Ubuntu
linux-kvm package

Please trust Canonical Livepatch Service kmod signing key

  1. Groovy (20.10)
  2. Bug #1898716
Bug #1898716 reported by Dimitri John Ledkov
8
This bug affects 1 person
Affects Status Importance Assigned to Milestone
linux (Ubuntu)
Fix Released
Medium
Unassigned
Bionic
Fix Released
Medium
Unassigned
Focal
Fix Released
Medium
Unassigned
Groovy
Fix Released
Medium
Unassigned
linux-gcp (Ubuntu)
Fix Released
Medium
Unassigned
Bionic
New
Undecided
Unassigned
Focal
Fix Released
Medium
Unassigned
Groovy
Fix Released
Undecided
Unassigned
linux-kvm (Ubuntu)
Fix Released
Undecided
Unassigned
Bionic
Fix Released
Medium
Unassigned
Focal
Fix Released
Medium
Unassigned
Groovy
Fix Released
Medium
Unassigned

Bug Description

[Impact]

 * Currently Canonical Livepatch service is signing kernel modules that are not trusted by the default Ubuntu kernels

 * to make Canonical Livepatch service out of the box compatible with SecureBoot, please add Canonical Livepatch service key as trusted in the kernel by default

 * if user wants to distrust the key, they can remove it via mokx, dbx, and we can revoke it by signing revocation with 'canonical master ca'.

[Test Case]

 * Boot kernel
 * Check the built-in keyring to ensure that Livepatch key is trusted by the built-in keyring

Bad:
$ sudo keyctl list %:.builtin_trusted_keys
1 key in keyring:
204809401: ---lswrv 0 0 asymmetric: Build time autogenerated kernel key: 4182e0d0113d4a8f460783380c9e618ef1597bf5

Good:
$ sudo keyctl list %:.builtin_trusted_keys
2 keys in keyring:
637801673: ---lswrv 0 0 asymmetric: Build time autogenerated kernel key: 52f8757621e8fc6dd500b32c3ead885a3b6d3cbc
1044383508: ---lswrv 0 0 asymmetric: Canonical Ltd. Live Patch Signing: 14df34d1a87cf37625abec039ef2bf521249b969

[Regression Potential]

 * Kernel keyring size will increase by one key. And thus kernel image will too.

[Other Info]

 * Current livepatch key fingerprints

mokutil uses der format

$ openssl x509 -inform der -in /snap/canonical-livepatch/current/keys/livepatch-kmod.x509 -noout -fingerprint -sha256
SHA256 Fingerprint=A4:1E:49:06:12:DD:38:56:F9:78:82:E3:66:66:9E:95:15:78:8E:65:68:50:35:46:0F:AC:59:72:4A:5B:92:FA

kernel use pem format

$ openssl x509 -inform pem -in debian/canonical-livepatch.pem -noout -fingerprint -sha256
SHA256 Fingerprint=A4:1E:49:06:12:DD:38:56:F9:78:82:E3:66:66:9E:95:15:78:8E:65:68:50:35:46:0F:AC:59:72:4A:5B:92:FA

[Target kernels]

bionic and up, across the board, but maybe excluding fips kernels?!

[Patch]

https://lists.ubuntu.com/archives/kernel-team/2020-October/113929.html

See original description
Dimitri John Ledkov (xnox)
Changed in linux (Ubuntu):
status: New → Incomplete
Dimitri John Ledkov (xnox)
description: updated
Revision history for this message
Dimitri John Ledkov (xnox) wrote :
description: updated
description: updated
Changed in linux (Ubuntu):
status: Incomplete → Triaged
Ubuntu Foundations Team Bug Bot (crichton)
tags: added: patch
Matthieu Clemenceau (mclemenceau)
tags: added: fr-797
Stefan Bader (smb)
Changed in linux (Ubuntu Groovy):
importance: Undecided → Medium
status: New → In Progress
Changed in linux (Ubuntu Focal):
importance: Undecided → Medium
status: New → Triaged
Changed in linux (Ubuntu Bionic):
importance: Undecided → Medium
status: New → Triaged
Changed in linux (Ubuntu):
status: Triaged → Fix Committed
importance: Undecided → Medium
Stefan Bader (smb)
Changed in linux (Ubuntu Groovy):
status: In Progress → Fix Committed
Stefan Bader (smb)
Changed in linux (Ubuntu Focal):
status: Triaged → Fix Committed
Revision history for this message
Ubuntu Kernel Bot (ubuntu-kernel-bot) wrote :

This bug is awaiting verification that the kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-groovy' to 'verification-done-groovy'. If the problem still exists, change the tag 'verification-needed-groovy' to 'verification-failed-groovy'.

If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you!

tags: added: verification-needed-groovy
tags: added: verification-needed-focal
Revision history for this message
Ubuntu Kernel Bot (ubuntu-kernel-bot) wrote :

This bug is awaiting verification that the kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-focal' to 'verification-done-focal'. If the problem still exists, change the tag 'verification-needed-focal' to 'verification-failed-focal'.

If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you!

Tim Gardner (timg-tpi)
affects: linux (Ubuntu Groovy) → linux-kvm (Ubuntu Groovy)
Changed in linux-kvm (Ubuntu Groovy):
status: Fix Committed → Confirmed
affects: linux-kvm (Ubuntu) → linux (Ubuntu)
Changed in linux (Ubuntu Groovy):
status: Confirmed → Fix Committed
Changed in linux (Ubuntu Bionic):
status: Triaged → Fix Committed
Changed in linux-kvm (Ubuntu Groovy):
status: New → Confirmed
Changed in linux-kvm (Ubuntu Bionic):
importance: Undecided → Medium
Changed in linux-kvm (Ubuntu Focal):
importance: Undecided → Medium
Changed in linux-kvm (Ubuntu Groovy):
importance: Undecided → Medium
Changed in linux-kvm (Ubuntu Focal):
status: New → Confirmed
Changed in linux-kvm (Ubuntu Bionic):
status: New → Confirmed
Changed in linux-kvm (Ubuntu):
status: New → Confirmed
Tim Gardner (timg-tpi)
Changed in linux-gcp (Ubuntu):
status: New → Confirmed
importance: Undecided → Medium
Changed in linux-gcp (Ubuntu Focal):
importance: Undecided → Medium
status: New → Confirmed
Revision history for this message
Martin Jansa (martin-jansa) wrote :

Not sure if this is the right place to report this, but these changes seem to cause automated mainline kernel builds to fail.

e.g.
https://kernel.ubuntu.com/~kernel-ppa/mainline/v5.11.1/amd64/log
shows
make[3]: *** No rule to make target 'debian/canonical-certs.pem', needed by 'certs/x509_certificate_list'. Stop.

possibly because changes from this ticket were only partially migrated there e.g. in:

https://git.launchpad.net/~ubuntu-kernel-test/ubuntu/+source/linux/+git/mainline-crack/commit/?h=cod/mainline/v5.11.1&id=4508c61e1cf702e70308f1c1fbb0f26a45d0b853

which updated the configs, but not the rule for debian/canonical-certs.pem in debian/rules.

