Ubuntu
linux package

Hirsute update: upstream stable patchset 2021-09-15

Bug #1943756 reported by Kamal Mostafa on 2021-09-15

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	linux (Ubuntu)	Invalid	Undecided	Unassigned
	Hirsute	Fix Released	Medium	Kamal Mostafa

Bug Description

SRU Justification

    Impact:
       The upstream process for stable tree updates is quite similar
       in scope to the Ubuntu SRU process, e.g., each patch has to
       demonstrably fix a bug, and each patch is vetted by upstream
       by originating either directly from a mainline/stable Linux tree or
       a minimally backported form of that patch. The following upstream
       stable patches should be included in the Ubuntu kernel:

upstream stable patchset 2021-09-15

                Ported from the following upstream stable releases:
                        v5.10.59, v5.13.11
                        v5.10.60, v5.13.12
                        v5.10.61, v5.13.13

from git://git.kernel.org/

KVM: SVM: Fix off-by-one indexing when nullifying last used SEV VMCB
firmware: tee_bnxt: Release TEE shm, session, and context during kexec
bpf: Add lockdown check for probe_write_user helper
Revert "selftests/resctrl: Use resctrl/info for feature detection"
mm: make zone_to_nid() and zone_set_nid() available for DISCONTIGMEM
arm64: dts: renesas: rzg2: Add usb2_clksel to RZ/G2 M/N/H
arm64: dts: renesas: beacon: Fix USB extal reference
arm64: dts: renesas: beacon: Fix USB ref clock references
USB:ehci:fix Kunpeng920 ehci hardware problem
ALSA: pcm: Fix mmap breakage without explicit buffer setup
ALSA: hda: Add quirk for ASUS Flow x13
ppp: Fix generating ppp unit id when ifname is not specified
ovl: prevent private clone if bind mount is not allowed
UBUNTU: upstream stable to v5.10.59, v5.13.11
iio: adc: ti-ads7950: Ensure CS is deasserted after reading channels
iio: adis: set GPIO reset pin direction
iio: humidity: hdc100x: Add margin to the conversion time
iio: adc: Fix incorrect exit of for-loop
ASoC: amd: Fix reference to PCM buffer address
ASoC: xilinx: Fix reference to PCM buffer address
ASoC: uniphier: Fix reference to PCM buffer address
ASoC: tlv320aic31xx: Fix jack detection after suspend
ASoC: intel: atom: Fix reference to PCM buffer address
i2c: dev: zero out array used for i2c reads from userspace
cifs: create sd context must be a multiple of 8
scsi: lpfc: Move initialization of phba->poll_list earlier to avoid crash
seccomp: Fix setting loaded filter count during TSYNC
net: ethernet: ti: cpsw: fix min eth packet size for non-switch use-cases
ARC: fp: set FPU_STATUS.FWE to enable FPU_STATUS update on context switch
ceph: reduce contention in ceph_check_delayed_caps()
ACPI: NFIT: Fix support for virtual SPA ranges
libnvdimm/region: Fix label activation vs errors
drm/amd/display: Remove invalid assert for ODM + MPC case
drm/amd/display: use GFP_ATOMIC in amdgpu_dm_irq_schedule_work
drm/amdgpu: don't enable baco on boco platforms in runpm
ieee802154: hwsim: fix GPF in hwsim_set_edge_lqi
ieee802154: hwsim: fix GPF in hwsim_new_edge_nl
pinctrl: mediatek: Fix fallback behavior for bias_set_combo
ASoC: cs42l42: Correct definition of ADC Volume control
ASoC: cs42l42: Don't allow SND_SOC_DAIFMT_LEFT_J
ASoC: SOF: Intel: hda-ipc: fix reply size checking
ASoC: cs42l42: Fix inversion of ADC Notch Switch control
ASoC: cs42l42: Remove duplicate control for WNF filter frequency
netfilter: nf_conntrack_bridge: Fix memory leak when error
ASoC: cs42l42: Fix LRCLK frame start edge
net: dsa: mt7530: add the missing RxUnicast MIB counter
net: mvvp2: fix short frame size on s390
platform/x86: pcengines-apuv2: Add missing terminating entries to gpio-lookup tables
libbpf: Fix probe for BPF_PROG_TYPE_CGROUP_SOCKOPT
bpf: Fix integer overflow involving bucket_size
net: phy: micrel: Fix link detection on ksz87xx switch"
ppp: Fix generating ifname when empty IFLA_IFNAME is specified
net/smc: fix wait on already cleared link
net: sched: act_mirred: Reset ct info when mirror/redirect skb
ice: Prevent probing virtual functions
ice: don't remove netdev->dev_addr from uc sync list
iavf: Set RSS LUT and key in reset handle path
psample: Add a fwd declaration for skbuff
bareudp: Fix invalid read beyond skb's linear data
net/mlx5: Synchronize correct IRQ when destroying CQ
