[ubuntu/focal-security] linux-bluefield 5.4.0-1070.76 (Accepted)

Andy Whitcroft apw at canonical.com
Mon Sep 25 14:55:18 UTC 2023


linux-bluefield (5.4.0-1070.76) focal; urgency=medium

  * focal/linux-bluefield: 5.4.0-1070.76 -proposed tracker (LP: #2030986)

  * EFI pstore not cleared on boot (LP: #1978079)
    - [Config] bluefield: Enable CONFIG_EFI_VARS_PSTORE as build-in
    - [Config] bluefield: Remove efi-pstore from modules list

  * Focal update: v5.4.246 upstream stable release (LP: #2028981)
    - [Config] bluefield: updateconfigs for SCSI_DPT_I2O
    - SAUCE: xfrm: Check if_id in xfrm full offload

  * rshim console truncates dmesg output due to tmfifo issue (LP: #2028197)
    - SAUCE: mlxbf-tmfifo.c: Fix rhsim console w/ truncated dmesg output

  * mlxbf-gige: Fix kernel panic after reboot (LP: #2030765)
    - SAUCE: mlxbf-gige: Fix kernel panic after reboot (part 1/2)
    - SAUCE: mlxbf-gige: Fix kernel panic after reboot (part 2/2)

  [ Ubuntu: 5.4.0-162.179 ]

  * focal/linux: 5.4.0-162.179 -proposed tracker (LP: #2031128)
  * libgnutls report "trap invalid opcode" when trying to install packages over
    https (LP: #2031093)
    - [Config]: disable CONFIG_GDS_FORCE_MITIGATION

  [ Ubuntu: 5.4.0-160.177 ]

  * focal/linux: 5.4.0-160.177 -proposed tracker (LP: #2031017)
  * Fix boot test warning for log_check "CPU: 0 PID: 0 at
    arch/x86/kernel/fpu/xstate.c:878 get_xsave_addr+0x98/0xb0" (LP: #2031022)
    - x86/pkeys: Revert a5eff7259790 ("x86/pkeys: Add PKRU value to init_fpstate")

  [ Ubuntu: 5.4.0-158.175 ]

