Ubuntu
linux package

improper memcg accounting causes NULL pointer derefs

Bug #1918668 reported by Thadeu Lima de Souza Cascardo on 2021-03-11

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	linux (Ubuntu)	Invalid	Undecided	Unassigned
	Groovy	Fix Released	Critical	Thadeu Lima de Souza Cascardo

Bug Description

[Impact]
BUGs/panics/memory corruption, leading to unbootable systems, or systems hanging when doing IO.

[Test case]
Boot a groovy system and run update-grub, do a new kernel install.

[Fix]
Revert the commit that did an improper memcg accounting, leading to refcounts going past 0.

[Regression potential]
memcg accounting can be wrong, leading to either containers being more or less restricted in memory then they are supposed to.

=============================================================

After booting with groovy:linux master-next branch as of 2021-03-10, NULL pointer dereferences are seen.

One of them is like the one below:

[ 10.012503] BUG: kernel NULL pointer dereference, address: 0000000000000518
[ 10.030761] #PF: supervisor read access in kernel mode
[ 10.042518] #PF: error_code(0x0000) - not-present page
[ 10.050165] PGD 0 P4D 0
[ 10.077050] Oops: 0000 [#1] SMP PTI
[ 10.081927] CPU: 0 PID: 516 Comm: kexec-load Tainted: G W 5.8.0-45-generic #51
[ 10.092486] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.14.0-1 04/01/2014
[ 10.103510] RIP: 0010:__mod_memcg_state.part.0+0xc/0x90
[ 10.115100] Code: f0 56 d0 ba e8 f5 9e 2e 00 5b 41 5c 41 5d 5d c3 4c 8b 25 ff 52 99 01 e9 76 ff ff ff 0f 0b 0f 1f 44 00 00 48 63 d2 55 48 63 f6 <48> 8b 87 18 05 00 00 65 48 8b 0c f0 48 01 ca 48 c1 e6 03 49 89 d0
[ 10.145025] RSP: 0018:ffffab9780557ab0 EFLAGS: 00010096
[ 10.146841] RAX: ffffffffffffffe2 RBX: 0000000000000002 RCX: 0000000000032183
[ 10.149891] RDX: ffffffffffffffff RSI: 0000000000000002 RDI: 0000000000000000
[ 10.153006] RBP: ffffab9780557ae8 R08: ffffffffffffffff R09: 0000000000000004
[ 10.165999] R10: fffff30fc1cb2a88 R11: ffffffffffffffff R12: ffff88ec39f32400
[ 10.168142] R13: ffffffffffffffff R14: 0000000000000001 R15: ffff88ec3ffb2000
[ 10.170299] FS: 0000000000000000(0000) GS:ffff88ec3dc00000(0000) knlGS:0000000000000000
[ 10.172783] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 10.175285] CR2: 0000000000000518 CR3: 0000000078a7c000 CR4: 00000000000006f0
[ 10.178009] Call Trace:
[ 10.179133] ? __mod_lruvec_state+0x47/0xf0
[ 10.180897] __activate_page.part.0+0x125/0x290
[ 10.182665] __activate_page+0x3a/0x40
[ 10.184496] pagevec_lru_move_fn+0x9d/0xe0
[ 10.186124] ? __activate_page.part.0+0x290/0x290
[ 10.188030] lru_add_drain_cpu+0xeb/0x1b0
[ 10.190041] lru_add_drain+0x28/0x40
[ 10.194029] exit_mmap+0x82/0x1b0
[ 10.195400] ? get_file_caps.constprop.0+0xa2/0x150
[ 10.197578] ? _cond_resched+0x1a/0x50
[ 10.199834] ? mutex_lock+0x13/0x40
[ 10.201931] mmput+0x5f/0x140
[ 10.203772] exec_mmap+0x198/0x220
[ 10.205484] begin_new_exec+0x9e/0x2d0
[ 10.207132] load_elf_binary+0x7b2/0xe20
[ 10.209471] ? ima_bprm_check+0x89/0xb0
[ 10.211378] search_binary_handler+0xe1/0x270
[ 10.213590] exec_binprm+0x51/0x1a0
[ 10.215013] __do_execve_file+0x361/0x5b0
[ 10.216671] do_execve+0x27/0x30
[ 10.218596] __x64_sys_execve+0x2c/0x40
[ 10.220646] do_syscall_64+0x49/0xc0
[ 10.222729] entry_SYSCALL_64_after_hwframe+0x44/0xa9
[ 10.226379] RIP: 0033:0x7f8881dafb7b
[ 10.228548] Code: Unable to access opcode bytes at RIP 0x7f8881dafb51.
[ 10.230985] RSP: 002b:00007fffa1572278 EFLAGS: 00000246 ORIG_RAX: 000000000000003b
[ 10.233907] RAX: ffffffffffffffda RBX: 00000000ffffffff RCX: 00007f8881dafb7b
[ 10.236543] RDX: 00005576aad6e7a8 RSI: 00005576aad6e788 RDI: 00005576aad6e7d8
[ 10.240265] RBP: 00005576aad6e788 R08: 00005576aad6e7d8 R09: feff5475a9d4ff72
[ 10.243031] R10: 00007f8881d76610 R11: 0000000000000246 R12: 00005576aa32447e
[ 10.245755] R13: 00005576aad6e7a8 R14: 00005576aad6e7a8 R15: 00005576aad6e7d8
[ 10.248772] Modules linked in: isofs binfmt_misc nls_iso8859_1 joydev input_leds serio_raw sch_fq_codel drm ip_tables x_tables autofs4 ahci psmouse libahci virtio_blk xhci_pci xhci_pci_renesas virtio_net net_failover failover
[ 10.258738] CR2: 0000000000000518
[ 10.260139] ---[ end trace f7c347003caf39b8 ]---

See original description

Tags:

CVE References

Revision history for this message

Thadeu Lima de Souza Cascardo (cascardo) wrote on 2021-03-11:

Download full text (4.0 KiB)

One other example:

