[ubuntu/focal-security] linux-oem-5.14 5.14.0-1008.8 (Accepted)

Andy Whitcroft apw at canonical.com
Tue Nov 30 19:17:38 UTC 2021


linux-oem-5.14 (5.14.0-1008.8) focal; urgency=medium

  * focal/linux-oem-5.14: 5.14.0-1008.8 -proposed tracker (LP: #1949844)

  * Packaging resync (LP: #1786013)
    - [Packaging] update update.conf
    - debian/dkms-versions -- update from kernel-versions (main/2021.11.08)

  * Let NVMe with HMB use native power control again (LP: #1950042)
    - nvme-pci: use attribute group for cmb sysfs
    - nvme-pci: cmb sysfs: one file, one value
    - nvme-pci: disable hmb on idle suspend
    - nvme: allow user toggling hmb usage

  * Add s0i3 RTC wake up for AMD systems (LP: #1950013)
    - platform/x86: amd-pmc: Export Idlemask values based on the APU
    - platform/x86: amd-pmc: adjust arguments for `amd_pmc_send_cmd`
    - platform/x86: amd-pmc: Add special handling for timer based S0i3 wakeup

  * require CAP_NET_ADMIN to attach N_HCI ldisc (LP: #1949516)
    - Bluetooth: hci_ldisc: require CAP_NET_ADMIN to attach N_HCI ldisc

  * AMD ACP 6.x DMIC Supports (LP: #1949245)
    - ASoC: amd: add Yellow Carp ACP6x IP register header
    - ASoC: amd: add Yellow Carp ACP PCI driver
    - ASoC: amd: add acp6x init/de-init functions
    - ASoC: amd: add platform devices for acp6x pdm driver and dmic driver
    - ASoC: amd: add acp6x pdm platform driver
    - ASoC: amd: add acp6x irq handler
    - ASoC: amd: add acp6x pdm driver dma ops
    - ASoC: amd: add acp6x pci driver pm ops
    - ASoC: amd: add acp6x pdm driver pm ops
    - ASoC: amd: enable Yellow carp acp6x drivers build
    - ASoC: amd: create platform device for acp6x machine driver
    - ASoC: amd: add YC machine driver using dmic
    - ASoC: amd: enable Yellow Carp platform machine driver build
    - [Config] Enable AMD ACP 6 DMIC Support

  * Focal update: v5.14.17 upstream stable release (LP: #1950165)
    - scsi: core: Put LLD module refcnt after SCSI device is released
    - sfc: Fix reading non-legacy supported link modes
    - vrf: Revert "Reset skb conntrack connection..."
    - media: firewire: firedtv-avc: fix a buffer overflow in avc_ca_pmt()
    - Revert "xhci: Set HCD flag to defer primary roothub registration"
    - Revert "usb: core: hcd: Add support for deferring roothub registration"
    - drm/amdkfd: fix boot failure when iommu is disabled in Picasso.
    - drm/i915: Remove memory frequency calculation
    - Revert "soc: imx: gpcv2: move reset assert after requesting domain power up"
    - ARM: 9120/1: Revert "amba: make use of -1 IRQs warn"
    - Revert "wcn36xx: Disable bmps when encryption is disabled"
    - drm/amdgpu: revert "Add autodump debugfs node for gpu reset v8"
    - drm/amd/display: Revert "Directly retrain link from debugfs"
    - Revert "drm/i915/gt: Propagate change in error status to children on unhold"
    - ALSA: usb-audio: Add Schiit Hel device to mixer map quirk table
    - ALSA: usb-audio: Add Audient iD14 to mixer map quirk table
    - Linux 5.14.17

