Bug #1926517 “[SRU] mpt3sas: only one vSES is handy even IOC has...” : Bugs : linux package : Ubuntu

Revision history for this message

Ubuntu Kernel Bot (ubuntu-kernel-bot) wrote on 2021-04-28: Missing required logs.

#1

This bug is missing log files that will aid in diagnosing the problem. While running an Ubuntu kernel (not a mainline or third-party kernel) please enter the following command in a terminal window:

apport-collect 1926517

and then change the status of the bug to 'Confirmed'.

If, due to the nature of the issue you have encountered, you are unable to run this command, please add a comment stating that fact and change the bug status to 'Confirmed'.

This change has been made by an automated script, maintained by the Ubuntu Kernel Team.

Changed in linux (Ubuntu):
status:	New → Incomplete

Revision history for this message

Michael Reed (mreed8855) wrote on 2021-04-29: Re: mpt3sas: only one vSES is handy even IOC has multi vSES

#2

I have built a test kernel.

https://people.canonical.com/~mreed/lp1926517/

summary:

- mpt3sas: only one vSES is handy even IOC has multi vSES
+ [SRU] mpt3sas: only one vSES is handy even IOC has multi vSES

Revision history for this message

Michael Reed (mreed8855) wrote on 2021-04-30:

#3

5.8 test kernel
https://people.canonical.com/~mreed/lp_1926517_mpt3sas_groovy/

5.11 test kernel
https://people.canonical.com/~mreed/lp_1926517_mpt3sas_hirsute/

The focal 5.4 kernel is liked in comment #2

Revision history for this message

Sreekanth Reddy (srreddy) wrote on 2021-04-30:

#4

Here I am updating [TESTING] & [REGRESSION RISK] sections from bug description page,

[TESTING]
Load the mpt3sas driver on the system where Brodcom's HBA 9500 Tri-Mode Storage Adapter (IT HBA Aero/Ventura) is connected to two backplanes (so that two vSES device get configured on the HBA). After loading the driver user should able to access both the vSES devices. Also even after performing host reset operation user must able to access both the vSES devices.
i.e. lsscsi must list both the vSES devices after loading the driver and also after performing host reset operation.

[REGRESSION RISK]
There is no regression risk with this bug fix patch.

Michael Reed (mreed8855) on 2021-05-03

description:

updated

Revision history for this message

Jerry Clement (jerry-clement) wrote on 2021-05-13:

#5

Dell EMC storage team has tested the test kernel and everything is working as expected.

Revision history for this message

Jerry Clement (jerry-clement) wrote on 2021-05-24:

#6

Dell EMC storage team has tested the test kernels for 5.8 and 5.11 successfully. Working as expected.

Revision history for this message

Kleber Sacilotto de Souza (kleber-souza) wrote on 2021-05-27:

#7

This patch has already been applied to Hirsute as part of the upstream stable update (bug 1928857). I'm setting the Hirsute nomination as 'Fix Committed', however the task won't be automatically closed when the kernel is released.

Changed in linux (Ubuntu Focal):
status:	New → Fix Committed
Changed in linux (Ubuntu Groovy):
status:	New → Fix Committed
Changed in linux (Ubuntu Hirsute):
status:	New → Fix Committed

Revision history for this message

Ubuntu Kernel Bot (ubuntu-kernel-bot) wrote on 2021-06-03:

#8

This bug is awaiting verification that the kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-focal' to 'verification-done-focal'. If the problem still exists, change the tag 'verification-needed-focal' to 'verification-failed-focal'.

If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you!

tags:

added: verification-needed-focal

Revision history for this message

Ubuntu Kernel Bot (ubuntu-kernel-bot) wrote on 2021-06-05:

#9

This bug is awaiting verification that the kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-groovy' to 'verification-done-groovy'. If the problem still exists, change the tag 'verification-needed-groovy' to 'verification-failed-groovy'.

If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you!

tags:

added: verification-needed-groovy

Sujith Pandel (sujithpandel) on 2021-06-09

tags:

added: verification-done-focal verification-done-groovy
removed: verification-needed-focal verification-needed-groovy

Revision history for this message

Sujith Pandel (sujithpandel) wrote on 2021-06-09:

#10

sosreport - focal proposed Edit (3.3 MiB, application/x-tar)

We have verified focal-proposed kernel and groovy-proposed kernels.
Fix is working fine. We can list both enclosures in lsscsi.