net/mlx5: Fix return value from tracer initialization
drm/meson: fix colour distortion from HDR set during vendor u-boot
net: dsa: microchip: Fix ksz_read64()
net: dsa: microchip: ksz8795: Fix VLAN filtering
net: Fix memory leak in ieee802154_raw_deliver
net: igmp: fix data-race in igmp_ifc_timer_expire()
net: dsa: lan9303: fix broken backpressure in .port_fdb_dump
net: dsa: lantiq: fix broken backpressure in .port_fdb_dump
net: dsa: sja1105: fix broken backpressure in .port_fdb_dump
net: bridge: validate the NUD_PERMANENT bit when adding an extern_learn FDB entry
net: bridge: fix flags interpretation for extern learn fdb entries
net: bridge: fix memleak in br_add_if()
net: linkwatch: fix failure to restore device state across suspend/resume
tcp_bbr: fix u32 wrap bug in round logic if bbr_init() called after 2B packets
net: igmp: increase size of mr_ifc_count
drm/i915: Only access SFC_DONE when media domain is not fused off
xen/events: Fix race in set_evtchn_to_irq
vsock/virtio: avoid potential deadlock when vsock device remove
nbd: Aovid double completion of a request
arm64: efi: kaslr: Fix occasional random alloc (and boot) failure
efi/libstub: arm64: Force Image reallocation if BSS was not reserved
efi/libstub: arm64: Relax 2M alignment again for relocatable kernels
powerpc/kprobes: Fix kprobe Oops happens in booke
x86/tools: Fix objdump version check again
genirq: Provide IRQCHIP_AFFINITY_PRE_STARTUP
x86/msi: Force affinity setup before startup
x86/ioapic: Force affinity setup before startup
x86/resctrl: Fix default monitoring groups reporting
genirq/msi: Ensure deactivation on teardown
genirq/timings: Prevent potential array overflow in __irq_timings_store()
PCI/MSI: Enable and mask MSI-X early
PCI/MSI: Mask all unused MSI-X entries
PCI/MSI: Enforce that MSI-X table entry is masked for update
PCI/MSI: Enforce MSI[X] entry updates to be visible
PCI/MSI: Do not set invalid bits in MSI mask
PCI/MSI: Correct misleading comments
PCI/MSI: Use msi_mask_irq() in pci_msi_shutdown()
PCI/MSI: Protect msi_desc::masked for multi-MSI
powerpc/smp: Fix OOPS in topology_init()
efi/libstub: arm64: Double check image alignment at entry
KVM: VMX: Use current VMCS to query WAITPKG support for MSR emulation
KVM: nVMX: Use vmx_need_pf_intercept() when deciding if L0 wants a #PF
ceph: add some lockdep assertions around snaprealm handling
ceph: clean up locking annotation for ceph_get_snap_realm and __lookup_snap_realm
ceph: take snap_empty_lock atomically with snaprealm refcount change
vmlinux.lds.h: Handle clang's module.{c,d}tor sections
net: dsa: microchip: ksz8795: Fix PVID tag insertion
net: dsa: microchip: ksz8795: Reject unsupported VLAN configuration
net: dsa: microchip: ksz8795: Fix VLAN untagged flag change on deletion
net: dsa: microchip: ksz8795: Use software untagging on CPU port
lib: use PFN_PHYS() in devmem_is_allowed()
selftests/sgx: Fix Q1 and Q2 calculation in sigstruct.c
drm/amd/pm: Fix a memory leak in an error handling path in 'vangogh_tables_init()'
libbpf: Do not close un-owned FD 0 on errors
net/smc: Correct smc link connection counter in case of smc client
ovl: fix deadlock in splice write
net: dsa: hellcreek: fix broken backpressure in .port_fdb_dump
kasan, slub: reset tag when printing address
UBUNTU: upstream stable to v5.10.60, v5.13.12
ath: Use safer key clearing with key cache entries
ath9k: Clear key cache explicitly on disabling hardware
ath: Export ath_hw_keysetmac()
ath: Modify ath_key_delete() to not need full key entry
ath9k: Postpone key cache entry deletion for TXQ frames reference it
mtd: cfi_cmdset_0002: fix crash when erasing/writing AMD cards
USB: core: Avoid WARNings for 0-length descriptor requests
USB: core: Fix incorrect pipe calculation in do_proc_control()
dmaengine: xilinx_dma: Fix read-after-free bug when terminating transfers
dmaengine: usb-dmac: Fix PM reference leak in usb_dmac_probe()
spi: spi-mux: Add module info needed for autoloading
net: xfrm: Fix end of loop tests for list_for_each_entry
ARM: dts: am43x-epos-evm: Reduce i2c0 bus speed for tps65218
dmaengine: of-dma: router_xlate to return -EPROBE_DEFER if controller is not yet available
scsi: pm80xx: Fix TMF task completion race condition
scsi: megaraid_mm: Fix end of loop tests for list_for_each_entry()
