Ubuntu
linux package

tc/ebpf: unable to use BPF_FUNC_skb_change_head

Bug #1896504 reported by Nicolas Dichtel on 2020-09-21

This bug affects 1 person

	Status	Importance	Assigned to
linux (Ubuntu)	Incomplete	Undecided	Thadeu Lima de Souza Cascardo
Focal	Fix Released	Undecided	Thadeu Lima de Souza Cascardo
Groovy	Incomplete	Undecided	Thadeu Lima de Souza Cascardo

Bug Description

[Impact]

tc ebpf program that uses BPF_FUNC_skb_change_head are rejected.

This helper exists since linux v4.10, but it cannot be used until the the upstream commit 6f3f65d80dac ("net: bpf: Allow TC programs to call BPF_FUNC_skb_change_head"):
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=6f3f65d80dac

[Test Case]

Create a, ebpf program that uses this helper and load it with tc.

[Regression Potential]

The patch is trivial, the potential regressions are low.

See original description

Tags:

CVE References

Nicolas Dichtel (nicolas-dichtel) on 2020-09-21

description:

updated

Revision history for this message

Ubuntu Kernel Bot (ubuntu-kernel-bot) wrote on 2020-09-21: Missing required logs.

This bug is missing log files that will aid in diagnosing the problem. While running an Ubuntu kernel (not a mainline or third-party kernel) please enter the following command in a terminal window:

apport-collect 1896504

and then change the status of the bug to 'Confirmed'.

If, due to the nature of the issue you have encountered, you are unable to run this command, please add a comment stating that fact and change the bug status to 'Confirmed'.

This change has been made by an automated script, maintained by the Ubuntu Kernel Team.

Changed in linux (Ubuntu):
status:	New → Incomplete

Revision history for this message

Nicolas Dichtel (nicolas-dichtel) wrote on 2020-09-22:

Here is an example:

root@ubuntu1804hwe:~# uname -a
Linux ubuntu1804hwe 5.4.0-47-generic #51~18.04.1-Ubuntu SMP Sat Sep 5 14:35:50 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux
root@ubuntu1804hwe:~# cat test.c
#include <linux/pkt_cls.h>
#include <linux/bpf.h>

#ifndef __section
# define __section(NAME) __attribute__((section(NAME), used))
#endif

static int (*bpf_skb_change_head)(void *ctx, int headroom, int flags) =
(void *) BPF_FUNC_skb_change_head;

__section("test")
int _test(struct __sk_buff *skb)
{
bpf_skb_change_head(skb, 14, 0);
return TC_ACT_OK;
}

char _license[] __section("license") = "GPL";
root@ubuntu1804hwe:~# clang -target bpf -I/usr/include/x86_64-linux-gnu/ -O2 -o test.o -c test.c
root@ubuntu1804hwe:~# ip link add name dummy1 type dummy
root@ubuntu1804hwe:~# ip link set dummy1 up
root@ubuntu1804hwe:~# tc qdisc add dev dummy1 clsact
root@ubuntu1804hwe:~# tc filter add dev dummy1 egress matchall action bpf obj ./test.o sec test

Prog section 'test' rejected: Invalid argument (22)!
- Type: 4
- Instructions: 5 (0 over limit)
- License: GPL

Verifier analysis:

0: (b7) r2 = 14
1: (b7) r3 = 0
2: (85) call bpf_skb_change_head#43
unknown func bpf_skb_change_head#43
processed 3 insns (limit 1000000) max_states_per_insn 0 total_states 0 peak_states 0 mark_read 0

Error fetching program/map!
bad action parsing
parse_action: bad value (5:bpf)!
Illegal "action"
root@ubuntu1804hwe:~#

Revision history for this message

Nicolas Dichtel (nicolas-dichtel) wrote on 2020-09-22:

With a newer kernel, the last command succeeds (not output):

root@ubuntu1804hwe:~# uname -a
Linux ubuntu1804hwe 5.9.0-rc3-ge1b81391421b+6wind-net #1 SMP Mon Sep 21 19:31:31 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux
root@ubuntu1804hwe:~# tc filter add dev dummy1 egress matchall action bpf obj ./test.o sec test
root@ubuntu1804hwe:~#

Revision history for this message

Nicolas Dichtel (nicolas-dichtel) wrote on 2020-09-22:

I forget to explain how to check that the tc command was accepted:

root@ubuntu1804hwe:~# tc filter show dev dummy1 egress
filter protocol all pref 49152 matchall chain 0
filter protocol all pref 49152 matchall chain 0 handle 0x1
  not_in_hw
        action order 1: bpf test.o:[test] id 9 tag 26af4b090d2d67ee jited default-action pipe
        index 1 ref 1 bind 1

root@ubuntu1804hwe:~#

Thadeu Lima de Souza Cascardo (cascardo) on 2020-09-22

Changed in linux (Ubuntu Focal):
status:	New → Confirmed
Changed in linux (Ubuntu Groovy):
assignee:	nobody → Thadeu Lima de Souza Cascardo (cascardo)
Changed in linux (Ubuntu Focal):
assignee:	nobody → Thadeu Lima de Souza Cascardo (cascardo)

Ian May (ian-may) on 2020-10-08

Changed in linux (Ubuntu Focal):
status:	Confirmed → Fix Committed

Revision history for this message

Ubuntu Kernel Bot (ubuntu-kernel-bot) wrote on 2020-11-17:

This bug is awaiting verification that the kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-focal' to 'verification-done-focal'. If the problem still exists, change the tag 'verification-needed-focal' to 'verification-failed-focal'.

If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you!

tags:

added: verification-needed-focal

Nicolas Dichtel (nicolas-dichtel) on 2020-11-20

tags:

added: verification-done-focal
removed: verification-needed-focal

Revision history for this message

Launchpad Janitor (janitor) wrote on 2020-11-30:

Download full text (78.9 KiB)

This bug was fixed in the package linux - 5.4.0-56.62

---------------
linux (5.4.0-56.62) focal; urgency=medium

* focal/linux: 5.4.0-56.62 -proposed tracker (LP: #1905300)

  * CVE-2020-4788
    - selftests/powerpc: rfi_flush: disable entry flush if present
    - powerpc/64s: flush L1D on kernel entry
    - powerpc/64s: flush L1D after user accesses
    - selftests/powerpc: entry flush test

linux (5.4.0-55.61) focal; urgency=medium

* focal/linux: 5.4.0-55.61 -proposed tracker (LP: #1903175)

* Update kernel packaging to support forward porting kernels (LP: #1902957)
- [Debian] Update for leader included in BACKPORT_SUFFIX

* Avoid double newline when running insertchanges (LP: #1903293)
- [Packaging] insertchanges: avoid double newline

* EFI: Fails when BootCurrent entry does not exist (LP: #1899993)
- efivarfs: Replace invalid slashes with exclamation marks in dentries.

* CVE-2020-14351
- perf/core: Fix race in the perf_mmap_close() function

  * raid10: Block discard is very slow, causing severe delays for mkfs and
    fstrim operations (LP: #1896578)
    - md: add md_submit_discard_bio() for submitting discard bio
    - md/raid10: extend r10bio devs to raid disks
    - md/raid10: pull codes that wait for blocked dev into one function
    - md/raid10: improve raid10 discard request
    - md/raid10: improve discard request for far layout
    - dm raid: fix discard limits for raid1 and raid10
    - dm raid: remove unnecessary discard limits for raid10

  * Bionic: btrfs: kernel BUG at /build/linux-
    eTBZpZ/linux-4.15.0/fs/btrfs/ctree.c:3233! (LP: #1902254)
    - btrfs: drop unnecessary offset_in_page in extent buffer helpers
    - btrfs: extent_io: do extra check for extent buffer read write functions
    - btrfs: extent-tree: kill BUG_ON() in __btrfs_free_extent()
    - btrfs: extent-tree: kill the BUG_ON() in insert_inline_extent_backref()
    - btrfs: ctree: check key order before merging tree blocks

* Ethernet no link lights after reboot (Intel i225-v 2.5G) (LP: #1902578)
- igc: Add PHY power management control

  * Undetected Data corruption in MPI workloads that use VSX for reductions on
    POWER9 DD2.1 systems (LP: #1902694)
    - powerpc: Fix undetected data corruption with P9N DD2.1 VSX CI load emulation
    - selftests/powerpc: Make alignment handler test P9N DD2.1 vector CI load
      workaround

  * [20.04 FEAT] Support/enhancement of NVMe IPL (LP: #1902179)
    - s390: nvme ipl
    - s390: nvme reipl
    - s390/ipl: support NVMe IPL kernel parameters

* uvcvideo: add mapping for HEVC payloads (LP: #1895803)
- media: uvcvideo: Add mapping for HEVC payloads

This bug was fixed in the package linux - 5.4.0-56.62

---------------
linux (5.4.0-56.62) focal; urgency=medium

* focal/linux: 5.4.0-56.62 -proposed tracker (LP: #1905300)

linux (5.4.0-55.61) focal; urgency=medium

* focal/linux: 5.4.0-55.61 -proposed tracker (LP: #1903175)

* Update kernel packaging to support forward porting kernels (LP: #1902957)
    - [Debian] Update for leader included in BACKPORT_SUFFIX

* Avoid double newline when running insertchanges (LP: #1903293)
    - [Packaging] insertchanges: avoid double newline

* EFI: Fails when BootCurrent entry does not exist (LP: #1899993)
    - efivarfs: Replace invalid slashes with exclamation marks in dentries.

* CVE-2020-14351
    - perf/core: Fix race in the perf_mmap_close() function

* Ethernet no link lights after reboot (Intel i225-v 2.5G) (LP: #1902578)
    - igc: Add PHY power management control

* [20.04 FEAT] Support/enhancement of NVMe IPL (LP: #1902179)
    - s390: nvme ipl
    - s390: nvme reipl
    - s390/ipl: support NVMe IPL kernel parameters

* uvcvideo: add mapping for HEVC payloads (LP: #1895803)
    - media: uvcvideo: Add mapping for HEVC payloads