Revision history for this message
Martin Jansa (martin-jansa) wrote :

Mainline kernel-ppa issue is now resolved, thanks! - to unknown fixer.

Revision history for this message
Stefan Bader (smb) wrote :

$ sudo keyctl list %:.builtin_trusted_keys
3 keys in keyring:
855940452: ---lswrv 0 0 asymmetric: Build time autogenerated kernel key: 94aab4eff3692c1dc967cbf81b568f930ac61570
590144975: ---lswrv 0 0 asymmetric: Canonical Ltd. Kernel Module Signing: 88f752e560a1e0737e31163a466ad7b70a850c19
336909020: ---lswrv 0 0 asymmetric: Canonical Ltd. Live Patch Signing: 14df34d1a87cf37625abec039ef2bf521249b969

$ uname -a
Linux lamuella 5.4.0-67-generic #75-Ubuntu SMP Fri Feb 19 18:03:38 UTC 2021 x86_64 x86_64 x86_64 GNU/Linux

tags: added: verification-done-focal
removed: verification-needed-focal
Revision history for this message
Stefan Bader (smb) wrote :

root@test-g1:~# keyctl list %:.builtin_trusted_keys
3 keys in keyring:
597585625: ---lswrv 0 0 asymmetric: Build time autogenerated kernel key: 19e7aa3bef9aa4ea9350ff00809a5d081204bca9
726460248: ---lswrv 0 0 asymmetric: Canonical Ltd. Kernel Module Signing: 88f752e560a1e0737e31163a466ad7b70a850c19
1067830655: ---lswrv 0 0 asymmetric: Canonical Ltd. Live Patch Signing: 14df34d1a87cf37625abec039ef2bf521249b969

root@test-g1:~# uname -a
Linux test-g1 5.8.0-45-generic #51-Ubuntu SMP Fri Feb 19 13:24:51 UTC 2021 x86_64 x86_64 x86_64 GNU/Linux

tags: added: verification-done-groovy
removed: verification-needed-groovy
Revision history for this message
Launchpad Janitor (janitor) wrote :
Download full text (18.6 KiB)

This bug was fixed in the package linux - 5.8.0-45.51

---------------
linux (5.8.0-45.51) groovy; urgency=medium

  * groovy/linux: 5.8.0-45.51 -proposed tracker (LP: #1916143)

  * Please trust Canonical Livepatch Service kmod signing key (LP: #1898716)
    - [Config] enable CONFIG_MODVERSIONS=y
    - [Packaging] build canonical-certs.pem from branch/arch certs
    - [Config] add Canonical Livepatch Service key to SYSTEM_TRUSTED_KEYS
    - [Config] add ubuntu-drivers key to SYSTEM_TRUSTED_KEYS
    - [Config] Allow ASM_MODVERSIONS and MODULE_REL_CRCS

  * CVE-2021-20194
    - bpf, cgroup: Fix optlen WARN_ON_ONCE toctou
    - bpf, cgroup: Fix problematic bounds check

  * Missing device id for Intel TGL-H ISH [8086:43fc] in intel-ish-hid driver
    (LP: #1914543)
    - HID: intel-ish-hid: ipc: Add Tiger Lake H PCI device ID

  * Prevent thermal shutdown during boot process (LP: #1906168)
    - thermal/core: Emit a warning if the thermal zone is updated without ops
    - thermal/core: Add critical and hot ops
    - thermal/drivers/acpi: Use hot and critical ops
    - thermal/drivers/rcar: Remove notification usage
    - thermal: int340x: Fix unexpected shutdown at critical temperature
    - thermal: intel: pch: Fix unexpected shutdown at critical temperature

  * geneve overlay network on vlan interface broken with offload enabled
    (LP: #1914447)
    - net/mlx5e: Fix SWP offsets when vlan inserted by driver

  * Groovy update: upstream stable patchset 2021-02-11 (LP: #1915473)
    - net: cdc_ncm: correct overhead in delayed_ndp_size
    - net: hns3: fix the number of queues actually used by ARQ
    - net: hns3: fix a phy loopback fail issue
    - net: stmmac: dwmac-sun8i: Balance internal PHY resource references
    - net: stmmac: dwmac-sun8i: Balance internal PHY power
    - net: vlan: avoid leaks on register_vlan_dev() failures
    - net/sonic: Fix some resource leaks in error handling paths
    - net: ipv6: fib: flush exceptions when purging route
    - tools: selftests: add test for changing routes with PTMU exceptions
    - net: fix pmtu check in nopmtudisc mode
    - net: ip: always refragment ip defragmented packets
    - octeontx2-af: fix memory leak of lmac and lmac->name
    - nexthop: Fix off-by-one error in error path
    - nexthop: Unlink nexthop group entry in error path
    - s390/qeth: fix L2 header access in qeth_l3_osa_features_check()
    - net: dsa: lantiq_gswip: Exclude RMII from modes that report 1 GbE
    - net/mlx5: Use port_num 1 instead of 0 when delete a RoCE address
    - net/mlx5e: ethtool, Fix restriction of autoneg with 56G
    - chtls: Fix hardware tid leak
    - chtls: Remove invalid set_tcb call
    - chtls: Fix panic when route to peer not configured
    - chtls: Replace skb_dequeue with skb_peek
    - chtls: Added a check to avoid NULL pointer dereference
    - chtls: Fix chtls resources release sequence
    - HID: wacom: Fix memory leakage caused by kfifo_alloc
    - ARM: OMAP2+: omap_device: fix idling of devices during probe
    - i2c: sprd: use a specific timeout to avoid system hang up issue
    - dmaengine: dw-edma: Fix use after free in dw_edma_alloc_chunk()
    - can: tcan4x5x: fix bittiming const...

