in tipc_buf_append()
    - bnxt_en: Protect bnxt_set_eee() and bnxt_set_pauseparam() with mutex.
    - net: phy: Avoid NPD upon phy_detach() when driver is unbound
    - net: qrtr: check skb_put_padto() return value
    - net: add __must_check to skb_put_padto()
    - ipv4: Update exception handling for multipath routes via same device
    - MAINTAINERS: add CLANG/LLVM BUILD SUPPORT info
    - Documentation/llvm: add documentation on building w/ Clang/LLVM
    - Documentation/llvm: fix the name of llvm-size
    - net: wan: wanxl: use allow to pass CROSS_COMPILE_M68k for rebuilding
      firmware
    - net: wan: wanxl: use $(M68KCC) instead of $(M68KAS) for rebuilding firmware
    - kbuild: replace AS=clang with LLVM_IAS=1
    - tcp_bbr: refactor bbr_target_cwnd() for general inflight provisioning
    - tcp_bbr: adapt cwnd based on ack aggregation estimation
    - serial: 8250: Avoid error message on reprobe
    - RDMA/ucma: ucma_context reference leak in error path
    - mm: fix double page fault on arm64 if PTE_AF is cleared
    - scsi: aacraid: fix illegal IO beyond last LBA
    - m68k: q40: Fix info-leak in rtc_ioctl
    - gma/gma500: fix a memory disclosure bug due to uninitialized bytes
    - ASoC: kirkwood: fix IRQ error handling
    - media: smiapp: Fix error handling at NVM reading
    - arch/x86/lib/usercopy_64.c: fix __copy_user_flushcache() cache writeback
    - x86/ioapic: Unbreak check_timer()
    - ALSA: usb-audio: Add delay quirk for H570e USB headsets
    - ALSA: hda/realtek - Couldn't detect Mic if booting with headset plugged
    - PM / devfreq: tegra30: Fix integer overflow on CPU's freq max out
    - scsi: fnic: fix use after free
    - clk/ti/adpll: allocate room for terminating null
    - mtd: cfi_cmdset_0002: don't free cfi->cfiq in error path of
      cfi_amdstd_setup()
    - mfd: mfd-core: Protect against NULL call-back function pointer
    - tracing: Adding NULL checks for trace_array descriptor pointer
    - bcache: fix a lost wake-up problem caused by mca_cannibalize_lock
    - RDMA/i40iw: Fix potential use after free
    - xfs: fix attr leaf header freemap.size underflow
    - RDMA/iw_cgxb4: Fix an error handling path in 'c4iw_connect()'
    - mmc: core: Fix size overflow for mmc partitions
    - gfs2: clean up iopen glock mess in gfs2_create_inode
    - debugfs: Fix !DEBUG_FS debugfs_create_automount
    - CIFS: Properly process SMB3 lease breaks
    - kernel/sys.c: avoid copying possible padding bytes in copy_to_user
    - neigh_stat_seq_next() should increase position index
    - rt_cpu_seq_next should increase position index
    - seqlock: Require WRITE_ONCE surrounding raw_seqcount_barrier
    - media: ti-vpe: cal: Restrict DMA to avoid memory corruption
    - ACPI: EC: Reference count query handlers under lock
    - dmaengine: zynqmp_dma: fix burst length configuration
    - powerpc/eeh: Only dump stack once if an MMIO loop is detected
    - tracing: Set kernel_stack's caller size properly
    - ar5523: Add USB ID of SMCWUSBT-G2 wireless adapter
    - selftests/ftrace: fix glob selftest
    - tools/power/x86/intel_pstate_tracer: changes for python 3 compatibility
    - Bluetooth: Fix refcount use-after-free issue
    - mm: pagewalk: fix termination condition in walk_pte_range()
    - Bluetooth: prefetch channel before killing sock
    - ALSA: hda: Clear RIRB status before reading WP
    - skbuff: fix a data race in skb_queue_len()
    - audit: CONFIG_CHANGE don't log internal bookkeeping as an event
    - selinux: sel_avc_get_stat_idx should increase position index
    - scsi: lpfc: Fix RQ buffer leakage when no IOCBs available
    - scsi: lpfc: Fix coverity errors in fmdi attribute handling
    - drm/omap: fix possible object reference leak
    - perf test: Fix test trace+probe_vfs_getname.sh on s390
