[ubuntu/bionic-security] linux-gkeop-5.4 5.4.0-1037.38~18.04.1 (Accepted)
Andy Whitcroft
apw at canonical.com
Tue Mar 22 11:56:52 UTC 2022
linux-gkeop-5.4 (5.4.0-1037.38~18.04.1) bionic; urgency=medium
* bionic/linux-gkeop-5.4: 5.4.0-1037.38~18.04.1 -proposed tracker
(LP: #1964191)
[ Ubuntu: 5.4.0-1037.38 ]
* focal/linux-gkeop: 5.4.0-1037.38 -proposed tracker (LP: #1964192)
* CVE-2022-0847
- lib/iov_iter: initialize "flags" in new pipe_buffer
* Broken network on some AWS instances with focal/impish kernels
(LP: #1961968)
- SAUCE: Revert "PCI/MSI: Mask MSI-X vectors only on success"
* [UBUNTU 20.04] kernel: Add support for CPU-MF counter second version 7
(LP: #1960182)
- s390/cpumf: Support for CPU Measurement Facility CSVN 7
- s390/cpumf: Support for CPU Measurement Sampling Facility LS bit
* Hipersocket page allocation failure on Ubuntu 20.04 based SSC environments
(LP: #1959529)
- s390/qeth: use memory reserves to back RX buffers
* CVE-2022-0516
- KVM: s390: Return error on SIDA memop on normal guest
* CVE-2022-0435
- tipc: improve size validations for received domain records
* CVE-2022-0492
- cgroup-v1: Require capabilities to set release_agent
* Recalled NFSv4 files delegations overwhelm server (LP: #1957986)
- NFSv4: Fix delegation handling in update_open_stateid()
- NFSv4: nfs4_callback_getattr() should ignore revoked delegations
- NFSv4: Delegation recalls should not find revoked delegations
- NFSv4: fail nfs4_refresh_delegation_stateid() when the delegation was
revoked
- NFS: Rename nfs_inode_return_delegation_noreclaim()
- NFSv4: Don't remove the delegation from the super_list more than once
- NFSv4: Hold the delegation spinlock when updating the seqid
- NFSv4: Clear the NFS_DELEGATION_REVOKED flag in
nfs_update_inplace_delegation()
- NFSv4: Update the stateid seqid in nfs_revoke_delegation()
- NFSv4: Revoke the delegation on success in nfs4_delegreturn_done()
- NFSv4: Ignore requests to return the delegation if it was revoked
- NFSv4: Don't reclaim delegations that have been returned or revoked
- NFSv4: nfs4_return_incompatible_delegation() should check delegation
validity
- NFSv4: Fix nfs4_inode_make_writeable()
- NFS: nfs_inode_find_state_and_recover() fix stateid matching
- NFSv4: Fix races between open and delegreturn
- NFSv4: Handle NFS4ERR_OLD_STATEID in delegreturn
- NFSv4: Don't retry the GETATTR on old stateid in nfs4_delegreturn_done()
- NFSv4: nfs_inode_evict_delegation() should set NFS_DELEGATION_RETURNING
- NFS: Clear NFS_DELEGATION_RETURN_IF_CLOSED when the delegation is returned
- NFSv4: Try to return the delegation immediately when marked for return on
close
- NFSv4: Add accounting for the number of active delegations held
- NFSv4: Limit the total number of cached delegations
- NFSv4: Ensure the delegation is pinned in nfs_do_return_delegation()
- NFSv4: Ensure the delegation cred is pinned when we call delegreturn
* Focal update: v5.4.174 upstream stable release (LP: #1960566)
- HID: uhid: Fix worker destroying device without any protection
- HID: wacom: Reset expected and received contact counts at the same time
- HID: wacom: Ignore the confidence flag when a touch is removed
- HID: wacom: Avoid using stale array indicies to read contact count
- f2fs: fix to do sanity check in is_alive()
- nfc: llcp: fix NULL error pointer dereference on sendmsg() after failed
bind()
- mtd: rawnand: gpmi: Add ERR007117 protection for nfc_apply_timings
- mtd: rawnand: gpmi: Remove explicit default gpmi clock setting for i.MX6
- x86/gpu: Reserve stolen memory for first integrated Intel GPU
- tools/nolibc: x86-64: Fix startup code bug
- tools/nolibc: i386: fix initial stack alignment
- tools/nolibc: fix incorrect truncation of exit code
- rtc: cmos: take rtc_lock while reading from CMOS
- media: v4l2-ioctl.c: readbuffers depends on V4L2_CAP_READWRITE
- media: flexcop-usb: fix control-message timeouts
- media: mceusb: fix control-message timeouts
- media: em28xx: fix control-message timeouts
- media: cpia2: fix control-message timeouts
- media: s2255: fix control-message timeouts
- media: dib0700: fix undefined behavior in tuner shutdown
- media: redrat3: fix control-message timeouts
- media: pvrusb2: fix control-message timeouts
- media: stk1160: fix control-message timeouts
- can: softing_cs: softingcs_probe(): fix memleak on registration failure
- lkdtm: Fix content of section containing lkdtm_rodata_do_nothing()
- iommu/io-pgtable-arm-v7s: Add error handle for page table allocation failure
