[ubuntu/focal-security] linux-kvm 5.4.0-1046.48 (Accepted)

Andy Whitcroft apw at canonical.com
Tue Sep 7 21:01:18 UTC 2021


linux-kvm (5.4.0-1046.48) focal; urgency=medium

  * focal/linux-kvm: 5.4.0-1046.48 -proposed tracker (LP: #1939787)

  * Focal update: v5.4.129 upstream stable release (LP: #1936242)
    - [Config] kvm: enable CONFIG_SYSTEM_REVOCATION_LIST

  [ Ubuntu: 5.4.0-83.93 ]

  * focal/linux: 5.4.0-83.93 -proposed tracker (LP: #1940159)
  * fails to launch linux L2 guests on AMD (LP: #1940134) // CVE-2021-3653
    - KVM: nSVM: avoid picking up unsupported bits from L2 in int_ctl
      (CVE-2021-3653)
  * fails to launch linux L2 guests on AMD (LP: #1940134)
    - SAUCE: Revert "UBUNTU: SAUCE: KVM: nSVM: avoid picking up unsupported bits
      from L2 in int_ctl"

  [ Ubuntu: 5.4.0-82.92 ]

  * focal/linux: 5.4.0-82.92 -proposed tracker (LP: #1939799)
  * Packaging resync (LP: #1786013)
    - debian/dkms-versions -- update from kernel-versions (main/2021.08.16)
  * CVE-2021-3656
    - SAUCE: KVM: nSVM: always intercept VMLOAD/VMSAVE when nested
  * CVE-2021-3653
    - SAUCE: KVM: nSVM: avoid picking up unsupported bits from L2 in int_ctl
  * [regression] USB device is not detected during boot (LP: #1939638)
    - SAUCE: Revert "usb: core: reduce power-on-good delay time of root hub"
  * dev_forward_skb: do not scrub skb mark within the same name space
    (LP: #1935040)
    - dev_forward_skb: do not scrub skb mark within the same name space
  * XPS 9510 (TGL) Screen Brightness could not be changed (LP: #1933566)
    - SAUCE: drm/i915: Force DPCD backlight mode for Dell XPS 9510(TGL)
  * Acer Aspire 5 sound driver issues (LP: #1930188)
    - ALSA: hda/realtek: headphone and mic don't work on an Acer laptop
  * Sony Dualshock 4 usb dongle crashes the whole system (LP: #1935846)
    - HID: sony: Workaround for DS4 dongle hotplug kernel crash.
  * [21.10 FEAT] KVM: Provide a secure guest indication (LP: #1933173)
    - s390/uv: add prot virt guest/host indication files
    - s390/uv: fix prot virt host indication compilation
  * Skip rtcpie test in kselftests/timers if the default RTC device does not
    exist (LP: #1937991)
    - selftests: timers: rtcpie: skip test if default RTC device does not exist
  * Focal update: v5.4.133 upstream stable release (LP: #1938713)
    - drm/mxsfb: Don't select DRM_KMS_FB_HELPER
    - drm/zte: Don't select DRM_KMS_FB_HELPER
    - drm/amd/amdgpu/sriov disable all ip hw status by default
    - drm/vc4: fix argument ordering in vc4_crtc_get_margins()
    - net: pch_gbe: Use proper accessors to BE data in pch_ptp_match()
    - drm/amd/display: fix use_max_lb flag for 420 pixel formats
    - hugetlb: clear huge pte during flush function on mips platform
    - atm: iphase: fix possible use-after-free in ia_module_exit()
    - mISDN: fix possible use-after-free in HFC_cleanup()
    - atm: nicstar: Fix possible use-after-free in nicstar_cleanup()
    - net: Treat __napi_schedule_irqoff() as __napi_schedule() on PREEMPT_RT
    - drm/mediatek: Fix PM reference leak in mtk_crtc_ddp_hw_init()
    - reiserfs: add check for invalid 1st journal block
    - drm/virtio: Fix double free on probe failure
    - drm/sched: Avoid data corruptions
    - udf: Fix NULL pointer dereference in udf_symlink function
    - e100: handle eeprom as little endian
    - igb: handle vlan types with checker enabled
    - drm/bridge: cdns: Fix PM reference leak in cdns_dsi_transfer()
    - clk: renesas: r8a77995: Add ZA2 clock
    - clk: tegra: Ensure that PLLU configuration is applied properly
    - ipv6: use prandom_u32() for ID generation
    - RDMA/cxgb4: Fix missing error code in create_qp()
    - dm space maps: don't reset space map allocation cursor when committing
    - pinctrl: mcp23s08: fix race condition in irq handler
    - ice: set the value of global config lock timeout longer
    - virtio_net: Remove BUG() to avoid machine dead
    - net: bcmgenet: check return value after calling platform_get_resource()
    - net: mvpp2: check return value after calling platform_get_resource()
    - net: micrel: check return value after calling platform_get_resource()
    - drm/amd/display: Update scaling settings on modeset
    - drm/amd/display: Release MST resources on switch from MST to SST
    - drm/amd/display: Set DISPCLK_MAX_ERRDET_CYCLES to 7
    - drm/amdkfd: use allowed domain for vmbo validation
    - fjes: check return value after calling platform_get_resource()
    - selinux: use __GFP_NOWARN with GFP_NOWAIT in the AVC
    - r8169: avoid link-up interrupt issue on RTL8106e if user enables ASPM
    - drm/amd/display: Verify Gamma & Degamma LUT sizes in amdgpu_dm_atomic_check
    - xfrm: Fix error reporting in xfrm_state_construct.