  * focal/linux: 5.4.0-158.175 -proposed tracker (LP: #2030466)
  * CVE-2022-40982
    - x86/mm: Initialize text poking earlier
    - x86/mm: fix poking_init() for Xen PV guests
    - x86/mm: Use mm_alloc() in poking_init()
    - mm: Move mm_cachep initialization to mm_init()
    - init: Provide arch_cpu_finalize_init()
    - x86/cpu: Switch to arch_cpu_finalize_init()
    - ARM: cpu: Switch to arch_cpu_finalize_init()
    - sparc/cpu: Switch to arch_cpu_finalize_init()
    - um/cpu: Switch to arch_cpu_finalize_init()
    - init: Remove check_bugs() leftovers
    - init: Invoke arch_cpu_finalize_init() earlier
    - init, x86: Move mem_encrypt_init() into arch_cpu_finalize_init()
    - x86/fpu: Remove cpuinfo argument from init functions
    - x86/fpu: Mark init functions __init
    - x86/fpu: Move FPU initialization into arch_cpu_finalize_init()
    - x86/xen: Fix secondary processors' FPU initialization
    - x86/speculation: Add Gather Data Sampling mitigation
    - x86/speculation: Add force option to GDS mitigation
    - x86/speculation: Add Kconfig option for GDS
    - KVM: Add GDS_NO support to KVM
    - Documentation/x86: Fix backwards on/off logic about YMM support
    - [Config]: Enable CONFIG_ARCH_HAS_CPU_FINALIZE_INIT and
      CONFIG_GDS_FORCE_MITIGATION
  * CVE-2023-3609
    - net/sched: cls_u32: Fix reference counter leak leading to overflow
  * CVE-2023-20593
    - x86/cpu/amd: Move the errata checking functionality up
    - x86/cpu/amd: Add a Zenbleed fix
  * CVE-2023-3611
    - net/sched: sch_qfq: account for stab overhead in qfq_enqueue
  * stacked overlay file system mounts that have chroot() called against them
    appear to be getting locked (by the kernel most likely?) (LP: #2016398)
    - SAUCE: overlayfs: fix reference count mismatch
  * Focal update: v5.4.246 upstream stable release (LP: #2028981)
    - RDMA/efa: Fix unsupported page sizes in device
    - RDMA/bnxt_re: Enable SRIOV VF support on Broadcom's 57500 adapter series
    - RDMA/bnxt_re: Refactor queue pair creation code
    - RDMA/bnxt_re: Fix return value of bnxt_re_process_raw_qp_pkt_rx
    - iommu/rockchip: Fix unwind goto issue
    - iommu/amd: Don't block updates to GATag if guest mode is on
    - dmaengine: pl330: rename _start to prevent build error
    - net/mlx5: fw_tracer, Fix event handling
    - netrom: fix info-leak in nr_write_internal()
    - af_packet: Fix data-races of pkt_sk(sk)->num.
    - amd-xgbe: fix the false linkup in xgbe_phy_status
    - mtd: rawnand: ingenic: fix empty stub helper definitions
    - af_packet: do not use READ_ONCE() in packet_bind()
    - tcp: deny tcp_disconnect() when threads are waiting
    - tcp: Return user_mss for TCP_MAXSEG in CLOSE/LISTEN state if user_mss set
    - net/sched: sch_ingress: Only create under TC_H_INGRESS
    - net/sched: sch_clsact: Only create under TC_H_CLSACT
    - net/sched: Reserve TC_H_INGRESS (TC_H_CLSACT) for ingress (clsact) Qdiscs
    - net/sched: Prohibit regrafting ingress or clsact Qdiscs
    - net: sched: fix NULL pointer dereference in mq_attach
    - ocfs2/dlm: move BITS_TO_BYTES() to bitops.h for wider use
    - net/netlink: fix NETLINK_LIST_MEMBERSHIPS length report
    - udp6: Fix race condition in udp6_sendmsg & connect
    - net: dsa: mv88e6xxx: Increase wait after reset deactivation
    - mtd: rawnand: marvell: ensure timing values are written
    - mtd: rawnand: marvell: don't set the NAND frequency select
    - watchdog: menz069_wdt: fix watchdog initialisation
    - mailbox: mailbox-test: Fix potential double-free in
      mbox_test_message_write()
    - ARM: 9295/1: unwind:fix unwind abort for uleb128 case
    - media: rcar-vin: Select correct interrupt mode for V4L2_FIELD_ALTERNATE
    - fbdev: modedb: Add 1920x1080 at 60 Hz video mode
    - fbdev: stifb: Fix info entry in sti_struct on error path
    - nbd: Fix debugfs_create_dir error checking
    - ASoC: dwc: limit the number of overrun messages
    - xfrm: Check if_id in inbound policy/secpath match
    - ASoC: ssm2602: Add workaround for playback distortions
    - media: dvb_demux: fix a bug for the continuity counter
    - media: dvb-usb: az6027: fix three null-ptr-deref in az6027_i2c_xfer()
    - media: dvb-usb-v2: ec168: fix null-ptr-deref in ec168_i2c_xfer()
    - media: dvb-usb-v2: ce6230: fix null-ptr-deref in ce6230_i2c_master_xfer()
    - media: dvb-usb-v2: rtl28xxu: fix null-ptr-deref in rtl28xxu_i2c_xfer
    - media: dvb-usb: digitv: fix null-ptr-deref in digitv_i2c_xfer()
    - media: dvb-usb: dw2102: fix uninit-value in su3000_read_mac_address
    - media: netup_unidvb: fix irq init by register it at the end of probe
    - media: dvb_ca_en50221: fix a size write bug
    - media: ttusb-dec: fix memory leak in ttusb_dec_exit_dvb()
    - media: mn88443x: fix !CONFIG_OF error by drop of_match_ptr from ID table
    - media: dvb-core: Fix use-after-free due on race condition at dvb_net
    - media: dvb-core: Fix use-after-free due to race condition at dvb_ca_en50221
    - wifi: rtl8xxxu: fix authentication timeout due to incorrect RCR value
    - ARM: dts: stm32: add pin map for CAN controller on stm32f7
    - arm64/mm: mark private VM_FAULT_X defines as vm_fault_t
    - scsi: core: Decrease scsi_device's iorequest_cnt if dispatch failed
    - wifi: b43: fix incorrect __packed annotation
    - netfilter: conntrack: define variables exp_nat_nla_policy and any_addr with
      CONFIG_NF_NAT
    - ALSA: oss: avoid missing-prototype warnings
    - atm: hide unused procfs functions
    - mailbox: mailbox-test: fix a locking issue in mbox_test_message_write()
    - iio: adc: mxs-lradc: fix the order of two cleanup operations
    - HID: google: add jewel USB id
    - HID: wacom: avoid integer overflow in wacom_intuos_inout()
    - iio: light: vcnl4035: fixed chip ID check
    - iio: dac: mcp4725: Fix i2c_master_send() return value handling
    - iio: dac: build ad5758 driver when AD5758 is selected
    - net: usb: qmi_wwan: Set DTR quirk for BroadMobi BM818
    - usb: gadget: f_fs: Add unbind event before functionfs_unbind
    - misc: fastrpc: return -EPIPE to invocations on device removal
    - misc: fastrpc: reject new invocations during device removal
    - scsi: stex: Fix gcc 13 warnings
    - ata: libata-scsi: Use correct device no in ata_find_dev()
    - flow_dissector: work around stack frame size warning
    - x86/boot: Wrap literal addresses in absolute_pointer()
    - ACPI: thermal: drop an always true check
    - gcc-12: disable '-Wdangling-pointer' warning for now
    - eth: sun: cassini: remove dead code
    - kernel/extable.c: use address-of operator on section symbols
