Ubuntu
linux package

Hirsute update: upstream stable patchset 2021-11-10

Hirsute (21.04)
Bug #1950516

Bug #1950516 reported by Kamal Mostafa on 2021-11-10

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	linux (Ubuntu)	Invalid	Undecided	Unassigned
	Hirsute	Fix Released	Medium	Kamal Mostafa

Bug Description

SRU Justification

    Impact:
       The upstream process for stable tree updates is quite similar
       in scope to the Ubuntu SRU process, e.g., each patch has to
       demonstrably fix a bug, and each patch is vetted by upstream
       by originating either directly from a mainline/stable Linux tree or
       a minimally backported form of that patch. The following upstream
       stable patches should be included in the Ubuntu kernel:

upstream stable patchset 2021-11-10

Ported from the following upstream stable releases:
v5.10.71, v5.14.10

from git://git.kernel.org/

tty: Fix out-of-bound vmalloc access in imageblit
cpufreq: schedutil: Use kobject release() method to free sugov_tunables
scsi: qla2xxx: Changes to support kdump kernel for NVMe BFS
cpufreq: schedutil: Destroy mutex before kobject_put() frees the memory
usb: cdns3: fix race condition before setting doorbell
ACPI: NFIT: Use fallback node id when numa info in NFIT table is incorrect
fs-verity: fix signed integer overflow with i_size near S64_MAX
hwmon: (tmp421) handle I2C errors
hwmon: (w83793) Fix NULL pointer dereference by removing unnecessary structure field
hwmon: (w83792d) Fix NULL pointer dereference by removing unnecessary structure field
hwmon: (w83791d) Fix NULL pointer dereference by removing unnecessary structure field
gpio: pca953x: do not ignore i2c errors
scsi: ufs: Fix illegal offset in UPIU event trace
mac80211: fix use-after-free in CCMP/GCMP RX
x86/kvmclock: Move this_cpu_pvti into kvmclock.h
KVM: x86: Fix stack-out-of-bounds memory access from ioapic_write_indirect()
KVM: x86: nSVM: don't copy virt_ext from vmcb12
KVM: nVMX: Filter out all unsupported controls when eVMCS was activated
media: ir_toy: prevent device from hanging during transmit
RDMA/cma: Do not change route.addr.src_addr.ss_family
drm/amd/display: Pass PCI deviceid into DC
drm/amdgpu: correct initial cp_hqd_quantum for gfx9
ipvs: check that ip_vs_conn_tab_bits is between 8 and 20
bpf: Handle return value of BPF_PROG_TYPE_STRUCT_OPS prog
IB/cma: Do not send IGMP leaves for sendonly Multicast groups
RDMA/cma: Fix listener leak in rdma_cma_listen_on_all() failure
bpf, mips: Validate conditional branch offsets
hwmon: (mlxreg-fan) Return non-zero value when fan current state is enforced from sysfs
mac80211: Fix ieee80211_amsdu_aggregate frag_tail bug
mac80211: limit injected vht mcs/nss in ieee80211_parse_tx_radiotap
mac80211: mesh: fix potentially unaligned access
mac80211-hwsim: fix late beacon hrtimer handling
sctp: break out if skb_header_pointer returns NULL in sctp_rcv_ootb
mptcp: don't return sockets in foreign netns
hwmon: (tmp421) report /PVLD condition as fault
hwmon: (tmp421) fix rounding for negative values
net: enetc: fix the incorrect clearing of IF_MODE bits
net: ipv4: Fix rtnexthop len when RTA_FLOW is present
smsc95xx: fix stalled rx after link change
drm/i915/request: fix early tracepoints
dsa: mv88e6xxx: 6161: Use chip wide MAX MTU
dsa: mv88e6xxx: Fix MTU definition
dsa: mv88e6xxx: Include tagger overhead when setting MTU for DSA and CPU ports
e100: fix length calculation in e100_get_regs_len
e100: fix buffer overrun in e100_get_regs
bpf: Exempt CAP_BPF from checks against bpf_jit_limit
selftests, bpf: Fix makefile dependencies on libbpf
selftests, bpf: test_lwt_ip_encap: Really disable rp_filter
UBUNTU: [Config] updateconfigs for ks8851 modules
net: ks8851: fix link error
scsi: csiostor: Add module softdep on cxgb4
ixgbe: Fix NULL pointer dereference in ixgbe_xdp_setup
net: hns3: do not allow call hns3_nic_net_open repeatedly
net: hns3: fix mixed flag HCLGE_FLAG_MQPRIO_ENABLE and HCLGE_FLAG_DCB_ENABLE
net: hns3: fix show wrong state when add existing uc mac address
net: hns3: fix prototype warning
net: hns3: reconstruct function hns3_self_test
net: hns3: fix always enable rx vlan filter problem after selftest
net: phy: bcm7xxx: Fixed indirect MMD operations
net: sched: flower: protect fl_walk() with rcu
af_unix: fix races in sk_peer_pid and sk_peer_cred accesses
perf/x86/intel: Update event constraints for ICX
hwmon: (pmbus/mp2975) Add missed POUT attribute for page 1 mp2975 controller
nvme: add command id quirk for apple controllers
elf: don't use MAP_FIXED_NOREPLACE for elf interpreter mappings
debugfs: debugfs_create_file_size(): use IS_ERR to check for error
ipack: ipoctal: fix stack information leak
ipack: ipoctal: fix tty registration race
ipack: ipoctal: fix tty-registration error handling
ipack: ipoctal: fix missing allocation-failure check
ipack: ipoctal: fix module reference leak
ext4: fix loff_t overflow in ext4_max_bitmap_size()
ext4: limit the number of blocks in one ADD_RANGE TLV
ext4: fix reserved space counter leakage
ext4: add error checking to ext4_ext_replay_set_iblocks()
ext4: fix potential infinite loop in ext4_dx_readdir()
HID: u2fzero: ignore incomplete packets without data
net: udp: annotate data race around udp_sk(sk)->corkflag
ASoC: dapm: use component prefix when checking widget names
usb: hso: remove the bailout parameter
HID: betop: fix slab-out-of-bounds Write in betop_probe
netfilter: ipset: Fix oversized kvmalloc() calls
mm: don't allow oversized kvmalloc() calls
HID: usbhid: free raw_report buffers in usbhid_stop
KVM: x86: Handle SRCU initialization failure during page track init
netfilter: conntrack: serialize hash resizes and cleanups
netfilter: nf_tables: Fix oversized kvmalloc() calls
media: cedrus: Fix SUNXI tile size calculation
media: s5p-jpeg: rename JPEG marker constants to prevent build warnings
ASoC: fsl_spdif: register platform component before registering cpu dai
ASoC: fsl_xcvr: register platform component before registering cpu dai
ASoC: mediatek: common: handle NULL case in suspend/resume function
ASoC: SOF: Fix DSP oops stack dump output contents
ASoC: SOF: imx: imx8: Bar index is only valid for IRAM and SRAM types
ASoC: SOF: imx: imx8m: Bar index is only valid for IRAM and SRAM types
pinctrl: qcom: spmi-gpio: correct parent irqspec translation
s390/qeth: Fix deadlock in remove_discipline
s390/qeth: fix deadlock during failing recovery
m68k: Update ->thread.esp0 before calling syscall_trace() in ret_from_signal
NIOS2: fix kconfig unmet dependency warning for SERIAL_CORE_CONSOLE
kasan: fix Kconfig check of CC_HAS_WORKING_NOSANITIZE_ADDRESS
perf test: Fix DWARF unwind for optimized builds.
watchdog/sb_watchdog: fix compilation problem due to COMPILE_TEST
ALSA: firewire-motu: fix truncated bytes in message tracepoints
RDMA/cma: Ensure rdma_addr_cancel() happens before issuing more requests
nbd: use shifts rather than multiplies
drm/amd/display: initialize backlight_ramping_override to false
drm/amdgpu: check tiling flags when creating FB on GFX8-
RDMA/hns: Fix the size setting error when copying CQE in clean_cq()
RDMA/hns: Add the check of the CQE size of the user space
net: hns3: remove tc enable checking
net: hns3: don't rollback when destroy mqprio fail
net: hns3: disable firmware compatible features when uninstall PF
hwmon: (occ) Fix P10 VRM temp sensors
ext4: flush s_error_work before journal destroy in ext4_fill_super
UBUNTU: upstream stable to v5.10.71, v5.14.10