  * Focal update: v5.14.16 upstream stable release (LP: #1950164)
    - ARM: 9132/1: Fix __get_user_check failure with ARM KASAN images
    - ARM: 9133/1: mm: proc-macros: ensure *_tlb_fns are 4B aligned
    - ARM: 9134/1: remove duplicate memcpy() definition
    - ARM: 9138/1: fix link warning with XIP + frame-pointer
    - ARM: 9139/1: kprobes: fix arch_init_kprobes() prototype
    - ARM: 9141/1: only warn about XIP address when not compile testing
    - ARM: 9148/1: handle CONFIG_CPU_ENDIAN_BE32 in arch/arm/kernel/head.S
    - usbnet: sanity check for maxpacket
    - usbnet: fix error return code in usbnet_probe()
    - Revert "pinctrl: bcm: ns: support updated DT binding as syscon subnode"
    - pinctrl: amd: disable and mask interrupts on probe
    - ata: sata_mv: Fix the error handling of mv_chip_id()
    - tipc: fix size validations for the MSG_CRYPTO type
    - nfc: port100: fix using -ERRNO as command type mask
    - Revert "net: mdiobus: Fix memory leak in __mdiobus_register"
    - net/tls: Fix flipped sign in tls_err_abort() calls
    - mmc: vub300: fix control-message timeouts
    - mmc: cqhci: clear HALT state after CQE enable
    - mmc: mediatek: Move cqhci init behind ungate clock
    - mmc: tmio: reenable card irqs after the reset callback
    - mmc: dw_mmc: exynos: fix the finding clock sample value
    - mmc: sdhci: Map more voltage level to SDHCI_POWER_330
    - mmc: sdhci-pci: Read card detect from ACPI for Intel Merrifield
    - mmc: sdhci-esdhc-imx: clear the buffer_read_ready to reset standard tuning
      circuit
    - block: Fix partition check for host-aware zoned block devices
    - ocfs2: fix race between searching chunks and release journal_head from
      buffer_head
    - nvme-tcp: fix H2CData PDU send accounting (again)
    - ftrace/nds32: Update the proto for ftrace_trace_function to match
      ftrace_stub
    - cfg80211: scan: fix RCU in cfg80211_add_nontrans_list()
    - cfg80211: fix management registrations locking
    - net: lan78xx: fix division by zero in send path
    - drm/amd/display: Require immediate flip support for DCN3.1 planes
    - mm: hwpoison: remove the unnecessary THP check
    - mm: filemap: check if THP has hwpoisoned subpage for PMD page fault
    - mm, thp: bail out early in collapse_file for writeback page
    - mm: khugepaged: skip huge page collapse for special files
    - arm64: dts: imx8mm-kontron: Fix polarity of reg_rst_eth2
    - arm64: dts: imx8mm-kontron: Fix CAN SPI clock frequency
    - arm64: dts: imx8mm-kontron: Fix connection type for VSC8531 RGMII PHY
    - arm64: dts: imx8mm-kontron: Set lower limit of VDD_SNVS to 800 mV
    - arm64: dts: imx8mm-kontron: Make sure SOC and DRAM supply voltages are
      correct
    - mac80211: mesh: fix HE operation element length check
    - drm/ttm: fix memleak in ttm_transfered_destroy
    - drm/i915: Convert unconditional clflush to drm_clflush_virt_range()
    - drm/i915: Catch yet another unconditioal clflush
    - drm/i915/dp: Skip the HW readout of DPCD on disabled encoders
    - drm/amdgpu: fix out of bounds write
    - drm/amdgpu: support B0&B1 external revision id for yellow carp
    - drm/amd/display: Limit display scaling to up to true 4k for DCN 3.1
    - drm/amd/display: Fix prefetch bandwidth calculation for DCN3.1
    - drm/amd/display: increase Z9 latency to workaround underflow in Z9
    - drm/amd/display: Increase watermark latencies for DCN3.1
    - drm/amd/display: Moved dccg init to after bios golden init
    - drm/amd/display: Fallback to clocks which meet requested voltage on DCN31
    - drm/amd/display: Fix deadlock when falling back to v2 from v3
    - Revert "watchdog: iTCO_wdt: Account for rebooting on second timeout"
    - cgroup: Fix memory leak caused by missing cgroup_bpf_offline
    - riscv, bpf: Fix potential NULL dereference
    - tcp_bpf: Fix one concurrency problem in the tcp_bpf_send_verdict function
    - bpf: Fix potential race in tail call compatibility check