scsi: scsi_dh_rdac: Avoid crash during rdac_bus_attach()
scsi: core: Avoid printing an error if target_alloc() returns -ENXIO
scsi: core: Fix capacity set to zero after offlinining device
drm/amdgpu: fix the doorbell missing when in CGPG issue for renoir.
qede: fix crash in rmmod qede while automatic debug collection
ARM: dts: nomadik: Fix up interrupt controller node names
net: usb: pegasus: Check the return value of get_geristers() and friends;
net: usb: lan78xx: don't modify phy_device state concurrently
drm/amd/display: Fix Dynamic bpp issue with 8K30 with Navi 1X
drm/amd/display: workaround for hard hang on HPD on native DP
arm64: dts: qcom: c630: fix correct powerdown pin for WSA881x
arm64: dts: qcom: msm8992-bullhead: Remove PSCI
iommu: Check if group is NULL before remove device
cpufreq: armada-37xx: forbid cpufreq for 1.2 GHz variant
dccp: add do-while-0 stubs for dccp_pr_debug macros
virtio: Protect vqs list access
vhost-vdpa: Fix integer overflow in vhost_vdpa_process_iotlb_update()
bus: ti-sysc: Fix error handling for sysc_check_active_timer()
vhost: Fix the calculation in vhost_overflow()
vdpa/mlx5: Avoid destroying MR on empty iotlb
drm/mediatek: Fix aal size config
drm/mediatek: Add AAL output size configuration
bpf: Clear zext_dst of dead insns
bnxt: don't lock the tx queue from napi poll
bnxt: disable napi before canceling DIM
bnxt: make sure xmit_more + errors does not miss doorbells
bnxt: count Tx drops
net: 6pack: fix slab-out-of-bounds in decode_data
ptp_pch: Restore dependency on PCI
bnxt_en: Disable aRFS if running on 212 firmware
bnxt_en: Add missing DMA memory barriers
vrf: Reset skb conntrack connection on VRF rcv
virtio-net: support XDP when not more queues
virtio-net: use NETIF_F_GRO_HW instead of NETIF_F_LRO
net: qlcnic: add missed unlock in qlcnic_83xx_flash_read32
ixgbe, xsk: clean up the resources in ixgbe_xsk_pool_enable error path
sch_cake: fix srchost/dsthost hashing mode
net: mdio-mux: Don't ignore memory allocation errors
net: mdio-mux: Handle -EPROBE_DEFER correctly
ovs: clear skb->tstamp in forwarding path
iommu/vt-d: Consolidate duplicate cache invaliation code
iommu/vt-d: Fix incomplete cache flush in intel_pasid_tear_down_entry()
r8152: fix writing USB_BP2_EN
i40e: Fix ATR queue selection
iavf: Fix ping is lost after untrusted VF had tried to change MAC
Revert "flow_offload: action should not be NULL when it is referenced"
mmc: dw_mmc: Fix hang on data CRC error
mmc: mmci: stm32: Check when the voltage switch procedure should be done
mmc: sdhci-msm: Update the software timeout value for sdhc
clk: imx6q: fix uart earlycon unwork
clk: qcom: gdsc: Ensure regulator init state matches GDSC state
ALSA: hda - fix the 'Capture Switch' value change notifications
tracing / histogram: Fix NULL pointer dereference on strcmp() on NULL event name
slimbus: messaging: start transaction ids from 1 instead of zero
slimbus: messaging: check for valid transaction id
slimbus: ngd: reset dma setup during runtime pm
ipack: tpci200: fix many double free issues in tpci200_pci_probe
ipack: tpci200: fix memory leak in the tpci200_register
ALSA: hda/realtek: Enable 4-speaker output for Dell XPS 15 9510 laptop
mmc: sdhci-iproc: Cap min clock frequency on BCM2711
btrfs: prevent rename2 from exchanging a subvol with a directory from different parents
ALSA: hda/via: Apply runtime PM workaround for ASUS B23E
s390/pci: fix use after free of zpci_dev
PCI: Increase D3 delay for AMD Renoir/Cezanne XHCI
ASoC: intel: atom: Fix breakage for PCM buffer address setup
mm: memcontrol: fix occasional OOMs due to proportional memory.low reclaim
fs: warn about impending deprecation of mandatory locks
io_uring: fix xa_alloc_cycle() error return value check
io_uring: only assign io_uring_enter() SQPOLL error in actual error case
io_uring: Use WRITE_ONCE() when writing to sq_flags
vdpa_sim: Fix return value check for vdpa_alloc_device()
vDPA/ifcvf: Fix return value check for vdpa_alloc_device()
vdpa/mlx5: Fix queue type selection logic
net: usb: asix: refactor asix_read_phy_addr() and handle errors on return
drm/i915: Skip display interruption setup when display is not available
mptcp: full fully established support after ADD_ADDR
slimbus: ngd: set correct device for pm
io_uring: fix code style problems
UBUNTU: upstream stable to v5.10.61, v5.13.13