    - RDMA/rxe: Fix configuration of atomic queue pair attributes
    - KVM: x86: fix incorrect comparison in trace event
    - media: staging/imx: Missing assignment in
      imx_media_capture_device_register()
    - x86/pkeys: Add check for pkey "overflow"
    - bpf: Remove recursion prevention from rcu free callback
    - dmaengine: tegra-apb: Prevent race conditions on channel's freeing
    - media: go7007: Fix URB type for interrupt handling
    - Bluetooth: guard against controllers sending zero'd events
    - timekeeping: Prevent 32bit truncation in scale64_check_overflow()
    - ext4: fix a data race at inode->i_disksize
    - mm: avoid data corruption on CoW fault into PFN-mapped VMA
    - drm/amdgpu: increase atombios cmd timeout
    - ath10k: use kzalloc to read for ath10k_sdio_hif_diag_read
    - scsi: aacraid: Disabling TM path and only processing IOP reset
    - Bluetooth: L2CAP: handle l2cap config request during open state
    - media: tda10071: fix unsigned sign extension overflow
    - xfs: don't ever return a stale pointer from __xfs_dir3_free_read
    - tpm: ibmvtpm: Wait for buffer to be set before proceeding
    - rtc: ds1374: fix possible race condition
    - tracing: Use address-of operator on section symbols
    - serial: 8250_port: Don't service RX FIFO if throttled
    - serial: 8250_omap: Fix sleeping function called from invalid context during
      probe
    - serial: 8250: 8250_omap: Terminate DMA before pushing data on RX timeout
    - perf cpumap: Fix snprintf overflow check
    - cpufreq: powernv: Fix frame-size-overflow in powernv_cpufreq_work_fn
    - tools: gpio-hammer: Avoid potential overflow in main
    - RDMA/rxe: Set sys_image_guid to be aligned with HW IB devices
    - SUNRPC: Fix a potential buffer overflow in 'svc_print_xprts()'
    - svcrdma: Fix leak of transport addresses
    - ubifs: Fix out-of-bounds memory access caused by abnormal value of node_len
    - ALSA: usb-audio: Fix case when USB MIDI interface has more than one extra
      endpoint descriptor
    - NFS: Fix races nfs_page_group_destroy() vs
      nfs_destroy_unlinked_subrequests()
    - mm/kmemleak.c: use address-of operator on section symbols
    - mm/filemap.c: clear page error before actual read
    - mm/vmscan.c: fix data races using kswapd_classzone_idx
    - mm/mmap.c: initialize align_offset explicitly for vm_unmapped_area
    - scsi: qedi: Fix termination timeouts in session logout
    - serial: uartps: Wait for tx_empty in console setup
    - KVM: Remove CREATE_IRQCHIP/SET_PIT2 race
    - bdev: Reduce time holding bd_mutex in sync in blkdev_close()
    - drivers: char: tlclk.c: Avoid data race between init and interrupt handler
    - staging:r8188eu: avoid skb_clone for amsdu to msdu conversion
    - sparc64: vcc: Fix error return code in vcc_probe()
    - arm64: cpufeature: Relax checks for AArch32 support at EL[0-2]
    - dt-bindings: sound: wm8994: Correct required supplies based on actual
      implementaion
    - atm: fix a memory leak of vcc->user_back
    - power: supply: max17040: Correct voltage reading
    - phy: samsung: s5pv210-usb2: Add delay after reset
    - Bluetooth: Handle Inquiry Cancel error after Inquiry Complete
    - USB: EHCI: ehci-mv: fix error handling in mv_ehci_probe()
    - tty: serial: samsung: Correct clock selection logic
    - ALSA: hda: Fix potential race in unsol event handler
    - powerpc/traps: Make unrecoverable NMIs die instead of panic
    - fuse: don't check refcount after stealing page
    - USB: EHCI: ehci-mv: fix less than zero comparison of an unsigned int
    - arm64/cpufeature: Drop TraceFilt feature exposure from ID_DFR0 register
    - e1000: Do not perform reset in reset_task if we are already down
    - drm/nouveau/debugfs: fix runtime pm imbalance on error
    - printk: handle blank console arguments passed in.
