[ubuntu/focal-proposed] linux-kvm 5.4.0-1120.128 (Accepted)

Andy Whitcroft apw at canonical.com
Mon Aug 19 17:02:07 UTC 2024


linux-kvm (5.4.0-1120.128) focal; urgency=medium

  * focal/linux-kvm: 5.4.0-1120.128 -proposed tracker (LP: #2075944)

  [ Ubuntu: 5.4.0-195.215 ]

  * focal/linux: 5.4.0-195.215 -proposed tracker (LP: #2075954)
  * Focal update: v5.4.280 upstream stable release (LP: #2075175)
    - Compiler Attributes: Add __uninitialized macro
    - drm/lima: fix shared irq handling on driver remove
    - media: dvb: as102-fe: Fix as10x_register_addr packing
    - media: dvb-usb: dib0700_devices: Add missing release_firmware()
    - IB/core: Implement a limit on UMAD receive List
    - scsi: qedf: Make qedf_execute_tmf() non-preemptible
    - drm/amdgpu: Initialize timestamp for some legacy SOCs
    - drm/amd/display: Skip finding free audio for unknown engine_id
    - media: dw2102: Don't translate i2c read into write
    - sctp: prefer struct_size over open coded arithmetic
    - firmware: dmi: Stop decoding on broken entry
    - Input: ff-core - prefer struct_size over open coded arithmetic
    - net: dsa: mv88e6xxx: Correct check for empty list
    - media: dvb-frontends: tda18271c2dd: Remove casting during div
    - media: s2255: Use refcount_t instead of atomic_t for num_channels
    - media: dvb-frontends: tda10048: Fix integer overflow
    - i2c: i801: Annotate apanel_addr as __ro_after_init
    - powerpc/64: Set _IO_BASE to POISON_POINTER_DELTA not 0 for CONFIG_PCI=n
    - orangefs: fix out-of-bounds fsid access
    - powerpc/xmon: Check cpu id in commands "c#", "dp#" and "dx#"
    - jffs2: Fix potential illegal address access in jffs2_free_inode
    - s390/pkey: Wipe sensitive data on failure
    - tcp: tcp_mark_head_lost is only valid for sack-tcp
    - tcp: add ece_ack flag to reno sack functions
    - net: tcp better handling of reordering then loss cases
    - UPSTREAM: tcp: fix DSACK undo in fast recovery to call tcp_try_to_open()
    - tcp_metrics: validate source addr length
    - wifi: wilc1000: fix ies_len type in connect path
    - bonding: Fix out-of-bounds read in bond_option_arp_ip_targets_set()
    - selftests: fix OOM in msg_zerocopy selftest
    - selftests: make order checking verbose in msg_zerocopy selftest
    - inet_diag: Initialize pad field in struct inet_diag_req_v2
    - nilfs2: fix inode number range checks
    - nilfs2: add missing check for inode numbers on directory entries
    - mm: optimize the redundant loop of mm_update_owner_next()
    - can: kvaser_usb: Explicitly initialize family in leafimx driver_info struct
    - fsnotify: Do not generate events for O_PATH file descriptors
    - Revert "mm/writeback: fix possible divide-by-zero in wb_dirty_limits(),
      again"
    - drm/nouveau: fix null pointer dereference in nouveau_connector_get_modes
    - drm/amdgpu/atomfirmware: silence UBSAN warning
    - media: dw2102: fix a potential buffer overflow
    - i2c: pnx: Fix potential deadlock warning from del_timer_sync() call in isr
    - ALSA: hda/realtek: Enable headset mic of JP-IK LEAP W502 with ALC897
    - nvme-multipath: find NUMA path only for online numa-node
    - nilfs2: fix incorrect inode allocation from reserved inodes
    - filelock: fix potential use-after-free in posix_lock_inode
    - fs/dcache: Re-use value stored to dentry->d_flags instead of re-reading
    - vfs: don't mod negative dentry count when on shrinker list
    - tcp: add TCP_INFO status for failed client TFO
    - tcp: fix incorrect undo caused by DSACK of TLP retransmit
    - octeontx2-af: Fix incorrect value output on error path in
      rvu_check_rsrc_availability()
    - net: lantiq_etop: add blank line after declaration
    - net: ethernet: lantiq_etop: fix double free in detach
    - ppp: reject claimed-as-LCP but actually malformed packets
    - udp: Set SOCK_RCU_FREE earlier in udp_lib_get_port().