[ 41.499636] BUG: kernel NULL pointer dereference, address: 0000000000000518
[ 41.506015] #PF: supervisor read access in kernel mode
[ 41.508850] #PF: error_code(0x0000) - not-present page
[ 41.510728] PGD 0 P4D 0
[ 41.511714] Oops: 0000 [#1] SMP PTI
[ 41.513040] CPU: 1 PID: 198 Comm: kworker/u8:4 Tainted: G W 5.8.0-45-generic #51
[ 41.516172] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.14.0-1 04/01/2014
[ 41.519019] Workqueue: writeback wb_workfn (flush-252:0)
[ 41.520954] RIP: 0010:__mod_memcg_state.part.0+0xc/0x90
[ 41.522845] Code: f0 56 30 93 e8 15 9f 2e 00 5b 41 5c 41 5d 5d c3 4c 8b 25 ff 52 99 01 e9 76 ff ff ff 0f 0b 0f 1f 44 00 00 48 63 d2 55 48 63 f6 <48> 8b 87 18 05 00 00 65 48 8b 0c f0 48 01 ca 48 c1 e6 03 49 89 d0
[ 41.536800] RSP: 0018:ffffabad803ff7d8 EFLAGS: 00010097
[ 41.540726] RAX: ffffffffffffffe2 RBX: 0000000000000011 RCX: 0000000000032192
[ 41.543210] RDX: ffffffffffffffff RSI: 0000000000000011 RDI: 0000000000000000
[ 41.545567] RBP: ffffabad803ff810 R08: ffffffffffffffff R09: ffff96e43801ec00
[ 41.547992] R10: 0000000000000000 R11: 0000000000001000 R12: ffff96e43801ec00
[ 41.550528] R13: ffffffffffffffff R14: 0000000000000000 R15: ffff96e43ffb2000
[ 41.552904] FS: 0000000000000000(0000) GS:ffff96e43dc80000(0000) knlGS:0000000000000000
[ 41.557020] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 41.559173] CR2: 0000000000000518 CR3: 0000000035f4c000 CR4: 00000000000006e0
[ 41.561005] Call Trace:
[ 41.561769] ? __mod_lruvec_state+0x47/0xf0
[ 41.562897] clear_page_dirty_for_io+0x187/0x200
[ 41.564111] mpage_submit_page+0x24/0x90
[ 41.565181] mpage_map_and_submit_buffers+0xe3/0x190
[ 41.566477] mpage_map_and_submit_extent+0x5a/0x200
[ 41.567732] ext4_writepages+0x671/0x860
[ 41.568882] ? update_load_avg+0x82/0x630
[ 41.570181] do_writepages+0x38/0xc0
[ 41.571320] ? write_inode+0x5c/0x100
[ 41.572625] __writeback_single_inode+0x40/0x230
[ 41.574046] writeback_sb_inodes+0x22a/0x4e0
[ 41.575380] __writeback_inodes_wb+0x56/0xf0
[ 41.576798] wb_writeback+0x201/0x2e0
[ 41.578252] wb_check_old_data_flush+0xb7/0xc0
[ 41.580364] wb_do_writeback+0xbe/0x180
[ 41.581989] ? set_worker_desc+0xa6/0xb0
[ 41.583553] wb_workfn+0x74/0x290
[ 41.589094] ? __switch_to+0x7f/0x380
[ 41.590524] ? __switch_to_asm+0x42/0x70
[ 41.591753] ? __switch_to_asm+0x36/0x70
[ 41.593102] process_one_work+0x1e8/0x3b0
[ 41.594571] worker_thread+0x50/0x370
[ 41.595935] kthread+0x12f/0x150
[ 41.597224] ? process_one_work+0x3b0/0x3b0
[ 41.598772] ? __kthread_bind_mask+0x70/0x70
[ 41.600473] ret_from_fork+0x22/0x30
[ 41.601997] Modules linked in: isofs binfmt_misc nls_iso8859_1 input_leds joydev serio_raw sch_fq_codel drm ip_tables x_tables autofs4 ahci xhci_pci xhci_pci_renesas psmouse virtio_net libahci net_failover virtio_blk failover
[ 41.609197] CR2: 0000000000000518
[ 41.610567] ---[ end trace 63fecb49c24b6bde ]---
[ 41.612023] RIP: 0010:__mod_memcg_state.part.0+0xc/0x90
[ 41.613631] Code: f0 56 30 93 e8 15 9f 2e 00 5b 41 5c 41 5d 5d c3 4c 8b 25 ff 52 99 01 e9 76 ff ff ff 0f 0b 0f 1...

One other example:

