Ubuntu
linux package

[UBUNTU 20.04] zPCI: Enabling of a reserved PCI function regression introduced by multi-function support

Bug #1891437 reported by bugproxy on 2020-08-13

This bug affects 1 person

	Status	Importance	Assigned to
Ubuntu on IBM z Systems	Fix Released	Undecided	Unassigned
linux (Ubuntu)	Fix Released	Undecided	Skipper Bug Screeners
Focal	Fix Released	Undecided	Unassigned
Groovy	Fix Released	Undecided	Skipper Bug Screeners

Bug Description

SRU Justification:
==================

[Impact]

* If a NVMe drive is assigned/hotplugged to a Linux on s390x LPAR, a bug in lib/list_debug.c is hit and the device is not accessible.

* The reason is a missing /dev/ file -- lspci does not report it either.

[Fix]

* 3047766bc6ec9c6bc9ece85b45a41ff401e8d988 3047766bc6ec "s390/pci: fix enabling a reserved PCI function"

[Test Case]

* Assign a NMVe drive to your LPAR (using the HMC)

* Unassign the NVMe drive from your LPAR

* Reassign it to your LPAR again

* Look at dmesg for 'kernel BUG at lib/list_debug.c'

[Regression Potential]

* There is some regression risk with having code changes in the zPCI sub-system.

* zPCI is the PCI implementation on s390x, modifications here do not affect any other architecture.

* It could be that PCI events do not work anymore and NVMe devices don't IPL (boot) on s390x anymore.

* However, the code changes below to a single file: arch/s390/pci/pci_event.c

* and IPL from NVMe is brand new in Ubuntu for s390x,

* and zPCI devices are less wide-spread compared to ccw devices on s390x.

* On top a test kernel was build and made available for further testing.

[Other]

* Since the fix/patch got upstream accepted with kernel v5.8-rc5, it's already in the groovy proposed kernel 5.8, hence this SRU is for focal only.
__________

When a NVMe drive is assigned/hotplugged to a Linux LPAR then
a bug is hit in lib/list_debug.c. And the device is not accessible, there is no /dev/ file
and lspci does not report it also.

[ 1681.564462] list_add double add: new=00000000eed0f808, prev=00000000eed0f808, next=000000004070a300.
[ 1681.564489] ------------[ cut here ]------------
[ 1681.564490] kernel BUG at lib/list_debug.c:31!
[ 1681.564504] monitor event: 0040 ilc:2 [#1] SMP
[ 1681.564507] Modules linked in: ip6t_REJECT nf_reject_ipv6 ip6t_rpfilter ipt_REJECT nf_reject_ipv4 xt_conntrack ebtable_nat ebtable_broute ip6table_nat ip6table_mangle ip6table_raw ip6table_security iptable_nat nf_nat iptable_mangle iptable_raw iptable_security nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 libcrc32c ip_set nfnetlink ebtable_filter ebtables ip6table_filter ip6_tables iptable_filter s390_trng ghash_s390 prng aes_s390 des_s390 libdes sha512_s390 vfio_ccw sha1_s390 vfio_mdev mdev chsc_sch vfio_iommu_type1 eadm_sch vfio ip_tables dm_service_time nvme crc32_vx_s390 sha256_s390 sha_common nvme_core qeth_l2 zfcp qeth scsi_transport_fc qdio ccwgroup dm_multipath scsi_dh_rdac scsi_dh_emc scsi_dh_alua pkey zcrypt
[ 1681.564534] CPU: 6 PID: 139 Comm: kmcheck Not tainted 5.8.0-rc1+ #2
[ 1681.564535] Hardware name: IBM 8561 T01 701 (LPAR)
[ 1681.564536] Krnl PSW : 0704c00180000000 000000003ffcadb8 (__list_add_valid+0x70/0xa8)
[ 1681.564544] R:0 T:1 IO:1 EX:1 Key:0 M:1 W:0 P:0 AS:3 CC:0 PM:0 RI:0 EA:3
[ 1681.564545] Krnl GPRS: 0000000000000040 0000000000000027 0000000000000058 0000000000000007
[ 1681.564546] 000000003ffcadb4 0000000000000000 0000000000000000 000003e0051a7ce0
[ 1681.564547] 000000004070a300 00000000eed0f808 00000000eed0f808 000000004070a300
[ 1681.564548] 00000000f56a2000 0000000040c2c788 000000003ffcadb4 000003e0051a7bc8
[ 1681.564583] Krnl Code: 000000003ffcada8: c02000302b09 larl %r2,00000000405d03ba
                          000000003ffcadae: c0e5ffdd30b1 brasl %r14,000000003fb70f10
                         #000000003ffcadb4: af000000 mc 0,0
                         >000000003ffcadb8: b9040054 lgr %r5,%r4
                          000000003ffcadbc: c02000302aad larl %r2,00000000405d0316
                          000000003ffcadc2: b9040041 lgr %r4,%r1
                          000000003ffcadc6: c0e5ffdd30a5 brasl %r14,000000003fb70f10
                          000000003ffcadcc: af000000 mc 0,0
[ 1681.564592] Call Trace:
[ 1681.564594] [<000000003ffcadb8>] __list_add_valid+0x70/0xa8
[ 1681.564596] ([<000000003ffcadb4>] __list_add_valid+0x6c/0xa8)
[ 1681.564599] [<000000003faf2920>] zpci_create_device+0x60/0x1b0
[ 1681.564601] [<000000003faf704a>] zpci_event_availability+0x282/0x2f0
[ 1681.564605] [<0000000040367848>] chsc_process_crw+0x2b8/0xa18
[ 1681.564607] [<000000004036f35c>] crw_collect_info+0x254/0x348
[ 1681.564610] [<000000003fb2a6ea>] kthread+0x14a/0x168
[ 1681.564613] [<00000000403a55c0>] ret_from_fork+0x24/0x2c
[ 1681.564614] Last Breaking-Event-Address:
[ 1681.564618] [<000000003fb70f62>] printk+0x52/0x58
[ 1681.564620] ---[ end trace 7ea67c348aa67e14 ]---

uname:
Linux t83lp49.lnxne.boe 5.8.0-rc1+ #2 SMP Thu Jun 18 12:38:02 CEST 2020 s390x s390x s390x GNU/Linux

How to reproduce:
1. Unassign a NVMe drive in HMC from your LPAR
2. Reassign it to your LPAR again
3. dmesg

This issue is fixed by the following upstream commit
that is also CCed to stable so might be coming in over the stable pulls
in parallel:
3047766bc6ec ("s390/pci: fix enabling a reserved PCI function")

See original description

Tags:

CVE References

bugproxy (bugproxy) on 2020-08-13

tags:	added: architecture-s39064 bugnameltc-186335 severity-medium targetmilestone-inin2004
Changed in ubuntu:
assignee:	nobody → Skipper Bug Screeners (skipper-screen-team)
affects:	ubuntu → linux (Ubuntu)

Revision history for this message

Frank Heimes (fheimes) wrote on 2020-08-24:

The commit got upstream accepted with v5.8-rc5 and is with that part of groovy's proposed kernel 5.8:
user@box:~/ubuntu-groovy-master-next$ git tag --contains 3047766bc6ec
Ubuntu-5.8.0-13.14
Ubuntu-5.8.0-14.15
Ubuntu-5.8.0-15.16
Ubuntu-5.8.0-16.17
v5.8
v5.8-rc5
v5.8-rc6
v5.8-rc7
Hence updating status of groovy entry to Fix Committed.