    - treewide: Remove uninitialized_var() usage
    - lib/dynamic_debug.c: use address-of operator on section symbols
    - wifi: rtlwifi: remove always-true condition pointed out by GCC 12
    - mmc: vub300: fix invalid response handling
    - tty: serial: fsl_lpuart: use UARTCTRL_TXINV to send break instead of
      UARTCTRL_SBK
    - selinux: don't use make's grouped targets feature yet
    - tracing/probe: trace_probe_primary_from_call(): checked list_first_entry
    - ext4: add EA_INODE checking to ext4_iget()
    - ext4: set lockdep subclass for the ea_inode in ext4_xattr_inode_cache_find()
    - ext4: disallow ea_inodes with extended attributes
    - ext4: add lockdep annotations for i_data_sem for ea_inode's
    - fbcon: Fix null-ptr-deref in soft_cursor
    - test_firmware: fix the memory leak of the allocated firmware buffer
    - regmap: Account for register length when chunking
    - scsi: dpt_i2o: Remove broken pass-through ioctl (I2OUSERCMD)
    - scsi: dpt_i2o: Do not process completions with invalid addresses
    - [Config] updateconfigs for SCSI_DPT_I2O
    - RDMA/bnxt_re: Remove set but not used variable 'dev_attr'
    - RDMA/bnxt_re: Remove the qp from list only if the qp destroy succeeds
    - drm/edid: Fix uninitialized variable in drm_cvt_modes()
    - wifi: rtlwifi: 8192de: correct checking of IQK reload
    - drm/edid: fix objtool warning in drm_cvt_modes()
    - Linux 5.4.246
  * Focal update: v5.4.245 upstream stable release (LP: #2028980)
    - cdc_ncm: Implement the 32-bit version of NCM Transfer Block
    - net: cdc_ncm: Deal with too low values of dwNtbOutMaxSize
    - power: supply: bq27xxx: After charger plug in/out wait 0.5s for things to
      stabilize
    - power: supply: core: Refactor
      power_supply_set_input_current_limit_from_supplier()
    - power: supply: bq24190: Call power_supply_changed() after updating input
      current
    - fs: fix undefined behavior in bit shift for SB_NOUSER
    - net/mlx5: devcom only supports 2 ports
    - net/mlx5: Devcom, serialize devcom registration
    - cdc_ncm: Fix the build warning
    - io_uring: always grab lock in io_cancel_async_work()
    - io_uring: don't drop completion lock before timer is fully initialized
    - io_uring: have io_kill_timeout() honor the request references
    - bluetooth: Add cmd validity checks at the start of hci_sock_ioctl()
    - binder: fix UAF caused by faulty buffer cleanup
    - ipv{4,6}/raw: fix output xfrm lookup wrt protocol
    - netfilter: ctnetlink: Support offloaded conntrack entry deletion
    - Linux 5.4.245
  * Focal update: v5.4.244 upstream stable release (LP: #2028697)
    - driver core: add a helper to setup both the of_node and fwnode of a device
    - drm/mipi-dsi: Set the fwnode for mipi_dsi_device
    - ARM: 9296/1: HP Jornada 7XX: fix kernel-doc warnings
    - linux/dim: Do nothing if no time delta between samples
    - net: Fix load-tearing on sk->sk_stamp in sock_recv_cmsgs().
    - netfilter: conntrack: fix possible bug_on with enable_hooks=1
    - netlink: annotate accesses to nlk->cb_running
    - net: annotate sk->sk_err write from do_recvmmsg()
    - net: tap: check vlan with eth_type_vlan() method
    - net: add vlan_get_protocol_and_depth() helper
    - net: datagram: fix data-races in datagram_poll()
    - af_unix: Fix a data race of sk->sk_receive_queue->qlen.
    - af_unix: Fix data races around sk->sk_shutdown.
    - fs: hfsplus: remove WARN_ON() from hfsplus_cat_{read,write}_inode()
    - drm/amd/display: Use DC_LOG_DC in the trasform pixel function
    - regmap: cache: Return error in cache sync operations for REGCACHE_NONE
    - firmware: arm_sdei: Fix sleep from invalid context BUG
    - ACPI: EC: Fix oops when removing custom query handlers
    - drm/tegra: Avoid potential 32-bit integer overflow
    - ACPICA: Avoid undefined behavior: applying zero offset to null pointer
    - ACPICA: ACPICA: check null return of ACPI_ALLOCATE_ZEROED in
      acpi_db_display_objects
    - wifi: brcmfmac: cfg80211: Pass the PMK in binary instead of hex
    - ext2: Check block size validity during mount
    - scsi: lpfc: Prevent lpfc_debugfs_lockstat_write() buffer overflow
    - net: pasemi: Fix return type of pasemi_mac_start_tx()
    - net: Catch invalid index in XPS mapping
    - scsi: target: iscsit: Free cmds before session free
    - lib: cpu_rmap: Avoid use after free on rmap->obj array entries
    - scsi: message: mptlan: Fix use after free bug in mptlan_remove() due to race
      condition
    - gfs2: Fix inode height consistency check
    - ext4: set goal start correctly in ext4_mb_normalize_request
    - ext4: Fix best extent lstart adjustment logic in ext4_mb_new_inode_pa()
    - f2fs: fix to drop all dirty pages during umount() if cp_error is set
    - samples/bpf: Fix fout leak in hbm's run_bpf_prog
    - wifi: iwlwifi: pcie: fix possible NULL pointer dereference
    - wifi: iwlwifi: pcie: Fix integer overflow in iwl_write_to_user_buf
    - wifi: iwlwifi: dvm: Fix memcpy: detected field-spanning write backtrace
    - Bluetooth: L2CAP: fix "bad unlock balance" in l2cap_disconnect_rsp
    - HID: logitech-hidpp: Don't use the USB serial for USB devices
    - HID: logitech-hidpp: Reconcile USB and Unifying serials
    - spi: spi-imx: fix MX51_ECSPI_* macros when cs > 3
    - HID: wacom: generic: Set battery quirk only when we see battery data
    - usb: typec: tcpm: fix multiple times discover svids error
    - serial: 8250: Reinit port->pm on port specific driver unbind
    - mcb-pci: Reallocate memory region to avoid memory overlapping
    - sched: Fix KCSAN noinstr violation
    - recordmcount: Fix memory leaks in the uwrite function
    - RDMA/core: Fix multiple -Warray-bounds warnings
    - clk: tegra20: fix gcc-7 constant overflow warning
    - iommu/arm-smmu-v3: Acknowledge pri/event queue overflow if any
    - Input: xpad - add constants for GIP interface numbers
    - phy: st: miphy28lp: use _poll_timeout functions for waits
    - mfd: dln2: Fix memory leak in dln2_probe()
    - btrfs: replace calls to btrfs_find_free_ino with btrfs_find_free_objectid
    - btrfs: fix space cache inconsistency after error loading it from disk
    - ASoC: fsl_micfil: register platform component before registering cpu dai
    - cpupower: Make TSC read per CPU for Mperf monitor
    - af_key: Reject optional tunnel/BEET mode templates in outbound policies
    - net: fec: Better handle pm_runtime_get() failing in .remove()
    - ALSA: firewire-digi00x: prevent potential use after free
    - vsock: avoid to close connected socket after the timeout