* Focal update: v5.4.73 upstream stable release (LP: #1902115)
    - ibmveth: Switch order of ibmveth_helper calls.
    - ibmveth: Identify ingress large send packets.
    - ipv4: Restore flowi4_oif update before call to xfrm_lookup_route
    - mlx4: handle non-napi callers to napi_poll
    - net: fec: Fix phy_device lookup for phy_reset_after_clk_enable()
    - net: fec: Fix PHY init after phy_reset_after_clk_enable()
    - net: fix pos incrementment in ipv6_route_seq_next
    - net/smc: fix valid DMBE buffer sizes
    - net/tls: sendfile fails with ktls offload
    - net: usb: qmi_wwan: add Cellient MPL200 card
    - tipc: fix the skb_unshare() in tipc_buf_append()
    - socket: fix option SO_TIMESTAMPING_NEW
    - can: m_can_platform: don't call m_can_class_suspend in runtime suspend
    - can: j1935: j1939_tp_tx_dat_new(): fix missing initialization of skbcnt
    - net: j1939: j1939_session_fresh_new(): fix missing initialization of skbcnt
    - net/ipv4: always honour route mtu during forwarding
    - net_sched: remove a redundant goto chain check
    - r8169: fix data corruption issue on RTL8402
    - cxgb4: handle 4-tuple PEDIT to NAT mode translation
    - binder: fix UAF when releasing todo list
    - ALSA: bebob: potential info leak in hwdep_read()
    - ALSA: hda/hdmi: fix incorrect locking in hdmi_pcm_close
    - nvme-pci: disable the write zeros command for Intel 600P/P3100
    - chelsio/chtls: fix socket lock
    - chelsio/chtls: correct netdevice for vlan interface
    - chelsio/chtls: correct function return and return type
    - ibmvnic: save changed mac address to adapter->mac_addr
    - net: ftgmac100: Fix Aspeed ast2600 TX hang issue
    - net: hdlc: In hdlc_rcv, check to make sure dev is an HDLC device
    - net: hdlc_raw_eth: Clear the IFF_TX_SKB_SHARING flag after calling
      ether_setup
    - net: Properly typecast int values to set sk_max_pacing_rate
    - net/sched: act_tunnel_key: fix OOB write in case of IPv6 ERSPAN tunnels
    - nexthop: Fix performance regression in nexthop deletion
    - nfc: Ensure presence of NFC_ATTR_FIRMWARE_NAME attribute in
      nfc_genl_fw_download()
    - r8169: fix operation under forced interrupt threading
    - selftests: forwarding: Add missing 'rp_filter' configuration
    - tcp: fix to update snd_wl1 in bulk receiver fast path
    - icmp: randomize the global rate limiter
    - ALSA: hda/realtek - set mic to auto detect on a HP AIO machine
    - ALSA: hda/realtek - Add mute Led support for HP Elitebook 845 G7
    - ALSA: hda/realtek: Enable audio jacks of ASUS D700SA with ALC887
    - cifs: remove bogus debug code
    - cifs: Return the error from crypt_message when enc/dec key not found.
    - SMB3: Resolve data corruption of TCP server info fields
    - KVM: nVMX: Reset the segment cache when stuffing guest segs
    - KVM: nVMX: Reload vmcs01 if getting vmcs12's pages fails
    - KVM: x86/mmu: Commit zap of remaining invalid pages when recovering lpages
    - KVM: SVM: Initialize prev_ga_tag before use
    - ima: Don't ignore errors from crypto_shash_update()
    - crypto: algif_aead - Do not set MAY_BACKLOG on the async path
    - crypto: caam/qi - add fallback for XTS with more than 8B IV
    - EDAC/i5100: Fix error handling order in i5100_init_one()
    - EDAC/aspeed: Fix handling of platform_get_irq() error
    - EDAC/ti: Fix handling of platform_get_irq() error
    - perf/x86/intel/ds: Fix x86_pmu_stop warning for large PEBS
    - x86/fpu: Allow multiple bits in clearcpuid= parameter
    - drivers/perf: xgene_pmu: Fix uninitialized resource struct
    - drivers/perf: thunderx2_pmu: Fix memory resource error handling
    - sched/fair: Fix wrong cpu selecting from isolated domain
    - perf/x86/intel/uncore: Update Ice Lake uncore units
    - perf/x86/intel/uncore: Reduce the number of CBOX counters
    - x86/nmi: Fix nmi_handle() duration miscalculation
    - x86/events/amd/iommu: Fix sizeof mismatch
    - crypto: algif_skcipher - EBUSY on aio should be an error
    - crypto: mediatek - Fix wrong return value in mtk_desc_ring_alloc()
    - crypto: ixp4xx - Fix the size used in a 'dma_free_coherent()' call
    - crypto: picoxcell - Fix potential race condition bug
    - media: tuner-simple: fix regression in simple_set_radio_freq
    - media: Revert "media: exynos4-is: Add missed check for
      pinctrl_lookup_state()"
    - media: ov5640: Correct Bit Div register in clock tree diagram
    - media: m5mols: Check function pointer in m5mols_sensor_power
    - media: uvcvideo: Set media controller entity functions
    - media: uvcvideo: Silence shift-out-of-bounds warning
    - media: staging/intel-ipu3: css: Correctly reset some memory
    - media: omap3isp: Fix memleak in isp_probe
    - media: i2c: ov5640: Remain in power down for DVP mode unless streaming
    - media: i2c: ov5640: Separate out mipi configuration from s_power
    - media: i2c: ov5640: Enable data pins on poweron for DVP mode
    - media: rcar_drif: Fix fwnode reference leak when parsing DT
    - media: rcar_drif: Allocate v4l2_async_subdev dynamically
    - media: rcar-csi2: Allocate v4l2_async_subdev dynamically
    - crypto: omap-sham - fix digcnt register handling with export/import
    - hwmon: (pmbus/max34440) Fix status register reads for MAX344{51,60,61}
    - cypto: mediatek - fix leaks in mtk_desc_ring_alloc
    - media: mx2_emmaprp: Fix memleak in emmaprp_probe
    - media: tc358743: initialize variable
    - media: tc358743: cleanup tc358743_cec_isr
    - media: rcar-vin: Fix a reference count leak.
    - media: rockchip/rga: Fix a reference count leak.
    - media: platform: fcp: Fix a reference count leak.
    - media: camss: Fix a reference count leak.
    - media: s5p-mfc: Fix a reference count leak
    - media: stm32-dcmi: Fix a reference count leak
    - media: ti-vpe: Fix a missing check and reference count leak
    - regulator: resolve supply after creating regulator
    - pinctrl: bcm: fix kconfig dependency warning when !GPIOLIB
    - spi: spi-s3c64xx: swap s3c64xx_spi_set_cs() and s3c64xx_enable_datapath()
    - spi: spi-s3c64xx: Check return values
    - blk-mq: move cancel of hctx->run_work to the front of blk_exit_queue
    - ath10k: provide survey info as accumulated data
    - drm/vkms: fix xrgb on compute crc
    - Bluetooth: hci_uart: Cancel init work before unregistering
    - drm/amd/display: Fix wrong return value in dm_update_plane_state()
    - drm: panel: Fix bus format for OrtusTech COM43H4M85ULC panel
    - ath6kl: prevent potential array overflow in ath6kl_add_new_sta()
    - ath9k: Fix potential out of bounds in ath9k_htc_txcompletion_cb()
    - ath10k: Fix the size used in a 'dma_free_coherent()' call in an error
      handling path
    - wcn36xx: Fix reported 802.11n rx_highest rate wcn3660/wcn3680
    - ASoC: qcom: lpass-platform: fix memory leak
    - ASoC: qcom: lpass-cpu: fix concurrency issue
    - brcmfmac: check ndev pointer
    - mwifiex: Do not use GFP_KERNEL in atomic context
    - staging: rtl8192u: Do not use GFP_KERNEL in atomic context
    - drm/gma500: fix error check
    - scsi: qla4xxx: Fix an error handling path in 'qla4xxx_get_host_stats()'
    - scsi: qla2xxx: Fix wrong return value in qlt_chk_unresolv_exchg()
    - scsi: qla2xxx: Fix wrong return value in qla_nvme_register_hba()
    - scsi: csiostor: Fix wrong return value in csio_hw_prep_fw()
    - backlight: sky81452-backlight: Fix refcount imbalance on error
    - staging: emxx_udc: Fix passing of NULL to dma_alloc_coherent()
    - VMCI: check return value of get_user_pages_fast() for errors
    - mm/error_inject: Fix allow_error_inject function signatures.
    - drm: panel: Fix bpc for OrtusTech COM43H4M85ULC panel
    - drm/crc-debugfs: Fix memleak in crc_control_write
    - binder: Remove bogus warning on failed same-process transaction
    - tty: serial: earlycon dependency
    - pty: do tty_flip_buffer_push without port->lock in pty_write
    - pwm: lpss: Fix off by one error in base_unit math in pwm_lpss_prepare()
    - pwm: lpss: Add range limit check for the base_unit register value
    - drivers/virt/fsl_hypervisor: Fix error handling path
    - video: fbdev: vga16fb: fix setting of pixclock because a pass-by-value error
    - video: fbdev: sis: fix null ptr dereference
    - video: fbdev: radeon: Fix memleak in radeonfb_pci_register
    - ASoC: fsl: imx-es8328: add missing put_device() call in imx_es8328_probe()
    - HID: roccat: add bounds checking in kone_sysfs_write_settings()
    - drm/msm: Avoid div-by-zero in dpu_crtc_atomic_check()
    - drm/panfrost: Ensure GPU quirks are always initialised
    - iomap: Clear page error before beginning a write
    - pinctrl: mcp23s08: Fix mcp23x17_regmap initialiser
    - pinctrl: mcp23s08: Fix mcp23x17 precious range
    - net/mlx5: Don't call timecounter cyc2time directly from 1PPS flow
    - scsi: mpt3sas: Fix sync irqs
    - net: stmmac: use netif_tx_start|stop_all_queues() function
    - cpufreq: armada-37xx: Add missing MODULE_DEVICE_TABLE
    - drm: mxsfb: check framebuffer pitch
    - coresight: etm4x: Handle unreachable sink in perf mode
    - xhci: don't create endpoint debugfs entry before ring buffer is set.
    - net: dsa: rtl8366: Check validity of passed VLANs
    - net: dsa: rtl8366: Refactor VLAN/PVID init
    - net: dsa: rtl8366: Skip PVID setting if not requested
    - net: wilc1000: clean up resource in error path of init mon interface
    - ASoC: tlv320aic32x4: Fix bdiv clock rate derivation
    - net: dsa: rtl8366rb: Support all 4096 VLANs
    - spi: omap2-mcspi: Improve performance waiting for CHSTAT
    - ath6kl: wmi: prevent a shift wrapping bug in ath6kl_wmi_delete_pstream_cmd()
    - dmaengine: dmatest: Check list for emptiness before access its last entry
    - misc: mic: scif: Fix error handling path
    - ALSA: seq: oss: Avoid mutex lock for a long-time ioctl
    - usb: dwc2: Fix parameter type in function pointer prototype
    - quota: clear padding in v2r1_mem2diskdqb()
    - slimbus: core: check get_addr before removing laddr ida
    - slimbus: core: do not enter to clock pause mode in core
    - slimbus: qcom-ngd-ctrl: disable ngd in qmi server down callback
    - ASoC: fsl_sai: Instantiate snd_soc_dai_driver
    - HID: hid-input: fix stylus battery reporting
    - nvmem: core: fix possibly memleak when use nvmem_cell_info_to_nvmem_cell()
    - nl80211: fix OBSS PD min and max offset validation
    - coresight: etm: perf: Fix warning caused by etm_setup_aux failure
    - ibmvnic: set up 200GBPS speed
    - qtnfmac: fix resource leaks on unsupported iftype error return path
    - iio: adc: stm32-adc: fix runtime autosuspend delay when slow polling
    - net: enic: Cure the enic api locking trainwreck
    - mfd: sm501: Fix leaks in probe()
    - iwlwifi: mvm: split a print to avoid a WARNING in ROC
    - usb: gadget: f_ncm: fix ncm_bitrate for SuperSpeed and above.
    - usb: gadget: u_ether: enable qmult on SuperSpeed Plus as well
    - nl80211: fix non-split wiphy information
    - usb: dwc2: Fix INTR OUT transfers in DDMA mode.
    - scsi: target: tcmu: Fix warning: 'page' may be used uninitialized
    - scsi: be2iscsi: Fix a theoretical leak in beiscsi_create_eqs()
    - ipmi_si: Fix wrong return value in try_smi_init()
    - platform/x86: mlx-platform: Remove PSU EEPROM configuration
    - mwifiex: fix double free
    - ipvs: clear skb->tstamp in forwarding path
    - net: korina: fix kfree of rx/tx descriptor array
    - netfilter: nf_log: missing vlan offload tag and proto
    - mm/swapfile.c: fix potential memory leak in sys_swapon
    - mm/memcg: fix device private memcg accounting
    - mm, oom_adj: don't loop through tasks in __set_oom_adj when not necessary
    - fs: fix NULL dereference due to data race in prepend_path()
    - selftests/ftrace: Change synthetic event name for inter-event-combined test
    - i3c: master add i3c_master_attach_boardinfo to preserve boardinfo
    - IB/mlx4: Fix starvation in paravirt mux/demux
    - IB/mlx4: Adjust delayed work when a dup is observed
    - powerpc/pseries: Fix missing of_node_put() in rng_init()
    - powerpc/icp-hv: Fix missing of_node_put() in success path
    - RDMA/ucma: Fix locking for ctx->events_reported
    - RDMA/ucma: Add missing locking around rdma_leave_multicast()
    - mtd: lpddr: fix excessive stack usage with clang
    - RDMA/hns: Add a check for current state before modifying QP
    - RDMA/umem: Fix signature of stub ib_umem_find_best_pgsz()
    - powerpc/pseries: explicitly reschedule during drmem_lmb list traversal
    - pseries/drmem: don't cache node id in drmem_lmb struct
    - RDMA/mlx5: Fix potential race between destroy and CQE poll
    - mtd: mtdoops: Don't write panic data twice
    - ARM: 9007/1: l2c: fix prefetch bits init in L2X0_AUX_CTRL using DT values
    - arc: plat-hsdk: fix kconfig dependency warning when !RESET_CONTROLLER
    - ida: Free allocated bitmap in error path
    - xfs: limit entries returned when counting fsmap records
    - xfs: fix deadlock and streamline xfs_getfsmap performance
    - xfs: fix high key handling in the rt allocator's query_range function
    - RDMA/umem: Fix ib_umem_find_best_pgsz() for mappings that cross a page
      boundary
    - RDMA/umem: Prevent small pages from being returned by
      ib_umem_find_best_pgsz()
    - RDMA/qedr: Fix qp structure memory leak
    - RDMA/qedr: Fix use of uninitialized field
    - RDMA/qedr: Fix return code if accept is called on a destroyed qp
    - RDMA/qedr: Fix inline size returned for iWARP
    - powerpc/book3s64/hash/4k: Support large linear mapping range with 4K
    - powerpc/tau: Use appropriate temperature sample interval
    - powerpc/tau: Convert from timer to workqueue
    - powerpc/tau: Remove duplicated set_thresholds() call
    - powerpc/tau: Check processor type before enabling TAU interrupt
    - powerpc/tau: Disable TAU between measurements
    - powerpc/64s/radix: Fix mm_cpumask trimming race vs kthread_use_mm
    - RDMA/cma: Remove dead code for kernel rdmacm multicast
    - RDMA/cma: Consolidate the destruction of a cma_multicast in one place
    - perf intel-pt: Fix "context_switch event has no tid" error
    - RDMA/hns: Set the unsupported wr opcode
    - RDMA/mlx5: Disable IB_DEVICE_MEM_MGT_EXTENSIONS if IB_WR_REG_MR can't work
    - i40iw: Add support to make destroy QP synchronous
    - perf stat: Skip duration_time in setup_system_wide
    - RDMA/hns: Fix the wrong value of rnr_retry when querying qp
    - RDMA/hns: Fix missing sq_sig_type when querying QP
    - mtd: rawnand: vf610: disable clk on error handling path in probe
    - mtd: spinand: gigadevice: Only one dummy byte in QUADIO
    - mtd: spinand: gigadevice: Add QE Bit
    - kdb: Fix pager search for multi-line strings
    - overflow: Include header file with SIZE_MAX declaration
    - RDMA/ipoib: Set rtnl_link_ops for ipoib interfaces
    - powerpc/perf: Exclude pmc5/6 from the irrelevant PMU group constraints
    - powerpc/perf/hv-gpci: Fix starting index value
    - i3c: master: Fix error return in cdns_i3c_master_probe()
    - cpufreq: powernv: Fix frame-size-overflow in powernv_cpufreq_reboot_notifier
    - IB/rdmavt: Fix sizeof mismatch
    - RDMA/rxe: Fix skb lifetime in rxe_rcv_mcast_pkt()
    - maiblox: mediatek: Fix handling of platform_get_irq() error
    - selftests/powerpc: Fix eeh-basic.sh exit codes
    - f2fs: wait for sysfs kobject removal before freeing f2fs_sb_info
    - RDMA/rxe: Handle skb_clone() failure in rxe_recv.c
    - mm/page_owner: change split_page_owner to take a count
    - lib/crc32.c: fix trivial typo in preprocessor condition
    - ramfs: fix nommu mmap with gaps in the page cache
    - rapidio: fix error handling path
    - rapidio: fix the missed put_device() for rio_mport_add_riodev
    - mailbox: avoid timer start from callback
    - i2c: rcar: Auto select RESET_CONTROLLER
    - clk: meson: g12a: mark fclk_div2 as critical
    - PCI: aardvark: Check for errors from pci_bridge_emul_init() call
    - PCI: iproc: Set affinity mask on MSI interrupts
    - rpmsg: smd: Fix a kobj leak in in qcom_smd_parse_edge()
    - PCI/IOV: Mark VFs as not implementing PCI_COMMAND_MEMORY
    - vfio/pci: Decouple PCI_COMMAND_MEMORY bit checks from is_virtfn
    - clk: qcom: gcc-sdm660: Fix wrong parent_map
    - clk: keystone: sci-clk: fix parsing assigned-clock data during probe
    - pwm: img: Fix null pointer access in probe
    - clk: rockchip: Initialize hw to error to avoid undefined behavior
    - clk: mediatek: add UART0 clock support
    - module: statically initialize init section freeing data
    - clk: at91: clk-main: update key before writing AT91_CKGR_MOR
    - clk: bcm2835: add missing release if devm_clk_hw_register fails
    - watchdog: Fix memleak in watchdog_cdev_register
    - watchdog: Use put_device on error
    - watchdog: sp5100: Fix definition of EFCH_PM_DECODEEN3
    - svcrdma: fix bounce buffers for unaligned offsets and multiple pages
    - ext4: limit entries returned when counting fsmap records
    - vfio/pci: Clear token on bypass registration failure
    - vfio iommu type1: Fix memory leak in vfio_iommu_type1_pin_pages
    - clk: imx8mq: Fix usdhc parents order
    - SUNRPC: fix copying of multiple pages in gss_read_proxy_verf()
    - Input: imx6ul_tsc - clean up some errors in imx6ul_tsc_resume()
    - Input: stmfts - fix a & vs && typo
    - Input: ep93xx_keypad - fix handling of platform_get_irq() error
    - Input: omap4-keypad - fix handling of platform_get_irq() error
    - Input: twl4030_keypad - fix handling of platform_get_irq() error
    - Input: sun4i-ps2 - fix handling of platform_get_irq() error
    - KVM: x86: emulating RDPID failure shall return #UD rather than #GP
    - scsi: bfa: Fix error return in bfad_pci_init()
    - netfilter: conntrack: connection timeout after re-register
    - netfilter: ebtables: Fixes dropping of small packets in bridge nat
    - netfilter: nf_fwd_netdev: clear timestamp in forwarding path
    - arm64: dts: meson: vim3: correct led polarity
    - ARM: dts: imx6sl: fix rng node
    - ARM: at91: pm: of_node_put() after its usage
    - ARM: s3c24xx: fix mmc gpio lookup tables
    - ARM: dts: sun8i: r40: bananapi-m2-ultra: Fix dcdc1 regulator
    - arm64: dts: allwinner: h5: remove Mali GPU PMU module
    - memory: omap-gpmc: Fix a couple off by ones
    - memory: omap-gpmc: Fix build error without CONFIG_OF
    - memory: fsl-corenet-cf: Fix handling of platform_get_irq() error
    - arm64: dts: imx8mq: Add missing interrupts to GPC
    - arm64: dts: qcom: msm8916: Remove one more thermal trip point unit name
    - arm64: dts: qcom: pm8916: Remove invalid reg size from wcd_codec
    - arm64: dts: qcom: msm8916: Fix MDP/DSI interrupts
    - arm64: dts: renesas: r8a77990: Fix MSIOF1 DMA channels
    - arm64: dts: renesas: r8a774c0: Fix MSIOF1 DMA channels
    - arm64: dts: actions: limit address range for pinctrl node
    - ARM: dts: owl-s500: Fix incorrect PPI interrupt specifiers
    - soc: fsl: qbman: Fix return value on success
    - ARM: OMAP2+: Restore MPU power domain if cpu_cluster_pm_enter() fails
    - arm64: dts: zynqmp: Remove additional compatible string for i2c IPs
    - ARM: dts: meson8: remove two invalid interrupt lines from the GPU node
    - lightnvm: fix out-of-bounds write to array devices->info[]
    - powerpc/powernv/dump: Fix race while processing OPAL dump
    - powerpc/pseries: Avoid using addr_to_pfn in real mode
    - nvmet: fix uninitialized work for zero kato
    - NTB: hw: amd: fix an issue about leak system resources
    - sched/features: Fix !CONFIG_JUMP_LABEL case
    - perf: correct SNOOPX field offset
    - i2c: core: Restore acpi_walk_dep_device_list() getting called after
      registering the ACPI i2c devs
    - md/bitmap: fix memory leak of temporary bitmap
    - block: ratelimit handle_bad_sector() message
    - crypto: ccp - fix error handling
    - x86/asm: Replace __force_order with a memory clobber
    - x86/mce: Add Skylake quirk for patrol scrub reported errors
    - media: firewire: fix memory leak
    - media: ati_remote: sanity check for both endpoints
    - media: st-delta: Fix reference count leak in delta_run_work
    - media: sti: Fix reference count leaks
    - media: exynos4-is: Fix several reference count leaks due to
      pm_runtime_get_sync
    - media: exynos4-is: Fix a reference count leak due to pm_runtime_get_sync
    - media: exynos4-is: Fix a reference count leak
    - media: vsp1: Fix runtime PM imbalance on error
    - media: platform: s3c-camif: Fix runtime PM imbalance on error
    - media: platform: sti: hva: Fix runtime PM imbalance on error
    - media: bdisp: Fix runtime PM imbalance on error
    - media: media/pci: prevent memory leak in bttv_probe
    - x86/mce: Make mce_rdmsrl() panic on an inaccessible MSR
    - media: uvcvideo: Ensure all probed info is returned to v4l2
    - mmc: sdio: Check for CISTPL_VERS_1 buffer size
    - media: saa7134: avoid a shift overflow
    - media: venus: fixes for list corruption
    - fs: dlm: fix configfs memory leak
    - media: venus: core: Fix runtime PM imbalance in venus_probe
    - ntfs: add check for mft record size in superblock
    - ip_gre: set dev->hard_header_len and dev->needed_headroom properly
    - mac80211: handle lack of sband->bitrates in rates
    - PM: hibernate: remove the bogus call to get_gendisk() in software_resume()
    - scsi: mvumi: Fix error return in mvumi_io_attach()
    - scsi: target: core: Add CONTROL field for trace events
    - mic: vop: copy data to kernel space then write to io memory
    - misc: vop: add round_up(x,4) for vring_size to avoid kernel panic
    - usb: dwc3: Add splitdisable quirk for Hisilicon Kirin Soc
    - usb: gadget: function: printer: fix use-after-free in __lock_acquire
    - udf: Limit sparing table size
    - udf: Avoid accessing uninitialized data on failed inode read
    - rtw88: increse the size of rx buffer size
    - USB: cdc-acm: handle broken union descriptors
    - usb: dwc3: simple: add support for Hikey 970
    - can: flexcan: flexcan_chip_stop(): add error handling and propagate error
      value
    - ath9k: hif_usb: fix race condition between usb_get_urb() and
      usb_kill_anchored_urbs()
    - drm/panfrost: add amlogic reset quirk callback
    - bpf: Limit caller's stack depth 256 for subprogs with tailcalls
    - misc: rtsx: Fix memory leak in rtsx_pci_probe
    - reiserfs: only call unlock_new_inode() if I_NEW
    - opp: Prevent memory leak in dev_pm_opp_attach_genpd()
    - xfs: make sure the rt allocator doesn't run off the end
    - usb: ohci: Default to per-port over-current protection
    - Bluetooth: Only mark socket zapped after unlocking
    - drm/msm/a6xx: fix a potential overflow issue
    - iomap: fix WARN_ON_ONCE() from unprivileged users
    - scsi: ibmvfc: Fix error return in ibmvfc_probe()
    - scsi: qla2xxx: Warn if done() or free() are called on an already freed srb
    - selftests/bpf: Fix test_sysctl_loop{1, 2} failure due to clang change
    - brcmsmac: fix memory leak in wlc_phy_attach_lcnphy
    - rtl8xxxu: prevent potential memory leak
    - Fix use after free in get_capset_info callback.
    - HID: ite: Add USB id match for Acer One S1003 keyboard dock
    - scsi: qedf: Return SUCCESS if stale rport is encountered
    - scsi: qedi: Protect active command list to avoid list corruption
    - scsi: qedi: Fix list_del corruption while removing active I/O
    - fbmem: add margin check to fb_check_caps()
    - tty: ipwireless: fix error handling
    - Bluetooth: btusb: Fix memleak in btusb_mtk_submit_wmt_recv_urb
    - ipvs: Fix uninit-value in do_ip_vs_set_ctl()
    - reiserfs: Fix memory leak in reiserfs_parse_options()
    - mwifiex: don't call del_timer_sync() on uninitialized timer
    - ALSA: hda/ca0132 - Add AE-7 microphone selection commands.
    - ALSA: hda/ca0132 - Add new quirk ID for SoundBlaster AE-7.
    - scsi: smartpqi: Avoid crashing kernel for controller issues
    - brcm80211: fix possible memleak in brcmf_proto_msgbuf_attach
    - usb: core: Solve race condition in anchor cleanup functions
    - scsi: ufs: ufs-qcom: Fix race conditions caused by ufs_qcom_testbus_config()
    - dmaengine: dw: Add DMA-channels mask cell support
    - dmaengine: dw: Activate FIFO-mode for memory peripherals only
    - ath10k: check idx validity in __ath10k_htt_rx_ring_fill_n()
    - net: korina: cast KSEG0 address to pointer in kfree
    - s390/qeth: don't let HW override the configured port role
    - tty: serial: lpuart: fix lpuart32_write usage
    - tty: serial: fsl_lpuart: fix lpuart32_poll_get_char
    - usb: cdc-acm: add quirk to blacklist ETAS ES58X devices
    - USB: cdc-wdm: Make wdm_flush() interruptible and add wdm_fsync().
    - usb: cdns3: gadget: free interrupt after gadget has deleted
    - eeprom: at25: set minimum read/write access stride to 1
    - usb: gadget: f_ncm: allow using NCM in SuperSpeed Plus gadgets.
    - Linux 5.4.73

