Package "linux"

  linux (5.4.0-110.124) focal; urgency=medium

  * focal/linux: 5.4.0-110.124 -proposed tracker (LP: #1969053)

  * net/mlx5e: Fix page DMA map/unmap attributes (LP: #1967292)
    - net/mlx5e: Fix page DMA map/unmap attributes

  * xfs: Fix deadlock between AGI and AGF when target_ip exists in xfs_rename()
    (LP: #1966803)
    - xfs: Fix deadlock between AGI and AGF when target_ip exists in xfs_rename()

  * LRMv6: add multi-architecture support (LP: #1968774)
    - [Packaging] resync dkms-build{,--nvidia-N}

  * xfrm interface cannot be changed anymore (LP: #1968591)
    - xfrm: fix the if_id check in changelink

  * Use kernel-testing repo from launchpad for ADT tests (LP: #1968016)
    - [Debian] Use kernel-testing repo from launchpad

  * vmx_ldtr_test in ubuntu_kvm_unit_tests failed (FAIL: Expected 0 for L1 LDTR
    selector (got 50)) (LP: #1956315)
    - KVM: nVMX: Set LDTR to its architecturally defined value on nested VM-Exit

  * [SRU][Regression] Revert "PM: ACPI: reboot: Use S5 for reboot" which causes
    Bus Fatal Error when rebooting system with BCM5720 NIC (LP: #1917471)
    - Revert "PM: ACPI: reboot: Use S5 for reboot"

  * Focal update: v5.4.181 upstream stable release (LP: #1967582)
    - Makefile.extrawarn: Move -Wunaligned-access to W=1
    - HID:Add support for UGTABLET WP5540
    - Revert "svm: Add warning message for AVIC IPI invalid target"
    - serial: parisc: GSC: fix build when IOSAPIC is not set
    - parisc: Drop __init from map_pages declaration
    - parisc: Fix data TLB miss in sba_unmap_sg
    - parisc: Fix sglist access in ccio-dma.c
    - btrfs: send: in case of IO error log it
    - platform/x86: ISST: Fix possible circular locking dependency detected
    - selftests: rtc: Increase test timeout so that all tests run
    - net: ieee802154: at86rf230: Stop leaking skb's
    - selftests/zram: Skip max_comp_streams interface on newer kernel
    - selftests/zram01.sh: Fix compression ratio calculation
    - selftests/zram: Adapt the situation that /dev/zram0 is being used
    - ax25: improve the incomplete fix to avoid UAF and NPD bugs
    - vfs: make freeze_super abort when sync_filesystem returns error
    - quota: make dquot_quota_sync return errors from ->sync_fs
    - nvme: fix a possible use-after-free in controller reset during load
    - nvme-tcp: fix possible use-after-free in transport error_recovery work
    - nvme-rdma: fix possible use-after-free in transport error_recovery work
    - drm/amdgpu: fix logic inversion in check
    - Revert "module, async: async_synchronize_full() on module init iff async is
      used"
    - ftrace: add ftrace_init_nop()
    - module/ftrace: handle patchable-function-entry
    - arm64: module: rework special section handling
    - arm64: module/ftrace: intialize PLT at load time
    - iwlwifi: fix use-after-free
    - drm/radeon: Fix backlight control on iMac 12,1
    - ext4: check for out-of-order index extents in ext4_valid_extent_entries()
    - ext4: check for inconsistent extents between index and leaf block
    - ext4: prevent partial update of the extent blocks
    - taskstats: Cleanup the use of task->exit_code
    - dmaengine: at_xdmac: Start transfer for cyclic channels in issue_pending
    - vsock: remove vsock from connected table when connect is interrupted by a
      signal
    - mmc: block: fix read single on recovery logic
    - iwlwifi: pcie: fix locking when "HW not ready"
    - iwlwifi: pcie: gen2: fix locking when "HW not ready"
    - netfilter: nft_synproxy: unregister hooks on init error path
    - net: dsa: lan9303: fix reset on probe
    - net: ieee802154: ca8210: Fix lifs/sifs periods
    - ping: fix the dif and sdif check in ping_lookup
    - bonding: force carrier update when releasing slave
    - drop_monitor: fix data-race in dropmon_net_event / trace_napi_poll_hit
    - bonding: fix data-races around agg_select_timer
    - libsubcmd: Fix use-after-free for realloc(..., 0)
    - ALSA: hda: Fix regression on forced probe mask option
    - ALSA: hda: Fix missing codec probe on Shenker Dock 15
    - ASoC: ops: Fix stereo change notifications in snd_soc_put_volsw()
    - ASoC: ops: Fix stereo change notifications in snd_soc_put_volsw_range()
    - powerpc/lib/sstep: fix 'ptesync' build error
    - mtd: rawnand: gpmi: don't leak PM reference in error path
    - block/wbt: fix negative inflight counter when remove scsi device
    - NFS: LOOKUP_DIRECTORY is also ok with symlinks
    - NFS: Do not report writeback errors in nfs_getattr()
    - mtd: rawnand: qcom: Fix clock sequencing in qcom_nandc_probe()
    - mtd: rawnand: brcmnand: Fixed incorrect sub-page ECC status
    - scsi: lpfc: Fix pt2pt NVMe PRLI reject LOGO loop
    - EDAC: Fix calculation of returned address and next offset in
      edac_align_ptr()
    - net: sched: limit TC_ACT_REPEAT loops
    - dmaengine: sh: rcar-dmac: Check for error num after setting mask
    - copy_process(): Move fd_install() out of sighand->siglock critical section
    - i2c: brcmstb: fix support for DSL and CM variants
    - Drivers: hv: vmbus: Fix memory leak in vmbus_add_channel_kobj
    - KVM: x86/pmu: Use AMD64_RAW_EVENT_MASK for PERF_TYPE_RAW
    - ARM: OMAP2+: hwmod: Add of_node_put() before break
    - ARM: OMAP2+: adjust the location of put_device() call in omapdss_init_of
    - irqchip/sifive-plic: Add missing thead,c900-plic match string
    - netfilter: conntrack: don't refresh sctp entries in closed state
    - arm64: dts: meson-gx: add ATF BL32 reserved-memory region
    - arm64: dts: meson-g12: add ATF BL32 reserved-memory region
    - arm64: dts: meson-g12: drop BL32 region from SEI510/SEI610
    - kconfig: let 'shell' return enough output for deep path names
    - ata: libata-core: Disable TRIM on M88V29
    - drm/rockchip: dw_hdmi: Do not leave clock enabled in error case
    - tracing: Fix tp_printk option related with tp_printk_stop_on_boot
    - net: usb: qmi_wwan: Add support for Dell DW5829e
    - net: macb: Align the