Focal-proposed:
#uname -r
5.4.0-75-generic

#lsscsi -g
[2:0:0:0] disk HGST HUH721212AL5205 NM05 /dev/sda /dev/sg0
[2:0:1:0] disk ATA ST2000NM0033-9ZM GA6C /dev/sdb /dev/sg1
[2:0:2:0] disk HGST HUS726020ALS210 KU27 /dev/sdc /dev/sg2
[2:0:3:0] disk ATA HUS722T1TALA600 MU03 /dev/sdd /dev/sg3
[2:0:4:0] enclosu DP BP15G+ 3.04 - /dev/sg4
[2:0:5:0] disk TOSHIBA AL15SEB060NY EF04 /dev/sde /dev/sg5
[2:0:6:0] disk ATA INTEL SSDSC2BX40 DL2B /dev/sdf /dev/sg6
[2:0:7:0] disk TOSHIBA AL15SEB24EQY EF05 /dev/sdg /dev/sg7
[2:0:8:0] disk ATA ST1000NX0443 NB33 /dev/sdh /dev/sg8
[2:0:9:0] enclosu DP BP15G+ 3.43 - /dev/sg9

Groovy-proposed:
#uname -r
5.8.0-56-generic

#lsscsi -g
[2:0:0:0] disk HGST HUH721212AL5205 NM05 /dev/sda /dev/sg0
[2:0:1:0] disk ATA ST2000NM0033-9ZM GA6C /dev/sdb /dev/sg1
[2:0:2:0] disk HGST HUS726020ALS210 KU27 /dev/sdc /dev/sg2
[2:0:3:0] disk ATA HUS722T1TALA600 MU03 /dev/sdd /dev/sg3
[2:0:4:0] enclosu DP BP15G+ 3.04 - /dev/sg4
[2:0:5:0] disk TOSHIBA AL15SEB060NY EF04 /dev/sde /dev/sg5
[2:0:6:0] disk ATA INTEL SSDSC2BX40 DL2B /dev/sdf /dev/sg6
[2:0:7:0] disk TOSHIBA AL15SEB24EQY EF05 /dev/sdg /dev/sg7
[2:0:8:0] disk ATA ST1000NX0443 NB33 /dev/sdh /dev/sg8
[2:0:9:0] enclosu DP BP15G+ 3.43 - /dev/sg9

Revision history for this message

Sujith Pandel (sujithpandel) wrote on 2021-06-09:

#11

sosreport - groovy proposed Edit (3.4 MiB, application/x-tar)

Revision history for this message

Launchpad Janitor (janitor) wrote on 2021-06-22:

#12

Download full text (23.2 KiB)

This bug was fixed in the package linux - 5.8.0-59.66

---------------
linux (5.8.0-59.66) groovy; urgency=medium

* UAF on CAN J1939 j1939_can_recv (LP: #1932209)
- SAUCE: can: j1939: delay release of j1939_priv after synchronize_rcu

* UAF on CAN BCM bcm_rx_handler (LP: #1931855)
- SAUCE: can: bcm: delay release of struct bcm_op after synchronize_rcu

linux (5.8.0-57.64) groovy; urgency=medium

* groovy/linux: 5.8.0-57.64 -proposed tracker (LP: #1932047)

  * pmtu.sh from selftests.net in linux ADT test failure with linux/5.8.0-56.63
    (LP: #1931731)
    - net: geneve: modify IP header check in geneve6_xmit_skb and geneve_xmit_skb

linux (5.8.0-56.63) groovy; urgency=medium

* groovy/linux: 5.8.0-56.63 -proposed tracker (LP: #1930052)

* Packaging resync (LP: #1786013)
- update dkms package versions

* scsi: storvsc: Parameterize number hardware queues (LP: #1930626)
- scsi: storvsc: Parameterize number hardware queues

  * CVE-2021-33200
    - bpf: Wrap aux data inside bpf_sanitize_info container
    - bpf: Fix mask direction swap upon off reg sign change
    - bpf: No need to simulate speculative domain for immediates

  * CVE-2021-3490
    - SAUCE: Revert "UBUNTU: SAUCE: bpf: verifier: fix ALU32 bounds tracking with
      bitwise ops"
    - gpf: Fix alu32 const subreg bound tracking on bitwise operations

  * CVE-2021-3489
    - SAUCE: Revert "UBUNTU: SAUCE: bpf: prevent writable memory-mapping of read-
      only ringbuf pages"
    - bpf: Prevent writable memory-mapping of read-only ringbuf pages

  * Realtek USB hubs in Dell WD19SC/DC/TB fail to work after exiting s2idle
    (LP: #1928242)
    - USB: Verify the port status when timeout happens during port suspend

  * CVE-2020-26145
    - ath10k: drop fragments with multicast DA for SDIO
    - ath10k: add CCMP PN replay protection for fragmented frames for PCIe
    - ath10k: drop fragments with multicast DA for PCIe

* CVE-2020-26141
- ath10k: Fix TKIP Michael MIC verification for PCIe

* CVE-2020-24587
- ath11k: Clear the fragment cache during key install

  * CVE-2020-24588
    - mac80211: properly handle A-MSDUs that start with an RFC 1042 header
    - cfg80211: mitigate A-MSDU aggregation attacks
    - mac80211: drop A-MSDUs on old ciphers
    - ath10k: drop MPDU which has discard flag set by firmware for SDIO