    - usb: dwc3: Increase timeout for CmdAct cleared by device controller
    - btrfs: don't force read-only after error in drop snapshot
    - vfio/pci: fix memory leaks of eventfd ctx
    - perf util: Fix memory leak of prefix_if_not_in
    - perf kcore_copy: Fix module map when there are no modules loaded
    - mtd: rawnand: omap_elm: Fix runtime PM imbalance on error
    - ceph: fix potential race in ceph_check_caps
    - mm/swap_state: fix a data race in swapin_nr_pages
    - rapidio: avoid data race between file operation callbacks and
      mport_cdev_add().
    - mtd: parser: cmdline: Support MTD names containing one or more colons
    - x86/speculation/mds: Mark mds_user_clear_cpu_buffers() __always_inline
    - vfio/pci: Clear error and request eventfd ctx after releasing
    - cifs: Fix double add page to memcg when cifs_readpages
    - scsi: libfc: Handling of extra kref
    - scsi: libfc: Skip additional kref updating work event
    - selftests/x86/syscall_nt: Clear weird flags after each test
    - vfio/pci: fix racy on error and request eventfd ctx
    - btrfs: qgroup: fix data leak caused by race between writeback and truncate
    - s390/init: add missing __init annotations
    - i2c: core: Call i2c_acpi_install_space_handler() before
      i2c_acpi_register_devices()
    - objtool: Fix noreturn detection for ignored functions
    - ieee802154: fix one possible memleak in ca8210_dev_com_init
    - ieee802154/adf7242: check status of adf7242_read_reg
    - clocksource/drivers/h8300_timer8: Fix wrong return value in
      h8300_8timer_init()
    - batman-adv: bla: fix type misuse for backbone_gw hash indexing
    - atm: eni: fix the missed pci_disable_device() for eni_init_one()
    - batman-adv: mcast/TT: fix wrongly dropped or rerouted packets
    - mac802154: tx: fix use-after-free
    - drm/vc4/vc4_hdmi: fill ASoC card owner
    - net: qed: RDMA personality shouldn't fail VF load
    - batman-adv: Add missing include for in_interrupt()
    - batman-adv: mcast: fix duplicate mcast packets in BLA backbone from mesh
    - ALSA: asihpi: fix iounmap in error handler
    - MIPS: Add the missing 'CPU_1074K' into __get_cpu_type()
    - s390/dasd: Fix zero write for FBA devices
    - kprobes: Fix to check probe enabled before disarm_kprobe_ftrace()
    - mm, THP, swap: fix allocating cluster for swapfile by mistake
    - lib/string.c: implement stpcpy
    - ata: define AC_ERR_OK
    - ata: make qc_prep return ata_completion_errors
    - ata: sata_mv, avoid trigerrable BUG_ON
    - media: mc-device.c: fix memleak in media_device_register_entity
    - tpm_crb: fix fTPM on AMD Zen+ CPUs
    - RDMA/qedr: Fix potential use after free
    - fix dget_parent() fastpath race
    - scsi: pm80xx: Cleanup command when a reset times out
    - ASoC: max98090: remove msleep in PLL unlocked workaround
    - ipv6_route_seq_next should increase position index
    - scsi: ufs: Fix a race condition in the tracing code
    - s390/cpum_sf: Use kzalloc and minor changes
    - ceph: ensure we have a new cap before continuing in fill_inode
    - mm/swapfile.c: swap_next should increase position index
    - dmaengine: stm32-mdma: use vchan_terminate_vdesc() in .terminate_all
    - dmaengine: stm32-dma: use vchan_terminate_vdesc() in .terminate_all
    - drm/amd/display: dal_ddc_i2c_payloads_create can fail causing panic
    - firmware: arm_sdei: Use cpus_read_lock() to avoid races with cpuhp
    - random: fix data races at timer_rand_state
    - bus: hisi_lpc: Fixup IO ports addresses to avoid use-after-free in host
      removal
    - perf jevents: Fix leak of mapfile memory
    - xfs: mark dir corrupt when lookup-by-hash fails
    - rtc: sa1100: fix possible race condition
    - nfsd: Don't add locks to closed or closing open stateids
    - KVM: PPC: Book3S HV: Treat TM-related invalid form instructions on P9 like