Changed in linux (Ubuntu Groovy):
status:	New → Fix Committed

Frank Heimes (fheimes) on 2020-08-24

Changed in ubuntu-z-systems:
status:	New → Triaged

Revision history for this message

Frank Heimes (fheimes) wrote on 2020-08-25:

Kernel SRU request submitted:
https://lists.ubuntu.com/archives/kernel-team/2020-August/thread.html#112935
Updating status for Focal to 'In Progress'.

Changed in linux (Ubuntu Focal):
status:	New → In Progress
Changed in ubuntu-z-systems:
status:	Triaged → In Progress
description:	updated

Revision history for this message

Frank Heimes (fheimes) wrote on 2020-08-25:

I made builds of the patched kernel packages available here for further testing:
https://people.canonical.com/~fheimes/lp1891437/

Revision history for this message

bugproxy (bugproxy) wrote on 2020-08-25: Comment bridged from LTC Bugzilla

------- Comment From <email address hidden> 2020-08-25 06:07 EDT-------
Thanks for providing the build Frank, there is another
Launchpad bug mirror incoming for which the patches will
touch the same area (but should apply cleanly on top of the
fix for this issue) it's titled "zPCI attach/detach issues with PF/VF linking support ".
Do you think it makes sense to postpone verifying this
until we have both parts together?

Revision history for this message

Frank Heimes (fheimes) wrote on 2020-08-25:

Hi Niklas, okay, the second one just came in today.
I've build some focal kernel packages that incl. both tickets (4 commits in total):
06c1c445e1a3 (HEAD -> master-next) s390/pci: fix PF/VF linking on hot plug
e90c81552200 s390/pci: re-introduce zpci_remove_device()
0f54ce9be290 s390/pci: fix zpci_bus_link_virtfn()
2103c66d09b1 s390/pci: fix enabling a reserved PCI function

They are available here:
https://people.canonical.com/~fheimes/lp1891437+lp1892849/

Kelsey Steele (kelsey-steele) on 2020-08-28

Changed in linux (Ubuntu Focal):
status:	In Progress → Fix Committed

Frank Heimes (fheimes) on 2020-08-28

Changed in ubuntu-z-systems:
status:	In Progress → Fix Committed

Revision history for this message

Ubuntu Kernel Bot (ubuntu-kernel-bot) wrote on 2020-08-31:

This bug is awaiting verification that the kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-focal' to 'verification-done-focal'. If the problem still exists, change the tag 'verification-needed-focal' to 'verification-failed-focal'.

If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you!

tags:

added: verification-needed-focal

Revision history for this message

bugproxy (bugproxy) wrote on 2020-09-01:

------- Comment From <email address hidden> 2020-09-01 04:18 EDT-------
Thanks for your quick work, I can confirm that this works as designed on
the 5.4.0-46-generic kernel from proposed.

Revision history for this message

Frank Heimes (fheimes) wrote on 2020-09-01:

Thx Niklas for the quick verification - I adjusted the tags accordingly ...

tags:

added: verification-done-focal
removed: verification-needed-focal

Revision history for this message

bugproxy (bugproxy) wrote on 2020-09-04:

------- Comment From <email address hidden> 2020-09-04 08:39 EDT-------
*** Bug 184194 has been marked as a duplicate of this bug. ***

Revision history for this message

Launchpad Janitor (janitor) wrote on 2020-09-21:

#10

Download full text (42.6 KiB)

This bug was fixed in the package linux - 5.4.0-48.52

---------------
linux (5.4.0-48.52) focal; urgency=medium

* focal/linux: 5.4.0-48.52 -proposed tracker (LP: #1894654)

* mm/slub kernel oops on focal kernel 5.4.0-45 (LP: #1895109)
- SAUCE: Revert "mm/slub: fix a memory leak in sysfs_slab_add()"

  * Packaging resync (LP: #1786013)
    - update dkms package versions
    - update dkms package versions

* Introduce the new NVIDIA 450-server and the 450 UDA series (LP: #1887674)
- [packaging] add signed modules for nvidia 450 and 450-server

  * [UBUNTU 20.04] zPCI attach/detach issues with PF/VF linking support
    (LP: #1892849)
    - s390/pci: fix zpci_bus_link_virtfn()
    - s390/pci: re-introduce zpci_remove_device()
    - s390/pci: fix PF/VF linking on hot plug

  * [UBUNTU 20.04] kernel: s390/cpum_cf,perf: changeDFLT_CCERROR counter name
    (LP: #1891454)
    - s390/cpum_cf, perf: change DFLT_CCERROR counter name

  * [UBUNTU 20.04] zPCI: Enabling of a reserved PCI function regression
    introduced by multi-function support (LP: #1891437)
    - s390/pci: fix enabling a reserved PCI function

  * CVE-2020-12888
    - vfio/type1: Support faulting PFNMAP vmas
    - vfio-pci: Fault mmaps to enable vma tracking
    - vfio-pci: Invalidate mmaps and block MMIO access on disabled memory

  * [Hyper-V] VSS and File Copy daemons intermittently fails to start
    (LP: #1891224)
    - [Packaging] Bind hv_vss_daemon startup to hv_vss device
    - [Packaging] bind hv_fcopy_daemon startup to hv_fcopy device

  * alsa/hdmi: support nvidia mst hdmi/dp audio (LP: #1867704)
    - ALSA: hda - Rename snd_hda_pin_sense to snd_hda_jack_pin_sense
    - ALSA: hda - Add DP-MST jack support
    - ALSA: hda - Add DP-MST support for non-acomp codecs
    - ALSA: hda - Add DP-MST support for NVIDIA codecs
    - ALSA: hda: hdmi - fix regression in connect list handling
    - ALSA: hda: hdmi - fix kernel oops caused by invalid PCM idx
    - ALSA: hda: hdmi - preserve non-MST PCM routing for Intel platforms
    - ALSA: hda: hdmi - Keep old slot assignment behavior for Intel platforms
    - ALSA: hda - Fix DP-MST support for NVIDIA codecs

This bug was fixed in the package linux - 5.4.0-48.52

---------------
linux (5.4.0-48.52) focal; urgency=medium

* focal/linux: 5.4.0-48.52 -proposed tracker (LP: #1894654)

* mm/slub kernel oops on focal kernel 5.4.0-45 (LP: #1895109)
    - SAUCE: Revert "mm/slub: fix a memory leak in sysfs_slab_add()"

* Packaging resync (LP: #1786013)
    - update dkms package versions
    - update dkms package versions

* Introduce the new NVIDIA 450-server and the 450 UDA series (LP: #1887674)
    - [packaging] add signed modules for nvidia 450 and 450-server

* [UBUNTU 20.04] kernel: s390/cpum_cf,perf: changeDFLT_CCERROR counter name
    (LP: #1891454)
    - s390/cpum_cf, perf: change DFLT_CCERROR counter name

* [UBUNTU 20.04] zPCI: Enabling of a reserved PCI function regression
    introduced by multi-function support (LP: #1891437)
    - s390/pci: fix enabling a reserved PCI function

* CVE-2020-12888
    - vfio/type1: Support faulting PFNMAP vmas
    - vfio-pci: Fault mmaps to enable vma tracking
    - vfio-pci: Invalidate mmaps and block MMIO access on disabled memory

*  [Hyper-V] VSS and File Copy daemons intermittently fails to start
    (LP: #1891224)
    - [Packaging] Bind hv_vss_daemon startup to hv_vss device
    - [Packaging] bind hv_fcopy_daemon startup to hv_fcopy device