* Focal update: v5.4.72 upstream stable release (LP: #1902111)
    - perf cs-etm: Move definition of 'traceid_list' global variable from header
      file
    - btrfs: don't pass system_chunk into can_overcommit
    - btrfs: take overcommit into account in inc_block_group_ro
    - ARM: 8939/1: kbuild: use correct nm executable
    - ACPI: Always build evged in
    - Bluetooth: Consolidate encryption handling in hci_encrypt_cfm
    - Bluetooth: Fix update of connection state in `hci_encrypt_cfm`
    - Bluetooth: Disconnect if E0 is used for Level 4
    - media: usbtv: Fix refcounting mixup
    - USB: serial: option: add Cellient MPL200 card
    - USB: serial: option: Add Telit FT980-KS composition
    - staging: comedi: check validity of wMaxPacketSize of usb endpoints found
    - USB: serial: pl2303: add device-id for HP GC device
    - USB: serial: ftdi_sio: add support for FreeCalypso JTAG+UART adapters
    - reiserfs: Initialize inode keys properly
    - reiserfs: Fix oops during mount
    - xen/events: don't use chip_data for legacy IRQs
    - crypto: bcm - Verify GCM/CCM key length in setkey
    - crypto: qat - check cipher length for aead AES-CBC-HMAC-SHA
    - Linux 5.4.72