    - s390: Mark psw in __load_psw_mask() as __unitialized
    - ARM: davinci: Convert comma to semicolon
    - octeontx2-af: fix detection of IP layer
    - USB: serial: option: add Telit generic core-dump composition
    - USB: serial: option: add Telit FN912 rmnet compositions
    - USB: serial: option: add Fibocom FM350-GL
    - USB: serial: option: add support for Foxconn T99W651
    - USB: serial: option: add Netprisma LCUK54 series modules
    - USB: serial: option: add Rolling RW350-GL variants
    - USB: Add USB_QUIRK_NO_SET_INTF quirk for START BP-850k
    - usb: gadget: configfs: Prevent OOB read/write in usb_string_copy()
    - USB: core: Fix duplicate endpoint bug by clearing reserved bits in the
      descriptor
    - hpet: Support 32-bit userspace
    - nvmem: meson-efuse: Fix return value of nvmem callbacks
    - ALSA: hda/realtek: Limit mic boost on VAIO PRO PX
    - libceph: fix race between delayed_work() and ceph_monc_stop()
    - SUNRPC: Fix RPC client cleaned up the freed pipefs dentries
    - tcp: refactor tcp_retransmit_timer()
    - net: tcp: fix unexcepted socket die when snd_wnd is 0
    - tcp: use signed arithmetic in tcp_rtx_probe0_timed_out()
    - tcp: avoid too many retransmit packets
    - nilfs2: fix kernel bug on rename operation of broken directory
    - i2c: rcar: bring hardware to known state when probing
    - Linux 5.4.280
  * [SRU] UBSAN warnings in bnx2x kernel driver (LP: #2074215) // Focal update:
    v5.4.280 upstream stable release (LP: #2075175)
    - bnx2x: Fix multiple UBSAN array-index-out-of-bounds
  * Focal update: v5.4.279 upstream stable release (LP: #2073621)
    - wifi: mac80211: mesh: Fix leak of mesh_preq_queue objects
    - wifi: mac80211: Fix deadlock in ieee80211_sta_ps_deliver_wakeup()
    - wifi: cfg80211: pmsr: use correct nla_get_uX functions
    - wifi: iwlwifi: mvm: revert gen2 TX A-MPDU size to 64
    - wifi: iwlwifi: dbg_ini: move iwl_dbg_tlv_free outside of debugfs ifdef
    - wifi: iwlwifi: mvm: don't read past the mfuart notifcation
    - ipv6: sr: block BH in seg6_output_core() and seg6_input_core()
    - net: sched: sch_multiq: fix possible OOB write in multiq_tune()
    - vxlan: Fix regression when dropping packets due to invalid src addresses
    - tcp: count CLOSE-WAIT sockets for TCP_MIB_CURRESTAB
    - net/mlx5: Stop waiting for PCI if pci channel is offline
    - net/sched: taprio: always validate TCA_TAPRIO_ATTR_PRIOMAP
    - ptp: Fix error message on failed pin verification
    - af_unix: Annotate data-race of sk->sk_state in unix_inq_len().
    - af_unix: Annotate data-races around sk->sk_state in unix_write_space() and
      poll().
    - af_unix: Annotate data-races around sk->sk_state in sendmsg() and recvmsg().
    - af_unix: Annotate data-races around sk->sk_state in UNIX_DIAG.
    - af_unix: Annotate data-race of net->unx.sysctl_max_dgram_qlen.
    - af_unix: Use unix_recvq_full_lockless() in unix_stream_connect().
    - af_unix: Use skb_queue_len_lockless() in sk_diag_show_rqlen().
    - af_unix: Annotate data-race of sk->sk_shutdown in sk_diag_fill().