* Focal update: v5.4.60 upstream stable release (LP: #1892899)
    - smb3: warn on confusing error scenario with sec=krb5
    - genirq/affinity: Make affinity setting if activated opt-in
    - genirq/PM: Always unlock IRQ descriptor in rearm_wake_irq()
    - PCI: hotplug: ACPI: Fix context refcounting in acpiphp_grab_context()
    - PCI: Add device even if driver attach failed
    - PCI: qcom: Define some PARF params needed for ipq8064 SoC
    - PCI: qcom: Add support for tx term offset for rev 2.1.0
    - btrfs: allow use of global block reserve for balance item deletion
    - btrfs: free anon block device right after subvolume deletion
    - btrfs: don't allocate anonymous block device for user invisible roots
    - btrfs: ref-verify: fix memory leak in add_block_entry
    - btrfs: stop incremening log_batch for the log root tree when syncing log
    - btrfs: remove no longer needed use of log_writers for the log root tree
    - btrfs: don't traverse into the seed devices in show_devname
    - btrfs: open device without device_list_mutex
    - btrfs: move the chunk_mutex in btrfs_read_chunk_tree
    - btrfs: relocation: review the call sites which can be interrupted by signal
    - btrfs: add missing check for nocow and compression inode flags
    - btrfs: avoid possible signal interruption of btrfs_drop_snapshot() on
      relocation tree
    - btrfs: sysfs: use NOFS for device creation
    - btrfs: don't WARN if we abort a transaction with EROFS
    - btrfs: fix race between page release and a fast fsync
    - btrfs: fix messages after changing compression level by remount
    - btrfs: only search for left_info if there is no right_info in
      try_merge_free_space
    - btrfs: inode: fix NULL pointer dereference if inode doesn't need compression
    - btrfs: fix memory leaks after failure to lookup checksums during inode
      logging
    - btrfs: make sure SB_I_VERSION doesn't get unset by remount
    - btrfs: fix return value mixup in btrfs_get_extent
    - arm64: perf: Correct the event index in sysfs
    - dt-bindings: iio: io-channel-mux: Fix compatible string in example code
    - iio: dac: ad5592r: fix unbalanced mutex unlocks in ad5592r_read_raw()
    - xtensa: add missing exclusive access state management
    - xtensa: fix xtensa_pmu_setup prototype
    - cifs: Fix leak when handling lease break for cached root fid
    - powerpc/ptdump: Fix build failure in hashpagetable.c
    - powerpc: Allow 4224 bytes of stack expansion for the signal frame
    - powerpc: Fix circular dependency between percpu.h and mmu.h
    - pinctrl: ingenic: Enhance support for IRQ_TYPE_EDGE_BOTH
    - media: vsp1: dl: Fix NULL pointer dereference on unbind
    - net: ethernet: stmmac: Disable hardware multicast filter
    - net: stmmac: dwmac1000: provide multicast filter fallback
    - net/compat: Add missing sock updates for SCM_RIGHTS
    - md/raid5: Fix Force reconstruct-write io stuck in degraded raid5
    - bcache: allocate meta data pages as compound pages
    - bcache: fix overflow in offset_to_stripe()
    - mac80211: fix misplaced while instead of if
    - driver core: Avoid binding drivers to dead devices
    - MIPS: CPU#0 is not hotpluggable
    - MIPS: qi_lb60: Fix routing to audio amplifier
    - ext2: fix missing percpu_counter_inc
    - khugepaged: collapse_pte_mapped_thp() flush the right range
    - khugepaged: collapse_pte_mapped_thp() protect the pmd lock
    - ocfs2: change slot number type s16 to u16
    - mm/page_counter.c: fix protection usage propagation
    - mm/memory_hotplug: fix unpaired mem_hotplug_begin/done
    - ftrace: Setup correct FTRACE_FL_REGS flags for module
    - kprobes: Fix NULL pointer dereference at kprobe_ftrace_handler
    - tracing/hwlat: Honor the tracing_cpumask
    - tracing: Use trace_sched_process_free() instead of exit() for pid tracing
    - tracing: Move pipe reference to trace array instead of current_tracer
    - watchdog: f71808e_wdt: indicate WDIOF_CARDRESET support in
      watchdog_info.options
    - watchdog: f71808e_wdt: remove use of wrong watchdog_info option
    - watchdog: f71808e_wdt: clear watchdog timeout occurred flag
    - ceph: set sec_context xattr on symlink creation
    - ceph: handle zero-length feature mask in session messages
    - pseries: Fix 64 bit logical memory block panic
    - module: Correctly truncate sysfs sections output
    - perf intel-pt: Fix FUP packet state
    - perf intel-pt: Fix duplicate branch after CBR
    - remoteproc: qcom: q6v5: Update running state before requesting stop
    - remoteproc: qcom_q6v5_mss: Validate MBA firmware size before load
    - remoteproc: qcom_q6v5_mss: Validate modem blob firmware size before load
    - drm/imx: imx-ldb: Disable both channels for split mode in enc->disable()
    - orangefs: get rid of knob code...
    - pinctrl: ingenic: Properly detect GPIO direction when configured for IRQ
    - crypto: algif_aead - Only wake up when ctx->more is zero
    - mfd: arizona: Ensure 32k clock is put on driver unbind and error
    - octeontx2-af: change (struct qmem)->entry_sz from u8 to u16
    - mtd: rawnand: fsl_upm: Remove unused mtd var
    - platform/chrome: cros_ec_ishtp: Fix a double-unlock issue
    - RDMA/ipoib: Return void from ipoib_ib_dev_stop()
    - RDMA/ipoib: Fix ABBA deadlock with ipoib_reap_ah()
    - media: rockchip: rga: Introduce color fmt macros and refactor CSC mode logic
    - media: rockchip: rga: Only set output CSC mode for RGB input
    - IB/uverbs: Set IOVA on IB MR in uverbs layer
    - selftests/bpf: Test_progs indicate to shell on non-actions
    - selftests/bpf: test_progs use another shell exit on non-actions
    - USB: serial: ftdi_sio: make process-packet buffer unsigned
    - USB: serial: ftdi_sio: clean up receive processing
    - crypto: af_alg - Fix regression on empty requests
    - devres: keep both device name and resource name in pretty name
    - RDMA/counter: Only bind user QPs in auto mode
    - RDMA/counter: Allow manually bind QPs with different pids to same counter
    - mmc: renesas_sdhi_internal_dmac: clean up the code for dma complete
    - crypto: caam - Remove broken arc4 support
    - gpu: ipu-v3: image-convert: Combine rotate/no-rotate irq handlers
    - gpu: ipu-v3: image-convert: Wait for all EOFs before completing a tile
    - dm rq: don't call blk_mq_queue_stopped() in dm_stop_queue()
    - clk: actions: Fix h_clk for Actions S500 SoC
    - selftests/powerpc: ptrace-pkey: Rename variables to make it easier to follow
      code
    - selftests/powerpc: ptrace-pkey: Update the test to mark an invalid pkey
      correctly
    - selftests/powerpc: ptrace-pkey: Don't update expected UAMOR value
    - iommu/omap: Check for failure of a call to omap_iommu_dump_ctx
    - clk: qcom: gcc: fix sm8150 GPU and NPU clocks
    - clk: qcom: clk-alpha-pll: remove unused/incorrect PLL_CAL_VAL
    - iommu/vt-d: Enforce PASID devTLB field mask
    - i2c: rcar: slave: only send STOP event when we have been addressed
    - clk: qcom: gcc-sdm660: Fix up gcc_mss_mnoc_bimc_axi_clk
    - clk: clk-atlas6: fix return value check in atlas6_clk_init()
    - pwm: bcm-iproc: handle clk_get_rate() return
    - tools build feature: Use CC and CXX from parent
    - i2c: rcar: avoid race when unregistering slave
    - nfs: ensure correct writeback errors are returned on close()
    - ubifs: Fix wrong orphan node deletion in ubifs_jnl_update|rename
    - clk: bcm2835: Do not use prediv with bcm2711's PLLs
    - libnvdimm/security: fix a typo
    - libnvdimm/security: ensure sysfs poll thread woke up and fetch updated attr
    - openrisc: Fix oops caused when dumping stack
    - scsi: lpfc: nvmet: Avoid hang / use-after-free again when destroying
      targetport
    - nfs: nfs_file_write() should check for writeback errors
    - watchdog: initialize device before misc_register
    - md-cluster: Fix potential error pointer dereference in resize_bitmaps()
    - x86/tsr: Fix tsc frequency enumeration bug on Lightning Mountain SoC
    - Input: sentelic - fix error return when fsp_reg_write fails
    - recordmcount: Fix build failure on non arm64
    - drm/vmwgfx: Use correct vmw_legacy_display_unit pointer
    - drm/vmwgfx: Fix two list_for_each loop exit tests
    - net: qcom/emac: add missed clk_disable_unprepare in error path of
      emac_clks_phase1_init
    - nfs: Fix getxattr kernel panic and memory overflow
    - fs/minix: set s_maxbytes correctly
    - fs/minix: fix block limit check for V1 filesystems
    - fs/minix: remove expected error message in block_to_path()
    - fs/ufs: avoid potential u32 multiplication overflow
    - test_kmod: avoid potential double free in trigger_config_run_type()
    - i2c: iproc: fix race between client unreg and isr
    - mfd: dln2: Run event handler loop under spinlock
    - crypto: algif_aead - fix uninitialized ctx->init
    - ALSA: echoaudio: Fix potential Oops in snd_echo_resume()
    - perf bench mem: Always memset source before memcpy
    - tools build feature: Quote CC and CXX for their arguments
    - perf/x86/rapl: Fix missing psys sysfs attributes
    - sh: landisk: Add missing initialization of sh_io_port_base
    - khugepaged: retract_page_tables() remember to test exit
    - arm64: dts: marvell: espressobin: add ethernet alias
    - drm/panfrost: Use kvfree() to free bo->sgts
    - drm: Added orientation quirk for ASUS tablet model T103HAF
    - drm: fix drm_dp_mst_port refcount leaks in drm_dp_mst_allocate_vcpi
    - drm/amdgpu: Fix bug where DPM is not enabled after hibernate and resume
    - drm/amd/display: dchubbub p-state warning during surface planes switch
    - Linux 5.4.60
    - kprobes: Fix compiler warning for !CONFIG_KPROBES_ON_FTRACE