Changed in linux (Ubuntu Groovy):
status: Fix Committed → Fix Released
Revision history for this message
Launchpad Janitor (janitor) wrote :
Download full text (18.9 KiB)

This bug was fixed in the package linux-gcp - 5.8.0-1024.25

---------------
linux-gcp (5.8.0-1024.25) groovy; urgency=medium

  * groovy/linux-gcp: 5.8.0-1024.25 -proposed tracker (LP: #1916132)

  * Please trust Canonical Livepatch Service kmod signing key (LP: #1898716)
    - gcp: [Config] enable CONFIG_MODVERSIONS=y
    - gcp: [Packaging] build canonical-certs.pem from branch/arch certs
    - gcp: [Config] Allow ASM_MODVERSIONS

  [ Ubuntu: 5.8.0-45.51 ]

  * groovy/linux: 5.8.0-45.51 -proposed tracker (LP: #1916143)
  * Please trust Canonical Livepatch Service kmod signing key (LP: #1898716)
    - [Config] enable CONFIG_MODVERSIONS=y
    - [Packaging] build canonical-certs.pem from branch/arch certs
    - [Config] add Canonical Livepatch Service key to SYSTEM_TRUSTED_KEYS
    - [Config] add ubuntu-drivers key to SYSTEM_TRUSTED_KEYS
    - [Config] Allow ASM_MODVERSIONS and MODULE_REL_CRCS
  * CVE-2021-20194
    - bpf, cgroup: Fix optlen WARN_ON_ONCE toctou
    - bpf, cgroup: Fix problematic bounds check
  * Missing device id for Intel TGL-H ISH [8086:43fc] in intel-ish-hid driver
    (LP: #1914543)
    - HID: intel-ish-hid: ipc: Add Tiger Lake H PCI device ID
  * Prevent thermal shutdown during boot process (LP: #1906168)
    - thermal/core: Emit a warning if the thermal zone is updated without ops
    - thermal/core: Add critical and hot ops
    - thermal/drivers/acpi: Use hot and critical ops
    - thermal/drivers/rcar: Remove notification usage
    - thermal: int340x: Fix unexpected shutdown at critical temperature
    - thermal: intel: pch: Fix unexpected shutdown at critical temperature
  * geneve overlay network on vlan interface broken with offload enabled
    (LP: #1914447)
    - net/mlx5e: Fix SWP offsets when vlan inserted by driver
  * Groovy update: upstream stable patchset 2021-02-11 (LP: #1915473)
    - net: cdc_ncm: correct overhead in delayed_ndp_size
    - net: hns3: fix the number of queues actually used by ARQ
    - net: hns3: fix a phy loopback fail issue
    - net: stmmac: dwmac-sun8i: Balance internal PHY resource references
    - net: stmmac: dwmac-sun8i: Balance internal PHY power
    - net: vlan: avoid leaks on register_vlan_dev() failures
    - net/sonic: Fix some resource leaks in error handling paths
    - net: ipv6: fib: flush exceptions when purging route
    - tools: selftests: add test for changing routes with PTMU exceptions
    - net: fix pmtu check in nopmtudisc mode
    - net: ip: always refragment ip defragmented packets
    - octeontx2-af: fix memory leak of lmac and lmac->name
    - nexthop: Fix off-by-one error in error path
    - nexthop: Unlink nexthop group entry in error path
    - s390/qeth: fix L2 header access in qeth_l3_osa_features_check()
    - net: dsa: lantiq_gswip: Exclude RMII from modes that report 1 GbE
    - net/mlx5: Use port_num 1 instead of 0 when delete a RoCE address
    - net/mlx5e: ethtool, Fix restriction of autoneg with 56G
    - chtls: Fix hardware tid leak
    - chtls: Remove invalid set_tcb call
    - chtls: Fix panic when route to peer not configured
    - chtls: Replace skb_dequeue with skb_peek
    - chtls: Added a check to avoid NULL pointer dereference
    - chtls: ...

Changed in linux-gcp (Ubuntu Groovy):
status: New → Fix Released
Revision history for this message
Launchpad Janitor (janitor) wrote :
Download full text (18.9 KiB)

This bug was fixed in the package linux-kvm - 5.8.0-1020.22

---------------
linux-kvm (5.8.0-1020.22) groovy; urgency=medium

  * groovy/linux-kvm: 5.8.0-1020.22 -proposed tracker (LP: #1916134)

  * Please trust Canonical Livepatch Service kmod signing key (LP: #1898716)
    - [Config] CONFIG_MODVERSIONS=y, CONFIG_SYSTEM_TRUSTED_KEYS=debian/canonical-
      certs.pem, CONFIG_ASM_MODVERSIONS=y

  [ Ubuntu: 5.8.0-45.51 ]

  * groovy/linux: 5.8.0-45.51 -proposed tracker (LP: #1916143)
  * Please trust Canonical Livepatch Service kmod signing key (LP: #1898716)
    - [Config] enable CONFIG_MODVERSIONS=y
    - [Packaging] build canonical-certs.pem from branch/arch certs
    - [Config] add Canonical Livepatch Service key to SYSTEM_TRUSTED_KEYS
    - [Config] add ubuntu-drivers key to SYSTEM_TRUSTED_KEYS
    - [Config] Allow ASM_MODVERSIONS and MODULE_REL_CRCS
  * CVE-2021-20194
    - bpf, cgroup: Fix optlen WARN_ON_ONCE toctou
    - bpf, cgroup: Fix problematic bounds check
  * Missing device id for Intel TGL-H ISH [8086:43fc] in intel-ish-hid driver
    (LP: #1914543)
    - HID: intel-ish-hid: ipc: Add Tiger Lake H PCI device ID
  * Prevent thermal shutdown during boot process (LP: #1906168)
    - thermal/core: Emit a warning if the thermal zone is updated without ops
    - thermal/core: Add critical and hot ops
    - thermal/drivers/acpi: Use hot and critical ops
    - thermal/drivers/rcar: Remove notification usage
    - thermal: int340x: Fix unexpected shutdown at critical temperature
    - thermal: intel: pch: Fix unexpected shutdown at critical temperature
  * geneve overlay network on vlan interface broken with offload enabled
    (LP: #1914447)
    - net/mlx5e: Fix SWP offsets when vlan inserted by driver
  * Groovy update: upstream stable patchset 2021-02-11 (LP: #1915473)
    - net: cdc_ncm: correct overhead in delayed_ndp_size
    - net: hns3: fix the number of queues actually used by ARQ
    - net: hns3: fix a phy loopback fail issue
    - net: stmmac: dwmac-sun8i: Balance internal PHY resource references
    - net: stmmac: dwmac-sun8i: Balance internal PHY power
    - net: vlan: avoid leaks on register_vlan_dev() failures
    - net/sonic: Fix some resource leaks in error handling paths
    - net: ipv6: fib: flush exceptions when purging route
    - tools: selftests: add test for changing routes with PTMU exceptions
    - net: fix pmtu check in nopmtudisc mode
    - net: ip: always refragment ip defragmented packets
    - octeontx2-af: fix memory leak of lmac and lmac->name
    - nexthop: Fix off-by-one error in error path
    - nexthop: Unlink nexthop group entry in error path
    - s390/qeth: fix L2 header access in qeth_l3_osa_features_check()
    - net: dsa: lantiq_gswip: Exclude RMII from modes that report 1 GbE
    - net/mlx5: Use port_num 1 instead of 0 when delete a RoCE address
    - net/mlx5e: ethtool, Fix restriction of autoneg with 56G
    - chtls: Fix hardware tid leak
    - chtls: Remove invalid set_tcb call
    - chtls: Fix panic when route to peer not configured
    - chtls: Replace skb_dequeue with skb_peek
    - chtls: Added a check to avoid NULL pointer dereference
    - chtls: Fix chtls resources release sequence
 ...

