[ubuntu/focal-proposed] linux-aws 5.4.0-1128.138 (Accepted)

Andy Whitcroft apw at canonical.com
Sun Jun 23 04:16:37 UTC 2024


linux-aws (5.4.0-1128.138) focal; urgency=medium

  * focal/linux-aws: 5.4.0-1128.138 -proposed tracker (LP: #2068400)

  [ Ubuntu: 5.4.0-189.209 ]

  * focal/linux: 5.4.0-189.209 -proposed tracker (LP: #2068454)
  * Focal update: v5.4.275 upstream stable release (LP: #2067865)
    - batman-adv: Avoid infinite loop trying to resize local TT
    - Bluetooth: Fix memory leak in hci_req_sync_complete()
    - nouveau: fix function cast warning
    - net: openvswitch: fix unwanted error log on timeout policy probing
    - u64_stats: fix u64_stats_init() for lockdep when used repeatedly in one file
    - geneve: fix header validation in geneve[6]_xmit_skb
    - ipv6: fib: hide unused 'pn' variable
    - ipv4/route: avoid unused-but-set-variable warning
    - ipv6: fix race condition between ipv6_get_ifaddr and ipv6_del_addr
    - net/mlx5: Properly link new fs rules into the tree
    - net: ena: Fix potential sign extension issue
    - btrfs: qgroup: correctly model root qgroup rsv in convert
    - drm/client: Fully protect modes[] with dev->mode_config.mutex
    - vhost: Add smp_rmb() in vhost_vq_avail_empty()
    - selftests: timers: Fix abs() warning in posix_timers test
    - x86/apic: Force native_apic_mem_read() to use the MOV instruction
    - btrfs: record delayed inode root in transaction
    - selftests/ftrace: Limit length in subsystem-enable tests
    - kprobes: Fix possible use-after-free issue on kprobe registration
    - Revert "tracing/trigger: Fix to return error if failed to alloc snapshot"
    - netfilter: nf_tables: Fix potential data-race in __nft_expr_type_get()
    - tun: limit printing rate when illegal packet received by tun dev
    - RDMA/rxe: Fix the problem "mutex_destroy missing"
    - RDMA/mlx5: Fix port number for counter query in multi-port configuration
    - drm: nv04: Fix out of bounds access
    - clk: Remove prepare_lock hold assertion in __clk_release()
    - clk: Mark 'all_lists' as const
    - clk: remove extra empty line
    - clk: Print an info line before disabling unused clocks
    - clk: Initialize struct clk_core kref earlier
    - clk: Get runtime PM before walking tree during disable_unused
    - x86/cpufeatures: Fix dependencies for GFNI, VAES, and VPCLMULQDQ
    - comedi: vmk80xx: fix incomplete endpoint checking
    - serial/pmac_zilog: Remove flawed mitigation for rx irq flood
    - USB: serial: option: add Fibocom FM135-GL variants
    - USB: serial: option: add support for Fibocom FM650/FG650
    - USB: serial: option: add Lonsung U8300/U9300 product
    - USB: serial: option: support Quectel EM060K sub-models
    - USB: serial: option: add Rolling RW101-GL and RW135-GL support
    - USB: serial: option: add Telit FN920C04 rmnet compositions
    - usb: dwc2: host: Fix dereference issue in DDMA completion flow.
    - speakup: Avoid crash on very long word
    - fs: sysfs: Fix reference leak in sysfs_break_active_protection()
    - nouveau: fix instmem race condition around ptr stores
    - nilfs2: fix OOB in nilfs_set_de_type
    - KVM: async_pf: Cleanup kvm_setup_async_pf()
    - arm64: dts: rockchip: fix alphabetical ordering RK3399 puma
    - arm64: dts: rockchip: enable internal pull-up on PCIE_WAKE# for RK3399 Puma
    - arm64: dts: mediatek: mt7622: fix IR nodename
    - arm64: dts: mediatek: mt7622: fix ethernet controller "compatible"