* Focal update: v5.4.71 upstream stable release (LP: #1902110)
    - fbdev, newport_con: Move FONT_EXTRA_WORDS macros into linux/font.h
    - Fonts: Support FONT_EXTRA_WORDS macros for built-in fonts
    - fbcon: Fix global-out-of-bounds read in fbcon_get_font()
    - Revert "ravb: Fixed to be able to unload modules"
    - io_uring: Fix resource leaking when kill the process
    - io_uring: Fix missing smp_mb() in io_cancel_async_work()
    - io_uring: Fix remove irrelevant req from the task_list
    - io_uring: Fix double list add in io_queue_async_work()
    - net: wireless: nl80211: fix out-of-bounds access in nl80211_del_key()
    - drm/nouveau/mem: guard against NULL pointer access in mem_del
    - vhost: Don't call access_ok() when using IOTLB
    - vhost: Use vhost_get_used_size() in vhost_vring_set_addr()
    - usermodehelper: reset umask to default before executing user process
    - Platform: OLPC: Fix memleak in olpc_ec_probe
    - platform/x86: intel-vbtn: Fix SW_TABLET_MODE always reporting 1 on the HP
      Pavilion 11 x360
    - platform/x86: thinkpad_acpi: initialize tp_nvram_state variable
    - bpf: Fix sysfs export of empty BTF section
    - bpf: Prevent .BTF section elimination
    - platform/x86: intel-vbtn: Switch to an allow-list for SW_TABLET_MODE
      reporting
    - platform/x86: thinkpad_acpi: re-initialize ACPI buffer size when reuse
    - driver core: Fix probe_count imbalance in really_probe()
    - perf test session topology: Fix data path
    - perf top: Fix stdio interface input handling with glibc 2.28+
    - i2c: i801: Exclude device from suspend direct complete optimization
    - arm64: dts: stratix10: add status to qspi dts node
    - Btrfs: send, allow clone operations within the same file
    - Btrfs: send, fix emission of invalid clone operations within the same file
    - btrfs: volumes: Use more straightforward way to calculate map length
    - btrfs: Ensure we trim ranges across block group boundary
    - btrfs: fix RWF_NOWAIT write not failling when we need to cow
    - btrfs: allow btrfs_truncate_block() to fallback to nocow for data space
      reservation
    - nvme-core: put ctrl ref when module ref get fail
    - macsec: avoid use-after-free in macsec_handle_frame()
    - mm/khugepaged: fix filemap page_to_pgoff(page) != offset
    - net: introduce helper sendpage_ok() in include/linux/net.h
    - tcp: use sendpage_ok() to detect misused .sendpage
    - nvme-tcp: check page by sendpage_ok() before calling kernel_sendpage()
    - xfrmi: drop ignore_df check before updating pmtu
    - cifs: Fix incomplete memory allocation on setxattr path
    - i2c: meson: fix clock setting overwrite
    - i2c: meson: fixup rate calculation with filter delay
    - i2c: owl: Clear NACK and BUS error bits
    - sctp: fix sctp_auth_init_hmacs() error path
    - team: set dev->needed_headroom in team_setup_by_port()
    - net: team: fix memory leak in __team_options_register
    - openvswitch: handle DNAT tuple collision
    - drm/amdgpu: prevent double kfree ttm->sg
    - iommu/vt-d: Fix lockdep splat in iommu_flush_dev_iotlb()
    - xfrm: clone XFRMA_SET_MARK in xfrm_do_migrate
    - xfrm: clone XFRMA_REPLAY_ESN_VAL in xfrm_do_migrate
    - xfrm: clone XFRMA_SEC_CTX in xfrm_do_migrate
    - xfrm: clone whole liftime_cur structure in xfrm_do_migrate
    - net: stmmac: removed enabling eee in EEE set callback
    - platform/x86: fix kconfig dependency warning for FUJITSU_LAPTOP
    - xfrm: Use correct address family in xfrm_state_find
    - iavf: use generic power management
    - iavf: Fix incorrect adapter get in iavf_resume
    - net: ethernet: cavium: octeon_mgmt: use phy_start and phy_stop
    - bonding: set dev->needed_headroom in bond_setup_by_slave()
    - mdio: fix mdio-thunder.c dependency & build error
    - mlxsw: spectrum_acl: Fix mlxsw_sp_acl_tcam_group_add()'s error path
    - r8169: fix RTL8168f/RTL8411 EPHY config
    - net: usb: ax88179_178a: fix missing stop entry in driver_info
    - virtio-net: don't disable guest csum when disable LRO
    - net/mlx5: Avoid possible free of command entry while timeout comp handler
    - net/mlx5: Fix request_irqs error flow
    - net/mlx5e: Add resiliency in Striding RQ mode for packets larger than MTU
    - net/mlx5e: Fix VLAN cleanup flow
    - net/mlx5e: Fix VLAN create flow
    - rxrpc: Fix rxkad token xdr encoding
    - rxrpc: Downgrade the BUG() for unsupported token type in rxrpc_read()
    - rxrpc: Fix some missing _bh annotations on locking conn->state_lock
    - rxrpc: The server keyring isn't network-namespaced
    - rxrpc: Fix server keyring leak
    - perf: Fix task_function_call() error handling
    - mmc: core: don't set limits.discard_granularity as 0
    - mm: khugepaged: recalculate min_free_kbytes after memory hotplug as expected
      by khugepaged
    - tcp: fix receive window update in tcp_add_backlog()
    - net/core: check length before updating Ethertype in skb_mpls_{push,pop}
    - net/tls: race causes kernel panic
    - net/mlx5e: Fix driver's declaration to support GRE offload
    - Input: ati_remote2 - add missing newlines when printing module parameters
    - net: usb: rtl8150: set random MAC address when set_ethernet_addr() fails
    - net_sched: defer tcf_idr_insert() in tcf_action_init_1()
    - net_sched: commit action insertions together
    - Linux 5.4.71

* kci_test_encap_fou() in rtnetlink.sh from kselftests/net failed with "FAIL:
    can't add fou port 7777, skipping test" (LP: #1891421)
    - selftests: rtnetlink: load fou module for kci_test_encap_fou() test

* alsa/hda/realtek - The front Mic on a HP machine doesn't work (LP: #1899508)
    - ALSA: hda/realtek - The front Mic on a HP machine doesn't work

* Enable brightness control on HP DreamColor panel (LP: #1898865)
    - drm/i915/dpcd_bl: Unbreak enable_dpcd_backlight modparam
    - SAUCE: drm/i915/dpcd_bl: Skip testing control capability with force DPCD
      quirk
    - SAUCE: drm/dp: HP DreamColor panel brigntness fix

* Fix non-working Intel NVMe after S3 (LP: #1900847)
    - SAUCE: PCI: Enable ACS quirk on all CML root ports

* bcache: Issues with large IO wait in bch_mca_scan() when shrinker is enabled
    (LP: #1898786)
    - bcache: remove member accessed from struct btree
    - bcache: reap c->btree_cache_freeable from the tail in bch_mca_scan()
    - bcache: reap from tail of c->btree_cache in bch_mca_scan()

* Improve descriptions for XFAIL cases in kselftests/net/psock_snd
    (LP: #1900088)
    - selftests/net: improve descriptions for XFAIL cases in psock_snd.sh

* ceph: fix inode number handling on arches with 32-bit ino_t (LP: #1899582)
    - ceph: fix inode number handling on arches with 32-bit ino_t

* Fix system reboot when disconnecting WiFi (LP: #1899726)
    - iwlwifi: msix: limit max RX queues for 9000 family

* Fix broken MSI interrupt after HDA controller was suspended (LP: #1899586)
    - ALSA: hda: fix jack detection with Realtek codecs when in D3