[   41.499636] BUG: kernel NULL pointer dereference, address: 0000000000000518
[   41.506015] #PF: supervisor read access in kernel mode
[   41.508850] #PF: error_code(0x0000) - not-present page
[   41.510728] PGD 0 P4D 0
[   41.511714] Oops: 0000 [#1] SMP PTI
[   41.513040] CPU: 1 PID: 198 Comm: kworker/u8:4 Tainted: G        W         5.8.0-45-generic #51
[   41.516172] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.14.0-1 04/01/2014
[   41.519019] Workqueue: writeback wb_workfn (flush-252:0)
[   41.520954] RIP: 0010:__mod_memcg_state.part.0+0xc/0x90
[   41.522845] Code: f0 56 30 93 e8 15 9f 2e 00 5b 41 5c 41 5d 5d c3 4c 8b 25 ff 52 99 01 e9 76 ff ff ff 0f 0b 0f 1f 44 00 00 48 63 d2 55 48 63 f6 <48> 8b 87 18 05 00 00 65 48 8b 0c f0 48 01 ca 48 c1 e6 03 49 89 d0
[   41.536800] RSP: 0018:ffffabad803ff7d8 EFLAGS: 00010097
[   41.540726] RAX: ffffffffffffffe2 RBX: 0000000000000011 RCX: 0000000000032192
[   41.543210] RDX: ffffffffffffffff RSI: 0000000000000011 RDI: 0000000000000000
[   41.545567] RBP: ffffabad803ff810 R08: ffffffffffffffff R09: ffff96e43801ec00
[   41.547992] R10: 0000000000000000 R11: 0000000000001000 R12: ffff96e43801ec00
[   41.550528] R13: ffffffffffffffff R14: 0000000000000000 R15: ffff96e43ffb2000
[   41.552904] FS:  0000000000000000(0000) GS:ffff96e43dc80000(0000) knlGS:0000000000000000
[   41.557020] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   41.559173] CR2: 0000000000000518 CR3: 0000000035f4c000 CR4: 00000000000006e0
[   41.561005] Call Trace:
[   41.561769]  ? __mod_lruvec_state+0x47/0xf0
[   41.562897]  clear_page_dirty_for_io+0x187/0x200
[   41.564111]  mpage_submit_page+0x24/0x90
[   41.565181]  mpage_map_and_submit_buffers+0xe3/0x190
[   41.566477]  mpage_map_and_submit_extent+0x5a/0x200
[   41.567732]  ext4_writepages+0x671/0x860
[   41.568882]  ? update_load_avg+0x82/0x630
[   41.570181]  do_writepages+0x38/0xc0
[   41.571320]  ? write_inode+0x5c/0x100
[   41.572625]  __writeback_single_inode+0x40/0x230
[   41.574046]  writeback_sb_inodes+0x22a/0x4e0
[   41.575380]  __writeback_inodes_wb+0x56/0xf0
[   41.576798]  wb_writeback+0x201/0x2e0
[   41.578252]  wb_check_old_data_flush+0xb7/0xc0
[   41.580364]  wb_do_writeback+0xbe/0x180
[   41.581989]  ? set_worker_desc+0xa6/0xb0
[   41.583553]  wb_workfn+0x74/0x290
[   41.589094]  ? __switch_to+0x7f/0x380
[   41.590524]  ? __switch_to_asm+0x42/0x70
[   41.591753]  ? __switch_to_asm+0x36/0x70
[   41.593102]  process_one_work+0x1e8/0x3b0
[   41.594571]  worker_thread+0x50/0x370
[   41.595935]  kthread+0x12f/0x150
[   41.597224]  ? process_one_work+0x3b0/0x3b0
[   41.598772]  ? __kthread_bind_mask+0x70/0x70
[   41.600473]  ret_from_fork+0x22/0x30
[   41.601997] Modules linked in: isofs binfmt_misc nls_iso8859_1 input_leds joydev serio_raw sch_fq_codel drm ip_tables x_tables autofs4 ahci xhci_pci xhci_pci_renesas psmouse virtio_net libahci net_failover virtio_blk failover
[   41.609197] CR2: 0000000000000518
[   41.610567] ---[ end trace 63fecb49c24b6bde ]---
[   41.612023] RIP: 0010:__mod_memcg_state.part.0+0xc/0x90
[   41.613631] Code: f0 56 30 93 e8 15 9f 2e 00 5b 41 5c 41 5d 5d c3 4c 8b 25 ff 52 99 01 e9 76 ff ff ff 0f 0b 0f 1f 44 00 00 48 63 d2 55 48 63 f6 <48> 8b 87 18 05 00 00 65 48 8b 0c f0 48 01 ca 48 c1 e6 03 49 89 d0
[   41.623236] RSP: 0018:ffffabad803ff7d8 EFLAGS: 00010097
[   41.625530] RAX: ffffffffffffffe2 RBX: 0000000000000011 RCX: 0000000000032192
[   41.629038] RDX: ffffffffffffffff RSI: 0000000000000011 RDI: 0000000000000000
[   41.632316] RBP: ffffabad803ff810 R08: ffffffffffffffff R09: ffff96e43801ec00
[   41.635007] R10: 0000000000000000 R11: 0000000000001000 R12: ffff96e43801ec00
[   41.637663] R13: ffffffffffffffff R14: 0000000000000000 R15: ffff96e43ffb2000
[   41.640305] FS:  0000000000000000(0000) GS:ffff96e43dc80000(0000) knlGS:0000000000000000
[   41.643404] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   41.645522] CR2: 0000000000000518 CR3: 0000000035f4c000 CR4: 00000000000006e0
[   41.647610] ------------[ cut here ]------------

Changed in linux (Ubuntu):
status:	New → Invalid
Changed in linux (Ubuntu Groovy):
status:	New → In Progress
assignee:	nobody → Thadeu Lima de Souza Cascardo (cascardo)
importance:	Undecided → Critical

Revision history for this message

Thadeu Lima de Souza Cascardo (cascardo) wrote on 2021-03-11:

Running update-grub/grub-probe seems to trigger it every time.

Thadeu Lima de Souza Cascardo (cascardo) on 2021-03-11

summary:	- vm changes cause NULL pointer derefs + improper memcg accounting causes NULL pointer derefs
description:	updated

Kelsey Steele (kelsey-steele) on 2021-03-12

Changed in linux (Ubuntu Groovy):
status:	In Progress → Fix Committed

Revision history for this message

Ubuntu Kernel Bot (ubuntu-kernel-bot) wrote on 2021-03-26:

This bug is awaiting verification that the kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-groovy' to 'verification-done-groovy'. If the problem still exists, change the tag 'verification-needed-groovy' to 'verification-failed-groovy'.

If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you!

tags:

added: verification-needed-groovy

Revision history for this message

Khaled El Mously (kmously) wrote on 2021-04-10:

To verify:
- I installed groovy on 'durin' (in the maas pod), which installed with kernel -48.
- Enabled -proposed, installed the new -49 kernel. (this automatically runs update-grub)
- rebooted, confirmed that -49 is running.
- ran update-grub manually.

No NULL dereferences were observed.
Marking as verified.

tags:

added: verification-done-groovy
removed: verification-needed-groovy

Revision history for this message

Launchpad Janitor (janitor) wrote on 2021-04-12:

Download full text (28.3 KiB)

This bug was fixed in the package linux - 5.8.0-49.55

---------------
linux (5.8.0-49.55) groovy; urgency=medium

* groovy/linux: 5.8.0-49.55 -proposed tracker (LP: #1921053)

  * selftests: bpf verifier fails after sanitize_ptr_alu fixes (LP: #1920995)
    - bpf: Simplify alu_limit masking for pointer arithmetic
    - bpf: Add sanity check for upper ptr_limit
    - bpf, selftests: Fix up some test_verifier cases for unprivileged

* Packaging resync (LP: #1786013)
- update dkms package versions

* improper memcg accounting causes NULL pointer derefs (LP: #1918668)
- SAUCE: Revert "mm: memcg/slab: optimize objcg stock draining"

* kernel: Enable CONFIG_BPF_LSM on Ubuntu (LP: #1905975)
- [Config] Enable CONFIG_BPF_LSM

This bug was fixed in the package linux - 5.8.0-49.55

---------------
linux (5.8.0-49.55) groovy; urgency=medium

* groovy/linux: 5.8.0-49.55 -proposed tracker (LP: #1921053)

* Packaging resync (LP: #1786013)
    - update dkms package versions

* improper memcg accounting causes NULL pointer derefs (LP: #1918668)
    - SAUCE: Revert "mm: memcg/slab: optimize objcg stock draining"