    - arm64: dts: mediatek: mt7622: drop "reset-names" from thermal block
    - arm64: dts: mt2712: add ethernet device node
    - arm64: dts: mediatek: mt2712: fix validation errors
    - ARC: [plat-hsdk]: Remove misplaced interrupt-cells property
    - vxlan: drop packets from invalid src-address
    - mlxsw: core: Unregister EMAD trap using FORWARD action
    - NFC: trf7970a: disable all regulators on removal
    - net: usb: ax88179_178a: stop lying about skb->truesize
    - net: gtp: Fix Use-After-Free in gtp_dellink
    - ipvs: Fix checksumming on GSO of SCTP packets
    - net: openvswitch: Fix Use-After-Free in ovs_ct_exit
    - mlxsw: spectrum_acl_tcam: Fix race during rehash delayed work
    - mlxsw: spectrum_acl_tcam: Fix possible use-after-free during activity update
    - mlxsw: spectrum_acl_tcam: Fix possible use-after-free during rehash
    - mlxsw: spectrum_acl_tcam: Rate limit error message
    - mlxsw: spectrum_acl_tcam: Fix memory leak during rehash
    - mlxsw: spectrum_acl_tcam: Fix warning during rehash
    - mlxsw: spectrum_acl_tcam: Fix incorrect list API usage
    - mlxsw: spectrum_acl_tcam: Fix memory leak when canceling rehash work
    - i40e: Do not use WQ_MEM_RECLAIM flag for workqueue
    - iavf: Fix TC config comparison with existing adapter TC config
    - af_unix: Suppress false-positive lockdep splat for spin_lock() in
      __unix_gc().
    - serial: core: Provide port lock wrappers
    - serial: mxs-auart: add spinlock around changing cts state
    - Revert "crypto: api - Disallow identical driver names"
    - net/mlx5e: Fix a race in command alloc flow
    - tracing: Show size of requested perf buffer
    - tracing: Increase PERF_MAX_TRACE_SIZE to handle Sentinel1 and docker
      together
    - Bluetooth: Fix type of len in {l2cap,sco}_sock_getsockopt_old()
    - Bluetooth: btusb: Add Realtek RTL8852BE support ID 0x0bda:0x4853
    - btrfs: fix information leak in btrfs_ioctl_logical_to_ino()
    - arm64: dts: rockchip: enable internal pull-up for Q7_THRM# on RK3399 Puma
    - drm/amdgpu: Fix leak when GPU memory allocation fails
    - irqchip/gic-v3-its: Prevent double free on error
    - ethernet: Add helper for assigning packet type when dest address does not
      match device address
    - net: b44: set pause params only when interface is up
    - stackdepot: respect __GFP_NOLOCKDEP allocation flag
    - mtd: diskonchip: work around ubsan link failure
    - tcp: Clean up kernel listener's reqsk in inet_twsk_purge()
    - tcp: Fix NEW_SYN_RECV handling in inet_twsk_purge()
    - dmaengine: owl: fix register access functions
    - idma64: Don't try to serve interrupts when device is powered off
    - i2c: smbus: fix NULL function pointer dereference
    - HID: i2c-hid: remove I2C_HID_READ_PENDING flag to prevent lock-up
    - bounds: Use the right number of bits for power-of-two CONFIG_NR_CPUS
    - udp: preserve the connected status if only UDP cmsg
    - serial: core: fix kernel-doc for uart_port_unlock_irqrestore()
    - Linux 5.4.275
  * Focal update: v5.4.274 upstream stable release (LP: #2067857)
    - amdkfd: use calloc instead of kzalloc to avoid integer overflow
    - Documentation/hw-vuln: Update spectre doc
    - x86/cpu: Support AMD Automatic IBRS
    - x86/bugs: Use sysfs_emit()
    - timers: Update kernel-doc for various functions
    - timers: Use del_timer_sync() even on UP
    - timers: Rename del_timer_sync() to timer_delete_sync()
    - media: staging: ipu3-imgu: Set fields before media_entity_pads_init()
    - clk: qcom: gcc-sdm845: Add soft dependency on rpmhpd
    - smack: Set SMACK64TRANSMUTE only for dirs in smack_inode_setxattr()
    - smack: Handle SMACK64TRANSMUTE in smack_inode_setsecurity()
    - ARM: dts: mmp2-brownstone: Don't redeclare phandle references
    - arm: dts: marvell: Fix maxium->maxim typo in brownstone dts
    - serial: max310x: fix NULL pointer dereference in I2C instantiation
    - KVM: Always flush async #PF workqueue when vCPU is being destroyed
    - sparc64: NMI watchdog: fix return value of __setup handler
    - sparc: vDSO: fix return value of __setup handler
    - crypto: qat - fix double free during reset
    - crypto: qat - resolve race condition during AER recovery
    - selftests/mqueue: Set timeout to 180 seconds
    - ext4: correct best extent lstart adjustment logic
    - fat: fix uninitialized field in nostale filehandles
    - ubifs: Set page uptodate in the correct place
    - ubi: Check for too small LEB size in VTBL code
    - ubi: correct the calculation of fastmap size
    - mtd: rawnand: meson: fix scrambling mode value in command macro
    - parisc: Do not hardcode registers in checksum functions
    - parisc: Fix ip_fast_csum
    - parisc: Fix csum_ipv6_magic on 32-bit systems
    - parisc: Fix csum_ipv6_magic on 64-bit systems