* Focal update: v5.4.59 upstream stable release (LP: #1892417)
    - tracepoint: Mark __tracepoint_string's __used
    - HID: input: Fix devices that return multiple bytes in battery report
    - nvme: add a Identify Namespace Identification Descriptor list quirk
    - fs/io_uring.c: Fix uninitialized variable is referenced in io_submit_sqe
    - clk: qcom: clk-rpmh: Wait for completion when enabling clocks
    - x86/mce/inject: Fix a wrong assignment of i_mce.status
    - sched/fair: Fix NOHZ next idle balance
    - sched: correct SD_flags returned by tl->sd_flags()
    - arm64: dts: rockchip: fix rk3368-lion gmac reset gpio
    - arm64: dts: rockchip: fix rk3399-puma vcc5v0-host gpio
    - arm64: dts: rockchip: fix rk3399-puma gmac reset gpio
    - EDAC: Fix reference count leaks
    - crc-t10dif: Fix potential crypto notify dead-lock
    - arm64: dts: qcom: msm8916: Replace invalid bias-pull-none property
    - crypto: ccree - fix resource leak on error path
    - ARM: exynos: MCPM: Restore big.LITTLE cpuidle support
    - firmware: arm_scmi: Fix SCMI genpd domain probing
    - arm64: dts: exynos: Fix silent hang after boot on Espresso
    - sched/uclamp: Fix initialization of struct uclamp_rq
    - clk: scmi: Fix min and max rate when registering clocks with discrete rates
    - m68k: mac: Don't send IOP message until channel is idle
    - m68k: mac: Fix IOP status/control register writes
    - platform/x86: intel-hid: Fix return value check in check_acpi_dev()
    - platform/x86: intel-vbtn: Fix return value check in check_acpi_dev()
    - ARM: dts: gose: Fix ports node name for adv7180
    - ARM: dts: gose: Fix ports node name for adv7612
    - ARM: at91: pm: add missing put_device() call in at91_pm_sram_init()
    - ARM: dts: sunxi: bananapi-m2-plus-v1.2: Add regulator supply to all CPU
      cores
    - ARM: dts: sunxi: bananapi-m2-plus-v1.2: Fix CPU supply voltages
    - spi: lantiq: fix: Rx overflow error in full duplex mode
    - tpm: Require that all digests are present in TCG_PCR_EVENT2 structures
    - recordmcount: only record relocation of type R_AARCH64_CALL26 on arm64.
    - regulator: fix memory leak on error path of regulator_register()
    - io_uring: fix sq array offset calculation
    - spi: rockchip: Fix error in SPI slave pio read
    - ARM: socfpga: PM: add missing put_device() call in
      socfpga_setup_ocram_self_refresh()
    - iocost: Fix check condition of iocg abs_vdebt
    - irqchip/ti-sci-inta: Fix return value about devm_ioremap_resource()
    - seccomp: Fix ioctl number for SECCOMP_IOCTL_NOTIF_ID_VALID
    - md: raid0/linear: fix dereference before null check on pointer mddev
    - nvme-tcp: fix controller reset hang during traffic
    - nvme-rdma: fix controller reset hang during traffic
    - nvme-multipath: fix logic for non-optimized paths
    - nvme-multipath: do not fall back to __nvme_find_path() for non-optimized
      paths
    - drm/tilcdc: fix leak & null ref in panel_connector_get_modes
    - soc: qcom: rpmh-rsc: Set suppress_bind_attrs flag
    - Bluetooth: add a mutex lock to avoid UAF in do_enale_set
    - loop: be paranoid on exit and prevent new additions / removals
    - fs/btrfs: Add cond_resched() for try_release_extent_mapping() stalls
    - drm/amdgpu: avoid dereferencing a NULL pointer
    - drm/radeon: Fix reference count leaks caused by pm_runtime_get_sync
    - crypto: aesni - Fix build with LLVM_IAS=1
    - video: fbdev: savage: fix memory leak on error handling path in probe
    - video: fbdev: neofb: fix memory leak in neo_scan_monitor()
    - bus: ti-sysc: Add missing quirk flags for usb_host_hs
    - md-cluster: fix wild pointer of unlock_all_bitmaps()
    - drm/nouveau/kms/nv50-: Fix disabling dithering
    - arm64: dts: hisilicon: hikey: fixes to comply with adi, adv7533 DT binding
    - drm/etnaviv: fix ref count leak via pm_runtime_get_sync
    - drm/nouveau: fix reference count leak in nouveau_debugfs_strap_peek
    - drm/nouveau: fix multiple instances of reference count leaks
    - mmc: sdhci-cadence: do not use hardware tuning for SD mode
    - btrfs: fix lockdep splat from btrfs_dump_space_info
    - usb: mtu3: clear dual mode of u3port when disable device
    - drm: msm: a6xx: fix gpu failure after system resume
    - drm/msm: Fix a null pointer access in msm_gem_shrinker_count()
    - drm/debugfs: fix plain echo to connector "force" attribute
    - drm/radeon: disable AGP by default
    - irqchip/irq-mtk-sysirq: Replace spinlock with raw_spinlock
    - mm/mmap.c: Add cond_resched() for exit_mmap() CPU stalls
    - drm/amdgpu/display bail early in dm_pp_get_static_clocks
    - drm/amd/powerplay: fix compile error with ARCH=arc
    - bpf: Fix fds_example SIGSEGV error
    - brcmfmac: keep SDIO watchdog running when console_interval is non-zero
    - brcmfmac: To fix Bss Info flag definition Bug
    - brcmfmac: set state of hanger slot to FREE when flushing PSQ
    - platform/x86: asus-nb-wmi: add support for ASUS ROG Zephyrus G14 and G15
    - iwlegacy: Check the return value of pcie_capability_read_*()
    - gpu: host1x: debug: Fix multiple channels emitting messages simultaneously
    - ionic: update eid test for overflow
    - mmc: sdhci-pci-o2micro: Bug fix for O2 host controller Seabird1
    - usb: gadget: net2280: fix memory leak on probe error handling paths
    - bdc: Fix bug causing crash after multiple disconnects
    - usb: bdc: Halt controller on suspend
    - dyndbg: fix a BUG_ON in ddebug_describe_flags
    - bcache: fix super block seq numbers comparision in register_cache_set()
    - ACPICA: Do not increment operation_region reference counts for field units
    - drm/msm: ratelimit crtc event overflow error
    - drm/gem: Fix a leak in drm_gem_objects_lookup()
    - drm/bridge: ti-sn65dsi86: Clear old error bits before AUX transfers
    - agp/intel: Fix a memory leak on module initialisation failure
    - mwifiex: Fix firmware filename for sd8977 chipset
    - mwifiex: Fix firmware filename for sd8997 chipset
    - btmrvl: Fix firmware filename for sd8977 chipset
    - btmrvl: Fix firmware filename for sd8997 chipset
    - video: fbdev: sm712fb: fix an issue about iounmap for a wrong address
    - console: newport_con: fix an issue about leak related system resources
    - video: pxafb: Fix the function used to balance a 'dma_alloc_coherent()' call
    - ath10k: Acquire tx_lock in tx error paths
    - iio: improve IIO_CONCENTRATION channel type description
    - drm/etnaviv: Fix error path on failure to enable bus clk
    - drm/arm: fix unintentional integer overflow on left shift
    - clk: bcm63xx-gate: fix last clock availability
    - leds: lm355x: avoid enum conversion warning
    - Bluetooth: btusb: fix up firmware download sequence
    - Bluetooth: btmtksdio: fix up firmware download sequence
    - media: cxusb-analog: fix V4L2 dependency
    - media: marvell-ccic: Add missed v4l2_async_notifier_cleanup()
    - media: omap3isp: Add missed v4l2_ctrl_handler_free() for
      preview_init_entities()
    - ASoC: SOF: nocodec: add missing .owner field
    - ASoC: Intel: bxt_rt298: add missing .owner field
    - scsi: cumana_2: Fix different dev_id between request_irq() and free_irq()
    - drm/mipi: use dcs write for mipi_dsi_dcs_set_tear_scanline
    - cxl: Fix kobject memleak
    - drm/radeon: fix array out-of-bounds read and write issues
    - staging: vchiq_arm: Add a matching unregister call
    - iavf: fix error return code in iavf_init_get_resources()
    - iavf: Fix updating statistics
    - RDMA/core: Fix bogus WARN_ON during ib_unregister_device_queued()
    - scsi: powertec: Fix different dev_id between request_irq() and free_irq()
    - scsi: eesox: Fix different dev_id between request_irq() and free_irq()
    - ipvs: allow connection reuse for unconfirmed conntrack
    - media: firewire: Using uninitialized values in node_probe()
    - media: exynos4-is: Add missed check for pinctrl_lookup_state()
    - media: cros-ec-cec: do not bail on device_init_wakeup failure
    - xfs: don't eat an EIO/ENOSPC writeback error when scrubbing data fork
    - xfs: fix reflink quota reservation accounting error
    - RDMA/rxe: Skip dgid check in loopback mode