    - serial: arc_uart: fix of_iomap leak in `arc_serial_probe`
    - ip6_gre: Fix skb_under_panic in __gre6_xmit()
    - ip6_gre: Make o_seqno start from 0 in native mode
    - ip_gre, ip6_gre: Fix race condition on o_seqno in collect_md mode
    - erspan: get the proto with the md version for collect_md
    - net: hns3: fix sending pfc frames after reset issue
    - net: hns3: fix reset delay time to avoid configuration timeout
    - media: netup_unidvb: fix use-after-free at del_timer()
    - drm/exynos: fix g2d_open/close helper function definitions
    - net: nsh: Use correct mac_offset to unwind gso skb in nsh_gso_segment()
    - net: bcmgenet: Remove phy_stop() from bcmgenet_netif_stop()
    - net: bcmgenet: Restore phy_stop() depending upon suspend/close
    - wifi: iwlwifi: mvm: don't trust firmware n_channels
    - cassini: Fix a memory leak in the error handling path of cas_init_one()
    - igb: fix bit_shift to be in [1..8] range
    - vlan: fix a potential uninit-value in vlan_dev_hard_start_xmit()
    - USB: usbtmc: Fix direction for 0-length ioctl control messages
    - usb-storage: fix deadlock when a scsi command timeouts more than once
    - USB: UHCI: adjust zhaoxin UHCI controllers OverCurrent bit value
    - usb: dwc3: debugfs: Resume dwc3 before accessing registers
    - usb: typec: altmodes/displayport: fix pin_assignment_show
    - ALSA: hda: Fix Oops by 9.1 surround channel names
    - ALSA: hda: Add NVIDIA codec IDs a3 through a7 to patch table
    - ALSA: hda/realtek: Add a quirk for HP EliteDesk 805
    - ALSA: hda/realtek: Add quirk for 2nd ASUS GU603
    - can: j1939: recvmsg(): allow MSG_CMSG_COMPAT flag
    - can: kvaser_pciefd: Set CAN_STATE_STOPPED in kvaser_pciefd_stop()
    - can: kvaser_pciefd: Call request_irq() before enabling interrupts
    - can: kvaser_pciefd: Empty SRB buffer in probe
    - can: kvaser_pciefd: Clear listen-only bit if not explicitly requested
    - can: kvaser_pciefd: Do not send EFLUSH command on TFD interrupt
    - can: kvaser_pciefd: Disable interrupts in probe error path
    - KVM: x86: do not report a vCPU as preempted outside instruction boundaries
    - statfs: enforce statfs[64] structure initialization
    - serial: Add support for Advantech PCI-1611U card
    - ceph: force updating the msg pointer in non-split case
    - tpm/tpm_tis: Disable interrupts for more Lenovo devices
    - powerpc/64s/radix: Fix soft dirty tracking
    - nilfs2: fix use-after-free bug of nilfs_root in nilfs_evict_inode()
    - netfilter: nftables: add nft_parse_register_load() and use it
    - netfilter: nftables: add nft_parse_register_store() and use it
    - netfilter: nftables: statify nft_parse_register()
    - netfilter: nf_tables: validate registers coming from userspace.
    - netfilter: nf_tables: add nft_setelem_parse_key()
    - netfilter: nf_tables: allow up to 64 bytes in the set element data area
    - netfilter: nf_tables: stricter validation of element data
    - netfilter: nf_tables: validate NFTA_SET_ELEM_OBJREF based on NFT_SET_OBJECT
      flag
    - netfilter: nf_tables: hold mutex on netns pre_exit path
    - HID: wacom: Force pen out of prox if no events have been received in a while
    - HID: wacom: Add new Intuos Pro Small (PTH-460) device IDs
    - HID: wacom: add three styli to wacom_intuos_get_tool_type
    - lib/string_helpers: Introduce string_upper() and string_lower() helpers
    - usb: gadget: u_ether: Convert prints to device prints
    - usb: gadget: u_ether: Fix host MAC address case
    - vc_screen: rewrite vcs_size to accept vc, not inode
    - vc_screen: reload load of struct vc_data pointer in vcs_write() to avoid UAF
    - s390/qdio: get rid of register asm
    - s390/qdio: fix do_sqbs() inline assembly constraint
    - watchdog: sp5100_tco: Immediately trigger upon starting.
    - spi: fsl-spi: Re-organise transfer bits_per_word adaptation
    - spi: fsl-cpm: Use 16 bit mode for large transfers with even size
    - mt76: mt7615: Fix build with older compilers
    - ALSA: hda/ca0132: add quirk for EVGA X299 DARK
    - ALSA: hda/realtek: Enable headset onLenovo M70/M90
    - m68k: Move signal frame following exception on 68020/030
    - parisc: Handle kgdb breakpoints only in kernel context
    - parisc: Allow to reboot machine after system halt
    - gpio: mockup: Fix mode of debugfs files
    - btrfs: use nofs when cleaning up aborted transactions
    - selftests/memfd: Fix unknown type name build failure
    - parisc: Fix flush_dcache_page() for usage from irq context
    - x86/topology: Fix erroneous smp_num_siblings on Intel Hybrid platforms
    - debugobjects: Don't wake up kswapd from fill_pool()
    - fbdev: udlfb: Fix endpoint check
    - net: fix stack overflow when LRO is disabled for virtual interfaces
    - udplite: Fix NULL pointer dereference in __sk_mem_raise_allocated().
    - USB: core: Add routines for endpoint checks in old drivers
    - USB: sisusbvga: Add endpoint checks
    - media: radio-shark: Add endpoint checks
    - net: fix skb leak in __skb_tstamp_tx()
    - selftests: fib_tests: mute cleanup error message
    - bpf: Fix mask generation for 32-bit narrow loads of 64-bit fields
    - ipv6: Fix out-of-bounds access in ipv6_find_tlv()
    - power: supply: leds: Fix blink to LED on transition
    - power: supply: bq27xxx: Fix bq27xxx_battery_update() race condition
    - power: supply: bq27xxx: Fix I2C IRQ race on remove
    - power: supply: bq27xxx: Fix poll_interval handling and races on remove
    - power: supply: sbs-charger: Fix INHIBITED bit for Status reg
    - coresight: Fix signedness bug in tmc_etr_buf_insert_barrier_packet()
    - xen/pvcalls-back: fix double frees with pvcalls_new_active_socket()
    - x86/show_trace_log_lvl: Ensure stack pointer is aligned, again
    - ASoC: Intel: Skylake: Fix declaration of enum skl_ch_cfg
    - forcedeth: Fix an error handling path in nv_probe()
    - net/mlx5: Fix error message when failing to allocate device memory
    - net/mlx5: Devcom, fix error flow in mlx5_devcom_register_device
    - 3c589_cs: Fix an error handling path in tc589_probe()
    - Linux 5.4.244
  * Focal update: v5.4.243 upstream stable release (LP: #2025387)
    - counter: 104-quad-8: Fix race condition between FLAG and CNTR reads
    - drm/fb-helper: set x/yres_virtual in drm_fb_helper_check_var
    - bluetooth: Perform careful capability checks in hci_sock_ioctl()
    - USB: serial: option: add UNISOC vendor and TOZED LT70C product
    - iio: adc: palmas_gpadc: fix NULL dereference on rmmod
    - ASoC: Intel: bytcr_rt5640: Add quirk for the Acer Iconia One 7 B1-750