    - parisc: Strip upper 32 bit of sum in csum_ipv6_magic for 64-bit builds
    - PM: suspend: Set mem_sleep_current during kernel command line setup
    - clk: qcom: gcc-ipq8074: fix terminating of frequency table arrays
    - clk: qcom: mmcc-apq8084: fix terminating of frequency table arrays
    - clk: qcom: mmcc-msm8974: fix terminating of frequency table arrays
    - powerpc/fsl: Fix mfpmr build errors with newer binutils
    - USB: serial: ftdi_sio: add support for GMC Z216C Adapter IR-USB
    - USB: serial: add device ID for VeriFone adapter
    - USB: serial: cp210x: add ID for MGP Instruments PDS100
    - USB: serial: option: add MeiG Smart SLM320 product
    - USB: serial: cp210x: add pid/vid for TDK NC0110013M and MM0110113M
    - PM: sleep: wakeirq: fix wake irq warning in system suspend
    - mmc: tmio: avoid concurrent runs of mmc_request_done()
    - fuse: don't unhash root
    - btrfs: fix off-by-one chunk length calculation at contains_pending_extent()
    - PCI: Drop pci_device_remove() test of pci_dev->driver
    - PCI/PM: Drain runtime-idle callbacks before driver removal
    - Revert "Revert "md/raid5: Wait for MD_SB_CHANGE_PENDING in raid5d""
    - dm-raid: fix lockdep waring in "pers->hot_add_disk"
    - mmc: core: Fix switch on gp3 partition
    - hwmon: (amc6821) add of_match table
    - ext4: fix corruption during on-line resize
    - firmware: meson_sm: Rework driver as a proper platform driver
    - nvmem: meson-efuse: fix function pointer type mismatch
    - slimbus: core: Remove usage of the deprecated ida_simple_xx() API
    - speakup: Fix 8bit characters from direct synth
    - kbuild: Move -Wenum-{compare-conditional,enum-conversion} into W=1
    - vfio/platform: Disable virqfds on cleanup
    - ring-buffer: Fix resetting of shortest_full
    - ring-buffer: Fix full_waiters_pending in poll
    - soc: fsl: qbman: Always disable interrupts when taking cgr_lock
    - soc: fsl: qbman: Add helper for sanity checking cgr ops
    - soc: fsl: qbman: Add CGR update function
    - soc: fsl: qbman: Use raw spinlock for cgr_lock
    - s390/zcrypt: fix reference counting on zcrypt card objects
    - drm/exynos: do not return negative values from .get_modes()
    - drm/imx/ipuv3: do not return negative values from .get_modes()
    - drm/vc4: hdmi: do not return negative values from .get_modes()
    - memtest: use {READ,WRITE}_ONCE in memory scanning
    - nilfs2: fix failure to detect DAT corruption in btree and direct mappings
    - nilfs2: use a more common logging style
    - nilfs2: prevent kernel bug at submit_bh_wbc()
    - x86/CPU/AMD: Update the Zenbleed microcode revisions
    - ahci: asm1064: correct count of reported ports
    - ahci: asm1064: asm1166: don't limit reported ports
    - dm snapshot: fix lockup in dm_exception_table_exit
    - comedi: comedi_test: Prevent timers rescheduling during deletion
    - netfilter: nf_tables: reject constant set with timeout
    - xfrm: Avoid clang fortify warning in copy_to_user_tmpl()
    - ALSA: hda/realtek - Fix headset Mic no show at resume back for Lenovo ALC897
      platform
    - USB: usb-storage: Prevent divide-by-0 error in isd200_ata_command
    - usb: gadget: ncm: Fix handling of zero block length packets
    - usb: port: Don't try to peer unused USB ports based on location
    - tty: serial: fsl_lpuart: avoid idle preamble pending if CTS is enabled
    - vt: fix unicode buffer corruption when deleting characters
    - fs/aio: Check IOCB_AIO_RW before the struct aio_kiocb conversion
    - objtool: is_fentry_call() crashes if call has no destination
    - objtool: Add support for intra-function calls
    - x86/speculation: Support intra-function call validation
    - xen/events: close evtchn after mapping cleanup
    - printk: Update @console_may_schedule in console_trylock_spinning()
    - btrfs: allocate btrfs_ioctl_defrag_range_args on stack
    - Revert "loop: Check for overflow while configuring loop"
    - loop: Call loop_config_discard() only after new config is applied
    - loop: Remove sector_t truncation checks
    - loop: Factor out setting loop device size
    - loop: Refactor loop_set_status() size calculation
    - loop: Factor out configuring loop from status
    - loop: Check for overflow while configuring loop
    - loop: loop_set_status_from_info() check before assignment
    - perf/core: Fix reentry problem in perf_output_read_group()
    - efivarfs: Request at most 512 bytes for variable names
    - powerpc: xor_vmx: Add '-mhard-float' to CFLAGS
    - bounds: support non-power-of-two CONFIG_NR_CPUS
    - vt: fix memory overlapping when deleting chars in the buffer
    - mm/memory-failure: fix an incorrect use of tail pages
    - mm/migrate: set swap entry values of THP tail pages properly.