    - PCI: Fix pci_cfg_wait queue locking problem
    - drm/stm: repair runtime power management
    - kobject: Avoid premature parent object freeing in kobject_cleanup()
    - leds: core: Flush scheduled work for system suspend
    - drm: panel: simple: Fix bpc for LG LB070WV8 panel
    - phy: exynos5-usbdrd: Calibrating makes sense only for USB2.0 PHY
    - drm/bridge: sil_sii8620: initialize return of sii8620_readb
    - scsi: scsi_debug: Add check for sdebug_max_queue during module init
    - mwifiex: Prevent memory corruption handling keys
    - kernfs: do not call fsnotify() with name without a parent
    - powerpc/rtas: don't online CPUs for partition suspend
    - powerpc/vdso: Fix vdso cpu truncation
    - RDMA/qedr: SRQ's bug fixes
    - RDMA/rxe: Prevent access to wr->next ptr afrer wr is posted to send queue
    - ima: Have the LSM free its audit rule
    - staging: rtl8192u: fix a dubious looking mask before a shift
    - ASoC: meson: fixes the missed kfree() for axg_card_add_tdm_loopback
    - PCI/ASPM: Add missing newline in sysfs 'policy'
    - phy: renesas: rcar-gen3-usb2: move irq registration to init
    - powerpc/book3s64/pkeys: Use PVR check instead of cpu feature
    - drm/imx: fix use after free
    - drm/imx: tve: fix regulator_disable error path
    - gpu: ipu-v3: Restore RGB32, BGR32
    - spi: lantiq-ssc: Fix warning by using WQ_MEM_RECLAIM
    - USB: serial: iuu_phoenix: fix led-activity helpers
    - usb: core: fix quirks_param_set() writing to a const pointer
    - thermal: ti-soc-thermal: Fix reversed condition in
      ti_thermal_expose_sensor()
    - coresight: tmc: Fix TMC mode read in tmc_read_unprepare_etb()
    - powerpc/perf: Fix missing is_sier_aviable() during build
    - mt76: mt7615: fix potential memory leak in mcu message handler
    - phy: armada-38x: fix NETA lockup when repeatedly switching speeds
    - MIPS: OCTEON: add missing put_device() call in dwc3_octeon_device_init()
    - usb: dwc2: Fix error path in gadget registration
    - usb: gadget: f_uac2: fix AC Interface Header Descriptor wTotalLength
    - scsi: megaraid_sas: Clear affinity hint
    - scsi: mesh: Fix panic after host or bus reset
    - net: dsa: mv88e6xxx: MV88E6097 does not support jumbo configuration
    - macintosh/via-macii: Access autopoll_devs when inside lock
    - PCI: cadence: Fix updating Vendor ID and Subsystem Vendor ID register
    - RDMA/core: Fix return error value in _ib_modify_qp() to negative
    - Smack: fix another vsscanf out of bounds
    - Smack: prevent underflow in smk_set_cipso()
    - power: supply: check if calc_soc succeeded in pm860x_init_battery
    - Bluetooth: hci_h5: Set HCI_UART_RESET_ON_INIT to correct flags
    - Bluetooth: hci_serdev: Only unregister device if it was registered
    - net: dsa: rtl8366: Fix VLAN semantics
    - net: dsa: rtl8366: Fix VLAN set-up
    - xfs: fix inode allocation block res calculation precedence
    - selftests/powerpc: Squash spurious errors due to device removal
    - powerpc/32s: Fix CONFIG_BOOK3S_601 uses
    - powerpc/boot: Fix CONFIG_PPC_MPC52XX references
    - selftests/powerpc: Fix CPU affinity for child process
    - RDMA/netlink: Remove CAP_NET_RAW check when dump a raw QP
    - PCI: Release IVRS table in AMD ACS quirk
    - [Config] update config for ARMADA_AP_CPU_CLK
    - cpufreq: ap806: fix cpufreq driver needs ap cpu clk
    - selftests/powerpc: Fix online CPU selection
    - ASoC: meson: axg-tdm-interface: fix link fmt setup
    - ASoC: meson: axg-tdmin: fix g12a skew
    - ASoC: meson: axg-tdm-formatters: fix sclk inversion
    - ASoC: fsl_sai: Fix value of FSL_SAI_CR1_RFW_MASK
    - s390/qeth: don't process empty bridge port events
    - ice: Graceful error handling in HW table calloc failure
    - rtw88: fix LDPC field for RA info
    - rtw88: fix short GI capability based on current bandwidth
    - rtw88: coex: only skip coex triggered by BT info
    - wl1251: fix always return 0 error
    - tools, build: Propagate build failures from tools/build/Makefile.build
    - tools, bpftool: Fix wrong return value in do_dump()
    - net/mlx5: DR, Change push vlan action sequence
    - net/mlx5: Delete extra dump stack that gives nothing
    - net: ethernet: aquantia: Fix wrong return value
    - liquidio: Fix wrong return value in cn23xx_get_pf_num()
    - net: spider_net: Fix the size used in a 'dma_free_coherent()' call
    - fsl/fman: use 32-bit unsigned integer
    - fsl/fman: fix dereference null return value
    - fsl/fman: fix unreachable code
    - fsl/fman: check dereferencing null pointer
    - fsl/fman: fix eth hash table allocation
    - net: thunderx: initialize VF's mailbox mutex before first usage
    - dlm: Fix kobject memleak
    - ocfs2: fix unbalanced locking
    - pinctrl-single: fix pcs_parse_pinconf() return value
    - svcrdma: Fix page leak in svc_rdma_recv_read_chunk()
    - x86/fsgsbase/64: Fix NULL deref in 86_fsgsbase_read_task
    - crypto: aesni - add compatibility with IAS
    - af_packet: TPACKET_V3: fix fill status rwlock imbalance
    - drivers/net/wan/lapbether: Added needed_headroom and a skb->len check
    - net: Fix potential memory leak in proto_register()
    - net/nfc/rawsock.c: add CAP_NET_RAW check.
    - net: phy: fix memory leak in device-create error path
    - net: Set fput_needed iff FDPUT_FPUT is set
    - net/tls: Fix kmap usage
    - vmxnet3: use correct tcp hdr length when packet is encapsulated
    - net: refactor bind_bucket fastreuse into helper
    - net: initialize fastreuse on inet_inherit_port
    - USB: serial: cp210x: re-enable auto-RTS on open
    - USB: serial: cp210x: enable usb generic throttle/unthrottle
    - ALSA: hda - fix the micmute led status for Lenovo ThinkCentre AIO
    - ALSA: usb-audio: Creative USB X-Fi Pro SB1095 volume knob support
    - ALSA: usb-audio: fix overeager device match for MacroSilicon MS2109
    - ALSA: usb-audio: work around streaming quirk for MacroSilicon MS2109
    - 9p: Fix memory leak in v9fs_mount
    - media: media-request: Fix crash if memory allocation fails
    - drm/ttm/nouveau: don't call tt destroy callback on alloc failure.
    - io_uring: set ctx sq/cq entry count earlier
    - NFS: Don't move layouts to plh_return_segs list while in use
    - NFS: Don't return layout segments that are in use
    - cpufreq: Fix locking issues with governors
    - cpufreq: dt: fix oops on armada37xx
    - include/asm-generic/vmlinux.lds.h: align ro_after_init
    - spi: spidev: Align buffers for DMA
    - mtd: rawnand: qcom: avoid write to unavailable register
    - erofs: fix extended inode could cross boundary
    - Revert "parisc: Drop LDCW barrier in CAS code when running UP"
    - Revert "parisc: Use ldcw instruction for SMP spinlock release barrier"
    - Revert "parisc: Revert "Release spinlocks using ordered store""
    - parisc: Do not use an ordered store in pa_tlb_lock()
    - parisc: Implement __smp_store_release and __smp_load_acquire barriers
    - parisc: mask out enable and reserved bits from sba imask
    - ARM: 8992/1: Fix unwind_frame for clang-built kernels
    - irqdomain/treewide: Free firmware node after domain removal
    - ALSA: usb-audio: add quirk for Pioneer DDJ-RB
    - tpm: Unify the mismatching TPM space buffer sizes
    - pstore: Fix linking when crypto API disabled
    - crypto: hisilicon - don't sleep of CRYPTO_TFM_REQ_MAY_SLEEP was not
      specified
    - crypto: qat - fix double free in qat_uclo_create_batch_init_list
    - crypto: ccp - Fix use of merged scatterlists
    - crypto: cpt - don't sleep of CRYPTO_TFM_REQ_MAY_SLEEP was not specified
    - bitfield.h: don't compile-time validate _val in FIELD_FIT
    - fs/minix: check return value of sb_getblk()
    - fs/minix: don't allow getting deleted inodes
    - fs/minix: reject too-large maximum file size
    - xen/balloon: fix accounting in alloc_xenballooned_pages error path
    - xen/balloon: make the balloon wait interruptible
    - xen/gntdev: Fix dmabuf import with non-zero sgt offset
    - s390/dasd: fix inability to use DASD with DIAG driver
    - s390/gmap: improve THP splitting
    - io_uring: Fix NULL pointer dereference in loop_rw_iter()
    - Linux 5.4.59