    - asm-generic/io.h: suppress endianness warnings for readq() and writeq()
    - USB: dwc3: fix runtime pm imbalance on probe errors
    - USB: dwc3: fix runtime pm imbalance on unbind
    - perf sched: Cast PTHREAD_STACK_MIN to int as it may turn into
      sysconf(__SC_THREAD_STACK_MIN_VALUE)
    - staging: iio: resolver: ads1210: fix config mode
    - debugfs: regset32: Add Runtime PM support
    - xhci: fix debugfs register accesses while suspended
    - MIPS: fw: Allow firmware to pass a empty env
    - ipmi:ssif: Add send_retries increment
    - ipmi: fix SSIF not responding under certain cond.
    - kheaders: Use array declaration instead of char
    - pwm: meson: Fix axg ao mux parents
    - pwm: meson: Fix g12a ao clk81 name
    - ring-buffer: Sync IRQ works before buffer destruction
    - reiserfs: Add security prefix to xattr name in reiserfs_security_write()
    - KVM: nVMX: Emulate NOPs in L2, and PAUSE if it's not intercepted
    - i2c: omap: Fix standard mode false ACK readings
    - Revert "ubifs: dirty_cow_znode: Fix memleak in error handling path"
    - ubifs: Fix memleak when insert_old_idx() failed
    - ubi: Fix return value overwrite issue in try_write_vid_and_data()
    - ubifs: Free memory for tmpfile name
    - selinux: fix Makefile dependencies of flask.h
    - selinux: ensure av_permissions.h is built when needed
    - tpm, tpm_tis: Do not skip reset of original interrupt vector
    - erofs: stop parsing non-compact HEAD index if clusterofs is invalid
    - erofs: fix potential overflow calculating xattr_isize
    - drm/rockchip: Drop unbalanced obj unref
    - drm/vgem: add missing mutex_destroy
    - drm/probe-helper: Cancel previous job before starting new one
    - arm64: dts: renesas: r8a77990: Remove bogus voltages from OPP table
    - arm64: dts: renesas: r8a774c0: Remove bogus voltages from OPP table
    - EDAC/skx: Fix overflows on the DRAM row address mapping arrays
    - ARM: dts: qcom: ipq4019: Fix the PCI I/O port range
    - ARM: dts: qcom: ipq8064: reduce pci IO size to 64K
    - ARM: dts: qcom: ipq8064: Fix the PCI I/O port range
    - media: bdisp: Add missing check for create_workqueue
    - media: uapi: add MEDIA_BUS_FMT_METADATA_FIXED media bus format.
    - media: av7110: prevent underflow in write_ts_to_decoder()
    - firmware: qcom_scm: Clear download bit during reboot
    - drm/msm: fix unbalanced pm_runtime_enable in adreno_gpu_{init, cleanup}
    - drm/msm/adreno: Defer enabling runpm until hw_init()
    - drm/msm/adreno: drop bogus pm_runtime_set_active()
    - mmc: sdhci-of-esdhc: fix quirk to ignore command inhibit for data
    - drm/lima/lima_drv: Add missing unwind goto in lima_pdev_probe()
    - regulator: core: Consistently set mutex_owner when using
      ww_mutex_lock_slow()
    - regulator: core: Avoid lockdep reports when resolving supplies
    - x86/apic: Fix atomic update of offset in reserve_eilvt_offset()
    - media: dm1105: Fix use after free bug in dm1105_remove due to race condition
    - media: saa7134: fix use after free bug in saa7134_finidev due to race
      condition
    - media: rcar_fdp1: simplify error check logic at fdp_open()
    - media: rcar_fdp1: fix pm_runtime_get_sync() usage count
    - media: rcar_fdp1: Make use of the helper function
      devm_platform_ioremap_resource()
    - media: rcar_fdp1: Fix the correct variable assignments
    - media: rcar_fdp1: Fix refcount leak in probe and remove function
    - media: rc: gpio-ir-recv: Fix support for wake-up
    - regulator: stm32-pwr: fix of_iomap leak
    - x86/ioapic: Don't return 0 from arch_dynirq_lower_bound()
    - arm64: kgdb: Set PSTATE.SS to 1 to re-enable single-step
    - debugobject: Prevent init race with static objects
    - timekeeping: Split jiffies seqlock
    - tick/sched: Use tick_next_period for lockless quick check
    - tick/sched: Reduce seqcount held scope in tick_do_update_jiffies64()
    - tick/sched: Optimize tick_do_update_jiffies64() further
    - tick: Get rid of tick_period
    - tick/common: Align tick period with the HZ tick.
    - wifi: ath6kl: minor fix for allocation size
    - wifi: ath9k: hif_usb: fix memory leak of remain_skbs
    - wifi: ath5k: fix an off by one check in ath5k_eeprom_read_freq_list()
    - wifi: ath6kl: reduce WARN to dev_dbg() in callback
    - tools: bpftool: Remove invalid \' json escape
    - wifi: rtw88: mac: Return the original error from rtw_pwr_seq_parser()
    - wifi: rtw88: mac: Return the original error from rtw_mac_power_switch()
    - scm: fix MSG_CTRUNC setting condition for SO_PASSSEC
    - vlan: partially enable SIOCSHWTSTAMP in container
    - net/packet: annotate accesses to po->xmit
    - net/packet: convert po->origdev to an atomic flag
    - net/packet: convert po->auxdata to an atomic flag
    - scsi: target: iscsit: Fix TAS handling during conn cleanup
    - scsi: megaraid: Fix mega_cmd_done() CMDID_INT_CMDS
    - f2fs: handle dqget error in f2fs_transfer_project_quota()
    - rtlwifi: Start changing RT_TRACE into rtl_dbg
    - rtlwifi: Replace RT_TRACE with rtl_dbg
    - wifi: rtlwifi: fix incorrect error codes in rtl_debugfs_set_write_rfreg()
    - wifi: rtlwifi: fix incorrect error codes in rtl_debugfs_set_write_reg()
    - bpftool: Fix bug for long instructions in program CFG dumps
    - crypto: drbg - make drbg_prepare_hrng() handle jent instantiation errors
    - crypto: drbg - Only fail when jent is unavailable in FIPS mode
    - scsi: lpfc: Fix ioremap issues in lpfc_sli4_pci_mem_setup()
    - bpf, sockmap: fix deadlocks in the sockhash and sockmap
    - nvme: handle the persistent internal error AER
    - nvme: fix async event trace event
    - nvme-fcloop: fix "inconsistent {IN-HARDIRQ-W} -> {HARDIRQ-ON-W} usage"
    - bpf, sockmap: Revert buggy deadlock fix in the sockhash and sockmap
    - md/raid10: fix leak of 'r10bio->remaining' for recovery
    - md/raid10: fix memleak for 'conf->bio_split'
    - md: update the optimal I/O size on reshape
    - md/raid10: fix memleak of md thread
    - wifi: iwlwifi: make the loop for card preparation effective
    - wifi: iwlwifi: mvm: check firmware response size
    - ixgbe: Allow flow hash to be set via ethtool
    - ixgbe: Enable setting RSS table to default values
    - bpf: Don't EFAULT for getsockopt with optval=NULL
    - netfilter: nf_tables: don't write table validation state without mutex
    - ipv4: Fix potential uninit variable access bug in __ip_make_skb()
    - netlink: Use copy_to_user() for optval in netlink_getsockopt().
    - net: amd: Fix link leak when verifying config failed