See original description

Tags:

CVE References

2021-40490

Kamal Mostafa (kamalmostafa) on 2021-09-15

Changed in linux (Ubuntu):
status:	New → Confirmed
tags:	added: kernel-stable-tracking-bug
Changed in linux (Ubuntu Hirsute):
status:	New → In Progress
importance:	Undecided → Medium
assignee:	nobody → Kamal Mostafa (kamalmostafa)
Changed in linux (Ubuntu):
status:	Confirmed → Invalid
description:	updated

Stefan Bader (smb) on 2021-09-22

Changed in linux (Ubuntu Hirsute):
status:	In Progress → Fix Committed

Revision history for this message

Launchpad Janitor (janitor) wrote on 2021-10-18:

Download full text (20.7 KiB)

This bug was fixed in the package linux - 5.11.0-38.42

---------------
linux (5.11.0-38.42) hirsute; urgency=medium

* hirsute/linux: 5.11.0-38.42 -proposed tracker (LP: #1944863)

* Packaging resync (LP: #1786013)
- debian/dkms-versions -- update from kernel-versions (main/2021.09.27)

  * Wobbly graphics on built-in display since linux-image-5.11.0-22-generic
    (LP: #1936708)
    - drm/i915/dp: Use max params for panels < eDP 1.4

This bug was fixed in the package linux - 5.11.0-38.42

---------------
linux (5.11.0-38.42) hirsute; urgency=medium

* hirsute/linux: 5.11.0-38.42 -proposed tracker (LP: #1944863)

* Packaging resync (LP: #1786013)
    - debian/dkms-versions -- update from kernel-versions (main/2021.09.27)

* Wobbly graphics on built-in display since linux-image-5.11.0-22-generic
    (LP: #1936708)
    - drm/i915/dp: Use max params for panels < eDP 1.4

