This bug was fixed in the package linux-oem-5.14 - 5.14.0-1008.8 --------------- linux-oem-5.14 (5.14.0-1008.8) focal; urgency=medium * focal/linux-oem-5.14: 5.14.0-1008.8 -proposed tracker (LP: #1949844) * Packaging resync (LP: #1786013) - [Packaging] update update.conf - debian/dkms-versions -- update from kernel-versions (main/2021.11.08) * Let NVMe with HMB use native power control again (LP: #1950042) - nvme-pci: use attribute group for cmb sysfs - nvme-pci: cmb sysfs: one file, one value - nvme-pci: disable hmb on idle suspend - nvme: allow user toggling hmb usage * Add s0i3 RTC wake up for AMD systems (LP: #1950013) - platform/x86: amd-pmc: Export Idlemask values based on the APU - platform/x86: amd-pmc: adjust arguments for `amd_pmc_send_cmd` - platform/x86: amd-pmc: Add special handling for timer based S0i3 wakeup * require CAP_NET_ADMIN to attach N_HCI ldisc (LP: #1949516) - Bluetooth: hci_ldisc: require CAP_NET_ADMIN to attach N_HCI ldisc * AMD ACP 6.x DMIC Supports (LP: #1949245) - ASoC: amd: add Yellow Carp ACP6x IP register header - ASoC: amd: add Yellow Carp ACP PCI driver - ASoC: amd: add acp6x init/de-init functions - ASoC: amd: add platform devices for acp6x pdm driver and dmic driver - ASoC: amd: add acp6x pdm platform driver - ASoC: amd: add acp6x irq handler - ASoC: amd: add acp6x pdm driver dma ops - ASoC: amd: add acp6x pci driver pm ops - ASoC: amd: add acp6x pdm driver pm ops - ASoC: amd: enable Yellow carp acp6x drivers build - ASoC: amd: create platform device for acp6x machine driver - ASoC: amd: add YC machine driver using dmic - ASoC: amd: enable Yellow Carp platform machine driver build - [Config] Enable AMD ACP 6 DMIC Support * Focal update: v5.14.17 upstream stable release (LP: #1950165) - scsi: core: Put LLD module refcnt after SCSI device is released - sfc: Fix reading non-legacy supported link modes - vrf: Revert "Reset skb conntrack connection..." - media: firewire: firedtv-avc: fix a buffer overflow in avc_ca_pmt() - Revert "xhci: Set HCD flag to defer primary roothub registration" - Revert "usb: core: hcd: Add support for deferring roothub registration" - drm/amdkfd: fix boot failure when iommu is disabled in Picasso. - drm/i915: Remove memory frequency calculation - Revert "soc: imx: gpcv2: move reset assert after requesting domain power up" - ARM: 9120/1: Revert "amba: make use of -1 IRQs warn" - Revert "wcn36xx: Disable bmps when encryption is disabled" - drm/amdgpu: revert "Add autodump debugfs node for gpu reset v8" - drm/amd/display: Revert "Directly retrain link from debugfs" - Revert "drm/i915/gt: Propagate change in error status to children on unhold" - ALSA: usb-audio: Add Schiit Hel device to mixer map quirk table - ALSA: usb-audio: Add Audient iD14 to mixer map quirk table - Linux 5.14.17 * Focal update: v5.14.16 upstream stable release (LP: #1950164) - ARM: 9132/1: Fix __get_user_check failure with ARM KASAN images - ARM: 9133/1: mm: proc-macros: ensure *_tlb_fns are 4B aligned - ARM: 9134/1: remove duplicate memcpy() definition - ARM: 9138/1: fix link warning with XIP + frame-pointer - ARM: 9139/1: kprobes: fix arch_init_kprobes() prototype - ARM: 9141/1: only warn about XIP address when not compile testing - ARM: 9148/1: handle CONFIG_CPU_ENDIAN_BE32 in arch/arm/kernel/head.S - usbnet: sanity check for maxpacket - usbnet: fix error return code in usbnet_probe() - Revert "pinctrl: bcm: ns: support updated DT binding as syscon subnode" - pinctrl: amd: disable and mask interrupts on probe - ata: sata_mv: Fix the error handling of mv_chip_id() - tipc: fix size validations for the MSG_CRYPTO type - nfc: port100: fix using -ERRNO as command type mask - Revert "net: mdiobus: Fix memory leak in __mdiobus_register" - net/tls: Fix flipped sign in tls_err_abort() calls - mmc: vub300: fix control-message timeouts - mmc: cqhci: clear HALT state after CQE enable - mmc: mediatek: Move cqhci init behind ungate clock - mmc: tmio: reenable card irqs after the reset callback - mmc: dw_mmc: exynos: fix the finding clock sample value - mmc: sdhci: Map more voltage level to SDHCI_POWER_330 - mmc: sdhci-pci: Read card detect from ACPI for Intel Merrifield - mmc: sdhci-esdhc-imx: clear the buffer_read_ready to reset standard tuning circuit - block: Fix partition check for host-aware zoned block devices - ocfs2: fix race between searching chunks and release journal_head from buffer_head - nvme-tcp: fix H2CData PDU send accounting (again) - ftrace/nds32: Update the proto for ftrace_trace_function to match ftrace_stub - cfg80211: scan: fix RCU in cfg80211_add_nontrans_list() - cfg80211: fix management registrations locking - net: lan78xx: fix division by zero in send path - drm/amd/display: Require immediate flip support for DCN3.1 planes - mm: hwpoison: remove the unnecessary THP check - mm: filemap: check if THP has hwpoisoned subpage for PMD page fault - mm, thp: bail out early in collapse_file for writeback page - mm: khugepaged: skip huge page collapse for special files - arm64: dts: imx8mm-kontron: Fix polarity of reg_rst_eth2 - arm64: dts: imx8mm-kontron: Fix CAN SPI clock frequency - arm64: dts: imx8mm-kontron: Fix connection type for VSC8531 RGMII PHY - arm64: dts: imx8mm-kontron: Set lower limit of VDD_SNVS to 800 mV - arm64: dts: imx8mm-kontron: Make sure SOC and DRAM supply voltages are correct - mac80211: mesh: fix HE operation element length check - drm/ttm: fix memleak in ttm_transfered_destroy - drm/i915: Convert unconditional clflush to drm_clflush_virt_range() - drm/i915: Catch yet another unconditioal clflush - drm/i915/dp: Skip the HW readout of DPCD on disabled encoders - drm/amdgpu: fix out of bounds write - drm/amdgpu: support B0&B1 external revision id for yellow carp - drm/amd/display: Limit display scaling to up to true 4k for DCN 3.1 - drm/amd/display: Fix prefetch bandwidth calculation for DCN3.1 - drm/amd/display: increase Z9 latency to workaround underflow in Z9 - drm/amd/display: Increase watermark latencies for DCN3.1 - drm/amd/display: Moved dccg init to after bios golden init - drm/amd/display: Fallback to clocks which meet requested voltage on DCN31 - drm/amd/display: Fix deadlock when falling back to v2 from v3 - Revert "watchdog: iTCO_wdt: Account for rebooting on second timeout" - cgroup: Fix memory leak caused by missing cgroup_bpf_offline - riscv, bpf: Fix potential NULL dereference - tcp_bpf: Fix one concurrency problem in the tcp_bpf_send_verdict function - bpf: Fix potential race in tail call compatibility check - bpf: Fix error usage of map_fd and fdget() in generic_map_update_batch() - IB/qib: Protect from buffer overflow in struct qib_user_sdma_pkt fields - IB/hfi1: Fix abba locking issue with sc_disable() - nvmet-tcp: fix data digest pointer calculation - nvme-tcp: fix data digest pointer calculation - nvme-tcp: fix possible req->offset corruption - octeontx2-af: Display all enabled PF VF rsrc_alloc entries. - octeontx2-af: Fix possible null pointer dereference. - ice: Respond to a NETDEV_UNREGISTER event for LAG - RDMA/mlx5: Set user priority for DCT - ice: check whether PTP is initialized in ice_ptp_release() - arm64: dts: allwinner: h5: NanoPI Neo 2: Fix ethernet node - reset: brcmstb-rescal: fix incorrect polarity of status bit - regmap: Fix possible double-free in regcache_rbtree_exit() - net: batman-adv: fix error handling - net-sysfs: initialize uid and gid before calling net_ns_get_ownership - cfg80211: correct bridge/4addr mode check - net: Prevent infinite while loop in skb_tx_hash() - RDMA/mlx5: Initialize the ODP xarray when creating an ODP MR - RDMA/sa_query: Use strscpy_pad instead of memcpy to copy a string - gpio: xgs-iproc: fix parsing of ngpios property - nios2: Make NIOS2_DTB_SOURCE_BOOL depend on !COMPILE_TEST - mlxsw: pci: Recycle received packet upon allocation failure - net: ethernet: microchip: lan743x: Fix driver crash when lan743x_pm_resume fails - net: ethernet: microchip: lan743x: Fix dma allocation failure by using dma_set_mask_and_coherent - net: nxp: lpc_eth.c: avoid hang when bringing interface down - net: hns3: fix pause config problem after autoneg disabled - net: hns3: fix data endian problem of some functions of debugfs - net: ethernet: microchip: lan743x: Fix skb allocation failure - net/tls: Fix flipped sign in async_wait.err assignment - phy: phy_ethtool_ksettings_get: Lock the phy for consistency - phy: phy_ethtool_ksettings_set: Move after phy_start_aneg - phy: phy_start_aneg: Add an unlocked version - phy: phy_ethtool_ksettings_set: Lock the PHY while changing settings - RDMA/irdma: Process extended CQ entries correctly - RDMA/irdma: Set VLAN in UD work completion correctly - RDMA/irdma: Do not hold qos mutex twice on QP resume - sctp: use init_tag from inithdr for ABORT chunk - sctp: fix the processing for INIT chunk - sctp: fix the processing for INIT_ACK chunk - sctp: fix the processing for COOKIE_ECHO chunk - sctp: add vtag check in sctp_sf_violation - sctp: add vtag check in sctp_sf_do_8_5_1_E_sa - sctp: add vtag check in sctp_sf_ootb - bpf: Use kvmalloc for map values in syscall - watchdog: sbsa: only use 32-bit accessors - bpf: Move BPF_MAP_TYPE for INODE_STORAGE and TASK_STORAGE outside of CONFIG_NET - net: hns3: add more string spaces for dumping packets number of queue info in debugfs - net: hns3: expand buffer len for some debugfs command - virtio-ring: fix DMA metadata flags - octeontx2-af: Check whether ipolicers exists - KVM: s390: clear kicked_mask before sleeping again - KVM: s390: preserve deliverable_mask in __airqs_kick_single_vcpu - scsi: ufs: ufs-exynos: Correct timeout value setting registers - perf script: Fix PERF_SAMPLE_WEIGHT_STRUCT support - scsi: ibmvfc: Fix up duplicate response detection - riscv: fix misalgned trap vector base address - riscv: Do not re-populate shadow memory with kasan_populate_early_shadow - riscv: Fix asan-stack clang build - perf script: Check session->header.env.arch before using it - KVM: x86/xen: Fix kvm_xen_has_interrupt() sleeping in kvm_vcpu_block() - KVM: x86: switch pvclock_gtod_sync_lock to a raw spinlock - KVM: SEV-ES: fix another issue with string I/O VMGEXITs - KVM: x86: Take srcu lock in post_kvm_run_save() - Linux 5.14.16 * Focal update: v5.14.16 upstream stable release (LP: #1950164) // CVE-2021-42327 was fixed by: - drm/amdgpu: Fix even more out of bound writes from debugfs * Focal update: v5.14.15 upstream stable release (LP: #1950160) - block/mq-deadline: Move dd_queued() to fix defined but not used warning - parisc: math-emu: Fix fall-through warnings - sh: pgtable-3level: fix cast to pointer from integer of different size - arm: dts: vexpress-v2p-ca9: Fix the SMB unit-address - ARM: dts: at91: sama5d2_som1_ek: disable ISC node by default - block: decode QUEUE_FLAG_HCTX_ACTIVE in debugfs output - xen/x86: prevent PVH type from getting clobbered - r8152: avoid to resubmit rx immediately - drm/amdgpu/display: fix dependencies for DRM_AMD_DC_SI - drm/amdgpu: init iommu after amdkfd device init - xtensa: xtfpga: use CONFIG_USE_OF instead of CONFIG_OF - xtensa: xtfpga: Try software restart before simulating CPU reset - NFSD: Keep existing listeners on portlist error - powerpc/lib: Add helper to check if offset is within conditional branch range - powerpc/bpf: Validate branch ranges - powerpc/security: Add a helper to query stf_barrier type - powerpc/bpf: Emit stf barrier instruction sequences for BPF_NOSPEC - ASoC: pcm512x: Mend accesses to the I2S_1 and I2S_2 registers - ASoC: fsl_xcvr: Fix channel swap issue with ARC - ASoC: pcm179x: Add missing entries SPI to device ID table - ASoC: cs4341: Add SPI device ID table - KVM: arm64: Fix host stage-2 PGD refcount - KVM: arm64: Release mmap_lock when using VM_SHARED with MTE - netfilter: xt_IDLETIMER: fix panic that occurs when timer_type has garbage value - netfilter: nf_tables: skip netdev events generated on netns removal - dma-debug: fix sg checks in debug_dma_map_sg() - ASoC: wm8960: Fix clock configuration on slave mode - ice: Fix failure