* Regression on NFS: unable to handle page fault in mempool_alloc_slab
    (LP: #1886277) // Focal update: v5.4.59 upstream stable release
    (LP: #1892417)
    - SUNRPC: Fix ("SUNRPC: Add "@len" parameter to gss_unwrap()")

* Focal update: v5.4.59 upstream stable release (LP: #1892417) //
    CVE-2019-19770 which shows this issue is not a core debugfs issue, but
    - blktrace: fix debugfs use after free

* update ENA driver for LLQ acceleration mode, new hw support (LP: #1890845)
    - net: ena: change num_queues to num_io_queues for clarity and consistency
    - net: ena: multiple queue creation related cleanups
    - net: ena: ethtool: get_channels: use combined only
    - net: ena: make ethtool -l show correct max number of queues
    - net: ena: remove redundant print of number of queues
    - net: ena: ethtool: support set_channels callback
    - net: ena: implement XDP drop support
    - net: ena: Implement XDP_TX action
    - net: ena: Add first_interrupt field to napi struct
    - net: ena: fix default tx interrupt moderation interval
    - net: ena: remove set but not used variable 'rx_ring'
    - net: ena: remove set but not used variable 'hash_key'
    - net: ena: ethtool: remove redundant non-zero check on rc
    - net/amazon: Ensure that driver version is aligned to the linux kernel
    - net: ena: fix broken interface between ENA driver and FW
    - net: ena: ethtool: clean up minor indentation issue
    - net: ena: fix incorrect setting of the number of msix vectors
    - net: ena: fix request of incorrect number of IRQ vectors
    - net: ena: avoid memory access violation by validating req_id properly
    - net: ena: fix continuous keep-alive resets
    - net: ena: Make some functions static
    - net: ena: avoid unnecessary admin command when RSS function set fails
    - net: ena: allow setting the hash function without changing the key
    - net: ena: change default RSS hash function to Toeplitz
    - net: ena: changes to RSS hash key allocation
    - net: ena: remove code that does nothing
    - net: ena: add unmask interrupts statistics to ethtool
    - net: ena: add support for reporting of packet drops
    - net: ena: drop superfluous prototype
    - net: ena: use SHUTDOWN as reset reason when closing interface
    - net: ena: cosmetic: remove unnecessary spaces and tabs in ena_com.h macros
    - net: ena: cosmetic: extract code to ena_indirection_table_set()
    - net: ena: add support for the rx offset feature
    - net: ena: rename ena_com_free_desc to make API more uniform
    - net: ena: use explicit variable size for clarity
    - net: ena: fix ena_com_comp_status_to_errno() return value
    - net: ena: simplify ena_com_update_intr_delay_resolution()
    - net: ena: cosmetic: set queue sizes to u32 for consistency
    - net: ena: cosmetic: fix spelling and grammar mistakes in comments
    - net: ena: cosmetic: fix line break issues
    - net: ena: cosmetic: remove unnecessary code
    - net: ena: cosmetic: code reorderings
    - net: ena: cosmetic: fix spacing issues
    - net: ena: cosmetic: minor code changes
    - net: ena: reduce driver load time
    - net: ena: xdp: XDP_TX: fix memory leak
    - net: ena: xdp: update napi budget for DROP and ABORTED
    - ena_netdev: use generic power management
    - net: ena: Fix using plain integer as NULL pointer in ena_init_napi_in_range
    - net: ena: avoid unnecessary rearming of interrupt vector when busy-polling
    - net: ena: add reserved PCI device ID
    - net: ena: cosmetic: satisfy gcc warning
    - net: ena: cosmetic: change ena_com_stats_admin stats to u64
    - net: ena: add support for traffic mirroring
    - net: ena: enable support of rss hash key and function changes
    - net: ena: move llq configuration from ena_probe to ena_device_init()
    - net: ena: support new LLQ acceleration mode