* Hirsute update: upstream stable patchset 2021-09-22 (LP: #1944610)
    - net: qrtr: fix another OOB Read in qrtr_endpoint_post
    - bpf: Fix ringbuf helper function compatibility
    - bpf: Fix NULL pointer dereference in bpf_get_local_storage() helper
    - ASoC: rt5682: Adjust headset volume button threshold
    - ASoC: component: Remove misplaced prefix handling in pin control functions
    - ARC: Fix CONFIG_STACKDEPOT
    - netfilter: conntrack: collect all entries in one cycle
    - once: Fix panic when module unload
    - blk-iocost: fix lockdep warning on blkcg->lock
    - ovl: fix uninitialized pointer read in ovl_lookup_real_one()
    - net: mscc: Fix non-GPL export of regmap APIs
    - can: usb: esd_usb2: esd_usb2_rx_event(): fix the interchange of the CAN RX
      and TX error counters
    - ceph: correctly handle releasing an embedded cap flush
    - riscv: Ensure the value of FP registers in the core dump file is up to date
    - Revert "btrfs: compression: don't try to compress if we don't have enough
      pages"
    - drm/amdgpu: Cancel delayed work when GFXOFF is disabled
    - Revert "USB: serial: ch341: fix character loss at high transfer rates"
    - USB: serial: option: add new VID/PID to support Fibocom FG150
    - usb: renesas-xhci: Prefer firmware loading on unknown ROM state
    - usb: dwc3: gadget: Fix dwc3_calc_trbs_left()
    - usb: dwc3: gadget: Stop EP0 transfers during pullup disable
    - scsi: core: Fix hang of freezing queue between blocking and running device
    - RDMA/bnxt_re: Add missing spin lock initialization
    - IB/hfi1: Fix possible null-pointer dereference in _extend_sdma_tx_descs()
    - RDMA/bnxt_re: Remove unpaired rtnl unlock in bnxt_re_dev_init()
    - ice: do not abort devlink info if board identifier can't be found
    - net: usb: pegasus: fixes of set_register(s) return value evaluation;
    - igc: Use num_tx_queues when iterating over tx_ring queue
    - e1000e: Fix the max snoop/no-snoop latency for 10M
    - RDMA/efa: Free IRQ vectors on error flow
    - ip_gre: add validation for csum_start
    - xgene-v2: Fix a resource leak in the error handling path of 'xge_probe()'
    - net: marvell: fix MVNETA_TX_IN_PRGRS bit number
    - net/sched: ets: fix crash when flipping from 'strict' to 'quantum'
    - ipv6: use siphash in rt6_exception_hash()
    - ipv4: use siphash instead of Jenkins in fnhe_hashfun()
    - cxgb4: dont touch blocked freelist bitmap after free
    - rtnetlink: Return correct error on changing device netns
    - net: hns3: clear hardware resource when loading driver
    - net: hns3: add waiting time before cmdq memory is released
    - net: hns3: fix duplicate node in VLAN list
    - net: hns3: fix get wrong pfc_en when query PFC configuration
    - net: stmmac: add mutex lock to protect est parameters
    - net: stmmac: fix kernel panic due to NULL pointer dereference of plat->est
    - drm/i915: Fix syncmap memory leak
    - usb: gadget: u_audio: fix race condition on endpoint stop
    - dt-bindings: sifive-l2-cache: Fix 'select' matching
    - perf/x86/intel/uncore: Fix integer overflow on 23 bit left shift of a u32
    - clk: renesas: rcar-usb2-clock-sel: Fix kernel NULL pointer dereference
    - iwlwifi: pnvm: accept multiple HW-type TLVs
    - opp: remove WARN when no valid OPPs remain
    - cpufreq: blocklist Qualcomm sm8150 in cpufreq-dt-platdev
    - virtio: Improve vq->broken access to avoid any compiler optimization
    - virtio_pci: Support surprise removal of virtio pci device
    - virtio_vdpa: reject invalid vq indices
    - vringh: Use wiov->used to check for read/write desc order
    - tools/virtio: fix build
    - qed: qed ll2 race condition fixes
    - qed: Fix null-pointer dereference in qed_rdma_create_qp()
    - Revert "drm/amd/pm: fix workload mismatch on vega10"
    - drm/amd/pm: change the workload type for some cards
    - blk-mq: don't grab rq's refcount in blk_mq_check_expired()
    - drm: Copy drm_wait_vblank to user before returning
    - drm/nouveau/disp: power down unused DP links during init
    - drm/nouveau/kms/nv50: workaround EFI GOP window channel format differences
    - net/rds: dma_map_sg is entitled to merge entries
    - btrfs: fix race between marking inode needs to be logged and log syncing
    - pipe: avoid unnecessary EPOLLET wakeups under normal loads
    - pipe: do FASYNC notifications for every pipe IO, not just state changes
    - mtd: spinand: Fix incorrect parameters for on-die ECC
    - tipc: call tipc_wait_for_connect only when dlen is not 0
    - vt_kdsetmode: extend console locking
    - Bluetooth: btusb: check conditions before enabling USB ALT 3 for WBS
    - riscv: Fixup wrong ftrace remove cflag
    - riscv: Fixup patch_text panic in ftrace
    - perf env: Fix memory leak of bpf_prog_info_linear member
    - perf symbol-elf: Fix memory leak by freeing sdt_note.args
    - perf record: Fix memory leak in vDSO found using ASAN
    - perf tools: Fix arm64 build error with gcc-11
    - perf annotate: Fix jump parsing for C++ code.
    - srcu: Provide internal interface to start a Tree SRCU grace period
    - srcu: Provide polling interfaces for Tree SRCU grace periods
    - srcu: Provide internal interface to start a Tiny SRCU grace period
    - srcu: Make Tiny SRCU use multi-bit grace-period counter
    - srcu: Provide polling interfaces for Tiny SRCU grace periods
    - tracepoint: Use rcu get state and cond sync for static call updates
    - net: dsa: mt7530: fix VLAN traffic leaks again
    - arm64: dts: qcom: msm8994-angler: Fix gpio-reserved-ranges 85-88
    - btrfs: fix NULL pointer dereference when deleting device by invalid id
    - Revert "floppy: reintroduce O_NDELAY fix"
    - Revert "parisc: Add assembly implementations for memset, strlen, strcpy,
      strncpy and strcat"
    - net: don't unconditionally copy_from_user a struct ifreq for socket ioctls
    - audit: move put_tree() to avoid trim_trees refcount underflow and UAF
    - bpf: Fix potentially incorrect results with bpf_get_local_storage()
    - netfilter: ipset: Limit the maximal range of consecutive elements to
      add/delete
    - drm/amdgpu: use the preferred pin domain after the check
    - drm/amdgpu: Fix build with missing pm_suspend_target_state module export
    - RDMA/mlx5: Fix crash when unbind multiport slave
    - ucounts: Increase ucounts reference counter before the security hook
    - net: hns3: fix speed unknown issue in bond 4
    - sched: Fix get_push_task() vs migrate_disable()
    - platform/x86: asus-nb-wmi: Allow configuring SW_TABLET_MODE method with a
      module option
    - platform/x86: asus-nb-wmi: Add tablet_mode_sw=lid-flip quirk for the TP200s
    - arm64: initialize all of CNTHCTL_EL2
    - fscrypt: add fscrypt_symlink_getattr() for computing st_size
    - ext4: report correct st_size for encrypted symlinks
    - f2fs: report correct st_size for encrypted symlinks
    - ubifs: report correct st_size for encrypted symlinks

* CVE-2021-40490
    - ext4: fix race writing to an inline_data file while its xattrs are changing

* Obsolete patch "UBUNTU: SAUCE: ext4: fix directory index node split
    corruption" (LP: #1942902)
    - Revert "UBUNTU: SAUCE: ext4: fix directory index node split corruption"

* Speakup modules not included in Hirsute kernel (LP: #1942459)
    - [Config] CONFIG_SPEAKUP=m

* psock_snd.sh in net from ubuntu_kernel_selftests ADT failure with
    focal/groovy/hirsute/impish (LP: #1892213)
    - selftests/net: remove min gso test in packet_snd