    - wlcore/wl12xx: Fix wl12xx get_mac error if device is in ELP
    - wl1251: Fix possible buffer overflow in wl1251_cmd_scan
    - cw1200: add missing MODULE_DEVICE_TABLE
    - bpf: Fix up register-based shifts in interpreter to silence KUBSAN
    - mt76: mt7615: fix fixed-rate tx status reporting
    - net: fix mistake path for netdev_features_strings
    - net: sched: fix error return code in tcf_del_walker()
    - drm/amdkfd: Walk through list with dqm lock hold
    - rtl8xxxu: Fix device info for RTL8192EU devices
    - atm: nicstar: use 'dma_free_coherent' instead of 'kfree'
    - atm: nicstar: register the interrupt handler in the right place
    - vsock: notify server to shutdown when client has pending signal
    - RDMA/rxe: Don't overwrite errno from ib_umem_get()
    - iwlwifi: mvm: don't change band on bound PHY contexts
    - iwlwifi: pcie: free IML DMA memory allocation
    - iwlwifi: pcie: fix context info freeing
    - sfc: avoid double pci_remove of VFs
    - sfc: error code if SRIOV cannot be disabled
    - wireless: wext-spy: Fix out-of-bounds warning
    - media, bpf: Do not copy more entries than user space requested
    - net: ip: avoid OOM kills with large UDP sends over loopback
    - RDMA/cma: Fix rdma_resolve_route() memory leak
    - Bluetooth: btusb: Fixed too many in-token issue for Mediatek Chip.
    - Bluetooth: Fix the HCI to MGMT status conversion table
    - Bluetooth: Shutdown controller after workqueues are flushed or cancelled
    - Bluetooth: btusb: fix bt fiwmare downloading failure issue for qca btsoc.
    - sctp: validate from_addr_param return
    - sctp: add size validation when walking chunks
    - MIPS: loongsoon64: Reserve memory below starting pfn to prevent Oops
    - MIPS: set mips32r5 for virt extensions
    - fscrypt: don't ignore minor_hash when hash is 0
    - crypto: ccp - Annotate SEV Firmware file names
    - perf bench: Fix 2 memory sanitizer warnings
    - powerpc/mm: Fix lockup on kernel exec fault
    - powerpc/barrier: Avoid collision with clang's __lwsync macro
    - drm/amdgpu: Update NV SIMD-per-CU to 2
    - drm/radeon: Add the missed drm_gem_object_put() in
      radeon_user_framebuffer_create()
    - drm/rockchip: dsi: remove extra component_del() call
    - drm/amd/display: fix incorrrect valid irq check
    - pinctrl/amd: Add device HID for new AMD GPIO controller
    - drm/tegra: Don't set allow_fb_modifiers explicitly
    - drm/msm/mdp4: Fix modifier support enabling
    - drm/arm/malidp: Always list modifiers
    - mmc: sdhci: Fix warning message when accessing RPMB in HS400 mode
    - mmc: core: clear flags before allowing to retune
    - mmc: core: Allow UHS-I voltage switch for SDSC cards if supported
    - ata: ahci_sunxi: Disable DIPM
    - cpu/hotplug: Cure the cpusets trainwreck
    - clocksource/arm_arch_timer: Improve Allwinner A64 timer workaround
    - fpga: stratix10-soc: Add missing fpga_mgr_free() call
    - MIPS: fix "mipsel-linux-ld: decompress.c:undefined reference to `memmove'"
    - ASoC: tegra: Set driver_name=tegra for all machine drivers
    - qemu_fw_cfg: Make fw_cfg_rev_attr a proper kobj_attribute
    - ipmi/watchdog: Stop watchdog timer when the current action is 'none'
    - thermal/drivers/int340x/processor_thermal: Fix tcc setting
    - ubifs: Fix races between xattr_{set|get} and listxattr operations
    - power: supply: ab8500: Fix an old bug
    - nvmem: core: add a missing of_node_put
    - extcon: intel-mrfld: Sync hardware and software state on init
    - seq_buf: Fix overflow in seq_buf_putmem_hex()
    - rq-qos: fix missed wake-ups in rq_qos_throttle try two
    - tracing: Simplify & fix saved_tgids logic
    - tracing: Resize tgid_map to pid_max, not PID_MAX_DEFAULT
    - ipack/carriers/tpci200: Fix a double free in tpci200_pci_probe
    - coresight: tmc-etf: Fix global-out-of-bounds in tmc_update_etf_buffer()
    - dm btree remove: assign new_root only when removal succeeds
    - PCI: Leave Apple Thunderbolt controllers on for s2idle or standby
    - PCI: aardvark: Fix checking for PIO Non-posted Request
    - PCI: aardvark: Implement workaround for the readback value of VEND_ID
    - media: subdev: disallow ioctl for saa6588/davinci
    - media: dtv5100: fix control-request directions
    - media: zr364xx: fix memory leak in zr364xx_start_readpipe
    - media: gspca/sq905: fix control-request direction
    - media: gspca/sunplus: fix zero-length control requests
    - pinctrl: mcp23s08: Fix missing unlock on error in mcp23s08_irq()
    - jfs: fix GPF in diFree
    - smackfs: restrict bytes count in smk_set_cipso()
    - Linux 5.4.133
  * Focal update: v5.4.132 upstream stable release (LP: #1938199)