    - wifi: mac80211: check/clear fast rx for non-4addr sta VLAN changes
    - exec: Fix NOMMU linux_binprm::exec in transfer_args_to_stack()
    - mmc: core: Initialize mmc_blk_ioc_data
    - mmc: core: Avoid negative index with array access
    - ALSA: sh: aica: reorder cleanup operations to avoid UAF bugs
    - scsi: core: Fix unremoved procfs host directory regression
    - usb: dwc2: host: Fix remote wakeup from hibernation
    - usb: dwc2: host: Fix hibernation flow
    - usb: dwc2: host: Fix ISOC flow in DDMA mode
    - usb: dwc2: gadget: LPM flow fix
    - usb: udc: remove warning when queue disabled ep
    - scsi: qla2xxx: Fix command flush on cable pull
    - x86/cpu: Enable STIBP on AMD if Automatic IBRS is enabled
    - scsi: lpfc: Correct size for wqe for memset()
    - USB: core: Fix deadlock in usb_deauthorize_interface()
    - nfc: nci: Fix uninit-value in nci_dev_up and nci_ntf_packet
    - ixgbe: avoid sleeping allocation in ixgbe_ipsec_vf_add_sa()
    - tcp: properly terminate timers for kernel sockets
    - dm integrity: fix out-of-range warning
    - r8169: fix issue caused by buggy BIOS on certain boards with RTL8168d
    - Bluetooth: hci_event: set the conn encrypted before conn establishes
    - Bluetooth: Fix TOCTOU in HCI debugfs implementation
    - netfilter: nf_tables: disallow timeout for anonymous sets
    - net/rds: fix possible cp null dereference
    - vfio/pci: Disable auto-enable of exclusive INTx IRQ
    - vfio/pci: Lock external INTx masking ops
    - vfio: Introduce interface to flush virqfd inject workqueue
    - vfio/pci: Create persistent INTx handler
    - vfio/platform: Create persistent IRQ handlers
    - Revert "x86/mm/ident_map: Use gbpages only where full GB page should be
      mapped."
    - mm, vmscan: prevent infinite loop for costly GFP_NOIO | __GFP_RETRY_MAYFAIL
      allocations
    - netfilter: nf_tables: flush pending destroy work before exit_net release
    - netfilter: nf_tables: Fix potential data-race in __nft_flowtable_type_get()
    - bpf, sockmap: Prevent lock inversion deadlock in map delete elem
    - net/sched: act_skbmod: prevent kernel-infoleak
    - net: stmmac: fix rx queue priority assignment
    - selftests: reuseaddr_conflict: add missing new line at the end of the output
    - ipv6: Fix infinite recursion in fib6_dump_done().
    - i40e: fix vf may be used uninitialized in this function warning
    - staging: mmal-vchiq: Allocate and free components as required
    - staging: mmal-vchiq: Fix client_component for 64 bit kernel
    - staging: vc04_services: changen strncpy() to strscpy_pad()
    - staging: vc04_services: fix information leak in create_component()
    - fs: add a vfs_fchown helper
    - fs: add a vfs_fchmod helper
    - initramfs: switch initramfs unpacking to struct file based APIs
    - init: open /initrd.image with O_LARGEFILE
    - erspan: Add type I version 0 support.
    - erspan: make sure erspan_base_hdr is present in skb->head
    - net: ravb: Always process TX descriptor ring
    - ASoC: ops: Fix wraparound for mask in snd_soc_get_volsw
    - ata: sata_sx4: fix pdc20621_get_from_dimm() on 64-bit
    - scsi: mylex: Fix sysfs buffer lengths
    - ata: sata_mv: Fix PCI device ID table declaration compilation warning
    - ALSA: hda/realtek: Update Panasonic CF-SZ6 quirk to support headset with
      microphone
    - x86/mce: Make sure to grab mce_sysfs_mutex in set_bank()
    - s390/entry: align system call table on 8 bytes
    - wifi: ath9k: fix LNA selection in ath_ant_try_scan()
    - VMCI: Fix memcpy() run-time warning in dg_dispatch_as_host()
    - panic: Flush kernel log buffer at the end
    - arm64: dts: rockchip: fix rk3328 hdmi ports node
    - arm64: dts: rockchip: fix rk3399 hdmi ports node
    - ionic: set adminq irq affinity
    - tools/power x86_energy_perf_policy: Fix file leak in get_pkg_num()
    - btrfs: handle chunk tree lookup error in btrfs_relocate_sys_chunks()
    - btrfs: export: handle invalid inode or root reference in btrfs_get_parent()
    - btrfs: send: handle path ref underflow in header iterate_inode_ref()
    - Bluetooth: btintel: Fix null ptr deref in btintel_read_version
    - Input: synaptics-rmi4 - fail probing if memory allocation for "phys" fails
    - sysv: don't call sb_bread() with pointers_lock held
    - scsi: lpfc: Fix possible memory leak in lpfc_rcv_padisc()
    - isofs: handle CDs with bad root inode but good Joliet root directory
    - media: sta2x11: fix irq handler cast
    - drm/amd/display: Fix nanosec stat overflow
    - SUNRPC: increase size of rpc_wait_queue.qlen from unsigned short to unsigned
      int
    - Revert "ACPI: PM: Block ASUS B1400CEAE from suspend to idle by default"
    - block: prevent division by zero in blk_rq_stat_sum()
    - Input: allocate keycode for Display refresh rate toggle
    - ktest: force $buildonly = 1 for 'make_warnings_file' test type
    - tools: iio: replace seekdir() in iio_generic_buffer
    - usb: typec: tcpci: add generic tcpci fallback compatible
    - usb: sl811-hcd: only defined function checkdone if QUIRK2 is defined
    - fbdev: viafb: fix typo in hw_bitblt_1 and hw_bitblt_2
    - fbmon: prevent division by zero in fb_videomode_from_videomode()
    - netfilter: nf_tables: reject new basechain after table flag update
    - netfilter: nf_tables: discard table flag update with pending basechain
      deletion
    - tty: n_gsm: require CAP_NET_ADMIN to attach N_GSM0710 ldisc
    - drm/vkms: call drm_atomic_helper_shutdown before drm_dev_put()
    - virtio: reenable config if freezing device failed
    - x86/mm/pat: fix VM_PAT handling in COW mappings
    - drm/i915/gt: Reset queue_priority_hint on parking
    - x86/alternative: Don't call text_poke() in lazy TLB mode
    - Bluetooth: btintel: Fixe build regression
    - VMCI: Fix possible memcpy() run-time warning in
      vmci_datagram_invoke_guest_handler()
    - erspan: Check IFLA_GRE_ERSPAN_VER is set.