- dma_fence_array: Fix PENDING_ERROR leak in dma_fence_array_signaled()
- PCI: Add function 1 DMA alias quirk for Marvell 88SE9125 SATA controller
- mm_zone: add function to check if managed dma zone exists
- mm/page_alloc.c: do not warn allocation failure on zone DMA if no managed
pages
- shmem: fix a race between shmem_unused_huge_shrink and shmem_evict_inode
- drm/rockchip: dsi: Hold pm-runtime across bind/unbind
- drm/rockchip: dsi: Reconfigure hardware on resume()
- drm/panel: kingdisplay-kd097d04: Delete panel on attach() failure
- drm/panel: innolux-p079zca: Delete panel on attach() failure
- drm/rockchip: dsi: Fix unbalanced clock on probe error
- Bluetooth: cmtp: fix possible panic when cmtp_init_sockets() fails
- clk: bcm-2835: Pick the closest clock rate
- clk: bcm-2835: Remove rounding up the dividers
- wcn36xx: Indicate beacon not connection loss on MISSED_BEACON_IND
- wcn36xx: Release DMA channel descriptor allocations
- media: videobuf2: Fix the size printk format
- media: aspeed: fix mode-detect always time out at 2nd run
- media: em28xx: fix memory leak in em28xx_init_dev
- media: aspeed: Update signal status immediately to ensure sane hw state
- arm64: dts: meson-gxbb-wetek: fix HDMI in early boot
- arm64: dts: meson-gxbb-wetek: fix missing GPIO binding
- Bluetooth: stop proccessing malicious adv data
- tee: fix put order in teedev_close_context()
- media: dmxdev: fix UAF when dvb_register_device() fails
- crypto: qce - fix uaf on qce_ahash_register_one
- arm64: dts: ti: k3-j721e: correct cache-sets info
- tty: serial: atmel: Check return code of dmaengine_submit()
- tty: serial: atmel: Call dma_async_issue_pending()
- media: rcar-csi2: Correct the selection of hsfreqrange
- media: imx-pxp: Initialize the spinlock prior to using it
- media: si470x-i2c: fix possible memory leak in si470x_i2c_probe()
- media: mtk-vcodec: call v4l2_m2m_ctx_release first when file is released
- media: venus: core: Fix a resource leak in the error handling path of
'venus_probe()'
- netfilter: bridge: add support for pppoe filtering
- arm64: dts: qcom: msm8916: fix MMC controller aliases
- ACPI: EC: Rework flushing of EC work while suspended to idle
- drm/amdgpu: Fix a NULL pointer dereference in
amdgpu_connector_lcd_native_mode()
- drm/radeon/radeon_kms: Fix a NULL pointer dereference in
radeon_driver_open_kms()
- arm64: dts: ti: k3-j721e: Fix the L2 cache sets
- tty: serial: uartlite: allow 64 bit address
- serial: amba-pl011: do not request memory region twice
- floppy: Fix hang in watchdog when disk is ejected
- staging: rtl8192e: return error code from rtllib_softmac_init()
- staging: rtl8192e: rtllib_module: fix error handle case in alloc_rtllib()
- Bluetooth: btmtksdio: fix resume failure
- media: dib8000: Fix a memleak in dib8000_init()
- media: saa7146: mxb: Fix a NULL pointer dereference in mxb_attach()
- media: si2157: Fix "warm" tuner state detection
- sched/rt: Try to restart rt period timer when rt runtime exceeded
- rcu/exp: Mark current CPU as exp-QS in IPI loop second pass
- mwifiex: Fix possible ABBA deadlock
- xfrm: fix a small bug in xfrm_sa_len()
- crypto: stm32/cryp - fix xts and race condition in crypto_engine requests
- crypto: stm32/cryp - fix double pm exit
- crypto: stm32/cryp - fix lrw chaining mode
- ARM: dts: gemini: NAS4220-B: fis-index-block with 128 KiB sectors
- media: dw2102: Fix use after free
- media: msi001: fix possible null-ptr-deref in msi001_probe()
- media: coda/imx-vdoa: Handle dma_set_coherent_mask error codes
- drm/msm/dpu: fix safe status debugfs file
- drm/bridge: ti-sn65dsi86: Set max register for regmap
- media: hantro: Fix probe func error path
- xfrm: interface with if_id 0 should return error
- xfrm: state and policy should fail if XFRMA_IF_ID 0
- ARM: 9159/1: decompressor: Avoid UNPREDICTABLE NOP encoding
- usb: ftdi-elan: fix memory leak on device disconnect
- ARM: dts: armada-38x: Add generic compatible to UART nodes
- mmc: meson-mx-sdio: add IRQ check
- selinux: fix potential memleak in selinux_add_opt()
- bpftool: Enable line buffering for stdout
- x86/mce/inject: Avoid out-of-bounds write when setting flags
- ACPI: scan: Create platform device for BCM4752 and LNV4752 ACPI nodes
- pcmcia: rsrc_nonstatic: Fix a NULL pointer dereference in
__nonstatic_find_io_region()
- pcmcia: rsrc_nonstatic: Fix a NULL pointer dereference in
nonstatic_find_mem_region()
- netfilter: ipt_CLUSTERIP: fix refcount leak in clusterip_tg_check()
- bpf: Fix SO_RCVBUF/SO_SNDBUF handling in _bpf_setsockopt().