    - ALSA: usb-audio: fix rate on Ozone Z90 USB headset
    - ALSA: usb-audio: Fix OOB access at proc output
    - ALSA: usb-audio: scarlett2: Fix wrong resume call
    - ALSA: intel8x0: Fix breakage at ac97 clock measurement
    - ALSA: hda/realtek: Add another ALC236 variant support
    - ALSA: hda/realtek: Improve fixup for HP Spectre x360 15-df0xxx
    - ALSA: hda/realtek: Fix bass speaker DAC mapping for Asus UM431D
    - ALSA: hda/realtek: Apply LED fixup for HP Dragonfly G1, too
    - media: dvb-usb: fix wrong definition
    - Input: usbtouchscreen - fix control-request directions
    - net: can: ems_usb: fix use-after-free in ems_usb_disconnect()
    - usb: gadget: eem: fix echo command packet response issue
    - USB: cdc-acm: blacklist Heimann USB Appset device
    - usb: dwc3: Fix debugfs creation flow
    - usb: typec: Add the missed altmode_id_remove() in typec_register_altmode()
    - xhci: solve a double free problem while doing s4
    - ntfs: fix validity check for file name attribute
    - copy_page_to_iter(): fix ITER_DISCARD case
    - iov_iter_fault_in_readable() should do nothing in xarray case
    - Input: joydev - prevent use of not validated data in JSIOCSBTNMAP ioctl
    - arm_pmu: Fix write counter incorrect in ARMv7 big-endian mode
    - ARM: dts: at91: sama5d4: fix pinctrl muxing
    - btrfs: send: fix invalid path for unlink operations after parent
      orphanization
    - btrfs: clear defrag status of a root if starting transaction fails
    - ext4: cleanup in-core orphan list if ext4_truncate() failed to get a
      transaction handle
    - ext4: fix kernel infoleak via ext4_extent_header
    - ext4: return error code when ext4_fill_flex_info() fails
    - ext4: correct the cache_nr in tracepoint ext4_es_shrink_exit
    - ext4: remove check for zero nr_to_scan in ext4_es_scan()
    - ext4: fix avefreec in find_group_orlov
    - ext4: use ext4_grp_locked_error in mb_find_extent
    - can: gw: synchronize rcu operations before removing gw job entry
    - can: j1939: j1939_sk_init(): set SOCK_RCU_FREE to call sk_destruct() after
      RCU is done
    - can: peak_pciefd: pucan_handle_status(): fix a potential starvation issue in
      TX path
    - mac80211: remove iwlwifi specific workaround that broke sta NDP tx
    - SUNRPC: Fix the batch tasks count wraparound.
    - SUNRPC: Should wake up the privileged task firstly.
    - perf/smmuv3: Don't trample existing events with global filter
    - KVM: PPC: Book3S HV: Workaround high stack usage with clang
    - s390/cio: dont call css_wait_for_slow_path() inside a lock
    - rtc: stm32: Fix unbalanced clk_disable_unprepare() on probe error path
    - iio: light: tcs3472: do not free unallocated IRQ
    - iio: ltr501: mark register holding upper 8 bits of ALS_DATA{0,1} and PS_DATA
      as volatile, too
    - iio: ltr501: ltr559: fix initialization of LTR501_ALS_CONTR
    - iio: ltr501: ltr501_read_ps(): add missing endianness conversion
    - serial: mvebu-uart: fix calculation of clock divisor
    - serial: sh-sci: Stop dmaengine transfer in sci_stop_tx()
    - serial_cs: Add Option International GSM-Ready 56K/ISDN modem
    - serial_cs: remove wrong GLOBETROTTER.cis entry
    - ath9k: Fix kernel NULL pointer dereference during ath_reset_internal()
    - ssb: sdio: Don't overwrite const buffer if block_write fails
    - rsi: Assign beacon rate settings to the correct rate_info descriptor field
    - rsi: fix AP mode with WPA failure due to encrypted EAPOL
    - tracing/histograms: Fix parsing of "sym-offset" modifier
    - tracepoint: Add tracepoint_probe_register_may_exist() for BPF tracing
    - seq_buf: Make trace_seq_putmem_hex() support data longer than 8
    - powerpc/stacktrace: Fix spurious "stale" traces in raise_backtrace_ipi()
    - evm: Execute evm_inode_init_security() only when an HMAC key is loaded
    - evm: Refuse EVM_ALLOW_METADATA_WRITES only if an HMAC key is loaded
    - fuse: ignore PG_workingset after stealing
    - fuse: check connected before queueing on fpq->io
    - fuse: reject internal errno
    - spi: Make of_register_spi_device also set the fwnode
    - media: mdk-mdp: fix pm_runtime_get_sync() usage count
    - media: s5p: fix pm_runtime_get_sync() usage count
    - media: sh_vou: fix pm_runtime_get_sync() usage count
    - media: mtk-vcodec: fix PM runtime get logic
    - media: s5p-jpeg: fix pm_runtime_get_sync() usage count
    - media: sti/bdisp: fix pm_runtime_get_sync() usage count
    - media: exynos-gsc: fix pm_runtime_get_sync() usage count
    - spi: spi-loopback-test: Fix 'tx_buf' might be 'rx_buf'
    - spi: spi-topcliff-pch: Fix potential double free in
      pch_spi_process_messages()
    - spi: omap-100k: Fix the length judgment problem