* Focal update: v5.4.70 upstream stable release (LP: #1900632)
    - btrfs: fix filesystem corruption after a device replace
    - mmc: sdhci: Workaround broken command queuing on Intel GLK based IRBIS
      models
    - USB: gadget: f_ncm: Fix NDP16 datagram validation
    - gpio: siox: explicitly support only threaded irqs
    - gpio: mockup: fix resource leak in error path
    - gpio: tc35894: fix up tc35894 interrupt configuration
    - clk: socfpga: stratix10: fix the divider for the emac_ptp_free_clk
    - vsock/virtio: add transport parameter to the
      virtio_transport_reset_no_sock()
    - net: virtio_vsock: Enhance connection semantics
    - xfs: trim IO to found COW extent limit
    - Input: i8042 - add nopnp quirk for Acer Aspire 5 A515
    - iio: adc: qcom-spmi-adc5: fix driver name
    - ftrace: Move RCU is watching check after recursion check
    - memstick: Skip allocating card when removing host
    - drm/amdgpu: restore proper ref count in amdgpu_display_crtc_set_config
    - clocksource/drivers/timer-gx6605s: Fixup counter reload
    - libbpf: Remove arch-specific include path in Makefile
    - drivers/net/wan/hdlc_fr: Add needed_headroom for PVC devices
    - drm/sun4i: mixer: Extend regmap max_register
    - net: dec: de2104x: Increase receive ring size for Tulip
    - rndis_host: increase sleep time in the query-response loop
    - nvme-core: get/put ctrl and transport module in nvme_dev_open/release()
    - fuse: fix the ->direct_IO() treatment of iov_iter
    - drivers/net/wan/lapbether: Make skb->protocol consistent with the header
    - drivers/net/wan/hdlc: Set skb->protocol before transmitting
    - mac80211: Fix radiotap header channel flag for 6GHz band
    - mac80211: do not allow bigger VHT MPDUs than the hardware supports
    - tracing: Make the space reserved for the pid wider
    - tools/io_uring: fix compile breakage
    - spi: fsl-espi: Only process interrupts for expected events
    - nvme-pci: fix NULL req in completion handler
    - nvme-fc: fail new connections to a deleted host or remote port
    - gpio: sprd: Clear interrupt when setting the type as edge
    - phy: ti: am654: Fix a leak in serdes_am654_probe()
    - pinctrl: mvebu: Fix i2c sda definition for 98DX3236
    - nfs: Fix security label length not being reset
    - clk: tegra: Always program PLL_E when enabled
    - clk: samsung: exynos4: mark 'chipid' clock as CLK_IGNORE_UNUSED
    - iommu/exynos: add missing put_device() call in exynos_iommu_of_xlate()
    - gpio/aspeed-sgpio: enable access to all 80 input & output sgpios
    - gpio/aspeed-sgpio: don't enable all interrupts by default
    - gpio: aspeed: fix ast2600 bank properties
    - i2c: cpm: Fix i2c_ram structure
    - Input: trackpoint - enable Synaptics trackpoints
    - scripts/dtc: only append to HOST_EXTRACFLAGS instead of overwriting
    - random32: Restore __latent_entropy attribute on net_rand_state
    - block/diskstats: more accurate approximation of io_ticks for slow disks
    - mm: replace memmap_context by meminit_context
    - mm: don't rely on system state to detect hot-plug operations
    - nvme: Cleanup and rename nvme_block_nr()
    - nvme: Introduce nvme_lba_to_sect()
    - nvme: consolidate chunk_sectors settings
    - epoll: do not insert into poll queues until all sanity checks are done
    - epoll: replace ->visited/visited_list with generation count
    - epoll: EPOLL_CTL_ADD: close the race in decision to take fast path
    - ep_create_wakeup_source(): dentry name can change under you...
    - netfilter: ctnetlink: add a range check for l3/l4 protonum
    - Linux 5.4.70