Changed in linux-kvm (Ubuntu Groovy):
status: Confirmed → Fix Released
Revision history for this message
Launchpad Janitor (janitor) wrote :
Download full text (28.5 KiB)

This bug was fixed in the package linux - 5.4.0-67.75

---------------
linux (5.4.0-67.75) focal; urgency=medium

  * focal/linux: 5.4.0-67.75 -proposed tracker (LP: #1916169)

  * Please trust Canonical Livepatch Service kmod signing key (LP: #1898716)
    - [Config] enable CONFIG_MODVERSIONS=y
    - [Packaging] build canonical-certs.pem from branch/arch certs
    - [Config] add Canonical Livepatch Service key to SYSTEM_TRUSTED_KEYS
    - [Config] add ubuntu-drivers key to SYSTEM_TRUSTED_KEYS
    - [Config] Allow ASM_MODVERSIONS and MODULE_REL_CRCS

  * geneve overlay network on vlan interface broken with offload enabled
    (LP: #1914447)
    - net/mlx5e: Fix SWP offsets when vlan inserted by driver

  * Add support for selective build of special drivers (LP: #1912789)
    - [Packaging] Fix ODM support in actual build

  * devlink: don't do reporter recovery if the state is healthy (LP: #1915403)
    - devlink: don't do reporter recovery if the state is healthy

  * Missing device id for Intel TGL-H ISH [8086:43fc] in intel-ish-hid driver
    (LP: #1914543)
    - HID: intel-ish-hid: ipc: Add Tiger Lake H PCI device ID

  * Focal update: v5.4.94 upstream stable release (LP: #1915200)
    - gpio: mvebu: fix pwm .get_state period calculation
    - futex: Ensure the correct return value from futex_lock_pi()
    - futex: Replace pointless printk in fixup_owner()
    - futex: Provide and use pi_state_update_owner()
    - rtmutex: Remove unused argument from rt_mutex_proxy_unlock()
    - futex: Use pi_state_update_owner() in put_pi_state()
    - futex: Simplify fixup_pi_state_owner()
    - futex: Handle faults correctly for PI futexes
    - HID: wacom: Correct NULL dereference on AES pen proximity
    - io_uring: Fix current->fs handling in io_sq_wq_submit_work()
    - tracing: Fix race in trace_open and buffer resize call
    - arm64: mm: use single quantity to represent the PA to VA translation
    - SMB3.1.1: do not log warning message if server doesn't populate salt
    - tools: Factor HOSTCC, HOSTLD, HOSTAR definitions
    - dm integrity: conditionally disable "recalculate" feature
    - writeback: Drop I_DIRTY_TIME_EXPIRE
    - fs: fix lazytime expiration handling in __writeback_single_inode()
    - Linux 5.4.94

  * Focal update: v5.4.93 upstream stable release (LP: #1915195)
    - i2c: bpmp-tegra: Ignore unknown I2C_M flags
    - platform/x86: ideapad-laptop: Disable touchpad_switch for ELAN0634
    - ALSA: seq: oss: Fix missing error check in snd_seq_oss_synth_make_info()
    - ALSA: hda/via: Add minimum mute flag
    - ACPI: scan: Make acpi_bus_get_device() clear return pointer on error
    - btrfs: don't get an EINTR during drop_snapshot for reloc
    - btrfs: fix lockdep splat in btrfs_recover_relocation
    - btrfs: don't clear ret in btrfs_start_dirty_block_groups
    - btrfs: send: fix invalid clone operations when cloning from the same file
      and root
    - mmc: core: don't initialize block size from ext_csd if not present
    - mmc: sdhci-xenon: fix 1.8v regulator stabilization
    - dm: avoid filesystem lookup in dm_get_dev_t()
    - dm integrity: fix a crash if "recalculate" used without "internal_hash"
    - drm/atomic: put...

Changed in linux (Ubuntu Focal):
status: Fix Committed → Fix Released
Revision history for this message
Launchpad Janitor (janitor) wrote :
Download full text (28.7 KiB)

This bug was fixed in the package linux-gcp - 5.4.0-1038.41

---------------
linux-gcp (5.4.0-1038.41) focal; urgency=medium

  * focal/linux-gcp: 5.4.0-1038.41 -proposed tracker (LP: #1916153)

  * Please trust Canonical Livepatch Service kmod signing key (LP: #1898716)
    - [Config] CONFIG_MODVERSIONS=y, CONFIG_SYSTEM_TRUSTED_KEYS=debian/canonical-
      certs.pem, CONFIG_ASM_MODVERSIONS=y

  [ Ubuntu: 5.4.0-67.75 ]