    - regulator: uniphier: Add missing MODULE_DEVICE_TABLE
    - hwrng: exynos - Fix runtime PM imbalance on error
    - crypto: nx - add missing MODULE_DEVICE_TABLE
    - media: sti: fix obj-$(config) targets
    - media: cpia2: fix memory leak in cpia2_usb_probe
    - media: cobalt: fix race condition in setting HPD
    - media: pvrusb2: fix warning in pvr2_i2c_core_done
    - media: imx: imx7_mipi_csis: Fix logging of only error event counters
    - crypto: qat - check return code of qat_hal_rd_rel_reg()
    - crypto: qat - remove unused macro in FW loader
    - sched/fair: Fix ascii art by relpacing tabs
    - media: em28xx: Fix possible memory leak of em28xx struct
    - media: v4l2-core: Avoid the dangling pointer in v4l2_fh_release
    - media: bt8xx: Fix a missing check bug in bt878_probe
    - media: st-hva: Fix potential NULL pointer dereferences
    - Makefile: fix GDB warning with CONFIG_RELR
    - media: dvd_usb: memory leak in cinergyt2_fe_attach
    - memstick: rtsx_usb_ms: fix UAF
    - mmc: sdhci-sprd: use sdhci_sprd_writew
    - mmc: via-sdmmc: add a check against NULL pointer dereference
    - crypto: shash - avoid comparing pointers to exported functions under CFI
    - media: dvb_net: avoid speculation from net slot
    - media: siano: fix device register error path
    - media: imx-csi: Skip first few frames from a BT.656 source
    - hwmon: (max31790) Report correct current pwm duty cycles
    - hwmon: (max31790) Fix pwmX_enable attributes
    - drivers/perf: fix the missed ida_simple_remove() in ddr_perf_probe()
    - KVM: PPC: Book3S HV: Fix TLB management on SMT8 POWER9 and POWER10
      processors
    - btrfs: fix error handling in __btrfs_update_delayed_inode
    - btrfs: abort transaction if we fail to update the delayed inode
    - btrfs: disable build on platforms having page size 256K
    - locking/lockdep: Fix the dep path printing for backwards BFS
    - lockding/lockdep: Avoid to find wrong lock dep path in check_irq_usage()
    - KVM: s390: get rid of register asm usage
    - regulator: mt6358: Fix vdram2 .vsel_mask
    - regulator: da9052: Ensure enough delay time for .set_voltage_time_sel
    - media: Fix Media Controller API config checks
    - HID: do not use down_interruptible() when unbinding devices
    - EDAC/ti: Add missing MODULE_DEVICE_TABLE
    - ACPI: processor idle: Fix up C-state latency if not ordered
    - hv_utils: Fix passing zero to 'PTR_ERR' warning
    - lib: vsprintf: Fix handling of number field widths in vsscanf
    - ACPI: EC: Make more Asus laptops use ECDT _GPE
    - block_dump: remove block_dump feature in mark_inode_dirty()
    - fs: dlm: cancel work sync othercon
    - random32: Fix implicit truncation warning in prandom_seed_state()
    - fs: dlm: fix memory leak when fenced
    - ACPICA: Fix memory leak caused by _CID repair function
    - ACPI: bus: Call kobject_put() in acpi_init() error path
    - block: fix race between adding/removing rq qos and normal IO
    - platform/x86: toshiba_acpi: Fix missing error code in
      toshiba_acpi_setup_keyboard()
    - nvmet-fc: do not check for invalid target port in nvmet_fc_handle_fcp_rqst()
    - EDAC/Intel: Do not load EDAC driver when running as a guest
    - PCI: hv: Add check for hyperv_initialized in init_hv_pci_drv()
    - clocksource: Retry clock read if long delays detected
    - ACPI: tables: Add custom DSDT file as makefile prerequisite
    - HID: wacom: Correct base usage for capacitive ExpressKey status bits
    - cifs: fix missing spinlock around update to ses->status
    - block: fix discard request merge
    - kthread_worker: fix return value when kthread_mod_delayed_work() races with
      kthread_cancel_delayed_work_sync()
    - ia64: mca_drv: fix incorrect array size calculation
    - writeback, cgroup: increment isw_nr_in_flight before grabbing an inode
    - media: s5p_cec: decrement usage count if disabled
    - crypto: ixp4xx - dma_unmap the correct address
    - crypto: ux500 - Fix error return code in hash_hw_final()
    - sata_highbank: fix deferred probing
    - pata_rb532_cf: fix deferred probing
    - media: I2C: change 'RST' to "RSET" to fix multiple build errors
    - sched/uclamp: Fix wrong implementation of cpu.uclamp.min
    - sched/uclamp: Fix locking around cpu_util_update_eff()
    - kbuild: run the checker after the compiler
    - kbuild: Fix objtool dependency for 'OBJECT_FILES_NON_STANDARD_<obj> := n'
    - pata_octeon_cf: avoid WARN_ON() in ata_host_activate()
    - evm: fix writing <securityfs>/evm overflow
    - crypto: ccp - Fix a resource leak in an error handling path
    - media: rc: i2c: Fix an error message
    - pata_ep93xx: fix deferred probing