* Hirsute update: upstream stable patchset 2021-09-15 (LP: #1943756)
    - KVM: SVM: Fix off-by-one indexing when nullifying last used SEV VMCB
    - firmware: tee_bnxt: Release TEE shm, session, and context during kexec
    - bpf: Add lockdown check for probe_write_user helper
    - Revert "selftests/resctrl: Use resctrl/info for feature detection"
    - mm: make zone_to_nid() and zone_set_nid() available for DISCONTIGMEM
    - arm64: dts: renesas: rzg2: Add usb2_clksel to RZ/G2 M/N/H
    - arm64: dts: renesas: beacon: Fix USB extal reference
    - arm64: dts: renesas: beacon: Fix USB ref clock references
    - USB:ehci:fix Kunpeng920 ehci hardware problem
    - ALSA: pcm: Fix mmap breakage without explicit buffer setup
    - ALSA: hda: Add quirk for ASUS Flow x13
    - ppp: Fix generating ppp unit id when ifname is not specified
    - ovl: prevent private clone if bind mount is not allowed
    - iio: adc: ti-ads7950: Ensure CS is deasserted after reading channels
    - iio: adis: set GPIO reset pin direction
    - iio: humidity: hdc100x: Add margin to the conversion time
    - iio: adc: Fix incorrect exit of for-loop
    - ASoC: amd: Fix reference to PCM buffer address
    - ASoC: xilinx: Fix reference to PCM buffer address
    - ASoC: uniphier: Fix reference to PCM buffer address
    - ASoC: tlv320aic31xx: Fix jack detection after suspend
    - ASoC: intel: atom: Fix reference to PCM buffer address
    - i2c: dev: zero out array used for i2c reads from userspace
    - cifs: create sd context must be a multiple of 8
    - scsi: lpfc: Move initialization of phba->poll_list earlier to avoid crash
    - seccomp: Fix setting loaded filter count during TSYNC
    - net: ethernet: ti: cpsw: fix min eth packet size for non-switch use-cases
    - ARC: fp: set FPU_STATUS.FWE to enable FPU_STATUS update on context switch
    - ceph: reduce contention in ceph_check_delayed_caps()
    - ACPI: NFIT: Fix support for virtual SPA ranges
    - libnvdimm/region: Fix label activation vs errors
    - drm/amd/display: Remove invalid assert for ODM + MPC case
    - drm/amd/display: use GFP_ATOMIC in amdgpu_dm_irq_schedule_work
    - drm/amdgpu: don't enable baco on boco platforms in runpm
    - ieee802154: hwsim: fix GPF in hwsim_set_edge_lqi
    - ieee802154: hwsim: fix GPF in hwsim_new_edge_nl
    - pinctrl: mediatek: Fix fallback behavior for bias_set_combo
    - ASoC: cs42l42: Correct definition of ADC Volume control
    - ASoC: cs42l42: Don't allow SND_SOC_DAIFMT_LEFT_J
    - ASoC: SOF: Intel: hda-ipc: fix reply size checking
    - ASoC: cs42l42: Fix inversion of ADC Notch Switch control
    - ASoC: cs42l42: Remove duplicate control for WNF filter frequency
    - netfilter: nf_conntrack_bridge: Fix memory leak when error
    - ASoC: cs42l42: Fix LRCLK frame start edge
    - net: dsa: mt7530: add the missing RxUnicast MIB counter
    - net: mvvp2: fix short frame size on s390
    - platform/x86: pcengines-apuv2: Add missing terminating entries to gpio-
      lookup tables
    - libbpf: Fix probe for BPF_PROG_TYPE_CGROUP_SOCKOPT
    - bpf: Fix integer overflow involving bucket_size
    - net: phy: micrel: Fix link detection on ksz87xx switch"
    - ppp: Fix generating ifname when empty IFLA_IFNAME is specified
    - net/smc: fix wait on already cleared link
    - net: sched: act_mirred: Reset ct info when mirror/redirect skb
    - ice: Prevent probing virtual functions
    - ice: don't remove netdev->dev_addr from uc sync list
    - iavf: Set RSS LUT and key in reset handle path
    - psample: Add a fwd declaration for skbuff
    - bareudp: Fix invalid read beyond skb's linear data
    - net/mlx5: Synchronize correct IRQ when destroying CQ
    - net/mlx5: Fix return value from tracer initialization
    - drm/meson: fix colour distortion from HDR set during vendor u-boot
    - net: dsa: microchip: Fix ksz_read64()
    - net: dsa: microchip: ksz8795: Fix VLAN filtering
    - net: Fix memory leak in ieee802154_raw_deliver
    - net: igmp: fix data-race in igmp_ifc_timer_expire()
    - net: dsa: lan9303: fix broken backpressure in .port_fdb_dump
    - net: dsa: lantiq: fix broken backpressure in .port_fdb_dump
    - net: dsa: sja1105: fix broken backpressure in .port_fdb_dump
    - net: bridge: validate the NUD_PERMANENT bit when adding an extern_learn FDB
      entry
    - net: bridge: fix flags interpretation for extern learn fdb entries
    - net: bridge: fix memleak in br_add_if()