    - ip_gre: do not report erspan version on GRE interface
    - firmware: meson_sm: fix to avoid potential NULL pointer dereference
    - Linux 5.4.274
  * CVE-2024-26586
    - mlxsw: spectrum_acl_tcam: Fix stack corruption
  * CVE-2024-26923
    - af_unix: Do not use atomic ops for unix_sk(sk)->inflight.
    - af_unix: Fix garbage collector racing against connect()
  * Focal update: v5.4.273 upstream stable release (LP: #2064561)
    - io_uring/unix: drop usage of io_uring socket
    - io_uring: drop any code related to SCM_RIGHTS
    - selftests: tls: use exact comparison in recv_partial
    - ASoC: rt5645: Make LattePanda board DMI match more precise
    - x86/xen: Add some null pointer checking to smp.c
    - MIPS: Clear Cause.BD in instruction_pointer_set
    - HID: multitouch: Add required quirk for Synaptics 0xcddc device
    - RDMA/mlx5: Relax DEVX access upon modify commands
    - net/iucv: fix the allocation size of iucv_path_table array
    - parisc/ftrace: add missing CONFIG_DYNAMIC_FTRACE check
    - block: sed-opal: handle empty atoms when parsing response
    - dm-verity, dm-crypt: align "struct bvec_iter" correctly
    - btrfs: fix data race at btrfs_use_block_rsv() when accessing block reserve
    - scsi: mpt3sas: Prevent sending diag_reset when the controller is ready
    - Bluetooth: rfcomm: Fix null-ptr-deref in rfcomm_check_security
    - firewire: core: use long bus reset on gap count error
    - ASoC: Intel: bytcr_rt5640: Add an extra entry for the Chuwi Vi8 tablet
    - Input: gpio_keys_polled - suppress deferred probe error for gpio
    - ASoC: wm8962: Enable oscillator if selecting WM8962_FLL_OSC
    - ASoC: wm8962: Enable both SPKOUTR_ENA and SPKOUTL_ENA in mono mode
    - ASoC: wm8962: Fix up incorrect error message in wm8962_set_fll
    - do_sys_name_to_handle(): use kzalloc() to fix kernel-infoleak
    - fs/select: rework stack allocation hack for clang
    - timekeeping: Fix cross-timestamp interpolation on counter wrap
    - timekeeping: Fix cross-timestamp interpolation corner case decision
    - timekeeping: Fix cross-timestamp interpolation for non-x86
    - wifi: ath10k: fix NULL pointer dereference in
      ath10k_wmi_tlv_op_pull_mgmt_tx_compl_ev()
    - b43: dma: Fix use true/false for bool type variable
    - wifi: b43: Stop/wake correct queue in DMA Tx path when QoS is disabled
    - wifi: b43: Stop/wake correct queue in PIO Tx path when QoS is disabled
    - b43: main: Fix use true/false for bool type
    - wifi: b43: Stop correct queue in DMA worker when QoS is disabled
    - wifi: b43: Disable QoS for bcm4331
    - wifi: wilc1000: fix declarations ordering
    - wifi: wilc1000: fix RCU usage in connect path
    - wifi: mwifiex: debugfs: Drop unnecessary error check for
      debugfs_create_dir()
    - sock_diag: annotate data-races around sock_diag_handlers[family]
    - af_unix: Annotate data-race of gc_in_progress in wait_for_unix_gc().
    - net: blackhole_dev: fix build warning for ethh set but not used
    - wifi: libertas: fix some memleaks in lbs_allocate_cmd_buffer()
    - arm64: dts: mediatek: mt7622: add missing "device_type" to memory nodes
    - bpf: Add typecast to bpf helpers to help BTF generation
    - bpf: Factor out bpf_spin_lock into helpers.