* CVE-2020-26139
- mac80211: do not accept/forward invalid EAPOL frames

* CVE-2020-24586 // CVE-2020-24587 // CVE-2020-24587 for such cases.
- mac80211: extend protection against mixed key and fragment cache attacks

  * CVE-2020-24586 // CVE-2020-24587
    - mac80211: prevent mixed key and fragment cache attacks
    - mac80211: add fragment cache to sta_info
    - mac80211: check defrag PN against current frame
    - mac80211: prevent attacks on TKIP/WEP as well

* CVE-2020-26147
- mac80211: assure all fragments are encrypted

  * raid10: Block discard is very slow, causing severe delays for mkfs and
    fstrim operations (LP: #1896578)
    - md: add md_submit_discard_bio() for submitting discard bio
    - md/raid10: extend r10bio devs to raid disks
    - md/raid10: pull the code that wait for blocked dev into one...

This bug was fixed in the package linux - 5.8.0-59.66

---------------
linux (5.8.0-59.66) groovy; urgency=medium

* UAF on CAN J1939 j1939_can_recv (LP: #1932209)
    - SAUCE: can: j1939: delay release of j1939_priv after synchronize_rcu

* UAF on CAN BCM bcm_rx_handler (LP: #1931855)
    - SAUCE: can: bcm: delay release of struct bcm_op after synchronize_rcu

linux (5.8.0-57.64) groovy; urgency=medium

* groovy/linux: 5.8.0-57.64 -proposed tracker (LP: #1932047)

* pmtu.sh from selftests.net in linux ADT test failure with linux/5.8.0-56.63
    (LP: #1931731)
    - net: geneve: modify IP header check in geneve6_xmit_skb and geneve_xmit_skb

linux (5.8.0-56.63) groovy; urgency=medium

* groovy/linux: 5.8.0-56.63 -proposed tracker (LP: #1930052)

* Packaging resync (LP: #1786013)
    - update dkms package versions

* scsi: storvsc: Parameterize number hardware queues (LP: #1930626)
    - scsi: storvsc: Parameterize number hardware queues

* CVE-2021-33200
    - bpf: Wrap aux data inside bpf_sanitize_info container
    - bpf: Fix mask direction swap upon off reg sign change
    - bpf: No need to simulate speculative domain for immediates

* CVE-2021-3490
    - SAUCE: Revert "UBUNTU: SAUCE: bpf: verifier: fix ALU32 bounds tracking with
      bitwise ops"
    - gpf: Fix alu32 const subreg bound tracking on bitwise operations

* CVE-2021-3489
    - SAUCE: Revert "UBUNTU: SAUCE: bpf: prevent writable memory-mapping of read-
      only ringbuf pages"
    - bpf: Prevent writable memory-mapping of read-only ringbuf pages

* Realtek USB hubs in Dell WD19SC/DC/TB fail to work after exiting s2idle
    (LP: #1928242)
    - USB: Verify the port status when timeout happens during port suspend

* CVE-2020-26145
    - ath10k: drop fragments with multicast DA for SDIO
    - ath10k: add CCMP PN replay protection for fragmented frames for PCIe
    - ath10k: drop fragments with multicast DA for PCIe

* CVE-2020-26141
    - ath10k: Fix TKIP Michael MIC verification for PCIe

* CVE-2020-24587
    - ath11k: Clear the fragment cache during key install

* CVE-2020-24588
    - mac80211: properly handle A-MSDUs that start with an RFC 1042 header
    - cfg80211: mitigate A-MSDU aggregation attacks
    - mac80211: drop A-MSDUs on old ciphers
    - ath10k: drop MPDU which has discard flag set by firmware for SDIO

* CVE-2020-26139
    - mac80211: do not accept/forward invalid EAPOL frames

* CVE-2020-24586 // CVE-2020-24587 // CVE-2020-24587 for such cases.
    - mac80211: extend protection against mixed key and fragment cache attacks

* CVE-2020-24586 // CVE-2020-24587
    - mac80211: prevent mixed key and fragment cache attacks
    - mac80211: add fragment cache to sta_info
    - mac80211: check defrag PN against current frame
    - mac80211: prevent attacks on TKIP/WEP as well

* CVE-2020-26147
    - mac80211: assure all fragments are encrypted

* raid10: Block discard is very slow, causing severe delays for mkfs and
    fstrim operations (LP: #1896578)
    - md: add md_submit_discard_bio() for submitting discard bio
    - md/raid10: extend r10bio devs to raid disks
    - md/raid10: pull the code that wait for blocked dev into one function
    - md/raid10: improve raid10 discard request
    - md/raid10: improve discard request for far layout
    - dm raid: remove unnecessary discard limits for raid0 and raid10

* [SRU] mpt3sas: only one vSES is handy even IOC has multi vSES (LP: #1926517)
    - scsi: mpt3sas: Only one vSES is present even when IOC has multi vSES