    - tcp/udp: Fix memleaks of sk and zerocopy skbs with TX timestamp.
    - pstore: Revert pmsg_lock back to a normal mutex
    - usb: host: xhci-rcar: remove leftover quirk handling
    - fpga: bridge: fix kernel-doc parameter description
    - iio: light: max44009: add missing OF device matching
    - usb: gadget: udc: renesas_usb3: Fix use after free bug in
      renesas_usb3_remove due to race condition
    - PCI: imx6: Install the fault handler only on compatible match
    - genirq: Add IRQF_NO_AUTOEN for request_irq/nmi()
    - ASoC: es8316: Use IRQF_NO_AUTOEN when requesting the IRQ
    - ASoC: es8316: Handle optional IRQ assignment
    - linux/vt_buffer.h: allow either builtin or modular for macros
    - spi: qup: Don't skip cleanup in remove's error path
    - spi: fsl-spi: Fix CPM/QE mode Litte Endian
    - vmci_host: fix a race condition in vmci_host_poll() causing GPF
    - of: Fix modalias string generation
    - ia64: mm/contig: fix section mismatch warning/error
    - ia64: salinfo: placate defined-but-not-used warning
    - scripts/gdb: bail early if there are no clocks
    - PM: domains: Fix up terminology with parent/child
    - scripts/gdb: bail early if there are no generic PD
    - mtd: spi-nor: cadence-quadspi: Make driver independent of flash geometry
    - mtd: spi-nor: cadence-quadspi: Provide a way to disable DAC mode
    - mtd: spi-nor: cadence-quadspi: Don't initialize rx_dma_complete on failure
    - mtd: spi-nor: cadence-quadspi: Handle probe deferral while requesting DMA
      channel
    - spi: cadence-quadspi: fix suspend-resume implementations
    - uapi/linux/const.h: prefer ISO-friendly __typeof__
    - sh: sq: Fix incorrect element size for allocating bitmap buffer
    - usb: chipidea: fix missing goto in `ci_hdrc_probe`
    - usb: mtu3: fix kernel panic at qmu transfer done irq handler
    - firmware: stratix10-svc: Fix an NULL vs IS_ERR() bug in probe
    - tty: serial: fsl_lpuart: adjust buffer length to the intended size
    - serial: 8250: Add missing wakeup event reporting
    - staging: rtl8192e: Fix W_DISABLE# does not work after stop/start
    - spmi: Add a check for remove callback when removing a SPMI driver
    - macintosh/windfarm_smu_sat: Add missing of_node_put()
    - powerpc/mpc512x: fix resource printk format warning
    - powerpc/wii: fix resource printk format warnings
    - powerpc/sysdev/tsi108: fix resource printk format warnings
    - macintosh: via-pmu-led: requires ATA to be set
    - powerpc/rtas: use memmove for potentially overlapping buffer copy
    - perf/core: Fix hardlockup failure caused by perf throttle
    - RDMA/siw: Fix potential page_array out of range access
    - RDMA/rdmavt: Delete unnecessary NULL check
    - rtc: omap: include header for omap_rtc_power_off_program prototype
    - RDMA/mlx4: Prevent shift wrapping in set_user_sq_size()
    - rtc: meson-vrtc: Use ktime_get_real_ts64() to get the current time
    - power: supply: generic-adc-battery: fix unit scaling
    - clk: add missing of_node_put() in "assigned-clocks" property parsing
    - RDMA/siw: Remove namespace check from siw_netdev_event()
    - IB/hfi1: Fix SDMA mmu_rb_node not being evicted in LRU order
    - NFSv4.1: Always send a RECLAIM_COMPLETE after establishing lease
    - firmware: raspberrypi: Keep count of all consumers
    - firmware: raspberrypi: Introduce devm_rpi_firmware_get()
    - input: raspberrypi-ts: Release firmware handle when not needed
    - Input: raspberrypi-ts - fix refcount leak in rpi_ts_probe
    - SUNRPC: remove the maximum number of retries in call_bind_status
    - RDMA/mlx5: Use correct device num_ports when modify DC
    - clocksource/drivers/davinci: Avoid trailing '\n' hidden in pr_fmt()
    - clocksource: davinci: axe a pointless __GFP_NOFAIL
    - clocksource/drivers/davinci: Fix memory leak in davinci_timer_register when
      init fails
    - openrisc: Properly store r31 to pt_regs on unhandled exceptions
    - ext4: fix use-after-free read in ext4_find_extent for bigalloc + inline
    - leds: TI_LMU_COMMON: select REGMAP instead of depending on it
    - dmaengine: mv_xor_v2: Fix an error code.
    - pwm: mtk-disp: Don't check the return code of pwmchip_remove()
    - pwm: mtk-disp: Adjust the clocks to avoid them mismatch
    - pwm: mtk-disp: Disable shadow registers before setting backlight values
    - phy: tegra: xusb: Add missing tegra_xusb_port_unregister for usb2_port and
      ulpi_port
    - dmaengine: dw-edma: Fix to change for continuous transfer
    - dmaengine: dw-edma: Fix to enable to issue dma request on DMA processing
    - dmaengine: at_xdmac: do not enable all cyclic channels
    - afs: Fix updating of i_size with dv jump from server
    - parisc: Fix argument pointer in real64_call_asm()
    - nilfs2: do not write dirty data after degenerating to read-only
    - nilfs2: fix infinite loop in nilfs_mdt_get_block()
    - md/raid10: fix null-ptr-deref in raid10_sync_request
    - mailbox: zynqmp: Fix IPI isr handling
    - mailbox: zynqmp: Fix typo in IPI documentation
    - wifi: rtl8xxxu: RTL8192EU always needs full init
    - clk: rockchip: rk3399: allow clk_cifout to force clk_cifout_src to reparent
    - scripts/gdb: fix lx-timerlist for Python3
    - btrfs: scrub: reject unsupported scrub flags
    - s390/dasd: fix hanging blockdevice after request requeue
    - dm clone: call kmem_cache_destroy() in dm_clone_init() error path
    - dm integrity: call kmem_cache_destroy() in dm_integrity_init() error path
    - dm flakey: fix a crash with invalid table line
    - perf auxtrace: Fix address filter entire kernel size
    - perf intel-pt: Fix CYC timestamps after standalone CBR
    - debugobject: Ensure pool refill (again)
    - nohz: Add TICK_DEP_BIT_RCU
    - tick/nohz: Fix cpu_is_hotpluggable() by checking with nohz subsystem
    - mailbox: zynq: Switch to flexible array to simplify code
    - mailbox: zynqmp: Fix counts of child nodes
    - dm verity: skip redundant verity_handle_err() on I/O errors
    - dm verity: fix error handling for check_at_most_once on FEC
    - crypto: inside-secure - irq balance
    - crypto: safexcel - Cleanup ring IRQ workqueues on load failure
    - net/ncsi: clear Tx enable mode when handling a Config required AEN
    - net/sched: cls_api: remove block_cb from driver_list before freeing
    - sit: update dev->needed_headroom in ipip6_tunnel_bind_dev()
    - net: dsa: mv88e6xxx: add mv88e6321 rsvd2cpu
    - writeback: fix call of incorrect macro
    - net/sched: act_mirred: Add carrier check
    - rxrpc: Fix hard call timeout units
    - ionic: remove noise from ethtool rxnfc error msg