    - bpf: Mark bpf_spin_{lock,unlock}() helpers with notrace correctly
    - arm64: dts: qcom: db820c: Move non-soc entries out of /soc
    - arm64: dts: qcom: msm8996: Use node references in db820c
    - arm64: dts: qcom: msm8996: Move regulator consumers to db820c
    - arm64: dts: qcom: msm8996: Pad addresses
    - ACPI: processor_idle: Fix memory leak in acpi_processor_power_exit()
    - bus: tegra-aconnect: Update dependency to ARCH_TEGRA
    - [Config]: Update tegra configs
    - iommu/amd: Mark interrupt as managed
    - wifi: brcmsmac: avoid function pointer casts
    - net: ena: Remove ena_select_queue
    - ARM: dts: arm: realview: Fix development chip ROM compatible value
    - ARM: dts: imx6dl-yapp4: Move phy reset into switch node
    - ARM: dts: imx6dl-yapp4: Fix typo in the QCA switch register address
    - ARM: dts: imx6dl-yapp4: Move the internal switch PHYs under the switch node
    - ACPI: scan: Fix device check notification handling
    - x86, relocs: Ignore relocations in .notes section
    - SUNRPC: fix some memleaks in gssx_dec_option_array
    - mmc: wmt-sdmmc: remove an incorrect release_mem_region() call in the .remove
      function
    - igb: move PEROUT and EXTTS isr logic to separate functions
    - igb: Fix missing time sync events
    - Bluetooth: Remove superfluous call to hci_conn_check_pending()
    - sr9800: Add check for usbnet_get_endpoints
    - bpf: Fix hashtab overflow check on 32-bit arches
    - bpf: Fix stackmap overflow check on 32-bit arches
    - ipv6: fib6_rules: flush route cache when rule is changed
    - net: ip_tunnel: make sure to pull inner header in ip_tunnel_rcv()
    - net: hns3: fix port duplex configure error in IMP reset
    - tcp: fix incorrect parameter validation in the do_tcp_getsockopt() function
    - l2tp: fix incorrect parameter validation in the pppol2tp_getsockopt()
      function
    - udp: fix incorrect parameter validation in the udp_lib_getsockopt() function
    - net: kcm: fix incorrect parameter validation in the kcm_getsockopt) function
    - net/x25: fix incorrect parameter validation in the x25_getsockopt() function
    - nfp: flower: handle acti_netdevs allocation failure
    - dm raid: fix false positive for requeue needed during reshape
    - dm: call the resume method on internal suspend
    - drm/tegra: dsi: Add missing check for of_find_device_by_node
    - gpu: host1x: mipi: Update tegra_mipi_request() to be node based
    - drm/tegra: dsi: Make use of the helper function dev_err_probe()
    - drm/tegra: dsi: Fix some error handling paths in tegra_dsi_probe()
    - drm/tegra: dsi: Fix missing pm_runtime_disable() in the error handling path
      of tegra_dsi_probe()
    - drm/tegra: output: Fix missing i2c_put_adapter() in the error handling paths
      of tegra_output_probe()
    - drm/rockchip: inno_hdmi: Fix video timing
    - drm: Don't treat 0 as -1 in drm_fixp2int_ceil
    - drm/rockchip: lvds: do not overwrite error code
    - dmaengine: tegra210-adma: Update dependency to ARCH_TEGRA
    - media: tc358743: register v4l2 async device only after successful setup
    - PCI/DPC: Print all TLP Prefixes, not just the first
    - perf record: Fix possible incorrect free in record__switch_output()
    - drm/amd/display: Fix potential NULL pointer dereferences in
      'dcn10_set_output_transfer_func()'
    - perf evsel: Fix duplicate initialization of data->id in
      evsel__parse_sample()
    - media: em28xx: annotate unchecked call to media_device_register()
    - media: v4l2-tpg: fix some memleaks in tpg_alloc
    - media: v4l2-mem2mem: fix a memleak in v4l2_m2m_register_entity
    - media: edia: dvbdev: fix a use-after-free
    - clk: qcom: reset: Allow specifying custom reset delay
    - clk: qcom: reset: support resetting multiple bits
    - clk: qcom: reset: Commonize the de/assert functions
    - clk: qcom: reset: Ensure write completion on reset de/assertion
    - quota: simplify drop_dquot_ref()
    - quota: Fix potential NULL pointer dereference
    - quota: Fix rcu annotations of inode dquot pointers
    - PCI: switchtec: Fix an error handling path in switchtec_pci_probe()
    - perf thread_map: Free strlist on normal path in thread_map__new_by_tid_str()
    - drm/radeon/ni: Fix wrong firmware size logging in ni_init_microcode()
    - ALSA: seq: fix function cast warnings
    - perf stat: Avoid metric-only segv
    - media: imx: csc/scaler: fix v4l2_ctrl_handler memory leak
    - media: go7007: add check of return value of go7007_read_addr()
    - media: pvrusb2: remove redundant NULL check
    - media: pvrusb2: fix pvr2_stream_callback casts
    - clk: qcom: dispcc-sdm845: Adjust internal GDSC wait times
    - drm/mediatek: dsi: Fix DSI RGB666 formats and definitions
    - PCI: Mark 3ware-9650SE Root Port Extended Tags as broken
    - clk: hisilicon: hi3519: Release the correct number of gates in
      hi3519_clk_unregister()
    - drm/tegra: put drm_gem_object ref on error in tegra_fb_create
    - mfd: syscon: Call of_node_put() only when of_parse_phandle() takes a ref
    - mfd: altera-sysmgr: Call of_node_put() only when of_parse_phandle() takes a
      ref
    - crypto: arm/sha - fix function cast warnings
    - mtd: maps: physmap-core: fix flash size larger than 32-bit
    - mtd: rawnand: lpc32xx_mlc: fix irq handler prototype
    - ASoC: meson: axg-tdm-interface: fix mclk setup without mclk-fs
    - drm/amdgpu: Fix missing break in ATOM_ARG_IMM Case of atom_get_src_int()
    - media: pvrusb2: fix uaf in pvr2_context_set_notify
    - media: dvb-frontends: avoid stack overflow warnings with clang
    - media: go7007: fix a memleak in go7007_load_encoder
    - media: v4l2-core: correctly validate video and metadata ioctls
    - media: rename VFL_TYPE_GRABBER to _VIDEO
    - media: media/pci: rename VFL_TYPE_GRABBER to _VIDEO
    - media: ttpci: fix two memleaks in budget_av_attach
    - drm/mediatek: Fix a null pointer crash in mtk_drm_crtc_finish_page_flip
    - powerpc/hv-gpci: Fix the H_GET_PERF_COUNTER_INFO hcall return value checks
    - drm/msm/dpu: add division of drm_display_mode's hskew parameter
    - powerpc/embedded6xx: Fix no previous prototype for avr_uart_send() etc.