  * focal/linux: 5.4.0-67.75 -proposed tracker (LP: #1916169)
  * Please trust Canonical Livepatch Service kmod signing key (LP: #1898716)
    - [Config] enable CONFIG_MODVERSIONS=y
    - [Packaging] build canonical-certs.pem from branch/arch certs
    - [Config] add Canonical Livepatch Service key to SYSTEM_TRUSTED_KEYS
    - [Config] add ubuntu-drivers key to SYSTEM_TRUSTED_KEYS
    - [Config] Allow ASM_MODVERSIONS and MODULE_REL_CRCS
  * geneve overlay network on vlan interface broken with offload enabled
    (LP: #1914447)
    - net/mlx5e: Fix SWP offsets when vlan inserted by driver
  * Add support for selective build of special drivers (LP: #1912789)
    - [Packaging] Fix ODM support in actual build
  * devlink: don't do reporter recovery if the state is healthy (LP: #1915403)
    - devlink: don't do reporter recovery if the state is healthy
  * Missing device id for Intel TGL-H ISH [8086:43fc] in intel-ish-hid driver
    (LP: #1914543)
    - HID: intel-ish-hid: ipc: Add Tiger Lake H PCI device ID
  * Focal update: v5.4.94 upstream stable release (LP: #1915200)
    - gpio: mvebu: fix pwm .get_state period calculation
    - futex: Ensure the correct return value from futex_lock_pi()
    - futex: Replace pointless printk in fixup_owner()
    - futex: Provide and use pi_state_update_owner()
    - rtmutex: Remove unused argument from rt_mutex_proxy_unlock()
    - futex: Use pi_state_update_owner() in put_pi_state()
    - futex: Simplify fixup_pi_state_owner()
    - futex: Handle faults correctly for PI futexes
    - HID: wacom: Correct NULL dereference on AES pen proximity
    - io_uring: Fix current->fs handling in io_sq_wq_submit_work()
    - tracing: Fix race in trace_open and buffer resize call
    - arm64: mm: use single quantity to represent the PA to VA translation
    - SMB3.1.1: do not log warning message if server doesn't populate salt
    - tools: Factor HOSTCC, HOSTLD, HOSTAR definitions
    - dm integrity: conditionally disable "recalculate" feature
    - writeback: Drop I_DIRTY_TIME_EXPIRE
    - fs: fix lazytime expiration handling in __writeback_single_inode()
    - Linux 5.4.94
  * Focal update: v5.4.93 upstream stable release (LP: #1915195)
    - i2c: bpmp-tegra: Ignore unknown I2C_M flags
    - platform/x86: ideapad-laptop: Disable touchpad_switch for ELAN0634
    - ALSA: seq: oss: Fix missing error check in snd_seq_oss_synth_make_info()
    - ALSA: hda/via: Add minimum mute flag
    - ACPI: scan: Make acpi_bus_get_device() clear return pointer on error
    - btrfs: don't get an EINTR during drop_snapshot for reloc
    - btrfs: fix lockdep splat in btrfs_recover_relocation
    - btrfs: don't clear ret in btrfs_start_dirty_block_groups
    - btrfs: send: fix invalid clone operations when cloning from the sam...

Changed in linux-gcp (Ubuntu Focal):
status: Confirmed → Fix Released
Revision history for this message
Launchpad Janitor (janitor) wrote :
Download full text (28.8 KiB)

This bug was fixed in the package linux-kvm - 5.4.0-1034.35

---------------
linux-kvm (5.4.0-1034.35) focal; urgency=medium

  * focal/linux-kvm: 5.4.0-1034.35 -proposed tracker (LP: #1916159)

  * Please trust Canonical Livepatch Service kmod signing key (LP: #1898716)
    - [Config] kvm: enable CONFIG_MODVERSIONS=y
    - [Config] kvm: enable CONFIG_ASM_MODVERSIONS
    - [Packaging] kvm: build canonical-certs.pem from branch/arch certs

  [ Ubuntu: 5.4.0-67.75 ]

  * focal/linux: 5.4.0-67.75 -proposed tracker (LP: #1916169)
  * Please trust Canonical Livepatch Service kmod signing key (LP: #1898716)
    - [Config] enable CONFIG_MODVERSIONS=y
    - [Packaging] build canonical-certs.pem from branch/arch certs
    - [Config] add Canonical Livepatch Service key to SYSTEM_TRUSTED_KEYS
    - [Config] add ubuntu-drivers key to SYSTEM_TRUSTED_KEYS
    - [Config] Allow ASM_MODVERSIONS and MODULE_REL_CRCS
  * geneve overlay network on vlan interface broken with offload enabled
    (LP: #1914447)
    - net/mlx5e: Fix SWP offsets when vlan inserted by driver
  * Add support for selective build of special drivers (LP: #1912789)
    - [Packaging] Fix ODM support in actual build
  * devlink: don't do reporter recovery if the state is healthy (LP: #1915403)
    - devlink: don't do reporter recovery if the state is healthy
  * Missing device id for Intel TGL-H ISH [8086:43fc] in intel-ish-hid driver
    (LP: #1914543)
    - HID: intel-ish-hid: ipc: Add Tiger Lake H PCI device ID
  * Focal update: v5.4.94 upstream stable release (LP: #1915200)
    - gpio: mvebu: fix pwm .get_state period calculation
    - futex: Ensure the correct return value from futex_lock_pi()
    - futex: Replace pointless printk in fixup_owner()
    - futex: Provide and use pi_state_update_owner()
    - rtmutex: Remove unused argument from rt_mutex_proxy_unlock()
    - futex: Use pi_state_update_owner() in put_pi_state()
    - futex: Simplify fixup_pi_state_owner()
    - futex: Handle faults correctly for PI futexes
    - HID: wacom: Correct NULL dereference on AES pen proximity
    - io_uring: Fix current->fs handling in io_sq_wq_submit_work()
    - tracing: Fix race in trace_open and buffer resize call
    - arm64: mm: use single quantity to represent the PA to VA translation
    - SMB3.1.1: do not log warning message if server doesn't populate salt
    - tools: Factor HOSTCC, HOSTLD, HOSTAR definitions
    - dm integrity: conditionally disable "recalculate" feature
    - writeback: Drop I_DIRTY_TIME_EXPIRE
    - fs: fix lazytime expiration handling in __writeback_single_inode()
    - Linux 5.4.94
  * Focal update: v5.4.93 upstream stable release (LP: #1915195)
    - i2c: bpmp-tegra: Ignore unknown I2C_M flags
    - platform/x86: ideapad-laptop: Disable touchpad_switch for ELAN0634
    - ALSA: seq: oss: Fix missing error check in snd_seq_oss_synth_make_info()
    - ALSA: hda/via: Add minimum mute flag
    - ACPI: scan: Make acpi_bus_get_device() clear return pointer on error
    - btrfs: don't get an EINTR during drop_snapshot for reloc
    - btrfs: fix lockdep splat in btrfs_recover_relocation
    - btrfs: don't clear ret in btrfs_start_dirty_block_groups
    - btrfs: send: fix inva...