* CVE-2021-23133
    - sctp: delay auto_asconf init until binding the first addr

* kvm: properly tear down PV features on hibernate (LP: #1920944)
    - x86/kvm: Fix pr_info() for async PF setup/teardown
    - x86/kvm: Teardown PV features on boot CPU as well
    - x86/kvm: Disable kvmclock on all CPUs on shutdown
    - x86/kvm: Disable all PV features on crash
    - x86/kvm: Unify kvm_pv_guest_cpu_reboot() with kvm_guest_cpu_offline()

* CVE-2021-31440
    - bpf: Fix propagation of 32 bit unsigned bounds from 64 bit bounds

* Can't detect intel wifi 6235 (LP: #1920180)
    - SAUCE: iwlwifi: add new pci id for 6235

* [SRU] Patch for flicker and glitching on common LCD display panels, intel
    framebuffer (LP: #1925685)
    - drm/i915: Try to use fast+narrow link on eDP again and fall back to the old
      max strategy on failure
    - drm/i915/dp: Use slow and wide link training for everything

* pmtu.sh from net in ubuntu_kernel_selftests failed with no error message
    (LP: #1887661)
    - selftests: pmtu.sh: use $ksft_skip for skipped return code

* IR Remote Keys Repeat Many Times Starting with Kernel 5.8.0-49
    (LP: #1926030)
    - SAUCE: Revert "media: rc: ite-cir: fix min_timeout calculation"
    - SAUCE: Revert "media: rc: fix timeout handling after switch to microsecond
      durations"