* kernel: Enable CONFIG_BPF_LSM on Ubuntu (LP: #1905975)
    - [Config] Enable CONFIG_BPF_LSM

* Groovy update: upstream stable patchset 2021-03-10 (LP: #1918516)
    - gpio: mvebu: fix pwm .get_state period calculation
    - HID: wacom: Correct NULL dereference on AES pen proximity
    - media: v4l2-subdev.h: BIT() is not available in userspace
    - RDMA/vmw_pvrdma: Fix network_hdr_type reported in WC
    - kernel/io_uring: cancel io_uring before task works
    - io_uring: dont kill fasync under completion_lock
    - objtool: Don't fail on missing symbol table
    - mm/page_alloc: add a missing mm_page_alloc_zone_locked() tracepoint
    - mm: fix a race on nr_swap_pages
    - tools: Factor HOSTCC, HOSTLD, HOSTAR definitions
    - iwlwifi: provide gso_type to GSO packets
    - tty: avoid using vfs_iocb_iter_write() for redirected console writes
    - ACPI: sysfs: Prefer "compatible" modalias
    - kernel: kexec: remove the lock operation of system_transition_mutex
    - ALSA: hda/realtek: Enable headset of ASUS B1400CEPE with ALC256
    - ALSA: hda/via: Apply the workaround generically for Clevo machines
    - parisc: Enable -mlong-calls gcc option by default when !CONFIG_MODULES
    - media: cec: add stm32 driver
    - media: hantro: Fix reset_raw_fmt initialization
    - media: rc: fix timeout handling after switch to microsecond durations
    - media: rc: ite-cir: fix min_timeout calculation
    - media: rc: ensure that uevent can be read directly after rc device register
    - ARM: dts: tbs2910: rename MMC node aliases
    - ARM: dts: ux500: Reserve memory carveouts
    - ARM: dts: imx6qdl-gw52xx: fix duplicate regulator naming
    - wext: fix NULL-ptr-dereference with cfg80211's lack of commit()
    - ASoC: AMD Renoir - refine DMI entries for some Lenovo products
    - drm/i915: Always flush the active worker before returning from the wait
    - drm/i915/gt: Always try to reserve GGTT address 0x0
    - drivers/nouveau/kms/nv50-: Reject format modifiers for cursor planes
    - net: usb: qmi_wwan: added support for Thales Cinterion PLSx3 modem family
    - s390: uv: Fix sysfs max number of VCPUs reporting
    - s390/vfio-ap: No need to disable IRQ after queue reset
    - PM: hibernate: flush swap writer after marking
    - x86/entry: Emit a symbol for register restoring thunk
    - efi/apple-properties: Reinstate support for boolean properties
    - drivers: soc: atmel: Avoid calling at91_soc_init on non AT91 SoCs
    - drivers: soc: atmel: add null entry at the end of at91_soc_allowed_list[]
    - btrfs: fix possible free space tree corruption with online conversion
    - KVM: x86/pmu: Fix HW_REF_CPU_CYCLES event pseudo-encoding in
      intel_arch_events[]
    - KVM: x86/pmu: Fix UBSAN shift-out-of-bounds warning in intel_pmu_refresh()
    - KVM: nVMX: Sync unsync'd vmcs02 state to vmcs12 on migration
    - KVM: x86: get smi pending status correctly
    - KVM: Forbid the use of tagged userspace addresses for memslots
    - xen: Fix XenStore initialisation for XS_LOCAL
    - leds: trigger: fix potential deadlock with libata
    - arm64: dts: broadcom: Fix USB DMA address translation for Stingray
    - mt7601u: fix kernel crash unplugging the device
    - mt7601u: fix rx buffer refcounting
    - iwlwifi: Fix IWL_SUBDEVICE_NO_160 macro to use the correct bit.
    - drm/i915/gt: Clear CACHE_MODE prior to clearing residuals
    - drm/i915/pmu: Don't grab wakeref when enabling events
    - net/mlx5e: Fix IPSEC stats
    - ARM: dts: imx6qdl-kontron-samx6i: fix pwms for lcd-backlight
    - drm/nouveau/svm: fail NOUVEAU_SVM_INIT ioctl on unsupported devices
    - drm/i915: Check for all subplatform bits
    - drm/i915/selftest: Fix potential memory leak
    - uapi: fix big endian definition of ipv6_rpl_sr_hdr
    - KVM: Documentation: Fix spec for KVM_CAP_ENABLE_CAP_VM
    - tee: optee: replace might_sleep with cond_resched
    - xen-blkfront: allow discard-* nodes to be optional
    - clk: mmp2: fix build without CONFIG_PM
    - clk: qcom: gcc-sm250: Use floor ops for sdcc clks
    - ARM: imx: build suspend-imx6.S with arm instruction set
    - ARM: zImage: atags_to_fdt: Fix node names on added root nodes
    - netfilter: nft_dynset: add timeout extension to template
    - Revert "RDMA/mlx5: Fix devlink deadlock on net namespace deletion"
    - xfrm: Fix oops in xfrm_replay_advance_bmp
    - xfrm: fix disable_xfrm sysctl when used on xfrm interfaces
    - xfrm: Fix wraparound in xfrm_policy_addr_delta()
    - arm64: dts: ls1028a: fix the offset of the reset register
    - ARM: dts: imx6qdl-kontron-samx6i: fix i2c_lcd/cam default status
    - ARM: dts: imx6qdl-sr-som: fix some cubox-i platforms
    - arm64: dts: imx8mp: Correct the gpio ranges of gpio3
    - firmware: imx: select SOC_BUS to fix firmware build
    - RDMA/cxgb4: Fix the reported max_recv_sge value
    - ASoC: Intel: Skylake: skl-topology: Fix OOPs ib skl_tplg_complete
    - pNFS/NFSv4: Fix a layout segment leak in pnfs_layout_process()
    - pNFS/NFSv4: Update the layout barrier when we schedule a layoutreturn
    - iwlwifi: pcie: set LTR on more devices
    - iwlwifi: pcie: use jiffies for memory read spin time limit
    - iwlwifi: pcie: reschedule in long-running memory reads
    - mac80211: pause TX while changing interface type
    - ice: fix FDir IPv6 flexbyte
    - ice: Implement flow for IPv6 next header (extension header)
    - ice: update dev_addr in ice_set_mac_address even if HW filter exists
    - ice: Don't allow more channels than LAN MSI-X available
    - ice: Fix MSI-X vector fallback logic
    - i40e: acquire VSI pointer only after VF is initialized
    - igc: fix link speed advertising
    - net/mlx5: Fix memory leak on flow table creation error flow
    - net/mlx5e: E-switch, Fix rate calculation for overflow
    - net/mlx5e: free page before return
    - net/mlx5e: Reduce tc unsupported key print level
    - net/mlx5e: Disable hw-tc-offload when MLX5_CLS_ACT config is disabled
    - net/mlx5e: Fix CT rule + encap slow path offload and deletion
    - net/mlx5e: Correctly handle changing the number of queues when the interface
      is down
    - net/mlx5e: Revert parameters on errors when changing trust state without
      reset
    - net/mlx5e: Revert parameters on errors when changing MTU and LRO state
      without reset
    - can: dev: prevent potential information leak in can_fill_info()
    - ACPI/IORT: Do not blindly trust DMA masks from firmware
    - iommu/amd: Use IVHD EFR for early initialization of IOMMU features
    - iommu/vt-d: Correctly check addr alignment in qi_flush_dev_iotlb_pasid()
    - nvme-multipath: Early exit if no path is available
    - selftests: forwarding: Specify interface when invoking mausezahn
    - rxrpc: Fix memory leak in rxrpc_lookup_local
    - NFC: fix resource leak when target index is invalid
    - NFC: fix possible resource leak
    - ASoC: topology: Properly unregister DAI on removal
    - ASoC: topology: Fix memory corruption in soc_tplg_denum_create_values()
    - team: protect features update by RCU to avoid deadlock
    - tcp: make TCP_USER_TIMEOUT accurate for zero window probes
    - tcp: fix TLP timer not set when CA_STATE changes from DISORDER to OPEN
    - ICMPv6: Add ICMPv6 Parameter Problem, code 3 definition
    - IPv6: reply ICMP error if the first fragment don't include all headers
    - iommu/vt-d: Gracefully handle DMAR units with no supported address widths

