Package "linux"

  linux (5.4.0-86.97) focal; urgency=medium

  * s390x BPF JIT vulnerabilities (LP: #1943960)
    - SAUCE: s390/bpf: Fix 64-bit subtraction of the -0x80000000 constant
    - SAUCE: s390/bpf: Fix optimizing out zero-extensions

 -- Thadeu Lima de Souza Cascardo <email address hidden> Fri, 17 Sep 2021 15:35:09 -0300

  linux (5.4.0-84.94) focal; urgency=medium

  * focal/linux: 5.4.0-84.94 -proposed tracker (LP: #1941767)

  * Server boot failure after adding checks for ACPI IRQ override (LP: #1941657)
    - Revert "ACPI: resources: Add checks for ACPI IRQ override"

  linux (5.4.0-81.91) focal; urgency=medium

  * Packaging resync (LP: #1786013)
    - update dkms package versions

  * large_dir in ext4 broken (LP: #1933074)
    - SAUCE: ext4: fix directory index node split corruption

  * Some test in kselftest/net on focal source tree were not tested at all
    (LP: #1934282)
    - selftests/net: add missing tests to Makefile

  * curtin: install flash-kernel in arm64 UEFI unexpected (LP: #1918427)
    - [Packaging] Allow grub-efi-arm* to satisfy recommends on ARM

  * Add l2tp.sh in net from ubuntu_kernel_selftests back (LP: #1934293)
    - Revert "UBUNTU: SAUCE: selftests/net -- disable l2tp.sh test"

  * icmp_redirect.sh in net from ubuntu_kernel_selftests failed on F-OEM-5.6 /
    F-OEM-5.10 / F-OEM-5.13 / F / G / H (LP: #1880645)
    - selftests: icmp_redirect: support expected failures