* Groovy update: upstream stable patchset 2021-05-20 (LP: #1929132)
    - Input: nspire-keypad - enable interrupts only when opened
    - gpio: sysfs: Obey valid_mask
    - dmaengine: idxd: Fix clobbering of SWERR overflow bit on writeback
    - dmaengine: idxd: fix delta_rec and crc size field for completion record
    - dmaengine: idxd: fix opcap sysfs attribute output
    - dmaengine: idxd: fix wq size store permission state
    - dmaengine: dw: Make it dependent to HAS_IOMEM
    - dmaengine: Fix a double free in dma_async_device_register
    - dmaengine: plx_dma: add a missing put_device() on error path
    - ACPI: x86: Call acpi_boot_table_init() after acpi_table_upgrade()
    - ARM: dts: Drop duplicate sha2md5_fck to fix clk_disable race
    - ARM: dts: Fix moving mmc devices with aliases for omap4 & 5
    - lockdep: Add a missing initialization hint to the "INFO: Trying to register
      non-static key" message
    - arc: kernel: Return -EFAULT if copy_to_user() fails
    - iwlwifi: Fix softirq/hardirq disabling in iwl_pcie_enqueue_hcmd()
    - xfrm: BEET mode doesn't support fragments for inner packets
    - ASoC: max98373: Added 30ms turn on/off time delay
    - gpu/xen: Fix a use after free in xen_drm_drv_init
    - neighbour: Disregard DEAD dst in neigh_update
    - ARM: keystone: fix integer overflow warning
    - ARM: omap1: fix building with clang IAS
    - drm/msm: Fix a5xx/a6xx timestamps
    - ASoC: fsl_esai: Fix TDM slot setup for I2S mode
    - scsi: scsi_transport_srp: Don't block target in SRP_PORT_LOST state
    - iwlwifi: add support for Qu with AX201 device
    - net: ieee802154: stop dump llsec keys for monitors
    - net: ieee802154: forbid monitor for add llsec key
    - net: ieee802154: forbid monitor for del llsec key
    - net: ieee802154: stop dump llsec devs for monitors
    - net: ieee802154: forbid monitor for add llsec dev
    - net: ieee802154: forbid monitor for del llsec dev
    - net: ieee802154: stop dump llsec devkeys for monitors
    - net: ieee802154: forbid monitor for add llsec devkey
    - net: ieee802154: forbid monitor for del llsec devkey
    - net: ieee802154: stop dump llsec seclevels for monitors
    - net: ieee802154: forbid monitor for add llsec seclevel
    - pcnet32: Use pci_resource_len to validate PCI resource
    - mac80211: clear sta->fast_rx when STA removed from 4-addr VLAN
    - virt_wifi: Return micros for BSS TSF values
    - lib: fix kconfig dependency on ARCH_WANT_FRAME_POINTERS
    - Input: s6sy761 - fix coordinate read bit shift
    - Input: i8042 - fix Pegatron C15B ID entry
    - HID: wacom: set EV_KEY and EV_ABS only for non-HID_GENERIC type of devices
    - dm verity fec: fix misaligned RS roots IO
    - readdir: make sure to verify directory entry for legacy interfaces too
    - arm64: fix inline asm in load_unaligned_zeropad()
    - arm64: alternatives: Move length validation in alternative_{insn, endif}
    - vfio/pci: Add missing range check in vfio_pci_mmap
    - riscv: Fix spelling mistake "SPARSEMEM" to "SPARSMEM"
    - scsi: libsas: Reset num_scatter if libata marks qc as NODATA
    - netfilter: flowtable: fix NAT IPv6 offload mangling
    - netfilter: conntrack: do not print icmpv6 as unknown via /proc
    - ice: Fix potential infinite loop when using u8 loop counter
    - libnvdimm/region: Fix nvdimm_has_flush() to handle ND_REGION_ASYNC
    - netfilter: bridge: add pre_exit hooks for ebtable unregistration
    - netfilter: arp_tables: add pre_exit hook for table unregister
    - net: macb: fix the restore of cmp registers
    - net/mlx5e: fix ingress_ifindex check in mlx5e_flower_parse_meta
    - netfilter: nft_limit: avoid possible divide error in nft_limit_init
    - net/mlx5e: Fix setting of RS FEC mode
    - net: davicom: Fix regulator not turned off on failed probe
    - net: sit: Unregister catch-all devices
    - net: ip6_tunnel: Unregister catch-all devices
    - mm: ptdump: fix build failure
    - net: Make tcp_allowed_congestion_control readonly in non-init netns
    - i40e: fix the panic when running bpf in xdpdrv mode
    - ia64: remove duplicate entries in generic_defconfig
    - ia64: tools: remove inclusion of ia64-specific version of errno.h header
    - ibmvnic: avoid calling napi_disable() twice
    - ibmvnic: remove duplicate napi_schedule call in do_reset function
    - ibmvnic: remove duplicate napi_schedule call in open function
    - gro: ensure frag0 meets IP header alignment
    - ARM: OMAP2+: Fix warning for omap_init_time_of()
    - ARM: footbridge: fix PCI interrupt mapping
    - ARM: OMAP2+: Fix uninitialized sr_inst
    - arm64: dts: allwinner: Fix SD card CD GPIO for SOPine systems
    - arm64: dts: allwinner: h6: beelink-gs1: Remove ext. 32 kHz osc reference
    - bpf: Use correct permission flag for mixed signed bounds arithmetic
    - r8169: tweak max read request size for newer chips also in jumbo mtu mode
    - r8169: don't advertise pause in jumbo mode
    - bpf: Ensure off_reg has no mixed signed bounds for all types
    - bpf: Move off_reg into sanitize_ptr_alu
    - ARM: 9071/1: uprobes: Don't hook on thumb instructions
    - bpf: Rework ptr_limit into alu_limit and add common error path
    - bpf: Improve verifier error messages for users
    - bpf: Move sanitize_val_alu out of op switch
    - net: phy: marvell: fix detection of PHY on Topaz switches
    - vhost-vdpa: protect concurrent access to vhost device iotlb
    - gpio: omap: Save and restore sysconfig
    - KEYS: trusted: Fix TPM reservation for seal/unseal
    - pinctrl: lewisburg: Update number of pins in community
    - arm64: dts: allwinner: Revert SD card CD GPIO for Pine64-LTS
    - bpf: Permits pointers on stack for helper calls
    - bpf: Refactor and streamline bounds check into helper
    - bpf: Tighten speculative pointer arithmetic mask
    - perf/x86/intel/uncore: Remove uncore extra PCI dev HSWEP_PCI_PCU_3
    - perf/x86/kvm: Fix Broadwell Xeon stepping in isolation_ucodes[]
    - perf auxtrace: Fix potential NULL pointer dereference
    - perf map: Fix error return code in maps__clone()
    - HID: google: add don USB id
    - HID: alps: fix error return code in alps_input_configured()
    - HID: wacom: Assign boolean values to a bool variable
    - ARM: dts: Fix swapped mmc order for omap3
    - net: geneve: check skb is large enough for IPv4/IPv6 header
    - dmaengine: tegra20: Fix runtime PM imbalance on error
    - s390/entry: save the caller of psw_idle
    - arm64: kprobes: Restore local irqflag if kprobes is cancelled
    - xen-netback: Check for hotplug-status existence before watching
    - cavium/liquidio: Fix duplicate argument
    - kasan: fix hwasan build for gcc
    - csky: change a Kconfig symbol name to fix e1000 build error
    - ia64: fix discontig.c section mismatches
    - ia64: tools: remove duplicate definition of ia64_mf() on ia64
    - x86/crash: Fix crash_setup_memmap_entries() out-of-bounds access
    - net: hso: fix NULL-deref on disconnect regression
    - USB: CDC-ACM: fix poison/unpoison imbalance
    - iwlwifi: Fix softirq/hardirq disabling in iwl_pcie_gen2_enqueue_hcmd()
    - mei: me: add Alder Lake P device id.
    - bpf: Update selftests to reflect new error states
    - mips: Do not include hi and lo in clobber list for R6
    - netfilter: conntrack: Make global sysctls readonly in non-init netns
    - net: usb: ax88179_178a: initialize local variables before use
    - igb: Enable RSS for Intel I211 Ethernet Controller
    - bpf: Fix masking negation logic upon negative dst register
    - bpf: Fix leakage of uninitialized bpf stack under speculation
    - net: qrtr: Avoid potential use after free in MHI send
    - perf data: Fix error return code in perf_data__create_dir()
    - capabilities: require CAP_SETFCAP to map uid 0
    - perf ftrace: Fix access to pid in array when setting a pid filter
    - driver core: add a min_align_mask field to struct device_dma_parameters
    - swiotlb: add a IO_TLB_SIZE define
    - swiotlb: factor out an io_tlb_offset helper
    - swiotlb: factor out a nr_slots helper
    - swiotlb: clean up swiotlb_tbl_unmap_single
    - swiotlb: don't modify orig_addr in swiotlb_tbl_sync_single
    - ovl: fix leaked dentry
    - ovl: allow upperdir inside lowerdir
    - ALSA: usb-audio: Add MIDI quirk for Vox ToneLab EX
    - USB: Add reset-resume quirk for WD19's Realtek Hub
    - platform/x86: thinkpad_acpi: Correct thermal sensor allocation
    - perf/core: Fix unconditional security_locked_down() call
    - vfio: Depend on MMU
    - avoid __memcat_p link failure