See original description

Tags:

CVE References

Kamal Mostafa (kamalmostafa) on 2021-11-10

Changed in linux (Ubuntu):
status:	New → Confirmed
tags:	added: kernel-stable-tracking-bug
Changed in linux (Ubuntu Hirsute):
status:	New → In Progress
importance:	Undecided → Medium
assignee:	nobody → Kamal Mostafa (kamalmostafa)
Changed in linux (Ubuntu):
status:	Confirmed → Invalid

Kamal Mostafa (kamalmostafa) on 2021-11-10

description:

updated

Stefan Bader (smb) on 2021-11-12

Changed in linux (Ubuntu Hirsute):
status:	In Progress → Fix Committed

Revision history for this message

Launchpad Janitor (janitor) wrote on 2022-01-04:

Download full text (32.7 KiB)

This bug was fixed in the package linux - 5.11.0-44.48

---------------
linux (5.11.0-44.48) hirsute; urgency=medium

* hirsute/linux: 5.11.0-44.48 -proposed tracker (LP: #1954388)

* Add F81966 watchdog support (LP: #1949063)
- SAUCE: watchdog: f71808e_wdt: Add F81966 support

linux (5.11.0-42.46) hirsute; urgency=medium

* hirsute/linux: 5.11.0-42.46 -proposed tracker (LP: #1952278)

  * Packaging resync (LP: #1786013)
    - [Packaging] resync update-dkms-versions helper
    - debian/dkms-versions -- update from kernel-versions (main/2021.11.29)

* CVE-2021-4002
- hugetlbfs: flush TLBs correctly after huge_pmd_unshare

* CVE-2021-43267
- tipc: fix size validations for the MSG_CRYPTO type

This bug was fixed in the package linux - 5.11.0-44.48

---------------
linux (5.11.0-44.48) hirsute; urgency=medium

* hirsute/linux: 5.11.0-44.48 -proposed tracker (LP: #1954388)

* Add F81966 watchdog support (LP: #1949063)
    - SAUCE: watchdog: f71808e_wdt: Add F81966 support

linux (5.11.0-42.46) hirsute; urgency=medium

* hirsute/linux: 5.11.0-42.46 -proposed tracker (LP: #1952278)

* Packaging resync (LP: #1786013)
    - [Packaging] resync update-dkms-versions helper
    - debian/dkms-versions -- update from kernel-versions (main/2021.11.29)