  * Focal update: v5.4.128 upstream stable release (LP: #1934179)
    - dmaengine: ALTERA_MSGDMA depends on HAS_IOMEM
    - dmaengine: QCOM_HIDMA_MGMT depends on HAS_IOMEM
    - dmaengine: stedma40: add missing iounmap() on error in d40_probe()
    - afs: Fix an IS_ERR() vs NULL check
    - mm/memory-failure: make sure wait for page writeback in memory_failure
    - kvm: LAPIC: Restore guard to prevent illegal APIC register access
    - batman-adv: Avoid WARN_ON timing related checks
    - net: ipv4: fix memory leak in netlbl_cipsov4_add_std
    - vrf: fix maximum MTU
    - net: rds: fix memory leak in rds_recvmsg
    - net: lantiq: disable interrupt before sheduling NAPI
    - udp: fix race between close() and udp_abort()
    - rtnetlink: Fix regression in bridge VLAN configuration
    - net/sched: act_ct: handle DNAT tuple collision
    - net/mlx5e: Remove dependency in IPsec initialization flows
    - net/mlx5e: Fix page reclaim for dead peer hairpin
    - net/mlx5: Consider RoCE cap before init RDMA resources
    - net/mlx5e: allow TSO on VXLAN over VLAN topologies
    - net/mlx5e: Block offload of outer header csum for UDP tunnels
    - netfilter: synproxy: Fix out of bounds when parsing TCP options
    - sch_cake: Fix out of bounds when parsing TCP options and header
    - alx: Fix an error handling path in 'alx_probe()'
    - net: stmmac: dwmac1000: Fix extended MAC address registers definition
    - net: make get_net_ns return error if NET_NS is disabled
    - qlcnic: Fix an error handling path in 'qlcnic_probe()'
    - netxen_nic: Fix an error handling path in 'netxen_nic_probe()'
    - net: qrtr: fix OOB Read in qrtr_endpoint_post
    - ptp: improve max_adj check against unreasonable values
    - net: cdc_ncm: switch to eth%d interface naming
    - lantiq: net: fix duplicated skb in rx descriptor ring
    - net: usb: fix possible use-after-free in smsc75xx_bind
    - net: fec_ptp: fix issue caused by refactor the fec_devtype
    - net: ipv4: fix memory leak in ip_mc_add1_src
    - net/af_unix: fix a data-race in unix_dgram_sendmsg / unix_release_sock
    - be2net: Fix an error handling path in 'be_probe()'
    - net: hamradio: fix memory leak in mkiss_close
    - net: cdc_eem: fix tx fixup skb leak
    - cxgb4: fix wrong shift.
    - bnxt_en: Rediscover PHY capabilities after firmware reset
    - bnxt_en: Call bnxt_ethtool_free() in bnxt_init_one() error path
    - icmp: don't send out ICMP messages with a source address of 0.0.0.0
    - net: ethernet: fix potential use-after-free in ec_bhf_remove
    - regulator: bd70528: Fix off-by-one for buck123 .n_voltages setting
    - ASoC: rt5659: Fix the lost powers for the HDA header
    - spi: stm32-qspi: Always wait BUSY bit to be cleared in stm32_qspi_wait_cmd()
    - pinctrl: ralink: rt2880: avoid to error in calls is pin is already enabled
    - radeon: use memcpy_to/fromio for UVD fw upload
    - hwmon: (scpi-hwmon) shows the negative temperature properly
    - can: bcm: fix infoleak in struct bcm_msg_head
    - can: bcm/raw/isotp: use per module netdevice notifier
    - can: j1939: fix Use-after-Free, hold skb ref while in use
    - can: mcba_usb: fix memory leak in mcba_usb
    - usb: core: hub: Disable autosuspend for Cypress CY7C65632
    - tracing: Do not stop recording cmdlines when tracing is off
    - tracing: Do not stop recording comms if the trace file is being read
    - tracing: Do no increment trace_clock_global() by one
    - PCI: Mark TI C667X to avoid bus reset
    - PCI: Mark some NVIDIA GPUs to avoid bus reset
    - PCI: aardvark: Don't rely on jiffies while holding spinlock
    - PCI: aardvark: Fix kernel panic during PIO transfer
    - PCI: Add ACS quirk for Broadcom BCM57414 NIC
    - PCI: Work around Huawei Intelligent NIC VF FLR erratum
    - KVM: x86: Immediately reset the MMU context when the SMM flag is cleared
    - ARCv2: save ABI registers across signal handling
    - x86/process: Check PF_KTHREAD and not current->mm for kernel threads
    - x86/pkru: Write hardware init value to PKRU when xstate is init
    - x86/fpu: Reset state for all signal restore failures
    - dmaengine: pl330: fix wrong usage of spinlock flags in dma_cyclc
    - cfg80211: make certificate generation more robust
    - cfg80211: avoid double free of PMSR request
    - net: ll_temac: Make sure to free skb when it is completely used
    - net: ll_temac: Fix TX BD buffer overwrite
    - net: bridge: fix vlan tunnel dst null pointer dereference
    - net: bridge: fix vlan tunnel dst refcnt when egressing
    - mm/slub: clarify verification reporting
    - mm/slub: fix redzoning for small allocations
    - mm/slub.c: include swab.h
    - net: stmmac: disable clocks in stmmac_remove_config_dt()
    - net: fec_ptp: add clock rate zero check
    - tools headers UAPI: Sync linux/in.h copy with the kernel sources
    - KVM: arm/arm64: Fix KVM_VGIC_V3_ADDR_TYPE_REDIST read
    - ARM: OMAP: replace setup_irq() by request_irq()
    - clocksource/drivers/timer-ti-dm: Add clockevent and clocksource support
    - clocksource/drivers/timer-ti-dm: Prepare to handle dra7 timer wrap issue
    - clocksource/drivers/

  linux (5.4.0-80.90) focal; urgency=medium

  * CVE-2021-33909
    - SAUCE: seq_file: Disallow extremely large seq buffer allocations

  linux (5.4.0-77.86) focal; urgency=medium

  * UAF on CAN J1939 j1939_can_recv (LP: #1932209)
    - SAUCE: can: j1939: delay release of j1939_priv after synchronize_rcu

  * UAF on CAN BCM bcm_rx_handler (LP: #1931855)
    - SAUCE: can: bcm: delay release of struct bcm_op after synchronize_rcu