    - backlight: lm3630a: Initialize backlight_properties on init
    - backlight: lm3630a: Don't set bl->props.brightness in get_brightness
    - backlight: da9052: Fully initialize backlight_properties during probe
    - backlight: lm3639: Fully initialize backlight_properties during probe
    - backlight: lp8788: Fully initialize backlight_properties during probe
    - sparc32: Fix section mismatch in leon_pci_grpci
    - clk: Fix clk_core_get NULL dereference
    - ALSA: usb-audio: Stop parsing channels bits when all channels are found.
    - scsi: csiostor: Avoid function pointer casts
    - RDMA/device: Fix a race between mad_client and cm_client init
    - scsi: bfa: Fix function pointer type mismatch for hcb_qe->cbfn
    - net: sunrpc: Fix an off by one in rpc_sockaddr2uaddr()
    - watchdog: stm32_iwdg: initialize default timeout
    - NFS: Fix an off by one in root_nfs_cat()
    - afs: Revert "afs: Hide silly-rename files from userspace"
    - tty: vt: fix 20 vs 0x20 typo in EScsiignore
    - serial: max310x: fix syntax error in IRQ error message
    - tty: serial: samsung: fix tx_empty() to return TIOCSER_TEMT
    - kconfig: fix infinite loop when expanding a macro at the end of file
    - rtc: mt6397: select IRQ_DOMAIN instead of depending on it
    - serial: 8250_exar: Don't remove GPIO device on suspend
    - staging: greybus: fix get_channel_from_mode() failure path
    - usb: gadget: net2272: Use irqflags in the call to net2272_probe_fin
    - octeontx2-af: Use matching wake_up API variant in CGX command interface
    - s390/vtime: fix average steal time calculation
    - hsr: Fix uninit-value access in hsr_get_node()
    - packet: annotate data-races around ignore_outgoing
    - rds: introduce acquire/release ordering in acquire/release_in_xmit()
    - hsr: Handle failures in module init
    - net/bnx2x: Prevent access to a freed page in page_pool
    - octeontx2-af: Use separate handlers for interrupts
    - ARM: dts: sun8i-h2-plus-bananapi-m2-zero: add regulator nodes vcc-dram and
      vcc1v2
    - netfilter: nf_tables: do not compare internal table flags on updates
    - rcu: add a helper to report consolidated flavor QS
    - bpf: report RCU QS in cpumap kthread
    - spi: spi-mt65xx: Fix NULL pointer access in interrupt handler
    - regmap: Add missing map->bus check
    - Linux 5.4.273
  * Focal update: v5.4.272 upstream stable release (LP: #2064555)
    - lan78xx: Fix white space and style issues
    - lan78xx: Add missing return code checks
    - lan78xx: Fix partial packet errors on suspend/resume
    - lan78xx: Fix race conditions in suspend/resume handling
    - net: lan78xx: fix runtime PM count underflow on link stop
    - ixgbe: {dis, en}able irqs in ixgbe_txrx_ring_{dis, en}able
    - geneve: make sure to pull inner header in geneve_rx()
    - net: ice: Fix potential NULL pointer dereference in ice_bridge_setlink()
    - net/ipv6: avoid possible UAF in ip6_route_mpath_notify()
    - net/rds: fix WARNING in rds_conn_connect_if_down
    - netfilter: nft_ct: fix l3num expectations with inet pseudo family
    - netfilter: nf_conntrack_h323: Add protection for bmp length out of range
    - netrom: Fix a data-race around sysctl_netrom_default_path_quality
    - netrom: Fix a data-race around sysctl_netrom_obsolescence_count_initialiser
    - netrom: Fix data-races around sysctl_netrom_network_ttl_initialiser
    - netrom: Fix a data-race around sysctl_netrom_transport_timeout
    - netrom: Fix a data-race around sysctl_netrom_transport_maximum_tries
    - netrom: Fix a data-race around sysctl_netrom_transport_acknowledge_delay
    - netrom: Fix a data-race around sysctl_netrom_transport_busy_delay
    - netrom: Fix a data-race around sysctl_netrom_transport_requested_window_size
    - netrom: Fix a data-race around sysctl_netrom_transport_no_activity_timeout
    - netrom: Fix a data-race around sysctl_netrom_routing_control
    - netrom: Fix a data-race around sysctl_netrom_link_fails_count