* CVE-2021-4002
    - hugetlbfs: flush TLBs correctly after huge_pmd_unshare

* CVE-2021-43267
    - tipc: fix size validations for the MSG_CRYPTO type

* Hirsute update: upstream stable patchset 2021-11-24 (LP: #1952136)
    - ext4: check and update i_disksize properly
    - ext4: correct the error path of ext4_write_inline_data_end()
    - ASoC: Intel: sof_sdw: tag SoundWire BEs as non-atomic
    - HID: apple: Fix logical maximum and usage maximum of Magic Keyboard JIS
    - netfilter: ip6_tables: zero-initialize fragment offset
    - HID: wacom: Add new Intuos BT (CTL-4100WL/CTL-6100WL) device IDs
    - ASoC: SOF: loader: release_firmware() on load failure to avoid batching
    - netfilter: nf_nat_masquerade: make async masq_inet6_event handling generic
    - netfilter: nf_nat_masquerade: defer conntrack walk to work queue
    - mac80211: Drop frames from invalid MAC address in ad-hoc mode
    - m68k: Handle arrivals of multiple signals correctly
    - hwmon: (ltc2947) Properly handle errors when looking for the external clock
    - net: prevent user from passing illegal stab size
    - mac80211: check return value of rhashtable_init
    - vboxfs: fix broken legacy mount signature checking
    - net: sun: SUNVNET_COMMON should depend on INET
    - drm/amdgpu: fix gart.bo pin_count leak
    - scsi: ses: Fix unsigned comparison with less than zero
    - scsi: virtio_scsi: Fix spelling mistake "Unsupport" -> "Unsupported"
    - perf/core: fix userpage->time_enabled of inactive events
    - sched: Always inline is_percpu_thread()
    - hwmon: (pmbus/ibm-cffps) max_power_out swap changes
    - ALSA: usb-audio: Unify mixer resume and reset_resume procedure
    - pinctrl: qcom: sc7280: Add PM suspend callbacks
    - io_uring: kill fasync
    - ALSA: usb-audio: Add quirk for VF0770
    - ALSA: pcm: Workaround for a wrong offset in SYNC_PTR compat ioctl
    - ALSA: seq: Fix a potential UAF by wrong private_free call order
    - ALSA: hda/realtek: Enable 4-speaker output for Dell Precision 5560 laptop
    - ALSA: hda - Enable headphone mic on Dell Latitude laptops with ALC3254
    - ALSA: hda/realtek: Complete partial device name to avoid ambiguity
    - ALSA: hda/realtek: Add quirk for Clevo X170KM-G
    - ALSA: hda/realtek - ALC236 headset MIC recording issue
    - ALSA: hda/realtek: Add quirk for TongFang PHxTxX1
    - ALSA: hda/realtek: Fix the mic type detection issue for ASUS G551JW
    - nds32/ftrace: Fix Error: invalid operands (*UND* and *UND* sections) for `^'
    - s390: fix strrchr() implementation
    - clk: socfpga: agilex: fix duplicate s2f_user0_clk
    - csky: don't let sigreturn play with priveleged bits of status register
    - csky: Fixup regs.sr broken in ptrace
    - arm64/hugetlb: fix CMA gigantic page order for non-4K PAGE_SIZE
    - drm/msm: Avoid potential overflow in timeout_to_jiffies()
    - btrfs: unlock newly allocated extent buffer after error
    - btrfs: deal with errors when replaying dir entry during log replay
    - btrfs: deal with errors when adding inode reference during log replay
    - btrfs: check for error when looking up inode during dir entry replay
    - btrfs: update refs for any root except tree log roots
    - btrfs: fix abort logic in btrfs_replace_file_extents
    - x86/resctrl: Free the ctrlval arrays when domain_setup_mon_state() fails
    - mei: me: add Ice Lake-N device id.
    - USB: xhci: dbc: fix tty registration race
    - xhci: guard accesses to ep_state in xhci_endpoint_reset()
    - xhci: Fix command ring pointer corruption while aborting a command
    - xhci: Enable trust tx length quirk for Fresco FL11 USB controller
    - cb710: avoid NULL pointer subtraction
    - efi/cper: use stack buffer for error record decoding
    - efi: Change down_interruptible() in virt_efi_reset_system() to
      down_trylock()
    - usb: musb: dsps: Fix the probe error path
    - Input: xpad - add support for another USB ID of Nacon GC-100
    - USB: serial: qcserial: add EM9191 QDL support
    - USB: serial: option: add Quectel EC200S-CN module support
    - USB: serial: option: add Telit LE910Cx composition 0x1204
    - USB: serial: option: add prod. id for Quectel EG91
    - misc: fastrpc: Add missing lock before accessing find_vma()
    - EDAC/armada-xp: Fix output of uncorrectable error counter
    - nvmem: Fix shift-out-of-bound (UBSAN) with byte size cells
    - x86/Kconfig: Do not enable AMD_MEM_ENCRYPT_ACTIVE_BY_DEFAULT automatically
    - powerpc/xive: Discard disabled interrupts in get_irqchip_state()
    - iio: adc: aspeed: set driver data when adc probe.
    - drivers: bus: simple-pm-bus: Add support for probing simple bus only devices
    - driver core: Reject pointless SYNC_STATE_ONLY device links
    - iio: adc: ad7192: Add IRQ flag
    - iio: adc: ad7780: Fix IRQ flag
    - iio: adc: ad7793: Fix IRQ flag
    - iio: adc128s052: Fix the error handling path of 'adc128_probe()'
    - iio: adc: max1027: Fix wrong shift with 12-bit devices
    - iio: mtk-auxadc: fix case IIO_CHAN_INFO_PROCESSED
    - iio: light: opt3001: Fixed timeout error when 0 lux
    - iio: adc: max1027: Fix the number of max1X31 channels
    - iio: ssp_sensors: add more range checking in ssp_parse_dataframe()
    - iio: ssp_sensors: fix error code in ssp_print_mcu_debug()
    - iio: dac: ti-dac5571: fix an error code in probe()
    - tee: optee: Fix missing devices unregister during optee_remove
    - ARM: dts: bcm2711-rpi-4-b: Fix usb's unit address
    - ARM: dts: bcm2711: fix MDIO #address- and #size-cells
    - ARM: dts: bcm2711-rpi-4-b: fix sd_io_1v8_reg regulator states
    - ARM: dts: bcm2711-rpi-4-b: Fix pcie0's unit address formatting
    - nvme-pci: Fix abort command id
    - sctp: account stream padding length for reconf chunk
    - gpio: pca953x: Improve bias setting
    - net: arc: select CRC32
    - net: korina: select CRC32
    - net/mlx5e: Fix memory leak in mlx5_core_destroy_cq() error path
    - net/mlx5e: Mutually exclude RX-FCS and RX-port-timestamp
    - net: stmmac: fix get_hw_feature() on old hardware
    - net: dsa: microchip: Added the condition for scheduling ksz_mib_read_work
    - net: encx24j600: check error in devm_regmap_init_encx24j600
    - ethernet: s2io: fix setting mac address during resume
    - vhost-vdpa: Fix the wrong input in config_cb
    - nfc: fix error handling of nfc_proto_register()
    - NFC: digital: fix possible memory leak in digital_tg_listen_mdaa()
    - NFC: digital: fix possible memory leak in digital_in_send_sdd_req()
    - pata_legacy: fix a couple uninitialized variable bugs
    - ata: ahci_platform: fix null-ptr-deref in ahci_platform_enable_regulators()
    - mlxsw: thermal: Fix out-of-bounds memory accesses
    - platform/mellanox: mlxreg-io: Fix argument base in kstrtou32() call
    - platform/mellanox: mlxreg-io: Fix read access of n-bytes size attributes
    - spi: bcm-qspi: clear MSPI spifie interrupt during probe
    - drm/panel: olimex-lcd-olinuxino: select CRC32
    - drm/edid: In connector_bad_edid() cap num_of_ext by num_blocks read
    - drm/msm: Fix null pointer dereference on pointer edp
    - drm/msm/mdp5: fix cursor-related warnings
    - drm/msm/a6xx: Track current ctx by seqno
    - drm/msm/dsi: Fix an error code in msm_dsi_modeset_init()
    - drm/msm/dsi: fix off by one in dsi_bus_clk_enable error handling
    - acpi/arm64: fix next_platform_timer() section mismatch error
    - platform/x86: intel_scu_ipc: Fix busy loop expiry time
    - mqprio: Correct stats in mqprio_dump_class_stats().
    - qed: Fix missing error code in qed_slowpath_start()
    - r8152: select CRC32 and CRYPTO/CRYPTO_HASH/CRYPTO_SHA256
    - nfp: flow_offload: move flow_indr_dev_register from app init to app start
    - net: mscc: ocelot: warn when a PTP IRQ is raised for an unknown skb
    - ionic: don't remove netdev->dev_addr when syncing uc list
    - net: dsa: mv88e6xxx: don't use PHY_DETECT on internal PHY's
    - iio: adis16480: fix devices that do not support sleep mode