    - ipv6: fix possible race in __fib6_drop_pcpu_from()
    - usb: gadget: f_fs: Fix race between aio_cancel() and AIO request complete
    - ASoC: ti: davinci-mcasp: remove redundant assignment to variable ret
    - ASoC: ti: davinci-mcasp: remove always zero of davinci_mcasp_get_dt_params
    - ASoC: ti: davinci-mcasp: Use platform_get_irq_byname_optional
    - ASoC: ti: davinci-mcasp: Remove legacy dma_request parsing
    - ASoC: ti: davinci-mcasp: Simplify the configuration parameter handling
    - ASoC: ti: davinci-mcasp: Handle missing required DT properties
    - ASoC: ti: davinci-mcasp: Fix race condition during probe
    - drm/amd/display: Handle Y carry-over in VCP X.Y calculation
    - serial: sc16is7xx: replace hardcoded divisor value with BIT() macro
    - serial: sc16is7xx: fix bug in sc16is7xx_set_baud() when using prescaler
    - selftests/mm: compaction_test: fix incorrect write of zero to nr_hugepages
    - selftests/mm: conform test to TAP format output
    - selftests/mm: compaction_test: fix bogus test success on Aarch64
    - nilfs2: Remove check for PageError
    - nilfs2: return the mapped address from nilfs_get_page()
    - nilfs2: fix nilfs_empty_dir() misjudgment and long loop on I/O errors
    - USB: class: cdc-wdm: Fix CPU lockup caused by excessive log messages
    - mei: me: release irq in mei_me_pci_resume error path
    - jfs: xattr: fix buffer overflow for invalid xattr
    - xhci: Set correct transferred length for cancelled bulk transfers
    - xhci: Apply reset resume quirk to Etron EJ188 xHCI host
    - xhci: Apply broken streams quirk to Etron EJ188 xHCI host
    - scsi: mpt3sas: Avoid test/set_bit() operating in non-allocated memory
    - Input: try trimming too long modalias strings
    - SUNRPC: return proper error from gss_wrap_req_priv
    - gpio: tqmx86: fix typo in Kconfig label
    - HID: core: remove unnecessary WARN_ON() in implement()
    - iommu/amd: Fix sysfs leak in iommu init
    - iommu: Return right value in iommu_sva_bind_device()
    - HID: logitech-dj: Fix memory leak in logi_dj_recv_switch_to_dj_mode()
    - liquidio: Adjust a NULL pointer handling path in lio_vf_rep_copy_packet
    - drm/komeda: check for error-valued pointer
    - drm/bridge/panel: Fix runtime warning on panel bridge release
    - tcp: fix race in tcp_v6_syn_recv_sock()
    - net/mlx5e: Fix features validation check for tunneled UDP (non-VXLAN)
      packets
    - Bluetooth: L2CAP: Fix rejecting L2CAP_CONN_PARAM_UPDATE_REQ
    - netfilter: ipset: Fix race between namespace cleanup and gc in the list:set
      type
    - net/ipv6: Fix the RT cache flush via sysctl using a previous delay
    - ionic: fix use after netif_napi_del()
    - drivers: core: synchronize really_probe() and dev_uevent()
    - drm/exynos/vidi: fix memory leak in .get_modes()
    - drm/exynos: hdmi: report safe 640x480 mode as a fallback when no EDID found
    - tracing/selftests: Fix kprobe event name test for .isra. functions
    - vmci: prevent speculation leaks by sanitizing event in event_deliver()
    - fs/proc: fix softlockup in __read_vmcore
    - ocfs2: use coarse time for new created files
    - ocfs2: fix races between hole punching and AIO+DIO
    - PCI: rockchip-ep: Remove wrong mask on subsys_vendor_id
    - dmaengine: axi-dmac: fix possible race in remove()
    - intel_th: pci: Add Granite Rapids support
    - intel_th: pci: Add Granite Rapids SOC support
    - intel_th: pci: Add Sapphire Rapids SOC support
    - intel_th: pci: Add Meteor Lake-S support
    - intel_th: pci: Add Lunar Lake support
    - nilfs2: fix potential kernel bug due to lack of writeback flag waiting
    - tick/nohz_full: Don't abuse smp_call_function_single() in
      tick_setup_device()
    - hv_utils: drain the timesync packets on onchannelcallback
    - hugetlb_encode.h: fix undefined behaviour (34 << 26)
    - greybus: Fix use-after-free bug in gb_interface_release due to race
      condition.