* r8152 tx status -71 (LP: #1922651) // Groovy update: upstream stable
    patchset 2021-05-20 (LP: #1929132)
    - USB: Add LPM quirk for Lenovo ThinkPad USB-C Dock Gen2 Ethernet

* Fix kdump failures (LP: #1927518)
    - video: hyperv_fb: Add ratelimit on error message
    - Drivers: hv: vmbus: Increase wait time for VMbus unload
    - Drivers: hv: vmbus: Initialize unload_event statically

* Groovy update: upstream stable patchset 2021-05-13 (LP: #1928386)
    - ALSA: aloop: Fix initialization of controls
    - ALSA: hda/realtek: Fix speaker amp setup on Acer Aspire E1
    - ALSA: hda/conexant: Apply quirk for another HP ZBook G5 model
    - ASoC: intel: atom: Stop advertising non working S24LE support
    - nfc: fix refcount leak in llcp_sock_bind()
    - nfc: fix refcount leak in llcp_sock_connect()
    - nfc: fix memory leak in llcp_sock_connect()
    - nfc: Avoid endless loops caused by repeated llcp_sock_connect()
    - selinux: make nslot handling in avtab more robust
    - xen/evtchn: Change irq_info lock to raw_spinlock_t
    - net: ipv6: check for validity before dereferencing cfg->fc_nlinfo.nlh
    - net: dsa: lantiq_gswip: Let GSWIP automatically set the xMII clock
    - net: dsa: lantiq_gswip: Don't use PHY auto polling
    - net: dsa: lantiq_gswip: Configure all remaining GSWIP_MII_CFG bits
    - drm/i915: Fix invalid access to ACPI _DSM objects
    - ACPI: processor: Fix build when CONFIG_ACPI_PROCESSOR=m
    - IB/hfi1: Fix probe time panic when AIP is enabled with a buggy BIOS
    - LOOKUP_MOUNTPOINT: we are cleaning "jumped" flag too late
    - gcov: re-fix clang-11+ support
    - ia64: fix user_stack_pointer() for ptrace()
    - nds32: flush_dcache_page: use page_mapping_file to avoid races with swapoff
    - ocfs2: fix deadlock between setattr and dio_end_io_write
    - fs: direct-io: fix missing sdio->boundary
    - ethtool: fix incorrect datatype in set_eee ops
    - of: property: fw_devlink: do not link ".*,nr-gpios"
    - parisc: parisc-agp requires SBA IOMMU driver
    - parisc: avoid a warning on u8 cast for cmpxchg on u8 pointers
    - ARM: dts: turris-omnia: configure LED[2]/INTn pin as interrupt pin
    - batman-adv: initialize "struct batadv_tvlv_tt_vlan_data"->reserved field
    - ice: Increase control queue timeout
    - ice: prevent ice_open and ice_stop during reset
    - ice: remove DCBNL_DEVRESET bit from PF state
    - ice: Fix for dereference of NULL pointer
    - ice: Cleanup fltr list in case of allocation issues
    - iwlwifi: pcie: properly set LTR workarounds on 22000 devices
    - net: hso: fix null-ptr-deref during tty device unregistration
    - libbpf: Fix bail out from 'ringbuf_process_ring()' on error
    - bpf: Enforce that struct_ops programs be GPL-only
    - bpf: link: Refuse non-O_RDWR flags in BPF_OBJ_GET
    - ethernet/netronome/nfp: Fix a use after free in nfp_bpf_ctrl_msg_rx
    - libbpf: Only create rx and tx XDP rings when necessary
    - bpf, sockmap: Fix sk->prot unhash op reset
    - net: ensure mac header is set in virtio_net_hdr_to_skb()
    - i40e: Fix sparse warning: missing error code 'err'
    - i40e: Fix sparse error: 'vsi->netdev' could be null
    - i40e: Fix sparse errors in i40e_txrx.c
    - net: sched: sch_teql: fix null-pointer dereference
    - net: sched: fix action overwrite reference counting
    - mac80211: fix TXQ AC confusion
    - net: hsr: Reset MAC header for Tx path
    - net-ipv6: bugfix - raw & sctp - switch to ipv6_can_nonlocal_bind()
    - net: let skb_orphan_partial wake-up waiters.
    - usbip: add sysfs_lock to synchronize sysfs code paths
    - usbip: stub-dev synchronize sysfs code paths
    - usbip: vudc synchronize sysfs code paths
    - usbip: synchronize event handler with sysfs code paths
    - driver core: Fix locking bug in deferred_probe_timeout_work_func()
    - scsi: target: iscsi: Fix zero tag inside a trace event
    - i2c: turn recovery error on init to debug
    - ice: Refactor DCB related variables out of the ice_port_info struct
    - ice: Recognize 860 as iSCSI port in CEE mode
    - xfrm: interface: fix ipv4 pmtu check to honor ip header df
    - xfrm: Use actual socket sk instead of skb socket for xfrm_output_resume
    - regulator: bd9571mwv: Fix AVS and DVFS voltage range
    - ARM: OMAP4: Fix PMIC voltage domains for bionic
    - ARM: OMAP4: PM: update ROM return address for OSWR and OFF
    - net: xfrm: Localize sequence counter per network namespace
    - esp: delete NETIF_F_SCTP_CRC bit from features for esp offload
    - ASoC: SOF: Intel: HDA: fix core status verification
    - ASoC: wm8960: Fix wrong bclk and lrclk with pll enabled for some chips
    - xfrm: Fix NULL pointer dereference on policy lookup
    - virtchnl: Fix layout of RSS structures
    - i40e: Added Asym_Pause to supported link modes
    - i40e: Fix kernel oops when i40e driver removes VF's
    - hostfs: fix memory handling in follow_link()
    - amd-xgbe: Update DMA coherency values
    - sch_red: fix off-by-one checks in red_check_params()
    - arm64: dts: imx8mm/q: Fix pad control of SD1_DATA0