    - net/smc: improved fix wait on already cleared link
    - net: phy: Do not shutdown PHYs in READY state
    - net: dsa: fix spurious error message when unoffloaded port leaves bridge
    - drm/msm/submit: fix overflow check on 64-bit architectures
    - drm/msm/a4xx: fix error handling in a4xx_gpu_init()
    - drm/msm/a3xx: fix error handling in a3xx_gpu_init()
    - parisc: math-emu: Fix fall-through warnings
    - xhci: add quirk for host controllers that don't update endpoint DCS
    - arm: dts: vexpress-v2p-ca9: Fix the SMB unit-address
    - ARM: dts: at91: sama5d2_som1_ek: disable ISC node by default
    - block: decode QUEUE_FLAG_HCTX_ACTIVE in debugfs output
    - xen/x86: prevent PVH type from getting clobbered
    - drm/amdgpu/display: fix dependencies for DRM_AMD_DC_SI
    - xtensa: xtfpga: use CONFIG_USE_OF instead of CONFIG_OF
    - xtensa: xtfpga: Try software restart before simulating CPU reset
    - NFSD: Keep existing listeners on portlist error
    - netfilter: xt_IDLETIMER: fix panic that occurs when timer_type has garbage
      value
    - dma-debug: fix sg checks in debug_dma_map_sg()
    - ASoC: wm8960: Fix clock configuration on slave mode
    - ice: fix getting UDP tunnel entry
    - netfilter: ip6t_rt: fix rt0_hdr parsing in rt_mt6
    - netfilter: ipvs: make global sysctl readonly in non-init netns
    - lan78xx: select CRC32
    - tcp: md5: Fix overlap between vrf and non-vrf keys
    - ipv6: When forwarding count rx stats on the orig netdev
    - net: dsa: lantiq_gswip: fix register definition
    - NIOS2: irqflags: rename a redefined register name
    - powerpc/smp: do not decrement idle task preempt count in CPU offline
    - net: hns3: reset DWRR of unused tc to zero
    - net: hns3: add limit ets dwrr bandwidth cannot be 0
    - net: hns3: schedule the polling again when allocation fails
    - net: hns3: fix vf reset workqueue cannot exit
    - net: hns3: disable sriov before unload hclge layer
    - net: stmmac: Fix E2E delay mechanism
    - e1000e: Fix packet loss on Tiger Lake and later
    - ice: Add missing E810 device ids
    - drm/panel: ilitek-ili9881c: Fix sync for Feixin K101-IM2BYL02 panel
    - net: enetc: fix ethtool counter name for PM0_TERR
    - can: rcar_can: fix suspend/resume
    - can: peak_usb: pcan_usb_fd_decode_status(): fix back to ERROR_ACTIVE state
      notification
    - can: peak_pci: peak_pci_remove(): fix UAF
    - can: isotp: isotp_sendmsg(): fix return error on FC timeout on TX path
    - can: isotp: isotp_sendmsg(): add result check for wait_event_interruptible()
    - can: j1939: j1939_tp_rxtimer(): fix errant alert in j1939_tp_rxtimer
    - can: j1939: j1939_netdev_start(): fix UAF for rx_kref of j1939_priv
    - can: j1939: j1939_xtp_rx_dat_one(): cancel session if receive TP.DT with
      error length
    - can: j1939: j1939_xtp_rx_rts_session_new(): abort TP less than 9 bytes
    - ceph: skip existing superblocks that are blocklisted or shut down when
      mounting
    - ceph: fix handling of "meta" errors
    - ocfs2: fix data corruption after conversion from inline format
    - ocfs2: mount fails with buffer overflow in strlen
    - userfaultfd: fix a race between writeprotect and exit_mmap()
    - elfcore: correct reference to CONFIG_UML
    - ALSA: usb-audio: Provide quirk for Sennheiser GSP670 Headset
    - ALSA: hda/realtek: Add quirk for Clevo PC50HS
    - ASoC: DAPM: Fix missing kctl change notifications
    - audit: fix possible null-pointer dereference in audit_filter_rules
    - net: dsa: mt7530: correct ds->num_ports
    - powerpc64/idle: Fix SP offsets when saving GPRs
    - KVM: PPC: Book3S HV: Fix stack handling in idle_kvm_start_guest()
    - KVM: PPC: Book3S HV: Make idle_kvm_start_guest() return 0 if it went to
      guest
    - powerpc/idle: Don't corrupt back chain when going idle
    - mm, slub: fix mismatch between reconstructed freelist depth and cnt
    - mm, slub: fix potential memoryleak in kmem_cache_open()
    - mm, slub: fix incorrect memcg slab count for bulk free
    - KVM: nVMX: promptly process interrupts delivered while in guest mode
    - nfc: nci: fix the UAF of rf_conn_info object
    - isdn: cpai: check ctr->cnr to avoid array index out of bound
    - netfilter: Kconfig: use 'default y' instead of 'm' for bool config option
    - selftests: netfilter: remove stray bash debug line
    - net: bridge: mcast: use multicast_membership_interval for IGMPv3
    - drm: mxsfb: Fix NULL pointer dereference crash on unload
    - net: hns3: fix the max tx size according to user manual
    - gcc-plugins/structleak: add makefile var for disabling structleak
    - btrfs: deal with errors when checking if a dir entry exists during log
      replay
    - net: stmmac: add support for dwmac 3.40a
    - ARM: dts: spear3xx: Fix gmac node
    - isdn: mISDN: Fix sleeping function called from invalid context
    - platform/x86: intel_scu_ipc: Update timeout value in comment
    - ALSA: hda: avoid write to STATESTS if controller is in reset
    - libperf tests: Fix test_stat_cpu
    - perf/x86/msr: Add Sapphire Rapids CPU support
    - Input: snvs_pwrkey - add clk handling
    - scsi: iscsi: Fix set_param() handling
    - scsi: qla2xxx: Fix a memory leak in an error path of qla2x00_process_els()
    - sched/scs: Reset the shadow stack when idle_task_exit
    - net: hns3: fix for miscalculation of rx unused desc
    - scsi: core: Fix shost->cmd_per_lun calculation in scsi_add_host_with_dma()
    - can: isotp: isotp_sendmsg(): fix TX buffer concurrent access in
      isotp_sendmsg()
    - s390/pci: fix zpci_zdev_put() on reserve
    - bpf, test, cgroup: Use sk_{alloc,free} for test cases
    - tracing: Have all levels of checks prevent recursion
    - e1000e: Separate TGP board type from SPT
    - selftests: bpf: fix backported ASSERT_FALSE
    - ARM: 9122/1: select HAVE_FUTEX_CMPXCHG
    - pinctrl: stm32: use valid pin identifier in stm32_pinctrl_resume()
    - r8152: avoid to resubmit rx immediately
    - powerpc/lib: Add helper to check if offset is within conditional branch
      range
    - powerpc/security: Add a helper to query stf_barrier type
    - ASoC: pcm512x: Mend accesses to the I2S_1 and I2S_2 registers
    - ASoC: fsl_xcvr: Fix channel swap issue with ARC
    - netfilter: nf_tables: skip netdev events generated on netns removal
    - ice: Print the api_patch as part of the fw.mgmt.api
    - sctp: fix transport encap_port update in sctp_vtag_verify
    - net/sched: act_ct: Fix byte count on fragmented packets
    - net: dsa: Fix an error handling path in 'dsa_switch_parse_ports_of()'
    - igc: Update I226_K device ID
    - drm/kmb: Work around for higher system clock
    - drm/kmb: Remove clearing DPHY regs
    - drm/kmb: Corrected typo in handle_lcd_irq
    - drm/kmb: Enable ADV bridge after modeset
    - net: enetc: make sure all traffic classes can send large frames
    - KVM: SEV-ES: rename guest_ins_data to sev_pio_data
    - KVM: SEV-ES: clean up kvm_sev_es_ins/outs
    - KVM: SEV-ES: keep INS functions together
    - KVM: SEV-ES: fix length of string I/O
    - KVM: SEV-ES: go over the sev_pio_data buffer in multiple passes if needed
    - KVM: x86: leave vcpu->arch.pio.count alone in emulator_pio_in_out
    - KVM: x86: split the two parts of emulator_pio_in
    - KVM: x86: remove unnecessary arguments from complete_emulator_pio_in
    - drm/msm/a6xx: Serialize GMU communication
    - device property: build kunit tests without structleak plugin
    - thunderbolt: build kunit tests without structleak plugin
    - platform/x86: intel_scu_ipc: Increase virtual timeout to 10s
    - spi: Fix deadlock when adding SPI controllers on SPI buses
    - spi-mux: Fix false-positive lockdep splats
    - mm/thp: decrease nr_thps in file's mapping on THP split
    - drm/kmb: Disable change of plane parameters
    - drm/kmb: Enable alpha blended second plane
    - drm/kmb: Limit supported mode to 1080p