      the valid ones
    - thermal: rcar_thermal: Handle probe error gracefully
    - nvme: Fix controller creation races with teardown flow
    - scsi: hpsa: correct race condition in offload enabled
    - PCI: Use ioremap(), not phys_to_virt() for platform ROM
    - KVM: arm64: vgic-its: Fix memory leak on the error path of vgic_add_lpi()
    - net: openvswitch: use u64 for meter bucket
    - scsi: aacraid: Fix error handling paths in aac_probe_one()
    - scsi: cxlflash: Fix error return code in cxlflash_probe()
    - drm/nouveau: fix runtime pm imbalance on error
    - perf evsel: Fix 2 memory leaks
    - perf stat: Fix duration_time value for higher intervals
    - perf metricgroup: Free metric_events on error
    - ASoC: img-i2s-out: Fix runtime PM imbalance on error
    - wlcore: fix runtime pm imbalance in wl1271_tx_work
    - nvme: fix possible deadlock when I/O is blocked
    - net: openvswitch: use div_u64() for 64-by-32 divisions
    - nvme: explicitly update mpath disk capacity on revalidation
    - ASoC: wm8994: Skip setting of the WM8994_MICBIAS register for WM1811
    - drm/amdkfd: fix a memory leak issue
    - batman-adv: mcast: fix duplicate mcast packets from BLA backbone to mesh
    - KVM: x86: Reset MMU context if guest toggles CR4.SMAP or CR4.PKE
    - KVM: SVM: Add a dedicated INVD intercept routine
    - s390/zcrypt: Fix ZCRYPT_PERDEV_REQCNT ioctl
    - kprobes: Fix compiler warning for !CONFIG_KPROBES_ON_FTRACE
    - KVM: arm64: Assume write fault on S1PTW permission fault on instruction
      fetch

* bcache: Issues with large IO wait in bch_mca_scan() when shrinker is enabled
    (LP: #1898786)
    - bcache: remove member accessed from struct btree
    - bcache: reap c->btree_cache_freeable from the tail in bch_mca_scan()
    - bcache: reap from tail of c->btree_cache in bch_mca_scan()

* *-tools-common packages descriptions have typo "PGKVER" (LP: #1898903)
    - [Packaging] Fix typo in -tools template s/PGKVER/PKGVER/

* [hns3-0901]add hns3_gro_complete for HW GRO process (LP: #1893711)
    - net: hns3: add rx multicast packets statistic
    - net: hns3: minor refactor for hns3_rx_checksum
    - net: hns3: add hns3_gro_complete for HW GRO process

* mwifiex stops working after kernel upgrade (LP: #1897299)
    - mwifiex: Increase AES key storage size to 256 bits

* Bionic update: upstream stable patchset 2020-09-30 (LP: #1897977)
    - ARM: dts: socfpga: fix register entry for timer3 on Arria10
    - RDMA/rxe: Fix memleak in rxe_mem_init_user
    - RDMA/rxe: Drop pointless checks in rxe_init_ports
    - scsi: libsas: Set data_dir as DMA_NONE if libata marks qc as NODATA
    - RDMA/core: Fix reported speed and width
    - mmc: sdhci-msm: Add retries when all tuning phases are found valid
    - ARM: dts: BCM5301X: Fixed QSPI compatible string
    - arm64: dts: ns2: Fixed QSPI compatible string
    - ARC: HSDK: wireup perf irq
    - dmaengine: acpi: Put the CSRT table after using it
    - drivers/net/wan/lapbether: Added needed_tailroom
    - NFC: st95hf: Fix memleak in st95hf_in_send_cmd
    - firestream: Fix memleak in fs_open
    - ALSA: hda: Fix 2 channel swapping for Tegra
    - drivers/net/wan/lapbether: Set network_header before transmitting
    - xfs: initialize the shortform attr header padding entry
    - irqchip/eznps: Fix build error for !ARC700 builds
    - drivers/net/wan/hdlc_cisco: Add hard_header_len
    - ARC: [plat-hsdk]: Switch ethernet phy-mode to rgmii-id
    - cpufreq: intel_pstate: Refuse to turn off with HWP enabled
    - ALSA: hda: fix a runtime pm issue in SOF when integrated GPU is disabled
    - gcov: Disable gcov build with GCC 10
    - iio: adc: mcp3422: fix locking scope
    - iio: adc: mcp3422: fix locking on error path
    - iio: adc: ti-ads1015: fix conversion when CONFIG_PM is not set
    - iio:light:ltr501 Fix timestamp alignment issue.