    - af_packet: Don't send zero-byte data in packet_sendmsg_spkt().
    - drm/amdgpu: add a missing lock for AMDGPU_SCHED
    - ALSA: caiaq: input: Add error handling for unsupported input methods in
      `snd_usb_caiaq_input_init`
    - net: dsa: mt7530: fix corrupt frames using trgmii on 40 MHz XTAL MT7621
    - virtio_net: split free_unused_bufs()
    - virtio_net: suppress cpu stall when free_unused_bufs
    - perf vendor events power9: Remove UTF-8 characters from JSON files
    - perf map: Delete two variable initialisations before null pointer checks in
      sort__sym_from_cmp()
    - perf symbols: Fix return incorrect build_id size in elf_read_build_id()
    - btrfs: fix btrfs_prev_leaf() to not return the same key twice
    - btrfs: don't free qgroup space unless specified
    - btrfs: print-tree: parent bytenr must be aligned to sector size
    - cifs: fix pcchunk length type in smb2_copychunk_range
    - platform/x86: touchscreen_dmi: Add info for the Dexp Ursus KX210i
    - inotify: Avoid reporting event with invalid wd
    - sh: math-emu: fix macro redefined warning
    - sh: init: use OF_EARLY_FLATTREE for early init
    - sh: nmi_debug: fix return value of __setup handler
    - remoteproc: stm32: Call of_node_put() on iteration error
    - remoteproc: st: Call of_node_put() on iteration error
    - ARM: dts: exynos: fix WM8960 clock name in Itop Elite
    - ARM: dts: s5pv210: correct MIPI CSIS clock name
    - f2fs: fix potential corruption when moving a directory
    - drm/panel: otm8009a: Set backlight parent to panel device
    - drm/amdgpu: fix an amdgpu_irq_put() issue in gmc_v9_0_hw_fini()
    - drm/amdgpu/gfx: disable gfx9 cp_ecc_error_irq only when enabling legacy gfx
      ras
    - drm/amdgpu: disable sdma ecc irq only when sdma RAS is enabled in suspend
    - HID: wacom: Set a default resolution for older tablets
    - HID: wacom: insert timestamp to packed Bluetooth (BT) events
    - ext4: fix WARNING in mb_find_extent
    - ext4: avoid a potential slab-out-of-bounds in ext4_group_desc_csum
    - ext4: fix data races when using cached status extents
    - ext4: improve error recovery code paths in __ext4_remount()
    - ext4: fix deadlock when converting an inline directory in nojournal mode
    - ext4: add bounds checking in get_max_inline_xattr_value_size()
    - ext4: bail out of ext4_xattr_ibody_get() fails for any reason
    - ext4: remove a BUG_ON in ext4_mb_release_group_pa()
    - ext4: fix invalid free tracking in ext4_xattr_move_to_block()
    - tty: Prevent writing chars during tcsetattr TCSADRAIN/FLUSH
    - serial: 8250: Fix serial8250_tx_empty() race with DMA Tx
    - drbd: correctly submit flush bio on barrier
    - PCI: pciehp: Use down_read/write_nested(reset_lock) to fix lockdep errors
    - PCI: pciehp: Fix AB-BA deadlock between reset_lock and device_lock
    - printk: declare printk_deferred_{enter,safe}() in include/linux/printk.h
    - PM: domains: Restore comment indentation for generic_pm_domain.child_links
    - drm/msm: Fix double pm_runtime_disable() call
    - firmware: raspberrypi: fix possible memory leak in rpi_firmware_probe()
    - drm/msm/adreno: Fix null ptr access in adreno_gpu_cleanup()
    - drm/exynos: move to use request_irq by IRQF_NO_AUTOEN flag
    - mm/page_alloc: fix potential deadlock on zonelist_update_seq seqlock
    - drm/amd/display: Fix hang when skipping modeset
    - Linux 5.4.243
    - Upstream stable to v5.4.243
  * Focal update: v5.4.243 upstream stable release (LP: #2025387) //
    CVE-2023-2269
    - dm ioctl: fix nested locking in table_clear() to remove deadlock concern
  * Focal update: v5.4.242 upstream stable release (LP: #2025094)
    - ARM: dts: rockchip: fix a typo error for rk3288 spdif node
    - arm64: dts: meson-g12-common: specify full DMC range
    - netfilter: br_netfilter: fix recent physdev match breakage
    - regulator: fan53555: Explicitly include bits header
    - virtio_net: bugfix overflow inside xdp_linearize_page()
    - netfilter: nf_tables: fix ifdef to also consider nf_tables=m
    - i40e: fix accessing vsi->active_filters without holding lock
    - i40e: fix i40e_setup_misc_vector() error handling
    - mlxfw: fix null-ptr-deref in mlxfw_mfa2_tlv_next()
    - bpf: Fix incorrect verifier pruning due to missing register precision taints
    - e1000e: Disable TSO on i219-LM card to increase speed
    - f2fs: Fix f2fs_truncate_partial_nodes ftrace event
    - Input: i8042 - add quirk for Fujitsu Lifebook A574/H
    - selftests: sigaltstack: fix -Wuninitialized
    - scsi: megaraid_sas: Fix fw_crash_buffer_show()
    - scsi: core: Improve scsi_vpd_inquiry() checks
    - net: dsa: b53: mmap: add phy ops
    - s390/ptrace: fix PTRACE_GET_LAST_BREAK error handling
    - nvme-tcp: fix a possible UAF when failing to allocate an io queue
    - xen/netback: use same error messages for same errors
    - iio: light: tsl2772: fix reading proximity-diodes from device tree
    - nilfs2: initialize unused bytes in segment summary blocks
    - memstick: fix memory leak if card device is never registered
    - mmc: sdhci_am654: Set HIGH_SPEED_ENA for SDR12 and SDR25
    - MIPS: Define RUNTIME_DISCARD_EXIT in LD script
    - x86/purgatory: Don't generate debug info for purgatory.ro
    - Revert "ext4: fix use-after-free in ext4_xattr_set_entry"
    - ext4: remove duplicate definition of ext4_xattr_ibody_inline_set()
    - ext4: fix use-after-free in ext4_xattr_set_entry
    - udp: Call inet6_destroy_sock() in setsockopt(IPV6_ADDRFORM).
    - tcp/udp: Call inet6_destroy_sock() in IPv6 sk->sk_destruct().
    - inet6: Remove inet6_destroy_sock() in sk->sk_prot->destroy().
    - dccp: Call inet6_destroy_sock() via sk->sk_destruct().
    - sctp: Call inet6_destroy_sock() via sk->sk_destruct().
    - xfs: fix forkoff miscalculation related to XFS_LITINO(mp)
    - pwm: meson: Explicitly set .polarity in .get_state()
    - iio: adc: at91-sama5d2_adc: fix an error code in at91_adc_allocate_trigger()
    - ASN.1: Fix check for strdup() success
    - Linux 5.4.242
    - Upstream stable to v5.4.242
  * CVE-2023-31084 // CVE-2023-31084 was assigned to this bug.
    - media: dvb-core: Fix kernel WARNING for blocking operation in wait_event*()
  * CVE-2023-3776
    - net/sched: cls_fw: Fix improper refcount update leads to use-after-free
  * CVE-2023-3268
    - kernel/relay.c: fix read_pos error when multiple readers
    - relayfs: fix out-of-bounds access in relay_file_read
  * Packaging resync (LP: #1786013)
    - [Packaging] resync update-dkms-versions helper
    - [Packaging] resync getabis