* Updates to ib_peer_memory requested by Nvidia (LP: #1947206)
    - SAUCE: RDMA/core: Updated ib_peer_memory

* cpufreq: intel_pstate: Clear HWP desired on suspend/shutdown and offline
    (LP: #1950584)
    - cpufreq: intel_pstate: Clear HWP desired on suspend/shutdown and offline

* keyboard not working on Medion notebook s17 series (LP: #1950536)
    - ACPI: resources: Add one more Medion model in IRQ override quirk

* [UBUNTU 20.04] kernel:  unable to read partitions on virtio-block dasd (kvm)
    (LP: #1950144)
    - virtio: write back F_VERSION_1 before validate

* Let NVMe with HMB use native power control again (LP: #1950042)
    - nvme-pci: use attribute group for cmb sysfs
    - nvme-pci: cmb sysfs: one file, one value
    - nvme-pci: disable hmb on idle suspend
    - nvme: allow user toggling hmb usage

* creat09 from ubuntu_ltp_syscalls and cve-2018-13405 from ubuntu_ltp/cve
    failed with XFS (LP: #1950239)
    - xfs: fix up non-directory creation in SGID directories

* ubuntu_ltp / finit_module02 fails on v4.15 and other kernels (LP: #1950644)
    - vfs: check fd has read access in kernel_read_file_from_fd()