    - net: linkwatch: fix failure to restore device state across suspend/resume
    - tcp_bbr: fix u32 wrap bug in round logic if bbr_init() called after 2B
      packets
    - net: igmp: increase size of mr_ifc_count
    - drm/i915: Only access SFC_DONE when media domain is not fused off
    - xen/events: Fix race in set_evtchn_to_irq
    - vsock/virtio: avoid potential deadlock when vsock device remove
    - nbd: Aovid double completion of a request
    - arm64: efi: kaslr: Fix occasional random alloc (and boot) failure
    - efi/libstub: arm64: Force Image reallocation if BSS was not reserved
    - efi/libstub: arm64: Relax 2M alignment again for relocatable kernels
    - powerpc/kprobes: Fix kprobe Oops happens in booke
    - x86/tools: Fix objdump version check again
    - genirq: Provide IRQCHIP_AFFINITY_PRE_STARTUP
    - x86/msi: Force affinity setup before startup
    - x86/ioapic: Force affinity setup before startup
    - x86/resctrl: Fix default monitoring groups reporting
    - genirq/msi: Ensure deactivation on teardown
    - genirq/timings: Prevent potential array overflow in __irq_timings_store()
    - PCI/MSI: Enable and mask MSI-X early
    - PCI/MSI: Mask all unused MSI-X entries
    - PCI/MSI: Enforce that MSI-X table entry is masked for update
    - PCI/MSI: Enforce MSI[X] entry updates to be visible
    - PCI/MSI: Do not set invalid bits in MSI mask
    - PCI/MSI: Correct misleading comments
    - PCI/MSI: Use msi_mask_irq() in pci_msi_shutdown()
    - PCI/MSI: Protect msi_desc::masked for multi-MSI
    - powerpc/smp: Fix OOPS in topology_init()
    - efi/libstub: arm64: Double check image alignment at entry
    - KVM: VMX: Use current VMCS to query WAITPKG support for MSR emulation
    - KVM: nVMX: Use vmx_need_pf_intercept() when deciding if L0 wants a #PF
    - ceph: add some lockdep assertions around snaprealm handling
    - ceph: clean up locking annotation for ceph_get_snap_realm and
      __lookup_snap_realm
    - ceph: take snap_empty_lock atomically with snaprealm refcount change
    - vmlinux.lds.h: Handle clang's module.{c,d}tor sections
    - net: dsa: microchip: ksz8795: Fix PVID tag insertion
    - net: dsa: microchip: ksz8795: Reject unsupported VLAN configuration
    - net: dsa: microchip: ksz8795: Fix VLAN untagged flag change on deletion
    - net: dsa: microchip: ksz8795: Use software untagging on CPU port
    - lib: use PFN_PHYS() in devmem_is_allowed()
    - selftests/sgx: Fix Q1 and Q2 calculation in sigstruct.c
    - drm/amd/pm: Fix a memory leak in an error handling path in
      'vangogh_tables_init()'
    - libbpf: Do not close un-owned FD 0 on errors
    - net/smc: Correct smc link connection counter in case of smc client
    - ovl: fix deadlock in splice write
    - net: dsa: hellcreek: fix broken backpressure in .port_fdb_dump
    - kasan, slub: reset tag when printing address
    - ath: Use safer key clearing with key cache entries
    - ath9k: Clear key cache explicitly on disabling hardware
    - ath: Export ath_hw_keysetmac()
    - ath: Modify ath_key_delete() to not need full key entry
    - ath9k: Postpone key cache entry deletion for TXQ frames reference it
    - mtd: cfi_cmdset_0002: fix crash when erasing/writing AMD cards
    - USB: core: Avoid WARNings for 0-length descriptor requests
    - USB: core: Fix incorrect pipe calculation in do_proc_control()
    - dmaengine: xilinx_dma: Fix read-after-free bug when terminating transfers
    - dmaengine: usb-dmac: Fix PM reference leak in usb_dmac_probe()
    - spi: spi-mux: Add module info needed for autoloading
    - net: xfrm: Fix end of loop tests for list_for_each_entry
    - ARM: dts: am43x-epos-evm: Reduce i2c0 bus speed for tps65218
    - dmaengine: of-dma: router_xlate to return -EPROBE_DEFER if controller is not
      yet available
    - scsi: pm80xx: Fix TMF task completion race condition
    - scsi: megaraid_mm: Fix end of loop tests for list_for_each_entry()
    - scsi: scsi_dh_rdac: Avoid crash during rdac_bus_attach()
    - scsi: core: Avoid printing an error if target_alloc() returns -ENXIO
    - scsi: core: Fix capacity set to zero after offlinining device
    - drm/amdgpu: fix the doorbell missing when in CGPG issue for renoir.
    - qede: fix crash in rmmod qede while automatic debug collection
    - ARM: dts: nomadik: Fix up interrupt controller node names
    - net: usb: pegasus: Check the return value of get_geristers() and friends;