  linux (5.4.0-109.123) focal; urgency=medium

  * focal/linux: 5.4.0-109.123 -proposed tracker (LP: #1968290)

  * USB devices not detected during boot on USB 3.0 hubs (LP: #1968210)
    - SAUCE: Revert "Revert "xhci: Set HCD flag to defer primary roothub
      registration""
    - SAUCE: Revert "Revert "usb: core: hcd: Add support for deferring roothub
      registration""

  linux (5.4.0-107.121) focal; urgency=medium

  * focal/linux: 5.4.0-107.121 -proposed tracker (LP: #1966275)

  * CVE-2022-27666
    - esp: Fix possible buffer overflow in ESP transformation

  * CVE-2022-1055
    - net: sched: fix use-after-free in tc_new_tfilter()

  * Pick fixup from v5.4.176 upstream stable release to address cert
    failure with clock jitter test in NUC7i3DNHE (LP: #1964204)
    - Bluetooth: refactor malicious adv data check

 -- Stefan Bader <email address hidden> Thu, 24 Mar 2022 16:48:48 +0100

  linux (5.4.0-105.119) focal; urgency=medium

  * CVE-2022-0847
    - lib/iov_iter: initialize "flags" in new pipe_buffer

  * Broken network on some AWS instances with focal/impish kernels
    (LP: #1961968)
    - SAUCE: Revert "PCI/MSI: Mask MSI-X vectors only on success"

  * [UBUNTU 20.04] kernel: Add support for CPU-MF counter second version 7
    (LP: #1960182)
    - s390/cpumf: Support for CPU Measurement Facility CSVN 7
    - s390/cpumf: Support for CPU Measurement Sampling Facility LS bit

  * Hipersocket page allocation failure on Ubuntu 20.04 based SSC environments
    (LP: #1959529)
    - s390/qeth: use memory reserves to back RX buffers