    - media: exynos4-is: Fix a use after free in isp_video_release
    - media: au0828: fix a NULL vs IS_ERR() check
    - media: tc358743: Fix error return code in tc358743_probe_of()
    - media: gspca/gl860: fix zero-length control requests
    - m68k: atari: Fix ATARI_KBD_CORE kconfig unmet dependency warning
    - media: siano: Fix out-of-bounds warnings in smscore_load_firmware_family2()
    - crypto: nitrox - fix unchecked variable in nitrox_register_interrupts
    - crypto: omap-sham - Fix PM reference leak in omap sham ops
    - mmc: usdhi6rol0: fix error return code in usdhi6_probe()
    - arm64: consistently use reserved_pg_dir
    - arm64/mm: Fix ttbr0 values stored in struct thread_info for software-pan
    - media: s5p-g2d: Fix a memory leak on ctx->fh.m2m_ctx
    - hwmon: (max31722) Remove non-standard ACPI device IDs
    - hwmon: (max31790) Fix fan speed reporting for fan7..12
    - KVM: nVMX: Ensure 64-bit shift when checking VMFUNC bitmap
    - regulator: hi655x: Fix pass wrong pointer to config.driver_data
    - btrfs: clear log tree recovering status if starting transaction fails
    - sched/rt: Fix RT utilization tracking during policy change
    - sched/rt: Fix Deadline utilization tracking during policy change
    - sched/uclamp: Fix uclamp_tg_restrict()
    - spi: spi-sun6i: Fix chipselect/clock bug
    - crypto: nx - Fix RCU warning in nx842_OF_upd_status
    - ACPI: sysfs: Fix a buffer overrun problem with description_show()
    - extcon: extcon-max8997: Fix IRQ freeing at error path
    - blk-wbt: introduce a new disable state to prevent false positive by
      rwb_enabled()
    - blk-wbt: make sure throttle is enabled properly
    - ACPI: Use DEVICE_ATTR_<RW|RO|WO> macros
    - ACPI: bgrt: Fix CFI violation
    - cpufreq: Make cpufreq_online() call driver->offline() on errors
    - ocfs2: fix snprintf() checking
    - dax: fix ENOMEM handling in grab_mapping_entry()
    - xfrm: xfrm_state_mtu should return at least 1280 for ipv6
    - video: fbdev: imxfb: Fix an error message
    - net: mvpp2: Put fwnode in error case during ->probe()
    - net: pch_gbe: Propagate error from devm_gpio_request_one()
    - pinctrl: renesas: r8a7796: Add missing bias for PRESET# pin
    - pinctrl: renesas: r8a77990: JTAG pins do not have pull-down capabilities
    - clk: meson: g12a: fix gp0 and hifi ranges
    - net: ftgmac100: add missing error return code in ftgmac100_probe()
    - drm/rockchip: cdn-dp-core: add missing clk_disable_unprepare() on error in
      cdn_dp_grf_write()
    - drm/rockchip: dsi: move all lane config except LCDC mux to bind()
    - ehea: fix error return code in ehea_restart_qps()
    - net/sched: act_vlan: Fix modify to allow 0
    - RDMA/core: Sanitize WQ state received from the userspace
    - RDMA/rxe: Fix failure during driver load
    - drm: qxl: ensure surf.data is ininitialized
    - tools/bpftool: Fix error return code in do_batch()
    - ath10k: go to path err_unsupported when chip id is not supported
    - ath10k: add missing error return code in ath10k_pci_probe()
    - wireless: carl9170: fix LEDS build errors & warnings
    - ieee802154: hwsim: Fix possible memory leak in hwsim_subscribe_all_others
    - wcn36xx: Move hal_buf allocation to devm_kmalloc in probe
    - ssb: Fix error return code in ssb_bus_scan()
    - brcmfmac: fix setting of station info chains bitmask
    - brcmfmac: correctly report average RSSI in station info
    - brcmsmac: mac80211_if: Fix a resource leak in an error handling path
    - ath10k: Fix an error code in ath10k_add_interface()
    - netlabel: Fix memory leak in netlbl_mgmt_add_common
    - RDMA/mlx5: Don't add slave port to unaffiliated list
    - netfilter: nft_exthdr: check for IPv6 packet before further processing
    - netfilter: nft_osf: check for TCP packet before further processing
    - netfilter: nft_tproxy: restrict support to TCP and UDP transport protocols
    - RDMA/rxe: Fix qp reference counting for atomic ops
    - samples/bpf: Fix the error return code of xdp_redirect's main()
    - net: ethernet: aeroflex: fix UAF in greth_of_remove
    - net: ethernet: ezchip: fix UAF in nps_enet_remove
    - net: ethernet: ezchip: fix error handling
    - vrf: do not push non-ND strict packets with a source LLA through packet taps
      again
    - net: sched: add barrier to ensure correct ordering for lockless qdisc
    - tls: prevent oversized sendfile() hangs by ignoring MSG_MORE
    - pkt_sched: sch_qfq: fix qfq_change_class() error path
    - vxlan: add missing rcu_read_lock() in neigh_reduce()
    - net/ipv4: swap flow ports when validating source
    - tc-testing: fix list handling
    - ieee802154: hwsim: Fix memory leak in hwsim_add_one