* xfrm_policy.sh in net from ubuntu_kernel_selftests passed with failed sub-
    cases (LP: #1909647)
    - selftests: xfrm: fix test return value override issue in xfrm_policy.sh

* CVE-2021-3347
    - futex: Remove put_futex_key()
    - futex: Remove needless goto's
    - futex: Replace pointless printk in fixup_owner()
    - futex: Ensure the correct return value from futex_lock_pi()
    - futex: Provide and use pi_state_update_owner()
    - rtmutex: Remove unused argument from rt_mutex_proxy_unlock()
    - futex: Use pi_state_update_owner() in put_pi_state()
    - futex: Simplify fixup_pi_state_owner()
    - futex: Handle faults correctly for PI futexes

* CVE-2021-3348
    - nbd: freeze the queue while we're adding connections

* [Regression] ubuntu_bpf failed to build on Groovy (LP: #1917609)
    - SAUCE: partially revert "bpf: Zero-fill re-used per-cpu map element"

* alsa/hda: the hdmi audio dosn't work on TGL machines (LP: #1917829)
    - ALSA: hda/hdmi: let new platforms assign the pcm slot dynamically

* Groovy update: upstream stable patchset 2021-03-05 (LP: #1917964)
    - mtd: rawnand: gpmi: fix dst bit offset when extracting raw payload
    - i2c: bpmp-tegra: Ignore unknown I2C_M flags
    - platform/x86: i2c-multi-instantiate: Don't create platform device for
      INT3515 ACPI nodes
    - platform/x86: ideapad-laptop: Disable touchpad_switch for ELAN0634
    - ALSA: seq: oss: Fix missing error check in snd_seq_oss_synth_make_info()
    - ALSA: hda/realtek - Limit int mic boost on Acer Aspire E5-575T
    - ALSA: hda/via: Add minimum mute flag
    - dm crypt: fix copy and paste bug in crypt_alloc_req_aead
    - ACPI: scan: Make acpi_bus_get_device() clear return pointer on error
    - btrfs: don't get an EINTR during drop_snapshot for reloc
    - btrfs: do not double free backref nodes on error
    - btrfs: fix lockdep splat in btrfs_recover_relocation
    - btrfs: don't clear ret in btrfs_start_dirty_block_groups
    - btrfs: send: fix invalid clone operations when cloning from the same file
      and root
    - writeback: Drop I_DIRTY_TIME_EXPIRE
    - fs: fix lazytime expiration handling in __writeback_single_inode()
    - pinctrl: ingenic: Fix JZ4760 support
    - mmc: core: don't initialize block size from ext_csd if not present
    - mmc: sdhci-of-dwcmshc: fix rpmb access
    - mmc: sdhci-xenon: fix 1.8v regulator stabilization
    - mmc: sdhci-brcmstb: Fix mmc timeout errors on S5 suspend
    - dm: avoid filesystem lookup in dm_get_dev_t()
    - dm integrity: fix a crash if "recalculate" used without "internal_hash"
    - dm integrity: conditionally disable "recalculate" feature
    - drm/atomic: put state on error path
    - drm/syncobj: Fix use-after-free
    - drm/amdgpu: remove gpu info firmware of green sardine
    - drm/amd/display: DCN2X Find Secondary Pipe properly in MPO + ODM Case
    - drm/i915/gt: Prevent use of engine->wa_ctx after error
    - ASoC: Intel: haswell: Add missing pm_ops
    - ASoC: rt711: mutex between calibration and power state changes
    - SUNRPC: Handle TCP socket sends with kernel_sendpage() again
    - HID: sony: select CONFIG_CRC32
    - dm integrity: select CRYPTO_SKCIPHER
    - scsi: ufs: Correct the LUN used in eh_device_reset_handler() callback
    - scsi: qedi: Correct max length of CHAP secret
    - scsi: scsi_debug: Fix memleak in scsi_debug_init()
    - scsi: sd: Suppress spurious errors when WRITE SAME is being disabled
    - riscv: Fix kernel time_init()
    - riscv: Fix sifive serial driver
    - riscv: Enable interrupts during syscalls with M-Mode
    - HID: logitech-dj: add the G602 receiver
    - HID: Ignore battery for Elan touchscreen on ASUS UX550
    - clk: tegra30: Add hda clock default rates to clock driver
    - ALSA: hda/tegra: fix tegra-hda on tegra30 soc
    - arm64: make atomic helpers __always_inline
    - xen: Fix event channel callback via INTX/GSI
    - x86/xen: Add xen_no_vector_callback option to test PCI INTX delivery
    - dts: phy: fix missing mdio device and probe failure of vsc8541-01 device
    - riscv: defconfig: enable gpio support for HiFive Unleashed
    - drm/amdgpu/psp: fix psp gfx ctrl cmds
    - drm/amd/display: disable dcn10 pipe split by default
    - HID: logitech-hidpp: Add product ID for MX Ergo in Bluetooth mode
    - drm/amd/display: Fix to be able to stop crc calculation
    - drm/nouveau/bios: fix issue shadowing expansion ROMs
    - drm/nouveau/privring: ack interrupts the same way as RM
    - drm/nouveau/i2c/gm200: increase width of aux semaphore owner fields
    - drm/nouveau/mmu: fix vram heap sizing
    - drm/nouveau/kms/nv50-: fix case where notifier buffer is at offset 0
    - io_uring: flush timeouts that should already have expired
    - libperf tests: If a test fails return non-zero
    - libperf tests: Fail when failing to get a tracepoint id
    - RISC-V: Set current memblock limit
    - RISC-V: Fix maximum allowed phsyical memory for RV32
    - pinctrl: aspeed: g6: Fix PWMG0 pinctrl setting
    - pinctrl: mediatek: Fix fallback call path
    - scsi: megaraid_sas: Fix MEGASAS_IOC_FIRMWARE regression
    - scsi: ufs: ufshcd-pltfrm depends on HAS_IOMEM