    - bpf: Fix error usage of map_fd and fdget() in generic_map_update_batch()
    - IB/qib: Protect from buffer overflow in struct qib_user_sdma_pkt fields
    - IB/hfi1: Fix abba locking issue with sc_disable()
    - nvmet-tcp: fix data digest pointer calculation
    - nvme-tcp: fix data digest pointer calculation
    - nvme-tcp: fix possible req->offset corruption
    - octeontx2-af: Display all enabled PF VF rsrc_alloc entries.
    - octeontx2-af: Fix possible null pointer dereference.
    - ice: Respond to a NETDEV_UNREGISTER event for LAG
    - RDMA/mlx5: Set user priority for DCT
    - ice: check whether PTP is initialized in ice_ptp_release()
    - arm64: dts: allwinner: h5: NanoPI Neo 2: Fix ethernet node
    - reset: brcmstb-rescal: fix incorrect polarity of status bit
    - regmap: Fix possible double-free in regcache_rbtree_exit()
    - net: batman-adv: fix error handling
    - net-sysfs: initialize uid and gid before calling net_ns_get_ownership
    - cfg80211: correct bridge/4addr mode check
    - net: Prevent infinite while loop in skb_tx_hash()
    - RDMA/mlx5: Initialize the ODP xarray when creating an ODP MR
    - RDMA/sa_query: Use strscpy_pad instead of memcpy to copy a string
    - gpio: xgs-iproc: fix parsing of ngpios property
    - nios2: Make NIOS2_DTB_SOURCE_BOOL depend on !COMPILE_TEST
    - mlxsw: pci: Recycle received packet upon allocation failure
    - net: ethernet: microchip: lan743x: Fix driver crash when lan743x_pm_resume
      fails
    - net: ethernet: microchip: lan743x: Fix dma allocation failure by using
      dma_set_mask_and_coherent
    - net: nxp: lpc_eth.c: avoid hang when bringing interface down
    - net: hns3: fix pause config problem after autoneg disabled
    - net: hns3: fix data endian problem of some functions of debugfs
    - net: ethernet: microchip: lan743x: Fix skb allocation failure
    - net/tls: Fix flipped sign in async_wait.err assignment
    - phy: phy_ethtool_ksettings_get: Lock the phy for consistency
    - phy: phy_ethtool_ksettings_set: Move after phy_start_aneg
    - phy: phy_start_aneg: Add an unlocked version
    - phy: phy_ethtool_ksettings_set: Lock the PHY while changing settings
    - RDMA/irdma: Process extended CQ entries correctly
    - RDMA/irdma: Set VLAN in UD work completion correctly
    - RDMA/irdma: Do not hold qos mutex twice on QP resume
    - sctp: use init_tag from inithdr for ABORT chunk
    - sctp: fix the processing for INIT chunk
    - sctp: fix the processing for INIT_ACK chunk
    - sctp: fix the processing for COOKIE_ECHO chunk
    - sctp: add vtag check in sctp_sf_violation
    - sctp: add vtag check in sctp_sf_do_8_5_1_E_sa
    - sctp: add vtag check in sctp_sf_ootb
    - bpf: Use kvmalloc for map values in syscall
    - watchdog: sbsa: only use 32-bit accessors
    - bpf: Move BPF_MAP_TYPE for INODE_STORAGE and TASK_STORAGE outside of
      CONFIG_NET
    - net: hns3: add more string spaces for dumping packets number of queue info
      in debugfs
    - net: hns3: expand buffer len for some debugfs command
    - virtio-ring: fix DMA metadata flags
    - octeontx2-af: Check whether ipolicers exists
    - KVM: s390: clear kicked_mask before sleeping again
    - KVM: s390: preserve deliverable_mask in __airqs_kick_single_vcpu
    - scsi: ufs: ufs-exynos: Correct timeout value setting registers
    - perf script: Fix PERF_SAMPLE_WEIGHT_STRUCT support
    - scsi: ibmvfc: Fix up duplicate response detection
    - riscv: fix misalgned trap vector base address
    - riscv: Do not re-populate shadow memory with kasan_populate_early_shadow
    - riscv: Fix asan-stack clang build
    - perf script: Check session->header.env.arch before using it
    - KVM: x86/xen: Fix kvm_xen_has_interrupt() sleeping in kvm_vcpu_block()
    - KVM: x86: switch pvclock_gtod_sync_lock to a raw spinlock
    - KVM: SEV-ES: fix another issue with string I/O VMGEXITs
    - KVM: x86: Take srcu lock in post_kvm_run_save()
    - Linux 5.14.16