    - net: usb: lan78xx: don't modify phy_device state concurrently
    - drm/amd/display: Fix Dynamic bpp issue with 8K30 with Navi 1X
    - drm/amd/display: workaround for hard hang on HPD on native DP
    - arm64: dts: qcom: c630: fix correct powerdown pin for WSA881x
    - arm64: dts: qcom: msm8992-bullhead: Remove PSCI
    - iommu: Check if group is NULL before remove device
    - cpufreq: armada-37xx: forbid cpufreq for 1.2 GHz variant
    - dccp: add do-while-0 stubs for dccp_pr_debug macros
    - virtio: Protect vqs list access
    - vhost-vdpa: Fix integer overflow in vhost_vdpa_process_iotlb_update()
    - bus: ti-sysc: Fix error handling for sysc_check_active_timer()
    - vhost: Fix the calculation in vhost_overflow()
    - vdpa/mlx5: Avoid destroying MR on empty iotlb
    - drm/mediatek: Fix aal size config
    - drm/mediatek: Add AAL output size configuration
    - bpf: Clear zext_dst of dead insns
    - bnxt: don't lock the tx queue from napi poll
    - bnxt: disable napi before canceling DIM
    - bnxt: make sure xmit_more + errors does not miss doorbells
    - bnxt: count Tx drops
    - net: 6pack: fix slab-out-of-bounds in decode_data
    - ptp_pch: Restore dependency on PCI
    - bnxt_en: Disable aRFS if running on 212 firmware
    - bnxt_en: Add missing DMA memory barriers
    - vrf: Reset skb conntrack connection on VRF rcv
    - virtio-net: support XDP when not more queues
    - virtio-net: use NETIF_F_GRO_HW instead of NETIF_F_LRO
    - net: qlcnic: add missed unlock in qlcnic_83xx_flash_read32
    - ixgbe, xsk: clean up the resources in ixgbe_xsk_pool_enable error path
    - sch_cake: fix srchost/dsthost hashing mode
    - net: mdio-mux: Don't ignore memory allocation errors
    - net: mdio-mux: Handle -EPROBE_DEFER correctly
    - ovs: clear skb->tstamp in forwarding path
    - iommu/vt-d: Consolidate duplicate cache invaliation code
    - iommu/vt-d: Fix incomplete cache flush in intel_pasid_tear_down_entry()
    - r8152: fix writing USB_BP2_EN
    - i40e: Fix ATR queue selection
    - iavf: Fix ping is lost after untrusted VF had tried to change MAC
    - Revert "flow_offload: action should not be NULL when it is referenced"
    - mmc: dw_mmc: Fix hang on data CRC error
    - mmc: mmci: stm32: Check when the voltage switch procedure should be done
    - mmc: sdhci-msm: Update the software timeout value for sdhc
    - clk: imx6q: fix uart earlycon unwork
    - clk: qcom: gdsc: Ensure regulator init state matches GDSC state
    - ALSA: hda - fix the 'Capture Switch' value change notifications
    - tracing / histogram: Fix NULL pointer dereference on strcmp() on NULL event
      name
    - slimbus: messaging: start transaction ids from 1 instead of zero
    - slimbus: messaging: check for valid transaction id
    - slimbus: ngd: reset dma setup during runtime pm
    - ipack: tpci200: fix many double free issues in tpci200_pci_probe
    - ipack: tpci200: fix memory leak in the tpci200_register
    - ALSA: hda/realtek: Enable 4-speaker output for Dell XPS 15 9510 laptop
    - mmc: sdhci-iproc: Cap min clock frequency on BCM2711
    - btrfs: prevent rename2 from exchanging a subvol with a directory from
      different parents
    - ALSA: hda/via: Apply runtime PM workaround for ASUS B23E
    - s390/pci: fix use after free of zpci_dev
    - PCI: Increase D3 delay for AMD Renoir/Cezanne XHCI
    - ASoC: intel: atom: Fix breakage for PCM buffer address setup
    - mm: memcontrol: fix occasional OOMs due to proportional memory.low reclaim
    - fs: warn about impending deprecation of mandatory locks
    - io_uring: fix xa_alloc_cycle() error return value check
    - io_uring: only assign io_uring_enter() SQPOLL error in actual error case
    - io_uring: Use WRITE_ONCE() when writing to sq_flags
    - vdpa_sim: Fix return value check for vdpa_alloc_device()
    - vDPA/ifcvf: Fix return value check for vdpa_alloc_device()
    - vdpa/mlx5: Fix queue type selection logic
    - net: usb: asix: refactor asix_read_phy_addr() and handle errors on return
    - drm/i915: Skip display interruption setup when display is not available
    - mptcp: full fully established support after ADD_ADDR
    - slimbus: ngd: set correct device for pm
    - io_uring: fix code style problems

-- Stefan Bader <stefan.bader@canonical.com>  Fri, 24 Sep 2021 14:35:35 +0200

Changed in linux (Ubuntu Hirsute):
status:	Fix Committed → Fix Released

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.

Ubuntulinux package