* [SRU] Fix acpi backlight issue on some thinkpads (LP: #1892010)
    - platform/x86: thinkpad_acpi: not loading brightness_init when _BCL invalid

* [SRU][F/OEM-5.6] add a new OLED panel support for brightness control
    (LP: #1887909)
    - drm/dp: Lenovo X13 Yoga OLED panel brightness fix

* Realtek [10ec:c82f] Subsystem [17aa:c02f] Wifi adapter not found
    (LP: #1886247)
    - SAUCE: rtw88: 8822ce: add support for device ID 0xc82f

* KVM: Fix zero_page reference counter overflow when using KSM on KVM compute
    host (LP: #1837810)
    - KVM: fix overflow of zero page refcount with ksm running

* Fix missing HDMI Audio on another HP Desktop (LP: #1891617)
    - ALSA: hda/hdmi: Use force connectivity quirk on another HP desktop

* alsa/sof: support 1 and 3 dmics (LP: #1891585)
    - SAUCE: ASoC: SOF: intel: hda: support also devices with 1 and 3 dmics

* tcp_fastopen_backup_key.sh from net in ubuntu_kernel_selftests failed on
    Eoan LPAR (LP: #1869134)
    - tcp: correct read of TFO keys on big endian systems

* Fix false-negative return value for rtnetlink.sh in kselftests/net
    (LP: #1890136)
    - selftests: rtnetlink: correct the final return value for the test
    - selftests: rtnetlink: make kci_test_encap() return sub-test result

* Focal update: v5.4.58 upstream stable release (LP: #1891387)
    - USB: serial: qcserial: add EM7305 QDL product ID
    - perf/core: Fix endless multiplex timer
    - USB: iowarrior: fix up report size handling for some devices
    - usb: xhci: define IDs for various ASMedia host controllers
    - usb: xhci: Fix ASMedia ASM1142 DMA addressing
    - io_uring: prevent re-read of sqe->opcode
    - io_uring: Fix use-after-free in io_sq_wq_submit_work()
    - Revert "ALSA: hda: call runtime_allow() for all hda controllers"
    - ALSA: hda/realtek: Add alc269/alc662 pin-tables for Loongson-3 laptops
    - ALSA: hda/ca0132 - Add new quirk ID for Recon3D.
    - ALSA: hda/ca0132 - Fix ZxR Headphone gain control get value.
    - ALSA: hda/ca0132 - Fix AE-5 microphone selection commands.
    - ALSA: seq: oss: Serialize ioctls
    - staging: android: ashmem: Fix lockdep warning for write operation
    - staging: rtl8712: handle firmware load failure
    - Staging: rtl8188eu: rtw_mlme: Fix uninitialized variable authmode
    - Bluetooth: Fix slab-out-of-bounds read in hci_extended_inquiry_result_evt()
    - Bluetooth: Prevent out-of-bounds read in hci_inquiry_result_evt()
    - Bluetooth: Prevent out-of-bounds read in hci_inquiry_result_with_rssi_evt()
    - omapfb: dss: Fix max fclk divider for omap36xx
    - binder: Prevent context manager from incrementing ref 0
    - Smack: fix use-after-free in smk_write_relabel_self()
    - scripts: add dummy report mode to add_namespace.cocci
    - vgacon: Fix for missing check in scrollback handling
    - mtd: properly check all write ioctls for permissions
    - leds: wm831x-status: fix use-after-free on unbind
    - leds: lm36274: fix use-after-free on unbind
    - leds: da903x: fix use-after-free on unbind
    - leds: lm3533: fix use-after-free on unbind
    - leds: 88pm860x: fix use-after-free on unbind
    - net/9p: validate fds in p9_fd_open
    - drm/nouveau/fbcon: fix module unload when fbcon init has failed for some
      reason
    - drm/nouveau/fbcon: zero-initialise the mode_cmd2 structure
    - drm/drm_fb_helper: fix fbdev with sparc64
    - i2c: slave: improve sanity check when registering
    - i2c: slave: add sanity check when unregistering
    - usb: hso: check for return value in hso_serial_common_create()
    - net: ethernet: mtk_eth_soc: Always call mtk_gmac0_rgmii_adjust() for mt7623
    - ALSA: hda: fix NULL pointer dereference during suspend
    - firmware: Fix a reference count leak.
    - cfg80211: check vendor command doit pointer before use
    - igb: reinit_locked() should be called with rtnl_lock
    - atm: fix atm_dev refcnt leaks in atmtcp_remove_persistent
    - tools lib traceevent: Fix memory leak in process_dynamic_array_len
    - Drivers: hv: vmbus: Ignore CHANNELMSG_TL_CONNECT_RESULT(23)
    - xattr: break delegations in {set,remove}xattr
    - Revert "powerpc/kasan: Fix shadow pages allocation failure"
    - PCI: tegra: Revert tegra124 raw_violation_fixup
    - ipv4: Silence suspicious RCU usage warning
    - ipv6: fix memory leaks on IPV6_ADDRFORM path
    - ipv6: Fix nexthop refcnt leak when creating ipv6 route info
    - net: ethernet: mtk_eth_soc: fix MTU warnings
    - rxrpc: Fix race between recvmsg and sendmsg on immediate call failure
    - vxlan: Ensure FDB dump is performed under RCU
    - net: lan78xx: replace bogus endpoint lookup
    - appletalk: Fix atalk_proc_init() return path
    - dpaa2-eth: Fix passing zero to 'PTR_ERR' warning
    - hv_netvsc: do not use VF device if link is down
    - net: gre: recompute gre csum for sctp over gre tunnels
    - net: thunderx: use spin_lock_bh in nicvf_set_rx_mode_task()
    - openvswitch: Prevent kernel-infoleak in ovs_ct_put_key()
    - Revert "vxlan: fix tos value before xmit"
    - tcp: apply a floor of 1 for RTT samples from TCP timestamps
    - ima: move APPRAISE_BOOTPARAM dependency on ARCH_POLICY to runtime
    - [Config] update annotations for IMA_APPRAISE_BOOTPARAM
    - nfsd: Fix NFSv4 READ on RDMA when using readv
    - Linux 5.4.58