- ppp: ensure minimum packet size in ppp_write()
- rocker: fix a sleeping in atomic bug
- staging: greybus: audio: Check null pointer
- fsl/fman: Check for null pointer after calling devm_ioremap
- Bluetooth: hci_bcm: Check for error irq
- HID: hid-uclogic-params: Invalid parameter check in uclogic_params_init
- HID: hid-uclogic-params: Invalid parameter check in
uclogic_params_get_str_desc
- HID: hid-uclogic-params: Invalid parameter check in
uclogic_params_huion_init
- HID: hid-uclogic-params: Invalid parameter check in
uclogic_params_frame_init_v1_buttonpad
- debugfs: lockdown: Allow reading debugfs files that are not world readable
- net/mlx5e: Don't block routes with nexthop objects in SW
- Revert "net/mlx5e: Block offload of outer header csum for UDP tunnels"
- net/mlx5: Set command entry semaphore up once got index free
- spi: spi-meson-spifc: Add missing pm_runtime_disable() in meson_spifc_probe
- tpm: add request_locality before write TPM_INT_ENABLE
- can: softing: softing_startstop(): fix set but not used variable warning
- can: xilinx_can: xcan_probe(): check for error irq
- pcmcia: fix setting of kthread task states
- net: mcs7830: handle usb read errors properly
- ext4: avoid trim error on fs with small groups
- ALSA: jack: Add missing rwsem around snd_ctl_remove() calls
- ALSA: PCM: Add missing rwsem around snd_ctl_remove() calls
- ALSA: hda: Add missing rwsem around snd_ctl_remove() calls
- RDMA/hns: Validate the pkey index
- clk: imx8mn: Fix imx8mn_clko1_sels
- powerpc/prom_init: Fix improper check of prom_getprop()
- ASoC: uniphier: drop selecting non-existing SND_SOC_UNIPHIER_AIO_DMA
- ALSA: oss: fix compile error when OSS_DEBUG is enabled
- char/mwave: Adjust io port register size
- binder: fix handling of error during copy
- iommu/io-pgtable-arm: Fix table descriptor paddr formatting
- scsi: ufs: Fix race conditions related to driver data
- PCI/MSI: Fix pci_irq_vector()/pci_irq_get_affinity()
- powerpc/powermac: Add additional missing lockdep_register_key()
- RDMA/core: Let ib_find_gid() continue search even after empty entry
- RDMA/cma: Let cma_resolve_ib_dev() continue search even after empty entry
- ASoC: rt5663: Handle device_property_read_u32_array error codes
- clk: stm32: Fix ltdc's clock turn off by clk_disable_unused() after system
enter shell
- dmaengine: pxa/mmp: stop referencing config->slave_id
- iommu/iova: Fix race between FQ timeout and teardown
- phy: uniphier-usb3ss: fix unintended writing zeros to PHY register
- ASoC: samsung: idma: Check of ioremap return value
- misc: lattice-ecp3-config: Fix task hung when firmware load failed
- mips: lantiq: add support for clk_set_parent()
- mips: bcm63xx: add support for clk_set_parent()
- RDMA/cxgb4: Set queue pair state when being queried
- of: base: Fix phandle argument length mismatch error message
- Bluetooth: Fix debugfs entry leak in hci_register_dev()
- fs: dlm: filter user dlm messages for kernel locks
- drm/lima: fix warning when CONFIG_DEBUG_SG=y & CONFIG_DMA_API_DEBUG=y
- ar5523: Fix null-ptr-deref with unexpected WDCMSG_TARGET_START reply
- drm/nouveau/pmu/gm200-: avoid touching PMU outside of DEVINIT/PREOS/ACR
- ARM: shmobile: rcar-gen2: Add missing of_node_put()
- batman-adv: allow netlink usage in unprivileged containers
- usb: gadget: f_fs: Use stream_open() for endpoint files
- drm: panel-orientation-quirks: Add quirk for the Lenovo Yoga Book X91F/L
- HID: apple: Do not reset quirks when the Fn key is not found
- media: b2c2: Add missing check in flexcop_pci_isr:
- EDAC/synopsys: Use the quirk for version instead of ddr version
- mlxsw: pci: Add shutdown method in PCI driver
- drm/bridge: megachips: Ensure both bridges are probed before registration
- gpiolib: acpi: Do not set the IRQ type if the IRQ is already in use
- HSI: core: Fix return freed object in hsi_new_client
- mwifiex: Fix skb_over_panic in mwifiex_usb_recv()
- rsi: Fix use-after-free in rsi_rx_done_handler()
- rsi: Fix out-of-bounds read in rsi_read_pkt()
- usb: uhci: add aspeed ast2600 uhci support
- floppy: Add max size check for user space request
- x86/mm: Flush global TLB when switching to trampoline page-table
- media: uvcvideo: Increase UVC_CTRL_CONTROL_TIMEOUT to 5 seconds.