    - usb-storage: alauda: Check whether the media is initialized
    - i2c: at91: Fix the functionality flags of the slave-only interface
    - rcutorture: Fix rcu_torture_one_read() pipe_count overflow comment
    - selftests/bpf: Prevent client connect before server bind in
      test_tc_tunnel.sh
    - batman-adv: bypass empty buckets in batadv_purge_orig_ref()
    - drop_monitor: replace spin_lock by raw_spin_lock
    - scsi: qedi: Fix crash while reading debugfs attribute
    - Bluetooth: ath3k: Fix multiple issues reported by checkpatch.pl
    - powerpc/pseries: Enforce hcall result buffer validity and size
    - powerpc/io: Avoid clang null pointer arithmetic warnings
    - usb: misc: uss720: check for incompatible versions of the Belkin F5U002
    - udf: udftime: prevent overflow in udf_disk_stamp_to_time()
    - PCI/PM: Avoid D3cold for HP Pavilion 17 PC/1972 PCIe Ports
    - MIPS: Octeon: Add PCIe link status check
    - MIPS: Routerboard 532: Fix vendor retry check code
    - mips: bmips: BCM6358: make sure CBR is correctly set
    - cipso: fix total option length computation
    - netrom: Fix a memory leak in nr_heartbeat_expiry()
    - ipv6: prevent possible NULL deref in fib6_nh_init()
    - ipv6: prevent possible NULL dereference in rt6_probe()
    - xfrm6: check ip6_dst_idev() return value in xfrm6_get_saddr()
    - netns: Make get_net_ns() handle zero refcount net
    - net/sched: act_api: rely on rcu in tcf_idr_check_alloc
    - net/sched: act_api: fix possible infinite loop in tcf_idr_check_alloc()
    - virtio_net: checksum offloading handling fix
    - netfilter: ipset: Fix suspicious rcu_dereference_protected()
    - net: usb: rtl8150 fix unintiatilzed variables in rtl8150_get_link_ksettings
    - regulator: core: Fix modpost error "regulator_get_regmap" undefined
    - dmaengine: ioatdma: Fix missing kmem_cache_destroy()
    - ACPICA: Revert "ACPICA: avoid Info: mapping multiple BARs. Your kernel is
      fine."
    - drm/radeon: fix UBSAN warning in kv_dpm.c
    - gcov: add support for GCC 14
    - i2c: ocores: set IACK bit after core is enabled
    - ARM: dts: samsung: smdkv310: fix keypad no-autorepeat
    - ARM: dts: samsung: exynos4412-origen: fix keypad no-autorepeat
    - ARM: dts: samsung: smdk4412: fix keypad no-autorepeat
    - arm64: dts: qcom: qcs404: fix bluetooth device address
    - tracing: Add MODULE_DESCRIPTION() to preemptirq_delay_test
    - Revert "kheaders: substituting --sort in archive creation"
    - kheaders: explicitly define file modes for archived headers
    - perf/core: Fix missing wakeup when waiting for context reference
    - PCI: Add PCI_ERROR_RESPONSE and related definitions
    - x86/amd_nb: Check for invalid SMN reads
    - iio: dac: ad5592r-base: Replace indio_dev->mlock with own device lock
    - iio: dac: ad5592r: un-indent code-block for scale read
    - iio: dac: ad5592r: fix temperature channel scaling value
    - pinctrl: fix deadlock in create_pinctrl() when handling -EPROBE_DEFER
    - pinctrl: rockchip: fix pinmux bits for RK3328 GPIO2-B pins
    - pinctrl: rockchip: fix pinmux bits for RK3328 GPIO3-B pins
    - pinctrl: rockchip: fix pinmux reset in rockchip_pmx_set
    - drm/amdgpu: fix UBSAN warning in kv_dpm.c
    - netfilter: nf_tables: validate family when identifying table via handle
    - ASoC: fsl-asoc-card: set priv->pdev before using it
    - net: dsa: microchip: fix initial port flush problem
    - net: phy: mchp: Add support for LAN8814 QUAD PHY
    - net: phy: micrel: add Microchip KSZ 9477 to the device table
    - sparc: fix old compat_sys_select()
    - parisc: use correct compat recv/recvfrom syscalls
    - netfilter: nf_tables: fully validate NFT_DATA_VALUE on store to data