  * Focal update: v5.14.16 upstream stable release (LP: #1950164) //
    CVE-2021-42327 was fixed by:
    - drm/amdgpu: Fix even more out of bound writes from debugfs

  * Focal update: v5.14.15 upstream stable release (LP: #1950160)
    - block/mq-deadline: Move dd_queued() to fix defined but not used warning
    - parisc: math-emu: Fix fall-through warnings
    - sh: pgtable-3level: fix cast to pointer from integer of different size
    - arm: dts: vexpress-v2p-ca9: Fix the SMB unit-address
    - ARM: dts: at91: sama5d2_som1_ek: disable ISC node by default
    - block: decode QUEUE_FLAG_HCTX_ACTIVE in debugfs output
    - xen/x86: prevent PVH type from getting clobbered
    - r8152: avoid to resubmit rx immediately
    - drm/amdgpu/display: fix dependencies for DRM_AMD_DC_SI
    - drm/amdgpu: init iommu after amdkfd device init
    - xtensa: xtfpga: use CONFIG_USE_OF instead of CONFIG_OF
    - xtensa: xtfpga: Try software restart before simulating CPU reset
    - NFSD: Keep existing listeners on portlist error
    - powerpc/lib: Add helper to check if offset is within conditional branch
      range
    - powerpc/bpf: Validate branch ranges
    - powerpc/security: Add a helper to query stf_barrier type
    - powerpc/bpf: Emit stf barrier instruction sequences for BPF_NOSPEC
    - ASoC: pcm512x: Mend accesses to the I2S_1 and I2S_2 registers
    - ASoC: fsl_xcvr: Fix channel swap issue with ARC
    - ASoC: pcm179x: Add missing entries SPI to device ID table
    - ASoC: cs4341: Add SPI device ID table
    - KVM: arm64: Fix host stage-2 PGD refcount
    - KVM: arm64: Release mmap_lock when using VM_SHARED with MTE
    - netfilter: xt_IDLETIMER: fix panic that occurs when timer_type has garbage
      value
    - netfilter: nf_tables: skip netdev events generated on netns removal
    - dma-debug: fix sg checks in debug_dma_map_sg()
    - ASoC: wm8960: Fix clock configuration on slave mode
    - ice: Fix failure to re-add LAN/RDMA Tx queues
    - ice: Avoid crash from unnecessary IDA free
    - ice: fix getting UDP tunnel entry
    - ice: Print the api_patch as part of the fw.mgmt.api
    - netfilter: ip6t_rt: fix rt0_hdr parsing in rt_mt6
    - netfilter: ipvs: make global sysctl readonly in non-init netns
    - sctp: fix transport encap_port update in sctp_vtag_verify
    - lan78xx: select CRC32
    - tcp: md5: Fix overlap between vrf and non-vrf keys
    - ipv6: When forwarding count rx stats on the orig netdev
    - hamradio: baycom_epp: fix build for UML
    - net: dsa: lantiq_gswip: fix register definition
    - net/sched: act_ct: Fix byte count on fragmented packets
    - NIOS2: irqflags: rename a redefined register name
    - net: dsa: Fix an error handling path in 'dsa_switch_parse_ports_of()'
    - powerpc/smp: do not decrement idle task preempt count in CPU offline
    - net: hns3: Add configuration of TM QCN error event
    - net: hns3: reset DWRR of unused tc to zero
    - net: hns3: add limit ets dwrr bandwidth cannot be 0
    - net: hns3: schedule the polling again when allocation fails
    - net: hns3: fix vf reset workqueue cannot exit
    - net: hns3: disable sriov before unload hclge layer
    - net: stmmac: Fix E2E delay mechanism
    - ptp: Fix possible memory leak in ptp_clock_register()
    - igc: Update I226_K device ID
    - ice: Add missing E810 device ids
    - net/mlx5e: IPsec: Fix a misuse of the software parser's fields
    - net/mlx5e: IPsec: Fix work queue entry ethernet segment checksum flags
    - drm/panel: ilitek-ili9881c: Fix sync for Feixin K101-IM2BYL02 panel
    - drm/kmb: Work around for higher system clock