    - iio:accel:bmc150-accel: Fix timestamp alignment and prevent data leak.
    - iio:adc:ti-adc084s021 Fix alignment and data leak issues.
    - iio:adc:ina2xx Fix timestamp alignment issue.
    - iio:adc:max1118 Fix alignment of timestamp and data leak issues
    - iio:adc:ti-adc081c Fix alignment and data leak issues
    - iio:magnetometer:ak8975 Fix alignment and data leak issues.
    - iio:light:max44000 Fix timestamp alignment and prevent data leak.
    - iio:chemical:ccs811: Fix timestamp alignment and prevent data leak.
    - iio: accel: kxsd9: Fix alignment of local buffer.
    - iio:accel:mma7455: Fix timestamp alignment and prevent data leak.
    - iio:accel:mma8452: Fix timestamp alignment and prevent data leak.
    - staging: wlan-ng: fix out of bounds read in prism2sta_probe_usb()
    - btrfs: require only sector size alignment for parent eb bytenr
    - btrfs: fix lockdep splat in add_missing_dev
    - btrfs: fix wrong address when faulting in pages in the search ioctl
    - regulator: push allocation in set_consumer_device_supply() out of lock
    - scsi: target: iscsi: Fix data digest calculation
    - scsi: target: iscsi: Fix hang in iscsit_access_np() when getting
      tpg->np_login_sem
    - rbd: require global CAP_SYS_ADMIN for mapping and unmapping
    - RDMA/rxe: Fix the parent sysfs read when the interface has 15 chars
    - fbcon: remove soft scrollback code
    - fbcon: remove now unusued 'softback_lines' cursor() argument
    - vgacon: remove software scrollback support
    - [Config] updateconfigs for VGACON_SOFT_SCROLLBACK
    - KVM: VMX: Don't freeze guest when event delivery causes an APIC-access exit
    - ARM: dts: vfxxx: Add syscon compatible with OCOTP
    - video: fbdev: fix OOB read in vga_8planes_imageblit()
    - staging: greybus: audio: fix uninitialized value issue
    - usb: core: fix slab-out-of-bounds Read in read_descriptors
    - USB: serial: ftdi_sio: add IDs for Xsens Mti USB converter
    - USB: serial: option: support dynamic Quectel USB compositions
    - USB: serial: option: add support for SIM7070/SIM7080/SIM7090 modules
    - usb: Fix out of sync data toggle if a configured device is reconfigured
    - usb: typec: ucsi: acpi: Check the _DEP dependencies
    - gcov: add support for GCC 10.1
    - gfs2: initialize transaction tr_ailX_lists earlier
    - net: handle the return value of pskb_carve_frag_list() correctly
    - hv_netvsc: Remove "unlikely" from netvsc_select_queue
    - NFSv4.1 handle ERR_DELAY error reclaiming locking state on delegation recall
    - scsi: pm8001: Fix memleak in pm8001_exec_internal_task_abort
    - scsi: libfc: Fix for double free()
    - scsi: lpfc: Fix FLOGI/PLOGI receive race condition in pt2pt discovery
    - spi: spi-loopback-test: Fix out-of-bounds read
    - SUNRPC: stop printk reading past end of string
    - rapidio: Replace 'select' DMAENGINES 'with depends on'
    - nvme-fc: cancel async events before freeing event struct
    - f2fs: fix indefinite loop scanning for free nid
    - i2c: algo: pca: Reapply i2c bus settings after reset
    - spi: Fix memory leak on splited transfers
    - KVM: MIPS: Change the definition of kvm type
    - clk: rockchip: Fix initialization of mux_pll_src_4plls_p
    - Drivers: hv: vmbus: Add timeout to vmbus_wait_for_unload
    - MIPS: SNI: Fix MIPS_L1_CACHE_SHIFT
    - perf test: Free formats for perf pmu parse test
    - fbcon: Fix user font detection test at fbcon_resize().