- media: saa7146: hexium_orion: Fix a NULL pointer dereference in
hexium_attach()
- media: m920x: don't use stack on USB reads
- iwlwifi: mvm: synchronize with FW after multicast commands
- ath10k: Fix tx hanging
- net-sysfs: update the queue counts in the unregistration path
- net: phy: prefer 1000baseT over 1000baseKX
- gpio: aspeed: Convert aspeed_gpio.lock to raw_spinlock
- x86/mce: Mark mce_panic() noinstr
- x86/mce: Mark mce_end() noinstr
- x86/mce: Mark mce_read_aux() noinstr
- net: bonding: debug: avoid printing debug logs when bond is not notifying
peers
- bpf: Do not WARN in bpf_warn_invalid_xdp_action()
- HID: quirks: Allow inverting the absolute X/Y values
- media: igorplugusb: receiver overflow should be reported
- media: saa7146: hexium_gemini: Fix a NULL pointer dereference in
hexium_attach()
- mmc: core: Fixup storing of OCR for MMC_QUIRK_NONSTD_SDIO
- audit: ensure userspace is penalized the same as the kernel when under
pressure
- arm64: dts: ls1028a-qds: move rtc node to the correct i2c bus
- arm64: tegra: Adjust length of CCPLEX cluster MMIO region
- cpufreq: Fix initialization of min and max frequency QoS requests
- usb: hub: Add delay for SuperSpeed hub resume to let links transit to U0
- ath9k: Fix out-of-bound memcpy in ath9k_hif_usb_rx_stream
- iwlwifi: fix leaks/bad data after failed firmware load
- iwlwifi: remove module loading failure message
- iwlwifi: mvm: Fix calculation of frame length
- um: registers: Rename function names to avoid conflicts and build problems
- jffs2: GC deadlock reading a page that is used in jffs2_write_begin()
- ACPICA: actypes.h: Expand the ACPI_ACCESS_ definitions
- ACPICA: Utilities: Avoid deleting the same object twice in a row
- ACPICA: Executer: Fix the REFCLASS_REFOF case in acpi_ex_opcode_1A_0T_1R()
- ACPICA: Fix wrong interpretation of PCC address
- ACPICA: Hardware: Do not flush CPU cache when entering S4 and S5
- drm/amdgpu: fixup bad vram size on gmc v8
- ACPI: battery: Add the ThinkPad "Not Charging" quirk
- btrfs: remove BUG_ON() in find_parent_nodes()
- btrfs: remove BUG_ON(!eie) in find_parent_nodes
- net: mdio: Demote probed message to debug print
- mac80211: allow non-standard VHT MCS-10/11
- dm btree: add a defensive bounds check to insert_at()
- dm space map common: add bounds check to sm_ll_lookup_bitmap()
- net: phy: marvell: configure RGMII delays for 88E1118
- net: gemini: allow any RGMII interface mode
- regulator: qcom_smd: Align probe function with rpmh-regulator
- serial: pl010: Drop CR register reset on set_termios
- serial: core: Keep mctrl register state and cached copy in sync
- random: do not throw away excess input to crng_fast_load
- parisc: Avoid calling faulthandler_disabled() twice
- powerpc/6xx: add missing of_node_put
- powerpc/powernv: add missing of_node_put
- powerpc/cell: add missing of_node_put
- powerpc/btext: add missing of_node_put
- powerpc/watchdog: Fix missed watchdog reset due to memory ordering race
- i2c: i801: Don't silently correct invalid transfer size
- powerpc/smp: Move setup_profiling_timer() under CONFIG_PROFILING
- i2c: mpc: Correct I2C reset procedure
- clk: meson: gxbb: Fix the SDM_EN bit for MPLL0 on GXBB
- powerpc/powermac: Add missing lockdep_register_key()
- KVM: PPC: Book3S: Suppress failed alloc warning in H_COPY_TOFROM_GUEST
- w1: Misuse of get_user()/put_user() reported by sparse
- scsi: lpfc: Trigger SLI4 firmware dump before doing driver cleanup
- ALSA: seq: Set upper limit of processed events
- powerpc: handle kdump appropriately with crash_kexec_post_notifiers option
- MIPS: OCTEON: add put_device() after of_find_device_by_node()
- i2c: designware-pci: Fix to change data types of hcnt and lcnt parameters
- MIPS: Octeon: Fix build errors using clang
- scsi: sr: Don't use GFP_DMA
- ASoC: mediatek: mt8173: fix device_node leak
- power: bq25890: Enable continuous conversion for ADC at charging
- rpmsg: core: Clean up resources on announce_create failure.