to re-add LAN/RDMA Tx queues - ice: Avoid crash from unnecessary IDA free - ice: fix getting UDP tunnel entry - ice: Print the api_patch as part of the fw.mgmt.api - netfilter: ip6t_rt: fix rt0_hdr parsing in rt_mt6 - netfilter: ipvs: make global sysctl readonly in non-init netns - sctp: fix transport encap_port update in sctp_vtag_verify - lan78xx: select CRC32 - tcp: md5: Fix overlap between vrf and non-vrf keys - ipv6: When forwarding count rx stats on the orig netdev - hamradio: baycom_epp: fix build for UML - net: dsa: lantiq_gswip: fix register definition - net/sched: act_ct: Fix byte count on fragmented packets - NIOS2: irqflags: rename a redefined register name - net: dsa: Fix an error handling path in 'dsa_switch_parse_ports_of()' - powerpc/smp: do not decrement idle task preempt count in CPU offline - net: hns3: Add configuration of TM QCN error event - net: hns3: reset DWRR of unused tc to zero - net: hns3: add limit ets dwrr bandwidth cannot be 0 - net: hns3: schedule the polling again when allocation fails - net: hns3: fix vf reset workqueue cannot exit - net: hns3: disable sriov before unload hclge layer - net: stmmac: Fix E2E delay mechanism - ptp: Fix possible memory leak in ptp_clock_register() - igc: Update I226_K device ID - ice: Add missing E810 device ids - net/mlx5e: IPsec: Fix a misuse of the software parser's fields - net/mlx5e: IPsec: Fix work queue entry ethernet segment checksum flags - drm/panel: ilitek-ili9881c: Fix sync for Feixin K101-IM2BYL02 panel - drm/kmb: Work around for higher system clock - drm/kmb: Remove clearing DPHY regs - drm/kmb: Disable change of plane parameters - drm/kmb: Corrected typo in handle_lcd_irq - drm/kmb: Enable ADV bridge after modeset - net: enetc: fix ethtool counter name for PM0_TERR - net: enetc: make sure all traffic classes can send large frames - can: rcar_can: fix suspend/resume - can: peak_usb: pcan_usb_fd_decode_status(): fix back to ERROR_ACTIVE state notification - can: peak_pci: peak_pci_remove(): fix UAF - can: isotp: isotp_sendmsg(): fix return error on FC timeout on TX path - can: isotp: isotp_sendmsg(): add result check for wait_event_interruptible() - can: isotp: isotp_sendmsg(): fix TX buffer concurrent access in isotp_sendmsg() - can: j1939: j1939_tp_rxtimer(): fix errant alert in j1939_tp_rxtimer - can: j1939: j1939_netdev_start(): fix UAF for rx_kref of j1939_priv - can: j1939: j1939_xtp_rx_dat_one(): cancel session if receive TP.DT with error length - can: j1939: j1939_xtp_rx_rts_session_new(): abort TP less than 9 bytes - ceph: skip existing superblocks that are blocklisted or shut down when mounting - ceph: fix handling of "meta" errors - tracing: Have all levels of checks prevent recursion - ocfs2: fix data corruption after conversion from inline format - ocfs2: mount fails with buffer overflow in strlen - mm/userfaultfd: selftests: fix memory corruption with thp enabled - userfaultfd: fix a race between writeprotect and exit_mmap() - mm/mempolicy: do not allow illegal MPOL_F_NUMA_BALANCING | MPOL_LOCAL in mbind() - elfcore: correct reference to CONFIG_UML - vfs: check fd has read access in kernel_read_file_from_fd() - mm/secretmem: fix NULL page->mapping dereference in page_is_secretmem() - ALSA: usb-audio: Provide quirk for Sennheiser GSP670 Headset - ALSA: hda/realtek: Add quirk for Clevo PC50HS - ASoC: DAPM: Fix missing kctl change notifications - ASoC: nau8824: Fix headphone vs headset, button-press detection no longer working - blk-cgroup: blk_cgroup_bio_start() should use irq-safe operations on blkg->iostat_cpu - audit: fix possible null-pointer dereference in audit_filter_rules - net: dsa: mt7530: correct ds->num_ports - ucounts: Move get_ucounts from cred_alloc_blank to key_change_session_keyring - ucounts: Pair inc_rlimit_ucounts with dec_rlimit_ucoutns in commit_creds - ucounts: Proper error handling in set_cred_ucounts - ucounts: Fix signal ucount refcounting - KVM: PPC: Book3S HV: Fix stack handling in idle_kvm_start_guest() - KVM: PPC: Book3S HV: Make idle_kvm_start_guest() return 0 if it went to guest - powerpc/idle: Don't corrupt back chain when going idle - mm, slub: fix mismatch between reconstructed freelist depth and cnt - mm, slub: fix potential memoryleak in kmem_cache_open() - mm, slub: fix potential use-after-free in slab_debugfs_fops - mm, slub: fix incorrect memcg slab count for bulk free - KVM: nVMX: promptly process interrupts delivered while in guest mode - KVM: SEV: Flush cache on non-coherent systems before RECEIVE_UPDATE_DATA - KVM: SEV-ES: rename guest_ins_data to sev_pio_data - KVM: SEV-ES: clean up kvm_sev_es_ins/outs - KVM: SEV-ES: keep INS functions together - KVM: SEV-ES: fix length of string I/O - KVM: SEV-ES: go over the sev_pio_data buffer in multiple passes if needed - KVM: SEV-ES: reduce ghcb_sa_len to 32 bits - KVM: x86: leave vcpu->arch.pio.count alone in emulator_pio_in_out - KVM: x86: check for interrupts before deciding whether to exit the fast path - KVM: x86: split the two parts of emulator_pio_in - KVM: x86: remove unnecessary arguments from complete_emulator_pio_in - nfc: nci: fix the UAF of rf_conn_info object - isdn: cpai: check ctr->cnr to avoid array index out of bound - netfilter: Kconfig: use 'default y' instead of 'm' for bool config option - selftests: netfilter: remove stray bash debug line - net: bridge: mcast: use multicast_membership_interval for IGMPv3 - KVM: SEV-ES: Set guest_state_protected after VMSA update - drm: mxsfb: Fix NULL pointer dereference crash on unload - net: hns3: fix the max tx size according to user manual - KVM: MMU: Reset mmu->pkru_mask to avoid stale data - kunit: fix reference count leak in kfree_at_end - drm/msm/a6xx: Serialize GMU communication - gcc-plugins/structleak: add makefile var for disabling structleak - iio/test-format: build kunit tests without structleak plugin - device property: build kunit tests without structleak plugin - thunderbolt: build kunit tests without structleak plugin - bitfield: build kunit tests without structleak plugin - objtool: Check for gelf_update_rel[a] failures - objtool: Update section header before relocations - btrfs: deal with errors when checking if a dir entry exists during log replay - net: stmmac: add support for dwmac 3.40a - ARM: dts: spear3xx: Fix gmac node - isdn: mISDN: Fix sleeping function called from invalid context - platform/x86: intel_scu_ipc: Increase virtual timeout to 10s - platform/x86: intel_scu_ipc: Update timeout value in comment - ALSA: hda: avoid write to STATESTS if controller is in reset - spi: Fix deadlock when adding SPI controllers on SPI buses - spi-mux: Fix false-positive lockdep splats - libperf test evsel: Fix build error on !x86 architectures - libperf tests: Fix test_stat_cpu - perf/x86/msr: Add Sapphire Rapids CPU support - Input: snvs_pwrkey - add clk handling - ASoC: codec: wcd938x: Add irq config support - scsi: iscsi: Fix set_param() handling - scsi: storvsc: Fix validation for unsolicited incoming packets - scsi: mpi3mr: Fix duplicate device entries when scanning through sysfs - scsi: qla2xxx: Fix a memory leak in an error path of qla2x00_process_els() - mm/thp: decrease nr_thps in file's mapping on THP split - sched/scs: Reset the shadow stack when idle_task_exit - net: hns3: fix for miscalculation of rx unused desc - net/mlx5: Lag, move lag destruction to a workqueue - net/mlx5: Lag, change multipath and bonding to be mutually exclusive - drm/kmb: Enable alpha blended second plane - drm/kmb: Limit supported mode to 1080p - autofs: fix wait name hash calculation in autofs_wait() - scsi: core: Fix shost->cmd_per_lun calculation in scsi_add_host_with_dma() - s390/pci: cleanup resources only if necessary - s390/pci: fix zpci_zdev_put() on reserve - bpf, test, cgroup: Use sk_{alloc,free} for test cases - net: mdiobus: Fix memory leak in __mdiobus_register - ARM: 9122/1: select HAVE_FUTEX_CMPXCHG - pinctrl: stm32: use valid pin identifier in stm32_pinctrl_resume() - Linux 5.14.15 -- Timo Aaltonen