    - crypto: omap-sham - Fix link error without crypto-engine
    - powerpc: Use the common INIT_DATA_SECTION macro in vmlinux.lds.S
    - powerpc: Fix alignment bug within the init sections
    - arm64: entry: remove redundant IRQ flag tracing
    - drm/amdkfd: Fix out-of-bounds read in kdf_create_vcrat_image_cpu()
    - i2c: octeon: check correct size of maximum RECV_LEN packet
    - platform/x86: intel-vbtn: Drop HP Stream x360 Convertible PC 11 from allow-
      list
    - platform/x86: hp-wmi: Don't log a warning on HPWMI_RET_UNKNOWN_COMMAND
      errors
    - gpio: sifive: select IRQ_DOMAIN_HIERARCHY rather than depend on it
    - selftests: net: fib_tests: remove duplicate log test
    - can: dev: can_restart: fix use after free bug
    - can: vxcan: vxcan_xmit: fix use after free bug
    - can: peak_usb: fix use after free bugs
    - perf evlist: Fix id index for heterogeneous systems
    - i2c: sprd: depend on COMMON_CLK to fix compile tests
    - iio: common: st_sensors: fix possible infinite loop in st_sensors_irq_thread
    - iio: ad5504: Fix setting power-down state
    - counter:ti-eqep: remove floor
    - cifs: do not fail __smb_send_rqst if non-fatal signals are pending
    - irqchip/mips-cpu: Set IPI domain parent chip
    - x86/fpu: Add kernel_fpu_begin_mask() to selectively initialize state
    - x86/topology: Make __max_die_per_package available unconditionally
    - x86/mmx: Use KFPU_387 for MMX string operations
    - proc_sysctl: fix oops caused by incorrect command parameters
    - mm: memcg/slab: optimize objcg stock draining
    - io_uring: fix SQPOLL IORING_OP_CLOSE cancelation state
    - intel_th: pci: Add Alder Lake-S support
    - intel_th: pci: Add Alder Lake CPU support
    - intel_th: pci: Add Alder Lake-P support
    - stm class: Fix module init return on allocation failure
    - serial: mvebu-uart: fix tx lost characters at power off
    - ehci: fix EHCI host controller initialization sequence
    - USB: ehci: fix an interrupt calltrace error
    - usb: gadget: aspeed: fix stop dma register setting.
    - USB: gadget: dummy-hcd: Fix errors in port-reset handling
    - usb: udc: core: Use lock when write to soft_connect
    - [Config] updateconfigs for USB_BDC_PCI
    - usb: bdc: Make bdc pci driver depend on BROKEN
    - usb: cdns3: imx: fix writing read-only memory issue
    - usb: cdns3: imx: fix can't create core device the second time issue
    - xhci: make sure TRB is fully written before giving it to the controller
    - xhci: tegra: Delay for disabling LFPS detector
    - driver core: Extend device_is_dependent()
    - x86/cpu/amd: Set __max_die_per_package on AMD
    - cls_flower: call nla_ok() before nla_next()
    - netfilter: rpfilter: mask ecn bits before fib lookup
    - sh: dma: fix kconfig dependency for G2_DMA
    - ASoC: SOF: Intel: fix page fault at probe if i915 init fails
    - octeontx2-af: Fix missing check bugs in rvu_cgx.c
    - net: dsa: mv88e6xxx: also read STU state in mv88e6250_g1_vtu_getnext
    - sh_eth: Fix power down vs. is_opened flag ordering
    - cachefiles: Drop superfluous readpages aops NULL check
    - lightnvm: fix memory leak when submit fails
    - skbuff: back tiny skbs with kmalloc() in __netdev_alloc_skb() too
    - kasan: fix unaligned address is unhandled in kasan_remove_zero_shadow
    - kasan: fix incorrect arguments passing in kasan_add_zero_shadow
    - tcp: fix TCP socket rehash stats mis-accounting
    - net_sched: gen_estimator: support large ewma log
    - udp: mask TOS bits in udp_v4_early_demux()
    - ipv6: create multicast route with RTPROT_KERNEL
    - net_sched: avoid shift-out-of-bounds in tcindex_set_parms()
    - net_sched: reject silly cell_log in qdisc_get_rtab()
    - ipv6: set multicast flag on the multicast route
    - net: mscc: ocelot: allow offloading of bridge on top of LAG
    - net: Disable NETIF_F_HW_TLS_RX when RXCSUM is disabled
    - net: dsa: b53: fix an off by one in checking "vlan->vid"
    - tcp: do not mess with cloned skbs in tcp_add_backlog()
    - tcp: fix TCP_USER_TIMEOUT with zero window
    - net: core: devlink: use right genl user_ptr when handling port param get/set
    - pinctrl: qcom: Allow SoCs to specify a GPIO function that's not 0
    - pinctrl: qcom: No need to read-modify-write the interrupt status
    - pinctrl: qcom: Properly clear "intr_ack_high" interrupts when unmasking
    - pinctrl: qcom: Don't clear pending interrupts when enabling
    - tty: implement write_iter
    - tty: fix up hung_up_tty_write() conversion
    - drm/i915/hdcp: Get conn while content_type changed
    - seq_file: add seq_read_iter
    - kernfs: implement ->read_iter
    - kernfs: implement ->write_iter
    - kernfs: wire up ->splice_read and ->splice_write
    - fs/pipe: allow sendfile() to pipe again
    - Commit 9bb48c82aced ("tty: implement write_iter") converted the tty layer to
      use write_iter. Fix the redirected_tty_write declaration also in n_tty and
      change the comparisons to use write_iter instead of write. also in n_tty and
      change the comparisons to use write_iter instead of write.