* reuseport_bpf_numa in net from ubuntu_kernel_selftests fails on ppc64le
    (LP: #1867570)
    - selftests/net: Fix reuseport_bpf_numa by skipping unavailable nodes

* Hirsute update: upstream stable patchset 2021-11-19 (LP: #1951643)
    - Partially revert "usb: Kconfig: using select for USB_COMMON dependency"
    - usb: chipidea: ci_hdrc_imx: Also search for 'phys' phandle
    - USB: cdc-acm: fix racy tty buffer accesses
    - USB: cdc-acm: fix break reporting
    - usb: typec: tcpm: handle SRC_STARTUP state if cc changes
    - drm/nouveau/kms/tu102-: delay enabling cursor until after assign_windows
    - xen/privcmd: fix error handling in mmap-resource processing
    - mmc: meson-gx: do not use memcpy_to/fromio for dram-access-quirk
    - mmc: sdhci-of-at91: wait for calibration done before proceed
    - mmc: sdhci-of-at91: replace while loop with read_poll_timeout
    - ovl: fix missing negative dentry check in ovl_rename()
    - ovl: fix IOCB_DIRECT if underlying fs doesn't support direct IO
    - nfsd: fix error handling of register_pernet_subsys() in init_nfsd()
    - nfsd4: Handle the NFSv4 READDIR 'dircount' hint being zero
    - SUNRPC: fix sign error causing rpcsec_gss drops
    - xen/balloon: fix cancelled balloon action
    - ARM: dts: omap3430-sdp: Fix NAND device node
    - ARM: dts: imx6dl-yapp4: Fix lp5562 LED driver probe
    - ARM: dts: qcom: apq8064: use compatible which contains chipid
    - riscv: Flush current cpu icache before other cpus
    - bus: ti-sysc: Add break in switch statement in sysc_init_soc()
    - soc: qcom: socinfo: Fixed argument passed to platform_set_data()
    - ARM: dts: qcom: apq8064: Use 27MHz PXO clock as DSI PLL reference
    - ARM: at91: pm: do not panic if ram controllers are not enabled
    - soc: qcom: mdt_loader: Drop PT_LOAD check on hash segment
    - ARM: dts: imx: Add missing pinctrl-names for panel on M53Menlo
    - ARM: dts: imx: Fix USB host power regulator polarity on M53Menlo
    - ARM: dts: imx6qdl-pico: Fix Ethernet support
    - PCI: hv: Fix sleep while in non-sleep context when removing child devices
      from the bus
    - ath5k: fix building with LEDS=m
    - arm64: dts: qcom: pm8150: use qcom,pm8998-pon binding
    - xtensa: use CONFIG_USE_OF instead of CONFIG_OF
    - xtensa: call irqchip_init only when CONFIG_USE_OF is selected
    - iwlwifi: pcie: add configuration of a Wi-Fi adapter on Dell XPS 15
    - bpf, arm: Fix register clobbering in div/mod implementation
    - soc: ti: omap-prm: Fix external abort for am335x pruss
    - bpf: Fix integer overflow in prealloc_elems_and_freelist()
    - net/mlx5e: IPSEC RX, enable checksum complete
    - net/mlx5: E-Switch, Fix double allocation of acl flow counter
    - phy: mdio: fix memory leak
    - net_sched: fix NULL deref in fifo_set_limit()
    - powerpc/fsl/dts: Fix phy-connection-type for fm1mac3
    - ptp_pch: Load module automatically if ID matches
    - dt-bindings: drm/bridge: ti-sn65dsi86: Fix reg value
    - ARM: imx6: disable the GIC CPU interface before calling stby-poweroff
      sequence
    - net: bridge: use nla_total_size_64bit() in br_get_linkxstats_size()
    - net: bridge: fix under estimation in br_get_linkxstats_size()
    - net/sched: sch_taprio: properly cancel timer from taprio_destroy()
    - net: sfp: Fix typo in state machine debug string
    - netlink: annotate data races around nlk->bound
    - bus: ti-sysc: Use CLKDM_NOAUTO for dra7 dcan1 for errata i893
    - drm/sun4i: dw-hdmi: Fix HDMI PHY clock setup
    - video: fbdev: gbefb: Only instantiate device when built for IP32
    - drm/nouveau: avoid a use-after-free when BO init fails
    - drm/nouveau/kms/nv50-: fix file release memory leak
    - drm/nouveau/debugfs: fix file release memory leak
    - gve: Correct available tx qpl check
    - gve: Avoid freeing NULL pointer
    - rtnetlink: fix if_nlmsg_stats_size() under estimation
    - gve: fix gve_get_stats()
    - gve: report 64bit tx_bytes counter from gve_handle_report_stats()
    - i40e: fix endless loop under rtnl
    - i40e: Fix freeing of uninitialized misc IRQ vector
    - net: prefer socket bound to interface when not in VRF
    - powerpc/iommu: Report the correct most efficient DMA mask for PCI devices
    - i2c: acpi: fix resource leak in reconfiguration device addition
    - i2c: mediatek: Add OFFSET_EXT_CONF setting back
    - riscv/vdso: make arch_setup_additional_pages wait for mmap_sem for write
      killable
    - bpf, s390: Fix potential memory leak about jit_data
    - RISC-V: Include clone3() on rv32
    - powerpc/bpf: Fix BPF_SUB when imm == 0x80000000
    - powerpc/64s: fix program check interrupt emergency stack path
    - pseries/eeh: Fix the kdump kernel crash during eeh_pseries_init
    - x86/platform/olpc: Correct ifdef symbol to intended CONFIG_OLPC_XO15_SCI
    - x86/Kconfig: Correct reference to MWINCHIP3D
    - x86/sev: Return an error on a returned non-zero SW_EXITINFO1[31:0]
    - x86/entry: Correct reference to intended CONFIG_64_BIT
    - x86/entry: Clear X86_FEATURE_SMAP when CONFIG_X86_SMAP=n
    - x86/hpet: Use another crystalball to evaluate HPET usability
    - usb: typec: tcpci: don't handle vSafe0V event if it's not enabled
    - drm/i915: Extend the async flip VT-d w/a to skl/bxt
    - netfilter: nf_tables: add position handle in event notification
    - netfilter: nf_tables: reverse order in rule replacement expansion
    - netfilter: nf_tables: honor NLM_F_CREATE and NLM_F_EXCL in event
      notification
    - ARM: dts: imx: change the spi-nor tx
    - arm64: dts: imx8: change the spi-nor tx
    - arm64: dts: imx8mm-kontron-n801x-som: do not allow to switch off buck2
    - arm64: dts: ls1028a: fix eSDHC2 node
    - drm/i915/bdb: Fix version check
    - drm/amdgpu: handle the case of pci_channel_io_frozen only in
      amdgpu_pci_resume
    - perf jevents: Free the sys_event_tables list after processing entries
    - drm/panel: abt-y030xx067a: yellow tint fix
    - gve: Properly handle errors in gve_assign_qpl
    - riscv: explicitly use symbol offsets for VDSO
    - RISC-V: Fix VDSO build for !MMU
    - riscv/vdso: Refactor asm/vdso.h
    - riscv/vdso: Move vdso data page up front
    - powerpc/traps: do not enable irqs in _exception