- crypto: omap-aes - Fix broken pm_runtime_and_get() usage
- crypto: stm32/crc32 - Fix kernel BUG triggered in probe()
- crypto: caam - replace this_cpu_ptr with raw_cpu_ptr
- ubifs: Error path in ubifs_remount_rw() seems to wrongly free write buffers
- fuse: Pass correct lend value to filemap_write_and_wait_range()
- serial: Fix incorrect rs485 polarity on uart open
- cputime, cpuacct: Include guest time in user time in cpuacct.stat
- tracing/kprobes: 'nmissed' not showed correctly for kretprobe
- iwlwifi: mvm: Increase the scan timeout guard to 30 seconds
- s390/mm: fix 2KB pgtable release race
- drm/etnaviv: limit submit sizes
- drm/nouveau/kms/nv04: use vzalloc for nv04_display
- drm/bridge: analogix_dp: Make PSR-exit block less
- PCI: pci-bridge-emul: Properly mark reserved PCIe bits in PCI config space
- PCI: pci-bridge-emul: Correctly set PCIe capabilities
- PCI: pci-bridge-emul: Set PCI_STATUS_CAP_LIST for PCIe device
- xfrm: fix policy lookup for ipv6 gre packets
- btrfs: fix deadlock between quota enable and other quota operations
- btrfs: check the root node for uptodate before returning it
- btrfs: respect the max size in the header when activating swap file
- ext4: make sure to reset inode lockdep class when quota enabling fails
- ext4: make sure quota gets properly shutdown on error
- ext4: set csum seed in tmp inode while migrating to extents
- ext4: Fix BUG_ON in ext4_bread when write quota data
- ext4: don't use the orphan list when migrating an inode
- drm/radeon: fix error handling in radeon_driver_open_kms
- of: base: Improve argument length mismatch error
- firmware: Update Kconfig help text for Google firmware
- media: rcar-csi2: Optimize the selection PHTW register
- Documentation: dmaengine: Correctly describe dmatest with channel unset
- Documentation: ACPI: Fix data node reference documentation
- Documentation: refer to config RANDOMIZE_BASE for kernel address-space
randomization
- Documentation: fix firewire.rst ABI file path error
- scsi: core: Show SCMD_LAST in text form
- RDMA/hns: Modify the mapping attribute of doorbell to device
- RDMA/rxe: Fix a typo in opcode name
- dmaengine: stm32-mdma: fix STM32_MDMA_CTBR_TSEL_MASK
- Revert "net/mlx5: Add retry mechanism to the command entry index allocation"
- powerpc/cell: Fix clang -Wimplicit-fallthrough warning
- powerpc/fsl/dts: Enable WA for erratum A-009885 on fman3l MDIO buses
- bpftool: Remove inclusion of utilities.mak from Makefiles
- ipv4: avoid quadratic behavior in netns dismantle
- net/fsl: xgmac_mdio: Fix incorrect iounmap when removing module
- parisc: pdc_stable: Fix memory leak in pdcs_register_pathentries
- f2fs: fix to reserve space for IO align feature
- af_unix: annote lockless accesses to unix_tot_inflight & gc_in_progress
- clk: si5341: Fix clock HW provider cleanup
- net: axienet: limit minimum TX ring size
- net: axienet: fix number of TX ring slots for available check
- net: axienet: increase default TX ring size to 128
- rtc: pxa: fix null pointer dereference
- inet: frags: annotate races around fqdir->dead and fqdir->high_thresh
- netns: add schedule point in ops_exit_list()
- xfrm: Don't accidentally set RTO_ONLINK in decode_session4()
- gre: Don't accidentally set RTO_ONLINK in gre_fill_metadata_dst()
- libcxgb: Don't accidentally set RTO_ONLINK in cxgb_find_route()
- perf script: Fix hex dump character output
- dmaengine: at_xdmac: Don't start transactions at tx_submit level
- dmaengine: at_xdmac: Print debug message after realeasing the lock
- dmaengine: at_xdmac: Fix concurrency over xfers_list
- dmaengine: at_xdmac: Fix lld view setting
- dmaengine: at_xdmac: Fix at_xdmac_lld struct definition
- arm64: dts: qcom: msm8996: drop not documented adreno properties
- net_sched: restore "mpu xxx" handling
- bcmgenet: add WOL IRQ check
- net: ethernet: mtk_eth_soc: fix error checking in mtk_mac_config()
- dt-bindings: display: meson-dw-hdmi: add missing sound-name-prefix property
- dt-bindings: display: meson-vpu: Add missing amlogic,canvas property
- scripts/dtc: dtx_diff: remove broken example from help text
- lib82596: Fix IRQ check in sni_82596_probe
- lib/test_meminit: destroy cache in kmem_cache_alloc_bulk() test
- mtd: nand: bbt: Fix corner case in bad block table handling
- Revert "ia64: kprobes: Use generic kretprobe trampoline handler"
- Linux 5.4.174
* Focal update: v5.4.173 upstream stable release (LP: #1959701)
- kbuild: Add $(KBUILD_HOSTLDFLAGS) to 'has_libelf' test
- devtmpfs regression fix: reconfigure on each mount
- orangefs: Fix the size of a memory allocation in orangefs_bufmap_alloc()
- perf: Protect perf_guest_cbs with RCU
- KVM: s390: Clarify SIGP orders versus STOP/RESTART
- media: uvcvideo: fix division by zero at stream start
- rtlwifi: rtl8192cu: Fix WARNING when calling local_irq_restore() with
interrupts enabled
- firmware: qemu_fw_cfg: fix sysfs information leak
- firmware: qemu_fw_cfg: fix NULL-pointer deref on duplicate entries
- firmware: qemu_fw_cfg: fix kobject leak in probe error path
- KVM: x86: remove PMU FIXED_CTR3 from msrs_to_save_all
- ALSA: hda/realtek - Fix silent output on Gigabyte X570 Aorus Master after
reboot from Windows
- mtd: fixup CFI on ixp4xx
- ARM: 9025/1: Kconfig: CPU_BIG_ENDIAN depends on !LD_IS_LLD
- Linux 5.4.173
* Focal update: v5.4.172 upstream stable release (LP: #1959698)
- workqueue: Fix unbind_workers() VS wq_worker_running() race
- Bluetooth: btusb: fix memory leak in btusb_mtk_submit_wmt_recv_urb()
- Bluetooth: bfusb: fix division by zero in send path
- USB: core: Fix bug in resuming hub's handling of wakeup requests
- USB: Fix "slab-out-of-bounds Write" bug in usb_hcd_poll_rh_status
- mmc: sdhci-pci: Add PCI ID for Intel ADL
- veth: Do not record rx queue hint in veth_xmit
- mfd: intel-lpss: Fix too early PM enablement in the ACPI ->probe()
- drivers core: Use sysfs_emit and sysfs_emit_at for show(device *...)