* Enforce CONFIG_DRM_BOCHS=m (LP: #1916290)
    - [Config] Enforce CONFIG_DRM_BOCHS=m

* Groovy update: upstream stable patchset 2021-02-25 (LP: #1916960)
    - btrfs: reloc: fix wrong file extent type check to avoid false ENOENT
    - btrfs: prevent NULL pointer dereference in extent_io_tree_panic
    - ALSA: doc: Fix reference to mixart.rst
    - ASoC: AMD Renoir - add DMI entry for Lenovo ThinkPad X395
    - ASoC: dapm: remove widget from dirty list on free
    - x86/hyperv: check cpu mask after interrupt has been disabled
    - drm/amdgpu: add green_sardine device id (v2)
    - drm/amdgpu: fix DRM_INFO flood if display core is not supported (bug 210921)
    - drm/amdgpu: add Green_Sardine APU flag
    - drm/amdgpu: add green_sardine support for gpu_info and ip block setting (v2)
    - drm/amdgpu: add soc15 common ip block support for green_sardine (v3)
    - drm/amdgpu: add new device id for Renior
    - drm/i915/gt: Limit VFE threads based on GT
    - drm/i915/backlight: fix CPU mode backlight takeover on LPT
    - drm/bridge: sii902x: Refactor init code into separate function
    - dt-bindings: display: sii902x: Add supply bindings
    - tracing/kprobes: Do the notrace functions check without kprobes on ftrace
    - ext4: fix bug for rename with RENAME_WHITEOUT
    - cifs: check pointer before freeing
    - cifs: fix interrupted close commands
    - riscv: return -ENOSYS for syscall -1
    - riscv: Fixup CONFIG_GENERIC_TIME_VSYSCALL
    - mips: fix Section mismatch in reference
    - mips: lib: uncached: fix non-standard usage of variable 'sp'
    - MIPS: boot: Fix unaligned access with CONFIG_MIPS_RAW_APPENDED_DTB
    - MIPS: Fix malformed NT_FILE and NT_SIGINFO in 32bit coredumps
    - MIPS: relocatable: fix possible boot hangup with KASLR enabled
    - RDMA/ocrdma: Fix use after free in ocrdma_dealloc_ucontext_pd()
    - ACPI: scan: Harden acpi_device_add() against device ID overflows
    - xen/privcmd: allow fetching resource sizes
    - compiler.h: Raise minimum version of GCC to 5.1 for arm64
    - mm/hugetlb: fix potential missing huge page size info
    - mm/process_vm_access.c: include compat.h
    - dm raid: fix discard limits for raid1
    - dm snapshot: flush merged data before committing metadata
    - dm integrity: fix flush with external metadata device
    - dm integrity: fix the maximum number of arguments
    - dm crypt: use GFP_ATOMIC when allocating crypto requests from softirq
    - stmmac: intel: change all EHL/TGL to auto detect phy addr
    - r8152: Add Lenovo Powered USB-C Travel Hub
    - btrfs: tree-checker: check if chunk item end overflows
    - ext4: don't leak old mountpoint samples
    - ARC: build: remove non-existing bootpImage from KBUILD_IMAGE
    - ARC: build: add uImage.lzma to the top-level target
    - ARC: build: add boot_targets to PHONY
    - ARC: build: move symlink creation to arch/arc/Makefile to avoid race
    - ARM: omap2: pmic-cpcap: fix maximum voltage to be consistent with defaults
      on xt875
    - ath11k: fix crash caused by NULL rx_channel
    - netfilter: ipset: fixes possible oops in mtype_resize
    - btrfs: fix async discard stall
    - btrfs: merge critical sections of discard lock in workfn
    - btrfs: fix transaction leak and crash after RO remount caused by qgroup
      rescan
    - regulator: bd718x7: Add enable times
    - ethernet: ucc_geth: fix definition and size of ucc_geth_tx_global_pram
    - habanalabs/gaudi: retry loading TPC f/w on -EINTR
    - habanalabs: register to pci shutdown callback
    - habanalabs: Fix memleak in hl_device_reset
    - hwmon: (pwm-fan) Ensure that calculation doesn't discard big period values
    - lib/raid6: Let $(UNROLL) rules work with macOS userland
    - spi: fix the divide by 0 error when calculating xfer waiting time
    - arch/arc: add copy_user_page() to <asm/page.h> to fix build error on ARC
    - misdn: dsp: select CONFIG_BITREVERSE
    - net: ethernet: fs_enet: Add missing MODULE_LICENSE
    - nvme-pci: mark Samsung PM1725a as IGNORE_DEV_SUBNQN
    - nvme: avoid possible double fetch in handling CQE
    - nvmet-rdma: Fix list_del corruption on queue establishment failure
    - drm/amd/display: fix sysfs amdgpu_current_backlight_pwm NULL pointer issue
    - drm/amdgpu: fix a GPU hang issue when remove device
    - drm/amd/pm: fix the failure when change power profile for renoir
    - drm/amdgpu: fix potential memory leak during navi12 deinitialization
    - usb: typec: Fix copy paste error for NVIDIA alt-mode description
    - iommu/vt-d: Fix lockdep splat in sva bind()/unbind()
    - ACPI: scan: add stub acpi_create_platform_device() for !CONFIG_ACPI
    - drm/msm: Call msm_init_vram before binding the gpu
    - ARM: picoxcell: fix missing interrupt-parent properties
    - poll: fix performance regression due to out-of-line __put_user()
    - bpf: Simplify task_file_seq_get_next()
    - bpf: Save correct stopping point in file seq iteration
    - cfg80211: select CONFIG_CRC32
    - iommu/vt-d: Update domain geometry in iommu_ops.at(de)tach_dev
    - net/mlx5: Fix passing zero to 'PTR_ERR'
    - net/mlx5: E-Switch, fix changing vf VLANID
    - mm: don't put pinned pages into the swap cache
    - perf intel-pt: Fix 'CPU too large' error
    - dump_common_audit_data(): fix racy accesses to ->d_name
    - ASoC: meson: axg-tdm-interface: fix loopback
    - ASoC: meson: axg-tdmin: fix axg skew offset