* Focal update: v5.4.69 upstream stable release (LP: #1900624)
    - kernel/sysctl-test: Add null pointer test for sysctl.c:proc_dointvec()
    - selinux: allow labeling before policy is loaded
    - media: mc-device.c: fix memleak in media_device_register_entity
    - drm/amd/display: Do not double-buffer DTO adjustments
    - drm/amdkfd: Fix race in gfx10 context restore handler
    - dma-fence: Serialise signal enabling (dma_fence_enable_sw_signaling)
    - scsi: qla2xxx: Add error handling for PLOGI ELS passthrough
    - ath10k: fix array out-of-bounds access
    - ath10k: fix memory leak for tpc_stats_final
    - PCI/IOV: Serialize sysfs sriov_numvfs reads vs writes
    - mm: fix double page fault on arm64 if PTE_AF is cleared
    - scsi: aacraid: fix illegal IO beyond last LBA
    - m68k: q40: Fix info-leak in rtc_ioctl
    - xfs: fix inode fork extent count overflow
    - gma/gma500: fix a memory disclosure bug due to uninitialized bytes
    - ASoC: kirkwood: fix IRQ error handling
    - soundwire: intel/cadence: fix startup sequence
    - media: smiapp: Fix error handling at NVM reading
    - drm/amd/display: Free gamma after calculating legacy transfer function
    - xfs: properly serialise fallocate against AIO+DIO
    - leds: mlxreg: Fix possible buffer overflow
    - dm table: do not allow request-based DM to stack on partitions
    - PM / devfreq: tegra30: Fix integer overflow on CPU's freq max out
    - scsi: fnic: fix use after free
    - powerpc/64s: Always disable branch profiling for prom_init.o
    - net: silence data-races on sk_backlog.tail
    - dax: Fix alloc_dax_region() compile warning
    - iomap: Fix overflow in iomap_page_mkwrite
    - f2fs: avoid kernel panic on corruption test
    - clk/ti/adpll: allocate room for terminating null
    - drm/amdgpu/powerplay: fix AVFS handling with custom powerplay table
    - ice: Fix to change Rx/Tx ring descriptor size via ethtool with DCBx
    - mtd: cfi_cmdset_0002: don't free cfi->cfiq in error path of
      cfi_amdstd_setup()
    - mfd: mfd-core: Protect against NULL call-back function pointer
    - drm/amdgpu/powerplay/smu7: fix AVFS handling with custom powerplay table
    - tpm_crb: fix fTPM on AMD Zen+ CPUs
    - tracing: Verify if trace array exists before destroying it.
    - tracing: Adding NULL checks for trace_array descriptor pointer
    - bcache: fix a lost wake-up problem caused by mca_cannibalize_lock
    - dmaengine: mediatek: hsdma_probe: fixed a memory leak when devm_request_irq
      fails
    - x86/kdump: Always reserve the low 1M when the crashkernel option is
      specified
    - RDMA/qedr: Fix potential use after free
    - RDMA/i40iw: Fix potential use after free
    - PCI: Avoid double hpmemsize MMIO window assignment
    - fix dget_parent() fastpath race
    - xfs: fix attr leaf header freemap.size underflow
    - RDMA/iw_cgxb4: Fix an error handling path in 'c4iw_connect()'
    - ubi: Fix producing anchor PEBs
    - mmc: core: Fix size overflow for mmc partitions
    - gfs2: clean up iopen glock mess in gfs2_create_inode
    - scsi: pm80xx: Cleanup command when a reset times out
    - mt76: do not use devm API for led classdev
    - mt76: add missing locking around ampdu action
    - debugfs: Fix !DEBUG_FS debugfs_create_automount
    - SUNRPC: Capture completion of all RPC tasks
    - CIFS: Use common error handling code in smb2_ioctl_query_info()
    - CIFS: Properly process SMB3 lease breaks
    - f2fs: stop GC when the victim becomes fully valid
    - ASoC: max98090: remove msleep in PLL unlocked workaround
    - xtensa: fix system_call interaction with ptrace
    - s390: avoid misusing CALL_ON_STACK for task stack setup
    - xfs: fix realtime file data space leak
    - drm/amdgpu: fix calltrace during kmd unload(v3)
    - arm64: insn: consistently handle exit text
    - selftests/bpf: De-flake test_tcpbpf
    - kernel/notifier.c: intercept duplicate registrations to avoid infinite loops
    - kernel/sys.c: avoid copying possible padding bytes in copy_to_user
    - KVM: arm/arm64: vgic: Fix potential double free dist->spis in
      __kvm_vgic_destroy()
    - module: Remove accidental change of module_enable_x()
    - xfs: fix log reservation overflows when allocating large rt extents
    - ALSA: hda: enable regmap internal locking
    - tipc: fix link overflow issue at socket shutdown
    - vcc_seq_next should increase position index
    - neigh_stat_seq_next() should increase position index
    - rt_cpu_seq_next should increase position index
    - ipv6_route_seq_next should increase position index
    - drm/mcde: Handle pending vblank while disabling display
    - seqlock: Require WRITE_ONCE surrounding raw_seqcount_barrier
    - drm/scheduler: Avoid accessing freed bad job.
    - media: ti-vpe: cal: Restrict DMA to avoid memory corruption
    - opp: Replace list_kref with a local counter
    - scsi: qla2xxx: Fix stuck session in GNL
    - sctp: move trace_sctp_probe_path into sctp_outq_sack
    - ACPI: EC: Reference count query handlers under lock
    - scsi: ufs: Make ufshcd_add_command_trace() easier to read
    - scsi: ufs: Fix a race condition in the tracing code
    - drm/amd/display: Initialize DSC PPS variables to 0
    - i2c: tegra: Prevent interrupt triggering after transfer timeout
    - btrfs: tree-checker: Check leaf chunk item size
    - dmaengine: zynqmp_dma: fix burst length configuration
    - s390/cpum_sf: Use kzalloc and minor changes
    - nfsd: Fix a soft lockup race in nfsd_file_mark_find_or_create()
    - powerpc/eeh: Only dump stack once if an MMIO loop is detected
    - Bluetooth: btrtl: Use kvmalloc for FW allocations
    - tracing: Set kernel_stack's caller size properly
    - ARM: 8948/1: Prevent OOB access in stacktrace
    - ar5523: Add USB ID of SMCWUSBT-G2 wireless adapter
    - ceph: ensure we have a new cap before continuing in fill_inode
    - selftests/ftrace: fix glob selftest
    - tools/power/x86/intel_pstate_tracer: changes for python 3 compatibility
    - Bluetooth: Fix refcount use-after-free issue
    - mm/swapfile.c: swap_next should increase position index
    - mm: pagewalk: fix termination condition in walk_pte_range()
    - Bluetooth: prefetch channel before killing sock
    - ALSA: hda: Clear RIRB status before reading WP
    - skbuff: fix a data race in skb_queue_len()
    - nfsd: Fix a perf warning
    - drm/amd/display: fix workaround for incorrect double buffer register for DLG
      ADL and TTU
    - audit: CONFIG_CHANGE don't log internal bookkeeping as an event
    - selinux: sel_avc_get_stat_idx should increase position index
    - drm/omap: fix possible object reference leak
    - locking/lockdep: Decrement IRQ context counters when removing lock chain
    - clk: stratix10: use do_div() for 64-bit calculation
    - crypto: chelsio - This fixes the kernel panic which occurs during a libkcapi
      test
    - mt76: clear skb pointers from rx aggregation reorder buffer during cleanup
    - mt76: fix handling full tx queues in mt76_dma_tx_queue_skb_raw
    - ALSA: usb-audio: Don't create a mixer element with bogus volume range
    - perf test: Fix test trace+probe_vfs_getname.sh on s390
    - RDMA/rxe: Fix configuration of atomic queue pair attributes
    - KVM: x86: fix incorrect comparison in trace event
    - KVM: nVMX: Hold KVM's srcu lock when syncing vmcs12->shadow
    - dmaengine: stm32-mdma: use vchan_terminate_vdesc() in .terminate_all
    - media: staging/imx: Missing assignment in
      imx_media_capture_device_register()
    - x86/pkeys: Add check for pkey "overflow"
    - bpf: Remove recursion prevention from rcu free callback
    - dmaengine: stm32-dma: use vchan_terminate_vdesc() in .terminate_all
    - dmaengine: tegra-apb: Prevent race conditions on channel's freeing
    - soundwire: bus: disable pm_runtime in sdw_slave_delete
    - drm/amd/display: dal_ddc_i2c_payloads_create can fail causing panic
    - drm/omap: dss: Cleanup DSS ports on initialisation failure
    - iavf: use tc_cls_can_offload_and_chain0() instead of chain check
    - firmware: arm_sdei: Use cpus_read_lock() to avoid races with cpuhp
    - random: fix data races at timer_rand_state
    - bus: hisi_lpc: Fixup IO ports addresses to avoid use-after-free in host
      removal
    - ASoC: SOF: ipc: check ipc return value before data copy
    - media: go7007: Fix URB type for interrupt handling
    - Bluetooth: guard against controllers sending zero'd events
    - timekeeping: Prevent 32bit truncation in scale64_check_overflow()
    - powerpc/book3s64: Fix error handling in mm_iommu_do_alloc()
    - drm/amd/display: fix image corruption with ODM 2:1 DSC 2 slice
    - ext4: fix a data race at inode->i_disksize
    - perf jevents: Fix leak of mapfile memory
    - mm: avoid data corruption on CoW fault into PFN-mapped VMA
    - drm/amdgpu: increase atombios cmd timeout
    - ARM: OMAP2+: Handle errors for cpu_pm
    - clk: imx: Fix division by zero warning on pfdv2
    - cpu-topology: Fix the potential data corruption
    - s390/irq: replace setup_irq() by request_irq()
    - perf cs-etm: Swap packets for instruction samples
    - perf cs-etm: Correct synthesizing instruction samples
    - ath10k: use kzalloc to read for ath10k_sdio_hif_diag_read
    - scsi: aacraid: Disabling TM path and only processing IOP reset
    - Bluetooth: L2CAP: handle l2cap config request during open state
    - media: tda10071: fix unsigned sign extension overflow
    - tty: sifive: Finish transmission before changing the clock
    - xfs: don't ever return a stale pointer from __xfs_dir3_free_read
    - xfs: mark dir corrupt when lookup-by-hash fails
    - ext4: mark block bitmap corrupted when found instead of BUGON
    - tpm: ibmvtpm: Wait for buffer to be set before proceeding
    - rtc: sa1100: fix possible race condition
    - rtc: ds1374: fix possible race condition
    - nfsd: Don't add locks to closed or closing open stateids
    - RDMA/cm: Remove a race freeing timewait_info
    - intel_th: Disallow multi mode on devices where it's broken
    - KVM: PPC: Book3S HV: Treat TM-related invalid form instructions on P9 like
      the valid ones
    - drm/msm: fix leaks if initialization fails
    - drm/msm/a5xx: Always set an OPP supported hardware value
    - tracing: Use address-of operator on section symbols
    - thermal: rcar_thermal: Handle probe error gracefully
    - KVM: LAPIC: Mark hrtimer for period or oneshot mode to expire in hard
      interrupt context
    - perf parse-events: Fix 3 use after frees found with clang ASAN
    - btrfs: do not init a reloc root if we aren't relocating
    - btrfs: free the reloc_control in a consistent way
    - r8169: improve RTL8168b FIFO overflow workaround
    - serial: 8250_port: Don't service RX FIFO if throttled
    - serial: 8250_omap: Fix sleeping function called from invalid context during
      probe
    - serial: 8250: 8250_omap: Terminate DMA before pushing data on RX timeout
    - perf cpumap: Fix snprintf overflow check
    - net: axienet: Convert DMA error handler to a work queue
    - net: axienet: Propagate failure of DMA descriptor setup
    - cpufreq: powernv: Fix frame-size-overflow in powernv_cpufreq_work_fn
    - tools: gpio-hammer: Avoid potential overflow in main
    - exec: Add exec_update_mutex to replace cred_guard_mutex
    - exec: Fix a deadlock in strace
    - selftests/ptrace: add test cases for dead-locks
    - kernel/kcmp.c: Use new infrastructure to fix deadlocks in execve
    - proc: Use new infrastructure to fix deadlocks in execve
    - proc: io_accounting: Use new infrastructure to fix deadlocks in execve
    - perf: Use new infrastructure to fix deadlocks in execve
    - nvme-multipath: do not reset on unknown status
    - nvme: Fix ctrl use-after-free during sysfs deletion
    - nvme: Fix controller creation races with teardown flow
    - brcmfmac: Fix double freeing in the fmac usb data path
    - xfs: prohibit fs freezing when using empty transactions
    - RDMA/rxe: Set sys_image_guid to be aligned with HW IB devices
    - IB/iser: Always check sig MR before putting it to the free pool
    - scsi: hpsa: correct race condition in offload enabled
    - SUNRPC: Fix a potential buffer overflow in 'svc_print_xprts()'
    - svcrdma: Fix leak of transport addresses
    - netfilter: nf_tables: silence a RCU-list warning in nft_table_lookup()
    - PCI: Use ioremap(), not phys_to_virt() for platform ROM
    - ubifs: ubifs_jnl_write_inode: Fix a memory leak bug
    - ubifs: ubifs_add_orphan: Fix a memory leak bug
    - ubifs: Fix out-of-bounds memory access caused by abnormal value of node_len
    - ALSA: usb-audio: Fix case when USB MIDI interface has more than one extra
      endpoint descriptor
    - PCI: pciehp: Fix MSI interrupt race
    - NFS: Fix races nfs_page_group_destroy() vs
      nfs_destroy_unlinked_subrequests()
    - drm/amdgpu/vcn2.0: stall DPG when WPTR/RPTR reset
    - powerpc/perf: Implement a global lock to avoid races between trace, core and
      thread imc events.
    - mm/kmemleak.c: use address-of operator on section symbols
    - mm/filemap.c: clear page error before actual read
    - mm/swapfile: fix data races in try_to_unuse()
    - mm/vmscan.c: fix data races using kswapd_classzone_idx
    - SUNRPC: Don't start a timer on an already queued rpc task
    - nvmet-rdma: fix double free of rdma queue
    - workqueue: Remove the warning in wq_worker_sleeping()
    - drm/amdgpu/sriov add amdgpu_amdkfd_pre_reset in gpu reset
    - mm/mmap.c: initialize align_offset explicitly for vm_unmapped_area
    - ALSA: hda: Skip controller resume if not needed
    - scsi: qedi: Fix termination timeouts in session logout
    - serial: uartps: Wait for tx_empty in console setup
    - btrfs: fix setting last_trans for reloc roots
    - KVM: Remove CREATE_IRQCHIP/SET_PIT2 race
    - perf stat: Force error in fallback on :k events
    - bdev: Reduce time holding bd_mutex in sync in blkdev_close()
    - drivers: char: tlclk.c: Avoid data race between init and interrupt handler
    - KVM: arm64: vgic-v3: Retire all pending LPIs on vcpu destroy
    - KVM: arm64: vgic-its: Fix memory leak on the error path of vgic_add_lpi()
    - net: openvswitch: use u64 for meter bucket
    - scsi: aacraid: Fix error handling paths in aac_probe_one()
    - staging:r8188eu: avoid skb_clone for amsdu to msdu conversion
    - sparc64: vcc: Fix error return code in vcc_probe()
    - arm64: cpufeature: Relax checks for AArch32 support at EL[0-2]
    - sched/fair: Eliminate bandwidth race between throttling and distribution
    - dpaa2-eth: fix error return code in setup_dpni()
    - dt-bindings: sound: wm8994: Correct required supplies based on actual
      implementaion
    - devlink: Fix reporter's recovery condition
    - atm: fix a memory leak of vcc->user_back
    - media: venus: vdec: Init registered list unconditionally
    - perf mem2node: Avoid double free related to realloc
    - mm/slub: fix incorrect interpretation of s->offset
    - i2c: tegra: Restore pinmux on system resume
    - power: supply: max17040: Correct voltage reading
    - phy: samsung: s5pv210-usb2: Add delay after reset
    - Bluetooth: Handle Inquiry Cancel error after Inquiry Complete
    - USB: EHCI: ehci-mv: fix error handling in mv_ehci_probe()
    - KVM: x86: handle wrap around 32-bit address space
    - tipc: fix memory leak in service subscripting
    - tty: serial: samsung: Correct clock selection logic
    - ALSA: hda: Fix potential race in unsol event handler
    - drm/exynos: dsi: Remove bridge node reference in error handling path in
      probe function
    - ipmi:bt-bmc: Fix error handling and status check
    - powerpc/traps: Make unrecoverable NMIs die instead of panic
    - svcrdma: Fix backchannel return code
    - fuse: don't check refcount after stealing page
    - fuse: update attr_version counter on fuse_notify_inval_inode()
    - USB: EHCI: ehci-mv: fix less than zero comparison of an unsigned int
    - coresight: etm4x: Fix use-after-free of per-cpu etm drvdata
    - arm64: acpi: Make apei_claim_sea() synchronise with APEI's irq work
    - scsi: cxlflash: Fix error return code in cxlflash_probe()
    - arm64/cpufeature: Drop TraceFilt feature exposure from ID_DFR0 register
    - drm/amdkfd: fix restore worker race condition
    - e1000: Do not perform reset in reset_task if we are already down
    - drm/nouveau/debugfs: fix runtime pm imbalance on error
    - drm/nouveau: fix runtime pm imbalance on error
    - drm/nouveau/dispnv50: fix runtime pm imbalance on error
    - printk: handle blank console arguments passed in.
    - usb: dwc3: Increase timeout for CmdAct cleared by device controller
    - btrfs: don't force read-only after error in drop snapshot
    - btrfs: fix double __endio_write_update_ordered in direct I/O
    - gpio: rcar: Fix runtime PM imbalance on error
    - vfio/pci: fix memory leaks of eventfd ctx
    - KVM: PPC: Book3S HV: Close race with page faults around memslot flushes
    - perf evsel: Fix 2 memory leaks
    - perf trace: Fix the selection for architectures to generate the errno name
      tables
    - perf stat: Fix duration_time value for higher intervals
    - perf util: Fix memory leak of prefix_if_not_in
    - perf metricgroup: Free metric_events on error
    - perf kcore_copy: Fix module map when there are no modules loaded
    - PCI: tegra194: Fix runtime PM imbalance on error
    - ASoC: img-i2s-out: Fix runtime PM imbalance on error
    - wlcore: fix runtime pm imbalance in wl1271_tx_work
    - wlcore: fix runtime pm imbalance in wlcore_regdomain_config
    - mtd: rawnand: gpmi: Fix runtime PM imbalance on error
    - mtd: rawnand: omap_elm: Fix runtime PM imbalance on error
    - PCI: tegra: Fix runtime PM imbalance on error
    - ceph: fix potential race in ceph_check_caps
    - mm/swap_state: fix a data race in swapin_nr_pages
    - mm: memcontrol: fix stat-corrupting race in charge moving
    - rapidio: avoid data race between file operation callbacks and
      mport_cdev_add().
    - mtd: parser: cmdline: Support MTD names containing one or more colons
    - x86/speculation/mds: Mark mds_user_clear_cpu_buffers() __always_inline
    - NFS: nfs_xdr_status should record the procedure name
    - vfio/pci: Clear error and request eventfd ctx after releasing
    - cifs: Fix double add page to memcg when cifs_readpages
    - nvme: fix possible deadlock when I/O is blocked
    - mac80211: skip mpath lookup also for control port tx
    - scsi: libfc: Handling of extra kref
    - scsi: libfc: Skip additional kref updating work event
    - selftests/x86/syscall_nt: Clear weird flags after each test
    - vfio/pci: fix racy on error and request eventfd ctx
    - btrfs: qgroup: fix data leak caused by race between writeback and truncate
    - perf tests: Fix test 68 zstd compression for s390
    - scsi: qla2xxx: Retry PLOGI on FC-NVMe PRLI failure
    - ubi: fastmap: Free unused fastmap anchor peb during detach
    - mt76: fix LED link time failure
    - opp: Increase parsed_static_opps in _of_add_opp_table_v1()
    - perf parse-events: Use strcmp() to compare the PMU name
    - ALSA: hda: Always use jackpoll helper for jack update after resume
    - ALSA: hda: Workaround for spurious wakeups on some Intel platforms
    - net: openvswitch: use div_u64() for 64-by-32 divisions
    - nvme: explicitly update mpath disk capacity on revalidation
    - device_cgroup: Fix RCU list debugging warning
    - ASoC: pcm3168a: ignore 0 Hz settings
    - ASoC: wm8994: Skip setting of the WM8994_MICBIAS register for WM1811
    - ASoC: wm8994: Ensure the device is resumed in wm89xx_mic_detect functions
    - ASoC: Intel: bytcr_rt5640: Add quirk for MPMAN Converter9 2-in-1
    - RISC-V: Take text_mutex in ftrace_init_nop()
    - i2c: aspeed: Mask IRQ status to relevant bits
    - s390/init: add missing __init annotations
    - lockdep: fix order in trace_hardirqs_off_caller()
    - EDAC/ghes: Check whether the driver is on the safe list correctly
    - drm/amdkfd: fix a memory leak issue
    - drm/amd/display: update nv1x stutter latencies
    - drm/amdgpu/dc: Require primary plane to be enabled whenever the CRTC is
    - objtool: Fix noreturn detection for ignored functions
    - ieee802154: fix one possible memleak in ca8210_dev_com_init
    - ieee802154/adf7242: check status of adf7242_read_reg
    - clocksource/drivers/h8300_timer8: Fix wrong return value in
      h8300_8timer_init()
    - batman-adv: bla: fix type misuse for backbone_gw hash indexing
    - atm: eni: fix the missed pci_disable_device() for eni_init_one()
    - batman-adv: mcast/TT: fix wrongly dropped or rerouted packets
    - netfilter: conntrack: nf_conncount_init is failing with IPv6 disabled
    - mac802154: tx: fix use-after-free
    - bpf: Fix clobbering of r2 in bpf_gen_ld_abs
    - drm/vc4/vc4_hdmi: fill ASoC card owner
    - net: qed: Disable aRFS for NPAR and 100G
    - net: qede: Disable aRFS for NPAR and 100G
    - net: qed: RDMA personality shouldn't fail VF load
    - drm/sun4i: sun8i-csc: Secondary CSC register correction
    - batman-adv: Add missing include for in_interrupt()
    - nvme-tcp: fix kconfig dependency warning when !CRYPTO
    - batman-adv: mcast: fix duplicate mcast packets in BLA backbone from LAN
    - batman-adv: mcast: fix duplicate mcast packets in BLA backbone from mesh
    - batman-adv: mcast: fix duplicate mcast packets from BLA backbone to mesh
    - bpf: Fix a rcu warning for bpffs map pretty-print
    - lib80211: fix unmet direct dependendices config warning when !CRYPTO
    - ALSA: asihpi: fix iounmap in error handler
    - regmap: fix page selection for noinc reads
    - regmap: fix page selection for noinc writes
    - MIPS: Add the missing 'CPU_1074K' into __get_cpu_type()
    - regulator: axp20x: fix LDO2/4 description
    - KVM: x86: Reset MMU context if guest toggles CR4.SMAP or CR4.PKE
    - KVM: SVM: Add a dedicated INVD intercept routine
    - mm: validate pmd after splitting
    - arch/x86/lib/usercopy_64.c: fix __copy_user_flushcache() cache writeback
    - x86/ioapic: Unbreak check_timer()
    - scsi: lpfc: Fix initial FLOGI failure due to BBSCN not supported
    - ALSA: usb-audio: Add delay quirk for H570e USB headsets
    - ALSA: hda/realtek - Couldn't detect Mic if booting with headset plugged
    - ALSA: hda/realtek: Enable front panel headset LED on Lenovo ThinkStation
      P520
    - lib/string.c: implement stpcpy
    - tracing: fix double free
    - s390/dasd: Fix zero write for FBA devices
    - kprobes: Fix to check probe enabled before disarm_kprobe_ftrace()
    - kprobes: tracing/kprobes: Fix to kill kprobes on initmem after boot
    - btrfs: fix overflow when copying corrupt csums for a message
    - dmabuf: fix NULL pointer dereference in dma_buf_release()
    - mm, THP, swap: fix allocating cluster for swapfile by mistake
    - mm/gup: fix gup_fast with dynamic page table folding
    - s390/zcrypt: Fix ZCRYPT_PERDEV_REQCNT ioctl
    - KVM: arm64: Assume write fault on S1PTW permission fault on instruction
      fetch
    - dm: fix bio splitting and its bio completion order for regular IO
    - ata: define AC_ERR_OK
    - ata: make qc_prep return ata_completion_errors
    - ata: sata_mv, avoid trigerrable BUG_ON
    - Linux 5.4.69