linux-bluefield (5.4.0-1069.75) focal; urgency=medium

  * focal/linux-bluefield: 5.4.0-1069.75 -proposed tracker (LP: #2030601)

  * Packaging resync (LP: #1786013)
    - [Packaging] resync update-dkms-versions helper
    - [Packaging] resync getabis

  [ Ubuntu: 5.4.0-159.176 ]

  * focal/linux: 5.4.0-159.176 -proposed tracker (LP: #2031149)
  * libgnutls report "trap invalid opcode" when trying to install packages over
    https (LP: #2031093)
    - [Config]: disable CONFIG_GDS_FORCE_MITIGATION
  * Fix boot test warning for log_check "CPU: 0 PID: 0 at
    arch/x86/kernel/fpu/xstate.c:878 get_xsave_addr+0x98/0xb0" (LP: #2031022)
    - x86/pkeys: Revert a5eff7259790 ("x86/pkeys: Add PKRU value to init_fpstate")

  [ Ubuntu: 5.4.0-157.174 ]

  * focal/linux: 5.4.0-157.174 -proposed tracker (LP: #2030632)
  * CVE-2022-40982
    - x86/mm: Initialize text poking earlier
    - x86/mm: fix poking_init() for Xen PV guests
    - x86/mm: Use mm_alloc() in poking_init()
    - mm: Move mm_cachep initialization to mm_init()
    - init: Provide arch_cpu_finalize_init()
    - x86/cpu: Switch to arch_cpu_finalize_init()
    - ARM: cpu: Switch to arch_cpu_finalize_init()
    - sparc/cpu: Switch to arch_cpu_finalize_init()
    - um/cpu: Switch to arch_cpu_finalize_init()
    - init: Remove check_bugs() leftovers
    - init: Invoke arch_cpu_finalize_init() earlier
    - init, x86: Move mem_encrypt_init() into arch_cpu_finalize_init()
    - x86/fpu: Remove cpuinfo argument from init functions
    - x86/fpu: Mark init functions __init
    - x86/fpu: Move FPU initialization into arch_cpu_finalize_init()
    - x86/xen: Fix secondary processors' FPU initialization
    - x86/speculation: Add Gather Data Sampling mitigation
    - x86/speculation: Add force option to GDS mitigation
    - x86/speculation: Add Kconfig option for GDS
    - KVM: Add GDS_NO support to KVM
    - Documentation/x86: Fix backwards on/off logic about YMM support
    - [Config]: Enable CONFIG_ARCH_HAS_CPU_FINALIZE_INIT and
      CONFIG_GDS_FORCE_MITIGATION
  * CVE-2023-20593
    - x86/cpu/amd: Move the errata checking functionality up
    - x86/cpu/amd: Add a Zenbleed fix
  * CVE-2023-3776
    - net/sched: cls_fw: Fix improper refcount update leads to use-after-free
  * CVE-2023-3611
    - net/sched: sch_qfq: account for stab overhead in qfq_enqueue
  * CVE-2023-3609
    - net/sched: cls_u32: Fix reference counter leak leading to overflow

Date: 2023-08-30 16:53:15.574475+00:00
Changed-By: Agathe Porte <agathe.porte at canonical.com>
Signed-By: Andy Whitcroft <apw at canonical.com>
https://launchpad.net/ubuntu/+source/linux-bluefield/5.4.0-1070.76
-------------- next part --------------
Sorry, changesfile not available.


More information about the Focal-changes mailing list