    - netrom: Fix data-races around sysctl_net_busy_read
    - selftests: mm: fix map_hugetlb failure on 64K page size systems
    - um: allow not setting extra rpaths in the linux binary
    - serial: max310x: Use devm_clk_get_optional() to get the input clock
    - serial: max310x: Try to get crystal clock rate from property
    - serial: max310x: fail probe if clock crystal is unstable
    - serial: max310x: Make use of device properties
    - serial: max310x: use regmap methods for SPI batch operations
    - serial: max310x: use a separate regmap for each port
    - serial: max310x: prevent infinite while() loop in port startup
    - Input: i8042 - fix strange behavior of touchpad on Clevo NS70PU
    - hv_netvsc: Make netvsc/VF binding check both MAC and serial number
    - hv_netvsc: use netif_is_bond_master() instead of open code
    - hv_netvsc: Register VF in netvsc_probe if NET_DEVICE_REGISTER missed
    - y2038: rusage: use __kernel_old_timeval
    - getrusage: add the "signal_struct *sig" local variable
    - getrusage: move thread_group_cputime_adjusted() outside of
      lock_task_sighand()
    - getrusage: use __for_each_thread()
    - getrusage: use sig->stats_lock rather than lock_task_sighand()
    - serial: max310x: Unprepare and disable clock in error path
    - regmap: allow to define reg_update_bits for no bus configuration
    - regmap: Add bulk read/write callbacks into regmap_config
    - serial: max310x: make accessing revision id interface-agnostic
    - serial: max310x: implement I2C support
    - serial: max310x: fix IO data corruption in batched operations
    - arm64: dts: qcom: add PDC interrupt controller for SDM845
    - arm64: dts: qcom: sdm845: fix USB DP/DM HS PHY interrupts
    - Linux 5.4.272
  * CVE-2024-23307
    - md/raid5: fix atomicity violation in raid5_cache_count
  * CVE-2024-26889
    - Bluetooth: hci_core: Fix possible buffer overflow
  * CVE-2024-26828
    - cifs: fix underflow in parse_server_interfaces()
  * CVE-2024-24861
    - media: xc4000: Fix atomicity violation in xc4000_get_frequency
  * CVE-2023-6270
    - aoe: fix the potential use-after-free problem in aoecmd_cfg_pkts
  * CVE-2024-26642
    - netfilter: nf_tables: disallow anonymous set with timeout flag
  * CVE-2024-26926
    - binder: check offset alignment in binder_get_object()
  * CVE-2024-26922
    - drm/amdgpu: validate the parameters of bo mapping operations more clearly
  * CVE-2024-26925
    - netfilter: Cleanup nft_net->module_list from nf_tables_exit_net()
    - netfilter: nf_tables: release batch on table validation from abort path
    - netfilter: nf_tables: release mutex after nft_gc_seq_end from abort path
  * CVE-2024-26643
    - netfilter: nf_tables: mark set as dead when unbinding anonymous set with
      timeout
  * CVE-2024-2201
    - x86/cpufeatures: Add new word for scattered features
    - x86/cpufeatures: Add CPUID_LNX_5 to track recently added Linux-defined word
    - x86/bugs: Change commas to semicolons in 'spectre_v2' sysfs file
    - x86/bhi: Add support for clearing branch history at syscall entry
    - x86/bhi: Define SPEC_CTRL_BHI_DIS_S
    - x86/bhi: Enumerate Branch History Injection (BHI) bug
    - x86/bhi: Add BHI mitigation knob
    - x86/bhi: Mitigate KVM by default
    - [Config] updateconfigs for CONFIG_BHI_{AUTO|ON|OFF}
    - x86/bugs: Fix BHI documentation
    - x86/bugs: Cache the value of MSR_IA32_ARCH_CAPABILITIES
    - x86/bugs: Rename various 'ia32_cap' variables to 'x86_arch_cap_msr'
    - x86/bugs: Fix BHI handling of RRSBA
    - x86/bugs: Clarify that syscall hardening isn't a BHI mitigation
    - x86/bugs: Fix BHI retpoline check

Date: 2024-06-21 16:50:09.666597+00:00
Changed-By: Philip Cox <philip.cox at canonical.com>
Signed-By: Andy Whitcroft <apw at canonical.com>
https://launchpad.net/ubuntu/+source/linux-aws/5.4.0-1128.138
-------------- next part --------------
Sorry, changesfile not available.


More information about the Focal-changes mailing list