    - MIPS: SNI: Fix spurious interrupts
    - drm/mediatek: Add exception handing in mtk_drm_probe() if component init
      fail
    - drm/mediatek: Add missing put_device() call in mtk_hdmi_dt_parse_pdata()
    - USB: quirks: Add USB_QUIRK_IGNORE_REMOTE_WAKEUP quirk for BYD zhaoxin
      notebook
    - USB: UAS: fix disconnect by unplugging a hub
    - usblp: fix race between disconnect() and read()
    - i2c: i801: Fix resume bug
    - percpu: fix first chunk size calculation for populated bitmap
    - Input: trackpoint - add new trackpoint variant IDs
    - Input: i8042 - add Entroware Proteus EL07R4 to nomux and reset lists
    - serial: 8250_pci: Add Realtek 816a and 816b
    - ehci-hcd: Move include to keep CRC stable
    - powerpc/dma: Fix dma_map_ops::get_required_mask
    - x86/defconfig: Enable CONFIG_USB_XHCI_HCD=y
    - RDMA/bnxt_re: Do not report transparent vlan from QP1
    - ARM: dts: bcm: HR2: Fixed QSPI compatible string
    - ARM: dts: NSP: Fixed QSPI compatible string
    - netfilter: conntrack: allow sctp hearbeat after connection re-use
    - cpufreq: intel_pstate: Fix intel_pstate_get_hwp_max() for turbo disabled
    - iommu/amd: Do not use IOMMUv2 functionality when SME is active
    - drm/tve200: Stabilize enable/disable
    - drm/msm: Disable preemption on all 5xx targets
    - phy: qcom-qmp: Use correct values for ipq8074 PCIe Gen2 PHY init
    - dsa: Allow forwarding of redirected IGMP traffic
    - RDMA/bnxt_re: Restrict the max_gids to 256
    - regulator: pwm: Fix machine constraints application
    - openrisc: Fix cache API compile issue when not inlining
    - f2fs: Return EOF on unaligned end of file DIO read
    - ASoC: qcom: Set card->owner to avoid warnings
    - perf test: Fix the "signal" test inline assembly
    - x86/boot/compressed: Disable relocation relaxation

* Bionic update: upstream stable patchset 2020-09-23 (LP: #1896817)
    - HID: core: Correctly handle ReportSize being zero
    - HID: core: Sanitize event code and type when mapping input
    - perf record/stat: Explicitly call out event modifiers in the documentation
    - drm/msm: add shutdown support for display platform_driver
    - hwmon: (applesmc) check status earlier.
    - nvmet: Disable keep-alive timer when kato is cleared to 0h
    - ceph: don't allow setlease on cephfs
    - cpuidle: Fixup IRQ state
    - s390: don't trace preemption in percpu macros
    - xen/xenbus: Fix granting of vmalloc'd memory
    - dmaengine: of-dma: Fix of_dma_router_xlate's of_dma_xlate handling
    - batman-adv: Avoid uninitialized chaddr when handling DHCP
    - batman-adv: Fix own OGM check in aggregated OGMs
    - batman-adv: bla: use netif_rx_ni when not in interrupt context
    - dmaengine: at_hdmac: check return value of of_find_device_by_node() in
      at_dma_xlate()
    - MIPS: mm: BMIPS5000 has inclusive physical caches
    - MIPS: BMIPS: Also call bmips_cpu_setup() for secondary cores
    - netfilter: nf_tables: add NFTA_SET_USERDATA if not null
    - netfilter: nf_tables: incorrect enum nft_list_attributes definition
    - netfilter: nf_tables: fix destination register zeroing
    - net: hns: Fix memleak in hns_nic_dev_probe
    - net: systemport: Fix memleak in bcm_sysport_probe
    - ravb: Fixed to be able to unload modules
    - net: arc_emac: Fix memleak in arc_mdio_probe
    - dmaengine: pl330: Fix burst length if burst size is smaller than bus width
    - bnxt_en: Check for zero dir entries in NVRAM.