* Focal update: v5.4.68 upstream stable release (LP: #1899511)
    - af_key: pfkey_dump needs parameter validation
    - ibmvnic fix NULL tx_pools and rx_tools issue at do_reset
    - ibmvnic: add missing parenthesis in do_reset()
    - kprobes: fix kill kprobe which has been marked as gone
    - mm/thp: fix __split_huge_pmd_locked() for migration PMD
    - act_ife: load meta modules before tcf_idr_check_alloc()
    - bnxt_en: Avoid sending firmware messages when AER error is detected.
    - bnxt_en: Fix NULL ptr dereference crash in bnxt_fw_reset_task()
    - cxgb4: fix memory leak during module unload
    - cxgb4: Fix offset when clearing filter byte counters
    - geneve: add transport ports in route lookup for geneve
    - hdlc_ppp: add range checks in ppp_cp_parse_cr()
    - ip: fix tos reflection in ack and reset packets
    - ipv4: Initialize flowi4_multipath_hash in data path
    - ipv4: Update exception handling for multipath routes via same device
    - ipv6: avoid lockdep issue in fib6_del()
    - net: bridge: br_vlan_get_pvid_rcu() should dereference the VLAN group under
      RCU
    - net: DCB: Validate DCB_ATTR_DCB_BUFFER argument
    - net: dsa: rtl8366: Properly clear member config
    - net: Fix bridge enslavement failure
    - net: ipv6: fix kconfig dependency warning for IPV6_SEG6_HMAC
    - net/mlx5: Fix FTE cleanup
    - net: sch_generic: aviod concurrent reset and enqueue op for lockless qdisc
    - net: sctp: Fix IPv6 ancestor_size calc in sctp_copy_descendant
    - nfp: use correct define to return NONE fec
    - taprio: Fix allowing too small intervals
    - tipc: Fix memory leak in tipc_group_create_member()
    - tipc: fix shutdown() of connection oriented socket
    - tipc: use skb_unshare() instead in tipc_buf_append()
    - net/mlx5e: Enable adding peer miss rules only if merged eswitch is supported
    - net/mlx5e: TLS, Do not expose FPGA TLS counter if not supported
    - bnxt_en: return proper error codes in bnxt_show_temp
    - bnxt_en: Protect bnxt_set_eee() and bnxt_set_pauseparam() with mutex.
    - net: lantiq: Wake TX queue again
    - net: lantiq: use netif_tx_napi_add() for TX NAPI
    - net: lantiq: Use napi_complete_done()
    - net: lantiq: Disable IRQs only if NAPI gets scheduled
    - net: phy: Avoid NPD upon phy_detach() when driver is unbound
    - net: phy: Do not warn in phy_stop() on PHY_DOWN
    - net: qrtr: check skb_put_padto() return value
    - net: add __must_check to skb_put_padto()
    - mm: memcg: fix memcg reclaim soft lockup
    - iommu/amd: Use cmpxchg_double() when updating 128-bit IRTE
    - Linux 5.4.68

* *-tools-common packages descriptions have typo "PGKVER" (LP: #1898903)
    - [Packaging] Fix typo in -tools template s/PGKVER/PKGVER/

* tc/ebpf: unable to use BPF_FUNC_skb_change_head (LP: #1896504)
    - net: bpf: Allow TC programs to call BPF_FUNC_skb_change_head

* HP Zbook Studio G7 boots into corrupted screen with PSR featured panel
    (LP: #1897501)
    - SAUCE: drm/i915/psr: allow overriding PSR disable param by quirk
    - SAUCE: drm/dp: add DP_QUIRK_FORCE_PSR_CHIP_DEFAULT quirk to CMN prod-ID
      19-15

* Fix broken e1000e device after S3 (LP: #1897755)
    - SAUCE: e1000e: Increase polling timeout on MDIC ready bit

* debian/rules editconfigs does not work on s390x to change s390x only configs
    (LP: #1863116)
    - [Packaging] kernelconfig -- only update/edit configurations on architectures
      we have compiler support

* acpi event detection crashes (LP: #1896482)
    - ACPI: EC: tweak naming in preparation for GpioInt support
    - ACPI: EC: add support for hardware-reduced systems
    - ACPI: EC: Avoid passing redundant argument to functions
    - ACPI: EC: Consolidate event handler installation code

* mwifiex stops working after kernel upgrade (LP: #1897299)
    - mwifiex: Increase AES key storage size to 256 bits

* Remove NVMe suspend-to-idle workaround (LP: #1897227)
    - Revert "UBUTU: SAUCE: pci: prevent Intel NVMe SSDPEKKF from entering D3"
    - Revert "UBUNTU: SAUCE: pci: prevent sk hynix nvme from entering D3"

* Request for CIFS patches to be available in 5.4 kernel (LP: #1896642)
    - smb3: remove unused flag passed into close functions
    - smb3: query attributes on file close

* Lenovo ThinkBook 14-IML Touchpad not showing up in /proc/bus/input/devices
    (LP: #1853277)
    - i2c: core: Call i2c_acpi_install_space_handler() before
      i2c_acpi_register_devices()

* [Ubuntu 20.10] zPCI DMA tables and bitmap leak on hard unplug (PCI Event
    0x0304) (LP: #1896216)
    - s390/pci: fix leak of DMA tables on hard unplug

* Thunderbolt3 daisy chain sometimes doesn't work (LP: #1895606)
    - thunderbolt: Retry DROM read once if parsing fails

* btrfs: trimming a btrfs device which has been shrunk previously fails and
    fills root disk with garbage data (LP: #1896154)
    - btrfs: trim: fix underflow in trim length to prevent access beyond device
      boundary

* EFA: add support for 0xefa1 devices (LP: #1896791)
    - RDMA/efa: Expose maximum TX doorbell batch
    - RDMA/efa: Expose minimum SQ size
    - RDMA/efa: User/kernel compatibility handshake mechanism
    - RDMA/efa: Add EFA 0xefa1 PCI ID

* Focal update: v5.4.67 upstream stable release (LP: #1896828)
    - gfs2: initialize transaction tr_ailX_lists earlier
    - RDMA/bnxt_re: Restrict the max_gids to 256
    - dsa: Allow forwarding of redirected IGMP traffic
    - net: handle the return value of pskb_carve_frag_list() correctly
    - hv_netvsc: Remove "unlikely" from netvsc_select_queue
    - firmware_loader: fix memory leak for paged buffer
    - NFSv4.1 handle ERR_DELAY error reclaiming locking state on delegation recall
    - scsi: pm8001: Fix memleak in pm8001_exec_internal_task_abort
    - scsi: libfc: Fix for double free()
    - scsi: lpfc: Fix FLOGI/PLOGI receive race condition in pt2pt discovery
    - regulator: pwm: Fix machine constraints application
    - spi: spi-loopback-test: Fix out-of-bounds read
    - NFS: Zero-stateid SETATTR should first return delegation
    - SUNRPC: stop printk reading past end of string
    - rapidio: Replace 'select' DMAENGINES 'with depends on'
    - cifs: fix DFS mount with cifsacl/modefromsid
    - openrisc: Fix cache API compile issue when not inlining
    - nvme-fc: cancel async events before freeing event struct
    - nvme-rdma: cancel async events before freeing event struct
    - nvme-tcp: cancel async events before freeing event struct
    - block: only call sched requeue_request() for scheduled requests
    - f2fs: fix indefinite loop scanning for free nid
    - f2fs: Return EOF on unaligned end of file DIO read
    - i2c: algo: pca: Reapply i2c bus settings after reset
    - spi: Fix memory leak on splited transfers
    - KVM: MIPS: Change the definition of kvm type
    - clk: davinci: Use the correct size when allocating memory
    - clk: rockchip: Fix initialization of mux_pll_src_4plls_p
    - ASoC: qcom: Set card->owner to avoid warnings
    - ASoC: qcom: common: Fix refcount imbalance on error
    - powerpc/book3s64/radix: Fix boot failure with large amount of guest memory
    - ASoC: meson: axg-toddr: fix channel order on g12 platforms
    - Drivers: hv: vmbus: hibernation: do not hang forever in vmbus_bus_resume()
    - scsi: libsas: Fix error path in sas_notify_lldd_dev_found()
    - arm64: Allow CPUs unffected by ARM erratum 1418040 to come in late
    - Drivers: hv: vmbus: Add timeout to vmbus_wait_for_unload
    - perf test: Fix the "signal" test inline assembly
    - MIPS: SNI: Fix MIPS_L1_CACHE_SHIFT
    - perf evlist: Fix cpu/thread map leak
    - perf parse-event: Fix memory leak in evsel->unit
    - perf test: Free formats for perf pmu parse test
    - fbcon: Fix user font detection test at fbcon_resize().
    - MIPS: SNI: Fix spurious interrupts
    - drm/mediatek: Add exception handing in mtk_drm_probe() if component init
      fail
    - drm/mediatek: Add missing put_device() call in mtk_hdmi_dt_parse_pdata()
    - arm64: bpf: Fix branch offset in JIT
    - iommu/amd: Fix potential @entry null deref
    - i2c: mxs: use MXS_DMA_CTRL_WAIT4END instead of DMA_CTRL_ACK
    - riscv: Add sfence.vma after early page table changes
    - drm/i915: Filter wake_flags passed to default_wake_function
    - USB: quirks: Add USB_QUIRK_IGNORE_REMOTE_WAKEUP quirk for BYD zhaoxin
      notebook
    - USB: UAS: fix disconnect by unplugging a hub
    - usblp: fix race between disconnect() and read()
    - i2c: i801: Fix resume bug
    - Revert "ALSA: hda - Fix silent audio output and corrupted input on MSI
      X570-A PRO"
    - ALSA: hda: fixup headset for ASUS GX502 laptop
    - ALSA: hda/realtek - The Mic on a RedmiBook doesn't work
    - percpu: fix first chunk size calculation for populated bitmap
    - Input: trackpoint - add new trackpoint variant IDs
    - Input: i8042 - add Entroware Proteus EL07R4 to nomux and reset lists
    - serial: 8250_pci: Add Realtek 816a and 816b
    - x86/boot/compressed: Disable relocation relaxation
    - s390/zcrypt: fix kmalloc 256k failure
    - ehci-hcd: Move include to keep CRC stable
    - powerpc/dma: Fix dma_map_ops::get_required_mask
    - selftests/vm: fix display of page size in map_hugetlb
    - dm/dax: Fix table reference counts
    - mm/memory_hotplug: drain per-cpu pages again during memory offline
    - dm: Call proper helper to determine dax support
    - dax: Fix compilation for CONFIG_DAX && !CONFIG_FS_DAX
    - Linux 5.4.67