    - xfrm: Provide private skb extensions for segmented and hw offloaded ESP
      packets
    - can: bcm/raw: fix msg_namelen values depending on CAN_REQUIRED_SIZE
    - mlxsw: spectrum: Fix ECN marking in tunnel decapsulation
    - ethernet: myri10ge: Fix a use after free in myri10ge_sw_tso
    - gianfar: Handle error code at MAC address change
    - cxgb4: avoid collecting SGE_QBASE regs during traffic
    - net:tipc: Fix a double free in tipc_sk_mcast_rcv
    - ARM: dts: imx6: pbab01: Set vmmc supply for both SD interfaces
    - net/ncsi: Avoid channel_monitor hrtimer deadlock
    - net: qrtr: Fix memory leak on qrtr_tx_wait failure
    - nfp: flower: ignore duplicate merge hints from FW
    - net: phy: broadcom: Only advertise EEE for supported modes
    - I2C: JZ4780: Fix bug for Ingenic X1000.
    - ASoC: sunxi: sun4i-codec: fill ASoC card owner
    - net/mlx5e: Fix ethtool indication of connector type
    - net/mlx5: Don't request more than supported EQs
    - net/rds: Fix a use after free in rds_message_map_pages
    - xdp: fix xdp_return_frame() kernel BUG throw for page_pool memory model
    - soc/fsl: qbman: fix conflicting alignment attributes
    - i40e: Fix display statistics for veb_tc
    - RDMA/rtrs-clt: Close rtrs client conn before destroying rtrs clt session
      files
    - drm/msm: Set drvdata to NULL when msm_drm_init() fails
    - net: udp: Add support for getsockopt(..., ..., UDP_GRO, ..., ...);
    - mptcp: forbit mcast-related sockopt on MPTCP sockets
    - scsi: ufs: core: Fix task management request completion timeout
    - scsi: ufs: core: Fix wrong Task Tag used in task management request UPIUs
    - net: cls_api: Fix uninitialised struct field bo->unlocked_driver_cb
    - net: macb: restore cmp registers on resume path
    - clk: fix invalid usage of list cursor in register
    - clk: fix invalid usage of list cursor in unregister
    - workqueue: Move the position of debug_work_activate() in __queue_work()
    - s390/cpcmd: fix inline assembly register clobbering
    - perf inject: Fix repipe usage
    - net: openvswitch: conntrack: simplify the return expression of
      ovs_ct_limit_get_default_limit()
    - openvswitch: fix send of uninitialized stack memory in ct limit reply
    - i2c: designware: Adjust bus_freq_hz when refuse high speed mode set
    - tipc: increment the tmp aead refcnt before attaching it
    - net: hns3: clear VF down state bit before request link status
    - net/mlx5: Fix placement of log_max_flow_counter
    - net/mlx5: Fix PPLM register mapping
    - net/mlx5: Fix PBMC register mapping
    - RDMA/cxgb4: check for ipv6 address properly while destroying listener
    - perf report: Fix wrong LBR block sorting
    - i40e: Fix parameters in aq_get_phy_register()
    - RDMA/addr: Be strict with gid size
    - RAS/CEC: Correct ce_add_elem()'s returned values
    - clk: socfpga: fix iomem pointer cast on 64-bit
    - lockdep: Address clang -Wformat warning printing for %hd
    - dt-bindings: net: ethernet-controller: fix typo in NVMEM
    - cfg80211: remove WARN_ON() in cfg80211_sme_connect
    - net: tun: set tun->dev->addr_len during TUNSETLINK processing
    - drivers: net: fix memory leak in atusb_probe
    - drivers: net: fix memory leak in peak_usb_create_dev
    - net: mac802154: Fix general protection fault
    - net: ieee802154: nl-mac: fix check on panid
    - net: ieee802154: fix nl802154 del llsec key
    - net: ieee802154: fix nl802154 del llsec dev
    - net: ieee802154: fix nl802154 add llsec key
    - net: ieee802154: fix nl802154 del llsec devkey
    - net: ieee802154: forbid monitor for set llsec params
    - net: ieee802154: forbid monitor for del llsec seclevel
    - net: ieee802154: stop dump llsec params for monitors
    - interconnect: core: fix error return code of icc_link_destroy()
    - gfs2: Flag a withdraw if init_threads() fails
    - KVM: arm64: Hide system instruction access to Trace registers
    - KVM: arm64: Disable guest access to trace filter controls
    - drm/imx: imx-ldb: fix out of bounds array access warning
    - gfs2: report "already frozen/thawed" errors
    - ftrace: Check if pages were allocated before calling free_pages()
    - tools/kvm_stat: Add restart delay
    - drm/tegra: dc: Don't set PLL clock to 0Hz
    - gpu: host1x: Use different lock classes for each client
    - block: only update parent bi_status when bio fail
    - radix tree test suite: Register the main thread with the RCU library
    - idr test suite: Take RCU read lock in idr_find_test_1
    - idr test suite: Create anchor before launching throbber
    - io_uring: don't mark S_ISBLK async work as unbounded
    - riscv,entry: fix misaligned base for excp_vect_table
    - block: don't ignore REQ_NOWAIT for direct IO
    - perf map: Tighten snprintf() string precision to pass gcc check on some
      32-bit arches
    - net: sfp: relax bitrate-derived mode check
    - net: sfp: cope with SFPs that set both LOS normal and LOS inverted
    - xen/events: fix setting irq affinity
    - perf tools: Use %zd for size_t printf formats on 32-bit