* Hirsute update: upstream stable patchset 2021-11-16 (LP: #1951159)
    - spi: rockchip: handle zero length transfers without timing out
    - platform/x86: touchscreen_dmi: Add info for the Chuwi HiBook (CWI514) tablet
    - platform/x86: touchscreen_dmi: Update info for the Chuwi Hi10 Plus (CWI527)
      tablet
    - nfsd: back channel stuck in SEQ4_STATUS_CB_PATH_DOWN
    - btrfs: replace BUG_ON() in btrfs_csum_one_bio() with proper error handling
    - btrfs: fix mount failure due to past and transient device flush error
    - net: mdio: introduce a shutdown method to mdio device drivers
    - xen-netback: correct success/error reporting for the SKB-with-fraglist case
    - sparc64: fix pci_iounmap() when CONFIG_PCI is not set
    - ext2: fix sleeping in atomic bugs on error
    - scsi: sd: Free scsi_disk device via put_device()
    - usb: testusb: Fix for showing the connection speed
    - usb: dwc2: check return value after calling platform_get_resource()
    - habanalabs/gaudi: fix LBW RR configuration
    - selftests: be sure to make khdr before other targets
    - selftests:kvm: fix get_warnings_count() ignoring fscanf() return warn
    - nvme-fc: update hardware queues before using them
    - nvme-fc: avoid race between time out and tear down
    - thermal/drivers/tsens: Fix wrong check for tzd in irq handlers
    - scsi: ses: Retry failed Send/Receive Diagnostic commands
    - irqchip/gic: Work around broken Renesas integration
    - smb3: correct smb3 ACL security descriptor
    - tools/vm/page-types: remove dependency on opt_file for idle page tracking
    - selftests: KVM: Align SMCCC call with the spec in steal_time
    - KVM: do not shrink halt_poll_ns below grow_start
    - kvm: x86: Add AMD PMU MSRs to msrs_to_save_all[]
    - KVM: x86: nSVM: restore int_vector in svm_clear_vintr
    - perf/x86: Reset destroy callback on event init failure
    - libata: Add ATA_HORKAGE_NO_NCQ_ON_ATI for Samsung 860 and 870 SSD.
    - afs: Add missing vnode validation checks
    - habanalabs/gaudi: use direct MSI in single mode
    - habanalabs: fail collective wait when not supported
    - block: don't call rq_qos_ops->done_bio if the bio isn't tracked
    - kasan: always respect CONFIG_KASAN_STACK