      registers
    - drm/panel: ilitek-ili9881c: Fix warning with GPIO controllers that sleep
    - mtd: partitions: redboot: Added conversion of operands to a larger type
    - net/iucv: Avoid explicit cpumask var allocation on stack
    - net/dpaa2: Avoid explicit cpumask var allocation on stack
    - ALSA: emux: improve patch ioctl data validation
    - media: dvbdev: Initialize sbuf
    - soc: ti: wkup_m3_ipc: Send NULL dummy message instead of pointer message
    - nvme: fixup comment for nvme RDMA Provider Type
    - gpio: davinci: Validate the obtained number of IRQs
    - x86: stop playing stack games in profile_pc()
    - mmc: sdhci-pci: Convert PCIBIOS_* return codes to errnos
    - mmc: sdhci: Do not invert write-protect twice
    - mmc: sdhci: Do not lock spinlock around mmc_gpio_get_ro()
    - iio: adc: ad7266: Fix variable checking bug
    - iio: chemical: bme680: Fix pressure value output
    - iio: chemical: bme680: Fix calibration data variable
    - iio: chemical: bme680: Fix overflows in compensate() functions
    - iio: chemical: bme680: Fix sensor data read operation
    - net: usb: ax88179_178a: improve link status logs
    - usb: gadget: printer: SS+ support
    - usb: musb: da8xx: fix a resource leak in probe()
    - usb: atm: cxacru: fix endpoint checking in cxacru_bind()
    - tty: mcf: MCF54418 has 10 UARTS
    - net: can: j1939: Initialize unused data in j1939_send_one()
    - net: can: j1939: recover socket queue on CAN bus error during BAM
      transmission
    - net: can: j1939: enhanced error handling for tightly received RTS messages
      in xtp_rx_rts_session_new
    - csky, hexagon: fix broken sys_sync_file_range
    - hexagon: fix fadvise64_64 calling conventions
    - drm/nouveau/dispnv04: fix null pointer dereference in nv17_tv_get_ld_modes
    - drm/nouveau/dispnv04: fix null pointer dereference in nv17_tv_get_hd_modes
    - batman-adv: Don't accept TT entries for out-of-spec VIDs
    - ata: libata-core: Fix double free on error
    - ftruncate: pass a signed offset
    - mtd: spinand: macronix: Add support for serial NAND flash
    - pwm: stm32: Refuse too small period requests
    - nfs: Leave pages in the pagecache if readpage failed
    - ARM: dts: rockchip: rk3066a: add #sound-dai-cells to hdmi node
    - arm64: dts: rockchip: Add sound-dai-cells for RK3368
    - Linux 5.4.279
  * CVE-2024-26921
    - skbuff: introduce skb_expand_head()
    - skb_expand_head() adjust skb->truesize incorrectly
    - inet: inet_defrag: prevent sk release while still in use
  * CVE-2024-26929
    - scsi: qla2xxx: Fix double free of fcport
  * CVE-2024-39484
    - mmc: davinci: Don't strip remove function when driver is builtin
  * CVE-2024-36901
    - ipv6: prevent NULL dereference in ip6_output()
  * CVE-2024-26830
    - i40e: Refactoring VF MAC filters counting to make more reliable
    - i40e: Fix MAC address setting for a VF via Host/VM
    - i40e: Do not allow untrusted VF to remove administratively set MAC
  * CVE-2024-24860
    - Bluetooth: Fix atomicity violation in {min, max}_key_size_set
  * CVE-2023-52760
    - gfs2: Fix slab-use-after-free in gfs2_qd_dealloc
  * CVE-2024-2201
    - [Config] Set SPECTRE_BHI_ON=y
  * CVE-2023-52629
    - sh: push-switch: Reorder cleanup operations to avoid use-after-free bug
  * CVE-2021-46926
    - ALSA: hda: intel-sdw-acpi: harden detection of controller

Date: 2024-08-16 10:05:10.539103+00:00
Changed-By: Thibf <thibault.ferrante at canonical.com>
Signed-By: Andy Whitcroft <apw at canonical.com>
https://launchpad.net/ubuntu/+source/linux-kvm/5.4.0-1120.128
-------------- next part --------------
Sorry, changesfile not available.


More information about the Focal-changes mailing list