-- Thadeu Lima de Souza Cascardo <cascardo@canonical.com>  Wed, 16 Jun 2021 20:11:21 -0300

Changed in linux (Ubuntu Groovy):
status:	Fix Committed → Fix Released

Revision history for this message

Launchpad Janitor (janitor) wrote on 2021-06-22:

#13

Download full text (34.3 KiB)

This bug was fixed in the package linux - 5.4.0-77.86

---------------
linux (5.4.0-77.86) focal; urgency=medium

* UAF on CAN J1939 j1939_can_recv (LP: #1932209)
- SAUCE: can: j1939: delay release of j1939_priv after synchronize_rcu

* UAF on CAN BCM bcm_rx_handler (LP: #1931855)
- SAUCE: can: bcm: delay release of struct bcm_op after synchronize_rcu

linux (5.4.0-76.85) focal; urgency=medium

* focal/linux: 5.4.0-76.85 -proposed tracker (LP: #1932123)

  * Upstream v5.9 introduced 'module' patches that removed exported symbols
    (LP: #1932065)
    - SAUCE: Revert "modules: inherit TAINT_PROPRIETARY_MODULE"
    - SAUCE: Revert "modules: return licensing information from find_symbol"
    - SAUCE: Revert "modules: rename the licence field in struct symsearch to
      license"
    - SAUCE: Revert "modules: unexport __module_address"
    - SAUCE: Revert "modules: unexport __module_text_address"
    - SAUCE: Revert "modules: mark each_symbol_section static"
    - SAUCE: Revert "modules: mark find_symbol static"
    - SAUCE: Revert "modules: mark ref_module static"

linux (5.4.0-75.84) focal; urgency=medium

* focal/linux: 5.4.0-75.84 -proposed tracker (LP: #1930032)