Changed in linux-kvm (Ubuntu Focal):
status: Confirmed → Fix Released
Revision history for this message
Launchpad Janitor (janitor) wrote :
Download full text (149.0 KiB)

This bug was fixed in the package linux-kvm - 5.8.0-1020.22+21.04.1

---------------
linux-kvm (5.8.0-1020.22+21.04.1) hirsute; urgency=medium

  * hirsute/linux-kvm: 5.8.0-1020.22+21.04.1 -proposed tracker (LP: #1916133)

  * Packaging resync (LP: #1786013)
    - update dkms package versions

  [ Ubuntu: 5.8.0-1020.22 ]

  * groovy/linux-kvm: 5.8.0-1020.22 -proposed tracker (LP: #1916134)
  * Please trust Canonical Livepatch Service kmod signing key (LP: #1898716)
    - [Config] CONFIG_MODVERSIONS=y, CONFIG_SYSTEM_TRUSTED_KEYS=debian/canonical-
      certs.pem, CONFIG_ASM_MODVERSIONS=y
  * groovy/linux: 5.8.0-45.51 -proposed tracker (LP: #1916143)
  * Please trust Canonical Livepatch Service kmod signing key (LP: #1898716)
    - [Config] enable CONFIG_MODVERSIONS=y
    - [Packaging] build canonical-certs.pem from branch/arch certs
    - [Config] add Canonical Livepatch Service key to SYSTEM_TRUSTED_KEYS
    - [Config] add ubuntu-drivers key to SYSTEM_TRUSTED_KEYS
    - [Config] Allow ASM_MODVERSIONS and MODULE_REL_CRCS
  * CVE-2021-20194
    - bpf, cgroup: Fix optlen WARN_ON_ONCE toctou
    - bpf, cgroup: Fix problematic bounds check
  * Missing device id for Intel TGL-H ISH [8086:43fc] in intel-ish-hid driver
    (LP: #1914543)
    - HID: intel-ish-hid: ipc: Add Tiger Lake H PCI device ID
  * Prevent thermal shutdown during boot process (LP: #1906168)
    - thermal/core: Emit a warning if the thermal zone is updated without ops
    - thermal/core: Add critical and hot ops
    - thermal/drivers/acpi: Use hot and critical ops
    - thermal/drivers/rcar: Remove notification usage
    - thermal: int340x: Fix unexpected shutdown at critical temperature
    - thermal: intel: pch: Fix unexpected shutdown at critical temperature
  * geneve overlay network on vlan interface broken with offload enabled
    (LP: #1914447)
    - net/mlx5e: Fix SWP offsets when vlan inserted by driver
  * Groovy update: upstream stable patchset 2021-02-11 (LP: #1915473)
    - net: cdc_ncm: correct overhead in delayed_ndp_size
    - net: hns3: fix the number of queues actually used by ARQ
    - net: hns3: fix a phy loopback fail issue
    - net: stmmac: dwmac-sun8i: Balance internal PHY resource references
    - net: stmmac: dwmac-sun8i: Balance internal PHY power
    - net: vlan: avoid leaks on register_vlan_dev() failures
    - net/sonic: Fix some resource leaks in error handling paths
    - net: ipv6: fib: flush exceptions when purging route
    - tools: selftests: add test for changing routes with PTMU exceptions
    - net: fix pmtu check in nopmtudisc mode
    - net: ip: always refragment ip defragmented packets
    - octeontx2-af: fix memory leak of lmac and lmac->name
    - nexthop: Fix off-by-one error in error path
    - nexthop: Unlink nexthop group entry in error path
    - s390/qeth: fix L2 header access in qeth_l3_osa_features_check()
    - net: dsa: lantiq_gswip: Exclude RMII from modes that report 1 GbE
    - net/mlx5: Use port_num 1 instead of 0 when delete a RoCE address
    - net/mlx5e: ethtool, Fix restriction of autoneg with 56G
    - chtls: Fix hardware tid leak
    - chtls: Remove invalid set_tcb call
    - chtls: Fix panic when route to peer not co...

Changed in linux-kvm (Ubuntu):
status: Confirmed → Fix Released
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package linux - 5.11.0-11.12

---------------
linux (5.11.0-11.12) hirsute; urgency=medium

  * hirsute/linux: 5.11.0-11.12 -proposed tracker (LP: #1917335)

  * Packaging resync (LP: #1786013)
    - update dkms package versions
    - [Packaging] update variants

  * Support no udeb profile (LP: #1916095)
    - [Packaging] replace custom filter script with dctrl-tools
    - [Packaging] correctly implement noudeb build profiles.

  * Miscellaneous Ubuntu changes
    - [Packaging] dkms-versions -- remove nvidia-graphics-drivers-440-server
    - [Debian] run ubuntu-regression-suite for linux-unstable
    - [Packaging] remove Provides: aufs-dkms
    - [Packaging] Change source package name to linux
    - [Config] update gcc version in config due to toolchain update

  * Miscellaneous upstream changes
    - Revert "UBUNTU: [Config] disable nvidia and nvidia_server builds"
    - Xen/x86: don't bail early from clear_foreign_p2m_mapping()
    - Xen/x86: also check kernel mapping in set_foreign_p2m_mapping()
    - Xen/gntdev: correct dev_bus_addr handling in gntdev_map_grant_pages()
    - Xen/gntdev: correct error checking in gntdev_map_grant_pages()
    - xen/arm: don't ignore return errors from set_phys_to_machine
    - xen-blkback: don't "handle" error by BUG()
    - xen-netback: don't "handle" error by BUG()
    - xen-scsiback: don't "handle" error by BUG()
    - xen-blkback: fix error handling in xen_blkbk_map()
    - tty: protect tty_write from odd low-level tty disciplines
    - Bluetooth: btusb: Always fallback to alt 1 for WBS
    - media: pwc: Use correct device for DMA
    - bpf: Fix truncation handling for mod32 dst reg wrt zero
    - HID: make arrays usage and value to be the same
    - USB: quirks: sort quirk entries
    - usb: quirks: add quirk to start video capture on ELMO L-12F document camera
      reliable
    - ntfs: check for valid standard information attribute
    - Bluetooth: btusb: Some Qualcomm Bluetooth adapters stop working
    - arm64: tegra: Add power-domain for Tegra210 HDA
    - hwmon: (dell-smm) Add XPS 15 L502X to fan control blacklist
    - KVM: x86: Zap the oldest MMU pages, not the newest
    - KVM: do not assume PTE is writable after follow_pfn
    - mm: provide a saner PTE walking API for modules
    - KVM: Use kvm_pfn_t for local PFN variable in hva_to_pfn_remapped()