* Focal update: v5.4.57 upstream stable release (LP: #1891064)
    - random32: update the net random state on interrupt and activity
    - ARM: percpu.h: fix build error
    - random: fix circular include dependency on arm64 after addition of percpu.h
    - random32: remove net_rand_state from the latent entropy gcc plugin
    - random32: move the pseudo-random 32-bit definitions to prandom.h
    - arm64: Workaround circular dependency in pointer_auth.h
    - ext4: fix direct I/O read error
    - selftests: bpf: Fix detach from sockmap tests
    - bpf: sockmap: Require attach_bpf_fd when detaching a program
    - Linux 5.4.57

* Focal update: v5.4.56 upstream stable release (LP: #1891063)
    - crypto: ccp - Release all allocated memory if sha type is invalid
    - media: rc: prevent memory leak in cx23888_ir_probe
    - sunrpc: check that domain table is empty at module unload.
    - ath10k: enable transmit data ack RSSI for QCA9884
    - PCI/ASPM: Disable ASPM on ASMedia ASM1083/1085 PCIe-to-PCI bridge
    - mm/filemap.c: don't bother dropping mmap_sem for zero size readahead
    - ALSA: usb-audio: Add implicit feedback quirk for SSL2
    - ALSA: hda/realtek: enable headset mic of ASUS ROG Zephyrus G15(GA502) series
      with ALC289
    - ALSA: hda/realtek: typo_fix: enable headset mic of ASUS ROG Zephyrus
      G14(GA401) series with ALC289
    - ALSA: hda/realtek: Fix add a "ultra_low_power" function for intel reference
      board (alc256)
    - ALSA: hda/hdmi: Fix keep_power assignment for non-component devices
    - IB/rdmavt: Fix RQ counting issues causing use of an invalid RWQE
    - vhost/scsi: fix up req type endian-ness
    - 9p/trans_fd: Fix concurrency del of req_list in p9_fd_cancelled/p9_read_work
    - wireless: Use offsetof instead of custom macro.
    - ARM: 8986/1: hw_breakpoint: Don't invoke overflow handler on uaccess
      watchpoints
    - ARM: dts: imx6sx-sabreauto: Fix the phy-mode on fec2
    - ARM: dts: imx6sx-sdb: Fix the phy-mode on fec2
    - ARM: dts: imx6qdl-icore: Fix OTG_ID pin and sdcard detect
    - virtio_balloon: fix up endian-ness for free cmd id
    - Revert "drm/amdgpu: Fix NULL dereference in dpm sysfs handlers"
    - drm/amd/display: Clear dm_state for fast updates
    - drm/amdgpu: Prevent kernel-infoleak in amdgpu_info_ioctl()
    - drm/dbi: Fix SPI Type 1 (9-bit) transfer
    - drm: hold gem reference until object is no longer accessed
    - rds: Prevent kernel-infoleak in rds_notify_queue_get()
    - libtraceevent: Fix build with binutils 2.35
    - net/x25: Fix x25_neigh refcnt leak when x25 disconnect
    - net/x25: Fix null-ptr-deref in x25_disconnect
    - ARM: dts sunxi: Relax a bit the CMA pool allocation range
    - xfrm: Fix crash when the hold queue is used.
    - ARM: dts: armada-38x: fix NETA lockup when repeatedly switching speeds
    - nvme-tcp: fix possible hang waiting for icresp response
    - selftests/net: rxtimestamp: fix clang issues for target arch PowerPC
    - selftests/net: psock_fanout: fix clang issues for target arch PowerPC
    - selftests/net: so_txtime: fix clang issues for target arch PowerPC
    - sh/tlb: Fix PGTABLE_LEVELS > 2
    - sh: Fix validation of system call number
    - net: hns3: fix a TX timeout issue
    - net: hns3: fix aRFS FD rules leftover after add a user FD rule
    - net/mlx5: E-switch, Destroy TSAR when fail to enable the mode
    - net/mlx5e: Fix error path of device attach
    - net/mlx5: Verify Hardware supports requested ptp function on a given pin
    - net/mlx5e: Modify uplink state on interface up/down
    - net/mlx5e: Fix kernel crash when setting vf VLANID on a VF dev
    - net: lan78xx: add missing endpoint sanity check
    - net: lan78xx: fix transfer-buffer memory leak
    - rhashtable: Fix unprotected RCU dereference in __rht_ptr
    - mlx4: disable device on shutdown
    - mlxsw: core: Increase scope of RCU read-side critical section
    - mlxsw: core: Free EMAD transactions using kfree_rcu()
    - ibmvnic: Fix IRQ mapping disposal in error path
    - bpf: Fix map leak in HASH_OF_MAPS map
    - mac80211: mesh: Free ie data when leaving mesh
    - mac80211: mesh: Free pending skb when destroying a mpath
    - arm64/alternatives: move length validation inside the subsection
    - arm64: csum: Fix handling of bad packets
    - Bluetooth: fix kernel oops in store_pending_adv_report
    - net: nixge: fix potential memory leak in nixge_probe()
    - net: gemini: Fix missing clk_disable_unprepare() in error path of
      gemini_ethernet_port_probe()
    - net/mlx5e: fix bpf_prog reference count leaks in mlx5e_alloc_rq
    - perf tools: Fix record failure when mixed with ARM SPE event
    - vxlan: fix memleak of fdb
    - usb: hso: Fix debug compile warning on sparc32
    - selftests: fib_nexthop_multiprefix: fix cleanup() netns deletion
    - qed: Disable "MFW indication via attention" SPAM every 5 minutes
    - selftests: net: ip_defrag: modprobe missing nf_defrag_ipv6 support
    - nfc: s3fwrn5: add missing release on skb in s3fwrn5_recv_frame
    - scsi: core: Run queue in case of I/O resource contention failure
    - parisc: add support for cmpxchg on u8 pointers
    - net: ethernet: ravb: exit if re-initialization fails in tx timeout
    - Revert "i2c: cadence: Fix the hold bit setting"
    - x86/unwind/orc: Fix ORC for newly forked tasks
    - x86/stacktrace: Fix reliable check for empty user task stacks
    - cxgb4: add missing release on skb in uld_send()
    - xen-netfront: fix potential deadlock in xennet_remove()
    - RISC-V: Set maximum number of mapped pages correctly
    - drivers/net/wan: lapb: Corrected the usage of skb_cow
    - KVM: arm64: Don't inherit exec permission across page-table levels
    - KVM: LAPIC: Prevent setting the tscdeadline timer if the lapic is hw
      disabled
    - x86/i8259: Use printk_deferred() to prevent deadlock
    - perf tests bp_account: Make global variable static
    - perf env: Do not return pointers to local variables
    - perf bench: Share some global variables to fix build with gcc 10
    - Linux 5.4.56

-- Kleber Sacilotto de Souza <kleber.souza@canonical.com>  Thu, 10 Sep 2020 12:12:09 +0200

Changed in linux (Ubuntu Focal):
status:	Fix Committed → Fix Released

Revision history for this message

Frank Heimes (fheimes) wrote on 2020-09-21:

#11

I just verified if the patch/commit also landed in groovy and it did.
Hence updating the groovy entry to Fix Released and with that the entire case.

Changed in linux (Ubuntu Groovy):
status:	Fix Committed → Fix Released
Changed in ubuntu-z-systems:
status:	Fix Committed → Fix Released

Revision history for this message

bugproxy (bugproxy) wrote on 2020-09-21:

#12

------- Comment From <email address hidden> 2020-09-21 09:07 EDT-------
IBM bugzilla status->closed, Fix Released for focal and groovy

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.

Ubuntulinux package

[UBUNTU 20.04] zPCI: Enabling of a reserved PCI function regression introduced by multi-function support

Bug Description

CVE References

Other bug subscribers

Remote bug watches

Ubuntu
linux package