    - drm/kmb: Remove clearing DPHY regs
    - drm/kmb: Disable change of plane parameters
    - drm/kmb: Corrected typo in handle_lcd_irq
    - drm/kmb: Enable ADV bridge after modeset
    - net: enetc: fix ethtool counter name for PM0_TERR
    - net: enetc: make sure all traffic classes can send large frames
    - can: rcar_can: fix suspend/resume
    - can: peak_usb: pcan_usb_fd_decode_status(): fix back to ERROR_ACTIVE state
      notification
    - can: peak_pci: peak_pci_remove(): fix UAF
    - can: isotp: isotp_sendmsg(): fix return error on FC timeout on TX path
    - can: isotp: isotp_sendmsg(): add result check for wait_event_interruptible()
    - can: isotp: isotp_sendmsg(): fix TX buffer concurrent access in
      isotp_sendmsg()
    - can: j1939: j1939_tp_rxtimer(): fix errant alert in j1939_tp_rxtimer
    - can: j1939: j1939_netdev_start(): fix UAF for rx_kref of j1939_priv
    - can: j1939: j1939_xtp_rx_dat_one(): cancel session if receive TP.DT with
      error length
    - can: j1939: j1939_xtp_rx_rts_session_new(): abort TP less than 9 bytes
    - ceph: skip existing superblocks that are blocklisted or shut down when
      mounting
    - ceph: fix handling of "meta" errors
    - tracing: Have all levels of checks prevent recursion
    - ocfs2: fix data corruption after conversion from inline format
    - ocfs2: mount fails with buffer overflow in strlen
    - mm/userfaultfd: selftests: fix memory corruption with thp enabled
    - userfaultfd: fix a race between writeprotect and exit_mmap()
    - mm/mempolicy: do not allow illegal MPOL_F_NUMA_BALANCING | MPOL_LOCAL in
      mbind()
    - elfcore: correct reference to CONFIG_UML
    - vfs: check fd has read access in kernel_read_file_from_fd()
    - mm/secretmem: fix NULL page->mapping dereference in page_is_secretmem()
    - ALSA: usb-audio: Provide quirk for Sennheiser GSP670 Headset
    - ALSA: hda/realtek: Add quirk for Clevo PC50HS
    - ASoC: DAPM: Fix missing kctl change notifications
    - ASoC: nau8824: Fix headphone vs headset, button-press detection no longer
      working
    - blk-cgroup: blk_cgroup_bio_start() should use irq-safe operations on
      blkg->iostat_cpu
    - audit: fix possible null-pointer dereference in audit_filter_rules
    - net: dsa: mt7530: correct ds->num_ports
    - ucounts: Move get_ucounts from cred_alloc_blank to
      key_change_session_keyring
    - ucounts: Pair inc_rlimit_ucounts with dec_rlimit_ucoutns in commit_creds
    - ucounts: Proper error handling in set_cred_ucounts
    - ucounts: Fix signal ucount refcounting
    - KVM: PPC: Book3S HV: Fix stack handling in idle_kvm_start_guest()
    - KVM: PPC: Book3S HV: Make idle_kvm_start_guest() return 0 if it went to
      guest
    - powerpc/idle: Don't corrupt back chain when going idle
    - mm, slub: fix mismatch between reconstructed freelist depth and cnt
    - mm, slub: fix potential memoryleak in kmem_cache_open()
    - mm, slub: fix potential use-after-free in slab_debugfs_fops
    - mm, slub: fix incorrect memcg slab count for bulk free
    - KVM: nVMX: promptly process interrupts delivered while in guest mode
    - KVM: SEV: Flush cache on non-coherent systems before RECEIVE_UPDATE_DATA
    - KVM: SEV-ES: rename guest_ins_data to sev_pio_data
    - KVM: SEV-ES: clean up kvm_sev_es_ins/outs
    - KVM: SEV-ES: keep INS functions together
    - KVM: SEV-ES: fix length of string I/O
    - KVM: SEV-ES: go over the sev_pio_data buffer in multiple passes if needed
    - KVM: SEV-ES: reduce ghcb_sa_len to 32 bits
    - KVM: x86: leave vcpu->arch.pio.count alone in emulator_pio_in_out