    - ieee802154: hwsim: avoid possible crash in hwsim_del_edge_nl()
    - mac80211: remove iwlwifi specific workaround NDPs of null_response
    - net: bcmgenet: Fix attaching to PYH failed on RPi 4B
    - ipv6: exthdrs: do not blindly use init_net
    - bpf: Do not change gso_size during bpf_skb_change_proto()
    - i40e: Fix error handling in i40e_vsi_open
    - i40e: Fix autoneg disabling for non-10GBaseT links
    - Revert "ibmvnic: remove duplicate napi_schedule call in open function"
    - ibmvnic: free tx_pool if tso_pool alloc fails
    - ipv6: fix out-of-bound access in ip6_parse_tlv()
    - e1000e: Check the PCIm state
    - bpfilter: Specify the log level for the kmsg message
    - gve: Fix swapped vars when fetching max queues
    - Revert "be2net: disable bh with spin_lock in be_process_mcc"
    - Bluetooth: mgmt: Fix slab-out-of-bounds in tlv_data_is_valid
    - Bluetooth: Fix handling of HCI_LE_Advertising_Set_Terminated event
    - clk: actions: Fix UART clock dividers on Owl S500 SoC
    - clk: actions: Fix SD clocks factor table on Owl S500 SoC
    - clk: actions: Fix bisp_factor_table based clocks on Owl S500 SoC
    - clk: si5341: Avoid divide errors due to bogus register contents
    - clk: si5341: Update initialization magic
    - writeback: fix obtain a reference to a freeing memcg css
    - net: lwtunnel: handle MTU calculation in forwading
    - net: sched: fix warning in tcindex_alloc_perfect_hash
    - RDMA/mlx5: Don't access NULL-cleared mpi pointer
    - MIPS: Fix PKMAP with 32-bit MIPS huge page support
    - staging: fbtft: Rectify GPIO handling
    - rcu: Invoke rcu_spawn_core_kthreads() from rcu_spawn_gp_kthread()
    - tty: nozomi: Fix a resource leak in an error handling function
    - mwifiex: re-fix for unaligned accesses
    - iio: adis_buffer: do not return ints in irq handlers
    - iio: adis16400: do not return ints in irq handlers
    - iio: accel: bma180: Fix buffer alignment in
      iio_push_to_buffers_with_timestamp()
    - iio: accel: bma220: Fix buffer alignment in
      iio_push_to_buffers_with_timestamp()
    - iio: accel: hid: Fix buffer alignment in
      iio_push_to_buffers_with_timestamp()
    - iio: accel: kxcjk-1013: Fix buffer alignment in
      iio_push_to_buffers_with_timestamp()
    - iio:accel:mxc4005: Drop unnecessary explicit casts in regmap_bulk_read calls
    - iio: accel: mxc4005: Fix overread of data and alignment issue.
    - iio: accel: stk8312: Fix buffer alignment in
      iio_push_to_buffers_with_timestamp()
    - iio: accel: stk8ba50: Fix buffer alignment in
      iio_push_to_buffers_with_timestamp()
    - iio: adc: ti-ads1015: Fix buffer alignment in
      iio_push_to_buffers_with_timestamp()
    - iio: adc: vf610: Fix buffer alignment in
      iio_push_to_buffers_with_timestamp()
    - iio: gyro: bmg160: Fix buffer alignment in
      iio_push_to_buffers_with_timestamp()
    - iio: humidity: am2315: Fix buffer alignment in
      iio_push_to_buffers_with_timestamp()
    - iio: prox: srf08: Fix buffer alignment in
      iio_push_to_buffers_with_timestamp()
    - iio: prox: pulsed-light: Fix buffer alignment in
      iio_push_to_buffers_with_timestamp()
    - iio: prox: as3935: Fix buffer alignment in
      iio_push_to_buffers_with_timestamp()
    - iio: magn: hmc5843: Fix buffer alignment in
      iio_push_to_buffers_with_timestamp()
    - iio: magn: bmc150: Fix buffer alignment in
      iio_push_to_buffers_with_timestamp()
    - iio: light: isl29125: Fix buffer alignment in
      iio_push_to_buffers_with_timestamp()
    - iio: light: tcs3414: Fix buffer alignment in
      iio_push_to_buffers_with_timestamp()
    - iio: light: tcs3472: Fix buffer alignment in
      iio_push_to_buffers_with_timestamp()
    - iio: cros_ec_sensors: Fix alignment of buffer in
      iio_push_to_buffers_with_timestamp()
    - iio: potentiostat: lmp91000: Fix alignment of buffer in
      iio_push_to_buffers_with_timestamp()
    - ASoC: rk3328: fix missing clk_disable_unprepare() on error in
      rk3328_platform_probe()
    - ASoC: hisilicon: fix missing clk_disable_unprepare() on error in
      hi6210_i2s_startup()
    - backlight: lm3630a_bl: Put fwnode in error case during ->probe()
    - ASoC: rsnd: tidyup loop on rsnd_adg_clk_query()
    - Input: hil_kbd - fix error return code in hil_dev_connect()
    - mtd: partitions: redboot: seek fis-index-block in the right node
    - char: pcmcia: error out if 'num_bytes_read' is greater than 4 in
      set_protocol()
    - firmware: stratix10-svc: Fix a resource leak in an error handling path
    - tty: nozomi: Fix the error handling path of 'nozomi_card_init()'
    - leds: lm3532: select regmap I2C API
    - leds: lm36274: cosmetic: rename lm36274_data to chip