functions
- can: gs_usb: fix use of uninitialized variable, detach device on reception
of invalid USB data
- can: gs_usb: gs_can_start_xmit(): zero-initialize hf->{flags,reserved}
- random: fix data race on crng_node_pool
- random: fix data race on crng init time
- random: fix crash on multiple early calls to add_bootloader_randomness()
- media: Revert "media: uvcvideo: Set unique vdev name based in type"
- staging: wlan-ng: Avoid bitwise vs logical OR warning in
hfa384x_usb_throttlefn()
- drm/i915: Avoid bitwise vs logical OR warning in snb_wm_latency_quirk()
- staging: greybus: fix stack size warning with UBSAN
- Linux 5.4.172
* Focal update: v5.4.171 upstream stable release (LP: #1959437)
- f2fs: quota: fix potential deadlock
- Input: touchscreen - Fix backport of
a02dcde595f7cbd240ccd64de96034ad91cffc40
- selftests: x86: fix [-Wstringop-overread] warn in test_process_vm_readv()
- tracing: Fix check for trace_percpu_buffer validity in get_trace_buf()
- tracing: Tag trace_percpu_buffer as a percpu pointer
- ieee802154: atusb: fix uninit value in atusb_set_extended_addr
- iavf: Fix limit of total number of queues to active queues of VF
- RDMA/core: Don't infoleak GRH fields
- RDMA/uverbs: Check for null return of kmalloc_array
- mac80211: initialize variable have_higher_than_11mbit
- i40e: fix use-after-free in i40e_sync_filters_subtask()
- i40e: Fix for displaying message regarding NVM version
- i40e: Fix incorrect netdev's real number of RX/TX queues
- ipv4: Check attribute length for RTA_GATEWAY in multipath route
- ipv4: Check attribute length for RTA_FLOW in multipath route
- ipv6: Check attribute length for RTA_GATEWAY in multipath route
- ipv6: Check attribute length for RTA_GATEWAY when deleting multipath route
- lwtunnel: Validate RTA_ENCAP_TYPE attribute length
- batman-adv: mcast: don't send link-local multicast to mcast routers
- sch_qfq: prevent shift-out-of-bounds in qfq_init_qdisc
- net: phy: micrel: set soft_reset callback to genphy_soft_reset for KSZ8081
- power: supply: core: Break capacity loop
- power: reset: ltc2952: Fix use of floating point literals
- rndis_host: support Hytera digital radios
- phonet: refcount leak in pep_sock_accep
- ipv6: Continue processing multipath route even if gateway attribute is
invalid
- ipv6: Do cleanup if attribute validation fails in multipath route
- usb: mtu3: fix interval value for intr and isoc
- scsi: libiscsi: Fix UAF in iscsi_conn_get_param()/iscsi_conn_teardown()
- ip6_vti: initialize __ip6_tnl_parm struct in vti6_siocdevprivate
- net: udp: fix alignment problem in udp4_seq_show()
- atlantic: Fix buff_ring OOB in aq_ring_rx_clean
- mISDN: change function names to avoid conflicts
- Linux 5.4.171
* Focal update: v5.4.170 upstream stable release (LP: #1958898)
- tee: handle lookup of shm with reference count 0
- Input: i8042 - add deferred probe support
- Input: i8042 - enable deferred probe quirk for ASUS UM325UA
- tomoyo: Check exceeded quota early in tomoyo_domain_quota_is_ok().
- platform/x86: apple-gmux: use resource_size() with res
- memblock: fix memblock_phys_alloc() section mismatch error
- recordmcount.pl: fix typo in s390 mcount regex
- selinux: initialize proto variable in selinux_ip_postroute_compat()
- scsi: lpfc: Terminate string in lpfc_debugfs_nvmeio_trc_write()
- net/mlx5: DR, Fix NULL vs IS_ERR checking in dr_domain_init_resources
- sctp: use call_rcu to free endpoint
- net: usb: pegasus: Do not drop long Ethernet frames
- net: lantiq_xrx200: fix statistics of received bytes
- NFC: st21nfca: Fix memory leak in device probe and remove
- ionic: Initialize the 'lif->dbid_inuse' bitmap
- net/mlx5e: Fix wrong features assignment in case of error
- selftests/net: udpgso_bench_tx: fix dst ip argument
- net/ncsi: check for error return from call to nla_put_u32
- fsl/fman: Fix missing put_device() call in fman_port_probe
- i2c: validate user data in compat ioctl
- nfc: uapi: use kernel size_t to fix user-space builds
- uapi: fix linux/nfc.h userspace compilation errors
- xhci: Fresco FL1100 controller should not have BROKEN_MSI quirk set.