    - KVM: x86: check for interrupts before deciding whether to exit the fast path
    - KVM: x86: split the two parts of emulator_pio_in
    - KVM: x86: remove unnecessary arguments from complete_emulator_pio_in
    - nfc: nci: fix the UAF of rf_conn_info object
    - isdn: cpai: check ctr->cnr to avoid array index out of bound
    - netfilter: Kconfig: use 'default y' instead of 'm' for bool config option
    - selftests: netfilter: remove stray bash debug line
    - net: bridge: mcast: use multicast_membership_interval for IGMPv3
    - KVM: SEV-ES: Set guest_state_protected after VMSA update
    - drm: mxsfb: Fix NULL pointer dereference crash on unload
    - net: hns3: fix the max tx size according to user manual
    - KVM: MMU: Reset mmu->pkru_mask to avoid stale data
    - kunit: fix reference count leak in kfree_at_end
    - drm/msm/a6xx: Serialize GMU communication
    - gcc-plugins/structleak: add makefile var for disabling structleak
    - iio/test-format: build kunit tests without structleak plugin
    - device property: build kunit tests without structleak plugin
    - thunderbolt: build kunit tests without structleak plugin
    - bitfield: build kunit tests without structleak plugin
    - objtool: Check for gelf_update_rel[a] failures
    - objtool: Update section header before relocations
    - btrfs: deal with errors when checking if a dir entry exists during log
      replay
    - net: stmmac: add support for dwmac 3.40a
    - ARM: dts: spear3xx: Fix gmac node
    - isdn: mISDN: Fix sleeping function called from invalid context
    - platform/x86: intel_scu_ipc: Increase virtual timeout to 10s
    - platform/x86: intel_scu_ipc: Update timeout value in comment
    - ALSA: hda: avoid write to STATESTS if controller is in reset
    - spi: Fix deadlock when adding SPI controllers on SPI buses
    - spi-mux: Fix false-positive lockdep splats
    - libperf test evsel: Fix build error on !x86 architectures
    - libperf tests: Fix test_stat_cpu
    - perf/x86/msr: Add Sapphire Rapids CPU support
    - Input: snvs_pwrkey - add clk handling
    - ASoC: codec: wcd938x: Add irq config support
    - scsi: iscsi: Fix set_param() handling
    - scsi: storvsc: Fix validation for unsolicited incoming packets
    - scsi: mpi3mr: Fix duplicate device entries when scanning through sysfs
    - scsi: qla2xxx: Fix a memory leak in an error path of qla2x00_process_els()
    - mm/thp: decrease nr_thps in file's mapping on THP split
    - sched/scs: Reset the shadow stack when idle_task_exit
    - net: hns3: fix for miscalculation of rx unused desc
    - net/mlx5: Lag, move lag destruction to a workqueue
    - net/mlx5: Lag, change multipath and bonding to be mutually exclusive
    - drm/kmb: Enable alpha blended second plane
    - drm/kmb: Limit supported mode to 1080p
    - autofs: fix wait name hash calculation in autofs_wait()
    - scsi: core: Fix shost->cmd_per_lun calculation in scsi_add_host_with_dma()
    - s390/pci: cleanup resources only if necessary
    - s390/pci: fix zpci_zdev_put() on reserve
    - bpf, test, cgroup: Use sk_{alloc,free} for test cases
    - net: mdiobus: Fix memory leak in __mdiobus_register
    - ARM: 9122/1: select HAVE_FUTEX_CMPXCHG
    - pinctrl: stm32: use valid pin identifier in stm32_pinctrl_resume()
    - Linux 5.14.15

Date: 2021-11-10 11:14:09.971801+00:00
Changed-By: Timo Aaltonen <tjaalton at ubuntu.com>
Signed-By: Andy Whitcroft <apw at canonical.com>
https://launchpad.net/ubuntu/+source/linux-oem-5.14/5.14.0-1008.8
-------------- next part --------------
Sorry, changesfile not available.


More information about the Focal-changes mailing list