 -- Andrea Righi <email address hidden> Mon, 01 Mar 2021 18:17:45 +0100

Changed in linux (Ubuntu):
status: Fix Committed → Fix Released
Revision history for this message
Launchpad Janitor (janitor) wrote :
Download full text (149.1 KiB)

This bug was fixed in the package linux-gcp - 5.8.0-1024.25+21.04.1

---------------
linux-gcp (5.8.0-1024.25+21.04.1) hirsute; urgency=medium

  * hirsute/linux-gcp: 5.8.0-1024.25+21.04.1 -proposed tracker (LP: #1916131)

  * Packaging resync (LP: #1786013)
    - update dkms package versions

  [ Ubuntu: 5.8.0-1024.25 ]

  * groovy/linux-gcp: 5.8.0-1024.25 -proposed tracker (LP: #1916132)
  * Please trust Canonical Livepatch Service kmod signing key (LP: #1898716)
    - gcp: [Config] enable CONFIG_MODVERSIONS=y
    - gcp: [Packaging] build canonical-certs.pem from branch/arch certs
    - gcp: [Config] Allow ASM_MODVERSIONS
  * groovy/linux: 5.8.0-45.51 -proposed tracker (LP: #1916143)
  * Please trust Canonical Livepatch Service kmod signing key (LP: #1898716)
    - [Config] enable CONFIG_MODVERSIONS=y
    - [Packaging] build canonical-certs.pem from branch/arch certs
    - [Config] add Canonical Livepatch Service key to SYSTEM_TRUSTED_KEYS
    - [Config] add ubuntu-drivers key to SYSTEM_TRUSTED_KEYS
    - [Config] Allow ASM_MODVERSIONS and MODULE_REL_CRCS
  * CVE-2021-20194
    - bpf, cgroup: Fix optlen WARN_ON_ONCE toctou
    - bpf, cgroup: Fix problematic bounds check
  * Missing device id for Intel TGL-H ISH [8086:43fc] in intel-ish-hid driver
    (LP: #1914543)
    - HID: intel-ish-hid: ipc: Add Tiger Lake H PCI device ID
  * Prevent thermal shutdown during boot process (LP: #1906168)
    - thermal/core: Emit a warning if the thermal zone is updated without ops
    - thermal/core: Add critical and hot ops
    - thermal/drivers/acpi: Use hot and critical ops
    - thermal/drivers/rcar: Remove notification usage
    - thermal: int340x: Fix unexpected shutdown at critical temperature
    - thermal: intel: pch: Fix unexpected shutdown at critical temperature
  * geneve overlay network on vlan interface broken with offload enabled
    (LP: #1914447)
    - net/mlx5e: Fix SWP offsets when vlan inserted by driver
  * Groovy update: upstream stable patchset 2021-02-11 (LP: #1915473)
    - net: cdc_ncm: correct overhead in delayed_ndp_size
    - net: hns3: fix the number of queues actually used by ARQ
    - net: hns3: fix a phy loopback fail issue
    - net: stmmac: dwmac-sun8i: Balance internal PHY resource references
    - net: stmmac: dwmac-sun8i: Balance internal PHY power
    - net: vlan: avoid leaks on register_vlan_dev() failures
    - net/sonic: Fix some resource leaks in error handling paths
    - net: ipv6: fib: flush exceptions when purging route
    - tools: selftests: add test for changing routes with PTMU exceptions
    - net: fix pmtu check in nopmtudisc mode
    - net: ip: always refragment ip defragmented packets
    - octeontx2-af: fix memory leak of lmac and lmac->name
    - nexthop: Fix off-by-one error in error path
    - nexthop: Unlink nexthop group entry in error path
    - s390/qeth: fix L2 header access in qeth_l3_osa_features_check()
    - net: dsa: lantiq_gswip: Exclude RMII from modes that report 1 GbE
    - net/mlx5: Use port_num 1 instead of 0 when delete a RoCE address
    - net/mlx5e: ethtool, Fix restriction of autoneg with 56G
    - chtls: Fix hardware tid leak
    - chtls: Remove invalid set_tcb call
    - chtl...

Changed in linux-gcp (Ubuntu):
status: Confirmed → Fix Released
Revision history for this message
Ubuntu Kernel Bot (ubuntu-kernel-bot) wrote :

This bug is awaiting verification that the kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-bionic' to 'verification-done-bionic'. If the problem still exists, change the tag 'verification-needed-bionic' to 'verification-failed-bionic'.

If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you!

tags: added: verification-needed-bionic
Revision history for this message
Stefan Bader (smb) wrote :

ubuntu@test-b1:~$ uname -a
Linux test-b1 4.15.0-141-generic #145-Ubuntu SMP Wed Mar 24 18:08:07 UTC 2021 x86_64 x86_64 x86_64 GNU/Linux

ubuntu@test-b1:~$ sudo keyctl list %:.builtin_trusted_keys
3 keys in keyring:
335785479: ---lswrv 0 0 asymmetric: Build time autogenerated kernel key: 94c1dbbf9057c249d34783f9fbd868815acc6f0a
743718234: ---lswrv 0 0 asymmetric: Canonical Ltd. Kernel Module Signing: 88f752e560a1e0737e31163a466ad7b70a850c19
190144923: ---lswrv 0 0 asymmetric: Canonical Ltd. Live Patch Signing: 14df34d1a87cf37625abec039ef2bf521249b969

tags: added: verification-done-bionic
removed: verification-needed-bionic
Revision history for this message
Launchpad Janitor (janitor) wrote :
Download full text (11.4 KiB)

This bug was fixed in the package linux - 4.15.0-141.145

---------------
linux (4.15.0-141.145) bionic; urgency=medium

  * bionic/linux: 4.15.0-141.145 -proposed tracker (LP: #1919536)

  * binary assembly failures with CONFIG_MODVERSIONS present (LP: #1919315)
    - [Packaging] quiet (nomially) benign errors in BUILD script

  * selftests: bpf verifier fails after sanitize_ptr_alu fixes (LP: #1920995)
    - bpf: Simplify alu_limit masking for pointer arithmetic
    - bpf: Add sanity check for upper ptr_limit
    - bpf, selftests: Fix up some test_verifier cases for unprivileged

  * Packaging resync (LP: #1786013)
    - update dkms package versions

  * CVE-2018-13095
    - xfs: More robust inode extent count validation

  * i40e PF reset due to incorrect MDD event (LP: #1772675)
    - i40e: change behavior on PF in response to MDD event