- usb: gadget: f_fs: Clear ffs_eventfd in ffs_data_clear.
- usb: mtu3: add memory barrier before set GPD's HWO
- usb: mtu3: fix list_head check warning
- usb: mtu3: set interval of FS intr and isoc endpoint
- binder: fix async_free_space accounting for empty parcels
- scsi: vmw_pvscsi: Set residual data length conditionally
- Input: appletouch - initialize work before device registration
- Input: spaceball - fix parsing of movement data packets
- net: fix use-after-free in tw_timer_handler
- perf script: Fix CPU filtering of a script's switch events
- Linux 5.4.170
* Focal update: v5.4.170 upstream stable release (LP: #1958898) // HID_ASUS
should depend on USB_HID in stable v4.15 backports (LP: #1959762)
- HID: asus: Add depends on USB_HID to HID_ASUS Kconfig option
* Focal update: v5.4.169 upstream stable release (LP: #1958557)
- net: usb: lan78xx: add Allied Telesis AT29M2-AF
- serial: 8250_fintek: Fix garbled text for console
- arm64: dts: allwinner: orangepi-zero-plus: fix PHY mode
- spi: change clk_disable_unprepare to clk_unprepare
- IB/qib: Fix memory leak in qib_user_sdma_queue_pkts()
- netfilter: fix regression in looped (broad|multi)cast's MAC handling
- qlcnic: potential dereference null pointer of rx_queue->page_ring
- net: accept UFOv6 packages in virtio_net_hdr_to_skb
- net: skip virtio_net_hdr_set_proto if protocol already set
- ipmi: Fix UAF when uninstall ipmi_si and ipmi_msghandler module
- bonding: fix ad_actor_system option setting to default
- fjes: Check for error irq
- drivers: net: smc911x: Check for error irq
- sfc: falcon: Check null pointer of rx_queue->page_ring
- Input: elantech - fix stack out of bound access in
elantech_change_report_id()
- hwmon: (lm90) Fix usage of CONFIG2 register in detect function
- hwmon: (lm90) Add max6654 support to lm90 driver
- hwmon: (lm90) Add basic support for TI TMP461
- hwmon: (lm90) Introduce flag indicating extended temperature support
- hwmon: (lm90) Drop critical attribute support for MAX6654
- ALSA: jack: Check the return value of kstrdup()
- ALSA: drivers: opl3: Fix incorrect use of vp->state
- ALSA: hda/realtek: Amp init fixup for HP ZBook 15 G6
- Input: atmel_mxt_ts - fix double free in mxt_read_info_block
- ipmi: bail out if init_srcu_struct fails
- ipmi: ssif: initialize ssif_info->client early
- ipmi: fix initialization when workqueue allocation fails
- parisc: Correct completer in lws start
- x86/pkey: Fix undefined behaviour with PKRU_WD_BIT
- pinctrl: stm32: consider the GPIO offset to expose all the GPIO lines
- mmc: sdhci-tegra: Fix switch to HS400ES mode
- mmc: core: Disable card detect during shutdown
- ARM: 9169/1: entry: fix Thumb2 bug in iWMMXt exception handling
- tee: optee: Fix incorrect page free bug
- f2fs: fix to do sanity check on last xattr entry in __f2fs_setxattr()
- usb: gadget: u_ether: fix race in setting MAC address in setup phase
- KVM: VMX: Fix stale docs for kvm-intel.emulate_invalid_guest_state
- mm: mempolicy: fix THP allocations escaping mempolicy restrictions
- pinctrl: mediatek: fix global-out-of-bounds issue
- hwmom: (lm90) Fix citical alarm status for MAX6680/MAX6681
- hwmon: (lm90) Do not report 'busy' status bit as alarm
- ax25: NPD bug when detaching AX25 device
- hamradio: defer ax25 kfree after unregister_netdev
- hamradio: improve the incomplete fix to avoid NPD
- phonet/pep: refuse to enable an unbound pipe
- Linux 5.4.169
* Focal update: v5.4.168 upstream stable release (LP: #1957991)
- KVM: selftests: Make sure kvm_create_max_vcpus test won't hit RLIMIT_NOFILE
- mac80211: mark TX-during-stop for TX in in_reconfig
- mac80211: send ADDBA requests using the tid/queue of the aggregation session
- firmware: arm_scpi: Fix string overflow in SCPI genpd driver
- virtio_ring: Fix querying of maximum DMA mapping size for virtio device
- recordmcount.pl: look for jgnop instruction as well as bcrl on s390
- dm btree remove: fix use after free in rebalance_children()
- audit: improve robustness of the audit queue handling
- iio: adc: stm32: fix a current leak by resetting pcsel before disabling vdda
- nfsd: fix use-after-free due to delegation race
- arm64: dts: rockchip: remove mmc-hs400-enhanced-strobe from rk3399-khadas-
edge
- arm64: dts: rockchip: fix rk3399-leez-p710 vcc3v3-lan supply
- arm64: dts: rockchip: fix audio-supply for Rock Pi 4
- mac80211: track only QoS data frames for admission control
- ARM: socfpga: dts: fix qspi node compatible
- clk: Don't parent clks until the parent is fully registered
- selftests: net: Correct ping6 expected rc from 2 to 1