  * CVE-2022-0516
    - KVM: s390: Return error on SIDA memop on normal guest

  * CVE-2022-0435
    - tipc: improve size validations for received domain records

  * CVE-2022-0492
    - cgroup-v1: Require capabilities to set release_agent

  * Recalled NFSv4 files delegations overwhelm server (LP: #1957986)
    - NFSv4: Fix delegation handling in update_open_stateid()
    - NFSv4: nfs4_callback_getattr() should ignore revoked delegations
    - NFSv4: Delegation recalls should not find revoked delegations
    - NFSv4: fail nfs4_refresh_delegation_stateid() when the delegation was
      revoked
    - NFS: Rename nfs_inode_return_delegation_noreclaim()
    - NFSv4: Don't remove the delegation from the super_list more than once
    - NFSv4: Hold the delegation spinlock when updating the seqid
    - NFSv4: Clear the NFS_DELEGATION_REVOKED flag in
      nfs_update_inplace_delegation()
    - NFSv4: Update the stateid seqid in nfs_revoke_delegation()
    - NFSv4: Revoke the delegation on success in nfs4_delegreturn_done()
    - NFSv4: Ignore requests to return the delegation if it was revoked
    - NFSv4: Don't reclaim delegations that have been returned or revoked
    - NFSv4: nfs4_return_incompatible_delegation() should check delegation
      validity
    - NFSv4: Fix nfs4_inode_make_writeable()
    - NFS: nfs_inode_find_state_and_recover() fix stateid matching
    - NFSv4: Fix races between open and delegreturn
    - NFSv4: Handle NFS4ERR_OLD_STATEID in delegreturn
    - NFSv4: Don't retry the GETATTR on old stateid in nfs4_delegreturn_done()
    - NFSv4: nfs_inode_evict_delegation() should set NFS_DELEGATION_RETURNING
    - NFS: Clear NFS_DELEGATION_RETURN_IF_CLOSED when the delegation is returned
    - NFSv4: Try to return the delegation immediately when marked for return on
      close
    - NFSv4: Add accounting for the number of active delegations held
    - NFSv4: Limit the total number of cached delegations
    - NFSv4: Ensure the delegation is pinned in nfs_do_return_delegation()
    - NFSv4: Ensure the delegation cred is pinned when we call delegreturn

  * Focal update: v5.4.174 upstream stable release (LP: #1960566)
    - HID: uhid: Fix worker destroying device without any protection
    - HID: wacom: Reset expected and received contact counts at the same time
    - HID: wacom: Ignore the confidence flag when a touch is removed
    - HID: wacom: Avoid using stale array indicies to read contact count
    - f2fs: fix to do sanity check in is_alive()
    - nfc: llcp: fix NULL error pointer dereference on sendmsg() after failed
      bind()
    - mtd: rawnand: gpmi: Add ERR007117 protection for nfc_apply_timings
    - mtd: rawnand: gpmi: Remove explicit default gpmi clock setting for i.MX6
    - x86/gpu: Reserve stolen memory for first integrated Intel GPU
    - tools/nolibc: x86-64: Fix startup code bug
    - tools/nolibc: i386: fix initial stack alignment
    - tools/nolibc: fix incorrect truncation of exit code
    - rtc: cmos: take rtc_lock while reading from CMOS
    - media: v4l2-ioctl.c: readbuffers depends on V4L2_CAP_READWRITE
    - media: flexcop-usb: fix control-message timeouts
    - media: mceusb: fix control-message timeouts
    - media: em28xx: fix control-message timeouts
    - media: cpia2: fix control-message timeouts
    - media: s2255: fix control-message timeouts
    - media: dib0700: fix undefined behavior in tuner shutdown
    - media: redrat3: fix control-message timeouts
    - media: pvrusb2: fix control-message timeouts
    - media: stk1160: fix control-message timeouts
    - can: softing_cs: softingcs_probe(): fix memleak on registration failure
    - lkdtm: Fix content of section containing lkdtm_rodata_do_nothing()
    - iommu/io-pgtable-arm-v7s: Add error handle for page table allocation failure
    - dma_fence_array: Fix PENDING_ERROR leak in dma_fence_array_signaled()
    - PCI: Add function 1 DMA alias quirk for Marvell 88SE9125 SATA controller
    - mm_zone: add function to check if managed dma zone exists
    - mm/page_alloc.c: do not warn allocation failure on zone DMA if no managed
      pages
    - shmem: fix a race between shmem_unused_huge_shrink and shmem_evict_inode
    - drm/rockchip: dsi: Hold pm-runtime across bind/unbind
    - drm/rockchip: dsi: Reconfigure hardware on resume()
    - drm/panel: kingdisplay-kd097d04: Delete panel on attach() failure
    - drm/panel: innolux-p079zca: Delete panel on attach() failure
    - drm/rockchip: dsi: Fix unbalanced clock on probe error
    - Bluetooth: cmtp: fix possible panic when cmtp_init_sockets() fails
    - clk: bcm-2835: Pick the closest clock rate
    - clk: bcm-2835: Remove rounding up the dividers
    - wcn36xx: Indicate beacon not connection loss on MISSED_BEACON_IND
    - wcn36xx: Release DMA channel descriptor allocations
    - media: videobuf2: Fix the size printk format
    - media: aspeed: fix mode-detect always time out at 2nd run
    - media: em28xx: fix memory leak in em28xx_init_dev
    - media: aspeed: Update signal status immediately to ensure sane hw state
    - arm64: dts: meson-gxbb-wetek: fix HDMI in early boot
    - arm64: dts: meson-gxbb-wetek: fix missing GPIO binding
    - Bluetooth: stop proccessing malicious adv data
    - tee: fix put order in teedev_close_context()
    - media: dmxdev: fix UAF when dvb_register_device()

  linux (5.4.0-104.118) focal; urgency=medium

  * CVE-2022-23960
    - SAUCE: kvm: arm: fix build on 32-bit