    - bnxt_en: Fix PCI AER error recovery flow
    - nvmet-fc: Fix a missed _irqsave version of spin_lock in
      'nvmet_fc_fod_op_done()'
    - perf tools: Correct SNOOPX field offset
    - net: ethernet: mlx4: Fix memory allocation in mlx4_buddy_init()
    - fix regression in "epoll: Keep a reference on files added to the check list"
    - tg3: Fix soft lockup when tg3_reset_task() fails.
    - iommu/vt-d: Serialize IOMMU GCMD register modifications
    - thermal: ti-soc-thermal: Fix bogus thermal shutdowns for omap4430
    - include/linux/log2.h: add missing () around n in roundup_pow_of_two()
    - btrfs: drop path before adding new uuid tree entry
    - btrfs: Remove redundant extent_buffer_get in get_old_root
    - btrfs: Remove extraneous extent_buffer_get from tree_mod_log_rewind
    - btrfs: set the lockdep class for log tree extent buffers
    - uaccess: Add non-pagefault user-space read functions
    - uaccess: Add non-pagefault user-space write function
    - btrfs: fix potential deadlock in the search ioctl
    - net: usb: qmi_wwan: add Telit 0x1050 composition
    - usb: qmi_wwan: add D-Link DWM-222 A2 device ID
    - ALSA: ca0106: fix error code handling
    - ALSA: pcm: oss: Remove superfluous WARN_ON() for mulaw sanity check
    - ALSA: hda/hdmi: always check pin power status in i915 pin fixup
    - ALSA: firewire-digi00x: exclude Avid Adrenaline from detection
    - affs: fix basic permission bits to actually work
    - block: allow for_each_bvec to support zero len bvec
    - block: Move SECTOR_SIZE and SECTOR_SHIFT definitions into <linux/blkdev.h>
    - libata: implement ATA_HORKAGE_MAX_TRIM_128M and apply to Sandisks
    - dm cache metadata: Avoid returning cmd->bm wild pointer on error
    - dm thin metadata: Avoid returning cmd->bm wild pointer on error
    - mm: slub: fix conversion of freelist_corrupted()
    - KVM: arm64: Add kvm_extable for vaxorcism code
    - KVM: arm64: Defer guest entry when an asynchronous exception is pending
    - KVM: arm64: Survive synchronous exceptions caused by AT instructions
    - KVM: arm64: Set HCR_EL2.PTW to prevent AT taking synchronous exception
    - checkpatch: fix the usage of capture group ( ... )
    - mm/hugetlb: fix a race between hugetlb sysctl handlers
    - cfg80211: regulatory: reject invalid hints
    - net: usb: Fix uninit-was-stored issue in asix_read_phy_addr()
    - ALSA; firewire-tascam: exclude Tascam FE-8 from detection
    - block: ensure bdi->io_pages is always initialized
    - vfio/pci: Fix SR-IOV VF handling with MMIO blocking
    - bnxt: don't enable NAPI until rings are ready
    - netlabel: fix problems with mapping removal
    - net: usb: dm9601: Add USB ID of Keenetic Plus DSL
    - sctp: not disable bh in the whole sctp_get_port_local()
    - tipc: fix shutdown() of connectionless socket
    - net: disable netpoll on fresh napis
    - scsi: target: tcmu: Fix size in calls to tcmu_flush_dcache_range
    - scsi: target: tcmu: Optimize use of flush_dcache_page
    - selftests/bpf: Fix massive output from test_maps
    - netfilter: nfnetlink: nfnetlink_unicast() reports EAGAIN instead of ENOBUFS
    - perf jevents: Fix suspicious code in fixregex()
    - ext2: don't update mtime on COW faults
    - xfs: don't update mtime on COW faults

-- Thadeu Lima de Souza Cascardo <cascardo@canonical.com>  Mon, 23 Nov 2020 15:01:09 -0300

Changed in linux (Ubuntu Bionic):
status:	Fix Committed → Fix Released

Po-Hsu Lin (cypressyew) on 2022-03-16

Changed in linux (Ubuntu):
status:	Confirmed → Invalid

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.

Ubuntulinux package