    - leds: lm3692x: Put fwnode in any case during ->probe()
    - scsi: FlashPoint: Rename si_flags field
    - fsi: core: Fix return of error values on failures
    - fsi: scom: Reset the FSI2PIB engine for any error
    - fsi: occ: Don't accept response from un-initialized OCC
    - fsi/sbefifo: Clean up correct FIFO when receiving reset request from SBE
    - fsi/sbefifo: Fix reset timeout
    - visorbus: fix error return code in visorchipset_init()
    - s390: appldata depends on PROC_SYSCTL
    - iommu/dma: Fix IOVA reserve dma ranges
    - ASoC: mediatek: mtk-btcvsd: Fix an error handling path in
      'mtk_btcvsd_snd_probe()'
    - usb: gadget: f_fs: Fix setting of device and driver data cross-references
    - usb: dwc2: Don't reset the core after setting turnaround time
    - eeprom: idt_89hpesx: Put fwnode in matching case during ->probe()
    - eeprom: idt_89hpesx: Restore printing the unsupported fwnode name
    - iio: at91-sama5d2_adc: remove usage of iio_priv_to_dev() helper
    - iio: adc: at91-sama5d2: Fix buffer alignment in
      iio_push_to_buffers_with_timestamp()
    - iio: adc: hx711: Fix buffer alignment in
      iio_push_to_buffers_with_timestamp()
    - iio: adc: mxs-lradc: Fix buffer alignment in
      iio_push_to_buffers_with_timestamp()
    - iio: adc: ti-ads8688: Fix alignment of buffer in
      iio_push_to_buffers_with_timestamp()
    - iio: magn: rm3100: Fix alignment of buffer in
      iio_push_to_buffers_with_timestamp()
    - staging: gdm724x: check for buffer overflow in gdm_lte_multi_sdu_pkt()
    - staging: gdm724x: check for overflow in gdm_lte_netif_rx()
    - staging: rtl8712: remove redundant check in r871xu_drv_init
    - staging: rtl8712: fix memory leak in rtl871x_load_fw_cb
    - staging: mt7621-dts: fix pci address for PCI memory range
    - serial: 8250: Actually allow UPF_MAGIC_MULTIPLIER baud rates
    - iio: light: vcnl4035: Fix buffer alignment in
      iio_push_to_buffers_with_timestamp()
    - iio: prox: isl29501: Fix buffer alignment in
      iio_push_to_buffers_with_timestamp()
    - ASoC: cs42l42: Correct definition of CS42L42_ADC_PDN_MASK
    - of: Fix truncation of memory sizes on 32-bit platforms
    - mtd: rawnand: marvell: add missing clk_disable_unprepare() on error in
      marvell_nfc_resume()
    - scsi: mpt3sas: Fix error return value in _scsih_expander_add()
    - soundwire: stream: Fix test for DP prepare complete
    - phy: uniphier-pcie: Fix updating phy parameters
    - phy: ti: dm816x: Fix the error handling path in 'dm816x_usb_phy_probe()
    - extcon: sm5502: Drop invalid register write in sm5502_reg_data
    - extcon: max8997: Add missing modalias string
    - ASoC: atmel-i2s: Fix usage of capture and playback at the same time
    - configfs: fix memleak in configfs_release_bin_file
    - leds: as3645a: Fix error return code in as3645a_parse_node()
    - leds: ktd2692: Fix an error handling path
    - powerpc: Offline CPU in stop_this_cpu()
    - serial: mvebu-uart: do not allow changing baudrate when uartclk is not
      available
    - serial: mvebu-uart: correctly calculate minimal possible baudrate
    - arm64: dts: marvell: armada-37xx: Fix reg for standard variant of UART
    - vfio/pci: Handle concurrent vma faults
    - mm/huge_memory.c: don't discard hugepage if other processes are mapping it
    - mm/z3fold: fix potential memory leak in z3fold_destroy_pool()
    - selftests/vm/pkeys: fix alloc_random_pkey() to make it really, really random
    - perf llvm: Return -ENOMEM when asprintf() fails
    - scsi: target: cxgbit: Unmap DMA buffer before calling target_execute_cmd()
    - mmc: block: Disable CMDQ on the ioctl path
    - mmc: vub3000: fix control-request direction
    - scsi: core: Retry I/O for Notify (Enable Spinup) Required error
    - iommu/dma: Fix compile warning in 32-bit builds
    - Linux 5.4.132
  * Keyboard not working (LP: #1909814) // Focal update: v5.4.132 upstream
    stable release (LP: #1938199)
    - ACPI: resources: Add checks for ACPI IRQ override
  * Focal update: v5.4.131 upstream stable release (LP: #1936245)
    - KVM: SVM: Periodically schedule when unregistering regions on destroy
    - s390/stack: fix possible register corruption with stack switch helper
    - KVM: SVM: Call SEV Guest Decommission if ASID binding fails
    - xen/events: reset active flag for lateeoi events later
    - Linux 5.4.131
  * Focal update: v5.4.130 upstream stable release (LP: #1936244)
    - scsi: sr: Return appropriate error code when disk is ejected
    - drm/nouveau: fix dma_address check for CPU/GPU sync
    - gpio: AMD8111 and TQMX86 require HAS_IOPORT_MAP
    - RDMA/mlx5: Block FDB rules when not in switchdev mode