* Hirsute update: upstream stable patchset 2021-11-10 (LP: #1950516)
    - tty: Fix out-of-bound vmalloc access in imageblit
    - cpufreq: schedutil: Use kobject release() method to free sugov_tunables
    - scsi: qla2xxx: Changes to support kdump kernel for NVMe BFS
    - cpufreq: schedutil: Destroy mutex before kobject_put() frees the memory
    - usb: cdns3: fix race condition before setting doorbell
    - ACPI: NFIT: Use fallback node id when numa info in NFIT table is incorrect
    - fs-verity: fix signed integer overflow with i_size near S64_MAX
    - hwmon: (tmp421) handle I2C errors
    - hwmon: (w83793) Fix NULL pointer dereference by removing unnecessary
      structure field
    - hwmon: (w83792d) Fix NULL pointer dereference by removing unnecessary
      structure field
    - hwmon: (w83791d) Fix NULL pointer dereference by removing unnecessary
      structure field
    - gpio: pca953x: do not ignore i2c errors
    - scsi: ufs: Fix illegal offset in UPIU event trace
    - mac80211: fix use-after-free in CCMP/GCMP RX
    - x86/kvmclock: Move this_cpu_pvti into kvmclock.h
    - KVM: x86: Fix stack-out-of-bounds memory access from ioapic_write_indirect()
    - KVM: x86: nSVM: don't copy virt_ext from vmcb12
    - KVM: nVMX: Filter out all unsupported controls when eVMCS was activated
    - media: ir_toy: prevent device from hanging during transmit
    - RDMA/cma: Do not change route.addr.src_addr.ss_family
    - drm/amd/display: Pass PCI deviceid into DC
    - drm/amdgpu: correct initial cp_hqd_quantum for gfx9
    - ipvs: check that ip_vs_conn_tab_bits is between 8 and 20
    - bpf: Handle return value of BPF_PROG_TYPE_STRUCT_OPS prog
    - IB/cma: Do not send IGMP leaves for sendonly Multicast groups
    - RDMA/cma: Fix listener leak in rdma_cma_listen_on_all() failure
    - bpf, mips: Validate conditional branch offsets
    - hwmon: (mlxreg-fan) Return non-zero value when fan current state is enforced
      from sysfs
    - mac80211: Fix ieee80211_amsdu_aggregate frag_tail bug
    - mac80211: limit injected vht mcs/nss in ieee80211_parse_tx_radiotap
    - mac80211: mesh: fix potentially unaligned access
    - mac80211-hwsim: fix late beacon hrtimer handling
    - sctp: break out if skb_header_pointer returns NULL in sctp_rcv_ootb
    - mptcp: don't return sockets in foreign netns
    - hwmon: (tmp421) report /PVLD condition as fault
    - hwmon: (tmp421) fix rounding for negative values
    - net: enetc: fix the incorrect clearing of IF_MODE bits
    - net: ipv4: Fix rtnexthop len when RTA_FLOW is present
    - smsc95xx: fix stalled rx after link change
    - drm/i915/request: fix early tracepoints
    - dsa: mv88e6xxx: 6161: Use chip wide MAX MTU
    - dsa: mv88e6xxx: Fix MTU definition
    - dsa: mv88e6xxx: Include tagger overhead when setting MTU for DSA and CPU
      ports
    - e100: fix length calculation in e100_get_regs_len
    - e100: fix buffer overrun in e100_get_regs
    - bpf: Exempt CAP_BPF from checks against bpf_jit_limit
    - selftests, bpf: Fix makefile dependencies on libbpf
    - selftests, bpf: test_lwt_ip_encap: Really disable rp_filter
    - [Config] updateconfigs for ks8851 modules
    - net: ks8851: fix link error
    - scsi: csiostor: Add module softdep on cxgb4
    - ixgbe: Fix NULL pointer dereference in ixgbe_xdp_setup
    - net: hns3: do not allow call hns3_nic_net_open repeatedly
    - net: hns3: fix mixed flag HCLGE_FLAG_MQPRIO_ENABLE and HCLGE_FLAG_DCB_ENABLE
    - net: hns3: fix show wrong state when add existing uc mac address
    - net: hns3: fix prototype warning
    - net: hns3: reconstruct function hns3_self_test
    - net: hns3: fix always enable rx vlan filter problem after selftest
    - net: phy: bcm7xxx: Fixed indirect MMD operations
    - net: sched: flower: protect fl_walk() with rcu
    - af_unix: fix races in sk_peer_pid and sk_peer_cred accesses
    - perf/x86/intel: Update event constraints for ICX
    - hwmon: (pmbus/mp2975) Add missed POUT attribute for page 1 mp2975 controller
    - nvme: add command id quirk for apple controllers
    - elf: don't use MAP_FIXED_NOREPLACE for elf interpreter mappings
    - debugfs: debugfs_create_file_size(): use IS_ERR to check for error
    - ipack: ipoctal: fix stack information leak
    - ipack: ipoctal: fix tty registration race
    - ipack: ipoctal: fix tty-registration error handling
    - ipack: ipoctal: fix missing allocation-failure check
    - ipack: ipoctal: fix module reference leak
    - ext4: fix loff_t overflow in ext4_max_bitmap_size()
    - ext4: limit the number of blocks in one ADD_RANGE TLV
    - ext4: fix reserved space counter leakage
    - ext4: add error checking to ext4_ext_replay_set_iblocks()
    - ext4: fix potential infinite loop in ext4_dx_readdir()
    - HID: u2fzero: ignore incomplete packets without data
    - net: udp: annotate data race around udp_sk(sk)->corkflag
    - ASoC: dapm: use component prefix when checking widget names
    - usb: hso: remove the bailout parameter
    - HID: betop: fix slab-out-of-bounds Write in betop_probe
    - netfilter: ipset: Fix oversized kvmalloc() calls
    - mm: don't allow oversized kvmalloc() calls
    - HID: usbhid: free raw_report buffers in usbhid_stop
    - KVM: x86: Handle SRCU initialization failure during page track init
    - netfilter: conntrack: serialize hash resizes and cleanups
    - netfilter: nf_tables: Fix oversized kvmalloc() calls
    - media: cedrus: Fix SUNXI tile size calculation
    - media: s5p-jpeg: rename JPEG marker constants to prevent build warnings
    - ASoC: fsl_spdif: register platform component before registering cpu dai
    - ASoC: fsl_xcvr: register platform component before registering cpu dai
    - ASoC: mediatek: common: handle NULL case in suspend/resume function
    - ASoC: SOF: Fix DSP oops stack dump output contents
    - ASoC: SOF: imx: imx8: Bar index is only valid for IRAM and SRAM types
    - ASoC: SOF: imx: imx8m: Bar index is only valid for IRAM and SRAM types
    - pinctrl: qcom: spmi-gpio: correct parent irqspec translation
    - s390/qeth: Fix deadlock in remove_discipline
    - s390/qeth: fix deadlock during failing recovery
    - m68k: Update ->thread.esp0 before calling syscall_trace() in ret_from_signal
    - NIOS2: fix kconfig unmet dependency warning for SERIAL_CORE_CONSOLE
    - kasan: fix Kconfig check of CC_HAS_WORKING_NOSANITIZE_ADDRESS
    - perf test: Fix DWARF unwind for optimized builds.
    - watchdog/sb_watchdog: fix compilation problem due to COMPILE_TEST
    - ALSA: firewire-motu: fix truncated bytes in message tracepoints
    - RDMA/cma: Ensure rdma_addr_cancel() happens before issuing more requests
    - nbd: use shifts rather than multiplies
    - drm/amd/display: initialize backlight_ramping_override to false
    - drm/amdgpu: check tiling flags when creating FB on GFX8-
    - RDMA/hns: Fix the size setting error when copying CQE in clean_cq()
    - RDMA/hns: Add the check of the CQE size of the user space
    - net: hns3: remove tc enable checking
    - net: hns3: don't rollback when destroy mqprio fail
    - net: hns3: disable firmware compatible features when uninstall PF
    - hwmon: (occ) Fix P10 VRM temp sensors
    - ext4: flush s_error_work before journal destroy in ext4_fill_super

-- Stefan Bader <stefan.bader@canonical.com>  Fri, 10 Dec 2021 10:23:45 +0100

Changed in linux (Ubuntu Hirsute):
status:	Fix Committed → Fix Released

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.

Ubuntulinux package