* Focal update: v5.4.67 upstream stable release (LP: #1896828) // Cherry Pick
    needed for Critical upstream patch for Kernel null pointer dereference -
    usb-c altmode (LP: #1897963)
    - usb: typec: ucsi: Prevent mode overrun

* Focal update: v5.4.66 upstream stable release (LP: #1896824)
    - ARM: dts: logicpd-torpedo-baseboard: Fix broken audio
    - ARM: dts: logicpd-som-lv-baseboard: Fix broken audio
    - ARM: dts: logicpd-som-lv-baseboard: Fix missing video
    - regulator: push allocation in regulator_ena_gpio_request() out of lock
    - regulator: remove superfluous lock in regulator_resolve_coupling()
    - ARM: dts: socfpga: fix register entry for timer3 on Arria10
    - ARM: dts: ls1021a: fix QuadSPI-memory reg range
    - ARM: dts: imx7ulp: Correct gpio ranges
    - RDMA/rxe: Fix memleak in rxe_mem_init_user
    - RDMA/rxe: Drop pointless checks in rxe_init_ports
    - RDMA/rxe: Fix panic when calling kmem_cache_create()
    - RDMA/bnxt_re: Do not report transparent vlan from QP1
    - drm/sun4i: add missing put_device() call in sun8i_r40_tcon_tv_set_mux()
    - arm64: dts: imx8mq: Fix TMU interrupt property
    - drm/sun4i: Fix dsi dcs long write function
    - iio: adc: mcp3422: fix locking on error path
    - iio: adc: mcp3422: fix locking scope
    - scsi: libsas: Set data_dir as DMA_NONE if libata marks qc as NODATA
    - RDMA/core: Fix reported speed and width
    - scsi: megaraid_sas: Don't call disable_irq from process IRQ poll
    - scsi: mpt3sas: Don't call disable_irq from IRQ poll handler
    - soundwire: fix double free of dangling pointer
    - drm/sun4i: backend: Support alpha property on lowest plane
    - drm/sun4i: backend: Disable alpha on the lowest plane on the A20
    - mmc: sdhci-acpi: Clear amd_sdhci_host on reset
    - mmc: sdhci-msm: Add retries when all tuning phases are found valid
    - spi: stm32: Rate-limit the 'Communication suspended' message
    - nvme-fabrics: allow to queue requests for live queues
    - spi: stm32: fix pm_runtime_get_sync() error checking
    - block: Set same_page to false in __bio_try_merge_page if ret is false
    - IB/isert: Fix unaligned immediate-data handling
    - ARM: dts: bcm: HR2: Fixed QSPI compatible string
    - ARM: dts: NSP: Fixed QSPI compatible string
    - ARM: dts: BCM5301X: Fixed QSPI compatible string
    - arm64: dts: ns2: Fixed QSPI compatible string
    - ARC: HSDK: wireup perf irq
    - dmaengine: acpi: Put the CSRT table after using it
    - netfilter: conntrack: allow sctp hearbeat after connection re-use
    - drivers/net/wan/lapbether: Added needed_tailroom
    - NFC: st95hf: Fix memleak in st95hf_in_send_cmd
    - firestream: Fix memleak in fs_open
    - ALSA: hda: Fix 2 channel swapping for Tegra
    - ALSA: hda/tegra: Program WAKEEN register for Tegra
    - drivers/dma/dma-jz4780: Fix race condition between probe and irq handler
    - net: hns3: Fix for geneve tx checksum bug
    - xfs: fix off-by-one in inode alloc block reservation calculation
    - drivers/net/wan/lapbether: Set network_header before transmitting
    - cfg80211: Adjust 6 GHz frequency to channel conversion
    - xfs: initialize the shortform attr header padding entry
    - irqchip/eznps: Fix build error for !ARC700 builds
    - nvmet-tcp: Fix NULL dereference when a connect data comes in h2cdata pdu
    - nvme-fabrics: don't check state NVME_CTRL_NEW for request acceptance
    - nvme: have nvme_wait_freeze_timeout return if it timed out
    - nvme-tcp: serialize controller teardown sequences
    - nvme-tcp: fix timeout handler
    - nvme-tcp: fix reset hang if controller died in the middle of a reset
    - nvme-rdma: serialize controller teardown sequences
    - nvme-rdma: fix timeout handler
    - nvme-rdma: fix reset hang if controller died in the middle of a reset
    - nvme-pci: cancel nvme device request before disabling
    - HID: quirks: Set INCREMENT_USAGE_ON_DUPLICATE for all Saitek X52 devices
    - HID: microsoft: Add rumble support for the 8bitdo SN30 Pro+ controller
    - drivers/net/wan/hdlc_cisco: Add hard_header_len
    - HID: elan: Fix memleak in elan_input_configured
    - ARC: [plat-hsdk]: Switch ethernet phy-mode to rgmii-id
    - cpufreq: intel_pstate: Refuse to turn off with HWP enabled
    - cpufreq: intel_pstate: Fix intel_pstate_get_hwp_max() for turbo disabled
    - arm64/module: set trampoline section flags regardless of
      CONFIG_DYNAMIC_FTRACE
    - ALSA: hda: hdmi - add Rocketlake support
    - ALSA: hda: fix a runtime pm issue in SOF when integrated GPU is disabled
    - drm/amdgpu: Fix bug in reporting voltage for CIK
    - iommu/amd: Do not use IOMMUv2 functionality when SME is active
    - gcov: Disable gcov build with GCC 10
    - iio: adc: ti-ads1015: fix conversion when CONFIG_PM is not set
    - iio: cros_ec: Set Gyroscope default frequency to 25Hz
    - iio:light:ltr501 Fix timestamp alignment issue.
    - iio:proximity:mb1232: Fix timestamp alignment and prevent data leak.
    - iio:accel:bmc150-accel: Fix timestamp alignment and prevent data leak.
    - iio:adc:ti-adc084s021 Fix alignment and data leak issues.
    - iio:adc:ina2xx Fix timestamp alignment issue.
    - iio:adc:max1118 Fix alignment of timestamp and data leak issues
    - iio:adc:ti-adc081c Fix alignment and data leak issues
    - iio:magnetometer:ak8975 Fix alignment and data leak issues.
    - iio:light:max44000 Fix timestamp alignment and prevent data leak.
    - iio:chemical:ccs811: Fix timestamp alignment and prevent data leak.
    - iio: accel: kxsd9: Fix alignment of local buffer.
    - iio:accel:mma7455: Fix timestamp alignment and prevent data leak.
    - iio:accel:mma8452: Fix timestamp alignment and prevent data leak.
    - staging: wlan-ng: fix out of bounds read in prism2sta_probe_usb()
    - btrfs: require only sector size alignment for parent eb bytenr
    - btrfs: fix lockdep splat in add_missing_dev
    - btrfs: fix wrong address when faulting in pages in the search ioctl
    - kobject: Restore old behaviour of kobject_del(NULL)
    - regulator: push allocation in regulator_init_coupling() outside of lock
    - regulator: push allocations in create_regulator() outside of lock
    - regulator: push allocation in set_consumer_device_supply() out of lock
    - regulator: plug of_node leak in regulator_register()'s error path
    - regulator: core: Fix slab-out-of-bounds in regulator_unlock_recursive()
    - scsi: target: iscsi: Fix data digest calculation
    - scsi: target: iscsi: Fix hang in iscsit_access_np() when getting
      tpg->np_login_sem
    - drm/i915/gvt: do not check len & max_len for lri
    - drm/tve200: Stabilize enable/disable
    - drm/msm: Disable preemption on all 5xx targets
    - mmc: sdio: Use mmc_pre_req() / mmc_post_req()
    - mmc: sdhci-of-esdhc: Don't walk device-tree on every interrupt
    - rbd: require global CAP_SYS_ADMIN for mapping and unmapping
    - RDMA/rxe: Fix the parent sysfs read when the interface has 15 chars
    - RDMA/mlx4: Read pkey table length instead of hardcoded value
    - fbcon: remove soft scrollback code
    - fbcon: remove now unusued 'softback_lines' cursor() argument
    - vgacon: remove software scrollback support
    - [Config] updateconfigs for VGACON_SOFT_SCROLLBACK
    - KVM: VMX: Don't freeze guest when event delivery causes an APIC-access exit
    - KVM: arm64: Do not try to map PUDs when they are folded into PMD
    - KVM: fix memory leak in kvm_io_bus_unregister_dev()
    - debugfs: Fix module state check condition
    - ARM: dts: vfxxx: Add syscon compatible with OCOTP
    - video: fbdev: fix OOB read in vga_8planes_imageblit()
    - staging: greybus: audio: fix uninitialized value issue
    - phy: qcom-qmp: Use correct values for ipq8074 PCIe Gen2 PHY init
    - usb: core: fix slab-out-of-bounds Read in read_descriptors
    - USB: serial: ftdi_sio: add IDs for Xsens Mti USB converter
    - USB: serial: option: support dynamic Quectel USB compositions
    - USB: serial: option: add support for SIM7070/SIM7080/SIM7090 modules
    - usb: Fix out of sync data toggle if a configured device is reconfigured
    - usb: typec: ucsi: acpi: Check the _DEP dependencies
    - drm/msm/gpu: make ringbuffer readonly
    - drm/msm: Disable the RPTR shadow
    - gcov: add support for GCC 10.1
    - Linux 5.4.66

-- Thadeu Lima de Souza Cascardo <cascardo@canonical.com>  Mon, 23 Nov 2020 15:06:56 -0300

Changed in linux (Ubuntu Focal):
status:	Fix Committed → Fix Released

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.

Ubuntulinux package

tc/ebpf: unable to use BPF_FUNC_skb_change_head

Bug Description

CVE References

Other bug subscribers

Remote bug watches

Ubuntu
linux package