    - Linux 5.4.130
  * Focal update: v5.4.129 upstream stable release (LP: #1936242)
    - module: limit enabling module.sig_enforce
    - drm/nouveau: wait for moving fence after pinning v2
    - drm/radeon: wait for moving fence after pinning
    - ARM: 9081/1: fix gcc-10 thumb2-kernel regression
    - mmc: meson-gx: use memcpy_to/fromio for dram-access-quirk
    - kbuild: add CONFIG_LD_IS_LLD
    - arm64: link with -z norelro for LLD or aarch64-elf
    - MIPS: generic: Update node names to avoid unit addresses
    - spi: spi-nxp-fspi: move the register operation after the clock enable
    - Revert "PCI: PM: Do not read power state in pci_enable_device_flags()"
    - dmaengine: zynqmp_dma: Fix PM reference leak in
      zynqmp_dma_alloc_chan_resourc()
    - mac80211: remove warning in ieee80211_get_sband()
    - mac80211_hwsim: drop pending frames on stop
    - cfg80211: call cfg80211_leave_ocb when switching away from OCB
    - dmaengine: rcar-dmac: Fix PM reference leak in rcar_dmac_probe()
    - dmaengine: mediatek: free the proper desc in desc_free handler
    - dmaengine: mediatek: do not issue a new desc if one is still current
    - dmaengine: mediatek: use GFP_NOWAIT instead of GFP_ATOMIC in prep_dma
    - net: ipv4: Remove unneed BUG() function
    - mac80211: drop multicast fragments
    - net: ethtool: clear heap allocations for ethtool function
    - ping: Check return value of function 'ping_queue_rcv_skb'
    - inet: annotate date races around sk->sk_txhash
    - net: phy: dp83867: perform soft reset and retain established link
    - net: caif: fix memory leak in ldisc_open
    - net/packet: annotate accesses to po->bind
    - net/packet: annotate accesses to po->ifindex
    - r8152: Avoid memcpy() over-reading of ETH_SS_STATS
    - sh_eth: Avoid memcpy() over-reading of ETH_SS_STATS
    - r8169: Avoid memcpy() over-reading of ETH_SS_STATS
    - KVM: selftests: Fix kvm_check_cap() assertion
    - net: qed: Fix memcpy() overflow of qed_dcbx_params()
    - recordmcount: Correct st_shndx handling
    - PCI: Add AMD RS690 quirk to enable 64-bit DMA
    - net: ll_temac: Add memory-barriers for TX BD access
    - net: ll_temac: Avoid ndo_start_xmit returning NETDEV_TX_BUSY
    - pinctrl: stm32: fix the reported number of GPIO lines per bank
    - nilfs2: fix memory leak in nilfs_sysfs_delete_device_group
    - KVM: do not allow mapping valid but non-reference-counted pages
    - i2c: robotfuzz-osif: fix control-request directions
    - kthread_worker: split code for canceling the delayed work timer
    - kthread: prevent deadlock when kthread_mod_delayed_work() races with
      kthread_cancel_delayed_work_sync()
    - mm: add VM_WARN_ON_ONCE_PAGE() macro
    - mm/rmap: remove unneeded semicolon in page_not_mapped()
    - mm/rmap: use page_not_mapped in try_to_unmap()
    - mm, thp: use head page in __migration_entry_wait()
    - mm/thp: fix __split_huge_pmd_locked() on shmem migration entry
    - mm/thp: make is_huge_zero_pmd() safe and quicker
    - mm/thp: try_to_unmap() use TTU_SYNC for safe splitting
    - mm/thp: fix vma_address() if virtual address below file offset
    - mm/thp: fix page_address_in_vma() on file THP tails
    - mm/thp: unmap_mapping_page() to fix THP truncate_cleanup_page()
    - mm: thp: replace DEBUG_VM BUG with VM_WARN when unmap fails for split
    - mm: page_vma_mapped_walk(): use page for pvmw->page
    - mm: page_vma_mapped_walk(): settle PageHuge on entry
    - mm: page_vma_mapped_walk(): use pmde for *pvmw->pmd
    - mm: page_vma_mapped_walk(): prettify PVMW_MIGRATION block
    - mm: page_vma_mapped_walk(): crossing page table boundary
    - mm: page_vma_mapped_walk(): add a level of indentation
    - mm: page_vma_mapped_walk(): use goto instead of while (1)
    - mm: page_vma_mapped_walk(): get vma_address_end() earlier
    - mm/thp: fix page_vma_mapped_walk() if THP mapped by ptes
    - mm/thp: another PVMW_SYNC fix in page_vma_mapped_walk()
    - mm, futex: fix shared futex pgoff on shmem huge page
    - [Config] enable CONFIG_SYSTEM_REVOCATION_LIST
    - certs: Add EFI_CERT_X509_GUID support for dbx entries
    - certs: Move load_system_certificate_list to a common function
    - Linux 5.4.129
  * Patch To Fix Bug in the Linux Block Layer Responsible For  Merging BIOs
    (LP: #1931497)
    - block: return the correct bvec when checking for gaps

Date: 2021-08-21 00:20:09.115216+00:00
Changed-By: Kelsey Skunberg <kelsey.skunberg at canonical.com>
Signed-By: Andy Whitcroft <apw at canonical.com>
https://launchpad.net/ubuntu/+source/linux-kvm/5.4.0-1046.48
-------------- next part --------------
Sorry, changesfile not available.


More information about the Focal-changes mailing list