    - ASoC: Intel: fix error code cnl_set_dsp_D0()
    - nvmet-rdma: Fix NULL deref when setting pi_enable and traddr INADDR_ANY
    - nvme: don't intialize hwmon for discovery controllers
    - nvme-tcp: fix possible data corruption with bio merges
    - nvme-tcp: Fix warning with CONFIG_DEBUG_PREEMPT
    - NFS4: Fix use-after-free in trace_event_raw_event_nfs4_set_lock
    - pNFS: We want return-on-close to complete when evicting the inode
    - pNFS: Mark layout for return if return-on-close was not sent
    - pNFS: Stricter ordering of layoutget and layoutreturn
    - NFS: Adjust fs_context error logging
    - NFS/pNFS: Don't call pnfs_free_bucket_lseg() before removing the request
    - NFS/pNFS: Don't leak DS commits in pnfs_generic_retry_commit()
    - NFS/pNFS: Fix a leak of the layout 'plh_outstanding' counter
    - NFS: nfs_delegation_find_inode_server must first reference the superblock
    - NFS: nfs_igrab_and_active must first reference the superblock
    - scsi: ufs: Fix possible power drain during system suspend
    - ext4: fix superblock checksum failure when setting password salt
    - RDMA/restrack: Don't treat as an error allocation ID wrapping
    - RDMA/usnic: Fix memleak in find_free_vf_and_create_qp_grp
    - bnxt_en: Improve stats context resource accounting with RDMA driver loaded.
    - RDMA/mlx5: Fix wrong free of blue flame register on error
    - IB/mlx5: Fix error unwinding when set_has_smi_cap fails
    - dm zoned: select CONFIG_CRC32
    - drm/i915/dsi: Use unconditional msleep for the panel_on_delay when there is
      no reset-deassert MIPI-sequence
    - drm/i915/icl: Fix initing the DSI DSC power refcount during HW readout
    - drm/i915/gt: Restore clear-residual mitigations for Ivybridge, Baytrail
    - mm, slub: consider rest of partial list if acquire_slab() fails
    - iommu/vt-d: Fix unaligned addresses for intel_flush_svm_range_dev()
    - net: sunrpc: interpret the return value of kstrtou32 correctly
    - selftests: netfilter: Pass family parameter "-f" to conntrack tool
    - dm: eliminate potential source of excessive kernel log noise
    - ALSA: fireface: Fix integer overflow in transmit_midi_msg()
    - ALSA: firewire-tascam: Fix integer overflow in midi_port_work()
    - netfilter: conntrack: fix reading nf_conntrack_buckets
    - netfilter: nf_nat: Fix memleak in nf_nat_init
    - netfilter: nft_compat: remove flush counter optimization
    - kbuild: enforce -Werror=return-type
    - [Config] updateconfigs for KPROBE_EVENTS_ON_NOTRACE
    - x86/hyperv: Initialize clockevents after LAPIC is initialized
    - bpf: Fix signed_{sub,add32}_overflows type handling
    - nfsd4: readdirplus shouldn't return parent of export
    - bpf: Don't leak memory in bpf getsockopt when optlen == 0
    - bpf: Support PTR_TO_MEM{,_OR_NULL} register spilling
    - bpf: Fix helper bpf_map_peek_elem_proto pointing to wrong callback
    - net: ipa: modem: add missing SET_NETDEV_DEV() for proper sysfs links
    - net: fix use-after-free when UDP GRO with shared fraglist
    - udp: Prevent reuseport_select_sock from reading uninitialized socks
    - netxen_nic: fix MSI/MSI-x interrupts
    - net: ipv6: Validate GSO SKB before finish IPv6 processing
    - tipc: fix NULL deref in tipc_link_xmit()
    - mlxsw: core: Add validation of transceiver temperature thresholds
    - mlxsw: core: Increase critical threshold for ASIC thermal zone
    - net: mvpp2: Remove Pause and Asym_Pause support
    - rndis_host: set proper input size for OID_GEN_PHYSICAL_MEDIUM request
    - esp: avoid unneeded kmap_atomic call
    - net: dcb: Validate netlink message in DCB handler
    - net: dcb: Accept RTM_GETDCB messages carrying set-like DCB commands
    - rxrpc: Call state should be read with READ_ONCE() under some circumstances
    - i40e: fix potential NULL pointer dereferencing
    - net: stmmac: Fixed mtu channged by cache aligned
    - net: sit: unregister_netdevice on newlink's error path
    - net: stmmac: fix taprio schedule configuration
    - net: stmmac: fix taprio configuration when base_time is in the past
    - net: avoid 32 x truesize under-estimation for tiny skbs
    - rxrpc: Fix handling of an unsupported token type in rxrpc_read()
    - net: stmmac: use __napi_schedule() for PREEMPT_RT
    - drm/panel: otm8009a: allow using non-continuous dsi clock
    - mac80211: do not drop tx nulldata packets on encrypted links
    - mac80211: check if atf has been disabled in __ieee80211_schedule_txq
    - net: dsa: unbind all switches from tree when DSA master unbinds
    - cxgb4/chtls: Fix tid stuck due to wrong update of qid
    - spi: fsl: Fix driver breakage when SPI_CS_HIGH is not set in spi->mode
    - spi: cadence: cache reference clock rate during probe
    - usb: ohci: Make distrust_firmware param default to false
    - elfcore: fix building with clang
    - spi: npcm-fiu: simplify the return expression of npcm_fiu_probe()
    - spi: npcm-fiu: Disable clock in probe error path

* CVE-2021-20239
    - net, sctp, filter: remap copy_from_user failure error

-- Stefan Bader <stefan.bader@canonical.com>  Wed, 24 Mar 2021 10:27:36 +0100

Changed in linux (Ubuntu Groovy):
status:	Fix Committed → Fix Released

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.

Ubuntulinux package

improper memcg accounting causes NULL pointer derefs

Bug Description

CVE References

Other bug subscribers

Remote bug watches

Ubuntu
linux package