  * Bionic update: upstream stable patchset 2021-03-09 (LP: #1918330)
    - ACPI: sysfs: Prefer "compatible" modalias
    - ARM: dts: imx6qdl-gw52xx: fix duplicate regulator naming
    - wext: fix NULL-ptr-dereference with cfg80211's lack of commit()
    - net: usb: qmi_wwan: added support for Thales Cinterion PLSx3 modem family
    - drivers: soc: atmel: Avoid calling at91_soc_init on non AT91 SoCs
    - drivers: soc: atmel: add null entry at the end of at91_soc_allowed_list[]
    - KVM: x86/pmu: Fix HW_REF_CPU_CYCLES event pseudo-encoding in
      intel_arch_events[]
    - KVM: x86: get smi pending status correctly
    - xen: Fix XenStore initialisation for XS_LOCAL
    - leds: trigger: fix potential deadlock with libata
    - mt7601u: fix kernel crash unplugging the device
    - mt7601u: fix rx buffer refcounting
    - xen-blkfront: allow discard-* nodes to be optional
    - ARM: imx: build suspend-imx6.S with arm instruction set
    - netfilter: nft_dynset: add timeout extension to template
    - xfrm: Fix oops in xfrm_replay_advance_bmp
    - RDMA/cxgb4: Fix the reported max_recv_sge value
    - iwlwifi: pcie: use jiffies for memory read spin time limit
    - iwlwifi: pcie: reschedule in long-running memory reads
    - mac80211: pause TX while changing interface type
    - can: dev: prevent potential information leak in can_fill_info()
    - x86/entry/64/compat: Preserve r8-r11 in int $0x80
    - x86/entry/64/compat: Fix "x86/entry/64/compat: Preserve r8-r11 in int $0x80"
    - iommu/vt-d: Gracefully handle DMAR units with no supported address widths
    - iommu/vt-d: Don't dereference iommu_device if IOMMU_API is not built
    - NFC: fix resource leak when target index is invalid
    - NFC: fix possible resource leak
    - team: protect features update by RCU to avoid deadlock
    - tcp: fix TLP timer not set when CA_STATE changes from DISORDER to OPEN
    - kernel: kexec: remove the lock operation of system_transition_mutex
    - PM: hibernate: flush swap writer after marking
    - pNFS/NFSv4: Fix a layout segment leak in pnfs_layout_process()
    - net/mlx5: Fix memory leak on flow table creation error flow
    - rxrpc: Fix memory leak in rxrpc_lookup_local
    - net: dsa: bcm_sf2: put device node before return
    - ibmvnic: Ensure that CRQ entry read are correctly ordered
    - ACPI: thermal: Do...

Changed in linux (Ubuntu Bionic):
status: Fix Committed → Fix Released
Revision history for this message
Launchpad Janitor (janitor) wrote :
Download full text (11.5 KiB)

This bug was fixed in the package linux-kvm - 4.15.0-1089.91

---------------
linux-kvm (4.15.0-1089.91) bionic; urgency=medium

  * bionic/linux-kvm: 4.15.0-1089.91 -proposed tracker (LP: #1919527)

  [ Ubuntu: 4.15.0-141.145 ]

  * bionic/linux: 4.15.0-141.145 -proposed tracker (LP: #1919536)
  * binary assembly failures with CONFIG_MODVERSIONS present (LP: #1919315)
    - [Packaging] quiet (nomially) benign errors in BUILD script
  * selftests: bpf verifier fails after sanitize_ptr_alu fixes (LP: #1920995)
    - bpf: Simplify alu_limit masking for pointer arithmetic
    - bpf: Add sanity check for upper ptr_limit
    - bpf, selftests: Fix up some test_verifier cases for unprivileged
  * Packaging resync (LP: #1786013)
    - update dkms package versions
  * CVE-2018-13095
    - xfs: More robust inode extent count validation
  * i40e PF reset due to incorrect MDD event (LP: #1772675)
    - i40e: change behavior on PF in response to MDD event
  * Bionic update: upstream stable patchset 2021-03-09 (LP: #1918330)
    - ACPI: sysfs: Prefer "compatible" modalias
    - ARM: dts: imx6qdl-gw52xx: fix duplicate regulator naming
    - wext: fix NULL-ptr-dereference with cfg80211's lack of commit()
    - net: usb: qmi_wwan: added support for Thales Cinterion PLSx3 modem family
    - drivers: soc: atmel: Avoid calling at91_soc_init on non AT91 SoCs
    - drivers: soc: atmel: add null entry at the end of at91_soc_allowed_list[]
    - KVM: x86/pmu: Fix HW_REF_CPU_CYCLES event pseudo-encoding in
      intel_arch_events[]
    - KVM: x86: get smi pending status correctly
    - xen: Fix XenStore initialisation for XS_LOCAL
    - leds: trigger: fix potential deadlock with libata
    - mt7601u: fix kernel crash unplugging the device
    - mt7601u: fix rx buffer refcounting
    - xen-blkfront: allow discard-* nodes to be optional
    - ARM: imx: build suspend-imx6.S with arm instruction set
    - netfilter: nft_dynset: add timeout extension to template
    - xfrm: Fix oops in xfrm_replay_advance_bmp
    - RDMA/cxgb4: Fix the reported max_recv_sge value
    - iwlwifi: pcie: use jiffies for memory read spin time limit
    - iwlwifi: pcie: reschedule in long-running memory reads
    - mac80211: pause TX while changing interface type
    - can: dev: prevent potential information leak in can_fill_info()
    - x86/entry/64/compat: Preserve r8-r11 in int $0x80
    - x86/entry/64/compat: Fix "x86/entry/64/compat: Preserve r8-r11 in int $0x80"
    - iommu/vt-d: Gracefully handle DMAR units with no supported address widths
    - iommu/vt-d: Don't dereference iommu_device if IOMMU_API is not built
    - NFC: fix resource leak when target index is invalid
    - NFC: fix possible resource leak
    - team: protect features update by RCU to avoid deadlock
    - tcp: fix TLP timer not set when CA_STATE changes from DISORDER to OPEN
    - kernel: kexec: remove the lock operation of system_transition_mutex
    - PM: hibernate: flush swap writer after marking
    - pNFS/NFSv4: Fix a layout segment leak in pnfs_layout_process()
    - net/mlx5: Fix memory leak on flow table creation error flow
    - rxrpc: Fix memory leak in rxrpc_lookup_local
    - net: dsa: bcm_sf2: put device nod...

Changed in linux-kvm (Ubuntu Bionic):
status: Confirmed → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.