- s390/kexec_file: fix error handling when applying relocations
- sch_cake: do not call cake_destroy() from cake_init()
- inet_diag: use jiffies_delta_to_msecs()
- inet_diag: fix kernel-infoleak for UDP sockets
- selftests: Fix raw socket bind tests with VRF
- selftests: Fix IPv6 address bind tests
- dmaengine: st_fdma: fix MODULE_ALIAS
- selftest/net/forwarding: declare NETIFS p9 p10
- mac80211: agg-tx: refactor sending addba
- mac80211: agg-tx: don't schedule_and_wake_txq() under sta->lock
- mac80211: accept aggregation sessions on 6 GHz
- mac80211: fix lookup when adding AddBA extension element
- net: sched: lock action when translating it to flow_action infra
- flow_offload: return EOPNOTSUPP for the unsupported mpls action type
- rds: memory leak in __rds_conn_create()
- soc/tegra: fuse: Fix bitwise vs. logical OR warning
- igb: Fix removal of unicast MAC filters of VFs
- igbvf: fix double free in `igbvf_probe`
- ixgbe: set X550 MDIO speed before talking to PHY
- netdevsim: Zero-initialize memory for new map's value in function
nsim_bpf_map_alloc
- net: Fix double 0x prefix print in SKB dump
- net/smc: Prevent smc_release() from long blocking
- net: systemport: Add global locking for descriptor lifecycle
- sit: do not call ipip6_dev_free() from sit_init_net()
- USB: NO_LPM quirk Lenovo USB-C to Ethernet Adapher(RTL8153-04)
- PCI/MSI: Clear PCI_MSIX_FLAGS_MASKALL on error
- PCI/MSI: Mask MSI-X vectors only on success
- usb: xhci: Extend support for runtime power management for AMD's Yellow
carp.
- USB: serial: cp210x: fix CP2105 GPIO registration
- USB: serial: option: add Telit FN990 compositions
- timekeeping: Really make sure wall_to_monotonic isn't positive
- libata: if T_LENGTH is zero, dma direction should be DMA_NONE
- drm/amdgpu: correct register access for RLC_JUMP_TABLE_RESTORE
- mac80211: validate extended element ID is present
- mwifiex: Remove unnecessary braces from HostCmd_SET_SEQ_NO_BSS_INFO
- Input: touchscreen - avoid bitwise vs logical OR warning
- ARM: dts: imx6ull-pinfunc: Fix CSI_DATA07__ESAI_TX0 pad name
- xsk: Do not sleep in poll() when need_wakeup set
- media: mxl111sf: change mutex_init() location
- fuse: annotate lock in fuse_reverse_inval_entry()
- ovl: fix warning in ovl_create_real()
- scsi: scsi_debug: Sanity check block descriptor length in resp_mode_select()
- rcu: Mark accesses to rcu_state.n_force_qs
- mac80211: fix regression in SSN handling of addba tx
- net: sched: Fix suspicious RCU usage while accessing tcf_tunnel_info
- Revert "xsk: Do not sleep in poll() when need_wakeup set"
- xen/blkfront: harden blkfront against event channel storms
- xen/netfront: harden netfront against event channel storms
- xen/console: harden hvc_xen against event channel storms
- xen/netback: fix rx queue stall detection
- xen/netback: don't queue unlimited number of packages
- Linux 5.4.168
* Focal update: v5.4.167 upstream stable release (LP: #1957987)
- nfc: fix segfault in nfc_genl_dump_devices_done
- drm/msm/dsi: set default num_data_lanes
- net/mlx4_en: Update reported link modes for 1/10G
- parisc/agp: Annotate parisc agp init functions with __init
- i2c: rk3x: Handle a spurious start completion interrupt flag
- net: netlink: af_netlink: Prevent empty skb by adding a check on len.
- drm/amd/display: Fix for the no Audio bug with Tiled Displays
- drm/amd/display: add connector type check for CRC source set
- tracing: Fix a kmemleak false positive in tracing_map
- KVM: x86: Ignore sparse banks size for an "all CPUs", non-sparse IPI req
- selinux: fix race condition when computing ocontext SIDs
- bpf: Fix integer overflow in argument calculation for bpf_map_area_alloc
- hwmon: (dell-smm) Fix warning on /proc/i8k creation error
- memblock: free_unused_memmap: use pageblock units instead of MAX_ORDER
- memblock: align freed memory map on pageblock boundaries with SPARSEMEM
- memblock: ensure there is no overflow in memblock_overlaps_region()
- arm: extend pfn_valid to take into account freed memory map alignment
- arm: ioremap: don't abuse pfn_valid() to check if pfn is in RAM
- Linux 5.4.167
* Packaging resync (LP: #1786013)
- [Packaging] resync getabis
* CVE-2022-23960
- SAUCE: kvm: arm: fix build on 32-bit
Date: 2022-03-17 05:15:10.935510+00:00
Changed-By: Khaled El Mously <khalid.elmously at canonical.com>
Signed-By: Andy Whitcroft <apw at canonical.com>
https://launchpad.net/ubuntu/+source/linux-gkeop-5.4/5.4.0-1037.38~18.04.1
-------------- next part --------------
Sorry, changesfile not available.
More information about the Bionic-changes
mailing list